commit b311b57ad0b62a18cb81252650c6868191effc5b Author: Alexandre Frade Date: Fri Oct 30 14:26:05 2020 +0000 Linux 5.9.1-rt20-xanmod1 Signed-off-by: Alexandre Frade commit d07aebb242cb90a486f314aa1292f6b62ebd33a4 Merge: c1fab5e37784 e566bc8dafcb Author: Alexandre Frade Date: Fri Oct 30 14:25:26 2020 +0000 Merge tag 'v5.9.1-rt20' into 5.9-rt v5.9.1-rt20 commit e566bc8dafcb91751acce80c2d0389607ab7e35b Author: Sebastian Andrzej Siewior Date: Wed Oct 28 21:04:03 2020 +0100 v5.9.1-rt20 Signed-off-by: Sebastian Andrzej Siewior commit 4888a6e9a869d86e5af9870176b23d7555411768 Author: Sebastian Andrzej Siewior Date: Wed Oct 28 21:01:11 2020 +0100 blk-mq: Update the patches This is an all-in-one patch which replaces the previously applied patch blk-mq: Don't IPI requests on PREEMPT_RT with the following patches [PATCH 1/3] blk-mq: Don't complete on a remote CPU in force threaded [PATCH 2/3] blk-mq: Always complete remote completions requests in [PATCH 3/3] blk-mq: Use llist_head for blk_cpu_done which were posted on the mailing list. Signed-off-by: Sebastian Andrzej Siewior commit 23118762573d964b23a93b1878a2efed31d01f74 Author: Sebastian Andrzej Siewior Date: Wed Oct 28 20:59:33 2020 +0100 rtmutex: Make __read_rt_trylock() Make __read_rt_trylock() static since it is used only within rwlock-rt. Signed-off-by: Sebastian Andrzej Siewior commit 7063b3a6047a015ab8d6951ff01810a96a91f39c Author: Sebastian Andrzej Siewior Date: Wed Oct 28 18:15:32 2020 +0100 mm/memcontrol: Disable preemption in __mod_memcg_lruvec_state() The callers expect disabled preemption/interrupts while invoking __mod_memcg_lruvec_state(). This works mainline because a lock of somekind is acquired. Use preempt_disable_rt() where per-CPU variables are accessed and a stable pointer is expected. This is also done in __mod_zone_page_state() for the same reason. Cc: stable-rt@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior commit 053411b43812a0e6e22e11cbbaff30ffb6d58b25 Author: Sebastian Andrzej Siewior Date: Wed Oct 28 18:55:27 2020 +0100 lib/test_lockup: Minimum fix to get it compiled on PREEMPT_RT On PREEMPT_RT the locks are quite different so they can't be tested as it is done below. The alternative is test for the waitlock within rtmutex. This is the bare minim to get it compiled. Problems which exists on PREEMP_RT: - none of the locks (spinlock_t, rwlock_t, mutex_t, rw_semaphore) may be acquired with disabled preemption or interrupts. If I read the code correct the it is possible to acquire a mutex with disabled interrupts. I don't know how to obtain a lock pointer. Technically they are not exported to userland. - memory can not be allocated with disabled premption or interrupts even with GFP_ATOMIC. Signed-off-by: Sebastian Andrzej Siewior commit 4f1bfc674399b9660d9fa49e76468a6d5a89195d Author: Sebastian Andrzej Siewior Date: Sat Oct 24 00:42:48 2020 +0200 v5.9.1-rt19 Signed-off-by: Sebastian Andrzej Siewior commit 1e38a4bf4cf7c393cb7f1924e132e48401f72096 Author: Sebastian Andrzej Siewior Date: Sat Oct 24 00:41:44 2020 +0200 sched: Migrate disable support. Update to v4 This is an all in one commit including the change from v3+ to v4 as posted by Peter Zijlstra on 2020-10-23 12:11. Signed-off-by: Sebastian Andrzej Siewior commit a28a7ebb2c6231a6c42647a28b97dfb99c1ea8bf Author: Sebastian Andrzej Siewior Date: Sat Oct 24 00:35:39 2020 +0200 rtmutex: Fixup rework + continue cleanup - The rtmutex clean up in v5.9-rc8-rt12 restructured the code path and removed the blk_schedule_flush_plug() invocation from the locking path. It turns out that it is still required and has been added back. Add the flush back to rwsem-rt and mutex-rt slowpath. - Remove rt_mutex_lock_killable(), it has no users. - Use _mutex_lock_io_nested() for _mutex_lock_io() to avoid