--- /dev/null
+From 898805e0cdf7fd860ec21bf661d3a0285a3defbd Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@armlinux.org.uk>
+Date: Tue, 30 May 2017 16:21:51 +0100
+Subject: net: phy: fix marvell phy status reading
+
+From: Russell King <rmk+kernel@armlinux.org.uk>
+
+commit 898805e0cdf7fd860ec21bf661d3a0285a3defbd upstream.
+
+The Marvell driver incorrectly provides phydev->lp_advertising as the
+logical and of the link partner's advert and our advert. This is
+incorrect - this field is supposed to store the link parter's unmodified
+advertisment.
+
+This allows ethtool to report the correct link partner auto-negotiation
+status.
+
+Fixes: be937f1f89ca ("Marvell PHY m88e1111 driver fix")
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/phy/marvell.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/net/phy/marvell.c
++++ b/drivers/net/phy/marvell.c
+@@ -822,8 +822,6 @@ static int marvell_read_status(struct ph
+ phydev->lp_advertising = mii_stat1000_to_ethtool_lpa_t(lpagb) |
+ mii_lpa_to_ethtool_lpa_t(lpa);
+
+- lpa &= adv;
+-
+ if (status & MII_M1011_PHY_STATUS_FULLDUPLEX)
+ phydev->duplex = DUPLEX_FULL;
+ else
--- /dev/null
+From bb1a619735b4660f21bce3e728b937640024b4ad Mon Sep 17 00:00:00 2001
+From: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
+Date: Wed, 8 Feb 2017 17:14:26 -0500
+Subject: net: phy: Initialize mdio clock at probe function
+
+From: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
+
+commit bb1a619735b4660f21bce3e728b937640024b4ad upstream.
+
+USB PHYs need the MDIO clock divisor enabled earlier to work.
+Initialize mdio clock divisor in probe function. The ext bus
+bit available in the same register will be used by mdio mux
+to enable external mdio.
+
+Signed-off-by: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
+Fixes: ddc24ae1 ("net: phy: Broadcom iProc MDIO bus driver")
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Jon Mason <jon.mason@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/phy/mdio-bcm-iproc.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/phy/mdio-bcm-iproc.c
++++ b/drivers/net/phy/mdio-bcm-iproc.c
+@@ -81,8 +81,6 @@ static int iproc_mdio_read(struct mii_bu
+ if (rc)
+ return rc;
+
+- iproc_mdio_config_clk(priv->base);
+-
+ /* Prepare the read operation */
+ cmd = (MII_DATA_TA_VAL << MII_DATA_TA_SHIFT) |
+ (reg << MII_DATA_RA_SHIFT) |
+@@ -112,8 +110,6 @@ static int iproc_mdio_write(struct mii_b
+ if (rc)
+ return rc;
+
+- iproc_mdio_config_clk(priv->base);
+-
+ /* Prepare the write operation */
+ cmd = (MII_DATA_TA_VAL << MII_DATA_TA_SHIFT) |
+ (reg << MII_DATA_RA_SHIFT) |
+@@ -163,6 +159,8 @@ static int iproc_mdio_probe(struct platf
+ bus->read = iproc_mdio_read;
+ bus->write = iproc_mdio_write;
+
++ iproc_mdio_config_clk(priv->base);
++
+ rc = of_mdiobus_register(bus, pdev->dev.of_node);
+ if (rc) {
+ dev_err(&pdev->dev, "MDIO bus registration failed\n");
--- /dev/null
+From b5a10c5f7532b7473776da87e67f8301bbc32693 Mon Sep 17 00:00:00 2001
+From: "Guilherme G. Piccoli" <gpiccoli@linux.vnet.ibm.com>
+Date: Wed, 28 Dec 2016 22:13:15 -0200
+Subject: nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too
+
+From: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
+
+commit b5a10c5f7532b7473776da87e67f8301bbc32693 upstream.
+
+Commit 54adc01055b7 ("nvme/quirk: Add a delay before checking for adapter
+readiness") introduced a quirk to adapters that cannot read the bit
+NVME_CSTS_RDY right after register NVME_REG_CC is set; these adapters
+need a delay or else the action of reading the bit NVME_CSTS_RDY could
+somehow corrupt adapter's registers state and it never recovers.
