From 888c9dda940d753a1d5947e9343106983fc29b25 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 4 Jun 2019 14:21:48 +0200 Subject: [PATCH] 5.1-stable patches added patches: arm64-fix-the-arm64_personality-syscall-wrapper-redirection.patch cifs-cifs_read_allocate_pages-don-t-iterate-through-whole-page-array-on-enomem.patch cifs-fix-memory-leak-of-pneg_inbuf-on-eopnotsupp-ioctl-case.patch clk-imx-imx8mm-fix-int-pll-clk-gate.patch doc-cope-with-sphinx-logging-deprecations.patch doc-cope-with-the-deprecation-of-autoreporter.patch docs-fix-conf.py-for-sphinx-2.0.patch drm-nouveau-i2c-disable-i2c-bus-access-after-fini.patch evm-check-hash-algorithm-passed-to-init_desc.patch gcc-plugins-fix-build-failures-under-darwin-host.patch i2c-mlxcpld-fix-wrong-initialization-order-in-probe.patch i2c-synquacer-fix-synquacer_i2c_doxfer-return-value.patch ima-fix-wrong-signed-policy-requirement-when-not-appraising.patch ima-show-rules-with-ima_inmask-correctly.patch kasan-initialize-tag-to-0xff-in-__kasan_kmalloc.patch kernel-signal.c-trace_signal_deliver-when-signal_group_exit.patch memcg-make-it-work-on-sparse-non-0-node-systems.patch mm-compaction-make-sure-we-isolate-a-valid-pfn.patch mm-memcg-consider-subtrees-in-memory.events.patch revert-lockd-show-pid-of-lockd-for-remote-locks.patch serial-sh-sci-disable-dma-for-uart_console.patch signal-arm64-use-force_sig-not-force_sig_fault-for-sigkill.patch staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch staging-wlan-ng-fix-adapter-initialization-failure.patch tty-max310x-fix-external-crystal-register-setup.patch tty-serial-msm_serial-fix-xon-xoff.patch vt-fbcon-deinitialize-resources-in-visual_init-after-failed-memory-allocation.patch x86-ima-check-efi_runtime_services-before-using.patch --- ...sonality-syscall-wrapper-redirection.patch | 36 +++ ...e-through-whole-page-array-on-enomem.patch | 37 +++ ...-pneg_inbuf-on-eopnotsupp-ioctl-case.patch | 36 +++ .../clk-imx-imx8mm-fix-int-pll-clk-gate.patch | 45 +++ ...ope-with-sphinx-logging-deprecations.patch | 227 +++++++++++++++ ...with-the-deprecation-of-autoreporter.patch | 83 ++++++ .../docs-fix-conf.py-for-sphinx-2.0.patch | 32 +++ ...2c-disable-i2c-bus-access-after-fini.patch | 265 ++++++++++++++++++ ...k-hash-algorithm-passed-to-init_desc.patch | 36 +++ ...fix-build-failures-under-darwin-host.patch | 52 ++++ ...-wrong-initialization-order-in-probe.patch | 44 +++ ...ix-synquacer_i2c_doxfer-return-value.patch | 35 +++ ...licy-requirement-when-not-appraising.patch | 41 +++ ...show-rules-with-ima_inmask-correctly.patch | 69 +++++ ...alize-tag-to-0xff-in-__kasan_kmalloc.patch | 52 ++++ ...ignal_deliver-when-signal_group_exit.patch | 50 ++++ ...it-work-on-sparse-non-0-node-systems.patch | 97 +++++++ ...ion-make-sure-we-isolate-a-valid-pfn.patch | 106 +++++++ ...g-consider-subtrees-in-memory.events.patch | 181 ++++++++++++ ...d-show-pid-of-lockd-for-remote-locks.patch | 68 +++++ ...-sh-sci-disable-dma-for-uart_console.patch | 46 +++ queue-5.1/series | 28 ++ ..._sig-not-force_sig_fault-for-sigkill.patch | 55 ++++ ...-integer-overflow-in-create_pagelist.patch | 55 ++++ ...g-fix-adapter-initialization-failure.patch | 52 ++++ ...-fix-external-crystal-register-setup.patch | 42 +++ .../tty-serial-msm_serial-fix-xon-xoff.patch | 53 ++++ ..._init-after-failed-memory-allocation.patch | 96 +++++++ ...ck-efi_runtime_services-before-using.patch | 39 +++ 29 files changed, 2058 insertions(+) create mode 100644 queue-5.1/arm64-fix-the-arm64_personality-syscall-wrapper-redirection.patch create mode 100644 queue-5.1/cifs-cifs_read_allocate_pages-don-t-iterate-through-whole-page-array-on-enomem.patch create mode 100644 queue-5.1/cifs-fix-memory-leak-of-pneg_inbuf-on-eopnotsupp-ioctl-case.patch create mode 100644 queue-5.1/clk-imx-imx8mm-fix-int-pll-clk-gate.patch create mode 100644 queue-5.1/doc-cope-with-sphinx-logging-deprecations.patch create mode 100644 queue-5.1/doc-cope-with-the-deprecation-of-autoreporter.patch create mode 100644 queue-5.1/docs-fix-conf.py-for-sphinx-2.0.patch create mode 100644 queue-5.1/drm-nouveau-i2c-disable-i2c-bus-access-after-fini.patch create mode 100644 queue-5.1/evm-check-hash-algorithm-passed-to-init_desc.patch create mode 100644 queue-5.1/gcc-plugins-fix-build-failures-under-darwin-host.patch create mode 100644 queue-5.1/i2c-mlxcpld-fix-wrong-initialization-order-in-probe.patch create mode 100644 queue-5.1/i2c-synquacer-fix-synquacer_i2c_doxfer-return-value.patch create mode 100644 queue-5.1/ima-fix-wrong-signed-policy-requirement-when-not-appraising.patch create mode 100644 queue-5.1/ima-show-rules-with-ima_inmask-correctly.patch create mode 100644 queue-5.1/kasan-initialize-tag-to-0xff-in-__kasan_kmalloc.patch create mode 100644 queue-5.1/kernel-signal.c-trace_signal_deliver-when-signal_group_exit.patch create mode 100644 queue-5.1/memcg-make-it-work-on-sparse-non-0-node-systems.patch create mode 100644 queue-5.1/mm-compaction-make-sure-we-isolate-a-valid-pfn.patch create mode 100644 queue-5.1/mm-memcg-consider-subtrees-in-memory.events.patch create mode 100644 queue-5.1/revert-lockd-show-pid-of-lockd-for-remote-locks.patch create mode 100644 queue-5.1/serial-sh-sci-disable-dma-for-uart_console.patch create mode 100644 queue-5.1/signal-arm64-use-force_sig-not-force_sig_fault-for-sigkill.patch create mode 100644 queue-5.1/staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch create mode 100644 queue-5.1/staging-wlan-ng-fix-adapter-initialization-failure.patch create mode 100644 queue-5.1/tty-max310x-fix-external-crystal-register-setup.patch create mode 100644 queue-5.1/tty-serial-msm_serial-fix-xon-xoff.patch create mode 100644 queue-5.1/vt-fbcon-deinitialize-resources-in-visual_init-after-failed-memory-allocation.patch create mode 100644 queue-5.1/x86-ima-check-efi_runtime_services-before-using.patch diff --git a/queue-5.1/arm64-fix-the-arm64_personality-syscall-wrapper-redirection.patch b/queue-5.1/arm64-fix-the-arm64_personality-syscall-wrapper-redirection.patch new file mode 100644 index 00000000000..e05b26b836c --- /dev/null +++ b/queue-5.1/arm64-fix-the-arm64_personality-syscall-wrapper-redirection.patch @@ -0,0 +1,36 @@ +From 00377277166bac6939d8f72b429301369acaf2d8 Mon Sep 17 00:00:00 2001 +From: Catalin Marinas +Date: Tue, 28 May 2019 12:39:34 +0100 +Subject: arm64: Fix the arm64_personality() syscall wrapper redirection + +From: Catalin Marinas + +commit 00377277166bac6939d8f72b429301369acaf2d8 upstream. + +Following commit 4378a7d4be30 ("arm64: implement syscall wrappers"), the +syscall function names gained the '__arm64_' prefix. Ensure that we +have the correct #define for redirecting a default syscall through a +wrapper. + +Fixes: 4378a7d4be30 ("arm64: implement syscall wrappers") +Cc: # 4.19.x- +Acked-by: Mark Rutland +Signed-off-by: Catalin Marinas +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/sys.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/kernel/sys.c ++++ b/arch/arm64/kernel/sys.c +@@ -50,7 +50,7 @@ SYSCALL_DEFINE1(arm64_personality, unsig + /* + * Wrappers to pass the pt_regs argument. + */ +-#define sys_personality sys_arm64_personality ++#define __arm64_sys_personality __arm64_sys_arm64_personality + + asmlinkage long sys_ni_syscall(const struct pt_regs *); + #define __arm64_sys_ni_syscall sys_ni_syscall diff --git a/queue-5.1/cifs-cifs_read_allocate_pages-don-t-iterate-through-whole-page-array-on-enomem.patch b/queue-5.1/cifs-cifs_read_allocate_pages-don-t-iterate-through-whole-page-array-on-enomem.patch new file mode 100644 index 00000000000..863b2790294 --- /dev/null +++ b/queue-5.1/cifs-cifs_read_allocate_pages-don-t-iterate-through-whole-page-array-on-enomem.patch @@ -0,0 +1,37 @@ +From 31fad7d41e73731f05b8053d17078638cf850fa6 Mon Sep 17 00:00:00 2001 +From: Roberto Bergantinos Corpas +Date: Tue, 28 May 2019 09:38:14 +0200 +Subject: CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM + +From: Roberto Bergantinos Corpas + +commit 31fad7d41e73731f05b8053d17078638cf850fa6 upstream. + + In cifs_read_allocate_pages, in case of ENOMEM, we go through +whole rdata->pages array but we have failed the allocation before +nr_pages, therefore we may end up calling put_page with NULL +pointer, causing oops + +Signed-off-by: Roberto Bergantinos Corpas +Acked-by: Pavel Shilovsky +Signed-off-by: Steve French +CC: Stable +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/file.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -3221,7 +3221,9 @@ cifs_read_allocate_pages(struct cifs_rea + } + + if (rc) { +- for (i = 0; i < nr_pages; i++) { ++ unsigned int nr_page_failed = i; ++ ++ for (i = 0; i < nr_page_failed; i++) { + put_page(rdata->pages[i]); + rdata->pages[i] = NULL; + } diff --git a/queue-5.1/cifs-fix-memory-leak-of-pneg_inbuf-on-eopnotsupp-ioctl-case.patch b/queue-5.1/cifs-fix-memory-leak-of-pneg_inbuf-on-eopnotsupp-ioctl-case.patch new file mode 100644 index 00000000000..2278994a0ef --- /dev/null +++ b/queue-5.1/cifs-fix-memory-leak-of-pneg_inbuf-on-eopnotsupp-ioctl-case.patch @@ -0,0 +1,36 @@ +From 210782038b54ec8e9059a3c12d6f6ae173efa3a9 Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Fri, 17 May 2019 09:12:33 +0100 +Subject: cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case + +From: Colin Ian King + +commit 210782038b54ec8e9059a3c12d6f6ae173efa3a9 upstream. + +Currently in the case where SMB2_ioctl returns the -EOPNOTSUPP error +there is a memory leak of pneg_inbuf. Fix this by returning via +the out_free_inbuf exit path that will perform the relevant kfree. + +Addresses-Coverity: ("Resource leak") +Fixes: 969ae8e8d4ee ("cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED") +CC: Stable # v5.1+ +Signed-off-by: Colin Ian King +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2pdu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -1013,7 +1013,8 @@ int smb3_validate_negotiate(const unsign + * not supported error. Client should accept it. + */ + cifs_dbg(VFS, "Server does not support validate negotiate\n"); +- return 0; ++ rc = 0; ++ goto out_free_inbuf; + } else if (rc != 0) { + cifs_dbg(VFS, "validate protocol negotiate failed: %d\n", rc); + rc = -EIO; diff --git a/queue-5.1/clk-imx-imx8mm-fix-int-pll-clk-gate.patch b/queue-5.1/clk-imx-imx8mm-fix-int-pll-clk-gate.patch new file mode 100644 index 00000000000..499ac3ad0fc --- /dev/null +++ b/queue-5.1/clk-imx-imx8mm-fix-int-pll-clk-gate.patch @@ -0,0 +1,45 @@ +From b3fddd5b100e4aee4f7ec58360435024971dea47 Mon Sep 17 00:00:00 2001 +From: Peng Fan +Date: Mon, 20 May 2019 02:03:19 +0000 +Subject: clk: imx: imx8mm: fix int pll clk gate + +From: Peng Fan + +commit b3fddd5b100e4aee4f7ec58360435024971dea47 upstream. + +To Frac pll, the gate shift is 13, however to Int PLL the gate shift +is 11. + +Cc: +Fixes: ba5625c3e27 ("clk: imx: Add clock driver support for imx8mm") +Signed-off-by: Peng Fan +Reviewed-by: Fabio Estevam +Reviewed-by: Jacky Bai +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/imx/clk-imx8mm.