From: Greg Kroah-Hartman Date: Wed, 6 Dec 2017 17:25:37 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v3.18.87~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d0b5213cf53710f46b2761e5166c98b395c27ecd;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: arm-cpuidle-correct-driver-unregistration-if-init-fails.patch clocksource-drivers-arm_arch_timer-validate-cntfrq-after-enabling-frame.patch dt-bindings-timer-renesas-cmt-fix-soc-specific-compatible-values.patch edac-sb_edac-fix-missing-break-in-switch.patch hwmon-pmbus-core-prevent-unintentional-setting-of-page-to-0xff.patch iio-adc-ti-ads1015-add-10-to-conversion-wait-time.patch iio-multiplexer-add-null-check-on-devm_kzalloc-and-devm_kmemdup-return-values.patch ima-fix-hash-algorithm-initialization.patch kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch kprobes-x86-disable-preemption-in-ftrace-based-jprobes.patch locking-refcounts-x86-asm-enable-config_arch_has_refcount.patch locking-refcounts-x86-asm-use-unique-.text-section-for-refcount-exceptions.patch m68k-fix-coldfire-node-shift-size-calculation.patch mm-x86-mm-fix-performance-regression-in-get_user_pages_fast.patch mmc-sdhci-msm-fix-issue-with-power-irq.patch mmc-tmio-check-mmc_regulator_get_supply-return-value.patch pci-dra7xx-create-functional-dependency-between-pcie-and-phy.patch perf-core-fix-__perf_read_group_add-locking.patch perf-test-attr-fix-ignored-test-case-result.patch perf-test-attr-fix-python-error-on-empty-result.patch perf-tools-fix-leaking-rec_argv-in-error-cases.patch pm-domains-fix-genpd-to-deal-with-drivers-returning-1-from-prepare.patch s390-pci-do-not-require-ais-facility.patch s390-ptrace-fix-guarded-storage-regset-handling.patch s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch serial-8250-preserve-dld-for-port_xr17v35x.patch serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch serial-imx-update-cached-mctrl-value-when-changing-rts.patch serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch spi-sh-msiof-fix-dma-transfer-size-check.patch spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch staging-fsl-dpaa2-eth-account-for-rx-fd-buffers-on-error-path.patch staging-fsl-mc-dpio-fix-incorrect-comparison.patch staging-greybus-loopback-fix-iteration-count-on-async-path.patch staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch staging-rtl8822be-fix-wrong-dma-unmap-len.patch staging-rtl8822be-keep-array-subscript-no-lower-than-zero.patch sysrq-fix-show-regs-call-trace-on-arm.patch tools-include-do-not-use-poison-with-c.patch usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch usb-dwc2-fix-udc-state-tracking.patch usb-mtu3-fix-error-return-code-in-ssusb_gadget_init.patch usb-phy-tahvo-fix-error-handling-in-tahvo_usb_probe.patch usb-xhci-return-error-when-host-is-dead-in-xhci_disable_slot.patch usbip-tools-install-all-headers-needed-for-libusbip-development.patch x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch x86-intel_rdt-fix-potential-deadlock-during-resctrl-mount.patch x86-intel_rdt-initialize-bitmask-of-shareable-resource-if-cdp-enabled.patch --- diff --git a/queue-4.14/arm-cpuidle-correct-driver-unregistration-if-init-fails.patch b/queue-4.14/arm-cpuidle-correct-driver-unregistration-if-init-fails.patch new file mode 100644 index 00000000000..10061561b74 --- /dev/null +++ b/queue-4.14/arm-cpuidle-correct-driver-unregistration-if-init-fails.patch @@ -0,0 +1,106 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Leo Yan +Date: Tue, 10 Oct 2017 13:47:55 +0800 +Subject: ARM: cpuidle: Correct driver unregistration if init fails + +From: Leo Yan + + +[ Upstream commit 0f87855d969a87f02048ff5ced7503465d5ab2f1 ] + +If cpuidle init fails, the code misses to unregister the driver for +current CPU. Furthermore, we also need to rollback to cancel all +previous CPUs registration; but the code retrieves driver handler by +using function cpuidle_get_driver(), this function returns back +current CPU driver handler but not previous CPU's handler, which leads +to the failure handling code cannot unregister previous CPUs driver. + +This commit fixes two mentioned issues, it adds error handling path +'goto out_unregister_drv' for current CPU driver unregistration; and +it is to replace cpuidle_get_driver() with cpuidle_get_cpu_driver(), +the later function can retrieve driver handler for previous CPUs +according to the CPU device handler so can unregister the driver +properly. + +This patch also adds extra error handling paths 'goto out_kfree_dev' +and 'goto out_kfree_drv' and adjusts the freeing sentences for previous +CPUs; so make the code more readable for freeing 'dev' and 'drv' +structures. + +Suggested-by: Daniel Lezcano +Signed-off-by: Leo Yan +Fixes: d50a7d8acd78 (ARM: cpuidle: Support asymmetric idle definition) +Acked-by: Daniel Lezcano +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/cpuidle/cpuidle-arm.c | 22 +++++++++++++--------- + 1 file changed, 13 insertions(+), 9 deletions(-) + +--- a/drivers/cpuidle/cpuidle-arm.c ++++ b/drivers/cpuidle/cpuidle-arm.c +@@ -104,13 +104,13 @@ static int __init arm_idle_init(void) + ret = dt_init_idle_driver(drv, arm_idle_state_match, 1); + if (ret <= 0) { + ret = ret ? : -ENODEV; +- goto init_fail; ++ goto out_kfree_drv; + } + + ret = cpuidle_register_driver(drv); + if (ret) { + pr_err("Failed to register cpuidle driver\n"); +- goto init_fail; ++ goto out_kfree_drv; + } + + /* +@@ -128,14 +128,14 @@ static int __init arm_idle_init(void) + + if (ret) { + pr_err("CPU %d failed to init idle CPU ops\n", cpu); +- goto out_fail; ++ goto out_unregister_drv; + } + + dev = kzalloc(sizeof(*dev), GFP_KERNEL); + if (!dev) { + pr_err("Failed to allocate cpuidle device\n"); + ret = -ENOMEM; +- goto out_fail; ++ goto out_unregister_drv; + } + dev->cpu = cpu; + +@@ -143,21 +143,25 @@ static int __init arm_idle_init(void) + if (ret) { + pr_err("Failed to register cpuidle device for CPU %d\n", + cpu); +- kfree(dev); +- goto out_fail; ++ goto out_kfree_dev; + } + } + + return 0; +-init_fail: ++ ++out_kfree_dev: ++ kfree(dev); ++out_unregister_drv: ++ cpuidle_unregister_driver(drv); ++out_kfree_drv: + kfree(drv); + out_fail: + while (--cpu >= 0) { + dev = per_cpu(cpuidle_devices, cpu); ++ drv = cpuidle_get_cpu_driver(dev); + cpuidle_unregister_device(dev); +- kfree(dev); +- drv = cpuidle_get_driver(); + cpuidle_unregister_driver(drv); ++ kfree(dev); + kfree(drv); + } + diff --git a/queue-4.14/clocksource-drivers-arm_arch_timer-validate-cntfrq-after-enabling-frame.patch b/queue-4.14/clocksource-drivers-arm_arch_timer-validate-cntfrq-after-enabling-frame.patch new file mode 100644 index 00000000000..c83d229e1c0 --- /dev/null +++ b/queue-4.14/clocksource-drivers-arm_arch_timer-validate-cntfrq-after-enabling-frame.patch @@ -0,0 +1,114 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Ard Biesheuvel +Date: Mon, 16 Oct 2017 16:28:38 +0100 +Subject: clocksource/drivers/arm_arch_timer: Validate CNTFRQ after enabling frame + +From: Ard Biesheuvel + + +[ Upstream commit 21492e1333a0d07af6968667f128e19088cf5ead ] + +The ACPI GTDT code validates the CNTFRQ field of each MMIO timer +frame against the CNTFRQ system register of the current CPU, to +ensure that they are equal, which is mandated by the architecture. + +However, reading the CNTFRQ field of a frame is not possible until +the RFRQ bit in the frame's CNTACRn register is set, and doing so +before that willl produce the following error: + + arch_timer: [Firmware Bug]: CNTFRQ mismatch: frame @ 0x00000000e0be0000: (0x00000000), CPU: (0x0ee6b280) + arch_timer: Disabling MMIO timers due to CNTFRQ mismatch + arch_timer: Failed to initialize memory-mapped timer. + +The reason is that the CNTFRQ field is RES0 if access is not enabled. + +So move the validation of CNTFRQ into the loop that iterates over the +timers to find the best frame, but defer it until after we have selected +the best frame, which should also have enabled the RFRQ bit. + +Signed-off-by: Ard Biesheuvel +Signed-off-by: Mark Rutland +Signed-off-by: Daniel Lezcano +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clocksource/arm_arch_timer.c | 38 +++++++++++++++++++---------------- + 1 file changed, 21 insertions(+), 17 deletions(-) + +--- a/drivers/clocksource/arm_arch_timer.c ++++ b/drivers/clocksource/arm_arch_timer.c +@@ -1268,10 +1268,6 @@ arch_timer_mem_find_best_frame(struct ar + + iounmap(cntctlbase); + +- if (!best_frame) +- pr_err("Unable to find a suitable frame in timer @ %pa\n", +- &timer_mem->cntctlbase); +- + return best_frame; + } + +@@ -1372,6 +1368,8 @@ static int __init arch_timer_mem_of_init + + frame = arch_timer_mem_find_best_frame(timer_mem); + if (!frame) { ++ pr_err("Unable to find a suitable frame in timer @ %pa\n", ++ &timer_mem->cntctlbase); + ret = -EINVAL; + goto out; + } +@@ -1420,7 +1418,7 @@ arch_timer_mem_verify_cntfrq(struct arch + static int __init arch_timer_mem_acpi_init(int platform_timer_count) + { + struct arch_timer_mem *timers, *timer; +- struct arch_timer_mem_frame *frame; ++ struct arch_timer_mem_frame *frame, *best_frame = NULL; + int timer_count, i, ret = 0; + + timers = kcalloc(platform_timer_count, sizeof(*timers), +@@ -1432,14 +1430,6 @@ static int __init arch_timer_mem_acpi_in + if (ret || !timer_count) + goto out; + +- for (i = 0; i < timer_count; i++) { +- ret = arch_timer_mem_verify_cntfrq(&timers[i]); +- if (ret) { +- pr_err("Disabling MMIO timers due to CNTFRQ mismatch\n"); +- goto out; +- } +- } +- + /* + * While unlikely, it's theoretically possible that none of the frames + * in a timer expose the combination of feature we want. +@@ -1448,12 +1438,26 @@ static int __init arch_timer_mem_acpi_in + timer = &timers[i]; + + frame = arch_timer_mem_find_best_frame(timer); +- if (frame) +- break; ++ if (!best_frame) ++ best_frame = frame; ++ ++ ret = arch_timer_mem_verify_cntfrq(timer); ++ if (ret) { ++ pr_err("Disabling MMIO timers due to CNTFRQ mismatch\n"); ++ goto out; ++ } ++ ++ if (!best_frame) /* implies !frame */ ++ /* ++ * Only complain about missing suitable frames if we ++ * haven't already found one in a previous iteration. ++ */ ++ pr_err("Unable to find a suitable frame in timer @ %pa\n", ++ &timer->cntctlbase); + } + +- if (frame) +- ret = arch_timer_mem_frame_register(frame); ++ if (best_frame) ++ ret = arch_timer_mem_frame_register(best_frame); + out: + kfree(timers); + return ret; diff --git a/queue-4.14/dt-bindings-timer-renesas-cmt-fix-soc-specific-compatible-values.patch b/queue-4.14/dt-bindings-timer-renesas-cmt-fix-soc-specific-compatible-values.patch new file mode 100644 index 00000000000..713eb67c71b --- /dev/null +++ b/queue-4.14/dt-bindings-timer-renesas-cmt-fix-soc-specific-compatible-values.patch @@ -0,0 +1,78 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Geert Uytterhoeven +Date: Mon, 18 Sep 2017 15:46:41 +0200 +Subject: dt-bindings: timer: renesas, cmt: Fix SoC-specific compatible values + +From: Geert Uytterhoeven + + +[ Upstream commit e20824e944c3bf4352fcd8d9f446c41b53901e7b ] + +While the new family-specific compatible values introduced by commit +6f54cc1adcc8957f ("devicetree: bindings: R-Car Gen2 CMT0 and CMT1 +bindings") use the recommended order ",-", the +new SoC-specific compatible values still use the old and deprecated +order ",-". + +Switch the SoC-specific compatible values to the recommended order while +there are no upstream users of these compatible values yet. + +Fixes: 7f03a0ecfdc786c1 ("devicetree: bindings: r8a73a4 and R-Car Gen2 CMT bindings") +Fixes: 63d9e8ca0dd4bfa4 ("devicetree: bindings: Deprecate property, update example") +Signed-off-by: Geert Uytterhoeven +Acked-by: Rob Herring +Reviewed-by: Laurent Pinchart +Signed-off-by: Daniel Lezcano +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/devicetree/bindings/timer/renesas,cmt.txt | 24 ++++++++-------- + 1 file changed, 12 insertions(+), 12 deletions(-) + +--- a/Documentation/devicetree/bindings/timer/renesas,cmt.txt ++++ b/Documentation/devicetree/bindings/timer/renesas,cmt.txt +@@ -20,16 +20,16 @@ Required Properties: + (CMT1 on sh73a0 and r8a7740) + This is a fallback for the above renesas,cmt-48-* entries. + +- - "renesas,cmt0-r8a73a4" for the 32-bit CMT0 device included in r8a73a4. +- - "renesas,cmt1-r8a73a4" for the 48-bit CMT1 device included in r8a73a4. +- - "renesas,cmt0-r8a7790" for the 32-bit CMT0 device included in r8a7790. +- - "renesas,cmt1-r8a7790" for the 48-bit CMT1 device included in r8a7790. +- - "renesas,cmt0-r8a7791" for the 32-bit CMT0 device included in r8a7791. +- - "renesas,cmt1-r8a7791" for the 48-bit CMT1 device included in r8a7791. +- - "renesas,cmt0-r8a7793" for the 32-bit CMT0 device included in r8a7793. +- - "renesas,cmt1-r8a7793" for the 48-bit CMT1 device included in r8a7793. +- - "renesas,cmt0-r8a7794" for the 32-bit CMT0 device included in r8a7794. +- - "renesas,cmt1-r8a7794" for the 48-bit CMT1 device included in r8a7794. ++ - "renesas,r8a73a4-cmt0" for the 32-bit CMT0 device included in r8a73a4. ++ - "renesas,r8a73a4-cmt1" for the 48-bit CMT1 device included in r8a73a4. ++ - "renesas,r8a7790-cmt0" for the 32-bit CMT0 device included in r8a7790. ++ - "renesas,r8a7790-cmt1" for the 48-bit CMT1 device included in r8a7790. ++ - "renesas,r8a7791-cmt0" for the 32-bit CMT0 device included in r8a7791. ++ - "renesas,r8a7791-cmt1" for the 48-bit CMT1 device included in r8a7791. ++ - "renesas,r8a7793-cmt0" for the 32-bit CMT0 device included in r8a7793. ++ - "renesas,r8a7793-cmt1" for the 48-bit CMT1 device included in r8a7793. ++ - "renesas,r8a7794-cmt0" for the 32-bit CMT0 device included in r8a7794. ++ - "renesas,r8a7794-cmt1" for the 48-bit CMT1 device included in r8a7794. + + - "renesas,rcar-gen2-cmt0" for 32-bit CMT0 devices included in R-Car Gen2. + - "renesas,rcar-gen2-cmt1" for 48-bit CMT1 devices included in R-Car Gen2. +@@ -46,7 +46,7 @@ Required Properties: + Example: R8A7790 (R-Car H2) CMT0 and CMT1 nodes + + cmt0: timer@ffca0000 { +- compatible = "renesas,cmt0-r8a7790", "renesas,rcar-gen2-cmt0"; ++ compatible = "renesas,r8a7790-cmt0", "renesas,rcar-gen2-cmt0"; + reg = <0 0xffca0000 0 0x1004>; + interrupts = <0 142 IRQ_TYPE_LEVEL_HIGH>, + <0 142 IRQ_TYPE_LEVEL_HIGH>; +@@ -55,7 +55,7 @@ Example: R8A7790 (R-Car H2) CMT0 and CMT + }; + + cmt1: timer@e6130000 { +- compatible = "renesas,cmt1-r8a7790", "renesas,rcar-gen2-cmt1"; ++ compatible = "renesas,r8a7790-cmt1", "renesas,rcar-gen2-cmt1"; + reg = <0 0xe6130000 0 0x1004>; + interrupts = <0 120 IRQ_TYPE_LEVEL_HIGH>, + <0 121 IRQ_TYPE_LEVEL_HIGH>, diff --git a/queue-4.14/edac-sb_edac-fix-missing-break-in-switch.patch b/queue-4.14/edac-sb_edac-fix-missing-break-in-switch.patch new file mode 100644 index 00000000000..a9b6d83c9e4 --- /dev/null +++ b/queue-4.14/edac-sb_edac-fix-missing-break-in-switch.patch @@ -0,0 +1,34 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: "Gustavo A. R. Silva" +Date: Mon, 16 Oct 2017 12:40:29 -0500 +Subject: EDAC, sb_edac: Fix missing break in switch + +From: "Gustavo A. R. Silva" + + +[ Upstream commit a8e9b186f153a44690ad0363a56716e7077ad28c ] + +Add missing break statement in order to prevent the code from falling +through. + +Signed-off-by: Gustavo A. R. Silva +Cc: Qiuxu Zhuo +Cc: linux-edac +Link: http://lkml.kernel.org/r/20171016174029.GA19757@embeddedor.com +Signed-off-by: Borislav Petkov +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/edac/sb_edac.