From: Greg Kroah-Hartman Date: Sun, 19 Jan 2020 15:43:56 +0000 (+0100) Subject: 4.4-stable patches X-Git-Tag: v4.4.211~53 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8f185c2822b82ca5265dfe9a88a46f428b3f851e;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: mm-page-writeback.c-avoid-potential-division-by-zero-in-wb_min_max_ratio.patch net-stmmac-16kb-buffer-must-be-16-byte-aligned.patch net-stmmac-enable-16kb-buffer-size.patch usb-core-hub-improved-device-recognition-on-remote-wakeup.patch x86-efistub-disable-paging-at-mixed-mode-entry.patch --- diff --git a/queue-4.4/mm-page-writeback.c-avoid-potential-division-by-zero-in-wb_min_max_ratio.patch b/queue-4.4/mm-page-writeback.c-avoid-potential-division-by-zero-in-wb_min_max_ratio.patch new file mode 100644 index 00000000000..59b9a1b7e7b --- /dev/null +++ b/queue-4.4/mm-page-writeback.c-avoid-potential-division-by-zero-in-wb_min_max_ratio.patch @@ -0,0 +1,79 @@ +From 6d9e8c651dd979aa666bee15f086745f3ea9c4b3 Mon Sep 17 00:00:00 2001 +From: Wen Yang +Date: Mon, 13 Jan 2020 16:29:23 -0800 +Subject: mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() + +From: Wen Yang + +commit 6d9e8c651dd979aa666bee15f086745f3ea9c4b3 upstream. + +Patch series "use div64_ul() instead of div_u64() if the divisor is +unsigned long". + +We were first inspired by commit b0ab99e7736a ("sched: Fix possible divide +by zero in avg_atom () calculation"), then refer to the recently analyzed +mm code, we found this suspicious place. + + 201 if (min) { + 202 min *= this_bw; + 203 do_div(min, tot_bw); + 204 } + +And we also disassembled and confirmed it: + + /usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 201 + 0xffffffff811c37da <__wb_calc_thresh+234>: xor %r10d,%r10d + 0xffffffff811c37dd <__wb_calc_thresh+237>: test %rax,%rax + 0xffffffff811c37e0 <__wb_calc_thresh+240>: je 0xffffffff811c3800 <__wb_calc_thresh+272> + /usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 202 + 0xffffffff811c37e2 <__wb_calc_thresh+242>: imul %r8,%rax + /usr/src/debug/kernel-4.9.168-016.ali3000/linux-4.9.168-016.ali3000.alios7.x86_64/mm/page-writeback.c: 203 + 0xffffffff811c37e6 <__wb_calc_thresh+246>: mov %r9d,%r10d ---> truncates it to 32 bits here + 0xffffffff811c37e9 <__wb_calc_thresh+249>: xor %edx,%edx + 0xffffffff811c37eb <__wb_calc_thresh+251>: div %r10 + 0xffffffff811c37ee <__wb_calc_thresh+254>: imul %rbx,%rax + 0xffffffff811c37f2 <__wb_calc_thresh+258>: shr $0x2,%rax + 0xffffffff811c37f6 <__wb_calc_thresh+262>: mul %rcx + 0xffffffff811c37f9 <__wb_calc_thresh+265>: shr $0x2,%rdx + 0xffffffff811c37fd <__wb_calc_thresh+269>: mov %rdx,%r10 + +This series uses div64_ul() instead of div_u64() if the divisor is +unsigned long, to avoid truncation to 32-bit on 64-bit platforms. + +This patch (of 3): + +The variables 'min' and 'max' are unsigned long and do_div truncates +them to 32 bits, which means it can test non-zero and be truncated to +zero for division. Fix this issue by using div64_ul() instead. + +Link: http://lkml.kernel.org/r/20200102081442.8273-2-wenyang@linux.alibaba.com +Fixes: 693108a8a667 ("writeback: make bdi->min/max_ratio handling cgroup writeback aware") +Signed-off-by: Wen Yang +Reviewed-by: Andrew Morton +Cc: Qian Cai +Cc: Tejun Heo +Cc: Jens Axboe +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page-writeback.