From: Sasha Levin Date: Sat, 5 Oct 2019 23:46:45 +0000 (-0400) Subject: fixes for 4.9 X-Git-Tag: v4.9.196~25^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1e8eea79f8515b399d2be83420a2b1dc49592904;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 4.9 Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/arm-8898-1-mm-don-t-treat-faults-reported-from-cache.patch b/queue-4.9/arm-8898-1-mm-don-t-treat-faults-reported-from-cache.patch new file mode 100644 index 00000000000..17535aee941 --- /dev/null +++ b/queue-4.9/arm-8898-1-mm-don-t-treat-faults-reported-from-cache.patch @@ -0,0 +1,76 @@ +From b46e2de483c80d7ad5d46938f445f9cfbf6a06f1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Aug 2019 16:51:00 +0100 +Subject: ARM: 8898/1: mm: Don't treat faults reported from cache maintenance + as writes + +From: Will Deacon + +[ Upstream commit 834020366da9ab3fb87d1eb9a3160eb22dbed63a ] + +Translation faults arising from cache maintenance instructions are +rather unhelpfully reported with an FSR value where the WnR field is set +to 1, indicating that the faulting access was a write. Since cache +maintenance instructions on 32-bit ARM do not require any particular +permissions, this can cause our private 'cacheflush' system call to fail +spuriously if a translation fault is generated due to page aging when +targetting a read-only VMA. + +In this situation, we will return -EFAULT to userspace, although this is +unfortunately suppressed by the popular '__builtin___clear_cache()' +intrinsic provided by GCC, which returns void. + +Although it's tempting to write this off as a userspace issue, we can +actually do a little bit better on CPUs that support LPAE, even if the +short-descriptor format is in use. On these CPUs, cache maintenance +faults additionally set the CM field in the FSR, which we can use to +suppress the write permission checks in the page fault handler and +succeed in performing cache maintenance to read-only areas even in the +presence of a translation fault. + +Reported-by: Orion Hodson +Signed-off-by: Will Deacon +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/mm/fault.c | 4 ++-- + arch/arm/mm/fault.h | 1 + + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c +index 5ca207ada8524..2539c8f9fb3fa 100644 +--- a/arch/arm/mm/fault.c ++++ b/arch/arm/mm/fault.c +@@ -214,7 +214,7 @@ static inline bool access_error(unsigned int fsr, struct vm_area_struct *vma) + { + unsigned int mask = VM_READ | VM_WRITE | VM_EXEC; + +- if (fsr & FSR_WRITE) ++ if ((fsr & FSR_WRITE) && !(fsr & FSR_CM)) + mask = VM_WRITE; + if (fsr & FSR_LNX_PF) + mask = VM_EXEC; +@@ -284,7 +284,7 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) + + if (user_mode(regs)) + flags |= FAULT_FLAG_USER; +- if (fsr & FSR_WRITE) ++ if ((fsr & FSR_WRITE) && !(fsr & FSR_CM)) + flags |= FAULT_FLAG_WRITE; + + /* +diff --git a/arch/arm/mm/fault.h b/arch/arm/mm/fault.h +index afc1f84e763b2..9bc272642d55a 100644 +--- a/arch/arm/mm/fault.h ++++ b/arch/arm/mm/fault.h +@@ -5,6 +5,7 @@ + * Fault status register encodings. We steal bit 31 for our own purposes. + */ + #define FSR_LNX_PF (1 << 31) ++#define FSR_CM (1 << 13) + #define FSR_WRITE (1 << 11) + #define FSR_FS4 (1 << 10) + #define FSR_FS3_0 (15) +-- +2.20.1 + diff --git a/queue-4.9/arm-8903-1-ensure-that-usable-memory-in-bank-0-start.patch b/queue-4.9/arm-8903-1-ensure-that-usable-memory-in-bank-0-start.patch new file mode 100644 index 00000000000..1cfcc1635f2 --- /dev/null +++ b/queue-4.9/arm-8903-1-ensure-that-usable-memory-in-bank-0-start.patch @@ -0,0 +1,58 @@ +From 1372b4b73b9a9663d509850240f13e5f271cd081 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 30 Aug 2019 14:27:56 +0100 +Subject: ARM: 8903/1: ensure that usable memory in bank 0 starts from a + PMD-aligned address + +From: Mike Rapoport + +[ Upstream commit 00d2ec1e6bd82c0538e6dd3e4a4040de93ba4fef ] + +The calculation of memblock_limit in adjust_lowmem_bounds() assumes that +bank 0 starts from a PMD-aligned address. However, the beginning of the +first bank may be NOMAP memory and the start of usable memory +will be not aligned to PMD boundary. In such case the memblock_limit will +be set to the end of the NOMAP region, which will prevent any memblock +allocations. + +Mark the region between the end of the NOMAP area and the next PMD-aligned +address as NOMAP as well, so that the usable memory will start at +PMD-aligned address. + +Signed-off-by: Mike Rapoport +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/mm/mmu.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c +index f7c741358f37e..241bf898adf5b 100644 +--- a/arch/arm/mm/mmu.c ++++ b/arch/arm/mm/mmu.c +@@ -1168,6 +1168,22 @@ void __init adjust_lowmem_bounds(void) + */ + vmalloc_limit = (u64)(uintptr_t)vmalloc_min - PAGE_OFFSET + PHYS_OFFSET; + ++ /* ++ * The first usable region must be PMD aligned. Mark its start ++ * as MEMBLOCK_NOMAP if it isn't ++ */ ++ for_each_memblock(memory, reg) { ++ if (!memblock_is_nomap(reg)) { ++ if (!IS_ALIGNED(reg->base, PMD_SIZE)) { ++ phys_addr_t len; ++ ++ len = round_up(reg->base, PMD_SIZE) - reg->base; ++ memblock_mark_nomap(reg->base, len); ++ } ++ break; ++ } ++ } ++ + for_each_memblock(memory, reg) { + phys_addr_t block_start = reg->base; + phys_addr_t block_end = reg->base + reg->size; +-- +2.20.1 + diff --git a/queue-4.9/arm64-fix-unreachable-code-issue-with-cmpxchg.patch b/queue-4.9/arm64-fix-unreachable-code-issue-with-cmpxchg.patch new file mode 100644 index 00000000000..f03ca06bd88 --- /dev/null +++ b/queue-4.9/arm64-fix-unreachable-code-issue-with-cmpxchg.patch @@ -0,0 +1,69 @@ +From b544a7b1d8d9abc80e602a89a8c1d8bb11fca080 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Sep 2019 13:56:22 +0200 +Subject: arm64: fix unreachable code issue with cmpxchg + +From: Arnd Bergmann + +[ Upstream commit 920fdab7b3ce98c14c840261e364f490f3679a62 ] + +On arm64 build with clang, sometimes the __cmpxchg_mb is not inlined +when CONFIG_OPTIMIZE_INLINING is set. +Clang then fails a compile-time assertion, because it cannot tell at +compile time what the size of the argument is: + +mm/memcontrol.o: In function `__cmpxchg_mb': +memcontrol.c:(.text+0x1a4c): undefined reference to `__compiletime_assert_175' +memcontrol.c:(.text+0x1a4c): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `__compiletime_assert_175' + +Mark all of the cmpxchg() style functions as __always_inline to +ensure that the compiler can see the result. + +Acked-by: Nick Desaulniers +Reported-by: Nathan Chancellor +Link: https://github.com/ClangBuiltLinux/linux/issues/648 +Reviewed-by: Nathan Chancellor +Tested-by: Nathan Chancellor +Reviewed-by: Andrew Murray +Tested-by: Andrew Murray +Signed-off-by: Arnd Bergmann +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/cmpxchg.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/arm64/include/asm/cmpxchg.h b/arch/arm64/include/asm/cmpxchg.h +index 0f2e1ab5e1666..9b2e2e2e728ae 100644 +--- a/arch/arm64/include/asm/cmpxchg.h ++++ b/arch/arm64/include/asm/cmpxchg.h +@@ -73,7 +73,7 @@ __XCHG_CASE( , , mb_8, dmb ish, nop, , a, l, "memory") + #undef __XCHG_CASE + + #define __XCHG_GEN(sfx) \ +-static inline unsigned long __xchg##sfx(unsigned long x, \ ++static __always_inline unsigned long __xchg##sfx(unsigned long x, \ + volatile void *ptr, \ + int size) \ + { \ +@@ -115,7 +115,7 @@ __XCHG_GEN(_mb) + #define xchg(...) __xchg_wrapper( _mb, __VA_ARGS__) + + #define __CMPXCHG_GEN(sfx) \ +-static inline unsigned long __cmpxchg##sfx(volatile void *ptr, \ ++static __always_inline unsigned long __cmpxchg##sfx(volatile void *ptr, \ + unsigned long old, \ + unsigned long new, \ + int size) \ +@@ -248,7 +248,7 @@ __CMPWAIT_CASE( , , 8); + #undef __CMPWAIT_CASE + + #define __CMPWAIT_GEN(sfx) \ +-static inline void __cmpwait##sfx(volatile void *ptr, \ ++static __always_inline void __cmpwait##sfx(volatile void *ptr, \ + unsigned long val, \ + int size) \ + { \ +-- +2.20.1 + diff --git a/queue-4.9/clk-at91-select-parent-if-main-oscillator-or-bypass-.patch b/queue-4.9/clk-at91-select-parent-if-main-oscillator-or-bypass-.patch new file mode 100644 index 00000000000..bac00ff2f50 --- /dev/null +++ b/queue-4.9/clk-at91-select-parent-if-main-oscillator-or-bypass-.patch @@ -0,0 +1,73 @@ +From 86f370ca68e7ef6c0308503acd40d77f051c351d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 9 Sep 2019 15:30:34 +0000 +Subject: clk: at91: select parent if main oscillator or bypass is enabled + +From: Eugen Hristev + +[ Upstream commit 69a6bcde7fd3fe6f3268ce26f31d9d9378384c98 ] + +Selecting the right parent for the main clock is done using only +main oscillator enabled bit. +In case we have this oscillator bypassed by an external signal (no driving +on the XOUT line), we still use external clock, but with BYPASS bit set. +So, in this case we must select the same parent as before. +Create a macro that will select the right parent considering both bits from +the MOR register. +Use this macro when looking for the right parent. + +Signed-off-by: Eugen Hristev +Link: https://lkml.kernel.org/r/1568042692-11784-2-git-send-email-eugen.hristev@microchip.com +Acked-by: Alexandre Belloni +Reviewed-by: Claudiu Beznea +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/at91/clk-main.