From: Greg Kroah-Hartman Date: Mon, 7 Aug 2017 21:50:36 +0000 (-0700) Subject: 4.12-stable patches X-Git-Tag: v4.12.6~45 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a8069b526c963dac0159535c22e1fe490138c41a;p=thirdparty%2Fkernel%2Fstable-queue.git 4.12-stable patches added patches: arm-dts-armada-38x-fix-irq-type-for-pca955.patch arm-dts-tango4-request-rgmii-rx-and-tx-clock-delays.patch arm-mvebu-use-__pa_symbol-in-the-mv98dx3236-platform-smp-code.patch arm64-dts-marvell-armada-37xx-fix-the-number-of-gpio-on-south-bridge.patch clk-sunxi-ng-sun5i-add-clk_set_rate_parent-to-the-cpu-clock.patch ext4-fix-overflow-caused-by-missing-cast-in-ext4_resize_fs.patch ext4-fix-seek_hole-seek_data-for-blocksize-pagesize.patch gpiolib-skip-unwanted-events-don-t-convert-them-to-opposite-edge.patch iommu-amd-enable-ga_log_intr-when-enabling-guest_mode.patch mips-ralink-fix-build-error-due-to-missing-header.patch powerpc-64-fix-__check_irq_replay-missing-decrementer-interrupt.patch powerpc-tm-fix-saving-of-tm-sprs-in-core-dump.patch timers-fix-overflow-in-get_next_timer_interrupt.patch --- diff --git a/queue-4.12/arm-dts-armada-38x-fix-irq-type-for-pca955.patch b/queue-4.12/arm-dts-armada-38x-fix-irq-type-for-pca955.patch new file mode 100644 index 00000000000..eb4b78f8ad5 --- /dev/null +++ b/queue-4.12/arm-dts-armada-38x-fix-irq-type-for-pca955.patch @@ -0,0 +1,48 @@ +From 8d4514173211586c6238629b1ef1e071927735f5 Mon Sep 17 00:00:00 2001 +From: Gregory CLEMENT +Date: Wed, 12 Jul 2017 13:23:11 +0200 +Subject: ARM: dts: armada-38x: Fix irq type for pca955 + +From: Gregory CLEMENT + +commit 8d4514173211586c6238629b1ef1e071927735f5 upstream. + +As written in the datasheet the PCA955 can only handle low level irq and +not edge irq. + +Without this fix the interrupt is not usable for pca955: the gpio-pca953x +driver already set the irq type as low level which is incompatible with +edge type, then the kernel prevents using the interrupt: + +"irq: type mismatch, failed to map hwirq-18 for +/soc/internal-regs/gpio@18100!" + +Fixes: 928413bd859c ("ARM: mvebu: Add Armada 388 General Purpose +Development Board support") +Signed-off-by: Gregory CLEMENT +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/boot/dts/armada-388-gp.dts | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm/boot/dts/armada-388-gp.dts ++++ b/arch/arm/boot/dts/armada-388-gp.dts +@@ -75,7 +75,7 @@ + pinctrl-names = "default"; + pinctrl-0 = <&pca0_pins>; + interrupt-parent = <&gpio0>; +- interrupts = <18 IRQ_TYPE_EDGE_FALLING>; ++ interrupts = <18 IRQ_TYPE_LEVEL_LOW>; + gpio-controller; + #gpio-cells = <2>; + interrupt-controller; +@@ -87,7 +87,7 @@ + compatible = "nxp,pca9555"; + pinctrl-names = "default"; + interrupt-parent = <&gpio0>; +- interrupts = <18 IRQ_TYPE_EDGE_FALLING>; ++ interrupts = <18 IRQ_TYPE_LEVEL_LOW>; + gpio-controller; + #gpio-cells = <2>; + interrupt-controller; diff --git a/queue-4.12/arm-dts-tango4-request-rgmii-rx-and-tx-clock-delays.patch b/queue-4.12/arm-dts-tango4-request-rgmii-rx-and-tx-clock-delays.patch new file mode 100644 index 00000000000..5181e63cd9a --- /dev/null +++ b/queue-4.12/arm-dts-tango4-request-rgmii-rx-and-tx-clock-delays.patch @@ -0,0 +1,31 @@ +From 985333b0eef8603b02181c4ec0a722b82be9642d Mon Sep 17 00:00:00 2001 +From: Marc Gonzalez +Date: Fri, 28 Jul 2017 15:27:49 +0200 +Subject: ARM: dts: tango4: Request RGMII RX and TX clock delays + +From: Marc Gonzalez + +commit 985333b0eef8603b02181c4ec0a722b82be9642d upstream. + +RX and TX clock delays are required. Request them explicitly. + +Fixes: cad008b8a77e6 ("ARM: dts: tango4: Initial device trees") +Signed-off-by: Marc Gonzalez +Signed-off-by: Arnd Bergmann +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/boot/dts/tango4-vantage-1172.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/boot/dts/tango4-vantage-1172.dts ++++ b/arch/arm/boot/dts/tango4-vantage-1172.dts +@@ -22,7 +22,7 @@ + }; + + ð0 { +- phy-connection-type = "rgmii"; ++ phy-connection-type = "rgmii-id"; + phy-handle = <ð0_phy>; + #address-cells = <1>; + #size-cells = <0>; diff --git a/queue-4.12/arm-mvebu-use-__pa_symbol-in-the-mv98dx3236-platform-smp-code.patch b/queue-4.12/arm-mvebu-use-__pa_symbol-in-the-mv98dx3236-platform-smp-code.patch new file mode 100644 index 00000000000..3735a14ac83 --- /dev/null +++ b/queue-4.12/arm-mvebu-use-__pa_symbol-in-the-mv98dx3236-platform-smp-code.patch @@ -0,0 +1,46 @@ +From 76127d6fe00062bddb25515d8a4f44633c41fe14 Mon Sep 17 00:00:00 2001 +From: Gregory CLEMENT +Date: Fri, 7 Jul 2017 09:59:28 +0200 +Subject: ARM: mvebu: use __pa_symbol in the mv98dx3236 platform SMP code + +From: Gregory CLEMENT + +commit 76127d6fe00062bddb25515d8a4f44633c41fe14 upstream. + +As we already did for Armada XP switch from virt_to_phys() to +__pa_symbol(). + +The reason for it was well explained by Mark Rutland so let's quote him: + +"virt_to_phys() is intended to operate on the linear/direct mapping of +RAM. + +__pa_symbol() is intended to operate on the kernel mapping, which may +not be in the linear/direct mapping on all architectures. e.g. arm64 and +x86_64 map the kernel image and RAM separately. + +On 32-bit ARM the kernel image mapping is tied to the linear/direct +mapping, so that works, but as it's semantically wrong (and broken for +generic code), the DEBUG_VIRTUAL checks complain." + +Fixes: db88977894ab ("arm: mvebu: support for SMP on 98DX3336 SoC") +Reviewed-by: Florian Fainelli +Tested-by: Chris Packham +Signed-off-by: Gregory CLEMENT +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mach-mvebu/platsmp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/mach-mvebu/platsmp.c ++++ b/arch/arm/mach-mvebu/platsmp.c +@@ -211,7 +211,7 @@ static int mv98dx3236_resume_set_cpu_boo + return PTR_ERR(base); + + writel(0, base + MV98DX3236_CPU_RESUME_CTRL_REG); +- writel(virt_to_phys(boot_addr), base + MV98DX3236_CPU_RESUME_ADDR_REG); ++ writel(__pa_symbol(boot_addr), base + MV98DX3236_CPU_RESUME_ADDR_REG); + + iounmap(base); + diff --git a/queue-4.12/arm64-dts-marvell-armada-37xx-fix-the-number-of-gpio-on-south-bridge.patch b/queue-4.12/arm64-dts-marvell-armada-37xx-fix-the-number-of-gpio-on-south-bridge.patch new file