From: Greg Kroah-Hartman Date: Tue, 9 May 2017 09:43:42 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.4.68~37 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=857a83676cbadf7d028b244f4199824eac43c9ad;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: arm-8452-3-pj4-make-coprocessor-access-sequences-buildable-in-thumb2-mode.patch arm-omap5-dra7-fix-hyp-mode-boot-for-thumb2-build.patch clk-make-x86-conditional-on-config_common_clk.patch cpupower-fix-turbo-frequency-reporting-for-pre-sandy-bridge-cores.patch iwlwifi-pcie-trans-remove-unused-shift_param.patch kprobes-x86-fix-kernel-panic-when-certain-exception-handling-addresses-are-probed.patch kvm-nvmx-do-not-leak-pml-full-vmexit-to-l1.patch kvm-nvmx-initialize-pml-fields-in-vmcs02.patch leds-ktd2692-avoid-harmless-maybe-uninitialized-warning.patch mips-r2-on-r6-multu-maddu-msubu-emulation-bugfix.patch mwifiex-avoid-skipping-wep-key-deletion-for-ap.patch mwifiex-debugfs-fix-sometimes-off-by-1-ssid-print.patch mwifiex-remove-redundant-dma-padding-in-amsdu.patch phy-qcom-usb-hs-add-depends-on-extcon.patch power-supply-bq24190_charger-call-power_supply_changed-for-relevant-component.patch power-supply-bq24190_charger-call-set_mode_host-on-pm_resume.patch power-supply-bq24190_charger-don-t-read-fault-register-outside-irq_handle_thread.patch power-supply-bq24190_charger-fix-irq-trigger-to-irqf_trigger_falling.patch power-supply-bq24190_charger-handle-fault-before-status-on-interrupt.patch power-supply-bq24190_charger-install-irq_handler_thread-at-end-of-probe.patch powerpc-powernv-fix-opal_exit-tracepoint-opcode.patch revert-kvm-nested-vmx-disable-perf-cpuid-reporting.patch scsi-mac_scsi-fix-mac_scsi-m-option-when-scsi-m.patch scsi-scsi_dh_emc-return-success-in-clariion_std_inquiry.patch serial-8250_omap-fix-probe-and-remove-for-pm-runtime.patch usb-chipidea-handle-extcon-events-properly.patch usb-chipidea-only-read-write-otgsc-from-one-place.patch usb-host-ehci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch usb-host-ohci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch usb-serial-ark3116-fix-open-error-handling.patch usb-serial-digi_acceleport-fix-incomplete-rx-sanity-check.patch usb-serial-ftdi_sio-fix-latency-timer-error-handling.patch usb-serial-io_edgeport-fix-descriptor-error-handling.patch usb-serial-io_edgeport-fix-epic-descriptor-handling.patch usb-serial-keyspan_pda-fix-receive-sanity-checks.patch usb-serial-mct_u232-fix-modem-status-error-handling.patch usb-serial-quatech2-fix-control-message-error-handling.patch usb-serial-sierra-fix-bogus-alternate-setting-assumption.patch usb-serial-ssu100-fix-control-message-error-handling.patch usb-serial-ti_usb_3410_5052-fix-control-message-error-handling.patch x86-ioapic-restore-io-apic-irq_chip-retrigger-callback.patch x86-pci-calgary-fix-iommu_free-comparison-of-unsigned-expression-0.patch x86-platform-intel-mid-correct-msi-irq-line-for-watchdog-device.patch --- diff --git a/queue-4.4/arm-8452-3-pj4-make-coprocessor-access-sequences-buildable-in-thumb2-mode.patch b/queue-4.4/arm-8452-3-pj4-make-coprocessor-access-sequences-buildable-in-thumb2-mode.patch new file mode 100644 index 00000000000..d4f194fc38c --- /dev/null +++ b/queue-4.4/arm-8452-3-pj4-make-coprocessor-access-sequences-buildable-in-thumb2-mode.patch @@ -0,0 +1,57 @@ +From 5008efc83bf85b647aa1cbc44718b1675bbb7444 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 22 Dec 2015 08:24:59 +0100 +Subject: ARM: 8452/3: PJ4: make coprocessor access sequences buildable in Thumb2 mode + +From: Ard Biesheuvel + +commit 5008efc83bf85b647aa1cbc44718b1675bbb7444 upstream. + +The PJ4 inline asm sequence to write to cp15 cannot be built in Thumb-2 +mode, due to the way it performs arithmetic on the program counter, so it +is built in ARM mode instead. However, building C files in ARM mode under +CONFIG_THUMB2_KERNEL is problematic, since the instrumentation performed +by subsystems like ftrace does not expect having to deal with interworking +branches. + +Since the sequence in question is simply a poor man's ISB instruction, +let's use a straight 'isb' instead when building in Thumb2 mode. Thumb2 +implies V7, so 'isb' should always be supported in that case. + +Acked-by: Arnd Bergmann +Acked-by: Nicolas Pitre +Signed-off-by: Ard Biesheuvel +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/kernel/Makefile | 1 - + arch/arm/kernel/pj4-cp0.c | 4 ++++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +--- a/arch/arm/kernel/Makefile ++++ b/arch/arm/kernel/Makefile +@@ -73,7 +73,6 @@ obj-$(CONFIG_IWMMXT) += iwmmxt.o + obj-$(CONFIG_PERF_EVENTS) += perf_regs.o perf_callchain.o + obj-$(CONFIG_HW_PERF_EVENTS) += perf_event_xscale.o perf_event_v6.o \ + perf_event_v7.o +-CFLAGS_pj4-cp0.o := -marm + AFLAGS_iwmmxt.o := -Wa,-mcpu=iwmmxt + obj-$(CONFIG_ARM_CPU_TOPOLOGY) += topology.o + obj-$(CONFIG_VDSO) += vdso.o +--- a/arch/arm/kernel/pj4-cp0.c ++++ b/arch/arm/kernel/pj4-cp0.c +@@ -66,9 +66,13 @@ static void __init pj4_cp_access_write(u + + __asm__ __volatile__ ( + "mcr p15, 0, %1, c1, c0, 2\n\t" ++#ifdef CONFIG_THUMB2_KERNEL ++ "isb\n\t" ++#else + "mrc p15, 0, %0, c1, c0, 2\n\t" + "mov %0, %0\n\t" + "sub pc, pc, #4\n\t" ++#endif + : "=r" (temp) : "r" (value)); + } + diff --git a/queue-4.4/arm-omap5-dra7-fix-hyp-mode-boot-for-thumb2-build.patch b/queue-4.4/arm-omap5-dra7-fix-hyp-mode-boot-for-thumb2-build.patch new file mode 100644 index 00000000000..1ad16324926 --- /dev/null +++ b/queue-4.4/arm-omap5-dra7-fix-hyp-mode-boot-for-thumb2-build.patch @@ -0,0 +1,40 @@ +From 448c077eeb02240c430db2a2c3bf5285a4c65d66 Mon Sep 17 00:00:00 2001 +From: Matthijs van Duin +Date: Thu, 16 Feb 2017 01:05:04 +0100 +Subject: ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build + +From: Matthijs van Duin + +commit 448c077eeb02240c430db2a2c3bf5285a4c65d66 upstream. + +'adr' yields a data-pointer, not a function-pointer. + +Fixes: 999f934de195 ("ARM: omap5/dra7xx: Enable booting secondary +CPU in HYP mode") +Signed-off-by: Matthijs van Duin +Signed-off-by: Tony Lindgren +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-omap2/omap-headsmp.S | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/arm/mach-omap2/omap-headsmp.S ++++ b/arch/arm/mach-omap2/omap-headsmp.S +@@ -17,6 +17,7 @@ + + #include + #include ++#include + + #include "omap44xx.h" + +@@ -56,7 +57,7 @@ wait_2: ldr r2, =AUX_CORE_BOOT0_PA @ rea + cmp r0, r4 + bne wait_2 + ldr r12, =API_HYP_ENTRY +- adr r0, hyp_boot ++ badr r0, hyp_boot + smc #0 + hyp_boot: + b secondary_startup diff --git a/queue-4.4/clk-make-x86-conditional-on-config_common_clk.patch b/queue-4.4/clk-make-x86-conditional-on-config_common_clk.patch new file mode 100644 index 00000000000..705768f038d --- /dev/null +++ b/queue-4.4/clk-make-x86-conditional-on-config_common_clk.patch @@ -0,0 +1,34 @@ +From f35b6542c3ac3f28056d298348a81f7d56d3a041 Mon Sep 17 00:00:00 2001 +From: Pierre-Louis Bossart +Date: Mon, 23 Jan 2017 12:07:41 -0600 +Subject: clk: Make x86/ conditional on CONFIG_COMMON_CLK + +From: Pierre-Louis Bossart + +commit f35b6542c3ac3f28056d298348a81f7d56d3a041 upstream. + +Fix Makefile for x86 support, dependency on CONFIG_COMMON_CLK +was not explicit + +Fixes: 701190fd7419 ('clk: x86: add support for Lynxpoint LPSS clocks') +Signed-off-by: Pierre-Louis Bossart +Acked-by: Andy Shevchenko +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/Makefile | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/clk/Makefile ++++ b/drivers/clk/Makefile +@@ -78,7 +78,9 @@ obj-$(CONFIG_ARCH_TEGRA) += tegra/ + obj-$(CONFIG_ARCH_OMAP2PLUS) += ti/ + obj-$(CONFIG_ARCH_U8500) += ux500/ + obj-$(CONFIG_COMMON_CLK_VERSATILE) += versatile/ ++ifeq ($(CONFIG_COMMON_CLK), y) + obj-$(CONFIG_X86) += x86/ ++endif + obj-$(CONFIG_ARCH_ZX) += zte/ + obj-$(CONFIG_ARCH_ZYNQ) += zynq/ + obj-$(CONFIG_H8300) += h8300/ diff --git a/queue-4.4/cpupower-fix-turbo-frequency-reporting-for-pre-sandy-bridge-cores.patch b/queue-4.4/cpupower-fix-turbo-frequency-reporting-for-pre-sandy-bridge-cores.patch new file mode 100644 index 00000000000..d3e031b4317 --- /dev/null +++ b/queue-4.4/cpupower-fix-turbo-frequency-reporting-for-pre-sandy-bridge-cores.patch @@ -0,0 +1,35 @@ +From 4cca0457686e4ee1677d69469e4ddfd94d389a80 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Tue, 11 Apr 2017 00:29:44 +0100 +Subject: cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores + +From: Ben Hutchings + +commit 4cca0457686e4ee1677d69469e4ddfd94d389a80 upstream. + +The switch that conditionally sets CPUPOWER_CAP_HAS_TURBO_RATIO and +CPUPOWER_CAP_IS_SNB flags is missing a break, so all cores get both +flags set and an assumed base clock of 100 MHz for turbo values. + +Reported-by: GSR +Tested-by: GSR +References: https://bugs.debian.org/859978 +Fixes: 8fb2e440b223 (cpupower: Show Intel turbo ratio support via ...) +Signed-off-by: Ben Hutchings +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + tools/power/cpupower/utils/helpers/cpuid.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/power/cpupower/utils/helpers/cpuid.c ++++ b/tools/power/cpupower/utils/helpers/cpuid.c +@@ -156,6 +156,7 @@ out: + */ + case 0x2C: /* Westmere EP - Gulftown */ + cpu_info->caps |= CPUPOWER_CAP_HAS_TURBO_RATIO; ++ break; + case 0x2A: /* SNB */ + case 0x2D: /* SNB Xeon */ + case 0x3A: /* IVB */ diff --git a/queue-4.4/iwlwifi-pcie-trans-remove-unused-shift_param.patch b/queue-4.4/iwlwifi-pcie-trans-remove-unused-shift_param.patch new file mode 100644 index 00000000000..058b86b113e --- /dev/null +++ b/queue-4.4/iwlwifi-pcie-trans-remove-unused-shift_param.patch @@ -0,0 +1,61 @@ +From 3ce4a03852d6dd3fd28c2fb2ee9f89bb9ccf9a9b Mon Sep 17 00:00:00 2001 +From: Kirtika Ruchandani +Date: Tue, 8 Nov 2016 21:50:48 -0800 +Subject: iwlwifi: pcie: trans: Remove unused 'shift_param' +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Kirtika Ruchandani + +commit 3ce4a03852d6dd3fd28c2fb2ee9f89bb9ccf9a9b upstream. + +shift_param is defined and set in iwl_pcie_load_cpu_sections but not +used. Fix this to avoid -Wunused-but-set-variable warning. + +The code using it turned into dead code with commit dcab8ecd5617 +("iwlwifi: mvm: support ucode load for family_8000 B0 only") which +added a separate function iwl_pcie_load_given_ucode_8000 (then 8000b) +for IWL_DEVICE_FAMILY_8000. Commit 76f8c0e17edc ("iwlwifi: pcie: +remove dead code") removed the dead code but left shift_param as is. + +iwlwifi/pcie/trans.c: In function ‘iwl_pcie_load_cpu_sections’: +iwlwifi/pcie/trans.c:871:6: warning: variable ‘shift_param’ set but not used [-Wunused-but-set-variable] + +Fixes: dcab8ecd5617 ("iwlwifi: mvm: support ucode load for family_8000 B0 only") +Fixes: 76f8c0e17edc ("iwlwifi: pcie: remove dead code") +Signed-off-by: Kirtika Ruchandani +Cc: Sara Sharon +Cc: Luca Coelho +Cc: Liad Kaufman +Cc: Emmanuel Grumbach +[removed some unnecessary braces] +Signed-off-by: Luca Coelho +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/iwlwifi/pcie/trans.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +--- a/drivers/net/wireless/iwlwifi/pcie/trans.c ++++ b/drivers/net/wireless/iwlwifi/pcie/trans.c +@@ -817,17 +817,13 @@ static int iwl_pcie_load_cpu_sections(st + int cpu, + int *first_ucode_section) + { +- int shift_param; + int i, ret = 0; + u32 last_read_idx = 0; + +- if (cpu == 1) { +- shift_param = 0; ++ if (cpu == 1) + *first_ucode_section = 0; +- } else { +- shift_param = 16; ++ else + (*first_ucode_section)++; +- } + + for (i = *first_ucode_section; i < IWL_UCODE_SECTION_MAX; i++) { + last_read_idx = i; diff --git a/queue-4.4/kprobes-x86-fix-kernel-panic-when-certain-exception-handling-addresses-are-probed.patch b/queue-4.4/kprobes-x86-fix-kernel-panic-when-certain-exception-handling-addresses-are-probed.patch new file mode 100644 index 00000000000..58f0c0dc4b0 --- /dev/null +++ b/queue-4.4/kprobes-x86-fix-kernel-panic-when-certain-exception-handling-addresses-are-probed.patch @@ -0,0 +1,87 @@ +From 75013fb16f8484898eaa8d0b08fed942d790f029 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Wed, 1 Mar 2017 01:23:24 +0900 +Subject: kprobes/x86: Fix kernel panic when certain exception-handling addresses are probed + +From: Masami Hiramatsu + +commit 75013fb16f8484898eaa8d0b08fed942d790f029 upstream. + +Fix to the exception table entry check by using probed address +instead of the address of copied instruction. + +This bug may cause unexpected kernel panic if user probe an address +where an exception can happen which should be fixup by __ex_table +(e.g. copy_from_user.) + +Unless user puts a kprobe on such address, this doesn't +cause any problem. + +This bug has been introduced years ago, by commit: + + 464846888d9a ("x86/kprobes: Fix a bug which can modify kernel code permanently"). + +Signed-off-by: Masami Hiramatsu +Cc: Borislav Petkov +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: 464846888d9a ("x86/kprobes: Fix a bug which can modify kernel code permanently") +Link: http://lkml.kernel.org/r/148829899399.28855.12581062400757221722.stgit@devbox +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/kprobes/common.h | 2 +- + arch/x86/kernel/kprobes/core.c | 6 +++--- + arch/x86/kernel/kprobes/opt.c | 2 +- + 3 files changed, 5 