+
+When this quirk was added, we checked ctrl->tagset in order to avoid
+quirking in probe time, supposing we would never require such delay
+during probe. Well, it was too optimistic; we in fact need this quirk
+at probe time in some cases, like after a kexec.
+
+In some experiments, after abnormal shutdown of machine (aka power cord
+unplug), we booted into our bootloader in Power, which is a Linux kernel,
+and kexec'ed into another distro. If this kexec is too quick, we end up
+reaching the probe of NVMe adapter in that distro when adapter is in
+bad state (not fully initialized on our bootloader). What happens next
+is that nvme_wait_ready() is unable to complete, except if the quirk is
+enabled.
+
+So, this patch removes the original ctrl->tagset verification in order
+to enable the quirk even on probe time.
+
+Fixes: 54adc01055b7 ("nvme/quirk: Add a delay before checking for adapter readiness")
+Reported-by: Andrew Byrne <byrneadw@ie.ibm.com>
+Reported-by: Jaime A. H. Gomez <jahgomez@mx1.ibm.com>
+Reported-by: Zachary D. Myers <zdmyers@us.ibm.com>
+Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
+Acked-by: Jeffrey Lien <Jeff.Lien@wdc.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+[mauricfo: backport to v4.4.70 without nvme quirk handling & nvme_ctrl]
+Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
+Tested-by: Narasimhan Vaidyanathan <vnarasimhan@in.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/nvme/host/pci.c | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+--- a/drivers/nvme/host/pci.c
++++ b/drivers/nvme/host/pci.c
+@@ -1639,12 +1639,7 @@ static int nvme_disable_ctrl(struct nvme
+ dev->ctrl_config &= ~NVME_CC_ENABLE;
+ writel(dev->ctrl_config, &dev->bar->cc);
+
+- /* Checking for dev->tagset is a trick to avoid sleeping on module
+- * load, since we only need the quirk on reset_controller. Notice
+- * that the HGST device needs this delay only in firmware activation
+- * procedure; unfortunately we have no (easy) way to verify this.
+- */
+- if (pdev->vendor == 0x1c58 && pdev->device == 0x0003 && dev->tagset)
++ if (pdev->vendor == 0x1c58 && pdev->device == 0x0003)
+ msleep(NVME_QUIRK_DELAY_AMOUNT);
+
+ return nvme_wait_ready(dev, cap, false);
--- /dev/null
+From 54adc01055b75ec8769c5a36574c7a0895c0c0b2 Mon Sep 17 00:00:00 2001
+From: "Guilherme G. Piccoli" <gpiccoli@linux.vnet.ibm.com>
+Date: Tue, 14 Jun 2016 18:22:41 -0300
+Subject: nvme/quirk: Add a delay before checking for adapter readiness
+
+From: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
+
+commit 54adc01055b75ec8769c5a36574c7a0895c0c0b2 upstream.
+
+When disabling the controller, the specification says the register
+NVME_REG_CC should be written and then driver needs to wait the
+adapter to be ready, which is checked by reading another register
+bit (NVME_CSTS_RDY). There's a timeout validation in this checking,
+so in case this timeout is reached the driver gives up and removes
+the adapter from the system.
+
+After a firmware activation procedure, the PCI_DEVICE(0x1c58, 0x0003)
+(HGST adapter) end up being removed if we issue a reset_controller,
+because driver keeps verifying the NVME_REG_CSTS until the timeout is
+reached. This patch adds a necessary quirk for this adapter, by
+introducing a delay before nvme_wait_ready(), so the reset procedure
+is able to be completed. This quirk is needed because just increasing
+the timeout is not enough in case of this adapter - the driver must
+wait before start reading NVME_REG_CSTS register on this specific
+device.
