From: Greg Kroah-Hartman Date: Thu, 6 Feb 2020 19:31:47 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.19.103~114 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9ea1bebf438440da2478d4c04f7eeef42ee5117e;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: acpi-battery-deal-better-with-neither-design-nor-full-capacity-not-being-reported.patch acpi-battery-deal-with-design-or-full-capacity-being-reported-as-1.patch acpi-battery-use-design-cap-for-capacity-calculations-if-full-cap-is-not-available.patch acpi-video-do-not-export-a-non-working-backlight-interface-on-msi-ms-7721-boards.patch alarmtimer-unregister-wakeup-source-when-module-get-fails.patch fscrypt-don-t-print-name-of-busy-file-when-removing-key.patch mmc-spi-toggle-spi-polarity-do-not-hardcode-it.patch pci-keystone-fix-error-handling-when-num-viewport-dt-property-is-not-populated.patch pci-keystone-fix-link-training-retries-initiation.patch pci-keystone-fix-outbound-region-mapping.patch pci-tegra-fix-return-value-check-of-pm_runtime_get_sync.patch ubifs-don-t-trigger-assertion-on-invalid-no-key-filename.patch ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch ubifs-fix-wrong-memory-allocation.patch --- diff --git a/queue-5.4/acpi-battery-deal-better-with-neither-design-nor-full-capacity-not-being-reported.patch b/queue-5.4/acpi-battery-deal-better-with-neither-design-nor-full-capacity-not-being-reported.patch new file mode 100644 index 00000000000..d671985e3a4 --- /dev/null +++ b/queue-5.4/acpi-battery-deal-better-with-neither-design-nor-full-capacity-not-being-reported.patch @@ -0,0 +1,115 @@ +From ff3154d1d89a2343fd5f82e65bc0cf1d4e6659b3 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 10 Dec 2019 10:57:52 +0100 +Subject: ACPI / battery: Deal better with neither design nor full capacity not being reported + +From: Hans de Goede + +commit ff3154d1d89a2343fd5f82e65bc0cf1d4e6659b3 upstream. + +Commit b41901a2cf06 ("ACPI / battery: Do not export energy_full[_design] on +devices without full_charge_capacity") added support for some (broken) +devices which always report 0 for both design_capacity and +full_charge_capacity. + +Since the device that commit was written as a fix for is not reporting any +form of "full" capacity we cannot calculate the value for the +POWER_SUPPLY_PROP_CAPACITY, this is worked around by using an alternative +array of available properties which does not contain this property. + +This is necessary because userspace (upower) treats us returning -ENODEV +as 0 and then typically will trigger an emergency shutdown because of that. +Userspace does not do this if the capacity sysfs attribute is not present +at all. + +There are two potential problems with that commit: + 1) It assumes that both full_charge- and design-capacity are broken at the + same time and only checks if full_charge- is broken. + 2) It assumes that this only ever happens for devices which report energy + units rather then charge units. + +This commit fixes both issues by only using the alternative +array of available properties if both full_charge- and design-capacity are +broken and by also adding an alternative array of available properties for +devices using mA units. + +Fixes: b41901a2cf06 ("ACPI / battery: Do not export energy_full[_design] on devices without full_charge_capacity") +Cc: 4.19+ # 4.19+ +Signed-off-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/battery.c | 51 +++++++++++++++++++++++++++++++++++++------------ + 1 file changed, 39 insertions(+), 12 deletions(-) + +--- a/drivers/acpi/battery.c ++++ b/drivers/acpi/battery.c +@@ -342,6 +342,20 @@ static enum power_supply_property charge + POWER_SUPPLY_PROP_SERIAL_NUMBER, + }; + ++static enum power_supply_property charge_battery_full_cap_broken_props[] = { ++ POWER_SUPPLY_PROP_STATUS, ++ POWER_SUPPLY_PROP_PRESENT, ++ POWER_SUPPLY_PROP_TECHNOLOGY, ++ POWER_SUPPLY_PROP_CYCLE_COUNT, ++ POWER_SUPPLY_PROP_VOLTAGE_MIN_DESIGN, ++ POWER_SUPPLY_PROP_VOLTAGE_NOW, ++ POWER_SUPPLY_PROP_CURRENT_NOW, ++ POWER_SUPPLY_PROP_CHARGE_NOW, ++ POWER_SUPPLY_PROP_MODEL_NAME, ++ POWER_SUPPLY_PROP_MANUFACTURER, ++ POWER_SUPPLY_PROP_SERIAL_NUMBER, ++}; ++ + static enum power_supply_property energy_battery_props[] = { + POWER_SUPPLY_PROP_STATUS, + POWER_SUPPLY_PROP_PRESENT, +@@ -803,21 +817,34 @@ static void __exit battery_hook_exit(voi + static int sysfs_add_battery(struct acpi_battery *battery) + { + struct power_supply_config psy_cfg = { .drv_data = battery, }; ++ bool full_cap_broken = false; ++ ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) && ++ !ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity)) ++ full_cap_broken = true; + + if (battery->power_unit == ACPI_BATTERY_POWER_UNIT_MA) { +- battery->bat_desc.properties = charge_battery_props; +- battery->bat_desc.num_properties = +- ARRAY_SIZE(charge_battery_props); +- } else if (!ACPI_BATTERY_CAPACITY_VALID( +- battery->full_charge_capacity)) { +- battery->bat_desc.properties = +- energy_battery_full_cap_broken_props; +- battery->bat_desc.num_properties = +- ARRAY_SIZE(energy_battery_full_cap_broken_props); ++ if (full_cap_broken) { ++ battery->bat_desc.properties = ++ charge_battery_full_cap_broken_props; ++ battery->bat_desc.num_properties = ++ ARRAY_SIZE(charge_battery_full_cap_broken_props); ++ } else { ++ battery->bat_desc.properties = charge_battery_props; ++ battery->bat_desc.num_properties = ++ ARRAY_SIZE(charge_battery_props); ++ } + } else { +- battery->bat_desc.properties = energy_battery_props; +- battery->bat_desc.num_properties = +- ARRAY_SIZE(energy_battery_props); ++ if (full_cap_broken) { ++ battery->bat_desc.properties = ++ energy_battery_full_cap_broken_props; ++ battery->bat_desc.num_properties = ++ ARRAY_SIZE(energy_battery_full_cap_broken_props); ++ } else { ++ battery->bat_desc.properties = energy_battery_props; ++ battery->bat_desc.num_properties = ++ ARRAY_SIZE(energy_battery_props); ++ } + } + + battery->bat_desc.name = acpi_device_bid(battery->device); diff --git a/queue-5.4/acpi-battery-deal-with-design-or-full-capacity-being-reported-as-1.patch b/queue-5.4/acpi-battery-deal-with-design-or-full-capacity-being-reported-as-1.patch new file mode 100644 index 00000000000..1f3ee1481aa --- /dev/null +++ b/queue-5.4/acpi-battery-deal-with-design-or-full-capacity-being-reported-as-1.patch @@ -0,0 +1,96 @@ +From cc99f0ad52467028cb1251160f23ad4bb65baf20 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 10 Dec 2019 10:57:50 +0100 +Subject: ACPI / battery: Deal with design or full capacity being reported as -1 + +From: Hans de Goede + +commit cc99f0ad52467028cb1251160f23ad4bb65baf20 upstream. + +Commit b41901a2cf06 ("ACPI / battery: Do not export energy_full[_design] +on devices without full_charge_capacity") added support for some (broken) +devices which always report 0 for both design- and full_charge-capacity. + +This assumes that if the capacity is not being reported it is 0. The +ThunderSoft TS178 tablet's _BIX implementation falsifies this assumption. +It reports ACPI_BATTERY_VALUE_UNKNOWN (-1) as full_charge_capacity, which +we treat as a valid value which causes several problems. + +This commit fixes this by adding a new ACPI_BATTERY_CAPACITY_VALID() helper +which checks that the value is not 0 and not -1; and using this whenever we +need to test if either design_capacity or full_charge_capacity is valid. + +Fixes: b41901a2cf06 ("ACPI / battery: Do not export energy_full[_design] on devices without full_charge_capacity") +Cc: 4.19+ # 4.19+ +Signed-off-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/battery.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +--- a/drivers/acpi/battery.c ++++ b/drivers/acpi/battery.c +@@ -38,6 +38,8 @@ + #define PREFIX "ACPI: " + + #define ACPI_BATTERY_VALUE_UNKNOWN 0xFFFFFFFF ++#define ACPI_BATTERY_CAPACITY_VALID(capacity) \ ++ ((capacity) != 0 && (capacity) != ACPI_BATTERY_VALUE_UNKNOWN) + + #define ACPI_BATTERY_DEVICE_NAME "Battery" + +@@ -192,7 +194,8 @@ static int acpi_battery_is_charged(struc + + static bool acpi_battery_is_degraded(struct acpi_battery *battery) + { +- return battery->full_charge_capacity && battery->design_capacity && ++ return ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) && ++ ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity) && + battery->full_charge_capacity < battery->design_capacity; + } + +@@ -263,14 +266,14 @@ static int acpi_battery_get_property(str + break; + case POWER_SUPPLY_PROP_CHARGE_FULL_DESIGN: + case POWER_SUPPLY_PROP_ENERGY_FULL_DESIGN: +- if (battery->design_capacity == ACPI_BATTERY_VALUE_UNKNOWN) ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity)) + ret = -ENODEV; + else + val->intval = battery->design_capacity * 1000; + break; + case POWER_SUPPLY_PROP_CHARGE_FULL: + case POWER_SUPPLY_PROP_ENERGY_FULL: +- if (battery->full_charge_capacity == ACPI_BATTERY_VALUE_UNKNOWN) ++ if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity)) + ret = -ENODEV; + else + val->intval = battery->full_charge_capacity * 1000; +@@ -283,11 +286,12 @@ static int acpi_battery_get_property(str + val->intval = battery->capacity_now * 1000; + break; + case POWER_SUPPLY_PROP_CAPACITY: +- if (battery->capacity_now && battery->full_charge_capacity) ++ if (battery->capacity_now == ACPI_BATTERY_VALUE_UNKNOWN || ++ !ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity)) ++ ret = -ENODEV; ++ else + val->intval = battery->capacity_now * 100/ + battery->full_charge_capacity; +- else +- val->intval = 0; + break; + case POWER_SUPPLY_PROP_CAPACITY_LEVEL: + if (battery->state & ACPI_BATTERY_STATE_CRITICAL) +@@ -799,7 +803,8 @@ static int sysfs_add_battery(struct acpi + battery->bat_desc.properties = charge_battery_props; + battery->bat_desc.num_properties = + ARRAY_SIZE(charge_battery_props); +- } else if (battery->full_charge_capacity == 0) { ++ } else if (!ACPI_BATTERY_CAPACITY_VALID( ++ battery->full_charge_capacity)) { + battery->bat_desc.properties = + energy_battery_full_cap_broken_props; + battery->bat_desc.num_properties = diff --git a/queue-5.4/acpi-battery-use-design-cap-for-capacity-calculations-if-full-cap-is-not-available.patch b/queue-5.4/acpi-battery-use-design-cap-for-capacity-calculations-if-full-cap-is-not-available.patch new file mode 100644 index 00000000000..20430125958 --- /dev/null +++ b/queue-5.4/acpi-battery-use-design-cap-for-capacity-calculations-if-full-cap-is-not-available.patch @@ -0,0 +1,65 @@ +From 5b74d1d16e2f5753fcbdecd6771b2d8370dda414 