From 85d0a93a244981d6d062c562052970cfe8e5f286 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sat, 21 Dec 2019 21:37:23 -0500 Subject: [PATCH] fixes for 4.9 Signed-off-by: Sasha Levin --- ...-limit-max-amount-of-slave-instances.patch | 70 +++++ ...e-the-waiting-time-for-cpu_psci_cpu_.patch | 73 +++++ ...ark-reg-rt5677_pwr_anlg2-as-volatile.patch | 43 +++ ...-get-invalid-tx-rate-for-mesh-metric.patch | 42 +++ ...oth-fix-advertising-duplicated-flags.patch | 60 ++++ ...i_core-fix-init-for-hci_user_channel.patch | 52 ++++ ...-communication-over-multi-cos-queues.patch | 54 ++++ ...aturely-free-work-in-end_workqueue_f.patch | 54 ++++ ...aturely-free-work-in-reada_start_mac.patch | 66 +++++ ...aturely-free-work-in-run_ordered_wor.patch | 154 +++++++++++ ...-drivers-only-after-cpu-devices-have.patch | 69 +++++ ...fix-64-bit-size_t-warnings-on-sun4i-.patch | 61 +++++ ...rypto-vmx-avoid-weird-build-failures.patch | 67 +++++ ...gix-anx78xx-silence-eprobe_defer-war.patch | 50 ++++ ...emory-disclosures-due-to-uninitializ.patch | 44 +++ ...t-fix-query_payload-ack-reply-struct.patch | 47 ++++ .../edac-ghes-fix-grain-calculation.patch | 95 +++++++ ...eset-registers-during-initialization.patch | 63 +++++ ...-make-sure-string-is-null-terminated.patch | 46 ++++ ...call-clk_disable_unprepare-on-exit-o.patch | 50 ++++ ...d-protection_sg-size-by-data_sg-size.patch | 40 +++ ...x1027-reset-the-device-at-probe-time.patch | 42 +++ ...-resolve-compiler-warning-and-make-c.patch | 55 ++++ ...iwlwifi-check-kasprintf-return-value.patch | 52 ++++ ...-fix-unaligned-read-of-rx_pkt_status.patch | 50 ++++ ...a_port-probe-has-completed-before-de.patch | 95 +++++++ ...a-potential-null-pointer-dereference.patch | 45 +++ ...x-memory-leakage-in-copy_filter_type.patch | 55 ++++ ...e-setting-std-to-current-value-is-no.patch | 40 +++ ...ia-cec-funcs.h-add-status_req-checks.patch | 54 ++++ ...b-fix-null-ptr-deref-in-flexcop_usb_.patch | 46 ++++ ...659-fix-missing-720p-register-config.patch | 48 ++++ ...i2c-ov2659-fix-s_stream-return-value.patch | 49 ++++ ...-stored-frame-format-not-in-sync-wit.patch | 71 +++++ ...x-oops-on-tear-down-when-radio-suppo.patch | 60 ++++ ...-i2c-add-missed-operations-in-remove.patch | 37 +++ ...-fix-a-v4l2-compliance-failure-about.patch | 51 ++++ ...-fix-a-v4l2-compliance-warning-about.patch | 82 ++++++ ...-make-sure-yuyv-is-set-as-default-fo.patch | 53 ++++ ..._cap_erase-to-allow-erase-discard-tr.patch | 73 +++++ ...-memory-leak-in-mwifiex_pcie_init_ev.patch | 42 +++ ...alise-phydev-speed-and-duplex-sanely.patch | 46 ++++ ...d-lowlevel-driver-if-ports-not-found.patch | 72 +++++ ...s-does-not-support-aux-area-sampling.patch | 54 ++++ ...otential-memory-leak-when-handling-t.patch | 85 ++++++ ...r-out-instances-except-for-inlined-s.patch | 122 +++++++++ ...to-find-range-only-function-instance.patch | 50 ++++ ...o-list-probe-event-with-correct-line.patch | 78 ++++++ ...o-probe-a-function-which-has-no-entr.patch | 96 +++++++ ...o-probe-an-inline-function-which-has.patch | 72 +++++ ...o-show-calling-lines-of-inlined-func.patch | 122 +++++++++ ...o-show-inlined-function-callsite-wit.patch | 112 ++++++++ ...o-show-ranges-of-variables-in-functi.patch | 98 +++++++ ...n-a-better-scope-die-if-there-is-no-.patch | 84 ++++++ ...end-of-sequence-and-non-statement-li.patch | 145 ++++++++++ ...overlapped-location-on-searching-var.patch | 104 +++++++ ...alk-function-lines-in-lexical-blocks.patch | 76 ++++++ ...warning-when-libunwind-not-compiled-.patch | 58 ++++ ...-test-report-failure-for-mmap-events.patch | 43 +++ ...