From: Sasha Levin Date: Fri, 23 Nov 2018 12:45:51 +0000 (-0500) Subject: AUTOSEL patches for 4.14 X-Git-Tag: v3.18.127~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab2e0e24d08b8809601759cf9ad8e56fe3e354d1;p=thirdparty%2Fkernel%2Fstable-queue.git AUTOSEL patches for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/apparmor-fix-uninitialized-value-in-aa_split_fqname.patch b/queue-4.14/apparmor-fix-uninitialized-value-in-aa_split_fqname.patch new file mode 100644 index 00000000000..1f3cbcfae62 --- /dev/null +++ b/queue-4.14/apparmor-fix-uninitialized-value-in-aa_split_fqname.patch @@ -0,0 +1,73 @@ +From fd6f3239f2b58158a835018738afb12f18ed1dbb Mon Sep 17 00:00:00 2001 +From: Zubin Mithra +Date: Thu, 27 Sep 2018 14:49:17 -0700 +Subject: apparmor: Fix uninitialized value in aa_split_fqname + +[ Upstream commit 250f2da49cb8e582215a65c03f50e8ddf5cd119c ] + +Syzkaller reported a OOB-read with the stacktrace below. This occurs +inside __aa_lookupn_ns as `n` is not initialized. `n` is obtained from +aa_splitn_fqname. In cases where `name` is invalid, aa_splitn_fqname +returns without initializing `ns_name` and `ns_len`. + +Fix this by always initializing `ns_name` and `ns_len`. + + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113 + print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256 + kasan_report_error mm/kasan/report.c:354 [inline] + kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412 + __asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:430 + memcmp+0xe3/0x160 lib/string.c:861 + strnstr+0x4b/0x70 lib/string.c:934 + __aa_lookupn_ns+0xc1/0x570 security/apparmor/policy_ns.c:209 + aa_lookupn_ns+0x88/0x1e0 security/apparmor/policy_ns.c:240 + aa_fqlookupn_profile+0x1b9/0x1010 security/apparmor/policy.c:468 + fqlookupn_profile+0x80/0xc0 security/apparmor/label.c:1844 + aa_label_strn_parse+0xa3a/0x1230 security/apparmor/label.c:1908 + aa_label_parse+0x42/0x50 security/apparmor/label.c:1943 + aa_change_profile+0x513/0x3510 security/apparmor/domain.c:1362 + apparmor_setprocattr+0xaa4/0x1150 security/apparmor/lsm.c:658 + security_setprocattr+0x66/0xc0 security/security.c:1298 + proc_pid_attr_write+0x301/0x540 fs/proc/base.c:2555 + __vfs_write+0x119/0x9f0 fs/read_write.c:485 + vfs_write+0x1fc/0x560 fs/read_write.c:549 + ksys_write+0x101/0x260 fs/read_write.c:598 + __do_sys_write fs/read_write.c:610 [inline] + __se_sys_write fs/read_write.c:607 [inline] + __x64_sys_write+0x73/0xb0 fs/read_write.c:607 + do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + +Fixes: 3b0aaf5866bf ("apparmor: add lib fn to find the "split" for fqnames") +Reported-by: syzbot+61e4b490d9d2da591b50@syzkaller.appspotmail.com +Signed-off-by: Zubin Mithra +Reviewed-by: Kees Cook +Signed-off-by: John Johansen +Signed-off-by: Sasha Levin +--- + security/apparmor/lib.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c +index 08ca26bcca77..451654372a76 100644 +--- a/security/apparmor/lib.c ++++ b/security/apparmor/lib.c +@@ -90,10 +90,12 @@ const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name, + const char *end = fqname + n; + const char *name = skipn_spaces(fqname, n); + +- if (!name) +- return NULL; + *ns_name = NULL; + *ns_len = 0; ++ ++ if (!name) ++ return NULL; ++ + if (name[0] == ':') { + char *split = strnchr(&name[1], end - &name[1], ':'); + *ns_name = skipn_spaces(&name[1], end - &name[1]); +-- +2.17.1 + diff --git a/queue-4.14/arm64-kprobe-make-page-to-ro-mode-when-allocate-it.patch b/queue-4.14/arm64-kprobe-make-page-to-ro-mode-when-allocate-it.patch new file mode 100644 index 00000000000..32b4a740086 --- /dev/null +++ b/queue-4.14/arm64-kprobe-make-page-to-ro-mode-when-allocate-it.patch @@ -0,0 +1,123 @@ +From 8beb81ac6d60bee277318313d3e12f7e6d7264bc Mon Sep 17 00:00:00 2001 +From: Anders Roxell +Date: Tue, 30 Oct 2018 12:38:50 +0100 +Subject: arm64: kprobe: make page to RO mode when allocate it + +[ Upstream commit 966866892cf89d606544bca22d584ba2ef9ec208 ] + +Commit 1404d6f13e47 ("arm64: dump: Add checking for writable and exectuable pages") +has successfully identified code that leaves a page with W+X +permissions. + +[ 3.245140] arm64/mm: Found insecure W+X mapping at address (____ptrval____)/0xffff000000d90000 +[ 3.245771] WARNING: CPU: 0 PID: 1 at ../arch/arm64/mm/dump.c:232 note_page+0x410/0x420 +[ 3.246141] Modules linked in: +[ 3.246653] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.19.0-rc5-next-20180928-00001-ge70ae259b853-dirty #62 +[ 3.247008] Hardware name: linux,dummy-virt (DT) +[ 3.247347] pstate: 80000005 (Nzcv daif -PAN -UAO) +[ 3.247623] pc : note_page+0x410/0x420 +[ 3.247898] lr : note_page+0x410/0x420 +[ 3.248071] sp : ffff00000804bcd0 +[ 3.248254] x29: ffff00000804bcd0 x28: ffff000009274000 +[ 3.248578] x27: ffff00000921a000 x26: ffff80007dfff000 +[ 3.248845] x25: ffff0000093f5000 x24: ffff000009526f6a +[ 3.249109] x23: 0000000000000004 x22: ffff000000d91000 +[ 3.249396] x21: ffff000000d90000 x20: 0000000000000000 +[ 3.249661] x19: ffff00000804bde8 x18: 0000000000000400 +[ 3.249924] x17: 0000000000000000 x16: 0000000000000000 +[ 3.250271] x15: ffffffffffffffff x14: 295f5f5f5f6c6176 +[ 3.250594] x13: 7274705f5f5f5f28 x12: 2073736572646461 +[ 3.250941] x11: 20746120676e6970 x10: 70616d20582b5720 +[ 3.251252] x9 : 6572756365736e69 x8 : 3039643030303030 +[ 3.251519] x7 : 306666666678302f x6 : ffff0000095467b2 +[ 3.251802] x5 : 0000000000000000 x4 : 0000000000000000 +[ 3.252060] x3 : 0000000000000000 x2 : ffffffffffffffff +[ 3.252323] x1 : 4d151327adc50b00 x0 : 0000000000000000 +[ 3.252664] Call trace: +[ 3.252953] note_page+0x410/0x420 +[ 3.253186] walk_pgd+0x12c/0x238 +[ 3.253417] ptdump_check_wx+0x68/0xf8 +[ 3.253637] mark_rodata_ro+0x68/0x98 +[ 3.253847] kernel_init+0x38/0x160 +[ 3.254103] ret_from_fork+0x10/0x18 + +kprobes allocates a writable executable page with module_alloc() in +order to store executable code. +Reworked to that when allocate a page it sets mode RO. Inspired by +commit 63fef14fc98a ("kprobes/x86: Make insn buffer always ROX and use text_poke()"). + +Suggested-by: Arnd Bergmann +Suggested-by: Ard Biesheuvel +Acked-by: Will Deacon +Acked-by: Masami Hiramatsu +Reviewed-by: Laura Abbott +Signed-off-by: Anders Roxell +[catalin.marinas@arm.com: removed unnecessary casts] +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/probes/kprobes.c | 27 ++++++++++++++++++++------- + 1 file changed, 20 insertions(+), 7 deletions(-) + +diff --git a/arch/arm64/kernel/probes/kprobes.c b/arch/arm64/kernel/probes/kprobes.c +index 22a5921562c7..0417c929d21a 100644 +--- a/arch/arm64/kernel/probes/kprobes.c ++++ b/arch/arm64/kernel/probes/kprobes.c +@@ -23,7 +23,9 @@ + #include + #include + #include ++#include + #include ++#include + #include + #include + #include +@@ -42,10 +44,21 @@ DEFINE_PER_CPU(struct kprobe_ctlblk, kprobe_ctlblk); + static void __kprobes + post_kprobe_handler(struct kprobe_ctlblk *, struct pt_regs *); + ++static int __kprobes patch_text(kprobe_opcode_t *addr, u32 opcode) ++{ ++ void *addrs[1]; ++ u32 insns[1]; ++ ++ addrs[0] = addr; ++ insns[0] = opcode; ++ ++ return aarch64_insn_patch_text(addrs, insns, 1); ++} ++ + static void __kprobes arch_prepare_ss_slot(struct kprobe *p) + { + /* prepare insn slot */ +- p->ainsn.api.insn[0] = cpu_to_le32(p->opcode); ++ patch_text(p->ainsn.api.insn, p->opcode); + + flush_icache_range((uintptr_t) (p->ainsn.api.insn), + (uintptr_t) (p->ainsn.api.insn) + +@@ -118,15 +131,15 @@ int __kprobes arch_prepare_kprobe(struct kprobe *p) + return 0; + } + +-static int __kprobes patch_text(kprobe_opcode_t *addr, u32 opcode) ++void *alloc_insn_page(void) + { +- void *addrs[1]; +- u32 insns[1]; ++ void *page; + +- addrs[0] = (void *)addr; +- insns[0] = (u32)opcode; ++ page = vmalloc_exec(PAGE_SIZE); ++ if (page) ++ set_memory_ro((unsigned long)page, 1); + +- return aarch64_insn_patch_text(addrs, insns, 1); ++ return page; + } + + /* arm kprobe: install breakpoint in text */ +-- +2.17.1 + diff --git a/queue-4.14/arm64-percpu-initialize-ret-in-the-default-case.patch b/queue-4.14/arm64-percpu-initialize-ret-in-the-default-case.patch new file mode 100644 index 00000000000..17d817ab32d --- /dev/null +++ b/queue-4.14/arm64-percpu-initialize-ret-in-the-default-case.patch @@ -0,0 +1,70 @@ +From 68595030b378ed258831c9d8934ddd30d2b41bc3 Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Tue, 25 Sep 2018 12:44:59 -0700 +Subject: arm64: percpu: Initialize ret in the default case + +[ Upstream commit b5bb425871186303e6936fa2581521bdd1964a58 ] + +Clang warns that if the default case is taken, ret will be +uninitialized. + +./arch/arm64/include/asm/percpu.h:196:2: warning: variable 'ret' is used +uninitialized whenever switch default is taken +[-Wsometimes-uninitialized] + default: + ^~~~~~~ +./arch/arm64/include/asm/percpu.h:200:9: note: uninitialized use occurs +here + return ret; + ^~~ +./arch/arm64/include/asm/percpu.h:157:19: note: initialize the variable +'ret' to silence this warning + unsigned long ret, loop; + ^ + = 0 + +This warning appears several times while building the erofs filesystem. +While it's not strictly wrong, the BUILD_BUG will prevent this from +becoming a true problem. Initialize ret to 0 in the default case right +before the BUILD_BUG to silence all of these warnings. + +Reported-by: Prasad Sodagudi +Signed-off-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Signed-off-by: Dennis Zhou +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/percpu.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arch/arm64/include/asm/percpu.h b/arch/arm64/include/asm/percpu.h +index 43393208229e..d79eaa816f29 100644 +--- a/arch/arm64/include/asm/percpu.h ++++ b/arch/arm64/include/asm/percpu.h +@@ -93,6 +93,7 @@ static inline unsigned long __percpu_##op(void *ptr, \ + : [val] "Ir" (val)); \ + break; \ + default: \ ++ ret = 0; \ + BUILD_BUG(); \ + } \ + \ +@@ -122,6 +123,7 @@ static inline unsigned long __percpu_read(void *ptr, int size) + ret = READ_ONCE(*(u64 *)ptr); + break; + default: ++ ret = 0; + BUILD_BUG(); + } + +@@ -191,6 +193,7 @@ static inline unsigned long __percpu_xchg(void *ptr, unsigned long val, + : [val] "r" (val)); + break; + default: ++ ret = 0; + BUILD_BUG(); + } + +-- +2.17.1 + diff --git a/queue-4.14/cifs-don-t-dereference-smb_file_target-before-null-c.patch b/queue-4.14/cifs-don-t-dereference-smb_file_target-before-null-c.patch new file mode 100644 index 00000000000..fb1726fc158 --- /dev/null +++ b/queue-4.14/cifs-don-t-dereference-smb_file_target-before-null-c.patch @@ -0,0 +1,54 @@ +From c570c04deff784ff99aa0358d1d8ce6be4c44120 Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Thu, 1 Nov 2018 13:14:30 +0000 +Subject: cifs: don't dereference smb_file_target before null check + +[ Upstream commit 8c6c9bed8773375b1d54ccca2911ec892c59db5d ] + +There is a null check on dst_file->private data which suggests +it can be potentially null. However, before this check, pointer +smb_file_target is derived from dst_file->private and dereferenced +in the call to tlink_tcon, hence there is a potential null pointer +deference. + +Fix this by assigning smb_file_target and target_tcon after the +null pointer sanity checks. + +Detected by CoverityScan, CID#1475302 ("Dereference before null check") + +Fixes: 04b38d601239 ("vfs: pull btrfs clone API to vfs layer") +Signed-off-by: Colin Ian King +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/cifsfs.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c +index 44a7b2dea688..c5fd5abf7206 100644 +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -933,8 +933,8 @@ static int cifs_clone_file_range(struct file *src_file, loff_t off, + struct inode *src_inode = file_inode(src_file); + struct inode *target_inode = file_inode(dst_file); + struct cifsFileInfo *smb_file_src = src_file->private_data; +- struct cifsFileInfo *smb_file_target = dst_file->private_data; +- struct cifs_tcon *target_tcon = tlink_tcon(smb_file_target->tlink); ++ struct cifsFileInfo *smb_file_target; ++ struct cifs_tcon *target_tcon; + unsigned int xid; + int rc; + +@@ -948,6 +948,9 @@ static int cifs_clone_file_range(struct file *src_file, loff_t off, + goto out; + } + ++ smb_file_target = dst_file->private_data; ++ target_tcon = tlink_tcon(smb_file_target->tlink); ++ + /* + * Note: cifs case is easier than btrfs since server responsible for + * checks for proper open modes and file type and if it wants +-- +2.17.1 + diff --git a/queue-4.14/cifs-fix-return-value-for-cifs_listxattr.patch b/queue-4.14/cifs-fix-return-value-for-cifs_listxattr.patch new file mode 100644 index 00000000000..2493ca77ae8 --- /dev/null +++ b/queue-4.14/cifs-fix-return-value-for-cifs_listxattr.patch @@ -0,0 +1,63 @@ +From 737a94e1fbee03ed501011ecdcfdff7e581bb8ef Mon Sep 17 00:00:00 2001 +From: Ronnie Sahlberg +Date: Thu, 25 Oct 2018 15:43:36 +1000 +Subject: cifs: fix return value for cifs_listxattr + +[ Upstream commit 0c5d6cb6643f48ad3775322f3ebab6c7eb67484e ] + +If the application buffer was too small to fit all the names +we would still count the number of bytes and return this for +listxattr. This would then trigger a BUG in usercopy.c + +Fix the computation of the size so that we return -ERANGE +correctly when the buffer is too small. + +This fixes the kernel BUG for xfstest generic/377 + +Signed-off-by: Ronnie Sahlberg +Signed-off-by: Steve French +Reviewed-by: Aurelien Aptel +Signed-off-by: Sasha Levin +--- + fs/cifs/smb2ops.