diff --git a/blacklist.conf b/blacklist.conf index 5b8ddc3..b3c7e7d 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -588,3 +588,33 @@ cb11a90e33c04623428eccb2c693a6b81947c686 # dt-bindings 512ec50a97d80f604f166da08258395c6f50a607 # dt-bindings 3ffce7b6100cbfc1dcbec8be2b824b2d75866455 # dt-bindings 956aa03b52e9c07e6ba769afd4e6f8c43436d02c # dt-bindings +9c3a16f88385e671b63a0de7b82b85e604a80f42 # device-tree fix +4fb3a074755b7737c4081cffe0ccfa08c2f2d29d # device-tree fix +ba8da03fa7dff59d9400250aebd38f94cde3cb0f # device-tree fix +5cfad4f45806f6f898b63b8c77cea7452c704cb3 # device-tree fix +1d88358a89dbac9c7d4559548b9a44840456e6fb # device-tree fix +dcabb06bf127b3e0d3fbc94a2b65dd56c2725851 # device-tree fix +e8b395b23643ca26e62a3081130d895e198c6154 # device-tree fix +686e0a0c8c61e0e3f55321d0181fece3efd92777 # device-tree fix +73bc7510ea0dafb4ff1ae6808759627a8ec51f5a # device-tree fix +e1e47fbca668507a81bb388fcae044b89d112ecc # device-tree fix +d0570a575aa83116bd0f6a99c4de548af773d950 # device-tree fix +4076a007bd0f6171434bdb119a0b8797749b0502 # device-tree fix +94dad6bed3c86c00050bf7c2b2ad6b630facae31 # device-tree fix +1653e3d470629d25c64cd8a2f84adb20a9348b0c # device-tree fix +656c648354e1561fa4f445b0b3252ec1d24e3951 # device-tree fix +aa880c6f3ee6dbd0d5ab02026a514ff8ea0a3328 # device-tree fix +e98e2367dfb4b6d7a80c8ce795c644124eff5f36 # device-tree fix +1fea2eb2f5bbd3fbbe2513d2386b5f6e6db17fd7 # device-tree fix +cc72570747e43335f4933a24dd74d5653639176a # device-tree fix +da2fb8457f71138d455cba82edec0d34f858e506 # device-tree fix +941432d007689f3774646e41a1439228b6c6ee0e # device-tree fix +cfe6c487b9a1abc6197714ec5605716a5428cf03 # device-tree fix +948c657cc45e8ce48cb533d4e2106145fa765759 # device-tree fix +c6433083f5930fdf52ad47c8c0459719c810dc89 # device-tree fix +3503376d6cc385b6266f93c24ead9a33d8dfe8cb # device-tree fix +1741e18737948c140ccc4cc643e8126d95ee6e79 # device-tree fix +1e0ca5467445bc1f41a9e403d6161a22f313dae7 # device-tree fix +2933bf3528007f834fb7f5eab033f9c5b0683f91 # device-tree fix +4bb1eb3cd4bd6241d5e5f99bbfd801ea5a007b6c # device-tree fix +b0fc70ce1f028e14a37c186d9f7a55e51439b83a # Berlin SOC not supported diff --git a/patches.kabi/nxp-i2c-restore-includes-for-kABI.patch b/patches.kabi/nxp-i2c-restore-includes-for-kABI.patch new file mode 100644 index 0000000..4b8982c --- /dev/null +++ b/patches.kabi/nxp-i2c-restore-includes-for-kABI.patch @@ -0,0 +1,45 @@ +From 70646feb533f2c2024e66bc0953a1f2220922392 Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Tue, 1 Jun 2021 14:25:37 +0200 +Subject: [PATCH] nxp-i2c: restore includes for kABI +Patch-mainline: Never, kABI fix +References: bsc#1185589 + +They are no longer needed for compilation, but removing +them changes kABI computation. A false positive, but lets +restore them. + +Signed-off-by: Oliver Neukum +--- + drivers/nfc/nxp-nci/core.c | 1 + + drivers/nfc/nxp-nci/i2c.c | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/drivers/nfc/nxp-nci/core.c b/drivers/nfc/nxp-nci/core.c +index a0ce95a28..aed18ca60 100644 +--- a/drivers/nfc/nxp-nci/core.c ++++ b/drivers/nfc/nxp-nci/core.c +@@ -11,6 +11,7 @@ + */ + + #include ++#include + #include + #include + +diff --git a/drivers/nfc/nxp-nci/i2c.c b/drivers/nfc/nxp-nci/i2c.c +index a05410556..736b1a8dc 100644 +--- a/drivers/nfc/nxp-nci/i2c.c ++++ b/drivers/nfc/nxp-nci/i2c.c +@@ -21,6 +21,8 @@ + #include + #include + #include ++#include ++#include + #include + + #include +-- +2.26.2 + diff --git a/patches.suse/ARM64-vdso32-Install-vdso32-from-vdso_install.patch b/patches.suse/ARM64-vdso32-Install-vdso32-from-vdso_install.patch new file mode 100644 index 0000000..94a70c4 --- /dev/null +++ b/patches.suse/ARM64-vdso32-Install-vdso32-from-vdso_install.patch @@ -0,0 +1,52 @@ +From: Stephen Boyd +Date: Mon, 17 Aug 2020 18:49:50 -0700 +Subject: ARM64: vdso32: Install vdso32 from vdso_install + +Git-commit: 8d75785a814241587802655cc33e384230744f0c +Patch-mainline: v5.9-rc2 +References: git-fixes + +Add the 32-bit vdso Makefile to the vdso_install rule so that 'make +vdso_install' installs the 32-bit compat vdso when it is compiled. + +Fixes: a7f71a2c8903 ("arm64: compat: Add vDSO") +Signed-off-by: Stephen Boyd +Reviewed-by: Vincenzo Frascino +Acked-by: Will Deacon +Cc: Vincenzo Frascino +Link: https://lore.kernel.org/r/20200818014950.42492-1-swboyd@chromium.org +Signed-off-by: Catalin Marinas +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/Makefile | 1 + + arch/arm64/kernel/vdso32/Makefile | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile +index 55bc8546d9c7..b45f0124cc16 100644 +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -165,6 +165,7 @@ zinstall install: + PHONY += vdso_install + vdso_install: + $(Q)$(MAKE) $(build)=arch/arm64/kernel/vdso $@ ++ $(Q)$(MAKE) $(build)=arch/arm64/kernel/vdso32 $@ + + # We use MRPROPER_FILES and CLEAN_FILES now + archclean: +diff --git a/arch/arm64/kernel/vdso32/Makefile b/arch/arm64/kernel/vdso32/Makefile +index 5139a5f19256..d6adb4677c25 100644 +--- a/arch/arm64/kernel/vdso32/Makefile ++++ b/arch/arm64/kernel/vdso32/Makefile +@@ -208,7 +208,7 @@ quiet_cmd_vdsosym = VDSOSYM $@ + cmd_vdsosym = $(NM) $< | $(gen-vdsosym) | LC_ALL=C sort > $@ + + # Install commands for the unstripped file +-quiet_cmd_vdso_install = INSTALL $@ ++quiet_cmd_vdso_install = INSTALL32 $@ + cmd_vdso_install = cp $(obj)/$@.dbg $(MODLIB)/vdso/vdso32.so + + vdso.so: $(obj)/vdso.so.dbg +-- +2.26.2 + diff --git a/patches.suse/NFC-nxp-nci-Add-GPIO-ACPI-mapping-table.patch b/patches.suse/NFC-nxp-nci-Add-GPIO-ACPI-mapping-table.patch new file mode 100644 index 0000000..7f06582 --- /dev/null +++ b/patches.suse/NFC-nxp-nci-Add-GPIO-ACPI-mapping-table.patch @@ -0,0 +1,62 @@ +From 099d03f02dbffe1575d86063b2bf416502faa5e9 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Mon, 29 Jul 2019 16:35:05 +0300 +Subject: [PATCH] NFC: nxp-nci: Add GPIO ACPI mapping table +Git-commit: 099d03f02dbffe1575d86063b2bf416502faa5e9 +References: bsc#1185589 +Patch-mainline: v5.4-rc1 + +In order to unify GPIO resource request prepare gpiod_get_index() +to behave correctly when there is no mapping provided by firmware. + +Here we add explicit mapping between _CRS GpioIo() resources and +their names used in the driver. + +Signed-off-by: Andy Shevchenko +Tested-by: Sedat Dilek +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/nfc/nxp-nci/i2c.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/drivers/nfc/nxp-nci/i2c.c b/drivers/nfc/nxp-nci/i2c.c +index 713c267acf88..7344405feddf 100644 +--- a/drivers/nfc/nxp-nci/i2c.c ++++ b/drivers/nfc/nxp-nci/i2c.c +@@ -247,6 +247,15 @@ static irqreturn_t nxp_nci_i2c_irq_thread_fn(int irq, void *phy_id) + return IRQ_NONE; + } + ++static const struct acpi_gpio_params firmware_gpios = { 1, 0, false }; ++static const struct acpi_gpio_params enable_gpios = { 2, 0, false }; ++ ++static const struct acpi_gpio_mapping acpi_nxp_nci_gpios[] = { ++ { "enable-gpios", &enable_gpios, 1 }, ++ { "firmware-gpios", &firmware_gpios, 1 }, ++ { } ++}; ++ + static int nxp_nci_i2c_parse_devtree(struct i2c_client *client) + { + struct nxp_nci_i2c_phy *phy = i2c_get_clientdata(client); +@@ -269,9 +278,14 @@ static int nxp_nci_i2c_parse_devtree(struct i2c_client *client) + static int nxp_nci_i2c_acpi_config(struct nxp_nci_i2c_phy *phy) + { + struct i2c_client *client = phy->i2c_dev; ++ int r; + +- phy->gpiod_en = devm_gpiod_get_index(&client->dev, NULL, 2, GPIOD_OUT_LOW); +- phy->gpiod_fw = devm_gpiod_get_index(&client->dev, NULL, 1, GPIOD_OUT_LOW); ++ r = devm_acpi_dev_add_driver_gpios(&client->dev, acpi_nxp_nci_gpios); ++ if (r) ++ return r; ++ ++ phy->gpiod_en = devm_gpiod_get(&client->dev, "enable", GPIOD_OUT_LOW); ++ phy->gpiod_fw = devm_gpiod_get(&client->dev, "firmware", GPIOD_OUT_LOW); + + if (IS_ERR(phy->gpiod_en) || IS_ERR(phy->gpiod_fw)) { + nfc_err(&client->dev, "No GPIOs\n"); +-- +2.26.2 + diff --git a/patches.suse/NFC-nxp-nci-Add-NXP1001-to-the-ACPI-ID-table.patch b/patches.suse/NFC-nxp-nci-Add-NXP1001-to-the-ACPI-ID-table.patch new file mode 100644 index 0000000..d3b650b --- /dev/null +++ b/patches.suse/NFC-nxp-nci-Add-NXP1001-to-the-ACPI-ID-table.patch @@ -0,0 +1,37 @@ +From 1b14a37565d9e88b82b8a227690e5fbc0079b61b Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Mon, 29 Jul 2019 16:35:02 +0300 +Subject: [PATCH] NFC: nxp-nci: Add NXP1001 to the ACPI ID table +Patch-mainline: v5.4-rc1 +References: bsc#1185589 +Git-commit: 1b14a37565d9e88b82b8a227690e5fbc0079b61b + +It seems a lot of laptops are equipped with NXP NFC300 chip with +the ACPI ID NXP1001 as per DSDT. + +Append it to the driver's ACPI ID table. + +Reported-by: Sedat Dilek +Signed-off-by: Andy Shevchenko +Tested-by: Sedat Dilek +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/nfc/nxp-nci/i2c.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/nfc/nxp-nci/i2c.c b/drivers/nfc/nxp-nci/i2c.c +index 4aeb3861b409..5db71869f04b 100644 +--- a/drivers/nfc/nxp-nci/i2c.c ++++ b/drivers/nfc/nxp-nci/i2c.c +@@ -396,6 +396,7 @@ MODULE_DEVICE_TABLE(of, of_nxp_nci_i2c_match); + + #ifdef CONFIG_ACPI + static struct acpi_device_id acpi_id[] = { ++ { "NXP1001" }, + { "NXP7471" }, + { }, + }; +-- +2.26.2 + diff --git a/patches.suse/NFC-nxp-nci-Convert-to-use-GPIO-descriptor.patch b/patches.suse/NFC-nxp-nci-Convert-to-use-GPIO-descriptor.patch new file mode 100644 index 0000000..fe07010 --- /dev/null +++ b/patches.suse/NFC-nxp-nci-Convert-to-use-GPIO-descriptor.patch @@ -0,0 +1,157 @@ +From 43201767b44cbd873c60dbd2acd370147588cb18 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Mon, 29 Jul 2019 16:35:04 +0300 +Subject: [PATCH] NFC: nxp-nci: Convert to use GPIO descriptor +Git-commit: 43201767b44cbd873c60dbd2acd370147588cb18 +References: bsc#1185589 +Patch-mainline: v5.4-rc1 + +Since we got rid of platform data, the driver may use +GPIO descriptor directly. + +Signed-off-by: Andy Shevchenko +Tested-by: Sedat Dilek +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/nfc/nxp-nci/core.c | 1 - + drivers/nfc/nxp-nci/i2c.c | 60 ++++++++++---------------------------- + 2 files changed, 15 insertions(+), 46 deletions(-) + +diff --git a/drivers/nfc/nxp-nci/core.c b/drivers/nfc/nxp-nci/core.c +index aed18ca60170..a0ce95a287c5 100644 +--- a/drivers/nfc/nxp-nci/core.c ++++ b/drivers/nfc/nxp-nci/core.c +@@ -11,7 +11,6 @@ + */ + + #include +-#include + #include + #include + +diff --git a/drivers/nfc/nxp-nci/i2c.c b/drivers/nfc/nxp-nci/i2c.c +index 47b3b7e612e6..713c267acf88 100644 +--- a/drivers/nfc/nxp-nci/i2c.c ++++ b/drivers/nfc/nxp-nci/i2c.c +@@ -21,8 +21,6 @@ + #include + #include + #include +-#include +-#include + #include + + #include +@@ -37,8 +35,8 @@ struct nxp_nci_i2c_phy { + struct i2c_client *i2c_dev; + struct nci_dev *ndev; + +- unsigned int gpio_en; +- unsigned int gpio_fw; ++ struct gpio_desc *gpiod_en; ++ struct gpio_desc *gpiod_fw; + + int hard_fault; /* + * < 0 if hardware error occurred (e.g. i2c err) +@@ -51,8 +49,8 @@ static int nxp_nci_i2c_set_mode(void *phy_id, + { + struct nxp_nci_i2c_phy *phy = (struct nxp_nci_i2c_phy *) phy_id; + +- gpio_set_value(phy->gpio_fw, (mode == NXP_NCI_MODE_FW) ? 1 : 0); +- gpio_set_value(phy->gpio_en, (mode != NXP_NCI_MODE_COLD) ? 1 : 0); ++ gpiod_set_value(phy->gpiod_fw, (mode == NXP_NCI_MODE_FW) ? 1 : 0); ++ gpiod_set_value(phy->gpiod_en, (mode != NXP_NCI_MODE_COLD) ? 1 : 0); + usleep_range(10000, 15000); + + if (mode == NXP_NCI_MODE_COLD) +@@ -252,30 +250,18 @@ static irqreturn_t nxp_nci_i2c_irq_thread_fn(int irq, void *phy_id) + static int nxp_nci_i2c_parse_devtree(struct i2c_client *client) + { + struct nxp_nci_i2c_phy *phy = i2c_get_clientdata(client); +- struct device_node *pp; +- int r; +- +- pp = client->dev.of_node; +- if (!pp) +- return -ENODEV; + +- r = of_get_named_gpio(pp, "enable-gpios", 0); +- if (r == -EPROBE_DEFER) +- r = of_get_named_gpio(pp, "enable-gpios", 0); +- if (r < 0) { +- nfc_err(&client->dev, "Failed to get EN gpio, error: %d\n", r); +- return r; ++ phy->gpiod_en = devm_gpiod_get(&client->dev, "enable", GPIOD_OUT_LOW); ++ if (IS_ERR(phy->gpiod_en)) { ++ nfc_err(&client->dev, "Failed to get EN gpio\n"); ++ return PTR_ERR(phy->gpiod_en); + } +- phy->gpio_en = r; + +- r = of_get_named_gpio(pp, "firmware-gpios", 0); +- if (r == -EPROBE_DEFER) +- r = of_get_named_gpio(pp, "firmware-gpios", 0); +- if (r < 0) { +- nfc_err(&client->dev, "Failed to get FW gpio, error: %d\n", r); +- return r; ++ phy->gpiod_fw = devm_gpiod_get(&client->dev, "firmware", GPIOD_OUT_LOW); ++ if (IS_ERR(phy->gpiod_fw)) { ++ nfc_err(&client->dev, "Failed to get FW gpio\n"); ++ return PTR_ERR(phy->gpiod_fw); + } +- phy->gpio_fw = r; + + return 0; + } +@@ -283,19 +269,15 @@ static int nxp_nci_i2c_parse_devtree(struct i2c_client *client) + static int nxp_nci_i2c_acpi_config(struct nxp_nci_i2c_phy *phy) + { + struct i2c_client *client = phy->i2c_dev; +- struct gpio_desc *gpiod_en, *gpiod_fw; + +- gpiod_en = devm_gpiod_get_index(&client->dev, NULL, 2, GPIOD_OUT_LOW); +- gpiod_fw = devm_gpiod_get_index(&client->dev, NULL, 1, GPIOD_OUT_LOW); ++ phy->gpiod_en = devm_gpiod_get_index(&client->dev, NULL, 2, GPIOD_OUT_LOW); ++ phy->gpiod_fw = devm_gpiod_get_index(&client->dev, NULL, 1, GPIOD_OUT_LOW); + +- if (IS_ERR(gpiod_en) || IS_ERR(gpiod_fw)) { ++ if (IS_ERR(phy->gpiod_en) || IS_ERR(phy->gpiod_fw)) { + nfc_err(&client->dev, "No GPIOs\n"); + return -EINVAL; + } + +- phy->gpio_en = desc_to_gpio(gpiod_en); +- phy->gpio_fw = desc_to_gpio(gpiod_fw); +- + return 0; + } + +@@ -331,24 +313,12 @@ static int nxp_nci_i2c_probe(struct i2c_client *client, + r = nxp_nci_i2c_acpi_config(phy); + if (r < 0) + goto probe_exit; +- goto nci_probe; + } else { + nfc_err(&client->dev, "No platform data\n"); + r = -EINVAL; + goto probe_exit; + } + +- r = devm_gpio_request_one(&phy->i2c_dev->dev, phy->gpio_en, +- GPIOF_OUT_INIT_LOW, "nxp_nci_en"); +- if (r < 0) +- goto probe_exit; +- +- r = devm_gpio_request_one(&phy->i2c_dev->dev, phy->gpio_fw, +- GPIOF_OUT_INIT_LOW, "nxp_nci_fw"); +- if (r < 0) +- goto probe_exit; +- +-nci_probe: + r = nxp_nci_probe(phy, &client->dev, &i2c_phy_ops, + NXP_NCI_I2C_MAX_PAYLOAD, &phy->ndev); + if (r < 0) +-- +2.26.2 + diff --git a/patches.suse/NFC-nxp-nci-Get-rid-of-platform-data.patch b/patches.suse/NFC-nxp-nci-Get-rid-of-platform-data.patch new file mode 100644 index 0000000..6930755 --- /dev/null +++ b/patches.suse/NFC-nxp-nci-Get-rid-of-platform-data.patch @@ -0,0 +1,130 @@ +From 3b0b278312ba7d6c1eb8b2fb48d459fb7f341a20 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Mon, 29 Jul 2019 16:35:03 +0300 +Subject: [PATCH] NFC: nxp-nci: Get rid of platform data +Git-commit: 3b0b278312ba7d6c1eb8b2fb48d459fb7f341a20 +References: bsc#1185589 +Patch-mainline: v5.4-rc1 + +Legacy platform data must go away. We are on the safe side here since +there are no users of it in the kernel. + +If anyone by any odd reason needs it the GPIO lookup tables and +built-in device properties at your service. + +Signed-off-by: Andy Shevchenko +Tested-by: Sedat Dilek +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + MAINTAINERS | 1 - + drivers/nfc/nxp-nci/core.c | 1 - + drivers/nfc/nxp-nci/i2c.c | 9 +-------- + drivers/nfc/nxp-nci/nxp-nci.h | 1 - + include/linux/platform_data/nxp-nci.h | 19 ------------------- + 5 files changed, 1 insertion(+), 30 deletions(-) + delete mode 100644 include/linux/platform_data/nxp-nci.h + +diff --git a/MAINTAINERS b/MAINTAINERS +index 9cc156c58f0c..ee663e0e2f2e 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -11327,7 +11327,6 @@ F: include/net/nfc/ + F: include/uapi/linux/nfc.h + F: drivers/nfc/ + F: include/linux/platform_data/nfcmrvl.h +-F: include/linux/platform_data/nxp-nci.h + F: Documentation/devicetree/bindings/net/nfc/ + + NFS, SUNRPC, AND LOCKD CLIENTS +diff --git a/drivers/nfc/nxp-nci/core.c b/drivers/nfc/nxp-nci/core.c +index 8dafc696719f..aed18ca60170 100644 +--- a/drivers/nfc/nxp-nci/core.c ++++ b/drivers/nfc/nxp-nci/core.c +@@ -14,7 +14,6 @@ + #include + #include + #include +-#include + + #include + +diff --git a/drivers/nfc/nxp-nci/i2c.c b/drivers/nfc/nxp-nci/i2c.c +index 5db71869f04b..47b3b7e612e6 100644 +--- a/drivers/nfc/nxp-nci/i2c.c ++++ b/drivers/nfc/nxp-nci/i2c.c +@@ -23,7 +23,6 @@ + #include + #include + #include +-#include + #include + + #include +@@ -304,7 +303,6 @@ static int nxp_nci_i2c_probe(struct i2c_client *client, + const struct i2c_device_id *id) + { + struct nxp_nci_i2c_phy *phy; +- struct nxp_nci_nfc_platform_data *pdata; + int r; + + if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { +@@ -323,17 +321,12 @@ static int nxp_nci_i2c_probe(struct i2c_client *client, + phy->i2c_dev = client; + i2c_set_clientdata(client, phy); + +- pdata = client->dev.platform_data; +- +- if (!pdata && client->dev.of_node) { ++ if (client->dev.of_node) { + r = nxp_nci_i2c_parse_devtree(client); + if (r < 0) { + nfc_err(&client->dev, "Failed to get DT data\n"); + goto probe_exit; + } +- } else if (pdata) { +- phy->gpio_en = pdata->gpio_en; +- phy->gpio_fw = pdata->gpio_fw; + } else if (ACPI_HANDLE(&client->dev)) { + r = nxp_nci_i2c_acpi_config(phy); + if (r < 0) +diff --git a/drivers/nfc/nxp-nci/nxp-nci.h b/drivers/nfc/nxp-nci/nxp-nci.h +index 6fe7c45544bf..ae3fb2735a4e 100644 +--- a/drivers/nfc/nxp-nci/nxp-nci.h ++++ b/drivers/nfc/nxp-nci/nxp-nci.h +@@ -14,7 +14,6 @@ + #include + #include + #include +-#include + + #include + +diff --git a/include/linux/platform_data/nxp-nci.h b/include/linux/platform_data/nxp-nci.h +deleted file mode 100644 +index 97827ad468e2..000000000000 +--- a/include/linux/platform_data/nxp-nci.h ++++ /dev/null +@@ -1,19 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0-only */ +-/* +- * Generic platform data for the NXP NCI NFC chips. +- * +- * Copyright (C) 2014 NXP Semiconductors All rights reserved. +- * +- * Authors: Clément Perrochaud +- */ +- +-#ifndef _NXP_NCI_H_ +-#define _NXP_NCI_H_ +- +-struct nxp_nci_nfc_platform_data { +- unsigned int gpio_en; +- unsigned int gpio_fw; +- unsigned int irq; +-}; +- +-#endif /* _NXP_NCI_H_ */ +-- +2.26.2 + diff --git a/patches.suse/Revert-arm64-vdso-Fix-compilation-with-clang-older-t.patch b/patches.suse/Revert-arm64-vdso-Fix-compilation-with-clang-older-t.patch new file mode 100644 index 0000000..5b0fb26 --- /dev/null +++ b/patches.suse/Revert-arm64-vdso-Fix-compilation-with-clang-older-t.patch @@ -0,0 +1,55 @@ +From: Nick Desaulniers +Date: Tue, 13 Oct 2020 16:47:44 -0700 +Subject: Revert "arm64: vdso: Fix compilation with clang older than 8" + +Git-commit: 3759da22e5c0dfc25ee5296ca470262204ba35a8 +Patch-mainline: v5.10-rc1 +References: git-fixes + +This reverts commit 3acf4be235280f14d838581a750532219d67facc. + +The minimum supported version of clang is clang 10.0.1. + +Suggested-by: Nathan Chancellor +Signed-off-by: Nick Desaulniers +Signed-off-by: Andrew Morton +Reviewed-by: Kees Cook +Reviewed-by: Nathan Chancellor +Cc: Andrey Konovalov +Cc: Fangrui Song +Cc: Marco Elver +Cc: Miguel Ojeda +Cc: Sedat Dilek +Cc: Alexei Starovoitov +Cc: Daniel Borkmann +Cc: Masahiro Yamada +Cc: Vincenzo Frascino +Cc: Will Deacon +Link: https://lkml.kernel.org/r/20200902225911.209899-5-ndesaulniers@google.com +Signed-off-by: Linus Torvalds +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/kernel/vdso/Makefile | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile +index 45d5cfe46429..04021a93171c 100644 +--- a/arch/arm64/kernel/vdso/Makefile ++++ b/arch/arm64/kernel/vdso/Makefile +@@ -43,13 +43,6 @@ ifneq ($(c-gettimeofday-y),) + CFLAGS_vgettimeofday.o += -include $(c-gettimeofday-y) + endif + +-# Clang versions less than 8 do not support -mcmodel=tiny +-ifeq ($(CONFIG_CC_IS_CLANG), y) +- ifeq ($(shell test $(CONFIG_CLANG_VERSION) -lt 80000; echo $$?),0) +- CFLAGS_REMOVE_vgettimeofday.o += -mcmodel=tiny +- endif +-endif +- + # Disable gcov profiling for VDSO code + GCOV_PROFILE := n + +-- +2.26.2 + diff --git a/patches.suse/Revert-gdrom-fix-a-memory-leak-bug.patch b/patches.suse/Revert-gdrom-fix-a-memory-leak-bug.patch new file mode 100644 index 0000000..9e327b5 --- /dev/null +++ b/patches.suse/Revert-gdrom-fix-a-memory-leak-bug.patch @@ -0,0 +1,52 @@ +From 257343d3ed557f11d580d0b7c515dc154f64a42b Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Mon, 3 May 2021 13:56:53 +0200 +Subject: [PATCH] Revert "gdrom: fix a memory leak bug" +Git-commit: 257343d3ed557f11d580d0b7c515dc154f64a42b +Patch-mainline: v5.13-rc3 +References: git-fixes + +This reverts commit 093c48213ee37c3c3ff1cf5ac1aa2a9d8bc66017. + +Because of recent interactions with developers from @umn.edu, all +commits from them have been recently re-reviewed to ensure if they were +correct or not. + +Upon review, this commit was found to be incorrect for the reasons +below, so it must be reverted. It will be fixed up "correctly" in a +later kernel change. + +Because of this, all submissions from this group must be reverted from +the kernel tree and will need to be re-reviewed again to determine if +they actually are a valid fix. Until that work is complete, remove this +change to ensure that no problems are being introduced into the +codebase. + +Cc: Wenwen Wang +Cc: Peter Rosin +Cc: Jens Axboe +Fixes: 093c48213ee3 ("gdrom: fix a memory leak bug") +Cc: stable +Link: https://lore.kernel.org/r/20210503115736.2104747-27-gregkh@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/cdrom/gdrom.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c +index 742b4a0932e3..7f681320c7d3 100644 +--- a/drivers/cdrom/gdrom.c ++++ b/drivers/cdrom/gdrom.c +@@ -862,7 +862,6 @@ static void __exit exit_gdrom(void) + platform_device_unregister(pd); + platform_driver_unregister(&gdrom_driver); + kfree(gd.toc); +- kfree(gd.cd_info); + } + + module_init(init_gdrom); +-- +2.26.2 + diff --git a/patches.suse/SUNRPC-More-fixes-for-backlog-congestion.patch b/patches.suse/SUNRPC-More-fixes-for-backlog-congestion.patch new file mode 100644 index 0000000..3db8468 --- /dev/null +++ b/patches.suse/SUNRPC-More-fixes-for-backlog-congestion.patch @@ -0,0 +1,229 @@ +From: Trond Myklebust +Date: Tue, 25 May 2021 18:43:38 -0400 +Subject: [PATCH] SUNRPC: More fixes for backlog congestion +Git-commit: e86be3a04bc4aeaf12f93af35f08f8d4385bcd98 +Patch-mainline: v5.13-rc4 +References: bsc#1185428 + +Ensure that we fix the XPRT_CONGESTED starvation issue for RDMA as well +as socket based transports. +Ensure we always initialise the request after waking up from the backlog +list. + +Fixes: e877a88d1f06 ("SUNRPC in case of backlog, hand free slots directly to waiting task") +Signed-off-by: Trond Myklebust +Acked-by: NeilBrown + +--- + include/linux/sunrpc/xprt.h | 2 + + net/sunrpc/xprt.c | 60 +++++++++++++++++++--------------------- + net/sunrpc/xprtrdma/transport.c | 12 ++++---- + net/sunrpc/xprtrdma/verbs.c | 18 ++++++++++-- + net/sunrpc/xprtrdma/xprt_rdma.h | 1 + 5 files changed, 53 insertions(+), 40 deletions(-) + +--- a/include/linux/sunrpc/xprt.h ++++ b/include/linux/sunrpc/xprt.h +@@ -377,6 +377,8 @@ struct rpc_xprt * xprt_alloc(struct net + unsigned int num_prealloc, + unsigned int max_req); + void xprt_free(struct rpc_xprt *); ++void xprt_add_backlog(struct rpc_xprt *xprt, struct rpc_task *task); ++bool xprt_wake_up_backlog(struct rpc_xprt *xprt, struct rpc_rqst *req); + + static inline int + xprt_enable_swap(struct rpc_xprt *xprt) +--- a/net/sunrpc/xprt.c ++++ b/net/sunrpc/xprt.c +@@ -1542,11 +1542,18 @@ xprt_transmit(struct rpc_task *task) + spin_unlock(&xprt->queue_lock); + } + +-static void xprt_add_backlog(struct rpc_xprt *xprt, struct rpc_task *task) ++static void xprt_complete_request_init(struct rpc_task *task) ++{ ++ if (task->tk_rqstp) ++ xprt_request_init(task); ++} ++ ++void xprt_add_backlog(struct rpc_xprt *xprt, struct rpc_task *task) + { + set_bit(XPRT_CONGESTED, &xprt->state); +- rpc_sleep_on(&xprt->backlog, task, NULL); ++ rpc_sleep_on(&xprt->backlog, task, xprt_complete_request_init); + } ++EXPORT_SYMBOL_GPL(xprt_add_backlog); + + static bool __xprt_set_rq(struct rpc_task *task, void *data) + { +@@ -1554,14 +1561,13 @@ static bool __xprt_set_rq(struct rpc_tas + + if (task->tk_rqstp == NULL) { + memset(req, 0, sizeof(*req)); /* mark unused */ +- task->tk_status = -EAGAIN; + task->tk_rqstp = req; + return true; + } + return false; + } + +-static bool xprt_wake_up_backlog(struct rpc_xprt *xprt, struct rpc_rqst *req) ++bool xprt_wake_up_backlog(struct rpc_xprt *xprt, struct rpc_rqst *req) + { + if (rpc_wake_up_first(&xprt->backlog, __xprt_set_rq, req) == NULL) { + clear_bit(XPRT_CONGESTED, &xprt->state); +@@ -1569,6 +1575,7 @@ static bool xprt_wake_up_backlog(struct + } + return true; + } ++EXPORT_SYMBOL_GPL(xprt_wake_up_backlog); + + static bool xprt_throttle_congested(struct rpc_xprt *xprt, struct rpc_task *task) + { +@@ -1578,7 +1585,7 @@ static bool xprt_throttle_congested(stru + goto out; + spin_lock(&xprt->reserve_lock); + if (test_bit(XPRT_CONGESTED, &xprt->state)) { +- rpc_sleep_on(&xprt->backlog, task, NULL); ++ xprt_add_backlog(xprt, task); + ret = true; + } + spin_unlock(&xprt->reserve_lock); +@@ -1747,10 +1754,6 @@ xprt_request_init(struct rpc_task *task) + struct rpc_xprt *xprt = task->tk_xprt; + struct rpc_rqst *req = task->tk_rqstp; + +- if (req->rq_task) +- /* Already initialized */ +- return; +- + req->rq_task = task; + req->rq_xprt = xprt; + req->rq_buffer = NULL; +@@ -1811,10 +1814,8 @@ void xprt_retry_reserve(struct rpc_task + struct rpc_xprt *xprt = task->tk_xprt; + + task->tk_status = 0; +- if (task->tk_rqstp != NULL) { +- xprt_request_init(task); ++ if (task->tk_rqstp != NULL) + return; +- } + + task->tk_status = -EAGAIN; + xprt_do_reserve(xprt, task); +@@ -1839,25 +1840,22 @@ void xprt_release(struct rpc_task *task) + } + + xprt = req->rq_xprt; +- if (xprt) { +- xprt_request_dequeue_xprt(task); +- spin_lock(&xprt->transport_lock); +- xprt->ops->release_xprt(xprt, task); +- if (xprt->ops->release_request) +- xprt->ops->release_request(task); +- xprt_schedule_autodisconnect(xprt); +- spin_unlock(&xprt->transport_lock); +- if (req->rq_buffer) +- xprt->ops->buf_free(task); +- xprt_inject_disconnect(xprt); +- xdr_free_bvec(&req->rq_rcv_buf); +- xdr_free_bvec(&req->rq_snd_buf); +- if (req->rq_cred != NULL) +- put_rpccred(req->rq_cred); +- if (req->rq_release_snd_buf) +- req->rq_release_snd_buf(req); +- } else +- xprt = task->tk_xprt; ++ xprt_request_dequeue_xprt(task); ++ spin_lock(&xprt->transport_lock); ++ xprt->ops->release_xprt(xprt, task); ++ if (xprt->ops->release_request) ++ xprt->ops->release_request(task); ++ xprt_schedule_autodisconnect(xprt); ++ spin_unlock(&xprt->transport_lock); ++ if (req->rq_buffer) ++ xprt->ops->buf_free(task); ++ xprt_inject_disconnect(xprt); ++ xdr_free_bvec(&req->rq_rcv_buf); ++ xdr_free_bvec(&req->rq_snd_buf); ++ if (req->rq_cred != NULL) ++ put_rpccred(req->rq_cred); ++ if (req->rq_release_snd_buf) ++ req->rq_release_snd_buf(req); + + task->tk_rqstp = NULL; + dprintk("RPC: %5u release request %p\n", task->tk_pid, req); +--- a/net/sunrpc/xprtrdma/transport.c ++++ b/net/sunrpc/xprtrdma/transport.c +@@ -557,9 +557,8 @@ xprt_rdma_alloc_slot(struct rpc_xprt *xp + return; + + out_sleep: +- set_bit(XPRT_CONGESTED, &xprt->state); +- rpc_sleep_on(&xprt->backlog, task, NULL); + task->tk_status = -EAGAIN; ++ xprt_add_backlog(xprt, task); + } + + /** +@@ -574,10 +573,11 @@ xprt_rdma_free_slot(struct rpc_xprt *xpr + struct rpcrdma_xprt *r_xprt = + container_of(xprt, struct rpcrdma_xprt, rx_xprt); + +- memset(rqst, 0, sizeof(*rqst)); +- rpcrdma_buffer_put(&r_xprt->rx_buf, rpcr_to_rdmar(rqst)); +- if (unlikely(!rpc_wake_up_next(&xprt->backlog))) +- clear_bit(XPRT_CONGESTED, &xprt->state); ++ rpcrdma_reply_put(&r_xprt->rx_buf, rpcr_to_rdmar(rqst)); ++ if (!xprt_wake_up_backlog(xprt, rqst)) { ++ memset(rqst, 0, sizeof(*rqst)); ++ rpcrdma_buffer_put(&r_xprt->rx_buf, rpcr_to_rdmar(rqst)); ++ } + } + + static bool rpcrdma_check_regbuf(struct rpcrdma_xprt *r_xprt, +--- a/net/sunrpc/xprtrdma/verbs.c ++++ b/net/sunrpc/xprtrdma/verbs.c +@@ -1308,6 +1308,20 @@ void rpcrdma_mr_put(struct rpcrdma_mr *m + } + + /** ++ * rpcrdma_reply_put - Put reply buffers back into pool ++ * @buffers: buffer pool ++ * @req: object to return ++ * ++ */ ++void rpcrdma_reply_put(struct rpcrdma_buffer *buffers, struct rpcrdma_req *req) ++{ ++ if (req->rl_reply) { ++ rpcrdma_rep_put(buffers, req->rl_reply); ++ req->rl_reply = NULL; ++ } ++} ++ ++/** + * rpcrdma_buffer_get - Get a request buffer + * @buffers: Buffer pool from which to obtain a buffer + * +@@ -1335,9 +1349,7 @@ rpcrdma_buffer_get(struct rpcrdma_buffer + */ + void rpcrdma_buffer_put(struct rpcrdma_buffer *buffers, struct rpcrdma_req *req) + { +- if (req->rl_reply) +- rpcrdma_rep_put(buffers, req->rl_reply); +- req->rl_reply = NULL; ++ rpcrdma_reply_put(buffers, req); + + spin_lock(&buffers->rb_lock); + list_add(&req->rl_list, &buffers->rb_send_bufs); +--- a/net/sunrpc/xprtrdma/xprt_rdma.h ++++ b/net/sunrpc/xprtrdma/xprt_rdma.h +@@ -492,6 +492,7 @@ struct rpcrdma_req *rpcrdma_buffer_get(s + void rpcrdma_buffer_put(struct rpcrdma_buffer *buffers, + struct rpcrdma_req *req); + void rpcrdma_recv_buffer_put(struct rpcrdma_rep *); ++void rpcrdma_reply_put(struct rpcrdma_buffer *buffers, struct rpcrdma_req *req); + + bool rpcrdma_regbuf_realloc(struct rpcrdma_regbuf *rb, size_t size, + gfp_t flags); diff --git a/patches.suse/SUNRPC-in-case-of-backlog-hand-free-slots-directly-t.patch b/patches.suse/SUNRPC-in-case-of-backlog-hand-free-slots-directly-t.patch index a2a035a..8284419 100644 --- a/patches.suse/SUNRPC-in-case-of-backlog-hand-free-slots-directly-t.patch +++ b/patches.suse/SUNRPC-in-case-of-backlog-hand-free-slots-directly-t.patch @@ -3,8 +3,7 @@ Date: Mon, 17 May 2021 09:34:38 +1000 Subject: [PATCH] SUNRPC in case of backlog, hand free slots directly to waiting task Git-commit: e877a88d1f069edced4160792f42c2a8e2dba942 -Git-repo: git://git.linux-nfs.org/projects/trondmy/nfs-2.6.git -Patch-mainline: Queued in subsystem maintainer repository +Patch-mainline: v5.13-rc4 References: bsc#1185428 If sunrpc.tcp_max_slot_table_entries is small and there are tasks diff --git a/patches.suse/USB-trancevibrator-fix-control-request-direction.patch b/patches.suse/USB-trancevibrator-fix-control-request-direction.patch new file mode 100644 index 0000000..2f15d90 --- /dev/null +++ b/patches.suse/USB-trancevibrator-fix-control-request-direction.patch @@ -0,0 +1,45 @@ +From 746e4acf87bcacf1406e05ef24a0b7139147c63e Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Fri, 21 May 2021 15:31:09 +0200 +Subject: [PATCH] USB: trancevibrator: fix control-request direction +Git-commit: 746e4acf87bcacf1406e05ef24a0b7139147c63e +Patch-mainline: v5.13-rc4 +References: git-fixes + +The direction of the pipe argument must match the request-type direction +bit or control requests may fail depending on the host-controller-driver +implementation. + +Fix the set-speed request which erroneously used USB_DIR_IN and update +the default timeout argument to match (same value). + +Fixes: 5638e4d92e77 ("USB: add PlayStation 2 Trance Vibrator driver") +Cc: stable@vger.kernel.org # 2.6.19 +Signed-off-by: Johan Hovold +Link: https://lore.kernel.org/r/20210521133109.17396-1-johan@kernel.