From: Greg Kroah-Hartman Date: Sun, 17 Jan 2021 14:33:05 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.19.169~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ccc51c013e91962d3e3aa6af12e64777dea21893;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: acpi-scan-harden-acpi_device_add-against-device-id-overflows.patch asoc-dapm-remove-widget-from-dirty-list-on-free.patch dm-integrity-fix-the-maximum-number-of-arguments.patch dm-snapshot-flush-merged-data-before-committing-metadata.patch mips-boot-fix-unaligned-access-with-config_mips_raw_appended_dtb.patch mips-fix-malformed-nt_file-and-nt_siginfo-in-32bit-coredumps.patch mips-relocatable-fix-possible-boot-hangup-with-kaslr-enabled.patch mm-hugetlb-fix-potential-missing-huge-page-size-info.patch r8152-add-lenovo-powered-usb-c-travel-hub.patch tracing-kprobes-do-the-notrace-functions-check-without-kprobes-on-ftrace.patch x86-hyperv-check-cpu-mask-after-interrupt-has-been-disabled.patch --- diff --git a/queue-4.19/acpi-scan-harden-acpi_device_add-against-device-id-overflows.patch b/queue-4.19/acpi-scan-harden-acpi_device_add-against-device-id-overflows.patch new file mode 100644 index 00000000000..80e15220ba8 --- /dev/null +++ b/queue-4.19/acpi-scan-harden-acpi_device_add-against-device-id-overflows.patch @@ -0,0 +1,109 @@ +From a58015d638cd4e4555297b04bec9b49028369075 Mon Sep 17 00:00:00 2001 +From: Dexuan Cui +Date: Thu, 7 Jan 2021 23:23:48 -0800 +Subject: ACPI: scan: Harden acpi_device_add() against device ID overflows + +From: Dexuan Cui + +commit a58015d638cd4e4555297b04bec9b49028369075 upstream. + +Linux VM on Hyper-V crashes with the latest mainline: + +[ 4.069624] detected buffer overflow in strcpy +[ 4.077733] kernel BUG at lib/string.c:1149! +.. +[ 4.085819] RIP: 0010:fortify_panic+0xf/0x11 +... +[ 4.085819] Call Trace: +[ 4.085819] acpi_device_add.cold.15+0xf2/0xfb +[ 4.085819] acpi_add_single_object+0x2a6/0x690 +[ 4.085819] acpi_bus_check_add+0xc6/0x280 +[ 4.085819] acpi_ns_walk_namespace+0xda/0x1aa +[ 4.085819] acpi_walk_namespace+0x9a/0xc2 +[ 4.085819] acpi_bus_scan+0x78/0x90 +[ 4.085819] acpi_scan_init+0xfa/0x248 +[ 4.085819] acpi_init+0x2c1/0x321 +[ 4.085819] do_one_initcall+0x44/0x1d0 +[ 4.085819] kernel_init_freeable+0x1ab/0x1f4 + +This is because of the recent buffer overflow detection in the +commit 6a39e62abbaf ("lib: string.h: detect intra-object overflow in +fortified string functions") + +Here acpi_device_bus_id->bus_id can only hold 14 characters, while the +the acpi_device_hid(device) returns a 22-char string +"HYPER_V_GEN_COUNTER_V1". + +Per ACPI Spec v6.2, Section 6.1.5 _HID (Hardware ID), if the ID is a +string, it must be of the form AAA#### or NNNN####, i.e. 7 chars or 8 +chars. + +The field bus_id in struct acpi_device_bus_id was originally defined as +char bus_id[9], and later was enlarged to char bus_id[15] in 2007 in the +commit bb0958544f3c ("ACPI: use more understandable bus_id for ACPI +devices") + +Fix the issue by changing the field bus_id to const char *, and use +kstrdup_const() to initialize it. + +Signed-off-by: Dexuan Cui +Tested-By: Jethro Beekman +[ rjw: Subject change, whitespace adjustment ] +Cc: All applicable +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/internal.h | 2 +- + drivers/acpi/scan.c | 15 ++++++++++++++- + 2 files changed, 15 