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/edac/sb_edac.c ++++ b/drivers/edac/sb_edac.c +@@ -2498,6 +2498,7 @@ static int ibridge_mci_bind_devs(struct + case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_TA: + case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA1_TA: + pvt->pci_ta = pdev; ++ break; + case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA0_RAS: + case PCI_DEVICE_ID_INTEL_IBRIDGE_IMC_HA1_RAS: + pvt->pci_ras = pdev; diff --git a/queue-4.14/hwmon-pmbus-core-prevent-unintentional-setting-of-page-to-0xff.patch b/queue-4.14/hwmon-pmbus-core-prevent-unintentional-setting-of-page-to-0xff.patch new file mode 100644 index 00000000000..95f7745d513 --- /dev/null +++ b/queue-4.14/hwmon-pmbus-core-prevent-unintentional-setting-of-page-to-0xff.patch @@ -0,0 +1,115 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: "Edward A. James" +Date: Fri, 27 Oct 2017 11:55:05 -0500 +Subject: hwmon: (pmbus/core) Prevent unintentional setting of page to 0xFF + +From: "Edward A. James" + + +[ Upstream commit 6dcf2fb5e8db3704f50af1f198256cb4e2453f8b ] + +The pmbus core may call read/write word data functions with a page value +of -1, intending to perform the operation without setting the page. +However, the read/write word data functions accept only unsigned 8-bit +page numbers, and therefore cannot check for negative page number to +avoid setting the page. This results in setting the page number to 0xFF. +This may result in errors or undefined behavior of some devices +(specifically the ir35221, which allows the page to be set to 0xFF, +but some subsequent operations to read registers may fail). + +Switch the pmbus_set_page page parameter to an integer and perform the +check for negative page there. Make read/write functions consistent in +accepting an integer page number parameter. + +Signed-off-by: Edward A. James +Fixes: cbcdec6202c9 ("hwmon: (pmbus): Access word data for STATUS_WORD") +Signed-off-by: Guenter Roeck +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hwmon/pmbus/pmbus.h | 6 +++--- + drivers/hwmon/pmbus/pmbus_core.c | 25 +++++++++++-------------- + 2 files changed, 14 insertions(+), 17 deletions(-) + +--- a/drivers/hwmon/pmbus/pmbus.h ++++ b/drivers/hwmon/pmbus/pmbus.h +@@ -404,9 +404,9 @@ extern const struct regulator_ops pmbus_ + /* Function declarations */ + + void pmbus_clear_cache(struct i2c_client *client); +-int pmbus_set_page(struct i2c_client *client, u8 page); +-int pmbus_read_word_data(struct i2c_client *client, u8 page, u8 reg); +-int pmbus_write_word_data(struct i2c_client *client, u8 page, u8 reg, u16 word); ++int pmbus_set_page(struct i2c_client *client, int page); ++int pmbus_read_word_data(struct i2c_client *client, int page, u8 reg); ++int pmbus_write_word_data(struct i2c_client *client, int page, u8 reg, u16 word); + int pmbus_read_byte_data(struct i2c_client *client, int page, u8 reg); + int pmbus_write_byte(struct i2c_client *client, int page, u8 value); + int pmbus_write_byte_data(struct i2c_client *client, int page, u8 reg, +--- a/drivers/hwmon/pmbus/pmbus_core.c ++++ b/drivers/hwmon/pmbus/pmbus_core.c +@@ -136,13 +136,13 @@ void pmbus_clear_cache(struct i2c_client + } + EXPORT_SYMBOL_GPL(pmbus_clear_cache); + +-int pmbus_set_page(struct i2c_client *client, u8 page) ++int pmbus_set_page(struct i2c_client *client, int page) + { + struct pmbus_data *data = i2c_get_clientdata(client); + int rv = 0; + int newpage; + +- if (page != data->currpage) { ++ if (page >= 0 && page != data->currpage) { + rv = i2c_smbus_write_byte_data(client, PMBUS_PAGE, page); + newpage = i2c_smbus_read_byte_data(client, PMBUS_PAGE); + if (newpage != page) +@@ -158,11 +158,9 @@ int pmbus_write_byte(struct i2c_client * + { + int rv; + +- if (page >= 0) { +- rv = pmbus_set_page(client, page); +- if (rv < 0) +- return rv; +- } ++ rv = pmbus_set_page(client, page); ++ if (rv < 0) ++ return rv; + + return i2c_smbus_write_byte(client, value); + } +@@ -186,7 +184,8 @@ static int _pmbus_write_byte(struct i2c_ + return pmbus_write_byte(client, page, value); + } + +-int pmbus_write_word_data(struct i2c_client *client, u8 page, u8 reg, u16 word) ++int pmbus_write_word_data(struct i2c_client *client, int page, u8 reg, ++ u16 word) + { + int rv; + +@@ -219,7 +218,7 @@ static int _pmbus_write_word_data(struct + return pmbus_write_word_data(client, page, reg, word); + } + +-int pmbus_read_word_data(struct i2c_client *client, u8 page, u8 reg) ++int pmbus_read_word_data(struct i2c_client *client, int page, u8 reg) + { + int rv; + +@@ -255,11 +254,9 @@ int pmbus_read_byte_data(struct i2c_clie + { + int rv; + +- if (page >= 0) { +- rv = pmbus_set_page(client, page); +- if (rv < 0) +- return rv; +- } ++ rv = pmbus_set_page(client, page); ++ if (rv < 0) ++ return rv; + + return i2c_smbus_read_byte_data(client, reg); + } diff --git a/queue-4.14/iio-adc-ti-ads1015-add-10-to-conversion-wait-time.patch b/queue-4.14/iio-adc-ti-ads1015-add-10-to-conversion-wait-time.patch new file mode 100644 index 00000000000..3917e590a4b --- /dev/null +++ b/queue-4.14/iio-adc-ti-ads1015-add-10-to-conversion-wait-time.patch @@ -0,0 +1,39 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Ladislav Michl +Date: Fri, 25 Aug 2017 07:39:16 +0200 +Subject: iio: adc: ti-ads1015: add 10% to conversion wait time + +From: Ladislav Michl + + +[ Upstream commit fe895ac88b9fbdf2026f0bfd56c82747bb9d7c48 ] + +As user's guide "ADS1015EVM, ADS1115EVM, ADS1015EVM-PDK, ADS1115EVM-PDK +User Guide (Rev. B)" (http://www.ti.com/lit/ug/sbau157b/sbau157b.pdf) +states at page 16: +"Note that both the ADS1115 and ADS1015 have internal clocks with a ±10% +accuracy. If performing FFT tests, frequencies may appear to be incorrect +as a result of this tolerance range.", add those 10% to converion wait +time. + +Cc: Daniel Baluta +Cc: Jonathan Cameron +Signed-off-by: Ladislav Michl +Reviewed-by: Akinobu Mita +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/adc/ti-ads1015.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/iio/adc/ti-ads1015.c ++++ b/drivers/iio/adc/ti-ads1015.c +@@ -369,6 +369,7 @@ int ads1015_get_adc_result(struct ads101 + + conv_time = DIV_ROUND_UP(USEC_PER_SEC, data->data_rate[dr_old]); + conv_time += DIV_ROUND_UP(USEC_PER_SEC, data->data_rate[dr]); ++ conv_time += conv_time / 10; /* 10% internal clock inaccuracy */ + usleep_range(conv_time, conv_time + 1); + data->conv_invalid = false; + } diff --git a/queue-4.14/iio-multiplexer-add-null-check-on-devm_kzalloc-and-devm_kmemdup-return-values.patch b/queue-4.14/iio-multiplexer-add-null-check-on-devm_kzalloc-and-devm_kmemdup-return-values.patch new file mode 100644 index 00000000000..54308f763b7 --- /dev/null +++ b/queue-4.14/iio-multiplexer-add-null-check-on-devm_kzalloc-and-devm_kmemdup-return-values.patch @@ -0,0 +1,56 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: "Gustavo A. R. Silva" +Date: Thu, 6 Jul 2017 23:53:11 -0500 +Subject: iio: multiplexer: add NULL check on devm_kzalloc() and devm_kmemdup() return values + +From: "Gustavo A. R. Silva" + + +[ Upstream commit dd92d5ea20ef8a42be7aeda08c669c586c730451 ] + +Check return values from call to devm_kzalloc() and devm_kmemup() +in order to prevent a NULL pointer dereference. + +This issue was detected using Coccinelle and the following semantic patch: + +@@ +expression x; +identifier fld; +@@ + +* x = devm_kzalloc(...); + ... when != x == NULL + x->fld + +Fixes: 7ba9df54b091 ("iio: multiplexer: new iio category and iio-mux driver") +Signed-off-by: Gustavo A. R. Silva +Acked-by: Peter Rosin +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/multiplexer/iio-mux.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/iio/multiplexer/iio-mux.c ++++ b/drivers/iio/multiplexer/iio-mux.c +@@ -285,6 +285,9 @@ static int mux_configure_channel(struct + child->ext_info_cache = devm_kzalloc(dev, + sizeof(*child->ext_info_cache) * + num_ext_info, GFP_KERNEL); ++ if (!child->ext_info_cache) ++ return -ENOMEM; ++ + for (i = 0; i < num_ext_info; ++i) { + child->ext_info_cache[i].size = -1; + +@@ -309,6 +312,9 @@ static int mux_configure_channel(struct + + child->ext_info_cache[i].data = devm_kmemdup(dev, page, ret + 1, + GFP_KERNEL); ++ if (!child->ext_info_cache[i].data) ++ return -ENOMEM; ++ + child->ext_info_cache[i].data[ret] = 0; + child->ext_info_cache[i].size = ret; + } diff --git a/queue-4.14/ima-fix-hash-algorithm-initialization.patch b/queue-4.14/ima-fix-hash-algorithm-initialization.patch new file mode 100644 index 00000000000..32653c1b59b --- /dev/null +++ b/queue-4.14/ima-fix-hash-algorithm-initialization.patch @@ -0,0 +1,45 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Boshi Wang +Date: Fri, 20 Oct 2017 16:01:03 +0800 +Subject: ima: fix hash algorithm initialization + +From: Boshi Wang + + +[ Upstream commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee ] + +The hash_setup function always sets the hash_setup_done flag, even +when the hash algorithm is invalid. This prevents the default hash +algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used. + +This patch sets hash_setup_done flag only for valid hash algorithms. + +Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash algorithms" +Signed-off-by: Boshi Wang +Signed-off-by: Mimi Zohar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/ima/ima_main.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/security/integrity/ima/ima_main.c ++++ b/security/integrity/ima/ima_main.c +@@ -51,6 +51,8 @@ static int __init hash_setup(char *str) + ima_hash_algo = HASH_ALGO_SHA1; + else if (strncmp(str, "md5", 3) == 0) + ima_hash_algo = HASH_ALGO_MD5; ++ else ++ return 1; + goto out; + } + +@@ -60,6 +62,8 @@ static int __init hash_setup(char *str) + break; + } + } ++ if (i == HASH_ALGO__LAST) ++ return 1; + out: + hash_setup_done = 1; + return 1; diff --git a/queue-4.14/kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch b/queue-4.14/kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch new file mode 100644 index 00000000000..4c73e19d363 --- /dev/null +++ b/queue-4.14/kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch @@ -0,0 +1,74 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Masami Hiramatsu +Date: Fri, 20 Oct 2017 08:43:39 +0900 +Subject: kprobes: Use synchronize_rcu_tasks() for optprobe with CONFIG_PREEMPT=y + +From: Masami Hiramatsu + + +[ Upstream commit a30b85df7d599f626973e9cd3056fe755bd778e0 ] + +We want to wait for all potentially preempted kprobes trampoline +execution to have completed. This guarantees that any freed +trampoline memory is not in use by any task in the system anymore. +synchronize_rcu_tasks() gives such a guarantee, so use it. + +Also, this guarantees to wait for all potentially preempted tasks +on the instructions which will be replaced with a jump. + +Since this becomes a problem only when CONFIG_PREEMPT=y, enable +CONFIG_TASKS_RCU=y for synchronize_rcu_tasks() in that case. + +Signed-off-by: Masami Hiramatsu +Acked-by: Paul E. McKenney +Cc: Ananth N Mavinakayanahalli +Cc: Linus Torvalds +Cc: Naveen N . Rao +Cc: Paul E . McKenney +Cc: Peter Zijlstra +Cc: Steven Rostedt +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/150845661962.5443.17724352636247312231.stgit@devbox +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/Kconfig | 2 +- + kernel/kprobes.c | 14 ++++++++------ + 2 files changed, 9 insertions(+), 7 deletions(-) + +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -91,7 +91,7 @@ config STATIC_KEYS_SELFTEST + config OPTPROBES + def_bool y + depends on KPROBES && HAVE_OPTPROBES +- depends on !PREEMPT ++ select TASKS_RCU if PREEMPT + + config KPROBES_ON_FTRACE + def_bool y +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -573,13 +573,15 @@ static void kprobe_optimizer(struct work + do_unoptimize_kprobes(); + + /* +- * Step 2: Wait for quiesence period to ensure all running interrupts +- * are done. Because optprobe may modify multiple instructions +- * there is a chance that Nth instruction is interrupted. In that +- * case, running interrupt can return to 2nd-Nth byte of jump +- * instruction. This wait is for avoiding it. ++ * Step 2: Wait for quiesence period to ensure all potentially ++ * preempted tasks to have normally scheduled. Because optprobe ++ * may modify multiple instructions, there is a chance that Nth ++ * instruction is preempted. In that case, such tasks can return ++ * to 2nd-Nth byte of jump instruction. This wait is for avoiding it. ++ * Note that on non-preemptive kernel, this is transparently converted ++ * to synchronoze_sched() to wait for all interrupts to have completed. + */ +- synchronize_sched(); ++ synchronize_rcu_tasks(); + + /* Step 3: Optimize kprobes after quiesence period */ + do_optimize_kprobes(); diff --git a/queue-4.14/kprobes-x86-disable-preemption-in-ftrace-based-jprobes.patch b/queue-4.14/kprobes-x86-disable-preemption-in-ftrace-based-jprobes.patch new file mode 100644 index 00000000000..b1362e57f51 --- /dev/null +++ b/queue-4.14/kprobes-x86-disable-preemption-in-ftrace-based-jprobes.patch @@ -0,0 +1,93 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Masami Hiramatsu +Date: Tue, 19 Sep 2017 19:01:40 +0900 +Subject: kprobes/x86: Disable preemption in ftrace-based jprobes + +From: Masami Hiramatsu + + +[ Upstream commit 5bb4fc2d8641219732eb2bb654206775a4219aca ] + +Disable preemption in ftrace-based jprobe handlers as +described in Documentation/kprobes.txt: + + "Probe handlers are run with preemption disabled." + +This will fix jprobes behavior when CONFIG_PREEMPT=y. + +Signed-off-by: Masami Hiramatsu +Cc: Alexei Starovoitov +Cc: Alexei Starovoitov +Cc: Ananth N Mavinakayanahalli +Cc: Linus Torvalds +Cc: Paul E . McKenney +Cc: Peter Zijlstra +Cc: Steven Rostedt +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/150581530024.32348.9863783558598926771.stgit@devbox +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/kprobes/ftrace.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +--- a/arch/x86/kernel/kprobes/ftrace.c ++++ b/arch/x86/kernel/kprobes/ftrace.c +@@ -26,7 +26,7 @@ + #include "common.h" + + static nokprobe_inline +-int __skip_singlestep(struct kprobe *p, struct pt_regs *regs, ++void __skip_singlestep(struct kprobe *p, struct pt_regs *regs, + struct kprobe_ctlblk *kcb, unsigned long orig_ip) + { + /* +@@ -41,20 +41,21 @@ int __skip_singlestep(struct kprobe *p, + __this_cpu_write(current_kprobe, NULL); + if (orig_ip) + regs->ip = orig_ip; +- return 1; + } + + int skip_singlestep(struct kprobe *p, struct pt_regs *regs, + struct kprobe_ctlblk *kcb) + { +- if (kprobe_ftrace(p)) +- return __skip_singlestep(p, regs, kcb, 0); +- else +- return 0; ++ if (kprobe_ftrace(p)) { ++ __skip_singlestep(p, regs, kcb, 0); ++ preempt_enable_no_resched(); ++ return 1; ++ } ++ return 0; + } + NOKPROBE_SYMBOL(skip_singlestep); + +-/* Ftrace callback handler for kprobes */ ++/* Ftrace callback handler for kprobes -- called under preepmt disabed */ + void kprobe_ftrace_handler(unsigned long ip, unsigned long parent_ip, + struct ftrace_ops *ops, struct pt_regs *regs) + { +@@ -77,13 +78,17 @@ void kprobe_ftrace_handler(unsigned long + /* Kprobe handler expects regs->ip = ip + 1 as breakpoint hit */ + regs->ip = ip + sizeof(kprobe_opcode_t); + ++ /* To emulate trap based kprobes, preempt_disable here */ ++ preempt_disable(); + __this_cpu_write(current_kprobe, p); + kcb->kprobe_status = KPROBE_HIT_ACTIVE; +- if (!p->pre_handler || !p->pre_handler(p, regs)) ++ if (!p->pre_handler || !p->pre_handler(p, regs)) { + __skip_singlestep(p, regs, kcb, orig_ip); ++ preempt_enable_no_resched(); ++ } + /* + * If pre_handler returns !0, it sets regs->ip and +- * resets current kprobe. ++ * resets current kprobe, and keep preempt count +1. + */ + } + end: diff --git a/queue-4.14/locking-refcounts-x86-asm-enable-config_arch_has_refcount.patch b/queue-4.14/locking-refcounts-x86-asm-enable-config_arch_has_refcount.patch new file mode 100644 index 00000000000..2d37396f665 --- /dev/null +++ b/queue-4.14/locking-refcounts-x86-asm-enable-config_arch_has_refcount.patch @@ -0,0 +1,40 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Kees Cook +Date: Sat, 2 Sep 2017 13:09:46 -0700 +Subject: locking/refcounts, x86/asm: Enable CONFIG_ARCH_HAS_REFCOUNT + +From: Kees Cook + + +[ Upstream commit 39208aa7ecb7d9c4e86df782b5693270313cbab1 ] + +With the section inlining bug fixed for the x86 refcount protection, +we can turn the config back on. + +Signed-off-by: Kees Cook +Cc: Ard Biesheuvel +Cc: Elena +Cc: Linus Torvalds +Cc: Mike Galbraith +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: linux-arch +Link: http://lkml.kernel.org/r/1504382986-49301-3-git-send-email-keescook@chromium.