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/drivers/clk/at91/clk-main.c b/drivers/clk/at91/clk-main.c +index c813c27f2e58c..2f97a843d6d6b 100644 +--- a/drivers/clk/at91/clk-main.c ++++ b/drivers/clk/at91/clk-main.c +@@ -27,6 +27,10 @@ + + #define MOR_KEY_MASK (0xff << 16) + ++#define clk_main_parent_select(s) (((s) & \ ++ (AT91_PMC_MOSCEN | \ ++ AT91_PMC_OSCBYPASS)) ? 1 : 0) ++ + struct clk_main_osc { + struct clk_hw hw; + struct regmap *regmap; +@@ -119,7 +123,7 @@ static int clk_main_osc_is_prepared(struct clk_hw *hw) + + regmap_read(regmap, AT91_PMC_SR, &status); + +- return (status & AT91_PMC_MOSCS) && (tmp & AT91_PMC_MOSCEN); ++ return (status & AT91_PMC_MOSCS) && clk_main_parent_select(tmp); + } + + static const struct clk_ops main_osc_ops = { +@@ -530,7 +534,7 @@ static u8 clk_sam9x5_main_get_parent(struct clk_hw *hw) + + regmap_read(clkmain->regmap, AT91_CKGR_MOR, &status); + +- return status & AT91_PMC_MOSCEN ? 1 : 0; ++ return clk_main_parent_select(status); + } + + static const struct clk_ops sam9x5_main_ops = { +@@ -572,7 +576,7 @@ at91_clk_register_sam9x5_main(struct regmap *regmap, + clkmain->hw.init = &init; + clkmain->regmap = regmap; + regmap_read(clkmain->regmap, AT91_CKGR_MOR, &status); +- clkmain->parent = status & AT91_PMC_MOSCEN ? 1 : 0; ++ clkmain->parent = clk_main_parent_select(status); + + hw = &clkmain->hw; + ret = clk_hw_register(NULL, &clkmain->hw); +-- +2.20.1 + diff --git a/queue-4.9/clk-jz4740-add-tcu-clock.patch b/queue-4.9/clk-jz4740-add-tcu-clock.patch new file mode 100644 index 00000000000..303604bffbc --- /dev/null +++ b/queue-4.9/clk-jz4740-add-tcu-clock.patch @@ -0,0 +1,73 @@ +From 98202f2cb6a7be60a067362352a52f74933cc818 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Jul 2019 13:16:10 -0400 +Subject: clk: jz4740: Add TCU clock + +From: Paul Cercueil + +[ Upstream commit 73dd11dc1a883d4c994d729dc9984f4890001157 ] + +Add the missing TCU clock to the list of clocks supplied by the CGU for +the JZ4740 SoC. + +Signed-off-by: Paul Cercueil +Tested-by: Mathieu Malaterre +Tested-by: Artur Rojek +Acked-by: Stephen Boyd +Acked-by: Rob Herring +Signed-off-by: Paul Burton +Cc: Ralf Baechle +Cc: James Hogan +Cc: Jonathan Corbet +Cc: Lee Jones +Cc: Arnd Bergmann +Cc: Daniel Lezcano +Cc: Thomas Gleixner +Cc: Michael Turquette +Cc: Jason Cooper +Cc: Marc Zyngier +Cc: Rob Herring +Cc: Mark Rutland +Cc: devicetree@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Cc: linux-doc@vger.kernel.org +Cc: linux-mips@vger.kernel.org +Cc: linux-clk@vger.kernel.org +Cc: od@zcrc.me +Signed-off-by: Sasha Levin +--- + drivers/clk/ingenic/jz4740-cgu.c | 6 ++++++ + include/dt-bindings/clock/jz4740-cgu.h | 1 + + 2 files changed, 7 insertions(+) + +diff --git a/drivers/clk/ingenic/jz4740-cgu.c b/drivers/clk/ingenic/jz4740-cgu.c +index 510fe7e0c8f1c..79f0d48ec875b 100644 +--- a/drivers/clk/ingenic/jz4740-cgu.c ++++ b/drivers/clk/ingenic/jz4740-cgu.c +@@ -211,6 +211,12 @@ static const struct ingenic_cgu_clk_info jz4740_cgu_clocks[] = { + .parents = { JZ4740_CLK_EXT, -1, -1, -1 }, + .gate = { CGU_REG_CLKGR, 5 }, + }, ++ ++ [JZ4740_CLK_TCU] = { ++ "tcu", CGU_CLK_GATE, ++ .parents = { JZ4740_CLK_EXT, -1, -1, -1 }, ++ .gate = { CGU_REG_CLKGR, 1 }, ++ }, + }; + + static void __init jz4740_cgu_init(struct device_node *np) +diff --git a/include/dt-bindings/clock/jz4740-cgu.h b/include/dt-bindings/clock/jz4740-cgu.h +index 43153d3e9bd26..ff7c27bc98e37 100644 +--- a/include/dt-bindings/clock/jz4740-cgu.h ++++ b/include/dt-bindings/clock/jz4740-cgu.h +@@ -33,5 +33,6 @@ + #define JZ4740_CLK_ADC 19 + #define JZ4740_CLK_I2C 20 + #define JZ4740_CLK_AIC 21 ++#define JZ4740_CLK_TCU 22 + + #endif /* __DT_BINDINGS_CLOCK_JZ4740_CGU_H__ */ +-- +2.20.1 + diff --git a/queue-4.9/clk-qoriq-fix-wunused-const-variable.patch b/queue-4.9/clk-qoriq-fix-wunused-const-variable.patch new file mode 100644 index 00000000000..d0c15563f44 --- /dev/null +++ b/queue-4.9/clk-qoriq-fix-wunused-const-variable.patch @@ -0,0 +1,49 @@ +From 09dcde18fa104c468b187b50277236581e41a246 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 27 Jun 2019 15:06:42 -0700 +Subject: clk: qoriq: Fix -Wunused-const-variable + +From: Nathan Huckleberry + +[ Upstream commit a95fb581b144b5e73da382eaedb2e32027610597 ] + +drivers/clk/clk-qoriq.c:138:38: warning: unused variable +'p5020_cmux_grp1' [-Wunused-const-variable] static const struct +clockgen_muxinfo p5020_cmux_grp1 + +drivers/clk/clk-qoriq.c:146:38: warning: unused variable +'p5020_cmux_grp2' [-Wunused-const-variable] static const struct +clockgen_muxinfo p5020_cmux_grp2 + +In the definition of the p5020 chip, the p2041 chip's info was used +instead. The p5020 and p2041 chips have different info. This is most +likely a typo. + +Link: https://github.com/ClangBuiltLinux/linux/issues/525 +Cc: clang-built-linux@googlegroups.com +Signed-off-by: Nathan Huckleberry +Link: https://lkml.kernel.org/r/20190627220642.78575-1-nhuck@google.com +Reviewed-by: Nick Desaulniers +Acked-by: Scott Wood +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/clk-qoriq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/clk/clk-qoriq.c b/drivers/clk/clk-qoriq.c +index 80ae2a51452d7..cdce49f6476aa 100644 +--- a/drivers/clk/clk-qoriq.c ++++ b/drivers/clk/clk-qoriq.c +@@ -540,7 +540,7 @@ static const struct clockgen_chipinfo chipinfo[] = { + .guts_compat = "fsl,qoriq-device-config-1.0", + .init_periph = p5020_init_periph, + .cmux_groups = { +- &p2041_cmux_grp1, &p2041_cmux_grp2 ++ &p5020_cmux_grp1, &p5020_cmux_grp2 + }, + .cmux_to_group = { + 0, 1, -1 +-- +2.20.1 + diff --git a/queue-4.9/clk-sirf-don-t-reference-clk_init_data-after-registr.patch b/queue-4.9/clk-sirf-don-t-reference-clk_init_data-after-registr.patch new file mode 100644 index 00000000000..4ab5faf1d2c --- /dev/null +++ b/queue-4.9/clk-sirf-don-t-reference-clk_init_data-after-registr.patch @@ -0,0 +1,74 @@ +From f51714ff85d34236421eaca78053e585b506edc4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 31 Jul 2019 12:35:13 -0700 +Subject: clk: sirf: Don't reference clk_init_data after registration + +From: Stephen Boyd + +[ Upstream commit af55dadfbce35b4f4c6247244ce3e44b2e242b84 ] + +A future patch is going to change semantics of clk_register() so that +clk_hw::init is guaranteed to be NULL after a clk is registered. Avoid +referencing this member here so that we don't run into NULL pointer +exceptions. + +Cc: Guo Zeng +Cc: Barry Song +Signed-off-by: Stephen Boyd +Link: https://lkml.kernel.org/r/20190731193517.237136-6-sboyd@kernel.org +Signed-off-by: Sasha Levin +--- + drivers/clk/sirf/clk-common.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/drivers/clk/sirf/clk-common.c b/drivers/clk/sirf/clk-common.c +index 77e1e2491689b..edb7197cc4b4d 100644 +--- a/drivers/clk/sirf/clk-common.c ++++ b/drivers/clk/sirf/clk-common.c +@@ -298,9 +298,10 @@ static u8 dmn_clk_get_parent(struct clk_hw *hw) + { + struct clk_dmn *clk = to_dmnclk(hw); + u32 cfg = clkc_readl(clk->regofs); ++ const char *name = clk_hw_get_name(hw); + + /* parent of io domain can only be pll3 */ +- if (strcmp(hw->init->name, "io") == 0) ++ if (strcmp(name, "io") == 0) + return 4; + + WARN_ON((cfg & (BIT(3) - 1)) > 4); +@@ -312,9 +313,10 @@ static int dmn_clk_set_parent(struct clk_hw *hw, u8 parent) + { + struct clk_dmn *clk = to_dmnclk(hw); + u32 cfg = clkc_readl(clk->regofs); ++ const char *name = clk_hw_get_name(hw); + + /* parent of io domain can only be pll3 */ +- if (strcmp(hw->init->name, "io") == 0) ++ if (strcmp(name, "io") == 0) + return -EINVAL; + + cfg &= ~(BIT(3) - 1); +@@ -354,7 +356,8 @@ static long dmn_clk_round_rate(struct clk_hw *hw, unsigned long rate, + { + unsigned long fin; + unsigned ratio, wait, hold; +- unsigned bits = (strcmp(hw->init->name, "mem") == 0) ? 3 : 4; ++ const char *name = clk_hw_get_name(hw); ++ unsigned bits = (strcmp(name, "mem") == 0) ? 3 : 4; + + fin = *parent_rate; + ratio = fin / rate; +@@ -376,7 +379,8 @@ static int dmn_clk_set_rate(struct clk_hw *hw, unsigned long rate, + struct clk_dmn *clk = to_dmnclk(hw); + unsigned long fin; + unsigned ratio, wait, hold, reg; +- unsigned bits = (strcmp(hw->init->name, "mem") == 0) ? 3 : 4; ++ const char *name = clk_hw_get_name(hw); ++ unsigned bits = (strcmp(name, "mem") == 0) ? 3 : 4; + + fin = parent_rate; + ratio = fin / rate; +-- +2.20.1 + diff --git a/queue-4.9/drm-amdgpu-si-fix-asic-tests.patch b/queue-4.9/drm-amdgpu-si-fix-asic-tests.patch new file mode 100644 index 00000000000..680a7d3aa3f --- /dev/null +++ b/queue-4.9/drm-amdgpu-si-fix-asic-tests.patch @@ -0,0 +1,62 @@ +From a9a68770781566555ffcb1c54ec2c2bec6d74891 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 28 Aug 2019 17:05:57 +0200 +Subject: drm/amdgpu/si: fix ASIC tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jean Delvare + +[ Upstream commit 77efe48a729588527afb4d5811b9e0acb29f5e51 ] + +Comparing adev->family with CHIP constants is not correct. +adev->family can only be compared with AMDGPU_FAMILY constants and +adev->asic_type is the struct member to compare with CHIP constants. +They are separate identification spaces. + +Signed-off-by: Jean Delvare +Fixes: 62a37553414a ("drm/amdgpu: add si implementation v10") +Cc: Ken Wang +Cc: Alex Deucher +Cc: "Christian König" +Cc: "David (ChunMing) Zhou" +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/si.