-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch | 64 +++++ ...7-fix-the-usage-of-uninitialized-var.patch | 65 +++++ ...8723bu-connection-failure-issue-afte.patch | 73 +++++ ...ry-leak-in-rtl92c_set_fw_rsvdpagepkt.patch | 64 +++++ ...prevent-memory-leak-in-rtl_usb_probe.patch | 47 ++++ ...ler-don-t-hide-instruction-addresses.patch | 73 +++++ ...ix-proc_cmd-command-result-check-log.patch | 82 ++++++ queue-4.9/series | 81 ++++++ ...spi_slave_abort-function-when-spidev.patch | 50 ++++ ...mg-spfi-fix-potential-double-release.patch | 39 +++ ...pi-pxa2xx-add-missed-security-checks.patch | 45 +++ ...t-ssc4-add-missed-pm_runtime_disable.patch | 45 +++ ...gra20-slink-add-missed-clk_unprepare.patch | 53 ++++ ...8188eu-fix-possible-null-dereference.patch | 54 ++++ ...-fix-multiple-memory-leaks-on-error-.patch | 72 +++++ ...ower-fix-initializer-override-in-hsw.patch | 63 +++++ ...s-add-suspend-event-support-in-gadge.patch | 89 ++++++ ...ss-problematic-bind-and-unbind-ueven.patch | 82 ++++++ ...forward-declaration-of-struct-kimage.patch | 72 +++++ ...e-intel-instructions-to-the-opcode-m.patch | 258 ++++++++++++++++++ ...nt-inconsistent-state-when-moving-an.patch | 81 ++++++ ...rottling-mce-messages-priority-to-wa.patch | 67 +++++ ...orrect-function-type-for-native_set_.patch | 65 +++++ 82 files changed, 5601 insertions(+) create mode 100644 queue-4.9/alsa-timer-limit-max-amount-of-slave-instances.patch create mode 100644 queue-4.9/arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch create mode 100644 queue-4.9/asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch create mode 100644 queue-4.9/ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch create mode 100644 queue-4.9/bluetooth-fix-advertising-duplicated-flags.patch create mode 100644 queue-4.9/bluetooth-hci_core-fix-init-for-hci_user_channel.patch create mode 100644 queue-4.9/bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch create mode 100644 queue-4.9/btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch create mode 100644 queue-4.9/btrfs-don-t-prematurely-free-work-in-reada_start_mac.patch create mode 100644 queue-4.9/btrfs-don-t-prematurely-free-work-in-run_ordered_wor.patch create mode 100644 queue-4.9/cpufreq-register-drivers-only-after-cpu-devices-have.patch create mode 100644 queue-4.9/crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch create mode 100644 queue-4.9/crypto-vmx-avoid-weird-build-failures.patch create mode 100644 queue-4.9/drm-bridge-analogix-anx78xx-silence-eprobe_defer-war.patch create mode 100644 queue-4.9/drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch create mode 100644 queue-4.9/drm-mst-fix-query_payload-ack-reply-struct.patch create mode 100644 queue-4.9/edac-ghes-fix-grain-calculation.patch create mode 100644 queue-4.9/extcon-sm5502-reset-registers-during-initialization.patch create mode 100644 queue-4.9/fbtft-make-sure-string-is-null-terminated.patch create mode 100644 queue-4.9/hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch create mode 100644 queue-4.9/ib-iser-bound-protection_sg-size-by-data_sg-size.patch create mode 100644 queue-4.9/iio-adc-max1027-reset-the-device-at-probe-time.patch create mode 100644 queue-4.9/iio-light-bh1750-resolve-compiler-warning-and-make-c.patch create mode 100644 queue-4.9/iwlwifi-check-kasprintf-return-value.patch create mode 100644 queue-4.9/iwlwifi-mvm-fix-unaligned-read-of-rx_pkt_status.patch create mode 100644 queue-4.9/libata-ensure-ata_port-probe-has-completed-before-de.patch create mode 100644 queue-4.9/libertas-fix-a-potential-null-pointer-dereference.patch create mode 100644 queue-4.9/libtraceevent-fix-memory-leakage-in-copy_filter_type.patch create mode 100644 queue-4.9/media-am437x-vpfe-setting-std-to-current-value-is-no.patch create mode 100644 queue-4.9/media-cec-funcs.h-add-status_req-checks.patch create mode 100644 queue-4.9/media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch create mode 100644 queue-4.9/media-i2c-ov2659-fix-missing-720p-register-config.patch create mode 100644 queue-4.9/media-i2c-ov2659-fix-s_stream-return-value.patch