From: Greg Kroah-Hartman Date: Fri, 21 Sep 2018 07:45:36 +0000 (+0200) Subject: 4.9-stable patches X-Git-Tag: v3.18.123~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=47f38bc9a73b60872b985b56fc56e54134eb986a;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: alsa-msnd-fix-the-default-sample-sizes.patch alsa-usb-audio-fix-multiple-definitions-in-au0828_device-macro.patch arm-dts-qcom-msm8974-hammerhead-increase-load-on-l20-for-sdhci.patch arm-exynos-clear-global-variable-on-init-error-path.patch arm64-dts-qcom-db410c-fix-bluetooth-led-trigger.patch clk-clk-fixed-factor-clear-of_populated-flag-in-case-of-failure.patch clk-imx6ul-fix-missing-of_node_put.patch crypto-sharah-unregister-correct-algorithms-for-sahara-3.patch dmaengine-mv_xor_v2-kill-the-tasklets-upon-exit.patch dmaengine-pl330-fix-irq-race-with-terminate_all.patch drivers-base-stop-new-probing-during-shutdown.patch efi-arm-preserve-early-mapping-of-uefi-memory-map-longer-for-bgrt.patch fbdev-distinguish-between-interlaced-and-progressive-modes.patch fbdev-omapfb-off-by-one-in-omapfb_register_client.patch fbdev-via-fix-defined-but-not-used-warning.patch gfs2-don-t-reject-a-supposedly-full-bitmap-if-we-have-blocks-reserved.patch gfs2-special-case-rindex-for-gfs2_grow.patch ib-rxe-drop-qp0-silently.patch iommu-arm-smmu-v3-sync-the-ovackflg-to-priq-consumer-register.patch kbuild-add-.delete_on_error-special-target.patch kvm-arm-arm64-fix-vgic-init-race.patch mac80211-restrict-delayed-tailroom-needed-decrement.patch media-tw686x-fix-oops-on-buffer-alloc-failure.patch media-videobuf2-core-check-for-q-error-in-vb2_core_qbuf.patch mips-ath79-fix-system-restart.patch mips-jz4740-bump-zload-address.patch mtd-maps-fix-solutionengine.c-printk-format-warnings.patch nfp-avoid-buffer-leak-when-fw-communication-fails.patch perf-powerpc-fix-callchain-ip-filtering-when-return-address-is-in-a-register.patch perf-powerpc-fix-callchain-ip-filtering.patch perf-test-fix-subtest-number-when-showing-results.patch platform-x86-toshiba_acpi-fix-defined-but-not-used-build-warnings.patch powerpc-powernv-opal_put_chars-partial-write-fix.patch s390-qeth-fix-race-in-used-buffer-accounting.patch s390-qeth-reset-layer2-attribute-on-layer-switch.patch smack-fix-handling-of-ipv4-traffic-received-by-pf_inet6-sockets.patch video-fbdev-pxafb-clear-allocated-memory-for-video-modes.patch video-goldfishfb-fix-memory-leak-on-driver-remove.patch wan-fsl_ucc_hdlc-use-is_err_value-to-check-return-value-of-qe_muram_alloc.patch xen-netfront-fix-queue-name-setting.patch xen-netfront-fix-warn-message-as-irq-device-name-has.patch xfrm-fix-passing-zero-to-err_ptr-warning.patch --- diff --git a/queue-4.9/alsa-msnd-fix-the-default-sample-sizes.patch b/queue-4.9/alsa-msnd-fix-the-default-sample-sizes.patch new file mode 100644 index 00000000000..d27bc750537 --- /dev/null +++ b/queue-4.9/alsa-msnd-fix-the-default-sample-sizes.patch @@ -0,0 +1,34 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Takashi Iwai +Date: Wed, 25 Jul 2018 23:00:48 +0200 +Subject: ALSA: msnd: Fix the default sample sizes + +From: Takashi Iwai + +[ Upstream commit 7c500f9ea139d0c9b80fdea5a9c911db3166ea54 ] + +The default sample sizes set by msnd driver are bogus; it sets ALSA +PCM format, not the actual bit width. + +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + sound/isa/msnd/msnd_pinnacle.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/sound/isa/msnd/msnd_pinnacle.c ++++ b/sound/isa/msnd/msnd_pinnacle.c +@@ -82,10 +82,10 @@ + + static void set_default_audio_parameters(struct snd_msnd *chip) + { +- chip->play_sample_size = DEFSAMPLESIZE; ++ chip->play_sample_size = snd_pcm_format_width(DEFSAMPLESIZE); + chip->play_sample_rate = DEFSAMPLERATE; + chip->play_channels = DEFCHANNELS; +- chip->capture_sample_size = DEFSAMPLESIZE; ++ chip->capture_sample_size = snd_pcm_format_width(DEFSAMPLESIZE); + chip->capture_sample_rate = DEFSAMPLERATE; + chip->capture_channels = DEFCHANNELS; + } diff --git a/queue-4.9/alsa-usb-audio-fix-multiple-definitions-in-au0828_device-macro.patch b/queue-4.9/alsa-usb-audio-fix-multiple-definitions-in-au0828_device-macro.patch new file mode 100644 index 00000000000..4842fb3515c --- /dev/null +++ b/queue-4.9/alsa-usb-audio-fix-multiple-definitions-in-au0828_device-macro.patch @@ -0,0 +1,39 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Takashi Iwai +Date: Wed, 25 Jul 2018 23:00:46 +0200 +Subject: ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro + +From: Takashi Iwai + +[ Upstream commit bd1cd0eb2ce9141100628d476ead4de485501b29 ] + +AU0828_DEVICE() macro in quirks-table.h uses USB_DEVICE_VENDOR_SPEC() +for expanding idVendor and idProduct fields. However, the latter +macro adds also match_flags and bInterfaceClass, which are different +from the values AU0828_DEVICE() macro sets after that. + +For fixing them, just expand idVendor and idProduct fields manually in +AU0828_DEVICE(). + +This fixes sparse warnings like: + sound/usb/quirks-table.h:2892:1: warning: Initializer entry defined twice + +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/quirks-table.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/sound/usb/quirks-table.h ++++ b/sound/usb/quirks-table.h +@@ -2875,7 +2875,8 @@ YAMAHA_DEVICE(0x7010, "UB99"), + */ + + #define AU0828_DEVICE(vid, pid, vname, pname) { \ +- USB_DEVICE_VENDOR_SPEC(vid, pid), \ ++ .idVendor = vid, \ ++ .idProduct = pid, \ + .match_flags = USB_DEVICE_ID_MATCH_DEVICE | \ + USB_DEVICE_ID_MATCH_INT_CLASS | \ + USB_DEVICE_ID_MATCH_INT_SUBCLASS, \ diff --git a/queue-4.9/arm-dts-qcom-msm8974-hammerhead-increase-load-on-l20-for-sdhci.patch b/queue-4.9/arm-dts-qcom-msm8974-hammerhead-increase-load-on-l20-for-sdhci.patch new file mode 100644 index 00000000000..ee84887aad4 --- /dev/null +++ b/queue-4.9/arm-dts-qcom-msm8974-hammerhead-increase-load-on-l20-for-sdhci.patch @@ -0,0 +1,59 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Bhushan Shah +Date: Mon, 9 Jul 2018 14:46:28 +0530 +Subject: ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci + +From: Bhushan Shah + +[ Upstream commit 03864e57770a9541e7ff3990bacf2d9a2fffcd5d ] + +The kernel would not boot on the hammerhead hardware due to the +following error: + +mmc0: Timeout waiting for hardware interrupt. +mmc0: sdhci: ============ SDHCI REGISTER DUMP =========== +mmc0: sdhci: Sys addr: 0x00000200 | Version: 0x00003802 +mmc0: sdhci: Blk size: 0x00000200 | Blk cnt: 0x00000200 +mmc0: sdhci: Argument: 0x00000000 | Trn mode: 0x00000023 +mmc0: sdhci: Present: 0x03e80000 | Host ctl: 0x00000034 +mmc0: sdhci: Power: 0x00000001 | Blk gap: 0x00000000 +mmc0: sdhci: Wake-up: 0x00000000 | Clock: 0x00000007 +mmc0: sdhci: Timeout: 0x0000000e | Int stat: 0x00000000 +mmc0: sdhci: Int enab: 0x02ff900b | Sig enab: 0x02ff100b +mmc0: sdhci: AC12 err: 0x00000000 | Slot int: 0x00000000 +mmc0: sdhci: Caps: 0x642dc8b2 | Caps_1: 0x00008007 +mmc0: sdhci: Cmd: 0x00000c1b | Max curr: 0x00000000 +mmc0: sdhci: Resp[0]: 0x00000c00 | Resp[1]: 0x00000000 +mmc0: sdhci: Resp[2]: 0x00000000 | Resp[3]: 0x00000000 +mmc0: sdhci: Host ctl2: 0x00000008 +mmc0: sdhci: ADMA Err: 0x00000000 | ADMA Ptr: 0x70040220 +mmc0: sdhci: ============================================ +mmc0: Card stuck in wrong state! mmcblk0 card_busy_detect status: 0xe00 +mmc0: cache flush error -110 +mmc0: Reset 0x1 never completed. + +This patch increases the load on l20 to 0.2 amps for the sdhci +and allows the device to boot normally. + +Signed-off-by: Bhushan Shah +Signed-off-by: Brian Masney +Suggested-by: Bjorn Andersson +Tested-by: Brian Masney +Signed-off-by: Andy Gross +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/qcom-msm8974-lge-nexus5-hammerhead.dts | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm/boot/dts/qcom-msm8974-lge-nexus5-hammerhead.dts ++++ b/arch/arm/boot/dts/qcom-msm8974-lge-nexus5-hammerhead.dts +@@ -188,6 +188,8 @@ + regulator-max-microvolt = <2950000>; + + regulator-boot-on; ++ regulator-system-load = <200000>; ++ regulator-allow-set-load; + }; + + l21 { diff --git a/queue-4.9/arm-exynos-clear-global-variable-on-init-error-path.patch b/queue-4.9/arm-exynos-clear-global-variable-on-init-error-path.patch new file mode 100644 index 00000000000..8ee06729589 --- /dev/null +++ b/queue-4.9/arm-exynos-clear-global-variable-on-init-error-path.patch @@ -0,0 +1,36 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Krzysztof Kozlowski +Date: Tue, 24 Jul 2018 18:48:14 +0200 +Subject: ARM: exynos: Clear global variable on init error path + +From: Krzysztof Kozlowski + +[ Upstream commit cd4806911cee3901bc2b5eb95603cf1958720b57 ] + +For most of Exynos SoCs, Power Management Unit (PMU) address space is +mapped into global variable 'pmu_base_addr' very early when initializing +PMU interrupt controller. A lot of other machine code depends on it so +when doing iounmap() on this address, clear the global as well to avoid +usage of invalid value (pointing to unmapped memory region). + +Properly mapped PMU address space is a requirement for all other machine +code so this fix is purely theoretical. Boot will fail immediately in +many other places after following this error path. + +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/mach-exynos/suspend.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm/mach-exynos/suspend.c ++++ b/arch/arm/mach-exynos/suspend.c +@@ -252,6 +252,7 @@ static int __init exynos_pmu_irq_init(st + NULL); + if (!domain) { + iounmap(pmu_base_addr); ++ pmu_base_addr = NULL; + return -ENOMEM; + } + diff --git a/queue-4.9/arm64-dts-qcom-db410c-fix-bluetooth-led-trigger.patch b/queue-4.9/arm64-dts-qcom-db410c-fix-bluetooth-led-trigger.patch new file mode 100644 index 00000000000..c6bf0cb1219 --- /dev/null +++ b/queue-4.9/arm64-dts-qcom-db410c-fix-bluetooth-led-trigger.patch @@ -0,0 +1,33 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Loic Poulain +Date: Wed, 11 Jul 2018 14:18:23 +0200 +Subject: arm64: dts: qcom: db410c: Fix Bluetooth LED trigger + +From: Loic Poulain + +[ Upstream commit e53db018315b7660bb7000a29e79faff2496c2c2 ] + +Current LED trigger, 'bt', is not known/used by any existing driver. +Fix this by renaming it to 'bluetooth-power' trigger which is +controlled by the Bluetooth subsystem. + +Fixes: 9943230c8860 ("arm64: dts: qcom: Add apq8016-sbc board LED's related device nodes") +Signed-off-by: Loic Poulain +Signed-off-by: Andy Gross +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi ++++ b/arch/arm64/boot/dts/qcom/apq8016-sbc.dtsi +@@ -170,7 +170,7 @@ + led@6 { + label = "apq8016-sbc:blue:bt"; + gpios = <&pm8916_mpps 3 GPIO_ACTIVE_HIGH>; +- linux,default-trigger = "bt"; ++ linux,default-trigger = "bluetooth-power"; + default-state = "off"; + }; + }; diff --git a/queue-4.9/clk-clk-fixed-factor-clear-of_populated-flag-in-case-of-failure.patch b/queue-4.9/clk-clk-fixed-factor-clear-of_populated-flag-in-case-of-failure.patch new file mode 100644 index 00000000000..e4c9a20a555 --- /dev/null +++ b/queue-4.9/clk-clk-fixed-factor-clear-of_populated-flag-in-case-of-failure.patch @@ -0,0 +1,46 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Rajan Vaja +Date: Tue, 17 Jul 2018 06:17:00 -0700 +Subject: clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure + +From: Rajan Vaja + +[ Upstream commit f6dab4233d6b64d719109040503b567f71fbfa01 ] + +Fixed factor clock has two initializations at of_clk_init() time +and during platform driver probe. Before of_clk_init() call, +node is marked as populated and so its probe never gets called. + +During of_clk_init() fixed factor clock registration may fail if +any of its parent clock is not registered. In this case, it doesn't +get chance to retry registration from probe. Clear OF_POPULATED +flag if fixed factor clock registration fails so that clock +registration is attempted again from probe. + +Signed-off-by: Rajan Vaja +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/clk-fixed-factor.