From ecfcac0dadab8434d6041e90f8d642523fabaeaa Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 16 Mar 2020 15:06:49 +0100 Subject: [PATCH] 5.5-stable patches added patches: batman-adv-don-t-schedule-ogm-for-disabled-interface.patch clk-imx8mn-fix-incorrect-clock-defines.patch driver-code-clarify-and-fix-platform-device-dma-mask-allocation.patch drm-i915-gvt-fix-dma-buf-display-blur-issue-on-cfl.patch drm-i915-gvt-fix-unnecessary-schedule-timer-when-no-vgpu-exits.patch i2c-gpio-suppress-error-on-probe-defer.patch i2c-i801-do-not-add-ich_res_io_smi-for-the-itco_wdt-device.patch iommu-vt-d-fix-rcu-list-bugs-in-intel_iommu_init.patch netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch netfilter-nf_tables-free-flowtable-hooks-on-hook-register-error.patch nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch nl80211-add-missing-attribute-validation-for-channel-switch.patch nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch perf-bench-futex-wake-restore-thread-count-default-to-online-cpu-count.patch pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch pinctrl-imx-scu-align-imx-sc-msg-structs-to-4.patch pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch virtio_ring-fix-mem-leak-with-vring_new_virtqueue.patch x86-mce-therm_throt-undo-thermal-polling-properly-on-cpu-offline.patch --- ...-schedule-ogm-for-disabled-interface.patch | 43 ++++++ ...k-imx8mn-fix-incorrect-clock-defines.patch | 34 +++++ ...-platform-device-dma-mask-allocation.patch | 134 +++++++++++++++++ ...ix-dma-buf-display-blur-issue-on-cfl.patch | 41 ++++++ ...ry-schedule-timer-when-no-vgpu-exits.patch | 56 ++++++++ ...c-gpio-suppress-error-on-probe-defer.patch | 36 +++++ ...h_res_io_smi-for-the-itco_wdt-device.patch | 135 ++++++++++++++++++ ...ix-rcu-list-bugs-in-intel_iommu_init.patch | 77 ++++++++++ ...ng-attribute-validation-for-cthelper.patch | 32 +++++ ...owtable-hooks-on-hook-register-error.patch | 43 ++++++ ...alidation-for-beacon-report-scanning.patch | 33 +++++ ...ribute-validation-for-channel-switch.patch | 32 +++++ ...ion-for-critical-protocol-indication.patch | 33 +++++ ...ad-count-default-to-online-cpu-count.patch | 71 +++++++++ ...ef_get-which-blocks-hogs-being-freed.patch | 34 +++++ ...mx-scu-align-imx-sc-msg-structs-to-4.patch | 43 ++++++ ...inctrl-meson-gxl-fix-gpiox-sdio-pins.patch | 37 +++++ queue-5.5/series | 19 +++ ...ix-mem-leak-with-vring_new_virtqueue.patch | 47 ++++++ ...rmal-polling-properly-on-cpu-offline.patch | 55 +++++++ 20 files changed, 1035 insertions(+) create mode 100644 queue-5.5/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch create mode 100644 queue-5.5/clk-imx8mn-fix-incorrect-clock-defines.patch create mode 100644 queue-5.5/driver-code-clarify-and-fix-platform-device-dma-mask-allocation.patch create mode 100644 queue-5.5/drm-i915-gvt-fix-dma-buf-display-blur-issue-on-cfl.patch create mode 100644 queue-5.5/drm-i915-gvt-fix-unnecessary-schedule-timer-when-no-vgpu-exits.patch create mode 100644 queue-5.5/i2c-gpio-suppress-error-on-probe-defer.patch create mode 100644 queue-5.5/i2c-i801-do-not-add-ich_res_io_smi-for-the-itco_wdt-device.patch create mode 100644 queue-5.5/iommu-vt-d-fix-rcu-list-bugs-in-intel_iommu_init.patch create mode 100644 queue-5.5/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch create mode 100644 queue-5.5/netfilter-nf_tables-free-flowtable-hooks-on-hook-register-error.patch create mode 100644 queue-5.5/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch create mode 100644 queue-5.5/nl80211-add-missing-attribute-validation-for-channel-switch.patch create mode 100644 queue-5.5/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch create mode 100644 queue-5.5/perf-bench-futex-wake-restore-thread-count-default-to-online-cpu-count.patch create mode 100644 queue-5.5/pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch create mode 100644 queue-5.5/pinctrl-imx-scu-align-imx-sc-msg-structs-to-4.patch create mode 100644 queue-5.5/pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch create mode 100644 queue-5.5/virtio_ring-fix-mem-leak-with-vring_new_virtqueue.patch create mode 100644 queue-5.5/x86-mce-therm_throt-undo-thermal-polling-properly-on-cpu-offline.patch diff --git a/queue-5.5/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch b/queue-5.5/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch new file mode 100644 index 00000000000..1df46855ef8 --- /dev/null +++ b/queue-5.5/batman-adv-don-t-schedule-ogm-for-disabled-interface.patch @@ -0,0 +1,43 @@ +From 8e8ce08198de193e3d21d42e96945216e3d9ac7f Mon Sep 17 00:00:00 2001 +From: Sven Eckelmann +Date: Sun, 16 Feb 2020 13:02:06 +0100 +Subject: batman-adv: Don't schedule OGM for disabled interface + +From: Sven Eckelmann + +commit 8e8ce08198de193e3d21d42e96945216e3d9ac7f upstream. + +A transmission scheduling for an interface which is currently dropped by +batadv_iv_ogm_iface_disable could still be in progress. The B.A.T.M.A.N. V +is simply cancelling the workqueue item in an synchronous way but this is +not possible with B.A.T.M.A.N. IV because the OGM submissions are +intertwined. + +Instead it has to stop submitting the OGM when it detect that the buffer +pointer is set to NULL. + +Reported-by: syzbot+a98f2016f40b9cd3818a@syzkaller.appspotmail.com +Reported-by: syzbot+ac36b6a33c28a491e929@syzkaller.appspotmail.com +Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") +Signed-off-by: Sven Eckelmann +Cc: Hillf Danton +Signed-off-by: Simon Wunderlich +Signed-off-by: Greg Kroah-Hartman + +--- + net/batman-adv/bat_iv_ogm.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/batman-adv/bat_iv_ogm.c ++++ b/net/batman-adv/bat_iv_ogm.c +@@ -789,6 +789,10 @@ static void batadv_iv_ogm_schedule_buff( + + lockdep_assert_held(&hard_iface->bat_iv.ogm_buff_mutex); + ++ /* interface already disabled by batadv_iv_ogm_iface_disable */ ++ if (!