From: Greg Kroah-Hartman Date: Thu, 21 Mar 2019 07:14:50 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v3.18.137~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=10b94b29f9197814d549431ee35f0bb24824c62c;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch arm64-debug-ensure-debug-handlers-check-triggering-exception-level.patch arm64-fix-hcr.tge-status-for-nmi-contexts.patch arm64-kvm-fix-architecturally-invalid-reset-value-for-fpexc32_el2.patch jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch jbd2-fix-compile-warning-when-using-jbuffer_trace.patch powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch powerpc-fix-32-bit-kvm-pr-lockup-and-host-crash-with-macos-guest.patch powerpc-hugetlb-don-t-do-runtime-allocation-of-16g-pages-in-lpar-configuration.patch powerpc-powernv-make-opal-log-only-readable-by-root.patch powerpc-ptrace-simplify-vr_get-set-to-avoid-gcc-warning.patch powerpc-traps-fix-recoverability-of-machine-check-handling-on-book3s-32.patch powerpc-traps-fix-the-message-printed-when-stack-overflows.patch powerpc-wii-properly-disable-use-of-bats-when-requested.patch security-selinux-fix-security_lsm_native_labels-on-reused-superblock.patch serial-8250_of-assume-reg-shift-of-2-for-mrvl-mmp-uart.patch serial-8250_pci-fix-number-of-ports-for-acces-serial-cards.patch serial-8250_pci-have-acces-cards-that-use-the-four-port-pericom-pi7c9x7954-chip-use-the-pci_pericom_setup.patch serial-uartps-fix-stuck-isr-if-rx-disabled-with-non-empty-fifo.patch --- diff --git a/queue-4.14/arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch b/queue-4.14/arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch new file mode 100644 index 00000000000..41f697ed7aa --- /dev/null +++ b/queue-4.14/arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch @@ -0,0 +1,48 @@ +From e2477233145f2156434afb799583bccd878f3e9f Mon Sep 17 00:00:00 2001 +From: "Gustavo A. R. Silva" +Date: Thu, 3 Jan 2019 14:14:08 -0600 +Subject: ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify + +From: Gustavo A. R. Silva + +commit e2477233145f2156434afb799583bccd878f3e9f upstream. + +Fix boolean expressions by using logical AND operator '&&' instead of +bitwise operator '&'. + +This issue was detected with the help of Coccinelle. + +Fixes: 4fa084af28ca ("ARM: OSIRIS: DVS (Dynamic Voltage Scaling) supoort.") +Cc: stable@vger.kernel.org +Signed-off-by: Gustavo A. R. Silva +[krzk: Fix -Wparentheses warning] +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-s3c24xx/mach-osiris-dvs.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/arm/mach-s3c24xx/mach-osiris-dvs.c ++++ b/arch/arm/mach-s3c24xx/mach-osiris-dvs.c +@@ -70,16 +70,16 @@ static int osiris_dvs_notify(struct noti + + switch (val) { + case CPUFREQ_PRECHANGE: +- if (old_dvs & !new_dvs || +- cur_dvs & !new_dvs) { ++ if ((old_dvs && !new_dvs) || ++ (cur_dvs && !new_dvs)) { + pr_debug("%s: exiting dvs\n", __func__); + cur_dvs = false; + gpio_set_value(OSIRIS_GPIO_DVS, 1); + } + break; + case CPUFREQ_POSTCHANGE: +- if (!old_dvs & new_dvs || +- !cur_dvs & new_dvs) { ++ if ((!old_dvs && new_dvs) || ++ (!cur_dvs && new_dvs)) { + pr_debug("entering dvs\n"); + cur_dvs = true; + gpio_set_value(OSIRIS_GPIO_DVS, 0); diff --git a/queue-4.14/arm64-debug-ensure-debug-handlers-check-triggering-exception-level.patch b/queue-4.14/arm64-debug-ensure-debug-handlers-check-triggering-exception-level.patch new file mode 100644 index 00000000000..21bc8a4d2d1 --- /dev/null +++ b/queue-4.14/arm64-debug-ensure-debug-handlers-check-triggering-exception-level.patch @@ -0,0 +1,93 @@ +From 6bd288569b50bc89fa5513031086746968f585cb Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Fri, 1 Mar 2019 13:28:01 +0000 +Subject: arm64: debug: Ensure debug handlers check triggering exception level + +From: Will Deacon + +commit 6bd288569b50bc89fa5513031086746968f585cb upstream. + +Debug exception handlers may be called for exceptions generated both by +user and kernel code. In many cases, this is checked explicitly, but +in other cases things either happen to work by happy accident or they +go slightly wrong. For example, executing 'brk #4' from userspace will +enter the kprobes code and be ignored, but the instruction will be +retried forever in userspace instead of delivering a SIGTRAP. + +Fix this issue in the most stable-friendly fashion by simply adding +explicit checks of the triggering exception level to all of our debug +exception handlers. + +Cc: +Reviewed-by: Mark Rutland +Signed-off-by: Will Deacon +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/kgdb.c | 14 ++++++++++---- + arch/arm64/kernel/probes/kprobes.c | 6 ++++++ + 2 files changed, 16 insertions(+), 4 deletions(-) + +--- a/arch/arm64/kernel/kgdb.c ++++ b/arch/arm64/kernel/kgdb.c +@@ -233,27 +233,33 @@ int kgdb_arch_handle_exception(int excep + + static int kgdb_brk_fn(struct pt_regs *regs, unsigned int esr) + { ++ if (user_mode(regs)) ++ return DBG_HOOK_ERROR; ++ + kgdb_handle_exception(1, SIGTRAP, 0, regs); +- return 0; ++ return DBG_HOOK_HANDLED; + } + NOKPROBE_SYMBOL(kgdb_brk_fn) + + static int kgdb_compiled_brk_fn(struct pt_regs *regs, unsigned int esr) + { ++ if (user_mode(regs)) ++ return DBG_HOOK_ERROR; ++ + compiled_break = 1; + kgdb_handle_exception(1, SIGTRAP, 0, regs); + +- return 0; ++ return DBG_HOOK_HANDLED; + } + NOKPROBE_SYMBOL(kgdb_compiled_brk_fn); + + static int kgdb_step_brk_fn(struct pt_regs *regs, unsigned int esr) + { +- if (!kgdb_single_step) ++ if (user_mode(regs) || !kgdb_single_step) + return DBG_HOOK_ERROR; + + kgdb_handle_exception(1, SIGTRAP, 0, regs); +- return 0; ++ return DBG_HOOK_HANDLED; + } + NOKPROBE_SYMBOL(kgdb_step_brk_fn); + +--- a/arch/arm64/kernel/probes/kprobes.c ++++ b/arch/arm64/kernel/probes/kprobes.c +@@ -458,6 +458,9 @@ kprobe_single_step_handler(struct pt_reg + struct kprobe_ctlblk *kcb = get_kprobe_ctlblk(); + int retval; + ++ if (user_mode(regs)) ++ return DBG_HOOK_ERROR; ++ + /* return error if this is not our step */ + retval = kprobe_ss_hit(kcb, instruction_pointer(regs)); + +@@ -474,6 +477,9 @@ kprobe_single_step_handler(struct pt_reg + int __kprobes + kprobe_breakpoint_handler(struct pt_regs *regs, unsigned int esr) + { ++ if (user_mode(regs)) ++ return DBG_HOOK_ERROR; ++ + kprobe_handler(regs); + return DBG_HOOK_HANDLED; + } diff --git a/queue-4.14/arm64-fix-hcr.tge-status-for-nmi-contexts.patch b/queue-4.14/arm64-fix-hcr.tge-status-for-nmi-contexts.patch new file mode 100644 index 00000000000..441048b5576 --- /dev/null +++ b/queue-4.14/arm64-fix-hcr.tge-status-for-nmi-contexts.patch @@ -0,0 +1,126 @@ +From 5870970b9a828d8693aa6d15742573289d7dbcd0 Mon Sep 17 00:00:00 2001 +From: Julien Thierry +Date: Thu, 31 Jan 2019 14:58:39 +0000 +Subject: arm64: Fix HCR.TGE status for NMI contexts + +From: Julien Thierry + +commit 