From: Greg Kroah-Hartman Date: Fri, 14 Oct 2016 09:52:25 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v4.4.25~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d74d469dcff7b3a86e3f29d3f1f2f87562f5dafb;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: alsa-ali5451-fix-out-of-bound-position-reporting.patch alsa-usb-audio-extend-dragonfly-db-scale-quirk-to-cover-other-variants.patch alsa-usb-line6-use-the-same-declaration-as-definition-in-header-for-midi-manufacturer-id.patch arm-cpuidle-fix-error-return-code.patch arm-dts-msm8064-remove-flags-from-spmi-mpp-irqs.patch arm-dts-mvebu-armada-390-add-missing-compatibility-string-and-bracket.patch kvm-mips-drop-other-cpu-asids-on-guest-mmu-changes.patch kvm-ppc-book3s-pr-allow-access-to-unprivileged-mmcr2-register.patch kvm-ppc-booke-fix-a-sanity-check.patch mfd-88pm80x-double-shifting-bug-in-suspend-resume.patch mfd-atmel-hlcdc-do-not-sleep-in-atomic-context.patch mfd-rtsx_usb-avoid-setting-ucr-current_sg.status.patch mfd-wm8350-i2c-make-sure-the-i2c-regmap-functions-are-compiled.patch x86-boot-fix-kdump-cleanup-aborted-e820_pram-max_pfn-manipulation.patch x86-dumpstack-fix-x86_32-kernel_stack_pointer-previous-stack-access.patch x86-irq-prevent-force-migration-of-irqs-which-are-not-in-the-vector-domain.patch --- diff --git a/queue-4.4/alsa-ali5451-fix-out-of-bound-position-reporting.patch b/queue-4.4/alsa-ali5451-fix-out-of-bound-position-reporting.patch new file mode 100644 index 00000000000..e518b5b63b2 --- /dev/null +++ b/queue-4.4/alsa-ali5451-fix-out-of-bound-position-reporting.patch @@ -0,0 +1,43 @@ +From db68577966abc1aeae4ec597b3dcfa0d56e92041 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 21 Sep 2016 14:38:02 +0200 +Subject: ALSA: ali5451: Fix out-of-bound position reporting + +From: Takashi Iwai + +commit db68577966abc1aeae4ec597b3dcfa0d56e92041 upstream. + +The pointer callbacks of ali5451 driver may return the value at the +boundary occasionally, and it results in the kernel warning like + snd_ali5451 0000:00:06.0: BUG: , pos = 16384, buffer size = 16384, period size = 1024 + +It seems that folding the position offset is enough for fixing the +warning and no ill-effect has been seen by that. + +Reported-by: Enrico Mioso +Tested-by: Enrico Mioso +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/ali5451/ali5451.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/pci/ali5451/ali5451.c ++++ b/sound/pci/ali5451/ali5451.c +@@ -1408,6 +1408,7 @@ snd_ali_playback_pointer(struct snd_pcm_ + spin_unlock(&codec->reg_lock); + dev_dbg(codec->card->dev, "playback pointer returned cso=%xh.\n", cso); + ++ cso %= runtime->buffer_size; + return cso; + } + +@@ -1428,6 +1429,7 @@ static snd_pcm_uframes_t snd_ali_pointer + cso = inw(ALI_REG(codec, ALI_CSO_ALPHA_FMS + 2)); + spin_unlock(&codec->reg_lock); + ++ cso %= runtime->buffer_size; + return cso; + } + diff --git a/queue-4.4/alsa-usb-audio-extend-dragonfly-db-scale-quirk-to-cover-other-variants.patch b/queue-4.4/alsa-usb-audio-extend-dragonfly-db-scale-quirk-to-cover-other-variants.patch new file mode 100644 index 00000000000..f0d2bed3182 --- /dev/null +++ b/queue-4.4/alsa-usb-audio-extend-dragonfly-db-scale-quirk-to-cover-other-variants.patch @@ -0,0 +1,81 @@ +From eb1a74b7bea17eea31915c4f76385cefe69d9795 Mon Sep 17 00:00:00 2001 +From: Anssi Hannula +Date: Fri, 23 Sep 2016 06:43:47 +0300 +Subject: ALSA: usb-audio: Extend DragonFly dB scale quirk to cover other variants + +From: Anssi Hannula + +commit eb1a74b7bea17eea31915c4f76385cefe69d9795 upstream. + +The DragonFly quirk added in 42e3121d90f4 ("ALSA: usb-audio: Add a more +accurate volume quirk for AudioQuest DragonFly") applies a custom dB map +on the volume control when its range is reported as 0..50 (0 .. 0.2dB). + +However, there exists at least one other variant (hw v1.0c, as opposed +to the tested v1.2) which reports a different non-sensical volume range +(0..53) and the custom map is therefore not applied for that device. + +This results in all of the volume change appearing close to 100% on +mixer UIs that utilize the dB TLV information. + +Add a fallback case where no dB TLV is reported at all if the control +range is not 0..50 but still 0..N where N <= 1000 (3.9 dB). Also +restrict the quirk to only apply to the volume control as there is also +a mute control which would match the check otherwise. + +Fixes: 42e3121d90f4 ("ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly") +Signed-off-by: Anssi Hannula +Reported-by: David W +Tested-by: David W +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/mixer_quirks.c | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +--- a/sound/usb/mixer_quirks.c ++++ b/sound/usb/mixer_quirks.c +@@ -1831,6 +1831,7 @@ void snd_usb_mixer_rc_memory_change(stru + } + + static void snd_dragonfly_quirk_db_scale(struct usb_mixer_interface *mixer, ++ struct usb_mixer_elem_info *cval, + struct snd_kcontrol *kctl) + { + /* Approximation using 10 ranges based on output measurement on hw v1.2. +@@ -1848,10 +1849,19 @@ static void snd_dragonfly_quirk_db_scale + 41, 50, TLV_DB_MINMAX_ITEM(-441, 0), + ); + +- usb_audio_info(mixer->chip, "applying