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/clk/clk-fixed-factor.c ++++ b/drivers/clk/clk-fixed-factor.c +@@ -177,8 +177,15 @@ static struct clk *_of_fixed_factor_clk_ + + clk = clk_register_fixed_factor(NULL, clk_name, parent_name, flags, + mult, div); +- if (IS_ERR(clk)) ++ if (IS_ERR(clk)) { ++ /* ++ * If parent clock is not registered, registration would fail. ++ * Clear OF_POPULATED flag so that clock registration can be ++ * attempted again from probe function. ++ */ ++ of_node_clear_flag(node, OF_POPULATED); + return clk; ++ } + + ret = of_clk_add_provider(node, of_clk_src_simple_get, clk); + if (ret) { diff --git a/queue-4.9/clk-imx6ul-fix-missing-of_node_put.patch b/queue-4.9/clk-imx6ul-fix-missing-of_node_put.patch new file mode 100644 index 00000000000..0719a4ea4f5 --- /dev/null +++ b/queue-4.9/clk-imx6ul-fix-missing-of_node_put.patch @@ -0,0 +1,32 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Nicholas Mc Guire +Date: Fri, 13 Jul 2018 13:13:20 +0200 +Subject: clk: imx6ul: fix missing of_node_put() + +From: Nicholas Mc Guire + +[ Upstream commit 11177e7a7aaef95935592072985526ebf0a3df43 ] + +of_find_compatible_node() is returning a device node with refcount +incremented and must be explicitly decremented after the last use +which is right after the us in of_iomap() here. + +Signed-off-by: Nicholas Mc Guire +Fixes: 787b4271a6a0 ("clk: imx: add imx6ul clk tree support") +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/imx/clk-imx6ul.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/clk/imx/clk-imx6ul.c ++++ b/drivers/clk/imx/clk-imx6ul.c +@@ -120,6 +120,7 @@ static void __init imx6ul_clocks_init(st + + np = of_find_compatible_node(NULL, NULL, "fsl,imx6ul-anatop"); + base = of_iomap(np, 0); ++ of_node_put(np); + WARN_ON(!base); + + clks[IMX6UL_PLL1_BYPASS_SRC] = imx_clk_mux("pll1_bypass_src", base + 0x00, 14, 1, pll_bypass_src_sels, ARRAY_SIZE(pll_bypass_src_sels)); diff --git a/queue-4.9/crypto-sharah-unregister-correct-algorithms-for-sahara-3.patch b/queue-4.9/crypto-sharah-unregister-correct-algorithms-for-sahara-3.patch new file mode 100644 index 00000000000..39cde24c76e --- /dev/null +++ b/queue-4.9/crypto-sharah-unregister-correct-algorithms-for-sahara-3.patch @@ -0,0 +1,42 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: "Michael Müller" +Date: Sun, 15 Jul 2018 00:27:06 +0200 +Subject: crypto: sharah - Unregister correct algorithms for SAHARA 3 + +From: "Michael Müller" + +[ Upstream commit 0e7d4d932ffc23f75efb31a8c2ac2396c1b81c55 ] + +This patch fixes two typos related to unregistering algorithms supported by +SAHARAH 3. In sahara_register_algs the wrong algorithms are unregistered +in case of an error. In sahara_unregister_algs the wrong array is used to +determine the iteration count. + +Signed-off-by: Michael Müller +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/sahara.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/crypto/sahara.c ++++ b/drivers/crypto/sahara.c +@@ -1352,7 +1352,7 @@ err_sha_v4_algs: + + err_sha_v3_algs: + for (j = 0; j < k; j++) +- crypto_unregister_ahash(&sha_v4_algs[j]); ++ crypto_unregister_ahash(&sha_v3_algs[j]); + + err_aes_algs: + for (j = 0; j < i; j++) +@@ -1368,7 +1368,7 @@ static void sahara_unregister_algs(struc + for (i = 0; i < ARRAY_SIZE(aes_algs); i++) + crypto_unregister_alg(&aes_algs[i]); + +- for (i = 0; i < ARRAY_SIZE(sha_v4_algs); i++) ++ for (i = 0; i < ARRAY_SIZE(sha_v3_algs); i++) + crypto_unregister_ahash(&sha_v3_algs[i]); + + if (dev->version > SAHARA_VERSION_3) diff --git a/queue-4.9/dmaengine-mv_xor_v2-kill-the-tasklets-upon-exit.patch b/queue-4.9/dmaengine-mv_xor_v2-kill-the-tasklets-upon-exit.patch new file mode 100644 index 00000000000..fcddfba7782 --- /dev/null +++ b/queue-4.9/dmaengine-mv_xor_v2-kill-the-tasklets-upon-exit.patch @@ -0,0 +1,37 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Hanna Hawa +Date: Tue, 17 Jul 2018 13:30:00 +0300 +Subject: dmaengine: mv_xor_v2: kill the tasklets upon exit + +From: Hanna Hawa + +[ Upstream commit 8bbafed8dd5cfa81071b50ead5cb60367fdef3a9 ] + +The mv_xor_v2 driver uses a tasklet, initialized during the probe() +routine. However, it forgets to cleanup the tasklet using +tasklet_kill() function during the remove() routine, which this patch +fixes. This prevents the tasklet from potentially running after the +module has been removed. + +Fixes: 19a340b1a820 ("dmaengine: mv_xor_v2: new driver") + +Signed-off-by: Hanna Hawa +Reviewed-by: Thomas Petazzoni +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/mv_xor_v2.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/dma/mv_xor_v2.c ++++ b/drivers/dma/mv_xor_v2.c +@@ -844,6 +844,8 @@ static int mv_xor_v2_remove(struct platf + + platform_msi_domain_free_irqs(&pdev->dev); + ++ tasklet_kill(&xor_dev->irq_tasklet); ++ + clk_disable_unprepare(xor_dev->clk); + + return 0; diff --git a/queue-4.9/dmaengine-pl330-fix-irq-race-with-terminate_all.patch b/queue-4.9/dmaengine-pl330-fix-irq-race-with-terminate_all.patch new file mode 100644 index 00000000000..71af6b8b751 --- /dev/null +++ b/queue-4.9/dmaengine-pl330-fix-irq-race-with-terminate_all.patch @@ -0,0 +1,55 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: John Keeping +Date: Tue, 17 Jul 2018 11:48:16 +0100 +Subject: dmaengine: pl330: fix irq race with terminate_all + +From: John Keeping + +[ Upstream commit e49756544a21f5625b379b3871d27d8500764670 ] + +In pl330_update() when checking if a channel has been aborted, the +channel's lock is not taken, only the overall pl330_dmac lock. But in +pl330_terminate_all() the aborted flag (req_running==-1) is set under +the channel lock and not the pl330_dmac lock. + +With threaded interrupts, this leads to a potential race: + + pl330_terminate_all pl330_update + ------------------- ------------ + lock channel + entry + lock pl330 + _stop channel + unlock pl330 + lock pl330 + check req_running != -1 + req_running = -1 + _start channel + +Signed-off-by: John Keeping +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/pl330.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/dma/pl330.c ++++ b/drivers/dma/pl330.c +@@ -2167,13 +2167,14 @@ static int pl330_terminate_all(struct dm + + pm_runtime_get_sync(pl330->ddma.dev); + spin_lock_irqsave(&pch->lock, flags); ++ + spin_lock(&pl330->lock); + _stop(pch->thread); +- spin_unlock(&pl330->lock); +- + pch->thread->req[0].desc = NULL; + pch->thread->req[1].desc = NULL; + pch->thread->req_running = -1; ++ spin_unlock(&pl330->lock); ++ + power_down = pch->active; + pch->active = false; + diff --git a/queue-4.9/drivers-base-stop-new-probing-during-shutdown.patch b/queue-4.9/drivers-base-stop-new-probing-during-shutdown.patch new file mode 100644 index 00000000000..101bf0e4999 --- /dev/null +++ b/queue-4.9/drivers-base-stop-new-probing-during-shutdown.patch @@ -0,0 +1,55 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Pingfan Liu +Date: Thu, 19 Jul 2018 13:14:58 +0800 +Subject: drivers/base: stop new probing during shutdown + +From: Pingfan Liu + +[ Upstream commit 3297c8fc65af5d40501ea7cddff1b195cae57e4e ] + +There is a race window in device_shutdown(), which may cause +-1. parent device shut down before child or +-2. no shutdown on a new probing device. + +For 1st, taking the following scenario: + device_shutdown new plugin device + list_del_init(parent_dev); + spin_unlock(list_lock); + device_add(child) + probe child + shutdown parent_dev + --> now child is on the tail of devices_kset + +For 2nd, taking the following scenario: + device_shutdown new plugin device + device_add(dev) + device_lock(dev); + ... + device_unlock(dev); + probe dev + --> now, the new occurred dev has no opportunity to shutdown + +To fix this race issue, just prevent the new probing request. With this +logic, device_shutdown() is more similar to dpm_prepare(). + +Signed-off-by: Pingfan Liu +Reviewed-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/base/core.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/base/core.c ++++ b/drivers/base/core.c +@@ -2072,6 +2072,9 @@ void device_shutdown(void) + { + struct device *dev, *parent; + ++ wait_for_device_probe(); ++ device_block_probing(); ++ + spin_lock(&devices_kset->list_lock); + /* + * Walk the devices list backward, shutting down each in turn. diff --git a/queue-4.9/efi-arm-preserve-early-mapping-of-uefi-memory-map-longer-for-bgrt.patch b/queue-4.9/efi-arm-preserve-early-mapping-of-uefi-memory-map-longer-for-bgrt.patch new file mode 100644 index 00000000000..0eff1a8cb6c --- /dev/null +++ b/queue-4.9/efi-arm-preserve-early-mapping-of-uefi-memory-map-longer-for-bgrt.patch @@ -0,0 +1,58 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Ard Biesheuvel +Date: Mon, 23 Jul 2018 10:57:30 +0900 +Subject: efi/arm: preserve early mapping of UEFI memory map longer for BGRT + +From: Ard Biesheuvel + +[ Upstream commit 3ea86495aef2f6de26b7cb1599ba350dd6a0c521 ] + +The BGRT code validates the contents of the table against the UEFI +memory map, and so it expects it to be mapped when the code runs. + +On ARM, this is currently not the case, since we tear down the early +mapping after efi_init() completes, and only create the permanent +mapping in arm_enable_runtime_services(), which executes as an early +initcall, but still leaves a window where the UEFI memory map is not +mapped. + +So move the call to efi_memmap_unmap() from efi_init() to +arm_enable_runtime_services(). + +Signed-off-by: Ard Biesheuvel +[will: fold in EFI_MEMMAP attribute check from Ard] +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/arm-init.c | 1 - + drivers/firmware/efi/arm-runtime.c | 4 +++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/firmware/efi/arm-init.c ++++ b/drivers/firmware/efi/arm-init.c +@@ -250,7 +250,6 @@ void __init efi_init(void) + reserve_regions(); + efi_memattr_init(); + efi_esrt_init(); +- efi_memmap_unmap(); + + memblock_reserve(params.mmap & PAGE_MASK, + PAGE_ALIGN(params.mmap_size + +--- a/drivers/firmware/efi/arm-runtime.c ++++ b/drivers/firmware/efi/arm-runtime.c +@@ -118,11 +118,13 @@ static int __init arm_enable_runtime_ser + { + u64 mapsize; + +- if (!efi_enabled(EFI_BOOT)) { ++ if (!efi_enabled(EFI_BOOT) || !efi_enabled(EFI_MEMMAP)) { + pr_info("EFI services will not be available.\n"); + return 0; + } + ++ efi_memmap_unmap(); ++ + if (efi_runtime_disabled()) { + pr_info("EFI runtime services will be disabled.