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 10 Dec 2019 10:57:51 +0100 +Subject: ACPI / battery: Use design-cap for capacity calculations if full-cap is not available + +From: Hans de Goede + +commit 5b74d1d16e2f5753fcbdecd6771b2d8370dda414 upstream. + +The ThunderSoft TS178 tablet's _BIX implementation reports design_capacity +but not full_charge_capacity. + +Before this commit this would cause us to return -ENODEV for the capacity +attribute, which userspace does not like. Specifically upower does this: + + if (sysfs_file_exists (native_path, "capacity")) { + percentage = sysfs_get_double (native_path, "capacity"); + +Where the sysfs_get_double() helper returns 0 when we return -ENODEV, +so the battery always reads 0% if we return -ENODEV. + +This commit fixes this by using the design-capacity instead of the +full-charge-capacity when the full-charge-capacity is not available. + +Fixes: b41901a2cf06 ("ACPI / battery: Do not export energy_full[_design] on devices without full_charge_capacity") +Cc: 4.19+ # 4.19+ +Signed-off-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/battery.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/drivers/acpi/battery.c ++++ b/drivers/acpi/battery.c +@@ -217,7 +217,7 @@ static int acpi_battery_get_property(str + enum power_supply_property psp, + union power_supply_propval *val) + { +- int ret = 0; ++ int full_capacity = ACPI_BATTERY_VALUE_UNKNOWN, ret = 0; + struct acpi_battery *battery = to_acpi_battery(psy); + + if (acpi_battery_present(battery)) { +@@ -286,12 +286,17 @@ static int acpi_battery_get_property(str + val->intval = battery->capacity_now * 1000; + break; + case POWER_SUPPLY_PROP_CAPACITY: ++ if (ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity)) ++ full_capacity = battery->full_charge_capacity; ++ else if (ACPI_BATTERY_CAPACITY_VALID(battery->design_capacity)) ++ full_capacity = battery->design_capacity; ++ + if (battery->capacity_now == ACPI_BATTERY_VALUE_UNKNOWN || +- !ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity)) ++ full_capacity == ACPI_BATTERY_VALUE_UNKNOWN) + ret = -ENODEV; + else + val->intval = battery->capacity_now * 100/ +- battery->full_charge_capacity; ++ full_capacity; + break; + case POWER_SUPPLY_PROP_CAPACITY_LEVEL: + if (battery->state & ACPI_BATTERY_STATE_CRITICAL) diff --git a/queue-5.4/acpi-video-do-not-export-a-non-working-backlight-interface-on-msi-ms-7721-boards.patch b/queue-5.4/acpi-video-do-not-export-a-non-working-backlight-interface-on-msi-ms-7721-boards.patch new file mode 100644 index 00000000000..1ad7c4154e0 --- /dev/null +++ b/queue-5.4/acpi-video-do-not-export-a-non-working-backlight-interface-on-msi-ms-7721-boards.patch @@ -0,0 +1,59 @@ +From d21a91629f4b8e794fc4c0e0c17c85cedf1d806c Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Tue, 17 Dec 2019 20:08:11 +0100 +Subject: ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards + +From: Hans de Goede + +commit d21a91629f4b8e794fc4c0e0c17c85cedf1d806c upstream. + +Despite our heuristics to not wrongly export a non working ACPI backlight +interface on desktop machines, we still end up exporting one on desktops +using a motherboard from the MSI MS-7721 series. + +I've looked at improving the heuristics, but in this case a quirk seems +to be the only way to solve this. + +While at it also add a comment to separate the video_detect_force_none +entries in the video_detect_dmi_table from other type of entries, as we +already do for the other entry types. + +Cc: All applicable +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1783786 +Signed-off-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/video_detect.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +--- a/drivers/acpi/video_detect.c ++++ b/drivers/acpi/video_detect.c +@@ -336,6 +336,11 @@ static const struct dmi_system_id video_ + DMI_MATCH(DMI_PRODUCT_NAME, "Precision 7510"), + }, + }, ++ ++ /* ++ * Desktops which falsely report a backlight and which our heuristics ++ * for this do not catch. ++ */ + { + .callback = video_detect_force_none, + .ident = "Dell OptiPlex 9020M", +@@ -344,6 +349,14 @@ static const struct dmi_system_id video_ + DMI_MATCH(DMI_PRODUCT_NAME, "OptiPlex 9020M"), + }, + }, ++ { ++ .callback = video_detect_force_none, ++ .ident = "MSI MS-7721", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "MSI"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "MS-7721"), ++ }, ++ }, + { }, + }; + diff --git a/queue-5.4/alarmtimer-unregister-wakeup-source-when-module-get-fails.patch b/queue-5.4/alarmtimer-unregister-wakeup-source-when-module-get-fails.patch new file mode 100644 index 00000000000..7032f0c3d66 --- /dev/null +++ b/queue-5.4/alarmtimer-unregister-wakeup-source-when-module-get-fails.patch @@ -0,0 +1,64 @@ +From 6b6d188aae79a630957aefd88ff5c42af6553ee3 Mon Sep 17 00:00:00 2001 +From: Stephen Boyd +Date: Thu, 9 Jan 2020 07:59:07 -0800 +Subject: alarmtimer: Unregister wakeup source when module get fails + +From: Stephen Boyd + +commit 6b6d188aae79a630957aefd88ff5c42af6553ee3 upstream. + +The alarmtimer_rtc_add_device() function creates a wakeup source and then +tries to grab a module reference. If that fails the function returns early +with an error code, but fails to remove the wakeup source. + +Cleanup this exit path so there is no dangling wakeup source, which is +named 'alarmtime' left allocated which will conflict with another RTC +device that may be registered later. + +Fixes: 51218298a25e ("alarmtimer: Ensure RTC module is not unloaded") +Signed-off-by: Stephen Boyd +Signed-off-by: Thomas Gleixner +Reviewed-by: Douglas Anderson +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200109155910.907-2-swboyd@chromium.org +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/time/alarmtimer.