DragonFly dB scale quirk\n"); +- kctl->tlv.p = scale; +- kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ; +- kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; ++ if (cval->min == 0 && cval->max == 50) { ++ usb_audio_info(mixer->chip, "applying DragonFly dB scale quirk (0-50 variant)\n"); ++ kctl->tlv.p = scale; ++ kctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_TLV_READ; ++ kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; ++ ++ } else if (cval->min == 0 && cval->max <= 1000) { ++ /* Some other clearly broken DragonFly variant. ++ * At least a 0..53 variant (hw v1.0) exists. ++ */ ++ usb_audio_info(mixer->chip, "ignoring too narrow dB range on a DragonFly device"); ++ kctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_TLV_CALLBACK; ++ } + } + + void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer, +@@ -1860,8 +1870,8 @@ void snd_usb_mixer_fu_apply_quirk(struct + { + switch (mixer->chip->usb_id) { + case USB_ID(0x21b4, 0x0081): /* AudioQuest DragonFly */ +- if (unitid == 7 && cval->min == 0 && cval->max == 50) +- snd_dragonfly_quirk_db_scale(mixer, kctl); ++ if (unitid == 7 && cval->control == UAC_FU_VOLUME) ++ snd_dragonfly_quirk_db_scale(mixer, cval, kctl); + break; + } + } diff --git a/queue-4.4/alsa-usb-line6-use-the-same-declaration-as-definition-in-header-for-midi-manufacturer-id.patch b/queue-4.4/alsa-usb-line6-use-the-same-declaration-as-definition-in-header-for-midi-manufacturer-id.patch new file mode 100644 index 00000000000..5ff8eae2a9f --- /dev/null +++ b/queue-4.4/alsa-usb-line6-use-the-same-declaration-as-definition-in-header-for-midi-manufacturer-id.patch @@ -0,0 +1,44 @@ +From 8da08ca03b73593d5299893bf29fc08569c3fb5f Mon Sep 17 00:00:00 2001 +From: Takashi Sakamoto +Date: Sun, 25 Sep 2016 22:00:20 +0900 +Subject: ALSA: usb-line6: use the same declaration as definition in header for MIDI manufacturer ID + +From: Takashi Sakamoto + +commit 8da08ca03b73593d5299893bf29fc08569c3fb5f upstream. + +Currently, usb-line6 module exports an array of MIDI manufacturer ID and +usb-pod module uses it. However, the declaration is not the definition in +common header. The difference is explicit length of array. Although +compiler calculates it and everything goes well, it's better to use the +same representation between definition and declaration. + +This commit fills the length of array for usb-line6 module. As a small +good sub-effect, this commit suppress below warnings from static analysis +by sparse v0.5.0. + +sound/usb/line6/driver.c:274:43: error: cannot size expression +sound/usb/line6/driver.c:275:16: error: cannot size expression +sound/usb/line6/driver.c:276:16: error: cannot size expression +sound/usb/line6/driver.c:277:16: error: cannot size expression + +Fixes: 705ececd1c60 ("Staging: add line6 usb driver") +Signed-off-by: Takashi Sakamoto +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/line6/driver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/usb/line6/driver.c ++++ b/sound/usb/line6/driver.c +@@ -29,7 +29,7 @@ + /* + This is Line 6's MIDI manufacturer ID. + */ +-const unsigned char line6_midi_id[] = { ++const unsigned char line6_midi_id[3] = { + 0x00, 0x01, 0x0c + }; + EXPORT_SYMBOL_GPL(line6_midi_id); diff --git a/queue-4.4/arm-cpuidle-fix-error-return-code.patch b/queue-4.4/arm-cpuidle-fix-error-return-code.patch new file mode 100644 index 00000000000..ff1cd0b4853 --- /dev/null +++ b/queue-4.4/arm-cpuidle-fix-error-return-code.patch @@ -0,0 +1,33 @@ +From af48d7bc3756a0cd882d65bff14ab39746ba57fe Mon Sep 17 00:00:00 2001 +From: Christophe Jaillet +Date: Thu, 11 Aug 2016 15:02:30 +0200 +Subject: ARM: cpuidle: Fix error return code + +From: Christophe Jaillet + +commit af48d7bc3756a0cd882d65bff14ab39746ba57fe upstream. + +We know that 'ret = 0' because it has been tested a few lines above. +So, if 'kzalloc' fails, 0 will be returned instead of an error code. +Return -ENOMEM instead. + +Fixes: a0d46a3dfdc3 ("ARM: cpuidle: Register per cpuidle device") +Signed-off-by: Christophe Jaillet +Acked-by: Lorenzo Pieralisi +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/cpuidle/cpuidle-arm.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/cpuidle/cpuidle-arm.c ++++ b/drivers/cpuidle/cpuidle-arm.c +@@ -135,6 +135,7 @@ static int __init arm_idle_init(void) + dev = kzalloc(sizeof(*dev), GFP_KERNEL); + if (!dev) { + pr_err("Failed to allocate cpuidle device\n"); ++ ret = -ENOMEM; + goto out_fail; + } + dev->cpu = cpu; diff --git a/queue-4.4/arm-dts-msm8064-remove-flags-from-spmi-mpp-irqs.patch b/queue-4.4/arm-dts-msm8064-remove-flags-from-spmi-mpp-irqs.patch new file mode 100644 index 00000000000..f0cf3b7b79c --- /dev/null +++ b/queue-4.4/arm-dts-msm8064-remove-flags-from-spmi-mpp-irqs.patch @@ -0,0 +1,158 @@ +From ca88696e8b73a9fa2b1de445747e9235c3a7bd50 Mon Sep 17 00:00:00 2001 +From: Linus Walleij +Date: Fri, 5 Aug 2016 10:38:37 +0200 +Subject: ARM: dts: MSM8064 remove flags from SPMI/MPP IRQs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Linus Walleij + +commit ca88696e8b73a9fa2b1de445747e9235c3a7bd50 upstream. + +The Qualcomm PMIC