From 8d20d97a982f1d30f25065a72079c0fdbe0c811e Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 8 Oct 2019 09:56:34 +0200 Subject: [PATCH] 4.4-stable patches added patches: asoc-define-a-set-of-dapm-pre-post-up-events.patch can-mcp251x-mcp251x_hw_reset-allow-more-time-after-a-reset.patch crypto-qat-silence-smp_processor_id-warning.patch kvm-nvmx-handle-page-fault-in-vmread-fix.patch kvm-s390-test-for-bad-access-register-and-size-at-the-start-of-s390_mem_op.patch powerpc-powernv-restrict-opal-symbol-map-to-only-be-readable-by-root.patch s390-cio-avoid-calling-strlen-on-null-pointer.patch s390-cio-exclude-subchannels-with-no-parent-from-pseudo-check.patch s390-topology-avoid-firing-events-before-kobjs-are-created.patch --- ...ine-a-set-of-dapm-pre-post-up-events.patch | 36 ++++++++++ ..._reset-allow-more-time-after-a-reset.patch | 57 ++++++++++++++++ ...qat-silence-smp_processor_id-warning.patch | 68 +++++++++++++++++++ ...nvmx-handle-page-fault-in-vmread-fix.patch | 60 ++++++++++++++++ ...and-size-at-the-start-of-s390_mem_op.patch | 50 ++++++++++++++ ...mbol-map-to-only-be-readable-by-root.patch | 54 +++++++++++++++ ...avoid-calling-strlen-on-null-pointer.patch | 55 +++++++++++++++ ...els-with-no-parent-from-pseudo-check.patch | 54 +++++++++++++++ ...ring-events-before-kobjs-are-created.patch | 61 +++++++++++++++++ queue-4.4/series | 9 +++ 10 files changed, 504 insertions(+) create mode 100644 queue-4.4/asoc-define-a-set-of-dapm-pre-post-up-events.patch create mode 100644 queue-4.4/can-mcp251x-mcp251x_hw_reset-allow-more-time-after-a-reset.patch create mode 100644 queue-4.4/crypto-qat-silence-smp_processor_id-warning.patch create mode 100644 queue-4.4/kvm-nvmx-handle-page-fault-in-vmread-fix.patch create mode 100644 queue-4.4/kvm-s390-test-for-bad-access-register-and-size-at-the-start-of-s390_mem_op.patch create mode 100644 queue-4.4/powerpc-powernv-restrict-opal-symbol-map-to-only-be-readable-by-root.patch create mode 100644 queue-4.4/s390-cio-avoid-calling-strlen-on-null-pointer.patch create mode 100644 queue-4.4/s390-cio-exclude-subchannels-with-no-parent-from-pseudo-check.patch create mode 100644 queue-4.4/s390-topology-avoid-firing-events-before-kobjs-are-created.patch create mode 100644 queue-4.4/series diff --git a/queue-4.4/asoc-define-a-set-of-dapm-pre-post-up-events.patch b/queue-4.4/asoc-define-a-set-of-dapm-pre-post-up-events.patch new file mode 100644 index 00000000000..4837a22d671 --- /dev/null +++ b/queue-4.4/asoc-define-a-set-of-dapm-pre-post-up-events.patch @@ -0,0 +1,36 @@ +From cfc8f568aada98f9608a0a62511ca18d647613e2 Mon Sep 17 00:00:00 2001 +From: Oleksandr Suvorov +Date: Fri, 19 Jul 2019 10:05:30 +0000 +Subject: ASoC: Define a set of DAPM pre/post-up events + +From: Oleksandr Suvorov + +commit cfc8f568aada98f9608a0a62511ca18d647613e2 upstream. + +Prepare to use SND_SOC_DAPM_PRE_POST_PMU definition to +reduce coming code size and make it more readable. + +Cc: stable@vger.kernel.org +Signed-off-by: Oleksandr Suvorov +Reviewed-by: Marcel Ziswiler +Reviewed-by: Igor Opaniuk +Reviewed-by: Fabio Estevam +Link: https://lore.kernel.org/r/20190719100524.23300-2-oleksandr.suvorov@toradex.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + include/sound/soc-dapm.