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/kernel/time/alarmtimer.c ++++ b/kernel/time/alarmtimer.c +@@ -88,6 +88,7 @@ static int alarmtimer_rtc_add_device(str + unsigned long flags; + struct rtc_device *rtc = to_rtc_device(dev); + struct wakeup_source *__ws; ++ int ret = 0; + + if (rtcdev) + return -EBUSY; +@@ -102,8 +103,8 @@ static int alarmtimer_rtc_add_device(str + spin_lock_irqsave(&rtcdev_lock, flags); + if (!rtcdev) { + if (!try_module_get(rtc->owner)) { +- spin_unlock_irqrestore(&rtcdev_lock, flags); +- return -1; ++ ret = -1; ++ goto unlock; + } + + rtcdev = rtc; +@@ -112,11 +113,12 @@ static int alarmtimer_rtc_add_device(str + ws = __ws; + __ws = NULL; + } ++unlock: + spin_unlock_irqrestore(&rtcdev_lock, flags); + + wakeup_source_unregister(__ws); + +- return 0; ++ return ret; + } + + static inline void alarmtimer_rtc_timer_init(void) diff --git a/queue-5.4/fscrypt-don-t-print-name-of-busy-file-when-removing-key.patch b/queue-5.4/fscrypt-don-t-print-name-of-busy-file-when-removing-key.patch new file mode 100644 index 00000000000..0e992b70af9 --- /dev/null +++ b/queue-5.4/fscrypt-don-t-print-name-of-busy-file-when-removing-key.patch @@ -0,0 +1,77 @@ +From 13a10da94615d81087e718517794f2868a8b3fab Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sun, 19 Jan 2020 22:07:32 -0800 +Subject: fscrypt: don't print name of busy file when removing key + +From: Eric Biggers + +commit 13a10da94615d81087e718517794f2868a8b3fab upstream. + +When an encryption key can't be fully removed due to file(s) protected +by it still being in-use, we shouldn't really print the path to one of +these files to the kernel log, since parts of this path are likely to be +encrypted on-disk, and (depending on how the system is set up) the +confidentiality of this path might be lost by printing it to the log. + +This is a trade-off: a single file path often doesn't matter at all, +especially if it's a directory; the kernel log might still be protected +in some way; and I had originally hoped that any "inode(s) still busy" +bugs (which are security weaknesses in their own right) would be quickly +fixed and that to do so it would be super helpful to always know the +file path and not have to run 'find dir -inum $inum' after the fact. + +But in practice, these bugs can be hard to fix (e.g. due to asynchronous +process killing that is difficult to eliminate, for performance +reasons), and also not tied to specific files, so knowing a file path +doesn't necessarily help. + +So to be safe, for now let's just show the inode number, not the path. +If someone really wants to know a path they can use 'find -inum'. + +Fixes: b1c0ec3599f4 ("fscrypt: add FS_IOC_REMOVE_ENCRYPTION_KEY ioctl") +Cc: # v5.4+ +Link: https://lore.kernel.org/r/20200120060732.390362-1-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman + +--- + fs/crypto/keyring.c | 15 ++------------- + 1 file changed, 2 insertions(+), 13 deletions(-) + +--- a/fs/crypto/keyring.c ++++ b/fs/crypto/keyring.c +@@ -664,9 +664,6 @@ static int check_for_busy_inodes(struct + struct list_head *pos; + size_t busy_count = 0; + unsigned long ino; +- struct dentry *dentry; +- char _path[256]; +- char *path = NULL; + + spin_lock(&mk->mk_decrypted_inodes_lock); + +@@ -685,22 +682,14 @@ static int check_for_busy_inodes(struct + struct fscrypt_info, + ci_master_key_link)->ci_inode; + ino = inode->i_ino; +- dentry = d_find_alias(inode); + } + spin_unlock(&mk->mk_decrypted_inodes_lock); + +- if (dentry) { +- path = dentry_path(dentry, _path, sizeof(_path)); +- dput(dentry); +- } +- if (IS_ERR_OR_NULL(path)) +- path = "(unknown)"; +- + fscrypt_warn(NULL, +- "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu (%s)", ++ "%s: %zu inode(s) still busy after removing key with %s %*phN, including ino %lu", + sb->s_id, busy_count, master_key_spec_type(&mk->mk_spec), + master_key_spec_len(&mk->mk_spec), (u8 *)&mk->mk_spec.u, +- ino, path); ++ ino); + return -EBUSY; + } + diff --git a/queue-5.4/mmc-spi-toggle-spi-polarity-do-not-hardcode-it.patch b/queue-5.4/mmc-spi-toggle-spi-polarity-do-not-hardcode-it.patch new file mode 100644 index 00000000000..bb080252044 --- /dev/null +++ b/queue-5.4/mmc-spi-toggle-spi-polarity-do-not-hardcode-it.patch @@ -0,0 +1,64 @@ +From af3ed119329cf9690598c5a562d95dfd128e91d6 Mon Sep 17 00:00:00 2001 +From: Linus Walleij +Date: Wed, 4 Dec 2019 16:27:49 +0100 +Subject: mmc: spi: Toggle SPI polarity, do not hardcode it + +From: Linus Walleij + +commit af3ed119329cf9690598c5a562d95dfd128e91d6 upstream. + +The code in mmc_spi_initsequence() tries to send a burst with +high chipselect and for this reason hardcodes the device into +SPI_CS_HIGH. + +This is not good because the SPI_CS_HIGH flag indicates +logical "asserted" CS not always the physical level. In +some cases the signal is inverted in the GPIO library and +in that case SPI_CS_HIGH is already set, and enforcing +SPI_CS_HIGH again will actually drive it low. + +Instead of hard-coding this, toggle the polarity so if the +default is LOW it goes high to assert chipselect but if it +is already high then toggle it low instead. + +Cc: Phil Elwell +Reported-by: Mark Brown +Signed-off-by: Linus Walleij +Reviewed-by: Mark Brown +Link: https://lore.kernel.org/r/20191204152749.12652-1-linus.walleij@linaro.org +Cc: stable@vger.kernel.org +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/mmc_spi.