Commit Graph

875766 Commits

Author SHA1 Message Date
Jaegeuk Kim
57df3030e1 Merge remote-tracking branch 'aosp/upstream-f2fs-stable-linux-5.4.y' into android-5.4
Merged in v5.5-rc1.

* aosp/upstream-f2fs-stable-linux-5.4.y:
  docs: fs-verity: mention statx() support
  f2fs: support STATX_ATTR_VERITY
  ext4: support STATX_ATTR_VERITY
  statx: define STATX_ATTR_VERITY
  docs: fs-verity: document first supported kernel version
  f2fs: add support for IV_INO_LBLK_64 encryption policies
  ext4: add support for IV_INO_LBLK_64 encryption policies
  fscrypt: add support for IV_INO_LBLK_64 policies
  fscrypt: avoid data race on fscrypt_mode::logged_impl_name
  fscrypt: zeroize fscrypt_info before freeing
  fscrypt: remove struct fscrypt_ctx
  fscrypt: invoke crypto API for ESSIV handling
  null_blk: remove unused variable warning on !CONFIG_BLK_DEV_ZONED
  block: set the zone size in blk_revalidate_disk_zones atomically
  block: don't handle bio based drivers in blk_revalidate_disk_zones
  null_blk: cleanup null_gendisk_register
  null_blk: fix zone size paramter check
  block: allocate the zone bitmaps lazily
  block: replace seq_zones_bitmap with conv_zones_bitmap
  block: simplify blkdev_nr_zones
  block: remove the empty line at the end of blk-zoned.c
  scsi: sd_zbc: Improve report zones error printout
  scsi: sd_zbc: Remove set but not used variable 'buflen'
  block: rework zone reporting
  scsi: sd_zbc: Cleanup sd_zbc_alloc_report_buffer()
  null_blk: clean up report zones
  null_blk: clean up the block device operations
  null_blk: return fixed zoned reads > write pointer
  scsi: sd_zbc: add zone open, close, and finish support
  block: Remove partition support for zoned block devices
  block: Simplify report zones execution
  block: cleanup the !zoned case in blk_revalidate_disk_zones
  block: Enhance blk_revalidate_disk_zones()
  block: add zone open, close and finish ioctl support
  block: add zone open, close and finish operations
  block: Simplify REQ_OP_ZONE_RESET_ALL handling
  block: Remove REQ_OP_ZONE_RESET plugging
  f2fs: stop GC when the victim becomes fully valid
  f2fs: expose main_blkaddr in sysfs
  f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project()
  f2fs: Fix deadlock in f2fs_gc() context during atomic files handling
  f2fs: show f2fs instance in printk_ratelimited
  f2fs: fix potential overflow
  f2fs: fix to update dir's i_pino during cross_rename
  f2fs: support aligned pinned file
  f2fs: avoid kernel panic on corruption test
  f2fs: fix wrong description in document
  f2fs: cache global IPU bio
  f2fs: fix to avoid memory leakage in f2fs_listxattr
  f2fs: check total_segments from devices in raw_super
  f2fs: update multi-dev metadata in resize_fs
  f2fs: mark recovery flag correctly in read_raw_super_block()
  f2fs: fix to update time in lazytime mode

Change-Id: I9325127228fb82b67f064ce8b3bc8d40ac76e65b
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
2020-01-15 16:41:51 -08:00
Amit Pundir
486ed22a34 ANDROID: db845c: Add build config
Add a build config for db845c.

This one uses cat to merge the gki_defconfig with
the db845c_gki.fragment.

This isn't as ideal as using merge_config.sh which
provides more useful warnings but I couldn't manage
to get merge_config.sh to run properly within the
context of the PRE_DEFCONFIG_CMDS.

This does however result in a .config identical
to the  merge_config result.

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
[jstultz: overhauled for android-mainline]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Change-Id: Ib32bb07590adcb10e9e208f33773900054202e68
2020-01-15 21:13:30 +00:00
John Stultz
d82a23766e ANDROID: db845c: add db845c_gki.fragment
Add db845c_gki.fragment

Bug: 146449535
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I1313c9425d76b78c970470553f03885fbf2f3a7d
2020-01-15 21:13:30 +00:00
Anurag Kumar Vulisha
bebefe9212 FROMLIST: usb: dwc3: gadget: Correct the logic for finding last SG entry
As a process of preparing TRBs usb_gadget_map_request_by_dev() is
called from dwc3_prepare_trbs() for mapping the request. This will
call dma_map_sg() if req->num_sgs are greater than 0. dma_map_sg()
will map the sg entries in sglist and return the number of mapped SGs.
As a part of mapping, some sg entries having contigous memory may be
merged together into a single sg (when IOMMU used). So, the number of
mapped sg entries may not be equal to the number of orginal sg entries
in the request (req->num_sgs).

As a part of preparing the TRBs, dwc3_prepare_one_trb_sg() iterates over
the sg entries present in the sglist and calls sg_is_last() to identify
whether the sg entry is last and set IOC bit for the last sg entry. The
sg_is_last() determines last sg if SG_END is set in sg->page_link. When
IOMMU used, dma_map_sg() merges 2 or more sgs into a single sg and it
doesn't retain the page_link properties. Because of this reason the
sg_is_last() may not find SG_END and thus resulting in IOC bit never
getting set.

For example:

Consider a request having 8 sg entries with each entry having a length of
4096 bytes. Assume that sg1 & sg2, sg3 & sg4, sg5 & sg6, sg7 & sg8 are
having contigous memory regions.