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c +index 4e5b05263e4a..3372eedaa94d 100644 +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -441,6 +441,7 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size, + int rc = 0; + unsigned int ea_name_len = ea_name ? strlen(ea_name) : 0; + char *name, *value; ++ size_t buf_size = dst_size; + size_t name_len, value_len, user_name_len; + + while (src_size > 0) { +@@ -476,9 +477,10 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size, + /* 'user.' plus a terminating null */ + user_name_len = 5 + 1 + name_len; + +- rc += user_name_len; +- +- if (dst_size >= user_name_len) { ++ if (buf_size == 0) { ++ /* skip copy - calc size only */ ++ rc += user_name_len; ++ } else if (dst_size >= user_name_len) { + dst_size -= user_name_len; + memcpy(dst, "user.", 5); + dst += 5; +@@ -486,8 +488,7 @@ move_smb2_ea_to_cifs(char *dst, size_t dst_size, + dst += name_len; + *dst = 0; + ++dst; +- } else if (dst_size == 0) { +- /* skip copy - calc size only */ ++ rc += user_name_len; + } else { + /* stop before overrun buffer */ + rc = -ERANGE; +-- +2.17.1 + diff --git a/queue-4.14/clk-fixed-factor-fix-of_node_get-put-imbalance.patch b/queue-4.14/clk-fixed-factor-fix-of_node_get-put-imbalance.patch new file mode 100644 index 00000000000..3824692219e --- /dev/null +++ b/queue-4.14/clk-fixed-factor-fix-of_node_get-put-imbalance.patch @@ -0,0 +1,36 @@ +From 6722653bf5e8e18a0c9d476b7822ddcde49f2015 Mon Sep 17 00:00:00 2001 +From: Ricardo Ribalda Delgado +Date: Thu, 1 Nov 2018 14:15:49 +0100 +Subject: clk: fixed-factor: fix of_node_get-put imbalance + +[ Upstream commit f98e8a572bddbf27032114127d2fcc78fa5e6a9d ] + +When the fixed factor clock is created by devicetree, +of_clk_add_provider is called. Add a call to +of_clk_del_provider in the remove function to balance +it out. + +Reported-by: Alan Tull +Fixes: 971451b3b15d ("clk: fixed-factor: Convert into a module platform driver") +Signed-off-by: Ricardo Ribalda Delgado +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/clk-fixed-factor.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/clk/clk-fixed-factor.c b/drivers/clk/clk-fixed-factor.c +index 20724abd38bd..7df6b5b1e7ee 100644 +--- a/drivers/clk/clk-fixed-factor.c ++++ b/drivers/clk/clk-fixed-factor.c +@@ -210,6 +210,7 @@ static int of_fixed_factor_clk_remove(struct platform_device *pdev) + { + struct clk *clk = platform_get_drvdata(pdev); + ++ of_clk_del_provider(pdev->dev.of_node); + clk_unregister_fixed_factor(clk); + + return 0; +-- +2.17.1 + diff --git a/queue-4.14/clk-fixed-rate-fix-of_node_get-put-imbalance.patch b/queue-4.14/clk-fixed-rate-fix-of_node_get-put-imbalance.patch new file mode 100644 index 00000000000..8daf7fc688e --- /dev/null +++ b/queue-4.14/clk-fixed-rate-fix-of_node_get-put-imbalance.patch @@ -0,0 +1,35 @@ +From a08e39e77ce465f9ee9cb295acb18cbeb366fb4b Mon Sep 17 00:00:00 2001 +From: Alan Tull +Date: Thu, 18 Oct 2018 14:54:11 -0500 +Subject: clk: fixed-rate: fix of_node_get-put imbalance + +[ Upstream commit 52091c256bdcad0d01e2852a63f19cd2cce6af96 ] + +When the fixed rate clock is created by devicetree, +of_clk_add_provider is called. Add a call to +of_clk_del_provider in the remove function to balance +it out. + +Signed-off-by: Alan Tull +Fixes: 435779fe1336 ("clk: fixed-rate: Convert into a module platform driver") +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/clk-fixed-rate.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/clk/clk-fixed-rate.c b/drivers/clk/clk-fixed-rate.c +index b5c46b3f8764..6d6475c32ee5 100644 +--- a/drivers/clk/clk-fixed-rate.c ++++ b/drivers/clk/clk-fixed-rate.c +@@ -200,6 +200,7 @@ static int of_fixed_clk_remove(struct platform_device *pdev) + { + struct clk *clk = platform_get_drvdata(pdev); + ++ of_clk_del_provider(pdev->dev.of_node); + clk_unregister_fixed_rate(clk); + + return 0; +-- +2.17.1 + diff --git a/queue-4.14/clk-samsung-exynos5420-enable-peris-clocks-for-suspe.patch b/queue-4.14/clk-samsung-exynos5420-enable-peris-clocks-for-suspe.patch new file mode 100644 index 00000000000..4fb86e81792 --- /dev/null +++ b/queue-4.14/clk-samsung-exynos5420-enable-peris-clocks-for-suspe.patch @@ -0,0 +1,34 @@ +From a0176c8d02d6ff3537c607c328d8ce5d9a8693ff Mon Sep 17 00:00:00 2001 +From: Marek Szyprowski +Date: Mon, 24 Sep 2018 13:01:20 +0200 +Subject: clk: samsung: exynos5420: Enable PERIS clocks for suspend + +[ Upstream commit b33228029d842269e17bba591609e83ed422005d ] + +Ensure that clocks for core SoC modules (including TZPC0..9 modules) +are enabled for suspend/resume cycle. This fixes suspend/resume +support on Exynos5422-based Odroid XU3/XU4 boards. + +Suggested-by: Joonyoung Shim +Signed-off-by: Marek Szyprowski +Signed-off-by: Sylwester Nawrocki +Signed-off-by: Sasha Levin +--- + drivers/clk/samsung/clk-exynos5420.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/clk/samsung/clk-exynos5420.c b/drivers/clk/samsung/clk-exynos5420.c +index 25601967d1cd..500a55415e90 100644 +--- a/drivers/clk/samsung/clk-exynos5420.c ++++ b/drivers/clk/samsung/clk-exynos5420.c +@@ -280,6 +280,7 @@ static const struct samsung_clk_reg_dump exynos5420_set_clksrc[] = { + { .offset = GATE_BUS_TOP, .value = 0xffffffff, }, + { .offset = GATE_BUS_DISP1, .value = 0xffffffff, }, + { .offset = GATE_IP_PERIC, .value = 0xffffffff, }, ++ { .offset = GATE_IP_PERIS, .value = 0xffffffff, }, + }; + + static int exynos5420_clk_suspend(void) +-- +2.17.1 + diff --git a/queue-4.14/drm-edid-add-6-bpc-quirk-for-boe-panel.patch b/queue-4.14/drm-edid-add-6-bpc-quirk-for-boe-panel.patch new file mode 100644 index 00000000000..ac79c07d988 --- /dev/null +++ b/queue-4.14/drm-edid-add-6-bpc-quirk-for-boe-panel.patch @@ -0,0 +1,42 @@ +From 91c911863401b09c2026324c9f6489dc11172b9c Mon Sep 17 00:00:00 2001 +From: "Lee, Shawn C" +Date: Sun, 28 Oct 2018 22:49:33 -0700 +Subject: drm/edid: Add 6 bpc quirk for BOE panel. + +[ Upstream commit 922dceff8dc1fb4dafc9af78139ba65671408103 ] + +BOE panel (ID: 0x0771) that reports "DFP 1.x compliant TMDS". +But it's 6bpc panel only instead of 8 bpc. + +Add panel ID to edid quirk list and set 6 bpc as default to +work around this issue. + +Cc: Jani Nikula +Cc: Maarten Lankhorst +Cc: Gustavo Padovan +Cc: Cooper Chiou +Signed-off-by: Lee, Shawn C > +Signed-off-by: Daniel Vetter +Link: https://patchwork.freedesktop.org/patch/msgid/1540792173-7288-1-git-send-email-shawn.c.lee@intel.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/drm_edid.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c +index d1191ebed072..ed01e3aae0e8 100644 +--- a/drivers/gpu/drm/drm_edid.c ++++ b/drivers/gpu/drm/drm_edid.c +@@ -120,6 +120,9 @@ static const struct edid_quirk { + /* SDC panel of Lenovo B50-80 reports 8 bpc, but is a 6 bpc panel */ + { "SDC", 0x3652, EDID_QUIRK_FORCE_6BPC }, + ++ /* BOE model 0x0771 reports 8 bpc, but is a 6 bpc panel */ ++ { "BOE", 0x0771, EDID_QUIRK_FORCE_6BPC }, ++ + /* Belinea 10 15 55 */ + { "MAX", 1516, EDID_QUIRK_PREFER_LARGE_60 }, + { "MAX", 0x77e, EDID_QUIRK_PREFER_LARGE_60 }, +-- +2.17.1 + diff --git a/queue-4.14/fs-exofs-fix-potential-memory-leak-in-mount-option-p.patch b/queue-4.14/fs-exofs-fix-potential-memory-leak-in-mount-option-p.patch new file mode 100644 index 00000000000..444f09874bd --- /dev/null +++ b/queue-4.14/fs-exofs-fix-potential-memory-leak-in-mount-option-p.patch @@ -0,0 +1,44 @@ +From 07a96752568a7d611cbbd3143d5c153cef568c5d Mon Sep 17 00:00:00 2001 +From: Chengguang Xu +Date: Wed, 13 Jun 2018 12:05:13 +0800 +Subject: fs/exofs: fix potential memory leak in mount option parsing + +[ Upstream commit 515f1867addaba49c1c6ac73abfaffbc192c1db4 ] + +There are some cases can cause memory leak when parsing +option 'osdname'. + +Signed-off-by: Chengguang Xu +Signed-off-by: Al Viro +Signed-off-by: Sasha Levin +--- + fs/exofs/super.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fs/exofs/super.c b/fs/exofs/super.c +index 819624cfc8da..c9ec652e2fcd 100644 +--- a/fs/exofs/super.c ++++ b/fs/exofs/super.c +@@ -100,6 +100,7 @@ static int parse_options(char *options, struct exofs_mountopt *opts) + token = match_token(p, tokens, args); + switch (token) { + case Opt_name: ++ kfree(opts->dev_name); + opts->dev_name = match_strdup(&args[0]); + if (unlikely(!opts->dev_name)) { + EXOFS_ERR("Error allocating dev_name"); +@@ -863,8 +864,10 @@ static struct dentry *exofs_mount(struct file_system_type *type, + int ret; + + ret = parse_options(data, &opts); +- if (ret) ++ if (ret) { ++ kfree(opts.dev_name); + return ERR_PTR(ret); ++ } + + if (!opts.dev_name) + opts.dev_name = dev_name; +-- +2.17.1 + diff --git a/queue-4.14/hfs-prevent-btree-data-loss-on-root-split.patch b/queue-4.14/hfs-prevent-btree-data-loss-on-root-split.patch new file mode 100644 index 00000000000..1b1f692a0d4 --- /dev/null +++ b/queue-4.14/hfs-prevent-btree-data-loss-on-root-split.patch @@ -0,0 +1,49 @@ +From 645eda09addebf3e771973b8b62fc86da022543f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ernesto=20A=2E=20Fern=C3=A1ndez?= + +Date: Tue, 30 Oct 2018 15:06:07 -0700 +Subject: hfs: prevent btree data loss on root split +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[ Upstream commit d057c036672f33d43a5f7344acbb08cf3a8a0c09 ] + +This bug is triggered whenever hfs_brec_update_parent() needs to split +the root node. The height of the btree is not increased, which leaves +the new node orphaned and its records lost. It is not possible for this +to happen on a valid hfs filesystem because the index nodes have fixed +length keys. + +For reasons I ignore, the hfs module does have support for a number of +hfsplus features. A corrupt btree header may report variable length +keys and trigger this bug, so it's better to fix it. + +Link: http://lkml.kernel.org/r/9750b1415685c4adca10766895f6d5ef12babdb0.1535682463.git.ernesto.mnd.fernandez@gmail.com +Signed-off-by: Ernesto A. Fernández +Cc: Christoph Hellwig +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/hfs/brec.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/hfs/brec.c b/fs/hfs/brec.c +index 9a8772465a90..da25c49203cc 100644 +--- a/fs/hfs/brec.c ++++ b/fs/hfs/brec.c +@@ -425,6 +425,10 @@ skip: + if (new_node) { + __be32 cnid; + ++ if (!new_node->parent) { ++ hfs_btree_inc_height(tree); ++ new_node->parent = tree->root; ++ } + fd->bnode = hfs_bnode_find(tree, new_node->parent); + /* create index key and entry */ + hfs_bnode_read_key(new_node, fd->search_key, 14); +-- +2.17.1 + diff --git a/queue-4.14/hfsplus-prevent-btree-data-loss-on-root-split.patch b/queue-4.14/hfsplus-prevent-btree-data-loss-on-root-split.patch new file mode 100644 index 00000000000..a6fec54e970 --- /dev/null +++ b/queue-4.14/hfsplus-prevent-btree-data-loss-on-root-split.patch @@ -0,0 +1,63 @@ +From e9a1cb6006b279902a0d5372453dc408e4ea39e8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ernesto=20A=2E=20Fern=C3=A1ndez?= + +Date: Tue, 30 Oct 2018 15:06:00 -0700 +Subject: hfsplus: prevent btree data loss on root split +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +[ Upstream commit 0a3021d4f5295aa073c7bf5c5e4de60a2e292578 ] + +Creating, renaming or deleting a file may cause catalog corruption and +data loss. This bug is randomly triggered by xfstests generic/027, but +here is a faster reproducer: + + truncate -s 50M fs.iso + mkfs.hfsplus fs.iso + mount fs.iso /mnt + i=100 + while [ $i -le 150 ]; do + touch /mnt/$i &>/dev/null + ((++i)) + done + i=100 + while [ $i -le 150 ]; do + mv /mnt/$i /mnt/$(perl -e "print $i x82") &>/dev/null + ((++i)) + done + umount /mnt + fsck.hfsplus -n fs.iso + +The bug is triggered whenever hfs_brec_update_parent() needs to split the +root node. The height of the btree is not increased, which leaves the new +node orphaned and its records lost. + +Link: http://lkml.kernel.org/r/26d882184fc43043a810114258f45277752186c7.1535682461.git.ernesto.mnd.fernandez@gmail.com +Signed-off-by: Ernesto A. Fernández +Cc: Christoph Hellwig +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/hfsplus/brec.