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -56,7 +56,7 @@ config X86 + select ARCH_HAS_KCOV if X86_64 + select ARCH_HAS_PMEM_API if X86_64 + # Causing hangs/crashes, see the commit that added this change for details. +- select ARCH_HAS_REFCOUNT if BROKEN ++ select ARCH_HAS_REFCOUNT + select ARCH_HAS_UACCESS_FLUSHCACHE if X86_64 + select ARCH_HAS_SET_MEMORY + select ARCH_HAS_SG_CHAIN diff --git a/queue-4.14/locking-refcounts-x86-asm-use-unique-.text-section-for-refcount-exceptions.patch b/queue-4.14/locking-refcounts-x86-asm-use-unique-.text-section-for-refcount-exceptions.patch new file mode 100644 index 00000000000..7860e3467ce --- /dev/null +++ b/queue-4.14/locking-refcounts-x86-asm-use-unique-.text-section-for-refcount-exceptions.patch @@ -0,0 +1,105 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Kees Cook +Date: Sat, 2 Sep 2017 13:09:45 -0700 +Subject: locking/refcounts, x86/asm: Use unique .text section for refcount exceptions + +From: Kees Cook + + +[ Upstream commit 564c9cc84e2adf8a6671c1937f0a9fe3da2a4b0e ] + +Using .text.unlikely for refcount exceptions isn't safe because gcc may +move entire functions into .text.unlikely (e.g. in6_dev_dev()), which +would cause any uses of a protected refcount_t function to stay inline +with the function, triggering the protection unconditionally: + + .section .text.unlikely,"ax",@progbits + .type in6_dev_get, @function +in6_dev_getx: +.LFB4673: + .loc 2 4128 0 + .cfi_startproc +... + lock; incl 480(%rbx) + js 111f + .pushsection .text.unlikely +111: lea 480(%rbx), %rcx +112: .byte 0x0f, 0xff +.popsection +113: + +This creates a unique .text..refcount section and adds an additional +test to the exception handler to WARN in the case of having none of OF, +SF, nor ZF set so we can see things like this more easily in the future. + +The double dot for the section name keeps it out of the TEXT_MAIN macro +namespace, to avoid collisions and so it can be put at the end with +text.unlikely to keep the cold code together. + +See commit: + + cb87481ee89db ("kbuild: linker script do not match C names unless LD_DEAD_CODE_DATA_ELIMINATION is configured") + +... which matches C names: [a-zA-Z0-9_] but not ".". + +Reported-by: Mike Galbraith +Signed-off-by: Kees Cook +Cc: Ard Biesheuvel +Cc: Elena +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: linux-arch +Fixes: 7a46ec0e2f48 ("locking/refcounts, x86/asm: Implement fast refcount overflow protection") +Link: http://lkml.kernel.org/r/1504382986-49301-2-git-send-email-keescook@chromium.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/refcount.h | 2 +- + arch/x86/mm/extable.c | 7 ++++++- + include/asm-generic/vmlinux.lds.h | 1 + + 3 files changed, 8 insertions(+), 2 deletions(-) + +--- a/arch/x86/include/asm/refcount.h ++++ b/arch/x86/include/asm/refcount.h +@@ -15,7 +15,7 @@ + * back to the regular execution flow in .text. + */ + #define _REFCOUNT_EXCEPTION \ +- ".pushsection .text.unlikely\n" \ ++ ".pushsection .text..refcount\n" \ + "111:\tlea %[counter], %%" _ASM_CX "\n" \ + "112:\t" ASM_UD0 "\n" \ + ASM_UNREACHABLE \ +--- a/arch/x86/mm/extable.c ++++ b/arch/x86/mm/extable.c +@@ -67,12 +67,17 @@ bool ex_handler_refcount(const struct ex + * wrapped around) will be set. Additionally, seeing the refcount + * reach 0 will set ZF (Zero Flag: result was zero). In each of + * these cases we want a report, since it's a boundary condition. +- * ++ * The SF case is not reported since it indicates post-boundary ++ * manipulations below zero or above INT_MAX. And if none of the ++ * flags are set, something has gone very wrong, so report it. + */ + if (regs->flags & (X86_EFLAGS_OF | X86_EFLAGS_ZF)) { + bool zero = regs->flags & X86_EFLAGS_ZF; + + refcount_error_report(regs, zero ? "hit zero" : "overflow"); ++ } else if ((regs->flags & X86_EFLAGS_SF) == 0) { ++ /* Report if none of OF, ZF, nor SF are set. */ ++ refcount_error_report(regs, "unexpected saturation"); + } + + return true; +--- a/include/asm-generic/vmlinux.lds.h ++++ b/include/asm-generic/vmlinux.lds.h +@@ -459,6 +459,7 @@ + #define TEXT_TEXT \ + ALIGN_FUNCTION(); \ + *(.text.hot TEXT_MAIN .text.fixup .text.unlikely) \ ++ *(.text..refcount) \ + *(.ref.text) \ + MEM_KEEP(init.text) \ + MEM_KEEP(exit.text) \ diff --git a/queue-4.14/m68k-fix-coldfire-node-shift-size-calculation.patch b/queue-4.14/m68k-fix-coldfire-node-shift-size-calculation.patch new file mode 100644 index 00000000000..994e57edd24 --- /dev/null +++ b/queue-4.14/m68k-fix-coldfire-node-shift-size-calculation.patch @@ -0,0 +1,37 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Greg Ungerer +Date: Tue, 5 Sep 2017 22:57:06 +1000 +Subject: m68k: fix ColdFire node shift size calculation + +From: Greg Ungerer + + +[ Upstream commit f55ab8f27548ff3431a6567d400c6757c49fd520 ] + +The m68k pg_data_table is a fix size array defined in arch/m68k/mm/init.c. +Index numbers within it are defined based on memory size. But for Coldfire +these don't take into account a non-zero physical RAM base address, and this +causes us to access past the end of this array at system start time. + +Change the node shift calculation so that we keep the index inside its range. + +Reported-by: Angelo Dureghello +Tested-by: Angelo Dureghello +Signed-off-by: Greg Ungerer +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/m68k/mm/mcfmmu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/m68k/mm/mcfmmu.c ++++ b/arch/m68k/mm/mcfmmu.c +@@ -170,7 +170,7 @@ void __init cf_bootmem_alloc(void) + max_pfn = max_low_pfn = PFN_DOWN(_ramend); + high_memory = (void *)_ramend; + +- m68k_virt_to_node_shift = fls(_ramend - _rambase - 1) - 6; ++ m68k_virt_to_node_shift = fls(_ramend - 1) - 6; + module_fixup(NULL, __start_fixup, __stop_fixup); + + /* setup bootmem data */ diff --git a/queue-4.14/mm-x86-mm-fix-performance-regression-in-get_user_pages_fast.patch b/queue-4.14/mm-x86-mm-fix-performance-regression-in-get_user_pages_fast.patch new file mode 100644 index 00000000000..2bfd23e5791 --- /dev/null +++ b/queue-4.14/mm-x86-mm-fix-performance-regression-in-get_user_pages_fast.patch @@ -0,0 +1,183 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: "Kirill A. Shutemov" +Date: Sat, 9 Sep 2017 00:56:03 +0300 +Subject: mm, x86/mm: Fix performance regression in get_user_pages_fast() + +From: "Kirill A. Shutemov" + + +[ Upstream commit 5b65c4677a57a1d4414212f9995aa0e46a21ff80 ] + +The 0-day test bot found a performance regression that was tracked down to +switching x86 to the generic get_user_pages_fast() implementation: + + http://lkml.kernel.org/r/20170710024020.GA26389@yexl-desktop + +The regression was caused by the fact that we now use local_irq_save() + +local_irq_restore() in get_user_pages_fast() to disable interrupts. +In x86 implementation local_irq_disable() + local_irq_enable() was used. + +The fix is to make get_user_pages_fast() use local_irq_disable(), +leaving local_irq_save() for __get_user_pages_fast() that can be called +with interrupts disabled. + +Numbers for pinning a gigabyte of memory, one page a time, 20 repeats: + + Before: Average: 14.91 ms, stddev: 0.45 ms + After: Average: 10.76 ms, stddev: 0.18 ms + +Signed-off-by: Kirill A. Shutemov +Cc: Andrew Morton +Cc: Huang Ying +Cc: Jonathan Corbet +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Thorsten Leemhuis +Cc: linux-mm@kvack.org +Fixes: e585513b76f7 ("x86/mm/gup: Switch GUP to the generic get_user_page_fast() implementation") +Link: http://lkml.kernel.org/r/20170908215603.9189-3-kirill.shutemov@linux.intel.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + mm/gup.c | 97 +++++++++++++++++++++++++++++++++++++-------------------------- + 1 file changed, 58 insertions(+), 39 deletions(-) + +--- a/mm/gup.c ++++ b/mm/gup.c +@@ -1707,6 +1707,47 @@ static int gup_p4d_range(pgd_t pgd, unsi + return 1; + } + ++static void gup_pgd_range(unsigned long addr, unsigned long end, ++ int write, struct page **pages, int *nr) ++{ ++ unsigned long next; ++ pgd_t *pgdp; ++ ++ pgdp = pgd_offset(current->mm, addr); ++ do { ++ pgd_t pgd = READ_ONCE(*pgdp); ++ ++ next = pgd_addr_end(addr, end); ++ if (pgd_none(pgd)) ++ return; ++ if (unlikely(pgd_huge(pgd))) { ++ if (!gup_huge_pgd(pgd, pgdp, addr, next, write, ++ pages, nr)) ++ return; ++ } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) { ++ if (!gup_huge_pd(__hugepd(pgd_val(pgd)), addr, ++ PGDIR_SHIFT, next, write, pages, nr)) ++ return; ++ } else if (!gup_p4d_range(pgd, addr, next, write, pages, nr)) ++ return; ++ } while (pgdp++, addr = next, addr != end); ++} ++ ++#ifndef gup_fast_permitted ++/* ++ * Check if it's allowed to use __get_user_pages_fast() for the range, or ++ * we need to fall back to the slow version: ++ */ ++bool gup_fast_permitted(unsigned long start, int nr_pages, int write) ++{ ++ unsigned long len, end; ++ ++ len = (unsigned long) nr_pages << PAGE_SHIFT; ++ end = start + len; ++ return end >= start; ++} ++#endif ++ + /* + * Like get_user_pages_fast() except it's IRQ-safe in that it won't fall back to + * the regular GUP. It will only return non-negative values. +@@ -1714,10 +1755,8 @@ static int gup_p4d_range(pgd_t pgd, unsi + int __get_user_pages_fast(unsigned long start, int nr_pages, int write, + struct page **pages) + { +- struct mm_struct *mm = current->mm; + unsigned long addr, len, end; +- unsigned long next, flags; +- pgd_t *pgdp; ++ unsigned long flags; + int nr = 0; + + start &= PAGE_MASK; +@@ -1741,45 +1780,15 @@ int __get_user_pages_fast(unsigned long + * block IPIs that come from THPs splitting. + */ + +- local_irq_save(flags); +- pgdp = pgd_offset(mm, addr); +- do { +- pgd_t pgd = READ_ONCE(*pgdp); +- +- next = pgd_addr_end(addr, end); +- if (pgd_none(pgd)) +- break; +- if (unlikely(pgd_huge(pgd))) { +- if (!gup_huge_pgd(pgd, pgdp, addr, next, write, +- pages, &nr)) +- break; +- } else if (unlikely(is_hugepd(__hugepd(pgd_val(pgd))))) { +- if (!gup_huge_pd(__hugepd(pgd_val(pgd)), addr, +- PGDIR_SHIFT, next, write, pages, &nr)) +- break; +- } else if (!gup_p4d_range(pgd, addr, next, write, pages, &nr)) +- break; +- } while (pgdp++, addr = next, addr != end); +- local_irq_restore(flags); ++ if (gup_fast_permitted(start, nr_pages, write)) { ++ local_irq_save(flags); ++ gup_pgd_range(addr, end, write, pages, &nr); ++ local_irq_restore(flags); ++ } + + return nr; + } + +-#ifndef gup_fast_permitted +-/* +- * Check if it's allowed to use __get_user_pages_fast() for the range, or +- * we need to fall back to the slow version: +- */ +-bool gup_fast_permitted(unsigned long start, int nr_pages, int write) +-{ +- unsigned long len, end; +- +- len = (unsigned long) nr_pages << PAGE_SHIFT; +- end = start + len; +- return end >= start; +-} +-#endif +- + /** + * get_user_pages_fast() - pin user pages in memory + * @start: starting user address +@@ -1799,12 +1808,22 @@ bool gup_fast_permitted(unsigned long st + int get_user_pages_fast(unsigned long start, int nr_pages, int write, + struct page **pages) + { ++ unsigned long addr, len, end; + int nr = 0, ret = 0; + + start &= PAGE_MASK; ++ addr = start; ++ len = (unsigned long) nr_pages << PAGE_SHIFT; ++ end = start + len; ++ ++ if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ, ++ (void __user *)start, len))) ++ return 0; + + if (gup_fast_permitted(start, nr_pages, write)) { +- nr = __get_user_pages_fast(start, nr_pages, write, pages); ++ local_irq_disable(); ++ gup_pgd_range(addr, end, write, pages, &nr); ++ local_irq_enable(); + ret = nr; + } + diff --git a/queue-4.14/mmc-sdhci-msm-fix-issue-with-power-irq.patch b/queue-4.14/mmc-sdhci-msm-fix-issue-with-power-irq.patch new file mode 100644 index 00000000000..ddb076d6c81 --- /dev/null +++ b/queue-4.14/mmc-sdhci-msm-fix-issue-with-power-irq.patch @@ -0,0 +1,61 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Subhash Jadavani +Date: Wed, 27 Sep 2017 11:04:40 +0530 +Subject: mmc: sdhci-msm: fix issue with power irq + +From: Subhash Jadavani + + +[ Upstream commit c7ccee224d2d551f712752c4a16947f6529d6506 ] + +SDCC controller reset (SW_RST) during probe may trigger power irq if +previous status of PWRCTL was either BUS_ON or IO_HIGH_V. So before we +enable the power irq interrupt in GIC (by registering the interrupt +handler), we need to ensure that any pending power irq interrupt status +is acknowledged otherwise power irq interrupt handler would be fired +prematurely. + +Signed-off-by: Subhash Jadavani +Signed-off-by: Vijay Viswanath +Acked-by: Adrian Hunter +Signed-off-by: Ulf Hansson +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci-msm.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +--- a/drivers/mmc/host/sdhci-msm.c ++++ b/drivers/mmc/host/sdhci-msm.c +@@ -1251,6 +1251,21 @@ static int sdhci_msm_probe(struct platfo + CORE_VENDOR_SPEC_CAPABILITIES0); + } + ++ /* ++ * Power on reset state may trigger power irq if previous status of ++ * PWRCTL was either BUS_ON or IO_HIGH_V. So before enabling pwr irq ++ * interrupt in GIC, any pending power irq interrupt should be ++ * acknowledged. Otherwise power irq interrupt handler would be ++ * fired prematurely. ++ */ ++ sdhci_msm_voltage_switch(host); ++ ++ /* ++ * Ensure that above writes are propogated before interrupt enablement ++ * in GIC. ++ */ ++ mb(); ++ + /* Setup IRQ for handling power/voltage tasks with PMIC */ + msm_host->pwr_irq = platform_get_irq_byname(pdev, "pwr_irq"); + if (msm_host->pwr_irq < 0) { +@@ -1260,6 +1275,9 @@ static int sdhci_msm_probe(struct platfo + goto clk_disable; + } + ++ /* Enable pwr irq interrupts */ ++ writel_relaxed(INT_MASK, msm_host->core_mem + CORE_PWRCTL_MASK); ++ + ret = devm_request_threaded_irq(&pdev->dev, msm_host->pwr_irq, NULL, + sdhci_msm_pwr_irq, IRQF_ONESHOT, + dev_name(&pdev->dev), host); diff --git a/queue-4.14/mmc-tmio-check-mmc_regulator_get_supply-return-value.patch b/queue-4.14/mmc-tmio-check-mmc_regulator_get_supply-return-value.patch new file mode 100644 index 00000000000..ee6af9f36f0 --- /dev/null +++ b/queue-4.14/mmc-tmio-check-mmc_regulator_get_supply-return-value.patch @@ -0,0 +1,42 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Fabrizio Castro +Date: Fri, 22 Sep 2017 12:22:17 +0100 +Subject: mmc: tmio: check mmc_regulator_get_supply return value + +From: Fabrizio Castro + + +[ Upstream commit a3d95d1d4007b1fefd6d8b12db26fda05de05cfb ] + +mmc_regulator_get_supply returns -EPROBE_DEFER if either vmmc or +vqmmc regulators had their probing deferred. +vqmmc regulator is needed by UHS to work properly, therefore this +patch checks the value returned by mmc_regulator_get_supply to +make sure we have a reference to both vmmc and vqmmc (if found in +the DT). + +Signed-off-by: Fabrizio Castro +Reviewed-by: Wolfram Sang +Tested-by: Wolfram Sang +Signed-off-by: Ulf Hansson +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/tmio_mmc_core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/mmc/host/tmio_mmc_core.c ++++ b/drivers/mmc/host/tmio_mmc_core.c +@@ -1113,8 +1113,11 @@ static int tmio_mmc_init_ocr(struct tmio + { + struct tmio_mmc_data *pdata = host->pdata; + struct mmc_host *mmc = host->mmc; ++ int err; + +- mmc_regulator_get_supply(mmc); ++ err = mmc_regulator_get_supply(mmc); ++ if (err) ++ return err; + + /* use ocr_mask if no regulator */ + if (!mmc->ocr_avail) diff --git a/queue-4.14/pci-dra7xx-create-functional-dependency-between-pcie-and-phy.patch b/queue-4.14/pci-dra7xx-create-functional-dependency-between-pcie-and-phy.patch new file mode 100644 index 00000000000..ae71c3ede50 --- /dev/null +++ b/queue-4.14/pci-dra7xx-create-functional-dependency-between-pcie-and-phy.patch @@ -0,0 +1,91 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Kishon Vijay Abraham I +Date: Mon, 9 Oct 2017 14:33:37 +0530 +Subject: PCI: dra7xx: Create functional dependency between PCIe and PHY + +From: Kishon Vijay Abraham I + + +[ Upstream commit 7a4db656a6350f8dd46f711bdef3b0e9c6e3f4cb ] + +PCI core access configuration space registers in resume_noirq callbacks. +In the case of dra7xx, PIPE3 PHY connected to PCIe controller has to be +enabled before accessing configuration space registers. Since +PIPE3 PHY is enabled by only configuring control module registers, no +aborts has been observed so far (though during noirq stage, interface +clock of PIPE3 PHY is not enabled). + +With new TRM updates, PIPE3 PHY has to be initialized (PIPE3 PHY +registers has to be accessed) as well which requires the interface +clock of PIPE3 PHY to be enabled. The interface clock of PIPE3 PHY is +derived from OCP2SCP and hence PCIe PHY is modeled as a child of +OCP2SCP. Since pm_runtime is not enabled during noirq stage, +pm_runtime_get_sync done in phy_init doesn't enable +OCP2SCP clocks resulting in abort when PIPE3 PHY registers are +accessed. + +Create a function dependency between PCIe and PHY here to make +sure PCIe is suspended before PCIe PHY/OCP2SCP and resumed after +PCIe PHY/OCP2SCP. + +Suggested-by: Grygorii Strashko +Signed-off-by: Kishon Vijay Abraham I +Signed-off-by: Sekhar Nori +Acked-by: Bjorn Helgaas +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/dwc/pci-dra7xx.