From: Greg Kroah-Hartman Date: Wed, 23 Sep 2015 04:36:03 +0000 (-0700) Subject: 4.2-stable patches X-Git-Tag: v4.1.9~48 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cda95df4535546206fc0b399cdccfbdbe14617e1;p=thirdparty%2Fkernel%2Fstable-queue.git 4.2-stable patches added patches: alsa-hda-add-some-fixup-quirks-for-white-noise-on-dell-laptop.patch alsa-hda-enable-headphone-jack-detect-on-old-fujitsu-laptops.patch alsa-hda-fix-missing-inline-for-dummy-snd_hdac_set_codec_wakeup.patch alsa-hda-fix-white-noise-on-dell-m3800.patch alsa-hda-use-alc880_fixup_fujitsu-for-fsc-amilo-m1437.patch alsa-usb-audio-correct-the-value-cache-check.patch arm-arm64-kvm-vgic-check-for-irqchip_in_kernel-when-mapping-resources.patch arm64-compat-fix-vfp-save-restore-across-signal-handlers-in-big-endian.patch arm64-entry-always-restore-x0-from-the-stack-on-syscall-return.patch arm64-errata-add-module-build-workaround-for-erratum-843419.patch arm64-flush-fp-simd-state-correctly-after-execve.patch arm64-head.s-initialise-mdcr_el2-in-el2_setup.patch arm64-kconfig-move-list_poison-to-a-safe-value.patch arm64-kvm-disable-virtual-timer-even-if-the-guest-is-not-using-it.patch arm64-set-max_memblock_addr-according-to-linear-region-size.patch input-evdev-do-not-report-errors-form-flush.patch input-synaptics-fix-handling-of-disabling-gesture-mode.patch kvm-arm64-add-workaround-for-cortex-a57-erratum-852523.patch of-fdt-make-memblock-maximum-physical-address-arch-configurable.patch pinctrl-mediatek-fix-multiple-registration-issue.patch --- diff --git a/queue-4.2/alsa-hda-add-some-fixup-quirks-for-white-noise-on-dell-laptop.patch b/queue-4.2/alsa-hda-add-some-fixup-quirks-for-white-noise-on-dell-laptop.patch new file mode 100644 index 00000000000..f5ded36042b --- /dev/null +++ b/queue-4.2/alsa-hda-add-some-fixup-quirks-for-white-noise-on-dell-laptop.patch @@ -0,0 +1,44 @@ +From 1adecc6755e1e4193b5618ddb2e107f6d6e88f4b Mon Sep 17 00:00:00 2001 +From: Woodrow Shen +Date: Fri, 4 Sep 2015 15:08:12 +0800 +Subject: ALSA: hda - Add some FIXUP quirks for white noise on Dell laptop. + +From: Woodrow Shen + +commit 1adecc6755e1e4193b5618ddb2e107f6d6e88f4b upstream. + +Dell laptop has a series model to use the same codec but different subsystem ID. +At the same time they happens the white noise by login screen and headphone; +for fixing them together, I only can add these IDs to FIXUP function ALC292_FIXUP_DISABLE_AAMIX, +then try to solve such the similar issues. + +Codec: Realtek ALC3235 +Vendor Id: 0x10ec0293 +Subsystem Id: 0x102806dd +Subsystem Id: 0x102806df +Subsystem Id: 0x102806e0 + +BugLink: https://bugs.launchpad.net/bugs/1492132 +Signed-off-by: Woodrow Shen +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -5189,8 +5189,11 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1028, 0x06c7, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x06d9, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x06da, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), +- SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC292_FIXUP_DISABLE_AAMIX), + SND_PCI_QUIRK(0x1028, 0x06db, "Dell", ALC292_FIXUP_DISABLE_AAMIX), ++ SND_PCI_QUIRK(0x1028, 0x06dd, "Dell", ALC292_FIXUP_DISABLE_AAMIX), ++ SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC292_FIXUP_DISABLE_AAMIX), ++ SND_PCI_QUIRK(0x1028, 0x06df, "Dell", ALC292_FIXUP_DISABLE_AAMIX), ++ SND_PCI_QUIRK(0x1028, 0x06e0, "Dell", ALC292_FIXUP_DISABLE_AAMIX), + SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2), diff --git a/queue-4.2/alsa-hda-enable-headphone-jack-detect-on-old-fujitsu-laptops.patch b/queue-4.2/alsa-hda-enable-headphone-jack-detect-on-old-fujitsu-laptops.patch new file mode 100644 index 00000000000..24828410ce1 --- /dev/null +++ b/queue-4.2/alsa-hda-enable-headphone-jack-detect-on-old-fujitsu-laptops.patch @@ -0,0 +1,42 @@ +From bb148bdeb0ab16fc0ae8009799471e4d7180073b Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Thu, 13 Aug 2015 18:02:39 +0200 +Subject: ALSA: hda - Enable headphone jack detect on old Fujitsu laptops + +From: Takashi Iwai + +commit bb148bdeb0ab16fc0ae8009799471e4d7180073b upstream. + +According to the bug report, FSC Amilo laptops with ALC880 can detect +the headphone jack but currently the driver disables it. It's partly +intentionally, as non-working jack detect was reported in the past. +Let's enable now. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=102501 +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -1135,7 +1135,7 @@ static const struct hda_fixup alc880_fix + /* override all pins as BIOS on old Amilo is broken */ + .type = HDA_FIXUP_PINS, + .v.pins = (const struct hda_pintbl[]) { +- { 0x14, 0x0121411f }, /* HP */ ++ { 0x14, 0x0121401f }, /* HP */ + { 0x15, 0x99030120 }, /* speaker */ + { 0x16, 0x99030130 }, /* bass speaker */ + { 0x17, 0x411111f0 }, /* N/A */ +@@ -1155,7 +1155,7 @@ static const struct hda_fixup alc880_fix + /* almost compatible with FUJITSU, but no bass and SPDIF */ + .type = HDA_FIXUP_PINS, + .v.pins = (const struct hda_pintbl[]) { +- { 0x14, 0x0121411f }, /* HP */ ++ { 0x14, 0x0121401f }, /* HP */ + { 0x15, 0x99030120 }, /* speaker */ + { 0x16, 0x411111f0 }, /* N/A */ + { 0x17, 0x411111f0 }, /* N/A */ diff --git a/queue-4.2/alsa-hda-fix-missing-inline-for-dummy-snd_hdac_set_codec_wakeup.patch b/queue-4.2/alsa-hda-fix-missing-inline-for-dummy-snd_hdac_set_codec_wakeup.patch new file mode 100644 index 00000000000..d3ee6aac4e5 --- /dev/null +++ b/queue-4.2/alsa-hda-fix-missing-inline-for-dummy-snd_hdac_set_codec_wakeup.patch @@ -0,0 +1,30 @@ +From 6869de380e8c11c31b608bb2502dcacd634eda13 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 2 Sep 2015 12:24:55 +0200 +Subject: ALSA: hda - Fix missing inline for dummy snd_hdac_set_codec_wakeup() + +From: Takashi Iwai + +commit 6869de380e8c11c31b608bb2502dcacd634eda13 upstream. + +This seems overlooked. + +Fixes: 98d8fc6c5d36 ('ALSA: hda - Move hda_i915.c from sound/pci/hda to sound/hda') +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + include/sound/hda_i915.