From: Greg Kroah-Hartman Date: Sun, 12 Dec 2021 13:26:06 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.4.295~29 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e1cb61fd9c60c5099b0a7696dde2a7232bf6ad36;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: can-m_can-disable-and-ignore-elo-interrupt.patch can-pch_can-pch_can_rx_normal-fix-use-after-free.patch clk-qcom-regmap-mux-fix-parent-clock-lookup.patch libata-add-horkage-for-asmedia-1092.patch tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch --- diff --git a/queue-4.19/can-m_can-disable-and-ignore-elo-interrupt.patch b/queue-4.19/can-m_can-disable-and-ignore-elo-interrupt.patch new file mode 100644 index 00000000000..bea5792d37a --- /dev/null +++ b/queue-4.19/can-m_can-disable-and-ignore-elo-interrupt.patch @@ -0,0 +1,63 @@ +From f58ac1adc76b5beda43c64ef359056077df4d93a Mon Sep 17 00:00:00 2001 +From: Brian Silverman +Date: Mon, 29 Nov 2021 14:26:28 -0800 +Subject: can: m_can: Disable and ignore ELO interrupt + +From: Brian Silverman + +commit f58ac1adc76b5beda43c64ef359056077df4d93a upstream. + +With the design of this driver, this condition is often triggered. +However, the counter that this interrupt indicates an overflow is never +read either, so overflowing is harmless. + +On my system, when a CAN bus starts flapping up and down, this locks up +the whole system with lots of interrupts and printks. + +Specifically, this interrupt indicates the CEL field of ECR has +overflowed. All reads of ECR mask out CEL. + +Fixes: e0d1f4816f2a ("can: m_can: add Bosch M_CAN controller support") +Link: https://lore.kernel.org/all/20211129222628.7490-1-brian.silverman@bluerivertech.com +Cc: stable@vger.kernel.org +Signed-off-by: Brian Silverman +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/can/m_can/m_can.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +--- a/drivers/net/can/m_can/m_can.c ++++ b/drivers/net/can/m_can/m_can.c +@@ -233,15 +233,15 @@ enum m_can_mram_cfg { + + /* Interrupts for version 3.0.x */ + #define IR_ERR_LEC_30X (IR_STE | IR_FOE | IR_ACKE | IR_BE | IR_CRCE) +-#define IR_ERR_BUS_30X (IR_ERR_LEC_30X | IR_WDI | IR_ELO | IR_BEU | \ +- IR_BEC | IR_TOO | IR_MRAF | IR_TSW | IR_TEFL | \ +- IR_RF1L | IR_RF0L) ++#define IR_ERR_BUS_30X (IR_ERR_LEC_30X | IR_WDI | IR_BEU | IR_BEC | \ ++ IR_TOO | IR_MRAF | IR_TSW | IR_TEFL | IR_RF1L | \ ++ IR_RF0L) + #define IR_ERR_ALL_30X (IR_ERR_STATE | IR_ERR_BUS_30X) + /* Interrupts for version >= 3.1.x */ + #define IR_ERR_LEC_31X (IR_PED | IR_PEA) +-#define IR_ERR_BUS_31X (IR_ERR_LEC_31X | IR_WDI | IR_ELO | IR_BEU | \ +- IR_BEC | IR_TOO | IR_MRAF | IR_TSW | IR_TEFL | \ +- IR_RF1L | IR_RF0L) ++#define IR_ERR_BUS_31X (IR_ERR_LEC_31X | IR_WDI | IR_BEU | IR_BEC | \ ++ IR_TOO | IR_MRAF | IR_TSW | IR_TEFL | IR_RF1L | \ ++ IR_RF0L) + #define IR_ERR_ALL_31X (IR_ERR_STATE | IR_ERR_BUS_31X) + + /* Interrupt Line Select (ILS) */ +@@ -769,8 +769,6 @@ static void m_can_handle_other_err(struc + { + if (irqstatus & IR_WDI) + netdev_err(dev, "Message RAM Watchdog event due to missing READY\n"); +- if (irqstatus & IR_ELO) +- netdev_err(dev, "Error Logging Overflow\n"); + if (irqstatus & IR_BEU) + netdev_err(dev, "Bit Error Uncorrected\n"); + if (irqstatus & IR_BEC) diff --git a/queue-4.19/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch b/queue-4.19/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch new file mode 100644 index 00000000000..c28a11e104f --- /dev/null +++ b/queue-4.19/can-pch_can-pch_can_rx_normal-fix-use-after-free.patch @@ -0,0 +1,41 @@ +From 94cddf1e9227a171b27292509d59691819c458db Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 