From: Greg Kroah-Hartman Date: Sat, 10 Nov 2018 19:33:08 +0000 (-0800) Subject: 4.9-stable patches X-Git-Tag: v4.19.2~69 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f7c13247cb2f29560ca86e9ee1c7c738973b7560;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch ataflop-fix-error-handling-during-setup.patch ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch bpf-do-not-blindly-change-rlimit-in-reuseport-net-selftest.patch brcmfmac-fix-for-proper-support-of-160mhz-bandwidth.patch cgroup-netclassid-add-a-preemption-point-to-write_classid.patch coresight-etb10-fix-handling-of-perf-mode.patch cpufreq-dt-try-freeing-static-opps-only-if-we-have-added-them.patch cpupower-fix-coredump-on-vmware.patch crypto-caam-fix-implicit-casts-in-endianness-helpers.patch dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch hwmon-pwm-fan-set-fan-speed-to-0-on-suspend.patch i2c-rcar-cleanup-dma-for-all-kinds-of-failure.patch ib-ipoib-clear-ipcb-before-icmp_send.patch iwlwifi-pcie-avoid-empty-free-rb-queue.patch ixgbevf-vf2vf-tcp-rss.patch kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch locking-lockdep-fix-debug_locks-off-performance-problem.patch md-fix-invalid-stored-role-for-a-disk.patch mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch net-ethernet-ti-cpsw-unsync-mcast-entries-while-switch-promisc-mode.patch net-qla3xxx-remove-overflowing-shift-statement.patch pci-msi-warn-and-return-error-if-driver-enables-msi-msi-x-twice.patch perf-cpu_map-align-cpu-map-synthesized-events-properly.patch perf-strbuf-match-va_-add-copy-with-va_end.patch perf-tools-cleanup-trace-event-info-tdata-leak.patch perf-tools-free-temporary-sys-string-in-read_event_files.patch pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch rdma-core-do-not-expose-unsupported-counters.patch revert-perf-tools-fix-pmu-term-format-max-value-calculation.patch s390-sthyi-fix-machine-name-validity-indication.patch sched-fair-fix-the-min_vruntime-update-logic-in-dequeue_entity.patch scsi-esp_scsi-track-residual-for-pio-transfers.patch scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch scsi-megaraid_sas-fix-a-missing-check-bug.patch selftests-ftrace-add-synthetic-event-syntax-testcase.patch signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch sparc-fix-single-pcr-perf-event-counter-management.patch sparc64-make-proc_id-signed.patch swim-fix-cleanup-on-setup-error.patch tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch uio-ensure-class-is-registered-before-devices.patch usb-chipidea-prevent-unbalanced-irq-disable.patch usb-gadget-udc-atmel-handle-at91sam9rl-pmc.patch vmci-resource-wildcard-match-fixed.patch x86-boot-fix-efi-stub-alignment.patch x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch xfrm-policy-use-hlist-rcu-variants-on-insert.patch --- diff --git a/queue-4.9/acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch b/queue-4.9/acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch new file mode 100644 index 00000000000..04ecf310131 --- /dev/null +++ b/queue-4.9/acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch @@ -0,0 +1,47 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Hans de Goede +Date: Mon, 27 Aug 2018 09:45:44 +0200 +Subject: ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers + +From: Hans de Goede + +[ Upstream commit 240714061c58e6b1abfb3322398a7634151c06cb ] + +Bay and Cherry Trail DSTDs represent a different set of devices depending +on which OS the device think it is booting. One set of decices for Windows +and another set of devices for Android which targets the Android-x86 Linux +kernel fork (which e.g. used to have its own display driver instead of +using the i915 driver). + +Which set of devices we are actually going to get is out of our control, +this is controlled by the ACPI OSID variable, which gets either set through +an EFI setup option, or sometimes is autodetected. So we need to support +both. + +This commit adds support for the 80862286 and 808622C0 ACPI HIDs which we +get for the first resp. second DMA controller on Cherry Trail devices when +OSID is set to Android. + +Signed-off-by: Hans de Goede +Reviewed-by: Andy Shevchenko +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/acpi_lpss.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/acpi/acpi_lpss.c ++++ b/drivers/acpi/acpi_lpss.c +@@ -278,9 +278,11 @@ static const struct acpi_device_id acpi_ + { "INT33FC", }, + + /* Braswell LPSS devices */ ++ { "80862286", LPSS_ADDR(lpss_dma_desc) }, + { "80862288", LPSS_ADDR(bsw_pwm_dev_desc) }, + { "8086228A", LPSS_ADDR(bsw_uart_dev_desc) }, + { "8086228E", LPSS_ADDR(bsw_spi_dev_desc) }, ++ { "808622C0", LPSS_ADDR(lpss_dma_desc) }, + { "808622C1", LPSS_ADDR(bsw_i2c_dev_desc) }, + + /* Broadwell LPSS devices */ diff --git a/queue-4.9/alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch b/queue-4.9/alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch new file mode 100644 index 00000000000..c0a68b923bb --- /dev/null +++ b/queue-4.9/alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch @@ -0,0 +1,78 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Takashi Iwai +Date: Sat, 11 Aug 2018 23:33:34 +0200 +Subject: ALSA: hda: Check the non-cached stream buffers more explicitly + +From: Takashi Iwai + +[ Upstream commit 78c9be61c3a5cd9e2439fd27a5ffad73a81958c7 ] + +Introduce a new flag, uc_buffer, to indicate that the controller +requires the non-cached pages for stream buffers, either as a +chip-specific requirement or specified via snoop=0 option. +This improves the code-readability. + +Also, this patch fixes the incorrect behavior for C-Media chip where +the stream buffers were never handled as non-cached due to the check +of driver_type even if you pass snoop=0 option. + +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/hda_controller.h | 1 + + sound/pci/hda/hda_intel.c | 11 ++++++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +--- a/sound/pci/hda/hda_controller.h ++++ b/sound/pci/hda/hda_controller.h +@@ -155,6 +155,7 @@ struct azx { + unsigned int msi:1; + unsigned int probing:1; /* codec probing phase */ + unsigned int snoop:1; ++ unsigned int uc_buffer:1; /* non-cached pages for stream buffers */ + unsigned int align_buffer_size:1; + unsigned int region_requested:1; + unsigned int disabled:1; /* disabled by vga_switcheroo */ +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -410,7 +410,7 @@ static void __mark_pages_wc(struct azx * + #ifdef CONFIG_SND_DMA_SGBUF + if (dmab->dev.type == SNDRV_DMA_TYPE_DEV_SG) { + struct snd_sg_buf *sgbuf = dmab->private_data; +- if (chip->driver_type == AZX_DRIVER_CMEDIA) ++ if (!chip->uc_buffer) + return; /* deal with only CORB/RIRB buffers */ + if (on) + set_pages_array_wc(sgbuf->page_table, sgbuf->pages); +@@ -1503,6 +1503,7 @@ static void azx_check_snoop_available(st + dev_info(chip->card->dev, "Force to %s mode by module option\n", + snoop ? "snoop" : "non-snoop"); + chip->snoop = snoop; ++ chip->uc_buffer = !snoop; + return; + } + +@@ -1523,8 +1524,12 @@ static void azx_check_snoop_available(st + snoop = false; + + chip->snoop = snoop; +- if (!snoop) ++ if (!snoop) { + dev_info(chip->card->dev, "Force to non-snoop mode\n"); ++ /* C-Media requires non-cached pages only for CORB/RIRB */ ++ if (chip->driver_type != AZX_DRIVER_CMEDIA) ++ chip->uc_buffer = true; ++ } + } + + static void azx_probe_work(struct work_struct *work) +@@ -1947,7 +1952,7 @@ static void pcm_mmap_prepare(struct snd_ + #ifdef CONFIG_X86 + struct azx_pcm *apcm = snd_pcm_substream_chip(substream); + struct azx *chip = apcm->chip; +- if (!azx_snoop(chip) && chip->driver_type != AZX_DRIVER_CMEDIA) ++ if (chip->uc_buffer) + area->vm_page_prot = pgprot_writecombine(area->vm_page_prot); + #endif + } diff --git a/queue-4.9/ataflop-fix-error-handling-during-setup.patch b/queue-4.9/ataflop-fix-error-handling-during-setup.patch new file mode 100644 index 00000000000..283f0599bb7 --- /dev/null +++ b/queue-4.9/ataflop-fix-error-handling-during-setup.patch @@ -0,0 +1,73 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Omar Sandoval +Date: Thu, 11 Oct 2018 12:20:49 -0700 +Subject: ataflop: fix error handling during setup + +From: Omar Sandoval + +[ Upstream commit 71327f547ee3a46ec5c39fdbbd268401b2578d0e ] + +Move queue allocation next to disk allocation to fix a couple of issues: + +- If add_disk() hasn't been called, we should clear disk->queue before + calling put_disk(). +- If we fail to allocate a request queue, we still need to put all of + the disks, not just the ones that we allocated queues for. + +Signed-off-by: Omar Sandoval +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/ataflop.c | 25 +++++++++++++++---------- + 1 file changed, 15 insertions(+), 10 deletions(-) + +--- a/drivers/block/ataflop.c ++++ b/drivers/block/ataflop.c +@@ -1933,6 +1933,11 @@ static int __init atari_floppy_init (voi + unit[i].disk = alloc_disk(1); + if (!unit[i].disk) + goto Enomem; ++ ++ unit[i].disk->queue = blk_init_queue(do_fd_request, ++ &ataflop_lock); ++ if (!unit[i].disk->queue) ++ goto Enomem; + } + + if (UseTrackbuffer < 0) +@@ -1964,10 +1969,6 @@ static int __init atari_floppy_init (voi + sprintf(unit[i].disk->disk_name, "fd%d", i); + unit[i].disk->fops = &floppy_fops; + unit[i].disk->private_data = &unit[i]; +- unit[i].disk->queue = blk_init_queue(do_fd_request, +- &ataflop_lock); +- if (!unit[i].disk->queue) +- goto Enomem; + set_capacity(unit[i].disk, MAX_DISK_SIZE * 2); + add_disk(unit[i].disk); + } +@@ -1982,13 +1983,17 @@ static int __init atari_floppy_init (voi + + return 0; + Enomem: +- while (i--) { +- struct request_queue *q = unit[i].disk->queue; ++ do { ++ struct gendisk *disk = unit[i].disk; + +- put_disk(unit[i].disk); +- if (q) +- blk_cleanup_queue(q); +- } ++ if (disk) { ++ if (disk->queue) { ++ blk_cleanup_queue(disk->queue); ++ disk->queue = NULL; ++ } ++ put_disk(unit[i].disk); ++ } ++ } while (i--); + + unregister_blkdev(FLOPPY_MAJOR, "fd"); + return -ENOMEM; diff --git a/queue-4.9/ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch b/queue-4.9/ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch new file mode 100644 index 00000000000..85e803a5c96 --- /dev/null +++ b/queue-4.9/ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch @@ -0,0 +1,51 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Martin Willi +Date: Wed, 22 Aug 2018 09:39:52 +0200 +Subject: ath10k: schedule hardware restart if WMI command times out + +From: Martin Willi + +[ Upstream commit a9911937e7d332761e8c4fcbc7ba0426bdc3956f ] + +When running in AP mode, ath10k sometimes suffers from TX credit +starvation. The issue is hard to reproduce and shows up once in a +few days, but has been repeatedly seen with QCA9882 and a large +range of firmwares, including 10.2.4.70.67. + +Once the module is in this state, TX credits are never replenished, +which results in "SWBA overrun" errors, as no beacons can be sent. +Even worse, WMI commands run in a timeout while holding the conf +mutex for three seconds each, making any further operations slow +and the whole system unresponsive. + +The firmware/driver never recovers from that state automatically, +and triggering TX flush or warm restarts won't work over WMI. So +issue a hardware restart if a WMI command times out due to missing +TX credits. This implies a connectivity outage of about 1.4s in AP +mode, but brings back the interface and the whole system to a usable +state. WMI command timeouts have not been seen in absent of this +specific issue, so taking such drastic actions seems legitimate. + +Signed-off-by: Martin Willi +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/ath/ath10k/wmi.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/net/wireless/ath/ath10k/wmi.c ++++ b/drivers/net/wireless/ath/ath10k/wmi.c +@@ -1822,6 +1822,12 @@ int ath10k_wmi_cmd_send(struct ath10k *a + if (ret) + dev_kfree_skb_any(skb); + ++ if (ret == -EAGAIN) { ++ ath10k_warn(ar, "wmi command %d timeout, restarting hardware\n", ++ cmd_id); ++ queue_work(ar->workqueue, &ar->restart_work); ++ } ++ + return ret; + } + diff --git a/queue-4.9/bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch b/queue-4.9/bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch new file mode 100644 index 00000000000..b1db3939b84 --- /dev/null +++ b/queue-4.9/bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch @@ -0,0 +1,61 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Christian Hewitt +Date: Tue, 4 Sep 2018 21:50:57 +0400 +Subject: Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth + +From: Christian Hewitt + +[ Upstream commit a357ea098c9605f60d92a66a9073f56ce25726da ] + +This patch adds the device ID for the AMPAK AP6335 combo module used +in the 1st generation WeTek Hub Android/LibreELEC HTPC box. The WiFI +chip identifies itself as BCM4339, while Bluetooth identifies itself +as BCM4335 (rev C0): + +``` +[ 4.864248] Bluetooth: hci0: BCM: chip id 86 +[ 4.866388] Bluetooth: hci0: BCM: features 0x2f +[ 4.889317] Bluetooth: hci0: BCM4335C0 +[ 4.889332] Bluetooth: hci0: BCM4335C0 (003.001.009) build 0000 +[ 9.778383] Bluetooth: hci0: BCM4335C0 (003.001.009) build 0268 +``` + +Output from hciconfig: + +``` +hci0: Type: Primary Bus: UART + BD Address: 43:39:00:00:1F:AC ACL MTU: 1021:8 SCO MTU: 64:1 + UP RUNNING + RX bytes:7567 acl:234 sco:0 events:386 errors:0 + TX bytes:53844 acl:77 sco:0 commands:304 errors:0 + Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87 + Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 + Link policy: RSWITCH SNIFF + Link mode: SLAVE ACCEPT + Name: 'HUB' + Class: 0x0c0000 + Service Classes: Rendering, Capturing + Device Class: Miscellaneous, + HCI Version: 4.0 (0x6) Revision: 0x10c + LMP Version: 4.0 (0x6) Subversion: 0x6109 + Manufacturer: Broadcom Corporation (15) +``` + +Signed-off-by: Christian Hewitt +Signed-off-by: Marcel Holtmann +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/btbcm.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/bluetooth/btbcm.c ++++ b/drivers/bluetooth/btbcm.c +@@ -270,6 +270,7 @@ static const struct { + { 0x4103, "BCM4330B1" }, /* 002.001.003 */ + { 0x410e, "BCM43341B0" }, /* 002.001.014 */ + { 0x4406, "BCM4324B3" }, /* 002.004.006 */ ++ { 0x6109, "BCM4335C0" }, /* 003.001.009 */ + { 0x610c, "BCM4354" }, /* 003.001.012 */ + { } + }; diff --git a/queue-4.9/bpf-do-not-blindly-change-rlimit-in-reuseport-net-selftest.patch b/queue-4.9/bpf-do-not-blindly-change-rlimit-in-reuseport-net-selftest.patch new file mode 100644 index 00000000000..7d069381d8b --- /dev/null +++ b/queue-4.9/bpf-do-not-blindly-change-rlimit-in-reuseport-net-selftest.patch @@ -0,0 +1,49 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Eric Dumazet +Date: Fri, 5 Oct 2018 19:38:46 -0700 +Subject: bpf: do not blindly change rlimit in reuseport net selftest + +From: Eric Dumazet + +[ Upstream commit 262f9d811c7608f1e74258ceecfe1fa213bdf912 ] + +If the current process has unlimited RLIMIT_MEMLOCK, +we should should leave it as is. + +Fixes: 941ff6f11c02 ("bpf: fix rlimit in reuseport net selftest") +Signed-off-by: John Sperbeck +Signed-off-by: Eric Dumazet +Acked-by: Daniel Borkmann +Signed-off-by: Daniel Borkmann +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/reuseport_bpf.