From: Greg Kroah-Hartman Date: Wed, 5 Oct 2016 08:17:47 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.8.1~25 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=52609fd89afec82d5a95b3ca46c3f4d825890005;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: arm-8618-1-decompressor-reset-ttbcr-fields-to-use-ttbr0-on-armv7.patch arm64-debug-avoid-resetting-stepping-state-machine-when-tif_singlestep.patch gpio-sa1100-fix-irq-probing-for-ucb1x00.patch irqchip-gicv3-silence-noisy-debug_per_cpu_maps-warning.patch usb-gadget-fsl_qe_udc-signedness-bug-in-qe_get_frame.patch --- diff --git a/queue-4.4/arm-8618-1-decompressor-reset-ttbcr-fields-to-use-ttbr0-on-armv7.patch b/queue-4.4/arm-8618-1-decompressor-reset-ttbcr-fields-to-use-ttbr0-on-armv7.patch new file mode 100644 index 00000000000..30f7054d171 --- /dev/null +++ b/queue-4.4/arm-8618-1-decompressor-reset-ttbcr-fields-to-use-ttbr0-on-armv7.patch @@ -0,0 +1,42 @@ +From 117e5e9c4cfcb7628f08de074fbfefec1bb678b7 Mon Sep 17 00:00:00 2001 +From: Srinivas Ramana +Date: Fri, 30 Sep 2016 15:03:31 +0100 +Subject: ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7 + +From: Srinivas Ramana + +commit 117e5e9c4cfcb7628f08de074fbfefec1bb678b7 upstream. + +If the bootloader uses the long descriptor format and jumps to +kernel decompressor code, TTBCR may not be in a right state. +Before enabling the MMU, it is required to clear the TTBCR.PD0 +field to use TTBR0 for translation table walks. + +The commit dbece45894d3a ("ARM: 7501/1: decompressor: +reset ttbcr for VMSA ARMv7 cores") does the reset of TTBCR.N, but +doesn't consider all the bits for the size of TTBCR.N. + +Clear TTBCR.PD0 field and reset all the three bits of TTBCR.N to +indicate the use of TTBR0 and the correct base address width. + +Fixes: dbece45894d3 ("ARM: 7501/1: decompressor: reset ttbcr for VMSA ARMv7 cores") +Acked-by: Robin Murphy +Signed-off-by: Srinivas Ramana +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/boot/compressed/head.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/boot/compressed/head.S ++++ b/arch/arm/boot/compressed/head.S +@@ -776,7 +776,7 @@ __armv7_mmu_cache_on: + orrne r0, r0, #1 @ MMU enabled + movne r1, #0xfffffffd @ domain 0 = client + bic r6, r6, #1 << 31 @ 32-bit translation system +- bic r6, r6, #3 << 0 @ use only ttbr0 ++ bic r6, r6, #(7 << 0) | (1 << 4) @ use only ttbr0 + mcrne p15, 0, r3, c2, c0, 0 @ load page table pointer + mcrne p15, 0, r1, c3, c0, 0 @ load domain access control + mcrne p15, 0, r6, c2, c0, 2 @ load ttb control diff --git a/queue-4.4/arm64-debug-avoid-resetting-stepping-state-machine-when-tif_singlestep.patch b/queue-4.4/arm64-debug-avoid-resetting-stepping-state-machine-when-tif_singlestep.patch new file mode 100644 index 00000000000..4cfd9eb304a --- /dev/null +++ b/queue-4.4/arm64-debug-avoid-resetting-stepping-state-machine-when-tif_singlestep.patch @@ -0,0 +1,46 @@ +From 3a402a709500c5a3faca2111668c33d96555e35a Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Fri, 26 Aug 2016 11:36:39 +0100 +Subject: arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP + +From: Will Deacon + +commit 3a402a709500c5a3faca2111668c33d96555e35a upstream. + +When TIF_SINGLESTEP is set for a task, the single-step state machine is +enabled and we must take care not to reset it to the active-not-pending +state if it is already in the active-pending state. + +Unfortunately, that's exactly what user_enable_single_step does, by +unconditionally setting the SS bit in the SPSR for the current task. +This causes failures in the GDB testsuite, where GDB ends up missing +expected step traps if the instruction being stepped generates another +trap, e.g. PTRACE_EVENT_FORK from an SVC instruction. + +This patch fixes the problem by preserving the current state of the +stepping state machine when TIF_SINGLESTEP is set on the current thread. + +Cc: +Reported-by: Yao Qi +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/debug-monitors.