From 5751a404374e44e23430158c33bea28fd2b20af0 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 19 Jun 2020 16:03:03 +0200 Subject: [PATCH] 4.4-stable patches added patches: arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch kbuild-force-to-build-vmlinux-if-config_modversion-y.patch kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch power-vexpress-add-suppress_bind_attrs-to-true.patch sparc32-fix-register-window-handling-in-genregs32_et.patch sunrpc-clean-up-properly-in-gss_mech_unregister.patch sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch --- ...iary-control-register-initialization.patch | 42 +++ ...fix-memleak-in-windfarm_pm112-driver.patch | 100 ++++++ ...build-vmlinux-if-config_modversion-y.patch | 57 ++++ ...cpu_pm-fix-uninitted-local-in-cpu_pm.patch | 54 ++++ ...ask-over-suspend-for-eint_type-gpios.patch | 72 +++++ ...ress-add-suppress_bind_attrs-to-true.patch | 34 ++ queue-4.4/series | 10 + ...ster-window-handling-in-genregs32_et.patch | 290 ++++++++++++++++++ ...n-up-properly-in-gss_mech_unregister.patch | 121 ++++++++ ...-must-reject-duplicate-registrations.patch | 46 +++ ...add-missing-newline-for-some-dev_dbg.patch | 69 +++++ 11 files changed, 895 insertions(+) create mode 100644 queue-4.4/arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch create mode 100644 queue-4.4/drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch create mode 100644 queue-4.4/kbuild-force-to-build-vmlinux-if-config_modversion-y.patch create mode 100644 queue-4.4/kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch create mode 100644 queue-4.4/pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch create mode 100644 queue-4.4/power-vexpress-add-suppress_bind_attrs-to-true.patch create mode 100644 queue-4.4/sparc32-fix-register-window-handling-in-genregs32_et.patch create mode 100644 queue-4.4/sunrpc-clean-up-properly-in-gss_mech_unregister.patch create mode 100644 queue-4.4/sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch create mode 100644 queue-4.4/w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch diff --git a/queue-4.4/arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch b/queue-4.4/arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch new file mode 100644 index 00000000000..778dff4b010 --- /dev/null +++ b/queue-4.4/arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch @@ -0,0 +1,42 @@ +From 35509737c8f958944e059d501255a0bf18361ba0 Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Fri, 13 Mar 2020 12:01:04 +0300 +Subject: ARM: tegra: Correct PL310 Auxiliary Control Register initialization + +From: Dmitry Osipenko + +commit 35509737c8f958944e059d501255a0bf18361ba0 upstream. + +The PL310 Auxiliary Control Register shouldn't have the "Full line of +zero" optimization bit being set before L2 cache is enabled. The L2X0 +driver takes care of enabling the optimization by itself. + +This patch fixes a noisy error message on Tegra20 and Tegra30 telling +that cache optimization is erroneously enabled without enabling it for +the CPU: + + L2C-310: enabling full line of zeros but not enabled in Cortex-A9 + +Cc: +Signed-off-by: Dmitry Osipenko +Tested-by: Nicolas Chauvet +Signed-off-by: Thierry Reding +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-tegra/tegra.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm/mach-tegra/tegra.c ++++ b/arch/arm/mach-tegra/tegra.c +@@ -155,8 +155,8 @@ static const char * const tegra_dt_board + }; + + DT_MACHINE_START(TEGRA_DT, "NVIDIA Tegra SoC (Flattened Device Tree)") +- .l2c_aux_val = 0x3c400001, +- .l2c_aux_mask = 0xc20fc3fe, ++ .l2c_aux_val = 0x3c400000, ++ .l2c_aux_mask = 0xc20fc3ff, + .smp = smp_ops(tegra_smp_ops), + .map_io = tegra_map_common_io, + .init_early = tegra_init_early, diff --git a/queue-4.4/drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch b/queue-4.4/drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch new file mode 100644 index 00000000000..056c1ee6e50 --- /dev/null +++ b/queue-4.4/drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch @@ -0,0 +1,100 @@ +From 