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/sound/hda_i915.h ++++ b/include/sound/hda_i915.h +@@ -11,7 +11,7 @@ int snd_hdac_get_display_clk(struct hdac + int snd_hdac_i915_init(struct hdac_bus *bus); + int snd_hdac_i915_exit(struct hdac_bus *bus); + #else +-static int snd_hdac_set_codec_wakeup(struct hdac_bus *bus, bool enable) ++static inline int snd_hdac_set_codec_wakeup(struct hdac_bus *bus, bool enable) + { + return 0; + } diff --git a/queue-4.2/alsa-hda-fix-white-noise-on-dell-m3800.patch b/queue-4.2/alsa-hda-fix-white-noise-on-dell-m3800.patch new file mode 100644 index 00000000000..ac3a98c87ac --- /dev/null +++ b/queue-4.2/alsa-hda-fix-white-noise-on-dell-m3800.patch @@ -0,0 +1,34 @@ +From 467e1436ba85f78b8c4610c4549eb255a8211c42 Mon Sep 17 00:00:00 2001 +From: Niranjan Sivakumar +Date: Sat, 5 Sep 2015 18:20:35 +0200 +Subject: ALSA: hda - Fix white noise on Dell M3800 + +From: Niranjan Sivakumar + +commit 467e1436ba85f78b8c4610c4549eb255a8211c42 upstream. + +The M3800 is very minor workstation variant of the XPS 15 which has +already been patched for this issue. I figured it's probably more +important for this version of the laptop to be patched than the +regular XPS as Dell sells is pre-configured with Ubuntu to be used as +a Linux workstation. I have tested the patch on my the hardware on +Linux 4.2.0. + +Signed-off-by: Niranjan Sivakumar +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6582,6 +6582,7 @@ static const struct snd_pci_quirk alc662 + SND_PCI_QUIRK(0x1028, 0x05db, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x05fe, "Dell XPS 15", ALC668_FIXUP_DELL_XPS13), + SND_PCI_QUIRK(0x1028, 0x060a, "Dell XPS 13", ALC668_FIXUP_DELL_XPS13), ++ SND_PCI_QUIRK(0x1028, 0x060d, "Dell M3800", ALC668_FIXUP_DELL_XPS13), + SND_PCI_QUIRK(0x1028, 0x0625, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x0626, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1028, 0x0696, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE), diff --git a/queue-4.2/alsa-hda-use-alc880_fixup_fujitsu-for-fsc-amilo-m1437.patch b/queue-4.2/alsa-hda-use-alc880_fixup_fujitsu-for-fsc-amilo-m1437.patch new file mode 100644 index 00000000000..7f11d1b25e8 --- /dev/null +++ b/queue-4.2/alsa-hda-use-alc880_fixup_fujitsu-for-fsc-amilo-m1437.patch @@ -0,0 +1,31 @@ +From a161574e200ae63a5042120e0d8c36830e81bde3 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Thu, 13 Aug 2015 18:05:06 +0200 +Subject: ALSA: hda - Use ALC880_FIXUP_FUJITSU for FSC Amilo M1437 + +From: Takashi Iwai + +commit a161574e200ae63a5042120e0d8c36830e81bde3 upstream. + +It turned out that the machine has a bass speaker, so take a correct +fixup entry. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=102501 +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -1364,7 +1364,7 @@ static const struct snd_pci_quirk alc880 + SND_PCI_QUIRK(0x161f, 0x203d, "W810", ALC880_FIXUP_W810), + SND_PCI_QUIRK(0x161f, 0x205d, "Medion Rim 2150", ALC880_FIXUP_MEDION_RIM), + SND_PCI_QUIRK(0x1631, 0xe011, "PB 13201056", ALC880_FIXUP_6ST_AUTOMUTE), +- SND_PCI_QUIRK(0x1734, 0x107c, "FSC F1734", ALC880_FIXUP_F1734), ++ SND_PCI_QUIRK(0x1734, 0x107c, "FSC Amilo M1437", ALC880_FIXUP_FUJITSU), + SND_PCI_QUIRK(0x1734, 0x1094, "FSC Amilo M1451G", ALC880_FIXUP_FUJITSU), + SND_PCI_QUIRK(0x1734, 0x10ac, "FSC AMILO Xi 1526", ALC880_FIXUP_F1734), + SND_PCI_QUIRK(0x1734, 0x10b0, "FSC Amilo Pi1556", ALC880_FIXUP_FUJITSU), diff --git a/queue-4.2/alsa-usb-audio-correct-the-value-cache-check.patch b/queue-4.2/alsa-usb-audio-correct-the-value-cache-check.patch new file mode 100644 index 00000000000..a7c138a2590 --- /dev/null +++ b/queue-4.2/alsa-usb-audio-correct-the-value-cache-check.patch @@ -0,0 +1,30 @@ +From 6aa6925cad06159dc6e25857991bbc4960821242 Mon Sep 17 00:00:00 2001 +From: Yao-Wen Mao +Date: Fri, 28 Aug 2015 16:33:25 +0800 +Subject: ALSA: usb-audio: correct the value cache check. + +From: Yao-Wen Mao + +commit 6aa6925cad06159dc6e25857991bbc4960821242 upstream. + +The check of cval->cached should be zero-based (including master channel). + +Signed-off-by: Yao-Wen Mao +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/mixer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -2522,7 +2522,7 @@ static int restore_mixer_value(struct us + for (c = 0; c < MAX_CHANNELS; c++) { + if (!