From bc536bcf32258e070918746b916071dbd146be09 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 1 Mar 2021 13:59:01 +0100 Subject: [PATCH] 4.14-stable patches added patches: arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch floppy-reintroduce-o_ndelay-fix.patch fs-affs-release-old-buffer-head-on-error-path.patch hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch mm-hugetlb-fix-a-race-between-freeing-and-dissolving-the-page.patch mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch usb-renesas_usbhs-clear-pipe-running-flag-in-usbhs_pkt_pop.patch watchdog-mei_wdt-request-stop-on-unregister.patch --- ...supp-for-aarch32-instruction-probing.patch | 38 +++++ .../floppy-reintroduce-o_ndelay-fix.patch | 81 ++++++++++ ...elease-old-buffer-head-on-error-path.patch | 35 +++++ ...m_user-contig-page-struct-assumption.patch | 67 +++++++++ ...tween-probe-and-available_slots_show.patch | 98 +++++++++++++ ...ween-freeing-and-dissolving-the-page.patch | 138 ++++++++++++++++++ ...-sfc-put-child-node-np-on-error-path.patch | 36 +++++ queue-4.14/series | 9 ++ ...r-pipe-running-flag-in-usbhs_pkt_pop.patch | 37 +++++ ...g-mei_wdt-request-stop-on-unregister.patch | 43 ++++++ 10 files changed, 582 insertions(+) create mode 100644 queue-4.14/arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch create mode 100644 queue-4.14/floppy-reintroduce-o_ndelay-fix.patch create mode 100644 queue-4.14/fs-affs-release-old-buffer-head-on-error-path.patch create mode 100644 queue-4.14/hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch create mode 100644 queue-4.14/libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch create mode 100644 queue-4.14/mm-hugetlb-fix-a-race-between-freeing-and-dissolving-the-page.patch create mode 100644 queue-4.14/mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch create mode 100644 queue-4.14/usb-renesas_usbhs-clear-pipe-running-flag-in-usbhs_pkt_pop.patch create mode 100644 queue-4.14/watchdog-mei_wdt-request-stop-on-unregister.patch diff --git a/queue-4.14/arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch b/queue-4.14/arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch new file mode 100644 index 00000000000..7048f3537bd --- /dev/null +++ b/queue-4.14/arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch @@ -0,0 +1,38 @@ +From d47422d953e258ad587b5edf2274eb95d08bdc7d Mon Sep 17 00:00:00 2001 +From: He Zhe +Date: Tue, 23 Feb 2021 16:25:34 +0800 +Subject: arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing + +From: He Zhe + +commit d47422d953e258ad587b5edf2274eb95d08bdc7d upstream. + +As stated in linux/errno.h, ENOTSUPP should never be seen by user programs. +When we set up uprobe with 32-bit perf and arm64 kernel, we would see the +following vague error without useful hint. + +The sys_perf_event_open() syscall returned with 524 (INTERNAL ERROR: +strerror_r(524, [buf], 128)=22) + +Use EOPNOTSUPP instead to indicate such cases. + +Signed-off-by: He Zhe +Link: https://lore.kernel.org/r/20210223082535.48730-1-zhe.he@windriver.com +Cc: +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kernel/probes/uprobes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/kernel/probes/uprobes.c ++++ b/arch/arm64/kernel/probes/uprobes.c +@@ -41,7 +41,7 @@ int arch_uprobe_analyze_insn(struct arch + + /* TODO: Currently we do not support AARCH32 instruction probing */ + if (mm->context.flags & MMCF_AARCH32) +- return -ENOTSUPP; ++ return -EOPNOTSUPP; + else if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE)) + return -EINVAL; + diff --git a/queue-4.14/floppy-reintroduce-o_ndelay-fix.patch b/queue-4.14/floppy-reintroduce-o_ndelay-fix.patch new file mode 100644 index 00000000000..1776e3c1ed7 --- /dev/null +++ b/queue-4.14/floppy-reintroduce-o_ndelay-fix.patch @@ -0,0 +1,81 @@ +From 8a0c014cd20516ade9654fc13b51345ec58e7be8 Mon Sep 17 