*ogm_buff) ++ return; ++ + /* the interface gets activated here to avoid race conditions between + * the moment of activating the interface in + * hardif_activate_interface() where the originator mac is set and diff --git a/queue-5.5/clk-imx8mn-fix-incorrect-clock-defines.patch b/queue-5.5/clk-imx8mn-fix-incorrect-clock-defines.patch new file mode 100644 index 00000000000..f0b0358ae43 --- /dev/null +++ b/queue-5.5/clk-imx8mn-fix-incorrect-clock-defines.patch @@ -0,0 +1,34 @@ +From 5eb40257047fb11085d582b7b9ccd0bffe900726 Mon Sep 17 00:00:00 2001 +From: Anson Huang +Date: Mon, 17 Feb 2020 11:01:35 +0800 +Subject: clk: imx8mn: Fix incorrect clock defines + +From: Anson Huang + +commit 5eb40257047fb11085d582b7b9ccd0bffe900726 upstream. + +IMX8MN_CLK_I2C4 and IMX8MN_CLK_UART1's index definitions are incorrect, +fix them. + +Fixes: 1e80936a42e1 ("dt-bindings: imx: Add clock binding doc for i.MX8MN") +Signed-off-by: Anson Huang +Signed-off-by: Shawn Guo +Signed-off-by: Greg Kroah-Hartman + +--- + include/dt-bindings/clock/imx8mn-clock.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/include/dt-bindings/clock/imx8mn-clock.h ++++ b/include/dt-bindings/clock/imx8mn-clock.h +@@ -122,8 +122,8 @@ + #define IMX8MN_CLK_I2C1 105 + #define IMX8MN_CLK_I2C2 106 + #define IMX8MN_CLK_I2C3 107 +-#define IMX8MN_CLK_I2C4 118 +-#define IMX8MN_CLK_UART1 119 ++#define IMX8MN_CLK_I2C4 108 ++#define IMX8MN_CLK_UART1 109 + #define IMX8MN_CLK_UART2 110 + #define IMX8MN_CLK_UART3 111 + #define IMX8MN_CLK_UART4 112 diff --git a/queue-5.5/driver-code-clarify-and-fix-platform-device-dma-mask-allocation.patch b/queue-5.5/driver-code-clarify-and-fix-platform-device-dma-mask-allocation.patch new file mode 100644 index 00000000000..3c50c5a87e7 --- /dev/null +++ b/queue-5.5/driver-code-clarify-and-fix-platform-device-dma-mask-allocation.patch @@ -0,0 +1,134 @@ +From e3a36eb6dfaeea8175c05d5915dcf0b939be6dab Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Wed, 11 Mar 2020 17:07:10 +0100 +Subject: driver code: clarify and fix platform device DMA mask allocation + +From: Christoph Hellwig + +commit e3a36eb6dfaeea8175c05d5915dcf0b939be6dab upstream. + +This does three inter-related things to clarify the usage of the +platform device dma_mask field. In the process, fix the bug introduced +by cdfee5623290 ("driver core: initialize a default DMA mask for +platform device") that caused Artem Tashkinov's laptop to not boot with +newer Fedora kernels. + +This does: + + - First off, rename the field to "platform_dma_mask" to make it + greppable. + + We have way too many different random fields called "dma_mask" in + various data structures, where some of them are actual masks, and + some of them are just pointers to the mask. And the structures all + have pointers to each other, or embed each other inside themselves, + and "pdev" sometimes means "platform device" and sometimes it means + "PCI device". + + So to make it clear in the code when you actually use this new field, + give it a unique name (it really should be something even more unique + like "platform_device_dma_mask", since it's per platform device, not + per platform, but that gets old really fast, and this is unique + enough in context). + + To further clarify when the field gets used, initialize it when we + actually start using it with the default value. + + - Then, use this field instead of the random one-off allocation in + platform_device_register_full() that is now unnecessary since we now + already have a perfectly fine allocation for it in the platform + device structure. + + - The above then allows us to fix the actual bug, where the error path + of platform_device_register_full() would unconditionally free the + platform device DMA allocation with 'kfree()'. + + That kfree() was dont regardless of whether the allocation had been + done earlier with the (now removed) kmalloc, or whether + setup_pdev_dma_masks() had already been used and the dma_mask pointer + pointed to the mask that was part of the platform device. + +It seems most people never triggered the error path, or only triggered +it from a call chain that set an explicit pdevinfo->dma_mask value (and +thus caused the unnecessary allocation that was "cleaned up" in the +error path) before calling platform_device_register_full(). + +Robin Murphy points out that in Artem's case the wdat_wdt driver failed +in platform_device_add(), and that was the one that had called +platform_device_register_full() with pdevinfo.dma_mask = 0, and would +have caused that kfree() of pdev.dma_mask corrupting the heap. + +A later unrelated kmalloc() then oopsed due to the heap corruption. + +Fixes: cdfee5623290 ("driver core: initialize a default DMA mask for platform device") +Reported-bisected-and-tested-by: Artem S. Tashkinov +Reviewed-by: Robin Murphy +Cc: Greg Kroah-Hartman +Signed-off-by: Christoph Hellwig +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/platform.c | 25 ++++++------------------- + include/linux/platform_device.h | 2 +- + 2 files changed, 7 insertions(+), 20 deletions(-) + +--- a/drivers/base/platform.c ++++ b/drivers/base/platform.c +@@ -363,10 +363,10 @@ static void setup_pdev_dma_masks(struct + { + if (!pdev->dev.coherent_dma_mask) + pdev->dev.coherent_dma_mask = DMA_BIT_MASK(32); +- if (!pdev->dma_mask) +- pdev->dma_mask = DMA_BIT_MASK(32); +- if (!pdev->dev.dma_mask) +- pdev->dev.dma_mask = &pdev->dma_mask; ++ if (!pdev->dev.dma_mask) { ++ pdev->platform_dma_mask = DMA_BIT_MASK(32); ++ pdev->dev.dma_mask = &pdev->platform_dma_mask; ++ } + }; + + /** +@@ -662,20 +662,8 @@ struct platform_device *platform_device_ + pdev->dev.of_node_reused = pdevinfo->of_node_reused; + + if (pdevinfo->dma_mask) { +- /* +- * This memory isn't