From: Sasha Levin Date: Sun, 22 Dec 2019 02:37:23 +0000 (-0500) Subject: fixes for 4.4 X-Git-Tag: v4.14.161~47 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3dd95a6f523eab5db26dd4f06e43864a7d8e0e50;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 4.4 Signed-off-by: Sasha Levin --- diff --git a/queue-4.4/arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch b/queue-4.4/arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch new file mode 100644 index 00000000000..c75bd27728a --- /dev/null +++ b/queue-4.4/arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch @@ -0,0 +1,73 @@ +From 0df5e5149b8d6dcbcd3408665318e3f95c5bc272 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 21 Oct 2019 19:31:21 +0800 +Subject: arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() + +From: Yunfeng Ye + +[ Upstream commit bfcef4ab1d7ee8921bc322109b1692036cc6cbe0 ] + +In cases like suspend-to-disk and suspend-to-ram, a large number of CPU +cores need to be shut down. At present, the CPU hotplug operation is +serialised, and the CPU cores can only be shut down one by one. In this +process, if PSCI affinity_info() does not return LEVEL_OFF quickly, +cpu_psci_cpu_kill() needs to wait for 10ms. If hundreds of CPU cores +need to be shut down, it will take a long time. + +Normally, there is no need to wait 10ms in cpu_psci_cpu_kill(). So +change the wait interval from 10 ms to max 1 ms and use usleep_range() +instead of msleep() for more accurate timer. + +In addition, reducing the time interval will increase the messages +output, so remove the "Retry ..." message, instead, track time and +output to the the sucessful message. + +Signed-off-by: Yunfeng Ye +Reviewed-by: Sudeep Holla +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/psci.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/arch/arm64/kernel/psci.c b/arch/arm64/kernel/psci.c +index f67f35b6edb1..e6ad81556575 100644 +--- a/arch/arm64/kernel/psci.c ++++ b/arch/arm64/kernel/psci.c +@@ -151,7 +151,8 @@ static void cpu_psci_cpu_die(unsigned int cpu) + + static int cpu_psci_cpu_kill(unsigned int cpu) + { +- int err, i; ++ int err; ++ unsigned long start, end; + + if (!psci_ops.affinity_info) + return 0; +@@ -161,16 +162,18 @@ static int cpu_psci_cpu_kill(unsigned int cpu) + * while it is dying. So, try again a few times. + */ + +- for (i = 0; i < 10; i++) { ++ start = jiffies; ++ end = start + msecs_to_jiffies(100); ++ do { + err = psci_ops.affinity_info(cpu_logical_map(cpu), 0); + if (err == PSCI_0_2_AFFINITY_LEVEL_OFF) { +- pr_info("CPU%d killed.\n", cpu); ++ pr_info("CPU%d killed (polled %d ms)\n", cpu, ++ jiffies_to_msecs(jiffies - start)); + return 0; + } + +- msleep(10); +- pr_info("Retrying again to check for CPU kill\n"); +- } ++ usleep_range(100, 1000); ++ } while (time_before(jiffies, end)); + + pr_warn("CPU%d may not have shut down cleanly (AFFINITY_INFO reports %d)\n", + cpu, err); +-- +2.20.1 + diff --git a/queue-4.4/asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch b/queue-4.4/asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch new file mode 100644 index 00000000000..3312837c0c2 --- /dev/null +++ b/queue-4.4/asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch @@ -0,0 +1,43 @@ +From 18c4adb85873ce95fb03e513b2d51159949d9d8a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 17:13:30 -0800 +Subject: ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile + +From: Ben Zhang + +[ Upstream commit eabf424f7b60246c76dcb0ea6f1e83ef9abbeaa6 ] + +The codec dies when RT5677_PWR_ANLG2(MX-64h) is set to 0xACE1 +while it's streaming audio over SPI. The DSP firmware turns +on PLL2 (MX-64 bit 8) when SPI streaming starts. However regmap +does not believe that register can change by itself. When +BST1 (bit 15) is turned on with regmap_update_bits(), it doesn't +read the register first before write, so PLL2 power bit is +cleared by accident. + +Marking MX-64h as volatile in regmap solved the issue. + +Signed-off-by: Ben Zhang +Signed-off-by: Curtis Malainey +Link: https://lore.kernel.org/r/20191106011335.223061-6-cujomalainey@chromium.org +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt5677.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/soc/codecs/rt5677.c b/sound/soc/codecs/rt5677.c +index 69d987a9935c..90f8173123f6 100644 +--- a/sound/soc/codecs/rt5677.c ++++ b/sound/soc/codecs/rt5677.c +@@ -295,6 +295,7 @@ static bool rt5677_volatile_register(struct device *dev, unsigned int reg) + case RT5677_I2C_MASTER_CTRL7: + case RT5677_I2C_MASTER_CTRL8: + case RT5677_HAP_GENE_CTRL2: ++ case RT5677_PWR_ANLG2: /* Modified by DSP firmware */ + case RT5677_PWR_DSP_ST: + case RT5677_PRIV_DATA: + case RT5677_PLL1_CTRL2: +-- +2.20.1 + diff --git a/queue-4.4/ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch b/queue-4.4/ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch new file mode 100644 index 00000000000..821f4731cc2 --- /dev/null +++ b/queue-4.4/ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch @@ -0,0 +1,42 @@ +From 2f59079301df4b7119b464f99c9bcc0c29be4071 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 20:04:37 +0200 +Subject: ath10k: fix get invalid tx rate for Mesh metric + +From: Miaoqing Pan + +[ Upstream commit 05a11003a56507023f18d3249a4d4d119c0a3e9c ] + +ath10k does not provide transmit rate info per MSDU +in tx completion, mark that as -1 so mac80211 +will ignore the rates. This fixes mac80211 update Mesh +link metric with invalid transmit rate info. + +Tested HW: QCA9984 +Tested FW: 10.4-3.9.0.2-00035 + +Signed-off-by: Hou Bao Hou +Signed-off-by: Anilkumar Kolli +Signed-off-by: Miaoqing Pan +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/ath/ath10k/txrx.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/wireless/ath/ath10k/txrx.c b/drivers/net/wireless/ath/ath10k/txrx.c +index 6d1105ab4592..f9d0f8372e3f 100644 +--- a/drivers/net/wireless/ath/ath10k/txrx.c ++++ b/drivers/net/wireless/ath/ath10k/txrx.c +@@ -96,6 +96,8 @@ void ath10k_txrx_tx_unref(struct ath10k_htt *htt, + + info = IEEE80211_SKB_CB(msdu); + memset(&info->status, 0, sizeof(info->status)); ++ info->status.rates[0].idx = -1; ++ + trace_ath10k_txrx_tx_unref(ar, tx_done->msdu_id); + + if (tx_done->discard) { +-- +2.20.1 + diff --git a/queue-4.4/bluetooth-hci_core-fix-init-for-hci_user_channel.patch b/queue-4.4/bluetooth-hci_core-fix-init-for-hci_user_channel.patch new file mode 100644 index 00000000000..bb5ec582fec --- /dev/null +++ b/queue-4.4/bluetooth-hci_core-fix-init-for-hci_user_channel.patch @@ -0,0 +1,52 @@ +From d61157479561c8ca3bd5fad57257cdbf1e8b4c06 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Oct 2019 20:20:39 -0700 +Subject: Bluetooth: hci_core: fix init for HCI_USER_CHANNEL + +From: Mattijs Korpershoek + +[ Upstream commit eb8c101e28496888a0dcfe16ab86a1bee369e820 ] + +During the setup() stage, HCI device drivers expect the chip to +acknowledge its setup() completion via vendor specific frames. + +If userspace opens() such HCI device in HCI_USER_CHANNEL [1] mode, +the vendor specific frames are never tranmitted to the driver, as +they are filtered in hci_rx_work(). + +Allow HCI devices which operate in HCI_USER_CHANNEL mode to receive +frames if the HCI device is is HCI_INIT state. + +[1] https://www.spinics.net/lists/linux-bluetooth/msg37345.html + +Fixes: 23500189d7e0 ("Bluetooth: Introduce new HCI socket channel for user operation") +Signed-off-by: Mattijs Korpershoek +Signed-off-by: Marcel Holtmann +Signed-off-by: Sasha Levin +--- + net/bluetooth/hci_core.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c +index 5d0b1358c754..4bce3ef2c392 100644 +--- a/net/bluetooth/hci_core.c ++++ b/net/bluetooth/hci_core.c +@@ -4459,7 +4459,14 @@ static void hci_rx_work(struct work_struct *work) + hci_send_to_sock(hdev, skb); + } + +- if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) { ++ /* If the device has been opened in HCI_USER_CHANNEL, ++ * the userspace has exclusive access to device. ++ * When device is HCI_INIT, we still need to process ++ * the data packets to the driver in order ++ * to complete its setup(). ++ */ ++ if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && ++ !test_bit(HCI_INIT, &hdev->flags)) { + kfree_skb(skb); + continue; + } +-- +2.20.1 + diff --git a/queue-4.4/bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch b/queue-4.4/bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch new file mode 100644 index 00000000000..b34c48b0a3b --- /dev/null +++ b/queue-4.4/bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch @@ -0,0 +1,54 @@ +From 0334b93342325a731f85828ed923bd9aa37b0e6f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 4 Nov 2019 21:51:11 -0800 +Subject: bnx2x: Fix PF-VF communication over multi-cos queues. + +From: Manish Chopra + +[ Upstream commit dc5a3d79c345871439ffe72550b604fcde9770e1 ] + +PF driver doesn't enable tx-switching for all cos queues/clients, +which causes packets drop from PF to VF. Fix this by enabling +tx-switching on all cos queues/clients. + +Signed-off-by: Manish Chopra +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + .../net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c +index 5780830f78ad..55a7774e8ef5 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c +@@ -2384,15 +2384,21 @@ static int bnx2x_set_pf_tx_switching(struct bnx2x *bp, bool enable) + /* send the ramrod on all the queues of the PF */ + for_each_eth_queue(bp, i) { + struct bnx2x_fastpath *fp = &bp->fp[i]; ++ int tx_idx; + + /* Set the appropriate Queue object */ + q_params.q_obj = &bnx2x_sp_obj(bp, fp).q_obj; + +- /* Update the Queue state */ +- rc = bnx2x_queue_state_change(bp, &q_params); +- if (rc) { +- BNX2X_ERR("Failed to configure Tx switching\n"); +- return rc; ++ for (tx_idx = FIRST_TX_COS_INDEX; ++ tx_idx < fp->max_cos; tx_idx++) { ++ q_params.params.update.cid_index = tx_idx; ++ ++ /* Update the Queue state */ ++ rc = bnx2x_queue_state_change(bp, &q_params); ++ if (rc) { ++ BNX2X_ERR("Failed to configure Tx switching\n"); ++ return rc; ++ } + } + } + +-- +2.20.1 + diff --git a/queue-4.4/btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch b/queue-4.4/btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch new file mode 100644 index 00000000000..f1d2bde4ba2 --- /dev/null +++ b/queue-4.4/btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch @@ -0,0 +1,54 @@ +From 4eed598fd89e8ebfdc9c449b07f93b750c28c63d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Sep 2019 11:30:54 -0700 +Subject: btrfs: don't prematurely free work in end_workqueue_fn() + +From: Omar Sandoval + +[ Upstream commit 9be490f1e15c34193b1aae17da58e14dd9f55a95 ] + +Currently, end_workqueue_fn() frees the end_io_wq entry (which embeds +the work item) and then calls bio_endio(). This is another potential +instance of the bug in "btrfs: don't prematurely free work in +run_ordered_work()". + +In particular, the endio call may depend on other work items. For +example, btrfs_end_dio_bio() can call btrfs_subio_endio_read() -> +__btrfs_correct_data_nocsum() -> dio_read_error() -> +submit_dio_repair_bio(), which submits a bio that is also completed +through a end_workqueue_fn() work item. However, +__btrfs_correct_data_nocsum() waits for the newly submitted bio to +complete, thus it depends on another work item. + +This example currently usually works because we use different workqueue +helper functions for BTRFS_WQ_ENDIO_DATA and BTRFS_WQ_ENDIO_DIO_REPAIR. +However, it may deadlock with stacked filesystems and is fragile +overall. The proper fix is to free the work item at the very end of the +work function, so let's do that. + +Reviewed-by: Johannes Thumshirn +Signed-off-by: Omar Sandoval +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/disk-io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c +index 78722aaffecd..d50fc503f73b 100644 +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -1698,8 +1698,8 @@ static void end_workqueue_fn(struct btrfs_work *work) + bio->bi_error = end_io_wq->error; + bio->bi_private = end_io_wq->private; + bio->bi_end_io = end_io_wq->end_io; +- kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); + bio_endio(bio); ++ kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); + } + + static int cleaner_kthread(void *arg) +-- +2.20.1 + diff --git a/queue-4.4/cpufreq-register-drivers-only-after-cpu-devices-have.patch b/queue-4.4/cpufreq-register-drivers-only-after-cpu-devices-have.patch new file mode 100644 index 00000000000..34bdcbd470c --- /dev/null +++ b/queue-4.4/cpufreq-register-drivers-only-after-cpu-devices-have.patch @@ -0,0 +1,69 @@ +From dfb7102b29ff99b8ec85dae5343392d3b2f6d914 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Nov 2019 09:06:17 +0530 +Subject: cpufreq: Register drivers only after CPU devices have been registered + +From: Viresh Kumar + +[ Upstream commit 46770be0cf94149ca48be87719bda1d951066644 ] + +The cpufreq core heavily depends on the availability of the struct +device for CPUs and if they aren't available at the time cpufreq driver +is registered, we will never succeed in making cpufreq work. + +This happens due to following sequence of events: + +- cpufreq_register_driver() + - subsys_interface_register() + - return 0; //successful registration of driver + +... at a later point of time + +- register_cpu(); + - device_register(); + - bus_probe_device(); + - sif->add_dev(); + - cpufreq_add_dev(); + - get_cpu_device(); //FAILS + - per_cpu(cpu_sys_devices, num) = &cpu->dev; //used by get_cpu_device() + - return 0; //CPU registered successfully + +Because the per-cpu variable cpu_sys_devices is set only after the CPU +device is regsitered, cpufreq will never be able to get it when +cpufreq_add_dev() is called. + +This patch avoids this failure by making sure device structure of at +least CPU0 is available when the cpufreq driver is registered, else +return -EPROBE_DEFER. + +Reported-by: Bjorn Andersson +Co-developed-by: Amit Kucheria +Signed-off-by: Viresh Kumar +Tested-by: Amit Kucheria +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/cpufreq/cpufreq.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 2239d42bdadd..49aa58e617db 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -2426,6 +2426,13 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) + if (cpufreq_disabled()) + return -ENODEV; + ++ /* ++ * The cpufreq core depends heavily on the availability of device ++ * structure, make sure they are available before proceeding further. ++ */ ++ if (!get_cpu_device(0)) ++ return -EPROBE_DEFER; ++ + if (!driver_data || !driver_data->verify || !driver_data->init || + !(driver_data->setpolicy || driver_data->target_index || + driver_data->target) || +-- +2.20.1 + diff --git a/queue-4.4/crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch b/queue-4.4/crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch new file mode 100644 index 00000000000..83b8154286a --- /dev/null +++ b/queue-4.4/crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch @@ -0,0 +1,61 @@ +From fce38d9546c2adde04021e4896cdbd24bf600f1c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Nov 2019 11:49:06 +0100 +Subject: crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c + +From: Corentin Labbe + +[ Upstream commit a7126603d46fe8f01aeedf589e071c6aaa6c6c39 ] + +If you try to compile this driver on a 64-bit platform then you +will get warnings because it mixes size_t with unsigned int which +only works on 32-bit. + +This patch fixes all of the warnings on sun4i-ss-hash.c. +Signed-off-by: Corentin Labbe +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + drivers/crypto/sunxi-ss/sun4i-ss-hash.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c +index ff8031498809..bff3cbd05c0a 100644 +--- a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c ++++ b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c +@@ -245,8 +245,8 @@ int sun4i_hash_update(struct ahash_request *areq) + */ + while (op->len < 64 && i < end) { + /* how many bytes we can read from current SG */ +- in_r = min3(mi.length - in_i, end - i, +- 64 - op->len); ++ in_r = min(end - i, 64 - op->len); ++ in_r = min_t(size_t, mi.length - in_i, in_r); + memcpy(op->buf + op->len, mi.addr + in_i, in_r); + op->len += in_r; + i += in_r; +@@ -266,8 +266,8 @@ int sun4i_hash_update(struct ahash_request *areq) + } + if (mi.length - in_i > 3 && i < end) { + /* how many bytes we can read from current SG */ +- in_r = min3(mi.length - in_i, areq->nbytes - i, +- ((mi.length - in_i) / 4) * 4); ++ in_r = min_t(size_t, mi.length - in_i, areq->nbytes - i); ++ in_r = min_t(size_t, ((mi.length - in_i) / 4) * 4, in_r); + /* how many bytes we can write in the device*/ + todo = min3((u32)(end - i) / 4, rx_cnt, (u32)in_r / 4); + writesl(ss->base + SS_RXFIFO, mi.addr + in_i, todo); +@@ -289,8 +289,8 @@ int sun4i_hash_update(struct ahash_request *areq) + if ((areq->nbytes - i) < 64) { + while (i < areq->nbytes && in_i < mi.length && op->len < 64) { + /* how many bytes we can read from current SG */ +- in_r = min3(mi.length - in_i, areq->nbytes - i, +- 64 - op->len); ++ in_r = min(areq->nbytes - i, 64 - op->len); ++ in_r = min_t(size_t, mi.length - in_i, in_r); + memcpy(op->buf + op->len, mi.addr + in_i, in_r); + op->len += in_r; + i += in_r; +-- +2.20.1 + diff --git a/queue-4.4/crypto-vmx-avoid-weird-build-failures.patch b/queue-4.4/crypto-vmx-avoid-weird-build-failures.patch new file mode 100644 index 00000000000..db7752ee295 --- /dev/null +++ b/queue-4.4/crypto-vmx-avoid-weird-build-failures.patch @@ -0,0 +1,67 @@ +From a830d082c7db2f13dbc562e74a38ae999ed95a58 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Nov 2019 22:27:38 +1100 +Subject: crypto: vmx - Avoid weird build failures + +From: Michael Ellerman + +[ Upstream commit 4ee812f6143d78d8ba1399671d78c8d78bf2817c ] + +In the vmx crypto Makefile we assign to a variable called TARGET and +pass that to the aesp8-ppc.pl and ghashp8-ppc.pl scripts. + +The variable is meant to describe what flavour of powerpc we're +building for, eg. either 32 or 64-bit, and big or little endian. + +Unfortunately TARGET is a fairly common name for a make variable, and +if it happens that TARGET is specified as a command line parameter to +make, the value specified on the command line will override our value. + +In particular this can happen if the kernel Makefile is driven by an +external Makefile that uses TARGET for something. + +This leads to weird build failures, eg: + nonsense at /build/linux/drivers/crypto/vmx/ghashp8-ppc.pl line 45. + /linux/drivers/crypto/vmx/Makefile:20: recipe for target 'drivers/crypto/vmx/ghashp8-ppc.S' failed + +Which shows that we passed an empty value for $(TARGET) to the perl +script, confirmed with make V=1: + + perl /linux/drivers/crypto/vmx/ghashp8-ppc.pl > drivers/crypto/vmx/ghashp8-ppc.S + +We can avoid this confusion by using override, to tell make that we +don't want anything to override our variable, even a value specified +on the command line. We can also use a less common name, given the +script calls it "flavour", let's use that. + +Signed-off-by: Michael Ellerman +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + drivers/crypto/vmx/Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/crypto/vmx/Makefile b/drivers/crypto/vmx/Makefile +index d28ab96a2475..7663494809a0 100644 +--- a/drivers/crypto/vmx/Makefile ++++ b/drivers/crypto/vmx/Makefile +@@ -2,13 +2,13 @@ obj-$(CONFIG_CRYPTO_DEV_VMX_ENCRYPT) += vmx-crypto.o + vmx-crypto-objs := vmx.o aesp8-ppc.o ghashp8-ppc.o aes.o aes_cbc.o aes_ctr.o ghash.o + + ifeq ($(CONFIG_CPU_LITTLE_ENDIAN),y) +-TARGET := linux-ppc64le ++override flavour := linux-ppc64le + else +-TARGET := linux-ppc64 ++override flavour := linux-ppc64 + endif + + quiet_cmd_perl = PERL $@ +- cmd_perl = $(PERL) $(<) $(TARGET) > $(@) ++ cmd_perl = $(PERL) $(<) $(flavour) > $(@) + + $(src)/aesp8-ppc.S: $(src)/aesp8-ppc.pl + $(call cmd,perl) +-- +2.20.1 + diff --git a/queue-4.4/drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch b/queue-4.4/drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch new file mode 100644 index 00000000000..b30e979019e --- /dev/null +++ b/queue-4.4/drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch @@ -0,0 +1,44 @@ +From 71f6058c617734049d91b962e849afbd5b74252a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Oct 2019 23:41:50 -0500 +Subject: drm/gma500: fix memory disclosures due to uninitialized bytes + +From: Kangjie Lu + +[ Upstream commit ec3b7b6eb8c90b52f61adff11b6db7a8db34de19 ] + +"clock" may be copied to "best_clock". Initializing best_clock +is not sufficient. The fix initializes clock as well to avoid +memory disclosures and informaiton leaks. + +Signed-off-by: Kangjie Lu +Signed-off-by: Daniel Vetter +Link: https://patchwork.freedesktop.org/patch/msgid/20191018044150.1899-1-kjlu@umn.edu +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/gma500/oaktrail_crtc.