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/misc/trancevibrator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/usb/misc/trancevibrator.c b/drivers/usb/misc/trancevibrator.c +index a3dfc77578ea..26baba3ab7d7 100644 +--- a/drivers/usb/misc/trancevibrator.c ++++ b/drivers/usb/misc/trancevibrator.c +@@ -61,9 +61,9 @@ static ssize_t speed_store(struct device *dev, struct device_attribute *attr, + /* Set speed */ + retval = usb_control_msg(tv->udev, usb_sndctrlpipe(tv->udev, 0), + 0x01, /* vendor request: set speed */ +- USB_DIR_IN | USB_TYPE_VENDOR | USB_RECIP_OTHER, ++ USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_OTHER, + tv->speed, /* speed value */ +- 0, NULL, 0, USB_CTRL_GET_TIMEOUT); ++ 0, NULL, 0, USB_CTRL_SET_TIMEOUT); + if (retval) { + tv->speed = old; + dev_dbg(&tv->udev->dev, "retval = %d\n", retval); +-- +2.26.2 + diff --git a/patches.suse/arm-mm-use-__pfn_to_section-to-get-mem_section.patch b/patches.suse/arm-mm-use-__pfn_to_section-to-get-mem_section.patch new file mode 100644 index 0000000..597a400 --- /dev/null +++ b/patches.suse/arm-mm-use-__pfn_to_section-to-get-mem_section.patch @@ -0,0 +1,37 @@ +From: Guixiong Wei +Date: Fri, 1 May 2020 06:18:58 +1400 +Subject: arm: mm: use __pfn_to_section() to get mem_section + +Git-commit: 037d9303a7e7bac622e299817c5dd288346db07c +Patch-mainline: v5.8-rc1 +References: git-fixes + +Replace the open-coded '__nr_to_section(pfn_to_section_nr(pfn))' in +pfn_valid() with a more concise call to '__pfn_to_section(pfn)'. + +No functional change. + +Signed-off-by: Guixiong Wei +Link: https://lore.kernel.org/r/20200430161858.11379-1-guixiongwei@gmail.com +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/mm/init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c +index e42727e3568e..d2df416b840e 100644 +--- a/arch/arm64/mm/init.c ++++ b/arch/arm64/mm/init.c +@@ -272,7 +272,7 @@ int pfn_valid(unsigned long pfn) + if (pfn_to_section_nr(pfn) >= NR_MEM_SECTIONS) + return 0; + +- if (!valid_section(__nr_to_section(pfn_to_section_nr(pfn)))) ++ if (!valid_section(__pfn_to_section(pfn))) + return 0; + #endif + return memblock_is_map_memory(addr); +-- +2.26.2 + diff --git a/patches.suse/arm64-Add-missing-ISB-after-invalidating-TLB-in-__pr.patch b/patches.suse/arm64-Add-missing-ISB-after-invalidating-TLB-in-__pr.patch new file mode 100644 index 0000000..41e3270 --- /dev/null +++ b/patches.suse/arm64-Add-missing-ISB-after-invalidating-TLB-in-__pr.patch @@ -0,0 +1,43 @@ +From: Marc Zyngier +Date: Wed, 24 Feb 2021 09:37:37 +0000 +Subject: arm64: Add missing ISB after invalidating TLB in __primary_switch + +Git-commit: 9d41053e8dc115c92b8002c3db5f545d7602498b +Patch-mainline: v5.12-rc1 +References: git-fixes + +Although there has been a bit of back and forth on the subject, it +appears that invalidating TLBs requires an ISB instruction when FEAT_ETS +is not implemented by the CPU. + +From the bible: + + | In an implementation that does not implement FEAT_ETS, a TLB + | maintenance instruction executed by a PE, PEx, can complete at any + | time after it is issued, but is only guaranteed to be finished for a + | PE, PEx, after the execution of DSB by the PEx followed by a Context + | synchronization event + +Add the missing ISB in __primary_switch, just in case. + +Fixes: 3c5e9f238bc4 ("arm64: head.S: move KASLR processing out of __enable_mmu()") +Suggested-by: Will Deacon +Signed-off-by: Marc Zyngier +Acked-by: Mark Rutland +Link: https://lore.kernel.org/r/20210224093738.3629662-3-maz@kernel.org +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/kernel/head.S | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/kernel/head.S ++++ b/arch/arm64/kernel/head.S +@@ -872,6 +872,7 @@ __primary_switch: + + tlbi vmalle1 // Remove any stale TLB entries + dsb nsh ++ isb + + msr sctlr_el1, x19 // re-enable the MMU + isb diff --git a/patches.suse/arm64-avoid-Woverride-init-warning.patch b/patches.suse/arm64-avoid-Woverride-init-warning.patch new file mode 100644 index 0000000..3fd7eaf --- /dev/null +++ b/patches.suse/arm64-avoid-Woverride-init-warning.patch @@ -0,0 +1,79 @@ +From: Arnd Bergmann +Date: Mon, 26 Oct 2020 20:37:46 +0100 +Subject: arm64: avoid -Woverride-init warning + +Git-commit: 332576e69a046b9b33f49bd0c3c071cc98215b60 +Patch-mainline: v5.10-rc2 +References: git-fixes + +The icache_policy_str[] definition causes a warning when extra +warning flags are enabled: + +arch/arm64/kernel/cpuinfo.c:38:26: warning: initialized field overwritten [-Woverride-init] + 38 | [ICACHE_POLICY_VIPT] = "VIPT", + | ^~~~~~ +arch/arm64/kernel/cpuinfo.c:38:26: note: (near initialization for 'icache_policy_str[2]') +arch/arm64/kernel/cpuinfo.c:39:26: warning: initialized field overwritten [-Woverride-init] + 39 | [ICACHE_POLICY_PIPT] = "PIPT", + | ^~~~~~ +arch/arm64/kernel/cpuinfo.c:39:26: note: (near initialization for 'icache_policy_str[3]') +arch/arm64/kernel/cpuinfo.c:40:27: warning: initialized field overwritten [-Woverride-init] + 40 | [ICACHE_POLICY_VPIPT] = "VPIPT", + | ^~~~~~~ +arch/arm64/kernel/cpuinfo.c:40:27: note: (near initialization for 'icache_policy_str[0]') + +There is no real need for the default initializer here, as printing a +NULL string is harmless. Rewrite the logic to have an explicit +reserved value for the only one that uses the default value. + +This partially reverts the commit that removed ICACHE_POLICY_AIVIVT. + +Fixes: 155433cb365e ("arm64: cache: Remove support for ASID-tagged VIVT I-caches") +Signed-off-by: Arnd Bergmann +Link: https://lore.kernel.org/r/20201026193807.3816388-1-arnd@kernel.org +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/include/asm/cache.h | 1 + + arch/arm64/kernel/cpuinfo.c | 8 ++++---- + 2 files changed, 5 insertions(+), 4 deletions(-) + +--- a/arch/arm64/include/asm/cache.h ++++ b/arch/arm64/include/asm/cache.h +@@ -24,6 +24,7 @@ + #define CTR_L1IP(ctr) (((ctr) >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK) + + #define ICACHE_POLICY_VPIPT 0 ++#define ICACHE_POLICY_RESERVED 1 + #define ICACHE_POLICY_VIPT 2 + #define ICACHE_POLICY_PIPT 3 + +--- a/arch/arm64/kernel/cpuinfo.c ++++ b/arch/arm64/kernel/cpuinfo.c +@@ -34,10 +34,10 @@ DEFINE_PER_CPU(struct cpuinfo_arm64, cpu + static struct cpuinfo_arm64 boot_cpu_data; + + static char *icache_policy_str[] = { +- [0 ... ICACHE_POLICY_PIPT] = "RESERVED/UNKNOWN", ++ [ICACHE_POLICY_VPIPT] = "VPIPT", ++ [ICACHE_POLICY_RESERVED] = "RESERVED/UNKNOWN", + [ICACHE_POLICY_VIPT] = "VIPT", + [ICACHE_POLICY_PIPT] = "PIPT", +- [ICACHE_POLICY_VPIPT] = "VPIPT", + }; + + unsigned long __icache_flags; +@@ -314,11 +314,11 @@ static void cpuinfo_detect_icache_policy + case ICACHE_POLICY_VPIPT: + set_bit(ICACHEF_VPIPT, &__icache_flags); + break; +- default: +- /* Fallthrough */ ++ case ICACHE_POLICY_RESERVED: + case ICACHE_POLICY_VIPT: + /* Assume aliasing */ + set_bit(ICACHEF_ALIASING, &__icache_flags); ++ break; + } + + pr_info("Detected %s I-cache on CPU%d\n", icache_policy_str[l1ip], cpu); diff --git a/patches.suse/arm64-kasan-fix-page_alloc-tagging-with-DEBUG_VIRTUA.patch b/patches.suse/arm64-kasan-fix-page_alloc-tagging-with-DEBUG_VIRTUA.patch new file mode 100644 index 0000000..949c1b1 --- /dev/null +++ b/patches.suse/arm64-kasan-fix-page_alloc-tagging-with-DEBUG_VIRTUA.patch @@ -0,0 +1,40 @@ +From: Andrey Konovalov +Date: Mon, 8 Mar 2021 17:10:23 +0100 +Subject: arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL + +Git-commit: 86c83365ab76e4b43cedd3ce07a07d32a4dc79ba +Patch-mainline: v5.12-rc3 +References: git-fixes + +When CONFIG_DEBUG_VIRTUAL is enabled, the default page_to_virt() macro +implementation from include/linux/mm.h is used. That definition doesn't +account for KASAN tags, which leads to no tags on page_alloc allocations. + +Provide an arm64-specific definition for page_to_virt() when +CONFIG_DEBUG_VIRTUAL is enabled that takes care of KASAN tags. + +Fixes: 2813b9c02962 ("kasan, mm, arm64: tag non slab memory allocated via pagealloc") +Cc: +Signed-off-by: Andrey Konovalov +Reviewed-by: Catalin Marinas +Link: https://lore.kernel.org/r/4b55b35202706223d3118230701c6a59749d9b72.1615219501.git.andreyknvl@google.com +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/include/asm/memory.h | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/arm64/include/asm/memory.h ++++ b/arch/arm64/include/asm/memory.h +@@ -296,6 +296,11 @@ static inline void *phys_to_virt(phys_ad + #define ARCH_PFN_OFFSET ((unsigned long)PHYS_PFN_OFFSET) + + #if !defined(CONFIG_SPARSEMEM_VMEMMAP) || defined(CONFIG_DEBUG_VIRTUAL) ++#define page_to_virt(x) ({ \ ++ __typeof__(x) __page = x; \ ++ void *__addr = __va(page_to_phys(__page)); \ ++ (void *)__tag_set((const void *)__addr, page_kasan_tag(__page));\ ++}) + #define virt_to_page(kaddr) pfn_to_page(__pa(kaddr) >> PAGE_SHIFT) + #define _virt_addr_valid(kaddr) pfn_valid(__pa(kaddr) >> PAGE_SHIFT) + #else diff --git a/patches.suse/arm64-kdump-update-ppos-when-reading-elfcorehdr.patch b/patches.suse/arm64-kdump-update-ppos-when-reading-elfcorehdr.patch new file mode 100644 index 0000000..972456f --- /dev/null +++ b/patches.suse/arm64-kdump-update-ppos-when-reading-elfcorehdr.patch @@ -0,0 +1,39 @@ +From: Pavel Tatashin +Date: Fri, 19 Mar 2021 16:50:54 -0400 +Subject: arm64: kdump: update ppos when reading elfcorehdr + +Git-commit: 141f8202cfa4192c3af79b6cbd68e7760bb01b5a +Patch-mainline: v5.12-rc5 +References: git-fixes + +The ppos points to a position in the old kernel memory (and in case of +arm64 in the crash kernel since elfcorehdr is passed as a segment). The +function should update the ppos by the amount that was read. This bug is +not exposed by accident, but other platforms update this value properly. +So, fix it in ARM64 version of elfcorehdr_read() as well. + +Signed-off-by: Pavel Tatashin +Fixes: e62aaeac426a ("arm64: kdump: provide /proc/vmcore file") +Reviewed-by: Tyler Hicks +Link: https://lore.kernel.org/r/20210319205054.743368-1-pasha.tatashin@soleen.com +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/kernel/crash_dump.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/arm64/kernel/crash_dump.c b/arch/arm64/kernel/crash_dump.c +index e6e284265f19..58303a9ec32c 100644 +--- a/arch/arm64/kernel/crash_dump.c ++++ b/arch/arm64/kernel/crash_dump.c +@@ -64,5 +64,7 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf, + ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos) + { + memcpy(buf, phys_to_virt((phys_addr_t)*ppos), count); ++ *ppos += count; ++ + return count; + } +-- +2.26.2 + diff --git a/patches.suse/arm64-kexec_file-fix-memory-leakage-in-create_dtb-wh.patch b/patches.suse/arm64-kexec_file-fix-memory-leakage-in-create_dtb-wh.patch new file mode 100644 index 0000000..46f571e --- /dev/null +++ b/patches.suse/arm64-kexec_file-fix-memory-leakage-in-create_dtb-wh.patch @@ -0,0 +1,41 @@ +From: qiuguorui1 +Date: Thu, 18 Feb 2021 20:59:00 +0800 +Subject: arm64: kexec_file: fix memory leakage in create_dtb() when + fdt_open_into() fails + +Git-commit: 656d1d58d8e0958d372db86c24f0b2ea36f50888 +Patch-mainline: v5.12-rc1 +References: git-fixes + +in function create_dtb(), if fdt_open_into() fails, we need to vfree +buf before return. + +Fixes: 52b2a8af7436 ("arm64: kexec_file: load initrd and device-tree") +Cc: stable@vger.kernel.org # v5.0 +Signed-off-by: qiuguorui1 +Link: https://lore.kernel.org/r/20210218125900.6810-1-qiuguorui1@huawei.com +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/kernel/machine_kexec_file.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/kernel/machine_kexec_file.c b/arch/arm64/kernel/machine_kexec_file.c +index 03210f644790..0cde47a63beb 100644 +--- a/arch/arm64/kernel/machine_kexec_file.c ++++ b/arch/arm64/kernel/machine_kexec_file.c +@@ -182,8 +182,10 @@ static int create_dtb(struct kimage *image, + + /* duplicate a device tree blob */ + ret = fdt_open_into(initial_boot_params, buf, buf_size); +- if (ret) ++ if (ret) { ++ vfree(buf); + return -EINVAL; ++ } + + ret = setup_dtb(image, initrd_load_addr, initrd_len, + cmdline, buf); +-- +2.26.2 + diff --git a/patches.suse/arm64-link-with-z-norelro-for-LLD-or-aarch64-elf.patch b/patches.suse/arm64-link-with-z-norelro-for-LLD-or-aarch64-elf.patch new file mode 100644 index 0000000..fffa1f6 --- /dev/null +++ b/patches.suse/arm64-link-with-z-norelro-for-LLD-or-aarch64-elf.patch @@ -0,0 +1,84 @@ +From: Nick Desaulniers +Date: Thu, 17 Dec 2020 16:24:32 -0800 +Subject: arm64: link with -z norelro for LLD or aarch64-elf +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Git-commit: 311bea3cb9ee20ef150ca76fc60a592bf6b159f5 +Patch-mainline: v5.11-rc3 +References: git-fixes + +With GNU binutils 2.35+, linking with BFD produces warnings for vmlinux: +aarch64-linux-gnu-ld: warning: -z norelro ignored + +BFD can produce this warning when the target emulation mode does not +support RELRO program headers, and -z relro or -z norelro is passed. + +Alan Modra clarifies: + The default linker emulation for an aarch64-linux ld.bfd is + -maarch64linux, the default for an aarch64-elf linker is + -maarch64elf. They are not equivalent. If you choose -maarch64elf + you get an emulation that doesn't support -z relro. + +The ARCH=arm64 kernel prefers -maarch64elf, but may fall back to +-maarch64linux based on the toolchain configuration. + +LLD will always create RELRO program header regardless of target +emulation. + +To avoid the above warning when linking with BFD, pass -z norelro only +when linking with LLD or with -maarch64linux. + +Fixes: 3b92fa7485eb ("arm64: link with -z norelro regardless of CONFIG_RELOCATABLE") +Fixes: 3bbd3db86470 ("arm64: relocatable: fix inconsistencies in linker script and options") +Cc: # 5.0.x- +Reported-by: kernelci.org bot +Reported-by: Quentin Perret +Signed-off-by: Nick Desaulniers +Reviewed-by: Nathan Chancellor +Acked-by: Ard Biesheuvel +Cc: Alan Modra +Cc: Fāng-ruì Sòng +Link: https://lore.kernel.org/r/20201218002432.788499-1-ndesaulniers@google.com +Signed-off-by: Catalin Marinas +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/Makefile | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -10,7 +10,7 @@ + # + # Copyright (C) 1995-2001 by Russell King + +-LDFLAGS_vmlinux :=--no-undefined -X -z norelro ++LDFLAGS_vmlinux :=--no-undefined -X + CPPFLAGS_vmlinux.lds = -DTEXT_OFFSET=$(TEXT_OFFSET) + GZFLAGS :=-9 + +@@ -83,17 +83,21 @@ CHECKFLAGS += -D__AARCH64EB__ + AS += -EB + # Prefer the baremetal ELF build target, but not all toolchains include + # it so fall back to the standard linux version if needed. +-KBUILD_LDFLAGS += -EB $(call ld-option, -maarch64elfb, -maarch64linuxb) ++KBUILD_LDFLAGS += -EB $(call ld-option, -maarch64elfb, -maarch64linuxb -z norelro) + UTS_MACHINE := aarch64_be + else + KBUILD_CPPFLAGS += -mlittle-endian + CHECKFLAGS += -D__AARCH64EL__ + AS += -EL + # Same as above, prefer ELF but fall back to linux target if needed. +-KBUILD_LDFLAGS += -EL $(call ld-option, -maarch64elf, -maarch64linux) ++KBUILD_LDFLAGS += -EL $(call ld-option, -maarch64elf, -maarch64linux -z norelro) + UTS_MACHINE := aarch64 + endif + ++ifeq ($(CONFIG_LD_IS_LLD), y) ++KBUILD_LDFLAGS += -z norelro ++endif ++ + CHECKFLAGS += -D__aarch64__ + + ifeq ($(CONFIG_ARM64_MODULE_PLTS),y) diff --git a/patches.suse/arm64-link-with-z-norelro-regardless-of-CONFIG_RELOC.patch b/patches.suse/arm64-link-with-z-norelro-regardless-of-CONFIG_RELOC.patch new file mode 100644 index 0000000..b88d530 --- /dev/null +++ b/patches.suse/arm64-link-with-z-norelro-regardless-of-CONFIG_RELOC.patch @@ -0,0 +1,47 @@ +From: Nick Desaulniers +Date: Fri, 16 Oct 2020 10:53:39 -0700 +Subject: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE + +Git-commit: 3b92fa7485eba16b05166fddf38ab42f2ff6ab95 +Patch-mainline: v5.10-rc1 +References: git-fixes + +With CONFIG_EXPERT=y, CONFIG_KASAN=y, CONFIG_RANDOMIZE_BASE=n, +CONFIG_RELOCATABLE=n, we observe the following failure when trying to +link the kernel image with LD=ld.lld: + +error: section: .exit.data is not contiguous with other relro sections + +ld.lld defaults to -z relro while ld.bfd defaults to -z norelro. This +was previously fixed, but only for CONFIG_RELOCATABLE=y. + +Fixes: 3bbd3db86470 ("arm64: relocatable: fix inconsistencies in linker script and options") +Signed-off-by: Nick Desaulniers +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20201016175339.2429280-1-ndesaulniers@google.com +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -10,7 +10,7 @@ + # + # Copyright (C) 1995-2001 by Russell King + +-LDFLAGS_vmlinux :=--no-undefined -X ++LDFLAGS_vmlinux :=--no-undefined -X -z norelro + CPPFLAGS_vmlinux.lds = -DTEXT_OFFSET=$(TEXT_OFFSET) + GZFLAGS :=-9 + +@@ -18,7 +18,7 @@ ifeq ($(CONFIG_RELOCATABLE), y) + # Pass --no-apply-dynamic-relocs to restore pre-binutils-2.27 behaviour + # for relative relocs, since this leads to better Image compression + # with the relocation offsets always being zero. +-LDFLAGS_vmlinux += -shared -Bsymbolic -z notext -z norelro \ ++LDFLAGS_vmlinux += -shared -Bsymbolic -z notext \ + $(call ld-option, --no-apply-dynamic-relocs) + endif + diff --git a/patches.suse/arm64-mm-Fix-pfn_valid-for-ZONE_DEVICE-based-memory.patch b/patches.suse/arm64-mm-Fix-pfn_valid-for-ZONE_DEVICE-based-memory.patch new file mode 100644 index 0000000..2cefec8 --- /dev/null +++ b/patches.suse/arm64-mm-Fix-pfn_valid-for-ZONE_DEVICE-based-memory.patch @@ -0,0 +1,76 @@ +From: Anshuman Khandual +Date: Fri, 5 Mar 2021 10:54:57 +0530 +Subject: arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory + +Git-commit: eeb0753ba27b26f609e61f9950b14f1b934fe429 +Patch-mainline: v5.12-rc3 +References: git-fixes + +pfn_valid() validates a pfn but basically it checks for a valid struct page +backing for that pfn. It should always return positive for memory ranges +backed with struct page mapping. But currently pfn_valid() fails for all +ZONE_DEVICE based memory types even though they have struct page mapping. + +pfn_valid() asserts that there is a memblock entry for a given pfn without +MEMBLOCK_NOMAP flag being set. The problem with ZONE_DEVICE based memory is +that they do not have memblock entries. Hence memblock_is_map_memory() will +invariably fail via memblock_search() for a ZONE_DEVICE based address. This +eventually fails pfn_valid() which is wrong. memblock_is_map_memory() needs +to be skipped for such memory ranges. As ZONE_DEVICE memory gets hotplugged +into the system via memremap_pages() called from a driver, their respective +memory sections will not have SECTION_IS_EARLY set. + +Normal hotplug memory will never have MEMBLOCK_NOMAP set in their memblock +regions. Because the flag MEMBLOCK_NOMAP was specifically designed and set +for firmware reserved memory regions. memblock_is_map_memory() can just be +skipped as its always going to be positive and that will be an optimization +for the normal hotplug memory. Like ZONE_DEVICE based memory, all normal +hotplugged memory too will not have SECTION_IS_EARLY set for their sections + +Skipping memblock_is_map_memory() for all non early memory sections would +fix pfn_valid() problem for ZONE_DEVICE based memory and also improve its +performance for normal hotplug memory as well. + +Cc: Catalin Marinas +Cc: Will Deacon +Cc: Ard Biesheuvel +Cc: Robin Murphy +Cc: linux-arm-kernel@lists.infradead.org +Cc: linux-kernel@vger.kernel.org +Acked-by: David Hildenbrand +Fixes: 73b20c84d42d ("arm64: mm: implement pte_devmap support") +Signed-off-by: Anshuman Khandual +Acked-by: Catalin Marinas +Link: https://lore.kernel.org/r/1614921898-4099-2-git-send-email-anshuman.khandual@arm.com +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/mm/init.