93900337b9ac2f4eca427eff6d187be2dc3b5551 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Thu, 23 Apr 2020 16:00:38 +1000 +Subject: drivers/macintosh: Fix memleak in windfarm_pm112 driver + +From: Michael Ellerman + +commit 93900337b9ac2f4eca427eff6d187be2dc3b5551 upstream. + +create_cpu_loop() calls smu_sat_get_sdb_partition() which does +kmalloc() and returns the allocated buffer. In fact it's called twice, +and neither buffer is freed. + +This results in a memory leak as reported by Erhard: + unreferenced object 0xc00000047081f840 (size 32): + comm "kwindfarm", pid 203, jiffies 4294880630 (age 5552.877s) + hex dump (first 32 bytes): + c8 06 02 7f ff 02 ff 01 fb bf 00 41 00 20 00 00 ...........A. .. + 00 07 89 37 00 a0 00 00 00 00 00 00 00 00 00 00 ...7............ + backtrace: + [<0000000083f0a65c>] .smu_sat_get_sdb_partition+0xc4/0x2d0 [windfarm_smu_sat] + [<000000003010fcb7>] .pm112_wf_notify+0x104c/0x13bc [windfarm_pm112] + [<00000000b958b2dd>] .notifier_call_chain+0xa8/0x180 + [<0000000070490868>] .blocking_notifier_call_chain+0x64/0x90 + [<00000000131d8149>] .wf_thread_func+0x114/0x1a0 + [<000000000d54838d>] .kthread+0x13c/0x190 + [<00000000669b72bc>] .ret_from_kernel_thread+0x58/0x64 + unreferenced object 0xc0000004737089f0 (size 16): + comm "kwindfarm", pid 203, jiffies 4294880879 (age 5552.050s) + hex dump (first 16 bytes): + c4 04 01 7f 22 11 e0 e6 ff 55 7b 12 ec 11 00 00 ...."....U{..... + backtrace: + [<0000000083f0a65c>] .smu_sat_get_sdb_partition+0xc4/0x2d0 [windfarm_smu_sat] + [<00000000b94ef7e1>] .pm112_wf_notify+0x1294/0x13bc [windfarm_pm112] + [<00000000b958b2dd>] .notifier_call_chain+0xa8/0x180 + [<0000000070490868>] .blocking_notifier_call_chain+0x64/0x90 + [<00000000131d8149>] .wf_thread_func+0x114/0x1a0 + [<000000000d54838d>] .kthread+0x13c/0x190 + [<00000000669b72bc>] .ret_from_kernel_thread+0x58/0x64 + +Fix it by rearranging the logic so we deal with each buffer +separately, which then makes it easy to free the buffer once we're +done with it. + +Fixes: ac171c46667c ("[PATCH] powerpc: Thermal control for dual core G5s") +Cc: stable@vger.kernel.org # v2.6.16+ +Reported-by: Erhard F. +Signed-off-by: Michael Ellerman +Tested-by: Erhard F. +Link: https://lore.kernel.org/r/20200423060038.3308530-1-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/macintosh/windfarm_pm112.c | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +--- a/drivers/macintosh/windfarm_pm112.c ++++ b/drivers/macintosh/windfarm_pm112.c +@@ -133,14 +133,6 @@ static int create_cpu_loop(int cpu) + s32 tmax; + int fmin; + +- /* Get PID params from the appropriate SAT */ +- hdr = smu_sat_get_sdb_partition(chip, 0xC8 + core, NULL); +- if (hdr == NULL) { +- printk(KERN_WARNING"windfarm: can't get CPU PID fan config\n"); +- return -EINVAL; +- } +- piddata = (struct smu_sdbp_cpupiddata *)&hdr[1]; +- + /* Get FVT params to get Tmax; if not found, assume default */ + hdr = smu_sat_get_sdb_partition(chip, 0xC4 + core, NULL); + if (hdr) { +@@ -153,6 +145,16 @@ static int create_cpu_loop(int cpu) + if (tmax < cpu_all_tmax) + cpu_all_tmax = tmax; + ++ kfree(hdr); ++ ++ /* Get PID params from the appropriate SAT */ ++ hdr = smu_sat_get_sdb_partition(chip, 0xC8 + core, NULL); ++ if (hdr == NULL) { ++ printk(KERN_WARNING"windfarm: can't get CPU PID fan config\n"); ++ return -EINVAL; ++ } ++ piddata = (struct smu_sdbp_cpupiddata *)&hdr[1]; ++ + /* + * Darwin has a minimum fan speed of 1000 rpm for the 4-way and + * 515 for the 2-way. That appears to be overkill, so for now, +@@ -175,6 +177,9 @@ static int create_cpu_loop(int cpu) + pid.min = fmin; + + wf_cpu_pid_init(&cpu_pid[cpu], &pid); ++ ++ kfree(hdr); ++ + return 0; + } + diff --git a/queue-4.4/kbuild-force-to-build-vmlinux-if-config_modversion-y.patch b/queue-4.4/kbuild-force-to-build-vmlinux-if-config_modversion-y.patch new file mode 100644 index 00000000000..99541297f92 --- /dev/null +++ b/queue-4.4/kbuild-force-to-build-vmlinux-if-config_modversion-y.patch @@ -0,0 +1,57 @@ +From 4b50c8c4eaf06a825d1c005c0b1b4a8307087b83 Mon Sep 17 00:00:00 2001 +From: Masahiro