--- /dev/null
+From 3eb55e6f753a379e293395de8d5f3be28351a7f8 Mon Sep 17 00:00:00 2001
+From: Tina Zhang <tina.zhang@intel.com>
+Date: Fri, 21 Feb 2020 10:32:34 +0800
+Subject: drm/i915/gvt: Separate display reset from ALL_ENGINES reset
+
+From: Tina Zhang <tina.zhang@intel.com>
+
+commit 3eb55e6f753a379e293395de8d5f3be28351a7f8 upstream.
+
+ALL_ENGINES reset doesn't clobber display with the current gvt-g
+supported platforms. Thus ALL_ENGINES reset shouldn't reset the
+display engine registers emulated by gvt-g.
+
+This fixes guest warning like
+
+[ 14.622026] [drm] Initialized i915 1.6.0 20200114 for 0000:00:03.0 on minor 0
+[ 14.967917] fbcon: i915drmfb (fb0) is primary device
+[ 25.100188] [drm:drm_atomic_helper_wait_for_dependencies [drm_kms_helper]] E RROR [CRTC:51:pipe A] flip_done timed out
+[ 25.100860] -----------[ cut here ]-----------
+[ 25.100861] pll on state mismatch (expected 0, found 1)
+[ 25.101024] WARNING: CPU: 1 PID: 30 at drivers/gpu/drm/i915/display/intel_dis play.c:14382 verify_single_dpll_state.isra.115+0x28f/0x320 [i915]
+[ 25.101025] Modules linked in: intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel i915 aesni_intel cr ypto_simd cryptd glue_helper cec rc_core video drm_kms_helper joydev drm input_l eds i2c_algo_bit serio_raw fb_sys_fops syscopyarea sysfillrect sysimgblt mac_hid qemu_fw_cfg sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 e1000 psmouse i2c_piix4 pata_acpi floppy
+[ 25.101052] CPU: 1 PID: 30 Comm: kworker/u4:1 Not tainted 5.5.0+ #1
+[ 25.101053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1 .12.1-0-ga5cab58 04/01/2014
+[ 25.101055] Workqueue: events_unbound async_run_entry_fn
+[ 25.101092] RIP: 0010:verify_single_dpll_state.isra.115+0x28f/0x320 [i915]
+[ 25.101093] Code: e0 d9 ff e9 a3 fe ff ff 80 3d e9 c2 11 00 00 44 89 f6 48 c7 c7 c0 9d 88 c0 75 3b e8 eb df d9 ff e9 c7 fe ff ff e8 d1 e0 ae c4 <0f> 0b e9 7a fe ff ff 80 3d c0 c2 11 00 00 8d 71 41 89 c2 48 c7 c7
+[ 25.101093] RSP: 0018:ffffb1de80107878 EFLAGS: 00010286
+[ 25.101094] RAX: 0000000000000000 RBX: ffffb1de80107884 RCX: 0000000000000007
+[ 25.101095] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff94fdfdd19740
+[ 25.101095] RBP: ffffb1de80107938 R08: 0000000d6bfdc7b4 R09: 000000000000002b
+[ 25.101096] R10: ffff94fdf82dc000 R11: 0000000000000225 R12: 00000000000001f8
+[ 25.101096] R13: ffff94fdb3ca6a90 R14: ffff94fdb3ca0000 R15: 0000000000000000
+[ 25.101097] FS: 0000000000000000(0000) GS:ffff94fdfdd00000(0000) knlGS:00000 00000000000
+[ 25.101098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 25.101098] CR2: 00007fbc3e2be9c8 CR3: 000000003339a003 CR4: 0000000000360ee0
+[ 25.101101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 25.101101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 25.101102] Call Trace:
+[ 25.101139] intel_atomic_commit_tail+0xde4/0x1520 [i915]
+[ 25.101141] ? flush_workqueue_prep_pwqs+0xfa/0x130