\n"); + return 0; diff --git a/queue-4.9/fbdev-distinguish-between-interlaced-and-progressive-modes.patch b/queue-4.9/fbdev-distinguish-between-interlaced-and-progressive-modes.patch new file mode 100644 index 00000000000..e39af18a119 --- /dev/null +++ b/queue-4.9/fbdev-distinguish-between-interlaced-and-progressive-modes.patch @@ -0,0 +1,123 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Fredrik Noring +Date: Tue, 24 Jul 2018 19:11:24 +0200 +Subject: fbdev: Distinguish between interlaced and progressive modes + +From: Fredrik Noring + +[ Upstream commit 1ba0a59cea41ea05fda92daaf2a2958a2246b9cf ] + +I discovered the problem when developing a frame buffer driver for the +PlayStation 2 (not yet merged), using the following video modes for the +PlayStation 3 in drivers/video/fbdev/ps3fb.c: + + }, { + /* 1080if */ + "1080if", 50, 1920, 1080, 13468, 148, 484, 36, 4, 88, 5, + FB_SYNC_BROADCAST, FB_VMODE_INTERLACED + }, { + /* 1080pf */ + "1080pf", 50, 1920, 1080, 6734, 148, 484, 36, 4, 88, 5, + FB_SYNC_BROADCAST, FB_VMODE_NONINTERLACED + }, + +In ps3fb_probe, the mode_option module parameter is used with fb_find_mode +but it can only select the interlaced variant of 1920x1080 since the loop +matching the modes does not take the difference between interlaced and +progressive modes into account. + +In short, without the patch, progressive 1920x1080 cannot be chosen as a +mode_option parameter since fb_find_mode (falsely) thinks interlace is a +perfect match. + +Signed-off-by: Fredrik Noring +Cc: "Maciej W. Rozycki" +[b.zolnierkie: updated patch description] +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/video/fbdev/core/modedb.c | 41 +++++++++++++++++++++++++++----------- + 1 file changed, 30 insertions(+), 11 deletions(-) + +--- a/drivers/video/fbdev/core/modedb.c ++++ b/drivers/video/fbdev/core/modedb.c +@@ -644,7 +644,7 @@ static int fb_try_mode(struct fb_var_scr + * + * Valid mode specifiers for @mode_option: + * +- * x[M][R][-][@][i][m] or ++ * x[M][R][-][@][i][p][m] or + * [-][@] + * + * with , , and decimal numbers and +@@ -653,10 +653,10 @@ static int fb_try_mode(struct fb_var_scr + * If 'M' is present after yres (and before refresh/bpp if present), + * the function will compute the timings using VESA(tm) Coordinated + * Video Timings (CVT). If 'R' is present after 'M', will compute with +- * reduced blanking (for flatpanels). If 'i' is present, compute +- * interlaced mode. If 'm' is present, add margins equal to 1.8% +- * of xres rounded down to 8 pixels, and 1.8% of yres. The char +- * 'i' and 'm' must be after 'M' and 'R'. Example: ++ * reduced blanking (for flatpanels). If 'i' or 'p' are present, compute ++ * interlaced or progressive mode. If 'm' is present, add margins equal ++ * to 1.8% of xres rounded down to 8 pixels, and 1.8% of yres. The chars ++ * 'i', 'p' and 'm' must be after 'M' and 'R'. Example: + * + * 1024x768MR-8@60m - Reduced blank with margins at 60Hz. + * +@@ -697,7 +697,8 @@ int fb_find_mode(struct fb_var_screeninf + unsigned int namelen = strlen(name); + int res_specified = 0, bpp_specified = 0, refresh_specified = 0; + unsigned int xres = 0, yres = 0, bpp = default_bpp, refresh = 0; +- int yres_specified = 0, cvt = 0, rb = 0, interlace = 0; ++ int yres_specified = 0, cvt = 0, rb = 0; ++ int interlace_specified = 0, interlace = 0; + int margins = 0; + u32 best, diff, tdiff; + +@@ -748,9 +749,17 @@ int fb_find_mode(struct fb_var_screeninf + if (!cvt) + margins = 1; + break; ++ case 'p': ++ if (!cvt) { ++ interlace = 0; ++ interlace_specified = 1; ++ } ++ break; + case 'i': +- if (!cvt) ++ if (!cvt) { + interlace = 1; ++ interlace_specified = 1; ++ } + break; + default: + goto done; +@@ -819,11 +828,21 @@ done: + if ((name_matches(db[i], name, namelen) || + (res_specified && res_matches(db[i], xres, yres))) && + !fb_try_mode(var, info, &db[i], bpp)) { +- if (refresh_specified && db[i].refresh == refresh) +- return 1; ++ const int db_interlace = (db[i].vmode & ++ FB_VMODE_INTERLACED ? 1 : 0); ++ int score = abs(db[i].refresh - refresh); ++ ++ if (interlace_specified) ++ score += abs(db_interlace - interlace); ++ ++ if (!interlace_specified || ++ db_interlace == interlace) ++ if (refresh_specified && ++ db[i].refresh == refresh) ++ return 1; + +- if (abs(db[i].refresh - refresh) < diff) { +- diff = abs(db[i].refresh - refresh); ++ if (score < diff) { ++ diff = score; + best = i; + } + } diff --git a/queue-4.9/fbdev-omapfb-off-by-one-in-omapfb_register_client.patch b/queue-4.9/fbdev-omapfb-off-by-one-in-omapfb_register_client.patch new file mode 100644 index 00000000000..af8dd6fca6a --- /dev/null +++ b/queue-4.9/fbdev-omapfb-off-by-one-in-omapfb_register_client.patch @@ -0,0 +1,33 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Dan Carpenter +Date: Tue, 24 Jul 2018 19:11:28 +0200 +Subject: fbdev: omapfb: off by one in omapfb_register_client() + +From: Dan Carpenter + +[ Upstream commit 5ec1ec35b2979b59d0b33381e7c9aac17e159d16 ] + +The omapfb_register_client[] array has OMAPFB_PLANE_NUM elements so the +> should be >= or we are one element beyond the end of the array. + +Fixes: 8b08cf2b64f5 ("OMAP: add TI OMAP framebuffer driver") +Signed-off-by: Dan Carpenter +Cc: Imre Deak +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/video/fbdev/omap/omapfb_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/video/fbdev/omap/omapfb_main.c ++++ b/drivers/video/fbdev/omap/omapfb_main.c +@@ -956,7 +956,7 @@ int omapfb_register_client(struct omapfb + { + int r; + +- if ((unsigned)omapfb_nb->plane_idx > OMAPFB_PLANE_NUM) ++ if ((unsigned)omapfb_nb->plane_idx >= OMAPFB_PLANE_NUM) + return -EINVAL; + + if (!notifier_inited) { diff --git a/queue-4.9/fbdev-via-fix-defined-but-not-used-warning.patch b/queue-4.9/fbdev-via-fix-defined-but-not-used-warning.patch new file mode 100644 index 00000000000..d908298697f --- /dev/null +++ b/queue-4.9/fbdev-via-fix-defined-but-not-used-warning.patch @@ -0,0 +1,42 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Randy Dunlap +Date: Tue, 24 Jul 2018 19:11:27 +0200 +Subject: fbdev/via: fix defined but not used warning + +From: Randy Dunlap + +[ Upstream commit b6566b47a67e07fdca44cf51abb14e2fbe17d3eb ] + +Fix a build warning in viafbdev.c when CONFIG_PROC_FS is not enabled +by marking the unused function as __maybe_unused. + +../drivers/video/fbdev/via/viafbdev.c:1471:12: warning: 'viafb_sup_odev_proc_show' defined but not used [-Wunused-function] + +Signed-off-by: Randy Dunlap +Cc: Florian Tobias Schandinat +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/video/fbdev/via/viafbdev.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/video/fbdev/via/viafbdev.c ++++ b/drivers/video/fbdev/via/viafbdev.c +@@ -19,6 +19,7 @@ + * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + ++#include + #include + #include + #include +@@ -1468,7 +1469,7 @@ static const struct file_operations viaf + + #endif /* CONFIG_FB_VIA_DIRECT_PROCFS */ + +-static int viafb_sup_odev_proc_show(struct seq_file *m, void *v) ++static int __maybe_unused viafb_sup_odev_proc_show(struct seq_file *m, void *v) + { + via_odev_to_seq(m, supported_odev_map[ + viaparinfo->shared->chip_info.gfx_chip_name]); diff --git a/queue-4.9/gfs2-don-t-reject-a-supposedly-full-bitmap-if-we-have-blocks-reserved.patch b/queue-4.9/gfs2-don-t-reject-a-supposedly-full-bitmap-if-we-have-blocks-reserved.patch new file mode 100644 index 00000000000..389c6325c8e --- /dev/null +++ b/queue-4.9/gfs2-don-t-reject-a-supposedly-full-bitmap-if-we-have-blocks-reserved.patch @@ -0,0 +1,42 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Bob Peterson +Date: Mon, 18 Jun 2018 13:24:13 -0500 +Subject: gfs2: Don't reject a supposedly full bitmap if we have blocks reserved + +From: Bob Peterson + +[ Upstream commit e79e0e1428188b24c3b57309ffa54a33c4ae40c4 ] + +Before this patch, you could get into situations like this: + +1. Process 1 searches for X free blocks, finds them, makes a reservation +2. Process 2 searches for free blocks in the same rgrp, but now the + bitmap is full because process 1's reservation is skipped over. + So it marks the bitmap as GBF_FULL. +3. Process 1 tries to allocate blocks from its own reservation, but + since the GBF_FULL bit is set, it skips over the rgrp and searches + elsewhere, thus not using its own reservation. + +This patch adds an additional check to allow processes to use their +own reservations. + +Signed-off-by: Bob Peterson +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + fs/gfs2/rgrp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/gfs2/rgrp.c ++++ b/fs/gfs2/rgrp.c +@@ -1675,7 +1675,8 @@ static int gfs2_rbm_find(struct gfs2_rbm + + while(1) { + bi = rbm_bi(rbm); +- if (test_bit(GBF_FULL, &bi->bi_flags) && ++ if ((ip == NULL || !gfs2_rs_active(&ip->i_res)) && ++ test_bit(GBF_FULL, &bi->bi_flags) && + (state == GFS2_BLKST_FREE)) + goto next_bitmap; + diff --git a/queue-4.9/gfs2-special-case-rindex-for-gfs2_grow.patch b/queue-4.9/gfs2-special-case-rindex-for-gfs2_grow.patch new file mode 100644 index 00000000000..85283ea3550 --- /dev/null +++ b/queue-4.9/gfs2-special-case-rindex-for-gfs2_grow.patch @@ -0,0 +1,48 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Andreas Gruenbacher +Date: Wed, 25 Jul 2018 18:45:08 +0100 +Subject: gfs2: Special-case rindex for gfs2_grow + +From: Andreas Gruenbacher + +[ Upstream commit 776125785a87ff05d49938bd5b9f336f2a05bff6 ] + +To speed up the common case of appending to a file, +gfs2_write_alloc_required presumes that writing beyond the end of a file +will always require additional blocks to be allocated. This assumption +is incorrect for preallocates files, but there are no negative +consequences as long as *some* space is still left on the filesystem. + +One special file that always has some space preallocated beyond the end +of the file is the rindex: when growing a filesystem, gfs2_grow adds one +or more new resource groups and appends records describing those +resource groups to the rindex; the preallocated space ensures that this +is always possible. + +However, when a filesystem is completely full, gfs2_write_alloc_required +will indicate that an additional allocation is required, and appending +the next record to the rindex will fail even though space for that +record has already been preallocated. To fix that, skip the incorrect +optimization in gfs2_write_alloc_required, but for the rindex only. +Other writes to preallocated space beyond the end of the file are still +allowed to fail on completely full filesystems. + +Signed-off-by: Andreas Gruenbacher +Reviewed-by: Bob Peterson +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + fs/gfs2/bmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/gfs2/bmap.c ++++ b/fs/gfs2/bmap.c +@@ -1472,7 +1472,7 @@ int gfs2_write_alloc_required(struct gfs + end_of_file = (i_size_read(&ip->i_inode) + sdp->sd_sb.sb_bsize - 1) >> shift; + lblock = offset >> shift; + lblock_stop = (offset + len + sdp->sd_sb.sb_bsize - 1) >> shift; +- if (lblock_stop > end_of_file) ++ if (lblock_stop > end_of_file && ip != GFS2_I(sdp->sd_rindex)) + return 1; + + size = (lblock_stop - lblock) << shift; diff --git a/queue-4.9/ib-rxe-drop-qp0-silently.patch b/queue-4.9/ib-rxe-drop-qp0-silently.patch new file mode 100644 index 00000000000..34edc0a38a5 --- /dev/null +++ b/queue-4.9/ib-rxe-drop-qp0-silently.patch @@ -0,0 +1,53 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Zhu Yanjun +Date: Fri, 13 Jul 2018 03:10:20 -0400 +Subject: IB/rxe: Drop QP0 silently + +From: Zhu Yanjun + +[ Upstream commit 536ca245c512aedfd84cde072d7b3ca14b6e1792 ] + +According to "Annex A16: RDMA over Converged Ethernet (RoCE)": + +A16.4.3 MANAGEMENT INTERFACES + +As defined in the base specification, a special Queue Pair, QP0 is defined +solely for communication between subnet manager(s) and subnet management +agents. Since such an IB-defined subnet management architecture is outside +the scope of this annex, it follows that there is also no requirement that +a port which conforms to this annex be associated with a QP0. Thus, for +end nodes designed to conform to this annex, the concept of QP0 is +undefined and unused for any port connected to an Ethernet network. + +CA16-8: A packet arriving at a RoCE port containing a BTH with the +destination QP field set to QP0 shall be silently dropped. + +Signed-off-by: Zhu Yanjun +Acked-by: Moni Shoua +Reviewed-by: Yuval Shaia +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/sw/rxe/rxe_recv.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/infiniband/sw/rxe/rxe_recv.c ++++ b/drivers/infiniband/sw/rxe/rxe_recv.c +@@ -225,9 +225,14 @@ static int hdr_check(struct rxe_pkt_info + goto err1; + } + ++ if (unlikely(qpn == 0)) { ++ pr_warn_once("QP 0 not supported"); ++ goto err1; ++ } ++ + if (qpn != IB_MULTICAST_QPN) { +- index = (qpn == 0) ? port->qp_smi_index : +- ((qpn == 1) ? port->qp_gsi_index : qpn); ++ index = (qpn == 1) ? port->qp_gsi_index : qpn; ++ + qp = rxe_pool_get_index(&rxe->qp_pool, index); + if (unlikely(!qp)) { + pr_warn_ratelimited("no qp matches qpn 0x%x\n", qpn); diff --git a/queue-4.9/iommu-arm-smmu-v3-sync-the-ovackflg-to-priq-consumer-register.patch b/queue-4.9/iommu-arm-smmu-v3-sync-the-ovackflg-to-priq-consumer-register.patch new file mode 100644 index 00000000000..83d953c5cf4 --- /dev/null +++ b/queue-4.9/iommu-arm-smmu-v3-sync-the-ovackflg-to-priq-consumer-register.patch @@ -0,0 +1,33 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Miao Zhong +Date: Mon, 23 Jul 2018 20:56:58 +0800 +Subject: iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register + +From: Miao Zhong + +[ Upstream commit 0d535967ac658966c6ade8f82b5799092f7d5441 ] + +When PRI queue occurs overflow, driver should update the OVACKFLG to +the PRIQ consumer register, otherwise subsequent PRI requests will not +be processed. + +Cc: Will Deacon +Cc: Robin Murphy +Signed-off-by: Miao Zhong +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iommu/arm-smmu-v3.