freed when the device is put, +- * I don't have a nice idea for that though. Conceptually +- * dma_mask in struct device should not be a pointer. +- * See http://thread.gmane.org/gmane.linux.kernel.pci/9081 +- */ +- pdev->dev.dma_mask = +- kmalloc(sizeof(*pdev->dev.dma_mask), GFP_KERNEL); +- if (!pdev->dev.dma_mask) +- goto err; +- +- kmemleak_ignore(pdev->dev.dma_mask); +- +- *pdev->dev.dma_mask = pdevinfo->dma_mask; ++ pdev->platform_dma_mask = pdevinfo->dma_mask; ++ pdev->dev.dma_mask = &pdev->platform_dma_mask; + pdev->dev.coherent_dma_mask = pdevinfo->dma_mask; + } + +@@ -700,7 +688,6 @@ struct platform_device *platform_device_ + if (ret) { + err: + ACPI_COMPANION_SET(&pdev->dev, NULL); +- kfree(pdev->dev.dma_mask); + platform_device_put(pdev); + return ERR_PTR(ret); + } +--- a/include/linux/platform_device.h ++++ b/include/linux/platform_device.h +@@ -24,7 +24,7 @@ struct platform_device { + int id; + bool id_auto; + struct device dev; +- u64 dma_mask; ++ u64 platform_dma_mask; + u32 num_resources; + struct resource *resource; + diff --git a/queue-5.5/drm-i915-gvt-fix-dma-buf-display-blur-issue-on-cfl.patch b/queue-5.5/drm-i915-gvt-fix-dma-buf-display-blur-issue-on-cfl.patch new file mode 100644 index 00000000000..e0945ad180d --- /dev/null +++ b/queue-5.5/drm-i915-gvt-fix-dma-buf-display-blur-issue-on-cfl.patch @@ -0,0 +1,41 @@ +From 259170cb4c84f4165a36c0b05811eb74c495412c Mon Sep 17 00:00:00 2001 +From: Tina Zhang +Date: Thu, 27 Feb 2020 09:00:41 +0800 +Subject: drm/i915/gvt: Fix dma-buf display blur issue on CFL + +From: Tina Zhang + +commit 259170cb4c84f4165a36c0b05811eb74c495412c upstream. + +Commit c3b5a8430daad ("drm/i915/gvt: Enable gfx virtualiztion for CFL") +added the support on CFL. The vgpu emulation hotplug support on CFL was +supposed to be included in that patch. Without the vgpu emulation +hotplug support, the dma-buf based display gives us a blur face. + +So fix this issue by adding the vgpu emulation hotplug support on CFL. + +Fixes: c3b5a8430daad ("drm/i915/gvt: Enable gfx virtualiztion for CFL") +Signed-off-by: Tina Zhang +Acked-by: Zhenyu Wang +Signed-off-by: Zhenyu Wang +Link: http://patchwork.freedesktop.org/patch/msgid/20200227010041.32248-1-tina.zhang@intel.com +(cherry picked from commit 135dde8853c7e00f6002e710f7e4787ed8585c0e) +Signed-off-by: Jani Nikula +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/gvt/display.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/i915/gvt/display.c ++++ b/drivers/gpu/drm/i915/gvt/display.c +@@ -457,7 +457,8 @@ void intel_vgpu_emulate_hotplug(struct i + struct drm_i915_private *dev_priv = vgpu->gvt->dev_priv; + + /* TODO: add more platforms support */ +- if (IS_SKYLAKE(dev_priv) || IS_KABYLAKE(dev_priv)) { ++ if (IS_SKYLAKE(dev_priv) || IS_KABYLAKE(dev_priv) || ++ IS_COFFEELAKE(dev_priv)) { + if (connected) { + vgpu_vreg_t(vgpu, SFUSE_STRAP) |= + SFUSE_STRAP_DDID_DETECTED; diff --git a/queue-5.5/drm-i915-gvt-fix-unnecessary-schedule-timer-when-no-vgpu-exits.patch b/queue-5.5/drm-i915-gvt-fix-unnecessary-schedule-timer-when-no-vgpu-exits.patch new file mode 100644 index 00000000000..06d1456a691 --- /dev/null +++ b/queue-5.5/drm-i915-gvt-fix-unnecessary-schedule-timer-when-no-vgpu-exits.patch @@ -0,0 +1,56 @@ +From 04d6067f1f19e70a418f92fa3170cf7fe53b7fdf Mon Sep 17 00:00:00 2001 +From: Zhenyu Wang +Date: Tue, 3 Mar 2020 13:54:12 +0800 +Subject: drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits + +From: Zhenyu Wang + +commit 04d6067f1f19e70a418f92fa3170cf7fe53b7fdf upstream. + +From commit f25a49ab8ab9 ("drm/i915/gvt: Use vgpu_lock to protect per +vgpu access") the vgpu idr destroy is moved later than vgpu resource +destroy, then it would fail to stop timer for schedule policy clean +which to check vgpu idr for any left vGPU. So this trys to destroy +vgpu idr earlier. + +Cc: Colin Xu +Fixes: f25a49ab8ab9 ("drm/i915/gvt: Use vgpu_lock to protect per vgpu access") +Acked-by: Colin Xu +Signed-off-by: Zhenyu Wang +Link: http://patchwork.freedesktop.org/patch/msgid/20200229055445.31481-1-zhenyuw@linux.intel.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/gvt/vgpu.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/drivers/gpu/drm/i915/gvt/vgpu.c ++++ b/drivers/gpu/drm/i915/gvt/vgpu.c +@@ -272,10 +272,17 @@ void intel_gvt_destroy_vgpu(struct intel + { + struct intel_gvt *gvt = vgpu->gvt; + +- mutex_lock(&vgpu->vgpu_lock); +- + WARN(vgpu->active, "vGPU is still active!\n"); + ++ /* ++ * remove idr first so later clean can judge if need to stop ++ * service if no active vgpu. ++ */ ++ mutex_lock(&gvt->lock); ++ idr_remove(&gvt->vgpu_idr, vgpu->id); ++ mutex_unlock(&gvt->lock); ++ ++ mutex_lock(&vgpu->vgpu_lock); + intel_gvt_debugfs_remove_vgpu(vgpu); + intel_vgpu_clean_sched_policy(vgpu); + intel_vgpu_clean_submission(vgpu); +@@ -290,7 +297,6 @@ void intel_gvt_destroy_vgpu(struct intel + mutex_unlock(&vgpu->vgpu_lock); + + mutex_lock(&gvt->lock); +- idr_remove(&gvt->vgpu_idr, vgpu->id); + if (idr_is_empty(&gvt->vgpu_idr)) + intel_gvt_clean_irq(gvt); + intel_gvt_update_vgpu_types(gvt); diff --git a/queue-5.5/i2c-gpio-suppress-error-on-probe-defer.patch b/queue-5.5/i2c-gpio-suppress-error-on-probe-defer.patch new file mode 100644 index 00000000000..5b2c0d81223 --- /dev/null +++ b/queue-5.5/i2c-gpio-suppress-error-on-probe-defer.patch @@ -0,0 +1,36 @@ +From 3747cd2efe7ecb9604972285ab3f60c96cb753a8 Mon Sep 17 00:00:00 2001 +From: Hamish Martin +Date: Tue, 10 Mar 2020 10:16:18 +1300 +Subject: i2c: gpio: suppress error on probe defer + +From: Hamish Martin + +commit 3747cd2efe7ecb9604972285ab3f60c96cb753a8 upstream. + +If a GPIO we are trying to use is not available and we are deferring +the probe, don't output an error message. +This seems to have been the intent of commit 05c74778858d +("i2c: gpio: Add support