From 328d0af378605c629e0906025c66af491ae14c39 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 23 Jan 2020 15:52:28 +0100 Subject: [PATCH] 5.4-stable patches added patches: crypto-amcc-restore-crypto_aes-dependency.patch crypto-sun4i-ss-fix-big-endian-issues.patch gpiolib-no-need-to-call-gpiochip_remove_pin_ranges-twice.patch ipmi-fix-memory-leak-in-__ipmi_bmc_register.patch leds-tlc591xx-update-the-maximum-brightness.patch nfsd-depend-on-crypto_md5-for-legacy-client-tracking.patch perf-map-no-need-to-adjust-the-long-name-of-modules.patch rtw88-fix-beaconing-mode-rsvd_page-memory-violation-issue.patch rtw88-fix-error-handling-when-setup-efuse-info.patch s390-pkey-fix-memory-leak-within-_copy_apqns_from_user.patch sched-core-further-clarify-sched_class-set_next_task.patch soc-aspeed-fix-snoop_file_poll-s-return-type.patch soc-qcom-llcc-name-regmaps-to-avoid-collisions.patch soc-renesas-add-missing-check-for-non-zero-product-register-address.patch soc-tegra-pmc-fix-crashes-for-hierarchical-interrupts.patch watchdog-sprd-fix-the-incorrect-pointer-getting-from-driver-data.patch --- ...o-amcc-restore-crypto_aes-dependency.patch | 35 +++ ...rypto-sun4i-ss-fix-big-endian-issues.patch | 88 +++++++ ...all-gpiochip_remove_pin_ranges-twice.patch | 84 ++++++ ...x-memory-leak-in-__ipmi_bmc_register.patch | 37 +++ ...c591xx-update-the-maximum-brightness.patch | 56 ++++ ...rypto_md5-for-legacy-client-tracking.patch | 45 ++++ ...d-to-adjust-the-long-name-of-modules.patch | 244 ++++++++++++++++++ ...ode-rsvd_page-memory-violation-issue.patch | 130 ++++++++++ ...error-handling-when-setup-efuse-info.patch | 60 +++++ ...ry-leak-within-_copy_apqns_from_user.patch | 34 +++ ...er-clarify-sched_class-set_next_task.patch | 170 ++++++++++++ queue-5.4/series | 16 ++ ...ed-fix-snoop_file_poll-s-return-type.patch | 46 ++++ ...lcc-name-regmaps-to-avoid-collisions.patch | 43 +++ ...or-non-zero-product-register-address.patch | 39 +++ ...-crashes-for-hierarchical-interrupts.patch | 71 +++++ ...ect-pointer-getting-from-driver-data.patch | 58 +++++ 17 files changed, 1256 insertions(+) create mode 100644 queue-5.4/crypto-amcc-restore-crypto_aes-dependency.patch create mode 100644 queue-5.4/crypto-sun4i-ss-fix-big-endian-issues.patch create mode 100644 queue-5.4/gpiolib-no-need-to-call-gpiochip_remove_pin_ranges-twice.patch create mode 100644 queue-5.4/ipmi-fix-memory-leak-in-__ipmi_bmc_register.patch create mode 100644 queue-5.4/leds-tlc591xx-update-the-maximum-brightness.patch create mode 100644 queue-5.4/nfsd-depend-on-crypto_md5-for-legacy-client-tracking.patch create mode 100644 queue-5.4/perf-map-no-need-to-adjust-the-long-name-of-modules.patch create mode 100644 queue-5.4/rtw88-fix-beaconing-mode-rsvd_page-memory-violation-issue.patch create mode 100644 queue-5.4/rtw88-fix-error-handling-when-setup-efuse-info.patch create mode 100644 queue-5.4/s390-pkey-fix-memory-leak-within-_copy_apqns_from_user.patch create mode 100644 queue-5.4/sched-core-further-clarify-sched_class-set_next_task.patch create mode 100644 queue-5.4/soc-aspeed-fix-snoop_file_poll-s-return-type.patch create mode 100644 queue-5.4/soc-qcom-llcc-name-regmaps-to-avoid-collisions.patch create mode 100644 queue-5.4/soc-renesas-add-missing-check-for-non-zero-product-register-address.patch create mode 100644 queue-5.4/soc-tegra-pmc-fix-crashes-for-hierarchical-interrupts.patch create mode 100644 queue-5.4/watchdog-sprd-fix-the-incorrect-pointer-getting-from-driver-data.patch diff --git a/queue-5.4/crypto-amcc-restore-crypto_aes-dependency.patch b/queue-5.4/crypto-amcc-restore-crypto_aes-dependency.patch new file mode 100644 index 00000000000..d80316e76d8 --- /dev/null +++ b/queue-5.4/crypto-amcc-restore-crypto_aes-dependency.patch @@ -0,0 +1,35 @@ +From 298b4c604008025b134bc6fccbc4018449945d60 Mon Sep 17 00:00:00 2001 +From: Christian Lamparter +Date: Sun, 27 Oct 2019 16:47:47 +0100 +Subject: crypto: amcc - restore CRYPTO_AES dependency + +From: Christian Lamparter + +commit 298b4c604008025b134bc6fccbc4018449945d60 upstream. + +This patch restores the CRYPTO_AES dependency. This is +necessary since some of the crypto4xx driver provided +modes need functioning software fallbacks for +AES-CTR/CCM and GCM. + +Fixes: da3e7a9715ea ("crypto: amcc - switch to AES library for GCM key derivation") +Cc: Ard Biesheuvel +Signed-off-by: Christian Lamparter +Acked-by: Ard Biesheuvel +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/crypto/Kconfig ++++ b/drivers/crypto/Kconfig +@@ -333,6 +333,7 @@ config CRYPTO_DEV_PPC4XX + depends on PPC && 4xx + select CRYPTO_HASH + select CRYPTO_AEAD ++ select CRYPTO_AES + select CRYPTO_LIB_AES + select CRYPTO_CCM + select CRYPTO_CTR diff --git a/queue-5.4/crypto-sun4i-ss-fix-big-endian-issues.patch b/queue-5.4/crypto-sun4i-ss-fix-big-endian-issues.patch new file mode 100644 index 00000000000..a1197830127 --- /dev/null +++ b/queue-5.4/crypto-sun4i-ss-fix-big-endian-issues.patch @@ -0,0 +1,88 @@ +From d1d787bcebfe122a5bd443ae565696661e2e9656 Mon Sep 17 00:00:00 2001 +From: Corentin Labbe +Date: Thu, 14 Nov 2019 13:58:49 +0100 +Subject: crypto: sun4i-ss - fix big endian issues + +From: Corentin Labbe + +commit d1d787bcebfe122a5bd443ae565696661e2e9656 upstream. + +When testing BigEndian kernel, the sun4i-ss was failling all crypto +tests. +This patch fix endian issues with it. + +Fixes: 6298e948215f ("crypto: sunxi-ss - Add Allwinner Security System crypto accelerator") +Signed-off-by: Corentin Labbe +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/sunxi-ss/sun4i-ss-hash.