--- /dev/null
+From cec9d101d70a3509da9bd2e601e0b242154ce616 Mon Sep 17 00:00:00 2001
+From: Justin Swartz <justin.swartz@risingedge.co.za>
+Date: Tue, 14 Jan 2020 16:25:02 +0000
+Subject: clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
+
+From: Justin Swartz <justin.swartz@risingedge.co.za>
+
+commit cec9d101d70a3509da9bd2e601e0b242154ce616 upstream.
+
+The following changes prevent the unrecoverable freezes and rcu_sched
+stall warnings experienced in each of my attempts to take advantage of
+lima.
+
+Replace the COMPOSITE_NOGATE definition of aclk_gpu_pre with a
+COMPOSITE that retains the selection of HDMIPHY as the PLL source, but
+instead makes uses of the aclk_gpu PLL source gate and parent names
+defined by mux_pll_src_4plls_p rather than mux_aclk_gpu_pre_p.
+
+Remove the now unused mux_aclk_gpu_pre_p and the four named but also
+unused definitions (cpll_gpu, gpll_gpu, hdmiphy_gpu and usb480m_gpu)
+of the aclk_gpu PLL source gate.
+
+Use the correct gate offset for aclk_gpu and aclk_gpu_noc.
+
+Fixes: 307a2e9ac524 ("clk: rockchip: add clock controller for rk3228")
+Cc: stable@vger.kernel.org
+Signed-off-by: Justin Swartz <justin.swartz@risingedge.co.za>
+[double-checked against SoC manual and added fixes tag]
+Link: https://lore.kernel.org/r/20200114162503.7548-1-justin.swartz@risingedge.co.za
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/clk/rockchip/clk-rk3228.c | 17 ++++-------------
+ 1 file changed, 4 insertions(+), 13 deletions(-)
+
+--- a/drivers/clk/rockchip/clk-rk3228.c
++++ b/drivers/clk/rockchip/clk-rk3228.c
+@@ -156,8 +156,6 @@ PNAME(mux_i2s_out_p) = { "i2s1_pre", "x
+ PNAME(mux_i2s2_p) = { "i2s2_src", "i2s2_frac", "xin12m" };
+ PNAME(mux_sclk_spdif_p) = { "sclk_spdif_src", "spdif_frac", "xin12m" };
+
+-PNAME(mux_aclk_gpu_pre_p) = { "cpll_gpu", "gpll_gpu", "hdmiphy_gpu", "usb480m_gpu" };
+-
+ PNAME(mux_uart0_p) = { "uart0_src", "uart0_frac", "xin24m" };
+ PNAME(mux_uart1_p) = { "uart1_src", "uart1_frac", "xin24m" };
+ PNAME(mux_uart2_p) = { "uart2_src", "uart2_frac", "xin24m" };
+@@ -468,16 +466,9 @@ static struct rockchip_clk_branch rk3228
+ RK2928_CLKSEL_CON(24), 6, 10, DFLAGS,
+ RK2928_CLKGATE_CON(2), 8, GFLAGS),
+
+- GATE(0, "cpll_gpu", "cpll", 0,
+- RK2928_CLKGATE_CON(3), 13, GFLAGS),
+- GATE(0, "gpll_gpu", "gpll", 0,
+- RK2928_CLKGATE_CON(3), 13, GFLAGS),
+- GATE(0, "hdmiphy_gpu", "hdmiphy", 0,
+- RK2928_CLKGATE_CON(3), 13, GFLAGS),
+- GATE(0, "usb480m_gpu", "usb480m", 0,
++ COMPOSITE(0, "aclk_gpu_pre", mux_pll_src_4plls_p, 0,
++ RK2928_CLKSEL_CON(34), 5, 2, MFLAGS, 0, 5, DFLAGS,
+ RK2928_CLKGATE_CON(3), 13, GFLAGS),
+- COMPOSITE_NOGATE(0, "aclk_gpu_pre", mux_aclk_gpu_pre_p, 0,
+- RK2928_CLKSEL_CON(34), 5, 2, MFLAGS, 0, 5, DFLAGS),
+
+ COMPOSITE(SCLK_SPI0, "sclk_spi0", mux_pll_src_2plls_p, 0,
+ RK2928_CLKSEL_CON(25), 8, 1, MFLAGS, 0, 7, DFLAGS,
+@@ -582,8 +573,8 @@ static struct rockchip_clk_branch rk3228
+ GATE(0, "pclk_peri_noc", "pclk_peri", CLK_IGNORE_UNUSED, RK2928_CLKGATE_CON(12), 2, GFLAGS),
+
+ /* PD_GPU */
+- GATE(ACLK_GPU, "aclk_gpu", "aclk_gpu_pre", 0, RK2928_CLKGATE_CON(13), 14, GFLAGS),
+- GATE(0, "aclk_gpu_noc", "aclk_gpu_pre", 0, RK2928_CLKGATE_CON(13), 15, GFLAGS),
