From: Greg Kroah-Hartman Date: Mon, 13 Aug 2018 17:26:53 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.18.1~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=759945073f6780a8d1b995579d783d742f96b3ad;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: arm-dts-imx6sx-fix-irq-for-pcie-bridge.patch bluetooth-hci_ldisc-allow-sleeping-while-proto-locks-are-held.patch bluetooth-hci_serdev-init-hci_uart-proto_lock-to-avoid-oops.patch mtd-nand-qcom-add-a-null-check-for-devm_kasprintf.patch phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass-utmi-signals.patch --- diff --git a/queue-4.14/arm-dts-imx6sx-fix-irq-for-pcie-bridge.patch b/queue-4.14/arm-dts-imx6sx-fix-irq-for-pcie-bridge.patch new file mode 100644 index 00000000000..c030a202a57 --- /dev/null +++ b/queue-4.14/arm-dts-imx6sx-fix-irq-for-pcie-bridge.patch @@ -0,0 +1,36 @@ +From 1bcfe0564044be578841744faea1c2f46adc8178 Mon Sep 17 00:00:00 2001 +From: Oleksij Rempel +Date: Fri, 15 Jun 2018 09:41:29 +0200 +Subject: ARM: dts: imx6sx: fix irq for pcie bridge + +From: Oleksij Rempel + +commit 1bcfe0564044be578841744faea1c2f46adc8178 upstream. + +Use the correct IRQ line for the MSI controller in the PCIe host +controller. Apparently a different IRQ line is used compared to other +i.MX6 variants. Without this change MSI IRQs aren't properly propagated +to the upstream interrupt controller. + +Signed-off-by: Oleksij Rempel +Reviewed-by: Lucas Stach +Fixes: b1d17f68e5c5 ("ARM: dts: imx: add initial imx6sx device tree source") +Signed-off-by: Shawn Guo +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/boot/dts/imx6sx.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/boot/dts/imx6sx.dtsi ++++ b/arch/arm/boot/dts/imx6sx.dtsi +@@ -1305,7 +1305,7 @@ + 0x82000000 0 0x08000000 0x08000000 0 0x00f00000>; + bus-range = <0x00 0xff>; + num-lanes = <1>; +- interrupts = ; ++ interrupts = ; + clocks = <&clks IMX6SX_CLK_PCIE_REF_125M>, + <&clks IMX6SX_CLK_PCIE_AXI>, + <&clks IMX6SX_CLK_LVDS1_OUT>, diff --git a/queue-4.14/bluetooth-hci_ldisc-allow-sleeping-while-proto-locks-are-held.patch b/queue-4.14/bluetooth-hci_ldisc-allow-sleeping-while-proto-locks-are-held.patch new file mode 100644 index 00000000000..ac298fda9fe --- /dev/null +++ b/queue-4.14/bluetooth-hci_ldisc-allow-sleeping-while-proto-locks-are-held.patch @@ -0,0 +1,210 @@ +From 67d2f8781b9f00d1089aafcfa3dc09fcd0f343e2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ronald=20Tschal=C3=A4r?= +Date: Wed, 25 Oct 2017 22:14:53 -0700 +Subject: Bluetooth: hci_ldisc: Allow sleeping while proto locks are held. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ronald Tschalär + +commit 67d2f8781b9f00d1089aafcfa3dc09fcd0f343e2 upstream. + +Commit dec2c92880cc5435381d50e3045ef018a762a917 ("Bluetooth: hci_ldisc: +Use rwlocking to avoid closing proto races") introduced locks in +hci_ldisc that are held while calling the proto functions. These locks +are rwlock's, and hence do not allow sleeping while they are held. +However, the proto functions that hci_bcm registers use mutexes and +hence need to be able to sleep. + +In more detail: hci_uart_tty_receive() and hci_uart_dequeue() both +acquire the rwlock, after which they call proto->recv() and +proto->dequeue(), respectively. In the case of hci_bcm these point to +bcm_recv() and bcm_dequeue(). The latter both acquire the +bcm_device_lock, which is a