for named gpios in DT") but the error was +still output due to not checking the updated 'retdesc'. + +Fixes: 05c74778858d ("i2c: gpio: Add support for named gpios in DT") +Signed-off-by: Hamish Martin +Acked-by: Linus Walleij +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-gpio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-gpio.c ++++ b/drivers/i2c/busses/i2c-gpio.c +@@ -348,7 +348,7 @@ static struct gpio_desc *i2c_gpio_get_de + if (ret == -ENOENT) + retdesc = ERR_PTR(-EPROBE_DEFER); + +- if (ret != -EPROBE_DEFER) ++ if (PTR_ERR(retdesc) != -EPROBE_DEFER) + dev_err(dev, "error trying to get descriptor: %d\n", ret); + + return retdesc; diff --git a/queue-5.5/i2c-i801-do-not-add-ich_res_io_smi-for-the-itco_wdt-device.patch b/queue-5.5/i2c-i801-do-not-add-ich_res_io_smi-for-the-itco_wdt-device.patch new file mode 100644 index 00000000000..b9f1b7fd8c8 --- /dev/null +++ b/queue-5.5/i2c-i801-do-not-add-ich_res_io_smi-for-the-itco_wdt-device.patch @@ -0,0 +1,135 @@ +From 04bbb97d1b732b2d197f103c5818f5c214a4cf81 Mon Sep 17 00:00:00 2001 +From: Mika Westerberg +Date: Wed, 26 Feb 2020 16:21:22 +0300 +Subject: i2c: i801: Do not add ICH_RES_IO_SMI for the iTCO_wdt device + +From: Mika Westerberg + +commit 04bbb97d1b732b2d197f103c5818f5c214a4cf81 upstream. + +Martin noticed that nct6775 driver does not load properly on his system +in v5.4+ kernels. The issue was bisected to commit b84398d6d7f9 ("i2c: +i801: Use iTCO version 6 in Cannon Lake PCH and beyond") but it is +likely not the culprit because the faulty code has been in the driver +already since commit 9424693035a5 ("i2c: i801: Create iTCO device on +newer Intel PCHs"). So more likely some commit that added PCI IDs of +recent chipsets made the driver to create the iTCO_wdt device on Martins +system. + +The issue was debugged to be PCI configuration access to the PMC device +that is not present. This returns all 1's when read and this caused the +iTCO_wdt driver to accidentally request resourses used by nct6775. + +It turns out that the SMI resource is only required for some ancient +systems, not the ones supported by this driver. For this reason do not +populate the SMI resource at all and drop all the related code. The +driver now always populates the main I/O resource and only in case of SPT +(Intel Sunrisepoint) compatible devices it adds another resource for the +NO_REBOOT bit. These two resources are of different types so +platform_get_resource() used by the iTCO_wdt driver continues to find +the both resources at index 0. + +Link: https://lore.kernel.org/linux-hwmon/CAM1AHpQ4196tyD=HhBu-2donSsuogabkfP03v1YF26Q7_BgvgA@mail.gmail.com/ +Fixes: 9424693035a5 ("i2c: i801: Create iTCO device on newer Intel PCHs") +[wsa: complete fix needs all of http://patchwork.ozlabs.org/project/linux-i2c/list/?series=160959&state=*] +Reported-by: Martin Volf +Signed-off-by: Mika Westerberg +Reviewed-by: Guenter Roeck +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-i801.c | 45 +++++++++++------------------------------- + 1 file changed, 12 insertions(+), 33 deletions(-) + +--- a/drivers/i2c/busses/i2c-i801.c ++++ b/drivers/i2c/busses/i2c-i801.c +@@ -131,11 +131,6 @@ + #define TCOBASE 0x050 + #define TCOCTL 0x054 + +-#define ACPIBASE 0x040 +-#define ACPIBASE_SMI_OFF 0x030 +-#define ACPICTRL 0x044 +-#define ACPICTRL_EN 0x080 +- + #define SBREG_BAR 0x10 + #define SBREG_SMBCTRL 0xc6000c + #define SBREG_SMBCTRL_DNV 0xcf000c +@@ -1550,7 +1545,7 @@ i801_add_tco_spt(struct i801_priv *priv, + pci_bus_write_config_byte(pci_dev->bus, devfn, 0xe1, hidden); + spin_unlock(&p2sb_spinlock); + +- res = &tco_res[ICH_RES_MEM_OFF]; ++ res = &tco_res[1]; + if (pci_dev->device == PCI_DEVICE_ID_INTEL_DNV_SMBUS) + res->start = (resource_size_t)base64_addr + SBREG_SMBCTRL_DNV; + else +@@ -1560,7 +1555,7 @@ i801_add_tco_spt(struct i801_priv *priv, + res->flags = IORESOURCE_MEM; + + return platform_device_register_resndata(&pci_dev->dev, "iTCO_wdt", -1, +- tco_res, 3, &spt_tco_platform_data, ++ tco_res, 2, &spt_tco_platform_data, + sizeof(spt_tco_platform_data)); + } + +@@ -1573,17 +1568,16 @@ static struct platform_device * + i801_add_tco_cnl(struct i801_priv *priv, struct pci_dev *pci_dev, + struct resource *tco_res) + { +- return platform_device_register_resndata(&pci_dev->dev, "iTCO_wdt", -1, +- tco_res, 2, &cnl_tco_platform_data, +- sizeof(cnl_tco_platform_data)); ++ return platform_device_register_resndata(&pci_dev->dev, ++ "iTCO_wdt", -1, tco_res, 1, &cnl_tco_platform_data, ++ sizeof(cnl_tco_platform_data)); + } + + static void i801_add_tco(struct i801_priv *priv) + { +- u32 base_addr, tco_base, tco_ctl, ctrl_val; + struct pci_dev *pci_dev = priv->pci_dev; +- struct resource tco_res[3], *res; +- unsigned int devfn; ++ struct resource tco_res[2], *res; ++ u32 tco_base, tco_ctl; + + /* If we have ACPI based watchdog use that instead */ + if (acpi_has_watchdog()) +@@ -1598,30 +1592,15 @@ static void i801_add_tco(struct i801_pri + return; + + memset(tco_res, 0, sizeof(tco_res)); +- +- res = &tco_res[ICH_RES_IO_TCO]; +- res->start = tco_base & ~1; +- res->end = res->start + 32 - 1; +- res->flags = IORESOURCE_IO; +- + /* +- * Power Management registers. ++ * Always populate the main iTCO IO resource here. The second entry ++ * for NO_REBOOT MMIO is filled by the SPT specific function. + */ +- devfn = PCI_DEVFN(PCI_SLOT(pci_dev->devfn), 2); +- pci_bus_read_config_dword(pci_dev->bus, devfn, ACPIBASE, &base_addr); +- +- res = &tco_res[ICH_RES_IO_SMI]; +- res->start = (base_addr & ~1) + ACPIBASE_SMI_OFF; +- res->end = res->start + 3; ++ res = &tco_res[0]; ++ res->start = tco_base & ~1; ++ res->end = res->start + 32 - 1; + res->flags = IORESOURCE_IO; + +- /* +- * Enable the ACPI I/O space. +- */ +- pci_bus_read_config_dword(pci_dev->bus, devfn, ACPICTRL, &ctrl_val); +- ctrl_val |= ACPICTRL_EN; +- pci_bus_write_config_dword(pci_dev->bus, devfn, ACPICTRL, ctrl_val); +- + if (priv->features & FEATURE_TCO_CNL) + priv->tco_pdev = i801_add_tco_cnl(priv, pci_dev, tco_res); + else diff --git a/queue-5.5/iommu-vt-d-fix-rcu-list-bugs-in-intel_iommu_init.patch b/queue-5.5/iommu-vt-d-fix-rcu-list-bugs-in-intel_iommu_init.patch new file mode 100644 index 00000000000..2cfc1e37e34 --- /dev/null +++ b/queue-5.5/iommu-vt-d-fix-rcu-list-bugs-in-intel_iommu_init.patch @@ -0,0 +1,77 @@ +From 2d48ea0efb8887ebba3e3720bb5b738aced4e574 Mon Sep 17 00:00:00 2001 +From: Qian Cai +Date: Thu, 5 Mar 2020 15:00:46 -0500 +Subject: iommu/vt-d: Fix RCU-list bugs in intel_iommu_init() + +From: Qian Cai + +commit 2d48ea0efb8887ebba3e3720bb5b738aced4e574 upstream. + +There are several places traverse RCU-list without holding any lock in +intel_iommu_init(). Fix them by acquiring dmar_global_lock. + + WARNING: suspicious RCU usage + ----------------------------- + drivers/iommu/intel-iommu.c:5216 RCU-list traversed in non-reader section!! + + other info that might help us debug this: + + rcu_scheduler_active = 2, debug_locks = 1 + no locks held by swapper/0/1. + + Call Trace: + dump_stack+0xa0/0xea + lockdep_rcu_suspicious+0x102/0x10b + intel_iommu_init+0x947/0xb13 + pci_iommu_init+0x26/0x62 + do_one_initcall+0xfe/0x500 + kernel_init_freeable+0x45a/0x4f8 + kernel_init+0x11/0x139 + ret_from_fork+0x3a/0x50 + DMAR: Intel(R) Virtualization Technology for Directed I/O + +Fixes: d8190dc63886 ("iommu/vt-d: Enable DMA remapping after rmrr mapped") +Signed-off-by: Qian Cai +Acked-by: Lu Baolu +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/intel-iommu.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/iommu/intel-iommu.c ++++ b/drivers/iommu/intel-iommu.c +@@ -5068,6 +5068,7 @@ int __init intel_iommu_init(void) + + init_iommu_pm_ops(); + ++ down_read(&dmar_global_lock); + for_each_active_iommu(iommu, drhd) { + iommu_device_sysfs_add(&iommu->iommu, NULL, + intel_iommu_groups, +@@ -5075,6 +5076,7 @@ int __init intel_iommu_init(void) + iommu_device_set_ops(&iommu->iommu, &intel_iommu_ops); + iommu_device_register(&iommu->iommu); + } ++ up_read(&dmar_global_lock); + + bus_set_iommu(&pci_bus_type, &intel_iommu_ops); + if (si_domain && !hw_pass_through) +@@ -5085,7 +5087,6 @@ int __init intel_iommu_init(void) + down_read(&dmar_global_lock); + if (probe_acpi_namespace_devices()) + pr_warn("ACPI name space devices didn't probe correctly\n"); +- up_read(&dmar_global_lock); + + /* Finally, we enable the DMA remapping hardware. */ + for_each_iommu(iommu, drhd) { +@@ -5094,6 +5095,8 @@ int __init intel_iommu_init(void) + + iommu_disable_protect_mem_regions(iommu); + } ++ up_read(&dmar_global_lock); ++ + pr_info("Intel(R) Virtualization Technology for Directed I/O\n"); + + intel_iommu_enabled = 1; diff --git a/queue-5.5/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch b/queue-5.5/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch new file mode 100644 index 00000000000..50f42b7267b --- /dev/null +++ b/queue-5.5/netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch @@ -0,0 +1,32 @@ +From c049b3450072b8e3998053490e025839fecfef31 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:08:31 -0800 +Subject: netfilter: cthelper: add missing attribute validation for cthelper + +From: Jakub Kicinski + +commit c049b3450072b8e3998053490e025839fecfef31 upstream. + +Add missing attribute validation for cthelper +to the netlink policy. + +Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure") +Signed-off-by: Jakub Kicinski +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nfnetlink_cthelper.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/netfilter/nfnetlink_cthelper.c ++++ b/net/netfilter/nfnetlink_cthelper.c +@@ -742,6 +742,8 @@ static const struct nla_policy nfnl_cthe + [NFCTH_NAME] = { .type = NLA_NUL_STRING, + .len = NF_CT_HELPER_NAME_LEN-1 }, + [NFCTH_QUEUE_NUM] = { .type = NLA_U32, }, ++ [NFCTH_PRIV_DATA_LEN] = { .type = NLA_U32, }, ++ [NFCTH_STATUS] = { .type = NLA_U32, }, + }; + + static const struct nfnl_callback nfnl_cthelper_cb[NFNL_MSG_CTHELPER_MAX] = { diff --git a/queue-5.5/netfilter-nf_tables-free-flowtable-hooks-on-hook-register-error.patch b/queue-5.5/netfilter-nf_tables-free-flowtable-hooks-on-hook-register-error.patch new file mode 100644 index 00000000000..02d151a4277 --- /dev/null +++ b/queue-5.5/netfilter-nf_tables-free-flowtable-hooks-on-hook-register-error.patch @@ -0,0 +1,43 @@ +From 2d285f26ecd072800a29c5b71e63437f21ef830a Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Mon, 2 Mar 2020 21:58:50 +0100 +Subject: netfilter: nf_tables: free flowtable hooks on hook register error + +From: Florian Westphal + +commit 2d285f26ecd072800a29c5b71e63437f21ef830a upstream. + +If hook registration fails, the hooks allocated via nft_netdev_hook_alloc +need to be freed. + +We can't change the goto label to 'goto 5' -- while it does fix the memleak +it does cause a warning splat from the netfilter core (the hooks were not +registered). + +Fixes: 3f0465a9ef02 ("netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables") +Reported-by: syzbot+a2ff6fa45162a5ed4dd3@syzkaller.appspotmail.com +Signed-off-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_tables_api.