00:00:00 2001 +From: Jiri Kosina +Date: Fri, 22 Jan 2021 12:13:20 +0100 +Subject: floppy: reintroduce O_NDELAY fix + +From: Jiri Kosina + +commit 8a0c014cd20516ade9654fc13b51345ec58e7be8 upstream. + +This issue was originally fixed in 09954bad4 ("floppy: refactor open() +flags handling"). + +The fix as a side-effect, however, introduce issue for open(O_ACCMODE) +that is being used for ioctl-only open. I wrote a fix for that, but +instead of it being merged, full revert of 09954bad4 was performed, +re-introducing the O_NDELAY / O_NONBLOCK issue, and it strikes again. + +This is a forward-port of the original fix to current codebase; the +original submission had the changelog below: + +==== +Commit 09954bad4 ("floppy: refactor open() flags handling"), as a +side-effect, causes open(/dev/fdX, O_ACCMODE) to fail. It turns out that +this is being used setfdprm userspace for ioctl-only open(). + +Reintroduce back the original behavior wrt !(FMODE_READ|FMODE_WRITE) +modes, while still keeping the original O_NDELAY bug fixed. + +Link: https://lore.kernel.org/r/nycvar.YFH.7.76.2101221209060.5622@cbobk.fhfr.pm +Cc: stable@vger.kernel.org +Reported-by: Wim Osterholt +Tested-by: Wim Osterholt +Reported-and-tested-by: Kurt Garloff +Fixes: 09954bad4 ("floppy: refactor open() flags handling") +Fixes: f2791e7ead ("Revert "floppy: refactor open() flags handling"") +Signed-off-by: Jiri Kosina +Signed-off-by: Denis Efremov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/floppy.c | 27 ++++++++++++++------------- + 1 file changed, 14 insertions(+), 13 deletions(-) + +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -4069,21 +4069,22 @@ static int floppy_open(struct block_devi + if (UFDCS->rawcmd == 1) + UFDCS->rawcmd = 2; + +- if (!(mode & FMODE_NDELAY)) { +- if (mode & (FMODE_READ|FMODE_WRITE)) { +- UDRS->last_checked = 0; +- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags); +- check_disk_change(bdev); +- if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags)) +- goto out; +- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags)) +- goto out; +- } +- res = -EROFS; +- if ((mode & FMODE_WRITE) && +- !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags)) ++ if (mode & (FMODE_READ|FMODE_WRITE)) { ++ UDRS->last_checked = 0; ++ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags); ++ check_disk_change(bdev); ++ if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags)) ++ goto out; ++ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags)) + goto out; + } ++ ++ res = -EROFS; ++ ++ if ((mode & FMODE_WRITE) && ++ !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags)) ++ goto out; ++ + mutex_unlock(&open_lock); + mutex_unlock(&floppy_mutex); + return 0; diff --git a/queue-4.14/fs-affs-release-old-buffer-head-on-error-path.patch b/queue-4.14/fs-affs-release-old-buffer-head-on-error-path.patch new file mode 100644 index 00000000000..b15bd4d076d --- /dev/null +++ b/queue-4.14/fs-affs-release-old-buffer-head-on-error-path.patch @@ -0,0 +1,35 @@ +From 70779b897395b330ba5a47bed84f94178da599f9 Mon Sep 17 00:00:00 2001 +From: Pan Bian +Date: Wed, 20 Jan 2021 00:51:13 -0800 +Subject: fs/affs: release old buffer head on error path + +From: Pan Bian + +commit 70779b897395b330ba5a47bed84f94178da599f9 upstream. + +The reference count of the old buffer head should be decremented on path +that fails to get the new buffer head. + +Fixes: 6b4657667ba0 ("fs/affs: add rename exchange") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Pan Bian +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/affs/namei.