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/clk/imx/clk-imx8mm.c ++++ b/drivers/clk/imx/clk-imx8mm.c +@@ -449,12 +449,12 @@ static int __init imx8mm_clocks_init(str + clks[IMX8MM_AUDIO_PLL2_OUT] = imx_clk_gate("audio_pll2_out", "audio_pll2_bypass", base + 0x14, 13); + clks[IMX8MM_VIDEO_PLL1_OUT] = imx_clk_gate("video_pll1_out", "video_pll1_bypass", base + 0x28, 13); + clks[IMX8MM_DRAM_PLL_OUT] = imx_clk_gate("dram_pll_out", "dram_pll_bypass", base + 0x50, 13); +- clks[IMX8MM_GPU_PLL_OUT] = imx_clk_gate("gpu_pll_out", "gpu_pll_bypass", base + 0x64, 13); +- clks[IMX8MM_VPU_PLL_OUT] = imx_clk_gate("vpu_pll_out", "vpu_pll_bypass", base + 0x74, 13); +- clks[IMX8MM_ARM_PLL_OUT] = imx_clk_gate("arm_pll_out", "arm_pll_bypass", base + 0x84, 13); +- clks[IMX8MM_SYS_PLL1_OUT] = imx_clk_gate("sys_pll1_out", "sys_pll1_bypass", base + 0x94, 13); +- clks[IMX8MM_SYS_PLL2_OUT] = imx_clk_gate("sys_pll2_out", "sys_pll2_bypass", base + 0x104, 13); +- clks[IMX8MM_SYS_PLL3_OUT] = imx_clk_gate("sys_pll3_out", "sys_pll3_bypass", base + 0x114, 13); ++ clks[IMX8MM_GPU_PLL_OUT] = imx_clk_gate("gpu_pll_out", "gpu_pll_bypass", base + 0x64, 11); ++ clks[IMX8MM_VPU_PLL_OUT] = imx_clk_gate("vpu_pll_out", "vpu_pll_bypass", base + 0x74, 11); ++ clks[IMX8MM_ARM_PLL_OUT] = imx_clk_gate("arm_pll_out", "arm_pll_bypass", base + 0x84, 11); ++ clks[IMX8MM_SYS_PLL1_OUT] = imx_clk_gate("sys_pll1_out", "sys_pll1_bypass", base + 0x94, 11); ++ clks[IMX8MM_SYS_PLL2_OUT] = imx_clk_gate("sys_pll2_out", "sys_pll2_bypass", base + 0x104, 11); ++ clks[IMX8MM_SYS_PLL3_OUT] = imx_clk_gate("sys_pll3_out", "sys_pll3_bypass", base + 0x114, 11); + + /* SYS PLL fixed output */ + clks[IMX8MM_SYS_PLL1_40M] = imx_clk_fixed_factor("sys_pll1_40m", "sys_pll1_out", 1, 20); diff --git a/queue-5.1/doc-cope-with-sphinx-logging-deprecations.patch b/queue-5.1/doc-cope-with-sphinx-logging-deprecations.patch new file mode 100644 index 00000000000..b8d0be2b1ba --- /dev/null +++ b/queue-5.1/doc-cope-with-sphinx-logging-deprecations.patch @@ -0,0 +1,227 @@ +From 096ea522e84ea68f8e6c41e5e7294731a81e29bc Mon Sep 17 00:00:00 2001 +From: Jonathan Corbet +Date: Tue, 21 May 2019 14:23:43 -0600 +Subject: doc: Cope with Sphinx logging deprecations + +From: Jonathan Corbet + +commit 096ea522e84ea68f8e6c41e5e7294731a81e29bc upstream. + +Recent versions of sphinx will emit messages like: + + Documentation/sphinx/kerneldoc.py:103: + RemovedInSphinx20Warning: app.warning() is now deprecated. + Use sphinx.util.logging instead. + +Switch to sphinx.util.logging to make this unsightly message go away. +Alas, that interface was only added in version 1.6, so we have to add a +version check to keep things working with older sphinxes. + +Cc: stable@vger.kernel.org +Signed-off-by: Jonathan Corbet +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/sphinx/kerneldoc.py | 12 +++++++---- + Documentation/sphinx/kernellog.py | 28 ++++++++++++++++++++++++++ + Documentation/sphinx/kfigure.py | 40 +++++++++++++++++++++----------------- + 3 files changed, 59 insertions(+), 21 deletions(-) + +--- a/Documentation/sphinx/kerneldoc.py ++++ b/Documentation/sphinx/kerneldoc.py +@@ -49,6 +49,8 @@ if Use_SSI: + else: + from sphinx.ext.autodoc import AutodocReporter + ++import kernellog ++ + __version__ = '1.0' + + class KernelDocDirective(Directive): +@@ -100,7 +102,8 @@ class KernelDocDirective(Directive): + cmd += [filename] + + try: +- env.app.verbose('calling kernel-doc \'%s\'' % (" ".join(cmd))) ++ kernellog.verbose(env.app, ++ 'calling kernel-doc \'%s\'' % (" ".join(cmd))) + + p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + out, err = p.communicate() +@@ -110,7 +113,8 @@ class KernelDocDirective(Directive): + if p.returncode != 0: + sys.stderr.write(err) + +- env.app.warn('kernel-doc \'%s\' failed with return code %d' % (" ".join(cmd), p.returncode)) ++ kernellog.warn(env.app, ++ 'kernel-doc \'%s\' failed with return code %d' % (" ".join(cmd), p.returncode)) + return [nodes.error(None, nodes.paragraph(text = "kernel-doc missing"))] + elif env.config.kerneldoc_verbosity > 0: + sys.stderr.write(err) +@@ -136,8 +140,8 @@ class KernelDocDirective(Directive): + return node.children + + except Exception as e: # pylint: disable=W0703 +- env.app.warn('kernel-doc \'%s\' processing failed with: %s' % +- (" ".join(cmd), str(e))) ++ kernellog.warn(env.app, 'kernel-doc \'%s\' processing failed with: %s' % ++ (" ".join(cmd), str(e))) + return [nodes.error(None, nodes.paragraph(text = "kernel-doc missing"))] + + def do_parse(self, result, node): +--- /dev/null ++++ b/Documentation/sphinx/kernellog.py +@@ -0,0 +1,28 @@ ++# SPDX-License-Identifier: GPL-2.0 ++# ++# Sphinx has deprecated its older logging interface, but the replacement ++# only goes back to 1.6. So here's a wrapper layer to keep around for ++# as long as we support 1.4. ++# ++import sphinx ++ ++if sphinx.__version__[:3] >= '1.6': ++ UseLogging = True ++ from sphinx.util import logging ++ logger = logging.getLogger('kerneldoc') ++else: ++ UseLogging = False ++ ++def warn(app, message): ++ if UseLogging: ++ logger.warning(message) ++ else: ++ app.warn(message) ++ ++def verbose(app, message): ++ if UseLogging: ++ logger.verbose(message) ++ else: ++ app.verbose(message) ++ ++ +--- a/Documentation/sphinx/kfigure.py ++++ b/Documentation/sphinx/kfigure.py +@@ -60,6 +60,8 @@ import sphinx + from sphinx.util.nodes import clean_astext + from six import iteritems + ++import kernellog ++ + PY3 = sys.version_info[0] == 3 + + if PY3: +@@ -171,20 +173,20 @@ def setupTools(app): + This function is called once, when the builder is initiated. + """ + global dot_cmd, convert_cmd # pylint: disable=W0603 +- app.verbose("kfigure: check installed tools ...") ++ kernellog.verbose(app, "kfigure: check installed tools ...") + + dot_cmd = which('dot') + convert_cmd = which('convert') + + if dot_cmd: +- app.verbose("use dot(1) from: " + dot_cmd) ++ kernellog.verbose(app, "use dot(1) from: " + dot_cmd) + else: +- app.warn("dot(1) not found, for better output quality install " +- "graphviz from http://www.graphviz.org") ++ kernellog.warn(app, "dot(1) not found, for better output quality install " ++ "graphviz from http://www.graphviz.org") + if convert_cmd: +- app.verbose("use convert(1) from: " + convert_cmd) ++ kernellog.verbose(app, "use convert(1) from: " + convert_cmd) + else: +- app.warn( ++ kernellog.warn(app, + "convert(1) not found, for SVG to PDF conversion install " + "ImageMagick (https://www.imagemagick.org)") + +@@ -220,12 +222,13 @@ def convert_image(img_node, translator, + + # in kernel builds, use 'make SPHINXOPTS=-v' to see verbose messages + +- app.verbose('assert best format for: ' + img_node['uri']) ++ kernellog.verbose(app, 'assert best format for: ' + img_node['uri']) + + if in_ext == '.dot': + + if not dot_cmd: +- app.verbose("dot from graphviz not available / include DOT raw.") ++ kernellog.verbose(app, ++ "dot from graphviz not available / include DOT raw.") + img_node.replace_self(file2literal(src_fname)) + + elif translator.builder.format == 'latex': +@@ -252,7 +255,8 @@ def convert_image(img_node, translator, + + if translator.builder.format == 'latex': + if convert_cmd is None: +- app.verbose("no SVG to PDF conversion available / include SVG raw.") ++ kernellog.verbose(app, ++ "no SVG to PDF conversion available / include SVG raw.") + img_node.replace_self(file2literal(src_fname)) + else: + dst_fname = path.join(translator.builder.outdir, fname + '.pdf') +@@ -265,18 +269,19 @@ def convert_image(img_node, translator, + _name = dst_fname[len(translator.builder.outdir) + 1:] + + if isNewer(dst_fname, src_fname): +- app.verbose("convert: {out}/%s already exists and is newer" % _name) ++ kernellog.verbose(app, ++ "convert: {out}/%s already exists and is newer" % _name) + + else: + ok = False + mkdir(path.dirname(dst_fname)) + + if in_ext == '.dot': +- app.verbose('convert DOT to: {out}/' + _name) ++ kernellog.verbose(app, 'convert DOT to: {out}/' + _name) + ok = dot2format(app, src_fname, dst_fname) + + elif in_ext == '.svg': +- app.verbose('convert SVG to: {out}/' + _name) ++ kernellog.verbose(app, 'convert SVG to: {out}/' + _name) + ok = svg2pdf(app, src_fname, dst_fname) + + if not ok: +@@ -305,7 +310,8 @@ def dot2format(app, dot_fname, out_fname + with open(out_fname, "w") as out: + exit_code = subprocess.call(cmd, stdout = out) + if exit_code != 0: +- app.warn("Error #%d when calling: %s" % (exit_code, " ".join(cmd))) ++ kernellog.warn(app, ++ "Error #%d when calling: %s" % (exit_code, " ".join(cmd))) + return bool(exit_code == 0) + + def svg2pdf(app, svg_fname, pdf_fname): +@@ -322,7 +328,7 @@ def svg2pdf(app, svg_fname, pdf_fname): + # use stdout and stderr from parent + exit_code = subprocess.call(cmd) + if exit_code != 0: +- app.warn("Error #%d when calling: %s" % (exit_code, " ".join(cmd))) ++ kernellog.warn(app, "Error #%d when calling: %s" % (exit_code, " ".join(cmd))) + return bool(exit_code == 0) + + +@@ -415,15 +421,15 @@ def visit_kernel_render(self, node): + app = self.builder.app + srclang = node.get('srclang') + +- app.verbose('visit kernel-render node lang: "%s"' % (srclang)) ++ kernellog.verbose(app, 'visit kernel-render node lang: "%s"' % (srclang)) + + tmp_ext = RENDER_MARKUP_EXT.get(srclang, None) + if tmp_ext is None: +- app.warn('kernel-render: "%s" unknown / include raw.' % (srclang)) ++ kernellog.warn(app, 'kernel-render: "%s" unknown / include raw.' % (srclang)) + return + + if not dot_cmd and tmp_ext == '.dot': +- app.verbose("dot from graphviz not available / include raw.") ++ kernellog.verbose(app, "dot from graphviz not available / include raw.") + return + + literal_block = node[0] diff --git a/queue-5.1/doc-cope-with-the-deprecation-of-autoreporter.patch b/queue-5.1/doc-cope-with-the-deprecation-of-autoreporter.patch new file mode 100644 index 00000000000..35a979f5ea1 --- /dev/null +++ b/queue-5.1/doc-cope-with-the-deprecation-of-autoreporter.patch @@ -0,0 +1,83 @@ +From 2404dad1f67f8917e30fc22a85e0dbcc85b99955 Mon Sep 17 00:00:00 2001 +From: Jonathan Corbet +Date: Tue, 21 May 2019 14:42:34 -0600 +Subject: doc: Cope with the deprecation of AutoReporter + +From: Jonathan Corbet + +commit 2404dad1f67f8917e30fc22a85e0dbcc85b99955 upstream. + +AutoReporter is going away; recent versions of sphinx emit a warning like: + + Documentation/sphinx/kerneldoc.py:125: + RemovedInSphinx20Warning: AutodocReporter is now deprecated. + Use sphinx.util.docutils.switch_source_input() instead. + +Make the switch. But switch_source_input() only showed up in 1.7, so we +have to do ugly version checks to keep things working in older versions. + +Cc: stable@vger.kernel.org +Signed-off-by: Jonathan Corbet +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/sphinx/kerneldoc.py | 34 ++++++++++++++++++++++++++-------- + 1 file changed, 26 insertions(+), 8 deletions(-) + +--- a/Documentation/sphinx/kerneldoc.py ++++ b/Documentation/sphinx/kerneldoc.py +@@ -37,7 +37,17 @@ import glob + from docutils import nodes, statemachine + from docutils.statemachine import ViewList + from docutils.parsers.rst import directives, Directive +-from sphinx.ext.autodoc import AutodocReporter ++ ++# ++# AutodocReporter is only good up to Sphinx 1.7 ++# ++import sphinx ++ ++Use_SSI = sphinx.