From 0c5929bdd94ff1aaaa1dde6fb9181d3926409700 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 3 Nov 2020 14:44:28 +0100
Subject: [PATCH] 5.9-stable patches

added patches:
	fs-kernel_read_file-remove-firmware_prealloc_buffer-enum.patch
	io-wq-assign-numa-node-locality-if-appropriate.patch
	w1-mxc_w1-fix-timeout-resolution-problem-leading-to-bus-error.patch
---
 ...remove-firmware_prealloc_buffer-enum.patch | 159 ++++++++++++++++++
 ...gn-numa-node-locality-if-appropriate.patch |  32 ++++
 queue-5.9/series                              |   3 +
 ...olution-problem-leading-to-bus-error.patch |  90 ++++++++++
 4 files changed, 284 insertions(+)
 create mode 100644 queue-5.9/fs-kernel_read_file-remove-firmware_prealloc_buffer-enum.patch
 create mode 100644 queue-5.9/io-wq-assign-numa-node-locality-if-appropriate.patch
 create mode 100644 queue-5.9/w1-mxc_w1-fix-timeout-resolution-problem-leading-to-bus-error.patch

diff --git a/queue-5.9/fs-kernel_read_file-remove-firmware_prealloc_buffer-enum.patch b/queue-5.9/fs-kernel_read_file-remove-firmware_prealloc_buffer-enum.patch
new file mode 100644
index 00000000000..7fb1ef6a943
--- /dev/null
+++ b/queue-5.9/fs-kernel_read_file-remove-firmware_prealloc_buffer-enum.patch
@@ -0,0 +1,159 @@
+From c307459b9d1fcb8bbf3ea5a4162979532322ef77 Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Fri, 2 Oct 2020 10:38:13 -0700
+Subject: fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum
+
+From: Kees Cook <keescook@chromium.org>
+
+commit c307459b9d1fcb8bbf3ea5a4162979532322ef77 upstream.
+
+FIRMWARE_PREALLOC_BUFFER is a "how", not a "what", and confuses the LSMs
+that are interested in filtering between types of things. The "how"
+should be an internal detail made uninteresting to the LSMs.
+
+Fixes: a098ecd2fa7d ("firmware: support loading into a pre-allocated buffer")
+Fixes: fd90bc559bfb ("ima: based on policy verify firmware signatures (pre-allocated buffer)")
+Fixes: 4f0496d8ffa3 ("ima: based on policy warn about loading firmware (pre-allocated buffer)")
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
+Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
+Acked-by: Scott Branden <scott.branden@broadcom.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20201002173828.2099543-2-keescook@chromium.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/firmware_loader/main.c |    5 ++---
+ fs/exec.c                           |    7 ++++---
+ include/linux/fs.h                  |    1 -
+ kernel/module.c                     |    2 +-
+ security/integrity/digsig.c         |    2 +-
+ security/integrity/ima/ima_fs.c     |    2 +-
+ security/integrity/ima/ima_main.c   |    6 ++----
+ 7 files changed, 11 insertions(+), 14 deletions(-)
+
+--- a/drivers/base/firmware_loader/main.c
++++ b/drivers/base/firmware_loader/main.c
+@@ -470,14 +470,12 @@ fw_get_filesystem_firmware(struct device
+ 	int i, len;
+ 	int rc = -ENOENT;
+ 	char *path;
+-	enum kernel_read_file_id id = READING_FIRMWARE;
+ 	size_t msize = INT_MAX;
+ 	void *buffer = NULL;
+ 
+ 	/* Already populated data member means we're loading into a buffer */
+ 	if (!decompress && fw_priv->data) {
+ 		buffer = fw_priv->data;
+-		id = READING_FIRMWARE_PREALLOC_BUFFER;
+ 		msize = fw_priv->allocated_size;
+ 	}
+ 
+@@ -501,7 +499,8 @@ fw_get_filesystem_firmware(struct device
+ 
+ 		/* load firmware files from the mount namespace of init */
+ 		rc = kernel_read_file_from_path_initns(path, &buffer,
+-						       &size, msize, id);
++						       &size, msize,
++						       READING_FIRMWARE);
+ 		if (rc) {
+ 			if (rc != -ENOENT)
+ 				dev_warn(device, "loading %s failed with error %d\n",
