From: Greg Kroah-Hartman Date: Sat, 10 Nov 2018 16:35:00 +0000 (-0800) Subject: 3.18-stable patches X-Git-Tag: v4.19.2~85 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d6f6e076810cf4e82abea61b58d823286166ca90;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch bcache-fix-miss-key-refill-end-in-writeback.patch jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch --- diff --git a/queue-3.18/acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch b/queue-3.18/acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch new file mode 100644 index 00000000000..bde87f3869d --- /dev/null +++ b/queue-3.18/acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch @@ -0,0 +1,45 @@ +From 4abb951b73ff0a8a979113ef185651aa3c8da19b Mon Sep 17 00:00:00 2001 +From: Erik Schmauss +Date: Wed, 17 Oct 2018 14:09:35 -0700 +Subject: ACPICA: AML interpreter: add region addresses in global list during initialization + +From: Erik Schmauss + +commit 4abb951b73ff0a8a979113ef185651aa3c8da19b upstream. + +The table load process omitted adding the operation region address +range to the global list. This omission is problematic because the OS +queries the global list to check for address range conflicts before +deciding which drivers to load. This commit may result in warning +messages that look like the following: + +[ 7.871761] ACPI Warning: system_IO range 0x00000428-0x0000042F conflicts with op_region 0x00000400-0x0000047F (\PMIO) (20180531/utaddress-213) +[ 7.871769] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver + +However, these messages do not signify regressions. It is a result of +properly adding address ranges within the global address list. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=200011 +Tested-by: Jean-Marc Lenoir +Signed-off-by: Erik Schmauss +Cc: All applicable +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpica/dsopcode.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/acpi/acpica/dsopcode.c ++++ b/drivers/acpi/acpica/dsopcode.c +@@ -449,6 +449,10 @@ acpi_ds_eval_region_operands(struct acpi + ACPI_FORMAT_UINT64(obj_desc->region.address), + obj_desc->region.length)); + ++ status = acpi_ut_add_address_range(obj_desc->region.space_id, ++ obj_desc->region.address, ++ obj_desc->region.length, node); ++ + /* Now the address and length are valid for this opregion */ + + obj_desc->region.flags |= AOPOBJ_DATA_VALID; diff --git a/queue-3.18/bcache-fix-miss-key-refill-end-in-writeback.patch b/queue-3.18/bcache-fix-miss-key-refill-end-in-writeback.patch new file mode 100644 index 00000000000..7e8d496e105 --- /dev/null +++ b/queue-3.18/bcache-fix-miss-key-refill-end-in-writeback.patch @@ -0,0 +1,43 @@ +From 2d6cb6edd2c7fb4f40998895bda45006281b1ac5 Mon Sep 17 00:00:00 2001 +From: Tang Junhui +Date: Mon, 8 Oct 2018 20:41:14 +0800 +Subject: bcache: fix miss key refill->end in writeback + +From: Tang Junhui + +commit 2d6cb6edd2c7fb4f40998895bda45006281b1ac5 upstream. + +refill->end record the last key of writeback, for example, at the first +time, keys (1,128K) to (1,1024K) are flush to the backend device, but +the end key (1,1024K) is not included, since the bellow code: + if (bkey_cmp(k, refill->end) >= 0) { + ret = MAP_DONE; + goto out; + } +And in the next time when we refill writeback keybuf again, we searched +key start from (1,1024K), and got a key bigger than it, so the key +(1,1024K) missed. +This patch modify the above code, and let the end key to be included to +the writeback key buffer. + +Signed-off-by: Tang Junhui +Cc: stable@vger.kernel.org +Signed-off-by: Coly Li +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/bcache/btree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -2372,7 +2372,7 @@ static int refill_keybuf_fn(struct btree + struct keybuf *buf = refill->buf; + int ret = MAP_CONTINUE; + +- if (bkey_cmp(k, refill->end) >= 0) { ++ if (bkey_cmp(k, refill->end) > 0) { + ret = MAP_DONE; + goto out; + } diff --git a/queue-3.18/jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch b/queue-3.18/jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch new file mode 100644 index 00000000000..09a3e48188b --- /dev/null +++ b/queue-3.18/jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch @@ -0,0 +1,41 @@ +From 92e2921f7eee63450a5f953f4b15dc6210219430 Mon Sep 17 00:00:00 2001 +From: Hou Tao +Date: Sat, 6 Oct 2018 17:09:35 +0800 +Subject: jffs2: free jffs2_sb_info through