5870970b9a828d8693aa6d15742573289d7dbcd0 upstream. + +When using VHE, the host needs to clear HCR_EL2.TGE bit in order +to interact with guest TLBs, switching from EL2&0 translation regime +to EL1&0. + +However, some non-maskable asynchronous event could happen while TGE is +cleared like SDEI. Because of this address translation operations +relying on EL2&0 translation regime could fail (tlb invalidation, +userspace access, ...). + +Fix this by properly setting HCR_EL2.TGE when entering NMI context and +clear it if necessary when returning to the interrupted context. + +Signed-off-by: Julien Thierry +Suggested-by: Marc Zyngier +Reviewed-by: Marc Zyngier +Reviewed-by: James Morse +Cc: Arnd Bergmann +Cc: Will Deacon +Cc: Marc Zyngier +Cc: James Morse +Cc: linux-arch@vger.kernel.org +Cc: stable@vger.kernel.org +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/hardirq.h | 31 +++++++++++++++++++++++++++++++ + arch/arm64/kernel/irq.c | 3 +++ + include/linux/hardirq.h | 7 +++++++ + 3 files changed, 41 insertions(+) + +--- a/arch/arm64/include/asm/hardirq.h ++++ b/arch/arm64/include/asm/hardirq.h +@@ -17,8 +17,12 @@ + #define __ASM_HARDIRQ_H + + #include ++#include + #include ++#include + #include ++#include ++#include + + #define NR_IPI 7 + +@@ -37,6 +41,33 @@ u64 smp_irq_stat_cpu(unsigned int cpu); + + #define __ARCH_IRQ_EXIT_IRQS_DISABLED 1 + ++struct nmi_ctx { ++ u64 hcr; ++}; ++ ++DECLARE_PER_CPU(struct nmi_ctx, nmi_contexts); ++ ++#define arch_nmi_enter() \ ++ do { \ ++ if (is_kernel_in_hyp_mode()) { \ ++ struct nmi_ctx *nmi_ctx = this_cpu_ptr(&nmi_contexts); \ ++ nmi_ctx->hcr = read_sysreg(hcr_el2); \ ++ if (!(nmi_ctx->hcr & HCR_TGE)) { \ ++ write_sysreg(nmi_ctx->hcr | HCR_TGE, hcr_el2); \ ++ isb(); \ ++ } \ ++ } \ ++ } while (0) ++ ++#define arch_nmi_exit() \ ++ do { \ ++ if (is_kernel_in_hyp_mode()) { \ ++ struct nmi_ctx *nmi_ctx = this_cpu_ptr(&nmi_contexts); \ ++ if (!(nmi_ctx->hcr & HCR_TGE)) \ ++ write_sysreg(nmi_ctx->hcr, hcr_el2); \ ++ } \ ++ } while (0) ++ + static inline void ack_bad_irq(unsigned int irq) + { + extern unsigned long irq_err_count; +--- a/arch/arm64/kernel/irq.c ++++ b/arch/arm64/kernel/irq.c +@@ -32,6 +32,9 @@ + + unsigned long irq_err_count; + ++/* Only access this in an NMI enter/exit */ ++DEFINE_PER_CPU(struct nmi_ctx, nmi_contexts); ++ + DEFINE_PER_CPU(unsigned long *, irq_stack_ptr); + + int arch_show_interrupts(struct seq_file *p, int prec) +--- a/include/linux/hardirq.h ++++ b/include/linux/hardirq.h +@@ -60,8 +60,14 @@ extern void irq_enter(void); + */ + extern void irq_exit(void); + ++#ifndef arch_nmi_enter ++#define arch_nmi_enter() do { } while (0) ++#define arch_nmi_exit() do { } while (0) ++#endif ++ + #define nmi_enter() \ + do { \ ++ arch_nmi_enter(); \ + printk_nmi_enter(); \ + lockdep_off(); \ + ftrace_nmi_enter(); \ +@@ -80,6 +86,7 @@ extern void irq_exit(void); + ftrace_nmi_exit(); \ + lockdep_on(); \ + printk_nmi_exit(); \ ++ arch_nmi_exit(); \ + } while (0) + + #endif /* LINUX_HARDIRQ_H */ diff --git a/queue-4.14/arm64-kvm-fix-architecturally-invalid-reset-value-for-fpexc32_el2.patch b/queue-4.14/arm64-kvm-fix-architecturally-invalid-reset-value-for-fpexc32_el2.patch new file mode 100644 index 00000000000..43a03f399ef --- /dev/null +++ b/queue-4.14/arm64-kvm-fix-architecturally-invalid-reset-value-for-fpexc32_el2.patch @@ -0,0 +1,44 @@ +From c88b093693ccbe41991ef2e9b1d251945e6e54ed Mon Sep 17 00:00:00 2001 +From: Dave Martin +Date: Thu, 21 Feb 2019 11:42:32 +0000 +Subject: arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 + +From: Dave Martin + +commit c88b093693ccbe41991ef2e9b1d251945e6e54ed upstream. + +Due to what looks like a typo dating back to the original addition +of FPEXC32_EL2 handling, KVM currently initialises this register to +an architecturally invalid value. + +As a result, the VECITR field (RES1) in bits [10:8] is initialised +with 0, and the two reserved (RES0) bits [6:5] are initialised with +1. (In the Common VFP Subarchitecture as specified by ARMv7-A, +these two bits were IMP DEF. ARMv8-A removes them.) + +This patch changes the reset value from 0x70 to 0x700, which +reflects the architectural constraints and is presumably what was +originally intended. + +Cc: # 4.12.x- +Cc: Christoffer Dall +Fixes: 62a89c44954f ("arm64: KVM: 32bit handling of coprocessor traps") +Signed-off-by: Dave Martin +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kvm/sys_regs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/kvm/sys_regs.c ++++ b/arch/arm64/kvm/sys_regs.c +@@ -1079,7 +1079,7 @@ static const struct sys_reg_desc sys_reg + + { SYS_DESC(SYS_DACR32_EL2), NULL, reset_unknown, DACR32_EL2 }, + { SYS_DESC(SYS_IFSR32_EL2), NULL, reset_unknown, IFSR32_EL2 }, +- { SYS_DESC(SYS_FPEXC32_EL2), NULL, reset_val, FPEXC32_EL2, 0x70 }, ++ { SYS_DESC(SYS_FPEXC32_EL2), NULL, reset_val, FPEXC32_EL2, 0x700 }, + }; + + static bool trap_dbgidr(struct kvm_vcpu *vcpu, diff --git a/queue-4.14/drm-i915-relax-mmap-vma-check.patch b/queue-4.14/drm-i915-relax-mmap-vma-check.patch index fea7be16b92..6ac09da3ace 100644 --- a/queue-4.14/drm-i915-relax-mmap-vma-check.patch +++ b/queue-4.14/drm-i915-relax-mmap-vma-check.patch @@ -28,14 +28,12 @@ Link: https://patchwork.freedesktop.org/patch/msgid/20190305110409.28633-1-tvrtk Signed-off-by: Rodrigo Vivi Signed-off-by: Sasha Levin --- - drivers/gpu/drm/i915/i915_gem.c | 3 ++- + drivers/gpu/drm/i915/i915_gem.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c -index 5d8a67c65141..727018a16cca 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c -@@ -1640,7 +1640,8 @@ __vma_matches(struct vm_area_struct *vma, struct file *filp, +@@ -1640,7 +1640,8 @@ __vma_matches(struct vm_area_struct *vma if (vma->vm_file != filp) return false; @@ -45,6 +43,3 @@ index 5d8a67c65141..727018a16cca 100644 } /** --- -2.19.1 - diff --git a/queue-4.14/jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch b/queue-4.14/jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch new file mode 100644 index 00000000000..eda05ecc867 --- /dev/null +++ b/queue-4.14/jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch @@ -0,0 +1,80 @@ +From 904cdbd41d749a476863a0ca41f6f396774f26e4 Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Sun, 10 Feb 2019 23:23:04 -0500 +Subject: jbd2: clear dirty flag when revoking a buffer from an older transaction + +From: zhangyi (F) + +commit 904cdbd41d749a476863a0ca41f6f396774f26e4 upstream. + +Now, we capture a data corruption problem on ext4 while we're truncating +an extent index block. Imaging that if we are revoking a buffer which +has been journaled by the committing transaction, the buffer's jbddirty +flag will not be cleared in jbd2_journal_forget(), so the commit code +will set the buffer dirty flag again after refile the buffer. + +fsx kjournald2 + jbd2_journal_commit_transaction +jbd2_journal_revoke commit phase 1~5... + jbd2_journal_forget + belongs to older transaction commit phase 6 + jbddirty not clear __jbd2_journal_refile_buffer + __jbd2_journal_unfile_buffer + test_clear_buffer_jbddirty + mark_buffer_dirty + +Finally, if the freed extent index block was allocated again as data +block by some other files, it may corrupt the file data after writing +cached pages later, such as during unmount time. (In general, +clean_bdev_aliases() related helpers should be invoked after +re-allocation to prevent the above corruption, but unfortunately we +missed it when zeroout the head of extra extent blocks in +ext4_ext_handle_unwritten_extents()). + +This patch mark buffer as freed and set j_next_transaction to the new +transaction when it already belongs to the committing transaction in +jbd2_journal_forget(), so that commit code knows it should clear dirty +bits when it is done with the buffer. + +This problem can be reproduced by xfstests generic/455 easily with +seeds (3246 3247 3248 3249). + +Signed-off-by: zhangyi (F) +Signed-off-by: Theodore Ts'o +Reviewed-by: Jan Kara +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jbd2/transaction.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -1581,14 +1581,21 @@ int jbd2_journal_forget (handle_t *handl + /* However, if the buffer is still owned by a prior + * (committing) transaction, we can't drop it yet... */ + JBUFFER_TRACE(jh, "belongs to older transaction"); +- /* ... but we CAN drop it from the new transaction if we +- * have also modified it since the original commit. */ ++ /* ... but we CAN drop it from the new transaction through ++ * marking the buffer as freed and set j_next_transaction to ++ * the new transaction, so that not only the commit code ++ * knows it should clear dirty bits when it is done with the ++ * buffer, but also the buffer can be checkpointed only ++ * after the new transaction commits. */ + +- if (jh->b_next_transaction) { +- J_ASSERT(jh->b_next_transaction == transaction); ++ set_buffer_freed(bh); ++ ++ if (!jh->b_next_transaction) { + spin_lock(&journal->j_list_lock); +- jh->b_next_transaction = NULL; ++ jh->b_next_transaction = transaction; + spin_unlock(&journal->j_list_lock); ++ } else { ++ J_ASSERT(jh->b_next_transaction == transaction); + + /* + * only drop a reference if this transaction modified diff --git a/queue-4.14/jbd2-fix-compile-warning-when-using-jbuffer_trace.patch b/queue-4.14/jbd2-fix-compile-warning-when-using-jbuffer_trace.patch new file mode 100644 index 00000000000..a81b6d10818 --- /dev/null +++ b/queue-4.14/jbd2-fix-compile-warning-when-using-jbuffer_trace.patch @@ -0,0 +1,90 @@ +From 01215d3edb0f384ddeaa5e4a22c1ae5ff634149f Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Thu, 21 Feb 2019 11:24:09 -0500 +Subject: jbd2: fix compile warning when using JBUFFER_TRACE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: zhangyi (F) + +commit 01215d3edb0f384ddeaa5e4a22c1ae5ff634149f upstream. + +The jh pointer may be used uninitialized in the two cases below and the +compiler complain about it when enabling JBUFFER_TRACE macro, fix them. + +In file included from fs/jbd2/transaction.c:19:0: +fs/jbd2/transaction.c: In function ‘jbd2_journal_get_undo_access’: +./include/linux/jbd2.h:1637:38: warning: ‘jh’ is used uninitialized in this function [-Wuninitialized] + #define JBUFFER_TRACE(jh, info) do { printk("%s: %d\n", __func__, jh->b_jcount);} while (0) + ^ +fs/jbd2/transaction.c:1219:23: note: ‘jh’ was declared here + struct journal_head *jh; + ^ +In file included from fs/jbd2/transaction.c:19:0: +fs/jbd2/transaction.c: In function ‘jbd2_journal_dirty_metadata’: +./include/linux/jbd2.h:1637:38: warning: ‘jh’ may be used uninitialized in this function [-Wmaybe-uninitialized] + #define JBUFFER_TRACE(jh, info) do { printk("%s: %d\n", __func__, jh->b_jcount);} while (0) + ^ +fs/jbd2/transaction.c:1332:23: note: ‘jh’ was declared here + struct journal_head *jh; + ^ + +Signed-off-by: zhangyi (F) +Signed-off-by: Theodore Ts'o +Cc: stable@vger.kernel.org +Reviewed-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jbd2/transaction.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/fs/jbd2/transaction.c ++++ b/fs/jbd2/transaction.c +@@ -1224,11 +1224,12 @@ int jbd2_journal_get_undo_access(handle_ + struct journal_head *jh; + char *committed_data = NULL; + +- JBUFFER_TRACE(jh, "entry"); + if (jbd2_write_access_granted(handle, bh, true)) + return 0; + + jh = jbd2_journal_add_journal_head(bh); ++ JBUFFER_TRACE(jh, "entry"); ++ + /* + * Do this first --- it can drop the journal lock, so we want to + * make sure that obtaining the committed_data is done +@@ -1339,15 +1340,17 @@ int jbd2_journal_dirty_metadata(handle_t + + if (is_handle_aborted(handle)) + return -EROFS; +- if (!buffer_jbd(bh)) { +- ret = -EUCLEAN; +- goto out; +- } ++ if (!buffer_jbd(bh)) ++ return -EUCLEAN; ++ + /* + * We don't grab jh reference here since the buffer must be part + * of the running transaction. + */ + jh = bh2jh(bh); ++ jbd_debug(5, "journal_head %p\n", jh); ++ JBUFFER_TRACE(jh, "entry"); ++ + /* + * This and the following assertions are unreliable since we may see jh + * in inconsistent state unless we grab bh_state lock. But this is +@@ -1381,9 +1384,6 @@ int jbd2_journal_dirty_metadata(handle_t + } + + journal = transaction->t_journal; +- jbd_debug(5, "journal_head %p\n", jh); +- JBUFFER_TRACE(jh, "entry"); +- + jbd_lock_bh_state(bh); + + if (jh->b_modified == 0) { diff --git a/queue-4.14/powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch b/queue-4.14/powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch new file mode 100644 index 00000000000..260b87f2858 --- /dev/null +++ b/queue-4.14/powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch @@ -0,0 +1,81 @@ +From 9580b71b5a7863c24a9bd18bcd2ad759b86b1eff Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Wed, 27 Feb 2019 11:45:30 +0000 +Subject: powerpc/32: Clear on-stack exception marker upon exception return + +From: Christophe Leroy + +commit 9580b71b5a7863c24a9bd18bcd2ad759b86b1eff upstream. + +Clear the on-stack STACK_FRAME_REGS_MARKER on exception exit in order +to avoid confusing stacktrace like the one below. + + Call Trace: + [c0e9dca0] [c01c42a0] print_address_description+0x64/0x2bc (unreliable) + [c0e9dcd0] [c01c4684] kasan_report+0xfc/0x180 + [c0e9dd10] [c0895130] memchr+0x24/0x74 + [c0e9dd30] [c00a9e38] msg_print_text+0x124/0x574 + [c0e9dde0] [c00ab710] console_unlock+0x114/0x4f8 + [c0e9de40] [c00adc60] vprintk_emit+0x188/0x1c4 + --- interrupt: c0e9df00 at 0x400f330 + LR = init_stack+0x1f00/0x2000 + [c0e9de80] [c00ae3c4] printk+0xa8/0xcc (unreliable) + [c0e9df20] [c0c27e44] early_irq_init+0x38/0x108 + [c0e9df50] [c0c15434] start_kernel+0x310/0x488 + [c0e9dff0] [00003484] 0x3484 + +With this patch the trace becomes: + + Call Trace: + [c0e9dca0] [c01c42c0] print_address_description+0x64/0x2bc (unreliable) + [c0e9dcd0] [c01c46a4] kasan_report+0xfc/0x180 + [c0e9dd10] [c0895150] memchr+0x24/0x74 + [c0e9dd30] [c00a9e58] msg_print_text+0x124/0x574 + [c0e9dde0] [c00ab730] console_unlock+0x114/0x4f8 + [c0e9de40] [c00adc80] vprintk_emit+0x188/0x1c4 + [c0e9de80] [c00ae3e4] printk+0xa8/0xcc + [c0e9df20] [c0c27e44] early_irq_init+0x38/0x108 + [c0e9df50] [c0c15434] start_kernel+0x310/0x488 + [c0e9dff0] [00003484] 0x3484 + +Cc: stable@vger.kernel.org +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/entry_32.S | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/arch/powerpc/kernel/entry_32.S ++++ b/arch/powerpc/kernel/entry_32.S +@@ -726,6 +726,9 @@ fast_exception_return: + mtcr r10 + lwz r10,_LINK(r11) + mtlr r10 ++ /* Clear the exception_marker on the stack to avoid confusing stacktrace */ ++ li r10, 0 ++ stw r10, 8(r11) + REST_GPR(10, r11) + #ifdef CONFIG_PPC_8xx_PERF_EVENT + mtspr SPRN_NRI, r0 +@@ -963,6 +966,9 @@ END_FTR_SECTION_IFSET(CPU_FTR_NEED_PAIRE + mtcrf 0xFF,r10 + mtlr r11 + ++ /* Clear the exception_marker on the stack to avoid confusing stacktrace */ ++ li r10, 0 ++ stw r10, 8(r1) + /* + * Once we put values in SRR0 and SRR1, we are in a state + * where exceptions are not recoverable, since taking an +@@ -1002,6 +1008,9 @@ exc_exit_restart_end: + mtlr r11 + lwz r10,_CCR(r1) + mtcrf 0xff,r10 ++ /* Clear the exception_marker on the stack to avoid confusing stacktrace */ ++ li r10, 0 ++ stw r10, 8(r1) + REST_2GPRS(9, r1) + .globl exc_exit_restart + exc_exit_restart: diff --git a/queue-4.14/powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch b/queue-4.14/powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch new file mode 100644 index 00000000000..9b616288e02 --- /dev/null +++ b/queue-4.14/powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch @@ -0,0 +1,79 @@ +From 36da5ff0bea2dc67298150ead8d8471575c54c7d Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Fri, 25 Jan 2019 12:03:55 +0000 +Subject: powerpc/83xx: Also save/restore SPRG4-7 during suspend + +From: Christophe Leroy + +commit 36da5ff0bea2dc67298150ead8d8471575c54c7d upstream. + +The 83xx has 8 SPRG registers and uses at least SPRG4 +for DTLB handling LRU. + +Fixes: 2319f1239592 ("powerpc/mm: e300c2/c3/c4 TLB errata workaround") +Cc: stable@vger.kernel.org +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/83xx/suspend-asm.S | 34 +++++++++++++++++++++++------- + 1 file changed, 27 insertions(+), 7 deletions(-) + +--- a/arch/powerpc/platforms/83xx/suspend-asm.S ++++ b/arch/powerpc/platforms/83xx/suspend-asm.S +@@ -26,13 +26,13 @@ + #define SS_MSR 0x74 + #define SS_SDR1 0x78 + #define SS_LR 0x7c +-#define SS_SPRG 0x80 /* 4 SPRGs */ +-#define SS_DBAT 0x90 /* 8 DBATs */ +-#define SS_IBAT 0xd0 /* 8 IBATs */ +-#define SS_TB 0x110 +-#define SS_CR 0x118 +-#define SS_GPREG 0x11c /* r12-r31 */ +-#define STATE_SAVE_SIZE 0x16c ++#define SS_SPRG 0x80 /* 8 SPRGs */ ++#define SS_DBAT 0xa0 /* 8 DBATs */ ++#define SS_IBAT 0xe0 /* 8 IBATs */ ++#define SS_TB 0x120 ++#define SS_CR 0x128 ++#define SS_GPREG 0x12c /* r12-r31 */ ++#define STATE_SAVE_SIZE 0x17c + + .section .data + .align 5 +@@ -103,6 +103,16 @@ _GLOBAL(mpc83xx_enter_deep_sleep) + stw r7, SS_SPRG+12(r3) + stw r8, SS_SDR1(r3) + ++ mfspr r4, SPRN_SPRG4 ++ mfspr r5, SPRN_SPRG5 ++ mfspr r6, SPRN_SPRG6 ++ mfspr r7, SPRN_SPRG7 ++ ++ stw r4, SS_SPRG+16(r3) ++ stw r5, SS_SPRG+20(r3) ++ stw r6, SS_SPRG+24(r3) ++ stw r7, SS_SPRG+28(r3) ++ + mfspr r4, SPRN_DBAT0U + mfspr r5, SPRN_DBAT0L + mfspr r6, SPRN_DBAT1U +@@ -493,6 +503,16 @@ mpc83xx_deep_resume: + mtspr SPRN_IBAT7U, r6 + mtspr SPRN_IBAT7L, r7 + ++ lwz r4, SS_SPRG+16(r3) ++ lwz r5, SS_SPRG+20(r3) ++ lwz r6, SS_SPRG+24(r3) ++ lwz r7, SS_SPRG+28(r3) ++ ++ mtspr SPRN_SPRG4, r4 ++ mtspr SPRN_SPRG5, r5 ++ mtspr SPRN_SPRG6, r6 ++ mtspr SPRN_SPRG7, r7 ++ + lwz r4, SS_SPRG+0(r3) + lwz r5, SS_SPRG+4(r3) + lwz r6, SS_SPRG+8(r3) diff --git a/queue-4.14/powerpc-fix-32-bit-kvm-pr-lockup-and-host-crash-with-macos-guest.patch b/queue-4.14/powerpc-fix-32-bit-kvm-pr-lockup-and-host-crash-with-macos-guest.patch new file mode 100644 index 00000000000..68412b39e89 --- /dev/null +++ b/queue-4.14/powerpc-fix-32-bit-kvm-pr-lockup-and-host-crash-with-macos-guest.patch @@ -0,0 +1,48 @@ +From fe1ef6bcdb4fca33434256a802a3ed6aacf0bd2f Mon Sep 17 00:00:00 2001 +From: Mark Cave-Ayland +Date: Fri, 8 Feb 2019 14:33:19 +0000 +Subject: powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest + +From: Mark Cave-Ayland + +commit fe1ef6bcdb4fca33434256a802a3ed6aacf0bd2f upstream. + +Commit 8792468da5e1 "powerpc: Add the ability to save FPU without +giving it up" unexpectedly removed the MSR_FE0 and MSR_FE1 bits from +the bitmask used to update the MSR of the previous thread in +__giveup_fpu() causing a KVM-PR MacOS guest to lockup and panic the +host kernel. + +Leaving FE0/1 enabled means unrelated processes might receive FPEs +when they're not expecting them and crash. In particular if this +happens to init the host will then panic. + +eg (transcribed): + qemu-system-ppc[837]: unhandled signal 8 at 12cc9ce4 nip 12cc9ce4 lr 12cc9ca4 code 0 + systemd[1]: unhandled signal 8 at 202f02e0 nip 202f02e0 lr 001003d4 code 0 + Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b + +Reinstate these bits to the MSR bitmask to enable MacOS guests to run +under 32-bit KVM-PR once again without issue. + +Fixes: 8792468da5e1 ("powerpc: Add the ability to save FPU without giving it up") +Cc: stable@vger.kernel.org # v4.6+ +Signed-off-by: Mark Cave-Ayland +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/process.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/process.c ++++ b/arch/powerpc/kernel/process.c +@@ -156,7 +156,7 @@ void __giveup_fpu(struct task_struct *ts + + save_fpu(tsk); + msr = tsk->thread.regs->msr; +- msr &= ~MSR_FP; ++ msr &= ~(MSR_FP|MSR_FE0|MSR_FE1); + #ifdef CONFIG_VSX + if (cpu_has_feature(CPU_FTR_VSX)) + msr &= ~MSR_VSX; diff --git a/queue-4.14/powerpc-hugetlb-don-t-do-runtime-allocation-of-16g-pages-in-lpar-configuration.patch b/queue-4.14/powerpc-hugetlb-don-t-do-runtime-allocation-of-16g-pages-in-lpar-configuration.patch new file mode 100644 index 00000000000..08f88ea1f2e --- /dev/null +++ b/queue-4.14/powerpc-hugetlb-don-t-do-runtime-allocation-of-16g-pages-in-lpar-configuration.patch @@ -0,0 +1,74 @@ +From 35f2806b481f5b9207f25e1886cba5d1c4d12cc7 Mon Sep 17 00:00:00 2001 +From: "Aneesh Kumar K.V" +Date: Fri, 22 Feb 2019 22:55:31 +0530 +Subject: powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Aneesh Kumar K.V + +commit 35f2806b481f5b9207f25e1886cba5d1c4d12cc7 upstream. + +We added runtime allocation of 16G pages in commit 