From: Greg Kroah-Hartman Date: Sat, 10 Nov 2018 19:38:57 +0000 (-0800) Subject: 4.4-stable patches X-Git-Tag: v4.19.2~67 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fd27b11478991e38c2ecd6f9f349d09480b331b3;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch ataflop-fix-error-handling-during-setup.patch ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch cpupower-fix-coredump-on-vmware.patch dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch locking-lockdep-fix-debug_locks-off-performance-problem.patch md-fix-invalid-stored-role-for-a-disk.patch mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch net-qla3xxx-remove-overflowing-shift-statement.patch perf-tools-cleanup-trace-event-info-tdata-leak.patch perf-tools-free-temporary-sys-string-in-read_event_files.patch pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch scsi-esp_scsi-track-residual-for-pio-transfers.patch scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch scsi-megaraid_sas-fix-a-missing-check-bug.patch selftests-ftrace-add-synthetic-event-syntax-testcase.patch signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch sparc-fix-single-pcr-perf-event-counter-management.patch sparc-throttle-perf-events-properly.patch swim-fix-cleanup-on-setup-error.patch tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch uio-ensure-class-is-registered-before-devices.patch usb-chipidea-prevent-unbalanced-irq-disable.patch x86-boot-fix-efi-stub-alignment.patch x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch --- diff --git a/queue-4.4/acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch b/queue-4.4/acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch new file mode 100644 index 00000000000..827fdfd5580 --- /dev/null +++ b/queue-4.4/acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch @@ -0,0 +1,47 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Hans de Goede +Date: Mon, 27 Aug 2018 09:45:44 +0200 +Subject: ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers + +From: Hans de Goede + +[ Upstream commit 240714061c58e6b1abfb3322398a7634151c06cb ] + +Bay and Cherry Trail DSTDs represent a different set of devices depending +on which OS the device think it is booting. One set of decices for Windows +and another set of devices for Android which targets the Android-x86 Linux +kernel fork (which e.g. used to have its own display driver instead of +using the i915 driver). + +Which set of devices we are actually going to get is out of our control, +this is controlled by the ACPI OSID variable, which gets either set through +an EFI setup option, or sometimes is autodetected. So we need to support +both. + +This commit adds support for the 80862286 and 808622C0 ACPI HIDs which we +get for the first resp. second DMA controller on Cherry Trail devices when +OSID is set to Android. + +Signed-off-by: Hans de Goede +Reviewed-by: Andy Shevchenko +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/acpi/acpi_lpss.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/acpi/acpi_lpss.c ++++ b/drivers/acpi/acpi_lpss.c +@@ -235,9 +235,11 @@ static const struct acpi_device_id acpi_ + { "INT33FC", }, + + /* Braswell LPSS devices */ ++ { "80862286", LPSS_ADDR(lpss_dma_desc) }, + { "80862288", LPSS_ADDR(bsw_pwm_dev_desc) }, + { "8086228A", LPSS_ADDR(bsw_uart_dev_desc) }, + { "8086228E", LPSS_ADDR(bsw_spi_dev_desc) }, ++ { "808622C0", LPSS_ADDR(lpss_dma_desc) }, + { "808622C1", LPSS_ADDR(bsw_i2c_dev_desc) }, + + /* Broadwell LPSS devices */ diff --git a/queue-4.4/alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch b/queue-4.4/alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch new file mode 100644 index 00000000000..59839471f39 --- /dev/null +++ b/queue-4.4/alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch @@ -0,0 +1,78 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Takashi Iwai +Date: Sat, 11 Aug 2018 23:33:34 +0200 +Subject: ALSA: hda: Check the non-cached stream buffers more explicitly + +From: Takashi Iwai + +[ Upstream commit 78c9be61c3a5cd9e2439fd27a5ffad73a81958c7 ] + +Introduce a new flag, uc_buffer, to indicate that the controller +requires the non-cached pages for stream buffers, either as a +chip-specific requirement or specified via snoop=0 option. +This improves the code-readability. + +Also, this patch fixes the incorrect behavior for C-Media chip where +the stream buffers were never handled as non-cached due to the check +of driver_type even if you pass snoop=0 option. + +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/hda_controller.h | 1 + + sound/pci/hda/hda_intel.c | 11 ++++++++--- + 2 files changed, 9 insertions(+), 3 deletions(-) + +--- a/sound/pci/hda/hda_controller.h ++++ b/sound/pci/hda/hda_controller.h +@@ -151,6 +151,7 @@ struct azx { + unsigned int msi:1; + unsigned int probing:1; /* codec probing phase */ + unsigned int snoop:1; ++ unsigned int uc_buffer:1; /* non-cached pages for stream buffers */ + unsigned int align_buffer_size:1; + unsigned int region_requested:1; + unsigned int disabled:1; /* disabled by vga_switcheroo */ +--- a/sound/pci/hda/hda_intel.c ++++ b/sound/pci/hda/hda_intel.c +@@ -401,7 +401,7 @@ static void __mark_pages_wc(struct azx * + #ifdef CONFIG_SND_DMA_SGBUF + if (dmab->dev.type == SNDRV_DMA_TYPE_DEV_SG) { + struct snd_sg_buf *sgbuf = dmab->private_data; +- if (chip->driver_type == AZX_DRIVER_CMEDIA) ++ if (!chip->uc_buffer) + return; /* deal with only CORB/RIRB buffers */ + if (on) + set_pages_array_wc(sgbuf->page_table, sgbuf->pages); +@@ -1538,6 +1538,7 @@ static void azx_check_snoop_available(st + dev_info(chip->card->dev, "Force to %s mode by module option\n", + snoop ? "snoop" : "non-snoop"); + chip->snoop = snoop; ++ chip->uc_buffer = !snoop; + return; + } + +@@ -1558,8 +1559,12 @@ static void azx_check_snoop_available(st + snoop = false; + + chip->snoop = snoop; +- if (!snoop) ++ if (!snoop) { + dev_info(chip->card->dev, "Force to non-snoop mode\n"); ++ /* C-Media requires non-cached pages only for CORB/RIRB */ ++ if (chip->driver_type != AZX_DRIVER_CMEDIA) ++ chip->uc_buffer = true; ++ } + } + + static void azx_probe_work(struct work_struct *work) +@@ -1958,7 +1963,7 @@ static void pcm_mmap_prepare(struct snd_ + #ifdef CONFIG_X86 + struct azx_pcm *apcm = snd_pcm_substream_chip(substream); + struct azx *chip = apcm->chip; +- if (!azx_snoop(chip) && chip->driver_type != AZX_DRIVER_CMEDIA) ++ if (chip->uc_buffer) + area->vm_page_prot = pgprot_writecombine(area->vm_page_prot); + #endif + } diff --git a/queue-4.4/ataflop-fix-error-handling-during-setup.patch b/queue-4.4/ataflop-fix-error-handling-during-setup.patch new file mode 100644 index 00000000000..a8e25b4b1fa --- /dev/null +++ b/queue-4.4/ataflop-fix-error-handling-during-setup.patch @@ -0,0 +1,73 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Omar Sandoval +Date: Thu, 11 Oct 2018 12:20:49 -0700 +Subject: ataflop: fix error handling during setup + +From: Omar Sandoval + +[ Upstream commit 71327f547ee3a46ec5c39fdbbd268401b2578d0e ] + +Move queue allocation next to disk allocation to fix a couple of issues: + +- If add_disk() hasn't been called, we should clear disk->queue before + calling put_disk(). +- If we fail to allocate a request queue, we still need to put all of + the disks, not just the ones that we allocated queues for. + +Signed-off-by: Omar Sandoval +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/ataflop.c | 25 +++++++++++++++---------- + 1 file changed, 15 insertions(+), 10 deletions(-) + +--- a/drivers/block/ataflop.c ++++ b/drivers/block/ataflop.c +@@ -1933,6 +1933,11 @@ static int __init atari_floppy_init (voi + unit[i].disk = alloc_disk(1); + if (!unit[i].disk) + goto Enomem; ++ ++ unit[i].disk->queue = blk_init_queue(do_fd_request, ++ &ataflop_lock); ++ if (!unit[i].disk->queue) ++ goto Enomem; + } + + if (UseTrackbuffer < 0) +@@ -1964,10 +1969,6 @@ static int __init atari_floppy_init (voi + sprintf(unit[i].disk->disk_name, "fd%d", i); + unit[i].disk->fops = &floppy_fops; + unit[i].disk->private_data = &unit[i]; +- unit[i].disk->queue = blk_init_queue(do_fd_request, +- &ataflop_lock); +- if (!unit[i].disk->queue) +- goto Enomem; + set_capacity(unit[i].disk, MAX_DISK_SIZE * 2); + add_disk(unit[i].disk); + } +@@ -1982,13 +1983,17 @@ static int __init atari_floppy_init (voi + + return 0; + Enomem: +- while (i--) { +- struct request_queue *q = unit[i].disk->queue; ++ do { ++ struct gendisk *disk = unit[i].disk; + +- put_disk(unit[i].disk); +- if (q) +- blk_cleanup_queue(q); +- } ++ if (disk) { ++ if (disk->queue) { ++ blk_cleanup_queue(disk->queue); ++ disk->queue = NULL; ++ } ++ put_disk(unit[i].disk); ++ } ++ } while (i--); + + unregister_blkdev(FLOPPY_MAJOR, "fd"); + return -ENOMEM; diff --git a/queue-4.4/ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch b/queue-4.4/ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch new file mode 100644 index 00000000000..33e36020189 --- /dev/null +++ b/queue-4.4/ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch @@ -0,0 +1,51 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Martin Willi +Date: Wed, 22 Aug 2018 09:39:52 +0200 +Subject: ath10k: schedule hardware restart if WMI command times out + +From: Martin Willi + +[ Upstream commit a9911937e7d332761e8c4fcbc7ba0426bdc3956f ] + +When running in AP mode, ath10k sometimes suffers from TX credit +starvation. The issue is hard to reproduce and shows up once in a +few days, but has been repeatedly seen with QCA9882 and a large +range of firmwares, including 10.2.4.70.67. + +Once the module is in this state, TX credits are never replenished, +which results in "SWBA overrun" errors, as no beacons can be sent. +Even worse, WMI commands run in a timeout while holding the conf +mutex for three seconds each, making any further operations slow +and the whole system unresponsive. + +The firmware/driver never recovers from that state automatically, +and triggering TX flush or warm restarts won't work over WMI. So +issue a hardware restart if a WMI command times out due to missing +TX credits. This implies a connectivity outage of about 1.4s in AP +mode, but brings back the interface and the whole system to a usable +state. WMI command timeouts have not been seen in absent of this +specific issue, so taking such drastic actions seems legitimate. + +Signed-off-by: Martin Willi +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/ath/ath10k/wmi.