From: Greg Kroah-Hartman Date: Mon, 3 Jul 2017 07:58:12 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v3.18.60~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aedf2c41554dea5a257c85439d23cb52dab7abd3;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: alsa-hda-fix-endless-loop-of-codec-configure.patch alsa-hda-set-input_path-bitmap-to-zero-after-moving-it-to-new-place.patch drm-vmwgfx-free-hash-table-allocated-by-cmdbuf-managed-res-mgr.patch mips-avoid-accidental-raw-backtrace.patch mips-fix-irq-tracing-lockdep-when-rescheduling.patch mips-pm-cps-drop-manual-cache-line-alignment-of-ready_count.patch --- diff --git a/queue-4.4/alsa-hda-fix-endless-loop-of-codec-configure.patch b/queue-4.4/alsa-hda-fix-endless-loop-of-codec-configure.patch new file mode 100644 index 00000000000..3a572b655f9 --- /dev/null +++ b/queue-4.4/alsa-hda-fix-endless-loop-of-codec-configure.patch @@ -0,0 +1,61 @@ +From d94815f917da770d42c377786dc428f542e38f71 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 28 Jun 2017 12:02:02 +0200 +Subject: ALSA: hda - Fix endless loop of codec configure + +From: Takashi Iwai + +commit d94815f917da770d42c377786dc428f542e38f71 upstream. + +azx_codec_configure() loops over the codecs found on the given +controller via a linked list. The code used to work in the past, but +in the current version, this may lead to an endless loop when a codec +binding returns an error. + +The culprit is that the snd_hda_codec_configure() unregisters the +device upon error, and this eventually deletes the given codec object +from the bus. Since the list is initialized via list_del_init(), the +next object points to the same device itself. This behavior change +was introduced at splitting the HD-audio code code, and forgotten to +adapt it here. + +For fixing this bug, just use a *_safe() version of list iteration. + +Fixes: d068ebc25e6e ("ALSA: hda - Move some codes up to hdac_bus struct") +Reported-by: Daniel Vetter +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/hda_codec.h | 2 ++ + sound/pci/hda/hda_controller.c | 8 ++++++-- + 2 files changed, 8 insertions(+), 2 deletions(-) + +--- a/sound/pci/hda/hda_codec.h ++++ b/sound/pci/hda/hda_codec.h +@@ -294,6 +294,8 @@ struct hda_codec { + + #define list_for_each_codec(c, bus) \ + list_for_each_entry(c, &(bus)->core.codec_list, core.list) ++#define list_for_each_codec_safe(c, n, bus) \ ++ list_for_each_entry_safe(c, n, &(bus)->core.codec_list, core.list) + + /* snd_hda_codec_read/write optional flags */ + #define HDA_RW_NO_RESPONSE_FALLBACK (1 << 0) +--- a/sound/pci/hda/hda_controller.c ++++ b/sound/pci/hda/hda_controller.c +@@ -1128,8 +1128,12 @@ EXPORT_SYMBOL_GPL(azx_probe_codecs); + /* configure each codec instance */ + int azx_codec_configure(struct azx *chip) + { +- struct hda_codec *codec; +- list_for_each_codec(codec, &chip->bus) { ++ struct hda_codec *codec, *next; ++ ++ /* use _safe version here since snd_hda_codec_configure() deregisters ++ * the device upon error and deletes itself from the bus list. ++ */ ++ list_for_each_codec_safe(codec, next, &chip->bus) { + snd_hda_codec_configure(codec); + } + return 0; diff --git a/queue-4.4/alsa-hda-set-input_path-bitmap-to-zero-after-moving-it-to-new-place.patch b/queue-4.4/alsa-hda-set-input_path-bitmap-to-zero-after-moving-it-to-new-place.patch new file mode 100644 index 00000000000..213261eede2 --- /dev/null +++ b/queue-4.4/alsa-hda-set-input_path-bitmap-to-zero-after-moving-it-to-new-place.patch @@ -0,0 +1,42 @@ +From a8f20fd25bdce81a8e41767c39f456d346b63427 Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Wed, 28 Jun 2017 08:59:16 +0800 +Subject: ALSA: hda - set input_path bitmap to zero after moving it to new place + +From: Hui Wang + +commit a8f20fd25bdce81a8e41767c39f456d346b63427 upstream. + +Recently we met a problem, the codec has valid adcs and input pins, +and they can form valid input paths, but the driver does not build +valid controls for them like "Mic boost", "Capture Volume" and +"Capture Switch". + +Through debugging, I found the driver needs to shrink the invalid +adcs and input paths for this machine, so it will move the whole +column bitmap value to the previous column, after moving it, the +driver forgets to set the original column bitmap value to zero, as a +result, the driver will invalidate the path whose index value is the +original colume bitmap value. After executing this function, all +valid input paths are invalidated by a mistake, there are no any +valid input paths, so the driver won't build controls for them. + +Fixes: 3a65bcdc577a ("ALSA: hda - Fix inconsistent input_paths after ADC reduction") +Signed-off-by: Hui Wang +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/hda_generic.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/hda_generic.c ++++ b/sound/pci/hda/hda_generic.c +@@ -3190,6 +3190,7 @@ static int check_dyn_adc_switch(struct h + spec->input_paths[i][nums]); + spec->input_paths[i][nums] = + spec->input_paths[i][n]; ++ spec->input_paths[i][n] = 0; + } + } + nums++; diff --git a/queue-4.4/drm-vmwgfx-free-hash-table-allocated-by-cmdbuf-managed-res-mgr.patch b/queue-4.4/drm-vmwgfx-free-hash-table-allocated-by-cmdbuf-managed-res-mgr.patch new file mode 100644 index 00000000000..5309e48f8ee --- /dev/null +++ b/queue-4.4/drm-vmwgfx-free-hash-table-allocated-by-cmdbuf-managed-res-mgr.patch @@ -0,0 +1,35 @@ +From 82fcee526ba8ca2c5d378bdf51b21b7eb058fe3a Mon Sep 17 00:00:00 2001 +From: Deepak Rawat +Date: Mon, 26 Jun 2017 14:39:08 +0200 +Subject: drm/vmwgfx: Free hash table allocated by cmdbuf managed res mgr + +From: Deepak Rawat + +commit 82fcee526ba8ca2c5d378bdf51b21b7eb058fe3a upstream. + +The hash table created during vmw_cmdbuf_res_man_create was +never freed. This causes memory leak in context creation. +Added the corresponding drm_ht_remove in vmw_cmdbuf_res_man_destroy. + +Tested for memory leak by running piglit overnight and kernel +memory is not inflated which earlier was. + +Signed-off-by: Deepak Rawat +Reviewed-by: Sinclair Yeh +Signed-off-by: Thomas Hellstrom +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c +@@ -321,6 +321,7 @@ void vmw_cmdbuf_res_man_destroy(struct v + list_for_each_entry_safe(entry, next, &man->list, head) + vmw_cmdbuf_res_free(man, entry); + ++ drm_ht_remove(&man->resources); + kfree(man); + } + diff --git a/queue-4.4/mips-avoid-accidental-raw-backtrace.patch b/queue-4.4/mips-avoid-accidental-raw-backtrace.patch new file mode 100644 index 00000000000..be047cd25b6 --- /dev/null +++ b/queue-4.4/mips-avoid-accidental-raw-backtrace.patch @@ -0,0 +1,45 @@ +From 854236363370995a609a10b03e35fd3dc5e9e4a1 Mon Sep 17 00:00:00 2001 +From: James Hogan +Date: Thu, 29 Jun 2017 15:05:04 +0100 +Subject: MIPS: Avoid accidental raw backtrace + +From: James Hogan + +commit 854236363370995a609a10b03e35fd3dc5e9e4a1 upstream. + +Since commit 81a76d7119f6 ("MIPS: Avoid using unwind_stack() with +usermode") show_backtrace() invokes the raw backtracer when +cp0_status & ST0_KSU indicates user mode to fix issues on EVA kernels +where user and kernel address spaces overlap. + +However this is used by show_stack() which creates its own pt_regs on +the stack and leaves cp0_status uninitialised in most of the code paths. +This results in the non deterministic use of the raw back tracer +depending on the previous stack content. + +show_stack() deals exclusively with kernel mode stacks anyway, so +explicitly initialise regs.cp0_status to KSU_KERNEL (i.e. 0) to ensure +we get a useful backtrace. + +Fixes: 81a76d7119f6 ("MIPS: Avoid using unwind_stack() with usermode") +Signed-off-by: James Hogan +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/16656/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/traps.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/mips/kernel/traps.c ++++ b/arch/mips/kernel/traps.c +@@ -194,6 +194,8 @@ void show_stack(struct task_struct *task + { + struct pt_regs regs; + mm_segment_t old_fs = get_fs(); ++ ++ regs.cp0_status = KSU_KERNEL; + if (sp) { + regs.regs[29] = (unsigned long)sp; + regs.regs[31] = 0; diff --git a/queue-4.4/mips-fix-irq-tracing-lockdep-when-rescheduling.patch b/queue-4.4/mips-fix-irq-tracing-lockdep-when-rescheduling.patch new file mode 100644 index 00000000000..6399c00a1b2 --- /dev/null +++ b/queue-4.4/mips-fix-irq-tracing-lockdep-when-rescheduling.patch @@ -0,0 +1,109 @@ +From d8550860d910c6b7b70f830f59003b33daaa52c9 Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Fri, 3 Mar 2017 15:26:05 -0800 +Subject: MIPS: Fix IRQ tracing & lockdep when rescheduling + +From: Paul Burton + +commit d8550860d910c6b7b70f830f59003b33daaa52c9 upstream. + +When the scheduler sets TIF_NEED_RESCHED & we call into the scheduler +from arch/mips/kernel/entry.S we disable interrupts. This is true +regardless of whether we reach work_resched from syscall_exit_work, +resume_userspace or by looping after calling schedule(). Although we +disable interrupts in these paths we don't call trace_hardirqs_off() +before calling into C code which may acquire locks, and we therefore +leave lockdep with an inconsistent view of whether interrupts are +disabled or not when CONFIG_PROVE_LOCKING & CONFIG_DEBUG_LOCKDEP are +both enabled. + +Without tracing this interrupt state lockdep will print warnings such +as the following once a task returns from a syscall via +syscall_exit_partial with TIF_NEED_RESCHED set: + +[ 49.927678] ------------[ cut here ]------------ +[ 49.934445] WARNING: CPU: 0 PID: 1 at kernel/locking/lockdep.c:3687 check_flags.part.41+0x1dc/0x1e8 +[ 49.946031] DEBUG_LOCKS_WARN_ON(current->hardirqs_enabled) +[ 49.946355] CPU: 0 PID: 1 Comm: init Not tainted 4.10.0-00439-gc9fd5d362289-dirty #197 +[ 49.963505] Stack : 0000000000000000 ffffffff81bb5d6a 0000000000000006 ffffffff801ce9c4 +[ 49.974431] 0000000000000000 0000000000000000 0000000000000000 000000000000004a +[ 49.985300] ffffffff80b7e487 ffffffff80a24498 a8000000ff160000 ffffffff80ede8b8 +[ 49.996194] 0000000000000001 0000000000000000 0000000000000000 0000000077c8030c +[ 50.007063] 000000007fd8a510 ffffffff801cd45c 0000000000000000 a8000000ff127c88 +[ 50.017945] 0000000000000000 