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c +index 0ace5e68efba..5920c527845a 100644 +--- a/arch/arm64/mm/init.c ++++ b/arch/arm64/mm/init.c +@@ -230,6 +230,18 @@ int pfn_valid(unsigned long pfn) + + if (!valid_section(__pfn_to_section(pfn))) + return 0; ++ ++ /* ++ * ZONE_DEVICE memory does not have the memblock entries. ++ * memblock_is_map_memory() check for ZONE_DEVICE based ++ * addresses will always fail. Even the normal hotplugged ++ * memory will never have MEMBLOCK_NOMAP flag set in their ++ * memblock entries. Skip memblock search for all non early ++ * memory sections covering all of hotplug memory including ++ * both normal and ZONE_DEVICE based. ++ */ ++ if (!early_section(__pfn_to_section(pfn))) ++ return pfn_section_valid(__pfn_to_section(pfn), pfn); + #endif + return memblock_is_map_memory(addr); + } +-- +2.26.2 + diff --git a/patches.suse/arm64-ptrace-Fix-seccomp-of-traced-syscall-1-NO_SYSC.patch b/patches.suse/arm64-ptrace-Fix-seccomp-of-traced-syscall-1-NO_SYSC.patch new file mode 100644 index 0000000..222d910 --- /dev/null +++ b/patches.suse/arm64-ptrace-Fix-seccomp-of-traced-syscall-1-NO_SYSC.patch @@ -0,0 +1,56 @@ +From: Timothy E Baldwin +Date: Sat, 16 Jan 2021 15:18:54 +0000 +Subject: arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) + +Git-commit: df84fe94708985cdfb78a83148322bcd0a699472 +Patch-mainline: v5.12-rc1 +References: git-fixes + +Since commit f086f67485c5 ("arm64: ptrace: add support for syscall +emulation"), if system call number -1 is called and the process is being +traced with PTRACE_SYSCALL, for example by strace, the seccomp check is +skipped and -ENOSYS is returned unconditionally (unless altered by the +tracer) rather than carrying out action specified in the seccomp filter. + +The consequence of this is that it is not possible to reliably strace +a seccomp based implementation of a foreign system call interface in +which r7/x8 is permitted to be -1 on entry to a system call. + +Also trace_sys_enter and audit_syscall_entry are skipped if a system +call is skipped. + +Fix by removing the in_syscall(regs) check restoring the previous +behaviour which is like AArch32, x86 (which uses generic code) and +everything else. + +Cc: Oleg Nesterov +Cc: Catalin Marinas +Cc: +Fixes: f086f67485c5 ("arm64: ptrace: add support for syscall emulation") +Reviewed-by: Kees Cook +Reviewed-by: Sudeep Holla +Tested-by: Sudeep Holla +Signed-off-by: Timothy E Baldwin +Link: https://lore.kernel.org/r/90edd33b-6353-1228-791f-0336d94d5f8c@majoroak.me.uk +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/kernel/ptrace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c +index 3d5c8afca75b..170f42fd6101 100644 +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1797,7 +1797,7 @@ int syscall_trace_enter(struct pt_regs *regs) + + if (flags & (_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE)) { + tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); +- if (!in_syscall(regs) || (flags & _TIF_SYSCALL_EMU)) ++ if (flags & _TIF_SYSCALL_EMU) + return NO_SYSCALL; + } + +-- +2.26.2 + diff --git a/patches.suse/arm64-ptrace-Use-NO_SYSCALL-instead-of-1-in-syscall_.patch b/patches.suse/arm64-ptrace-Use-NO_SYSCALL-instead-of-1-in-syscall_.patch new file mode 100644 index 0000000..30da932 --- /dev/null +++ b/patches.suse/arm64-ptrace-Use-NO_SYSCALL-instead-of-1-in-syscall_.patch @@ -0,0 +1,40 @@ +From: Will Deacon +Date: Fri, 10 Jul 2020 13:20:57 +0100 +Subject: arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() + +Git-commit: d83ee6e3e75db6f518ef2b0858f163849f2ddeb7 +Patch-mainline: v5.8-rc6 +References: git-fixes + +Setting a system call number of -1 is special, as it indicates that the +current system call should be skipped. + +Use NO_SYSCALL instead of -1 when checking for this scenario, which is +different from the -1 returned due to a seccomp failure. + +Cc: Mark Rutland +Cc: Keno Fischer +Cc: Luis Machado +Signed-off-by: Will Deacon +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/kernel/ptrace.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1834,12 +1834,12 @@ int syscall_trace_enter(struct pt_regs * + if (flags & (_TIF_SYSCALL_EMU | _TIF_SYSCALL_TRACE)) { + tracehook_report_syscall(regs, PTRACE_SYSCALL_ENTER); + if (!in_syscall(regs) || (flags & _TIF_SYSCALL_EMU)) +- return -1; ++ return NO_SYSCALL; + } + + /* Do the secure computing after ptrace; failures should be fast. */ + if (secure_computing(NULL) == -1) +- return -1; ++ return NO_SYSCALL; + + if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) + trace_sys_enter(regs, regs->syscallno); diff --git a/patches.suse/arm64-vdso32-make-vdso32-install-conditional.patch b/patches.suse/arm64-vdso32-make-vdso32-install-conditional.patch new file mode 100644 index 0000000..725f19d --- /dev/null +++ b/patches.suse/arm64-vdso32-make-vdso32-install-conditional.patch @@ -0,0 +1,39 @@ +From: Frank van der Linden +Date: Thu, 27 Aug 2020 23:40:12 +0000 +Subject: arm64: vdso32: make vdso32 install conditional + +Git-commit: 5d28ba5f8a0cfa3a874fa96c33731b8fcd141b3a +Patch-mainline: v5.9-rc3 +References: git-fixes + +vdso32 should only be installed if CONFIG_COMPAT_VDSO is enabled, +since it's not even supposed to be compiled otherwise, and arm64 +builds without a 32bit crosscompiler will fail. + +Fixes: 8d75785a8142 ("ARM64: vdso32: Install vdso32 from vdso_install") +Signed-off-by: Frank van der Linden +Cc: stable@vger.kernel.org [5.4+] +Link: https://lore.kernel.org/r/20200827234012.19757-1-fllinden@amazon.com +Signed-off-by: Catalin Marinas +Signed-off-by: Mian Yousaf Kaukab +--- + arch/arm64/Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile +index 20ab5c9375a5..130569f90c54 100644 +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -170,7 +170,8 @@ zinstall install: + PHONY += vdso_install + vdso_install: + $(Q)$(MAKE) $(build)=arch/arm64/kernel/vdso $@ +- $(Q)$(MAKE) $(build)=arch/arm64/kernel/vdso32 $@ ++ $(if $(CONFIG_COMPAT_VDSO), \ ++ $(Q)$(MAKE) $(build)=arch/arm64/kernel/vdso32 $@) + + # We use MRPROPER_FILES and CLEAN_FILES now + archclean: +-- +2.26.2 + diff --git a/patches.suse/cdrom-gdrom-deallocate-struct-gdrom_unit-fields-in-r.patch b/patches.suse/cdrom-gdrom-deallocate-struct-gdrom_unit-fields-in-r.patch new file mode 100644 index 0000000..bb54539 --- /dev/null +++ b/patches.suse/cdrom-gdrom-deallocate-struct-gdrom_unit-fields-in-r.patch @@ -0,0 +1,58 @@ +From d03d1021da6fe7f46efe9f2a7335564e7c9db5ab Mon Sep 17 00:00:00 2001 +From: Atul Gopinathan +Date: Mon, 3 May 2021 13:56:54 +0200 +Subject: [PATCH] cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom +Git-commit: d03d1021da6fe7f46efe9f2a7335564e7c9db5ab +Patch-mainline: v5.13-rc3 +References: git-fixes + +The fields, "toc" and "cd_info", of "struct gdrom_unit gd" are allocated +in "probe_gdrom()". Prevent a memory leak by making sure "gd.cd_info" is +deallocated in the "remove_gdrom()" function. + +Also prevent double free of the field "gd.toc" by moving it from the +module's exit function to "remove_gdrom()". This is because, in +"probe_gdrom()", the function makes sure to deallocate "gd.toc" in case +of any errors, so the exit function invoked later would again free +"gd.toc". + +The patch also maintains consistency by deallocating the above mentioned +fields in "remove_gdrom()" along with another memory allocated field +"gd.disk". + +Suggested-by: Jens Axboe +Cc: Peter Rosin +Cc: stable +Signed-off-by: Atul Gopinathan +Link: https://lore.kernel.org/r/20210503115736.2104747-28-gregkh@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/cdrom/gdrom.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c +index 7f681320c7d3..6c4f6139f853 100644 +--- a/drivers/cdrom/gdrom.c ++++ b/drivers/cdrom/gdrom.c +@@ -830,6 +830,8 @@ static int remove_gdrom(struct platform_device *devptr) + if (gdrom_major) + unregister_blkdev(gdrom_major, GDROM_DEV_NAME); + unregister_cdrom(gd.cd_info); ++ kfree(gd.cd_info); ++ kfree(gd.toc); + + return 0; + } +@@ -861,7 +863,6 @@ static void __exit exit_gdrom(void) + { + platform_device_unregister(pd); + platform_driver_unregister(&gdrom_driver); +- kfree(gd.toc); + } + + module_init(init_gdrom); +-- +2.26.2 + diff --git a/patches.suse/cdrom-gdrom-initialize-global-variable-at-init-time.patch b/patches.suse/cdrom-gdrom-initialize-global-variable-at-init-time.patch new file mode 100644 index 0000000..147313b --- /dev/null +++ b/patches.suse/cdrom-gdrom-initialize-global-variable-at-init-time.patch @@ -0,0 +1,53 @@ +From 9183f01b5e6e32eb3f17b5f3f8d5ad5ac9786c49 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Thu, 6 May 2021 16:00:47 +0200 +Subject: [PATCH] cdrom: gdrom: initialize global variable at init time +Git-commit: 9183f01b5e6e32eb3f17b5f3f8d5ad5ac9786c49 +Patch-mainline: v5.13-rc3 +References: git-fixes + +As Peter points out, if we were to disconnect and then reconnect this +driver from a device, the "global" state of the device would contain odd +values and could cause problems. Fix this up by just initializing the +whole thing to 0 at probe() time. + +Ideally this would be a per-device variable, but given the age and the +total lack of users of it, that would require a lot of s/./->/g changes +for really no good reason. + +Reported-by: Peter Rosin +Cc: Jens Axboe +Reviewed-by: Peter Rosin +Link: https://lore.kernel.org/r/YJP2j6AU82MqEY2M@kroah.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/cdrom/gdrom.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/cdrom/gdrom.c ++++ b/drivers/cdrom/gdrom.c +@@ -740,6 +740,13 @@ static const struct blk_mq_ops gdrom_mq_ + static int probe_gdrom(struct platform_device *devptr) + { + int err; ++ ++ /* ++ * Ensure our "one" device is initialized properly in case of previous ++ * usages of it ++ */ ++ memset(&gd, 0, sizeof(gd)); ++ + /* Start the device */ + if (gdrom_execute_diagnostic() != 1) { + pr_warning("ATA Probe for GDROM failed\n"); +@@ -845,7 +852,7 @@ static struct platform_driver gdrom_driv + static int __init init_gdrom(void) + { + int rc; +- gd.toc = NULL; ++ + rc = platform_driver_register(&gdrom_driver); + if (rc) + return rc; diff --git a/patches.suse/ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch b/patches.suse/ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch new file mode 100644 index 0000000..4498783 --- /dev/null +++ b/patches.suse/ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch @@ -0,0 +1,50 @@ +From: Jeff Layton +Date: Mon, 1 Mar 2021 07:38:01 -0500 +Subject: ceph: don't clobber i_snap_caps on non-I_NEW inode +Git-commit: d3c51ae1b8cce5bdaf91a1ce32b33cf5626075dc +Patch-mainline: v5.13-rc1 +References: bsc#1186501 + +We want the snapdir to mirror the non-snapped directory's attributes for +most things, but i_snap_caps represents the caps granted on the snapshot +directory by the MDS itself. A misbehaving MDS could issue different +caps for the snapdir and we lose them here. + +Only reset i_snap_caps when the inode is I_NEW. Also, move the setting +of i_op and i_fop inside the if block since they should never change +anyway. + +Reported-by: Al Viro +Signed-off-by: Jeff Layton +Signed-off-by: Ilya Dryomov +Acked-by: Luis Henriques + +--- + fs/ceph/inode.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c +index 4418d4be2907..2fd1c48ac5d7 100644 +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -87,14 +87,15 @@ struct inode *ceph_get_snapdir(struct inode *parent) + inode->i_mtime = parent->i_mtime; + inode->i_ctime = parent->i_ctime; + inode->i_atime = parent->i_atime; +- inode->i_op = &ceph_snapdir_iops; +- inode->i_fop = &ceph_snapdir_fops; +- ci->i_snap_caps = CEPH_CAP_PIN; /* so we can open */ + ci->i_rbytes = 0; + ci->i_btime = ceph_inode(parent)->i_btime; + +- if (inode->i_state & I_NEW) ++ if (inode->i_state & I_NEW) { ++ inode->i_op = &ceph_snapdir_iops; ++ inode->i_fop = &ceph_snapdir_fops; ++ ci->i_snap_caps = CEPH_CAP_PIN; /* so we can open */ + unlock_new_inode(inode); ++ } + + return inode; + } + diff --git a/patches.suse/ceph-fix-inode-leak-on-getattr-error-in-_fh_to_dentry.patch b/patches.suse/ceph-fix-inode-leak-on-getattr-error-in-_fh_to_dentry.patch new file mode 100644 index 0000000..584f9b6 --- /dev/null +++ b/patches.suse/ceph-fix-inode-leak-on-getattr-error-in-_fh_to_dentry.patch @@ -0,0 +1,34 @@ +From: Jeff Layton +Date: Fri, 26 Mar 2021 09:21:53 -0400 +Subject: ceph: fix inode leak on getattr error in __fh_to_dentry +Git-commit: 1775c7ddacfcea29051c67409087578f8f4d751b +Patch-mainline: v5.13-rc1 +References: bsc#1186501 + +Fixes: 878dabb64117 ("ceph: don't return -ESTALE if there's still an open file") +Signed-off-by: Jeff Layton +Reviewed-by: Xiubo Li +Signed-off-by: Ilya Dryomov +Acked-by: Luis Henriques + +--- + fs/ceph/export.