insertions(+), 2 deletions(-) + +--- a/drivers/acpi/internal.h ++++ b/drivers/acpi/internal.h +@@ -98,7 +98,7 @@ void acpi_scan_table_handler(u32 event, + extern struct list_head acpi_bus_id_list; + + struct acpi_device_bus_id { +- char bus_id[15]; ++ const char *bus_id; + unsigned int instance_no; + struct list_head node; + }; +--- a/drivers/acpi/scan.c ++++ b/drivers/acpi/scan.c +@@ -486,6 +486,7 @@ static void acpi_device_del(struct acpi_ + acpi_device_bus_id->instance_no--; + else { + list_del(&acpi_device_bus_id->node); ++ kfree_const(acpi_device_bus_id->bus_id); + kfree(acpi_device_bus_id); + } + break; +@@ -674,7 +675,14 @@ int acpi_device_add(struct acpi_device * + } + if (!found) { + acpi_device_bus_id = new_bus_id; +- strcpy(acpi_device_bus_id->bus_id, acpi_device_hid(device)); ++ acpi_device_bus_id->bus_id = ++ kstrdup_const(acpi_device_hid(device), GFP_KERNEL); ++ if (!acpi_device_bus_id->bus_id) { ++ pr_err(PREFIX "Memory allocation error for bus id\n"); ++ result = -ENOMEM; ++ goto err_free_new_bus_id; ++ } ++ + acpi_device_bus_id->instance_no = 0; + list_add_tail(&acpi_device_bus_id->node, &acpi_bus_id_list); + } +@@ -709,6 +717,11 @@ int acpi_device_add(struct acpi_device * + if (device->parent) + list_del(&device->node); + list_del(&device->wakeup_list); ++ ++ err_free_new_bus_id: ++ if (!found) ++ kfree(new_bus_id); ++ + mutex_unlock(&acpi_device_lock); + + err_detach: diff --git a/queue-4.19/asoc-dapm-remove-widget-from-dirty-list-on-free.patch b/queue-4.19/asoc-dapm-remove-widget-from-dirty-list-on-free.patch new file mode 100644 index 00000000000..a2f14355089 --- /dev/null +++ b/queue-4.19/asoc-dapm-remove-widget-from-dirty-list-on-free.patch @@ -0,0 +1,45 @@ +From 5c6679b5cb120f07652418524ab186ac47680b49 Mon Sep 17 00:00:00 2001 +From: Thomas Hebb +Date: Sat, 12 Dec 2020 17:20:12 -0800 +Subject: ASoC: dapm: remove widget from dirty list on free + +From: Thomas Hebb + +commit 5c6679b5cb120f07652418524ab186ac47680b49 upstream. + +A widget's "dirty" list_head, much like its "list" list_head, eventually +chains back to a list_head on the snd_soc_card itself. This means that +the list can stick around even after the widget (or all widgets) have +been freed. Currently, however, widgets that are in the dirty list when +freed remain there, corrupting the entire list and leading to memory +errors and undefined behavior when the list is next accessed or +modified. + +I encountered this issue when a component failed to probe relatively +late in snd_soc_bind_card(), causing it to bail out and call +soc_cleanup_card_resources(), which eventually called +snd_soc_dapm_free() with widgets that were still dirty from when they'd +been added. + +Fixes: db432b414e20 ("ASoC: Do DAPM power checks only for widgets changed since last run") +Cc: stable@vger.kernel.org +Signed-off-by: Thomas Hebb +Reviewed-by: Charles Keepax +Link: https://lore.kernel.org/r/f8b5f031d50122bf1a9bfc9cae046badf4a7a31a.1607822410.git.tommyhebb@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/soc-dapm.