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/hfsplus/brec.c b/fs/hfsplus/brec.c +index 808f4d8c859c..d3f36982f685 100644 +--- a/fs/hfsplus/brec.c ++++ b/fs/hfsplus/brec.c +@@ -428,6 +428,10 @@ skip: + if (new_node) { + __be32 cnid; + ++ if (!new_node->parent) { ++ hfs_btree_inc_height(tree); ++ new_node->parent = tree->root; ++ } + fd->bnode = hfs_bnode_find(tree, new_node->parent); + /* create index key and entry */ + hfs_bnode_read_key(new_node, fd->search_key, 14); +-- +2.17.1 + diff --git a/queue-4.14/hwmon-ibmpowernv-remove-bogus-__init-annotations.patch b/queue-4.14/hwmon-ibmpowernv-remove-bogus-__init-annotations.patch new file mode 100644 index 00000000000..f7c9e343d39 --- /dev/null +++ b/queue-4.14/hwmon-ibmpowernv-remove-bogus-__init-annotations.patch @@ -0,0 +1,53 @@ +From 4f7fa017e40123322ec5a5b0536db98e09da6862 Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Sun, 28 Oct 2018 18:16:51 +0100 +Subject: hwmon: (ibmpowernv) Remove bogus __init annotations + +[ Upstream commit e3e61f01d755188cb6c2dcf5a244b9c0937c258e ] + +If gcc decides not to inline make_sensor_label(): + + WARNING: vmlinux.o(.text+0x4df549c): Section mismatch in reference from the function .create_device_attrs() to the function .init.text:.make_sensor_label() + The function .create_device_attrs() references + the function __init .make_sensor_label(). + This is often because .create_device_attrs lacks a __init + annotation or the annotation of .make_sensor_label is wrong. + +As .probe() can be called after freeing of __init memory, all __init +annotiations in the driver are bogus, and should be removed. + +Signed-off-by: Geert Uytterhoeven +Signed-off-by: Guenter Roeck +Signed-off-by: Sasha Levin +--- + drivers/hwmon/ibmpowernv.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/drivers/hwmon/ibmpowernv.c b/drivers/hwmon/ibmpowernv.c +index 5ccdd0b52650..b38f4951c94e 100644 +--- a/drivers/hwmon/ibmpowernv.c ++++ b/drivers/hwmon/ibmpowernv.c +@@ -126,7 +126,7 @@ static ssize_t show_label(struct device *dev, struct device_attribute *devattr, + return sprintf(buf, "%s\n", sdata->label); + } + +-static int __init get_logical_cpu(int hwcpu) ++static int get_logical_cpu(int hwcpu) + { + int cpu; + +@@ -137,9 +137,8 @@ static int __init get_logical_cpu(int hwcpu) + return -ENOENT; + } + +-static void __init make_sensor_label(struct device_node *np, +- struct sensor_data *sdata, +- const char *label) ++static void make_sensor_label(struct device_node *np, ++ struct sensor_data *sdata, const char *label) + { + u32 id; + size_t n; +-- +2.17.1 + diff --git a/queue-4.14/i2c-omap-enable-for-arch_k3.patch b/queue-4.14/i2c-omap-enable-for-arch_k3.patch new file mode 100644 index 00000000000..5ed8a3fd883 --- /dev/null +++ b/queue-4.14/i2c-omap-enable-for-arch_k3.patch @@ -0,0 +1,33 @@ +From f71b62d9c51e4ba2ccf32e7d1cb3eaafc4173a16 Mon Sep 17 00:00:00 2001 +From: Vignesh R +Date: Fri, 9 Nov 2018 16:44:11 +0530 +Subject: i2c: omap: Enable for ARCH_K3 + +[ Upstream commit 5b277402deac0691226a947df71c581686bd4020 ] + +Allow I2C_OMAP to be built for K3 platforms. + +Signed-off-by: Vignesh R +Reviewed-by: Grygorii Strashko +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig +index 45a3f3ca29b3..75ea367ffd83 100644 +--- a/drivers/i2c/busses/Kconfig ++++ b/drivers/i2c/busses/Kconfig +@@ -759,7 +759,7 @@ config I2C_OCORES + + config I2C_OMAP + tristate "OMAP I2C adapter" +- depends on ARCH_OMAP ++ depends on ARCH_OMAP || ARCH_K3 + default y if MACH_OMAP_H3 || MACH_OMAP_OSK + help + If you say yes to this option, support will be included for the +-- +2.17.1 + diff --git a/queue-4.14/i40e-restore-netif_f_gso_ipxip-46-to-netdev-features.patch b/queue-4.14/i40e-restore-netif_f_gso_ipxip-46-to-netdev-features.patch new file mode 100644 index 00000000000..4388463e271 --- /dev/null +++ b/queue-4.14/i40e-restore-netif_f_gso_ipxip-46-to-netdev-features.patch @@ -0,0 +1,48 @@ +From 6845280736d37eb5bd82bc45a029f27999b052d9 Mon Sep 17 00:00:00 2001 +From: Jacob Keller +Date: Mon, 29 Oct 2018 10:52:42 -0700 +Subject: i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features + +[ Upstream commit ba766b8b99c30ad3c55ed8cf224d1185ecff1476 ] + +Since commit bacd75cfac8a ("i40e/i40evf: Add capability exchange for +outer checksum", 2017-04-06) the i40e driver has not reported support +for IP-in-IP offloads. This likely occurred due to a bad rebase, as the +commit extracts hw_enc_features into its own variable. As part of this +change, it dropped the NETIF_F_FSO_IPXIP flags from the +netdev->hw_enc_features. This was unfortunately not caught during code +review. + +Fix this by adding back the missing feature flags. + +For reference, NETIF_F_GSO_IPXIP4 was added in commit 7e13318daa4a +("net: define gso types for IPx over IPv4 and IPv6", 2016-05-20), +replacing NETIF_F_GSO_IPIP and NETIF_F_GSO_SIT. + +NETIF_F_GSO_IPXIP6 was added in commit bf2d1df39502 ("intel: Add support +for IPv6 IP-in-IP offload", 2016-05-20). + +Signed-off-by: Jacob Keller +Tested-by: Andrew Bowers +Signed-off-by: Jeff Kirsher +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c +index 04dbf64fb1cb..176c99b8251d 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -9688,6 +9688,8 @@ static int i40e_config_netdev(struct i40e_vsi *vsi) + NETIF_F_GSO_GRE | + NETIF_F_GSO_GRE_CSUM | + NETIF_F_GSO_PARTIAL | ++ NETIF_F_GSO_IPXIP4 | ++ NETIF_F_GSO_IPXIP6 | + NETIF_F_GSO_UDP_TUNNEL | + NETIF_F_GSO_UDP_TUNNEL_CSUM | + NETIF_F_SCTP_CRC | +-- +2.17.1 + diff --git a/queue-4.14/ixgbe-fix-mac-anti-spoofing-filter-after-vflr.patch b/queue-4.14/ixgbe-fix-mac-anti-spoofing-filter-after-vflr.patch new file mode 100644 index 00000000000..efe643bee4b --- /dev/null +++ b/queue-4.14/ixgbe-fix-mac-anti-spoofing-filter-after-vflr.patch @@ -0,0 +1,42 @@ +From 14bfb09d0ae3f08a835dbac2cf2c1ff65986664c Mon Sep 17 00:00:00 2001 +From: Radoslaw Tyl +Date: Mon, 22 Oct 2018 08:44:31 +0200 +Subject: ixgbe: fix MAC anti-spoofing filter after VFLR + +[ Upstream commit 6702185c1ffec3421181b5e24491e3fac920cb61 ] + +This change resolves a driver bug where the driver is logging a +message that says "Spoofed packets detected". This can occur on the PF +(host) when a VF has VLAN+MACVLAN enabled and is re-started with a +different MAC address. + +MAC and VLAN anti-spoofing filters are to be enabled together. + +Signed-off-by: Radoslaw Tyl +Tested-by: Andrew Bowers +Acked-by: Piotr Skajewski +Signed-off-by: Jeff Kirsher +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +index 112d24c6c9ce..4904a63b83ef 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +@@ -760,8 +760,10 @@ static inline void ixgbe_vf_reset_event(struct ixgbe_adapter *adapter, u32 vf) + ixgbe_set_vmvir(adapter, vfinfo->pf_vlan, + adapter->default_up, vf); + +- if (vfinfo->spoofchk_enabled) ++ if (vfinfo->spoofchk_enabled) { + hw->mac.ops.set_vlan_anti_spoofing(hw, true, vf); ++ hw->mac.ops.set_mac_anti_spoofing(hw, true, vf); ++ } + } + + /* reset multicast table array for vf */ +-- +2.17.1 + diff --git a/queue-4.14/lib-raid6-fix-arm64-test-build.patch b/queue-4.14/lib-raid6-fix-arm64-test-build.patch new file mode 100644 index 00000000000..9a6a7dd0d7d --- /dev/null +++ b/queue-4.14/lib-raid6-fix-arm64-test-build.patch @@ -0,0 +1,46 @@ +From b639aaad53adf5520a2da4ba5850a84f3a93e784 Mon Sep 17 00:00:00 2001 +From: Jeremy Linton +Date: Mon, 5 Nov 2018 18:14:41 -0600 +Subject: lib/raid6: Fix arm64 test build + +[ Upstream commit 313a06e636808387822af24c507cba92703568b1 ] + +The lib/raid6/test fails to build the neon objects +on arm64 because the correct machine type is 'aarch64'. + +Once this is correctly enabled, the neon recovery objects +need to be added to the build. + +Reviewed-by: Ard Biesheuvel +Signed-off-by: Jeremy Linton +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + lib/raid6/test/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/raid6/test/Makefile b/lib/raid6/test/Makefile +index be1010bdc435..565a77220fae 100644 +--- a/lib/raid6/test/Makefile ++++ b/lib/raid6/test/Makefile +@@ -27,7 +27,7 @@ ifeq ($(ARCH),arm) + CFLAGS += -I../../../arch/arm/include -mfpu=neon + HAS_NEON = yes + endif +-ifeq ($(ARCH),arm64) ++ifeq ($(ARCH),aarch64) + CFLAGS += -I../../../arch/arm64/include + HAS_NEON = yes + endif +@@ -41,7 +41,7 @@ ifeq ($(IS_X86),yes) + gcc -c -x assembler - >&/dev/null && \ + rm ./-.o && echo -DCONFIG_AS_AVX512=1) + else ifeq ($(HAS_NEON),yes) +- OBJS += neon.o neon1.o neon2.o neon4.o neon8.o ++ OBJS += neon.o neon1.o neon2.o neon4.o neon8.o recov_neon.o recov_neon_inner.o + CFLAGS += -DCONFIG_KERNEL_MODE_NEON=1 + else + HAS_ALTIVEC := $(shell printf '\#include \nvector int a;\n' |\ +-- +2.17.1 + diff --git a/queue-4.14/net-stmmac-fix-rx-packet-size-8191.patch b/queue-4.14/net-stmmac-fix-rx-packet-size-8191.patch new file mode 100644 index 00000000000..83de362ff79 --- /dev/null +++ b/queue-4.14/net-stmmac-fix-rx-packet-size-8191.patch @@ -0,0 +1,101 @@ +From c78998a4c1518c354f4f0a130d2eef2e787b470b Mon Sep 17 00:00:00 2001 +From: Thor Thayer +Date: Thu, 8 Nov 2018 11:42:14 -0600 +Subject: net: stmmac: Fix RX packet size > 8191 + +[ Upstream commit 8137b6ef0ce469154e5cf19f8e7fe04d9a72ac5e ] + +Ping problems with packets > 8191 as shown: + +PING 192.168.1.99 (192.168.1.99) 8150(8178) bytes of data. +8158 bytes from 192.168.1.99: icmp_seq=1 ttl=64 time=0.669 ms +wrong data byte 8144 should be 0xd0 but was 0x0 +16 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f + 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f +%< ---------------snip-------------------------------------- +8112 b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf + c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf +8144 0 0 0 0 d0 d1 + ^^^^^^^ +Notice the 4 bytes of 0 before the expected byte of d0. + +Databook notes that the RX buffer must be a multiple of 4/8/16 +bytes [1]. + +Update the DMA Buffer size define to 8188 instead of 8192. Remove +the -1 from the RX buffer size allocations and use the new +DMA Buffer size directly. + +[1] Synopsys DesignWare Cores Ethernet MAC Universal v3.70a + [section 8.4.2 - Table 8-24] + +Tested on SoCFPGA Stratix10 with ping sweep from 100 to 8300 byte packets. + +Fixes: 286a83721720 ("stmmac: add CHAINED descriptor mode support (V4)") +Suggested-by: Jose Abreu +Signed-off-by: Thor Thayer +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/stmicro/stmmac/common.h | 3 ++- + drivers/net/ethernet/stmicro/stmmac/descs_com.h | 2 +- + drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 2 +- + drivers/net/ethernet/stmicro/stmmac/ring_mode.c | 2 +- + 4 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/common.h b/drivers/net/ethernet/stmicro/stmmac/common.h +index 627fec210e2f..8e2a19616bc9 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/common.h ++++ b/drivers/net/ethernet/stmicro/stmmac/common.h +@@ -340,7 +340,8 @@ struct dma_features { + + /* GMAC TX FIFO is 8K, Rx FIFO is 16K */ + #define BUF_SIZE_16KiB 16384 +-#define BUF_SIZE_8KiB 8192 ++/* RX Buffer size must be < 8191 and multiple of 4/8/16 bytes */ ++#define BUF_SIZE_8KiB 8188 + #define BUF_SIZE_4KiB 4096 + #define BUF_SIZE_2KiB 2048 + +diff --git a/drivers/net/ethernet/stmicro/stmmac/descs_com.h b/drivers/net/ethernet/stmicro/stmmac/descs_com.h +index ca9d7e48034c..40d6356a7e73 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/descs_com.h ++++ b/drivers/net/ethernet/stmicro/stmmac/descs_com.h +@@ -31,7 +31,7 @@ + /* Enhanced descriptors */ + static inline void ehn_desc_rx_set_on_ring(struct dma_desc *p, int end) + { +- p->des1 |= cpu_to_le32(((BUF_SIZE_8KiB - 1) ++ p->des1 |= cpu_to_le32((BUF_SIZE_8KiB + << ERDES1_BUFFER2_SIZE_SHIFT) + & ERDES1_BUFFER2_SIZE_MASK); + +diff --git a/drivers/net/ethernet/stmicro/stmmac/enh_desc.c b/drivers/net/ethernet/stmicro/stmmac/enh_desc.c +index 2a828a312814..acd65a4f94d4 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/enh_desc.c ++++ b/drivers/net/ethernet/stmicro/stmmac/enh_desc.c +@@ -262,7 +262,7 @@ static void enh_desc_init_rx_desc(struct dma_desc *p, int disable_rx_ic, + int mode, int end) + { + p->des0 |= cpu_to_le32(RDES0_OWN); +- p->des1 |= cpu_to_le32((BUF_SIZE_8KiB - 1) & ERDES1_BUFFER1_SIZE_MASK); ++ p->des1 |= cpu_to_le32(BUF_SIZE_8KiB & ERDES1_BUFFER1_SIZE_MASK); + + if (mode == STMMAC_CHAIN_MODE) + ehn_desc_rx_set_on_chain(p); +diff --git a/drivers/net/ethernet/stmicro/stmmac/ring_mode.c b/drivers/net/ethernet/stmicro/stmmac/ring_mode.c +index 28e4b5d50ce6..1af7b078b94d 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/ring_mode.c ++++ b/drivers/net/ethernet/stmicro/stmmac/ring_mode.c +@@ -143,7 +143,7 @@ static void stmmac_clean_desc3(void *priv_ptr, struct dma_desc *p) + static int stmmac_set_16kib_bfsize(int mtu) + { + int ret = 0; +- if (unlikely(mtu >= BUF_SIZE_8KiB)) ++ if (unlikely(mtu > BUF_SIZE_8KiB)) + ret = BUF_SIZE_16KiB; + return ret; + } +-- +2.17.1 + diff --git a/queue-4.14/netfilter-ipset-actually-allow-allowable-cidr-0-in-h.patch b/queue-4.14/netfilter-ipset-actually-allow-allowable-cidr-0-in-h.patch new file mode 100644 index 00000000000..9a000a90127 --- /dev/null +++ b/queue-4.14/netfilter-ipset-actually-allow-allowable-cidr-0-in-h.patch @@ -0,0 +1,90 @@ +From 26c1476026bee54008255d7ddd47369b44a1e825 Mon Sep 17 00:00:00 2001 +From: Eric Westbrook +Date: Tue, 28 Aug 2018 15:14:42 -0600 +Subject: netfilter: ipset: actually allow allowable CIDR 0 in + hash:net,port,net + +[ Upstream commit 886503f34d63e681662057448819edb5b1057a97 ] + +Allow /0 as advertised for hash:net,port,net sets. + +For "hash:net,port,net", ipset(8) says that "either subnet +is permitted to be a /0 should you wish to match port +between all destinations." + +Make that statement true. + +Before: + + # ipset create cidrzero hash:net,port,net + # ipset add cidrzero 0.0.0.0/0,12345,0.0.0.0/0 + ipset v6.34: The value of the CIDR parameter of the IP address is invalid + + # ipset create cidrzero6 hash:net,port,net family inet6 + # ipset add cidrzero6 ::/0,12345,::/0 + ipset v6.34: The value of the CIDR parameter of the IP address is invalid + +After: + + # ipset create cidrzero hash:net,port,net + # ipset add cidrzero 0.0.0.0/0,12345,0.0.0.0/0 + # ipset test cidrzero 192.168.205.129,12345,172.16.205.129 + 192.168.205.129,tcp:12345,172.16.205.129 is in set cidrzero. + + # ipset create cidrzero6 hash:net,port,net family inet6 + # ipset add cidrzero6 ::/0,12345,::/0 + # ipset test cidrzero6 fe80::1,12345,ff00::1 + fe80::1,tcp:12345,ff00::1 is in set cidrzero6. + +See also: + + https://bugzilla.kernel.org/show_bug.cgi?id=200897 + https://github.com/ewestbrook/linux/commit/df7ff6efb0934ab6acc11f003ff1a7580d6c1d9c + +Signed-off-by: Eric Westbrook +Signed-off-by: Jozsef Kadlecsik +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/ipset/ip_set_hash_netportnet.