--- /dev/null
+From b268c34e5ee92a4cc3099b0caaf26e6bfbdf0f18 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Mon, 4 Jul 2016 17:07:45 +0200
+Subject: ALSA: ppc/awacs: shut up maybe-uninitialized warning
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit b268c34e5ee92a4cc3099b0caaf26e6bfbdf0f18 upstream.
+
+The awacs sound driver produces a false-positive warning in ppc64_defconfig:
+
+sound/ppc/awacs.c: In function 'snd_pmac_awacs_init':
+include/sound/control.h:219:9: warning: 'master_vol' may be used uninitialized in this function [-Wmaybe-uninitialized]
+
+I haven't come up with a good way to rewrite the code to avoid the
+warning, so here is a bad one: I initialize the variable before
+the conditionall initialization so gcc no longer has to worry about
+it.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+diff --git a/sound/ppc/awacs.c b/sound/ppc/awacs.c
+index 09da7b52bc2e..1468e4b7bf93 100644
+--- a/sound/ppc/awacs.c
++++ b/sound/ppc/awacs.c
+@@ -991,6 +991,7 @@ snd_pmac_awacs_init(struct snd_pmac *chip)
+ if (err < 0)
+ return err;
+ }
++ master_vol = NULL;
+ if (pm7500)
+ err = build_mixers(chip,
+ ARRAY_SIZE(snd_pmac_awacs_mixers_pmac7500),
+++ /dev/null
-From 970f9091d25df14e9540ec7ff48a2f709e284cd1 Mon Sep 17 00:00:00 2001
-From: Tero Kristo <t-kristo@ti.com>
-Date: Thu, 16 Jun 2016 15:25:18 +0300
-Subject: ARM: OMAP2+: timer: add probe for clocksources
-
-From: Tero Kristo <t-kristo@ti.com>
-
-commit 970f9091d25df14e9540ec7ff48a2f709e284cd1 upstream.
-
-A few platforms are currently missing clocksource_probe() completely
-in their time_init functionality. On OMAP3430 for example, this is
-causing cpuidle to be pretty much dead, as the counter32k is not
-going to be registered and instead a gptimer is used as a clocksource.
-This will tick in periodic mode, preventing any deeper idle states.
-
-While here, also drop one unnecessary check for populated DT before
-existing clocksource_probe() call.
-
-Signed-off-by: Tero Kristo <t-kristo@ti.com>
-Signed-off-by: Tony Lindgren <tony@atomide.com>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/arm/mach-omap2/timer.c | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
---- a/arch/arm/mach-omap2/timer.c
-+++ b/arch/arm/mach-omap2/timer.c
-@@ -496,8 +496,7 @@ void __init omap_init_time(void)
- __omap_sync32k_timer_init(1, "timer_32k_ck", "ti,timer-alwon",
- 2, "timer_sys_ck", NULL, false);
-
-- if (of_have_populated_dt())
-- clocksource_probe();
-+ clocksource_probe();
- }
-
- #if defined(CONFIG_ARCH_OMAP3) || defined(CONFIG_SOC_AM43XX)
-@@ -505,6 +504,8 @@ void __init omap3_secure_sync32k_timer_i
- {
- __omap_sync32k_timer_init(12, "secure_32k_fck", "ti,timer-secure",
- 2, "timer_sys_ck", NULL, false);
-+
-+ clocksource_probe();
- }
- #endif /* CONFIG_ARCH_OMAP3 */
-
-@@ -513,6 +514,8 @@ void __init omap3_gptimer_timer_init(voi
- {
- __omap_sync32k_timer_init(2, "timer_sys_ck", NULL,
- 1, "timer_sys_ck", "ti,timer-alwon", true);
-+
-+ clocksource_probe();
- }
- #endif
-
+++ /dev/null
-From 6e17b4181603d183d20c73f4535529ddf2a2a020 Mon Sep 17 00:00:00 2001
-From: Krzysztof Adamski <k@japko.eu>
-Date: Mon, 22 Feb 2016 14:03:25 +0100
-Subject: clk: sunxi: Add apb0 gates for H3
-
-From: Krzysztof Adamski <k@japko.eu>
-
-commit 6e17b4181603d183d20c73f4535529ddf2a2a020 upstream.
-
-This patch adds support for APB0 in H3. It seems to be compatible with
-earlier SOCs. apb0 gates controls R_ block peripherals (R_PIO, R_IR,
-etc).
-
-Since this gates behave just like any Allwinner clock gate, add a generic
-compatible that can be reused if we don't have any clock to protect.