(cval->cmask & (1 << c))) + continue; +- if (cval->cached & (1 << c)) { ++ if (cval->cached & (1 << (c + 1))) { + err = snd_usb_set_cur_mix_value(cval, c + 1, idx, + cval->cache_val[idx]); + if (err < 0) diff --git a/queue-4.2/arm-arm64-kvm-vgic-check-for-irqchip_in_kernel-when-mapping-resources.patch b/queue-4.2/arm-arm64-kvm-vgic-check-for-irqchip_in_kernel-when-mapping-resources.patch new file mode 100644 index 00000000000..45e3c233d24 --- /dev/null +++ b/queue-4.2/arm-arm64-kvm-vgic-check-for-irqchip_in_kernel-when-mapping-resources.patch @@ -0,0 +1,41 @@ +From c2f58514cfb374d5368c9da945f1765cd48eb0da Mon Sep 17 00:00:00 2001 +From: Pavel Fedin +Date: Wed, 5 Aug 2015 11:53:57 +0100 +Subject: arm/arm64: KVM: vgic: Check for !irqchip_in_kernel() when mapping resources + +From: Pavel Fedin + +commit c2f58514cfb374d5368c9da945f1765cd48eb0da upstream. + +Until b26e5fdac43c ("arm/arm64: KVM: introduce per-VM ops"), +kvm_vgic_map_resources() used to include a check on irqchip_in_kernel(), +and vgic_v2_map_resources() still has it. + +But now vm_ops are not initialized until we call kvm_vgic_create(). +Therefore kvm_vgic_map_resources() can being called without a VGIC, +and we die because vm_ops.map_resources is NULL. + +Fixing this restores QEMU's kernel-irqchip=off option to a working state, +allowing to use GIC emulation in userspace. + +Fixes: b26e5fdac43c ("arm/arm64: KVM: introduce per-VM ops") +Signed-off-by: Pavel Fedin +[maz: reworked commit message] +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/kvm/arm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/kvm/arm.c ++++ b/arch/arm/kvm/arm.c +@@ -449,7 +449,7 @@ static int kvm_vcpu_first_run_init(struc + * Map the VGIC hardware resources before running a vcpu the first + * time on this VM. + */ +- if (unlikely(!vgic_ready(kvm))) { ++ if (unlikely(irqchip_in_kernel(kvm) && !vgic_ready(kvm))) { + ret = kvm_vgic_map_resources(kvm); + if (ret) + return ret; diff --git a/queue-4.2/arm64-compat-fix-vfp-save-restore-across-signal-handlers-in-big-endian.patch b/queue-4.2/arm64-compat-fix-vfp-save-restore-across-signal-handlers-in-big-endian.patch new file mode 100644 index 00000000000..ee217b400c5 --- /dev/null +++ b/queue-4.2/arm64-compat-fix-vfp-save-restore-across-signal-handlers-in-big-endian.patch @@ -0,0 +1,119 @@ +From bdec97a855ef1e239f130f7a11584721c9a1bf04 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Tue, 15 Sep 2015 12:07:06 +0100 +Subject: arm64: compat: fix vfp save/restore across signal handlers in big-endian + +From: Will Deacon + +commit bdec97a855ef1e239f130f7a11584721c9a1bf04 upstream. + +When saving/restoring the VFP registers from a compat (AArch32) +signal frame, we rely on the compat registers forming a prefix of the +native register file and therefore make use of copy_{to,from}_user to +transfer between the native fpsimd_state and the compat_vfp_sigframe. + +Unfortunately, this doesn't work so well in a big-endian environment. +Our fpsimd save/restore code operates directly on 128-bit quantities +(Q registers) whereas the compat_vfp_sigframe represents the registers +as an array of 64-bit (D) registers. The architecture packs the compat D +registers into the Q registers, with the least significant bytes holding +the lower register. Consequently, we need to swap the 64-bit halves when +converting between these two representations on a big-endian machine. + +This patch replaces the __copy_{to,from}_user invocations in our +compat VFP signal handling code with explicit __put_user loops that +operate on 64-bit values and swap them accordingly. + +Reviewed-by: Catalin Marinas +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/signal32.c | 47 ++++++++++++++++++++++++++++++++----------- + 1 file changed, 36 insertions(+), 11 deletions(-) + +--- a/arch/arm64/kernel/signal32.c ++++ b/arch/arm64/kernel/signal32.c +@@ -212,14 +212,32 @@ int copy_siginfo_from_user32(siginfo_t * + + /* + * VFP save/restore code. ++ * ++ * We have to be careful with endianness, since the fpsimd context-switch ++ * code operates on 128-bit (Q) register values whereas the compat ABI ++ * uses an array of 64-bit (D) registers. Consequently, we need to swap ++ * the two halves of each Q register when running on a big-endian CPU. + */ ++union __fpsimd_vreg { ++ __uint128_t raw; ++ struct { ++#ifdef __AARCH64EB__ ++ u64 hi; ++ u64 lo; ++#else ++ u64 lo; ++ u64 hi; ++#endif ++ }; ++}; ++ + static int compat_preserve_vfp_context(struct compat_vfp_sigframe __user *frame) + { + struct fpsimd_state *fpsimd = ¤t->thread.fpsimd_state; + compat_ulong_t magic = VFP_MAGIC; + compat_ulong_t size = VFP_STORAGE_SIZE; + compat_ulong_t fpscr, fpexc; +- int err = 0; ++ int i, err = 0; + + /* + * Save the hardware registers to the fpsimd_state structure. +@@ -235,10 +253,15 @@ static int compat_preserve_vfp_context(s + /* + * Now copy the FP registers. Since the registers are packed, + * we can copy the prefix we want (V0-V15) as it is. +- * FIXME: Won't work if big endian. + */ +- err |= __copy_to_user(&frame->ufp.fpregs, fpsimd->vregs, +- sizeof(frame->ufp.fpregs)); ++ for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) { ++ union __fpsimd_vreg vreg = { ++ .raw = fpsimd->vregs[i >> 1], ++ }; ++ ++ __put_user_error(vreg.lo, &frame->ufp.fpregs[i], err); ++ __put_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err); ++ } + + /* Create an AArch32 fpscr from the fpsr and the fpcr. */ + fpscr = (fpsimd->fpsr & VFP_FPSCR_STAT_MASK) | +@@ -263,7 +286,7 @@ static int compat_restore_vfp_context(st + compat_ulong_t magic = VFP_MAGIC; + compat_ulong_t size = VFP_STORAGE_SIZE; + compat_ulong_t fpscr; +- int err = 0; ++ int i, err = 0; + + __get_user_error(magic, &frame->magic, err); + __get_user_error(size, &frame->size, err); +@@ -273,12 +296,14 @@ static int compat_restore_vfp_context(st + if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE) + return -EINVAL; + +- /* +- * Copy the FP registers into the start of the fpsimd_state. +- * FIXME: Won't work if big endian. +- */ +- err |= __copy_from_user(fpsimd.vregs, frame->ufp.fpregs, +- sizeof(frame->ufp.fpregs)); ++ /* Copy the FP registers into the start of the fpsimd_state. */ ++ for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) { ++ union __fpsimd_vreg vreg; ++ ++ __get_user_error(vreg.lo, &frame->ufp.fpregs[i], err); ++ __get_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err); ++ fpsimd.vregs[i >> 1] = vreg.raw; ++ } + + /* Extract the fpsr and the fpcr from the fpscr */ + __get_user_error(fpscr, &frame->ufp.fpscr, err); diff --git a/queue-4.2/arm64-entry-always-restore-x0-from-the-stack-on-syscall-return.patch b/queue-4.2/arm64-entry-always-restore-x0-from-the-stack-on-syscall-return.patch new file mode 100644 index 00000000000..7fb5b321e74 --- /dev/null +++ b/queue-4.2/arm64-entry-always-restore-x0-from-the-stack-on-syscall-return.patch @@ -0,0 +1,96 @@ +From 412fcb6cebd758d080cacd5a41a0cbc656ea5fce Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Wed, 19 Aug 2015 15:57:09 +0100 +Subject: arm64: entry: always restore x0 from the stack on syscall return + +From: Will Deacon + +commit 412fcb6cebd758d080cacd5a41a0cbc656ea5fce upstream. + +We have a micro-optimisation on the fast syscall return path where we +take care to keep x0 live with the return value from the syscall so that +we can avoid restoring it from the stack. The benefit of doing this is +fairly suspect, since we will be restoring x1 from the stack anyway +(which lives adjacent in the pt_regs structure) and the only additional +cost is saving x0 back to pt_regs after the syscall handler, which could +be seen as a poor man's prefetch. + +More importantly, this causes issues with the context tracking code. + +The ct_user_enter macro ends up branching into C code, which is free to +use x0 as a scratch register and consequently leads to us returning junk +back to userspace as the syscall return value. Rather than special case +the context-tracking code, this patch removes the questionable +optimisation entirely. + +Cc: Larry Bassel +Cc: Kevin Hilman +Reviewed-by: Catalin Marinas +Reported-by: Hanjun Guo +Tested-by: Hanjun Guo +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/entry.S | 17 ++++++----------- + 1 file changed, 6 insertions(+), 11 deletions(-) + +--- a/arch/arm64/kernel/entry.S ++++ b/arch/arm64/kernel/entry.S +@@ -116,7 +116,7 @@ + */ + .endm + +- .macro kernel_exit, el, ret = 0 ++ .macro kernel_exit, el + ldp x21, x22, [sp, #S_PC] // load ELR, SPSR + .if \el == 0 + ct_user_enter +@@ -146,11 +146,7 @@ + .endif + msr elr_el1, x21 // set up the return data + msr spsr_el1, x22 +- .if \ret +- ldr x1, [sp, #S_X1] // preserve x0 (syscall return) +- .else + ldp x0, x1, [sp, #16 * 0] +- .endif + ldp x2, x3, [sp, #16 * 1] + ldp x4, x5, [sp, #16 * 2] + ldp x6, x7, [sp, #16 * 3] +@@ -613,22 +609,21 @@ ENDPROC(cpu_switch_to) + */ + ret_fast_syscall: + disable_irq // disable interrupts ++ str x0, [sp, #S_X0] // returned x0 + ldr x1, [tsk, #TI_FLAGS] // re-check for syscall tracing + and x2, x1, #_TIF_SYSCALL_WORK + cbnz x2, ret_fast_syscall_trace + and x2, x1, #_TIF_WORK_MASK +- cbnz x2, fast_work_pending ++ cbnz x2, work_pending + enable_step_tsk x1, x2 +- kernel_exit 0, ret = 1 ++ kernel_exit 0 + ret_fast_syscall_trace: + enable_irq // enable interrupts +- b __sys_trace_return ++ b __sys_trace_return_skipped // we already saved x0 + + /* + * Ok, we need to do extra processing, enter the slow path. + */ +-fast_work_pending: +- str x0, [sp, #S_X0] // returned x0 + work_pending: + tbnz x1, #TIF_NEED_RESCHED, work_resched + /* TIF_SIGPENDING, TIF_NOTIFY_RESUME or TIF_FOREIGN_FPSTATE case */ +@@ -652,7 +647,7 @@ ret_to_user: + cbnz x2, work_pending + enable_step_tsk x1, x2 + no_work_pending: +- kernel_exit 0, ret = 0 ++ kernel_exit 0 + ENDPROC(ret_to_user) + + /* diff --git a/queue-4.2/arm64-errata-add-module-build-workaround-for-erratum-843419.patch b/queue-4.2/arm64-errata-add-module-build-workaround-for-erratum-843419.patch new file mode 100644 index 00000000000..63f7e9fbb23 --- /dev/null +++ b/queue-4.2/arm64-errata-add-module-build-workaround-for-erratum-843419.patch @@ -0,0 +1,88 @@ +From df057cc7b4fa59e9b55f07ffdb6c62bf02e99a00 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Tue, 17 Mar 2015 12:15:02 +0000 +Subject: arm64: errata: add module build workaround for erratum #843419 + +From: Will Deacon + +commit df057cc7b4fa59e9b55f07ffdb6c62bf02e99a00 upstream. + +Cortex-A53 processors <= r0p4 are affected by erratum #843419 which can +lead to a memory access using an incorrect address in certain sequences +headed by an ADRP instruction. + +There is a linker fix to generate veneers for ADRP instructions, but +this doesn't work for kernel modules which are built as unlinked ELF +objects. + +This patch adds a new config option for the erratum which, when enabled, +builds kernel modules with the mcmodel=large flag. This uses absolute +addressing for all kernel symbols, thereby removing the use of ADRP as +a PC-relative form of addressing. The ADRP relocs are removed from the +module loader so that we fail to load any potentially affected modules. + +Acked-by: Catalin Marinas +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/Kconfig | 16 ++++++++++++++++ + arch/arm64/Makefile | 4 ++++ + arch/arm64/kernel/module.c | 2 ++ + 3 files changed, 22 insertions(+) + +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -421,6 +421,22 @@ config ARM64_ERRATUM_845719 + + If unsure, say Y. + ++config ARM64_ERRATUM_843419 ++ bool "Cortex-A53: 843419: A load or store might access an incorrect address" ++ depends on MODULES ++ default y ++ help ++ This option builds kernel modules using the large memory model in ++ order to avoid the use of the ADRP instruction, which can cause ++ a subsequent memory access to use an incorrect address on Cortex-A53 ++ parts up to r0p4. ++ ++ Note that the kernel itself must be linked with a version of ld ++ which