From: Greg Kroah-Hartman Date: Sat, 29 Oct 2016 13:19:26 +0000 (-0400) Subject: 4.4-stable patches X-Git-Tag: v4.4.29~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=322a945115a77fd3093948de74331b71de13daf6;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: arm-pxa-pxa_cplds-fix-interrupt-handling.patch clk-divider-fix-clk_divider_round_rate-to-use-clk_readl.patch clk-qoriq-fix-a-register-offset-error.patch mpt3sas-don-t-spam-logs-if-logging-level-is-0.patch perf-hists-browser-fix-event-group-display.patch perf-symbols-check-symbol_conf.allow_aliases-for-kallsyms-loading-too.patch perf-symbols-fixup-symbol-sizes-before-picking-best-ones.patch powerpc-nvram-fix-an-incorrect-partition-merge.patch s390-cio-fix-accidental-interrupt-enabling-during-resume.patch s390-con3270-fix-insufficient-space-padding.patch s390-con3270-fix-use-of-uninitialised-data.patch --- diff --git a/queue-4.4/arm-pxa-pxa_cplds-fix-interrupt-handling.patch b/queue-4.4/arm-pxa-pxa_cplds-fix-interrupt-handling.patch new file mode 100644 index 00000000000..90261145caf --- /dev/null +++ b/queue-4.4/arm-pxa-pxa_cplds-fix-interrupt-handling.patch @@ -0,0 +1,120 @@ +From 9ba63e3cc849cdaf3b675c47cc51fe35419e5117 Mon Sep 17 00:00:00 2001 +From: Robert Jarzmik +Date: Sun, 4 Sep 2016 20:59:45 +0200 +Subject: ARM: pxa: pxa_cplds: fix interrupt handling + +From: Robert Jarzmik + +commit 9ba63e3cc849cdaf3b675c47cc51fe35419e5117 upstream. + +Since its initial commit, the driver is buggy for multiple interrupts +handling. The translation from the former lubbock.c file was not +complete, and might stall all interrupt handling when multiple +interrupts occur. + +This is especially true when inside the interrupt handler and if a new +interrupt comes and is not handled, leaving the output line still held, +and not creating a transition as the GPIO block behind would expect to +trigger another cplds_irq_handler() call. + +For the record, the hardware is working as follows. + +The interrupt mechanism relies on : + - one status register + - one mask register + +Let's suppose the input irq lines are called : + - i_sa1111 + - i_lan91x + - i_mmc_cd +Let's suppose the status register for each irq line is called : + - status_sa1111 + - status_lan91x + - status_mmc_cd +Let's suppose the interrupt mask for each irq line is called : + - irqen_sa1111 + - irqen_lan91x + - irqen_mmc_cd +Let's suppose the output irq line, connected to GPIO0 is called : + - o_gpio0 + +The behavior is as follows : + - o_gpio0 = not((status_sa1111 & irqen_sa1111) | + (status_lan91x & irqen_lan91x) | + (status_mmc_cd & irqen_mmc_cd)) + => this is a N-to-1 NOR gate and multiple AND gates + - irqen_* is exactly as programmed by a write to the FPGA + - status_* behavior is governed by a bi-stable D flip-flop + => on next FPGA clock : + - if i_xxx is high, status_xxx becomes 1 + - if i_xxx is low, status_xxx remains as it is + - if software sets status_xxx to 0, the D flip-flop is reset + => status_xxx becomes 0 + => on next FPGA clock cycle, if i_xxx is high, status_xxx becomes + 1 again + +Fixes: fc9e38c0f4d3 ("ARM: pxa: lubbock: use new pxa_cplds driver") +Reported-by: Russell King +Signed-off-by: Robert Jarzmik +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-pxa/pxa_cplds_irqs.