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/net/wireless/ath/ath10k/wmi.c ++++ b/drivers/net/wireless/ath/ath10k/wmi.c +@@ -1749,6 +1749,12 @@ int ath10k_wmi_cmd_send(struct ath10k *a + if (ret) + dev_kfree_skb_any(skb); + ++ if (ret == -EAGAIN) { ++ ath10k_warn(ar, "wmi command %d timeout, restarting hardware\n", ++ cmd_id); ++ queue_work(ar->workqueue, &ar->restart_work); ++ } ++ + return ret; + } + diff --git a/queue-4.4/bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch b/queue-4.4/bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch new file mode 100644 index 00000000000..343ebe8e968 --- /dev/null +++ b/queue-4.4/bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch @@ -0,0 +1,61 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Christian Hewitt +Date: Tue, 4 Sep 2018 21:50:57 +0400 +Subject: Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth + +From: Christian Hewitt + +[ Upstream commit a357ea098c9605f60d92a66a9073f56ce25726da ] + +This patch adds the device ID for the AMPAK AP6335 combo module used +in the 1st generation WeTek Hub Android/LibreELEC HTPC box. The WiFI +chip identifies itself as BCM4339, while Bluetooth identifies itself +as BCM4335 (rev C0): + +``` +[ 4.864248] Bluetooth: hci0: BCM: chip id 86 +[ 4.866388] Bluetooth: hci0: BCM: features 0x2f +[ 4.889317] Bluetooth: hci0: BCM4335C0 +[ 4.889332] Bluetooth: hci0: BCM4335C0 (003.001.009) build 0000 +[ 9.778383] Bluetooth: hci0: BCM4335C0 (003.001.009) build 0268 +``` + +Output from hciconfig: + +``` +hci0: Type: Primary Bus: UART + BD Address: 43:39:00:00:1F:AC ACL MTU: 1021:8 SCO MTU: 64:1 + UP RUNNING + RX bytes:7567 acl:234 sco:0 events:386 errors:0 + TX bytes:53844 acl:77 sco:0 commands:304 errors:0 + Features: 0xbf 0xfe 0xcf 0xfe 0xdb 0xff 0x7b 0x87 + Packet type: DM1 DM3 DM5 DH1 DH3 DH5 HV1 HV2 HV3 + Link policy: RSWITCH SNIFF + Link mode: SLAVE ACCEPT + Name: 'HUB' + Class: 0x0c0000 + Service Classes: Rendering, Capturing + Device Class: Miscellaneous, + HCI Version: 4.0 (0x6) Revision: 0x10c + LMP Version: 4.0 (0x6) Subversion: 0x6109 + Manufacturer: Broadcom Corporation (15) +``` + +Signed-off-by: Christian Hewitt +Signed-off-by: Marcel Holtmann +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/btbcm.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/bluetooth/btbcm.c ++++ b/drivers/bluetooth/btbcm.c +@@ -270,6 +270,7 @@ static const struct { + { 0x4103, "BCM4330B1" }, /* 002.001.003 */ + { 0x410e, "BCM43341B0" }, /* 002.001.014 */ + { 0x4406, "BCM4324B3" }, /* 002.004.006 */ ++ { 0x6109, "BCM4335C0" }, /* 003.001.009 */ + { 0x610c, "BCM4354" }, /* 003.001.012 */ + { } + }; diff --git a/queue-4.4/cpupower-fix-coredump-on-vmware.patch b/queue-4.4/cpupower-fix-coredump-on-vmware.patch new file mode 100644 index 00000000000..576affd808b --- /dev/null +++ b/queue-4.4/cpupower-fix-coredump-on-vmware.patch @@ -0,0 +1,55 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Prarit Bhargava +Date: Mon, 8 Oct 2018 11:06:19 -0400 +Subject: cpupower: Fix coredump on VMWare + +From: Prarit Bhargava + +[ Upstream commit f69ffc5d3db8f1f03fd6d1df5930f9a1fbd787b6 ] + +cpupower crashes on VMWare guests. The guests have the AMD PStateDef MSR +(0xC0010064 + state number) set to zero. As a result fid and did are zero +and the crash occurs because of a divide by zero (cof = fid/did). This +can be prevented by checking the enable bit in the PStateDef MSR before +calculating cof. By doing this the value of pstate[i] remains zero and +the value can be tested before displaying the active Pstates. + +Check the enable bit in the PstateDef register for all supported families +and only print out enabled Pstates. + +Signed-off-by: Prarit Bhargava +Cc: Shuah Khan +Cc: Stafford Horne +Signed-off-by: Shuah Khan (Samsung OSG) +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/power/cpupower/utils/cpufreq-info.c | 2 ++ + tools/power/cpupower/utils/helpers/amd.c | 5 +++++ + 2 files changed, 7 insertions(+) + +--- a/tools/power/cpupower/utils/cpufreq-info.c ++++ b/tools/power/cpupower/utils/cpufreq-info.c +@@ -200,6 +200,8 @@ static int get_boost_mode(unsigned int c + printf(_(" Boost States: %d\n"), b_states); + printf(_(" Total States: %d\n"), pstate_no); + for (i = 0; i < pstate_no; i++) { ++ if (!pstates[i]) ++ continue; + if (i < b_states) + printf(_(" Pstate-Pb%d: %luMHz (boost state)" + "\n"), i, pstates[i]); +--- a/tools/power/cpupower/utils/helpers/amd.c ++++ b/tools/power/cpupower/utils/helpers/amd.c +@@ -103,6 +103,11 @@ int decode_pstates(unsigned int cpu, uns + } + if (read_msr(cpu, MSR_AMD_PSTATE + i, &pstate.val)) + return -1; ++ if ((cpu_family == 0x17) && (!pstate.fam17h_bits.en)) ++ continue; ++ else if (!pstate.bits.en) ++ continue; ++ + pstates[i] = get_cof(cpu_family, pstate); + } + *no = i; diff --git a/queue-4.4/dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch b/queue-4.4/dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch new file mode 100644 index 00000000000..93b4a94ce11 --- /dev/null +++ b/queue-4.4/dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch @@ -0,0 +1,36 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Paul Cercueil +Date: Wed, 29 Aug 2018 23:32:44 +0200 +Subject: dmaengine: dma-jz4780: Return error if not probed from DT + +From: Paul Cercueil + +[ Upstream commit 54f919a04cf221bc1601d1193682d4379dacacbd ] + +The driver calls clk_get() with the clock name set to NULL, which means +that the driver could only work when probed from devicetree. From now +on, we explicitly require the driver to be probed from devicetree. + +Signed-off-by: Paul Cercueil +Tested-by: Mathieu Malaterre +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/dma-jz4780.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/dma/dma-jz4780.c ++++ b/drivers/dma/dma-jz4780.c +@@ -750,6 +750,11 @@ static int jz4780_dma_probe(struct platf + struct resource *res; + int i, ret; + ++ if (!dev->of_node) { ++ dev_err(dev, "This driver must be probed from devicetree\n"); ++ return -EINVAL; ++ } ++ + jzdma = devm_kzalloc(dev, sizeof(*jzdma), GFP_KERNEL); + if (!jzdma) + return -ENOMEM; diff --git a/queue-4.4/driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch b/queue-4.4/driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch new file mode 100644 index 00000000000..5afcc529e13 --- /dev/null +++ b/queue-4.4/driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch @@ -0,0 +1,87 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Waiman Long +Date: Fri, 14 Sep 2018 14:53:32 -0400 +Subject: driver/dma/ioat: Call del_timer_sync() without holding prep_lock + +From: Waiman Long + +[ Upstream commit cfb03be6c7e8a1591285849c361d67b09f5149f7 ] + +The following lockdep splat was observed: + +[ 1222.241750] ====================================================== +[ 1222.271301] WARNING: possible circular locking dependency detected +[ 1222.301060] 4.16.0-10.el8+5.x86_64+debug #1 Not tainted +[ 1222.326659] ------------------------------------------------------ +[ 1222.356565] systemd-shutdow/1 is trying to acquire lock: +[ 1222.382660] ((&ioat_chan->timer)){+.-.}, at: [<00000000f71e1a28>] del_timer_sync+0x5/0xf0 +[ 1222.422928] +[ 1222.422928] but task is already holding lock: +[ 1222.451743] (&(&ioat_chan->prep_lock)->rlock){+.-.}, at: [<000000008ea98b12>] ioat_shutdown+0x86/0x100 [ioatdma] + : +[ 1223.524987] Chain exists of: +[ 1223.524987] (&ioat_chan->timer) --> &(&ioat_chan->cleanup_lock)->rlock --> &(&ioat_chan->prep_lock)->rlock +[ 1223.524987] +[ 1223.594082] Possible unsafe locking scenario: +[ 1223.594082] +[ 1223.622630] CPU0 CPU1 +[ 1223.645080] ---- ---- +[ 1223.667404] lock(&(&ioat_chan->prep_lock)->rlock); +[ 1223.691535] lock(&(&ioat_chan->cleanup_lock)->rlock); +[ 1223.728657] lock(&(&ioat_chan->prep_lock)->rlock); +[ 1223.765122] lock((&ioat_chan->timer)); +[ 1223.784095] +[ 1223.784095] *** DEADLOCK *** +[ 1223.784095] +[ 1223.813492] 4 locks held by systemd-shutdow/1: +[ 1223.834677] #0: (reboot_mutex){+.+.}, at: [<0000000056d33456>] SYSC_reboot+0x10f/0x300 +[ 1223.873310] #1: (&dev->mutex){....}, at: [<00000000258dfdd7>] device_shutdown+0x1c8/0x660 +[ 1223.913604] #2: (&dev->mutex){....}, at: [<0000000068331147>] device_shutdown+0x1d6/0x660 +[ 1223.954000] #3: (&(&ioat_chan->prep_lock)->rlock){+.-.}, at: [<000000008ea98b12>] ioat_shutdown+0x86/0x100 [ioatdma] + +In the ioat_shutdown() function: + + spin_lock_bh(&ioat_chan->prep_lock); + set_bit(IOAT_CHAN_DOWN, &ioat_chan->state); + del_timer_sync(&ioat_chan->timer); + spin_unlock_bh(&ioat_chan->prep_lock); + +According to the synchronization rule for the del_timer_sync() function, +the caller must not hold locks which would prevent completion of the +timer's handler. + +The timer structure has its own lock that manages its synchronization. +Setting the IOAT_CHAN_DOWN bit should prevent other CPUs from +trying to use that device anyway, there is probably no need to call +del_timer_sync() while holding the prep_lock. So the del_timer_sync() +call is now moved outside of the prep_lock critical section to prevent +the circular lock dependency. + +Signed-off-by: Waiman Long +Reviewed-by: Dave Jiang +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/ioat/init.