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/si.c b/drivers/gpu/drm/amd/amdgpu/si.c +index 327bdf13e8bc8..b0beb5e537bcb 100644 +--- a/drivers/gpu/drm/amd/amdgpu/si.c ++++ b/drivers/gpu/drm/amd/amdgpu/si.c +@@ -1606,7 +1606,7 @@ static void si_program_aspm(struct amdgpu_device *adev) + if (orig != data) + si_pif_phy1_wreg(adev,PB1_PIF_PWRDOWN_1, data); + +- if ((adev->family != CHIP_OLAND) && (adev->family != CHIP_HAINAN)) { ++ if ((adev->asic_type != CHIP_OLAND) && (adev->asic_type != CHIP_HAINAN)) { + orig = data = si_pif_phy0_rreg(adev,PB0_PIF_PWRDOWN_0); + data &= ~PLL_RAMP_UP_TIME_0_MASK; + if (orig != data) +@@ -1655,14 +1655,14 @@ static void si_program_aspm(struct amdgpu_device *adev) + + orig = data = si_pif_phy0_rreg(adev,PB0_PIF_CNTL); + data &= ~LS2_EXIT_TIME_MASK; +- if ((adev->family == CHIP_OLAND) || (adev->family == CHIP_HAINAN)) ++ if ((adev->asic_type == CHIP_OLAND) || (adev->asic_type == CHIP_HAINAN)) + data |= LS2_EXIT_TIME(5); + if (orig != data) + si_pif_phy0_wreg(adev,PB0_PIF_CNTL, data); + + orig = data = si_pif_phy1_rreg(adev,PB1_PIF_CNTL); + data &= ~LS2_EXIT_TIME_MASK; +- if ((adev->family == CHIP_OLAND) || (adev->family == CHIP_HAINAN)) ++ if ((adev->asic_type == CHIP_OLAND) || (adev->asic_type == CHIP_HAINAN)) + data |= LS2_EXIT_TIME(5); + if (orig != data) + si_pif_phy1_wreg(adev,PB1_PIF_CNTL, data); +-- +2.20.1 + diff --git a/queue-4.9/drm-bridge-tc358767-increase-aux-transfer-length-lim.patch b/queue-4.9/drm-bridge-tc358767-increase-aux-transfer-length-lim.patch new file mode 100644 index 00000000000..f5d16d9324f --- /dev/null +++ b/queue-4.9/drm-bridge-tc358767-increase-aux-transfer-length-lim.patch @@ -0,0 +1,52 @@ +From 556bedeecc466988cbdcc62d269e23e4cfb6769e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 18 Jun 2019 22:27:09 -0700 +Subject: drm/bridge: tc358767: Increase AUX transfer length limit + +From: Andrey Smirnov + +[ Upstream commit e0655feaec62d5139b6b13a7b1bbb1ab8f1c2d83 ] + +According to the datasheet tc358767 can transfer up to 16 bytes via +its AUX channel, so the artificial limit of 8 appears to be too +low. However only up to 15-bytes seem to be actually supported and +trying to use 16-byte transfers results in transfers failing +sporadically (with bogus status in case of I2C transfers), so limit it +to 15. + +Signed-off-by: Andrey Smirnov +Reviewed-by: Andrzej Hajda +Reviewed-by: Tomi Valkeinen +Cc: Andrzej Hajda +Cc: Laurent Pinchart +Cc: Tomi Valkeinen +Cc: Andrey Gusakov +Cc: Philipp Zabel +Cc: Cory Tusar +Cc: Chris Healy +Cc: Lucas Stach +Cc: dri-devel@lists.freedesktop.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Andrzej Hajda +Link: https://patchwork.freedesktop.org/patch/msgid/20190619052716.16831-9-andrew.smirnov@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/bridge/tc358767.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/bridge/tc358767.c b/drivers/gpu/drm/bridge/tc358767.c +index 80993a8734e08..8b6f8fac92e89 100644 +--- a/drivers/gpu/drm/bridge/tc358767.c ++++ b/drivers/gpu/drm/bridge/tc358767.c +@@ -300,7 +300,7 @@ static ssize_t tc_aux_transfer(struct drm_dp_aux *aux, + struct drm_dp_aux_msg *msg) + { + struct tc_data *tc = aux_to_tc(aux); +- size_t size = min_t(size_t, 8, msg->size); ++ size_t size = min_t(size_t, DP_AUX_MAX_PAYLOAD_BYTES - 1, msg->size); + u8 request = msg->request & ~DP_AUX_I2C_MOT; + u8 *buf = msg->buffer; + u32 tmp = 0; +-- +2.20.1 + diff --git a/queue-4.9/drm-radeon-fix-eeh-during-kexec.patch b/queue-4.9/drm-radeon-fix-eeh-during-kexec.patch new file mode 100644 index 00000000000..949fc1b7fb4 --- /dev/null +++ b/queue-4.9/drm-radeon-fix-eeh-during-kexec.patch @@ -0,0 +1,47 @@ +From 2a61cb3e50cb71552f8cf3167acb85739ec5730b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 31 Jul 2019 17:10:14 -0500 +Subject: drm/radeon: Fix EEH during kexec + +From: KyleMahlkuch + +[ Upstream commit 6f7fe9a93e6c09bf988c5059403f5f88e17e21e6 ] + +During kexec some adapters hit an EEH since they are not properly +shut down in the radeon_pci_shutdown() function. Adding +radeon_suspend_kms() fixes this issue. + +Signed-off-by: KyleMahlkuch +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/radeon/radeon_drv.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/gpu/drm/radeon/radeon_drv.c b/drivers/gpu/drm/radeon/radeon_drv.c +index 30bd4a6a9d466..3ccf5b28b326e 100644 +--- a/drivers/gpu/drm/radeon/radeon_drv.c ++++ b/drivers/gpu/drm/radeon/radeon_drv.c +@@ -366,11 +366,19 @@ radeon_pci_remove(struct pci_dev *pdev) + static void + radeon_pci_shutdown(struct pci_dev *pdev) + { ++ struct drm_device *ddev = pci_get_drvdata(pdev); ++ + /* if we are running in a VM, make sure the device + * torn down properly on reboot/shutdown + */ + if (radeon_device_is_virtual()) + radeon_pci_remove(pdev); ++ ++ /* Some adapters need to be suspended before a ++ * shutdown occurs in order to prevent an error ++ * during kexec. ++ */ ++ radeon_suspend_kms(ddev, true, true, false); + } + + static int radeon_pmops_suspend(struct device *dev) +-- +2.20.1 + diff --git a/queue-4.9/fat-work-around-race-with-userspace-s-read-via-block.patch b/queue-4.9/fat-work-around-race-with-userspace-s-read-via-block.patch new file mode 100644 index 00000000000..5908414c166 --- /dev/null +++ b/queue-4.9/fat-work-around-race-with-userspace-s-read-via-block.patch @@ -0,0 +1,110 @@ +From 7763271f622af99e821358068043b15138cffdc9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Sep 2019 15:32:53 -0700 +Subject: fat: work around race with userspace's read via blockdev while + mounting + +From: OGAWA Hirofumi + +[ Upstream commit 07bfa4415ab607e459b69bd86aa7e7602ce10b4f ] + +If userspace reads the buffer via blockdev while mounting, +sb_getblk()+modify can race with buffer read via blockdev. + +For example, + + FS userspace + bh = sb_getblk() + modify bh->b_data + read + ll_rw_block(bh) + fill bh->b_data by on-disk data + /* lost modified data by FS */ + set_buffer_uptodate(bh) + set_buffer_uptodate(bh) + +Userspace should not use the blockdev while mounting though, the udev +seems to be already doing this. Although I think the udev should try to +avoid this, workaround the race by small overhead. + +Link: http://lkml.kernel.org/r/87pnk7l3sw.fsf_-_@mail.parknet.co.jp +Signed-off-by: OGAWA Hirofumi +Reported-by: Jan Stancek +Tested-by: Jan Stancek +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/fat/dir.c | 13 +++++++++++-- + fs/fat/fatent.c | 3 +++ + 2 files changed, 14 insertions(+), 2 deletions(-) + +diff --git a/fs/fat/dir.c b/fs/fat/dir.c +index 81cecbe6d7cf6..971e369517a73 100644 +--- a/fs/fat/dir.c ++++ b/fs/fat/dir.c +@@ -1097,8 +1097,11 @@ static int fat_zeroed_cluster(struct inode *dir, sector_t blknr, int nr_used, + err = -ENOMEM; + goto error; + } ++ /* Avoid race with userspace read via bdev */ ++ lock_buffer(bhs[n]); + memset(bhs[n]->b_data, 0, sb->s_blocksize); + set_buffer_uptodate(bhs[n]); ++ unlock_buffer(bhs[n]); + mark_buffer_dirty_inode(bhs[n], dir); + + n++; +@@ -1155,6 +1158,8 @@ int fat_alloc_new_dir(struct inode *dir, struct timespec *ts) + fat_time_unix2fat(sbi, ts, &time, &date, &time_cs); + + de = (struct msdos_dir_entry *)bhs[0]->b_data; ++ /* Avoid race with userspace read via bdev */ ++ lock_buffer(bhs[0]); + /* filling the new directory slots ("." and ".." entries) */ + memcpy(de[0].name, MSDOS_DOT, MSDOS_NAME); + memcpy(de[1].name, MSDOS_DOTDOT, MSDOS_NAME); +@@ -1177,6 +1182,7 @@ int fat_alloc_new_dir(struct inode *dir, struct timespec *ts) + de[0].size = de[1].size = 0; + memset(de + 2, 0, sb->s_blocksize - 2 * sizeof(*de)); + set_buffer_uptodate(bhs[0]); ++ unlock_buffer(bhs[0]); + mark_buffer_dirty_inode(bhs[0], dir); + + err = fat_zeroed_cluster(dir, blknr, 1, bhs, MAX_BUF_PER_PAGE); +@@ -1234,11 +1240,14 @@ static int fat_add_new_entries(struct inode *dir, void *slots, int nr_slots, + + /* fill the directory entry */ + copy = min(size, sb->s_blocksize); ++ /* Avoid race with userspace read via bdev */ ++ lock_buffer(bhs[n]); + memcpy(bhs[n]->b_data, slots, copy); +- slots += copy; +- size -= copy; + set_buffer_uptodate(bhs[n]); ++ unlock_buffer(bhs[n]); + mark_buffer_dirty_inode(bhs[n], dir); ++ slots += copy; ++ size -= copy; + if (!size) + break; + n++; +diff --git a/fs/fat/fatent.c b/fs/fat/fatent.c +index a9cad9b60790b..0129d4d07a544 100644 +--- a/fs/fat/fatent.c ++++ b/fs/fat/fatent.c +@@ -389,8 +389,11 @@ static int fat_mirror_bhs(struct super_block *sb, struct buffer_head **bhs, + err = -ENOMEM; + goto error; + } ++ /* Avoid race with userspace read via bdev */ ++ lock_buffer(c_bh); + memcpy(c_bh->b_data, bhs[n]->b_data, sb->s_blocksize); + set_buffer_uptodate(c_bh); ++ unlock_buffer(c_bh); + mark_buffer_dirty_inode(c_bh, sbi->fat_inode); + if (sb->s_flags & MS_SYNCHRONOUS) + err = sync_dirty_buffer(c_bh); +-- +2.20.1 + diff --git a/queue-4.9/gpu-drm-radeon-fix-a-possible-null-pointer-dereferen.patch b/queue-4.9/gpu-drm-radeon-fix-a-possible-null-pointer-dereferen.patch new file mode 100644 index 00000000000..67814cc6419 --- /dev/null +++ b/queue-4.9/gpu-drm-radeon-fix-a-possible-null-pointer-dereferen.patch @@ -0,0 +1,46 @@ +From 6b982121b7ca81c1a8744904b39f29b0aba91b3d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Jul 2019 16:36:44 +0800 +Subject: gpu: drm: radeon: Fix a possible null-pointer dereference in + radeon_connector_set_property() + +From: Jia-Ju Bai + +[ Upstream commit f3eb9b8f67bc28783eddc142ad805ebdc53d6339 ] + +In radeon_connector_set_property(), there is an if statement on line 743 +to check whether connector->encoder is NULL: + if (connector->encoder) + +When connector->encoder is NULL, it is used on line 755: + if (connector->encoder->crtc) + +Thus, a possible null-pointer dereference may occur. + +To fix this bug, connector->encoder is checked before being used. + +This bug is found by a static analysis tool STCheck written by us. + +Signed-off-by: Jia-Ju Bai +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/radeon/radeon_connectors.