From: Greg Kroah-Hartman Date: Wed, 12 Apr 2017 13:33:39 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.10.11~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8566b8948e061b67d6ca11a4f386605ec8d5db42;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: mips-introduce-irq_stack.patch mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch mips-stack-unwinding-while-on-irq-stack.patch mtd-bcm47xxpart-fix-parsing-first-block-after-aligned-trx.patch usb-dwc3-gadget-delay-unmap-of-bounced-requests.patch --- diff --git a/queue-4.4/mips-introduce-irq_stack.patch b/queue-4.4/mips-introduce-irq_stack.patch new file mode 100644 index 00000000000..33684e30e97 --- /dev/null +++ b/queue-4.4/mips-introduce-irq_stack.patch @@ -0,0 +1,95 @@ +From fe8bd18ffea5327344d4ec2bf11f47951212abd0 Mon Sep 17 00:00:00 2001 +From: Matt Redfearn +Date: Mon, 19 Dec 2016 14:20:56 +0000 +Subject: MIPS: Introduce irq_stack + +From: Matt Redfearn + +commit fe8bd18ffea5327344d4ec2bf11f47951212abd0 upstream. + +Allocate a per-cpu irq stack for use within interrupt handlers. + +Also add a utility function on_irq_stack to determine if a given stack +pointer is within the irq stack for that cpu. + +Signed-off-by: Matt Redfearn +Acked-by: Jason A. Donenfeld +Cc: Thomas Gleixner +Cc: Paolo Bonzini +Cc: Chris Metcalf +Cc: Petr Mladek +Cc: James Hogan +Cc: Paul Burton +Cc: Aaron Tomlin +Cc: Andrew Morton +Cc: linux-kernel@vger.kernel.org +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/14740/ +Signed-off-by: Ralf Baechle +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/irq.h | 12 ++++++++++++ + arch/mips/kernel/asm-offsets.c | 1 + + arch/mips/kernel/irq.c | 11 +++++++++++ + 3 files changed, 24 insertions(+) + +--- a/arch/mips/include/asm/irq.h ++++ b/arch/mips/include/asm/irq.h +@@ -17,6 +17,18 @@ + + #include + ++#define IRQ_STACK_SIZE THREAD_SIZE ++ ++extern void *irq_stack[NR_CPUS]; ++ ++static inline bool on_irq_stack(int cpu, unsigned long sp) ++{ ++ unsigned long low = (unsigned long)irq_stack[cpu]; ++ unsigned long high = low + IRQ_STACK_SIZE; ++ ++ return (low <= sp && sp <= high); ++} ++ + #ifdef CONFIG_I8259 + static inline int irq_canonicalize(int irq) + { +--- a/arch/mips/kernel/asm-offsets.c ++++ b/arch/mips/kernel/asm-offsets.c +@@ -101,6 +101,7 @@ void output_thread_info_defines(void) + OFFSET(TI_REGS, thread_info, regs); + DEFINE(_THREAD_SIZE, THREAD_SIZE); + DEFINE(_THREAD_MASK, THREAD_MASK); ++ DEFINE(_IRQ_STACK_SIZE, IRQ_STACK_SIZE); + BLANK(); + } + +--- a/arch/mips/kernel/irq.c ++++ b/arch/mips/kernel/irq.c +@@ -25,6 +25,8 @@ + #include + #include + ++void *irq_stack[NR_CPUS]; ++ + /* + * 'what should we do if we get a hw irq event on an illegal vector'. + * each architecture has to answer this themselves. +@@ -55,6 +57,15 @@ void __init init_IRQ(void) + irq_set_noprobe(i); + + arch_init_irq(); ++ ++ for_each_possible_cpu(i) { ++ int irq_pages = IRQ_STACK_SIZE / PAGE_SIZE; ++ void *s = (void *)__get_free_pages(GFP_KERNEL, irq_pages); ++ ++ irq_stack[i] = s; ++ pr_debug("CPU%d IRQ stack at 0x%p - 0x%p\n", i, ++ irq_stack[i], irq_stack[i] + IRQ_STACK_SIZE); ++ } + } + + #ifdef CONFIG_DEBUG_STACKOVERFLOW diff --git a/queue-4.4/mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch b/queue-4.4/mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch new file mode 100644 index 00000000000..574539b1a13 --- /dev/null +++ b/queue-4.4/mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch @@ -0,0 +1,64 @@ +From 510d86362a27577f5ee23f46cfb354ad49731e61 Mon Sep 17 00:00:00 2001 +From: Matt Redfearn +Date: Mon, 19 Dec 2016 14:20:58 +0000 +Subject: MIPS: Only change $28 to thread_info if coming from user mode + +From: Matt Redfearn + +commit 510d86362a27577f5ee23f46cfb354ad49731e61 upstream. + +The SAVE_SOME macro is used to save the execution context on all +exceptions. +If an exception occurs while executing user code, the stack is switched +to the kernel's stack for the current task, and register $28 is switched +to