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +--- a/arch/arm/mach-pxa/pxa_cplds_irqs.c ++++ b/arch/arm/mach-pxa/pxa_cplds_irqs.c +@@ -41,30 +41,35 @@ static irqreturn_t cplds_irq_handler(int + unsigned long pending; + unsigned int bit; + +- pending = readl(fpga->base + FPGA_IRQ_SET_CLR) & fpga->irq_mask; +- for_each_set_bit(bit, &pending, CPLDS_NB_IRQ) +- generic_handle_irq(irq_find_mapping(fpga->irqdomain, bit)); ++ do { ++ pending = readl(fpga->base + FPGA_IRQ_SET_CLR) & fpga->irq_mask; ++ for_each_set_bit(bit, &pending, CPLDS_NB_IRQ) { ++ generic_handle_irq(irq_find_mapping(fpga->irqdomain, ++ bit)); ++ } ++ } while (pending); + + return IRQ_HANDLED; + } + +-static void cplds_irq_mask_ack(struct irq_data *d) ++static void cplds_irq_mask(struct irq_data *d) + { + struct cplds *fpga = irq_data_get_irq_chip_data(d); + unsigned int cplds_irq = irqd_to_hwirq(d); +- unsigned int set, bit = BIT(cplds_irq); ++ unsigned int bit = BIT(cplds_irq); + + fpga->irq_mask &= ~bit; + writel(fpga->irq_mask, fpga->base + FPGA_IRQ_MASK_EN); +- set = readl(fpga->base + FPGA_IRQ_SET_CLR); +- writel(set & ~bit, fpga->base + FPGA_IRQ_SET_CLR); + } + + static void cplds_irq_unmask(struct irq_data *d) + { + struct cplds *fpga = irq_data_get_irq_chip_data(d); + unsigned int cplds_irq = irqd_to_hwirq(d); +- unsigned int bit = BIT(cplds_irq); ++ unsigned int set, bit = BIT(cplds_irq); ++ ++ set = readl(fpga->base + FPGA_IRQ_SET_CLR); ++ writel(set & ~bit, fpga->base + FPGA_IRQ_SET_CLR); + + fpga->irq_mask |= bit; + writel(fpga->irq_mask, fpga->base + FPGA_IRQ_MASK_EN); +@@ -72,7 +77,8 @@ static void cplds_irq_unmask(struct irq_ + + static struct irq_chip cplds_irq_chip = { + .name = "pxa_cplds", +- .irq_mask_ack = cplds_irq_mask_ack, ++ .irq_ack = cplds_irq_mask, ++ .irq_mask = cplds_irq_mask, + .irq_unmask = cplds_irq_unmask, + .flags = IRQCHIP_MASK_ON_SUSPEND | IRQCHIP_SKIP_SET_WAKE, + }; diff --git a/queue-4.4/clk-divider-fix-clk_divider_round_rate-to-use-clk_readl.patch b/queue-4.4/clk-divider-fix-clk_divider_round_rate-to-use-clk_readl.patch new file mode 100644 index 00000000000..7f5813d2f88 --- /dev/null +++ b/queue-4.4/clk-divider-fix-clk_divider_round_rate-to-use-clk_readl.patch @@ -0,0 +1,34 @@ +From 2cf9a57811bddb6fa6b0f8d7376da164d5534813 Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Fri, 12 Aug 2016 14:37:54 +0200 +Subject: clk: divider: Fix clk_divider_round_rate() to use clk_readl() + +From: Geert Uytterhoeven + +commit 2cf9a57811bddb6fa6b0f8d7376da164d5534813 upstream. + +clk-divider uses clk_readl()/clk_writel() everywhere, except in +clk_divider_round_rate(), where plain readl() is used. Change this to +clk_readl(), as it makes a difference on powerpc. + +Fixes: e6d5e7d90be92cee ("clk-divider: Fix READ_ONLY when divider > 1") +Signed-off-by: Geert Uytterhoeven +Reviewed-by: James Hogan +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/clk-divider.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/clk/clk-divider.c ++++ b/drivers/clk/clk-divider.c +@@ -354,7 +354,7 @@ static long clk_divider_round_rate(struc + + /* if read only, just return current value */ + if (divider->flags & CLK_DIVIDER_READ_ONLY) { +- bestdiv = readl(divider->reg) >> divider->shift; ++ bestdiv = clk_readl(divider->reg) >> divider->shift; + bestdiv &= div_mask(divider->width); + bestdiv = _get_div(divider->table, bestdiv, divider->flags, + divider->width); diff --git a/queue-4.4/clk-qoriq-fix-a-register-offset-error.patch b/queue-4.4/clk-qoriq-fix-a-register-offset-error.patch new file mode 100644 index 00000000000..d3aeabe46cc --- /dev/null +++ b/queue-4.4/clk-qoriq-fix-a-register-offset-error.patch @@ -0,0 +1,38 @@ +From 8964193f6bfda5c4cf14eedb7e94892c1f1c34f0 Mon Sep 17 00:00:00 2001 +From: Tang Yuantian +Date: Mon, 15 Aug 2016 15:28:20 +0800 +Subject: clk: qoriq: fix a register offset error + +From: Tang Yuantian + +commit 8964193f6bfda5c4cf14eedb7e94892c1f1c34f0 upstream. + +The offset of Core Cluster clock control/status register +on cluster group V3 version is different from others, and +should be plus 0x70000. + +Signed-off-by: Tang Yuantian +Reviewed-by: Scott Wood +Fixes: 9e19ca2f627e ("clk: qoriq: Add ls2080a support.") +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/clk-qoriq.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/clk/clk-qoriq.c ++++ b/drivers/clk/clk-qoriq.c +@@ -766,7 +766,11 @@ static struct clk * __init create_one_cm + if (!hwc) + return NULL; + +- hwc->reg = cg->regs + 0x20 * idx; ++ if (cg->info.flags & CG_VER3) ++ hwc->reg = cg->regs + 0x70000 + 0x20 * idx; ++ else ++ hwc->reg = cg->regs + 0x20 * idx; ++ + hwc->info = cg->info.cmux_groups[cg->info.cmux_to_group[idx]]; + + /* diff --git a/queue-4.4/mpt3sas-don-t-spam-logs-if-logging-level-is-0.patch b/queue-4.4/mpt3sas-don-t-spam-logs-if-logging-level-is-0.patch new file mode 100644 index 00000000000..a8e972e1248 --- /dev/null +++ b/queue-4.4/mpt3sas-don-t-spam-logs-if-logging-level-is-0.patch @@ -0,0 +1,37 @@ +From 0d667f72b2a20bbac72bec0ab11467fc70bb0f1f Mon Sep 17 00:00:00 2001 +From: Johannes Thumshirn +Date: Wed, 3 Aug 2016 15:00:18 +0200 +Subject: mpt3sas: Don't spam logs if logging level is 0 + +From: Johannes Thumshirn + +commit 0d667f72b2a20bbac72bec0ab11467fc70bb0f1f upstream. + +In _scsih_io_done() we test if the ioc->logging_level does _not_ have +the MPT_DEBUG_REPLY bit set and if it hasn't we print the debug +messages. This unfortunately is the wrong way around. + +Note, the actual bug is older than af0094115 but this commit removed the +CONFIG_SCSI_MPT3SAS_LOGGING Kconfig option which hid the bug. + +Fixes: af0094115 'mpt2sas, mpt3sas: Remove SCSI_MPTXSAS_LOGGING entry from Kconfig' +Signed-off-by: Johannes Thumshirn +Acked-by: Chaitra P B +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +@@ -4510,7 +4510,7 @@ _scsih_io_done(struct MPT3SAS_ADAPTER *i + le16_to_cpu(mpi_reply->DevHandle)); + mpt3sas_trigger_scsi(ioc, data.skey, data.asc, data.ascq); + +- if (!(ioc->logging_level & MPT_DEBUG_REPLY) && ++ if ((ioc->logging_level & MPT_DEBUG_REPLY) && + ((scmd->sense_buffer[2] == UNIT_ATTENTION) || + (scmd->sense_buffer[2] == MEDIUM_ERROR) || + (scmd->sense_buffer[2] == HARDWARE_ERROR))) diff --git a/queue-4.4/perf-hists-browser-fix-event-group-display.patch b/queue-4.4/perf-hists-browser-fix-event-group-display.patch new file mode 100644 index 00000000000..7bb40b278d3 --- /dev/null +++ b/queue-4.4/perf-hists-browser-fix-event-group-display.patch @@ -0,0 +1,49 @@ +From d9ea48bc4e7cc297ca1073fa3f90ed80d964b7b4 Mon Sep 17 00:00:00 2001 +From: Namhyung Kim +Date: Mon, 12 Sep 2016 15:19:52 +0900 +Subject: perf hists browser: Fix event group display + +From: Namhyung Kim + +commit d9ea48bc4e7cc297ca1073fa3f90ed80d964b7b4 upstream. + +Milian reported that the event group on TUI shows duplicated overhead. +This was due to a bug on calculating hpp->buf position. The +hpp_advance() was called from __hpp__slsmg_color_printf() on TUI but +it's already called from the hpp__call_print_fn macro in __hpp__fmt(). +The end result is that the print function returns number of bytes it +printed but