Before calling dma_map_sg():
            sg1-->sg2-->sg3-->sg4-->sg6-->sg7-->sg8
dma_length: 4K    4K    4K    4K    4K    4K    4K
SG_END:     False False False False False False True
num_sgs = 8
num_mapped_sgs = 0

The dma_map_sg() merges sg1 & sg2 memory regions into sg1->dma_address.
Similarly sg3 & sg4 into sg2->dma_address, sg5 & sg6 into the
sg3->dma_address and sg6 & sg8 into sg4->dma_address. Here the memory
regions are merged but the page_link properties like SG_END are not
retained into the merged sgs.

After calling dma_map_sg();
            sg1-->sg2-->sg3-->sg4-->sg6-->sg7-->sg8
dma_length: 8K    8K    8K    8K    0K    0K     0K
SG_END:     False False False False False False True
num_sgs = 8
num_mapped_sgs = 4

After calling dma_map_sg(), sg1,sg2,sg3,sg4 are having dma_length of
8096 bytes each and remaining sg4,sg5,sg6,sg7 are having 0 bytes of
dma_length.

After dma_map_sg() is performed dma_perpare_trb_sg() iterates on all sg
entries and sets IOC bit only for the sg8 (since sg_is_last() returns true
only for sg8). But after calling dma_map_sg() the valid data are present
only till sg4 and the IOC bit should be set for sg4 TRB only (which is not
happening in the present code)

The above mentioned issue can be fixed by determining last sg based on the
req->num_queued_sgs instead of sg_is_last(). If (req->num_queued_sgs + 1)
is equal to req->num_mapped_sgs, then this sg is the last sg. In the above
example, the dwc3 driver has already queued 3 sgs (upto sg3), so the
num_queued_sgs = 3. On preparing the next sg (i.e sg4), check for last sg
(num_queued_sgs + 1) == num_mapped_sgs becomes true. So, the driver sets
IOC bit for sg4. This patch does the same.

Signed-off-by: Anurag Kumar Vulisha <anurag.kumar.vulisha@xilinx.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Link: https://lore.kernel.org/linux-usb/1559141985-17104-1-git-send-email-anurag.kumar.vulisha@xilinx.com/
Change-Id: I5a16c1d9db32755d6e938acf3ab43673a4e46a27
2020-01-15 21:13:30 +00:00
Vinod Koul
7719b087f3 FROMLIST: usb: xhci: provide a debugfs hook for erasing rom
run "echo 1 > /sys/kernel/debug/renesas-usb/rom_erase" to erase firmware
when driver is loaded.

Subsequent init of driver shall reload the firmware

Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Change-Id: Id00beb2430efb8e735b6b98e5055cd2574f579b3
Link: https://lore.kernel.org/linux-arm-msm/20200113084005.849071-6-vkoul@kernel.org/
2020-01-15 21:13:30 +00:00
Vinod Koul
ebc65c36f1 FROMLIST: usb: renesas-xhci: allow multiple firmware versions
Allow multiple firmware file versions in table and load them in
increasing order as we find them in the file system.

Signed-off-by: Vinod Koul <vkoul@kernel.org>
Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Cc: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Change-Id: If3a1e3b0dd467bb0ce4c7728828b34a05edae05c
Link: https://lore.kernel.org/linux-arm-msm/20200113084005.849071-5-vkoul@kernel.org/
2020-01-15 21:13:30 +00:00
Vinod Koul
d3e9cfdb56 FROMLIST: usb: renesas-xhci: Add ROM loader for uPD720201
uPD720201 supports ROM and allows software to program the ROM and boot
from it. Add support for detecting if ROM is present, if so load the ROM
if not programmed earlier.

Signed-off-by: Vinod Koul <vkoul@kernel.org>
Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Cc: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Change-Id: I5c2205191462b472d657aac162ca0d20a44d0cc9
Link: https://lore.kernel.org/linux-arm-msm/20200113084005.849071-4-vkoul@kernel.org/
2020-01-15 21:13:30 +00:00
Christian Lamparter
1972b15841 FROMLIST: usb: renesas-xhci: Add the renesas xhci driver
This add a new driver for renesas xhci which is basically a firmware
loader for uPD720201 and uPD720202 w/o ROM. It uses xhci-pci driver for
most of the work.

This is added in Makefile before the xhci-pci driver so that it first
get probed for renesas devices before the xhci-pci driver has a chance
to claim any device.

This patch adds a firmware loader for the uPD720201K8-711-BAC-A
and uPD720202K8-711-BAA-A variant. Both of these chips are listed
in Renesas' R19UH0078EJ0500 Rev.5.00 "User's Manual: Hardware" as
devices which need the firmware loader on page 2 in order to
work as they "do not support the External ROM".

The "Firmware Download Sequence" is describe in chapter
"7.1 FW Download Interface" R19UH0078EJ0500 Rev.5.00 page 131.

The firmware "K2013080.mem" is available from a USB3.0 Host to
PCIe Adapter (PP2U-E card) "Firmware download" archive. An
alternative version can be sourced from Netgear's WNDR4700 GPL
archives.

The release notes of the PP2U-E's "Firmware Download" ver 2.0.1.3
(2012-06-15) state that the firmware is for the following devices:
 - uPD720201 ES 2.0 sample whose revision ID is 2.
 - uPD720201 ES 2.1 sample & CS sample & Mass product, ID is 3.
 - uPD720202 ES 2.0 sample & CS sample & Mass product, ID is 2.

