From: Greg Kroah-Hartman Date: Sun, 14 Nov 2021 12:28:05 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v5.4.160~108 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c468bfd664b79d487295894beaf13cdc95ae5b6d;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: can-j1939-j1939_can_recv-ignore-messages-with-invalid-source-address.patch can-j1939-j1939_tp_cmd_recv-ignore-abort-message-in-the-bam-transport.patch kvm-nvmx-query-current-vmcs-when-determining-if-msr-bitmaps-are-in-use.patch powerpc-85xx-fix-oops-when-mpc85xx_smp_guts_ids-node-cannot-be-found.patch serial-core-fix-initializing-and-restoring-termios-speed.patch --- diff --git a/queue-5.4/can-j1939-j1939_can_recv-ignore-messages-with-invalid-source-address.patch b/queue-5.4/can-j1939-j1939_can_recv-ignore-messages-with-invalid-source-address.patch new file mode 100644 index 00000000000..ea2ce758520 --- /dev/null +++ b/queue-5.4/can-j1939-j1939_can_recv-ignore-messages-with-invalid-source-address.patch @@ -0,0 +1,40 @@ +From a79305e156db3d24fcd8eb649cdb3c3b2350e5c2 Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Thu, 28 Oct 2021 22:38:26 +0800 +Subject: can: j1939: j1939_can_recv(): ignore messages with invalid source address + +From: Zhang Changzhong + +commit a79305e156db3d24fcd8eb649cdb3c3b2350e5c2 upstream. + +According to SAE-J1939-82 2015 (A.3.6 Row 2), a receiver should never +send TP.CM_CTS to the global address, so we can add a check in +j1939_can_recv() to drop messages with invalid source address. + +Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol") +Link: https://lore.kernel.org/all/1635431907-15617-3-git-send-email-zhangchangzhong@huawei.com +Cc: stable@vger.kernel.org +Signed-off-by: Zhang Changzhong +Acked-by: Oleksij Rempel +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman +--- + net/can/j1939/main.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/net/can/j1939/main.c ++++ b/net/can/j1939/main.c +@@ -75,6 +75,13 @@ static void j1939_can_recv(struct sk_buf + skcb->addr.pgn = (cf->can_id >> 8) & J1939_PGN_MAX; + /* set default message type */ + skcb->addr.type = J1939_TP; ++ ++ if (!j1939_address_is_valid(skcb->addr.sa)) { ++ netdev_err_once(priv->ndev, "%s: sa is broadcast address, ignoring!\n", ++ __func__); ++ goto done; ++ } ++ + if (j1939_pgn_is_pdu1(skcb->addr.pgn)) { + /* Type 1: with destination address */ + skcb->addr.da = skcb->addr.pgn; diff --git a/queue-5.4/can-j1939-j1939_tp_cmd_recv-ignore-abort-message-in-the-bam-transport.patch b/queue-5.4/can-j1939-j1939_tp_cmd_recv-ignore-abort-message-in-the-bam-transport.patch new file mode 100644 index 00000000000..520d768d7d9 --- /dev/null +++ b/queue-5.4/can-j1939-j1939_tp_cmd_recv-ignore-abort-message-in-the-bam-transport.patch @@ -0,0 +1,38 @@ +From c0f49d98006f2db3333b917caac65bce2af9865c Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Thu, 28 Oct 2021 22:38:25 +0800 +Subject: can: j1939: j1939_tp_cmd_recv(): ignore abort message in the BAM transport + +From: Zhang Changzhong + +commit c0f49d98006f2db3333b917caac65bce2af9865c upstream. + +This patch prevents BAM transport from being closed by receiving abort +message, as specified in SAE-J1939-82 2015 (A.3.3 Row 4). + +Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol") +Link: https://lore.kernel.org/all/1635431907-15617-2-git-send-email-zhangchangzhong@huawei.com +Cc: stable@vger.kernel.org +Signed-off-by: Zhang Changzhong +Acked-by: Oleksij Rempel +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman +--- + net/can/j1939/transport.