--- /dev/null
+From 14221cc45caad2fcab3a8543234bb7eda9b540d5 Mon Sep 17 00:00:00 2001
+From: Artur Molchanov <arturmolchanov@gmail.com>
+Date: Fri, 30 Dec 2016 19:46:36 +0300
+Subject: bridge: netfilter: Fix dropping packets that moving through bridge interface
+
+From: Artur Molchanov <arturmolchanov@gmail.com>
+
+commit 14221cc45caad2fcab3a8543234bb7eda9b540d5 upstream.
+
+Problem:
+br_nf_pre_routing_finish() calls itself instead of
+br_nf_pre_routing_finish_bridge(). Due to this bug reverse path filter drops
+packets that go through bridge interface.
+
+User impact:
+Local docker containers with bridge network can not communicate with each
+other.
+
+Fixes: c5136b15ea36 ("netfilter: bridge: add and use br_nf_hook_thresh")
+Signed-off-by: Artur Molchanov <artur.molchanov@synesis.ru>
+Acked-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bridge/br_netfilter_hooks.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/bridge/br_netfilter_hooks.c
++++ b/net/bridge/br_netfilter_hooks.c
+@@ -399,7 +399,7 @@ bridged_dnat:
+ br_nf_hook_thresh(NF_BR_PRE_ROUTING,
+ net, sk, skb, skb->dev,
+ NULL,
+- br_nf_pre_routing_finish);
++ br_nf_pre_routing_finish_bridge);
+ return 0;
+ }
+ ether_addr_copy(eth_hdr(skb)->h_dest, dev->dev_addr);
nl80211-fix-sched-scan-netlink-socket-owner-destruction.patch
gpio-move-freeing-of-gpio-hogs-before-numbing-of-the-device.patch
xfs-timely-free-truncated-dirty-pages.patch
+bridge-netfilter-fix-dropping-packets-that-moving-through-bridge-interface.patch
+x86-cpu-amd-clean-up-cpu_llc_id-assignment-per-topology-feature.patch
+x86-bugs-separate-amd-e400-erratum-and-c1e-bug.patch
+x86-cpu-amd-fix-bulldozer-topology.patch
+wusbcore-fix-one-more-crypto-on-the-stack-bug.patch
+usb-musb-fix-runtime-pm-in-debugfs.patch
+usb-serial-kl5kusb105-fix-line-state-error-handling.patch
+usb-serial-ch341-fix-initial-modem-control-state.patch
+usb-serial-ch341-fix-resume-after-reset.patch
+usb-serial-ch341-fix-open-error-handling.patch
+usb-serial-ch341-fix-control-message-error-handling.patch
+usb-serial-ch341-fix-open-and-resume-after-b0.patch
--- /dev/null
+From 7b6c1b4c0e1e44544aa18161dba6a741c080a7ef Mon Sep 17 00:00:00 2001
+From: Bin Liu <b-liu@ti.com>
+Date: Tue, 10 Jan 2017 10:46:00 -0600
+Subject: usb: musb: fix runtime PM in debugfs
+
+From: Bin Liu <b-liu@ti.com>
+
+commit 7b6c1b4c0e1e44544aa18161dba6a741c080a7ef upstream.
+
+MUSB driver now has runtime PM support, but the debugfs driver misses
+the PM _get/_put() calls, which could cause MUSB register access
+failure.