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/dma/ioat/init.c ++++ b/drivers/dma/ioat/init.c +@@ -1210,8 +1210,15 @@ static void ioat_shutdown(struct pci_dev + + spin_lock_bh(&ioat_chan->prep_lock); + set_bit(IOAT_CHAN_DOWN, &ioat_chan->state); +- del_timer_sync(&ioat_chan->timer); + spin_unlock_bh(&ioat_chan->prep_lock); ++ /* ++ * Synchronization rule for del_timer_sync(): ++ * - The caller must not hold locks which would prevent ++ * completion of the timer's handler. ++ * So prep_lock cannot be held before calling it. ++ */ ++ del_timer_sync(&ioat_chan->timer); ++ + /* this should quiesce then reset */ + ioat_reset_hw(ioat_chan); + } diff --git a/queue-4.4/ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch b/queue-4.4/ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch new file mode 100644 index 00000000000..80c27e3bf6f --- /dev/null +++ b/queue-4.4/ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch @@ -0,0 +1,46 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Theodore Ts'o +Date: Tue, 2 Oct 2018 01:34:44 -0400 +Subject: ext4: fix argument checking in EXT4_IOC_MOVE_EXT + +From: Theodore Ts'o + +[ Upstream commit f18b2b83a727a3db208308057d2c7945f368e625 ] + +If the starting block number of either the source or destination file +exceeds the EOF, EXT4_IOC_MOVE_EXT should return EINVAL. + +Also fixed the helper function mext_check_coverage() so that if the +logical block is beyond EOF, make it return immediately, instead of +looping until the block number wraps all the away around. This takes +long enough that if there are multiple threads trying to do pound on +an the same inode doing non-sensical things, it can end up triggering +the kernel's soft lockup detector. + +Reported-by: syzbot+c61979f6f2cba5cb3c06@syzkaller.appspotmail.com +Signed-off-by: Theodore Ts'o +Cc: stable@kernel.org +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/move_extent.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/fs/ext4/move_extent.c ++++ b/fs/ext4/move_extent.c +@@ -526,9 +526,13 @@ mext_check_arguments(struct inode *orig_ + orig_inode->i_ino, donor_inode->i_ino); + return -EINVAL; + } +- if (orig_eof < orig_start + *len - 1) ++ if (orig_eof <= orig_start) ++ *len = 0; ++ else if (orig_eof < orig_start + *len - 1) + *len = orig_eof - orig_start; +- if (donor_eof < donor_start + *len - 1) ++ if (donor_eof <= donor_start) ++ *len = 0; ++ else if (donor_eof < donor_start + *len - 1) + *len = donor_eof - donor_start; + if (!*len) { + ext4_debug("ext4 move extent: len should not be 0 " diff --git a/queue-4.4/kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch b/queue-4.4/kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch new file mode 100644 index 00000000000..adf6d726d64 --- /dev/null +++ b/queue-4.4/kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch @@ -0,0 +1,91 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Masami Hiramatsu +Date: Tue, 11 Sep 2018 19:20:40 +0900 +Subject: kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() + +From: Masami Hiramatsu + +[ Upstream commit 819319fc93461c07b9cdb3064f154bd8cfd48172 ] + +Make reuse_unused_kprobe() to return error code if +it fails to reuse unused kprobe for optprobe instead +of calling BUG_ON(). + +Signed-off-by: Masami Hiramatsu +Cc: Anil S Keshavamurthy +Cc: David S . Miller +Cc: Linus Torvalds +Cc: Naveen N . Rao +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: http://lkml.kernel.org/r/153666124040.21306.14150398706331307654.stgit@devbox +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/kprobes.c | 27 ++++++++++++++++++++------- + 1 file changed, 20 insertions(+), 7 deletions(-) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -665,9 +665,10 @@ static void unoptimize_kprobe(struct kpr + } + + /* Cancel unoptimizing for reusing */ +-static void reuse_unused_kprobe(struct kprobe *ap) ++static int reuse_unused_kprobe(struct kprobe *ap) + { + struct optimized_kprobe *op; ++ int ret; + + BUG_ON(!kprobe_unused(ap)); + /* +@@ -681,8 +682,12 @@ static void reuse_unused_kprobe(struct k + /* Enable the probe again */ + ap->flags &= ~KPROBE_FLAG_DISABLED; + /* Optimize it again (remove from op->list) */ +- BUG_ON(!kprobe_optready(ap)); ++ ret = kprobe_optready(ap); ++ if (ret) ++ return ret; ++ + optimize_kprobe(ap); ++ return 0; + } + + /* Remove optimized instructions */ +@@ -894,11 +899,16 @@ static void __disarm_kprobe(struct kprob + #define kprobe_disarmed(p) kprobe_disabled(p) + #define wait_for_kprobe_optimizer() do {} while (0) + +-/* There should be no unused kprobes can be reused without optimization */ +-static void reuse_unused_kprobe(struct kprobe *ap) ++static int reuse_unused_kprobe(struct kprobe *ap) + { ++ /* ++ * If the optimized kprobe is NOT supported, the aggr kprobe is ++ * released at the same time that the last aggregated kprobe is ++ * unregistered. ++ * Thus there should be no chance to reuse unused kprobe. ++ */ + printk(KERN_ERR "Error: There should be no unused kprobe here.\n"); +- BUG_ON(kprobe_unused(ap)); ++ return -EINVAL; + } + + static void free_aggr_kprobe(struct kprobe *p) +@@ -1276,9 +1286,12 @@ static int register_aggr_kprobe(struct k + goto out; + } + init_aggr_kprobe(ap, orig_p); +- } else if (kprobe_unused(ap)) ++ } else if (kprobe_unused(ap)) { + /* This probe is going to die. Rescue it */ +- reuse_unused_kprobe(ap); ++ ret = reuse_unused_kprobe(ap); ++ if (ret) ++ goto out; ++ } + + if (kprobe_gone(ap)) { + /* diff --git a/queue-4.4/locking-lockdep-fix-debug_locks-off-performance-problem.patch b/queue-4.4/locking-lockdep-fix-debug_locks-off-performance-problem.patch new file mode 100644 index 00000000000..f2c01672672 --- /dev/null +++ b/queue-4.4/locking-lockdep-fix-debug_locks-off-performance-problem.patch @@ -0,0 +1,76 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Waiman Long +Date: Thu, 18 Oct 2018 21:45:17 -0400 +Subject: locking/lockdep: Fix debug_locks off performance problem + +From: Waiman Long + +[ Upstream commit 9506a7425b094d2f1d9c877ed5a78f416669269b ] + +It was found that when debug_locks was turned off because of a problem +found by the lockdep code, the system performance could drop quite +significantly when the lock_stat code was also configured into the +kernel. For instance, parallel kernel build time on a 4-socket x86-64 +server nearly doubled. + +Further analysis into the cause of the slowdown traced back to the +frequent call to debug_locks_off() from the __lock_acquired() function +probably due to some inconsistent lockdep states with debug_locks +off. The debug_locks_off() function did an unconditional atomic xchg +to write a 0 value into debug_locks which had already been set to 0. +This led to severe cacheline contention in the cacheline that held +debug_locks. As debug_locks is being referenced in quite a few different +places in the kernel, this greatly slow down the system performance. + +To prevent that trashing of debug_locks cacheline, lock_acquired() +and lock_contended() now checks the state of debug_locks before +proceeding. The debug_locks_off() function is also modified to check +debug_locks before calling __debug_locks_off(). + +Signed-off-by: Waiman Long +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: Paul E. McKenney +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Will Deacon +Link: http://lkml.kernel.org/r/1539913518-15598-1-git-send-email-longman@redhat.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/locking/lockdep.c | 4 ++-- + lib/debug_locks.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/kernel/locking/lockdep.c ++++ b/kernel/locking/lockdep.c +@@ -3826,7 +3826,7 @@ void lock_contended(struct lockdep_map * + { + unsigned long flags; + +- if (unlikely(!lock_stat)) ++ if (unlikely(!lock_stat || !debug_locks)) + return; + + if (unlikely(current->lockdep_recursion)) +@@ -3846,7 +3846,7 @@ void lock_acquired(struct lockdep_map *l + { + unsigned long flags; + +- if (unlikely(!lock_stat)) ++ if (unlikely(!lock_stat || !debug_locks)) + return; + + if (unlikely(current->lockdep_recursion)) +--- a/lib/debug_locks.c ++++ b/lib/debug_locks.c +@@ -37,7 +37,7 @@ EXPORT_SYMBOL_GPL(debug_locks_silent); + */ + int debug_locks_off(void) + { +- if (__debug_locks_off()) { ++ if (debug_locks && __debug_locks_off()) { + if (!debug_locks_silent) { + console_verbose(); + return 1; diff --git a/queue-4.4/md-fix-invalid-stored-role-for-a-disk.patch b/queue-4.4/md-fix-invalid-stored-role-for-a-disk.patch new file mode 100644 index 00000000000..9372791341d --- /dev/null +++ b/queue-4.4/md-fix-invalid-stored-role-for-a-disk.patch @@ -0,0 +1,43 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Shaohua Li +Date: Mon, 1 Oct 2018 18:36:36 -0700 +Subject: MD: fix invalid stored role for a disk + +From: Shaohua Li + +[ Upstream commit d595567dc4f0c1d90685ec1e2e296e2cad2643ac ] + +If we change the number of array's device after device is removed from array, +then add the device back to array, we can see that device is added as active +role instead of spare which we expected. + +Please see the below link for details: +https://marc.info/?l=linux-raid&m=153736982015076&w=2 + +This is caused by that we prefer to use device's previous role which is +recorded by saved_raid_disk, but we should respect the new number of +conf->raid_disks since it could be changed after device is removed. + +Reported-by: Gioh Kim +Tested-by: Gioh Kim +Acked-by: Guoqing Jiang +Signed-off-by: Shaohua Li +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/md.