Yamada +Date: Sun, 31 May 2020 17:47:06 +0900 +Subject: kbuild: force to build vmlinux if CONFIG_MODVERSION=y + +From: Masahiro Yamada + +commit 4b50c8c4eaf06a825d1c005c0b1b4a8307087b83 upstream. + +This code does not work as stated in the comment. + +$(CONFIG_MODVERSIONS) is always empty because it is expanded before +include/config/auto.conf is included. Hence, 'make modules' with +CONFIG_MODVERSION=y cannot record the version CRCs. + +This has been broken since 2003, commit ("kbuild: Enable modules to be +build using the "make dir/" syntax"). [1] + +[1]: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=15c6240cdc44bbeef3c4797ec860f9765ef4f1a7 +Cc: linux-stable # v2.5.71+ +Signed-off-by: Masahiro Yamada +Signed-off-by: Greg Kroah-Hartman + +--- + Makefile | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -313,12 +313,8 @@ KBUILD_MODULES := + KBUILD_BUILTIN := 1 + + # If we have only "make modules", don't compile built-in objects. +-# When we're building modules with modversions, we need to consider +-# the built-in objects during the descend as well, in order to +-# make sure the checksums are up to date before we record them. +- + ifeq ($(MAKECMDGOALS),modules) +- KBUILD_BUILTIN := $(if $(CONFIG_MODVERSIONS),1) ++ KBUILD_BUILTIN := + endif + + # If we have "make modules", compile modules +@@ -1156,6 +1152,13 @@ ifdef CONFIG_MODULES + + all: modules + ++# When we're building modules with modversions, we need to consider ++# the built-in objects during the descend as well, in order to ++# make sure the checksums are up to date before we record them. ++ifdef CONFIG_MODVERSIONS ++ KBUILD_BUILTIN := 1 ++endif ++ + # Build modules + # + # A module can be listed more than once in obj-m resulting in diff --git a/queue-4.4/kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch b/queue-4.4/kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch new file mode 100644 index 00000000000..1fdb346ec6a --- /dev/null +++ b/queue-4.4/kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch @@ -0,0 +1,54 @@ +From b5945214b76a1f22929481724ffd448000ede914 Mon Sep 17 00:00:00 2001 +From: Douglas Anderson +Date: Mon, 4 May 2020 10:50:17 -0700 +Subject: kernel/cpu_pm: Fix uninitted local in cpu_pm + +From: Douglas Anderson + +commit b5945214b76a1f22929481724ffd448000ede914 upstream. + +cpu_pm_notify() is basically a wrapper of notifier_call_chain(). +notifier_call_chain() doesn't initialize *nr_calls to 0 before it +starts incrementing it--presumably it's up to the callers to do this. + +Unfortunately the callers of cpu_pm_notify() don't init *nr_calls. +This potentially means you could get too many or two few calls to +CPU_PM_ENTER_FAILED or CPU_CLUSTER_PM_ENTER_FAILED depending on the +luck of the stack. + +Let's fix this. + +Fixes: ab10023e0088 ("cpu_pm: Add cpu power management notifiers") +Cc: stable@vger.kernel.org +Cc: Rafael J. Wysocki +Reviewed-by: Stephen Boyd +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Douglas Anderson +Link: https://lore.kernel.org/r/20200504104917.v6.3.I2d44fc0053d019f239527a4e5829416714b7e299@changeid +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/cpu_pm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/cpu_pm.c ++++ b/kernel/cpu_pm.c +@@ -97,7 +97,7 @@ EXPORT_SYMBOL_GPL(cpu_pm_unregister_noti + */ + int cpu_pm_enter(void) + { +- int nr_calls; ++ int nr_calls = 0; + int ret = 0; + + read_lock(&cpu_pm_notifier_lock); +@@ -156,7 +156,7 @@ EXPORT_SYMBOL_GPL(cpu_pm_exit); + */ + int cpu_cluster_pm_enter(void) + { +- int nr_calls; ++ int nr_calls = 0; + int ret = 0; + + read_lock(&cpu_pm_notifier_lock); diff --git a/queue-4.4/pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch b/queue-4.4/pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch new file mode 100644 index 00000000000..59c9e81e873 --- /dev/null +++ b/queue-4.4/pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch @@ -0,0 +1,72 @@ +From f354157a7d184db430c1a564c506434e33b1bec5 Mon Sep 17 00:00:00 2001 +From: Jonathan Bakker +Date: Sat, 25 Apr 2020 16:10:46 -0700 +Subject: pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs + +From: Jonathan Bakker + +commit f354157a7d184db430c1a564c506434e33b1bec5 upstream. + +Currently, for EINT_TYPE GPIOs, the CON and FLTCON registers +are saved and restored over a suspend/resume cycle. However, the +EINT_MASK registers are not. + +On S5PV210 at the very least, these registers are not retained over +suspend, leading to the interrupts remaining masked upon resume and +therefore no interrupts being triggered for the device. There should +be no effect on any SoCs that do retain these registers as theoretically +we would just be re-writing what was already there. + +Fixes: 7ccbc60cd9c2 ("pinctrl: exynos: Handle suspend/resume of GPIO EINT registers") +Cc: +Signed-off-by: Jonathan Bakker +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/samsung/pinctrl-exynos.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/pinctrl/samsung/pinctrl-exynos.c ++++ b/drivers/pinctrl/samsung/pinctrl-exynos.c +@@ -288,6 +288,7 @@ struct exynos_eint_gpio_save { + u32 eint_con; + u32 eint_fltcon0; + u32 eint_fltcon1; ++ u32 eint_mask; + }; + + /* +@@ -588,10 +589,13 @@ static void exynos_pinctrl_suspend_bank( + + 2 * bank->eint_offset); + save->eint_fltcon1 = readl(regs + EXYNOS_GPIO_EFLTCON_OFFSET + + 2 * bank->eint_offset + 4); ++ save->eint_mask = readl(regs + bank->irq_chip->eint_mask ++ + bank->eint_offset); + + pr_debug("%s: save con %#010x\n", bank->name, save->eint_con); + pr_debug("%s: save fltcon0 %#010x\n", bank->name, save->eint_fltcon0); + pr_debug("%s: save fltcon1 %#010x\n", bank->name, save->eint_fltcon1); ++ pr_debug("%s: save mask %#010x\n", bank->name, save->eint_mask); + } + + static void exynos_pinctrl_suspend(struct samsung_pinctrl_drv_data *drvdata) +@@ -620,6 +624,9 @@ static void exynos_pinctrl_resume_bank( + pr_debug("%s: fltcon1 %#010x => %#010x\n", bank->name, + readl(regs + EXYNOS_GPIO_EFLTCON_OFFSET + + 2 * bank->eint_offset + 4), save->eint_fltcon1); ++ pr_debug("%s: mask %#010x => %#010x\n", bank->name, ++ readl(regs + bank->irq_chip->eint_mask ++ + bank->eint_offset), save->eint_mask); + + writel(save->eint_con, regs + EXYNOS_GPIO_ECON_OFFSET + + bank->eint_offset); +@@ -627,6 +634,8 @@ static void exynos_pinctrl_resume_bank( + + 2 * bank->eint_offset); + writel(save->eint_fltcon1, regs + EXYNOS_GPIO_EFLTCON_OFFSET + + 2 * bank->eint_offset + 4); ++ writel(save->eint_mask, regs + bank->irq_chip->eint_mask ++ + bank->eint_offset); + } + + static void exynos_pinctrl_resume(struct samsung_pinctrl_drv_data *drvdata) diff --git a/queue-4.4/power-vexpress-add-suppress_bind_attrs-to-true.patch b/queue-4.4/power-vexpress-add-suppress_bind_attrs-to-true.patch new file mode 100644 index 00000000000..a1b62052bd8 --- /dev/null +++ b/queue-4.4/power-vexpress-add-suppress_bind_attrs-to-true.patch @@ -0,0 +1,34 @@ +From 73174acc9c75960af2daa7dcbdb9781fc0d135cb Mon Sep 17 00:00:00 2001 +From: Anders Roxell +Date: Wed, 27 May 2020 13:26:04 +0200 +Subject: power: vexpress: add suppress_bind_attrs to true + +From: Anders Roxell + +commit 73174acc9c75960af2daa7dcbdb9781fc0d135cb upstream. + +Make sure that the POWER_RESET_VEXPRESS driver won't have bind/unbind +attributes available via the sysfs, so lets be explicit here and use +".suppress_bind_attrs = true" to prevent userspace from doing something +silly. + +Link: https://lore.kernel.org/r/20200527112608.3886105-2-anders.roxell@linaro.org +Cc: stable@vger.kernel.org +Signed-off-by: Anders Roxell +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/reset/vexpress-poweroff.