++ GATE(ACLK_GPU, "aclk_gpu", "aclk_gpu_pre", 0, RK2928_CLKGATE_CON(7), 14, GFLAGS),
++ GATE(0, "aclk_gpu_noc", "aclk_gpu_pre", 0, RK2928_CLKGATE_CON(7), 15, GFLAGS),
+
+ /* PD_BUS */
+ GATE(0, "sclk_initmem_mbist", "aclk_cpu", 0, RK2928_CLKGATE_CON(8), 1, GFLAGS),
--- /dev/null
+From 00e21763f2c8cab21b7befa52996d1b18bde5c42 Mon Sep 17 00:00:00 2001
+From: John Stultz <john.stultz@linaro.org>
+Date: Mon, 4 May 2020 23:12:15 +0000
+Subject: dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg()
+
+From: John Stultz <john.stultz@linaro.org>
+
+commit 00e21763f2c8cab21b7befa52996d1b18bde5c42 upstream.
+
+The check for the HWO flag in dwc3_gadget_ep_reclaim_trb_sg()
+causes us to break out of the loop before we call
+dwc3_gadget_ep_reclaim_completed_trb(), which is what likely
+should be clearing the HWO flag.
+
+This can cause odd behavior where we never reclaim all the trbs
+in the sg list, so we never call giveback on a usb req, and that
+will causes transfer stalls.
+
+This effectively resovles the adb stalls seen on HiKey960
+after userland changes started only using AIO in adbd.
+
+Cc: YongQin Liu <yongqin.liu@linaro.org>
+Cc: Anurag Kumar Vulisha <anurag.kumar.vulisha@xilinx.com>
+Cc: Yang Fei <fei.yang@intel.com>
+Cc: Thinh Nguyen <thinhn@synopsys.com>
+Cc: Tejas Joglekar <tejas.joglekar@synopsys.com>
+Cc: Andrzej Pietrasiewicz <andrzej.p@collabora.com>
+Cc: Jack Pham <jackp@codeaurora.org>
+Cc: Josh Gao <jmgao@google.com>
+Cc: Todd Kjos <tkjos@google.com>
+Cc: Felipe Balbi <balbi@kernel.org>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: linux-usb@vger.kernel.org
+Cc: stable@vger.kernel.org #4.20+
+Signed-off-by: John Stultz <john.stultz@linaro.org>
+Signed-off-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/dwc3/gadget.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/drivers/usb/dwc3/gadget.c
++++ b/drivers/usb/dwc3/gadget.c
+@@ -2480,9 +2480,6 @@ static int dwc3_gadget_ep_reclaim_trb_sg
+ for_each_sg(sg, s, pending, i) {
+ trb = &dep->trb_pool[dep->trb_dequeue];
+
+- if (trb->ctrl & DWC3_TRB_CTRL_HWO)
+- break;
+-
+ req->sg = sg_next(s);
+ req->num_pending_sgs--;
+
--- /dev/null
+From f87d1c9559164294040e58f5e3b74a162bf7c6e8 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Sat, 16 May 2020 16:29:20 -0500
+Subject: exec: Move would_dump into flush_old_exec
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit f87d1c9559164294040e58f5e3b74a162bf7c6e8 upstream.
+
+I goofed when I added mm->user_ns support to would_dump. I missed the
+fact that in the case of binfmt_loader, binfmt_em86, binfmt_misc, and
+binfmt_script bprm->file is reassigned. Which made the move of
+would_dump from setup_new_exec to __do_execve_file before exec_binprm
+incorrect as it can result in would_dump running on the script instead
+of the interpreter of the script.
+
+The net result is that the code stopped making unreadable interpreters
+undumpable. Which allows them to be ptraced and written to disk
+without special permissions. Oops.
+
+The move was necessary because the call in set_new_exec was after
+bprm->mm was no longer valid.
+
+To correct this mistake move the misplaced would_dump from
+__do_execve_file into flos_old_exec, before exec_mmap is called.