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -1670,6 +1670,10 @@ static int super_1_validate(struct mddev + } else + set_bit(In_sync, &rdev->flags); + rdev->raid_disk = role; ++ if (role >= mddev->raid_disks) { ++ rdev->saved_raid_disk = -1; ++ rdev->raid_disk = -1; ++ } + break; + } + if (sb->devflags & WriteMostly1) diff --git a/queue-4.4/mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch b/queue-4.4/mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch new file mode 100644 index 00000000000..65e7c6280c7 --- /dev/null +++ b/queue-4.4/mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch @@ -0,0 +1,57 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Yu Zhao +Date: Sun, 23 Sep 2018 14:39:24 -0600 +Subject: mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 + +From: Yu Zhao + +[ Upstream commit 5169894982bb67486d93cc1e10151712bb86bcb6 ] + +This device reports SDHCI_CLOCK_INT_STABLE even though it's not +ready to take SDHCI_CLOCK_CARD_EN. The symptom is that reading +SDHCI_CLOCK_CONTROL after enabling the clock shows absence of the +bit from the register (e.g. expecting 0x0000fa07 = 0x0000fa03 | +SDHCI_CLOCK_CARD_EN but only observed the first operand). + +mmc1: Timeout waiting for hardware cmd interrupt. +mmc1: sdhci: ============ SDHCI REGISTER DUMP =========== +mmc1: sdhci: Sys addr: 0x00000000 | Version: 0x00000603 +mmc1: sdhci: Blk size: 0x00000000 | Blk cnt: 0x00000000 +mmc1: sdhci: Argument: 0x00000000 | Trn mode: 0x00000000 +mmc1: sdhci: Present: 0x01ff0001 | Host ctl: 0x00000001 +mmc1: sdhci: Power: 0x0000000f | Blk gap: 0x00000000 +mmc1: sdhci: Wake-up: 0x00000000 | Clock: 0x0000fa03 +mmc1: sdhci: Timeout: 0x00000000 | Int stat: 0x00000000 +mmc1: sdhci: Int enab: 0x00ff0083 | Sig enab: 0x00ff0083 +mmc1: sdhci: AC12 err: 0x00000000 | Slot int: 0x00000000 +mmc1: sdhci: Caps: 0x25fcc8bf | Caps_1: 0x00002077 +mmc1: sdhci: Cmd: 0x00000000 | Max curr: 0x005800c8 +mmc1: sdhci: Resp[0]: 0x00000000 | Resp[1]: 0x00000000 +mmc1: sdhci: Resp[2]: 0x00000000 | Resp[3]: 0x00000000 +mmc1: sdhci: Host ctl2: 0x00000008 +mmc1: sdhci: ADMA Err: 0x00000000 | ADMA Ptr: 0x00000000 +mmc1: sdhci: ============================================ + +The problem happens during wakeup from S3. Adding a delay quirk +after power up reliably fixes the problem. + +Signed-off-by: Yu Zhao +Signed-off-by: Ulf Hansson +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci-pci-o2micro.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/mmc/host/sdhci-pci-o2micro.c ++++ b/drivers/mmc/host/sdhci-pci-o2micro.c +@@ -334,6 +334,9 @@ int sdhci_pci_o2_probe(struct sdhci_pci_ + pci_write_config_byte(chip->pdev, O2_SD_LOCK_WP, scratch); + break; + case PCI_DEVICE_ID_O2_SEABIRD0: ++ if (chip->pdev->revision == 0x01) ++ chip->quirks |= SDHCI_QUIRK_DELAY_AFTER_POWER; ++ /* fall through */ + case PCI_DEVICE_ID_O2_SEABIRD1: + /* UnLock WP */ + ret = pci_read_config_byte(chip->pdev, diff --git a/queue-4.4/net-qla3xxx-remove-overflowing-shift-statement.patch b/queue-4.4/net-qla3xxx-remove-overflowing-shift-statement.patch new file mode 100644 index 00000000000..e08f9c17e8c --- /dev/null +++ b/queue-4.4/net-qla3xxx-remove-overflowing-shift-statement.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Nathan Chancellor +Date: Fri, 12 Oct 2018 19:14:58 -0700 +Subject: net: qla3xxx: Remove overflowing shift statement + +From: Nathan Chancellor + +[ Upstream commit 8c3bf9b62b667456a57aefcf1689e826df146159 ] + +Clang currently warns: + +drivers/net/ethernet/qlogic/qla3xxx.c:384:24: warning: signed shift +result (0xF00000000) requires 37 bits to represent, but 'int' only has +32 bits [-Wshift-overflow] + ((ISP_NVRAM_MASK << 16) | qdev->eeprom_cmd_data)); + ~~~~~~~~~~~~~~ ^ ~~ +1 warning generated. + +The warning is certainly accurate since ISP_NVRAM_MASK is defined as +(0x000F << 16) which is then shifted by 16, resulting in 64424509440, +well above UINT_MAX. + +Given that this is the only location in this driver where ISP_NVRAM_MASK +is shifted again, it seems likely that ISP_NVRAM_MASK was originally +defined without a shift and during the move of the shift to the +definition, this statement wasn't properly removed (since ISP_NVRAM_MASK +is used in the statenent right above this). Only the maintainers can +confirm this since this statment has been here since the driver was +first added to the kernel. + +Link: https://github.com/ClangBuiltLinux/linux/issues/127 +Signed-off-by: Nathan Chancellor +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/qlogic/qla3xxx.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/net/ethernet/qlogic/qla3xxx.c ++++ b/drivers/net/ethernet/qlogic/qla3xxx.c +@@ -380,8 +380,6 @@ static void fm93c56a_select(struct ql3_a + + qdev->eeprom_cmd_data = AUBURN_EEPROM_CS_1; + ql_write_nvram_reg(qdev, spir, ISP_NVRAM_MASK | qdev->eeprom_cmd_data); +- ql_write_nvram_reg(qdev, spir, +- ((ISP_NVRAM_MASK << 16) | qdev->eeprom_cmd_data)); + } + + /* diff --git a/queue-4.4/perf-tools-cleanup-trace-event-info-tdata-leak.patch b/queue-4.4/perf-tools-cleanup-trace-event-info-tdata-leak.patch new file mode 100644 index 00000000000..b5ac8ccc6a3 --- /dev/null +++ b/queue-4.4/perf-tools-cleanup-trace-event-info-tdata-leak.patch @@ -0,0 +1,44 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Sanskriti Sharma +Date: Tue, 2 Oct 2018 10:29:11 -0400 +Subject: perf tools: Cleanup trace-event-info 'tdata' leak + +From: Sanskriti Sharma + +[ Upstream commit faedbf3fd19f2511a39397f76359e4cc6ee93072 ] + +Free tracing_data structure in tracing_data_get() error paths. + +Fixes the following coverity complaint: + + Error: RESOURCE_LEAK (CWE-772): + leaked_storage: Variable "tdata" going out of scope leaks the storage + +Signed-off-by: Sanskriti Sharma +Reviewed-by: Jiri Olsa +Cc: Joe Lawrence +Link: http://lkml.kernel.org/r/1538490554-8161-3-git-send-email-sansharm@redhat.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/trace-event-info.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/tools/perf/util/trace-event-info.c ++++ b/tools/perf/util/trace-event-info.c +@@ -507,12 +507,14 @@ struct tracing_data *tracing_data_get(st + "/tmp/perf-XXXXXX"); + if (!mkstemp(tdata->temp_file)) { + pr_debug("Can't make temp file"); ++ free(tdata); + return NULL; + } + + temp_fd = open(tdata->temp_file, O_RDWR); + if (temp_fd < 0) { + pr_debug("Can't read '%s'", tdata->temp_file); ++ free(tdata); + return NULL; + } + diff --git a/queue-4.4/perf-tools-free-temporary-sys-string-in-read_event_files.patch b/queue-4.4/perf-tools-free-temporary-sys-string-in-read_event_files.patch new file mode 100644 index 00000000000..78f8457b664 --- /dev/null +++ b/queue-4.4/perf-tools-free-temporary-sys-string-in-read_event_files.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Sanskriti Sharma +Date: Tue, 2 Oct 2018 10:29:14 -0400 +Subject: perf tools: Free temporary 'sys' string in read_event_files() + +From: Sanskriti Sharma + +[ Upstream commit 1e44224fb0528b4c0cc176bde2bb31e9127eb14b ] + +For each system in a given pevent, read_event_files() reads in a +temporary 'sys' string. Be sure to free this string before moving onto +to the next system and/or leaving read_event_files(). + +Fixes the following coverity complaints: + + Error: RESOURCE_LEAK (CWE-772): + + tools/perf/util/trace-event-read.c:343: overwrite_var: Overwriting + "sys" in "sys = read_string()" leaks the storage that "sys" points to. + + tools/perf/util/trace-event-read.c:353: leaked_storage: Variable "sys" + going out of scope leaks the storage it points to. + +Signed-off-by: Sanskriti Sharma +Reviewed-by: Jiri Olsa +Cc: Joe Lawrence +Link: http://lkml.kernel.org/r/1538490554-8161-6-git-send-email-sansharm@redhat.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/trace-event-read.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/tools/perf/util/trace-event-read.c ++++ b/tools/perf/util/trace-event-read.c +@@ -334,9 +334,12 @@ static int read_event_files(struct peven + for (x=0; x < count; x++) { + size = read8(pevent); + ret = read_event_file(pevent, sys, size); +- if (ret) ++ if (ret) { ++ free(sys); + return ret; ++ } + } ++ free(sys); + } + return 0; + } diff --git a/queue-4.4/pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch b/queue-4.4/pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch new file mode 100644 index 00000000000..4e69f0a0148 --- /dev/null +++ b/queue-4.4/pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch @@ -0,0 +1,47 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Stephen Boyd +Date: Thu, 30 Aug 2018 17:58:52 -0700 +Subject: pinctrl: qcom: spmi-mpp: Fix drive strength setting + +From: Stephen Boyd + +[ Upstream commit 89c68b102f13f123aaef22b292526d6b92501334 ] + +It looks like we parse the drive strength setting here, but never +actually write it into the hardware to update it. Parse the setting and +then write it at the end of the pinconf setting function so that it +actually sticks in the hardware. + +Fixes: 0e948042c420 ("pinctrl: qcom: spmi-mpp: Implement support for sink mode") +Cc: Doug Anderson +Signed-off-by: Stephen Boyd +Reviewed-by: Bjorn Andersson +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c ++++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c +@@ -459,7 +459,7 @@ static int pmic_mpp_config_set(struct pi + pad->dtest = arg; + break; + case PIN_CONFIG_DRIVE_STRENGTH: +- arg = pad->drive_strength; ++ pad->drive_strength = arg; + break; + case PMIC_MPP_CONF_AMUX_ROUTE: + if (arg >= PMIC_MPP_AMUX_ROUTE_ABUS4) +@@ -503,6 +503,10 @@ static int pmic_mpp_config_set(struct pi + if (ret < 0) + return ret; + ++ ret = pmic_mpp_write(state, pad, PMIC_MPP_REG_SINK_CTL, pad->drive_strength); ++ if (ret < 0) ++ return ret; ++ + val = pad->is_enabled << PMIC_MPP_REG_MASTER_EN_SHIFT; + + return pmic_mpp_write(state, pad, PMIC_MPP_REG_EN_CTL, val); diff --git a/queue-4.4/pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch b/queue-4.4/pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch new file mode 100644 index 00000000000..648e5d06e50 --- /dev/null +++ b/queue-4.4/pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch @@ -0,0 +1,31 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: YueHaibing +Date: Thu, 20 Sep 2018 01:58:18 +0000 +Subject: pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux + +From: YueHaibing + +[ Upstream commit 69f8455f6cc78fa6cdf80d0105d7a748106271dc ] + +'ret' should be returned while pmic_mpp_write_mode_ctl fails. + +Fixes: 0e948042c420 ("pinctrl: qcom: spmi-mpp: Implement support for sink mode") +Signed-off-by: YueHaibing +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c ++++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c +@@ -321,6 +321,8 @@ static int pmic_mpp_set_mux(struct pinct + pad->function = function; + + ret = pmic_mpp_write_mode_ctl(state, pad); ++ if (ret < 0) ++ return ret; + + val = pad->is_enabled << PMIC_MPP_REG_MASTER_EN_SHIFT; + diff --git a/queue-4.4/pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch b/queue-4.4/pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch new file mode 100644 index 00000000000..efe616a9781 --- /dev/null +++ b/queue-4.4/pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch @@ -0,0 +1,91 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Douglas Anderson +Date: Thu, 30 Aug 2018 08:23:39 -0700 +Subject: pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant + +From: Douglas Anderson + +[ Upstream commit 0d5b476f8f57fcb06c45fe27681ac47254f63fd2 ] + +If you look at "pinconf-groups" in debugfs for ssbi-mpp you'll notice +it looks like nonsense. + +The problem is fairly well described in commit 1cf86bc21257 ("pinctrl: +qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant") and +commit 05e0c828955c ("pinctrl: msm: Fix msm_config_group_get() to be +compliant"), but it was pointed out that ssbi-mpp has the same +problem. Let's fix it there too. + +NOTE: in case it's helpful to someone reading this, the way to tell +whether to do the -EINVAL or not is to look at the PCONFDUMP for a +given attribute. If the last element (has_arg) is false then you need +to do the -EINVAL trick. + +ALSO NOTE: it seems unlikely that the values returned when we try to +get PIN_CONFIG_BIAS_PULL_UP will actually be printed since "has_arg" +is false for that one, but I guess it's still fine to return different +values so I kept doing that. It seems like another driver (ssbi-gpio) +uses a custom attribute (PM8XXX_QCOM_PULL_UP_STRENGTH) for something +similar so maybe a future change should do that here too. + +Fixes: cfb24f6ebd38 ("pinctrl: Qualcomm SPMI PMIC MPP pin controller driver") +Signed-off-by: Douglas Anderson +Reviewed-by: Stephen Boyd +Reviewed-by: Bjorn Andersson +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-spmi-mpp.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +--- a/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c ++++ b/drivers/pinctrl/qcom/pinctrl-spmi-mpp.c +@@ -347,13 +347,12 @@ static int pmic_mpp_config_get(struct pi + + switch (param) { + case PIN_CONFIG_BIAS_DISABLE: +- arg = pad->pullup == PMIC_MPP_PULL_UP_OPEN; ++ if (pad->pullup != PMIC_MPP_PULL_UP_OPEN) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_BIAS_PULL_UP: + switch (pad->pullup) { +- case PMIC_MPP_PULL_UP_OPEN: +- arg = 0; +- break; + case PMIC_MPP_PULL_UP_0P6KOHM: + arg = 600; + break; +@@ -368,13 +367,17 @@ static int pmic_mpp_config_get(struct pi + } + break; + case PIN_CONFIG_BIAS_HIGH_IMPEDANCE: +- arg = !pad->is_enabled; ++ if (pad->is_enabled) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_POWER_SOURCE: + arg = pad->power_source; + break; + case PIN_CONFIG_INPUT_ENABLE: +- arg = pad->input_enabled; ++ if (!pad->input_enabled) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_OUTPUT: + arg = pad->out_value; +@@ -386,7 +389,9 @@ static int pmic_mpp_config_get(struct pi + arg = pad->amux_input; + break; + case PMIC_MPP_CONF_PAIRED: +- arg = pad->paired; ++ if (!pad->paired) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_DRIVE_STRENGTH: + arg = pad->drive_strength; diff --git a/queue-4.4/pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch b/queue-4.4/pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch new file mode 100644 index 00000000000..11b9c9b0639 --- /dev/null +++ b/queue-4.4/pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch @@ -0,0 +1,86 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Douglas Anderson +Date: Thu, 30 Aug 2018 08:23:38 -0700 +Subject: pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant + +From: Douglas Anderson + +[ Upstream commit b432414b996d32a1bd9afe2bd595bd5729c1477f ] + +If you look at "pinconf-groups" in debugfs for ssbi-gpio you'll notice +it looks like nonsense. + +The problem is fairly well described in commit 1cf86bc21257 ("pinctrl: +qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant") and +commit 05e0c828955c ("pinctrl: msm: Fix msm_config_group_get() to be +compliant"), but it was pointed out that ssbi-gpio has the same +problem. Let's fix it there too. + +Fixes: b4c45fe974bc ("pinctrl: qcom: ssbi: Family A gpio & mpp drivers") +Signed-off-by: Douglas Anderson +Reviewed-by: Stephen Boyd +Reviewed-by: Bjorn Andersson +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c | 28 +++++++++++++++++++++------- + 1 file changed, 21 insertions(+), 7 deletions(-) + +--- a/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c ++++ b/drivers/pinctrl/qcom/pinctrl-ssbi-gpio.c +@@ -259,22 +259,32 @@ static int pm8xxx_pin_config_get(struct + + switch (param) { + case PIN_CONFIG_BIAS_DISABLE: +- arg = pin->bias == PM8XXX_GPIO_BIAS_NP; ++ if (pin->bias != PM8XXX_GPIO_BIAS_NP) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_BIAS_PULL_DOWN: +- arg = pin->bias == PM8XXX_GPIO_BIAS_PD; ++ if (pin->bias != PM8XXX_GPIO_BIAS_PD) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_BIAS_PULL_UP: +- arg = pin->bias <= PM8XXX_GPIO_BIAS_PU_1P5_30; ++ if (pin->bias > PM8XXX_GPIO_BIAS_PU_1P5_30) ++ return -EINVAL; ++ arg = 1; + break; + case PM8XXX_QCOM_PULL_UP_STRENGTH: + arg = pin->pull_up_strength; + break; + case PIN_CONFIG_BIAS_HIGH_IMPEDANCE: +- arg = pin->disable; ++ if (!pin->disable) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_INPUT_ENABLE: +- arg = pin->mode == PM8XXX_GPIO_MODE_INPUT; ++ if (pin->mode != PM8XXX_GPIO_MODE_INPUT) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_OUTPUT: + if (pin->mode & PM8XXX_GPIO_MODE_OUTPUT) +@@ -289,10 +299,14 @@ static int pm8xxx_pin_config_get(struct + arg = pin->output_strength; + break; + case PIN_CONFIG_DRIVE_PUSH_PULL: +- arg = !pin->open_drain; ++ if (pin->open_drain) ++ return -EINVAL; ++ arg = 1; + break; + case PIN_CONFIG_DRIVE_OPEN_DRAIN: +- arg = pin->open_drain; ++ if (!pin->open_drain) ++ return -EINVAL; ++ arg = 1; + break; + default: + return -EINVAL; diff --git a/queue-4.4/scsi-esp_scsi-track-residual-for-pio-transfers.patch b/queue-4.4/scsi-esp_scsi-track-residual-for-pio-transfers.patch new file mode 100644 index 00000000000..5fa68a0d58b --- /dev/null +++ b/queue-4.4/scsi-esp_scsi-track-residual-for-pio-transfers.patch @@ -0,0 +1,68 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Finn Thain +Date: Tue, 16 Oct 2018 16:31:25 +1100 +Subject: scsi: esp_scsi: Track residual for PIO transfers + +From: Finn Thain + +[ Upstream commit fd47d919d0c336e7c22862b51ee94927ffea227a ] + +If a target disconnects during a PIO data transfer the command may fail +when the target reconnects: + +scsi host1: DMA length is zero! +scsi host1: cur adr[04380000] len[00000000] + +The scsi bus is then reset. This happens because the residual reached +zero before the transfer was completed. + +The usual residual calculation relies on the Transfer Count registers. +That works for DMA transfers but not for PIO transfers. Fix the problem +by storing the PIO transfer residual and using that to correctly +calculate bytes_sent. + +Fixes: 6fe07aaffbf0 ("[SCSI] m68k: new mac_esp scsi driver") +Tested-by: Stan Johnson +Signed-off-by: Finn Thain +Tested-by: Michael Schmitz +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/esp_scsi.c | 1 + + drivers/scsi/esp_scsi.h | 2 ++ + drivers/scsi/mac_esp.c | 2 ++ + 3 files changed, 5 insertions(+) + +--- a/drivers/scsi/esp_scsi.c ++++ b/drivers/scsi/esp_scsi.c +@@ -1349,6 +1349,7 @@ static int esp_data_bytes_sent(struct es + + bytes_sent = esp->data_dma_len; + bytes_sent -= ecount; ++ bytes_sent -= esp->send_cmd_residual; + + /* + * The am53c974 has a DMA 'pecularity'. The doc states: +--- a/drivers/scsi/esp_scsi.h ++++ b/drivers/scsi/esp_scsi.h +@@ -540,6 +540,8 @@ struct esp { + + void *dma; + int dmarev; ++ ++ u32 send_cmd_residual; + }; + + /* A front-end driver for the ESP chip should do the following in +--- a/drivers/scsi/mac_esp.c ++++ b/drivers/scsi/mac_esp.c +@@ -426,6 +426,8 @@ static void mac_esp_send_pio_cmd(struct + scsi_esp_cmd(esp, ESP_CMD_TI); + } + } ++ ++ esp->send_cmd_residual = esp_count; + } + + static int mac_esp_irq_pending(struct esp *esp) diff --git a/queue-4.4/scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch b/queue-4.4/scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch new file mode 100644 index 00000000000..48777bc14e8 --- /dev/null +++ b/queue-4.4/scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch @@ -0,0 +1,60 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: James Smart +Date: Mon, 10 Sep 2018 10:30:45 -0700 +Subject: scsi: lpfc: Correct soft lockup when running mds diagnostics + +From: James Smart + +[ Upstream commit 0ef01a2d95fd62bb4f536e7ce4d5e8e74b97a244 ] + +When running an mds diagnostic that passes frames with the switch, soft +lockups are detected. The driver is in a CQE processing loop and has +sufficient amount of traffic that it never exits the ring processing routine, +thus the "lockup". + +Cap the number of elements in the work processing routine to 64 elements. This +ensures that the cpu will be given up and the handler reschedule to process +additional items. + +Signed-off-by: Dick Kennedy +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/lpfc/lpfc_sli.