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/gpu/drm/gma500/oaktrail_crtc.c b/drivers/gpu/drm/gma500/oaktrail_crtc.c +index 1048f0c7c6ce..31e0899035f9 100644 +--- a/drivers/gpu/drm/gma500/oaktrail_crtc.c ++++ b/drivers/gpu/drm/gma500/oaktrail_crtc.c +@@ -139,6 +139,7 @@ static bool mrst_sdvo_find_best_pll(const struct gma_limit_t *limit, + s32 freq_error, min_error = 100000; + + memset(best_clock, 0, sizeof(*best_clock)); ++ memset(&clock, 0, sizeof(clock)); + + for (clock.m = limit->m.min; clock.m <= limit->m.max; clock.m++) { + for (clock.n = limit->n.min; clock.n <= limit->n.max; +@@ -195,6 +196,7 @@ static bool mrst_lvds_find_best_pll(const struct gma_limit_t *limit, + int err = target; + + memset(best_clock, 0, sizeof(*best_clock)); ++ memset(&clock, 0, sizeof(clock)); + + for (clock.m = limit->m.min; clock.m <= limit->m.max; clock.m++) { + for (clock.p1 = limit->p1.min; clock.p1 <= limit->p1.max; +-- +2.20.1 + diff --git a/queue-4.4/drm-mst-fix-query_payload-ack-reply-struct.patch b/queue-4.4/drm-mst-fix-query_payload-ack-reply-struct.patch new file mode 100644 index 00000000000..1ea90f9f8a6 --- /dev/null +++ b/queue-4.4/drm-mst-fix-query_payload-ack-reply-struct.patch @@ -0,0 +1,47 @@ +From 8d201bc8357c8592012c3c7fb56dedfde796a5ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Aug 2019 12:52:19 -0400 +Subject: drm: mst: Fix query_payload ack reply struct + +From: Sean Paul + +[ Upstream commit 268de6530aa18fe5773062367fd119f0045f6e88 ] + +Spec says[1] Allocated_PBN is 16 bits + +[1]- DisplayPort 1.2 Spec, Section 2.11.9.8, Table 2-98 + +Fixes: ad7f8a1f9ced ("drm/helper: add Displayport multi-stream helper (v0.6)") +Cc: Lyude Paul +Cc: Todd Previte +Cc: Dave Airlie +Cc: Maarten Lankhorst +Cc: Maxime Ripard +Cc: Sean Paul +Cc: David Airlie +Cc: Daniel Vetter +Cc: dri-devel@lists.freedesktop.org +Reviewed-by: Lyude Paul +Signed-off-by: Sean Paul +Link: https://patchwork.freedesktop.org/patch/msgid/20190829165223.129662-1-sean@poorly.run +Signed-off-by: Sasha Levin +--- + include/drm/drm_dp_mst_helper.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/drm/drm_dp_mst_helper.h b/include/drm/drm_dp_mst_helper.h +index f356f9716474..674472ac067a 100644 +--- a/include/drm/drm_dp_mst_helper.h ++++ b/include/drm/drm_dp_mst_helper.h +@@ -303,7 +303,7 @@ struct drm_dp_resource_status_notify { + + struct drm_dp_query_payload_ack_reply { + u8 port_number; +- u8 allocated_pbn; ++ u16 allocated_pbn; + }; + + struct drm_dp_sideband_msg_req_body { +-- +2.20.1 + diff --git a/queue-4.4/edac-ghes-fix-grain-calculation.patch b/queue-4.4/edac-ghes-fix-grain-calculation.patch new file mode 100644 index 00000000000..8b079bca254 --- /dev/null +++ b/queue-4.4/edac-ghes-fix-grain-calculation.patch @@ -0,0 +1,95 @@ +From 12b80112a2f8d8708b1913e33884f0d5f73fb436 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 09:33:23 +0000 +Subject: EDAC/ghes: Fix grain calculation + +From: Robert Richter + +[ Upstream commit 7088e29e0423d3195e09079b4f849ec4837e5a75 ] + +The current code to convert a physical address mask to a grain +(defined as granularity in bytes) is: + + e->grain = ~(mem_err->physical_addr_mask & ~PAGE_MASK); + +This is broken in several ways: + +1) It calculates to wrong grain values. E.g., a physical address mask +of ~0xfff should give a grain of 0x1000. Without considering +PAGE_MASK, there is an off-by-one. Things are worse when also +filtering it with ~PAGE_MASK. This will calculate to a grain with the +upper bits set. In the example it even calculates to ~0. + +2) The grain does not depend on and is unrelated to the kernel's +page-size. The page-size only matters when unmapping memory in +memory_failure(). Smaller grains are wrongly rounded up to the +page-size, on architectures with a configurable page-size (e.g. arm64) +this could round up to the even bigger page-size of the hypervisor. + +Fix this with: + + e->grain = ~mem_err->physical_addr_mask + 1; + +The grain_bits are defined as: + + grain = 1 << grain_bits; + +Change also the grain_bits calculation accordingly, it is the same +formula as in edac_mc.c now and the code can be unified. + +The value in ->physical_addr_mask coming from firmware is assumed to +be contiguous, but this is not sanity-checked. However, in case the +mask is non-contiguous, a conversion to grain_bits effectively +converts the grain bit mask to a power of 2 by rounding it up. + +Suggested-by: James Morse +Signed-off-by: Robert Richter +Signed-off-by: Borislav Petkov +Reviewed-by: Mauro Carvalho Chehab +Cc: "linux-edac@vger.kernel.org" +Cc: Tony Luck +Link: https://lkml.kernel.org/r/20191106093239.25517-11-rrichter@marvell.com +Signed-off-by: Sasha Levin +--- + drivers/edac/ghes_edac.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/drivers/edac/ghes_edac.c b/drivers/edac/ghes_edac.c +index e3fa4390f846..4ddbf6604e2a 100644 +--- a/drivers/edac/ghes_edac.c ++++ b/drivers/edac/ghes_edac.c +@@ -189,6 +189,7 @@ void ghes_edac_report_mem_error(struct ghes *ghes, int sev, + /* Cleans the error report buffer */ + memset(e, 0, sizeof (*e)); + e->error_count = 1; ++ e->grain = 1; + strcpy(e->label, "unknown label"); + e->msg = pvt->msg; + e->other_detail = pvt->other_detail; +@@ -284,7 +285,7 @@ void ghes_edac_report_mem_error(struct ghes *ghes, int sev, + + /* Error grain */ + if (mem_err->validation_bits & CPER_MEM_VALID_PA_MASK) +- e->grain = ~(mem_err->physical_addr_mask & ~PAGE_MASK); ++ e->grain = ~mem_err->physical_addr_mask + 1; + + /* Memory error location, mapped on e->location */ + p = e->location; +@@ -391,8 +392,13 @@ void ghes_edac_report_mem_error(struct ghes *ghes, int sev, + if (p > pvt->other_detail) + *(p - 1) = '\0'; + ++ /* Sanity-check driver-supplied grain value. */ ++ if (WARN_ON_ONCE(!e->grain)) ++ e->grain = 1; ++ ++ grain_bits = fls_long(e->grain - 1); ++ + /* Generate the trace event */ +- grain_bits = fls_long(e->grain); + snprintf(pvt->detail_location, sizeof(pvt->detail_location), + "APEI location: %s %s", e->location, e->other_detail); + trace_mc_event(type, e->msg, e->label, e->error_count, +-- +2.20.1 + diff --git a/queue-4.4/extcon-sm5502-reset-registers-during-initialization.patch b/queue-4.4/extcon-sm5502-reset-registers-during-initialization.patch new file mode 100644 index 00000000000..b57c6c97cbb --- /dev/null +++ b/queue-4.4/extcon-sm5502-reset-registers-during-initialization.patch @@ -0,0 +1,63 @@ +From dd69ef02e836c17fb7e0031d2fa2af0c9291633b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 10 Oct 2019 17:47:20 +0200 +Subject: extcon: sm5502: Reset registers during initialization + +From: Stephan Gerhold + +[ Upstream commit 6942635032cfd3e003e980d2dfa4e6323a3ce145 ] + +On some devices (e.g. Samsung Galaxy A5 (2015)), the bootloader +seems to keep interrupts enabled for SM5502 when booting Linux. +Changing the cable state (i.e. plugging in a cable) - until the driver +is loaded - will therefore produce an interrupt that is never read. + +In this situation, the cable state will be stuck forever on the +initial state because SM5502 stops sending interrupts. +This can be avoided by clearing those pending interrupts after +the driver has been loaded. + +One way to do this is to reset all registers to default state +by writing to SM5502_REG_RESET. This ensures that we start from +a clean state, with all interrupts disabled. + +Suggested-by: Chanwoo Choi +Signed-off-by: Stephan Gerhold +Signed-off-by: Chanwoo Choi +Signed-off-by: Sasha Levin +--- + drivers/extcon/extcon-sm5502.c | 4 ++++ + drivers/extcon/extcon-sm5502.h | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/drivers/extcon/extcon-sm5502.c b/drivers/extcon/extcon-sm5502.c +index 7aac3cc7efd7..f63f9961ac12 100644 +--- a/drivers/extcon/extcon-sm5502.c ++++ b/drivers/extcon/extcon-sm5502.c +@@ -69,6 +69,10 @@ struct sm5502_muic_info { + /* Default value of SM5502 register to bring up MUIC device. */ + static struct reg_data sm5502_reg_data[] = { + { ++ .reg = SM5502_REG_RESET, ++ .val = SM5502_REG_RESET_MASK, ++ .invert = true, ++ }, { + .reg = SM5502_REG_CONTROL, + .val = SM5502_REG_CONTROL_MASK_INT_MASK, + .invert = false, +diff --git a/drivers/extcon/extcon-sm5502.h b/drivers/extcon/extcon-sm5502.h +index 974b53222f56..12f8b01e5753 100644 +--- a/drivers/extcon/extcon-sm5502.h ++++ b/drivers/extcon/extcon-sm5502.h +@@ -241,6 +241,8 @@ enum sm5502_reg { + #define DM_DP_SWITCH_UART ((DM_DP_CON_SWITCH_UART < +Date: Wed, 20 Nov 2019 11:57:12 +0200 +Subject: fbtft: Make sure string is NULL terminated +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Andy Shevchenko + +[ Upstream commit 21f585480deb4bcf0d92b08879c35d066dfee030 ] + +New GCC warns about inappropriate use of strncpy(): + +drivers/staging/fbtft/fbtft-core.c: In function ‘fbtft_framebuffer_alloc’: +drivers/staging/fbtft/fbtft-core.c:665:2: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation] + 665 | strncpy(info->fix.id, dev->driver->name, 16); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Later on the copy is being used with the assumption to be NULL terminated. +Make sure string is NULL terminated by switching to snprintf(). + +Signed-off-by: Andy Shevchenko +Link: https://lore.kernel.org/r/20191120095716.26628-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/fbtft/fbtft-core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c +index 15937e0ef4d9..36bf71989637 100644 +--- a/drivers/staging/fbtft/fbtft-core.c ++++ b/drivers/staging/fbtft/fbtft-core.c +@@ -765,7 +765,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, + fbdefio->deferred_io = fbtft_deferred_io; + fb_deferred_io_init(info); + +- strncpy(info->fix.id, dev->driver->name, 16); ++ snprintf(info->fix.id, sizeof(info->fix.id), "%s", dev->driver->name); + info->fix.type = FB_TYPE_PACKED_PIXELS; + info->fix.visual = FB_VISUAL_TRUECOLOR; + info->fix.xpanstep = 0; +-- +2.20.1 + diff --git a/queue-4.4/hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch b/queue-4.4/hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch new file mode 100644 index 00000000000..1ccd593d3c0 --- /dev/null +++ b/queue-4.4/hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch @@ -0,0 +1,50 @@ +From b633c3d43f1eec1b97be7cdea903713794ec3ea9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 14 Sep 2019 14:02:56 -0700 +Subject: hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not + idled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Tony Lindgren + +[ Upstream commit eaecce12f5f0d2c35d278e41e1bc4522393861ab ] + +When unloading omap3-rom-rng, we'll get the following: + +WARNING: CPU: 0 PID: 100 at drivers/clk/clk.c:948 clk_core_disable + +This is because the clock may be already disabled by omap3_rom_rng_idle(). +Let's fix the issue by checking for rng_idle on exit. + +Cc: Aaro Koskinen +Cc: Adam Ford +Cc: Pali Rohár +Cc: Sebastian Reichel +Cc: Tero Kristo +Fixes: 1c6b7c2108bd ("hwrng: OMAP3 ROM Random Number Generator support") +Signed-off-by: Tony Lindgren +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + drivers/char/hw_random/omap3-rom-rng.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/char/hw_random/omap3-rom-rng.c b/drivers/char/hw_random/omap3-rom-rng.c +index a405cdcd8dd2..4813f9406a8f 100644 +--- a/drivers/char/hw_random/omap3-rom-rng.c ++++ b/drivers/char/hw_random/omap3-rom-rng.c +@@ -119,7 +119,8 @@ static int omap3_rom_rng_probe(struct platform_device *pdev) + static int omap3_rom_rng_remove(struct platform_device *pdev) + { + hwrng_unregister(&omap3_rom_rng_ops); +- clk_disable_unprepare(rng_clk); ++ if (!rng_idle) ++ clk_disable_unprepare(rng_clk); + return 0; + } + +-- +2.20.1 + diff --git a/queue-4.4/ib-iser-bound-protection_sg-size-by-data_sg-size.patch b/queue-4.4/ib-iser-bound-protection_sg-size-by-data_sg-size.patch new file mode 100644 index 00000000000..61fdd383a00 --- /dev/null +++ b/queue-4.4/ib-iser-bound-protection_sg-size-by-data_sg-size.patch @@ -0,0 +1,40 @@ +From fc1fd8f929458fd983673c77e90da7218986725b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 00:03:47 +0300 +Subject: IB/iser: bound protection_sg size by data_sg size + +From: Max Gurtovoy + +[ Upstream commit 7718cf03c3ce4b6ebd90107643ccd01c952a1fce ] + +In case we don't set the sg_prot_tablesize, the scsi layer assign the +default size (65535 entries). We should limit this size since we should +take into consideration the underlaying device capability. This cap is +considered when calculating the sg_tablesize. Otherwise, for example, +we can get that /sys/block/sdb/queue/max_segments is 128 and +/sys/block/sdb/queue/max_integrity_segments is 65535. + +Link: https://lore.kernel.org/r/1569359027-10987-1-git-send-email-maxg@mellanox.com +Signed-off-by: Max Gurtovoy +Reviewed-by: Sagi Grimberg +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/ulp/iser/iscsi_iser.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/infiniband/ulp/iser/iscsi_iser.c b/drivers/infiniband/ulp/iser/iscsi_iser.c +index 9080161e01af..edb064f9f0f1 100644 +--- a/drivers/infiniband/ulp/iser/iscsi_iser.c ++++ b/drivers/infiniband/ulp/iser/iscsi_iser.c +@@ -646,6 +646,7 @@ iscsi_iser_session_create(struct iscsi_endpoint *ep, + if (ib_conn->pi_support) { + u32 sig_caps = ib_conn->device->dev_attr.sig_prot_cap; + ++ shost->sg_prot_tablesize = shost->sg_tablesize; + scsi_host_set_prot(shost, iser_dif_prot_caps(sig_caps)); + scsi_host_set_guard(shost, SHOST_DIX_GUARD_IP | + SHOST_DIX_GUARD_CRC); +-- +2.20.1 + diff --git a/queue-4.4/iio-adc-max1027-reset-the-device-at-probe-time.patch b/queue-4.4/iio-adc-max1027-reset-the-device-at-probe-time.patch new file mode 100644 index 00000000000..8293cfb55c7 --- /dev/null +++ b/queue-4.4/iio-adc-max1027-reset-the-device-at-probe-time.patch @@ -0,0 +1,42 @@ +From 5548dcd2fd7a9f221db26e635241370796f3f3da Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Oct 2019 16:43:42 +0200 +Subject: iio: adc: max1027: Reset the device at probe time + +From: Miquel Raynal + +[ Upstream commit db033831b4f5589f9fcbadb837614a7c4eac0308 ] + +All the registers are configured by the driver, let's reset the chip +at probe time, avoiding any conflict with a possible earlier +configuration. + +Signed-off-by: Miquel Raynal +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/adc/max1027.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/iio/adc/max1027.c b/drivers/iio/adc/max1027.c +index 41d495c6035e..7d5e4114e7a8 100644 +--- a/drivers/iio/adc/max1027.c ++++ b/drivers/iio/adc/max1027.c +@@ -470,6 +470,14 @@ static int max1027_probe(struct spi_device *spi) + goto fail_dev_register; + } + ++ /* Internal reset */ ++ st->reg = MAX1027_RST_REG; ++ ret = spi_write(st->spi, &st->reg, 1); ++ if (ret < 0) { ++ dev_err(&indio_dev->dev, "Failed to reset the ADC\n"); ++ return ret; ++ } ++ + /* Disable averaging */ + st->reg = MAX1027_AVG_REG; + ret = spi_write(st->spi, &st->reg, 1); +-- +2.20.1 + diff --git a/queue-4.4/iio-light-bh1750-resolve-compiler-warning-and-make-c.patch b/queue-4.4/iio-light-bh1750-resolve-compiler-warning-and-make-c.patch new file mode 100644 index 00000000000..82039b516b1 --- /dev/null +++ b/queue-4.4/iio-light-bh1750-resolve-compiler-warning-and-make-c.patch @@ -0,0 +1,55 @@ +From c98cb1e1f4893e0defe3e1359d9e4d83440553d6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 Sep 2019 22:24:13 +0200 +Subject: iio: light: bh1750: Resolve compiler warning and make code more + readable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Krzysztof Wilczynski + +[ Upstream commit f552fde983d378e7339f9ea74a25f918563bf0d3 ] + +Separate the declaration of struct bh1750_chip_info from definition +of bh1750_chip_info_tbl[] in a single statement as it makes the code +hard to read, and with the extra newline it makes it look as if the +bh1750_chip_info_tbl[] had no explicit type. + +This change also resolves the following compiler warning about the +unusual position of the static keyword that can be seen when building +with warnings enabled (W=1): + +drivers/iio/light/bh1750.c:64:1: warning: + ‘static’ is not at beginning of declaration [-Wold-style-declaration] + +Related to commit 3a11fbb037a1 ("iio: light: add support for ROHM +BH1710/BH1715/BH1721/BH1750/BH1751 ambient light sensors"). + +Signed-off-by: Krzysztof Wilczynski +Acked-by: Uwe Kleine-König +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/light/bh1750.