From: Greg Kroah-Hartman Date: Fri, 19 Jun 2020 14:03:34 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.4.228~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=21a21125f1ab83a9c9eebbf2b81eb6ae9d32afe9;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch dm-crypt-avoid-truncating-the-logical-block-size.patch drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch kbuild-force-to-build-vmlinux-if-config_modversion-y.patch kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch mtd-rawnand-brcmnand-fix-hamming-oob-layout.patch mtd-rawnand-pasemi-fix-the-probe-error-path.patch pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch power-vexpress-add-suppress_bind_attrs-to-true.patch powerpc-64s-don-t-let-dt-cpu-features-set-fscr_dscr.patch powerpc-64s-save-fscr-to-init_task.thread.fscr-after-feature-init.patch sparc32-fix-register-window-handling-in-genregs32_et.patch sparc64-fix-misuses-of-access_process_vm-in-genregs32_et.patch sunrpc-clean-up-properly-in-gss_mech_unregister.patch sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch --- diff --git a/queue-4.14/arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch b/queue-4.14/arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch new file mode 100644 index 00000000000..af9d47ccd58 --- /dev/null +++ b/queue-4.14/arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch @@ -0,0 +1,42 @@ +From 35509737c8f958944e059d501255a0bf18361ba0 Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Fri, 13 Mar 2020 12:01:04 +0300 +Subject: ARM: tegra: Correct PL310 Auxiliary Control Register initialization + +From: Dmitry Osipenko + +commit 35509737c8f958944e059d501255a0bf18361ba0 upstream. + +The PL310 Auxiliary Control Register shouldn't have the "Full line of +zero" optimization bit being set before L2 cache is enabled. The L2X0 +driver takes care of enabling the optimization by itself. + +This patch fixes a noisy error message on Tegra20 and Tegra30 telling +that cache optimization is erroneously enabled without enabling it for +the CPU: + + L2C-310: enabling full line of zeros but not enabled in Cortex-A9 + +Cc: +Signed-off-by: Dmitry Osipenko +Tested-by: Nicolas Chauvet +Signed-off-by: Thierry Reding +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-tegra/tegra.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm/mach-tegra/tegra.c ++++ b/arch/arm/mach-tegra/tegra.c +@@ -108,8 +108,8 @@ static const char * const tegra_dt_board + }; + + DT_MACHINE_START(TEGRA_DT, "NVIDIA Tegra SoC (Flattened Device Tree)") +- .l2c_aux_val = 0x3c400001, +- .l2c_aux_mask = 0xc20fc3fe, ++ .l2c_aux_val = 0x3c400000, ++ .l2c_aux_mask = 0xc20fc3ff, + .smp = smp_ops(tegra_smp_ops), + .map_io = tegra_map_common_io, + .init_early = tegra_init_early, diff --git a/queue-4.14/dm-crypt-avoid-truncating-the-logical-block-size.patch b/queue-4.14/dm-crypt-avoid-truncating-the-logical-block-size.patch new file mode 100644 index 00000000000..73672ba2be0 --- /dev/null +++ b/queue-4.14/dm-crypt-avoid-truncating-the-logical-block-size.patch @@ -0,0 +1,35 @@ +From 64611a15ca9da91ff532982429c44686f4593b5f Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 4 Jun 2020 12:01:26 -0700 +Subject: dm crypt: avoid truncating the logical block size + +From: Eric Biggers + +commit 64611a15ca9da91ff532982429c44686f4593b5f upstream. + +queue_limits::logical_block_size got changed from unsigned short to +unsigned int, but it was forgotten to update crypt_io_hints() to use the +new type. Fix it. + +Fixes: ad6bf88a6c19 ("block: fix an integer overflow in logical block size") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Reviewed-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm-crypt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -3088,7 +3088,7 @@ static void crypt_io_hints(struct dm_tar + limits->max_segment_size = PAGE_SIZE; + + limits->logical_block_size = +- max_t(unsigned short, limits->logical_block_size, cc->sector_size); ++ max_t(unsigned, limits->logical_block_size, cc->sector_size); + limits->physical_block_size = + max_t(unsigned, limits->physical_block_size, cc->sector_size); + limits->io_min = max_t(unsigned, limits->io_min, cc->sector_size); diff --git a/queue-4.14/drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch b/queue-4.14/drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch new file mode 100644 index 00000000000..056c1ee6e50 --- /dev/null +++ b/queue-4.14/drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch @@ -0,0 +1,100 @@ +From 93900337b9ac2f4eca427eff6d187be2dc3b5551 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Thu, 23 Apr 2020 16:00:38 +1000 +Subject: drivers/macintosh: Fix memleak in windfarm_pm112 driver + +From: Michael Ellerman + +commit 93900337b9ac2f4eca427eff6d187be2dc3b5551 upstream. + +create_cpu_loop() calls smu_sat_get_sdb_partition() which does +kmalloc() and returns the allocated buffer. In fact it's called twice, +and neither buffer is freed. + +This results in a memory leak as reported by Erhard: + unreferenced object 0xc00000047081f840 (size 32): + comm "kwindfarm", pid 203, jiffies 4294880630 (age 5552.877s) + hex dump (first 32 bytes): + c8 06 02 7f ff 02 ff 01 fb bf 00 41 00 20 00 00 ...........A. .. + 00 07 89 37 00 a0 00 00 00 00 00 00 00 00 00 00 ...7............ + backtrace: + [<0000000083f0a65c>] .smu_sat_get_sdb_partition+0xc4/0x2d0 [windfarm_smu_sat] + [<000000003010fcb7>] .pm112_wf_notify+0x104c/0x13bc [windfarm_pm112] + [<00000000b958b2dd>] .notifier_call_chain+0xa8/0x180 + [<0000000070490868>] .blocking_notifier_call_chain+0x64/0x90 + [<00000000131d8149>] .wf_thread_func+0x114/0x1a0 + [<000000000d54838d>] .kthread+0x13c/0x190 + [<00000000669b72bc>] .ret_from_kernel_thread+0x58/0x64 + unreferenced object 0xc0000004737089f0 (size 16): + comm "kwindfarm", pid 203, jiffies 4294880879 (age 5552.050s) + hex dump (first 16 bytes): + c4 04 01 7f 22 11 e0 e6 ff 55 7b 12 ec 11 00 00 ...."....U{..... + backtrace: + [<0000000083f0a65c>] .smu_sat_get_sdb_partition+0xc4/0x2d0 [windfarm_smu_sat] + [<00000000b94ef7e1>] .pm112_wf_notify+0x1294/0x13bc [windfarm_pm112] + [<00000000b958b2dd>] .notifier_call_chain+0xa8/0x180 + [<0000000070490868>] .blocking_notifier_call_chain+0x64/0x90 + [<00000000131d8149>] .wf_thread_func+0x114/0x1a0 + [<000000000d54838d>] .kthread+0x13c/0x190 + [<00000000669b72bc>] .ret_from_kernel_thread+0x58/0x64 + +Fix it by rearranging the logic so we deal with each buffer +separately, which then makes it easy to free the buffer once we're +done with it. + +Fixes: ac171c46667c ("[PATCH] powerpc: Thermal control for dual core G5s") +Cc: stable@vger.kernel.org # v2.6.16+ +Reported-by: Erhard F. +Signed-off-by: Michael Ellerman +Tested-by: Erhard F. +Link: https://lore.kernel.org/r/20200423060038.3308530-1-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/macintosh/windfarm_pm112.c | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +--- a/drivers/macintosh/windfarm_pm112.c ++++ b/drivers/macintosh/windfarm_pm112.c +@@ -133,14 +133,6 @@ static int create_cpu_loop(int cpu) + s32 tmax; + int fmin; + +- /* Get PID params from the appropriate SAT */ +- hdr = smu_sat_get_sdb_partition(chip, 0xC8 + core, NULL); +- if (hdr == NULL) { +- printk(KERN_WARNING"windfarm: can't get CPU PID fan config\n"); +- return -EINVAL; +- } +- piddata = (struct smu_sdbp_cpupiddata *)&hdr[1]; +- + /* Get FVT params to get Tmax; if not found, assume default */ + hdr = smu_sat_get_sdb_partition(chip, 0xC4 + core, NULL); + if (hdr) { +@@ -153,6 +145,16 @@ static int create_cpu_loop(int cpu) + if (tmax < cpu_all_tmax) + cpu_all_tmax = tmax; + ++ kfree(hdr); ++ ++ /* Get PID params from the appropriate SAT */ ++ hdr = smu_sat_get_sdb_partition(chip, 0xC8 + core, NULL); ++ if (hdr == NULL) { ++ printk(KERN_WARNING"windfarm: can't get CPU PID fan config\n"); ++ return -EINVAL; ++ } ++ piddata = (struct smu_sdbp_cpupiddata *)&hdr[1]; ++ + /* + * Darwin has a minimum fan speed of 1000 rpm for the 4-way and + * 515 for the 2-way. That appears to be overkill, so for now, +@@ -175,6 +177,9 @@ static int create_cpu_loop(int cpu) + pid.min = fmin; + + wf_cpu_pid_init(&cpu_pid[cpu], &pid); ++ ++ kfree(hdr); ++ + return 0; + } + diff --git a/queue-4.14/kbuild-force-to-build-vmlinux-if-config_modversion-y.patch b/queue-4.14/kbuild-force-to-build-vmlinux-if-config_modversion-y.patch new file mode 100644 index 00000000000..1f6e269371a --- /dev/null +++ b/queue-4.14/kbuild-force-to-build-vmlinux-if-config_modversion-y.patch @@ -0,0 +1,57 @@ +From 4b50c8c4eaf06a825d1c005c0b1b4a8307087b83 Mon Sep 17 00:00:00 2001 +From: Masahiro Yamada +Date: Sun, 31 May 2020 17:47:06 +0900 +Subject: kbuild: force to build vmlinux if CONFIG_MODVERSION=y + +From: Masahiro Yamada + +commit 4b50c8c4eaf06a825d1c005c0b1b4a8307087b83 upstream. + +This code does not work as stated in the comment. + +$(CONFIG_MODVERSIONS) is always empty because it is expanded before +include/config/auto.conf is included. Hence, 'make modules' with +CONFIG_MODVERSION=y cannot record the version CRCs. + +This has been broken since 2003, commit ("kbuild: Enable modules to be +build using the "make dir/" syntax"). [1] + +[1]: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=15c6240cdc44bbeef3c4797ec860f9765ef4f1a7 +Cc: linux-stable # v2.5.71+ +Signed-off-by: Masahiro Yamada +Signed-off-by: Greg Kroah-Hartman + +--- + Makefile | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -542,12 +542,8 @@ KBUILD_MODULES := + KBUILD_BUILTIN := 1 + + # If we have only "make modules", don't compile built-in objects. +-# When we're building modules with modversions, we need to consider +-# the built-in objects during the descend as well, in order to +-# make sure the checksums are up to date before we record them. +- + ifeq ($(MAKECMDGOALS),modules) +- KBUILD_BUILTIN := $(if $(CONFIG_MODVERSIONS),1) ++ KBUILD_BUILTIN := + endif + + # If we have "make modules", compile modules +@@ -1249,6 +1245,13 @@ ifdef CONFIG_MODULES + + all: modules + ++# When we're building modules with modversions, we need to consider ++# the built-in objects during the descend as well, in order to ++# make sure the checksums are up to date before we record them. ++ifdef CONFIG_MODVERSIONS ++ KBUILD_BUILTIN := 1 ++endif ++ + # Build modules + # + # A module can be listed more than once in obj-m resulting in diff --git a/queue-4.14/kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch b/queue-4.14/kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch new file mode 100644 index 00000000000..d40c79d87d5 --- /dev/null +++ b/queue-4.14/kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch @@ -0,0 +1,54 @@ +From b5945214b76a1f22929481724ffd448000ede914 Mon Sep 17 00:00:00 2001 +From: Douglas Anderson +Date: Mon, 4 May 2020 10:50:17 -0700 +Subject: kernel/cpu_pm: Fix uninitted local in cpu_pm + +From: Douglas Anderson + +commit b5945214b76a1f22929481724ffd448000ede914 upstream. + +cpu_pm_notify() is basically a wrapper of notifier_call_chain(). +notifier_call_chain() doesn't initialize *nr_calls to 0 before it +starts incrementing it--presumably it's up to the callers to do