-
-Signed-off-by: Krzysztof Adamski <k@japko.eu>
-[Maxime: Removed the H3 compatible from the simple-gates driver, reworked
- the commit log a bit]
-Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- Documentation/devicetree/bindings/clock/sunxi.txt | 2 ++
- drivers/clk/sunxi/clk-simple-gates.c | 2 ++
- 2 files changed, 4 insertions(+)
-
---- a/Documentation/devicetree/bindings/clock/sunxi.txt
-+++ b/Documentation/devicetree/bindings/clock/sunxi.txt
-@@ -18,6 +18,7 @@ Required properties:
- "allwinner,sun4i-a10-cpu-clk" - for the CPU multiplexer clock
- "allwinner,sun4i-a10-axi-clk" - for the AXI clock
- "allwinner,sun8i-a23-axi-clk" - for the AXI clock on A23
-+ "allwinner,sun4i-a10-gates-clk" - for generic gates on all compatible SoCs
- "allwinner,sun4i-a10-axi-gates-clk" - for the AXI gates
- "allwinner,sun4i-a10-ahb-clk" - for the AHB clock
- "allwinner,sun5i-a13-ahb-clk" - for the AHB clock on A13
-@@ -43,6 +44,7 @@ Required properties:
- "allwinner,sun6i-a31-apb0-gates-clk" - for the APB0 gates on A31
- "allwinner,sun7i-a20-apb0-gates-clk" - for the APB0 gates on A20
- "allwinner,sun8i-a23-apb0-gates-clk" - for the APB0 gates on A23
-+ "allwinner,sun8i-h3-apb0-gates-clk" - for the APB0 gates on H3
- "allwinner,sun9i-a80-apb0-gates-clk" - for the APB0 gates on A80
- "allwinner,sun4i-a10-apb1-clk" - for the APB1 clock
- "allwinner,sun9i-a80-apb1-clk" - for the APB1 bus clock on A80
---- a/drivers/clk/sunxi/clk-simple-gates.c
-+++ b/drivers/clk/sunxi/clk-simple-gates.c
-@@ -98,6 +98,8 @@ static void __init sunxi_simple_gates_in
- sunxi_simple_gates_setup(node, NULL, 0);
- }
-
-+CLK_OF_DECLARE(sun4i_a10_gates, "allwinner,sun4i-a10-gates-clk",
-+ sunxi_simple_gates_init);
- CLK_OF_DECLARE(sun4i_a10_apb0, "allwinner,sun4i-a10-apb0-gates-clk",
- sunxi_simple_gates_init);
- CLK_OF_DECLARE(sun4i_a10_apb1, "allwinner,sun4i-a10-apb1-gates-clk",
+++ /dev/null
-From abfa7f4357e3640fdee87dfc276fd0f379fb5ae6 Mon Sep 17 00:00:00 2001
-From: Jerome Marchand <jmarchan@redhat.com>
-Date: Wed, 3 Feb 2016 13:58:12 +0100
-Subject: crypto: testmgr - fix out of bound read in __test_aead()
-
-From: Jerome Marchand <jmarchan@redhat.com>
-
-commit abfa7f4357e3640fdee87dfc276fd0f379fb5ae6 upstream.
-
-__test_aead() reads MAX_IVLEN bytes from template[i].iv, but the
-actual length of the initialisation vector can be shorter.
-The length of the IV is already calculated earlier in the
-function. Let's just reuses that. Also the IV length is currently
-calculated several time for no reason. Let's fix that too.
-This fix an out-of-bound error detected by KASan.
-
-Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
-Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- crypto/testmgr.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
---- a/crypto/testmgr.c
-+++ b/crypto/testmgr.c
-@@ -488,6 +488,8 @@ static int __test_aead(struct crypto_aea
- aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- tcrypt_complete, &result);
-
-+ iv_len = crypto_aead_ivsize(tfm);
-+
- for (i = 0, j = 0; i < tcount; i++) {
- if (template[i].np)
- continue;
-@@ -508,7 +510,6 @@ static int __test_aead(struct crypto_aea
-
- memcpy(input, template[i].input, template[i].ilen);
- memcpy(assoc, template[i].assoc, template[i].alen);
-- iv_len = crypto_aead_ivsize(tfm);
- if (template[i].iv)
- memcpy(iv, template[i].iv, iv_len);
- else
-@@ -617,7 +618,7 @@ static int __test_aead(struct crypto_aea
- j++;
-
- if (template[i].iv)
-- memcpy(iv, template[i].iv, MAX_IVLEN);
-+ memcpy(iv, template[i].iv, iv_len);
- else
- memset(iv, 0, MAX_IVLEN);
-
--- /dev/null
+From 2630628b2dbc3fc320aafaf84836119e4e3d62f1 Mon Sep 17 00:00:00 2001
+From: Lars Ellenberg <lars.ellenberg@linbit.com>
+Date: Fri, 20 Mar 2015 15:47:22 +0100
+Subject: drbd: avoid redefinition of BITS_PER_PAGE
+
+From: Lars Ellenberg <lars.ellenberg@linbit.com>
+
+commit 2630628b2dbc3fc320aafaf84836119e4e3d62f1 upstream.
+
+Apparently we now implicitly get definitions for BITS_PER_PAGE and
+BITS_PER_PAGE_MASK from the pid_namespace.h
+
+Instead of renaming our defines, I chose to define only if not yet
+defined, but to double check the value if already defined.
