From: Greg Kroah-Hartman Date: Tue, 1 Mar 2016 19:15:15 +0000 (-0800) Subject: 3.14-stable patches X-Git-Tag: v3.10.99~29 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a378dcc511f34c3ad76af3a701d2afbd306888a1;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: cputime-prevent-32bit-overflow-in-time_to_cputime.patch edac-robustify-workqueues-destruction.patch mmc-mmci-fix-an-ages-old-detection-error.patch mmc-sdhci-fix-sdhci_runtime_pm_bus_on-off.patch mmc-sdio-fix-invalid-vdd-in-voltage-switch-power-cycle.patch posix-clock-fix-return-code-on-the-poll-method-s-error-path.patch sparc64-fix-incorrect-sign-extension-in-sys_sparc64_personality.patch --- diff --git a/queue-3.14/cputime-prevent-32bit-overflow-in-time_to_cputime.patch b/queue-3.14/cputime-prevent-32bit-overflow-in-time_to_cputime.patch new file mode 100644 index 00000000000..a882378a33c --- /dev/null +++ b/queue-3.14/cputime-prevent-32bit-overflow-in-time_to_cputime.patch @@ -0,0 +1,55 @@ +From 0f26922fe5dc5724b1adbbd54b21bad03590b4f3 Mon Sep 17 00:00:00 2001 +From: zengtao +Date: Tue, 2 Feb 2016 11:38:34 +0800 +Subject: cputime: Prevent 32bit overflow in time[val|spec]_to_cputime() + +From: zengtao + +commit 0f26922fe5dc5724b1adbbd54b21bad03590b4f3 upstream. + +The datatype __kernel_time_t is u32 on 32bit platform, so its subject to +overflows in the timeval/timespec to cputime conversion. + +Currently the following functions are affected: +1. setitimer() +2. timer_create/timer_settime() +3. sys_clock_nanosleep + +This can happen on MIPS32 and ARM32 with "Full dynticks CPU time accounting" +enabled, which is required for CONFIG_NO_HZ_FULL. + +Enforce u64 conversion to prevent the overflow. + +Fixes: 31c1fc818715 ("ARM: Kconfig: allow full nohz CPU accounting") +Signed-off-by: zengtao +Reviewed-by: Arnd Bergmann +Cc: +Link: http://lkml.kernel.org/r/1454384314-154784-1-git-send-email-prime.zeng@huawei.com +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + include/asm-generic/cputime_nsecs.h | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/include/asm-generic/cputime_nsecs.h ++++ b/include/asm-generic/cputime_nsecs.h +@@ -70,7 +70,7 @@ typedef u64 __nocast cputime64_t; + */ + static inline cputime_t timespec_to_cputime(const struct timespec *val) + { +- u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_nsec; ++ u64 ret = (u64)val->tv_sec * NSEC_PER_SEC + val->tv_nsec; + return (__force cputime_t) ret; + } + static inline void cputime_to_timespec(const cputime_t ct, struct timespec *val) +@@ -86,7 +86,8 @@ static inline void cputime_to_timespec(c + */ + static inline cputime_t timeval_to_cputime(const struct timeval *val) + { +- u64 ret = val->tv_sec * NSEC_PER_SEC + val->tv_usec * NSEC_PER_USEC; ++ u64 ret = (u64)val->tv_sec * NSEC_PER_SEC + ++ val->tv_usec * NSEC_PER_USEC; + return (__force cputime_t) ret; + } + static inline void cputime_to_timeval(const cputime_t ct, struct timeval *val) diff --git a/queue-3.14/edac-robustify-workqueues-destruction.patch b/queue-3.14/edac-robustify-workqueues-destruction.patch new file mode 100644 index 00000000000..6bb8b2fcf7e --- /dev/null +++ b/queue-3.14/edac-robustify-workqueues-destruction.patch @@ -0,0 +1,120 @@ +From fcd5c4dd8201595d4c598c9cca5e54760277d687 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Fri, 27 Nov 2015 10:38:38 +0100 +Subject: EDAC: Robustify workqueues destruction + +From: Borislav Petkov + +commit fcd5c4dd8201595d4c598c9cca5e54760277d687 upstream. + +EDAC workqueue destruction is really fragile. We cancel delayed work +but if it is still running and requeues itself, we still go ahead and +destroy the workqueue and the queued work explodes when workqueue core +attempts to run it. + +Make the destruction more robust by switching op_state to offline so +that requeuing stops. Cancel any pending work *synchronously* too. + + EDAC i7core: Driver loaded. + general protection fault: 0000 [#1] SMP + CPU 12 + Modules linked in: + Supported: Yes + Pid: 0, comm: kworker/0:1 Tainted: G IE 3.0.101-0-default #1 HP ProLiant DL380 G7 + RIP: 0010:[] [] __queue_work+0x17/0x3f0 + < ... regs ...