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/power/reset/vexpress-poweroff.c ++++ b/drivers/power/reset/vexpress-poweroff.c +@@ -150,6 +150,7 @@ static struct platform_driver vexpress_r + .driver = { + .name = "vexpress-reset", + .of_match_table = vexpress_reset_of_match, ++ .suppress_bind_attrs = true, + }, + }; + diff --git a/queue-4.4/series b/queue-4.4/series index 2d632b68c15..a3270c4d2e9 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -87,3 +87,13 @@ b43legacy-fix-case-where-channel-status-is-corrupted.patch b43-fix-connection-problem-with-wpa3.patch b43_legacy-fix-connection-problem-with-wpa3.patch igb-report-speed-and-duplex-as-unknown-when-device-is-runtime-suspended.patch +power-vexpress-add-suppress_bind_attrs-to-true.patch +pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch +sparc32-fix-register-window-handling-in-genregs32_et.patch +kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch +arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch +drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch +kbuild-force-to-build-vmlinux-if-config_modversion-y.patch +sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch +sunrpc-clean-up-properly-in-gss_mech_unregister.patch +w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch diff --git a/queue-4.4/sparc32-fix-register-window-handling-in-genregs32_et.patch b/queue-4.4/sparc32-fix-register-window-handling-in-genregs32_et.patch new file mode 100644 index 00000000000..9953dc750b9 --- /dev/null +++ b/queue-4.4/sparc32-fix-register-window-handling-in-genregs32_et.patch @@ -0,0 +1,290 @@ +From cf51e129b96847f969bfb8af1ee1516a01a70b39 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 17 May 2020 12:20:40 -0400 +Subject: sparc32: fix register window handling in genregs32_[gs]et() + +From: Al Viro + +commit cf51e129b96847f969bfb8af1ee1516a01a70b39 upstream. + +It needs access_process_vm() if the traced process does not share +mm with the caller. Solution is similar to what sparc64 does. +Note that genregs32_set() is only ever called with pos being 0 +or 32 * sizeof(u32) (the latter - as part of PTRACE_SETREGS +handling). + +Cc: stable@kernel.org +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc/kernel/ptrace_32.c | 230 ++++++++++++++++++------------------------ + 1 file changed, 99 insertions(+), 131 deletions(-) + +--- a/arch/sparc/kernel/ptrace_32.c ++++ b/arch/sparc/kernel/ptrace_32.c +@@ -45,82 +45,79 @@ enum sparc_regset { + REGSET_FP, + }; + ++static int regwindow32_get(struct task_struct *target, ++ const struct pt_regs *regs, ++ u32 *uregs) ++{ ++ unsigned long reg_window = regs->u_regs[UREG_I6]; ++ int size = 16 * sizeof(u32); ++ ++ if (target == current) { ++ if (copy_from_user(uregs, (void __user *)reg_window, size)) ++ return -EFAULT; ++ } else { ++ if (access_process_vm(target, reg_window, uregs, size, ++ FOLL_FORCE) != size) ++ return -EFAULT; ++ } ++ return 0; ++} ++ ++static int regwindow32_set(struct task_struct *target, ++ const struct pt_regs *regs, ++ u32 *uregs) ++{ ++ unsigned long reg_window = regs->u_regs[UREG_I6]; ++ int size = 16 * sizeof(u32); ++ ++ if (target == current) { ++ if (copy_to_user((void __user *)reg_window, uregs, size)) ++ return -EFAULT; ++ } else { ++ if (access_process_vm(target, reg_window, uregs, size, ++ FOLL_FORCE | FOLL_WRITE) != size) ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static int genregs32_get(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { + const struct pt_regs *regs = target->thread.kregs; +- unsigned long __user *reg_window; +- unsigned long *k = kbuf; +- unsigned long __user *u = ubuf; +- unsigned long reg; ++ u32 uregs[16]; ++ int ret; + + if (target == current) + flush_user_windows(); + +- pos /= sizeof(reg); +- count /= sizeof(reg); ++ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ regs->u_regs, ++ 0, 16 * sizeof(u32)); ++ if (ret || !count) ++ return ret; + +- if (kbuf) { +- for (; count > 0 && pos < 16; count--) +- *k++ = regs->u_regs[pos++]; +- +- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; +- reg_window -= 16; +- for (; count > 0 && pos < 32; count--) { +- if (get_user(*k++, ®_window[pos++])) +- return -EFAULT; +- } +- } else { +- for (; count > 0 && pos < 16; count--) { +- if (put_user(regs->u_regs[pos++], u++)) +- return -EFAULT; +- } +- +- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; +- reg_window -= 16; +- for (; count > 0 && pos < 32; count--) { +- if (get_user(reg, ®_window[pos++]) || +- put_user(reg, u++)) +- return -EFAULT; +- } +- } +- while (count > 0) { +- switch (pos) { +- case 32: /* PSR */ +- reg = regs->psr; +- break; +- case 33: /* PC */ +- reg = regs->pc; +- break; +- case 34: /* NPC */ +- reg = regs->npc; +- break; +- case 35: /* Y */ +- reg = regs->y; +- break; +- case 36: /* WIM */ +- case 37: /* TBR */ +- reg = 0; +- break; +- default: +- goto finish; +- } +- +- if (kbuf) +- *k++ = reg; +- else if (put_user(reg, u++)) ++ if (pos < 32 * sizeof(u32)) { ++ if (regwindow32_get(target, regs, uregs)) + return -EFAULT; +- pos++; +- count--; ++ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ uregs, ++ 16 * sizeof(u32), 32 * sizeof(u32)); ++ if (ret || !count) ++ return ret; + } +-finish: +- pos *= sizeof(reg); +- count *= sizeof(reg); + +- return user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf, +- 38 * sizeof(reg), -1); ++ uregs[0] = regs->psr; ++ uregs[1] = regs->pc; ++ uregs[2] = regs->npc; ++ uregs[3] = regs->y; ++ uregs[4] = 0; /* WIM */ ++ uregs[5] = 0; /* TBR */ ++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ uregs, ++ 32 * sizeof(u32), 38 * sizeof(u32)); + } + + static int genregs32_set(struct task_struct *target, +@@ -129,82 +126,53 @@ static int genregs32_set(struct task_str + const void *kbuf, const void __user *ubuf) + { + struct pt_regs *regs = target->thread.kregs; +- unsigned long __user *reg_window; +- const unsigned long *k = kbuf; +- const unsigned long __user *u = ubuf; +- unsigned long reg; ++ u32 uregs[16]; ++ u32 psr; ++ int ret; + + if (target == current) + flush_user_windows(); + +- pos /= sizeof(reg); +- count /= sizeof(reg); +- +- if (kbuf) { +- for (; count > 0 && pos < 16; count--) +- regs->u_regs[pos++] = *k++; +- +- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; +- reg_window -= 16; +- for (; count > 0 && pos < 32; count--) { +- if (put_user(*k++, ®_window[pos++])) +- return -EFAULT; +- } +- } else { +- for (; count > 0 && pos < 16; count--) { +- if (get_user(reg, u++)) +- return -EFAULT; +- regs->u_regs[pos++] = reg; +- } +- +- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; +- reg_window -= 16; +- for (; count > 0 && pos < 32; count--) { +- if (get_user(reg, u++) || +- put_user(reg, ®_window[pos++])) +- return -EFAULT; +- } +- } +- while (count > 0) { +- unsigned long psr; +- +- if (kbuf) +- reg = *k++; +- else if (get_user(reg, u++)) +- return -EFAULT; +- +- switch (pos) { +- case 32: /* PSR */ +- psr = regs->psr; +- psr &= ~(PSR_ICC | PSR_SYSCALL); +- psr |= (reg & (PSR_ICC | PSR_SYSCALL)); +- regs->psr = psr; +- break; +- case 33: /* PC */ +- regs->pc = reg; +- break; +- case 34: /* NPC */ +- regs->npc = reg; +- break; +- case 35: /* Y */ +- regs->y = reg; +- break; +- case 36: /* WIM */ +- case 37: /* TBR */ +- break; +- default: +- goto finish; +- } ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ regs->u_regs, ++ 0, 16 * sizeof(u32)); ++ if (ret || !count) ++ return ret; + +- pos++; +- count--; ++ if (pos < 32 * sizeof(u32)) { ++ if (regwindow32_get(target, regs, uregs)) ++ return -EFAULT; ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ uregs, ++ 16 * sizeof(u32), 32 * sizeof(u32)); ++ if (ret) ++ return ret; ++ if (regwindow32_set(target, regs, uregs)) ++ return -EFAULT; ++ if (!count) ++ return 0; + } +-finish: +- pos *= sizeof(reg); +- count *= sizeof(reg); +- ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ &psr, ++ 32 * sizeof(u32), 33 * sizeof(u32)); ++ if (ret) ++ return ret; ++ regs->psr = (regs->psr & ~(PSR_ICC | PSR_SYSCALL)) | ++ (psr & (PSR_ICC | PSR_SYSCALL)); ++ if (!count) ++ return 0; ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ ®s->pc, ++ 33 * sizeof(u32), 34 * sizeof(u32)); ++ if (ret || !count) ++ return ret; ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ ®s->y, ++ 34 * sizeof(u32), 35 * sizeof(u32)); ++ if (ret || !count) ++ return ret; + return user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, +- 38 * sizeof(reg), -1); ++ 35 * sizeof(u32), 38 * sizeof(u32)); + } + + static int fpregs32_get(struct task_struct *target, diff --git a/queue-4.4/sunrpc-clean-up-properly-in-gss_mech_unregister.patch b/queue-4.4/sunrpc-clean-up-properly-in-gss_mech_unregister.patch