From 93bc18faa9334ac2469cd6842b8c6e6d551971d1 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 9 Jun 2019 12:10:24 +0200 Subject: [PATCH] 4.4-stable patches added patches: drm-gma500-cdv-check-vbt-config-bits-when-detecting-lvds-panels.patch fuse-fallocate-fix-return-with-locked-inode.patch genwqe-prevent-an-integer-overflow-in-the-ioctl.patch mips-pistachio-build-uimage.gz-by-default.patch parisc-use-implicit-space-register-selection-for-loading-the-coherence-index-of-i-o-pdirs.patch rcu-locking-and-unlocking-need-to-always-be-at-least-barriers.patch --- ...nfig-bits-when-detecting-lvds-panels.patch | 60 +++++++++++++++++ ...llocate-fix-return-with-locked-inode.patch | 36 ++++++++++ ...ent-an-integer-overflow-in-the-ioctl.patch | 57 ++++++++++++++++ ...pistachio-build-uimage.gz-by-default.patch | 47 +++++++++++++ ...ing-the-coherence-index-of-i-o-pdirs.patch | 58 ++++++++++++++++ ...-need-to-always-be-at-least-barriers.patch | 67 +++++++++++++++++++ queue-4.4/series | 6 ++ 7 files changed, 331 insertions(+) create mode 100644 queue-4.4/drm-gma500-cdv-check-vbt-config-bits-when-detecting-lvds-panels.patch create mode 100644 queue-4.4/fuse-fallocate-fix-return-with-locked-inode.patch create mode 100644 queue-4.4/genwqe-prevent-an-integer-overflow-in-the-ioctl.patch create mode 100644 queue-4.4/mips-pistachio-build-uimage.gz-by-default.patch create mode 100644 queue-4.4/parisc-use-implicit-space-register-selection-for-loading-the-coherence-index-of-i-o-pdirs.patch create mode 100644 queue-4.4/rcu-locking-and-unlocking-need-to-always-be-at-least-barriers.patch diff --git a/queue-4.4/drm-gma500-cdv-check-vbt-config-bits-when-detecting-lvds-panels.patch b/queue-4.4/drm-gma500-cdv-check-vbt-config-bits-when-detecting-lvds-panels.patch new file mode 100644 index 00000000000..cba1e2505a0 --- /dev/null +++ b/queue-4.4/drm-gma500-cdv-check-vbt-config-bits-when-detecting-lvds-panels.patch @@ -0,0 +1,60 @@ +From 7c420636860a719049fae9403e2c87804f53bdde Mon Sep 17 00:00:00 2001 +From: Patrik Jakobsson +Date: Tue, 16 Apr 2019 13:46:07 +0200 +Subject: drm/gma500/cdv: Check vbt config bits when detecting lvds panels + +From: Patrik Jakobsson + +commit 7c420636860a719049fae9403e2c87804f53bdde upstream. + +Some machines have an lvds child device in vbt even though a panel is +not attached. To make detection more reliable we now also check the lvds +config bits available in the vbt. + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1665766 +Cc: stable@vger.kernel.org +Reviewed-by: Hans de Goede +Signed-off-by: Patrik Jakobsson +Link: https://patchwork.freedesktop.org/patch/msgid/20190416114607.1072-1-patrik.r.jakobsson@gmail.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 +++ + drivers/gpu/drm/gma500/intel_bios.c | 3 +++ + drivers/gpu/drm/gma500/psb_drv.h | 1 + + 3 files changed, 7 insertions(+) + +--- a/drivers/gpu/drm/gma500/cdv_intel_lvds.c ++++ b/drivers/gpu/drm/gma500/cdv_intel_lvds.c +@@ -620,6 +620,9 @@ void cdv_intel_lvds_init(struct drm_devi + int pipe; + u8 pin; + ++ if (!dev_priv->lvds_enabled_in_vbt) ++ return; ++ + pin = GMBUS_PORT_PANEL; + if (!lvds_is_present_in_vbt(dev, &pin)) { + DRM_DEBUG_KMS("LVDS is not present in VBT\n"); +--- a/drivers/gpu/drm/gma500/intel_bios.c ++++ b/drivers/gpu/drm/gma500/intel_bios.c +@@ -436,6 +436,9 @@ parse_driver_features(struct drm_psb_pri + if (driver->lvds_config == BDB_DRIVER_FEATURE_EDP) + dev_priv->edp.support = 1; + ++ dev_priv->lvds_enabled_in_vbt = driver->lvds_config != 0; ++ DRM_DEBUG_KMS("LVDS VBT config bits: 0x%x\n", driver->lvds_config); ++ + /* This bit means to use 96Mhz for DPLL_A or not */ + if (driver->primary_lfp_id) + dev_priv->dplla_96mhz = true; +--- a/drivers/gpu/drm/gma500/psb_drv.h ++++ b/drivers/gpu/drm/gma500/psb_drv.h +@@ -536,6 +536,7 @@ struct drm_psb_private { + int lvds_ssc_freq; + bool is_lvds_on; + bool is_mipi_on; ++ bool lvds_enabled_in_vbt; + u32 mipi_ctrl_display; + + unsigned int core_freq; diff --git a/queue-4.4/fuse-fallocate-fix-return-with-locked-inode.patch b/queue-4.4/fuse-fallocate-fix-return-with-locked-inode.patch new file mode 100644 index 00000000000..f27274f5faa --- /dev/null +++ b/queue-4.4/fuse-fallocate-fix-return-with-locked-inode.patch @@ -0,0 +1,36 @@ +From 35d6fcbb7c3e296a52136347346a698a35af3fda Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Mon, 27 May 2019 11:42:07 +0200 +Subject: fuse: fallocate: fix return with locked inode + +From: Miklos Szeredi + +commit 35d6fcbb7c3e296a52136347346a698a35af3fda upstream. + +Do the proper cleanup in case the size check fails. + +Tested with xfstests:generic/228 + +Reported-by: kbuild test robot +Reported-by: Dan Carpenter +Fixes: 0cbade024ba5 ("fuse: honor RLIMIT_FSIZE in fuse_file_fallocate") +Cc: Liu Bo +Cc: # v3.5 +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -2951,7 +2951,7 @@ static long fuse_file_fallocate(struct f + offset + length > i_size_read(inode)) { + err = inode_newsize_ok(inode, offset + length); + if (err) +- return err; ++ goto out; + } + + if (!(mode & FALLOC_FL_KEEP_SIZE)) diff --git a/queue-4.4/genwqe-prevent-an-integer-overflow-in-the-ioctl.patch b/queue-4.4/genwqe-prevent-an-integer-overflow-in-the-ioctl.patch new file mode 100644 index 00000000000..6e2aeecc6ca --- /dev/null +++ b/queue-4.4/genwqe-prevent-an-integer-overflow-in-the-ioctl.patch @@ -0,0 +1,57 @@ +From 110080cea0d0e4dfdb0b536e7f8a5633ead6a781 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Tue, 7 May 2019 11:36:34 +0300 +Subject: genwqe: Prevent an integer overflow in the ioctl + +From: Dan Carpenter + +commit 110080cea0d0e4dfdb0b536e7f8a5633ead6a781 upstream. + +There are a couple potential integer overflows here. + + round_up(m->size + (m->addr & ~PAGE_MASK), PAGE_SIZE); + +The first thing is that the "m->size + (...)" addition could overflow, +and the second is that round_up() overflows to zero if the result is +within PAGE_SIZE of the type max. + +In this code, the "m->size" variable is an u64 but we're saving the +result in "map_size" which is an unsigned long and genwqe_user_vmap() +takes an unsigned long as well. So I have used ULONG_MAX as the upper +bound. From a practical perspective unsigned long is fine/better than +trying to change all the types to u64. + +Fixes: eaf4722d4645 ("GenWQE Character device and DDCB queue") +Signed-off-by: Dan Carpenter +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/misc/genwqe/card_dev.c | 2 ++ + drivers/misc/genwqe/card_utils.c | 4 ++++ + 2 files changed, 6 insertions(+) + +--- a/drivers/misc/genwqe/card_dev.c ++++ b/drivers/misc/genwqe/card_dev.c +@@ -782,6 +782,8 @@ static int genwqe_pin_mem(struct genwqe_ + + if ((m->addr == 0x0) || (m->size == 0)) + return -EINVAL; ++ if (m->size > ULONG_MAX - PAGE_SIZE - (m->addr & ~PAGE_MASK)) ++ return -EINVAL; + + map_addr = (m->addr & PAGE_MASK); + map_size = round_up(m->size + (m->addr & ~PAGE_MASK), PAGE_SIZE); +--- a/drivers/misc/genwqe/card_utils.c ++++ b/drivers/misc/genwqe/card_utils.c +@@ -582,6 +582,10 @@ int genwqe_user_vmap(struct genwqe_dev * + /* determine space needed for page_list. */ + data = (unsigned long)uaddr; + offs = offset_in_page(data); ++ if (size > ULONG_MAX - PAGE_SIZE - offs) { ++ m->size = 0; /* mark unused and not added */ ++ return -EINVAL; ++ } + m->nr_pages = DIV_ROUND_UP(offs + size, PAGE_SIZE); + + m->page_list = kcalloc(m->nr_pages, diff --git a/queue-4.4/mips-pistachio-build-uimage.gz-by-default.patch b/queue-4.4/mips-pistachio-build-uimage.gz-by-default.patch new file mode 100644 index 00000000000..b6e873edb4f --- /dev/null +++ b/queue-4.4/mips-pistachio-build-uimage.gz-by-default.patch @@ -0,0 +1,47 @@ +From e4f2d1af7163becb181419af9dece9206001e0a6 Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Tue, 28 May 2019 17:21:26 +0000 +Subject: MIPS: pistachio: Build uImage.gz by default +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Paul Burton + +commit e4f2d1af7163becb181419af9dece9206001e0a6 upstream. + +The pistachio platform uses the U-Boot bootloader & generally boots a +kernel in the uImage format. As such it's useful to build one when +building the kernel, but to do so currently requires the user to +manually specify a uImage target on the make command line. + +Make uImage.gz the pistachio platform's default build target, so that +the default is to build a kernel image that we can actually boot on a +board such as the MIPS Creator Ci40. + +Marked for stable backport as far as v4.1 where pistachio support was +introduced. This is primarily useful for CI systems such as kernelci.org +which will benefit from us building a suitable image which can then be +booted as part of automated testing, extending our test coverage to the +affected stable branches. + +Signed-off-by: Paul Burton +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Kevin Hilman +Tested-by: Kevin Hilman +URL: https://groups.io/g/kernelci/message/388 +Cc: stable@vger.kernel.org # v4.1+ +Cc: linux-mips@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/pistachio/Platform | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/mips/pistachio/Platform ++++ b/arch/mips/pistachio/Platform +@@ -6,3 +6,4 @@ cflags-$(CONFIG_MACH_PISTACHIO) += \ + -I$(srctree)/arch/mips/include/asm/mach-pistachio + load-$(CONFIG_MACH_PISTACHIO) += 0xffffffff80400000 + zload-$(CONFIG_MACH_PISTACHIO) += 0xffffffff81000000 ++all-$(CONFIG_MACH_PISTACHIO) := uImage.gz diff --git a/queue-4.4/parisc-use-implicit-space-register-selection-for-loading-the-coherence-index-of-i-o-pdirs.patch b/queue-4.4/parisc-use-implicit-space-register-selection-for-loading-the-coherence-index-of-i-o-pdirs.patch new file mode 100644 index 00000000000..ce5dfed5add --- /dev/null +++ b/queue-4.4/parisc-use-implicit-space-register-selection-for-loading-the-coherence-index-of-i-o-pdirs.patch @@ -0,0 +1,58 @@ +From 63923d2c3800919774f5c651d503d1dd2adaddd5 Mon Sep 17 00:00:00 2001 +From: John David Anglin +Date: Mon, 27 May 2019 20:15:14 -0400 +Subject: parisc: Use implicit space register selection for loading the coherence index of I/O pdirs + +From: John David Anglin + +commit 63923d2c3800919774f5c651d503d1dd2adaddd5 upstream. + +We only support I/O to kernel space. Using %sr1 to load the coherence +index may be racy unless interrupts are disabled. This patch changes the +code used to load the coherence index to use implicit space register +selection. This saves one instruction and eliminates the race. + +Tested on rp3440, c8000 and c3750. + +Signed-off-by: John David Anglin +Cc: stable@vger.kernel.org +Signed-off-by: Helge Deller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/parisc/ccio-dma.c | 4 +--- + drivers/parisc/sba_iommu.c | 3 +-- + 2 files changed, 2 insertions(+), 5 deletions(-) + +--- a/drivers/parisc/ccio-dma.c ++++ b/drivers/parisc/ccio-dma.c +@@ -563,8 +563,6 @@ ccio_io_pdir_entry(u64 *pdir_ptr, space_ + /* We currently only support kernel addresses */ + BUG_ON(sid != KERNEL_SPACE); + +- mtsp(sid,1); +- + /* + ** WORD 1 - low order word + ** "hints" parm includes the VALID bit! +@@ -595,7 +593,7 @@ ccio_io_pdir_entry(u64 *pdir_ptr, space_ + ** Grab virtual index [0:11] + ** Deposit virt_idx bits into I/O PDIR word + */ +- asm volatile ("lci %%r0(%%sr1, %1), %0" : "=r" (ci) : "r" (vba)); ++ asm volatile ("lci %%r0(%1), %0" : "=r" (ci) : "r" (vba)); + asm volatile ("extru %1,19,12,%0" : "+r" (ci) : "r" (ci)); + asm volatile ("depw %1,15,12,%0" : "+r" (pa) : "r" (ci)); + +--- a/drivers/parisc/sba_iommu.c ++++ b/drivers/parisc/sba_iommu.c +@@ -573,8 +573,7 @@ sba_io_pdir_entry(u64 *pdir_ptr, space_t + pa = virt_to_phys(vba); + pa &= IOVP_MASK; + +- mtsp(sid,1); +- asm("lci 0(%%sr1, %1), %0" : "=r" (ci) : "r" (vba)); ++ asm("lci 0(%1), %0" : "=r" (ci) : "r" (vba)); + pa |= (ci >> PAGE_SHIFT) & 0xff; /* move CI (8 bits) into lowest byte */ + + pa |= SBA_PDIR_VALID_BIT; /* set "valid" bit */ diff --git a/queue-4.4/rcu-locking-and-unlocking-need-to-always-be-at-least-barriers.patch b/queue-4.4/rcu-locking-and-unlocking-need-to-always-be-at-least-barriers.patch new file mode 100644 index 00000000000..1f05fbeb659 --- /dev/null +++ b/queue-4.4/rcu-locking-and-unlocking-need-to-always-be-at-least-barriers.patch @@ -0,0 +1,67 @@ +From 66be4e66a7f422128748e3c3ef6ee72b20a6197b Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Mon, 3 Jun 2019 13:26:20 -0700 +Subject: rcu: locking and unlocking need to always be at least barriers + +From: Linus Torvalds + +commit 66be4e66a7f422128748e3c3ef6ee72b20a6197b upstream. + +Herbert Xu pointed out that commit bb73c52bad36 ("rcu: Don't disable +preemption for Tiny and Tree RCU readers") was incorrect in making the +preempt_disable/enable() be conditional on CONFIG_PREEMPT_COUNT. + +If CONFIG_PREEMPT_COUNT isn't enabled, the preemption enable/disable is +a no-op, but still is a compiler barrier. + +And RCU locking still _needs_ that compiler barrier. + +It is simply fundamentally not true that RCU locking would be a complete +no-op: we still need to guarantee (for example) that things that can +trap and cause preemption cannot migrate into the RCU locked region. + +The way we do that is by making it a barrier. + +See for example commit 386afc91144b ("spinlocks and preemption points +need to be at least compiler barriers") from back in 2013 that had +similar issues with spinlocks that become no-ops on UP: they must still +constrain the compiler from moving other operations into the critical +region. + +Now, it is true that a lot of RCU operations already use READ_ONCE() and +WRITE_ONCE() (which in practice likely would never be re-ordered wrt +anything remotely interesting), but it is also true that that is not +globally the case, and that it's not even necessarily always possible +(ie bitfields etc). + +Reported-by: Herbert Xu +Fixes: bb73c52bad36 ("rcu: Don't disable preemption for Tiny and Tree RCU readers") +Cc: stable@kernel.org +Cc: Boqun Feng +Cc: Paul E. McKenney +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/rcupdate.h | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/include/linux/rcupdate.h ++++ b/include/linux/rcupdate.h +@@ -297,14 +297,12 @@ void synchronize_rcu(void); + + static inline void __rcu_read_lock(void) + { +- if (IS_ENABLED(CONFIG_PREEMPT_COUNT)) +- preempt_disable(); ++ preempt_disable(); + } + + static inline void __rcu_read_unlock(void) + { +- if (IS_ENABLED(CONFIG_PREEMPT_COUNT)) +- preempt_enable(); ++ preempt_enable(); + } + + static inline void synchronize_rcu(void) diff --git a/queue-4.4/series b/queue-4.4/series index 0d8eddfd2cc..87bc15eafac 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -231,3 +231,9 @@ neighbor-call-__ipv4_neigh_lookup_noref-in-neigh_xmit.patch net-mlx4_en-ethtool-remove-unsupported-sfp-eeprom-high-pages-query.patch net-rds-fix-memory-leak-in-rds_ib_flush_mr_pool.patch pktgen-do-not-sleep-with-the-thread-lock-held.patch +rcu-locking-and-unlocking-need-to-always-be-at-least-barriers.patch +parisc-use-implicit-space-register-selection-for-loading-the-coherence-index-of-i-o-pdirs.patch +fuse-fallocate-fix-return-with-locked-inode.patch +mips-pistachio-build-uimage.gz-by-default.patch +genwqe-prevent-an-integer-overflow-in-the-ioctl.patch +drm-gma500-cdv-check-vbt-config-bits-when-detecting-lvds-panels.patch -- 2.47.2