Cc: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
[vkoul: fixed comments:
	used macros for timeout count and delay
	removed renesas_fw_alive_check
	cleaned renesas_fw_callback
	removed recurion for renesas_fw_download
	added MODULE_FIRMWARE
	add register defines and field names
	move to a separate driver]
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Change-Id: I6a06261fd637dd68bf9df72a30bca0431ab04c2a
Link: https://lore.kernel.org/linux-arm-msm/20200113084005.849071-3-vkoul@kernel.org/
2020-01-15 21:13:30 +00:00
Vinod Koul
e60507ee04 FROMLIST: usb: xhci: export few functions
Export the xhci_pci_setup(), xhci_pci_probe() xhci_pci_remove(),
xhci_pci_suspend() and xhci_pci_resume() functions as they would be used
by renesas-xhci driver.

Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I4fb2088f95925c2e09a4e308618bd46156642df6
Bug: 146449535
Link: https://lore.kernel.org/linux-arm-msm/20200113084005.849071-2-vkoul@kernel.org/
2020-01-15 21:13:30 +00:00
Saravana Kannan
6d82b2ba06 ANDROID: arm64: dts: db845c: Add clocks entry to display to track real clock inputs
Change-Id: Ib22f32b95a2f46824a28fb9f9fc3eaaccca7e47b
[jstultz: Fix build issue, reworked commit message]
Bug: 146449535
Signed-off-by: Saravana Kannan <saravanak@google.com>
Signed-off-by: John Stultz <john.stultz@linaro.org>
2020-01-15 21:13:30 +00:00
Srinivas Kandagatla
d7a55489e0 ANDROID: arm64: dts: db845c: add Low speed expansion i2c and spi nodes
This patch adds support UART0, I2C0, I2C1 and SPI0 available
on Low Speed expansion connector.

Bug: 146449535
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I03b457230641fdbf30adf1bf8730e0ff95354b7c
2020-01-15 21:13:30 +00:00
Bjorn Andersson
6b281221d9 ANDROID: arm64: dts: qcom: sdm845-db845c: Bring in LT9611
Enable MDSS and DSI and add the LT9611 HDMI bridge. DSI1 is supposedly
needed for 4k support, but is left commented out as this is yet to be
functional.

Bug: 146449535
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I7bf2b82abeca7274f8e2dc69c592ed8303e3fbc6
2020-01-15 21:13:30 +00:00
Bjorn Andersson
db4a505b1c ANDROID: arm64: dts: qcom: db845c: Enable PCIe controllers
Enable the two PCIe controllers found on the Dragonboard845c.

Bug: 146449535
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: Ic11f523349ca62f8b1972971f0d41941af9ea842
2020-01-15 21:13:30 +00:00
Bjorn Andersson
163a78701b ANDROID: arm64: dts: qcom: sdm845: Add second PCIe PHY and controller
Add the second PCIe controller and the associated QHP PHY found on
SDM845.

Bug: 146449535
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: Ibd47b697a1167d2b040c08cf698898e84cc4e3fd
2020-01-15 21:13:30 +00:00
Bjorn Andersson
dc76ef08c0 ANDROID: arm64: dts: qcom: sdm845: Add first PCIe controller and PHY
Add the GEN2 PCIe controller and PHY found on SDM845.

Bug: 146449535
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I7061bbffa40059c9a454e4af9c63b0059256d71f
2020-01-15 21:13:30 +00:00
Vivek Gautam
e4093c99f2 ANDROID: arm64: dts/sdm845: Enable FW implemented safe sequence handler on MTP
Indicate on MTP SDM845 that firmware implements handler to
TLB invalidate erratum SCM call where SAFE sequence is toggled
to achieve optimum performance on real-time clients, such as
display and camera.

Bug: 146449535
Signed-off-by: Vivek Gautam <vivek.gautam@codeaurora.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: I27a575e54ffbb0b0bfb78115edef45fc8ff585a4
2020-01-15 21:13:30 +00:00
Bjorn Andersson
e6a29264cb ANDROID: drm/bridge: Introduce LT9611 DSI to HDMI bridge
Add LT9611 DSI to HDMI bridge driver, as well as the
i2s initialization logic.

Bug: 146449535
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
[jstultz: Minor build fixups for newer kernels, squashed in
 the i2s initialization logic, also squished in and reworked
 logic to avoid putting hardware to sleep and breaking hotplug
 originally by Amit]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Change-Id: Ib0bbbf1d86582d9c2ccf1a3c678f1563a26ec04f
2020-01-15 21:13:30 +00:00
John Stultz
0455df0aa3 FROMLIST: drm: msm: Quiet down plane errors in atomic_check
With the db845c running AOSP, I see the following error on every
frame on the home screen:
  [drm:dpu_plane_atomic_check:915] [dpu error]plane33 invalid src 2880x1620+0+470 line:2560

This is due to the error paths in atomic_check using
DPU_ERROR_PLANE(), and the drm_hwcomposer using atomic_check
to decide how to composite the frame (thus it expects to see
atomic_check to fail).

In order to avoid spamming the logs, this patch converts the
DPU_ERROR_PLANE() calls to DPU_DEBUG_PLANE() calls in
atomic_check.

Cc: Todd Kjos <tkjos@google.com>
Cc: Alistair Delva <adelva@google.com>
Cc: Amit Pundir <amit.pundir@linaro.org>
Cc: Rob Clark <robdclark@gmail.com>
Cc: Sean Paul <sean@poorly.run>
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: dri-devel@lists.freedesktop.org
Cc: freedreno@lists.freedesktop.org
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Change-Id: I017e1feaafabdb713078aeaaf2259ea0c3705c03
Link: https://lore.kernel.org/lkml/20200107202852.55819-1-john.stultz@linaro.org/T/#u
2020-01-15 21:13:30 +00:00
John Stultz
0fe9f41dd1 FROMLIST: reset: qcom-aoss: Allow CONFIG_RESET_QCOM_AOSS to be a tristate
Allow CONFIG_RESET_QCOM_AOSS to be set as as =m to allow for the
driver to be loaded from a modules.