fixes potentially affected ADRP instructions through the ++ use of veneers. ++ ++ If unsure, say Y. ++ + endmenu + + +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -30,6 +30,10 @@ endif + + CHECKFLAGS += -D__aarch64__ + ++ifeq ($(CONFIG_ARM64_ERRATUM_843419), y) ++CFLAGS_MODULE += -mcmodel=large ++endif ++ + # Default value + head-y := arch/arm64/kernel/head.o + +--- a/arch/arm64/kernel/module.c ++++ b/arch/arm64/kernel/module.c +@@ -332,12 +332,14 @@ int apply_relocate_add(Elf64_Shdr *sechd + ovf = reloc_insn_imm(RELOC_OP_PREL, loc, val, 0, 21, + AARCH64_INSN_IMM_ADR); + break; ++#ifndef CONFIG_ARM64_ERRATUM_843419 + case R_AARCH64_ADR_PREL_PG_HI21_NC: + overflow_check = false; + case R_AARCH64_ADR_PREL_PG_HI21: + ovf = reloc_insn_imm(RELOC_OP_PAGE, loc, val, 12, 21, + AARCH64_INSN_IMM_ADR); + break; ++#endif + case R_AARCH64_ADD_ABS_LO12_NC: + case R_AARCH64_LDST8_ABS_LO12_NC: + overflow_check = false; diff --git a/queue-4.2/arm64-flush-fp-simd-state-correctly-after-execve.patch b/queue-4.2/arm64-flush-fp-simd-state-correctly-after-execve.patch new file mode 100644 index 00000000000..4389ea721ca --- /dev/null +++ b/queue-4.2/arm64-flush-fp-simd-state-correctly-after-execve.patch @@ -0,0 +1,45 @@ +From 674c242c9323d3c293fc4f9a3a3a619fe3063290 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Thu, 27 Aug 2015 07:12:33 +0100 +Subject: arm64: flush FP/SIMD state correctly after execve() + +From: Ard Biesheuvel + +commit 674c242c9323d3c293fc4f9a3a3a619fe3063290 upstream. + +When a task calls execve(), its FP/SIMD state is flushed so that +none of the original program state is observeable by the incoming +program. + +However, since this flushing consists of setting the in-memory copy +of the FP/SIMD state to all zeroes, the CPU field is set to CPU 0 as +well, which indicates to the lazy FP/SIMD preserve/restore code that +the FP/SIMD state does not need to be reread from memory if the task +is scheduled again on CPU 0 without any other tasks having entered +userland (or used the FP/SIMD in kernel mode) on the same CPU in the +mean time. If this happens, the FP/SIMD state of the old program will +still be present in the registers when the new program starts. + +So set the CPU field to the invalid value of NR_CPUS when performing +the flush, by calling fpsimd_flush_task_state(). + +Reported-by: Chunyan Zhang +Reported-by: Janet Liu +Signed-off-by: Ard Biesheuvel +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/fpsimd.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/kernel/fpsimd.c ++++ b/arch/arm64/kernel/fpsimd.c +@@ -158,6 +158,7 @@ void fpsimd_thread_switch(struct task_st + void fpsimd_flush_thread(void) + { + memset(¤t->thread.fpsimd_state, 0, sizeof(struct fpsimd_state)); ++ fpsimd_flush_task_state(current); + set_thread_flag(TIF_FOREIGN_FPSTATE); + } + diff --git a/queue-4.2/arm64-head.s-initialise-mdcr_el2-in-el2_setup.patch b/queue-4.2/arm64-head.s-initialise-mdcr_el2-in-el2_setup.patch new file mode 100644 index 00000000000..c3a58836523 --- /dev/null +++ b/queue-4.2/arm64-head.s-initialise-mdcr_el2-in-el2_setup.patch @@ -0,0 +1,38 @@ +From d10bcd473301888f957ec4b6b12aa3621be78d59 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Wed, 2 Sep 2015 18:49:28 +0100 +Subject: arm64: head.S: initialise mdcr_el2 in el2_setup + +From: Will Deacon + +commit d10bcd473301888f957ec4b6b12aa3621be78d59 upstream. + +When entering the kernel at EL2, we fail to initialise the MDCR_EL2 +register which controls debug access and PMU capabilities at EL1. + +This patch ensures that the register is initialised so that all traps +are disabled and all the PMU counters are available to the host. When a +guest is scheduled, KVM takes care to configure trapping appropriately. + +Acked-by: Marc Zyngier +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kernel/head.S | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/arm64/kernel/head.S ++++ b/arch/arm64/kernel/head.S +@@ -528,6 +528,11 @@ CPU_LE( movk x0, #0x30d0, lsl #16 ) // C + msr hstr_el2, xzr // Disable CP15 traps to EL2 + #endif + ++ /* EL2 debug */ ++ mrs x0, pmcr_el0 // Disable debug access traps ++ ubfx x0, x0, #11, #5 // to EL2 and allow access to ++ msr mdcr_el2, x0 // all PMU counters from EL1 ++ + /* Stage-2 translation */ + msr vttbr_el2, xzr + diff --git a/queue-4.2/arm64-kconfig-move-list_poison-to-a-safe-value.patch b/queue-4.2/arm64-kconfig-move-list_poison-to-a-safe-value.patch new file mode 100644 index 00000000000..fa127f9dc27 --- /dev/null +++ b/queue-4.2/arm64-kconfig-move-list_poison-to-a-safe-value.patch @@ -0,0 +1,35 @@ +From bf0c4e04732479f650ff59d1ee82de761c0071f0 Mon Sep 17 00:00:00 2001 +From: Jeff Vander Stoep +Date: Tue, 18 Aug 2015 20:50:10 +0100 +Subject: arm64: kconfig: Move LIST_POISON to a safe value + +From: Jeff Vander Stoep + +commit bf0c4e04732479f650ff59d1ee82de761c0071f0 upstream. + +Move the poison pointer offset to 0xdead000000000000, a +recognized value that is not mappable by user-space exploits. + +Acked-by: Catalin Marinas +Signed-off-by: Thierry Strudel +Signed-off-by: Jeff Vander Stoep +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/Kconfig | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -104,6 +104,10 @@ config NO_IOPORT_MAP + config STACKTRACE_SUPPORT + def_bool y + ++config ILLEGAL_POINTER_VALUE ++ hex ++ default 0xdead000000000000 ++ + config LOCKDEP_SUPPORT + def_bool y + diff --git a/queue-4.2/arm64-kvm-disable-virtual-timer-even-if-the-guest-is-not-using-it.patch b/queue-4.2/arm64-kvm-disable-virtual-timer-even-if-the-guest-is-not-using-it.patch