+
+Signed-off-by: Philipp Reisner <philipp.reisner@linbit.com>
+Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
+Signed-off-by: Jens Axboe <axboe@fb.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+diff --git a/drivers/block/drbd/drbd_bitmap.c b/drivers/block/drbd/drbd_bitmap.c
+index 9462d2752850..8bdc34dbaedf 100644
+--- a/drivers/block/drbd/drbd_bitmap.c
++++ b/drivers/block/drbd/drbd_bitmap.c
+@@ -479,8 +479,14 @@ void drbd_bm_cleanup(struct drbd_device *device)
+ * this masks out the remaining bits.
+ * Returns the number of bits cleared.
+ */
++#ifndef BITS_PER_PAGE
+ #define BITS_PER_PAGE (1UL << (PAGE_SHIFT + 3))
+ #define BITS_PER_PAGE_MASK (BITS_PER_PAGE - 1)
++#else
++# if BITS_PER_PAGE != (1UL << (PAGE_SHIFT + 3))
++# error "ambiguous BITS_PER_PAGE"
++# endif
++#endif
+ #define BITS_PER_LONG_MASK (BITS_PER_LONG - 1)
+ static int bm_clear_surplus(struct drbd_bitmap *b)
+ {
+++ /dev/null
-From 484f689fc9d4eb91c68f53e97dc355b1b06c3edb Mon Sep 17 00:00:00 2001
-From: tom will <os@iscas.ac.cn>
-Date: Mon, 16 May 2016 10:31:07 -0400
-Subject: drm/amdgpu: fix array out of bounds
-
-From: tom will <os@iscas.ac.cn>
-
-commit 484f689fc9d4eb91c68f53e97dc355b1b06c3edb upstream.
-
-When the initial value of i is greater than zero,
-it may cause endless loop, resulting in array out
-of bounds, fix it.
-
-This is a port of the radeon fix to amdgpu.
-
-Signed-off-by: tom will <os@iscas.ac.cn>
-Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/gpu/drm/amd/amdgpu/kv_dpm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/gpu/drm/amd/amdgpu/kv_dpm.c
-+++ b/drivers/gpu/drm/amd/amdgpu/kv_dpm.c
-@@ -2258,7 +2258,7 @@ static void kv_apply_state_adjust_rules(
- if (pi->caps_stable_p_state) {
- stable_p_state_sclk = (max_limits->sclk * 75) / 100;
-
-- for (i = table->count - 1; i >= 0; i++) {
-+ for (i = table->count - 1; i >= 0; i--) {
- if (stable_p_state_sclk >= table->entries[i].clk) {
- stable_p_state_sclk = table->entries[i].clk;
- break;
+++ /dev/null
-From 9e92f48c34eb2b9af9d12f892e2fe1fce5e8ce35 Mon Sep 17 00:00:00 2001
-From: Theodore Ts'o <tytso@mit.edu>
-Date: Tue, 22 Mar 2016 16:13:15 -0400
-Subject: ext4: check if in-inode xattr is corrupted in ext4_expand_extra_isize_ea()
-
-From: Theodore Ts'o <tytso@mit.edu>
-
-commit 9e92f48c34eb2b9af9d12f892e2fe1fce5e8ce35 upstream.
-
-We aren't checking to see if the in-inode extended attribute is
-corrupted before we try to expand the inode's extra isize fields.
-
-This can lead to potential crashes caused by the BUG_ON() check in
-ext4_xattr_shift_entries().
-
-Signed-off-by: Theodore Ts'o <tytso@mit.edu>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- fs/ext4/xattr.c | 32 ++++++++++++++++++++++++++++----
- 1 file changed, 28 insertions(+), 4 deletions(-)
-
---- a/fs/ext4/xattr.c
-+++ b/fs/ext4/xattr.c
-@@ -233,6 +233,27 @@ ext4_xattr_check_block(struct inode *ino
- return error;
- }
-
-+static int
-+__xattr_check_inode(struct inode *inode, struct ext4_xattr_ibody_header *header,
-+ void *end, const char *function, unsigned int line)
-+{
-+ struct ext4_xattr_entry *entry = IFIRST(header);
-+ int error = -EFSCORRUPTED;
-+
-+ if (((void *) header >= end) ||
-+ (header->h_magic != le32_to_cpu(EXT4_XATTR_MAGIC)))
-+ goto errout;
-+ error = ext4_xattr_check_names(entry, end, entry);
-+errout:
-+ if (error)
-+ __ext4_error_inode(inode, function, line, 0,
-+ "corrupted in-inode xattr");
-+ return error;
-+}
-+
-+#define xattr_check_inode(inode, header, end) \
-+ __xattr_check_inode((inode), (header), (end), __func__, __LINE__)
-+
- static inline int
- ext4_xattr_check_entry(struct ext4_xattr_entry *entry, size_t size)
- {
-@@ -344,7 +365,7 @@ ext4_xattr_ibody_get(struct inode *inode
- header = IHDR(inode, raw_inode);
- entry = IFIRST(header);
- end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
-- error = ext4_xattr_check_names(entry, end, entry);
-+ error = xattr_check_inode(inode, header, end);
- if (error)
- goto cleanup;
- error = ext4_xattr_find_entry(&entry, name_index, name,
-@@ -475,7 +496,7 @@ ext4_xattr_ibody_list(struct dentry *den
- raw_inode = ext4_raw_inode(&iloc);
- header = IHDR(inode, raw_inode);
