--- /dev/null
+From 3f93a4f297961c12bb17aa16cb3a4d1291823cae Mon Sep 17 00:00:00 2001
+From: Robin Gong <yibin.gong@nxp.com>
+Date: Fri, 21 Jun 2019 16:23:06 +0800
+Subject: dmaengine: imx-sdma: remove BD_INTR for channel0
+
+From: Robin Gong <yibin.gong@nxp.com>
+
+commit 3f93a4f297961c12bb17aa16cb3a4d1291823cae upstream.
+
+It is possible for an irq triggered by channel0 to be received later
+after clks are disabled once firmware loaded during sdma probe. If
+that happens then clearing them by writing to SDMA_H_INTR won't work
+and the kernel will hang processing infinite interrupts. Actually,
+don't need interrupt triggered on channel0 since it's pollling
+SDMA_H_STATSTOP to know channel0 done rather than interrupt in
+current code, just clear BD_INTR to disable channel0 interrupt to
+avoid the above case.
+This issue was brought by commit 1d069bfa3c78 ("dmaengine: imx-sdma:
+ack channel 0 IRQ in the interrupt handler") which didn't take care
+the above case.
+
+Fixes: 1d069bfa3c78 ("dmaengine: imx-sdma: ack channel 0 IRQ in the interrupt handler")
+Cc: stable@vger.kernel.org #5.0+
+Signed-off-by: Robin Gong <yibin.gong@nxp.com>
+Reported-by: Sven Van Asbroeck <thesven73@gmail.com>
+Tested-by: Sven Van Asbroeck <thesven73@gmail.com>
+Reviewed-by: Michael Olbrich <m.olbrich@pengutronix.de>
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/dma/imx-sdma.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/dma/imx-sdma.c
++++ b/drivers/dma/imx-sdma.c
+@@ -703,7 +703,7 @@ static int sdma_load_script(struct sdma_
+ spin_lock_irqsave(&sdma->channel_0_lock, flags);
+
+ bd0->mode.command = C0_SETPM;
+- bd0->mode.status = BD_DONE | BD_INTR | BD_WRAP | BD_EXTD;
++ bd0->mode.status = BD_DONE | BD_WRAP | BD_EXTD;
+ bd0->mode.count = size / 2;
+ bd0->buffer_addr = buf_phys;
+ bd0->ext_buffer_addr = address;
+@@ -1025,7 +1025,7 @@ static int sdma_load_context(struct sdma
+ context->gReg[7] = sdmac->watermark_level;
+
+ bd0->mode.command = C0_SETDM;
+- bd0->mode.status = BD_DONE | BD_INTR | BD_WRAP | BD_EXTD;
++ bd0->mode.status = BD_DONE | BD_WRAP | BD_EXTD;
+ bd0->mode.count = sizeof(*context) / 4;
+ bd0->buffer_addr = sdma->context_phys;
+ bd0->ext_buffer_addr = 2048 + (sizeof(*context) / 4) * channel;
--- /dev/null
+From 4c89cc73d1da42ae48b5c5dfbfd12304d0b86786 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 24 Jun 2019 16:49:40 +0300
+Subject: dmaengine: jz4780: Fix an endian bug in IRQ handler
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 4c89cc73d1da42ae48b5c5dfbfd12304d0b86786 upstream.
+
+The "pending" variable was a u32 but we cast it to an unsigned long
+pointer when we do the for_each_set_bit() loop. The problem is that on
+big endian 64bit systems that results in an out of bounds read.
+
+Fixes: 4e4106f5e942 ("dmaengine: jz4780: Fix transfers being ACKed too soon")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/dma/dma-jz4780.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/dma/dma-jz4780.c
++++ b/drivers/dma/dma-jz4780.c
+@@ -722,12 +722,13 @@ static irqreturn_t jz4780_dma_irq_handle
+ {
+ struct jz4780_dma_dev *jzdma = data;
+ unsigned int nb_channels = jzdma->soc_data->nb_channels;
+- uint32_t pending, dmac;
++ unsigned long pending;
++ uint32_t dmac;
+ int i;
+
+ pending = jz4780_dma_ctrl_readl(jzdma, JZ_DMA_REG_DIRQP);
+
+- for_each_set_bit(i, (unsigned long *)&pending, nb_channels) {
++ for_each_set_bit(i, &pending, nb_channels) {
+ if (jz4780_dma_chan_irq(jzdma, &jzdma->chan[i]))
+ pending &= ~BIT(i);
+ }
--- /dev/null
+From f6034225442c4a87906d36e975fd9e99a8f95487 Mon Sep 17 00:00:00 2001
+From: Sricharan R <sricharan@codeaurora.org>
+Date: Fri, 28 Jun 2019 17:39:46 +0530
+Subject: dmaengine: qcom: bam_dma: Fix completed descriptors count
+
+From: Sricharan R <sricharan@codeaurora.org>
+
+commit f6034225442c4a87906d36e975fd9e99a8f95487 upstream.