mutex, so doing so results in a call to +might_sleep(). But since we're holding a rwlock in hci_ldisc, that +results in the following BUG (this for the dequeue case - a similar +one for the receive case is omitted for brevity): + + BUG: sleeping function called from invalid context at kernel/locking/mutex.c + in_atomic(): 1, irqs_disabled(): 0, pid: 7303, name: kworker/7:3 + INFO: lockdep is turned off. + CPU: 7 PID: 7303 Comm: kworker/7:3 Tainted: G W OE 4.13.2+ #17 + Hardware name: Apple Inc. MacBookPro13,3/Mac-A5C67F76ED83108C, BIOS MBP133.8 + Workqueue: events hci_uart_write_work [hci_uart] + Call Trace: + dump_stack+0x8e/0xd6 + ___might_sleep+0x164/0x250 + __might_sleep+0x4a/0x80 + __mutex_lock+0x59/0xa00 + ? lock_acquire+0xa3/0x1f0 + ? lock_acquire+0xa3/0x1f0 + ? hci_uart_write_work+0xd3/0x160 [hci_uart] + mutex_lock_nested+0x1b/0x20 + ? mutex_lock_nested+0x1b/0x20 + bcm_dequeue+0x21/0xc0 [hci_uart] + hci_uart_write_work+0xe6/0x160 [hci_uart] + process_one_work+0x253/0x6a0 + worker_thread+0x4d/0x3b0 + kthread+0x133/0x150 + +We can't replace the mutex in hci_bcm, because there are other calls +there that might sleep. Therefore this replaces the rwlock's in +hci_ldisc with rw_semaphore's (which allow sleeping). This is a safer +approach anyway as it reduces the restrictions on the proto callbacks. +Also, because acquiring write-lock is very rare compared to acquiring +the read-lock, the percpu variant of rw_semaphore is used. + +Lastly, because hci_uart_tx_wakeup() may be called from an IRQ context, +we can't block (sleep) while trying acquire the read lock there, so we +use the trylock variant. + +Signed-off-by: Ronald Tschalär +Reviewed-by: Lukas Wunner +Signed-off-by: Marcel Holtmann +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/bluetooth/hci_ldisc.c | 38 ++++++++++++++++++++++---------------- + drivers/bluetooth/hci_uart.h | 2 +- + 2 files changed, 23 insertions(+), 17 deletions(-) + +--- a/drivers/bluetooth/hci_ldisc.c ++++ b/drivers/bluetooth/hci_ldisc.c +@@ -115,12 +115,12 @@ static inline struct sk_buff *hci_uart_d + struct sk_buff *skb = hu->tx_skb; + + if (!skb) { +- read_lock(&hu->proto_lock); ++ percpu_down_read(&hu->proto_lock); + + if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) + skb = hu->proto->dequeue(hu); + +- read_unlock(&hu->proto_lock); ++ percpu_up_read(&hu->proto_lock); + } else { + hu->tx_skb = NULL; + } +@@ -130,7 +130,14 @@ static inline struct sk_buff *hci_uart_d + + int hci_uart_tx_wakeup(struct hci_uart *hu) + { +- read_lock(&hu->proto_lock); ++ /* This may be called in an IRQ context, so we can't sleep. Therefore ++ * we try to acquire the lock only, and if that fails we assume the ++ * tty is being closed because that is the only time the write lock is ++ * acquired. If, however, at some point in the future the write lock ++ * is also acquired in other situations, then this must be revisited. ++ */ ++ if (!percpu_down_read_trylock(&hu->proto_lock)) ++ return 0; + + if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) + goto no_schedule; +@@ -145,7 +152,7 @@ int hci_uart_tx_wakeup(struct hci_uart * + schedule_work(&hu->write_work); + + no_schedule: +- read_unlock(&hu->proto_lock); ++ percpu_up_read(&hu->proto_lock); + + return 0; + } +@@ -247,12 +254,12 @@ static int hci_uart_flush(struct hci_dev + tty_ldisc_flush(tty); + tty_driver_flush_buffer(tty); + +- read_lock(&hu->proto_lock); ++ percpu_down_read(&hu->proto_lock); + + if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) + hu->proto->flush(hu); + +- read_unlock(&hu->proto_lock); ++ percpu_up_read(&hu->proto_lock); + + return 0; + } +@@ -275,15 +282,15 @@ static int hci_uart_send_frame(struct hc + BT_DBG("%s: type %d len %d", hdev->name, hci_skb_pkt_type(skb), + skb->len); + +- read_lock(&hu->proto_lock); ++ percpu_down_read(&hu->proto_lock); + + if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) { +- read_unlock(&hu->proto_lock); ++ percpu_up_read(&hu->proto_lock); + return -EUNATCH; + } + + hu->proto->enqueue(hu, skb); +- read_unlock(&hu->proto_lock); ++ percpu_up_read(&hu->proto_lock); + + hci_uart_tx_wakeup(hu); + +@@ -486,7 +493,7 @@ static int hci_uart_tty_open(struct tty_ + INIT_WORK(&hu->init_ready, hci_uart_init_work); + INIT_WORK(&hu->write_work, hci_uart_write_work); + +- rwlock_init(&hu->proto_lock); ++ percpu_init_rwsem(&hu->proto_lock); + + /* Flush any pending characters in the driver */ + tty_driver_flush_buffer(tty); +@@ -503,7 +510,6 @@ static void hci_uart_tty_close(struct tt + { + struct hci_uart *hu = tty->disc_data; + struct hci_dev *hdev; +- unsigned long flags; + + BT_DBG("tty %p", tty); + +@@ -518,9 +524,9 @@ static void hci_uart_tty_close(struct tt + hci_uart_close(hdev); + + if (test_bit(HCI_UART_PROTO_READY, &hu->flags)) { +- write_lock_irqsave(&hu->proto_lock, flags); ++ percpu_down_write(&hu->proto_lock); + clear_bit(HCI_UART_PROTO_READY, &hu->flags); +- write_unlock_irqrestore(&hu->proto_lock, flags); ++ percpu_up_write(&hu->proto_lock); + + cancel_work_sync(&hu->write_work); + +@@ -582,10 +588,10 @@ static void hci_uart_tty_receive(struct + if (!hu || tty != hu->tty) + return; + +- read_lock(&hu->proto_lock); ++ percpu_down_read(&hu->proto_lock); + + if (!test_bit(HCI_UART_PROTO_READY, &hu->flags)) { +- read_unlock(&hu->proto_lock); ++ percpu_up_read(&hu->proto_lock); + return; + } + +@@ -593,7 +599,7 @@ static void hci_uart_tty_receive(struct + * tty caller + */ + hu->proto->recv(hu, data, count); +- read_unlock(&hu->proto_lock); ++ percpu_up_read(&hu->proto_lock); + + if (hu->hdev) + hu->hdev->stat.byte_rx += count; +--- a/drivers/bluetooth/hci_uart.h ++++ b/drivers/bluetooth/hci_uart.h +@@ -87,7 +87,7 @@ struct hci_uart { + struct work_struct write_work; + + const struct hci_uart_proto *proto; +- rwlock_t proto_lock; /* Stop work for proto close */ ++ struct percpu_rw_semaphore proto_lock; /* Stop work for proto close */ + void *priv; + + struct sk_buff *tx_skb; diff --git a/queue-4.14/bluetooth-hci_serdev-init-hci_uart-proto_lock-to-avoid-oops.patch b/queue-4.14/bluetooth-hci_serdev-init-hci_uart-proto_lock-to-avoid-oops.patch new file mode 100644 index 00000000000..b1fd5c718bb --- /dev/null +++ b/queue-4.14/bluetooth-hci_serdev-init-hci_uart-proto_lock-to-avoid-oops.patch @@ -0,0 +1,65 @@ +From d73e172816652772114827abaa2dbc053eecbbd7 Mon Sep 17 00:00:00 2001 +From: Lukas Wunner +Date: Fri, 17 Nov 2017 00:54:53 +0100 +Subject: Bluetooth: hci_serdev: Init hci_uart proto_lock to avoid oops +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Lukas Wunner + +commit d73e172816652772114827abaa2dbc053eecbbd7 upstream. + +John Stultz reports a boot time crash with the HiKey board (which uses +hci_serdev) occurring in hci_uart_tx_wakeup(). That function is +contained in