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +--- a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c ++++ b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c +@@ -175,7 +175,7 @@ static int sun4i_hash(struct ahash_reque + */ + unsigned int i = 0, end, fill, min_fill, nwait, nbw = 0, j = 0, todo; + unsigned int in_i = 0; +- u32 spaces, rx_cnt = SS_RX_DEFAULT, bf[32] = {0}, wb = 0, v, ivmode = 0; ++ u32 spaces, rx_cnt = SS_RX_DEFAULT, bf[32] = {0}, v, ivmode = 0; + struct sun4i_req_ctx *op = ahash_request_ctx(areq); + struct crypto_ahash *tfm = crypto_ahash_reqtfm(areq); + struct sun4i_tfm_ctx *tfmctx = crypto_ahash_ctx(tfm); +@@ -184,6 +184,7 @@ static int sun4i_hash(struct ahash_reque + struct sg_mapping_iter mi; + int in_r, err = 0; + size_t copied = 0; ++ __le32 wb = 0; + + dev_dbg(ss->dev, "%s %s bc=%llu len=%u mode=%x wl=%u h0=%0x", + __func__, crypto_tfm_alg_name(areq->base.tfm), +@@ -395,7 +396,7 @@ hash_final: + + nbw = op->len - 4 * nwait; + if (nbw) { +- wb = *(u32 *)(op->buf + nwait * 4); ++ wb = cpu_to_le32(*(u32 *)(op->buf + nwait * 4)); + wb &= GENMASK((nbw * 8) - 1, 0); + + op->byte_count += nbw; +@@ -404,7 +405,7 @@ hash_final: + + /* write the remaining bytes of the nbw buffer */ + wb |= ((1 << 7) << (nbw * 8)); +- bf[j++] = wb; ++ bf[j++] = le32_to_cpu(wb); + + /* + * number of space to pad to obtain 64o minus 8(size) minus 4 (final 1) +@@ -423,13 +424,13 @@ hash_final: + + /* write the length of data */ + if (op->mode == SS_OP_SHA1) { +- __be64 bits = cpu_to_be64(op->byte_count << 3); +- bf[j++] = lower_32_bits(bits); +- bf[j++] = upper_32_bits(bits); ++ __be64 *bits = (__be64 *)&bf[j]; ++ *bits = cpu_to_be64(op->byte_count << 3); ++ j += 2; + } else { +- __le64 bits = op->byte_count << 3; +- bf[j++] = lower_32_bits(bits); +- bf[j++] = upper_32_bits(bits); ++ __le64 *bits = (__le64 *)&bf[j]; ++ *bits = cpu_to_le64(op->byte_count << 3); ++ j += 2; + } + writesl(ss->base + SS_RXFIFO, bf, j); + +@@ -471,7 +472,7 @@ hash_final: + } + } else { + for (i = 0; i < 4; i++) { +- v = readl(ss->base + SS_MD0 + i * 4); ++ v = cpu_to_le32(readl(ss->base + SS_MD0 + i * 4)); + memcpy(areq->result + i * 4, &v, 4); + } + } diff --git a/queue-5.4/gpiolib-no-need-to-call-gpiochip_remove_pin_ranges-twice.patch b/queue-5.4/gpiolib-no-need-to-call-gpiochip_remove_pin_ranges-twice.patch new file mode 100644 index 00000000000..9c60f43ca0b --- /dev/null +++ b/queue-5.4/gpiolib-no-need-to-call-gpiochip_remove_pin_ranges-twice.patch @@ -0,0 +1,84 @@ +From 2f4133bb5f14f49a99acf0cc55b84996dbfb4dff Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Tue, 5 Nov 2019 20:06:54 +0200 +Subject: gpiolib: No need to call gpiochip_remove_pin_ranges() twice + +From: Andy Shevchenko + +commit 2f4133bb5f14f49a99acf0cc55b84996dbfb4dff upstream. + +of_gpiochip_add(), when fails, calls gpiochip_remove_pin_ranges(). + +ADD: + gpiochip_add_data_with_key() -> + of_gpiochip_add() -> (ERROR path) + gpiochip_remove_pin_ranges() + +At the same time of_gpiochip_remove() calls exactly the above mentioned +function unconditionally and so does gpiochip_remove(). + +REMOVE: + gpiochip_remove() -> + gpiochip_remove_pin_ranges() + of_gpiochip_remove() -> + gpiochip_remove_pin_ranges() + +Since gpiochip_remove() calls gpiochip_remove_pin_ranges() unconditionally, +we have duplicate call to the same function when it's not necessary. + +Move gpiochip_remove_pin_ranges() from of_gpiochip_add() to gpiochip_add() +to avoid duplicate calls and be consistent with the explicit call in +gpiochip_remove(). + +Fixes: e93fa3f24353 ("gpiolib: remove duplicate pin range code") +Depends-on: f7299d441a4d ("gpio: of: Fix of_gpiochip_add() error path") +Cc: Geert Uytterhoeven +Signed-off-by: Andy Shevchenko +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpiolib-of.c | 5 +---- + drivers/gpio/gpiolib.c | 3 ++- + 2 files changed, 3 insertions(+), 5 deletions(-) + +--- a/drivers/gpio/gpiolib-of.c ++++ b/drivers/gpio/gpiolib-of.c +@@ -909,16 +909,13 @@ int of_gpiochip_add(struct gpio_chip *ch + of_node_get(chip->of_node); + + ret = of_gpiochip_scan_gpios(chip); +- if (ret) { ++ if (ret) + of_node_put(chip->of_node); +- gpiochip_remove_pin_ranges(chip); +- } + + return ret; + } + + void of_gpiochip_remove(struct gpio_chip *chip) + { +- gpiochip_remove_pin_ranges(chip); + of_node_put(chip->of_node); + } +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -1452,6 +1452,7 @@ err_remove_of_chip: + gpiochip_free_hogs(chip); + of_gpiochip_remove(chip); + err_free_gpiochip_mask: ++ gpiochip_remove_pin_ranges(chip); + gpiochip_free_valid_mask(chip); + err_remove_from_list: + spin_lock_irqsave(&gpio_lock, flags); +@@ -1507,8 +1508,8 @@ void gpiochip_remove(struct gpio_chip *c + gdev->chip = NULL; + gpiochip_irqchip_remove(chip); + acpi_gpiochip_remove(chip); +- gpiochip_remove_pin_ranges(chip); + of_gpiochip_remove(chip); ++ gpiochip_remove_pin_ranges(chip); + gpiochip_free_valid_mask(chip); + /* + * We accept no more calls into the driver from this point, so diff --git a/queue-5.4/ipmi-fix-memory-leak-in-__ipmi_bmc_register.patch b/queue-5.4/ipmi-fix-memory-leak-in-__ipmi_bmc_register.patch new file mode 100644 index 00000000000..219096fdceb --- /dev/null +++ b/queue-5.4/ipmi-fix-memory-leak-in-__ipmi_bmc_register.patch @@ -0,0 +1,37 @@ +From 4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab Mon Sep 17 00:00:00 2001 +From: Navid Emamdoost +Date: Mon, 21 Oct 2019 15:06:48 -0500 +Subject: ipmi: Fix memory leak in __ipmi_bmc_register + +From: Navid Emamdoost + +commit 4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab upstream. + +In the impelementation of __ipmi_bmc_register() the allocated memory for +bmc should be released in case ida_simple_get() fails. + +Fixes: 68e7e50f195f ("ipmi: Don't use BMC product/dev ids in the BMC name") +Signed-off-by: Navid Emamdoost +Message-Id: <20191021200649.1511-1-navid.emamdoost@gmail.com> +Signed-off-by: Corey Minyard +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/ipmi/ipmi_msghandler.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/char/ipmi/ipmi_msghandler.c ++++ b/drivers/char/ipmi/ipmi_msghandler.c +@@ -3039,8 +3039,11 @@ static int __ipmi_bmc_register(struct ip + bmc->pdev.name = "ipmi_bmc"; + + rv = ida_simple_get(&ipmi_bmc_ida, 0, 0, GFP_KERNEL); +- if (rv < 0) ++ if (rv < 0) { ++ kfree(bmc); + goto out; ++ } ++ + bmc->pdev.dev.driver = &ipmidriver.driver; + bmc->pdev.id = rv; + bmc->pdev.dev.release = release_bmc_device; diff --git a/queue-5.4/leds-tlc591xx-update-the-maximum-brightness.patch b/queue-5.4/leds-tlc591xx-update-the-maximum-brightness.patch new file mode 100644 index 00000000000..5e1a34b1cd0 --- /dev/null +++ b/queue-5.4/leds-tlc591xx-update-the-maximum-brightness.patch @@ -0,0 +1,56 @@ +From a2cafdfd8cf5ad8adda6c0ce44a59f46431edf02 Mon Sep 17 00:00:00 2001 +From: Jean-Jacques Hiblot +Date: Mon, 23 Sep 2019 12:02:50 +0200 +Subject: leds: tlc591xx: update the maximum brightness + +From: Jean-Jacques Hiblot + +commit a2cafdfd8cf5ad8adda6c0ce44a59f46431edf02 upstream. + +The TLC chips actually offer 257 levels: +- 0: led OFF +- 1-255: Led dimmed is using a PWM. The duty cycle range from 0.4% to 99.6% +- 256: led fully ON + +Fixes: e370d010a5fe ("leds: tlc591xx: Driver for the TI 8/16 Channel i2c LED driver") +Signed-off-by: Jean-Jacques Hiblot +Signed-off-by: Pavel Machek +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/leds/leds-tlc591xx.