From: Greg Kroah-Hartman Date: Tue, 23 Jun 2020 12:24:43 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v5.7.6~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c1db33dd898c298527de337d5e3d9ce19ce05eaf;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: crypto-algboss-don-t-wait-during-notifier-callback.patch crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch net-octeon-mgmt-repair-filling-of-rx-ring.patch pwm-jz4740-enhance-precision-in-calculation-of-duty-cycle.patch revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch tracing-probe-fix-memleak-in-fetch_op_data-operations.patch --- diff --git a/queue-5.4/crypto-algboss-don-t-wait-during-notifier-callback.patch b/queue-5.4/crypto-algboss-don-t-wait-during-notifier-callback.patch new file mode 100644 index 00000000000..b279a383449 --- /dev/null +++ b/queue-5.4/crypto-algboss-don-t-wait-during-notifier-callback.patch @@ -0,0 +1,58 @@ +From 77251e41f89a813b4090f5199442f217bbf11297 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 4 Jun 2020 11:52:53 -0700 +Subject: crypto: algboss - don't wait during notifier callback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Eric Biggers + +commit 77251e41f89a813b4090f5199442f217bbf11297 upstream. + +When a crypto template needs to be instantiated, CRYPTO_MSG_ALG_REQUEST +is sent to crypto_chain. cryptomgr_schedule_probe() handles this by +starting a thread to instantiate the template, then waiting for this +thread to complete via crypto_larval::completion. + +This can deadlock because instantiating the template may require loading +modules, and this (apparently depending on userspace) may need to wait +for the crc-t10dif module (lib/crc-t10dif.c) to be loaded. But +crc-t10dif's module_init function uses crypto_register_notifier() and +therefore takes crypto_chain.rwsem for write. That can't proceed until +the notifier callback has finished, as it holds this semaphore for read. + +Fix this by removing the wait on crypto_larval::completion from within +cryptomgr_schedule_probe(). It's actually unnecessary because +crypto_alg_mod_lookup() calls crypto_larval_wait() itself after sending +CRYPTO_MSG_ALG_REQUEST. + +This only actually became a problem in v4.20 due to commit b76377543b73 +("crc-t10dif: Pick better transform if one becomes available"), but the +unnecessary wait was much older. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207159 +Reported-by: Mike Gerow +Fixes: 398710379f51 ("crypto: algapi - Move larval completion into algboss") +Cc: # v3.6+ +Cc: Martin K. Petersen +Signed-off-by: Eric Biggers +Reported-by: Kai Lüke +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/algboss.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/crypto/algboss.c ++++ b/crypto/algboss.c +@@ -188,8 +188,6 @@ static int cryptomgr_schedule_probe(stru + if (IS_ERR(thread)) + goto err_put_larval; + +- wait_for_completion_interruptible(&larval->completion); +- + return NOTIFY_STOP; + + err_put_larval: diff --git a/queue-5.4/crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch b/queue-5.4/crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch new file mode 100644 index 00000000000..04c5e258c0e --- /dev/null +++ b/queue-5.4/crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch @@ -0,0 +1,42 @@ +From 7cf81954705b7e5b057f7dc39a7ded54422ab6e1 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Fri, 29 May 2020 14:54:43 +1000 +Subject: crypto: algif_skcipher - Cap recv SG list at ctx->used + +From: Herbert Xu + +commit 7cf81954705b7e5b057f7dc39a7ded54422ab6e1 upstream. + +Somewhere along the line the cap on the SG list length for receive +was lost. This patch restores it and removes the subsequent test +which is now redundant. + +Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of...") +Cc: +Signed-off-by: Herbert Xu +Reviewed-by: Stephan Mueller +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/algif_skcipher.