GPIO and MPP lines are problematic: the +are fetched from the main MFD driver with platform_get_irq() +which means that at this point they will all be assigned the +flags set up for the interrupts in the device tree. + +That is problematic since these are flagged as rising edge +and an this point the interrupt descriptor is assigned a +rising edge, while the only thing the GPIO/MPP drivers really +do is issue irq_get_irqchip_state() on the line to read it +out and to provide a .to_irq() helper for *other* IRQ +consumers. + +If another device tree node tries to flag the same IRQ +for use as something else than rising edge, the kernel +irqdomain core will protest like this: + + type mismatch, failed to map hwirq-NN for ! + +Which is what happens when the device tree defines two +contradictory flags for the same interrupt line. + +To work around this and alleviate the problem, assign 0 +as flag for the interrupts taken by the PM GPIO and MPP +drivers. This will lead to the flag being unset, and a +second consumer requesting rising, falling, both or level +interrupts will be respected. This is what the qcom-pm*.dtsi +files already do. + +Switched to using the symbolic name IRQ_TYPE_NONE so that +we get this more readable. + +Fixes: bce360469676 ("ARM: dts: apq8064: add pm8921 mpp support") +Fixes: 874443fe9e33 ("ARM: dts: apq8064: Add pm8921 mfd and its gpio node") +Cc: Srinivas Kandagatla +Cc: Stephen Boyd +Cc: Björn Andersson +Cc: Ivan T. Ivanov +Cc: John Stultz +Cc: Andy Gross +Signed-off-by: Linus Walleij +Signed-off-by: Andy Gross +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/boot/dts/qcom-apq8064.dtsi | 76 +++++++++++++++++++++++++++--------- + 1 file changed, 57 insertions(+), 19 deletions(-) + +--- a/arch/arm/boot/dts/qcom-apq8064.dtsi ++++ b/arch/arm/boot/dts/qcom-apq8064.dtsi +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include + #include + / { + model = "Qualcomm APQ8064"; +@@ -354,22 +355,50 @@ + + compatible = "qcom,pm8921-gpio"; + reg = <0x150>; +- interrupts = <192 1>, <193 1>, <194 1>, +- <195 1>, <196 1>, <197 1>, +- <198 1>, <199 1>, <200 1>, +- <201 1>, <202 1>, <203 1>, +- <204 1>, <205 1>, <206 1>, +- <207 1>, <208 1>, <209 1>, +- <210 1>, <211 1>, <212 1>, +- <213 1>, <214 1>, <215 1>, +- <216 1>, <217 1>, <218 1>, +- <219 1>, <220 1>, <221 1>, +- <222 1>, <223 1>, <224 1>, +- <225 1>, <226 1>, <227 1>, +- <228 1>, <229 1>, <230 1>, +- <231 1>, <232 1>, <233 1>, +- <234 1>, <235 1>; +- ++ interrupts = <192 IRQ_TYPE_NONE>, ++ <193 IRQ_TYPE_NONE>, ++ <194 IRQ_TYPE_NONE>, ++ <195 IRQ_TYPE_NONE>, ++ <196 IRQ_TYPE_NONE>, ++ <197 IRQ_TYPE_NONE>, ++ <198 IRQ_TYPE_NONE>, ++ <199 IRQ_TYPE_NONE>, ++ <200 IRQ_TYPE_NONE>, ++ <201 IRQ_TYPE_NONE>, ++ <202 IRQ_TYPE_NONE>, ++ <203 IRQ_TYPE_NONE>, ++ <204 IRQ_TYPE_NONE>, ++ <205 IRQ_TYPE_NONE>, ++ <206 IRQ_TYPE_NONE>, ++ <207 IRQ_TYPE_NONE>, ++ <208 IRQ_TYPE_NONE>, ++ <209 IRQ_TYPE_NONE>, ++ <210 IRQ_TYPE_NONE>, ++ <211 IRQ_TYPE_NONE>, ++ <212 IRQ_TYPE_NONE>, ++ <213 IRQ_TYPE_NONE>, ++ <214 IRQ_TYPE_NONE>, ++ <215 IRQ_TYPE_NONE>, ++ <216 IRQ_TYPE_NONE>, ++ <217 IRQ_TYPE_NONE>, ++ <218 IRQ_TYPE_NONE>, ++ <219 IRQ_TYPE_NONE>, ++ <220 IRQ_TYPE_NONE>, ++ <221 IRQ_TYPE_NONE>, ++ <222 IRQ_TYPE_NONE>, ++ <223 IRQ_TYPE_NONE>, ++ <224 IRQ_TYPE_NONE>, ++ <225 IRQ_TYPE_NONE>, ++ <226 IRQ_TYPE_NONE>, ++ <227 IRQ_TYPE_NONE>, ++ <228 IRQ_TYPE_NONE>, ++ <229 IRQ_TYPE_NONE>, ++ <230 IRQ_TYPE_NONE>, ++ <231 IRQ_TYPE_NONE>, ++ <232 IRQ_TYPE_NONE>, ++ <233 IRQ_TYPE_NONE>, ++ <234 IRQ_TYPE_NONE>, ++ <235 IRQ_TYPE_NONE>; + gpio-controller; + #gpio-cells = <2>; + +@@ -381,9 +410,18 @@ + gpio-controller; + #gpio-cells = <2>; + interrupts = +- <128 1>, <129 1>, <130 1>, <131 1>, +- <132 1>, <133 1>, <134 1>, <135 1>, +- <136 1>, <137 1>, <138 1>, <139 1>; ++ <128 IRQ_TYPE_NONE>, ++ <129 IRQ_TYPE_NONE>, ++ <130 IRQ_TYPE_NONE>, ++ <131 IRQ_TYPE_NONE>, ++ <132 IRQ_TYPE_NONE>, ++ <133 IRQ_TYPE_NONE>, ++ <134 IRQ_TYPE_NONE>, ++ <135 IRQ_TYPE_NONE>, ++ <136 IRQ_TYPE_NONE>, ++ <137 IRQ_TYPE_NONE>, ++ <138 IRQ_TYPE_NONE>, ++ <139 IRQ_TYPE_NONE>; + }; + + rtc@11d { diff --git a/queue-4.4/arm-dts-mvebu-armada-390-add-missing-compatibility-string-and-bracket.patch b/queue-4.4/arm-dts-mvebu-armada-390-add-missing-compatibility-string-and-bracket.patch new file mode 100644 index 00000000000..3e0d1fc890d --- /dev/null +++ b/queue-4.4/arm-dts-mvebu-armada-390-add-missing-compatibility-string-and-bracket.patch @@ -0,0 +1,40 @@ +From 061492cfad9f11dbc32df741a7164f307b69b6e6 Mon Sep 17 00:00:00 2001 +From: Grzegorz Jaszczyk +Date: Thu, 4 Aug 2016 12:14:08 +0200 +Subject: ARM: dts: mvebu: armada-390: add missing compatibility string and bracket + +From: Grzegorz Jaszczyk + +commit 061492cfad9f11dbc32df741a7164f307b69b6e6 upstream. + +The armada-390.dtsi was broken since the first patch which adds Device Tree +files for Armada 39x SoC was introduced. + +Signed-off-by: Grzegorz Jaszczyk +Acked-by: Gregory CLEMENT +Fixes 538da83 ("ARM: mvebu: add Device Tree files for Armada 39x SoC and board") +Signed-off-by: Greg Kroah-Hartman + +Signed-off-by: Gregory CLEMENT + +--- + arch/arm/boot/dts/armada-390.dtsi | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/arm/boot/dts/armada-390.dtsi ++++ b/arch/arm/boot/dts/armada-390.dtsi +@@ -47,6 +47,8 @@ + #include "armada-39x.dtsi" + + / { ++ compatible = "marvell,armada390"; ++ + soc { + internal-regs { + pinctrl@18000 { +@@ -54,4 +56,5 @@ + reg = <0x18000 0x20>; + }; + }; ++ }; + }; diff --git a/queue-4.4/kvm-mips-drop-other-cpu-asids-on-guest-mmu-changes.patch b/queue-4.4/kvm-mips-drop-other-cpu-asids-on-guest-mmu-changes.patch new file mode 100644 index 00000000000..fc62e2a10d5 --- /dev/null +++ b/queue-4.4/kvm-mips-drop-other-cpu-asids-on-guest-mmu-changes.patch @@ -0,0 +1,140 @@ +From 91e4f1b6073dd680d86cdb7e42d7cccca9db39d8 Mon Sep 17 00:00:00 2001 +From: James Hogan +Date: Thu, 15 Sep 2016 17:20:06 +0100 +Subject: KVM: MIPS: Drop other CPU ASIDs on guest MMU changes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: James Hogan + +commit 91e4f1b6073dd680d86cdb7e42d7cccca9db39d8 upstream. + +When a guest TLB entry is replaced by TLBWI or TLBWR, we only invalidate +TLB entries on the local CPU. This doesn't work correctly on an SMP host +when the guest is migrated to a different physical CPU, as it could pick +up stale TLB mappings from the last time the vCPU ran on that physical +CPU. + +Therefore invalidate both user and kernel host ASIDs on other CPUs, +which will cause new ASIDs to be generated when it next runs on those +CPUs. + +We're careful only to do this if the TLB entry was already valid, and +only for the kernel ASID where the virtual address it mapped is outside +of the guest user address range. + +Signed-off-by: James Hogan +Cc: Paolo Bonzini +Cc: "Radim Krčmář" +Cc: Ralf Baechle +Cc: linux-mips@linux-mips.org +Cc: kvm@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kvm/emulate.c | 63 ++++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 53 insertions(+), 10 deletions(-) + +--- a/arch/mips/kvm/emulate.c ++++ b/arch/mips/kvm/emulate.c +@@ -807,6 +807,47 @@ enum emulation_result kvm_mips_emul_tlbr + return EMULATE_FAIL; + } + ++/** ++ * kvm_mips_invalidate_guest_tlb() - Indicates a change in guest MMU map. ++ * @vcpu: VCPU with changed mappings. ++ * @tlb: TLB entry being removed. ++ * ++ * This is called to indicate a single change in guest MMU mappings, so that we ++ * can arrange TLB flushes on this and other CPUs. ++ */ ++static void kvm_mips_invalidate_guest_tlb(struct kvm_vcpu *vcpu, ++ struct kvm_mips_tlb *tlb) ++{ ++ int cpu, i; ++ bool user; ++ ++ /* No need to flush for entries which are already invalid */ ++ if (!((tlb->tlb_lo[0] | tlb->tlb_lo[1]) & ENTRYLO_V)) ++ return; ++ /* User address space doesn't need flushing for KSeg2/3 changes */ ++ user = tlb->tlb_hi < KVM_GUEST_KSEG0; ++ ++ preempt_disable(); ++ ++ /* ++ * Probe the shadow host TLB for the entry being overwritten, if one ++ * matches, invalidate it ++ */ ++ kvm_mips_host_tlb_inv(vcpu, tlb->tlb_hi); ++ ++ /* Invalidate the whole ASID on other CPUs */ ++ cpu = smp_processor_id(); ++ for_each_possible_cpu(i) { ++ if (i == cpu) ++ continue; ++ if (user) ++ vcpu->arch.guest_user_asid[i] = 0; ++ vcpu->arch.guest_kernel_asid[i] = 0; ++ } ++ ++ preempt_enable(); ++} ++ + /* Write Guest TLB Entry @ Index */ + enum emulation_result kvm_mips_emul_tlbwi(struct kvm_vcpu *vcpu) + { +@@ -826,11 +867,8 @@ enum emulation_result kvm_mips_emul_tlbw + } + + tlb = &vcpu->arch.guest_tlb[index]; +- /* +- * Probe the shadow host TLB for the entry being overwritten, if one +- * matches, invalidate it +- */ +- kvm_mips_host_tlb_inv(vcpu, tlb->tlb_hi); ++ ++ kvm_mips_invalidate_guest_tlb(vcpu, tlb); + + tlb->tlb_mask = kvm_read_c0_guest_pagemask(cop0); + tlb->tlb_hi = kvm_read_c0_guest_entryhi(cop0); +@@ -859,11 +897,7 @@ enum emulation_result kvm_mips_emul_tlbw + + tlb = &vcpu->arch.guest_tlb[index]; + +- /* +- * Probe the shadow host TLB for the entry being overwritten, if one +- * matches, invalidate it +- */ +- kvm_mips_host_tlb_inv(vcpu, tlb->tlb_hi); ++ kvm_mips_invalidate_guest_tlb(vcpu, tlb); + + tlb->tlb_mask = kvm_read_c0_guest_pagemask(cop0); + tlb->tlb_hi = kvm_read_c0_guest_entryhi(cop0); +@@ -982,6 +1016,7 @@ enum emulation_result kvm_mips_emulate_C + int32_t rt, rd, copz, sel, co_bit, op; + uint32_t pc = vcpu->arch.pc; + unsigned long curr_pc; ++ int cpu, i; + + /* + * Update PC and hold onto current PC in case there is +@@ -1089,8 +1124,16 @@ enum emulation_result kvm_mips_emulate_C + vcpu->arch.gprs[rt] + & ASID_MASK); + ++ preempt_disable(); + /* Blow away the shadow host TLBs */ + kvm_mips_flush_host_tlb(1); ++ cpu = smp_processor_id(); ++ for_each_possible_cpu(i) ++ if (i != cpu) { ++ vcpu->arch.guest_user_asid[i] = 0; ++ vcpu->arch.guest_kernel_asid[i] = 0; ++ } ++ preempt_enable(); + } + kvm_write_c0_guest_entryhi(cop0, + vcpu->arch.gprs[rt]); diff --git a/queue-4.4/kvm-ppc-book3s-pr-allow-access-to-unprivileged-mmcr2-register.patch b/queue-4.4/kvm-ppc-book3s-pr-allow-access-to-unprivileged-mmcr2-register.patch new file mode 100644 index 00000000000..4d76b7ed02f --- /dev/null +++ b/queue-4.4/kvm-ppc-book3s-pr-allow-access-to-unprivileged-mmcr2-register.patch @@ -0,0 +1,58 @@ +From