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -955,6 +955,7 @@ int kernel_read_file(struct file *file,
+ {
+ 	loff_t i_size, pos;
+ 	ssize_t bytes = 0;
++	void *allocated = NULL;
+ 	int ret;
+ 
+ 	if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0)
+@@ -978,8 +979,8 @@ int kernel_read_file(struct file *file,
+ 		goto out;
+ 	}
+ 
+-	if (id != READING_FIRMWARE_PREALLOC_BUFFER)
+-		*buf = vmalloc(i_size);
++	if (!*buf)
++		*buf = allocated = vmalloc(i_size);
+ 	if (!*buf) {
+ 		ret = -ENOMEM;
+ 		goto out;
+@@ -1008,7 +1009,7 @@ int kernel_read_file(struct file *file,
+ 
+ out_free:
+ 	if (ret < 0) {
+-		if (id != READING_FIRMWARE_PREALLOC_BUFFER) {
++		if (allocated) {
+ 			vfree(*buf);
+ 			*buf = NULL;
+ 		}
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -2861,7 +2861,6 @@ extern int do_pipe_flags(int *, int);
+ #define __kernel_read_file_id(id) \
+ 	id(UNKNOWN, unknown)		\
+ 	id(FIRMWARE, firmware)		\
+-	id(FIRMWARE_PREALLOC_BUFFER, firmware)	\
+ 	id(MODULE, kernel-module)		\
+ 	id(KEXEC_IMAGE, kexec-image)		\
+ 	id(KEXEC_INITRAMFS, kexec-initramfs)	\
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -4028,7 +4028,7 @@ SYSCALL_DEFINE3(finit_module, int, fd, c
+ {
+ 	struct load_info info = { };
+ 	loff_t size;
+-	void *hdr;
++	void *hdr = NULL;
+ 	int err;
+ 
+ 	err = may_init_module();
+--- a/security/integrity/digsig.c
++++ b/security/integrity/digsig.c
+@@ -169,7 +169,7 @@ int __init integrity_add_key(const unsig
+ 
+ int __init integrity_load_x509(const unsigned int id, const char *path)
+ {
+-	void *data;
++	void *data = NULL;
+ 	loff_t size;
+ 	int rc;
+ 	key_perm_t perm;
+--- a/security/integrity/ima/ima_fs.c
++++ b/security/integrity/ima/ima_fs.c
+@@ -272,7 +272,7 @@ static const struct file_operations ima_
+ 
+ static ssize_t ima_read_policy(char *path)
+ {
+-	void *data;
++	void *data = NULL;
+ 	char *datap;
+ 	loff_t size;
+ 	int rc, pathlen = strlen(path);
+--- a/security/integrity/ima/ima_main.c
++++ b/security/integrity/ima/ima_main.c
+@@ -621,19 +621,17 @@ void ima_post_path_mknod(struct dentry *
+ int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
+ {
+ 	/*
+-	 * READING_FIRMWARE_PREALLOC_BUFFER
+-	 *
+ 	 * Do devices using pre-allocated memory run the risk of the
+ 	 * firmware being accessible to the device prior to the completion
+ 	 * of IMA's signature verification any more than when using two
+-	 * buffers?
++	 * buffers? It may be desirable to include the buffer address
++	 * in this API and walk all the dma_map_single() mappings to check.
+ 	 */
+ 	return 0;
+ }
+ 
+ const int read_idmap[READING_MAX_ID] = {
+ 	[READING_FIRMWARE] = FIRMWARE_CHECK,
+-	[READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK,
+ 	[READING_MODULE] = MODULE_CHECK,
+ 	[READING_KEXEC_IMAGE] = KEXEC_KERNEL_CHECK,
+ 	[READING_KEXEC_INITRAMFS] = KEXEC_INITRAMFS_CHECK,
diff --git a/queue-5.9/io-wq-assign-numa-node-locality-if-appropriate.patch b/queue-5.9/io-wq-assign-numa-node-locality-if-appropriate.patch
new file mode 100644
index 00000000000..be926113f87
--- /dev/null
+++ b/queue-5.9/io-wq-assign-numa-node-locality-if-appropriate.patch
@@ -0,0 +1,32 @@
+From a8b595b22d31f83b715511f59012f152a269d83b Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Thu, 15 Oct 2020 10:13:07 -0600
+Subject: io-wq: assign NUMA node locality if appropriate
+
+From: Jens Axboe <axboe@kernel.dk>
+
+commit a8b595b22d31f83b715511f59012f152a269d83b upstream.
+
+There was an assumption that kthread_create_on_node() would properly set
+NUMA affinities in terms of CPUs allowed, but it doesn't. Make sure we
+do this when creating an io-wq context on NUMA.