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/tools/testing/selftests/net/reuseport_bpf.c ++++ b/tools/testing/selftests/net/reuseport_bpf.c +@@ -437,14 +437,19 @@ void enable_fastopen(void) + } + } + +-static struct rlimit rlim_old, rlim_new; ++static struct rlimit rlim_old; + + static __attribute__((constructor)) void main_ctor(void) + { + getrlimit(RLIMIT_MEMLOCK, &rlim_old); +- rlim_new.rlim_cur = rlim_old.rlim_cur + (1UL << 20); +- rlim_new.rlim_max = rlim_old.rlim_max + (1UL << 20); +- setrlimit(RLIMIT_MEMLOCK, &rlim_new); ++ ++ if (rlim_old.rlim_cur != RLIM_INFINITY) { ++ struct rlimit rlim_new; ++ ++ rlim_new.rlim_cur = rlim_old.rlim_cur + (1UL << 20); ++ rlim_new.rlim_max = rlim_old.rlim_max + (1UL << 20); ++ setrlimit(RLIMIT_MEMLOCK, &rlim_new); ++ } + } + + static __attribute__((destructor)) void main_dtor(void) diff --git a/queue-4.9/brcmfmac-fix-for-proper-support-of-160mhz-bandwidth.patch b/queue-4.9/brcmfmac-fix-for-proper-support-of-160mhz-bandwidth.patch new file mode 100644 index 00000000000..d3f12dffe59 --- /dev/null +++ b/queue-4.9/brcmfmac-fix-for-proper-support-of-160mhz-bandwidth.patch @@ -0,0 +1,125 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Arend van Spriel +Date: Wed, 5 Sep 2018 09:48:58 +0200 +Subject: brcmfmac: fix for proper support of 160MHz bandwidth + +From: Arend van Spriel + +[ Upstream commit 330994e8e8ec5d0b269a5265e6032b37e29aa336 ] + +Decoding of firmware channel information was not complete for 160MHz +support. This resulted in the following warning: + + WARNING: CPU: 2 PID: 2222 at .../broadcom/brcm80211/brcmutil/d11.c:196 + brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil] + Modules linked in: brcmfmac(O) brcmutil(O) sha256_generic cfg80211 ... + CPU: 2 PID: 2222 Comm: kworker/2:0 Tainted: G O + 4.17.0-wt-testing-x64-00002-gf1bed50 #1 + Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011 + Workqueue: events request_firmware_work_func + RIP: 0010:brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil] + RSP: 0018:ffffc90000047bd0 EFLAGS: 00010206 + RAX: 000000000000e832 RBX: ffff8801146fe910 RCX: ffff8801146fd3c0 + RDX: 0000000000002800 RSI: 0000000000000070 RDI: ffffc90000047c30 + RBP: ffffc90000047bd0 R08: 0000000000000000 R09: ffffffffa0798c80 + R10: ffff88012bca55e0 R11: ffff880110a4ea00 R12: ffff8801146f8000 + R13: ffffc90000047c30 R14: ffff8801146fe930 R15: ffff8801138e02e0 + FS: 0000000000000000(0000) GS:ffff88012bc80000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007f18ce8b8070 CR3: 000000000200a003 CR4: 00000000000206e0 + Call Trace: + brcmf_setup_wiphybands+0x212/0x780 [brcmfmac] + brcmf_cfg80211_attach+0xae2/0x11a0 [brcmfmac] + brcmf_attach+0x1fc/0x4b0 [brcmfmac] + ? __kmalloc+0x13c/0x1c0 + brcmf_pcie_setup+0x99b/0xe00 [brcmfmac] + brcmf_fw_request_done+0x16a/0x1f0 [brcmfmac] + request_firmware_work_func+0x36/0x60 + process_one_work+0x146/0x350 + worker_thread+0x4a/0x3b0 + kthread+0x102/0x140 + ? process_one_work+0x350/0x350 + ? kthread_bind+0x20/0x20 + ret_from_fork+0x35/0x40 + Code: 66 90 0f b7 07 55 48 89 e5 89 c2 88 47 02 88 47 03 66 81 e2 00 38 + 66 81 fa 00 18 74 6e 66 81 fa 00 20 74 39 66 81 fa 00 10 74 14 <0f> + 0b 66 25 00 c0 74 20 66 3d 00 c0 75 20 c6 47 04 01 5d c3 66 + ---[ end trace 550c46682415b26d ]--- + brcmfmac: brcmf_construct_chaninfo: Ignoring unexpected firmware channel 50 + +This patch adds the missing stuff to properly handle this. + +Reviewed-by: Hante Meuleman +Reviewed-by: Pieter-Paul Giesberts +Reviewed-by: Franky Lin +Signed-off-by: Arend van Spriel +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c | 34 ++++++++++- + drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h | 2 + 2 files changed, 35 insertions(+), 1 deletion(-) + +--- a/drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmutil/d11.c +@@ -77,6 +77,8 @@ static u16 d11ac_bw(enum brcmu_chan_bw b + return BRCMU_CHSPEC_D11AC_BW_40; + case BRCMU_CHAN_BW_80: + return BRCMU_CHSPEC_D11AC_BW_80; ++ case BRCMU_CHAN_BW_160: ++ return BRCMU_CHSPEC_D11AC_BW_160; + default: + WARN_ON(1); + } +@@ -190,8 +192,38 @@ static void brcmu_d11ac_decchspec(struct + break; + } + break; +- case BRCMU_CHSPEC_D11AC_BW_8080: + case BRCMU_CHSPEC_D11AC_BW_160: ++ switch (ch->sb) { ++ case BRCMU_CHAN_SB_LLL: ++ ch->control_ch_num -= CH_70MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_LLU: ++ ch->control_ch_num -= CH_50MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_LUL: ++ ch->control_ch_num -= CH_30MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_LUU: ++ ch->control_ch_num -= CH_10MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_ULL: ++ ch->control_ch_num += CH_10MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_ULU: ++ ch->control_ch_num += CH_30MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_UUL: ++ ch->control_ch_num += CH_50MHZ_APART; ++ break; ++ case BRCMU_CHAN_SB_UUU: ++ ch->control_ch_num += CH_70MHZ_APART; ++ break; ++ default: ++ WARN_ON_ONCE(1); ++ break; ++ } ++ break; ++ case BRCMU_CHSPEC_D11AC_BW_8080: + default: + WARN_ON_ONCE(1); + break; +--- a/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h ++++ b/drivers/net/wireless/broadcom/brcm80211/include/brcmu_wifi.h +@@ -29,6 +29,8 @@ + #define CH_UPPER_SB 0x01 + #define CH_LOWER_SB 0x02 + #define CH_EWA_VALID 0x04 ++#define CH_70MHZ_APART 14 ++#define CH_50MHZ_APART 10 + #define CH_30MHZ_APART 6 + #define CH_20MHZ_APART 4 + #define CH_10MHZ_APART 2 diff --git a/queue-4.9/cgroup-netclassid-add-a-preemption-point-to-write_classid.patch b/queue-4.9/cgroup-netclassid-add-a-preemption-point-to-write_classid.patch new file mode 100644 index 00000000000..1d574da7faa --- /dev/null +++ b/queue-4.9/cgroup-netclassid-add-a-preemption-point-to-write_classid.patch @@ -0,0 +1,65 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Michal Hocko +Date: Thu, 18 Oct 2018 10:56:17 +0200 +Subject: cgroup, netclassid: add a preemption point to write_classid + +From: Michal Hocko + +[ Upstream commit a90e90b7d55e789c71d85b946ffb5c1ab2f137ca ] + +We have seen a customer complaining about soft lockups on !PREEMPT +kernel config with 4.4 based kernel + +[1072141.435366] NMI watchdog: BUG: soft lockup - CPU#21 stuck for 22s! [systemd:1] +[1072141.444090] Modules linked in: mpt3sas raid_class binfmt_misc af_packet 8021q garp mrp stp llc xfs libcrc32c bonding iscsi_ibft iscsi_boot_sysfs msr ext4 crc16 jbd2 mbcache cdc_ether usbnet mii joydev hid_generic usbhid intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ipmi_ssif mgag200 i2c_algo_bit ttm ipmi_devintf drbg ixgbe drm_kms_helper vxlan ansi_cprng ip6_udp_tunnel drm aesni_intel udp_tunnel aes_x86_64 iTCO_wdt syscopyarea ptp xhci_pci lrw iTCO_vendor_support pps_core gf128mul ehci_pci glue_helper sysfillrect mdio pcspkr sb_edac ablk_helper cryptd ehci_hcd sysimgblt xhci_hcd fb_sys_fops edac_core mei_me lpc_ich ses usbcore enclosure dca mfd_core ipmi_si mei i2c_i801 scsi_transport_sas usb_common ipmi_msghandler shpchp fjes wmi processor button acpi_pad btrfs xor raid6_pq sd_mod crc32c_intel megaraid_sas sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod md_mod autofs4 +[1072141.444146] Supported: Yes +[1072141.444149] CPU: 21 PID: 1 Comm: systemd Not tainted 4.4.121-92.80-default #1 +[1072141.444150] Hardware name: LENOVO Lenovo System x3650 M5 -[5462P4U]- -[5462P4U]-/01GR451, BIOS -[TCE136H-2.70]- 06/13/2018 +[1072141.444151] task: ffff880191bd0040 ti: ffff880191bd4000 task.ti: ffff880191bd4000 +[1072141.444153] RIP: 0010:[] [] update_classid_sock+0x29/0x40 +[1072141.444157] RSP: 0018:ffff880191bd7d58 EFLAGS: 00000286 +[1072141.444158] RAX: ffff883b177cb7c0 RBX: 0000000000000000 RCX: 0000000000000000 +[1072141.444159] RDX: 00000000000009c7 RSI: ffff880191bd7d5c RDI: ffff8822e29bb200 +[1072141.444160] RBP: ffff883a72230980 R08: 0000000000000101 R09: 0000000000000000 +[1072141.444161] R10: 0000000000000008 R11: f000000000000000 R12: ffffffff815229d0 +[1072141.444162] R13: 0000000000000000 R14: ffff881fd0a47ac0 R15: ffff880191bd7f28 +[1072141.444163] FS: 00007f3e2f1eb8c0(0000) GS:ffff882000340000(0000) knlGS:0000000000000000 +[1072141.444164] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[1072141.444165] CR2: 00007f3e2f200000 CR3: 0000001ffea4e000 CR4: 00000000001606f0 +[1072141.444166] Stack: +[1072141.444166] ffffffa800000246 00000000000009c7 ffffffff8121d583 ffff8818312a05c0 +[1072141.444168] ffff8818312a1100 ffff880197c3b280 ffff881861422858 ffffffffffffffea +[1072141.444170] ffffffff81522b1c ffffffff81d0ca20 ffff8817fa17b950 ffff883fdd8121e0 +[1072141.444171] Call Trace: +[1072141.444179] [] iterate_fd+0x53/0x80 +[1072141.444182] [] write_classid+0x4c/0x80 +[1072141.444187] [] cgroup_file_write+0x9b/0x100 +[1072141.444193] [] kernfs_fop_write+0x11b/0x150 +[1072141.444198] [] __vfs_write+0x26/0x100 +[1072141.444201] [] vfs_write+0x9d/0x190 +[1072141.444203] [] SyS_write+0x42/0xa0 +[1072141.444207] [] entry_SYSCALL_64_fastpath+0x1e/0xca +[1072141.445490] DWARF2 unwinder stuck at entry_SYSCALL_64_fastpath+0x1e/0xca + +If a cgroup has many tasks with many open file descriptors then we would +end up in a large loop without any rescheduling point throught the +operation. Add cond_resched once per task. + +Signed-off-by: Michal Hocko +Signed-off-by: Tejun Heo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/core/netclassid_cgroup.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/core/netclassid_cgroup.c ++++ b/net/core/netclassid_cgroup.c +@@ -104,6 +104,7 @@ static int write_classid(struct cgroup_s + iterate_fd(p->files, 0, update_classid_sock, + (void *)(unsigned long)cs->classid); + task_unlock(p); ++ cond_resched(); + } + css_task_iter_end(&it); + diff --git a/queue-4.9/coresight-etb10-fix-handling-of-perf-mode.patch b/queue-4.9/coresight-etb10-fix-handling-of-perf-mode.patch new file mode 100644 index 00000000000..cec472264e6 --- /dev/null +++ b/queue-4.9/coresight-etb10-fix-handling-of-perf-mode.patch @@ -0,0 +1,36 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Suzuki K Poulose +Date: Thu, 20 Sep 2018 13:17:46 -0600 +Subject: coresight: etb10: Fix handling of perf mode + +From: Suzuki K Poulose + +[ Upstream commit 987d1e8dcd370d96029a3d76a0031b043c4a69ae ] + +If the ETB is already enabled in sysfs mode, the ETB reports +success even if a perf mode is requested. Fix this by checking +the requested mode. + +Cc: Mathieu Poirier +Signed-off-by: Suzuki K Poulose +Signed-off-by: Mathieu Poirier +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hwtracing/coresight/coresight-etb10.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/hwtracing/coresight/coresight-etb10.c ++++ b/drivers/hwtracing/coresight/coresight-etb10.c +@@ -155,6 +155,10 @@ static int etb_enable(struct coresight_d + if (val == CS_MODE_PERF) + return -EBUSY; + ++ /* Don't let perf disturb sysFS sessions */ ++ if (val == CS_MODE_SYSFS && mode == CS_MODE_PERF) ++ return -EBUSY; ++ + /* Nothing to do, the tracer is already enabled. */ + if (val == CS_MODE_SYSFS) + goto out; diff --git a/queue-4.9/cpufreq-dt-try-freeing-static-opps-only-if-we-have-added-them.patch b/queue-4.9/cpufreq-dt-try-freeing-static-opps-only-if-we-have-added-them.patch new file mode 100644 index 00000000000..bc08ed84902 --- /dev/null +++ b/queue-4.9/cpufreq-dt-try-freeing-static-opps-only-if-we-have-added-them.patch @@ -0,0 +1,111 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Viresh Kumar +Date: Wed, 3 Oct 2018 15:35:21 +0530 +Subject: cpufreq: dt: Try freeing static OPPs only if we have added them + +From: Viresh Kumar + +[ Upstream commit 51c99dd2c06b234575661fa1e0a1dea6c3ef566f ] + +We can not call dev_pm_opp_of_cpumask_remove_table() freely anymore +since the latest OPP core updates as that uses reference counting to +free resources. There are cases where no static OPPs are added (using +DT) for a platform and trying to remove the OPP table may end up +decrementing refcount which is already zero and hence generating +warnings. + +Lets track if we were able to add static OPPs or not and then only +remove the table based on that. Some reshuffling of code is also done to +do that. + +Reported-by: Niklas Cassel +Tested-by: Niklas Cassel +Signed-off-by: Viresh Kumar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/cpufreq/cpufreq-dt.c | 34 +++++++++++++++++++--------------- + 1 file changed, 19 insertions(+), 15 deletions(-) + +--- a/drivers/cpufreq/cpufreq-dt.c ++++ b/drivers/cpufreq/cpufreq-dt.c +@@ -32,6 +32,7 @@ struct private_data { + struct device *cpu_dev; + struct thermal_cooling_device *cdev; + const char *reg_name; ++ bool have_static_opps; + }; + + static struct freq_attr *cpufreq_dt_attr[] = { +@@ -197,6 +198,15 @@ static int cpufreq_init(struct cpufreq_p + } + } + ++ priv = kzalloc(sizeof(*priv), GFP_KERNEL); ++ if (!priv) { ++ ret = -ENOMEM; ++ goto out_put_regulator; ++ } ++ ++ priv->reg_name = name; ++ priv->opp_table = opp_table; ++ + /* + * Initialize OPP tables for all policy->cpus. They will be shared by + * all CPUs which have marked their CPUs shared with OPP bindings. +@@ -207,7 +217,8 @@ static int cpufreq_init(struct cpufreq_p + * + * OPPs might be populated at runtime, don't check for error here + */ +- dev_pm_opp_of_cpumask_add_table(policy->cpus); ++ if (!dev_pm_opp_of_cpumask_add_table(policy->cpus)) ++ priv->have_static_opps = true; + + /* + * But we need OPP table to function so if it is not there let's +@@ -233,19 +244,10 @@ static int cpufreq_init(struct cpufreq_p + __func__, ret); + } + +- priv = kzalloc(sizeof(*priv), GFP_KERNEL); +- if (!priv) { +- ret = -ENOMEM; +- goto out_free_opp; +- } +- +- priv->reg_name = name; +- priv->opp_table = opp_table; +- + ret = dev_pm_opp_init_cpufreq_table(cpu_dev, &freq_table); + if (ret) { + dev_err(cpu_dev, "failed to init cpufreq table: %d\n", ret); +- goto out_free_priv; ++ goto out_free_opp; + } + + priv->cpu_dev = cpu_dev; +@@ -284,10 +286,11 @@ static int cpufreq_init(struct cpufreq_p + + out_free_cpufreq_table: + dev_pm_opp_free_cpufreq_table(cpu_dev, &freq_table); +-out_free_priv: +- kfree(priv); + out_free_opp: +- dev_pm_opp_of_cpumask_remove_table(policy->cpus); ++ if (priv->have_static_opps) ++ dev_pm_opp_of_cpumask_remove_table(policy->cpus); ++ kfree(priv); ++out_put_regulator: + if (name) + dev_pm_opp_put_regulator(opp_table); + out_put_clk: +@@ -302,7 +305,8 @@ static int cpufreq_exit(struct cpufreq_p + + cpufreq_cooling_unregister(priv->cdev); + dev_pm_opp_free_cpufreq_table(priv->cpu_dev, &policy->freq_table); +- dev_pm_opp_of_cpumask_remove_table(policy->related_cpus); ++ if (priv->have_static_opps) ++ dev_pm_opp_of_cpumask_remove_table(policy->related_cpus); + if (priv->reg_name) + dev_pm_opp_put_regulator(priv->opp_table); + diff --git a/queue-4.9/cpupower-fix-coredump-on-vmware.patch b/queue-4.9/cpupower-fix-coredump-on-vmware.patch new file mode 100644 index 00000000000..9f160b8bc93 --- /dev/null +++ b/queue-4.9/cpupower-fix-coredump-on-vmware.patch @@ -0,0 +1,55 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Prarit Bhargava +Date: Mon, 8 Oct 2018 11:06:19 -0400 +Subject: cpupower: Fix coredump on VMWare + +From: Prarit Bhargava + +[ Upstream commit f69ffc5d3db8f1f03fd6d1df5930f9a1fbd787b6 ] + +cpupower crashes on VMWare guests. The guests have the AMD PStateDef MSR +(0xC0010064 + state number) set to zero. As a result fid and did are zero +and the crash occurs because of a divide by zero (cof = fid/did). This +can be prevented by checking the enable bit in the PStateDef MSR before +calculating cof. By doing this the value of pstate[i] remains zero and +the value can be tested before displaying the active Pstates. + +Check the enable bit in the PstateDef register for all supported families +and only print out enabled Pstates. + +Signed-off-by: Prarit Bhargava +Cc: Shuah Khan +Cc: Stafford Horne +Signed-off-by: Shuah Khan (Samsung OSG) +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/power/cpupower/utils/cpufreq-info.c | 2 ++ + tools/power/cpupower/utils/helpers/amd.c | 5 +++++ + 2 files changed, 7 insertions(+) + +--- a/tools/power/cpupower/utils/cpufreq-info.c ++++ b/tools/power/cpupower/utils/cpufreq-info.c +@@ -202,6 +202,8 @@ static int get_boost_mode(unsigned int c + printf(_(" Boost States: %d\n"), b_states); + printf(_(" Total States: %d\n"), pstate_no); + for (i = 0; i < pstate_no; i++) { ++ if (!pstates[i]) ++ continue; + if (i < b_states) + printf(_(" Pstate-Pb%d: %luMHz (boost state)" + "\n"), i, pstates[i]); +--- a/tools/power/cpupower/utils/helpers/amd.c ++++ b/tools/power/cpupower/utils/helpers/amd.c +@@ -103,6 +103,11 @@ int decode_pstates(unsigned int cpu, uns + } + if (read_msr(cpu, MSR_AMD_PSTATE + i, &pstate.val)) + return -1; ++ if ((cpu_family == 0x17) && (!pstate.fam17h_bits.en)) ++ continue; ++ else if (!pstate.bits.en) ++ continue; ++ + pstates[i] = get_cof(cpu_family, pstate); + } + *no = i; diff --git a/queue-4.9/crypto-caam-fix-implicit-casts-in-endianness-helpers.patch b/queue-4.9/crypto-caam-fix-implicit-casts-in-endianness-helpers.patch new file mode 100644 index 00000000000..cc655cf2aff --- /dev/null +++ b/queue-4.9/crypto-caam-fix-implicit-casts-in-endianness-helpers.patch @@ -0,0 +1,70 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: "Horia Geantă" +Date: Wed, 12 Sep 2018 11:59:30 +0300 +Subject: crypto: caam - fix implicit casts in endianness helpers + +From: "Horia Geantă" + +[ Upstream commit aae733a3f46f5ef338fbdde26e14cbb205a23de0 ] + +Fix the following sparse endianness warnings: + +drivers/crypto/caam/regs.h:95:1: sparse: incorrect type in return expression (different base types) @@ expected unsigned int @@ got restricted __le32unsigned int @@ +drivers/crypto/caam/regs.h:95:1: expected unsigned int +drivers/crypto/caam/regs.h:95:1: got restricted __le32 [usertype] +drivers/crypto/caam/regs.h:95:1: sparse: incorrect type in return expression (different base types) @@ expected unsigned int @@ got restricted __be32unsigned int @@ +drivers/crypto/caam/regs.h:95:1: expected unsigned int +drivers/crypto/caam/regs.h:95:1: got restricted __be32 [usertype] + +drivers/crypto/caam/regs.h:92:1: sparse: cast to restricted __le32 +drivers/crypto/caam/regs.h:92:1: sparse: cast to restricted __be32 + +Fixes: 261ea058f016 ("crypto: caam - handle core endianness != caam endianness") +Reported-by: kbuild test robot +Signed-off-by: Horia Geantă +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/caam/regs.h | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +--- a/drivers/crypto/caam/regs.h ++++ b/drivers/crypto/caam/regs.h +@@ -68,22 +68,22 @@ + + extern bool caam_little_end; + +-#define caam_to_cpu(len) \ +-static inline u##len caam##len ## _to_cpu(u##len val) \ +-{ \ +- if (caam_little_end) \ +- return le##len ## _to_cpu(val); \ +- else \ +- return be##len ## _to_cpu(val); \ ++#define caam_to_cpu(len) \ ++static inline u##len caam##len ## _to_cpu(u##len val) \ ++{ \ ++ if (caam_little_end) \ ++ return le##len ## _to_cpu((__force __le##len)val); \ ++ else \ ++ return be##len ## _to_cpu((__force __be##len)val); \ + } + +-#define cpu_to_caam(len) \ +-static inline u##len cpu_to_caam##len(u##len val) \ +-{ \ +- if (caam_little_end) \ +- return cpu_to_le##len(val); \ +- else \ +- return cpu_to_be##len(val); \ ++#define cpu_to_caam(len) \ ++static inline u##len cpu_to_caam##len(u##len val) \ ++{ \ ++ if (caam_little_end) \ ++ return (__force u##len)cpu_to_le##len(val); \ ++ else \ ++ return (__force u##len)cpu_to_be##len(val); \ + } + + caam_to_cpu(16) diff --git a/queue-4.9/dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch b/queue-4.9/dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch new file mode 100644 index 00000000000..9342d66a7d1 --- /dev/null +++ b/queue-4.9/dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch @@ -0,0 +1,36 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Paul Cercueil +Date: Wed, 29 Aug 2018 23:32:44 +0200 +Subject: dmaengine: dma-jz4780: Return error if not probed from DT + +From: Paul Cercueil + +[ Upstream commit 54f919a04cf221bc1601d1193682d4379dacacbd ] + +The driver calls clk_get() with the clock name set to NULL, which means +that the driver could only work when probed from devicetree. From now +on, we explicitly require the driver to be probed from devicetree. + +Signed-off-by: Paul Cercueil +Tested-by: Mathieu Malaterre +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/dma-jz4780.