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c b/net/netfilter/ipset/ip_set_hash_netportnet.c +index 8602f2595a1a..0e6e40c6f652 100644 +--- a/net/netfilter/ipset/ip_set_hash_netportnet.c ++++ b/net/netfilter/ipset/ip_set_hash_netportnet.c +@@ -213,13 +213,13 @@ hash_netportnet4_uadt(struct ip_set *set, struct nlattr *tb[], + + if (tb[IPSET_ATTR_CIDR]) { + e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); +- if (!e.cidr[0] || e.cidr[0] > HOST_MASK) ++ if (e.cidr[0] > HOST_MASK) + return -IPSET_ERR_INVALID_CIDR; + } + + if (tb[IPSET_ATTR_CIDR2]) { + e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); +- if (!e.cidr[1] || e.cidr[1] > HOST_MASK) ++ if (e.cidr[1] > HOST_MASK) + return -IPSET_ERR_INVALID_CIDR; + } + +@@ -492,13 +492,13 @@ hash_netportnet6_uadt(struct ip_set *set, struct nlattr *tb[], + + if (tb[IPSET_ATTR_CIDR]) { + e.cidr[0] = nla_get_u8(tb[IPSET_ATTR_CIDR]); +- if (!e.cidr[0] || e.cidr[0] > HOST_MASK) ++ if (e.cidr[0] > HOST_MASK) + return -IPSET_ERR_INVALID_CIDR; + } + + if (tb[IPSET_ATTR_CIDR2]) { + e.cidr[1] = nla_get_u8(tb[IPSET_ATTR_CIDR2]); +- if (!e.cidr[1] || e.cidr[1] > HOST_MASK) ++ if (e.cidr[1] > HOST_MASK) + return -IPSET_ERR_INVALID_CIDR; + } + +-- +2.17.1 + diff --git a/queue-4.14/netfilter-ipset-correct-rcu_dereference-call-in-ip_s.patch b/queue-4.14/netfilter-ipset-correct-rcu_dereference-call-in-ip_s.patch new file mode 100644 index 00000000000..29aaa7c418f --- /dev/null +++ b/queue-4.14/netfilter-ipset-correct-rcu_dereference-call-in-ip_s.patch @@ -0,0 +1,39 @@ +From 51d9479597784fb9991ccc848b1bbbef71ec9502 Mon Sep 17 00:00:00 2001 +From: Jozsef Kadlecsik +Date: Fri, 19 Oct 2018 19:35:19 +0200 +Subject: netfilter: ipset: Correct rcu_dereference() call in + ip_set_put_comment() + +[ Upstream commit 17b8b74c0f8dbf9b9e3301f9ca5b65dd1c079951 ] + +The function is called when rcu_read_lock() is held and not +when rcu_read_lock_bh() is held. + +Signed-off-by: Jozsef Kadlecsik +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + include/linux/netfilter/ipset/ip_set_comment.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/linux/netfilter/ipset/ip_set_comment.h b/include/linux/netfilter/ipset/ip_set_comment.h +index 8e2bab1e8e90..70877f8de7e9 100644 +--- a/include/linux/netfilter/ipset/ip_set_comment.h ++++ b/include/linux/netfilter/ipset/ip_set_comment.h +@@ -43,11 +43,11 @@ ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment, + rcu_assign_pointer(comment->c, c); + } + +-/* Used only when dumping a set, protected by rcu_read_lock_bh() */ ++/* Used only when dumping a set, protected by rcu_read_lock() */ + static inline int + ip_set_put_comment(struct sk_buff *skb, const struct ip_set_comment *comment) + { +- struct ip_set_comment_rcu *c = rcu_dereference_bh(comment->c); ++ struct ip_set_comment_rcu *c = rcu_dereference(comment->c); + + if (!c) + return 0; +-- +2.17.1 + diff --git a/queue-4.14/netfilter-ipset-list-set-decrease-refcount-synchrono.patch b/queue-4.14/netfilter-ipset-list-set-decrease-refcount-synchrono.patch new file mode 100644 index 00000000000..944710f1bb7 --- /dev/null +++ b/queue-4.14/netfilter-ipset-list-set-decrease-refcount-synchrono.patch @@ -0,0 +1,191 @@ +From 6b9ea6fe5d000019f27fa71c9355e7f74872af2d Mon Sep 17 00:00:00 2001 +From: Stefano Brivio +Date: Sat, 14 Jul 2018 21:59:43 +0200 +Subject: netfilter: ipset: list:set: Decrease refcount synchronously on + deletion and replace + +[ Upstream commit 439cd39ea136d2c026805264d58a91f36b6b64ca ] + +Commit 45040978c899 ("netfilter: ipset: Fix set:list type crash +when flush/dump set in parallel") postponed decreasing set +reference counters to the RCU callback. + +An 'ipset del' command can terminate before the RCU grace period +is elapsed, and if sets are listed before then, the reference +counter shown in userspace will be wrong: + + # ipset create h hash:ip; ipset create l list:set; ipset add l + # ipset del l h; ipset list h + Name: h + Type: hash:ip + Revision: 4 + Header: family inet hashsize 1024 maxelem 65536 + Size in memory: 88 + References: 1 + Number of entries: 0 + Members: + # sleep 1; ipset list h + Name: h + Type: hash:ip + Revision: 4 + Header: family inet hashsize 1024 maxelem 65536 + Size in memory: 88 + References: 0 + Number of entries: 0 + Members: + +Fix this by making the reference count update synchronous again. + +As a result, when sets are listed, ip_set_name_byindex() might +now fetch a set whose reference count is already zero. Instead +of relying on the reference count to protect against concurrent +set renaming, grab ip_set_ref_lock as reader and copy the name, +while holding the same lock in ip_set_rename() as writer +instead. + +Reported-by: Li Shuang +Fixes: 45040978c899 ("netfilter: ipset: Fix set:list type crash when flush/dump set in parallel") +Signed-off-by: Stefano Brivio +Signed-off-by: Jozsef Kadlecsik +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + include/linux/netfilter/ipset/ip_set.h | 2 +- + net/netfilter/ipset/ip_set_core.c | 23 +++++++++++------------ + net/netfilter/ipset/ip_set_list_set.c | 17 +++++++++++------ + 3 files changed, 23 insertions(+), 19 deletions(-) + +diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h +index 8e42253e5d4d..91a533bd3eb1 100644 +--- a/include/linux/netfilter/ipset/ip_set.h ++++ b/include/linux/netfilter/ipset/ip_set.h +@@ -312,7 +312,7 @@ enum { + extern ip_set_id_t ip_set_get_byname(struct net *net, + const char *name, struct ip_set **set); + extern void ip_set_put_byindex(struct net *net, ip_set_id_t index); +-extern const char *ip_set_name_byindex(struct net *net, ip_set_id_t index); ++extern void ip_set_name_byindex(struct net *net, ip_set_id_t index, char *name); + extern ip_set_id_t ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index); + extern void ip_set_nfnl_put(struct net *net, ip_set_id_t index); + +diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c +index 9d2ce1459cec..a3f1dc7cf538 100644 +--- a/net/netfilter/ipset/ip_set_core.c ++++ b/net/netfilter/ipset/ip_set_core.c +@@ -668,21 +668,20 @@ ip_set_put_byindex(struct net *net, ip_set_id_t index) + EXPORT_SYMBOL_GPL(ip_set_put_byindex); + + /* Get the name of a set behind a set index. +- * We assume the set is referenced, so it does exist and +- * can't be destroyed. The set cannot be renamed due to +- * the referencing either. +- * ++ * Set itself is protected by RCU, but its name isn't: to protect against ++ * renaming, grab ip_set_ref_lock as reader (see ip_set_rename()) and copy the ++ * name. + */ +-const char * +-ip_set_name_byindex(struct net *net, ip_set_id_t index) ++void ++ip_set_name_byindex(struct net *net, ip_set_id_t index, char *name) + { +- const struct ip_set *set = ip_set_rcu_get(net, index); ++ struct ip_set *set = ip_set_rcu_get(net, index); + + BUG_ON(!set); +- BUG_ON(set->ref == 0); + +- /* Referenced, so it's safe */ +- return set->name; ++ read_lock_bh(&ip_set_ref_lock); ++ strncpy(name, set->name, IPSET_MAXNAMELEN); ++ read_unlock_bh(&ip_set_ref_lock); + } + EXPORT_SYMBOL_GPL(ip_set_name_byindex); + +@@ -1128,7 +1127,7 @@ static int ip_set_rename(struct net *net, struct sock *ctnl, + if (!set) + return -ENOENT; + +- read_lock_bh(&ip_set_ref_lock); ++ write_lock_bh(&ip_set_ref_lock); + if (set->ref != 0) { + ret = -IPSET_ERR_REFERENCED; + goto out; +@@ -1145,7 +1144,7 @@ static int ip_set_rename(struct net *net, struct sock *ctnl, + strncpy(set->name, name2, IPSET_MAXNAMELEN); + + out: +- read_unlock_bh(&ip_set_ref_lock); ++ write_unlock_bh(&ip_set_ref_lock); + return ret; + } + +diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c +index 178d4eba013b..75d52aed6fdb 100644 +--- a/net/netfilter/ipset/ip_set_list_set.c ++++ b/net/netfilter/ipset/ip_set_list_set.c +@@ -156,9 +156,7 @@ __list_set_del_rcu(struct rcu_head * rcu) + { + struct set_elem *e = container_of(rcu, struct set_elem, rcu); + struct ip_set *set = e->set; +- struct list_set *map = set->data; + +- ip_set_put_byindex(map->net, e->id); + ip_set_ext_destroy(set, e); + kfree(e); + } +@@ -166,15 +164,21 @@ __list_set_del_rcu(struct rcu_head * rcu) + static inline void + list_set_del(struct ip_set *set, struct set_elem *e) + { ++ struct list_set *map = set->data; ++ + set->elements--; + list_del_rcu(&e->list); ++ ip_set_put_byindex(map->net, e->id); + call_rcu(&e->rcu, __list_set_del_rcu); + } + + static inline void +-list_set_replace(struct set_elem *e, struct set_elem *old) ++list_set_replace(struct ip_set *set, struct set_elem *e, struct set_elem *old) + { ++ struct list_set *map = set->data; ++ + list_replace_rcu(&old->list, &e->list); ++ ip_set_put_byindex(map->net, old->id); + call_rcu(&old->rcu, __list_set_del_rcu); + } + +@@ -306,7 +310,7 @@ list_set_uadd(struct ip_set *set, void *value, const struct ip_set_ext *ext, + INIT_LIST_HEAD(&e->list); + list_set_init_extensions(set, ext, e); + if (n) +- list_set_replace(e, n); ++ list_set_replace(set, e, n); + else if (next) + list_add_tail_rcu(&e->list, &next->list); + else if (prev) +@@ -497,6 +501,7 @@ list_set_list(const struct ip_set *set, + const struct list_set *map = set->data; + struct nlattr *atd, *nested; + u32 i = 0, first = cb->args[IPSET_CB_ARG0]; ++ char name[IPSET_MAXNAMELEN]; + struct set_elem *e; + int ret = 0; + +@@ -515,8 +520,8 @@ list_set_list(const struct ip_set *set, + nested = ipset_nest_start(skb, IPSET_ATTR_DATA); + if (!nested) + goto nla_put_failure; +- if (nla_put_string(skb, IPSET_ATTR_NAME, +- ip_set_name_byindex(map->net, e->id))) ++ ip_set_name_byindex(map->net, e->id, name); ++ if (nla_put_string(skb, IPSET_ATTR_NAME, name)) + goto nla_put_failure; + if (ip_set_put_extensions(skb, set, e, true)) + goto nla_put_failure; +-- +2.17.1 + diff --git a/queue-4.14/netfilter-xt_idletimer-add-sysfs-filename-checking-r.patch b/queue-4.14/netfilter-xt_idletimer-add-sysfs-filename-checking-r.patch new file mode 100644 index 00000000000..09907a967ee --- /dev/null +++ b/queue-4.14/netfilter-xt_idletimer-add-sysfs-filename-checking-r.patch @@ -0,0 +1,82 @@ +From 8c01fc13e2afca013c055b93e81562cc96645805 Mon Sep 17 00:00:00 2001 +From: Taehee Yoo +Date: Sun, 21 Oct 2018 00:00:08 +0900 +Subject: netfilter: xt_IDLETIMER: add sysfs filename checking routine + +[ Upstream commit 54451f60c8fa061af9051a53be9786393947367c ] + +When IDLETIMER rule is added, sysfs file is created under +/sys/class/xt_idletimer/timers/ +But some label name shouldn't be used. +".", "..", "power", "uevent", "subsystem", etc... +So that sysfs filename checking routine is needed. + +test commands: + %iptables -I INPUT -j IDLETIMER --timeout 1 --label "power" + +splat looks like: +[95765.423132] sysfs: cannot create duplicate filename '/devices/virtual/xt_idletimer/timers/power' +[95765.433418] CPU: 0 PID: 8446 Comm: iptables Not tainted 4.19.0-rc6+ #20 +[95765.449755] Call Trace: +[95765.449755] dump_stack+0xc9/0x16b +[95765.449755] ? show_regs_print_info+0x5/0x5 +[95765.449755] sysfs_warn_dup+0x74/0x90 +[95765.449755] sysfs_add_file_mode_ns+0x352/0x500 +[95765.449755] sysfs_create_file_ns+0x179/0x270 +[95765.449755] ? sysfs_add_file_mode_ns+0x500/0x500 +[95765.449755] ? idletimer_tg_checkentry+0x3e5/0xb1b [xt_IDLETIMER] +[95765.449755] ? rcu_read_lock_sched_held+0x114/0x130 +[95765.449755] ? __kmalloc_track_caller+0x211/0x2b0 +[95765.449755] ? memcpy+0x34/0x50 +[95765.449755] idletimer_tg_checkentry+0x4e2/0xb1b [xt_IDLETIMER] +[ ... ] + +Fixes: 0902b469bd25 ("netfilter: xtables: idletimer target implementation") +Signed-off-by: Taehee Yoo +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/xt_IDLETIMER.