From: Greg Kroah-Hartman Date: Sat, 13 Nov 2021 15:30:13 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v5.4.160~115 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=efd0d857f5057773847f9775c70e2a866cccc53f;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: power-supply-max17042_battery-prevent-int-underflow-in-set_soc_threshold.patch power-supply-max17042_battery-use-vfsoc-for-capacity-when-no-rsns.patch rdma-qedr-fix-null-deref-for-query_qp-on-the-gsi-qp.patch signal-mips-update-_save-_restore-_fp_context-to-fail-with-efault.patch signal-remove-the-bogus-sigkill_pending-in-ptrace_stop.patch --- diff --git a/queue-5.4/power-supply-max17042_battery-prevent-int-underflow-in-set_soc_threshold.patch b/queue-5.4/power-supply-max17042_battery-prevent-int-underflow-in-set_soc_threshold.patch new file mode 100644 index 00000000000..7361a516f16 --- /dev/null +++ b/queue-5.4/power-supply-max17042_battery-prevent-int-underflow-in-set_soc_threshold.patch @@ -0,0 +1,35 @@ +From e660dbb68c6b3f7b9eb8b9775846a44f9798b719 Mon Sep 17 00:00:00 2001 +From: Sebastian Krzyszkowiak +Date: Tue, 14 Sep 2021 14:18:06 +0200 +Subject: power: supply: max17042_battery: Prevent int underflow in set_soc_threshold + +From: Sebastian Krzyszkowiak + +commit e660dbb68c6b3f7b9eb8b9775846a44f9798b719 upstream. + +max17042_set_soc_threshold gets called with offset set to 1, which means +that minimum threshold value would underflow once SOC got down to 0, +causing invalid alerts from the gauge. + +Fixes: e5f3872d2044 ("max17042: Add support for signalling change in SOC") +Cc: +Signed-off-by: Sebastian Krzyszkowiak +Reviewed-by: Krzysztof Kozlowski +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/power/supply/max17042_battery.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/power/supply/max17042_battery.c ++++ b/drivers/power/supply/max17042_battery.c +@@ -834,7 +834,8 @@ static void max17042_set_soc_threshold(s + regmap_read(map, MAX17042_RepSOC, &soc); + soc >>= 8; + soc_tr = (soc + off) << 8; +- soc_tr |= (soc - off); ++ if (off < soc) ++ soc_tr |= soc - off; + regmap_write(map, MAX17042_SALRT_Th, soc_tr); + } + diff --git a/queue-5.4/power-supply-max17042_battery-use-vfsoc-for-capacity-when-no-rsns.patch b/queue-5.4/power-supply-max17042_battery-use-vfsoc-for-capacity-when-no-rsns.patch new file mode 100644 index 00000000000..b3e1476a5e1 --- /dev/null +++ b/queue-5.4/power-supply-max17042_battery-use-vfsoc-for-capacity-when-no-rsns.patch @@ -0,0 +1,45 @@ +From 223a3b82834f036a62aa831f67cbf1f1d644c6e2 Mon Sep 17 00:00:00 2001 +From: Henrik Grimler +Date: Wed, 29 Sep 2021 20:14:17 +0200 +Subject: power: supply: max17042_battery: use VFSOC for capacity when no rsns + +From: Henrik Grimler + +commit 223a3b82834f036a62aa831f67cbf1f1d644c6e2 upstream. + +On Galaxy S3 (i9300/i9305), which has the max17047 fuel gauge and no +current sense resistor (rsns), the RepSOC register does not provide an +accurate state of charge value. The reported value is wrong, and does +not change over time. VFSOC however, which uses the voltage fuel gauge +to determine the state of charge, always shows an accurate value. + +For devices without current sense, VFSOC is already used for the +soc-alert (0x0003 is written to MiscCFG register), so with this change +the source of the alert and the PROP_CAPACITY value match. + +Fixes: 359ab9f5b154 ("power_supply: Add MAX17042 Fuel Gauge Driver") +Cc: +Reviewed-by: Krzysztof Kozlowski +Suggested-by: Wolfgang Wiedmeyer +Signed-off-by: Henrik Grimler +Reviewed-by: Hans de Goede +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/power/supply/max17042_battery.