this. + +Unfortunately the callers of cpu_pm_notify() don't init *nr_calls. +This potentially means you could get too many or two few calls to +CPU_PM_ENTER_FAILED or CPU_CLUSTER_PM_ENTER_FAILED depending on the +luck of the stack. + +Let's fix this. + +Fixes: ab10023e0088 ("cpu_pm: Add cpu power management notifiers") +Cc: stable@vger.kernel.org +Cc: Rafael J. Wysocki +Reviewed-by: Stephen Boyd +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Douglas Anderson +Link: https://lore.kernel.org/r/20200504104917.v6.3.I2d44fc0053d019f239527a4e5829416714b7e299@changeid +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/cpu_pm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/cpu_pm.c ++++ b/kernel/cpu_pm.c +@@ -89,7 +89,7 @@ EXPORT_SYMBOL_GPL(cpu_pm_unregister_noti + */ + int cpu_pm_enter(void) + { +- int nr_calls; ++ int nr_calls = 0; + int ret = 0; + + ret = cpu_pm_notify(CPU_PM_ENTER, -1, &nr_calls); +@@ -140,7 +140,7 @@ EXPORT_SYMBOL_GPL(cpu_pm_exit); + */ + int cpu_cluster_pm_enter(void) + { +- int nr_calls; ++ int nr_calls = 0; + int ret = 0; + + ret = cpu_pm_notify(CPU_CLUSTER_PM_ENTER, -1, &nr_calls); diff --git a/queue-4.14/mtd-rawnand-brcmnand-fix-hamming-oob-layout.patch b/queue-4.14/mtd-rawnand-brcmnand-fix-hamming-oob-layout.patch new file mode 100644 index 00000000000..5bf5038e58d --- /dev/null +++ b/queue-4.14/mtd-rawnand-brcmnand-fix-hamming-oob-layout.patch @@ -0,0 +1,46 @@ +From 130bbde4809b011faf64f99dddc14b4b01f440c3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= +Date: Tue, 12 May 2020 09:57:32 +0200 +Subject: mtd: rawnand: brcmnand: fix hamming oob layout +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Álvaro Fernández Rojas + +commit 130bbde4809b011faf64f99dddc14b4b01f440c3 upstream. + +First 2 bytes are used in large-page nand. + +Fixes: ef5eeea6e911 ("mtd: nand: brcm: switch to mtd_ooblayout_ops") +Cc: stable@vger.kernel.org +Signed-off-by: Álvaro Fernández Rojas +Signed-off-by: Miquel Raynal +Link: https://lore.kernel.org/linux-mtd/20200512075733.745374-2-noltari@gmail.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/brcmnand/brcmnand.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/drivers/mtd/nand/brcmnand/brcmnand.c ++++ b/drivers/mtd/nand/brcmnand/brcmnand.c +@@ -911,11 +911,14 @@ static int brcmnand_hamming_ooblayout_fr + if (!section) { + /* + * Small-page NAND use byte 6 for BBI while large-page +- * NAND use byte 0. ++ * NAND use bytes 0 and 1. + */ +- if (cfg->page_size > 512) +- oobregion->offset++; +- oobregion->length--; ++ if (cfg->page_size > 512) { ++ oobregion->offset += 2; ++ oobregion->length -= 2; ++ } else { ++ oobregion->length--; ++ } + } + } + diff --git a/queue-4.14/mtd-rawnand-pasemi-fix-the-probe-error-path.patch b/queue-4.14/mtd-rawnand-pasemi-fix-the-probe-error-path.patch new file mode 100644 index 00000000000..8eb6613c34b --- /dev/null +++ b/queue-4.14/mtd-rawnand-pasemi-fix-the-probe-error-path.patch @@ -0,0 +1,49 @@ +From f51466901c07e6930435d30b02a21f0841174f61 Mon Sep 17 00:00:00 2001 +From: Miquel Raynal +Date: Tue, 19 May 2020 15:00:13 +0200 +Subject: mtd: rawnand: pasemi: Fix the probe error path + +From: Miquel Raynal + +commit f51466901c07e6930435d30b02a21f0841174f61 upstream. + +nand_cleanup() is supposed to be called on error after a successful +call to nand_scan() to free all NAND resources. + +There is no real Fixes tag applying here as the use of nand_release() +in this driver predates by far the introduction of nand_cleanup() in +commit d44154f969a4 ("mtd: nand: Provide nand_cleanup() function to free NAND related resources") +which makes this change possible, hence pointing it as the commit to +fix for backporting purposes, even if this commit is not introducing +any bug. + +Fixes: d44154f969a4 ("mtd: nand: Provide nand_cleanup() function to free NAND related resources") +Signed-off-by: Miquel Raynal +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/linux-mtd/20200519130035.1883-41-miquel.raynal@bootlin.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/pasemi_nand.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/mtd/nand/pasemi_nand.c ++++ b/drivers/mtd/nand/pasemi_nand.c +@@ -163,7 +163,7 @@ static int pasemi_nand_probe(struct plat + if (mtd_device_register(pasemi_nand_mtd, NULL, 0)) { + dev_err(dev, "Unable to register MTD device\n"); + err = -ENODEV; +- goto out_lpc; ++ goto out_cleanup_nand; + } + + dev_info(dev, "PA Semi NAND flash at %pR, control at I/O %x\n", &res, +@@ -171,6 +171,8 @@ static int pasemi_nand_probe(struct plat + + return 0; + ++ out_cleanup_nand: ++ nand_cleanup(chip); + out_lpc: + release_region(lpcctl, 4); + out_ior: diff --git a/queue-4.14/pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch b/queue-4.14/pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch new file mode 100644 index 00000000000..4233c99cfae --- /dev/null +++ b/queue-4.14/pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch @@ -0,0 +1,72 @@ +From f354157a7d184db430c1a564c506434e33b1bec5 Mon Sep 17 00:00:00 2001 +From: Jonathan Bakker +Date: Sat, 25 Apr 2020 16:10:46 -0700 +Subject: pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs + +From: Jonathan Bakker + +commit f354157a7d184db430c1a564c506434e33b1bec5 upstream. + +Currently, for EINT_TYPE GPIOs, the CON and FLTCON registers +are saved and restored over a suspend/resume cycle. However, the +EINT_MASK registers are not. + +On S5PV210 at the very least, these registers are not retained over +suspend, leading to the interrupts remaining masked upon resume and +therefore no interrupts being triggered for the device. There should +be no effect on any SoCs that do retain these registers as theoretically +we would just be re-writing what was already there. + +Fixes: 7ccbc60cd9c2 ("pinctrl: exynos: Handle suspend/resume of GPIO EINT registers") +Cc: +Signed-off-by: Jonathan Bakker +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/samsung/pinctrl-exynos.