From 78d742f2883b6cd8b122f2e3608cf5cc2fe65bb7 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 19 Mar 2020 11:07:07 +0100 Subject: [PATCH] 5.5-stable patches added patches: arm-8958-1-rename-missed-uaccess-.fixup-section.patch arm-8961-2-fix-kbuild-issue-caused-by-per-task-stack-protector-gcc-plugin.patch hid-add-always_poll-quirk-to-lenovo-pixart-mouse.patch hid-google-add-moonball-usb-id.patch mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch --- ...rename-missed-uaccess-.fixup-section.patch | 43 ++++++++ ...-per-task-stack-protector-gcc-plugin.patch | 101 ++++++++++++++++++ ...ys_poll-quirk-to-lenovo-pixart-mouse.patch | 44 ++++++++ .../hid-google-add-moonball-usb-id.patch | 42 ++++++++ ...ng-tid-bump-in-kmem_cache_alloc_bulk.patch | 46 ++++++++ queue-5.5/series | 5 + 6 files changed, 281 insertions(+) create mode 100644 queue-5.5/arm-8958-1-rename-missed-uaccess-.fixup-section.patch create mode 100644 queue-5.5/arm-8961-2-fix-kbuild-issue-caused-by-per-task-stack-protector-gcc-plugin.patch create mode 100644 queue-5.5/hid-add-always_poll-quirk-to-lenovo-pixart-mouse.patch create mode 100644 queue-5.5/hid-google-add-moonball-usb-id.patch create mode 100644 queue-5.5/mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch diff --git a/queue-5.5/arm-8958-1-rename-missed-uaccess-.fixup-section.patch b/queue-5.5/arm-8958-1-rename-missed-uaccess-.fixup-section.patch new file mode 100644 index 00000000000..3eb70629258 --- /dev/null +++ b/queue-5.5/arm-8958-1-rename-missed-uaccess-.fixup-section.patch @@ -0,0 +1,43 @@ +From f87b1c49bc675da30d8e1e8f4b60b800312c7b90 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Mon, 10 Feb 2020 02:04:17 +0100 +Subject: ARM: 8958/1: rename missed uaccess .fixup section + +From: Kees Cook + +commit f87b1c49bc675da30d8e1e8f4b60b800312c7b90 upstream. + +When the uaccess .fixup section was renamed to .text.fixup, one case was +missed. Under ld.bfd, the orphaned section was moved close to .text +(since they share the "ax" bits), so things would work normally on +uaccess faults. Under ld.lld, the orphaned section was placed outside +the .text section, making it unreachable. + +Link: https://github.com/ClangBuiltLinux/linux/issues/282 +Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1020633#c44 +Link: https://lore.kernel.org/r/nycvar.YSQ.7.76.1912032147340.17114@knanqh.ubzr +Link: https://lore.kernel.org/lkml/202002071754.F5F073F1D@keescook/ + +Fixes: c4a84ae39b4a5 ("ARM: 8322/1: keep .text and .fixup regions closer together") +Cc: stable@vger.kernel.org +Signed-off-by: Kees Cook +Reviewed-by: Ard Biesheuvel +Reviewed-by: Nick Desaulniers +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/lib/copy_from_user.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/lib/copy_from_user.S ++++ b/arch/arm/lib/copy_from_user.S +@@ -118,7 +118,7 @@ ENTRY(arm_copy_from_user) + + ENDPROC(arm_copy_from_user) + +- .pushsection .fixup,"ax" ++ .pushsection .text.fixup,"ax" + .align 0 + copy_abort_preamble + ldmfd sp!, {r1, r2, r3} diff --git a/queue-5.5/arm-8961-2-fix-kbuild-issue-caused-by-per-task-stack-protector-gcc-plugin.patch b/queue-5.5/arm-8961-2-fix-kbuild-issue-caused-by-per-task-stack-protector-gcc-plugin.patch new file mode 100644 index 00000000000..70544e8093e --- /dev/null +++ b/queue-5.5/arm-8961-2-fix-kbuild-issue-caused-by-per-task-stack-protector-gcc-plugin.patch @@ -0,0 +1,101 @@ +From 89604523a76eb3e13014b2bdab7f8870becee284 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 18 Feb 