From 8476c193cb906c6bcb0c3a9456783c25b9847240 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Mon, 13 Jan 2020 06:10:36 +0000 Subject: Linux v5.4.11 --- ...not-create-directories-if-lockdown-is-in-.patch | 91 --------- kernel.spec | 31 ++- ...low-in-mmwifiex_process_tdls_action_frame.patch | 226 --------------------- sources | 2 +- 4 files changed, 15 insertions(+), 335 deletions(-) delete mode 100644 0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch delete mode 100644 mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch diff --git a/0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch b/0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch deleted file mode 100644 index 911ffe64e..000000000 --- a/0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch +++ /dev/null @@ -1,91 +0,0 @@ -From a356646a56857c2e5ad875beec734d7145ecd49a Mon Sep 17 00:00:00 2001 -From: "Steven Rostedt (VMware)" -Date: Mon, 2 Dec 2019 16:25:27 -0500 -Subject: [PATCH] tracing: Do not create directories if lockdown is in affect - -If lockdown is disabling tracing on boot up, it prevents the tracing files -from even bering created. But when that happens, there's several places that -will give a warning that the files were not created as that is usually a -sign of a bug. - -Add in strategic locations where a check is made to see if tracing is -disabled by lockdown, and if it is, do not go further, and fail silently -(but print that tracing is disabled by lockdown, without doing a WARN_ON()). - -Cc: Matthew Garrett -Fixes: 17911ff38aa5 ("tracing: Add locked_down checks to the open calls of files created for tracefs") -Signed-off-by: Steven Rostedt (VMware) ---- - kernel/trace/ring_buffer.c | 6 ++++++ - kernel/trace/trace.c | 17 +++++++++++++++++ - 2 files changed, 23 insertions(+) - -diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 66358d66c933..4bf050fcfe3b 100644 ---- a/kernel/trace/ring_buffer.c -+++ b/kernel/trace/ring_buffer.c -@@ -11,6 +11,7 @@ - #include - #include - #include -+#include - #include - #include - #include /* for self test */ -@@ -5068,6 +5069,11 @@ static __init int test_ringbuffer(void) - int cpu; - int ret = 0; - -+ if (security_locked_down(LOCKDOWN_TRACEFS)) { -+ pr_warning("Lockdown is enabled, skipping ring buffer tests\n"); -+ return 0; -+ } -+ - pr_info("Running ring buffer tests...\n"); - - buffer = ring_buffer_alloc(RB_TEST_BUFFER_SIZE, RB_FL_OVERWRITE); -diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 02a23a6e5e00..23459d53d576 100644 ---- a/kernel/trace/trace.c -+++ b/kernel/trace/trace.c -@@ -1888,6 +1888,12 @@ int __init register_tracer(struct tracer *type) - return -1; - } - -+ if (security_locked_down(LOCKDOWN_TRACEFS)) { -+ pr_warning("Can not register tracer %s due to lockdown\n", -+ type->name); -+ return -EPERM; -+ } -+ - mutex_lock(&trace_types_lock); - - tracing_selftest_running = true; -@@ -8789,6 +8795,11 @@ struct dentry *tracing_init_dentry(void) - { - struct trace_array *tr = &global_trace; - -+ if (security_locked_down(LOCKDOWN_TRACEFS)) { -+ pr_warning("Tracing disabled due to lockdown\n"); -+ return ERR_PTR(-EPERM); -+ } -+ - /* The top level trace array uses NULL as parent */ - if (tr->dir) - return