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/soc/soc-dapm.c ++++ b/sound/soc/soc-dapm.c +@@ -2454,6 +2454,7 @@ void snd_soc_dapm_free_widget(struct snd + enum snd_soc_dapm_direction dir; + + list_del(&w->list); ++ list_del(&w->dirty); + /* + * remove source and sink paths associated to this widget. + * While removing the path, remove reference to it from both diff --git a/queue-4.19/dm-integrity-fix-the-maximum-number-of-arguments.patch b/queue-4.19/dm-integrity-fix-the-maximum-number-of-arguments.patch new file mode 100644 index 00000000000..600bcc355ed --- /dev/null +++ b/queue-4.19/dm-integrity-fix-the-maximum-number-of-arguments.patch @@ -0,0 +1,45 @@ +From 17ffc193cdc6dc7a613d00d8ad47fc1f801b9bf0 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 12 Jan 2021 14:54:47 -0500 +Subject: dm integrity: fix the maximum number of arguments + +From: Mikulas Patocka + +commit 17ffc193cdc6dc7a613d00d8ad47fc1f801b9bf0 upstream. + +Advance the maximum number of arguments from 9 to 15 to account for +all potential feature flags that may be supplied. + +Linux 4.19 added "meta_device" +(356d9d52e1221ba0c9f10b8b38652f78a5298329) and "recalculate" +(a3fcf7253139609bf9ff901fbf955fba047e75dd) flags. + +Commit 468dfca38b1a6fbdccd195d875599cb7c8875cd9 added +"sectors_per_bit" and "bitmap_flush_interval". + +Commit 84597a44a9d86ac949900441cea7da0af0f2f473 added +"allow_discards". + +And the commit d537858ac8aaf4311b51240893add2fc62003b97 added +"fix_padding". + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org # v4.19+ +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-integrity.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -3078,7 +3078,7 @@ static int dm_integrity_ctr(struct dm_ta + unsigned extra_args; + struct dm_arg_set as; + static const struct dm_arg _args[] = { +- {0, 9, "Invalid number of feature args"}, ++ {0, 15, "Invalid number of feature args"}, + }; + unsigned journal_sectors, interleave_sectors, buffer_sectors, journal_watermark, sync_msec; + bool recalculate; diff --git a/queue-4.19/dm-snapshot-flush-merged-data-before-committing-metadata.patch b/queue-4.19/dm-snapshot-flush-merged-data-before-committing-metadata.patch new file mode 100644 index 00000000000..931581a9e5f --- /dev/null +++ b/queue-4.19/dm-snapshot-flush-merged-data-before-committing-metadata.patch @@ -0,0 +1,96 @@ +From fcc42338375a1e67b8568dbb558f8b784d0f3b01 Mon Sep 17 00:00:00 2001 +From: Akilesh Kailash +Date: Mon, 28 Dec 2020 07:14:07 +0000 +Subject: dm snapshot: flush merged data before committing metadata + +From: Akilesh Kailash + +commit fcc42338375a1e67b8568dbb558f8b784d0f3b01 upstream. + +If the origin device has a volatile write-back cache and the following +events occur: + +1: After finishing merge operation of one set of exceptions, + merge_callback() is invoked. +2: Update the metadata in COW device tracking the merge completion. + This update to COW device is flushed cleanly. +3: System crashes and the origin device's cache where the recent + merge was completed has not been flushed. + +During the next cycle when we read the metadata from the COW device, +we will skip reading those metadata whose merge was completed in +step (1). This will lead to data loss/corruption. + +To address this, flush the origin device post merge IO before +updating the metadata. + +Cc: stable@vger.kernel.org +Signed-off-by: Akilesh Kailash +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-snap.