diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-01 11:09:33 +0100 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-01 16:39:17 +0100 |
| commit | 5d23c6e59642f9d9e64c74fb2fbdebb23b2e3751 (patch) | |
| tree | 39133325ab44c2758fba00f5ef646dc53acef6dc | |
| parent | 85060d2d1363f8a041ad3ea708cbe1ceb826d4b9 (diff) | |
| download | kernel_replicant_linux-5d23c6e59642f9d9e64c74fb2fbdebb23b2e3751.tar.gz kernel_replicant_linux-5d23c6e59642f9d9e64c74fb2fbdebb23b2e3751.tar.bz2 kernel_replicant_linux-5d23c6e59642f9d9e64c74fb2fbdebb23b2e3751.zip | |
Update to 5.4.7
Add CVE id reference for CVE-2019-18786
Add CVE id reference for CVE-2019-19063
Add CVE id reference for CVE-2019-19057
Add CVE id reference for CVE-2019-19947
Add CVE id reference for CVE-2019-19037
[rt] Refresh lib-ubsan-Don-t-seralize-UBSAN-report.patch for context changes in 5.4.7
[rt] Drop x86-ioapic-Prevent-inconsistent-state-when-moving-an.patch
Cleanup debian/changelog file
| -rw-r--r-- | debian/changelog | 313 | ||||
| -rw-r--r-- | debian/patches-rt/lib-ubsan-Don-t-seralize-UBSAN-report.patch | 12 | ||||
| -rw-r--r-- | debian/patches-rt/series | 2 | ||||
| -rw-r--r-- | debian/patches-rt/x86-ioapic-Prevent-inconsistent-state-when-moving-an.patch | 73 |
4 files changed, 319 insertions, 81 deletions
diff --git a/debian/changelog b/debian/changelog index c6a507567de2..b790770e032a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,320 @@ -linux (5.4.6-2) UNRELEASED; urgency=medium +linux (5.4.7-1) UNRELEASED; urgency=medium + + * New upstream stable update: + https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.7 + - af_packet: set defaule value for tmo + - [amd64] fjes: fix missed check in fjes_acpi_add + - mod_devicetable: fix PHY module format + - net: dst: Force 4-byte alignment of dst_metrics + - [arm64] net: hisilicon: Fix a BUG trigered by wrong bytes_compl + - net: phy: ensure that phy IDs are correctly typed + - net: qlogic: Fix error paths in ql_alloc_large_buffers() + - net-sysfs: Call dev_hold always in rx_queue_add_kobject + - net: usb: lan78xx: Fix suspend/resume PHY register access error + - [arm64,armhf] nfp: flower: fix stats id allocation + - qede: Disable hardware gro when xdp prog is installed + - qede: Fix multicast mac configuration + - sctp: fix memleak on err handling of stream initialization + - sctp: fully initialize v4 addr in some functions + - neighbour: remove neigh_cleanup() method + - bonding: fix bond_neigh_init() + - net: ena: fix default tx interrupt moderation interval + - net: ena: fix issues in setting interrupt moderation params in ethtool + - [armhf] net: ethernet: ti: davinci_cpdma: fix warning "device driver + frees DMA memory with different size" + - [arm64,armhf] net: stmmac: platform: Fix MDIO init for platforms without + PHY + - [armhf] net: dsa: b53: Fix egress flooding settings + - btrfs: don't double lock the subvol_sem for rename exchange + - btrfs: do not call synchronize_srcu() in inode_tree_del + - Btrfs: make tree checker detect checksum items with overlapping ranges + - btrfs: return error pointer from alloc_test_extent_buffer + - Btrfs: fix missing data checksums after replaying a log tree + - btrfs: send: remove WARN_ON for readonly mount + - btrfs: abort transaction after failed inode updates in create_subvol + - btrfs: skip log replay on orphaned roots + - btrfs: do not leak reloc root if we fail to read the fs root + - btrfs: handle ENOENT in btrfs_uuid_tree_iterate + - Btrfs: fix removal logic of the tree mod log that leads to + use-after-free issues + - ALSA: pcm: Avoid possible info leaks from PCM stream buffers + - ALSA: hda/ca0132 - Keep power on during processing DSP response + - ALSA: hda/ca0132 - Avoid endless loop + - ALSA: hda/ca0132 - Fix work handling in delayed HP detection + - [arm*] drm/vc4/vc4_hdmi: fill in connector info + - drm/virtio: switch virtio_gpu_wait_ioctl() to gem helper. + - drm: mst: Fix query_payload ack reply struct + - [arm64,armhf] drm/panel: Add missing drm_panel_init() in panel drivers + - [armhf] drm: exynos: exynos_hdmi: use cec_notifier_conn_(un)register + - drm: Use EOPNOTSUPP, not ENOTSUPP + - drm/amdgpu/sriov: add ring_stop before ring_create in psp v11 code + - drm/amdgpu: grab the id mgr lock while accessing passid_mapping + - drm/ttm: return -EBUSY on pipelining with no_gpu_wait (v2) + - ath10k: add cleanup in ath10k_sta_state() + - ath10k: Check if station exists before forwarding tx airtime report + - spi: Add call to spi_slave_abort() function when spidev driver is + released + - [arm64] drm/meson: vclk: use the correct G12A frac max value + - [x86] staging: rtl8192u: fix multiple memory leaks on error path + - staging: rtl8188eu: fix possible null dereference + - rtlwifi: prevent memory leak in rtl_usb_probe (CVE-2019-19063) + - libertas: fix a potential NULL pointer dereference + - ath10k: fix backtrace on coredump + - IB/iser: bound protection_sg size by data_sg size + - [armhf] spi: gpio: prevent memory leak in spi_gpio_probe + - media: max2175: Fix build error without CONFIG_REGMAP_I2C + - [arm64] media: venus: core: Fix msm8996 frequency table + - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq + - pinctrl: devicetree: Avoid taking direct reference to device name string + - [armhf] drm/sun4i: dsi: Fix TCON DRQ set bits + - [arm64] media: venus: Fix occasionally failures to suspend + - rtw88: fix NSS of hw_cap + - [armhf] hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if + not idled + - media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() + - [arm64,armhf] drm/bridge: dw-hdmi: Refuse DDC/CI transfers on the + internal I2C controller + - mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring + (CVE-2019-19057) + - drm/drm_vblank: Change EINVAL by the correct errno + - libbpf: Fix struct end padding in btf_dump + - libbpf: Fix passing uninitialized bytes to setsockopt + - net/smc: increase device refcount for added link group + - team: call RCU read lock when walking the port_list + - media: cx88: Fix some error handling path in 'cx8800_initdev()' + - [arm64] crypto: inside-secure - Fix a maybe-uninitialized warning + - [arm64] crypto: aegis128/simd - build 32-bit ARM for v8 architecture + explicitly + - [x86] ASoC: SOF: enable sync_write in hdac_bus + - [armhf] media: ti-vpe: vpe: Fix Motion Vector vpdma stride + - [armhf] media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid + pixel format + - [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure about frame + sequence number + - [armhf] media: ti-vpe: vpe: Make sure YUYV is set as default format + - [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure causing a + kernel panic + - [armhf] media: ti-vpe: vpe: ensure buffers are cleaned up properly in + abort cases + - [armhf] media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid + sizeimage + - [x86] syscalls/x86: Use the correct function type in SYSCALL_DEFINE0 + - [x86] mm: Use the correct function type for native_set_fixmap() + - ath10k: Correct error handling of dma_map_single() + - rtw88: coex: Set 4 slot mode for A2DP + - [arm64,armhf] drm/bridge: dw-hdmi: Restore audio when setting a mode + - perf vendor events arm64: Fix Hisi hip08 DDRC PMU eventname + - usb: usbfs: Suppress problematic bind and unbind uevents. + - Bluetooth: btusb: avoid unused function warning + - Bluetooth: missed cpu_to_le16 conversion in hci_init4_req + - Bluetooth: Workaround directed advertising bug in Broadcom controllers + - Bluetooth: hci_core: fix init for HCI_USER_CHANNEL + - bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() + - [x86] mce: Lower throttling MCE messages' priority to warning + - [arm64] net: hns3: log and clear hardware error after reset complete + - [arm64] RDMA/hns: Fix wrong parameters when initial mtt of srq->idx_que + - [x86] drm/gma500: fix memory disclosures due to uninitialized bytes + - ASoC: soc-pcm: fixup dpcm_prune_paths() loop continue + - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot + - ipmi: Don't allow device module unload when in use + - [x86] ioapic: Prevent inconsistent