- end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
-- error = ext4_xattr_check_names(IFIRST(header), end, IFIRST(header));
-+ error = xattr_check_inode(inode, header, end);
- if (error)
- goto cleanup;
- error = ext4_xattr_list_entries(dentry, IFIRST(header),
-@@ -991,8 +1012,7 @@ int ext4_xattr_ibody_find(struct inode *
- is->s.here = is->s.first;
- is->s.end = (void *)raw_inode + EXT4_SB(inode->i_sb)->s_inode_size;
- if (ext4_test_inode_state(inode, EXT4_STATE_XATTR)) {
-- error = ext4_xattr_check_names(IFIRST(header), is->s.end,
-- IFIRST(header));
-+ error = xattr_check_inode(inode, header, is->s.end);
- if (error)
- return error;
- /* Find the named attribute. */
-@@ -1293,6 +1313,10 @@ retry:
- last = entry;
- total_ino = sizeof(struct ext4_xattr_ibody_header);
-
-+ error = xattr_check_inode(inode, header, end);
-+ if (error)
-+ goto cleanup;
-+
- free = ext4_xattr_free_space(last, &min_offs, base, &total_ino);
- if (free >= isize_diff) {
- entry = IFIRST(header);
+++ /dev/null
-From 816b0acf3deb6d6be5d0519b286fdd4bafade905 Mon Sep 17 00:00:00 2001
-From: Wei Fang <fangwei1@huawei.com>
-Date: Mon, 21 Mar 2016 19:18:32 +0800
-Subject: md:raid1: fix a dead loop when read from a WriteMostly disk
-
-From: Wei Fang <fangwei1@huawei.com>
-
-commit 816b0acf3deb6d6be5d0519b286fdd4bafade905 upstream.
-
-If first_bad == this_sector when we get the WriteMostly disk
-in read_balance(), valid disk will be returned with zero
-max_sectors. It'll lead to a dead loop in make_request(), and
-OOM will happen because of endless allocation of struct bio.
-
-Since we can't get data from this disk in this case, so
-continue for another disk.
-
-Signed-off-by: Wei Fang <fangwei1@huawei.com>
-Signed-off-by: Shaohua Li <shli@fb.com>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/md/raid1.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/drivers/md/raid1.c
-+++ b/drivers/md/raid1.c
-@@ -570,7 +570,7 @@ static int read_balance(struct r1conf *c
- if (best_dist_disk < 0) {
- if (is_badblock(rdev, this_sector, sectors,
- &first_bad, &bad_sectors)) {
-- if (first_bad < this_sector)
-+ if (first_bad <= this_sector)
- /* Cannot use this */
- continue;
- best_good_sectors = first_bad - this_sector;
+++ /dev/null
-From c80e1b62ffca52e2d1d865ee58bc79c4c0c55005 Mon Sep 17 00:00:00 2001
-From: Corey Minyard <cminyard@mvista.com>
-Date: Mon, 11 Apr 2016 09:10:19 -0500
-Subject: MIPS: Fix crash registers on non-crashing CPUs
-
-From: Corey Minyard <cminyard@mvista.com>
-
-commit c80e1b62ffca52e2d1d865ee58bc79c4c0c55005 upstream.
-
-As part of handling a crash on an SMP system, an IPI is send to
-all other CPUs to save their current registers and stop. It was
-using task_pt_regs(current) to get the registers, but that will
-only be accurate if the CPU was interrupted running in userland.
-Instead allow the architecture to pass in the registers (all
-pass NULL now, but allow for the future) and then use get_irq_regs()
-which should be accurate as we are in an interrupt. Fall back to
-task_pt_regs(current) if nothing else is available.
-
-Signed-off-by: Corey Minyard <cminyard@mvista.com>
-Cc: David Daney <ddaney@caviumnetworks.com>
-Cc: linux-mips@linux-mips.org
-Patchwork: https://patchwork.linux-mips.org/patch/13050/
-Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/mips/kernel/crash.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
---- a/arch/mips/kernel/crash.c
-+++ b/arch/mips/kernel/crash.c
-@@ -14,12 +14,22 @@ static int crashing_cpu = -1;
- static cpumask_t cpus_in_crash = CPU_MASK_NONE;
-
- #ifdef CONFIG_SMP
--static void crash_shutdown_secondary(void *ignore)
-+static void crash_shutdown_secondary(void *passed_regs)
- {
-- struct pt_regs *regs;
-+ struct pt_regs *regs = passed_regs;
- int cpu = smp_processor_id();
-
-- regs = task_pt_regs(current);
-+ /*
-+ * If we are passed registers, use those. Otherwise get the
-+ * regs from the last interrupt, which should be correct, as
-+ * we are in an interrupt. But if the regs are not there,
-+ * pull them from the top of the stack. They are probably
-+ * wrong, but we need something to keep from crashing again.