Also replaces the builtin_platform_driver() line with
module_platform_driver() and adds a MODULE_DEVICE_TABLE() entry.

Cc: Todd Kjos <tkjos@google.com>
Cc: Alistair Delva <adelva@google.com>
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Amit Pundir <amit.pundir@linaro.org>
Cc: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Change-Id: I89e20bc1678f206ffdf4aab86aa82bb5d2fc5ced
Link: https://lore.kernel.org/lkml/20200108001913.28485-1-john.stultz@linaro.org/T/#u
---
v2: Fix builtin_platform_driver line in driver code
v3: Add MODULE_DEVICE_TABLE() as suggested by Bjorn
2020-01-15 21:13:30 +00:00
John Stultz
1398179370 FROMLIST: tty: serial: Kconfig: Allow SERIAL_QCOM_GENI_CONSOLE to be enabled if SERIAL_QCOM_GENI is a module
In order to support having SERIAL_QCOM_GENI as a module while
also still preserving serial console support, tweak the
Kconfig requirements to not require =y

Cc: Todd Kjos <tkjos@google.com>
Cc: Alistair Delva <adelva@google.com>
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Amit Pundir <amit.pundir@linaro.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: linux-serial@vger.kernel.org
Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Bug: 146449535
Change-Id: I51b64312c22067b99a27ec70db40047e53db1076
Link: https://lore.kernel.org/lkml/20200107010311.58584-1-john.stultz@linaro.org/T/#ma12b01d9ffd0680d3a1a3cf8a65a951bad46f006
2020-01-15 21:13:30 +00:00
Sami Tolvanen
2a961a38a9 FROMLIST: lib/list_sort: fix function type mismatches
Casting the comparison function to a different type trips indirect call
Control-Flow Integrity (CFI) checking. Remove the additional consts from
cmp_func, and the now unneeded casts.

Fixes: 043b3f7b63 ("lib/list_sort: simplify and remove MAX_LIST_LENGTH_BITS")
(am from https://lore.kernel.org/patchwork/patch/1178059/)
Link: https://lore.kernel.org/lkml/20200110225602.91663-1-samitolvanen@google.com
Bug: 147506196
Change-Id: I329b1a454c30af78f9851db6a38c3f060499ec0d
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
2020-01-15 20:49:27 +00:00
Andrey Konovalov
d0a44e4829 UPSTREAM: kcov: fix struct layout for kcov_remote_arg
(Upstream commit a69b83e1ae7f6c5ff2cc310870c1708405d86be2.)

Make the layout of kcov_remote_arg the same for 32-bit and 64-bit code.
This makes it more convenient to write userspace apps that can be
compiled into 32-bit or 64-bit binaries and still work with the same
64-bit kernel.

Also use proper __u32 types in uapi headers instead of unsigned ints.

Link: http://lkml.kernel.org/r/9e91020876029cfefc9211ff747685eba9536426.1575638983.git.andreyknvl@google.com
Fixes: eec028c9386ed1a ("kcov: remote coverage support")
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Acked-by: Marco Elver <elver@google.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Felipe Balbi <balbi@kernel.org>
Cc: Chunfeng Yun <chunfeng.yun@mediatek.com>
Cc: "Jacky . Cao @ sony . com" <Jacky.Cao@sony.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Bug: 147413187
Change-Id: I25a7107841048b3735db94c89199f9de73615333
2020-01-15 14:55:05 +00:00
Greg Kroah-Hartman
4bbb960644 This is the 5.4.12 stable release
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4eEbgACgkQONu9yGCS
 aT6xixAArw9vRo6nu0fyFIylDePnMXub5IzBZSfkJeNEYJuKOuG8OQL7mA4w+7HR
 EqxB5iujMkDzXvWXJTpB4o/uWThyg7cTOd1rco5gLJqZ7tJiNtNGXXPd1+WQi4VC
 mzczdPr8b0sYrspqfE1GqRCmJRjhvybJ+GuJlnwWM6Kb6Q3adfhtYypCTHCZwqT+
 DfFD3EHpSBsged3ZtjFxQ9SgpGEndYc+k5zZSNYzmDNXIYurrqwZ3n4Co+XfOeO0
 79F1lJZVWxCI/hiLg0uXKzG5SYVhh+GRi4qVMM2/i9AEKH2UrXkkt6YRieRR8zTc
 DZsjkcoGBmIO5O+sWFpmKumE0YLspq4YO+lWtIaJI7x7GVMf/VYqv/3h7vKw0BMM
 Ka8eO39aeJvL0w4GfvC4j0yDLWZHLpO9ApRKzK0CKCdjhPpHNlsd+LrhiMDNw/cz
 JLF+wx0mku+ndDoAbpUvn/BBhb1yZY0cMZviKHEzfk90voItAyB2eKnZmwL7jE8M
 zI3pkZZ8468r0ekgukmhzBXLdUl5MTICEBpi8h5COvNntBE9UDHJCb735C4DBGyL
 yPl3bxo4IllAQKV4AN7rU2TG1AQom9EoD3uDsl9RxNIdsDQxr8zyH8J1xIdGaNTv
 hWD/JFiPQDPlOYAPbRqldtGMsTbBMD2HUFcchm3QCXnYYA16pls=
 =QCPE
 -----END PGP SIGNATURE-----