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +--- a/drivers/pci/dwc/pci-dra7xx.c ++++ b/drivers/pci/dwc/pci-dra7xx.c +@@ -11,6 +11,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -594,6 +595,7 @@ static int __init dra7xx_pcie_probe(stru + int i; + int phy_count; + struct phy **phy; ++ struct device_link **link; + void __iomem *base; + struct resource *res; + struct dw_pcie *pci; +@@ -649,11 +651,21 @@ static int __init dra7xx_pcie_probe(stru + if (!phy) + return -ENOMEM; + ++ link = devm_kzalloc(dev, sizeof(*link) * phy_count, GFP_KERNEL); ++ if (!link) ++ return -ENOMEM; ++ + for (i = 0; i < phy_count; i++) { + snprintf(name, sizeof(name), "pcie-phy%d", i); + phy[i] = devm_phy_get(dev, name); + if (IS_ERR(phy[i])) + return PTR_ERR(phy[i]); ++ ++ link[i] = device_link_add(dev, &phy[i]->dev, DL_FLAG_STATELESS); ++ if (!link[i]) { ++ ret = -EINVAL; ++ goto err_link; ++ } + } + + dra7xx->base = base; +@@ -732,6 +744,10 @@ err_get_sync: + pm_runtime_disable(dev); + dra7xx_pcie_disable_phy(dra7xx); + ++err_link: ++ while (--i >= 0) ++ device_link_del(link[i]); ++ + return ret; + } + diff --git a/queue-4.14/perf-core-fix-__perf_read_group_add-locking.patch b/queue-4.14/perf-core-fix-__perf_read_group_add-locking.patch new file mode 100644 index 00000000000..3b1d2bfea7c --- /dev/null +++ b/queue-4.14/perf-core-fix-__perf_read_group_add-locking.patch @@ -0,0 +1,44 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Peter Zijlstra +Date: Tue, 5 Sep 2017 13:38:24 +0200 +Subject: perf/core: Fix __perf_read_group_add() locking + +From: Peter Zijlstra + + +[ Upstream commit a9cd8194e1e6bd09619954721dfaf0f94fe2003e ] + +Event timestamps are serialized using ctx->lock, make sure to hold it +over reading all values. + +Signed-off-by: Peter Zijlstra (Intel) +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/events/core.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -4433,6 +4433,8 @@ static int __perf_read_group_add(struct + if (ret) + return ret; + ++ raw_spin_lock_irqsave(&ctx->lock, flags); ++ + /* + * Since we co-schedule groups, {enabled,running} times of siblings + * will be identical to those of the leader, so we only publish one +@@ -4455,8 +4457,6 @@ static int __perf_read_group_add(struct + if (read_format & PERF_FORMAT_ID) + values[n++] = primary_event_id(leader); + +- raw_spin_lock_irqsave(&ctx->lock, flags); +- + list_for_each_entry(sub, &leader->sibling_list, group_entry) { + values[n++] += perf_event_count(sub); + if (read_format & PERF_FORMAT_ID) diff --git a/queue-4.14/perf-test-attr-fix-ignored-test-case-result.patch b/queue-4.14/perf-test-attr-fix-ignored-test-case-result.patch new file mode 100644 index 00000000000..7ba2df3a891 --- /dev/null +++ b/queue-4.14/perf-test-attr-fix-ignored-test-case-result.patch @@ -0,0 +1,68 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Thomas Richter +Date: Wed, 13 Sep 2017 10:12:09 +0200 +Subject: perf test attr: Fix ignored test case result + +From: Thomas Richter + + +[ Upstream commit 22905582f6dd4bbd0c370fe5732c607452010c04 ] + +Command perf test -v 16 (Setup struct perf_event_attr test) always +reports success even if the test case fails. It works correctly if you +also specify -F (for don't fork). + + root@s35lp76 perf]# ./perf test -v 16 + 15: Setup struct perf_event_attr : + --- start --- + running './tests/attr/test-record-no-delay' + [ perf record: Woken up 1 times to write data ] + [ perf record: Captured and wrote 0.002 MB /tmp/tmp4E1h7R/perf.data + (1 samples) ] + expected task=0, got 1 + expected precise_ip=0, got 3 + expected wakeup_events=1, got 0 + FAILED './tests/attr/test-record-no-delay' - match failure + test child finished with 0 + ---- end ---- + Setup struct perf_event_attr: Ok + +The reason for the wrong error reporting is the return value of the +system() library call. It is called in run_dir() file tests/attr.c and +returns the exit status, in above case 0xff00. + +This value is given as parameter to the exit() function which can only +handle values 0-0xff. + +The child process terminates with exit value of 0 and the parent does +not detect any error. + +This patch corrects the error reporting and prints the correct test +result. + +Signed-off-by: Thomas-Mich Richter +Acked-by: Jiri Olsa +Cc: Heiko Carstens +Cc: Hendrik Brueckner +Cc: Martin Schwidefsky +Cc: Thomas-Mich Richter +LPU-Reference: 20170913081209.39570-2-tmricht@linux.vnet.ibm.com +Link: http://lkml.kernel.org/n/tip-rdube6rfcjsr1nzue72c7lqn@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/tests/attr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/tests/attr.c ++++ b/tools/perf/tests/attr.c +@@ -167,7 +167,7 @@ static int run_dir(const char *d, const + snprintf(cmd, 3*PATH_MAX, PYTHON " %s/attr.py -d %s/attr/ -p %s %.*s", + d, d, perf, vcnt, v); + +- return system(cmd); ++ return system(cmd) ? TEST_FAIL : TEST_OK; + } + + int test__attr(struct test *test __maybe_unused, int subtest __maybe_unused) diff --git a/queue-4.14/perf-test-attr-fix-python-error-on-empty-result.patch b/queue-4.14/perf-test-attr-fix-python-error-on-empty-result.patch new file mode 100644 index 00000000000..0dd26e1311b --- /dev/null +++ b/queue-4.14/perf-test-attr-fix-python-error-on-empty-result.patch @@ -0,0 +1,97 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Thomas Richter +Date: Wed, 13 Sep 2017 10:12:08 +0200 +Subject: perf test attr: Fix python error on empty result + +From: Thomas Richter + + +[ Upstream commit 3440fe2790aa3d13530260af6033533b18959aee ] + +Commit d78ada4a767 ("perf tests attr: Do not store failed events") does +not create an event file in the /tmp directory when the +perf_open_event() system call failed. + +This can lead to a situation where not /tmp/event-xx-yy-zz result file +exists at all (for example on a s390x virtual machine environment) where +no CPUMF hardware is available. + +The following command then fails with a python call back chain instead +of printing failure: + + [root@s8360046 perf]# /usr/bin/python2 ./tests/attr.py -d ./tests/attr/ \ + -p ./perf -v -ttest-stat-basic + running './tests/attr//test-stat-basic' + Traceback (most recent call last): + File "./tests/attr.py", line 379, in + main() + File "./tests/attr.py", line 370, in main + run_tests(options) + File "./tests/attr.py", line 311, in run_tests + Test(f, options).run() + File "./tests/attr.py", line 300, in run + self.compare(self.expect, self.result) + File "./tests/attr.py", line 248, in compare + exp_event.diff(res_event) + UnboundLocalError: local variable 'res_event' referenced before assignment + [root@s8360046 perf]# + +This patch catches this pitfall and prints an error message instead: + + [root@s8360047 perf]# /usr/bin/python2 ./tests/attr.py -d ./tests/attr/ \ + -p ./perf -vvv -ttest-stat-basic + running './tests/attr//test-stat-basic' + loading expected events + Event event:base-stat + fd = 1 + group_fd = -1 + flags = 0|8 + [....] + sample_regs_user = 0 + sample_stack_user = 0 + 'PERF_TEST_ATTR=/tmp/tmpJbMQMP ./perf stat -o /tmp/tmpJbMQMP/perf.data -e cycles kill >/dev/null 2>&1' ret '1', expected '1' + loading result events + compare + matching [event:base-stat] + match: [event:base-stat] matches [] + res_event is empty + FAILED './tests/attr//test-stat-basic' - match failure + [root@s8360047 perf]# + +Signed-off-by: Thomas-Mich Richter +Acked-by: Jiri Olsa +Cc: Heiko Carstens +Cc: Hendrik Brueckner +Cc: Martin Schwidefsky +Cc: Thomas-Mich Richter +LPU-Reference: 20170913081209.39570-1-tmricht@linux.vnet.ibm.com +Link: http://lkml.kernel.org/n/tip-04d63nn7svfgxdhi60gq2mlm@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/tests/attr.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/tools/perf/tests/attr.py ++++ b/tools/perf/tests/attr.py +@@ -238,6 +238,7 @@ class Test(object): + # events in result. Fail if there's not any. + for exp_name, exp_event in expect.items(): + exp_list = [] ++ res_event = {} + log.debug(" matching [%s]" % exp_name) + for res_name, res_event in result.items(): + log.debug(" to [%s]" % res_name) +@@ -254,7 +255,10 @@ class Test(object): + if exp_event.optional(): + log.debug(" %s does not match, but is optional" % exp_name) + else: +- exp_event.diff(res_event) ++ if not res_event: ++ log.debug(" res_event is empty"); ++ else: ++ exp_event.diff(res_event) + raise Fail(self, 'match failure'); + + match[exp_name] = exp_list diff --git a/queue-4.14/perf-tools-fix-leaking-rec_argv-in-error-cases.patch b/queue-4.14/perf-tools-fix-leaking-rec_argv-in-error-cases.patch new file mode 100644 index 00000000000..b712906c917 --- /dev/null +++ b/queue-4.14/perf-tools-fix-leaking-rec_argv-in-error-cases.patch @@ -0,0 +1,75 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Martin Kepplinger +Date: Wed, 13 Sep 2017 21:14:19 +0200 +Subject: perf tools: Fix leaking rec_argv in error cases + +From: Martin Kepplinger + + +[ Upstream commit c896f85a7c15ab9d040ffac8b8003e47996602a2 ] + +Let's free the allocated rec_argv in case we return early, in order to +avoid leaking memory. + +This adds free() at a few very similar places across the tree where it +was missing. + +Signed-off-by: Martin Kepplinger +Cc: Alexander Shishkin +Cc: Martin kepplinger +Cc: Peter Zijlstra +Link: http://lkml.kernel.org/r/20170913191419.29806-1-martink@posteo.de +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/builtin-c2c.c | 1 + + tools/perf/builtin-mem.c | 1 + + tools/perf/builtin-timechart.c | 4 +++- + tools/perf/builtin-trace.c | 1 + + 4 files changed, 6 insertions(+), 1 deletion(-) + +--- a/tools/perf/builtin-c2c.c ++++ b/tools/perf/builtin-c2c.c +@@ -2733,6 +2733,7 @@ static int perf_c2c__record(int argc, co + if (!perf_mem_events[j].supported) { + pr_err("failed: event '%s' not supported\n", + perf_mem_events[j].name); ++ free(rec_argv); + return -1; + } + +--- a/tools/perf/builtin-mem.c ++++ b/tools/perf/builtin-mem.c +@@ -113,6 +113,7 @@ static int __cmd_record(int argc, const + if (!perf_mem_events[j].supported) { + pr_err("failed: event '%s' not supported\n", + perf_mem_events__name(j)); ++ free(rec_argv); + return -1; + } + +--- a/tools/perf/builtin-timechart.c ++++ b/tools/perf/builtin-timechart.c +@@ -1732,8 +1732,10 @@ static int timechart__io_record(int argc + if (rec_argv == NULL) + return -ENOMEM; + +- if (asprintf(&filter, "common_pid != %d", getpid()) < 0) ++ if (asprintf(&filter, "common_pid != %d", getpid()) < 0) { ++ free(rec_argv); + return -ENOMEM; ++ } + + p = rec_argv; + for (i = 0; i < common_args_nr; i++) +--- a/tools/perf/builtin-trace.c ++++ b/tools/perf/builtin-trace.c +@@ -2086,6 +2086,7 @@ static int trace__record(struct trace *t + rec_argv[j++] = "syscalls:sys_enter,syscalls:sys_exit"; + else { + pr_err("Neither raw_syscalls nor syscalls events exist.\n"); ++ free(rec_argv); + return -1; + } + } diff --git a/queue-4.14/pm-domains-fix-genpd-to-deal-with-drivers-returning-1-from-prepare.patch b/queue-4.14/pm-domains-fix-genpd-to-deal-with-drivers-returning-1-from-prepare.patch new file mode 100644 index 00000000000..57b9144e755 --- /dev/null +++ b/queue-4.14/pm-domains-fix-genpd-to-deal-with-drivers-returning-1-from-prepare.patch @@ -0,0 +1,55 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Ulf Hansson +Date: Wed, 8 Nov 2017 10:11:02 +0100 +Subject: PM / Domains: Fix genpd to deal with drivers returning 1 from ->prepare() + +From: Ulf Hansson + + +[ Upstream commit 5241ab40f6e742f8a1631f8826faf6dc6412b3b5 ] + +During system-wide PM, genpd relies on its PM callbacks to be invoked for +all its attached devices, as to deal with powering off/on the PM domain. In +other words, genpd is not compatible with the direct_complete path, if +executed by the PM core for any of its attached devices. + +However, when genpd's ->prepare() callback invokes pm_generic_prepare(), it +does not take into account that it may return 1. Instead it treats that as +an error internally and expects the PM core to abort the prepare phase and +roll back. This leads to genpd not properly powering on/off the PM domain, +because its internal counters gets wrongly balanced. + +To fix the behaviour, allow drivers to return 1 from their ->prepare() +callbacks, but let's return 0 from genpd's ->prepare() callback in such +case, as that prevents the PM core from running the direct_complete path +for the device. + +Signed-off-by: Ulf Hansson +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/base/power/domain.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/base/power/domain.c ++++ b/drivers/base/power/domain.c +@@ -921,7 +921,7 @@ static int pm_genpd_prepare(struct devic + genpd_unlock(genpd); + + ret = pm_generic_prepare(dev); +- if (ret) { ++ if (ret < 0) { + genpd_lock(genpd); + + genpd->prepared_count--; +@@ -929,7 +929,8 @@ static int pm_genpd_prepare(struct devic + genpd_unlock(genpd); + } + +- return ret; ++ /* Never return 1, as genpd don't cope with the direct_complete path. */ ++ return ret >= 0 ? 