jffs2_kill_sb() + +From: Hou Tao + +commit 92e2921f7eee63450a5f953f4b15dc6210219430 upstream. + +When an invalid mount option is passed to jffs2, jffs2_parse_options() +will fail and jffs2_sb_info will be freed, but then jffs2_sb_info will +be used (use-after-free) and freeed (double-free) in jffs2_kill_sb(). + +Fix it by removing the buggy invocation of kfree() when getting invalid +mount options. + +Fixes: 92abc475d8de ("jffs2: implement mount option parsing and compression overriding") +Cc: stable@kernel.org +Signed-off-by: Hou Tao +Reviewed-by: Richard Weinberger +Signed-off-by: Boris Brezillon +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jffs2/super.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/fs/jffs2/super.c ++++ b/fs/jffs2/super.c +@@ -285,10 +285,8 @@ static int jffs2_fill_super(struct super + sb->s_fs_info = c; + + ret = jffs2_parse_options(c, data); +- if (ret) { +- kfree(c); ++ if (ret) + return -EINVAL; +- } + + /* Initialize JFFS2 superblock locks, the further initialization will + * be done later */ diff --git a/queue-3.18/pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch b/queue-3.18/pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch new file mode 100644 index 00000000000..776d04223d5 --- /dev/null +++ b/queue-3.18/pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch @@ -0,0 +1,108 @@ +From 95691e3eddc41da2d1cd3cca51fecdfb46bd85bc Mon Sep 17 00:00:00 2001 +From: "Maciej S. Szmigiero" +Date: Sun, 9 Sep 2018 01:21:06 +0200 +Subject: pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges + +From: Maciej S. Szmigiero + +commit 95691e3eddc41da2d1cd3cca51fecdfb46bd85bc upstream. + +Currently, "disable_clkrun" yenta_socket module parameter is only +implemented for TI CardBus bridges. +Add also an implementation for Ricoh bridges that have the necessary +setting documented in publicly available datasheets. + +Tested on a RL5C476II with a Sunrich C-160 CardBus NIC that doesn't work +correctly unless the CLKRUN protocol is disabled. + +Let's also make it clear in its description that the "disable_clkrun" +module parameter only works on these two previously mentioned brands of +CardBus bridges. + +Signed-off-by: Maciej S. Szmigiero +Cc: stable@vger.kernel.org +Signed-off-by: Dominik Brodowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pcmcia/ricoh.h | 35 +++++++++++++++++++++++++++++++++++ + drivers/pcmcia/yenta_socket.c | 3 ++- + 2 files changed, 37 insertions(+), 1 deletion(-) + +--- a/drivers/pcmcia/ricoh.h ++++ b/drivers/pcmcia/ricoh.h +@@ -119,6 +119,10 @@ + #define RL5C4XX_MISC_CONTROL 0x2F /* 8 bit */ + #define RL5C4XX_ZV_ENABLE 0x08 + ++/* Misc Control 3 Register */ ++#define RL5C4XX_MISC3 0x00A2 /* 16 bit */ ++#define RL5C47X_MISC3_CB_CLKRUN_DIS BIT(1) ++ + #ifdef __YENTA_H + + #define rl_misc(socket) ((socket)->private[0]) +@@ -156,6 +160,35 @@ static void ricoh_set_zv(struct yenta_so + } + } + ++static void ricoh_set_clkrun(struct yenta_socket *socket, bool quiet) ++{ ++ u16 misc3; ++ ++ /* ++ * RL5C475II likely has this setting, too, however no datasheet ++ * is publicly available for this chip ++ */ ++ if (socket->dev->device != PCI_DEVICE_ID_RICOH_RL5C476 && ++ socket->dev->device != PCI_DEVICE_ID_RICOH_RL5C478) ++ return; ++ ++ if (socket->dev->revision < 0x80) ++ return; ++ ++ misc3 = config_readw(socket, RL5C4XX_MISC3); ++ if (misc3 & RL5C47X_MISC3_CB_CLKRUN_DIS) { ++ if (!quiet) ++ dev_dbg(&socket->dev->dev, ++ "CLKRUN feature already disabled\n"); ++ } else if (disable_clkrun) { ++ if (!quiet) ++ dev_info(&socket->dev->dev, ++ "Disabling CLKRUN feature\n"); ++ misc3 |= RL5C47X_MISC3_CB_CLKRUN_DIS; ++ config_writew(socket, RL5C4XX_MISC3, misc3); ++ } ++} ++ + static void ricoh_save_state(struct yenta_socket *socket) + { + rl_misc(socket) = config_readw(socket, RL5C4XX_MISC); +@@ -172,6 +205,7 @@ static void ricoh_restore_state(struct y + config_writew(socket, RL5C4XX_16BIT_IO_0, rl_io(socket)); + config_writew(socket, RL5C4XX_16BIT_MEM_0, rl_mem(socket)); + config_writew(socket, RL5C4XX_CONFIG, rl_config(socket)); ++ ricoh_set_clkrun(socket, true); + } + + +@@ -197,6 +231,7 @@ static int ricoh_override(struct yenta_s + config_writew(socket, RL5C4XX_CONFIG, config); + + ricoh_set_zv(socket); ++ ricoh_set_clkrun(socket, false); + + return 0; + } +--- a/drivers/pcmcia/yenta_socket.c ++++ b/drivers/pcmcia/yenta_socket.c +@@ -26,7 +26,8 @@ + + static