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/drivers/mmc/host/mmc_spi.c ++++ b/drivers/mmc/host/mmc_spi.c +@@ -1134,17 +1134,22 @@ static void mmc_spi_initsequence(struct + * SPI protocol. Another is that when chipselect is released while + * the card returns BUSY status, the clock must issue several cycles + * with chipselect high before the card will stop driving its output. ++ * ++ * SPI_CS_HIGH means "asserted" here. In some cases like when using ++ * GPIOs for chip select, SPI_CS_HIGH is set but this will be logically ++ * inverted by gpiolib, so if we want to ascertain to drive it high ++ * we should toggle the default with an XOR as we do here. + */ +- host->spi->mode |= SPI_CS_HIGH; ++ host->spi->mode ^= SPI_CS_HIGH; + if (spi_setup(host->spi) != 0) { + /* Just warn; most cards work without it. */ + dev_warn(&host->spi->dev, + "can't change chip-select polarity\n"); +- host->spi->mode &= ~SPI_CS_HIGH; ++ host->spi->mode ^= SPI_CS_HIGH; + } else { + mmc_spi_readbytes(host, 18); + +- host->spi->mode &= ~SPI_CS_HIGH; ++ host->spi->mode ^= SPI_CS_HIGH; + if (spi_setup(host->spi) != 0) { + /* Wot, we can't get the same setup we had before? */ + dev_err(&host->spi->dev, diff --git a/queue-5.4/pci-keystone-fix-error-handling-when-num-viewport-dt-property-is-not-populated.patch b/queue-5.4/pci-keystone-fix-error-handling-when-num-viewport-dt-property-is-not-populated.patch new file mode 100644 index 00000000000..71d5e50088f --- /dev/null +++ b/queue-5.4/pci-keystone-fix-error-handling-when-num-viewport-dt-property-is-not-populated.patch @@ -0,0 +1,32 @@ +From b0de922af53eede340986a2d05b6cd4b6d6efa43 Mon Sep 17 00:00:00 2001 +From: Kishon Vijay Abraham I +Date: Tue, 21 Jan 2020 17:27:34 +0530 +Subject: PCI: keystone: Fix error handling when "num-viewport" DT property is not populated + +From: Kishon Vijay Abraham I + +commit b0de922af53eede340986a2d05b6cd4b6d6efa43 upstream. + +Fix error handling when "num-viewport" DT property is not populated. + +Fixes: 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") +Signed-off-by: Kishon Vijay Abraham I +Signed-off-by: Lorenzo Pieralisi +Cc: stable@vger.kernel.org # v5.2+ +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/controller/dwc/pci-keystone.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/pci/controller/dwc/pci-keystone.c ++++ b/drivers/pci/controller/dwc/pci-keystone.c +@@ -1354,7 +1354,7 @@ static int __init ks_pcie_probe(struct p + ret = of_property_read_u32(np, "num-viewport", &num_viewport); + if (ret < 0) { + dev_err(dev, "unable to read *num-viewport* property\n"); +- return ret; ++ goto err_get_sync; + } + + /* diff --git a/queue-5.4/pci-keystone-fix-link-training-retries-initiation.patch b/queue-5.4/pci-keystone-fix-link-training-retries-initiation.patch new file mode 100644 index 00000000000..4cd9edcb0f0 --- /dev/null +++ b/queue-5.4/pci-keystone-fix-link-training-retries-initiation.patch @@ -0,0 +1,36 @@ +From 6df19872d881641e6394f93ef2938cffcbdae5bb Mon Sep 17 00:00:00 2001 +From: Yurii Monakov +Date: Tue, 17 Dec 2019 14:38:36 +0300 +Subject: PCI: keystone: Fix link training retries initiation + +From: Yurii Monakov + +commit 6df19872d881641e6394f93ef2938cffcbdae5bb upstream. + +ks_pcie_stop_link() function does not clear LTSSM_EN_VAL bit so +link training was not triggered more than once after startup. +In configurations where link can be unstable during early boot, +for example, under low temperature, it will never be established. + +Fixes: 0c4ffcfe1fbc ("PCI: keystone: Add TI Keystone PCIe driver") +Signed-off-by: Yurii Monakov +Signed-off-by: Lorenzo Pieralisi +Acked-by: Andrew Murray +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/controller/dwc/pci-keystone.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/pci/controller/dwc/pci-keystone.c ++++ b/drivers/pci/controller/dwc/pci-keystone.c +@@ -510,7 +510,7 @@ static void ks_pcie_stop_link(struct dw_ + /* Disable Link training */ + val = ks_pcie_app_readl(ks_pcie, CMD_STATUS); + val &= ~LTSSM_EN_VAL; +- ks_pcie_app_writel(ks_pcie, CMD_STATUS, LTSSM_EN_VAL | val); ++ ks_pcie_app_writel(ks_pcie, CMD_STATUS, val); + } + + static int ks_pcie_start_link(struct dw_pcie *pci) diff --git a/queue-5.4/pci-keystone-fix-outbound-region-mapping.patch b/queue-5.4/pci-keystone-fix-outbound-region-mapping.patch new file mode 100644 index 00000000000..1eb946361b8 --- /dev/null +++ b/queue-5.4/pci-keystone-fix-outbound-region-mapping.patch @@ -0,0 +1,43 @@ +From 2d0c3fbe43fa0e6fcb7a6c755c5f4cd702c0d2f4 