From: Greg Kroah-Hartman Date: Wed, 3 May 2017 03:54:10 +0000 (-0700) Subject: 3.18-stable patches X-Git-Tag: v4.4.66~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a00f04c15aa279130599789d9e95f7f8f5e5c9ac;p=thirdparty%2Fkernel%2Fstable-queue.git 3.18-stable patches added patches: alsa-ppc-awacs-shut-up-maybe-uninitialized-warning.patch cred-userns-define-current_user_ns-as-a-function.patch drbd-avoid-redefinition-of-bits_per_page.patch ib-iser-fix-sparse-warnings.patch mlx5-avoid-build-warnings-on-32-bit.patch mtd-avoid-stack-overflow-in-mtd-cfi-code.patch net-tg3-avoid-uninitialized-variable-warning.patch pci-xilinx-fix-harmless-format-string-warning.patch powerpc-ptrace-fix-out-of-bounds-array-access-warning.patch --- diff --git a/queue-3.18/alsa-ppc-awacs-shut-up-maybe-uninitialized-warning.patch b/queue-3.18/alsa-ppc-awacs-shut-up-maybe-uninitialized-warning.patch new file mode 100644 index 00000000000..ff4f91b98bd --- /dev/null +++ b/queue-3.18/alsa-ppc-awacs-shut-up-maybe-uninitialized-warning.patch @@ -0,0 +1,37 @@ +From b268c34e5ee92a4cc3099b0caaf26e6bfbdf0f18 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Mon, 4 Jul 2016 17:07:45 +0200 +Subject: ALSA: ppc/awacs: shut up maybe-uninitialized warning + +From: Arnd Bergmann + +commit b268c34e5ee92a4cc3099b0caaf26e6bfbdf0f18 upstream. + +The awacs sound driver produces a false-positive warning in ppc64_defconfig: + +sound/ppc/awacs.c: In function 'snd_pmac_awacs_init': +include/sound/control.h:219:9: warning: 'master_vol' may be used uninitialized in this function [-Wmaybe-uninitialized] + +I haven't come up with a good way to rewrite the code to avoid the +warning, so here is a bad one: I initialize the variable before +the conditionall initialization so gcc no longer has to worry about +it. + +Signed-off-by: Arnd Bergmann +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/ppc/awacs.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/ppc/awacs.c ++++ b/sound/ppc/awacs.c +@@ -991,6 +991,7 @@ snd_pmac_awacs_init(struct snd_pmac *chi + if (err < 0) + return err; + } ++ master_vol = NULL; + if (pm7500) + err = build_mixers(chip, + ARRAY_SIZE(snd_pmac_awacs_mixers_pmac7500), diff --git a/queue-3.18/cred-userns-define-current_user_ns-as-a-function.patch b/queue-3.18/cred-userns-define-current_user_ns-as-a-function.patch new file mode 100644 index 00000000000..1050cac2593 --- /dev/null +++ b/queue-3.18/cred-userns-define-current_user_ns-as-a-function.patch @@ -0,0 +1,67 @@ +From 0335695dfa4df01edff5bb102b9a82a0668ee51e Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Tue, 22 Mar 2016 14:27:11 -0700 +Subject: cred/userns: define current_user_ns() as a function + +From: Arnd Bergmann + +commit 0335695dfa4df01edff5bb102b9a82a0668ee51e upstream. + +The current_user_ns() macro currently returns &init_user_ns when user +namespaces are disabled, and that causes several warnings when building +with gcc-6.0 in code that compares the result of the macro to +&init_user_ns itself: + + fs/xfs/xfs_ioctl.c: In function 'xfs_ioctl_setattr_check_projid': + fs/xfs/xfs_ioctl.c:1249:22: error: self-comparison always evaluates to true [-Werror=tautological-compare] + if (current_user_ns() == &init_user_ns) + +This is a legitimate warning in principle, but here it isn't really +helpful, so I'm reprasing the definition in a way that shuts up the +warning. Apparently gcc only warns when comparing identical literals, +but it can figure out that the result of an inline function can be +identical to a constant expression in order to optimize a condition yet +not warn about the fact that the condition is known at