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/crypto/algif_skcipher.c ++++ b/crypto/algif_skcipher.c +@@ -74,14 +74,10 @@ static int _skcipher_recvmsg(struct sock + return PTR_ERR(areq); + + /* convert iovecs of output buffers into RX SGL */ +- err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len); ++ err = af_alg_get_rsgl(sk, msg, flags, areq, ctx->used, &len); + if (err) + goto free; + +- /* Process only as much RX buffers for which we have TX data */ +- if (len > ctx->used) +- len = ctx->used; +- + /* + * If more buffers are to be expected to be processed, process only + * full block size buffers. diff --git a/queue-5.4/e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch b/queue-5.4/e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch new file mode 100644 index 00000000000..fd951288c51 --- /dev/null +++ b/queue-5.4/e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch @@ -0,0 +1,65 @@ +From 6bf6be1127f7e6d4bf39f84d56854e944d045d74 Mon Sep 17 00:00:00 2001 +From: Chen Yu +Date: Fri, 22 May 2020 01:59:00 +0800 +Subject: e1000e: Do not wake up the system via WOL if device wakeup is disabled + +From: Chen Yu + +commit 6bf6be1127f7e6d4bf39f84d56854e944d045d74 upstream. + +Currently the system will be woken up via WOL(Wake On LAN) even if the +device wakeup ability has been disabled via sysfs: + cat /sys/devices/pci0000:00/0000:00:1f.6/power/wakeup + disabled + +The system should not be woken up if the user has explicitly +disabled the wake up ability for this device. + +This patch clears the WOL ability of this network device if the +user has disabled the wake up ability in sysfs. + +Fixes: bc7f75fa9788 ("[E1000E]: New pci-express e1000 driver") +Reported-by: "Rafael J. Wysocki" +Reviewed-by: Andy Shevchenko +Cc: +Signed-off-by: Chen Yu +Tested-by: Aaron Brown +Signed-off-by: Jeff Kirsher +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/intel/e1000e/netdev.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/net/ethernet/intel/e1000e/netdev.c ++++ b/drivers/net/ethernet/intel/e1000e/netdev.c +@@ -6345,11 +6345,17 @@ static int __e1000_shutdown(struct pci_d + struct net_device *netdev = pci_get_drvdata(pdev); + struct e1000_adapter *adapter = netdev_priv(netdev); + struct e1000_hw *hw = &adapter->hw; +- u32 ctrl, ctrl_ext, rctl, status; +- /* Runtime suspend should only enable wakeup for link changes */ +- u32 wufc = runtime ? E1000_WUFC_LNKC : adapter->wol; ++ u32 ctrl, ctrl_ext, rctl, status, wufc; + int retval = 0; + ++ /* Runtime suspend should only enable wakeup for link changes */ ++ if (runtime) ++ wufc = E1000_WUFC_LNKC; ++ else if (device_may_wakeup(&pdev->dev)) ++ wufc = adapter->wol; ++ else ++ wufc = 0; ++ + status = er32(STATUS); + if (status & E1000_STATUS_LU) + wufc &= ~E1000_WUFC_LNKC; +@@ -6406,7 +6412,7 @@ static int __e1000_shutdown(struct pci_d + if (adapter->hw.phy.type == e1000_phy_igp_3) { + e1000e_igp3_phy_powerdown_workaround_ich8lan(&adapter->hw); + } else if (hw->mac.type >= e1000_pch_lpt) { +- if (!(wufc & (E1000_WUFC_EX | E1000_WUFC_MC | E1000_WUFC_BC))) ++ if (wufc && !