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/net/netfilter/xt_IDLETIMER.c b/net/netfilter/xt_IDLETIMER.c +index 1141f08810b6..3fef8c2e545d 100644 +--- a/net/netfilter/xt_IDLETIMER.c ++++ b/net/netfilter/xt_IDLETIMER.c +@@ -116,6 +116,22 @@ static void idletimer_tg_expired(unsigned long data) + schedule_work(&timer->work); + } + ++static int idletimer_check_sysfs_name(const char *name, unsigned int size) ++{ ++ int ret; ++ ++ ret = xt_check_proc_name(name, size); ++ if (ret < 0) ++ return ret; ++ ++ if (!strcmp(name, "power") || ++ !strcmp(name, "subsystem") || ++ !strcmp(name, "uevent")) ++ return -EINVAL; ++ ++ return 0; ++} ++ + static int idletimer_tg_create(struct idletimer_tg_info *info) + { + int ret; +@@ -126,6 +142,10 @@ static int idletimer_tg_create(struct idletimer_tg_info *info) + goto out; + } + ++ ret = idletimer_check_sysfs_name(info->label, sizeof(info->label)); ++ if (ret < 0) ++ goto out_free_timer; ++ + sysfs_attr_init(&info->timer->attr.attr); + info->timer->attr.attr.name = kstrdup(info->label, GFP_KERNEL); + if (!info->timer->attr.attr.name) { +-- +2.17.1 + diff --git a/queue-4.14/nvme-pci-fix-conflicting-p2p-resource-adds.patch b/queue-4.14/nvme-pci-fix-conflicting-p2p-resource-adds.patch new file mode 100644 index 00000000000..452df25e601 --- /dev/null +++ b/queue-4.14/nvme-pci-fix-conflicting-p2p-resource-adds.patch @@ -0,0 +1,76 @@ +From 6157e59780c9139749829165cf4c82ac6fc51f39 Mon Sep 17 00:00:00 2001 +From: Keith Busch +Date: Wed, 31 Oct 2018 13:15:29 -0600 +Subject: nvme-pci: fix conflicting p2p resource adds + +[ Upstream commit 9fe5c59ff6a1e5e26a39b75489a1420e7eaaf0b1 ] + +The nvme pci driver had been adding its CMB resource to the P2P DMA +subsystem everytime on on a controller reset. This results in the +following warning: + + ------------[ cut here ]------------ + nvme 0000:00:03.0: Conflicting mapping in same section + WARNING: CPU: 7 PID: 81 at kernel/memremap.c:155 devm_memremap_pages+0xa6/0x380 + ... + Call Trace: + pci_p2pdma_add_resource+0x153/0x370 + nvme_reset_work+0x28c/0x17b1 [nvme] + ? add_timer+0x107/0x1e0 + ? dequeue_entity+0x81/0x660 + ? dequeue_entity+0x3b0/0x660 + ? pick_next_task_fair+0xaf/0x610 + ? __switch_to+0xbc/0x410 + process_one_work+0x1cf/0x350 + worker_thread+0x215/0x3d0 + ? process_one_work+0x350/0x350 + kthread+0x107/0x120 + ? kthread_park+0x80/0x80 + ret_from_fork+0x1f/0x30 + ---[ end trace f7ea76ac6ee72727 ]--- + nvme nvme0: failed to register the CMB + +This patch fixes this by registering the CMB with P2P only once. + +Signed-off-by: Keith Busch +Reviewed-by: Logan Gunthorpe +Signed-off-by: Christoph Hellwig +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + drivers/nvme/host/pci.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c +index afb99876fa9e..9eb0a2acd41f 100644 +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -1546,6 +1546,9 @@ static void __iomem *nvme_map_cmb(struct nvme_dev *dev) + void __iomem *cmb; + int bar; + ++ if (dev->cmb_size) ++ return; ++ + dev->cmbsz = readl(dev->bar + NVME_REG_CMBSZ); + if (!(NVME_CMB_SZ(dev->cmbsz))) + return NULL; +@@ -2032,7 +2035,6 @@ static void nvme_pci_disable(struct nvme_dev *dev) + { + struct pci_dev *pdev = to_pci_dev(dev->dev); + +- nvme_release_cmb(dev); + pci_free_irq_vectors(pdev); + + if (pci_is_enabled(pdev)) { +@@ -2432,6 +2434,7 @@ static void nvme_remove(struct pci_dev *pdev) + nvme_stop_ctrl(&dev->ctrl); + nvme_remove_namespaces(&dev->ctrl); + nvme_dev_disable(dev, true); ++ nvme_release_cmb(dev); + nvme_free_host_mem(dev); + nvme_dev_remove_admin(dev); + nvme_free_queues(dev, 0); +-- +2.17.1 + diff --git a/queue-4.14/perf-symbols-set-plt-entry-header-sizes-properly-on-.patch b/queue-4.14/perf-symbols-set-plt-entry-header-sizes-properly-on-.patch new file mode 100644 index 00000000000..24871a889d1 --- /dev/null +++ b/queue-4.14/perf-symbols-set-plt-entry-header-sizes-properly-on-.patch @@ -0,0 +1,60 @@ +From 23f4b89d3b4e2737872f33d0494d32bb11461fc9 Mon Sep 17 00:00:00 2001 +From: David Miller +Date: Wed, 17 Oct 2018 12:08:59 -0700 +Subject: perf symbols: Set PLT entry/header sizes properly on Sparc + +[ Upstream commit d6afa561e1471ccfdaf7191230c0c59a37e45a5b ] + +Using the sh_entsize for both values isn't correct. It happens to be +correct on x86... + +For both 32-bit and 64-bit sparc, there are four PLT entries in the PLT +section. + +Signed-off-by: David S. Miller +Cc: Alexander Shishkin +Cc: Alexis Berlemont +Cc: David Tolnay +Cc: Hanjun Guo +Cc: Hemant Kumar +Cc: Li Bin +Cc: Masami Hiramatsu +Cc: Milian Wolff +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Wang Nan +Cc: zhangmengting@huawei.com +Fixes: b2f7605076d6 ("perf symbols: Fix plt entry calculation for ARM and AARCH64") +Link: http://lkml.kernel.org/r/20181017.120859.2268840244308635255.davem@davemloft.net +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/symbol-elf.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/tools/perf/util/symbol-elf.c b/tools/perf/util/symbol-elf.c +index 2de770511e70..8ad4296de98b 100644 +--- a/tools/perf/util/symbol-elf.c ++++ b/tools/perf/util/symbol-elf.c +@@ -338,7 +338,17 @@ int dso__synthesize_plt_symbols(struct dso *dso, struct symsrc *ss, struct map * + plt_entry_size = 16; + break; + +- default: /* FIXME: s390/alpha/mips/parisc/poperpc/sh/sparc/xtensa need to be checked */ ++ case EM_SPARC: ++ plt_header_size = 48; ++ plt_entry_size = 12; ++ break; ++ ++ case EM_SPARCV9: ++ plt_header_size = 128; ++ plt_entry_size = 32; ++ break; ++ ++ default: /* FIXME: s390/alpha/mips/parisc/poperpc/sh/xtensa need to be checked */ + plt_header_size = shdr_plt.sh_entsize; + plt_entry_size = shdr_plt.sh_entsize; + break; +-- +2.17.1 + diff --git a/queue-4.14/perf-tools-fix-undefined-symbol-scnprintf-in-libperf.patch b/queue-4.14/perf-tools-fix-undefined-symbol-scnprintf-in-libperf.patch new file mode 100644 index 00000000000..7b224a10c31 --- /dev/null +++ b/queue-4.14/perf-tools-fix-undefined-symbol-scnprintf-in-libperf.patch @@ -0,0 +1,135 @@ +From 72f07575245d009f6d74d26c65c3a3a865790ef4 Mon Sep 17 00:00:00 2001 +From: Gustavo Romero +Date: Thu, 1 Nov 2018 20:13:21 -0400 +Subject: perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so + +[ Upstream commit 6ac2226229d931153331a93d90655a3de05b9290 ] + +Currently jvmti agent can not be used because function scnprintf is not +present in the agent libperf-jvmti.so. As a result the JVM when using +such agent to record JITed code profiling information will fail on +looking up scnprintf: + + java: symbol lookup error: lib/libperf-jvmti.so: undefined symbol: scnprintf + +This commit fixes that by reverting to the use of snprintf, that can be +looked up, instead of scnprintf, adding a proper check for the returned +value in order to print a better error message when the jitdump file +pathname is too long. Checking the returned value also helps to comply +with some recent gcc versions, like gcc8, which will fail due to +truncated writing checks related to the -Werror=format-truncation= flag. + +Signed-off-by: Gustavo Romero +Acked-by: Jiri Olsa +LPU-Reference: 1541117601-18937-2-git-send-email-gromero@linux.vnet.ibm.com +Link: https://lkml.kernel.org/n/tip-mvpxxxy7wnzaj74cq75muw3f@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/jvmti/jvmti_agent.c | 49 ++++++++++++++++++++++++++-------- + 1 file changed, 38 insertions(+), 11 deletions(-) + +diff --git a/tools/perf/jvmti/jvmti_agent.c b/tools/perf/jvmti/jvmti_agent.c +index c1d20d951434..4ad9948fe594 100644 +--- a/tools/perf/jvmti/jvmti_agent.c ++++ b/tools/perf/jvmti/jvmti_agent.c +@@ -125,7 +125,7 @@ perf_get_timestamp(void) + } + + static int +-debug_cache_init(void) ++create_jit_cache_dir(void) + { + char str[32]; + char *base, *p; +@@ -144,8 +144,13 @@ debug_cache_init(void) + + strftime(str, sizeof(str), JIT_LANG"-jit-%Y%m%d", &tm); + +- snprintf(jit_path, PATH_MAX - 1, "%s/.debug/", base); +- ++ ret = snprintf(jit_path, PATH_MAX, "%s/.debug/", base); ++ if (ret >= PATH_MAX) { ++ warnx("jvmti: cannot generate jit cache dir because %s/.debug/" ++ " is too long, please check the cwd, JITDUMPDIR, and" ++ " HOME variables", base); ++ return -1; ++ } + ret = mkdir(jit_path, 0755); + if (ret == -1) { + if (errno != EEXIST) { +@@ -154,20 +159,32 @@ debug_cache_init(void) + } + } + +- snprintf(jit_path, PATH_MAX - 1, "%s/.debug/jit", base); ++ ret = snprintf(jit_path, PATH_MAX, "%s/.debug/jit", base); ++ if (ret >= PATH_MAX) { ++ warnx("jvmti: cannot generate jit cache dir because" ++ " %s/.debug/jit is too long, please check the cwd," ++ " JITDUMPDIR, and HOME variables", base); ++ return -1; ++ } + ret = mkdir(jit_path, 0755); + if (ret == -1) { + if (errno != EEXIST) { +- warn("cannot create jit cache dir %s", jit_path); ++ warn("jvmti: cannot create jit cache dir %s", jit_path); + return -1; + } + } + +- snprintf(jit_path, PATH_MAX - 1, "%s/.debug/jit/%s.XXXXXXXX", base, str); +- ++ ret = snprintf(jit_path, PATH_MAX, "%s/.debug/jit/%s.XXXXXXXX", base, str); ++ if (ret >= PATH_MAX) { ++ warnx("jvmti: cannot generate jit cache dir because" ++ " %s/.debug/jit/%s.XXXXXXXX is too long, please check" ++ " the cwd, JITDUMPDIR, and HOME variables", ++ base, str); ++ return -1; ++ } + p = mkdtemp(jit_path); + if (p != jit_path) { +- warn("cannot create jit cache dir %s", jit_path); ++ warn("jvmti: cannot create jit cache dir %s", jit_path); + return -1; + } + +@@ -228,7 +245,7 @@ void *jvmti_open(void) + { + char dump_path[PATH_MAX]; + struct jitheader header; +- int fd; ++ int fd, ret; + FILE *fp; + + init_arch_timestamp(); +@@ -245,12 +262,22 @@ void *jvmti_open(void) + + memset(&header, 0, sizeof(header)); + +- debug_cache_init(); ++ /* ++ * jitdump file dir ++ */ ++ if (create_jit_cache_dir() < 0) ++ return NULL; + + /* + * jitdump file name + */ +- scnprintf(dump_path, PATH_MAX, "%s/jit-%i.dump", jit_path, getpid()); ++ ret = snprintf(dump_path, PATH_MAX, "%s/jit-%i.dump", jit_path, getpid()); ++ if (ret >= PATH_MAX) { ++ warnx("jvmti: cannot generate jitdump file full path because" ++ " %s/jit-%i.dump is too long, please check the cwd," ++ " JITDUMPDIR, and HOME variables", jit_path, getpid()); ++ return NULL; ++ } + + fd = open(dump_path, O_CREAT|O_TRUNC|O_RDWR, 0666); + if (fd == -1) +-- +2.17.1 + diff --git a/queue-4.14/platform-x86-acerhdf-add-bios-entry-for-gateway-lt31.patch b/queue-4.14/platform-x86-acerhdf-add-bios-entry-for-gateway-lt31.patch new file mode 100644 index 00000000000..b4f6c5a5e74 --- /dev/null +++ b/queue-4.14/platform-x86-acerhdf-add-bios-entry-for-gateway-lt31.patch @@ -0,0 +1,41 @@ +From bd20bd595d4200831cff96f8c5cc1a56a0c1a861 Mon Sep 17 00:00:00 2001 +From: Paul Gortmaker +Date: Thu, 20 Sep 2018 21:44:19 -0400 +Subject: platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 + +[ Upstream commit 684238d79ad85c5e19a71bb5818e77e329912fbc ] + +To fix: + + acerhdf: unknown (unsupported) BIOS version Gateway /LT31 /v1.3307 , please report, aborting! + +As can be seen in the context, the BIOS registers haven't changed in +the previous versions, so the assumption is they won't have changed +in this last update for this somewhat older platform either. + +Cc: Peter Feuerer +Cc: Darren Hart +Cc: Andy Shevchenko +Signed-off-by: Paul Gortmaker +Signed-off-by: Andy Shevchenko +Reviewed-by: Peter Feuerer +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/acerhdf.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/platform/x86/acerhdf.c b/drivers/platform/x86/acerhdf.c +index ea22591ee66f..53dfe67807e3 100644 +--- a/drivers/platform/x86/acerhdf.c ++++ b/drivers/platform/x86/acerhdf.c +@@ -233,6 +233,7 @@ static const struct bios_settings bios_tbl[] = { + {"Gateway", "LT31", "v1.3201", 0x55, 0x58, {0x9e, 0x00}, 0}, + {"Gateway", "LT31", "v1.3302", 0x55, 0x58, {0x9e, 0x00}, 0}, + {"Gateway", "LT31", "v1.3303t", 0x55, 0x58, {0x9e, 0x00}, 0}, ++ {"Gateway", "LT31", "v1.3307", 0x55, 0x58, {0x9e, 0x00}, 0}, + /* Packard Bell */ + {"Packard Bell", "DOA150", "v0.3104", 0x55, 0x58, {0x21, 0x00}, 0}, + {"Packard Bell", "DOA150", "v0.3105", 0x55, 0x58, {0x20, 0x00}, 0}, +-- +2.17.1 + diff --git a/queue-4.14/platform-x86-intel_telemetry-report-debugfs-failure.patch b/queue-4.14/platform-x86-intel_telemetry-report-debugfs-failure.patch new file mode 100644 index 00000000000..ca23aeb7241 --- /dev/null +++ b/queue-4.14/platform-x86-intel_telemetry-report-debugfs-failure.patch @@ -0,0 +1,61 @@ +From e589a3a413f6290830e538d517795e40e3cd423a Mon Sep 17 00:00:00 2001 +From: Rajneesh Bhardwaj +Date: Sat, 6 Oct 2018 12:21:13 +0530 +Subject: platform/x86: intel_telemetry: report debugfs failure + +[ Upstream commit 8d98b1ef368feeb7720b8b9b6f3bd93f2ad892bc ] + +On some Goldmont based systems such as ASRock J3455M the BIOS may not +enable the IPC1 device that provides access to the PMC and PUNIT. In +such scenarios, the IOSS and PSS resources from the platform device can +not be obtained and result in a invalid telemetry_plt_config which is an +internal data structure that holds platform config and is maintained by +the telemetry platform driver. + +This is also applicable to the platforms where the BIOS supports IPC1 +device under debug configurations but IPC1 is disabled by user or the +policy. + +This change allows user to know the reason for not seeing entries under +/sys/kernel/debug/telemetry/* when there is no apparent failure at boot. + +Cc: Matt Turner +Cc: Len Brown +Cc: Souvik Kumar Chakravarty +Cc: Kuppuswamy Sathyanarayanan + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=198779 +Acked-by: Matt Turner +Signed-off-by: Rajneesh Bhardwaj +Signed-off-by: Andy Shevchenko +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/intel_telemetry_debugfs.