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fs/ceph/export.c b/fs/ceph/export.c +index e088843a7734..baa6368bece5 100644 +--- a/fs/ceph/export.c ++++ b/fs/ceph/export.c +@@ -178,8 +178,10 @@ static struct dentry *__fh_to_dentry(struct super_block *sb, u64 ino) + return ERR_CAST(inode); + /* We need LINK caps to reliably check i_nlink */ + err = ceph_do_getattr(inode, CEPH_CAP_LINK_SHARED, false); +- if (err) ++ if (err) { ++ iput(inode); + return ERR_PTR(err); ++ } + /* -ESTALE if inode as been unlinked and no file is open */ + if ((inode->i_nlink == 0) && (atomic_read(&inode->i_count) == 1)) { + iput(inode); + diff --git a/patches.suse/ceph-fix-up-error-handling-with-snapdirs.patch b/patches.suse/ceph-fix-up-error-handling-with-snapdirs.patch new file mode 100644 index 0000000..f67d557 --- /dev/null +++ b/patches.suse/ceph-fix-up-error-handling-with-snapdirs.patch @@ -0,0 +1,93 @@ +From: Jeff Layton +Date: Thu, 25 Feb 2021 15:04:15 -0500 +Subject: ceph: fix up error handling with snapdirs +Git-commit: 3e10a15ffc8d77f05e655d14fd48c0b790dede35 +Patch-mainline: v5.13-rc1 +References: bsc#1186501 + +There are several warts in the snapdir error handling. The -EOPNOTSUPP +return in __snapfh_to_dentry is currently lost, and the call to +ceph_handle_snapdir is not currently checked at all. + +Fix all of this up and eliminate a BUG_ON in ceph_get_snapdir. We can +handle that case with a warning and return an error. + +Signed-off-by: Jeff Layton +Signed-off-by: Al Viro +Acked-by: Luis Henriques + +--- + fs/ceph/dir.c | 2 ++ + fs/ceph/export.c | 9 +++++---- + fs/ceph/inode.c | 14 +++++++++++++- + 3 files changed, 20 insertions(+), 5 deletions(-) + +diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c +index 83d9358854fb..f7a790ed62c4 100644 +--- a/fs/ceph/dir.c ++++ b/fs/ceph/dir.c +@@ -677,6 +677,8 @@ int ceph_handle_snapdir(struct ceph_mds_request *req, + strcmp(dentry->d_name.name, + fsc->mount_options->snapdir_name) == 0) { + struct inode *inode = ceph_get_snapdir(parent); ++ if (IS_ERR(inode)) ++ return PTR_ERR(inode); + dout("ENOENT on snapdir %p '%pd', linking to snapdir %p\n", + dentry, dentry, inode); + BUG_ON(!d_unhashed(dentry)); +diff --git a/fs/ceph/export.c b/fs/ceph/export.c +index e088843a7734..f22156ee7306 100644 +--- a/fs/ceph/export.c ++++ b/fs/ceph/export.c +@@ -248,9 +248,10 @@ static struct dentry *__snapfh_to_dentry(struct super_block *sb, + ihold(inode); + } else { + /* mds does not support lookup snapped inode */ +- err = -EOPNOTSUPP; +- inode = NULL; ++ inode = ERR_PTR(-EOPNOTSUPP); + } ++ } else { ++ inode = ERR_PTR(-ESTALE); + } + ceph_mdsc_put_request(req); + +@@ -261,8 +262,8 @@ static struct dentry *__snapfh_to_dentry(struct super_block *sb, + dout("snapfh_to_dentry %llx.%llx parent %llx hash %x err=%d", + vino.ino, vino.snap, sfh->parent_ino, sfh->hash, err); + } +- if (!inode) +- return ERR_PTR(-ESTALE); ++ if (IS_ERR(inode)) ++ return ERR_CAST(inode); + /* see comments in ceph_get_parent() */ + return unlinked ? d_obtain_root(inode) : d_obtain_alias(inode); + } +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c +index 156f849f5385..5db7bf4c6a26 100644 +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -78,9 +78,21 @@ struct inode *ceph_get_snapdir(struct inode *parent) + struct inode *inode = ceph_get_inode(parent->i_sb, vino); + struct ceph_inode_info *ci = ceph_inode(inode); + +- BUG_ON(!S_ISDIR(parent->i_mode)); + if (IS_ERR(inode)) + return inode; ++ ++ if (!S_ISDIR(parent->i_mode)) { ++ pr_warn_once("bad snapdir parent type (mode=0%o)\n", ++ parent->i_mode); ++ return ERR_PTR(-ENOTDIR); ++ } ++ ++ if (!(inode->i_state & I_NEW) && !S_ISDIR(inode->i_mode)) { ++ pr_warn_once("bad snapdir inode type (mode=0%o)\n", ++ inode->i_mode); ++ return ERR_PTR(-ENOTDIR); ++ } ++ + inode->i_mode = parent->i_mode; + inode->i_uid = parent->i_uid; + inode->i_gid = parent->i_gid; + diff --git a/patches.suse/ceph-only-check-pool-permissions-for-regular-files.patch b/patches.suse/ceph-only-check-pool-permissions-for-regular-files.patch new file mode 100644 index 0000000..28d0c65 --- /dev/null +++ b/patches.suse/ceph-only-check-pool-permissions-for-regular-files.patch @@ -0,0 +1,37 @@ +From: Jeff Layton +Date: Tue, 26 Jan 2021 11:49:54 -0500 +Subject: ceph: only check pool permissions for regular files +Git-commit: e9b2250156c381b0973ea6ec3890fe8706426ecc +Patch-mainline: v5.13-rc1 +References: bsc#1186501 + +There is no need to do a ceph_pool_perm_check() on anything that isn't a +regular file, as the MDS is what handles talking to the OSD in those +cases. Just return 0 if it's not a regular file. + +Reported-by: Luis Henriques +Signed-off-by: Jeff Layton +Reviewed-by: Xiubo Li +Signed-off-by: Ilya Dryomov +Acked-by: Luis Henriques + +--- + fs/ceph/addr.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c +index bc9864524fde..aa612bc8a559 100644 +--- a/fs/ceph/addr.c ++++ b/fs/ceph/addr.c +@@ -1941,6 +1941,10 @@ int ceph_pool_perm_check(struct inode *inode, int need) + s64 pool; + int ret, flags; + ++ /* Only need to do this for regular files */ ++ if (!S_ISREG(inode->i_mode)) ++ return 0; ++ + if (ci->i_vino.snap != CEPH_NOSNAP) { + /* + * Pool permission check needs to write to the first object. + diff --git a/patches.suse/drm-meson-fix-shutdown-crash-when-component-not-prob.patch b/patches.suse/drm-meson-fix-shutdown-crash-when-component-not-prob.patch new file mode 100644 index 0000000..472e909 --- /dev/null +++ b/patches.suse/drm-meson-fix-shutdown-crash-when-component-not-prob.patch @@ -0,0 +1,64 @@ +From 7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 Mon Sep 17 00:00:00 2001 +From: Neil Armstrong +Date: Fri, 30 Apr 2021 10:27:44 +0200 +Subject: [PATCH] drm/meson: fix shutdown crash when component not probed +Git-commit: 7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 +Patch-mainline: v5.13-rc4 +References: git-fixes + +When main component is not probed, by example when the dw-hdmi module is +not loaded yet or in probe defer, the following crash appears on shutdown: + +Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 +... +pc : meson_drv_shutdown+0x24/0x50 +lr : platform_drv_shutdown+0x20/0x30 +... +Call trace: +meson_drv_shutdown+0x24/0x50 +platform_drv_shutdown+0x20/0x30 +device_shutdown+0x158/0x360 +kernel_restart_prepare+0x38/0x48 +kernel_restart+0x18/0x68 +__do_sys_reboot+0x224/0x250 +__arm64_sys_reboot+0x24/0x30 +... + +Simply check if the priv struct has been allocated before using it. + +Fixes: fa0c16caf3d7 ("drm: meson_drv add shutdown function") +Reported-by: Stefan Agner +Signed-off-by: Neil Armstrong +Tested-by: Martin Blumenstingl +Reviewed-by: Martin Blumenstingl +Link: https://patchwork.freedesktop.org/patch/msgid/20210430082744.3638743-1-narmstrong@baylibre.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/meson/meson_drv.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c +index 453d8b4c5763..07fcd12dca16 100644 +--- a/drivers/gpu/drm/meson/meson_drv.c ++++ b/drivers/gpu/drm/meson/meson_drv.c +@@ -485,11 +485,12 @@ static int meson_probe_remote(struct platform_device *pdev, + static void meson_drv_shutdown(struct platform_device *pdev) + { + struct meson_drm *priv = dev_get_drvdata(&pdev->dev); +- struct drm_device *drm = priv->drm; + +- DRM_DEBUG_DRIVER("\n"); +- drm_kms_helper_poll_fini(drm); +- drm_atomic_helper_shutdown(drm); ++ if (!priv) ++ return; ++ ++ drm_kms_helper_poll_fini(priv->drm); ++ drm_atomic_helper_shutdown(priv->drm); + } + + static int meson_drv_probe(struct platform_device *pdev) +-- +2.26.2 + diff --git a/patches.suse/i2c-i801-Don-t-generate-an-interrupt-on-bus-reset.patch b/patches.suse/i2c-i801-Don-t-generate-an-interrupt-on-bus-reset.patch new file mode 100644 index 0000000..79dea11 --- /dev/null +++ b/patches.suse/i2c-i801-Don-t-generate-an-interrupt-on-bus-reset.patch @@ -0,0 +1,61 @@ +From e4d8716c3dcec47f1557024add24e1f3c09eb24b Mon Sep 17 00:00:00 2001 +From: Jean Delvare +Date: Tue, 25 May 2021 17:03:36 +0200 +Subject: [PATCH] i2c: i801: Don't generate an interrupt on bus reset +Git-commit: e4d8716c3dcec47f1557024add24e1f3c09eb24b +Patch-mainline: v5.13-rc4 +References: git-fixes + +Now that the i2c-i801 driver supports interrupts, setting the KILL bit +in a attempt to recover from a timed out transaction triggers an +interrupt. Unfortunately, the interrupt handler (i801_isr) is not +prepared for this situation and will try to process the interrupt as +if it was signaling the end of a successful transaction. In the case +of a block transaction, this can result in an out-of-range memory +access. + +This condition was reproduced several times by syzbot: +https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e +https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e +https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e +https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb +https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a +https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 + +So disable interrupts while trying to reset the bus. Interrupts will +be enabled again for the following transaction. + +Fixes: 636752bcb517 ("i2c-i801: Enable IRQ for SMBus transactions") +Reported-by: syzbot+b4d3fd1dfd53e90afd79@syzkaller.appspotmail.com +Signed-off-by: Jean Delvare +Acked-by: Andy Shevchenko +Cc: Jarkko Nikula +Tested-by: Jarkko Nikula +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/busses/i2c-i801.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c +index 99d446763530..f9e1c2ceaac0 100644 +--- a/drivers/i2c/busses/i2c-i801.c ++++ b/drivers/i2c/busses/i2c-i801.c +@@ -395,11 +395,9 @@ static int i801_check_post(struct i801_priv *priv, int status) + dev_err(&priv->pci_dev->dev, "Transaction timeout\n"); + /* try to stop the current command */ + dev_dbg(&priv->pci_dev->dev, "Terminating the current operation\n"); +- outb_p(inb_p(SMBHSTCNT(priv)) | SMBHSTCNT_KILL, +- SMBHSTCNT(priv)); ++ outb_p(SMBHSTCNT_KILL, SMBHSTCNT(priv)); + usleep_range(1000, 2000); +- outb_p(inb_p(SMBHSTCNT(priv)) & (~SMBHSTCNT_KILL), +- SMBHSTCNT(priv)); ++ outb_p(0, SMBHSTCNT(priv)); + + /* Check if it worked */ + status = inb_p(SMBHSTSTS(priv)); +-- +2.26.2 + diff --git a/patches.suse/i2c-s3c2410-fix-possible-NULL-pointer-deref-on-read-.patch b/patches.suse/i2c-s3c2410-fix-possible-NULL-pointer-deref-on-read-.patch new file mode 100644 index 0000000..fc8428c --- /dev/null +++ b/patches.suse/i2c-s3c2410-fix-possible-NULL-pointer-deref-on-read-.patch @@ -0,0 +1,72 @@ +From 24990423267ec283b9d86f07f362b753eb9b0ed5 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Wed, 26 May 2021 08:39:37 -0400 +Subject: [PATCH] i2c: s3c2410: fix possible NULL pointer deref on read message after write +Git-commit: 24990423267ec283b9d86f07f362b753eb9b0ed5 +Patch-mainline: v5.13-rc4 +References: git-fixes + +Interrupt handler processes multiple message write requests one after +another, till the driver message queue is drained. However if driver +encounters a read message without preceding START, it stops the I2C +transfer as it is an invalid condition for the controller. At least the +comment describes a requirement "the controller forces us to send a new +START when we change direction". This stop results in clearing the +message queue (i2c->msg = NULL). + +The code however immediately jumped back to label "retry_write" which +dereferenced the "i2c->msg" making it a possible NULL pointer +dereference. + +The Coverity analysis: +1. Condition !is_msgend(i2c), taking false branch. + if (!is_msgend(i2c)) { + +2. Condition !is_lastmsg(i2c), taking true branch. + } else if (!is_lastmsg(i2c)) { + +3. Condition i2c->msg->flags & 1, taking true branch. + if (i2c->msg->flags & I2C_M_RD) { + +4. write_zero_model: Passing i2c to s3c24xx_i2c_stop, which sets i2c->msg to NULL. + s3c24xx_i2c_stop(i2c, -EINVAL); + +5. Jumping to label retry_write. + goto retry_write; + +6. var_deref_model: Passing i2c to is_msgend, which dereferences null i2c->msg. + if (!is_msgend(i2c)) {" + +All previous calls to s3c24xx_i2c_stop() in this interrupt service +routine are followed by jumping to end of function (acknowledging +the interrupt and returning). This seems a reasonable choice also here +since message buffer was entirely emptied. + +Addresses-coverity: Explicit null dereferenced +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/busses/i2c-s3c2410.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/i2c/busses/i2c-s3c2410.c b/drivers/i2c/busses/i2c-s3c2410.c +index ab928613afba..4d82761e1585 100644 +--- a/drivers/i2c/busses/i2c-s3c2410.c ++++ b/drivers/i2c/busses/i2c-s3c2410.c +@@ -480,7 +480,10 @@ static int i2c_s3c_irq_nextbyte(struct s3c24xx_i2c *i2c, unsigned long iicstat) + * forces us to send a new START + * when we change direction + */ ++ dev_dbg(i2c->dev, ++ "missing START before write->read\n"); + s3c24xx_i2c_stop(i2c, -EINVAL); ++ break; + } + + goto retry_write; +-- +2.26.2 + diff --git a/patches.suse/i2c-sh_mobile-Use-new-clock-calculation-formulas-for.patch b/patches.suse/i2c-sh_mobile-Use-new-clock-calculation-formulas-for.patch new file mode 100644 index 0000000..ff1dd86 --- /dev/null +++ b/patches.suse/i2c-sh_mobile-Use-new-clock-calculation-formulas-for.patch @@ -0,0 +1,38 @@ +From c4740e293c93c747e65d53d9aacc2ba8521d1489 Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Thu, 6 May 2021 13:15:40 +0200 +Subject: [PATCH] i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E +Git-commit: c4740e293c93c747e65d53d9aacc2ba8521d1489 +Patch-mainline: v5.13-rc4 +References: git-fixes + +When switching the Gen3 SoCs to the new clock calculation formulas, the +match entry for RZ/G2E added in commit 51243b73455f2d12 ("i2c: +Sh_mobile: Add support for r8a774c0 (RZ/G2E)") was forgotten. + +Fixes: e8a27567509b2439 ("i2c: sh_mobile: use new clock calculation formulas for Gen3") +Signed-off-by: Geert Uytterhoeven +Reviewed-by: Fabrizio Castro +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/busses/i2c-sh_mobile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/i2c-sh_mobile.c b/drivers/i2c/busses/i2c-sh_mobile.c +index 3ae6ca21a02c..2d2e630fd438 100644 +--- a/drivers/i2c/busses/i2c-sh_mobile.c ++++ b/drivers/i2c/busses/i2c-sh_mobile.c +@@ -807,7 +807,7 @@ static const struct sh_mobile_dt_config r8a7740_dt_config = { + static const struct of_device_id sh_mobile_i2c_dt_ids[] = { + { .compatible = "renesas,iic-r8a73a4", .data = &fast_clock_dt_config }, + { .compatible = "renesas,iic-r8a7740", .data = &r8a7740_dt_config }, +- { .compatible = "renesas,iic-r8a774c0", .data = &fast_clock_dt_config }, ++ { .compatible = "renesas,iic-r8a774c0", .data = &v2_freq_calc_dt_config }, + { .compatible = "renesas,iic-r8a7790", .data = &v2_freq_calc_dt_config }, + { .compatible = "renesas,iic-r8a7791", .data = &v2_freq_calc_dt_config }, + { .compatible = "renesas,iic-r8a7792", .data = &v2_freq_calc_dt_config }, +-- +2.26.2 + diff --git a/patches.suse/iio-adc-ad7124-Fix-missbalanced-regulator-enable-dis.patch b/patches.suse/iio-adc-ad7124-Fix-missbalanced-regulator-enable-dis.patch new file mode 100644 index 0000000..967b29e --- /dev/null +++ b/patches.suse/iio-adc-ad7124-Fix-missbalanced-regulator-enable-dis.patch @@ -0,0 +1,99 @@ +From 4573472315f0fa461330545ff2aa2f6da0b1ae76 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Thu, 13 May 2021 15:07:41 +0300 +Subject: [PATCH] iio: adc: ad7124: Fix missbalanced regulator enable / disable on error. +Git-commit: 4573472315f0fa461330545ff2aa2f6da0b1ae76 +Patch-mainline: v5.13-rc4 +References: git-fixes + +If the devm_regulator_get() call succeeded but not the regulator_enable() +then regulator_disable() would be called on a regulator that was not +enabled. + +Fix this by moving regulator enabling / disabling over to +devm_ management via devm_add_action_or_reset. + +Alexandru's sign-off here because he pulled Jonathan's patch into +a larger set which Jonathan then applied. + +Fixes: b3af341bbd96 ("iio: adc: Add ad7124 support") +Reviewed-by: Alexandru Ardelean +Signed-off-by: Jonathan Cameron +Signed-off-by: Alexandru Ardelean +Cc: +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7124.c | 29 +++++++++++++---------------- + 1 file changed, 13 insertions(+), 16 deletions(-) + +--- a/drivers/iio/adc/ad7124.c ++++ b/drivers/iio/adc/ad7124.c +@@ -564,6 +564,11 @@ static int ad7124_setup(struct ad7124_st + return ret; + } + ++static void ad7124_reg_disable(void *r) ++{ ++ regulator_disable(r); ++} ++ + static int ad7124_probe(struct spi_device *spi) + { + const struct spi_device_id *id; +@@ -607,17 +612,20 @@ static int ad7124_probe(struct spi_devic + ret = regulator_enable(st->vref[i]); + if (ret) + return ret; ++ ++ ret = devm_add_action_or_reset(&spi->dev, ad7124_reg_disable, ++ st->vref[i]); ++ if (ret) ++ return ret; + } + + st->mclk = devm_clk_get(&spi->dev, "mclk"); +- if (IS_ERR(st->mclk)) { +- ret = PTR_ERR(st->mclk); +- goto error_regulator_disable; +- } ++ if (IS_ERR(st->mclk)) ++ return PTR_ERR(st->mclk); + + ret = clk_prepare_enable(st->mclk); + if (ret < 0) +- goto error_regulator_disable; ++ return ret; + + ret = ad7124_soft_reset(st); + if (ret < 0) +@@ -643,11 +651,6 @@ error_remove_trigger: + ad_sd_cleanup_buffer_and_trigger(indio_dev); + error_clk_disable_unprepare: + clk_disable_unprepare(st->mclk); +-error_regulator_disable: +- for (i = ARRAY_SIZE(st->vref) - 1; i >= 0; i--) { +- if (!IS_ERR_OR_NULL(st->vref[i])) +- regulator_disable(st->vref[i]); +- } + + return ret; + } +@@ -656,17 +659,11 @@ static int ad7124_remove(struct spi_devi + { + struct iio_dev *indio_dev = spi_get_drvdata(spi); + struct ad7124_state *st = iio_priv(indio_dev); +- int i; + + iio_device_unregister(indio_dev); + ad_sd_cleanup_buffer_and_trigger(indio_dev); + clk_disable_unprepare(st->mclk); + +- for (i = ARRAY_SIZE(st->vref) - 1; i >= 0; i--) { +- if (!IS_ERR_OR_NULL(st->vref[i])) +- regulator_disable(st->vref[i]); +- } +- + return 0; + } + diff --git a/patches.suse/iio-adc-ad7124-Fix-potential-overflow-due-to-non-seq.patch b/patches.suse/iio-adc-ad7124-Fix-potential-overflow-due-to-non-seq.patch new file mode 100644 index 0000000..2cffb2c --- /dev/null +++ b/patches.suse/iio-adc-ad7124-Fix-potential-overflow-due-to-non-seq.patch @@ -0,0 +1,53 @@ +From f2a772c51206b0c3f262e4f6a3812c89a650191b Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Thu, 13 May 2021 15:07:42 +0300 +Subject: [PATCH] iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers +Git-commit: f2a772c51206b0c3f262e4f6a3812c89a650191b +Patch-mainline: v5.13-rc4 +References: git-fixes + +Channel numbering must start at 0 and then not have any holes, or +it is possible to overflow the available storage. Note this bug was +introduced as part of a fix to ensure we didn't rely on the ordering +of child nodes. So we need to support arbitrary ordering but they all +need to be there somewhere. + +Note I hit this when using qemu to test the rest of this series. +Arguably this isn't the best fix, but it is probably the most minimal +option for backporting etc. + +Alexandru's sign-off is here because he carried this patch in a larger +set that Jonathan then applied. + +Fixes: d7857e4ee1ba6 ("iio: adc: ad7124: Fix DT channel configuration") +Reviewed-by: Alexandru Ardelean +Signed-off-by: Jonathan Cameron +Signed-off-by: Alexandru Ardelean +Cc: +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7124.