(wufc & (E1000_WUFC_EX | E1000_WUFC_MC | E1000_WUFC_BC))) + /* ULP does not support wake from unicast, multicast + * or broadcast. + */ diff --git a/queue-5.4/kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch b/queue-5.4/kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch new file mode 100644 index 00000000000..e9255401639 --- /dev/null +++ b/queue-5.4/kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch @@ -0,0 +1,53 @@ +From 1a0aa991a6274161c95a844c58cfb801d681eb59 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Tue, 12 May 2020 17:02:56 +0900 +Subject: kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex + +From: Masami Hiramatsu + +commit 1a0aa991a6274161c95a844c58cfb801d681eb59 upstream. + +In kprobe_optimizer() kick_kprobe_optimizer() is called +without kprobe_mutex, but this can race with other caller +which is protected by kprobe_mutex. + +To fix that, expand kprobe_mutex protected area to protect +kick_kprobe_optimizer() call. + +Link: http://lkml.kernel.org/r/158927057586.27680.5036330063955940456.stgit@devnote2 + +Fixes: cd7ebe2298ff ("kprobes: Use text_poke_smp_batch for optimizing") +Cc: Ingo Molnar +Cc: "Gustavo A . R . Silva" +Cc: Anders Roxell +Cc: "Naveen N . Rao" +Cc: Anil S Keshavamurthy +Cc: David Miller +Cc: Ingo Molnar +Cc: Peter Zijlstra +Cc: Ziqian SUN +Cc: stable@vger.kernel.org +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/kprobes.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -586,11 +586,12 @@ static void kprobe_optimizer(struct work + mutex_unlock(&module_mutex); + mutex_unlock(&text_mutex); + cpus_read_unlock(); +- mutex_unlock(&kprobe_mutex); + + /* Step 5: Kick optimizer again if needed */ + if (!list_empty(&optimizing_list) || !list_empty(&unoptimizing_list)) + kick_kprobe_optimizer(); ++ ++ mutex_unlock(&kprobe_mutex); + } + + /* Wait for completing optimization and unoptimization */ diff --git a/queue-5.4/kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch b/queue-5.4/kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch new file mode 100644 index 00000000000..1048758f68c --- /dev/null +++ b/queue-5.4/kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch @@ -0,0 +1,238 @@ +From 9b38cc704e844e41d9cf74e647bff1d249512cb3 Mon Sep 17 00:00:00 2001 +From: Jiri Olsa +Date: Tue, 12 May 2020 17:03:18 +0900 +Subject: kretprobe: Prevent triggering kretprobe from within kprobe_flush_task + +From: Jiri Olsa + +commit 9b38cc704e844e41d9cf74e647bff1d249512cb3 upstream. + +Ziqian reported lockup when adding retprobe on _raw_spin_lock_irqsave. +My test was also able to trigger lockdep output: + + ============================================ + WARNING: possible recursive locking detected + 5.6.0-rc6+ #6 Not tainted + -------------------------------------------- + sched-messaging/2767 is trying to acquire lock: + ffffffff9a492798 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_hash_lock+0x52/0xa0 + + but task is already holding lock: + ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50 + + other info that might help us debug this: + Possible unsafe locking scenario: + + CPU0 + ---- + lock(&(kretprobe_table_locks[i].lock)); + lock(&(kretprobe_table_locks[i].lock)); + + *** DEADLOCK *** + + May be due to missing lock nesting notation + + 1 lock held by sched-messaging/2767: + #0: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50 + + stack backtrace: + CPU: 3 PID: 2767 Comm: sched-messaging Not tainted 5.6.0-rc6+ #6 + Call Trace: + dump_stack+0x96/0xe0 + __lock_acquire.cold.57+0x173/0x2b7 + ? native_queued_spin_lock_slowpath+0x42b/0x9e0 + ? lockdep_hardirqs_on+0x590/0x590 + ? __lock_acquire+0xf63/0x4030 + lock_acquire+0x15a/0x3d0 + ? kretprobe_hash_lock+0x52/0xa0 + _raw_spin_lock_irqsave+0x36/0x70 + ? kretprobe_hash_lock+0x52/0xa0 + kretprobe_hash_lock+0x52/0xa0 + trampoline_handler+0xf8/0x940 + ? kprobe_fault_handler+0x380/0x380 + ? find_held_lock+0x3a/0x1c0 + kretprobe_trampoline+0x25/0x50 + ? lock_acquired+0x392/0xbc0 + ? _raw_spin_lock_irqsave+0x50/0x70 + ? __get_valid_kprobe+0x1f0/0x1f0 + ? _raw_spin_unlock_irqrestore+0x3b/0x40 + ? finish_task_switch+0x4b9/0x6d0 + ? __switch_to_asm+0x34/0x70 + ? __switch_to_asm+0x40/0x70 + +The code within the kretprobe handler checks for probe reentrancy, +so we won't trigger any _raw_spin_lock_irqsave probe in there. + +The problem is in outside kprobe_flush_task, where we call: + + kprobe_flush_task + kretprobe_table_lock + raw_spin_lock_irqsave + _raw_spin_lock_irqsave + +where _raw_spin_lock_irqsave triggers the kretprobe and installs +kretprobe_trampoline handler on _raw_spin_lock_irqsave return. + +The kretprobe_trampoline handler is then executed with already +locked kretprobe_table_locks, and first thing it does is to +lock kretprobe_table_locks ;-) the whole lockup path like: + + kprobe_flush_task + kretprobe_table_lock + raw_spin_lock_irqsave + _raw_spin_lock_irqsave ---> probe triggered, kretprobe_trampoline installed + + ---> kretprobe_table_locks locked + + kretprobe_trampoline + trampoline_handler + kretprobe_hash_lock(current, &head, &flags); <--- deadlock + +Adding kprobe_busy_begin/end helpers that mark code with fake +probe installed to prevent triggering of another kprobe within +this code. + +Using these helpers in kprobe_flush_task, so the probe recursion +protection check is hit and the probe is never set to prevent +above lockup. + +Link: http://lkml.kernel.org/r/158927059835.27680.7011202830041561604.stgit@devnote2 + +Fixes: ef53d9c5e4da ("kprobes: improve kretprobe scalability with hashed locking") +Cc: Ingo Molnar +Cc: "Gustavo A . R . Silva" +Cc: Anders Roxell +Cc: "Naveen N . Rao" +Cc: Anil S Keshavamurthy +Cc: David Miller +Cc: Ingo Molnar +Cc: Peter Zijlstra +Cc: stable@vger.kernel.org +Reported-by: "Ziqian SUN (Zamir)" +Acked-by: Masami Hiramatsu +Signed-off-by: Jiri Olsa +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/kprobes/core.c | 16 +++------------- + include/linux/kprobes.h | 4 ++++ + kernel/kprobes.c | 24 ++++++++++++++++++++++++ + 3 files changed, 31 insertions(+), 13 deletions(-) + +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -746,16 +746,11 @@ asm( + NOKPROBE_SYMBOL(kretprobe_trampoline); + STACK_FRAME_NON_STANDARD(kretprobe_trampoline); + +-static struct kprobe kretprobe_kprobe = { +- .addr = (void *)kretprobe_trampoline, +-}; +- + /* + * Called from kretprobe_trampoline + */ + __used __visible void *trampoline_handler(struct pt_regs *regs) + { +- struct kprobe_ctlblk *kcb; + struct kretprobe_instance *ri = NULL; + struct hlist_head *head, empty_rp; + struct hlist_node *tmp; +@@ -765,16 +760,12 @@ __used __visible void *trampoline_handle + void *frame_pointer; + bool skipped = false; + +- preempt_disable(); +- + /* + * Set a dummy kprobe for avoiding kretprobe recursion. + * Since kretprobe never run in kprobe handler, kprobe must not + * be running at this point. + */ +- kcb = get_kprobe_ctlblk(); +- __this_cpu_write(current_kprobe, &kretprobe_kprobe); +- kcb->kprobe_status = KPROBE_HIT_ACTIVE; ++ kprobe_busy_begin(); + + INIT_HLIST_HEAD(&empty_rp); + kretprobe_hash_lock(current, &head, &flags); +@@ -850,7 +841,7 @@ __used __visible void *trampoline_handle + __this_cpu_write(current_kprobe, &ri->rp->kp); + ri->ret_addr = correct_ret_addr; + ri->rp->handler(ri, regs); +- __this_cpu_write(current_kprobe, &kretprobe_kprobe); ++ __this_cpu_write(current_kprobe, &kprobe_busy); + } + + recycle_rp_inst(ri, &empty_rp); +@@ -866,8 +857,7 @@ __used __visible void *trampoline_handle + + kretprobe_hash_unlock(current, &flags); + +- __this_cpu_write(current_kprobe, NULL); +- preempt_enable(); ++ kprobe_busy_end(); + + hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) { + hlist_del(&ri->hlist); +--- a/include/linux/kprobes.h ++++ b/include/linux/kprobes.h +@@ -350,6 +350,10 @@ static inline struct kprobe_ctlblk *get_ + return this_cpu_ptr(&kprobe_ctlblk); + } + ++extern struct kprobe kprobe_busy; ++void kprobe_busy_begin(void); ++void kprobe_busy_end(void); ++ + kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset); + int register_kprobe(struct kprobe *p); + void unregister_kprobe(struct kprobe *p); +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -1237,6 +1237,26 @@ __releases(hlist_lock) + } + NOKPROBE_SYMBOL(kretprobe_table_unlock); + ++struct kprobe kprobe_busy = { ++ .addr = (void *) get_kprobe, ++}; ++ ++void kprobe_busy_begin(void) ++{ ++ struct kprobe_ctlblk *kcb; ++ ++ preempt_disable(); ++ __this_cpu_write(current_kprobe, &kprobe_busy); ++ kcb = get_kprobe_ctlblk(); ++ kcb->kprobe_status = KPROBE_HIT_ACTIVE; ++} ++ ++void kprobe_busy_end(void) ++{ ++ __this_cpu_write(current_kprobe, NULL); ++ preempt_enable(); ++} ++ + /* + * This function is called from finish_task_switch when task tk becomes dead, + * so that we can recycle any function-return probe instances associated +@@ -1254,6 +1274,8 @@ void kprobe_flush_task(struct task_struc + /* Early boot. kretprobe_table_locks not yet initialized. */ + return; + ++ kprobe_busy_begin(); ++ + INIT_HLIST_HEAD(&empty_rp); + hash = hash_ptr(tk, KPROBE_HASH_BITS); + head = &kretprobe_inst_table[hash]; +@@ -1267,6 +1289,8 @@ void kprobe_flush_task(struct task_struc + hlist_del(&ri->hlist); + kfree(ri); + } ++ ++ kprobe_busy_end(); + } + NOKPROBE_SYMBOL(kprobe_flush_task); + diff --git a/queue-5.4/net-octeon-mgmt-repair-filling-of-rx-ring.patch b/queue-5.4/net-octeon-mgmt-repair-filling-of-rx-ring.patch new file mode 100644 index 00000000000..42b84d1ba2c --- /dev/null +++ b/queue-5.4/net-octeon-mgmt-repair-filling-of-rx-ring.patch @@ -0,0 +1,43 @@ +From 0c34bb598c510e070160029f34efeeb217000f8d Mon Sep 17 00:00:00 2001 +From: Alexander Sverdlin +Date: Fri, 29 May 2020 14:17:10 +0200 +Subject: net: octeon: mgmt: Repair filling of RX ring + +From: Alexander Sverdlin + +commit 0c34bb598c510e070160029f34efeeb217000f8d upstream. + +The removal of mips_swiotlb_ops exposed a problem in octeon_mgmt Ethernet +driver. mips_swiotlb_ops had an mb() after most of the operations and the +removal of the ops had broken the receive functionality of the driver. +My code inspection has shown no other places except +octeon_mgmt_rx_fill_ring() where an explicit barrier would be obviously +missing. The latter function however has to make sure that "ringing the +bell" doesn't happen before RX ring entry is really written. + +The patch has been successfully tested on Octeon II. + +Fixes: a999933db9ed ("MIPS: remove mips_swiotlb_ops") +Cc: stable@vger.kernel.org +Signed-off-by: Alexander Sverdlin +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/net/ethernet/cavium/octeon/octeon_mgmt.c ++++ b/drivers/net/ethernet/cavium/octeon/octeon_mgmt.c +@@ -235,6 +235,11 @@ static void octeon_mgmt_rx_fill_ring(str + + /* Put it in the ring. */ + p->rx_ring[p->rx_next_fill] = re.d64; ++ /* Make sure there is no reorder of filling the ring and ringing ++ * the bell ++ */ ++ wmb(); ++ + dma_sync_single_for_device(p->dev, p->rx_ring_handle, + ring_size_to_bytes(OCTEON_MGMT_RX_RING_SIZE), + DMA_BIDIRECTIONAL); diff --git a/queue-5.4/pwm-jz4740-enhance-precision-in-calculation-of-duty-cycle.patch b/queue-5.4/pwm-jz4740-enhance-precision-in-calculation-of-duty-cycle.patch new file mode 100644 index 00000000000..0e350ce53f0 --- /dev/null +++ b/queue-5.4/pwm-jz4740-enhance-precision-in-calculation-of-duty-cycle.patch @@ -0,0 +1,45 @@ +From 9017dc4fbd59c09463019ce494cfe36d654495a8 Mon Sep 17 00:00:00 2001 +From: Paul Cercueil +Date: Wed, 27 May 2020 13:52:23 +0200 +Subject: pwm: jz4740: Enhance precision in calculation of duty cycle +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Paul Cercueil + +commit 9017dc4fbd59c09463019ce494cfe36d654495a8 upstream. + +Calculating the hardware value for the duty from the hardware value of +the period resulted in a precision loss versus calculating it from the +clock rate directly. + +(Also remove a cast that doesn't really need to be here) + +Fixes: f6b8a5700057 ("pwm: Add Ingenic JZ4740 support") +Cc: +Suggested-by: Uwe Kleine-König +Reviewed-by: Uwe Kleine-König +Signed-off-by: Paul Cercueil +Signed-off-by: Thierry Reding +[ukl: backport to v5.4.y and adapt commit log accordingly] +Signed-off-by: Uwe Kleine-König +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pwm/pwm-jz4740.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/pwm/pwm-jz4740.c ++++ b/drivers/pwm/pwm-jz4740.c +@@ -108,8 +108,8 @@ static int jz4740_pwm_apply(struct pwm_c + if (prescaler == 6) + return -EINVAL; + +- tmp = (unsigned long long)period * state->duty_cycle; +- do_div(tmp, state->period); ++ tmp = (unsigned long long)rate * state->duty_cycle; ++ do_div(tmp, NSEC_PER_SEC); + duty = period - tmp; + + if (duty >= period) diff --git a/queue-5.4/revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch b/queue-5.4/revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch new file mode 100644 index 00000000000..8e3e40c0e02 --- /dev/null +++ b/queue-5.4/revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch @@ -0,0 +1,59 @@ +From 14ed1c908a7a623cc0cbf0203f8201d1b7d31d16 Mon Sep 17 00:00:00 2001 +From: Harry Wentland +Date: Thu, 28 May 2020 09:44:44 -0400 +Subject: Revert "drm/amd/display: disable dcn20 abm feature for bring up" + +From: Harry Wentland + +commit 14ed1c908a7a623cc0cbf0203f8201d1b7d31d16 upstream. + +This reverts commit 96cb7cf13d8530099c256c053648ad576588c387. + +This change was used for DCN2 bringup and is no longer desired. +In fact it breaks backlight on DCN2 systems. + +Cc: Alexander Monakov +Cc: Hersen Wu +Cc: Anthony Koo +Cc: Michael Chiu +Signed-off-by: Harry Wentland +Acked-by: Alex Deucher +Reviewed-by: Nicholas Kazlauskas +Reported-and-tested-by: Alexander Monakov +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +@@ -929,7 +929,7 @@ static int dm_late_init(void *handle) + unsigned int linear_lut[16]; + int i; + struct dmcu *dmcu = adev->dm.dc->res_pool->dmcu; +- bool ret = false; ++ bool ret; + + for (i = 0; i < 16; i++) + linear_lut[i] = 0xFFFF * i / 15; +@@ -945,13 +945,10 @@ static int dm_late_init(void *handle) + */ + params.min_abm_backlight = 0x28F; + +- /* todo will enable for navi10 */ +- if (adev->asic_type <= CHIP_RAVEN) { +- ret = dmcu_load_iram(dmcu, params); +- +- if (!ret) +- return -EINVAL; +- } ++ ret = dmcu_load_iram(dmcu, params); ++ ++ if (!ret) ++ return -EINVAL; + + return detect_mst_link_for_all_connectors(adev->ddev); + } diff --git a/queue-5.4/series b/queue-5.4/series index 1a29d837ec3..c2c384667c4 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -301,3 +301,12 @@ drm-i915-whitelist-context-local-timestamp-in-the-gen9-cmdparser.patch drm-connector-notify-userspace-on-hotplug-after-register-complete.patch drm-amd-display-use-kvfree-to-free-coeff-in-build_regamma.patch drm-i915-icl-fix-hotplug-interrupt-disabling-after-storm-detection.patch +revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch +crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch +crypto-algboss-don-t-wait-during-notifier-callback.patch +tracing-probe-fix-memleak-in-fetch_op_data-operations.patch +kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch +kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch +e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch +net-octeon-mgmt-repair-filling-of-rx-ring.patch +pwm-jz4740-enhance-precision-in-calculation-of-duty-cycle.patch diff --git a/queue-5.4/tracing-probe-fix-memleak-in-fetch_op_data-operations.patch b/queue-5.4/tracing-probe-fix-memleak-in-fetch_op_data-operations.patch new file mode 100644 index 00000000000..b44590035d7 --- /dev/null +++ b/queue-5.4/tracing-probe-fix-memleak-in-fetch_op_data-operations.patch @@ -0,0 +1,59 @@ +From 3aa8fdc37d16735e8891035becf25b3857d3efe0 Mon Sep 17 00:00:00 2001 +From: Vamshi K Sthambamkadi +Date: Mon, 15 Jun 2020 20:00:38 +0530 +Subject: tracing/probe: Fix memleak in fetch_op_data operations + +From: Vamshi K Sthambamkadi + +commit 3aa8fdc37d16735e8891035becf25b3857d3efe0 upstream. + +kmemleak report: + [<57dcc2ca>] __kmalloc_track_caller+0x139/0x2b0 + [] kstrndup+0x37/0x80 + [] parse_probe_arg.isra.7+0x3cc/0x630 + [<055bf2ba>] traceprobe_parse_probe_arg+0x2f5/0x810 + [<655a7766>] trace_kprobe_create+0x2ca/0x950 + [<4fc6a02a>] create_or_delete_trace_kprobe+0xf/0x30 + [<6d1c8a52>] trace_run_command+0x67/0x80 + [] trace_parse_run_command+0xa7/0x140 + [] probes_write+0x10/0x20 + [<2027641c>] __vfs_write+0x30/0x1e0 + [<6a4aeee1>] vfs_write+0x96/0x1b0 + [<3517fb7d>] ksys_write+0x53/0xc0 + [] __ia32_sys_write+0x15/0x20 + [] do_syscall_32_irqs_on+0x3d/0x260 + [] do_fast_syscall_32+0x39/0xb0 + [] entry_SYSENTER_32+0xaf/0x102 + +Post parse_probe_arg(), the FETCH_OP_DATA operation type is overwritten +to FETCH_OP_ST_STRING, as a result memory is never freed since +traceprobe_free_probe_arg() iterates only over SYMBOL and DATA op types + +Setup fetch string operation correctly after fetch_op_data operation. + +Link: https://lkml.kernel.org/r/20200615143034.GA1734@cosmos + +Cc: stable@vger.kernel.org +Fixes: a42e3c4de964 ("tracing/probe: Add immediate string parameter support") +Acked-by: Masami Hiramatsu +Signed-off-by: Vamshi K Sthambamkadi +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace_probe.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/trace/trace_probe.c ++++ b/kernel/trace/trace_probe.c +@@ -639,8 +639,8 @@ static int traceprobe_parse_probe_arg_bo + ret = -EINVAL; + goto fail; + } +- if ((code->op == FETCH_OP_IMM || code->op == FETCH_OP_COMM) || +- parg->count) { ++ if ((code->op == FETCH_OP_IMM || code->op == FETCH_OP_COMM || ++ code->op == FETCH_OP_DATA) || parg->count) { + /* + * IMM, DATA and COMM is pointing actual address, those + * must be kept, and if parg->count != 0, this is an