__version__[:3] >= '1.7' ++if Use_SSI: ++ from sphinx.util.docutils import switch_source_input ++else: ++ from sphinx.ext.autodoc import AutodocReporter + + __version__ = '1.0' + +@@ -121,13 +131,7 @@ class KernelDocDirective(Directive): + lineoffset += 1 + + node = nodes.section() +- buf = self.state.memo.title_styles, self.state.memo.section_level, self.state.memo.reporter +- self.state.memo.reporter = AutodocReporter(result, self.state.memo.reporter) +- self.state.memo.title_styles, self.state.memo.section_level = [], 0 +- try: +- self.state.nested_parse(result, 0, node, match_titles=1) +- finally: +- self.state.memo.title_styles, self.state.memo.section_level, self.state.memo.reporter = buf ++ self.do_parse(result, node) + + return node.children + +@@ -136,6 +140,20 @@ class KernelDocDirective(Directive): + (" ".join(cmd), str(e))) + return [nodes.error(None, nodes.paragraph(text = "kernel-doc missing"))] + ++ def do_parse(self, result, node): ++ if Use_SSI: ++ with switch_source_input(self.state, result): ++ self.state.nested_parse(result, 0, node, match_titles=1) ++ else: ++ save = self.state.memo.title_styles, self.state.memo.section_level, self.state.memo.reporter ++ self.state.memo.reporter = AutodocReporter(result, self.state.memo.reporter) ++ self.state.memo.title_styles, self.state.memo.section_level = [], 0 ++ try: ++ self.state.nested_parse(result, 0, node, match_titles=1) ++ finally: ++ self.state.memo.title_styles, self.state.memo.section_level, self.state.memo.reporter = save ++ ++ + def setup(app): + app.add_config_value('kerneldoc_bin', None, 'env') + app.add_config_value('kerneldoc_srctree', None, 'env') diff --git a/queue-5.1/docs-fix-conf.py-for-sphinx-2.0.patch b/queue-5.1/docs-fix-conf.py-for-sphinx-2.0.patch new file mode 100644 index 00000000000..cedf5e90172 --- /dev/null +++ b/queue-5.1/docs-fix-conf.py-for-sphinx-2.0.patch @@ -0,0 +1,32 @@ +From 3bc8088464712fdcb078eefb68837ccfcc413c88 Mon Sep 17 00:00:00 2001 +From: Jonathan Corbet +Date: Wed, 22 May 2019 14:30:45 -0600 +Subject: docs: Fix conf.py for Sphinx 2.0 + +From: Jonathan Corbet + +commit 3bc8088464712fdcb078eefb68837ccfcc413c88 upstream. + +Our version check in Documentation/conf.py never envisioned a world where +Sphinx moved beyond 1.x. Now that the unthinkable has happened, fix our +version check to handle higher version numbers correctly. + +Cc: stable@vger.kernel.org +Signed-off-by: Jonathan Corbet +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/conf.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Documentation/conf.py ++++ b/Documentation/conf.py +@@ -37,7 +37,7 @@ needs_sphinx = '1.3' + extensions = ['kerneldoc', 'rstFlatTable', 'kernel_include', 'cdomain', 'kfigure', 'sphinx.ext.ifconfig'] + + # The name of the math extension changed on Sphinx 1.4 +-if major == 1 and minor > 3: ++if (major == 1 and minor > 3) or (major > 1): + extensions.append("sphinx.ext.imgmath") + else: + extensions.append("sphinx.ext.pngmath") diff --git a/queue-5.1/drm-nouveau-i2c-disable-i2c-bus-access-after-fini.patch b/queue-5.1/drm-nouveau-i2c-disable-i2c-bus-access-after-fini.patch new file mode 100644 index 00000000000..abad96ec574 --- /dev/null +++ b/queue-5.1/drm-nouveau-i2c-disable-i2c-bus-access-after-fini.patch @@ -0,0 +1,265 @@ +From 342406e4fbba9a174125fbfe6aeac3d64ef90f76 Mon Sep 17 00:00:00 2001 +From: Lyude Paul +Date: Tue, 9 Apr 2019 16:23:30 -0400 +Subject: drm/nouveau/i2c: Disable i2c bus access after ->fini() + +From: Lyude Paul + +commit 342406e4fbba9a174125fbfe6aeac3d64ef90f76 upstream. + +For a while, we've had the problem of i2c bus access not grabbing +a runtime PM ref when it's being used in userspace by i2c-dev, resulting +in nouveau spamming the kernel log with errors if anything attempts to +access the i2c bus while the GPU is in runtime suspend. An example: + +[ 130.078386] nouveau 0000:01:00.0: i2c: aux 000d: begin idle timeout ffffffff + +Since the GPU is in runtime suspend, the MMIO region that the i2c bus is +on isn't accessible. On x86, the standard behavior for accessing an +unavailable MMIO region is to just return ~0. + +Except, that turned out to be a lie. While computers with a clean +concious will return ~0 in this scenario, some machines will actually +completely hang a CPU on certian bad MMIO accesses. This was witnessed +with someone's Lenovo ThinkPad P50, where sensors-detect attempting to +access the i2c bus while the GPU was suspended would result in a CPU +hang: + + CPU: 5 PID: 12438 Comm: sensors-detect Not tainted 5.0.0-0.rc4.git3.1.fc30.x86_64 #1 + Hardware name: LENOVO 20EQS64N17/20EQS64N17, BIOS N1EET74W (1.47 ) 11/21/2017 + RIP: 0010:ioread32+0x2b/0x30 + Code: 81 ff ff ff 03 00 77 20 48 81 ff 00 00 01 00 76 05 0f b7 d7 ed c3 + 48 c7 c6 e1 0c 36 96 e8 2d ff ff ff b8 ff ff ff ff c3 8b 07 0f 1f + 40 00 49 89 f0 48 81 fe ff ff 03 00 76 04 40 88 3e c3 48 + RSP: 0018:ffffaac3c5007b48 EFLAGS: 00000292 ORIG_RAX: ffffffffffffff13 + RAX: 0000000001111000 RBX: 0000000001111000 RCX: 0000043017a97186 + RDX: 0000000000000aaa RSI: 0000000000000005 RDI: ffffaac3c400e4e4 + RBP: ffff9e6443902c00 R08: ffffaac3c400e4e4 R09: ffffaac3c5007be7 + R10: 0000000000000004 R11: 0000000000000001 R12: ffff9e6445dd0000 + R13: 000000000000e4e4 R14: 00000000000003c4 R15: 0000000000000000 + FS: 00007f253155a740(0000) GS:ffff9e644f600000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00005630d1500358 CR3: 0000000417c44006 CR4: 00000000003606e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + Call Trace: + g94_i2c_aux_xfer+0x326/0x850 [nouveau] + nvkm_i2c_aux_i2c_xfer+0x9e/0x140 [nouveau] + __i2c_transfer+0x14b/0x620 + i2c_smbus_xfer_emulated+0x159/0x680 + ? _raw_spin_unlock_irqrestore+0x1/0x60 + ? rt_mutex_slowlock.constprop.0+0x13d/0x1e0 + ? __lock_is_held+0x59/0xa0 + __i2c_smbus_xfer+0x138/0x5a0 + i2c_smbus_xfer+0x4f/0x80 + i2cdev_ioctl_smbus+0x162/0x2d0 [i2c_dev] + i2cdev_ioctl+0x1db/0x2c0 [i2c_dev] + do_vfs_ioctl+0x408/0x750 + ksys_ioctl+0x5e/0x90 + __x64_sys_ioctl+0x16/0x20 + do_syscall_64+0x60/0x1e0 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + RIP: 0033:0x7f25317f546b + Code: 0f 1e fa 48 8b 05 1d da 0c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff + ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 + f0 ff ff 73 01 c3 48 8b 0d ed d9 0c 00 f7 d8 64 89 01 48 + RSP: 002b:00007ffc88caab68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 + RAX: ffffffffffffffda RBX: 00005630d0fe7260 RCX: 00007f25317f546b + RDX: 00005630d1598e80 RSI: 0000000000000720 RDI: 0000000000000003 + RBP: 00005630d155b968 R08: 0000000000000001 R09: 00005630d15a1da0 + R10: 0000000000000070 R11: 0000000000000246 R12: 00005630d1598e80 + R13: 00005630d12f3d28 R14: 0000000000000720 R15: 00005630d12f3ce0 + watchdog: BUG: soft lockup - CPU#5 stuck for 23s! [sensors-detect:12438] + +Yikes! While I wanted to try to make it so that accessing an i2c bus on +nouveau would wake up the GPU as needed, airlied pointed out that pretty +much any usecase for userspace accessing an i2c bus on a GPU (mainly for +the DDC brightness control that some displays have) is going to only be +useful while there's at least one display enabled on the GPU anyway, and +the GPU never sleeps while there's displays running. + +Since teaching the i2c bus to wake up the GPU on userspace accesses is a +good deal more difficult than it might seem, mostly due to the fact that +we have to use the i2c bus during runtime resume of the GPU, we instead +opt for the easiest solution: don't let userspace access i2c busses on +the GPU at all while it's in runtime suspend. + +Changes since v1: +* Also disable i2c busses that run over DP AUX + +Signed-off-by: Lyude Paul +Cc: stable@vger.kernel.org +Signed-off-by: Ben Skeggs +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/nouveau/include/nvkm/subdev/i2c.h | 2 + + drivers/gpu/drm/nouveau/nvkm/subdev/i2c/aux.c | 26 +++++++++++++++++++++- + drivers/gpu/drm/nouveau/nvkm/subdev/i2c/aux.h | 2 + + drivers/gpu/drm/nouveau/nvkm/subdev/i2c/base.c | 15 ++++++++++++ + drivers/gpu/drm/nouveau/nvkm/subdev/i2c/bus.c | 21 ++++++++++++++++- + drivers/gpu/drm/nouveau/nvkm/subdev/i2c/bus.h | 1 + 6 files changed, 65 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/nouveau/include/nvkm/subdev/i2c.h ++++ b/drivers/gpu/drm/nouveau/include/nvkm/subdev/i2c.h +@@ -38,6 +38,7 @@ struct nvkm_i2c_bus { + struct mutex mutex; + struct list_head head; + struct i2c_adapter i2c; ++ u8 enabled; + }; + + int nvkm_i2c_bus_acquire(struct nvkm_i2c_bus *); +@@ -57,6 +58,7 @@ struct nvkm_i2c_aux { + struct mutex mutex; + struct list_head head; + struct i2c_adapter i2c; ++ u8 enabled; + + u32 intr; + }; +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/aux.c ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/aux.c +@@ -105,9 +105,15 @@ nvkm_i2c_aux_acquire(struct nvkm_i2c_aux + { + struct nvkm_i2c_pad *pad = aux->pad; + int ret; ++ + AUX_TRACE(aux, "acquire"); + mutex_lock(&aux->mutex); +- ret = nvkm_i2c_pad_acquire(pad, NVKM_I2C_PAD_AUX); ++ ++ if (aux->enabled) ++ ret = nvkm_i2c_pad_acquire(pad, NVKM_I2C_PAD_AUX); ++ else ++ ret = -EIO; ++ + if (ret) + mutex_unlock(&aux->mutex); + return ret; +@@ -145,6 +151,24 @@ nvkm_i2c_aux_del(struct nvkm_i2c_aux **p + } + } + ++void ++nvkm_i2c_aux_init(struct