insertions(+), 5 deletions(-) + +--- a/arch/x86/kernel/kprobes/common.h ++++ b/arch/x86/kernel/kprobes/common.h +@@ -67,7 +67,7 @@ + #endif + + /* Ensure if the instruction can be boostable */ +-extern int can_boost(kprobe_opcode_t *instruction); ++extern int can_boost(kprobe_opcode_t *instruction, void *addr); + /* Recover instruction if given address is probed */ + extern unsigned long recover_probed_instruction(kprobe_opcode_t *buf, + unsigned long addr); +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -163,12 +163,12 @@ NOKPROBE_SYMBOL(skip_prefixes); + * Returns non-zero if opcode is boostable. + * RIP relative instructions are adjusted at copying time in 64 bits mode + */ +-int can_boost(kprobe_opcode_t *opcodes) ++int can_boost(kprobe_opcode_t *opcodes, void *addr) + { + kprobe_opcode_t opcode; + kprobe_opcode_t *orig_opcodes = opcodes; + +- if (search_exception_tables((unsigned long)opcodes)) ++ if (search_exception_tables((unsigned long)addr)) + return 0; /* Page fault may occur on this address. */ + + retry: +@@ -413,7 +413,7 @@ static int arch_copy_kprobe(struct kprob + * __copy_instruction can modify the displacement of the instruction, + * but it doesn't affect boostable check. + */ +- if (can_boost(p->ainsn.insn)) ++ if (can_boost(p->ainsn.insn, p->addr)) + p->ainsn.boostable = 0; + else + p->ainsn.boostable = -1; +--- a/arch/x86/kernel/kprobes/opt.c ++++ b/arch/x86/kernel/kprobes/opt.c +@@ -177,7 +177,7 @@ static int copy_optimized_instructions(u + + while (len < RELATIVEJUMP_SIZE) { + ret = __copy_instruction(dest + len, src + len); +- if (!ret || !can_boost(dest + len)) ++ if (!ret || !can_boost(dest + len, src + len)) + return -EINVAL; + len += ret; + } diff --git a/queue-4.4/kvm-nvmx-do-not-leak-pml-full-vmexit-to-l1.patch b/queue-4.4/kvm-nvmx-do-not-leak-pml-full-vmexit-to-l1.patch new file mode 100644 index 00000000000..316994bf47a --- /dev/null +++ b/queue-4.4/kvm-nvmx-do-not-leak-pml-full-vmexit-to-l1.patch @@ -0,0 +1,40 @@ +From ab007cc94ff9d82f5a8db8363b3becbd946e58cf Mon Sep 17 00:00:00 2001 +From: Ladi Prosek +Date: Fri, 31 Mar 2017 10:19:26 +0200 +Subject: KVM: nVMX: do not leak PML full vmexit to L1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ladi Prosek + +commit ab007cc94ff9d82f5a8db8363b3becbd946e58cf upstream. + +The PML feature is not exposed to guests so we should not be forwarding +the vmexit either. + +This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V +enabled Windows Server 2016 in L1 on hardware that supports PML. + +Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX") +Signed-off-by: Ladi Prosek +Reviewed-by: David Hildenbrand +Signed-off-by: Radim Krčmář +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -7838,6 +7838,9 @@ static bool nested_vmx_exit_handled(stru + return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES); + case EXIT_REASON_PCOMMIT: + return nested_cpu_has2(vmcs12, SECONDARY_EXEC_PCOMMIT); ++ case EXIT_REASON_PML_FULL: ++ /* We don't expose PML support to L1. */ ++ return false; + default: + return true; + } diff --git a/queue-4.4/kvm-nvmx-initialize-pml-fields-in-vmcs02.patch b/queue-4.4/kvm-nvmx-initialize-pml-fields-in-vmcs02.patch new file mode 100644 index 00000000000..cf3ebf4ac86 --- /dev/null +++ b/queue-4.4/kvm-nvmx-initialize-pml-fields-in-vmcs02.patch @@ -0,0 +1,46 @@ +From 1fb883bb827ee8efc1cc9ea0154f953f8a219d38 Mon Sep 17 00:00:00 2001 +From: Ladi Prosek +Date: Tue, 4 Apr 2017 14:18:53 +0200 +Subject: KVM: nVMX: initialize PML fields in vmcs02 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ladi Prosek + +commit 1fb883bb827ee8efc1cc9ea0154f953f8a219d38 upstream. + +L2 was running with uninitialized PML fields which led to incomplete +dirty bitmap logging. This manifested as all kinds of subtle erratic +behavior of the nested guest. + +Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX") +Signed-off-by: Ladi Prosek +Signed-off-by: Radim Krčmář +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -9757,6 +9757,18 @@ static void prepare_vmcs02(struct kvm_vc + + } + ++ if (enable_pml) { ++ /* ++ * Conceptually we want to copy the PML address and index from ++ * vmcs01 here, and then back to vmcs01 on nested vmexit. But, ++ * since we always flush the log on each vmexit, this happens ++ * to be equivalent to simply resetting the fields in vmcs02. ++ */ ++ ASSERT(vmx->pml_pg); ++ vmcs_write64(PML_ADDRESS, page_to_phys(vmx->pml_pg)); ++ vmcs_write16(GUEST_PML_INDEX, PML_ENTITY_NUM - 1); ++ } ++ + if (nested_cpu_has_ept(vmcs12)) { + kvm_mmu_unload(vcpu); + nested_ept_init_mmu_context(vcpu); diff --git a/queue-4.4/leds-ktd2692-avoid-harmless-maybe-uninitialized-warning.patch b/queue-4.4/leds-ktd2692-avoid-harmless-maybe-uninitialized-warning.patch new file mode 100644 index 00000000000..f90b39b9f8d --- /dev/null +++ b/queue-4.4/leds-ktd2692-avoid-harmless-maybe-uninitialized-warning.patch @@ -0,0 +1,52 @@ +From cbe99c538d1776009e8710755bb6e726f7fffa9b Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Wed, 25 Jan 2017 23:22:36 +0100 +Subject: leds: ktd2692: avoid harmless maybe-uninitialized warning + +From: Arnd Bergmann + +commit cbe99c538d1776009e8710755bb6e726f7fffa9b upstream. + +gcc gets confused about the control flow in ktd2692_parse_dt(), causing +it to warn about what seems like a potential bug: + +drivers/leds/leds-ktd2692.c: In function 'ktd2692_probe': +drivers/leds/leds-ktd2692.c:244:15: error: '*((void *)&led_cfg+8)' may be used uninitialized in this function [-Werror=maybe-uninitialized] +drivers/leds/leds-ktd2692.c:225:7: error: 'led_cfg.flash_max_microamp' may be used uninitialized in this function [-Werror=maybe-uninitialized] +drivers/leds/leds-ktd2692.c:232:3: error: 'led_cfg.movie_max_microamp' may be used uninitialized in this function [-Werror=maybe-uninitialized] + +The code is fine, and slightly reworking it in an equivalent way lets +gcc figure that out too, which gets rid of the warning. + +Fixes: 77e7915b15bb ("leds: ktd2692: Add missing of_node_put") +Signed-off-by: Arnd Bergmann +Acked-by: Pavel Machek +Signed-off-by: Jacek Anaszewski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/leds/leds-ktd2692.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/leds/leds-ktd2692.c ++++ b/drivers/leds/leds-ktd2692.c +@@ -296,15 +296,15 @@ static int ktd2692_parse_dt(struct ktd26 + return -ENXIO; + + led->ctrl_gpio = devm_gpiod_get(dev, "ctrl", GPIOD_ASIS); +- if (IS_ERR(led->ctrl_gpio)) { +- ret = PTR_ERR(led->ctrl_gpio); ++ ret = PTR_ERR_OR_ZERO(led->ctrl_gpio); ++ if (ret) { + dev_err(dev, "cannot get ctrl-gpios %d\n", ret); + return ret; + } + + led->aux_gpio = devm_gpiod_get(dev, "aux", GPIOD_ASIS); +- if (IS_ERR(led->aux_gpio)) { +- ret = PTR_ERR(led->aux_gpio); ++ ret = PTR_ERR_OR_ZERO(led->aux_gpio); ++ if (ret) { + dev_err(dev, "cannot get aux-gpios %d\n", ret); + return ret; + } diff --git a/queue-4.4/mips-r2-on-r6-multu-maddu-msubu-emulation-bugfix.patch b/queue-4.4/mips-r2-on-r6-multu-maddu-msubu-emulation-bugfix.patch new file mode 100644 index 00000000000..43c670f9d53 --- /dev/null +++ b/queue-4.4/mips-r2-on-r6-multu-maddu-msubu-emulation-bugfix.patch @@ -0,0 +1,68 @@ +From d65e5677ad5b3a49c43f60ec07644dc1f87bbd2e Mon Sep 17 00:00:00 2001 +From: Leonid Yegoshin +Date: Thu, 25 Aug 2016 10:37:38 -0700 +Subject: MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix + +From: Leonid Yegoshin + +commit d65e5677ad5b3a49c43f60ec07644dc1f87bbd2e upstream. + +MIPS instructions MULTU, MADDU and MSUBU emulation requires registers HI/LO +to be converted to signed 32bits before 64bit sign extension on MIPS64. + +Bug was found on running MIPS32 R2 test application on MIPS64 R6 kernel. + +Fixes: b0a668fb2038 ("MIPS: kernel: mips-r2-to-r6-emul: Add R2 emulator for MIPS R6") +Signed-off-by: Leonid Yegoshin +Reported-by: Nikola.Veljkovic@imgtec.com +Cc: paul.burton@imgtec.com +Cc: yamada.masahiro@socionext.com +Cc: akpm@linux-foundation.org +Cc: andrea.gelmini@gelma.net +Cc: macro@imgtec.com +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/14043/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/mips-r2-to-r6-emul.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/arch/mips/kernel/mips-r2-to-r6-emul.c ++++ b/arch/mips/kernel/mips-r2-to-r6-emul.c +@@ -434,8 +434,8 @@ static int multu_func(struct pt_regs *re + rs = regs->regs[MIPSInst_RS(ir)]; + res = (u64)rt * (u64)rs; + rt = res; +- regs->lo = (s64)rt; +- regs->hi = (s64)(res >> 32); ++ regs->lo = (s64)(s32)rt; ++ regs->hi = (s64)(s32)(res >> 32); + + MIPS_R2_STATS(muls); + +@@ -671,9 +671,9 @@ static int maddu_func(struct pt_regs *re + res += ((((s64)rt) << 32) | (u32)rs); + + rt = res; +- regs->lo = (s64)rt; ++ regs->lo = (s64)(s32)rt; + rs = res >> 32; +- regs->hi = (s64)rs; ++ regs->hi = (s64)(s32)rs; + + MIPS_R2_STATS(dsps); + +@@ -729,9 +729,9 @@ static int msubu_func(struct pt_regs *re + res = ((((s64)rt) << 32) | (u32)rs) - res; + + rt = res; +- regs->lo = (s64)rt; ++ regs->lo = (s64)(s32)rt; + rs = res >> 32; +- regs->hi = (s64)rs; ++ regs->hi = (s64)(s32)rs; + + MIPS_R2_STATS(dsps); + diff --git a/queue-4.4/mwifiex-avoid-skipping-wep-key-deletion-for-ap.patch b/queue-4.4/mwifiex-avoid-skipping-wep-key-deletion-for-ap.patch new file mode 100644 index 00000000000..30a28f8f459 --- /dev/null +++ b/queue-4.4/mwifiex-avoid-skipping-wep-key-deletion-for-ap.patch @@ -0,0 +1,38 @@ +From a5b60de6972decc6b50a39abb376077c3c3621c8 Mon Sep 17 00:00:00 2001 +From: Ganapathi Bhat +Date: Fri, 3 Feb 2017 18:30:22 +0530 +Subject: mwifiex: Avoid skipping WEP key deletion for AP + +From: Ganapathi Bhat + +commit a5b60de6972decc6b50a39abb376077c3c3621c8 upstream. + +This patch fixes the issue specific to AP. AP is started with WEP +security and external station is connected to it. Data path works +in this case. Now if AP is restarted with WPA/WPA2 security, +station is able to connect but ping fails. + +Driver skips the deletion of WEP keys if interface type is AP. +Removing that redundant check resolves the issue. + +Fixes: e57f1734d87a ("mwifiex: add key material v2 support") +Signed-off-by: Ganapathi Bhat +Signed-off-by: Amitkumar Karwar +Signed-off-by: Kalle Valo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/mwifiex/sta_ioctl.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/net/wireless/mwifiex/sta_ioctl.c ++++ b/drivers/net/wireless/mwifiex/sta_ioctl.c +@@ -1098,8 +1098,6 @@ int mwifiex_set_encode(struct mwifiex_pr + encrypt_key.is_rx_seq_valid = true; + } + } else { +- if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) +- return 0; + encrypt_key.key_disable = true; + if (mac_addr) + memcpy(encrypt_key.mac_addr, mac_addr, ETH_ALEN); diff --git a/queue-4.4/mwifiex-debugfs-fix-sometimes-off-by-1-ssid-print.patch b/queue-4.4/mwifiex-debugfs-fix-sometimes-off-by-1-ssid-print.patch new file mode 100644 index 00000000000..6567169338f --- /dev/null +++ b/queue-4.4/mwifiex-debugfs-fix-sometimes-off-by-1-ssid-print.patch @@ -0,0 +1,51 @@ +From 6183468a23fc6b6903f8597982017ad2c7fdefcf Mon Sep 17 00:00:00 2001 +From: Brian Norris +Date: Mon, 9 Jan 2017 15:33:50 -0800 +Subject: mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print + +From: Brian Norris + +commit 6183468a23fc6b6903f8597982017ad2c7fdefcf upstream. + +Similar to commit fcd2042e8d36 ("mwifiex: printk() overflow with 32-byte +SSIDs"), we failed to account for the existence of 32-char SSIDs in our +debugfs code. Unlike in that case though, we zeroed out the containing +struct first, and I'm pretty sure we're guaranteed to have some padding +after the 'ssid.ssid' and 'ssid.ssid_len' fields (the struct is 33 bytes +long). + +So, this is the difference between: + + # cat /sys/kernel/debug/mwifiex/mlan0/info + ... + essid="0123456789abcdef0123456789abcdef " + ... + +and the correct output: + + # cat /sys/kernel/debug/mwifiex/mlan0/info + ... + essid="0123456789abcdef0123456789abcdef" + ... + +Fixes: 5e6e3a92b9a4 ("wireless: mwifiex: initial commit for Marvell mwifiex driver") +Signed-off-by: Brian Norris +Signed-off-by: Kalle Valo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/mwifiex/debugfs.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/mwifiex/debugfs.c ++++ b/drivers/net/wireless/mwifiex/debugfs.c +@@ -115,7 +115,8 @@ mwifiex_info_read(struct file *file, cha + if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) { + p += sprintf(p, "multicast_count=\"%d\"\n", + netdev_mc_count(netdev)); +- p += sprintf(p, "essid=\"%s\"\n", info.ssid.ssid); ++ p += sprintf(p, "essid=\"%.