From: Sasha Levin Date: Fri, 5 Mar 2021 03:36:49 +0000 (-0500) Subject: Fixes for 4.4 X-Git-Tag: v4.4.260~26 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bbdd6fbb49025e7656b63edb9eeebba91b63af4f;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.4 Signed-off-by: Sasha Levin --- diff --git a/queue-4.4/ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch b/queue-4.4/ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch new file mode 100644 index 00000000000..f5a16409b78 --- /dev/null +++ b/queue-4.4/ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch @@ -0,0 +1,93 @@ +From e97c1a16dae3ab976d1d95739b69c1e0f6236642 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 22 Dec 2020 14:34:47 +0800 +Subject: ath10k: fix wmi mgmt tx queue full due to race condition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Miaoqing Pan + +[ Upstream commit b55379e343a3472c35f4a1245906db5158cab453 ] + +Failed to transmit wmi management frames: + +[84977.840894] ath10k_snoc a000000.wifi: wmi mgmt tx queue is full +[84977.840913] ath10k_snoc a000000.wifi: failed to transmit packet, dropping: -28 +[84977.840924] ath10k_snoc a000000.wifi: failed to submit frame: -28 +[84977.840932] ath10k_snoc a000000.wifi: failed to transmit frame: -28 + +This issue is caused by race condition between skb_dequeue and +__skb_queue_tail. The queue of ‘wmi_mgmt_tx_queue’ is protected by a +different lock: ar->data_lock vs list->lock, the result is no protection. +So when ath10k_mgmt_over_wmi_tx_work() and ath10k_mac_tx_wmi_mgmt() +running concurrently on different CPUs, there appear to be a rare corner +cases when the queue length is 1, + + CPUx (skb_deuque) CPUy (__skb_queue_tail) + next=list + prev=list + struct sk_buff *skb = skb_peek(list); WRITE_ONCE(newsk->next, next); + WRITE_ONCE(list->qlen, list->qlen - 1);WRITE_ONCE(newsk->prev, prev); + next = skb->next; WRITE_ONCE(next->prev, newsk); + prev = skb->prev; WRITE_ONCE(prev->next, newsk); + skb->next = skb->prev = NULL; list->qlen++; + WRITE_ONCE(next->prev, prev); + WRITE_ONCE(prev->next, next); + +If the instruction ‘next = skb->next’ is executed before +‘WRITE_ONCE(prev->next, newsk)’, newsk will be lost, as CPUx get the +old ‘next’ pointer, but the length is still added by one. The final +result is the length of the queue will reach the maximum value but +the queue is empty. + +So remove ar->data_lock, and use 'skb_queue_tail' instead of +'__skb_queue_tail' to prevent the potential race condition. Also switch +to use skb_queue_len_lockless, in case we queue a few SKBs simultaneously. + +Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.1.c2-00033-QCAHLSWMTPLZ-1 + +Signed-off-by: Miaoqing Pan +Reviewed-by: Brian Norris +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/1608618887-8857-1-git-send-email-miaoqing@codeaurora.org +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/ath/ath10k/mac.c | 15 ++++----------- + 1 file changed, 4 insertions(+), 11 deletions(-) + +diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c +index 7fbf2abcfc43..5fad38c3feb1 100644 +--- a/drivers/net/wireless/ath/ath10k/mac.c ++++ b/drivers/net/wireless/ath/ath10k/mac.c +@@ -3336,23 +3336,16 @@ static bool ath10k_mac_need_offchan_tx_work(struct ath10k *ar) + static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb) + { + struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue; +- int ret = 0; +- +- spin_lock_bh(&ar->data_lock); + +- if (skb_queue_len(q) == ATH10K_MAX_NUM_MGMT_PENDING) { ++ if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) { + ath10k_warn(ar, "wmi mgmt tx queue is full\n"); +- ret = -ENOSPC; +- goto unlock; ++ return -ENOSPC; + } + +- __skb_queue_tail(q, skb); ++ skb_queue_tail(q, skb); + ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work); + +-unlock: +- spin_unlock_bh(&ar->data_lock); +- +- return ret; ++ return 0; + } + + static void ath10k_mac_tx(struct ath10k *ar, struct sk_buff *skb) +-- +2.30.1 + diff --git a/queue-4.4/bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch b/queue-4.4/bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch new file mode 100644 index 00000000000..22187b24f8e --- /dev/null +++ b/queue-4.4/bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch @@ -0,0 +1,57 @@ +From 2e1550743d876fb0a7ed74d0d38e1a04ab30812b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Feb 2021 15:12:30 +0530 +Subject: Bluetooth: Fix null pointer dereference in + amp_read_loc_assoc_final_data + +From: Gopal Tiwari + +[ Upstream commit e8bd76ede155fd54d8c41d045dda43cd3174d506 ] + +kernel panic trace looks like: + + #5 [ffffb9e08698fc80] do_page_fault at ffffffffb666e0d7 + #6 [ffffb9e08698fcb0] page_fault at ffffffffb70010fe + [exception RIP: amp_read_loc_assoc_final_data+63] + RIP: ffffffffc06ab54f RSP: ffffb9e08698fd68 RFLAGS: 00010246 + RAX: 0000000000000000 RBX: ffff8c8845a5a000 RCX: 0000000000000004 + RDX: 0000000000000000 RSI: ffff8c8b9153d000 RDI: ffff8c8845a5a000 + RBP: ffffb9e08698fe40 R8: 00000000000330e0 R9: ffffffffc0675c94 + R10: ffffb9e08698fe58 R11: 0000000000000001 R12: ffff8c8b9cbf6200 + R13: 0000000000000000 R14: 0000000000000000 R15: ffff8c8b2026da0b + ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 + #7 [ffffb9e08698fda8] hci_event_packet at ffffffffc0676904 [bluetooth] + #8 [ffffb9e08698fe50] hci_rx_work at ffffffffc06629ac [bluetooth] + #9 [ffffb9e08698fe98] process_one_work at ffffffffb66f95e7 + +hcon->amp_mgr seems NULL triggered kernel panic in following line inside +function amp_read_loc_assoc_final_data + + set_bit(READ_LOC_AMP_ASSOC_FINAL, &mgr->state); + +Fixed by checking NULL for mgr. + +Signed-off-by: Gopal Tiwari +Signed-off-by: Marcel Holtmann +Signed-off-by: Sasha Levin +--- + net/bluetooth/amp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c +index e32f34189007..b01b43ab6f83 100644 +--- a/net/bluetooth/amp.c ++++ b/net/bluetooth/amp.c +@@ -305,6 +305,9 @@ void amp_read_loc_assoc_final_data(struct hci_dev *hdev, + struct hci_request req; + int err = 0; + ++ if (!mgr) ++ return; ++ + cp.phy_handle = hcon->handle; + cp.len_so_far = cpu_to_le16(0); + cp.max_len = cpu_to_le16(hdev->amp_assoc_size); +-- +2.30.1 + diff --git a/queue-4.4/media-uvcvideo-allow-entities-with-no-pads.patch b/queue-4.4/media-uvcvideo-allow-entities-with-no-pads.patch new file mode 100644 index 00000000000..77c83d52d6f --- /dev/null +++ b/queue-4.4/media-uvcvideo-allow-entities-with-no-pads.patch @@ -0,0 +1,48 @@ +From e8409e8a3bdf5c648adc63227046f00b6a5458b7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 23 Dec 2020 14:35:19 +0100 +Subject: media: uvcvideo: Allow entities with no pads + +From: Ricardo Ribalda + +[ Upstream commit 7532dad6634031d083df7af606fac655b8d08b5c ] + +Avoid an underflow while calculating the number of inputs for entities +with zero pads. + +Signed-off-by: Ricardo Ribalda +Signed-off-by: Laurent Pinchart +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/usb/uvc/uvc_driver.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c +index f353ab569b8e..def22b7fef9c 100644 +--- a/drivers/media/usb/uvc/uvc_driver.c ++++ b/drivers/media/usb/uvc/uvc_driver.c +@@ -869,7 +869,10 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u8 id, + unsigned int i; + + extra_size = roundup(extra_size, sizeof(*entity->pads)); +- num_inputs = (type & UVC_TERM_OUTPUT) ? num_pads : num_pads - 1; ++ if (num_pads) ++ num_inputs = type & UVC_TERM_OUTPUT ? num_pads : num_pads - 1; ++ else ++ num_inputs = 0; + size = sizeof(*entity) + extra_size + sizeof(*entity->pads) * num_pads + + num_inputs; + entity = kzalloc(size, GFP_KERNEL); +@@ -885,7 +888,7 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u8 id, + + for (i = 0; i < num_inputs; ++i) + entity->pads[i].flags = MEDIA_PAD_FL_SINK; +- if (!UVC_ENTITY_IS_OTERM(entity)) ++ if (!UVC_ENTITY_IS_OTERM(entity) && num_pads) + entity->pads[num_pads-1].flags = MEDIA_PAD_FL_SOURCE; + + entity->bNrInPins = num_inputs; +-- +2.30.1 + diff --git a/queue-4.4/pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch b/queue-4.4/pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch new file mode 100644 index 00000000000..b024fd699fa --- /dev/null +++ b/queue-4.4/pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch @@ -0,0 +1,43 @@ +From f3a5168bfb0abcc9e9780c49f37f48d9cbcf61eb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Jan 2021 20:42:29 +0800 +Subject: pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() + +From: Di Zhu + +[ Upstream commit 275b1e88cabb34dbcbe99756b67e9939d34a99b6 ] + +pktgen create threads for all online cpus and bond these threads to +relevant cpu repecivtily. when this thread firstly be woken up, it +will compare cpu currently running with the cpu specified at the time +of creation and if the two cpus are not equal, BUG_ON() will take effect +causing panic on the system. +Notice that these threads could be migrated to other cpus before start +running because of the cpu hotplug after these threads have created. so the +BUG_ON() used here seems unreasonable and we can replace it with WARN_ON() +to just printf a warning other than panic the system. + +Signed-off-by: Di Zhu +Link: https://lore.kernel.org/r/20210125124229.19334-1-zhudi21@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/core/pktgen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/core/pktgen.c b/net/core/pktgen.c +index 4ea957c1e7ee..5d0759e2102e 100644 +--- a/net/core/pktgen.c ++++ b/net/core/pktgen.c +@@ -3519,7 +3519,7 @@ static int pktgen_thread_worker(void *arg) + struct pktgen_dev *pkt_dev = NULL; + int cpu = t->cpu; + +- BUG_ON(smp_processor_id() != cpu); ++ WARN_ON(smp_processor_id() != cpu); + + init_waitqueue_head(&t->queue); + complete(&t->start_done); +-- +2.30.1 + diff --git a/queue-4.4/series b/queue-4.4/series index 2e3f8e4e996..e43c0f0c125 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -9,3 +9,13 @@ jfs-more-checks-for-invalid-superblock.patch xfs-fix-assert-failure-in-xfs_setattr_size.patch net-fix-up-truesize-of-cloned-skb-in-skb_prepare_for_shift.patch mm-hugetlb.c-fix-unnecessary-address-expansion-of-pmd-sharing.patch +staging-fwserial-fix-error-handling-in-fwserial_crea.patch +x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch +vt-consolemap-do-font-sum-unsigned.patch +wlcore-fix-command-execute-failure-19-for-wl12xx.patch +pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch +ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch +x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch +bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch +staging-most-sound-add-sanity-check-for-function-arg.patch +media-uvcvideo-allow-entities-with-no-pads.patch diff --git a/queue-4.4/staging-fwserial-fix-error-handling-in-fwserial_crea.patch b/queue-4.4/staging-fwserial-fix-error-handling-in-fwserial_crea.patch new file mode 100644 index 00000000000..8cbb156110c --- /dev/null +++ b/queue-4.4/staging-fwserial-fix-error-handling-in-fwserial_crea.patch @@ -0,0 +1,45 @@ +From a154d948a327cfffc3b3b7e668c7b5b9219647f4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 21 Dec 2020 20:24:35 +0800 +Subject: staging: fwserial: Fix error handling in fwserial_create + +From: Dinghao Liu + +[ Upstream commit f31559af97a0eabd467e4719253675b7dccb8a46 ] + +When fw_core_add_address_handler() fails, we need to destroy +the port by tty_port_destroy(). Also we need to unregister +the address handler by fw_core_remove_address_handler() on +failure. + +Signed-off-by: Dinghao Liu +Link: https://lore.kernel.org/r/20201221122437.10274-1-dinghao.liu@zju.edu.cn +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/fwserial/fwserial.