From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 19 Mar 2020 07:58:05 +0000 (+0100)
Subject: 4.19-stable patches
X-Git-Tag: v4.4.217~17
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9c0324239b6bfa29792644cac45fca2eff82ffe2;p=thirdparty%2Fkernel%2Fstable-queue.git

4.19-stable patches

added patches:
	arm-8957-1-vdso-match-armv8-timer-in-cntvct_functional.patch
	net-qrtr-fix-len-of-skb_put_padto-in-qrtr_node_enqueue.patch
---

diff --git a/queue-4.19/arm-8957-1-vdso-match-armv8-timer-in-cntvct_functional.patch b/queue-4.19/arm-8957-1-vdso-match-armv8-timer-in-cntvct_functional.patch
new file mode 100644
index 00000000000..453ae0c478f
--- /dev/null
+++ b/queue-4.19/arm-8957-1-vdso-match-armv8-timer-in-cntvct_functional.patch
@@ -0,0 +1,35 @@
+From 45939ce292b4b11159719faaf60aba7d58d5fe33 Mon Sep 17 00:00:00 2001
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Tue, 28 Jan 2020 20:22:13 +0100
+Subject: ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+commit 45939ce292b4b11159719faaf60aba7d58d5fe33 upstream.
+
+It is possible for a system with an ARMv8 timer to run a 32-bit kernel.
+When this happens we will unconditionally have the vDSO code remove the
+__vdso_gettimeofday and __vdso_clock_gettime symbols because
+cntvct_functional() returns false since it does not match that
+compatibility string.
+
+Fixes: ecf99a439105 ("ARM: 8331/1: VDSO initialization, mapping, and synchronization")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kernel/vdso.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/arm/kernel/vdso.c
++++ b/arch/arm/kernel/vdso.c
+@@ -104,6 +104,8 @@ static bool __init cntvct_functional(voi
+ 	 */
+ 	np = of_find_compatible_node(NULL, NULL, "arm,armv7-timer");
+ 	if (!np)
++		np = of_find_compatible_node(NULL, NULL, "arm,armv8-timer");
++	if (!np)
+ 		goto out_put;
+ 
+ 	if (of_property_read_bool(np, "arm,cpu-registers-not-fw-configured"))
diff --git a/queue-4.19/net-qrtr-fix-len-of-skb_put_padto-in-qrtr_node_enqueue.patch b/queue-4.19/net-qrtr-fix-len-of-skb_put_padto-in-qrtr_node_enqueue.patch
new file mode 100644
index 00000000000..b17bdeaf88d
--- /dev/null
+++ b/queue-4.19/net-qrtr-fix-len-of-skb_put_padto-in-qrtr_node_enqueue.patch
@@ -0,0 +1,78 @@
+From ce57785bf91b1ceaef4f4bffed8a47dc0919c8da Mon Sep 17 00:00:00 2001
+From: Carl Huang <cjhuang@codeaurora.org>
+Date: Fri, 3 Jan 2020 12:50:16 +0800
+Subject: net: qrtr: fix len of skb_put_padto in qrtr_node_enqueue
+
+From: Carl Huang <cjhuang@codeaurora.org>
+
+commit ce57785bf91b1ceaef4f4bffed8a47dc0919c8da upstream.
+
+The len used for skb_put_padto is wrong, it need to add len of hdr.
+
+In qrtr_node_enqueue, local variable size_t len is assign with
+skb->len, then skb_push(skb, sizeof(*hdr)) will add skb->len with
+sizeof(*hdr), so local variable size_t len is not same with skb->len
+after skb_push(skb, sizeof(*hdr)).
+
+Then the purpose of skb_put_padto(skb, ALIGN(len, 4)) is to add add
+pad to the end of the skb's data if skb->len is not aligned to 4, but
+unfortunately it use len instead of skb->len, at this line, skb->len
+is 32 bytes(sizeof(*hdr)) more than len, for example, len is 3 bytes,
+then skb->len is 35 bytes(3 + 32), and ALIGN(len, 4) is 4 bytes, so
+__skb_put_padto will do nothing after check size(35) < len(4), the
+correct value should be 36(sizeof(*hdr) + ALIGN(len, 4) = 32 + 4),
+then __skb_put_padto will pass check size(35) < len(36) and add 1 byte
+to the end of skb's data, then logic is correct.
+
+function of skb_push:
+void *skb_push(struct sk_buff *skb, unsigned int len)
+{
+	skb->data -= len;
+	skb->len  += len;
+	if (unlikely(skb->data < skb->head))
+		skb_under_panic(skb, len, __builtin_return_address(0));
+	return skb->data;
+}
+
+function of skb_put_padto
+static inline int skb_put_padto(struct sk_buff *skb, unsigned int len)
+{
+	return __skb_put_padto(skb, len, true);
+}
+
+function of __skb_put_padto
+static inline int __skb_put_padto(struct sk_buff *skb, unsigned int len,
+				  bool free_on_error)
+{
+	unsigned int size = skb->len;
+
+	if (unlikely(size < len)) {
+		len -= size;
+		if (__skb_pad(skb, len, free_on_error))
+			return -ENOMEM;
+		__skb_put(skb, len);
+	}
+	return 0;
+}
+
+Signed-off-by: Carl Huang <cjhuang@codeaurora.org>
+Signed-off-by: Wen Gong <wgong@codeaurora.org>
+Cc: Doug Anderson <dianders@chromium.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/qrtr/qrtr.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/qrtr/qrtr.c
++++ b/net/qrtr/qrtr.c
+@@ -203,7 +203,7 @@ static int qrtr_node_enqueue(struct qrtr
+ 	hdr->size = cpu_to_le32(len);
+ 	hdr->confirm_rx = 0;
+ 
+-	skb_put_padto(skb, ALIGN(len, 4));
++	skb_put_padto(skb, ALIGN(len, 4) + sizeof(*hdr));
+ 
+ 	mutex_lock(&node->ep_lock);
+ 	if (node->ep)
diff --git a/queue-4.19/series b/queue-4.19/series
index fa8f2c422db..dca9e2a2a3f 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -39,3 +39,5 @@ driver-core-make-driver-core-own-stateful-device-links.patch
 driver-core-add-device-link-flag-dl_flag_autoprobe_consumer.patch
 driver-core-remove-device-link-creation-limitation.patch
 driver-core-fix-creation-of-device-links-with-pm-runtime-flags.patch
+net-qrtr-fix-len-of-skb_put_padto-in-qrtr_node_enqueue.patch
+arm-8957-1-vdso-match-armv8-timer-in-cntvct_functional.patch