+
+Acked-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Bin Liu <b-liu@ti.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/musb/musb_debugfs.c | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/musb/musb_debugfs.c
++++ b/drivers/usb/musb/musb_debugfs.c
+@@ -114,6 +114,7 @@ static int musb_regdump_show(struct seq_
+ unsigned i;
+
+ seq_printf(s, "MUSB (M)HDRC Register Dump\n");
++ pm_runtime_get_sync(musb->controller);
+
+ for (i = 0; i < ARRAY_SIZE(musb_regmap); i++) {
+ switch (musb_regmap[i].size) {
+@@ -132,6 +133,8 @@ static int musb_regdump_show(struct seq_
+ }
+ }
+
++ pm_runtime_mark_last_busy(musb->controller);
++ pm_runtime_put_autosuspend(musb->controller);
+ return 0;
+ }
+
+@@ -145,7 +148,10 @@ static int musb_test_mode_show(struct se
+ struct musb *musb = s->private;
+ unsigned test;
+
++ pm_runtime_get_sync(musb->controller);
+ test = musb_readb(musb->mregs, MUSB_TESTMODE);
++ pm_runtime_mark_last_busy(musb->controller);
++ pm_runtime_put_autosuspend(musb->controller);
+
+ if (test & MUSB_TEST_FORCE_HOST)
+ seq_printf(s, "force host\n");
+@@ -194,11 +200,12 @@ static ssize_t musb_test_mode_write(stru
+ u8 test;
+ char buf[18];
+
++ pm_runtime_get_sync(musb->controller);
+ test = musb_readb(musb->mregs, MUSB_TESTMODE);
+ if (test) {
+ dev_err(musb->controller, "Error: test mode is already set. "
+ "Please do USB Bus Reset to start a new test.\n");
+- return count;
++ goto ret;
+ }
+
+ memset(buf, 0x00, sizeof(buf));
+@@ -234,6 +241,9 @@ static ssize_t musb_test_mode_write(stru
+
+ musb_writeb(musb->mregs, MUSB_TESTMODE, test);
+
++ret:
++ pm_runtime_mark_last_busy(musb->controller);
++ pm_runtime_put_autosuspend(musb->controller);
+ return count;
+ }
+
+@@ -254,8 +264,13 @@ static int musb_softconnect_show(struct
+ switch (musb->xceiv->otg->state) {
+ case OTG_STATE_A_HOST:
+ case OTG_STATE_A_WAIT_BCON:
++ pm_runtime_get_sync(musb->controller);
++
+ reg = musb_readb(musb->mregs, MUSB_DEVCTL);
+ connect = reg & MUSB_DEVCTL_SESSION ? 1 : 0;
++
++ pm_runtime_mark_last_busy(musb->controller);
++ pm_runtime_put_autosuspend(musb->controller);
+ break;
+ default:
+ connect = -1;
+@@ -284,6 +299,7 @@ static ssize_t musb_softconnect_write(st
+ if (copy_from_user(&buf, ubuf, min_t(size_t, sizeof(buf) - 1, count)))
+ return -EFAULT;
+
++ pm_runtime_get_sync(musb->controller);
+ if (!strncmp(buf, "0", 1)) {
+ switch (musb->xceiv->otg->state) {
+ case OTG_STATE_A_HOST:
+@@ -314,6 +330,8 @@ static ssize_t musb_softconnect_write(st
+ }
+ }
+
++ pm_runtime_mark_last_busy(musb->controller);
++ pm_runtime_put_autosuspend(musb->controller);
+ return count;
+ }
+
--- /dev/null
+From 2d5a9c72d0c4ac73cf97f4b7814ed6c44b1e49ae Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Fri, 6 Jan 2017 19:15:18 +0100
+Subject: USB: serial: ch341: fix control-message error handling
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 2d5a9c72d0c4ac73cf97f4b7814ed6c44b1e49ae upstream.
+
+A short control transfer would currently fail to be detected, something
+which could lead to stale buffer data being used as valid input.
+
+Check for short transfers, and make sure to log any transfer errors.
+
+Note that this also avoids leaking heap data to user space (TIOCMGET)
+and the remote device (break control).