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/staging/fwserial/fwserial.c b/drivers/staging/fwserial/fwserial.c +index b3ea4bb54e2c..68ed97398faf 100644 +--- a/drivers/staging/fwserial/fwserial.c ++++ b/drivers/staging/fwserial/fwserial.c +@@ -2255,6 +2255,7 @@ static int fwserial_create(struct fw_unit *unit) + err = fw_core_add_address_handler(&port->rx_handler, + &fw_high_memory_region); + if (err) { ++ tty_port_destroy(&port->port); + kfree(port); + goto free_ports; + } +@@ -2337,6 +2338,7 @@ unregister_ttys: + + free_ports: + for (--i; i >= 0; --i) { ++ fw_core_remove_address_handler(&serial->ports[i]->rx_handler); + tty_port_destroy(&serial->ports[i]->port); + kfree(serial->ports[i]); + } +-- +2.30.1 + diff --git a/queue-4.4/staging-most-sound-add-sanity-check-for-function-arg.patch b/queue-4.4/staging-most-sound-add-sanity-check-for-function-arg.patch new file mode 100644 index 00000000000..ff5e4791ec4 --- /dev/null +++ b/queue-4.4/staging-most-sound-add-sanity-check-for-function-arg.patch @@ -0,0 +1,37 @@ +From c99844e10a74c939fb18579aa76927b7dc81edb3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Feb 2021 17:21:05 +0100 +Subject: staging: most: sound: add sanity check for function argument + +From: Christian Gromm + +[ Upstream commit 45b754ae5b82949dca2b6e74fa680313cefdc813 ] + +This patch checks the function parameter 'bytes' before doing the +subtraction to prevent memory corruption. + +Signed-off-by: Christian Gromm +Reported-by: Dan Carpenter +Link: https://lore.kernel.org/r/1612282865-21846-1-git-send-email-christian.gromm@microchip.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/most/aim-sound/sound.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/staging/most/aim-sound/sound.c b/drivers/staging/most/aim-sound/sound.c +index 9c645801cff4..532ec0f7100e 100644 +--- a/drivers/staging/most/aim-sound/sound.c ++++ b/drivers/staging/most/aim-sound/sound.c +@@ -92,6 +92,8 @@ static void swap_copy24(u8 *dest, const u8 *source, unsigned int bytes) + { + unsigned int i = 0; + ++ if (bytes < 2) ++ return; + while (i < bytes - 2) { + dest[i] = source[i + 2]; + dest[i + 1] = source[i + 1]; +-- +2.30.1 + diff --git a/queue-4.4/vt-consolemap-do-font-sum-unsigned.patch b/queue-4.4/vt-consolemap-do-font-sum-unsigned.patch new file mode 100644 index 00000000000..24e4f0da7ae --- /dev/null +++ b/queue-4.4/vt-consolemap-do-font-sum-unsigned.patch @@ -0,0 +1,38 @@ +From 393be6c7cd6d65d9d39b78ca8d67c38b560cef52 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Jan 2021 13:02:34 +0100 +Subject: vt/consolemap: do font sum unsigned + +From: Jiri Slaby + +[ Upstream commit 9777f8e60e718f7b022a94f2524f967d8def1931 ] + +The constant 20 makes the font sum computation signed which can lead to +sign extensions and signed wraps. It's not much of a problem as we build +with -fno-strict-overflow. But if we ever decide not to, be ready, so +switch the constant to unsigned. + +Signed-off-by: Jiri Slaby +Link: https://lore.kernel.org/r/20210105120239.28031-7-jslaby@suse.cz +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/vt/consolemap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c +index c8c91f0476a2..e8301dcf4c84 100644 +--- a/drivers/tty/vt/consolemap.c ++++ b/drivers/tty/vt/consolemap.c +@@ -494,7 +494,7 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos) + + p2[unicode & 0x3f] = fontpos; + +- p->sum += (fontpos << 20) + unicode; ++ p->sum += (fontpos << 