diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2020-08-24 12:12:39 -0400 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2020-08-24 12:12:39 -0400 |
commit | 0bff46531585f4a13f924ad0dd41594060a4c2c5 (patch) | |
tree | b001aef0e3421b629abcec7dee7534a9748b58d8 | |
parent | b77cb6854553c2463b5a3a052719cd1e66bbfc19 (diff) | |
download | longterm-queue-5.2-0bff46531585f4a13f924ad0dd41594060a4c2c5.tar.gz |
drop all previously applied commits
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
6 files changed, 0 insertions, 354 deletions
diff --git a/queue/Revert-ALSA-hda-call-runtime_allow-for-all-hda-contr.patch b/queue/Revert-ALSA-hda-call-runtime_allow-for-all-hda-contr.patch deleted file mode 100644 index 387ac3fc..00000000 --- a/queue/Revert-ALSA-hda-call-runtime_allow-for-all-hda-contr.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 07c9983b567d0ef33aefc063299de95a987e12a8 Mon Sep 17 00:00:00 2001 -From: Hui Wang <hui.wang@canonical.com> -Date: Mon, 3 Aug 2020 14:46:38 +0800 -Subject: [PATCH] Revert "ALSA: hda: call runtime_allow() for all hda - controllers" - -commit 07c9983b567d0ef33aefc063299de95a987e12a8 upstream. - -This reverts commit 9a6418487b56 ("ALSA: hda: call runtime_allow() -for all hda controllers"). - -The reverted patch already introduced some regressions on some -machines: - - on gemini-lake machines, the error of "azx_get_response timeout" - happens in the hda driver. - - on the machines with alc662 codec, the audio jack detection doesn't - work anymore. - -Fixes: 9a6418487b56 ("ALSA: hda: call runtime_allow() for all hda controllers") -BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208511 -Cc: <stable@vger.kernel.org> -Signed-off-by: Hui Wang <hui.wang@canonical.com> -Link: https://lore.kernel.org/r/20200803064638.6139-1-hui.wang@canonical.com -Signed-off-by: Takashi Iwai <tiwai@suse.de> - -diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c -index e699873c8293..e34a4d5d047c 100644 ---- a/sound/pci/hda/hda_intel.c -+++ b/sound/pci/hda/hda_intel.c -@@ -2352,7 +2352,6 @@ static int azx_probe_continue(struct azx *chip) - - if (azx_has_pm_runtime(chip)) { - pm_runtime_use_autosuspend(&pci->dev); -- pm_runtime_allow(&pci->dev); - pm_runtime_put_autosuspend(&pci->dev); - } - --- -2.27.0 - diff --git a/queue/Revert-powerpc-kasan-Fix-shadow-pages-allocation-fai.patch b/queue/Revert-powerpc-kasan-Fix-shadow-pages-allocation-fai.patch deleted file mode 100644 index 260352f1..00000000 --- a/queue/Revert-powerpc-kasan-Fix-shadow-pages-allocation-fai.patch +++ /dev/null @@ -1,80 +0,0 @@ -From b506923ee44ae87fc9f4de16b53feb313623e146 Mon Sep 17 00:00:00 2001 -From: Christophe Leroy <christophe.leroy@csgroup.eu> -Date: Thu, 2 Jul 2020 11:52:02 +0000 -Subject: [PATCH] Revert "powerpc/kasan: Fix shadow pages allocation failure" - -commit b506923ee44ae87fc9f4de16b53feb313623e146 upstream. - -This reverts commit d2a91cef9bbdeb87b7449fdab1a6be6000930210. - -This commit moved too much work in kasan_init(). The allocation -of shadow pages has to be moved for the reason explained in that -patch, but the allocation of page tables still need to be done -before switching to the final hash table. - -First revert the incorrect commit, following