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/iommu/arm-smmu-v3.c ++++ b/drivers/iommu/arm-smmu-v3.c +@@ -1233,6 +1233,7 @@ static irqreturn_t arm_smmu_priq_thread( + + /* Sync our overflow flag, as we believe we're up to speed */ + q->cons = Q_OVF(q, q->prod) | Q_WRP(q, q->cons) | Q_IDX(q, q->cons); ++ writel(q->cons, q->cons_reg); + return IRQ_HANDLED; + } + diff --git a/queue-4.9/kbuild-add-.delete_on_error-special-target.patch b/queue-4.9/kbuild-add-.delete_on_error-special-target.patch new file mode 100644 index 00000000000..aef0561109c --- /dev/null +++ b/queue-4.9/kbuild-add-.delete_on_error-special-target.patch @@ -0,0 +1,64 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Masahiro Yamada +Date: Fri, 20 Jul 2018 16:46:33 +0900 +Subject: kbuild: add .DELETE_ON_ERROR special target + +From: Masahiro Yamada + +[ Upstream commit 9c2af1c7377a8a6ef86e5cabf80978f3dbbb25c0 ] + +If Make gets a fatal signal while a shell is executing, it may delete +the target file that the recipe was supposed to update. This is needed +to make sure that it is remade from scratch when Make is next run; if +Make is interrupted after the recipe has begun to write the target file, +it results in an incomplete file whose time stamp is newer than that +of the prerequisites files. Make automatically deletes the incomplete +file on interrupt unless the target is marked .PRECIOUS. + +The situation is just the same as when the shell fails for some reasons. +Usually when a recipe line fails, if it has changed the target file at +all, the file is corrupted, or at least it is not completely updated. +Yet the file’s time stamp says that it is now up to date, so the next +time Make runs, it will not try to update that file. + +However, Make does not cater to delete the incomplete target file in +this case. We need to add .DELETE_ON_ERROR somewhere in the Makefile +to request it. + +scripts/Kbuild.include seems a suitable place to add it because it is +included from almost all sub-makes. + +Please note .DELETE_ON_ERROR is not effective for phony targets. + +The external module building should never ever touch the kernel tree. +The following recipe fails if include/generated/autoconf.h is missing. +However, include/config/auto.conf is not deleted since it is a phony +target. + + PHONY += include/config/auto.conf + + include/config/auto.conf: + $(Q)test -e include/generated/autoconf.h -a -e $@ || ( \ + echo >&2; \ + echo >&2 " ERROR: Kernel configuration is invalid."; \ + echo >&2 " include/generated/autoconf.h or $@ are missing.";\ + echo >&2 " Run 'make oldconfig && make prepare' on kernel src to fix it."; \ + echo >&2 ; \ + /bin/false) + +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + scripts/Kbuild.include | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/scripts/Kbuild.include ++++ b/scripts/Kbuild.include +@@ -394,3 +394,6 @@ endif + endef + # + ############################################################################### ++ ++# delete partially updated (i.e. corrupted) files on error ++.DELETE_ON_ERROR: diff --git a/queue-4.9/kvm-arm-arm64-fix-vgic-init-race.patch b/queue-4.9/kvm-arm-arm64-fix-vgic-init-race.patch new file mode 100644 index 00000000000..d561c7b921f --- /dev/null +++ b/queue-4.9/kvm-arm-arm64-fix-vgic-init-race.patch @@ -0,0 +1,39 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Christoffer Dall +Date: Tue, 3 Jul 2018 22:54:14 +0200 +Subject: KVM: arm/arm64: Fix vgic init race + +From: Christoffer Dall + +[ Upstream commit 1d47191de7e15900f8fbfe7cccd7c6e1c2d7c31a ] + +The vgic_init function can race with kvm_arch_vcpu_create() which does +not hold kvm_lock() and we therefore have no synchronization primitives +to ensure we're doing the right thing. + +As the user is trying to initialize or run the VM while at the same time +creating more VCPUs, we just have to refuse to initialize the VGIC in +this case rather than silently failing with a broken VCPU. + +Reviewed-by: Eric Auger +Signed-off-by: Christoffer Dall +Signed-off-by: Marc Zyngier +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + virt/kvm/arm/vgic/vgic-init.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/virt/kvm/arm/vgic/vgic-init.c ++++ b/virt/kvm/arm/vgic/vgic-init.c +@@ -241,6 +241,10 @@ int vgic_init(struct kvm *kvm) + if (vgic_initialized(kvm)) + return 0; + ++ /* Are we also in the middle of creating a VCPU? */ ++ if (kvm->created_vcpus != atomic_read(&kvm->online_vcpus)) ++ return -EBUSY; ++ + /* freeze the number of spis */ + if (!dist->nr_spis) + dist->nr_spis = VGIC_NR_IRQS_LEGACY - VGIC_NR_PRIVATE_IRQS; diff --git a/queue-4.9/mac80211-restrict-delayed-tailroom-needed-decrement.patch b/queue-4.9/mac80211-restrict-delayed-tailroom-needed-decrement.patch new file mode 100644 index 00000000000..239bac50abb --- /dev/null +++ b/queue-4.9/mac80211-restrict-delayed-tailroom-needed-decrement.patch @@ -0,0 +1,138 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Manikanta Pubbisetty +Date: Tue, 10 Jul 2018 16:48:27 +0530 +Subject: mac80211: restrict delayed tailroom needed decrement + +From: Manikanta Pubbisetty + +[ Upstream commit 133bf90dbb8b873286f8ec2e81ba26e863114b8c ] + +As explained in ieee80211_delayed_tailroom_dec(), during roam, +keys of the old AP will be destroyed and new keys will be +installed. Deletion of the old key causes +crypto_tx_tailroom_needed_cnt to go from 1 to 0 and the new key +installation causes a transition from 0 to 1. + +Whenever crypto_tx_tailroom_needed_cnt transitions from 0 to 1, +we invoke synchronize_net(); the reason for doing this is to avoid +a race in the TX path as explained in increment_tailroom_need_count(). +This synchronize_net() operation can be slow and can affect the station +roam time. To avoid this, decrementing the crypto_tx_tailroom_needed_cnt +is delayed for a while so that upon installation of new key the +transition would be from 1 to 2 instead of 0 to 1 and thereby +improving the roam time. + +This is all correct for a STA iftype, but deferring the tailroom_needed +decrement for other iftypes may be unnecessary. + +For example, let's consider the case of a 4-addr client connecting to +an AP for which AP_VLAN interface is also created, let the initial +value for tailroom_needed on the AP be 1. + +* 4-addr client connects to the AP (AP: tailroom_needed = 1) +* AP will clear old keys, delay decrement of tailroom_needed count +* AP_VLAN is created, it takes the tailroom count from master + (AP_VLAN: tailroom_needed = 1, AP: tailroom_needed = 1) +* Install new key for the station, assume key is plumbed in the HW, + there won't be any change in tailroom_needed count on AP iface +* Delayed decrement of tailroom_needed count on AP + (AP: tailroom_needed = 0, AP_VLAN: tailroom_needed = 1) + +Because of the delayed decrement on AP iface, tailroom_needed count goes +out of sync between AP(master iface) and AP_VLAN(slave iface) and +there would be unnecessary tailroom created for the packets going +through AP_VLAN iface. + +Also, WARN_ONs were observed while trying to bring down the AP_VLAN +interface: +(warn_slowpath_common) (warn_slowpath_null+0x18/0x20) +(warn_slowpath_null) (ieee80211_free_keys+0x114/0x1e4) +(ieee80211_free_keys) (ieee80211_del_virtual_monitor+0x51c/0x850) +(ieee80211_del_virtual_monitor) (ieee80211_stop+0x30/0x3c) +(ieee80211_stop) (__dev_close_many+0x94/0xb8) +(__dev_close_many) (dev_close_many+0x5c/0xc8) + +Restricting delayed decrement to station interface alone fixes the problem +and it makes sense to do so because delayed decrement is done to improve +roam time which is applicable only for client devices. + +Signed-off-by: Manikanta Pubbisetty +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/mac80211/cfg.c | 2 +- + net/mac80211/key.c | 24 +++++++++++++++--------- + 2 files changed, 16 insertions(+), 10 deletions(-) + +--- a/net/mac80211/cfg.c ++++ b/net/mac80211/cfg.c +@@ -454,7 +454,7 @@ static int ieee80211_del_key(struct wiph + goto out_unlock; + } + +- ieee80211_key_free(key, true); ++ ieee80211_key_free(key, sdata->vif.type == NL80211_IFTYPE_STATION); + + ret = 0; + out_unlock: +--- a/net/mac80211/key.c ++++ b/net/mac80211/key.c +@@ -648,11 +648,15 @@ int ieee80211_key_link(struct ieee80211_ + { + struct ieee80211_local *local = sdata->local; + struct ieee80211_key *old_key; +- int idx, ret; +- bool pairwise; +- +- pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; +- idx = key->conf.keyidx; ++ int idx = key->conf.keyidx; ++ bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; ++ /* ++ * We want to delay tailroom updates only for station - in that ++ * case it helps roaming speed, but in other cases it hurts and ++ * can cause warnings to appear. ++ */ ++ bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION; ++ int ret; + + mutex_lock(&sdata->local->key_mtx); + +@@ -680,14 +684,14 @@ int ieee80211_key_link(struct ieee80211_ + increment_tailroom_need_count(sdata); + + ieee80211_key_replace(sdata, sta, pairwise, old_key, key); +- ieee80211_key_destroy(old_key, true); ++ ieee80211_key_destroy(old_key, delay_tailroom); + + ieee80211_debugfs_key_add(key); + + if (!local->wowlan) { + ret = ieee80211_key_enable_hw_accel(key); + if (ret) +- ieee80211_key_free(key, true); ++ ieee80211_key_free(key, delay_tailroom); + } else { + ret = 0; + } +@@ -922,7 +926,8 @@ void ieee80211_free_sta_keys(struct ieee + ieee80211_key_replace(key->sdata, key->sta, + key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, + key, NULL); +- __ieee80211_key_destroy(key, true); ++ __ieee80211_key_destroy(key, key->sdata->vif.type == ++ NL80211_IFTYPE_STATION); + } + + for (i = 0; i < NUM_DEFAULT_KEYS; i++) { +@@ -932,7 +937,8 @@ void ieee80211_free_sta_keys(struct ieee + ieee80211_key_replace(key->sdata, key->sta, + key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE, + key, NULL); +- __ieee80211_key_destroy(key, true); ++ __ieee80211_key_destroy(key, key->sdata->vif.type == ++ NL80211_IFTYPE_STATION); + } + + mutex_unlock(&local->key_mtx); diff --git a/queue-4.9/media-tw686x-fix-oops-on-buffer-alloc-failure.patch b/queue-4.9/media-tw686x-fix-oops-on-buffer-alloc-failure.patch new file mode 100644 index 00000000000..f1e989895bc --- /dev/null +++ b/queue-4.9/media-tw686x-fix-oops-on-buffer-alloc-failure.patch @@ -0,0 +1,53 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Krzysztof Ha?asa +Date: Thu, 28 Jun 2018 17:45:07 -0400 +Subject: media: tw686x: Fix oops on buffer alloc failure + +From: Krzysztof Ha?asa + +[ Upstream commit 5a1a2f63d840dc2631505b607e11ff65ac1b7d3c ] + +The error path currently calls tw686x_video_free() which requires +vc->dev to be initialized, causing a NULL dereference on uninitizalized +channels. + +Fix this by setting the vc->dev fields for all the channels first. + +Fixes: f8afaa8dbc0d ("[media] tw686x: Introduce an interface to support multiple DMA modes") + +Signed-off-by: Krzysztof Ha?asa +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/pci/tw686x/tw686x-video.