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -6172,8 +6172,13 @@ static int nf_tables_newflowtable(struct + goto err4; + + err = nft_register_flowtable_net_hooks(ctx.net, table, flowtable); +- if (err < 0) ++ if (err < 0) { ++ list_for_each_entry_safe(hook, next, &flowtable->hook_list, list) { ++ list_del_rcu(&hook->list); ++ kfree_rcu(hook, rcu); ++ } + goto err4; ++ } + + err = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable); + if (err < 0) diff --git a/queue-5.5/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch b/queue-5.5/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch new file mode 100644 index 00000000000..f3d4d5cce62 --- /dev/null +++ b/queue-5.5/nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch @@ -0,0 +1,33 @@ +From 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:57 -0800 +Subject: nl80211: add missing attribute validation for beacon report scanning + +From: Jakub Kicinski + +commit 056e9375e1f3c4bf2fd49b70258c7daf788ecd9d upstream. + +Add missing attribute validation for beacon report scanning +to the netlink policy. + +Fixes: 1d76250bd34a ("nl80211: support beacon report scanning") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-3-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -469,6 +469,8 @@ const struct nla_policy nl80211_policy[N + [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED }, + [NL80211_ATTR_STA_PLINK_STATE] = + NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1), ++ [NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 }, ++ [NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG }, + [NL80211_ATTR_MESH_PEER_AID] = + NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), + [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 }, diff --git a/queue-5.5/nl80211-add-missing-attribute-validation-for-channel-switch.patch b/queue-5.5/nl80211-add-missing-attribute-validation-for-channel-switch.patch new file mode 100644 index 00000000000..2b55c78f917 --- /dev/null +++ b/queue-5.5/nl80211-add-missing-attribute-validation-for-channel-switch.patch @@ -0,0 +1,32 @@ +From 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:58 -0800 +Subject: nl80211: add missing attribute validation for channel switch + +From: Jakub Kicinski + +commit 5cde05c61cbe13cbb3fa66d52b9ae84f7975e5e6 upstream. + +Add missing attribute validation for NL80211_ATTR_OPER_CLASS +to the netlink policy. + +Fixes: 1057d35ede5d ("cfg80211: introduce TDLS channel switch commands") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-4-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -564,6 +564,7 @@ const struct nla_policy nl80211_policy[N + NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1), + [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 }, + [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 }, ++ [NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 }, + [NL80211_ATTR_MAC_MASK] = { + .type = NLA_EXACT_LEN_WARN, + .len = ETH_ALEN diff --git a/queue-5.5/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch b/queue-5.5/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch new file mode 100644 index 00000000000..dd3f6a2bb4e --- /dev/null +++ b/queue-5.5/nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch @@ -0,0 +1,33 @@ +From 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Mon, 2 Mar 2020 21:10:56 -0800 +Subject: nl80211: add missing attribute validation for critical protocol indication + +From: Jakub Kicinski + +commit 0e1a1d853ecedc99da9d27f9f5c376935547a0e2 upstream. + +Add missing attribute validation for critical protocol fields +to the netlink policy. + +Fixes: 5de17984898c ("cfg80211: introduce critical protocol indication from user-space") +Signed-off-by: Jakub Kicinski +Link: https://lore.kernel.org/r/20200303051058.4089398-2-kuba@kernel.org +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/wireless/nl80211.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -530,6 +530,8 @@ const struct nla_policy nl80211_policy[N + [NL80211_ATTR_MDID] = { .type = NLA_U16 }, + [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY, + .len = IEEE80211_MAX_DATA_LEN }, ++ [NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 }, ++ [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 }, + [NL80211_ATTR_PEER_AID] = + NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID), + [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 }, diff --git a/queue-5.5/perf-bench-futex-wake-restore-thread-count-default-to-online-cpu-count.patch b/queue-5.5/perf-bench-futex-wake-restore-thread-count-default-to-online-cpu-count.patch new file mode 100644 index 00000000000..a587fb686a9 --- /dev/null +++ b/queue-5.5/perf-bench-futex-wake-restore-thread-count-default-to-online-cpu-count.patch @@ -0,0 +1,71 @@ +From f649bd9dd5d5004543bbc3c50b829577b49f5d75 Mon Sep 17 00:00:00 2001 +From: Tommi Rantala +Date: Thu, 5 Mar 2020 10:37:13 +0200 +Subject: perf bench futex-wake: Restore thread count default to online CPU count + +From: Tommi Rantala + +commit f649bd9dd5d5004543bbc3c50b829577b49f5d75 upstream. + +Since commit 3b2323c2c1c4 ("perf bench futex: Use cpumaps") the default +number of threads the benchmark uses got changed from number of online +CPUs to zero: + + $ perf bench futex wake + # Running 'futex/wake' benchmark: + Run summary [PID 15930]: blocking on 0 threads (at [private] futex 0x558b8ee4bfac), waking up 1 at a time. + [Run 1]: Wokeup 0 of 0 threads in 0.0000 ms + [...] + [Run 10]: Wokeup 0 of 0 threads in 0.0000 ms + Wokeup 0 of 0 threads in 0.0004 ms (+-40.82%) + +Restore the old behavior by grabbing the number of online CPUs via +cpu->nr: + + $ perf bench futex wake + # Running 'futex/wake' benchmark: + Run summary [PID 18356]: blocking on 8 threads (at [private] futex 0xb3e62c), waking up 1 at a time. + [Run 1]: Wokeup 8 of 8 threads in 0.0260 ms + [...] + [Run 10]: Wokeup 8 of 8 threads in 0.0270 ms + Wokeup 8 of 8 threads in 0.0419 ms (+-24.35%) + +Fixes: 3b2323c2c1c4 ("perf bench futex: Use cpumaps") +Signed-off-by: Tommi Rantala +Tested-by: Arnaldo Carvalho de Melo +Cc: Alexander Shishkin +Cc: Darren Hart +Cc: Davidlohr Bueso +Cc: Jiri Olsa +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lore.kernel.org/lkml/20200305083714.9381-3-tommi.t.rantala@nokia.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/bench/futex-wake.