4ae279c2c96a +("powerpc/mm/hugetlb: Allow runtime allocation of 16G.") That was done +to enable 16G allocation on PowerNV and KVM config. In case of KVM +config, we mostly would have the entire guest RAM backed by 16G +hugetlb pages for this to work. PAPR do support partial backing of +guest RAM with hugepages via ibm,expected#pages node of memory node in +the device tree. This means rest of the guest RAM won't be backed by +16G contiguous pages in the host and hence a hash page table insertion +can fail in such case. + +An example error message will look like + + hash-mmu: mm: Hashing failure ! EA=0x7efc00000000 access=0x8000000000000006 current=readback + hash-mmu: trap=0x300 vsid=0x67af789 ssize=1 base psize=14 psize 14 pte=0xc000000400000386 + readback[12260]: unhandled signal 7 at 00007efc00000000 nip 00000000100012d0 lr 000000001000127c code 2 + +This patch address that by preventing runtime allocation of 16G +hugepages in LPAR config. To allocate 16G hugetlb one need to kernel +command line hugepagesz=16G hugepages= + +With radix translation mode we don't run into this issue. + +This change will prevent runtime allocation of 16G hugetlb pages on +kvm with hash translation mode. However, with the current upstream it +was observed that 16G hugetlbfs backed guest doesn't boot at all. + +We observe boot failure with the below message: + [131354.647546] KVM: map_vrma at 0 failed, ret=-4 + +That means this patch is not resulting in an observable regression. +Once we fix the boot issue with 16G hugetlb backed memory, we need to +use ibm,expected#pages memory node attribute to indicate 16G page +reservation to the guest. This will also enable partial backing of +guest RAM with 16G pages. + +Fixes: 4ae279c2c96a ("powerpc/mm/hugetlb: Allow runtime allocation of 16G.") +Cc: stable@vger.kernel.org # v4.14+ +Signed-off-by: Aneesh Kumar K.V +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/include/asm/book3s/64/hugetlb.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/arch/powerpc/include/asm/book3s/64/hugetlb.h ++++ b/arch/powerpc/include/asm/book3s/64/hugetlb.h +@@ -55,6 +55,14 @@ static inline pte_t arch_make_huge_pte(p + #ifdef CONFIG_ARCH_HAS_GIGANTIC_PAGE + static inline bool gigantic_page_supported(void) + { ++ /* ++ * We used gigantic page reservation with hypervisor assist in some case. ++ * We cannot use runtime allocation of gigantic pages in those platforms ++ * This is hash translation mode LPARs. ++ */ ++ if (firmware_has_feature(FW_FEATURE_LPAR) && !radix_enabled()) ++ return false; ++ + return true; + } + #endif diff --git a/queue-4.14/powerpc-powernv-make-opal-log-only-readable-by-root.patch b/queue-4.14/powerpc-powernv-make-opal-log-only-readable-by-root.patch new file mode 100644 index 00000000000..04f4ff2d63f --- /dev/null +++ b/queue-4.14/powerpc-powernv-make-opal-log-only-readable-by-root.patch @@ -0,0 +1,37 @@ +From 7b62f9bd2246b7d3d086e571397c14ba52645ef1 Mon Sep 17 00:00:00 2001 +From: Jordan Niethe +Date: Wed, 27 Feb 2019 14:02:29 +1100 +Subject: powerpc/powernv: Make opal log only readable by root + +From: Jordan Niethe + +commit 7b62f9bd2246b7d3d086e571397c14ba52645ef1 upstream. + +Currently the opal log is globally readable. It is kernel policy to +limit the visibility of physical addresses / kernel pointers to root. +Given this and the fact the opal log may contain this information it +would be better to limit the readability to root. + +Fixes: bfc36894a48b ("powerpc/powernv: Add OPAL message log interface") +Cc: stable@vger.kernel.org # v3.15+ +Signed-off-by: Jordan Niethe +Reviewed-by: Stewart Smith +Reviewed-by: Andrew Donnellan +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/powernv/opal-msglog.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/platforms/powernv/opal-msglog.c ++++ b/arch/powerpc/platforms/powernv/opal-msglog.c +@@ -98,7 +98,7 @@ static ssize_t opal_msglog_read(struct f + } + + static struct bin_attribute opal_msglog_attr = { +- .attr = {.name = "msglog", .mode = 0444}, ++ .attr = {.name = "msglog", .mode = 0400}, + .read = opal_msglog_read + }; + diff --git a/queue-4.14/powerpc-ptrace-simplify-vr_get-set-to-avoid-gcc-warning.patch b/queue-4.14/powerpc-ptrace-simplify-vr_get-set-to-avoid-gcc-warning.patch new file mode 100644 index 00000000000..d1e8da21497 --- /dev/null +++ b/queue-4.14/powerpc-ptrace-simplify-vr_get-set-to-avoid-gcc-warning.patch @@ -0,0 +1,116 @@ +From ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Thu, 14 Feb 2019 11:08:29 +1100 +Subject: powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Michael Ellerman + +commit ca6d5149d2ad0a8d2f9c28cbe379802260a0a5e0 upstream. + +GCC 8 warns about the logic in vr_get/set(), which with -Werror breaks +the build: + + In function ‘user_regset_copyin’, + inlined from ‘vr_set’ at arch/powerpc/kernel/ptrace.c:628:9: + include/linux/regset.h:295:4: error: ‘memcpy’ offset [-527, -529] is + out of the bounds [0, 16] of object ‘vrsave’ with type ‘union + ’ [-Werror=array-bounds] + arch/powerpc/kernel/ptrace.c: In function ‘vr_set’: + arch/powerpc/kernel/ptrace.c:623:5: note: ‘vrsave’ declared here + } vrsave; + +This has been identified as a regression in GCC, see GCC bug 88273. + +However we can avoid the warning and also simplify the logic and make +it more robust. + +Currently we pass -1 as end_pos to user_regset_copyout(). This says +"copy up to the end of the regset". + +The definition of the regset is: + [REGSET_VMX] = { + .core_note_type = NT_PPC_VMX, .n = 34, + .size = sizeof(vector128), .align = sizeof(vector128), + .active = vr_active, .get = vr_get, .set = vr_set + }, + +The end is calculated as (n * size), ie. 34 * sizeof(vector128). + +In vr_get/set() we pass start_pos as 33 * sizeof(vector128), meaning +we can copy up to sizeof(vector128) into/out-of vrsave. + +The on-stack vrsave is defined as: + union { + elf_vrreg_t reg; + u32 word; + } vrsave; + +And elf_vrreg_t is: + typedef __vector128 elf_vrreg_t; + +So there is no bug, but we rely on all those sizes lining up, +otherwise we would have a kernel stack exposure/overwrite on our +hands. + +Rather than relying on that we can pass an explict end_pos based on +the sizeof(vrsave). The result should be exactly the same but it's +more obviously not over-reading/writing the stack and it avoids the +compiler warning. + +Reported-by: Meelis Roos +Reported-by: Mathieu Malaterre +Cc: stable@vger.kernel.org +Tested-by: Mathieu Malaterre +Tested-by: Meelis Roos +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/ptrace.