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/leds/leds-tlc591xx.c ++++ b/drivers/leds/leds-tlc591xx.c +@@ -13,6 +13,7 @@ + #include + + #define TLC591XX_MAX_LEDS 16 ++#define TLC591XX_MAX_BRIGHTNESS 256 + + #define TLC591XX_REG_MODE1 0x00 + #define MODE1_RESPON_ADDR_MASK 0xF0 +@@ -112,11 +113,11 @@ tlc591xx_brightness_set(struct led_class + struct tlc591xx_priv *priv = led->priv; + int err; + +- switch (brightness) { ++ switch ((int)brightness) { + case 0: + err = tlc591xx_set_ledout(priv, led, LEDOUT_OFF); + break; +- case LED_FULL: ++ case TLC591XX_MAX_BRIGHTNESS: + err = tlc591xx_set_ledout(priv, led, LEDOUT_ON); + break; + default: +@@ -157,7 +158,7 @@ tlc591xx_configure(struct device *dev, + led->priv = priv; + led->led_no = i; + led->ldev.brightness_set_blocking = tlc591xx_brightness_set; +- led->ldev.max_brightness = LED_FULL; ++ led->ldev.max_brightness = TLC591XX_MAX_BRIGHTNESS; + err = led_classdev_register(dev, &led->ldev); + if (err < 0) { + dev_err(dev, "couldn't register LED %s\n", diff --git a/queue-5.4/nfsd-depend-on-crypto_md5-for-legacy-client-tracking.patch b/queue-5.4/nfsd-depend-on-crypto_md5-for-legacy-client-tracking.patch new file mode 100644 index 00000000000..17cba114f15 --- /dev/null +++ b/queue-5.4/nfsd-depend-on-crypto_md5-for-legacy-client-tracking.patch @@ -0,0 +1,45 @@ +From 38a2204f5298620e8a1c3b1dc7b831425106dbc0 Mon Sep 17 00:00:00 2001 +From: Patrick Steinhardt +Date: Wed, 4 Dec 2019 07:13:22 +0100 +Subject: nfsd: depend on CRYPTO_MD5 for legacy client tracking + +From: Patrick Steinhardt + +commit 38a2204f5298620e8a1c3b1dc7b831425106dbc0 upstream. + +The legacy client tracking infrastructure of nfsd makes use of MD5 to +derive a client's recovery directory name. As the nfsd module doesn't +declare any dependency on CRYPTO_MD5, though, it may fail to allocate +the hash if the kernel was compiled without it. As a result, generation +of client recovery directories will fail with the following error: + + NFSD: unable to generate recoverydir name + +The explicit dependency on CRYPTO_MD5 was removed as redundant back in +6aaa67b5f3b9 (NFSD: Remove redundant "select" clauses in fs/Kconfig +2008-02-11) as it was already implicitly selected via RPCSEC_GSS_KRB5. +This broke when RPCSEC_GSS_KRB5 was made optional for NFSv4 in commit +df486a25900f (NFS: Fix the selection of security flavours in Kconfig) at +a later point. + +Fix the issue by adding back an explicit dependency on CRYPTO_MD5. + +Fixes: df486a25900f (NFS: Fix the selection of security flavours in Kconfig) +Signed-off-by: Patrick Steinhardt +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfsd/Kconfig ++++ b/fs/nfsd/Kconfig +@@ -73,6 +73,7 @@ config NFSD_V4 + select NFSD_V3 + select FS_POSIX_ACL + select SUNRPC_GSS ++ select CRYPTO_MD5 + select CRYPTO_SHA256 + select GRACE_PERIOD + help diff --git a/queue-5.4/perf-map-no-need-to-adjust-the-long-name-of-modules.patch b/queue-5.4/perf-map-no-need-to-adjust-the-long-name-of-modules.patch new file mode 100644 index 00000000000..fda5e90d7ac --- /dev/null +++ b/queue-5.4/perf-map-no-need-to-adjust-the-long-name-of-modules.patch @@ -0,0 +1,244 @@ +From f068435d9bb2d825d59e3c101bc579f09315ee01 Mon Sep 17 00:00:00 2001 +From: Arnaldo Carvalho de Melo +Date: Thu, 14 Nov 2019 10:46:45 -0300 +Subject: perf map: No need to adjust the long name of modules + +From: Arnaldo Carvalho de Melo + +commit f068435d9bb2d825d59e3c101bc579f09315ee01 upstream. + +At some point in the past we needed to make sure we would get the long +name of modules and not just what we get from /proc/modules, but that +need, as described in the cset that introduced the adjustment function: + +Fixes: c03d5184f0e9 ("perf machine: Adjust dso->long_name for offline module") + +Without using the buildid-cache: + + # lsmod | grep trusted + # insmod trusted.ko + # lsmod | grep trusted + trusted 24576 0 + # strace -e open,openat perf probe -m ./trusted.ko key_seal |& grep trusted + openat(AT_FDCWD, "/sys/module/trusted/notes/.note.gnu.build-id", O_RDONLY) = 4 + openat(AT_FDCWD, "/sys/module/trusted/notes/.note.gnu.build-id", O_RDONLY) = 7 + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/.debug/root/trusted.ko/dd3d355d567394d540f527e093e0f64b95879584/probes", O_RDWR|O_CREAT, 0644) = 3 + openat(AT_FDCWD, "/usr/lib/debug/root/trusted.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/usr/lib/debug/root/trusted.ko", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/.debug/trusted.ko", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "trusted.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, ".debug/trusted.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "trusted.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 4 + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + probe:key_seal (on key_seal in trusted) + # perf probe -l + probe:key_seal (on key_seal in trusted) + # + +No attempt at opening '[trusted]'. + +Now using the build-id cache: + + # rmmod trusted + # perf buildid-cache --add ./trusted.ko + # insmod trusted.ko + # strace -e open,openat perf probe -m ./trusted.ko key_seal |& grep trusted + openat(AT_FDCWD, "/sys/module/trusted/notes/.note.gnu.build-id", O_RDONLY) = 4 + openat(AT_FDCWD, "/sys/module/trusted/notes/.note.gnu.build-id", O_RDONLY) = 7 + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/.debug/root/trusted.ko/dd3d355d567394d540f527e093e0f64b95879584/probes", O_RDWR|O_CREAT, 0644) = 3 + openat(AT_FDCWD, "/usr/lib/debug/root/trusted.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/usr/lib/debug/root/trusted.ko", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/.debug/trusted.ko", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "trusted.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, ".debug/trusted.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "trusted.