bool disable_clkrun; + module_param(disable_clkrun, bool, 0444); +-MODULE_PARM_DESC(disable_clkrun, "If PC card doesn't function properly, please try this option"); ++MODULE_PARM_DESC(disable_clkrun, ++ "If PC card doesn't function properly, please try this option (TI and Ricoh bridges only)"); + + static bool isa_probe = 1; + module_param(isa_probe, bool, 0444); diff --git a/queue-3.18/series b/queue-3.18/series new file mode 100644 index 00000000000..85ee4d60334 --- /dev/null +++ b/queue-3.18/series @@ -0,0 +1,4 @@ +bcache-fix-miss-key-refill-end-in-writeback.patch +jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch +pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch +acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch diff --git a/queue-4.14/series b/queue-4.14/series new file mode 100644 index 00000000000..2029e5873d7 --- /dev/null +++ b/queue-4.14/series @@ -0,0 +1,11 @@ +mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-size-larger-than-16mb.patch +spi-bcm-qspi-switch-back-to-reading-flash-using-smaller-chunks.patch +bcache-trace-missed-reading-by-cache_missed.patch +bcache-fix-miss-key-refill-end-in-writeback.patch +hwmon-pmbus-fix-page-count-auto-detection.patch +jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch +block-make-sure-writesame-bio-is-aligned-with-logical-block-size.patch +cpufreq-conservative-take-limits-changes-into-account-properly.patch +pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch +acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch +ipmi-fix-timer-race-with-module-unload.patch diff --git a/queue-4.18/series b/queue-4.18/series new file mode 100644 index 00000000000..0e248f886a6 --- /dev/null +++ b/queue-4.18/series @@ -0,0 +1,25 @@ +mtd-rawnand-marvell-fix-the-irq-handler-complete-condition.patch +mtd-spi-nor-fsl-quadspi-fix-read-error-for-flash-size-larger-than-16mb.patch +mtd-spi-nor-intel-spi-add-support-for-intel-ice-lake-spi-serial-flash.patch +mtd-spi-nor-fsl-quadspi-don-t-let-einval-on-the-bus.patch +spi-spi-mem-adjust-op-len-based-on-message-transfer-size-limitations.patch +spi-bcm-qspi-switch-back-to-reading-flash-using-smaller-chunks.patch +spi-bcm-qspi-fix-calculation-of-address-length.patch +bcache-trace-missed-reading-by-cache_missed.patch +bcache-correct-dirty-data-statistics.patch +bcache-fix-miss-key-refill-end-in-writeback.patch +hwmon-pmbus-fix-page-count-auto-detection.patch +jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch +block-setup-bounce-bio_sets-properly.patch +block-don-t-deal-with-discard-limit-in-blkdev_issue_discard.patch +block-make-sure-discard-bio-is-aligned-with-logical-block-size.patch +block-make-sure-writesame-bio-is-aligned-with-logical-block-size.patch +cpufreq-conservative-take-limits-changes-into-account-properly.patch +dma-mapping-fix-panic-caused-by-passing-empty-cma-command-line-argument.patch +pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch +acpi-osl-use-jiffies-as-the-time-bassis-for-acpi_os_get_timer.patch +acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch +acpica-aml-parser-fix-parse-loop-to-correctly-skip-erroneous-extended-opcodes.patch +kprobes-x86-use-preempt_enable-in-optimized_callback.patch +ipmi-fix-timer-race-with-module-unload.patch +mailbox-pcc-handle-parse-error.patch diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..90250ccac82 --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1,7 @@ +bcache-fix-miss-key-refill-end-in-writeback.patch +hwmon-pmbus-fix-page-count-auto-detection.patch +jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch +block-make-sure-writesame-bio-is-aligned-with-logical-block-size.patch +pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch +acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch +ipmi-fix-timer-race-with-module-unload.patch diff --git a/queue-4.9/series b/queue-4.9/series new file mode 100644 index 00000000000..90250ccac82 --- /dev/null +++ b/queue-4.9/series @@ -0,0 +1,7 @@ +bcache-fix-miss-key-refill-end-in-writeback.patch +hwmon-pmbus-fix-page-count-auto-detection.patch +jffs2-free-jffs2_sb_info-through-jffs2_kill_sb.patch +block-make-sure-writesame-bio-is-aligned-with-logical-block-size.patch +pcmcia-implement-clkrun-protocol-disabling-for-ricoh-bridges.patch +acpica-aml-interpreter-add-region-addresses-in-global-list-during-initialization.patch +ipmi-fix-timer-race-with-module-unload.patch