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/dma/dma-jz4780.c ++++ b/drivers/dma/dma-jz4780.c +@@ -754,6 +754,11 @@ static int jz4780_dma_probe(struct platf + struct resource *res; + int i, ret; + ++ if (!dev->of_node) { ++ dev_err(dev, "This driver must be probed from devicetree\n"); ++ return -EINVAL; ++ } ++ + jzdma = devm_kzalloc(dev, sizeof(*jzdma), GFP_KERNEL); + if (!jzdma) + return -ENOMEM; diff --git a/queue-4.9/driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch b/queue-4.9/driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch new file mode 100644 index 00000000000..8f16f11bbd9 --- /dev/null +++ b/queue-4.9/driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch @@ -0,0 +1,87 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Waiman Long +Date: Fri, 14 Sep 2018 14:53:32 -0400 +Subject: driver/dma/ioat: Call del_timer_sync() without holding prep_lock + +From: Waiman Long + +[ Upstream commit cfb03be6c7e8a1591285849c361d67b09f5149f7 ] + +The following lockdep splat was observed: + +[ 1222.241750] ====================================================== +[ 1222.271301] WARNING: possible circular locking dependency detected +[ 1222.301060] 4.16.0-10.el8+5.x86_64+debug #1 Not tainted +[ 1222.326659] ------------------------------------------------------ +[ 1222.356565] systemd-shutdow/1 is trying to acquire lock: +[ 1222.382660] ((&ioat_chan->timer)){+.-.}, at: [<00000000f71e1a28>] del_timer_sync+0x5/0xf0 +[ 1222.422928] +[ 1222.422928] but task is already holding lock: +[ 1222.451743] (&(&ioat_chan->prep_lock)->rlock){+.-.}, at: [<000000008ea98b12>] ioat_shutdown+0x86/0x100 [ioatdma] + : +[ 1223.524987] Chain exists of: +[ 1223.524987] (&ioat_chan->timer) --> &(&ioat_chan->cleanup_lock)->rlock --> &(&ioat_chan->prep_lock)->rlock +[ 1223.524987] +[ 1223.594082] Possible unsafe locking scenario: +[ 1223.594082] +[ 1223.622630] CPU0 CPU1 +[ 1223.645080] ---- ---- +[ 1223.667404] lock(&(&ioat_chan->prep_lock)->rlock); +[ 1223.691535] lock(&(&ioat_chan->cleanup_lock)->rlock); +[ 1223.728657] lock(&(&ioat_chan->prep_lock)->rlock); +[ 1223.765122] lock((&ioat_chan->timer)); +[ 1223.784095] +[ 1223.784095] *** DEADLOCK *** +[ 1223.784095] +[ 1223.813492] 4 locks held by systemd-shutdow/1: +[ 1223.834677] #0: (reboot_mutex){+.+.}, at: [<0000000056d33456>] SYSC_reboot+0x10f/0x300 +[ 1223.873310] #1: (&dev->mutex){....}, at: [<00000000258dfdd7>] device_shutdown+0x1c8/0x660 +[ 1223.913604] #2: (&dev->mutex){....}, at: [<0000000068331147>] device_shutdown+0x1d6/0x660 +[ 1223.954000] #3: (&(&ioat_chan->prep_lock)->rlock){+.-.}, at: [<000000008ea98b12>] ioat_shutdown+0x86/0x100 [ioatdma] + +In the ioat_shutdown() function: + + spin_lock_bh(&ioat_chan->prep_lock); + set_bit(IOAT_CHAN_DOWN, &ioat_chan->state); + del_timer_sync(&ioat_chan->timer); + spin_unlock_bh(&ioat_chan->prep_lock); + +According to the synchronization rule for the del_timer_sync() function, +the caller must not hold locks which would prevent completion of the +timer's handler. + +The timer structure has its own lock that manages its synchronization. +Setting the IOAT_CHAN_DOWN bit should prevent other CPUs from +trying to use that device anyway, there is probably no need to call +del_timer_sync() while holding the prep_lock. So the del_timer_sync() +call is now moved outside of the prep_lock critical section to prevent +the circular lock dependency. + +Signed-off-by: Waiman Long +Reviewed-by: Dave Jiang +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/ioat/init.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/dma/ioat/init.c ++++ b/drivers/dma/ioat/init.c +@@ -1210,8 +1210,15 @@ static void ioat_shutdown(struct pci_dev + + spin_lock_bh(&ioat_chan->prep_lock); + set_bit(IOAT_CHAN_DOWN, &ioat_chan->state); +- del_timer_sync(&ioat_chan->timer); + spin_unlock_bh(&ioat_chan->prep_lock); ++ /* ++ * Synchronization rule for del_timer_sync(): ++ * - The caller must not hold locks which would prevent ++ * completion of the timer's handler. ++ * So prep_lock cannot be held before calling it. ++ */ ++ del_timer_sync(&ioat_chan->timer); ++ + /* this should quiesce then reset */ + ioat_reset_hw(ioat_chan); + } diff --git a/queue-4.9/ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch b/queue-4.9/ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch new file mode 100644 index 00000000000..0e07983bd22 --- /dev/null +++ b/queue-4.9/ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch @@ -0,0 +1,46 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Theodore Ts'o +Date: Tue, 2 Oct 2018 01:34:44 -0400 +Subject: ext4: fix argument checking in EXT4_IOC_MOVE_EXT + +From: Theodore Ts'o + +[ Upstream commit f18b2b83a727a3db208308057d2c7945f368e625 ] + +If the starting block number of either the source or destination file +exceeds the EOF, EXT4_IOC_MOVE_EXT should return EINVAL. + +Also fixed the helper function mext_check_coverage() so that if the +logical block is beyond EOF, make it return immediately, instead of +looping until the block number wraps all the away around. This takes +long enough that if there are multiple threads trying to do pound on +an the same inode doing non-sensical things, it can end up triggering +the kernel's soft lockup detector. + +Reported-by: syzbot+c61979f6f2cba5cb3c06@syzkaller.appspotmail.com +Signed-off-by: Theodore Ts'o +Cc: stable@kernel.org +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/move_extent.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/ext4/move_extent.c ++++ b/fs/ext4/move_extent.c +@@ -526,9 +526,13 @@ mext_check_arguments(struct inode *orig_ + orig_inode->i_ino, donor_inode->i_ino); + return -EINVAL; + } +- if (orig_eof < orig_start + *len - 1) ++ if (orig_eof <= orig_start) ++ *len = 0; ++ else if (orig_eof < orig_start + *len - 1) + *len = orig_eof - orig_start; +- if (donor_eof < donor_start + *len - 1) ++ if (donor_eof <= donor_start) ++ *len = 0; ++ else if (donor_eof < donor_start + *len - 1) + *len = donor_eof - donor_start; + if (!*len) { + ext4_debug("ext4 move extent: len should not be 0 " diff --git a/queue-4.9/hwmon-pwm-fan-set-fan-speed-to-0-on-suspend.patch b/queue-4.9/hwmon-pwm-fan-set-fan-speed-to-0-on-suspend.patch new file mode 100644 index 00000000000..972b8129fa6 --- /dev/null +++ b/queue-4.9/hwmon-pwm-fan-set-fan-speed-to-0-on-suspend.patch @@ -0,0 +1,67 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Thierry Reding +Date: Fri, 21 Sep 2018 12:10:48 +0200 +Subject: hwmon: (pwm-fan) Set fan speed to 0 on suspend + +From: Thierry Reding + +[ Upstream commit 95dcd64bc5a27080beaa344edfe5bdcca3d2e7dc ] + +Technically this is not required because disabling the PWM should be +enough. However, when support for atomic operations was implemented in +the PWM subsystem, only actual changes to the PWM channel are applied +during pwm_config(), which means that during after resume from suspend +the old settings won't be applied. + +One possible solution is for the PWM driver to implement its own PM +operations such that settings from before suspend get applied on resume. +This has the disadvantage of completely ignoring any particular ordering +requirements that PWM user drivers might have, so it is best to leave it +up to the user drivers to apply the settings that they want at the +appropriate time. + +Another way to solve this would be to read back the current state of the +PWM at the time of resume. That way, in case the configuration was lost +during suspend, applying the old settings in PWM user drivers would +actually get them applied because they differ from the current settings. +However, not all PWM drivers support reading the hardware state, and not +all hardware may support it. + +The best workaround at this point seems to be to let PWM user drivers +tell the PWM subsystem that the PWM is turned off by, in addition to +disabling it, also setting the duty cycle to 0. This causes the resume +operation to apply a configuration that is different from the current +configuration, resulting in the proper state from before suspend getting +restored. + +Signed-off-by: Thierry Reding +Signed-off-by: Guenter Roeck +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hwmon/pwm-fan.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/drivers/hwmon/pwm-fan.c ++++ b/drivers/hwmon/pwm-fan.c +@@ -306,9 +306,19 @@ static int pwm_fan_remove(struct platfor + static int pwm_fan_suspend(struct device *dev) + { + struct pwm_fan_ctx *ctx = dev_get_drvdata(dev); ++ struct pwm_args args; ++ int ret; ++ ++ pwm_get_args(ctx->pwm, &args); ++ ++ if (ctx->pwm_value) { ++ ret = pwm_config(ctx->pwm, 0, args.period); ++ if (ret < 0) ++ return ret; + +- if (ctx->pwm_value) + pwm_disable(ctx->pwm); ++ } ++ + return 0; + } + diff --git a/queue-4.9/i2c-rcar-cleanup-dma-for-all-kinds-of-failure.patch b/queue-4.9/i2c-rcar-cleanup-dma-for-all-kinds-of-failure.patch new file mode 100644 index 00000000000..8163d3dbbc2 --- /dev/null +++ b/queue-4.9/i2c-rcar-cleanup-dma-for-all-kinds-of-failure.patch @@ -0,0 +1,37 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Wolfram Sang +Date: Fri, 19 Oct 2018 21:15:26 +0200 +Subject: i2c: rcar: cleanup DMA for all kinds of failure + +From: Wolfram Sang + +[ Upstream commit 31d86033a0749a0463ea654130b2de5c163154f1 ] + +DMA needs to be cleaned up not only on timeout, but on all errors where +it has been setup before. + +Fixes: 73e8b0528346 ("i2c: rcar: add DMA support") +Signed-off-by: Wolfram Sang +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-rcar.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-rcar.c ++++ b/drivers/i2c/busses/i2c-rcar.c +@@ -723,8 +723,12 @@ static int rcar_i2c_master_xfer(struct i + + time_left = wait_event_timeout(priv->wait, priv->flags & ID_DONE, + num * adap->timeout); +- if (!time_left) { ++ ++ /* cleanup DMA if it couldn't complete properly due to an error */ ++ if (priv->dma_direction != DMA_NONE) + rcar_i2c_cleanup_dma(priv); ++ ++ if (!time_left) { + rcar_i2c_init(priv); + ret = -ETIMEDOUT; + } else if (priv->flags & ID_NACK) { diff --git a/queue-4.9/ib-ipoib-clear-ipcb-before-icmp_send.patch b/queue-4.9/ib-ipoib-clear-ipcb-before-icmp_send.patch new file mode 100644 index 00000000000..1cc29a1629c --- /dev/null +++ b/queue-4.9/ib-ipoib-clear-ipcb-before-icmp_send.patch @@ -0,0 +1,103 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Denis Drozdov +Date: Thu, 11 Oct 2018 22:33:57 +0300 +Subject: IB/ipoib: Clear IPCB before icmp_send + +From: Denis Drozdov + +[ Upstream commit 4d6e4d12da2c308f8f976d3955c45ee62539ac98 ] + +IPCB should be cleared before icmp_send, since it may contain data from +previous layers and the data could be misinterpreted as ip header options, +which later caused the ihl to be set to an invalid value and resulted in +the following stack corruption: + +[ 1083.031512] ib0: packet len 57824 (> 2048) too long to send, dropping +[ 1083.031843] ib0: packet len 37904 (> 2048) too long to send, dropping +[ 1083.032004] ib0: packet len 4040 (> 2048) too long to send, dropping +[ 1083.032253] ib0: packet len 63800 (> 2048) too long to send, dropping +[ 1083.032481] ib0: packet len 23960 (> 2048) too long to send, dropping +[ 1083.033149] ib0: packet len 63800 (> 2048) too long to send, dropping +[ 1083.033439] ib0: packet len 63800 (> 2048) too long to send, dropping +[ 1083.033700] ib0: packet len 63800 (> 2048) too long to send, dropping +[ 1083.034124] ib0: packet len 63800 (> 2048) too long to send, dropping +[ 1083.034387] ================================================================== +[ 1083.034602] BUG: KASAN: stack-out-of-bounds in __ip_options_echo+0xf08/0x1310 +[ 1083.034798] Write of size 4 at addr ffff880353457c5f by task kworker/u16:0/7 +[ 1083.034990] +[ 1083.035104] CPU: 7 PID: 7 Comm: kworker/u16:0 Tainted: G O 4.19.0-rc5+ #1 +[ 1083.035316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014 +[ 1083.035573] Workqueue: ipoib_wq ipoib_cm_skb_reap [ib_ipoib] +[ 1083.035750] Call Trace: +[ 1083.035888] dump_stack+0x9a/0xeb +[ 1083.036031] print_address_description+0xe3/0x2e0 +[ 1083.036213] kasan_report+0x18a/0x2e0 +[ 1083.036356] ? __ip_options_echo+0xf08/0x1310 +[ 1083.036522] __ip_options_echo+0xf08/0x1310 +[ 1083.036688] icmp_send+0x7b9/0x1cd0 +[ 1083.036843] ? icmp_route_lookup.constprop.9+0x1070/0x1070 +[ 1083.037018] ? netif_schedule_queue+0x5/0x200 +[ 1083.037180] ? debug_show_all_locks+0x310/0x310 +[ 1083.037341] ? rcu_dynticks_curr_cpu_in_eqs+0x85/0x120 +[ 1083.037519] ? debug_locks_off+0x11/0x80 +[ 1083.037673] ? debug_check_no_obj_freed+0x207/0x4c6 +[ 1083.037841] ? check_flags.part.27+0x450/0x450 +[ 1083.037995] ? debug_check_no_obj_freed+0xc3/0x4c6 +[ 1083.038169] ? debug_locks_off+0x11/0x80 +[ 1083.038318] ? skb_dequeue+0x10e/0x1a0 +[ 1083.038476] ? ipoib_cm_skb_reap+0x2b5/0x650 [ib_ipoib] +[ 1083.038642] ? netif_schedule_queue+0xa8/0x200 +[ 1083.038820] ? ipoib_cm_skb_reap+0x544/0x650 [ib_ipoib] +[ 1083.038996] ipoib_cm_skb_reap+0x544/0x650 [ib_ipoib] +[ 1083.039174] process_one_work+0x912/0x1830 +[ 1083.039336] ? wq_pool_ids_show+0x310/0x310 +[ 1083.039491] ? lock_acquire+0x145/0x3a0 +[ 1083.042312] worker_thread+0x87/0xbb0 +[ 1083.045099] ? process_one_work+0x1830/0x1830 +[ 1083.047865] kthread+0x322/0x3e0 +[ 1083.050624] ? kthread_create_worker_on_cpu+0xc0/0xc0 +[ 1083.053354] ret_from_fork+0x3a/0x50 + +For instance __ip_options_echo is failing to proceed with invalid srr and +optlen passed from another layer via IPCB + +[ 762.139568] IPv4: __ip_options_echo rr=0 ts=0 srr=43 cipso=0 +[ 762.139720] IPv4: ip_options_build: IPCB 00000000f3cd969e opt 000000002ccb3533 +[ 762.139838] IPv4: __ip_options_echo in srr: optlen 197 soffset 84 +[ 762.139852] IPv4: ip_options_build srr=0 is_frag=0 rr_needaddr=0 ts_needaddr=0 ts_needtime=0 rr=0 ts=0 +[ 762.140269] ================================================================== +[ 762.140713] IPv4: __ip_options_echo rr=0 ts=0 srr=0 cipso=0 +[ 762.141078] BUG: KASAN: stack-out-of-bounds in __ip_options_echo+0x12ec/0x1680 +[ 762.141087] Write of size 4 at addr ffff880353457c7f by task kworker/u16:0/7 + +Signed-off-by: Denis Drozdov +Reviewed-by: Erez Shitrit +Reviewed-by: Feras Daoud +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/ulp/ipoib/ipoib_cm.