nvkm_i2c_aux *aux) ++{ ++ AUX_TRACE(aux, "init"); ++ mutex_lock(&aux->mutex); ++ aux->enabled = true; ++ mutex_unlock(&aux->mutex); ++} ++ ++void ++nvkm_i2c_aux_fini(struct nvkm_i2c_aux *aux) ++{ ++ AUX_TRACE(aux, "fini"); ++ mutex_lock(&aux->mutex); ++ aux->enabled = false; ++ mutex_unlock(&aux->mutex); ++} ++ + int + nvkm_i2c_aux_ctor(const struct nvkm_i2c_aux_func *func, + struct nvkm_i2c_pad *pad, int id, +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/aux.h ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/aux.h +@@ -16,6 +16,8 @@ int nvkm_i2c_aux_ctor(const struct nvkm_ + int nvkm_i2c_aux_new_(const struct nvkm_i2c_aux_func *, struct nvkm_i2c_pad *, + int id, struct nvkm_i2c_aux **); + void nvkm_i2c_aux_del(struct nvkm_i2c_aux **); ++void nvkm_i2c_aux_init(struct nvkm_i2c_aux *); ++void nvkm_i2c_aux_fini(struct nvkm_i2c_aux *); + int nvkm_i2c_aux_xfer(struct nvkm_i2c_aux *, bool retry, u8 type, + u32 addr, u8 *data, u8 *size); + +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/base.c ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/base.c +@@ -160,8 +160,18 @@ nvkm_i2c_fini(struct nvkm_subdev *subdev + { + struct nvkm_i2c *i2c = nvkm_i2c(subdev); + struct nvkm_i2c_pad *pad; ++ struct nvkm_i2c_bus *bus; ++ struct nvkm_i2c_aux *aux; + u32 mask; + ++ list_for_each_entry(aux, &i2c->aux, head) { ++ nvkm_i2c_aux_fini(aux); ++ } ++ ++ list_for_each_entry(bus, &i2c->bus, head) { ++ nvkm_i2c_bus_fini(bus); ++ } ++ + if ((mask = (1 << i2c->func->aux) - 1), i2c->func->aux_stat) { + i2c->func->aux_mask(i2c, NVKM_I2C_ANY, mask, 0); + i2c->func->aux_stat(i2c, &mask, &mask, &mask, &mask); +@@ -180,6 +190,7 @@ nvkm_i2c_init(struct nvkm_subdev *subdev + struct nvkm_i2c *i2c = nvkm_i2c(subdev); + struct nvkm_i2c_bus *bus; + struct nvkm_i2c_pad *pad; ++ struct nvkm_i2c_aux *aux; + + list_for_each_entry(pad, &i2c->pad, head) { + nvkm_i2c_pad_init(pad); +@@ -189,6 +200,10 @@ nvkm_i2c_init(struct nvkm_subdev *subdev + nvkm_i2c_bus_init(bus); + } + ++ list_for_each_entry(aux, &i2c->aux, head) { ++ nvkm_i2c_aux_init(aux); ++ } ++ + return 0; + } + +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/bus.c ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/bus.c +@@ -110,6 +110,19 @@ nvkm_i2c_bus_init(struct nvkm_i2c_bus *b + BUS_TRACE(bus, "init"); + if (bus->func->init) + bus->func->init(bus); ++ ++ mutex_lock(&bus->mutex); ++ bus->enabled = true; ++ mutex_unlock(&bus->mutex); ++} ++ ++void ++nvkm_i2c_bus_fini(struct nvkm_i2c_bus *bus) ++{ ++ BUS_TRACE(bus, "fini"); ++ mutex_lock(&bus->mutex); ++ bus->enabled = false; ++ mutex_unlock(&bus->mutex); + } + + void +@@ -126,9 +139,15 @@ nvkm_i2c_bus_acquire(struct nvkm_i2c_bus + { + struct nvkm_i2c_pad *pad = bus->pad; + int ret; ++ + BUS_TRACE(bus, "acquire"); + mutex_lock(&bus->mutex); +- ret = nvkm_i2c_pad_acquire(pad, NVKM_I2C_PAD_I2C); ++ ++ if (bus->enabled) ++ ret = nvkm_i2c_pad_acquire(pad, NVKM_I2C_PAD_I2C); ++ else ++ ret = -EIO; ++ + if (ret) + mutex_unlock(&bus->mutex); + return ret; +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/bus.h ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/i2c/bus.h +@@ -18,6 +18,7 @@ int nvkm_i2c_bus_new_(const struct nvkm_ + int id, struct nvkm_i2c_bus **); + void nvkm_i2c_bus_del(struct nvkm_i2c_bus **); + void nvkm_i2c_bus_init(struct nvkm_i2c_bus *); ++void nvkm_i2c_bus_fini(struct nvkm_i2c_bus *); + + int nvkm_i2c_bit_xfer(struct nvkm_i2c_bus *, struct i2c_msg *, int); + diff --git a/queue-5.1/evm-check-hash-algorithm-passed-to-init_desc.patch b/queue-5.1/evm-check-hash-algorithm-passed-to-init_desc.patch new file mode 100644 index 00000000000..093d40d7f36 --- /dev/null +++ b/queue-5.1/evm-check-hash-algorithm-passed-to-init_desc.patch @@ -0,0 +1,36 @@ +From 221be106d75c1b511973301542f47d6000d0b63e Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 29 May 2019 15:30:33 +0200 +Subject: evm: check hash algorithm passed to init_desc() + +From: Roberto Sassu + +commit 221be106d75c1b511973301542f47d6000d0b63e upstream. + +This patch prevents memory access beyond the evm_tfm array by checking the +validity of the index (hash algorithm) passed to init_desc(). The hash +algorithm can be arbitrarily set if the security.ima xattr type is not +EVM_XATTR_HMAC. + +Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures") +Signed-off-by: Roberto Sassu +Cc: stable@vger.kernel.org +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/evm/evm_crypto.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/security/integrity/evm/evm_crypto.c ++++ b/security/integrity/evm/evm_crypto.c +@@ -89,6 +89,9 @@ static struct shash_desc *init_desc(char + tfm = &hmac_tfm; + algo = evm_hmac; + } else { ++ if (hash_algo >= HASH_ALGO__LAST) ++ return ERR_PTR(-EINVAL); ++ + tfm = &evm_tfm[hash_algo]; + algo = hash_algo_name[hash_algo]; + } diff --git a/queue-5.1/gcc-plugins-fix-build-failures-under-darwin-host.patch b/queue-5.1/gcc-plugins-fix-build-failures-under-darwin-host.patch new file mode 100644 index 00000000000..dc59ce6f02b --- /dev/null +++ b/queue-5.1/gcc-plugins-fix-build-failures-under-darwin-host.patch @@ -0,0 +1,52 @@ +From 7210e060155b9cf557fb13128353c3e494fa5ed3 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Mon, 20 May 2019 11:50:42 -0700 +Subject: gcc-plugins: Fix build failures under Darwin host + +From: Kees Cook + +commit 7210e060155b9cf557fb13128353c3e494fa5ed3 upstream. + +The gcc-common.h file did not take into account certain macros that +might have already been defined in the build environment. This updates +the header to avoid redefining the macros, as seen on a Darwin host +using gcc 4.9.2: + + HOSTCXX -fPIC scripts/gcc-plugins/arm_ssp_per_task_plugin.o - due to: scripts/gcc-plugins/gcc-common.h +In file included from scripts/gcc-plugins/arm_ssp_per_task_plugin.c:3:0: +scripts/gcc-plugins/gcc-common.h:153:0: warning: "__unused" redefined +^ +In file included from /usr/include/stdio.h:64:0, + from /Users/hns/Documents/Projects/QuantumSTEP/System/Library/Frameworks/System.framework/Versions-jessie/x86_64-apple-darwin15.0.0/gcc/arm-linux-gnueabi/bin/../lib/gcc/arm-linux-gnueabi/4.9.2/plugin/include/system.h:40, + from /Users/hns/Documents/Projects/QuantumSTEP/System/Library/Frameworks/System.framework/Versions-jessie/x86_64-apple-darwin15.0.0/gcc/arm-linux-gnueabi/bin/../lib/gcc/arm-linux-gnueabi/4.9.2/plugin/include/gcc-plugin.h:28, + from /Users/hns/Documents/Projects/QuantumSTEP/System/Library/Frameworks/System.framework/Versions-jessie/x86_64-apple-darwin15.0.0/gcc/arm-linux-gnueabi/bin/../lib/gcc/arm-linux-gnueabi/4.9.2/plugin/include/plugin.h:23, + from scripts/gcc-plugins/gcc-common.h:9, + from scripts/gcc-plugins/arm_ssp_per_task_plugin.c:3: +/usr/include/sys/cdefs.h:161:0: note: this is the location of the previous definition +^ + +Reported-and-tested-by: "H. Nikolaus Schaller" +Fixes: 189af4657186 ("ARM: smp: add support for per-task stack canaries") +Cc: stable@vger.kernel.org +Signed-off-by: Kees Cook +Signed-off-by: Greg Kroah-Hartman + +--- + scripts/gcc-plugins/gcc-common.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/scripts/gcc-plugins/gcc-common.h ++++ b/scripts/gcc-plugins/gcc-common.h +@@ -150,8 +150,12 @@ void print_gimple_expr(FILE *, gimple, i + void dump_gimple_stmt(pretty_printer *, gimple, int, int); + #endif + ++#ifndef __unused + #define __unused __attribute__((__unused__)) ++#endif ++#ifndef __visible + #define __visible __attribute__((visibility("default"))) ++#endif + + #define DECL_NAME_POINTER(node) IDENTIFIER_POINTER(DECL_NAME(node)) + #define DECL_NAME_LENGTH(node) IDENTIFIER_LENGTH(DECL_NAME(node)) diff --git a/queue-5.1/i2c-mlxcpld-fix-wrong-initialization-order-in-probe.patch b/queue-5.1/i2c-mlxcpld-fix-wrong-initialization-order-in-probe.patch new file mode 100644 index 00000000000..4d1aba15c14 --- /dev/null +++ b/queue-5.1/i2c-mlxcpld-fix-wrong-initialization-order-in-probe.patch @@ -0,0 +1,44 @@ +From 13067ef73f337336e3149f5bb9f3fd05fe7f87a0 Mon Sep 17 00:00:00 2001 +From: Vadim Pasternak +Date: Thu, 16 May 2019 17:15:41 +0000 +Subject: i2c: mlxcpld: Fix wrong initialization order in probe + +From: Vadim Pasternak + +commit 13067ef73f337336e3149f5bb9f3fd05fe7f87a0 upstream. + +Fix wrong order in probing routine initialization - field `base_addr' +is used before it's initialized. Move assignment of 'priv->base_addr` +to the beginning, prior the call to mlxcpld_i2c_read_comm(). +Wrong order caused the first read of capability register to be executed +at wrong offset 0x0 instead of 0x2000. By chance it was a "good +garbage" at 0x0 offset. + +Fixes: 313ce648b5a4 ("i2c: mlxcpld: Add support for extended transaction length for i2c-mlxcpld") +Signed-off-by: Vadim Pasternak +Signed-off-by: Wolfram Sang +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-mlxcpld.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-mlxcpld.c ++++ b/drivers/i2c/busses/i2c-mlxcpld.c +@@ -503,6 +503,7 @@ static int mlxcpld_i2c_probe(struct plat + platform_set_drvdata(pdev, priv); + + priv->dev = &pdev->dev; ++ priv->base_addr = MLXPLAT_CPLD_LPC_I2C_BASE_ADDR; + + /* Register with i2c layer */ + mlxcpld_i2c_adapter.timeout = usecs_to_jiffies(MLXCPLD_I2C_XFER_TO); +@@ -518,7 +519,6 @@ static int mlxcpld_i2c_probe(struct plat + mlxcpld_i2c_adapter.nr = pdev->id; + priv->adap = mlxcpld_i2c_adapter; + priv->adap.dev.parent = &pdev->dev; +- priv->base_addr = MLXPLAT_CPLD_LPC_I2C_BASE_ADDR; + i2c_set_adapdata(&priv->adap, priv); + + err = i2c_add_numbered_adapter(&priv->adap); diff --git a/queue-5.1/i2c-synquacer-fix-synquacer_i2c_doxfer-return-value.patch b/queue-5.1/i2c-synquacer-fix-synquacer_i2c_doxfer-return-value.patch new file mode 100644 index 00000000000..a2d3887058f --- /dev/null +++ b/queue-5.1/i2c-synquacer-fix-synquacer_i2c_doxfer-return-value.patch @@ -0,0 +1,35 @@ +From ff9378904d9d7a3fcb8406604e089e535e357b1d Mon Sep 17 00:00:00 2001 +From: Masahisa Kojima +Date: Tue, 21 May 2019 10:33:50 +0900 +Subject: i2c: synquacer: fix synquacer_i2c_doxfer() return value + +From: Masahisa Kojima + +commit ff9378904d9d7a3fcb8406604e089e535e357b1d upstream. + +master_xfer should return the number of messages successfully +processed. + +Fixes: 0d676a6c4390 ("i2c: add support for Socionext SynQuacer I2C controller") +Cc: # v4.19+ +Signed-off-by: Okamoto Satoru +Signed-off-by: Masahisa Kojima +Acked-by: Ard Biesheuvel +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-synquacer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-synquacer.c ++++ b/drivers/i2c/busses/i2c-synquacer.c +@@ -351,7 +351,7 @@ static int synquacer_i2c_doxfer(struct s + /* wait 2 clock periods to ensure the stop has been through the bus */ + udelay(DIV_ROUND_UP(2 * 1000, i2c->speed_khz)); + +- return 0; ++ return ret; + } + + static irqreturn_t synquacer_i2c_isr(int irq, void *dev_id) diff --git a/queue-5.1/ima-fix-wrong-signed-policy-requirement-when-not-appraising.patch b/queue-5.1/ima-fix-wrong-signed-policy-requirement-when-not-appraising.patch new file mode 100644 index 00000000000..a094fa227c7 --- /dev/null +++ b/queue-5.1/ima-fix-wrong-signed-policy-requirement-when-not-appraising.patch @@ -0,0 +1,41 @@ +From f40019475bbbe9b455e7fd4385fcf13896c492ca Mon Sep 17 00:00:00 2001 +From: Petr Vorel +Date: Wed, 15 May 2019 08:18:07 +0200 +Subject: ima: fix wrong signed policy requirement when not appraising + +From: Petr Vorel + +commit f40019475bbbe9b455e7fd4385fcf13896c492ca upstream. + +Kernel booted just with ima_policy=tcb (not with +ima_policy=appraise_tcb) shouldn't require signed policy. + +Regression found with LTP test ima_policy.sh. + +Fixes: c52657d93b05 ("ima: refactor ima_init_policy()") +Cc: stable@vger.kernel.org (linux-5.0) +Signed-off-by: Petr Vorel +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima_policy.