+
+Fixes: 6ce76104781a ("USB: Driver for CH341 USB-serial adaptor")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ch341.c | 32 +++++++++++++++++++++-----------
+ 1 file changed, 21 insertions(+), 11 deletions(-)
+
+--- a/drivers/usb/serial/ch341.c
++++ b/drivers/usb/serial/ch341.c
+@@ -99,6 +99,8 @@ static int ch341_control_out(struct usb_
+ r = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), request,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
+ value, index, NULL, 0, DEFAULT_TIMEOUT);
++ if (r < 0)
++ dev_err(&dev->dev, "failed to send control message: %d\n", r);
+
+ return r;
+ }
+@@ -116,7 +118,20 @@ static int ch341_control_in(struct usb_d
+ r = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), request,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN,
+ value, index, buf, bufsize, DEFAULT_TIMEOUT);
+- return r;
++ if (r < bufsize) {
++ if (r >= 0) {
++ dev_err(&dev->dev,
++ "short control message received (%d < %u)\n",
++ r, bufsize);
++ r = -EIO;
++ }
++
++ dev_err(&dev->dev, "failed to receive control message: %d\n",
++ r);
++ return r;
++ }
++
++ return 0;
+ }
+
+ static int ch341_set_baudrate(struct usb_device *dev,
+@@ -158,9 +173,9 @@ static int ch341_set_handshake(struct us
+
+ static int ch341_get_status(struct usb_device *dev, struct ch341_private *priv)
+ {
++ const unsigned int size = 2;
+ char *buffer;
+ int r;
+- const unsigned size = 8;
+ unsigned long flags;
+
+ buffer = kmalloc(size, GFP_KERNEL);
+@@ -171,14 +186,9 @@ static int ch341_get_status(struct usb_d
+ if (r < 0)
+ goto out;
+
+- /* setup the private status if available */
+- if (r == 2) {
+- r = 0;
+- spin_lock_irqsave(&priv->lock, flags);
+- priv->line_status = (~(*buffer)) & CH341_BITS_MODEM_STAT;
+- spin_unlock_irqrestore(&priv->lock, flags);
+- } else
+- r = -EPROTO;
++ spin_lock_irqsave(&priv->lock, flags);
++ priv->line_status = (~(*buffer)) & CH341_BITS_MODEM_STAT;
++ spin_unlock_irqrestore(&priv->lock, flags);
+
+ out: kfree(buffer);
+ return r;
+@@ -188,9 +198,9 @@ out: kfree(buffer);
+
+ static int ch341_configure(struct usb_device *dev, struct ch341_private *priv)
+ {
++ const unsigned int size = 2;
+ char *buffer;
+ int r;
+- const unsigned size = 8;
+
+ buffer = kmalloc(size, GFP_KERNEL);
+ if (!buffer)
--- /dev/null
+From 4e2da44691cffbfffb1535f478d19bc2dca3e62b Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Fri, 6 Jan 2017 19:15:10 +0100
+Subject: USB: serial: ch341: fix initial modem-control state
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 4e2da44691cffbfffb1535f478d19bc2dca3e62b upstream.
+
+DTR and RTS will be asserted by the tty-layer when the port is opened
+and deasserted on close (if HUPCL is set). Make sure the initial state
+is not-asserted before the port is first opened as well.
+
+Fixes: 664d5df92e88 ("USB: usb-serial ch341: support for DTR/RTS/CTS")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ch341.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/usb/serial/ch341.c
++++ b/drivers/usb/serial/ch341.c
+@@ -253,7 +253,6 @@ static int ch341_port_probe(struct usb_s
+
+ spin_lock_init(&priv->lock);
+ priv->baud_rate = DEFAULT_BAUD_RATE;
+- priv->line_control = CH341_BIT_RTS | CH341_BIT_DTR;
+
+ r = ch341_configure(port->serial->dev, priv);
+ if (r < 0)
--- /dev/null
+From a20047f36e2f6a1eea4f1fd261aaa55882369868 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Fri, 6 Jan 2017 19:15:11 +0100
+Subject: USB: serial: ch341: fix open and resume after B0
+
+From: Johan Hovold <johan@kernel.org>
+
+commit a20047f36e2f6a1eea4f1fd261aaa55882369868 upstream.