Merge 5.4.12 into android-5.4

Changes in 5.4.12
	chardev: Avoid potential use-after-free in 'chrdev_open()'
	i2c: fix bus recovery stop mode timing
	powercap: intel_rapl: add NULL pointer check to rapl_mmio_cpu_online()
	usb: chipidea: host: Disable port power only if previously enabled
	ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
	ALSA: hda/realtek - Add new codec supported for ALCS1200A
	ALSA: hda/realtek - Set EAPD control to default for ALC222
	ALSA: hda/realtek - Add quirk for the bass speaker on Lenovo Yoga X1 7th gen
	tpm: Revert "tpm_tis: reserve chip for duration of tpm_tis_core_init"
	tpm: Revert "tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts"
	tpm: Revert "tpm_tis_core: Turn on the TPM before probing IRQ's"
	tpm: Handle negative priv->response_len in tpm_common_read()
	rtc: sun6i: Add support for RTC clocks on R40
	kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail
	tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
	tracing: Change offset type to s32 in preempt/irq tracepoints
	HID: Fix slab-out-of-bounds read in hid_field_extract
	HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
	HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
	HID: hid-input: clear unmapped usages
	Input: add safety guards to input_set_keycode()
	Input: input_event - fix struct padding on sparc64
	drm/i915: Add Wa_1408615072 and Wa_1407596294 to icl,ehl
	Revert "drm/amdgpu: Set no-retry as default."
	drm/sun4i: tcon: Set RGB DCLK min. divider based on hardware model
	drm/fb-helper: Round up bits_per_pixel if possible
	drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
	drm/i915: Add Wa_1407352427:icl,ehl
	drm/i915/gt: Mark up virtual engine uabi_instance
	IB/hfi1: Adjust flow PSN with the correct resync_psn
	can: kvaser_usb: fix interface sanity check
	can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
	can: tcan4x5x: tcan4x5x_can_probe(): get the device out of standby before register access
	can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode
	can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs
	gpiolib: acpi: Turn dmi_system_id table into a generic quirk table
	gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism
	pstore/ram: Regularize prz label allocation lifetime
	staging: vt6656: set usb_set_intfdata on driver fail.
	staging: vt6656: Fix non zero logical return of, usb_control_msg
	usb: cdns3: should not use the same dev_id for shared interrupt handler
	usb: ohci-da8xx: ensure error return on variable error is set
	USB-PD tcpm: bad warning+size, PPS adapters
	USB: serial: option: add ZLP support for 0x1bc7/0x9010
	usb: musb: fix idling for suspend after disconnect interrupt
	usb: musb: Disable pullup at init
	usb: musb: dma: Correct parameter passed to IRQ handler
	staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713
	staging: vt6656: correct return of vnt_init_registers.
	staging: vt6656: limit reg output to block size
	staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
	serdev: Don't claim unsupported ACPI serial devices
	iommu/vt-d: Fix adding non-PCI devices to Intel IOMMU
	tty: link tty and port before configuring it as console
	tty: always relink the port
	arm64: Move __ARCH_WANT_SYS_CLONE3 definition to uapi headers
	arm64: Implement copy_thread_tls
	arm: Implement copy_thread_tls
	parisc: Implement copy_thread_tls
	riscv: Implement copy_thread_tls
	xtensa: Implement copy_thread_tls
	clone3: ensure copy_thread_tls is implemented
	um: Implement copy_thread_tls
	staging: vt6656: remove bool from vnt_radio_power_on ret
	mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
	mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
	rpmsg: char: release allocated memory
	scsi: bfa: release allocated memory in case of error
	rtl8xxxu: prevent leaking urb
	ath10k: fix memory leak
	HID: hiddev: fix mess in hiddev_open()
	USB: Fix: Don't skip endpoint descriptors with maxpacket=0
	phy: cpcap-usb: Fix error path when no host driver is loaded
	phy: cpcap-usb: Fix flakey host idling and enumerating of devices
	netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
	netfilter: conntrack: dccp, sctp: handle null timeout argument
	netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
	drm/i915/gen9: Clear residual context state on context switch
	Linux 5.4.12

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib8604812a0a41f9e3ab36ef238623fc222096fea
2020-01-15 08:53:52 +01:00
Maciej Żenczykowski
4eb8e72c35 GKI: enable CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG=y
Quota logging is needed to enable data metering.

Bug: 147203196
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7219a3abd922b31249a3bccb94bc0dcff197788e
2020-01-15 02:10:39 +00:00
Greg Kroah-Hartman
adc0acf587 Linux 5.4.12 2020-01-14 20:08:40 +01:00
Akeem G Abodunrin
53b9bd37af drm/i915/gen9: Clear residual context state on context switch
commit bc8a76a152c5f9ef3b48104154a65a68a8b76946 upstream.

Intel ID: PSIRT-TA-201910-001
CVEID: CVE-2019-14615

Intel GPU Hardware prior to Gen11 does not clear EU state
during a context switch. This can result in information
leakage between contexts.

For Gen8 and Gen9, hardware provides a mechanism for
fast cleardown of the EU state, by issuing a PIPE_CONTROL
with bit 27 set. We can use this in a context batch buffer
to explicitly cleardown the state on every context switch.

As this workaround is already in place for gen8, we can borrow
the code verbatim for Gen9.