+
+I tested and confirmed that without this fix I can attach with gdb to
+a script with an unreadable interpreter, and with this fix I can not.
+
+Cc: stable@vger.kernel.org
+Fixes: f84df2a6f268 ("exec: Ensure mm->user_ns contains the execed files")
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/exec.c
++++ b/fs/exec.c
+@@ -1274,6 +1274,8 @@ int flush_old_exec(struct linux_binprm *
+ */
+ set_mm_exe_file(bprm->mm, bprm->file);
+
++ would_dump(bprm, bprm->file);
++
+ /*
+ * Release all of the old mmap stuff
+ */
+@@ -1817,8 +1819,6 @@ static int __do_execve_file(int fd, stru
+ if (retval < 0)
+ goto out;
+
+- would_dump(bprm, bprm->file);
+-
+ retval = exec_binprm(bprm);
+ if (retval < 0)
+ goto out;
powerpc-32s-fix-build-failure-with-config_ppc_kuap_debug.patch
cifs-fix-leaked-reference-on-requeued-write.patch
x86-fix-early-boot-crash-on-gcc-10-third-try.patch
+x86-unwind-orc-fix-error-handling-in-__unwind_start.patch
+exec-move-would_dump-into-flush_old_exec.patch
+clk-rockchip-fix-incorrect-configuration-of-rk3228-aclk_gpu-clocks.patch
+dwc3-remove-check-for-hwo-flag-in-dwc3_gadget_ep_reclaim_trb_sg.patch
--- /dev/null
+From 71c95825289f585014fe9741b051d32a7a916680 Mon Sep 17 00:00:00 2001
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+Date: Thu, 14 May 2020 15:31:10 -0500
+Subject: x86/unwind/orc: Fix error handling in __unwind_start()
+
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+
+commit 71c95825289f585014fe9741b051d32a7a916680 upstream.
+
+The unwind_state 'error' field is used to inform the reliable unwinding
+code that the stack trace can't be trusted. Set this field for all
+errors in __unwind_start().
+
+Also, move the zeroing out of the unwind_state struct to before the ORC
+table initialization check, to prevent the caller from reading
+uninitialized data if the ORC table is corrupted.
+
+Fixes: af085d9084b4 ("stacktrace/x86: add function for detecting reliable stack traces")
+Fixes: d3a09104018c ("x86/unwinder/orc: Dont bail on stack overflow")
+Fixes: 98d0c8ebf77e ("x86/unwind/orc: Prevent unwinding before ORC initialization")
+Reported-by: Pavel Machek <pavel@denx.de>
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/d6ac7215a84ca92b895fdd2e1aa546729417e6e6.1589487277.git.jpoimboe@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/unwind_orc.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/kernel/unwind_orc.c
++++ b/arch/x86/kernel/unwind_orc.c
+@@ -608,23 +608,23 @@ EXPORT_SYMBOL_GPL(unwind_next_frame);
+ void __unwind_start(struct unwind_state *state, struct task_struct *task,
+ struct pt_regs *regs, unsigned long *first_frame)
+ {
+- if (!orc_init)
+- goto done;
+-
+ memset(state, 0, sizeof(*state));
+ state->task = task;
+
++ if (!orc_init)
++ goto err;
++
+ /*
+ * Refuse to unwind the stack of a task while it's executing on another
+ * CPU. This check is racy, but that's ok: the unwinder has other
+ * checks to prevent it from going off the rails.
+ */
+ if (task_on_another_cpu(task))
+- goto done;
++ goto err;
+
+ if (regs) {
+ if (user_mode(regs))
+- goto done;
++ goto the_end;
+
+ state->ip = regs->ip;
+ state->sp = regs->sp;
+@@ -657,6 +657,7 @@ void __unwind_start(struct unwind_state
+ * generate some kind of backtrace if this happens.
+ */
+ void *next_page = (void *)PAGE_ALIGN((unsigned long)state->sp);
++ state->error = true;
+ if (get_stack_info(next_page, state->task, &state->stack_info,
+ &state->stack_mask))
+ return;
+@@ -682,8 +683,9 @@ void __unwind_start(struct unwind_state
+
+ return;
+
+-done:
++err:
++ state->error = true;
++the_end:
+ state->stack_info.type = STACK_TYPE_UNKNOWN;
+- return;
+ }
+ EXPORT_SYMBOL_GPL(__unwind_start);
projects / thirdparty / kernel / stable-queue.git / commitdiff