create mode 100644 queue-4.9/media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch create mode 100644 queue-4.9/media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch create mode 100644 queue-4.9/media-si470x-i2c-add-missed-operations-in-remove.patch create mode 100644 queue-4.9/media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch create mode 100644 queue-4.9/media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch create mode 100644 queue-4.9/media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch create mode 100644 queue-4.9/mmc-tmio-add-mmc_cap_erase-to-allow-erase-discard-tr.patch create mode 100644 queue-4.9/mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch create mode 100644 queue-4.9/net-phy-initialise-phydev-speed-and-duplex-sanely.patch create mode 100644 queue-4.9/parport-load-lowlevel-driver-if-ports-not-found.patch create mode 100644 queue-4.9/perf-intel-bts-does-not-support-aux-area-sampling.patch create mode 100644 queue-4.9/perf-parse-fix-potential-memory-leak-when-handling-t.patch create mode 100644 queue-4.9/perf-probe-filter-out-instances-except-for-inlined-s.patch create mode 100644 queue-4.9/perf-probe-fix-to-find-range-only-function-instance.patch create mode 100644 queue-4.9/perf-probe-fix-to-list-probe-event-with-correct-line.patch create mode 100644 queue-4.9/perf-probe-fix-to-probe-a-function-which-has-no-entr.patch create mode 100644 queue-4.9/perf-probe-fix-to-probe-an-inline-function-which-has.patch create mode 100644 queue-4.9/perf-probe-fix-to-show-calling-lines-of-inlined-func.patch create mode 100644 queue-4.9/perf-probe-fix-to-show-inlined-function-callsite-wit.patch create mode 100644 queue-4.9/perf-probe-fix-to-show-ranges-of-variables-in-functi.patch create mode 100644 queue-4.9/perf-probe-return-a-better-scope-die-if-there-is-no-.patch create mode 100644 queue-4.9/perf-probe-skip-end-of-sequence-and-non-statement-li.patch create mode 100644 queue-4.9/perf-probe-skip-overlapped-location-on-searching-var.patch create mode 100644 queue-4.9/perf-probe-walk-function-lines-in-lexical-blocks.patch create mode 100644 queue-4.9/perf-report-add-warning-when-libunwind-not-compiled-.patch create mode 100644 queue-4.9/perf-test-report-failure-for-mmap-events.patch create mode 100644 queue-4.9/pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch create mode 100644 queue-4.9/regulator-max8907-fix-the-usage-of-uninitialized-var.patch create mode 100644 queue-4.9/rtl8xxxu-fix-rtl8723bu-connection-failure-issue-afte.patch create mode 100644 queue-4.9/rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch create mode 100644 queue-4.9/rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch create mode 100644 queue-4.9/s390-disassembler-don-t-hide-instruction-addresses.patch create mode 100644 queue-4.9/samples-pktgen-fix-proc_cmd-command-result-check-log.patch create mode 100644 queue-4.9/series create mode 100644 queue-4.9/spi-add-call-to-spi_slave_abort-function-when-spidev.patch create mode 100644 queue-4.9/spi-img-spfi-fix-potential-double-release.patch create mode 100644 queue-4.9/spi-pxa2xx-add-missed-security-checks.patch create mode 100644 queue-4.9/spi-st-ssc4-add-missed-pm_runtime_disable.patch create mode 100644 queue-4.9/spi-tegra20-slink-add-missed-clk_unprepare.patch create mode 100644 queue-4.9/staging-rtl8188eu-fix-possible-null-dereference.patch create mode 100644 queue-4.9/staging-rtl8192u-fix-multiple-memory-leaks-on-error-.patch create mode 100644 queue-4.9/tools-power-cpupower-fix-initializer-override-in-hsw.patch create mode 100644 queue-4.9/usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch create mode 100644 queue-4.9/usb-usbfs-suppress-problematic-bind-and-unbind-ueven.patch create mode 100644 queue-4.9/x86-crash-add-a-forward-declaration-of-struct-kimage.patch