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -3485,6 +3485,7 @@ lpfc_sli_handle_slow_ring_event_s4(struc + struct hbq_dmabuf *dmabuf; + struct lpfc_cq_event *cq_event; + unsigned long iflag; ++ int count = 0; + + spin_lock_irqsave(&phba->hbalock, iflag); + phba->hba_flag &= ~HBA_SP_QUEUE_EVT; +@@ -3506,16 +3507,22 @@ lpfc_sli_handle_slow_ring_event_s4(struc + if (irspiocbq) + lpfc_sli_sp_handle_rspiocb(phba, pring, + irspiocbq); ++ count++; + break; + case CQE_CODE_RECEIVE: + case CQE_CODE_RECEIVE_V1: + dmabuf = container_of(cq_event, struct hbq_dmabuf, + cq_event); + lpfc_sli4_handle_received_buffer(phba, dmabuf); ++ count++; + break; + default: + break; + } ++ ++ /* Limit the number of events to 64 to avoid soft lockups */ ++ if (count == 64) ++ break; + } + } + diff --git a/queue-4.4/scsi-megaraid_sas-fix-a-missing-check-bug.patch b/queue-4.4/scsi-megaraid_sas-fix-a-missing-check-bug.patch new file mode 100644 index 00000000000..4b02d342ef4 --- /dev/null +++ b/queue-4.4/scsi-megaraid_sas-fix-a-missing-check-bug.patch @@ -0,0 +1,52 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Wenwen Wang +Date: Sat, 6 Oct 2018 13:34:21 -0500 +Subject: scsi: megaraid_sas: fix a missing-check bug + +From: Wenwen Wang + +[ Upstream commit 47db7873136a9c57c45390a53b57019cf73c8259 ] + +In megasas_mgmt_compat_ioctl_fw(), to handle the structure +compat_megasas_iocpacket 'cioc', a user-space structure megasas_iocpacket +'ioc' is allocated before megasas_mgmt_ioctl_fw() is invoked to handle +the packet. Since the two data structures have different fields, the data +is copied from 'cioc' to 'ioc' field by field. In the copy process, +'sense_ptr' is prepared if the field 'sense_len' is not null, because it +will be used in megasas_mgmt_ioctl_fw(). To prepare 'sense_ptr', the +user-space data 'ioc->sense_off' and 'cioc->sense_off' are copied and +saved to kernel-space variables 'local_sense_off' and 'user_sense_off' +respectively. Given that 'ioc->sense_off' is also copied from +'cioc->sense_off', 'local_sense_off' and 'user_sense_off' should have the +same value. However, 'cioc' is in the user space and a malicious user can +race to change the value of 'cioc->sense_off' after it is copied to +'ioc->sense_off' but before it is copied to 'user_sense_off'. By doing +so, the attacker can inject different values into 'local_sense_off' and +'user_sense_off'. This can cause undefined behavior in the following +execution, because the two variables are supposed to be same. + +This patch enforces a check on the two kernel variables 'local_sense_off' +and 'user_sense_off' to make sure they are the same after the copy. In +case they are not, an error code EINVAL will be returned. + +Signed-off-by: Wenwen Wang +Acked-by: Sumit Saxena +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/megaraid/megaraid_sas_base.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/scsi/megaraid/megaraid_sas_base.c ++++ b/drivers/scsi/megaraid/megaraid_sas_base.c +@@ -6510,6 +6510,9 @@ static int megasas_mgmt_compat_ioctl_fw( + get_user(user_sense_off, &cioc->sense_off)) + return -EFAULT; + ++ if (local_sense_off != user_sense_off) ++ return -EINVAL; ++ + if (local_sense_len) { + void __user **sense_ioc_ptr = + (void __user **)((u8 *)((unsigned long)&ioc->frame.raw) + local_sense_off); diff --git a/queue-4.4/selftests-ftrace-add-synthetic-event-syntax-testcase.patch b/queue-4.4/selftests-ftrace-add-synthetic-event-syntax-testcase.patch new file mode 100644 index 00000000000..57846d2ec33 --- /dev/null +++ b/queue-4.4/selftests-ftrace-add-synthetic-event-syntax-testcase.patch @@ -0,0 +1,107 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Masami Hiramatsu +Date: Thu, 18 Oct 2018 22:13:02 +0900 +Subject: selftests: ftrace: Add synthetic event syntax testcase + +From: Masami Hiramatsu + +[ Upstream commit ba0e41ca81b935b958006c7120466e2217357827 ] + +Add a testcase to check the syntax and field types for +synthetic_events interface. + +Link: http://lkml.kernel.org/r/153986838264.18251.16627517536956299922.stgit@devbox + +Acked-by: Shuah Khan +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-syntax.tc | 80 ++++++++++ + 1 file changed, 80 insertions(+) + create mode 100644 tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-syntax.tc + +--- /dev/null ++++ b/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-syntax.tc +@@ -0,0 +1,80 @@ ++#!/bin/sh ++# SPDX-License-Identifier: GPL-2.0 ++# description: event trigger - test synthetic_events syntax parser ++ ++do_reset() { ++ reset_trigger ++ echo > set_event ++ clear_trace ++} ++ ++fail() { #msg ++ do_reset ++ echo $1 ++ exit_fail ++} ++ ++if [ ! -f set_event ]; then ++ echo "event tracing is not supported" ++ exit_unsupported ++fi ++ ++if [ ! -f synthetic_events ]; then ++ echo "synthetic event is not supported" ++ exit_unsupported ++fi ++ ++reset_tracer ++do_reset ++ ++echo "Test synthetic_events syntax parser" ++ ++echo > synthetic_events ++ ++# synthetic event must have a field ++! echo "myevent" >> synthetic_events ++echo "myevent u64 var1" >> synthetic_events ++ ++# synthetic event must be found in synthetic_events ++grep "myevent[[:space:]]u64 var1" synthetic_events ++ ++# it is not possible to add same name event ++! echo "myevent u64 var2" >> synthetic_events ++ ++# Non-append open will cleanup all events and add new one ++echo "myevent u64 var2" > synthetic_events ++ ++# multiple fields with different spaces ++echo "myevent u64 var1; u64 var2;" > synthetic_events ++grep "myevent[[:space:]]u64 var1; u64 var2" synthetic_events ++echo "myevent u64 var1 ; u64 var2 ;" > synthetic_events ++grep "myevent[[:space:]]u64 var1; u64 var2" synthetic_events ++echo "myevent u64 var1 ;u64 var2" > synthetic_events ++grep "myevent[[:space:]]u64 var1; u64 var2" synthetic_events ++ ++# test field types ++echo "myevent u32 var" > synthetic_events ++echo "myevent u16 var" > synthetic_events ++echo "myevent u8 var" > synthetic_events ++echo "myevent s64 var" > synthetic_events ++echo "myevent s32 var" > synthetic_events ++echo "myevent s16 var" > synthetic_events ++echo "myevent s8 var" > synthetic_events ++ ++echo "myevent char var" > synthetic_events ++echo "myevent int var" > synthetic_events ++echo "myevent long var" > synthetic_events ++echo "myevent pid_t var" > synthetic_events ++ ++echo "myevent unsigned char var" > synthetic_events ++echo "myevent unsigned int var" > synthetic_events ++echo "myevent unsigned long var" > synthetic_events ++grep "myevent[[:space:]]unsigned long var" synthetic_events ++ ++# test string type ++echo "myevent char var[10]" > synthetic_events ++grep "myevent[[:space:]]char\[10\] var" synthetic_events ++ ++do_reset ++ ++exit 0 diff --git a/queue-4.4/series b/queue-4.4/series index c91074abcee..71b2338efa1 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -10,3 +10,38 @@ alsa-hda-add-mic-quirk-for-the-lenovo-g50-30-17aa-3905.patch alsa-ca0106-disable-izd-on-sb0570-dac-to-fix-audio-pops.patch x86-corruption-check-fix-panic-in-memory_corruption_check-when-boot-option-without-value-is-provided.patch x86-kconfig-fall-back-to-ticket-spinlocks.patch +sparc-fix-single-pcr-perf-event-counter-management.patch +sparc-throttle-perf-events-properly.patch +x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch +net-qla3xxx-remove-overflowing-shift-statement.patch +selftests-ftrace-add-synthetic-event-syntax-testcase.patch +locking-lockdep-fix-debug_locks-off-performance-problem.patch +ataflop-fix-error-handling-during-setup.patch +swim-fix-cleanup-on-setup-error.patch +tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch +perf-tools-free-temporary-sys-string-in-read_event_files.patch +perf-tools-cleanup-trace-event-info-tdata-leak.patch +cpupower-fix-coredump-on-vmware.patch +mmc-sdhci-pci-o2micro-add-quirk-for-o2-micro-dev-0x8620-rev-0x01.patch +x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch +bluetooth-btbcm-add-entry-for-bcm4335c0-uart-bluetooth.patch +x86-boot-fix-efi-stub-alignment.patch +pinctrl-qcom-spmi-mpp-fix-err-handling-of-pmic_mpp_set_mux.patch +kprobes-return-error-if-we-fail-to-reuse-kprobe-instead-of-bug_on.patch +acpi-lpss-add-alternative-acpi-hids-for-cherry-trail-dma-controllers.patch +pinctrl-qcom-spmi-mpp-fix-drive-strength-setting.patch +pinctrl-spmi-mpp-fix-pmic_mpp_config_get-to-be-compliant.patch +pinctrl-ssbi-gpio-fix-pm8xxx_pin_config_get-to-be-compliant.patch +ath10k-schedule-hardware-restart-if-wmi-command-times-out.patch +scsi-esp_scsi-track-residual-for-pio-transfers.patch +scsi-megaraid_sas-fix-a-missing-check-bug.patch +tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch +ext4-fix-argument-checking-in-ext4_ioc_move_ext.patch +md-fix-invalid-stored-role-for-a-disk.patch +usb-chipidea-prevent-unbalanced-irq-disable.patch +driver-dma-ioat-call-del_timer_sync-without-holding-prep_lock.patch +uio-ensure-class-is-registered-before-devices.patch +scsi-lpfc-correct-soft-lockup-when-running-mds-diagnostics.patch +signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch +dmaengine-dma-jz4780-return-error-if-not-probed-from-dt.patch +alsa-hda-check-the-non-cached-stream-buffers-more-explicitly.patch diff --git a/queue-4.4/signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch b/queue-4.4/signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch new file mode 100644 index 00000000000..41a9b9f5e67 --- /dev/null +++ b/queue-4.4/signal-always-deliver-the-kernel-s-sigkill-and-sigstop-to-a-pid-namespace-init.patch @@ -0,0 +1,36 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: "Eric W. Biederman" +Date: Mon, 3 Sep 2018 20:02:46 +0200 +Subject: signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init + +From: "Eric W. Biederman" + +[ Upstream commit 3597dfe01d12f570bc739da67f857fd222a3ea66 ] + +Instead of playing whack-a-mole and changing SEND_SIG_PRIV to +SEND_SIG_FORCED throughout the kernel to ensure a pid namespace init +gets signals sent by the kernel, stop allowing a pid namespace init to +ignore SIGKILL or SIGSTOP sent by the kernel. A pid namespace init is +only supposed to be able to ignore signals sent from itself and +children with SIG_DFL. + +Fixes: 921cf9f63089 ("signals: protect cinit from unblocked SIG_DFL signals") +Reviewed-by: Thomas Gleixner +Signed-off-by: "Eric W. Biederman" +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/signal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -991,7 +991,7 @@ static int __send_signal(int sig, struct + + result = TRACE_SIGNAL_IGNORED; + if (!prepare_signal(sig, t, +- from_ancestor_ns || (info == SEND_SIG_FORCED))) ++ from_ancestor_ns || (info == SEND_SIG_PRIV) || (info == SEND_SIG_FORCED))) + goto ret; + + pending = group ? &t->signal->shared_pending : &t->pending; diff --git a/queue-4.4/sparc-fix-single-pcr-perf-event-counter-management.patch b/queue-4.4/sparc-fix-single-pcr-perf-event-counter-management.patch new file mode 100644 index 00000000000..9789f5f8b30 --- /dev/null +++ b/queue-4.4/sparc-fix-single-pcr-perf-event-counter-management.patch @@ -0,0 +1,91 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: "David S. Miller" +Date: Fri, 12 Oct 2018 10:31:58 -0700 +Subject: sparc: Fix single-pcr perf event counter management. + +From: "David S. Miller" + +[ Upstream commit cfdc3170d214046b9509183fe9b9544dc644d40b ] + +It is important to clear the hw->state value for non-stopped events +when they are added into the PMU. Otherwise when the event is +scheduled out, we won't read the counter because HES_UPTODATE is still +set. This breaks 'perf stat' and similar use cases, causing all the +events to show zero. + +This worked for multi-pcr because we make explicit sparc_pmu_start() +calls in calculate_multiple_pcrs(). calculate_single_pcr() doesn't do +this because the idea there is to accumulate all of the counter +settings into the single pcr value. So we have to add explicit +hw->state handling there. + +Like x86, we use the PERF_HES_ARCH bit to track truly stopped events +so that we don't accidently start them on a reload. + +Related to all of this, sparc_pmu_start() is missing a userpage update +so add it. + +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/kernel/perf_event.