+
+Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Jens Axboe <axboe@fb.com>
+[mauricfo: backport to v4.4.70 without nvme quirk handling & nvme_ctrl]
+Signed-off-by: Mauricio Faria de Oliveira <mauricfo@linux.vnet.ibm.com>
+Tested-by: Narasimhan Vaidyanathan <vnarasimhan@in.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nvme/host/nvme.h | 7 +++++++
+ drivers/nvme/host/pci.c | 10 ++++++++++
+ 2 files changed, 17 insertions(+)
+
+--- a/drivers/nvme/host/nvme.h
++++ b/drivers/nvme/host/nvme.h
+@@ -27,6 +27,13 @@ enum {
+ NVME_NS_LIGHTNVM = 1,
+ };
+
++/* The below value is the specific amount of delay needed before checking
++ * readiness in case of the PCI_DEVICE(0x1c58, 0x0003), which needs the
++ * NVME_QUIRK_DELAY_BEFORE_CHK_RDY quirk enabled. The value (in ms) was
++ * found empirically.
++ */
++#define NVME_QUIRK_DELAY_AMOUNT 2000
++
+ /*
+ * Represents an NVM Express device. Each nvme_dev is a PCI function.
+ */
+--- a/drivers/nvme/host/pci.c
++++ b/drivers/nvme/host/pci.c
+@@ -1633,10 +1633,20 @@ static int nvme_wait_ready(struct nvme_d
+ */
+ static int nvme_disable_ctrl(struct nvme_dev *dev, u64 cap)
+ {
++ struct pci_dev *pdev = to_pci_dev(dev->dev);
++
+ dev->ctrl_config &= ~NVME_CC_SHN_MASK;
+ dev->ctrl_config &= ~NVME_CC_ENABLE;
+ writel(dev->ctrl_config, &dev->bar->cc);
+
++ /* Checking for dev->tagset is a trick to avoid sleeping on module
++ * load, since we only need the quirk on reset_controller. Notice
++ * that the HGST device needs this delay only in firmware activation
++ * procedure; unfortunately we have no (easy) way to verify this.
++ */
++ if (pdev->vendor == 0x1c58 && pdev->device == 0x0003 && dev->tagset)
++ msleep(NVME_QUIRK_DELAY_AMOUNT);
++
+ return nvme_wait_ready(dev, cap, false);
+ }
+
of-add-check-to-of_scan_flat_dt-before-accessing-initial_boot_params.patch
mtd-spi-nor-fix-spansion-quad-enable.patch
powerpc-slb-force-a-full-slb-flush-when-we-insert-for-a-bad-ea.patch
+usb-gadget-f_fs-avoid-out-of-bounds-access-on-comp_desc.patch
+net-phy-initialize-mdio-clock-at-probe-function.patch
+net-phy-fix-marvell-phy-status-reading.patch
+nvme-quirk-add-a-delay-before-checking-for-adapter-readiness.patch
+nvme-apply-delay_before_chk_rdy-quirk-at-probe-time-too.patch
--- /dev/null
+From b7f73850bb4fac1e2209a4dd5e636d39be92f42c Mon Sep 17 00:00:00 2001
+From: William Wu <william.wu@rock-chips.com>
+Date: Tue, 25 Apr 2017 17:45:48 +0800
+Subject: usb: gadget: f_fs: avoid out of bounds access on comp_desc
+
+From: William Wu <william.wu@rock-chips.com>
+
+commit b7f73850bb4fac1e2209a4dd5e636d39be92f42c upstream.
+
+Companion descriptor is only used for SuperSpeed endpoints,
+if the endpoints are HighSpeed or FullSpeed, the Companion
+descriptor will not allocated, so we can only access it if
+gadget is SuperSpeed.