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/infiniband/ulp/ipoib/ipoib_cm.c ++++ b/drivers/infiniband/ulp/ipoib/ipoib_cm.c +@@ -1422,11 +1422,15 @@ static void ipoib_cm_skb_reap(struct wor + spin_unlock_irqrestore(&priv->lock, flags); + netif_tx_unlock_bh(dev); + +- if (skb->protocol == htons(ETH_P_IP)) ++ if (skb->protocol == htons(ETH_P_IP)) { ++ memset(IPCB(skb), 0, sizeof(*IPCB(skb))); + icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); ++ } + #if IS_ENABLED(CONFIG_IPV6) +- else if (skb->protocol == htons(ETH_P_IPV6)) ++ else if (skb->protocol == htons(ETH_P_IPV6)) { ++ memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); + icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); ++ } + #endif + dev_kfree_skb_any(skb); + diff --git a/queue-4.9/iwlwifi-pcie-avoid-empty-free-rb-queue.patch b/queue-4.9/iwlwifi-pcie-avoid-empty-free-rb-queue.patch new file mode 100644 index 00000000000..75d08e42432 --- /dev/null +++ b/queue-4.9/iwlwifi-pcie-avoid-empty-free-rb-queue.patch @@ -0,0 +1,108 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Shaul Triebitz +Date: Wed, 6 Jun 2018 17:20:58 +0300 +Subject: iwlwifi: pcie: avoid empty free RB queue + +From: Shaul Triebitz + +[ Upstream commit 868a1e863f95183f00809363fefba6d4f5bcd116 ] + +If all free RB queues are empty, the driver will never restock the +free RB queue. That's because the restocking happens in the Rx flow, +and if the free queue is empty there will be no Rx. + +Although there's a background worker (a.k.a. allocator) allocating +memory for RBs so that the Rx handler can restock them, the worker may +run only after the free queue has become empty (and then it is too +late for restocking as explained above). + +There is a solution for that called 'emergency': If the number of used +RB's reaches half the amount of all RB's, the Rx handler will not wait +for the allocator but immediately allocate memory for the used RB's +and restock the free queue. + +But, since the used RB's is per queue, it may happen that the used +RB's are spread between the queues such that the emergency check will +fail for each of the queues +(and still run out of RBs, causing the above symptom). + +To fix it, move to emergency mode if the sum of *all* used RBs (for +all Rx queues) reaches half the amount of all RB's + +Signed-off-by: Shaul Triebitz +Signed-off-by: Luca Coelho +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 32 +++++++++++++++++---------- + 1 file changed, 21 insertions(+), 11 deletions(-) + +--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c ++++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c +@@ -1030,6 +1030,14 @@ void iwl_pcie_rx_free(struct iwl_trans * + kfree(trans_pcie->rxq); + } + ++static void iwl_pcie_rx_move_to_allocator(struct iwl_rxq *rxq, ++ struct iwl_rb_allocator *rba) ++{ ++ spin_lock(&rba->lock); ++ list_splice_tail_init(&rxq->rx_used, &rba->rbd_empty); ++ spin_unlock(&rba->lock); ++} ++ + /* + * iwl_pcie_rx_reuse_rbd - Recycle used RBDs + * +@@ -1061,9 +1069,7 @@ static void iwl_pcie_rx_reuse_rbd(struct + if ((rxq->used_count % RX_CLAIM_REQ_ALLOC) == RX_POST_REQ_ALLOC) { + /* Move the 2 RBDs to the allocator ownership. + Allocator has another 6 from pool for the request completion*/ +- spin_lock(&rba->lock); +- list_splice_tail_init(&rxq->rx_used, &rba->rbd_empty); +- spin_unlock(&rba->lock); ++ iwl_pcie_rx_move_to_allocator(rxq, rba); + + atomic_inc(&rba->req_pending); + queue_work(rba->alloc_wq, &rba->rx_alloc); +@@ -1233,10 +1239,18 @@ restart: + IWL_DEBUG_RX(trans, "Q %d: HW = SW = %d\n", rxq->id, r); + + while (i != r) { ++ struct iwl_rb_allocator *rba = &trans_pcie->rba; + struct iwl_rx_mem_buffer *rxb; +- +- if (unlikely(rxq->used_count == rxq->queue_size / 2)) ++ /* number of RBDs still waiting for page allocation */ ++ u32 rb_pending_alloc = ++ atomic_read(&trans_pcie->rba.req_pending) * ++ RX_CLAIM_REQ_ALLOC; ++ ++ if (unlikely(rb_pending_alloc >= rxq->queue_size / 2 && ++ !emergency)) { ++ iwl_pcie_rx_move_to_allocator(rxq, rba); + emergency = true; ++ } + + if (trans->cfg->mq_rx_supported) { + /* +@@ -1279,17 +1293,13 @@ restart: + iwl_pcie_rx_allocator_get(trans, rxq); + + if (rxq->used_count % RX_CLAIM_REQ_ALLOC == 0 && !emergency) { +- struct iwl_rb_allocator *rba = &trans_pcie->rba; +- + /* Add the remaining empty RBDs for allocator use */ +- spin_lock(&rba->lock); +- list_splice_tail_init(&rxq->rx_used, &rba->rbd_empty); +- spin_unlock(&rba->lock); ++ iwl_pcie_rx_move_to_allocator(rxq, rba); + } else if (emergency) { + count++; + if (count == 8) { + count = 0; +- if (rxq->used_count < rxq->queue_size / 3) ++ if (rb_pending_alloc < rxq->queue_size / 3) + emergency = false; + + rxq->read = i; diff --git a/queue-4.9/ixgbevf-vf2vf-tcp-rss.patch b/queue-4.9/ixgbevf-vf2vf-tcp-rss.patch new file mode 100644 index 00000000000..a09c43f84ce --- /dev/null +++ b/queue-4.9/ixgbevf-vf2vf-tcp-rss.patch @@ -0,0 +1,36 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Sebastian Basierski +Date: Thu, 9 Aug 2018 11:45:40 +0200 +Subject: ixgbevf: VF2VF TCP RSS + +From: Sebastian Basierski + +[ Upstream commit 7fb94bd58dd6650a0158e68d414e185077d8b57a ] + +While VF2VF with RSS communication, RSS Type were wrongly recognized +and RSS hash was not calculated as it should be. Packets was +distributed on various queues by accident. +This commit fixes that behaviour and causes proper RSS Type recognition. + +Signed-off-by: Sebastian Basierski +Tested-by: Andrew Bowers +Signed-off-by: Jeff Kirsher +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c ++++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +@@ -3419,6 +3419,10 @@ static void ixgbevf_tx_csum(struct ixgbe + skb_checksum_help(skb); + goto no_csum; + } ++ ++ if (first->protocol == htons(ETH_P_IP)) ++ type_tucmd |= IXGBE_ADVTXD_TUCMD_IPV4; ++ + /* update TX checksum flag */ + first->tx_flags |= IXGBE_TX_FLAGS_CSUM; + vlan_macip_lens = skb_checksum_start_offset(skb) - diff --git a/queue-4.9/kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch b/queue-4.9/kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch new file mode 100644 index 00000000000..0c1a6d40abd --- /dev/null +++ b/queue-4.9/kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch @@ -0,0 +1,91 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Masami Hiramatsu +Date: Tue, 11 Sep 2018 19:20:40 +0900 +Subject: kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() + +From: Masami Hiramatsu + +[ Upstream commit 819319fc93461c07b9cdb3064f154bd8cfd48172 ] + +Make reuse_unused_kprobe() to return error code if +it fails to reuse unused kprobe for optprobe instead +of calling BUG_ON(). + +Signed-off-by: Masami Hiramatsu +Cc: Anil S Keshavamurthy +Cc: David S . Miller +Cc: Linus Torvalds +Cc: Naveen N . Rao +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/153666124040.21306.14150398706331307654.stgit@devbox +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/kprobes.c | 27 ++++++++++++++++++++------- + 1 file changed, 20 insertions(+), 7 deletions(-) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -665,9 +665,10 @@ static void unoptimize_kprobe(struct kpr + } + + /* Cancel unoptimizing for reusing */ +-static void reuse_unused_kprobe(struct kprobe *ap) ++static int reuse_unused_kprobe(struct kprobe *ap) + { + struct optimized_kprobe *op; ++ int ret; + + BUG_ON(!kprobe_unused(ap)); + /* +@@ -681,8 +682,12 @@ static void reuse_unused_kprobe(struct k + /* Enable the probe again */ + ap->flags &= ~KPROBE_FLAG_DISABLED; + /* Optimize it again (remove from op->list) */ +- BUG_ON(!kprobe_optready(ap)); ++ ret = kprobe_optready(ap); ++ if (ret) ++ return ret; ++ + optimize_kprobe(ap); ++ return 0; + } + + /* Remove optimized instructions */ +@@ -894,11 +899,16 @@ static void __disarm_kprobe(struct kprob + #define kprobe_disarmed(p) kprobe_disabled(p) + #define wait_for_kprobe_optimizer() do {} while (0) + +-/* There should be no unused kprobes can be reused without optimization */ +-static void reuse_unused_kprobe(struct kprobe *ap) ++static int reuse_unused_kprobe(struct kprobe *ap) + { ++ /* ++ * If the optimized kprobe is NOT supported, the aggr kprobe is ++ * released at the same time that the last aggregated kprobe is ++ * unregistered. ++ * Thus there should be no chance to reuse unused kprobe. ++ */ + printk(KERN_ERR "Error: There should be no unused kprobe here.\n"); +- BUG_ON(kprobe_unused(ap)); ++ return -EINVAL; + } + + static void free_aggr_kprobe(struct kprobe *p) +@@ -1276,9 +1286,12 @@ static int register_aggr_kprobe(struct k + goto out; + } + init_aggr_kprobe(ap, orig_p); +- } else if (kprobe_unused(ap)) ++ } else if (kprobe_unused(ap)) { + /* This probe is going to die. Rescue it */ +- reuse_unused_kprobe(ap); ++ ret = reuse_unused_kprobe(ap); ++ if (ret) ++ goto out; ++ } + + if (kprobe_gone(ap)) { + /* diff --git a/queue-4.9/locking-lockdep-fix-debug_locks-off-performance-problem.patch b/queue-4.9/locking-lockdep-fix-debug_locks-off-performance-problem.patch new file mode 100644 index 00000000000..bcfcbe7f124 --- /dev/null +++ b/queue-4.9/locking-lockdep-fix-debug_locks-off-performance-problem.patch @@ -0,0 +1,76 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Waiman Long +Date: Thu, 18 Oct 2018 21:45:17 -0400 +Subject: locking/lockdep: Fix debug_locks off performance problem + +From: Waiman Long + +[ Upstream commit 9506a7425b094d2f1d9c877ed5a78f416669269b ] + +It was found that when debug_locks was turned off because of a problem +found by the lockdep code, the system performance could drop quite +significantly when the lock_stat code was also configured into the +kernel. For instance, parallel kernel build time on a 4-socket x86-64 +server nearly doubled. + +Further analysis into the cause of the slowdown traced back to the +frequent call to debug_locks_off() from the __lock_acquired() function +probably due to some inconsistent lockdep states with debug_locks +off. The debug_locks_off() function did an unconditional atomic xchg +to write a 0 value into debug_locks which had already been set to 0. +This led to severe cacheline contention in the cacheline that held +debug_locks. As debug_locks is being referenced in quite a few different +places in the kernel, this greatly slow down the system performance. + +To prevent that trashing of debug_locks cacheline, lock_acquired() +and lock_contended() now checks the state of debug_locks before +proceeding. The debug_locks_off() function is also modified to check +debug_locks before calling __debug_locks_off(). + +Signed-off-by: Waiman Long +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: Paul E. McKenney +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Will Deacon +Link: http://lkml.kernel.org/r/1539913518-15598-1-git-send-email-longman@redhat.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/locking/lockdep.c | 4 ++-- + lib/debug_locks.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/kernel/locking/lockdep.c ++++ b/kernel/locking/lockdep.c +@@ -4010,7 +4010,7 @@ void lock_contended(struct lockdep_map * + { + unsigned long flags; + +- if (unlikely(!lock_stat)) ++ if (unlikely(!lock_stat || !debug_locks)) + return; + + if (unlikely(current->lockdep_recursion)) +@@ -4030,7 +4030,7 @@ void lock_acquired(struct lockdep_map *l + { + unsigned long flags; + +- if (unlikely(!lock_stat)) ++ if (unlikely(!lock_stat || !debug_locks)) + return; + + if (unlikely(current->lockdep_recursion)) +--- a/lib/debug_locks.c ++++ b/lib/debug_locks.c +@@ -37,7 +37,7 @@ EXPORT_SYMBOL_GPL(debug_locks_silent); + */ + int debug_locks_off(void) + { +- if (__debug_locks_off()) { ++ if (debug_locks && __debug_locks_off()) { + if (!debug_locks_silent) { + console_verbose(); + return 1; diff --git a/queue-4.9/md-fix-invalid-stored-role-for-a-disk.patch b/queue-4.9/md-fix-invalid-stored-role-for-a-disk.patch new file mode 100644 index 00000000000..525d86c4e13 --- /dev/null +++ b/queue-4.9/md-fix-invalid-stored-role-for-a-disk.patch @@ -0,0 +1,43 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Shaohua Li +Date: Mon, 1 Oct 2018 18:36:36 -0700 +Subject: MD: fix invalid stored role for a disk + +From: Shaohua Li + +[ Upstream commit d595567dc4f0c1d90685ec1e2e296e2cad2643ac ] + +If we change the number of array's device after device is removed from array, +then add the device back to array, we can see that device is added as active +role instead of spare which we expected. + +Please see the below link for details: +https://marc.info/?l=linux-raid&m=153736982015076&w=2 + +This is caused by that we prefer to use device's previous role which is +recorded by saved_raid_disk, but we should respect the new number of +conf->raid_disks since it could be changed after device is removed. + +Reported-by: Gioh Kim +Tested-by: Gioh Kim +Acked-by: Guoqing Jiang +Signed-off-by: Shaohua Li +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/md.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -1665,6 +1665,10 @@ static int super_1_validate(struct mddev + } else + set_bit(In_sync, &rdev->flags); + rdev->raid_disk = role; ++ if (role >= mddev->raid_disks) { ++ rdev->saved_raid_disk = -1; ++ rdev->raid_disk = -1; ++ } + break; + } + if (sb->devflags & WriteMostly1) diff --git a/queue-4.9/mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch b/queue-4.9/mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch new file mode 100644 index 00000000000..486826bf364 --- /dev/null +++ b/queue-4.9/mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch @@ -0,0 +1,57 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Yu Zhao +Date: Sun, 23 Sep 2018 14:39:24 -0600 +Subject: mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 + +From: Yu Zhao + +[ Upstream commit 5169894982bb67486d93cc1e10151712bb86bcb6 ] + +This device reports SDHCI_CLOCK_INT_STABLE even though it's not +ready to take SDHCI_CLOCK_CARD_EN. The symptom is that reading +SDHCI_CLOCK_CONTROL after enabling the clock shows absence of the +bit from the register (e.g. expecting 0x0000fa07 = 0x0000fa03 | +SDHCI_CLOCK_CARD_EN but only observed the first operand). + +mmc1: Timeout waiting for hardware cmd interrupt. +mmc1: sdhci: ============ SDHCI REGISTER DUMP =========== +mmc1: sdhci: Sys addr: 0x00000000 | Version: 0x00000603 +mmc1: sdhci: Blk size: 0x00000000 | Blk cnt: 0x00000000 +mmc1: sdhci: Argument: 0x00000000 | Trn mode: 0x00000000 +mmc1: sdhci: Present: 0x01ff0001 | Host ctl: 0x00000001 +mmc1: sdhci: Power: 0x0000000f | Blk gap: 0x00000000 +mmc1: sdhci: Wake-up: 0x00000000 | Clock: 0x0000fa03 +mmc1: sdhci: Timeout: 0x00000000 | Int stat: 0x00000000 +mmc1: sdhci: Int enab: 0x00ff0083 | Sig enab: 0x00ff0083 +mmc1: sdhci: AC12 err: 0x00000000 | Slot int: 0x00000000 +mmc1: sdhci: Caps: 0x25fcc8bf | Caps_1: 0x00002077 +mmc1: sdhci: Cmd: 0x00000000 | Max curr: 0x005800c8 +mmc1: sdhci: Resp[0]: 0x00000000 | Resp[1]: 0x00000000 +mmc1: sdhci: Resp[2]: 0x00000000 | Resp[3]: 0x00000000 +mmc1: sdhci: Host ctl2: 0x00000008 +mmc1: sdhci: ADMA Err: 0x00000000 | ADMA Ptr: 0x00000000 +mmc1: sdhci: ============================================ + +The problem happens during wakeup from S3. Adding a delay quirk +after power up reliably fixes the problem. + +Signed-off-by: Yu Zhao +Signed-off-by: Ulf Hansson +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci-pci-o2micro.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/mmc/host/sdhci-pci-o2micro.c ++++ b/drivers/mmc/host/sdhci-pci-o2micro.c +@@ -334,6 +334,9 @@ int sdhci_pci_o2_probe(struct sdhci_pci_ + pci_write_config_byte(chip->pdev, O2_SD_LOCK_WP, scratch); + break; + case PCI_DEVICE_ID_O2_SEABIRD0: ++ if (chip->pdev->revision == 0x01) ++ chip->quirks |= SDHCI_QUIRK_DELAY_AFTER_POWER; ++ /* fall through */ + case PCI_DEVICE_ID_O2_SEABIRD1: + /* UnLock WP */ + ret = pci_read_config_byte(chip->pdev, diff --git a/queue-4.9/net-ethernet-ti-cpsw-unsync-mcast-entries-while-switch-promisc-mode.patch b/queue-4.9/net-ethernet-ti-cpsw-unsync-mcast-entries-while-switch-promisc-mode.patch new file mode 100644 index 00000000000..76725706da4 --- /dev/null +++ b/queue-4.9/net-ethernet-ti-cpsw-unsync-mcast-entries-while-switch-promisc-mode.patch @@ -0,0 +1,38 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Ivan Khoronzhuk +Date: Mon, 22 Oct 2018 21:51:36 +0300 +Subject: net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode + +From: Ivan Khoronzhuk + +[ Upstream commit 9737cc99dd14b5b8b9d267618a6061feade8ea68 ] + +After flushing all mcast entries from the table, the ones contained in +mc list of ndev are not restored when promisc mode is toggled off, +because they are considered as synched with ALE, thus, in order to +restore them after promisc mode - reset syncing info. This fix +touches only switch mode devices, including single port boards +like Beagle Bone. + +Fixes: commit 5da1948969bc +("net: ethernet: ti: cpsw: fix lost of mcast packets while rx_mode update") + +Signed-off-by: Ivan Khoronzhuk +Reviewed-by: Grygorii Strashko +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/ti/cpsw.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/ti/cpsw.c ++++ b/drivers/net/ethernet/ti/cpsw.c +@@ -590,6 +590,7 @@ static void cpsw_set_promiscious(struct + + /* Clear all mcast from ALE */ + cpsw_ale_flush_multicast(ale, ALE_ALL_PORTS, -1); ++ __dev_mc_unsync(ndev, NULL); + + /* Flood All Unicast Packets to Host port */ + cpsw_ale_control_set(ale, 0, ALE_P0_UNI_FLOOD, 1); diff --git a/queue-4.9/net-qla3xxx-remove-overflowing-shift-statement.patch b/queue-4.9/net-qla3xxx-remove-overflowing-shift-statement.patch new file mode 100644 index 00000000000..3c78b47131d --- /dev/null +++ b/queue-4.9/net-qla3xxx-remove-overflowing-shift-statement.