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/light/bh1750.c b/drivers/iio/light/bh1750.c +index 8b4164343f20..0cf7032ccdc9 100644 +--- a/drivers/iio/light/bh1750.c ++++ b/drivers/iio/light/bh1750.c +@@ -62,9 +62,9 @@ struct bh1750_chip_info { + + u16 int_time_low_mask; + u16 int_time_high_mask; +-} ++}; + +-static const bh1750_chip_info_tbl[] = { ++static const struct bh1750_chip_info bh1750_chip_info_tbl[] = { + [BH1710] = { 140, 1022, 300, 400, 250000000, 2, 0x001F, 0x03E0 }, + [BH1721] = { 140, 1020, 300, 400, 250000000, 2, 0x0010, 0x03E0 }, + [BH1750] = { 31, 254, 69, 1740, 57500000, 1, 0x001F, 0x00E0 }, +-- +2.20.1 + diff --git a/queue-4.4/iwlwifi-check-kasprintf-return-value.patch b/queue-4.4/iwlwifi-check-kasprintf-return-value.patch new file mode 100644 index 00000000000..ab2f215200b --- /dev/null +++ b/queue-4.4/iwlwifi-check-kasprintf-return-value.patch @@ -0,0 +1,52 @@ +From 9933580d9ad5ad5cc6e79d90da7684f631597c13 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 14:50:32 +0100 +Subject: iwlwifi: check kasprintf() return value + +From: Johannes Berg + +[ Upstream commit 5974fbb5e10b018fdbe3c3b81cb4cc54e1105ab9 ] + +kasprintf() can fail, we should check the return value. + +Fixes: 5ed540aecc2a ("iwlwifi: use mac80211 throughput trigger") +Fixes: 8ca151b568b6 ("iwlwifi: add the MVM driver") +Signed-off-by: Johannes Berg +Signed-off-by: Luca Coelho +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/iwlwifi/dvm/led.c | 3 +++ + drivers/net/wireless/iwlwifi/mvm/led.c | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/drivers/net/wireless/iwlwifi/dvm/led.c b/drivers/net/wireless/iwlwifi/dvm/led.c +index ca4d6692cc4e..47e5fa70483d 100644 +--- a/drivers/net/wireless/iwlwifi/dvm/led.c ++++ b/drivers/net/wireless/iwlwifi/dvm/led.c +@@ -184,6 +184,9 @@ void iwl_leds_init(struct iwl_priv *priv) + + priv->led.name = kasprintf(GFP_KERNEL, "%s-led", + wiphy_name(priv->hw->wiphy)); ++ if (!priv->led.name) ++ return; ++ + priv->led.brightness_set = iwl_led_brightness_set; + priv->led.blink_set = iwl_led_blink_set; + priv->led.max_brightness = 1; +diff --git a/drivers/net/wireless/iwlwifi/mvm/led.c b/drivers/net/wireless/iwlwifi/mvm/led.c +index e3b3cf4dbd77..948be43e4d26 100644 +--- a/drivers/net/wireless/iwlwifi/mvm/led.c ++++ b/drivers/net/wireless/iwlwifi/mvm/led.c +@@ -109,6 +109,9 @@ int iwl_mvm_leds_init(struct iwl_mvm *mvm) + + mvm->led.name = kasprintf(GFP_KERNEL, "%s-led", + wiphy_name(mvm->hw->wiphy)); ++ if (!mvm->led.name) ++ return -ENOMEM; ++ + mvm->led.brightness_set = iwl_led_brightness_set; + mvm->led.max_brightness = 1; + +-- +2.20.1 + diff --git a/queue-4.4/libata-ensure-ata_port-probe-has-completed-before-de.patch b/queue-4.4/libata-ensure-ata_port-probe-has-completed-before-de.patch new file mode 100644 index 00000000000..b24645eb469 --- /dev/null +++ b/queue-4.4/libata-ensure-ata_port-probe-has-completed-before-de.patch @@ -0,0 +1,95 @@ +From dc9bb6c9b1ff00bb5114c236b010c2713975e7e0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Oct 2019 18:19:52 +0800 +Subject: libata: Ensure ata_port probe has completed before detach + +From: John Garry + +[ Upstream commit 130f4caf145c3562108b245a576db30b916199d2 ] + +With CONFIG_DEBUG_TEST_DRIVER_REMOVE set, we may find the following WARN: + +[ 23.452574] ------------[ cut here ]------------ +[ 23.457190] WARNING: CPU: 59 PID: 1 at drivers/ata/libata-core.c:6676 ata_host_detach+0x15c/0x168 +[ 23.466047] Modules linked in: +[ 23.469092] CPU: 59 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc1-00010-g5b83fd27752b-dirty #296 +[ 23.477776] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019 +[ 23.486286] pstate: a0c00009 (NzCv daif +PAN +UAO) +[ 23.491065] pc : ata_host_detach+0x15c/0x168 +[ 23.495322] lr : ata_host_detach+0x88/0x168 +[ 23.499491] sp : ffff800011cabb50 +[ 23.502792] x29: ffff800011cabb50 x28: 0000000000000007 +[ 23.508091] x27: ffff80001137f068 x26: ffff8000112c0c28 +[ 23.513390] x25: 0000000000003848 x24: ffff0023ea185300 +[ 23.518689] x23: 0000000000000001 x22: 00000000000014c0 +[ 23.523987] x21: 0000000000013740 x20: ffff0023bdc20000 +[ 23.529286] x19: 0000000000000000 x18: 0000000000000004 +[ 23.534584] x17: 0000000000000001 x16: 00000000000000f0 +[ 23.539883] x15: ffff0023eac13790 x14: ffff0023eb76c408 +[ 23.545181] x13: 0000000000000000 x12: ffff0023eac13790 +[ 23.550480] x11: ffff0023eb76c228 x10: 0000000000000000 +[ 23.555779] x9 : ffff0023eac13798 x8 : 0000000040000000 +[ 23.561077] x7 : 0000000000000002 x6 : 0000000000000001 +[ 23.566376] x5 : 0000000000000002 x4 : 0000000000000000 +[ 23.571674] x3 : ffff0023bf08a0bc x2 : 0000000000000000 +[ 23.576972] x1 : 3099674201f72700 x0 : 0000000000400284 +[ 23.582272] Call trace: +[ 23.584706] ata_host_detach+0x15c/0x168 +[ 23.588616] ata_pci_remove_one+0x10/0x18 +[ 23.592615] ahci_remove_one+0x20/0x40 +[ 23.596356] pci_device_remove+0x3c/0xe0 +[ 23.600267] really_probe+0xdc/0x3e0 +[ 23.603830] driver_probe_device+0x58/0x100 +[ 23.608000] device_driver_attach+0x6c/0x90 +[ 23.612169] __driver_attach+0x84/0xc8 +[ 23.615908] bus_for_each_dev+0x74/0xc8 +[ 23.619730] driver_attach+0x20/0x28 +[ 23.623292] bus_add_driver+0x148/0x1f0 +[ 23.627115] driver_register+0x60/0x110 +[ 23.630938] __pci_register_driver+0x40/0x48 +[ 23.635199] ahci_pci_driver_init+0x20/0x28 +[ 23.639372] do_one_initcall+0x5c/0x1b0 +[ 23.643199] kernel_init_freeable+0x1a4/0x24c +[ 23.647546] kernel_init+0x10/0x108 +[ 23.651023] ret_from_fork+0x10/0x18 +[ 23.654590] ---[ end trace 634a14b675b71c13 ]--- + +With KASAN also enabled, we may also get many use-after-free reports. + +The issue is that when CONFIG_DEBUG_TEST_DRIVER_REMOVE is set, we may +attempt to detach the ata_port before it has been probed. + +This is because the ata_ports are async probed, meaning that there is no +guarantee that the ata_port has probed prior to detach. When the ata_port +does probe in this scenario, we get all sorts of issues as the detach may +have already happened. + +Fix by ensuring synchronisation with async_synchronize_full(). We could +alternatively use the cookie returned from the ata_port probe +async_schedule() call, but that means managing the cookie, so more +complicated. + +Signed-off-by: John Garry +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + drivers/ata/libata-core.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index a352f09baef6..fc4bf8ff40ea 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -6355,6 +6355,9 @@ void ata_host_detach(struct ata_host *host) + { + int i; + ++ /* Ensure ata_port probe has completed */ ++ async_synchronize_full(); ++ + for (i = 0; i < host->n_ports; i++) + ata_port_detach(host->ports[i]); + +-- +2.20.1 + diff --git a/queue-4.4/libtraceevent-fix-memory-leakage-in-copy_filter_type.patch b/queue-4.4/libtraceevent-fix-memory-leakage-in-copy_filter_type.patch new file mode 100644 index 00000000000..8c5fdb3e030 --- /dev/null +++ b/queue-4.4/libtraceevent-fix-memory-leakage-in-copy_filter_type.patch @@ -0,0 +1,55 @@ +From babe113e94abc4133336e83edb905bc6867d7e87 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Nov 2019 20:44:15 -0500 +Subject: libtraceevent: Fix memory leakage in copy_filter_type + +From: Hewenliang + +[ Upstream commit 10992af6bf46a2048ad964985a5b77464e5563b1 ] + +It is necessary to free the memory that we have allocated when error occurs. + +Fixes: ef3072cd1d5c ("tools lib traceevent: Get rid of die in add_filter_type()") +Signed-off-by: Hewenliang +Reviewed-by: Steven Rostedt (VMware) +Cc: Tzvetomir Stoyanov +Link: http://lore.kernel.org/lkml/20191119014415.57210-1-hewenliang4@huawei.com +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/lib/traceevent/parse-filter.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/tools/lib/traceevent/parse-filter.c b/tools/lib/traceevent/parse-filter.c +index 64309d73921b..c2b72e6d002d 100644 +--- a/tools/lib/traceevent/parse-filter.c ++++ b/tools/lib/traceevent/parse-filter.c +@@ -1484,8 +1484,10 @@ static int copy_filter_type(struct event_filter *filter, + if (strcmp(str, "TRUE") == 0 || strcmp(str, "FALSE") == 0) { + /* Add trivial event */ + arg = allocate_arg(); +- if (arg == NULL) ++ if (arg == NULL) { ++ free(str); + return -1; ++ } + + arg->type = FILTER_ARG_BOOLEAN; + if (strcmp(str, "TRUE") == 0) +@@ -1494,8 +1496,11 @@ static int copy_filter_type(struct event_filter *filter, + arg->boolean.value = 0; + + filter_type = add_filter_type(filter, event->id); +- if (filter_type == NULL) ++ if (filter_type == NULL) { ++ free(str); ++ free_arg(arg); + return -1; ++ } + + filter_type->filter = arg; + +-- +2.20.1 + diff --git a/queue-4.4/media-am437x-vpfe-setting-std-to-current-value-is-no.patch b/queue-4.4/media-am437x-vpfe-setting-std-to-current-value-is-no.patch new file mode 100644 index 00000000000..a6eac394acd --- /dev/null +++ b/queue-4.4/media-am437x-vpfe-setting-std-to-current-value-is-no.patch @@ -0,0 +1,40 @@ +From 7195bdd530fc6f32f78993078b49473647e4900b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 20 Sep 2019 14:05:48 -0300 +Subject: media: am437x-vpfe: Setting STD to current value is not an error + +From: Benoit Parrot + +[ Upstream commit 13aa21cfe92ce9ebb51824029d89f19c33f81419 ] + +VIDIOC_S_STD should not return an error if the value is identical +to the current one. +This error was highlighted by the v4l2-compliance test. + +Signed-off-by: Benoit Parrot +Acked-by: Lad Prabhakar +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/am437x/am437x-vpfe.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/media/platform/am437x/am437x-vpfe.c b/drivers/media/platform/am437x/am437x-vpfe.c +index 572bc043b62d..36add3c463f7 100644 +--- a/drivers/media/platform/am437x/am437x-vpfe.c ++++ b/drivers/media/platform/am437x/am437x-vpfe.c +@@ -1847,6 +1847,10 @@ static int vpfe_s_std(struct file *file, void *priv, v4l2_std_id std_id) + if (!(sdinfo->inputs[0].capabilities & V4L2_IN_CAP_STD)) + return -ENODATA; + ++ /* if trying to set the same std then nothing to do */ ++ if (vpfe_standards[vpfe->std_index].std_id == std_id) ++ return 0; ++ + /* If streaming is started, return error */ + if (vb2_is_busy(&vpfe->buffer_queue)) { + vpfe_err(vpfe, "%s device busy\n", __func__); +-- +2.20.1 + diff --git a/queue-4.4/media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch b/queue-4.4/media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch new file mode 100644 index 00000000000..1715c2aed54 --- /dev/null +++ b/queue-4.4/media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch @@ -0,0 +1,46 @@ +From ad51f096d430594ddc70e1c2f4da4f190e6d1f99 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Sep 2019 06:49:04 -0300 +Subject: media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() + +From: Yang Yingliang + +[ Upstream commit 649cd16c438f51d4cd777e71ca1f47f6e0c5e65d ] + +If usb_set_interface() failed, iface->cur_altsetting will +not be assigned and it will be used in flexcop_usb_transfer_init() +It may lead a NULL pointer dereference. + +Check usb_set_interface() return value in flexcop_usb_init() +and return failed to avoid using this NULL pointer. + +Signed-off-by: Yang Yingliang +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/usb/b2c2/flexcop-usb.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c +index 83d3a5cf272f..932fa31e0624 100644 +--- a/drivers/media/usb/b2c2/flexcop-usb.c ++++ b/drivers/media/usb/b2c2/flexcop-usb.c +@@ -474,7 +474,13 @@ urb_error: + static int flexcop_usb_init(struct flexcop_usb *fc_usb) + { + /* use the alternate setting with the larges buffer */ +- usb_set_interface(fc_usb->udev,0,1); ++ int ret = usb_set_interface(fc_usb->udev, 0, 1); ++ ++ if (ret) { ++ err("set interface failed."); ++ return ret; ++ } ++ + switch (fc_usb->udev->speed) { + case USB_SPEED_LOW: + err("cannot handle USB speed because it is too slow."); +-- +2.20.1 + diff --git a/queue-4.4/media-i2c-ov2659-fix-missing-720p-register-config.patch b/queue-4.4/media-i2c-ov2659-fix-missing-720p-register-config.patch new file mode 100644 index 00000000000..56d36e72f68 --- /dev/null +++ b/queue-4.4/media-i2c-ov2659-fix-missing-720p-register-config.patch @@ -0,0 +1,48 @@ +From e1091c9cc5893c3480efdec32c9778d6d008a3fe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 10:06:43 -0300 +Subject: media: i2c: ov2659: Fix missing 720p register config + +From: Benoit Parrot + +[ Upstream commit 9d669fbfca20e6035ead814e55d9ef1a6b500540 ] + +The initial registers sequence is only loaded at probe +time. Afterward only the resolution and format specific +register are modified. Care must be taken to make sure +registers modified by one resolution setting are reverted +back when another resolution is programmed. + +This was not done properly for the 720p case. + +Signed-off-by: Benoit Parrot +Acked-by: Lad, Prabhakar +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/i2c/ov2659.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/media/i2c/ov2659.c b/drivers/media/i2c/ov2659.c +index 4f43e8c43950..6eefb8bbb5b5 100644 +--- a/drivers/media/i2c/ov2659.c ++++ b/drivers/media/i2c/ov2659.c +@@ -419,10 +419,14 @@ static struct sensor_register ov2659_720p[] = { + { REG_TIMING_YINC, 0x11 }, + { REG_TIMING_VERT_FORMAT, 0x80 }, + { REG_TIMING_HORIZ_FORMAT, 0x00 }, ++ { 0x370a, 0x12 }, + { 0x3a03, 0xe8 }, + { 0x3a09, 0x6f }, + { 0x3a0b, 0x5d }, + { 0x3a15, 0x9a }, ++ { REG_VFIFO_READ_START_H, 0x00 }, ++ { REG_VFIFO_READ_START_L, 0x80 }, ++ { REG_ISP_CTRL02, 0x00 }, + { REG_NULL, 0x00 }, + }; + +-- +2.20.1 + diff --git a/queue-4.4/media-i2c-ov2659-fix-s_stream-return-value.patch b/queue-4.4/media-i2c-ov2659-fix-s_stream-return-value.patch new file mode 100644 index 00000000000..a49e1b387fa --- /dev/null +++ b/queue-4.4/media-i2c-ov2659-fix-s_stream-return-value.patch @@ -0,0 +1,49 @@ +From 447951441f383f57da79214f99a47a0790f8cc87 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 10:06:40 -0300 +Subject: media: i2c: ov2659: fix s_stream return value + +From: Benoit Parrot + +[ Upstream commit 85c4043f1d403c222d481dfc91846227d66663fb ] + +In ov2659_s_stream() return value for invoked function should be checked +and propagated. + +Signed-off-by: Benoit Parrot +Acked-by: Lad, Prabhakar +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/i2c/ov2659.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/drivers/media/i2c/ov2659.c b/drivers/media/i2c/ov2659.c +index fadec1d70582..4f43e8c43950 100644 +--- a/drivers/media/i2c/ov2659.c ++++ b/drivers/media/i2c/ov2659.c +@@ -1204,11 +1204,15 @@ static int ov2659_s_stream(struct v4l2_subdev *sd, int on) + goto unlock; + } + +- ov2659_set_pixel_clock(ov2659); +- ov2659_set_frame_size(ov2659); +- ov2659_set_format(ov2659); +- ov2659_set_streaming(ov2659, 1); +- ov2659->streaming = on; ++ ret = ov2659_set_pixel_clock(ov2659); ++ if (!ret) ++ ret = ov2659_set_frame_size(ov2659); ++ if (!ret) ++ ret = ov2659_set_format(ov2659); ++ if (!ret) { ++ ov2659_set_streaming(ov2659, 1); ++ ov2659->streaming = on; ++ } + + unlock: + mutex_unlock(&ov2659->lock); +-- +2.20.1 + diff --git a/queue-4.4/media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch b/queue-4.4/media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch new file mode 100644 index 00000000000..68792352a8a --- /dev/null +++ b/queue-4.4/media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch @@ -0,0 +1,71 @@ +From 127679fd98afe071c55998a0e04d21ecdc5d0736 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 3 Sep 2019 17:11:43 -0300 +Subject: media: ov6650: Fix stored frame format not in sync with hardware + +From: Janusz Krzysztofik + +[ Upstream commit 3143b459de4cdcce67b36827476c966e93c1cf01 ] + +The driver stores frame format settings supposed to be in line with +hardware state in a device private structure. Since the driver initial +submission, those settings are updated before they are actually applied +on hardware. If an error occurs on device update, the stored settings +my not reflect hardware state anymore and consecutive calls to +.get_fmt() may return incorrect information. That in turn may affect +ability of a bridge device to use correct DMA transfer settings if such +incorrect informmation on active frame format returned by .get_fmt() is +used. + +Assuming a failed device update means its state hasn't changed, update +frame format related settings stored in the device private structure +only after they are successfully applied so the stored values always +reflect hardware state as closely as possible. + +Fixes: 2f6e2404799a ("[media] SoC Camera: add driver for OV6650 sensor") +Signed-off-by: Janusz Krzysztofik +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/i2c/soc_camera/ov6650.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/drivers/media/i2c/soc_camera/ov6650.c b/drivers/media/i2c/soc_camera/ov6650.c +index 4e19f5e5d8cf..bb55ddfbf733 100644 +--- a/drivers/media/i2c/soc_camera/ov6650.c ++++ b/drivers/media/i2c/soc_camera/ov6650.c +@@ -611,7 +611,6 @@ static int ov6650_s_fmt(struct v4l2_subdev *sd, struct v4l2_mbus_framefmt *mf) + dev_err(&client->dev, "Pixel format not handled: 0x%x\n", code); + return -EINVAL; + } +- priv->code = code; + + if (code == MEDIA_BUS_FMT_Y8_1X8 || + code == MEDIA_BUS_FMT_SBGGR8_1X8) { +@@ -637,7 +636,6 @@ static int ov6650_s_fmt(struct v4l2_subdev *sd, struct v4l2_mbus_framefmt *mf) + dev_dbg(&client->dev, "max resolution: CIF\n"); + coma_mask |= COMA_QCIF; + } +- priv->half_scale = half_scale; + + if (sense) { + if (sense->master_clock == 8000000) { +@@ -677,8 +675,13 @@ static int ov6650_s_fmt(struct v4l2_subdev *sd, struct v4l2_mbus_framefmt *mf) + ret = ov6650_reg_rmw(client, REG_COMA, coma_set, coma_mask); + if (!ret) + ret = ov6650_reg_write(client, REG_CLKRC, clkrc); +- if (!ret) ++ if (!ret) { ++ priv->half_scale = half_scale; ++ + ret = ov6650_reg_rmw(client, REG_COML, coml_set, coml_mask); ++ } ++ if (!ret) ++ priv->code = code; + + if (!ret) { + mf->colorspace = priv->colorspace; +-- +2.20.1 + diff --git a/queue-4.4/media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch b/queue-4.4/media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch new file mode 100644 index 00000000000..219e721daa6 --- /dev/null +++ b/queue-4.4/media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch @@ -0,0 +1,60 @@ +From 64223e2c70e9125d5a3180902fdd03cfcbba8c8d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 12:11:14 +0100 +Subject: media: pvrusb2: Fix oops on tear-down when radio support is not + present + +From: Mike Isely + +[ Upstream commit 7f404ae9cf2a285f73b3c18ab9303d54b7a3d8e1 ] + +In some device configurations there's no radio or radio support in the +driver. That's OK, as the driver sets itself up accordingly. However +on tear-down in these caes it's still trying to tear down radio +related context when there isn't anything there, leading to +dereferences through a null pointer and chaos follows. + +How this bug survived unfixed for 11 years in the pvrusb2 driver is a +mystery to me. + +[hverkuil: fix two checkpatch warnings] + +Signed-off-by: Mike Isely +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/usb/pvrusb2/pvrusb2-v4l2.