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -137,6 +137,11 @@ struct dm_snapshot { + * for them to be committed. + */ + struct bio_list bios_queued_during_merge; ++ ++ /* ++ * Flush data after merge. ++ */ ++ struct bio flush_bio; + }; + + /* +@@ -1061,6 +1066,17 @@ shut: + + static void error_bios(struct bio *bio); + ++static int flush_data(struct dm_snapshot *s) ++{ ++ struct bio *flush_bio = &s->flush_bio; ++ ++ bio_reset(flush_bio); ++ bio_set_dev(flush_bio, s->origin->bdev); ++ flush_bio->bi_opf = REQ_OP_WRITE | REQ_PREFLUSH; ++ ++ return submit_bio_wait(flush_bio); ++} ++ + static void merge_callback(int read_err, unsigned long write_err, void *context) + { + struct dm_snapshot *s = context; +@@ -1074,6 +1090,11 @@ static void merge_callback(int read_err, + goto shut; + } + ++ if (flush_data(s) < 0) { ++ DMERR("Flush after merge failed: shutting down merge"); ++ goto shut; ++ } ++ + if (s->store->type->commit_merge(s->store, + s->num_merging_chunks) < 0) { + DMERR("Write error in exception store: shutting down merge"); +@@ -1198,6 +1219,7 @@ static int snapshot_ctr(struct dm_target + s->first_merging_chunk = 0; + s->num_merging_chunks = 0; + bio_list_init(&s->bios_queued_during_merge); ++ bio_init(&s->flush_bio, NULL, 0); + + /* Allocate hash table for COW data */ + if (init_hash_tables(s)) { +@@ -1391,6 +1413,8 @@ static void snapshot_dtr(struct dm_targe + + mutex_destroy(&s->lock); + ++ bio_uninit(&s->flush_bio); ++ + dm_put_device(ti, s->cow); + + dm_put_device(ti, s->origin); diff --git a/queue-4.19/mips-boot-fix-unaligned-access-with-config_mips_raw_appended_dtb.patch b/queue-4.19/mips-boot-fix-unaligned-access-with-config_mips_raw_appended_dtb.patch new file mode 100644 index 00000000000..477096a9eef --- /dev/null +++ b/queue-4.19/mips-boot-fix-unaligned-access-with-config_mips_raw_appended_dtb.patch @@ -0,0 +1,51 @@ +From 4d4f9c1a17a3480f8fe523673f7232b254d724b7 Mon Sep 17 00:00:00 2001 +From: Paul Cercueil +Date: Wed, 16 Dec 2020 23:39:56 +0000 +Subject: MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Paul Cercueil + +commit 4d4f9c1a17a3480f8fe523673f7232b254d724b7 upstream. + +The compressed payload is not necesarily 4-byte aligned, at least when +compiling with Clang. In that case, the 4-byte value appended to the +compressed payload that corresponds to the uncompressed kernel image +size must be read using get_unaligned_le32(). + +This fixes Clang-built kernels not booting on MIPS (tested on a Ingenic +JZ4770 board). + +Fixes: b8f54f2cde78 ("MIPS: ZBOOT: copy appended dtb to the end of the kernel") +Cc: # v4.7 +Signed-off-by: Paul Cercueil +Reviewed-by: Nick Desaulniers +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/boot/compressed/decompress.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/mips/boot/compressed/decompress.c ++++ b/arch/mips/boot/compressed/decompress.c +@@ -17,6 +17,7 @@ + #include + + #include ++#include + + /* + * These two variables specify the free mem region +@@ -117,7 +118,7 @@ void decompress_kernel(unsigned long boo + dtb_size = fdt_totalsize((void *)&__appended_dtb); + + /* last four bytes is always image size in little endian */ +- image_size = le32_to_cpup((void *)&__image_end - 4); ++ image_size = get_unaligned_le32((void *)&__image_end - 4); + + /* copy dtb to where the booted kernel will expect it */ + memcpy((void *)VMLINUX_LOAD_ADDRESS_ULL + image_size, diff --git a/queue-4.19/mips-fix-malformed-nt_file-and-nt_siginfo-in-32bit-coredumps.patch