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/security/integrity/ima/ima_policy.c ++++ b/security/integrity/ima/ima_policy.c +@@ -498,10 +498,11 @@ static void add_rules(struct ima_rule_en + + list_add_tail(&entry->list, &ima_policy_rules); + } +- if (entries[i].action == APPRAISE) ++ if (entries[i].action == APPRAISE) { + temp_ima_appraise |= ima_appraise_flag(entries[i].func); +- if (entries[i].func == POLICY_CHECK) +- temp_ima_appraise |= IMA_APPRAISE_POLICY; ++ if (entries[i].func == POLICY_CHECK) ++ temp_ima_appraise |= IMA_APPRAISE_POLICY; ++ } + } + } + diff --git a/queue-5.1/ima-show-rules-with-ima_inmask-correctly.patch b/queue-5.1/ima-show-rules-with-ima_inmask-correctly.patch new file mode 100644 index 00000000000..6d47a8549e3 --- /dev/null +++ b/queue-5.1/ima-show-rules-with-ima_inmask-correctly.patch @@ -0,0 +1,69 @@ +From 8cdc23a3d9ec0944000ad43bad588e36afdc38cd Mon Sep 17 00:00:00 2001 +From: Roberto Sassu +Date: Wed, 29 May 2019 15:30:35 +0200 +Subject: ima: show rules with IMA_INMASK correctly + +From: Roberto Sassu + +commit 8cdc23a3d9ec0944000ad43bad588e36afdc38cd upstream. + +Show the '^' character when a policy rule has flag IMA_INMASK. + +Fixes: 80eae209d63ac ("IMA: allow reading back the current IMA policy") +Signed-off-by: Roberto Sassu +Cc: stable@vger.kernel.org +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + security/integrity/ima/ima_policy.c | 21 ++++++++++++--------- + 1 file changed, 12 insertions(+), 9 deletions(-) + +--- a/security/integrity/ima/ima_policy.c ++++ b/security/integrity/ima/ima_policy.c +@@ -1147,10 +1147,10 @@ enum { + }; + + static const char *const mask_tokens[] = { +- "MAY_EXEC", +- "MAY_WRITE", +- "MAY_READ", +- "MAY_APPEND" ++ "^MAY_EXEC", ++ "^MAY_WRITE", ++ "^MAY_READ", ++ "^MAY_APPEND" + }; + + #define __ima_hook_stringify(str) (#str), +@@ -1210,6 +1210,7 @@ int ima_policy_show(struct seq_file *m, + struct ima_rule_entry *entry = v; + int i; + char tbuf[64] = {0,}; ++ int offset = 0; + + rcu_read_lock(); + +@@ -1233,15 +1234,17 @@ int ima_policy_show(struct seq_file *m, + if (entry->flags & IMA_FUNC) + policy_func_show(m, entry->func); + +- if (entry->flags & IMA_MASK) { ++ if ((entry->flags & IMA_MASK) || (entry->flags & IMA_INMASK)) { ++ if (entry->flags & IMA_MASK) ++ offset = 1; + if (entry->mask & MAY_EXEC) +- seq_printf(m, pt(Opt_mask), mt(mask_exec)); ++ seq_printf(m, pt(Opt_mask), mt(mask_exec) + offset); + if (entry->mask & MAY_WRITE) +- seq_printf(m, pt(Opt_mask), mt(mask_write)); ++ seq_printf(m, pt(Opt_mask), mt(mask_write) + offset); + if (entry->mask & MAY_READ) +- seq_printf(m, pt(Opt_mask), mt(mask_read)); ++ seq_printf(m, pt(Opt_mask), mt(mask_read) + offset); + if (entry->mask & MAY_APPEND) +- seq_printf(m, pt(Opt_mask), mt(mask_append)); ++ seq_printf(m, pt(Opt_mask), mt(mask_append) + offset); + seq_puts(m, " "); + } + diff --git a/queue-5.1/kasan-initialize-tag-to-0xff-in-__kasan_kmalloc.patch b/queue-5.1/kasan-initialize-tag-to-0xff-in-__kasan_kmalloc.patch new file mode 100644 index 00000000000..1b7ffcafe72 --- /dev/null +++ b/queue-5.1/kasan-initialize-tag-to-0xff-in-__kasan_kmalloc.patch @@ -0,0 +1,52 @@ +From 0600597c854e53d2f9b7a6a718c1da2b8b4cb4db Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Fri, 31 May 2019 22:30:42 -0700 +Subject: kasan: initialize tag to 0xff in __kasan_kmalloc + +From: Nathan Chancellor + +commit 0600597c854e53d2f9b7a6a718c1da2b8b4cb4db upstream. + +When building with -Wuninitialized and CONFIG_KASAN_SW_TAGS unset, Clang +warns: + +mm/kasan/common.c:484:40: warning: variable 'tag' is uninitialized when +used here [-Wuninitialized] + kasan_unpoison_shadow(set_tag(object, tag), size); + ^~~ + +set_tag ignores tag in this configuration but clang doesn't realize it at +this point in its pipeline, as it points to arch_kasan_set_tag as being +the point where it is used, which will later be expanded to (void +*)(object) without a use of tag. Initialize tag to 0xff, as it removes +this warning and doesn't change the meaning of the code. + +Link: https://github.com/ClangBuiltLinux/linux/issues/465 +Link: http://lkml.kernel.org/r/20190502163057.6603-1-natechancellor@gmail.com +Fixes: 7f94ffbc4c6a ("kasan: add hooks implementation for tag-based mode") +Signed-off-by: Nathan Chancellor +Reviewed-by: Andrey Konovalov +Reviewed-by: Andrey Ryabinin +Cc: Alexander Potapenko +Cc: Dmitry Vyukov +Cc: Nick Desaulniers +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/kasan/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/kasan/common.c ++++ b/mm/kasan/common.c +@@ -472,7 +472,7 @@ static void *__kasan_kmalloc(struct kmem + { + unsigned long redzone_start; + unsigned long redzone_end; +- u8 tag; ++ u8 tag = 0xff; + + if (gfpflags_allow_blocking(flags)) + quarantine_reduce(); diff --git a/queue-5.1/kernel-signal.c-trace_signal_deliver-when-signal_group_exit.patch b/queue-5.1/kernel-signal.c-trace_signal_deliver-when-signal_group_exit.patch new file mode 100644 index 00000000000..fc2210ce107 --- /dev/null +++ b/queue-5.1/kernel-signal.c-trace_signal_deliver-when-signal_group_exit.patch @@ -0,0 +1,50 @@ +From 98af37d624ed8c83f1953b1b6b2f6866011fc064 Mon Sep 17 00:00:00 2001 +From: Zhenliang Wei +Date: Fri, 31 May 2019 22:30:52 -0700 +Subject: kernel/signal.c: trace_signal_deliver when signal_group_exit + +From: Zhenliang Wei + +commit 98af37d624ed8c83f1953b1b6b2f6866011fc064 upstream. + +In the fixes commit, removing SIGKILL from each thread signal mask and +executing "goto fatal" directly will skip the call to +"trace_signal_deliver". At this point, the delivery tracking of the +SIGKILL signal will be inaccurate. + +Therefore, we need to add trace_signal_deliver before "goto fatal" after +executing sigdelset. + +Note: SEND_SIG_NOINFO matches the fact that SIGKILL doesn't have any info. + +Link: http://lkml.kernel.org/r/20190425025812.91424-1-weizhenliang@huawei.com +Fixes: cf43a757fd4944 ("signal: Restore the stop PTRACE_EVENT_EXIT") +Signed-off-by: Zhenliang Wei +Reviewed-by: Christian Brauner +Reviewed-by: Oleg Nesterov +Cc: Eric W. Biederman +Cc: Ivan Delalande +Cc: Arnd Bergmann +Cc: Thomas Gleixner +Cc: Deepa Dinamani +Cc: Greg Kroah-Hartman +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/signal.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -2441,6 +2441,8 @@ relock: + if (signal_group_exit(signal)) { + ksig->info.si_signo = signr = SIGKILL; + sigdelset(¤t->pending.signal, SIGKILL); ++ trace_signal_deliver(SIGKILL, SEND_SIG_NOINFO, ++ &sighand->action[SIGKILL - 1]); + recalc_sigpending(); + goto fatal; + } diff --git a/queue-5.1/memcg-make-it-work-on-sparse-non-0-node-systems.patch b/queue-5.1/memcg-make-it-work-on-sparse-non-0-node-systems.patch new file mode 100644 index 00000000000..4928eec6480 --- /dev/null +++ b/queue-5.1/memcg-make-it-work-on-sparse-non-0-node-systems.patch @@ -0,0 +1,97 @@ +From 3e8589963773a5c23e2f1fe4bcad0e9a90b7f471 Mon Sep 17 00:00:00 2001 +From: Jiri Slaby +Date: Fri, 31 May 2019 22:30:26 -0700 +Subject: memcg: make it work on sparse non-0-node systems + +From: Jiri Slaby + +commit 3e8589963773a5c23e2f1fe4bcad0e9a90b7f471 upstream. + +We have a single node system with node 0 disabled: + Scanning NUMA topology in Northbridge 24 + Number of physical nodes 2 + Skipping disabled node 0 + Node 1 MemBase 0000000000000000 Limit 00000000fbff0000 + NODE_DATA(1) allocated [mem 0xfbfda000-0xfbfeffff] + +This causes crashes in memcg when system boots: + BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 + #PF error: [normal kernel read fault] +... + RIP: 0010:list_lru_add+0x94/0x170 +... + Call Trace: + d_lru_add+0x44/0x50 + dput.part.34+0xfc/0x110 + __fput+0x108/0x230 + task_work_run+0x9f/0xc0 + exit_to_usermode_loop+0xf5/0x100 + +It is reproducible as far as 4.12. I did not try older kernels. You have +to have a new enough systemd, e.g. 241 (the reason is unknown -- was not +investigated). Cannot be reproduced with systemd 234. + +The system crashes because the size of lru array is never updated in +memcg_update_all_list_lrus and the reads are past the zero-sized array, +causing dereferences of random memory. + +The root cause are list_lru_memcg_aware checks in the list_lru code. The +test in list_lru_memcg_aware is broken: it assumes node 0 is always +present, but it is not true on some systems as can be seen above. + +So fix this by avoiding checks on node 0. Remember the memcg-awareness by +a bool flag in struct list_lru. + +Link: http://lkml.kernel.org/r/20190522091940.3615-1-jslaby@suse.cz +Fixes: 60d3fd32a7a9 ("list_lru: introduce per-memcg lists") +Signed-off-by: Jiri Slaby +Acked-by: Michal Hocko +Suggested-by: Vladimir Davydov +Acked-by: Vladimir Davydov +Reviewed-by: Shakeel Butt +Cc: Johannes Weiner +Cc: Raghavendra K T +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/list_lru.h | 1 + + mm/list_lru.c | 8 +++----- + 2 files changed, 4 insertions(+), 5 deletions(-) + +--- a/include/linux/list_lru.h ++++ b/include/linux/list_lru.h +@@ -54,6 +54,7 @@ struct list_lru { + #ifdef CONFIG_MEMCG_KMEM + struct list_head list; + int shrinker_id; ++ bool memcg_aware; + #endif + }; + +--- a/mm/list_lru.c ++++ b/mm/list_lru.c +@@ -37,11 +37,7 @@ static int lru_shrinker_id(struct