-+ */
-+ if (!regs)
-+ regs = get_irq_regs();
-+ if (!regs)
-+ regs = task_pt_regs(current);
-
- if (!cpu_online(cpu))
- return;
--- /dev/null
+From fddcca5107051adf9e4481d2a79ae0616577fd2c Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Mon, 29 Feb 2016 13:20:28 +0100
+Subject: mtd: avoid stack overflow in MTD CFI code
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit fddcca5107051adf9e4481d2a79ae0616577fd2c upstream.
+
+When map_word gets too large, we use a lot of kernel stack, and for
+MTD_MAP_BANK_WIDTH_32, this means we use more than the recommended
+1024 bytes in a number of functions:
+
+drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_write_buffers':
+drivers/mtd/chips/cfi_cmdset_0020.c:651:1: warning: the frame size of 1336 bytes is larger than 1024 bytes [-Wframe-larger-than=]
+drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_erase_varsize':
+drivers/mtd/chips/cfi_cmdset_0020.c:972:1: warning: the frame size of 1208 bytes is larger than 1024 bytes [-Wframe-larger-than=]
+drivers/mtd/chips/cfi_cmdset_0001.c: In function 'do_write_buffer':
+drivers/mtd/chips/cfi_cmdset_0001.c:1835:1: warning: the frame size of 1240 bytes is larger than 1024 bytes [-Wframe-larger-than=]
+
+This can be avoided if all operations on the map word are done
+indirectly and the stack gets reused between the calls. We can
+mostly achieve this by selecting MTD_COMPLEX_MAPPINGS whenever
+MTD_MAP_BANK_WIDTH_32 is set, but for the case that no other
+bank width is enabled, we also need to use a non-constant
+map_bankwidth() to convince the compiler to use less stack.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+[Brian: this patch mostly achieves its goal by forcing
+ MTD_COMPLEX_MAPPINGS (and the accompanying indirection) for 256-bit
+ mappings; the rest of the change is mostly a wash, though it helps
+ reduce stack size slightly. If we really care about supporting
+ 256-bit mappings though, we should consider rewriting some of this
+ code to avoid keeping and assigning so many 256-bit objects on the
+ stack.]
+Signed-off-by: Brian Norris <computersforpeace@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+diff --git a/drivers/mtd/chips/Kconfig b/drivers/mtd/chips/Kconfig
+index 3b3dabce58de..bbfa1f129266 100644
+--- a/drivers/mtd/chips/Kconfig
++++ b/drivers/mtd/chips/Kconfig
+@@ -115,6 +115,7 @@ config MTD_MAP_BANK_WIDTH_16
+
+ config MTD_MAP_BANK_WIDTH_32
+ bool "Support 256-bit buswidth" if MTD_CFI_GEOMETRY
++ select MTD_COMPLEX_MAPPINGS if HAS_IOMEM
+ default n
+ help
+ If you wish to support CFI devices on a physical bus which is
+diff --git a/include/linux/mtd/map.h b/include/linux/mtd/map.h
+index 5e0eb7ccabd4..3aa56e3104bb 100644
+--- a/include/linux/mtd/map.h
++++ b/include/linux/mtd/map.h
+@@ -122,18 +122,13 @@
+ #endif
+
+ #ifdef CONFIG_MTD_MAP_BANK_WIDTH_32
+-# ifdef map_bankwidth
+-# undef map_bankwidth
+-# define map_bankwidth(map) ((map)->bankwidth)
+-# undef map_bankwidth_is_large
+-# define map_bankwidth_is_large(map) (map_bankwidth(map) > BITS_PER_LONG/8)
+-# undef map_words
+-# define map_words(map) map_calc_words(map)
+-# else
+-# define map_bankwidth(map) 32
+-# define map_bankwidth_is_large(map) (1)
+-# define map_words(map) map_calc_words(map)
+-# endif
++/* always use indirect access for 256-bit to preserve kernel stack */
++# undef map_bankwidth
++# define map_bankwidth(map) ((map)->bankwidth)
++# undef map_bankwidth_is_large
++# define map_bankwidth_is_large(map) (map_bankwidth(map) > BITS_PER_LONG/8)
++# undef map_words
++# define map_words(map) map_calc_words(map)
+ #define map_bankwidth_is_32(map) (map_bankwidth(map) == 32)
+ #undef MAX_MAP_BANKWIDTH
+ #define MAX_MAP_BANKWIDTH 32
+++ /dev/null
-From 8e6ce7ebeb34f0992f56de078c3744fb383657fa Mon Sep 17 00:00:00 2001
-From: Florian Fainelli <f.fainelli@gmail.com>
-Date: Fri, 15 Jul 2016 16:42:16 -0700
-Subject: net: cavium: liquidio: Avoid dma_unmap_single on uninitialized ndata
-
-From: Florian Fainelli <f.fainelli@gmail.com>
-
-commit 8e6ce7ebeb34f0992f56de078c3744fb383657fa upstream.