b/queue-4.19/mips-fix-malformed-nt_file-and-nt_siginfo-in-32bit-coredumps.patch new file mode 100644 index 00000000000..bd3188923e8 --- /dev/null +++ b/queue-4.19/mips-fix-malformed-nt_file-and-nt_siginfo-in-32bit-coredumps.patch @@ -0,0 +1,61 @@ +From 698222457465ce343443be81c5512edda86e5914 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Thu, 24 Dec 2020 19:44:38 +0000 +Subject: MIPS: Fix malformed NT_FILE and NT_SIGINFO in 32bit coredumps + +From: Al Viro + +commit 698222457465ce343443be81c5512edda86e5914 upstream. + +Patches that introduced NT_FILE and NT_SIGINFO notes back in 2012 +had taken care of native (fs/binfmt_elf.c) and compat (fs/compat_binfmt_elf.c) +coredumps; unfortunately, compat on mips (which does not go through the +usual compat_binfmt_elf.c) had not been noticed. + +As the result, both N32 and O32 coredumps on 64bit mips kernels +have those sections malformed enough to confuse the living hell out of +all gdb and readelf versions (up to and including the tip of binutils-gdb.git). + +Longer term solution is to make both O32 and N32 compat use the +regular compat_binfmt_elf.c, but that's too much for backports. The minimal +solution is to do in arch/mips/kernel/binfmt_elf[on]32.c the same thing +those patches have done in fs/compat_binfmt_elf.c + +Cc: stable@kernel.org # v3.7+ +Signed-off-by: Al Viro +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/binfmt_elfn32.c | 7 +++++++ + arch/mips/kernel/binfmt_elfo32.c | 7 +++++++ + 2 files changed, 14 insertions(+) + +--- a/arch/mips/kernel/binfmt_elfn32.c ++++ b/arch/mips/kernel/binfmt_elfn32.c +@@ -103,4 +103,11 @@ jiffies_to_compat_timeval(unsigned long + #undef ns_to_timeval + #define ns_to_timeval ns_to_compat_timeval + ++/* ++ * Some data types as stored in coredump. ++ */ ++#define user_long_t compat_long_t ++#define user_siginfo_t compat_siginfo_t ++#define copy_siginfo_to_external copy_siginfo_to_external32 ++ + #include "../../../fs/binfmt_elf.c" +--- a/arch/mips/kernel/binfmt_elfo32.c ++++ b/arch/mips/kernel/binfmt_elfo32.c +@@ -106,4 +106,11 @@ jiffies_to_compat_timeval(unsigned long + #undef ns_to_timeval + #define ns_to_timeval ns_to_compat_timeval + ++/* ++ * Some data types as stored in coredump. ++ */ ++#define user_long_t compat_long_t ++#define user_siginfo_t compat_siginfo_t ++#define copy_siginfo_to_external copy_siginfo_to_external32 ++ + #include "../../../fs/binfmt_elf.c" diff --git a/queue-4.19/mips-relocatable-fix-possible-boot-hangup-with-kaslr-enabled.patch b/queue-4.19/mips-relocatable-fix-possible-boot-hangup-with-kaslr-enabled.patch new file mode 100644 index 00000000000..777fd400ee6 --- /dev/null +++ b/queue-4.19/mips-relocatable-fix-possible-boot-hangup-with-kaslr-enabled.patch @@ -0,0 +1,51 @@ +From 69e976831cd53f9ba304fd20305b2025ecc78eab Mon Sep 17 00:00:00 2001 +From: Alexander Lobakin +Date: Sun, 10 Jan 2021 14:21:05 +0000 +Subject: MIPS: relocatable: fix possible boot hangup with KASLR enabled + +From: Alexander Lobakin + +commit 69e976831cd53f9ba304fd20305b2025ecc78eab upstream. + +LLVM-built Linux triggered a boot hangup with KASLR enabled. + +arch/mips/kernel/relocate.c:get_random_boot() uses linux_banner, +which is a string constant, as a random seed, but accesses it +as an array of unsigned long (in rotate_xor()). +When the address of