> + Process kworker/0:1 (pid: 0, threadinfo ffff88019def6000, task ffff88019def4600) + Stack: + ... + Call Trace: + call_timer_fn + run_timer_softirq + __do_softirq + call_softirq + do_softirq + irq_exit + smp_apic_timer_interrupt + apic_timer_interrupt + intel_idle + cpuidle_idle_call + cpu_idle + Code: ... + RIP __queue_work + RSP <...> + +Signed-off-by: Borislav Petkov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/edac/edac_device.c | 11 ++++------- + drivers/edac/edac_mc.c | 14 +++----------- + drivers/edac/edac_pci.c | 9 ++++----- + 3 files changed, 11 insertions(+), 23 deletions(-) + +--- a/drivers/edac/edac_device.c ++++ b/drivers/edac/edac_device.c +@@ -435,16 +435,13 @@ void edac_device_workq_setup(struct edac + */ + void edac_device_workq_teardown(struct edac_device_ctl_info *edac_dev) + { +- int status; +- + if (!edac_dev->edac_check) + return; + +- status = cancel_delayed_work(&edac_dev->work); +- if (status == 0) { +- /* workq instance might be running, wait for it */ +- flush_workqueue(edac_workqueue); +- } ++ edac_dev->op_state = OP_OFFLINE; ++ ++ cancel_delayed_work_sync(&edac_dev->work); ++ flush_workqueue(edac_workqueue); + } + + /* +--- a/drivers/edac/edac_mc.c ++++ b/drivers/edac/edac_mc.c +@@ -584,18 +584,10 @@ static void edac_mc_workq_setup(struct m + */ + static void edac_mc_workq_teardown(struct mem_ctl_info *mci) + { +- int status; ++ mci->op_state = OP_OFFLINE; + +- if (mci->op_state != OP_RUNNING_POLL) +- return; +- +- status = cancel_delayed_work(&mci->work); +- if (status == 0) { +- edac_dbg(0, "not canceled, flush the queue\n"); +- +- /* workq instance might be running, wait for it */ +- flush_workqueue(edac_workqueue); +- } ++ cancel_delayed_work_sync(&mci->work); ++ flush_workqueue(edac_workqueue); + } + + /* +--- a/drivers/edac/edac_pci.c ++++ b/drivers/edac/edac_pci.c +@@ -274,13 +274,12 @@ static void edac_pci_workq_setup(struct + */ + static void edac_pci_workq_teardown(struct edac_pci_ctl_info *pci) + { +- int status; +- + edac_dbg(0, "\n"); + +- status = cancel_delayed_work(&pci->work); +- if (status == 0) +- flush_workqueue(edac_workqueue); ++ pci->op_state = OP_OFFLINE; ++ ++ cancel_delayed_work_sync(&pci->work); ++ flush_workqueue(edac_workqueue); + } + + /* diff --git a/queue-3.14/mmc-mmci-fix-an-ages-old-detection-error.patch b/queue-3.14/mmc-mmci-fix-an-ages-old-detection-error.patch new file mode 100644 index 00000000000..38e11a92325 --- /dev/null +++ b/queue-3.14/mmc-mmci-fix-an-ages-old-detection-error.patch @@ -0,0 +1,37 @@ +From 0bcb7efdff63564e80fe84dd36a9fbdfbf6697a4 Mon Sep 17 00:00:00 2001 +From: Linus Walleij +Date: Mon, 4 Jan 2016 02:21:55 +0100 +Subject: mmc: mmci: fix an ages old detection error + +From: Linus Walleij + +commit 0bcb7efdff63564e80fe84dd36a9fbdfbf6697a4 upstream. + +commit 4956e10903fd ("ARM: 6244/1: mmci: add variant data and default +MCICLOCK support") added variant data for ARM, U300 and Ux500 variants. +The Nomadik NHK8815/8820 variant was erroneously labeled as a U300 +variant, and when the proper Nomadik variant was later introduced in +commit 34fd421349ff ("ARM: 7378/1: mmci: add support for the Nomadik MMCI +variant") this was not fixes. Let's say this fixes the latter commit as +there was no proper Nomadik support until then. + +Fixes: 34fd421349ff ("ARM: 7378/1: mmci: add support for the Nomadik...") +Signed-off-by: Linus Walleij +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/mmci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mmc/host/mmci.c ++++ b/drivers/mmc/host/mmci.c +@@ -1860,7 +1860,7 @@ static struct amba_id mmci_ids[] = { + { + .id = 0x00280180, + .mask = 0x00ffffff, +- .data = &variant_u300, ++ .data = &variant_nomadik, + }, + { + .id = 0x00480180, diff --git a/queue-3.14/mmc-sdhci-fix-sdhci_runtime_pm_bus_on-off.patch b/queue-3.14/mmc-sdhci-fix-sdhci_runtime_pm_bus_on-off.patch new file mode 100644 index 00000000000..d1b73a5dbcf --- /dev/null +++ b/queue-3.14/mmc-sdhci-fix-sdhci_runtime_pm_bus_on-off.patch @@ -0,0 +1,49 @@ +From 5c671c410c8704800f4f1673b6f572137e7e6ddd Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Thu, 26 Nov 2015 14:00:50 +0200 +Subject: mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off() + +From: Adrian Hunter + +commit 5c671c410c8704800f4f1673b6f572137e7e6ddd upstream. + +sdhci has a legacy facility to prevent runtime suspend if the +bus power is on. This is needed in cases where the power to +the card is dependent on the bus power. It is controlled by +a pair of functions: sdhci_runtime_pm_bus_on() and +sdhci_runtime_pm_bus_off(). These functions use a boolean +variable 'bus_on' to ensure changes are always paired. +There is an additional check for 'runtime_suspended' which is +the problem. In fact, its use is ill-conceived as the only +requirement for the logic is that 'on' and 'off' are paired, +which is actually broken by the check, for example if the bus +power is turned on during runtime resume. So remove the check. + +Signed-off-by: Adrian Hunter +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/mmc/host/sdhci.c ++++ b/drivers/mmc/host/sdhci.c +@@ -2663,7 +2663,7 @@ static int sdhci_runtime_pm_put(struct s + + static void sdhci_runtime_pm_bus_on(struct sdhci_host *host) + { +- if (host->runtime_suspended || host->bus_on) ++ if (host->bus_on) + return; + host->bus_on = true; + pm_runtime_get_noresume(host->mmc->parent); +@@ -2671,7 +2671,7 @@ static void sdhci_runtime_pm_bus_on(stru + + static void sdhci_runtime_pm_bus_off(struct sdhci_host *host) + { +- if (host->runtime_suspended || !host->bus_on) ++ if (!host->bus_on) + return; + host->bus_on = false; + pm_runtime_put_noidle(host->mmc->parent); diff --git a/queue-3.14/mmc-sdio-fix-invalid-vdd-in-voltage-switch-power-cycle.patch b/queue-3.14/mmc-sdio-fix-invalid-vdd-in-voltage-switch-power-cycle.patch new file mode 100644 index 00000000000..355ad60f9aa --- /dev/null +++ b/queue-3.14/mmc-sdio-fix-invalid-vdd-in-voltage-switch-power-cycle.patch @@ -0,0 +1,36 @@ +From d9bfbb95ed598a09cf336adb0f190ee0ff802f0d Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Thu, 26 Nov 2015 14:00:47 +0200 +Subject: mmc: sdio: Fix invalid vdd in voltage switch power cycle + +From: Adrian Hunter + +commit d9bfbb95ed598a09cf336adb0f190ee0ff802f0d upstream. + +The 'ocr' parameter passed to mmc_set_signal_voltage() +defines the power-on voltage used when power cycling +after a failure to set the voltage. However, in the +case of mmc_sdio_init_card(), the value passed has the +R4_18V_PRESENT flag set which is not valid for power-on +and results in an invalid vdd. Fix by passing the card's +ocr value which does not have the flag. + +Signed-off-by: Adrian Hunter +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/core/sdio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mmc/core/sdio.c ++++ b/drivers/mmc/core/sdio.c +@@ -670,7 +670,7 @@ try_again: + */ + if (!powered_resume && (rocr & ocr & R4_18V_PRESENT)) { + err = mmc_set_signal_voltage(host, MMC_SIGNAL_VOLTAGE_180, +- ocr); ++ ocr_card); + if (err == -EAGAIN) { + sdio_reset(host); + mmc_go_idle(host); diff --git a/queue-3.14/posix-clock-fix-return-code-on-the-poll-method-s-error-path.patch b/queue-3.14/posix-clock-fix-return-code-on-the-poll-method-s-error-path.patch new file mode 100644 index 00000000000..a5bf92f103a --- /dev/null +++ b/queue-3.14/posix-clock-fix-return-code-on-the-poll-method-s-error-path.patch @@ -0,0 +1,50 @@ +From 1b9f23727abb92c5e58f139e7d180befcaa06fe0 Mon Sep 17 00:00:00 2001 +From: Richard Cochran +Date: Tue, 22 Dec 2015 22:19:58 +0100 +Subject: posix-clock: Fix return code on the poll method's