--- /dev/null
+From 881872df6e78f1429712ecd2484eb4224cd91d90 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 27 Oct 2020 21:49:01 +0800
+Subject: ACPI: NFIT: Fix comparison to '-ENXIO'
+
+From: Zhang Qilong <zhangqilong3@huawei.com>
+
+[ Upstream commit 85f971b65a692b68181438e099b946cc06ed499b ]
+
+Initial value of rc is '-ENXIO', and we should
+use the initial value to check it.
+
+Signed-off-by: Zhang Qilong <zhangqilong3@huawei.com>
+Reviewed-by: Pankaj Gupta <pankaj.gupta.linux@gmail.com>
+Reviewed-by: Vishal Verma <vishal.l.verma@intel.com>
+[ rjw: Subject edit ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/acpi/nfit/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c
+index 31a07609f7a23..b7fd8e00b346b 100644
+--- a/drivers/acpi/nfit/core.c
++++ b/drivers/acpi/nfit/core.c
+@@ -1219,7 +1219,7 @@ static ssize_t format1_show(struct device *dev,
+ le16_to_cpu(nfit_dcr->dcr->code));
+ break;
+ }
+- if (rc != ENXIO)
++ if (rc != -ENXIO)
+ break;
+ }
+ mutex_unlock(&acpi_desc->init_mutex);
+--
+2.27.0
+
--- /dev/null
+From 4e3fd1e8dae37bf7227bc27f51818be5347e0e41 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 3 Oct 2020 12:03:32 +0200
+Subject: ARM: dts: sun4i-a10: fix cpu_alert temperature
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Clément Péron <peron.clem@gmail.com>
+
+[ Upstream commit dea252fa41cd8ce332d148444e4799235a8a03ec ]
+
+When running dtbs_check thermal_zone warn about the
+temperature declared.
+
+thermal-zones: cpu-thermal:trips:cpu-alert0:temperature:0:0: 850000 is greater than the maximum of 200000
+
+It's indeed wrong the real value is 85°C and not 850°C.
+
+Signed-off-by: Clément Péron <peron.clem@gmail.com>
+Signed-off-by: Maxime Ripard <maxime@cerno.tech>
+Link: https://lore.kernel.org/r/20201003100332.431178-1-peron.clem@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/sun4i-a10.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/boot/dts/sun4i-a10.dtsi b/arch/arm/boot/dts/sun4i-a10.dtsi
+index 7e7dfc2b43db0..d1af56d2f25e5 100644
+--- a/arch/arm/boot/dts/sun4i-a10.dtsi
++++ b/arch/arm/boot/dts/sun4i-a10.dtsi
+@@ -144,7 +144,7 @@
+ trips {
+ cpu_alert0: cpu_alert0 {
+ /* milliCelsius */
+- temperature = <850000>;
++ temperature = <85000>;
+ hysteresis = <2000>;
+ type = "passive";
+ };
+--
+2.27.0
+
--- /dev/null
+From f8ec13985c08b1e96b6e8ef325d2aa26918a5665 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 25 Oct 2020 19:51:24 +0800
+Subject: nvme-rdma: handle unexpected nvme completion data length
+
+From: zhenwei pi <pizhenwei@bytedance.com>
+
+[ Upstream commit 25c1ca6ecaba3b751d3f7ff92d5cddff3b05f8d0 ]
+
+Receiving a zero length message leads to the following warnings because
+the CQE is processed twice:
+
+refcount_t: underflow; use-after-free.
+WARNING: CPU: 0 PID: 0 at lib/refcount.c:28
+
+RIP: 0010:refcount_warn_saturate+0xd9/0xe0
+Call Trace:
+ <IRQ>
+ nvme_rdma_recv_done+0xf3/0x280 [nvme_rdma]
+ __ib_process_cq+0x76/0x150 [ib_core]
+ ...
+
+Sanity check the received data length, to avoids this.