-
-The label lio_xmit_failed is used 3 times through liquidio_xmit() but it
-always makes a call to dma_unmap_single() using potentially
-uninitialized variables from "ndata" variable. Out of the 3 gotos, 2 run
-after ndata has been initialized, and had a prior dma_map_single() call.
-
-Fix this by adding a new error label: lio_xmit_dma_failed which does
-this dma_unmap_single() and then processed with the lio_xmit_failed
-fallthrough.
-
-Fixes: f21fb3ed364bb ("Add support of Cavium Liquidio ethernet adapters")
-Reported-by: coverity (CID 1309740)
-Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/ethernet/cavium/liquidio/lio_main.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
---- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
-+++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
-@@ -2823,7 +2823,7 @@ static int liquidio_xmit(struct sk_buff
- if (!g) {
- netif_info(lio, tx_err, lio->netdev,
- "Transmit scatter gather: glist null!\n");
-- goto lio_xmit_failed;
-+ goto lio_xmit_dma_failed;
- }
-
- cmdsetup.s.gather = 1;
-@@ -2894,7 +2894,7 @@ static int liquidio_xmit(struct sk_buff
- else
- status = octnet_send_nic_data_pkt(oct, &ndata, xmit_more);
- if (status == IQ_SEND_FAILED)
-- goto lio_xmit_failed;
-+ goto lio_xmit_dma_failed;
-
- netif_info(lio, tx_queued, lio->netdev, "Transmit queued successfully\n");
-
-@@ -2908,12 +2908,13 @@ static int liquidio_xmit(struct sk_buff
-
- return NETDEV_TX_OK;
-
-+lio_xmit_dma_failed:
-+ dma_unmap_single(&oct->pci_dev->dev, ndata.cmd.dptr,
-+ ndata.datasize, DMA_TO_DEVICE);
- lio_xmit_failed:
- stats->tx_dropped++;
- netif_info(lio, tx_err, lio->netdev, "IQ%d Transmit dropped:%llu\n",
- iq_no, stats->tx_dropped);
-- dma_unmap_single(&oct->pci_dev->dev, ndata.cmd.dptr,
-- ndata.datasize, DMA_TO_DEVICE);
- recv_buffer_free(skb);
- return NETDEV_TX_OK;
- }
--- /dev/null
+From e434e04110704eb91acfecbd0fb8ca8e2da9c29b Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Fri, 29 Jan 2016 12:39:15 +0100
+Subject: net: tg3: avoid uninitialized variable warning
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit e434e04110704eb91acfecbd0fb8ca8e2da9c29b upstream.
+
+The tg3_set_eeprom() function correctly initializes the 'start' variable,
+but gcc generates a false warning:
+
+drivers/net/ethernet/broadcom/tg3.c: In function 'tg3_set_eeprom':
+drivers/net/ethernet/broadcom/tg3.c:12057:4: warning: 'start' may be used uninitialized in this function [-Wmaybe-uninitialized]
+
+I have not come up with a way to restructure the code in a way that
+avoids the warning without making it less readable, so this adds an
+initialization for the declaration to shut up that warning.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c
+index 9293675df7ba..49eea8981332 100644
+--- a/drivers/net/ethernet/broadcom/tg3.c
++++ b/drivers/net/ethernet/broadcom/tg3.c
+@@ -12016,7 +12016,7 @@ static int tg3_set_eeprom(struct net_device *dev, struct ethtool_eeprom *eeprom,
+ int ret;
+ u32 offset, len, b_offset, odd_len;
+ u8 *buf;
+- __be32 start, end;
++ __be32 start = 0, end;
+
+ if (tg3_flag(tp, NO_NVRAM) ||
+ eeprom->magic != TG3_EEPROM_MAGIC)
+++ /dev/null
-From dc327f8931cb9d66191f489eb9a852fc04530546 Mon Sep 17 00:00:00 2001
-From: WANG Cong <xiyou.wangcong@gmail.com>
-Date: Mon, 16 May 2016 15:11:18 -0700
-Subject: net_sched: close another race condition in tcf_mirred_release()
-
-From: WANG Cong <xiyou.wangcong@gmail.com>
-
-commit dc327f8931cb9d66191f489eb9a852fc04530546 upstream.
-
-We saw the following extra refcount release on veth device:
-
- kernel: [7957821.463992] unregister_netdevice: waiting for mesos50284 to become free. Usage count = -1
-
-Since we heavily use mirred action to redirect packets to veth, I think
-this is caused by the following race condition:
-
-CPU0:
-tcf_mirred_release(): (in RCU callback)
- struct net_device *dev = rcu_dereference_protected(m->tcfm_dev, 1);
-
-CPU1:
-mirred_device_event():
- spin_lock_bh(&mirred_list_lock);
- list_for_each_entry(m, &mirred_list, tcfm_list) {
- if (rcu_access_pointer(m->tcfm_dev) == dev) {
- dev_put(dev);
- /* Note : no rcu grace period necessary, as
- * net_device are already rcu protected.