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/mm/page-writeback.c ++++ b/mm/page-writeback.c +@@ -200,11 +200,11 @@ static void wb_min_max_ratio(struct bdi_ + if (this_bw < tot_bw) { + if (min) { + min *= this_bw; +- do_div(min, tot_bw); ++ min = div64_ul(min, tot_bw); + } + if (max < 100) { + max *= this_bw; +- do_div(max, tot_bw); ++ max = div64_ul(max, tot_bw); + } + } + diff --git a/queue-4.4/net-stmmac-16kb-buffer-must-be-16-byte-aligned.patch b/queue-4.4/net-stmmac-16kb-buffer-must-be-16-byte-aligned.patch new file mode 100644 index 00000000000..7cda6ded09a --- /dev/null +++ b/queue-4.4/net-stmmac-16kb-buffer-must-be-16-byte-aligned.patch @@ -0,0 +1,33 @@ +From 8605131747e7e1fd8f6c9f97a00287aae2b2c640 Mon Sep 17 00:00:00 2001 +From: Jose Abreu +Date: Wed, 18 Dec 2019 11:17:41 +0100 +Subject: net: stmmac: 16KB buffer must be 16 byte aligned + +From: Jose Abreu + +commit 8605131747e7e1fd8f6c9f97a00287aae2b2c640 upstream. + +The 16KB RX Buffer must also be 16 byte aligned. Fix it. + +Fixes: 7ac6653a085b ("stmmac: Move the STMicroelectronics driver") +Signed-off-by: Jose Abreu +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/stmicro/stmmac/common.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/stmicro/stmmac/common.h ++++ b/drivers/net/ethernet/stmicro/stmmac/common.h +@@ -273,8 +273,8 @@ struct dma_features { + unsigned int enh_desc; + }; + +-/* GMAC TX FIFO is 8K, Rx FIFO is 16K */ +-#define BUF_SIZE_16KiB 16384 ++/* RX Buffer size must be multiple of 4/8/16 bytes */ ++#define BUF_SIZE_16KiB 16368 + #define BUF_SIZE_8KiB 8192 + #define BUF_SIZE_4KiB 4096 + #define BUF_SIZE_2KiB 2048 diff --git a/queue-4.4/net-stmmac-enable-16kb-buffer-size.patch b/queue-4.4/net-stmmac-enable-16kb-buffer-size.patch new file mode 100644 index 00000000000..4e1bd6e0e51 --- /dev/null +++ b/queue-4.4/net-stmmac-enable-16kb-buffer-size.patch @@ -0,0 +1,34 @@ +From b2f3a481c4cd62f78391b836b64c0a6e72b503d2 Mon Sep 17 00:00:00 2001 +From: Jose Abreu +Date: Wed, 18 Dec 2019 11:17:42 +0100 +Subject: net: stmmac: Enable 16KB buffer size + +From: Jose Abreu + +commit b2f3a481c4cd62f78391b836b64c0a6e72b503d2 upstream. + +XGMAC supports maximum MTU that can go to 16KB. Lets add this check in +the calculation of RX buffer size. + +Fixes: 7ac6653a085b ("stmmac: Move the STMicroelectronics driver") +Signed-off-by: Jose Abreu +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -935,7 +935,9 @@ static int stmmac_set_bfsize(int mtu, in + { + int ret = bufsize; + +- if (mtu >= BUF_SIZE_4KiB) ++ if (mtu >= BUF_SIZE_8KiB) ++ ret = BUF_SIZE_16KiB; ++ else if (mtu >= BUF_SIZE_4KiB) + ret = BUF_SIZE_8KiB; + else if (mtu >= BUF_SIZE_2KiB) + ret = BUF_SIZE_4KiB; diff --git a/queue-4.4/series b/queue-4.4/series index ea71f595498..55a6a55c3b3 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -47,3 +47,8 @@ usb-serial-ch341-handle-unbound-port-at-reset_resume.patch usb-serial-io_edgeport-add-missing-active-port-sanity-check.patch usb-serial-quatech2-handle-unbound-ports.patch scsi-mptfusion-fix-double-fetch-bug-in-ioctl.patch +usb-core-hub-improved-device-recognition-on-remote-wakeup.patch +x86-efistub-disable-paging-at-mixed-mode-entry.patch +mm-page-writeback.c-avoid-potential-division-by-zero-in-wb_min_max_ratio.patch +net-stmmac-16kb-buffer-must-be-16-byte-aligned.patch +net-stmmac-enable-16kb-buffer-size.patch diff --git a/queue-4.4/usb-core-hub-improved-device-recognition-on-remote-wakeup.patch b/queue-4.4/usb-core-hub-improved-device-recognition-on-remote-wakeup.patch new file mode 100644 index 00000000000..ba1ee48d1ea --- /dev/null +++ b/queue-4.4/usb-core-hub-improved-device-recognition-on-remote-wakeup.patch @@ -0,0 +1,65 @@ +From 9c06ac4c83df6d6fbdbf7488fbad822b4002ba19 Mon Sep 17 00:00:00 2001 +From: Keiya Nobuta +Date: Thu, 9 Jan 2020 14:14:48 +0900 +Subject: usb: core: hub: Improved device recognition on remote