new file mode 100644 index 00000000000..ef6f2aa16fe --- /dev/null +++ b/queue-4.2/arm64-kvm-disable-virtual-timer-even-if-the-guest-is-not-using-it.patch @@ -0,0 +1,46 @@ +From c4cbba9fa078f55d9f6d081dbb4aec7cf969e7c7 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Wed, 16 Sep 2015 16:18:59 +0100 +Subject: arm64: KVM: Disable virtual timer even if the guest is not using it + +From: Marc Zyngier + +commit c4cbba9fa078f55d9f6d081dbb4aec7cf969e7c7 upstream. + +When running a guest with the architected timer disabled (with QEMU and +the kernel_irqchip=off option, for example), it is important to make +sure the timer gets turned off. Otherwise, the guest may try to +enable it anyway, leading to a screaming HW interrupt. + +The fix is to unconditionally turn off the virtual timer on guest +exit. + +Reviewed-by: Christoffer Dall +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kvm/hyp.S | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kvm/hyp.S ++++ b/arch/arm64/kvm/hyp.S +@@ -840,8 +840,6 @@ + mrs x3, cntv_ctl_el0 + and x3, x3, #3 + str w3, [x0, #VCPU_TIMER_CNTV_CTL] +- bic x3, x3, #1 // Clear Enable +- msr cntv_ctl_el0, x3 + + isb + +@@ -849,6 +847,9 @@ + str x3, [x0, #VCPU_TIMER_CNTV_CVAL] + + 1: ++ // Disable the virtual timer ++ msr cntv_ctl_el0, xzr ++ + // Allow physical timer/counter access for the host + mrs x2, cnthctl_el2 + orr x2, x2, #3 diff --git a/queue-4.2/arm64-set-max_memblock_addr-according-to-linear-region-size.patch b/queue-4.2/arm64-set-max_memblock_addr-according-to-linear-region-size.patch new file mode 100644 index 00000000000..5121c5d6857 --- /dev/null +++ b/queue-4.2/arm64-set-max_memblock_addr-according-to-linear-region-size.patch @@ -0,0 +1,45 @@ +From 34ba2c4247e5c4b1542b1106e156af324660c4f0 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 18 Aug 2015 10:34:42 +0100 +Subject: arm64: set MAX_MEMBLOCK_ADDR according to linear region size + +From: Ard Biesheuvel + +commit 34ba2c4247e5c4b1542b1106e156af324660c4f0 upstream. + +The linear region size of a 39-bit VA kernel is only 256 GB, which +may be insufficient to cover all of system RAM, even on platforms +that have much less than 256 GB of memory but which is laid out +very sparsely. + +So make sure we clip the memory we will not be able to map before +installing it into the memblock memory table, by setting +MAX_MEMBLOCK_ADDR accordingly. + +Reviewed-by: Catalin Marinas +Tested-by: Stuart Yoder +Signed-off-by: Ard Biesheuvel +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/memory.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/arch/arm64/include/asm/memory.h ++++ b/arch/arm64/include/asm/memory.h +@@ -114,6 +114,14 @@ extern phys_addr_t memstart_addr; + #define PHYS_OFFSET ({ memstart_addr; }) + + /* ++ * The maximum physical address that the linear direct mapping ++ * of system RAM can cover. (PAGE_OFFSET can be interpreted as ++ * a 2's complement signed quantity and negated to derive the ++ * maximum size of the linear mapping.) ++ */ ++#define MAX_MEMBLOCK_ADDR ({ memstart_addr - PAGE_OFFSET - 1; }) ++ ++/* + * PFNs are used to describe any physical page; this means + * PFN 0 == physical address 0. + * diff --git a/queue-4.2/input-evdev-do-not-report-errors-form-flush.patch b/queue-4.2/input-evdev-do-not-report-errors-form-flush.patch new file mode 100644 index 00000000000..d8bf776ca88 --- /dev/null +++ b/queue-4.2/input-evdev-do-not-report-errors-form-flush.patch @@ -0,0 +1,64 @@ +From eb38f3a4f6e86f8bb10a3217ebd85ecc5d763aae Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Thu, 3 Sep 2015 22:20:00 -0700 +Subject: Input: evdev - do not report errors form flush() + +From: Takashi Iwai + +commit eb38f3a4f6e86f8bb10a3217ebd85ecc5d763aae upstream. + +We've got bug reports showing the old systemd-logind (at least +system-210) aborting unexpectedly, and this turned out to be because +of an invalid error code from close() call to evdev devices. close() +is supposed to return only either EINTR or EBADFD, while the device +returned ENODEV. logind was overreacting to it and decided to kill +itself when an unexpected error code was received. What a tragedy. + +The bad error code comes from flush fops, and actually evdev_flush() +returns ENODEV when device is disconnected or client's access to it is +revoked. But in these cases the fact that flush did not actually happen is +not an error, but rather normal behavior. For non-disconnected devices +result of flush is also not that interesting as there is no potential of +data loss and even if it fails application has no way of handling the +error. Because of that we are better off always returning success from +evdev_flush(). + +Also returning EINTR from flush()/close() is discouraged (as it is not +clear how application should handle this error), so let's stop taking +evdev->mutex interruptibly. + +Bugzilla: http://bugzilla.suse.com/show_bug.cgi?id=939834 +Signed-off-by: Takashi Iwai +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/evdev.c | 13 ++++--------- + 1 file changed, 4 insertions(+), 9 deletions(-) + +--- a/drivers/input/evdev.c ++++ b/drivers/input/evdev.c +@@ -290,19 +290,14 @@ static int evdev_flush(struct file *file + { + struct evdev_client *client = file->private_data; + struct evdev *evdev = client->evdev; +- int retval; + +- retval = mutex_lock_interruptible(&evdev->mutex); +- if (retval) +- return retval; ++ mutex_lock(&evdev->mutex); + +- if (!evdev->exist || client->revoked) +- retval = -ENODEV; +- else +- retval = input_flush_device(&evdev->handle, file); ++ if (evdev->exist && !client->revoked) ++ input_flush_device(&evdev->handle, file); + + mutex_unlock(&evdev->mutex); +- return retval; ++ return 0; + } + + static void evdev_free(struct device *dev) diff --git a/queue-4.2/input-synaptics-fix-handling-of-disabling-gesture-mode.patch b/queue-4.2/input-synaptics-fix-handling-of-disabling-gesture-mode.patch new file mode 100644 index 00000000000..7a54a741eb7 --- /dev/null +++ b/queue-4.2/input-synaptics-fix-handling-of-disabling-gesture-mode.patch @@ -0,0 +1,57 @@ +From e51e38494a8ecc18650efb0c840600637891de2c Mon Sep 17 00:00:00 2001 +From: Dmitry Torokhov +Date: Thu, 20 Aug 2015 14:28:48 -0700 +Subject: Input: synaptics - fix handling of disabling gesture mode + +From: Dmitry Torokhov + +commit e51e38494a8ecc18650efb0c840600637891de2c upstream. + +Bit 2 of the mode byte has dual meaning: it can disable reporting of +gestures when touchpad works in Relative mode or normal Absolute mode, +or it can enable so called Extended W-Mode when touchpad uses enhanced +Absolute mode (W-mode). The extended W-Mode confuses our driver and +causes missing button presses on some Thinkpads (x250, T450s), so let's +make sure we do not enable it. + +Also, according to the spec W mode "... bit is defined only in Absolute +mode on pads whose capExtended capability bit is set. In Relative mode and +in TouchPads without this capability, the bit is reserved and should be +left at 0.", so let's make sure we respect this requirement as well. + +Reported-by: Nick Bowler +Suggested-by: Gabor Balla +Tested-by: Gabor Balla +Tested-by: Nick Bowler +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/synaptics.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -519,14 +519,18 @@ static int synaptics_set_mode(struct psm + struct synaptics_data *priv = psmouse->private; + + priv->mode = 0; +- if (priv->absolute_mode) ++ ++ if (priv->absolute_mode) { + priv->mode |= SYN_BIT_ABSOLUTE_MODE; +- if (priv->disable_gesture) ++ if (SYN_CAP_EXTENDED(priv->capabilities)) ++ priv->mode |= SYN_BIT_W_MODE; ++ } ++ ++ if (!SYN_MODE_WMODE(priv->mode) && priv->disable_gesture) + priv->mode |= SYN_BIT_DISABLE_GESTURE; ++ + if (psmouse->rate >= 80) + priv->mode |= SYN_BIT_HIGH_RATE; +- if (SYN_CAP_EXTENDED(priv->capabilities)) +- priv->mode |= SYN_BIT_W_MODE; + + if (synaptics_mode_cmd(psmouse, priv->mode)) + return -1; diff --git a/queue-4.2/kvm-arm64-add-workaround-for-cortex-a57-erratum-852523.patch b/queue-4.2/kvm-arm64-add-workaround-for-cortex-a57-erratum-852523.patch new file mode 100644 index 00000000000..566a0490b7f --- /dev/null +++ b/queue-4.2/kvm-arm64-add-workaround-for-cortex-a57-erratum-852523.patch @@ -0,0 +1,47 @@ +From 43297dda0a51e4ffed0888ce727c218cfb7474b6 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Mon, 14 Sep 2015 16:06:03 +0100 +Subject: KVM: arm64: add workaround for Cortex-A57 erratum #852523 + +From: Will Deacon + +commit 43297dda0a51e4ffed0888ce727c218cfb7474b6 upstream. + +When restoring the system register state for an AArch32 guest at EL2, +writes to DACR32_EL2 may not be correctly synchronised by Cortex-A57, +which can lead to the guest effectively running with junk in the DACR +and running into unexpected domain faults. + +This patch works around the issue by re-ordering our restoration of the +AArch32 register aliases so that they happen before the AArch64 system +registers. Ensuring that the registers are restored in this order +guarantees that they will be correctly synchronised by the core. + +Reviewed-by: Marc Zyngier +Signed-off-by: Will Deacon +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kvm/hyp.S | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/arm64/kvm/hyp.S ++++ b/arch/arm64/kvm/hyp.S +@@ -943,13 +943,15 @@ ENTRY(__kvm_vcpu_run) + // Guest context + add x2, x0, #VCPU_CONTEXT + ++ // We must restore the 32-bit state before the sysregs, thanks ++ // to Cortex-A57 erratum #852523. ++ restore_guest_32bit_state + bl __restore_sysregs + bl __restore_fpsimd + + skip_debug_state x3, 1f + bl __restore_debug + 1: +- restore_guest_32bit_state + restore_guest_regs + + // That's it, no more messing around. diff --git a/queue-4.2/of-fdt-make-memblock-maximum-physical-address-arch-configurable.patch b/queue-4.2/of-fdt-make-memblock-maximum-physical-address-arch-configurable.patch new file mode 100644 index 00000000000..a8b2c5d9ea0 --- /dev/null +++ b/queue-4.2/of-fdt-make-memblock-maximum-physical-address-arch-configurable.patch @@ -0,0 +1,66 @@ +From 8eafeb48022816513abc4f440bdad4c350fe81a3 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 18 Aug 2015 10:34:41 +0100 +Subject: of/fdt: make memblock maximum physical address arch configurable + +From: Ard Biesheuvel + +commit 8eafeb48022816513abc4f440bdad4c350fe81a3 upstream. + +When parsing the memory nodes to populate the memblock memory +table, we check against high and low limits and clip any memory +that exceeds either one of them. + +However, for arm64, the high limit of (phys_addr_t)~0 is not very +meaningful, since phys_addr_t is 64 bits (i.e., no limit) but there +may be other constraints that limit the memory ranges that we can +support. + +So rename MAX_PHYS_ADDR to MAX_MEMBLOCK_ADDR (for clarity) and only +define it if the arch does not supply a definition of its own. + +Acked-by: Rob Herring +Reviewed-by: Catalin Marinas +Tested-by: Stuart Yoder +Signed-off-by: Ard Biesheuvel +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/of/fdt.