state when moving an interrupt + - media: cedrus: Fix undefined shift with a SHIFT_AND_MASK_BITS macro + - drm/nouveau: Don't grab runtime PM refs for HPD IRQs + - md: no longer compare spare disk superblock events in super_load + - md/bitmap: avoid race window between md_bitmap_resize and + bitmap_file_clear_bit + - drm: Don't free jobs in wait_event_interruptible() + - EDAC/amd64: Set grain per DIMM + - [arm64] psci: Reduce the waiting time for cpu_psci_cpu_kill() + - i40e: initialize ITRN registers with correct values + - i40e: Wrong 'Advertised FEC modes' after set FEC to AUTO + - net: phy: dp83867: enable robust auto-mdix + - [arm64,armhf] drm/tegra: sor: Use correct SOR index on Tegra210 + - regulator: core: Release coupled_rdevs on regulator_init_coupling() + error + - ubsan, x86: Annotate and allow __ubsan_handle_shift_out_of_bounds() in + uaccess regions + - ACPI: button: Add DMI quirk for Medion Akoya E2215T + - RDMA/qedr: Fix memory leak in user qp and mr + - [arm64] RDMA/hns: Fix memory leak on 'context' on error return path + - RDMA/qedr: Fix srqs xarray initialization + - RDMA/core: Set DMA parameters correctly + - [arm64,armhf] gpu: host1x: Allocate gather copy for host1x + - [arm64,armhf] net: dsa: LAN9303: select REGMAP when LAN9303 enable + - [arm64] phy: qcom-usb-hs: Fix extcon double register after power cycle + - [s390x] time: ensure get_clock_monotonic() returns monotonic values + - [s390x] add error handling to perf_callchain_kernel + - [s390x] mm: add mm_pxd_folded() checks to pxd_free() + - [arm64] net: hns3: add struct netdev_queue debug info for TX timeout + - libata: Ensure ata_port probe has completed before detach + - loop: fix no-unmap write-zeroes request behavior + - [arm64,armhf] net/mlx5e: Verify that rule has at least one fwd/drop + action + - ALSA: bebob: expand sleep just after breaking connections for protocol + version 1 + - libbpf: Fix error handling in bpf_map__reuse_fd() + - Bluetooth: Fix advertising duplicated flags + - ALSA: pcm: Fix missing check of the new non-cached buffer type + - [riscv64] spi: sifive: disable clk when probe fails and remove + - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() + - ixgbe: protect TX timestamping from API misuse + - media: rcar_drif: fix a memory disclosure (CVE-2019-18786) + - media: v4l2-core: fix touch support in v4l_g_fmt + - nvme: introduce "Command Aborted By host" status code + - nvmem: core: fix nvmem_cell_write inline function + - ASoC: SOF: topology: set trigger order for FE DAI link + - media: vivid: media_device_cleanup was called too early + - bnx2x: Fix PF-VF communication over multi-cos queues. + - ALSA: timer: Limit max amount of slave instances + - RDMA/core: Fix return code when modify_port isn't supported + - [arm64] drm: msm: a6xx: fix debug bus register configuration + - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() + - perf probe: Fix to find range-only function instance + - perf cs-etm: Fix definition of macro TO_CS_QUEUE_NR + - perf probe: Fix to list probe event with correct line number + - perf jevents: Fix resource leak in process_mapfile() and main() + - perf probe: Walk function lines in lexical blocks + - perf probe: Fix to probe an inline function which has no entry pc + - perf probe: Fix to show ranges of variables in functions without + entry_pc + - perf probe: Fix to show inlined function callsite without entry_pc + - perf probe: Fix to probe a function which has no entry pc + - perf tools: Fix cross compile for ARM64 + - perf tools: Splice events onto evlist even on error + - ice: Check for null pointer dereference when setting rings + - perf parse: If pmu configuration fails free terms + - perf probe: Skip overlapped location on searching variables + - net: avoid potential false sharing in neighbor related code + - perf probe: Return a better scope DIE if there is no best scope + - perf probe: Fix to show calling lines of inlined functions + - perf probe: Skip end-of-sequence and non statement lines + - perf probe: Filter out instances