mode 100644 index 00000000000..7c170f0c655 --- /dev/null +++ b/queue-4.12/arm64-dts-marvell-armada-37xx-fix-the-number-of-gpio-on-south-bridge.patch @@ -0,0 +1,33 @@ +From d7a65c4905bc9c304ecf3d8aa566802f6119480f Mon Sep 17 00:00:00 2001 +From: Gregory CLEMENT +Date: Tue, 1 Aug 2017 18:01:35 +0200 +Subject: ARM64: dts: marvell: armada-37xx: Fix the number of GPIO on south bridge + +From: Gregory CLEMENT + +commit d7a65c4905bc9c304ecf3d8aa566802f6119480f upstream. + +The number of pins in South Bridge is 30 and not 29. There is a fix for +the driver for the pinctrl, but a fix is also need at device tree level +for the GPIO. + +Fixes: afda007feda5 ("ARM64: dts: marvell: Add pinctrl nodes for Armada +3700") +Signed-off-by: Gregory CLEMENT +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/boot/dts/marvell/armada-37xx.dtsi ++++ b/arch/arm64/boot/dts/marvell/armada-37xx.dtsi +@@ -219,7 +219,7 @@ + reg = <0x18800 0x100>, <0x18C00 0x20>; + gpiosb: gpio { + #gpio-cells = <2>; +- gpio-ranges = <&pinctrl_sb 0 0 29>; ++ gpio-ranges = <&pinctrl_sb 0 0 30>; + gpio-controller; + interrupts = + , diff --git a/queue-4.12/clk-sunxi-ng-sun5i-add-clk_set_rate_parent-to-the-cpu-clock.patch b/queue-4.12/clk-sunxi-ng-sun5i-add-clk_set_rate_parent-to-the-cpu-clock.patch new file mode 100644 index 00000000000..8f2c011d86e --- /dev/null +++ b/queue-4.12/clk-sunxi-ng-sun5i-add-clk_set_rate_parent-to-the-cpu-clock.patch @@ -0,0 +1,34 @@ +From 9735ee9e3cc3ba113ac96b0368ef3f1a73092a23 Mon Sep 17 00:00:00 2001 +From: Maxime Ripard +Date: Fri, 21 Jul 2017 18:19:35 +0200 +Subject: clk: sunxi-ng: sun5i: Add clk_set_rate_parent to the CPU clock + +From: Maxime Ripard + +commit 9735ee9e3cc3ba113ac96b0368ef3f1a73092a23 upstream. + +The current CPU clock is missing the option to change the rate of its +parents, leading to improper rates calculated by cpufreq, and eventually +crashes. + +Fixes: 5e73761786d6 ("clk: sunxi-ng: Add sun5i CCU driver") +Reported-by: Kevin Hilman +Acked-by: Chen-Yu Tsai +Signed-off-by: Maxime Ripard +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/sunxi-ng/ccu-sun5i.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/clk/sunxi-ng/ccu-sun5i.c ++++ b/drivers/clk/sunxi-ng/ccu-sun5i.c +@@ -184,7 +184,7 @@ static struct ccu_mux cpu_clk = { + .hw.init = CLK_HW_INIT_PARENTS("cpu", + cpu_parents, + &ccu_mux_ops, +- CLK_IS_CRITICAL), ++ CLK_SET_RATE_PARENT | CLK_IS_CRITICAL), + } + }; + diff --git a/queue-4.12/ext4-fix-overflow-caused-by-missing-cast-in-ext4_resize_fs.patch b/queue-4.12/ext4-fix-overflow-caused-by-missing-cast-in-ext4_resize_fs.patch new file mode 100644 index 00000000000..1aa5a482831 --- /dev/null +++ b/queue-4.12/ext4-fix-overflow-caused-by-missing-cast-in-ext4_resize_fs.patch @@ -0,0 +1,34 @@ +From aec51758ce10a9c847a62a48a168f8c804c6e053 Mon Sep 17 00:00:00 2001 +From: Jerry Lee +Date: Sun, 6 Aug 2017 01:18:31 -0400 +Subject: ext4: fix overflow caused by missing cast in ext4_resize_fs() + +From: Jerry Lee + +commit aec51758ce10a9c847a62a48a168f8c804c6e053 upstream. + +On a 32-bit platform, the value of n_blcoks_count may be wrong during +the file system is resized to size larger than 2^32 blocks. This may +caused the superblock being corrupted with zero blocks count. + +Fixes: 1c6bd7173d66 +Signed-off-by: Jerry Lee +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/resize.