- */
- RCU_INIT_POINTER(m->tcfm_dev, NULL);
- }
- }
- spin_unlock_bh(&mirred_list_lock);
-
-CPU0:
-tcf_mirred_release():
- spin_lock_bh(&mirred_list_lock);
- list_del(&m->tcfm_list);
- spin_unlock_bh(&mirred_list_lock);
- if (dev) // <======== Stil refers to the old m->tcfm_dev
- dev_put(dev); // <======== dev_put() is called on it again
-
-The action init code path is good because it is impossible to modify
-an action that is being removed.
-
-So, fix this by moving everything under the spinlock.
-
-Fixes: 2ee22a90c7af ("net_sched: act_mirred: remove spinlock in fast path")
-Fixes: 6bd00b850635 ("act_mirred: fix a race condition on mirred_list")
-Cc: Jamal Hadi Salim <jhs@mojatatu.com>
-Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
-Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/sched/act_mirred.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
---- a/net/sched/act_mirred.c
-+++ b/net/sched/act_mirred.c
-@@ -36,14 +36,15 @@ static DEFINE_SPINLOCK(mirred_list_lock)
- static void tcf_mirred_release(struct tc_action *a, int bind)
- {
- struct tcf_mirred *m = to_mirred(a);
-- struct net_device *dev = rcu_dereference_protected(m->tcfm_dev, 1);
-+ struct net_device *dev;
-
- /* We could be called either in a RCU callback or with RTNL lock held. */
- spin_lock_bh(&mirred_list_lock);
- list_del(&m->tcfm_list);
-- spin_unlock_bh(&mirred_list_lock);
-+ dev = rcu_dereference_protected(m->tcfm_dev, 1);
- if (dev)
- dev_put(dev);
-+ spin_unlock_bh(&mirred_list_lock);
- }
-
- static const struct nla_policy mirred_policy[TCA_MIRRED_MAX + 1] = {
+++ /dev/null
-From e47db94e10447fc467777a40302f2b393e9af2fa Mon Sep 17 00:00:00 2001
-From: "santosh.shilimkar@oracle.com" <santosh.shilimkar@oracle.com>
-Date: Thu, 14 Apr 2016 10:43:27 -0700
-Subject: RDS: Fix the atomicity for congestion map update
-
-From: santosh.shilimkar@oracle.com <santosh.shilimkar@oracle.com>
-
-commit e47db94e10447fc467777a40302f2b393e9af2fa upstream.
-
-Two different threads with different rds sockets may be in
-rds_recv_rcvbuf_delta() via receive path. If their ports
-both map to the same word in the congestion map, then
-using non-atomic ops to update it could cause the map to
-be incorrect. Lets use atomics to avoid such an issue.
-
-Full credit to Wengang <wen.gang.wang@oracle.com> for
-finding the issue, analysing it and also pointing out
-to offending code with spin lock based fix.
-
-Reviewed-by: Leon Romanovsky <leon@leon.nu>
-Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
-Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- net/rds/cong.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/net/rds/cong.c
-+++ b/net/rds/cong.c
-@@ -299,7 +299,7 @@ void rds_cong_set_bit(struct rds_cong_ma
- i = be16_to_cpu(port) / RDS_CONG_MAP_PAGE_BITS;
- off = be16_to_cpu(port) % RDS_CONG_MAP_PAGE_BITS;
-
-- __set_bit_le(off, (void *)map->m_page_addrs[i]);
-+ set_bit_le(off, (void *)map->m_page_addrs[i]);
- }
-
- void rds_cong_clear_bit(struct rds_cong_map *map, __be16 port)
-@@ -313,7 +313,7 @@ void rds_cong_clear_bit(struct rds_cong_
- i = be16_to_cpu(port) / RDS_CONG_MAP_PAGE_BITS;
- off = be16_to_cpu(port) % RDS_CONG_MAP_PAGE_BITS;
-
-- __clear_bit_le(off, (void *)map->m_page_addrs[i]);
-+ clear_bit_le(off, (void *)map->m_page_addrs[i]);
- }
-
- static int rds_cong_test_bit(struct rds_cong_map *map, __be16 port)
+++ /dev/null
-From 8e5356a73604f53da6a1e0756727cb8f9f7bba17 Mon Sep 17 00:00:00 2001
-From: Jon Hunter <jonathanh@nvidia.com>
-Date: Thu, 21 Apr 2016 17:11:58 +0100
-Subject: regulator: core: Clear the supply pointer if enabling fails
-
-From: Jon Hunter <jonathanh@nvidia.com>
-
-commit 8e5356a73604f53da6a1e0756727cb8f9f7bba17 upstream.