duplicated code. Signed-off-by: Sebastian Andrzej Siewior commit c50090d4c1957bdcfaeef9195dc14a1840039de5 Author: Sebastian Andrzej Siewior Date: Fri Oct 23 23:59:47 2020 +0200 Revert "printk: add pr_flush()" Mike reported that this patch may cause hangs by issuing a sysrq-b request. John suggested to remove that patch from the queue for now. Reported-by: Mike Galbraith Suggested-by: John Ogness Signed-off-by: Sebastian Andrzej Siewior Link: https://lkml.kernel.org/r/15cd3dc322eb1485fe1e67df465febdc6ad389d8.camel@gmx.de commit 147a6e190424a3ef8c327b39ba50465189073a63 Author: peterz@infradead.org Date: Tue Sep 15 16:30:28 2020 +0200 seqlock: Unbreak lockdep Upstream commit 267580db047ef428a70bef8287ca62c5a450c139 seqcount_LOCKNAME_init() needs to be a macro due to the lockdep annotation in seqcount_init(). Since a macro cannot define another macro, we need to effectively revert commit: e4e9ab3f9f91 ("seqlock: Fold seqcount_LOCKNAME_init() definition"). Fixes: e4e9ab3f9f91 ("seqlock: Fold seqcount_LOCKNAME_init() definition") Reported-by: Qian Cai Debugged-by: Boqun Feng Signed-off-by: Peter Zijlstra (Intel) Tested-by: Qian Cai Link: https://lkml.kernel.org/r/20200915143028.GB2674@hirez.programming.kicks-ass.net Signed-off-by: Sebastian Andrzej Siewior commit 8b6faa7e20870d0438471ea969a95db3525ecf23 Author: Sebastian Andrzej Siewior Date: Fri Oct 23 12:21:51 2020 +0200 blk-mq: Don't IPI requests on PREEMPT_RT blk_mq_complete_request_remote() will dispatch request completion to another CPU via IPI if the CPU belongs to a different cache domain. This breaks on PREEMPT_RT because the IPI function will complete the request in IRQ context which includes acquiring spinlock_t typed locks. Completing the IPI request in softirq on the remote CPU is probably less efficient because it would require to wake ksoftirqd for this task (which runs at SCHED_OTHER). Ignoring the IPI request and completing the request locally is probably the best option. It be completed either in the IRQ-thread or at the end of the routine in softirq context. Let blk_mq_complete_need_ipi() return that there is no need for IPI on PREEMPT_RT. Reported-by: David Runge Signed-off-by: Sebastian Andrzej Siewior commit d0e1381cb1f66be790ecc7964140345c8246eaef Author: Sebastian Andrzej Siewior Date: Wed Oct 21 13:45:16 2020 +0200 v5.9.1-rt18 Signed-off-by: Sebastian Andrzej Siewior commit 3edc0c85d1546672a47d1014e7f6e784f1167cff Author: Sebastian Andrzej Siewior Date: Tue Oct 20 17:40:27 2020 +0200 printk: Rebase on top of new ring buffer This is an all in one commit reworking the printk implementation on top of the new ring buffer which was merged in the v5.10 merge window. The printk rebase was done by John Ogness. Signed-off-by: Sebastian Andrzej Siewior commit 75608addbbec65d13a182be1138dd918d61d9b9f Author: Sebastian Andrzej Siewior Date: Tue Oct 20 16:45:44 2020 +0200 sched: Migrate disable support. Update to v3 + pending fixes This is an all in one commit including the change from v2 to v3 as posted by Peter Zijlstra 2020-10-15 13:05. Additionally changes are included which were discussed on the list. Signed-off-by: Sebastian Andrzej Siewior commit a5dd6855bde99301584c575c05a7d1776bd13322 Author: Sebastian Andrzej Siewior Date: Tue Oct 20 16:09:00 2020 +0200 v5.9.1-rt17 Signed-off-by: Sebastian Andrzej Siewior commit 64fe716ef59c02c8b7f0b8aa4a6a9f39982294fb Merge: e62b5d1e743e 213f323329f1 Author: Sebastian Andrzej Siewior Date: Tue Oct 20 16:02:06 2020 +0200 Merge tag 'v5.9.1' into linux-5.9.y-rt This is the 5.9.1 stable release Signed-off-by: Sebastian Andrzej Siewior commit 213f323329f1567e09f85ddb54cfb80769340b50 Author: Greg Kroah-Hartman Date: Sat Oct 17 08:31:22 2020 +0200 Linux 5.9.1 Tested-by: Jeffrin Jose T Tested-by: Jon Hunter Tested-by: Linux Kernel Functional Testing Tested-by: Guenter Roeck Link: https://lore.kernel.org/r/20201016090437.170032996@linuxfoundation.org Signed-off-by: Greg Kroah-Hartman commit 876ca389c95c69b0328ee887ab89207b7e4a66a3 Author: Dominik Przychodni Date: Mon Aug 31 11:59:59 2020 +0100 crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA commit 45cb6653b0c355fc1445a8069ba78a4ce8720511 upstream. Return -EINVAL for authenc(hmac(sha1),cbc(aes)), authenc(hmac(sha256),cbc(aes)) and authenc(hmac(sha512),cbc(aes)) if the cipher length is not multiple of the AES block. This is to prevent an undefined device behaviour. Fixes: d370cec32194 ("crypto: qat - Intel(R) QAT crypto interface") Cc: Signed-off-by: Dominik Przychodni [giovanni.cabiddu@intel.com: reworded commit message] Signed-off-by: Giovanni Cabiddu Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman commit a745dda98d8a4e9946f2aca751a5b0a3cc71f474 Author: Herbert Xu Date: Fri Oct 2 17:55:22 2020 +1000 crypto: bcm - Verify GCM/CCM key length in setkey commit 10a2f0b311094ffd45463a529a410a51ca025f27 upstream. The setkey function for GCM/CCM algorithms didn't verify the key length before copying the key and subtracting the salt length. This patch delays the copying of the key til after the verification has been done. It also adds checks on the key length to ensure that it's at least as long as the salt. Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver") Cc: Reported-by: kiyin(尹亮) Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman commit ffdf9f8550ee675d4270bbaa5721a6f3116d137e Author: Alex Deucher Date: Thu Jul 30 11:02:30 2020 -0400 Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" commit 2456c290a7889be492cb96092b62d16c11176f72 upstream. This regressed some working configurations so revert it. Will fix this properly for 5.9 and backport then. This reverts commit 38e0c89a19fd13f28d2b4721035160a3e66e270b. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman commit 061fe185e17a1519a75eee89462f35a5360ece8b Author: Jan Kara Date: Wed Sep 30 17:08:20 2020 +0200 reiserfs: Fix oops during mount commit c2bb80b8bdd04dfe32364b78b61b6a47f717af52 upstream. With suitably crafted reiserfs image and mount command reiserfs will crash when trying to verify that XATTR_ROOT directory can be looked up in / as that recurses back to xattr code like: xattr_lookup+0x24/0x280 fs/reiserfs/xattr.c:395 reiserfs_xattr_get+0x89/0x540 fs/reiserfs/xattr.c:677 reiserfs_get_acl+0x63/0x690 fs/reiserfs/xattr_acl.c:209 get_acl+0x152/0x2e0 fs/posix_acl.c:141 check_acl fs/namei.c:277 [inline] acl_permission_check fs/namei.c:309 [inline] generic_permission+0x2ba/0x550 fs/namei.c:353 do_inode_permission fs/namei.c:398 [inline] inode_permission+0x234/0x4a0 fs/namei.c:463 lookup_one_len+0xa6/0x200 fs/namei.c:2557 reiserfs_lookup_privroot+0x85/0x1e0 fs/reiserfs/xattr.c:972 reiserfs_fill_super+0x2b51/0x3240 fs/reiserfs/super.c:2176 mount_bdev+0x24f/0x360 fs/super.c:1417 Fix the problem by bailing from reiserfs_xattr_get() when xattrs are not yet initialized. CC: stable@vger.kernel.org Reported-by: syzbot+9b33c9b118d77ff59b6f@syzkaller.appspotmail.com Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit d3bb68fa8d43bcd889ce86249f73a70e3ba221aa Author: Jan Kara Date: Mon Sep 21 15:08:50 2020 +0200 reiserfs: Initialize inode keys properly commit 4443390e08d34d5771ab444f601cf71b3c9634a4 upstream. reiserfs_read_locked_inode() didn't initialize key length properly. Use _make_cpu_key() macro for key initialization so that all key member are properly initialized. CC: stable@vger.kernel.org Reported-by: syzbot+d94d02749498bb7bab4b@syzkaller.appspotmail.com Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman commit 6d389a66ccfc743699aa0274801654b6c7f9753b Author: Tetsuo Handa Date: Sun