patch redoes it -properly. - -Fixes: d2a91cef9bbd ("powerpc/kasan: Fix shadow pages allocation failure") -Cc: stable@vger.kernel.org -Reported-by: Erhard F. <erhard_f@mailbox.org> -Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> -Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> -Link: https://bugzilla.kernel.org/show_bug.cgi?id=208181 -Link: https://lore.kernel.org/r/3667deb0911affbf999b99f87c31c77d5e870cd2.1593690707.git.christophe.leroy@csgroup.eu - -diff --git a/arch/powerpc/include/asm/kasan.h b/arch/powerpc/include/asm/kasan.h -index be85c7005fb1..d635b96c7ea6 100644 ---- a/arch/powerpc/include/asm/kasan.h -+++ b/arch/powerpc/include/asm/kasan.h -@@ -27,10 +27,12 @@ - - #ifdef CONFIG_KASAN - void kasan_early_init(void); -+void kasan_mmu_init(void); - void kasan_init(void); - void kasan_late_init(void); - #else - static inline void kasan_init(void) { } -+static inline void kasan_mmu_init(void) { } - static inline void kasan_late_init(void) { } - #endif - -diff --git a/arch/powerpc/mm/init_32.c b/arch/powerpc/mm/init_32.c -index 5a5469eb3174..bf1717f8d5f4 100644 ---- a/arch/powerpc/mm/init_32.c -+++ b/arch/powerpc/mm/init_32.c -@@ -171,6 +171,8 @@ void __init MMU_init(void) - btext_unmap(); - #endif - -+ kasan_mmu_init(); -+ - setup_kup(); - - /* Shortly after that, the entire linear mapping will be available */ -diff --git a/arch/powerpc/mm/kasan/kasan_init_32.c b/arch/powerpc/mm/kasan/kasan_init_32.c -index 0760e1e754e4..4813c6d50889 100644 ---- a/arch/powerpc/mm/kasan/kasan_init_32.c -+++ b/arch/powerpc/mm/kasan/kasan_init_32.c -@@ -117,7 +117,7 @@ static void __init kasan_unmap_early_shadow_vmalloc(void) - kasan_update_early_region(k_start, k_end, __pte(0)); - } - --static void __init kasan_mmu_init(void) -+void __init kasan_mmu_init(void) - { - int ret; - struct memblock_region *reg; -@@ -146,8 +146,6 @@ static void __init kasan_mmu_init(void) - - void __init kasan_init(void) - { -- kasan_mmu_init(); -- - kasan_remap_early_shadow_ro(); - - clear_page(kasan_early_shadow_page); --- -2.27.0 - diff --git a/queue/Revert-vxlan-fix-tos-value-before-xmit.patch b/queue/Revert-vxlan-fix-tos-value-before-xmit.patch deleted file mode 100644 index e76cb064..00000000 --- a/queue/Revert-vxlan-fix-tos-value-before-xmit.patch +++ /dev/null @@ -1,64 +0,0 @@ -From a0dced17ad9dc08b1b25e0065b54c97a318e6e8b Mon Sep 17 00:00:00 2001 -From: Hangbin Liu <liuhangbin@gmail.com> -Date: Wed, 5 Aug 2020 10:41:31 +0800 -Subject: [PATCH] Revert "vxlan: fix tos value before xmit" - -commit a0dced17ad9dc08b1b25e0065b54c97a318e6e8b upstream. - -This reverts commit 71130f29979c7c7956b040673e6b9d5643003176. - -In commit 71130f29979c ("vxlan: fix tos value before xmit") we want to -make sure the tos value are filtered by RT_TOS() based on RFC1349. - - 0 1 2 3 4 5 6 7 - +-----+-----+-----+-----+-----+-----+-----+-----+ - | PRECEDENCE | TOS | MBZ | - +-----+-----+-----+-----+-----+-----+-----+-----+ - -But RFC1349 has been obsoleted by RFC2474. The new DSCP field defined like - - 0 1 2 3 4 5 6 7 - +-----+-----+-----+-----+-----+-----+-----+-----+ - | DS FIELD, DSCP | ECN FIELD | - +-----+-----+-----+-----+-----+-----+-----+-----+ - -So with - -IPTOS_TOS_MASK 0x1E -RT_TOS(tos) ((tos)&IPTOS_TOS_MASK) - -the