fa73c3b25bd8d0d393dc6109a1dba3c2aef0451e Mon Sep 17 00:00:00 2001 +From: Thomas Huth +Date: Wed, 21 Sep 2016 15:06:45 +0200 +Subject: KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register + +From: Thomas Huth + +commit fa73c3b25bd8d0d393dc6109a1dba3c2aef0451e upstream. + +The MMCR2 register is available twice, one time with number 785 +(privileged access), and one time with number 769 (unprivileged, +but it can be disabled completely). In former times, the Linux +kernel was using the unprivileged register 769 only, but since +commit 8dd75ccb571f3c92c ("powerpc: Use privileged SPR number +for MMCR2"), it uses the privileged register 785 instead. +The KVM-PR code then of course also switched to use the SPR 785, +but this is causing older guest kernels to crash, since these +kernels still access 769 instead. So to support older kernels +with KVM-PR again, we have to support register 769 in KVM-PR, too. + +Fixes: 8dd75ccb571f3c92c48014b3dabd3d51a115ab41 +Signed-off-by: Thomas Huth +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/include/asm/reg.h | 1 + + arch/powerpc/kvm/book3s_emulate.c | 2 ++ + 2 files changed, 3 insertions(+) + +--- a/arch/powerpc/include/asm/reg.h ++++ b/arch/powerpc/include/asm/reg.h +@@ -708,6 +708,7 @@ + #define MMCR0_FCHV 0x00000001UL /* freeze conditions in hypervisor mode */ + #define SPRN_MMCR1 798 + #define SPRN_MMCR2 785 ++#define SPRN_UMMCR2 769 + #define SPRN_MMCRA 0x312 + #define MMCRA_SDSYNC 0x80000000UL /* SDAR synced with SIAR */ + #define MMCRA_SDAR_DCACHE_MISS 0x40000000UL +--- a/arch/powerpc/kvm/book3s_emulate.c ++++ b/arch/powerpc/kvm/book3s_emulate.c +@@ -498,6 +498,7 @@ int kvmppc_core_emulate_mtspr_pr(struct + case SPRN_MMCR0: + case SPRN_MMCR1: + case SPRN_MMCR2: ++ case SPRN_UMMCR2: + #endif + break; + unprivileged: +@@ -640,6 +641,7 @@ int kvmppc_core_emulate_mfspr_pr(struct + case SPRN_MMCR0: + case SPRN_MMCR1: + case SPRN_MMCR2: ++ case SPRN_UMMCR2: + case SPRN_TIR: + #endif + *spr_val = 0; diff --git a/queue-4.4/kvm-ppc-booke-fix-a-sanity-check.patch b/queue-4.4/kvm-ppc-booke-fix-a-sanity-check.patch new file mode 100644 index 00000000000..17dfe05dd7f --- /dev/null +++ b/queue-4.4/kvm-ppc-booke-fix-a-sanity-check.patch @@ -0,0 +1,33 @@ +From ac0e89bb4744d3882ccd275f2416d9ce22f4e1e7 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Thu, 14 Jul 2016 13:15:46 +0300 +Subject: KVM: PPC: BookE: Fix a sanity check + +From: Dan Carpenter + +commit ac0e89bb4744d3882ccd275f2416d9ce22f4e1e7 upstream. + +We use logical negate where bitwise negate was intended. It means that +we never return -EINVAL here. + +Fixes: ce11e48b7fdd ('KVM: PPC: E500: Add userspace debug stub support') +Signed-off-by: Dan Carpenter +Reviewed-by: Alexander Graf +Signed-off-by: Paul Mackerras +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/booke.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/kvm/booke.c ++++ b/arch/powerpc/kvm/booke.c +@@ -2033,7 +2033,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug( + if (type == KVMPPC_DEBUG_NONE) + continue; + +- if (type & !(KVMPPC_DEBUG_WATCH_READ | ++ if (type & ~(KVMPPC_DEBUG_WATCH_READ | + KVMPPC_DEBUG_WATCH_WRITE | + KVMPPC_DEBUG_BREAKPOINT)) + return -EINVAL; diff --git a/queue-4.4/mfd-88pm80x-double-shifting-bug-in-suspend-resume.patch b/queue-4.4/mfd-88pm80x-double-shifting-bug-in-suspend-resume.patch new file mode 100644 index 00000000000..fd1b3b14353 --- /dev/null +++ b/queue-4.4/mfd-88pm80x-double-shifting-bug-in-suspend-resume.patch @@ -0,0 +1,42 @@ +From 9a6dc644512fd083400a96ac4a035ac154fe6b8d Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Thu, 4 Aug 2016 08:26:56 +0300 +Subject: mfd: 88pm80x: Double shifting bug in suspend/resume + +From: Dan Carpenter + +commit 9a6dc644512fd083400a96ac4a035ac154fe6b8d upstream. + +set_bit() and clear_bit() take the bit number so this code is really +doing "1 << (1 << irq)" which is a double shift bug. It's done +consistently so it won't cause a problem unless "irq" is more than 4. + +Fixes: 70c6cce04066 ('mfd: Support 88pm80x in 80x driver') +Signed-off-by: Dan Carpenter +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/mfd/88pm80x.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/include/linux/mfd/88pm80x.h ++++ b/include/linux/mfd/88pm80x.h +@@ -350,7 +350,7 @@ static inline int pm80x_dev_suspend(stru + int irq = platform_get_irq(pdev, 0); + + if (device_may_wakeup(dev)) +- set_bit((1 << irq), &chip->wu_flag); ++ set_bit(irq, &chip->wu_flag); + + return 0; + } +@@ -362,7 +362,7 @@ static inline int pm80x_dev_resume(struc + int irq = platform_get_irq(pdev, 0); + + if (device_may_wakeup(dev)) +- clear_bit((1 << irq), &chip->wu_flag); ++ clear_bit(irq, &chip->wu_flag); + + return 0; + } diff --git a/queue-4.4/mfd-atmel-hlcdc-do-not-sleep-in-atomic-context.patch b/queue-4.4/mfd-atmel-hlcdc-do-not-sleep-in-atomic-context.patch new file mode 100644 index 00000000000..4d95f240526 --- /dev/null +++ b/queue-4.4/mfd-atmel-hlcdc-do-not-sleep-in-atomic-context.patch @@ -0,0 +1,38 @@ +From 2c2469bc03d569c49119db2cccb5cb3f0c6a5b33 Mon Sep 17 00:00:00 2001 +From: Boris Brezillon +Date: Tue, 6 Sep 2016 14:19:29 +0200 +Subject: mfd: atmel-hlcdc: Do not sleep in atomic context + +From: Boris Brezillon + +commit 2c2469bc03d569c49119db2cccb5cb3f0c6a5b33 upstream. + +readl_poll_timeout() calls usleep_range(), but +regmap_atmel_hlcdc_reg_write() is called in atomic context (regmap +spinlock held). + +Replace the readl_poll_timeout() call by readl_poll_timeout_atomic(). + +Fixes: ea31c0cf9b07 ("mfd: atmel-hlcdc: Implement config synchronization") +Signed-off-by: Boris Brezillon +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mfd/atmel-hlcdc.