Sep 27 20:46:30 2020 +0900 vt_ioctl: make VT_RESIZEX behave like VT_RESIZE commit 988d0763361bb65690d60e2bc53a6b72777040c3 upstream. syzbot is reporting UAF/OOB read at bit_putcs()/soft_cursor() [1][2], for vt_resizex() from ioctl(VT_RESIZEX) allows setting font height larger than actual font height calculated by con_font_set() from ioctl(PIO_FONT). Since fbcon_set_font() from con_font_set() allocates minimal amount of memory based on actual font height calculated by con_font_set(), use of vt_resizex() can cause UAF/OOB read for font data. VT_RESIZEX was introduced in Linux 1.3.3, but it is unclear that what comes to the "+ more" part, and I couldn't find a user of VT_RESIZEX. #define VT_RESIZE 0x5609 /* set kernel's idea of screensize */ #define VT_RESIZEX 0x560A /* set kernel's idea of screensize + more */ So far we are not aware of syzbot reports caused by setting non-zero value to v_vlin parameter. But given that it is possible that nobody is using VT_RESIZEX, we can try removing support for v_clin and v_vlin parameters. Therefore, this patch effectively makes VT_RESIZEX behave like VT_RESIZE, with emitting a message if somebody is still using v_clin and/or v_vlin parameters. [1] https://syzkaller.appspot.com/bug?id=32577e96d88447ded2d3b76d71254fb855245837 [2] https://syzkaller.appspot.com/bug?id=6b8355d27b2b94fb5cedf4655e3a59162d9e48e3 Reported-by: syzbot Reported-by: syzbot Signed-off-by: Tetsuo Handa Cc: stable Link: https://lore.kernel.org/r/4933b81b-9b1a-355b-df0e-9b31e8280ab9@i-love.sakura.ne.jp Signed-off-by: Greg Kroah-Hartman commit a71ec88ae6a61ac69854b4ef60c0c7920b225e31 Author: Mychaela N. Falconia Date: Wed Sep 16 01:56:29 2020 +0000 USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters commit 6cf87e5edd9944e1d3b6efd966ea401effc304ee upstream. There exist many FT2232-based JTAG+UART adapter designs in which FT2232 Channel A is used for JTAG and Channel B is used for UART. The best way to handle them in Linux is to have the ftdi_sio driver create a ttyUSB device only for Channel B and not for Channel A: a ttyUSB device for Channel A would be bogus and will disappear as soon as the user runs OpenOCD or other applications that access Channel A for JTAG from userspace, causing undesirable noise for users. The ftdi_sio driver already has a dedicated quirk for such JTAG+UART FT2232 adapters, and it requires assigning custom USB IDs to such adapters and adding these IDs to the driver with the ftdi_jtag_quirk applied. Boutique hardware manufacturer Falconia Partners LLC has created a couple of JTAG+UART adapter designs (one buffered, one unbuffered) as part of FreeCalypso project, and this hardware is specifically made to be used with Linux hosts, with the intent that Channel A will be accessed only from userspace via appropriate applications, and that Channel B will be supported by the ftdi_sio kernel driver, presenting a standard ttyUSB device to userspace. Toward this end the hardware manufacturer will be programming FT2232 EEPROMs with custom USB IDs, specifically with the intent that these IDs will be recognized by the ftdi_sio driver with the ftdi_jtag_quirk applied. Signed-off-by: Mychaela N. Falconia [johan: insert in PID order and drop unused define] Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit 9f1e27c040b3956a975f993d4b74006b5a04e969 Author: Scott Chen Date: Thu Sep 24 14:27:45 2020 +0800 USB: serial: pl2303: add device-id for HP GC device commit 031f9664f8f9356cee662335bc56c93d16e75665 upstream. This is adds a device id for HP LD381 which is a pl2303GC-base device. Signed-off-by: Scott Chen Cc: stable@vger.kernel.org Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit 38df15cb4ce149ce3648d2a9ccc0140afa71fc02 Author: Anant Thazhemadam Date: Sat Oct 10 13:59:32 2020 +0530 