NULL; -@@ -9231,6 +9242,12 @@ __init static int tracer_alloc_buffers(void) - int ring_buf_size; - int ret = -ENOMEM; - -+ -+ if (security_locked_down(LOCKDOWN_TRACEFS)) { -+ pr_warning("Tracing disabled due to lockdown\n"); -+ return -EPERM; -+ } -+ - /* - * Make sure we don't accidently add more trace options - * than we have bits for. --- -2.24.1 - diff --git a/kernel.spec b/kernel.spec index a3a321935..9ac5dad05 100644 --- a/kernel.spec +++ b/kernel.spec @@ -89,7 +89,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 10 +%define stable_update 11 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -784,6 +784,8 @@ Patch325: arm64-usb-host-xhci-tegra-set-MODULE_FIRMWARE-for-tegra186.patch # 400 - IBM (ppc/s390x) patches # 500 - Temp fixes/CVEs etc +Patch500: PATCH-v2-selinux-allow-labeling-before-policy-is-loaded.patch + # rhbz 1431375 Patch501: input-rmi4-remove-the-need-for-artifical-IRQ.patch @@ -794,12 +796,10 @@ Patch502: 0001-Drop-that-for-now.patch # Submitted upstream at https://lkml.org/lkml/2019/4/23/89 Patch503: KEYS-Make-use-of-platform-keyring-for-module-signature.patch -Patch500: PATCH-v2-selinux-allow-labeling-before-policy-is-loaded.patch - # it seems CONFIG_OPTIMIZE_INLINING has been forced now and is causing issues on ARMv7 # https://lore.kernel.org/patchwork/patch/1132459/ # https://lkml.org/lkml/2019/8/29/1772 -Patch505: ARM-fix-__get_user_check-in-case-uaccess_-calls-are-not-inlined.patch +Patch504: ARM-fix-__get_user_check-in-case-uaccess_-calls-are-not-inlined.patch # CVE-2019-19068 rhbz 1774963 1774965 Patch511: rtl8xxxu-prevent-leaking-urb.patch @@ -814,7 +814,7 @@ Patch513: scsi-bfa-release-allocated-memory-in-case-of-error.patch Patch514: ipmi-Fix-memory-leak-in-__ipmi_bmc_register.patch # CVE-2019-19064 rhbz 1775010 1775011 -Patch516: spi-lpspi-fix-memory-leak-in-fsl_lpspi_probe.patch +Patch515: spi-lpspi-fix-memory-leak-in-fsl_lpspi_probe.patch # CVE-2019-19053 rhbz 1775956 1775110 Patch521: rpmsg-char-release-allocated-memory.patch @@ -823,29 +823,23 @@ Patch521: rpmsg-char-release-allocated-memory.patch Patch522: mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_alloc_cmdrsp_buf.patch # CVE-2019-19054 rhbz 1775063 1775117 -Patch524: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch +Patch523: media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch # CVE-2019-14895 rhbz 1774870 1776139 -Patch526: mwifiex-fix-possible-heap-overflow-in-mwifiex_process_country_ie.patch +Patch524: mwifiex-fix-possible-heap-overflow-in-mwifiex_process_country_ie.patch # CVE-2019-14896 rhbz 1774875 1776143 # CVE-2019-14897 rhbz 1774879 1776146 -Patch527: libertas-Fix-two-buffer-overflows-at-parsing-bss-descriptor.patch - -# CVE-2019-14901 rhbz 1773519 1776184 -Patch528: mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch +Patch525: libertas-Fix-two-buffer-overflows-at-parsing-bss-descriptor.patch # CVE-2019-19078 rhbz 1776354 1776353 -Patch529: ath10k-fix-memory-leak.patch +Patch526: ath10k-fix-memory-leak.patch # CVE-2019-18808 rhbz 1777418 1777421 -Patch531: 0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch - -# rhbz 1781288 -Patch610: 0001-tracing-Do-not-create-directories-if-lockdown-is-in-.patch +Patch527: 