create mode 100644 queue-4.9/x86-insn-add-some-intel-instructions-to-the-opcode-m.patch create mode 100644 queue-4.9/x86-ioapic-prevent-inconsistent-state-when-moving-an.patch create mode 100644 queue-4.9/x86-mce-lower-throttling-mce-messages-priority-to-wa.patch create mode 100644 queue-4.9/x86-mm-use-the-correct-function-type-for-native_set_.patch diff --git a/queue-4.9/alsa-timer-limit-max-amount-of-slave-instances.patch b/queue-4.9/alsa-timer-limit-max-amount-of-slave-instances.patch new file mode 100644 index 00000000000..b762f1909c1 --- /dev/null +++ b/queue-4.9/alsa-timer-limit-max-amount-of-slave-instances.patch @@ -0,0 +1,70 @@ +From e49aa3f8a2933eac7b0740c415967cb9d16b3892 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 16:42:57 +0100 +Subject: ALSA: timer: Limit max amount of slave instances + +From: Takashi Iwai + +[ Upstream commit fdea53fe5de532969a332d6e5e727f2ad8bf084d ] + +The fuzzer tries to open the timer instances as much as possible, and +this may cause a system hiccup easily. We've already introduced the +cap for the max number of available instances for the h/w timers, and +we should put such a limit also to the slave timers, too. + +This patch introduces the limit to the multiple opened slave timers. +The upper limit is hard-coded to 1000 for now, which should suffice +for any practical usages up to now. + +Link: https://lore.kernel.org/r/20191106154257.5853-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/core/timer.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/sound/core/timer.c b/sound/core/timer.c +index e944d27f79c3..f8a4b2a2f8f6 100644 +--- a/sound/core/timer.c ++++ b/sound/core/timer.c +@@ -87,6 +87,9 @@ static LIST_HEAD(snd_timer_slave_list); + /* lock for slave active lists */ + static DEFINE_SPINLOCK(slave_active_lock); + ++#define MAX_SLAVE_INSTANCES 1000 ++static int num_slaves; ++ + static DEFINE_MUTEX(register_mutex); + + static int snd_timer_free(struct snd_timer *timer); +@@ -265,6 +268,10 @@ int snd_timer_open(struct snd_timer_instance **ti, + err = -EINVAL; + goto unlock; + } ++ if (num_slaves >= MAX_SLAVE_INSTANCES) { ++ err = -EBUSY; ++ goto unlock; ++ } + timeri = snd_timer_instance_new(owner, NULL); + if (!timeri) { + err = -ENOMEM; +@@ -274,6 +281,7 @@ int snd_timer_open(struct snd_timer_instance **ti, + timeri->slave_id = tid->device; + timeri->flags |= SNDRV_TIMER_IFLG_SLAVE; + list_add_tail(&timeri->open_list, &snd_timer_slave_list); ++ num_slaves++; + err = snd_timer_check_slave(timeri); + if (err < 0) { + snd_timer_close_locked(timeri, &card_dev_to_put); +@@ -363,6 +371,8 @@ static int snd_timer_close_locked(struct snd_timer_instance *timeri, + struct snd_timer_instance *slave, *tmp; + + list_del(&timeri->open_list); ++ if (timeri->flags & SNDRV_TIMER_IFLG_SLAVE) ++ num_slaves--; + + /* force to stop the timer */ + snd_timer_stop(timeri); +-- +2.20.1 + diff --git a/queue-4.9/arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch b/queue-4.9/arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch new file mode 100644 index 00000000000..b7629cf7059 --- /dev/null +++ b/queue-4.9/arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch @@ -0,0 +1,73 @@ +From 87d3892f4c323ed3dde3101f5765e0ea95dfedd4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 21 Oct 2019 19:31:21 +0800 +Subject: arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() + +From: Yunfeng Ye + +[ Upstream commit bfcef4ab1d7ee8921bc322109b1692036cc6cbe0 ] + +In cases like suspend-to-disk and suspend-to-ram, a large number of CPU +cores need to be shut down. At present, the CPU hotplug operation is +serialised, and the CPU cores can only be shut down one by one. In this +process, if PSCI affinity_info() does not return LEVEL_OFF quickly, +cpu_psci_cpu_kill() needs to wait for 10ms. If hundreds of CPU cores +need to be shut down, it will take a long time. + +Normally, there is no need to wait 10ms in cpu_psci_cpu_kill(). So +change the wait interval from 10 ms to max 1 ms and use usleep_range() +instead of msleep() for more accurate timer. + +In addition, reducing the time interval will increase the messages +output, so remove the "Retry ..." message, instead, track time and +output to the the sucessful message. + +Signed-off-by: Yunfeng Ye +Reviewed-by: Sudeep Holla +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/psci.