20U) + unicode; + + return 0; + } +-- +2.30.1 + diff --git a/queue-4.4/wlcore-fix-command-execute-failure-19-for-wl12xx.patch b/queue-4.4/wlcore-fix-command-execute-failure-19-for-wl12xx.patch new file mode 100644 index 00000000000..6b85f99d85e --- /dev/null +++ b/queue-4.4/wlcore-fix-command-execute-failure-19-for-wl12xx.patch @@ -0,0 +1,127 @@ +From f051101766f2cdd3558cbd28fa5d9c160cae230d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Jan 2021 08:56:13 +0200 +Subject: wlcore: Fix command execute failure 19 for wl12xx + +From: Tony Lindgren + +[ Upstream commit cb88d01b67383a095e3f7caeb4cdade5a6cf0417 ] + +We can currently get a "command execute failure 19" error on beacon loss +if the signal is weak: + +wlcore: Beacon loss detected. roles:0xff +wlcore: Connection loss work (role_id: 0). +... +wlcore: ERROR command execute failure 19 +... +WARNING: CPU: 0 PID: 1552 at drivers/net/wireless/ti/wlcore/main.c:803 +... +(wl12xx_queue_recovery_work.part.0 [wlcore]) +(wl12xx_cmd_role_start_sta [wlcore]) +(wl1271_op_bss_info_changed [wlcore]) +(ieee80211_prep_connection [mac80211]) + +Error 19 is defined as CMD_STATUS_WRONG_NESTING from the wlcore firmware, +and seems to mean that the firmware no longer wants to see the quirk +handling for WLCORE_QUIRK_START_STA_FAILS done. + +This quirk got added with commit 18eab430700d ("wlcore: workaround +start_sta problem in wl12xx fw"), and it seems that this already got fixed +in the firmware long time ago back in 2012 as wl18xx never had this quirk +in place to start with. + +As we no longer even support firmware that early, to me it seems that it's +safe to just drop WLCORE_QUIRK_START_STA_FAILS to fix the error. Looks +like earlier firmware got disabled back in 2013 with commit 0e284c074ef9 +("wl12xx: increase minimum singlerole firmware version required"). + +If it turns out we still need WLCORE_QUIRK_START_STA_FAILS with any +firmware that the driver works with, we can simply revert this patch and +add extra checks for firmware version used. + +With this fix wlcore reconnects properly after a beacon loss. + +Cc: Raz Bouganim +Signed-off-by: Tony Lindgren +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20210115065613.7731-1-tony@atomide.com +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/ti/wl12xx/main.c | 3 --- + drivers/net/wireless/ti/wlcore/main.c | 15 +-------------- + drivers/net/wireless/ti/wlcore/wlcore.h | 3 --- + 3 files changed, 1 insertion(+), 20 deletions(-) + +diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c +index af0fe2e17151..e4b28d37046a 100644 +--- a/drivers/net/wireless/ti/wl12xx/main.c ++++ b/drivers/net/wireless/ti/wl12xx/main.c +@@ -647,7 +647,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + wl->quirks |= WLCORE_QUIRK_LEGACY_NVS | + WLCORE_QUIRK_DUAL_PROBE_TMPL | + WLCORE_QUIRK_TKIP_HEADER_SPACE | +- WLCORE_QUIRK_START_STA_FAILS | + WLCORE_QUIRK_AP_ZERO_SESSION_ID; + wl->sr_fw_name = WL127X_FW_NAME_SINGLE; + wl->mr_fw_name = WL127X_FW_NAME_MULTI; +@@ -671,7 +670,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + wl->quirks |= WLCORE_QUIRK_LEGACY_NVS | + WLCORE_QUIRK_DUAL_PROBE_TMPL | + WLCORE_QUIRK_TKIP_HEADER_SPACE | +- WLCORE_QUIRK_START_STA_FAILS | + WLCORE_QUIRK_AP_ZERO_SESSION_ID; + wl->plt_fw_name = WL127X_PLT_FW_NAME; + wl->sr_fw_name = WL127X_FW_NAME_SINGLE; +@@ -700,7 +698,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + wl->quirks |= WLCORE_QUIRK_TX_BLOCKSIZE_ALIGN | + WLCORE_QUIRK_DUAL_PROBE_TMPL | + WLCORE_QUIRK_TKIP_HEADER_SPACE | +- WLCORE_QUIRK_START_STA_FAILS | + WLCORE_QUIRK_AP_ZERO_SESSION_ID; + + wlcore_set_min_fw_ver(wl, WL128X_CHIP_VER, +diff --git a/drivers/net/wireless/ti/wlcore/main.c b/drivers/net/wireless/ti/wlcore/main.c +index cc10b72607c6..3f61289ce036 100644 +--- a/drivers/net/wireless/ti/wlcore/main.c ++++ b/drivers/net/wireless/ti/wlcore/main.c +@@ -2889,21 +2889,8 @@ static int wlcore_join(struct wl1271 *wl, struct wl12xx_vif *wlvif) + + if (is_ibss) + ret = wl12xx_cmd_role_start_ibss(wl, wlvif); +- else { +- if (wl->quirks & WLCORE_QUIRK_START_STA_FAILS) { +- /* +- * TODO: this is an ugly workaround for wl12xx fw +- * bug - we are not able to tx/rx after the first +- * start_sta, so make dummy start+stop calls, +- * and then call start_sta again. +- * this should be fixed in the fw. +- */ +- wl12xx_cmd_role_start_sta(wl, wlvif); +- wl12xx_cmd_role_stop_sta(wl, wlvif); +- } +- ++ else + ret = wl12xx_cmd_role_start_sta(wl, wlvif); +- } + + return ret; + } +diff --git a/drivers/net/wireless/ti/wlcore/wlcore.h b/drivers/net/wireless/ti/wlcore/wlcore.h +index 906be6aa4eb6..a0647d4384d2 100644 +--- a/drivers/net/wireless/ti/wlcore/wlcore.h ++++ b/drivers/net/wireless/ti/wlcore/wlcore.h +@@ -556,9 +556,6 @@ wlcore_set_min_fw_ver(struct wl1271 *wl, unsigned int chip, + /* Each RX/TX transaction requires an end-of-transaction transfer */ + #define WLCORE_QUIRK_END_OF_TRANSACTION BIT(0) + +-/* the first start_role(sta) sometimes doesn't work on wl12xx */ +-#define WLCORE_QUIRK_START_STA_FAILS BIT(1) +- + /* wl127x and SPI don't support SDIO block size alignment */ + #define WLCORE_QUIRK_TX_BLOCKSIZE_ALIGN BIT(2) + +-- +2.30.1 + diff --git a/queue-4.4/x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch b/queue-4.4/x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch new file mode 100644 index 00000000000..a863392c82d --- /dev/null +++ b/queue-4.4/x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch @@ -0,0 +1,111 @@ +From f4eb35a321448899fc0b5c3b3e9c6ddab0478389 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 27 Jan 2021 12:56:00 -0800 +Subject: x86/build: Treat R_386_PLT32 relocation as R_386_PC32 + +From: Fangrui Song + +[ Upstream commit bb73d07148c405c293e576b40af37737faf23a6a ] + +This is similar to commit + + b21ebf2fb4cd ("x86: Treat R_X86_64_PLT32 as R_X86_64_PC32") + +but for i386. As far as the kernel is concerned, R_386_PLT32 can be +treated the same as R_386_PC32. + +R_386_PLT32/R_X86_64_PLT32 are PC-relative relocation types which +can only be used by branches. If the referenced symbol is defined +externally, a PLT will be used. + +R_386_PC32/R_X86_64_PC32 are PC-relative relocation types which can be +used by address taking operations and branches. If the referenced symbol +is defined externally, a copy relocation/canonical PLT entry will be +created in the executable. + +On x86-64, there is no PIC vs non-PIC PLT distinction and an +R_X86_64_PLT32 relocation is produced for both `call/jmp foo` and +`call/jmp foo@PLT` with newer (2018) GNU as/LLVM integrated assembler. +This avoids canonical PLT entries (st_shndx=0, st_value!=0). + +On i386, there are 2 types of PLTs, PIC and non-PIC. Currently, +the GCC/GNU as convention is to use R_386_PC32 for non-PIC PLT and +R_386_PLT32 for PIC PLT. Copy relocations/canonical PLT entries +are possible ABI issues but GCC/GNU as will likely keep the status +quo because (1) the ABI is legacy (2) the change will drop a GNU +ld diagnostic for non-default visibility ifunc in shared objects. + +clang-12 -fno-pic (since [1]) can emit R_386_PLT32 for compiler +generated function declarations, because preventing canonical PLT +entries is weighed over the rare ifunc diagnostic. + +Further info for the more interested: + + https://github.com/ClangBuiltLinux/linux/issues/1210 + https://sourceware.org/bugzilla/show_bug.cgi?id=27169 + https://github.com/llvm/llvm-project/commit/a084c0388e2a59b9556f2de0083333232da3f1d6 [1] + + [ bp: Massage commit message. ] + +Reported-by: Arnd Bergmann +Signed-off-by: Fangrui