+
+Thanks to Chao Leng & Sagi for suggestions.
+
+Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
+Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/host/rdma.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
+index ab4f8db2a8cac..5c1245bbf9a1d 100644
+--- a/drivers/nvme/host/rdma.c
++++ b/drivers/nvme/host/rdma.c
+@@ -1199,6 +1199,14 @@ static int __nvme_rdma_recv_done(struct ib_cq *cq, struct ib_wc *wc, int tag)
+ return 0;
+ }
+
++ /* sanity checking for received data length */
++ if (unlikely(wc->byte_len < len)) {
++ dev_err(queue->ctrl->ctrl.device,
++ "Unexpected nvme completion length(%d)\n", wc->byte_len);
++ nvme_rdma_error_recovery(queue->ctrl);
++ return;
++ }
++
+ ib_dma_sync_single_for_cpu(ibdev, qe->dma, len, DMA_FROM_DEVICE);
+ /*
+ * AEN requests are special as they don't time out and can
+--
+2.27.0
+
--- /dev/null
+From 5004fbf1d06080700f8c8416a8b023ef9ee9ed17 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 21 Oct 2020 11:53:59 +0200
+Subject: of: Fix reserved-memory overlap detection
+
+From: Vincent Whitchurch <vincent.whitchurch@axis.com>
+
+[ Upstream commit ca05f33316559a04867295dd49f85aeedbfd6bfd ]
+
+The reserved-memory overlap detection code fails to detect overlaps if
+either of the regions starts at address 0x0. The code explicitly checks
+for and ignores such regions, apparently in order to ignore dynamically
+allocated regions which have an address of 0x0 at this point. These
+dynamically allocated regions also have a size of 0x0 at this point, so
+fix this by removing the check and sorting the dynamically allocated
+regions ahead of any static regions at address 0x0.
+
+For example, there are two overlaps in this case but they are not
+currently reported:
+
+ foo@0 {
+ reg = <0x0 0x2000>;
+ };
+
+ bar@0 {
+ reg = <0x0 0x1000>;
+ };
+
+ baz@1000 {
+ reg = <0x1000 0x1000>;
+ };
+
+ quux {
+ size = <0x1000>;
+ };
+
+but they are after this patch:
+
+ OF: reserved mem: OVERLAP DETECTED!
+ bar@0 (0x00000000--0x00001000) overlaps with foo@0 (0x00000000--0x00002000)
+ OF: reserved mem: OVERLAP DETECTED!
+ foo@0 (0x00000000--0x00002000) overlaps with baz@1000 (0x00001000--0x00002000)
+
+Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
+Link: https://lore.kernel.org/r/ded6fd6b47b58741aabdcc6967f73eca6a3f311e.1603273666.git-series.vincent.whitchurch@axis.com
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/of/of_reserved_mem.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/of/of_reserved_mem.c b/drivers/of/of_reserved_mem.c
+index 366d8c3c79893..f15bb936dfd84 100644
+--- a/drivers/of/of_reserved_mem.c
++++ b/drivers/of/of_reserved_mem.c
+@@ -222,6 +222,16 @@ static int __init __rmem_cmp(const void *a, const void *b)
+ if (ra->base > rb->base)
+ return 1;
+
++ /*
++ * Put the dynamic allocations (address == 0, size == 0) before static
++ * allocations at address 0x0 so that overlap detection works
++ * correctly.