23 Nov 2021 20:16:54 +0900 +Subject: can: pch_can: pch_can_rx_normal: fix use after free + +From: Vincent Mailhol + +commit 94cddf1e9227a171b27292509d59691819c458db upstream. + +After calling netif_receive_skb(skb), dereferencing skb is unsafe. +Especially, the can_frame cf which aliases skb memory is dereferenced +just after the call netif_receive_skb(skb). + +Reordering the lines solves the issue. + +Fixes: b21d18b51b31 ("can: Topcliff: Add PCH_CAN driver.") +Link: https://lore.kernel.org/all/20211123111654.621610-1-mailhol.vincent@wanadoo.fr +Cc: stable@vger.kernel.org +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/can/pch_can.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/can/pch_can.c ++++ b/drivers/net/can/pch_can.c +@@ -703,11 +703,11 @@ static int pch_can_rx_normal(struct net_ + cf->data[i + 1] = data_reg >> 8; + } + +- netif_receive_skb(skb); + rcv_pkts++; + stats->rx_packets++; + quota--; + stats->rx_bytes += cf->can_dlc; ++ netif_receive_skb(skb); + + pch_fifo_thresh(priv, obj_num); + obj_num++; diff --git a/queue-4.19/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch b/queue-4.19/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch new file mode 100644 index 00000000000..dde59528437 --- /dev/null +++ b/queue-4.19/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch @@ -0,0 +1,70 @@ +From 9a61f813fcc8d56d85fcf9ca6119cf2b5ac91dd5 Mon Sep 17 00:00:00 2001 +From: Dmitry Baryshkov +Date: Tue, 16 Nov 2021 02:34:07 +0300 +Subject: clk: qcom: regmap-mux: fix parent clock lookup + +From: Dmitry Baryshkov + +commit 9a61f813fcc8d56d85fcf9ca6119cf2b5ac91dd5 upstream. + +The function mux_get_parent() uses qcom_find_src_index() to find the +parent clock index, which is incorrect: qcom_find_src_index() uses src +enum for the lookup, while mux_get_parent() should use cfg field (which +corresponds to the register value). Add qcom_find_cfg_index() function +doing this kind of lookup and use it for mux parent lookup. + +Fixes: df964016490b ("clk: qcom: add parent map for regmap mux") +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20211115233407.1046179-1-dmitry.baryshkov@linaro.org +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/qcom/clk-regmap-mux.c | 2 +- + drivers/clk/qcom/common.c | 12 ++++++++++++ + drivers/clk/qcom/common.h | 2 ++ + 3 files changed, 15 insertions(+), 1 deletion(-) + +--- a/drivers/clk/qcom/clk-regmap-mux.c ++++ b/drivers/clk/qcom/clk-regmap-mux.c +@@ -36,7 +36,7 @@ static u8 mux_get_parent(struct clk_hw * + val &= mask; + + if (mux->parent_map) +- return qcom_find_src_index(hw, mux->parent_map, val); ++ return qcom_find_cfg_index(hw, mux->parent_map, val); + + return val; + } +--- a/drivers/clk/qcom/common.c ++++ b/drivers/clk/qcom/common.c +@@ -69,6 +69,18 @@ int qcom_find_src_index(struct clk_hw *h + } + EXPORT_SYMBOL_GPL(qcom_find_src_index); + ++int qcom_find_cfg_index(struct clk_hw *hw, const struct parent_map *map, u8 cfg) ++{ ++ int i, num_parents = clk_hw_get_num_parents(hw); ++ ++ for (i = 0; i < num_parents; i++) ++ if (cfg == map[i].cfg) ++ return i; ++ ++ return -ENOENT; ++} ++EXPORT_SYMBOL_GPL(qcom_find_cfg_index); ++ + struct regmap * + qcom_cc_map(struct platform_device *pdev, const struct qcom_cc_desc *desc) + { +--- a/drivers/clk/qcom/common.h ++++ b/drivers/clk/qcom/common.h +@@ -47,6 +47,8 @@ extern void + qcom_pll_set_fsm_mode(struct regmap *m, u32 reg, u8 bias_count, u8 lock_count); + extern int qcom_find_src_index(struct clk_hw *hw, const struct parent_map *map, + u8 src); ++extern int qcom_find_cfg_index(struct clk_hw *hw, const struct