From: Greg Kroah-Hartman Date: Mon, 18 May 2020 13:57:46 +0000 (+0200) Subject: 5.6-stable patches X-Git-Tag: v4.4.224~21 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=00e02054de8553134b2a3b27e0152d210a250032;p=thirdparty%2Fkernel%2Fstable-queue.git 5.6-stable patches added patches: clk-rockchip-fix-incorrect-configuration-of-rk3228-aclk_gpu-clocks.patch dwc3-remove-check-for-hwo-flag-in-dwc3_gadget_ep_reclaim_trb_sg.patch exec-move-would_dump-into-flush_old_exec.patch x86-unwind-orc-fix-error-handling-in-__unwind_start.patch --- diff --git a/queue-5.6/clk-rockchip-fix-incorrect-configuration-of-rk3228-aclk_gpu-clocks.patch b/queue-5.6/clk-rockchip-fix-incorrect-configuration-of-rk3228-aclk_gpu-clocks.patch new file mode 100644 index 00000000000..46d1e2a837f --- /dev/null +++ b/queue-5.6/clk-rockchip-fix-incorrect-configuration-of-rk3228-aclk_gpu-clocks.patch @@ -0,0 +1,77 @@ +From cec9d101d70a3509da9bd2e601e0b242154ce616 Mon Sep 17 00:00:00 2001 +From: Justin Swartz +Date: Tue, 14 Jan 2020 16:25:02 +0000 +Subject: clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks + +From: Justin Swartz + +commit cec9d101d70a3509da9bd2e601e0b242154ce616 upstream. + +The following changes prevent the unrecoverable freezes and rcu_sched +stall warnings experienced in each of my attempts to take advantage of +lima. + +Replace the COMPOSITE_NOGATE definition of aclk_gpu_pre with a +COMPOSITE that retains the selection of HDMIPHY as the PLL source, but +instead makes uses of the aclk_gpu PLL source gate and parent names +defined by mux_pll_src_4plls_p rather than mux_aclk_gpu_pre_p. + +Remove the now unused mux_aclk_gpu_pre_p and the four named but also +unused definitions (cpll_gpu, gpll_gpu, hdmiphy_gpu and usb480m_gpu) +of the aclk_gpu PLL source gate. + +Use the correct gate offset for aclk_gpu and aclk_gpu_noc. + +Fixes: 307a2e9ac524 ("clk: rockchip: add clock controller for rk3228") +Cc: stable@vger.kernel.org +Signed-off-by: Justin Swartz +[double-checked against SoC manual and added fixes tag] +Link: https://lore.kernel.org/r/20200114162503.7548-1-justin.swartz@risingedge.co.za +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/rockchip/clk-rk3228.c | 17 ++++------------- + 1 file changed, 4 insertions(+), 13 deletions(-) + +--- a/drivers/clk/rockchip/clk-rk3228.c ++++ b/drivers/clk/rockchip/clk-rk3228.c +@@ -156,8 +156,6 @@ PNAME(mux_i2s_out_p) = { "i2s1_pre", "x + PNAME(mux_i2s2_p) = { "i2s2_src", "i2s2_frac", "xin12m" }; + PNAME(mux_sclk_spdif_p) = { "sclk_spdif_src", "spdif_frac", "xin12m" }; + +-PNAME(mux_aclk_gpu_pre_p) = { "cpll_gpu", "gpll_gpu", "hdmiphy_gpu", "usb480m_gpu" }; +- + PNAME(mux_uart0_p) = { "uart0_src", "uart0_frac", "xin24m" }; + PNAME(mux_uart1_p) = { "uart1_src", "uart1_frac", "xin24m" }; + PNAME(mux_uart2_p) = { "uart2_src", "uart2_frac", "xin24m" }; +@@ -468,16 +466,9 @@ static struct rockchip_clk_branch rk3228 + RK2928_CLKSEL_CON(24), 6, 10, DFLAGS, + RK2928_CLKGATE_CON(2), 8, GFLAGS), + +- GATE(0, "cpll_gpu", "cpll", 0, +- RK2928_CLKGATE_CON(3), 13, GFLAGS), +- GATE(0, "gpll_gpu", "gpll", 0, +- RK2928_CLKGATE_CON(3), 13, GFLAGS), +- GATE(0, "hdmiphy_gpu", "hdmiphy", 0, +- RK2928_CLKGATE_CON(3), 13, GFLAGS), +- GATE(0, "usb480m_gpu", "usb480m", 0, ++ COMPOSITE(0, "aclk_gpu_pre", mux_pll_src_4plls_p, 0, ++ RK2928_CLKSEL_CON(34), 5, 2, MFLAGS, 0, 5, DFLAGS, + RK2928_CLKGATE_CON(3), 13, GFLAGS), +- COMPOSITE_NOGATE(0, "aclk_gpu_pre", mux_aclk_gpu_pre_p, 0, +- RK2928_CLKSEL_CON(34), 5, 2, MFLAGS, 0, 5, DFLAGS), + + COMPOSITE(SCLK_SPI0, "sclk_spi0", mux_pll_src_2plls_p, 0, + RK2928_CLKSEL_CON(25), 8, 1, MFLAGS, 0, 7, DFLAGS, +@@ -582,8 +573,8 @@ static struct rockchip_clk_branch rk3228 + GATE(0, "pclk_peri_noc", "pclk_peri", CLK_IGNORE_UNUSED, RK2928_CLKGATE_CON(12), 2, GFLAGS), + + /* PD_GPU */ +- GATE(ACLK_GPU, "aclk_gpu", "aclk_gpu_pre", 0, RK2928_CLKGATE_CON(13), 