0 : ret; + } + + /** diff --git a/queue-4.14/s390-pci-do-not-require-ais-facility.patch b/queue-4.14/s390-pci-do-not-require-ais-facility.patch new file mode 100644 index 00000000000..11822a14818 --- /dev/null +++ b/queue-4.14/s390-pci-do-not-require-ais-facility.patch @@ -0,0 +1,92 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Christian Borntraeger +Date: Mon, 30 Oct 2017 14:38:58 +0100 +Subject: s390/pci: do not require AIS facility + +From: Christian Borntraeger + + +[ Upstream commit 48070c73058be6de9c0d754d441ed7092dfc8f12 ] + +As of today QEMU does not provide the AIS facility to its guest. This +prevents Linux guests from using PCI devices as the ais facility is +checked during init. As this is just a performance optimization, we can +move the ais check into the code where we need it (calling the SIC +instruction). This is used at initialization and on interrupt. Both +places do not require any serialization, so we can simply skip the +instruction. + +Since we will now get all interrupts, we can also avoid the 2nd scan. +As we can have multiple interrupts in parallel we might trigger spurious +irqs more often for the non-AIS case but the core code can handle that. + +Signed-off-by: Christian Borntraeger +Reviewed-by: Pierre Morel +Reviewed-by: Halil Pasic +Acked-by: Sebastian Ott +Signed-off-by: Heiko Carstens +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/include/asm/pci_insn.h | 2 +- + arch/s390/pci/pci.c | 5 +++-- + arch/s390/pci/pci_insn.c | 6 +++++- + 3 files changed, 9 insertions(+), 4 deletions(-) + +--- a/arch/s390/include/asm/pci_insn.h ++++ b/arch/s390/include/asm/pci_insn.h +@@ -82,6 +82,6 @@ int zpci_refresh_trans(u64 fn, u64 addr, + int zpci_load(u64 *data, u64 req, u64 offset); + int zpci_store(u64 data, u64 req, u64 offset); + int zpci_store_block(const u64 *data, u64 req, u64 offset); +-void zpci_set_irq_ctrl(u16 ctl, char *unused, u8 isc); ++int zpci_set_irq_ctrl(u16 ctl, char *unused, u8 isc); + + #endif +--- a/arch/s390/pci/pci.c ++++ b/arch/s390/pci/pci.c +@@ -368,7 +368,8 @@ static void zpci_irq_handler(struct airq + /* End of second scan with interrupts on. */ + break; + /* First scan complete, reenable interrupts. */ +- zpci_set_irq_ctrl(SIC_IRQ_MODE_SINGLE, NULL, PCI_ISC); ++ if (zpci_set_irq_ctrl(SIC_IRQ_MODE_SINGLE, NULL, PCI_ISC)) ++ break; + si = 0; + continue; + } +@@ -956,7 +957,7 @@ static int __init pci_base_init(void) + if (!s390_pci_probe) + return 0; + +- if (!test_facility(69) || !test_facility(71) || !test_facility(72)) ++ if (!test_facility(69) || !test_facility(71)) + return 0; + + rc = zpci_debug_init(); +--- a/arch/s390/pci/pci_insn.c ++++ b/arch/s390/pci/pci_insn.c +@@ -7,6 +7,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -91,11 +92,14 @@ int zpci_refresh_trans(u64 fn, u64 addr, + } + + /* Set Interruption Controls */ +-void zpci_set_irq_ctrl(u16 ctl, char *unused, u8 isc) ++int zpci_set_irq_ctrl(u16 ctl, char *unused, u8 isc) + { ++ if (!test_facility(72)) ++ return -EIO; + asm volatile ( + " .insn rsy,0xeb00000000d1,%[ctl],%[isc],%[u]\n" + : : [ctl] "d" (ctl), [isc] "d" (isc << 27), [u] "Q" (*unused)); ++ return 0; + } + + /* PCI Load */ diff --git a/queue-4.14/s390-ptrace-fix-guarded-storage-regset-handling.patch b/queue-4.14/s390-ptrace-fix-guarded-storage-regset-handling.patch new file mode 100644 index 00000000000..843d4247243 --- /dev/null +++ b/queue-4.14/s390-ptrace-fix-guarded-storage-regset-handling.patch @@ -0,0 +1,83 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Heiko Carstens +Date: Mon, 11 Sep 2017 11:24:23 +0200 +Subject: s390/ptrace: fix guarded storage regset handling + +From: Heiko Carstens + + +[ Upstream commit 5ef2d5231d547c672c67bdf84c13a4adaf477964 ] + +If the guarded storage regset for current is supposed to be changed, +the regset from user space is copied directly into the guarded storage +control block. + +If then the process gets scheduled away while the control block is +being copied and before the new control block has been loaded, the +result is random: the process can be scheduled away due to a page +fault or preemption. If that happens the already copied parts will be +overwritten by save_gs_cb(), called from switch_to(). + +Avoid this by copying the data to a temporary buffer on the stack and +do the actual update with preemption disabled. + +Fixes: f5bbd7219891 ("s390/ptrace: guarded storage regset for the current task") +Signed-off-by: Heiko Carstens +Signed-off-by: Martin Schwidefsky +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/kernel/ptrace.c | 33 ++++++++++++++++++++++----------- + 1 file changed, 22 insertions(+), 11 deletions(-) + +--- a/arch/s390/kernel/ptrace.c ++++ b/arch/s390/kernel/ptrace.c +@@ -1172,26 +1172,37 @@ static int s390_gs_cb_set(struct task_st + unsigned int pos, unsigned int count, + const void *kbuf, const void __user *ubuf) + { +- struct gs_cb *data = target->thread.gs_cb; ++ struct gs_cb gs_cb = { }, *data = NULL; + int rc; + + if (!MACHINE_HAS_GS) + return -ENODEV; +- if (!data) { ++ if (!target->thread.gs_cb) { + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; +- data->gsd = 25; +- target->thread.gs_cb = data; +- if (target == current) +- __ctl_set_bit(2, 4); +- } else if (target == current) { +- save_gs_cb(data); + } ++ if (!target->thread.gs_cb) ++ gs_cb.gsd = 25; ++ else if (target == current) ++ save_gs_cb(&gs_cb); ++ else ++ gs_cb = *target->thread.gs_cb; + rc = user_regset_copyin(&pos, &count, &kbuf, &ubuf, +- data, 0, sizeof(struct gs_cb)); +- if (target == current) +- restore_gs_cb(data); ++ &gs_cb, 0, sizeof(gs_cb)); ++ if (rc) { ++ kfree(data); ++ return -EFAULT; ++ } ++ preempt_disable(); ++ if (!target->thread.gs_cb) ++ target->thread.gs_cb = data; ++ *target->thread.gs_cb = gs_cb; ++ if (target == current) { ++ __ctl_set_bit(2, 4); ++ restore_gs_cb(target->thread.gs_cb); ++ } ++ preempt_enable(); + return rc; + } + diff --git a/queue-4.14/s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch b/queue-4.14/s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch new file mode 100644 index 00000000000..3ad8bf7259f --- /dev/null +++ b/queue-4.14/s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch @@ -0,0 +1,43 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: "Jason J. Herne" +Date: Tue, 7 Nov 2017 10:22:32 -0500 +Subject: s390: vfio-ccw: Do not attempt to free no-op, test and tic cda. + +From: "Jason J. Herne" + + +[ Upstream commit 408358b50deaf59b07c82a7bff8c7e7cce031fae ] + +Because we do not make use of the cda (channel data address) for test, +no-op ccws no address translation takes place. This means cda could +contain a guest address which we do not want to attempt to free. Let's +check the command type and skip cda free when it is not needed. + +For a TIC ccw, ccw->cda points to either a ccw in an existing chain or +it points to a whole new allocated chain. In either case the data will +be freed when the owning chain is freed. + +Signed-off-by: Jason J. Herne +Reviewed-by: Dong Jia Shi +Reviewed-by: Pierre Morel +Message-Id: <1510068152-21988-1-git-send-email-jjherne@linux.vnet.ibm.com> +Reviewed-by: Halil Pasic +Acked-by: Christian Borntraeger +Signed-off-by: Cornelia Huck +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/s390/cio/vfio_ccw_cp.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/s390/cio/vfio_ccw_cp.c ++++ b/drivers/s390/cio/vfio_ccw_cp.c +@@ -330,6 +330,8 @@ static void ccwchain_cda_free(struct ccw + { + struct ccw1 *ccw = chain->ch_ccw + idx; + ++ if (ccw_is_test(ccw) || ccw_is_noop(ccw) || ccw_is_tic(ccw)) ++ return; + if (!ccw->count) + return; + diff --git a/queue-4.14/selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch b/queue-4.14/selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch new file mode 100644 index 00000000000..5710ca0fc56 --- /dev/null +++ b/queue-4.14/selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch @@ -0,0 +1,55 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Andy Lutomirski +Date: Sat, 4 Nov 2017 04:19:49 -0700 +Subject: selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities + +From: Andy Lutomirski + + +[ Upstream commit d60ad744c9741586010d4bea286f09a063a90fbd ] + +Bits 19:16 of LAR's result are undefined, and some upcoming +improvements to the test case seem to trigger this. Mask off those +bits to avoid spurious failures. + +commit 5b781c7e317f ("x86/tls: Forcibly set the accessed bit in TLS +segments") adds a valid case in which LAR's output doesn't quite +agree with set_thread_area()'s input. This isn't triggered in the +test as is, but it will be if we start calling set_thread_area() +with the accessed bit clear. Work around this discrepency. + +I've added a Fixes tag so that -stable can pick this up if neccesary. + +Signed-off-by: Andy Lutomirski +Cc: Borislav Petkov +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: 5b781c7e317f ("x86/tls: Forcibly set the accessed bit in TLS segments") +Link: http://lkml.kernel.org/r/b82f3f89c034b53580970ac865139fd8863f44e2.1509794321.git.luto@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/x86/ldt_gdt.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/tools/testing/selftests/x86/ldt_gdt.c ++++ b/tools/testing/selftests/x86/ldt_gdt.c +@@ -115,7 +115,15 @@ static void check_valid_segment(uint16_t + return; + } + +- if (ar != expected_ar) { ++ /* The SDM says "bits 19:16 are undefined". Thanks. */ ++ ar &= ~0xF0000; ++ ++ /* ++ * NB: Different Linux versions do different things with the ++ * accessed bit in set_thread_area(). ++ */ ++ if (ar != expected_ar && ++ (ldt || ar != (expected_ar | AR_ACCESSED))) { + printf("[FAIL]\t%s entry %hu has AR 0x%08X but expected 0x%08X\n", + (ldt ? "LDT" : "GDT"), index, ar, expected_ar); + nerrs++; diff --git a/queue-4.14/selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch b/queue-4.14/selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch new file mode 100644 index 00000000000..94151cc972d --- /dev/null +++ b/queue-4.14/selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch @@ -0,0 +1,58 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Andy Lutomirski +Date: Sat, 4 Nov 2017 04:19:52 -0700 +Subject: selftests/x86/ldt_get: Add a few additional tests for limits + +From: Andy Lutomirski + + +[ Upstream commit fec8f5ae1715a01c72ad52cb2ecd8aacaf142302 ] + +We weren't testing the .limit and .limit_in_pages fields very well. +Add more tests. + +This addition seems to trigger the "bits 16:19 are undefined" issue +that was fixed in an earlier patch. I think that, at least on my +CPU, the high nibble of the limit ends in LAR bits 16:19. + +Signed-off-by: Andy Lutomirski +Cc: Borislav Petkov +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/5601c15ea9b3113d288953fd2838b18bedf6bc67.1509794321.git.luto@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/x86/ldt_gdt.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +--- a/tools/testing/selftests/x86/ldt_gdt.c ++++ b/tools/testing/selftests/x86/ldt_gdt.c +@@ -367,9 +367,24 @@ static void do_simple_tests(void) + install_invalid(&desc, false); + + desc.seg_not_present = 0; +- desc.read_exec_only = 0; + desc.seg_32bit = 1; ++ desc.read_exec_only = 0; ++ desc.limit = 0xfffff; ++ + install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB); ++ ++ desc.limit_in_pages = 1; ++ ++ install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA | AR_S | AR_P | AR_DB | AR_G); ++ desc.read_exec_only = 1; ++ install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA | AR_S | AR_P | AR_DB | AR_G); ++ desc.contents = 1; ++ desc.read_exec_only = 0; ++ install_valid(&desc, AR_DPL3 | AR_TYPE_RWDATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G); ++ desc.read_exec_only = 1; ++ install_valid(&desc, AR_DPL3 | AR_TYPE_RODATA_EXPDOWN | AR_S | AR_P | AR_DB | AR_G); ++ ++ desc.limit = 0; + install_invalid(&desc, true); + } + diff --git a/queue-4.14/serial-8250-preserve-dld-for-port_xr17v35x.patch b/queue-4.14/serial-8250-preserve-dld-for-port_xr17v35x.patch new file mode 100644 index 00000000000..fdfd0e5ac40 --- /dev/null +++ b/queue-4.14/serial-8250-preserve-dld-for-port_xr17v35x.patch @@ -0,0 +1,38 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Aaron Sierra +Date: Wed, 4 Oct 2017 10:01:28 -0500 +Subject: serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X + +From: Aaron Sierra + + +[ Upstream commit 0ab84da2e076948c49d36197ee7d254125c53eab ] + +The upper four bits of the XR17V35x fractional divisor register (DLD) +control general chip function (RS-485 direction pin polarity, multidrop +mode, XON/XOFF parity check, and fast IR mode). Don't allow these bits +to be clobbered when setting the baudrate. + +Signed-off-by: Aaron Sierra +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/8250/8250_port.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/tty/serial/8250/8250_port.c ++++ b/drivers/tty/serial/8250/8250_port.c +@@ -2586,8 +2586,11 @@ static void serial8250_set_divisor(struc + serial_dl_write(up, quot); + + /* XR17V35x UARTs have an extra fractional divisor register (DLD) */ +- if (up->port.type == PORT_XR17V35X) ++ if (up->port.type == PORT_XR17V35X) { ++ /* Preserve bits not related to baudrate; DLD[7:4]. */ ++ quot_frac |= serial_port_in(port, 0x2) & 0xf0; + serial_port_out(port, 0x2, quot_frac); ++ } + } + + static unsigned int serial8250_get_baud_rate(struct uart_port *port, diff --git a/queue-4.14/serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch b/queue-4.14/serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch new file mode 100644 index 00000000000..cf43dee2c40 --- /dev/null +++ b/queue-4.14/serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch @@ -0,0 +1,42 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Lukas Wunner +Date: Sat, 28 Oct 2017 11:35:49 +0200 +Subject: serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() + +From: Lukas Wunner + + +[ Upstream commit 3236a965486ba0c6043cf2c7b51943d8b382ae29 ] + +This driver's ->rs485_config callback checks if SER_RS485_RTS_ON_SEND +and SER_RS485_RTS_AFTER_SEND have the same value. If they do, it means +the user has passed in invalid data with the TIOCSRS485 ioctl() +since RTS must have a different polarity when sending and when not +sending. In this case, rs485 mode is not enabled (the RS485_URA bit +is not set in the RS485 Enable Register) and this is supposed to be +signaled back to the user by clearing the SER_RS485_ENABLED bit in +struct serial_rs485 ... except a missing tilde character is preventing +that from happening. + +Fixes: 28e3fb6c4dce ("serial: Add support for Fintek F81216A LPC to 4 UART") +Cc: Ricardo Ribalda Delgado +Cc: "Ji-Ze Hong (Peter Hong)" +Signed-off-by: Lukas Wunner +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/8250/8250_fintek.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/serial/8250/8250_fintek.c ++++ b/drivers/tty/serial/8250/8250_fintek.c +@@ -211,7 +211,7 @@ static int fintek_8250_rs485_config(stru + + if ((!!(rs485->flags & SER_RS485_RTS_ON_SEND)) == + (!!(rs485->flags & SER_RS485_RTS_AFTER_SEND))) +- rs485->flags &= SER_RS485_ENABLED; ++ rs485->flags &= ~SER_RS485_ENABLED; + else + config |= RS485_URA; + diff --git a/queue-4.14/serial-imx-update-cached-mctrl-value-when-changing-rts.patch b/queue-4.14/serial-imx-update-cached-mctrl-value-when-changing-rts.patch new file mode 100644 index 00000000000..ff8ce84256f --- /dev/null +++ b/queue-4.14/serial-imx-update-cached-mctrl-value-when-changing-rts.patch @@ -0,0 +1,53 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Ian Jamison +Date: Thu, 21 Sep 2017 10:13:12 +0200 +Subject: serial: imx: Update cached mctrl value when changing RTS + +From: Ian Jamison + + +[ Upstream commit a0983c742a5885f82afb282166f83f1d3d8addf4 ] + +UART core function uart_update_mctrl relies on a cached value of +modem control lines. This was used but not updated by local RTS +control functions within imx.c. These are used for RS485 line +driver enable signalling. Having an out-of-date value in the cached +mctrl can result in the transmitter being enabled when it shouldn't +be. + +Fix this by updating the mctrl value before applying it. + +Signed-off-by: Ian Jamison +Origin: id:8195c96e674517b82a6ff7fe914c7ba0f86e702b.1505375165.git.ian.dev@arkver.com +Acked-by: Uwe Kleine-König +Tested-by: Uwe Kleine-König +Tested-by: Clemens Gruber +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/imx.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/tty/serial/imx.c ++++ b/drivers/tty/serial/imx.c +@@ -334,7 +334,8 @@ static void imx_port_rts_active(struct i + { + *ucr2 &= ~(UCR2_CTSC | UCR2_CTS); + +- mctrl_gpio_set(sport->gpios, sport->port.mctrl | TIOCM_RTS); ++ sport->port.mctrl |= TIOCM_RTS; ++ mctrl_gpio_set(sport->gpios, sport->port.mctrl); + } + + static void imx_port_rts_inactive(struct imx_port *sport, unsigned long *ucr2) +@@ -342,7 +343,8 @@ static void imx_port_rts_inactive(struct + *ucr2 &= ~UCR2_CTSC; + *ucr2 |= UCR2_CTS; + +- mctrl_gpio_set(sport->gpios, sport->port.mctrl & ~TIOCM_RTS); ++ sport->port.mctrl &= ~TIOCM_RTS; ++ mctrl_gpio_set(sport->gpios, sport->port.mctrl); + } + + static void imx_port_rts_auto(struct imx_port *sport, unsigned long *ucr2) diff --git a/queue-4.14/serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch b/queue-4.14/serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch new file mode 100644 index 00000000000..6545376d903 --- /dev/null +++ b/queue-4.14/serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch @@ -0,0 +1,42 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Andy Lowe +Date: Fri, 22 Sep 2017 20:29:30 +0200 +Subject: serial: sh-sci: suppress warning for ports without dma channels + +From: Andy Lowe + + +[ Upstream commit 7464779fa8551b90d5797d4020b0bdb7e6422eb9 ] + +If a port has no dma channel defined in the device tree, then +don't attempt to allocate a dma channel for the port. +Also suppress the warning message concerning the failure to allocate +a dma channel. Continue to emit the warning message if a dma +channel is defined but cannot be allocated. + +Signed-off-by: Andy Lowe +Signed-off-by: Eugeniu Rosca +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/sh-sci.