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c b/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c +index 1c5f85bf7ed4..2d6195e9a195 100644 +--- a/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c ++++ b/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c +@@ -886,8 +886,12 @@ static void pvr2_v4l2_internal_check(struct pvr2_channel *chp) + pvr2_v4l2_dev_disassociate_parent(vp->dev_video); + pvr2_v4l2_dev_disassociate_parent(vp->dev_radio); + if (!list_empty(&vp->dev_video->devbase.fh_list) || +- !list_empty(&vp->dev_radio->devbase.fh_list)) ++ (vp->dev_radio && ++ !list_empty(&vp->dev_radio->devbase.fh_list))) { ++ pvr2_trace(PVR2_TRACE_STRUCT, ++ "pvr2_v4l2 internal_check exit-empty id=%p", vp); + return; ++ } + pvr2_v4l2_destroy_no_lock(vp); + } + +@@ -961,7 +965,8 @@ static int pvr2_v4l2_release(struct file *file) + kfree(fhp); + if (vp->channel.mc_head->disconnect_flag && + list_empty(&vp->dev_video->devbase.fh_list) && +- list_empty(&vp->dev_radio->devbase.fh_list)) { ++ (!vp->dev_radio || ++ list_empty(&vp->dev_radio->devbase.fh_list))) { + pvr2_v4l2_destroy_no_lock(vp); + } + return 0; +-- +2.20.1 + diff --git a/queue-4.4/media-si470x-i2c-add-missed-operations-in-remove.patch b/queue-4.4/media-si470x-i2c-add-missed-operations-in-remove.patch new file mode 100644 index 00000000000..432973aed57 --- /dev/null +++ b/queue-4.4/media-si470x-i2c-add-missed-operations-in-remove.patch @@ -0,0 +1,37 @@ +From fed3e3d1c6b5c415a5c2f4a67b5f564d1ca6a72a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 10 Nov 2019 07:28:15 +0100 +Subject: media: si470x-i2c: add missed operations in remove + +From: Chuhong Yuan + +[ Upstream commit 2df200ab234a86836a8879a05a8007d6b884eb14 ] + +The driver misses calling v4l2_ctrl_handler_free and +v4l2_device_unregister in remove like what is done in probe failure. +Add the calls to fix it. + +Signed-off-by: Chuhong Yuan +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/radio/si470x/radio-si470x-i2c.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/media/radio/si470x/radio-si470x-i2c.c b/drivers/media/radio/si470x/radio-si470x-i2c.c +index 9326439bc49c..f9e1768b8d31 100644 +--- a/drivers/media/radio/si470x/radio-si470x-i2c.c ++++ b/drivers/media/radio/si470x/radio-si470x-i2c.c +@@ -460,6 +460,8 @@ static int si470x_i2c_remove(struct i2c_client *client) + video_unregister_device(&radio->videodev); + kfree(radio); + ++ v4l2_ctrl_handler_free(&radio->hdl); ++ v4l2_device_unregister(&radio->v4l2_dev); + return 0; + } + +-- +2.20.1 + diff --git a/queue-4.4/media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch b/queue-4.4/media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch new file mode 100644 index 00000000000..570b4704db7 --- /dev/null +++ b/queue-4.4/media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch @@ -0,0 +1,51 @@ +From 40692970753fa9efc6ca46ab3b8f5a3c4f2612bf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Oct 2019 12:10:00 -0300 +Subject: media: ti-vpe: vpe: fix a v4l2-compliance failure about frame + sequence number + +From: Benoit Parrot + +[ Upstream commit 2444846c0dbfa4ead21b621e4300ec32c90fbf38 ] + +v4l2-compliance fails with this message: + + fail: v4l2-test-buffers.cpp(294): \ + (int)g_sequence() < seq.last_seq + 1 + fail: v4l2-test-buffers.cpp(740): \ + buf.check(m2m_q, last_m2m_seq) + fail: v4l2-test-buffers.cpp(974): \ + captureBufs(node, q, m2m_q, frame_count, true) + test MMAP: FAIL + +The driver is failing to update the source frame sequence number in the +vb2 buffer object. Only the destination frame sequence was being +updated. + +This is only a reporting issue if the user space app actually cares +about the frame sequence number. But it is fixed nonetheless. + +Signed-off-by: Benoit Parrot +Reviewed-by: Tomi Valkeinen +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/ti-vpe/vpe.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/media/platform/ti-vpe/vpe.c b/drivers/media/platform/ti-vpe/vpe.c +index ca6629ccf82d..aa2870e864f9 100644 +--- a/drivers/media/platform/ti-vpe/vpe.c ++++ b/drivers/media/platform/ti-vpe/vpe.c +@@ -1299,6 +1299,7 @@ static irqreturn_t vpe_irq(int irq_vpe, void *data) + d_vb->timecode = s_vb->timecode; + + d_vb->sequence = ctx->sequence; ++ s_vb->sequence = ctx->sequence; + + d_q_data = &ctx->q_data[Q_DATA_DST]; + if (d_q_data->flags & Q_DATA_INTERLACED) { +-- +2.20.1 + diff --git a/queue-4.4/media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch b/queue-4.4/media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch new file mode 100644 index 00000000000..d5fd2bd4d25 --- /dev/null +++ b/queue-4.4/media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch @@ -0,0 +1,82 @@ +From 727afacc089a45b8ea18221838be60d046087cdb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Oct 2019 12:09:57 -0300 +Subject: media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel + format + +From: Benoit Parrot + +[ Upstream commit 06bec72b250b2cb3ba96fa45c2b8e0fb83745517 ] + +v4l2-compliance warns with this message: + + warn: v4l2-test-formats.cpp(717): \ + TRY_FMT cannot handle an invalid pixelformat. + warn: v4l2-test-formats.cpp(718): \ + This may or may not be a problem. For more information see: + warn: v4l2-test-formats.cpp(719): \ + http://www.mail-archive.com/linux-media@vger.kernel.org/msg56550.html + ... + test VIDIOC_TRY_FMT: FAIL + +We need to make sure that the returns a valid pixel format in all +instance. Based on the v4l2 framework convention drivers must return a +valid pixel format when the requested pixel format is either invalid or +not supported. + +Signed-off-by: Benoit Parrot +Reviewed-by: Tomi Valkeinen +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/ti-vpe/vpe.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/drivers/media/platform/ti-vpe/vpe.c b/drivers/media/platform/ti-vpe/vpe.c +index de24effd984f..ca6629ccf82d 100644 +--- a/drivers/media/platform/ti-vpe/vpe.c ++++ b/drivers/media/platform/ti-vpe/vpe.c +@@ -330,20 +330,25 @@ enum { + }; + + /* find our format description corresponding to the passed v4l2_format */ +-static struct vpe_fmt *find_format(struct v4l2_format *f) ++static struct vpe_fmt *__find_format(u32 fourcc) + { + struct vpe_fmt *fmt; + unsigned int k; + + for (k = 0; k < ARRAY_SIZE(vpe_formats); k++) { + fmt = &vpe_formats[k]; +- if (fmt->fourcc == f->fmt.pix.pixelformat) ++ if (fmt->fourcc == fourcc) + return fmt; + } + + return NULL; + } + ++static struct vpe_fmt *find_format(struct v4l2_format *f) ++{ ++ return __find_format(f->fmt.pix.pixelformat); ++} ++ + /* + * there is one vpe_dev structure in the driver, it is shared by + * all instances. +@@ -1434,9 +1439,9 @@ static int __vpe_try_fmt(struct vpe_ctx *ctx, struct v4l2_format *f, + int i, depth, depth_bytes; + + if (!fmt || !(fmt->types & type)) { +- vpe_err(ctx->dev, "Fourcc format (0x%08x) invalid.\n", ++ vpe_dbg(ctx->dev, "Fourcc format (0x%08x) invalid.\n", + pix->pixelformat); +- return -EINVAL; ++ fmt = __find_format(V4L2_PIX_FMT_YUYV); + } + + if (pix->field != V4L2_FIELD_NONE && pix->field != V4L2_FIELD_ALTERNATE) +-- +2.20.1 + diff --git a/queue-4.4/media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch b/queue-4.4/media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch new file mode 100644 index 00000000000..b6507ba0fc0 --- /dev/null +++ b/queue-4.4/media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch @@ -0,0 +1,53 @@ +From ce5942f3a1ccd18c33bc2907579e1d14193a2277 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Oct 2019 12:09:58 -0300 +Subject: media: ti-vpe: vpe: Make sure YUYV is set as default format + +From: Benoit Parrot + +[ Upstream commit e20b248051ca0f90d84b4d9378e4780bc31f16c6 ] + +v4l2-compliance fails with this message: + + fail: v4l2-test-formats.cpp(672): \ + Video Capture Multiplanar: TRY_FMT(G_FMT) != G_FMT + fail: v4l2-test-formats.cpp(672): \ + Video Output Multiplanar: TRY_FMT(G_FMT) != G_FMT + ... + test VIDIOC_TRY_FMT: FAIL + +The default pixel format was setup as pointing to a specific offset in +the vpe_formats table assuming it was pointing to the V4L2_PIX_FMT_YUYV +entry. This became false after the addition on the NV21 format (see +above commid-id) + +So instead of hard-coding an offset which might change over time we need +to use a lookup helper instead so we know the default will always be what +we intended. + +Signed-off-by: Benoit Parrot +Fixes: 40cc823f7005 ("media: ti-vpe: Add support for NV21 format") +Reviewed-by: Tomi Valkeinen +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/ti-vpe/vpe.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/media/platform/ti-vpe/vpe.c b/drivers/media/platform/ti-vpe/vpe.c +index aa2870e864f9..b5f8c425cd2e 100644 +--- a/drivers/media/platform/ti-vpe/vpe.c ++++ b/drivers/media/platform/ti-vpe/vpe.c +@@ -2000,7 +2000,7 @@ static int vpe_open(struct file *file) + v4l2_ctrl_handler_setup(hdl); + + s_q_data = &ctx->q_data[Q_DATA_SRC]; +- s_q_data->fmt = &vpe_formats[2]; ++ s_q_data->fmt = __find_format(V4L2_PIX_FMT_YUYV); + s_q_data->width = 1920; + s_q_data->height = 1080; + s_q_data->bytesperline[VPE_LUMA] = (s_q_data->width * +-- +2.20.1 + diff --git a/queue-4.4/mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch b/queue-4.4/mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch new file mode 100644 index 00000000000..2ec6ed8a179 --- /dev/null +++ b/queue-4.4/mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch @@ -0,0 +1,42 @@ +From 827587ac862cb80ebbfb42a3ccfadcebe80ea54c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 4 Oct 2019 15:16:48 -0500 +Subject: mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring + +From: Navid Emamdoost + +[ Upstream commit d10dcb615c8e29d403a24d35f8310a7a53e3050c ] + +In mwifiex_pcie_init_evt_ring, a new skb is allocated which should be +released if mwifiex_map_pci_memory() fails. The release for skb and +card->evtbd_ring_vbase is added. + +Fixes: 0732484b47b5 ("mwifiex: separate ring initialization and ring creation routines") +Signed-off-by: Navid Emamdoost +Acked-by: Ganapathi Bhat +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/mwifiex/pcie.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c +index 268e50ba88a5..4c0a65692899 100644 +--- a/drivers/net/wireless/mwifiex/pcie.c ++++ b/drivers/net/wireless/mwifiex/pcie.c +@@ -577,8 +577,11 @@ static int mwifiex_pcie_init_evt_ring(struct mwifiex_adapter *adapter) + skb_put(skb, MAX_EVENT_SIZE); + + if (mwifiex_map_pci_memory(adapter, skb, MAX_EVENT_SIZE, +- PCI_DMA_FROMDEVICE)) ++ PCI_DMA_FROMDEVICE)) { ++ kfree_skb(skb); ++ kfree(card->evtbd_ring_vbase); + return -1; ++ } + + buf_pa = MWIFIEX_SKB_DMA_ADDR(skb); + +-- +2.20.1 + diff --git a/queue-4.4/net-phy-initialise-phydev-speed-and-duplex-sanely.patch b/queue-4.4/net-phy-initialise-phydev-speed-and-duplex-sanely.patch new file mode 100644 index 00000000000..5a77727c3ea --- /dev/null +++ b/queue-4.4/net-phy-initialise-phydev-speed-and-duplex-sanely.patch @@ -0,0 +1,46 @@ +From 807e975d177bca1060ac3f9633adc34155a64cc4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 22 Nov 2019 15:23:23 +0000 +Subject: net: phy: initialise phydev speed and duplex sanely + +From: Russell King + +[ Upstream commit a5d66f810061e2dd70fb7a108dcd14e535bc639f ] + +When a phydev is created, the speed and duplex are set to zero and +-1 respectively, rather than using the predefined SPEED_UNKNOWN and +DUPLEX_UNKNOWN constants. + +There is a window at initialisation time where we may report link +down using the 0/-1 values. Tidy this up and use the predefined +constants, so debug doesn't complain with: + +"Unsupported (update phy-core.c)/Unsupported (update phy-core.c)" + +when the speed and duplex settings are printed. + +Signed-off-by: Russell King +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/phy/phy_device.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c +index c6a87834723d..b15eceb8b442 100644 +--- a/drivers/net/phy/phy_device.c ++++ b/drivers/net/phy/phy_device.c +@@ -161,8 +161,8 @@ struct phy_device *phy_device_create(struct mii_bus *bus, int addr, int phy_id, + + dev->dev.release = phy_device_release; + +- dev->speed = 0; +- dev->duplex = -1; ++ dev->speed = SPEED_UNKNOWN; ++ dev->duplex = DUPLEX_UNKNOWN; + dev->pause = 0; + dev->asym_pause = 0; + dev->link = 1; +-- +2.20.1 + diff --git a/queue-4.4/parport-load-lowlevel-driver-if-ports-not-found.patch b/queue-4.4/parport-load-lowlevel-driver-if-ports-not-found.patch new file mode 100644 index 00000000000..c8285153e1a --- /dev/null +++ b/queue-4.4/parport-load-lowlevel-driver-if-ports-not-found.patch @@ -0,0 +1,72 @@ +From 81cd0eb503a3c8af5c6ad9aaf1e4126729108f5d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Oct 2019 15:45:39 +0100 +Subject: parport: load lowlevel driver if ports not found + +From: Sudip Mukherjee + +[ Upstream commit 231ec2f24dad18d021b361045bbd618ba62a274e ] + +Usually all the distro will load the parport low level driver as part +of their initialization. But we can get into a situation where all the +parallel port drivers are built as module and we unload all the modules +at a later time. Then if we just do "modprobe parport" it will only +load the parport module and will not load the low level driver which +will actually register the ports. So, check the bus if there is any +parport registered, if not, load the low level driver. + +We can get into the above situation with all distro but only Suse has +setup the alias for "parport_lowlevel" and so it only works in Suse. +Users of Debian based distro will need to load the lowlevel module +manually. + +Signed-off-by: Sudip Mukherjee +Link: https://lore.kernel.org/r/20191016144540.18810-3-sudipm.mukherjee@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/parport/share.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/drivers/parport/share.c b/drivers/parport/share.c +index f26af0214ab3..3be1f4a041d4 100644 +--- a/drivers/parport/share.c ++++ b/drivers/parport/share.c +@@ -228,6 +228,18 @@ static int port_check(struct device *dev, void *dev_drv) + return 0; + } + ++/* ++ * Iterates through all the devices connected to the bus and return 1 ++ * if the device is a parallel port. ++ */ ++ ++static int port_detect(struct device *dev, void *dev_drv) ++{ ++ if (is_parport(dev)) ++ return 1; ++ return 0; ++} ++ + /** + * parport_register_driver - register a parallel port device driver + * @drv: structure describing the driver +@@ -280,6 +292,15 @@ int __parport_register_driver(struct parport_driver *drv, struct module *owner, + if (ret) + return ret; + ++ /* ++ * check if bus has any parallel port registered, if ++ * none is found then load the lowlevel driver. ++ */ ++ ret = bus_for_each_dev(&parport_bus_type, NULL, NULL, ++ port_detect); ++ if (!ret) ++ get_lowlevel_driver(); ++ + mutex_lock(®istration_lock); + if (drv->match_port) + bus_for_each_dev(&parport_bus_type, NULL, drv, +-- +2.20.1 + diff --git a/queue-4.4/perf-intel-bts-does-not-support-aux-area-sampling.patch b/queue-4.4/perf-intel-bts-does-not-support-aux-area-sampling.patch new file mode 100644 index 00000000000..284b6d07bf4 --- /dev/null +++ b/queue-4.4/perf-intel-bts-does-not-support-aux-area-sampling.patch @@ -0,0 +1,54 @@ +From f85f768e43c28aa9a7e4a40216f6118f20c4fbbf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Nov 2019 14:42:25 +0200 +Subject: perf intel-bts: Does not support AUX area sampling + +From: Adrian Hunter + +[ Upstream commit 32a1ece4bdbde24734ab16484bad7316f03fc42d ] + +Add an error message because Intel BTS does not support AUX area +sampling. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Link: http://lore.kernel.org/lkml/20191115124225.5247-16-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/arch/x86/util/auxtrace.c | 2 ++ + tools/perf/arch/x86/util/intel-bts.c | 5 +++++ + 2 files changed, 7 insertions(+) + +diff --git a/tools/perf/arch/x86/util/auxtrace.c b/tools/perf/arch/x86/util/auxtrace.c +index 7a7805583e3f..ab641cfc8c2b 100644 +--- a/tools/perf/arch/x86/util/auxtrace.c ++++ b/tools/perf/arch/x86/util/auxtrace.c +@@ -35,6 +35,8 @@ struct auxtrace_record *auxtrace_record__init_intel(struct perf_evlist *evlist, + + intel_pt_pmu = perf_pmu__find(INTEL_PT_PMU_NAME); + intel_bts_pmu = perf_pmu__find(INTEL_BTS_PMU_NAME); ++ if (intel_bts_pmu) ++ intel_bts_pmu->auxtrace = true; + + if (evlist) { + evlist__for_each(evlist, evsel) { +diff --git a/tools/perf/arch/x86/util/intel-bts.c b/tools/perf/arch/x86/util/intel-bts.c +index 9b94ce520917..9d83a7f3496c 100644 +--- a/tools/perf/arch/x86/util/intel-bts.c ++++ b/tools/perf/arch/x86/util/intel-bts.c +@@ -119,6 +119,11 @@ static int intel_bts_recording_options(struct auxtrace_record *itr, + const struct cpu_map *cpus = evlist->cpus; + bool privileged = geteuid() == 0 || perf_event_paranoid() < 0; + ++ if (opts->auxtrace_sample_mode) { ++ pr_err("Intel BTS does not support AUX area sampling\n"); ++ return -EINVAL; ++ } ++ + btsr->evlist = evlist; + btsr->snapshot_mode = opts->auxtrace_snapshot_mode; + +-- +2.20.1 + diff --git a/queue-4.4/perf-parse-fix-potential-memory-leak-when-handling-t.patch b/queue-4.4/perf-parse-fix-potential-memory-leak-when-handling-t.patch new file mode 100644 index 00000000000..0d543a611f6 --- /dev/null +++ b/queue-4.4/perf-parse-fix-potential-memory-leak-when-handling-t.patch @@ -0,0 +1,85 @@ +From c21827a59a7b4ca9444d6a86795519919e805c36 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Nov 2019 10:09:25 -0800 +Subject: perf parse: Fix potential memory leak when handling tracepoint errors + +From: Ian Rogers + +[ Upstream commit 4584f084aa9d8033d5911935837dbee7b082d0e9 ] + +An error may be in place when tracepoint_error is called, use +parse_events__handle_error to avoid a memory leak and to capture the +first and last error. Error detected by LLVM's libFuzzer using the +following event: + +$ perf stat -e 'msr/event/,f:e' +event syntax error: 'msr/event/,f:e' + \___ can't access trace events + +Error: No permissions to read /sys/kernel/debug/tracing/events/f/e +Hint: Try 'sudo mount -o remount,mode=755 /sys/kernel/debug/tracing/' + +Initial error: +event syntax error: 'msr/event/,f:e' + \___ no value assigned for term +Run 'perf list' for a list of valid events + + Usage: perf stat [] [] + + -e, --event event selector. use 'perf list' to list available events + +Signed-off-by: Ian Rogers +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Jin Yao +Cc: Jiri Olsa +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Stephane Eranian +Cc: clang-built-linux@googlegroups.com +Link: http://lore.kernel.org/lkml/20191120180925.21787-1-irogers@google.