+
+I can reproduce this issue on Rockchip platform rk3368 SoC
+which supports USB 2.0, and use functionfs for ADB. Kernel
+build with CONFIG_KASAN=y and CONFIG_SLUB_DEBUG=y report
+the following BUG:
+
+==================================================================
+BUG: KASAN: slab-out-of-bounds in ffs_func_set_alt+0x224/0x3a0 at addr ffffffc0601f6509
+Read of size 1 by task swapper/0/0
+============================================================================
+BUG kmalloc-256 (Not tainted): kasan: bad access detected
+----------------------------------------------------------------------------
+
+Disabling lock debugging due to kernel taint
+INFO: Allocated in ffs_func_bind+0x52c/0x99c age=1275 cpu=0 pid=1
+alloc_debug_processing+0x128/0x17c
+___slab_alloc.constprop.58+0x50c/0x610
+__slab_alloc.isra.55.constprop.57+0x24/0x34
+__kmalloc+0xe0/0x250
+ffs_func_bind+0x52c/0x99c
+usb_add_function+0xd8/0x1d4
+configfs_composite_bind+0x48c/0x570
+udc_bind_to_driver+0x6c/0x170
+usb_udc_attach_driver+0xa4/0xd0
+gadget_dev_desc_UDC_store+0xcc/0x118
+configfs_write_file+0x1a0/0x1f8
+__vfs_write+0x64/0x174
+vfs_write+0xe4/0x200
+SyS_write+0x68/0xc8
+el0_svc_naked+0x24/0x28
+INFO: Freed in inode_doinit_with_dentry+0x3f0/0x7c4 age=1275 cpu=7 pid=247
+...
+Call trace:
+[<ffffff900808aab4>] dump_backtrace+0x0/0x230
+[<ffffff900808acf8>] show_stack+0x14/0x1c
+[<ffffff90084ad420>] dump_stack+0xa0/0xc8
+[<ffffff90082157cc>] print_trailer+0x188/0x198
+[<ffffff9008215948>] object_err+0x3c/0x4c
+[<ffffff900821b5ac>] kasan_report+0x324/0x4dc
+[<ffffff900821aa38>] __asan_load1+0x24/0x50
+[<ffffff90089eb750>] ffs_func_set_alt+0x224/0x3a0
+[<ffffff90089d3760>] composite_setup+0xdcc/0x1ac8
+[<ffffff90089d7394>] android_setup+0x124/0x1a0
+[<ffffff90089acd18>] _setup+0x54/0x74
+[<ffffff90089b6b98>] handle_ep0+0x3288/0x4390
+[<ffffff90089b9b44>] dwc_otg_pcd_handle_out_ep_intr+0x14dc/0x2ae4
+[<ffffff90089be85c>] dwc_otg_pcd_handle_intr+0x1ec/0x298
+[<ffffff90089ad680>] dwc_otg_pcd_irq+0x10/0x20
+[<ffffff9008116328>] handle_irq_event_percpu+0x124/0x3ac
+[<ffffff9008116610>] handle_irq_event+0x60/0xa0
+[<ffffff900811af30>] handle_fasteoi_irq+0x10c/0x1d4
+[<ffffff9008115568>] generic_handle_irq+0x30/0x40
+[<ffffff90081159b4>] __handle_domain_irq+0xac/0xdc
+[<ffffff9008080e9c>] gic_handle_irq+0x64/0xa4
+...
+Memory state around the buggy address:
+ ffffffc0601f6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ ffffffc0601f6480: 00 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc
+ >ffffffc0601f6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+ ^
+ ffffffc0601f6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+ ffffffc0601f6600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
+==================================================================
+
+Signed-off-by: William Wu <william.wu@rock-chips.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Cc: Jerry Zhang <zhangjerry@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/function/f_fs.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/drivers/usb/gadget/function/f_fs.c
++++ b/drivers/usb/gadget/function/f_fs.c
+@@ -1668,12 +1668,12 @@ static int ffs_func_eps_enable(struct ff
+ ep->ep->driver_data = ep;
+ ep->ep->desc = ds;
+
+- comp_desc = (struct usb_ss_ep_comp_descriptor *)(ds +
+- USB_DT_ENDPOINT_SIZE);
+- ep->ep->maxburst = comp_desc->bMaxBurst + 1;
+-
+- if (needs_comp_desc)
++ if (needs_comp_desc) {
++ comp_desc = (struct usb_ss_ep_comp_descriptor *)(ds +
++ USB_DT_ENDPOINT_SIZE);
++ ep->ep->maxburst = comp_desc->bMaxBurst + 1;
+ ep->ep->comp_desc = comp_desc;
++ }
+
+ ret = usb_ep_enable(ep->ep);
+ if (likely(!ret)) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