new file mode 100644 index 00000000000..4b52bd5cc7a --- /dev/null +++ b/queue-4.4/sunrpc-clean-up-properly-in-gss_mech_unregister.patch @@ -0,0 +1,121 @@ +From 24c5efe41c29ee3e55bcf5a1c9f61ca8709622e8 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Fri, 22 May 2020 12:01:33 +1000 +Subject: sunrpc: clean up properly in gss_mech_unregister() + +From: NeilBrown + +commit 24c5efe41c29ee3e55bcf5a1c9f61ca8709622e8 upstream. + +gss_mech_register() calls svcauth_gss_register_pseudoflavor() for each +flavour, but gss_mech_unregister() does not call auth_domain_put(). +This is unbalanced and makes it impossible to reload the module. + +Change svcauth_gss_register_pseudoflavor() to return the registered +auth_domain, and save it for later release. + +Cc: stable@vger.kernel.org (v2.6.12+) +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651 +Signed-off-by: NeilBrown +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/sunrpc/gss_api.h | 1 + + include/linux/sunrpc/svcauth_gss.h | 3 ++- + net/sunrpc/auth_gss/gss_mech_switch.c | 12 +++++++++--- + net/sunrpc/auth_gss/svcauth_gss.c | 12 ++++++------ + 4 files changed, 18 insertions(+), 10 deletions(-) + +--- a/include/linux/sunrpc/gss_api.h ++++ b/include/linux/sunrpc/gss_api.h +@@ -81,6 +81,7 @@ struct pf_desc { + u32 service; + char *name; + char *auth_domain_name; ++ struct auth_domain *domain; + }; + + /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and +--- a/include/linux/sunrpc/svcauth_gss.h ++++ b/include/linux/sunrpc/svcauth_gss.h +@@ -20,7 +20,8 @@ int gss_svc_init(void); + void gss_svc_shutdown(void); + int gss_svc_init_net(struct net *net); + void gss_svc_shutdown_net(struct net *net); +-int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name); ++struct auth_domain *svcauth_gss_register_pseudoflavor(u32 pseudoflavor, ++ char *name); + u32 svcauth_gss_flavor(struct auth_domain *dom); + + #endif /* __KERNEL__ */ +--- a/net/sunrpc/auth_gss/gss_mech_switch.c ++++ b/net/sunrpc/auth_gss/gss_mech_switch.c +@@ -61,6 +61,8 @@ gss_mech_free(struct gss_api_mech *gm) + + for (i = 0; i < gm->gm_pf_num; i++) { + pf = &gm->gm_pfs[i]; ++ if (pf->domain) ++ auth_domain_put(pf->domain); + kfree(pf->auth_domain_name); + pf->auth_domain_name = NULL; + } +@@ -83,6 +85,7 @@ make_auth_domain_name(char *name) + static int + gss_mech_svc_setup(struct gss_api_mech *gm) + { ++ struct auth_domain *dom; + struct pf_desc *pf; + int i, status; + +@@ -92,10 +95,13 @@ gss_mech_svc_setup(struct gss_api_mech * + status = -ENOMEM; + if (pf->auth_domain_name == NULL) + goto out; +- status = svcauth_gss_register_pseudoflavor(pf->pseudoflavor, +- pf->auth_domain_name); +- if (status) ++ dom = svcauth_gss_register_pseudoflavor( ++ pf->pseudoflavor, pf->auth_domain_name); ++ if (IS_ERR(dom)) { ++ status = PTR_ERR(dom); + goto out; ++ } ++ pf->domain = dom; + } + return 0; + out: +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -772,7 +772,7 @@ u32 svcauth_gss_flavor(struct auth_domai + + EXPORT_SYMBOL_GPL(svcauth_gss_flavor); + +-int ++struct auth_domain * + svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) + { + struct gss_domain *new; +@@ -795,17 +795,17 @@ svcauth_gss_register_pseudoflavor(u32 ps + name); + stat = -EADDRINUSE; + auth_domain_put(test); +- kfree(new->h.name); +- goto out_free_dom; ++ goto out_free_name; + } +- return 0; ++ return test; + ++out_free_name: ++ kfree(new->h.name); + out_free_dom: + kfree(new); + out: +- return stat; ++ return ERR_PTR(stat); + } +- + EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor); + + static inline int diff --git a/queue-4.4/sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch b/queue-4.4/sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch new file mode 100644 index 00000000000..4b414f614b6 --- /dev/null +++ b/queue-4.4/sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch @@ -0,0 +1,46 @@ +From d47a5dc2888fd1b94adf1553068b8dad76cec96c Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Fri, 22 May 2020 12:01:33 +1000 +Subject: sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. + +From: NeilBrown + +commit d47a5dc2888fd1b94adf1553068b8dad76cec96c upstream. + +There is no valid case for supporting duplicate pseudoflavor +registrations. +Currently the silent acceptance of such registrations is hiding a bug. +The rpcsec_gss_krb5 module registers 2 flavours but does not unregister +them, so if you load, unload, reload the module, it will happily +continue to use the old registration which now has pointers to the +memory were the module was originally loaded. This could lead to +unexpected results. + +So disallow duplicate registrations. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651 +Cc: stable@vger.kernel.org (v2.6.12+) +Signed-off-by: NeilBrown +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/auth_gss/svcauth_gss.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -789,9 +789,11 @@ svcauth_gss_register_pseudoflavor(u32 ps + new->h.flavour = &svcauthops_gss; + new->pseudoflavor = pseudoflavor; + +- stat = 0; + test = auth_domain_lookup(name, &new->h); +- if (test != &new->h) { /* Duplicate registration */ ++ if (test != &new->h) { ++ pr_warn("svc: duplicate registration of gss pseudo flavour %s.\n", ++ name); ++ stat = -EADDRINUSE; + auth_domain_put(test); + kfree(new->h.name); + goto out_free_dom; diff --git a/queue-4.4/w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch b/queue-4.4/w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch new file mode 100644 index 00000000000..9a1130bf7c2 --- /dev/null +++ b/queue-4.4/w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch @@ -0,0 +1,69 @@ +From 5e02f3b31704e24537697bce54f8156bdb72b7a6 Mon Sep 17 00:00:00 2001 +From: "H. Nikolaus Schaller" +Date: Sat, 23 May 2020 19:32:54 +0200 +Subject: w1: omap-hdq: cleanup to add missing newline for some dev_dbg + +From: H. Nikolaus Schaller + +commit 5e02f3b31704e24537697bce54f8156bdb72b7a6 upstream. + +Otherwise it will corrupt the console log during debugging. + +Fixes: 7b5362a603a1 ("w1: omap_hdq: Fix some error/debug handling.") +Cc: stable@vger.kernel.org +Acked-by: Tony Lindgren +Signed-off-by: H. Nikolaus Schaller +Link: https://lore.kernel.org/r/cd0d55749a091214106575f6e1d363c6db56622f.1590255176.git.hns@goldelico.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/w1/masters/omap_hdq.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/w1/masters/omap_hdq.c ++++ b/drivers/w1/masters/omap_hdq.c +@@ -204,7 +204,7 @@ static int hdq_write_byte(struct hdq_dat + /* check irqstatus */ + if (!(*status & OMAP_HDQ_INT_STATUS_TXCOMPLETE)) { + dev_dbg(hdq_data->dev, "timeout waiting for" +- " TXCOMPLETE/RXCOMPLETE, %x", *status); ++ " TXCOMPLETE/RXCOMPLETE, %x\n", *status); + ret = -ETIMEDOUT; + goto out; + } +@@ -215,7 +215,7 @@ static int hdq_write_byte(struct hdq_dat + OMAP_HDQ_FLAG_CLEAR, &tmp_status); + if (ret) { + dev_dbg(hdq_data->dev, "timeout waiting GO bit" +- " return to zero, %x", tmp_status); ++ " return to zero, %x\n", tmp_status); + } + + out: +@@ -231,7 +231,7 @@ static irqreturn_t hdq_isr(int irq, void + spin_lock_irqsave(&hdq_data->hdq_spinlock, irqflags); + hdq_data->hdq_irqstatus = hdq_reg_in(hdq_data, OMAP_HDQ_INT_STATUS); + spin_unlock_irqrestore(&hdq_data->hdq_spinlock, irqflags); +- dev_dbg(hdq_data->dev, "hdq_isr: %x", hdq_data->hdq_irqstatus); ++ dev_dbg(hdq_data->dev, "hdq_isr: %x\n", hdq_data->hdq_irqstatus); + + if (hdq_data->hdq_irqstatus & + (OMAP_HDQ_INT_STATUS_TXCOMPLETE | OMAP_HDQ_INT_STATUS_RXCOMPLETE +@@ -339,7 +339,7 @@ static int omap_hdq_break(struct hdq_dat + tmp_status = hdq_data->hdq_irqstatus; + /* check irqstatus */ + if (!(tmp_status & OMAP_HDQ_INT_STATUS_TIMEOUT)) { +- dev_dbg(hdq_data->dev, "timeout waiting for TIMEOUT, %x", ++ dev_dbg(hdq_data->dev, "timeout waiting for TIMEOUT, %x\n", + tmp_status); + ret = -ETIMEDOUT; + goto out; +@@ -366,7 +366,7 @@ static int omap_hdq_break(struct hdq_dat + &tmp_status); + if (ret) + dev_dbg(hdq_data->dev, "timeout waiting INIT&GO bits" +- " return to zero, %x", tmp_status); ++ " return to zero, %x\n", tmp_status); + + out: + mutex_unlock(&hdq_data->hdq_mutex); -- 2.47.3