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/drivers/media/pci/tw686x/tw686x-video.c ++++ b/drivers/media/pci/tw686x/tw686x-video.c +@@ -1190,6 +1190,14 @@ int tw686x_video_init(struct tw686x_dev + return err; + } + ++ /* Initialize vc->dev and vc->ch for the error path */ ++ for (ch = 0; ch < max_channels(dev); ch++) { ++ struct tw686x_video_channel *vc = &dev->video_channels[ch]; ++ ++ vc->dev = dev; ++ vc->ch = ch; ++ } ++ + for (ch = 0; ch < max_channels(dev); ch++) { + struct tw686x_video_channel *vc = &dev->video_channels[ch]; + struct video_device *vdev; +@@ -1198,9 +1206,6 @@ int tw686x_video_init(struct tw686x_dev + spin_lock_init(&vc->qlock); + INIT_LIST_HEAD(&vc->vidq_queued); + +- vc->dev = dev; +- vc->ch = ch; +- + /* default settings */ + err = tw686x_set_standard(vc, V4L2_STD_NTSC); + if (err) diff --git a/queue-4.9/media-videobuf2-core-check-for-q-error-in-vb2_core_qbuf.patch b/queue-4.9/media-videobuf2-core-check-for-q-error-in-vb2_core_qbuf.patch new file mode 100644 index 00000000000..b0561d6da2b --- /dev/null +++ b/queue-4.9/media-videobuf2-core-check-for-q-error-in-vb2_core_qbuf.patch @@ -0,0 +1,39 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Hans Verkuil +Date: Thu, 5 Jul 2018 04:25:19 -0400 +Subject: media: videobuf2-core: check for q->error in vb2_core_qbuf() + +From: Hans Verkuil + +[ Upstream commit b509d733d337417bcb7fa4a35be3b9a49332b724 ] + +The vb2_core_qbuf() function didn't check if q->error was set. It is +checked in __buf_prepare(), but that function isn't called if the buffer +was already prepared before with VIDIOC_PREPARE_BUF. + +So check it at the start of vb2_core_qbuf() as well. + +Signed-off-by: Hans Verkuil +Acked-by: Sakari Ailus +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/v4l2-core/videobuf2-core.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/media/v4l2-core/videobuf2-core.c ++++ b/drivers/media/v4l2-core/videobuf2-core.c +@@ -1375,6 +1375,11 @@ int vb2_core_qbuf(struct vb2_queue *q, u + struct vb2_buffer *vb; + int ret; + ++ if (q->error) { ++ dprintk(1, "fatal error occurred on queue\n"); ++ return -EIO; ++ } ++ + vb = q->bufs[index]; + + switch (vb->state) { diff --git a/queue-4.9/mips-ath79-fix-system-restart.patch b/queue-4.9/mips-ath79-fix-system-restart.patch new file mode 100644 index 00000000000..6b6c0d5422b --- /dev/null +++ b/queue-4.9/mips-ath79-fix-system-restart.patch @@ -0,0 +1,46 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Felix Fietkau +Date: Fri, 20 Jul 2018 13:58:22 +0200 +Subject: MIPS: ath79: fix system restart + +From: Felix Fietkau + +[ Upstream commit f8a7bfe1cb2c1ebfa07775c9c8ac0ad3ba8e5ff5 ] + +This patch disables irq on reboot to fix hang issues that were observed +due to pending interrupts. + +Signed-off-by: Felix Fietkau +Signed-off-by: John Crispin +Signed-off-by: Paul Burton +Patchwork: https://patchwork.linux-mips.org/patch/19913/ +Cc: James Hogan +Cc: Ralf Baechle +Cc: linux-mips@linux-mips.org +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/ath79/setup.c | 1 + + arch/mips/include/asm/mach-ath79/ath79.h | 1 + + 2 files changed, 2 insertions(+) + +--- a/arch/mips/ath79/setup.c ++++ b/arch/mips/ath79/setup.c +@@ -40,6 +40,7 @@ static char ath79_sys_type[ATH79_SYS_TYP + + static void ath79_restart(char *command) + { ++ local_irq_disable(); + ath79_device_reset_set(AR71XX_RESET_FULL_CHIP); + for (;;) + if (cpu_wait) +--- a/arch/mips/include/asm/mach-ath79/ath79.h ++++ b/arch/mips/include/asm/mach-ath79/ath79.h +@@ -134,6 +134,7 @@ static inline u32 ath79_pll_rr(unsigned + static inline void ath79_reset_wr(unsigned reg, u32 val) + { + __raw_writel(val, ath79_reset_base + reg); ++ (void) __raw_readl(ath79_reset_base + reg); /* flush */ + } + + static inline u32 ath79_reset_rr(unsigned reg) diff --git a/queue-4.9/mips-jz4740-bump-zload-address.patch b/queue-4.9/mips-jz4740-bump-zload-address.patch new file mode 100644 index 00000000000..497fc82d18c --- /dev/null +++ b/queue-4.9/mips-jz4740-bump-zload-address.patch @@ -0,0 +1,44 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Paul Cercueil +Date: Sun, 8 Jul 2018 17:07:12 +0200 +Subject: MIPS: jz4740: Bump zload address + +From: Paul Cercueil + +[ Upstream commit c6ea7e9747318e5a6774995f4f8e3e0f7c0fa8ba ] + +Having the zload address at 0x8060.0000 means the size of the +uncompressed kernel cannot be bigger than around 6 MiB, as it is +deflated at address 0x8001.0000. + +This limit is too small; a kernel with some built-in drivers and things +like debugfs enabled will already be over 6 MiB in size, and so will +fail to extract properly. + +To fix this, we bump the zload address from 0x8060.0000 to 0x8100.0000. + +This is fine, as all the boards featuring Ingenic JZ SoCs have at least +32 MiB of RAM, and use u-boot or compatible bootloaders which won't +hardcode the load address but read it from the uImage's header. + +Signed-off-by: Paul Cercueil +Signed-off-by: Paul Burton +Patchwork: https://patchwork.linux-mips.org/patch/19787/ +Cc: Ralf Baechle +Cc: James Hogan +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/jz4740/Platform | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/jz4740/Platform ++++ b/arch/mips/jz4740/Platform +@@ -1,4 +1,4 @@ + platform-$(CONFIG_MACH_INGENIC) += jz4740/ + cflags-$(CONFIG_MACH_INGENIC) += -I$(srctree)/arch/mips/include/asm/mach-jz4740 + load-$(CONFIG_MACH_INGENIC) += 0xffffffff80010000 +-zload-$(CONFIG_MACH_INGENIC) += 0xffffffff80600000 ++zload-$(CONFIG_MACH_INGENIC) += 0xffffffff81000000 diff --git a/queue-4.9/mtd-maps-fix-solutionengine.c-printk-format-warnings.patch b/queue-4.9/mtd-maps-fix-solutionengine.c-printk-format-warnings.patch new file mode 100644 index 00000000000..5aaffe8e87c --- /dev/null +++ b/queue-4.9/mtd-maps-fix-solutionengine.c-printk-format-warnings.patch @@ -0,0 +1,60 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Randy Dunlap +Date: Tue, 24 Jul 2018 11:29:01 -0700 +Subject: mtd/maps: fix solutionengine.c printk format warnings + +From: Randy Dunlap + +[ Upstream commit 1d25e3eeed1d987404e2d2e451eebac8c15cecc1 ] + +Fix 2 printk format warnings (this driver is currently only used by +arch/sh/) by using "%pap" instead of "%lx". + +Fixes these build warnings: + +../drivers/mtd/maps/solutionengine.c: In function 'init_soleng_maps': +../include/linux/kern_levels.h:5:18: warning: format '%lx' expects argument of type 'long unsigned int', but argument 2 has type 'resource_size_t' {aka 'unsigned int'} [-Wformat=] +../drivers/mtd/maps/solutionengine.c:62:54: note: format string is defined here + printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n", + ~~~~^ + %08x +../include/linux/kern_levels.h:5:18: warning: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'resource_size_t' {aka 'unsigned int'} [-Wformat=] +../drivers/mtd/maps/solutionengine.c:62:72: note: format string is defined here + printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n", + ~~~~^ + %08x + +Cc: David Woodhouse +Cc: Brian Norris +Cc: Boris Brezillon +Cc: Marek Vasut +Cc: Richard Weinberger +Cc: linux-mtd@lists.infradead.org +Cc: Yoshinori Sato +Cc: Rich Felker +Cc: linux-sh@vger.kernel.org +Cc: Sergei Shtylyov + +Signed-off-by: Randy Dunlap +Signed-off-by: Boris Brezillon +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mtd/maps/solutionengine.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/mtd/maps/solutionengine.c ++++ b/drivers/mtd/maps/solutionengine.c +@@ -59,9 +59,9 @@ static int __init init_soleng_maps(void) + return -ENXIO; + } + } +- printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n", +- soleng_flash_map.phys & 0x1fffffff, +- soleng_eprom_map.phys & 0x1fffffff); ++ printk(KERN_NOTICE "Solution Engine: Flash at 0x%pap, EPROM at 0x%pap\n", ++ &soleng_flash_map.phys, ++ &soleng_eprom_map.phys); + flash_mtd->owner = THIS_MODULE; + + eprom_mtd = do_map_probe("map_rom", &soleng_eprom_map); diff --git a/queue-4.9/nfp-avoid-buffer-leak-when-fw-communication-fails.patch b/queue-4.9/nfp-avoid-buffer-leak-when-fw-communication-fails.patch new file mode 100644 index 00000000000..76d7133bd0a --- /dev/null +++ b/queue-4.9/nfp-avoid-buffer-leak-when-fw-communication-fails.patch @@ -0,0 +1,79 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Jakub Kicinski +Date: Fri, 20 Jul 2018 21:14:39 -0700 +Subject: nfp: avoid buffer leak when FW communication fails + +From: Jakub Kicinski + +[ Upstream commit 07300f774fec9519663a597987a4083225588be4 ] + +After device is stopped we reset the rings by moving all free buffers +to positions [0, cnt - 2], and clear the position cnt - 1 in the ring. +We then proceed to clear the read/write pointers. This means that if +we try to reset the ring again the code will assume that the next to +fill buffer is at position 0 and swap it with cnt - 1. Since we +previously cleared position cnt - 1 it will lead to leaking the first +buffer and leaving ring in a bad state. + +This scenario can only happen if FW communication fails, in which case +the ring will never be used again, so the fact it's in a bad state will +not be noticed. Buffer leak is the only problem. Don't try to move +buffers in the ring if the read/write pointers indicate the ring was +never used or have already been reset. + +nfp_net_clear_config_and_disable() is now fully idempotent. + +Found by code inspection, FW communication failures are very rare, +and reconfiguring a live device is not common either, so it's unlikely +anyone has ever noticed the leak. + +Signed-off-by: Jakub Kicinski +Reviewed-by: Dirk van der Merwe +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c ++++ b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c +@@ -990,7 +990,7 @@ static void nfp_net_tx_complete(struct n + * @nn: NFP Net device + * @tx_ring: TX ring structure + * +- * Assumes that the device is stopped ++ * Assumes that the device is stopped, must be idempotent. + */ + static void + nfp_net_tx_ring_reset(struct nfp_net *nn, struct nfp_net_tx_ring *tx_ring) +@@ -1144,13 +1144,18 @@ static void nfp_net_rx_give_one(struct n + * nfp_net_rx_ring_reset() - Reflect in SW state of freelist after disable + * @rx_ring: RX ring structure + * +- * Warning: Do *not* call if ring buffers were never put on the FW freelist +- * (i.e. device was not enabled)! ++ * Assumes that the device is stopped, must be idempotent. + */ + static void nfp_net_rx_ring_reset(struct nfp_net_rx_ring *rx_ring) + { + unsigned int wr_idx, last_idx; + ++ /* wr_p == rd_p means ring was never fed FL bufs. RX rings are always ++ * kept at cnt - 1 FL bufs. ++ */ ++ if (rx_ring->wr_p == 0 && rx_ring->rd_p == 0) ++ return; ++ + /* Move the empty entry to the end of the list */ + wr_idx = rx_ring->wr_p % rx_ring->cnt; + last_idx = rx_ring->cnt - 1; +@@ -1919,6 +1924,8 @@ static void nfp_net_vec_clear_ring_data( + /** + * nfp_net_clear_config_and_disable() - Clear control BAR and disable NFP + * @nn: NFP Net device to reconfigure ++ * ++ * Warning: must be fully idempotent. + */ + static void nfp_net_clear_config_and_disable(struct nfp_net *nn) + { diff --git a/queue-4.9/perf-powerpc-fix-callchain-ip-filtering-when-return-address-is-in-a-register.patch b/queue-4.9/perf-powerpc-fix-callchain-ip-filtering-when-return-address-is-in-a-register.patch new file mode 100644 index 00000000000..54eea6812e4 --- /dev/null +++ b/queue-4.9/perf-powerpc-fix-callchain-ip-filtering-when-return-address-is-in-a-register.patch @@ -0,0 +1,113 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Sandipan Das +Date: Tue, 10 Jul 2018 19:28:14 +0530 +Subject: perf powerpc: Fix callchain ip filtering when return address is in a register + +From: Sandipan Das + +[ Upstream commit 9068533e4f470daf2b0f29c71d865990acd8826e ] + +For powerpc64, perf will filter out the second entry in the callchain, +i.e. the LR value, if the return address of the function corresponding +to the probed location has already been saved on its caller's stack. + +The state of the return address is determined using debug information. +At any point within a function, if the return address is already saved +somewhere, a DWARF expression can tell us about its location. If the +return address in still in LR only, no DWARF expression would exist. + +Typically, the instructions in a function's prologue first copy the LR +value to R0 and then pushes R0 on to the stack. If LR has already been +copied to R0 but R0 is yet