first 3 bits DSCP info will get lost. - -To take all the DSCP info in xmit, we should revert the patch and just push -all tos bits to ip_tunnel_ecn_encap(), which will handling ECN field later. - -Fixes: 71130f29979c ("vxlan: fix tos value before xmit") -Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> -Acked-by: Guillaume Nault <gnault@redhat.com> -Signed-off-by: David S. Miller <davem@davemloft.net> - -diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 6d5816be6131..b9fefe27e3e8 100644 ---- a/drivers/net/vxlan.c -+++ b/drivers/net/vxlan.c -@@ -2740,7 +2740,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, - goto out_unlock; - } - -- tos = ip_tunnel_ecn_encap(RT_TOS(tos), old_iph, skb); -+ tos = ip_tunnel_ecn_encap(tos, old_iph, skb); - ttl = ttl ? : ip4_dst_hoplimit(&rt->dst); - err = vxlan_build_skb(skb, ndst, sizeof(struct iphdr), - vni, md, flags, udp_sum); -@@ -2797,7 +2797,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, - goto out_unlock; - } - -- tos = ip_tunnel_ecn_encap(RT_TOS(tos), old_iph, skb); -+ tos = ip_tunnel_ecn_encap(tos, old_iph, skb); - ttl = ttl ? : ip6_dst_hoplimit(ndst); - skb_scrub_packet(skb, xnet); - err = vxlan_build_skb(skb, ndst, sizeof(struct ipv6hdr), --- -2.27.0 - diff --git a/queue/USB-iowarrior-fix-up-report-size-handling-for-some-d.patch b/queue/USB-iowarrior-fix-up-report-size-handling-for-some-d.patch deleted file mode 100644 index cd09283c..00000000 --- a/queue/USB-iowarrior-fix-up-report-size-handling-for-some-d.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 17a82716587e9d7c3b246a789add490b2b5dcab6 Mon Sep 17 00:00:00 2001 -From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> -Date: Sun, 26 Jul 2020 11:49:39 +0200 -Subject: [PATCH] USB: iowarrior: fix up report size handling for some devices - -commit 17a82716587e9d7c3b246a789add490b2b5dcab6 upstream. - -In previous patches that added support for new iowarrior devices, the -handling of the report size was not done correct. - -Fix that up and update the copyright date for the driver - -Reworked from an original patch written by Christoph Jung. - -Fixes: bab5417f5f01 ("USB: misc: iowarrior: add support for the 100 device") -Fixes: 5f6f8da2d7b5 ("USB: misc: iowarrior: add support for the 28 and 28L devices") -Fixes: 461d8deb26a7 ("USB: misc: iowarrior: add support for 2 OEMed devices") -Cc: stable <stable@kernel.org> -Reported-by: Christoph Jung <jung@codemercs.com> -Link: https://lore.kernel.org/r/20200726094939.1268978-1-gregkh@linuxfoundation.org -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> - -diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c -index 4afd1ace3d32..70ec29681526 100644 ---- a/drivers/usb/misc/iowarrior.c -+++ b/drivers/usb/misc/iowarrior.c -@@ -2,8 +2,9 @@ - /* - * Native support for the I/O-Warrior USB devices - * -- * Copyright (c) 2003-2005 Code Mercenaries GmbH -- * written by Christian Lucht <lucht@codemercs.com> -+ * Copyright (c) 2003-2005, 2020 Code Mercenaries GmbH -+ * written by Christian Lucht <lucht@codemercs.com> and -+ * Christoph Jung <jung@codemercs.com> - * - * based on - -@@ -802,14 +803,28 @@ static int iowarrior_probe(struct usb_interface *interface, - - /* we have to check the