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/include/sound/soc-dapm.h ++++ b/include/sound/soc-dapm.h +@@ -335,6 +335,8 @@ struct device; + #define SND_SOC_DAPM_WILL_PMD 0x80 /* called at start of sequence */ + #define SND_SOC_DAPM_PRE_POST_PMD \ + (SND_SOC_DAPM_PRE_PMD | SND_SOC_DAPM_POST_PMD) ++#define SND_SOC_DAPM_PRE_POST_PMU \ ++ (SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_POST_PMU) + + /* convenience event type detection */ + #define SND_SOC_DAPM_EVENT_ON(e) \ diff --git a/queue-4.4/can-mcp251x-mcp251x_hw_reset-allow-more-time-after-a-reset.patch b/queue-4.4/can-mcp251x-mcp251x_hw_reset-allow-more-time-after-a-reset.patch new file mode 100644 index 00000000000..48af9488572 --- /dev/null +++ b/queue-4.4/can-mcp251x-mcp251x_hw_reset-allow-more-time-after-a-reset.patch @@ -0,0 +1,57 @@ +From d84ea2123f8d27144e3f4d58cd88c9c6ddc799de Mon Sep 17 00:00:00 2001 +From: Marc Kleine-Budde +Date: Tue, 13 Aug 2019 16:01:02 +0200 +Subject: can: mcp251x: mcp251x_hw_reset(): allow more time after a reset + +From: Marc Kleine-Budde + +commit d84ea2123f8d27144e3f4d58cd88c9c6ddc799de upstream. + +Some boards take longer than 5ms to power up after a reset, so allow +some retries attempts before giving up. + +Fixes: ff06d611a31c ("can: mcp251x: Improve mcp251x_hw_reset()") +Cc: linux-stable +Tested-by: Sean Nyekjaer +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/can/spi/mcp251x.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +--- a/drivers/net/can/spi/mcp251x.c ++++ b/drivers/net/can/spi/mcp251x.c +@@ -627,7 +627,7 @@ static int mcp251x_setup(struct net_devi + static int mcp251x_hw_reset(struct spi_device *spi) + { + struct mcp251x_priv *priv = spi_get_drvdata(spi); +- u8 reg; ++ unsigned long timeout; + int ret; + + /* Wait for oscillator startup timer after power up */ +@@ -641,10 +641,19 @@ static int mcp251x_hw_reset(struct spi_d + /* Wait for oscillator startup timer after reset */ + mdelay(MCP251X_OST_DELAY_MS); + +- reg = mcp251x_read_reg(spi, CANSTAT); +- if ((reg & CANCTRL_REQOP_MASK) != CANCTRL_REQOP_CONF) +- return -ENODEV; +- ++ /* Wait for reset to finish */ ++ timeout = jiffies + HZ; ++ while ((mcp251x_read_reg(spi, CANSTAT) & CANCTRL_REQOP_MASK) != ++ CANCTRL_REQOP_CONF) { ++ usleep_range(MCP251X_OST_DELAY_MS * 1000, ++ MCP251X_OST_DELAY_MS * 1000 * 2); ++ ++ if (time_after(jiffies, timeout)) { ++ dev_err(&spi->dev, ++ "MCP251x didn't enter in conf mode after reset\n"); ++ return -EBUSY; ++ } ++ } + return 0; + } + diff --git a/queue-4.4/crypto-qat-silence-smp_processor_id-warning.patch b/queue-4.4/crypto-qat-silence-smp_processor_id-warning.patch new file mode 100644 index 00000000000..569785b995c --- /dev/null +++ b/queue-4.4/crypto-qat-silence-smp_processor_id-warning.patch @@ -0,0 +1,68 @@ +From 1b82feb6c5e1996513d0fb0bbb475417088b4954 Mon Sep 17 00:00:00 2001 +From: Alexander Sverdlin +Date: Tue, 23 Jul 2019 07:24:01 +0000 +Subject: crypto: qat - Silence smp_processor_id() warning + +From: Alexander Sverdlin + +commit 1b82feb6c5e1996513d0fb0bbb475417088b4954 upstream. + +It seems that smp_processor_id() is only used for a best-effort +load-balancing, refer to qat_crypto_get_instance_node(). It's not feasible +to disable preemption for the duration of the crypto requests. Therefore, +just silence the warning. This commit is similar to e7a9b05ca4 +("crypto: cavium - Fix smp_processor_id() warnings"). + +Silences the following splat: +BUG: using smp_processor_id() in preemptible [00000000] code: cryptomgr_test/2904 +caller is qat_alg_ablkcipher_setkey+0x300/0x4a0 [intel_qat] +CPU: 1 PID: 2904 Comm: cryptomgr_test Tainted: P O 4.14.69 #1 +... +Call Trace: + dump_stack+0x5f/0x86 + check_preemption_disabled+0xd3/0xe0 + qat_alg_ablkcipher_setkey+0x300/0x4a0 [intel_qat] + skcipher_setkey_ablkcipher+0x2b/0x40 + __test_skcipher+0x1f3/0xb20 + ? cpumask_next_and+0x26/0x40 + ? find_busiest_group+0x10e/0x9d0 + ? preempt_count_add+0x49/0xa0 + ? try_module_get+0x61/0xf0 + ? crypto_mod_get+0x15/0x30 + ? __kmalloc+0x1df/0x1f0 + ? __crypto_alloc_tfm+0x116/0x180 + ? crypto_skcipher_init_tfm+0xa6/0x180 + ? crypto_create_tfm+0x4b/0xf0 + test_skcipher+0x21/0xa0 + alg_test_skcipher+0x3f/0xa0 + alg_test.part.6+0x126/0x2a0 + ? finish_task_switch+0x21b/0x260 + ? __schedule+0x1e9/0x800 + ? __wake_up_common+0x8d/0x140 + cryptomgr_test+0x40/0x50 + kthread+0xff/0x130 + ? cryptomgr_notify+0x540/0x540 + ? kthread_create_on_node+0x70/0x70 + ret_from_fork+0x24/0x50 + +Fixes: ed8ccaef52 ("crypto: qat - Add support for SRIOV") +Cc: stable@vger.kernel.org +Signed-off-by: Alexander Sverdlin +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/crypto/qat/qat_common/adf_common_drv.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/crypto/qat/qat_common/adf_common_drv.h ++++ b/drivers/crypto/qat/qat_common/adf_common_drv.h +@@ -95,7 +95,7 @@ struct service_hndl { + + static inline int get_current_node(void) + { +- return topology_physical_package_id(smp_processor_id()); ++ return topology_physical_package_id(raw_smp_processor_id()); + } + + int adf_service_register(struct service_hndl *service); diff --git a/queue-4.4/kvm-nvmx-handle-page-fault-in-vmread-fix.patch b/queue-4.4/kvm-nvmx-handle-page-fault-in-vmread-fix.patch new file mode 100644 index 00000000000..f864c364b88 --- /dev/null +++ b/queue-4.4/kvm-nvmx-handle-page-fault-in-vmread-fix.patch @@ -0,0 +1,60 @@ +From jinpuwang@gmail.com Tue Oct 8 09:22:17 2019 +From: Jack Wang +Date: Mon, 7 Oct 2019 14:36:53 +0200 +Subject: KVM: nVMX: handle page fault in vmread fix +To: gregkh@linuxfoundation.org, sashal@kernel.org, stable@vger.kernel.org, pbonzini@redhat.com +Cc: Jack Wang +Message-ID: <20191007123653.17961-1-jinpuwang@gmail.com> + +From: Jack Wang + +During backport f7eea636c3d5 ("KVM: nVMX: handle page fault in vmread"), +there was a mistake the exception reference should be passed to function +kvm_write_guest_virt_system, instead of NULL, other wise, we will get +NULL pointer deref, eg + +kvm-unit-test triggered a NULL pointer deref below: +[ 948.518437] kvm [24114]: vcpu0, guest rIP: 0x407ef9 kvm_set_msr_common: MSR_IA32_DEBUGCTLMSR 0x3, nop +[ 949.106464] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 +[ 949.106707] PGD 0 P4D 0 +[ 949.106872] Oops: 0002 [#1] SMP +[ 949.107038] CPU: 2 PID: 24126 Comm: qemu-2.7 Not tainted 4.19.77-pserver #4.19.77-1+feature+daily+update+20191005.1625+a4168bb~deb9 +[ 949.107283] Hardware name: Dell Inc. Precision Tower 3620/09WH54, BIOS 2.7.3 01/31/2018 +[ 949.107549] RIP: 0010:kvm_write_guest_virt_system+0x12/0x40 [kvm] +[ 949.107719] Code: c0 5d 41 5c 41 5d 41 5e 83 f8 03 41 0f 94 c0 41 c1 e0 02 e9 b0 ed ff ff 0f 1f 44 00 00 48 89 f0 c6 87 59 56 00 00 01 48 89 d6 <49> c7 00 00 00 00 00 89 ca 49 c7 40 08 00 00 00 00 49 c7 40 10 00 +[ 949.108044] RSP: 0018:ffffb31b0a953cb0 EFLAGS: 00010202 +[ 949.108216] RAX: 000000000046b4d8 RBX: ffff9e9f415b0000 