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/tty/serial/sh-sci.c ++++ b/drivers/tty/serial/sh-sci.c +@@ -1491,6 +1491,14 @@ static void sci_request_dma(struct uart_ + return; + + s->cookie_tx = -EINVAL; ++ ++ /* ++ * Don't request a dma channel if no channel was specified ++ * in the device tree. ++ */ ++ if (!of_find_property(port->dev->of_node, "dmas", NULL)) ++ return; ++ + chan = sci_request_dma_chan(port, DMA_MEM_TO_DEV); + dev_dbg(port->dev, "%s: TX: got channel %p\n", __func__, chan); + if (chan) { diff --git a/queue-4.14/series b/queue-4.14/series index afe27f91c6e..8ebd237251b 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -12,3 +12,53 @@ usb-serial-option-add-quectel-bg96-id.patch usb-serial-usb_debug-add-new-usb-device-id.patch serial-8250_early-only-set-divisor-if-valid-clk-baud.patch mips-add-custom-serial.h-with-base_baud-override-for-generic-kernel.patch +ima-fix-hash-algorithm-initialization.patch +s390-vfio-ccw-do-not-attempt-to-free-no-op-test-and-tic-cda.patch +pm-domains-fix-genpd-to-deal-with-drivers-returning-1-from-prepare.patch +s390-pci-do-not-require-ais-facility.patch +selftests-x86-ldt_get-add-a-few-additional-tests-for-limits.patch +selftests-x86-ldt_gdt-robustify-against-set_thread_area-and-lar-oddities.patch +staging-greybus-loopback-fix-iteration-count-on-async-path.patch +m68k-fix-coldfire-node-shift-size-calculation.patch +serial-8250_fintek-fix-rs485-disablement-on-invalid-ioctl.patch +staging-rtl8822be-fix-wrong-dma-unmap-len.patch +staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch +spi-sh-msiof-fix-dma-transfer-size-check.patch +spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch +mmc-tmio-check-mmc_regulator_get_supply-return-value.patch +mmc-sdhci-msm-fix-issue-with-power-irq.patch +hwmon-pmbus-core-prevent-unintentional-setting-of-page-to-0xff.patch +perf-core-fix-__perf_read_group_add-locking.patch +usb-dwc2-fix-udc-state-tracking.patch +usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch +usb-phy-tahvo-fix-error-handling-in-tahvo_usb_probe.patch +pci-dra7xx-create-functional-dependency-between-pcie-and-phy.patch +x86-intel_rdt-initialize-bitmask-of-shareable-resource-if-cdp-enabled.patch +x86-intel_rdt-fix-potential-deadlock-during-resctrl-mount.patch +serial-8250-preserve-dld-for-port_xr17v35x.patch +kprobes-use-synchronize_rcu_tasks-for-optprobe-with-config_preempt-y.patch +x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch +clocksource-drivers-arm_arch_timer-validate-cntfrq-after-enabling-frame.patch +dt-bindings-timer-renesas-cmt-fix-soc-specific-compatible-values.patch +edac-sb_edac-fix-missing-break-in-switch.patch +usb-mtu3-fix-error-return-code-in-ssusb_gadget_init.patch +staging-fsl-dpaa2-eth-account-for-rx-fd-buffers-on-error-path.patch +staging-rtl8822be-keep-array-subscript-no-lower-than-zero.patch +arm-cpuidle-correct-driver-unregistration-if-init-fails.patch +usb-xhci-return-error-when-host-is-dead-in-xhci_disable_slot.patch +sysrq-fix-show-regs-call-trace-on-arm.patch +serial-sh-sci-suppress-warning-for-ports-without-dma-channels.patch +usbip-tools-install-all-headers-needed-for-libusbip-development.patch +serial-imx-update-cached-mctrl-value-when-changing-rts.patch +staging-fsl-mc-dpio-fix-incorrect-comparison.patch +perf-test-attr-fix-ignored-test-case-result.patch +perf-test-attr-fix-python-error-on-empty-result.patch +kprobes-x86-disable-preemption-in-ftrace-based-jprobes.patch +locking-refcounts-x86-asm-use-unique-.text-section-for-refcount-exceptions.patch +s390-ptrace-fix-guarded-storage-regset-handling.patch +tools-include-do-not-use-poison-with-c.patch +perf-tools-fix-leaking-rec_argv-in-error-cases.patch +mm-x86-mm-fix-performance-regression-in-get_user_pages_fast.patch +iio-adc-ti-ads1015-add-10-to-conversion-wait-time.patch +iio-multiplexer-add-null-check-on-devm_kzalloc-and-devm_kmemdup-return-values.patch +locking-refcounts-x86-asm-enable-config_arch_has_refcount.patch diff --git a/queue-4.14/spi-sh-msiof-fix-dma-transfer-size-check.patch b/queue-4.14/spi-sh-msiof-fix-dma-transfer-size-check.patch new file mode 100644 index 00000000000..9f8bf5bb3ec --- /dev/null +++ b/queue-4.14/spi-sh-msiof-fix-dma-transfer-size-check.patch @@ -0,0 +1,36 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Hiromitsu Yamasaki +Date: Thu, 2 Nov 2017 10:32:36 +0100 +Subject: spi: sh-msiof: Fix DMA transfer size check + +From: Hiromitsu Yamasaki + + +[ Upstream commit 36735783fdb599c94b9c86824583df367c65900b ] + +DMA supports 32-bit words only, +even if BITLEN1 of SITMDR2 register is 16bit. + +Fixes: b0d0ce8b6b91 ("spi: sh-msiof: Add DMA support") +Signed-off-by: Hiromitsu Yamasaki +Signed-off-by: Simon Horman +Acked-by: Geert Uytterhoeven +Acked-by: Dirk Behme +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/spi/spi-sh-msiof.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/spi/spi-sh-msiof.c ++++ b/drivers/spi/spi-sh-msiof.c +@@ -900,7 +900,7 @@ static int sh_msiof_transfer_one(struct + break; + copy32 = copy_bswap32; + } else if (bits <= 16) { +- if (l & 1) ++ if (l & 3) + break; + copy32 = copy_wswap32; + } else { diff --git a/queue-4.14/spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch b/queue-4.14/spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch new file mode 100644 index 00000000000..221f2770e67 --- /dev/null +++ b/queue-4.14/spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch @@ -0,0 +1,44 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Johan Hovold +Date: Mon, 30 Oct 2017 11:35:27 +0100 +Subject: spi: spi-axi: fix potential use-after-free after deregistration + +From: Johan Hovold + + +[ Upstream commit 4d5e0689dc9d5640ad46cdfbe1896b74d8df1661 ] + +Take an extra reference to the controller before deregistering it to +prevent use-after-free in the interrupt handler in case an interrupt +fires before the line is disabled. + +Fixes: b1353d1c1d45 ("spi: Add Analog Devices AXI SPI Engine controller support") +Acked-by: Lars-Peter Clausen +Signed-off-by: Johan Hovold +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/spi/spi-axi-spi-engine.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/spi/spi-axi-spi-engine.c ++++ b/drivers/spi/spi-axi-spi-engine.c +@@ -553,7 +553,7 @@ err_put_master: + + static int spi_engine_remove(struct platform_device *pdev) + { +- struct spi_master *master = platform_get_drvdata(pdev); ++ struct spi_master *master = spi_master_get(platform_get_drvdata(pdev)); + struct spi_engine *spi_engine = spi_master_get_devdata(master); + int irq = platform_get_irq(pdev, 0); + +@@ -561,6 +561,8 @@ static int spi_engine_remove(struct plat + + free_irq(irq, master); + ++ spi_master_put(master); ++ + writel_relaxed(0xff, spi_engine->base + SPI_ENGINE_REG_INT_PENDING); + writel_relaxed(0x00, spi_engine->base + SPI_ENGINE_REG_INT_ENABLE); + writel_relaxed(0x01, spi_engine->base + SPI_ENGINE_REG_RESET); diff --git a/queue-4.14/staging-fsl-dpaa2-eth-account-for-rx-fd-buffers-on-error-path.patch b/queue-4.14/staging-fsl-dpaa2-eth-account-for-rx-fd-buffers-on-error-path.patch new file mode 100644 index 00000000000..1bcf5b5557e --- /dev/null +++ b/queue-4.14/staging-fsl-dpaa2-eth-account-for-rx-fd-buffers-on-error-path.patch @@ -0,0 +1,61 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Ioana Radulescu +Date: Wed, 11 Oct 2017 08:29:44 -0500 +Subject: staging: fsl-dpaa2/eth: Account for Rx FD buffers on error path + +From: Ioana Radulescu + + +[ Upstream commit cbb3ea40fc495bf04070200b35c1c4cd05d11bd3 ] + +On Rx path, if we fail to build an skb from the incoming FD, +we still need to update the channel buffer count accordingly, +otherwise we risk depleting the pool while the software counter +still sees available buffers. + +Signed-off-by: Ioana Radulescu +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c ++++ b/drivers/staging/fsl-dpaa2/ethernet/dpaa2-eth.c +@@ -131,6 +131,8 @@ static struct sk_buff *build_linear_skb( + u16 fd_offset = dpaa2_fd_get_offset(fd); + u32 fd_length = dpaa2_fd_get_len(fd); + ++ ch->buf_count--; ++ + skb = build_skb(fd_vaddr, DPAA2_ETH_RX_BUF_SIZE + + SKB_DATA_ALIGN(sizeof(struct skb_shared_info))); + if (unlikely(!skb)) +@@ -139,8 +141,6 @@ static struct sk_buff *build_linear_skb( + skb_reserve(skb, fd_offset); + skb_put(skb, fd_length); + +- ch->buf_count--; +- + return skb; + } + +@@ -178,8 +178,15 @@ static struct sk_buff *build_frag_skb(st + /* We build the skb around the first data buffer */ + skb = build_skb(sg_vaddr, DPAA2_ETH_RX_BUF_SIZE + + SKB_DATA_ALIGN(sizeof(struct skb_shared_info))); +- if (unlikely(!skb)) +- return NULL; ++ if (unlikely(!skb)) { ++ /* We still need to subtract the buffers used ++ * by this FD from our software counter ++ */ ++ while (!dpaa2_sg_is_final(&sgt[i]) && ++ i < DPAA2_ETH_MAX_SG_ENTRIES) ++ i++; ++ break; ++ } + + sg_offset = dpaa2_sg_get_offset(sge); + skb_reserve(skb, sg_offset); diff --git a/queue-4.14/staging-fsl-mc-dpio-fix-incorrect-comparison.patch b/queue-4.14/staging-fsl-mc-dpio-fix-incorrect-comparison.patch new file mode 100644 index 00000000000..d7e4c1c1ef0 --- /dev/null +++ b/queue-4.14/staging-fsl-mc-dpio-fix-incorrect-comparison.patch @@ -0,0 +1,69 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Ioana Radulescu +Date: Thu, 28 Sep 2017 09:10:33 -0500 +Subject: staging: fsl-mc/dpio: Fix incorrect comparison + +From: Ioana Radulescu + + +[ Upstream commit 8dabf52ffb6445fa5bcc8b6d2ecb615f60d0dd12 ] + +For some dpio functions, a cpu id parameter value of -1 is +valid and means "any". But when trying to validate this param +value against an upper limit, in this case num_possible_cpus(), +we risk obtaining the wrong result due to an implicit cast. + +Avoid an incorrect check result by explicitly comparing the +cpu id with the "any" value before verifying the upper bound. + +Signed-off-by: Ioana Radulescu +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/fsl-mc/bus/dpio/dpio-service.c | 4 ++-- + drivers/staging/fsl-mc/include/dpaa2-io.h | 6 ++++-- + 2 files changed, 6 insertions(+), 4 deletions(-) + +--- a/drivers/staging/fsl-mc/bus/dpio/dpio-service.c ++++ b/drivers/staging/fsl-mc/bus/dpio/dpio-service.c +@@ -76,7 +76,7 @@ static inline struct dpaa2_io *service_s + if (d) + return d; + +- if (unlikely(cpu >= num_possible_cpus())) ++ if (cpu != DPAA2_IO_ANY_CPU && cpu >= num_possible_cpus()) + return NULL; + + /* +@@ -121,7 +121,7 @@ struct dpaa2_io *dpaa2_io_create(const s + return NULL; + + /* check if CPU is out of range (-1 means any cpu) */ +- if (desc->cpu >= num_possible_cpus()) { ++ if (desc->cpu != DPAA2_IO_ANY_CPU && desc->cpu >= num_possible_cpus()) { + kfree(obj); + return NULL; + } +--- a/drivers/staging/fsl-mc/include/dpaa2-io.h ++++ b/drivers/staging/fsl-mc/include/dpaa2-io.h +@@ -54,6 +54,8 @@ struct device; + * for dequeue. + */ + ++#define DPAA2_IO_ANY_CPU -1 ++ + /** + * struct dpaa2_io_desc - The DPIO descriptor + * @receives_notifications: Use notificaton mode. Non-zero if the DPIO +@@ -91,8 +93,8 @@ irqreturn_t dpaa2_io_irq(struct dpaa2_io + * @cb: The callback to be invoked when the notification arrives + * @is_cdan: Zero for FQDAN, non-zero for CDAN + * @id: FQID or channel ID, needed for rearm +- * @desired_cpu: The cpu on which the notifications will show up. -1 means +- * any CPU. ++ * @desired_cpu: The cpu on which the notifications will show up. Use ++ * DPAA2_IO_ANY_CPU if don't care + * @dpio_id: The dpio index + * @qman64: The 64-bit context value shows up in the FQDAN/CDAN. + * @node: The list node diff --git a/queue-4.14/staging-greybus-loopback-fix-iteration-count-on-async-path.patch b/queue-4.14/staging-greybus-loopback-fix-iteration-count-on-async-path.patch new file mode 100644 index 00000000000..9482ac382da --- /dev/null +++ b/queue-4.14/staging-greybus-loopback-fix-iteration-count-on-async-path.patch @@ -0,0 +1,49 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Bryan O'Donoghue +Date: Mon, 6 Nov 2017 01:32:20 +0000 +Subject: staging: greybus: loopback: Fix iteration count on async path + +From: Bryan O'Donoghue + + +[ Upstream commit 44b02da39210e6dd67e39ff1f48d30c56d384240 ] + +Commit 12927835d211 ("greybus: loopback: Add asynchronous bi-directional +support") does what it says on the tin - namely, adds support for +asynchronous bi-directional loopback operations. + +What it neglects to do though is increment the per-connection +gb->iteration_count on an asynchronous operation error. This patch fixes +that omission. + +Fixes: 12927835d211 ("greybus: loopback: Add asynchronous bi-directional support") + +Signed-off-by: Bryan O'Donoghue +Reported-by: Mitch Tasman +Reviewed-by: Johan Hovold +Cc: Alex Elder +Cc: Mitch Tasman +Cc: greybus-dev@lists.linaro.org +Cc: devel@driverdev.osuosl.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/greybus/loopback.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/staging/greybus/loopback.c ++++ b/drivers/staging/greybus/loopback.c +@@ -1042,8 +1042,10 @@ static int gb_loopback_fn(void *data) + else if (type == GB_LOOPBACK_TYPE_SINK) + error = gb_loopback_async_sink(gb, size); + +- if (error) ++ if (error) { + gb->error++; ++ gb->iteration_count++; ++ } + } else { + /* We are effectively single threaded here */ + if (type == GB_LOOPBACK_TYPE_PING) diff --git a/queue-4.14/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch b/queue-4.14/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch new file mode 100644 index 00000000000..e2325534800 --- /dev/null +++ b/queue-4.14/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch @@ -0,0 +1,42 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Colin Ian King +Date: Fri, 20 Oct 2017 20:40:24 +0200 +Subject: staging: rtl8188eu: avoid a null dereference on pmlmepriv + +From: Colin Ian King + + +[ Upstream commit 123c0aab0050cd0e07ce18e453389fbbb0a5a425 ] + +There is a check on pmlmepriv before dereferencing it when +vfree'ing pmlmepriv->free_bss_buf however the previous call +to rtw_free_mlme_priv_ie_data deferences pmlmepriv causing +a null pointer deference if it is null. Avoid this by also +calling rtw_free_mlme_priv_ie_data if the pointer is non-null. + +Detected by CoverityScan, CID#1230262 ("Dereference before null check") +Fixes: 7b464c9fa5cc ("staging: r8188eu: Add files for new driver - part 4") +Signed-off-by: Colin Ian King +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/rtl8188eu/core/rtw_mlme.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/staging/rtl8188eu/core/rtw_mlme.c ++++ b/drivers/staging/rtl8188eu/core/rtw_mlme.c +@@ -106,10 +106,10 @@ void rtw_free_mlme_priv_ie_data(struct m + + void rtw_free_mlme_priv(struct mlme_priv *pmlmepriv) + { +- rtw_free_mlme_priv_ie_data(pmlmepriv); +- +- if (pmlmepriv) ++ if (pmlmepriv) { ++ rtw_free_mlme_priv_ie_data(pmlmepriv); + vfree(pmlmepriv->free_bss_buf); ++ } + } + + struct wlan_network *_rtw_alloc_network(struct mlme_priv *pmlmepriv) diff --git a/queue-4.14/staging-rtl8822be-fix-wrong-dma-unmap-len.patch b/queue-4.14/staging-rtl8822be-fix-wrong-dma-unmap-len.patch new file mode 100644 index 00000000000..bcca7404a49 --- /dev/null +++ b/queue-4.14/staging-rtl8822be-fix-wrong-dma-unmap-len.patch @@ -0,0 +1,50 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Stanislaw Gruszka +Date: Mon, 23 Oct 2017 11:35:59 +0200 +Subject: staging: rtl8822be: fix wrong dma unmap len + +From: Stanislaw Gruszka + + +[ Upstream commit c40a45a465e9eab72cfdd3ab69d15cf8ef8b89c8 ] + +Patch fixes splat: + +r8822be 0000:04:00.0: DMA-API: device driver frees DMA memory with different size +[device address=0x0000000078477000] [map size=4096 bytes] [unmap size=424 bytes] + +Call Trace: + debug_dma_unmap_page+0xa5/0xb0 + ? unmap_single+0x2f/0x40 + _rtl8822be_send_bcn_or_cmd_packet+0x2c5/0x300 [r8822be] + ? _rtl8822be_send_bcn_or_cmd_packet+0x2c5/0x300 [r8822be] + rtl8822b_halmac_cb_write_data_rsvd_page+0x51/0xc0 [r8822be] + _halmac_write_data_rsvd_page+0x22/0x30 [r8822be] + halmac_download_rsvd_page_88xx+0xee/0x1f0 [r8822be] + halmac_dlfw_to_mem_88xx+0x80/0x120 [r8822be] + halmac_download_firmware_88xx.part.47+0x477/0x600 [r8822be] + halmac_download_firmware_88xx+0x32/0x40 [r8822be] + rtl_halmac_dlfw+0x70/0x120 [r8822be] + rtl_halmac_init_hal+0x5f/0x1b0 [r8822be] + rtl8822be_hw_init+0x8a2/0x1040 [r8822be] + +Signed-off-by: Stanislaw Gruszka +Acked-by: Larry Finger +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/rtlwifi/rtl8822be/fw.