+[ 25.101142] ? flush_workqueue+0x198/0x3c0
+[ 25.101174] intel_atomic_commit+0x2ad/0x320 [i915]
+[ 25.101209] drm_atomic_commit+0x4a/0x50 [drm]
+[ 25.101220] drm_client_modeset_commit_atomic+0x1c4/0x200 [drm]
+[ 25.101231] drm_client_modeset_commit_force+0x47/0x170 [drm]
+[ 25.101250] drm_fb_helper_restore_fbdev_mode_unlocked+0x4e/0xa0 [drm_kms_hel per]
+[ 25.101255] drm_fb_helper_set_par+0x2d/0x60 [drm_kms_helper]
+[ 25.101287] intel_fbdev_set_par+0x1a/0x40 [i915]
+[ 25.101289] ? con_is_visible+0x2e/0x60
+[ 25.101290] fbcon_init+0x378/0x600
+[ 25.101292] visual_init+0xd5/0x130
+[ 25.101296] do_bind_con_driver+0x217/0x430
+[ 25.101297] do_take_over_console+0x7d/0x1b0
+[ 25.101298] do_fbcon_takeover+0x5c/0xb0
+[ 25.101299] fbcon_fb_registered+0x199/0x1a0
+[ 25.101301] register_framebuffer+0x22c/0x330
+[ 25.101306] __drm_fb_helper_initial_config_and_unlock+0x31a/0x520 [drm_kms_h elper]
+[ 25.101311] drm_fb_helper_initial_config+0x35/0x40 [drm_kms_helper]
+[ 25.101341] intel_fbdev_initial_config+0x18/0x30 [i915]
+[ 25.101342] async_run_entry_fn+0x3c/0x150
+[ 25.101343] process_one_work+0x1fd/0x3f0
+[ 25.101344] worker_thread+0x34/0x410
+[ 25.101346] kthread+0x121/0x140
+[ 25.101346] ? process_one_work+0x3f0/0x3f0
+[ 25.101347] ? kthread_park+0x90/0x90
+[ 25.101350] ret_from_fork+0x35/0x40
+[ 25.101351] --[ end trace b5b47d44cd998ba1 ]--
+
+Fixes: 6294b61ba769 ("drm/i915/gvt: add missing display part reset for vGPU reset")
+Signed-off-by: Tina Zhang <tina.zhang@intel.com>
+Reviewed-by: Zhenyu Wang <zhenyuw@linux.intel.com>
+Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
+Link: http://patchwork.freedesktop.org/patch/msgid/20200221023234.28635-1-tina.zhang@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/i915/gvt/vgpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/i915/gvt/vgpu.c
++++ b/drivers/gpu/drm/i915/gvt/vgpu.c
+@@ -513,9 +513,9 @@ void intel_gvt_reset_vgpu_locked(struct
+
+ intel_vgpu_reset_mmio(vgpu, dmlr);
+ populate_pvinfo_page(vgpu);
+- intel_vgpu_reset_display(vgpu);
+
+ if (dmlr) {
++ intel_vgpu_reset_display(vgpu);
+ intel_vgpu_reset_cfg_space(vgpu);
+ /* only reset the failsafe mode when dmlr reset */
+ vgpu->failsafe = false;
--- /dev/null
+From 5c02c447eaeda29d3da121a2e17b97ccaf579b51 Mon Sep 17 00:00:00 2001
+From: "dan.carpenter@oracle.com" <dan.carpenter@oracle.com>
+Date: Wed, 15 Jan 2020 20:46:28 +0300
+Subject: HID: hiddev: Fix race in in hiddev_disconnect()
+
+From: dan.carpenter@oracle.com <dan.carpenter@oracle.com>
+
+commit 5c02c447eaeda29d3da121a2e17b97ccaf579b51 upstream.
+
+Syzbot reports that "hiddev" is used after it's free in hiddev_disconnect().
+The hiddev_disconnect() function sets "hiddev->exist = 0;" so
+hiddev_release() can free it as soon as we drop the "existancelock"
+lock. This patch moves the mutex_unlock(&hiddev->existancelock) until
+after we have finished using it.
