Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 874e208e authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman
Browse files

Merge branch 'android11-5.4' into android11-5.4-lts 



Sync up with android11-5.4 for the following commits:

f95ca5bb UPSTREAM: ipvlan:Fix out-of-bounds caused by unclear skb->cb
6e030b76 UPSTREAM: net/sched: cls_u32: Fix reference counter leak leading to overflow
9de197d0 UPSTREAM: memstick: r592: Fix UAF bug in r592_remove due to race condition
bf851123 BACKPORT: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
6165e57a ANDROID: HID: Only utilise UHID provided exports if UHID is enabled
60c1a0be UPSTREAM: bluetooth: Perform careful capability checks in hci_sock_ioctl()
e699d543 ANDROID: HID; Over-ride default maximum buffer size when using UHID
8047bf5f Revert "ANDROID: AVB error handler to invalidate vbmeta partition."
6841a56b UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
229c9edd UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
431c9e5d UPSTREAM: efi: rt-wrapper: Add missing include
0c867c15 BACKPORT: arm64: efi: Execute runtime services from a dedicated stack
bffea4e7 UPSTREAM: io_uring: have io_kill_timeout() honor the request references
87ed28db UPSTREAM: io_uring: don't drop completion lock before timer is fully initialized
ce6a504d UPSTREAM: io_uring: always grab lock in io_cancel_async_work()
d4fabc5c UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
a9515e06 UPSTREAM: cdc_ncm: Fix the build warning
e8448852 UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block
25dcbf92 Merge "Merge tag 'android11-5.4.242_r00' into android11-5.4" into android11-5.4

Change-Id: I7042914bcf95863ba444f5f395faac36dedd6af4
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@google.com>
parents c7f89f1b f95ca5bb

arch/arm64/configs/gki_defconfig

+0 −1
Original line number Diff line number Diff line
@@ -266,7 +266,6 @@ CONFIG_DM_DEFAULT_KEY=y 
CONFIG_DM_SNAPSHOT=y

CONFIG_DM_UEVENT=y

CONFIG_DM_VERITY=y

CONFIG_DM_VERITY_AVB=y

CONFIG_DM_VERITY_FEC=y

CONFIG_DM_BOW=y

CONFIG_NETDEVICES=y

arch/arm64/configs/rockpi4_defconfig

+0 −1
Original line number Diff line number Diff line
@@ -217,7 +217,6 @@ CONFIG_BLK_DEV_DM=y 
CONFIG_DM_CRYPT=y

CONFIG_DM_UEVENT=y

CONFIG_DM_VERITY=y

CONFIG_DM_VERITY_AVB=y

CONFIG_DM_VERITY_FEC=y

CONFIG_DM_BOW=y

CONFIG_NETDEVICES=y

arch/arm64/include/asm/efi.h

+3 −0
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); 
({									\

	efi_virtmap_load();						\

	__efi_fpsimd_begin();						\

	spin_lock(&efi_rt_lock);					\

})



#define arch_efi_call_virt(p, f, args...)				\
@@ -36,10 +37,12 @@ int efi_set_mapping_permissions(struct mm_struct *mm, efi_memory_desc_t *md); 


#define arch_efi_call_virt_teardown()					\

({									\

	spin_unlock(&efi_rt_lock);					\

	__efi_fpsimd_end();						\

	efi_virtmap_unload();						\

})



extern spinlock_t efi_rt_lock;

efi_status_t __efi_rt_asm_wrapper(void *, const char *, ...);



#define ARCH_EFI_IRQ_FLAGS_MASK (PSR_D_BIT | PSR_A_BIT | PSR_I_BIT | PSR_F_BIT)

arch/arm64/kernel/efi-rt-wrapper.S

+12 −2
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 
 */



#include <linux/linkage.h>

#include <asm/assembler.h>



ENTRY(__efi_rt_asm_wrapper)

	stp	x29, x30, [sp, #-32]!
@@ -16,6 +17,12 @@ ENTRY(__efi_rt_asm_wrapper) 
	 */

	stp	x1, x18, [sp, #16]



	ldr_l	x16, efi_rt_stack_top

	mov	sp, x16

#ifdef CONFIG_SHADOW_CALL_STACK

	str	x18, [sp, #-16]!

#endif



	/*

	 * We are lucky enough that no EFI runtime services take more than

	 * 5 arguments, so all are passed in registers rather than via the
@@ -29,19 +36,22 @@ ENTRY(__efi_rt_asm_wrapper) 
	mov	x4, x6

	blr	x8



	mov	sp, x29

	ldp	x1, x2, [sp, #16]

	cmp	x2, x18

	ldp	x29, x30, [sp], #32

	b.ne	0f

	ret

0:

#ifdef CONFIG_SHADOW_CALL_STACK

	/*

	 * Restore x18 before returning to instrumented code. This is

	 * safe because the wrapper is called with preemption disabled and

	 * a separate shadow stack is used for interrupts.

	 */

	mov	x18, x2

#ifdef CONFIG_SHADOW_CALL_STACK

	ldr_l	x18, efi_rt_stack_top

	ldr	x18, [x18, #-16]

#endif



	b	efi_handle_corrupted_x18	// tail call

ENDPROC(__efi_rt_asm_wrapper)

arch/arm64/kernel/efi.c

+28 −0
Original line number Diff line number Diff line
@@ -143,3 +143,31 @@ asmlinkage efi_status_t efi_handle_corrupted_x18(efi_status_t s, const char *f) 
	pr_err_ratelimited(FW_BUG "register x18 corrupted by EFI %s\n", f);

	return s;

}



DEFINE_SPINLOCK(efi_rt_lock);



asmlinkage u64 *efi_rt_stack_top __ro_after_init;



/* EFI requires 8 KiB of stack space for runtime services */

static_assert(THREAD_SIZE >= SZ_8K);



static int __init arm64_efi_rt_init(void)

{

	void *p;



	if (!efi_enabled(EFI_RUNTIME_SERVICES))

		return 0;



	p = __vmalloc_node_range(THREAD_SIZE, THREAD_ALIGN, VMALLOC_START,

				 VMALLOC_END, GFP_KERNEL, PAGE_KERNEL, 0,

				 NUMA_NO_NODE, &&l);

l:	if (!p) {

		pr_warn("Failed to allocate EFI runtime stack\n");

		clear_bit(EFI_RUNTIME_SERVICES, &efi.flags);

		return -ENOMEM;

	}



	efi_rt_stack_top = p + THREAD_SIZE;

	return 0;

}

core_initcall(arm64_efi_rt_init);