except for inlined subroutine and + subprogram + - libbpf: Fix negative FD close() in xsk_setup_xdp_prog() + - [s390x] bpf: Use kvcalloc for addrs array + - cgroup: freezer: don't change task and cgroups status unnecessarily + - ath10k: fix get invalid tx rate for Mesh metric + - media: pvrusb2: Fix oops on tear-down when radio support is not present + - ice: delay less + - media: cedrus: Use helpers to access capture queue + - [arm64,armhf] spi: pxa2xx: Add missed security checks + - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile + - iio: dac: ad5446: Add support for new AD5600 DAC + - [x86] ASoC: Intel: kbl_rt5663_rt5514_max98927: Add dmic format + constraint + - r8169: respect EEE user setting when restarting network + - [s390x] disassembler: don't hide instruction addresses + - [armhf] net: ethernet: ti: Add dependency for TI_DAVINCI_EMAC + - nvme: Discard workaround for non-conformant devices + - parport: load lowlevel driver if ports not found + - bcache: fix static checker warning in bcache_device_free() + - cpufreq: Register drivers only after CPU devices have been registered + - [x86] crash: Add a forward declaration of struct kimage + - tracing: use kvcalloc for tgid_map array allocation + - tracing/kprobe: Check whether the non-suffixed symbol is notrace + - bcache: fix deadlock in bcache_allocator + - iwlwifi: mvm: fix unaligned read of rx_pkt_status + - regulator: core: Let boot-on regulators be powered off + - [arm64] spi: tegra20-slink: add missed clk_unprepare + - tun: fix data-race in gro_normal_list() + - xhci-pci: Allow host runtime PM as default also for Intel Ice Lake xHCI + - crypto: virtio - deal with unsupported input sizes + - btrfs: don't prematurely free work in end_workqueue_fn() + - btrfs: don't prematurely free work in run_ordered_work() + - sched/uclamp: Fix overzealous type replacement + - perf/core: Fix the mlock accounting, again + - bnxt_en: Return proper error code for non-existent NVM variable + - net: phy: avoid matching all-ones clause 45 PHY IDs + - [x86] ASoC: Intel: bytcr_rt5640: Update quirk for Acer Switch 10 SW5-012 + 2-in-1 + - [x86] insn: Add some Intel instructions to the opcode map + - brcmfmac: remove monitor interface when detaching + - perf session: Fix decompression of PERF_RECORD_COMPRESSED records + - perf probe: Fix to show function entry line as probe-able + - [s390x] crypto: Fix unsigned variable compared with zero + - [s390x] kasan: support memcpy_real with TRACE_IRQFLAGS + - bnxt_en: Improve RX buffer error handling. + - iwlwifi: check kasprintf() return value + - ASoC: soc-pcm: check symmetry before hw_params + - [armhf] net: ethernet: ti: ale: clean ale tbl on init and intf restart + - [s390x] cpumf: Adjust registration of s390 PMU device drivers + - [armhf] crypto: sun4i-ss - Fix 64-bit size_t warnings + - [armhf] crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c + - mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED + - libtraceevent: Fix memory leakage in copy_filter_type + - ice: Only disable VF state when freeing each VF resources + - ice: Fix setting coalesce to handle DCB configuration + - net: phy: initialise phydev speed and duplex sanely + - tools, bpf: Fix build for 'make -s tools/bpf O=<dir>' + - bpf: Provide better register bounds after jmp32 instructions + - net: wireless: intel: iwlwifi: fix GRO_NORMAL packet stalling + - btrfs: don't prematurely free work in reada_start_machine_worker() + - btrfs: don't prematurely free work in scrub_missing_raid56_worker() + - Revert "mmc: sdhci: Fix incorrect switch to HS mode" + - tpm_tis: reserve chip for duration of tpm_tis_core_init + - tpm: fix invalid locking in NONBLOCKING mode + - iommu: fix KASAN use-after-free in iommu_insert_resv_region + - iommu: set group default domain before creating direct mappings + - iommu/vt-d: Fix dmar pte read access not set error + - iommu/vt-d: Set ISA bridge reserved region as relaxable + - iommu/vt-d: Allocate reserved region for ISA with correct permission + - [armhf] can: flexcan: fix possible