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/affs/namei.c ++++ b/fs/affs/namei.c +@@ -461,8 +461,10 @@ affs_xrename(struct inode *old_dir, stru + return -EIO; + + bh_new = affs_bread(sb, d_inode(new_dentry)->i_ino); +- if (!bh_new) ++ if (!bh_new) { ++ affs_brelse(bh_old); + return -EIO; ++ } + + /* Remove old header from its parent directory. */ + affs_lock_dir(old_dir); diff --git a/queue-4.14/hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch b/queue-4.14/hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch new file mode 100644 index 00000000000..a191720b390 --- /dev/null +++ b/queue-4.14/hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch @@ -0,0 +1,67 @@ +From 3272cfc2525b3a2810a59312d7a1e6f04a0ca3ef Mon Sep 17 00:00:00 2001 +From: Mike Kravetz +Date: Wed, 24 Feb 2021 12:07:54 -0800 +Subject: hugetlb: fix copy_huge_page_from_user contig page struct assumption + +From: Mike Kravetz + +commit 3272cfc2525b3a2810a59312d7a1e6f04a0ca3ef upstream. + +page structs are not guaranteed to be contiguous for gigantic pages. The +routine copy_huge_page_from_user can encounter gigantic pages, yet it +assumes page structs are contiguous when copying pages from user space. + +Since page structs for the target gigantic page are not contiguous, the +data copied from user space could overwrite other pages not associated +with the gigantic page and cause data corruption. + +Non-contiguous page structs are generally not an issue. However, they can +exist with a specific kernel configuration and hotplug operations. For +example: Configure the kernel with CONFIG_SPARSEMEM and +!CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where +the gigantic page will be allocated. + +Link: https://lkml.kernel.org/r/20210217184926.33567-2-mike.kravetz@oracle.com +Fixes: 8fb5debc5fcd ("userfaultfd: hugetlbfs: add hugetlb_mcopy_atomic_pte for userfaultfd support") +Signed-off-by: Mike Kravetz +Cc: Zi Yan +Cc: Davidlohr Bueso +Cc: "Kirill A . Shutemov" +Cc: Andrea Arcangeli +Cc: Matthew Wilcox +Cc: Oscar Salvador +Cc: Joao Martins +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + mm/memory.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -4793,17 +4793,19 @@ long copy_huge_page_from_user(struct pag + void *page_kaddr; + unsigned long i, rc = 0; + unsigned long ret_val = pages_per_huge_page * PAGE_SIZE; ++ struct page *subpage = dst_page; + +- for (i = 0; i < pages_per_huge_page; i++) { ++ for (i = 0; i < pages_per_huge_page; ++ i++, subpage = mem_map_next(subpage, dst_page, i)) { + if (allow_pagefault) +- page_kaddr = kmap(dst_page + i); ++ page_kaddr = kmap(subpage); + else +- page_kaddr = kmap_atomic(dst_page + i); ++ page_kaddr = kmap_atomic(subpage); + rc = copy_from_user(page_kaddr, + (const void __user *)(src + i * PAGE_SIZE), + PAGE_SIZE); + if (allow_pagefault) +- kunmap(dst_page + i); ++ kunmap(subpage); + else + kunmap_atomic(page_kaddr); + diff --git a/queue-4.14/libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch b/queue-4.14/libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch new file mode 100644 index 00000000000..b0b083540c8 --- /dev/null +++ b/queue-4.14/libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch @@ -0,0 +1,98 @@ +From foo@baz Mon Mar 1 01:45:36 PM CET 2021 +From: Dan Williams +Date: Mon, 1 Feb 2021 16:20:40 -0800 +Subject: libnvdimm/dimm: Avoid race between probe and available_slots_show() + +From: Dan Williams + +commit 7018c897c2f243d4b5f1b94bc6b4831a7eab80fb upstream + +Richard reports that the following test: + +(while true; do + cat /sys/bus/nd/devices/nmem*/available_slots 2>&1 > /dev/null + done) & + +while true; do + for i in $(seq 0 4); do + echo nmem$i > /sys/bus/nd/drivers/nvdimm/bind + done + for i in $(seq 0 4); do + echo nmem$i > /sys/bus/nd/drivers/nvdimm/unbind + done + done + +...fails with a crash signature like: + + divide error: 0000 [#1] SMP KASAN PTI + RIP: 0010:nd_label_nfree+0x134/0x1a0 [libnvdimm] + [..] + Call Trace: + available_slots_show+0x4e/0x120 [libnvdimm] + dev_attr_show+0x42/0x80 + ? memset+0x20/0x40 + sysfs_kf_seq_show+0x218/0x410 + +The root cause is that available_slots_show() consults driver-data, but +fails to synchronize against device-unbind setting up a TOCTOU race to +access uninitialized memory. + +Validate driver-data under the device-lock. + +Fixes: 4d88a97aa9e8 ("libnvdimm, nvdimm: dimm driver and base libnvdimm device-driver infrastructure") +Cc: +Cc: Vishal Verma +Cc: Dave Jiang +Cc: Ira Weiny +Cc: Coly Li +Reported-by: Richard Palethorpe +Acked-by: Richard Palethorpe +Signed-off-by: Dan Williams +[sudip: use device_lock()] +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + drivers/nvdimm/dimm_devs.