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Nathan Chancellor +Date: Fri, 12 Oct 2018 19:14:58 -0700 +Subject: net: qla3xxx: Remove overflowing shift statement + +From: Nathan Chancellor + +[ Upstream commit 8c3bf9b62b667456a57aefcf1689e826df146159 ] + +Clang currently warns: + +drivers/net/ethernet/qlogic/qla3xxx.c:384:24: warning: signed shift +result (0xF00000000) requires 37 bits to represent, but 'int' only has +32 bits [-Wshift-overflow] + ((ISP_NVRAM_MASK << 16) | qdev->eeprom_cmd_data)); + ~~~~~~~~~~~~~~ ^ ~~ +1 warning generated. + +The warning is certainly accurate since ISP_NVRAM_MASK is defined as +(0x000F << 16) which is then shifted by 16, resulting in 64424509440, +well above UINT_MAX. + +Given that this is the only location in this driver where ISP_NVRAM_MASK +is shifted again, it seems likely that ISP_NVRAM_MASK was originally +defined without a shift and during the move of the shift to the +definition, this statement wasn't properly removed (since ISP_NVRAM_MASK +is used in the statenent right above this). Only the maintainers can +confirm this since this statment has been here since the driver was +first added to the kernel. + +Link: https://github.com/ClangBuiltLinux/linux/issues/127 +Signed-off-by: Nathan Chancellor +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/qlogic/qla3xxx.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/net/ethernet/qlogic/qla3xxx.c ++++ b/drivers/net/ethernet/qlogic/qla3xxx.c +@@ -380,8 +380,6 @@ static void fm93c56a_select(struct ql3_a + + qdev->eeprom_cmd_data = AUBURN_EEPROM_CS_1; + ql_write_nvram_reg(qdev, spir, ISP_NVRAM_MASK | qdev->eeprom_cmd_data); +- ql_write_nvram_reg(qdev, spir, +- ((ISP_NVRAM_MASK << 16) | qdev->eeprom_cmd_data)); + } + + /* diff --git a/queue-4.9/pci-msi-warn-and-return-error-if-driver-enables-msi-msi-x-twice.patch b/queue-4.9/pci-msi-warn-and-return-error-if-driver-enables-msi-msi-x-twice.patch new file mode 100644 index 00000000000..2a8a32f4609 --- /dev/null +++ b/queue-4.9/pci-msi-warn-and-return-error-if-driver-enables-msi-msi-x-twice.patch @@ -0,0 +1,95 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Tonghao Zhang +Date: Mon, 24 Sep 2018 07:00:41 -0700 +Subject: PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice + +From: Tonghao Zhang + +[ Upstream commit 4c1ef72e9b71a19fb405ebfcd37c0a5e16fa44ca ] + +It is a serious driver defect to enable MSI or MSI-X more than once. Doing +so may panic the kernel as in the stack trace below: + + Call Trace: + sysfs_add_one+0xa5/0xd0 + create_dir+0x7c/0xe0 + sysfs_create_subdir+0x1c/0x20 + internal_create_group+0x6d/0x290 + sysfs_create_groups+0x4a/0xa0 + populate_msi_sysfs+0x1cd/0x210 + pci_enable_msix+0x31c/0x3e0 + igbuio_pci_open+0x72/0x300 [igb_uio] + uio_open+0xcc/0x120 [uio] + chrdev_open+0xa1/0x1e0 + [...] + do_sys_open+0xf3/0x1f0 + SyS_open+0x1e/0x20 + system_call_fastpath+0x16/0x1b + ---[ end trace 11042e2848880209 ]--- + Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa056b4fa + +We want to keep the WARN_ON() and stack trace so the driver can be fixed, +but we can avoid the kernel panic by returning an error. We may still get +warnings like this: + + Call Trace: + pci_enable_msix+0x3c9/0x3e0 + igbuio_pci_open+0x72/0x300 [igb_uio] + uio_open+0xcc/0x120 [uio] + chrdev_open+0xa1/0x1e0 + [...] + do_sys_open+0xf3/0x1f0 + SyS_open+0x1e/0x20 + system_call_fastpath+0x16/0x1b + ------------[ cut here ]------------ + WARNING: at fs/sysfs/dir.c:526 sysfs_add_one+0xa5/0xd0() + sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:03.0/0000:01:00.1/msi_irqs' + +Signed-off-by: Tonghao Zhang +[bhelgaas: changelog, fix patch whitespace, remove !!] +Signed-off-by: Bjorn Helgaas +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/msi.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/drivers/pci/msi.c ++++ b/drivers/pci/msi.c +@@ -981,7 +981,6 @@ static int __pci_enable_msix(struct pci_ + } + } + } +- WARN_ON(!!dev->msix_enabled); + + /* Check whether driver already requested for MSI irq */ + if (dev->msi_enabled) { +@@ -1068,8 +1067,6 @@ static int __pci_enable_msi_range(struct + if (!pci_msi_supported(dev, minvec)) + return -EINVAL; + +- WARN_ON(!!dev->msi_enabled); +- + /* Check whether driver already requested MSI-X irqs */ + if (dev->msix_enabled) { + dev_info(&dev->dev, +@@ -1080,6 +1077,9 @@ static int __pci_enable_msi_range(struct + if (maxvec < minvec) + return -ERANGE; + ++ if (WARN_ON_ONCE(dev->msi_enabled)) ++ return -EINVAL; ++ + nvec = pci_msi_vec_count(dev); + if (nvec < 0) + return nvec; +@@ -1138,6 +1138,9 @@ static int __pci_enable_msix_range(struc + if (maxvec < minvec) + return -ERANGE; + ++ if (WARN_ON_ONCE(dev->msix_enabled)) ++ return -EINVAL; ++ + for (;;) { + if (affinity) { + nvec = irq_calc_affinity_vectors(dev->irq_affinity, diff --git a/queue-4.9/perf-cpu_map-align-cpu-map-synthesized-events-properly.patch b/queue-4.9/perf-cpu_map-align-cpu-map-synthesized-events-properly.patch new file mode 100644 index 00000000000..74876e054b7 --- /dev/null +++ b/queue-4.9/perf-cpu_map-align-cpu-map-synthesized-events-properly.patch @@ -0,0 +1,35 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: David Miller +Date: Thu, 11 Oct 2018 22:46:55 -0700 +Subject: perf cpu_map: Align cpu map synthesized events properly. + +From: David Miller + +[ Upstream commit 0ed149cf5239cc6e7e65bf00f769e8f1e91076c0 ] + +The size of the resulting cpu map can be smaller than a multiple of +sizeof(u64), resulting in SIGBUS on cpus like Sparc as the next event +will not be aligned properly. + +Signed-off-by: David S. Miller +Cc: Jiri Olsa +Cc: Kan Liang +Fixes: 6c872901af07 ("perf cpu_map: Add cpu_map event synthesize function") +Link: http://lkml.kernel.org/r/20181011.224655.716771175766946817.davem@davemloft.net +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/event.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/perf/util/event.c ++++ b/tools/perf/util/event.c +@@ -839,6 +839,7 @@ void *cpu_map_data__alloc(struct cpu_map + } + + *size += sizeof(struct cpu_map_data); ++ *size = PERF_ALIGN(*size, sizeof(u64)); + return zalloc(*size); + } + diff --git a/queue-4.9/perf-strbuf-match-va_-add-copy-with-va_end.patch b/queue-4.9/perf-strbuf-match-va_-add-copy-with-va_end.patch new file mode 100644 index 00000000000..cdcadf3bc4e --- /dev/null +++ b/queue-4.9/perf-strbuf-match-va_-add-copy-with-va_end.patch @@ -0,0 +1,59 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Sanskriti Sharma +Date: Tue, 2 Oct 2018 10:29:10 -0400 +Subject: perf strbuf: Match va_{add,copy} with va_end + +From: Sanskriti Sharma + +[ Upstream commit ce49d8436cffa9b7a6a5f110879d53e89dbc6746 ] + +Ensure that all code paths in strbuf_addv() call va_end() on the +ap_saved copy that was made. + +Fixes the following coverity complaint: + + Error: VARARGS (CWE-237): [#def683] + tools/perf/util/strbuf.c:106: missing_va_end: va_end was not called + for "ap_saved". + +Signed-off-by: Sanskriti Sharma +Reviewed-by: Jiri Olsa +Cc: Joe Lawrence +Link: http://lkml.kernel.org/r/1538490554-8161-2-git-send-email-sansharm@redhat.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/strbuf.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/tools/perf/util/strbuf.c ++++ b/tools/perf/util/strbuf.c +@@ -105,19 +105,25 @@ static int strbuf_addv(struct strbuf *sb + + va_copy(ap_saved, ap); + len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap); +- if (len < 0) ++ if (len < 0) { ++ va_end(ap_saved); + return len; ++ } + if (len > strbuf_avail(sb)) { + ret = strbuf_grow(sb, len); +- if (ret) ++ if (ret) { ++ va_end(ap_saved); + return ret; ++ } + len = vsnprintf(sb->buf + sb->len, sb->alloc - sb->len, fmt, ap_saved); + va_end(ap_saved); + if (len > strbuf_avail(sb)) { + pr_debug("this should not happen, your vsnprintf is broken"); ++ va_end(ap_saved); + return -EINVAL; + } + } ++ va_end(ap_saved); + return strbuf_setlen(sb, sb->len + len); + } + diff --git a/queue-4.9/perf-tools-cleanup-trace-event-info-tdata-leak.patch b/queue-4.9/perf-tools-cleanup-trace-event-info-tdata-leak.patch new file mode 100644 index 00000000000..be0c67a3c1e --- /dev/null +++ b/queue-4.9/perf-tools-cleanup-trace-event-info-tdata-leak.patch @@ -0,0 +1,44 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Sanskriti Sharma +Date: Tue, 2 Oct 2018 10:29:11 -0400 +Subject: perf tools: Cleanup trace-event-info 'tdata' leak + +From: Sanskriti Sharma + +[ Upstream commit faedbf3fd19f2511a39397f76359e4cc6ee93072 ] + +Free tracing_data structure in tracing_data_get() error paths. + +Fixes the following coverity complaint: + + Error: RESOURCE_LEAK (CWE-772): + leaked_storage: Variable "tdata" going out of scope leaks the storage + +Signed-off-by: Sanskriti Sharma +Reviewed-by: Jiri Olsa +Cc: Joe Lawrence +Link: http://lkml.kernel.org/r/1538490554-8161-3-git-send-email-sansharm@redhat.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/trace-event-info.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/tools/perf/util/trace-event-info.c ++++ b/tools/perf/util/trace-event-info.c +@@ -507,12 +507,14 @@ struct tracing_data *tracing_data_get(st + "/tmp/perf-XXXXXX"); + if (!mkstemp(tdata->temp_file)) { + pr_debug("Can't make temp file"); ++ free(tdata); + return NULL; + } + + temp_fd = open(tdata->temp_file, O_RDWR); + if (temp_fd < 0) { + pr_debug("Can't read '%s'", tdata->temp_file); ++ free(tdata); + return NULL; + } + diff --git a/queue-4.9/perf-tools-free-temporary-sys-string-in-read_event_files.patch b/queue-4.9/perf-tools-free-temporary-sys-string-in-read_event_files.patch new file mode 100644 index 00000000000..d2112266ef9 --- /dev/null +++ b/queue-4.9/perf-tools-free-temporary-sys-string-in-read_event_files.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Sanskriti Sharma +Date: Tue, 2 Oct 2018 10:29:14 -0400 +Subject: perf tools: Free temporary 'sys' string in read_event_files() + +From: Sanskriti Sharma + +[ Upstream commit 1e44224fb0528b4c0cc176bde2bb31e9127eb14b ] + +For each system in a given pevent, read_event_files() reads in a +temporary 'sys' string. Be sure to free this string before moving onto +to the next system and/or leaving read_event_files(). + +Fixes the following coverity complaints: + + Error: RESOURCE_LEAK (CWE-772): + + tools/perf/util/trace-event-read.c:343: overwrite_var: Overwriting + "sys" in "sys = read_string()" leaks the storage that "sys" points to. + + tools/perf/util/trace-event-read.c:353: leaked_storage: Variable "sys" + going out of scope leaks the storage it points to. + +Signed-off-by: Sanskriti Sharma +Reviewed-by: Jiri Olsa +Cc: Joe Lawrence +Link: http://lkml.kernel.org/r/1538490554-8161-6-git-send-email-sansharm@redhat.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/trace-event-read.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/tools/perf/util/trace-event-read.c ++++ b/tools/perf/util/trace-event-read.c +@@ -334,9 +334,12 @@ static int read_event_files(struct peven + for (x=0; x < count; x++) { + size = read8(pevent); + ret = read_event_file(pevent, sys, size); +- if (ret) ++ if (ret) { ++ free(sys); + return ret; ++ } + } ++ free(sys); + } + return 0; + } diff --git a/queue-4.9/pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch b/queue-4.9/pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch new file mode 100644 index 00000000000..aa7dd850b2d --- /dev/null +++ b/queue-4.9/pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch @@ -0,0 +1,47 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Stephen Boyd +Date: Thu, 30 Aug 2018 17:58:52 -0700 +Subject: pinctrl: qcom: spmi-mpp: Fix drive strength setting + +From: Stephen Boyd + +[ Upstream commit 89c68b102f13f123aaef22b292526d6b92501334 ] + +It looks like we parse the drive strength setting here, but never +actually write it into the hardware to update it. Parse the setting and +then write it at the end of the pinconf setting function so that it +actually sticks in the hardware. + +Fixes: 0e948042c420 ("pinctrl: qcom: spmi-mpp: Implement support for sink mode") +Cc: Doug Anderson +Signed-off-by: Stephen Boyd +Reviewed-by: Bjorn Andersson +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c ++++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c +@@ -457,7 +457,7 @@ static int pmic_mpp_config_set(struct pi + pad->dtest = arg; + break; + case PIN_CONFIG_DRIVE_STRENGTH: +- arg = pad->drive_strength; ++ pad->drive_strength = arg; + break; + case PMIC_MPP_CONF_AMUX_ROUTE: + if (arg >= PMIC_MPP_AMUX_ROUTE_ABUS4) +@@ -504,6 +504,10 @@ static int pmic_mpp_config_set(struct pi + if (ret < 0) + return ret; + ++ ret = pmic_mpp_write(state, pad, PMIC_MPP_REG_SINK_CTL, pad->drive_strength); ++ if (ret < 0) ++ return ret; ++ + val = pad->is_enabled << PMIC_MPP_REG_MASTER_EN_SHIFT; + + return pmic_mpp_write(state, pad, PMIC_MPP_REG_EN_CTL, val); diff --git a/queue-4.9/pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch b/queue-4.9/pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch new file mode 100644 index 00000000000..7f5938e0807 --- /dev/null +++ b/queue-4.9/pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch @@ -0,0 +1,31 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: YueHaibing +Date: Thu, 20 Sep 2018 01:58:18 +0000 +Subject: pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux + +From: YueHaibing + +[ Upstream commit 69f8455f6cc78fa6cdf80d0105d7a748106271dc ] + +'ret' should be returned while pmic_mpp_write_mode_ctl fails. + +Fixes: 0e948042c420 ("pinctrl: qcom: spmi-mpp: Implement support for sink mode") +Signed-off-by: YueHaibing +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c ++++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c +@@ -319,6 +319,8 @@ static int pmic_mpp_set_mux(struct pinct + pad->function = function; + + ret = pmic_mpp_write_mode_ctl(state, pad); ++ if (ret < 0) ++ return ret; + + val = pad->is_enabled << PMIC_MPP_REG_MASTER_EN_SHIFT; + diff --git a/queue-4.9/pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch b/queue-4.9/pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch new file mode 100644 index 00000000000..f1c4c31361f --- /dev/null +++ b/queue-4.9/pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch @@ -0,0 +1,91 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Douglas Anderson +Date: Thu, 30 Aug 2018 08:23:39 -0700 +Subject: pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant + +From: Douglas Anderson + +[ Upstream commit 0d5b476f8f57fcb06c45fe27681ac47254f63fd2 ] + +If you look at "pinconf-groups" in debugfs for ssbi-mpp you'll notice +it looks like nonsense. + +The problem is fairly well described in commit 1cf86bc21257 ("pinctrl: +qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant") and +commit 05e0c828955c ("pinctrl: msm: Fix msm_config_group_get() to be +compliant"), but it was pointed out that ssbi-mpp has the same +problem. Let's fix it there too. + +NOTE: in case it's helpful to someone reading this, the way to tell +whether to do the -EINVAL or not is to look at the PCONFDUMP for a +given attribute. If the last element (has_arg) is false then you need +to do the -EINVAL trick. + +ALSO NOTE: it seems unlikely that the values returned when we try to +get PIN_CONFIG_BIAS_PULL_UP will actually be printed since "has_arg" +is false for that one, but I guess it's still fine to return different +values so I kept doing that. It seems like another driver (ssbi-gpio) +uses a custom attribute (PM8XXX_QCOM_PULL_UP_STRENGTH) for something +similar so maybe a future change should do that here too. + +Fixes: cfb24f6ebd38 ("pinctrl: Qualcomm SPMI PMIC MPP pin controller driver") +Signed-off-by: Douglas Anderson +Reviewed-by: Stephen Boyd +Reviewed-by: Bjorn Andersson +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c ++++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c +@@ -345,13 +345,12 @@ static int pmic_mpp_config_get(struct pi + + switch (param) { + case PIN_CONFIG_BIAS_DISABLE: +- arg = pad->pullup == PMIC_MPP_PULL_UP_OPEN; ++ if (pad->pullup != PMIC_MPP_PULL_UP_OPEN) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_BIAS_PULL_UP: + switch (pad->pullup) { +- case PMIC_MPP_PULL_UP_OPEN: +- arg = 0; +- break; + case PMIC_MPP_PULL_UP_0P6KOHM: + arg = 600; + break; +@@ -366,13 +365,17 @@ static int pmic_mpp_config_get(struct pi + } + break; + case PIN_CONFIG_BIAS_HIGH_IMPEDANCE: +- arg = !pad->is_enabled; ++ if (pad->is_enabled) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_POWER_SOURCE: + arg = pad->power_source; + break; + case PIN_CONFIG_INPUT_ENABLE: +- arg = pad->input_enabled; ++ if (!pad->input_enabled) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_OUTPUT: + arg = pad->out_value; +@@ -384,7 +387,9 @@ static int pmic_mpp_config_get(struct pi + arg = pad->amux_input; + break; + case PMIC_MPP_CONF_PAIRED: +- arg = pad->paired; ++ if (!pad->paired) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_DRIVE_STRENGTH: + arg = pad->drive_strength; diff --git a/queue-4.9/pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch b/queue-4.9/pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch new file mode 100644 index 00000000000..7837e6dfa37 --- /dev/null +++ b/queue-4.9/pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch @@ -0,0 +1,86 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Douglas Anderson +Date: Thu, 30 Aug 2018 08:23:38 -0700 +Subject: pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant + +From: Douglas Anderson + +[ Upstream commit b432414b996d32a1bd9afe2bd595bd5729c1477f ] + +If you look at "pinconf-groups" in debugfs for ssbi-gpio you'll notice +it looks like nonsense. + +The problem is fairly well described in