*s\"\n", info.ssid.ssid_len, ++ info.ssid.ssid); + p += sprintf(p, "bssid=\"%pM\"\n", info.bssid); + p += sprintf(p, "channel=\"%d\"\n", (int) info.bss_chan); + p += sprintf(p, "country_code = \"%s\"\n", info.country_code); diff --git a/queue-4.4/mwifiex-remove-redundant-dma-padding-in-amsdu.patch b/queue-4.4/mwifiex-remove-redundant-dma-padding-in-amsdu.patch new file mode 100644 index 00000000000..08928557396 --- /dev/null +++ b/queue-4.4/mwifiex-remove-redundant-dma-padding-in-amsdu.patch @@ -0,0 +1,95 @@ +From 5f0a221f59ad6b72202ef9c6e232086de8c336f2 Mon Sep 17 00:00:00 2001 +From: Xinming Hu +Date: Wed, 11 Jan 2017 21:41:24 +0530 +Subject: mwifiex: remove redundant dma padding in AMSDU + +From: Xinming Hu + +commit 5f0a221f59ad6b72202ef9c6e232086de8c336f2 upstream. + +We already ensure 64 bytes alignment and add padding if required +during skb_aggr allocation. + +Alignment and padding in mwifiex_11n_form_amsdu_txpd() is redundant. +We may end up accessing more data than allocated size with this. + +This patch fixes following issue by removing redundant padding. + +[ 370.241338] skbuff: skb_over_panic: text:ffffffffc046946a len:3550 +put:72 head:ffff880000110000 data:ffff8800001100e4 tail:0xec2 end:0xec0 dev: +[ 370.241374] ------------[ cut here ]------------ +[ 370.241382] kernel BUG at net/core/skbuff.c:104! + 370.244032] Call Trace: +[ 370.244041] [] skb_put+0x44/0x45 +[ 370.244055] [] +mwifiex_11n_aggregate_pkt+0x1e9/0xa50 [mwifiex] +[ 370.244067] [] mwifiex_wmm_process_tx+0x44a/0x6b7 +[mwifiex] +[ 370.244074] [] ? 0xffffffffc0411eb8 +[ 370.244084] [] mwifiex_main_process+0x476/0x5a5 +[mwifiex] +[ 370.244098] [] mwifiex_main_process+0x5a3/0x5a5 +[mwifiex] +[ 370.244113] [] process_one_work+0x1a4/0x309 +[ 370.244123] [] worker_thread+0x20c/0x2ee +[ 370.244130] [] ? rescuer_thread+0x383/0x383 +[ 370.244136] [] ? rescuer_thread+0x383/0x383 +[ 370.244143] [] kthread+0x11c/0x124 +[ 370.244150] [] ? kthread_parkme+0x24/0x24 +[ 370.244157] [] ret_from_fork+0x3f/0x70 +[ 370.244168] [] ? kthread_parkme+0x24/0x24 + +Fixes: 84b313b35f8158d ("mwifiex: make tx packet 64 byte DMA aligned") +Signed-off-by: Xinming Hu +Signed-off-by: Amitkumar Karwar +Signed-off-by: Kalle Valo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/mwifiex/11n_aggr.c | 19 +++++++------------ + 1 file changed, 7 insertions(+), 12 deletions(-) + +--- a/drivers/net/wireless/mwifiex/11n_aggr.c ++++ b/drivers/net/wireless/mwifiex/11n_aggr.c +@@ -101,13 +101,6 @@ mwifiex_11n_form_amsdu_txpd(struct mwifi + { + struct txpd *local_tx_pd; + struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb); +- unsigned int pad; +- int headroom = (priv->adapter->iface_type == +- MWIFIEX_USB) ? 0 : INTF_HEADER_LEN; +- +- pad = ((void *)skb->data - sizeof(*local_tx_pd) - +- headroom - NULL) & (MWIFIEX_DMA_ALIGN_SZ - 1); +- skb_push(skb, pad); + + skb_push(skb, sizeof(*local_tx_pd)); + +@@ -121,12 +114,10 @@ mwifiex_11n_form_amsdu_txpd(struct mwifi + local_tx_pd->bss_num = priv->bss_num; + local_tx_pd->bss_type = priv->bss_type; + /* Always zero as the data is followed by struct txpd */ +- local_tx_pd->tx_pkt_offset = cpu_to_le16(sizeof(struct txpd) + +- pad); ++ local_tx_pd->tx_pkt_offset = cpu_to_le16(sizeof(struct txpd)); + local_tx_pd->tx_pkt_type = cpu_to_le16(PKT_TYPE_AMSDU); + local_tx_pd->tx_pkt_length = cpu_to_le16(skb->len - +- sizeof(*local_tx_pd) - +- pad); ++ sizeof(*local_tx_pd)); + + if (tx_info->flags & MWIFIEX_BUF_FLAG_TDLS_PKT) + local_tx_pd->flags |= MWIFIEX_TXPD_FLAGS_TDLS_PACKET; +@@ -190,7 +181,11 @@ mwifiex_11n_aggregate_pkt(struct mwifiex + ra_list_flags); + return -1; + } +- skb_reserve(skb_aggr, MWIFIEX_MIN_DATA_HEADER_LEN); ++ ++ /* skb_aggr->data already 64 byte align, just reserve bus interface ++ * header and txpd. ++ */ ++ skb_reserve(skb_aggr, headroom + sizeof(struct txpd)); + tx_info_aggr = MWIFIEX_SKB_TXCB(skb_aggr); + + memset(tx_info_aggr, 0, sizeof(*tx_info_aggr)); diff --git a/queue-4.4/phy-qcom-usb-hs-add-depends-on-extcon.patch b/queue-4.4/phy-qcom-usb-hs-add-depends-on-extcon.patch new file mode 100644 index 00000000000..de510db3281 --- /dev/null +++ b/queue-4.4/phy-qcom-usb-hs-add-depends-on-extcon.patch @@ -0,0 +1,42 @@ +From 1a09b6a7c10e22c489a8b212dd6862b1fd9674ad Mon Sep 17 00:00:00 2001 +From: Stephen Boyd +Date: Thu, 9 Mar 2017 13:45:44 +0530 +Subject: phy: qcom-usb-hs: Add depends on EXTCON + +From: Stephen Boyd + +commit 1a09b6a7c10e22c489a8b212dd6862b1fd9674ad upstream. + +We get the following compile errors if EXTCON is enabled as a +module but this driver is builtin: + +drivers/built-in.o: In function `qcom_usb_hs_phy_power_off': +phy-qcom-usb-hs.c:(.text+0x1089): undefined reference to `extcon_unregister_notifier' +drivers/built-in.o: In function `qcom_usb_hs_phy_probe': +phy-qcom-usb-hs.c:(.text+0x11b5): undefined reference to `extcon_get_edev_by_phandle' +drivers/built-in.o: In function `qcom_usb_hs_phy_power_on': +phy-qcom-usb-hs.c:(.text+0x128e): undefined reference to `extcon_get_state' +phy-qcom-usb-hs.c:(.text+0x12a9): undefined reference to `extcon_register_notifier' + +so let's mark this as needing to follow the modular status of +the extcon framework. + +Fixes: 9994a33865f4 e2427b09ba929c2b9 (phy: Add support for Qualcomm's USB HS phy") +Signed-off-by: Stephen Boyd +Signed-off-by: Kishon Vijay Abraham I +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/phy/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/phy/Kconfig ++++ b/drivers/phy/Kconfig +@@ -368,6 +368,7 @@ config PHY_QCOM_UFS + config PHY_TUSB1210 + tristate "TI TUSB1210 ULPI PHY module" + depends on USB_ULPI_BUS ++ depends on EXTCON || !EXTCON # if EXTCON=m, this cannot be built-in + select GENERIC_PHY + help + Support for TI TUSB1210 USB ULPI PHY. diff --git a/queue-4.4/power-supply-bq24190_charger-call-power_supply_changed-for-relevant-component.patch b/queue-4.4/power-supply-bq24190_charger-call-power_supply_changed-for-relevant-component.patch new file mode 100644 index 00000000000..b6337d816ef --- /dev/null +++ b/queue-4.4/power-supply-bq24190_charger-call-power_supply_changed-for-relevant-component.patch @@ -0,0 +1,143 @@ +From 2d9fee6a42ea170e4378b3363a7ad385d0e67281 Mon Sep 17 00:00:00 2001 +From: Liam Breck +Date: Wed, 18 Jan 2017 09:26:52 -0800 +Subject: power: supply: bq24190_charger: Call power_supply_changed() for relevant component + +From: Liam Breck + +commit 2d9fee6a42ea170e4378b3363a7ad385d0e67281 upstream. + +We wrongly get uevents for bq24190-charger and bq24190-battery on every +register change. + +Fix by checking the association with charger and battery before +emitting uevent(s). + +Fixes: d7bf353fd0aa3 ("bq24190_charger: Add support for TI BQ24190 Battery Charger") +Signed-off-by: Liam Breck +Acked-by: Mark Greer +Acked-by: Tony Lindgren +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/bq24190_charger.c | 50 +++++++++++++++++++++------------------- + 1 file changed, 27 insertions(+), 23 deletions(-) + +--- a/drivers/power/bq24190_charger.c ++++ b/drivers/power/bq24190_charger.c +@@ -159,7 +159,6 @@ struct bq24190_dev_info { + unsigned int gpio_int; + unsigned int irq; + struct mutex f_reg_lock; +- bool first_time; + bool charger_health_valid; + bool battery_health_valid; + bool battery_status_valid; +@@ -1197,7 +1196,10 @@ static const struct power_supply_desc bq + static irqreturn_t bq24190_irq_handler_thread(int irq, void *data) + { + struct bq24190_dev_info *bdi = data; +- bool alert_userspace = false; ++ const u8 battery_mask_ss = BQ24190_REG_SS_CHRG_STAT_MASK; ++ const u8 battery_mask_f = BQ24190_REG_F_BAT_FAULT_MASK ++ | BQ24190_REG_F_NTC_FAULT_MASK; ++ bool alert_charger = false, alert_battery = false; + u8 ss_reg = 0, f_reg = 0; + int ret; + +@@ -1225,8 +1227,12 @@ static irqreturn_t bq24190_irq_handler_t + ret); + } + ++ if ((bdi->ss_reg & battery_mask_ss) != (ss_reg & battery_mask_ss)) ++ alert_battery = true; ++ if ((bdi->ss_reg & ~battery_mask_ss) != (ss_reg & ~battery_mask_ss)) ++ alert_charger = true; ++ + bdi->ss_reg = ss_reg; +- alert_userspace = true; + } + + mutex_lock(&bdi->f_reg_lock); +@@ -1239,33 +1245,23 @@ static irqreturn_t bq24190_irq_handler_t + } + + if (f_reg != bdi->f_reg) { ++ if ((bdi->f_reg & battery_mask_f) != (f_reg & battery_mask_f)) ++ alert_battery = true; ++ if ((bdi->f_reg & ~battery_mask_f) != (f_reg & ~battery_mask_f)) ++ alert_charger = true; ++ + bdi->f_reg = f_reg; + bdi->charger_health_valid = true; + bdi->battery_health_valid = true; + bdi->battery_status_valid = true; +- +- alert_userspace = true; + } + + mutex_unlock(&bdi->f_reg_lock); + +- /* +- * Sometimes bq24190 gives a steady trickle of interrupts even +- * though the watchdog timer is turned off and neither the STATUS +- * nor FAULT registers have changed. Weed out these sprurious +- * interrupts so userspace isn't alerted for no reason. +- * In addition, the chip always generates an interrupt after +- * register reset so we should ignore that one (the very first +- * interrupt received). +- */ +- if (alert_userspace) { +- if (!bdi->first_time) { +- power_supply_changed(bdi->charger); +- power_supply_changed(bdi->battery); +- } else { +- bdi->first_time = false; +- } +- } ++ if (alert_charger) ++ power_supply_changed(bdi->charger); ++ if (alert_battery) ++ power_supply_changed(bdi->battery); + + out: + pm_runtime_put_sync(bdi->dev); +@@ -1300,6 +1296,10 @@ static int bq24190_hw_init(struct bq2419 + goto out; + + ret = bq24190_set_mode_host(bdi); ++ if (ret < 0) ++ goto out; ++ ++ ret = bq24190_read(bdi, BQ24190_REG_SS, &bdi->ss_reg); + out: + pm_runtime_put_sync(bdi->dev); + return ret; +@@ -1375,7 +1375,8 @@ static int bq24190_probe(struct i2c_clie + bdi->model = id->driver_data; + strncpy(bdi->model_name, id->name, I2C_NAME_SIZE); + mutex_init(&bdi->f_reg_lock); +- bdi->first_time = true; ++ bdi->f_reg = 0; ++ bdi->ss_reg = BQ24190_REG_SS_VBUS_STAT_MASK; /* impossible state */ + bdi->charger_health_valid = false; + bdi->battery_health_valid = false; + bdi->battery_status_valid = false; +@@ -1489,6 +1490,8 @@ static int bq24190_pm_resume(struct devi + struct i2c_client *client = to_i2c_client(dev); + struct bq24190_dev_info *bdi = i2c_get_clientdata(client); + ++ bdi->f_reg = 0; ++ bdi->ss_reg = BQ24190_REG_SS_VBUS_STAT_MASK; /* impossible state */ + bdi->charger_health_valid = false; + bdi->battery_health_valid = false; + bdi->battery_status_valid = false; +@@ -1496,6 +1499,7 @@ static int bq24190_pm_resume(struct devi + pm_runtime_get_sync(bdi->dev); + bq24190_register_reset(bdi); + bq24190_set_mode_host(bdi); ++ bq24190_read(bdi, BQ24190_REG_SS, &bdi->ss_reg); + pm_runtime_put_sync(bdi->dev); + + /* Things may have changed while suspended so alert upper layer */ diff --git a/queue-4.4/power-supply-bq24190_charger-call-set_mode_host-on-pm_resume.patch b/queue-4.4/power-supply-bq24190_charger-call-set_mode_host-on-pm_resume.patch new file mode 100644 index 00000000000..c518118dedb --- /dev/null +++ b/queue-4.4/power-supply-bq24190_charger-call-set_mode_host-on-pm_resume.patch @@ -0,0 +1,34 @@ +From e05ad7e0741ce0505e1df157c62b22b95172bb97 Mon Sep 17 00:00:00 2001 +From: Liam Breck +Date: Wed, 18 Jan 2017 09:26:49 -0800 +Subject: power: supply: bq24190_charger: Call set_mode_host() on pm_resume() + +From: Liam Breck + +commit e05ad7e0741ce0505e1df157c62b22b95172bb97 upstream. + +pm_resume() does a register_reset() which clears charger host mode. + +Fix by calling set_mode_host() after the reset. + +Fixes: d7bf353fd0aa3 ("bq24190_charger: Add support for TI BQ24190 Battery Charger") +Signed-off-by: Liam Breck +Acked-by: Mark Greer +Acked-by: Tony Lindgren +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/bq24190_charger.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/power/bq24190_charger.c ++++ b/drivers/power/bq24190_charger.c +@@ -1494,6 +1494,7 @@ static int bq24190_pm_resume(struct devi + + pm_runtime_get_sync(bdi->dev); + bq24190_register_reset(bdi); ++ bq24190_set_mode_host(bdi); + pm_runtime_put_sync(bdi->dev); + + /* Things may have changed while suspended so alert upper layer */ diff --git a/queue-4.4/power-supply-bq24190_charger-don-t-read-fault-register-outside-irq_handle_thread.patch b/queue-4.4/power-supply-bq24190_charger-don-t-read-fault-register-outside-irq_handle_thread.patch new file mode 100644 index 00000000000..0bfd4b6775e --- /dev/null +++ b/queue-4.4/power-supply-bq24190_charger-don-t-read-fault-register-outside-irq_handle_thread.patch @@ -0,0 +1,212 @@ +From 68abfb8015832ddf728b911769659468efaf8bd9 Mon Sep 17 00:00:00 2001 +From: Liam Breck +Date: Wed, 18 Jan 2017 09:26:53 -0800 +Subject: power: supply: bq24190_charger: Don't read fault register outside irq_handle_thread() + +From: Liam Breck + +commit 68abfb8015832ddf728b911769659468efaf8bd9 upstream. + +Caching the fault register after a single I2C read may not keep an accurate +value. + +Fix by doing two reads in irq_handle_thread() and using the cached value +elsewhere. If a safety timer fault later clears itself, we apparently don't get +an interrupt (INT), however other interrupts would refresh the register cache. + +From the data sheet: "When a fault occurs, the charger device sends out INT + and keeps the fault state in REG09 until the host reads the fault register. + Before the host reads REG09 and all the faults are cleared, the charger + device would not send any INT upon new faults. In order to read the + current fault status, the host has to read REG09 two times consecutively. + The 1st reads fault register status from the last read [1] and the 2nd reads + the current fault register status." + +[1] presumably a typo; should be "last fault" + +Fixes: d7bf353fd0aa3 ("bq24190_charger: Add support for TI BQ24190 Battery Charger") +Signed-off-by: Liam Breck +Acked-by: Mark Greer +Acked-by: Tony Lindgren +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/bq24190_charger.c | 94 +++++++++++----------------------------- + 