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/iio/adc/ad7124.c b/drivers/iio/adc/ad7124.c +index 437116a07cf1..a27db78ea13e 100644 +--- a/drivers/iio/adc/ad7124.c ++++ b/drivers/iio/adc/ad7124.c +@@ -771,6 +771,13 @@ static int ad7124_of_parse_channel_config(struct iio_dev *indio_dev, + if (ret) + goto err; + ++ if (channel >= indio_dev->num_channels) { ++ dev_err(indio_dev->dev.parent, ++ "Channel index >= number of channels\n"); ++ ret = -EINVAL; ++ goto err; ++ } ++ + ret = of_property_read_u32_array(child, "diff-channels", + ain, 2); + if (ret) +-- +2.26.2 + diff --git a/patches.suse/iio-adc-ad7768-1-Fix-too-small-buffer-passed-to-iio_.patch b/patches.suse/iio-adc-ad7768-1-Fix-too-small-buffer-passed-to-iio_.patch new file mode 100644 index 0000000..621ef54 --- /dev/null +++ b/patches.suse/iio-adc-ad7768-1-Fix-too-small-buffer-passed-to-iio_.patch @@ -0,0 +1,54 @@ +From a1caeebab07e9d72eec534489f47964782b93ba9 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sat, 1 May 2021 17:53:13 +0100 +Subject: [PATCH] iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() +Git-commit: a1caeebab07e9d72eec534489f47964782b93ba9 +Patch-mainline: v5.13-rc4 +References: git-fixes + +Add space for the timestamp to be inserted. Also ensure correct +alignment for passing to iio_push_to_buffers_with_timestamp() + +Fixes: a5f8c7da3dbe ("iio: adc: Add AD7768-1 ADC basic support") +Signed-off-by: Jonathan Cameron +Reviewed-by: Andy Shevchenko +Link: https://lore.kernel.org/r/20210501165314.511954-2-jic23@kernel.org +Cc: +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7768-1.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/adc/ad7768-1.c b/drivers/iio/adc/ad7768-1.c +index c945f1349623..60f21fed6dcb 100644 +--- a/drivers/iio/adc/ad7768-1.c ++++ b/drivers/iio/adc/ad7768-1.c +@@ -167,6 +167,10 @@ struct ad7768_state { + * transfer buffers to live in their own cache lines. + */ + union { ++ struct { ++ __be32 chan; ++ s64 timestamp; ++ } scan; + __be32 d32; + u8 d8[2]; + } data ____cacheline_aligned; +@@ -469,11 +473,11 @@ static irqreturn_t ad7768_trigger_handler(int irq, void *p) + + mutex_lock(&st->lock); + +- ret = spi_read(st->spi, &st->data.d32, 3); ++ ret = spi_read(st->spi, &st->data.scan.chan, 3); + if (ret < 0) + goto err_unlock; + +- iio_push_to_buffers_with_timestamp(indio_dev, &st->data.d32, ++ iio_push_to_buffers_with_timestamp(indio_dev, &st->data.scan, + iio_get_time_ns(indio_dev)); + + iio_trigger_notify_done(indio_dev->trig); +-- +2.26.2 + diff --git a/patches.suse/iio-adc-ad7793-Add-missing-error-code-in-ad7793_setu.patch b/patches.suse/iio-adc-ad7793-Add-missing-error-code-in-ad7793_setu.patch new file mode 100644 index 0000000..8191d90 --- /dev/null +++ b/patches.suse/iio-adc-ad7793-Add-missing-error-code-in-ad7793_setu.patch @@ -0,0 +1,35 @@ +From 4ed243b1da169bcbc1ec5507867e56250c5f1ff9 Mon Sep 17 00:00:00 2001 +From: YueHaibing +Date: Fri, 14 May 2021 16:02:54 +0800 +Subject: [PATCH] iio: adc: ad7793: Add missing error code in ad7793_setup() +Git-commit: 4ed243b1da169bcbc1ec5507867e56250c5f1ff9 +Patch-mainline: v5.13-rc4 +References: git-fixes + +Set error code while device ID query failed. + +Fixes: 88bc30548aae ("IIO: ADC: New driver for AD7792/AD7793 3 Channel SPI ADC") +Signed-off-by: YueHaibing +Cc: +Signed-off-by: Jonathan Cameron +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7793.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/iio/adc/ad7793.c b/drivers/iio/adc/ad7793.c +index 5e980a06258e..440ef4c7be07 100644 +--- a/drivers/iio/adc/ad7793.c ++++ b/drivers/iio/adc/ad7793.c +@@ -279,6 +279,7 @@ static int ad7793_setup(struct iio_dev *indio_dev, + id &= AD7793_ID_MASK; + + if (id != st->chip_info->id) { ++ ret = -ENODEV; + dev_err(&st->sd.spi->dev, "device ID query failed\n"); + goto out; + } +-- +2.26.2 + diff --git a/patches.suse/iio-gyro-fxas21002c-balance-runtime-power-in-error-p.patch b/patches.suse/iio-gyro-fxas21002c-balance-runtime-power-in-error-p.patch new file mode 100644 index 0000000..2808304 --- /dev/null +++ b/patches.suse/iio-gyro-fxas21002c-balance-runtime-power-in-error-p.patch @@ -0,0 +1,48 @@ +From 2a54c8c9ebc2006bf72554afc84ffc67768979a0 Mon Sep 17 00:00:00 2001 +From: Rui Miguel Silva +Date: Wed, 12 May 2021 23:39:29 +0100 +Subject: [PATCH] iio: gyro: fxas21002c: balance runtime power in error path +Git-commit: 2a54c8c9ebc2006bf72554afc84ffc67768979a0 +Patch-mainline: v5.13-rc4 +References: git-fixes + +If we fail to read temperature or axis we need to decrement the +runtime pm reference count to trigger autosuspend. + +Add the call to pm_put to do that in case of error. + +Fixes: a0701b6263ae ("iio: gyro: add core driver for fxas21002c") +Suggested-by: Mauro Carvalho Chehab +Signed-off-by: Rui Miguel Silva +Link: https://lore.kernel.org/linux-iio/CBBZA9T1OY9C.2611WSV49DV2G@arch-thunder/ +Cc: +Signed-off-by: Jonathan Cameron +Acked-by: Takashi Iwai + +--- + drivers/iio/gyro/fxas21002c_core.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/iio/gyro/fxas21002c_core.c b/drivers/iio/gyro/fxas21002c_core.c +index 1a20c6b88e7d..645461c70454 100644 +--- a/drivers/iio/gyro/fxas21002c_core.c ++++ b/drivers/iio/gyro/fxas21002c_core.c +@@ -399,6 +399,7 @@ static int fxas21002c_temp_get(struct fxas21002c_data *data, int *val) + ret = regmap_field_read(data->regmap_fields[F_TEMP], &temp); + if (ret < 0) { + dev_err(dev, "failed to read temp: %d\n", ret); ++ fxas21002c_pm_put(data); + goto data_unlock; + } + +@@ -432,6 +433,7 @@ static int fxas21002c_axis_get(struct fxas21002c_data *data, + &axis_be, sizeof(axis_be)); + if (ret < 0) { + dev_err(dev, "failed to read axis: %d: %d\n", index, ret); ++ fxas21002c_pm_put(data); + goto data_unlock; + } + +-- +2.26.2 + diff --git a/patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch b/patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch index b704bd0..18a4fde 100644 --- a/patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch +++ b/patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch @@ -1,10 +1,12 @@ -From 60f611fa216cd0b0395499d703215537ed1f0b44 Mon Sep 17 00:00:00 2001 +From a11ddb37bf367e6b5239b95ca759e5389bb46048 Mon Sep 17 00:00:00 2001 From: Varad Gautam Date: Fri, 14 May 2021 10:39:22 +1000 Subject: ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry -Patch-mainline: Not yet, queued on linux-next via akpm's -mm patchqueue References: bsc#1185988 +Git-commit: a11ddb37bf367e6b5239b95ca759e5389bb46048 +Patch-mainline: v5.13-rc3 + do_mq_timedreceive calls wq_sleep with a stack local address. The sender (do_mq_timedsend) uses this address to later call pipelined_send. diff --git a/patches.suse/misc-uss720-fix-memory-leak-in-uss720_probe.patch b/patches.suse/misc-uss720-fix-memory-leak-in-uss720_probe.patch new file mode 100644 index 0000000..54e7d8c --- /dev/null +++ b/patches.suse/misc-uss720-fix-memory-leak-in-uss720_probe.patch @@ -0,0 +1,57 @@ +From dcb4b8ad6a448532d8b681b5d1a7036210b622de Mon Sep 17 00:00:00 2001 +From: Dongliang Mu +Date: Fri, 14 May 2021 20:43:48 +0800 +Subject: [PATCH] misc/uss720: fix memory leak in uss720_probe +Git-commit: dcb4b8ad6a448532d8b681b5d1a7036210b622de +Patch-mainline: v5.13-rc4 +References: git-fixes + +uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. +Fix this by decreasing the refcount of usbdev by usb_put_dev. + +Bug: memory leak +unreferenced object 0xffff888101113800 (size 2048): + comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) + hex dump (first 32 bytes): + ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... + 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ + backtrace: + [] kmalloc include/linux/slab.h:554 [inline] + [] kzalloc include/linux/slab.h:684 [inline] + [] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 + [] hub_port_connect drivers/usb/core/hub.c:5129 [inline] + [] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] + [] port_event drivers/usb/core/hub.c:5509 [inline] + [] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 + [] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 + [] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 + [] kthread+0x178/0x1b0 kernel/kthread.c:292 + [] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 + +Fixes: 0f36163d3abe ("[PATCH] usb: fix uss720 schedule with interrupts off") +Cc: stable +Reported-by: syzbot+636c58f40a86b4a879e7@syzkaller.appspotmail.com +Signed-off-by: Dongliang Mu +Link: https://lore.kernel.org/r/20210514124348.6587-1-mudongliangabcd@gmail.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/misc/uss720.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/usb/misc/uss720.c b/drivers/usb/misc/uss720.c +index b5d661644263..748139d26263 100644 +--- a/drivers/usb/misc/uss720.c ++++ b/drivers/usb/misc/uss720.c +@@ -736,6 +736,7 @@ static int uss720_probe(struct usb_interface *intf, + parport_announce_port(pp); + + usb_set_intfdata(intf, pp); ++ usb_put_dev(usbdev); + return 0; + + probe_abort: +-- +2.26.2 + diff --git a/patches.suse/net-usb-fix-memory-leak-in-smsc75xx_bind.patch b/patches.suse/net-usb-fix-memory-leak-in-smsc75xx_bind.patch new file mode 100644 index 0000000..5a28f26 --- /dev/null +++ b/patches.suse/net-usb-fix-memory-leak-in-smsc75xx_bind.patch @@ -0,0 +1,61 @@ +From 46a8b29c6306d8bbfd92b614ef65a47c900d8e70 Mon Sep 17 00:00:00 2001 +From: Pavel Skripkin +Date: Mon, 24 May 2021 23:02:08 +0300 +Subject: [PATCH] net: usb: fix memory leak in smsc75xx_bind +Git-commit: 46a8b29c6306d8bbfd92b614ef65a47c900d8e70 +Patch-mainline: v5.13-rc4 +References: git-fixes + +Syzbot reported memory leak in smsc75xx_bind(). +The problem was is non-freed memory in case of +errors after memory allocation. + +Backtrace: [] kmalloc include/linux/slab.h:556 [inline] [] kzalloc include/linux/slab.h:686 [inline] [] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728 + +Fixes: d0cad871703b ("smsc75xx: SMSC LAN75xx USB gigabit ethernet adapter driver") +Cc: stable@kernel.vger.org +Reported-and-tested-by: syzbot+b558506ba8165425fee2@syzkaller.appspotmail.com +Signed-off-by: Pavel Skripkin +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + drivers/net/usb/smsc75xx.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/usb/smsc75xx.c b/drivers/net/usb/smsc75xx.c +index f8cdabb9ef5a..b286993da67c 100644 +--- a/drivers/net/usb/smsc75xx.c ++++ b/drivers/net/usb/smsc75xx.c +@@ -1483,7 +1483,7 @@ static int smsc75xx_bind(struct usbnet *dev, struct usb_interface *intf) + ret = smsc75xx_wait_ready(dev, 0); + if (ret < 0) { + netdev_warn(dev->net, "device not ready in smsc75xx_bind\n"); +- return ret; ++ goto err; + } + + smsc75xx_init_mac_address(dev); +@@ -1492,7 +1492,7 @@ static int smsc75xx_bind(struct usbnet *dev, struct usb_interface *intf) + ret = smsc75xx_reset(dev); + if (ret < 0) { + netdev_warn(dev->net, "smsc75xx_reset error %d\n", ret); +- return ret; ++ goto err; + } + + dev->net->netdev_ops = &smsc75xx_netdev_ops; +@@ -1502,6 +1502,10 @@ static int smsc75xx_bind(struct usbnet *dev, struct usb_interface *intf) + dev->hard_mtu = dev->net->mtu + dev->net->hard_header_len; + dev->net->max_mtu = MAX_SINGLE_PACKET_SIZE; + return 0; ++ ++err: ++ kfree(pdata); ++ return ret; + } + + static void smsc75xx_unbind(struct usbnet *dev, struct usb_interface *intf) +-- +2.26.2 + diff --git a/patches.suse/nxp-nci-add-NXP1002-id.patch b/patches.suse/nxp-nci-add-NXP1002-id.patch new file mode 100644 index 0000000..fe01491 --- /dev/null +++ b/patches.suse/nxp-nci-add-NXP1002-id.patch @@ -0,0 +1,25 @@ +From fdd19067c4d17a22567459a4db196a7e4adb22ea Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Tue, 11 May 2021 18:25:24 +0200 +Subject: [PATCH] nxp-nci: add NXP1002 id +Patch-mainline: Submitted (https://lore.kernel.org/linux-nfc/20210512135451.32375-1-oneukum@suse.com/T/#u) +References: bsc#1185589 + + +The driver also works with those new devices. + +Signed-off-by: Oliver Neukum +--- + drivers/nfc/nxp-nci/i2c.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/nfc/nxp-nci/i2c.c ++++ b/drivers/nfc/nxp-nci/i2c.c +@@ -376,6 +376,7 @@ MODULE_DEVICE_TABLE(of, of_nxp_nci_i2c_m + #ifdef CONFIG_ACPI + static struct acpi_device_id acpi_id[] = { + { "NXP1001" }, ++ { "NXP1002" }, + { "NXP7471" }, + { }, + }; diff --git a/patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch b/patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch index 2ee9bb1..f253b1c 100644 --- a/patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch +++ b/patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch @@ -3,7 +3,7 @@ From: Michael Ellerman Date: Thu, 6 May 2021 14:49:59 +1000 Subject: [PATCH] powerpc/64s: Fix crashes when toggling entry flush barrier -References: bsc#1177666 git-fixes +References: bsc#1177666 git-fixes bsc#1186460 ltc#192531 Patch-mainline: v5.13-rc2 Git-commit: aec86b052df6541cc97c5fca44e5934cbea4963b diff --git a/patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch b/patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch index 3893ae6..1a631c0 100644 --- a/patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch +++ b/patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch @@ -3,7 +3,7 @@ From: Michael Ellerman Date: Thu, 6 May 2021 14:49:58 +1000 Subject: [PATCH] powerpc/64s: Fix crashes when toggling stf barrier -References: bsc#1087082 git-fixes +References: bsc#1087082 git-fixes bsc#1186460 ltc#192531 Patch-mainline: v5.13-rc2 Git-commit: 8ec7791bae1327b1c279c5cd6e929c3b12daaf0a diff --git a/patches.suse/scsi-ibmvfc-Reinit-target-retries.patch b/patches.suse/scsi-ibmvfc-Reinit-target-retries.patch index 7b975c2..fd843e8 100644 --- a/patches.suse/scsi-ibmvfc-Reinit-target-retries.patch +++ b/patches.suse/scsi-ibmvfc-Reinit-target-retries.patch @@ -5,7 +5,7 @@ Subject: [PATCH] scsi: ibmvfc: Reinit target retries References: bsc#1185938 ltc#192043 Patch-mainline: queued -Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git Git-commit: 2e51f78b5d8717bba243f5e857031b1d104a3577 If rport target discovery commands fail for some reason, they get retried diff --git a/patches.suse/serial-core-fix-suspicious-security_locked_down-call.patch b/patches.suse/serial-core-fix-suspicious-security_locked_down-call.patch new file mode 100644 index 0000000..9216e19 --- /dev/null +++ b/patches.suse/serial-core-fix-suspicious-security_locked_down-call.patch @@ -0,0 +1,65 @@ +From 5e722b217ad3cf41f5504db80a68062df82b5242 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Fri, 7 May 2021 13:57:19 +0200 +Subject: [PATCH] serial: core: fix suspicious security_locked_down() call +Git-commit: 5e722b217ad3cf41f5504db80a68062df82b5242 +Patch-mainline: v5.13-rc4 +References: git-fixes + +The commit that added this check did so in a very strange way - first +security_locked_down() is called, its value stored into retval, and if +it's nonzero, then an additional check is made for (change_irq || +change_port), and if this is true, the function returns. However, if +the goto exit branch is not taken, the code keeps the retval value and +continues executing the function. Then, depending on whether +uport->ops->verify_port is set, the retval value may or may not be reset +to zero and eventually the error value from security_locked_down() may +abort the function a few lines below. + +I will go out on a limb and assume that this isn't the intended behavior +and that an error value from security_locked_down() was supposed to +abort the function only in case (change_irq || change_port) is true. + +Note that security_locked_down() should be called last in any series of +checks, since the SELinux implementation of this hook will do a check +against the policy and generate an audit record in case of denial. If +the operation was to carry on after calling security_locked_down(), then +the SELinux denial record would be bogus. + +See commit 59438b46471a ("security,lockdown,selinux: implement SELinux +lockdown") for how SELinux implements this hook. + +Fixes: 794edf30ee6c ("lockdown: Lock down TIOCSSERIAL") +Acked-by: Kees Cook +Signed-off-by: Ondrej Mosnacek +Cc: stable +Link: https://lore.kernel.org/r/20210507115719.140799-1-omosnace@redhat.