Signed-off-by: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Signed-off-by: Akeem G Abodunrin <akeem.g.abodunrin@intel.com>
Cc: Kumar Valsan Prathap <prathap.kumar.valsan@intel.com>
Cc: Chris Wilson <chris.p.wilson@intel.com>
Cc: Balestrieri Francesco <francesco.balestrieri@intel.com>
Cc: Bloomfield Jon <jon.bloomfield@intel.com>
Cc: Dutt Sudeep <sudeep.dutt@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:40 +01:00
Florian Westphal
f58642c1bc netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
commit 22dad713b8a5ff488e07b821195270672f486eb2 upstream.

The set uadt functions assume lineno is never NULL, but it is in
case of ip_set_utest().

syzkaller managed to generate a netlink message that calls this with
LINENO attr present:

general protection fault: 0000 [#1] PREEMPT SMP KASAN
RIP: 0010:hash_mac4_uadt+0x1bc/0x470 net/netfilter/ipset/ip_set_hash_mac.c:104
Call Trace:
 ip_set_utest+0x55b/0x890 net/netfilter/ipset/ip_set_core.c:1867
 nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477
 nfnetlink_rcv+0x1ba/0x460 net/netfilter/nfnetlink.c:563

pass a dummy lineno storage, its easier than patching all set
implementations.

This seems to be a day-0 bug.

Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Reported-by: syzbot+34bd2369d38707f3f4a7@syzkaller.appspotmail.com
Fixes: a7b4f989a6 ("netfilter: ipset: IP set core support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:39 +01:00
Florian Westphal
99a55d8a7f netfilter: conntrack: dccp, sctp: handle null timeout argument
commit 1d9a7acd3d1e74c2d150d8934f7f55bed6d70858 upstream.

The timeout pointer can be NULL which means we should modify the
per-nets timeout instead.

All do this, except sctp and dccp which instead give:

general protection fault: 0000 [#1] PREEMPT SMP KASAN
net/netfilter/nf_conntrack_proto_dccp.c:682
 ctnl_timeout_parse_policy+0x150/0x1d0 net/netfilter/nfnetlink_cttimeout.c:67
 cttimeout_default_set+0x150/0x1c0 net/netfilter/nfnetlink_cttimeout.c:368
 nfnetlink_rcv_msg+0xcf2/0xfb0 net/netfilter/nfnetlink.c:229
 netlink_rcv_skb+0x177/0x450 net/netlink/af_netlink.c:2477

Reported-by: syzbot+46a4ad33f345d1dd346e@syzkaller.appspotmail.com
Fixes: c779e84960 ("netfilter: conntrack: remove get_timeout() indirection")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:39 +01:00
Florian Westphal
503ff0dcfb netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
commit 1b789577f655060d98d20ed0c6f9fbd469d6ba63 upstream.

We get crash when the targets checkentry function tries to make
use of the network namespace pointer for arptables.

When the net pointer got added back in 2010, only ip/ip6/ebtables were
changed to initialize it, so arptables has this set to NULL.

This isn't a problem for normal arptables because no existing
arptables target has a checkentry function that makes use of par->net.

However, direct users of the setsockopt interface can provide any
target they want as long as its registered for ARP or UNPSEC protocols.

syzkaller managed to send a semi-valid arptables rule for RATEEST target
which is enough to trigger NULL deref:

kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
RIP: xt_rateest_tg_checkentry+0x11d/0xb40 net/netfilter/xt_RATEEST.c:109
[..]
 xt_check_target+0x283/0x690 net/netfilter/x_tables.c:1019
 check_target net/ipv4/netfilter/arp_tables.c:399 [inline]
 find_check_entry net/ipv4/netfilter/arp_tables.c:422 [inline]
 translate_table+0x1005/0x1d70 net/ipv4/netfilter/arp_tables.c:572
 do_replace net/ipv4/netfilter/arp_tables.c:977 [inline]
 do_arpt_set_ctl+0x310/0x640 net/ipv4/netfilter/arp_tables.c:1456

Fixes: add6746124 ("netfilter: add struct net * to target parameters")
Reported-by: syzbot+d7358a458d8a81aee898@syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:39 +01:00
Tony Lindgren
2deeba3623 phy: cpcap-usb: Fix flakey host idling and enumerating of devices
commit 049226b9fd7442149dcbcf55f15408f5973cceda upstream.

We must let the USB host idle things properly before we switch to debug
UART mode. Otherwise the USB host may never idle after disconnecting
devices, and that causes the next enumeration to be flakey.

Cc: Jacopo Mondi <jacopo@jmondi.org>
Cc: Marcel Partap <mpartap@gmx.net>
Cc: Merlijn Wajer <merlijn@wizzup.org>
Cc: Michael Scott <hashcode0f@gmail.com>
Cc: NeKit <nekit1000@gmail.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Sebastian Reichel <sre@kernel.org>
Acked-by: Pavel Machek <pavel@ucw.cz>
Fixes: 6d6ce40f63 ("phy: cpcap-usb: Add CPCAP PMIC USB support")
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:39 +01:00
Tony Lindgren
73681018f0 phy: cpcap-usb: Fix error path when no host driver is loaded
commit 4acb0200ab2b07843e3ef5599add3454c7440f03 upstream.

If musb_mailbox() returns an error, we must still continue to finish
configuring the phy.

Otherwise the phy state may end up only half initialized, and this can
cause the debug serial console to stop working. And this will happen if the
usb driver musb controller is not loaded.

Let's fix the issue by adding helper for cpcap_usb_try_musb_mailbox().