+
+Cc: stable@vger.kernel.org
+Stefan Metzmacher <metze@samba.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/io-wq.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/io-wq.c
++++ b/fs/io-wq.c
+@@ -654,6 +654,7 @@ static bool create_io_worker(struct io_w
+ 		kfree(worker);
+ 		return false;
+ 	}
++	kthread_bind_mask(worker->task, cpumask_of_node(wqe->node));
+ 
+ 	raw_spin_lock_irq(&wqe->lock);
+ 	hlist_nulls_add_head_rcu(&worker->nulls_node, &wqe->free_list);
diff --git a/queue-5.9/series b/queue-5.9/series
index 1d0ea775af7..0d42f422654 100644
--- a/queue-5.9/series
+++ b/queue-5.9/series
@@ -210,3 +210,6 @@ pci-acpi-whitelist-hotplug-ports-for-d3-if-power-managed-by-acpi.patch
 acpi-ec-pm-flush-ec-work-unconditionally-after-wakeup.patch
 acpi-ec-pm-drop-ec_no_wakeup-check-from-acpi_ec_dispatch_gpe.patch
 acpi-cpufreq-honor-_psd-table-setting-on-new-amd-cpus.patch
+io-wq-assign-numa-node-locality-if-appropriate.patch
+w1-mxc_w1-fix-timeout-resolution-problem-leading-to-bus-error.patch
+fs-kernel_read_file-remove-firmware_prealloc_buffer-enum.patch
diff --git a/queue-5.9/w1-mxc_w1-fix-timeout-resolution-problem-leading-to-bus-error.patch b/queue-5.9/w1-mxc_w1-fix-timeout-resolution-problem-leading-to-bus-error.patch
new file mode 100644
index 00000000000..2c1fffb5957
--- /dev/null
+++ b/queue-5.9/w1-mxc_w1-fix-timeout-resolution-problem-leading-to-bus-error.patch
@@ -0,0 +1,90 @@
+From c9723750a699c3bd465493ac2be8992b72ccb105 Mon Sep 17 00:00:00 2001
+From: Martin Fuzzey <martin.fuzzey@flowbird.group>
+Date: Wed, 30 Sep 2020 10:36:46 +0200
+Subject: w1: mxc_w1: Fix timeout resolution problem leading to bus error
+
+From: Martin Fuzzey <martin.fuzzey@flowbird.group>
+
+commit c9723750a699c3bd465493ac2be8992b72ccb105 upstream.
+
+On my platform (i.MX53) bus access sometimes fails with
+	w1_search: max_slave_count 64 reached, will continue next search.
+
+The reason is the use of jiffies to implement a 200us timeout in
+mxc_w1_ds2_touch_bit().
+On some platforms the jiffies timer resolution is insufficient for this.
+
+Fix by replacing jiffies by ktime_get().
+
+For consistency apply the same change to the other use of jiffies in
+mxc_w1_ds2_reset_bus().
+
+Fixes: f80b2581a706 ("w1: mxc_w1: Optimize mxc_w1_ds2_touch_bit()")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
+Link: https://lore.kernel.org/r/1601455030-6607-1-git-send-email-martin.fuzzey@flowbird.group
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/w1/masters/mxc_w1.c |   14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- a/drivers/w1/masters/mxc_w1.c
++++ b/drivers/w1/masters/mxc_w1.c
+@@ -7,7 +7,7 @@
+ #include <linux/clk.h>
+ #include <linux/delay.h>
+ #include <linux/io.h>
+-#include <linux/jiffies.h>
++#include <linux/ktime.h>
+ #include <linux/module.h>
+ #include <linux/mod_devicetable.h>
+ #include <linux/platform_device.h>
+@@ -40,12 +40,12 @@ struct mxc_w1_device {
+ static u8 mxc_w1_ds2_reset_bus(void *data)
+ {
+ 	struct mxc_w1_device *dev = data;
+-	unsigned long timeout;
++	ktime_t timeout;
+ 
+ 	writeb(MXC_W1_CONTROL_RPP, dev->regs + MXC_W1_CONTROL);
+ 
+ 	/* Wait for reset sequence 511+512us, use 1500us for sure */
+-	timeout = jiffies + usecs_to_jiffies(1500);
++	timeout = ktime_add_us(ktime_get(), 1500);
+ 
+ 	udelay(511 + 512);
+ 
+@@ -55,7 +55,7 @@ static u8 mxc_w1_ds2_reset_bus(void *dat
+ 		/* PST bit is valid after the RPP bit is self-cleared */
+ 		if (!(ctrl & MXC_W1_CONTROL_RPP))
+ 			return !(ctrl & MXC_W1_CONTROL_PST);
+-	} while (time_is_after_jiffies(timeout));
++	} while (ktime_before(ktime_get(), timeout));
+ 
+ 	return 1;
+ }
+@@ -68,12 +68,12 @@ static u8 mxc_w1_ds2_reset_bus(void *dat
+ static u8 mxc_w1_ds2_touch_bit(void *data, u8 bit)
+ {
+ 	struct mxc_w1_device *dev = data;
+-	unsigned long timeout;
++	ktime_t timeout;
+ 
+ 	writeb(MXC_W1_CONTROL_WR(bit), dev->regs + MXC_W1_CONTROL);
+ 
+ 	/* Wait for read/write bit (60us, Max 120us), use 200us for sure */
+-	timeout = jiffies + usecs_to_jiffies(200);
++	timeout = ktime_add_us(ktime_get(), 200);
+ 
+ 	udelay(60);
+ 
+@@ -83,7 +83,7 @@ static u8 mxc_w1_ds2_touch_bit(void *dat
+ 		/* RDST bit is valid after the WR1/RD bit is self-cleared */
+ 		if (!(ctrl & MXC_W1_CONTROL_WR(bit)))
+ 			return !!(ctrl & MXC_W1_CONTROL_RDST);
+-	} while (time_is_after_jiffies(timeout));
++	} while (ktime_before(ktime_get(), timeout));
+ 
+ 	return 0;
+ }
-- 
2.47.3