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/tty/serial/serial_core.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c +index 87f7127b57e6..18ff85a83f80 100644 +--- a/drivers/tty/serial/serial_core.c ++++ b/drivers/tty/serial/serial_core.c +@@ -863,9 +863,11 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port, + goto check_and_exit; + } + +- retval = security_locked_down(LOCKDOWN_TIOCSSERIAL); +- if (retval && (change_irq || change_port)) +- goto exit; ++ if (change_irq || change_port) { ++ retval = security_locked_down(LOCKDOWN_TIOCSSERIAL); ++ if (retval) ++ goto exit; ++ } + + /* + * Ask the low level driver to verify the settings. +-- +2.26.2 + diff --git a/patches.suse/serial-sh-sci-Fix-off-by-one-error-in-FIFO-threshold.patch b/patches.suse/serial-sh-sci-Fix-off-by-one-error-in-FIFO-threshold.patch new file mode 100644 index 0000000..d52df0f --- /dev/null +++ b/patches.suse/serial-sh-sci-Fix-off-by-one-error-in-FIFO-threshold.patch @@ -0,0 +1,55 @@ +From 2ea2e019c190ee3973ef7bcaf829d8762e56e635 Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Mon, 10 May 2021 14:07:55 +0200 +Subject: [PATCH] serial: sh-sci: Fix off-by-one error in FIFO threshold register setting +Git-commit: 2ea2e019c190ee3973ef7bcaf829d8762e56e635 +Patch-mainline: v5.13-rc4 +References: git-fixes + +The Receive FIFO Data Count Trigger field (RTRG[6:0]) in the Receive +FIFO Data Count Trigger Register (HSRTRGR) of HSCIF can only hold values +ranging from 0-127. As the FIFO size is equal to 128 on HSCIF, the user +can write an out-of-range value, touching reserved bits. + +Fix this by limiting the trigger value to the FIFO size minus one. +Reverse the order of the checks, to avoid rx_trig becoming zero if the +FIFO size is one. + +Note that this change has no impact on other SCIF variants, as their +maximum supported trigger value is lower than the FIFO size anyway, and +the code below takes care of enforcing these limits. + +Fixes: a380ed461f66d1b8 ("serial: sh-sci: implement FIFO threshold register setting") +Reported-by: Linh Phung +Reviewed-by: Wolfram Sang +Reviewed-by: Ulrich Hecht +Signed-off-by: Geert Uytterhoeven +Cc: stable +Link: https://lore.kernel.org/r/5eff320aef92ffb33d00e57979fd3603bbb4a70f.1620648218.git.geert+renesas@glider.be +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/tty/serial/sh-sci.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c +index ef37fdf37612..4baf1316ea72 100644 +--- a/drivers/tty/serial/sh-sci.c ++++ b/drivers/tty/serial/sh-sci.c +@@ -1023,10 +1023,10 @@ static int scif_set_rtrg(struct uart_port *port, int rx_trig) + { + unsigned int bits; + ++ if (rx_trig >= port->fifosize) ++ rx_trig = port->fifosize - 1; + if (rx_trig < 1) + rx_trig = 1; +- if (rx_trig >= port->fifosize) +- rx_trig = port->fifosize; + + /* HSCIF can be set to an arbitrary level. */ + if (sci_getreg(port, HSRTRGR)->size) { +-- +2.26.2 + diff --git a/patches.suse/serial-tegra-Fix-a-mask-operation-that-is-always-tru.patch b/patches.suse/serial-tegra-Fix-a-mask-operation-that-is-always-tru.patch new file mode 100644 index 0000000..133d917 --- /dev/null +++ b/patches.suse/serial-tegra-Fix-a-mask-operation-that-is-always-tru.patch @@ -0,0 +1,40 @@ +From 3ddb4ce1e6e3bd112778ab93bbd9092f23a878ec Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Mon, 26 Apr 2021 11:55:14 +0100 +Subject: [PATCH] serial: tegra: Fix a mask operation that is always true +Git-commit: 3ddb4ce1e6e3bd112778ab93bbd9092f23a878ec +Patch-mainline: v5.13-rc4 +References: git-fixes + +Currently the expression lsr | UART_LSR_TEMT is always true and +this seems suspect. I believe the intent was to mask lsr with UART_LSR_TEMT +to check that bit, so the expression should be using the & operator +instead. Fix this. + +Fixes: b9c2470fb150 ("serial: tegra: flush the RX fifo on frame error") +Signed-off-by: Colin Ian King +Cc: stable +Link: https://lore.kernel.org/r/20210426105514.23268-1-colin.king@canonical.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/tty/serial/serial-tegra.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/tty/serial/serial-tegra.c b/drivers/tty/serial/serial-tegra.c +index bbae072a125d..222032792d6c 100644 +--- a/drivers/tty/serial/serial-tegra.c ++++ b/drivers/tty/serial/serial-tegra.c +@@ -338,7 +338,7 @@ static void tegra_uart_fifo_reset(struct tegra_uart_port *tup, u8 fcr_bits) + + do { + lsr = tegra_uart_read(tup, UART_LSR); +- if ((lsr | UART_LSR_TEMT) && !(lsr & UART_LSR_DR)) ++ if ((lsr & UART_LSR_TEMT) && !(lsr & UART_LSR_DR)) + break; + udelay(1); + } while (--tmout); +-- +2.26.2 + diff --git a/patches.suse/staging-emxx_udc-fix-loop-in-_nbu2ss_nuke.patch b/patches.suse/staging-emxx_udc-fix-loop-in-_nbu2ss_nuke.patch new file mode 100644 index 0000000..8a1e8b4 --- /dev/null +++ b/patches.suse/staging-emxx_udc-fix-loop-in-_nbu2ss_nuke.patch @@ -0,0 +1,49 @@ +From e0112a7c9e847ada15a631b88e279d547e8f26a7 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 19 May 2021 17:16:50 +0300 +Subject: [PATCH] staging: emxx_udc: fix loop in _nbu2ss_nuke() +Git-commit: e0112a7c9e847ada15a631b88e279d547e8f26a7 +Patch-mainline: v5.13-rc4 +References: git-fixes + +The _nbu2ss_ep_done() function calls: + + list_del_init(&req->queue); + +which means that the loop will never exit. + +Fixes: ca3d253eb967 ("Staging: emxx_udc: Iterate list using list_for_each_entry") +Signed-off-by: Dan Carpenter +Link: https://lore.kernel.org/r/YKUd0sDyjm/lkJfJ@mwanda +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/staging/emxx_udc/emxx_udc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/staging/emxx_udc/emxx_udc.c b/drivers/staging/emxx_udc/emxx_udc.c +index 741147a4f0fe..ecc5c9da9027 100644 +--- a/drivers/staging/emxx_udc/emxx_udc.c ++++ b/drivers/staging/emxx_udc/emxx_udc.c +@@ -2064,7 +2064,7 @@ static int _nbu2ss_nuke(struct nbu2ss_udc *udc, + struct nbu2ss_ep *ep, + int status) + { +- struct nbu2ss_req *req; ++ struct nbu2ss_req *req, *n; + + /* Endpoint Disable */ + _nbu2ss_epn_exit(udc, ep); +@@ -2076,7 +2076,7 @@ static int _nbu2ss_nuke(struct nbu2ss_udc *udc, + return 0; + + /* called with irqs blocked */ +- list_for_each_entry(req, &ep->queue, queue) { ++ list_for_each_entry_safe(req, n, &ep->queue, queue) { + _nbu2ss_ep_done(ep, req, status); + } + +-- +2.26.2 + diff --git a/patches.suse/staging-iio-cdc-ad7746-avoid-overwrite-of-num_channe.patch b/patches.suse/staging-iio-cdc-ad7746-avoid-overwrite-of-num_channe.patch new file mode 100644 index 0000000..a07e487 --- /dev/null +++ b/patches.suse/staging-iio-cdc-ad7746-avoid-overwrite-of-num_channe.patch @@ -0,0 +1,38 @@ +From 04f5b9f539ce314f758d919a14dc7a669f3b7838 Mon Sep 17 00:00:00 2001 +From: Lucas Stankus +Date: Tue, 11 May 2021 17:54:18 -0300 +Subject: [PATCH] staging: iio: cdc: ad7746: avoid overwrite of num_channels +Git-commit: 04f5b9f539ce314f758d919a14dc7a669f3b7838 +Patch-mainline: v5.13-rc4 +References: git-fixes + +AD7745 devices don't have the CIN2 pins and therefore can't handle related +channels. Forcing the number of AD7746 channels may lead to enabling more +channels than what the hardware actually supports. +Avoid num_channels being overwritten after first assignment. + +Signed-off-by: Lucas Stankus +Fixes: 83e416f458d53 ("staging: iio: adc: Replace, rewrite ad7745 from scratch.") +Signed-off-by: Jonathan Cameron +Cc: +Acked-by: Takashi Iwai + +--- + drivers/staging/iio/cdc/ad7746.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/staging/iio/cdc/ad7746.c b/drivers/staging/iio/cdc/ad7746.c +index dfd71e99e872..eab534dc4bcc 100644 +--- a/drivers/staging/iio/cdc/ad7746.c ++++ b/drivers/staging/iio/cdc/ad7746.c +@@ -700,7 +700,6 @@ static int ad7746_probe(struct i2c_client *client, + indio_dev->num_channels = ARRAY_SIZE(ad7746_channels); + else + indio_dev->num_channels = ARRAY_SIZE(ad7746_channels) - 2; +- indio_dev->num_channels = ARRAY_SIZE(ad7746_channels); + indio_dev->modes = INDIO_DIRECT_MODE; + + if (pdata) { +-- +2.26.2 + diff --git a/patches.suse/thunderbolt-dma_port-Fix-NVM-read-buffer-bounds-and-.patch b/patches.suse/thunderbolt-dma_port-Fix-NVM-read-buffer-bounds-and-.patch new file mode 100644 index 0000000..1adc53a --- /dev/null +++ b/patches.suse/thunderbolt-dma_port-Fix-NVM-read-buffer-bounds-and-.patch @@ -0,0 +1,68 @@ +From b106776080a1cf953a1b2fd50cb2a995db4732be Mon Sep 17 00:00:00 2001 +From: Mathias Nyman +Date: Tue, 27 Apr 2021 15:48:29 +0300 +Subject: [PATCH] thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue +Git-commit: b106776080a1cf953a1b2fd50cb2a995db4732be +Patch-mainline: v5.13-rc4 +References: git-fixes + +Up to 64 bytes of data can be read from NVM in one go. Read address +must be dword aligned. Data is read into a local buffer. + +If caller asks to read data starting at an unaligned address then full +dword is anyway read from NVM into a local buffer. Data is then copied +from the local buffer starting at the unaligned offset to the caller +buffer. + +In cases where asked data length + unaligned offset is over 64 bytes +we need to make sure we don't read past the 64 bytes in the local +buffer when copying to caller buffer, and make sure that we don't +skip copying unaligned offset bytes from local buffer anymore after +the first round of 64 byte NVM data read. + +Fixes: 3e13676862f9 ("thunderbolt: Add support for DMA configuration based mailbox") +Cc: stable@vger.kernel.org +Signed-off-by: Mathias Nyman +Signed-off-by: Mika Westerberg +Acked-by: Takashi Iwai + +--- + drivers/thunderbolt/dma_port.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/drivers/thunderbolt/dma_port.c b/drivers/thunderbolt/dma_port.c +index 7288aaf01ae6..5631319f7b20 100644 +--- a/drivers/thunderbolt/dma_port.c ++++ b/drivers/thunderbolt/dma_port.c +@@ -366,15 +366,15 @@ int dma_port_flash_read(struct tb_dma_port *dma, unsigned int address, + void *buf, size_t size) + { + unsigned int retries = DMA_PORT_RETRIES; +- unsigned int offset; +- +- offset = address & 3; +- address = address & ~3; + + do { +- u32 nbytes = min_t(u32, size, MAIL_DATA_DWORDS * 4); ++ unsigned int offset; ++ size_t nbytes; + int ret; + ++ offset = address & 3; ++ nbytes = min_t(size_t, size + offset, MAIL_DATA_DWORDS * 4); ++ + ret = dma_port_flash_read_block(dma, address, dma->buf, + ALIGN(nbytes, 4)); + if (ret) { +@@ -386,6 +386,7 @@ int dma_port_flash_read(struct tb_dma_port *dma, unsigned int address, + return ret; + } + ++ nbytes -= offset; + memcpy(buf, dma->buf + offset, nbytes); + + size -= nbytes; +-- +2.26.2 + diff --git a/patches.suse/usb-dwc3-gadget-Enable-suspend-events.patch b/patches.suse/usb-dwc3-gadget-Enable-suspend-events.patch new file mode 100644 index 0000000..63c3576 --- /dev/null +++ b/patches.suse/usb-dwc3-gadget-Enable-suspend-events.patch @@ -0,0 +1,43 @@ +From d1d90dd27254c44d087ad3f8b5b3e4fff0571f45 Mon Sep 17 00:00:00 2001 +From: Jack Pham +Date: Wed, 28 Apr 2021 02:01:10 -0700 +Subject: [PATCH] usb: dwc3: gadget: Enable suspend events +Git-commit: d1d90dd27254c44d087ad3f8b5b3e4fff0571f45 +Patch-mainline: v5.13-rc2 +References: git-fixes + +[ backport note: open-coded the missing DWC3_VER_IS_PRIOR() macro -- tiwai ] + +commit 72704f876f50 ("dwc3: gadget: Implement the suspend entry event +handler") introduced (nearly 5 years ago!) an interrupt handler for +U3/L1-L2 suspend events. The problem is that these events aren't +currently enabled in the DEVTEN register so the handler is never +even invoked. Fix this simply by enabling the corresponding bit +in dwc3_gadget_enable_irq() using the same revision check as found +in the handler. + +Fixes: 72704f876f50 ("dwc3: gadget: Implement the suspend entry event handler") +Acked-by: Felipe Balbi +Signed-off-by: Jack Pham +Cc: stable +Link: https://lore.kernel.org/r/20210428090111.3370-1-jackp@codeaurora.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/dwc3/gadget.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -1959,6 +1959,10 @@ static void dwc3_gadget_enable_irq(struc + if (dwc->revision < DWC3_REVISION_250A) + reg |= DWC3_DEVTEN_ULSTCNGEN; + ++ /* On 2.30a and above this bit enables U3/L2-L1 Suspend Events */ ++ if (dwc->revision >= DWC3_REVISION_230A) ++ reg |= DWC3_DEVTEN_EOPFEN; ++ + dwc3_writel(dwc->regs, DWC3_DEVTEN, reg); + } + diff --git a/patches.suse/usb-gadget-udc-renesas_usb3-Fix-a-race-in-usb3_start.patch b/patches.suse/usb-gadget-udc-renesas_usb3-Fix-a-race-in-usb3_start.patch new file mode 100644 index 0000000..a2fed00 --- /dev/null +++ b/patches.suse/usb-gadget-udc-renesas_usb3-Fix-a-race-in-usb3_start.patch @@ -0,0 +1,69 @@ +From e752dbc59e1241b13b8c4f7b6eb582862e7668fe Mon Sep 17 00:00:00 2001 +From: Yoshihiro Shimoda +Date: Mon, 24 May 2021 15:01:55 +0900 +Subject: [PATCH] usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() +Git-commit: e752dbc59e1241b13b8c4f7b6eb582862e7668fe +Patch-mainline: v5.13-rc4 +References: git-fixes + +The usb3_start_pipen() is called by renesas_usb3_ep_queue() and +usb3_request_done_pipen() so that usb3_start_pipen() is possible +to cause a race when getting usb3_first_req like below: + +renesas_usb3_ep_queue() + spin_lock_irqsave() + list_add_tail() + spin_unlock_irqrestore() + usb3_start_pipen() + usb3_first_req = usb3_get_request() --- [1] + --- interrupt --- + usb3_irq_dma_int() + usb3_request_done_pipen() + usb3_get_request() + usb3_start_pipen() + usb3_first_req = usb3_get_request() + ... + (the req is possible to be finished in the interrupt) + +The usb3_first_req [1] above may have been finished after the interrupt +ended so that this driver caused to start a transfer wrongly. To fix this +issue, getting/checking the usb3_first_req are under spin_lock_irqsave() +in the same section. + +Fixes: 746bfe63bba3 ("usb: gadget: renesas_usb3: add support for Renesas USB3.0 peripheral controller") +Cc: stable +Signed-off-by: Yoshihiro Shimoda +Link: https://lore.kernel.org/r/20210524060155.1178724-1-yoshihiro.shimoda.uh@renesas.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/gadget/udc/renesas_usb3.