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/mfd/atmel-hlcdc.c ++++ b/drivers/mfd/atmel-hlcdc.c +@@ -50,8 +50,9 @@ static int regmap_atmel_hlcdc_reg_write( + if (reg <= ATMEL_HLCDC_DIS) { + u32 status; + +- readl_poll_timeout(hregmap->regs + ATMEL_HLCDC_SR, status, +- !(status & ATMEL_HLCDC_SIP), 1, 100); ++ readl_poll_timeout_atomic(hregmap->regs + ATMEL_HLCDC_SR, ++ status, !(status & ATMEL_HLCDC_SIP), ++ 1, 100); + } + + writel(val, hregmap->regs + reg); diff --git a/queue-4.4/mfd-rtsx_usb-avoid-setting-ucr-current_sg.status.patch b/queue-4.4/mfd-rtsx_usb-avoid-setting-ucr-current_sg.status.patch new file mode 100644 index 00000000000..a253852af5b --- /dev/null +++ b/queue-4.4/mfd-rtsx_usb-avoid-setting-ucr-current_sg.status.patch @@ -0,0 +1,58 @@ +From 8dcc5ff8fcaf778bb57ab4448fedca9e381d088f Mon Sep 17 00:00:00 2001 +From: Lu Baolu +Date: Thu, 11 Aug 2016 10:39:03 +0800 +Subject: mfd: rtsx_usb: Avoid setting ucr->current_sg.status + +From: Lu Baolu + +commit 8dcc5ff8fcaf778bb57ab4448fedca9e381d088f upstream. + +Member "status" of struct usb_sg_request is managed by usb core. A +spin lock is used to serialize the change of it. The driver could +check the value of req->status, but should avoid changing it without +the hold of the spinlock. Otherwise, it could cause race or error +in usb core. + +This patch could be backported to stable kernels with version later +than v3.14. + +Cc: Alan Stern +Cc: Roger Tseng +Signed-off-by: Lu Baolu +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mfd/rtsx_usb.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/mfd/rtsx_usb.c ++++ b/drivers/mfd/rtsx_usb.c +@@ -46,9 +46,6 @@ static void rtsx_usb_sg_timed_out(unsign + + dev_dbg(&ucr->pusb_intf->dev, "%s: sg transfer timed out", __func__); + usb_sg_cancel(&ucr->current_sg); +- +- /* we know the cancellation is caused by time-out */ +- ucr->current_sg.status = -ETIMEDOUT; + } + + static int rtsx_usb_bulk_transfer_sglist(struct rtsx_ucr *ucr, +@@ -67,12 +64,15 @@ static int rtsx_usb_bulk_transfer_sglist + ucr->sg_timer.expires = jiffies + msecs_to_jiffies(timeout); + add_timer(&ucr->sg_timer); + usb_sg_wait(&ucr->current_sg); +- del_timer_sync(&ucr->sg_timer); ++ if (!del_timer_sync(&ucr->sg_timer)) ++ ret = -ETIMEDOUT; ++ else ++ ret = ucr->current_sg.status; + + if (act_len) + *act_len = ucr->current_sg.bytes; + +- return ucr->current_sg.status; ++ return ret; + } + + int rtsx_usb_transfer_data(struct rtsx_ucr *ucr, unsigned int pipe, diff --git a/queue-4.4/mfd-wm8350-i2c-make-sure-the-i2c-regmap-functions-are-compiled.patch b/queue-4.4/mfd-wm8350-i2c-make-sure-the-i2c-regmap-functions-are-compiled.patch new file mode 100644 index 00000000000..c94a2953d00 --- /dev/null +++ b/queue-4.4/mfd-wm8350-i2c-make-sure-the-i2c-regmap-functions-are-compiled.patch @@ -0,0 +1,38 @@ +From 88003fb10f1fc606e1704611c62ceae95fd1d7da Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= +Date: Fri, 29 Jul 2016 21:29:15 +0200 +Subject: mfd: wm8350-i2c: Make sure the i2c regmap functions are compiled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Uwe Kleine-König + +commit 88003fb10f1fc606e1704611c62ceae95fd1d7da upstream. + +This fixes a compile failure: + + drivers/built-in.o: In function `wm8350_i2c_probe': + core.c:(.text+0x828b0): undefined reference to `__devm_regmap_init_i2c' + Makefile:953: recipe for target 'vmlinux' failed + +Fixes: 52b461b86a9f ("mfd: Add regmap cache support for wm8350") +Signed-off-by: Uwe Kleine-König +Acked-by: Charles Keepax +Signed-off-by: Lee Jones +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mfd/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/mfd/Kconfig ++++ b/drivers/mfd/Kconfig +@@ -1460,6 +1460,7 @@ config MFD_WM8350 + config MFD_WM8350_I2C + bool "Wolfson Microelectronics WM8350 with I2C" + select MFD_WM8350 ++ select REGMAP_I2C + depends on I2C=y + help + The WM8350 is an integrated audio and power management diff --git a/queue-4.4/series b/queue-4.4/series index 34f717a6c17..b60bdcf6e10 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -1,2 +1,18 @@ time-add-cycles-to-nanoseconds-translation.patch timekeeping-fix-__ktime_get_fast_ns-regression.patch +alsa-ali5451-fix-out-of-bound-position-reporting.patch +alsa-usb-audio-extend-dragonfly-db-scale-quirk-to-cover-other-variants.patch +alsa-usb-line6-use-the-same-declaration-as-definition-in-header-for-midi-manufacturer-id.patch +mfd-rtsx_usb-avoid-setting-ucr-current_sg.status.patch +mfd-atmel-hlcdc-do-not-sleep-in-atomic-context.patch +mfd-88pm80x-double-shifting-bug-in-suspend-resume.patch +mfd-wm8350-i2c-make-sure-the-i2c-regmap-functions-are-compiled.patch +kvm-ppc-book3s-pr-allow-access-to-unprivileged-mmcr2-register.patch +kvm-mips-drop-other-cpu-asids-on-guest-mmu-changes.patch +kvm-ppc-booke-fix-a-sanity-check.patch +x86-boot-fix-kdump-cleanup-aborted-e820_pram-max_pfn-manipulation.patch +x86-irq-prevent-force-migration-of-irqs-which-are-not-in-the-vector-domain.patch +x86-dumpstack-fix-x86_32-kernel_stack_pointer-previous-stack-access.patch +arm-dts-mvebu-armada-390-add-missing-compatibility-string-and-bracket.patch +arm-dts-msm8064-remove-flags-from-spmi-mpp-irqs.patch +arm-cpuidle-fix-error-return-code.patch diff --git a/queue-4.4/x86-boot-fix-kdump-cleanup-aborted-e820_pram-max_pfn-manipulation.patch b/queue-4.4/x86-boot-fix-kdump-cleanup-aborted-e820_pram-max_pfn-manipulation.patch new file mode 100644 index 00000000000..dfe106e5fe0 --- /dev/null +++ b/queue-4.4/x86-boot-fix-kdump-cleanup-aborted-e820_pram-max_pfn-manipulation.patch @@ -0,0 +1,99 @@ +From 917db484dc6a69969d317b3e57add4208a8d9d42 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Wed, 21 Sep 2016 12:50:45 -0700 +Subject: x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation + +From: Dan Williams + +commit 917db484dc6a69969d317b3e57add4208a8d9d42 upstream. + +In commit: + + ec776ef6bbe1 ("x86/mm: Add support for the non-standard protected e820 type") + +Christoph references the original patch I wrote implementing pmem support. +The intent of the 'max_pfn' changes in that commit were to enable persistent +memory ranges to be covered by the struct page memmap by default. + +However, that approach was abandoned when Christoph ported the patches [1], and +that functionality has since been replaced by devm_memremap_pages(). + +In the meantime, this max_pfn manipulation is confusing kdump [2] that +assumes that everything covered by the max_pfn is "System RAM". This +results in kdump hanging or crashing. + + [1]: https://lists.01.org/pipermail/linux-nvdimm/2015-March/000348.html + [2]: https://bugzilla.redhat.com/show_bug.cgi?id=1351098 + +So fix it. + +Reported-by: Zhang Yi +Reported-by: Jeff Moyer +Tested-by: Zhang Yi +Signed-off-by: Dan Williams +Reviewed-by: Jeff Moyer +Cc: Andrew Morton +Cc: Boaz Harrosh +Cc: Christoph Hellwig +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Ross Zwisler +Cc: Thomas Gleixner +Cc: linux-nvdimm@lists.01.org +Fixes: ec776ef6bbe1 ("x86/mm: Add support for the non-standard protected e820 type") +Link: http://lkml.kernel.org/r/147448744538.34910.11287693517367139607.stgit@dwillia2-desk3.amr.corp.intel.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/e820.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +--- a/arch/x86/kernel/e820.c ++++ b/arch/x86/kernel/e820.c +@@ -347,7 +347,7 @@ int __init sanitize_e820_map(struct e820 + * continue building up new bios map based on this + * information + */ +- if (current_type != last_type || current_type == E820_PRAM) { ++ if (current_type != last_type) { + if (last_type != 0) { + new_bios[new_bios_entry].size = + change_point[chgidx]->addr - last_addr; +@@ -753,7 +753,7 @@ u64 __init early_reserve_e820(u64 size, + /* + * Find the highest page frame number we have available + */ +-static unsigned long __init e820_end_pfn(unsigned long limit_pfn) ++static unsigned long __init e820_end_pfn(unsigned long limit_pfn, unsigned type) + { + int i; + unsigned long last_pfn = 0; +@@ -764,11 +764,7 @@ static unsigned long __init e820_end_pfn + unsigned long start_pfn; + unsigned long end_pfn; + +- /* +- * Persistent memory is accounted as ram for purposes of +- * establishing max_pfn and mem_map. +- */ +- if (ei->type != E820_RAM && ei->type != E820_PRAM) ++ if (ei->type != type) + continue; + + start_pfn = ei->addr >> PAGE_SHIFT; +@@ -793,12 +789,12 @@ static unsigned long __init e820_end_pfn + } + unsigned long __init e820_end_of_ram_pfn(void) + { +- return e820_end_pfn(MAX_ARCH_PFN); ++ return e820_end_pfn(MAX_ARCH_PFN, E820_RAM); + } + + unsigned long __init e820_end_of_low_ram_pfn(void) + { +- return e820_end_pfn(1UL << (32-PAGE_SHIFT)); ++ return e820_end_pfn(1UL << (32 - PAGE_SHIFT), E820_RAM); + } + + static void early_panic(char *msg) diff --git a/queue-4.4/x86-dumpstack-fix-x86_32-kernel_stack_pointer-previous-stack-access.patch b/queue-4.4/x86-dumpstack-fix-x86_32-kernel_stack_pointer-previous-stack-access.patch new file mode 100644 index 00000000000..261bfe3042b --- /dev/null +++ b/queue-4.4/x86-dumpstack-fix-x86_32-kernel_stack_pointer-previous-stack-access.patch @@ -0,0 +1,67 @@ +From 72b4f6a5e903b071f2a7c4eb1418cbe4eefdc344 Mon Sep 17 00:00:00 2001 +From: Josh Poimboeuf +Date: Thu, 18 Aug 2016 10:59:06 -0500 +Subject: x86/dumpstack: Fix x86_32 kernel_stack_pointer() previous stack access + +From: Josh Poimboeuf + +commit 72b4f6a5e903b071f2a7c4eb1418cbe4eefdc344 upstream. + +On x86_32, when an interrupt happens from kernel space, SS and SP aren't +pushed and the existing stack is used. So pt_regs is effectively two +words shorter, and the previous stack pointer is normally the memory +after the shortened pt_regs, aka '®s->sp'. + +But in the rare case where the interrupt