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/parse-events.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c +index 9351738df703..004f28a04123 100644 +--- a/tools/perf/util/parse-events.c ++++ b/tools/perf/util/parse-events.c +@@ -398,6 +398,7 @@ int parse_events_add_cache(struct list_head *list, int *idx, + static void tracepoint_error(struct parse_events_error *e, int err, + char *sys, char *name) + { ++ const char *str; + char help[BUFSIZ]; + + if (!e) +@@ -411,18 +412,18 @@ static void tracepoint_error(struct parse_events_error *e, int err, + + switch (err) { + case EACCES: +- e->str = strdup("can't access trace events"); ++ str = "can't access trace events"; + break; + case ENOENT: +- e->str = strdup("unknown tracepoint"); ++ str = "unknown tracepoint"; + break; + default: +- e->str = strdup("failed to add tracepoint"); ++ str = "failed to add tracepoint"; + break; + } + + tracing_path__strerror_open_tp(err, help, sizeof(help), sys, name); +- e->help = strdup(help); ++ parse_events__handle_error(e, 0, strdup(str), strdup(help)); + } + + static int add_tracepoint(struct list_head *list, int *idx, +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-filter-out-instances-except-for-inlined-s.patch b/queue-4.4/perf-probe-filter-out-instances-except-for-inlined-s.patch new file mode 100644 index 00000000000..45a1fa3ab7b --- /dev/null +++ b/queue-4.4/perf-probe-filter-out-instances-except-for-inlined-s.patch @@ -0,0 +1,122 @@ +From 8ba1e0debc339236b03bf65625b664e9dc323073 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2019 16:09:30 +0900 +Subject: perf probe: Filter out instances except for inlined subroutine and + subprogram + +From: Masami Hiramatsu + +[ Upstream commit da6cb952a89efe24bb76c4971370d485737a2d85 ] + +Filter out instances except for inlined_subroutine and subprogram DIE in +die_walk_instances() and die_is_func_instance(). + +This fixes an issue that perf probe sets some probes on calling address +instead of a target function itself. + +When perf probe walks on instances of an abstruct origin (a kind of +function prototype of inlined function), die_walk_instances() can also +pass a GNU_call_site (a GNU extension for call site) to callback. Since +it is not an inlined instance of target function, we have to filter out +when searching a probe point. + +Without this patch, perf probe sets probes on call site address too.This +can happen on some function which is marked "inlined", but has actual +symbol. (I'm not sure why GCC mark it "inlined"): + + # perf probe -D vfs_read + p:probe/vfs_read _text+2500017 + p:probe/vfs_read_1 _text+2499468 + p:probe/vfs_read_2 _text+2499563 + p:probe/vfs_read_3 _text+2498876 + p:probe/vfs_read_4 _text+2498512 + p:probe/vfs_read_5 _text+2498627 + +With this patch: + +Slightly different results, similar tho: + + # perf probe -D vfs_read + p:probe/vfs_read _text+2498512 + +Committer testing: + + # uname -a + Linux quaco 5.3.8-200.fc30.x86_64 #1 SMP Tue Oct 29 14:46:22 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux + +Before: + + # perf probe -D vfs_read + p:probe/vfs_read _text+3131557 + p:probe/vfs_read_1 _text+3130975 + p:probe/vfs_read_2 _text+3131047 + p:probe/vfs_read_3 _text+3130380 + p:probe/vfs_read_4 _text+3130000 + # uname -a + Linux quaco 5.3.8-200.fc30.x86_64 #1 SMP Tue Oct 29 14:46:22 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux + # + +After: + + # perf probe -D vfs_read + p:probe/vfs_read _text+3130000 + # + +Fixes: db0d2c6420ee ("perf probe: Search concrete out-of-line instances") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157241937063.32002.11024544873990816590.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 8d6eaaab4739..388c9dcba976 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -298,18 +298,22 @@ bool die_is_func_def(Dwarf_Die *dw_die) + * @dw_die: a DIE + * + * Ensure that this DIE is an instance (which has an entry address). +- * This returns true if @dw_die is a function instance. If not, you need to +- * call die_walk_instances() to find actual instances. ++ * This returns true if @dw_die is a function instance. If not, the @dw_die ++ * must be a prototype. You can use die_walk_instances() to find actual ++ * instances. + **/ + bool die_is_func_instance(Dwarf_Die *dw_die) + { + Dwarf_Addr tmp; + Dwarf_Attribute attr_mem; ++ int tag = dwarf_tag(dw_die); + +- /* Actually gcc optimizes non-inline as like as inlined */ +- return !dwarf_func_inline(dw_die) && +- (dwarf_entrypc(dw_die, &tmp) == 0 || +- dwarf_attr(dw_die, DW_AT_ranges, &attr_mem) != NULL); ++ if (tag != DW_TAG_subprogram && ++ tag != DW_TAG_inlined_subroutine) ++ return false; ++ ++ return dwarf_entrypc(dw_die, &tmp) == 0 || ++ dwarf_attr(dw_die, DW_AT_ranges, &attr_mem) != NULL; + } + + /** +@@ -588,6 +592,9 @@ static int __die_walk_instances_cb(Dwarf_Die *inst, void *data) + Dwarf_Die *origin; + int tmp; + ++ if (!die_is_func_instance(inst)) ++ return DIE_FIND_CB_CONTINUE; ++ + attr = dwarf_attr(inst, DW_AT_abstract_origin, &attr_mem); + if (attr == NULL) + return DIE_FIND_CB_CONTINUE; +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-fix-to-find-range-only-function-instance.patch b/queue-4.4/perf-probe-fix-to-find-range-only-function-instance.patch new file mode 100644 index 00000000000..c95241c8819 --- /dev/null +++ b/queue-4.4/perf-probe-fix-to-find-range-only-function-instance.patch @@ -0,0 +1,50 @@ +From e05a6c4c502436c70c35ad7d549c31bc3c5c7c0a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 24 Oct 2019 18:12:36 +0900 +Subject: perf probe: Fix to find range-only function instance + +From: Masami Hiramatsu + +[ Upstream commit b77afa1f810f37bd8a36cb1318178dfe2d7af6b6 ] + +Fix die_is_func_instance() to find range-only function instance. + +In some case, a function instance can be made without any low PC or +entry PC, but only with address ranges by optimization. (e.g. cold text +partially in "text.unlikely" section) To find such function instance, we +have to check the range attribute too. + +Fixes: e1ecbbc3fa83 ("perf probe: Fix to handle optimized not-inlined functions") +Signed-off-by: Masami Hiramatsu +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157190835669.1859.8368628035930950596.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index a509aa8433a1..af78d6fc8d12 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -304,10 +304,14 @@ bool die_is_func_def(Dwarf_Die *dw_die) + bool die_is_func_instance(Dwarf_Die *dw_die) + { + Dwarf_Addr tmp; ++ Dwarf_Attribute attr_mem; + + /* Actually gcc optimizes non-inline as like as inlined */ +- return !dwarf_func_inline(dw_die) && dwarf_entrypc(dw_die, &tmp) == 0; ++ return !dwarf_func_inline(dw_die) && ++ (dwarf_entrypc(dw_die, &tmp) == 0 || ++ dwarf_attr(dw_die, DW_AT_ranges, &attr_mem) != NULL); + } ++ + /** + * die_get_data_member_location - Get the data-member offset + * @mb_die: a DIE of a member of a data structure +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-fix-to-list-probe-event-with-correct-line.patch b/queue-4.4/perf-probe-fix-to-list-probe-event-with-correct-line.patch new file mode 100644 index 00000000000..0b961242482 --- /dev/null +++ b/queue-4.4/perf-probe-fix-to-list-probe-event-with-correct-line.patch @@ -0,0 +1,78 @@ +From 504e1dd56c0f5d65ddac213aae741f8825f931ca Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:46:52 +0900 +Subject: perf probe: Fix to list probe event with correct line number + +From: Masami Hiramatsu + +[ Upstream commit 3895534dd78f0fd4d3f9e05ee52b9cdd444a743e ] + +Since debuginfo__find_probe_point() uses dwarf_entrypc() for finding the +entry address of the function on which a probe is, it will fail when the +function DIE has only ranges attribute. + +To fix this issue, use die_entrypc() instead of dwarf_entrypc(). + +Without this fix, perf probe -l shows incorrect offset: + + # perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask+18446744071579263632@work/linux/linux/kernel/cpu.c) + probe:clear_tasks_mm_cpumask_1 (on clear_tasks_mm_cpumask+18446744071579263752@work/linux/linux/kernel/cpu.c) + +With this: + + # perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@work/linux/linux/kernel/cpu.c) + probe:clear_tasks_mm_cpumask_1 (on clear_tasks_mm_cpumask:21@work/linux/linux/kernel/cpu.c) + +Committer testing: + +Before: + + [root@quaco ~]# perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask+18446744071579765152@kernel/cpu.c) + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@kernel/cpu.c) + [root@quaco ~]# + +Fixes: 1d46ea2a6a40 ("perf probe: Fix listing incorrect line number with inline function") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199321227.8075.14655572419136993015.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index fdd87c7e3e91..dce40710b5de 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -1481,7 +1481,7 @@ int debuginfo__find_probe_point(struct debuginfo *dbg, unsigned long addr, + /* Get function entry information */ + func = basefunc = dwarf_diename(&spdie); + if (!func || +- dwarf_entrypc(&spdie, &baseaddr) != 0 || ++ die_entrypc(&spdie, &baseaddr) != 0 || + dwarf_decl_line(&spdie, &baseline) != 0) { + lineno = 0; + goto post; +@@ -1498,7 +1498,7 @@ int debuginfo__find_probe_point(struct debuginfo *dbg, unsigned long addr, + while (die_find_top_inlinefunc(&spdie, (Dwarf_Addr)addr, + &indie)) { + /* There is an inline function */ +- if (dwarf_entrypc(&indie, &_addr) == 0 && ++ if (die_entrypc(&indie, &_addr) == 0 && + _addr == addr) { + /* + * addr is at an inline function entry. +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-fix-to-probe-an-inline-function-which-has.patch b/queue-4.4/perf-probe-fix-to-probe-an-inline-function-which-has.patch new file mode 100644 index 00000000000..68c1603516e --- /dev/null +++ b/queue-4.4/perf-probe-fix-to-probe-an-inline-function-which-has.patch @@ -0,0 +1,72 @@ +From b1b3a1bb9d9dbb91e9a414ae0d007785ba86dbe0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:46:43 +0900 +Subject: perf probe: Fix to probe an inline function which has no entry pc + +From: Masami Hiramatsu + +[ Upstream commit eb6933b29d20bf2c3053883d409a53f462c1a3ac ] + +Fix perf probe to probe an inlne function which has no entry pc +or low pc but only has ranges attribute. + +This seems very rare case, but I could find a few examples, as +same as probe_point_search_cb(), use die_entrypc() to get the +entry address in probe_point_inline_cb() too. + +Without this patch: + + # perf probe -D __amd_put_nb_event_constraints + Failed to get entry address of __amd_put_nb_event_constraints. + Probe point '__amd_put_nb_event_constraints' not found. + Error: Failed to add events. + +With this patch: + + # perf probe -D __amd_put_nb_event_constraints + p:probe/__amd_put_nb_event_constraints amd_put_event_constraints+43 + +Committer testing: + +Before: + + [root@quaco ~]# perf probe -D __amd_put_nb_event_constraints + Failed to get entry address of __amd_put_nb_event_constraints. + Probe point '__amd_put_nb_event_constraints' not found. + Error: Failed to add events. + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe -D __amd_put_nb_event_constraints + p:probe/__amd_put_nb_event_constraints _text+33789 + [root@quaco ~]# + +Fixes: 4ea42b181434 ("perf: Add perf probe subcommand, a kprobe-event setup helper") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199320336.8075.16189530425277588587.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index dce40710b5de..28a0f37b05c0 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -900,7 +900,7 @@ static int probe_point_inline_cb(Dwarf_Die *in_die, void *data) + ret = find_probe_point_lazy(in_die, pf); + else { + /* Get probe address */ +- if (dwarf_entrypc(in_die, &addr) != 0) { ++ if (die_entrypc(in_die, &addr) != 0) { + pr_warning("Failed to get entry address of %s.\n", + dwarf_diename(in_die)); + return -ENOENT; +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-fix-to-show-calling-lines-of-inlined-func.patch b/queue-4.4/perf-probe-fix-to-show-calling-lines-of-inlined-func.patch new file mode 100644 index 00000000000..723692b69a6 --- /dev/null +++ b/queue-4.4/perf-probe-fix-to-show-calling-lines-of-inlined-func.patch @@ -0,0 +1,122 @@ +From aebce108aa771f163609d7570bac39671af821c7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2019 16:09:40 +0900 +Subject: perf probe: Fix to show calling lines of inlined functions + +From: Masami Hiramatsu + +[ Upstream commit 86c0bf8539e7f46d91bd105e55eda96e0064caef ] + +Fix to show calling lines of inlined functions (where an inline function +is called). + +die_walk_lines() filtered out the lines inside inlined functions based +on the address. However this also filtered out the lines which call +those inlined functions from the target function. + +To solve this issue, check the call_file and call_line attributes and do +not filter out if it matches to the line information. + +Without this fix, perf probe -L doesn't show some lines correctly. +(don't see the lines after 17) + + # perf probe -L vfs_read + + 0 ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) + 1 { + 2 ssize_t ret; + + 4 if (!(file->f_mode & FMODE_READ)) + return -EBADF; + 6 if (!(file->f_mode & FMODE_CAN_READ)) + return -EINVAL; + 8 if (unlikely(!access_ok(buf, count))) + return -EFAULT; + + 11 ret = rw_verify_area(READ, file, pos, count); + 12 if (!ret) { + 13 if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + 15 ret = __vfs_read(file, buf, count, pos); + 16 if (ret > 0) { + fsnotify_access(file); + add_rchar(current, ret); + } + +With this fix: + + # perf probe -L vfs_read + + 0 ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) + 1 { + 2 ssize_t ret; + + 4 if (!(file->f_mode & FMODE_READ)) + return -EBADF; + 6 if (!(file->f_mode & FMODE_CAN_READ)) + return -EINVAL; + 8 if (unlikely(!access_ok(buf, count))) + return -EFAULT; + + 11 ret = rw_verify_area(READ, file, pos, count); + 12 if (!ret) { + 13 if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + 15 ret = __vfs_read(file, buf, count, pos); + 16 if (ret > 0) { + 17 fsnotify_access(file); + 18 add_rchar(current, ret); + } + 20 inc_syscr(current); + } + +Fixes: 4cc9cec636e7 ("perf probe: Introduce lines walker interface") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157241937995.32002.17899884017011512577.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 5f32fed5eeb3..6851f1d0e253 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -741,7 +741,7 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + Dwarf_Lines *lines; + Dwarf_Line *line; + Dwarf_Addr addr; +- const char *fname, *decf = NULL; ++ const char *fname, *decf = NULL, *inf = NULL; + int lineno, ret = 0; + int decl = 0, inl; + Dwarf_Die die_mem, *cu_die; +@@ -785,13 +785,21 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + */ + if (!dwarf_haspc(rt_die, addr)) + continue; ++ + if (die_find_inlinefunc(rt_die, addr, &die_mem)) { ++ /* Call-site check */ ++ inf = die_get_call_file(&die_mem); ++ if ((inf && !strcmp(inf, decf)) && ++ die_get_call_lineno(&die_mem) == lineno) ++ goto found; ++ + dwarf_decl_line(&die_mem, &inl); + if (inl != decl || + decf != dwarf_decl_file(&die_mem)) + continue; + } + } ++found: + /* Get source line */ + fname = dwarf_linesrc(line, NULL, NULL); + +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-fix-to-show-inlined-function-callsite-wit.patch b/queue-4.4/perf-probe-fix-to-show-inlined-function-callsite-wit.patch new file mode 100644 index 00000000000..bf998aa7f62 --- /dev/null +++ b/queue-4.4/perf-probe-fix-to-show-inlined-function-callsite-wit.patch @@ -0,0 +1,112 @@ +From f998efb748e177ee8501f39c683dd75fb7341b52 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:47:01 +0900 +Subject: perf probe: Fix to show inlined function callsite without entry_pc + +From: Masami Hiramatsu + +[ Upstream commit 18e21eb671dc87a4f0546ba505a89ea93598a634 ] + +Fix 'perf probe --line' option to show inlined function callsite lines +even if the function DIE has only ranges. + +Without this: + + # perf probe -L amd_put_event_constraints + ... + 2 { + 3 if (amd_has_nb(cpuc) && amd_is_nb_event(&event->hw)) + __amd_put_nb_event_constraints(cpuc, event); + 5 } + +With this patch: + + # perf probe -L amd_put_event_constraints + ... + 2 { + 3 if (amd_has_nb(cpuc) && amd_is_nb_event(&event->hw)) + 4 __amd_put_nb_event_constraints(cpuc, event); + 5 } + +Committer testing: + +Before: + + [root@quaco ~]# perf probe -L amd_put_event_constraints + + 0 static void amd_put_event_constraints(struct cpu_hw_events *cpuc, + struct perf_event *event) + 2 { + 3 if (amd_has_nb(cpuc) && amd_is_nb_event(&event->hw)) + __amd_put_nb_event_constraints(cpuc, event); + 5 } + + PMU_FORMAT_ATTR(event, "config:0-7,32-35"); + PMU_FORMAT_ATTR(umask, "config:8-15" ); + + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe -L amd_put_event_constraints + + 0 static void amd_put_event_constraints(struct cpu_hw_events *cpuc, + struct perf_event *event) + 2 { + 3 if (amd_has_nb(cpuc) && amd_is_nb_event(&event->hw)) + 4 __amd_put_nb_event_constraints(cpuc, event); + 5 } + + PMU_FORMAT_ATTR(event, "config:0-7,32-35"); + PMU_FORMAT_ATTR(umask, "config:8-15" ); + + [root@quaco ~]# perf probe amd_put_event_constraints:4 + Added new event: + probe:amd_put_event_constraints (on amd_put_event_constraints:4) + + You can now use it in all perf tools, such as: + + perf record -e probe:amd_put_event_constraints -aR sleep 1 + + [root@quaco ~]# + + [root@quaco ~]# perf probe -l + probe:amd_put_event_constraints (on amd_put_event_constraints:4@arch/x86/events/amd/core.c) + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@kernel/cpu.c) + [root@quaco ~]# + +Using it: + + [root@quaco ~]# perf trace -e probe:* + ^C[root@quaco ~]# + +Ok, Intel system here... :-) + +Fixes: 4cc9cec636e7 ("perf probe: Introduce lines walker interface") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199322107.8075.12659099000567865708.