From 0f828b93374f01d2ca0b701b367226309aa647e9 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Wed, 5 Feb 2020 23:53:39 -0500 Subject: [PATCH] fixes for 4.19 Signed-off-by: Sasha Levin --- ...i-mvm-fix-nvm-check-for-3168-devices.patch | 39 +++++ ...x-memleak-in-module_add_modinfo_attr.patch | 38 +++++ ...a-iguanair-fix-endpoint-sanity-check.patch | 44 ++++++ ...s2-fix-oops-when-writing-cloned-file.patch | 143 ++++++++++++++++++ .../ovl-fix-lseek-overflow-on-32bit.patch | 39 +++++ ...intk-fix-exclusive_console-replaying.patch | 58 +++++++ ...-dsi-change-the-start-delay-calculat.patch | 48 ++++++ queue-4.19/series | 10 ++ ...ix-struct-ipc64_perm-type-definition.patch | 74 +++++++++ ...low-writing-to-rewritable-partitions.patch | 60 ++++++++ ...ached-hle-state-on-write-to-tsx_ctrl.patch | 67 ++++++++ 11 files changed, 620 insertions(+) create mode 100644 queue-4.19/iwlwifi-mvm-fix-nvm-check-for-3168-devices.patch create mode 100644 queue-4.19/kernel-module-fix-memleak-in-module_add_modinfo_attr.patch create mode 100644 queue-4.19/media-iguanair-fix-endpoint-sanity-check.patch create mode 100644 queue-4.19/ocfs2-fix-oops-when-writing-cloned-file.patch create mode 100644 queue-4.19/ovl-fix-lseek-overflow-on-32bit.patch create mode 100644 queue-4.19/printk-fix-exclusive_console-replaying.patch create mode 100644 queue-4.19/revert-drm-sun4i-dsi-change-the-start-delay-calculat.patch create mode 100644 queue-4.19/series create mode 100644 queue-4.19/sparc32-fix-struct-ipc64_perm-type-definition.patch create mode 100644 queue-4.19/udf-allow-writing-to-rewritable-partitions.patch create mode 100644 queue-4.19/x86-cpu-update-cached-hle-state-on-write-to-tsx_ctrl.patch diff --git a/queue-4.19/iwlwifi-mvm-fix-nvm-check-for-3168-devices.patch b/queue-4.19/iwlwifi-mvm-fix-nvm-check-for-3168-devices.patch new file mode 100644 index 00000000000..5d3326cd6db --- /dev/null +++ b/queue-4.19/iwlwifi-mvm-fix-nvm-check-for-3168-devices.patch @@ -0,0 +1,39 @@ +From b726eee9221b81c7ca485bb858f27db35a9f2b41 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Nov 2019 13:21:58 +0200 +Subject: iwlwifi: mvm: fix NVM check for 3168 devices + +From: Luca Coelho + +[ Upstream commit b3f20e098293892388d6a0491d6bbb2efb46fbff ] + +We had a check on !NVM_EXT and then a check for NVM_SDP in the else +block of this if. The else block, obviously, could only be reached if +using NVM_EXT, so it would never be NVM_SDP. + +Fix that by checking whether the nvm_type is IWL_NVM instead of +checking for !IWL_NVM_EXT to solve this issue. + +Reported-by: Stefan Sperling +Signed-off-by: Luca Coelho +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/mvm/nvm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c +index f2579c94ffdbc..3270faafe0bc3 100644 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/nvm.c +@@ -286,7 +286,7 @@ iwl_parse_nvm_sections(struct iwl_mvm *mvm) + int regulatory_type; + + /* Checking for required sections */ +- if (mvm->trans->cfg->nvm_type != IWL_NVM_EXT) { ++ if (mvm->trans->cfg->nvm_type == IWL_NVM) { + if (!mvm->nvm_sections[NVM_SECTION_TYPE_SW].data || + !mvm->nvm_sections[mvm->cfg->nvm_hw_section_num].data) { + IWL_ERR(mvm, "Can't parse empty OTP/NVM sections\n"); +-- +2.20.1 + diff --git a/queue-4.19/kernel-module-fix-memleak-in-module_add_modinfo_attr.patch b/queue-4.19/kernel-module-fix-memleak-in-module_add_modinfo_attr.patch new file mode 100644 index 00000000000..1918a646680 --- /dev/null +++ b/queue-4.19/kernel-module-fix-memleak-in-module_add_modinfo_attr.patch @@ -0,0 +1,38 @@ +From b98f786466add3e587235fe4e4e77ee55e97b884 