parent_map *map, ++ u8 cfg); + + extern int qcom_cc_register_board_clk(struct device *dev, const char *path, + const char *name, unsigned long rate); diff --git a/queue-4.19/libata-add-horkage-for-asmedia-1092.patch b/queue-4.19/libata-add-horkage-for-asmedia-1092.patch new file mode 100644 index 00000000000..1b78b8b8180 --- /dev/null +++ b/queue-4.19/libata-add-horkage-for-asmedia-1092.patch @@ -0,0 +1,33 @@ +From a66307d473077b7aeba74e9b09c841ab3d399c2d Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Wed, 8 Dec 2021 07:58:53 +0100 +Subject: libata: add horkage for ASMedia 1092 + +From: Hannes Reinecke + +commit a66307d473077b7aeba74e9b09c841ab3d399c2d upstream. + +The ASMedia 1092 has a configuration mode which will present a +dummy device; sadly the implementation falsely claims to provide +a device with 100M which doesn't actually exist. +So disable this device to avoid errors during boot. + +Cc: stable@vger.kernel.org +Signed-off-by: Hannes Reinecke +Signed-off-by: Damien Le Moal +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ata/libata-core.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -4453,6 +4453,8 @@ static const struct ata_blacklist_entry + { "VRFDFC22048UCHC-TE*", NULL, ATA_HORKAGE_NODMA }, + /* Odd clown on sil3726/4726 PMPs */ + { "Config Disk", NULL, ATA_HORKAGE_DISABLE }, ++ /* Similar story with ASMedia 1092 */ ++ { "ASMT109x- Config", NULL, ATA_HORKAGE_DISABLE }, + + /* Weird ATAPI devices */ + { "TORiSAN DVD-ROM DRD-N216", NULL, ATA_HORKAGE_MAX_SEC_128 }, diff --git a/queue-4.19/series b/queue-4.19/series index 7a81d864b43..72b0d160872 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -25,3 +25,9 @@ alsa-ctl-fix-copy-of-updated-id-with-element-read-write.patch alsa-pcm-oss-fix-negative-period-buffer-sizes.patch alsa-pcm-oss-limit-the-period-size-to-16mb.patch alsa-pcm-oss-handle-missing-errors-in-snd_pcm_oss_change_params.patch +tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch +clk-qcom-regmap-mux-fix-parent-clock-lookup.patch +can-pch_can-pch_can_rx_normal-fix-use-after-free.patch +can-m_can-disable-and-ignore-elo-interrupt.patch +x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch +libata-add-horkage-for-asmedia-1092.patch diff --git a/queue-4.19/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch b/queue-4.19/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch new file mode 100644 index 00000000000..142fbae499e --- /dev/null +++ b/queue-4.19/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch @@ -0,0 +1,53 @@ +From ee7f3666995d8537dec17b1d35425f28877671a9 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Wed, 8 Dec 2021 07:57:20 -0500 +Subject: tracefs: Have new files inherit the ownership of their parent + +From: Steven Rostedt (VMware) + +commit ee7f3666995d8537dec17b1d35425f28877671a9 upstream. + +If directories in tracefs have their ownership changed, then any new files +and directories that are created under those directories should inherit +the ownership of the director they are created in. + +Link: https://lkml.kernel.org/r/20211208075720.4855d180@gandalf.local.home + +Cc: Kees Cook +Cc: Ingo Molnar +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: Al Viro +Cc: Greg Kroah-Hartman +Cc: Yabin Cui +Cc: Christian Brauner +Cc: stable@vger.kernel.org +Fixes: 4282d60689d4f ("tracefs: Add new tracefs file system") +Reported-by: Kalesh Singh +Reported: https://lore.kernel.org/all/CAC_TJve8MMAv+H_NdLSJXZUSoxOEq2zB_pVaJ9p=7H6Bu3X76g@mail.gmail.com/ +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman +--- + fs/tracefs/inode.