list_l + + static inline bool list_lru_memcg_aware(struct list_lru *lru) + { +- /* +- * This needs node 0 to be always present, even +- * in the systems supporting sparse numa ids. +- */ +- return !!lru->node[0].memcg_lrus; ++ return lru->memcg_aware; + } + + static inline struct list_lru_one * +@@ -451,6 +447,8 @@ static int memcg_init_list_lru(struct li + { + int i; + ++ lru->memcg_aware = memcg_aware; ++ + if (!memcg_aware) + return 0; + diff --git a/queue-5.1/mm-compaction-make-sure-we-isolate-a-valid-pfn.patch b/queue-5.1/mm-compaction-make-sure-we-isolate-a-valid-pfn.patch new file mode 100644 index 00000000000..622f4535d81 --- /dev/null +++ b/queue-5.1/mm-compaction-make-sure-we-isolate-a-valid-pfn.patch @@ -0,0 +1,106 @@ +From e577c8b64d58fe307ea4d5149d31615df2d90861 Mon Sep 17 00:00:00 2001 +From: Suzuki K Poulose +Date: Fri, 31 May 2019 22:30:59 -0700 +Subject: mm, compaction: make sure we isolate a valid PFN + +From: Suzuki K Poulose + +commit e577c8b64d58fe307ea4d5149d31615df2d90861 upstream. + +When we have holes in a normal memory zone, we could endup having +cached_migrate_pfns which may not necessarily be valid, under heavy memory +pressure with swapping enabled ( via __reset_isolation_suitable(), +triggered by kswapd). + +Later if we fail to find a page via fast_isolate_freepages(), we may end +up using the migrate_pfn we started the search with, as valid page. This +could lead to accessing NULL pointer derefernces like below, due to an +invalid mem_section pointer. + +Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 [47/1825] + Mem abort info: + ESR = 0x96000004 + Exception class = DABT (current EL), IL = 32 bits + SET = 0, FnV = 0 + EA = 0, S1PTW = 0 + Data abort info: + ISV = 0, ISS = 0x00000004 + CM = 0, WnR = 0 + user pgtable: 4k pages, 48-bit VAs, pgdp = 0000000082f94ae9 + [0000000000000008] pgd=0000000000000000 + Internal error: Oops: 96000004 [#1] SMP + ... + CPU: 10 PID: 6080 Comm: qemu-system-aar Not tainted 510-rc1+ #6 + Hardware name: AmpereComputing(R) OSPREY EV-883832-X3-0001/OSPREY, BIOS 4819 09/25/2018 + pstate: 60000005 (nZCv daif -PAN -UAO) + pc : set_pfnblock_flags_mask+0x58/0xe8 + lr : compaction_alloc+0x300/0x950 + [...] + Process qemu-system-aar (pid: 6080, stack limit = 0x0000000095070da5) + Call trace: + set_pfnblock_flags_mask+0x58/0xe8 + compaction_alloc+0x300/0x950 + migrate_pages+0x1a4/0xbb0 + compact_zone+0x750/0xde8 + compact_zone_order+0xd8/0x118 + try_to_compact_pages+0xb4/0x290 + __alloc_pages_direct_compact+0x84/0x1e0 + __alloc_pages_nodemask+0x5e0/0xe18 + alloc_pages_vma+0x1cc/0x210 + do_huge_pmd_anonymous_page+0x108/0x7c8 + __handle_mm_fault+0xdd4/0x1190 + handle_mm_fault+0x114/0x1c0 + __get_user_pages+0x198/0x3c0 + get_user_pages_unlocked+0xb4/0x1d8 + __gfn_to_pfn_memslot+0x12c/0x3b8 + gfn_to_pfn_prot+0x4c/0x60 + kvm_handle_guest_abort+0x4b0/0xcd8 + handle_exit+0x140/0x1b8 + kvm_arch_vcpu_ioctl_run+0x260/0x768 + kvm_vcpu_ioctl+0x490/0x898 + do_vfs_ioctl+0xc4/0x898 + ksys_ioctl+0x8c/0xa0 + __arm64_sys_ioctl+0x28/0x38 + el0_svc_common+0x74/0x118 + el0_svc_handler+0x38/0x78 + el0_svc+0x8/0xc + Code: f8607840 f100001f 8b011401 9a801020 (f9400400) + ---[ end trace af6a35219325a9b6 ]--- + +The issue was reported on an arm64 server with 128GB with holes in the +zone (e.g, [32GB@4GB, 96GB@544GB]), with a swap device enabled, while +running 100 KVM guest instances. + +This patch fixes the issue by ensuring that the page belongs to a valid +PFN when we fallback to using the lower limit of the scan range upon +failure in fast_isolate_freepages(). + +Link: http://lkml.kernel.org/r/1558711908-15688-1-git-send-email-suzuki.poulose@arm.com +Fixes: 5a811889de10f1eb ("mm, compaction: use free lists to quickly locate a migration target") +Signed-off-by: Suzuki K Poulose +Reported-by: Marc Zyngier +Reviewed-by: Mel Gorman +Reviewed-by: Anshuman Khandual +Cc: Michal Hocko +Cc: Qian Cai +Cc: Marc Zyngier +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/compaction.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/compaction.c ++++ b/mm/compaction.c +@@ -1397,7 +1397,7 @@ fast_isolate_freepages(struct compact_co + page = pfn_to_page(highest); + cc->free_pfn = highest; + } else { +- if (cc->direct_compaction) { ++ if (cc->direct_compaction && pfn_valid(min_pfn)) { + page = pfn_to_page(min_pfn); + cc->free_pfn = min_pfn; + } diff --git a/queue-5.1/mm-memcg-consider-subtrees-in-memory.events.patch b/queue-5.1/mm-memcg-consider-subtrees-in-memory.events.patch new file mode 100644 index 00000000000..fb833d4f9bd --- /dev/null +++ b/queue-5.1/mm-memcg-consider-subtrees-in-memory.events.patch @@ -0,0 +1,181 @@ +From 9852ae3fe5293264f01c49f2571ef7688f7823ce Mon Sep 17 00:00:00 2001 +From: Chris Down +Date: Fri, 31 May 2019 22:30:22 -0700 +Subject: mm, memcg: consider subtrees in memory.events + +From: Chris Down + +commit 9852ae3fe5293264f01c49f2571ef7688f7823ce upstream. + +memory.stat and other files already consider subtrees in their output, and +we should too in order to not present an inconsistent interface. + +The current situation is fairly confusing, because people interacting with +cgroups expect hierarchical behaviour in the vein of memory.stat, +cgroup.events, and other files. For example, this causes confusion when +debugging reclaim events under low, as currently these always read "0" at +non-leaf memcg nodes, which frequently causes people to misdiagnose breach +behaviour. The same confusion applies to other counters in this file when +debugging issues. + +Aggregation is done at write time instead of at read-time since these +counters aren't hot (unlike memory.stat which is per-page, so it does it +at read time), and it makes sense to bundle this with the file +notifications. + +After this patch, events are propagated up the hierarchy: + + [root@ktst ~]# cat /sys/fs/cgroup/system.slice/memory.events + low 0 + high 0 + max 0 + oom 0 + oom_kill 0 + [root@ktst ~]# systemd-run -p MemoryMax=1 true + Running as unit: run-r251162a189fb4562b9dabfdc9b0422f5.service + [root@ktst ~]# cat /sys/fs/cgroup/system.slice/memory.events + low 0 + high 0 + max 7 + oom 1 + oom_kill 1 + +As this is a change in behaviour, this can be reverted to the old +behaviour by mounting with the `memory_localevents' flag set. However, we +use the new behaviour by default as there's a lack of evidence that there +are any current users of memory.events that would find this change +undesirable. + +akpm: this is a behaviour change, so Cc:stable. THis is so that +forthcoming distros which use cgroup v2 are more likely to pick up the +revised behaviour. + +Link: http://lkml.kernel.org/r/20190208224419.GA24772@chrisdown.name +Signed-off-by: Chris Down +Acked-by: Johannes Weiner +Reviewed-by: Shakeel Butt +Cc: Michal Hocko +Cc: Tejun Heo +Cc: Roman Gushchin +Cc: Dennis Zhou +Cc: Suren Baghdasaryan +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + Documentation/admin-guide/cgroup-v2.rst | 9 +++++++++ + include/linux/cgroup-defs.h | 5 +++++ + include/linux/memcontrol.h | 10 ++++++++-- + kernel/cgroup/cgroup.c | 16 ++++++++++++++-- + 4 files changed, 36 insertions(+), 4 deletions(-) + +--- a/Documentation/admin-guide/cgroup-v2.rst ++++ b/Documentation/admin-guide/cgroup-v2.rst +@@ -177,6 +177,15 @@ cgroup v2 currently supports the followi + ignored on non-init namespace mounts. Please refer to the + Delegation section for details. + ++ memory_localevents ++ ++ Only populate memory.events with data for the current cgroup, ++ and not any subtrees. This is legacy behaviour, the default ++ behaviour without this option is to include subtree counts. ++ This option is system wide and can only be set on mount or ++ modified through remount from the init namespace. The mount ++ option is ignored on non-init namespace mounts. ++ + + Organizing Processes and Threads + -------------------------------- +--- a/include/linux/cgroup-defs.h ++++ b/include/linux/cgroup-defs.h +@@ -83,6 +83,11 @@ enum { + * Enable cpuset controller in v1 cgroup to use v2 behavior. + */ + CGRP_ROOT_CPUSET_V2_MODE = (1 << 4), ++ ++ /* ++ * Enable legacy local memory.events. ++ */ ++ CGRP_ROOT_MEMORY_LOCAL_EVENTS = (1 << 5), + }; + + /* cftype->flags */ +--- a/include/linux/memcontrol.h ++++ b/include/linux/memcontrol.h +@@ -777,8 +777,14 @@ static inline void count_memcg_event_mm( + static inline void memcg_memory_event(struct mem_cgroup *memcg, + enum memcg_memory_event event) + { +- atomic_long_inc(&memcg->memory_events[event]); +- cgroup_file_notify(&memcg->events_file); ++ do { ++ atomic_long_inc(&memcg->memory_events[event]); ++ cgroup_file_notify(&memcg->events_file); ++ ++ if (cgrp_dfl_root.flags & CGRP_ROOT_MEMORY_LOCAL_EVENTS) ++ break; ++ } while ((memcg = parent_mem_cgroup(memcg)) && ++ !mem_cgroup_is_root(memcg)); + } + + static inline void memcg_memory_event_mm(struct mm_struct *mm, +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -1775,11 +1775,13 @@ int cgroup_show_path(struct seq_file *sf + + enum cgroup2_param { + Opt_nsdelegate, ++ Opt_memory_localevents, + nr__cgroup2_params + }; + + static const struct fs_parameter_spec cgroup2_param_specs[] = { +- fsparam_flag ("nsdelegate", Opt_nsdelegate), ++ fsparam_flag("nsdelegate", Opt_nsdelegate), ++ fsparam_flag("memory_localevents", Opt_memory_localevents), + {} + }; + +@@ -1802,6 +1804,9 @@ static int cgroup2_parse_param(struct fs + case Opt_nsdelegate: + ctx->flags |= CGRP_ROOT_NS_DELEGATE; + return 0; ++ case Opt_memory_localevents: ++ ctx->flags |= CGRP_ROOT_MEMORY_LOCAL_EVENTS; ++ return 0; + } + return -EINVAL; + } +@@ -1813,6 +1818,11 @@ static void apply_cgroup_root_flags(unsi + cgrp_dfl_root.flags |= CGRP_ROOT_NS_DELEGATE; + else + cgrp_dfl_root.flags &= ~CGRP_ROOT_NS_DELEGATE; ++ ++ if (root_flags & CGRP_ROOT_MEMORY_LOCAL_EVENTS) ++ cgrp_dfl_root.flags |= CGRP_ROOT_MEMORY_LOCAL_EVENTS; ++ else ++ cgrp_dfl_root.flags &= ~CGRP_ROOT_MEMORY_LOCAL_EVENTS; + } + } + +@@ -1820,6 +1830,8 @@ static int cgroup_show_options(struct se + { + if (cgrp_dfl_root.flags & CGRP_ROOT_NS_DELEGATE) + seq_puts(seq, ",nsdelegate"); ++ if (cgrp_dfl_root.flags & CGRP_ROOT_MEMORY_LOCAL_EVENTS) ++ seq_puts(seq, ",memory_localevents"); + return 0; + } + +@@ -6122,7 +6134,7 @@ static struct kobj_attribute cgroup_dele + static ssize_t features_show(struct kobject *kobj, struct kobj_attribute *attr, + char *buf) + { +- return snprintf(buf, PAGE_SIZE, "nsdelegate\n"); ++ return snprintf(buf, PAGE_SIZE, "nsdelegate\nmemory_localevents\n"); + } + static struct kobj_attribute cgroup_features_attr = __ATTR_RO(features); + diff --git a/queue-5.1/revert-lockd-show-pid-of-lockd-for-remote-locks.patch b/queue-5.1/revert-lockd-show-pid-of-lockd-for-remote-locks.patch new file mode 100644 index 00000000000..76a04a8f9fa --- /dev/null +++ b/queue-5.1/revert-lockd-show-pid-of-lockd-for-remote-locks.patch @@ -0,0 +1,68 @@ +From 141731d15d6eb2fd9aaefbf9b935ce86ae243074 Mon Sep 17 00:00:00 2001 +From: Benjamin Coddington +Date: Mon, 20 May 2019 10:33:07 -0400 +Subject: Revert "lockd: Show pid of lockd for remote locks" + +From: Benjamin Coddington + +commit 141731d15d6eb2fd9aaefbf9b935ce86ae243074 upstream. + +This reverts most of commit b8eee0e90f97 ("lockd: Show pid of lockd for +remote locks"), which caused remote locks to not be differentiated between +remote processes for NLM. + +We retain the fixup for setting the client's fl_pid to a negative value. + +Fixes: b8eee0e90f97 ("lockd: Show pid of lockd for remote locks") +Cc: stable@vger.kernel.org + +Signed-off-by: Benjamin Coddington +Reviewed-by: XueWei Zhang +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/lockd/xdr.c | 4 ++-- + fs/lockd/xdr4.