wakeup + +From: Keiya Nobuta + +commit 9c06ac4c83df6d6fbdbf7488fbad822b4002ba19 upstream. + +If hub_activate() is called before D+ has stabilized after remote +wakeup, the following situation might occur: + + __ ___________________ + / \ / +D+ __/ \__/ + +Hub _______________________________ + | ^ ^ ^ + | | | | +Host _____v__|___|___________|______ + | | | | + | | | \-- Interrupt Transfer (*3) + | | \-- ClearPortFeature (*2) + | \-- GetPortStatus (*1) + \-- Host detects remote wakeup + +- D+ goes high, Host starts running by remote wakeup +- D+ is not stable, goes low +- Host requests GetPortStatus at (*1) and gets the following hub status: + - Current Connect Status bit is 0 + - Connect Status Change bit is 1 +- D+ stabilizes, goes high +- Host requests ClearPortFeature and thus Connect Status Change bit is + cleared at (*2) +- After waiting 100 ms, Host starts the Interrupt Transfer at (*3) +- Since the Connect Status Change bit is 0, Hub returns NAK. + +In this case, port_event() is not called in hub_event() and Host cannot +recognize device. To solve this issue, flag change_bits even if only +Connect Status Change bit is 1 when got in the first GetPortStatus. + +This issue occurs rarely because it only if D+ changes during a very +short time between GetPortStatus and ClearPortFeature. However, it is +fatal if it occurs in embedded system. + +Signed-off-by: Keiya Nobuta +Cc: stable +Acked-by: Alan Stern +Link: https://lore.kernel.org/r/20200109051448.28150-1-nobuta.keiya@fujitsu.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/core/hub.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -1146,6 +1146,7 @@ static void hub_activate(struct usb_hub + * PORT_OVER_CURRENT is not. So check for any of them. + */ + if (udev || (portstatus & USB_PORT_STAT_CONNECTION) || ++ (portchange & USB_PORT_STAT_C_CONNECTION) || + (portstatus & USB_PORT_STAT_OVERCURRENT) || + (portchange & USB_PORT_STAT_C_OVERCURRENT)) + set_bit(port1, hub->change_bits); diff --git a/queue-4.4/x86-efistub-disable-paging-at-mixed-mode-entry.patch b/queue-4.4/x86-efistub-disable-paging-at-mixed-mode-entry.patch new file mode 100644 index 00000000000..7ca139a7232 --- /dev/null +++ b/queue-4.4/x86-efistub-disable-paging-at-mixed-mode-entry.patch @@ -0,0 +1,46 @@ +From 4911ee401b7ceff8f38e0ac597cbf503d71e690c Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 24 Dec 2019 14:29:09 +0100 +Subject: x86/efistub: Disable paging at mixed mode entry + +From: Ard Biesheuvel + +commit 4911ee401b7ceff8f38e0ac597cbf503d71e690c upstream. + +The EFI mixed mode entry code goes through the ordinary startup_32() +routine before jumping into the kernel's EFI boot code in 64-bit +mode. The 32-bit startup code must be entered with paging disabled, +but this is not documented as a requirement for the EFI handover +protocol, and so we should disable paging explicitly when entering +the kernel from 32-bit EFI firmware. + +Signed-off-by: Ard Biesheuvel +Cc: +Cc: Arvind Sankar +Cc: Hans de Goede +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: linux-efi@vger.kernel.org +Link: https://lkml.kernel.org/r/20191224132909.102540-4-ardb@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/boot/compressed/head_64.S | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/x86/boot/compressed/head_64.S ++++ b/arch/x86/boot/compressed/head_64.S +@@ -225,6 +225,11 @@ ENTRY(efi32_stub_entry) + leal efi32_config(%ebp), %eax + movl %eax, efi_config(%ebp) + ++ /* Disable paging */ ++ movl %cr0, %eax ++ btrl $X86_CR0_PG_BIT, %eax ++ movl %eax, %cr0 ++ + jmp startup_32 + ENDPROC(efi32_stub_entry) + #endif