2020 09:15:34 +0100 +Subject: ARM: 8961/2: Fix Kbuild issue caused by per-task stack protector GCC plugin + +From: Ard Biesheuvel + +commit 89604523a76eb3e13014b2bdab7f8870becee284 upstream. + +When using plugins, GCC requires that the -fplugin= options precedes +any of its plugin arguments appearing on the command line as well. +This is usually not a concern, but as it turns out, this requirement +is causing some issues with ARM's per-task stack protector plugin +and Kbuild's implementation of $(cc-option). + +When the per-task stack protector plugin is enabled, and we tweak +the implementation of cc-option not to pipe the stderr output of +GCC to /dev/null, the following output is generated when GCC is +executed in the context of cc-option: + + cc1: error: plugin arm_ssp_per_task_plugin should be specified before \ + -fplugin-arg-arm_ssp_per_task_plugin-tso=1 in the command line + cc1: error: plugin arm_ssp_per_task_plugin should be specified before \ + -fplugin-arg-arm_ssp_per_task_plugin-offset=24 in the command line + +These errors will cause any option passed to cc-option to be treated +as unsupported, which is obviously incorrect. + +The cause of this issue is the fact that the -fplugin= argument is +added to GCC_PLUGINS_CFLAGS, whereas the arguments above are added +to KBUILD_CFLAGS, and the contents of the former get filtered out of +the latter before being passed to the GCC running the cc-option test, +and so the -fplugin= option does not appear at all on the GCC command +line. + +Adding the arguments to GCC_PLUGINS_CFLAGS instead of KBUILD_CFLAGS +would be the correct approach here, if it weren't for the fact that we +are using $(eval) to defer the moment that they are added until after +asm-offsets.h is generated, which is after the point where the contents +of GCC_PLUGINS_CFLAGS are added to KBUILD_CFLAGS. So instead, we have +to add our plugin arguments to both. + +For similar reasons, we cannot append DISABLE_ARM_SSP_PER_TASK_PLUGIN +to KBUILD_CFLAGS, as it will be passed to GCC when executing in the +context of cc-option, whereas the other plugin arguments will have +been filtered out, resulting in a similar error and false negative +result as above. So add it to ccflags-y instead. + +Fixes: 189af4657186da08 ("ARM: smp: add support for per-task stack canaries") +Reported-by: Merlijn Wajer +Tested-by: Tony Lindgren +Acked-by: Kees Cook +Reviewed-by: Masahiro Yamada +Signed-off-by: Ard Biesheuvel +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/Makefile | 4 +++- + arch/arm/boot/compressed/Makefile | 4 ++-- + 2 files changed, 5 insertions(+), 3 deletions(-) + +--- a/arch/arm/Makefile ++++ b/arch/arm/Makefile +@@ -307,13 +307,15 @@ endif + ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y) + prepare: stack_protector_prepare + stack_protector_prepare: prepare0 +- $(eval KBUILD_CFLAGS += \ ++ $(eval SSP_PLUGIN_CFLAGS := \ + -fplugin-arg-arm_ssp_per_task_plugin-tso=$(shell \ + awk '{if ($$2 == "THREAD_SZ_ORDER") print $$3;}'\ + include/generated/asm-offsets.h) \ + -fplugin-arg-arm_ssp_per_task_plugin-offset=$(shell \ + awk '{if ($$2 == "TI_STACK_CANARY") print $$3;}'\ + include/generated/asm-offsets.h)) ++ $(eval KBUILD_CFLAGS += $(SSP_PLUGIN_CFLAGS)) ++ $(eval GCC_PLUGINS_CFLAGS += $(SSP_PLUGIN_CFLAGS)) + endif + + all: $(notdir $(KBUILD_IMAGE)) +--- a/arch/arm/boot/compressed/Makefile ++++ b/arch/arm/boot/compressed/Makefile +@@ -101,7 +101,6 @@ clean-files += piggy_data lib1funcs.S as + $(libfdt) $(libfdt_hdrs) hyp-stub.S + + KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING +-KBUILD_CFLAGS += $(DISABLE_ARM_SSP_PER_TASK_PLUGIN) + + ifeq ($(CONFIG_FUNCTION_TRACER),y) + ORIG_CFLAGS := $(KBUILD_CFLAGS) +@@ -117,7 +116,8 @@ CFLAGS_fdt_ro.o := $(nossp_flags) + CFLAGS_fdt_rw.o := $(nossp_flags) + CFLAGS_fdt_wip.o := $(nossp_flags) + +-ccflags-y := -fpic $(call cc-option,-mno-single-pic-base,) -fno-builtin -I$(obj) ++ccflags-y := -fpic $(call cc-option,-mno-single-pic-base,) -fno-builtin \ ++ -I$(obj) $(DISABLE_ARM_SSP_PER_TASK_PLUGIN) + asflags-y := -DZIMAGE + + # Supply kernel BSS size to the decompressor via a linker symbol. diff --git a/queue-5.5/hid-add-always_poll-quirk-to-lenovo-pixart-mouse.patch b/queue-5.5/hid-add-always_poll-quirk-to-lenovo-pixart-mouse.patch new file mode 100644 index 00000000000..b7461f9fd9b --- /dev/null +++ b/queue-5.5/hid-add-always_poll-quirk-to-lenovo-pixart-mouse.patch @@ -0,0 +1,44 @@ +From 819d578d51d0ce73f06e35d69395ef55cd683a74 Mon Sep 17 00:00:00 2001 +From: Tony Fischetti +Date: Thu, 12 Mar 2020 12:16:06 -0400 +Subject: HID: add ALWAYS_POLL quirk to lenovo pixart mouse + +From: Tony Fischetti + +commit 819d578d51d0ce73f06e35d69395ef55cd683a74 upstream. + +A lenovo pixart mouse (17ef:608d) is afflicted common the the malfunction +where it disconnects and reconnects every minute--each time incrementing +the device number. This patch adds the device id of the device and +specifies that it needs the HID_QUIRK_ALWAYS_POLL quirk in order to +work properly. + +Signed-off-by: Tony Fischetti +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hid/hid-ids.h | 1 + + drivers/hid/hid-quirks.c | 1 + + 2 files changed, 2 insertions(+) + +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -727,6 +727,7 @@ + #define USB_DEVICE_ID_LENOVO_X1_COVER 0x6085 + #define USB_DEVICE_ID_LENOVO_X1_TAB 0x60a3 + #define USB_DEVICE_ID_LENOVO_X1_TAB3 0x60b5 ++#define USB_DEVICE_ID_LENOVO_PIXART_USB_MOUSE_608D 0x608d + + #define USB_VENDOR_ID_LG 0x1fd2 + #define USB_DEVICE_ID_LG_MULTITOUCH 0x0064 +--- a/drivers/hid/hid-quirks.c ++++ b/drivers/hid/hid-quirks.c +@@ -103,6 +103,7 @@ static const struct hid_device_id hid_qu + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_PENSKETCH_M912), HID_QUIRK_MULTI_INPUT }, + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_KYE_EASYPEN_M406XE), HID_QUIRK_MULTI_INPUT }, + { HID_USB_DEVICE(USB_VENDOR_ID_KYE, USB_DEVICE_ID_PIXART_USB_OPTICAL_MOUSE_ID2), HID_QUIRK_ALWAYS_POLL }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_LENOVO, USB_DEVICE_ID_LENOVO_PIXART_USB_MOUSE_608D), HID_QUIRK_ALWAYS_POLL }, + { HID_USB_DEVICE(USB_VENDOR_ID_LOGITECH, USB_DEVICE_ID_LOGITECH_C007), HID_QUIRK_ALWAYS_POLL }, + { HID_USB_DEVICE(USB_VENDOR_ID_LOGITECH, USB_DEVICE_ID_LOGITECH_C077), HID_QUIRK_ALWAYS_POLL }, + { HID_USB_DEVICE(USB_VENDOR_ID_LOGITECH, USB_DEVICE_ID_LOGITECH_KEYBOARD_G710_PLUS), HID_QUIRK_NOGET }, diff --git a/queue-5.5/hid-google-add-moonball-usb-id.patch b/queue-5.5/hid-google-add-moonball-usb-id.patch new file mode 100644 index 00000000000..1eecae89dfd --- /dev/null +++ b/queue-5.5/hid-google-add-moonball-usb-id.patch @@ -0,0 +1,42 @@ +From 58322a1590fc189a8e1e349d309637d4a4942840 Mon Sep 17 00:00:00 2001 +From: Chen-Tsung Hsieh +Date: Mon, 16 Mar 2020 15:24:19 +0800 +Subject: HID: google: add moonball USB id + +From: Chen-Tsung Hsieh + +commit 58322a1590fc189a8e1e349d309637d4a4942840 upstream. + +Add 1 additional hammer-like device. + +Signed-off-by: Chen-Tsung Hsieh +Reviewed-by: Nicolas Boichat +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hid/hid-google-hammer.c | 2 ++ + drivers/hid/hid-ids.h | 1 + + 2 files changed, 3 insertions(+) + +--- a/drivers/hid/hid-google-hammer.c ++++ b/drivers/hid/hid-google-hammer.c +@@ -533,6 +533,8 @@ static const struct hid_device_id hammer + { HID_DEVICE(BUS_USB, HID_GROUP_GENERIC, + USB_VENDOR_ID_GOOGLE, USB_DEVICE_ID_GOOGLE_MASTERBALL) }, + { HID_DEVICE(BUS_USB, HID_GROUP_GENERIC, ++ USB_VENDOR_ID_GOOGLE, USB_DEVICE_ID_GOOGLE_MOONBALL) }, ++ { HID_DEVICE(BUS_USB, HID_GROUP_GENERIC, + USB_VENDOR_ID_GOOGLE, USB_DEVICE_ID_GOOGLE_STAFF) }, + { HID_DEVICE(BUS_USB, HID_GROUP_GENERIC, + USB_VENDOR_ID_GOOGLE, USB_DEVICE_ID_GOOGLE_WAND) }, +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -478,6 +478,7 @@ + #define USB_DEVICE_ID_GOOGLE_WHISKERS 0x5030 + #define USB_DEVICE_ID_GOOGLE_MASTERBALL 0x503c + #define USB_DEVICE_ID_GOOGLE_MAGNEMITE 0x503d ++#define USB_DEVICE_ID_GOOGLE_MOONBALL 0x5044 + + #define USB_VENDOR_ID_GOTOP 0x08f2 + #define USB_DEVICE_ID_SUPER_Q2 0x007f diff --git a/queue-5.5/mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch b/queue-5.5/mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch new file mode 100644 index 00000000000..30fb6223e55 --- /dev/null +++ b/queue-5.5/mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch @@ -0,0 +1,46 @@ +From fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Tue, 17 Mar 2020 01:28:45 +0100 +Subject: mm: slub: add missing TID bump in kmem_cache_alloc_bulk() + +From: Jann Horn + +commit fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 upstream. + +When kmem_cache_alloc_bulk() attempts to allocate N objects from a percpu +freelist of length M, and N > M > 0, it will first remove the M elements +from the percpu freelist, then call ___slab_alloc() to allocate the next +element and repopulate the percpu freelist. ___slab_alloc() can re-enable +IRQs via allocate_slab(), so the TID must be bumped before ___slab_alloc() +to properly commit the freelist head change. + +Fix it by unconditionally bumping c->tid when entering the slowpath. + +Cc: stable@vger.kernel.org +Fixes: ebe909e0fdb3 ("slub: improve bulk alloc strategy") +Signed-off-by: Jann Horn +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/slub.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -3156,6 +3156,15 @@ int kmem_cache_alloc_bulk(struct kmem_ca + + if (unlikely(!object)) { + /* ++ * We may have removed an object from c->freelist using ++ * the fastpath in the previous iteration; in that case, ++ * c->tid has not been bumped yet. ++ * Since ___slab_alloc() may reenable interrupts while ++ * allocating memory, we should bump c->tid now. ++ */ ++ c->tid = next_tid(c->tid); ++ ++ /* + * Invoking slow path likely have side-effect + * of re-populating per CPU c->freelist + */ diff --git a/queue-5.5/series b/queue-5.5/series index 9648e9aa999..9f033fe481a 100644 --- a/queue-5.5/series +++ b/queue-5.5/series @@ -57,3 +57,8 @@ net-dsa-mv88e6xxx-fix-masking-of-egress-port.patch jbd2-fix-data-races-at-struct-journal_head.patch blk-mq-insert-flush-request-to-the-front-of-dispatch.patch arm-8957-1-vdso-match-armv8-timer-in-cntvct_functional.patch +arm-8958-1-rename-missed-uaccess-.fixup-section.patch +mm-slub-add-missing-tid-bump-in-kmem_cache_alloc_bulk.patch +hid-google-add-moonball-usb-id.patch +hid-add-always_poll-quirk-to-lenovo-pixart-mouse.patch +arm-8961-2-fix-kbuild-issue-caused-by-per-task-stack-protector-gcc-plugin.patch -- 2.47.3