+
+Reported-by: syzbot+784ccb935f9900cc7c9e@syzkaller.appspotmail.com
+Fixes: 7f77897ef2b6 ("HID: hiddev: fix potential use-after-free")
+Suggested-by: Alan Stern <stern@rowland.harvard.edu>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/usbhid/hiddev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hid/usbhid/hiddev.c
++++ b/drivers/hid/usbhid/hiddev.c
+@@ -954,9 +954,9 @@ void hiddev_disconnect(struct hid_device
+ hiddev->exist = 0;
+
+ if (hiddev->open) {
+- mutex_unlock(&hiddev->existancelock);
+ hid_hw_close(hiddev->hid);
+ wake_up_interruptible(&hiddev->wait);
++ mutex_unlock(&hiddev->existancelock);
+ } else {
+ mutex_unlock(&hiddev->existancelock);
+ kfree(hiddev);
--- /dev/null
+From 54498e8070e19e74498a72c7331348143e7e1f8c Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
+Date: Tue, 11 Feb 2020 08:47:04 -0600
+Subject: i2c: altera: Fix potential integer overflow
+
+From: Gustavo A. R. Silva <gustavo@embeddedor.com>
+
+commit 54498e8070e19e74498a72c7331348143e7e1f8c upstream.
+
+Factor out 100 from the equation and do 32-bit arithmetic (3 * clk_mhz / 10)
+instead of 64-bit.
+
+Notice that clk_mhz is MHz, so the multiplication will never wrap 32 bits
+and there is no need for div_u64().
+
+Addresses-Coverity: 1458369 ("Unintentional integer overflow")
+Fixes: 0560ad576268 ("i2c: altera: Add Altera I2C Controller driver")
+Suggested-by: David Laight <David.Laight@ACULAB.COM>
+Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
+Reviewed-by: Thor Thayer <thor.thayer@linux.intel.com>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-altera.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/i2c/busses/i2c-altera.c
++++ b/drivers/i2c/busses/i2c-altera.c
+@@ -182,7 +182,7 @@ static void altr_i2c_init(struct altr_i2
+ /* SCL Low Time */
+ writel(t_low, idev->base + ALTR_I2C_SCL_LOW);
+ /* SDA Hold Time, 300ns */
+- writel(div_u64(300 * clk_mhz, 1000), idev->base + ALTR_I2C_SDA_HOLD);
++ writel(3 * clk_mhz / 10, idev->base + ALTR_I2C_SDA_HOLD);
+
+ /* Mask all master interrupt bits */
+ altr_i2c_int_enable(idev, ALTR_I2C_ALL_IRQ, false);
--- /dev/null
+From 9e661cedcc0a072d91a32cb88e0515ea26e35711 Mon Sep 17 00:00:00 2001
+From: Wolfram Sang <wsa@the-dreams.de>
+Date: Wed, 12 Feb 2020 10:35:30 +0100
+Subject: i2c: jz4780: silence log flood on txabrt
+
+From: Wolfram Sang <wsa@the-dreams.de>
+
+commit 9e661cedcc0a072d91a32cb88e0515ea26e35711 upstream.
+
+The printout for txabrt is way too talkative and is highly annoying with
+scanning programs like 'i2cdetect'. Reduce it to the minimum, the rest
+can be gained by I2C core debugging and datasheet information. Also,
+make it a debug printout, it won't help the regular user.