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/drivers/of/fdt.c ++++ b/drivers/of/fdt.c +@@ -967,7 +967,9 @@ int __init early_init_dt_scan_chosen(uns + } + + #ifdef CONFIG_HAVE_MEMBLOCK +-#define MAX_PHYS_ADDR ((phys_addr_t)~0) ++#ifndef MAX_MEMBLOCK_ADDR ++#define MAX_MEMBLOCK_ADDR ((phys_addr_t)~0) ++#endif + + void __init __weak early_init_dt_add_memory_arch(u64 base, u64 size) + { +@@ -984,16 +986,16 @@ void __init __weak early_init_dt_add_mem + } + size &= PAGE_MASK; + +- if (base > MAX_PHYS_ADDR) { ++ if (base > MAX_MEMBLOCK_ADDR) { + pr_warning("Ignoring memory block 0x%llx - 0x%llx\n", + base, base + size); + return; + } + +- if (base + size - 1 > MAX_PHYS_ADDR) { ++ if (base + size - 1 > MAX_MEMBLOCK_ADDR) { + pr_warning("Ignoring memory range 0x%llx - 0x%llx\n", +- ((u64)MAX_PHYS_ADDR) + 1, base + size); +- size = MAX_PHYS_ADDR - base + 1; ++ ((u64)MAX_MEMBLOCK_ADDR) + 1, base + size); ++ size = MAX_MEMBLOCK_ADDR - base + 1; + } + + if (base + size < phys_offset) { diff --git a/queue-4.2/pinctrl-mediatek-fix-multiple-registration-issue.patch b/queue-4.2/pinctrl-mediatek-fix-multiple-registration-issue.patch new file mode 100644 index 00000000000..aeea37fdae6 --- /dev/null +++ b/queue-4.2/pinctrl-mediatek-fix-multiple-registration-issue.patch @@ -0,0 +1,81 @@ +From d48c2c02645392483f2b88b050d21ce1db6997b3 Mon Sep 17 00:00:00 2001 +From: Hongzhou Yang +Date: Tue, 25 Aug 2015 17:32:45 -0700 +Subject: pinctrl: mediatek: Fix multiple registration issue. + +From: Hongzhou Yang + +commit d48c2c02645392483f2b88b050d21ce1db6997b3 upstream. + +Since our common driver need support main chip and PMU +at the same time, that means it will register two +pinctrl device, and the pinctrl_desc structure should +be used two times. + +But pinctrl_desc use global static definition, then +the latest registered pinctrl device will overwrite +the old one's, all members in pinctrl_desc will set to +the new one's, such as name, pins and pins numbers, etc. +This is a bug. + +Move pinctrl_desc into mtk_pinctrl, assign new value for +each pinctrl device to fix it. + +Signed-off-by: Hongzhou Yang +Reviewed-by: Axel Lin +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 21 ++++++++++----------- + drivers/pinctrl/mediatek/pinctrl-mtk-common.h | 1 + + 2 files changed, 11 insertions(+), 11 deletions(-) + +--- a/drivers/pinctrl/mediatek/pinctrl-mtk-common.c ++++ b/drivers/pinctrl/mediatek/pinctrl-mtk-common.c +@@ -1202,12 +1202,6 @@ static int mtk_pctrl_build_state(struct + return 0; + } + +-static struct pinctrl_desc mtk_pctrl_desc = { +- .confops = &mtk_pconf_ops, +- .pctlops = &mtk_pctrl_ops, +- .pmxops = &mtk_pmx_ops, +-}; +- + int mtk_pctrl_init(struct platform_device *pdev, + const struct mtk_pinctrl_devdata *data, + struct regmap *regmap) +@@ -1265,12 +1259,17 @@ int mtk_pctrl_init(struct platform_devic + + for (i = 0; i < pctl->devdata->npins; i++) + pins[i] = pctl->devdata->pins[i].pin; +- mtk_pctrl_desc.name = dev_name(&pdev->dev); +- mtk_pctrl_desc.owner = THIS_MODULE; +- mtk_pctrl_desc.pins = pins; +- mtk_pctrl_desc.npins = pctl->devdata->npins; ++ ++ pctl->pctl_desc.name = dev_name(&pdev->dev); ++ pctl->pctl_desc.owner = THIS_MODULE; ++ pctl->pctl_desc.pins = pins; ++ pctl->pctl_desc.npins = pctl->devdata->npins; ++ pctl->pctl_desc.confops = &mtk_pconf_ops; ++ pctl->pctl_desc.pctlops = &mtk_pctrl_ops; ++ pctl->pctl_desc.pmxops = &mtk_pmx_ops; + pctl->dev = &pdev->dev; +- pctl->pctl_dev = pinctrl_register(&mtk_pctrl_desc, &pdev->dev, pctl); ++ ++ pctl->pctl_dev = pinctrl_register(&pctl->pctl_desc, &pdev->dev, pctl); + if (IS_ERR(pctl->pctl_dev)) { + dev_err(&pdev->dev, "couldn't register pinctrl driver\n"); + return PTR_ERR(pctl->pctl_dev); +--- a/drivers/pinctrl/mediatek/pinctrl-mtk-common.h ++++ b/drivers/pinctrl/mediatek/pinctrl-mtk-common.h +@@ -256,6 +256,7 @@ struct mtk_pinctrl_devdata { + struct mtk_pinctrl { + struct regmap *regmap1; + struct regmap *regmap2; ++ struct pinctrl_desc pctl_desc; + struct device *dev; + struct gpio_chip *chip; + struct mtk_pinctrl_group *groups; diff --git a/queue-4.2/series b/queue-4.2/series index 6a62e993b76..5623b2c6d68 100644 --- a/queue-4.2/series +++ b/queue-4.2/series @@ -24,3 +24,23 @@ cxl-remove-racy-attempt-to-force-eeh-invocation-in-reset.patch cxl-fix-unbalanced-pci_dev_get-in-cxl_probe.patch ext4-don-t-manipulate-recovery-flag-when-freezing-no-journal-fs.patch revert-ext4-remove-block_device_ejected.patch +arm64-kconfig-move-list_poison-to-a-safe-value.patch +arm64-entry-always-restore-x0-from-the-stack-on-syscall-return.patch +arm64-flush-fp-simd-state-correctly-after-execve.patch +of-fdt-make-memblock-maximum-physical-address-arch-configurable.patch +arm64-set-max_memblock_addr-according-to-linear-region-size.patch +arm64-compat-fix-vfp-save-restore-across-signal-handlers-in-big-endian.patch +arm64-head.s-initialise-mdcr_el2-in-el2_setup.patch +arm64-errata-add-module-build-workaround-for-erratum-843419.patch +arm-arm64-kvm-vgic-check-for-irqchip_in_kernel-when-mapping-resources.patch +kvm-arm64-add-workaround-for-cortex-a57-erratum-852523.patch +arm64-kvm-disable-virtual-timer-even-if-the-guest-is-not-using-it.patch +input-synaptics-fix-handling-of-disabling-gesture-mode.patch +input-evdev-do-not-report-errors-form-flush.patch +alsa-usb-audio-correct-the-value-cache-check.patch +alsa-hda-fix-missing-inline-for-dummy-snd_hdac_set_codec_wakeup.patch +alsa-hda-enable-headphone-jack-detect-on-old-fujitsu-laptops.patch +alsa-hda-use-alc880_fixup_fujitsu-for-fsc-amilo-m1437.patch +alsa-hda-add-some-fixup-quirks-for-white-noise-on-dell-laptop.patch +alsa-hda-fix-white-noise-on-dell-m3800.patch +pinctrl-mediatek-fix-multiple-registration-issue.patch