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +--- a/drivers/nvdimm/dimm_devs.c ++++ b/drivers/nvdimm/dimm_devs.c +@@ -347,16 +347,16 @@ static ssize_t state_show(struct device + } + static DEVICE_ATTR_RO(state); + +-static ssize_t available_slots_show(struct device *dev, +- struct device_attribute *attr, char *buf) ++static ssize_t __available_slots_show(struct nvdimm_drvdata *ndd, char *buf) + { +- struct nvdimm_drvdata *ndd = dev_get_drvdata(dev); ++ struct device *dev; + ssize_t rc; + u32 nfree; + + if (!ndd) + return -ENXIO; + ++ dev = ndd->dev; + nvdimm_bus_lock(dev); + nfree = nd_label_nfree(ndd); + if (nfree - 1 > nfree) { +@@ -368,6 +368,18 @@ static ssize_t available_slots_show(stru + nvdimm_bus_unlock(dev); + return rc; + } ++ ++static ssize_t available_slots_show(struct device *dev, ++ struct device_attribute *attr, char *buf) ++{ ++ ssize_t rc; ++ ++ device_lock(dev); ++ rc = __available_slots_show(dev_get_drvdata(dev), buf); ++ device_unlock(dev); ++ ++ return rc; ++} + static DEVICE_ATTR_RO(available_slots); + + static struct attribute *nvdimm_attributes[] = { diff --git a/queue-4.14/mm-hugetlb-fix-a-race-between-freeing-and-dissolving-the-page.patch b/queue-4.14/mm-hugetlb-fix-a-race-between-freeing-and-dissolving-the-page.patch new file mode 100644 index 00000000000..d980ab91c7b --- /dev/null +++ b/queue-4.14/mm-hugetlb-fix-a-race-between-freeing-and-dissolving-the-page.patch @@ -0,0 +1,138 @@ +From foo@baz Mon Mar 1 01:41:31 PM CET 2021 +From: Muchun Song +Date: Thu, 4 Feb 2021 18:32:06 -0800 +Subject: mm: hugetlb: fix a race between freeing and dissolving the page + +From: Muchun Song + +commit 7ffddd499ba6122b1a07828f023d1d67629aa017 upstream + +There is a race condition between __free_huge_page() +and dissolve_free_huge_page(). + + CPU0: CPU1: + + // page_count(page) == 1 + put_page(page) + __free_huge_page(page) + dissolve_free_huge_page(page) + spin_lock(&hugetlb_lock) + // PageHuge(page) && !page_count(page) + update_and_free_page(page) + // page is freed to the buddy + spin_unlock(&hugetlb_lock) + spin_lock(&hugetlb_lock) + clear_page_huge_active(page) + enqueue_huge_page(page) + // It is wrong, the page is already freed + spin_unlock(&hugetlb_lock) + +The race window is between put_page() and dissolve_free_huge_page(). + +We should make sure that the page is already on the free list when it is +dissolved. + +As a result __free_huge_page would corrupt page(s) already in the buddy +allocator. + +Link: https://lkml.kernel.org/r/20210115124942.46403-4-songmuchun@bytedance.com +Fixes: c8721bbbdd36 ("mm: memory-hotplug: enable memory hotplug to handle hugepage") +Signed-off-by: Muchun Song +Reviewed-by: Mike Kravetz +Reviewed-by: Oscar Salvador +Acked-by: Michal Hocko +Cc: David Hildenbrand +Cc: Yang Shi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +[sudip: adjust context] +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + mm/hugetlb.c | 39 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) + +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -69,6 +69,21 @@ DEFINE_SPINLOCK(hugetlb_lock); + static int num_fault_mutexes; + struct mutex *hugetlb_fault_mutex_table ____cacheline_aligned_in_smp; + ++static inline bool PageHugeFreed(struct page *head) ++{ ++ return page_private(head + 4) == -1UL; ++} ++ ++static inline void SetPageHugeFreed(struct page *head) ++{ ++ set_page_private(head + 4, -1UL); ++} ++ ++static inline void ClearPageHugeFreed(struct page *head) ++{ ++ set_page_private(head + 4, 0); ++} ++ + /* Forward declaration */ + static int hugetlb_acct_memory(struct hstate *h, long delta); + +@@ -866,6 +881,7 @@ static void enqueue_huge_page(struct hst + list_move(&page->lru, &h->hugepage_freelists[nid]); + h->free_huge_pages++; + h->free_huge_pages_node[nid]++; ++ SetPageHugeFreed(page); + } + + static struct page *dequeue_huge_page_node_exact(struct hstate *h, int nid) +@@ -883,6 +899,7 @@ static struct page *dequeue_huge_page_no + return NULL; + list_move(&page->lru, &h->hugepage_activelist); + set_page_refcounted(page); ++ ClearPageHugeFreed(page); + h->free_huge_pages--; + h->free_huge_pages_node[nid]--; + return page; +@@ -1315,6 +1332,7 @@ static void prep_new_huge_page(struct hs + set_hugetlb_cgroup(page, NULL); + h->nr_huge_pages++; + h->nr_huge_pages_node[nid]++; ++ ClearPageHugeFreed(page); + spin_unlock(&hugetlb_lock); + put_page(page); /* free it into the hugepage allocator */ + } +@@ -1478,6 +1496,7 @@ int dissolve_free_huge_page(struct page + { + int rc = 0; + ++retry: + spin_lock(&hugetlb_lock); + if (PageHuge(page) && !page_count(page)) { + struct page *head = compound_head(page); +@@ -1487,6 +1506,26 @@ int dissolve_free_huge_page(struct page + rc = -EBUSY; + goto out; + } ++ ++ /* ++ * We should make sure that the page is already on the free list ++ * when it is dissolved. ++ */ ++ if (unlikely(!PageHugeFreed(head))) { ++ spin_unlock(&hugetlb_lock); ++ cond_resched(); ++ ++ /* ++ * Theoretically, we should return -EBUSY when we ++ * encounter this race. In fact, we have a chance ++ * to successfully dissolve the page if we do a ++ * retry. Because the race window is quite small. ++ * If we seize this opportunity, it is an optimization ++ * for increasing the success rate of dissolving page. ++ */ ++ goto retry; ++ } ++ + /* + * Move PageHWPoison flag from head page to the raw error page, + * which makes any subpages rather than the error page reusable. diff --git a/queue-4.14/mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch b/queue-4.14/mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch new file mode 100644 index 00000000000..cf21c455048 --- /dev/null +++ b/queue-4.14/mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch @@ -0,0 +1,36 @@ +From fe6653460ee7a7dbe0cd5fd322992af862ce5ab0 Mon Sep 17 00:00:00 2001 +From: Pan Bian +Date: Thu, 21 Jan 2021 01:18:47 -0800 +Subject: mtd: spi-nor: hisi-sfc: Put child node np on error path + +From: Pan Bian + +commit fe6653460ee7a7dbe0cd5fd322992af862ce5ab0 upstream. + +Put the child node np when it fails to get or register device. + +Fixes: e523f11141bd ("mtd: spi-nor: add hisilicon spi-nor flash controller driver") +Cc: stable@vger.kernel.org +Signed-off-by: Pan Bian +[ta: Add Fixes tag and Cc stable] +Signed-off-by: Tudor Ambarus +Link: https://lore.kernel.org/r/20210121091847.85362-1-bianpan2016@163.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mtd/spi-nor/hisi-sfc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/mtd/spi-nor/hisi-sfc.c ++++ b/drivers/mtd/spi-nor/hisi-sfc.c +@@ -408,8 +408,10 @@ static int hisi_spi_nor_register_all(str + + for_each_available_child_of_node(dev->of_node, np) { + ret = hisi_spi_nor_register(np, host); +- if (ret) ++ if (ret) { ++ of_node_put(np); + goto fail; ++ } + + if (host->num_chip == HIFMC_MAX_CHIP_NUM) { + dev_warn(dev, "Flash device number exceeds the maximum chipselect number\n"); diff --git a/queue-4.14/series b/queue-4.14/series index 0b0296d3e4b..485187a1ba8 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -145,3 +145,12 @@ seccomp-add-missing-return-in-non-void-function.patch drivers-misc-vmw_vmci-restrict-too-big-queue-size-in-qp_host_alloc_queue.patch