1 file changed, 27 insertions(+), 67 deletions(-) + +--- a/drivers/power/bq24190_charger.c ++++ b/drivers/power/bq24190_charger.c +@@ -144,10 +144,7 @@ + * so the first read after a fault returns the latched value and subsequent + * reads return the current value. In order to return the fault status + * to the user, have the interrupt handler save the reg's value and retrieve +- * it in the appropriate health/status routine. Each routine has its own +- * flag indicating whether it should use the value stored by the last run +- * of the interrupt handler or do an actual reg read. That way each routine +- * can report back whatever fault may have occured. ++ * it in the appropriate health/status routine. + */ + struct bq24190_dev_info { + struct i2c_client *client; +@@ -159,9 +156,6 @@ struct bq24190_dev_info { + unsigned int gpio_int; + unsigned int irq; + struct mutex f_reg_lock; +- bool charger_health_valid; +- bool battery_health_valid; +- bool battery_status_valid; + u8 f_reg; + u8 ss_reg; + u8 watchdog; +@@ -635,21 +629,11 @@ static int bq24190_charger_get_health(st + union power_supply_propval *val) + { + u8 v; +- int health, ret; ++ int health; + + mutex_lock(&bdi->f_reg_lock); +- +- if (bdi->charger_health_valid) { +- v = bdi->f_reg; +- bdi->charger_health_valid = false; +- mutex_unlock(&bdi->f_reg_lock); +- } else { +- mutex_unlock(&bdi->f_reg_lock); +- +- ret = bq24190_read(bdi, BQ24190_REG_F, &v); +- if (ret < 0) +- return ret; +- } ++ v = bdi->f_reg; ++ mutex_unlock(&bdi->f_reg_lock); + + if (v & BQ24190_REG_F_BOOST_FAULT_MASK) { + /* +@@ -936,18 +920,8 @@ static int bq24190_battery_get_status(st + int status, ret; + + mutex_lock(&bdi->f_reg_lock); +- +- if (bdi->battery_status_valid) { +- chrg_fault = bdi->f_reg; +- bdi->battery_status_valid = false; +- mutex_unlock(&bdi->f_reg_lock); +- } else { +- mutex_unlock(&bdi->f_reg_lock); +- +- ret = bq24190_read(bdi, BQ24190_REG_F, &chrg_fault); +- if (ret < 0) +- return ret; +- } ++ chrg_fault = bdi->f_reg; ++ mutex_unlock(&bdi->f_reg_lock); + + chrg_fault &= BQ24190_REG_F_CHRG_FAULT_MASK; + chrg_fault >>= BQ24190_REG_F_CHRG_FAULT_SHIFT; +@@ -995,21 +969,11 @@ static int bq24190_battery_get_health(st + union power_supply_propval *val) + { + u8 v; +- int health, ret; ++ int health; + + mutex_lock(&bdi->f_reg_lock); +- +- if (bdi->battery_health_valid) { +- v = bdi->f_reg; +- bdi->battery_health_valid = false; +- mutex_unlock(&bdi->f_reg_lock); +- } else { +- mutex_unlock(&bdi->f_reg_lock); +- +- ret = bq24190_read(bdi, BQ24190_REG_F, &v); +- if (ret < 0) +- return ret; +- } ++ v = bdi->f_reg; ++ mutex_unlock(&bdi->f_reg_lock); + + if (v & BQ24190_REG_F_BAT_FAULT_MASK) { + health = POWER_SUPPLY_HEALTH_OVERVOLTAGE; +@@ -1201,7 +1165,7 @@ static irqreturn_t bq24190_irq_handler_t + | BQ24190_REG_F_NTC_FAULT_MASK; + bool alert_charger = false, alert_battery = false; + u8 ss_reg = 0, f_reg = 0; +- int ret; ++ int i, ret; + + pm_runtime_get_sync(bdi->dev); + +@@ -1231,33 +1195,35 @@ static irqreturn_t bq24190_irq_handler_t + alert_battery = true; + if ((bdi->ss_reg & ~battery_mask_ss) != (ss_reg & ~battery_mask_ss)) + alert_charger = true; +- + bdi->ss_reg = ss_reg; + } + +- mutex_lock(&bdi->f_reg_lock); +- +- ret = bq24190_read(bdi, BQ24190_REG_F, &f_reg); +- if (ret < 0) { +- mutex_unlock(&bdi->f_reg_lock); +- dev_err(bdi->dev, "Can't read F reg: %d\n", ret); +- goto out; +- } ++ i = 0; ++ do { ++ ret = bq24190_read(bdi, BQ24190_REG_F, &f_reg); ++ if (ret < 0) { ++ dev_err(bdi->dev, "Can't read F reg: %d\n", ret); ++ goto out; ++ } ++ } while (f_reg && ++i < 2); + + if (f_reg != bdi->f_reg) { ++ dev_info(bdi->dev, ++ "Fault: boost %d, charge %d, battery %d, ntc %d\n", ++ !!(f_reg & BQ24190_REG_F_BOOST_FAULT_MASK), ++ !!(f_reg & BQ24190_REG_F_CHRG_FAULT_MASK), ++ !!(f_reg & BQ24190_REG_F_BAT_FAULT_MASK), ++ !!(f_reg & BQ24190_REG_F_NTC_FAULT_MASK)); ++ ++ mutex_lock(&bdi->f_reg_lock); + if ((bdi->f_reg & battery_mask_f) != (f_reg & battery_mask_f)) + alert_battery = true; + if ((bdi->f_reg & ~battery_mask_f) != (f_reg & ~battery_mask_f)) + alert_charger = true; +- + bdi->f_reg = f_reg; +- bdi->charger_health_valid = true; +- bdi->battery_health_valid = true; +- bdi->battery_status_valid = true; ++ mutex_unlock(&bdi->f_reg_lock); + } + +- mutex_unlock(&bdi->f_reg_lock); +- + if (alert_charger) + power_supply_changed(bdi->charger); + if (alert_battery) +@@ -1377,9 +1343,6 @@ static int bq24190_probe(struct i2c_clie + mutex_init(&bdi->f_reg_lock); + bdi->f_reg = 0; + bdi->ss_reg = BQ24190_REG_SS_VBUS_STAT_MASK; /* impossible state */ +- bdi->charger_health_valid = false; +- bdi->battery_health_valid = false; +- bdi->battery_status_valid = false; + + i2c_set_clientdata(client, bdi); + +@@ -1492,9 +1455,6 @@ static int bq24190_pm_resume(struct devi + + bdi->f_reg = 0; + bdi->ss_reg = BQ24190_REG_SS_VBUS_STAT_MASK; /* impossible state */ +- bdi->charger_health_valid = false; +- bdi->battery_health_valid = false; +- bdi->battery_status_valid = false; + + pm_runtime_get_sync(bdi->dev); + bq24190_register_reset(bdi); diff --git a/queue-4.4/power-supply-bq24190_charger-fix-irq-trigger-to-irqf_trigger_falling.patch b/queue-4.4/power-supply-bq24190_charger-fix-irq-trigger-to-irqf_trigger_falling.patch new file mode 100644 index 00000000000..6949f762800 --- /dev/null +++ b/queue-4.4/power-supply-bq24190_charger-fix-irq-trigger-to-irqf_trigger_falling.patch @@ -0,0 +1,39 @@ +From 767eee362fd72bb2ca44cc80419ca4b38c6d8369 Mon Sep 17 00:00:00 2001 +From: Liam Breck +Date: Wed, 18 Jan 2017 09:26:48 -0800 +Subject: power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING + +From: Liam Breck + +commit 767eee362fd72bb2ca44cc80419ca4b38c6d8369 upstream. + +The interrupt signal is TRIGGER_FALLING. This is is specified in the +data sheet PIN FUNCTIONS: "The INT pin sends active low, 256us +pulse to host to report charger device status and fault." + +Also the direction can be seen in the data sheet Figure 37 "BQ24190 +with D+/D- Detection and USB On-The-Go (OTG)" which shows a 10k +pull-up resistor installed for the sample configurations. + +Fixes: d7bf353fd0aa3 ("bq24190_charger: Add support for TI BQ24190 Battery Charger") +Signed-off-by: Liam Breck +Acked-by: Mark Greer +Acked-by: Tony Lindgren +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/bq24190_charger.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/power/bq24190_charger.c ++++ b/drivers/power/bq24190_charger.c +@@ -1394,7 +1394,7 @@ static int bq24190_probe(struct i2c_clie + + ret = devm_request_threaded_irq(dev, bdi->irq, NULL, + bq24190_irq_handler_thread, +- IRQF_TRIGGER_RISING | IRQF_ONESHOT, ++ IRQF_TRIGGER_FALLING | IRQF_ONESHOT, + "bq24190-charger", bdi); + if (ret < 0) { + dev_err(dev, "Can't set up irq handler\n"); diff --git a/queue-4.4/power-supply-bq24190_charger-handle-fault-before-status-on-interrupt.patch b/queue-4.4/power-supply-bq24190_charger-handle-fault-before-status-on-interrupt.patch new file mode 100644 index 00000000000..9759ee9f227 --- /dev/null +++ b/queue-4.4/power-supply-bq24190_charger-handle-fault-before-status-on-interrupt.patch @@ -0,0 +1,87 @@ +From ba52e75718784fda1b683ee0bfded72a0b83b047 Mon Sep 17 00:00:00 2001 +From: Liam Breck +Date: Wed, 18 Jan 2017 09:26:54 -0800 +Subject: power: supply: bq24190_charger: Handle fault before status on interrupt + +From: Liam Breck + +commit ba52e75718784fda1b683ee0bfded72a0b83b047 upstream. + +Reading both fault and status registers and logging any fault should +take priority over handling status register update. + +Fix by moving the status handling to later in interrupt routine. + +Fixes: d7bf353fd0aa3 ("bq24190_charger: Add support for TI BQ24190 Battery Charger") +Signed-off-by: Liam Breck +Acked-by: Mark Greer +Acked-by: Tony Lindgren +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/bq24190_charger.c | 46 ++++++++++++++++++++-------------------- + 1 file changed, 23 insertions(+), 23 deletions(-) + +--- a/drivers/power/bq24190_charger.c ++++ b/drivers/power/bq24190_charger.c +@@ -1175,29 +1175,6 @@ static irqreturn_t bq24190_irq_handler_t + goto out; + } + +- if (ss_reg != bdi->ss_reg) { +- /* +- * The device is in host mode so when PG_STAT goes from 1->0 +- * (i.e., power removed) HIZ needs to be disabled. +- */ +- if ((bdi->ss_reg & BQ24190_REG_SS_PG_STAT_MASK) && +- !(ss_reg & BQ24190_REG_SS_PG_STAT_MASK)) { +- ret = bq24190_write_mask(bdi, BQ24190_REG_ISC, +- BQ24190_REG_ISC_EN_HIZ_MASK, +- BQ24190_REG_ISC_EN_HIZ_SHIFT, +- 0); +- if (ret < 0) +- dev_err(bdi->dev, "Can't access ISC reg: %d\n", +- ret); +- } +- +- if ((bdi->ss_reg & battery_mask_ss) != (ss_reg & battery_mask_ss)) +- alert_battery = true; +- if ((bdi->ss_reg & ~battery_mask_ss) != (ss_reg & ~battery_mask_ss)) +- alert_charger = true; +- bdi->ss_reg = ss_reg; +- } +- + i = 0; + do { + ret = bq24190_read(bdi, BQ24190_REG_F, &f_reg); +@@ -1224,6 +1201,29 @@ static irqreturn_t bq24190_irq_handler_t + mutex_unlock(&bdi->f_reg_lock); + } + ++ if (ss_reg != bdi->ss_reg) { ++ /* ++ * The device is in host mode so when PG_STAT goes from 1->0 ++ * (i.e., power removed) HIZ needs to be disabled. ++ */ ++ if ((bdi->ss_reg & BQ24190_REG_SS_PG_STAT_MASK) && ++ !(ss_reg & BQ24190_REG_SS_PG_STAT_MASK)) { ++ ret = bq24190_write_mask(bdi, BQ24190_REG_ISC, ++ BQ24190_REG_ISC_EN_HIZ_MASK, ++ BQ24190_REG_ISC_EN_HIZ_SHIFT, ++ 0); ++ if (ret < 0) ++ dev_err(bdi->dev, "Can't access ISC reg: %d\n", ++ ret); ++ } ++ ++ if ((bdi->ss_reg & battery_mask_ss) != (ss_reg & battery_mask_ss)) ++ alert_battery = true; ++ if ((bdi->ss_reg & ~battery_mask_ss) != (ss_reg & ~battery_mask_ss)) ++ alert_charger = true; ++ bdi->ss_reg = ss_reg; ++ } ++ + if (alert_charger) + power_supply_changed(bdi->charger); + if (alert_battery) diff --git a/queue-4.4/power-supply-bq24190_charger-install-irq_handler_thread-at-end-of-probe.patch b/queue-4.4/power-supply-bq24190_charger-install-irq_handler_thread-at-end-of-probe.patch new file mode 100644 index 00000000000..d52f0fee55c --- /dev/null +++ b/queue-4.4/power-supply-bq24190_charger-install-irq_handler_thread-at-end-of-probe.patch @@ -0,0 +1,100 @@ +From d62acc5ef0621463446091ebd7a345e06e9ab80c Mon Sep 17 00:00:00 2001 +From: Liam Breck +Date: Wed, 18 Jan 2017 09:26:50 -0800 +Subject: power: supply: bq24190_charger: Install irq_handler_thread() at end of probe() + +From: Liam Breck + +commit d62acc5ef0621463446091ebd7a345e06e9ab80c upstream. + +The device specific data is not fully initialized on +request_threaded_irq(). This may cause a crash when the IRQ handler +tries to reference them. + +Fix the issue by installing IRQ handler at the end of the probe. + +Fixes: d7bf353fd0aa3 ("bq24190_charger: Add support for TI BQ24190 Battery Charger") +Signed-off-by: Liam Breck +Acked-by: Mark Greer +Acked-by: Tony Lindgren +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/power/bq24190_charger.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +--- a/drivers/power/bq24190_charger.c ++++ b/drivers/power/bq24190_charger.c +@@ -1392,22 +1392,13 @@ static int bq24190_probe(struct i2c_clie + return -EINVAL; + } + +- ret = devm_request_threaded_irq(dev, bdi->irq, NULL, +- bq24190_irq_handler_thread, +- IRQF_TRIGGER_FALLING | IRQF_ONESHOT, +- "bq24190-charger", bdi); +- if (ret < 0) { +- dev_err(dev, "Can't set up irq handler\n"); +- goto out1; +- } +- + pm_runtime_enable(dev); + pm_runtime_resume(dev); + + ret = bq24190_hw_init(bdi); + if (ret < 0) { + dev_err(dev, "Hardware init failed\n"); +- goto out2; ++ goto out1; + } + + charger_cfg.drv_data = bdi; +@@ -1418,7 +1409,7 @@ static int bq24190_probe(struct i2c_clie + if (IS_ERR(bdi->charger)) { + dev_err(dev, "Can't register charger\n"); + ret = PTR_ERR(bdi->charger); +- goto out2; ++ goto out1; + } + + battery_cfg.drv_data = bdi; +@@ -1427,24 +1418,34 @@ static int bq24190_probe(struct i2c_clie + if (IS_ERR(bdi->battery)) { + dev_err(dev, "Can't register battery\n"); + ret = PTR_ERR(bdi->battery); +- goto out3; ++ goto out2; + } + + ret = bq24190_sysfs_create_group(bdi); + if (ret) { + dev_err(dev, "Can't create sysfs entries\n"); ++ goto out3; ++ } ++ ++ ret = devm_request_threaded_irq(dev, bdi->irq, NULL, ++ bq24190_irq_handler_thread, ++ IRQF_TRIGGER_FALLING | IRQF_ONESHOT, ++ "bq24190-charger", bdi); ++ if (ret < 0) { ++ dev_err(dev, "Can't set up irq handler\n"); + goto out4; + } + + return 0; + + out4: +- power_supply_unregister(bdi->battery); ++ bq24190_sysfs_remove_group(bdi); + out3: +- power_supply_unregister(bdi->charger); ++ power_supply_unregister(bdi->battery); + out2: +- pm_runtime_disable(dev); ++ power_supply_unregister(bdi->charger); + out1: ++ pm_runtime_disable(dev); + if (bdi->gpio_int) + gpio_free(bdi->gpio_int); + diff --git a/queue-4.4/powerpc-powernv-fix-opal_exit-tracepoint-opcode.patch b/queue-4.4/powerpc-powernv-fix-opal_exit-tracepoint-opcode.patch new file mode 100644 index 00000000000..5b729c86551 --- /dev/null +++ b/queue-4.4/powerpc-powernv-fix-opal_exit-tracepoint-opcode.patch @@ -0,0 +1,45 @@ +From a7e0fb6c2029a780444d09560f739e020d54fe4d Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Tue, 7 Feb 2017 21:01:01 +1100 +Subject: powerpc/powernv: Fix opal_exit tracepoint opcode + +From: Michael