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +--- a/arch/sparc/kernel/perf_event.c ++++ b/arch/sparc/kernel/perf_event.c +@@ -926,6 +926,8 @@ static void read_in_all_counters(struct + sparc_perf_event_update(cp, &cp->hw, + cpuc->current_idx[i]); + cpuc->current_idx[i] = PIC_NO_INDEX; ++ if (cp->hw.state & PERF_HES_STOPPED) ++ cp->hw.state |= PERF_HES_ARCH; + } + } + } +@@ -958,10 +960,12 @@ static void calculate_single_pcr(struct + + enc = perf_event_get_enc(cpuc->events[i]); + cpuc->pcr[0] &= ~mask_for_index(idx); +- if (hwc->state & PERF_HES_STOPPED) ++ if (hwc->state & PERF_HES_ARCH) { + cpuc->pcr[0] |= nop_for_index(idx); +- else ++ } else { + cpuc->pcr[0] |= event_encoding(enc, idx); ++ hwc->state = 0; ++ } + } + out: + cpuc->pcr[0] |= cpuc->event[0]->hw.config_base; +@@ -987,6 +991,9 @@ static void calculate_multiple_pcrs(stru + + cpuc->current_idx[i] = idx; + ++ if (cp->hw.state & PERF_HES_ARCH) ++ continue; ++ + sparc_pmu_start(cp, PERF_EF_RELOAD); + } + out: +@@ -1078,6 +1085,8 @@ static void sparc_pmu_start(struct perf_ + event->hw.state = 0; + + sparc_pmu_enable_event(cpuc, &event->hw, idx); ++ ++ perf_event_update_userpage(event); + } + + static void sparc_pmu_stop(struct perf_event *event, int flags) +@@ -1370,9 +1379,9 @@ static int sparc_pmu_add(struct perf_eve + cpuc->events[n0] = event->hw.event_base; + cpuc->current_idx[n0] = PIC_NO_INDEX; + +- event->hw.state = PERF_HES_UPTODATE; ++ event->hw.state = PERF_HES_UPTODATE | PERF_HES_STOPPED; + if (!(ef_flags & PERF_EF_START)) +- event->hw.state |= PERF_HES_STOPPED; ++ event->hw.state |= PERF_HES_ARCH; + + /* + * If group events scheduling transaction was started, diff --git a/queue-4.4/sparc-throttle-perf-events-properly.patch b/queue-4.4/sparc-throttle-perf-events-properly.patch new file mode 100644 index 00000000000..fbd32d80201 --- /dev/null +++ b/queue-4.4/sparc-throttle-perf-events-properly.patch @@ -0,0 +1,58 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: "David S. Miller" +Date: Fri, 12 Oct 2018 10:33:20 -0700 +Subject: sparc: Throttle perf events properly. + +From: "David S. Miller" + +[ Upstream commit 455adb3174d2c8518cef1a61140c211f6ac224d2 ] + +Like x86 and arm, call perf_sample_event_took() in perf event +NMI interrupt handler. + +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/sparc/kernel/perf_event.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/arch/sparc/kernel/perf_event.c ++++ b/arch/sparc/kernel/perf_event.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -1611,6 +1612,8 @@ static int __kprobes perf_event_nmi_hand + struct perf_sample_data data; + struct cpu_hw_events *cpuc; + struct pt_regs *regs; ++ u64 finish_clock; ++ u64 start_clock; + int i; + + if (!atomic_read(&active_events)) +@@ -1624,6 +1627,8 @@ static int __kprobes perf_event_nmi_hand + return NOTIFY_DONE; + } + ++ start_clock = sched_clock(); ++ + regs = args->regs; + + cpuc = this_cpu_ptr(&cpu_hw_events); +@@ -1662,6 +1667,10 @@ static int __kprobes perf_event_nmi_hand + sparc_pmu_stop(event, 0); + } + ++ finish_clock = sched_clock(); ++ ++ perf_sample_event_took(finish_clock - start_clock); ++ + return NOTIFY_STOP; + } + diff --git a/queue-4.4/swim-fix-cleanup-on-setup-error.patch b/queue-4.4/swim-fix-cleanup-on-setup-error.patch new file mode 100644 index 00000000000..024b9af9a1b --- /dev/null +++ b/queue-4.4/swim-fix-cleanup-on-setup-error.patch @@ -0,0 +1,43 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Omar Sandoval +Date: Thu, 11 Oct 2018 12:20:41 -0700 +Subject: swim: fix cleanup on setup error + +From: Omar Sandoval + +[ Upstream commit 1448a2a5360ae06f25e2edc61ae070dff5c0beb4 ] + +If we fail to allocate the request queue for a disk, we still need to +free that disk, not just the previous ones. Additionally, we need to +cleanup the previous request queues. + +Signed-off-by: Omar Sandoval +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/swim.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +--- a/drivers/block/swim.c ++++ b/drivers/block/swim.c +@@ -868,8 +868,17 @@ static int swim_floppy_init(struct swim_ + + exit_put_disks: + unregister_blkdev(FLOPPY_MAJOR, "fd"); +- while (drive--) +- put_disk(swd->unit[drive].disk); ++ do { ++ struct gendisk *disk = swd->unit[drive].disk; ++ ++ if (disk) { ++ if (disk->queue) { ++ blk_cleanup_queue(disk->queue); ++ disk->queue = NULL; ++ } ++ put_disk(disk); ++ } ++ } while (drive--); + return err; + } + diff --git a/queue-4.4/tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch b/queue-4.4/tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch new file mode 100644 index 00000000000..e6a6a7f421e --- /dev/null +++ b/queue-4.4/tpm-suppress-transmit-cmd-error-logs-when-tpm-1.2-is-disabled-deactivated.patch @@ -0,0 +1,66 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Javier Martinez Canillas +Date: Thu, 30 Aug 2018 16:40:05 +0200 +Subject: tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated + +From: Javier Martinez Canillas + +[ Upstream commit 0d6d0d62d9505a9816716aa484ebd0b04c795063 ] + +For TPM 1.2 chips the system setup utility allows to set the TPM device in +one of the following states: + + * Active: Security chip is functional + * Inactive: Security chip is visible, but is not functional + * Disabled: Security chip is hidden and is not functional + +When choosing the "Inactive" state, the TPM 1.2 device is enumerated and +registered, but sending TPM commands fail with either TPM_DEACTIVATED or +TPM_DISABLED depending if the firmware deactivated or disabled the TPM. + +Since these TPM 1.2 error codes don't have special treatment, inactivating +the TPM leads to a very noisy kernel log buffer that shows messages like +the following: + + tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78) + tpm tpm0: A TPM error (6) occurred attempting to read a pcr value + tpm tpm0: TPM is disabled/deactivated (0x6) + tpm tpm0: A TPM error (6) occurred attempting get random + tpm tpm0: A TPM error (6) occurred attempting to read a pcr value + ima: No TPM chip found, activating TPM-bypass! (rc=6) + tpm tpm0: A TPM error (6) occurred attempting get random + tpm tpm0: A TPM error (6) occurred attempting get random + tpm tpm0: A TPM error (6) occurred attempting get random + tpm tpm0: A TPM error (6) occurred attempting get random + +Let's just suppress error log messages for the TPM_{DEACTIVATED,DISABLED} +return codes, since this is expected when the TPM 1.2 is set to Inactive. + +In that case the kernel log is cleaner and less confusing for users, i.e: + + tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78) + tpm tpm0: TPM is disabled/deactivated (0x6) + ima: No TPM chip found, activating TPM-bypass! (rc=6) + +Reported-by: Hans de Goede +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/char/tpm/tpm-interface.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/char/tpm/tpm-interface.c ++++ b/drivers/char/tpm/tpm-interface.c +@@ -415,7 +415,8 @@ ssize_t tpm_transmit_cmd(struct tpm_chip + header = cmd; + + err = be32_to_cpu(header->return_code); +- if (err != 0 && desc) ++ if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED ++ && desc) + dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, + desc); + diff --git a/queue-4.4/tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch b/queue-4.4/tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch new file mode 100644 index 00000000000..bd391e5db61 --- /dev/null +++ b/queue-4.4/tun-consistently-configure-generic-netdev-params-via-rtnetlink.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Serhey Popovych +Date: Tue, 9 Oct 2018 21:21:01 +0300 +Subject: tun: Consistently configure generic netdev params via rtnetlink + +From: Serhey Popovych + +[ Upstream commit df52eab23d703142c766ac00bdb8db19d71238d0 ] + +Configuring generic network device parameters on tun will fail in +presence of IFLA_INFO_KIND attribute in IFLA_LINKINFO nested attribute +since tun_validate() always return failure. + +This can be visualized with following ip-link(8) command sequences: + + # ip link set dev tun0 group 100 + # ip link set dev tun0 group 100 type tun + RTNETLINK answers: Invalid argument + +with contrast to dummy and veth drivers: + + # ip link set dev dummy0 group 100 + # ip link set dev dummy0 type dummy + + # ip link set dev veth0 group 100 + # ip link set dev veth0 group 100 type veth + +Fix by returning zero in tun_validate() when @data is NULL that is +always in case since rtnl_link_ops->maxtype is zero in tun driver. + +Fixes: f019a7a594d9 ("tun: Implement ip link del tunXXX") +Signed-off-by: Serhey Popovych +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/tun.