hci_ldisc.c, but also called from the newer hci_serdev.c. +It acquires the proto_lock in struct hci_uart and it turns out that we +forgot to init the lock in the serdev code path, thus causing the crash. + +John bisected the crash to commit 67d2f8781b9f ("Bluetooth: hci_ldisc: +Allow sleeping while proto locks are held"), but the issue was present +before and the commit merely exposed it. (Perhaps by luck, the crash +did not occur with rwlocks.) + +Init the proto_lock in the serdev code path to avoid the oops. + +Stack trace for posterity: + +Unable to handle kernel read from unreadable memory at 406f127000 +[000000406f127000] user address but active_mm is swapper +Internal error: Oops: 96000005 [#1] PREEMPT SMP +Hardware name: HiKey Development Board (DT) +Call trace: + hci_uart_tx_wakeup+0x38/0x148 + hci_uart_send_frame+0x28/0x38 + hci_send_frame+0x64/0xc0 + hci_cmd_work+0x98/0x110 + process_one_work+0x134/0x330 + worker_thread+0x130/0x468 + kthread+0xf8/0x128 + ret_from_fork+0x10/0x18 + +Link: https://lkml.org/lkml/2017/11/15/908 +Reported-and-tested-by: John Stultz +Cc: Ronald Tschalär +Cc: Rob Herring +Cc: Sumit Semwal +Signed-off-by: Lukas Wunner +Signed-off-by: Marcel Holtmann +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/bluetooth/hci_serdev.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/bluetooth/hci_serdev.c ++++ b/drivers/bluetooth/hci_serdev.c +@@ -304,6 +304,7 @@ int hci_uart_register_device(struct hci_ + hci_set_drvdata(hdev, hu); + + INIT_WORK(&hu->write_work, hci_uart_write_work); ++ percpu_init_rwsem(&hu->proto_lock); + + /* Only when vendor specific setup callback is provided, consider + * the manufacturer information valid. This avoids filling in the diff --git a/queue-4.14/mtd-nand-qcom-add-a-null-check-for-devm_kasprintf.patch b/queue-4.14/mtd-nand-qcom-add-a-null-check-for-devm_kasprintf.patch new file mode 100644 index 00000000000..c2d0e8b8e27 --- /dev/null +++ b/queue-4.14/mtd-nand-qcom-add-a-null-check-for-devm_kasprintf.patch @@ -0,0 +1,33 @@ +From 069f05346d01e7298939f16533953cdf52370be3 Mon Sep 17 00:00:00 2001 +From: Fabio Estevam +Date: Fri, 5 Jan 2018 18:02:55 -0200 +Subject: mtd: nand: qcom: Add a NULL check for devm_kasprintf() + +From: Fabio Estevam + +commit 069f05346d01e7298939f16533953cdf52370be3 upstream. + +devm_kasprintf() may fail, so we should better add a NULL check +and propagate an error on failure. + +Signed-off-by: Fabio Estevam +Signed-off-by: Boris Brezillon +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/nand/qcom_nandc.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/mtd/nand/qcom_nandc.c ++++ b/drivers/mtd/nand/qcom_nandc.c +@@ -2544,6 +2544,9 @@ static int qcom_nand_host_init(struct qc + + nand_set_flash_node(chip, dn); + mtd->name = devm_kasprintf(dev, GFP_KERNEL, "qcom_nand.%d", host->cs); ++ if (!mtd->name) ++ return -ENOMEM; ++ + mtd->owner = THIS_MODULE; + mtd->dev.parent = dev; + diff --git a/queue-4.14/phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass-utmi-signals.patch b/queue-4.14/phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass-utmi-signals.patch new file mode 100644 index 00000000000..42c1edfb51f --- /dev/null +++ b/queue-4.14/phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass-utmi-signals.patch @@ -0,0 +1,81 @@ +From 00c0092c5f62147b7d85f0c6f1cf245a0a1ff3b6 Mon Sep 17 00:00:00 2001 +From: Chunfeng