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 28 Dec 2019 19:54:55 +0800 +Subject: kernel/module: Fix memleak in module_add_modinfo_attrs() + +From: YueHaibing + +[ Upstream commit f6d061d617124abbd55396a3bc37b9bf7d33233c ] + +In module_add_modinfo_attrs() if sysfs_create_file() fails +on the first iteration of the loop (so i = 0), we forget to +free the modinfo_attrs. + +Fixes: bc6f2a757d52 ("kernel/module: Fix mem leak in module_add_modinfo_attrs") +Reviewed-by: Miroslav Benes +Signed-off-by: YueHaibing +Signed-off-by: Jessica Yu +Signed-off-by: Sasha Levin +--- + kernel/module.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/kernel/module.c b/kernel/module.c +index d3aaec62c1423..70a75a7216abb 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -1729,6 +1729,8 @@ static int module_add_modinfo_attrs(struct module *mod) + error_out: + if (i > 0) + module_remove_modinfo_attrs(mod, --i); ++ else ++ kfree(mod->modinfo_attrs); + return error; + } + +-- +2.20.1 + diff --git a/queue-4.19/media-iguanair-fix-endpoint-sanity-check.patch b/queue-4.19/media-iguanair-fix-endpoint-sanity-check.patch new file mode 100644 index 00000000000..93ebf02a283 --- /dev/null +++ b/queue-4.19/media-iguanair-fix-endpoint-sanity-check.patch @@ -0,0 +1,44 @@ +From bdcf84346db580fcf33bfa165872b1499f32e750 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jan 2020 17:35:13 +0100 +Subject: media: iguanair: fix endpoint sanity check + +From: Johan Hovold + +[ Upstream commit 1b257870a78b0a9ce98fdfb052c58542022ffb5b ] + +Make sure to use the current alternate setting, which need not be the +first one by index, when verifying the endpoint descriptors and +initialising the URBs. + +Failing to do so could cause the driver to misbehave or trigger a WARN() +in usb_submit_urb() that kernels with panic_on_warn set would choke on. + +Fixes: 26ff63137c45 ("[media] Add support for the IguanaWorks USB IR Transceiver") +Fixes: ab1cbdf159be ("media: iguanair: add sanity checks") +Cc: stable # 3.6 +Cc: Oliver Neukum +Signed-off-by: Johan Hovold +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/rc/iguanair.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/media/rc/iguanair.c b/drivers/media/rc/iguanair.c +index 6f3030b2054d0..1df9522c30fa0 100644 +--- a/drivers/media/rc/iguanair.c ++++ b/drivers/media/rc/iguanair.c +@@ -424,7 +424,7 @@ static int iguanair_probe(struct usb_interface *intf, + int ret, pipein, pipeout; + struct usb_host_interface *idesc; + +- idesc = intf->altsetting; ++ idesc = intf->cur_altsetting; + if (idesc->desc.bNumEndpoints < 2) + return -ENODEV; + +-- +2.20.1 + diff --git a/queue-4.19/ocfs2-fix-oops-when-writing-cloned-file.patch b/queue-4.19/ocfs2-fix-oops-when-writing-cloned-file.patch new file mode 100644 index 00000000000..b44f8d9d019 --- /dev/null +++ b/queue-4.19/ocfs2-fix-oops-when-writing-cloned-file.patch @@ -0,0 +1,143 @@ +From e1012d8891905197c4551fa2ee055370cb6076f1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 3 Feb 2020 17:33:45 -0800 +Subject: ocfs2: fix oops when writing cloned file + +From: Gang He + +[ Upstream commit 2d797e9ff95ecbcf0a83d657928ed20579444857 ] + +Writing a cloned file triggers a kernel oops and the user-space command +process is also killed by the system. The bug can be reproduced stably +via: + +1) create a file under ocfs2 file system directory. + + journalctl -b > aa.txt + +2) create a cloned file for this file. + + reflink aa.txt bb.txt + +3) write the cloned file with dd command. + + dd if=/dev/zero of=bb.txt bs=512 count=1 conv=notrunc + +The dd command is killed by the