Mon Sep 17 00:00:00 2001 +From: Yurii Monakov +Date: Fri, 4 Oct 2019 18:48:11 +0300 +Subject: PCI: keystone: Fix outbound region mapping + +From: Yurii Monakov + +commit 2d0c3fbe43fa0e6fcb7a6c755c5f4cd702c0d2f4 upstream. + +The Keystone outbound Address Translation Unit (ATU) maps PCI MMIO space in +8 MB windows. When programming the ATU windows, we previously incremented +the starting address by 8, not 8 MB, so all the windows were mapped to the +first 8 MB. Therefore, only 8 MB of MMIO space was accessible. + +Update the loop so it increments the starting address by 8 MB, not 8, so +more MMIO space is accessible. + +Fixes: e75043ad9792 ("PCI: keystone: Cleanup outbound window configuration") +Link: https://lore.kernel.org/r/20191004154811.GA31397@monakov-y.office.kontur-niirs.ru +Signed-off-by: Yurii Monakov +[bhelgaas: commit log] +Signed-off-by: Bjorn Helgaas +Signed-off-by: Lorenzo Pieralisi +Acked-by: Andrew Murray +Acked-by: Kishon Vijay Abraham I +Cc: stable@vger.kernel.org # v4.20+ +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/controller/dwc/pci-keystone.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/pci/controller/dwc/pci-keystone.c ++++ b/drivers/pci/controller/dwc/pci-keystone.c +@@ -422,7 +422,7 @@ static void ks_pcie_setup_rc_app_regs(st + lower_32_bits(start) | OB_ENABLEN); + ks_pcie_app_writel(ks_pcie, OB_OFFSET_HI(i), + upper_32_bits(start)); +- start += OB_WIN_SIZE; ++ start += OB_WIN_SIZE * SZ_1M; + } + + val = ks_pcie_app_readl(ks_pcie, CMD_STATUS); diff --git a/queue-5.4/pci-tegra-fix-return-value-check-of-pm_runtime_get_sync.patch b/queue-5.4/pci-tegra-fix-return-value-check-of-pm_runtime_get_sync.patch new file mode 100644 index 00000000000..4bc864139e8 --- /dev/null +++ b/queue-5.4/pci-tegra-fix-return-value-check-of-pm_runtime_get_sync.patch @@ -0,0 +1,38 @@ +From 885199148442f56b880995d703d2ed03b6481a3c Mon Sep 17 00:00:00 2001 +From: David Engraf +Date: Mon, 16 Dec 2019 12:18:25 +0100 +Subject: PCI: tegra: Fix return value check of pm_runtime_get_sync() + +From: David Engraf + +commit 885199148442f56b880995d703d2ed03b6481a3c upstream. + +pm_runtime_get_sync() returns the device's usage counter. This might +be >0 if the device is already powered up or CONFIG_PM is disabled. + +Abort probe function on real error only. + +Fixes: da76ba50963b ("PCI: tegra: Add power management support") +Link: https://lore.kernel.org/r/20191216111825.28136-1-david.engraf@sysgo.com +Signed-off-by: David Engraf +Signed-off-by: Bjorn Helgaas +Signed-off-by: Lorenzo Pieralisi +Acked-by: Andrew Murray +Cc: stable@vger.kernel.org # v4.17+ +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/controller/pci-tegra.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/pci/controller/pci-tegra.c ++++ b/drivers/pci/controller/pci-tegra.c +@@ -2798,7 +2798,7 @@ static int tegra_pcie_probe(struct platf + + pm_runtime_enable(pcie->dev); + err = pm_runtime_get_sync(pcie->dev); +- if (err) { ++ if (err < 0) { + dev_err(dev, "fail to enable pcie controller: %d\n", err); + goto teardown_msi; + } diff --git a/queue-5.4/series b/queue-5.4/series index 67afc35fbfd..58c02115a35 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -78,3 +78,18 @@ powerpc-pseries-advance-pfn-if-section-is-not-present-in-lmb_is_removable.patch powerpc-32s-fix-bad_kuap_fault.patch powerpc-32s-fix-cpu-wake-up-from-sleep-mode.patch tracing-fix-now-invalid-var_ref_vals-assumption-in-t.patch +pci-tegra-fix-return-value-check-of-pm_runtime_get_sync.patch +pci-keystone-fix-outbound-region-mapping.patch +pci-keystone-fix-link-training-retries-initiation.patch +pci-keystone-fix-error-handling-when-num-viewport-dt-property-is-not-populated.patch +mmc-spi-toggle-spi-polarity-do-not-hardcode-it.patch +acpi-video-do-not-export-a-non-working-backlight-interface-on-msi-ms-7721-boards.patch +acpi-battery-deal-with-design-or-full-capacity-being-reported-as-1.patch +acpi-battery-use-design-cap-for-capacity-calculations-if-full-cap-is-not-available.patch +acpi-battery-deal-better-with-neither-design-nor-full-capacity-not-being-reported.patch +alarmtimer-unregister-wakeup-source-when-module-get-fails.patch +fscrypt-don-t-print-name-of-busy-file-when-removing-key.patch +ubifs-don-t-trigger-assertion-on-invalid-no-key-filename.patch +ubifs-fix-wrong-memory-allocation.patch +ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch +ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch diff --git a/queue-5.4/tracing-fix-now-invalid-var_ref_vals-assumption-in-t.patch b/queue-5.4/tracing-fix-now-invalid-var_ref_vals-assumption-in-t.patch index c4e43f8a335..a0c475df77c 100644 --- a/queue-5.4/tracing-fix-now-invalid-var_ref_vals-assumption-in-t.patch +++ b/queue-5.4/tracing-fix-now-invalid-var_ref_vals-assumption-in-t.patch @@ -28,11 +28,9 @@ Signed-off-by: Tom Zanussi Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Sasha Levin --- - kernel/trace/trace_events_hist.c | 53 +++++++++++++++++++++++--------- + kernel/trace/trace_events_hist.c | 53 +++++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 15 deletions(-) -diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c -index 205692181e7bc..4be7fc84d6b6a 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -470,11 +470,12 @@ struct action_data { @@ -52,7 +50,7 @@ index 205692181e7bc..4be7fc84d6b6a 100644 struct synth_event *synth_event; bool use_trace_keyword; char *synth_event_name; -@@ -875,14 +876,14 @@ static struct trace_event_functions synth_event_funcs = { +@@ -875,14 +876,14 @@ static struct trace_event_functions synt static notrace void trace_event_raw_event_synth(void *__data, u64 *var_ref_vals, @@ -69,7 +67,7 @@ index 205692181e7bc..4be7fc84d6b6a 100644 int fields_size = 0; event = trace_file->event_call->data; -@@ -905,15 +906,16 @@ static notrace void trace_event_raw_event_synth(void *__data, +@@ -905,15 +906,16 @@ static notrace void trace_event_raw_even goto out; for (i = 0, n_u64 = 0; i < event->n_fields; i++) { @@ -88,7 +86,7 @@ index 205692181e7bc..4be7fc84d6b6a 100644 switch (field->size) { case 1: -@@ -1113,10 +1115,10 @@ static struct tracepoint *alloc_synth_tracepoint(char *name) +@@ -1113,10 +1115,10 @@ static struct tracepoint *alloc_synth_tr } typedef void (*synth_probe_func_t) (void *__data, u64 *var_ref_vals, @@ -101,7 +99,7 @@ index 205692181e7bc..4be7fc84d6b6a 100644 { struct tracepoint *tp = event->tp; -@@ -2655,6 +2657,22 @@ static int init_var_ref(struct hist_field *ref_field, +@@ -2655,6 +2657,22 @@ static int init_var_ref(struct hist_fiel goto out; } @@ -124,7 +122,7 @@ index 205692181e7bc..4be7fc84d6b6a 100644 /** * create_var_ref - Create a variable reference and attach it to trigger * @hist_data: The trigger that will be referencing the variable -@@ -4228,11 +4246,11 @@ static int trace_action_create(struct hist_trigger_data *hist_data, +@@ -4228,11 +4246,11 @@ static int trace_action_create(struct hi struct trace_array *tr = hist_data->event_file->tr; char *event_name, *param, *system = NULL; struct hist_field *hist_field, *var_ref; @@ -138,7 +136,7 @@ index 205692181e7bc..4be7fc84d6b6a 100644 lockdep_assert_held(&event_mutex); -@@ -4249,8 +4267,6 @@ static int trace_action_create(struct hist_trigger_data *hist_data, +@@ -4249,8 +4267,6 @@ static int trace_action_create(struct hi event->ref++; @@ -147,7 +145,7 @@ index 205692181e7bc..4be7fc84d6b6a 100644 for (i = 0; i < data->n_params; i++) { char *p; -@@ -4299,6 +4315,14 @@ static int trace_action_create(struct hist_trigger_data *hist_data, +@@ -4299,6 +4315,14 @@ static int trace_action_create(struct hi goto err; } @@ -162,7 +160,7 @@ index 205692181e7bc..4be7fc84d6b6a 100644 field_pos++; kfree(p); continue; -@@ -4317,7 +4341,6 @@ static int trace_action_create(struct hist_trigger_data *hist_data, +@@ -4317,7 +4341,6 @@ static int trace_action_create(struct hi } data->synth_event = event; @@ -170,6 +168,3 @@ index 205692181e7bc..4be7fc84d6b6a 100644 out: return ret; err: --- -2.20.1 - diff --git a/queue-5.4/ubifs-don-t-trigger-assertion-on-invalid-no-key-filename.patch b/queue-5.4/ubifs-don-t-trigger-assertion-on-invalid-no-key-filename.patch new file mode 100644 index 00000000000..7c0bce6fc0b --- /dev/null +++ b/queue-5.4/ubifs-don-t-trigger-assertion-on-invalid-no-key-filename.patch @@ -0,0 +1,49 @@ +From f0d07a98a070bb5e443df19c3aa55693cbca9341 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 20 Jan 2020 14:31:59 -0800 +Subject: ubifs: don't trigger assertion on invalid no-key filename + +From: Eric Biggers + +commit f0d07a98a070bb5e443df19c3aa55693cbca9341 upstream. + +If userspace provides an invalid fscrypt no-key filename which encodes a +hash value with any of the UBIFS node type bits set (i.e. the high 3 +bits), gracefully report ENOENT rather than triggering ubifs_assert(). + +Test case with kvm-xfstests shell: + + . fs/ubifs/config + . ~/xfstests/common/encrypt + dev=$(__blkdev_to_ubi_volume /dev/vdc) + ubiupdatevol $dev -t + mount $dev /mnt -t ubifs + mkdir /mnt/edir + xfs_io -c set_encpolicy /mnt/edir + rm /mnt/edir/_,,,,,DAAAAAAAAAAAAAAAAAAAAAAAAAA + +With the bug, the following assertion fails on the 'rm' command: + + [ 19.066048] UBIFS error (ubi0:0 pid 379): ubifs_assert_failed: UBIFS assert failed: !(hash & ~UBIFS_S_KEY_HASH_MASK), in fs/ubifs/key.h:170 + +Fixes: f4f61d2cc6d8 ("ubifs: Implement encrypted filenames") +Cc: # v4.10+ +Link: https://lore.kernel.org/r/20200120223201.241390-5-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ubifs/dir.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/ubifs/dir.c ++++ b/fs/ubifs/dir.c +@@ -228,6 +228,8 @@ static struct dentry *ubifs_lookup(struc + if (nm.hash) { + ubifs_assert(c, fname_len(&nm) == 0); + ubifs_assert(c, fname_name(&nm) == NULL); ++ if (nm.hash & ~UBIFS_S_KEY_HASH_MASK) ++ goto done; /* ENOENT */ + dent_key_init_hash(c, &key, dir->i_ino, nm.hash); + err = ubifs_tnc_lookup_dh(c, &key, dent, nm.minor_hash); + } else { diff --git a/queue-5.4/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch b/queue-5.4/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch new file mode 100644 index 00000000000..e8476079881 --- /dev/null +++ b/queue-5.4/ubifs-fix-deadlock-in-concurrent-bulk-read-and-writepage.patch @@ -0,0 +1,59 @@ +From f5de5b83303e61b1f3fb09bd77ce3ac2d7a475f2 Mon Sep 17 00:00:00 2001 +From: Zhihao Cheng +Date: Sat, 11 Jan 2020 17:50:36 +0800 +Subject: ubifs: Fix deadlock in concurrent bulk-read and writepage +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Zhihao