commit 1cf86bc21257 ("pinctrl: +qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant") and +commit 05e0c828955c ("pinctrl: msm: Fix msm_config_group_get() to be +compliant"), but it was pointed out that ssbi-gpio has the same +problem. Let's fix it there too. + +Fixes: b4c45fe974bc ("pinctrl: qcom: ssbi: Family A gpio & mpp drivers") +Signed-off-by: Douglas Anderson +Reviewed-by: Stephen Boyd +Reviewed-by: Bjorn Andersson +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c | 28 +++++++++++++++++++++------- + 1 file changed, 21 insertions(+), 7 deletions(-) + +--- a/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c ++++ b/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c +@@ -260,22 +260,32 @@ static int pm8xxx_pin_config_get(struct + + switch (param) { + case PIN_CONFIG_BIAS_DISABLE: +- arg = pin->bias == PM8XXX_GPIO_BIAS_NP; ++ if (pin->bias != PM8XXX_GPIO_BIAS_NP) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_BIAS_PULL_DOWN: +- arg = pin->bias == PM8XXX_GPIO_BIAS_PD; ++ if (pin->bias != PM8XXX_GPIO_BIAS_PD) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_BIAS_PULL_UP: +- arg = pin->bias <= PM8XXX_GPIO_BIAS_PU_1P5_30; ++ if (pin->bias > PM8XXX_GPIO_BIAS_PU_1P5_30) ++ return -EINVAL; ++ arg = 1; + break; + case PM8XXX_QCOM_PULL_UP_STRENGTH: + arg = pin->pull_up_strength; + break; + case PIN_CONFIG_BIAS_HIGH_IMPEDANCE: +- arg = pin->disable; ++ if (!pin->disable) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_INPUT_ENABLE: +- arg = pin->mode == PM8XXX_GPIO_MODE_INPUT; ++ if (pin->mode != PM8XXX_GPIO_MODE_INPUT) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_OUTPUT: + if (pin->mode & PM8XXX_GPIO_MODE_OUTPUT) +@@ -290,10 +300,14 @@ static int pm8xxx_pin_config_get(struct + arg = pin->output_strength; + break; + case PIN_CONFIG_DRIVE_PUSH_PULL: +- arg = !pin->open_drain; ++ if (pin->open_drain) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_DRIVE_OPEN_DRAIN: +- arg = pin->open_drain; ++ if (!pin->open_drain) ++ return -EINVAL; ++ arg = 1; + break; + default: + return -EINVAL; diff --git a/queue-4.9/rdma-core-do-not-expose-unsupported-counters.patch b/queue-4.9/rdma-core-do-not-expose-unsupported-counters.patch new file mode 100644 index 00000000000..07a37553f40 --- /dev/null +++ b/queue-4.9/rdma-core-do-not-expose-unsupported-counters.patch @@ -0,0 +1,75 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Parav Pandit +Date: Sun, 7 Oct 2018 12:12:40 +0300 +Subject: RDMA/core: Do not expose unsupported counters + +From: Parav Pandit + +[ Upstream commit 0f6ef65d1c6ec8deb5d0f11f86631ec4cfe8f22e ] + +If the provider driver (such as rdma_rxe) doesn't support pma counters, +avoid exposing its directory similar to optional hw_counters directory. +If core fails to read the PMA counter, return an error so that user can +retry later if needed. + +Fixes: 35c4cbb17811 ("IB/core: Create get_perf_mad function in sysfs.c") +Reported-by: Holger Hoffstätte +Tested-by: Holger Hoffstätte +Signed-off-by: Parav Pandit +Signed-off-by: Leon Romanovsky +Signed-off-by: Doug Ledford +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/core/sysfs.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +--- a/drivers/infiniband/core/sysfs.c ++++ b/drivers/infiniband/core/sysfs.c +@@ -485,7 +485,7 @@ static ssize_t show_pma_counter(struct i + ret = get_perf_mad(p->ibdev, p->port_num, tab_attr->attr_id, &data, + 40 + offset / 8, sizeof(data)); + if (ret < 0) +- return sprintf(buf, "N/A (no PMA)\n"); ++ return ret; + + switch (width) { + case 4: +@@ -1008,10 +1008,12 @@ static int add_port(struct ib_device *de + goto err_put; + } + +- p->pma_table = get_counter_table(device, port_num); +- ret = sysfs_create_group(&p->kobj, p->pma_table); +- if (ret) +- goto err_put_gid_attrs; ++ if (device->process_mad) { ++ p->pma_table = get_counter_table(device, port_num); ++ ret = sysfs_create_group(&p->kobj, p->pma_table); ++ if (ret) ++ goto err_put_gid_attrs; ++ } + + p->gid_group.name = "gids"; + p->gid_group.attrs = alloc_group_attrs(show_port_gid, attr.gid_tbl_len); +@@ -1124,7 +1126,8 @@ err_free_gid: + p->gid_group.attrs = NULL; + + err_remove_pma: +- sysfs_remove_group(&p->kobj, p->pma_table); ++ if (p->pma_table) ++ sysfs_remove_group(&p->kobj, p->pma_table); + + err_put_gid_attrs: + kobject_put(&p->gid_attr_group->kobj); +@@ -1236,7 +1239,9 @@ static void free_port_list_attributes(st + kfree(port->hw_stats); + free_hsag(&port->kobj, port->hw_stats_ag); + } +- sysfs_remove_group(p, port->pma_table); ++ ++ if (port->pma_table) ++ sysfs_remove_group(p, port->pma_table); + sysfs_remove_group(p, &port->pkey_group); + sysfs_remove_group(p, &port->gid_group); + sysfs_remove_group(&port->gid_attr_group->kobj, diff --git a/queue-4.9/revert-perf-tools-fix-pmu-term-format-max-value-calculation.patch b/queue-4.9/revert-perf-tools-fix-pmu-term-format-max-value-calculation.patch new file mode 100644 index 00000000000..0afd543b8ee --- /dev/null +++ b/queue-4.9/revert-perf-tools-fix-pmu-term-format-max-value-calculation.patch @@ -0,0 +1,86 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Jiri Olsa +Date: Wed, 3 Oct 2018 09:20:46 +0200 +Subject: Revert "perf tools: Fix PMU term format max value calculation" + +From: Jiri Olsa + +[ Upstream commit 1b9caa10b31dda0866f4028e4bfb923fb6e4072f ] + +This reverts commit ac0e2cd555373ae6f8f3a3ad3fbbf5b6d1e7aaaa. + +Michael reported an issue with oversized terms values assignment +and I noticed there was actually a misunderstanding of the max +value check in the past. + +The above commit's changelog says: + + If bit 21 is set, there is parsing issues as below. + + $ perf stat -a -e uncore_qpi_0/event=0x200002,umask=0x8/ + event syntax error: '..pi_0/event=0x200002,umask=0x8/' + \___ value too big for format, maximum is 511 + +But there's no issue there, because the event value is distributed +along the value defined by the format. Even if the format defines +separated bit, the value is treated as a continual number, which +should follow the format definition. + +In above case it's 9-bit value with last bit separated: + $ cat uncore_qpi_0/format/event + config:0-7,21 + +Hence the value 0x200002 is correctly reported as format violation, +because it exceeds 9 bits. It should have been 0x102 instead, which +sets the 9th bit - the bit 21 of the format. + + $ perf stat -vv -a -e uncore_qpi_0/event=0x102,umask=0x8/ + Using CPUID GenuineIntel-6-2D + ... + ------------------------------------------------------------ + perf_event_attr: + type 10 + size 112 + config 0x200802 + sample_type IDENTIFIER + ... + +Reported-by: Michael Petlan +Signed-off-by: Jiri Olsa +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Kan Liang +Cc: Namhyung Kim +Cc: Peter Zijlstra +Fixes: ac0e2cd55537 ("perf tools: Fix PMU term format max value calculation") +Link: http://lkml.kernel.org/r/20181003072046.29276-1-jolsa@kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/pmu.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +--- a/tools/perf/util/pmu.c ++++ b/tools/perf/util/pmu.c +@@ -685,13 +685,14 @@ static void pmu_format_value(unsigned lo + + static __u64 pmu_format_max_value(const unsigned long *format) + { +- __u64 w = 0; +- int fbit; ++ int w; + +- for_each_set_bit(fbit, format, PERF_PMU_FORMAT_BITS) +- w |= (1ULL << fbit); +- +- return w; ++ w = bitmap_weight(format, PERF_PMU_FORMAT_BITS); ++ if (!w) ++ return 0; ++ if (w < 64) ++ return (1ULL << w) - 1; ++ return -1; + } + + /* diff --git a/queue-4.9/s390-sthyi-fix-machine-name-validity-indication.patch b/queue-4.9/s390-sthyi-fix-machine-name-validity-indication.patch new file mode 100644 index 00000000000..d66e3881307 --- /dev/null +++ b/queue-4.9/s390-sthyi-fix-machine-name-validity-indication.patch @@ -0,0 +1,51 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Janosch Frank +Date: Tue, 2 Oct 2018 10:57:52 +0200 +Subject: s390/sthyi: Fix machine name validity indication + +From: Janosch Frank + +[ Upstream commit b5130dc2224d1881f24224c0590c6d97f2168d6a ] + +When running as a level 3 guest with no host provided sthyi support +sclp_ocf_cpc_name_copy() will only return zeroes. Zeroes are not a +valid group name, so let's not indicate that the group name field is +valid. + +Also the group name is not dependent on stsi, let's not return based +on stsi before setting it. + +Fixes: 95ca2cb57985 ("KVM: s390: Add sthyi emulation") +Signed-off-by: Janosch Frank +Signed-off-by: Martin Schwidefsky +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/kvm/sthyi.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/arch/s390/kvm/sthyi.c ++++ b/arch/s390/kvm/sthyi.c +@@ -174,17 +174,19 @@ static void fill_hdr(struct sthyi_sctns + static void fill_stsi_mac(struct sthyi_sctns *sctns, + struct sysinfo_1_1_1 *sysinfo) + { ++ sclp_ocf_cpc_name_copy(sctns->mac.infmname); ++ if (*(u64 *)sctns->mac.infmname != 0) ++ sctns->mac.infmval1 |= MAC_NAME_VLD; ++ + if (stsi(sysinfo, 1, 1, 1)) + return; + +- sclp_ocf_cpc_name_copy(sctns->mac.infmname); +- + memcpy(sctns->mac.infmtype, sysinfo->type, sizeof(sctns->mac.infmtype)); + memcpy(sctns->mac.infmmanu, sysinfo->manufacturer, sizeof(sctns->mac.infmmanu)); + memcpy(sctns->mac.infmpman, sysinfo->plant, sizeof(sctns->mac.infmpman)); + memcpy(sctns->mac.infmseq, sysinfo->sequence, sizeof(sctns->mac.infmseq)); + +- sctns->mac.infmval1 |= MAC_ID_VLD | MAC_NAME_VLD; ++ sctns->mac.infmval1 |= MAC_ID_VLD; + } + + static void fill_stsi_par(struct sthyi_sctns *sctns, diff --git a/queue-4.9/sched-fair-fix-the-min_vruntime-update-logic-in-dequeue_entity.patch b/queue-4.9/sched-fair-fix-the-min_vruntime-update-logic-in-dequeue_entity.patch new file mode 100644 index 00000000000..bca37da077c --- /dev/null +++ b/queue-4.9/sched-fair-fix-the-min_vruntime-update-logic-in-dequeue_entity.patch @@ -0,0 +1,44 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Song Muchun +Date: Sun, 14 Oct 2018 19:26:12 +0800 +Subject: sched/fair: Fix the min_vruntime update logic in dequeue_entity() + +From: Song Muchun + +[ Upstream commit 9845c49cc9bbb317a0bc9e9cf78d8e09d54c9af0 ] + +The comment and the code around the update_min_vruntime() call in +dequeue_entity() are not in agreement. + +>From commit: + + b60205c7c558 ("sched/fair: Fix min_vruntime tracking") + +I think that we want to update min_vruntime when a task is sleeping/migrating. +So, the check is inverted there - fix it. + +Signed-off-by: Song Muchun +Cc: Linus Torvalds +Cc: Mike Galbraith +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: b60205c7c558 ("sched/fair: Fix min_vruntime tracking") +Link: http://lkml.kernel.org/r/20181014112612.2614-1-smuchun@gmail.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/sched/fair.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -3502,7 +3502,7 @@ dequeue_entity(struct cfs_rq *cfs_rq, st + * put back on, and if we advance min_vruntime, we'll be placed back + * further than we started -- ie. we'll be penalized. + */ +- if ((flags & (DEQUEUE_SAVE | DEQUEUE_MOVE)) == DEQUEUE_SAVE) ++ if ((flags & (DEQUEUE_SAVE | DEQUEUE_MOVE)) != DEQUEUE_SAVE) + update_min_vruntime(cfs_rq); + } + diff --git a/queue-4.9/scsi-esp_scsi-track-residual-for-pio-transfers.patch b/queue-4.9/scsi-esp_scsi-track-residual-for-pio-transfers.patch new file mode 100644 index 00000000000..a4ae4ac85d6 --- /dev/null +++ b/queue-4.9/scsi-esp_scsi-track-residual-for-pio-transfers.patch @@ -0,0 +1,68 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Finn Thain +Date: Tue, 16 Oct 2018 16:31:25 +1100 +Subject: scsi: esp_scsi: Track residual for PIO transfers + +From: Finn Thain + +[ Upstream commit fd47d919d0c336e7c22862b51ee94927ffea227a ] + +If a target disconnects during a PIO data transfer the command may fail +when the target reconnects: + +scsi host1: DMA length is zero! +scsi host1: cur adr[04380000] len[00000000] + +The scsi bus is then reset. This happens because the residual reached +zero before the transfer was completed. + +The usual residual calculation relies on the Transfer Count registers. +That works for DMA transfers but not for PIO transfers. Fix the problem +by storing the PIO transfer residual and using that to correctly +calculate bytes_sent. + +Fixes: 6fe07aaffbf0 ("[SCSI] m68k: new mac_esp scsi driver") +Tested-by: Stan Johnson +Signed-off-by: Finn Thain +Tested-by: Michael Schmitz +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/esp_scsi.c | 1 + + drivers/scsi/esp_scsi.h | 2 ++ + drivers/scsi/mac_esp.c | 2 ++ + 3 files changed, 5 insertions(+) + +--- a/drivers/scsi/esp_scsi.c ++++ b/drivers/scsi/esp_scsi.c +@@ -1349,6 +1349,7 @@ static int esp_data_bytes_sent(struct es + + bytes_sent = esp->data_dma_len; + bytes_sent -= ecount; ++ bytes_sent -= esp->send_cmd_residual; + + /* + * The am53c974 has a DMA 'pecularity'. The doc states: +--- a/drivers/scsi/esp_scsi.h ++++ b/drivers/scsi/esp_scsi.h +@@ -540,6 +540,8 @@ struct esp { + + void *dma; + int dmarev; ++ ++ u32 send_cmd_residual; + }; + + /* A front-end driver for the ESP chip should do the following in +--- a/drivers/scsi/mac_esp.c ++++ b/drivers/scsi/mac_esp.c +@@ -426,6 +426,8 @@ static void mac_esp_send_pio_cmd(struct + scsi_esp_cmd(esp, ESP_CMD_TI); + } + } ++ ++ esp->send_cmd_residual = esp_count; + } + + static int mac_esp_irq_pending(struct esp *esp) diff --git a/queue-4.9/scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch b/queue-4.9/scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch new file mode 100644 index 00000000000..c5c99a5ae49 --- /dev/null +++ b/queue-4.9/scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch @@ -0,0 +1,60 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: James Smart +Date: Mon, 10 Sep 2018 10:30:45 -0700 +Subject: scsi: lpfc: Correct soft lockup when running mds diagnostics + +From: James Smart + +[ Upstream commit 0ef01a2d95fd62bb4f536e7ce4d5e8e74b97a244 ] + +When running an mds diagnostic that passes frames with the switch, soft +lockups are detected. The driver is in a CQE processing loop and has +sufficient amount of traffic that it never exits the ring processing routine, +thus the "lockup". + +Cap the number of elements in the work processing routine to 64 elements. This +ensures that the cpu will be given up and the handler reschedule to process +additional items. + +Signed-off-by: Dick Kennedy +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/lpfc/lpfc_sli.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -3512,6 +3512,7 @@ lpfc_sli_handle_slow_ring_event_s4(struc + struct hbq_dmabuf *dmabuf; + struct lpfc_cq_event *cq_event; + unsigned long iflag; ++ int count = 0; + + spin_lock_irqsave(&phba->hbalock, iflag); + phba->hba_flag &= ~HBA_SP_QUEUE_EVT; +@@ -3533,16 +3534,22 @@ lpfc_sli_handle_slow_ring_event_s4(struc + if (irspiocbq) + lpfc_sli_sp_handle_rspiocb(phba, pring, + irspiocbq); ++ count++; + break; + case CQE_CODE_RECEIVE: + case CQE_CODE_RECEIVE_V1: + dmabuf = container_of(cq_event, struct hbq_dmabuf, + cq_event); + lpfc_sli4_handle_received_buffer(phba, dmabuf); ++ count++; + break; + default: + break; + } ++ ++ /* Limit the number of events to 64 to avoid soft lockups */ ++ if (count == 64) ++ break; + } + } + diff --git a/queue-4.9/scsi-megaraid_sas-fix-a-missing-check-bug.patch b/queue-4.9/scsi-megaraid_sas-fix-a-missing-check-bug.patch new file mode 100644 index 00000000000..2af1f6ebda7 --- /dev/null +++ b/queue-4.9/scsi-megaraid_sas-fix-a-missing-check-bug.patch @@ -0,0 +1,52 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Wenwen Wang +Date: Sat, 6 Oct 2018 13:34:21 -0500 +Subject: scsi: megaraid_sas: fix a missing-check bug + +From: Wenwen Wang + +[ Upstream commit 47db7873136a9c57c45390a53b57019cf73c8259 ] + +In megasas_mgmt_compat_ioctl_fw(), to handle the structure +compat_megasas_iocpacket 'cioc', a user-space structure megasas_iocpacket +'ioc' is allocated before megasas_mgmt_ioctl_fw() is invoked to handle +the packet. Since the two data structures have different fields, the data +is copied from 'cioc' to 'ioc' field by field. In the copy process, +'sense_ptr' is prepared if the field 'sense_len' is not null, because it +will be used in megasas_mgmt_ioctl_fw(). To prepare 'sense_ptr', the +user-space data 'ioc->sense_off' and 'cioc->sense_off' are copied and +saved to kernel-space variables 'local_sense_off' and 'user_sense_off' +respectively. Given that 'ioc->sense_off' is also copied from +'cioc->sense_off', 'local_sense_off' and 'user_sense_off' should have the +same value. However, 'cioc' is in the user space and a malicious user can +race to change the value of 'cioc->sense_off' after it is copied to +'ioc->sense_off' but before it is copied to 'user_sense_off'. By doing +so, the attacker can inject different values into 'local_sense_off' and +'user_sense_off'. This can cause undefined behavior in the following +execution, because the two variables are supposed to be same. + +This patch enforces a check on the two kernel variables 'local_sense_off' +and 'user_sense_off' to make sure they are the same after the copy. In +case they are not, an error code EINVAL will be returned. + +Signed-off-by: Wenwen Wang +Acked-by: Sumit Saxena +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/megaraid/megaraid_sas_base.