Song +Signed-off-by: Borislav Petkov +Reviewed-by: Nick Desaulniers +Reviewed-by: Nathan Chancellor +Tested-by: Nick Desaulniers +Tested-by: Nathan Chancellor +Tested-by: Sedat Dilek +Link: https://lkml.kernel.org/r/20210127205600.1227437-1-maskray@google.com +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/module.c | 1 + + arch/x86/tools/relocs.c | 12 ++++++++---- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c +index 94779f66bf49..6f0d340594ca 100644 +--- a/arch/x86/kernel/module.c ++++ b/arch/x86/kernel/module.c +@@ -124,6 +124,7 @@ int apply_relocate(Elf32_Shdr *sechdrs, + *location += sym->st_value; + break; + case R_386_PC32: ++ case R_386_PLT32: + /* Add the value, subtract its position */ + *location += sym->st_value - (uint32_t)location; + break; +diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c +index 5b6c8486a0be..d1c3f82c7882 100644 +--- a/arch/x86/tools/relocs.c ++++ b/arch/x86/tools/relocs.c +@@ -839,9 +839,11 @@ static int do_reloc32(struct section *sec, Elf_Rel *rel, Elf_Sym *sym, + case R_386_PC32: + case R_386_PC16: + case R_386_PC8: ++ case R_386_PLT32: + /* +- * NONE can be ignored and PC relative relocations don't +- * need to be adjusted. ++ * NONE can be ignored and PC relative relocations don't need ++ * to be adjusted. Because sym must be defined, R_386_PLT32 can ++ * be treated the same way as R_386_PC32. + */ + break; + +@@ -882,9 +884,11 @@ static int do_reloc_real(struct section *sec, Elf_Rel *rel, Elf_Sym *sym, + case R_386_PC32: + case R_386_PC16: + case R_386_PC8: ++ case R_386_PLT32: + /* +- * NONE can be ignored and PC relative relocations don't +- * need to be adjusted. ++ * NONE can be ignored and PC relative relocations don't need ++ * to be adjusted. Because sym must be defined, R_386_PLT32 can ++ * be treated the same way as R_386_PC32. + */ + break; + +-- +2.30.1 + diff --git a/queue-4.4/x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch b/queue-4.4/x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch new file mode 100644 index 00000000000..58e4b8177db --- /dev/null +++ b/queue-4.4/x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch @@ -0,0 +1,52 @@ +From 7abc05dc957df7dfb39c3bb57b93802be37d2262 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Dec 2020 12:39:57 +0100 +Subject: x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk + +From: Heiner Kallweit + +[ Upstream commit 4b2d8ca9208be636b30e924b1cbcb267b0740c93 ] + +On this system the M.2 PCIe WiFi card isn't detected after reboot, only +after cold boot. reboot=pci fixes this behavior. In [0] the same issue +is described, although on another system and with another Intel WiFi +card. In case it's relevant, both systems have Celeron CPUs. + +Add a PCI reboot quirk on affected systems until a more generic fix is +available. + +[0] https://bugzilla.kernel.org/show_bug.cgi?id=202399 + + [ bp: Massage commit message. ] + +Signed-off-by: Heiner Kallweit +Signed-off-by: Borislav Petkov +Link: https://lkml.kernel.org/r/1524eafd-f89c-cfa4-ed70-0bde9e45eec9@gmail.com +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/reboot.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c +index cbe14f7c2826..1c2451107e49 100644 +--- a/arch/x86/kernel/reboot.c ++++ b/arch/x86/kernel/reboot.c +@@ -418,6 +418,15 @@ static struct dmi_system_id __initdata reboot_dmi_table[] = { + }, + }, + ++ { /* PCIe Wifi card isn't detected after reboot otherwise */ ++ .callback = set_pci_reboot, ++ .ident = "Zotac ZBOX CI327 nano", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "NA"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "ZBOX-CI327NANO-GS-01"), ++ }, ++ }, ++ + /* Sony */ + { /* Handle problems with rebooting on Sony VGN-Z540N */ + .callback = set_bios_reboot, +-- +2.30.1 +