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index ed7777ed4d38..5f32fed5eeb3 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -659,7 +659,7 @@ static int __die_walk_funclines_cb(Dwarf_Die *in_die, void *data) + if (dwarf_tag(in_die) == DW_TAG_inlined_subroutine) { + fname = die_get_call_file(in_die); + lineno = die_get_call_lineno(in_die); +- if (fname && lineno > 0 && dwarf_entrypc(in_die, &addr) == 0) { ++ if (fname && lineno > 0 && die_entrypc(in_die, &addr) == 0) { + lw->retval = lw->callback(fname, lineno, addr, lw->data); + if (lw->retval != 0) + return DIE_FIND_CB_END; +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-fix-to-show-ranges-of-variables-in-functi.patch b/queue-4.4/perf-probe-fix-to-show-ranges-of-variables-in-functi.patch new file mode 100644 index 00000000000..4d75e03cb7b --- /dev/null +++ b/queue-4.4/perf-probe-fix-to-show-ranges-of-variables-in-functi.patch @@ -0,0 +1,98 @@ +From 0f63df17a182caf5de764952dd92c8329609ff9e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:47:10 +0900 +Subject: perf probe: Fix to show ranges of variables in functions without + entry_pc + +From: Masami Hiramatsu + +[ Upstream commit af04dd2f8ebaa8fbd46f698714acbf43da14da45 ] + +Fix to show ranges of variables (--range and --vars option) in functions +which DIE has only ranges but no entry_pc attribute. + +Without this fix: + + # perf probe --range -V clear_tasks_mm_cpumask + Available variables at clear_tasks_mm_cpumask + @ + (No matched variables) + +With this fix: + + # perf probe --range -V clear_tasks_mm_cpumask + Available variables at clear_tasks_mm_cpumask + @ + [VAL] int cpu @ + +Committer testing: + +Before: + + [root@quaco ~]# perf probe --range -V clear_tasks_mm_cpumask + Available variables at clear_tasks_mm_cpumask + @ + (No matched variables) + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe --range -V clear_tasks_mm_cpumask + Available variables at clear_tasks_mm_cpumask + @ + [VAL] int cpu @ + [root@quaco ~]# + +Using it: + + [root@quaco ~]# perf probe clear_tasks_mm_cpumask cpu + Added new event: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask with cpu) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask -aR sleep 1 + + [root@quaco ~]# perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@kernel/cpu.c with cpu) + [root@quaco ~]# + [root@quaco ~]# perf trace -e probe:*cpumask + ^C[root@quaco ~]# + +Fixes: 349e8d261131 ("perf probe: Add --range option to show a variable's location range") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199323018.8075.8179744380479673672.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index ef6fa620a426..ed7777ed4d38 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -989,7 +989,7 @@ static int die_get_var_innermost_scope(Dwarf_Die *sp_die, Dwarf_Die *vr_die, + bool first = true; + const char *name; + +- ret = dwarf_entrypc(sp_die, &entry); ++ ret = die_entrypc(sp_die, &entry); + if (ret) + return ret; + +@@ -1050,7 +1050,7 @@ int die_get_var_range(Dwarf_Die *sp_die, Dwarf_Die *vr_die, struct strbuf *buf) + bool first = true; + const char *name; + +- ret = dwarf_entrypc(sp_die, &entry); ++ ret = die_entrypc(sp_die, &entry); + if (ret) + return ret; + +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-return-a-better-scope-die-if-there-is-no-.patch b/queue-4.4/perf-probe-return-a-better-scope-die-if-there-is-no-.patch new file mode 100644 index 00000000000..0b300fc9742 --- /dev/null +++ b/queue-4.4/perf-probe-return-a-better-scope-die-if-there-is-no-.patch @@ -0,0 +1,84 @@ +From 67f6a06b52988edb0da11b8d4221324702ab0462 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 09:16:49 +0900 +Subject: perf probe: Return a better scope DIE if there is no best scope + +From: Masami Hiramatsu + +[ Upstream commit c701636aeec4c173208697d68da6e4271125564b ] + +Make find_best_scope() returns innermost DIE at given address if there +is no best matched scope DIE. Since Gcc sometimes generates intuitively +strange line info which is out of inlined function address range, we +need this fixup. + +Without this, sometimes perf probe failed to probe on a line inside an +inlined function: + + # perf probe -D ksys_open:3 + Failed to find scope of probe point. + Error: Failed to add events. + +With this fix, 'perf probe' can probe it: + + # perf probe -D ksys_open:3 + p:probe/ksys_open _text+25707308 + p:probe/ksys_open_1 _text+25710596 + p:probe/ksys_open_2 _text+25711114 + p:probe/ksys_open_3 _text+25711343 + p:probe/ksys_open_4 _text+25714058 + p:probe/ksys_open_5 _text+2819653 + p:probe/ksys_open_6 _text+2819701 + +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Namhyung Kim +Cc: Ravi Bangoria +Cc: Steven Rostedt (VMware) +Cc: Tom Zanussi +Link: http://lore.kernel.org/lkml/157291300887.19771.14936015360963292236.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index d917f83e8e85..5ca8836b16e7 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -746,6 +746,16 @@ static int find_best_scope_cb(Dwarf_Die *fn_die, void *data) + return 0; + } + ++/* Return innermost DIE */ ++static int find_inner_scope_cb(Dwarf_Die *fn_die, void *data) ++{ ++ struct find_scope_param *fsp = data; ++ ++ memcpy(fsp->die_mem, fn_die, sizeof(Dwarf_Die)); ++ fsp->found = true; ++ return 1; ++} ++ + /* Find an appropriate scope fits to given conditions */ + static Dwarf_Die *find_best_scope(struct probe_finder *pf, Dwarf_Die *die_mem) + { +@@ -757,8 +767,13 @@ static Dwarf_Die *find_best_scope(struct probe_finder *pf, Dwarf_Die *die_mem) + .die_mem = die_mem, + .found = false, + }; ++ int ret; + +- cu_walk_functions_at(&pf->cu_die, pf->addr, find_best_scope_cb, &fsp); ++ ret = cu_walk_functions_at(&pf->cu_die, pf->addr, find_best_scope_cb, ++ &fsp); ++ if (!ret && !fsp.found) ++ cu_walk_functions_at(&pf->cu_die, pf->addr, ++ find_inner_scope_cb, &fsp); + + return fsp.found ? die_mem : NULL; + } +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-skip-end-of-sequence-and-non-statement-li.patch b/queue-4.4/perf-probe-skip-end-of-sequence-and-non-statement-li.patch new file mode 100644 index 00000000000..5c35d506bd5 --- /dev/null +++ b/queue-4.4/perf-probe-skip-end-of-sequence-and-non-statement-li.patch @@ -0,0 +1,145 @@ +From 62c01604345bab3588362b95e289cbada48d22ff Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2019 16:09:21 +0900 +Subject: perf probe: Skip end-of-sequence and non statement lines +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Masami Hiramatsu + +[ Upstream commit f4d99bdfd124823a81878b44b5e8750b97f73902 ] + +Skip end-of-sequence and non-statement lines while walking through lines +list. + +The "end-of-sequence" line information means: + + "the current address is that of the first byte after the + end of a sequence of target machine instructions." + (DWARF version 4 spec 6.2.2) + +This actually means out of scope and we can not probe on it. + +On the other hand, the statement lines (is_stmt) means: + + "the current instruction is a recommended breakpoint location. + A recommended breakpoint location is intended to “represent” + a line, a statement and/or a semantically distinct subpart + of a statement." + + (DWARF version 4 spec 6.2.2) + +So, non-statement line info also should be skipped. + +These can reduce unneeded probe points and also avoid an error. + +E.g. without this patch: + + # perf probe -a "clear_tasks_mm_cpumask:1" + Added new events: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_1 (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_2 (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_3 (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_4 (on clear_tasks_mm_cpumask:1) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask_4 -aR sleep 1 + + # + +This puts 5 probes on one line, but acutally it's not inlined function. +This is because there are many non statement instructions at the +function prologue. + +With this patch: + + # perf probe -a "clear_tasks_mm_cpumask:1" + Added new event: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask:1) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask -aR sleep 1 + + # + +Now perf-probe skips unneeded addresses. + +Committer testing: + +Slightly different results, but similar: + +Before: + + # uname -a + Linux quaco 5.3.8-200.fc30.x86_64 #1 SMP Tue Oct 29 14:46:22 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux + # + # perf probe -a "clear_tasks_mm_cpumask:1" + Added new events: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_1 (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_2 (on clear_tasks_mm_cpumask:1) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask_2 -aR sleep 1 + + # + +After: + + # perf probe -a "clear_tasks_mm_cpumask:1" + Added new event: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask:1) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask -aR sleep 1 + + # perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@kernel/cpu.c) + # + +Fixes: 4cc9cec636e7 ("perf probe: Introduce lines walker interface") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157241936090.32002.12156347518596111660.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 6851f1d0e253..8d6eaaab4739 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -746,6 +746,7 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + int decl = 0, inl; + Dwarf_Die die_mem, *cu_die; + size_t nlines, i; ++ bool flag; + + /* Get the CU die */ + if (dwarf_tag(rt_die) != DW_TAG_compile_unit) { +@@ -776,6 +777,12 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + "Possible error in debuginfo.\n"); + continue; + } ++ /* Skip end-of-sequence */ ++ if (dwarf_lineendsequence(line, &flag) != 0 || flag) ++ continue; ++ /* Skip Non statement line-info */ ++ if (dwarf_linebeginstatement(line, &flag) != 0 || !flag) ++ continue; + /* Filter lines based on address */ + if (rt_die != cu_die) { + /* +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-skip-overlapped-location-on-searching-var.patch b/queue-4.4/perf-probe-skip-overlapped-location-on-searching-var.patch new file mode 100644 index 00000000000..acc478b225c --- /dev/null +++ b/queue-4.4/perf-probe-skip-overlapped-location-on-searching-var.patch @@ -0,0 +1,104 @@ +From 1f21ece58aa1c3391c18b6ee98a990b39214e01c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2019 16:09:49 +0900 +Subject: perf probe: Skip overlapped location on searching variables + +From: Masami Hiramatsu + +[ Upstream commit dee36a2abb67c175265d49b9a8c7dfa564463d9a ] + +Since debuginfo__find_probes() callback function can be called with the +location which already passed, the callback function must filter out +such overlapped locations. + +add_probe_trace_event() has already done it by commit 1a375ae7659a +("perf probe: Skip same probe address for a given line"), but +add_available_vars() doesn't. Thus perf probe -v shows same address +repeatedly as below: + + # perf probe -V vfs_read:18 + Available variables at vfs_read:18 + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + +With this fix, perf probe -V shows it correctly: + + # perf probe -V vfs_read:18 + Available variables at vfs_read:18 + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + +Fixes: cf6eb489e5c0 ("perf probe: Show accessible local variables") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157241938927.32002.4026859017790562751.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index 28a0f37b05c0..d917f83e8e85 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -1331,6 +1331,18 @@ static int collect_variables_cb(Dwarf_Die *die_mem, void *data) + return DIE_FIND_CB_SIBLING; + } + ++static bool available_var_finder_overlap(struct available_var_finder *af) ++{ ++ int i; ++ ++ for (i = 0; i < af->nvls; i++) { ++ if (af->pf.addr == af->vls[i].point.address) ++ return true; ++ } ++ return false; ++ ++} ++ + /* Add a found vars into available variables list */ + static int add_available_vars(Dwarf_Die *sc_die, struct probe_finder *pf) + { +@@ -1341,6 +1353,14 @@ static int add_available_vars(Dwarf_Die *sc_die, struct probe_finder *pf) + Dwarf_Die die_mem; + int ret; + ++ /* ++ * For some reason (e.g. different column assigned to same address), ++ * this callback can be called with the address which already passed. ++ * Ignore it first. ++ */ ++ if (available_var_finder_overlap(af)) ++ return 0; ++ + /* Check number of tevs */ + if (af->nvls == af->max_vls) { + pr_warning("Too many( > %d) probe point found.\n", af->max_vls); +-- +2.20.1 + diff --git a/queue-4.4/perf-probe-walk-function-lines-in-lexical-blocks.patch b/queue-4.4/perf-probe-walk-function-lines-in-lexical-blocks.patch new file mode 100644 index 00000000000..458516bcc23 --- /dev/null +++ b/queue-4.4/perf-probe-walk-function-lines-in-lexical-blocks.patch @@ -0,0 +1,76 @@ +From 539d1e3556146e5dbb0710adafd2d00dd2131843 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 24 Oct 2019 18:12:45 +0900 +Subject: perf probe: Walk function lines in lexical blocks + +From: Masami Hiramatsu + +[ Upstream commit acb6a7047ac2146b723fef69ee1ab6b7143546bf ] + +Since some inlined functions are in lexical blocks of given function, we +have to recursively walk through the DIE tree. Without this fix, +perf-probe -L can miss the inlined functions which is in a lexical block +(like if (..) { func() } case.) + +However, even though, to walk the lines in a given function, we don't +need to follow the children DIE of inlined functions because those do +not have any lines in the specified function. + +We need to walk though whole trees only if we walk all lines in a given +file, because an inlined function can include another inlined function +in the same file. + +Fixes: b0e9cb2802d4 ("perf probe: Fix to search nested inlined functions in CU") +Signed-off-by: Masami Hiramatsu +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157190836514.1859.15996864849678136353.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index af78d6fc8d12..ef6fa620a426 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -664,10 +664,9 @@ static int __die_walk_funclines_cb(Dwarf_Die *in_die, void *data) + if (lw->retval != 0) + return DIE_FIND_CB_END; + } ++ if (!lw->recursive) ++ return DIE_FIND_CB_SIBLING; + } +- if (!lw->recursive) +- /* Don't need to search recursively */ +- return DIE_FIND_CB_SIBLING; + + if (addr) { + fname = dwarf_decl_file(in_die); +@@ -714,6 +713,10 @@ static int __die_walk_culines_cb(Dwarf_Die *sp_die, void *data) + { + struct __line_walk_param *lw = data; + ++ /* ++ * Since inlined function can include another inlined function in ++ * the same file, we need to walk in it recursively. ++ */ + lw->retval = __die_walk_funclines(sp_die, true, lw->callback, lw->data); + if (lw->retval != 0) + return DWARF_CB_ABORT; +@@ -803,8 +806,9 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + */ + if (rt_die != cu_die) + /* +- * Don't need walk functions recursively, because nested +- * inlined functions don't have lines of the specified DIE. ++ * Don't need walk inlined functions recursively, because ++ * inner inlined functions don't have the lines of the ++ * specified function. + */ + ret = __die_walk_funclines(rt_die, false, callback, data); + else { +-- +2.20.1 + diff --git a/queue-4.4/perf-report-add-warning-when-libunwind-not-compiled-.patch b/queue-4.4/perf-report-add-warning-when-libunwind-not-compiled-.patch new file mode 100644 index 00000000000..a37969e1947 --- /dev/null +++ b/queue-4.4/perf-report-add-warning-when-libunwind-not-compiled-.patch @@ -0,0 +1,58 @@ +From 2c56d3c3f5ca31b05292b85faac49469db679b17 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Oct 2019 10:21:22 +0800 +Subject: perf report: Add warning when libunwind not compiled in + +From: Jin Yao + +[ Upstream commit 800d3f561659b5436f8c57e7c26dd1f6928b5615 ] + +We received a user report that call-graph DWARF mode was enabled in +'perf record' but 'perf report' didn't unwind the callstack correctly. +The reason was, libunwind was not compiled in. + +We can use 'perf -vv' to check the compiled libraries but it would be +valuable to report a warning to user directly (especially valuable for +a perf newbie). + +The warning is: + +Warning: +Please install libunwind development packages during the perf build. + +Both TUI and stdio are supported. + +Signed-off-by: Jin Yao +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: Kan Liang +Cc: Peter Zijlstra +Link: http://lore.kernel.org/lkml/20191011022122.26369-1-yao.jin@linux.intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/builtin-report.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c +index f256fac1e722..0f7ebac1846b 100644 +--- a/tools/perf/builtin-report.c ++++ b/tools/perf/builtin-report.c +@@ -285,6 +285,13 @@ static int report__setup_sample_type(struct report *rep) + PERF_SAMPLE_BRANCH_ANY)) + rep->nonany_branch_mode = true; + ++#ifndef HAVE_LIBUNWIND_SUPPORT ++ if (dwarf_callchain_users) { ++ ui__warning("Please install libunwind development packages " ++ "during the perf build.\n"); ++ } ++#endif ++ + return 0; + } + +-- +2.20.1 + diff --git a/queue-4.4/pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch b/queue-4.4/pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch new file mode 100644 index 00000000000..c89d039c216 --- /dev/null +++ b/queue-4.4/pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch @@ -0,0 +1,64 @@ +From 5a554f2495adf31ba4ed039efe98af4f26157222 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 24 Oct 2019 15:13:08 +0200 +Subject: pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B + +From: Geert Uytterhoeven + +[ Upstream commit 884caadad128efad8e00c1cdc3177bc8912ee8ec ] + +The definitions for bit field [19:18] of the Peripheral Function Select +Register 3 were accidentally copied from bit field [20], leading to +duplicates for the TCLK1_B function, and missing TCLK0, CAN_CLK_B, and +ET0_ETXD4 functions. + +Fix this by adding the missing GPIO_FN_CAN_CLK_B and GPIO_FN_ET0_ETXD4 +enum values, and correcting the functions. + +Reported-by: Ben Dooks +Signed-off-by: Geert Uytterhoeven +Link: https://lore.kernel.org/r/20191024131308.16659-1-geert+renesas@glider.be +Signed-off-by: Sasha Levin +--- + arch/sh/include/cpu-sh4/cpu/sh7734.h | 2 +- + drivers/pinctrl/sh-pfc/pfc-sh7734.