From f11cfbc11c6bce68708e6f2b50f561f5e548c7cd Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Wed, 19 May 2021 18:43:12 -0400 Subject: [PATCH] Fixes for 4.4 Signed-off-by: Sasha Levin --- ...-fix-reference-count-leak-in-enable_.patch | 43 +++++++ ...-change-the-dac-ctl-name-for-lo-spk-.patch | 64 ++++++++++ ...-v7-refactor-v7_invalidate_l1-to-avo.patch | 105 +++++++++++++++++ queue-4.4/series | 4 + .../um-mark-all-kernel-symbols-as-local.patch | 111 ++++++++++++++++++ 5 files changed, 327 insertions(+) create mode 100644 queue-4.4/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch create mode 100644 queue-4.4/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch create mode 100644 queue-4.4/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch create mode 100644 queue-4.4/um-mark-all-kernel-symbols-as-local.patch diff --git a/queue-4.4/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch b/queue-4.4/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch new file mode 100644 index 00000000000..51f8dda8dd6 --- /dev/null +++ b/queue-4.4/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch @@ -0,0 +1,43 @@ +From 9b8bc03821e7e0ed040bc0c2afce25afbab13337 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 15:26:00 +0800 +Subject: ACPI / hotplug / PCI: Fix reference count leak in enable_slot() + +From: Feilong Lin + +[ Upstream commit 3bbfd319034ddce59e023837a4aa11439460509b ] + +In enable_slot(), if pci_get_slot() returns NULL, we clear the SLOT_ENABLED +flag. When pci_get_slot() finds a device, it increments the device's +reference count. In this case, we did not call pci_dev_put() to decrement +the reference count, so the memory of the device (struct pci_dev type) will +eventually leak. + +Call pci_dev_put() to decrement its reference count when pci_get_slot() +returns a PCI device. + +Link: https://lore.kernel.org/r/b411af88-5049-a1c6-83ac-d104a1f429be@huawei.com +Signed-off-by: Feilong Lin +Signed-off-by: Zhiqiang Liu +Signed-off-by: Bjorn Helgaas +Reviewed-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/pci/hotplug/acpiphp_glue.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/pci/hotplug/acpiphp_glue.c b/drivers/pci/hotplug/acpiphp_glue.c +index 6727471ea5b4..d0f5c526c8e6 100644 +--- a/drivers/pci/hotplug/acpiphp_glue.c ++++ b/drivers/pci/hotplug/acpiphp_glue.c +@@ -538,6 +538,7 @@ static void enable_slot(struct acpiphp_slot *slot) + slot->flags &= (~SLOT_ENABLED); + continue; + } ++ pci_dev_put(dev); + } + } + +-- +2.30.2 + diff --git a/queue-4.4/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch b/queue-4.4/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch new file mode 100644 index 00000000000..8f6a3ade3c7 --- /dev/null +++ b/queue-4.4/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch @@ -0,0 +1,64 @@ +From 01152538b2668516c553ccb9ea6fb5c1f9954f1b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 4 May 2021 15:39:17 +0800 +Subject: ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP + +From: Hui Wang + +[ Upstream commit f48652bbe3ae62ba2835a396b7e01f063e51c4cd ] + +Without this change, the DAC ctl's name could be changed only when +the machine has both Speaker and Headphone, but we met some machines +which only has Lineout and Headhpone, and the Lineout and Headphone +share the Audio Mixer0 and DAC0, the ctl's name is set to "Front". + +On most of machines, the "Front" is used for Speaker only or Lineout +only, but on this machine it is shared by Lineout and Headphone, +This introduces an issue in the pipewire and pulseaudio, suppose users +want the Headphone to be on and the Speaker/Lineout to be off, they +could turn off the "Front", this works on most of the machines, but on +this machine, the "Front" couldn't be turned off otherwise the +headphone will be off too. Here we do some change to let the ctl's +name change to "Headphone+LO" on this machine, and pipewire and +pulseaudio already could handle "Headphone+LO" and "Speaker+LO". +(https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/747) + +BugLink: http://bugs.launchpad.net/bugs/804178 +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20210504073917.22406-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/pci/hda/hda_generic.