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c +index c5e1aa5f1d8ea..efa875120071a 100644 +--- a/drivers/gpu/drm/radeon/radeon_connectors.c ++++ b/drivers/gpu/drm/radeon/radeon_connectors.c +@@ -764,7 +764,7 @@ static int radeon_connector_set_property(struct drm_connector *connector, struct + + radeon_encoder->output_csc = val; + +- if (connector->encoder->crtc) { ++ if (connector->encoder && connector->encoder->crtc) { + struct drm_crtc *crtc = connector->encoder->crtc; + const struct drm_crtc_helper_funcs *crtc_funcs = crtc->helper_private; + struct radeon_crtc *radeon_crtc = to_radeon_crtc(crtc); +-- +2.20.1 + diff --git a/queue-4.9/hid-apple-fix-stuck-function-keys-when-using-fn.patch b/queue-4.9/hid-apple-fix-stuck-function-keys-when-using-fn.patch new file mode 100644 index 00000000000..ee0d97d8b65 --- /dev/null +++ b/queue-4.9/hid-apple-fix-stuck-function-keys-when-using-fn.patch @@ -0,0 +1,111 @@ +From f1d8b90a8d1422c9a557eabe5cc72c2fa5b3e147 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 3 Sep 2019 16:46:32 +0200 +Subject: HID: apple: Fix stuck function keys when using FN + +From: Joao Moreno + +[ Upstream commit aec256d0ecd561036f188dbc8fa7924c47a9edfd ] + +This fixes an issue in which key down events for function keys would be +repeatedly emitted even after the user has raised the physical key. For +example, the driver fails to emit the F5 key up event when going through +the following steps: +- fnmode=1: hold FN, hold F5, release FN, release F5 +- fnmode=2: hold F5, hold FN, release F5, release FN + +The repeated F5 key down events can be easily verified using xev. + +Signed-off-by: Joao Moreno +Co-developed-by: Benjamin Tissoires +Signed-off-by: Benjamin Tissoires +Signed-off-by: Sasha Levin +--- + drivers/hid/hid-apple.c | 49 +++++++++++++++++++++++------------------ + 1 file changed, 28 insertions(+), 21 deletions(-) + +diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c +index 65a0c79f212e1..31c087e1746d6 100644 +--- a/drivers/hid/hid-apple.c ++++ b/drivers/hid/hid-apple.c +@@ -55,7 +55,6 @@ MODULE_PARM_DESC(swap_opt_cmd, "Swap the Option (\"Alt\") and Command (\"Flag\") + struct apple_sc { + unsigned long quirks; + unsigned int fn_on; +- DECLARE_BITMAP(pressed_fn, KEY_CNT); + DECLARE_BITMAP(pressed_numlock, KEY_CNT); + }; + +@@ -182,6 +181,8 @@ static int hidinput_apple_event(struct hid_device *hid, struct input_dev *input, + { + struct apple_sc *asc = hid_get_drvdata(hid); + const struct apple_key_translation *trans, *table; ++ bool do_translate; ++ u16 code = 0; + + if (usage->code == KEY_FN) { + asc->fn_on = !!value; +@@ -190,8 +191,6 @@ static int hidinput_apple_event(struct hid_device *hid, struct input_dev *input, + } + + if (fnmode) { +- int do_translate; +- + if (hid->product >= USB_DEVICE_ID_APPLE_WELLSPRING4_ANSI && + hid->product <= USB_DEVICE_ID_APPLE_WELLSPRING4A_JIS) + table = macbookair_fn_keys; +@@ -203,25 +202,33 @@ static int hidinput_apple_event(struct hid_device *hid, struct input_dev *input, + trans = apple_find_translation (table, usage->code); + + if (trans) { +- if (test_bit(usage->code, asc->pressed_fn)) +- do_translate = 1; +- else if (trans->flags & APPLE_FLAG_FKEY) +- do_translate = (fnmode == 2 && asc->fn_on) || +- (fnmode == 1 && !asc->fn_on); +- else +- do_translate = asc->fn_on; +- +- if (do_translate) { +- if (value) +- set_bit(usage->code, asc->pressed_fn); +- else +- clear_bit(usage->code, asc->pressed_fn); +- +- input_event(input, usage->type, trans->to, +- value); +- +- return 1; ++ if (test_bit(trans->from, input->key)) ++ code = trans->from; ++ else if (test_bit(trans->to, input->key)) ++ code = trans->to; ++ ++ if (!code) { ++ if (trans->flags & APPLE_FLAG_FKEY) { ++ switch (fnmode) { ++ case 1: ++ do_translate = !asc->fn_on; ++ break; ++ case 2: ++ do_translate = asc->fn_on; ++ break; ++ default: ++ /* should never happen */ ++ do_translate = false; ++ } ++ } else { ++ do_translate = asc->fn_on; ++ } ++ ++ code = do_translate ? trans->to : trans->from; + } ++ ++ input_event(input, usage->type, code, value); ++ return 1; + } + + if (asc->quirks & APPLE_NUMLOCK_EMULATION && +-- +2.20.1 + diff --git a/queue-4.9/hypfs-fix-error-number-left-in-struct-pointer-member.patch b/queue-4.9/hypfs-fix-error-number-left-in-struct-pointer-member.patch new file mode 100644 index 00000000000..1ee5987f008 --- /dev/null +++ b/queue-4.9/hypfs-fix-error-number-left-in-struct-pointer-member.patch @@ -0,0 +1,57 @@ +From 317b7f6dc90643ed83eac220bad8ac5d261e2f49 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 21 Mar 2019 10:08:08 +0000 +Subject: hypfs: Fix error number left in struct pointer member + +From: David Howells + +[ Upstream commit b54c64f7adeb241423cd46598f458b5486b0375e ] + +In hypfs_fill_super(), if hypfs_create_update_file() fails, +sbi->update_file is left holding an error number. This is passed to +hypfs_kill_super() which doesn't check for this. + +Fix this by not setting sbi->update_value until after we've checked for +error. + +Fixes: 24bbb1faf3f0 ("[PATCH] s390_hypfs filesystem") +Signed-off-by: David Howells +cc: Martin Schwidefsky +cc: Heiko Carstens +cc: linux-s390@vger.kernel.org +Signed-off-by: Al Viro +Signed-off-by: Sasha Levin +--- + arch/s390/hypfs/inode.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/arch/s390/hypfs/inode.c b/arch/s390/hypfs/inode.c +index 2a17123130d30..224aeda1e8ccf 100644 +--- a/arch/s390/hypfs/inode.c ++++ b/arch/s390/hypfs/inode.c +@@ -267,7 +267,7 @@ static int hypfs_show_options(struct seq_file *s, struct dentry *root) + static int hypfs_fill_super(struct super_block *sb, void *data, int silent) + { + struct inode *root_inode; +- struct dentry *root_dentry; ++ struct dentry *root_dentry, *update_file; + int rc = 0; + struct hypfs_sb_info *sbi; + +@@ -298,9 +298,10 @@ static int hypfs_fill_super(struct super_block *sb, void *data, int silent) + rc = hypfs_diag_create_files(root_dentry); + if (rc) + return rc; +- sbi->update_file = hypfs_create_update_file(root_dentry); +- if (IS_ERR(sbi->update_file)) +- return PTR_ERR(sbi->update_file); ++ update_file = hypfs_create_update_file(root_dentry); ++ if (IS_ERR(update_file)) ++ return PTR_ERR(update_file); ++ sbi->update_file = update_file; + hypfs_update_update(sb); + pr_info("Hypervisor filesystem mounted\n"); + return 0; +-- +2.20.1 + diff --git a/queue-4.9/ipmi_si-only-schedule-continuously-in-the-thread-in-.patch b/queue-4.9/ipmi_si-only-schedule-continuously-in-the-thread-in-.patch new file mode 100644 index 00000000000..0db17e20604 --- /dev/null +++ b/queue-4.9/ipmi_si-only-schedule-continuously-in-the-thread-in-.patch @@ -0,0 +1,88 @@ +From a5720f0f2d65b700156567d932166c18daf61296 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Aug 2019 07:31:36 -0500 +Subject: ipmi_si: Only schedule continuously in the thread in maintenance mode + +From: Corey Minyard + +[ Upstream commit 340ff31ab00bca5c15915e70ad9ada3030c98cf8 ] + +ipmi_thread() uses back-to-back schedule() to poll for command +completion which, on some machines, can push up CPU consumption and +heavily tax the scheduler locks leading to noticeable overall +performance degradation. + +This was originally added so firmware updates through IPMI would +complete in a timely manner. But we can't kill the scheduler +locks for that one use case. + +Instead, only run schedule() continuously in maintenance mode, +where firmware updates should run. + +Signed-off-by: Corey Minyard +Signed-off-by: Sasha Levin +--- + drivers/char/ipmi/ipmi_si_intf.c | 24 +++++++++++++++++++----- + 1 file changed, 19 insertions(+), 5 deletions(-) + +diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c +index e0a53156b782f..82af658184444 100644 +--- a/drivers/char/ipmi/ipmi_si_intf.c ++++ b/drivers/char/ipmi/ipmi_si_intf.c +@@ -283,6 +283,9 @@ struct smi_info { + */ + bool irq_enable_broken; + ++ /* Is the driver in maintenance mode? */ ++ bool in_maintenance_mode; ++ + /* + * Did we get an attention that we did not handle? + */ +@@ -1093,11 +1096,20 @@ static int ipmi_thread(void *data) + spin_unlock_irqrestore(&(smi_info->si_lock), flags); + busy_wait = ipmi_thread_busy_wait(smi_result, smi_info, + &busy_until); +- if (smi_result == SI_SM_CALL_WITHOUT_DELAY) ++ if (smi_result == SI_SM_CALL_WITHOUT_DELAY) { + ; /* do nothing */ +- else if (smi_result == SI_SM_CALL_WITH_DELAY && busy_wait) +- schedule(); +- else if (smi_result == SI_SM_IDLE) { ++ } else if (smi_result == SI_SM_CALL_WITH_DELAY && busy_wait) { ++ /* ++ * In maintenance mode we run as fast as ++ * possible to allow firmware updates to ++ * complete as fast as possible, but normally ++ * don't bang on the scheduler. ++ */ ++ if (smi_info->in_maintenance_mode) ++ schedule(); ++ else ++ usleep_range(100, 200); ++ } else if (smi_result == SI_SM_IDLE) { + if (atomic_read(&smi_info->need_watch)) { + schedule_timeout_interruptible(100); + } else { +@@ -1105,8 +1117,9 @@ static int ipmi_thread(void *data) + __set_current_state(TASK_INTERRUPTIBLE); + schedule(); + } +- } else ++ } else { + schedule_timeout_interruptible(1); ++ } + } + return 0; + } +@@ -1285,6 +1298,7 @@ static void set_maintenance_mode(void *send_info, bool enable) + + if (!enable) + atomic_set(&smi_info->req_events, 0); ++ smi_info->in_maintenance_mode = enable; + } + + static const struct ipmi_smi_handlers handlers = { +-- +2.20.1 + diff --git a/queue-4.9/kmemleak-increase-debug_kmemleak_early_log_size-defa.patch b/queue-4.9/kmemleak-increase-debug_kmemleak_early_log_size-defa.patch new file mode 100644 index 00000000000..4dc7ec54877 --- /dev/null +++ b/queue-4.9/kmemleak-increase-debug_kmemleak_early_log_size-defa.patch @@ -0,0 +1,57 @@ +From 06d74c5607029ac9f195f236fa54d644bf334889 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Sep 2019 15:33:55 -0700 +Subject: kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K + +From: Nicolas Boichat + +[ Upstream commit b751c52bb587ae66f773b15204ef7a147467f4c7 ] + +The current default value (400) is too low on many systems (e.g. some +ARM64 platform takes up 1000+ entries). + +syzbot uses 16000 as default value, and has proved to be enough on beefy +configurations, so let's pick that value. + +This consumes more RAM on boot (each entry is 160 bytes, so in total +~2.5MB of RAM), but the memory would later be freed (early_log is +__initdata). + +Link: http://lkml.kernel.org/r/20190730154027.101525-1-drinkcat@chromium.org +Signed-off-by: Nicolas Boichat +Suggested-by: Dmitry Vyukov +Acked-by: Catalin Marinas +Acked-by: Dmitry Vyukov +Cc: Masahiro Yamada +Cc: Kees Cook +Cc: Petr Mladek +Cc: Thomas Gleixner +Cc: Tetsuo Handa +Cc: Joe Lawrence +Cc: Uladzislau Rezki +Cc: Andy Shevchenko +Cc: Stephen Rothwell +Cc: Andrey Ryabinin +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + lib/Kconfig.debug | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 4f561860bf41e..bc5ff3a53d4a6 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -535,7 +535,7 @@ config DEBUG_KMEMLEAK_EARLY_LOG_SIZE + int "Maximum kmemleak early log entries" + depends on DEBUG_KMEMLEAK + range 200 40000 +- default 400 ++ default 16000 + help + Kmemleak must track all the memory allocations to avoid + reporting false positives. Since memory may be allocated or +-- +2.20.1 + diff --git a/queue-4.9/mfd-intel-lpss-remove-d3cold-delay.patch b/queue-4.9/mfd-intel-lpss-remove-d3cold-delay.patch new file mode 100644 index 00000000000..4050612d27a --- /dev/null +++ b/queue-4.9/mfd-intel-lpss-remove-d3cold-delay.patch @@ -0,0 +1,47 @@ +From 8914c90d1dd5867fef02d20e1d33d4f579ce52bc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 5 Jul 2019 12:55:03 +0800 +Subject: mfd: intel-lpss: Remove D3cold delay + +From: Kai-Heng Feng + +[ Upstream commit 76380a607ba0b28627c9b4b55cd47a079a59624b ] + +Goodix touchpad may drop its first couple input events when +i2c-designware-platdrv and intel-lpss it connects to took too long to +runtime resume from runtime suspended state. + +This issue happens becuase the touchpad has a rather small buffer to +store up to 13 input events, so if the host doesn't read those events in +time (i.e. runtime resume takes too long), events are dropped from the +touchpad's buffer. + +The bottleneck is D3cold delay it waits when transitioning from D3cold +to D0, hence remove the delay to make the resume faster. I've tested +some systems with intel-lpss and haven't seen any regression. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202683 +Signed-off-by: Kai-Heng Feng +Reviewed-by: Andy Shevchenko +Signed-off-by: Lee Jones +Signed-off-by: Sasha Levin +--- + drivers/mfd/intel-lpss-pci.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/mfd/intel-lpss-pci.c b/drivers/mfd/intel-lpss-pci.c +index 9ff243970e93e..5b41111e62fd1 100644 +--- a/drivers/mfd/intel-lpss-pci.c ++++ b/drivers/mfd/intel-lpss-pci.c +@@ -39,6 +39,8 @@ static int intel_lpss_pci_probe(struct pci_dev *pdev, + info->mem = &pdev->resource[0]; + info->irq = pdev->irq; + ++ pdev->d3cold_delay = 0; ++ + /* Probably it is enough to set this for iDMA capable devices only */ + pci_set_master(pdev); + +-- +2.20.1 + diff --git a/queue-4.9/mips-tlbex-explicitly-cast-_page_no_exec-to-a-boolea.patch b/queue-4.9/mips-tlbex-explicitly-cast-_page_no_exec-to-a-boolea.patch new file mode 100644 index 00000000000..1a9693c10f2 --- /dev/null +++ b/queue-4.9/mips-tlbex-explicitly-cast-_page_no_exec-to-a-boolea.patch @@ -0,0 +1,59 @@ +From 876afae7eb658cedf67d96631fa20be1cc8369d6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 11 Aug 2019 20:31:20 -0700 +Subject: MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean + +From: Nathan Chancellor + +[ Upstream commit c59ae0a1055127dd3828a88e111a0db59b254104 ] + +clang warns: + +arch/mips/mm/tlbex.c:634:19: error: use of logical '&&' with constant +operand [-Werror,-Wconstant-logical-operand] + if (cpu_has_rixi && _PAGE_NO_EXEC) { + ^ ~~~~~~~~~~~~~ +arch/mips/mm/tlbex.c:634:19: note: use '&' for a bitwise operation + if (cpu_has_rixi && _PAGE_NO_EXEC) { + ^~ + & +arch/mips/mm/tlbex.c:634:19: note: remove constant to silence this +warning + if (cpu_has_rixi && _PAGE_NO_EXEC) { + ~^~~~~~~~~~~~~~~~ +1 error generated. + +Explicitly cast this value to a boolean so that clang understands we +intend for this to be a non-zero value. + +Fixes: 00bf1c691d08 ("MIPS: tlbex: Avoid placing software PTE bits in Entry* PFN fields") +Link: https://github.com/ClangBuiltLinux/linux/issues/609 +Signed-off-by: Nathan Chancellor +Signed-off-by: Paul Burton +Cc: Ralf Baechle +Cc: James Hogan +Cc: Nick Desaulniers +Cc: linux-mips@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Cc: clang-built-linux@googlegroups.com +Signed-off-by: Sasha Levin +--- + arch/mips/mm/tlbex.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/mips/mm/tlbex.c b/arch/mips/mm/tlbex.c +index 3cc5b2e4263c0..47d50197789be 100644 +--- a/arch/mips/mm/tlbex.c ++++ b/arch/mips/mm/tlbex.c +@@ -637,7 +637,7 @@ static __maybe_unused void build_convert_pte_to_entrylo(u32 **p, + return; + } + +- if (cpu_has_rixi && _PAGE_NO_EXEC) { ++ if (cpu_has_rixi && !!_PAGE_NO_EXEC) { + if (fill_includes_sw_bits) { + UASM_i_ROTR(p, reg, reg, ilog2(_PAGE_GLOBAL)); + } else { +-- +2.20.1 + diff --git a/queue-4.9/ocfs2-wait-for-recovering-done-after-direct-unlock-r.patch b/queue-4.9/ocfs2-wait-for-recovering-done-after-direct-unlock-r.patch new file mode 100644 index 00000000000..8ccdcb927b7 --- /dev/null +++ b/queue-4.9/ocfs2-wait-for-recovering-done-after-direct-unlock-r.patch @@ -0,0 +1,94 @@ +From b5da6be20c02949c5ff874f0e97a9da76e05b9c5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Sep 2019 15:33:37 -0700 +Subject: ocfs2: wait for recovering done after direct unlock request + +From: Changwei Ge + +[ Upstream commit 0a3775e4f883912944481cf2ef36eb6383a9cc74 ] + +There is a scenario causing ocfs2 umount hang when multiple hosts are +rebooting at the same time. + +NODE1 NODE2 NODE3 +send unlock requset to NODE2 + dies + become recovery master + recover NODE2 +find NODE2 dead +mark resource RECOVERING +directly remove lock from grant list +calculate usage but RECOVERING marked +**miss the window of purging +clear RECOVERING + +To reproduce this issue, crash a host and then umount ocfs2 +from another node. + +To solve this, just let unlock progress wait for recovery done. + +Link: http://lkml.kernel.org/r/1550124866-20367-1-git-send-email-gechangwei@live.cn +Signed-off-by: Changwei Ge +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/dlm/dlmunlock.c | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +diff --git a/fs/ocfs2/dlm/dlmunlock.c b/fs/ocfs2/dlm/dlmunlock.c +index 1082b2c3014be..5f2a120240e51 100644 +--- a/fs/ocfs2/dlm/dlmunlock.c ++++ b/fs/ocfs2/dlm/dlmunlock.c +@@ -105,7 +105,8 @@ static enum dlm_status dlmunlock_common(struct dlm_ctxt *dlm, + enum dlm_status status; + int actions = 0; + int in_use; +- u8 owner; ++ u8 owner; ++ int recovery_wait = 0; + + mlog(0, "master_node = %d, valblk = %d\n", master_node, + flags & LKM_VALBLK); +@@ -208,9 +209,12 @@ static enum dlm_status dlmunlock_common(struct dlm_ctxt *dlm, + } + if (flags & LKM_CANCEL) + lock->cancel_pending = 0; +- else +- lock->unlock_pending = 0; +- ++ else { ++ if (!lock->unlock_pending) ++ recovery_wait = 1; ++ else ++ lock->unlock_pending = 0; ++ } + } + + /* get an extra ref on lock. if we are just switching +@@ -244,6 +248,17 @@ leave: + spin_unlock(&res->spinlock); + wake_up(&res->wq); + ++ if (recovery_wait) { ++ spin_lock(&res->spinlock); ++ /* Unlock request will directly succeed after owner dies, ++ * and the lock is already removed