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -6901,6 +6901,9 @@ static int megasas_mgmt_compat_ioctl_fw( + get_user(user_sense_off, &cioc->sense_off)) + return -EFAULT; + ++ if (local_sense_off != user_sense_off) ++ return -EINVAL; ++ + if (local_sense_len) { + void __user **sense_ioc_ptr = + (void __user **)((u8 *)((unsigned long)&ioc->frame.raw) + local_sense_off); diff --git a/queue-4.9/selftests-ftrace-add-synthetic-event-syntax-testcase.patch b/queue-4.9/selftests-ftrace-add-synthetic-event-syntax-testcase.patch new file mode 100644 index 00000000000..74f29733248 --- /dev/null +++ b/queue-4.9/selftests-ftrace-add-synthetic-event-syntax-testcase.patch @@ -0,0 +1,107 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Masami Hiramatsu +Date: Thu, 18 Oct 2018 22:13:02 +0900 +Subject: selftests: ftrace: Add synthetic event syntax testcase + +From: Masami Hiramatsu + +[ Upstream commit ba0e41ca81b935b958006c7120466e2217357827 ] + +Add a testcase to check the syntax and field types for +synthetic_events interface. + +Link: http://lkml.kernel.org/r/153986838264.18251.16627517536956299922.stgit@devbox + +Acked-by: Shuah Khan +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-syntax.tc | 80 ++++++++++ + 1 file changed, 80 insertions(+) + create mode 100644 tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-syntax.tc + +--- /dev/null ++++ b/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-syntax.tc +@@ -0,0 +1,80 @@ ++#!/bin/sh ++# SPDX-License-Identifier: GPL-2.0 ++# description: event trigger - test synthetic_events syntax parser ++ ++do_reset() { ++ reset_trigger ++ echo > set_event ++ clear_trace ++} ++ ++fail() { #msg ++ do_reset ++ echo $1 ++ exit_fail ++} ++ ++if [ ! -f set_event ]; then ++ echo "event tracing is not supported" ++ exit_unsupported ++fi ++ ++if [ ! -f synthetic_events ]; then ++ echo "synthetic event is not supported" ++ exit_unsupported ++fi ++ ++reset_tracer ++do_reset ++ ++echo "Test synthetic_events syntax parser" ++ ++echo > synthetic_events ++ ++# synthetic event must have a field ++! echo "myevent" >> synthetic_events ++echo "myevent u64 var1" >> synthetic_events ++ ++# synthetic event must be found in synthetic_events ++grep "myevent[[:space:]]u64 var1" synthetic_events ++ ++# it is not possible to add same name event ++! echo "myevent u64 var2" >> synthetic_events ++ ++# Non-append open will cleanup all events and add new one ++echo "myevent u64 var2" > synthetic_events ++ ++# multiple fields with different spaces ++echo "myevent u64 var1; u64 var2;" > synthetic_events ++grep "myevent[[:space:]]u64 var1; u64 var2" synthetic_events ++echo "myevent u64 var1 ; u64 var2 ;" > synthetic_events ++grep "myevent[[:space:]]u64 var1; u64 var2" synthetic_events ++echo "myevent u64 var1 ;u64 var2" > synthetic_events ++grep "myevent[[:space:]]u64 var1; u64 var2" synthetic_events ++ ++# test field types ++echo "myevent u32 var" > synthetic_events ++echo "myevent u16 var" > synthetic_events ++echo "myevent u8 var" > synthetic_events ++echo "myevent s64 var" > synthetic_events ++echo "myevent s32 var" > synthetic_events ++echo "myevent s16 var" > synthetic_events ++echo "myevent s8 var" > synthetic_events ++ ++echo "myevent char var" > synthetic_events ++echo "myevent int var" > synthetic_events ++echo "myevent long var" > synthetic_events ++echo "myevent pid_t var" > synthetic_events ++ ++echo "myevent unsigned char var" > synthetic_events ++echo "myevent unsigned int var" > synthetic_events ++echo "myevent unsigned long var" > synthetic_events ++grep "myevent[[:space:]]unsigned long var" synthetic_events ++ ++# test string type ++echo "myevent char var[10]" > synthetic_events ++grep "myevent[[:space:]]char\[10\] var" synthetic_events ++ ++do_reset ++ ++exit 0 diff --git a/queue-4.9/series b/queue-4.9/series index fdcbd66d3ed..dfa02745975 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -13,3 +13,60 @@ alsa-ca0106-disable-izd-on-sb0570-dac-to-fix-audio-pops.patch x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch x86-corruption-check-fix-panic-in-memory_corruption_check-when-boot-option-without-value-is-provided.patch x86-speculation-support-enhanced-ibrs-on-future-cpus.patch +bpf-do-not-blindly-change-rlimit-in-reuseport-net-selftest.patch +revert-perf-tools-fix-pmu-term-format-max-value-calculation.patch +xfrm-policy-use-hlist-rcu-variants-on-insert.patch +sparc-fix-single-pcr-perf-event-counter-management.patch +sparc64-make-proc_id-signed.patch +sched-fair-fix-the-min_vruntime-update-logic-in-dequeue_entity.patch +perf-cpu_map-align-cpu-map-synthesized-events-properly.patch +x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch +net-qla3xxx-remove-overflowing-shift-statement.patch +selftests-ftrace-add-synthetic-event-syntax-testcase.patch +i2c-rcar-cleanup-dma-for-all-kinds-of-failure.patch +net-ethernet-ti-cpsw-unsync-mcast-entries-while-switch-promisc-mode.patch +locking-lockdep-fix-debug_locks-off-performance-problem.patch +ataflop-fix-error-handling-during-setup.patch +swim-fix-cleanup-on-setup-error.patch +tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch +s390-sthyi-fix-machine-name-validity-indication.patch +hwmon-pwm-fan-set-fan-speed-to-0-on-suspend.patch +perf-tools-free-temporary-sys-string-in-read_event_files.patch +perf-tools-cleanup-trace-event-info-tdata-leak.patch +perf-strbuf-match-va_-add-copy-with-va_end.patch +cpupower-fix-coredump-on-vmware.patch +mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch +iwlwifi-pcie-avoid-empty-free-rb-queue.patch +x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch +cpufreq-dt-try-freeing-static-opps-only-if-we-have-added-them.patch +bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch +x86-boot-fix-efi-stub-alignment.patch +pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch +brcmfmac-fix-for-proper-support-of-160mhz-bandwidth.patch +kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch +acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch +pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch +pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch +pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch +ixgbevf-vf2vf-tcp-rss.patch +ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch +cgroup-netclassid-add-a-preemption-point-to-write_classid.patch +scsi-esp_scsi-track-residual-for-pio-transfers.patch +scsi-megaraid_sas-fix-a-missing-check-bug.patch +rdma-core-do-not-expose-unsupported-counters.patch +ib-ipoib-clear-ipcb-before-icmp_send.patch +tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch +vmci-resource-wildcard-match-fixed.patch +usb-gadget-udc-atmel-handle-at91sam9rl-pmc.patch +ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch +md-fix-invalid-stored-role-for-a-disk.patch +pci-msi-warn-and-return-error-if-driver-enables-msi-msi-x-twice.patch +coresight-etb10-fix-handling-of-perf-mode.patch +crypto-caam-fix-implicit-casts-in-endianness-helpers.patch +usb-chipidea-prevent-unbalanced-irq-disable.patch +driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch +uio-ensure-class-is-registered-before-devices.patch +scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch +signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch +dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch +alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch diff --git a/queue-4.9/signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch b/queue-4.9/signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch new file mode 100644 index 00000000000..d40f84eef66 --- /dev/null +++ b/queue-4.9/signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch @@ -0,0 +1,36 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: "Eric W. Biederman" +Date: Mon, 3 Sep 2018 20:02:46 +0200 +Subject: signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init + +From: "Eric W. Biederman" + +[ Upstream commit 3597dfe01d12f570bc739da67f857fd222a3ea66 ] + +Instead of playing whack-a-mole and changing SEND_SIG_PRIV to +SEND_SIG_FORCED throughout the kernel to ensure a pid namespace init +gets signals sent by the kernel, stop allowing a pid namespace init to +ignore SIGKILL or SIGSTOP sent by the kernel. A pid namespace init is +only supposed to be able to ignore signals sent from itself and +children with SIG_DFL. + +Fixes: 921cf9f63089 ("signals: protect cinit from unblocked SIG_DFL signals") +Reviewed-by: Thomas Gleixner +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/signal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -991,7 +991,7 @@ static int __send_signal(int sig, struct + + result = TRACE_SIGNAL_IGNORED; + if (!prepare_signal(sig, t, +- from_ancestor_ns || (info == SEND_SIG_FORCED))) ++ from_ancestor_ns || (info == SEND_SIG_PRIV) || (info == SEND_SIG_FORCED))) + goto ret; + + pending = group ? &t->signal->shared_pending : &t->pending; diff --git a/queue-4.9/sparc-fix-single-pcr-perf-event-counter-management.patch b/queue-4.9/sparc-fix-single-pcr-perf-event-counter-management.patch new file mode 100644 index 00000000000..913dc35f10b --- /dev/null +++ b/queue-4.9/sparc-fix-single-pcr-perf-event-counter-management.patch @@ -0,0 +1,91 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: "David S. Miller" +Date: Fri, 12 Oct 2018 10:31:58 -0700 +Subject: sparc: Fix single-pcr perf event counter management. + +From: "David S. Miller" + +[ Upstream commit cfdc3170d214046b9509183fe9b9544dc644d40b ] + +It is important to clear the hw->state value for non-stopped events +when they are added into the PMU. Otherwise when the event is +scheduled out, we won't read the counter because HES_UPTODATE is still +set. This breaks 'perf stat' and similar use cases, causing all the +events to show zero. + +This worked for multi-pcr because we make explicit sparc_pmu_start() +calls in calculate_multiple_pcrs(). calculate_single_pcr() doesn't do +this because the idea there is to accumulate all of the counter +settings into the single pcr value. So we have to add explicit +hw->state handling there. + +Like x86, we use the PERF_HES_ARCH bit to track truly stopped events +so that we don't accidently start them on a reload. + +Related to all of this, sparc_pmu_start() is missing a userpage update +so add it. + +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/kernel/perf_event.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +--- a/arch/sparc/kernel/perf_event.c ++++ b/arch/sparc/kernel/perf_event.c +@@ -926,6 +926,8 @@ static void read_in_all_counters(struct + sparc_perf_event_update(cp, &cp->hw, + cpuc->current_idx[i]); + cpuc->current_idx[i] = PIC_NO_INDEX; ++ if (cp->hw.state & PERF_HES_STOPPED) ++ cp->hw.state |= PERF_HES_ARCH; + } + } + } +@@ -958,10 +960,12 @@ static void calculate_single_pcr(struct + + enc = perf_event_get_enc(cpuc->events[i]); + cpuc->pcr[0] &= ~mask_for_index(idx); +- if (hwc->state & PERF_HES_STOPPED) ++ if (hwc->state & PERF_HES_ARCH) { + cpuc->pcr[0] |= nop_for_index(idx); +- else ++ } else { + cpuc->pcr[0] |= event_encoding(enc, idx); ++ hwc->state = 0; ++ } + } + out: + cpuc->pcr[0] |= cpuc->event[0]->hw.config_base; +@@ -987,6 +991,9 @@ static void calculate_multiple_pcrs(stru + + cpuc->current_idx[i] = idx; + ++ if (cp->hw.state & PERF_HES_ARCH) ++ continue; ++ + sparc_pmu_start(cp, PERF_EF_RELOAD); + } + out: +@@ -1078,6 +1085,8 @@ static void sparc_pmu_start(struct perf_ + event->hw.state = 0; + + sparc_pmu_enable_event(cpuc, &event->hw, idx); ++ ++ perf_event_update_userpage(event); + } + + static void sparc_pmu_stop(struct perf_event *event, int flags) +@@ -1370,9 +1379,9 @@ static int sparc_pmu_add(struct perf_eve + cpuc->events[n0] = event->hw.event_base; + cpuc->current_idx[n0] = PIC_NO_INDEX; + +- event->hw.state = PERF_HES_UPTODATE; ++ event->hw.state = PERF_HES_UPTODATE | PERF_HES_STOPPED; + if (!(ef_flags & PERF_EF_START)) +- event->hw.state |= PERF_HES_STOPPED; ++ event->hw.state |= PERF_HES_ARCH; + + /* + * If group events scheduling transaction was started, diff --git a/queue-4.9/sparc64-make-proc_id-signed.patch b/queue-4.9/sparc64-make-proc_id-signed.patch new file mode 100644 index 00000000000..e9a5aa8b686 --- /dev/null +++ b/queue-4.9/sparc64-make-proc_id-signed.patch @@ -0,0 +1,30 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: "David S. Miller" +Date: Sun, 14 Oct 2018 20:19:31 -0700 +Subject: sparc64: Make proc_id signed. + +From: "David S. Miller" + +[ Upstream commit b3e1eb8e7ac9aaa283989496651d99267c4cad6c ] + +So that when it is unset, ie. '-1', userspace can see it +properly. + +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/include/asm/cpudata_64.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/sparc/include/asm/cpudata_64.h ++++ b/arch/sparc/include/asm/cpudata_64.h +@@ -27,7 +27,7 @@ typedef struct { + unsigned short sock_id; /* physical package */ + unsigned short core_id; + unsigned short max_cache_id; /* groupings of highest shared cache */ +- unsigned short proc_id; /* strand (aka HW thread) id */ ++ signed short proc_id; /* strand (aka HW thread) id */ + } cpuinfo_sparc; + + DECLARE_PER_CPU(cpuinfo_sparc, __cpu_data); diff --git a/queue-4.9/swim-fix-cleanup-on-setup-error.patch b/queue-4.9/swim-fix-cleanup-on-setup-error.patch new file mode 100644 index 00000000000..c811a3914a7 --- /dev/null +++ b/queue-4.9/swim-fix-cleanup-on-setup-error.patch @@ -0,0 +1,43 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Omar Sandoval +Date: Thu, 11 Oct 2018 12:20:41 -0700 +Subject: swim: fix cleanup on setup error + +From: Omar Sandoval + +[ Upstream commit 1448a2a5360ae06f25e2edc61ae070dff5c0beb4 ] + +If we fail to allocate the request queue for a disk, we still need to +free that disk, not just the previous ones. Additionally, we need to +cleanup the previous request queues. + +Signed-off-by: Omar Sandoval +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/swim.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +--- a/drivers/block/swim.c ++++ b/drivers/block/swim.c +@@ -868,8 +868,17 @@ static int swim_floppy_init(struct swim_ + + exit_put_disks: + unregister_blkdev(FLOPPY_MAJOR, "fd"); +- while (drive--) +- put_disk(swd->unit[drive].disk); ++ do { ++ struct gendisk *disk = swd->unit[drive].disk; ++ ++ if (disk) { ++ if (disk->queue) { ++ blk_cleanup_queue(disk->queue); ++ disk->queue = NULL; ++ } ++ put_disk(disk); ++ } ++ } while (drive--); + return err; + } + diff --git a/queue-4.9/tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch b/queue-4.9/tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch new file mode 100644 index 00000000000..878da17ccf9 --- /dev/null +++ b/queue-4.9/tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch @@ -0,0 +1,66 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Javier Martinez Canillas +Date: Thu, 30 Aug 2018 16:40:05 +0200 +Subject: tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated + +From: Javier Martinez Canillas + +[ Upstream commit 0d6d0d62d9505a9816716aa484ebd0b04c795063 ] + +For TPM 1.2 chips the system setup utility allows to set the TPM device in +one of the following states: + + * Active: Security chip is functional + * Inactive: Security chip is visible, but is not functional + * Disabled: Security chip is hidden and is not functional + +When choosing the "Inactive" state, the TPM 1.2 device is enumerated and +registered, but sending TPM commands fail with either TPM_DEACTIVATED or +TPM_DISABLED depending if the firmware deactivated or disabled the TPM. + +Since these TPM 1.2 error codes don't have special treatment, inactivating +the TPM leads to a very noisy kernel log buffer that shows messages like +the following: + + tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78) + tpm tpm0: A TPM error (6) occurred attempting to read a pcr value + tpm tpm0: TPM is disabled/deactivated (0x6) + tpm tpm0: A TPM error (6) occurred attempting get random + tpm tpm0: A TPM error (6) occurred attempting to read a pcr value + ima: No TPM chip found, activating TPM-bypass! (rc=6) + tpm tpm0: A TPM error (6) occurred attempting get random + tpm tpm0: A TPM error (6) occurred attempting get random + tpm tpm0: A TPM error (6) occurred attempting get random + tpm tpm0: A TPM error (6) occurred attempting get random + +Let's just suppress error log messages for the TPM_{DEACTIVATED,DISABLED} +return codes, since this is expected when the TPM 1.2 is set to Inactive. + +In that case the kernel log is cleaner and less confusing for users, i.e: + + tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78) + tpm tpm0: TPM is disabled/deactivated (0x6) + ima: No TPM chip found, activating TPM-bypass! (rc=6) + +Reported-by: Hans de Goede +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/char/tpm/tpm-interface.