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -547,6 +547,7 @@ static int vr_get(struct task_struct *ta + /* + * Copy out only the low-order word of vrsave. + */ ++ int start, end; + union { + elf_vrreg_t reg; + u32 word; +@@ -555,8 +556,10 @@ static int vr_get(struct task_struct *ta + + vrsave.word = target->thread.vrsave; + ++ start = 33 * sizeof(vector128); ++ end = start + sizeof(vrsave); + ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf, &vrsave, +- 33 * sizeof(vector128), -1); ++ start, end); + } + + return ret; +@@ -594,6 +597,7 @@ static int vr_set(struct task_struct *ta + /* + * We use only the first word of vrsave. + */ ++ int start, end; + union { + elf_vrreg_t reg; + u32 word; +@@ -602,8 +606,10 @@ static int vr_set(struct task_struct *ta + + vrsave.word = target->thread.vrsave; + ++ start = 33 * sizeof(vector128); ++ end = start + sizeof(vrsave); + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, &vrsave, +- 33 * sizeof(vector128), -1); ++ start, end); + if (!ret) + target->thread.vrsave = vrsave.word; + } diff --git a/queue-4.14/powerpc-traps-fix-recoverability-of-machine-check-handling-on-book3s-32.patch b/queue-4.14/powerpc-traps-fix-recoverability-of-machine-check-handling-on-book3s-32.patch new file mode 100644 index 00000000000..4a89481abe8 --- /dev/null +++ b/queue-4.14/powerpc-traps-fix-recoverability-of-machine-check-handling-on-book3s-32.patch @@ -0,0 +1,46 @@ +From 0bbea75c476b77fa7d7811d6be911cc7583e640f Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Tue, 22 Jan 2019 14:11:24 +0000 +Subject: powerpc/traps: fix recoverability of machine check handling on book3s/32 + +From: Christophe Leroy + +commit 0bbea75c476b77fa7d7811d6be911cc7583e640f upstream. + +Looks like book3s/32 doesn't set RI on machine check, so +checking RI before calling die() will always be fatal +allthought this is not an issue in most cases. + +Fixes: b96672dd840f ("powerpc: Machine check interrupt is a non-maskable interrupt") +Fixes: daf00ae71dad ("powerpc/traps: restore recoverability of machine_check interrupts") +Signed-off-by: Christophe Leroy +Cc: stable@vger.kernel.org +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/traps.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/powerpc/kernel/traps.c ++++ b/arch/powerpc/kernel/traps.c +@@ -694,15 +694,15 @@ void machine_check_exception(struct pt_r + if (check_io_access(regs)) + goto bail; + +- /* Must die if the interrupt is not recoverable */ +- if (!(regs->msr & MSR_RI)) +- nmi_panic(regs, "Unrecoverable Machine check"); +- + if (!nested) + nmi_exit(); + + die("Machine check", regs, SIGBUS); + ++ /* Must die if the interrupt is not recoverable */ ++ if (!(regs->msr & MSR_RI)) ++ nmi_panic(regs, "Unrecoverable Machine check"); ++ + return; + + bail: diff --git a/queue-4.14/powerpc-traps-fix-the-message-printed-when-stack-overflows.patch b/queue-4.14/powerpc-traps-fix-the-message-printed-when-stack-overflows.patch new file mode 100644 index 00000000000..047cc82515e --- /dev/null +++ b/queue-4.14/powerpc-traps-fix-the-message-printed-when-stack-overflows.patch @@ -0,0 +1,41 @@ +From 9bf3d3c4e4fd82c7174f4856df372ab2a71005b9 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Tue, 29 Jan 2019 16:37:55 +0000 +Subject: powerpc/traps: Fix the message printed when stack overflows + +From: Christophe Leroy + +commit 9bf3d3c4e4fd82c7174f4856df372ab2a71005b9 upstream. + +Today's message is useless: + + [ 42.253267] Kernel stack overflow in process (ptrval), r1=c65500b0 + +This patch fixes it: + + [ 66.905235] Kernel stack overflow in process sh[356], r1=c65560b0 + +Fixes: ad67b74d2469 ("printk: hash addresses printed with %p") +Cc: stable@vger.kernel.org # v4.15+ +Signed-off-by: Christophe Leroy +[mpe: Use task_pid_nr()] +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/traps.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kernel/traps.c ++++ b/arch/powerpc/kernel/traps.c +@@ -1292,8 +1292,8 @@ void slb_miss_bad_addr(struct pt_regs *r + + void StackOverflow(struct pt_regs *regs) + { +- printk(KERN_CRIT "Kernel stack overflow in process %p, r1=%lx\n", +- current, regs->gpr[1]); ++ pr_crit("Kernel stack overflow in process %s[%d], r1=%lx\n", ++ current->comm, task_pid_nr(current), regs->gpr[1]); + debugger(regs); + show_regs(regs); + panic("kernel stack overflow"); diff --git a/queue-4.14/powerpc-wii-properly-disable-use-of-bats-when-requested.patch b/queue-4.14/powerpc-wii-properly-disable-use-of-bats-when-requested.patch new file mode 100644 index 00000000000..966f537c8fe --- /dev/null +++ b/queue-4.14/powerpc-wii-properly-disable-use-of-bats-when-requested.patch @@ -0,0 +1,39 @@ +From 6d183ca8baec983dc4208ca45ece3c36763df912 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Thu, 21 Feb 2019 19:08:37 +0000 +Subject: powerpc/wii: properly disable use of BATs when requested. + +From: Christophe Leroy + +commit 6d183ca8baec983dc4208ca45ece3c36763df912 upstream. + +'nobats' kernel parameter or some options like CONFIG_DEBUG_PAGEALLOC +deny the use of BATS for mapping memory. + +This patch makes sure that the specific wii RAM mapping function +takes it into account as well. + +Fixes: de32400dd26e ("wii: use both mem1 and mem2 as ram") +Cc: stable@vger.kernel.org +Reviewed-by: Jonathan Neuschafer +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/embedded6xx/wii.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/powerpc/platforms/embedded6xx/wii.c ++++ b/arch/powerpc/platforms/embedded6xx/wii.c +@@ -104,6 +104,10 @@ unsigned long __init wii_mmu_mapin_mem2( + /* MEM2 64MB@0x10000000 */ + delta = wii_hole_start + wii_hole_size; + size = top - delta; ++ ++ if (__map_without_bats) ++ return delta; ++ + for (bl = 128<<10; bl < max_size; bl <<= 1) { + if (bl * 2 > size) + break; diff --git a/queue-4.14/security-selinux-fix-security_lsm_native_labels-on-reused-superblock.patch b/queue-4.14/security-selinux-fix-security_lsm_native_labels-on-reused-superblock.patch new file mode 100644 index 00000000000..1f053289739 --- /dev/null +++ b/queue-4.14/security-selinux-fix-security_lsm_native_labels-on-reused-superblock.patch @@ -0,0 +1,47 @@ +From 3815a245b50124f0865415dcb606a034e97494d4 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Tue, 5 Mar 2019 16:17:58 -0500 +Subject: security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock + +From: J. Bruce Fields + +commit 3815a245b50124f0865415dcb606a034e97494d4 upstream. + +In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts() +fails to set set_kern_flags, with the result that +nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL. + +The result is that if you mount the same NFS filesystem twice, NFS +security labels are turned off, even if they would work fine if you +mounted the filesystem only once. + +("fixes" may be not exactly the right tag, it may be more like +"fixed-other-cases-but-missed-this-one".) + +Cc: Scott Mayhew +Cc: stable@vger.kernel.org +Fixes: 0b4d3452b8b4 "security/selinux: allow security_sb_clone_mnt_opts..." +Signed-off-by: J. Bruce Fields +Acked-by: Stephen Smalley +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman + +--- + security/selinux/hooks.