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/sh/include/cpu-sh4/cpu/sh7734.h b/arch/sh/include/cpu-sh4/cpu/sh7734.h +index 2fb9a7b71b41..a2667c9b5819 100644 +--- a/arch/sh/include/cpu-sh4/cpu/sh7734.h ++++ b/arch/sh/include/cpu-sh4/cpu/sh7734.h +@@ -133,7 +133,7 @@ enum { + GPIO_FN_EX_WAIT1, GPIO_FN_SD1_DAT0_A, GPIO_FN_DREQ2, GPIO_FN_CAN1_TX_C, + GPIO_FN_ET0_LINK_C, GPIO_FN_ET0_ETXD5_A, + GPIO_FN_EX_WAIT0, GPIO_FN_TCLK1_B, +- GPIO_FN_RD_WR, GPIO_FN_TCLK0, ++ GPIO_FN_RD_WR, GPIO_FN_TCLK0, GPIO_FN_CAN_CLK_B, GPIO_FN_ET0_ETXD4, + GPIO_FN_EX_CS5, GPIO_FN_SD1_CMD_A, GPIO_FN_ATADIR, GPIO_FN_QSSL_B, + GPIO_FN_ET0_ETXD3_A, + GPIO_FN_EX_CS4, GPIO_FN_SD1_WP_A, GPIO_FN_ATAWR, GPIO_FN_QMI_QIO1_B, +diff --git a/drivers/pinctrl/sh-pfc/pfc-sh7734.c b/drivers/pinctrl/sh-pfc/pfc-sh7734.c +index c691b2e34374..ab09d385f95d 100644 +--- a/drivers/pinctrl/sh-pfc/pfc-sh7734.c ++++ b/drivers/pinctrl/sh-pfc/pfc-sh7734.c +@@ -1458,7 +1458,7 @@ static const struct pinmux_func pinmux_func_gpios[] = { + GPIO_FN(ET0_ETXD2_A), + GPIO_FN(EX_CS5), GPIO_FN(SD1_CMD_A), GPIO_FN(ATADIR), GPIO_FN(QSSL_B), + GPIO_FN(ET0_ETXD3_A), +- GPIO_FN(RD_WR), GPIO_FN(TCLK1_B), ++ GPIO_FN(RD_WR), GPIO_FN(TCLK0), GPIO_FN(CAN_CLK_B), GPIO_FN(ET0_ETXD4), + GPIO_FN(EX_WAIT0), GPIO_FN(TCLK1_B), + GPIO_FN(EX_WAIT1), GPIO_FN(SD1_DAT0_A), GPIO_FN(DREQ2), + GPIO_FN(CAN1_TX_C), GPIO_FN(ET0_LINK_C), GPIO_FN(ET0_ETXD5_A), +@@ -1954,7 +1954,7 @@ static const struct pinmux_cfg_reg pinmux_config_regs[] = { + /* IP3_20 [1] */ + FN_EX_WAIT0, FN_TCLK1_B, + /* IP3_19_18 [2] */ +- FN_RD_WR, FN_TCLK1_B, 0, 0, ++ FN_RD_WR, FN_TCLK0, FN_CAN_CLK_B, FN_ET0_ETXD4, + /* IP3_17_15 [3] */ + FN_EX_CS5, FN_SD1_CMD_A, FN_ATADIR, FN_QSSL_B, + FN_ET0_ETXD3_A, 0, 0, 0, +-- +2.20.1 + diff --git a/queue-4.4/regulator-max8907-fix-the-usage-of-uninitialized-var.patch b/queue-4.4/regulator-max8907-fix-the-usage-of-uninitialized-var.patch new file mode 100644 index 00000000000..048bc5f224a --- /dev/null +++ b/queue-4.4/regulator-max8907-fix-the-usage-of-uninitialized-var.patch @@ -0,0 +1,65 @@ +From ab49b7f5bbb19558056658840aee202c3ddf0631 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Oct 2019 10:58:13 -0700 +Subject: regulator: max8907: Fix the usage of uninitialized variable in + max8907_regulator_probe() + +From: Yizhuo + +[ Upstream commit 472b39c3d1bba0616eb0e9a8fa3ad0f56927c7d7 ] + +Inside function max8907_regulator_probe(), variable val could +be uninitialized if regmap_read() fails. However, val is used +later in the if statement to decide the content written to +"pmic", which is potentially unsafe. + +Signed-off-by: Yizhuo +Link: https://lore.kernel.org/r/20191003175813.16415-1-yzhai003@ucr.edu +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/regulator/max8907-regulator.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/drivers/regulator/max8907-regulator.c b/drivers/regulator/max8907-regulator.c +index 5e941db5ccaf..c7e70cfb581f 100644 +--- a/drivers/regulator/max8907-regulator.c ++++ b/drivers/regulator/max8907-regulator.c +@@ -299,7 +299,10 @@ static int max8907_regulator_probe(struct platform_device *pdev) + memcpy(pmic->desc, max8907_regulators, sizeof(pmic->desc)); + + /* Backwards compatibility with MAX8907B; SD1 uses different voltages */ +- regmap_read(max8907->regmap_gen, MAX8907_REG_II2RR, &val); ++ ret = regmap_read(max8907->regmap_gen, MAX8907_REG_II2RR, &val); ++ if (ret) ++ return ret; ++ + if ((val & MAX8907_II2RR_VERSION_MASK) == + MAX8907_II2RR_VERSION_REV_B) { + pmic->desc[MAX8907_SD1].min_uV = 637500; +@@ -336,14 +339,20 @@ static int max8907_regulator_probe(struct platform_device *pdev) + } + + if (pmic->desc[i].ops == &max8907_ldo_ops) { +- regmap_read(config.regmap, pmic->desc[i].enable_reg, ++ ret = regmap_read(config.regmap, pmic->desc[i].enable_reg, + &val); ++ if (ret) ++ return ret; ++ + if ((val & MAX8907_MASK_LDO_SEQ) != + MAX8907_MASK_LDO_SEQ) + pmic->desc[i].ops = &max8907_ldo_hwctl_ops; + } else if (pmic->desc[i].ops == &max8907_out5v_ops) { +- regmap_read(config.regmap, pmic->desc[i].enable_reg, ++ ret = regmap_read(config.regmap, pmic->desc[i].enable_reg, + &val); ++ if (ret) ++ return ret; ++ + if ((val & (MAX8907_MASK_OUT5V_VINEN | + MAX8907_MASK_OUT5V_ENSRC)) != + MAX8907_MASK_OUT5V_ENSRC) +-- +2.20.1 + diff --git a/queue-4.4/rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch b/queue-4.4/rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch new file mode 100644 index 00000000000..dc0002338e1 --- /dev/null +++ b/queue-4.4/rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch @@ -0,0 +1,64 @@ +From c4255da4915dca37ae7800958d1a46869865c0bc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 10:18:38 +0800 +Subject: rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() + +From: Ping-Ke Shih + +[ Upstream commit 5174f1e41074b5186608badc2e89441d021e8c08 ] + +This leak was found by testing the EDIMAX EW-7612 on Raspberry Pi 3B+ with +Linux 5.4-rc5 (multi_v7_defconfig + rtlwifi + kmemleak) and noticed a +single memory leak during probe: + +unreferenced object 0xec13ee40 (size 176): + comm "kworker/u8:1", pid 36, jiffies 4294939321 (age 5580.790s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [] __netdev_alloc_skb+0x9c/0x164 + [<863dfa6e>] rtl92c_set_fw_rsvdpagepkt+0x254/0x340 [rtl8192c_common] + [<9572be0d>] rtl92cu_set_hw_reg+0xf48/0xfa4 [rtl8192cu] + [<116df4d8>] rtl_op_bss_info_changed+0x234/0x96c [rtlwifi] + [<8933575f>] ieee80211_bss_info_change_notify+0xb8/0x264 [mac80211] + [] ieee80211_assoc_success+0x934/0x1798 [mac80211] + [] ieee80211_rx_mgmt_assoc_resp+0x174/0x314 [mac80211] + [<5974629e>] ieee80211_sta_rx_queued_mgmt+0x3f4/0x7f0 [mac80211] + [] ieee80211_iface_work+0x208/0x318 [mac80211] + [] process_one_work+0x22c/0x564 + [] worker_thread+0x44/0x5d8 + [<82c7b073>] kthread+0x150/0x154 + [] ret_from_fork+0x14/0x2c + [<794dff30>] 0x0 + +It is because 8192cu doesn't implement usb_cmd_send_packet(), and this +patch just frees the skb within the function to resolve memleak problem +by now. Since 8192cu doesn't turn on fwctrl_lps that needs to download +command packet for firmware via the function, applying this patch doesn't +affect driver behavior. + +Reported-by: Stefan Wahren +Signed-off-by: Ping-Ke Shih +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c +index 34ce06441d1b..137d7c8645da 100644 +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c +@@ -1601,6 +1601,8 @@ static bool usb_cmd_send_packet(struct ieee80211_hw *hw, struct sk_buff *skb) + * This is maybe necessary: + * rtlpriv->cfg->ops->fill_tx_cmddesc(hw, buffer, 1, 1, skb); + */ ++ dev_kfree_skb(skb); ++ + return true; + } + +-- +2.20.1 + diff --git a/queue-4.4/rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch b/queue-4.4/rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch new file mode 100644 index 00000000000..872348356d4 --- /dev/null +++ b/queue-4.4/rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch @@ -0,0 +1,47 @@ +From b2a95a7b7fc2479a24f65d7477444fafd5f6994c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Sep 2019 20:20:21 -0500 +Subject: rtlwifi: prevent memory leak in rtl_usb_probe + +From: Navid Emamdoost + +[ Upstream commit 3f93616951138a598d930dcaec40f2bfd9ce43bb ] + +In rtl_usb_probe if allocation for usb_data fails the allocated hw +should be released. In addition the allocated rtlpriv->usb_data should +be released on error handling path. + +Signed-off-by: Navid Emamdoost +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/realtek/rtlwifi/usb.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c +index ad8390d2997b..9408c1f8e397 100644 +--- a/drivers/net/wireless/realtek/rtlwifi/usb.c ++++ b/drivers/net/wireless/realtek/rtlwifi/usb.c +@@ -1094,8 +1094,10 @@ int rtl_usb_probe(struct usb_interface *intf, + rtlpriv->hw = hw; + rtlpriv->usb_data = kzalloc(RTL_USB_MAX_RX_COUNT * sizeof(u32), + GFP_KERNEL); +- if (!rtlpriv->usb_data) ++ if (!rtlpriv->usb_data) { ++ ieee80211_free_hw(hw); + return -ENOMEM; ++ } + + /* this spin lock must be initialized early */ + spin_lock_init(&rtlpriv->locks.usb_lock); +@@ -1158,6 +1160,7 @@ error_out: + _rtl_usb_io_handler_release(hw); + usb_put_dev(udev); + complete(&rtlpriv->firmware_loading_complete); ++ kfree(rtlpriv->usb_data); + return -ENODEV; + } + EXPORT_SYMBOL(rtl_usb_probe); +-- +2.20.1 + diff --git a/queue-4.4/samples-pktgen-fix-proc_cmd-command-result-check-log.patch b/queue-4.4/samples-pktgen-fix-proc_cmd-command-result-check-log.patch new file mode 100644 index 00000000000..446e0b81911 --- /dev/null +++ b/queue-4.4/samples-pktgen-fix-proc_cmd-command-result-check-log.patch @@ -0,0 +1,82 @@ +From eb89bfdba8f1150bbf5ebb70e15a968f556ddc80 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 5 Oct 2019 17:25:07 +0900 +Subject: samples: pktgen: fix proc_cmd command result check logic + +From: Daniel T. Lee + +[ Upstream commit 3cad8f911575191fb3b81d8ed0e061e30f922223 ] + +Currently, proc_cmd is used to dispatch command to 'pg_ctrl', 'pg_thread', +'pg_set'. proc_cmd is designed to check command result with grep the +"Result:", but this might fail since this string is only shown in +'pg_thread' and 'pg_set'. + +This commit fixes this logic by grep-ing the "Result:" string only when +the command is not for 'pg_ctrl'. + +For clarity of an execution flow, 'errexit' flag has been set. + +To cleanup pktgen on exit, trap has been added for EXIT signal. + +Signed-off-by: Daniel T. Lee +Acked-by: Jesper Dangaard Brouer +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + samples/pktgen/functions.sh | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/samples/pktgen/functions.sh b/samples/pktgen/functions.sh +index 205e4cde4601..065a7e296ee3 100644 +--- a/samples/pktgen/functions.sh ++++ b/samples/pktgen/functions.sh +@@ -5,6 +5,8 @@ + # Author: Jesper Dangaaard Brouer + # License: GPL + ++set -o errexit ++ + ## -- General shell logging cmds -- + function err() { + local exitcode=$1 +@@ -58,6 +60,7 @@ function pg_set() { + function proc_cmd() { + local result + local proc_file=$1 ++ local status=0 + # after shift, the remaining args are contained in $@ + shift + local proc_ctrl=${PROC_DIR}/$proc_file +@@ -73,13 +76,13 @@ function proc_cmd() { + echo "cmd: $@ > $proc_ctrl" + fi + # Quoting of "$@" is important for space expansion +- echo "$@" > "$proc_ctrl" +- local status=$? ++ echo "$@" > "$proc_ctrl" || status=$? + +- result=$(grep "Result: OK:" $proc_ctrl) +- # Due to pgctrl, cannot use exit code $? from grep +- if [[ "$result" == "" ]]; then +- grep "Result:" $proc_ctrl >&2 ++ if [[ "$proc_file" != "pgctrl" ]]; then ++ result=$(grep "Result: OK:" $proc_ctrl) || true ++ if [[ "$result" == "" ]]; then ++ grep "Result:" $proc_ctrl >&2 ++ fi + fi + if (( $status != 0 )); then + err 5 "Write error($status) occurred cmd: \"$@ > $proc_ctrl\"" +@@ -105,6 +108,8 @@ function pgset() { + fi + } + ++[[ $EUID -eq 0 ]] && trap 'pg_ctrl "reset"' EXIT ++ + ## -- General shell tricks -- + + function root_check_run_with_sudo() { +-- +2.20.1 + diff --git a/queue-4.4/series b/queue-4.4/series new file mode 100644 index 00000000000..ce8027dc090 --- /dev/null +++ b/queue-4.4/series @@ -0,0 +1,63 @@ +drm-mst-fix-query_payload-ack-reply-struct.patch +iio-light-bh1750-resolve-compiler-warning-and-make-c.patch +spi-add-call-to-spi_slave_abort-function-when-spidev.patch +staging-rtl8188eu-fix-possible-null-dereference.patch +rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch +ib-iser-bound-protection_sg-size-by-data_sg-size.patch +media-am437x-vpfe-setting-std-to-current-value-is-no.patch +media-i2c-ov2659-fix-s_stream-return-value.patch +media-i2c-ov2659-fix-missing-720p-register-config.patch +media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch +tools-power-cpupower-fix-initializer-override-in-hsw.patch +usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch +hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch +regulator-max8907-fix-the-usage-of-uninitialized-var.patch +media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch +samples-pktgen-fix-proc_cmd-command-result-check-log.patch +mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch +media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch +media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch +media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch +extcon-sm5502-reset-registers-during-initialization.patch +x86-mm-use-the-correct-function-type-for-native_set_.patch +perf-report-add-warning-when-libunwind-not-compiled-.patch +iio-adc-max1027-reset-the-device-at-probe-time.patch +bluetooth-hci_core-fix-init-for-hci_user_channel.patch +drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch +x86-ioapic-prevent-inconsistent-state-when-moving-an.patch +arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch +libata-ensure-ata_port-probe-has-completed-before-de.patch +pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch +bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch +spi-img-spfi-fix-potential-double-release.patch +rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch +perf-probe-fix-to-find-range-only-function-instance.patch +perf-probe-fix-to-list-probe-event-with-correct-line.patch +perf-probe-walk-function-lines-in-lexical-blocks.patch +perf-probe-fix-to-probe-an-inline-function-which-has.patch +perf-probe-fix-to-show-ranges-of-variables-in-functi.patch +perf-probe-fix-to-show-inlined-function-callsite-wit.patch +perf-probe-skip-overlapped-location-on-searching-var.patch +perf-probe-return-a-better-scope-die-if-there-is-no-.patch +perf-probe-fix-to-show-calling-lines-of-inlined-func.patch +perf-probe-skip-end-of-sequence-and-non-statement-li.patch +perf-probe-filter-out-instances-except-for-inlined-s.patch +ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch +media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch +media-si470x-i2c-add-missed-operations-in-remove.patch +edac-ghes-fix-grain-calculation.patch +spi-pxa2xx-add-missed-security-checks.patch +asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch +parport-load-lowlevel-driver-if-ports-not-found.patch +cpufreq-register-drivers-only-after-cpu-devices-have.patch +x86-crash-add-a-forward-declaration-of-struct-kimage.patch +spi-tegra20-slink-add-missed-clk_unprepare.patch +btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch +iwlwifi-check-kasprintf-return-value.patch +fbtft-make-sure-string-is-null-terminated.patch +crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch +crypto-vmx-avoid-weird-build-failures.patch +libtraceevent-fix-memory-leakage-in-copy_filter_type.patch +perf-parse-fix-potential-memory-leak-when-handling-t.patch +perf-intel-bts-does-not-support-aux-area-sampling.patch +net-phy-initialise-phydev-speed-and-duplex-sanely.patch diff --git a/queue-4.4/spi-add-call-to-spi_slave_abort-function-when-spidev.patch b/queue-4.4/spi-add-call-to-spi_slave_abort-function-when-spidev.patch new file mode 100644 index 00000000000..d3170537ad1 --- /dev/null +++ b/queue-4.4/spi-add-call-to-spi_slave_abort-function-when-spidev.patch @@ -0,0 +1,50 @@ +From b5513fd47fb246e1e1dde34ce7bdd3de095efdd6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 11:11:42 +0200 +Subject: spi: Add call to spi_slave_abort() function when spidev driver is + released + +From: Lukasz Majewski + +[ Upstream commit 9f918a728cf86b2757b6a7025e1f46824bfe3155 ] + +This change is necessary for spidev devices (e.g. /dev/spidev3.0) working +in the slave mode (like NXP's dspi driver for Vybrid SoC). + +When SPI HW works in this mode - the master is responsible for providing +CS and CLK signals. However, when some fault happens - like for example +distortion on SPI lines - the SPI Linux driver needs a chance to recover +from this abnormal situation and prepare itself for next (correct) +transmission. + +This change doesn't pose any threat on drivers working in master mode as +spi_slave_abort() function checks if SPI slave mode is supported. + +Signed-off-by: Lukasz Majewski +Link: https://lore.kernel.org/r/20190924110547.14770-2-lukma@denx.de +Signed-off-by: Mark Brown +Reported-by: kbuild test robot +Link: https://lore.kernel.org/r/20190925091143.15468-2-lukma@denx.de +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spidev.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c +index c5f1045561ac..3709088d4d24 100644 +--- a/drivers/spi/spidev.c ++++ b/drivers/spi/spidev.c +@@ -662,6 +662,9 @@ static int spidev_release(struct inode *inode, struct file *filp) + if (dofree) + kfree(spidev); + } ++#ifdef CONFIG_SPI_SLAVE ++ spi_slave_abort(spidev->spi); ++#endif + mutex_unlock(&device_list_lock); + + return 0; +-- +2.20.1 + diff --git a/queue-4.4/spi-img-spfi-fix-potential-double-release.patch b/queue-4.4/spi-img-spfi-fix-potential-double-release.patch new file mode 100644 index 00000000000..64544730f9f --- /dev/null +++ b/queue-4.4/spi-img-spfi-fix-potential-double-release.patch @@ -0,0 +1,39 @@ +From 7f4e4eccf26d63569af7149b45bade57163e0651 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 10:36:09 +0800 +Subject: spi: img-spfi: fix potential double release + +From: Pan Bian + +[ Upstream commit e9a8ba9769a0e354341bc6cc01b98aadcea1dfe9 ] + +The channels spfi->tx_ch and spfi->rx_ch are not set to NULL after they +are released. As a result, they will be released again, either on the +error handling branch in the same function or in the corresponding +remove function, i.e. img_spfi_remove(). This patch fixes the bug by +setting the two members to NULL. + +Signed-off-by: Pan Bian +Link: https://lore.kernel.org/r/1573007769-20131-1-git-send-email-bianpan2016@163.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-img-spfi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/spi/spi-img-spfi.c b/drivers/spi/spi-img-spfi.c +index 823cbc92d1e7..c46c0738c734 100644 +--- a/drivers/spi/spi-img-spfi.c ++++ b/drivers/spi/spi-img-spfi.c +@@ -673,6 +673,8 @@ static int img_spfi_probe(struct platform_device *pdev) + dma_release_channel(spfi->tx_ch); + if (spfi->rx_ch) + dma_release_channel(spfi->rx_ch); ++ spfi->tx_ch = NULL; ++ spfi->rx_ch = NULL; + dev_warn(spfi->dev, "Failed to get DMA channels, falling back to PIO mode\n"); + } else { + master->dma_tx = spfi->tx_ch; +-- +2.20.1 + diff --git a/queue-4.4/spi-pxa2xx-add-missed-security-checks.patch b/queue-4.4/spi-pxa2xx-add-missed-security-checks.patch new file mode 100644 index 00000000000..b21a2d0b2c8 --- /dev/null +++ b/queue-4.4/spi-pxa2xx-add-missed-security-checks.patch @@ -0,0 +1,45 @@ +From 7ef90ffd081e07ef5619294a7a28b39b4027cff7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 9 Nov 2019 16:09:43 +0800 +Subject: spi: pxa2xx: Add missed security checks + +From: Chuhong Yuan + +[ Upstream commit 5eb263ef08b5014cfc2539a838f39d2fd3531423 ] + +pxa2xx_spi_init_pdata misses checks for devm_clk_get and +platform_get_irq. +Add checks for them to fix the bugs. + +Since ssp->clk and ssp->irq are used in probe, they are mandatory here. +So we cannot use _optional() for devm_clk_get and platform_get_irq. + +Signed-off-by: Chuhong Yuan +Link: https://lore.kernel.org/r/20191109080943.30428-1-hslester96@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-pxa2xx.