Yun +Date: Thu, 7 Dec 2017 19:53:34 +0800 +Subject: phy: phy-mtk-tphy: use auto instead of force to bypass utmi signals + +From: Chunfeng Yun + +commit 00c0092c5f62147b7d85f0c6f1cf245a0a1ff3b6 upstream. + +When system is running, if usb2 phy is forced to bypass utmi signals, +all PLL will be turned off, and it can't detect device connection +anymore, so replace force mode with auto mode which can bypass utmi +signals automatically if no device attached for normal flow. +But keep the force mode to fix RX sensitivity degradation issue. + +Signed-off-by: Chunfeng Yun +Signed-off-by: Kishon Vijay Abraham I +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/phy/mediatek/phy-mtk-tphy.c | 19 +++++++------------ + 1 file changed, 7 insertions(+), 12 deletions(-) + +--- a/drivers/phy/mediatek/phy-mtk-tphy.c ++++ b/drivers/phy/mediatek/phy-mtk-tphy.c +@@ -438,9 +438,9 @@ static void u2_phy_instance_init(struct + u32 index = instance->index; + u32 tmp; + +- /* switch to USB function. (system register, force ip into usb mode) */ ++ /* switch to USB function, and enable usb pll */ + tmp = readl(com + U3P_U2PHYDTM0); +- tmp &= ~P2C_FORCE_UART_EN; ++ tmp &= ~(P2C_FORCE_UART_EN | P2C_FORCE_SUSPENDM); + tmp |= P2C_RG_XCVRSEL_VAL(1) | P2C_RG_DATAIN_VAL(0); + writel(tmp, com + U3P_U2PHYDTM0); + +@@ -500,10 +500,8 @@ static void u2_phy_instance_power_on(str + u32 index = instance->index; + u32 tmp; + +- /* (force_suspendm=0) (let suspendm=1, enable usb 480MHz pll) */ + tmp = readl(com + U3P_U2PHYDTM0); +- tmp &= ~(P2C_FORCE_SUSPENDM | P2C_RG_XCVRSEL); +- tmp &= ~(P2C_RG_DATAIN | P2C_DTM0_PART_MASK); ++ tmp &= ~(P2C_RG_XCVRSEL | P2C_RG_DATAIN | P2C_DTM0_PART_MASK); + writel(tmp, com + U3P_U2PHYDTM0); + + /* OTG Enable */ +@@ -538,7 +536,6 @@ static void u2_phy_instance_power_off(st + + tmp = readl(com + U3P_U2PHYDTM0); + tmp &= ~(P2C_RG_XCVRSEL | P2C_RG_DATAIN); +- tmp |= P2C_FORCE_SUSPENDM; + writel(tmp, com + U3P_U2PHYDTM0); + + /* OTG Disable */ +@@ -546,18 +543,16 @@ static void u2_phy_instance_power_off(st + tmp &= ~PA6_RG_U2_OTG_VBUSCMP_EN; + writel(tmp, com + U3P_USBPHYACR6); + +- /* let suspendm=0, set utmi into analog power down */ +- tmp = readl(com + U3P_U2PHYDTM0); +- tmp &= ~P2C_RG_SUSPENDM; +- writel(tmp, com + U3P_U2PHYDTM0); +- udelay(1); +- + tmp = readl(com + U3P_U2PHYDTM1); + tmp &= ~(P2C_RG_VBUSVALID | P2C_RG_AVALID); + tmp |= P2C_RG_SESSEND; + writel(tmp, com + U3P_U2PHYDTM1); + + if (tphy->pdata->avoid_rx_sen_degradation && index) { ++ tmp = readl(com + U3P_U2PHYDTM0); ++ tmp &= ~(P2C_RG_SUSPENDM | P2C_FORCE_SUSPENDM); ++ writel(tmp, com + U3P_U2PHYDTM0); ++ + tmp = readl(com + U3D_U2PHYDCR0); + tmp &= ~P2C_RG_SIF_U2PLL_FORCE_ON; + writel(tmp, com + U3D_U2PHYDCR0); diff --git a/queue-4.14/series b/queue-4.14/series index d7002b456c5..e8a4dd1b279 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -14,3 +14,8 @@ root-dentries-need-rcu-delayed-freeing.patch make-sure-that-__dentry_kill-always-invalidates-d_seq-unhashed-or-not.patch fix-mntput-mntput-race.patch fix-__legitimize_mnt-mntput-race.patch +mtd-nand-qcom-add-a-null-check-for-devm_kasprintf.patch +phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass-utmi-signals.patch +bluetooth-hci_ldisc-allow-sleeping-while-proto-locks-are-held.patch +bluetooth-hci_serdev-init-hci_uart-proto_lock-to-avoid-oops.patch +arm-dts-imx6sx-fix-irq-for-pcie-bridge.patch