from grant list. We have to ++ * wait for RECOVERING done or we miss the chance to purge it ++ * since the removement is much faster than RECOVERING proc. ++ */ ++ __dlm_wait_on_lockres_flags(res, DLM_LOCK_RES_RECOVERING); ++ spin_unlock(&res->spinlock); ++ } ++ + /* let the caller's final dlm_lock_put handle the actual kfree */ + if (actions & DLM_UNLOCK_FREE_LOCK) { + /* this should always be coupled with list removal */ +-- +2.20.1 + diff --git a/queue-4.9/pci-tegra-fix-of-node-reference-leak.patch b/queue-4.9/pci-tegra-fix-of-node-reference-leak.patch new file mode 100644 index 00000000000..01c8a54e92b --- /dev/null +++ b/queue-4.9/pci-tegra-fix-of-node-reference-leak.patch @@ -0,0 +1,101 @@ +From d879a35a560516d2863e6bfec6b6e34d6e88c8af Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Jul 2019 13:54:12 +0530 +Subject: PCI: tegra: Fix OF node reference leak + +From: Nishka Dasgupta + +[ Upstream commit 9e38e690ace3e7a22a81fc02652fc101efb340cf ] + +Each iteration of for_each_child_of_node() executes of_node_put() on the +previous node, but in some return paths in the middle of the loop +of_node_put() is missing thus causing a reference leak. + +Hence stash these mid-loop return values in a variable 'err' and add a +new label err_node_put which executes of_node_put() on the previous node +and returns 'err' on failure. + +Change mid-loop return statements to point to jump to this label to +fix the reference leak. + +Issue found with Coccinelle. + +Signed-off-by: Nishka Dasgupta +[lorenzo.pieralisi@arm.com: rewrote commit log] +Signed-off-by: Lorenzo Pieralisi +Signed-off-by: Sasha Levin +--- + drivers/pci/host/pci-tegra.c | 22 +++++++++++++++------- + 1 file changed, 15 insertions(+), 7 deletions(-) + +diff --git a/drivers/pci/host/pci-tegra.c b/drivers/pci/host/pci-tegra.c +index 8dfccf7332411..8e101b19c4d6f 100644 +--- a/drivers/pci/host/pci-tegra.c ++++ b/drivers/pci/host/pci-tegra.c +@@ -1898,14 +1898,15 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) + err = of_pci_get_devfn(port); + if (err < 0) { + dev_err(dev, "failed to parse address: %d\n", err); +- return err; ++ goto err_node_put; + } + + index = PCI_SLOT(err); + + if (index < 1 || index > soc->num_ports) { + dev_err(dev, "invalid port number: %d\n", index); +- return -EINVAL; ++ err = -EINVAL; ++ goto err_node_put; + } + + index--; +@@ -1914,12 +1915,13 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) + if (err < 0) { + dev_err(dev, "failed to parse # of lanes: %d\n", + err); +- return err; ++ goto err_node_put; + } + + if (value > 16) { + dev_err(dev, "invalid # of lanes: %u\n", value); +- return -EINVAL; ++ err = -EINVAL; ++ goto err_node_put; + } + + lanes |= value << (index << 3); +@@ -1933,13 +1935,15 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) + lane += value; + + rp = devm_kzalloc(dev, sizeof(*rp), GFP_KERNEL); +- if (!rp) +- return -ENOMEM; ++ if (!rp) { ++ err = -ENOMEM; ++ goto err_node_put; ++ } + + err = of_address_to_resource(port, 0, &rp->regs); + if (err < 0) { + dev_err(dev, "failed to parse address: %d\n", err); +- return err; ++ goto err_node_put; + } + + INIT_LIST_HEAD(&rp->list); +@@ -1966,6 +1970,10 @@ static int tegra_pcie_parse_dt(struct tegra_pcie *pcie) + return err; + + return 0; ++ ++err_node_put: ++ of_node_put(port); ++ return err; + } + + /* +-- +2.20.1 + diff --git a/queue-4.9/pinctrl-tegra-fix-write-barrier-placement-in-pmx_wri.patch b/queue-4.9/pinctrl-tegra-fix-write-barrier-placement-in-pmx_wri.patch new file mode 100644 index 00000000000..f6932680ec3 --- /dev/null +++ b/queue-4.9/pinctrl-tegra-fix-write-barrier-placement-in-pmx_wri.patch @@ -0,0 +1,44 @@ +From 3a39bd3d01978eaa2defc0acfe4292e9b4b99c68 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 16 Aug 2019 12:41:46 -0700 +Subject: pinctrl: tegra: Fix write barrier placement in pmx_writel + +From: Sowjanya Komatineni + +[ Upstream commit c2cf351eba2ff6002ce8eb178452219d2521e38e ] + +pmx_writel uses writel which inserts write barrier before the +register write. + +This patch has fix to replace writel with writel_relaxed followed +by a readback and memory barrier to ensure write operation is +completed for successful pinctrl change. + +Acked-by: Thierry Reding +Reviewed-by: Dmitry Osipenko +Signed-off-by: Sowjanya Komatineni +Link: https://lore.kernel.org/r/1565984527-5272-2-git-send-email-skomatineni@nvidia.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/pinctrl/tegra/pinctrl-tegra.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/pinctrl/tegra/pinctrl-tegra.c b/drivers/pinctrl/tegra/pinctrl-tegra.c +index 277622b4b6fb9..1d9f63e954c71 100644 +--- a/drivers/pinctrl/tegra/pinctrl-tegra.c ++++ b/drivers/pinctrl/tegra/pinctrl-tegra.c +@@ -52,7 +52,9 @@ static inline u32 pmx_readl(struct tegra_pmx *pmx, u32 bank, u32 reg) + + static inline void pmx_writel(struct tegra_pmx *pmx, u32 val, u32 bank, u32 reg) + { +- writel(val, pmx->regs[bank] + reg); ++ writel_relaxed(val, pmx->regs[bank] + reg); ++ /* make sure pinmux register write completed */ ++ pmx_readl(pmx, bank, reg); + } + + static int tegra_pinctrl_get_groups_count(struct pinctrl_dev *pctldev) +-- +2.20.1 + diff --git a/queue-4.9/powerpc-64s-exception-machine-check-use-correct-cfar.patch b/queue-4.9/powerpc-64s-exception-machine-check-use-correct-cfar.patch new file mode 100644 index 00000000000..798f855e993 --- /dev/null +++ b/queue-4.9/powerpc-64s-exception-machine-check-use-correct-cfar.patch @@ -0,0 +1,46 @@ +From c008b3ced87f8e5192b9afb9c4d10b64a1cfafd6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Aug 2019 20:56:32 +1000 +Subject: powerpc/64s/exception: machine check use correct cfar for late + handler + +From: Nicholas Piggin + +[ Upstream commit 0b66370c61fcf5fcc1d6901013e110284da6e2bb ] + +Bare metal machine checks run an "early" handler in real mode before +running the main handler which reports the event. + +The main handler runs exactly as a normal interrupt handler, after the +"windup" which sets registers back as they were at interrupt entry. +CFAR does not get restored by the windup code, so that will be wrong +when the handler is run. + +Restore the CFAR to the saved value before running the late handler. + +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20190802105709.27696-8-npiggin@gmail.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/kernel/exceptions-64s.S | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S +index 92474227262b4..0c8b966e80702 100644 +--- a/arch/powerpc/kernel/exceptions-64s.S ++++ b/arch/powerpc/kernel/exceptions-64s.S +@@ -467,6 +467,10 @@ EXC_COMMON_BEGIN(machine_check_handle_early) + RFI_TO_USER_OR_KERNEL + 9: + /* Deliver the machine check to host kernel in V mode. */ ++BEGIN_FTR_SECTION ++ ld r10,ORIG_GPR3(r1) ++ mtspr SPRN_CFAR,r10 ++END_FTR_SECTION_IFSET(CPU_FTR_CFAR) + MACHINE_CHECK_HANDLER_WINDUP + b machine_check_pSeries + +-- +2.20.1 + diff --git a/queue-4.9/powerpc-futex-fix-warning-oldval-may-be-used-uniniti.patch b/queue-4.9/powerpc-futex-fix-warning-oldval-may-be-used-uniniti.patch new file mode 100644 index 00000000000..33c1ce9b0ac --- /dev/null +++ b/queue-4.9/powerpc-futex-fix-warning-oldval-may-be-used-uniniti.patch @@ -0,0 +1,52 @@ +From 53ad525d9873e200a47d6ada534ba30d33303e32 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Aug 2019 09:25:52 +0000 +Subject: powerpc/futex: Fix warning: 'oldval' may be used uninitialized in + this function + +From: Christophe Leroy + +[ Upstream commit 38a0d0cdb46d3f91534e5b9839ec2d67be14c59d ] + +We see warnings such as: + kernel/futex.c: In function 'do_futex': + kernel/futex.c:1676:17: warning: 'oldval' may be used uninitialized in this function [-Wmaybe-uninitialized] + return oldval == cmparg; + ^ + kernel/futex.c:1651:6: note: 'oldval' was declared here + int oldval, ret; + ^ + +This is because arch_futex_atomic_op_inuser() only sets *oval if ret +is 0 and GCC doesn't see that it will only use it when ret is 0. + +Anyway, the non-zero ret path is an error path that won't suffer from +setting *oval, and as *oval is a local var in futex_atomic_op_inuser() +it will have no impact. + +Signed-off-by: Christophe Leroy +[mpe: reword change log slightly] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/86b72f0c134367b214910b27b9a6dd3321af93bb.1565774657.git.christophe.leroy@c-s.fr +Signed-off-by: Sasha Levin +--- + arch/powerpc/include/asm/futex.