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/net/can/j1939/transport.c ++++ b/net/can/j1939/transport.c +@@ -2065,6 +2065,12 @@ static void j1939_tp_cmd_recv(struct j19 + break; + + case J1939_ETP_CMD_ABORT: /* && J1939_TP_CMD_ABORT */ ++ if (j1939_cb_is_broadcast(skcb)) { ++ netdev_err_once(priv->ndev, "%s: abort to broadcast (%02x), ignoring!\n", ++ __func__, skcb->addr.sa); ++ return; ++ } ++ + if (j1939_tp_im_transmitter(skcb)) + j1939_xtp_rx_abort(priv, skb, true); + diff --git a/queue-5.4/kvm-nvmx-query-current-vmcs-when-determining-if-msr-bitmaps-are-in-use.patch b/queue-5.4/kvm-nvmx-query-current-vmcs-when-determining-if-msr-bitmaps-are-in-use.patch new file mode 100644 index 00000000000..6f704f09bd1 --- /dev/null +++ b/queue-5.4/kvm-nvmx-query-current-vmcs-when-determining-if-msr-bitmaps-are-in-use.patch @@ -0,0 +1,66 @@ +From 7dfbc624eb5726367900c8d86deff50836240361 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Tue, 9 Nov 2021 01:30:44 +0000 +Subject: KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use + +From: Sean Christopherson + +commit 7dfbc624eb5726367900c8d86deff50836240361 upstream. + +Check the current VMCS controls to determine if an MSR write will be +intercepted due to MSR bitmaps being disabled. In the nested VMX case, +KVM will disable MSR bitmaps in vmcs02 if they're disabled in vmcs12 or +if KVM can't map L1's bitmaps for whatever reason. + +Note, the bad behavior is relatively benign in the current code base as +KVM sets all bits in vmcs02's MSR bitmap by default, clears bits if and +only if L0 KVM also disables interception of an MSR, and only uses the +buggy helper for MSR_IA32_SPEC_CTRL. Because KVM explicitly tests WRMSR +before disabling interception of MSR_IA32_SPEC_CTRL, the flawed check +will only result in KVM reading MSR_IA32_SPEC_CTRL from hardware when it +isn't strictly necessary. + +Tag the fix for stable in case a future fix wants to use +msr_write_intercepted(), in which case a buggy implementation in older +kernels could prove subtly problematic. + +Fixes: d28b387fb74d ("KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL") +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20211109013047.2041518-2-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/vmx/vmx.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -785,15 +785,15 @@ void update_exception_bitmap(struct kvm_ + /* + * Check if MSR is intercepted for currently loaded MSR bitmap. + */ +-static bool msr_write_intercepted(struct kvm_vcpu *vcpu, u32 msr) ++static bool msr_write_intercepted(struct vcpu_vmx *vmx, u32 msr) + { + unsigned long *msr_bitmap; + int f = sizeof(unsigned long); + +- if (!cpu_has_vmx_msr_bitmap()) ++ if (!(exec_controls_get(vmx) & CPU_BASED_USE_MSR_BITMAPS)) + return true; + +- msr_bitmap = to_vmx(vcpu)->loaded_vmcs->msr_bitmap; ++ msr_bitmap = vmx->loaded_vmcs->msr_bitmap; + + if (msr <= 0x1fff) { + return !!test_bit(msr, msr_bitmap + 0x800 / f); +@@ -6579,7 +6579,7 @@ static void vmx_vcpu_run(struct kvm_vcpu + * If the L02 MSR bitmap does not intercept the MSR, then we need to + * save it. + */ +- if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) ++ if (unlikely(!msr_write_intercepted(vmx, MSR_IA32_SPEC_CTRL))) + vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); + + x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0); diff --git a/queue-5.4/powerpc-85xx-fix-oops-when-mpc85xx_smp_guts_ids-node-cannot-be-found.patch b/queue-5.4/powerpc-85xx-fix-oops-when-mpc85xx_smp_guts_ids-node-cannot-be-found.patch new file mode 100644 index 00000000000..e9ebb8a322e --- /dev/null +++ b/queue-5.4/powerpc-85xx-fix-oops-when-mpc85xx_smp_guts_ids-node-cannot-be-found.patch @@ -0,0 +1,37 @@ +From 3c2172c1c47b4079c29f0e6637d764a99355ebcd Mon Sep 17 00:00:00 2001 +From: Xiaoming Ni +Date: Wed, 29 Sep 2021 11:36:45 +0800 +Subject: powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found + +From: Xiaoming Ni + +commit 3c2172c1c47b4079c29f0e6637d764a99355ebcd upstream. + +When the field described in mpc85xx_smp_guts_ids[] is not configured in +dtb, the mpc85xx_setup_pmc() does not assign a value to the "guts" +variable. As a result, the oops is triggered when +mpc85xx_freeze_time_base() is executed. + +Fixes: 56f1ba280719 ("powerpc/mpc85xx: refactor the PM operations") +Cc: stable@vger.kernel.org # v4.6+ +Signed-off-by: Xiaoming Ni +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210929033646.39630-2-nixiaoming@huawei.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/platforms/85xx/mpc85xx_pm_ops.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/arch/powerpc/platforms/85xx/mpc85xx_pm_ops.c ++++ b/arch/powerpc/platforms/85xx/mpc85xx_pm_ops.c +@@ -94,9 +94,8 @@ int __init mpc85xx_setup_pmc(void) + pr_err("Could not map guts node address\n"); + return -ENOMEM; + } ++ qoriq_pm_ops = &mpc85xx_pm_ops; + } + +- qoriq_pm_ops = &mpc85xx_pm_ops; +- + return 0; + } diff --git a/queue-5.4/serial-core-fix-initializing-and-restoring-termios-speed.patch b/queue-5.4/serial-core-fix-initializing-and-restoring-termios-speed.patch new file mode 100644 index 00000000000..3f37e9975c9 --- /dev/null +++ b/queue-5.4/serial-core-fix-initializing-and-restoring-termios-speed.patch @@ -0,0 +1,111 @@ +From 027b57170bf8bb6999a28e4a5f3d78bf1db0f90c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pali=20Roh=C3=A1r?= +Date: Sat, 2 Oct 2021 15:09:00 +0200 +Subject: serial: core: Fix initializing and restoring termios speed +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pali Rohár + +commit 027b57170bf8bb6999a28e4a5f3d78bf1db0f90c upstream. + +Since commit edc6afc54968 ("tty: switch to ktermios and new framework") +termios speed is no longer stored only in c_cflag member but also in new +additional c_ispeed and c_ospeed members. If BOTHER flag is set in c_cflag +then termios speed is stored only in these new members. + +Therefore to correctly restore termios speed it is required to store also +ispeed and ospeed members, not only cflag member. + +In case only cflag member with BOTHER flag is restored then functions +tty_termios_baud_rate() and tty_termios_input_baud_rate() returns baudrate +stored in c_ospeed / c_ispeed member, which is zero as it was not restored +too. If reported baudrate is invalid (e.g. zero) then serial core functions +report fallback baudrate value 9600. So it means that in this case original +baudrate is lost and kernel changes it to value 9600. + +Simple reproducer of this issue is to boot kernel with following command +line argument: "console=ttyXXX,86400" (where ttyXXX is the device name). +For speed 86400 there is no Bnnn constant and therefore kernel has to +represent this speed via BOTHER