the buffer advanced twice of the length. + +This is generally not a problem since it doesn't need to access the +buffer again. But with event group, overhead needs to be printed +multiple times and hist_entry__snprintf_alignment() tries to fill the +space with buffer after it printed. So it (brokenly) showed the last +overhead again. + +The bug was there from the beginning, but I think it's only revealed +when the alignment function was added. + +Reported-by: Milian Wolff +Signed-off-by: Namhyung Kim +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: Peter Zijlstra +Fixes: 89fee7094323 ("perf hists: Do column alignment on the format iterator") +Link: http://lkml.kernel.org/r/20160912061958.16656-2-namhyung@kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/ui/browsers/hists.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/tools/perf/ui/browsers/hists.c ++++ b/tools/perf/ui/browsers/hists.c +@@ -684,7 +684,6 @@ static int __hpp__slsmg_color_printf(str + ret = scnprintf(hpp->buf, hpp->size, fmt, len, percent); + ui_browser__printf(arg->b, "%s", hpp->buf); + +- advance_hpp(hpp, ret); + return ret; + } + diff --git a/queue-4.4/perf-symbols-check-symbol_conf.allow_aliases-for-kallsyms-loading-too.patch b/queue-4.4/perf-symbols-check-symbol_conf.allow_aliases-for-kallsyms-loading-too.patch new file mode 100644 index 00000000000..6ae10cc6fd3 --- /dev/null +++ b/queue-4.4/perf-symbols-check-symbol_conf.allow_aliases-for-kallsyms-loading-too.patch @@ -0,0 +1,54 @@ +From c97b40e4d15f13a36cd037d598e45cbe9e1e5757 Mon Sep 17 00:00:00 2001 +From: Arnaldo Carvalho de Melo +Date: Thu, 1 Sep 2016 10:56:06 -0300 +Subject: perf symbols: Check symbol_conf.allow_aliases for kallsyms loading too + +From: Arnaldo Carvalho de Melo + +commit c97b40e4d15f13a36cd037d598e45cbe9e1e5757 upstream. + +We can allow aliases to be kept, but we were checking this just when +loading vmlinux files, be consistent, do it for any symbol table loading +code that calls symbol__fixup_duplicate() by making this function check +.allow_aliases instead. + +Cc: Adrian Hunter +Cc: David Ahern +Cc: Jiri Olsa +Cc: Masami Hiramatsu +Cc: Namhyung Kim +Cc: Wang Nan +Fixes: 680d926a8cb0 ("perf symbols: Allow symbol alias when loading map for symbol name") +Link: http://lkml.kernel.org/n/tip-z0avp0s6cfjckc4xj3pdfjdz@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/symbol-elf.c | 3 +-- + tools/perf/util/symbol.c | 3 +++ + 2 files changed, 4 insertions(+), 2 deletions(-) + +--- a/tools/perf/util/symbol-elf.c ++++ b/tools/perf/util/symbol-elf.c +@@ -1091,8 +1091,7 @@ new_symbol: + * For misannotated, zeroed, ASM function sizes. + */ + if (nr > 0) { +- if (!symbol_conf.allow_aliases) +- symbols__fixup_duplicate(&dso->symbols[map->type]); ++ symbols__fixup_duplicate(&dso->symbols[map->type]); + symbols__fixup_end(&dso->symbols[map->type]); + if (kmap) { + /* +--- a/tools/perf/util/symbol.c ++++ b/tools/perf/util/symbol.c +@@ -151,6 +151,9 @@ void symbols__fixup_duplicate(struct rb_ + struct rb_node *nd; + struct symbol *curr, *next; + ++ if (symbol_conf.allow_aliases) ++ return; ++ + nd = rb_first(symbols); + + while (nd) { diff --git a/queue-4.4/perf-symbols-fixup-symbol-sizes-before-picking-best-ones.patch b/queue-4.4/perf-symbols-fixup-symbol-sizes-before-picking-best-ones.patch new file mode 100644 index 00000000000..7aec22ebfd4 --- /dev/null +++ b/queue-4.4/perf-symbols-fixup-symbol-sizes-before-picking-best-ones.patch @@ -0,0 +1,61 @@ +From 432746f8e0b6a82ba832b771afe31abd51af6752 Mon Sep 17 00:00:00 2001 +From: Arnaldo Carvalho de Melo +Date: Thu, 1 Sep 2016 11:00:23 -0300 +Subject: perf symbols: Fixup symbol sizes before picking best ones + +From: Arnaldo Carvalho de Melo + +commit 432746f8e0b6a82ba832b771afe31abd51af6752 upstream. + +When we call symbol__fixup_duplicate() we use algorithms to pick the +"best" symbols for cases where there are various functions/aliases to an +address, and those check zero size symbols, which, before calling +symbol__fixup_end() are _all_ symbols in a just parsed kallsyms file. + +So first fixup the end, then fixup the duplicates. + +Found while trying to figure out why 'perf test vmlinux' failed, see the +output of 'perf test -v vmlinux' to see cases where the symbols picked +as best for vmlinux don't match the ones picked for kallsyms. + +Cc: Anton Blanchard +Cc: Adrian Hunter +Cc: David Ahern +Cc: Jiri Olsa +Cc: Masami Hiramatsu +Cc: Namhyung Kim +Cc: Wang Nan +Fixes: 694bf407b061 ("perf symbols: Add some heuristics for choosing the best duplicate symbol") +Link: http://lkml.kernel.org/n/tip-rxqvdgr0mqjdxee0kf8i2ufn@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/symbol-elf.c | 2 +- + tools/perf/util/symbol.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/tools/perf/util/symbol-elf.c ++++ b/tools/perf/util/symbol-elf.c +@@ -1091,8 +1091,8 @@ new_symbol: + * For misannotated, zeroed, ASM function sizes. + */ + if (nr > 0) { +- symbols__fixup_duplicate(&dso->symbols[map->type]); + symbols__fixup_end(&dso->symbols[map->type]); ++ symbols__fixup_duplicate(&dso->symbols[map->type]); + if (kmap) { + /* + * We need to fixup this here too because we create new +--- a/tools/perf/util/symbol.c ++++ b/tools/perf/util/symbol.c +@@ -1278,8 +1278,8 @@ int dso__load_kallsyms(struct dso *dso, + if (kallsyms__delta(map, filename, &delta)) + return -1; + +- symbols__fixup_duplicate(&dso->symbols[map->type]); + symbols__fixup_end(&dso->symbols[map->type]); ++ symbols__fixup_duplicate(&dso->symbols[map->type]); + + if (dso->kernel == DSO_TYPE_GUEST_KERNEL) + dso->symtab_type = DSO_BINARY_TYPE__GUEST_KALLSYMS; diff --git a/queue-4.4/powerpc-nvram-fix-an-incorrect-partition-merge.patch b/queue-4.4/powerpc-nvram-fix-an-incorrect-partition-merge.patch new file mode 100644 index 00000000000..d7233233597 --- /dev/null +++ b/queue-4.4/powerpc-nvram-fix-an-incorrect-partition-merge.patch @@ -0,0 +1,47 @@ +From 11b7e154b132232535befe51c55db048069c8461 Mon Sep 17 00:00:00 2001 +From: Pan Xinhui +Date: Thu, 10 Dec 2015 15:30:02 +0800 +Subject: powerpc/nvram: Fix an incorrect partition merge + +From: Pan Xinhui + +commit 11b7e154b132232535befe51c55db048069c8461 upstream. + +When we merge two contiguous partitions whose signatures are marked +NVRAM_SIG_FREE, We need update prev's length and checksum, then write it +to nvram, not cur's. So lets fix this mistake now. + +Also use memset instead of strncpy to set the partition's name. It's +more readable if we want to fill up with duplicate chars . + +Fixes: fa2b4e54d41f ("powerpc/nvram: Improve partition removal") +Signed-off-by: Pan Xinhui +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/nvram_64.