compile time. +This is exactly what we want here, and it looks reasonable because we +generally prefer inline functions over macros anyway. + +Signed-off-by: Arnd Bergmann +Acked-by: Serge Hallyn +Cc: David Howells +Cc: Yaowei Bai +Cc: James Morris +Cc: "Paul E. McKenney" +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/capability.h | 2 -- + include/linux/cred.h | 5 ++++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +--- a/include/linux/capability.h ++++ b/include/linux/capability.h +@@ -40,8 +40,6 @@ struct inode; + struct dentry; + struct user_namespace; + +-struct user_namespace *current_user_ns(void); +- + extern const kernel_cap_t __cap_empty_set; + extern const kernel_cap_t __cap_init_eff_set; + +--- a/include/linux/cred.h ++++ b/include/linux/cred.h +@@ -354,7 +354,10 @@ extern struct user_namespace init_user_n + #ifdef CONFIG_USER_NS + #define current_user_ns() (current_cred_xxx(user_ns)) + #else +-#define current_user_ns() (&init_user_ns) ++static inline struct user_namespace *current_user_ns(void) ++{ ++ return &init_user_ns; ++} + #endif + + diff --git a/queue-3.18/drbd-avoid-redefinition-of-bits_per_page.patch b/queue-3.18/drbd-avoid-redefinition-of-bits_per_page.patch new file mode 100644 index 00000000000..8ac17d92cbd --- /dev/null +++ b/queue-3.18/drbd-avoid-redefinition-of-bits_per_page.patch @@ -0,0 +1,42 @@ +From 2630628b2dbc3fc320aafaf84836119e4e3d62f1 Mon Sep 17 00:00:00 2001 +From: Lars Ellenberg +Date: Fri, 20 Mar 2015 15:47:22 +0100 +Subject: drbd: avoid redefinition of BITS_PER_PAGE + +From: Lars Ellenberg + +commit 2630628b2dbc3fc320aafaf84836119e4e3d62f1 upstream. + +Apparently we now implicitly get definitions for BITS_PER_PAGE and +BITS_PER_PAGE_MASK from the pid_namespace.h + +Instead of renaming our defines, I chose to define only if not yet +defined, but to double check the value if already defined. + +Signed-off-by: Philipp Reisner +Signed-off-by: Lars Ellenberg +Signed-off-by: Jens Axboe +Cc: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/drbd/drbd_bitmap.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/block/drbd/drbd_bitmap.c ++++ b/drivers/block/drbd/drbd_bitmap.c +@@ -479,8 +479,14 @@ void drbd_bm_cleanup(struct drbd_device + * this masks out the remaining bits. + * Returns the number of bits cleared. + */ ++#ifndef BITS_PER_PAGE + #define BITS_PER_PAGE (1UL << (PAGE_SHIFT + 3)) + #define BITS_PER_PAGE_MASK (BITS_PER_PAGE - 1) ++#else ++# if BITS_PER_PAGE != (1UL << (PAGE_SHIFT + 3)) ++# error "ambiguous BITS_PER_PAGE" ++# endif ++#endif + #define BITS_PER_LONG_MASK (BITS_PER_LONG - 1) + static int bm_clear_surplus(struct drbd_bitmap *b) + { diff --git a/queue-3.18/ib-iser-fix-sparse-warnings.patch b/queue-3.18/ib-iser-fix-sparse-warnings.patch new file mode 100644 index 00000000000..4aab19fb472 --- /dev/null +++ b/queue-3.18/ib-iser-fix-sparse-warnings.patch @@ -0,0 +1,97 @@ +From 49df2781b101a729e9f46eddc845a587fc5665a8 Mon Sep 17 00:00:00 2001 +From: Sagi Grimberg +Date: Sun, 7 Dec 2014 16:09:57 +0200 +Subject: IB/iser: Fix sparse warnings + +From: Sagi Grimberg + +commit 49df2781b101a729e9f46eddc845a587fc5665a8 upstream. + +Use uintptr_t to handle wr_id casting, which was found by Kbuild test +robot and smatch. Also remove an internal definition of variable which +potentially shadows an external one (and make sparse happy). + +Signed-off-by: Sagi Grimberg +Signed-off-by: Or Gerlitz +Signed-off-by: Roland Dreier +Cc: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/ulp/iser/iser_memory.c | 1 - + drivers/infiniband/ulp/iser/iser_verbs.c | 15 ++++++++------- + 2 files changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/infiniband/ulp/iser/iser_memory.c ++++ b/drivers/infiniband/ulp/iser/iser_memory.c +@@ -73,7 +73,6 @@ static int iser_start_rdma_unaligned_sg( + + if (cmd_dir == ISER_DIR_OUT) { + /* copy the unaligned sg the buffer which is used for RDMA */ +- int i; + char *p, *from; + + sgl = (struct scatterlist *)data->buf; +--- a/drivers/infiniband/ulp/iser/iser_verbs.c ++++ b/drivers/infiniband/ulp/iser/iser_verbs.c +@@ -1052,7 +1052,7 @@ int iser_post_recvl(struct iser_conn *is + sge.length = ISER_RX_LOGIN_SIZE; + sge.lkey = ib_conn->device->mr->lkey; + +- rx_wr.wr_id = (unsigned long)iser_conn->login_resp_buf; ++ rx_wr.wr_id = (uintptr_t)iser_conn->login_resp_buf; + rx_wr.sg_list = &sge; + rx_wr.num_sge = 1; + rx_wr.next = NULL; +@@ -1076,7 +1076,7 @@ int iser_post_recvm(struct iser_conn *is + + for (rx_wr = ib_conn->rx_wr, i = 0; i < count; i++, rx_wr++) { + rx_desc = &iser_conn->rx_descs[my_rx_head]; +- rx_wr->wr_id = (unsigned long)rx_desc; ++ rx_wr->wr_id = (uintptr_t)rx_desc; + rx_wr->sg_list = &rx_desc->rx_sg; + rx_wr->num_sge = 1; + rx_wr->next = rx_wr + 1; +@@ -1113,7 +1113,7 @@ int iser_post_send(struct ib_conn *ib_co + DMA_TO_DEVICE); + + send_wr.next = NULL; +- send_wr.wr_id = (unsigned long)tx_desc; ++ send_wr.wr_id = (uintptr_t)tx_desc; + send_wr.sg_list = tx_desc->tx_sg; + send_wr.num_sge = tx_desc->num_sge; + send_wr.opcode = IB_WR_SEND; +@@ -1163,6 +1163,7 @@ static void + iser_handle_comp_error(struct ib_conn *ib_conn, + struct ib_wc *wc) + { ++ void *wr_id = (void *)(uintptr_t)wc->wr_id; + struct iser_conn *iser_conn = container_of(ib_conn, struct iser_conn, + ib_conn); + +@@ -1171,8 +1172,8 @@ iser_handle_comp_error(struct ib_conn *i + iscsi_conn_failure(iser_conn->iscsi_conn, + ISCSI_ERR_CONN_FAILED); + +- if (is_iser_tx_desc(iser_conn, (void *)wc->wr_id)) { +- struct iser_tx_desc *desc = (struct iser_tx_desc *)wc->wr_id; ++ if (is_iser_tx_desc(iser_conn, wr_id)) { ++ struct iser_tx_desc *desc = wr_id; + + if (desc->type == ISCSI_TX_DATAOUT) + kmem_cache_free(ig.desc_cache, desc); +@@ -1198,12 +1199,12 @@ static void iser_handle_wc(struct ib_wc + ib_conn = wc->qp->qp_context; + if (wc->status == IB_WC_SUCCESS) { + if (wc->opcode == IB_WC_RECV) { +- rx_desc = (struct iser_rx_desc *)wc->wr_id; ++ rx_desc = (struct iser_rx_desc *)(uintptr_t)wc->wr_id; + iser_rcv_completion(rx_desc, wc->byte_len, + ib_conn); + } else + if (wc->opcode == IB_WC_SEND) { +- tx_desc = (struct iser_tx_desc *)wc->wr_id; ++ tx_desc = (struct iser_tx_desc *)(uintptr_t)wc->wr_id; + iser_snd_completion(tx_desc, ib_conn); + } else { + iser_err("Unknown wc opcode %d\n", wc->opcode); diff --git a/queue-3.18/mlx5-avoid-build-warnings-on-32-bit.patch b/queue-3.18/mlx5-avoid-build-warnings-on-32-bit.patch new file mode 100644 index 00000000000..69c6468ffe6 --- /dev/null +++ b/queue-3.18/mlx5-avoid-build-warnings-on-32-bit.patch @@ -0,0 +1,51 @@ +From 065bd8c28ba37d04c9a5b732173c1508954b1f58 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Tue, 13 Jan 2015 17:08:06 +0100 +Subject: mlx5: avoid build warnings on 32-bit + +From: Arnd Bergmann + +commit 065bd8c28ba37d04c9a5b732173c1508954b1f58 upstream. + +The mlx5 driver passes a string pointer in through a 'u64' variable, +which on 32-bit machines causes a build warning: + +drivers/net/ethernet/mellanox/mlx5/core/debugfs.c: In function 'qp_read_field': +drivers/net/ethernet/mellanox/mlx5/core/debugfs.c:303:11: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] + +The code is in fact safe, so we can shut up the warning by adding +extra type casts. + +Signed-off-by: Arnd Bergmann +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/mellanox/mlx5/core/debugfs.