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/rtlwifi/rtl8822be/fw.c ++++ b/drivers/staging/rtlwifi/rtl8822be/fw.c +@@ -419,7 +419,7 @@ static bool _rtl8822be_send_bcn_or_cmd_p + dma_addr = rtlpriv->cfg->ops->get_desc( + hw, (u8 *)pbd_desc, true, HW_DESC_TXBUFF_ADDR); + +- pci_unmap_single(rtlpci->pdev, dma_addr, skb->len, ++ pci_unmap_single(rtlpci->pdev, dma_addr, pskb->len, + PCI_DMA_TODEVICE); + kfree_skb(pskb); + diff --git a/queue-4.14/staging-rtl8822be-keep-array-subscript-no-lower-than-zero.patch b/queue-4.14/staging-rtl8822be-keep-array-subscript-no-lower-than-zero.patch new file mode 100644 index 00000000000..43b9d10a506 --- /dev/null +++ b/queue-4.14/staging-rtl8822be-keep-array-subscript-no-lower-than-zero.patch @@ -0,0 +1,39 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Larry Finger +Date: Sat, 23 Sep 2017 19:36:04 -0500 +Subject: staging: rtl8822be: Keep array subscript no lower than zero + +From: Larry Finger + + +[ Upstream commit 43d15c2013130a9fa230c2f5203aca818ae0bb86 ] + +The kbuild test robot reports the following: + drivers/staging//rtlwifi/phydm/phydm_dig.c: In function 'odm_pause_dig': + drivers/staging//rtlwifi/phydm/phydm_dig.c:494:45: warning: array subscript is below array bounds [-Warray-bounds] + odm_write_dig(dm, dig_tab->pause_dig_value[max_level]); + +This condition is caused when a loop falls through. The fix is to pin +max_level to be >= 0. + +Signed-off-by: Larry Finger +c: kbuild test robot +Fixes: 9ce99b04b5b82fdf11e4c76b60a5f82c1e541297 staging: r8822be: Add phydm mini driver +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/rtlwifi/phydm/phydm_dig.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/staging/rtlwifi/phydm/phydm_dig.c ++++ b/drivers/staging/rtlwifi/phydm/phydm_dig.c +@@ -490,6 +490,8 @@ void odm_pause_dig(void *dm_void, enum p + break; + } + ++ /* pin max_level to be >= 0 */ ++ max_level = max_t(s8, 0, max_level); + /* write IGI of lower level */ + odm_write_dig(dm, dig_tab->pause_dig_value[max_level]); + ODM_RT_TRACE(dm, ODM_COMP_DIG, diff --git a/queue-4.14/sysrq-fix-show-regs-call-trace-on-arm.patch b/queue-4.14/sysrq-fix-show-regs-call-trace-on-arm.patch new file mode 100644 index 00000000000..5d1f7ba6090 --- /dev/null +++ b/queue-4.14/sysrq-fix-show-regs-call-trace-on-arm.patch @@ -0,0 +1,77 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Jibin Xu +Date: Sun, 10 Sep 2017 20:11:42 -0700 +Subject: sysrq : fix Show Regs call trace on ARM + +From: Jibin Xu + + +[ Upstream commit b00bebbc301c8e1f74f230dc82282e56b7e7a6db ] + +When kernel configuration SMP,PREEMPT and DEBUG_PREEMPT are enabled, +echo 1 >/proc/sys/kernel/sysrq +echo p >/proc/sysrq-trigger +kernel will print call trace as below: + +sysrq: SysRq : Show Regs +BUG: using __this_cpu_read() in preemptible [00000000] code: sh/435 +caller is __this_cpu_preempt_check+0x18/0x20 +Call trace: +[] dump_backtrace+0x0/0x1d0 +[] show_stack+0x24/0x30 +[] dump_stack+0x90/0xb0 +[] check_preemption_disabled+0x100/0x108 +[] __this_cpu_preempt_check+0x18/0x20 +[] sysrq_handle_showregs+0x1c/0x40 +[] __handle_sysrq+0x12c/0x1a0 +[] write_sysrq_trigger+0x60/0x70 +[] proc_reg_write+0x90/0xd0 +[] __vfs_write+0x48/0x90 +[] vfs_write+0xa4/0x190 +[] SyS_write+0x54/0xb0 +[] el0_svc_naked+0x24/0x28 + +This can be seen on a common board like an r-pi3. +This happens because when echo p >/proc/sysrq-trigger, +get_irq_regs() is called outside of IRQ context, +if preemption is enabled in this situation,kernel will +print the call trace. Since many prior discussions on +the mailing lists have made it clear that get_irq_regs +either just returns NULL or stale data when used outside +of IRQ context,we simply avoid calling it outside of +IRQ context. + +Signed-off-by: Jibin Xu +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/sysrq.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/tty/sysrq.c ++++ b/drivers/tty/sysrq.c +@@ -246,8 +246,10 @@ static void sysrq_handle_showallcpus(int + * architecture has no support for it: + */ + if (!trigger_all_cpu_backtrace()) { +- struct pt_regs *regs = get_irq_regs(); ++ struct pt_regs *regs = NULL; + ++ if (in_irq()) ++ regs = get_irq_regs(); + if (regs) { + pr_info("CPU%d:\n", smp_processor_id()); + show_regs(regs); +@@ -266,7 +268,10 @@ static struct sysrq_key_op sysrq_showall + + static void sysrq_handle_showregs(int key) + { +- struct pt_regs *regs = get_irq_regs(); ++ struct pt_regs *regs = NULL; ++ ++ if (in_irq()) ++ regs = get_irq_regs(); + if (regs) + show_regs(regs); + perf_event_print_debug(); diff --git a/queue-4.14/tools-include-do-not-use-poison-with-c.patch b/queue-4.14/tools-include-do-not-use-poison-with-c.patch new file mode 100644 index 00000000000..e96e7c81ded --- /dev/null +++ b/queue-4.14/tools-include-do-not-use-poison-with-c.patch @@ -0,0 +1,81 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Arnaldo Carvalho de Melo +Date: Thu, 21 Sep 2017 12:12:17 -0300 +Subject: tools include: Do not use poison with C++ + +From: Arnaldo Carvalho de Melo + + +[ Upstream commit 6ae8eefc6c8fe050f057781b70a83262eb0a61ee ] + +LIST_POISON[12] are used to initialize list_head and hlist_node +pointers, and do void pointer arithmetic, which C++ doesn't like, so, to +avoid drifting from the kernel by introducing some HLIST_POISON to do +away with void pointer math, just make those poisoned pointers be NULL +when building it with a C++ compiler. + +Noticed with: + + $ make LLVM_CONFIG=/usr/bin/llvm-config-3.9 LIBCLANGLLVM=1 + CXX util/c++/clang.o + CXX util/c++/clang-test.o + In file included from /home/lizj/linux/tools/include/linux/list.h:5:0, + from /home/lizj/linux/tools/perf/util/namespaces.h:13, + from /home/lizj/linux/tools/perf/util/util.h:15, + from /home/lizj/linux/tools/perf/util/util-cxx.h:20, + from util/c++/clang-c.h:5, + from util/c++/clang-test.cpp:2: + /home/lizj/linux/tools/include/linux/list.h: In function ‘void list_del(list_head*)’: + /home/lizj/linux/tools/include/linux/poison.h:14:31: error: pointer of type ‘void *’ used in arithmetic [-Werror=pointer-arith] + # define POISON_POINTER_DELTA 0 + ^ + /home/lizj/linux/tools/include/linux/poison.h:22:41: note: in expansion of macro ‘POISON_POINTER_DELTA’ + #define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA) + ^ + /home/lizj/linux/tools/include/linux/list.h:107:16: note: in expansion of macro ‘LIST_POISON1’ + entry->next = LIST_POISON1; + ^ + In file included from /home/lizj/linux/tools/perf/util/namespaces.h:13:0, + from /home/lizj/linux/tools/perf/util/util.h:15, + from /home/lizj/linux/tools/perf/util/util-cxx.h:20, + from util/c++/clang-c.h:5, + from util/c++/clang-test.cpp:2: + /home/lizj/linux/tools/include/linux/list.h:107:14: error: invalid conversion from ‘void*’ to ‘list_head*’ [-fpermissive] + +Reported-by: Li Zhijian +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: David Ahern +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Philip Li +Cc: Wang Nan +Link: http://lkml.kernel.org/n/tip-m5ei2o0mjshucbr28baf5lqz@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/include/linux/poison.h | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/tools/include/linux/poison.h ++++ b/tools/include/linux/poison.h +@@ -15,6 +15,10 @@ + # define POISON_POINTER_DELTA 0 + #endif + ++#ifdef __cplusplus ++#define LIST_POISON1 NULL ++#define LIST_POISON2 NULL ++#else + /* + * These are non-NULL pointers that will result in page faults + * under normal circumstances, used to verify that nobody uses +@@ -22,6 +26,7 @@ + */ + #define LIST_POISON1 ((void *) 0x100 + POISON_POINTER_DELTA) + #define LIST_POISON2 ((void *) 0x200 + POISON_POINTER_DELTA) ++#endif + + /********** include/linux/timer.h **********/ + /* diff --git a/queue-4.14/usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch b/queue-4.14/usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch new file mode 100644 index 00000000000..e3e176b4104 --- /dev/null +++ b/queue-4.14/usb-dwc2-error-out-of-dwc2_hsotg_ep_disable-if-we-re-in-host-mode.patch @@ -0,0 +1,109 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: John Stultz +Date: Mon, 23 Oct 2017 14:32:49 -0700 +Subject: usb: dwc2: Error out of dwc2_hsotg_ep_disable() if we're in host mode + +From: John Stultz + + +[ Upstream commit 9b481092c2a31a6b630aff9c28f0145bf6683787 ] + +We've found that while in host mode, using Android, if one runs +the command: + stop adbd + +The existing usb devices being utilized in host mode are disconnected. +This is most visible with usb networking devices. + +This seems to be due to adbd closing the file: + /dev/usb-ffs/adb/ep0 +Which calls ffs_ep0_release() and the following backtrace: + +[] dwc2_hsotg_ep_disable+0x148/0x150 +[] dwc2_hsotg_udc_stop+0x60/0x110 +[] usb_gadget_remove_driver+0x58/0x78 +[] usb_gadget_unregister_driver+0x74/0xe8 +[] unregister_gadget+0x28/0x58 +[] unregister_gadget_item+0x2c/0x40 +[] ffs_data_clear+0xe8/0xf8 +[] ffs_data_reset+0x20/0x58 +[] ffs_data_closed+0x98/0xe8 +[] ffs_ep0_release+0x20/0x30 + +Then when dwc2_hsotg_ep_disable() is called, we call +kill_all_requests() which causes a bunch of the following +messages: + +dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode +dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode +dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode +dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode +dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode +dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode +dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode +dwc2 f72c0000.usb: Mode Mismatch Interrupt: currently in Host mode +init: Service 'adbd' (pid 1915) killed by signal 9 +init: Sending signal 9 to service 'adbd' (pid 1915) process group... +init: Successfully killed process cgroup uid 0 pid 1915 in 0ms +init: processing action (init.svc.adbd=stopped) from (/init.usb.configfs.rc:15) +dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 8 - ChHltd set, but reason is unknown +dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 +dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 12 - ChHltd set, but reason is unknown +dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 +dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 15 - ChHltd set, but reason is unknown +dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 +dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 3 - ChHltd set, but reason is unknown +dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 +dwc2 f72c0000.usb: dwc2_hc_chhltd_intr_dma: Channel 4 - ChHltd set, but reason is unknown +dwc2 f72c0000.usb: hcint 0x00000002, intsts 0x04200029 +dwc2 f72c0000.usb: dwc2_update_urb_state_abn(): trimming xfer length + +And the usb devices connected are basically hung at this point. + +It seems like if we're in host mode, we probably shouldn't run +the dwc2_hostg_ep_disable logic, so this patch returns an error +in that case. + +With this patch (along with the previous patch in this set), we avoid +the mismatched interrupts and connected usb devices continue to function. + +I'm not sure if some other solution would be better here, but this seems +to work, so I wanted to send it out for input on what the right approach +should be. + +Cc: Wei Xu +Cc: Guodong Xu +Cc: Amit Pundir +Cc: YongQin Liu +Cc: John Youn +Cc: Minas Harutyunyan +Cc: Douglas Anderson +Cc: Chen Yu +Cc: Felipe Balbi +Cc: Greg Kroah-Hartman +Cc: linux-usb@vger.kernel.org +Acked-by: Minas Harutyunyan +Tested-by: Minas Harutyunyan +Reported-by: YongQin Liu +Signed-off-by: John Stultz +Signed-off-by: Felipe Balbi +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/dwc2/gadget.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/usb/dwc2/gadget.c ++++ b/drivers/usb/dwc2/gadget.c +@@ -4006,6 +4006,11 @@ static int dwc2_hsotg_ep_disable(struct + return -EINVAL; + } + ++ if (hsotg->op_state != OTG_STATE_B_PERIPHERAL) { ++ dev_err(hsotg->dev, "%s: called in host mode?\n", __func__); ++ return -EINVAL; ++ } ++ + epctrl_reg = dir_in ? DIEPCTL(index) : DOEPCTL(index); + + spin_lock_irqsave(&hsotg->lock, flags); diff --git a/queue-4.14/usb-dwc2-fix-udc-state-tracking.patch b/queue-4.14/usb-dwc2-fix-udc-state-tracking.patch new file mode 100644 index 00000000000..57747e3142e --- /dev/null +++ b/queue-4.14/usb-dwc2-fix-udc-state-tracking.patch @@ -0,0 +1,55 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: John Stultz +Date: Mon, 23 Oct 2017 14:32:50 -0700 +Subject: usb: dwc2: Fix UDC state tracking + +From: John Stultz + + +[ Upstream commit ce2b21a4e5ce042c0a42c9db8fa9e0f849427d5e ] + +It has been noticed that the dwc2 udc state reporting doesn't +seem to work (at least on HiKey boards). Where after the initial +setup, the sysfs /sys/class/udc/f72c0000.usb/state file would +report "configured" no matter the state of the OTG port. + +This patch adds a call so that we report to the UDC layer when +the gadget device is disconnected. + +This patch does depend on the previous patch ("usb: dwc2: +Improve gadget state disconnection handling") in this patch set +in order to properly work. + +Cc: Wei Xu +Cc: Guodong Xu +Cc: Amit Pundir +Cc: YongQin Liu +Cc: John Youn +Cc: Minas Harutyunyan +Cc: Douglas Anderson +Cc: Chen Yu +Cc: Felipe Balbi +Cc: Greg Kroah-Hartman +Cc: linux-usb@vger.kernel.org +Acked-by: Minas Harutyunyan +Tested-by: Minas Harutyunyan +Reported-by: Amit Pundir +Signed-off-by: John Stultz +Signed-off-by: Felipe Balbi +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/dwc2/gadget.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/usb/dwc2/gadget.c ++++ b/drivers/usb/dwc2/gadget.c +@@ -3202,6 +3202,8 @@ void dwc2_hsotg_disconnect(struct dwc2_h + + call_gadget(hsotg, disconnect); + hsotg->lx_state = DWC2_L3; ++ ++ usb_gadget_set_state(&hsotg->gadget, USB_STATE_NOTATTACHED); + } + + /** diff --git a/queue-4.14/usb-mtu3-fix-error-return-code-in-ssusb_gadget_init.patch b/queue-4.14/usb-mtu3-fix-error-return-code-in-ssusb_gadget_init.patch new file mode 100644 index 00000000000..ac8bcf4fd4d --- /dev/null +++ b/queue-4.14/usb-mtu3-fix-error-return-code-in-ssusb_gadget_init.patch @@ -0,0 +1,36 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Chunfeng Yun +Date: Fri, 13 Oct 2017 17:10:37 +0800 +Subject: usb: mtu3: fix error return code in ssusb_gadget_init() + +From: Chunfeng Yun + + +[ Upstream commit c162ff0aaaac456ef29aebd1e9d4d3e305cd3279 ] + +When failing to get IRQ number, platform_get_irq() may return +-EPROBE_DEFER, but we ignore it and always return -ENODEV, +so fix it. + +Signed-off-by: Chunfeng Yun +Signed-off-by: Felipe Balbi +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/mtu3/mtu3_core.