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/fs/lockd/xdr.c ++++ b/fs/lockd/xdr.c +@@ -127,7 +127,7 @@ nlm_decode_lock(__be32 *p, struct nlm_lo + + locks_init_lock(fl); + fl->fl_owner = current->files; +- fl->fl_pid = current->tgid; ++ fl->fl_pid = (pid_t)lock->svid; + fl->fl_flags = FL_POSIX; + fl->fl_type = F_RDLCK; /* as good as anything else */ + start = ntohl(*p++); +@@ -269,7 +269,7 @@ nlmsvc_decode_shareargs(struct svc_rqst + memset(lock, 0, sizeof(*lock)); + locks_init_lock(&lock->fl); + lock->svid = ~(u32) 0; +- lock->fl.fl_pid = current->tgid; ++ lock->fl.fl_pid = (pid_t)lock->svid; + + if (!(p = nlm_decode_cookie(p, &argp->cookie)) + || !(p = xdr_decode_string_inplace(p, &lock->caller, +--- a/fs/lockd/xdr4.c ++++ b/fs/lockd/xdr4.c +@@ -119,7 +119,7 @@ nlm4_decode_lock(__be32 *p, struct nlm_l + + locks_init_lock(fl); + fl->fl_owner = current->files; +- fl->fl_pid = current->tgid; ++ fl->fl_pid = (pid_t)lock->svid; + fl->fl_flags = FL_POSIX; + fl->fl_type = F_RDLCK; /* as good as anything else */ + p = xdr_decode_hyper(p, &start); +@@ -266,7 +266,7 @@ nlm4svc_decode_shareargs(struct svc_rqst + memset(lock, 0, sizeof(*lock)); + locks_init_lock(&lock->fl); + lock->svid = ~(u32) 0; +- lock->fl.fl_pid = current->tgid; ++ lock->fl.fl_pid = (pid_t)lock->svid; + + if (!(p = nlm4_decode_cookie(p, &argp->cookie)) + || !(p = xdr_decode_string_inplace(p, &lock->caller, diff --git a/queue-5.1/serial-sh-sci-disable-dma-for-uart_console.patch b/queue-5.1/serial-sh-sci-disable-dma-for-uart_console.patch new file mode 100644 index 00000000000..18e61c997eb --- /dev/null +++ b/queue-5.1/serial-sh-sci-disable-dma-for-uart_console.patch @@ -0,0 +1,46 @@ +From 099506cbbc79c0bd52b19cb6b930f256dabc3950 Mon Sep 17 00:00:00 2001 +From: "George G. Davis" +Date: Tue, 14 May 2019 23:29:34 -0400 +Subject: serial: sh-sci: disable DMA for uart_console + +From: George G. Davis + +commit 099506cbbc79c0bd52b19cb6b930f256dabc3950 upstream. + +As noted in commit 84b40e3b57ee ("serial: 8250: omap: Disable DMA for +console UART"), UART console lines use low-level PIO only access functions +which will conflict with use of the line when DMA is enabled, e.g. when +the console line is also used for systemd messages. So disable DMA +support for UART console lines. + +Reported-by: Michael Rodin +Link: https://patchwork.kernel.org/patch/10929511/ +Tested-by: Eugeniu Rosca +Reviewed-by: Simon Horman +Reviewed-by: Wolfram Sang +Reviewed-by: Geert Uytterhoeven +Cc: stable@vger.kernel.org +Signed-off-by: George G. Davis +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/sh-sci.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/tty/serial/sh-sci.c ++++ b/drivers/tty/serial/sh-sci.c +@@ -1557,6 +1557,13 @@ static void sci_request_dma(struct uart_ + + dev_dbg(port->dev, "%s: port %d\n", __func__, port->line); + ++ /* ++ * DMA on console may interfere with Kernel log messages which use ++ * plain putchar(). So, simply don't use it with a console. ++ */ ++ if (uart_console(port)) ++ return; ++ + if (!port->dev->of_node) + return; + diff --git a/queue-5.1/series b/queue-5.1/series index d7e71aad036..1f8ea05d12b 100644 --- a/queue-5.1/series +++ b/queue-5.1/series @@ -40,3 +40,31 @@ alsa-line6-assure-canceling-delayed-work-at-disconnection.patch alsa-hda-realtek-set-default-power-save-node-to-0.patch alsa-hda-realtek-improve-the-headset-mic-for-acer-aspire-laptops.patch kvm-s390-do-not-report-unusabled-ids-via-kvm_cap_max_vcpu_id.patch +drm-nouveau-i2c-disable-i2c-bus-access-after-fini.patch +i2c-mlxcpld-fix-wrong-initialization-order-in-probe.patch +i2c-synquacer-fix-synquacer_i2c_doxfer-return-value.patch +tty-serial-msm_serial-fix-xon-xoff.patch +tty-max310x-fix-external-crystal-register-setup.patch +mm-memcg-consider-subtrees-in-memory.events.patch +memcg-make-it-work-on-sparse-non-0-node-systems.patch +kasan-initialize-tag-to-0xff-in-__kasan_kmalloc.patch +kernel-signal.c-trace_signal_deliver-when-signal_group_exit.patch +signal-arm64-use-force_sig-not-force_sig_fault-for-sigkill.patch +mm-compaction-make-sure-we-isolate-a-valid-pfn.patch +arm64-fix-the-arm64_personality-syscall-wrapper-redirection.patch +docs-fix-conf.py-for-sphinx-2.0.patch +doc-cope-with-the-deprecation-of-autoreporter.patch +doc-cope-with-sphinx-logging-deprecations.patch +x86-ima-check-efi_runtime_services-before-using.patch +ima-fix-wrong-signed-policy-requirement-when-not-appraising.patch +ima-show-rules-with-ima_inmask-correctly.patch +evm-check-hash-algorithm-passed-to-init_desc.patch +clk-imx-imx8mm-fix-int-pll-clk-gate.patch +vt-fbcon-deinitialize-resources-in-visual_init-after-failed-memory-allocation.patch +serial-sh-sci-disable-dma-for-uart_console.patch +staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch +staging-wlan-ng-fix-adapter-initialization-failure.patch +cifs-fix-memory-leak-of-pneg_inbuf-on-eopnotsupp-ioctl-case.patch +cifs-cifs_read_allocate_pages-don-t-iterate-through-whole-page-array-on-enomem.patch +revert-lockd-show-pid-of-lockd-for-remote-locks.patch +gcc-plugins-fix-build-failures-under-darwin-host.patch diff --git a/queue-5.1/signal-arm64-use-force_sig-not-force_sig_fault-for-sigkill.patch b/queue-5.1/signal-arm64-use-force_sig-not-force_sig_fault-for-sigkill.patch new file mode 100644 index 00000000000..32e3f365ba8 --- /dev/null +++ b/queue-5.1/signal-arm64-use-force_sig-not-force_sig_fault-for-sigkill.patch @@ -0,0 +1,55 @@ +From d76cac67db40c172791ce07948367b96a758e45b Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" +Date: Thu, 23 May 2019 11:11:19 -0500 +Subject: signal/arm64: Use force_sig not force_sig_fault for SIGKILL + +From: Eric W. Biederman + +commit d76cac67db40c172791ce07948367b96a758e45b upstream. + +I don't think this is userspace visible but SIGKILL does not have +any si_codes that use the fault member of the siginfo union. Correct +this the simple way and call force_sig instead of force_sig_fault when +the signal is SIGKILL. + +The two know places where synchronous SIGKILL are generated are +do_bad_area and fpsimd_save. The call paths to force_sig_fault are: +do_bad_area + arm64_force_sig_fault + force_sig_fault +force_signal_inject + arm64_notify_die + arm64_force_sig_fault + force_sig_fault + +Which means correcting this in arm64_force_sig_fault is enough +to ensure the arm64 code is not misusing the generic code, which +could lead to maintenance problems later. + +Cc: stable@vger.kernel.org +Cc: Dave Martin +Cc: James Morse +Cc: Will Deacon +Fixes: af40ff687bc9 ("arm64: signal: Ensure si_code is valid for all fault signals") +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/traps.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/arch/arm64/kernel/traps.c ++++ b/arch/arm64/kernel/traps.c +@@ -256,7 +256,10 @@ void arm64_force_sig_fault(int signo, in + const char *str) + { + arm64_show_signal(signo, str); +- force_sig_fault(signo, code, addr, current); ++ if (signo == SIGKILL) ++ force_sig(SIGKILL, current); ++ else ++ force_sig_fault(signo, code, addr, current); + } + + void arm64_force_sig_mceerr(int code, void __user *addr, short lsb, diff --git a/queue-5.1/staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch b/queue-5.1/staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch new file mode 100644 index 00000000000..a38cfed40bb --- /dev/null +++ b/queue-5.1/staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch @@ -0,0 +1,55 @@ +From ca641bae6da977d638458e78cd1487b6160a2718 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 15 May 2019 12:38:33 +0300 +Subject: staging: vc04_services: prevent integer overflow in create_pagelist() + +From: Dan Carpenter + +commit ca641bae6da977d638458e78cd1487b6160a2718 upstream. + +The create_pagelist() "count" parameter comes from the user in +vchiq_ioctl() and it could overflow. If you look at how create_page() +is called in vchiq_prepare_bulk_data(), then the "size" variable is an +int so it doesn't make sense to allow negatives or larger than INT_MAX. + +I don't know this code terribly well, but I believe that typical values +of "count" are typically quite low and I don't think this check will +affect normal valid uses at all. + +The "pagelist_size" calculation can also overflow on 32 bit systems, but +not on 64 bit systems. I have added an integer overflow check for that +as well. + +The Raspberry PI doesn't offer the same level of memory protection that +x86 does so these sorts of bugs are probably not super critical to fix. + +Fixes: 71bad7f08641 ("staging: add bcm2708 vchiq driver") +Signed-off-by: Dan Carpenter +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c ++++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_2835_arm.c +@@ -398,9 +398,18 @@ create_pagelist(char __user *buf, size_t + int dma_buffers; + dma_addr_t dma_addr; + ++ if (count >= INT_MAX - PAGE_SIZE) ++ return NULL; ++ + offset = ((unsigned int)(unsigned long)buf & (PAGE_SIZE - 1)); + num_pages = DIV_ROUND_UP(count + offset, PAGE_SIZE); + ++ if (num_pages > (SIZE_MAX - sizeof(struct pagelist) - ++ sizeof(struct vchiq_pagelist_info)) / ++ (sizeof(u32) + sizeof(pages[0]) + ++ sizeof(struct scatterlist))) ++ return NULL; ++ + pagelist_size = sizeof(struct pagelist) + + (num_pages * sizeof(u32)) + + (num_pages * sizeof(pages[0]) + diff --git a/queue-5.1/staging-wlan-ng-fix-adapter-initialization-failure.patch b/queue-5.1/staging-wlan-ng-fix-adapter-initialization-failure.patch new file mode 100644 index 00000000000..d5e59a17b37 --- /dev/null +++ b/queue-5.1/staging-wlan-ng-fix-adapter-initialization-failure.patch @@ -0,0 +1,52 @@ +From a67fedd788182764dc8ed59037c604b7e60349f1 Mon Sep 17 00:00:00 2001 +From: Tim Collier +Date: Sat, 11 May 2019 18:40:46 +0100 +Subject: staging: wlan-ng: fix adapter initialization failure + +From: Tim Collier + +commit a67fedd788182764dc8ed59037c604b7e60349f1 upstream. + +Commit e895f00a8496 ("Staging: wlan-ng: hfa384x_usb.c Fixed too long +code line warnings.") moved the retrieval of the transfer buffer from +the URB from the top of function hfa384x_usbin_callback to a point +after reposting of the URB via a call to submit_rx_urb. The reposting +of the URB allocates a new transfer buffer so the new buffer is +retrieved instead of the buffer containing the response passed into +the callback. This results in failure to initialize the adapter with +an error reported in the system log (something like "CTLX[1] error: +state(Request failed)"). + +This change moves the retrieval to just before the point where the URB +is reposted so that the correct transfer buffer is retrieved and +initialization of the device succeeds. + +Signed-off-by: Tim Collier +Fixes: e895f00a8496 ("Staging: wlan-ng: hfa384x_usb.c Fixed too long code line warnings.") +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/staging/wlan-ng/hfa384x_usb.