From: Greg Kroah-Hartman Date: Thu, 18 Aug 2016 08:26:07 +0000 (+0200) Subject: 3.14-stable patches X-Git-Tag: v3.14.77~39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a8d24d7890a6c19a9943fbda88c5fa984a8702d8;p=thirdparty%2Fkernel%2Fstable-queue.git 3.14-stable patches added patches: gpio-intel-mid-remove-potentially-harmful-code.patch gpio-pca953x-fix-nbank-calculation-for-pca9536.patch kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch --- diff --git a/queue-3.14/gpio-intel-mid-remove-potentially-harmful-code.patch b/queue-3.14/gpio-intel-mid-remove-potentially-harmful-code.patch new file mode 100644 index 00000000000..456793f0bd4 --- /dev/null +++ b/queue-3.14/gpio-intel-mid-remove-potentially-harmful-code.patch @@ -0,0 +1,87 @@ +From 3dbd3212f81b2b410a34a922055e2da792864829 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Wed, 6 Jul 2016 12:50:12 +0300 +Subject: gpio: intel-mid: Remove potentially harmful code + +From: Andy Shevchenko + +commit 3dbd3212f81b2b410a34a922055e2da792864829 upstream. + +The commit d56d6b3d7d69 ("gpio: langwell: add Intel Merrifield support") +doesn't look at all as a proper support for Intel Merrifield and I dare to say +that it distorts the behaviour of the hardware. + +The register map is different on Intel Merrifield, i.e. only 6 out of 8 +register have the same purpose but none of them has same location in the +address space. The current case potentially harmful to existing hardware since +it's poking registers on wrong offsets and may set some pin to be GPIO output +when connected hardware doesn't expect such. + +Besides the above GPIO and pinctrl on Intel Merrifield have been located in +different IP blocks. The functionality has been extended as well, i.e. added +support of level interrupts, special registers for wake capable sources and +thus, in my opinion, requires a completele separate driver. + +If someone wondering the existing gpio-intel-mid.c would be converted to actual +pinctrl (which by the fact it is now), though I wouldn't be a volunteer to do +that. + +Fixes: d56d6b3d7d69 ("gpio: langwell: add Intel Merrifield support") +Signed-off-by: Andy Shevchenko +Reviewed-by: Mika Westerberg +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-intel-mid.c | 19 ------------------- + 1 file changed, 19 deletions(-) + +--- a/drivers/gpio/gpio-intel-mid.c ++++ b/drivers/gpio/gpio-intel-mid.c +@@ -21,7 +21,6 @@ + * Moorestown platform Langwell chip. + * Medfield platform Penwell chip. + * Clovertrail platform Cloverview chip. +- * Merrifield platform Tangier chip. + */ + + #include +@@ -70,10 +69,6 @@ enum GPIO_REG { + /* intel_mid gpio driver data */ + struct intel_mid_gpio_ddata { + u16 ngpio; /* number of gpio pins */ +- u32 gplr_offset; /* offset of first GPLR register from base */ +- u32 flis_base; /* base address of FLIS registers */ +- u32 flis_len; /* length of FLIS registers */ +- u32 (*get_flis_offset)(int gpio); + u32 chip_irq_type; /* chip interrupt type */ + }; + +@@ -288,15 +283,6 @@ static const struct intel_mid_gpio_ddata + .chip_irq_type = INTEL_MID_IRQ_TYPE_EDGE, + }; + +-static const struct intel_mid_gpio_ddata gpio_tangier = { +- .ngpio = 192, +- .gplr_offset = 4, +- .flis_base = 0xff0c0000, +- .flis_len = 0x8000, +- .get_flis_offset = NULL, +- .chip_irq_type = INTEL_MID_IRQ_TYPE_EDGE, +-}; +- + static const struct pci_device_id intel_gpio_ids[] = { + { + /* Lincroft */ +@@ -323,11 +309,6 @@ static const struct pci_device_id intel_ + PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x08f7), + .driver_data = (kernel_ulong_t)&gpio_cloverview_core, + }, +- { +- /* Tangier */ +- PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x1199), +- .driver_data = (kernel_ulong_t)&gpio_tangier, +- }, + { 0 } + }; + MODULE_DEVICE_TABLE(pci, intel_gpio_ids); diff --git a/queue-3.14/gpio-pca953x-fix-nbank-calculation-for-pca9536.patch b/queue-3.14/gpio-pca953x-fix-nbank-calculation-for-pca9536.patch new file mode 100644 index 00000000000..92ea8ff9c3c --- /dev/null +++ b/queue-3.14/gpio-pca953x-fix-nbank-calculation-for-pca9536.patch @@ -0,0 +1,34 @@ +From a246b8198f776a16d1d3a3bbfc2d437bad766b29 Mon Sep 17 00:00:00 2001 +From: Vignesh