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/security/selinux/hooks.c ++++ b/security/selinux/hooks.c +@@ -1000,8 +1000,11 @@ static int selinux_sb_clone_mnt_opts(con + BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); + + /* if fs is reusing a sb, make sure that the contexts match */ +- if (newsbsec->flags & SE_SBINITIALIZED) ++ if (newsbsec->flags & SE_SBINITIALIZED) { ++ if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context) ++ *set_kern_flags |= SECURITY_LSM_NATIVE_LABELS; + return selinux_cmp_sb_context(oldsb, newsb); ++ } + + mutex_lock(&newsbsec->lock); + diff --git a/queue-4.14/serial-8250_of-assume-reg-shift-of-2-for-mrvl-mmp-uart.patch b/queue-4.14/serial-8250_of-assume-reg-shift-of-2-for-mrvl-mmp-uart.patch new file mode 100644 index 00000000000..188cd38abd0 --- /dev/null +++ b/queue-4.14/serial-8250_of-assume-reg-shift-of-2-for-mrvl-mmp-uart.patch @@ -0,0 +1,37 @@ +From f4817843e39ce78aace0195a57d4e8500a65a898 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Sun, 24 Feb 2019 13:00:53 +0100 +Subject: serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart + +From: Lubomir Rintel + +commit f4817843e39ce78aace0195a57d4e8500a65a898 upstream. + +There are two other drivers that bind to mrvl,mmp-uart and both of them +assume register shift of 2 bits. There are device trees that lack the +property and rely on that assumption. + +If this driver wins the race to bind to those devices, it should behave +the same as the older deprecated driver. + +Signed-off-by: Lubomir Rintel +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/8250/8250_of.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/tty/serial/8250/8250_of.c ++++ b/drivers/tty/serial/8250/8250_of.c +@@ -105,6 +105,10 @@ static int of_platform_serial_setup(stru + if (of_property_read_u32(np, "reg-offset", &prop) == 0) + port->mapbase += prop; + ++ /* Compatibility with the deprecated pxa driver and 8250_pxa drivers. */ ++ if (of_device_is_compatible(np, "mrvl,mmp-uart")) ++ port->regshift = 2; ++ + /* Check for registers offset within the devices address range */ + if (of_property_read_u32(np, "reg-shift", &prop) == 0) + port->regshift = prop; diff --git a/queue-4.14/serial-8250_pci-fix-number-of-ports-for-acces-serial-cards.patch b/queue-4.14/serial-8250_pci-fix-number-of-ports-for-acces-serial-cards.patch new file mode 100644 index 00000000000..551e07b8982 --- /dev/null +++ b/queue-4.14/serial-8250_pci-fix-number-of-ports-for-acces-serial-cards.patch @@ -0,0 +1,139 @@ +From b896b03bc7fce43a07012cc6bf5e2ab2fddf3364 Mon Sep 17 00:00:00 2001 +From: Jay Dolan +Date: Tue, 12 Feb 2019 21:43:11 -0800 +Subject: serial: 8250_pci: Fix number of ports for ACCES serial cards + +From: Jay Dolan + +commit b896b03bc7fce43a07012cc6bf5e2ab2fddf3364 upstream. + +Have the correct number of ports created for ACCES serial cards. Two port +cards show up as four ports, and four port cards show up as eight. + +Fixes: c8d192428f52 ("serial: 8250: added acces i/o products quad and octal serial cards") +Signed-off-by: Jay Dolan +Cc: stable +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/8250/8250_pci.c | 36 ++++++++++++++++++------------------ + 1 file changed, 18 insertions(+), 18 deletions(-) + +--- a/drivers/tty/serial/8250/8250_pci.c ++++ b/drivers/tty/serial/8250/8250_pci.c +@@ -4580,10 +4580,10 @@ static const struct pci_device_id serial + */ + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM_2SDB, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_MPCIE_COM_2S, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM_4SDB, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7954 }, +@@ -4592,10 +4592,10 @@ static const struct pci_device_id serial + pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM232_2DB, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_MPCIE_COM232_2, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM232_4DB, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7954 }, +@@ -4604,10 +4604,10 @@ static const struct pci_device_id serial + pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM_2SMDB, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_MPCIE_COM_2SM, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM_4SMDB, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7954 }, +@@ -4616,13 +4616,13 @@ static const struct pci_device_id serial + pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_MPCIE_ICM485_1, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7951 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_MPCIE_ICM422_2, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_MPCIE_ICM485_2, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_MPCIE_ICM422_4, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7954 }, +@@ -4631,16 +4631,16 @@ static const struct pci_device_id serial + pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_ICM_2S, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_ICM_4S, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_ICM232_2, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_MPCIE_ICM232_2, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_ICM232_4, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7954 }, +@@ -4649,13 +4649,13 @@ static const struct pci_device_id serial + pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_ICM_2SM, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7954 }, ++ pbn_pericom_PI7C9X7952 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM422_4, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7958 }, ++ pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM485_4, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7958 }, ++ pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM422_8, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7958 }, +@@ -4664,19 +4664,19 @@ static const struct pci_device_id serial + pbn_pericom_PI7C9X7958 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM232_4, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7958 }, ++ pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM232_8, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7958 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM_4SM, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7958 }, ++ pbn_pericom_PI7C9X7954 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_COM_8SM, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, + pbn_pericom_PI7C9X7958 }, + { PCI_VENDOR_ID_ACCESIO, PCI_DEVICE_ID_ACCESIO_PCIE_ICM_4SM, + PCI_ANY_ID, PCI_ANY_ID, 0, 0, +- pbn_pericom_PI7C9X7958 }, ++ pbn_pericom_PI7C9X7954 }, + /* + * Topic TP560 Data/Fax/Voice 56k modem (reported by Evan Clarke) + */ diff --git