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -1927,7 +1927,8 @@ retry: + n_desc_blocks = o_desc_blocks + + le16_to_cpu(es->s_reserved_gdt_blocks); + n_group = n_desc_blocks * EXT4_DESC_PER_BLOCK(sb); +- n_blocks_count = n_group * EXT4_BLOCKS_PER_GROUP(sb); ++ n_blocks_count = (ext4_fsblk_t)n_group * ++ EXT4_BLOCKS_PER_GROUP(sb); + n_group--; /* set to last group number */ + } + diff --git a/queue-4.12/ext4-fix-seek_hole-seek_data-for-blocksize-pagesize.patch b/queue-4.12/ext4-fix-seek_hole-seek_data-for-blocksize-pagesize.patch new file mode 100644 index 00000000000..7f754c548c1 --- /dev/null +++ b/queue-4.12/ext4-fix-seek_hole-seek_data-for-blocksize-pagesize.patch @@ -0,0 +1,51 @@ +From fcf5ea10992fbac3c7473a1db33d56a139333cd1 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Sat, 5 Aug 2017 17:43:24 -0400 +Subject: ext4: fix SEEK_HOLE/SEEK_DATA for blocksize < pagesize + +From: Jan Kara + +commit fcf5ea10992fbac3c7473a1db33d56a139333cd1 upstream. + +ext4_find_unwritten_pgoff() does not properly handle a situation when +starting index is in the middle of a page and blocksize < pagesize. The +following command shows the bug on filesystem with 1k blocksize: + + xfs_io -f -c "falloc 0 4k" \ + -c "pwrite 1k 1k" \ + -c "pwrite 3k 1k" \ + -c "seek -a -r 0" foo + +In this example, neither lseek(fd, 1024, SEEK_HOLE) nor lseek(fd, 2048, +SEEK_DATA) will return the correct result. + +Fix the problem by neglecting buffers in a page before starting offset. + +Reported-by: Andreas Gruenbacher +Signed-off-by: Theodore Ts'o +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/file.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/ext4/file.c ++++ b/fs/ext4/file.c +@@ -521,6 +521,8 @@ static int ext4_find_unwritten_pgoff(str + lastoff = page_offset(page); + bh = head = page_buffers(page); + do { ++ if (lastoff + bh->b_size <= startoff) ++ goto next; + if (buffer_uptodate(bh) || + buffer_unwritten(bh)) { + if (whence == SEEK_DATA) +@@ -535,6 +537,7 @@ static int ext4_find_unwritten_pgoff(str + unlock_page(page); + goto out; + } ++next: + lastoff += bh->b_size; + bh = bh->b_this_page; + } while (bh != head); diff --git a/queue-4.12/gpiolib-skip-unwanted-events-don-t-convert-them-to-opposite-edge.patch b/queue-4.12/gpiolib-skip-unwanted-events-don-t-convert-them-to-opposite-edge.patch new file mode 100644 index 00000000000..02e2539c18a --- /dev/null +++ b/queue-4.12/gpiolib-skip-unwanted-events-don-t-convert-them-to-opposite-edge.patch @@ -0,0 +1,56 @@ +From df1e76f28ffe87d1b065eecab2d0fbb89e6bdee5 Mon Sep 17 00:00:00 2001 +From: Bartosz Golaszewski +Date: Mon, 3 Jul 2017 11:12:03 +0200 +Subject: gpiolib: skip unwanted events, don't convert them to opposite edge + +From: Bartosz Golaszewski + +commit df1e76f28ffe87d1b065eecab2d0fbb89e6bdee5 upstream. + +The previous fix for filtering out of unwatched events was not entirely +correct. Instead of skipping the events we don't want, they are now +interpreted as events with opposing edge. + +In order to fix it: always read the GPIO line value on interrupt and +only emit the event if it corresponds with the event type we requested. + +Fixes: ad537b822577 ("gpiolib: fix filtering out unwanted events") +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpiolib.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -704,24 +704,23 @@ static irqreturn_t lineevent_irq_thread( + { + struct lineevent_state *le = p; + struct gpioevent_data ge; +- int ret; ++ int ret, level; + + ge.timestamp = ktime_get_real_ns(); ++ level = gpiod_get_value_cansleep(le->desc); + + if (le->eflags & GPIOEVENT_REQUEST_RISING_EDGE + && le->eflags & GPIOEVENT_REQUEST_FALLING_EDGE) { +- int level = gpiod_get_value_cansleep(le->desc); +- + if (level) + /* Emit low-to-high event */ + ge.id = GPIOEVENT_EVENT_RISING_EDGE; + else + /* Emit high-to-low event */ + ge.id = GPIOEVENT_EVENT_FALLING_EDGE; +- } else if (le->eflags & GPIOEVENT_REQUEST_RISING_EDGE) { ++ } else if (le->eflags & GPIOEVENT_REQUEST_RISING_EDGE && level) { + /* Emit low-to-high event */ + ge.id = GPIOEVENT_EVENT_RISING_EDGE; +- } else if (le->eflags & GPIOEVENT_REQUEST_FALLING_EDGE) { ++ } else if (le->eflags & GPIOEVENT_REQUEST_FALLING_EDGE && !level) { + /* Emit high-to-low event */ + ge.id = GPIOEVENT_EVENT_FALLING_EDGE; + } else { diff --git a/queue-4.12/iommu-amd-enable-ga_log_intr-when-enabling-guest_mode.patch b/queue-4.12/iommu-amd-enable-ga_log_intr-when-enabling-guest_mode.patch new file mode 100644 index 00000000000..988812c682f --- /dev/null +++ b/queue-4.12/iommu-amd-enable-ga_log_intr-when-enabling-guest_mode.patch @@ -0,0 +1,33 @@ +From efe6f241602cb61466895f6816b8ea6b90f04d4e Mon Sep 17 00:00:00 2001 +From: Suravee Suthikulpanit +Date: Wed, 5 Jul 2017 21:29:59 -0500 +Subject: iommu/amd: Enable ga_log_intr when enabling guest_mode + +From: Suravee Suthikulpanit + +commit efe6f241602cb61466895f6816b8ea6b90f04d4e upstream. + +IRTE[GALogIntr] bit should set when enabling guest_mode, which enables +IOMMU to generate entry in GALog when IRTE[IsRun] is not set, and send +an interrupt to notify IOMMU driver. + +Signed-off-by: Suravee Suthikulpanit +Cc: Joerg Roedel +Fixes: d98de49a53e48 ('iommu/amd: Enable vAPIC interrupt remapping mode by default') +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/amd_iommu.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/iommu/amd_iommu.c ++++ b/drivers/iommu/amd_iommu.c +@@ -4316,6 +4316,7 @@ static int amd_ir_set_vcpu_affinity(stru + /* Setting */ + irte->hi.fields.ga_root_ptr = (pi_data->base >> 12); + irte->hi.fields.vector = vcpu_pi_info->vector; ++ irte->lo.fields_vapic.ga_log_intr = 1; + irte->lo.fields_vapic.guest_mode = 1; + irte->lo.fields_vapic.ga_tag = pi_data->ga_tag; + diff --git a/queue-4.12/mips-ralink-fix-build-error-due-to-missing-header.patch b/queue-4.12/mips-ralink-fix-build-error-due-to-missing-header.patch new file mode 100644 index 00000000000..4d2fcd22377 --- /dev/null +++ b/queue-4.12/mips-ralink-fix-build-error-due-to-missing-header.patch @@ -0,0 +1,54 @@ +From e3ccf1d1dee5129beb839fe05c61eb134131bdd6 Mon Sep 17 00:00:00 2001 +From: Harvey Hunt +Date: Tue, 18 Jul 2017 14:25:45 +0100 +Subject: MIPS: ralink: Fix build error due to missing header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Harvey Hunt + +commit e3ccf1d1dee5129beb839fe05c61eb134131bdd6 upstream. + +Previously, was included before ralink_regs.h in all +ralink files - leading to being implicitly included. + +After commit 26dd3e4ff9ac ("MIPS: Audit and remove any unnecessary +uses of module.h") removed the inclusion of module.h from multiple +places, some ralink platforms failed to build with the following error: + +In file included from arch/mips/ralink/mt7620.c:17:0: +./arch/mips/include/asm/mach-ralink/ralink_regs.h: In function ‘rt_sysc_w32’: +./arch/mips/include/asm/mach-ralink/ralink_regs.h:38:2: error: implicit declaration of function ‘__raw_writel’ [-Werror=implicit-function-declaration] + __raw_writel(val, rt_sysc_membase + reg); + ^ +./arch/mips/include/asm/mach-ralink/ralink_regs.h: In function ‘rt_sysc_r32’: +./arch/mips/include/asm/mach-ralink/ralink_regs.h:43:2: error: implicit declaration of function ‘__raw_readl’ [-Werror=implicit-function-declaration] + return __raw_readl(rt_sysc_membase + reg); + +Fix this by including . + +Signed-off-by: Harvey Hunt +Fixes: 26dd3e4ff9ac ("MIPS: Audit and remove any unnecessary uses of module.h") +Cc: John Crispin +Cc: linux-mips@linux-mips.org +Cc: linux-kernel@vger.kernel.org +Patchwork: https://patchwork.linux-mips.org/patch/16780/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/mach-ralink/ralink_regs.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/mips/include/asm/mach-ralink/ralink_regs.h ++++ b/arch/mips/include/asm/mach-ralink/ralink_regs.h +@@ -13,6 +13,8 @@ + #ifndef _RALINK_REGS_H_ + #define _RALINK_REGS_H_ + ++#include ++ + enum ralink_soc_type { + RALINK_UNKNOWN = 0, + RT2880_SOC, diff --git a/queue-4.12/powerpc-64-fix-__check_irq_replay-missing-decrementer-interrupt.patch b/queue-4.12/powerpc-64-fix-__check_irq_replay-missing-decrementer-interrupt.patch new file mode 100644 index 00000000000..92a7042bd22 --- /dev/null +++ b/queue-4.12/powerpc-64-fix-__check_irq_replay-missing-decrementer-interrupt.patch @@ -0,0 +1,63 @@ +From 3db40c312c2c1eb2187c5731102fa8ff380e6e40 Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Tue, 1 Aug 2017 23:59:28 +1000 +Subject: powerpc/64: Fix __check_irq_replay missing decrementer interrupt + +From: Nicholas Piggin + +commit 3db40c312c2c1eb2187c5731102fa8ff380e6e40 upstream. + +If the decrementer wraps again and de-asserts the decrementer +exception while hard-disabled, __check_irq_replay() has a test to +notice the wrap when interrupts are re-enabled. + +The decrementer check must be done when clearing the PACA_IRQ_HARD_DIS +flag, not when the PACA_IRQ_DEC flag is tested. Previously this worked +because the decrementer interrupt was always the first one checked +after clearing the hard disable flag, but HMI check was moved ahead of +that, which introduced this bug. + +This can cause a missed decrementer interrupt if we soft-disable +interrupts then take an HMI which is recorded in irq_happened, then +hard-disable interrupts for > 4s to wrap the decrementer. + +Fixes: e0e0d6b7390b ("powerpc/64: Replay hypervisor maintenance interrupt first") +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/irq.