Fixes: 6d6ce40f63 ("phy: cpcap-usb: Add CPCAP PMIC USB support")
Cc: Merlijn Wajer <merlijn@wizzup.org>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Sebastian Reichel <sre@kernel.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:38 +01:00
Alan Stern
3fcaac70d2 USB: Fix: Don't skip endpoint descriptors with maxpacket=0
commit 2548288b4fb059b2da9ceada172ef763077e8a59 upstream.

It turns out that even though endpoints with a maxpacket length of 0
aren't useful for data transfer, the descriptors do serve other
purposes.  In particular, skipping them will also skip over other
class-specific descriptors for classes such as UVC.  This unexpected
side effect has caused some UVC cameras to stop working.

In addition, the USB spec requires that when isochronous endpoint
descriptors are present in an interface's altsetting 0 (which is true
on some devices), the maxpacket size _must_ be set to 0.  Warning
about such things seems like a bad idea.

This patch updates an earlier commit which would log a warning and
skip these endpoint descriptors.  Now we only log a warning, and we
don't even do that for isochronous endpoints in altsetting 0.

We don't need to worry about preventing endpoints with maxpacket = 0
from ever being used for data transfers; usb_submit_urb() already
checks for this.

Reported-and-tested-by: Roger Whittaker <Roger.Whittaker@suse.com>
Fixes: d482c7bb05 ("USB: Skip endpoints with 0 maxpacket length")
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://marc.info/?l=linux-usb&m=157790377329882&w=2
Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.2001061040270.1514-100000@iolanthe.rowland.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:38 +01:00
Dmitry Torokhov
1ea36fba56 HID: hiddev: fix mess in hiddev_open()
commit 18a1b06e5b91d47dc86c0a66a762646ea7c5d141 upstream.

The open method of hiddev handler fails to bring the device out of
autosuspend state as was promised in 0361a28d3f, as it actually has 2
blocks that try to start the transport (call hid_hw_open()) with both
being guarded by the "open" counter, so the 2nd block is never executed as
the first block increments the counter so it is never at 0 when we check
it for the second block.

Additionally hiddev_open() was leaving counter incremented on errors,
causing the device to never be reopened properly if there was ever an
error.

Let's fix all of this by factoring out code that creates client structure
and powers up the device into a separate function that is being called
from usbhid_open() with the "existancelock" being held.

Fixes: 0361a28d3f ("HID: autosuspend support for USB HID")
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:38 +01:00
Navid Emamdoost
ad1e0d1976 ath10k: fix memory leak
commit b8d17e7d93d2beb89e4f34c59996376b8b544792 upstream.

In ath10k_usb_hif_tx_sg the allocated urb should be released if
usb_submit_urb fails.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:37 +01:00
Navid Emamdoost
e380d97473 rtl8xxxu: prevent leaking urb
commit a2cdd07488e666aa93a49a3fc9c9b1299e27ef3c upstream.

In rtl8xxxu_submit_int_urb if usb_submit_urb fails the allocated urb
should be released.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Reviewed-by: Chris Chiu <chiu@endlessm.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:37 +01:00
Navid Emamdoost
448fe0b67c scsi: bfa: release allocated memory in case of error
commit 0e62395da2bd5166d7c9e14cbc7503b256a34cb0 upstream.

In bfad_im_get_stats if bfa_port_get_stats fails, allocated memory needs to
be released.

Link: https://lore.kernel.org/r/20190910234417.22151-1-navid.emamdoost@gmail.com
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:37 +01:00
Navid Emamdoost
5bbe72cf48 rpmsg: char: release allocated memory
commit bbe692e349e2a1edf3fe0a29a0e05899c9c94d51 upstream.

In rpmsg_eptdev_write_iter, if copy_from_iter_full fails the allocated
buffer needs to be released.

Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:37 +01:00
Navid Emamdoost
3fe1ced40e mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
commit db8fd2cde93227e566a412cf53173ffa227998bc upstream.

In mwifiex_pcie_alloc_cmdrsp_buf, a new skb is allocated which should be
released if mwifiex_map_pci_memory() fails. The release is added.

Fixes: fc33146090 ("mwifiex: use pci_alloc/free_consistent APIs for PCIe")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Acked-by: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:36 +01:00
Ganapathi Bhat
cbd6a85021 mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
commit 3d94a4a8373bf5f45cf5f939e88b8354dbf2311b upstream.

mwifiex_process_country_ie() function parse elements of bss
descriptor in beacon packet. When processing WLAN_EID_COUNTRY
element, there is no upper limit check for country_ie_len before
calling memcpy. The destination buffer domain_info->triplet is an
array of length MWIFIEX_MAX_TRIPLET_802_11D(83). The remote
attacker can build a fake AP with the same ssid as real AP, and
send malicous beacon packet with long WLAN_EID_COUNTRY elemen
(country_ie_len > 83). Attacker can  force STA connect to fake AP
on a different channel. When the victim STA connects to fake AP,
will trigger the heap buffer overflow. Fix this by checking for
length and if found invalid, don not connect to the AP.

This fix addresses CVE-2019-14895.

Reported-by: huangwen <huangwenabc@gmail.com>
Signed-off-by: Ganapathi Bhat <gbhat@marvell.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:36 +01:00
Malcolm Priestley
fa2bdff31c staging: vt6656: remove bool from vnt_radio_power_on ret
commit 07f59f180ee083c48c32a1e69ae1d0091444d212 upstream.

The driver uses logical only error checking a bool true would flag error.

Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Link: https://lore.kernel.org/r/cc52b67c-9ef8-3e57-815a-44d10701919e@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:36 +01:00
Amanieu d'Antras
8c9ff5c7dd um: Implement copy_thread_tls
commit 457677c70c7672a4586b0b8abc396cc1ecdd376d upstream.