ffffffff801cf928 0000000000000001 ffffffff80a24498 +[ 50.028827] 0000000000000000 0000000000000001 0000000000000000 0000000000000000 +[ 50.039688] 0000000000000000 a8000000ff127bd0 0000000000000000 ffffffff805509bc +[ 50.050575] 00000000140084e0 0000000000000000 0000000000000000 0000000000040a00 +[ 50.061448] 0000000000000000 ffffffff8010e1b0 0000000000000000 ffffffff805509bc +[ 50.072327] ... +[ 50.076087] Call Trace: +[ 50.079869] [] show_stack+0x80/0xa8 +[ 50.086577] [] dump_stack+0x10c/0x190 +[ 50.093498] [] __warn+0xf0/0x108 +[ 50.099889] [] warn_slowpath_fmt+0x3c/0x48 +[ 50.107241] [] check_flags.part.41+0x1dc/0x1e8 +[ 50.114961] [] lock_is_held_type+0x8c/0xb0 +[ 50.122291] [] __schedule+0x8c0/0x10f8 +[ 50.129221] [] schedule+0x30/0x98 +[ 50.135659] [] work_resched+0x8/0x34 +[ 50.142397] ---[ end trace 0cb4f6ef5b99fe21 ]--- +[ 50.148405] possible reason: unannotated irqs-off. +[ 50.154600] irq event stamp: 400463 +[ 50.159566] hardirqs last enabled at (400463): [] _raw_spin_unlock_irqrestore+0x40/0xa8 +[ 50.171981] hardirqs last disabled at (400462): [] _raw_spin_lock_irqsave+0x30/0xb0 +[ 50.183897] softirqs last enabled at (400450): [] __do_softirq+0x4ac/0x6a8 +[ 50.195015] softirqs last disabled at (400425): [] irq_exit+0x110/0x128 + +Fix this by using the TRACE_IRQS_OFF macro to call trace_hardirqs_off() +when CONFIG_TRACE_IRQFLAGS is enabled. This is done before invoking +schedule() following the work_resched label because: + + 1) Interrupts are disabled regardless of the path we take to reach + work_resched() & schedule(). + + 2) Performing the tracing here avoids the need to do it in paths which + disable interrupts but don't call out to C code before hitting a + path which uses the RESTORE_SOME macro that will call + trace_hardirqs_on() or trace_hardirqs_off() as appropriate. + +We call trace_hardirqs_on() using the TRACE_IRQS_ON macro before calling +syscall_trace_leave() for similar reasons, ensuring that lockdep has a +consistent view of state after we re-enable interrupts. + +Signed-off-by: Paul Burton +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/15385/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/entry.S | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/mips/kernel/entry.S ++++ b/arch/mips/kernel/entry.S +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -137,6 +138,7 @@ work_pending: + andi t0, a2, _TIF_NEED_RESCHED # a2 is preloaded with TI_FLAGS + beqz t0, work_notifysig + work_resched: ++ TRACE_IRQS_OFF + jal schedule + + local_irq_disable # make sure need_resched and +@@ -173,6 +175,7 @@ syscall_exit_work: + beqz t0, work_pending # trace bit set? + local_irq_enable # could let syscall_trace_leave() + # call schedule() instead ++ TRACE_IRQS_ON + move a0, sp + jal syscall_trace_leave + b resume_userspace diff --git a/queue-4.4/mips-pm-cps-drop-manual-cache-line-alignment-of-ready_count.patch b/queue-4.4/mips-pm-cps-drop-manual-cache-line-alignment-of-ready_count.patch new file mode 100644 index 00000000000..10bc476d872 --- /dev/null +++ b/queue-4.4/mips-pm-cps-drop-manual-cache-line-alignment-of-ready_count.patch @@ -0,0 +1,74 @@ +From 161c51ccb7a6faf45ffe09aa5cf1ad85ccdad503 Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Thu, 2 Mar 2017 14:02:40 -0800 +Subject: MIPS: pm-cps: Drop manual cache-line alignment of ready_count + +From: Paul Burton + +commit 