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/power/supply/max17042_battery.c ++++ b/drivers/power/supply/max17042_battery.c +@@ -312,7 +312,10 @@ static int max17042_get_property(struct + val->intval = data * 625 / 8; + break; + case POWER_SUPPLY_PROP_CAPACITY: +- ret = regmap_read(map, MAX17042_RepSOC, &data); ++ if (chip->pdata->enable_current_sense) ++ ret = regmap_read(map, MAX17042_RepSOC, &data); ++ else ++ ret = regmap_read(map, MAX17042_VFSOC, &data); + if (ret < 0) + return ret; + diff --git a/queue-5.4/rdma-qedr-fix-null-deref-for-query_qp-on-the-gsi-qp.patch b/queue-5.4/rdma-qedr-fix-null-deref-for-query_qp-on-the-gsi-qp.patch new file mode 100644 index 00000000000..dbbb0f4fc2e --- /dev/null +++ b/queue-5.4/rdma-qedr-fix-null-deref-for-query_qp-on-the-gsi-qp.patch @@ -0,0 +1,91 @@ +From 4f960393a0ee9a39469ceb7c8077ae8db665cc12 Mon Sep 17 00:00:00 2001 +From: Alok Prasad +Date: Wed, 27 Oct 2021 18:43:29 +0000 +Subject: RDMA/qedr: Fix NULL deref for query_qp on the GSI QP + +From: Alok Prasad + +commit 4f960393a0ee9a39469ceb7c8077ae8db665cc12 upstream. + +This patch fixes a crash caused by querying the QP via netlink, and +corrects the state of GSI qp. GSI qp's have a NULL qed_qp. + +The call trace is generated by: + $ rdma res show + + BUG: kernel NULL pointer dereference, address: 0000000000000034 + Hardware name: Dell Inc. PowerEdge R720/0M1GCR, BIOS 1.2.6 05/10/2012 + RIP: 0010:qed_rdma_query_qp+0x33/0x1a0 [qed] + RSP: 0018:ffffba560a08f580 EFLAGS: 00010206 + RAX: 0000000200000000 RBX: ffffba560a08f5b8 RCX: 0000000000000000 + RDX: ffffba560a08f5b8 RSI: 0000000000000000 RDI: ffff9807ee458090 + RBP: ffffba560a08f5a0 R08: 0000000000000000 R09: ffff9807890e7048 + R10: ffffba560a08f658 R11: 0000000000000000 R12: 0000000000000000 + R13: ffff9807ee458090 R14: ffff9807f0afb000 R15: ffffba560a08f7ec + FS: 00007fbbf8bfe740(0000) GS:ffff980aafa00000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000034 CR3: 00000001720ba001 CR4: 00000000000606f0 + Call Trace: + qedr_query_qp+0x82/0x360 [qedr] + ib_query_qp+0x34/0x40 [ib_core] + ? ib_query_qp+0x34/0x40 [ib_core] + fill_res_qp_entry_query.isra.26+0x47/0x1d0 [ib_core] + ? __nla_put+0x20/0x30 + ? nla_put+0x33/0x40 + fill_res_qp_entry+0xe3/0x120 [ib_core] + res_get_common_dumpit+0x3f8/0x5d0 [ib_core] + ? fill_res_cm_id_entry+0x1f0/0x1f0 [ib_core] + nldev_res_get_qp_dumpit+0x1a/0x20 [ib_core] + netlink_dump+0x156/0x2f0 + __netlink_dump_start+0x1ab/0x260 + rdma_nl_rcv+0x1de/0x330 [ib_core] + ? nldev_res_get_cm_id_dumpit+0x20/0x20 [ib_core] + netlink_unicast+0x1b8/0x270 + netlink_sendmsg+0x33e/0x470 + sock_sendmsg+0x63/0x70 + __sys_sendto+0x13f/0x180 + ? setup_sgl.isra.12+0x70/0xc0 + __x64_sys_sendto+0x28/0x30 + do_syscall_64+0x3a/0xb0 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +Cc: stable@vger.kernel.org +Fixes: cecbcddf6461 ("qedr: Add support for QP verbs") +Link: https://lore.kernel.org/r/20211027184329.18454-1-palok@marvell.com +Signed-off-by: Ariel Elior +Signed-off-by: Shai Malin +Signed-off-by: Prabhakar Kushwaha +Signed-off-by: Alok Prasad +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/hw/qedr/verbs.