R +Date: Thu, 9 Jun 2016 11:02:04 +0530 +Subject: gpio: pca953x: Fix NBANK calculation for PCA9536 + +From: Vignesh R + +commit a246b8198f776a16d1d3a3bbfc2d437bad766b29 upstream. + +NBANK() macro assumes that ngpios is a multiple of 8(BANK_SZ) and +hence results in 0 banks for PCA9536 which has just 4 gpios. This is +wrong as PCA9356 has 1 bank with 4 gpios. This results in uninitialized +PCA953X_INVERT register. Fix this by using DIV_ROUND_UP macro in +NBANK(). + +Signed-off-by: Vignesh R +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-pca953x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpio/gpio-pca953x.c ++++ b/drivers/gpio/gpio-pca953x.c +@@ -75,7 +75,7 @@ MODULE_DEVICE_TABLE(i2c, pca953x_id); + #define MAX_BANK 5 + #define BANK_SZ 8 + +-#define NBANK(chip) (chip->gpio_chip.ngpio / BANK_SZ) ++#define NBANK(chip) DIV_ROUND_UP(chip->gpio_chip.ngpio, BANK_SZ) + + struct pca953x_chip { + unsigned gpio_start; diff --git a/queue-3.14/kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch b/queue-3.14/kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch new file mode 100644 index 00000000000..14c975554fa --- /dev/null +++ b/queue-3.14/kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch @@ -0,0 +1,69 @@ +From 93d17397e4e2182fdaad503e2f9da46202c0f1c3 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Wed, 22 Jun 2016 15:52:55 +1000 +Subject: KVM: PPC: Book3S HV: Save/restore TM state in H_CEDE + +From: Paul Mackerras + +commit 93d17397e4e2182fdaad503e2f9da46202c0f1c3 upstream. + +It turns out that if the guest does a H_CEDE while the CPU is in +a transactional state, and the H_CEDE does a nap, and the nap +loses the architected state of the CPU (which is is allowed to do), +then we lose the checkpointed state of the virtual CPU. In addition, +the transactional-memory state recorded in the MSR gets reset back +to non-transactional, and when we try to return to the guest, we take +a TM bad thing type of program interrupt because we are trying to +transition from non-transactional to transactional with a hrfid +instruction, which is not permitted. + +The result of the program interrupt occurring at that point is that +the host CPU will hang in an infinite loop with interrupts disabled. +Thus this is a denial of service vulnerability in the host which can +be triggered by any guest (and depending on the guest kernel, it can +potentially triggered by unprivileged userspace in the guest). + +This vulnerability has been assigned the ID CVE-2016-5412. + +To fix this, we save the TM state before napping and restore it +on exit from the nap, when handling a H_CEDE in real mode. The +case where H_CEDE exits to host virtual mode is already OK (as are +other hcalls which exit to host virtual mode) because the exit +path saves the TM state. + +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/book3s_hv_rmhandlers.S | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S ++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S +@@ -1901,6 +1901,13 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_206) + /* save FP state */ + bl kvmppc_save_fp + ++#ifdef CONFIG_PPC_TRANSACTIONAL_MEM ++BEGIN_FTR_SECTION ++ ld r9, HSTATE_KVM_VCPU(r13) ++ bl kvmppc_save_tm ++END_FTR_SECTION_IFSET(CPU_FTR_TM) ++#endif ++ + /* + * Take a nap until a decrementer or external or doobell interrupt + * occurs, with PECE1, PECE0 and PECEDP set in LPCR +@@ -1935,6 +1942,12 @@ kvm_end_cede: + /* Woken by external or decrementer interrupt */ + ld r1, HSTATE_HOST_R1(r13) + ++#ifdef CONFIG_PPC_TRANSACTIONAL_MEM ++BEGIN_FTR_SECTION ++ bl kvmppc_restore_tm ++END_FTR_SECTION_IFSET(CPU_FTR_TM) ++#endif ++ + /* load up FP state */ + bl kvmppc_load_fp + diff --git a/queue-3.14/series b/queue-3.14/series index abbd0f41384..fd2bcddc65c 100644 --- a/queue-3.14/series +++ b/queue-3.14/series @@ -1,3 +1,6 @@ tcp_acks_speedup.patch usb-renesas_usbhs-protect-the-cfifosel-setting-in-usbhsg_ep_enable.patch usb-serial-option-add-support-for-telit-le910-pid-0x1206.patch +gpio-pca953x-fix-nbank-calculation-for-pca9536.patch +gpio-intel-mid-remove-potentially-harmful-code.patch +kvm-ppc-book3s-hv-save-restore-tm-state-in-h_cede.patch