161c51ccb7a6faf45ffe09aa5cf1ad85ccdad503 upstream. + +We allocate memory for a ready_count variable per-CPU, which is accessed +via a cached non-coherent TLB mapping to perform synchronisation between +threads within the core using LL/SC instructions. In order to ensure +that the variable is contained within its own data cache line we +allocate 2 lines worth of memory & align the resulting pointer to a line +boundary. This is however unnecessary, since kmalloc is guaranteed to +return memory which is at least cache-line aligned (see +ARCH_DMA_MINALIGN). Stop the redundant manual alignment. + +Besides cleaning up the code & avoiding needless work, this has the side +effect of avoiding an arithmetic error found by Bryan on 64 bit systems +due to the 32 bit size of the former dlinesz. This led the ready_count +variable to have its upper 32b cleared erroneously for MIPS64 kernels, +causing problems when ready_count was later used on MIPS64 via cpuidle. + +Signed-off-by: Paul Burton +Fixes: 3179d37ee1ed ("MIPS: pm-cps: add PM state entry code for CPS systems") +Reported-by: Bryan O'Donoghue +Reviewed-by: Bryan O'Donoghue +Tested-by: Bryan O'Donoghue +Cc: linux-mips@linux-mips.org +Patchwork: https://patchwork.linux-mips.org/patch/15383/ +Signed-off-by: Ralf Baechle +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/pm-cps.c | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +--- a/arch/mips/kernel/pm-cps.c ++++ b/arch/mips/kernel/pm-cps.c +@@ -55,7 +55,6 @@ DECLARE_BITMAP(state_support, CPS_PM_STA + * state. Actually per-core rather than per-CPU. + */ + static DEFINE_PER_CPU_ALIGNED(u32*, ready_count); +-static DEFINE_PER_CPU_ALIGNED(void*, ready_count_alloc); + + /* Indicates online CPUs coupled with the current CPU */ + static DEFINE_PER_CPU_ALIGNED(cpumask_t, online_coupled); +@@ -625,7 +624,6 @@ static int __init cps_gen_core_entries(u + { + enum cps_pm_state state; + unsigned core = cpu_data[cpu].core; +- unsigned dlinesz = cpu_data[cpu].dcache.linesz; + void *entry_fn, *core_rc; + + for (state = CPS_PM_NC_WAIT; state < CPS_PM_STATE_COUNT; state++) { +@@ -645,16 +643,11 @@ static int __init cps_gen_core_entries(u + } + + if (!per_cpu(ready_count, core)) { +- core_rc = kmalloc(dlinesz * 2, GFP_KERNEL); ++ core_rc = kmalloc(sizeof(u32), GFP_KERNEL); + if (!core_rc) { + pr_err("Failed allocate core %u ready_count\n", core); + return -ENOMEM; + } +- per_cpu(ready_count_alloc, core) = core_rc; +- +- /* Ensure ready_count is aligned to a cacheline boundary */ +- core_rc += dlinesz - 1; +- core_rc = (void *)((unsigned long)core_rc & ~(dlinesz - 1)); + per_cpu(ready_count, core) = core_rc; + } + diff --git a/queue-4.4/series b/queue-4.4/series index 32bebf8d0e4..33e198ede43 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -19,3 +19,9 @@ netfilter-synproxy-fix-conntrackd-interaction.patch nfsv4-fix-a-reference-leak-caused-warning-messages.patch drm-ast-handle-configuration-without-p2a-bridge.patch mm-swap_cgroup-reschedule-when-neeed-in-swap_cgroup_swapoff.patch +mips-avoid-accidental-raw-backtrace.patch +mips-pm-cps-drop-manual-cache-line-alignment-of-ready_count.patch +mips-fix-irq-tracing-lockdep-when-rescheduling.patch +alsa-hda-fix-endless-loop-of-codec-configure.patch +alsa-hda-set-input_path-bitmap-to-zero-after-moving-it-to-new-place.patch +drm-vmwgfx-free-hash-table-allocated-by-cmdbuf-managed-res-mgr.patch