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/pinctrl/samsung/pinctrl-exynos.c ++++ b/drivers/pinctrl/samsung/pinctrl-exynos.c +@@ -266,6 +266,7 @@ struct exynos_eint_gpio_save { + u32 eint_con; + u32 eint_fltcon0; + u32 eint_fltcon1; ++ u32 eint_mask; + }; + + /* +@@ -561,10 +562,13 @@ static void exynos_pinctrl_suspend_bank( + + 2 * bank->eint_offset); + save->eint_fltcon1 = readl(regs + EXYNOS_GPIO_EFLTCON_OFFSET + + 2 * bank->eint_offset + 4); ++ save->eint_mask = readl(regs + bank->irq_chip->eint_mask ++ + bank->eint_offset); + + pr_debug("%s: save con %#010x\n", bank->name, save->eint_con); + pr_debug("%s: save fltcon0 %#010x\n", bank->name, save->eint_fltcon0); + pr_debug("%s: save fltcon1 %#010x\n", bank->name, save->eint_fltcon1); ++ pr_debug("%s: save mask %#010x\n", bank->name, save->eint_mask); + } + + void exynos_pinctrl_suspend(struct samsung_pinctrl_drv_data *drvdata) +@@ -593,6 +597,9 @@ static void exynos_pinctrl_resume_bank( + pr_debug("%s: fltcon1 %#010x => %#010x\n", bank->name, + readl(regs + EXYNOS_GPIO_EFLTCON_OFFSET + + 2 * bank->eint_offset + 4), save->eint_fltcon1); ++ pr_debug("%s: mask %#010x => %#010x\n", bank->name, ++ readl(regs + bank->irq_chip->eint_mask ++ + bank->eint_offset), save->eint_mask); + + writel(save->eint_con, regs + EXYNOS_GPIO_ECON_OFFSET + + bank->eint_offset); +@@ -600,6 +607,8 @@ static void exynos_pinctrl_resume_bank( + + 2 * bank->eint_offset); + writel(save->eint_fltcon1, regs + EXYNOS_GPIO_EFLTCON_OFFSET + + 2 * bank->eint_offset + 4); ++ writel(save->eint_mask, regs + bank->irq_chip->eint_mask ++ + bank->eint_offset); + } + + void exynos_pinctrl_resume(struct samsung_pinctrl_drv_data *drvdata) diff --git a/queue-4.14/power-vexpress-add-suppress_bind_attrs-to-true.patch b/queue-4.14/power-vexpress-add-suppress_bind_attrs-to-true.patch new file mode 100644 index 00000000000..a1b62052bd8 --- /dev/null +++ b/queue-4.14/power-vexpress-add-suppress_bind_attrs-to-true.patch @@ -0,0 +1,34 @@ +From 73174acc9c75960af2daa7dcbdb9781fc0d135cb Mon Sep 17 00:00:00 2001 +From: Anders Roxell +Date: Wed, 27 May 2020 13:26:04 +0200 +Subject: power: vexpress: add suppress_bind_attrs to true + +From: Anders Roxell + +commit 73174acc9c75960af2daa7dcbdb9781fc0d135cb upstream. + +Make sure that the POWER_RESET_VEXPRESS driver won't have bind/unbind +attributes available via the sysfs, so lets be explicit here and use +".suppress_bind_attrs = true" to prevent userspace from doing something +silly. + +Link: https://lore.kernel.org/r/20200527112608.3886105-2-anders.roxell@linaro.org +Cc: stable@vger.kernel.org +Signed-off-by: Anders Roxell +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/reset/vexpress-poweroff.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/power/reset/vexpress-poweroff.c ++++ b/drivers/power/reset/vexpress-poweroff.c +@@ -150,6 +150,7 @@ static struct platform_driver vexpress_r + .driver = { + .name = "vexpress-reset", + .of_match_table = vexpress_reset_of_match, ++ .suppress_bind_attrs = true, + }, + }; + diff --git a/queue-4.14/powerpc-64s-don-t-let-dt-cpu-features-set-fscr_dscr.patch b/queue-4.14/powerpc-64s-don-t-let-dt-cpu-features-set-fscr_dscr.patch new file mode 100644 index 00000000000..fd88ea795e7 --- /dev/null +++ b/queue-4.14/powerpc-64s-don-t-let-dt-cpu-features-set-fscr_dscr.patch @@ -0,0 +1,54 @@ +From 993e3d96fd08c3ebf7566e43be9b8cd622063e6d Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Thu, 28 May 2020 00:58:41 +1000 +Subject: powerpc/64s: Don't let DT CPU features set FSCR_DSCR + +From: Michael Ellerman + +commit 993e3d96fd08c3ebf7566e43be9b8cd622063e6d upstream. + +The device tree CPU features binding includes FSCR bit numbers which +Linux is instructed to set by firmware. + +Whether that's a good idea or not, in the case of the DSCR the Linux +implementation has a hard requirement that the FSCR_DSCR bit not be +set by default. We use it to track when a process reads/writes to +DSCR, so it must be clear to begin with. + +So if firmware tells us to set FSCR_DSCR we must ignore it. + +Currently this does not cause a bug in our DSCR handling because the +value of FSCR that the device tree CPU features code establishes is +only used by swapper. All other tasks use the value hard coded in +init_task.thread.fscr. + +However we'd like to fix that in a future commit, at which point this +will become necessary. + +Fixes: 5a61ef74f269 ("powerpc/64s: Support new device tree binding for discovering CPU features") +Cc: stable@vger.kernel.org # v4.12+ +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200527145843.2761782-2-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/dt_cpu_ftrs.