kernel, then you can see the oops message +via dmesg command. + +[ 463.875404] BUG: kernel NULL pointer dereference, address: 0000000000000028 +[ 463.875413] #PF: supervisor read access in kernel mode +[ 463.875416] #PF: error_code(0x0000) - not-present page +[ 463.875418] PGD 0 P4D 0 +[ 463.875425] Oops: 0000 [#1] SMP PTI +[ 463.875431] CPU: 1 PID: 2291 Comm: dd Tainted: G OE 5.3.16-2-default +[ 463.875433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 +[ 463.875500] RIP: 0010:ocfs2_refcount_cow+0xa4/0x5d0 [ocfs2] +[ 463.875505] Code: 06 89 6c 24 38 89 eb f6 44 24 3c 02 74 be 49 8b 47 28 +[ 463.875508] RSP: 0018:ffffa2cb409dfce8 EFLAGS: 00010202 +[ 463.875512] RAX: ffff8b1ebdca8000 RBX: 0000000000000001 RCX: ffff8b1eb73a9df0 +[ 463.875515] RDX: 0000000000056a01 RSI: 0000000000000000 RDI: 0000000000000000 +[ 463.875517] RBP: 0000000000000001 R08: ffff8b1eb73a9de0 R09: 0000000000000000 +[ 463.875520] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 +[ 463.875522] R13: ffff8b1eb922f048 R14: 0000000000000000 R15: ffff8b1eb922f048 +[ 463.875526] FS: 00007f8f44d15540(0000) GS:ffff8b1ebeb00000(0000) knlGS:0000000000000000 +[ 463.875529] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 463.875532] CR2: 0000000000000028 CR3: 000000003c17a000 CR4: 00000000000006e0 +[ 463.875546] Call Trace: +[ 463.875596] ? ocfs2_inode_lock_full_nested+0x18b/0x960 [ocfs2] +[ 463.875648] ocfs2_file_write_iter+0xaf8/0xc70 [ocfs2] +[ 463.875672] new_sync_write+0x12d/0x1d0 +[ 463.875688] vfs_write+0xad/0x1a0 +[ 463.875697] ksys_write+0xa1/0xe0 +[ 463.875710] do_syscall_64+0x60/0x1f0 +[ 463.875743] entry_SYSCALL_64_after_hwframe+0x49/0xbe +[ 463.875758] RIP: 0033:0x7f8f4482ed44 +[ 463.875762] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 80 00 00 00 +[ 463.875765] RSP: 002b:00007fff300a79d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 +[ 463.875769] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f8f4482ed44 +[ 463.875771] RDX: 0000000000000200 RSI: 000055f771b5c000 RDI: 0000000000000001 +[ 463.875774] RBP: 0000000000000200 R08: 00007f8f44af9c78 R09: 0000000000000003 +[ 463.875776] R10: 000000000000089f R11: 0000000000000246 R12: 000055f771b5c000 +[ 463.875779] R13: 0000000000000200 R14: 0000000000000000 R15: 000055f771b5c000 + +This regression problem was introduced by commit e74540b28556 ("ocfs2: +protect extent tree in ocfs2_prepare_inode_for_write()"). + +Link: http://lkml.kernel.org/r/20200121050153.13290-1-ghe@suse.com +Fixes: e74540b28556 ("ocfs2: protect extent tree in ocfs2_prepare_inode_for_write()"). +Signed-off-by: Gang He +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Jun Piao +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/file.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c +index a3e077fcfeb9b..fbd70111a2f12 100644 +--- a/fs/ocfs2/file.c ++++ b/fs/ocfs2/file.c +@@ -2109,17 +2109,15 @@ static int ocfs2_is_io_unaligned(struct inode *inode, size_t count, loff_t pos) + static int ocfs2_inode_lock_for_extent_tree(struct inode *inode, + struct buffer_head **di_bh, + int meta_level, +- int overwrite_io, + int write_sem, + int wait) + { + int ret = 0; + + if (wait) +- ret = ocfs2_inode_lock(inode, NULL, meta_level); ++ ret = ocfs2_inode_lock(inode, di_bh, meta_level); + else +- ret = ocfs2_try_inode_lock(inode, +- overwrite_io ? NULL : di_bh, meta_level); ++ ret = ocfs2_try_inode_lock(inode, di_bh, meta_level); + if (ret < 0) + goto out; + +@@ -2144,6 +2142,7 @@ static int ocfs2_inode_lock_for_extent_tree(struct inode *inode, + + out_unlock: + brelse(*di_bh); ++ *di_bh = NULL; + ocfs2_inode_unlock(inode, meta_level); + out: + return ret; +@@ -2186,7 +2185,6 @@ static int ocfs2_prepare_inode_for_write(struct file *file, + ret = ocfs2_inode_lock_for_extent_tree(inode, + &di_bh, + meta_level, +- overwrite_io, + write_sem, + wait); + if (ret < 0) { +@@ -2244,13 +2242,13 @@ static int ocfs2_prepare_inode_for_write(struct file *file, + &di_bh, + meta_level, + write_sem); ++ meta_level = 1; ++ write_sem = 1; + ret = ocfs2_inode_lock_for_extent_tree(inode, + &di_bh, + meta_level, +- overwrite_io, +- 1, ++ write_sem, + wait); +- write_sem = 1; + if (ret < 0) { + if (ret != -EAGAIN) + mlog_errno(ret); +-- +2.20.1 + diff --git a/queue-4.19/ovl-fix-lseek-overflow-on-32bit.patch b/queue-4.19/ovl-fix-lseek-overflow-on-32bit.patch new file mode 100644 index 00000000000..8a4a168b97e --- /dev/null +++ b/queue-4.19/ovl-fix-lseek-overflow-on-32bit.patch @@ -0,0 +1,39 @@ +From 7f259d68c46ade8618be80d03cb16a236afe2079 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 3 Feb 2020 11:41:53 +0100 +Subject: ovl: fix lseek overflow on 32bit + +From: Miklos Szeredi + +[ Upstream commit a4ac9d45c0cd14a2adc872186431c79804b77dbf ] + +ovl_lseek() is using ssize_t to return the value from vfs_llseek(). On a +32-bit kernel ssize_t is a 32-bit signed int, which overflows above 2 GB. + +Assign the return value of vfs_llseek() to loff_t to fix this. + +Reported-by: Boris Gjenero +Fixes: 9e46b840c705 ("ovl: support stacked SEEK_HOLE/SEEK_DATA") +Cc: # v4.19 +Signed-off-by: Miklos Szeredi +Signed-off-by: Sasha Levin +--- + fs/overlayfs/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c +index 0bd276e4ccbee..fa5ac5de807c5 100644 +--- a/fs/overlayfs/file.c ++++ b/fs/overlayfs/file.c +@@ -149,7 +149,7 @@ static loff_t ovl_llseek(struct file *file, loff_t offset, int whence) + struct inode *inode = file_inode(file); + struct fd real; + const struct cred *old_cred; +- ssize_t ret; ++ loff_t ret; + + /* + * The two special cases below do not need to involve real fs, +-- +2.20.1 + diff --git a/queue-4.19/printk-fix-exclusive_console-replaying.patch b/queue-4.19/printk-fix-exclusive_console-replaying.patch new file mode 100644 index 00000000000..d5638543461 --- /dev/null +++ b/queue-4.19/printk-fix-exclusive_console-replaying.patch @@ -0,0 +1,58 @@ +From 98512b2cc67328a633a9a0efd0e8ee0fe1f8166b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Dec 2019 12:59:22 +0106 +Subject: printk: fix exclusive_console replaying + +From: John Ogness + +[ Upstream commit def97da136515cb289a14729292c193e0a93bc64 ] + +Commit f92b070f2dc8 ("printk: Do not miss new messages when replaying +the log") introduced a new variable @exclusive_console_stop_seq to +store when an exclusive console should stop printing. It should be +set to the @console_seq value at registration. However, @console_seq +is previously set to @syslog_seq so that the exclusive console knows +where to begin. This results in the exclusive console immediately +reactivating all the other consoles and thus repeating the messages +for those consoles. + +Set @console_seq after @exclusive_console_stop_seq has stored the +current @console_seq value. + +Fixes: f92b070f2dc8 ("printk: Do not miss new messages when replaying the log") +Link: http://lkml.kernel.org/r/20191219115322.31160-1-john.ogness@linutronix.de +Cc: Steven Rostedt +Cc: linux-kernel@vger.kernel.org +Signed-off-by: John Ogness +Acked-by: Sergey Senozhatsky +Signed-off-by: Petr Mladek +Signed-off-by: Sasha Levin +--- + kernel/printk/printk.