linux_banner is not aligned to sizeof(long), +such access emits unaligned access exception and hangs the kernel. + +Use PTR_ALIGN() to align input address to sizeof(long) and also +align down the input length to prevent possible access-beyond-end. + +Fixes: 405bc8fd12f5 ("MIPS: Kernel: Implement KASLR using CONFIG_RELOCATABLE") +Cc: stable@vger.kernel.org # 4.7+ +Signed-off-by: Alexander Lobakin +Tested-by: Nathan Chancellor +Reviewed-by: Kees Cook +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/relocate.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/arch/mips/kernel/relocate.c ++++ b/arch/mips/kernel/relocate.c +@@ -187,8 +187,14 @@ static int __init relocate_exception_tab + static inline __init unsigned long rotate_xor(unsigned long hash, + const void *area, size_t size) + { +- size_t i; +- unsigned long *ptr = (unsigned long *)area; ++ const typeof(hash) *ptr = PTR_ALIGN(area, sizeof(hash)); ++ size_t diff, i; ++ ++ diff = (void *)ptr - area; ++ if (unlikely(size < diff + sizeof(hash))) ++ return hash; ++ ++ size = ALIGN_DOWN(size - diff, sizeof(hash)); + + for (i = 0; i < size / sizeof(hash); i++) { + /* Rotate by odd number of bits and XOR. */ diff --git a/queue-4.19/mm-hugetlb-fix-potential-missing-huge-page-size-info.patch b/queue-4.19/mm-hugetlb-fix-potential-missing-huge-page-size-info.patch new file mode 100644 index 00000000000..ed264fff57a --- /dev/null +++ b/queue-4.19/mm-hugetlb-fix-potential-missing-huge-page-size-info.patch @@ -0,0 +1,36 @@ +From 0eb98f1588c2cc7a79816d84ab18a55d254f481c Mon Sep 17 00:00:00 2001 +From: Miaohe Lin +Date: Tue, 12 Jan 2021 15:49:24 -0800 +Subject: mm/hugetlb: fix potential missing huge page size info + +From: Miaohe Lin + +commit 0eb98f1588c2cc7a79816d84ab18a55d254f481c upstream. + +The huge page size is encoded for VM_FAULT_HWPOISON errors only. So if +we return VM_FAULT_HWPOISON, huge page size would just be ignored. + +Link: https://lkml.kernel.org/r/20210107123449.38481-1-linmiaohe@huawei.com +Fixes: aa50d3a7aa81 ("Encode huge page size for VM_FAULT_HWPOISON errors") +Signed-off-by: Miaohe Lin +Reviewed-by: Mike Kravetz +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/hugetlb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -3852,7 +3852,7 @@ retry: + * So we need to block hugepage fault by PG_hwpoison bit check. + */ + if (unlikely(PageHWPoison(page))) { +- ret = VM_FAULT_HWPOISON | ++ ret = VM_FAULT_HWPOISON_LARGE | + VM_FAULT_SET_HINDEX(hstate_index(h)); + goto backout_unlocked; + } diff --git a/queue-4.19/r8152-add-lenovo-powered-usb-c-travel-hub.patch b/queue-4.19/r8152-add-lenovo-powered-usb-c-travel-hub.patch new file mode 100644 index 00000000000..8fa90a8305d --- /dev/null +++ b/queue-4.19/r8152-add-lenovo-powered-usb-c-travel-hub.patch @@ -0,0 +1,55 @@ +From cb82a54904a99df9e8f9e9d282046055dae5a730 Mon Sep 17 00:00:00 2001 +From: Leon Schuermann +Date: Mon, 11 Jan 2021 20:03:13 +0100 +Subject: r8152: Add Lenovo Powered USB-C Travel Hub + +From: Leon Schuermann + +commit cb82a54904a99df9e8f9e9d282046055dae5a730 upstream. + +This USB-C Hub (17ef:721e) based on the Realtek RTL8153B chip used to +use the cdc_ether driver. However, using this driver, with the system +suspended the device constantly sends pause-frames as soon as the +receive buffer fills up. This causes issues with