a/queue-4.14/serial-8250_pci-have-acces-cards-that-use-the-four-port-pericom-pi7c9x7954-chip-use-the-pci_pericom_setup.patch b/queue-4.14/serial-8250_pci-have-acces-cards-that-use-the-four-port-pericom-pi7c9x7954-chip-use-the-pci_pericom_setup.patch new file mode 100644 index 00000000000..32d186d5b74 --- /dev/null +++ b/queue-4.14/serial-8250_pci-have-acces-cards-that-use-the-four-port-pericom-pi7c9x7954-chip-use-the-pci_pericom_setup.patch @@ -0,0 +1,135 @@ +From 78d3820b9bd39028727c6aab7297b63c093db343 Mon Sep 17 00:00:00 2001 +From: Jay Dolan +Date: Tue, 12 Feb 2019 21:43:12 -0800 +Subject: serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() + +From: Jay Dolan + +commit 78d3820b9bd39028727c6aab7297b63c093db343 upstream. + +The four port Pericom chips have the fourth port at the wrong address. +Make use of quirk to fix it. + +Fixes: c8d192428f52 ("serial: 8250: added acces i/o products quad and octal serial cards") +Cc: stable +Signed-off-by: Jay Dolan +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/8250/8250_pci.c | 105 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 105 insertions(+) + +--- a/drivers/tty/serial/8250/8250_pci.c ++++ b/drivers/tty/serial/8250/8250_pci.c +@@ -2033,6 +2033,111 @@ static struct pci_serial_quirk pci_seria + .setup = pci_default_setup, + .exit = pci_plx9050_exit, + }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_COM_4SDB, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_MPCIE_COM_4S, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_COM232_4DB, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_MPCIE_COM232_4, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_COM_4SMDB, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_MPCIE_COM_4SM, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_MPCIE_ICM422_4, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_MPCIE_ICM485_4, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_DEVICE_ID_ACCESIO_PCIE_ICM_4S, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_ICM232_4, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_MPCIE_ICM232_4, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_COM422_4, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_COM485_4, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_COM232_4, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_COM_4SM, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, ++ { ++ .vendor = PCI_VENDOR_ID_ACCESIO, ++ .device = PCI_DEVICE_ID_ACCESIO_PCIE_ICM_4SM, ++ .subvendor = PCI_ANY_ID, ++ .subdevice = PCI_ANY_ID, ++ .setup = pci_pericom_setup, ++ }, + /* + * SBS Technologies, Inc., PMC-OCTALPRO 232 + */ diff --git a/queue-4.14/serial-uartps-fix-stuck-isr-if-rx-disabled-with-non-empty-fifo.patch b/queue-4.14/serial-uartps-fix-stuck-isr-if-rx-disabled-with-non-empty-fifo.patch new file mode 100644 index 00000000000..9b258c8330a --- /dev/null +++ b/queue-4.14/serial-uartps-fix-stuck-isr-if-rx-disabled-with-non-empty-fifo.patch @@ -0,0 +1,56 @@ +From 7abab1605139bc41442864c18f9573440f7ca105 Mon Sep 17 00:00:00 2001 +From: Anssi Hannula +Date: Fri, 15 Feb 2019 18:45:08 +0200 +Subject: serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO + +From: Anssi Hannula + +commit 7abab1605139bc41442864c18f9573440f7ca105 upstream. + +If RX is disabled while there are still unprocessed bytes in RX FIFO, +cdns_uart_handle_rx() called from interrupt handler will get stuck in +the receive loop as read bytes will not get removed from the RX FIFO +and CDNS_UART_SR_RXEMPTY bit will never get set. + +Avoid the stuck handler by checking first if RX is disabled. port->lock +protects against race with RX-disabling functions. + +This HW behavior was mentioned by Nathan Rossi in 43e98facc4a3 ("tty: +xuartps: Fix RX hang, and TX corruption in termios call") which fixed a +similar issue in cdns_uart_set_termios(). +The behavior can also be easily verified by e.g. setting +CDNS_UART_CR_RX_DIS at the beginning of cdns_uart_handle_rx() - the +following loop will then get stuck. + +Resetting the FIFO using RXRST would not set RXEMPTY either so simply +issuing a reset after RX-disable would not work. + +I observe this frequently on a ZynqMP board during heavy RX load at 1M +baudrate when the reader process exits and thus RX gets disabled. + +Fixes: 61ec9016988f ("tty/serial: add support for Xilinx PS UART") +Signed-off-by: Anssi Hannula +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/xilinx_uartps.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/drivers/tty/serial/xilinx_uartps.c ++++ b/drivers/tty/serial/xilinx_uartps.c +@@ -366,7 +366,13 @@ static irqreturn_t cdns_uart_isr(int irq + cdns_uart_handle_tx(dev_id); + isrstatus &= ~CDNS_UART_IXR_TXEMPTY; + } +- if (isrstatus & CDNS_UART_IXR_RXMASK) ++ ++ /* ++ * Skip RX processing if RX is disabled as RXEMPTY will never be set ++ * as read bytes will not be removed from the FIFO. ++ */ ++ if (isrstatus & CDNS_UART_IXR_RXMASK && ++ !(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS)) + cdns_uart_handle_rx(dev_id, isrstatus); + + spin_unlock(&port->lock); diff --git a/queue-4.14/series b/queue-4.14/series index 1e433a97a39..a0eff0a81eb 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -128,3 +128,23 @@ parport_pc-fix-find_superio-io-compare-code-should-use-equal-test.patch i2c-tegra-fix-maximum-transfer-size.patch crypto-arm64-aes-neonbs-fix-returning-final-keystream-block.patch drm-i915-relax-mmap-vma-check.patch +serial-uartps-fix-stuck-isr-if-rx-disabled-with-non-empty-fifo.patch +serial-8250_of-assume-reg-shift-of-2-for-mrvl-mmp-uart.patch +serial-8250_pci-fix-number-of-ports-for-acces-serial-cards.patch +serial-8250_pci-have-acces-cards-that-use-the-four-port-pericom-pi7c9x7954-chip-use-the-pci_pericom_setup.patch +jbd2-clear-dirty-flag-when-revoking-a-buffer-from-an-older-transaction.patch +jbd2-fix-compile-warning-when-using-jbuffer_trace.patch +security-selinux-fix-security_lsm_native_labels-on-reused-superblock.patch +powerpc-32-clear-on-stack-exception-marker-upon-exception-return.patch +powerpc-wii-properly-disable-use-of-bats-when-requested.patch +powerpc-powernv-make-opal-log-only-readable-by-root.patch +powerpc-83xx-also-save-restore-sprg4-7-during-suspend.patch +powerpc-fix-32-bit-kvm-pr-lockup-and-host-crash-with-macos-guest.patch +powerpc-ptrace-simplify-vr_get-set-to-avoid-gcc-warning.patch +powerpc-hugetlb-don-t-do-runtime-allocation-of-16g-pages-in-lpar-configuration.patch +powerpc-traps-fix-recoverability-of-machine-check-handling-on-book3s-32.patch +powerpc-traps-fix-the-message-printed-when-stack-overflows.patch +arm-s3c24xx-fix-boolean-expressions-in-osiris_dvs_notify.patch +arm64-fix-hcr.tge-status-for-nmi-contexts.patch +arm64-debug-ensure-debug-handlers-check-triggering-exception-level.patch +arm64-kvm-fix-architecturally-invalid-reset-value-for-fpexc32_el2.patch