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/tracefs/inode.c ++++ b/fs/tracefs/inode.c +@@ -409,6 +409,8 @@ struct dentry *tracefs_create_file(const + inode->i_mode = mode; + inode->i_fop = fops ? fops : &tracefs_file_operations; + inode->i_private = data; ++ inode->i_uid = d_inode(dentry->d_parent)->i_uid; ++ inode->i_gid = d_inode(dentry->d_parent)->i_gid; + d_instantiate(dentry, inode); + fsnotify_create(dentry->d_parent->d_inode, dentry); + return end_creating(dentry); +@@ -431,6 +433,8 @@ static struct dentry *__create_dir(const + inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP; + inode->i_op = ops; + inode->i_fop = &simple_dir_operations; ++ inode->i_uid = d_inode(dentry->d_parent)->i_uid; ++ inode->i_gid = d_inode(dentry->d_parent)->i_gid; + + /* directory inodes start off with i_nlink == 2 (for "." entry) */ + inc_nlink(inode); diff --git a/queue-4.19/x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch b/queue-4.19/x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch new file mode 100644 index 00000000000..fde1e43e631 --- /dev/null +++ b/queue-4.19/x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch @@ -0,0 +1,60 @@ +From 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 Mon Sep 17 00:00:00 2001 +From: Tom Lendacky +Date: Wed, 20 Oct 2021 13:02:11 -0500 +Subject: x86/sme: Explicitly map new EFI memmap table as encrypted + +From: Tom Lendacky + +commit 1ff2fc02862d52e18fd3daabcfe840ec27e920a8 upstream. + +Reserving memory using efi_mem_reserve() calls into the x86 +efi_arch_mem_reserve() function. This function will insert a new EFI +memory descriptor into the EFI memory map representing the area of +memory to be reserved and marking it as EFI runtime memory. As part +of adding this new entry, a new EFI memory map is allocated and mapped. +The mapping is where a problem can occur. This new memory map is mapped +using early_memremap() and generally mapped encrypted, unless the new +memory for the mapping happens to come from an area of memory that is +marked as EFI_BOOT_SERVICES_DATA memory. In this case, the new memory will +be mapped unencrypted. However, during replacement of the old memory map, +efi_mem_type() is disabled, so the new memory map will now be long-term +mapped encrypted (in efi.memmap), resulting in the map containing invalid +data and causing the kernel boot to crash. + +Since it is known that the area will be mapped encrypted going forward, +explicitly map the new memory map as encrypted using early_memremap_prot(). + +Cc: # 4.14.x +Fixes: 8f716c9b5feb ("x86/mm: Add support to access boot related data in the clear") +Link: https://lore.kernel.org/all/ebf1eb2940405438a09d51d121ec0d02c8755558.1634752931.git.thomas.lendacky@amd.com/ +Signed-off-by: Tom Lendacky +[ardb: incorporate Kconfig fix by Arnd] +Signed-off-by: Ard Biesheuvel +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/Kconfig | 1 + + arch/x86/platform/efi/quirks.c | 3 ++- + 2 files changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1953,6 +1953,7 @@ config EFI + depends on ACPI + select UCS2_STRING + select EFI_RUNTIME_WRAPPERS ++ select ARCH_USE_MEMREMAP_PROT + ---help--- + This enables the kernel to use EFI runtime services that are + available (such as the EFI variable services). +--- a/arch/x86/platform/efi/quirks.c ++++ b/arch/x86/platform/efi/quirks.c +@@ -278,7 +278,8 @@ void __init efi_arch_mem_reserve(phys_ad + return; + } + +- new = early_memremap(new_phys, new_size); ++ new = early_memremap_prot(new_phys, new_size, ++ pgprot_val(pgprot_encrypted(FIXMAP_PAGE_NORMAL))); + if (!new) { + pr_err("Failed to map new boot services memmap\n"); + return;