RCX: 0000000000000008 +[ 949.108389] RDX: ffffb31b0a953cc0 RSI: ffffb31b0a953cc0 RDI: ffff9e9f415b0000 +[ 949.108562] RBP: 00000000d2e14928 R08: 0000000000000000 R09: 0000000000000000 +[ 949.108733] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffffffffc8 +[ 949.108907] R13: 0000000000000002 R14: ffff9e9f4f26f2e8 R15: 0000000000000000 +[ 949.109079] FS: 00007eff8694c700(0000) GS:ffff9e9f51a80000(0000) knlGS:0000000031415928 +[ 949.109318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 949.109495] CR2: 0000000000000000 CR3: 00000003be53b002 CR4: 00000000003626e0 +[ 949.109671] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 949.109845] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 949.110017] Call Trace: +[ 949.110186] handle_vmread+0x22b/0x2f0 [kvm_intel] +[ 949.110356] ? vmexit_fill_RSB+0xc/0x30 [kvm_intel] +[ 949.110549] kvm_arch_vcpu_ioctl_run+0xa98/0x1b30 [kvm] +[ 949.110725] ? kvm_vcpu_ioctl+0x388/0x5d0 [kvm] +[ 949.110901] kvm_vcpu_ioctl+0x388/0x5d0 [kvm] +[ 949.111072] do_vfs_ioctl+0xa2/0x620 + +Signed-off-by: Jack Wang +Acked-by: Paolo Bonzini +--- + arch/x86/kvm/vmx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -7276,7 +7276,7 @@ static int handle_vmread(struct kvm_vcpu + /* _system ok, as nested_vmx_check_permission verified cpl=0 */ + if (kvm_write_guest_virt_system(vcpu, gva, &field_value, + (is_long_mode(vcpu) ? 8 : 4), +- NULL)) ++ &e)) + kvm_inject_page_fault(vcpu, &e); + } + diff --git a/queue-4.4/kvm-s390-test-for-bad-access-register-and-size-at-the-start-of-s390_mem_op.patch b/queue-4.4/kvm-s390-test-for-bad-access-register-and-size-at-the-start-of-s390_mem_op.patch new file mode 100644 index 00000000000..a6cde84eadd --- /dev/null +++ b/queue-4.4/kvm-s390-test-for-bad-access-register-and-size-at-the-start-of-s390_mem_op.patch @@ -0,0 +1,50 @@ +From a13b03bbb4575b350b46090af4dfd30e735aaed1 Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Thu, 29 Aug 2019 14:25:17 +0200 +Subject: KVM: s390: Test for bad access register and size at the start of S390_MEM_OP + +From: Thomas Huth + +commit a13b03bbb4575b350b46090af4dfd30e735aaed1 upstream. + +If the KVM_S390_MEM_OP ioctl is called with an access register >= 16, +then there is certainly a bug in the calling userspace application. +We check for wrong access registers, but only if the vCPU was already +in the access register mode before (i.e. the SIE block has recorded +it). The check is also buried somewhere deep in the calling chain (in +the function ar_translation()), so this is somewhat hard to find. + +It's better to always report an error to the userspace in case this +field is set wrong, and it's safer in the KVM code if we block wrong +values here early instead of relying on a check somewhere deep down +the calling chain, so let's add another check to kvm_s390_guest_mem_op() +directly. + +We also should check that the "size" is non-zero here (thanks to Janosch +Frank for the hint!). If we do not check the size, we could call vmalloc() +with this 0 value, and this will cause a kernel warning. + +Signed-off-by: Thomas Huth +Link: https://lkml.kernel.org/r/20190829122517.31042-1-thuth@redhat.com +Reviewed-by: Cornelia Huck +Reviewed-by: Janosch Frank +Reviewed-by: David Hildenbrand +Cc: stable@vger.kernel.org +Signed-off-by: Christian Borntraeger +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/kvm/kvm-s390.