to be pushed to the stack, we can still get a +DWARF expression that says that the return address is in R0. This is +indicating that getting a DWARF expression for the return address does +not guarantee the fact that it has already been saved on the stack. + +This can be observed on a powerpc64le system running Fedora 27 as shown +below. + + # objdump -d /usr/lib64/libc-2.26.so | less + ... + 000000000015af20 : + 15af20: 0b 00 4c 3c addis r2,r12,11 + 15af24: e0 c1 42 38 addi r2,r2,-15904 + 15af28: a6 02 08 7c mflr r0 + 15af2c: f0 ff c1 fb std r30,-16(r1) + 15af30: f8 ff e1 fb std r31,-8(r1) + 15af34: 78 1b 7f 7c mr r31,r3 + 15af38: 78 23 83 7c mr r3,r4 + 15af3c: 78 2b be 7c mr r30,r5 + 15af40: 10 00 01 f8 std r0,16(r1) + 15af44: c1 ff 21 f8 stdu r1,-64(r1) + 15af48: 28 00 81 f8 std r4,40(r1) + ... + + # readelf --debug-dump=frames-interp /usr/lib64/libc-2.26.so | less + ... + 00027024 0000000000000024 00027028 FDE cie=00000000 pc=000000000015af20..000000000015af88 + LOC CFA r30 r31 ra + 000000000015af20 r1+0 u u u + 000000000015af34 r1+0 c-16 c-8 r0 + 000000000015af48 r1+64 c-16 c-8 c+16 + 000000000015af5c r1+0 c-16 c-8 c+16 + 000000000015af78 r1+0 u u + ... + + # perf probe -x /usr/lib64/libc-2.26.so -a inet_pton+0x18 + # perf record -e probe_libc:inet_pton -g ping -6 -c 1 ::1 + # perf script + +Before: + + ping 2829 [005] 512917.460174: probe_libc:inet_pton: (7fff7e2baf38) + 7fff7e2baf38 __GI___inet_pton+0x18 (/usr/lib64/libc-2.26.so) + 7fff7e2705b4 getaddrinfo+0x164 (/usr/lib64/libc-2.26.so) + 12f152d70 _init+0xbfc (/usr/bin/ping) + 7fff7e1836a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so) + 7fff7e183898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so) + 0 [unknown] ([unknown]) + +After: + + ping 2829 [005] 512917.460174: probe_libc:inet_pton: (7fff7e2baf38) + 7fff7e2baf38 __GI___inet_pton+0x18 (/usr/lib64/libc-2.26.so) + 7fff7e26fa54 gaih_inet.constprop.7+0xf44 (/usr/lib64/libc-2.26.so) + 7fff7e2705b4 getaddrinfo+0x164 (/usr/lib64/libc-2.26.so) + 12f152d70 _init+0xbfc (/usr/bin/ping) + 7fff7e1836a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so) + 7fff7e183898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so) + 0 [unknown] ([unknown]) + +Reported-by: Ravi Bangoria +Signed-off-by: Sandipan Das +Cc: Jiri Olsa +Cc: Maynard Johnson +Cc: Naveen N. Rao +Cc: Ravi Bangoria +Cc: Sukadev Bhattiprolu +Link: http://lkml.kernel.org/r/66e848a7bdf2d43b39210a705ff6d828a0865661.1530724939.git.sandipan@linux.ibm.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c ++++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c +@@ -58,9 +58,13 @@ static int check_return_reg(int ra_regno + } + + /* +- * Check if return address is on the stack. ++ * Check if return address is on the stack. If return address ++ * is in a register (typically R0), it is yet to be saved on ++ * the stack. + */ +- if (nops != 0 || ops != NULL) ++ if ((nops != 0 || ops != NULL) && ++ !(nops == 1 && ops[0].atom == DW_OP_regx && ++ ops[0].number2 == 0 && ops[0].offset == 0)) + return 0; + + /* diff --git a/queue-4.9/perf-powerpc-fix-callchain-ip-filtering.patch b/queue-4.9/perf-powerpc-fix-callchain-ip-filtering.patch new file mode 100644 index 00000000000..4d40253715a --- /dev/null +++ b/queue-4.9/perf-powerpc-fix-callchain-ip-filtering.patch @@ -0,0 +1,180 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Sandipan Das +Date: Tue, 10 Jul 2018 19:28:13 +0530 +Subject: perf powerpc: Fix callchain ip filtering + +From: Sandipan Das + +[ Upstream commit c715fcfda5a08edabaa15508742be926b7ee51db ] + +For powerpc64, redundant entries in the callchain are filtered out by +determining the state of the return address and the stack frame using +DWARF debug information. + +For making these filtering decisions we must analyze the debug +information for the location corresponding to the program counter value, +i.e. the first entry in the callchain, and not the LR value; otherwise, +perf may filter out either the second or the third entry in the +callchain incorrectly. + +This can be observed on a powerpc64le system running Fedora 27 as shown +below. + +Case 1 - Attaching a probe at inet_pton+0x8 (binary offset 0x15af28). + Return address is still in LR and a new stack frame is not yet + allocated. The LR value, i.e. the second entry, should not be + filtered out. + + # objdump -d /usr/lib64/libc-2.26.so | less + ... + 000000000010eb10 : + ... + 10fa48: 78 bb e4 7e mr r4,r23 + 10fa4c: 0a 00 60 38 li r3,10 + 10fa50: d9 b4 04 48 bl 15af28 + 10fa54: 00 00 00 60 nop + 10fa58: ac f4 ff 4b b 10ef04 + ... + 0000000000110450 : + ... + 1105a8: 54 00 ff 38 addi r7,r31,84 + 1105ac: 58 00 df 38 addi r6,r31,88 + 1105b0: 69 e5 ff 4b bl 10eb18 + 1105b4: 78 1b 71 7c mr r17,r3 + 1105b8: 50 01 7f e8 ld r3,336(r31) + ... + 000000000015af20 : + 15af20: 0b 00 4c 3c addis r2,r12,11 + 15af24: e0 c1 42 38 addi r2,r2,-15904 + 15af28: a6 02 08 7c mflr r0 + 15af2c: f0 ff c1 fb std r30,-16(r1) + 15af30: f8 ff e1 fb std r31,-8(r1) + ... + + # perf probe -x /usr/lib64/libc-2.26.so -a inet_pton+0x8 + # perf record -e probe_libc:inet_pton -g ping -6 -c 1 ::1 + # perf script + +Before: + + ping 4507 [002] 514985.546540: probe_libc:inet_pton: (7fffa7dbaf28) + 7fffa7dbaf28 __GI___inet_pton+0x8 (/usr/lib64/libc-2.26.so) + 7fffa7d705b4 getaddrinfo+0x164 (/usr/lib64/libc-2.26.so) + 13fb52d70 _init+0xbfc (/usr/bin/ping) + 7fffa7c836a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so) + 7fffa7c83898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so) + 0 [unknown] ([unknown]) + +After: + + ping 4507 [002] 514985.546540: probe_libc:inet_pton: (7fffa7dbaf28) + 7fffa7dbaf28 __GI___inet_pton+0x8 (/usr/lib64/libc-2.26.so) + 7fffa7d6fa54 gaih_inet.constprop.7+0xf44 (/usr/lib64/libc-2.26.so) + 7fffa7d705b4 getaddrinfo+0x164 (/usr/lib64/libc-2.26.so) + 13fb52d70 _init+0xbfc (/usr/bin/ping) + 7fffa7c836a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so) + 7fffa7c83898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so) + 0 [unknown] ([unknown]) + +Case 2 - Attaching a probe at _int_malloc+0x180 (binary offset 0x9cf10). + Return address in still in LR and a new stack frame has already + been allocated but not used. The caller's caller, i.e. the third + entry, is invalid and should be filtered out and not the second + one. + + # objdump -d /usr/lib64/libc-2.26.so | less + ... + 000000000009cd90 <_int_malloc>: + 9cd90: 17 00 4c 3c addis r2,r12,23 + 9cd94: 70 a3 42 38 addi r2,r2,-23696 + 9cd98: 26 00 80 7d mfcr r12 + 9cd9c: f8 ff e1 fb std r31,-8(r1) + 9cda0: 17 00 e4 3b addi r31,r4,23 + 9cda4: d8 ff 61 fb std r27,-40(r1) + 9cda8: 78 23 9b 7c mr r27,r4 + 9cdac: 1f 00 bf 2b cmpldi cr7,r31,31 + 9cdb0: f0 ff c1 fb std r30,-16(r1) + 9cdb4: b0 ff c1 fa std r22,-80(r1) + 9cdb8: 78 1b 7e 7c mr r30,r3 + 9cdbc: 08 00 81 91 stw r12,8(r1) + 9cdc0: 11 ff 21 f8 stdu r1,-240(r1) + 9cdc4: 4c 01 9d 41 bgt cr7,9cf10 <_int_malloc+0x180> + 9cdc8: 20 00 a4 2b cmpldi cr7,r4,32 + ... + 9cf08: 00 00 00 60 nop + 9cf0c: 00 00 42 60 ori r2,r2,0 + 9cf10: e4 06 ff 7b rldicr r31,r31,0,59 + 9cf14: 40 f8 a4 7f cmpld cr7,r4,r31 + 9cf18: 68 05 9d 41 bgt cr7,9d480 <_int_malloc+0x6f0> + ... + 000000000009e3c0 : + ... + 9e420: 40 02 80 38 li r4,576 + 9e424: 78 fb e3 7f mr r3,r31 + 9e428: 71 e9 ff 4b bl 9cd98 <_int_malloc+0x8> + 9e42c: 00 00 a3 2f cmpdi cr7,r3,0 + 9e430: 78 1b 7e 7c mr r30,r3 + ... + 000000000009f7a0 <__libc_malloc>: + ... + 9f8f8: 00 00 89 2f cmpwi cr7,r9,0 + 9f8fc: 1c ff 9e 40 bne cr7,9f818 <__libc_malloc+0x78> + 9f900: c9 ea ff 4b bl 9e3c8 + 9f904: 00 00 00 60 nop + 9f908: e8 90 22 e9 ld r9,-28440(r2) + ... + + # perf probe -x /usr/lib64/libc-2.26.so -a _int_malloc+0x180 + # perf record -e probe_libc:_int_malloc -g ./test-malloc + # perf script + +Before: + + test-malloc 6554 [009] 515975.797403: probe_libc:_int_malloc: (7fffa6e6cf10) + 7fffa6e6cf10 _int_malloc+0x180 (/usr/lib64/libc-2.26.so) + 7fffa6dd0000 [unknown] (/usr/lib64/libc-2.26.so) + 7fffa6e6f904 malloc+0x164 (/usr/lib64/libc-2.26.so) + 7fffa6e6f9fc malloc+0x25c (/usr/lib64/libc-2.26.so) + 100006b4 main+0x38 (/home/testuser/test-malloc) + 7fffa6df36a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so) + 7fffa6df3898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so) + 0 [unknown] ([unknown]) + +After: + + test-malloc 6554 [009] 515975.797403: probe_libc:_int_malloc: (7fffa6e6cf10) + 7fffa6e6cf10 _int_malloc+0x180 (/usr/lib64/libc-2.26.so) + 7fffa6e6e42c tcache_init.part.4+0x6c (/usr/lib64/libc-2.26.so) + 7fffa6e6f904 malloc+0x164 (/usr/lib64/libc-2.26.so) + 7fffa6e6f9fc malloc+0x25c (/usr/lib64/libc-2.26.so) + 100006b4 main+0x38 (/home/sandipan/test-malloc) + 7fffa6df36a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so) + 7fffa6df3898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so) + 0 [unknown] ([unknown]) + +Signed-off-by: Sandipan Das +Cc: Jiri Olsa +Cc: Maynard Johnson +Cc: Naveen N. Rao +Cc: Ravi Bangoria +Cc: Sukadev Bhattiprolu +Fixes: a60335ba3298 ("perf tools powerpc: Adjust callchain based on DWARF debug info") +Link: http://lkml.kernel.org/r/24bb726d91ed173aebc972ec3f41a2ef2249434e.1530724939.git.sandipan@linux.ibm.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c ++++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c +@@ -250,7 +250,7 @@ int arch_skip_callchain_idx(struct threa + if (!chain || chain->nr < 3) + return skip_slot; + +- ip = chain->ips[2]; ++ ip = chain->ips[1]; + + thread__find_addr_location(thread, PERF_RECORD_MISC_USER, + MAP__FUNCTION, ip, &al); diff --git a/queue-4.9/perf-test-fix-subtest-number-when-showing-results.patch b/queue-4.9/perf-test-fix-subtest-number-when-showing-results.patch new file mode 100644 index 00000000000..fd675495580 --- /dev/null +++ b/queue-4.9/perf-test-fix-subtest-number-when-showing-results.patch @@ -0,0 +1,69 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Thomas Richter +Date: Tue, 24 Jul 2018 15:48:58 +0200 +Subject: perf test: Fix subtest number when showing results + +From: Thomas Richter + +[ Upstream commit 9ef0112442bdddef5fb55adf20b3a5464b33de75 ] + +Perf test 40 for example has several subtests numbered 1-4 when +displaying the start of the subtest. When the subtest results +are displayed the subtests are numbered 0-3. + +Use this command to generate trace output: + + [root@s35lp76 perf]# ./perf test -Fv 40 2>/tmp/bpf1 + +Fix this by adjusting the subtest number when show the +subtest result. + +Output before: + + [root@s35lp76 perf]# egrep '(^40\.[0-4]| subtest [0-4]:)' /tmp/bpf1 + 40.1: Basic BPF filtering : + BPF filter subtest 0: Ok + 40.2: BPF pinning : + BPF filter subtest 1: Ok + 40.3: BPF prologue generation : + BPF filter subtest 2: Ok + 40.4: BPF relocation checker : + BPF filter subtest 3: Ok + [root@s35lp76 perf]# + +Output after: + + root@s35lp76 ~]# egrep '(^40\.[0-4]| subtest [0-4]:)' /tmp/bpf1 + 40.1: Basic BPF filtering : + BPF filter subtest 1: Ok + 40.2: BPF pinning : + BPF filter subtest 2: Ok + 40.3: BPF prologue generation : + BPF filter subtest 3: Ok + 40.4: BPF relocation checker : + BPF filter subtest 4: Ok + [root@s35lp76 ~]# + +Signed-off-by: Thomas Richter +Reviewed-by: Hendrik Brueckner +Cc: Heiko Carstens +Cc: Martin Schwidefsky +Link: http://lkml.kernel.org/r/20180724134858.100644-1-tmricht@linux.ibm.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/tests/builtin-test.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/tests/builtin-test.c ++++ b/tools/perf/tests/builtin-test.c +@@ -413,7 +413,7 @@ static int __cmd_test(int argc, const ch + for (subi = 0; subi < subn; subi++) { + pr_info("%2d.