This is required for clone3 which passes the TLS value through a
struct rather than a register.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: linux-um@lists.infradead.org
Cc: <stable@vger.kernel.org> # 5.3.x
Link: https://lore.kernel.org/r/20200104123928.1048822-1-amanieu@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:35 +01:00
Amanieu d'Antras
4f43cdc723 clone3: ensure copy_thread_tls is implemented
commit dd499f7a7e34270208350a849ef103c0b3ae477f upstream.

copy_thread implementations handle CLONE_SETTLS by reading the TLS
value from the registers containing the syscall arguments for
clone. This doesn't work with clone3 since the TLS value is passed
in clone_args instead.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: <stable@vger.kernel.org> # 5.3.x
Link: https://lore.kernel.org/r/20200102172413.654385-8-amanieu@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:35 +01:00
Amanieu d'Antras
3981d85a91 xtensa: Implement copy_thread_tls
commit c346b94f8c5d1b7d637522c908209de93305a8eb upstream.

This is required for clone3 which passes the TLS value through a
struct rather than a register.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: linux-xtensa@linux-xtensa.org
Cc: <stable@vger.kernel.org> # 5.3.x
Link: https://lore.kernel.org/r/20200102172413.654385-7-amanieu@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:35 +01:00
Amanieu d'Antras
0b6a32ef88 riscv: Implement copy_thread_tls
commit 20bda4ed62f507ed72e30e817b43c65fdba60be7 upstream.

This is required for clone3 which passes the TLS value through a
struct rather than a register.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: linux-riscv@lists.infradead.org
Cc: <stable@vger.kernel.org> # 5.3.x
Link: https://lore.kernel.org/r/20200102172413.654385-6-amanieu@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:34 +01:00
Amanieu d'Antras
0bdd4e601a parisc: Implement copy_thread_tls
commit d2f36c787b2181561d8b95814f8cdad64b348ad7 upstream.

This is required for clone3 which passes the TLS value through a
struct rather than a register.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: linux-parisc@vger.kernel.org
Cc: <stable@vger.kernel.org> # 5.3.x
Link: https://lore.kernel.org/r/20200102172413.654385-5-amanieu@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:34 +01:00
Amanieu d'Antras
ca7bbad38d arm: Implement copy_thread_tls
commit 167ee0b82429cb5df272808c7a21370b7c961ab2 upstream.

This is required for clone3 which passes the TLS value through a
struct rather than a register.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: <stable@vger.kernel.org> # 5.3.x
Link: https://lore.kernel.org/r/20200102172413.654385-4-amanieu@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:34 +01:00
Amanieu d'Antras
472f8a5821 arm64: Implement copy_thread_tls
commit a4376f2fbcc8084832f2f114577c8d68234c7903 upstream.

This is required for clone3 which passes the TLS value through a
struct rather than a register.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: <stable@vger.kernel.org> # 5.3.x
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20200102172413.654385-3-amanieu@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:34 +01:00
Amanieu d'Antras
bac641643c arm64: Move __ARCH_WANT_SYS_CLONE3 definition to uapi headers
commit 3e3c8ca5a351350031f0f3d5ecedf7048b1b9008 upstream.

Previously this was only defined in the internal headers which
resulted in __NR_clone3 not being defined in the user headers.

Signed-off-by: Amanieu d'Antras <amanieu@gmail.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: <stable@vger.kernel.org> # 5.3.x
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/r/20200102172413.654385-2-amanieu@gmail.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:33 +01:00
Sudip Mukherjee
d32d6d2bee tty: always relink the port
commit 273f632912f1b24b642ba5b7eb5022e43a72f3b5 upstream.

If the serial device is disconnected and reconnected, it re-enumerates
properly but does not link it. fwiw, linking means just saving the port
index, so allow it always as there is no harm in saving the same value
again even if it tries to relink with the same port.

Fixes: fb2b90014d78 ("tty: link tty and port before configuring it as console")
Reported-by: Kenneth R. Crudup <kenny@panix.com>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191227174434.12057-1-sudipm.mukherjee@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:33 +01:00
Sudip Mukherjee
46e4035d55 tty: link tty and port before configuring it as console
commit fb2b90014d782d80d7ebf663e50f96d8c507a73c upstream.

There seems to be a race condition in tty drivers and I could see on
many boot cycles a NULL pointer dereference as tty_init_dev() tries to
do 'tty->port->itty = tty' even though tty->port is NULL.
'tty->port' will be set by the driver and if the driver has not yet done
it before we open the tty device we can get to this situation. By adding
some extra debug prints, I noticed that:

6.650130: uart_add_one_port
6.663849: register_console
6.664846: tty_open
6.674391: tty_init_dev
6.675456: tty_port_link_device

uart_add_one_port() registers the console, as soon as it registers, the
userspace tries to use it and that leads to tty_open() but
uart_add_one_port() has not yet done tty_port_link_device() and so
tty->port is not yet configured when control reaches tty_init_dev().

Further look into the code and tty_port_link_device() is done by
uart_add_one_port(). After registering the console uart_add_one_port()
will call tty_port_register_device_attr_serdev() and
tty_port_link_device() is called from this.

Call add tty_port_link_device() before uart_configure_port() is done and
add a check in tty_port_link_device() so that it only links the port if
it has not been done yet.

Suggested-by: Jiri Slaby <jslaby@suse.com>
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191212131602.29504-1-sudipm.mukherjee@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-01-14 20:08:33 +01:00