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -1475,6 +1475,8 @@ static void tun_setup(struct net_device + */ + static int tun_validate(struct nlattr *tb[], struct nlattr *data[]) + { ++ if (!data) ++ return 0; + return -EINVAL; + } + diff --git a/queue-4.4/uio-ensure-class-is-registered-before-devices.patch b/queue-4.4/uio-ensure-class-is-registered-before-devices.patch new file mode 100644 index 00000000000..8c105616a0a --- /dev/null +++ b/queue-4.4/uio-ensure-class-is-registered-before-devices.patch @@ -0,0 +1,85 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Alexandre Belloni +Date: Thu, 16 Aug 2018 09:39:41 +0200 +Subject: uio: ensure class is registered before devices + +From: Alexandre Belloni + +[ Upstream commit ae61cf5b9913027c6953a79ed3894da4f47061bd ] + +When both uio and the uio drivers are built in the kernel, it is possible +for a driver to register devices before the uio class is registered. + +This may result in a NULL pointer dereference later on in +get_device_parent() when accessing the class glue_dirs spinlock. + +The trace looks like that: + +Unable to handle kernel NULL pointer dereference at virtual address 00000140 +[...] +[] _raw_spin_lock+0x14/0x48 +[] device_add+0x154/0x6a0 +[] device_create_groups_vargs+0x120/0x128 +[] device_create+0x54/0x60 +[] __uio_register_device+0x120/0x4a8 +[] jaguar2_pci_probe+0x2d4/0x558 +[] local_pci_probe+0x3c/0xb8 +[] pci_device_probe+0x11c/0x180 +[] driver_probe_device+0x22c/0x2d8 +[] __driver_attach+0xbc/0xc0 +[] bus_for_each_dev+0x4c/0x98 +[] driver_attach+0x20/0x28 +[] bus_add_driver+0x1b8/0x228 +[] driver_register+0x60/0xf8 +[] __pci_register_driver+0x40/0x48 + +Return EPROBE_DEFER in that case so the driver can register the device +later. + +Signed-off-by: Alexandre Belloni +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/uio/uio.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/uio/uio.c ++++ b/drivers/uio/uio.c +@@ -249,6 +249,8 @@ static struct class uio_class = { + .dev_groups = uio_groups, + }; + ++bool uio_class_registered; ++ + /* + * device functions + */ +@@ -772,6 +774,9 @@ static int init_uio_class(void) + printk(KERN_ERR "class_register failed for uio\n"); + goto err_class_register; + } ++ ++ uio_class_registered = true; ++ + return 0; + + err_class_register: +@@ -782,6 +787,7 @@ exit: + + static void release_uio_class(void) + { ++ uio_class_registered = false; + class_unregister(&uio_class); + uio_major_cleanup(); + } +@@ -801,6 +807,9 @@ int __uio_register_device(struct module + struct uio_device *idev; + int ret = 0; + ++ if (!uio_class_registered) ++ return -EPROBE_DEFER; ++ + if (!parent || !info || !info->name || !info->version) + return -EINVAL; + diff --git a/queue-4.4/usb-chipidea-prevent-unbalanced-irq-disable.patch b/queue-4.4/usb-chipidea-prevent-unbalanced-irq-disable.patch new file mode 100644 index 00000000000..6213176fc7f --- /dev/null +++ b/queue-4.4/usb-chipidea-prevent-unbalanced-irq-disable.patch @@ -0,0 +1,35 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Loic Poulain +Date: Tue, 4 Sep 2018 17:18:57 +0200 +Subject: usb: chipidea: Prevent unbalanced IRQ disable + +From: Loic Poulain + +[ Upstream commit 8b97d73c4d72a2abf58f8e49062a7ee1e5f1334e ] + +The ChipIdea IRQ is disabled before scheduling the otg work and +re-enabled on otg work completion. However if the job is already +scheduled we have to undo the effect of disable_irq int order to +balance the IRQ disable-depth value. + +Fixes: be6b0c1bd0be ("usb: chipidea: using one inline function to cover queue work operations") +Signed-off-by: Loic Poulain +Signed-off-by: Peter Chen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/chipidea/otg.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/usb/chipidea/otg.h ++++ b/drivers/usb/chipidea/otg.h +@@ -20,7 +20,8 @@ void ci_handle_vbus_change(struct ci_hdr + static inline void ci_otg_queue_work(struct ci_hdrc *ci) + { + disable_irq_nosync(ci->irq); +- queue_work(ci->wq, &ci->work); ++ if (queue_work(ci->wq, &ci->work) == false) ++ enable_irq(ci->irq); + } + + #endif /* __DRIVERS_USB_CHIPIDEA_OTG_H */ diff --git a/queue-4.4/x86-boot-fix-efi-stub-alignment.patch b/queue-4.4/x86-boot-fix-efi-stub-alignment.patch new file mode 100644 index 00000000000..213cf3af0f8 --- /dev/null +++ b/queue-4.4/x86-boot-fix-efi-stub-alignment.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Ben Hutchings +Date: Sun, 16 Sep 2018 16:22:47 +0100 +Subject: x86: boot: Fix EFI stub alignment + +From: Ben Hutchings + +[ Upstream commit 9c1442a9d039a1a3302fa93e9a11001c5f23b624 ] + +We currently align the end of the compressed image to a multiple of +16. However, the PE-COFF header included in the EFI stub says that +the file alignment is 32 bytes, and when adding an EFI signature to +the file it must first be padded to this alignment. + +sbsigntool commands warn about this: + + warning: file-aligned section .text extends beyond end of file + warning: checksum areas are greater than image size. Invalid section table? + +Worse, pesign -at least when creating a detached signature- uses the +hash of the unpadded file, resulting in an invalid signature if +padding is required. + +Avoid both these problems by increasing alignment to 32 bytes when +CONFIG_EFI_STUB is enabled. + +Signed-off-by: Ben Hutchings +Signed-off-by: Ard Biesheuvel +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/boot/tools/build.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/arch/x86/boot/tools/build.c ++++ b/arch/x86/boot/tools/build.c +@@ -391,6 +391,13 @@ int main(int argc, char ** argv) + die("Unable to mmap '%s': %m", argv[2]); + /* Number of 16-byte paragraphs, including space for a 4-byte CRC */ + sys_size = (sz + 15 + 4) / 16; ++#ifdef CONFIG_EFI_STUB ++ /* ++ * COFF requires minimum 32-byte alignment of sections, and ++ * adding a signature is problematic without that alignment. ++ */ ++ sys_size = (sys_size + 1) & ~1; ++#endif + + /* Patch the setup code with the appropriate size parameters */ + buf[0x1f1] = setup_sectors-1; diff --git a/queue-4.4/x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch b/queue-4.4/x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch new file mode 100644 index 00000000000..9c902694b37 --- /dev/null +++ b/queue-4.4/x86-fpu-remove-second-definition-of-fpu-in-__fpu__restore_sig.patch @@ -0,0 +1,47 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Sebastian Andrzej Siewior +Date: Tue, 16 Oct 2018 22:25:24 +0200 +Subject: x86/fpu: Remove second definition of fpu in __fpu__restore_sig() + +From: Sebastian Andrzej Siewior + +[ Upstream commit 6aa676761d4c1acfa31320e55fa1f83f3fcbbc7a ] + +Commit: + + c5bedc6847c3b ("x86/fpu: Get rid of PF_USED_MATH usage, convert it to fpu->fpstate_active") + +introduced the 'fpu' variable at top of __restore_xstate_sig(), +which now shadows the other definition: + + arch/x86/kernel/fpu/signal.c:318:28: warning: symbol 'fpu' shadows an earlier one + arch/x86/kernel/fpu/signal.c:271:20: originally declared here + +Remove the shadowed definition of 'fpu', as the two definitions are the same. + +Signed-off-by: Sebastian Andrzej Siewior +Reviewed-by: Andy Lutomirski +Cc: Borislav Petkov +Cc: Dave Hansen +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: c5bedc6847c3b ("x86/fpu: Get rid of PF_USED_MATH usage, convert it to fpu->fpstate_active") +Link: http://lkml.kernel.org/r/20181016202525.29437-3-bigeasy@linutronix.de +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/fpu/signal.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/arch/x86/kernel/fpu/signal.c ++++ b/arch/x86/kernel/fpu/signal.c +@@ -294,7 +294,6 @@ static int __fpu__restore_sig(void __use + * thread's fpu state, reconstruct fxstate from the fsave + * header. Sanitize the copied state etc. + */ +- struct fpu *fpu = &tsk->thread.fpu; + struct user_i387_ia32_struct env; + int err = 0; + diff --git a/queue-4.4/x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch b/queue-4.4/x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch new file mode 100644 index 00000000000..8290e1413c0 --- /dev/null +++ b/queue-4.4/x86-olpc-indicate-that-legacy-pc-xo-1-platform-should-not-register-rtc.patch @@ -0,0 +1,71 @@ +From foo@baz Sat Nov 10 11:34:22 PST 2018 +From: Lubomir Rintel +Date: Thu, 4 Oct 2018 18:08:08 +0200 +Subject: x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC + +From: Lubomir Rintel + +[ Upstream commit d92116b800fb79a72ad26121f5011f6aa3ad94c2 ] + +On OLPC XO-1, the RTC is discovered via device tree from the arch +initcall. Don't let the PC platform register another one from its device +initcall, it's not going to work: + + sysfs: cannot create duplicate filename '/devices/platform/rtc_cmos' + CPU: 0 PID: 1 Comm: swapper Not tainted 4.19.0-rc6 #12 + Hardware name: OLPC XO/XO, BIOS OLPC Ver 1.00.01 06/11/2014 + Call Trace: + dump_stack+0x16/0x18 + sysfs_warn_dup+0x46/0x58 + sysfs_create_dir_ns+0x76/0x9b + kobject_add_internal+0xed/0x209 + ? __schedule+0x3fa/0x447 + kobject_add+0x5b/0x66 + device_add+0x298/0x535 + ? insert_resource_conflict+0x2a/0x3e + platform_device_add+0x14d/0x192 + ? io_delay_init+0x19/0x19 + platform_device_register+0x1c/0x1f + add_rtc_cmos+0x16/0x31 + do_one_initcall+0x78/0x14a + ? do_early_param+0x75/0x75 + kernel_init_freeable+0x152/0x1e0 + ? rest_init+0xa2/0xa2 + kernel_init+0x8/0xd5 + ret_from_fork+0x2e/0x38 + kobject_add_internal failed for rtc_cmos with -EEXIST, don't try to + register things with the same name in the same directory. + platform rtc_cmos: registered platform RTC device (no PNP device found) + +Signed-off-by: Lubomir Rintel +Signed-off-by: Borislav Petkov +Acked-by: Thomas Gleixner +CC: "H. Peter Anvin" +CC: Ingo Molnar +CC: x86-ml +Link: http://lkml.kernel.org/r/20181004160808.307738-1-lkundrak@v3.sk +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/platform/olpc/olpc-xo1-rtc.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/x86/platform/olpc/olpc-xo1-rtc.c ++++ b/arch/x86/platform/olpc/olpc-xo1-rtc.c +@@ -16,6 +16,7 @@ + + #include + #include ++#include + + static void rtc_wake_on(struct device *dev) + { +@@ -75,6 +76,8 @@ static int __init xo1_rtc_init(void) + if (r) + return r; + ++ x86_platform.legacy.rtc = 0; ++ + device_init_wakeup(&xo1_rtc_device.dev, 1); + return 0; + }