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/debugfs.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/debugfs.c +@@ -300,11 +300,11 @@ static u64 qp_read_field(struct mlx5_cor + param = qp->pid; + break; + case QP_STATE: +- param = (u64)mlx5_qp_state_str(be32_to_cpu(ctx->flags) >> 28); ++ param = (unsigned long)mlx5_qp_state_str(be32_to_cpu(ctx->flags) >> 28); + *is_str = 1; + break; + case QP_XPORT: +- param = (u64)mlx5_qp_type_str((be32_to_cpu(ctx->flags) >> 16) & 0xff); ++ param = (unsigned long)mlx5_qp_type_str((be32_to_cpu(ctx->flags) >> 16) & 0xff); + *is_str = 1; + break; + case QP_MTU: +@@ -464,7 +464,7 @@ static ssize_t dbg_read(struct file *fil + + + if (is_str) +- ret = snprintf(tbuf, sizeof(tbuf), "%s\n", (const char *)field); ++ ret = snprintf(tbuf, sizeof(tbuf), "%s\n", (const char *)(unsigned long)field); + else + ret = snprintf(tbuf, sizeof(tbuf), "0x%llx\n", field); + diff --git a/queue-3.18/mtd-avoid-stack-overflow-in-mtd-cfi-code.patch b/queue-3.18/mtd-avoid-stack-overflow-in-mtd-cfi-code.patch new file mode 100644 index 00000000000..fba5e80e7ef --- /dev/null +++ b/queue-3.18/mtd-avoid-stack-overflow-in-mtd-cfi-code.patch @@ -0,0 +1,81 @@ +From fddcca5107051adf9e4481d2a79ae0616577fd2c Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Mon, 29 Feb 2016 13:20:28 +0100 +Subject: mtd: avoid stack overflow in MTD CFI code + +From: Arnd Bergmann + +commit fddcca5107051adf9e4481d2a79ae0616577fd2c upstream. + +When map_word gets too large, we use a lot of kernel stack, and for +MTD_MAP_BANK_WIDTH_32, this means we use more than the recommended +1024 bytes in a number of functions: + +drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_write_buffers': +drivers/mtd/chips/cfi_cmdset_0020.c:651:1: warning: the frame size of 1336 bytes is larger than 1024 bytes [-Wframe-larger-than=] +drivers/mtd/chips/cfi_cmdset_0020.c: In function 'cfi_staa_erase_varsize': +drivers/mtd/chips/cfi_cmdset_0020.c:972:1: warning: the frame size of 1208 bytes is larger than 1024 bytes [-Wframe-larger-than=] +drivers/mtd/chips/cfi_cmdset_0001.c: In function 'do_write_buffer': +drivers/mtd/chips/cfi_cmdset_0001.c:1835:1: warning: the frame size of 1240 bytes is larger than 1024 bytes [-Wframe-larger-than=] + +This can be avoided if all operations on the map word are done +indirectly and the stack gets reused between the calls. We can +mostly achieve this by selecting MTD_COMPLEX_MAPPINGS whenever +MTD_MAP_BANK_WIDTH_32 is set, but for the case that no other +bank width is enabled, we also need to use a non-constant +map_bankwidth() to convince the compiler to use less stack. + +Signed-off-by: Arnd Bergmann +[Brian: this patch mostly achieves its goal by forcing + MTD_COMPLEX_MAPPINGS (and the accompanying indirection) for 256-bit + mappings; the rest of the change is mostly a wash, though it helps + reduce stack size slightly. If we really care about supporting + 256-bit mappings though, we should consider rewriting some of this + code to avoid keeping and assigning so many 256-bit objects on the + stack.] +Signed-off-by: Brian Norris +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/chips/Kconfig | 1 + + include/linux/mtd/map.h | 19 +++++++------------ + 2 files changed, 8 insertions(+), 12 deletions(-) + +--- a/drivers/mtd/chips/Kconfig ++++ b/drivers/mtd/chips/Kconfig +@@ -110,6 +110,7 @@ config MTD_MAP_BANK_WIDTH_16 + + config MTD_MAP_BANK_WIDTH_32 + bool "Support 256-bit buswidth" if MTD_CFI_GEOMETRY ++ select MTD_COMPLEX_MAPPINGS if HAS_IOMEM + default n + help + If you wish to support CFI