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/tools/perf/bench/futex-wake.c ++++ b/tools/perf/bench/futex-wake.c +@@ -43,7 +43,7 @@ static bool done = false, silent = false + static pthread_mutex_t thread_lock; + static pthread_cond_t thread_parent, thread_worker; + static struct stats waketime_stats, wakeup_stats; +-static unsigned int ncpus, threads_starting, nthreads = 0; ++static unsigned int threads_starting, nthreads = 0; + static int futex_flag = 0; + + static const struct option options[] = { +@@ -141,7 +141,7 @@ int bench_futex_wake(int argc, const cha + sigaction(SIGINT, &act, NULL); + + if (!nthreads) +- nthreads = ncpus; ++ nthreads = cpu->nr; + + worker = calloc(nthreads, sizeof(*worker)); + if (!worker) diff --git a/queue-5.5/pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch b/queue-5.5/pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch new file mode 100644 index 00000000000..58f56e6f0a3 --- /dev/null +++ b/queue-5.5/pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch @@ -0,0 +1,34 @@ +From aafd56fc79041bf36f97712d4b35208cbe07db90 Mon Sep 17 00:00:00 2001 +From: Charles Keepax +Date: Fri, 28 Feb 2020 15:41:42 +0000 +Subject: pinctrl: core: Remove extra kref_get which blocks hogs being freed + +From: Charles Keepax + +commit aafd56fc79041bf36f97712d4b35208cbe07db90 upstream. + +kref_init starts with the reference count at 1, which will be balanced +by the pinctrl_put in pinctrl_unregister. The additional kref_get in +pinctrl_claim_hogs will increase this count to 2 and cause the hogs to +not get freed when pinctrl_unregister is called. + +Fixes: 6118714275f0 ("pinctrl: core: Fix pinctrl_register_and_init() with pinctrl_enable()") +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20200228154142.13860-1-ckeepax@opensource.cirrus.com +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/core.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/pinctrl/core.c ++++ b/drivers/pinctrl/core.c +@@ -2025,7 +2025,6 @@ static int pinctrl_claim_hogs(struct pin + return PTR_ERR(pctldev->p); + } + +- kref_get(&pctldev->p->users); + pctldev->hog_default = + pinctrl_lookup_state(pctldev->p, PINCTRL_STATE_DEFAULT); + if (IS_ERR(pctldev->hog_default)) { diff --git a/queue-5.5/pinctrl-imx-scu-align-imx-sc-msg-structs-to-4.patch b/queue-5.5/pinctrl-imx-scu-align-imx-sc-msg-structs-to-4.patch new file mode 100644 index 00000000000..f6655e0ad27 --- /dev/null +++ b/queue-5.5/pinctrl-imx-scu-align-imx-sc-msg-structs-to-4.patch @@ -0,0 +1,43 @@ +From 4c48e549f39f8ed10cf8a0b6cb96f5eddf0391ce Mon Sep 17 00:00:00 2001 +From: Leonard Crestez +Date: Thu, 20 Feb 2020 18:29:37 +0200 +Subject: pinctrl: imx: scu: Align imx sc msg structs to 4 + +From: Leonard Crestez + +commit 4c48e549f39f8ed10cf8a0b6cb96f5eddf0391ce upstream. + +The imx SC api strongly assumes that messages are composed out of +4-bytes words but some of our message structs have odd sizeofs. + +This produces many oopses with CONFIG_KASAN=y. + +Fix by marking with __aligned(4). + +Fixes: b96eea718bf6 ("pinctrl: fsl: add scu based pinctrl support") +Signed-off-by: Leonard Crestez +Link: https://lore.kernel.org/r/bd7ad5fd755739a6d8d5f4f65e03b3ca4f457bd2.1582216144.git.leonard.crestez@nxp.com +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/freescale/pinctrl-scu.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/pinctrl/freescale/pinctrl-scu.c ++++ b/drivers/pinctrl/freescale/pinctrl-scu.c +@@ -23,12 +23,12 @@ struct imx_sc_msg_req_pad_set { + struct imx_sc_rpc_msg hdr; + u32 val; + u16 pad; +-} __packed; ++} __packed __aligned(4); + + struct imx_sc_msg_req_pad_get { + struct imx_sc_rpc_msg hdr; + u16 pad; +-} __packed; ++} __packed __aligned(4); + + struct imx_sc_msg_resp_pad_get { + struct imx_sc_rpc_msg hdr; diff --git a/queue-5.5/pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch b/queue-5.5/pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch new file mode 100644 index 00000000000..e45b675bd97 --- /dev/null +++ b/queue-5.5/pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch @@ -0,0 +1,37 @@ +From dc7a06b0dbbafac8623c2b7657e61362f2f479a7 Mon Sep 17 00:00:00 2001 +From: Nicolas Belin +Date: Thu, 20 Feb 2020 14:15:12 +0100 +Subject: pinctrl: meson-gxl: fix GPIOX sdio pins + +From: Nicolas Belin + +commit dc7a06b0dbbafac8623c2b7657e61362f2f479a7 upstream. + +In the gxl driver, the sdio cmd and clk pins are inverted. It has not caused +any issue so far because devices using these pins always take both pins +so the resulting configuration is OK. + +Fixes: 0f15f500ff2c ("pinctrl: meson: Add GXL pinctrl definitions") +Reviewed-by: Jerome Brunet +Signed-off-by: Nicolas Belin +Link: https://lore.kernel.org/r/1582204512-7582-1-git-send-email-nbelin@baylibre.com +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/meson/pinctrl-meson-gxl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/pinctrl/meson/pinctrl-meson-gxl.c ++++ b/drivers/pinctrl/meson/pinctrl-meson-gxl.c +@@ -147,8 +147,8 @@ static const unsigned int sdio_d0_pins[] + static const unsigned int sdio_d1_pins[] = { GPIOX_1 }; + static const unsigned int sdio_d2_pins[] = { GPIOX_2 }; + static const unsigned int sdio_d3_pins[] = { GPIOX_3 }; +-static const unsigned int sdio_cmd_pins[] = { GPIOX_4 }; +-static const unsigned int sdio_clk_pins[] = { GPIOX_5 }; ++static const unsigned int sdio_clk_pins[] = { GPIOX_4 }; ++static const unsigned int sdio_cmd_pins[] = { GPIOX_5 }; + static const unsigned int sdio_irq_pins[] = { GPIOX_7 }; + + static const unsigned int nand_ce0_pins[] = { BOOT_8 }; diff --git a/queue-5.5/series b/queue-5.5/series index 202e2a4eaa8..477d71c0075 100644 --- a/queue-5.5/series +++ b/queue-5.5/series @@ -121,3 +121,22 @@ iommu-vt-d-dmar-replace-warn_taint-with-pr_warn-add_taint.patch