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/platform/x86/intel_telemetry_debugfs.c b/drivers/platform/x86/intel_telemetry_debugfs.c +index d4fc42b4cbeb..401bdc7a9d94 100644 +--- a/drivers/platform/x86/intel_telemetry_debugfs.c ++++ b/drivers/platform/x86/intel_telemetry_debugfs.c +@@ -968,12 +968,16 @@ static int __init telemetry_debugfs_init(void) + debugfs_conf = (struct telemetry_debugfs_conf *)id->driver_data; + + err = telemetry_pltconfig_valid(); +- if (err < 0) ++ if (err < 0) { ++ pr_info("Invalid pltconfig, ensure IPC1 device is enabled in BIOS\n"); + return -ENODEV; ++ } + + err = telemetry_debugfs_check_evts(); +- if (err < 0) ++ if (err < 0) { ++ pr_info("telemetry_debugfs_check_evts failed\n"); + return -EINVAL; ++ } + + register_pm_notifier(&pm_notifier); + +-- +2.17.1 + diff --git a/queue-4.14/qed-fix-blocking-unlimited-spq-entries-leak.patch b/queue-4.14/qed-fix-blocking-unlimited-spq-entries-leak.patch new file mode 100644 index 00000000000..7c222294dff --- /dev/null +++ b/queue-4.14/qed-fix-blocking-unlimited-spq-entries-leak.patch @@ -0,0 +1,146 @@ +From bcd8ff2d3d542c1d7193dfc71a56370951625188 Mon Sep 17 00:00:00 2001 +From: Denis Bolotin +Date: Thu, 8 Nov 2018 16:46:09 +0200 +Subject: qed: Fix blocking/unlimited SPQ entries leak + +[ Upstream commit 2632f22ebd08da249c2017962a199a0cfb2324bf ] + +When there are no SPQ entries left in the free_pool, new entries are +allocated and are added to the unlimited list. When an entry in the pool +is available, the content is copied from the original entry, and the new +entry is sent to the device. qed_spq_post() is not aware of that, so the +additional entry is stored in the original entry as p_post_ent, which can +later be returned to the pool. + +Signed-off-by: Denis Bolotin +Signed-off-by: Michal Kalderon +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/qlogic/qed/qed_sp.h | 3 ++ + drivers/net/ethernet/qlogic/qed/qed_spq.c | 57 ++++++++++++----------- + 2 files changed, 33 insertions(+), 27 deletions(-) + +diff --git a/drivers/net/ethernet/qlogic/qed/qed_sp.h b/drivers/net/ethernet/qlogic/qed/qed_sp.h +index ab4ad8a1e2a5..01a213d4ee9c 100644 +--- a/drivers/net/ethernet/qlogic/qed/qed_sp.h ++++ b/drivers/net/ethernet/qlogic/qed/qed_sp.h +@@ -167,6 +167,9 @@ struct qed_spq_entry { + enum spq_mode comp_mode; + struct qed_spq_comp_cb comp_cb; + struct qed_spq_comp_done comp_done; /* SPQ_MODE_EBLOCK */ ++ ++ /* Posted entry for unlimited list entry in EBLOCK mode */ ++ struct qed_spq_entry *post_ent; + }; + + struct qed_eq { +diff --git a/drivers/net/ethernet/qlogic/qed/qed_spq.c b/drivers/net/ethernet/qlogic/qed/qed_spq.c +index be48d9abd001..0313e9c46979 100644 +--- a/drivers/net/ethernet/qlogic/qed/qed_spq.c ++++ b/drivers/net/ethernet/qlogic/qed/qed_spq.c +@@ -687,6 +687,8 @@ static int qed_spq_add_entry(struct qed_hwfn *p_hwfn, + /* EBLOCK responsible to free the allocated p_ent */ + if (p_ent->comp_mode != QED_SPQ_MODE_EBLOCK) + kfree(p_ent); ++ else ++ p_ent->post_ent = p_en2; + + p_ent = p_en2; + } +@@ -770,6 +772,25 @@ static int qed_spq_pend_post(struct qed_hwfn *p_hwfn) + SPQ_HIGH_PRI_RESERVE_DEFAULT); + } + ++/* Avoid overriding of SPQ entries when getting out-of-order completions, by ++ * marking the completions in a bitmap and increasing the chain consumer only ++ * for the first successive completed entries. ++ */ ++static void qed_spq_comp_bmap_update(struct qed_hwfn *p_hwfn, __le16 echo) ++{ ++ u16 pos = le16_to_cpu(echo) % SPQ_RING_SIZE; ++ struct qed_spq *p_spq = p_hwfn->p_spq; ++ ++ __set_bit(pos, p_spq->p_comp_bitmap); ++ while (test_bit(p_spq->comp_bitmap_idx, ++ p_spq->p_comp_bitmap)) { ++ __clear_bit(p_spq->comp_bitmap_idx, ++ p_spq->p_comp_bitmap); ++ p_spq->comp_bitmap_idx++; ++ qed_chain_return_produced(&p_spq->chain); ++ } ++} ++ + int qed_spq_post(struct qed_hwfn *p_hwfn, + struct qed_spq_entry *p_ent, u8 *fw_return_code) + { +@@ -821,11 +842,12 @@ int qed_spq_post(struct qed_hwfn *p_hwfn, + p_ent->queue == &p_spq->unlimited_pending); + + if (p_ent->queue == &p_spq->unlimited_pending) { +- /* This is an allocated p_ent which does not need to +- * return to pool. +- */ ++ struct qed_spq_entry *p_post_ent = p_ent->post_ent; ++ + kfree(p_ent); +- return rc; ++ ++ /* Return the entry which was actually posted */ ++ p_ent = p_post_ent; + } + + if (rc) +@@ -839,7 +861,7 @@ int qed_spq_post(struct qed_hwfn *p_hwfn, + spq_post_fail2: + spin_lock_bh(&p_spq->lock); + list_del(&p_ent->list); +- qed_chain_return_produced(&p_spq->chain); ++ qed_spq_comp_bmap_update(p_hwfn, p_ent->elem.hdr.echo); + + spq_post_fail: + /* return to the free pool */ +@@ -871,25 +893,8 @@ int qed_spq_completion(struct qed_hwfn *p_hwfn, + spin_lock_bh(&p_spq->lock); + list_for_each_entry_safe(p_ent, tmp, &p_spq->completion_pending, list) { + if (p_ent->elem.hdr.echo == echo) { +- u16 pos = le16_to_cpu(echo) % SPQ_RING_SIZE; +- + list_del(&p_ent->list); +- +- /* Avoid overriding of SPQ entries when getting +- * out-of-order completions, by marking the completions +- * in a bitmap and increasing the chain consumer only +- * for the first successive completed entries. +- */ +- __set_bit(pos, p_spq->p_comp_bitmap); +- +- while (test_bit(p_spq->comp_bitmap_idx, +- p_spq->p_comp_bitmap)) { +- __clear_bit(p_spq->comp_bitmap_idx, +- p_spq->p_comp_bitmap); +- p_spq->comp_bitmap_idx++; +- qed_chain_return_produced(&p_spq->chain); +- } +- ++ qed_spq_comp_bmap_update(p_hwfn, echo); + p_spq->comp_count++; + found = p_ent; + break; +@@ -928,11 +933,9 @@ int qed_spq_completion(struct qed_hwfn *p_hwfn, + QED_MSG_SPQ, + "Got a completion without a callback function\n"); + +- if ((found->comp_mode != QED_SPQ_MODE_EBLOCK) || +- (found->queue == &p_spq->unlimited_pending)) ++ if (found->comp_mode != QED_SPQ_MODE_EBLOCK) + /* EBLOCK is responsible for returning its own entry into the +- * free list, unless it originally added the entry into the +- * unlimited pending list. ++ * free list. + */ + qed_spq_return_entry(p_hwfn, found); + +-- +2.17.1 + diff --git a/queue-4.14/qed-fix-memory-entry-leak-in-qed_init_sp_request.patch b/queue-4.14/qed-fix-memory-entry-leak-in-qed_init_sp_request.patch new file mode 100644 index 00000000000..e3fdd21577c --- /dev/null +++ b/queue-4.14/qed-fix-memory-entry-leak-in-qed_init_sp_request.patch @@ -0,0 +1,62 @@ +From dff237243a46bc393a6adb414c8a70281f1fb972 Mon Sep 17 00:00:00 2001 +From: Denis Bolotin +Date: Thu, 8 Nov 2018 16:46:08 +0200 +Subject: qed: Fix memory/entry leak in qed_init_sp_request() + +[ Upstream commit 39477551df940ddb1339203817de04f5caaacf7a ] + +Free the allocated SPQ entry or return the acquired SPQ entry to the free +list in error flows. + +Signed-off-by: Denis Bolotin +Signed-off-by: Michal Kalderon +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + .../net/ethernet/qlogic/qed/qed_sp_commands.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c b/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c +index d7c5965328be..b26578464469 100644 +--- a/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c ++++ b/drivers/net/ethernet/qlogic/qed/qed_sp_commands.c +@@ -80,7 +80,7 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn, + + case QED_SPQ_MODE_BLOCK: + if (!p_data->p_comp_data) +- return -EINVAL; ++ goto err; + + p_ent->comp_cb.cookie = p_data->p_comp_data->cookie; + break; +@@ -95,7 +95,7 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn, + default: + DP_NOTICE(p_hwfn, "Unknown SPQE completion mode %d\n", + p_ent->comp_mode); +- return -EINVAL; ++ goto err; + } + + DP_VERBOSE(p_hwfn, QED_MSG_SPQ, +@@ -109,6 +109,18 @@ int qed_sp_init_request(struct qed_hwfn *p_hwfn, + memset(&p_ent->ramrod, 0, sizeof(p_ent->ramrod)); + + return 0; ++ ++err: ++ /* qed_spq_get_entry() can either get an entry from the free_pool, ++ * or, if no entries are left, allocate a new entry and add it to ++ * the unlimited_pending list. ++ */ ++ if (p_ent->queue == &p_hwfn->p_spq->unlimited_pending) ++ kfree(p_ent); ++ else ++ qed_spq_return_entry(p_hwfn, p_ent); ++ ++ return -EINVAL; + } + + static enum tunnel_clss qed_tunn_clss_to_fw_clss(u8 type) +-- +2.17.1 + diff --git a/queue-4.14/qed-fix-potential-memory-corruption.patch b/queue-4.14/qed-fix-potential-memory-corruption.patch new file mode 100644 index 00000000000..3e14ef1f97c --- /dev/null +++ b/queue-4.14/qed-fix-potential-memory-corruption.patch @@ -0,0 +1,58 @@ +From 2f1683f9c1645d8c388d5fb711283f2fb21c10a2 Mon Sep 17 00:00:00 2001 +From: Sagiv Ozeri +Date: Thu, 8 Nov 2018 16:46:11 +0200 +Subject: qed: Fix potential memory corruption + +[ Upstream commit fa5c448d98f0df660bfcad3dd5facc027ef84cd3 ] + +A stuck ramrod should be deleted from the completion_pending list, +otherwise it will be added again in the future and corrupt the list. + +Return error value to inform that ramrod is stuck and should be deleted. + +Signed-off-by: Sagiv Ozeri +Signed-off-by: Denis Bolotin +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/qlogic/qed/qed_spq.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/drivers/net/ethernet/qlogic/qed/qed_spq.c b/drivers/net/ethernet/qlogic/qed/qed_spq.c +index 0313e9c46979..467755b6dd0b 100644 +--- a/drivers/net/ethernet/qlogic/qed/qed_spq.c ++++ b/drivers/net/ethernet/qlogic/qed/qed_spq.c +@@ -144,6 +144,7 @@ static int qed_spq_block(struct qed_hwfn *p_hwfn, + + DP_INFO(p_hwfn, "Ramrod is stuck, requesting MCP drain\n"); + rc = qed_mcp_drain(p_hwfn, p_ptt); ++ qed_ptt_release(p_hwfn, p_ptt); + if (rc) { + DP_NOTICE(p_hwfn, "MCP drain failed\n"); + goto err; +@@ -152,18 +153,15 @@ static int qed_spq_block(struct qed_hwfn *p_hwfn, + /* Retry after drain */ + rc = __qed_spq_block(p_hwfn, p_ent, p_fw_ret, true); + if (!rc) +- goto out; ++ return 0; + + comp_done = (struct qed_spq_comp_done *)p_ent->comp_cb.cookie; +- if (comp_done->done == 1) ++ if (comp_done->done == 1) { + if (p_fw_ret) + *p_fw_ret = comp_done->fw_return_code; +-out: +- qed_ptt_release(p_hwfn, p_ptt); +- return 0; +- ++ return 0; ++ } + err: +- qed_ptt_release(p_hwfn, p_ptt); + DP_NOTICE(p_hwfn, + "Ramrod is stuck [CID %08x cmd %02x protocol %02x echo %04x]\n", + le32_to_cpu(p_ent->elem.hdr.cid), +-- +2.17.1 + diff --git a/queue-4.14/reiserfs-propagate-errors-from-fill_with_dentries-pr.patch b/queue-4.14/reiserfs-propagate-errors-from-fill_with_dentries-pr.patch new file mode 100644 index 00000000000..a6652fd4f83 --- /dev/null +++ b/queue-4.14/reiserfs-propagate-errors-from-fill_with_dentries-pr.patch @@ -0,0 +1,76 @@ +From 409ba9019f37fac64b66f151215fddb662692ba6 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Tue, 30 Oct 2018 15:06:38 -0700 +Subject: reiserfs: propagate errors from fill_with_dentries() properly + +[ Upstream commit b10298d56c9623f9b173f19959732d3184b35f4f ] + +fill_with_dentries() failed to propagate errors up to +reiserfs_for_each_xattr() properly. Plumb them through. + +Note that reiserfs_for_each_xattr() is only used by +reiserfs_delete_xattrs() and reiserfs_chown_xattrs(). The result of +reiserfs_delete_xattrs() is discarded anyway, the only difference there is +whether a warning is printed to dmesg. The result of +reiserfs_chown_xattrs() does matter because it can block chowning of the +file to which the xattrs belong; but either way, the resulting state can +have misaligned ownership, so my patch doesn't improve things greatly. + +Credit for making me look at this code goes to Al Viro, who pointed out +that the ->actor calling convention is suboptimal and should be changed. + +Link: http://lkml.kernel.org/r/20180802163335.83312-1-jannh@google.com +Signed-off-by: Jann Horn +Reviewed-by: Andrew Morton +Cc: Jeff Mahoney +Cc: Eric Biggers +Cc: Al Viro +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/reiserfs/xattr.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c +index 505f87a8c724..83423192588c 100644 +--- a/fs/reiserfs/xattr.c ++++ b/fs/reiserfs/xattr.c +@@ -185,6 +185,7 @@ struct reiserfs_dentry_buf { + struct dir_context ctx; + struct dentry *xadir; + int count; ++ int err; + struct dentry *dentries[8]; + }; + +@@ -207,6 +208,7 @@ fill_with_dentries(struct dir_context *ctx, const char *name, int namelen, + + dentry = lookup_one_len(name, dbuf->xadir, namelen); + if (IS_ERR(dentry)) { ++ dbuf->err = PTR_ERR(dentry); + return PTR_ERR(dentry); + } else if (d_really_is_negative(dentry)) { + /* A directory entry exists, but no file? */ +@@ -215,6 +217,7 @@ fill_with_dentries(struct dir_context *ctx, const char *name, int namelen, + "not found for file %pd.