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 4 + openat(AT_FDCWD, "/root/trusted.ko", O_RDONLY) = 3 + # + +Again, no attempt at reading '[trusted]'. + +Finally, adding a probe to that function and then using: + +[root@quaco ~]# perf trace -e probe_perf:*/max-stack=16/ --max-events=2 + 0.000 perf/13456 probe_perf:dso__adjust_kmod_long_name(__probe_ip: 5492263) + dso__adjust_kmod_long_name (/home/acme/bin/perf) + machine__process_kernel_mmap_event (/home/acme/bin/perf) + machine__process_mmap_event (/home/acme/bin/perf) + perf_event__process_mmap (/home/acme/bin/perf) + machines__deliver_event (/home/acme/bin/perf) + perf_session__deliver_event (/home/acme/bin/perf) + perf_session__process_event (/home/acme/bin/perf) + process_simple (/home/acme/bin/perf) + reader__process_events (/home/acme/bin/perf) + __perf_session__process_events (/home/acme/bin/perf) + perf_session__process_events (/home/acme/bin/perf) + process_buildids (/home/acme/bin/perf) + record__finish_output (/home/acme/bin/perf) + __cmd_record (/home/acme/bin/perf) + cmd_record (/home/acme/bin/perf) + run_builtin (/home/acme/bin/perf) + 0.055 perf/13456 probe_perf:dso__adjust_kmod_long_name(__probe_ip: 5492263) + dso__adjust_kmod_long_name (/home/acme/bin/perf) + machine__process_kernel_mmap_event (/home/acme/bin/perf) + machine__process_mmap_event (/home/acme/bin/perf) + perf_event__process_mmap (/home/acme/bin/perf) + machines__deliver_event (/home/acme/bin/perf) + perf_session__deliver_event (/home/acme/bin/perf) + perf_session__process_event (/home/acme/bin/perf) + process_simple (/home/acme/bin/perf) + reader__process_events (/home/acme/bin/perf) + __perf_session__process_events (/home/acme/bin/perf) + perf_session__process_events (/home/acme/bin/perf) + process_buildids (/home/acme/bin/perf) + record__finish_output (/home/acme/bin/perf) + __cmd_record (/home/acme/bin/perf) + cmd_record (/home/acme/bin/perf) + run_builtin (/home/acme/bin/perf) + # + +This was the only path I could find using the perf tools that reach at this +function, then as of november/2019, if we put a probe in the line where the +actuall setting of the dso->long_name is done: + + # perf trace -e probe_perf:* + ^C[root@quaco ~] + # perf stat -e probe_perf:* -I 2000 + 2.000404265 0 probe_perf:dso__adjust_kmod_long_name + 4.001142200 0 probe_perf:dso__adjust_kmod_long_name + 6.001704120 0 probe_perf:dso__adjust_kmod_long_name + 8.002398316 0 probe_perf:dso__adjust_kmod_long_name + 10.002984010 0 probe_perf:dso__adjust_kmod_long_name + 12.003597851 0 probe_perf:dso__adjust_kmod_long_name + 14.004113303 0 probe_perf:dso__adjust_kmod_long_name + 16.004582773 0 probe_perf:dso__adjust_kmod_long_name + 18.005176373 0 probe_perf:dso__adjust_kmod_long_name + 20.005801605 0 probe_perf:dso__adjust_kmod_long_name + 22.006467540 0 probe_perf:dso__adjust_kmod_long_name + ^C 23.683261941 0 probe_perf:dso__adjust_kmod_long_name + + # + +Its not being used at all. + +To further test this I used kvm.ko as the offline module, i.e. removed +if from the buildid-cache by nuking it completely (rm -rf ~/.debug) and +moved it from the normal kernel distro path, removed the modules, stoped +the kvm guest, and then installed it manually, etc. + + # rmmod kvm-intel + # rmmod kvm + # lsmod | grep kvm + # modprobe kvm-intel + modprobe: ERROR: ctx=0x55d3b1722260 path=/lib/modules/5.3.8-200.fc30.x86_64/kernel/arch/x86/kvm/kvm.ko.xz error=No such file or directory + modprobe: ERROR: ctx=0x55d3b1722260 path=/lib/modules/5.3.8-200.fc30.x86_64/kernel/arch/x86/kvm/kvm.ko.xz error=No such file or directory + modprobe: ERROR: could not insert 'kvm_intel': Unknown symbol in module, or unknown parameter (see dmesg) + # insmod ./kvm.ko + # modprobe kvm-intel + modprobe: ERROR: ctx=0x562f34026260 path=/lib/modules/5.3.8-200.fc30.x86_64/kernel/arch/x86/kvm/kvm.ko.xz error=No such file or directory + modprobe: ERROR: ctx=0x562f34026260 path=/lib/modules/5.3.8-200.fc30.x86_64/kernel/arch/x86/kvm/kvm.ko.xz error=No such file or directory + # lsmod | grep kvm + kvm_intel 299008 0 + kvm 765952 1 kvm_intel + irqbypass 16384 1 kvm + # + # perf probe -x ~/bin/perf machine__findnew_module_map:12 mname=m.name:string filename=filename:string 'dso_long_name=map->dso->long_name:string' 'dso_name=map->dso->name:string' + # perf probe -l + probe_perf:machine__findnew_module_map (on machine__findnew_module_map:12@util/machine.c in /home/acme/bin/perf with mname filename dso_long_name dso_name) + # perf record + ^C[ perf record: Woken up 2 times to write data ] + [ perf record: Captured and wrote 3.416 MB perf.data (33956 samples) ] + # perf trace -e probe_perf:machine* + + 6.322 perf/23099 probe_perf:machine__findnew_module_map(__probe_ip: 5492493, mname: "[salsa20_generic]", filename: "/lib/modules/5.3.8-200.fc30.x86_64/kernel/crypto/salsa20_generic.ko.xz", dso_long_name: "/lib/modules/5.3.8-200.fc30.x86_64/kernel/crypto/salsa20_generic.ko.xz", dso_name: "[salsa20_generic]") + 6.375 perf/23099 probe_perf:machine__findnew_module_map(__probe_ip: 5492493, mname: "[kvm]", filename: "[kvm]", dso_long_name: "[kvm]", dso_name: "[kvm]") + + +The filename doesn't come with the path, no point in trying to set the dso->long_name. + + [root@quaco ~]# strace -e open,openat perf probe -m ./kvm.ko kvm_apic_local_deliver |& egrep 'open.*kvm' + openat(AT_FDCWD, "/sys/module/kvm_intel/notes/.note.gnu.build-id", O_RDONLY) = 4 + openat(AT_FDCWD, "/sys/module/kvm/notes/.note.gnu.build-id", O_RDONLY) = 4 + openat(AT_FDCWD, "/lib/modules/5.3.8-200.fc30.x86_64/kernel/arch/x86/kvm", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 7 + openat(AT_FDCWD, "/sys/module/kvm_intel/notes/.note.gnu.build-id", O_RDONLY) = 8 + openat(AT_FDCWD, "/root/kvm.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/.debug/root/kvm.ko/5955f426cb93f03f30f3e876814be2db80ab0b55/probes", O_RDWR|O_CREAT, 0644) = 3 + openat(AT_FDCWD, "/usr/lib/debug/root/kvm.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/usr/lib/debug/root/kvm.ko", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/.debug/kvm.ko", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/kvm.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "kvm.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, ".debug/kvm.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "kvm.ko.debug", O_RDONLY) = -1 ENOENT (No such file or directory) + openat(AT_FDCWD, "/root/kvm.