0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch # rhbz 1788653 -Patch611: tpm-handle-negative-priv--response_len-in-tpm_common_read.patch +Patch530: tpm-handle-negative-priv--response_len-in-tpm_common_read.patch # END OF PATCH DEFINITIONS @@ -2545,6 +2539,9 @@ fi # # %changelog +* Mon Jan 13 2020 Peter Robinson - 5.4.11-200 +- Linux v5.4.11 + * Thu Jan 09 2020 Jeremy Cline - 5.4.10-200 - Linux v5.4.10 diff --git a/mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch b/mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch deleted file mode 100644 index bfd39e5a9..000000000 --- a/mwifiex-Fix-heap-overflow-in-mmwifiex_process_tdls_action_frame.patch +++ /dev/null @@ -1,226 +0,0 @@ -From patchwork Fri Nov 22 09:43:49 2019 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -X-Patchwork-Submitter: qize wang -X-Patchwork-Id: 11257535 -X-Patchwork-Delegate: kvalo@adurom.com -Return-Path: -Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org - [172.30.200.123]) - by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 311581390 - for ; - Fri, 22 Nov 2019 09:44:01 +0000 (UTC) -Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) - by mail.kernel.org (Postfix) with ESMTP id 09A6920708 - for ; - Fri, 22 Nov 2019 09:44:01 +0000 (UTC) -Authentication-Results: mail.kernel.org; - dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com - header.b="gFC1GPvm" -Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand - id S1726802AbfKVJoA (ORCPT - ); - Fri, 22 Nov 2019 04:44:00 -0500 -Received: from mail-pj1-f65.google.com ([209.85.216.65]:35154 "EHLO - mail-pj1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org - with ESMTP id S1726500AbfKVJoA (ORCPT - ); - Fri, 22 Nov 2019 04:44:00 -0500 -Received: by mail-pj1-f65.google.com with SMTP id s8so2836990pji.2 - for ; - Fri, 22 Nov 2019 01:43:57 -0800 (PST) -DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; - d=gmail.com; s=20161025; - h=from:content-transfer-encoding:mime-version:subject:message-id:date - :cc:to; - bh=1kENrBK+Si8GTG/z7vluv90p0vaDDTLdLP0ZTBYtdys=; - b=gFC1GPvmciglvQH3QRWVdrtGLMliah1xCIA8nZta7Mis7sATxTwTG/XMZ/G4Zb8efA - bvc58q+E3uHBiZOOCVFqZrDhJzM1SJVkOtFKPIquJLhmKms1Rd7FLwLFKwbq9DKE28C4 - crZUPOja7RMESC2jajleQdZ9YO/o/LEA+6QmEKIQFZ11R7j/qT/bNTdf08hDTINa7VVq - r20OL/q5iTBYBqodQaQVOPHH7f8iRs46gS/23GSX8E8Lo920r4wtTUPXXBidt0bay7ID - L2CF8vLLDGRe4Dohd71wCJgl54yVxF1Fi9qAvQluyVTulAtDVNw8Ol9hFdLa9R7j2M2z - 9wWw== -X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; - d=1e100.net; s=20161025; - h=x-gm-message-state:from:content-transfer-encoding:mime-version - :subject:message-id:date:cc:to; - bh=1kENrBK+Si8GTG/z7vluv90p0vaDDTLdLP0ZTBYtdys=; - b=lGAdjvr9L1WcGIvtpY5RO07jVV2t+CQ7rGsSqHcqyoDarWzcfl+FowtU0U+OV0Uf0k - Dxs4mJ+rml43X7SrPljpiHzQB1mRWWnTcIKwO9YFH1DbuMxYpTV/AdDtkyLGwQEPCTu2 - U/RIv2CvLNWTGQYXAqUH4wZJ0MAo0w2fWX8QeMCWarAPRgOsyeT9LEZQT6ypWzy9bAKs - ri4P+HqxmhlvDFb3ij0pl0x7hhOOhDCSdzZEfy8MGL/wmxdbOLM5AV8DevGNLEZHZrJ9 - AHHgRlkUPn5esIeIhTiYu3hox+z4GLrcRZccqcL3O9QM9rKX6SyNF9MjoEIgD5WK7ycl - Tlvg== -X-Gm-Message-State: APjAAAVLU8HZian8Pqy8r1Iwnjga8cqc70tKNQWQHXIQ/WEWDgKWDzip - dkM+yuOUv3M4BD3u8wHsttGE4Sk9BqOSqA== -X-Google-Smtp-Source: - APXvYqxWR1wx4sFD+yyfHofiemrR7B+b6xLDxQu9tS4dKDTYtMBUggkRWVG0Y4CUsP1DbHGVYW2rGg== -X-Received: by 2002:a17:90a:c004:: with SMTP id - p4mr17937350pjt.104.1574415837353; - Fri, 22 Nov 2019 01:43:57 -0800 (PST) -Received: from [127.0.0.1] (187.220.92.34.bc.googleusercontent.com. - [34.92.220.187]) - by smtp.gmail.com with ESMTPSA id - 71sm6800121pfx.107.2019.11.22.01.43.52 - (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); - Fri, 22 Nov 2019 01:43:56 -0800 (PST) -From: qize wang -Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\)) -Subject: [PATCH] mwifiex: Fix heap overflow in - mmwifiex_process_tdls_action_frame() -Message-Id: -Date: Fri, 22 Nov 2019 17:43:49 +0800 -Cc: amitkarwar , nishants , - gbhat , huxinming820 , - kvalo , Greg KH , - security , - linux-distros , - "dan.carpenter" , - Solar Designer -To: linux-wireless@vger.kernel.org -X-Mailer: Apple Mail (2.3445.6.18) -Sender: linux-wireless-owner@vger.kernel.org -Precedence: bulk -List-ID: -X-Mailing-List: linux-wireless@vger.kernel.org - -mwifiex_process_tdls_action_frame() without checking -the incoming tdls infomation element's vality before use it, -this may cause multi heap buffer overflows. - -Fix them by putting vality check before use it. - -Signed-off-by: qize wang ---- -drivers/net/wireless/marvell/mwifiex/tdls.c | 70 ++++++++++++++++++++++++++--- -1 file changed, 64 insertions(+), 6 deletions(-) - -diff --git a/drivers/net/wireless/marvell/mwifiex/tdls.c b/drivers/net/wireless/marvell/mwifiex/tdls.c -index 18e654d..7f60214 100644 ---- a/drivers/net/wireless/marvell/mwifiex/tdls.c -+++ b/drivers/net/wireless/marvell/mwifiex/tdls.c -@@ -954,59 +954,117 @@ void mwifiex_process_tdls_action_frame(struct mwifiex_private *priv, - - switch (*pos) { - case WLAN_EID_SUPP_RATES: -+ if (pos[1] > 32) -+ return; - sta_ptr->tdls_cap.rates_len = pos[1]; - for (i = 0; i < pos[1]; i++) - sta_ptr->tdls_cap.rates[i] = pos[i + 2]; - break; - - case WLAN_EID_EXT_SUPP_RATES: -+ if (pos[1] > 32) -+ return; - basic = sta_ptr->tdls_cap.rates_len; -+ if (pos[1] > 32 - basic) -+ return; - for (i = 0; i < pos[1]; i++) - sta_ptr->tdls_cap.rates[basic + i] = pos[i + 2]; - sta_ptr->tdls_cap.rates_len += pos[1]; - break; - case WLAN_EID_HT_CAPABILITY: -- memcpy((u8 *)&sta_ptr->tdls_cap.ht_capb, pos, -+ if (pos > end - sizeof(struct ieee80211_ht_cap) - 2) -+ return; -+ if (pos[1] != sizeof(struct ieee80211_ht_cap)) -+ return; -+ /* copy the ie's value into ht_capb*/ -+ memcpy((u8 *)&sta_ptr->tdls_cap.ht_capb, pos + 2, - sizeof(struct ieee80211_ht_cap)); - sta_ptr->is_11n_enabled = 1; - break; - case WLAN_EID_HT_OPERATION: -- memcpy(&sta_ptr->tdls_cap.ht_oper, pos, -+ if (pos > end - -+ sizeof(struct ieee80211_ht_operation) - 2) -+ return; -+ if (pos[1] != sizeof(struct ieee80211_ht_operation)) -+ return; -+ /* copy the ie's value into ht_oper*/ -+ memcpy(&sta_ptr->tdls_cap.ht_oper, pos + 2, - sizeof(struct ieee80211_ht_operation)); - break; - case WLAN_EID_BSS_COEX_2040: -+ if (pos > end - 3) -+ return; -+ if (pos[1] != 1) -+ return; - sta_ptr->tdls_cap.coex_2040 = pos[2]; - break; - case WLAN_EID_EXT_CAPABILITY: -+ if (pos > end - sizeof(struct ieee_types_header)) -+ return; -+ if (pos[1] < sizeof(struct ieee_types_header)) -+ return; -+ if (pos[1] > 8) -+ return; - memcpy((u8 *)&sta_ptr->tdls_cap.extcap, pos, - sizeof(struct ieee_types_header) + - min_t(u8, pos[1], 8)); - break; - case WLAN_EID_RSN: -+ if (pos > end - sizeof(struct ieee_types_header)) -+ return; -+ if (pos[1] < sizeof(struct ieee_types_header)) -+ return; -+ if (pos[1] > IEEE_MAX_IE_SIZE - -+ sizeof(struct ieee_types_header)) -+ return; - memcpy((u8 *)&sta_ptr->tdls_cap.rsn_ie, pos, - sizeof(struct ieee_types_header) + - min_t(u8, pos[1], IEEE_MAX_IE_SIZE - - sizeof(struct ieee_types_header))); - break; - case WLAN_EID_QOS_CAPA: -+ if (pos > end - 3) -+ return; -+ if (pos[1] != 1) -+ return; - sta_ptr->tdls_cap.qos_info = pos[2]; - break; - case WLAN_EID_VHT_OPERATION: -- if (priv->adapter->is_hw_11ac_capable) -- memcpy(&sta_ptr->tdls_cap.vhtoper, pos, -+ if (priv->adapter->is_hw_11ac_capable) { -+ if (pos > end - -+ sizeof(struct ieee80211_vht_operation) - 2) -+ return; -+ if (pos[1] != -+ sizeof(struct ieee80211_vht_operation)) -+ return; -+ /* copy the ie's value into vhtoper*/ -+ memcpy(&sta_ptr->tdls_cap.vhtoper, pos + 2, - sizeof(struct ieee80211_vht_operation)); -+ } - break; - case WLAN_EID_VHT_CAPABILITY: - if (priv->adapter->is_hw_11ac_capable) { -- memcpy((u8 *)&sta_ptr->tdls_cap.vhtcap, pos, -+ if (pos > end - -+ sizeof(struct ieee80211_vht_cap) - 2) -+ return; -+ if (pos[1] != sizeof(struct ieee80211_vht_cap)) -+ return; -+ /* copy the ie's value into vhtcap*/ -+ memcpy((u8 *)&sta_ptr->tdls_cap.vhtcap, pos + 2, - sizeof(struct ieee80211_vht_cap)); - sta_ptr->is_11ac_enabled = 1; - } - break; - case WLAN_EID_AID: -- if (priv->adapter->is_hw_11ac_capable) -+ if (priv->adapter->is_hw_11ac_capable) { -+ if (pos > end - 4) -+ return; -+ if (pos[1] != 2) -+ return; - sta_ptr->tdls_cap.aid = - get_unaligned_le16((pos + 2)); -+ } -+ break; - default: - break; - } diff --git a/sources b/sources index 48bd4bb44..8ea35e1bd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (linux-5.4.tar.xz) = 9f60f77e8ab972b9438ac648bed17551c8491d6585a5e85f694b2eaa4c623fbc61eb18419b2656b6795eac5deec0edaa04547fc6723fbda52256bd7f3486898f -SHA512 (patch-5.4.10.xz) = 7e707be8e24ceb41331dff4e6bb2cf33ce3e4908d8059e39e67c1774e6a86ca4f56934f90a7336cdc2b207fab84d09257055f6130bb0f560f26f4668428cc71d +SHA512 (patch-5.4.11.xz) = c8da64a992edb27fc4c9faf79f35edacfdc9c00b72a684d00486fab7eecbd5179bc1826be1598751fa5b1f61ff819d8ccfcebc215b3fff98b75cb46156b7e164 -- cgit From 9607b5faaa81022ed8b97f517c766202f9680744 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Mon, 13 Jan 2020 10:36:30 -0500 Subject: Add drm/i915 backport for hangs https://lore.kernel.org/stable/20191230111530.3750048-1-chris@chris-wilson.co.uk/ --- ...15-gt-Detect-if-we-miss-WaIdleLiteRestore.patch | 129 +++++++++++++++++++++ kernel.spec | 5 +- 2 files changed, 133 insertions(+), 1 deletion(-) create mode 100644 drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch diff --git a/drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch b/drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch new file mode 100644 index 000000000..c0251d1b4 --- /dev/null +++ b/drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch @@ -0,0 +1,129 @@ +From 90de578c81e983b3d992ca3e1a7e5910c803abba Mon Sep 17 00:00:00 2001 +From: Chris Wilson +Date: Mon, 30 Dec 2019 11:15:30 +0000 +Subject: [PATCH] drm/i915/gt: Detect if we miss WaIdleLiteRestore + +In order to avoid confusing the HW, we must never submit an empty ring +during lite-restore, that is we should always advance the RING_TAIL +before submitting to stay ahead of the RING_HEAD. + +Normally this is prevented by keeping a couple of spare NOPs in the +request->wa_tail so that on resubmission we can advance the tail. This +relies on the request only being resubmitted once, which is the normal +condition as it is seen once for ELSP[1] and then later in ELSP[0]. On +preemption, the requests are unwound and the tail reset back to the +normal end point (as we know the request is incomplete and therefore its +RING_HEAD is even earlier). + +However, if this w/a should fail we would try and resubmit the request +with the RING_TAIL already set to the location of this request's wa_tail +potentially causing a GPU hang. We can spot when we do try and +incorrectly resubmit without advancing the RING_TAIL and spare any +embarrassment by forcing the context restore. + +In the case of preempt-to-busy, we leave the requests running on the HW +while we unwind. As the ring is still live, we cannot rewind our +rq->tail without forcing a reload so leave it set to rq->wa_tail and +only force a reload if we resubmit after a lite-restore. (Normally, the +forced reload will be a part of the preemption event.) + +Fixes: 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy") +Closes: https://gitlab.freedesktop.org/drm/intel/issues/673 +Signed-off-by: Chris Wilson +Cc: Mika Kuoppala +Cc: Tvrtko Ursulin +Reviewed-by: Tvrtko Ursulin +Cc: stable@vger.kernel.org +Link: https://patchwork.freedesktop.org/patch/msgid/20191209023215.3519970-1-chris@chris-wilson.co.uk +(cherry picked from commit 82c69bf58650e644c61aa2bf5100b63a1070fd2f) +--- + drivers/gpu/drm/i915/gt/intel_lrc.c | 42 ++++++++++++++--------------- + 1 file changed, 20 insertions(+), 22 deletions(-) + +diff --git a/drivers/gpu/drm/i915/gt/intel_lrc.c b/drivers/gpu/drm/i915/gt/intel_lrc.c +index d564bfcab6a3..49ce15553e7b 100644 +--- a/drivers/gpu/drm/i915/gt/intel_lrc.c ++++ b/drivers/gpu/drm/i915/gt/intel_lrc.c +@@ -471,12 +471,6 @@ lrc_descriptor(struct intel_context *ce, struct intel_engine_cs *engine) + return desc; + } + +-static void unwind_wa_tail(struct i915_request *rq) +-{ +- rq->tail = intel_ring_wrap(rq->ring, rq->wa_tail - WA_TAIL_BYTES); +- assert_ring_tail_valid(rq->ring, rq->tail); +-} +- + static struct i915_request * + __unwind_incomplete_requests(struct intel_engine_cs *engine) + { +@@ -495,7 +489,6 @@ __unwind_incomplete_requests(struct intel_engine_cs *engine) + continue; /* XXX */ + + __i915_request_unsubmit(rq); +- unwind_wa_tail(rq); + + /* + * Push the request back into the queue for later resubmission. +@@ -650,13 +643,29 @@ execlists_schedule_out(struct i915_request *rq) + i915_request_put(rq); + } + +-static u64 execlists_update_context(const struct i915_request *rq) ++static u64 execlists_update_context(struct i915_request *rq) + { + struct intel_context *ce = rq->hw_context; +- u64 desc; ++ u64 desc = ce->lrc_desc; ++ u32 tail; + +- ce->lrc_reg_state[CTX_RING_TAIL + 1] = +- intel_ring_set_tail(rq->ring, rq->tail); ++ /* ++ * WaIdleLiteRestore:bdw,skl ++ * ++ * We should never submit the context with the same RING_TAIL twice ++ * just in case we submit an empty ring, which confuses the HW. ++ * ++ * We append a couple of NOOPs (gen8_emit_wa_tail) after the end of ++ * the normal request to be able to always advance the RING_TAIL on ++ * subsequent resubmissions (for lite restore). Should that fail us, ++ * and we try and submit the same tail again, force the context ++ * reload. ++ */ ++ tail = intel_ring_set_tail(rq->ring, rq->tail); ++ if (unlikely(ce->lrc_reg_state[CTX_RING_TAIL + 1] == tail)) ++ desc |= CTX_DESC_FORCE_RESTORE; ++ ce->lrc_reg_state[CTX_RING_TAIL + 1] = tail; ++ rq->tail = rq->wa_tail; + + /* + * Make sure the context image is complete before we submit it to HW. +@@ -675,7 +684,6 @@ static u64 execlists_update_context(const struct i915_request *rq) + */ + mb(); + +- desc = ce->lrc_desc; + ce->lrc_desc &= ~CTX_DESC_FORCE_RESTORE; + + return desc; +@@ -1150,16 +1158,6 @@ static void execlists_dequeue(struct intel_engine_cs *engine) + if (!list_is_last(&last->sched.link, + &engine->active.requests)) + return; +- +- /* +- * WaIdleLiteRestore:bdw,skl +- * Apply the wa NOOPs to prevent +- * ring:HEAD == rq:TAIL as we resubmit the +- * request. See gen8_emit_fini_breadcrumb() for +- * where we prepare the padding after the +- * end of the request. +- */ +- last->tail = last->wa_tail; + } + } + +-- +2.24.1 + diff --git a/kernel.spec b/kernel.spec index 9ac5dad05..5638fe2b9 100644 --- a/kernel.spec +++ b/kernel.spec @@ -77,7 +77,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 200 +%global baserelease 201 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -841,6 +841,9 @@ Patch527: 0001-crypto-ccp-Release-all-allocated-memory-if-sha-type-.patch # rhbz 1788653 Patch530: tpm-handle-negative-priv--response_len-in-tpm_common_read.patch +# https://gitlab.freedesktop.org/drm/intel/issues/673 +Patch531: drm-i915-gt-Detect-if-we-miss-WaIdleLiteRestore.patch + # END OF PATCH DEFINITIONS %endif -- cgit From 9a4238fbd6670f7a8b437e530336bdf21b270cdf Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 13 Jan 2020 15:39:57 -0600 Subject: Add Documentation back to kernel-devel as it has Kconfig now (rhbz 1789641) --- kernel.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kernel.spec b/kernel.spec index 5638fe2b9..a1df5139f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -77,7 +77,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 201 +%global baserelease 202 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -1801,7 +1801,6 @@ BuildKernel() { %endif # then drop all but the needed Makefiles/Kconfig files - rm -rf $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Documentation rm -rf $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts rm -rf $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/include cp .config $RPM_BUILD_ROOT/lib/modules/$KernelVer/build @@ -2542,6 +2541,9 @@ fi # # %changelog +* Mon Jan 13 2020 Justin M. Forbes - 5.4.10-202 +- Add Documentation back to kernel-devel as it has Kconfig now (rhbz 1789641) + * Mon Jan 13 2020 Peter Robinson - 5.4.11-200 - Linux v5.4.11 -- cgit