devices on a physical bus which is +--- a/include/linux/mtd/map.h ++++ b/include/linux/mtd/map.h +@@ -122,18 +122,13 @@ + #endif + + #ifdef CONFIG_MTD_MAP_BANK_WIDTH_32 +-# ifdef map_bankwidth +-# undef map_bankwidth +-# define map_bankwidth(map) ((map)->bankwidth) +-# undef map_bankwidth_is_large +-# define map_bankwidth_is_large(map) (map_bankwidth(map) > BITS_PER_LONG/8) +-# undef map_words +-# define map_words(map) map_calc_words(map) +-# else +-# define map_bankwidth(map) 32 +-# define map_bankwidth_is_large(map) (1) +-# define map_words(map) map_calc_words(map) +-# endif ++/* always use indirect access for 256-bit to preserve kernel stack */ ++# undef map_bankwidth ++# define map_bankwidth(map) ((map)->bankwidth) ++# undef map_bankwidth_is_large ++# define map_bankwidth_is_large(map) (map_bankwidth(map) > BITS_PER_LONG/8) ++# undef map_words ++# define map_words(map) map_calc_words(map) + #define map_bankwidth_is_32(map) (map_bankwidth(map) == 32) + #undef MAX_MAP_BANKWIDTH + #define MAX_MAP_BANKWIDTH 32 diff --git a/queue-3.18/net-tg3-avoid-uninitialized-variable-warning.patch b/queue-3.18/net-tg3-avoid-uninitialized-variable-warning.patch new file mode 100644 index 00000000000..cf894b4da0a --- /dev/null +++ b/queue-3.18/net-tg3-avoid-uninitialized-variable-warning.patch @@ -0,0 +1,38 @@ +From e434e04110704eb91acfecbd0fb8ca8e2da9c29b Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Fri, 29 Jan 2016 12:39:15 +0100 +Subject: net: tg3: avoid uninitialized variable warning + +From: Arnd Bergmann + +commit e434e04110704eb91acfecbd0fb8ca8e2da9c29b upstream. + +The tg3_set_eeprom() function correctly initializes the 'start' variable, +but gcc generates a false warning: + +drivers/net/ethernet/broadcom/tg3.c: In function 'tg3_set_eeprom': +drivers/net/ethernet/broadcom/tg3.c:12057:4: warning: 'start' may be used uninitialized in this function [-Wmaybe-uninitialized] + +I have not come up with a way to restructure the code in a way that +avoids the warning without making it less readable, so this adds an +initialization for the declaration to shut up that warning. + +Signed-off-by: Arnd Bergmann +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/broadcom/tg3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -12021,7 +12021,7 @@ static int tg3_set_eeprom(struct net_dev + int ret; + u32 offset, len, b_offset, odd_len; + u8 *buf; +- __be32 start, end; ++ __be32 start = 0, end; + + if (tg3_flag(tp, NO_NVRAM) || + eeprom->magic != TG3_EEPROM_MAGIC) diff --git a/queue-3.18/pci-xilinx-fix-harmless-format-string-warning.patch b/queue-3.18/pci-xilinx-fix-harmless-format-string-warning.patch new file mode 100644 index 00000000000..ecba1414d49 --- /dev/null +++ b/queue-3.18/pci-xilinx-fix-harmless-format-string-warning.patch @@ -0,0 +1,46 @@ +From abc596b9a2f3d24b8b0d637bdb071aae7f09801d Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Tue, 13 Jan 2015 15:20:05 +0100 +Subject: PCI: xilinx: Fix harmless format string warning + +From: Arnd Bergmann + +commit abc596b9a2f3d24b8b0d637bdb071aae7f09801d upstream. + +The xilinx PCIe driver prints a register value whose type is propagated to +the type returned by the GENMASK() macro. Unfortunately, that type has +recently changed as the result of a bug fix, so now we get a warning about +the type: + + drivers/pci/host/pcie-xilinx.c: In function 'xilinx_pcie_clear_err_interrupts': + drivers/pci/host/pcie-xilinx.c:154:3: warning: format '%d' expects argument of type 'int', but argument 4 has type 'long unsigned int' [-Wformat=] + +Change the code so we always print the number as an 'unsigned long' type to +avoid the warning. The original code was fine on 32-bit architectures but +not on 64-bit. Now it works as expected on both. + +Fixes: 00b4d9a1412 ("bitops: Fix shift overflow in GENMASK macros") +Signed-off-by: Arnd Bergmann +Signed-off-by: Bjorn Helgaas +Acked-by: Maxime Coquelin +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/host/pcie-xilinx.