c_cflag. Which means that speed is stored +only in c_ospeed and c_ispeed members, not in c_cflag anymore. + +If bootloader correctly configures serial device to speed 86400 then kernel +prints boot log to early console at speed speed 86400 without any issue. +But after kernel starts initializing real console device ttyXXX then speed +is changed to fallback value 9600 because information about speed was lost. + +This patch fixes above issue by storing and restoring also ispeed and +ospeed members, which are required for BOTHER flag. + +Fixes: edc6afc54968 ("[PATCH] tty: switch to ktermios and new framework") +Cc: stable@vger.kernel.org +Signed-off-by: Pali Rohár +Link: https://lore.kernel.org/r/20211002130900.9518-1-pali@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/serial_core.c | 16 ++++++++++++++-- + include/linux/console.h | 2 ++ + 2 files changed, 16 insertions(+), 2 deletions(-) + +--- a/drivers/tty/serial/serial_core.c ++++ b/drivers/tty/serial/serial_core.c +@@ -220,7 +220,11 @@ static int uart_port_startup(struct tty_ + if (retval == 0) { + if (uart_console(uport) && uport->cons->cflag) { + tty->termios.c_cflag = uport->cons->cflag; ++ tty->termios.c_ispeed = uport->cons->ispeed; ++ tty->termios.c_ospeed = uport->cons->ospeed; + uport->cons->cflag = 0; ++ uport->cons->ispeed = 0; ++ uport->cons->ospeed = 0; + } + /* + * Initialise the hardware port settings. +@@ -288,8 +292,11 @@ static void uart_shutdown(struct tty_str + /* + * Turn off DTR and RTS early. + */ +- if (uport && uart_console(uport) && tty) ++ if (uport && uart_console(uport) && tty) { + uport->cons->cflag = tty->termios.c_cflag; ++ uport->cons->ispeed = tty->termios.c_ispeed; ++ uport->cons->ospeed = tty->termios.c_ospeed; ++ } + + if (!tty || C_HUPCL(tty)) + uart_port_dtr_rts(uport, 0); +@@ -2110,8 +2117,11 @@ uart_set_options(struct uart_port *port, + * Allow the setting of the UART parameters with a NULL console + * too: + */ +- if (co) ++ if (co) { + co->cflag = termios.c_cflag; ++ co->ispeed = termios.c_ispeed; ++ co->ospeed = termios.c_ospeed; ++ } + + return 0; + } +@@ -2245,6 +2255,8 @@ int uart_resume_port(struct uart_driver + */ + memset(&termios, 0, sizeof(struct ktermios)); + termios.c_cflag = uport->cons->cflag; ++ termios.c_ispeed = uport->cons->ispeed; ++ termios.c_ospeed = uport->cons->ospeed; + + /* + * If that's unset, use the tty termios setting. +--- a/include/linux/console.h ++++ b/include/linux/console.h +@@ -153,6 +153,8 @@ struct console { + short flags; + short index; + int cflag; ++ uint ispeed; ++ uint ospeed; + void *data; + struct console *next; + }; diff --git a/queue-5.4/series b/queue-5.4/series index 5bc78b7ad04..682f18d65c8 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -88,3 +88,8 @@ signal-remove-the-bogus-sigkill_pending-in-ptrace_stop.patch signal-mips-update-_save-_restore-_fp_context-to-fail-with-efault.patch power-supply-max17042_battery-prevent-int-underflow-in-set_soc_threshold.patch power-supply-max17042_battery-use-vfsoc-for-capacity-when-no-rsns.patch +kvm-nvmx-query-current-vmcs-when-determining-if-msr-bitmaps-are-in-use.patch +can-j1939-j1939_tp_cmd_recv-ignore-abort-message-in-the-bam-transport.patch +can-j1939-j1939_can_recv-ignore-messages-with-invalid-source-address.patch +powerpc-85xx-fix-oops-when-mpc85xx_smp_guts_ids-node-cannot-be-found.patch +serial-core-fix-initializing-and-restoring-termios-speed.patch