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/drivers/infiniband/hw/qedr/verbs.c ++++ b/drivers/infiniband/hw/qedr/verbs.c +@@ -2383,15 +2383,18 @@ int qedr_query_qp(struct ib_qp *ibqp, + int rc = 0; + + memset(¶ms, 0, sizeof(params)); +- +- rc = dev->ops->rdma_query_qp(dev->rdma_ctx, qp->qed_qp, ¶ms); +- if (rc) +- goto err; +- + memset(qp_attr, 0, sizeof(*qp_attr)); + memset(qp_init_attr, 0, sizeof(*qp_init_attr)); + +- qp_attr->qp_state = qedr_get_ibqp_state(params.state); ++ if (qp->qp_type != IB_QPT_GSI) { ++ rc = dev->ops->rdma_query_qp(dev->rdma_ctx, qp->qed_qp, ¶ms); ++ if (rc) ++ goto err; ++ qp_attr->qp_state = qedr_get_ibqp_state(params.state); ++ } else { ++ qp_attr->qp_state = qedr_get_ibqp_state(QED_ROCE_QP_STATE_RTS); ++ } ++ + qp_attr->cur_qp_state = qedr_get_ibqp_state(params.state); + qp_attr->path_mtu = ib_mtu_int_to_enum(params.mtu); + qp_attr->path_mig_state = IB_MIG_MIGRATED; diff --git a/queue-5.4/series b/queue-5.4/series index 010a34aa771..5bc78b7ad04 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -83,3 +83,8 @@ rsi-fix-occasional-initialisation-failure-with-bt-coex.patch rsi-fix-key-enabled-check-causing-unwanted-encryption-for-vap_id-0.patch rsi-fix-rate-mask-set-leading-to-p2p-failure.patch rsi-fix-module-dev_oper_mode-parameter-description.patch +rdma-qedr-fix-null-deref-for-query_qp-on-the-gsi-qp.patch +signal-remove-the-bogus-sigkill_pending-in-ptrace_stop.patch +signal-mips-update-_save-_restore-_fp_context-to-fail-with-efault.patch +power-supply-max17042_battery-prevent-int-underflow-in-set_soc_threshold.patch +power-supply-max17042_battery-use-vfsoc-for-capacity-when-no-rsns.patch diff --git a/queue-5.4/signal-mips-update-_save-_restore-_fp_context-to-fail-with-efault.patch b/queue-5.4/signal-mips-update-_save-_restore-_fp_context-to-fail-with-efault.patch new file mode 100644 index 00000000000..162e2c15e7f --- /dev/null +++ b/queue-5.4/signal-mips-update-_save-_restore-_fp_context-to-fail-with-efault.patch @@ -0,0 +1,68 @@ +From 95bf9d646c3c3f95cb0be7e703b371db8da5be68 Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" +Date: Wed, 20 Oct 2021 12:43:51 -0500 +Subject: signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT + +From: Eric W. Biederman + +commit 95bf9d646c3c3f95cb0be7e703b371db8da5be68 upstream. + +When an instruction to save or restore a register from the stack fails +in _save_fp_context or _restore_fp_context return with -EFAULT. This +change was made to r2300_fpu.S[1] but it looks like it got lost with +the introduction of EX2[2]. This is also what the other implementation +of _save_fp_context and _restore_fp_context in r4k_fpu.S does, and +what is needed for the callers to be able to handle the error. + +Furthermore calling do_exit(SIGSEGV) from bad_stack is wrong because +it does not terminate the entire process it just terminates a single +thread. + +As the changed code was the only caller of arch/mips/kernel/syscall.c:bad_stack +remove the problematic and now unused helper function. + +Cc: Thomas Bogendoerfer +Cc: Maciej Rozycki +Cc: linux-mips@vger.kernel.org +[1] 35938a00ba86 ("MIPS: Fix ISA I FP sigcontext access violation handling") +[2] f92722dc4545 ("MIPS: Correct MIPS I FP sigcontext layout") +Cc: stable@vger.kernel.org +Fixes: f92722dc4545 ("MIPS: Correct MIPS I FP sigcontext layout") +Acked-by: Maciej W. Rozycki +Acked-by: Thomas Bogendoerfer +Link: https://lkml.kernel.org/r/20211020174406.17889-5-ebiederm@xmission.com +Signed-off-by: Eric W. Biederman +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/kernel/r2300_fpu.S | 4 ++-- + arch/mips/kernel/syscall.c | 9 --------- + 2 files changed, 2 insertions(+), 11 deletions(-) + +--- a/arch/mips/kernel/r2300_fpu.S ++++ b/arch/mips/kernel/r2300_fpu.S +@@ -29,8 +29,8 @@ + #define EX2(a,b) \ + 9: a,##b; \ + .section __ex_table,"a"; \ +- PTR 9b,bad_stack; \ +- PTR 9b+4,bad_stack; \ ++ PTR 9b,fault; \ ++ PTR 9b+4,fault; \ + .previous + + .set mips1 +--- a/arch/mips/kernel/syscall.c ++++ b/arch/mips/kernel/syscall.c +@@ -239,12 +239,3 @@ SYSCALL_DEFINE3(cachectl, char *, addr, + { + return -ENOSYS; + } +- +-/* +- * If we ever come here the user sp is bad. Zap the process right away. +- * Due to the bad stack signaling wouldn't work. +- */ +-asmlinkage void bad_stack(void) +-{ +- do_exit(SIGSEGV); +-} diff --git a/queue-5.4/signal-remove-the-bogus-sigkill_pending-in-ptrace_stop.patch b/queue-5.4/signal-remove-the-bogus-sigkill_pending-in-ptrace_stop.patch new file mode 100644 index 00000000000..006acbb89f4 --- /dev/null +++ b/queue-5.4/signal-remove-the-bogus-sigkill_pending-in-ptrace_stop.patch @@ -0,0 +1,78 @@ +From 7d613f9f72ec8f90ddefcae038fdae5adb8404b3 Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" +Date: Wed, 1 Sep 2021 13:21:34 -0500 +Subject: signal: Remove the bogus sigkill_pending in ptrace_stop + +From: Eric W. Biederman + +commit 7d613f9f72ec8f90ddefcae038fdae5adb8404b3 upstream. + +The existence of sigkill_pending is a little silly as it is +functionally a duplicate of fatal_signal_pending that is used in +exactly one place. + +Checking for pending fatal signals and returning early in ptrace_stop +is actively harmful. It casues the ptrace_stop called by +ptrace_signal to return early before setting current->exit_code. +Later when ptrace_signal reads the signal number from +current->exit_code is undefined, making it unpredictable what will +happen. + +Instead rely on the fact that schedule will not sleep if there is a +pending signal that can awaken a task. + +Removing the explict sigkill_pending test fixes fixes ptrace_signal +when ptrace_stop does not stop because current->exit_code is always +set to to signr. + +Cc: stable@vger.kernel.org +Fixes: 3d749b9e676b ("ptrace: simplify ptrace_stop()->sigkill_pending() path") +Fixes: 1a669c2f16d4 ("Add arch_ptrace_stop") +Link: https://lkml.kernel.org/r/87pmsyx29t.fsf@disp2133 +Reviewed-by: Kees Cook +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Greg Kroah-Hartman +--- + kernel/signal.c | 18 ++++-------------- + 1 file changed, 4 insertions(+), 14 deletions(-) + +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -2101,15 +2101,6 @@ static inline bool may_ptrace_stop(void) + return true; + } + +-/* +- * Return non-zero if there is a SIGKILL that should be waking us up. +- * Called with the siglock held. +- */ +-static bool sigkill_pending(struct task_struct *tsk) +-{ +- return sigismember(&tsk->pending.signal, SIGKILL) || +- sigismember(&tsk->signal->shared_pending.signal, SIGKILL); +-} + + /* + * This must be called with current->sighand->siglock held. +@@ -2136,17 +2127,16 @@ static void ptrace_stop(int exit_code, i + * calling arch_ptrace_stop, so we must release it now. + * To preserve proper semantics, we must do this before + * any signal bookkeeping like checking group_stop_count. +- * Meanwhile, a SIGKILL could come in before we retake the +- * siglock. That must prevent us from sleeping in TASK_TRACED. +- * So after regaining the lock, we must check for SIGKILL. + */ + spin_unlock_irq(¤t->sighand->siglock); + arch_ptrace_stop(exit_code, info); + spin_lock_irq(¤t->sighand->siglock); +- if (sigkill_pending(current)) +- return; + } + ++ /* ++ * schedule() will not sleep if there is a pending signal that ++ * can awaken the task. ++ */ + set_special_state(TASK_TRACED); + + /*