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/powerpc/kernel/nvram_64.c ++++ b/arch/powerpc/kernel/nvram_64.c +@@ -969,7 +969,7 @@ int __init nvram_remove_partition(const + + /* Make partition a free partition */ + part->header.signature = NVRAM_SIG_FREE; +- strncpy(part->header.name, "wwwwwwwwwwww", 12); ++ memset(part->header.name, 'w', 12); + part->header.checksum = nvram_checksum(&part->header); + rc = nvram_write_header(part); + if (rc <= 0) { +@@ -987,8 +987,8 @@ int __init nvram_remove_partition(const + } + if (prev) { + prev->header.length += part->header.length; +- prev->header.checksum = nvram_checksum(&part->header); +- rc = nvram_write_header(part); ++ prev->header.checksum = nvram_checksum(&prev->header); ++ rc = nvram_write_header(prev); + if (rc <= 0) { + printk(KERN_ERR "nvram_remove_partition: nvram_write failed (%d)\n", rc); + return rc; diff --git a/queue-4.4/s390-cio-fix-accidental-interrupt-enabling-during-resume.patch b/queue-4.4/s390-cio-fix-accidental-interrupt-enabling-during-resume.patch new file mode 100644 index 00000000000..f375cdc3252 --- /dev/null +++ b/queue-4.4/s390-cio-fix-accidental-interrupt-enabling-during-resume.patch @@ -0,0 +1,127 @@ +From d53c51f26145657aa7c55fa396f93677e613548d Mon Sep 17 00:00:00 2001 +From: Sebastian Ott +Date: Wed, 28 Sep 2016 13:36:19 +0200 +Subject: s390/cio: fix accidental interrupt enabling during resume + +From: Sebastian Ott + +commit d53c51f26145657aa7c55fa396f93677e613548d upstream. + +Since commit 9f3d6d7 chsc_get_channel_measurement_chars is called with +interrupts disabled during resume from hibernate. Since this function +used spin_unlock_irq, interrupts have been enabled accidentally. Fix +this by using the irqsave variant. + +Since we can't guarantee the IRQ-enablement state for all (future/ +external) callers, change the locking in related functions to prevent +similar bugs in the future. + +Fixes: 9f3d6d7 ("s390/cio: update measurement characteristics") +Signed-off-by: Sebastian Ott +Reviewed-by: Peter Oberparleiter +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/cio/chsc.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +--- a/drivers/s390/cio/chsc.c ++++ b/drivers/s390/cio/chsc.c +@@ -95,12 +95,13 @@ struct chsc_ssd_area { + int chsc_get_ssd_info(struct subchannel_id schid, struct chsc_ssd_info *ssd) + { + struct chsc_ssd_area *ssd_area; ++ unsigned long flags; + int ccode; + int ret; + int i; + int mask; + +- spin_lock_irq(&chsc_page_lock); ++ spin_lock_irqsave(&chsc_page_lock, flags); + memset(chsc_page, 0, PAGE_SIZE); + ssd_area = chsc_page; + ssd_area->request.length = 0x0010; +@@ -144,7 +145,7 @@ int chsc_get_ssd_info(struct subchannel_ + ssd->fla[i] = ssd_area->fla[i]; + } + out: +- spin_unlock_irq(&chsc_page_lock); ++ spin_unlock_irqrestore(&chsc_page_lock, flags); + return ret; + } + +@@ -832,9 +833,10 @@ int __chsc_do_secm(struct channel_subsys + u32 fmt : 4; + u32 : 16; + } __attribute__ ((packed)) *secm_area; ++ unsigned long flags; + int ret, ccode; + +- spin_lock_irq(&chsc_page_lock); ++ spin_lock_irqsave(&chsc_page_lock, flags); + memset(chsc_page, 0, PAGE_SIZE); + secm_area = chsc_page; + secm_area->request.length = 0x0050; +@@ -864,7 +866,7 @@ int __chsc_do_secm(struct channel_subsys + CIO_CRW_EVENT(2, "chsc: secm failed (rc=%04x)\n", + secm_area->response.code); + out: +- spin_unlock_irq(&chsc_page_lock); ++ spin_unlock_irqrestore(&chsc_page_lock, flags); + return ret; + } + +@@ -993,6 +995,7 @@ chsc_initialize_cmg_chars(struct channel + + int chsc_get_channel_measurement_chars(struct channel_path *chp) + { ++ unsigned long flags; + int ccode, ret; + + struct { +@@ -1022,7 +1025,7 @@ int chsc_get_channel_measurement_chars(s + if (!css_chsc_characteristics.scmc || !css_chsc_characteristics.secm) + return 0; + +- spin_lock_irq(&chsc_page_lock); ++ spin_lock_irqsave(&chsc_page_lock, flags); + memset(chsc_page, 0, PAGE_SIZE); + scmc_area = chsc_page; + scmc_area->request.length = 0x0010; +@@ -1054,7 +1057,7 @@ int chsc_get_channel_measurement_chars(s + chsc_initialize_cmg_chars(chp, scmc_area->cmcv, + (struct cmg_chars *) &scmc_area->data); + out: +- spin_unlock_irq(&chsc_page_lock); ++ spin_unlock_irqrestore(&chsc_page_lock, flags); + return ret; + } + +@@ -1135,6 +1138,7 @@ struct css_chsc_char css_chsc_characteri + int __init + chsc_determine_css_characteristics(void) + { ++ unsigned long flags; + int result; + struct { + struct chsc_header request; +@@ -1147,7 +1151,7 @@ chsc_determine_css_characteristics(void) + u32 chsc_char[508]; + } __attribute__ ((packed)) *scsc_area; + +- spin_lock_irq(&chsc_page_lock); ++ spin_lock_irqsave(&chsc_page_lock, flags); + memset(chsc_page, 0, PAGE_SIZE); + scsc_area = chsc_page; + scsc_area->request.length = 0x0010; +@@ -1169,7 +1173,7 @@ chsc_determine_css_characteristics(void) + CIO_CRW_EVENT(2, "chsc: scsc failed (rc=%04x)\n", + scsc_area->response.code); + exit: +- spin_unlock_irq(&chsc_page_lock); ++ spin_unlock_irqrestore(&chsc_page_lock, flags); + return result; + } + diff --git a/queue-4.4/s390-con3270-fix-insufficient-space-padding.patch b/queue-4.4/s390-con3270-fix-insufficient-space-padding.patch new file mode 100644 index 00000000000..c5f81298b5a --- /dev/null +++ b/queue-4.4/s390-con3270-fix-insufficient-space-padding.patch @@ -0,0 +1,61 @@ +From 6cd997db911f28f2510b771691270c52b63ed2e6 Mon Sep 17 00:00:00 2001 +From: Sascha Silbe +Date: Tue, 20 Sep 2016 19:09:07 +0200 +Subject: s390/con3270: fix insufficient space padding + +From: Sascha Silbe + +commit 6cd997db911f28f2510b771691270c52b63ed2e6 upstream. + +con3270 contains an optimisation that reduces the amount of data to be +transmitted to the 3270 terminal by putting a Repeat to Address (RA) +order into the data stream. The RA order itself takes up space, so +con3270 only uses it if there's enough space left in the line +buffer. Otherwise it just pads out the line manually. + +For lines that were _just_ short enough that the RA order still fit in +the line buffer, the line was instead padded with an insufficient +amount of spaces. This was caused by examining the size of the +allocated line buffer rather than the length of the string to be +displayed. + +For con3270_cline_end(), we just compare against the line length. For +con3270_update_string() however that isn't available anymore, so we +check whether the Repeat to Address order is present. + +Fixes: f51320a5 ("[PATCH] s390: new 3270 driver.") (tglx/history.git) +Tested-by: Jing Liu +Tested-by: Yang Chen +Signed-off-by: Sascha Silbe +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/char/con3270.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/s390/char/con3270.c ++++ b/drivers/s390/char/con3270.c +@@ -124,7 +124,12 @@ con3270_create_status(struct con3270 *cp + static void + con3270_update_string(struct con3270 *cp, struct string *s, int nr) + { +- if (s->len >= cp->view.cols - 5) ++ if (s->len < 4) { ++ /* This indicates a bug, but printing a warning would ++ * cause a deadlock. */ ++ return; ++ } ++ if (s->string[s->len - 4] != TO_RA) + return; + raw3270_buffer_address(cp->view.dev, s->string + s->len - 3, + cp->view.cols * (nr + 1)); +@@ -461,7 +466,7 @@ con3270_cline_end(struct con3270 *cp) + cp->cline->len + 4 : cp->view.cols; + s = con3270_alloc_string(cp, size); + memcpy(s->string, cp->cline->string, cp->cline->len); +- if (s->len < cp->view.cols - 5) { ++ if (cp->cline->len < cp->view.cols - 5) { + s->string[s->len - 4] = TO_RA; + s->string[s->len - 1] = 0; + } else { diff --git a/queue-4.4/s390-con3270-fix-use-of-uninitialised-data.patch b/queue-4.4/s390-con3270-fix-use-of-uninitialised-data.patch new file mode 100644 index 00000000000..3523a3ca4f3 --- /dev/null +++ b/queue-4.4/s390-con3270-fix-use-of-uninitialised-data.patch @@ -0,0 +1,48 @@ +From c14f2aac7aa147861793eed9f41f91dd530f0be1 Mon Sep 17 00:00:00 2001 +From: Sascha Silbe +Date: Thu, 11 Aug 2016 21:34:54 +0200 +Subject: s390/con3270: fix use of uninitialised data + +From: Sascha Silbe + +commit c14f2aac7aa147861793eed9f41f91dd530f0be1 upstream. + +con3270 contains an optimisation that reduces the amount of data to be +transmitted to the 3270 terminal by putting a Repeat to Address (RA) +order into the data stream. The RA order itself takes up space, so +con3270 only uses it if there's enough space left in the line +buffer. Otherwise it just pads out the line manually. + +For lines too long to include the RA order, one byte was left +uninitialised. This was caused by an off-by-one bug in the loop that +pads out the line. Since the buffer is allocated from a common pool, +the single byte left uninitialised contained some previous buffer +content. Usually this was just a space or some character (which can +result in clutter but is otherwise harmless). Sometimes, however, it +was a Repeat to Address order, messing up the entire screen layout and +causing the display to send the entire buffer content on every +keystroke. + +Fixes: f51320a5 ("[PATCH] s390: new 3270 driver.") (tglx/history.git) +Reported-by: Liu Jing +Tested-by: Jing Liu +Tested-by: Yang Chen +Signed-off-by: Sascha Silbe +Signed-off-by: Martin Schwidefsky +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/char/con3270.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/s390/char/con3270.c ++++ b/drivers/s390/char/con3270.c +@@ -465,7 +465,7 @@ con3270_cline_end(struct con3270 *cp) + s->string[s->len - 4] = TO_RA; + s->string[s->len - 1] = 0; + } else { +- while (--size > cp->cline->len) ++ while (--size >= cp->cline->len) + s->string[size] = cp->view.ascebc[' ']; + } + /* Replace cline with allocated line s and reset cline. */ diff --git a/queue-4.4/series b/queue-4.4/series index a9a4cc1f769..6150411c521 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -38,3 +38,14 @@ staging-r8188eu-fix-scheduling-while-atomic-splat.patch power-bq24257-fix-use-of-uninitialized-pointer-bq-charger.patch dmaengine-ipu-remove-bogus-no_irq-reference.patch x86-mm-expand-the-exception-table-logic-to-allow-new-handling-options.patch +s390-cio-fix-accidental-interrupt-enabling-during-resume.patch +s390-con3270-fix-use-of-uninitialised-data.patch +s390-con3270-fix-insufficient-space-padding.patch +clk-qoriq-fix-a-register-offset-error.patch +clk-divider-fix-clk_divider_round_rate-to-use-clk_readl.patch +perf-hists-browser-fix-event-group-display.patch +perf-symbols-check-symbol_conf.allow_aliases-for-kallsyms-loading-too.patch +perf-symbols-fixup-symbol-sizes-before-picking-best-ones.patch +mpt3sas-don-t-spam-logs-if-logging-level-is-0.patch +powerpc-nvram-fix-an-incorrect-partition-merge.patch +arm-pxa-pxa_cplds-fix-interrupt-handling.patch