deadlock and out-of-order reception + after wakeup + - [armhf] can: flexcan: poll MCR_LPM_ACK instead of GPR ACK for stop mode + acknowledgment + - can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices + (CVE-2019-19947) + - usb: xhci: Fix build warning seen with CONFIG_PM=n + - ath10k: Revert "ath10k: add cleanup in ath10k_sta_state()" + - md: avoid invalid memory access for array sb->dev_roles + - [s390x] ftrace: fix endless recursion in function_graph tracer + - [armhf] can: flexcan: add low power enter/exit acknowledgment helper + - usbip: Fix receive error in vhci-hcd when using scatter-gather + - usbip: Fix error path of vhci_recv_ret_submit() + - cpufreq: Avoid leaving stale IRQ work items during CPU offline + - mm: vmscan: protect shrinker idr replace with CONFIG_MEMCG + - [x86] intel_th: pci: Add Comet Lake PCH-V support + - [x86] intel_th: pci: Add Elkhart Lake SOC support + - [x86] intel_th: Fix freeing IRQs + - [x86] intel_th: msu: Fix window switching without windows + - [x86] platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 + bytes + - [x86] staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value + - [x86] pinctrl: baytrail: Really serialize all register accesses + - ext4: fix ext4_empty_dir() for directories with holes (CVE-2019-19037) + - ext4: check for directory entries too close to block end + - ext4: unlock on error in ext4_expand_extra_isize() + - ext4: validate the debug_want_extra_isize mount option at parse time + - [powerpc*] KVM: PPC: Book3S HV: Fix regression on big endian hosts + - [x86] kvm: x86: Host feature SSBD doesn't imply guest feature + SPEC_CTRL_SSBD + - [x86] kvm: x86: Host feature SSBD doesn't imply guest feature AMD_SSBD + - [arm64,armhf] KVM: arm/arm64: Properly handle faulting of device + mappings + - [arm64] KVM: arm64: Ensure 'params' is initialised when looking up sys + register + - [x86] intel: Disable HPET on Intel Coffee Lake H platforms + - [x86] MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() + - [x86] MCE/AMD: Allow Reserved types to be overwritten in smca_banks[] + - [x86] mce: Fix possibly incorrect severity calculation on AMD + - [powerpc*] vcpu: Assume dedicated processors as non-preempt + - [powerpc*] irq: fix stack overflow verification + - [powerpc*] ocxl: Fix concurrent AFU open and device removal + - [arm64] mmc: sdhci-msm: Correct the offset and value for DDR_CONFIG + register + - mmc: sdhci: Update the tuning failed messages to pr_debug level + - mmc: sdhci: Workaround broken command queuing on Intel GLK + - mmc: sdhci: Add a quirk for broken command queuing + - nbd: fix shutdown and recv work deadlock v2 + - iwlwifi: pcie: move power gating workaround earlier in the flow [ Salvatore Bonaccorso ] * debian/lib/python/debian_linux/abi.py: Add one missing string replacement. * debian/lib/python/debian_linux/abi.py: strip whitespace characters in line. + * [rt] Refresh lib-ubsan-Don-t-seralize-UBSAN-report.patch for context + changes in 5.4.7 + * [rt] Drop x86-ioapic-Prevent-inconsistent-state-when-moving-an.patch [ YunQiang Su ] * [mips*/octeon] Fix ftbfs on mips* due to octeon image-file: diff --git a/debian/patches-rt/lib-ubsan-Don-t-seralize-UBSAN-report.patch b/debian/patches-rt/lib-ubsan-Don-t-seralize-UBSAN-report.patch index 78a5c9edb4c4..363305177f48 100644 --- a/debian/patches-rt/lib-ubsan-Don-t-seralize-UBSAN-report.patch +++ b/debian/patches-rt/lib-ubsan-Don-t-seralize-UBSAN-report.patch @@ -52,6 +52,7 @@ Reported-by: Andre Przywara <andre.przywara@arm.com> Signed-off-by: Julien Grall <julien.grall@arm.com> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> +[Salvatore Bonaccorso: Backport to 5.4.7 for context changes] --- lib/ubsan.c | 64 +++++++++++++++++++++--------------------------------------- 1 file changed, 23 insertions(+), 41 deletions(-) @@ -244,24 +245,25 @@ Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> struct type_descriptor *rhs_type = data->rhs_type; struct type_descriptor *lhs_type = data->lhs_type; char rhs_str[VALUE_LENGTH]; -@@ -378,7 +363,7 @@ void __ubsan_handle_shift_out_of_bounds( +@@ -379,7 +364,7 @@ if (suppress_report(&data->location)) - return; + goto out; - ubsan_prologue(&data->location, &flags); + ubsan_prologue(&data->location); val_to_string(rhs_str, sizeof(rhs_str), rhs_type, rhs); val_to_string(lhs_str, sizeof(lhs_str), lhs_type, lhs); -@@ -401,18 +386,16 @@ void __ubsan_handle_shift_out_of_bounds( +@@ -402,7 +387,7 @@ lhs_str, rhs_str, lhs_type->type_name); - ubsan_epilogue(&flags); + ubsan_epilogue(); + out: + user_access_restore(ua_flags); } - EXPORT_SYMBOL(__ubsan_handle_shift_out_of_bounds); - +@@ -411,11 +396,9 @@ void __ubsan_handle_builtin_unreachable(struct unreachable_data *data) { diff --git a/debian/patches-rt/series b/debian/patches-rt/series index 9c7f6ac9c180..0966dd9b4ec9 100644 --- a/debian/patches-rt/series +++ b/debian/patches-rt/series @@ -23,8 +23,6 @@ lib-ubsan-Don-t-seralize-UBSAN-report.patch # 5a6446626d7e062b47a5cc1cf27d5060e60bb0d9 workqueue-Convert-for_each_wq-to-use-built-in-list-c.patch -# df4393424af3fbdcd5c404077176082a8ce459c4 -x86-ioapic-Prevent-inconsistent-state-when-moving-an.patch # 2579a4eefc04d1c23eef8f3f0db3309f955e5792 x86-ioapic-Rename-misnamed-functions.patch # 9e8d42a0f7eb9056f8bdb241b91738b5a2923f4c diff --git a/debian/patches-rt/x86-ioapic-Prevent-inconsistent-state-when-moving-an.patch b/debian/patches-rt/x86-ioapic-Prevent-inconsistent-state-when-moving-an.patch deleted file mode 100644 index 85bfc31bf53a..000000000000 --- a/debian/patches-rt/x86-ioapic-Prevent-inconsistent-state-when-moving-an.patch +++ /dev/null @@ -1,73 +0,0 @@ -From: Thomas Gleixner <tglx@linutronix.de> -Date: Thu, 17 Oct 2019 12:19:01 +0200 -Subject: [PATCH] x86/ioapic: Prevent inconsistent state when moving an - interrupt -Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/5.4/older/patches-5.4.5-rt3.tar.xz - -There is an issue with threaded interrupts which are marked ONESHOT -and using the fasteoi handler: - - if (IS_ONESHOT()) - mask_irq(); - .... - cond_unmask_eoi_irq() - chip->irq_eoi(); - if (setaffinity_pending) { - mask_ioapic(); - ... - move_affinity(); - unmask_ioapic(); - } - -So if setaffinity is pending the interrupt will be moved and then -unconditionally unmasked at the ioapic level, which is wrong in two -aspects: - - 1) It should be kept masked up to the point where the threaded handler - finished. - - 2) The physical chip state and the software masked state are inconsistent - -Guard both the mask and the unmask with a check for the software masked -state. If the line is marked masked then the ioapic line is also masked, so -both mask_ioapic() and unmask_ioapic() can be skipped safely. - -Signed-off-by: Thomas Gleixner <tglx@linutronix.de> -Cc: Andy Shevchenko <andy.shevchenko@gmail.com> -Cc: Linus Torvalds <torvalds@linux-foundation.org> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Sebastian Siewior <bigeasy@linutronix.de> -Fixes: 3aa551c9b4c4 ("genirq: add threaded interrupt handler support") -Link: https://lkml.kernel.org/r/20191017101938.321393687@linutronix.de -Signed-off-by: Ingo Molnar <mingo@kernel.org> -Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> ---- - arch/x86/kernel/apic/io_apic.c | 9 ++++++--- - 1 file changed, 6 insertions(+), 3 deletions(-) - ---- a/arch/x86/kernel/apic/io_apic.c -+++ b/arch/x86/kernel/apic/io_apic.c -@@ -1727,9 +1727,10 @@ static bool io_apic_level_ack_pending(st - - static inline bool ioapic_irqd_mask(struct irq_data *data) - { -- /* If we are moving the irq we need to mask it */ -+ /* If we are moving the IRQ we need to mask it */ - if (unlikely(irqd_is_setaffinity_pending(data))) { -- mask_ioapic_irq(data); -+ if (!irqd_irq_masked(data)) -+ mask_ioapic_irq(data); - return true; - } - return false; -@@ -1766,7 +1767,9 @@ static inline void ioapic_irqd_unmask(st - */ - if (!io_apic_level_ack_pending(data->chip_data)) - irq_move_masked_irq(data); -- unmask_ioapic_irq(data); -+ /* If the IRQ is masked in the core, leave it: */ -+ if (!irqd_irq_masked(data)) -+ unmask_ioapic_irq(data); - } - } - #else |