%1d: %-*s:", i, subi + 1, subw, + t->subtest.get_desc(subi)); +- err = test_and_print(t, skip, subi); ++ err = test_and_print(t, skip, subi + 1); + if (err != TEST_OK && t->subtest.skip_if_fail) + skip = true; + } diff --git a/queue-4.9/platform-x86-toshiba_acpi-fix-defined-but-not-used-build-warnings.patch b/queue-4.9/platform-x86-toshiba_acpi-fix-defined-but-not-used-build-warnings.patch new file mode 100644 index 00000000000..8d2a37a4f38 --- /dev/null +++ b/queue-4.9/platform-x86-toshiba_acpi-fix-defined-but-not-used-build-warnings.patch @@ -0,0 +1,44 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Randy Dunlap +Date: Fri, 6 Jul 2018 20:53:09 -0700 +Subject: platform/x86: toshiba_acpi: Fix defined but not used build warnings + +From: Randy Dunlap + +[ Upstream commit c2e2a618eb7104e18fdcf739d4d911563812a81c ] + +Fix a build warning in toshiba_acpi.c when CONFIG_PROC_FS is not enabled +by marking the unused function as __maybe_unused. + +../drivers/platform/x86/toshiba_acpi.c:1685:12: warning: 'version_proc_show' defined but not used [-Wunused-function] + +Signed-off-by: Randy Dunlap +Cc: Azael Avalos +Cc: platform-driver-x86@vger.kernel.org +Cc: Andy Shevchenko +Signed-off-by: Darren Hart (VMware) +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/platform/x86/toshiba_acpi.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/platform/x86/toshiba_acpi.c ++++ b/drivers/platform/x86/toshiba_acpi.c +@@ -34,6 +34,7 @@ + #define TOSHIBA_ACPI_VERSION "0.24" + #define PROC_INTERFACE_VERSION 1 + ++#include + #include + #include + #include +@@ -1687,7 +1688,7 @@ static const struct file_operations keys + .write = keys_proc_write, + }; + +-static int version_proc_show(struct seq_file *m, void *v) ++static int __maybe_unused version_proc_show(struct seq_file *m, void *v) + { + seq_printf(m, "driver: %s\n", TOSHIBA_ACPI_VERSION); + seq_printf(m, "proc_interface: %d\n", PROC_INTERFACE_VERSION); diff --git a/queue-4.9/powerpc-powernv-opal_put_chars-partial-write-fix.patch b/queue-4.9/powerpc-powernv-opal_put_chars-partial-write-fix.patch new file mode 100644 index 00000000000..3923519a6bb --- /dev/null +++ b/queue-4.9/powerpc-powernv-opal_put_chars-partial-write-fix.patch @@ -0,0 +1,38 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Nicholas Piggin +Date: Tue, 1 May 2018 00:55:44 +1000 +Subject: powerpc/powernv: opal_put_chars partial write fix + +From: Nicholas Piggin + +[ Upstream commit bd90284cc6c1c9e8e48c8eadd0c79574fcce0b81 ] + +The intention here is to consume and discard the remaining buffer +upon error. This works if there has not been a previous partial write. +If there has been, then total_len is no longer total number of bytes +to copy. total_len is always "bytes left to copy", so it should be +added to written bytes. + +This code may not be exercised any more if partial writes will not be +hit, but this is a small bugfix before a larger change. + +Reviewed-by: Benjamin Herrenschmidt +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/platforms/powernv/opal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/platforms/powernv/opal.c ++++ b/arch/powerpc/platforms/powernv/opal.c +@@ -369,7 +369,7 @@ int opal_put_chars(uint32_t vtermno, con + /* Closed or other error drop */ + if (rc != OPAL_SUCCESS && rc != OPAL_BUSY && + rc != OPAL_BUSY_EVENT) { +- written = total_len; ++ written += total_len; + break; + } + if (rc == OPAL_SUCCESS) { diff --git a/queue-4.9/s390-qeth-fix-race-in-used-buffer-accounting.patch b/queue-4.9/s390-qeth-fix-race-in-used-buffer-accounting.patch new file mode 100644 index 00000000000..3aaf876f047 --- /dev/null +++ b/queue-4.9/s390-qeth-fix-race-in-used-buffer-accounting.patch @@ -0,0 +1,40 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Julian Wiedmann +Date: Thu, 19 Jul 2018 12:43:48 +0200 +Subject: s390/qeth: fix race in used-buffer accounting + +From: Julian Wiedmann + +[ Upstream commit a702349a4099cd5a7bab0904689d8e0bf8dcd622 ] + +By updating q->used_buffers only _after_ do_QDIO() has completed, there +is a potential race against the buffer's TX completion. In the unlikely +case that the TX completion path wins, qeth_qdio_output_handler() would +decrement the counter before qeth_flush_buffers() even incremented it. + +Signed-off-by: Julian Wiedmann +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/s390/net/qeth_core_main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/s390/net/qeth_core_main.c ++++ b/drivers/s390/net/qeth_core_main.c +@@ -3499,13 +3499,14 @@ static void qeth_flush_buffers(struct qe + qdio_flags = QDIO_FLAG_SYNC_OUTPUT; + if (atomic_read(&queue->set_pci_flags_count)) + qdio_flags |= QDIO_FLAG_PCI_OUT; ++ atomic_add(count, &queue->used_buffers); ++ + rc = do_QDIO(CARD_DDEV(queue->card), qdio_flags, + queue->queue_no, index, count); + if (queue->card->options.performance_stats) + queue->card->perf_stats.outbound_do_qdio_time += + qeth_get_micros() - + queue->card->perf_stats.outbound_do_qdio_start_time; +- atomic_add(count, &queue->used_buffers); + if (rc) { + queue->card->stats.tx_errors += count; + /* ignore temporary SIGA errors without busy condition */ diff --git a/queue-4.9/s390-qeth-reset-layer2-attribute-on-layer-switch.patch b/queue-4.9/s390-qeth-reset-layer2-attribute-on-layer-switch.patch new file mode 100644 index 00000000000..9d85f3bc8db --- /dev/null +++ b/queue-4.9/s390-qeth-reset-layer2-attribute-on-layer-switch.patch @@ -0,0 +1,37 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Julian Wiedmann +Date: Thu, 19 Jul 2018 12:43:49 +0200 +Subject: s390/qeth: reset layer2 attribute on layer switch + +From: Julian Wiedmann + +[ Upstream commit 70551dc46ffa3555a0b5f3545b0cd87ab67fd002 ] + +After the subdriver's remove() routine has completed, the card's layer +mode is undetermined again. Reflect this in the layer2 field. + +If qeth_dev_layer2_store() hits an error after remove() was called, the +card _always_ requires a setup(), even if the previous layer mode is +requested again. +But qeth_dev_layer2_store() bails out early if the requested layer mode +still matches the current one. So unless we reset the layer2 field, +re-probing the card back to its previous mode is currently not possible. + +Signed-off-by: Julian Wiedmann +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/s390/net/qeth_core_sys.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/s390/net/qeth_core_sys.c ++++ b/drivers/s390/net/qeth_core_sys.c +@@ -423,6 +423,7 @@ static ssize_t qeth_dev_layer2_store(str + if (card->discipline) { + card->discipline->remove(card->gdev); + qeth_core_free_discipline(card); ++ card->options.layer2 = -1; + } + + rc = qeth_core_load_discipline(card, newdis); diff --git a/queue-4.9/series b/queue-4.9/series index b5d7000690f..dac542ba3cb 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -2,3 +2,45 @@ be2net-fix-memory-leak-in-be_cmd_get_profile_config.patch rds-fix-two-rcu-related-problems.patch net-mlx5-fix-use-after-free-in-self-healing-flow.patch net-mlx5-fix-debugfs-cleanup-in-the-device-init-remove-flow.patch +iommu-arm-smmu-v3-sync-the-ovackflg-to-priq-consumer-register.patch +alsa-msnd-fix-the-default-sample-sizes.patch +alsa-usb-audio-fix-multiple-definitions-in-au0828_device-macro.patch +xfrm-fix-passing-zero-to-err_ptr-warning.patch +gfs2-special-case-rindex-for-gfs2_grow.patch +clk-imx6ul-fix-missing-of_node_put.patch +clk-clk-fixed-factor-clear-of_populated-flag-in-case-of-failure.patch +kbuild-add-.delete_on_error-special-target.patch +media-tw686x-fix-oops-on-buffer-alloc-failure.patch +dmaengine-pl330-fix-irq-race-with-terminate_all.patch +mips-ath79-fix-system-restart.patch +media-videobuf2-core-check-for-q-error-in-vb2_core_qbuf.patch +ib-rxe-drop-qp0-silently.patch +mtd-maps-fix-solutionengine.c-printk-format-warnings.patch +perf-test-fix-subtest-number-when-showing-results.patch +gfs2-don-t-reject-a-supposedly-full-bitmap-if-we-have-blocks-reserved.patch +fbdev-omapfb-off-by-one-in-omapfb_register_client.patch +video-goldfishfb-fix-memory-leak-on-driver-remove.patch +fbdev-via-fix-defined-but-not-used-warning.patch +perf-powerpc-fix-callchain-ip-filtering-when-return-address-is-in-a-register.patch +video-fbdev-pxafb-clear-allocated-memory-for-video-modes.patch +fbdev-distinguish-between-interlaced-and-progressive-modes.patch +arm-exynos-clear-global-variable-on-init-error-path.patch +perf-powerpc-fix-callchain-ip-filtering.patch +powerpc-powernv-opal_put_chars-partial-write-fix.patch +mips-jz4740-bump-zload-address.patch +mac80211-restrict-delayed-tailroom-needed-decrement.patch +smack-fix-handling-of-ipv4-traffic-received-by-pf_inet6-sockets.patch +wan-fsl_ucc_hdlc-use-is_err_value-to-check-return-value-of-qe_muram_alloc.patch +efi-arm-preserve-early-mapping-of-uefi-memory-map-longer-for-bgrt.patch +nfp-avoid-buffer-leak-when-fw-communication-fails.patch +xen-netfront-fix-queue-name-setting.patch +arm64-dts-qcom-db410c-fix-bluetooth-led-trigger.patch +arm-dts-qcom-msm8974-hammerhead-increase-load-on-l20-for-sdhci.patch +s390-qeth-fix-race-in-used-buffer-accounting.patch +s390-qeth-reset-layer2-attribute-on-layer-switch.patch +platform-x86-toshiba_acpi-fix-defined-but-not-used-build-warnings.patch +kvm-arm-arm64-fix-vgic-init-race.patch +drivers-base-stop-new-probing-during-shutdown.patch +dmaengine-mv_xor_v2-kill-the-tasklets-upon-exit.patch +crypto-sharah-unregister-correct-algorithms-for-sahara-3.patch +xen-netfront-fix-warn-message-as-irq-device-name-has.patch diff --git a/queue-4.9/smack-fix-handling-of-ipv4-traffic-received-by-pf_inet6-sockets.patch b/queue-4.9/smack-fix-handling-of-ipv4-traffic-received-by-pf_inet6-sockets.patch new file mode 100644 index 00000000000..2134def0c63 --- /dev/null +++ b/queue-4.9/smack-fix-handling-of-ipv4-traffic-received-by-pf_inet6-sockets.patch @@ -0,0 +1,83 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Piotr Sawicki +Date: Thu, 19 Jul 2018 11:42:58 +0200 +Subject: Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets + +From: Piotr Sawicki + +[ Upstream commit 129a99890936766f4b69b9da7ed88366313a9210 ] + +A socket which has sk_family set to PF_INET6 is able to receive not +only IPv6 but also IPv4 traffic (IPv4-mapped IPv6 addresses). + +Prior to this patch, the smk_skb_to_addr_ipv6() could have been +called for socket buffers containing IPv4 packets, in result such +traffic was allowed. + +Signed-off-by: Piotr Sawicki +Signed-off-by: Casey Schaufler +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + security/smack/smack_lsm.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -3966,15 +3966,19 @@ static int smack_socket_sock_rcv_skb(str + struct smack_known *skp = NULL; + int rc = 0; + struct smk_audit_info ad; ++ u16 family = sk->sk_family; + #ifdef CONFIG_AUDIT + struct lsm_network_audit net; + #endif + #if IS_ENABLED(CONFIG_IPV6) + struct sockaddr_in6 sadd; + int proto; ++ ++ if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) ++ family = PF_INET; + #endif /* CONFIG_IPV6 */ + +- switch (sk->sk_family) { ++ switch (family) { + case PF_INET: + #ifdef CONFIG_SECURITY_SMACK_NETFILTER + /* +@@ -3992,7 +3996,7 @@ static int smack_socket_sock_rcv_skb(str + */ + netlbl_secattr_init(&secattr); + +- rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr); ++ rc = netlbl_skbuff_getattr(skb, family, &secattr); + if (rc == 0) + skp = smack_from_secattr(&secattr, ssp); + else +@@ -4005,7 +4009,7 @@ access_check: + #endif + #ifdef CONFIG_AUDIT + smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); +- ad.a.u.net->family = sk->sk_family; ++ ad.a.u.net->family = family; + ad.a.u.net->netif = skb->skb_iif; + ipv4_skb_to_auditdata(skb, &ad.a, NULL); + #endif +@@ -4019,7 +4023,7 @@ access_check: + rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in, + MAY_WRITE, rc); + if (rc != 0) +- netlbl_skbuff_err(skb, sk->sk_family, rc, 0); ++ netlbl_skbuff_err(skb, family, rc, 0); + break; + #if IS_ENABLED(CONFIG_IPV6) + case PF_INET6: +@@ -4035,7 +4039,7 @@ access_check: + skp = smack_net_ambient; + #ifdef CONFIG_AUDIT + smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net); +- ad.a.u.net->family = sk->sk_family; ++ ad.a.u.net->family = family; + ad.a.u.net->netif = skb->skb_iif; + ipv6_skb_to_auditdata(skb, &ad.a, NULL); + #endif /* CONFIG_AUDIT */ diff --git a/queue-4.9/video-fbdev-pxafb-clear-allocated-memory-for-video-modes.patch b/queue-4.9/video-fbdev-pxafb-clear-allocated-memory-for-video-modes.patch new file mode 100644 index 00000000000..8573d3ec8fb --- /dev/null +++ b/queue-4.9/video-fbdev-pxafb-clear-allocated-memory-for-video-modes.patch @@ -0,0 +1,36 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Daniel Mack +Date: Tue, 24 Jul 2018 19:11:25 +0200 +Subject: video: fbdev: pxafb: clear allocated memory for video modes + +From: Daniel Mack + +[ Upstream commit b951d80aaf224b1f774e10def672f5e37488e4ee ] + +When parsing the video modes from DT properties, make sure to zero out +memory before using it. This is important because not all fields in the mode +struct are explicitly initialized, even though they are used later on. + +Fixes: 420a488278e86 ("video: fbdev: pxafb: initial devicetree conversion") +Reviewed-by: Robert Jarzmik +Signed-off-by: Daniel Mack +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/video/fbdev/pxafb.