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/kvm.ko", O_RDONLY) = 3 + openat(AT_FDCWD, "/root/kvm.ko", O_RDONLY) = 4 + openat(AT_FDCWD, "/root/kvm.ko", O_RDONLY) = 3 + [root@quaco ~]# + +Cc: Adrian Hunter +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Wang Nan +Link: https://lkml.kernel.org/n/tip-jlfew3lyb24d58egrp0o72o2@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/machine.c | 27 +-------------------------- + 1 file changed, 1 insertion(+), 26 deletions(-) + +--- a/tools/perf/util/machine.c ++++ b/tools/perf/util/machine.c +@@ -767,24 +767,6 @@ int machine__process_ksymbol(struct mach + return machine__process_ksymbol_register(machine, event, sample); + } + +-static void dso__adjust_kmod_long_name(struct dso *dso, const char *filename) +-{ +- const char *dup_filename; +- +- if (!filename || !dso || !dso->long_name) +- return; +- if (dso->long_name[0] != '[') +- return; +- if (!strchr(filename, '/')) +- return; +- +- dup_filename = strdup(filename); +- if (!dup_filename) +- return; +- +- dso__set_long_name(dso, dup_filename, true); +-} +- + struct map *machine__findnew_module_map(struct machine *machine, u64 start, + const char *filename) + { +@@ -796,15 +778,8 @@ struct map *machine__findnew_module_map( + return NULL; + + map = map_groups__find_by_name(&machine->kmaps, m.name); +- if (map) { +- /* +- * If the map's dso is an offline module, give dso__load() +- * a chance to find the file path of that module by fixing +- * long_name. +- */ +- dso__adjust_kmod_long_name(map->dso, filename); ++ if (map) + goto out; +- } + + dso = machine__findnew_module_dso(machine, &m, filename); + if (dso == NULL) diff --git a/queue-5.4/rtw88-fix-beaconing-mode-rsvd_page-memory-violation-issue.patch b/queue-5.4/rtw88-fix-beaconing-mode-rsvd_page-memory-violation-issue.patch new file mode 100644 index 00000000000..f869f07de06 --- /dev/null +++ b/queue-5.4/rtw88-fix-beaconing-mode-rsvd_page-memory-violation-issue.patch @@ -0,0 +1,130 @@ +From c3594559f49c601d410dee4b767c3536a5535bfd Mon Sep 17 00:00:00 2001 +From: Yan-Hsuan Chuang +Date: Wed, 2 Oct 2019 14:35:25 +0800 +Subject: rtw88: fix beaconing mode rsvd_page memory violation issue + +From: Yan-Hsuan Chuang + +commit c3594559f49c601d410dee4b767c3536a5535bfd upstream. + +When downloading the reserved page, the first page always contains +a beacon for the firmware to reference. For non-beaconing modes such +as station mode, also put a blank skb with length=1. + +And for the beaconing modes, driver will get a real beacon with a +length approximate to the page size. But as the beacon is always put +at the first page, it does not need a tx_desc, because the TX path +will generate one when TXing the reserved page to the hardware. So we +could allocate a buffer with a size smaller than the reserved page, +when using memcpy() to copy the content of reserved page to the buffer, +the over-sized reserved page will violate the kernel memory. + +To fix it, add the tx_desc before memcpy() the reserved packets to +the buffer, then we can get SKBs with correct length when counting +the pages in total. And for page 0, count the extra tx_desc_sz that +the TX path will generate. This way, the first beacon that allocated +without tx_desc can be counted with the extra tx_desc_sz to get +actual pages it requires. + +Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver") +Signed-off-by: Yan-Hsuan Chuang +Signed-off-by: Kalle Valo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/realtek/rtw88/fw.c | 52 ++++++++++++++++++++++++++------ + 1 file changed, 43 insertions(+), 9 deletions(-) + +--- a/drivers/net/wireless/realtek/rtw88/fw.c ++++ b/drivers/net/wireless/realtek/rtw88/fw.c +@@ -498,9 +498,6 @@ static void rtw_rsvd_page_list_to_buf(st + { + struct sk_buff *skb = rsvd_pkt->skb; + +- if (rsvd_pkt->add_txdesc) +- rtw_fill_rsvd_page_desc(rtwdev, skb); +- + if (page >= 1) + memcpy(buf + page_margin + page_size * (page - 1), + skb->data, skb->len); +@@ -625,16 +622,37 @@ static u8 *rtw_build_rsvd_page(struct rt + list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, list) { + iter = rtw_get_rsvd_page_skb(hw, vif, rsvd_pkt->type); + if (!iter) { +- rtw_err(rtwdev, "fail to build rsvd packet\n"); ++ rtw_err(rtwdev, "failed to build rsvd packet\n"); + goto release_skb; + } ++ ++ /* Fill the tx_desc for the rsvd pkt that requires one. ++ * And iter->len will be added with size of tx_desc_sz. ++ */ ++ if (rsvd_pkt->add_txdesc) ++ rtw_fill_rsvd_page_desc(rtwdev, iter); ++ + rsvd_pkt->skb = iter; + rsvd_pkt->page = total_page; +- if (rsvd_pkt->add_txdesc) ++ ++ /* Reserved page is downloaded via TX path, and TX path will ++ * generate a tx_desc at the header to describe length of ++ * the buffer. If we are not counting page numbers with the ++ * size of tx_desc added at the first rsvd_pkt (usually a ++ * beacon, firmware default refer to the first page as the ++ * content of beacon), we could generate a buffer which size ++ * is smaller than the actual size of the whole rsvd_page ++ */ ++ if (total_page == 0) { ++ if (rsvd_pkt->type != RSVD_BEACON) { ++ rtw_err(rtwdev, "first page should be a beacon\n"); ++ goto release_skb; ++ } + total_page += rtw_len_to_page(iter->len + tx_desc_sz, + page_size); +- else ++ } else { + total_page += rtw_len_to_page(iter->len, page_size); ++ } + } + + if (total_page > rtwdev->fifo.rsvd_drv_pg_num) { +@@ -647,13 +665,24 @@ static u8 *rtw_build_rsvd_page(struct rt + if (!buf) + goto release_skb; + ++ /* Copy the content of each rsvd_pkt to the buf, and they should ++ * be aligned to the pages. ++ * ++ * Note that the first rsvd_pkt is a beacon no matter what vif->type. ++ * And that rsvd_pkt does not require tx_desc because when it goes ++ * through TX path, the TX path will generate one for it. ++ */ + list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, list) { + rtw_rsvd_page_list_to_buf(rtwdev, page_size, page_margin, + page, buf, rsvd_pkt); +- page += rtw_len_to_page(rsvd_pkt->skb->len, page_size); +- } +- list_for_each_entry(rsvd_pkt, &rtwdev->rsvd_page_list, list) ++ if (page == 0) ++ page += rtw_len_to_page(rsvd_pkt->skb->len + ++ tx_desc_sz, page_size); ++ else ++ page += rtw_len_to_page(rsvd_pkt->skb->len, page_size); ++ + kfree_skb(rsvd_pkt->skb); ++ } + + return buf; + +@@ -706,6 +735,11 @@ int rtw_fw_download_rsvd_page(struct rtw + goto free; + } + ++ /* The last thing is to download the *ONLY* beacon again, because ++ * the previous tx_desc is to describe the total rsvd page. Download ++ * the beacon again to replace the TX desc header, and we will get ++ * a correct tx_desc for the beacon in the rsvd page. ++ */ + ret = rtw_download_beacon(rtwdev, vif); + if (ret) { + rtw_err(rtwdev, "failed to download beacon\n"); diff --git a/queue-5.4/rtw88-fix-error-handling-when-setup-efuse-info.patch b/queue-5.4/rtw88-fix-error-handling-when-setup-efuse-info.patch new file mode 100644 index 00000000000..8daf040105e --- /dev/null +++ b/queue-5.4/rtw88-fix-error-handling-when-setup-efuse-info.patch @@ -0,0 +1,60 @@ +From f4268729eb1eefe23f6746849c1b5626d9030532 Mon Sep 17 00:00:00 2001 +From: Ping-Ke Shih +Date: Wed, 2 Oct 2019 14:35:31 +0800 +Subject: rtw88: fix error handling when setup efuse info + +From: Ping-Ke Shih + +commit f4268729eb1eefe23f6746849c1b5626d9030532 upstream. + +Disable efuse if the efuse is enabled when we failed to setup the efuse +information, otherwise the hardware will not turn off. + +Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver") +Signed-off-by: Ping-Ke Shih +Signed-off-by: Yan-Hsuan Chuang +Signed-off-by: Kalle Valo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/realtek/rtw88/main.