++ */
++ if (ra->size < rb->size)
++ return -1;
++ if (ra->size > rb->size)
++ return 1;
++
+ return 0;
+ }
+
+@@ -239,8 +249,7 @@ static void __init __rmem_check_for_overlap(void)
+
+ this = &reserved_mem[i];
+ next = &reserved_mem[i + 1];
+- if (!(this->base && next->base))
+- continue;
++
+ if (this->base + this->size > next->base) {
+ phys_addr_t this_end, next_end;
+
+--
+2.27.0
+
--- /dev/null
+From b105f4cb0bd204041b1981cac7ed0ef8f489bf7a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 10 Oct 2020 11:25:39 +0800
+Subject: scsi: core: Don't start concurrent async scan on same host
+
+From: Ming Lei <ming.lei@redhat.com>
+
+[ Upstream commit 831e3405c2a344018a18fcc2665acc5a38c3a707 ]
+
+The current scanning mechanism is supposed to fall back to a synchronous
+host scan if an asynchronous scan is in progress. However, this rule isn't
+strictly respected, scsi_prep_async_scan() doesn't hold scan_mutex when
+checking shost->async_scan. When scsi_scan_host() is called concurrently,
+two async scans on same host can be started and a hang in do_scan_async()
+is observed.
+
+Fixes this issue by checking & setting shost->async_scan atomically with
+shost->scan_mutex.
+
+Link: https://lore.kernel.org/r/20201010032539.426615-1-ming.lei@redhat.com
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Ewan D. Milne <emilne@redhat.com>
+Cc: Hannes Reinecke <hare@suse.de>
+Cc: Bart Van Assche <bvanassche@acm.org>
+Reviewed-by: Lee Duncan <lduncan@suse.com>
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/scsi_scan.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c
+index 67f6f134abc44..397deb69c6595 100644
+--- a/drivers/scsi/scsi_scan.c
++++ b/drivers/scsi/scsi_scan.c
+@@ -1734,15 +1734,16 @@ static void scsi_sysfs_add_devices(struct Scsi_Host *shost)
+ */
+ static struct async_scan_data *scsi_prep_async_scan(struct Scsi_Host *shost)
+ {
+- struct async_scan_data *data;
++ struct async_scan_data *data = NULL;
+ unsigned long flags;
+
+ if (strncmp(scsi_scan_type, "sync", 4) == 0)
+ return NULL;
+
++ mutex_lock(&shost->scan_mutex);
+ if (shost->async_scan) {
+ shost_printk(KERN_DEBUG, shost, "%s called twice\n", __func__);
+- return NULL;
++ goto err;
+ }
+
+ data = kmalloc(sizeof(*data), GFP_KERNEL);
+@@ -1753,7 +1754,6 @@ static struct async_scan_data *scsi_prep_async_scan(struct Scsi_Host *shost)
+ goto err;
+ init_completion(&data->prev_finished);
+
+- mutex_lock(&shost->scan_mutex);
+ spin_lock_irqsave(shost->host_lock, flags);
+ shost->async_scan = 1;
+ spin_unlock_irqrestore(shost->host_lock, flags);
+@@ -1768,6 +1768,7 @@ static struct async_scan_data *scsi_prep_async_scan(struct Scsi_Host *shost)
+ return data;
+
+ err:
++ mutex_unlock(&shost->scan_mutex);
+ kfree(data);
+ return NULL;
+ }
+--
+2.27.0
+
ftrace-fix-recursion-check-for-nmi-test.patch
ftrace-handle-tracing-when-switching-between-context.patch
tracing-fix-out-of-bounds-write-in-get_trace_buf.patch
+arm-dts-sun4i-a10-fix-cpu_alert-temperature.patch
+x86-kexec-use-up-to-dated-screen_info-copy-to-fill-b.patch
+of-fix-reserved-memory-overlap-detection.patch
+scsi-core-don-t-start-concurrent-async-scan-on-same-.patch
+vsock-use-ns_capable_noaudit-on-socket-create.patch
+nvme-rdma-handle-unexpected-nvme-completion-data-len.patch
+acpi-nfit-fix-comparison-to-enxio.patch
--- /dev/null
+From cbbdd73c4cdc5af3b61ad4a54724639d150201b9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 23 Oct 2020 16:37:57 +0200
+Subject: vsock: use ns_capable_noaudit() on socket create
+
+From: Jeff Vander Stoep <jeffv@google.com>
+
+[ Upstream commit af545bb5ee53f5261db631db2ac4cde54038bdaf ]
+
+During __vsock_create() CAP_NET_ADMIN is used to determine if the
+vsock_sock->trusted should be set to true. This value is used later
+for determing if a remote connection should be allowed to connect
+to a restricted VM. Unfortunately, if the caller doesn't have
+CAP_NET_ADMIN, an audit message such as an selinux denial is
+generated even if the caller does not want a trusted socket.