+
+One space is left unused in circular FIFO to differentiate
+'full' and 'empty' cases. So take that in to account while
+counting for the descriptors completed.
+
+Fixes the issue reported here,
+ https://lkml.org/lkml/2019/6/18/669
+
+Cc: stable@vger.kernel.org
+Reported-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Signed-off-by: Sricharan R <sricharan@codeaurora.org>
+Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/dma/qcom/bam_dma.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/dma/qcom/bam_dma.c
++++ b/drivers/dma/qcom/bam_dma.c
+@@ -808,6 +808,9 @@ static u32 process_channel_irqs(struct b
+ /* Number of bytes available to read */
+ avail = CIRC_CNT(offset, bchan->head, MAX_DESCRIPTORS + 1);
+
++ if (offset < bchan->head)
++ avail--;
++
+ list_for_each_entry_safe(async_desc, tmp,
+ &bchan->desc_list, desc_node) {
+ /* Not enough data to read */
--- /dev/null
+From 75f2d86b20bf6aec0392d6dd2ae3ffff26d2ae0e Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+Date: Mon, 1 Apr 2019 13:53:57 +0200
+Subject: fs: VALIDATE_FS_PARSER should default to n
+
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+
+commit 75f2d86b20bf6aec0392d6dd2ae3ffff26d2ae0e upstream.
+
+CONFIG_VALIDATE_FS_PARSER is a debugging tool to check that the parser
+tables are vaguely sane. It was set to default to 'Y' for the moment to
+catch errors in upcoming fs conversion development.
+
+Make sure it is not enabled by default in the final release of v5.1.
+
+Fixes: 31d921c7fb969172 ("vfs: Add configuration parser helpers")
+Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/Kconfig | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/fs/Kconfig
++++ b/fs/Kconfig
+@@ -10,7 +10,6 @@ config DCACHE_WORD_ACCESS
+
+ config VALIDATE_FS_PARSER
+ bool "Validate filesystem parameter description"
+- default y
+ help
+ Enable this to perform validation of the parameter description for a
+ filesystem when it is registered.
--- /dev/null
+From 0b24cae4d535045f4c9e177aa228d4e97bad212c Mon Sep 17 00:00:00 2001
+From: Dmitry Korotin <dkorotin@wavecomp.com>
+Date: Mon, 24 Jun 2019 19:05:27 +0000
+Subject: MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
+
+From: Dmitry Korotin <dkorotin@wavecomp.com>
+
+commit 0b24cae4d535045f4c9e177aa228d4e97bad212c upstream.
+
+Add a missing EHB (Execution Hazard Barrier) in mtc0 -> mfc0 sequence.
+Without this execution hazard barrier it's possible for the value read
+back from the KScratch register to be the value from before the mtc0.
+
+Reproducible on P5600 & P6600.
+
+The hazard is documented in the MIPS Architecture Reference Manual Vol.
+III: MIPS32/microMIPS32 Privileged Resource Architecture (MD00088), rev
+6.03 table 8.1 which includes:
+
+ Producer | Consumer | Hazard
+ ----------|----------|----------------------------
+ mtc0 | mfc0 | any coprocessor 0 register
+
+Signed-off-by: Dmitry Korotin <dkorotin@wavecomp.com>
+[paul.burton@mips.com:
+ - Commit message tweaks.
+ - Add Fixes tags.
+ - Mark for stable back to v3.15 where P5600 support was introduced.]
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Fixes: 3d8bfdd03072 ("MIPS: Use C0_KScratch (if present) to hold PGD pointer.")