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/drivers/net/wireless/realtek/rtw88/main.c ++++ b/drivers/net/wireless/realtek/rtw88/main.c +@@ -1048,19 +1048,19 @@ static int rtw_chip_efuse_info_setup(str + /* power on mac to read efuse */ + ret = rtw_chip_efuse_enable(rtwdev); + if (ret) +- goto out; ++ goto out_unlock; + + ret = rtw_parse_efuse_map(rtwdev); + if (ret) +- goto out; ++ goto out_disable; + + ret = rtw_dump_hw_feature(rtwdev); + if (ret) +- goto out; ++ goto out_disable; + + ret = rtw_check_supported_rfe(rtwdev); + if (ret) +- goto out; ++ goto out_disable; + + if (efuse->crystal_cap == 0xff) + efuse->crystal_cap = 0; +@@ -1087,9 +1087,10 @@ static int rtw_chip_efuse_info_setup(str + efuse->ext_pa_5g = efuse->pa_type_5g & BIT(0) ? 1 : 0; + efuse->ext_lna_2g = efuse->lna_type_5g & BIT(3) ? 1 : 0; + ++out_disable: + rtw_chip_efuse_disable(rtwdev); + +-out: ++out_unlock: + mutex_unlock(&rtwdev->mutex); + return ret; + } diff --git a/queue-5.4/s390-pkey-fix-memory-leak-within-_copy_apqns_from_user.patch b/queue-5.4/s390-pkey-fix-memory-leak-within-_copy_apqns_from_user.patch new file mode 100644 index 00000000000..63cf8f12bca --- /dev/null +++ b/queue-5.4/s390-pkey-fix-memory-leak-within-_copy_apqns_from_user.patch @@ -0,0 +1,34 @@ +From f9cac4fd8878929c6ebff0bd272317905d77c38a Mon Sep 17 00:00:00 2001 +From: Heiko Carstens +Date: Tue, 12 Nov 2019 09:19:26 +0100 +Subject: s390/pkey: fix memory leak within _copy_apqns_from_user() + +From: Heiko Carstens + +commit f9cac4fd8878929c6ebff0bd272317905d77c38a upstream. + +Fixes: f2bbc96e7cfad ("s390/pkey: add CCA AES cipher key support") +Reported-by: Markus Elfring +Reported-by: Christian Borntraeger +Signed-off-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/crypto/pkey_api.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/s390/crypto/pkey_api.c ++++ b/drivers/s390/crypto/pkey_api.c +@@ -740,8 +740,10 @@ static void *_copy_apqns_from_user(void + kapqns = kmalloc(nbytes, GFP_KERNEL); + if (!kapqns) + return ERR_PTR(-ENOMEM); +- if (copy_from_user(kapqns, uapqns, nbytes)) ++ if (copy_from_user(kapqns, uapqns, nbytes)) { ++ kfree(kapqns); + return ERR_PTR(-EFAULT); ++ } + } + + return kapqns; diff --git a/queue-5.4/sched-core-further-clarify-sched_class-set_next_task.patch b/queue-5.4/sched-core-further-clarify-sched_class-set_next_task.patch new file mode 100644 index 00000000000..42f6f6568e5 --- /dev/null +++ b/queue-5.4/sched-core-further-clarify-sched_class-set_next_task.patch @@ -0,0 +1,170 @@ +From a0e813f26ebcb25c0b5e504498fbd796cca1a4ba Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Fri, 8 Nov 2019 14:16:00 +0100 +Subject: sched/core: Further clarify sched_class::set_next_task() + +From: Peter Zijlstra + +commit a0e813f26ebcb25c0b5e504498fbd796cca1a4ba upstream. + +It turns out there really is something special to the first +set_next_task() invocation. In specific the 'change' pattern really +should not cause balance callbacks. + +Signed-off-by: Peter Zijlstra (Intel) +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: bsegall@google.com +Cc: dietmar.eggemann@arm.com +Cc: juri.lelli@redhat.com +Cc: ktkhai@virtuozzo.com +Cc: mgorman@suse.de +Cc: qais.yousef@arm.com +Cc: qperret@google.com +Cc: rostedt@goodmis.org +Cc: valentin.schneider@arm.com +Cc: vincent.guittot@linaro.org +Fixes: f95d4eaee6d0 ("sched/{rt,deadline}: Fix set_next_task vs pick_next_task") +Link: https://lkml.kernel.org/r/20191108131909.775434698@infradead.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched/deadline.c | 7 +++++-- + kernel/sched/fair.c | 2 +- + kernel/sched/idle.c | 4 ++-- + kernel/sched/rt.c | 7 +++++-- + kernel/sched/sched.h | 4 ++-- + kernel/sched/stop_task.c | 4 ++-- + 6 files changed, 17 insertions(+), 11 deletions(-) + +--- a/kernel/sched/deadline.c ++++ b/kernel/sched/deadline.c +@@ -1743,13 +1743,16 @@ static void start_hrtick_dl(struct rq *r + } + #endif + +-static void set_next_task_dl(struct rq *rq, struct task_struct *p) ++static void set_next_task_dl(struct rq *rq, struct task_struct *p, bool first) + { + p->se.exec_start = rq_clock_task(rq); + + /* You can't push away the running task */ + dequeue_pushable_dl_task(rq, p); + ++ if (!first) ++ return; ++ + if (hrtick_enabled(rq)) + start_hrtick_dl(rq, p); + +@@ -1785,7 +1788,7 @@ pick_next_task_dl(struct rq *rq, struct + dl_se = pick_next_dl_entity(rq, dl_rq); + BUG_ON(!dl_se); + p = dl_task_of(dl_se); +- set_next_task_dl(rq, p); ++ set_next_task_dl(rq, p, true); + return p; + } + +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -10151,7 +10151,7 @@ static void switched_to_fair(struct rq * + * This routine is mostly called to set cfs_rq->curr field when a task + * migrates between groups/classes. + */ +-static void set_next_task_fair(struct rq *rq, struct task_struct *p) ++static void set_next_task_fair(struct rq *rq, struct task_struct *p, bool first) + { + struct sched_entity *se = &p->se; + +--- a/kernel/sched/idle.c ++++ b/kernel/sched/idle.c +@@ -385,7 +385,7 @@ static void put_prev_task_idle(struct rq + { + } + +-static void set_next_task_idle(struct rq *rq, struct task_struct *next) ++static void set_next_task_idle(struct rq *rq, struct task_struct *next, bool first) + { + update_idle_core(rq); + schedstat_inc(rq->sched_goidle); +@@ -399,7 +399,7 @@ pick_next_task_idle(struct rq *rq, struc + if (prev) + put_prev_task(rq, prev); + +- set_next_task_idle(rq, next); ++ set_next_task_idle(rq, next, true); + + return next; + } +--- a/kernel/sched/rt.c ++++ b/kernel/sched/rt.c +@@ -1515,13 +1515,16 @@ static void check_preempt_curr_rt(struct + #endif + } + +-static inline void set_next_task_rt(struct rq *rq, struct task_struct *p) ++static inline void set_next_task_rt(struct rq *rq, struct task_struct *p, bool first) + { + p->se.exec_start = rq_clock_task(rq); + + /* The running task is never eligible for pushing */ + dequeue_pushable_task(rq, p); + ++ if (!first) ++ return; ++ + /* + * If prev task was rt, put_prev_task() has already updated the + * utilization. We