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c +index 0c418ce50ba0..f1b35a39d1ba 100644 +--- a/drivers/usb/gadget/udc/renesas_usb3.c ++++ b/drivers/usb/gadget/udc/renesas_usb3.c +@@ -1488,7 +1488,7 @@ static void usb3_start_pipen(struct renesas_usb3_ep *usb3_ep, + struct renesas_usb3_request *usb3_req) + { + struct renesas_usb3 *usb3 = usb3_ep_to_usb3(usb3_ep); +- struct renesas_usb3_request *usb3_req_first = usb3_get_request(usb3_ep); ++ struct renesas_usb3_request *usb3_req_first; + unsigned long flags; + int ret = -EAGAIN; + u32 enable_bits = 0; +@@ -1496,7 +1496,8 @@ static void usb3_start_pipen(struct renesas_usb3_ep *usb3_ep, + spin_lock_irqsave(&usb3->lock, flags); + if (usb3_ep->halt || usb3_ep->started) + goto out; +- if (usb3_req != usb3_req_first) ++ usb3_req_first = __usb3_get_request(usb3_ep); ++ if (!usb3_req_first || usb3_req != usb3_req_first) + goto out; + + if (usb3_pn_change(usb3, usb3_ep->num) < 0) +-- +2.26.2 + diff --git a/patches.suse/x86-cpu-initialize-msr_tsc_aux-if-rdtscp-or-rdpid-is-supported.patch b/patches.suse/x86-cpu-initialize-msr_tsc_aux-if-rdtscp-or-rdpid-is-supported.patch new file mode 100644 index 0000000..e17606f --- /dev/null +++ b/patches.suse/x86-cpu-initialize-msr_tsc_aux-if-rdtscp-or-rdpid-is-supported.patch @@ -0,0 +1,45 @@ +From: Sean Christopherson +Date: Tue, 4 May 2021 15:56:31 -0700 +Subject: x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported +Git-commit: b6b4fbd90b155a0025223df2c137af8a701d53b3 +Patch-mainline: v5.13-rc1 +References: bsc#1152489 + +Initialize MSR_TSC_AUX with CPU node information if RDTSCP or RDPID is +supported. This fixes a bug where vdso_read_cpunode() will read garbage +via RDPID if RDPID is supported but RDTSCP is not. While no known CPU +supports RDPID but not RDTSCP, both Intel's SDM and AMD's APM allow for +RDPID to exist without RDTSCP, e.g. it's technically a legal CPU model +for a virtual machine. + +Note, technically MSR_TSC_AUX could be initialized if and only if RDPID +is supported since RDTSCP is currently not used to retrieve the CPU node. +But, the cost of the superfluous WRMSR is negigible, whereas leaving +MSR_TSC_AUX uninitialized is just asking for future breakage if someone +decides to utilize RDTSCP. + +Fixes: a582c540ac1b ("x86/vdso: Use RDPID in preference to LSL when available") +Signed-off-by: Sean Christopherson +Signed-off-by: Thomas Gleixner +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210504225632.1532621-2-seanjc@google.com + +Acked-by: Borislav Petkov +--- + arch/x86/kernel/cpu/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 6bdb69a9a7dc..490bed07fe35 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -1851,7 +1851,7 @@ static inline void setup_getcpu(int cpu) + unsigned long cpudata = vdso_encode_cpunode(cpu, early_cpu_to_node(cpu)); + struct desc_struct d = { }; + +- if (boot_cpu_has(X86_FEATURE_RDTSCP)) ++ if (boot_cpu_has(X86_FEATURE_RDTSCP) || boot_cpu_has(X86_FEATURE_RDPID)) + write_rdtscp_aux(cpudata); + + /* Store CPU and node number in limit. */ + diff --git a/series.conf b/series.conf index d3183e0..3126400 100644 --- a/series.conf +++ b/series.conf @@ -984,6 +984,10 @@ patches.suse/net-hns3-Add-support-for-using-order-1-pages-with-a-.patch patches.suse/net-hns3-use-dev_info-instead-of-pr_info.patch patches.suse/NFC-fix-attrs-checks-in-netlink-interface.patch + patches.suse/NFC-nxp-nci-Add-NXP1001-to-the-ACPI-ID-table.patch + patches.suse/NFC-nxp-nci-Get-rid-of-platform-data.patch + patches.suse/NFC-nxp-nci-Convert-to-use-GPIO-descriptor.patch + patches.suse/NFC-nxp-nci-Add-GPIO-ACPI-mapping-table.patch patches.suse/bnxt_en-Update-firmware-interface-spec.-to-1.10.0.89.patch patches.suse/bnxt_en-Add-TPA-structure-definitions-for-BCM57500-c.patch patches.suse/bnxt_en-Refactor-TPA-logic.patch @@ -13316,6 +13320,7 @@ patches.suse/x86-cpu-amd-make-erratum-1054-a-legacy-erratum.patch patches.suse/ACPI-IORT-Fix-PMCG-node-single-ID-mapping-handling.patch patches.suse/arm64-insn-Fix-two-bugs-in-encoding-32-bit-logical-i.patch + patches.suse/arm-mm-use-__pfn_to_section-to-get-mem_section.patch patches.suse/arm64-kexec_file-print-appropriate-variable.patch patches.suse/arm64-cacheflush-Fix-KGDB-trap-detection.patch patches.suse/drivers-perf-hisi-Permit-modular-builds-of-HiSilicon.patch @@ -14627,6 +14632,7 @@ patches.suse/fuse-fix-parameter-for-fs_ioc_-get-set-flags.patch patches.suse/nvme-explicitly-update-mpath-disk-capacity-on-revali.patch patches.suse/drivers-perf-Fix-kernel-panic-when-rmmod-PMU-modules.patch + patches.suse/arm64-ptrace-Use-NO_SYSCALL-instead-of-1-in-syscall_.patch patches.suse/bus-ti-sysc-Do-not-disable-on-suspend-for-no-idle.patch patches.suse/NFS-Fix-interrupted-slots-by-sending-a-solo-SEQUENCE.patch patches.suse/xprtrdma-fix-incorrect-header-size-calculations.patch @@ -15638,6 +15644,7 @@ patches.suse/Revert-scsi-qla2xxx-Fix-crash-on-qla2x00_mailbox_com.patch patches.suse/Revert-scsi-qla2xxx-Disable-T10-DIF-feature-with-FC-.patch patches.suse/s390-cio-add-cond_resched-in-the-slow_eval_known_fn-loop + patches.suse/ARM64-vdso32-Install-vdso32-from-vdso_install.patch patches.suse/epoll-Keep-a-reference-on-files-added-to-the-check-list.patch patches.suse/do_epoll_ctl-clean-the-failure-exits-up-a-bit.patch patches.suse/net-gianfar-Add-of_node_put-before-goto-statement.patch @@ -15705,6 +15712,7 @@ patches.suse/writeback-Avoid-skipping-inode-writeback.patch patches.suse/writeback-Fix-sync-livelock-due-to-b_dirty_time-proc.patch patches.suse/writeback-Drop-I_DIRTY_TIME_EXPIRE.patch + patches.suse/arm64-vdso32-make-vdso32-install-conditional.patch patches.suse/PM-sleep-core-Fix-the-handling-of-pending-runtime-re.patch patches.suse/device-property-Fix-the-secondary-firmware-node-hand.patch patches.suse/hwmon-applesmc-check-status-earlier.patch @@ -16266,6 +16274,7 @@ patches.suse/0004-md-bitmap-md_bitmap_read_sb-uses-wrong-bitmap-blocks.patch patches.suse/0005-md-bitmap-md_bitmap_get_counter-returns-wrong-blocks.patch patches.suse/0006-md-bitmap-fix-memory-leak-of-temporary-bitmap.patch + patches.suse/Revert-arm64-vdso-Fix-compilation-with-clang-older-t.patch patches.suse/mmswapfile.c-fix-potential-memory-leak-in-sys_swapon.patch patches.suse/msft-hv-2161-hv-clocksource-Add-notrace-attribute-to-read_hv_sche.patch patches.suse/xen-gntdev.c-Mark-pages-as-dirty.patch @@ -16715,6 +16724,7 @@ patches.suse/vfio-iommu-add-dma-available-capability patches.suse/module-statically-initialize-init-section-freeing-da.patch patches.suse/Werror-return-type.patch + patches.suse/arm64-link-with-z-norelro-regardless-of-CONFIG_RELOC.patch patches.suse/KVM-x86-mmu-Commit-zap-of-remaining-invalid-pages-wh.patch patches.suse/kvm-nvmx-reload-vmcs01-if-getting-vmcs12-s-pages-fails patches.suse/kvm-x86-add-rip-to-the-kvm_entry-i-e-vm-enter-tracepoint @@ -16818,6 +16828,7 @@ patches.suse/ACPI-NFIT-Fix-comparison-to-ENXIO.patch patches.suse/ACPI-dock-fix-enum-conversion-warning.patch patches.suse/KVM-arm64-ARM_SMCCC_ARCH_WORKAROUND_1-doesn-t-return.patch + patches.suse/arm64-avoid-Woverride-init-warning.patch patches.suse/btrfs-fix-relocation-failure-due-to-race-with-falloc.patch patches.suse/btrfs-fix-use-after-free-on-readahead-extent-after-f.patch patches.suse/btrfs-fix-readahead-hang-and-use-after-free-after-re.patch @@ -17930,6 +17941,7 @@ patches.suse/net-mlx5e-Fix-two-double-free-cases.patch patches.suse/net-mlx5e-Fix-memleak-in-mlx5e_create_l2_table_group.patch patches.suse/arm64-mm-fix-arch_low_address_limit-when-config_zone_dma.patch + patches.suse/arm64-link-with-z-norelro-for-LLD-or-aarch64-elf.patch patches.suse/iommu-intel-fix-memleak-in-intel_irq_remapping_alloc patches.suse/iommu-vt-d-move-intel_iommu-info-from-struct-intel_svm-to-struct-intel_svm_dev patches.suse/iommu-vt-d-fix-general-protection-fault-in-aux_detach_device @@ -18589,6 +18601,9 @@ patches.suse/0008-drm-msm-Fix-races-managing-the-OOB-state-for-timesta.patch patches.suse/pwm-rockchip-rockchip_pwm_probe-Remove-superfluous-c.patch patches.suse/0027-mm-rmap-fix-potential-pte_unmap-on-an-not-mapped-pte.patch + patches.suse/arm64-kexec_file-fix-memory-leakage-in-create_dtb-wh.patch + patches.suse/arm64-Add-missing-ISB-after-invalidating-TLB-in-__pr.patch + patches.suse/arm64-ptrace-Fix-seccomp-of-traced-syscall-1-NO_SYSC.patch patches.suse/cifs-New-optype-for-session-operations-.patch patches.suse/cifs-fix-nodfs-mount-option.patch patches.suse/cifs-check-all-path-components-in-resolved-dfs-target.patch @@ -18675,6 +18690,8 @@ patches.suse/xen-events-reset-affinity-of-2-level-event-when-tear.patch patches.suse/xen-events-don-t-unmask-an-event-channel-when-an-eoi.patch patches.suse/xen-events-avoid-handling-the-same-event-on-two-cpus.patch + patches.suse/arm64-mm-Fix-pfn_valid-for-ZONE_DEVICE-based-memory.patch + patches.suse/arm64-kasan-fix-page_alloc-tagging-with-DEBUG_VIRTUA.patch patches.suse/configfs-fix-a-use-after-free-in-__configfs_open_file.patch patches.suse/mmc-core-Fix-partition-switch-time-for-eMMC.patch patches.suse/mmc-cqhci-Fix-random-crash-when-remove-mmc-module-ca.patch @@ -18847,6 +18864,7 @@ patches.suse/libbpf-Fix-BTF-dump-of-pointer-to-array-of-struct.patch patches.suse/can-peak_usb-Revert-can-peak_usb-add-forgotten-suppo.patch patches.suse/net-mlx5e-Fix-error-path-for-ethtool-set-priv-flag.patch + patches.suse/arm64-kdump-update-ppos-when-reading-elfcorehdr.patch patches.suse/btrfs-fix-subvolume-snapshot-deletion-not-triggered-.patch patches.suse/drm-msm-adreno-a5xx_power-Don-t-apply-A540-lm_setup-.patch patches.suse/drm-msm-Ratelimit-invalid-fence-message.patch @@ -19120,6 +19138,7 @@ patches.suse/spi-fsl-lpspi-Fix-PM-reference-leak-in-lpspi_prepare.patch patches.suse/spi-omap-100k-Fix-reference-leak-to-master.patch patches.suse/spi-qup-fix-PM-reference-leak-in-spi_qup_remove.patch + patches.suse/ceph-fix-up-error-handling-with-snapdirs.patch patches.suse/media-ite-cir-check-for-receive-overflow.patch patches.suse/media-dvb-usb-Fix-memory-leak-at-error-in-dvb_usb_de.patch patches.suse/media-dvb-usb-Fix-use-after-free-access.patch @@ -19420,6 +19439,9 @@ patches.suse/ACPI-custom_method-fix-potential-use-after-free-issu.patch patches.suse/ACPI-custom_method-fix-a-possible-memory-leak.patch patches.suse/ftrace-handle-commands-when-closing-set_ftrace_filter-file.patch + patches.suse/ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch + patches.suse/ceph-only-check-pool-permissions-for-regular-files.patch + patches.suse/ceph-fix-inode-leak-on-getattr-error-in-_fh_to_dentry.patch patches.suse/Input-elants_i2c-do-not-bind-to-i2c-hid-compatible-A.patch patches.suse/Input-silead-add-workaround-for-x86-BIOS-es-which-br.patch patches.suse/fs-epoll-restore-waking-from-ep_done_scan.patch @@ -19451,6 +19473,7 @@ patches.suse/scsi-lpfc-Fix-bad-memory-access-during-VPD-DUMP-mail.patch patches.suse/scsi-fnic-Kill-exclude_id-argument-to-fnic_cleanup_i.patch patches.suse/scsi-fnic-Use-scsi_host_busy_iter-to-traverse-commands.patch + patches.suse/x86-cpu-initialize-msr_tsc_aux-if-rdtscp-or-rdpid-is-supported.patch patches.suse/Revert-337f13046ff0-futex-Allow-FUTEX_CLOCK_REALTIME.patch patches.suse/futex-Do-not-apply-time-namespace-adjustment-on-FUTE.patch patches.suse/futex-Get-rid-of-the-val2-conditional-dance.patch @@ -19471,6 +19494,7 @@ patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch patches.suse/cdc-wdm-untangle-a-circular-dependency-between-callb.patch patches.suse/usb-dwc3-pci-Enable-usb2-gadget-lpm-disable-for-Inte.patch + patches.suse/usb-dwc3-gadget-Enable-suspend-events.patch patches.suse/usb-dwc2-Fix-gadget-DMA-unmap-direction.patch patches.suse/usb-dwc3-gadget-Return-success-always-for-kick-trans.patch patches.suse/usb-dwc3-omap-improve-extcon-initialization.patch @@ -19484,6 +19508,9 @@ patches.suse/ics932s401-fix-broken-handling-of-errors-when-word-r.patch patches.suse/Revert-leds-lp5523-fix-a-missing-check-of-return-val.patch patches.suse/leds-lp5523-check-return-value-of-lp5xx_read-and-jum.patch + patches.suse/Revert-gdrom-fix-a-memory-leak-bug.patch + patches.suse/cdrom-gdrom-deallocate-struct-gdrom_unit-fields-in-r.patch + patches.suse/cdrom-gdrom-initialize-global-variable-at-init-time.patch patches.suse/msft-hv-2316-uio_hv_generic-Fix-a-memory-leak-in-error-handling-p.patch patches.suse/msft-hv-2317-uio_hv_generic-Fix-another-memory-leak-in-error-hand.patch patches.suse/platform-mellanox-mlxbf-tmfifo-Fix-a-memory-barrier-.patch @@ -19503,8 +19530,10 @@ patches.suse/mmc-sdhci-pci-gli-increase-1.8V-regulator-wait.patch patches.suse/gpio-xilinx-Correct-kernel-doc-for-xgpio_probe.patch patches.suse/nvme-fc-clear-q_live-at-beginning-of-association-tea.patch + patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch patches.suse/spi-spi-fsl-dspi-Fix-a-resource-leak-in-an-error-han.patch patches.suse/NFC-nci-fix-memory-leak-in-nci_allocate_device.patch + patches.suse/net-usb-fix-memory-leak-in-smsc75xx_bind.patch patches.suse/bpf-Wrap-aux-data-inside-bpf_sanitize_info-container.patch patches.suse/bpf-Fix-mask-direction-swap-upon-off-reg-sign-change.patch patches.suse/bpf-No-need-to-simulate-speculative-domain-for-immed.patch @@ -19515,8 +19544,28 @@ patches.suse/ALSA-usb-audio-scarlett2-snd_scarlett_gen2_controls_.patch patches.suse/ASoC-cs42l42-Regmap-must-use_single_read-write.patch patches.suse/ASoC-cs35l33-fix-an-error-code-in-probe.patch + patches.suse/SUNRPC-in-case-of-backlog-hand-free-slots-directly-t.patch + patches.suse/SUNRPC-More-fixes-for-backlog-congestion.patch + patches.suse/drm-meson-fix-shutdown-crash-when-component-not-prob.patch patches.suse/nvme-fc-short-circuit-reconnect-retries.patch patches.suse/nvme-fabrics-decode-host-pathing-error-for-connect.patch + patches.suse/misc-uss720-fix-memory-leak-in-uss720_probe.patch + patches.suse/USB-trancevibrator-fix-control-request-direction.patch + patches.suse/usb-gadget-udc-renesas_usb3-Fix-a-race-in-usb3_start.patch + patches.suse/thunderbolt-dma_port-Fix-NVM-read-buffer-bounds-and-.patch + patches.suse/serial-tegra-Fix-a-mask-operation-that-is-always-tru.patch + patches.suse/serial-core-fix-suspicious-security_locked_down-call.patch + patches.suse/serial-sh-sci-Fix-off-by-one-error-in-FIFO-threshold.patch + patches.suse/staging-emxx_udc-fix-loop-in-_nbu2ss_nuke.patch + patches.suse/iio-adc-ad7124-Fix-missbalanced-regulator-enable-dis.patch + patches.suse/iio-adc-ad7124-Fix-potential-overflow-due-to-non-seq.patch + patches.suse/staging-iio-cdc-ad7746-avoid-overwrite-of-num_channe.patch + patches.suse/iio-gyro-fxas21002c-balance-runtime-power-in-error-p.patch + patches.suse/iio-adc-ad7768-1-Fix-too-small-buffer-passed-to-iio_.patch + patches.suse/iio-adc-ad7793-Add-missing-error-code-in-ad7793_setu.patch + patches.suse/i2c-sh_mobile-Use-new-clock-calculation-formulas-for.patch + patches.suse/i2c-i801-Don-t-generate-an-interrupt-on-bus-reset.patch + patches.suse/i2c-s3c2410-fix-possible-NULL-pointer-deref-on-read-.patch # netdev/net-next patches.suse/ibmvnic-remove-default-label-from-to_string-switch.patch @@ -19524,9 +19573,9 @@ # jejb/scsi for-next patches.suse/scsi-ibmvfc-Handle-move-login-failure.patch patches.suse/scsi-ibmvfc-Avoid-move-login-if-fast-fail-is-enabled.patch + patches.suse/scsi-ibmvfc-Reinit-target-retries.patch # mkp/scsi queue - patches.suse/scsi-ibmvfc-Reinit-target-retries.patch patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch @@ -19586,12 +19635,11 @@ patches.suse/rtc-pcf2127-handle-timestamp-interrupts.patch patches.suse/nvmet-seset-ns-file-when-open-fails.patch patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch - patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch patches.suse/cpufreq-intel_pstate-Add-Icelake-servers-support-in-.patch - patches.suse/SUNRPC-in-case-of-backlog-hand-free-slots-directly-t.patch patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch patches.suse/block-genhd-use-atomic_t-for-disk_event-block.patch + patches.suse/nxp-nci-add-NXP1002-id.patch ######################################################## # kbuild/module infrastructure fixes @@ -20130,6 +20178,7 @@ patches.kabi/cfg80211-kabi-workaround.patch patches.kabi/ath10k-CVE-2020-24588-kABI-workaround.patch patches.kabi/hci_chan-amp-kABI-workaround.patch + patches.kabi/nxp-i2c-restore-includes-for-kABI.patch ######################################################## # You'd better have a good reason for adding a patch