point to the current_thread_info, which is at the bottom of the stack +region. +If the exception occurs while executing kernel code, the stack is left, +and this change ensures that register $28 is not updated. This is the +correct behaviour when the kernel can be executing on the separate irq +stack, because the thread_info will not be at the base of it. + +With this change, register $28 is only switched to it's kernel +conventional usage of the currrent thread info pointer at the point at +which execution enters kernel space. Doing it on every exception was +redundant, but OK without an IRQ stack, but will be erroneous once that +is introduced. + +Signed-off-by: Matt Redfearn +Acked-by: Jason A. Donenfeld +Cc: Thomas Gleixner +Cc: James Hogan +Cc: Paul Burton +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/14742/ +Signed-off-by: Ralf Baechle +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/stackframe.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/arch/mips/include/asm/stackframe.h ++++ b/arch/mips/include/asm/stackframe.h +@@ -216,12 +216,19 @@ + LONG_S $25, PT_R25(sp) + LONG_S $28, PT_R28(sp) + LONG_S $31, PT_R31(sp) ++ ++ /* Set thread_info if we're coming from user mode */ ++ mfc0 k0, CP0_STATUS ++ sll k0, 3 /* extract cu0 bit */ ++ bltz k0, 9f ++ + ori $28, sp, _THREAD_MASK + xori $28, _THREAD_MASK + #ifdef CONFIG_CPU_CAVIUM_OCTEON + .set mips64 + pref 0, 0($28) /* Prefetch the current pointer */ + #endif ++9: + .set pop + .endm + diff --git a/queue-4.4/mips-stack-unwinding-while-on-irq-stack.patch b/queue-4.4/mips-stack-unwinding-while-on-irq-stack.patch new file mode 100644 index 00000000000..77131f3bc63 --- /dev/null +++ b/queue-4.4/mips-stack-unwinding-while-on-irq-stack.patch @@ -0,0 +1,66 @@ +From d42d8d106b0275b027c1e8992c42aecf933436ea Mon Sep 17 00:00:00 2001 +From: Matt Redfearn +Date: Mon, 19 Dec 2016 14:20:57 +0000 +Subject: MIPS: Stack unwinding while on IRQ stack + +From: Matt Redfearn + +commit d42d8d106b0275b027c1e8992c42aecf933436ea upstream. + +Within unwind stack, check if the stack pointer being unwound is within +the CPU's irq_stack and if so use that page rather than the task's stack +page. + +Signed-off-by: Matt Redfearn +Acked-by: Jason A. Donenfeld +Cc: Thomas Gleixner +Cc: Adam Buchbinder +Cc: Maciej W. Rozycki +Cc: Marcin Nowakowski +Cc: Chris Metcalf +Cc: James Hogan +Cc: Paul Burton +Cc: Jiri Slaby +Cc: Andrew Morton +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/14741/ +Signed-off-by: Ralf Baechle +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/process.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +--- a/arch/mips/kernel/process.c ++++ b/arch/mips/kernel/process.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -552,7 +553,19 @@ EXPORT_SYMBOL(unwind_stack_by_address); + unsigned long unwind_stack(struct task_struct *task, unsigned long *sp, + unsigned long pc, unsigned long *ra) + { +- unsigned long stack_page = (unsigned long)task_stack_page(task); ++ unsigned long stack_page = 0; ++ int cpu; ++ ++ for_each_possible_cpu(cpu) { ++ if (on_irq_stack(cpu, *sp)) { ++ stack_page = (unsigned long)irq_stack[cpu]; ++ break; ++ } ++ } ++ ++ if (!stack_page) ++ stack_page = (unsigned long)task_stack_page(task); ++ + return unwind_stack_by_address(stack_page, sp, pc, ra); + } + #endif diff --git a/queue-4.4/mtd-bcm47xxpart-fix-parsing-first-block-after-aligned-trx.patch b/queue-4.4/mtd-bcm47xxpart-fix-parsing-first-block-after-aligned-trx.patch new file mode 100644 index 00000000000..d3637158ba9 --- /dev/null +++ b/queue-4.4/mtd-bcm47xxpart-fix-parsing-first-block-after-aligned-trx.patch @@ -0,0 +1,47 @@ +From bd5d21310133921021d78995ad6346f908483124 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Sun, 20 Nov 2016 16:09:30 +0100 +Subject: mtd: bcm47xxpart: fix parsing first block after aligned TRX +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rafał Miłecki + +commit bd5d21310133921021d78995ad6346f908483124 upstream. + +After parsing TRX we should skip to the first block placed behind it. +Our code was working only with TRX with length not aligned to the +blocksize. In other cases (length aligned) it was missing the block +places right after TRX. + +This fixes calculation and simplifies the comment. + +Signed-off-by: Rafał Miłecki +Signed-off-by: Brian Norris +Signed-off-by: Amit Pundir +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/bcm47xxpart.