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kernel/debug-monitors.c ++++ b/arch/arm64/kernel/debug-monitors.c +@@ -422,8 +422,10 @@ int kernel_active_single_step(void) + /* ptrace API */ + void user_enable_single_step(struct task_struct *task) + { +- set_ti_thread_flag(task_thread_info(task), TIF_SINGLESTEP); +- set_regs_spsr_ss(task_pt_regs(task)); ++ struct thread_info *ti = task_thread_info(task); ++ ++ if (!test_and_set_ti_thread_flag(ti, TIF_SINGLESTEP)) ++ set_regs_spsr_ss(task_pt_regs(task)); + } + + void user_disable_single_step(struct task_struct *task) diff --git a/queue-4.4/gpio-sa1100-fix-irq-probing-for-ucb1x00.patch b/queue-4.4/gpio-sa1100-fix-irq-probing-for-ucb1x00.patch new file mode 100644 index 00000000000..564b4d4def6 --- /dev/null +++ b/queue-4.4/gpio-sa1100-fix-irq-probing-for-ucb1x00.patch @@ -0,0 +1,34 @@ +From 56beac95cb88c188d2a885825a5da131edb41fe3 Mon Sep 17 00:00:00 2001 +From: Russell King +Date: Mon, 29 Aug 2016 11:24:10 +0100 +Subject: gpio: sa1100: fix irq probing for ucb1x00 + +From: Russell King + +commit 56beac95cb88c188d2a885825a5da131edb41fe3 upstream. + +ucb1x00 has used IRQ probing since it's dawn to find the GPIO interrupt +that it's connected to. However, commit 23393d49fb75 ("gpio: kill off +set_irq_flags usage") broke this by disabling IRQ probing on GPIO +interrupts. Fix this. + +Fixes: 23393d49fb75 ("gpio: kill off set_irq_flags usage") +Signed-off-by: Russell King +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-sa1100.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpio/gpio-sa1100.c ++++ b/drivers/gpio/gpio-sa1100.c +@@ -155,7 +155,7 @@ static int sa1100_gpio_irqdomain_map(str + { + irq_set_chip_and_handler(irq, &sa1100_gpio_irq_chip, + handle_edge_irq); +- irq_set_noprobe(irq); ++ irq_set_probe(irq); + + return 0; + } diff --git a/queue-4.4/irqchip-gicv3-silence-noisy-debug_per_cpu_maps-warning.patch b/queue-4.4/irqchip-gicv3-silence-noisy-debug_per_cpu_maps-warning.patch new file mode 100644 index 00000000000..e787bbe3974 --- /dev/null +++ b/queue-4.4/irqchip-gicv3-silence-noisy-debug_per_cpu_maps-warning.patch @@ -0,0 +1,92 @@ +From 727653d6ce7103b245eb8041f55dd5885f4c3289 Mon Sep 17 00:00:00 2001 +From: James Morse +Date: Mon, 19 Sep 2016 18:29:15 +0100 +Subject: irqchip/gicv3: Silence noisy DEBUG_PER_CPU_MAPS warning + +From: James Morse + +commit 727653d6ce7103b245eb8041f55dd5885f4c3289 upstream. + +gic_raise_softirq() walks the list of cpus using for_each_cpu(), it calls +gic_compute_target_list() which advances the iterator by the number of +CPUs in the cluster. + +If gic_compute_target_list() reaches the last CPU it leaves the iterator +pointing at the last CPU. This means the next time round the for_each_cpu() +loop cpumask_next() will be called with an invalid CPU. + +This triggers a warning when built with CONFIG_DEBUG_PER_CPU_MAPS: +[ 3.077738] GICv3: CPU1: found redistributor 1 region 0:0x000000002f120000 +[ 3.077943] CPU1: Booted secondary processor [410fd0f0] +[ 3.078542] ------------[ cut here ]------------ +[ 3.078746] WARNING: CPU: 1 PID: 0 at ../include/linux/cpumask.h:121 gic_raise_softirq+0x12c/0x170 +[ 3.078812] Modules linked in: +[ 3.078869] +[ 3.078930] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.8.0-rc5+ #5188 +[ 3.078994] Hardware name: Foundation-v8A (DT) +[ 3.079059] task: ffff80087a1a0080 task.stack: ffff80087a19c000 +[ 3.079145] PC is at gic_raise_softirq+0x12c/0x170 +[ 3.079226] LR is at gic_raise_softirq+0xa4/0x170 +[ 3.079296] pc : [] lr : [] pstate: 200001c9 +[ 3.081139] Call trace: +[ 3.081202] Exception stack(0xffff80087a19fbe0 to 0xffff80087a19fd10) + +[ 3.082269] [] gic_raise_softirq+0x12c/0x170 +[ 3.082354] [] smp_send_reschedule+0x34/0x40 +[ 