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/pci/host/pcie-xilinx.c ++++ b/drivers/pci/host/pcie-xilinx.c +@@ -148,10 +148,10 @@ static inline bool xilinx_pcie_link_is_u + */ + static void xilinx_pcie_clear_err_interrupts(struct xilinx_pcie_port *port) + { +- u32 val = pcie_read(port, XILINX_PCIE_REG_RPEFR); ++ unsigned long val = pcie_read(port, XILINX_PCIE_REG_RPEFR); + + if (val & XILINX_PCIE_RPEFR_ERR_VALID) { +- dev_dbg(port->dev, "Requester ID %d\n", ++ dev_dbg(port->dev, "Requester ID %lu\n", + val & XILINX_PCIE_RPEFR_REQ_ID); + pcie_write(port, XILINX_PCIE_RPEFR_ALL_MASK, + XILINX_PCIE_REG_RPEFR); diff --git a/queue-3.18/powerpc-ptrace-fix-out-of-bounds-array-access-warning.patch b/queue-3.18/powerpc-ptrace-fix-out-of-bounds-array-access-warning.patch new file mode 100644 index 00000000000..fbeeaf5de59 --- /dev/null +++ b/queue-3.18/powerpc-ptrace-fix-out-of-bounds-array-access-warning.patch @@ -0,0 +1,51 @@ +From 1e407ee3b21f981140491d5b8a36422979ca246f Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 25 Apr 2016 09:19:17 -0700 +Subject: powerpc/ptrace: Fix out of bounds array access warning + +From: Khem Raj + +commit 1e407ee3b21f981140491d5b8a36422979ca246f upstream. + +gcc-6 correctly warns about a out of bounds access + +arch/powerpc/kernel/ptrace.c:407:24: warning: index 32 denotes an offset greater than size of 'u64[32][1] {aka long long unsigned int[32][1]}' [-Warray-bounds] + offsetof(struct thread_fp_state, fpr[32][0])); + ^ + +check the end of array instead of beginning of next element to fix this + +Signed-off-by: Khem Raj +Cc: Kees Cook +Cc: Michael Ellerman +Cc: Segher Boessenkool +Tested-by: Aaro Koskinen +Acked-by: Olof Johansson +Cc: Arnd Bergmann +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/ptrace.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -376,7 +376,7 @@ static int fpr_get(struct task_struct *t + + #else + BUILD_BUG_ON(offsetof(struct thread_fp_state, fpscr) != +- offsetof(struct thread_fp_state, fpr[32][0])); ++ offsetof(struct thread_fp_state, fpr[32])); + + return user_regset_copyout(&pos, &count, &kbuf, &ubuf, + &target->thread.fp_state, 0, -1); +@@ -404,7 +404,7 @@ static int fpr_set(struct task_struct *t + return 0; + #else + BUILD_BUG_ON(offsetof(struct thread_fp_state, fpscr) != +- offsetof(struct thread_fp_state, fpr[32][0])); ++ offsetof(struct thread_fp_state, fpr[32])); + + return user_regset_copyin(&pos, &count, &kbuf, &ubuf, + &target->thread.fp_state, 0, -1); diff --git a/queue-3.18/series b/queue-3.18/series index 5bf64a9ae28..3f7b2a05e85 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -23,3 +23,12 @@ p9_client_readdir-fix.patch input-i8042-add-clevo-p650rs-to-the-i8042-reset-list.patch nfsd-check-for-oversized-nfsv2-v3-arguments.patch ftrace-x86-fix-triple-fault-with-graph-tracing-and-suspend-to-ram.patch +powerpc-ptrace-fix-out-of-bounds-array-access-warning.patch +drbd-avoid-redefinition-of-bits_per_page.patch +ib-iser-fix-sparse-warnings.patch +mtd-avoid-stack-overflow-in-mtd-cfi-code.patch +mlx5-avoid-build-warnings-on-32-bit.patch +pci-xilinx-fix-harmless-format-string-warning.patch +alsa-ppc-awacs-shut-up-maybe-uninitialized-warning.patch +cred-userns-define-current_user_ns-as-a-function.patch +net-tg3-avoid-uninitialized-variable-warning.patch