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +--- a/drivers/mtd/bcm47xxpart.c ++++ b/drivers/mtd/bcm47xxpart.c +@@ -225,12 +225,10 @@ static int bcm47xxpart_parse(struct mtd_ + + last_trx_part = curr_part - 1; + +- /* +- * We have whole TRX scanned, skip to the next part. Use +- * roundown (not roundup), as the loop will increase +- * offset in next step. +- */ +- offset = rounddown(offset + trx->length, blocksize); ++ /* Jump to the end of TRX */ ++ offset = roundup(offset + trx->length, blocksize); ++ /* Next loop iteration will increase the offset */ ++ offset -= blocksize; + continue; + } + diff --git a/queue-4.4/series b/queue-4.4/series index a37dc3f8f8d..d7b04259b7c 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1,2 +1,7 @@ drm-i915-avoid-tweaking-evaluation-thresholds-on-baytrail-v3.patch drm-i915-stop-using-rp_down_ei-on-baytrail.patch +usb-dwc3-gadget-delay-unmap-of-bounced-requests.patch +mtd-bcm47xxpart-fix-parsing-first-block-after-aligned-trx.patch +mips-introduce-irq_stack.patch +mips-stack-unwinding-while-on-irq-stack.patch +mips-only-change-28-to-thread_info-if-coming-from-user-mode.patch diff --git a/queue-4.4/usb-dwc3-gadget-delay-unmap-of-bounced-requests.patch b/queue-4.4/usb-dwc3-gadget-delay-unmap-of-bounced-requests.patch new file mode 100644 index 00000000000..6a02ef0d73e --- /dev/null +++ b/queue-4.4/usb-dwc3-gadget-delay-unmap-of-bounced-requests.patch @@ -0,0 +1,68 @@ +From de288e36fe33f7e06fa272bc8e2f85aa386d99aa Mon Sep 17 00:00:00 2001 +From: Janusz Dziedzic +Date: Mon, 13 Mar 2017 14:11:32 +0200 +Subject: usb: dwc3: gadget: delay unmap of bounced requests + +From: Janusz Dziedzic + +commit de288e36fe33f7e06fa272bc8e2f85aa386d99aa upstream. + +In the case of bounced ep0 requests, we must delay DMA operation until +after ->complete() otherwise we might overwrite contents of req->buf. + +This caused problems with RNDIS gadget. + +Signed-off-by: Janusz Dziedzic +Signed-off-by: Felipe Balbi +Signed-off-by: Greg Kroah-Hartman + + +--- + drivers/usb/dwc3/gadget.c | 21 +++++++++++++++++---- + 1 file changed, 17 insertions(+), 4 deletions(-) + +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -235,6 +235,7 @@ void dwc3_gadget_giveback(struct dwc3_ep + int status) + { + struct dwc3 *dwc = dep->dwc; ++ unsigned int unmap_after_complete = false; + int i; + + if (req->queued) { +@@ -259,11 +260,19 @@ void dwc3_gadget_giveback(struct dwc3_ep + if (req->request.status == -EINPROGRESS) + req->request.status = status; + +- if (dwc->ep0_bounced && dep->number <= 1) ++ /* ++ * NOTICE we don't want to unmap before calling ->complete() if we're ++ * dealing with a bounced ep0 request. If we unmap it here, we would end ++ * up overwritting the contents of req->buf and this could confuse the ++ * gadget driver. ++ */ ++ if (dwc->ep0_bounced && dep->number <= 1) { + dwc->ep0_bounced = false; +- +- usb_gadget_unmap_request(&dwc->gadget, &req->request, +- req->direction); ++ unmap_after_complete = true; ++ } else { ++ usb_gadget_unmap_request(&dwc->gadget, ++ &req->request, req->direction); ++ } + + dev_dbg(dwc->dev, "request %p from %s completed %d/%d ===> %d\n", + req, dep->name, req->request.actual, +@@ -273,6 +282,10 @@ void dwc3_gadget_giveback(struct dwc3_ep + spin_unlock(&dwc->lock); + usb_gadget_giveback_request(&dep->endpoint, &req->request); + spin_lock(&dwc->lock); ++ ++ if (unmap_after_complete) ++ usb_gadget_unmap_request(&dwc->gadget, ++ &req->request, req->direction); + } + + int dwc3_send_gadget_generic_command(struct dwc3 *dwc, unsigned cmd, u32 param)