+
+The private baud_rate variable is used to configure the port at open and
+reset-resume and must never be set to (and left at) zero or reset-resume
+and all further open attempts will fail.
+
+Fixes: aa91def41a7b ("USB: ch341: set tty baud speed according to tty struct")
+Fixes: 664d5df92e88 ("USB: usb-serial ch341: support for DTR/RTS/CTS")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ch341.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/usb/serial/ch341.c
++++ b/drivers/usb/serial/ch341.c
+@@ -361,12 +361,11 @@ static void ch341_set_termios(struct tty
+
+ baud_rate = tty_get_baud_rate(tty);
+
+- priv->baud_rate = baud_rate;
+-
+ if (baud_rate) {
+ spin_lock_irqsave(&priv->lock, flags);
+ priv->line_control |= (CH341_BIT_DTR | CH341_BIT_RTS);
+ spin_unlock_irqrestore(&priv->lock, flags);
++ priv->baud_rate = baud_rate;
+ ch341_set_baudrate(port->serial->dev, priv);
+ } else {
+ spin_lock_irqsave(&priv->lock, flags);
--- /dev/null
+From f2950b78547ffb8475297ada6b92bc2d774d5461 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Fri, 6 Jan 2017 19:15:13 +0100
+Subject: USB: serial: ch341: fix open error handling
+
+From: Johan Hovold <johan@kernel.org>
+
+commit f2950b78547ffb8475297ada6b92bc2d774d5461 upstream.
+
+Make sure to stop the interrupt URB before returning on errors during
+open.
+
+Fixes: 664d5df92e88 ("USB: usb-serial ch341: support for DTR/RTS/CTS")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ch341.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+--- a/drivers/usb/serial/ch341.c
++++ b/drivers/usb/serial/ch341.c
+@@ -314,7 +314,7 @@ static int ch341_open(struct tty_struct
+
+ r = ch341_configure(serial->dev, priv);
+ if (r)
+- goto out;
++ return r;
+
+ if (tty)
+ ch341_set_termios(tty, port, NULL);
+@@ -324,12 +324,19 @@ static int ch341_open(struct tty_struct
+ if (r) {
+ dev_err(&port->dev, "%s - failed to submit interrupt urb: %d\n",
+ __func__, r);
+- goto out;
++ return r;
+ }
+
+ r = usb_serial_generic_open(tty, port);
++ if (r)
++ goto err_kill_interrupt_urb;
++
++ return 0;
++
++err_kill_interrupt_urb:
++ usb_kill_urb(port->interrupt_in_urb);
+
+-out: return r;
++ return r;
+ }
+
+ /* Old_termios contains the original termios settings and
--- /dev/null
+From ce5e292828117d1b71cbd3edf9e9137cf31acd30 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Fri, 6 Jan 2017 19:15:14 +0100
+Subject: USB: serial: ch341: fix resume after reset
+
+From: Johan Hovold <johan@kernel.org>
+
+commit ce5e292828117d1b71cbd3edf9e9137cf31acd30 upstream.
+
+Fix reset-resume handling which failed to resubmit the read and
+interrupt URBs, thereby leaving a port that was open before suspend in a
+broken state until closed and reopened.