14, GFLAGS), +- GATE(0, "aclk_gpu_noc", "aclk_gpu_pre", 0, RK2928_CLKGATE_CON(13), 15, GFLAGS), ++ GATE(ACLK_GPU, "aclk_gpu", "aclk_gpu_pre", 0, RK2928_CLKGATE_CON(7), 14, GFLAGS), ++ GATE(0, "aclk_gpu_noc", "aclk_gpu_pre", 0, RK2928_CLKGATE_CON(7), 15, GFLAGS), + + /* PD_BUS */ + GATE(0, "sclk_initmem_mbist", "aclk_cpu", 0, RK2928_CLKGATE_CON(8), 1, GFLAGS), diff --git a/queue-5.6/dwc3-remove-check-for-hwo-flag-in-dwc3_gadget_ep_reclaim_trb_sg.patch b/queue-5.6/dwc3-remove-check-for-hwo-flag-in-dwc3_gadget_ep_reclaim_trb_sg.patch new file mode 100644 index 00000000000..3b29386eb69 --- /dev/null +++ b/queue-5.6/dwc3-remove-check-for-hwo-flag-in-dwc3_gadget_ep_reclaim_trb_sg.patch @@ -0,0 +1,54 @@ +From 00e21763f2c8cab21b7befa52996d1b18bde5c42 Mon Sep 17 00:00:00 2001 +From: John Stultz +Date: Mon, 4 May 2020 23:12:15 +0000 +Subject: dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg() + +From: John Stultz + +commit 00e21763f2c8cab21b7befa52996d1b18bde5c42 upstream. + +The check for the HWO flag in dwc3_gadget_ep_reclaim_trb_sg() +causes us to break out of the loop before we call +dwc3_gadget_ep_reclaim_completed_trb(), which is what likely +should be clearing the HWO flag. + +This can cause odd behavior where we never reclaim all the trbs +in the sg list, so we never call giveback on a usb req, and that +will causes transfer stalls. + +This effectively resovles the adb stalls seen on HiKey960 +after userland changes started only using AIO in adbd. + +Cc: YongQin Liu +Cc: Anurag Kumar Vulisha +Cc: Yang Fei +Cc: Thinh Nguyen +Cc: Tejas Joglekar +Cc: Andrzej Pietrasiewicz +Cc: Jack Pham +Cc: Josh Gao +Cc: Todd Kjos +Cc: Felipe Balbi +Cc: Greg Kroah-Hartman +Cc: linux-usb@vger.kernel.org +Cc: stable@vger.kernel.org #4.20+ +Signed-off-by: John Stultz +Signed-off-by: Felipe Balbi +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/dwc3/gadget.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -2483,9 +2483,6 @@ static int dwc3_gadget_ep_reclaim_trb_sg + for_each_sg(sg, s, pending, i) { + trb = &dep->trb_pool[dep->trb_dequeue]; + +- if (trb->ctrl & DWC3_TRB_CTRL_HWO) +- break; +- + req->sg = sg_next(s); + req->num_pending_sgs--; + diff --git a/queue-5.6/exec-move-would_dump-into-flush_old_exec.patch b/queue-5.6/exec-move-would_dump-into-flush_old_exec.patch new file mode 100644 index 00000000000..7e60ba7c5f7 --- /dev/null +++ b/queue-5.6/exec-move-would_dump-into-flush_old_exec.patch @@ -0,0 +1,58 @@ +From f87d1c9559164294040e58f5e3b74a162bf7c6e8 Mon Sep 17 00:00:00 2001 +From: "Eric W. Biederman" +Date: Sat, 16 May 2020 16:29:20 -0500 +Subject: exec: Move would_dump into flush_old_exec + +From: Eric W. Biederman + +commit f87d1c9559164294040e58f5e3b74a162bf7c6e8 upstream. + +I goofed when I added mm->user_ns support to would_dump. I missed the +fact that in the case of binfmt_loader, binfmt_em86, binfmt_misc, and +binfmt_script bprm->file is reassigned. Which made the move of +would_dump from setup_new_exec to __do_execve_file before exec_binprm +incorrect as it can result in would_dump running on the script instead +of the interpreter of the script. + +The net result is that the code stopped making unreadable interpreters +undumpable. Which allows them to be ptraced and written to disk +without special permissions. Oops. + +The move was necessary because the call in set_new_exec was after +bprm->mm was no longer valid. + +To correct this mistake move the misplaced would_dump from +__do_execve_file into flos_old_exec, before exec_mmap is called. + +I tested and confirmed that without this fix I can attach with gdb to +a script with an unreadable interpreter, and with this fix I can not. + +Cc: stable@vger.kernel.org +Fixes: f84df2a6f268 ("exec: Ensure mm->user_ns contains the execed files") +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Greg Kroah-Hartman + +--- + fs/exec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/exec.c ++++ b/fs/exec.c +@@ -1277,6 +1277,8 @@ int flush_old_exec(struct linux_binprm * + */ + set_mm_exe_file(bprm->mm, bprm->file); + ++ would_dump(bprm, bprm->file); ++ + /* + * Release all of the old mmap stuff + */ +@@ -1820,8 +1822,6 @@ static int __do_execve_file(int fd, stru + if (retval < 0) + goto out; + +- would_dump(bprm, bprm->file); +- + retval = exec_binprm(bprm); + if (retval < 0) + goto out; diff --git a/queue-5.6/series b/queue-5.6/series index e6b4f525b1f..ab9f9d39799 100644 --- a/queue-5.6/series +++ b/queue-5.6/series @@ -156,3 +156,7 @@ powerpc-32s-fix-build-failure-with-config_ppc_kuap_debug.patch cifs-fix-leaked-reference-on-requeued-write.patch kvm-x86-fix-pkru-save-restore-when-guest-cr4.pke-0-move-it-to-x86.c.patch x86-fix-early-boot-crash-on-gcc-10-third-try.patch +x86-unwind-orc-fix-error-handling-in-__unwind_start.patch +exec-move-would_dump-into-flush_old_exec.patch +clk-rockchip-fix-incorrect-configuration-of-rk3228-aclk_gpu-clocks.patch +dwc3-remove-check-for-hwo-flag-in-dwc3_gadget_ep_reclaim_trb_sg.patch diff --git a/queue-5.6/x86-unwind-orc-fix-error-handling-in-__unwind_start.patch b/queue-5.6/x86-unwind-orc-fix-error-handling-in-__unwind_start.patch new file mode 100644 index 00000000000..e4c431decdb --- /dev/null +++ b/queue-5.6/x86-unwind-orc-fix-error-handling-in-__unwind_start.patch @@ -0,0 +1,81 @@ +From 71c95825289f585014fe9741b051d32a7a916680 Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Thu, 14 May 2020 15:31:10 -0500 +Subject: x86/unwind/orc: Fix error handling in __unwind_start() + +From: Josh Poimboeuf + +commit 71c95825289f585014fe9741b051d32a7a916680 upstream. + +The unwind_state 'error' field is used to inform the reliable unwinding +code that the stack trace can't be trusted. Set this field for all +errors in __unwind_start(). + +Also, move the zeroing out of the unwind_state struct to before the ORC +table initialization check, to prevent the caller from reading +uninitialized data if the ORC table is corrupted. + +Fixes: af085d9084b4 ("stacktrace/x86: add function for detecting reliable stack traces") +Fixes: d3a09104018c ("x86/unwinder/orc: Dont bail on stack overflow") +Fixes: 98d0c8ebf77e ("x86/unwind/orc: Prevent unwinding before ORC initialization") +Reported-by: Pavel Machek +Signed-off-by: Josh Poimboeuf +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/d6ac7215a84ca92b895fdd2e1aa546729417e6e6.1589487277.git.jpoimboe@redhat.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/unwind_orc.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +--- a/arch/x86/kernel/unwind_orc.c ++++ b/arch/x86/kernel/unwind_orc.c +@@ -611,23 +611,23 @@ EXPORT_SYMBOL_GPL(unwind_next_frame); + void __unwind_start(struct unwind_state *state, struct task_struct *task, + struct pt_regs *regs, unsigned long *first_frame) + { +- if (!orc_init) +- goto done; +- + memset(state, 0, sizeof(*state)); + state->task = task; + ++ if (!orc_init) ++ goto err; ++ + /* + * Refuse to unwind the stack of a task while it's executing on another + * CPU. This check is racy, but that's ok: the unwinder has other + * checks to prevent it from going off the rails. + */ + if (task_on_another_cpu(task)) +- goto done; ++ goto err; + + if (regs) { + if (user_mode(regs)) +- goto done; ++ goto the_end; + + state->ip = regs->ip; + state->sp = regs->sp; +@@ -660,6 +660,7 @@ void __unwind_start(struct unwind_state + * generate some kind of backtrace if this happens. + */ + void *next_page = (void *)PAGE_ALIGN((unsigned long)state->sp); ++ state->error = true; + if (get_stack_info(next_page, state->task, &state->stack_info, + &state->stack_mask)) + return; +@@ -685,8 +686,9 @@ void __unwind_start(struct unwind_state + + return; + +-done: ++err: ++ state->error = true; ++the_end: + state->stack_info.type = STACK_TYPE_UNKNOWN; +- return; + } + EXPORT_SYMBOL_GPL(__unwind_start);