other devices, where +some Ethernet switches stop forwarding packets altogether. + +Using the Realtek driver (r8152) fixes this issue. Pause frames are no +longer sent while the host system is suspended. + +Signed-off-by: Leon Schuermann +Tested-by: Leon Schuermann +Link: https://lore.kernel.org/r/20210111190312.12589-2-leon@is.currently.online +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/usb/cdc_ether.c | 7 +++++++ + drivers/net/usb/r8152.c | 1 + + 2 files changed, 8 insertions(+) + +--- a/drivers/net/usb/cdc_ether.c ++++ b/drivers/net/usb/cdc_ether.c +@@ -800,6 +800,13 @@ static const struct usb_device_id produc + .driver_info = 0, + }, + ++/* Lenovo Powered USB-C Travel Hub (4X90S92381, based on Realtek RTL8153) */ ++{ ++ USB_DEVICE_AND_INTERFACE_INFO(LENOVO_VENDOR_ID, 0x721e, USB_CLASS_COMM, ++ USB_CDC_SUBCLASS_ETHERNET, USB_CDC_PROTO_NONE), ++ .driver_info = 0, ++}, ++ + /* ThinkPad USB-C Dock Gen 2 (based on Realtek RTL8153) */ + { + USB_DEVICE_AND_INTERFACE_INFO(LENOVO_VENDOR_ID, 0xa387, USB_CLASS_COMM, +--- a/drivers/net/usb/r8152.c ++++ b/drivers/net/usb/r8152.c +@@ -5352,6 +5352,7 @@ static const struct usb_device_id rtl815 + {REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0x7205)}, + {REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0x720c)}, + {REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0x7214)}, ++ {REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0x721e)}, + {REALTEK_USB_DEVICE(VENDOR_ID_LENOVO, 0xa387)}, + {REALTEK_USB_DEVICE(VENDOR_ID_LINKSYS, 0x0041)}, + {REALTEK_USB_DEVICE(VENDOR_ID_NVIDIA, 0x09ff)}, diff --git a/queue-4.19/series b/queue-4.19/series index e69de29bb2d..a6ac6ca39f4 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -0,0 +1,11 @@ +asoc-dapm-remove-widget-from-dirty-list-on-free.patch +x86-hyperv-check-cpu-mask-after-interrupt-has-been-disabled.patch +tracing-kprobes-do-the-notrace-functions-check-without-kprobes-on-ftrace.patch +mips-boot-fix-unaligned-access-with-config_mips_raw_appended_dtb.patch +mips-fix-malformed-nt_file-and-nt_siginfo-in-32bit-coredumps.patch +mips-relocatable-fix-possible-boot-hangup-with-kaslr-enabled.patch +acpi-scan-harden-acpi_device_add-against-device-id-overflows.patch +mm-hugetlb-fix-potential-missing-huge-page-size-info.patch +dm-snapshot-flush-merged-data-before-committing-metadata.patch +dm-integrity-fix-the-maximum-number-of-arguments.patch +r8152-add-lenovo-powered-usb-c-travel-hub.patch diff --git a/queue-4.19/tracing-kprobes-do-the-notrace-functions-check-without-kprobes-on-ftrace.patch b/queue-4.19/tracing-kprobes-do-the-notrace-functions-check-without-kprobes-on-ftrace.patch new file mode 100644 index 00000000000..819b038cfba --- /dev/null +++ b/queue-4.19/tracing-kprobes-do-the-notrace-functions-check-without-kprobes-on-ftrace.patch @@ -0,0 +1,58 @@ +From 7bb83f6fc4ee84e95d0ac0d14452c2619fb3fe70 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Fri, 8 Jan 2021 13:19:38 +0900 +Subject: tracing/kprobes: Do the notrace functions check without kprobes on ftrace + +From: Masami Hiramatsu + +commit 7bb83f6fc4ee84e95d0ac0d14452c2619fb3fe70 upstream. + +Enable the notrace function check on the architecture which doesn't +support kprobes on ftrace but support dynamic ftrace. This notrace +function check is not only for the kprobes on ftrace but also +sw-breakpoint based kprobes. +Thus there is no reason to limit this check for the arch which +supports kprobes on ftrace. + +This also changes the dependency of Kconfig. Because kprobe event +uses the function tracer's address list for identifying notrace +function, if the CONFIG_DYNAMIC_FTRACE=n, it can not check whether +the target function is notrace or not. + +Link: https://lkml.kernel.org/r/20210105065730.2634785-1-naveen.n.rao@linux.vnet.ibm.com +Link: https://lkml.kernel.org/r/161007957862.114704.4512260007555399463.stgit@devnote2 + +Cc: stable@vger.kernel.org +Fixes: 45408c4f92506 ("tracing: kprobes: Prohibit probing on notrace function") +Acked-by: Naveen N. Rao +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/Kconfig | 2 +- + kernel/trace/trace_kprobe.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/trace/Kconfig ++++ b/kernel/trace/Kconfig +@@ -476,7 +476,7 @@ config KPROBE_EVENTS + config KPROBE_EVENTS_ON_NOTRACE + bool "Do NOT protect notrace function from kprobe events" + depends on KPROBE_EVENTS +- depends on KPROBES_ON_FTRACE ++ depends on DYNAMIC_FTRACE + default n + help + This is only for the developers who want to debug ftrace itself +--- a/kernel/trace/trace_kprobe.c ++++ b/kernel/trace/trace_kprobe.c +@@ -517,7 +517,7 @@ disable_trace_kprobe(struct trace_kprobe + return ret; + } + +-#if defined(CONFIG_KPROBES_ON_FTRACE) && \ ++#if defined(CONFIG_DYNAMIC_FTRACE) && \ + !defined(CONFIG_KPROBE_EVENTS_ON_NOTRACE) + static bool __within_notrace_func(unsigned long addr) + { diff --git a/queue-4.19/x86-hyperv-check-cpu-mask-after-interrupt-has-been-disabled.patch b/queue-4.19/x86-hyperv-check-cpu-mask-after-interrupt-has-been-disabled.patch new file mode 100644 index 00000000000..d06f39f3bf3 --- /dev/null +++ b/queue-4.19/x86-hyperv-check-cpu-mask-after-interrupt-has-been-disabled.patch @@ -0,0 +1,51 @@ +From ad0a6bad44758afa3b440c254a24999a0c7e35d5 Mon Sep 17 00:00:00 2001 +From: Wei Liu +Date: Tue, 5 Jan 2021 17:50:43 +0000 +Subject: x86/hyperv: check cpu mask after interrupt has been disabled + +From: Wei Liu + +commit ad0a6bad44758afa3b440c254a24999a0c7e35d5 upstream. + +We've observed crashes due to an empty cpu mask in +hyperv_flush_tlb_others. Obviously the cpu mask in question is changed +between the cpumask_empty call at the beginning of the function and when +it is actually used later. + +One theory is that an interrupt comes in between and a code path ends up +changing the mask. Move the check after interrupt has been disabled to +see if it fixes the issue. + +Signed-off-by: Wei Liu +Cc: stable@kernel.org +Link: https://lore.kernel.org/r/20210105175043.28325-1-wei.liu@kernel.org +Reviewed-by: Michael Kelley +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/hyperv/mmu.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/arch/x86/hyperv/mmu.c ++++ b/arch/x86/hyperv/mmu.c +@@ -66,11 +66,17 @@ static void hyperv_flush_tlb_others(cons + if (!hv_hypercall_pg) + goto do_native; + +- if (cpumask_empty(cpus)) +- return; +- + local_irq_save(flags); + ++ /* ++ * Only check the mask _after_ interrupt has been disabled to avoid the ++ * mask changing under our feet. ++ */ ++ if (cpumask_empty(cpus)) { ++ local_irq_restore(flags); ++ return; ++ } ++ + flush_pcpu = (struct hv_tlb_flush **) + this_cpu_ptr(hyperv_pcpu_input_arg); +