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/arch/powerpc/kernel/dt_cpu_ftrs.c ++++ b/arch/powerpc/kernel/dt_cpu_ftrs.c +@@ -385,6 +385,14 @@ static int __init feat_enable_dscr(struc + { + u64 lpcr; + ++ /* ++ * Linux relies on FSCR[DSCR] being clear, so that we can take the ++ * facility unavailable interrupt and track the task's usage of DSCR. ++ * See facility_unavailable_exception(). ++ * Clear the bit here so that feat_enable() doesn't set it. ++ */ ++ f->fscr_bit_nr = -1; ++ + feat_enable(f); + + lpcr = mfspr(SPRN_LPCR); diff --git a/queue-4.14/powerpc-64s-save-fscr-to-init_task.thread.fscr-after-feature-init.patch b/queue-4.14/powerpc-64s-save-fscr-to-init_task.thread.fscr-after-feature-init.patch new file mode 100644 index 00000000000..a327a933d2e --- /dev/null +++ b/queue-4.14/powerpc-64s-save-fscr-to-init_task.thread.fscr-after-feature-init.patch @@ -0,0 +1,81 @@ +From 912c0a7f2b5daa3cbb2bc10f303981e493de73bd Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Thu, 28 May 2020 00:58:42 +1000 +Subject: powerpc/64s: Save FSCR to init_task.thread.fscr after feature init + +From: Michael Ellerman + +commit 912c0a7f2b5daa3cbb2bc10f303981e493de73bd upstream. + +At boot the FSCR is initialised via one of two paths. On most systems +it's set to a hard coded value in __init_FSCR(). + +On newer skiboot systems we use the device tree CPU features binding, +where firmware can tell Linux what bits to set in FSCR (and HFSCR). + +In both cases the value that's configured at boot is not propagated +into the init_task.thread.fscr value prior to the initial fork of init +(pid 1), which means the value is not used by any processes other than +swapper (the idle task). + +For the __init_FSCR() case this is OK, because the value in +init_task.thread.fscr is initialised to something sensible. However it +does mean that the value set in __init_FSCR() is not used other than +for swapper, which is odd and confusing. + +The bigger problem is for the device tree CPU features case it +prevents firmware from setting (or clearing) FSCR bits for use by user +space. This means all existing kernels can not have features +enabled/disabled by firmware if those features require +setting/clearing FSCR bits. + +We can handle both cases by saving the FSCR value into +init_task.thread.fscr after we have initialised it at boot. This fixes +the bug for device tree CPU features, and will allow us to simplify +the initialisation for the __init_FSCR() case in a future patch. + +Fixes: 5a61ef74f269 ("powerpc/64s: Support new device tree binding for discovering CPU features") +Cc: stable@vger.kernel.org # v4.12+ +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200527145843.2761782-3-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/prom.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +--- a/arch/powerpc/kernel/prom.c ++++ b/arch/powerpc/kernel/prom.c +@@ -658,6 +658,23 @@ static void __init early_reserve_mem(voi + #endif + } + ++#ifdef CONFIG_PPC64 ++static void __init save_fscr_to_task(void) ++{ ++ /* ++ * Ensure the init_task (pid 0, aka swapper) uses the value of FSCR we ++ * have configured via the device tree features or via __init_FSCR(). ++ * That value will then be propagated to pid 1 (init) and all future ++ * processes. ++ */ ++ if (early_cpu_has_feature(CPU_FTR_ARCH_207S)) ++ init_task.thread.fscr = mfspr(SPRN_FSCR); ++} ++#else ++static inline void save_fscr_to_task(void) {}; ++#endif ++ ++ + void __init early_init_devtree(void *params) + { + phys_addr_t limit; +@@ -743,6 +760,8 @@ void __init early_init_devtree(void *par + BUG(); + } + ++ save_fscr_to_task(); ++ + #if defined(CONFIG_SMP) && defined(CONFIG_PPC64) + /* We'll later wait for secondaries to check in; there are + * NCPUS-1 non-boot CPUs :-) diff --git a/queue-4.14/series b/queue-4.14/series index 2a684c6087a..26a8b0c69d6 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -169,3 +169,19 @@ b43-fix-connection-problem-with-wpa3.patch b43_legacy-fix-connection-problem-with-wpa3.patch media-ov5640-fix-use-of-destroyed-mutex.patch igb-report-speed-and-duplex-as-unknown-when-device-is-runtime-suspended.patch +power-vexpress-add-suppress_bind_attrs-to-true.patch +pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch +sparc32-fix-register-window-handling-in-genregs32_et.patch +sparc64-fix-misuses-of-access_process_vm-in-genregs32_et.patch +dm-crypt-avoid-truncating-the-logical-block-size.patch +kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch +arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch +drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch +powerpc-64s-don-t-let-dt-cpu-features-set-fscr_dscr.patch +powerpc-64s-save-fscr-to-init_task.thread.fscr-after-feature-init.patch +kbuild-force-to-build-vmlinux-if-config_modversion-y.patch +sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch +sunrpc-clean-up-properly-in-gss_mech_unregister.patch +mtd-rawnand-brcmnand-fix-hamming-oob-layout.patch +mtd-rawnand-pasemi-fix-the-probe-error-path.patch +w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch diff --git a/queue-4.14/sparc32-fix-register-window-handling-in-genregs32_et.patch b/queue-4.14/sparc32-fix-register-window-handling-in-genregs32_et.patch new file mode 100644 index 00000000000..b49a882b550 --- /dev/null +++ b/queue-4.14/sparc32-fix-register-window-handling-in-genregs32_et.patch @@ -0,0 +1,290 @@ +From cf51e129b96847f969bfb8af1ee1516a01a70b39 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 17 May 2020 12:20:40 -0400 +Subject: sparc32: fix register window handling in genregs32_[gs]et() + +From: Al Viro + +commit cf51e129b96847f969bfb8af1ee1516a01a70b39 upstream. + +It needs access_process_vm() if the traced process does not share +mm with the caller. Solution is similar to what sparc64 does. +Note that genregs32_set() is only ever called with pos being 0 +or 32 * sizeof(u32) (the latter - as part of PTRACE_SETREGS +handling). + +Cc: stable@kernel.org +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc/kernel/ptrace_32.c | 230 ++++++++++++++++++------------------------ + 1 file changed, 99 insertions(+), 131 deletions(-) + +--- a/arch/sparc/kernel/ptrace_32.c ++++ b/arch/sparc/kernel/ptrace_32.c +@@ -46,82 +46,79 @@ enum sparc_regset { + REGSET_FP, + }; + ++static int regwindow32_get(struct task_struct *target, ++ const struct pt_regs *regs, ++ u32 *uregs) ++{ ++ unsigned long reg_window = regs->u_regs[UREG_I6]; ++ int size = 16 * sizeof(u32); ++ ++ if (target == current) { ++ if (copy_from_user(uregs, (void __user *)reg_window, size)) ++ return -EFAULT; ++ } else { ++ if (access_process_vm(target, reg_window, uregs, size, ++ FOLL_FORCE) != size) ++ return -EFAULT; ++ } ++ return 0; ++} ++ ++static int regwindow32_set(struct task_struct *target, ++ const struct pt_regs *regs, ++ u32 *uregs) ++{ ++ unsigned long reg_window = regs->u_regs[UREG_I6]; ++ int size = 16 * sizeof(u32); ++ ++ if (target == current) { ++ if (copy_to_user((void __user *)reg_window, uregs, size)) ++ return -EFAULT; ++ } else { ++ if (access_process_vm(target, reg_window, uregs, size, ++ FOLL_FORCE | FOLL_WRITE) != size) ++ return -EFAULT; ++ } ++ return 0; ++} ++ + static int genregs32_get(struct task_struct *target, + const struct user_regset *regset, + unsigned int pos, unsigned int count, + void *kbuf, void __user *ubuf) + { + const struct pt_regs *regs = target->thread.kregs; +- unsigned long __user *reg_window; +- unsigned long *k = kbuf; +- unsigned long __user *u = ubuf; +- unsigned long reg; ++ u32 uregs[16]; ++ int ret; + + if (target == current) + flush_user_windows(); + +- pos /= sizeof(reg); +- count /= sizeof(reg); ++ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ regs->u_regs, ++ 0, 16 * sizeof(u32)); ++ if (ret || !count) ++ return ret; + +- if (kbuf) { +- for (; count > 0 && pos < 16; count--) +- *k++ = regs->u_regs[pos++]; +- +- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; +- reg_window -= 16; +- for (; count > 0 && pos < 32; count--) { +- if (get_user(*k++, ®_window[pos++])) +- return -EFAULT; +- } +- } else { +- for (; count > 0 && pos < 16; count--) { +- if (put_user(regs->u_regs[pos++], u++)) +- return -EFAULT; +- } +- +- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; +- reg_window -= 16; +- for (; count > 0 && pos < 32; count--) { +- if (get_user(reg, ®_window[pos++]) || +- put_user(reg, u++)) +- return -EFAULT; +- } +- } +- while (count > 0) { +- switch (pos) { +- case 32: /* PSR */ +- reg = regs->psr; +- break; +- case 33: /* PC */ +- reg = regs->pc; +- break; +- case 34: /* NPC */ +- reg = regs->npc; +- break; +- case 35: /* Y */ +- reg = regs->y; +- break; +- case 36: /* WIM */ +- case 37: /* TBR */ +- reg = 0; +- break; +- default: +- goto finish; +- } +- +- if (kbuf) +- *k++ = reg; +- else if (put_user(reg, u++)) ++ if (pos < 32 * sizeof(u32)) { ++ if (regwindow32_get(target, regs, uregs)) + return -EFAULT; +- pos++; +- count--; ++ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ uregs, ++ 16 * sizeof(u32), 32 * sizeof(u32)); ++ if (ret || !count) ++ return ret; + } +-finish: +- pos *= sizeof(reg); +- count *= sizeof(reg); + +- return user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf, +- 38 * sizeof(reg), -1); ++ uregs[0] = regs->psr; ++ uregs[1] = regs->pc; ++ uregs[2] = regs->npc; ++ uregs[3] = regs->y; ++ uregs[4] = 0; /* WIM */ ++ uregs[5] = 0; /* TBR */ ++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf, ++ uregs, ++ 32 * sizeof(u32), 38 * sizeof(u32)); + } + + static int genregs32_set(struct task_struct *target, +@@ -130,82 +127,53 @@ static int genregs32_set(struct task_str + const void *kbuf, const void __user *ubuf) + { + struct pt_regs *regs = target->thread.kregs; +- unsigned long __user *reg_window; +- const unsigned long *k = kbuf; +- const unsigned long __user *u = ubuf; +- unsigned long reg; ++ u32 uregs[16]; ++ u32 psr; ++ int ret; + + if (target == current) + flush_user_windows(); + +- pos /= sizeof(reg); +- count /= sizeof(reg); +- +- if (kbuf) { +- for (; count > 0 && pos < 16; count--) +- regs->u_regs[pos++] = *k++; +- +- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; +- reg_window -= 16; +- for (; count > 0 && pos < 32; count--) { +- if (put_user(*k++, ®_window[pos++])) +- return -EFAULT; +- } +- } else { +- for (; count > 0 && pos < 16; count--) { +- if (get_user(reg, u++)) +- return -EFAULT; +- regs->u_regs[pos++] = reg; +- } +- +- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; +- reg_window -= 16; +- for (; count > 0 && pos < 32; count--) { +- if (get_user(reg, u++) || +- put_user(reg, ®_window[pos++])) +- return -EFAULT; +- } +- } +- while (count > 0) { +- unsigned long psr; +- +- if (kbuf) +- reg = *k++; +- else if (get_user(reg, u++)) +- return -EFAULT; +- +- switch (pos) { +- case 32: /* PSR */ +- psr = regs->psr; +- psr &= ~(PSR_ICC | PSR_SYSCALL); +- psr |= (reg & (PSR_ICC | PSR_SYSCALL)); +- regs->psr = psr; +- break; +- case 33: /* PC */ +- regs->pc = reg; +- break; +- case 34: /* NPC */ +- regs->npc = reg; +- break; +- case 35: /* Y */ +- regs->y = reg; +- break; +- case 36: /* WIM */ +- case 37: /* TBR */ +- break; +- default: +- goto finish; +- } ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ regs->u_regs, ++ 0, 16 * sizeof(u32)); ++ if (ret || !count) ++ return ret; + +- pos++; +- count--; ++ if (pos < 32 * sizeof(u32)) { ++ if (regwindow32_get(target, regs, uregs)) ++ return -EFAULT; ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ uregs, ++ 16 * sizeof(u32), 32 * sizeof(u32)); ++ if (ret) ++ return ret; ++ if (regwindow32_set(target, regs, uregs)) ++ return -EFAULT; ++ if (!count) ++ return 0; + } +-finish: +- pos *= sizeof(reg); +- count *= sizeof(reg); +- ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ &psr, ++ 32 * sizeof(u32), 33 * sizeof(u32)); ++ if (ret) ++ return ret; ++ regs->psr = (regs->psr & ~(PSR_ICC | PSR_SYSCALL)) | ++ (psr & (PSR_ICC | PSR_SYSCALL)); ++ if (!count) ++ return 0; ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ ®s->pc, ++ 33 * sizeof(u32), 34 * sizeof(u32)); ++ if (ret || !count) ++ return ret; ++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, ++ ®s->y, ++ 34 * sizeof(u32), 35 * sizeof(u32)); ++ if (ret || !count) ++ return ret; + return user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf, +- 38 * sizeof(reg), -1); ++ 35 * sizeof(u32), 38 * sizeof(u32)); + } + + static int fpregs32_get(struct task_struct *target, diff --git a/queue-4.14/sparc64-fix-misuses-of-access_process_vm-in-genregs32_et.patch b/queue-4.14/sparc64-fix-misuses-of-access_process_vm-in-genregs32_et.patch new file mode 100644 index 00000000000..223bc53a3ec --- /dev/null +++ b/queue-4.14/sparc64-fix-misuses-of-access_process_vm-in-genregs32_et.patch @@ -0,0 +1,61 @@ +From 142cd25293f6a7ecbdff4fb0af17de6438d46433 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 17 May 2020 15:37:50 -0400 +Subject: sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() + +From: Al Viro + +commit 142cd25293f6a7ecbdff4fb0af17de6438d46433 upstream. + +We do need access_process_vm() to access the target's reg_window. +However, access to caller's memory (storing the result in +genregs32_get(), fetching the new values in case of genregs32_set()) +should be done by normal uaccess primitives. + +Fixes: ad4f95764040 ([SPARC64]: Fix user accesses in regset code.) +Cc: stable@kernel.org +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc/kernel/ptrace_64.c | 17 +++-------------- + 1 file changed, 3 insertions(+), 14 deletions(-) + +--- a/arch/sparc/kernel/ptrace_64.c ++++ b/arch/sparc/kernel/ptrace_64.c +@@ -571,19 +571,13 @@ static int genregs32_get(struct task_str + for (; count > 0 && pos < 32; count--) { + if (access_process_vm(target, + (unsigned long) +- ®_window[pos], ++ ®_window[pos++], + ®, sizeof(reg), + FOLL_FORCE) + != sizeof(reg)) + return -EFAULT; +- if (access_process_vm(target, +- (unsigned long) u, +- ®, sizeof(reg), +- FOLL_FORCE | FOLL_WRITE) +- != sizeof(reg)) ++ if (put_user(reg, u++)) + return -EFAULT; +- pos++; +- u++; + } + } + } +@@ -683,12 +677,7 @@ static int genregs32_set(struct task_str + } + } else { + for (; count > 0 && pos < 32; count--) { +- if (access_process_vm(target, +- (unsigned long) +- u, +- ®, sizeof(reg), +- FOLL_FORCE) +- != sizeof(reg)) ++ if (get_user(reg, u++)) + return -EFAULT; + if (access_process_vm(target, + (unsigned long) diff --git a/queue-4.14/sunrpc-clean-up-properly-in-gss_mech_unregister.patch b/queue-4.14/sunrpc-clean-up-properly-in-gss_mech_unregister.patch new file mode 100644 index 00000000000..7e78b9288a6 --- /dev/null +++ b/queue-4.14/sunrpc-clean-up-properly-in-gss_mech_unregister.patch @@ -0,0 +1,121 @@ +From 24c5efe41c29ee3e55bcf5a1c9f61ca8709622e8 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Fri, 22 May 2020 12:01:33 +1000 +Subject: sunrpc: clean up properly in gss_mech_unregister() + +From: NeilBrown + +commit 24c5efe41c29ee3e55bcf5a1c9f61ca8709622e8 upstream. + +gss_mech_register() calls svcauth_gss_register_pseudoflavor() for each +flavour, but gss_mech_unregister() does not call auth_domain_put(). +This is unbalanced and makes it impossible to reload the module. + +Change svcauth_gss_register_pseudoflavor() to return the registered +auth_domain, and save it for later release. + +Cc: stable@vger.kernel.org (v2.6.12+) +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651 +Signed-off-by: NeilBrown +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/sunrpc/gss_api.h | 1 + + include/linux/sunrpc/svcauth_gss.h | 3 ++- + net/sunrpc/auth_gss/gss_mech_switch.c | 12 +++++++++--- + net/sunrpc/auth_gss/svcauth_gss.c | 12 ++++++------ + 4 files changed, 18 insertions(+), 10 deletions(-) + +--- a/include/linux/sunrpc/gss_api.h ++++ b/include/linux/sunrpc/gss_api.h +@@ -83,6 +83,7 @@ struct pf_desc { + u32 service; + char *name; + char *auth_domain_name; ++ struct auth_domain *domain; + bool datatouch; + }; + +--- a/include/linux/sunrpc/svcauth_gss.h ++++ b/include/linux/sunrpc/svcauth_gss.h +@@ -21,7 +21,8 @@ int gss_svc_init(void); + void gss_svc_shutdown(void); + int gss_svc_init_net(struct net *net); + void gss_svc_shutdown_net(struct net *net); +-int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name); ++struct auth_domain *svcauth_gss_register_pseudoflavor(u32 pseudoflavor, ++ char *name); + u32 svcauth_gss_flavor(struct auth_domain *dom); + + #endif /* __KERNEL__ */ +--- a/net/sunrpc/auth_gss/gss_mech_switch.c ++++ b/net/sunrpc/auth_gss/gss_mech_switch.c +@@ -61,6 +61,8 @@ gss_mech_free(struct gss_api_mech *gm) + + for (i = 0; i < gm->gm_pf_num; i++) { + pf = &gm->gm_pfs[i]; ++ if (pf->domain) ++ auth_domain_put(pf->domain); + kfree(pf->auth_domain_name); + pf->auth_domain_name = NULL; + } +@@ -83,6 +85,7 @@ make_auth_domain_name(char *name) + static int + gss_mech_svc_setup(struct gss_api_mech *gm) + { ++ struct auth_domain *dom; + struct pf_desc *pf; + int i, status; + +@@ -92,10 +95,13 @@ gss_mech_svc_setup(struct gss_api_mech * + status = -ENOMEM; + if (pf->auth_domain_name == NULL) + goto out; +- status = svcauth_gss_register_pseudoflavor(pf->pseudoflavor, +- pf->auth_domain_name); +- if (status) ++ dom = svcauth_gss_register_pseudoflavor( ++ pf->pseudoflavor, pf->auth_domain_name); ++ if (IS_ERR(dom)) { ++ status = PTR_ERR(dom); + goto out; ++ } ++ pf->domain = dom; + } + return 0; + out: +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -779,7 +779,7 @@ u32 svcauth_gss_flavor(struct auth_domai + + EXPORT_SYMBOL_GPL(svcauth_gss_flavor); + +-int ++struct auth_domain * + svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name) + { + struct gss_domain *new; +@@ -802,17 +802,17 @@ svcauth_gss_register_pseudoflavor(u32 ps + name); + stat = -EADDRINUSE; + auth_domain_put(test); +- kfree(new->h.name); +- goto out_free_dom; ++ goto out_free_name; + } +- return 0; ++ return test; + ++out_free_name: ++ kfree(new->h.name); + out_free_dom: + kfree(new); + out: +- return stat; ++ return ERR_PTR(stat); + } +- + EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor); + + static inline int diff --git a/queue-4.14/sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch b/queue-4.14/sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch new file mode 100644 index 00000000000..0435e5ad876 --- /dev/null +++ b/queue-4.14/sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch @@ -0,0 +1,46 @@ +From d47a5dc2888fd1b94adf1553068b8dad76cec96c Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Fri, 22 May 2020 12:01:33 +1000 +Subject: sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. + +From: NeilBrown + +commit d47a5dc2888fd1b94adf1553068b8dad76cec96c upstream. + +There is no valid case for supporting duplicate pseudoflavor +registrations. +Currently the silent acceptance of such registrations is hiding a bug. +The rpcsec_gss_krb5 module registers 2 flavours but does not unregister +them, so if you load, unload, reload the module, it will happily +continue to use the old registration which now has pointers to the +memory were the module was originally loaded. This could lead to +unexpected results. + +So disallow duplicate registrations. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651 +Cc: stable@vger.kernel.org (v2.6.12+) +Signed-off-by: NeilBrown +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/auth_gss/svcauth_gss.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/net/sunrpc/auth_gss/svcauth_gss.c ++++ b/net/sunrpc/auth_gss/svcauth_gss.c +@@ -796,9 +796,11 @@ svcauth_gss_register_pseudoflavor(u32 ps + new->h.flavour = &svcauthops_gss; + new->pseudoflavor = pseudoflavor; + +- stat = 0; + test = auth_domain_lookup(name, &new->h); +- if (test != &new->h) { /* Duplicate registration */ ++ if (test != &new->h) { ++ pr_warn("svc: duplicate registration of gss pseudo flavour %s.\n", ++ name); ++ stat = -EADDRINUSE; + auth_domain_put(test); + kfree(new->h.name); + goto out_free_dom; diff --git a/queue-4.14/w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch b/queue-4.14/w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch new file mode 100644 index 00000000000..0f752ac03b5 --- /dev/null +++ b/queue-4.14/w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch @@ -0,0 +1,69 @@ +From 5e02f3b31704e24537697bce54f8156bdb72b7a6 Mon Sep 17 00:00:00 2001 +From: "H. Nikolaus Schaller" +Date: Sat, 23 May 2020 19:32:54 +0200 +Subject: w1: omap-hdq: cleanup to add missing newline for some dev_dbg + +From: H. Nikolaus Schaller + +commit 5e02f3b31704e24537697bce54f8156bdb72b7a6 upstream. + +Otherwise it will corrupt the console log during debugging. + +Fixes: 7b5362a603a1 ("w1: omap_hdq: Fix some error/debug handling.") +Cc: stable@vger.kernel.org +Acked-by: Tony Lindgren +Signed-off-by: H. Nikolaus Schaller +Link: https://lore.kernel.org/r/cd0d55749a091214106575f6e1d363c6db56622f.1590255176.git.hns@goldelico.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/w1/masters/omap_hdq.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/w1/masters/omap_hdq.c ++++ b/drivers/w1/masters/omap_hdq.c +@@ -176,7 +176,7 @@ static int hdq_write_byte(struct hdq_dat + /* check irqstatus */ + if (!(*status & OMAP_HDQ_INT_STATUS_TXCOMPLETE)) { + dev_dbg(hdq_data->dev, "timeout waiting for" +- " TXCOMPLETE/RXCOMPLETE, %x", *status); ++ " TXCOMPLETE/RXCOMPLETE, %x\n", *status); + ret = -ETIMEDOUT; + goto out; + } +@@ -187,7 +187,7 @@ static int hdq_write_byte(struct hdq_dat + OMAP_HDQ_FLAG_CLEAR, &tmp_status); + if (ret) { + dev_dbg(hdq_data->dev, "timeout waiting GO bit" +- " return to zero, %x", tmp_status); ++ " return to zero, %x\n", tmp_status); + } + + out: +@@ -203,7 +203,7 @@ static irqreturn_t hdq_isr(int irq, void + spin_lock_irqsave(&hdq_data->hdq_spinlock, irqflags); + hdq_data->hdq_irqstatus = hdq_reg_in(hdq_data, OMAP_HDQ_INT_STATUS); + spin_unlock_irqrestore(&hdq_data->hdq_spinlock, irqflags); +- dev_dbg(hdq_data->dev, "hdq_isr: %x", hdq_data->hdq_irqstatus); ++ dev_dbg(hdq_data->dev, "hdq_isr: %x\n", hdq_data->hdq_irqstatus); + + if (hdq_data->hdq_irqstatus & + (OMAP_HDQ_INT_STATUS_TXCOMPLETE | OMAP_HDQ_INT_STATUS_RXCOMPLETE +@@ -311,7 +311,7 @@ static int omap_hdq_break(struct hdq_dat + tmp_status = hdq_data->hdq_irqstatus; + /* check irqstatus */ + if (!(tmp_status & OMAP_HDQ_INT_STATUS_TIMEOUT)) { +- dev_dbg(hdq_data->dev, "timeout waiting for TIMEOUT, %x", ++ dev_dbg(hdq_data->dev, "timeout waiting for TIMEOUT, %x\n", + tmp_status); + ret = -ETIMEDOUT; + goto out; +@@ -338,7 +338,7 @@ static int omap_hdq_break(struct hdq_dat + &tmp_status); + if (ret) + dev_dbg(hdq_data->dev, "timeout waiting INIT&GO bits" +- " return to zero, %x", tmp_status); ++ " return to zero, %x\n", tmp_status); + + out: + mutex_unlock(&hdq_data->hdq_mutex);