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c +index dcefb12557f1..7fed8d1bb79c 100644 +--- a/sound/pci/hda/hda_generic.c ++++ b/sound/pci/hda/hda_generic.c +@@ -1182,11 +1182,17 @@ static const char *get_line_out_pfx(struct hda_codec *codec, int ch, + *index = ch; + return "Headphone"; + case AUTO_PIN_LINE_OUT: +- /* This deals with the case where we have two DACs and +- * one LO, one HP and one Speaker */ +- if (!ch && cfg->speaker_outs && cfg->hp_outs) { +- bool hp_lo_shared = !path_has_mixer(codec, spec->hp_paths[0], ctl_type); +- bool spk_lo_shared = !path_has_mixer(codec, spec->speaker_paths[0], ctl_type); ++ /* This deals with the case where one HP or one Speaker or ++ * one HP + one Speaker need to share the DAC with LO ++ */ ++ if (!ch) { ++ bool hp_lo_shared = false, spk_lo_shared = false; ++ ++ if (cfg->speaker_outs) ++ spk_lo_shared = !path_has_mixer(codec, ++ spec->speaker_paths[0], ctl_type); ++ if (cfg->hp_outs) ++ hp_lo_shared = !path_has_mixer(codec, spec->hp_paths[0], ctl_type); + if (hp_lo_shared && spk_lo_shared) + return spec->vmaster_mute.hook ? "PCM" : "Master"; + if (hp_lo_shared) +-- +2.30.2 + diff --git a/queue-4.4/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch b/queue-4.4/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch new file mode 100644 index 00000000000..822971a016d --- /dev/null +++ b/queue-4.4/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch @@ -0,0 +1,105 @@ +From 8fde5d2d98ab494b45c39c304ed48b058c3a45fa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 11 Feb 2021 09:23:09 +0100 +Subject: ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering + r5/r6 + +From: Ard Biesheuvel + +[ Upstream commit f9e7a99fb6b86aa6a00e53b34ee6973840e005aa ] + +The cache invalidation code in v7_invalidate_l1 can be tweaked to +re-read the associativity from CCSIDR, and keep the way identifier +component in a single register that is assigned in the outer loop. This +way, we need 2 registers less. + +Given that the number of sets is typically much larger than the +associativity, rearrange the code so that the outer loop has the fewer +number of iterations, ensuring that the re-read of CCSIDR only occurs a +handful of times in practice. + +Fix the whitespace while at it, and update the comment to indicate that +this code is no longer a clone of anything else. + +Acked-by: Nicolas Pitre +Signed-off-by: Ard Biesheuvel +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/mm/cache-v7.S | 51 +++++++++++++++++++++--------------------- + 1 file changed, 25 insertions(+), 26 deletions(-) + +diff --git a/arch/arm/mm/cache-v7.S b/arch/arm/mm/cache-v7.S +index 11d699af30ed..db568be45946 100644 +--- a/arch/arm/mm/cache-v7.S ++++ b/arch/arm/mm/cache-v7.S +@@ -27,41 +27,40 @@ + * processor. We fix this by performing an invalidate, rather than a + * clean + invalidate, before jumping into the kernel. + * +- * This function is cloned from arch/arm/mach-tegra/headsmp.S, and needs +- * to be called for both secondary cores startup and primary core resume +- * procedures. ++ * This function needs to be called for both secondary cores startup and ++ * primary core resume procedures. + */ + ENTRY(v7_invalidate_l1) + mov r0, #0 + mcr p15, 2, r0, c0, c0, 0 + mrc p15, 1, r0, c0, c0, 0 + +- movw r1, #0x7fff +- and r2, r1, r0, lsr #13 ++ movw r3, #0x3ff ++ and r3, r3, r0, lsr #3 @ 'Associativity' in CCSIDR[12:3] ++ clz r1, r3 @ WayShift ++ mov r2, #1 ++ mov r3, r3, lsl r1 @ NumWays-1 shifted into bits [31:...] ++ movs r1, r2, lsl r1 @ #1 shifted left by same amount ++ moveq r1, #1 @ r1 needs value > 0 even if only 1 way + +- movw r1, #0x3ff ++ and r2, r0, #0x7 ++ add r2, r2, #4 @ SetShift + +- and r3, r1, r0, lsr #3 @ NumWays - 1 +- add r2, r2, #1 @ NumSets ++1: movw r4, #0x7fff ++ and r0, r4, r0, lsr #13 @ 'NumSets' in CCSIDR[27:13] + +- and r0, r0, #0x7 +- add r0, r0, #4 @ SetShift +- +- clz r1, r3 @ WayShift +- add r4, r3, #1 @ NumWays +-1: sub r2, r2, #1 @ NumSets-- +- mov r3, r4 @ Temp = NumWays +-2: subs r3, r3, #1 @ Temp-- +- mov r5, r3, lsl r1 +- mov r6, r2, lsl r0 +- orr r5, r5, r6 @ Reg = (Temp< +Date: Fri, 5 Mar 2021 21:43:15 +0100 +Subject: um: Mark all kernel symbols as local + +From: Johannes Berg + +[ Upstream commit d5027ca63e0e778b641cf23e3f5c6d6212cf412b ] + +Ritesh reported a bug [1] against UML, noting that it crashed on +startup. The backtrace shows the following (heavily redacted): + +(gdb) bt +... + #26 0x0000000060015b5d in sem_init () at ipc/sem.c:268 + #27 0x00007f89906d92f7 in ?? () from /lib/x86_64-linux-gnu/libcom_err.so.2 + #28 0x00007f8990ab8fb2 in call_init (...) at dl-init.c:72 +... + #40 0x00007f89909bf3a6 in nss_load_library (...) at nsswitch.c:359 +... + #44 0x00007f8990895e35 in _nss_compat_getgrnam_r (...) at nss_compat/compat-grp.c:486 + #45 0x00007f8990968b85 in __getgrnam_r [...] + #46 0x00007f89909d6b77 in grantpt [...] + #47 0x00007f8990a9394e in __GI_openpty [...] + #48 0x00000000604a1f65 in openpty_cb (...) at arch/um/os-Linux/sigio.c:407 + #49 0x00000000604a58d0 in start_idle_thread (...) at arch/um/os-Linux/skas/process.c:598 + #50 0x0000000060004a3d in start_uml () at arch/um/kernel/skas/process.c:45 + #51 0x00000000600047b2 in linux_main (...) at arch/um/kernel/um_arch.c:334 + #52 0x000000006000574f in main (...) at arch/um/os-Linux/main.c:144 + +indicating that the UML function openpty_cb() calls openpty(), +which internally calls __getgrnam_r(), which causes the nsswitch +machinery to get started. + +This loads, through lots of indirection that I snipped, the +libcom_err.so.2 library, which (in an unknown function, "??") +calls sem_init(). + +Now, of course it wants to get libpthread's sem_init(), since +it's linked against libpthread. However, the dynamic linker +looks up that symbol against the binary first, and gets the +kernel's sem_init(). + +Hajime Tazaki noted that "objcopy -L" can localize a symbol, +so the dynamic linker wouldn't do the lookup this way. I tried, +but for some reason that didn't seem to work. + +Doing the same thing in the linker script instead does seem to +work, though I cannot entirely explain - it *also* works if I +just add "VERSION { { global: *; }; }" instead, indicating that +something else is happening that I don't really understand. It +may be that explicitly doing that marks them with some kind of +empty version, and that's different from the default. + +Explicitly marking them with a version breaks kallsyms, so that +doesn't seem to be possible. + +Marking all the symbols as local seems correct, and does seem +to address the issue, so do that. Also do it for static link, +nsswitch libraries could still be loaded there. + +[1] https://bugs.debian.org/983379 + +Reported-by: Ritesh Raj Sarraf +Signed-off-by: Johannes Berg +Acked-By: Anton Ivanov +Tested-By: Ritesh Raj Sarraf +Signed-off-by: Richard Weinberger +Signed-off-by: Sasha Levin +--- + arch/um/kernel/dyn.lds.S | 6 ++++++ + arch/um/kernel/uml.lds.S | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S +index adde088aeeff..d837636ec823 100644 +--- a/arch/um/kernel/dyn.lds.S ++++ b/arch/um/kernel/dyn.lds.S +@@ -6,6 +6,12 @@ OUTPUT_ARCH(ELF_ARCH) + ENTRY(_start) + jiffies = jiffies_64; + ++VERSION { ++ { ++ local: *; ++ }; ++} ++ + SECTIONS + { + PROVIDE (__executable_start = START); +diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S +index 6899195602b7..09620aa953ca 100644 +--- a/arch/um/kernel/uml.lds.S ++++ b/arch/um/kernel/uml.lds.S +@@ -6,6 +6,12 @@ OUTPUT_ARCH(ELF_ARCH) + ENTRY(_start) + jiffies = jiffies_64; + ++VERSION { ++ { ++ local: *; ++ }; ++} ++ + SECTIONS + { + /* This must contain the right address - not quite the default ELF one.*/ +-- +2.30.2 + -- 2.47.3