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/irq.c ++++ b/arch/powerpc/kernel/irq.c +@@ -145,6 +145,19 @@ notrace unsigned int __check_irq_replay( + + /* Clear bit 0 which we wouldn't clear otherwise */ + local_paca->irq_happened &= ~PACA_IRQ_HARD_DIS; ++ if (happened & PACA_IRQ_HARD_DIS) { ++ /* ++ * We may have missed a decrementer interrupt if hard disabled. ++ * Check the decrementer register in case we had a rollover ++ * while hard disabled. ++ */ ++ if (!(happened & PACA_IRQ_DEC)) { ++ if (decrementer_check_overflow()) { ++ local_paca->irq_happened |= PACA_IRQ_DEC; ++ happened |= PACA_IRQ_DEC; ++ } ++ } ++ } + + /* + * Force the delivery of pending soft-disabled interrupts on PS3. +@@ -170,7 +183,7 @@ notrace unsigned int __check_irq_replay( + * in case we also had a rollover while hard disabled + */ + local_paca->irq_happened &= ~PACA_IRQ_DEC; +- if ((happened & PACA_IRQ_DEC) || decrementer_check_overflow()) ++ if (happened & PACA_IRQ_DEC) + return 0x900; + + /* Finally check if an external interrupt happened */ diff --git a/queue-4.12/powerpc-tm-fix-saving-of-tm-sprs-in-core-dump.patch b/queue-4.12/powerpc-tm-fix-saving-of-tm-sprs-in-core-dump.patch new file mode 100644 index 00000000000..4737b29f45a --- /dev/null +++ b/queue-4.12/powerpc-tm-fix-saving-of-tm-sprs-in-core-dump.patch @@ -0,0 +1,55 @@ +From cd63f3cf1d59b7ad8419eba1cac8f9126e79cc43 Mon Sep 17 00:00:00 2001 +From: Gustavo Romero +Date: Wed, 19 Jul 2017 01:44:13 -0400 +Subject: powerpc/tm: Fix saving of TM SPRs in core dump + +From: Gustavo Romero + +commit cd63f3cf1d59b7ad8419eba1cac8f9126e79cc43 upstream. + +Currently flush_tmregs_to_thread() does not save the TM SPRs (TFHAR, +TFIAR, TEXASR) to the thread struct, unless the process is currently +inside a suspended transaction. + +If the process is core dumping, and the TM SPRs have changed since the +last time the process was context switched, then we will save stale +values of the TM SPRs to the core dump. + +Fix it by saving the live register state to the thread struct in that +case. + +Fixes: 08e1c01d6aed ("powerpc/ptrace: Enable support for TM SPR state") +Signed-off-by: Gustavo Romero +Reviewed-by: Cyril Bur +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/ptrace.