staging: comedi: check validity of wMaxPacketSize of usb endpoints found commit e1f13c879a7c21bd207dc6242455e8e3a1e88b40 upstream. While finding usb endpoints in vmk80xx_find_usb_endpoints(), check if wMaxPacketSize = 0 for the endpoints found. Some devices have isochronous endpoints that have wMaxPacketSize = 0 (as required by the USB-2 spec). However, since this doesn't apply here, wMaxPacketSize = 0 can be considered to be invalid. Reported-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com Tested-by: syzbot+009f546aa1370056b1c2@syzkaller.appspotmail.com Signed-off-by: Anant Thazhemadam Cc: stable Link: https://lore.kernel.org/r/20201010082933.5417-1-anant.thazhemadam@gmail.com Signed-off-by: Greg Kroah-Hartman Signed-off-by: Greg Kroah-Hartman commit da6f40842515774026d5bfad297491eb513c40cc Author: Leonid Bloch Date: Sun Oct 4 18:58:13 2020 +0300 USB: serial: option: Add Telit FT980-KS composition commit 924a9213358fb92fa3c3225d6d042aa058167405 upstream. This commit adds the following Telit FT980-KS composition: 0x1054: rndis, diag, adb, nmea, modem, modem, aux AT commands can be sent to /dev/ttyUSB2. Signed-off-by: Leonid Bloch Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/ce86bc05-f4e2-b199-0cdc-792715e3f275@asocscloud.com Link: https://lore.kernel.org/r/20201004155813.2342-1-lb.workbox@gmail.com Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit a016619f0587848b1bd7178e935956d95b41e07e Author: Wilken Gottwalt Date: Sat Oct 3 11:40:29 2020 +0200 USB: serial: option: add Cellient MPL200 card commit 3e765cab8abe7f84cb80d4a7a973fc97d5742647 upstream. Add usb ids of the Cellient MPL200 card. Signed-off-by: Wilken Gottwalt Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/3db5418fe9e516f4b290736c5a199c9796025e3c.1601715478.git.wilken.gottwalt@mailbox.org Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman commit 1eaed405fcd22e52a438b619e6ea85539f1c150a Author: Oliver Neukum Date: Thu Sep 24 11:14:10 2020 +0200 media: usbtv: Fix refcounting mixup commit bf65f8aabdb37bc1a785884374e919477fe13e10 upstream. The premature free in the error path is blocked by V4L refcounting, not USB refcounting. Thanks to Ben Hutchings for review. [v2] corrected attributions Signed-off-by: Oliver Neukum Fixes: 50e704453553 ("media: usbtv: prevent double free in error case") CC: stable@vger.kernel.org Reported-by: Ben Hutchings Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman commit a0a91211dd0ac6f24393a2917a258de5aeedb842 Author: Luiz Augusto von Dentz Date: Thu Aug 6 11:17:14 2020 -0700 Bluetooth: MGMT: Fix not checking if BT_HS is enabled commit b560a208cda0297fef6ff85bbfd58a8f0a52a543 upstream. This checks if BT_HS is enabled relecting it on MGMT_SETTING_HS instead of always reporting it as supported. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman commit 3dede8ebf46338473143a1e792cc2cacc244f1f2 Author: Luiz Augusto von Dentz Date: Thu Aug 6 11:17:12 2020 -0700 Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel commit f19425641cb2572a33cb074d5e30283720bd4d22 upstream. Only sockets will have the chan->data set to an actual sk, channels like A2MP would have its own data which would likely cause a crash when calling sk_filter, in order to fix this a new callback has been introduced so channels can implement their own filtering if necessary. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman commit 122414e2d2cba74dc154263cabca9560ff8011ac Author: Luiz Augusto von Dentz Date: Thu Aug 6 11:17:11 2020 -0700 Bluetooth: A2MP: Fix not initializing all members commit eddb7732119d53400f48a02536a84c509692faa8 upstream. This fixes various places where a stack variable is used uninitialized. Signed-off-by: Luiz Augusto von Dentz Signed-off-by: Marcel Holtmann Signed-off-by: Greg Kroah-Hartman