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c +index 845efadaf7ecf..7a2fdc097c8cb 100644 +--- a/kernel/printk/printk.c ++++ b/kernel/printk/printk.c +@@ -2717,8 +2717,6 @@ void register_console(struct console *newcon) + * for us. + */ + logbuf_lock_irqsave(flags); +- console_seq = syslog_seq; +- console_idx = syslog_idx; + /* + * We're about to replay the log buffer. Only do this to the + * just-registered console to avoid excessive message spam to +@@ -2730,6 +2728,8 @@ void register_console(struct console *newcon) + */ + exclusive_console = newcon; + exclusive_console_stop_seq = console_seq; ++ console_seq = syslog_seq; ++ console_idx = syslog_idx; + logbuf_unlock_irqrestore(flags); + } + console_unlock(); +-- +2.20.1 + diff --git a/queue-4.19/revert-drm-sun4i-dsi-change-the-start-delay-calculat.patch b/queue-4.19/revert-drm-sun4i-dsi-change-the-start-delay-calculat.patch new file mode 100644 index 00000000000..4286a96e8b7 --- /dev/null +++ b/queue-4.19/revert-drm-sun4i-dsi-change-the-start-delay-calculat.patch @@ -0,0 +1,48 @@ +From bb0dd8e5e70543ab817f7f9301f770e4c1b094c5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Oct 2019 16:02:51 +0800 +Subject: Revert "drm/sun4i: dsi: Change the start delay calculation" + +From: Icenowy Zheng + +[ Upstream commit a00d17e0a71ae2e4fdaac46e1c12785d3346c3f2 ] + +This reverts commit da676c6aa6413d59ab0a80c97bbc273025e640b2. + +The original commit adds a start parameter to the calculation of the +start delay according to some old BSP versions from Allwinner. However, +there're two ways to add this delay -- add it in DSI controller or add +it in the TCON. Add it in both controllers won't work. + +The code before this commit is picked from new versions of BSP kernel, +which has a comment for the 1 that says "put start_delay to tcon". By +checking the sun4i_tcon0_mode_set_cpu() in sun4i_tcon driver, it has +already added this delay, so we shouldn't repeat to add the delay in DSI +controller, otherwise the timing won't match. + +Signed-off-by: Icenowy Zheng +Reviewed-by: Jagan Teki +Signed-off-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20191001080253.6135-2-icenowy@aosc.io +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c +index 97a0573cc5145..79eb11cd185d1 100644 +--- a/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c ++++ b/drivers/gpu/drm/sun4i/sun6i_mipi_dsi.c +@@ -357,8 +357,7 @@ static void sun6i_dsi_inst_init(struct sun6i_dsi *dsi, + static u16 sun6i_dsi_get_video_start_delay(struct sun6i_dsi *dsi, + struct drm_display_mode *mode) + { +- u16 start = clamp(mode->vtotal - mode->vdisplay - 10, 8, 100); +- u16 delay = mode->vtotal - (mode->vsync_end - mode->vdisplay) + start; ++ u16 delay = mode->vtotal - (mode->vsync_end - mode->vdisplay) + 1; + + if (delay > mode->vtotal) + delay = delay % mode->vtotal; +-- +2.20.1 + diff --git a/queue-4.19/series b/queue-4.19/series new file mode 100644 index 00000000000..11265cb1c7d --- /dev/null +++ b/queue-4.19/series @@ -0,0 +1,10 @@ +revert-drm-sun4i-dsi-change-the-start-delay-calculat.patch +ovl-fix-lseek-overflow-on-32bit.patch +kernel-module-fix-memleak-in-module_add_modinfo_attr.patch +media-iguanair-fix-endpoint-sanity-check.patch +ocfs2-fix-oops-when-writing-cloned-file.patch +x86-cpu-update-cached-hle-state-on-write-to-tsx_ctrl.patch +udf-allow-writing-to-rewritable-partitions.patch +printk-fix-exclusive_console-replaying.patch +iwlwifi-mvm-fix-nvm-check-for-3168-devices.patch +sparc32-fix-struct-ipc64_perm-type-definition.patch diff --git a/queue-4.19/sparc32-fix-struct-ipc64_perm-type-definition.patch b/queue-4.19/sparc32-fix-struct-ipc64_perm-type-definition.patch new file mode 100644 index 00000000000..1443f6b66b7 --- /dev/null +++ b/queue-4.19/sparc32-fix-struct-ipc64_perm-type-definition.patch @@ -0,0 +1,74 @@ +From 6b3f2b5fa6fdac1724181d1c9bf3cefc21b95969 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Jan 2020 14:26:14 +0100 +Subject: sparc32: fix struct ipc64_perm type definition + +From: Arnd Bergmann + +[ Upstream commit 34ca70ef7d3a9fa7e89151597db5e37ae1d429b4 ] + +As discussed in the strace issue tracker, it appears that the sparc32 +sysvipc support has been broken for the past 11 years. It was however +working in compat mode, which is how it must have escaped most of the +regular testing. + +The problem is that a cleanup patch inadvertently changed the uid/gid +fields in struct ipc64_perm from 32-bit types to 16-bit types in uapi +headers. + +Both glibc and uclibc-ng still use the original types, so they should +work fine with compat mode, but not natively. Change the definitions +to use __kernel_uid32_t and __kernel_gid32_t again. + +Fixes: 83c86984bff2 ("sparc: unify ipcbuf.h") +Link: https://github.com/strace/strace/issues/116 +Cc: # v2.6.29 +Cc: Sam Ravnborg +Cc: "Dmitry V . Levin" +Cc: Rich Felker +Cc: libc-alpha@sourceware.org +Signed-off-by: Arnd Bergmann +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + arch/sparc/include/uapi/asm/ipcbuf.h | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/arch/sparc/include/uapi/asm/ipcbuf.h b/arch/sparc/include/uapi/asm/ipcbuf.h +index 9d0d125500e24..084b8949ddff6 100644 +--- a/arch/sparc/include/uapi/asm/ipcbuf.h ++++ b/arch/sparc/include/uapi/asm/ipcbuf.h +@@ -15,19 +15,19 @@ + + struct ipc64_perm + { +- __kernel_key_t key; +- __kernel_uid_t uid; +- __kernel_gid_t gid; +- __kernel_uid_t cuid; +- __kernel_gid_t cgid; ++ __kernel_key_t key; ++ __kernel_uid32_t uid; ++ __kernel_gid32_t gid; ++ __kernel_uid32_t cuid; ++ __kernel_gid32_t cgid; + #ifndef __arch64__ +- unsigned short __pad0; ++ unsigned short __pad0; + #endif +- __kernel_mode_t mode; +- unsigned short __pad1; +- unsigned short seq; +- unsigned long long __unused1; +- unsigned long long __unused2; ++ __kernel_mode_t mode; ++ unsigned short __pad1; ++ unsigned short seq; ++ unsigned long long __unused1; ++ unsigned long long __unused2; + }; + + #endif /* __SPARC_IPCBUF_H */ +-- +2.20.1 + diff --git a/queue-4.19/udf-allow-writing-to-rewritable-partitions.patch b/queue-4.19/udf-allow-writing-to-rewritable-partitions.patch new file mode 100644 index 00000000000..6a470c19de5 --- /dev/null +++ b/queue-4.19/udf-allow-writing-to-rewritable-partitions.patch @@ -0,0 +1,60 @@ +From 488165214dada78c7ffd0ee0fc0bcce216d31a9d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 17 Jan 2020 12:11:14 +0100 +Subject: udf: Allow writing to 'Rewritable' partitions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jan Kara + +[ Upstream commit 15fb05fd286ac57a0802d71624daeb5c1c2d5b07 ] + +UDF 2.60 standard states in section 2.2.14.2: + + A partition with Access Type 3 (rewritable) shall define a Freed + Space Bitmap or a Freed Space Table, see 2.3.3. All other partitions + shall not define a Freed Space Bitmap or a Freed Space Table. + + Rewritable partitions are used on media that require some form of + preprocessing before re-writing data (for example legacy MO). Such + partitions shall use Access Type 3. + + Overwritable partitions are used on media that do not require + preprocessing before overwriting data (for example: CD-RW, DVD-RW, + DVD+RW, DVD-RAM, BD-RE, HD DVD-Rewritable). Such partitions shall + use Access Type 4. + +however older versions of the standard didn't have this wording and +there are tools