+
+Fixes: 1ded7ea47b88 ("USB: ch341 serial: fix port number changed after resume")
+Fixes: 2bfd1c96a9fb ("USB: serial: ch341: remove reset_resume callback")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/ch341.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+--- a/drivers/usb/serial/ch341.c
++++ b/drivers/usb/serial/ch341.c
+@@ -538,14 +538,23 @@ static int ch341_tiocmget(struct tty_str
+
+ static int ch341_reset_resume(struct usb_serial *serial)
+ {
+- struct ch341_private *priv;
+-
+- priv = usb_get_serial_port_data(serial->port[0]);
++ struct usb_serial_port *port = serial->port[0];
++ struct ch341_private *priv = usb_get_serial_port_data(port);
++ int ret;
+
+ /* reconfigure ch341 serial port after bus-reset */
+ ch341_configure(serial->dev, priv);
+
+- return 0;
++ if (tty_port_initialized(&port->port)) {
++ ret = usb_submit_urb(port->interrupt_in_urb, GFP_NOIO);
++ if (ret) {
++ dev_err(&port->dev, "failed to submit interrupt urb: %d\n",
++ ret);
++ return ret;
++ }
++ }
++
++ return usb_serial_generic_resume(serial);
+ }
+
+ static struct usb_serial_driver ch341_device = {
--- /dev/null
+From 146cc8a17a3b4996f6805ee5c080e7101277c410 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Tue, 10 Jan 2017 12:05:37 +0100
+Subject: USB: serial: kl5kusb105: fix line-state error handling
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 146cc8a17a3b4996f6805ee5c080e7101277c410 upstream.
+
+The current implementation failed to detect short transfers when
+attempting to read the line state, and also, to make things worse,
+logged the content of the uninitialised heap transfer buffer.
+
+Fixes: abf492e7b3ae ("USB: kl5kusb105: fix DMA buffers on stack")
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/serial/kl5kusb105.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/usb/serial/kl5kusb105.c
++++ b/drivers/usb/serial/kl5kusb105.c
+@@ -192,10 +192,11 @@ static int klsi_105_get_line_state(struc
+ status_buf, KLSI_STATUSBUF_LEN,
+ 10000
+ );
+- if (rc < 0)
+- dev_err(&port->dev, "Reading line status failed (error = %d)\n",
+- rc);
+- else {
++ if (rc != KLSI_STATUSBUF_LEN) {
++ dev_err(&port->dev, "reading line status failed: %d\n", rc);
++ if (rc >= 0)
++ rc = -EIO;
++ } else {
+ status = get_unaligned_le16(status_buf);
+
+ dev_info(&port->serial->dev->dev, "read status %x %x\n",
--- /dev/null
+From 620f1a632ebcc9811c2f8009ba52297c7006f805 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Tue, 13 Dec 2016 18:50:13 -0800
+Subject: wusbcore: Fix one more crypto-on-the-stack bug
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit 620f1a632ebcc9811c2f8009ba52297c7006f805 upstream.
+
+The driver put a constant buffer of all zeros on the stack and
+pointed a scatterlist entry at it. This doesn't work with virtual
+stacks. Use ZERO_PAGE instead.
+
+Reported-by: Eric Biggers <ebiggers3@gmail.com>
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/wusbcore/crypto.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/usb/wusbcore/crypto.c
++++ b/drivers/usb/wusbcore/crypto.c
+@@ -216,7 +216,6 @@ static int wusb_ccm_mac(struct crypto_sk
+ struct scatterlist sg[4], sg_dst;
+ void *dst_buf;
+ size_t dst_size;
+- const u8 bzero[16] = { 0 };
+ u8 iv[crypto_skcipher_ivsize(tfm_cbc)];
+ size_t zero_padding;
+
+@@ -261,7 +260,7 @@ static int wusb_ccm_mac(struct crypto_sk
+ sg_set_buf(&sg[1], &scratch->b1, sizeof(scratch->b1));
+ sg_set_buf(&sg[2], b, blen);
+ /* 0 if well behaved :) */
+- sg_set_buf(&sg[3], bzero, zero_padding);
++ sg_set_page(&sg[3], ZERO_PAGE(0), zero_padding, 0);
+ sg_init_one(&sg_dst, dst_buf, dst_size);
+
+ skcipher_request_set_tfm(req, tfm_cbc);
--- /dev/null
+From 3344ed30791af66dbbad5f375008f3d1863b6c99 Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Fri, 9 Dec 2016 19:29:09 +0100
+Subject: x86/bugs: Separate AMD E400 erratum and C1E bug
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 3344ed30791af66dbbad5f375008f3d1863b6c99 upstream.
