1. 09 Feb, 2017 6 commits
    • Johan Hovold's avatar
      HID: cp2112: fix sleep-while-atomic · a18c4584
      Johan Hovold authored
      commit 7a7b5df8 upstream.
      
      A recent commit fixing DMA-buffers on stack added a shared transfer
      buffer protected by a spinlock. This is broken as the USB HID request
      callbacks can sleep. Fix this up by replacing the spinlock with a mutex.
      
      Fixes: 1ffb3c40 ("HID: cp2112: make transfer buffers DMA capable")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Reviewed-by: default avatarBenjamin Tissoires <benjamin.tissoires@redhat.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a18c4584
    • Max Filippov's avatar
      xtensa: fix noMMU build on cores with MMU · dfd71330
      Max Filippov authored
      commit 4b3e6f2e upstream.
      
      Commit bf15f86b ("xtensa: initialize MMU before jumping to reset
      vector") calls MMU management functions even when CONFIG_MMU is not
      selected. That breaks noMMU build on cores with MMU.
      
      Don't manage MMU when CONFIG_MMU is not selected.
      Signed-off-by: default avatarMax Filippov <jcmvbkbc@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dfd71330
    • Ard Biesheuvel's avatar
      efi/fdt: Avoid FDT manipulation after ExitBootServices() · f2e24dd9
      Ard Biesheuvel authored
      commit c8f325a5 upstream.
      
      Some AArch64 UEFI implementations disable the MMU in ExitBootServices(),
      after which unaligned accesses to RAM are no longer supported.
      
      Commit:
      
        abfb7b68 ("efi/libstub/arm*: Pass latest memory map to the kernel")
      
      fixed an issue in the memory map handling of the stub FDT code, but
      inadvertently created an issue with such firmware, by moving some
      of the FDT manipulation to after the invocation of ExitBootServices().
      
      Given that the stub's libfdt implementation uses the ordinary, accelerated
      string functions, which rely on hardware handling of unaligned accesses,
      manipulating the FDT with the MMU off may result in alignment faults.
      
      So fix the situation by moving the update_fdt_memmap() call into the
      callback function invoked by efi_exit_boot_services() right before it
      calls the ExitBootServices() UEFI service (which is arguably a better
      place for it anyway)
      
      Note that disabling the MMU in ExitBootServices() is not compliant with
      the UEFI spec, and carries great risk due to the fact that switching from
      cached to uncached memory accesses halfway through compiler generated code
      (i.e., involving a stack) can never be done in a way that is architecturally
      safe.
      
      Fixes: abfb7b68 ("efi/libstub/arm*: Pass latest memory map to the kernel")
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Tested-by: default avatarRiku Voipio <riku.voipio@linaro.org>
      Cc: mark.rutland@arm.com
      Cc: linux-efi@vger.kernel.org
      Cc: matt@codeblueprint.co.uk
      Cc: leif.lindholm@linaro.org
      Cc: linux-arm-kernel@lists.infradead.org
      Link: http://lkml.kernel.org/r/1485971102-23330-2-git-send-email-ard.biesheuvel@linaro.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f2e24dd9
    • Jiri Kosina's avatar
      x86/efi: Always map the first physical page into the EFI pagetables · f0c7412e
      Jiri Kosina authored
      commit bf29bddf upstream.
      
      Commit:
      
        12976670 ("x86/efi: Only map RAM into EFI page tables if in mixed-mode")
      
      stopped creating 1:1 mappings for all RAM, when running in native 64-bit mode.
      
      It turns out though that there are 64-bit EFI implementations in the wild
      (this particular problem has been reported on a Lenovo Yoga 710-11IKB),
      which still make use of the first physical page for their own private use,
      even though they explicitly mark it EFI_CONVENTIONAL_MEMORY in the memory
      map.
      
      In case there is no mapping for this particular frame in the EFI pagetables,
      as soon as firmware tries to make use of it, a triple fault occurs and the
      system reboots (in case of the Yoga 710-11IKB this is very early during bootup).
      
      Fix that by always mapping the first page of physical memory into the EFI
      pagetables. We're free to hand this page to the BIOS, as trim_bios_range()
      will reserve the first page and isolate it away from memory allocators anyway.
      