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/s390/kvm/kvm-s390.c ++++ b/arch/s390/kvm/kvm-s390.c +@@ -2471,7 +2471,7 @@ static long kvm_s390_guest_mem_op(struct + const u64 supported_flags = KVM_S390_MEMOP_F_INJECT_EXCEPTION + | KVM_S390_MEMOP_F_CHECK_ONLY; + +- if (mop->flags & ~supported_flags) ++ if (mop->flags & ~supported_flags || mop->ar >= NUM_ACRS || !mop->size) + return -EINVAL; + + if (mop->size > MEM_OP_MAX_SIZE) diff --git a/queue-4.4/powerpc-powernv-restrict-opal-symbol-map-to-only-be-readable-by-root.patch b/queue-4.4/powerpc-powernv-restrict-opal-symbol-map-to-only-be-readable-by-root.patch new file mode 100644 index 00000000000..6514c4d8bed --- /dev/null +++ b/queue-4.4/powerpc-powernv-restrict-opal-symbol-map-to-only-be-readable-by-root.patch @@ -0,0 +1,54 @@ +From e7de4f7b64c23e503a8c42af98d56f2a7462bd6d Mon Sep 17 00:00:00 2001 +From: Andrew Donnellan +Date: Fri, 3 May 2019 17:52:53 +1000 +Subject: powerpc/powernv: Restrict OPAL symbol map to only be readable by root + +From: Andrew Donnellan + +commit e7de4f7b64c23e503a8c42af98d56f2a7462bd6d upstream. + +Currently the OPAL symbol map is globally readable, which seems bad as +it contains physical addresses. + +Restrict it to root. + +Fixes: c8742f85125d ("powerpc/powernv: Expose OPAL firmware symbol map") +Cc: stable@vger.kernel.org # v3.19+ +Suggested-by: Michael Ellerman +Signed-off-by: Andrew Donnellan +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20190503075253.22798-1-ajd@linux.ibm.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/powernv/opal.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/arch/powerpc/platforms/powernv/opal.c ++++ b/arch/powerpc/platforms/powernv/opal.c +@@ -580,7 +580,10 @@ static ssize_t symbol_map_read(struct fi + bin_attr->size); + } + +-static BIN_ATTR_RO(symbol_map, 0); ++static struct bin_attribute symbol_map_attr = { ++ .attr = {.name = "symbol_map", .mode = 0400}, ++ .read = symbol_map_read ++}; + + static void opal_export_symmap(void) + { +@@ -597,10 +600,10 @@ static void opal_export_symmap(void) + return; + + /* Setup attributes */ +- bin_attr_symbol_map.private = __va(be64_to_cpu(syms[0])); +- bin_attr_symbol_map.size = be64_to_cpu(syms[1]); ++ symbol_map_attr.private = __va(be64_to_cpu(syms[0])); ++ symbol_map_attr.size = be64_to_cpu(syms[1]); + +- rc = sysfs_create_bin_file(opal_kobj, &bin_attr_symbol_map); ++ rc = sysfs_create_bin_file(opal_kobj, &symbol_map_attr); + if (rc) + pr_warn("Error %d creating OPAL symbols file\n", rc); + } diff --git a/queue-4.4/s390-cio-avoid-calling-strlen-on-null-pointer.patch b/queue-4.4/s390-cio-avoid-calling-strlen-on-null-pointer.patch new file mode 100644 index 00000000000..2407f59abd2 --- /dev/null +++ b/queue-4.4/s390-cio-avoid-calling-strlen-on-null-pointer.patch @@ -0,0 +1,55 @@ +From ea298e6ee8b34b3ed4366be7eb799d0650ebe555 Mon Sep 17 00:00:00 2001 +From: Vasily Gorbik +Date: Tue, 17 Sep 2019 20:04:04 +0200 +Subject: s390/cio: avoid calling strlen on null pointer + +From: Vasily Gorbik + +commit ea298e6ee8b34b3ed4366be7eb799d0650ebe555 upstream. + +Fix the following kasan finding: +BUG: KASAN: global-out-of-bounds in ccwgroup_create_dev+0x850/0x1140 +Read of size 1 at addr 0000000000000000 by task systemd-udevd.r/561 + +CPU: 30 PID: 561 Comm: systemd-udevd.r Tainted: G B +Hardware name: IBM 3906 M04 704 (LPAR) +Call Trace: +([<0000000231b3db7e>] show_stack+0x14e/0x1a8) + [<0000000233826410>] dump_stack+0x1d0/0x218 + [<000000023216fac4>] print_address_description+0x64/0x380 + [<000000023216f5a8>] __kasan_report+0x138/0x168 + [<00000002331b8378>] ccwgroup_create_dev+0x850/0x1140 + [<00000002332b618a>] group_store+0x3a/0x50 + [<00000002323ac706>] kernfs_fop_write+0x246/0x3b8 + [<00000002321d409a>] vfs_write+0x132/0x450 + [<00000002321d47da>] ksys_write+0x122/0x208 + [<0000000233877102>] system_call+0x2a6/0x2c8 + +Triggered by: +openat(AT_FDCWD, "/sys/bus/ccwgroup/drivers/qeth/group", + O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = 16 +write(16, "0.0.bd00,0.0.bd01,0.0.bd02", 26) = 26 + +The problem is that __get_next_id in ccwgroup_create_dev might set "buf" +buffer pointer to NULL and explicit check for that is required. + +Cc: stable@vger.kernel.org +Reviewed-by: Sebastian Ott +Signed-off-by: Vasily Gorbik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/cio/ccwgroup.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/s390/cio/ccwgroup.c ++++ b/drivers/s390/cio/ccwgroup.c +@@ -369,7 +369,7 @@ int ccwgroup_create_dev(struct device *p + goto error; + } + /* Check for trailing stuff. */ +- if (i == num_devices && strlen(buf) > 0) { ++ if (i == num_devices && buf && strlen(buf) > 0) { + rc = -EINVAL; + goto error; + } diff --git a/queue-4.4/s390-cio-exclude-subchannels-with-no-parent-from-pseudo-check.patch b/queue-4.4/s390-cio-exclude-subchannels-with-no-parent-from-pseudo-check.patch new file mode 100644 index 00000000000..8db59f1ea5f --- /dev/null +++ b/queue-4.4/s390-cio-exclude-subchannels-with-no-parent-from-pseudo-check.patch @@ -0,0 +1,54 @@ +From ab5758848039de9a4b249d46e4ab591197eebaf2 Mon Sep 17 00:00:00 2001 +From: Vasily Gorbik +Date: Thu, 19 Sep 2019 15:55:17 +0200 +Subject: s390/cio: exclude subchannels with no parent from pseudo check + +From: Vasily Gorbik + +commit ab5758848039de9a4b249d46e4ab591197eebaf2 upstream. + +ccw console is created early in start_kernel and used before css is +initialized or ccw console subchannel is registered. Until then console +subchannel does not have a parent. For that reason assume subchannels +with no parent are not pseudo subchannels. This fixes the following +kasan finding: + +BUG: KASAN: global-out-of-bounds in sch_is_pseudo_sch+0x8e/0x98 +Read of size 8 at addr 00000000000005e8 by task swapper/0/0 + +CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0-rc8-07370-g6ac43dd12538 #2 +Hardware name: IBM 2964 NC9 702 (z/VM 6.4.0) +Call Trace: +([<000000000012cd76>] show_stack+0x14e/0x1e0) + [<0000000001f7fb44>] dump_stack+0x1a4/0x1f8 + [<00000000007d7afc>] print_address_description+0x64/0x3c8 + [<00000000007d75f6>] __kasan_report+0x14e/0x180 + [<00000000018a2986>] sch_is_pseudo_sch+0x8e/0x98 + [<000000000189b950>] cio_enable_subchannel+0x1d0/0x510 + [<00000000018cac7c>] ccw_device_recognition+0x12c/0x188 + [<0000000002ceb1a8>] ccw_device_enable_console+0x138/0x340 + [<0000000002cf1cbe>] con3215_init+0x25e/0x300 + [<0000000002c8770a>] console_init+0x68a/0x9b8 + [<0000000002c6a3d6>] start_kernel+0x4fe/0x728 + [<0000000000100070>] startup_continue+0x70/0xd0 + +Cc: stable@vger.kernel.org +Reviewed-by: Sebastian Ott +Signed-off-by: Vasily Gorbik +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/cio/css.