+
+The workaround for the AMD Erratum E400 (Local APIC timer stops in C1E
+state) is a two step process:
+
+ - Selection of the E400 aware idle routine
+
+ - Detection whether the platform is affected
+
+The idle routine selection happens for possibly affected CPUs depending on
+family/model/stepping information. These range of CPUs is not necessarily
+affected as the decision whether to enable the C1E feature is made by the
+firmware. Unfortunately there is no way to query this at early boot.
+
+The current implementation polls a MSR in the E400 aware idle routine to
+detect whether the CPU is affected. This is inefficient on non affected
+CPUs because every idle entry has to do the MSR read.
+
+There is a better way to detect this before going idle for the first time
+which requires to seperate the bug flags:
+
+ X86_BUG_AMD_E400 - Selects the E400 aware idle routine and
+ enables the detection
+
+ X86_BUG_AMD_APIC_C1E - Set when the platform is affected by E400
+
+Replace the current X86_BUG_AMD_APIC_C1E usage by the new X86_BUG_AMD_E400
+bug bit to select the idle routine which currently does an unconditional
+detection poll. X86_BUG_AMD_APIC_C1E is going to be used in later patches
+to remove the MSR polling and simplify the handling of this misfeature.
+
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Link: http://lkml.kernel.org/r/20161209182912.2726-3-bp@alien8.de
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/cpufeatures.h | 2 ++
+ arch/x86/kernel/cpu/amd.c | 20 +++++++++++++-------
+ arch/x86/kernel/process.c | 3 +--
+ 3 files changed, 16 insertions(+), 9 deletions(-)
+
+--- a/arch/x86/include/asm/cpufeatures.h
++++ b/arch/x86/include/asm/cpufeatures.h
+@@ -311,4 +311,6 @@
+ #define X86_BUG_NULL_SEG X86_BUG(10) /* Nulling a selector preserves the base */
+ #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on GS */
+ #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */
++#define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */
++
+ #endif /* _ASM_X86_CPUFEATURES_H */
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -20,6 +20,10 @@
+
+ #include "cpu.h"
+
++static const int amd_erratum_383[];
++static const int amd_erratum_400[];
++static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum);
++
+ /*
+ * nodes_per_socket: Stores the number of nodes per socket.
+ * Refer to Fam15h Models 00-0fh BKDG - CPUID Fn8000_001E_ECX
+@@ -592,11 +596,16 @@ static void early_init_amd(struct cpuinf
+ /* F16h erratum 793, CVE-2013-6885 */
+ if (c->x86 == 0x16 && c->x86_model <= 0xf)
+ msr_set_bit(MSR_AMD64_LS_CFG, 15);
+-}
+
+-static const int amd_erratum_383[];
+-static const int amd_erratum_400[];
+-static bool cpu_has_amd_erratum(struct cpuinfo_x86 *cpu, const int *erratum);
++ /*
++ * Check whether the machine is affected by erratum 400. This is
++ * used to select the proper idle routine and to enable the check
++ * whether the machine is affected in arch_post_acpi_init(), which
++ * sets the X86_BUG_AMD_APIC_C1E bug depending on the MSR check.