report_size often, so remember it in the endianness suitable for our machine */ - dev->report_size = usb_endpoint_maxp(dev->int_in_endpoint); -- if ((dev->interface->cur_altsetting->desc.bInterfaceNumber == 0) && -- ((dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56) || -- (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56AM) || -- (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW28) || -- (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW28L) || -- (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW100))) -- /* IOWarrior56 has wMaxPacketSize different from report size */ -- dev->report_size = 7; -+ -+ /* -+ * Some devices need the report size to be different than the -+ * endpoint size. -+ */ -+ if (dev->interface->cur_altsetting->desc.bInterfaceNumber == 0) { -+ switch (dev->product_id) { -+ case USB_DEVICE_ID_CODEMERCS_IOW56: -+ case USB_DEVICE_ID_CODEMERCS_IOW56AM: -+ dev->report_size = 7; -+ break; -+ -+ case USB_DEVICE_ID_CODEMERCS_IOW28: -+ case USB_DEVICE_ID_CODEMERCS_IOW28L: -+ dev->report_size = 4; -+ break; -+ -+ case USB_DEVICE_ID_CODEMERCS_IOW100: -+ dev->report_size = 13; -+ break; -+ } -+ } - - /* create the urb and buffer for reading */ - dev->int_in_urb = usb_alloc_urb(0, GFP_KERNEL); --- -2.27.0 - diff --git a/queue/series b/queue/series index 73dfbc49..0df00424 100644 --- a/queue/series +++ b/queue/series @@ -1,8 +1,6 @@ USB-serial-qcserial-add-EM7305-QDL-product-ID.patch -USB-iowarrior-fix-up-report-size-handling-for-some-d.patch usb-xhci-define-IDs-for-various-ASMedia-host-control.patch usb-xhci-Fix-ASMedia-ASM1142-DMA-addressing.patch -Revert-ALSA-hda-call-runtime_allow-for-all-hda-contr.patch ALSA-hda-realtek-Add-alc269-alc662-pin-tables-for-Lo.patch ALSA-hda-ca0132-Add-new-quirk-ID-for-Recon3D.patch ALSA-hda-ca0132-Fix-ZxR-Headphone-gain-control-get-v.patch @@ -17,7 +15,6 @@ Bluetooth-Prevent-out-of-bounds-read-in-hci_inquiry_.patch omapfb-dss-Fix-max-fclk-divider-for-omap36xx.patch binder-Prevent-context-manager-from-incrementing-ref.patch Smack-fix-use-after-free-in-smk_write_relabel_self.patch -vgacon-Fix-for-missing-check-in-scrollback-handling.patch mtd-properly-check-all-write-ioctls-for-permissions.patch leds-wm831x-status-fix-use-after-free-on-unbind.patch leds-da903x-fix-use-after-free-on-unbind.patch @@ -40,7 +37,6 @@ atm-fix-atm_dev-refcnt-leaks-in-atmtcp_remove_persis.patch tools-lib-traceevent-Fix-memory-leak-in-process_dyna.patch Drivers-hv-vmbus-Ignore-CHANNELMSG_TL_CONNECT_RESULT.patch xattr-break-delegations-in-set-remove-xattr.patch -Revert-powerpc-kasan-Fix-shadow-pages-allocation-fai.patch ipv4-Silence-suspicious-RCU-usage-warning.patch ipv6-fix-memory-leaks-on-IPV6_ADDRFORM-path.patch rxrpc-Fix-race-between-recvmsg-and-sendmsg-on-immedi.patch @@ -52,7 +48,6 @@ hv_netvsc-do-not-use-VF-device-if-link-is-down.patch net-gre-recompute-gre-csum-for-sctp-over-gre-tunnels.patch net-thunderx-use-spin_lock_bh-in-nicvf_set_rx_mode_t.patch openvswitch-Prevent-kernel-infoleak-in-ovs_ct_put_ke.patch -Revert-vxlan-fix-tos-value-before-xmit.patch selftests-net-relax-cpu-affinity-requirement-in-msg_.patch tcp-apply-a-floor-of-1-for-RTT-samples-from-TCP-time.patch ima-move-APPRAISE_BOOTPARAM-dependency-on-ARCH_POLIC.patch