      Note that just reverting 12976670 alone is not enough on v4.9-rc1+ to fix the
      regression on affected hardware, as this commit:
      
         ab72a27d ("x86/efi: Consolidate region mapping logic")
      
      later made the first physical frame not to be mapped anyway.
      Reported-by: default avatarHanka Pavlikova <hanka@ucw.cz>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      Signed-off-by: default avatarMatt Fleming <matt@codeblueprint.co.uk>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Laura Abbott <labbott@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vojtech Pavlik <vojtech@ucw.cz>
      Cc: Waiman Long <waiman.long@hpe.com>
      Cc: linux-efi@vger.kernel.org
      Fixes: 12976670 ("x86/efi: Only map RAM into EFI page tables if in mixed-mode")
      Link: http://lkml.kernel.org/r/20170127222552.22336-1-matt@codeblueprint.co.uk
      [ Tidied up the changelog and the comment. ]
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f0c7412e
    • Eryu Guan's avatar
      ext4: validate s_first_meta_bg at mount time · 13e6ef99
      Eryu Guan authored
      commit 3a4b77cd upstream.
      
      Ralf Spenneberg reported that he hit a kernel crash when mounting a
      modified ext4 image. And it turns out that kernel crashed when
      calculating fs overhead (ext4_calculate_overhead()), this is because
      the image has very large s_first_meta_bg (debug code shows it's
      842150400), and ext4 overruns the memory in count_overhead() when
      setting bitmap buffer, which is PAGE_SIZE.
      
      ext4_calculate_overhead():
        buf = get_zeroed_page(GFP_NOFS);  <=== PAGE_SIZE buffer
        blks = count_overhead(sb, i, buf);
      
      count_overhead():
        for (j = ext4_bg_num_gdb(sb, grp); j > 0; j--) { <=== j = 842150400
                ext4_set_bit(EXT4_B2C(sbi, s++), buf);   <=== buffer overrun
                count++;
        }
      
      This can be reproduced easily for me by this script:
      
        #!/bin/bash
        rm -f fs.img
        mkdir -p /mnt/ext4
        fallocate -l 16M fs.img
        mke2fs -t ext4 -O bigalloc,meta_bg,^resize_inode -F fs.img
        debugfs -w -R "ssv first_meta_bg 842150400" fs.img
        mount -o loop fs.img /mnt/ext4
      
      Fix it by validating s_first_meta_bg first at mount time, and
      refusing to mount if its value exceeds the largest possible meta_bg
      number.
      Reported-by: default avatarRalf Spenneberg <ralf@os-t.de>
      Signed-off-by: default avatarEryu Guan <guaneryu@gmail.com>
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarAndreas Dilger <adilger@dilger.ca>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      13e6ef99
    • Bjorn Helgaas's avatar
      PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies · 610c2b7f
      Bjorn Helgaas authored
      commit 030305d6 upstream.
      
      In a struct pcie_link_state, link->root points to the pcie_link_state of
      the root of the PCIe hierarchy.  For the topmost link, this points to
      itself (link->root = link).  For others, we copy the pointer from the
      parent (link->root = link->parent->root).
      
      Previously we recognized that Root Ports originated PCIe hierarchies, but
      we treated PCI/PCI-X to PCIe Bridges as being in the middle of the
      hierarchy, and when we tried to copy the pointer from link->parent->root,
      there was no parent, and we dereferenced a NULL pointer:
      
        BUG: unable to handle kernel NULL pointer dereference at 0000000000000090
        IP: [<ffffffff9e424350>] pcie_aspm_init_link_state+0x170/0x820
      
      Recognize that PCI/PCI-X to PCIe Bridges originate PCIe hierarchies just
      like Root Ports do, so link->root for these devices should also point to
      itself.
      
      Fixes: 51ebfc92 ("PCI: Enumerate switches below PCI-to-PCIe bridges")
      Link: https://bugzilla.kernel.org/show_bug.cgi?id=193411
      Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1022181
      Tested-by: lists@ssl-mail.com
      Tested-by: default avatarJayachandran C. <jnair@caviumnetworks.com>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      610c2b7f
  2. 04 Feb, 2017 34 commits