++ */
++ if (cpu_has_amd_erratum(c, amd_erratum_400))
++ set_cpu_bug(c, X86_BUG_AMD_E400);
++}
+
+ static void init_amd_k8(struct cpuinfo_x86 *c)
+ {
+@@ -777,9 +786,6 @@ static void init_amd(struct cpuinfo_x86
+ if (c->x86 > 0x11)
+ set_cpu_cap(c, X86_FEATURE_ARAT);
+
+- if (cpu_has_amd_erratum(c, amd_erratum_400))
+- set_cpu_bug(c, X86_BUG_AMD_APIC_C1E);
+-
+ rdmsr_safe(MSR_AMD64_PATCH_LEVEL, &c->microcode, &dummy);
+
+ /* 3DNow or LM implies PREFETCHW */
+--- a/arch/x86/kernel/process.c
++++ b/arch/x86/kernel/process.c
+@@ -448,8 +448,7 @@ void select_idle_routine(const struct cp
+ if (x86_idle || boot_option_idle_override == IDLE_POLL)
+ return;
+
+- if (cpu_has_bug(c, X86_BUG_AMD_APIC_C1E)) {
+- /* E400: APIC timer interrupt does not wake up CPU from C1e */
++ if (boot_cpu_has_bug(X86_BUG_AMD_E400)) {
+ pr_info("using AMD E400 aware idle routine\n");
+ x86_idle = amd_e400_idle;
+ } else if (prefer_mwait_c1_over_halt(c)) {
--- /dev/null
+From b6a50cddbcbda7105355898ead18f1a647c22520 Mon Sep 17 00:00:00 2001
+From: Yazen Ghannam <Yazen.Ghannam@amd.com>
+Date: Tue, 8 Nov 2016 16:30:54 +0100
+Subject: x86/cpu/AMD: Clean up cpu_llc_id assignment per topology feature
+
+From: Yazen Ghannam <Yazen.Ghannam@amd.com>
+
+commit b6a50cddbcbda7105355898ead18f1a647c22520 upstream.
+
+These changes do not affect current hw - just a cleanup:
+
+Currently, we assume that a system has a single Last Level Cache (LLC)
+per node, and that the cpu_llc_id is thus equal to the node_id. This no
+longer applies since Fam17h can have multiple last level caches within a
+node.
+
+So group the cpu_llc_id assignment by topology feature and family in
+order to make the computation of cpu_llc_id on the different families
+more clear.
+
+Here is how the LLC ID is being computed on the different families:
+
+The NODEID_MSR feature only applies to Fam10h in which case the LLC is
+at the node level.
+
+The TOPOEXT feature is used on families 15h, 16h and 17h. So far we only
+see multiple last level caches if L3 caches are available. Otherwise,
+the cpu_llc_id will default to be the phys_proc_id.
+
+We have L3 caches only on families 15h and 17h:
+
+ - on Fam15h, the LLC is at the node level.
+
+ - on Fam17h, the LLC is at the core complex level and can be found by
+ right shifting the APIC ID. Also, keep the family checks explicit so that
+ new families will fall back to the default, which will be node_id for
+ TOPOEXT systems.
+
+Single node systems in families 10h and 15h will have a Node ID of 0
+which will be the same as the phys_proc_id, so we don't need to check
+for multiple nodes before using the node_id.
+
+Tested-by: Borislav Petkov <bp@suse.de>
+Signed-off-by: Yazen Ghannam <Yazen.Ghannam@amd.com>
+[ Rewrote the commit message. ]
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Acked-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Aravind Gopalakrishnan <aravindksg.lkml@gmail.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: http://lkml.kernel.org/r/20161108153054.bs3sajbyevq6a6uu@pd.tnic
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/amd.c | 31 +++++++++++++++++++------------
+ 1 file changed, 19 insertions(+), 12 deletions(-)
+
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -314,11 +314,30 @@ static void amd_get_topology(struct cpui
+ smp_num_siblings = ((ebx >> 8) & 3) + 1;
+ c->x86_max_cores /= smp_num_siblings;
+ c->cpu_core_id = ebx & 0xff;
++
++ /*
++ * We may have multiple LLCs if L3 caches exist, so check if we
++ * have an L3 cache by looking at the L3 cache CPUID leaf.
++ */
++ if (cpuid_edx(0x80000006)) {
++ if (c->x86 == 0x17) {
++ /*
++ * LLC is at the core complex level.
++ * Core complex id is ApicId[3].