Ellerman + +commit a7e0fb6c2029a780444d09560f739e020d54fe4d upstream. + +Currently the opal_exit tracepoint usually shows the opcode as 0: + + -0 [047] d.h. 635.654292: opal_entry: opcode=63 + -0 [047] d.h. 635.654296: opal_exit: opcode=0 retval=0 + kopald-1209 [019] d... 636.420943: opal_entry: opcode=10 + kopald-1209 [019] d... 636.420959: opal_exit: opcode=0 retval=0 + +This is because we incorrectly load the opcode into r0 before calling +__trace_opal_exit(), whereas it expects the opcode in r3 (first function +parameter). In fact we are leaving the retval in r3, so opcode and +retval will always show the same value. + +Instead load the opcode into r3, resulting in: + + -0 [040] d.h. 636.618625: opal_entry: opcode=63 + -0 [040] d.h. 636.618627: opal_exit: opcode=63 retval=0 + +Fixes: c49f63530bb6 ("powernv: Add OPAL tracepoints") +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/powernv/opal-wrappers.S | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/platforms/powernv/opal-wrappers.S ++++ b/arch/powerpc/platforms/powernv/opal-wrappers.S +@@ -148,7 +148,7 @@ opal_tracepoint_entry: + opal_tracepoint_return: + std r3,STK_REG(R31)(r1) + mr r4,r3 +- ld r0,STK_REG(R23)(r1) ++ ld r3,STK_REG(R23)(r1) + bl __trace_opal_exit + ld r3,STK_REG(R31)(r1) + addi r1,r1,STACKFRAMESIZE diff --git a/queue-4.4/revert-kvm-nested-vmx-disable-perf-cpuid-reporting.patch b/queue-4.4/revert-kvm-nested-vmx-disable-perf-cpuid-reporting.patch new file mode 100644 index 00000000000..86b7af500a8 --- /dev/null +++ b/queue-4.4/revert-kvm-nested-vmx-disable-perf-cpuid-reporting.patch @@ -0,0 +1,55 @@ +From 0b4c208d443ba2af82b4c70f99ca8df31e9a0020 Mon Sep 17 00:00:00 2001 +From: Jim Mattson +Date: Tue, 20 Dec 2016 16:34:50 -0800 +Subject: Revert "KVM: nested VMX: disable perf cpuid reporting" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jim Mattson + +commit 0b4c208d443ba2af82b4c70f99ca8df31e9a0020 upstream. + +This reverts commit bc6134942dbbf31c25e9bd7c876be5da81c9e1ce. + +A CPUID instruction executed in VMX non-root mode always causes a +VM-exit, regardless of the leaf being queried. + +Fixes: bc6134942dbb ("KVM: nested VMX: disable perf cpuid reporting") +Signed-off-by: Jim Mattson +[The issue solved by bc6134942dbb has been resolved with ff651cb613b4 + ("KVM: nVMX: Add nested msr load/restore algorithm").] +Signed-off-by: Radim Krčmář +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/cpuid.c | 6 ------ + arch/x86/kvm/vmx.c | 2 -- + 2 files changed, 8 deletions(-) + +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -818,12 +818,6 @@ void kvm_cpuid(struct kvm_vcpu *vcpu, u3 + if (!best) + best = check_cpuid_limit(vcpu, function, index); + +- /* +- * Perfmon not yet supported for L2 guest. +- */ +- if (is_guest_mode(vcpu) && function == 0xa) +- best = NULL; +- + if (best) { + *eax = best->eax; + *ebx = best->ebx; +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -7754,8 +7754,6 @@ static bool nested_vmx_exit_handled(stru + case EXIT_REASON_TASK_SWITCH: + return true; + case EXIT_REASON_CPUID: +- if (kvm_register_read(vcpu, VCPU_REGS_RAX) == 0xa) +- return false; + return true; + case EXIT_REASON_HLT: + return nested_cpu_has(vmcs12, CPU_BASED_HLT_EXITING); diff --git a/queue-4.4/scsi-mac_scsi-fix-mac_scsi-m-option-when-scsi-m.patch b/queue-4.4/scsi-mac_scsi-fix-mac_scsi-m-option-when-scsi-m.patch new file mode 100644 index 00000000000..f582e1e267a --- /dev/null +++ b/queue-4.4/scsi-mac_scsi-fix-mac_scsi-m-option-when-scsi-m.patch @@ -0,0 +1,32 @@ +From 2559a1ef688f933835912c731bed2254146a9b04 Mon Sep 17 00:00:00 2001 +From: Finn Thain +Date: Thu, 23 Feb 2017 09:08:02 +1100 +Subject: scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m + +From: Finn Thain + +commit 2559a1ef688f933835912c731bed2254146a9b04 upstream. + +The mac_scsi driver still gets disabled when SCSI=m. This should have +been fixed back when I enabled the tristate but I didn't see the bug. + +Fixes: 6e9ae6d560e1 ("[PATCH] mac_scsi: Add module option to Kconfig") +Signed-off-by: Finn Thain +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/Kconfig ++++ b/drivers/scsi/Kconfig +@@ -1637,7 +1637,7 @@ config ATARI_SCSI_RESET_BOOT + + config MAC_SCSI + tristate "Macintosh NCR5380 SCSI" +- depends on MAC && SCSI=y ++ depends on MAC && SCSI + select SCSI_SPI_ATTRS + help + This is the NCR 5380 SCSI controller included on most of the 68030 diff --git a/queue-4.4/scsi-scsi_dh_emc-return-success-in-clariion_std_inquiry.patch b/queue-4.4/scsi-scsi_dh_emc-return-success-in-clariion_std_inquiry.patch new file mode 100644 index 00000000000..98160d9efdd --- /dev/null +++ b/queue-4.4/scsi-scsi_dh_emc-return-success-in-clariion_std_inquiry.patch @@ -0,0 +1,32 @@ +From 4d7d39a18b8b81511f0b893b7d2203790bf8a58b Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Tue, 21 Feb 2017 21:46:37 +0300 +Subject: scsi: scsi_dh_emc: return success in clariion_std_inquiry() + +From: Dan Carpenter + +commit 4d7d39a18b8b81511f0b893b7d2203790bf8a58b upstream. + +We accidentally return an uninitialized variable on success. + +Fixes: b6ff1b14cdf4 ("[SCSI] scsi_dh: Update EMC handler") +Signed-off-by: Dan Carpenter +Reviewed-by: Hannes Reinecke +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/device_handler/scsi_dh_emc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/device_handler/scsi_dh_emc.c ++++ b/drivers/scsi/device_handler/scsi_dh_emc.c +@@ -456,7 +456,7 @@ static int clariion_prep_fn(struct scsi_ + static int clariion_std_inquiry(struct scsi_device *sdev, + struct clariion_dh_data *csdev) + { +- int err; ++ int err = SCSI_DH_OK; + char *sp_model; + + err = send_inquiry_cmd(sdev, 0, csdev); diff --git a/queue-4.4/serial-8250_omap-fix-probe-and-remove-for-pm-runtime.patch b/queue-4.4/serial-8250_omap-fix-probe-and-remove-for-pm-runtime.patch new file mode 100644 index 00000000000..6f2b30d8374 --- /dev/null +++ b/queue-4.4/serial-8250_omap-fix-probe-and-remove-for-pm-runtime.patch @@ -0,0 +1,59 @@ +From 4e0f5cc65098ea32a1e77baae74215b9bd5276b1 Mon Sep 17 00:00:00 2001 +From: Tony Lindgren +Date: Fri, 20 Jan 2017 12:22:31 -0800 +Subject: serial: 8250_omap: Fix probe and remove for PM runtime + +From: Tony Lindgren + +commit 4e0f5cc65098ea32a1e77baae74215b9bd5276b1 upstream. + +Otherwise the interconnect related code implementing PM runtime will +produce these errors on a failed probe: + +omap_uart 48066000.serial: omap_device: omap_device_enable() called from invalid state 1 +omap_uart 48066000.serial: use pm_runtime_put_sync_suspend() in driver? + +Note that we now also need to check for priv in omap8250_runtime_suspend() +as it has not yet been registered if probe fails. And we need to use +pm_runtime_put_sync() to properly idle the device like we already do +in omap8250_remove(). + +Fixes: 61929cf0169d ("tty: serial: Add 8250-core based omap driver") +Signed-off-by: Tony Lindgren +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/tty/serial/8250/8250_omap.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/drivers/tty/serial/8250/8250_omap.c ++++ b/drivers/tty/serial/8250/8250_omap.c +@@ -1235,7 +1235,8 @@ static int omap8250_probe(struct platfor + pm_runtime_put_autosuspend(&pdev->dev); + return 0; + err: +- pm_runtime_put(&pdev->dev); ++ pm_runtime_dont_use_autosuspend(&pdev->dev); ++ pm_runtime_put_sync(&pdev->dev); + pm_runtime_disable(&pdev->dev); + return ret; + } +@@ -1244,6 +1245,7 @@ static int omap8250_remove(struct platfo + { + struct omap8250_priv *priv = platform_get_drvdata(pdev); + ++ pm_runtime_dont_use_autosuspend(&pdev->dev); + pm_runtime_put_sync(&pdev->dev); + pm_runtime_disable(&pdev->dev); + serial8250_unregister_port(priv->line); +@@ -1343,6 +1345,10 @@ static int omap8250_runtime_suspend(stru + struct omap8250_priv *priv = dev_get_drvdata(dev); + struct uart_8250_port *up; + ++ /* In case runtime-pm tries this before we are setup */ ++ if (!priv) ++ return 0; ++ + up = serial8250_get_port(priv->line); + /* + * When using 'no_console_suspend', the console UART must not be diff --git a/queue-4.4/series b/queue-4.4/series index 206ed5f901d..3b96477fe51 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1 +1,44 @@ 9p-fix-a-potential-acl-leak.patch +arm-8452-3-pj4-make-coprocessor-access-sequences-buildable-in-thumb2-mode.patch +cpupower-fix-turbo-frequency-reporting-for-pre-sandy-bridge-cores.patch +powerpc-powernv-fix-opal_exit-tracepoint-opcode.patch +power-supply-bq24190_charger-fix-irq-trigger-to-irqf_trigger_falling.patch +power-supply-bq24190_charger-call-set_mode_host-on-pm_resume.patch +power-supply-bq24190_charger-install-irq_handler_thread-at-end-of-probe.patch +power-supply-bq24190_charger-call-power_supply_changed-for-relevant-component.patch +power-supply-bq24190_charger-don-t-read-fault-register-outside-irq_handle_thread.patch +power-supply-bq24190_charger-handle-fault-before-status-on-interrupt.patch +leds-ktd2692-avoid-harmless-maybe-uninitialized-warning.patch +arm-omap5-dra7-fix-hyp-mode-boot-for-thumb2-build.patch +mwifiex-debugfs-fix-sometimes-off-by-1-ssid-print.patch +mwifiex-remove-redundant-dma-padding-in-amsdu.patch +mwifiex-avoid-skipping-wep-key-deletion-for-ap.patch +iwlwifi-pcie-trans-remove-unused-shift_param.patch +x86-ioapic-restore-io-apic-irq_chip-retrigger-callback.patch +x86-pci-calgary-fix-iommu_free-comparison-of-unsigned-expression-0.patch +clk-make-x86-conditional-on-config_common_clk.patch +kprobes-x86-fix-kernel-panic-when-certain-exception-handling-addresses-are-probed.patch +x86-platform-intel-mid-correct-msi-irq-line-for-watchdog-device.patch +revert-kvm-nested-vmx-disable-perf-cpuid-reporting.patch +kvm-nvmx-initialize-pml-fields-in-vmcs02.patch +kvm-nvmx-do-not-leak-pml-full-vmexit-to-l1.patch +usb-host-ehci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch +usb-host-ohci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch +usb-chipidea-only-read-write-otgsc-from-one-place.patch +usb-chipidea-handle-extcon-events-properly.patch +usb-serial-keyspan_pda-fix-receive-sanity-checks.patch +usb-serial-digi_acceleport-fix-incomplete-rx-sanity-check.patch +usb-serial-ssu100-fix-control-message-error-handling.patch +usb-serial-io_edgeport-fix-epic-descriptor-handling.patch +usb-serial-ti_usb_3410_5052-fix-control-message-error-handling.patch +usb-serial-ark3116-fix-open-error-handling.patch +usb-serial-ftdi_sio-fix-latency-timer-error-handling.patch +usb-serial-quatech2-fix-control-message-error-handling.patch +usb-serial-mct_u232-fix-modem-status-error-handling.patch +usb-serial-io_edgeport-fix-descriptor-error-handling.patch +usb-serial-sierra-fix-bogus-alternate-setting-assumption.patch +phy-qcom-usb-hs-add-depends-on-extcon.patch +serial-8250_omap-fix-probe-and-remove-for-pm-runtime.patch +scsi-mac_scsi-fix-mac_scsi-m-option-when-scsi-m.patch +scsi-scsi_dh_emc-return-success-in-clariion_std_inquiry.patch +mips-r2-on-r6-multu-maddu-msubu-emulation-bugfix.patch diff --git a/queue-4.4/usb-chipidea-handle-extcon-events-properly.patch b/queue-4.4/usb-chipidea-handle-extcon-events-properly.patch new file mode 100644 index 00000000000..b84816b8e13 --- /dev/null +++ b/queue-4.4/usb-chipidea-handle-extcon-events-properly.patch @@ -0,0 +1,128 @@ +From a89b94b53371bbfa582787c2fa3378000ea4263d Mon Sep 17 00:00:00 2001 +From: Stephen Boyd +Date: Wed, 28 Dec 2016 14:56:51 -0800 +Subject: usb: chipidea: Handle extcon events properly + +From: Stephen Boyd + +commit a89b94b53371bbfa582787c2fa3378000ea4263d upstream. + +We're currently emulating the vbus and id interrupts in the OTGSC +read API, but we also need to make sure that if we're handling +the events with extcon that we don't enable the interrupts for +those events in the hardware. Therefore, properly emulate this +register if we're using extcon, but don't enable the interrupts. +This allows me to get my cable connect/disconnect working +properly without getting spurious interrupts on my device that +uses an extcon for these two events. + +Acked-by: Peter Chen +Cc: Greg Kroah-Hartman +Cc: "Ivan T. Ivanov" +Fixes: 3ecb3e09b042 ("usb: chipidea: Use extcon framework for VBUS and ID detect") +Signed-off-by: Stephen Boyd +Signed-off-by: Peter Chen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/chipidea/otg.c | 46 ++++++++++++++++++++++++++++++++++++++----- + include/linux/usb/chipidea.h | 2 + + 2 files changed, 43 insertions(+), 5 deletions(-) + +--- a/drivers/usb/chipidea/otg.c ++++ b/drivers/usb/chipidea/otg.c +@@ -44,12 +44,15 @@ u32 hw_read_otgsc(struct ci_hdrc *ci, u3 + else + val &= ~OTGSC_BSVIS; + +- cable->changed = false; +- + if (cable->state) + val |= OTGSC_BSV; + else + val &= ~OTGSC_BSV; ++ ++ if (cable->enabled) ++ val |= OTGSC_BSVIE; ++ else ++ val &= ~OTGSC_BSVIE; + } + + cable = &ci->platdata->id_extcon; +@@ -59,15 +62,18 @@ u32 hw_read_otgsc(struct ci_hdrc *ci, u3 + else + val &= ~OTGSC_IDIS; + +- cable->changed = false; +- + if (cable->state) + val |= OTGSC_ID; + else + val &= ~OTGSC_ID; ++ ++ if (cable->enabled) ++ val |= OTGSC_IDIE; ++ else ++ val &= ~OTGSC_IDIE; + } + +- return val; ++ return val & mask; + } + + /** +@@ -77,6 +83,36 @@ u32 hw_read_otgsc(struct ci_hdrc *ci, u3 + */ + void hw_write_otgsc(struct ci_hdrc *ci, u32 mask, u32 data) + { ++ struct ci_hdrc_cable *cable; ++ ++ cable = &ci->platdata->vbus_extcon; ++ if (!IS_ERR(cable->edev)) { ++ if (data & mask & OTGSC_BSVIS) ++ cable->changed = false; ++ ++ /* Don't enable vbus interrupt if using external notifier */ ++ if (data & mask & OTGSC_BSVIE) { ++ cable->enabled = true; ++ data &= ~OTGSC_BSVIE; ++ } else if (mask & OTGSC_BSVIE) { ++ cable->enabled = false; ++ } ++ } ++ ++ cable = &ci->platdata->id_extcon; ++ if (!IS_ERR(cable->edev)) { ++ if (data & mask & OTGSC_IDIS) ++ cable->changed = false; ++ ++ /* Don't enable id interrupt if using external notifier */ ++ if (data & mask & OTGSC_IDIE) { ++ cable->enabled = true; ++ data &= ~OTGSC_IDIE; ++ } else if (mask & OTGSC_IDIE) { ++ cable->enabled = false; ++ } ++ } ++ + hw_write(ci, OP_OTGSC, mask | OTGSC_INT_STATUS_BITS, data); + } + +--- a/include/linux/usb/chipidea.h ++++ b/include/linux/usb/chipidea.h +@@ -14,6 +14,7 @@ struct ci_hdrc; + * struct ci_hdrc_cable - structure for external connector cable state tracking + * @state: current state of the line + * @changed: set to true when extcon event happen ++ * @enabled: set to true if we've enabled the vbus or id interrupt + * @edev: device which generate events + * @ci: driver state of the chipidea device + * @nb: hold event notification callback +@@ -22,6 +23,7 @@ struct ci_hdrc; + struct ci_hdrc_cable { + bool state; + bool changed; ++ bool enabled; + struct extcon_dev *edev; + struct ci_hdrc *ci; + struct notifier_block nb; diff --git a/queue-4.4/usb-chipidea-only-read-write-otgsc-from-one-place.patch b/queue-4.4/usb-chipidea-only-read-write-otgsc-from-one-place.patch new file mode 100644 index 00000000000..8de8e914700 --- /dev/null +++ b/queue-4.4/usb-chipidea-only-read-write-otgsc-from-one-place.patch @@ -0,0 +1,134 @@ +From f60f8ccd54e03c1afafb2b20ceb029a0eaf7a134 Mon Sep 17 00:00:00 2001 +From: Stephen Boyd +Date: Wed, 28 Dec 2016 14:56:50 -0800 +Subject: usb: chipidea: Only read/write OTGSC from one place + +From: Stephen Boyd + +commit f60f8ccd54e03c1afafb2b20ceb029a0eaf7a134 upstream. + +With the id and vbus detection done via extcon we need to make +sure we poll the status of OTGSC properly by considering what the +extcon is saying, and not just what the register is saying. Let's +move this hw_wait_reg() function to the only place it's used and +simplify it for polling the OTGSC register. Then we can make +certain we only use the hw_read_otgsc() API to read OTGSC, which +will make sure we properly handle extcon events. + +Acked-by: Peter Chen +Cc: Greg Kroah-Hartman +Cc: "Ivan T. Ivanov" +Fixes: 3ecb3e09b042 ("usb: chipidea: Use extcon framework for VBUS and ID detect") +Signed-off-by: Stephen Boyd +Signed-off-by: Peter Chen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/chipidea/ci.h | 3 --- + drivers/usb/chipidea/core.c | 32 -------------------------------- + drivers/usb/chipidea/otg.c | 34 ++++++++++++++++++++++++++++++---- + 3 files changed, 30 insertions(+), 39 deletions(-) + +--- a/drivers/usb/chipidea/ci.h ++++ b/drivers/usb/chipidea/ci.h +@@ -428,9 +428,6 @@ int hw_port_test_set(struct ci_hdrc *ci, + + u8 hw_port_test_get(struct ci_hdrc *ci); + +-int hw_wait_reg(struct ci_hdrc *ci, enum ci_hw_regs reg, u32 mask, +- u32 value, unsigned int timeout_ms); +- + void ci_platform_configure(struct ci_hdrc *ci); + + #endif /* __DRIVERS_USB_CHIPIDEA_CI_H */ +--- a/drivers/usb/chipidea/core.c ++++ b/drivers/usb/chipidea/core.c +@@ -518,38 +518,6 @@ int hw_device_reset(struct ci_hdrc *ci) + return 0; + } + +-/** +- * hw_wait_reg: wait the register value +- * +- * Sometimes, it needs to wait register value before going on. +- * Eg, when switch to device mode, the vbus value should be lower +- * than OTGSC_BSV before connects to host. +- * +- * @ci: the controller +- * @reg: register index +- * @mask: mast bit +- * @value: the bit value to wait +- * @timeout_ms: timeout in millisecond +- * +- * This function returns an error code if timeout +- */ +-int hw_wait_reg(struct ci_hdrc *ci, enum ci_hw_regs reg, u32 mask, +- u32 value, unsigned int timeout_ms) +-{ +- unsigned long elapse = jiffies + msecs_to_jiffies(timeout_ms); +- +- while (hw_read(ci, reg, mask) != value) { +- if (time_after(jiffies, elapse)) { +- dev_err(ci->dev, "timeout waiting for %08x in %d\n", +- mask, reg); +- return -ETIMEDOUT; +- } +- msleep(20); +- } +- +- return 0; +-} +- + static irqreturn_t ci_irq(int irq, void *data) + { + struct ci_hdrc *ci = data; +--- a/drivers/usb/chipidea/otg.c ++++ b/drivers/usb/chipidea/otg.c +@@ -104,7 +104,31 @@ void ci_handle_vbus_change(struct ci_hdr + usb_gadget_vbus_disconnect(&ci->gadget); + } + +-#define CI_VBUS_STABLE_TIMEOUT_MS 5000 ++/** ++ * When we switch to device mode, the vbus value should be lower ++ * than OTGSC_BSV before connecting to host. ++ * ++ * @ci: the controller ++ * ++ * This function returns an error code if timeout ++ */ ++static int hw_wait_vbus_lower_bsv(struct ci_hdrc *ci) ++{ ++ unsigned long elapse = jiffies + msecs_to_jiffies(5000); ++ u32 mask = OTGSC_BSV; ++ ++ while (hw_read_otgsc(ci, mask)) { ++ if (time_after(jiffies, elapse)) { ++ dev_err(ci->dev, "timeout waiting for %08x in OTGSC\n", ++ mask); ++ return -ETIMEDOUT; ++ } ++ msleep(20); ++ } ++ ++ return 0; ++} ++ + static void ci_handle_id_switch(struct ci_hdrc *ci) + { + enum ci_role role = ci_otg_role(ci); +@@ -116,9 +140,11 @@ static void ci_handle_id_switch(struct c + ci_role_stop(ci); + + if (role == CI_ROLE_GADGET) +- /* wait vbus lower than OTGSC_BSV */ +- hw_wait_reg(ci, OP_OTGSC, OTGSC_BSV, 0, +- CI_VBUS_STABLE_TIMEOUT_MS); ++ /* ++ * wait vbus lower than OTGSC_BSV before connecting ++ * to host ++ */ ++ hw_wait_vbus_lower_bsv(ci); + + ci_role_start(ci, role); + } diff --git a/queue-4.4/usb-host-ehci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch b/queue-4.4/usb-host-ehci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch new file mode 100644 index 00000000000..dd7efbf69ed --- /dev/null +++ b/queue-4.4/usb-host-ehci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch @@ -0,0 +1,38 @@ +From 3f6026b1dcb3c8ee71198c485a72ac674c6890dd Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Sat, 7 Jan 2017 10:41:40 +0200 +Subject: usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths + +From: Krzysztof Kozlowski + +commit 3f6026b1dcb3c8ee71198c485a72ac674c6890dd upstream. + +Returning from for_each_available_child_of_node() loop requires cleaning +up node refcount. Error paths lacked it so for example in case of +deferred probe, the refcount of phy node was left increased. + +Fixes: 6d40500ac9b6 ("usb: ehci/ohci-exynos: Fix of_node_put() for child when getting PHYs") +Signed-off-by: Krzysztof Kozlowski +Acked-by: Alan Stern +Reviewed-by: Javier Martinez Canillas +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/host/ehci-exynos.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/usb/host/ehci-exynos.c ++++ b/drivers/usb/host/ehci-exynos.c +@@ -77,10 +77,12 @@ static int exynos_ehci_get_phy(struct de + if (IS_ERR(phy)) { + ret = PTR_ERR(phy); + if (ret == -EPROBE_DEFER) { ++ of_node_put(child); + return ret; + } else if (ret != -ENOSYS && ret != -ENODEV) { + dev_err(dev, + "Error retrieving usb2 phy: %d\n", ret); ++ of_node_put(child); + return ret; + } + } diff --git a/queue-4.4/usb-host-ohci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch b/queue-4.4/usb-host-ohci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch new file mode 100644 index 00000000000..8766bcd6242 --- /dev/null +++ b/queue-4.4/usb-host-ohci-exynos-decrese-node-refcount-on-exynos_ehci_get_phy-error-paths.patch @@ -0,0 +1,38 @@ +From 68bd6fc3cfa98ef253e17307ccafd8ef907b5556 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Sat, 7 Jan 2017 10:41:41 +0200 +Subject: usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() error paths + +From: Krzysztof Kozlowski + +commit 68bd6fc3cfa98ef253e17307ccafd8ef907b5556 upstream. + +Returning from for_each_available_child_of_node() loop requires cleaning +up node refcount. Error paths lacked it so for example in case of +deferred probe, the refcount of phy node was left increased. + +Fixes: 6d40500ac9b6 ("usb: ehci/ohci-exynos: Fix of_node_put() for child when getting PHYs") +Signed-off-by: Krzysztof Kozlowski +Acked-by: Alan Stern +Reviewed-by: Javier Martinez Canillas +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/host/ohci-exynos.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/usb/host/ohci-exynos.c ++++ b/drivers/usb/host/ohci-exynos.c +@@ -66,10 +66,12 @@ static int exynos_ohci_get_phy(struct de + if (IS_ERR(phy)) { + ret = PTR_ERR(phy); + if (ret == -EPROBE_DEFER) { ++ of_node_put(child); + return ret; + } else if (ret != -ENOSYS && ret != -ENODEV) { + dev_err(dev, + "Error retrieving usb2 phy: %d\n", ret); ++ of_node_put(child); + return ret; + } + } diff --git a/queue-4.4/usb-serial-ark3116-fix-open-error-handling.patch b/queue-4.4/usb-serial-ark3116-fix-open-error-handling.patch new file mode 100644 index 00000000000..e651aed5c40 --- /dev/null +++ b/queue-4.4/usb-serial-ark3116-fix-open-error-handling.patch @@ -0,0 +1,81 @@ +From b631433b175f1002a31020e09bbfc2e5caecf290 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 12 Jan 2017 14:56:10 +0100 +Subject: USB: serial: ark3116: fix open error handling + +From: Johan Hovold + +commit b631433b175f1002a31020e09bbfc2e5caecf290 upstream. + +Fix open error handling which failed to detect errors when reading the +MSR and LSR registers, something which could lead to the shadow +registers being initialised from errnos. + +Note that calling the generic close implementation is sufficient in the +error paths as the interrupt urb has not yet been submitted and the +register updates have not been made. + +Fixes: f4c1e8d597d1 ("USB: ark3116: Make existing functions 16450-aware +and add close and release functions.") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/ark3116.c | 25 +++++++++++++++++++------ + 1 file changed, 19 insertions(+), 6 deletions(-) + +--- a/drivers/usb/serial/ark3116.c ++++ b/drivers/usb/serial/ark3116.c +@@ -373,23 +373,29 @@ static int ark3116_open(struct tty_struc + dev_dbg(&port->dev, + "%s - usb_serial_generic_open failed: %d\n", + __func__, result); +- goto err_out; ++ goto err_free; + } + + /* remove any data still left: also clears error state */ + ark3116_read_reg(serial, UART_RX, buf); + + /* read modem status */ +- priv->msr = ark3116_read_reg(serial, UART_MSR, buf); ++ result = ark3116_read_reg(serial, UART_MSR, buf); ++ if (result < 0) ++ goto err_close; ++ priv->msr = *buf; ++ + /* read line status */ +- priv->lsr = ark3116_read_reg(serial, UART_LSR, buf); ++ result = ark3116_read_reg(serial, UART_LSR, buf); ++ if (result < 0) ++ goto err_close; ++ priv->lsr = *buf; + + result = usb_submit_urb(port->interrupt_in_urb, GFP_KERNEL); + if (result) { + dev_err(&port->dev, "submit irq_in urb failed %d\n", + result); +- ark3116_close(port); +- goto err_out; ++ goto err_close; + } + + /* activate interrupts */ +@@ -402,8 +408,15 @@ static int ark3116_open(struct tty_struc + if (tty) + ark3116_set_termios(tty, port, NULL); + +-err_out: + kfree(buf); ++ ++ return 0; ++ ++err_close: ++ usb_serial_generic_close(port); ++err_free: ++ kfree(buf); ++ + return result; + } + diff --git a/queue-4.4/usb-serial-digi_acceleport-fix-incomplete-rx-sanity-check.patch b/queue-4.4/usb-serial-digi_acceleport-fix-incomplete-rx-sanity-check.patch new file mode 100644 index 00000000000..91c641abde0 --- /dev/null +++ b/queue-4.4/usb-serial-digi_acceleport-fix-incomplete-rx-sanity-check.patch @@ -0,0 +1,81 @@ +From 1b0aed2b1600f6e5c7b9acfbd610a4e351ef5232 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Tue, 31 Jan 2017 17:17:28 +0100 +Subject: USB: serial: digi_acceleport: fix incomplete rx sanity check + +From: Johan Hovold + +commit 1b0aed2b1600f6e5c7b9acfbd610a4e351ef5232 upstream. + +Make sure the received data has the required headers before parsing it. + +Also drop the redundant urb-status check, which has already been handled +by the caller. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/digi_acceleport.c | 38 +++++++++++++++++++++-------------- + 1 file changed, 23 insertions(+), 15 deletions(-) + +--- a/drivers/usb/serial/digi_acceleport.c ++++ b/drivers/usb/serial/digi_acceleport.c +@@ -1399,25 +1399,30 @@ static int digi_read_inb_callback(struct + { + struct usb_serial_port *port = urb->context; + struct digi_port *priv = usb_get_serial_port_data(port); +- int opcode = ((unsigned char *)urb->transfer_buffer)[0]; +- int len = ((unsigned char *)urb->transfer_buffer)[1]; +- int port_status = ((unsigned char *)urb->transfer_buffer)[2]; +- unsigned char *data = ((unsigned char *)urb->transfer_buffer) + 3; ++ unsigned char *buf = urb->transfer_buffer; ++ int opcode; ++ int len; ++ int port_status; ++ unsigned char *data; + int flag, throttled; +- int status = urb->status; +- +- /* do not process callbacks on closed ports */ +- /* but do continue the read chain */ +- if (urb->status == -ENOENT) +- return 0; + + /* short/multiple packet check */ ++ if (urb->actual_length < 2) { ++ dev_warn(&port->dev, "short packet received\n"); ++ return -1; ++ } ++ ++ opcode = buf[0]; ++ len = buf[1]; ++ + if (urb->actual_length != len + 2) { +- dev_err(&port->dev, "%s: INCOMPLETE OR MULTIPLE PACKET, " +- "status=%d, port=%d, opcode=%d, len=%d, " +- "actual_length=%d, status=%d\n", __func__, status, +- priv->dp_port_num, opcode, len, urb->actual_length, +- port_status); ++ dev_err(&port->dev, "malformed packet received: port=%d, opcode=%d, len=%d, actual_length=%u\n", ++ priv->dp_port_num, opcode, len, urb->actual_length); ++ return -1; ++ } ++ ++ if (opcode == DIGI_CMD_RECEIVE_DATA && len < 1) { ++ dev_err(&port->dev, "malformed data packet received\n"); + return -1; + } + +@@ -1431,6 +1436,9 @@ static int digi_read_inb_callback(struct + + /* receive data */ + if (opcode == DIGI_CMD_RECEIVE_DATA) { ++ port_status = buf[2]; ++ data = &buf[3]; ++ + /* get flag from port_status */ + flag = 0; + diff --git a/queue-4.4/usb-serial-ftdi_sio-fix-latency-timer-error-handling.patch b/queue-4.4/usb-serial-ftdi_sio-fix-latency-timer-error-handling.patch new file mode 100644 index 00000000000..feda28664b1 --- /dev/null +++ b/queue-4.4/usb-serial-ftdi_sio-fix-latency-timer-error-handling.patch @@ -0,0 +1,42 @@ +From e3e574ad85a208cb179f33720bb5f12b453de33c Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 12 Jan 2017 14:56:12 +0100 +Subject: USB: serial: ftdi_sio: fix latency-timer error handling + +From: Johan Hovold + +commit e3e574ad85a208cb179f33720bb5f12b453de33c upstream. + +Make sure to detect short responses when reading the latency timer to +avoid using stale buffer data. + +Note that no heap data would currently leak through sysfs as +ASYNC_LOW_LATENCY is set by default. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/ftdi_sio.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -1439,10 +1439,13 @@ static int read_latency_timer(struct usb + FTDI_SIO_GET_LATENCY_TIMER_REQUEST_TYPE, + 0, priv->interface, + buf, 1, WDR_TIMEOUT); +- if (rv < 0) ++ if (rv < 1) { + dev_err(&port->dev, "Unable to read latency timer: %i\n", rv); +- else ++ if (rv >= 0) ++ rv = -EIO; ++ } else { + priv->latency = buf[0]; ++ } + + kfree(buf); + diff --git a/queue-4.4/usb-serial-io_edgeport-fix-descriptor-error-handling.patch b/queue-4.4/usb-serial-io_edgeport-fix-descriptor-error-handling.patch new file mode 100644 index 00000000000..03784a75161 --- /dev/null +++ b/queue-4.4/usb-serial-io_edgeport-fix-descriptor-error-handling.patch @@ -0,0 +1,83 @@ +From 3c0e25d883d06a1fbd1ad35257e8abaa57befb37 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 12 Jan 2017 14:56:14 +0100 +Subject: USB: serial: io_edgeport: fix descriptor error handling + +From: Johan Hovold + +commit 3c0e25d883d06a1fbd1ad35257e8abaa57befb37 upstream. + +Make sure to detect short control-message transfers and log an error +when reading incomplete manufacturer and boot descriptors. + +Note that the default all-zero descriptors will now be used after a +short transfer is detected instead of partially initialised ones. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/io_edgeport.c | 24 +++++++++++++++--------- + 1 file changed, 15 insertions(+), 9 deletions(-) + +--- a/drivers/usb/serial/io_edgeport.c ++++ b/drivers/usb/serial/io_edgeport.c +@@ -2109,8 +2109,7 @@ static int rom_write(struct usb_serial * + * rom_read + * reads a number of bytes from the Edgeport device starting at the given + * address. +- * If successful returns the number of bytes read, otherwise it returns +- * a negative error number of the problem. ++ * Returns zero on success or a negative error number. + ****************************************************************************/ + static int rom_read(struct usb_serial *serial, __u16 extAddr, + __u16 addr, __u16 length, __u8 *data) +@@ -2135,12 +2134,17 @@ static int rom_read(struct usb_serial *s + USB_REQUEST_ION_READ_ROM, + 0xC0, addr, extAddr, transfer_buffer, + current_length, 300); +- if (result < 0) ++ if (result < current_length) { ++ if (result >= 0) ++ result = -EIO; + break; ++ } + memcpy(data, transfer_buffer, current_length); + length -= current_length; + addr += current_length; + data += current_length; ++ ++ result = 0; + } + + kfree(transfer_buffer); +@@ -2597,9 +2601,10 @@ static void get_manufacturing_desc(struc + EDGE_MANUF_DESC_LEN, + (__u8 *)(&edge_serial->manuf_descriptor)); + +- if (response < 1) +- dev_err(dev, "error in getting manufacturer descriptor\n"); +- else { ++ if (response < 0) { ++ dev_err(dev, "error in getting manufacturer descriptor: %d\n", ++ response); ++ } else { + char string[30]; + dev_dbg(dev, "**Manufacturer Descriptor\n"); + dev_dbg(dev, " RomSize: %dK\n", +@@ -2656,9 +2661,10 @@ static void get_boot_desc(struct edgepor + EDGE_BOOT_DESC_LEN, + (__u8 *)(&edge_serial->boot_descriptor)); + +- if (response < 1) +- dev_err(dev, "error in getting boot descriptor\n"); +- else { ++ if (response < 0) { ++ dev_err(dev, "error in getting boot descriptor: %d\n", ++ response); ++ } else { + dev_dbg(dev, "**Boot Descriptor:\n"); + dev_dbg(dev, " BootCodeLength: %d\n", + le16_to_cpu(edge_serial->boot_descriptor.BootCodeLength)); diff --git a/queue-4.4/usb-serial-io_edgeport-fix-epic-descriptor-handling.patch b/queue-4.4/usb-serial-io_edgeport-fix-epic-descriptor-handling.patch new file mode 100644 index 00000000000..018c2f2bf72 --- /dev/null +++ b/queue-4.4/usb-serial-io_edgeport-fix-epic-descriptor-handling.patch @@ -0,0 +1,79 @@ +From e4457d9798adb96272468e93da663de9bd0a4198 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 12 Jan 2017 14:56:13 +0100 +Subject: USB: serial: io_edgeport: fix epic-descriptor handling + +From: Johan Hovold + +commit e4457d9798adb96272468e93da663de9bd0a4198 upstream. + +Use a dedicated buffer for the DMA transfer and make sure to detect +short transfers to avoid parsing a corrupt descriptor. + +Fixes: 6e8cf7751f9f ("USB: add EPIC support to the io_edgeport driver") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/io_edgeport.c | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +--- a/drivers/usb/serial/io_edgeport.c ++++ b/drivers/usb/serial/io_edgeport.c +@@ -492,20 +492,24 @@ static int get_epic_descriptor(struct ed + int result; + struct usb_serial *serial = ep->serial; + struct edgeport_product_info *product_info = &ep->product_info; +- struct edge_compatibility_descriptor *epic = &ep->epic_descriptor; ++ struct edge_compatibility_descriptor *epic; + struct edge_compatibility_bits *bits; + struct device *dev = &serial->dev->dev; + + ep->is_epic = 0; ++ ++ epic = kmalloc(sizeof(*epic), GFP_KERNEL); ++ if (!epic) ++ return -ENOMEM; ++ + result = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0), + USB_REQUEST_ION_GET_EPIC_DESC, + 0xC0, 0x00, 0x00, +- &ep->epic_descriptor, +- sizeof(struct edge_compatibility_descriptor), ++ epic, sizeof(*epic), + 300); +- +- if (result > 0) { ++ if (result == sizeof(*epic)) { + ep->is_epic = 1; ++ memcpy(&ep->epic_descriptor, epic, sizeof(*epic)); + memset(product_info, 0, sizeof(struct edgeport_product_info)); + + product_info->NumPorts = epic->NumPorts; +@@ -534,8 +538,16 @@ static int get_epic_descriptor(struct ed + dev_dbg(dev, " IOSPWriteLCR : %s\n", bits->IOSPWriteLCR ? "TRUE": "FALSE"); + dev_dbg(dev, " IOSPSetBaudRate : %s\n", bits->IOSPSetBaudRate ? "TRUE": "FALSE"); + dev_dbg(dev, " TrueEdgeport : %s\n", bits->TrueEdgeport ? "TRUE": "FALSE"); ++ ++ result = 0; ++ } else if (result >= 0) { ++ dev_warn(&serial->interface->dev, "short epic descriptor received: %d\n", ++ result); ++ result = -EIO; + } + ++ kfree(epic); ++ + return result; + } + +@@ -2789,7 +2801,7 @@ static int edge_startup(struct usb_seria + dev_info(&serial->dev->dev, "%s detected\n", edge_serial->name); + + /* Read the epic descriptor */ +- if (get_epic_descriptor(edge_serial) <= 0) { ++ if (get_epic_descriptor(edge_serial) < 0) { + /* memcpy descriptor to Supports structures */ + memcpy(&edge_serial->epic_descriptor.Supports, descriptor, + sizeof(struct edge_compatibility_bits)); diff --git a/queue-4.4/usb-serial-keyspan_pda-fix-receive-sanity-checks.patch b/queue-4.4/usb-serial-keyspan_pda-fix-receive-sanity-checks.patch new file mode 100644 index 00000000000..6c3124e70be --- /dev/null +++ b/queue-4.4/usb-serial-keyspan_pda-fix-receive-sanity-checks.patch @@ -0,0 +1,63 @@ +From c528fcb116e61afc379a2e0a0f70906b937f1e2c Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Tue, 31 Jan 2017 17:17:29 +0100 +Subject: USB: serial: keyspan_pda: fix receive sanity checks + +From: Johan Hovold + +commit c528fcb116e61afc379a2e0a0f70906b937f1e2c upstream. + +Make sure to check for short transfers before parsing the receive buffer +to avoid acting on stale data. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/keyspan_pda.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +--- a/drivers/usb/serial/keyspan_pda.c ++++ b/drivers/usb/serial/keyspan_pda.c +@@ -139,6 +139,7 @@ static void keyspan_pda_rx_interrupt(str + { + struct usb_serial_port *port = urb->context; + unsigned char *data = urb->transfer_buffer; ++ unsigned int len = urb->actual_length; + int retval; + int status = urb->status; + struct keyspan_pda_private *priv; +@@ -159,18 +160,26 @@ static void keyspan_pda_rx_interrupt(str + goto exit; + } + ++ if (len < 1) { ++ dev_warn(&port->dev, "short message received\n"); ++ goto exit; ++ } ++ + /* see if the message is data or a status interrupt */ + switch (data[0]) { + case 0: + /* rest of message is rx data */ +- if (urb->actual_length) { +- tty_insert_flip_string(&port->port, data + 1, +- urb->actual_length - 1); +- tty_flip_buffer_push(&port->port); +- } ++ if (len < 2) ++ break; ++ tty_insert_flip_string(&port->port, data + 1, len - 1); ++ tty_flip_buffer_push(&port->port); + break; + case 1: + /* status interrupt */ ++ if (len < 3) { ++ dev_warn(&port->dev, "short interrupt message received\n"); ++ break; ++ } + dev_dbg(&port->dev, "rx int, d1=%d, d2=%d\n", data[1], data[2]); + switch (data[1]) { + case 1: /* modemline change */ diff --git a/queue-4.4/usb-serial-mct_u232-fix-modem-status-error-handling.patch b/queue-4.4/usb-serial-mct_u232-fix-modem-status-error-handling.patch new file mode 100644 index 00000000000..9cd4de3191b --- /dev/null +++ b/queue-4.4/usb-serial-mct_u232-fix-modem-status-error-handling.patch @@ -0,0 +1,41 @@ +From 36356a669eddb32917fc4b5c2b9b8bf80ede69de Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 12 Jan 2017 14:56:16 +0100 +Subject: USB: serial: mct_u232: fix modem-status error handling + +From: Johan Hovold + +commit 36356a669eddb32917fc4b5c2b9b8bf80ede69de upstream. + +Make sure to detect short control-message transfers so that errors are +logged when reading the modem status at open. + +Note that while this also avoids initialising the modem status using +uninitialised heap data, these bits could not leak to user space as they +are currently not used. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/mct_u232.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/usb/serial/mct_u232.c ++++ b/drivers/usb/serial/mct_u232.c +@@ -322,8 +322,12 @@ static int mct_u232_get_modem_stat(struc + MCT_U232_GET_REQUEST_TYPE, + 0, 0, buf, MCT_U232_GET_MODEM_STAT_SIZE, + WDR_TIMEOUT); +- if (rc < 0) { ++ if (rc < MCT_U232_GET_MODEM_STAT_SIZE) { + dev_err(&port->dev, "Get MODEM STATus failed (error = %d)\n", rc); ++ ++ if (rc >= 0) ++ rc = -EIO; ++ + *msr = 0; + } else { + *msr = buf[0]; diff --git a/queue-4.4/usb-serial-quatech2-fix-control-message-error-handling.patch b/queue-4.4/usb-serial-quatech2-fix-control-message-error-handling.patch new file mode 100644 index 00000000000..3426272bdea --- /dev/null +++ b/queue-4.4/usb-serial-quatech2-fix-control-message-error-handling.patch @@ -0,0 +1,75 @@ +From 8c34cb8ddfe808d557b51da983ff10c02793beb2 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 12 Jan 2017 14:56:20 +0100 +Subject: USB: serial: quatech2: fix control-message error handling + +From: Johan Hovold + +commit 8c34cb8ddfe808d557b51da983ff10c02793beb2 upstream. + +Make sure to detect short control-message transfers when fetching +modem and line state in open and when retrieving registers. + +This specifically makes sure that an errno is returned to user space on +errors in TIOCMGET instead of a zero bitmask. + +Also drop the unused getdevice function which also lacked appropriate +error handling. + +Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/quatech2.c | 24 +++++++++++++----------- + 1 file changed, 13 insertions(+), 11 deletions(-) + +--- a/drivers/usb/serial/quatech2.c ++++ b/drivers/usb/serial/quatech2.c +@@ -188,22 +188,22 @@ static inline int qt2_setdevice(struct u + } + + +-static inline int qt2_getdevice(struct usb_device *dev, u8 *data) +-{ +- return usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), +- QT_SET_GET_DEVICE, 0xc0, 0, 0, +- data, 3, QT2_USB_TIMEOUT); +-} +- + static inline int qt2_getregister(struct usb_device *dev, + u8 uart, + u8 reg, + u8 *data) + { +- return usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), +- QT_SET_GET_REGISTER, 0xc0, reg, +- uart, data, sizeof(*data), QT2_USB_TIMEOUT); ++ int ret; + ++ ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ++ QT_SET_GET_REGISTER, 0xc0, reg, ++ uart, data, sizeof(*data), QT2_USB_TIMEOUT); ++ if (ret < sizeof(*data)) { ++ if (ret >= 0) ++ ret = -EIO; ++ } ++ ++ return ret; + } + + static inline int qt2_setregister(struct usb_device *dev, +@@ -372,9 +372,11 @@ static int qt2_open(struct tty_struct *t + 0xc0, 0, + device_port, data, 2, QT2_USB_TIMEOUT); + +- if (status < 0) { ++ if (status < 2) { + dev_err(&port->dev, "%s - open port failed %i\n", __func__, + status); ++ if (status >= 0) ++ status = -EIO; + kfree(data); + return status; + } diff --git a/queue-4.4/usb-serial-sierra-fix-bogus-alternate-setting-assumption.patch b/queue-4.4/usb-serial-sierra-fix-bogus-alternate-setting-assumption.patch new file mode 100644 index 00000000000..c24be33e0d5 --- /dev/null +++ b/queue-4.4/usb-serial-sierra-fix-bogus-alternate-setting-assumption.patch @@ -0,0 +1,91 @@ +From 16620b483eaf7750413bae472f4363b6b959fcaa Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 6 Feb 2017 16:28:14 +0100 +Subject: USB: serial: sierra: fix bogus alternate-setting assumption + +From: Johan Hovold + +commit 16620b483eaf7750413bae472f4363b6b959fcaa upstream. + +Interface numbers do not change when enabling alternate settings as +comment and code in this driver suggested. + +Remove the confusing comment and redundant retrieval of the interface +number in probe, while simplifying and renaming the interface-number +helper. + +Fixes: 4db2299da213 ("sierra: driver interface blacklisting") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/sierra.c | 28 +++++----------------------- + 1 file changed, 5 insertions(+), 23 deletions(-) + +--- a/drivers/usb/serial/sierra.c ++++ b/drivers/usb/serial/sierra.c +@@ -137,24 +137,9 @@ static int is_himemory(const u8 ifnum, + return 0; + } + +-static int sierra_calc_interface(struct usb_serial *serial) ++static u8 sierra_interface_num(struct usb_serial *serial) + { +- int interface; +- struct usb_interface *p_interface; +- struct usb_host_interface *p_host_interface; +- +- /* Get the interface structure pointer from the serial struct */ +- p_interface = serial->interface; +- +- /* Get a pointer to the host interface structure */ +- p_host_interface = p_interface->cur_altsetting; +- +- /* read the interface descriptor for this active altsetting +- * to find out the interface number we are on +- */ +- interface = p_host_interface->desc.bInterfaceNumber; +- +- return interface; ++ return serial->interface->cur_altsetting->desc.bInterfaceNumber; + } + + static int sierra_probe(struct usb_serial *serial, +@@ -165,7 +150,7 @@ static int sierra_probe(struct usb_seria + u8 ifnum; + + udev = serial->dev; +- ifnum = sierra_calc_interface(serial); ++ ifnum = sierra_interface_num(serial); + + /* + * If this interface supports more than 1 alternate +@@ -178,9 +163,6 @@ static int sierra_probe(struct usb_seria + usb_set_interface(udev, ifnum, 1); + } + +- /* ifnum could have changed - by calling usb_set_interface */ +- ifnum = sierra_calc_interface(serial); +- + if (is_blacklisted(ifnum, + (struct sierra_iface_info *)id->driver_info)) { + dev_dbg(&serial->dev->dev, +@@ -342,7 +324,7 @@ static int sierra_send_setup(struct usb_ + + /* If composite device then properly report interface */ + if (serial->num_ports == 1) { +- interface = sierra_calc_interface(serial); ++ interface = sierra_interface_num(serial); + /* Control message is sent only to interfaces with + * interrupt_in endpoints + */ +@@ -916,7 +898,7 @@ static int sierra_port_probe(struct usb_ + /* Determine actual memory requirements */ + if (serial->num_ports == 1) { + /* Get interface number for composite device */ +- ifnum = sierra_calc_interface(serial); ++ ifnum = sierra_interface_num(serial); + himemoryp = &typeB_interface_list; + } else { + /* This is really the usb-serial port number of the interface diff --git a/queue-4.4/usb-serial-ssu100-fix-control-message-error-handling.patch b/queue-4.4/usb-serial-ssu100-fix-control-message-error-handling.patch new file mode 100644 index 00000000000..251e6e4da89 --- /dev/null +++ b/queue-4.4/usb-serial-ssu100-fix-control-message-error-handling.patch @@ -0,0 +1,78 @@ +From 1eac5c244f705182d1552a53e2f74e2775ed95d6 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 12 Jan 2017 14:56:22 +0100 +Subject: USB: serial: ssu100: fix control-message error handling + +From: Johan Hovold + +commit 1eac5c244f705182d1552a53e2f74e2775ed95d6 upstream. + +Make sure to detect short control-message transfers rather than continue +with zero-initialised data when retrieving modem status and during +device initialisation. + +Fixes: 52af95459939 ("USB: add USB serial ssu100 driver") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/ssu100.c | 31 ++++++++++++++++++++++++------- + 1 file changed, 24 insertions(+), 7 deletions(-) + +--- a/drivers/usb/serial/ssu100.c ++++ b/drivers/usb/serial/ssu100.c +@@ -80,9 +80,17 @@ static inline int ssu100_setdevice(struc + + static inline int ssu100_getdevice(struct usb_device *dev, u8 *data) + { +- return usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), +- QT_SET_GET_DEVICE, 0xc0, 0, 0, +- data, 3, 300); ++ int ret; ++ ++ ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ++ QT_SET_GET_DEVICE, 0xc0, 0, 0, ++ data, 3, 300); ++ if (ret < 3) { ++ if (ret >= 0) ++ ret = -EIO; ++ } ++ ++ return ret; + } + + static inline int ssu100_getregister(struct usb_device *dev, +@@ -90,10 +98,17 @@ static inline int ssu100_getregister(str + unsigned short reg, + u8 *data) + { +- return usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), +- QT_SET_GET_REGISTER, 0xc0, reg, +- uart, data, sizeof(*data), 300); ++ int ret; + ++ ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0), ++ QT_SET_GET_REGISTER, 0xc0, reg, ++ uart, data, sizeof(*data), 300); ++ if (ret < sizeof(*data)) { ++ if (ret >= 0) ++ ret = -EIO; ++ } ++ ++ return ret; + } + + +@@ -289,8 +304,10 @@ static int ssu100_open(struct tty_struct + QT_OPEN_CLOSE_CHANNEL, + QT_TRANSFER_IN, 0x01, + 0, data, 2, 300); +- if (result < 0) { ++ if (result < 2) { + dev_dbg(&port->dev, "%s - open failed %i\n", __func__, result); ++ if (result >= 0) ++ result = -EIO; + kfree(data); + return result; + } diff --git a/queue-4.4/usb-serial-ti_usb_3410_5052-fix-control-message-error-handling.patch b/queue-4.4/usb-serial-ti_usb_3410_5052-fix-control-message-error-handling.patch new file mode 100644 index 00000000000..f63a2f95bf5 --- /dev/null +++ b/queue-4.4/usb-serial-ti_usb_3410_5052-fix-control-message-error-handling.patch @@ -0,0 +1,55 @@ +From 39712e8bfa8d3aa6ce1e60fc9d62c9b076c17a30 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 12 Jan 2017 14:56:23 +0100 +Subject: USB: serial: ti_usb_3410_5052: fix control-message error handling + +From: Johan Hovold + +commit 39712e8bfa8d3aa6ce1e60fc9d62c9b076c17a30 upstream. + +Make sure to detect and return an error on zero-length control-message +transfers when reading from the device. + +This addresses a potential failure to detect an empty transmit buffer +during close. + +Also remove a redundant check for short transfer when sending a command. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/usb/serial/ti_usb_3410_5052.c | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +--- a/drivers/usb/serial/ti_usb_3410_5052.c ++++ b/drivers/usb/serial/ti_usb_3410_5052.c +@@ -1352,13 +1352,10 @@ static int ti_command_out_sync(struct ti + (USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT), + value, moduleid, data, size, 1000); + +- if (status == size) +- status = 0; +- +- if (status > 0) +- status = -ECOMM; ++ if (status < 0) ++ return status; + +- return status; ++ return 0; + } + + +@@ -1374,8 +1371,7 @@ static int ti_command_in_sync(struct ti_ + + if (status == size) + status = 0; +- +- if (status > 0) ++ else if (status >= 0) + status = -ECOMM; + + return status; diff --git a/queue-4.4/x86-ioapic-restore-io-apic-irq_chip-retrigger-callback.patch b/queue-4.4/x86-ioapic-restore-io-apic-irq_chip-retrigger-callback.patch new file mode 100644 index 00000000000..aea82092956 --- /dev/null +++ b/queue-4.4/x86-ioapic-restore-io-apic-irq_chip-retrigger-callback.patch @@ -0,0 +1,46 @@ +From a9b4f08770b415f30f2fb0f8329a370c8f554aa3 Mon Sep 17 00:00:00 2001 +From: Ruslan Ruslichenko +Date: Tue, 17 Jan 2017 16:13:52 +0200 +Subject: x86/ioapic: Restore IO-APIC irq_chip retrigger callback + +From: Ruslan Ruslichenko + +commit a9b4f08770b415f30f2fb0f8329a370c8f554aa3 upstream. + +commit d32932d02e18 removed the irq_retrigger callback from the IO-APIC +chip and did not add it to the new IO-APIC-IR irq chip. + +There is no harm because the interrupts are resent in software when the +retrigger callback is NULL, but it's less efficient. So restore them. + +[ tglx: Massaged changelog ] + +Fixes: d32932d02e18 ("x86/irq: Convert IOAPIC to use hierarchical irqdomain interfaces") +Signed-off-by: Ruslan Ruslichenko +Cc: xe-linux-external@cisco.com +Link: http://lkml.kernel.org/r/1484662432-13580-1-git-send-email-rruslich@cisco.com +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/apic/io_apic.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/x86/kernel/apic/io_apic.c ++++ b/arch/x86/kernel/apic/io_apic.c +@@ -1875,6 +1875,7 @@ static struct irq_chip ioapic_chip __rea + .irq_ack = irq_chip_ack_parent, + .irq_eoi = ioapic_ack_level, + .irq_set_affinity = ioapic_set_affinity, ++ .irq_retrigger = irq_chip_retrigger_hierarchy, + .flags = IRQCHIP_SKIP_SET_WAKE, + }; + +@@ -1886,6 +1887,7 @@ static struct irq_chip ioapic_ir_chip __ + .irq_ack = irq_chip_ack_parent, + .irq_eoi = ioapic_ir_ack_level, + .irq_set_affinity = ioapic_set_affinity, ++ .irq_retrigger = irq_chip_retrigger_hierarchy, + .flags = IRQCHIP_SKIP_SET_WAKE, + }; + diff --git a/queue-4.4/x86-pci-calgary-fix-iommu_free-comparison-of-unsigned-expression-0.patch b/queue-4.4/x86-pci-calgary-fix-iommu_free-comparison-of-unsigned-expression-0.patch new file mode 100644 index 00000000000..7344d804dbd --- /dev/null +++ b/queue-4.4/x86-pci-calgary-fix-iommu_free-comparison-of-unsigned-expression-0.patch @@ -0,0 +1,48 @@ +From 68dee8e2f2cacc54d038394e70d22411dee89da2 Mon Sep 17 00:00:00 2001 +From: Nikola Pajkovsky +Date: Tue, 15 Nov 2016 09:47:49 +0100 +Subject: x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nikola Pajkovsky + +commit 68dee8e2f2cacc54d038394e70d22411dee89da2 upstream. + +commit 8fd524b355da ("x86: Kill bad_dma_address variable") has killed +bad_dma_address variable and used instead of macro DMA_ERROR_CODE +which is always zero. Since dma_addr is unsigned, the statement + + dma_addr >= DMA_ERROR_CODE + +is always true, and not needed. + +arch/x86/kernel/pci-calgary_64.c: In function ‘iommu_free’: +arch/x86/kernel/pci-calgary_64.c:299:2: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits] + if (unlikely((dma_addr >= DMA_ERROR_CODE) && (dma_addr < badend))) { + +Fixes: 8fd524b355da ("x86: Kill bad_dma_address variable") +Signed-off-by: Nikola Pajkovsky +Cc: iommu@lists.linux-foundation.org +Cc: Jon Mason +Cc: Muli Ben-Yehuda +Link: http://lkml.kernel.org/r/7612c0f9dd7c1290407dbf8e809def922006920b.1479161177.git.npajkovsky@suse.cz +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/pci-calgary_64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kernel/pci-calgary_64.c ++++ b/arch/x86/kernel/pci-calgary_64.c +@@ -296,7 +296,7 @@ static void iommu_free(struct iommu_tabl + + /* were we called with bad_dma_address? */ + badend = DMA_ERROR_CODE + (EMERGENCY_PAGES * PAGE_SIZE); +- if (unlikely((dma_addr >= DMA_ERROR_CODE) && (dma_addr < badend))) { ++ if (unlikely(dma_addr < badend)) { + WARN(1, KERN_ERR "Calgary: driver tried unmapping bad DMA " + "address 0x%Lx\n", dma_addr); + return; diff --git a/queue-4.4/x86-platform-intel-mid-correct-msi-irq-line-for-watchdog-device.patch b/queue-4.4/x86-platform-intel-mid-correct-msi-irq-line-for-watchdog-device.patch new file mode 100644 index 00000000000..04b17074c53 --- /dev/null +++ b/queue-4.4/x86-platform-intel-mid-correct-msi-irq-line-for-watchdog-device.patch @@ -0,0 +1,44 @@ +From 80354c29025833acd72ddac1ffa21c6cb50128cd Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Sun, 12 Mar 2017 17:07:44 +0200 +Subject: x86/platform/intel-mid: Correct MSI IRQ line for watchdog device + +From: Andy Shevchenko + +commit 80354c29025833acd72ddac1ffa21c6cb50128cd upstream. + +The interrupt line used for the watchdog is 12, according to the official +Intel Edison BSP code. + +And indeed after fixing it we start getting an interrupt and thus the +watchdog starts working again: + + [ 191.699951] Kernel panic - not syncing: Kernel Watchdog + +Signed-off-by: Andy Shevchenko +Cc: Borislav Petkov +Cc: David Cohen +Cc: H. Peter Anvin +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: 78a3bb9e408b ("x86: intel-mid: add watchdog platform code for Merrifield") +Link: http://lkml.kernel.org/r/20170312150744.45493-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/platform/intel-mid/device_libs/platform_wdt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/platform/intel-mid/device_libs/platform_wdt.c ++++ b/arch/x86/platform/intel-mid/device_libs/platform_wdt.c +@@ -17,7 +17,7 @@ + #include + #include + +-#define TANGIER_EXT_TIMER0_MSI 15 ++#define TANGIER_EXT_TIMER0_MSI 12 + + static struct platform_device wdt_dev = { + .name = "intel_mid_wdt",