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/staging/wlan-ng/hfa384x_usb.c ++++ b/drivers/staging/wlan-ng/hfa384x_usb.c +@@ -3119,7 +3119,9 @@ static void hfa384x_usbin_callback(struc + break; + } + ++ /* Save values from the RX URB before reposting overwrites it. */ + urb_status = urb->status; ++ usbin = (union hfa384x_usbin *)urb->transfer_buffer; + + if (action != ABORT) { + /* Repost the RX URB */ +@@ -3136,7 +3138,6 @@ static void hfa384x_usbin_callback(struc + /* Note: the check of the sw_support field, the type field doesn't + * have bit 12 set like the docs suggest. + */ +- usbin = (union hfa384x_usbin *)urb->transfer_buffer; + type = le16_to_cpu(usbin->type); + if (HFA384x_USB_ISRXFRM(type)) { + if (action == HANDLE) { diff --git a/queue-5.1/tty-max310x-fix-external-crystal-register-setup.patch b/queue-5.1/tty-max310x-fix-external-crystal-register-setup.patch new file mode 100644 index 00000000000..6dec46d0efc --- /dev/null +++ b/queue-5.1/tty-max310x-fix-external-crystal-register-setup.patch @@ -0,0 +1,42 @@ +From 5d24f455c182d5116dd5db8e1dc501115ecc9c2c Mon Sep 17 00:00:00 2001 +From: Joe Burmeister +Date: Mon, 13 May 2019 11:23:57 +0100 +Subject: tty: max310x: Fix external crystal register setup + +From: Joe Burmeister + +commit 5d24f455c182d5116dd5db8e1dc501115ecc9c2c upstream. + +The datasheet states: + + Bit 4: ClockEnSet the ClockEn bit high to enable an external clocking +(crystal or clock generator at XIN). Set the ClockEn bit to 0 to disable +clocking + Bit 1: CrystalEnSet the CrystalEn bit high to enable the crystal +oscillator. When using an external clock source at XIN, CrystalEn must +be set low. + +The bit 4, MAX310X_CLKSRC_EXTCLK_BIT, should be set and was not. + +This was required to make the MAX3107 with an external crystal on our +board able to send or receive data. + +Signed-off-by: Joe Burmeister +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/max310x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/serial/max310x.c ++++ b/drivers/tty/serial/max310x.c +@@ -581,7 +581,7 @@ static int max310x_set_ref_clk(struct de + } + + /* Configure clock source */ +- clksrc = xtal ? MAX310X_CLKSRC_CRYST_BIT : MAX310X_CLKSRC_EXTCLK_BIT; ++ clksrc = MAX310X_CLKSRC_EXTCLK_BIT | (xtal ? MAX310X_CLKSRC_CRYST_BIT : 0); + + /* Configure PLL */ + if (pllcfg) { diff --git a/queue-5.1/tty-serial-msm_serial-fix-xon-xoff.patch b/queue-5.1/tty-serial-msm_serial-fix-xon-xoff.patch new file mode 100644 index 00000000000..64b4ede753b --- /dev/null +++ b/queue-5.1/tty-serial-msm_serial-fix-xon-xoff.patch @@ -0,0 +1,53 @@ +From 61c0e37950b88bad590056286c1d766b1f167f4e Mon Sep 17 00:00:00 2001 +From: Jorge Ramirez-Ortiz +Date: Mon, 20 May 2019 20:38:48 +0200 +Subject: tty: serial: msm_serial: Fix XON/XOFF + +From: Jorge Ramirez-Ortiz + +commit 61c0e37950b88bad590056286c1d766b1f167f4e upstream. + +When the tty layer requests the uart to throttle, the current code +executing in msm_serial will trigger "Bad mode in Error Handler" and +generate an invalid stack frame in pstore before rebooting (that is if +pstore is indeed configured: otherwise the user shall just notice a +reboot with no further information dumped to the console). + +This patch replaces the PIO byte accessor with the word accessor +already used in PIO mode. + +Fixes: 68252424a7c7 ("tty: serial: msm: Support big-endian CPUs") +Cc: stable@vger.kernel.org +Signed-off-by: Jorge Ramirez-Ortiz +Reviewed-by: Bjorn Andersson +Reviewed-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/msm_serial.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/tty/serial/msm_serial.c ++++ b/drivers/tty/serial/msm_serial.c +@@ -860,6 +860,7 @@ static void msm_handle_tx(struct uart_po + struct circ_buf *xmit = &msm_port->uart.state->xmit; + struct msm_dma *dma = &msm_port->tx_dma; + unsigned int pio_count, dma_count, dma_min; ++ char buf[4] = { 0 }; + void __iomem *tf; + int err = 0; + +@@ -869,10 +870,12 @@ static void msm_handle_tx(struct uart_po + else + tf = port->membase + UART_TF; + ++ buf[0] = port->x_char; ++ + if (msm_port->is_uartdm) + msm_reset_dm_count(port, 1); + +- iowrite8_rep(tf, &port->x_char, 1); ++ iowrite32_rep(tf, buf, 1); + port->icount.tx++; + port->x_char = 0; + return; diff --git a/queue-5.1/vt-fbcon-deinitialize-resources-in-visual_init-after-failed-memory-allocation.patch b/queue-5.1/vt-fbcon-deinitialize-resources-in-visual_init-after-failed-memory-allocation.patch new file mode 100644 index 00000000000..6a8a10154f1 --- /dev/null +++ b/queue-5.1/vt-fbcon-deinitialize-resources-in-visual_init-after-failed-memory-allocation.patch @@ -0,0 +1,96 @@ +From a1ad1cc9704f64c169261a76e1aee1cf1ae51832 Mon Sep 17 00:00:00 2001 +From: Grzegorz Halat +Date: Fri, 26 Apr 2019 16:59:46 +0200 +Subject: vt/fbcon: deinitialize resources in visual_init() after failed memory allocation + +From: Grzegorz Halat + +commit a1ad1cc9704f64c169261a76e1aee1cf1ae51832 upstream. + +After memory allocation failure vc_allocate() doesn't clean up data +which has been initialized in visual_init(). In case of fbcon this +leads to divide-by-0 in fbcon_init() on next open of the same tty. + +memory allocation in vc_allocate() may fail here: +1097: vc->vc_screenbuf = kzalloc(vc->vc_screenbuf_size, GFP_KERNEL); + +on next open() fbcon_init() skips vc_font.data initialization: +1088: if (!p->fontdata) { + +division by zero in fbcon_init() happens here: +1149: new_cols /= vc->vc_font.width; + +Additional check is needed in fbcon_deinit() to prevent +usage of uninitialized vc_screenbuf: + +1251: if (vc->vc_hi_font_mask && vc->vc_screenbuf) +1252: set_vc_hi_font(vc, false); + +Crash: + + #6 [ffffc90001eafa60] divide_error at ffffffff81a00be4 + [exception RIP: fbcon_init+463] + RIP: ffffffff814b860f RSP: ffffc90001eafb18 RFLAGS: 00010246 +... + #7 [ffffc90001eafb60] visual_init at ffffffff8154c36e + #8 [ffffc90001eafb80] vc_allocate at ffffffff8154f53c + #9 [ffffc90001eafbc8] con_install at ffffffff8154f624 +... + +Signed-off-by: Grzegorz Halat +Reviewed-by: Oleksandr Natalenko +Acked-by: Bartlomiej Zolnierkiewicz +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/vt/vt.c | 11 +++++++++-- + drivers/video/fbdev/core/fbcon.c | 2 +- + 2 files changed, 10 insertions(+), 3 deletions(-) + +--- a/drivers/tty/vt/vt.c ++++ b/drivers/tty/vt/vt.c +@@ -1056,6 +1056,13 @@ static void visual_init(struct vc_data * + vc->vc_screenbuf_size = vc->vc_rows * vc->vc_size_row; + } + ++ ++static void visual_deinit(struct vc_data *vc) ++{ ++ vc->vc_sw->con_deinit(vc); ++ module_put(vc->vc_sw->owner); ++} ++ + int vc_allocate(unsigned int currcons) /* return 0 on success */ + { + struct vt_notifier_param param; +@@ -1103,6 +1110,7 @@ int vc_allocate(unsigned int currcons) / + + return 0; + err_free: ++ visual_deinit(vc); + kfree(vc); + vc_cons[currcons].d = NULL; + return -ENOMEM; +@@ -1331,9 +1339,8 @@ struct vc_data *vc_deallocate(unsigned i + param.vc = vc = vc_cons[currcons].d; + atomic_notifier_call_chain(&vt_notifier_list, VT_DEALLOCATE, ¶m); + vcs_remove_sysfs(currcons); +- vc->vc_sw->con_deinit(vc); ++ visual_deinit(vc); + put_pid(vc->vt_pid); +- module_put(vc->vc_sw->owner); + vc_uniscr_set(vc, NULL); + kfree(vc->vc_screenbuf); + vc_cons[currcons].d = NULL; +--- a/drivers/video/fbdev/core/fbcon.c ++++ b/drivers/video/fbdev/core/fbcon.c +@@ -1248,7 +1248,7 @@ finished: + if (free_font) + vc->vc_font.data = NULL; + +- if (vc->vc_hi_font_mask) ++ if (vc->vc_hi_font_mask && vc->vc_screenbuf) + set_vc_hi_font(vc, false); + + if (!con_is_bound(&fb_con)) diff --git a/queue-5.1/x86-ima-check-efi_runtime_services-before-using.patch b/queue-5.1/x86-ima-check-efi_runtime_services-before-using.patch new file mode 100644 index 00000000000..53e7a95aef1 --- /dev/null +++ b/queue-5.1/x86-ima-check-efi_runtime_services-before-using.patch @@ -0,0 +1,39 @@ +From 558b523d46289f111d53d7c42211069063be5985 Mon Sep 17 00:00:00 2001 +From: Scott Wood +Date: Tue, 23 Apr 2019 17:48:07 -0500 +Subject: x86/ima: Check EFI_RUNTIME_SERVICES before using + +From: Scott Wood + +commit 558b523d46289f111d53d7c42211069063be5985 upstream. + +Checking efi_enabled(EFI_BOOT) is not sufficient to ensure that +EFI runtime services are available, e.g. if efi=noruntime is used. + +Without this, I get an oops on a PREEMPT_RT kernel where efi=noruntime is +the default. + +Fixes: 399574c64eaf94e8 ("x86/ima: retry detecting secure boot mode") +Cc: stable@vger.kernel.org (linux-5.0) +Signed-off-by: Scott Wood +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/ima_arch.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/x86/kernel/ima_arch.c ++++ b/arch/x86/kernel/ima_arch.c +@@ -17,6 +17,11 @@ static enum efi_secureboot_mode get_sb_m + + size = sizeof(secboot); + ++ if (!efi_enabled(EFI_RUNTIME_SERVICES)) { ++ pr_info("ima: secureboot mode unknown, no efi\n"); ++ return efi_secureboot_mode_unknown; ++ } ++ + /* Get variable contents into buffer */ + status = efi.get_variable(efi_SecureBoot_name, &efi_variable_guid, + NULL, &size, &secboot); -- 2.47.2