++ */
++ per_cpu(cpu_llc_id, cpu) = c->apicid >> 3;
++ } else {
++ /* LLC is at the node level. */
++ per_cpu(cpu_llc_id, cpu) = node_id;
++ }
++ }
+ } else if (cpu_has(c, X86_FEATURE_NODEID_MSR)) {
+ u64 value;
+
+ rdmsrl(MSR_FAM10H_NODE_ID, value);
+ node_id = value & 7;
++
++ per_cpu(cpu_llc_id, cpu) = node_id;
+ } else
+ return;
+
+@@ -329,9 +348,6 @@ static void amd_get_topology(struct cpui
+ set_cpu_cap(c, X86_FEATURE_AMD_DCM);
+ cus_per_node = c->x86_max_cores / nodes_per_socket;
+
+- /* store NodeID, use llc_shared_map to store sibling info */
+- per_cpu(cpu_llc_id, cpu) = node_id;
+-
+ /* core id has to be in the [0 .. cores_per_node - 1] range */
+ c->cpu_core_id %= cus_per_node;
+ }
+@@ -356,15 +372,6 @@ static void amd_detect_cmp(struct cpuinf
+ /* use socket ID also for last level cache */
+ per_cpu(cpu_llc_id, cpu) = c->phys_proc_id;
+ amd_get_topology(c);
+-
+- /*
+- * Fix percpu cpu_llc_id here as LLC topology is different
+- * for Fam17h systems.
+- */
+- if (c->x86 != 0x17 || !cpuid_edx(0x80000006))
+- return;
+-
+- per_cpu(cpu_llc_id, cpu) = c->apicid >> 3;
+ #endif
+ }
+
--- /dev/null
+From a33d331761bc5dd330499ca5ceceb67f0640a8e6 Mon Sep 17 00:00:00 2001
+From: Borislav Petkov <bp@suse.de>
+Date: Thu, 5 Jan 2017 10:26:38 +0100
+Subject: x86/CPU/AMD: Fix Bulldozer topology
+
+From: Borislav Petkov <bp@suse.de>
+
+commit a33d331761bc5dd330499ca5ceceb67f0640a8e6 upstream.
+
+The following commit:
+
+ 8196dab4fc15 ("x86/cpu: Get rid of compute_unit_id")
+
+... broke the initial strategy for Bulldozer-based cores' topology,
+where we consider each thread of a compute unit a standalone core
+and not a HT or SMT thread.
+
+Revert to the firmware-supplied core_id numbering and do not make
+them thread siblings as we don't consider them for such even if they
+technically are, more or less.
+
+Reported-and-tested-by: Brice Goglin <Brice.Goglin@inria.fr>
+Tested-by: Yazen Ghannam <yazen.ghannam@amd.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: 8196dab4fc15 ("x86/cpu: Get rid of compute_unit_id")
+Link: http://lkml.kernel.org/r/20170105092638.5247-1-bp@alien8.de
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/amd.c | 9 +--------
+ 1 file changed, 1 insertion(+), 8 deletions(-)
+
+--- a/arch/x86/kernel/cpu/amd.c
++++ b/arch/x86/kernel/cpu/amd.c
+@@ -309,15 +309,8 @@ static void amd_get_topology(struct cpui
+
+ /* get information required for multi-node processors */
+ if (boot_cpu_has(X86_FEATURE_TOPOEXT)) {
+- u32 eax, ebx, ecx, edx;
+
+- cpuid(0x8000001e, &eax, &ebx, &ecx, &edx);
+- node_id = ecx & 7;
+-
+- /* get compute unit information */
+- smp_num_siblings = ((ebx >> 8) & 3) + 1;
+- c->x86_max_cores /= smp_num_siblings;
+- c->cpu_core_id = ebx & 0xff;
++ node_id = cpuid_ecx(0x8000001e) & 7;
+
+ /*
+ * We may have multiple LLCs if L3 caches exist, so check if we
projects / thirdparty / kernel / stable-queue.git / commitdiff