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/char/tpm/tpm-interface.c ++++ b/drivers/char/tpm/tpm-interface.c +@@ -420,7 +420,8 @@ ssize_t tpm_transmit_cmd(struct tpm_chip + header = cmd; + + err = be32_to_cpu(header->return_code); +- if (err != 0 && desc) ++ if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED ++ && desc) + dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, + desc); + diff --git a/queue-4.9/tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch b/queue-4.9/tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch new file mode 100644 index 00000000000..7ec2370768d --- /dev/null +++ b/queue-4.9/tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Serhey Popovych +Date: Tue, 9 Oct 2018 21:21:01 +0300 +Subject: tun: Consistently configure generic netdev params via rtnetlink + +From: Serhey Popovych + +[ Upstream commit df52eab23d703142c766ac00bdb8db19d71238d0 ] + +Configuring generic network device parameters on tun will fail in +presence of IFLA_INFO_KIND attribute in IFLA_LINKINFO nested attribute +since tun_validate() always return failure. + +This can be visualized with following ip-link(8) command sequences: + + # ip link set dev tun0 group 100 + # ip link set dev tun0 group 100 type tun + RTNETLINK answers: Invalid argument + +with contrast to dummy and veth drivers: + + # ip link set dev dummy0 group 100 + # ip link set dev dummy0 type dummy + + # ip link set dev veth0 group 100 + # ip link set dev veth0 group 100 type veth + +Fix by returning zero in tun_validate() when @data is NULL that is +always in case since rtnl_link_ops->maxtype is zero in tun driver. + +Fixes: f019a7a594d9 ("tun: Implement ip link del tunXXX") +Signed-off-by: Serhey Popovych +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/tun.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -1570,6 +1570,8 @@ static void tun_setup(struct net_device + */ + static int tun_validate(struct nlattr *tb[], struct nlattr *data[]) + { ++ if (!data) ++ return 0; + return -EINVAL; + } + diff --git a/queue-4.9/uio-ensure-class-is-registered-before-devices.patch b/queue-4.9/uio-ensure-class-is-registered-before-devices.patch new file mode 100644 index 00000000000..fa8f810b866 --- /dev/null +++ b/queue-4.9/uio-ensure-class-is-registered-before-devices.patch @@ -0,0 +1,85 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Alexandre Belloni +Date: Thu, 16 Aug 2018 09:39:41 +0200 +Subject: uio: ensure class is registered before devices + +From: Alexandre Belloni + +[ Upstream commit ae61cf5b9913027c6953a79ed3894da4f47061bd ] + +When both uio and the uio drivers are built in the kernel, it is possible +for a driver to register devices before the uio class is registered. + +This may result in a NULL pointer dereference later on in +get_device_parent() when accessing the class glue_dirs spinlock. + +The trace looks like that: + +Unable to handle kernel NULL pointer dereference at virtual address 00000140 +[...] +[] _raw_spin_lock+0x14/0x48 +[] device_add+0x154/0x6a0 +[] device_create_groups_vargs+0x120/0x128 +[] device_create+0x54/0x60 +[] __uio_register_device+0x120/0x4a8 +[] jaguar2_pci_probe+0x2d4/0x558 +[] local_pci_probe+0x3c/0xb8 +[] pci_device_probe+0x11c/0x180 +[] driver_probe_device+0x22c/0x2d8 +[] __driver_attach+0xbc/0xc0 +[] bus_for_each_dev+0x4c/0x98 +[] driver_attach+0x20/0x28 +[] bus_add_driver+0x1b8/0x228 +[] driver_register+0x60/0xf8 +[] __pci_register_driver+0x40/0x48 + +Return EPROBE_DEFER in that case so the driver can register the device +later. + +Signed-off-by: Alexandre Belloni +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/uio/uio.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/uio/uio.c ++++ b/drivers/uio/uio.c +@@ -249,6 +249,8 @@ static struct class uio_class = { + .dev_groups = uio_groups, + }; + ++bool uio_class_registered; ++ + /* + * device functions + */ +@@ -780,6 +782,9 @@ static int init_uio_class(void) + printk(KERN_ERR "class_register failed for uio\n"); + goto err_class_register; + } ++ ++ uio_class_registered = true; ++ + return 0; + + err_class_register: +@@ -790,6 +795,7 @@ exit: + + static void release_uio_class(void) + { ++ uio_class_registered = false; + class_unregister(&uio_class); + uio_major_cleanup(); + } +@@ -809,6 +815,9 @@ int __uio_register_device(struct module + struct uio_device *idev; + int ret = 0; + ++ if (!uio_class_registered) ++ return -EPROBE_DEFER; ++ + if (!parent || !info || !info->name || !info->version) + return -EINVAL; + diff --git a/queue-4.9/usb-chipidea-prevent-unbalanced-irq-disable.patch b/queue-4.9/usb-chipidea-prevent-unbalanced-irq-disable.patch new file mode 100644 index 00000000000..4f16fee36a0 --- /dev/null +++ b/queue-4.9/usb-chipidea-prevent-unbalanced-irq-disable.patch @@ -0,0 +1,35 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Loic Poulain +Date: Tue, 4 Sep 2018 17:18:57 +0200 +Subject: usb: chipidea: Prevent unbalanced IRQ disable + +From: Loic Poulain + +[ Upstream commit 8b97d73c4d72a2abf58f8e49062a7ee1e5f1334e ] + +The ChipIdea IRQ is disabled before scheduling the otg work and +re-enabled on otg work completion. However if the job is already +scheduled we have to undo the effect of disable_irq int order to +balance the IRQ disable-depth value. + +Fixes: be6b0c1bd0be ("usb: chipidea: using one inline function to cover queue work operations") +Signed-off-by: Loic Poulain +Signed-off-by: Peter Chen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/chipidea/otg.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/usb/chipidea/otg.h ++++ b/drivers/usb/chipidea/otg.h +@@ -20,7 +20,8 @@ void ci_handle_vbus_change(struct ci_hdr + static inline void ci_otg_queue_work(struct ci_hdrc *ci) + { + disable_irq_nosync(ci->irq); +- queue_work(ci->wq, &ci->work); ++ if (queue_work(ci->wq, &ci->work) == false) ++ enable_irq(ci->irq); + } + + #endif /* __DRIVERS_USB_CHIPIDEA_OTG_H */ diff --git a/queue-4.9/usb-gadget-udc-atmel-handle-at91sam9rl-pmc.patch b/queue-4.9/usb-gadget-udc-atmel-handle-at91sam9rl-pmc.patch new file mode 100644 index 00000000000..3703f68c5ce --- /dev/null +++ b/queue-4.9/usb-gadget-udc-atmel-handle-at91sam9rl-pmc.patch @@ -0,0 +1,33 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Alexandre Belloni +Date: Mon, 10 Sep 2018 22:12:49 +0200 +Subject: usb: gadget: udc: atmel: handle at91sam9rl PMC + +From: Alexandre Belloni + +[ Upstream commit bb80e4fa57eb75ebd64ae9be4155da6d12c1a997 ] + +The at91sam9rl PMC is not quite the same as the at91sam9g45 one and now has +its own compatible string. Add support for that. + +Fixes: 217bace8e548 ("ARM: dts: fix PMC compatible") +Acked-by: Cristian Birsan +Signed-off-by: Alexandre Belloni +Signed-off-by: Felipe Balbi +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/gadget/udc/atmel_usba_udc.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/usb/gadget/udc/atmel_usba_udc.c ++++ b/drivers/usb/gadget/udc/atmel_usba_udc.c +@@ -1923,6 +1923,8 @@ static struct usba_ep * atmel_udc_of_ini + udc->errata = match->data; + udc->pmc = syscon_regmap_lookup_by_compatible("atmel,at91sam9g45-pmc"); + if (IS_ERR(udc->pmc)) ++ udc->pmc = syscon_regmap_lookup_by_compatible("atmel,at91sam9rl-pmc"); ++ if (IS_ERR(udc->pmc)) + udc->pmc = syscon_regmap_lookup_by_compatible("atmel,at91sam9x5-pmc"); + if (udc->errata && IS_ERR(udc->pmc)) + return ERR_CAST(udc->pmc); diff --git a/queue-4.9/vmci-resource-wildcard-match-fixed.patch b/queue-4.9/vmci-resource-wildcard-match-fixed.patch new file mode 100644 index 00000000000..0e2eda22e08 --- /dev/null +++ b/queue-4.9/vmci-resource-wildcard-match-fixed.patch @@ -0,0 +1,53 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Jorgen Hansen +Date: Fri, 21 Sep 2018 00:31:05 -0700 +Subject: VMCI: Resource wildcard match fixed + +From: Jorgen Hansen + +[ Upstream commit 11924ba5e671d6caef1516923e2bd8c72929a3fe ] + +When adding a VMCI resource, the check for an existing entry +would ignore that the new entry could be a wildcard. This could +result in multiple resource entries that would match a given +handle. One disastrous outcome of this is that the +refcounting used to ensure that delayed callbacks for VMCI +datagrams have run before the datagram is destroyed can be +wrong, since the refcount could be increased on the duplicate +entry. This in turn leads to a use after free bug. This issue +was discovered by Hangbin Liu using KASAN and syzkaller. + +Fixes: bc63dedb7d46 ("VMCI: resource object implementation") +Reported-by: Hangbin Liu +Reviewed-by: Adit Ranadive +Reviewed-by: Vishnu Dasa +Signed-off-by: Jorgen Hansen +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/misc/vmw_vmci/vmci_driver.c | 2 +- + drivers/misc/vmw_vmci/vmci_resource.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/misc/vmw_vmci/vmci_driver.c ++++ b/drivers/misc/vmw_vmci/vmci_driver.c +@@ -113,5 +113,5 @@ module_exit(vmci_drv_exit); + + MODULE_AUTHOR("VMware, Inc."); + MODULE_DESCRIPTION("VMware Virtual Machine Communication Interface."); +-MODULE_VERSION("1.1.5.0-k"); ++MODULE_VERSION("1.1.6.0-k"); + MODULE_LICENSE("GPL v2"); +--- a/drivers/misc/vmw_vmci/vmci_resource.c ++++ b/drivers/misc/vmw_vmci/vmci_resource.c +@@ -56,7 +56,8 @@ static struct vmci_resource *vmci_resour + + if (r->type == type && + rid == handle.resource && +- (cid == handle.context || cid == VMCI_INVALID_ID)) { ++ (cid == handle.context || cid == VMCI_INVALID_ID || ++ handle.context == VMCI_INVALID_ID)) { + resource = r; + break; + } diff --git a/queue-4.9/x86-boot-fix-efi-stub-alignment.patch b/queue-4.9/x86-boot-fix-efi-stub-alignment.patch new file mode 100644 index 00000000000..52a85d38283 --- /dev/null +++ b/queue-4.9/x86-boot-fix-efi-stub-alignment.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Ben Hutchings +Date: Sun, 16 Sep 2018 16:22:47 +0100 +Subject: x86: boot: Fix EFI stub alignment + +From: Ben Hutchings + +[ Upstream commit 9c1442a9d039a1a3302fa93e9a11001c5f23b624 ] + +We currently align the end of the compressed image to a multiple of +16. However, the PE-COFF header included in the EFI stub says that +the file alignment is 32 bytes, and when adding an EFI signature to +the file it must first be padded to this alignment. + +sbsigntool commands warn about this: + + warning: file-aligned section .text extends beyond end of file + warning: checksum areas are greater than image size. Invalid section table? + +Worse, pesign -at least when creating a detached signature- uses the +hash of the unpadded file, resulting in an invalid signature if +padding is required. + +Avoid both these problems by increasing alignment to 32 bytes when +CONFIG_EFI_STUB is enabled. + +Signed-off-by: Ben Hutchings +Signed-off-by: Ard Biesheuvel +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/boot/tools/build.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/arch/x86/boot/tools/build.c ++++ b/arch/x86/boot/tools/build.c +@@ -390,6 +390,13 @@ int main(int argc, char ** argv) + die("Unable to mmap '%s': %m", argv[2]); + /* Number of 16-byte paragraphs, including space for a 4-byte CRC */ + sys_size = (sz + 15 + 4) / 16; ++#ifdef CONFIG_EFI_STUB ++ /* ++ * COFF requires minimum 32-byte alignment of sections, and ++ * adding a signature is problematic without that alignment. ++ */ ++ sys_size = (sys_size + 1) & ~1; ++#endif + + /* Patch the setup code with the appropriate size parameters */ + buf[0x1f1] = setup_sectors-1; diff --git a/queue-4.9/x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch b/queue-4.9/x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch new file mode 100644 index 00000000000..4b80a5b0e29 --- /dev/null +++ b/queue-4.9/x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch @@ -0,0 +1,47 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Sebastian Andrzej Siewior +Date: Tue, 16 Oct 2018 22:25:24 +0200 +Subject: x86/fpu: Remove second definition of fpu in __fpu__restore_sig() + +From: Sebastian Andrzej Siewior + +[ Upstream commit 6aa676761d4c1acfa31320e55fa1f83f3fcbbc7a ] + +Commit: + + c5bedc6847c3b ("x86/fpu: Get rid of PF_USED_MATH usage, convert it to fpu->fpstate_active") + +introduced the 'fpu' variable at top of __restore_xstate_sig(), +which now shadows the other definition: + + arch/x86/kernel/fpu/signal.c:318:28: warning: symbol 'fpu' shadows an earlier one + arch/x86/kernel/fpu/signal.c:271:20: originally declared here + +Remove the shadowed definition of 'fpu', as the two definitions are the same. + +Signed-off-by: Sebastian Andrzej Siewior +Reviewed-by: Andy Lutomirski +Cc: Borislav Petkov +Cc: Dave Hansen +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: c5bedc6847c3b ("x86/fpu: Get rid of PF_USED_MATH usage, convert it to fpu->fpstate_active") +Link: http://lkml.kernel.org/r/20181016202525.29437-3-bigeasy@linutronix.de +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/fpu/signal.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/arch/x86/kernel/fpu/signal.c ++++ b/arch/x86/kernel/fpu/signal.c +@@ -309,7 +309,6 @@ static int __fpu__restore_sig(void __use + * thread's fpu state, reconstruct fxstate from the fsave + * header. Sanitize the copied state etc. + */ +- struct fpu *fpu = &tsk->thread.fpu; + struct user_i387_ia32_struct env; + int err = 0; + diff --git a/queue-4.9/x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch b/queue-4.9/x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch new file mode 100644 index 00000000000..8a2f81cc039 --- /dev/null +++ b/queue-4.9/x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch @@ -0,0 +1,71 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Lubomir Rintel +Date: Thu, 4 Oct 2018 18:08:08 +0200 +Subject: x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC + +From: Lubomir Rintel + +[ Upstream commit d92116b800fb79a72ad26121f5011f6aa3ad94c2 ] + +On OLPC XO-1, the RTC is discovered via device tree from the arch +initcall. Don't let the PC platform register another one from its device +initcall, it's not going to work: + + sysfs: cannot create duplicate filename '/devices/platform/rtc_cmos' + CPU: 0 PID: 1 Comm: swapper Not tainted 4.19.0-rc6 #12 + Hardware name: OLPC XO/XO, BIOS OLPC Ver 1.00.01 06/11/2014 + Call Trace: + dump_stack+0x16/0x18 + sysfs_warn_dup+0x46/0x58 + sysfs_create_dir_ns+0x76/0x9b + kobject_add_internal+0xed/0x209 + ? __schedule+0x3fa/0x447 + kobject_add+0x5b/0x66 + device_add+0x298/0x535 + ? insert_resource_conflict+0x2a/0x3e + platform_device_add+0x14d/0x192 + ? io_delay_init+0x19/0x19 + platform_device_register+0x1c/0x1f + add_rtc_cmos+0x16/0x31 + do_one_initcall+0x78/0x14a + ? do_early_param+0x75/0x75 + kernel_init_freeable+0x152/0x1e0 + ? rest_init+0xa2/0xa2 + kernel_init+0x8/0xd5 + ret_from_fork+0x2e/0x38 + kobject_add_internal failed for rtc_cmos with -EEXIST, don't try to + register things with the same name in the same directory. + platform rtc_cmos: registered platform RTC device (no PNP device found) + +Signed-off-by: Lubomir Rintel +Signed-off-by: Borislav Petkov +Acked-by: Thomas Gleixner +CC: "H. Peter Anvin" +CC: Ingo Molnar +CC: x86-ml +Link: http://lkml.kernel.org/r/20181004160808.307738-1-lkundrak@v3.sk +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/platform/olpc/olpc-xo1-rtc.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/platform/olpc/olpc-xo1-rtc.c ++++ b/arch/x86/platform/olpc/olpc-xo1-rtc.c +@@ -16,6 +16,7 @@ + + #include + #include ++#include + + static void rtc_wake_on(struct device *dev) + { +@@ -75,6 +76,8 @@ static int __init xo1_rtc_init(void) + if (r) + return r; + ++ x86_platform.legacy.rtc = 0; ++ + device_init_wakeup(&xo1_rtc_device.dev, 1); + return 0; + } diff --git a/queue-4.9/xfrm-policy-use-hlist-rcu-variants-on-insert.patch b/queue-4.9/xfrm-policy-use-hlist-rcu-variants-on-insert.patch new file mode 100644 index 00000000000..31684a18d4c --- /dev/null +++ b/queue-4.9/xfrm-policy-use-hlist-rcu-variants-on-insert.patch @@ -0,0 +1,46 @@ +From foo@baz Sat Nov 10 11:24:34 PST 2018 +From: Florian Westphal +Date: Wed, 10 Oct 2018 18:02:21 +0200 +Subject: xfrm: policy: use hlist rcu variants on insert + +From: Florian Westphal + +[ Upstream commit 9dffff200fd178f11dd50eb1fd8ccd0650c9284e ] + +bydst table/list lookups use rcu, so insertions must use rcu versions. + +Fixes: a7c44247f704e ("xfrm: policy: make xfrm_policy_lookup_bytype lockless") +Signed-off-by: Florian Westphal +Signed-off-by: Steffen Klassert +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/xfrm/xfrm_policy.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -659,9 +659,9 @@ static void xfrm_hash_rebuild(struct wor + break; + } + if (newpos) +- hlist_add_behind(&policy->bydst, newpos); ++ hlist_add_behind_rcu(&policy->bydst, newpos); + else +- hlist_add_head(&policy->bydst, chain); ++ hlist_add_head_rcu(&policy->bydst, chain); + } + + spin_unlock_bh(&net->xfrm.xfrm_policy_lock); +@@ -800,9 +800,9 @@ int xfrm_policy_insert(int dir, struct x + break; + } + if (newpos) +- hlist_add_behind(&policy->bydst, newpos); ++ hlist_add_behind_rcu(&policy->bydst, newpos); + else +- hlist_add_head(&policy->bydst, chain); ++ hlist_add_head_rcu(&policy->bydst, chain); + __xfrm_policy_link(policy, dir); + atomic_inc(&net->xfrm.flow_cache_genid); +