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/usb/mtu3/mtu3_core.c ++++ b/drivers/usb/mtu3/mtu3_core.c +@@ -774,9 +774,9 @@ int ssusb_gadget_init(struct ssusb_mtk * + return -ENOMEM; + + mtu->irq = platform_get_irq(pdev, 0); +- if (mtu->irq <= 0) { ++ if (mtu->irq < 0) { + dev_err(dev, "fail to get irq number\n"); +- return -ENODEV; ++ return mtu->irq; + } + dev_info(dev, "irq %d\n", mtu->irq); + diff --git a/queue-4.14/usb-phy-tahvo-fix-error-handling-in-tahvo_usb_probe.patch b/queue-4.14/usb-phy-tahvo-fix-error-handling-in-tahvo_usb_probe.patch new file mode 100644 index 00000000000..a5155d93e4f --- /dev/null +++ b/queue-4.14/usb-phy-tahvo-fix-error-handling-in-tahvo_usb_probe.patch @@ -0,0 +1,35 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Alexey Khoroshilov +Date: Sat, 21 Oct 2017 01:02:07 +0300 +Subject: usb: phy: tahvo: fix error handling in tahvo_usb_probe() + +From: Alexey Khoroshilov + + +[ Upstream commit ce035409bfa892a2fabb89720b542e1b335c3426 ] + +If devm_extcon_dev_allocate() fails, we should disable clk before return. + +Found by Linux Driver Verification project (linuxtesting.org). + +Signed-off-by: Alexey Khoroshilov +Fixes: 860d2686fda7 ("usb: phy: tahvo: Use devm_extcon_dev_[allocate|register]() and replace deprecated API") +Signed-off-by: Felipe Balbi +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/phy/phy-tahvo.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/usb/phy/phy-tahvo.c ++++ b/drivers/usb/phy/phy-tahvo.c +@@ -368,7 +368,8 @@ static int tahvo_usb_probe(struct platfo + tu->extcon = devm_extcon_dev_allocate(&pdev->dev, tahvo_cable); + if (IS_ERR(tu->extcon)) { + dev_err(&pdev->dev, "failed to allocate memory for extcon\n"); +- return -ENOMEM; ++ ret = PTR_ERR(tu->extcon); ++ goto err_disable_clk; + } + + ret = devm_extcon_dev_register(&pdev->dev, tu->extcon); diff --git a/queue-4.14/usb-xhci-return-error-when-host-is-dead-in-xhci_disable_slot.patch b/queue-4.14/usb-xhci-return-error-when-host-is-dead-in-xhci_disable_slot.patch new file mode 100644 index 00000000000..0b1d69acdb9 --- /dev/null +++ b/queue-4.14/usb-xhci-return-error-when-host-is-dead-in-xhci_disable_slot.patch @@ -0,0 +1,41 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Lu Baolu +Date: Thu, 5 Oct 2017 11:21:43 +0300 +Subject: usb: xhci: Return error when host is dead in xhci_disable_slot() + +From: Lu Baolu + + +[ Upstream commit dcabc76fa9361186e6b88c30a68db8fa9d5b4a1c ] + +xhci_disable_slot() is a helper for disabling a slot when a device +goes away or recovers from error situations. Currently, it returns +success when it sees a dead host. This is not the right way to go. +It should return error and let the invoker know that disable slot +command was failed due to a dead host. + +Fixes: f9e609b82479 ("usb: xhci: Add helper function xhci_disable_slot().") +Cc: Guoqing Zhang +Signed-off-by: Lu Baolu +Signed-off-by: Mathias Nyman +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/host/xhci.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -3583,10 +3583,9 @@ int xhci_disable_slot(struct xhci_hcd *x + state = readl(&xhci->op_regs->status); + if (state == 0xffffffff || (xhci->xhc_state & XHCI_STATE_DYING) || + (xhci->xhc_state & XHCI_STATE_HALTED)) { +- xhci_free_virt_device(xhci, slot_id); + spin_unlock_irqrestore(&xhci->lock, flags); + kfree(command); +- return ret; ++ return -ENODEV; + } + + ret = xhci_queue_slot_control(xhci, command, TRB_DISABLE_SLOT, diff --git a/queue-4.14/usbip-tools-install-all-headers-needed-for-libusbip-development.patch b/queue-4.14/usbip-tools-install-all-headers-needed-for-libusbip-development.patch new file mode 100644 index 00000000000..859f1d0e439 --- /dev/null +++ b/queue-4.14/usbip-tools-install-all-headers-needed-for-libusbip-development.patch @@ -0,0 +1,35 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Ben Hutchings +Date: Sun, 1 Oct 2017 02:18:37 +0100 +Subject: usbip: tools: Install all headers needed for libusbip development + +From: Ben Hutchings + + +[ Upstream commit c15562c0dcb2c7f26e891923b784cf1926b8c833 ] + +usbip_host_driver.h now depends on several additional headers, which +need to be installed along with it. + +Fixes: 021aed845303 ("staging: usbip: userspace: migrate usbip_host_driver ...") +Fixes: 3391ba0e2792 ("usbip: tools: Extract generic code to be shared with ...") +Signed-off-by: Ben Hutchings +Acked-by: Shuah Khan +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/usb/usbip/Makefile.am | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/tools/usb/usbip/Makefile.am ++++ b/tools/usb/usbip/Makefile.am +@@ -2,6 +2,7 @@ + SUBDIRS := libsrc src + includedir = @includedir@/usbip + include_HEADERS := $(addprefix libsrc/, \ +- usbip_common.h vhci_driver.h usbip_host_driver.h) ++ usbip_common.h vhci_driver.h usbip_host_driver.h \ ++ list.h sysfs_utils.h usbip_host_common.h) + + dist_man_MANS := $(addprefix doc/, usbip.8 usbipd.8) diff --git a/queue-4.14/x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch b/queue-4.14/x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch new file mode 100644 index 00000000000..4c9b342e30a --- /dev/null +++ b/queue-4.14/x86-entry-use-syscall_define-macros-for-sys_modify_ldt.patch @@ -0,0 +1,112 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Dave Hansen +Date: Wed, 18 Oct 2017 10:21:07 -0700 +Subject: x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() + +From: Dave Hansen + + +[ Upstream commit da20ab35180780e4a6eadc804544f1fa967f3567 ] + +We do not have tracepoints for sys_modify_ldt() because we define +it directly instead of using the normal SYSCALL_DEFINEx() macros. + +However, there is a reason sys_modify_ldt() does not use the macros: +it has an 'int' return type instead of 'unsigned long'. This is +a bug, but it's a bug cemented in the ABI. + +What does this mean? If we return -EINVAL from a function that +returns 'int', we have 0x00000000ffffffea in %rax. But, if we +return -EINVAL from a function returning 'unsigned long', we end +up with 0xffffffffffffffea in %rax, which is wrong. + +To work around this and maintain the 'int' behavior while using +the SYSCALL_DEFINEx() macros, so we add a cast to 'unsigned int' +in both implementations of sys_modify_ldt(). + +Signed-off-by: Dave Hansen +Reviewed-by: Andy Lutomirski +Reviewed-by: Brian Gerst +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/20171018172107.1A79C532@viggo.jf.intel.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/syscalls.h | 2 +- + arch/x86/kernel/ldt.c | 16 +++++++++++++--- + arch/x86/um/ldt.c | 7 +++++-- + 3 files changed, 19 insertions(+), 6 deletions(-) + +--- a/arch/x86/include/asm/syscalls.h ++++ b/arch/x86/include/asm/syscalls.h +@@ -21,7 +21,7 @@ asmlinkage long sys_ioperm(unsigned long + asmlinkage long sys_iopl(unsigned int); + + /* kernel/ldt.c */ +-asmlinkage int sys_modify_ldt(int, void __user *, unsigned long); ++asmlinkage long sys_modify_ldt(int, void __user *, unsigned long); + + /* kernel/signal.c */ + asmlinkage long sys_rt_sigreturn(void); +--- a/arch/x86/kernel/ldt.c ++++ b/arch/x86/kernel/ldt.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -295,8 +296,8 @@ out: + return error; + } + +-asmlinkage int sys_modify_ldt(int func, void __user *ptr, +- unsigned long bytecount) ++SYSCALL_DEFINE3(modify_ldt, int , func , void __user * , ptr , ++ unsigned long , bytecount) + { + int ret = -ENOSYS; + +@@ -314,5 +315,14 @@ asmlinkage int sys_modify_ldt(int func, + ret = write_ldt(ptr, bytecount, 0); + break; + } +- return ret; ++ /* ++ * The SYSCALL_DEFINE() macros give us an 'unsigned long' ++ * return type, but tht ABI for sys_modify_ldt() expects ++ * 'int'. This cast gives us an int-sized value in %rax ++ * for the return code. The 'unsigned' is necessary so ++ * the compiler does not try to sign-extend the negative ++ * return codes into the high half of the register when ++ * taking the value from int->long. ++ */ ++ return (unsigned int)ret; + } +--- a/arch/x86/um/ldt.c ++++ b/arch/x86/um/ldt.c +@@ -6,6 +6,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -369,7 +370,9 @@ void free_ldt(struct mm_context *mm) + mm->arch.ldt.entry_count = 0; + } + +-int sys_modify_ldt(int func, void __user *ptr, unsigned long bytecount) ++SYSCALL_DEFINE3(modify_ldt, int , func , void __user * , ptr , ++ unsigned long , bytecount) + { +- return do_modify_ldt_skas(func, ptr, bytecount); ++ /* See non-um modify_ldt() for why we do this cast */ ++ return (unsigned int)do_modify_ldt_skas(func, ptr, bytecount); + } diff --git a/queue-4.14/x86-intel_rdt-fix-potential-deadlock-during-resctrl-mount.patch b/queue-4.14/x86-intel_rdt-fix-potential-deadlock-during-resctrl-mount.patch new file mode 100644 index 00000000000..239eac59a50 --- /dev/null +++ b/queue-4.14/x86-intel_rdt-fix-potential-deadlock-during-resctrl-mount.patch @@ -0,0 +1,166 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Reinette Chatre +Date: Fri, 20 Oct 2017 02:16:59 -0700 +Subject: x86/intel_rdt: Fix potential deadlock during resctrl mount + +From: Reinette Chatre + + +[ Upstream commit 87943db7dfb0c5ee5aa74a9ac06346fadd9695c8 ] + +Sai reported a warning during some MBA tests: + +[ 236.755559] ====================================================== +[ 236.762443] WARNING: possible circular locking dependency detected +[ 236.769328] 4.14.0-rc4-yocto-standard #8 Not tainted +[ 236.774857] ------------------------------------------------------ +[ 236.781738] mount/10091 is trying to acquire lock: +[ 236.787071] (cpu_hotplug_lock.rw_sem){++++}, at: [] static_key_enable+0x12/0x30 +[ 236.797058] + but task is already holding lock: +[ 236.803552] (&type->s_umount_key#37/1){+.+.}, at: [] sget_userns+0x32f/0x520 +[ 236.813247] + which lock already depends on the new lock. + +[ 236.822353] + the existing dependency chain (in reverse order) is: +[ 236.830686] + -> #4 (&type->s_umount_key#37/1){+.+.}: +[ 236.837756] __lock_acquire+0x1100/0x11a0 +[ 236.842799] lock_acquire+0xdf/0x1d0 +[ 236.847363] down_write_nested+0x46/0x80 +[ 236.852310] sget_userns+0x32f/0x520 +[ 236.856873] kernfs_mount_ns+0x7e/0x1f0 +[ 236.861728] rdt_mount+0x30c/0x440 +[ 236.866096] mount_fs+0x38/0x150 +[ 236.870262] vfs_kern_mount+0x67/0x150 +[ 236.875015] do_mount+0x1df/0xd50 +[ 236.879286] SyS_mount+0x95/0xe0 +[ 236.883464] entry_SYSCALL_64_fastpath+0x18/0xad +[ 236.889183] + -> #3 (rdtgroup_mutex){+.+.}: +[ 236.895292] __lock_acquire+0x1100/0x11a0 +[ 236.900337] lock_acquire+0xdf/0x1d0 +[ 236.904899] __mutex_lock+0x80/0x8f0 +[ 236.909459] mutex_lock_nested+0x1b/0x20 +[ 236.914407] intel_rdt_online_cpu+0x3b/0x4a0 +[ 236.919745] cpuhp_invoke_callback+0xce/0xb80 +[ 236.925177] cpuhp_thread_fun+0x1c5/0x230 +[ 236.930222] smpboot_thread_fn+0x11a/0x1e0 +[ 236.935362] kthread+0x152/0x190 +[ 236.939536] ret_from_fork+0x27/0x40 +[ 236.944097] + -> #2 (cpuhp_state-up){+.+.}: +[ 236.950199] __lock_acquire+0x1100/0x11a0 +[ 236.955241] lock_acquire+0xdf/0x1d0 +[ 236.959800] cpuhp_issue_call+0x12e/0x1c0 +[ 236.964845] __cpuhp_setup_state_cpuslocked+0x13b/0x2f0 +[ 236.971242] __cpuhp_setup_state+0xa7/0x120 +[ 236.976483] page_writeback_init+0x43/0x67 +[ 236.981623] pagecache_init+0x38/0x3b +[ 236.986281] start_kernel+0x3c6/0x41a +[ 236.990931] x86_64_start_reservations+0x2a/0x2c +[ 236.996650] x86_64_start_kernel+0x72/0x75 +[ 237.001793] verify_cpu+0x0/0xfb +[ 237.005966] + -> #1 (cpuhp_state_mutex){+.+.}: +[ 237.012364] __lock_acquire+0x1100/0x11a0 +[ 237.017408] lock_acquire+0xdf/0x1d0 +[ 237.021969] __mutex_lock+0x80/0x8f0 +[ 237.026527] mutex_lock_nested+0x1b/0x20 +[ 237.031475] __cpuhp_setup_state_cpuslocked+0x54/0x2f0 +[ 237.037777] __cpuhp_setup_state+0xa7/0x120 +[ 237.043013] page_alloc_init+0x28/0x30 +[ 237.047769] start_kernel+0x148/0x41a +[ 237.052425] x86_64_start_reservations+0x2a/0x2c +[ 237.058145] x86_64_start_kernel+0x72/0x75 +[ 237.063284] verify_cpu+0x0/0xfb +[ 237.067456] + -> #0 (cpu_hotplug_lock.rw_sem){++++}: +[ 237.074436] check_prev_add+0x401/0x800 +[ 237.079286] __lock_acquire+0x1100/0x11a0 +[ 237.084330] lock_acquire+0xdf/0x1d0 +[ 237.088890] cpus_read_lock+0x42/0x90 +[ 237.093548] static_key_enable+0x12/0x30 +[ 237.098496] rdt_mount+0x406/0x440 +[ 237.102862] mount_fs+0x38/0x150 +[ 237.107035] vfs_kern_mount+0x67/0x150 +[ 237.111787] do_mount+0x1df/0xd50 +[ 237.116058] SyS_mount+0x95/0xe0 +[ 237.120233] entry_SYSCALL_64_fastpath+0x18/0xad +[ 237.125952] + other info that might help us debug this: + +[ 237.134867] Chain exists of: + cpu_hotplug_lock.rw_sem --> rdtgroup_mutex --> &type->s_umount_key#37/1 + +[ 237.148425] Possible unsafe locking scenario: + +[ 237.155015] CPU0 CPU1 +[ 237.160057] ---- ---- +[ 237.165100] lock(&type->s_umount_key#37/1); +[ 237.169952] lock(rdtgroup_mutex); +[ 237.176641] +lock(&type->s_umount_key#37/1); +[ 237.184287] lock(cpu_hotplug_lock.rw_sem); +[ 237.189041] + *** DEADLOCK *** + +When the resctrl filesystem is mounted the locks must be acquired in the +same order as was done when the cpus came online: + + cpu_hotplug_lock before rdtgroup_mutex. + +This also requires to switch the static_branch_enable() calls to the +_cpulocked variant because now cpu hotplug lock is held already. + +[ tglx: Switched to cpus_read_[un]lock ] + +Reported-by: Sai Praneeth Prakhya +Signed-off-by: Reinette Chatre +Tested-by: Sai Praneeth Prakhya +Acked-by: Vikas Shivappa +Cc: fenghua.yu@intel.com +Cc: tony.luck@intel.com +Link: https://lkml.kernel.org/r/9c41b91bc2f47d9e95b62b213ecdb45623c47a9f.1508490116.git.reinette.chatre@intel.com +Signed-off-by: Thomas Gleixner +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c ++++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c +@@ -1081,6 +1081,7 @@ static struct dentry *rdt_mount(struct f + struct dentry *dentry; + int ret; + ++ cpus_read_lock(); + mutex_lock(&rdtgroup_mutex); + /* + * resctrl file system can only be mounted once. +@@ -1130,12 +1131,12 @@ static struct dentry *rdt_mount(struct f + goto out_mondata; + + if (rdt_alloc_capable) +- static_branch_enable(&rdt_alloc_enable_key); ++ static_branch_enable_cpuslocked(&rdt_alloc_enable_key); + if (rdt_mon_capable) +- static_branch_enable(&rdt_mon_enable_key); ++ static_branch_enable_cpuslocked(&rdt_mon_enable_key); + + if (rdt_alloc_capable || rdt_mon_capable) +- static_branch_enable(&rdt_enable_key); ++ static_branch_enable_cpuslocked(&rdt_enable_key); + + if (is_mbm_enabled()) { + r = &rdt_resources_all[RDT_RESOURCE_L3]; +@@ -1157,6 +1158,7 @@ out_cdp: + cdp_disable(); + out: + mutex_unlock(&rdtgroup_mutex); ++ cpus_read_unlock(); + + return dentry; + } diff --git a/queue-4.14/x86-intel_rdt-initialize-bitmask-of-shareable-resource-if-cdp-enabled.patch b/queue-4.14/x86-intel_rdt-initialize-bitmask-of-shareable-resource-if-cdp-enabled.patch new file mode 100644 index 00000000000..103aaee404a --- /dev/null +++ b/queue-4.14/x86-intel_rdt-initialize-bitmask-of-shareable-resource-if-cdp-enabled.patch @@ -0,0 +1,41 @@ +From foo@baz Wed Dec 6 18:04:41 CET 2017 +From: Reinette Chatre +Date: Fri, 20 Oct 2017 02:16:57 -0700 +Subject: x86/intel_rdt: Initialize bitmask of shareable resource if CDP enabled + +From: Reinette Chatre + + +[ Upstream commit 95953034fb24c16ad0047a98b16427e5935830c4 ] + +The platform informs via CPUID.(EAX=0x10, ECX=res#):EBX[31:0] (valid res# +are only 1 for L3 and 2 for L2) which unit of the allocation may be used by +other entities in the platform. This information is valid whether CDP (Code +and Data Prioritization) is enabled or not. + +Ensure that the bitmask of shareable resource is initialized when CDP is +enabled. + +Fixes: 0dd2d7494cd8 ("x86/intel_rdt: Show bitmask of shareable resource with other executing units" +Signed-off-by: Reinette Chatre +Signed-off-by: Thomas Gleixner +Acked-by: Fenghua Yu +Acked-by: Vikas Shivappa +Acked-by: Tony Luck +Link: https://lkml.kernel.org/r/815747bddc820ca221a8924edaf4d1a7324547e4.1508490116.git.reinette.chatre@intel.com +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/intel_rdt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/kernel/cpu/intel_rdt.c ++++ b/arch/x86/kernel/cpu/intel_rdt.c +@@ -267,6 +267,7 @@ static void rdt_get_cdp_l3_config(int ty + r->num_closid = r_l3->num_closid / 2; + r->cache.cbm_len = r_l3->cache.cbm_len; + r->default_ctrl = r_l3->default_ctrl; ++ r->cache.shareable_bits = r_l3->cache.shareable_bits; + r->data_width = (r->cache.cbm_len + 3) / 4; + r->alloc_capable = true; + /*