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/s390/cio/css.c ++++ b/drivers/s390/cio/css.c +@@ -1120,6 +1120,8 @@ device_initcall(cio_settle_init); + + int sch_is_pseudo_sch(struct subchannel *sch) + { ++ if (!sch->dev.parent) ++ return 0; + return sch == to_css(sch->dev.parent)->pseudo_subchannel; + } + diff --git a/queue-4.4/s390-topology-avoid-firing-events-before-kobjs-are-created.patch b/queue-4.4/s390-topology-avoid-firing-events-before-kobjs-are-created.patch new file mode 100644 index 00000000000..42fa484286d --- /dev/null +++ b/queue-4.4/s390-topology-avoid-firing-events-before-kobjs-are-created.patch @@ -0,0 +1,61 @@ +From f3122a79a1b0a113d3aea748e0ec26f2cb2889de Mon Sep 17 00:00:00 2001 +From: Vasily Gorbik +Date: Tue, 17 Sep 2019 22:59:03 +0200 +Subject: s390/topology: avoid firing events before kobjs are created + +From: Vasily Gorbik + +commit f3122a79a1b0a113d3aea748e0ec26f2cb2889de upstream. + +arch_update_cpu_topology is first called from: +kernel_init_freeable->sched_init_smp->sched_init_domains + +even before cpus has been registered in: +kernel_init_freeable->do_one_initcall->s390_smp_init + +Do not trigger kobject_uevent change events until cpu devices are +actually created. Fixes the following kasan findings: + +BUG: KASAN: global-out-of-bounds in kobject_uevent_env+0xb40/0xee0 +Read of size 8 at addr 0000000000000020 by task swapper/0/1 + +BUG: KASAN: global-out-of-bounds in kobject_uevent_env+0xb36/0xee0 +Read of size 8 at addr 0000000000000018 by task swapper/0/1 + +CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B +Hardware name: IBM 3906 M04 704 (LPAR) +Call Trace: +([<0000000143c6db7e>] show_stack+0x14e/0x1a8) + [<0000000145956498>] dump_stack+0x1d0/0x218 + [<000000014429fb4c>] print_address_description+0x64/0x380 + [<000000014429f630>] __kasan_report+0x138/0x168 + [<0000000145960b96>] kobject_uevent_env+0xb36/0xee0 + [<0000000143c7c47c>] arch_update_cpu_topology+0x104/0x108 + [<0000000143df9e22>] sched_init_domains+0x62/0xe8 + [<000000014644c94a>] sched_init_smp+0x3a/0xc0 + [<0000000146433a20>] kernel_init_freeable+0x558/0x958 + [<000000014599002a>] kernel_init+0x22/0x160 + [<00000001459a71d4>] ret_from_fork+0x28/0x30 + [<00000001459a71dc>] kernel_thread_starter+0x0/0x10 + +Cc: stable@vger.kernel.org +Reviewed-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/kernel/topology.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/s390/kernel/topology.c ++++ b/arch/s390/kernel/topology.c +@@ -291,7 +291,8 @@ int arch_update_cpu_topology(void) + topology_update_polarization_simple(); + for_each_online_cpu(cpu) { + dev = get_cpu_device(cpu); +- kobject_uevent(&dev->kobj, KOBJ_CHANGE); ++ if (dev) ++ kobject_uevent(&dev->kobj, KOBJ_CHANGE); + } + return rc; + } diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..809bb99a612 --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1,9 @@ +kvm-s390-test-for-bad-access-register-and-size-at-the-start-of-s390_mem_op.patch +s390-topology-avoid-firing-events-before-kobjs-are-created.patch +s390-cio-avoid-calling-strlen-on-null-pointer.patch +s390-cio-exclude-subchannels-with-no-parent-from-pseudo-check.patch +kvm-nvmx-handle-page-fault-in-vmread-fix.patch +asoc-define-a-set-of-dapm-pre-post-up-events.patch +powerpc-powernv-restrict-opal-symbol-map-to-only-be-readable-by-root.patch +can-mcp251x-mcp251x_hw_reset-allow-more-time-after-a-reset.patch +crypto-qat-silence-smp_processor_id-warning.patch -- 2.47.2