diff --git a/queue/vgacon-Fix-for-missing-check-in-scrollback-handling.patch b/queue/vgacon-Fix-for-missing-check-in-scrollback-handling.patch deleted file mode 100644 index f97d6145..00000000 --- a/queue/vgacon-Fix-for-missing-check-in-scrollback-handling.patch +++ /dev/null @@ -1,87 +0,0 @@ -From ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d Mon Sep 17 00:00:00 2001 -From: Yunhai Zhang <zhangyunhai@nsfocus.com> -Date: Tue, 28 Jul 2020 09:58:03 +0800 -Subject: [PATCH] vgacon: Fix for missing check in scrollback handling -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -commit ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d upstream. - -vgacon_scrollback_update() always leaves enbough room in the scrollback -buffer for the next call, but if the console size changed that room -might not actually be enough, and so we need to re-check. - -The check should be in the loop since vgacon_scrollback_cur->tail is -updated in the loop and count may be more than 1 when triggered by CSI M, -as Jiri's PoC: -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/ioctl.h> -#include <fcntl.h> - -int main(int argc, char** argv) -{ - int fd = open("/dev/tty1", O_RDWR); - unsigned short size[3] = {25, 200, 0}; - ioctl(fd, 0x5609, size); // VT_RESIZE - - write(fd, "\e[1;1H", 6); - for (int i = 0; i < 30; i++) - write(fd, "\e[10M", 5); -} - -It leads to various crashes as vgacon_scrollback_update writes out of -the buffer: - BUG: unable to handle page fault for address: ffffc900001752a0 - #PF: supervisor write access in kernel mode - #PF: error_code(0x0002) - not-present page - RIP: 0010:mutex_unlock+0x13/0x30 -... - Call Trace: - n_tty_write+0x1a0/0x4d0 - tty_write+0x1a0/0x2e0 - -Or to KASAN reports: -BUG: KASAN: slab-out-of-bounds in vgacon_scroll+0x57a/0x8ed - -This fixes CVE-2020-14331. - -Reported-by: 张云海 <zhangyunhai@nsfocus.com> -Reported-by: Yang Yingliang <yangyingliang@huawei.com> -Reported-by: Kyungtae Kim <kt0755@gmail.com> -Fixes: 15bdab959c9b ([PATCH] vgacon: Add support for soft scrollback) -Cc: stable@vger.kernel.org -Cc: linux-fbdev@vger.kernel.org -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Solar Designer <solar@openwall.com> -Cc: "Srivatsa S. Bhat" <srivatsa@csail.mit.edu> -Cc: Anthony Liguori <aliguori@amazon.com> -Cc: Yang Yingliang <yangyingliang@huawei.com> -Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com> -Cc: Jiri Slaby <jirislaby@kernel.org> -Signed-off-by: Yunhai Zhang <zhangyunhai@nsfocus.com> -Link: https://lore.kernel.org/r/9fb43895-ca91-9b07-ebfd-808cf854ca95@nsfocus.com -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> - -diff --git a/drivers/video/console/vgacon.c b/drivers/video/console/vgacon.c -index f0f3d573f848..a52bb3740073 100644 ---- a/drivers/video/console/vgacon.c -+++ b/drivers/video/console/vgacon.c -@@ -251,6 +251,10 @@ static void vgacon_scrollback_update(struct vc_data *c, int t, int count) - p = (void *) (c->vc_origin + t * c->vc_size_row); - - while (count--) { -+ if ((vgacon_scrollback_cur->tail + c->vc_size_row) > -+ vgacon_scrollback_cur->size) -+ vgacon_scrollback_cur->tail = 0; -+ - scr_memcpyw(vgacon_scrollback_cur->data + - vgacon_scrollback_cur->tail, - p, c->vc_size_row); --- -2.27.0 - |