3.082433] [] resched_curr+0x50/0x88 +[ 3.082512] [] check_preempt_curr+0x60/0xd0 +[ 3.082593] [] ttwu_do_wakeup+0x20/0xe8 +[ 3.082672] [] ttwu_do_activate+0x90/0xc0 +[ 3.082753] [] try_to_wake_up+0x224/0x370 +[ 3.082836] [] default_wake_function+0x10/0x18 +[ 3.082920] [] __wake_up_common+0x5c/0xa0 +[ 3.083003] [] __wake_up_locked+0x14/0x20 +[ 3.083086] [] complete+0x40/0x60 +[ 3.083168] [] secondary_start_kernel+0x15c/0x1d0 +[ 3.083240] [<00000000808911a4>] 0x808911a4 +[ 3.113401] Detected PIPT I-cache on CPU2 + +Avoid updating the iterator if the next call to cpumask_next() would +cause the for_each_cpu() loop to exit. + +There is no change to gic_raise_softirq()'s behaviour, (cpumask_next()s +eventual call to _find_next_bit() will return early as start >= nbits), +this patch just silences the warning. + +Fixes: 021f653791ad ("irqchip: gic-v3: Initial support for GICv3") +Signed-off-by: James Morse +Acked-by: Marc Zyngier +Cc: linux-arm-kernel@lists.infradead.org +Cc: Jason Cooper +Link: http://lkml.kernel.org/r/1474306155-3303-1-git-send-email-james.morse@arm.com +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/irqchip/irq-gic-v3.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/irqchip/irq-gic-v3.c ++++ b/drivers/irqchip/irq-gic-v3.c +@@ -544,7 +544,7 @@ static struct notifier_block gic_cpu_not + static u16 gic_compute_target_list(int *base_cpu, const struct cpumask *mask, + unsigned long cluster_id) + { +- int cpu = *base_cpu; ++ int next_cpu, cpu = *base_cpu; + unsigned long mpidr = cpu_logical_map(cpu); + u16 tlist = 0; + +@@ -558,9 +558,10 @@ static u16 gic_compute_target_list(int * + + tlist |= 1 << (mpidr & 0xf); + +- cpu = cpumask_next(cpu, mask); +- if (cpu >= nr_cpu_ids) ++ next_cpu = cpumask_next(cpu, mask); ++ if (next_cpu >= nr_cpu_ids) + goto out; ++ cpu = next_cpu; + + mpidr = cpu_logical_map(cpu); + diff --git a/queue-4.4/series b/queue-4.4/series index dd257df4591..06a1ae15052 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -25,3 +25,8 @@ spi-sh-msiof-avoid-invalid-clock-generator-parameters.patch iwlwifi-pcie-fix-access-to-scratch-buffer.patch iwlwifi-mvm-don-t-use-ret-when-not-initialised.patch ceph-fix-race-during-filling-readdir-cache.patch +usb-gadget-fsl_qe_udc-signedness-bug-in-qe_get_frame.patch +gpio-sa1100-fix-irq-probing-for-ucb1x00.patch +irqchip-gicv3-silence-noisy-debug_per_cpu_maps-warning.patch +arm-8618-1-decompressor-reset-ttbcr-fields-to-use-ttbr0-on-armv7.patch +arm64-debug-avoid-resetting-stepping-state-machine-when-tif_singlestep.patch diff --git a/queue-4.4/usb-gadget-fsl_qe_udc-signedness-bug-in-qe_get_frame.patch b/queue-4.4/usb-gadget-fsl_qe_udc-signedness-bug-in-qe_get_frame.patch new file mode 100644 index 00000000000..e8eb2dabad5 --- /dev/null +++ b/queue-4.4/usb-gadget-fsl_qe_udc-signedness-bug-in-qe_get_frame.patch @@ -0,0 +1,37 @@ +From f4693b08cc901912a87369c46537b94ed4084ea0 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 15 Jul 2016 14:15:47 +0300 +Subject: usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame() + +From: Dan Carpenter + +commit f4693b08cc901912a87369c46537b94ed4084ea0 upstream. + +We can't assign -EINVAL to a u16. + +Fixes: 3948f0e0c999 ('usb: add Freescale QE/CPM USB peripheral controller driver') +Acked-by: Peter Chen +Signed-off-by: Dan Carpenter +Signed-off-by: Felipe Balbi +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/gadget/udc/fsl_qe_udc.c | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +--- a/drivers/usb/gadget/udc/fsl_qe_udc.c ++++ b/drivers/usb/gadget/udc/fsl_qe_udc.c +@@ -1878,11 +1878,8 @@ static int qe_get_frame(struct usb_gadge + + tmp = in_be16(&udc->usb_param->frame_n); + if (tmp & 0x8000) +- tmp = tmp & 0x07ff; +- else +- tmp = -EINVAL; +- +- return (int)tmp; ++ return tmp & 0x07ff; ++ return -EINVAL; + } + + static int fsl_qe_start(struct usb_gadget *gadget,