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/video/fbdev/pxafb.c ++++ b/drivers/video/fbdev/pxafb.c +@@ -2128,8 +2128,8 @@ static int of_get_pxafb_display(struct d + return -EINVAL; + + ret = -ENOMEM; +- info->modes = kmalloc_array(timings->num_timings, +- sizeof(info->modes[0]), GFP_KERNEL); ++ info->modes = kcalloc(timings->num_timings, sizeof(info->modes[0]), ++ GFP_KERNEL); + if (!info->modes) + goto out; + info->num_modes = timings->num_timings; diff --git a/queue-4.9/video-goldfishfb-fix-memory-leak-on-driver-remove.patch b/queue-4.9/video-goldfishfb-fix-memory-leak-on-driver-remove.patch new file mode 100644 index 00000000000..3633b524c6d --- /dev/null +++ b/queue-4.9/video-goldfishfb-fix-memory-leak-on-driver-remove.patch @@ -0,0 +1,37 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Anton Vasilyev +Date: Tue, 24 Jul 2018 19:11:27 +0200 +Subject: video: goldfishfb: fix memory leak on driver remove + +From: Anton Vasilyev + +[ Upstream commit 5958fde72d04e7b8c6de3669d1f794a90997e3eb ] + +goldfish_fb_probe() allocates memory for fb, but goldfish_fb_remove() does +not have deallocation of fb, which leads to memory leak on probe/remove. + +The patch adds deallocation into goldfish_fb_remove(). + +Found by Linux Driver Verification project (linuxtesting.org). + +Signed-off-by: Anton Vasilyev +Cc: Aleksandar Markovic +Cc: Miodrag Dinic +Cc: Goran Ferenc +Signed-off-by: Bartlomiej Zolnierkiewicz +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/video/fbdev/goldfishfb.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/video/fbdev/goldfishfb.c ++++ b/drivers/video/fbdev/goldfishfb.c +@@ -301,6 +301,7 @@ static int goldfish_fb_remove(struct pla + dma_free_coherent(&pdev->dev, framesize, (void *)fb->fb.screen_base, + fb->fb.fix.smem_start); + iounmap(fb->reg_base); ++ kfree(fb); + return 0; + } + diff --git a/queue-4.9/wan-fsl_ucc_hdlc-use-is_err_value-to-check-return-value-of-qe_muram_alloc.patch b/queue-4.9/wan-fsl_ucc_hdlc-use-is_err_value-to-check-return-value-of-qe_muram_alloc.patch new file mode 100644 index 00000000000..a87ac1367cf --- /dev/null +++ b/queue-4.9/wan-fsl_ucc_hdlc-use-is_err_value-to-check-return-value-of-qe_muram_alloc.patch @@ -0,0 +1,49 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: YueHaibing +Date: Mon, 23 Jul 2018 22:12:33 +0800 +Subject: wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc + +From: YueHaibing + +[ Upstream commit fd800f646402c0f85547166b59ca065175928b7b ] + +qe_muram_alloc return a unsigned long integer,which should not +compared with zero. check it using IS_ERR_VALUE() to fix this. + +Fixes: c19b6d246a35 ("drivers/net: support hdlc function for QE-UCC") +Signed-off-by: YueHaibing +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wan/fsl_ucc_hdlc.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/wan/fsl_ucc_hdlc.c ++++ b/drivers/net/wan/fsl_ucc_hdlc.c +@@ -161,7 +161,7 @@ static int uhdlc_init(struct ucc_hdlc_pr + priv->ucc_pram_offset = qe_muram_alloc(sizeof(struct ucc_hdlc_param), + ALIGNMENT_OF_UCC_HDLC_PRAM); + +- if (priv->ucc_pram_offset < 0) { ++ if (IS_ERR_VALUE(priv->ucc_pram_offset)) { + dev_err(priv->dev, "Can not allocate MURAM for hdlc parameter.\n"); + ret = -ENOMEM; + goto free_tx_bd; +@@ -197,14 +197,14 @@ static int uhdlc_init(struct ucc_hdlc_pr + + /* Alloc riptr, tiptr */ + riptr = qe_muram_alloc(32, 32); +- if (riptr < 0) { ++ if (IS_ERR_VALUE(riptr)) { + dev_err(priv->dev, "Cannot allocate MURAM mem for Receive internal temp data pointer\n"); + ret = -ENOMEM; + goto free_tx_skbuff; + } + + tiptr = qe_muram_alloc(32, 32); +- if (tiptr < 0) { ++ if (IS_ERR_VALUE(tiptr)) { + dev_err(priv->dev, "Cannot allocate MURAM mem for Transmit internal temp data pointer\n"); + ret = -ENOMEM; + goto free_riptr; diff --git a/queue-4.9/xen-netfront-fix-queue-name-setting.patch b/queue-4.9/xen-netfront-fix-queue-name-setting.patch new file mode 100644 index 00000000000..0e0fee24cb1 --- /dev/null +++ b/queue-4.9/xen-netfront-fix-queue-name-setting.patch @@ -0,0 +1,53 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Vitaly Kuznetsov +Date: Fri, 20 Jul 2018 18:33:59 +0200 +Subject: xen-netfront: fix queue name setting + +From: Vitaly Kuznetsov + +[ Upstream commit 2d408c0d4574b01b9ed45e02516888bf925e11a9 ] + +Commit f599c64fdf7d ("xen-netfront: Fix race between device setup and +open") changed the initialization order: xennet_create_queues() now +happens before we do register_netdev() so using netdev->name in +xennet_init_queue() is incorrect, we end up with the following in +/proc/interrupts: + + 60: 139 0 xen-dyn -event eth%d-q0-tx + 61: 265 0 xen-dyn -event eth%d-q0-rx + 62: 234 0 xen-dyn -event eth%d-q1-tx + 63: 1 0 xen-dyn -event eth%d-q1-rx + +and this looks ugly. Actually, using early netdev name (even when it's +already set) is also not ideal: nowadays we tend to rename eth devices +and queue name may end up not corresponding to the netdev name. + +Use nodename from xenbus device for queue naming: this can't change in VM's +lifetime. Now /proc/interrupts looks like + + 62: 202 0 xen-dyn -event device/vif/0-q0-tx + 63: 317 0 xen-dyn -event device/vif/0-q0-rx + 64: 262 0 xen-dyn -event device/vif/0-q1-tx + 65: 17 0 xen-dyn -event device/vif/0-q1-rx + +Fixes: f599c64fdf7d ("xen-netfront: Fix race between device setup and open") +Signed-off-by: Vitaly Kuznetsov +Reviewed-by: Ross Lagerwall +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/xen-netfront.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -1630,7 +1630,7 @@ static int xennet_init_queue(struct netf + (unsigned long)queue); + + snprintf(queue->name, sizeof(queue->name), "%s-q%u", +- queue->info->netdev->name, queue->id); ++ queue->info->xbdev->nodename, queue->id); + + /* Initialise tx_skbs as a free chain containing every entry. */ + queue->tx_skb_freelist = 0; diff --git a/queue-4.9/xen-netfront-fix-warn-message-as-irq-device-name-has.patch b/queue-4.9/xen-netfront-fix-warn-message-as-irq-device-name-has.patch new file mode 100644 index 00000000000..848373a8a19 --- /dev/null +++ b/queue-4.9/xen-netfront-fix-warn-message-as-irq-device-name-has.patch @@ -0,0 +1,95 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: Xiao Liang +Date: Tue, 14 Aug 2018 23:21:28 +0800 +Subject: xen-netfront: fix warn message as irq device name has '/' + +From: Xiao Liang + +[ Upstream commit 21f2706b20100bb3db378461ab9b8e2035309b5b ] + +There is a call trace generated after commit 2d408c0d4574b01b9ed45e02516888bf925e11a9( +xen-netfront: fix queue name setting). There is no 'device/vif/xx-q0-tx' file found +under /proc/irq/xx/. + +This patch only picks up device type and id as its name. + +With the patch, now /proc/interrupts looks like below and the warning message gone: + 70: 21 0 0 0 xen-dyn -event vif0-q0-tx + 71: 15 0 0 0 xen-dyn -event vif0-q0-rx + 72: 14 0 0 0 xen-dyn -event vif0-q1-tx + 73: 33 0 0 0 xen-dyn -event vif0-q1-rx + 74: 12 0 0 0 xen-dyn -event vif0-q2-tx + 75: 24 0 0 0 xen-dyn -event vif0-q2-rx + 76: 19 0 0 0 xen-dyn -event vif0-q3-tx + 77: 21 0 0 0 xen-dyn -event vif0-q3-rx + +Below is call trace information without this patch: + +name 'device/vif/0-q0-tx' +WARNING: CPU: 2 PID: 37 at fs/proc/generic.c:174 __xlate_proc_name+0x85/0xa0 +RIP: 0010:__xlate_proc_name+0x85/0xa0 +RSP: 0018:ffffb85c40473c18 EFLAGS: 00010286 +RAX: 0000000000000000 RBX: 0000000000000006 RCX: 0000000000000006 +RDX: 0000000000000007 RSI: 0000000000000096 RDI: ffff984c7f516930 +RBP: ffffb85c40473cb8 R08: 000000000000002c R09: 0000000000000229 +R10: 0000000000000000 R11: 0000000000000001 R12: ffffb85c40473c98 +R13: ffffb85c40473cb8 R14: ffffb85c40473c50 R15: 0000000000000000 +FS: 0000000000000000(0000) GS:ffff984c7f500000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007f69b6899038 CR3: 000000001c20a006 CR4: 00000000001606e0 +Call Trace: +__proc_create+0x45/0x230 +? snprintf+0x49/0x60 +proc_mkdir_data+0x35/0x90 +register_handler_proc+0xef/0x110 +? proc_register+0xfc/0x110 +? proc_create_data+0x70/0xb0 +__setup_irq+0x39b/0x660 +? request_threaded_irq+0xad/0x160 +request_threaded_irq+0xf5/0x160 +? xennet_tx_buf_gc+0x1d0/0x1d0 [xen_netfront] +bind_evtchn_to_irqhandler+0x3d/0x70 +? xenbus_alloc_evtchn+0x41/0xa0 +netback_changed+0xa46/0xcda [xen_netfront] +? find_watch+0x40/0x40 +xenwatch_thread+0xc5/0x160 +? finish_wait+0x80/0x80 +kthread+0x112/0x130 +? kthread_create_worker_on_cpu+0x70/0x70 +ret_from_fork+0x35/0x40 +Code: 81 5c 00 48 85 c0 75 cc 5b 49 89 2e 31 c0 5d 4d 89 3c 24 41 5c 41 5d 41 5e 41 5f c3 4c 89 ee 48 c7 c7 40 4f 0e b4 e8 65 ea d8 ff <0f> 0b b8 fe ff ff ff 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 0f 1f +---[ end trace 650e5561b0caab3a ]--- + +Signed-off-by: Xiao Liang +Reviewed-by: Juergen Gross + +Signed-off-by: David S. Miller + +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/xen-netfront.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -1622,6 +1622,7 @@ static int xennet_init_queue(struct netf + { + unsigned short i; + int err = 0; ++ char *devid; + + spin_lock_init(&queue->tx_lock); + spin_lock_init(&queue->rx_lock); +@@ -1629,8 +1630,9 @@ static int xennet_init_queue(struct netf + setup_timer(&queue->rx_refill_timer, rx_refill_timeout, + (unsigned long)queue); + +- snprintf(queue->name, sizeof(queue->name), "%s-q%u", +- queue->info->xbdev->nodename, queue->id); ++ devid = strrchr(queue->info->xbdev->nodename, '/') + 1; ++ snprintf(queue->name, sizeof(queue->name), "vif%s-q%u", ++ devid, queue->id); + + /* Initialise tx_skbs as a free chain containing every entry. */ + queue->tx_skb_freelist = 0; diff --git a/queue-4.9/xfrm-fix-passing-zero-to-err_ptr-warning.patch b/queue-4.9/xfrm-fix-passing-zero-to-err_ptr-warning.patch new file mode 100644 index 00000000000..6b740d02f01 --- /dev/null +++ b/queue-4.9/xfrm-fix-passing-zero-to-err_ptr-warning.patch @@ -0,0 +1,39 @@ +From foo@baz Fri Sep 21 09:36:02 CEST 2018 +From: YueHaibing +Date: Wed, 25 Jul 2018 16:54:33 +0800 +Subject: xfrm: fix 'passing zero to ERR_PTR()' warning + +From: YueHaibing + +[ Upstream commit 934ffce1343f22ed5e2d0bd6da4440f4848074de ] + +Fix a static code checker warning: + + net/xfrm/xfrm_policy.c:1836 xfrm_resolve_and_create_bundle() warn: passing zero to 'ERR_PTR' + +xfrm_tmpl_resolve return 0 just means no xdst found, return NULL +instead of passing zero to ERR_PTR. + +Fixes: d809ec895505 ("xfrm: do not assume that template resolving always returns xfrms") +Signed-off-by: YueHaibing +Signed-off-by: Steffen Klassert +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/xfrm/xfrm_policy.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -1873,7 +1873,10 @@ xfrm_resolve_and_create_bundle(struct xf + /* Try to instantiate a bundle */ + err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family); + if (err <= 0) { +- if (err != 0 && err != -EAGAIN) ++ if (err == 0) ++ return NULL; ++ ++ if (err != -EAGAIN) + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR); + return ERR_PTR(err); + }