out there that create UDF filesystems with rewritable +partitions but that don't contain a Freed Space Bitmap or a Freed Space +Table on media that does not require pre-processing before overwriting a +block. So instead of forcing media with rewritable partition read-only, +base this decision on presence of a Freed Space Bitmap or a Freed Space +Table. + +Reported-by: Pali Rohár +Reviewed-by: Pali Rohár +Fixes: b085fbe2ef7f ("udf: Fix crash during mount") +Link: https://lore.kernel.org/linux-fsdevel/20200112144735.hj2emsoy4uwsouxz@pali +Signed-off-by: Jan Kara +Signed-off-by: Sasha Levin +--- + fs/udf/super.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/fs/udf/super.c b/fs/udf/super.c +index 7af011dc9ae8a..6fd0f14e9dd22 100644 +--- a/fs/udf/super.c ++++ b/fs/udf/super.c +@@ -999,7 +999,6 @@ static int check_partition_desc(struct super_block *sb, + switch (le32_to_cpu(p->accessType)) { + case PD_ACCESS_TYPE_READ_ONLY: + case PD_ACCESS_TYPE_WRITE_ONCE: +- case PD_ACCESS_TYPE_REWRITABLE: + case PD_ACCESS_TYPE_NONE: + goto force_ro; + } +-- +2.20.1 + diff --git a/queue-4.19/x86-cpu-update-cached-hle-state-on-write-to-tsx_ctrl.patch b/queue-4.19/x86-cpu-update-cached-hle-state-on-write-to-tsx_ctrl.patch new file mode 100644 index 00000000000..1d21f12cd5c --- /dev/null +++ b/queue-4.19/x86-cpu-update-cached-hle-state-on-write-to-tsx_ctrl.patch @@ -0,0 +1,67 @@ +From 4aac12629d55701f623c62427993ea3d8ea40142 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 10 Jan 2020 14:50:54 -0800 +Subject: x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR + +From: Pawan Gupta + +[ Upstream commit 5efc6fa9044c3356d6046c6e1da6d02572dbed6b ] + +/proc/cpuinfo currently reports Hardware Lock Elision (HLE) feature to +be present on boot cpu even if it was disabled during the bootup. This +is because cpuinfo_x86->x86_capability HLE bit is not updated after TSX +state is changed via the new MSR IA32_TSX_CTRL. + +Update the cached HLE bit also since it is expected to change after an +update to CPUID_CLEAR bit in MSR IA32_TSX_CTRL. + +Fixes: 95c5824f75f3 ("x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default") +Signed-off-by: Pawan Gupta +Signed-off-by: Thomas Gleixner +Tested-by: Neelima Krishnan +Reviewed-by: Dave Hansen +Reviewed-by: Josh Poimboeuf +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/2529b99546294c893dfa1c89e2b3e46da3369a59.1578685425.git.pawan.kumar.gupta@linux.intel.com +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/cpu/tsx.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c +index 3e20d322bc98b..032509adf9de9 100644 +--- a/arch/x86/kernel/cpu/tsx.c ++++ b/arch/x86/kernel/cpu/tsx.c +@@ -115,11 +115,12 @@ void __init tsx_init(void) + tsx_disable(); + + /* +- * tsx_disable() will change the state of the +- * RTM CPUID bit. Clear it here since it is now +- * expected to be not set. ++ * tsx_disable() will change the state of the RTM and HLE CPUID ++ * bits. Clear them here since they are now expected to be not ++ * set. + */ + setup_clear_cpu_cap(X86_FEATURE_RTM); ++ setup_clear_cpu_cap(X86_FEATURE_HLE); + } else if (tsx_ctrl_state == TSX_CTRL_ENABLE) { + + /* +@@ -131,10 +132,10 @@ void __init tsx_init(void) + tsx_enable(); + + /* +- * tsx_enable() will change the state of the +- * RTM CPUID bit. Force it here since it is now +- * expected to be set. ++ * tsx_enable() will change the state of the RTM and HLE CPUID ++ * bits. Force them here since they are now expected to be set. + */ + setup_force_cpu_cap(X86_FEATURE_RTM); ++ setup_force_cpu_cap(X86_FEATURE_HLE); + } + } +-- +2.20.1 + -- 2.47.3