only care of the case where we start to schedule a +@@ -1575,7 +1578,7 @@ pick_next_task_rt(struct rq *rq, struct + return NULL; + + p = _pick_next_task_rt(rq); +- set_next_task_rt(rq, p); ++ set_next_task_rt(rq, p, true); + return p; + } + +--- a/kernel/sched/sched.h ++++ b/kernel/sched/sched.h +@@ -1728,7 +1728,7 @@ struct sched_class { + struct task_struct *prev, + struct rq_flags *rf); + void (*put_prev_task)(struct rq *rq, struct task_struct *p); +- void (*set_next_task)(struct rq *rq, struct task_struct *p); ++ void (*set_next_task)(struct rq *rq, struct task_struct *p, bool first); + + #ifdef CONFIG_SMP + int (*balance)(struct rq *rq, struct task_struct *prev, struct rq_flags *rf); +@@ -1780,7 +1780,7 @@ static inline void put_prev_task(struct + static inline void set_next_task(struct rq *rq, struct task_struct *next) + { + WARN_ON_ONCE(rq->curr != next); +- next->sched_class->set_next_task(rq, next); ++ next->sched_class->set_next_task(rq, next, false); + } + + #ifdef CONFIG_SMP +--- a/kernel/sched/stop_task.c ++++ b/kernel/sched/stop_task.c +@@ -29,7 +29,7 @@ check_preempt_curr_stop(struct rq *rq, s + /* we're never preempted */ + } + +-static void set_next_task_stop(struct rq *rq, struct task_struct *stop) ++static void set_next_task_stop(struct rq *rq, struct task_struct *stop, bool first) + { + stop->se.exec_start = rq_clock_task(rq); + } +@@ -42,7 +42,7 @@ pick_next_task_stop(struct rq *rq, struc + if (!sched_stop_runnable(rq)) + return NULL; + +- set_next_task_stop(rq, rq->stop); ++ set_next_task_stop(rq, rq->stop, true); + return rq->stop; + } + diff --git a/queue-5.4/series b/queue-5.4/series index eb40c47d7c9..bb18b369e97 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -32,3 +32,19 @@ phy-ti-gmii-sel-fix-mac-tx-internal-delay-for-rgmii-rxid.patch mt76-mt76u-fix-endpoint-definition-order.patch mt7601u-fix-bbp-version-check-in-mt7601u_wait_bbp_ready.patch ice-fix-stack-leakage.patch +s390-pkey-fix-memory-leak-within-_copy_apqns_from_user.patch +nfsd-depend-on-crypto_md5-for-legacy-client-tracking.patch +crypto-amcc-restore-crypto_aes-dependency.patch +crypto-sun4i-ss-fix-big-endian-issues.patch +perf-map-no-need-to-adjust-the-long-name-of-modules.patch +leds-tlc591xx-update-the-maximum-brightness.patch +soc-tegra-pmc-fix-crashes-for-hierarchical-interrupts.patch +soc-qcom-llcc-name-regmaps-to-avoid-collisions.patch +soc-renesas-add-missing-check-for-non-zero-product-register-address.patch +soc-aspeed-fix-snoop_file_poll-s-return-type.patch +watchdog-sprd-fix-the-incorrect-pointer-getting-from-driver-data.patch +ipmi-fix-memory-leak-in-__ipmi_bmc_register.patch +sched-core-further-clarify-sched_class-set_next_task.patch +gpiolib-no-need-to-call-gpiochip_remove_pin_ranges-twice.patch +rtw88-fix-beaconing-mode-rsvd_page-memory-violation-issue.patch +rtw88-fix-error-handling-when-setup-efuse-info.patch diff --git a/queue-5.4/soc-aspeed-fix-snoop_file_poll-s-return-type.patch b/queue-5.4/soc-aspeed-fix-snoop_file_poll-s-return-type.patch new file mode 100644 index 00000000000..e975e227209 --- /dev/null +++ b/queue-5.4/soc-aspeed-fix-snoop_file_poll-s-return-type.patch @@ -0,0 +1,46 @@ +From a4e55ccd4392e70f296d12e81b93c6ca96ee21d5 Mon Sep 17 00:00:00 2001 +From: Luc Van Oostenryck +Date: Thu, 21 Nov 2019 15:48:51 +1030 +Subject: soc: aspeed: Fix snoop_file_poll()'s return type + +From: Luc Van Oostenryck + +commit a4e55ccd4392e70f296d12e81b93c6ca96ee21d5 upstream. + +snoop_file_poll() is defined as returning 'unsigned int' but the +.poll method is declared as returning '__poll_t', a bitwise type. + +Fix this by using the proper return type and using the EPOLL +constants instead of the POLL ones, as required for __poll_t. + +Link: https://lore.kernel.org/r/20191121051851.268726-1-joel@jms.id.au +Fixes: 3772e5da4454 ("drivers/misc: Aspeed LPC snoop output using misc chardev") +Signed-off-by: Luc Van Oostenryck +Reviewed-by: Joel Stanley +Reviewed-by: Andrew Jeffery +Signed-off-by: Joel Stanley +Signed-off-by: Olof Johansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/soc/aspeed/aspeed-lpc-snoop.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/soc/aspeed/aspeed-lpc-snoop.c ++++ b/drivers/soc/aspeed/aspeed-lpc-snoop.c +@@ -97,13 +97,13 @@ static ssize_t snoop_file_read(struct fi + return ret ? ret : copied; + } + +-static unsigned int snoop_file_poll(struct file *file, ++static __poll_t snoop_file_poll(struct file *file, + struct poll_table_struct *pt) + { + struct aspeed_lpc_snoop_channel *chan = snoop_file_to_chan(file); + + poll_wait(file, &chan->wq, pt); +- return !kfifo_is_empty(&chan->fifo) ? POLLIN : 0; ++ return !kfifo_is_empty(&chan->fifo) ? EPOLLIN : 0; + } + + static const struct file_operations snoop_fops = { diff --git a/queue-5.4/soc-qcom-llcc-name-regmaps-to-avoid-collisions.patch b/queue-5.4/soc-qcom-llcc-name-regmaps-to-avoid-collisions.patch new file mode 100644 index 00000000000..68fe366c2c3 --- /dev/null +++ b/queue-5.4/soc-qcom-llcc-name-regmaps-to-avoid-collisions.patch @@ -0,0 +1,43 @@ +From 2bfd3e7651addcaf48f12d4f11ea9d8fca6c3aa8 Mon Sep 17 00:00:00 2001 +From: Stephen Boyd +Date: Tue, 8 Oct 2019 16:45:04 -0700 +Subject: soc: qcom: llcc: Name regmaps to avoid collisions + +From: Stephen Boyd + +commit 2bfd3e7651addcaf48f12d4f11ea9d8fca6c3aa8 upstream. + +We'll end up with debugfs collisions if we don't give names to the +regmaps created by this driver. Change the name of the config before +registering it so we don't collide in debugfs. + +Fixes: 7f9c136216c7 ("soc: qcom: Add broadcast base for Last Level Cache Controller (LLCC)") +Cc: Venkata Narendra Kumar Gutta +Reviewed-by: Evan Green +Signed-off-by: Stephen Boyd +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/soc/qcom/llcc-slice.