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c +index 193aa3da5033..96ed01cb6489 100644 +--- a/drivers/spi/spi-pxa2xx.c ++++ b/drivers/spi/spi-pxa2xx.c +@@ -1425,7 +1425,13 @@ pxa2xx_spi_init_pdata(struct platform_device *pdev) + } + + ssp->clk = devm_clk_get(&pdev->dev, NULL); ++ if (IS_ERR(ssp->clk)) ++ return NULL; ++ + ssp->irq = platform_get_irq(pdev, 0); ++ if (ssp->irq < 0) ++ return NULL; ++ + ssp->type = type; + ssp->pdev = pdev; + ssp->port_id = pxa2xx_spi_get_port_id(adev); +-- +2.20.1 + diff --git a/queue-4.4/spi-tegra20-slink-add-missed-clk_unprepare.patch b/queue-4.4/spi-tegra20-slink-add-missed-clk_unprepare.patch new file mode 100644 index 00000000000..e138be60e01 --- /dev/null +++ b/queue-4.4/spi-tegra20-slink-add-missed-clk_unprepare.patch @@ -0,0 +1,53 @@ +From 2752a766fb7e1c878d11eb65e8eebd31f5b8721d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Nov 2019 16:31:22 +0800 +Subject: spi: tegra20-slink: add missed clk_unprepare + +From: Chuhong Yuan + +[ Upstream commit 04358e40ba96d687c0811c21d9dede73f5244a98 ] + +The driver misses calling clk_unprepare in probe failure and remove. +Add the calls to fix it. + +Signed-off-by: Chuhong Yuan +Link: https://lore.kernel.org/r/20191115083122.12278-1-hslester96@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-tegra20-slink.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/spi/spi-tegra20-slink.c b/drivers/spi/spi-tegra20-slink.c +index af2880d0c112..cf2a329fd895 100644 +--- a/drivers/spi/spi-tegra20-slink.c ++++ b/drivers/spi/spi-tegra20-slink.c +@@ -1078,7 +1078,7 @@ static int tegra_slink_probe(struct platform_device *pdev) + ret = clk_enable(tspi->clk); + if (ret < 0) { + dev_err(&pdev->dev, "Clock enable failed %d\n", ret); +- goto exit_free_master; ++ goto exit_clk_unprepare; + } + + spi_irq = platform_get_irq(pdev, 0); +@@ -1151,6 +1151,8 @@ exit_free_irq: + free_irq(spi_irq, tspi); + exit_clk_disable: + clk_disable(tspi->clk); ++exit_clk_unprepare: ++ clk_unprepare(tspi->clk); + exit_free_master: + spi_master_put(master); + return ret; +@@ -1164,6 +1166,7 @@ static int tegra_slink_remove(struct platform_device *pdev) + free_irq(tspi->irq, tspi); + + clk_disable(tspi->clk); ++ clk_unprepare(tspi->clk); + + if (tspi->tx_dma_chan) + tegra_slink_deinit_dma_param(tspi, false); +-- +2.20.1 + diff --git a/queue-4.4/staging-rtl8188eu-fix-possible-null-dereference.patch b/queue-4.4/staging-rtl8188eu-fix-possible-null-dereference.patch new file mode 100644 index 00000000000..05022479ea4 --- /dev/null +++ b/queue-4.4/staging-rtl8188eu-fix-possible-null-dereference.patch @@ -0,0 +1,54 @@ +From 1b76363c6e6c9a61060a7eae2f84d9eef5a3b756 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Sep 2019 08:03:17 -0700 +Subject: staging: rtl8188eu: fix possible null dereference + +From: Connor Kuehl + +[ Upstream commit 228241944a48113470d3c3b46c88ba7fbe0a274b ] + +Inside a nested 'else' block at the beginning of this function is a +call that assigns 'psta' to the return value of 'rtw_get_stainfo()'. +If 'rtw_get_stainfo()' returns NULL and the flow of control reaches +the 'else if' where 'psta' is dereferenced, then we will dereference +a NULL pointer. + +Fix this by checking if 'psta' is not NULL before reading its +'psta->qos_option' data member. + +Addresses-Coverity: ("Dereference null return value") + +Signed-off-by: Connor Kuehl +Acked-by: Larry Finger +Link: https://lore.kernel.org/r/20190926150317.5894-1-connor.kuehl@canonical.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/rtl8188eu/core/rtw_xmit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/staging/rtl8188eu/core/rtw_xmit.c b/drivers/staging/rtl8188eu/core/rtw_xmit.c +index cabb810369bd..c6bf8933648d 100644 +--- a/drivers/staging/rtl8188eu/core/rtw_xmit.c ++++ b/drivers/staging/rtl8188eu/core/rtw_xmit.c +@@ -822,7 +822,7 @@ s32 rtw_make_wlanhdr(struct adapter *padapter, u8 *hdr, struct pkt_attrib *pattr + memcpy(pwlanhdr->addr2, get_bssid(pmlmepriv), ETH_ALEN); + memcpy(pwlanhdr->addr3, pattrib->src, ETH_ALEN); + +- if (psta->qos_option) ++ if (psta && psta->qos_option) + qos_option = true; + } else if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) || + check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) { +@@ -830,7 +830,7 @@ s32 rtw_make_wlanhdr(struct adapter *padapter, u8 *hdr, struct pkt_attrib *pattr + memcpy(pwlanhdr->addr2, pattrib->src, ETH_ALEN); + memcpy(pwlanhdr->addr3, get_bssid(pmlmepriv), ETH_ALEN); + +- if (psta->qos_option) ++ if (psta && psta->qos_option) + qos_option = true; + } else { + RT_TRACE(_module_rtl871x_xmit_c_, _drv_err_, ("fw_state:%x is not allowed to xmit frame\n", get_fwstate(pmlmepriv))); +-- +2.20.1 + diff --git a/queue-4.4/tools-power-cpupower-fix-initializer-override-in-hsw.patch b/queue-4.4/tools-power-cpupower-fix-initializer-override-in-hsw.patch new file mode 100644 index 00000000000..cdbb3f6cd58 --- /dev/null +++ b/queue-4.4/tools-power-cpupower-fix-initializer-override-in-hsw.patch @@ -0,0 +1,63 @@ +From d1ae04e5ca45bf7837fdcb128980baceef4ca244 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Sep 2019 09:26:42 -0700 +Subject: tools/power/cpupower: Fix initializer override in hsw_ext_cstates + +From: Nathan Chancellor + +[ Upstream commit 7e5705c635ecfccde559ebbbe1eaf05b5cc60529 ] + +When building cpupower with clang, the following warning appears: + + utils/idle_monitor/hsw_ext_idle.c:42:16: warning: initializer overrides + prior initialization of this subobject [-Winitializer-overrides] + .desc = N_("Processor Package C2"), + ^~~~~~~~~~~~~~~~~~~~~~ + ./utils/helpers/helpers.h:25:33: note: expanded from macro 'N_' + #define N_(String) gettext_noop(String) + ^~~~~~ + ./utils/helpers/helpers.h:23:30: note: expanded from macro + 'gettext_noop' + #define gettext_noop(String) String + ^~~~~~ + utils/idle_monitor/hsw_ext_idle.c:41:16: note: previous initialization + is here + .desc = N_("Processor Package C9"), + ^~~~~~~~~~~~~~~~~~~~~~ + ./utils/helpers/helpers.h:25:33: note: expanded from macro 'N_' + #define N_(String) gettext_noop(String) + ^~~~~~ + ./utils/helpers/helpers.h:23:30: note: expanded from macro + 'gettext_noop' + #define gettext_noop(String) String + ^~~~~~ + 1 warning generated. + +This appears to be a copy and paste or merge mistake because the name +and id fields both have PC9 in them, not PC2. Remove the second +assignment to fix the warning. + +Fixes: 7ee767b69b68 ("cpupower: Add Haswell family 0x45 specific idle monitor to show PC8,9,10 states") +Link: https://github.com/ClangBuiltLinux/linux/issues/718 +Signed-off-by: Nathan Chancellor +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c b/tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c +index ebeaba6571a3..475e18e04318 100644 +--- a/tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c ++++ b/tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c +@@ -40,7 +40,6 @@ static cstate_t hsw_ext_cstates[HSW_EXT_CSTATE_COUNT] = { + { + .name = "PC9", + .desc = N_("Processor Package C9"), +- .desc = N_("Processor Package C2"), + .id = PC9, + .range = RANGE_PACKAGE, + .get_count_percent = hsw_ext_get_count_percent, +-- +2.20.1 + diff --git a/queue-4.4/usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch b/queue-4.4/usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch new file mode 100644 index 00000000000..e5d4dfefc32 --- /dev/null +++ b/queue-4.4/usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch @@ -0,0 +1,89 @@ +From 46acf7c4ab54b3bd23a55d44ce59bc17679c5e6e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 11 Sep 2019 15:15:56 +0200 +Subject: usb: renesas_usbhs: add suspend event support in gadget mode + +From: Veeraiyan Chidambaram + +[ Upstream commit 39abcc84846bbc0538f13c190b6a9c7e36890cd2 ] + +When R-Car Gen3 USB 2.0 is in Gadget mode, if host is detached an interrupt +will be generated and Suspended state bit is set in interrupt status +register. Interrupt handler will call driver->suspend(composite_suspend) +if suspended state bit is set. composite_suspend will call +ffs_func_suspend which will post FUNCTIONFS_SUSPEND and will be consumed +by user space application via /dev/ep0. + +To be able to detect host detach, extend the DVSQ_MASK to cover the +Suspended bit of the DVSQ[2:0] bitfield from the Interrupt Status +Register 0 (INTSTS0) register and perform appropriate action in the +DVST interrupt handler (usbhsg_irq_dev_state). + +Without this commit, disconnection of the phone from R-Car-H3 ES2.0 +Salvator-X CN9 port is not recognized and reverse role switch does +not happen. If phone is connected again it does not enumerate. + +With this commit, disconnection will be recognized and reverse role +switch will happen by a user space application. If phone is connected +again it will enumerate properly and will become visible in the output +of 'lsusb'. + +Signed-off-by: Veeraiyan Chidambaram +Signed-off-by: Eugeniu Rosca +Reviewed-by: Yoshihiro Shimoda +Tested-by: Yoshihiro Shimoda +Link: https://lore.kernel.org/r/1568207756-22325-3-git-send-email-external.veeraiyan.c@de.adit-jv.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/renesas_usbhs/common.h | 3 ++- + drivers/usb/renesas_usbhs/mod_gadget.c | 12 +++++++++--- + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/drivers/usb/renesas_usbhs/common.h b/drivers/usb/renesas_usbhs/common.h +index b8620aa6b72e..8424c165f732 100644 +--- a/drivers/usb/renesas_usbhs/common.h ++++ b/drivers/usb/renesas_usbhs/common.h +@@ -163,11 +163,12 @@ struct usbhs_priv; + #define VBSTS (1 << 7) /* VBUS_0 and VBUSIN_0 Input Status */ + #define VALID (1 << 3) /* USB Request Receive */ + +-#define DVSQ_MASK (0x3 << 4) /* Device State */ ++#define DVSQ_MASK (0x7 << 4) /* Device State */ + #define POWER_STATE (0 << 4) + #define DEFAULT_STATE (1 << 4) + #define ADDRESS_STATE (2 << 4) + #define CONFIGURATION_STATE (3 << 4) ++#define SUSPENDED_STATE (4 << 4) + + #define CTSQ_MASK (0x7) /* Control Transfer Stage */ + #define IDLE_SETUP_STAGE 0 /* Idle stage or setup stage */ +diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c +index efe8d815cf2c..5731621984c6 100644 +--- a/drivers/usb/renesas_usbhs/mod_gadget.c ++++ b/drivers/usb/renesas_usbhs/mod_gadget.c +@@ -467,12 +467,18 @@ static int usbhsg_irq_dev_state(struct usbhs_priv *priv, + { + struct usbhsg_gpriv *gpriv = usbhsg_priv_to_gpriv(priv); + struct device *dev = usbhsg_gpriv_to_dev(gpriv); ++ int state = usbhs_status_get_device_state(irq_state); + + gpriv->gadget.speed = usbhs_bus_get_speed(priv); + +- dev_dbg(dev, "state = %x : speed : %d\n", +- usbhs_status_get_device_state(irq_state), +- gpriv->gadget.speed); ++ dev_dbg(dev, "state = %x : speed : %d\n", state, gpriv->gadget.speed); ++ ++ if (gpriv->gadget.speed != USB_SPEED_UNKNOWN && ++ (state & SUSPENDED_STATE)) { ++ if (gpriv->driver && gpriv->driver->suspend) ++ gpriv->driver->suspend(&gpriv->gadget); ++ usb_gadget_set_state(&gpriv->gadget, USB_STATE_SUSPENDED); ++ } + + return 0; + } +-- +2.20.1 + diff --git a/queue-4.4/x86-crash-add-a-forward-declaration-of-struct-kimage.patch b/queue-4.4/x86-crash-add-a-forward-declaration-of-struct-kimage.patch new file mode 100644 index 00000000000..976a1790380 --- /dev/null +++ b/queue-4.4/x86-crash-add-a-forward-declaration-of-struct-kimage.patch @@ -0,0 +1,72 @@ +From 69e3839b7967e726a6d041443f2d4b0c7340a16e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 8 Nov 2019 17:00:27 +0800 +Subject: x86/crash: Add a forward declaration of struct kimage +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Lianbo Jiang + +[ Upstream commit 112eee5d06007dae561f14458bde7f2a4879ef4e ] + +Add a forward declaration of struct kimage to the crash.h header because +future changes will invoke a crash-specific function from the realmode +init path and the compiler will complain otherwise like this: + + In file included from arch/x86/realmode/init.c:11: + ./arch/x86/include/asm/crash.h:5:32: warning: ‘struct kimage’ declared inside\ + parameter list will not be visible outside of this definition or declaration + 5 | int crash_load_segments(struct kimage *image); + | ^~~~~~ + ./arch/x86/include/asm/crash.h:6:37: warning: ‘struct kimage’ declared inside\ + parameter list will not be visible outside of this definition or declaration + 6 | int crash_copy_backup_region(struct kimage *image); + | ^~~~~~ + ./arch/x86/include/asm/crash.h:7:39: warning: ‘struct kimage’ declared inside\ + parameter list will not be visible outside of this definition or declaration + 7 | int crash_setup_memmap_entries(struct kimage *image, + | + + [ bp: Rewrite the commit message. ] + +Reported-by: kbuild test robot +Signed-off-by: Lianbo Jiang +Signed-off-by: Borislav Petkov +Cc: bhe@redhat.com +Cc: d.hatayama@fujitsu.com +Cc: dhowells@redhat.com +Cc: dyoung@redhat.com +Cc: ebiederm@xmission.com +Cc: horms@verge.net.au +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: Jürgen Gross +Cc: kexec@lists.infradead.org +Cc: Thomas Gleixner +Cc: Tom Lendacky +Cc: vgoyal@redhat.com +Cc: x86-ml +Link: https://lkml.kernel.org/r/20191108090027.11082-4-lijiang@redhat.com +Link: https://lkml.kernel.org/r/201910310233.EJRtTMWP%25lkp@intel.com +Signed-off-by: Sasha Levin +--- + arch/x86/include/asm/crash.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h +index f498411f2500..1b15304dd098 100644 +--- a/arch/x86/include/asm/crash.h ++++ b/arch/x86/include/asm/crash.h +@@ -1,6 +1,8 @@ + #ifndef _ASM_X86_CRASH_H + #define _ASM_X86_CRASH_H + ++struct kimage; ++ + int crash_load_segments(struct kimage *image); + int crash_copy_backup_region(struct kimage *image); + int crash_setup_memmap_entries(struct kimage *image, +-- +2.20.1 + diff --git a/queue-4.4/x86-ioapic-prevent-inconsistent-state-when-moving-an.patch b/queue-4.4/x86-ioapic-prevent-inconsistent-state-when-moving-an.patch new file mode 100644 index 00000000000..9a1cbd8176c --- /dev/null +++ b/queue-4.4/x86-ioapic-prevent-inconsistent-state-when-moving-an.patch @@ -0,0 +1,81 @@ +From e828d6f99f4a8eb977f7872e199436654f4a9c5f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Oct 2019 12:19:01 +0200 +Subject: x86/ioapic: Prevent inconsistent state when moving an interrupt + +From: Thomas Gleixner + +[ Upstream commit df4393424af3fbdcd5c404077176082a8ce459c4 ] + +There is an issue with threaded interrupts which are marked ONESHOT +and using the fasteoi handler: + + if (IS_ONESHOT()) + mask_irq(); + .... + cond_unmask_eoi_irq() + chip->irq_eoi(); + if (setaffinity_pending) { + mask_ioapic(); + ... + move_affinity(); + unmask_ioapic(); + } + +So if setaffinity is pending the interrupt will be moved and then +unconditionally unmasked at the ioapic level, which is wrong in two +aspects: + + 1) It should be kept masked up to the point where the threaded handler + finished. + + 2) The physical chip state and the software masked state are inconsistent + +Guard both the mask and the unmask with a check for the software masked +state. If the line is marked masked then the ioapic line is also masked, so +both mask_ioapic() and unmask_ioapic() can be skipped safely. + +Signed-off-by: Thomas Gleixner +Cc: Andy Shevchenko +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Sebastian Siewior +Fixes: 3aa551c9b4c4 ("genirq: add threaded interrupt handler support") +Link: https://lkml.kernel.org/r/20191017101938.321393687@linutronix.de +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/apic/io_apic.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c +index 4d5e8ff3b5e5..5e8fc9809da3 100644 +--- a/arch/x86/kernel/apic/io_apic.c ++++ b/arch/x86/kernel/apic/io_apic.c +@@ -1710,9 +1710,10 @@ static bool io_apic_level_ack_pending(struct mp_chip_data *data) + + static inline bool ioapic_irqd_mask(struct irq_data *data) + { +- /* If we are moving the irq we need to mask it */ ++ /* If we are moving the IRQ we need to mask it */ + if (unlikely(irqd_is_setaffinity_pending(data))) { +- mask_ioapic_irq(data); ++ if (!irqd_irq_masked(data)) ++ mask_ioapic_irq(data); + return true; + } + return false; +@@ -1749,7 +1750,9 @@ static inline void ioapic_irqd_unmask(struct irq_data *data, bool masked) + */ + if (!io_apic_level_ack_pending(data->chip_data)) + irq_move_masked_irq(data); +- unmask_ioapic_irq(data); ++ /* If the IRQ is masked in the core, leave it: */ ++ if (!irqd_irq_masked(data)) ++ unmask_ioapic_irq(data); + } + } + #else +-- +2.20.1 + diff --git a/queue-4.4/x86-mm-use-the-correct-function-type-for-native_set_.patch b/queue-4.4/x86-mm-use-the-correct-function-type-for-native_set_.patch new file mode 100644 index 00000000000..54eaa45bc63 --- /dev/null +++ b/queue-4.4/x86-mm-use-the-correct-function-type-for-native_set_.patch @@ -0,0 +1,65 @@ +From fb7c50f3255c876807dbd5b785cb2c2512162818 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 Sep 2019 14:14:02 -0700 +Subject: x86/mm: Use the correct function type for native_set_fixmap() + +From: Sami Tolvanen + +[ Upstream commit f53e2cd0b8ab7d9e390414470bdbd830f660133f ] + +We call native_set_fixmap indirectly through the function pointer +struct pv_mmu_ops::set_fixmap, which expects the first parameter to be +'unsigned' instead of 'enum fixed_addresses'. This patch changes the +function type for native_set_fixmap to match the pointer, which fixes +indirect call mismatches with Control-Flow Integrity (CFI) checking. + +Signed-off-by: Sami Tolvanen +Reviewed-by: Kees Cook +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Dave Hansen +Cc: H . Peter Anvin +Cc: H. Peter Anvin +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Rik van Riel +Cc: Thomas Gleixner +Link: https://lkml.kernel.org/r/20190913211402.193018-1-samitolvanen@google.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + arch/x86/include/asm/fixmap.h | 2 +- + arch/x86/mm/pgtable.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h +index f80d70009ff8..d0e39f54feee 100644 +--- a/arch/x86/include/asm/fixmap.h ++++ b/arch/x86/include/asm/fixmap.h +@@ -147,7 +147,7 @@ extern pgprot_t kmap_prot; + extern pte_t *pkmap_page_table; + + void __native_set_fixmap(enum fixed_addresses idx, pte_t pte); +-void native_set_fixmap(enum fixed_addresses idx, ++void native_set_fixmap(unsigned /* enum fixed_addresses */ idx, + phys_addr_t phys, pgprot_t flags); + + #ifndef CONFIG_PARAVIRT +diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c +index 50f75768aadd..3ed4753280aa 100644 +--- a/arch/x86/mm/pgtable.c ++++ b/arch/x86/mm/pgtable.c +@@ -567,8 +567,8 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) + fixmaps_set++; + } + +-void native_set_fixmap(enum fixed_addresses idx, phys_addr_t phys, +- pgprot_t flags) ++void native_set_fixmap(unsigned /* enum fixed_addresses */ idx, ++ phys_addr_t phys, pgprot_t flags) + { + __native_set_fixmap(idx, pfn_pte(phys >> PAGE_SHIFT, flags)); + } +-- +2.20.1 +