+Fixes: 829dcc0a956a ("MIPS: Add MIPS P5600 probe support")
+Cc: linux-mips@vger.kernel.org
+Cc: stable@vger.kernel.org # v3.15+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/mm/tlbex.c | 29 ++++++++++++++++++++---------
+ 1 file changed, 20 insertions(+), 9 deletions(-)
+
+--- a/arch/mips/mm/tlbex.c
++++ b/arch/mips/mm/tlbex.c
+@@ -391,6 +391,7 @@ static struct work_registers build_get_w
+ static void build_restore_work_registers(u32 **p)
+ {
+ if (scratch_reg >= 0) {
++ uasm_i_ehb(p);
+ UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg);
+ return;
+ }
+@@ -668,10 +669,12 @@ static void build_restore_pagemask(u32 *
+ uasm_i_mtc0(p, 0, C0_PAGEMASK);
+ uasm_il_b(p, r, lid);
+ }
+- if (scratch_reg >= 0)
++ if (scratch_reg >= 0) {
++ uasm_i_ehb(p);
+ UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg);
+- else
++ } else {
+ UASM_i_LW(p, 1, scratchpad_offset(0), 0);
++ }
+ } else {
+ /* Reset default page size */
+ if (PM_DEFAULT_MASK >> 16) {
+@@ -938,10 +941,12 @@ build_get_pgd_vmalloc64(u32 **p, struct
+ uasm_i_jr(p, ptr);
+
+ if (mode == refill_scratch) {
+- if (scratch_reg >= 0)
++ if (scratch_reg >= 0) {
++ uasm_i_ehb(p);
+ UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg);
+- else
++ } else {
+ UASM_i_LW(p, 1, scratchpad_offset(0), 0);
++ }
+ } else {
+ uasm_i_nop(p);
+ }
+@@ -1258,6 +1263,7 @@ build_fast_tlb_refill_handler (u32 **p,
+ UASM_i_MTC0(p, odd, C0_ENTRYLO1); /* load it */
+
+ if (c0_scratch_reg >= 0) {
++ uasm_i_ehb(p);
+ UASM_i_MFC0(p, scratch, c0_kscratch(), c0_scratch_reg);
+ build_tlb_write_entry(p, l, r, tlb_random);
+ uasm_l_leave(l, *p);
+@@ -1603,15 +1609,17 @@ static void build_setup_pgd(void)
+ uasm_i_dinsm(&p, a0, 0, 29, 64 - 29);
+ uasm_l_tlbl_goaround1(&l, p);
+ UASM_i_SLL(&p, a0, a0, 11);
+- uasm_i_jr(&p, 31);
+ UASM_i_MTC0(&p, a0, C0_CONTEXT);
++ uasm_i_jr(&p, 31);
++ uasm_i_ehb(&p);
+ } else {
+ /* PGD in c0_KScratch */
+- uasm_i_jr(&p, 31);
+ if (cpu_has_ldpte)
+ UASM_i_MTC0(&p, a0, C0_PWBASE);
+ else
+ UASM_i_MTC0(&p, a0, c0_kscratch(), pgd_reg);
++ uasm_i_jr(&p, 31);
++ uasm_i_ehb(&p);
+ }
+ #else
+ #ifdef CONFIG_SMP
+@@ -1625,13 +1633,16 @@ static void build_setup_pgd(void)
+ UASM_i_LA_mostly(&p, a2, pgdc);
+ UASM_i_SW(&p, a0, uasm_rel_lo(pgdc), a2);
+ #endif /* SMP */
+- uasm_i_jr(&p, 31);
+
+ /* if pgd_reg is allocated, save PGD also to scratch register */
+- if (pgd_reg != -1)
++ if (pgd_reg != -1) {
+ UASM_i_MTC0(&p, a0, c0_kscratch(), pgd_reg);
+- else
++ uasm_i_jr(&p, 31);
++ uasm_i_ehb(&p);
++ } else {
++ uasm_i_jr(&p, 31);
+ uasm_i_nop(&p);
++ }
+ #endif
+ if (p >= (u32 *)tlbmiss_handler_setup_pgd_end)
+ panic("tlbmiss_handler_setup_pgd space exceeded");
--- /dev/null
+From d6ed083f5cc621e15c15b56c3b585fd524dbcb0f Mon Sep 17 00:00:00 2001
+From: Hauke Mehrtens <hauke@hauke-m.de>
+Date: Mon, 17 Jun 2019 00:30:39 +0200
+Subject: MIPS: Fix bounds check virt_addr_valid
+
+From: Hauke Mehrtens <hauke@hauke-m.de>
+
+commit d6ed083f5cc621e15c15b56c3b585fd524dbcb0f upstream.