hits right after the stack +pointer has been changed to point to an empty stack, like for example +when call_on_stack() is used, the address immediately after the +shortened pt_regs is no longer on the stack. In that case, instead of +'®s->sp', the previous stack pointer should be retrieved from the +beginning of the current stack page. + +kernel_stack_pointer() wants to do that, but it forgets to dereference +the pointer. So instead of returning a pointer to the previous stack, +it returns a pointer to the beginning of the current stack. + +Note that it's probably outside of kernel_stack_pointer()'s scope to be +switching stacks at all. The x86_64 version of this function doesn't do +it, and it would be better for the caller to do it if necessary. But +that's a patch for another day. This just fixes the original intent. + +Signed-off-by: Josh Poimboeuf +Cc: Andy Lutomirski +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Byungchul Park +Cc: Denys Vlasenko +Cc: Frederic Weisbecker +Cc: H. Peter Anvin +Cc: Kees Cook +Cc: Linus Torvalds +Cc: Nilay Vaish +Cc: Peter Zijlstra +Cc: Steven Rostedt +Cc: Thomas Gleixner +Fixes: 0788aa6a23cb ("x86: Prepare removal of previous_esp from i386 thread_info structure") +Link: http://lkml.kernel.org/r/472453d6e9f6a2d4ab16aaed4935f43117111566.1471535549.git.jpoimboe@redhat.com +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/ptrace.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/kernel/ptrace.c ++++ b/arch/x86/kernel/ptrace.c +@@ -188,8 +188,8 @@ unsigned long kernel_stack_pointer(struc + return sp; + + prev_esp = (u32 *)(context); +- if (prev_esp) +- return (unsigned long)prev_esp; ++ if (*prev_esp) ++ return (unsigned long)*prev_esp; + + return (unsigned long)regs; + } diff --git a/queue-4.4/x86-irq-prevent-force-migration-of-irqs-which-are-not-in-the-vector-domain.patch b/queue-4.4/x86-irq-prevent-force-migration-of-irqs-which-are-not-in-the-vector-domain.patch new file mode 100644 index 00000000000..5cc730a284a --- /dev/null +++ b/queue-4.4/x86-irq-prevent-force-migration-of-irqs-which-are-not-in-the-vector-domain.patch @@ -0,0 +1,84 @@ +From db91aa793ff984ac048e199ea1c54202543952fe Mon Sep 17 00:00:00 2001 +From: Mika Westerberg +Date: Mon, 3 Oct 2016 13:17:08 +0300 +Subject: x86/irq: Prevent force migration of irqs which are not in the vector domain + +From: Mika Westerberg + +commit db91aa793ff984ac048e199ea1c54202543952fe upstream. + +When a CPU is about to be offlined we call fixup_irqs() that resets IRQ +affinities related to the CPU in question. The same thing is also done when +the system is suspended to S-states like S3 (mem). + +For each IRQ we try to complete any on-going move regardless whether the +IRQ is actually part of x86_vector_domain. For each IRQ descriptor we fetch +its chip_data, assume it is of type struct apic_chip_data and manipulate it +by clearing old_domain mask etc. For irq_chips that are not part of the +x86_vector_domain, like those created by various GPIO drivers, will find +their chip_data being changed unexpectly. + +Below is an example where GPIO chip owned by pinctrl-sunrisepoint.c gets +corrupted after resume: + + # cat /sys/kernel/debug/gpio + gpiochip0: GPIOs 360-511, parent: platform/INT344B:00, INT344B:00: + gpio-511 ( |sysfs ) in hi + + # rtcwake -s10 -mmem + <10 seconds passes> + + # cat /sys/kernel/debug/gpio + gpiochip0: GPIOs 360-511, parent: platform/INT344B:00, INT344B:00: + gpio-511 ( |sysfs ) in ? + +Note '?' in the output. It means the struct gpio_chip ->get function is +NULL whereas before suspend it was there. + +Fix this by first checking that the IRQ belongs to x86_vector_domain before +we try to use the chip_data as struct apic_chip_data. + +Reported-and-tested-by: Sakari Ailus +Signed-off-by: Mika Westerberg +Link: http://lkml.kernel.org/r/20161003101708.34795-1-mika.westerberg@linux.intel.com +Signed-off-by: Thomas Gleixner +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/apic/vector.c | 23 ++++++++++++++++++++--- + 1 file changed, 20 insertions(+), 3 deletions(-) + +--- a/arch/x86/kernel/apic/vector.c ++++ b/arch/x86/kernel/apic/vector.c +@@ -659,11 +659,28 @@ void irq_complete_move(struct irq_cfg *c + */ + void irq_force_complete_move(struct irq_desc *desc) + { +- struct irq_data *irqdata = irq_desc_get_irq_data(desc); +- struct apic_chip_data *data = apic_chip_data(irqdata); +- struct irq_cfg *cfg = data ? &data->cfg : NULL; ++ struct irq_data *irqdata; ++ struct apic_chip_data *data; ++ struct irq_cfg *cfg; + unsigned int cpu; + ++ /* ++ * The function is called for all descriptors regardless of which ++ * irqdomain they belong to. For example if an IRQ is provided by ++ * an irq_chip as part of a GPIO driver, the chip data for that ++ * descriptor is specific to the irq_chip in question. ++ * ++ * Check first that the chip_data is what we expect ++ * (apic_chip_data) before touching it any further. ++ */ ++ irqdata = irq_domain_get_irq_data(x86_vector_domain, ++ irq_desc_get_irq(desc)); ++ if (!irqdata) ++ return; ++ ++ data = apic_chip_data(irqdata); ++ cfg = data ? &data->cfg : NULL; ++ + if (!cfg) + return; +