+
+Fixes: ba92222ed63a ("i2c: jz4780: Add i2c bus controller driver for Ingenic JZ4780")
+Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
+Tested-by: H. Nikolaus Schaller <hns@goldelico.com>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-jz4780.c | 36 ++----------------------------------
+ 1 file changed, 2 insertions(+), 34 deletions(-)
+
+--- a/drivers/i2c/busses/i2c-jz4780.c
++++ b/drivers/i2c/busses/i2c-jz4780.c
+@@ -82,25 +82,6 @@
+ #define JZ4780_I2C_STA_TFNF BIT(1)
+ #define JZ4780_I2C_STA_ACT BIT(0)
+
+-static const char * const jz4780_i2c_abrt_src[] = {
+- "ABRT_7B_ADDR_NOACK",
+- "ABRT_10ADDR1_NOACK",
+- "ABRT_10ADDR2_NOACK",
+- "ABRT_XDATA_NOACK",
+- "ABRT_GCALL_NOACK",
+- "ABRT_GCALL_READ",
+- "ABRT_HS_ACKD",
+- "SBYTE_ACKDET",
+- "ABRT_HS_NORSTRT",
+- "SBYTE_NORSTRT",
+- "ABRT_10B_RD_NORSTRT",
+- "ABRT_MASTER_DIS",
+- "ARB_LOST",
+- "SLVFLUSH_TXFIFO",
+- "SLV_ARBLOST",
+- "SLVRD_INTX",
+-};
+-
+ #define JZ4780_I2C_INTST_IGC BIT(11)
+ #define JZ4780_I2C_INTST_ISTT BIT(10)
+ #define JZ4780_I2C_INTST_ISTP BIT(9)
+@@ -538,21 +519,8 @@ done:
+
+ static void jz4780_i2c_txabrt(struct jz4780_i2c *i2c, int src)
+ {
+- int i;
+-
+- dev_err(&i2c->adap.dev, "txabrt: 0x%08x\n", src);
+- dev_err(&i2c->adap.dev, "device addr=%x\n",
+- jz4780_i2c_readw(i2c, JZ4780_I2C_TAR));
+- dev_err(&i2c->adap.dev, "send cmd count:%d %d\n",
+- i2c->cmd, i2c->cmd_buf[i2c->cmd]);
+- dev_err(&i2c->adap.dev, "receive data count:%d %d\n",
+- i2c->cmd, i2c->data_buf[i2c->cmd]);
+-
+- for (i = 0; i < 16; i++) {
+- if (src & BIT(i))
+- dev_dbg(&i2c->adap.dev, "I2C TXABRT[%d]=%s\n",
+- i, jz4780_i2c_abrt_src[i]);
+- }
++ dev_dbg(&i2c->adap.dev, "txabrt: 0x%08x, cmd: %d, send: %d, recv: %d\n",
++ src, i2c->cmd, i2c->cmd_buf[i2c->cmd], i2c->data_buf[i2c->cmd]);
+ }
+
+ static inline int jz4780_i2c_xfer_read(struct jz4780_i2c *i2c,
--- /dev/null
+From bef8e2dfceed6daeb6ca3e8d33f9c9d43b926580 Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Sun, 2 Feb 2020 21:19:22 +0100
+Subject: MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit bef8e2dfceed6daeb6ca3e8d33f9c9d43b926580 upstream.
+
+Pointer on the memory allocated by 'alloc_progmem()' is stored in
+'v->load_addr'. So this is this memory that should be freed by
+'release_progmem()'.
+
+'release_progmem()' is only a call to 'kfree()'.
+
+With the current code, there is both a double free and a memory leak.
+Fix it by passing the correct pointer to 'release_progmem()'.
+
+Fixes: e01402b115ccc ("More AP / SP bits for the 34K, the Malta bits and things. Still wants")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Paul Burton <paulburton@kernel.org>
+Cc: ralf@linux-mips.org
+Cc: linux-mips@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Cc: kernel-janitors@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/vpe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/kernel/vpe.c
++++ b/arch/mips/kernel/vpe.c
+@@ -134,7 +134,7 @@ void release_vpe(struct vpe *v)
+ {
+ list_del(&v->list);
+ if (v->load_addr)
+- release_progmem(v);
++ release_progmem(v->load_addr);
+ kfree(v);
+ }
+
hid-core-increase-hid-report-buffer-size-to-8kib.patch
tracing-disable-trace_printk-on-post-poned-tests.patch
revert-pm-devfreq-modify-the-device-name-as-devfreq-x-for-sysfs.patch
+hid-hiddev-fix-race-in-in-hiddev_disconnect.patch
+mips-vpe-fix-a-double-free-and-a-memory-leak-in-release_vpe.patch
+i2c-altera-fix-potential-integer-overflow.patch
+i2c-jz4780-silence-log-flood-on-txabrt.patch
+drm-i915-gvt-separate-display-reset-from-all_engines-reset.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