staging-rtl8188eu-add-edimax-ew-7811un-v2-to-device-table.patch x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch +floppy-reintroduce-o_ndelay-fix.patch +arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch +watchdog-mei_wdt-request-stop-on-unregister.patch +mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch +fs-affs-release-old-buffer-head-on-error-path.patch +hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch +mm-hugetlb-fix-a-race-between-freeing-and-dissolving-the-page.patch +usb-renesas_usbhs-clear-pipe-running-flag-in-usbhs_pkt_pop.patch +libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch diff --git a/queue-4.14/usb-renesas_usbhs-clear-pipe-running-flag-in-usbhs_pkt_pop.patch b/queue-4.14/usb-renesas_usbhs-clear-pipe-running-flag-in-usbhs_pkt_pop.patch new file mode 100644 index 00000000000..ef66cfb61c6 --- /dev/null +++ b/queue-4.14/usb-renesas_usbhs-clear-pipe-running-flag-in-usbhs_pkt_pop.patch @@ -0,0 +1,37 @@ +From foo@baz Mon Mar 1 01:44:45 PM CET 2021 +From: Yoshihiro Shimoda +Date: Mon, 1 Feb 2021 21:47:20 +0900 +Subject: usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() + +From: Yoshihiro Shimoda + +commit 9917f0e3cdba7b9f1a23f70e3f70b1a106be54a8 upstream + +Should clear the pipe running flag in usbhs_pkt_pop(). Otherwise, +we cannot use this pipe after dequeue was called while the pipe was +running. + +Fixes: 8355b2b3082d ("usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle") +Reported-by: Tho Vu +Signed-off-by: Yoshihiro Shimoda +Link: https://lore.kernel.org/r/1612183640-8898-1-git-send-email-yoshihiro.shimoda.uh@renesas.com +Cc: stable +Signed-off-by: Greg Kroah-Hartman +[sudip: adjust context] +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/renesas_usbhs/fifo.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/usb/renesas_usbhs/fifo.c ++++ b/drivers/usb/renesas_usbhs/fifo.c +@@ -137,6 +137,8 @@ struct usbhs_pkt *usbhs_pkt_pop(struct u + usbhsf_dma_unmap(pkt); + } + ++ usbhs_pipe_running(pipe, 0); ++ + __usbhsf_pkt_del(pkt); + } + diff --git a/queue-4.14/watchdog-mei_wdt-request-stop-on-unregister.patch b/queue-4.14/watchdog-mei_wdt-request-stop-on-unregister.patch new file mode 100644 index 00000000000..5904fa2e944 --- /dev/null +++ b/queue-4.14/watchdog-mei_wdt-request-stop-on-unregister.patch @@ -0,0 +1,43 @@ +From 740c0a57b8f1e36301218bf549f3c9cc833a60be Mon Sep 17 00:00:00 2001 +From: Alexander Usyskin +Date: Sun, 24 Jan 2021 13:49:38 +0200 +Subject: watchdog: mei_wdt: request stop on unregister + +From: Alexander Usyskin + +commit 740c0a57b8f1e36301218bf549f3c9cc833a60be upstream. + +The MEI bus has a special behavior on suspend it destroys +all the attached devices, this is due to the fact that also +firmware context is not persistent across power flows. + +If watchdog on MEI bus is ticking before suspending the firmware +times out and reports that the OS is missing watchdog tick. +Send the stop command to the firmware on watchdog unregistered +to eliminate the false event on suspend. +This does not make the things worse from the user-space perspective +as a user-space should re-open watchdog device after +suspending before this patch. + +Cc: +Signed-off-by: Alexander Usyskin +Signed-off-by: Tomas Winkler +Reviewed-by: Guenter Roeck +Link: https://lore.kernel.org/r/20210124114938.373885-1-tomas.winkler@intel.com +Signed-off-by: Guenter Roeck +Signed-off-by: Wim Van Sebroeck +Signed-off-by: Greg Kroah-Hartman +--- + drivers/watchdog/mei_wdt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/watchdog/mei_wdt.c ++++ b/drivers/watchdog/mei_wdt.c +@@ -390,6 +390,7 @@ static int mei_wdt_register(struct mei_w + + watchdog_set_drvdata(&wdt->wdd, wdt); + watchdog_stop_on_reboot(&wdt->wdd); ++ watchdog_stop_on_unregister(&wdt->wdd); + + ret = watchdog_register_device(&wdt->wdd); + if (ret) { -- 2.47.3