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/soc/qcom/llcc-slice.c ++++ b/drivers/soc/qcom/llcc-slice.c +@@ -48,7 +48,7 @@ + + static struct llcc_drv_data *drv_data = (void *) -EPROBE_DEFER; + +-static const struct regmap_config llcc_regmap_config = { ++static struct regmap_config llcc_regmap_config = { + .reg_bits = 32, + .reg_stride = 4, + .val_bits = 32, +@@ -323,6 +323,7 @@ static struct regmap *qcom_llcc_init_mmi + if (IS_ERR(base)) + return ERR_CAST(base); + ++ llcc_regmap_config.name = name; + return devm_regmap_init_mmio(&pdev->dev, base, &llcc_regmap_config); + } + diff --git a/queue-5.4/soc-renesas-add-missing-check-for-non-zero-product-register-address.patch b/queue-5.4/soc-renesas-add-missing-check-for-non-zero-product-register-address.patch new file mode 100644 index 00000000000..0ec801055d8 --- /dev/null +++ b/queue-5.4/soc-renesas-add-missing-check-for-non-zero-product-register-address.patch @@ -0,0 +1,39 @@ +From 4194b583c104922c6141d6610bfbce26847959df Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Wed, 16 Oct 2019 16:33:06 +0200 +Subject: soc: renesas: Add missing check for non-zero product register address + +From: Geert Uytterhoeven + +commit 4194b583c104922c6141d6610bfbce26847959df upstream. + +If the DTB for a device with an RZ/A2 SoC lacks a device node for the +BSID register, the ID validation code falls back to using a register at +address 0x0, which leads to undefined behavior (e.g. reading back a +random value). + +This could be fixed by letting fam_rza2.reg point to the actual BSID +register. However, the hardcoded fallbacks were meant for backwards +compatibility with old DTBs only, not for new SoCs. Hence fix this by +validating renesas_family.reg before using it. + +Fixes: 175f435f44b724e3 ("soc: renesas: identify RZ/A2") +Signed-off-by: Geert Uytterhoeven +Link: https://lore.kernel.org/r/20191016143306.28995-1-geert+renesas@glider.be +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/soc/renesas/renesas-soc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/soc/renesas/renesas-soc.c ++++ b/drivers/soc/renesas/renesas-soc.c +@@ -326,7 +326,7 @@ static int __init renesas_soc_init(void) + if (np) { + chipid = of_iomap(np, 0); + of_node_put(np); +- } else if (soc->id) { ++ } else if (soc->id && family->reg) { + chipid = ioremap(family->reg, 4); + } + if (chipid) { diff --git a/queue-5.4/soc-tegra-pmc-fix-crashes-for-hierarchical-interrupts.patch b/queue-5.4/soc-tegra-pmc-fix-crashes-for-hierarchical-interrupts.patch new file mode 100644 index 00000000000..35fba5481fc --- /dev/null +++ b/queue-5.4/soc-tegra-pmc-fix-crashes-for-hierarchical-interrupts.patch @@ -0,0 +1,71 @@ +From c9e753767a9c75d2044fb7343950a6a992d34a16 Mon Sep 17 00:00:00 2001 +From: Thierry Reding +Date: Tue, 1 Oct 2019 13:48:29 +0200 +Subject: soc/tegra: pmc: Fix crashes for hierarchical interrupts + +From: Thierry Reding + +commit c9e753767a9c75d2044fb7343950a6a992d34a16 upstream. + +Interrupts that don't have an associated wake event or GPIO wake events +end up with an associate IRQ chip that is NULL and which causes IRQ code +to crash. This is because we don't implicitly set the parent IRQ chip by +allocating the interrupt at the parent. However, there really isn't a +corresponding interrupt at the parent, so we need to work around this by +setting the special no_irq_chip as the IRQ chip for these interrupts. + +Fixes: 19906e6b1667 ("soc/tegra: pmc: Add wake event support") +Signed-off-by: Thierry Reding +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/soc/tegra/pmc.c | 28 +++++++++++++++++++++++++++- + 1 file changed, 27 insertions(+), 1 deletion(-) + +--- a/drivers/soc/tegra/pmc.c ++++ b/drivers/soc/tegra/pmc.c +@@ -1899,6 +1899,20 @@ static int tegra_pmc_irq_alloc(struct ir + event->id, + &pmc->irq, pmc); + ++ /* ++ * GPIOs don't have an equivalent interrupt in the ++ * parent controller (GIC). However some code, such ++ * as the one in irq_get_irqchip_state(), require a ++ * valid IRQ chip to be set. Make sure that's the ++ * case by passing NULL here, which will install a ++ * dummy IRQ chip for the interrupt in the parent ++ * domain. ++ */ ++ if (domain->parent) ++ irq_domain_set_hwirq_and_chip(domain->parent, ++ virq, 0, NULL, ++ NULL); ++ + break; + } + } +@@ -1908,10 +1922,22 @@ static int tegra_pmc_irq_alloc(struct ir + * dummy hardware IRQ number. This is used in the ->irq_set_type() + * and ->irq_set_wake() callbacks to return early for these IRQs. + */ +- if (i == soc->num_wake_events) ++ if (i == soc->num_wake_events) { + err = irq_domain_set_hwirq_and_chip(domain, virq, ULONG_MAX, + &pmc->irq, pmc); + ++ /* ++ * Interrupts without a wake event don't have a corresponding ++ * interrupt in the parent controller (GIC). Pass NULL for the ++ * chip here, which causes a dummy IRQ chip to be installed ++ * for the interrupt in the parent domain, to make this ++ * explicit. ++ */ ++ if (domain->parent) ++ irq_domain_set_hwirq_and_chip(domain->parent, virq, 0, ++ NULL, NULL); ++ } ++ + return err; + } + diff --git a/queue-5.4/watchdog-sprd-fix-the-incorrect-pointer-getting-from-driver-data.patch b/queue-5.4/watchdog-sprd-fix-the-incorrect-pointer-getting-from-driver-data.patch new file mode 100644 index 00000000000..a23a3fe81d4 --- /dev/null +++ b/queue-5.4/watchdog-sprd-fix-the-incorrect-pointer-getting-from-driver-data.patch @@ -0,0 +1,58 @@ +From 39e68d9e7ab276880980ee5386301fb218202192 Mon Sep 17 00:00:00 2001 +From: Shuiqing Li +Date: Fri, 8 Nov 2019 18:57:12 +0800 +Subject: watchdog: sprd: Fix the incorrect pointer getting from driver data + +From: Shuiqing Li + +commit 39e68d9e7ab276880980ee5386301fb218202192 upstream. + +The device driver data saved the 'struct sprd_wdt' object, it is +incorrect to get 'struct watchdog_device' object from the driver +data, thus fix it. + +Fixes: 477603467009 ("watchdog: Add Spreadtrum watchdog driver") +Reported-by: Dongwei Wang +Signed-off-by: Shuiqing Li +Signed-off-by: Baolin Wang +Reviewed-by: Guenter Roeck +Link: https://lore.kernel.org/r/76d4687189ec940baa90cb8d679a8d4c8f02ee80.1573210405.git.baolin.wang@linaro.org +Signed-off-by: Guenter Roeck +Signed-off-by: Wim Van Sebroeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/watchdog/sprd_wdt.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/drivers/watchdog/sprd_wdt.c ++++ b/drivers/watchdog/sprd_wdt.c +@@ -327,10 +327,9 @@ static int sprd_wdt_probe(struct platfor + + static int __maybe_unused sprd_wdt_pm_suspend(struct device *dev) + { +- struct watchdog_device *wdd = dev_get_drvdata(dev); + struct sprd_wdt *wdt = dev_get_drvdata(dev); + +- if (watchdog_active(wdd)) ++ if (watchdog_active(&wdt->wdd)) + sprd_wdt_stop(&wdt->wdd); + sprd_wdt_disable(wdt); + +@@ -339,7 +338,6 @@ static int __maybe_unused sprd_wdt_pm_su + + static int __maybe_unused sprd_wdt_pm_resume(struct device *dev) + { +- struct watchdog_device *wdd = dev_get_drvdata(dev); + struct sprd_wdt *wdt = dev_get_drvdata(dev); + int ret; + +@@ -347,7 +345,7 @@ static int __maybe_unused sprd_wdt_pm_re + if (ret) + return ret; + +- if (watchdog_active(wdd)) { ++ if (watchdog_active(&wdt->wdd)) { + ret = sprd_wdt_start(&wdt->wdd); + if (ret) { + sprd_wdt_disable(wdt); -- 2.47.3