error path + +From: Richard Cochran + +commit 1b9f23727abb92c5e58f139e7d180befcaa06fe0 upstream. + +The posix_clock_poll function is supposed to return a bit mask of +POLLxxx values. However, in case the hardware has disappeared (due to +hot plugging for example) this code returns -ENODEV in a futile +attempt to throw an error at the file descriptor level. The kernel's +file_operations interface does not accept such error codes from the +poll method. Instead, this function aught to return POLLERR. + +The value -ENODEV does, in fact, contain the POLLERR bit (and almost +all the other POLLxxx bits as well), but only by chance. This patch +fixes code to return a proper bit mask. + +Credit goes to Markus Elfring for pointing out the suspicious +signed/unsigned mismatch. + +Reported-by: Markus Elfring +igned-off-by: Richard Cochran +Cc: John Stultz +Cc: Julia Lawall +Link: http://lkml.kernel.org/r/1450819198-17420-1-git-send-email-richardcochran@gmail.com +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/time/posix-clock.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/time/posix-clock.c ++++ b/kernel/time/posix-clock.c +@@ -69,10 +69,10 @@ static ssize_t posix_clock_read(struct f + static unsigned int posix_clock_poll(struct file *fp, poll_table *wait) + { + struct posix_clock *clk = get_posix_clock(fp); +- int result = 0; ++ unsigned int result = 0; + + if (!clk) +- return -ENODEV; ++ return POLLERR; + + if (clk->ops.poll) + result = clk->ops.poll(clk, fp, wait); diff --git a/queue-3.14/series b/queue-3.14/series index 4a22308adf5..079c7102512 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -96,3 +96,10 @@ gspca-ov534-topro-prevent-a-division-by-0.patch tda1004x-only-update-the-frontend-properties-if-locked.patch dm-space-map-metadata-remove-unused-variable-in-brb_pop.patch dm-snapshot-fix-hung-bios-when-copy-error-occurs.patch +posix-clock-fix-return-code-on-the-poll-method-s-error-path.patch +mmc-sdio-fix-invalid-vdd-in-voltage-switch-power-cycle.patch +mmc-sdhci-fix-sdhci_runtime_pm_bus_on-off.patch +mmc-mmci-fix-an-ages-old-detection-error.patch +cputime-prevent-32bit-overflow-in-time_to_cputime.patch +edac-robustify-workqueues-destruction.patch +sparc64-fix-incorrect-sign-extension-in-sys_sparc64_personality.patch diff --git a/queue-3.14/sparc64-fix-incorrect-sign-extension-in-sys_sparc64_personality.patch b/queue-3.14/sparc64-fix-incorrect-sign-extension-in-sys_sparc64_personality.patch new file mode 100644 index 00000000000..3638382065f --- /dev/null +++ b/queue-3.14/sparc64-fix-incorrect-sign-extension-in-sys_sparc64_personality.patch @@ -0,0 +1,39 @@ +From 525fd5a94e1be0776fa652df5c687697db508c91 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Sun, 27 Dec 2015 02:13:27 +0300 +Subject: sparc64: fix incorrect sign extension in sys_sparc64_personality + +From: Dmitry V. Levin + +commit 525fd5a94e1be0776fa652df5c687697db508c91 upstream. + +The value returned by sys_personality has type "long int". +It is saved to a variable of type "int", which is not a problem +yet because the type of task_struct->pesonality is "unsigned int". +The problem is the sign extension from "int" to "long int" +that happens on return from sys_sparc64_personality. + +For example, a userspace call personality((unsigned) -EINVAL) will +result to any subsequent personality call, including absolutely +harmless read-only personality(0xffffffff) call, failing with +errno set to EINVAL. + +Signed-off-by: Dmitry V. Levin +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sparc/kernel/sys_sparc_64.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/sparc/kernel/sys_sparc_64.c ++++ b/arch/sparc/kernel/sys_sparc_64.c +@@ -412,7 +412,7 @@ out: + + SYSCALL_DEFINE1(sparc64_personality, unsigned long, personality) + { +- int ret; ++ long ret; + + if (personality(current->personality) == PER_LINUX32 && + personality(personality) == PER_LINUX)