+
+Logging errors on success is confusing. To avoid this, switch the
+capable(CAP_NET_ADMIN) check to the noaudit version.
+
+Reported-by: Roman Kiryanov <rkir@google.com>
+https://android-review.googlesource.com/c/device/generic/goldfish/+/1468545/
+Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
+Reviewed-by: James Morris <jamorris@linux.microsoft.com>
+Link: https://lore.kernel.org/r/20201023143757.377574-1-jeffv@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/vmw_vsock/af_vsock.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
+index d6473b8d9a81a..3a2543b9701a9 100644
+--- a/net/vmw_vsock/af_vsock.c
++++ b/net/vmw_vsock/af_vsock.c
+@@ -651,7 +651,7 @@ struct sock *__vsock_create(struct net *net,
+ vsk->owner = get_cred(psk->owner);
+ vsk->connect_timeout = psk->connect_timeout;
+ } else {
+- vsk->trusted = capable(CAP_NET_ADMIN);
++ vsk->trusted = ns_capable_noaudit(&init_user_ns, CAP_NET_ADMIN);
+ vsk->owner = get_current_cred();
+ vsk->connect_timeout = VSOCK_DEFAULT_CONNECT_TIMEOUT;
+ }
+--
+2.27.0
+
--- /dev/null
+From e2894edc48c4480fa548ffc2a459d0b0b5c198f9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 14 Oct 2020 17:24:28 +0800
+Subject: x86/kexec: Use up-to-dated screen_info copy to fill boot params
+
+From: Kairui Song <kasong@redhat.com>
+
+[ Upstream commit afc18069a2cb7ead5f86623a5f3d4ad6e21f940d ]
+
+kexec_file_load() currently reuses the old boot_params.screen_info,
+but if drivers have change the hardware state, boot_param.screen_info
+could contain invalid info.
+
+For example, the video type might be no longer VGA, or the frame buffer
+address might be changed. If the kexec kernel keeps using the old screen_info,
+kexec'ed kernel may attempt to write to an invalid framebuffer
+memory region.
+
+There are two screen_info instances globally available, boot_params.screen_info
+and screen_info. Later one is a copy, and is updated by drivers.
+
+So let kexec_file_load use the updated copy.
+
+[ mingo: Tidied up the changelog. ]
+
+Signed-off-by: Kairui Song <kasong@redhat.com>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Link: https://lore.kernel.org/r/20201014092429.1415040-2-kasong@redhat.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/kexec-bzimage64.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/arch/x86/kernel/kexec-bzimage64.c b/arch/x86/kernel/kexec-bzimage64.c
+index 167ecc270ca55..316c05b8b728b 100644
+--- a/arch/x86/kernel/kexec-bzimage64.c
++++ b/arch/x86/kernel/kexec-bzimage64.c
+@@ -211,8 +211,7 @@ setup_boot_parameters(struct kimage *image, struct boot_params *params,
+ params->hdr.hardware_subarch = boot_params.hdr.hardware_subarch;
+
+ /* Copying screen_info will do? */
+- memcpy(¶ms->screen_info, &boot_params.screen_info,
+- sizeof(struct screen_info));
++ memcpy(¶ms->screen_info, &screen_info, sizeof(struct screen_info));
+
+ /* Fill in memsize later */
+ params->screen_info.ext_mem_k = 0;
+--
+2.27.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