Cheng + +commit f5de5b83303e61b1f3fb09bd77ce3ac2d7a475f2 upstream. + +In ubifs, concurrent execution of writepage and bulk read on the same file +may cause ABBA deadlock, for example (Reproduce method see Link): + +Process A(Bulk-read starts from page4) Process B(write page4 back) + vfs_read wb_workfn or fsync + ... ... + generic_file_buffered_read write_cache_pages + ubifs_readpage LOCK(page4) + + ubifs_bulk_read ubifs_writepage + LOCK(ui->ui_mutex) ubifs_write_inode + + ubifs_do_bulk_read LOCK(ui->ui_mutex) + find_or_create_page(alloc page4) ↑ + LOCK(page4) <-- ABBA deadlock occurs! + +In order to ensure the serialization execution of bulk read, we can't +remove the big lock 'ui->ui_mutex' in ubifs_bulk_read(). Instead, we +allow ubifs_do_bulk_read() to lock page failed by replacing +find_or_create_page(FGP_LOCK) with +pagecache_get_page(FGP_LOCK | FGP_NOWAIT). + +Signed-off-by: Zhihao Cheng +Suggested-by: zhangyi (F) +Cc: +Fixes: 4793e7c5e1c ("UBIFS: add bulk-read facility") +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206153 +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ubifs/file.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/ubifs/file.c ++++ b/fs/ubifs/file.c +@@ -786,7 +786,9 @@ static int ubifs_do_bulk_read(struct ubi + + if (page_offset > end_index) + break; +- page = find_or_create_page(mapping, page_offset, ra_gfp_mask); ++ page = pagecache_get_page(mapping, page_offset, ++ FGP_LOCK|FGP_ACCESSED|FGP_CREAT|FGP_NOWAIT, ++ ra_gfp_mask); + if (!page) + break; + if (!PageUptodate(page)) diff --git a/queue-5.4/ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch b/queue-5.4/ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch new file mode 100644 index 00000000000..ec1a1060da3 --- /dev/null +++ b/queue-5.4/ubifs-fix-fs_ioc_setflags-unexpectedly-clearing-encrypt-flag.patch @@ -0,0 +1,57 @@ +From 2b57067a7778484c10892fa191997bfda29fea13 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 9 Dec 2019 14:23:24 -0800 +Subject: ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag + +From: Eric Biggers + +commit 2b57067a7778484c10892fa191997bfda29fea13 upstream. + +UBIFS's implementation of FS_IOC_SETFLAGS fails to preserve existing +inode flags that aren't settable by FS_IOC_SETFLAGS, namely the encrypt +flag. This causes the encrypt flag to be unexpectedly cleared. + +Fix it by preserving existing unsettable flags, like ext4 and f2fs do. + +Test case with kvm-xfstests shell: + + FSTYP=ubifs KEYCTL_PROG=keyctl + . fs/ubifs/config + . ~/xfstests/common/encrypt + dev=$(__blkdev_to_ubi_volume /dev/vdc) + ubiupdatevol -t $dev + mount $dev /mnt -t ubifs + k=$(_generate_session_encryption_key) + mkdir /mnt/edir + xfs_io -c "set_encpolicy $k" /mnt/edir + echo contents > /mnt/edir/file + chattr +i /mnt/edir/file + chattr -i /mnt/edir/file + +With the bug, the following errors occur on the last command: + + [ 18.081559] fscrypt (ubifs, inode 67): Inconsistent encryption context (parent directory: 65) + chattr: Operation not permitted while reading flags on /mnt/edir/file + +Fixes: d475a507457b ("ubifs: Add skeleton for fscrypto") +Cc: # v4.10+ +Signed-off-by: Eric Biggers +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ubifs/ioctl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/ubifs/ioctl.c ++++ b/fs/ubifs/ioctl.c +@@ -113,7 +113,8 @@ static int setflags(struct inode *inode, + if (err) + goto out_unlock; + +- ui->flags = ioctl2ubifs(flags); ++ ui->flags &= ~ioctl2ubifs(UBIFS_SUPPORTED_IOCTL_FLAGS); ++ ui->flags |= ioctl2ubifs(flags); + ubifs_set_inode_flags(inode); + inode->i_ctime = current_time(inode); + release = ui->dirty; diff --git a/queue-5.4/ubifs-fix-wrong-memory-allocation.patch b/queue-5.4/ubifs-fix-wrong-memory-allocation.patch new file mode 100644 index 00000000000..bab3dcfd6fc --- /dev/null +++ b/queue-5.4/ubifs-fix-wrong-memory-allocation.patch @@ -0,0 +1,36 @@ +From edec51374bce779f37fc209a228139c55d90ec8d Mon Sep 17 00:00:00 2001 +From: Sascha Hauer +Date: Wed, 4 Dec 2019 11:09:58 +0100 +Subject: ubifs: Fix wrong memory allocation + +From: Sascha Hauer + +commit edec51374bce779f37fc209a228139c55d90ec8d upstream. + +In create_default_filesystem() when we allocate the idx node we must use +the idx_node_size we calculated just one line before, not tmp, which +contains completely other data. + +Fixes: c4de6d7e4319 ("ubifs: Refactor create_default_filesystem()") +Cc: stable@vger.kernel.org # v4.20+ +Reported-by: Naga Sureshkumar Relli +Tested-by: Naga Sureshkumar Relli +Signed-off-by: Sascha Hauer +Signed-off-by: Richard Weinberger +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ubifs/sb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/ubifs/sb.c ++++ b/fs/ubifs/sb.c +@@ -161,7 +161,7 @@ static int create_default_filesystem(str + sup = kzalloc(ALIGN(UBIFS_SB_NODE_SZ, c->min_io_size), GFP_KERNEL); + mst = kzalloc(c->mst_node_alsz, GFP_KERNEL); + idx_node_size = ubifs_idx_node_sz(c, 1); +- idx = kzalloc(ALIGN(tmp, c->min_io_size), GFP_KERNEL); ++ idx = kzalloc(ALIGN(idx_node_size, c->min_io_size), GFP_KERNEL); + ino = kzalloc(ALIGN(UBIFS_INO_NODE_SZ, c->min_io_size), GFP_KERNEL); + cs = kzalloc(ALIGN(UBIFS_CS_NODE_SZ, c->min_io_size), GFP_KERNEL); +