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/arch/powerpc/include/asm/futex.h b/arch/powerpc/include/asm/futex.h +index f4c7467f74655..b73ab8a7ebc3f 100644 +--- a/arch/powerpc/include/asm/futex.h ++++ b/arch/powerpc/include/asm/futex.h +@@ -60,8 +60,7 @@ static inline int arch_futex_atomic_op_inuser(int op, int oparg, int *oval, + + pagefault_enable(); + +- if (!ret) +- *oval = oldval; ++ *oval = oldval; + + return ret; + } +-- +2.20.1 + diff --git a/queue-4.9/powerpc-pseries-correctly-track-irq-state-in-default.patch b/queue-4.9/powerpc-pseries-correctly-track-irq-state-in-default.patch new file mode 100644 index 00000000000..9bead88aac5 --- /dev/null +++ b/queue-4.9/powerpc-pseries-correctly-track-irq-state-in-default.patch @@ -0,0 +1,59 @@ +From 56b6b0710b4569909383e90d5efea18cc24203c4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Sep 2019 17:52:44 -0500 +Subject: powerpc/pseries: correctly track irq state in default idle + +From: Nathan Lynch + +[ Upstream commit 92c94dfb69e350471473fd3075c74bc68150879e ] + +prep_irq_for_idle() is intended to be called before entering +H_CEDE (and it is used by the pseries cpuidle driver). However the +default pseries idle routine does not call it, leading to mismanaged +lazy irq state when the cpuidle driver isn't in use. Manifestations of +this include: + +* Dropped IPIs in the time immediately after a cpu comes + online (before it has installed the cpuidle handler), making the + online operation block indefinitely waiting for the new cpu to + respond. + +* Hitting this WARN_ON in arch_local_irq_restore(): + /* + * We should already be hard disabled here. We had bugs + * where that wasn't the case so let's dbl check it and + * warn if we are wrong. Only do that when IRQ tracing + * is enabled as mfmsr() can be costly. + */ + if (WARN_ON_ONCE(mfmsr() & MSR_EE)) + __hard_irq_disable(); + +Call prep_irq_for_idle() from pseries_lpar_idle() and honor its +result. + +Fixes: 363edbe2614a ("powerpc: Default arch idle could cede processor on pseries") +Signed-off-by: Nathan Lynch +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20190910225244.25056-1-nathanl@linux.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/platforms/pseries/setup.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c +index adb09ab87f7c0..30782859d8980 100644 +--- a/arch/powerpc/platforms/pseries/setup.c ++++ b/arch/powerpc/platforms/pseries/setup.c +@@ -298,6 +298,9 @@ static void pseries_lpar_idle(void) + * low power mode by ceding processor to hypervisor + */ + ++ if (!prep_irq_for_idle()) ++ return; ++ + /* Indicate to hypervisor that we are idle. */ + get_lppaca()->idle = 1; + +-- +2.20.1 + diff --git a/queue-4.9/powerpc-pseries-mobility-use-cond_resched-when-updat.patch b/queue-4.9/powerpc-pseries-mobility-use-cond_resched-when-updat.patch new file mode 100644 index 00000000000..2e002c79498 --- /dev/null +++ b/queue-4.9/powerpc-pseries-mobility-use-cond_resched-when-updat.patch @@ -0,0 +1,69 @@ +From 7db56c908e19aa7f9789906b566ecc3917bfe4d0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Aug 2019 14:29:26 -0500 +Subject: powerpc/pseries/mobility: use cond_resched when updating device tree + +From: Nathan Lynch + +[ Upstream commit ccfb5bd71d3d1228090a8633800ae7cdf42a94ac ] + +After a partition migration, pseries_devicetree_update() processes +changes to the device tree communicated from the platform to +Linux. This is a relatively heavyweight operation, with multiple +device tree searches, memory allocations, and conversations with +partition firmware. + +There's a few levels of nested loops which are bounded only by +decisions made by the platform, outside of Linux's control, and indeed +we have seen RCU stalls on large systems while executing this call +graph. Use cond_resched() in these loops so that the cpu is yielded +when needed. + +Signed-off-by: Nathan Lynch +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20190802192926.19277-4-nathanl@linux.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/platforms/pseries/mobility.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c +index 3784a7abfcc80..74791e8382d22 100644 +--- a/arch/powerpc/platforms/pseries/mobility.c ++++ b/arch/powerpc/platforms/pseries/mobility.c +@@ -11,6 +11,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -206,7 +207,11 @@ static int update_dt_node(__be32 phandle, s32 scope) + + prop_data += vd; + } ++ ++ cond_resched(); + } ++ ++ cond_resched(); + } while (rtas_rc == 1); + + of_node_put(dn); +@@ -282,8 +287,12 @@ int pseries_devicetree_update(s32 scope) + add_dt_node(phandle, drc_index); + break; + } ++ ++ cond_resched(); + } + } ++ ++ cond_resched(); + } while (rc == 1); + + kfree(rtas_buf); +-- +2.20.1 + diff --git a/queue-4.9/powerpc-rtas-use-device-model-apis-and-serialization.patch b/queue-4.9/powerpc-rtas-use-device-model-apis-and-serialization.patch new file mode 100644 index 00000000000..a052a65baac --- /dev/null +++ b/queue-4.9/powerpc-rtas-use-device-model-apis-and-serialization.patch @@ -0,0 +1,96 @@ +From ad5663045d47bf609913c210a01df16a7fac15d9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Aug 2019 14:29:24 -0500 +Subject: powerpc/rtas: use device model APIs and serialization during LPM + +From: Nathan Lynch + +[ Upstream commit a6717c01ddc259f6f73364779df058e2c67309f8 ] + +The LPAR migration implementation and userspace-initiated cpu hotplug +can interleave their executions like so: + +1. Set cpu 7 offline via sysfs. + +2. Begin a partition migration, whose implementation requires the OS + to ensure all present cpus are online; cpu 7 is onlined: + + rtas_ibm_suspend_me -> rtas_online_cpus_mask -> cpu_up + + This sets cpu 7 online in all respects except for the cpu's + corresponding struct device; dev->offline remains true. + +3. Set cpu 7 online via sysfs. _cpu_up() determines that cpu 7 is + already online and returns success. The driver core (device_online) + sets dev->offline = false. + +4. The migration completes and restores cpu 7 to offline state: + + rtas_ibm_suspend_me -> rtas_offline_cpus_mask -> cpu_down + +This leaves cpu7 in a state where the driver core considers the cpu +device online, but in all other respects it is offline and +unused. Attempts to online the cpu via sysfs appear to succeed but the +driver core actually does not pass the request to the lower-level +cpuhp support code. This makes the cpu unusable until the cpu device +is manually set offline and then online again via sysfs. + +Instead of directly calling cpu_up/cpu_down, the migration code should +use the higher-level device core APIs to maintain consistent state and +serialize operations. + +Fixes: 120496ac2d2d ("powerpc: Bring all threads online prior to migration/hibernation") +Signed-off-by: Nathan Lynch +Reviewed-by: Gautham R. Shenoy +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20190802192926.19277-2-nathanl@linux.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/kernel/rtas.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c +index 6a3e5de544ce2..a309a7a29cc60 100644 +--- a/arch/powerpc/kernel/rtas.c ++++ b/arch/powerpc/kernel/rtas.c +@@ -874,15 +874,17 @@ static int rtas_cpu_state_change_mask(enum rtas_cpu_state state, + return 0; + + for_each_cpu(cpu, cpus) { ++ struct device *dev = get_cpu_device(cpu); ++ + switch (state) { + case DOWN: +- cpuret = cpu_down(cpu); ++ cpuret = device_offline(dev); + break; + case UP: +- cpuret = cpu_up(cpu); ++ cpuret = device_online(dev); + break; + } +- if (cpuret) { ++ if (cpuret < 0) { + pr_debug("%s: cpu_%s for cpu#%d returned %d.\n", + __func__, + ((state == UP) ? "up" : "down"), +@@ -971,6 +973,8 @@ int rtas_ibm_suspend_me(u64 handle) + data.token = rtas_token("ibm,suspend-me"); + data.complete = &done; + ++ lock_device_hotplug(); ++ + /* All present CPUs must be online */ + cpumask_andnot(offline_mask, cpu_present_mask, cpu_online_mask); + cpuret = rtas_online_cpus_mask(offline_mask); +@@ -1002,6 +1006,7 @@ int rtas_ibm_suspend_me(u64 handle) + __func__); + + out: ++ unlock_device_hotplug(); + free_cpumask_var(offline_mask); + return atomic_read(&data.error); + } +-- +2.20.1 + diff --git a/queue-4.9/scsi-core-reduce-memory-required-for-scsi-logging.patch b/queue-4.9/scsi-core-reduce-memory-required-for-scsi-logging.patch new file mode 100644 index 00000000000..32ba7c34afb --- /dev/null +++ b/queue-4.9/scsi-core-reduce-memory-required-for-scsi-logging.patch @@ -0,0 +1,111 @@ +From fb002fb1b72cc12c6b7115023990207918f4b82d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Aug 2019 15:38:14 -0700 +Subject: scsi: core: Reduce memory required for SCSI logging + +From: Bart Van Assche + +[ Upstream commit dccc96abfb21dc19d69e707c38c8ba439bba7160 ] + +The data structure used for log messages is so large that it can cause a +boot failure. Since allocations from that data structure can fail anyway, +use kmalloc() / kfree() instead of that data structure. + +See also https://bugzilla.kernel.org/show_bug.cgi?id=204119. +See also commit ded85c193a39 ("scsi: Implement per-cpu logging buffer") # v4.0. + +Reported-by: Jan Palus +Cc: Christoph Hellwig +Cc: Hannes Reinecke +Cc: Johannes Thumshirn +Cc: Ming Lei +Cc: Jan Palus +Signed-off-by: Bart Van Assche +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/scsi_logging.c | 48 +++---------------------------------- + include/scsi/scsi_dbg.h | 2 -- + 2 files changed, 3 insertions(+), 47 deletions(-) + +diff --git a/drivers/scsi/scsi_logging.c b/drivers/scsi/scsi_logging.c +index bd70339c1242e..03d9855a6afd7 100644 +--- a/drivers/scsi/scsi_logging.c ++++ b/drivers/scsi/scsi_logging.c +@@ -16,57 +16,15 @@ + #include + #include + +-#define SCSI_LOG_SPOOLSIZE 4096 +- +-#if (SCSI_LOG_SPOOLSIZE / SCSI_LOG_BUFSIZE) > BITS_PER_LONG +-#warning SCSI logging bitmask too large +-#endif +- +-struct scsi_log_buf { +- char buffer[SCSI_LOG_SPOOLSIZE]; +- unsigned long map; +-}; +- +-static DEFINE_PER_CPU(struct scsi_log_buf, scsi_format_log); +- + static char *scsi_log_reserve_buffer(size_t *len) + { +- struct scsi_log_buf *buf; +- unsigned long map_bits = sizeof(buf->buffer) / SCSI_LOG_BUFSIZE; +- unsigned long idx = 0; +- +- preempt_disable(); +- buf = this_cpu_ptr(&scsi_format_log); +- idx = find_first_zero_bit(&buf->map, map_bits); +- if (likely(idx < map_bits)) { +- while (test_and_set_bit(idx, &buf->map)) { +- idx = find_next_zero_bit(&buf->map, map_bits, idx); +- if (idx >= map_bits) +- break; +- } +- } +- if (WARN_ON(idx >= map_bits)) { +- preempt_enable(); +- return NULL; +- } +- *len = SCSI_LOG_BUFSIZE; +- return buf->buffer + idx * SCSI_LOG_BUFSIZE; ++ *len = 128; ++ return kmalloc(*len, GFP_ATOMIC); + } + + static void scsi_log_release_buffer(char *bufptr) + { +- struct scsi_log_buf *buf; +- unsigned long idx; +- int ret; +- +- buf = this_cpu_ptr(&scsi_format_log); +- if (bufptr >= buf->buffer && +- bufptr < buf->buffer + SCSI_LOG_SPOOLSIZE) { +- idx = (bufptr - buf->buffer) / SCSI_LOG_BUFSIZE; +- ret = test_and_clear_bit(idx, &buf->map); +- WARN_ON(!ret); +- } +- preempt_enable(); ++ kfree(bufptr); + } + + static inline const char *scmd_name(const struct scsi_cmnd *scmd) +diff --git a/include/scsi/scsi_dbg.h b/include/scsi/scsi_dbg.h +index 56710e03101c6..1fcf14aee28a8 100644 +--- a/include/scsi/scsi_dbg.h ++++ b/include/scsi/scsi_dbg.h +@@ -5,8 +5,6 @@ struct scsi_cmnd; + struct scsi_device; + struct scsi_sense_hdr; + +-#define SCSI_LOG_BUFSIZE 128 +- + extern void scsi_print_command(struct scsi_cmnd *); + extern size_t __scsi_format_command(char *, size_t, + const unsigned char *, size_t); +-- +2.20.1 + diff --git a/queue-4.9/security-smack-fix-possible-null-pointer-dereference.patch b/queue-4.9/security-smack-fix-possible-null-pointer-dereference.patch new file mode 100644 index 00000000000..c57bdb5c1bd --- /dev/null +++ b/queue-4.9/security-smack-fix-possible-null-pointer-dereference.patch @@ -0,0 +1,49 @@ +From 0a91b3b037003c4eaec08d4c2417c3ab63d9752b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Jul 2019 18:00:15 +0800 +Subject: security: smack: Fix possible null-pointer dereferences in + smack_socket_sock_rcv_skb() + +From: Jia-Ju Bai + +[ Upstream commit 3f4287e7d98a2954f20bf96c567fdffcd2b63eb9 ] + +In smack_socket_sock_rcv_skb(), there is an if statement +on line 3920 to check whether skb is NULL: + if (skb && skb->secmark != 0) + +This check indicates skb can be NULL in some cases. + +But on lines 3931 and 3932, skb is used: + ad.a.u.net->netif = skb->skb_iif; + ipv6_skb_to_auditdata(skb, &ad.a, NULL); + +Thus, possible null-pointer dereferences may occur when skb is NULL. + +To fix these possible bugs, an if statement is added to check skb. + +These bugs are found by a static analysis tool STCheck written by us. + +Signed-off-by: Jia-Ju Bai +Signed-off-by: Casey Schaufler +Signed-off-by: Sasha Levin +--- + security/smack/smack_lsm.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c +index aeb3ba70f9077..19d1702aa9856 100644 +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -4037,6 +4037,8 @@ access_check: + skp = smack_ipv6host_label(&sadd); + if (skp == NULL) + skp = smack_net_ambient; ++ if (skb == NULL) ++ break; + #ifdef CONFIG_AUDIT + smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); + ad.a.u.net->family = family; +-- +2.20.1 + diff --git a/queue-4.9/series b/queue-4.9/series new file mode 100644 index 00000000000..c725b268676 --- /dev/null +++ b/queue-4.9/series @@ -0,0 +1,30 @@ +drm-bridge-tc358767-increase-aux-transfer-length-lim.patch +video-ssd1307fb-start-page-range-at-page_offset.patch +drm-radeon-fix-eeh-during-kexec.patch +gpu-drm-radeon-fix-a-possible-null-pointer-dereferen.patch +ipmi_si-only-schedule-continuously-in-the-thread-in-.patch +clk-qoriq-fix-wunused-const-variable.patch +clk-sirf-don-t-reference-clk_init_data-after-registr.patch +powerpc-rtas-use-device-model-apis-and-serialization.patch +powerpc-futex-fix-warning-oldval-may-be-used-uniniti.patch +powerpc-pseries-mobility-use-cond_resched-when-updat.patch +pinctrl-tegra-fix-write-barrier-placement-in-pmx_wri.patch +vfio_pci-restore-original-state-on-release.patch +drm-amdgpu-si-fix-asic-tests.patch +powerpc-64s-exception-machine-check-use-correct-cfar.patch +powerpc-pseries-correctly-track-irq-state-in-default.patch +arm64-fix-unreachable-code-issue-with-cmpxchg.patch +clk-at91-select-parent-if-main-oscillator-or-bypass-.patch +scsi-core-reduce-memory-required-for-scsi-logging.patch +clk-jz4740-add-tcu-clock.patch +mips-tlbex-explicitly-cast-_page_no_exec-to-a-boolea.patch +mfd-intel-lpss-remove-d3cold-delay.patch +pci-tegra-fix-of-node-reference-leak.patch +arm-8898-1-mm-don-t-treat-faults-reported-from-cache.patch +hid-apple-fix-stuck-function-keys-when-using-fn.patch +security-smack-fix-possible-null-pointer-dereference.patch +arm-8903-1-ensure-that-usable-memory-in-bank-0-start.patch +fat-work-around-race-with-userspace-s-read-via-block.patch +hypfs-fix-error-number-left-in-struct-pointer-member.patch +ocfs2-wait-for-recovering-done-after-direct-unlock-r.patch +kmemleak-increase-debug_kmemleak_early_log_size-defa.patch diff --git a/queue-4.9/vfio_pci-restore-original-state-on-release.patch b/queue-4.9/vfio_pci-restore-original-state-on-release.patch new file mode 100644 index 00000000000..5cf81789b75 --- /dev/null +++ b/queue-4.9/vfio_pci-restore-original-state-on-release.patch @@ -0,0 +1,60 @@ +From d6901b1c02e831f74399e2cf8d159133fe6a00dc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 22 Aug 2019 11:35:19 +0800 +Subject: vfio_pci: Restore original state on release + +From: hexin + +[ Upstream commit 92c8026854c25093946e0d7fe536fd9eac440f06 ] + +vfio_pci_enable() saves the device's initial configuration information +with the intent that it is restored in vfio_pci_disable(). However, +the commit referenced in Fixes: below replaced the call to +__pci_reset_function_locked(), which is not wrapped in a state save +and restore, with pci_try_reset_function(), which overwrites the +restored device state with the current state before applying it to the +device. Reinstate use of __pci_reset_function_locked() to return to +the desired behavior. + +Fixes: 890ed578df82 ("vfio-pci: Use pci "try" reset interface") +Signed-off-by: hexin +Signed-off-by: Liu Qi +Signed-off-by: Zhang Yu +Signed-off-by: Alex Williamson +Signed-off-by: Sasha Levin +--- + drivers/vfio/pci/vfio_pci.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/drivers/vfio/pci/vfio_pci.c b/drivers/vfio/pci/vfio_pci.c +index f9a75df2d22d1..a1a712d18e028 100644 +--- a/drivers/vfio/pci/vfio_pci.c ++++ b/drivers/vfio/pci/vfio_pci.c +@@ -356,11 +356,20 @@ static void vfio_pci_disable(struct vfio_pci_device *vdev) + pci_write_config_word(pdev, PCI_COMMAND, PCI_COMMAND_INTX_DISABLE); + + /* +- * Try to reset the device. The success of this is dependent on +- * being able to lock the device, which is not always possible. ++ * Try to get the locks ourselves to prevent a deadlock. The ++ * success of this is dependent on being able to lock the device, ++ * which is not always possible. ++ * We can not use the "try" reset interface here, which will ++ * overwrite the previously restored configuration information. + */ +- if (vdev->reset_works && !pci_try_reset_function(pdev)) +- vdev->needs_reset = false; ++ if (vdev->reset_works && pci_cfg_access_trylock(pdev)) { ++ if (device_trylock(&pdev->dev)) { ++ if (!__pci_reset_function_locked(pdev)) ++ vdev->needs_reset = false; ++ device_unlock(&pdev->dev); ++ } ++ pci_cfg_access_unlock(pdev); ++ } + + pci_restore_state(pdev); + out: +-- +2.20.1 + diff --git a/queue-4.9/video-ssd1307fb-start-page-range-at-page_offset.patch b/queue-4.9/video-ssd1307fb-start-page-range-at-page_offset.patch new file mode 100644 index 00000000000..1699097ca14 --- /dev/null +++ b/queue-4.9/video-ssd1307fb-start-page-range-at-page_offset.patch @@ -0,0 +1,47 @@ +From fb5cb1d72e1306d74a2de96d308453c940b955a7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 18 Jun 2019 10:41:08 +0300 +Subject: video: ssd1307fb: Start page range at page_offset +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Marko Kohtala + +[ Upstream commit dd9782834dd9dde3624ff1acea8859f3d3e792d4 ] + +The page_offset was only applied to the end of the page range. This caused +the display updates to cause a scrolling effect on the display because the +amount of data written to the display did not match the range display +expected. + +Fixes: 301bc0675b67 ("video: ssd1307fb: Make use of horizontal addressing mode") +Signed-off-by: Marko Kohtala +Cc: Mark Rutland +Cc: Rob Herring +Cc: Daniel Vetter +Cc: David Airlie +Cc: Michal Vokáč +Signed-off-by: Bartlomiej Zolnierkiewicz +Link: https://patchwork.freedesktop.org/patch/msgid/20190618074111.9309-4-marko.kohtala@okoko.fi +Signed-off-by: Sasha Levin +--- + drivers/video/fbdev/ssd1307fb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/video/fbdev/ssd1307fb.c b/drivers/video/fbdev/ssd1307fb.c +index 2925d5ce8d3e5..1267b93c03bd0 100644 +--- a/drivers/video/fbdev/ssd1307fb.c ++++ b/drivers/video/fbdev/ssd1307fb.c +@@ -430,7 +430,7 @@ static int ssd1307fb_init(struct ssd1307fb_par *par) + if (ret < 0) + return ret; + +- ret = ssd1307fb_write_cmd(par->client, 0x0); ++ ret = ssd1307fb_write_cmd(par->client, par->page_offset); + if (ret < 0) + return ret; + +-- +2.20.1 +