\n", + dentry, dbuf->xadir); + dput(dentry); ++ dbuf->err = -EIO; + return -EIO; + } + +@@ -262,6 +265,10 @@ static int reiserfs_for_each_xattr(struct inode *inode, + err = reiserfs_readdir_inode(d_inode(dir), &buf.ctx); + if (err) + break; ++ if (buf.err) { ++ err = buf.err; ++ break; ++ } + if (!buf.count) + break; + for (i = 0; !err && i < buf.count && buf.dentries[i]; i++) { +-- +2.17.1 + diff --git a/queue-4.14/revert-drm-exynos-decon5433-implement-frame-counter.patch b/queue-4.14/revert-drm-exynos-decon5433-implement-frame-counter.patch new file mode 100644 index 00000000000..7abfe8f848f --- /dev/null +++ b/queue-4.14/revert-drm-exynos-decon5433-implement-frame-counter.patch @@ -0,0 +1,107 @@ +From cd69a84a26ffc423f23acc64417ffedeb74e17d1 Mon Sep 17 00:00:00 2001 +From: Inki Dae +Date: Fri, 5 Oct 2018 11:50:20 +0900 +Subject: Revert "drm/exynos/decon5433: implement frame counter" + +[ Upstream commit 6ca469e22a30992b4478d2ab88737c70667c1e00 ] + +This reverts commit 0586feba322e1de05075700eb4b835c8b683e62b + +This patch makes it to need get_vblank_counter callback in crtc +to get frame counter from decon driver. + +However, drm_dev->max_vblank_count is a member unique to +vendor's DRM driver but in case of ARM DRM, some CRTC devices +don't provide the frame counter value. As a result, this patch +made extension and clone mode not working. + +Instead of this patch, we may need separated max_vblank_count +which belongs to each CRTC device, or need to implement frame +counter emulation for them who don't support HW frame counter. + +Signed-off-by: Inki Dae +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 9 --------- + drivers/gpu/drm/exynos/exynos_drm_crtc.c | 11 ----------- + drivers/gpu/drm/exynos/exynos_drm_drv.h | 1 - + 3 files changed, 21 deletions(-) + +diff --git a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c +index f905c214fdd0..5a5b3535411f 100644 +--- a/drivers/gpu/drm/exynos/exynos5433_drm_decon.c ++++ b/drivers/gpu/drm/exynos/exynos5433_drm_decon.c +@@ -160,13 +160,6 @@ static u32 decon_get_frame_count(struct decon_context *ctx, bool end) + return frm; + } + +-static u32 decon_get_vblank_counter(struct exynos_drm_crtc *crtc) +-{ +- struct decon_context *ctx = crtc->ctx; +- +- return decon_get_frame_count(ctx, false); +-} +- + static void decon_setup_trigger(struct decon_context *ctx) + { + if (!ctx->crtc->i80_mode && !(ctx->out_type & I80_HW_TRG)) +@@ -532,7 +525,6 @@ static const struct exynos_drm_crtc_ops decon_crtc_ops = { + .disable = decon_disable, + .enable_vblank = decon_enable_vblank, + .disable_vblank = decon_disable_vblank, +- .get_vblank_counter = decon_get_vblank_counter, + .atomic_begin = decon_atomic_begin, + .update_plane = decon_update_plane, + .disable_plane = decon_disable_plane, +@@ -550,7 +542,6 @@ static int decon_bind(struct device *dev, struct device *master, void *data) + int ret; + + ctx->drm_dev = drm_dev; +- drm_dev->max_vblank_count = 0xffffffff; + + for (win = ctx->first_win; win < WINDOWS_NR; win++) { + int tmp = (win == ctx->first_win) ? 0 : win; +diff --git a/drivers/gpu/drm/exynos/exynos_drm_crtc.c b/drivers/gpu/drm/exynos/exynos_drm_crtc.c +index 6ce0821590df..4787560bf93e 100644 +--- a/drivers/gpu/drm/exynos/exynos_drm_crtc.c ++++ b/drivers/gpu/drm/exynos/exynos_drm_crtc.c +@@ -147,16 +147,6 @@ static void exynos_drm_crtc_disable_vblank(struct drm_crtc *crtc) + exynos_crtc->ops->disable_vblank(exynos_crtc); + } + +-static u32 exynos_drm_crtc_get_vblank_counter(struct drm_crtc *crtc) +-{ +- struct exynos_drm_crtc *exynos_crtc = to_exynos_crtc(crtc); +- +- if (exynos_crtc->ops->get_vblank_counter) +- return exynos_crtc->ops->get_vblank_counter(exynos_crtc); +- +- return 0; +-} +- + static const struct drm_crtc_funcs exynos_crtc_funcs = { + .set_config = drm_atomic_helper_set_config, + .page_flip = drm_atomic_helper_page_flip, +@@ -166,7 +156,6 @@ static const struct drm_crtc_funcs exynos_crtc_funcs = { + .atomic_destroy_state = drm_atomic_helper_crtc_destroy_state, + .enable_vblank = exynos_drm_crtc_enable_vblank, + .disable_vblank = exynos_drm_crtc_disable_vblank, +- .get_vblank_counter = exynos_drm_crtc_get_vblank_counter, + }; + + struct exynos_drm_crtc *exynos_drm_crtc_create(struct drm_device *drm_dev, +diff --git a/drivers/gpu/drm/exynos/exynos_drm_drv.h b/drivers/gpu/drm/exynos/exynos_drm_drv.h +index f8bae4cb4823..d228b5148dbc 100644 +--- a/drivers/gpu/drm/exynos/exynos_drm_drv.h ++++ b/drivers/gpu/drm/exynos/exynos_drm_drv.h +@@ -133,7 +133,6 @@ struct exynos_drm_crtc_ops { + void (*disable)(struct exynos_drm_crtc *crtc); + int (*enable_vblank)(struct exynos_drm_crtc *crtc); + void (*disable_vblank)(struct exynos_drm_crtc *crtc); +- u32 (*get_vblank_counter)(struct exynos_drm_crtc *crtc); + enum drm_mode_status (*mode_valid)(struct exynos_drm_crtc *crtc, + const struct drm_display_mode *mode); + int (*atomic_check)(struct exynos_drm_crtc *crtc, +-- +2.17.1 + diff --git a/queue-4.14/s390-mm-fix-error-__node_distance-undefined.patch b/queue-4.14/s390-mm-fix-error-__node_distance-undefined.patch new file mode 100644 index 00000000000..dc4499a505c --- /dev/null +++ b/queue-4.14/s390-mm-fix-error-__node_distance-undefined.patch @@ -0,0 +1,36 @@ +From 448312013e6d580ba21b0c36334177390d7d7ab4 Mon Sep 17 00:00:00 2001 +From: "Justin M. Forbes" +Date: Wed, 31 Oct 2018 13:02:03 -0500 +Subject: s390/mm: Fix ERROR: "__node_distance" undefined! + +[ Upstream commit a541f0ebcc08ed8bc0cc492eec9a86cb280a9f24 ] + +Fixes: +ERROR: "__node_distance" [drivers/nvme/host/nvme-core.ko] undefined! +make[1]: *** [scripts/Makefile.modpost:92: __modpost] Error 1 +make: *** [Makefile:1275: modules] Error 2 ++ exit 1 + +Signed-off-by: Justin M. Forbes +Signed-off-by: Heiko Carstens +Signed-off-by: Martin Schwidefsky +Signed-off-by: Sasha Levin +--- + arch/s390/numa/numa.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/s390/numa/numa.c b/arch/s390/numa/numa.c +index 5bd374491f94..6c151b42e65d 100644 +--- a/arch/s390/numa/numa.c ++++ b/arch/s390/numa/numa.c +@@ -54,6 +54,7 @@ int __node_distance(int a, int b) + { + return mode->distance ? mode->distance(a, b) : 0; + } ++EXPORT_SYMBOL(__node_distance); + + int numa_debug_enabled; + +-- +2.17.1 + diff --git a/queue-4.14/s390-perf-change-cpum_cf-return-code-in-event-init-f.patch b/queue-4.14/s390-perf-change-cpum_cf-return-code-in-event-init-f.patch new file mode 100644 index 00000000000..839fab0c4d3 --- /dev/null +++ b/queue-4.14/s390-perf-change-cpum_cf-return-code-in-event-init-f.patch @@ -0,0 +1,39 @@ +From 12f3a514ab3dbb25982830c1323da898a319ad18 Mon Sep 17 00:00:00 2001 +From: Thomas Richter +Date: Mon, 29 Oct 2018 08:11:33 +0000 +Subject: s390/perf: Change CPUM_CF return code in event init function + +[ Upstream commit 0bb2ae1b26e1fb7543ec7474cdd374ac4b88c4da ] + +The function perf_init_event() creates a new event and +assignes it to a PMU. This a done in a loop over all existing +PMUs. For each listed PMU the event init function is called +and if this function does return any other error than -ENOENT, +the loop is terminated the creation of the event fails. + +If the event is invalid, return -ENOENT to try other PMUs. + +Signed-off-by: Thomas Richter +Reviewed-by: Hendrik Brueckner +Signed-off-by: Martin Schwidefsky +Signed-off-by: Sasha Levin +--- + arch/s390/kernel/perf_cpum_cf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/s390/kernel/perf_cpum_cf.c b/arch/s390/kernel/perf_cpum_cf.c +index 746d03423333..61e91fee8467 100644 +--- a/arch/s390/kernel/perf_cpum_cf.c ++++ b/arch/s390/kernel/perf_cpum_cf.c +@@ -376,7 +376,7 @@ static int __hw_perf_event_init(struct perf_event *event) + return -ENOENT; + + if (ev > PERF_CPUM_CF_MAX_CTR) +- return -EINVAL; ++ return -ENOENT; + + /* Obtain the counter set to which the specified counter belongs */ + set = get_counter_set(ev); +-- +2.17.1 + diff --git a/queue-4.14/s390-qeth-fix-hipersockets-sniffer.patch b/queue-4.14/s390-qeth-fix-hipersockets-sniffer.patch new file mode 100644 index 00000000000..bb36481d711 --- /dev/null +++ b/queue-4.14/s390-qeth-fix-hipersockets-sniffer.patch @@ -0,0 +1,70 @@ +From b7c906cf9f9fe58957d2cf55de11c7d2f3fc992f Mon Sep 17 00:00:00 2001 +From: Julian Wiedmann +Date: Fri, 2 Nov 2018 19:04:09 +0100 +Subject: s390/qeth: fix HiperSockets sniffer + +[ Upstream commit bd74a7f9cc033cf4d405788f80292268987dc0c5 ] + +Sniffing mode for L3 HiperSockets requires that no IP addresses are +registered with the HW. The preferred way to achieve this is for +userspace to delete all the IPs on the interface. But qeth is expected +to also tolerate a configuration where that is not the case, by skipping +the IP registration when in sniffer mode. +Since commit 5f78e29ceebf ("qeth: optimize IP handling in rx_mode callback") +reworked the IP registration logic in the L3 subdriver, this no longer +works. When the qeth device is set online, qeth_l3_recover_ip() now +unconditionally registers all unicast addresses from our internal +IP table. + +While we could fix this particular problem by skipping +qeth_l3_recover_ip() on a sniffer device, the more future-proof change +is to skip the IP address registration at the lowest level. This way we +a) catch any future code path that attempts to register an IP address + without considering the sniffer scenario, and +b) continue to build up our internal IP table, so that if sniffer mode + is switched off later we can operate just like normal. + +Fixes: 5f78e29ceebf ("qeth: optimize IP handling in rx_mode callback") +Signed-off-by: Julian Wiedmann +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/s390/net/qeth_l3_main.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c +index cd73172bff47..a19f2dc69e8a 100644 +--- a/drivers/s390/net/qeth_l3_main.c ++++ b/drivers/s390/net/qeth_l3_main.c +@@ -358,9 +358,6 @@ static void qeth_l3_clear_ip_htable(struct qeth_card *card, int recover) + + QETH_CARD_TEXT(card, 4, "clearip"); + +- if (recover && card->options.sniffer) +- return; +- + spin_lock_bh(&card->ip_lock); + + hash_for_each_safe(card->ip_htable, i, tmp, addr, hnode) { +@@ -818,6 +815,8 @@ static int qeth_l3_register_addr_entry(struct qeth_card *card, + int rc = 0; + int cnt = 3; + ++ if (card->options.sniffer) ++ return 0; + + if (addr->proto == QETH_PROT_IPV4) { + QETH_CARD_TEXT(card, 2, "setaddr4"); +@@ -853,6 +852,9 @@ static int qeth_l3_deregister_addr_entry(struct qeth_card *card, + { + int rc = 0; + ++ if (card->options.sniffer) ++ return 0; ++ + if (addr->proto == QETH_PROT_IPV4) { + QETH_CARD_TEXT(card, 2, "deladdr4"); + QETH_CARD_HEX(card, 3, &addr->u.a4.addr, sizeof(int)); +-- +2.17.1 + diff --git a/queue-4.14/s390-vdso-add-missing-force-to-build-targets.patch b/queue-4.14/s390-vdso-add-missing-force-to-build-targets.patch new file mode 100644 index 00000000000..d67a6f7a3a4 --- /dev/null +++ b/queue-4.14/s390-vdso-add-missing-force-to-build-targets.patch @@ -0,0 +1,80 @@ +From eee6ac6aa0b146e9676be83689a9d33510104cd8 Mon Sep 17 00:00:00 2001 +From: Vasily Gorbik +Date: Fri, 19 Oct 2018 15:37:01 +0200 +Subject: s390/vdso: add missing FORCE to build targets + +[ Upstream commit b44b136a3773d8a9c7853f8df716bd1483613cbb ] + +According to Documentation/kbuild/makefiles.txt all build targets using +if_changed should use FORCE as well. Add missing FORCE to make sure +vdso targets are rebuild properly when not just immediate prerequisites +have changed but also when build command differs. + +Reviewed-by: Philipp Rudo +Signed-off-by: Vasily Gorbik +Signed-off-by: Martin Schwidefsky +Signed-off-by: Sasha Levin +--- + arch/s390/kernel/vdso32/Makefile | 6 +++--- + arch/s390/kernel/vdso64/Makefile | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/arch/s390/kernel/vdso32/Makefile b/arch/s390/kernel/vdso32/Makefile +index 308564b9bf68..101cadabfc89 100644 +--- a/arch/s390/kernel/vdso32/Makefile ++++ b/arch/s390/kernel/vdso32/Makefile +@@ -33,7 +33,7 @@ UBSAN_SANITIZE := n + $(obj)/vdso32_wrapper.o : $(obj)/vdso32.so + + # link rule for the .so file, .lds has to be first +-$(obj)/vdso32.so.dbg: $(src)/vdso32.lds $(obj-vdso32) ++$(obj)/vdso32.so.dbg: $(src)/vdso32.lds $(obj-vdso32) FORCE + $(call if_changed,vdso32ld) + + # strip rule for the .so file +@@ -42,12 +42,12 @@ $(obj)/%.so: $(obj)/%.so.dbg FORCE + $(call if_changed,objcopy) + + # assembly rules for the .S files +-$(obj-vdso32): %.o: %.S ++$(obj-vdso32): %.o: %.S FORCE + $(call if_changed_dep,vdso32as) + + # actual build commands + quiet_cmd_vdso32ld = VDSO32L $@ +- cmd_vdso32ld = $(CC) $(c_flags) -Wl,-T $^ -o $@ ++ cmd_vdso32ld = $(CC) $(c_flags) -Wl,-T $(filter %.lds %.o,$^) -o $@ + quiet_cmd_vdso32as = VDSO32A $@ + cmd_vdso32as = $(CC) $(a_flags) -c -o $@ $< + +diff --git a/arch/s390/kernel/vdso64/Makefile b/arch/s390/kernel/vdso64/Makefile +index f81ae7998883..36bbafcf4a77 100644 +--- a/arch/s390/kernel/vdso64/Makefile ++++ b/arch/s390/kernel/vdso64/Makefile +@@ -33,7 +33,7 @@ UBSAN_SANITIZE := n + $(obj)/vdso64_wrapper.o : $(obj)/vdso64.so + + # link rule for the .so file, .lds has to be first +-$(obj)/vdso64.so.dbg: $(src)/vdso64.lds $(obj-vdso64) ++$(obj)/vdso64.so.dbg: $(src)/vdso64.lds $(obj-vdso64) FORCE + $(call if_changed,vdso64ld) + + # strip rule for the .so file +@@ -42,12 +42,12 @@ $(obj)/%.so: $(obj)/%.so.dbg FORCE + $(call if_changed,objcopy) + + # assembly rules for the .S files +-$(obj-vdso64): %.o: %.S ++$(obj-vdso64): %.o: %.S FORCE + $(call if_changed_dep,vdso64as) + + # actual build commands + quiet_cmd_vdso64ld = VDSO64L $@ +- cmd_vdso64ld = $(CC) $(c_flags) -Wl,-T $^ -o $@ ++ cmd_vdso64ld = $(CC) $(c_flags) -Wl,-T $(filter %.lds %.o,$^) -o $@ + quiet_cmd_vdso64as = VDSO64A $@ + cmd_vdso64as = $(CC) $(a_flags) -c -o $@ $< + +-- +2.17.1 + diff --git a/queue-4.14/sched-core-take-the-hotplug-lock-in-sched_init_smp.patch b/queue-4.14/sched-core-take-the-hotplug-lock-in-sched_init_smp.patch new file mode 100644 index 00000000000..ec8c5e4e9db --- /dev/null +++ b/queue-4.14/sched-core-take-the-hotplug-lock-in-sched_init_smp.patch @@ -0,0 +1,88 @@ +From e077b3ae4c66d34cc50e3ec8eabf26dac13db444 Mon Sep 17 00:00:00 2001 +From: Valentin Schneider +Date: Tue, 23 Oct 2018 14:37:31 +0100 +Subject: sched/core: Take the hotplug lock in sched_init_smp() + +[ Upstream commit 40fa3780bac2b654edf23f6b13f4e2dd550aea10 ] + +When running on linux-next (8c60c36d0b8c ("Add linux-next specific files +for 20181019")) + CONFIG_PROVE_LOCKING=y on a big.LITTLE system (e.g. +Juno or HiKey960), we get the following report: + + [ 0.748225] Call trace: + [ 0.750685] lockdep_assert_cpus_held+0x30/0x40 + [ 0.755236] static_key_enable_cpuslocked+0x20/0xc8 + [ 0.760137] build_sched_domains+0x1034/0x1108 + [ 0.764601] sched_init_domains+0x68/0x90 + [ 0.768628] sched_init_smp+0x30/0x80 + [ 0.772309] kernel_init_freeable+0x278/0x51c + [ 0.776685] kernel_init+0x10/0x108 + [ 0.780190] ret_from_fork+0x10/0x18 + +The static_key in question is 'sched_asym_cpucapacity' introduced by +commit: + + df054e8445a4 ("sched/topology: Add static_key for asymmetric CPU capacity optimizations") + +In this particular case, we enable it because smp_prepare_cpus() will +end up fetching the capacity-dmips-mhz entry from the devicetree, +so we already have some asymmetry detected when entering sched_init_smp(). + +This didn't get detected in tip/sched/core because we were missing: + + commit cb538267ea1e ("jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked() operations") + +Calls to build_sched_domains() post sched_init_smp() will hold the +hotplug lock, it just so happens that this very first call is a +special case. As stated by a comment in sched_init_smp(), "There's no +userspace yet to cause hotplug operations" so this is a harmless +warning. + +However, to both respect the semantics of underlying +callees and make lockdep happy, take the hotplug lock in +sched_init_smp(). This also satisfies the comment atop +sched_init_domains() that says "Callers must hold the hotplug lock". + +Reported-by: Sudeep Holla +Tested-by: Sudeep Holla +Signed-off-by: Valentin Schneider +Signed-off-by: Peter Zijlstra (Intel) +Cc: Dietmar.Eggemann@arm.com +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: morten.rasmussen@arm.com +Cc: quentin.perret@arm.com +Link: http://lkml.kernel.org/r/1540301851-3048-1-git-send-email-valentin.schneider@arm.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/sched/core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index 4e89ed8a0fb2..3bc664662081 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -5733,14 +5733,17 @@ void __init sched_init_smp(void) + /* + * There's no userspace yet to cause hotplug operations; hence all the + * CPU masks are stable and all blatant races in the below code cannot +- * happen. ++ * happen. The hotplug lock is nevertheless taken to satisfy lockdep, ++ * but there won't be any contention on it. + */ ++ cpus_read_lock(); + mutex_lock(&sched_domains_mutex); + sched_init_domains(cpu_active_mask); + cpumask_andnot(non_isolated_cpus, cpu_possible_mask, cpu_isolated_map); + if (cpumask_empty(non_isolated_cpus)) + cpumask_set_cpu(smp_processor_id(), non_isolated_cpus); + mutex_unlock(&sched_domains_mutex); ++ cpus_read_unlock(); + + /* Move init over to a non-isolated CPU */ + if (set_cpus_allowed_ptr(current, non_isolated_cpus) < 0) +-- +2.17.1 + diff --git a/queue-4.14/series b/queue-4.14/series new file mode 100644 index 00000000000..37ca6650353 --- /dev/null +++ b/queue-4.14/series @@ -0,0 +1,39 @@ +cifs-don-t-dereference-smb_file_target-before-null-c.patch +cifs-fix-return-value-for-cifs_listxattr.patch +arm64-kprobe-make-page-to-ro-mode-when-allocate-it.patch +nvme-pci-fix-conflicting-p2p-resource-adds.patch +ixgbe-fix-mac-anti-spoofing-filter-after-vflr.patch +reiserfs-propagate-errors-from-fill_with_dentries-pr.patch +hfs-prevent-btree-data-loss-on-root-split.patch +hfsplus-prevent-btree-data-loss-on-root-split.patch +um-give-start_idle_thread-a-return-code.patch +drm-edid-add-6-bpc-quirk-for-boe-panel.patch +platform-x86-intel_telemetry-report-debugfs-failure.patch +clk-fixed-rate-fix-of_node_get-put-imbalance.patch +perf-symbols-set-plt-entry-header-sizes-properly-on-.patch +fs-exofs-fix-potential-memory-leak-in-mount-option-p.patch +clk-samsung-exynos5420-enable-peris-clocks-for-suspe.patch +apparmor-fix-uninitialized-value-in-aa_split_fqname.patch +x86-earlyprintk-add-a-force-option-for-pciserial-dev.patch +platform-x86-acerhdf-add-bios-entry-for-gateway-lt31.patch +arm64-percpu-initialize-ret-in-the-default-case.patch +s390-vdso-add-missing-force-to-build-targets.patch +netfilter-ipset-list-set-decrease-refcount-synchrono.patch +netfilter-ipset-actually-allow-allowable-cidr-0-in-h.patch +s390-mm-fix-error-__node_distance-undefined.patch +netfilter-ipset-correct-rcu_dereference-call-in-ip_s.patch +netfilter-xt_idletimer-add-sysfs-filename-checking-r.patch +s390-qeth-fix-hipersockets-sniffer.patch +hwmon-ibmpowernv-remove-bogus-__init-annotations.patch +revert-drm-exynos-decon5433-implement-frame-counter.patch +clk-fixed-factor-fix-of_node_get-put-imbalance.patch +lib-raid6-fix-arm64-test-build.patch +s390-perf-change-cpum_cf-return-code-in-event-init-f.patch +i2c-omap-enable-for-arch_k3.patch +sched-core-take-the-hotplug-lock-in-sched_init_smp.patch +perf-tools-fix-undefined-symbol-scnprintf-in-libperf.patch +i40e-restore-netif_f_gso_ipxip-46-to-netdev-features.patch +qed-fix-memory-entry-leak-in-qed_init_sp_request.patch +qed-fix-blocking-unlimited-spq-entries-leak.patch +qed-fix-potential-memory-corruption.patch +net-stmmac-fix-rx-packet-size-8191.patch diff --git a/queue-4.14/um-give-start_idle_thread-a-return-code.patch b/queue-4.14/um-give-start_idle_thread-a-return-code.patch new file mode 100644 index 00000000000..d31f682e9f6 --- /dev/null +++ b/queue-4.14/um-give-start_idle_thread-a-return-code.patch @@ -0,0 +1,40 @@ +From 34fbeeb4f7024c7faefd8495e364f19e0fe5771e Mon Sep 17 00:00:00 2001 +From: Richard Weinberger +Date: Fri, 15 Jun 2018 16:42:56 +0200 +Subject: um: Give start_idle_thread() a return code + +[ Upstream commit 7ff1e34bbdc15acab823b1ee4240e94623d50ee8 ] + +Fixes: +arch/um/os-Linux/skas/process.c:613:1: warning: control reaches end of +non-void function [-Wreturn-type] + +longjmp() never returns but gcc still warns that the end of the function +can be reached. +Add a return code and debug aid to detect this impossible case. + +Signed-off-by: Richard Weinberger +Signed-off-by: Sasha Levin +--- + arch/um/os-Linux/skas/process.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/arch/um/os-Linux/skas/process.c b/arch/um/os-Linux/skas/process.c +index c94c3bd70ccd..df4a985716eb 100644 +--- a/arch/um/os-Linux/skas/process.c ++++ b/arch/um/os-Linux/skas/process.c +@@ -610,6 +610,11 @@ int start_idle_thread(void *stack, jmp_buf *switch_buf) + fatal_sigsegv(); + } + longjmp(*switch_buf, 1); ++ ++ /* unreachable */ ++ printk(UM_KERN_ERR "impossible long jump!"); ++ fatal_sigsegv(); ++ return 0; + } + + void initial_thread_cb_skas(void (*proc)(void *), void *arg) +-- +2.17.1 + diff --git a/queue-4.14/x86-earlyprintk-add-a-force-option-for-pciserial-dev.patch b/queue-4.14/x86-earlyprintk-add-a-force-option-for-pciserial-dev.patch new file mode 100644 index 00000000000..21ffc151a56 --- /dev/null +++ b/queue-4.14/x86-earlyprintk-add-a-force-option-for-pciserial-dev.patch @@ -0,0 +1,149 @@ +From 8bb592992458aa8386126cce05db580a671add41 Mon Sep 17 00:00:00 2001 +From: Feng Tang +Date: Wed, 3 Oct 2018 00:49:21 +0800 +Subject: x86/earlyprintk: Add a force option for pciserial device + +[ Upstream commit d2266bbfa9e3e32e3b642965088ca461bd24a94f ] + +The "pciserial" earlyprintk variant helps much on many modern x86 +platforms, but unfortunately there are still some platforms with PCI +UART devices which have the wrong PCI class code. In that case, the +current class code check does not allow for them to be used for logging. + +Add a sub-option "force" which overrides the class code check and thus +the use of such device can be enforced. + + [ bp: massage formulations. ] + +Suggested-by: Borislav Petkov +Signed-off-by: Feng Tang +Signed-off-by: Borislav Petkov +Cc: "H. Peter Anvin" +Cc: "Stuart R . Anderson" +Cc: Bjorn Helgaas +Cc: David Rientjes +Cc: Feng Tang +Cc: Frederic Weisbecker +Cc: Greg Kroah-Hartman +Cc: H Peter Anvin +Cc: Ingo Molnar +Cc: Jiri Kosina +Cc: Jonathan Corbet +Cc: Kai-Heng Feng +Cc: Kate Stewart +Cc: Konrad Rzeszutek Wilk +Cc: Peter Zijlstra +Cc: Philippe Ombredanne +Cc: Thomas Gleixner +Cc: Thymo van Beers +Cc: alan@linux.intel.com +Cc: linux-doc@vger.kernel.org +Link: http://lkml.kernel.org/r/20181002164921.25833-1-feng.tang@intel.com +Signed-off-by: Sasha Levin +--- + .../admin-guide/kernel-parameters.txt | 6 +++- + arch/x86/kernel/early_printk.c | 29 ++++++++++++------- + 2 files changed, 24 insertions(+), 11 deletions(-) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 9841bad6f271..99a08722124d 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -1011,7 +1011,7 @@ + earlyprintk=serial[,0x...[,baudrate]] + earlyprintk=ttySn[,baudrate] + earlyprintk=dbgp[debugController#] +- earlyprintk=pciserial,bus:device.function[,baudrate] ++ earlyprintk=pciserial[,force],bus:device.function[,baudrate] + earlyprintk=xdbc[xhciController#] + + earlyprintk is useful when the kernel crashes before +@@ -1043,6 +1043,10 @@ + + The sclp output can only be used on s390. + ++ The optional "force" to "pciserial" enables use of a ++ PCI device even when its classcode is not of the ++ UART class. ++ + edac_report= [HW,EDAC] Control how to report EDAC event + Format: {"on" | "off" | "force"} + on: enable EDAC to report H/W event. May be overridden +diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c +index 5e801c8c8ce7..374a52fa5296 100644 +--- a/arch/x86/kernel/early_printk.c ++++ b/arch/x86/kernel/early_printk.c +@@ -213,8 +213,9 @@ static unsigned int mem32_serial_in(unsigned long addr, int offset) + * early_pci_serial_init() + * + * This function is invoked when the early_printk param starts with "pciserial" +- * The rest of the param should be ",B:D.F,baud" where B, D & F describe the +- * location of a PCI device that must be a UART device. ++ * The rest of the param should be "[force],B:D.F,baud", where B, D & F describe ++ * the location of a PCI device that must be a UART device. "force" is optional ++ * and overrides the use of an UART device with a wrong PCI class code. + */ + static __init void early_pci_serial_init(char *s) + { +@@ -224,17 +225,23 @@ static __init void early_pci_serial_init(char *s) + u32 classcode, bar0; + u16 cmdreg; + char *e; ++ int force = 0; + +- +- /* +- * First, part the param to get the BDF values +- */ + if (*s == ',') + ++s; + + if (*s == 0) + return; + ++ /* Force the use of an UART device with wrong class code */ ++ if (!strncmp(s, "force,", 6)) { ++ force = 1; ++ s += 6; ++ } ++ ++ /* ++ * Part the param to get the BDF values ++ */ + bus = (u8)simple_strtoul(s, &e, 16); + s = e; + if (*s != ':') +@@ -253,7 +260,7 @@ static __init void early_pci_serial_init(char *s) + s++; + + /* +- * Second, find the device from the BDF ++ * Find the device from the BDF + */ + cmdreg = read_pci_config(bus, slot, func, PCI_COMMAND); + classcode = read_pci_config(bus, slot, func, PCI_CLASS_REVISION); +@@ -264,8 +271,10 @@ static __init void early_pci_serial_init(char *s) + */ + if (((classcode >> 16 != PCI_CLASS_COMMUNICATION_MODEM) && + (classcode >> 16 != PCI_CLASS_COMMUNICATION_SERIAL)) || +- (((classcode >> 8) & 0xff) != 0x02)) /* 16550 I/F at BAR0 */ +- return; ++ (((classcode >> 8) & 0xff) != 0x02)) /* 16550 I/F at BAR0 */ { ++ if (!force) ++ return; ++ } + + /* + * Determine if it is IO or memory mapped +@@ -289,7 +298,7 @@ static __init void early_pci_serial_init(char *s) + } + + /* +- * Lastly, initialize the hardware ++ * Initialize the hardware + */ + if (*s) { + if (strcmp(s, "nocfg") == 0) +-- +2.17.1 +