iommu-vt-d-dmar_parse_one_rmrr-replace-warn_taint-with-pr_warn-add_taint.patch iommu-vt-d-fix-rcu-list-debugging-warnings.patch iommu-vt-d-fix-a-bug-in-intel_iommu_iova_to_phys-for-huge-page.patch +batman-adv-don-t-schedule-ogm-for-disabled-interface.patch +clk-imx8mn-fix-incorrect-clock-defines.patch +pinctrl-meson-gxl-fix-gpiox-sdio-pins.patch +pinctrl-imx-scu-align-imx-sc-msg-structs-to-4.patch +virtio_ring-fix-mem-leak-with-vring_new_virtqueue.patch +x86-mce-therm_throt-undo-thermal-polling-properly-on-cpu-offline.patch +i2c-i801-do-not-add-ich_res_io_smi-for-the-itco_wdt-device.patch +drm-i915-gvt-fix-dma-buf-display-blur-issue-on-cfl.patch +pinctrl-core-remove-extra-kref_get-which-blocks-hogs-being-freed.patch +drm-i915-gvt-fix-unnecessary-schedule-timer-when-no-vgpu-exits.patch +driver-code-clarify-and-fix-platform-device-dma-mask-allocation.patch +iommu-vt-d-fix-rcu-list-bugs-in-intel_iommu_init.patch +i2c-gpio-suppress-error-on-probe-defer.patch +nl80211-add-missing-attribute-validation-for-critical-protocol-indication.patch +nl80211-add-missing-attribute-validation-for-beacon-report-scanning.patch +nl80211-add-missing-attribute-validation-for-channel-switch.patch +perf-bench-futex-wake-restore-thread-count-default-to-online-cpu-count.patch +netfilter-nf_tables-free-flowtable-hooks-on-hook-register-error.patch +netfilter-cthelper-add-missing-attribute-validation-for-cthelper.patch diff --git a/queue-5.5/virtio_ring-fix-mem-leak-with-vring_new_virtqueue.patch b/queue-5.5/virtio_ring-fix-mem-leak-with-vring_new_virtqueue.patch new file mode 100644 index 00000000000..4924fedfa97 --- /dev/null +++ b/queue-5.5/virtio_ring-fix-mem-leak-with-vring_new_virtqueue.patch @@ -0,0 +1,47 @@ +From f13f09a12cbd0c7b776e083c5d008b6c6a9c4e0b Mon Sep 17 00:00:00 2001 +From: Suman Anna +Date: Mon, 24 Feb 2020 15:26:43 -0600 +Subject: virtio_ring: Fix mem leak with vring_new_virtqueue() + +From: Suman Anna + +commit f13f09a12cbd0c7b776e083c5d008b6c6a9c4e0b upstream. + +The functions vring_new_virtqueue() and __vring_new_virtqueue() are used +with split rings, and any allocations within these functions are managed +outside of the .we_own_ring flag. The commit cbeedb72b97a ("virtio_ring: +allocate desc state for split ring separately") allocates the desc state +within the __vring_new_virtqueue() but frees it only when the .we_own_ring +flag is set. This leads to a memory leak when freeing such allocated +virtqueues with the vring_del_virtqueue() function. + +Fix this by moving the desc_state free code outside the flag and only +for split rings. Issue was discovered during testing with remoteproc +and virtio_rpmsg. + +Fixes: cbeedb72b97a ("virtio_ring: allocate desc state for split ring separately") +Signed-off-by: Suman Anna +Link: https://lore.kernel.org/r/20200224212643.30672-1-s-anna@ti.com +Signed-off-by: Michael S. Tsirkin +Acked-by: Jason Wang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/virtio/virtio_ring.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/virtio/virtio_ring.c ++++ b/drivers/virtio/virtio_ring.c +@@ -2203,10 +2203,10 @@ void vring_del_virtqueue(struct virtqueu + vq->split.queue_size_in_bytes, + vq->split.vring.desc, + vq->split.queue_dma_addr); +- +- kfree(vq->split.desc_state); + } + } ++ if (!vq->packed_ring) ++ kfree(vq->split.desc_state); + list_del(&_vq->list); + kfree(vq); + } diff --git a/queue-5.5/x86-mce-therm_throt-undo-thermal-polling-properly-on-cpu-offline.patch b/queue-5.5/x86-mce-therm_throt-undo-thermal-polling-properly-on-cpu-offline.patch new file mode 100644 index 00000000000..8b31af897bf --- /dev/null +++ b/queue-5.5/x86-mce-therm_throt-undo-thermal-polling-properly-on-cpu-offline.patch @@ -0,0 +1,55 @@ +From d364847eed890211444ad74496bb549f838c6018 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Tue, 25 Feb 2020 14:55:15 +0100 +Subject: x86/mce/therm_throt: Undo thermal polling properly on CPU offline + +From: Thomas Gleixner + +commit d364847eed890211444ad74496bb549f838c6018 upstream. + +Chris Wilson reported splats from running the thermal throttling +workqueue callback on offlined CPUs. The problem is that that callback +should not even run on offlined CPUs but it happens nevertheless because +the offlining callback thermal_throttle_offline() does not symmetrically +undo the setup work done in its onlining counterpart. IOW, + + 1. The thermal interrupt vector should be masked out before ... + + 2. ... cancelling any pending work synchronously so that no new work is + enqueued anymore. + +Do those things and fix the issue properly. + + [ bp: Write commit message. ] + +Fixes: f6656208f04e ("x86/mce/therm_throt: Optimize notifications of thermal throttle") +Reported-by: Chris Wilson +Tested-by: Pandruvada, Srinivas +Signed-off-by: Thomas Gleixner +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/158120068234.18291.7938335950259651295@skylake-alporthouse-com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/mce/therm_throt.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/arch/x86/kernel/cpu/mce/therm_throt.c ++++ b/arch/x86/kernel/cpu/mce/therm_throt.c +@@ -486,9 +486,14 @@ static int thermal_throttle_offline(unsi + { + struct thermal_state *state = &per_cpu(thermal_state, cpu); + struct device *dev = get_cpu_device(cpu); ++ u32 l; + +- cancel_delayed_work(&state->package_throttle.therm_work); +- cancel_delayed_work(&state->core_throttle.therm_work); ++ /* Mask the thermal vector before draining evtl. pending work */ ++ l = apic_read(APIC_LVTTHMR); ++ apic_write(APIC_LVTTHMR, l | APIC_LVT_MASKED); ++ ++ cancel_delayed_work_sync(&state->package_throttle.therm_work); ++ cancel_delayed_work_sync(&state->core_throttle.therm_work); + + state->package_throttle.rate_control_active = false; + state->core_throttle.rate_control_active = false; -- 2.47.3