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -127,12 +127,19 @@ static void flush_tmregs_to_thread(struc + * If task is not current, it will have been flushed already to + * it's thread_struct during __switch_to(). + * +- * A reclaim flushes ALL the state. ++ * A reclaim flushes ALL the state or if not in TM save TM SPRs ++ * in the appropriate thread structures from live. + */ + +- if (tsk == current && MSR_TM_SUSPENDED(mfmsr())) +- tm_reclaim_current(TM_CAUSE_SIGNAL); ++ if (tsk != current) ++ return; + ++ if (MSR_TM_SUSPENDED(mfmsr())) { ++ tm_reclaim_current(TM_CAUSE_SIGNAL); ++ } else { ++ tm_enable(); ++ tm_save_sprs(&(tsk->thread)); ++ } + } + #else + static inline void flush_tmregs_to_thread(struct task_struct *tsk) { } diff --git a/queue-4.12/series b/queue-4.12/series index dc62e25124d..502ee6f7e19 100644 --- a/queue-4.12/series +++ b/queue-4.12/series @@ -29,3 +29,16 @@ asoc-ux500-restore-platform-dai-assignments.patch asoc-do-not-close-shared-backend-dailink.patch kvm-arm-arm64-handle-hva-aging-while-destroying-the-vm.patch kvm-async_pf-make-rcu-irq-exit-if-not-triggered-from-idle-task.patch +timers-fix-overflow-in-get_next_timer_interrupt.patch +powerpc-tm-fix-saving-of-tm-sprs-in-core-dump.patch +powerpc-64-fix-__check_irq_replay-missing-decrementer-interrupt.patch +iommu-amd-enable-ga_log_intr-when-enabling-guest_mode.patch +arm64-dts-marvell-armada-37xx-fix-the-number-of-gpio-on-south-bridge.patch +gpiolib-skip-unwanted-events-don-t-convert-them-to-opposite-edge.patch +ext4-fix-seek_hole-seek_data-for-blocksize-pagesize.patch +ext4-fix-overflow-caused-by-missing-cast-in-ext4_resize_fs.patch +mips-ralink-fix-build-error-due-to-missing-header.patch +clk-sunxi-ng-sun5i-add-clk_set_rate_parent-to-the-cpu-clock.patch +arm-mvebu-use-__pa_symbol-in-the-mv98dx3236-platform-smp-code.patch +arm-dts-armada-38x-fix-irq-type-for-pca955.patch +arm-dts-tango4-request-rgmii-rx-and-tx-clock-delays.patch diff --git a/queue-4.12/timers-fix-overflow-in-get_next_timer_interrupt.patch b/queue-4.12/timers-fix-overflow-in-get_next_timer_interrupt.patch new file mode 100644 index 00000000000..6727aa23b74 --- /dev/null +++ b/queue-4.12/timers-fix-overflow-in-get_next_timer_interrupt.patch @@ -0,0 +1,39 @@ +From 34f41c0316ed52b0b44542491d89278efdaa70e4 Mon Sep 17 00:00:00 2001 +From: Matija Glavinic Pecotic +Date: Tue, 1 Aug 2017 09:11:52 +0200 +Subject: timers: Fix overflow in get_next_timer_interrupt + +From: Matija Glavinic Pecotic + +commit 34f41c0316ed52b0b44542491d89278efdaa70e4 upstream. + +For e.g. HZ=100, timer being 430 jiffies in the future, and 32 bit +unsigned int, there is an overflow on unsigned int right-hand side +of the expression which results with wrong values being returned. + +Type cast the multiplier to 64bit to avoid that issue. + +Fixes: 46c8f0b077a8 ("timers: Fix get_next_timer_interrupt() computation") +Signed-off-by: Matija Glavinic Pecotic +Signed-off-by: Thomas Gleixner +Reviewed-by: Alexander Sverdlin +Cc: khilman@baylibre.com +Cc: akpm@linux-foundation.org +Link: http://lkml.kernel.org/r/a7900f04-2a21-c9fd-67be-ab334d459ee5@nokia.com +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/time/timer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -1495,7 +1495,7 @@ u64 get_next_timer_interrupt(unsigned lo + base->is_idle = false; + } else { + if (!is_max_delta) +- expires = basem + (nextevt - basej) * TICK_NSEC; ++ expires = basem + (u64)(nextevt - basej) * TICK_NSEC; + /* + * If we expect to sleep more than a tick, mark the base idle: + */