+
+The bounds check used the uninitialized variable vaddr, it should use
+the given parameter kaddr instead. When using the uninitialized value
+the compiler assumed it to be 0 and optimized this function to just
+return 0 in all cases.
+
+This should make the function check the range of the given address and
+only do the page map check in case it is in the expected range of
+virtual addresses.
+
+Fixes: 074a1e1167af ("MIPS: Bounds check virt_addr_valid")
+Cc: stable@vger.kernel.org # v4.12+
+Cc: Paul Burton <paul.burton@mips.com>
+Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Cc: ralf@linux-mips.org
+Cc: jhogan@kernel.org
+Cc: f4bug@amsat.org
+Cc: linux-mips@vger.kernel.org
+Cc: ysu@wavecomp.com
+Cc: jcristau@debian.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/mm/mmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/mm/mmap.c
++++ b/arch/mips/mm/mmap.c
+@@ -203,7 +203,7 @@ unsigned long arch_randomize_brk(struct
+
+ int __virt_addr_valid(const volatile void *kaddr)
+ {
+- unsigned long vaddr = (unsigned long)vaddr;
++ unsigned long vaddr = (unsigned long)kaddr;
+
+ if ((vaddr < PAGE_OFFSET) || (vaddr >= MAP_BASE))
+ return 0;
--- /dev/null
+From 637dfa0fad6d91a9a709dc70549a6d20fa77f615 Mon Sep 17 00:00:00 2001
+From: Cedric Hombourger <Cedric_Hombourger@mentor.com>
+Date: Thu, 13 Jun 2019 10:52:50 +0200
+Subject: MIPS: have "plain" make calls build dtbs for selected platforms
+
+From: Cedric Hombourger <Cedric_Hombourger@mentor.com>
+
+commit 637dfa0fad6d91a9a709dc70549a6d20fa77f615 upstream.
+
+scripts/package/builddeb calls "make dtbs_install" after executing
+a plain make (i.e. no build targets specified). It will fail if dtbs
+were not built beforehand. Match the arm64 architecture where DTBs get
+built by the "all" target.
+
+Signed-off-by: Cedric Hombourger <Cedric_Hombourger@mentor.com>
+[paul.burton@mips.com: s/builddep/builddeb]
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Cc: linux-mips@vger.kernel.org
+Cc: stable@vger.kernel.org # v4.1+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/mips/Makefile
++++ b/arch/mips/Makefile
+@@ -17,6 +17,7 @@ archscripts: scripts_basic
+ $(Q)$(MAKE) $(build)=arch/mips/boot/tools relocs
+
+ KBUILD_DEFCONFIG := 32r2el_defconfig
++KBUILD_DTBS := dtbs
+
+ #
+ # Select the object file format to substitute into the linker script.
+@@ -384,7 +385,7 @@ quiet_cmd_64 = OBJCOPY $@
+ vmlinux.64: vmlinux
+ $(call cmd,64)
+
+-all: $(all-y)
++all: $(all-y) $(KBUILD_DTBS)
+
+ # boot
+ $(boot-y): $(vmlinux-32) FORCE
kvm-lapic-fix-pending-interrupt-in-irr-blocked-by-software-disable-lapic.patch
nfsd-fix-overflow-causing-non-working-mounts-on-1-tb-machines.patch
svcrdma-ignore-source-port-when-computing-drc-hash.patch
+mips-fix-bounds-check-virt_addr_valid.patch
+mips-add-missing-ehb-in-mtc0-mfc0-sequence.patch
+mips-have-plain-make-calls-build-dtbs-for-selected-platforms.patch
+dmaengine-qcom-bam_dma-fix-completed-descriptors-count.patch
+dmaengine-imx-sdma-remove-bd_intr-for-channel0.patch
+dmaengine-jz4780-fix-an-endian-bug-in-irq-handler.patch
+fs-validate_fs_parser-should-default-to-n.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