-
-During the resolution of a regulator's supply, we may attempt to enable
-the supply if the regulator itself is already enabled. If enabling the
-supply fails, then we will call _regulator_put() for the supply.
-However, the pointer to the supply has not been cleared for the
-regulator and this will cause a crash if we then unregister the
-regulator and attempt to call regulator_put() a second time for the
-supply. Fix this by clearing the supply pointer if enabling the supply
-after fails when resolving the supply for a regulator.
-
-Signed-off-by: Jon Hunter <jonathanh@nvidia.com>
-Signed-off-by: Mark Brown <broonie@kernel.org>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/regulator/core.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/drivers/regulator/core.c
-+++ b/drivers/regulator/core.c
-@@ -1519,6 +1519,7 @@ static int regulator_resolve_supply(stru
- ret = regulator_enable(rdev->supply);
- if (ret < 0) {
- _regulator_put(rdev->supply);
-+ rdev->supply = NULL;
- return ret;
- }
- }
+++ /dev/null
-From 03d27ade4941076b34c823d63d91dc895731a595 Mon Sep 17 00:00:00 2001
-From: "Felipe F. Tonello" <eu@felipetonello.com>
-Date: Wed, 9 Mar 2016 19:39:30 +0000
-Subject: usb: gadget: f_midi: Fixed a bug when buflen was smaller than wMaxPacketSize
-
-From: Felipe F. Tonello <eu@felipetonello.com>
-
-commit 03d27ade4941076b34c823d63d91dc895731a595 upstream.
-
-buflen by default (256) is smaller than wMaxPacketSize (512) in high-speed
-devices.
-
-That caused the OUT endpoint to freeze if the host send any data packet of
-length greater than 256 bytes.
-
-This is an example dump of what happended on that enpoint:
-HOST: [DATA][Length=260][...]
-DEVICE: [NAK]
-HOST: [PING]
-DEVICE: [NAK]
-HOST: [PING]
-DEVICE: [NAK]
-...
-HOST: [PING]
-DEVICE: [NAK]
-
-This patch fixes this problem by setting the minimum usb_request's buffer size
-for the OUT endpoint as its wMaxPacketSize.
-
-Acked-by: Michal Nazarewicz <mina86@mina86.com>
-Signed-off-by: Felipe F. Tonello <eu@felipetonello.com>
-Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/usb/gadget/function/f_midi.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
---- a/drivers/usb/gadget/function/f_midi.c
-+++ b/drivers/usb/gadget/function/f_midi.c
-@@ -361,7 +361,9 @@ static int f_midi_set_alt(struct usb_fun
- /* allocate a bunch of read buffers and queue them all at once. */
- for (i = 0; i < midi->qlen && err == 0; i++) {
- struct usb_request *req =
-- midi_alloc_ep_req(midi->out_ep, midi->buflen);
-+ midi_alloc_ep_req(midi->out_ep,
-+ max_t(unsigned, midi->buflen,
-+ bulk_out_desc.wMaxPacketSize));
- if (req == NULL)
- return -ENOMEM;
-
+++ /dev/null
-From c06b6d70feb32d28f04ba37aa3df17973fd37b6b Mon Sep 17 00:00:00 2001
-From: Stefano Stabellini <sstabellini@kernel.org>
-Date: Fri, 15 Apr 2016 18:23:00 -0700
-Subject: xen/x86: don't lose event interrupts
-
-From: Stefano Stabellini <sstabellini@kernel.org>
-
-commit c06b6d70feb32d28f04ba37aa3df17973fd37b6b upstream.
-
-On slow platforms with unreliable TSC, such as QEMU emulated machines,
-it is possible for the kernel to request the next event in the past. In
-that case, in the current implementation of xen_vcpuop_clockevent, we
-simply return -ETIME. To be precise the Xen returns -ETIME and we pass
-it on. However the result of this is a missed event, which simply causes
-the kernel to hang.
-
-Instead it is better to always ask the hypervisor for a timer event,
-even if the timeout is in the past. That way there are no lost
-interrupts and the kernel survives. To do that, remove the
-VCPU_SSHOTTMR_future flag.
-
-Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
-Acked-by: Juergen Gross <jgross@suse.com>
-Cc: Julia Lawall <julia.lawall@lip6.fr>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/x86/xen/time.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/arch/x86/xen/time.c
-+++ b/arch/x86/xen/time.c
-@@ -343,11 +343,11 @@ static int xen_vcpuop_set_next_event(uns
- WARN_ON(!clockevent_state_oneshot(evt));
-
- single.timeout_abs_ns = get_abs_timeout(delta);
-- single.flags = VCPU_SSHOTTMR_future;
-+ /* Get an event anyway, even if the timeout is already expired */
-+ single.flags = 0;
-
- ret = HYPERVISOR_vcpu_op(VCPUOP_set_singleshot_timer, cpu, &single);
--
-- BUG_ON(ret != 0 && ret != -ETIME);
-+ BUG_ON(ret != 0);
-
- return ret;
- }
projects / thirdparty / kernel / stable-queue.git / commitdiff