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/arch/arm64/kernel/psci.c b/arch/arm64/kernel/psci.c +index 42816bebb1e0..e3713d6fb8e0 100644 +--- a/arch/arm64/kernel/psci.c ++++ b/arch/arm64/kernel/psci.c +@@ -83,7 +83,8 @@ static void cpu_psci_cpu_die(unsigned int cpu) + + static int cpu_psci_cpu_kill(unsigned int cpu) + { +- int err, i; ++ int err; ++ unsigned long start, end; + + if (!psci_ops.affinity_info) + return 0; +@@ -93,16 +94,18 @@ static int cpu_psci_cpu_kill(unsigned int cpu) + * while it is dying. So, try again a few times. + */ + +- for (i = 0; i < 10; i++) { ++ start = jiffies; ++ end = start + msecs_to_jiffies(100); ++ do { + err = psci_ops.affinity_info(cpu_logical_map(cpu), 0); + if (err == PSCI_0_2_AFFINITY_LEVEL_OFF) { +- pr_info("CPU%d killed.\n", cpu); ++ pr_info("CPU%d killed (polled %d ms)\n", cpu, ++ jiffies_to_msecs(jiffies - start)); + return 0; + } + +- msleep(10); +- pr_info("Retrying again to check for CPU kill\n"); +- } ++ usleep_range(100, 1000); ++ } while (time_before(jiffies, end)); + + pr_warn("CPU%d may not have shut down cleanly (AFFINITY_INFO reports %d)\n", + cpu, err); +-- +2.20.1 + diff --git a/queue-4.9/asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch b/queue-4.9/asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch new file mode 100644 index 00000000000..f3ad32ae807 --- /dev/null +++ b/queue-4.9/asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch @@ -0,0 +1,43 @@ +From 9f6b17fe99901e4518c706cc9e905a597b07403b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 17:13:30 -0800 +Subject: ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile + +From: Ben Zhang + +[ Upstream commit eabf424f7b60246c76dcb0ea6f1e83ef9abbeaa6 ] + +The codec dies when RT5677_PWR_ANLG2(MX-64h) is set to 0xACE1 +while it's streaming audio over SPI. The DSP firmware turns +on PLL2 (MX-64 bit 8) when SPI streaming starts. However regmap +does not believe that register can change by itself. When +BST1 (bit 15) is turned on with regmap_update_bits(), it doesn't +read the register first before write, so PLL2 power bit is +cleared by accident. + +Marking MX-64h as volatile in regmap solved the issue. + +Signed-off-by: Ben Zhang +Signed-off-by: Curtis Malainey +Link: https://lore.kernel.org/r/20191106011335.223061-6-cujomalainey@chromium.org +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt5677.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/soc/codecs/rt5677.c b/sound/soc/codecs/rt5677.c +index 65ac4518ad06..49ab26e69f2f 100644 +--- a/sound/soc/codecs/rt5677.c ++++ b/sound/soc/codecs/rt5677.c +@@ -305,6 +305,7 @@ static bool rt5677_volatile_register(struct device *dev, unsigned int reg) + case RT5677_I2C_MASTER_CTRL7: + case RT5677_I2C_MASTER_CTRL8: + case RT5677_HAP_GENE_CTRL2: ++ case RT5677_PWR_ANLG2: /* Modified by DSP firmware */ + case RT5677_PWR_DSP_ST: + case RT5677_PRIV_DATA: + case RT5677_ASRC_22: +-- +2.20.1 + diff --git a/queue-4.9/ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch b/queue-4.9/ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch new file mode 100644 index 00000000000..51950bbf5c1 --- /dev/null +++ b/queue-4.9/ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch @@ -0,0 +1,42 @@ +From 0ea12f77eb1f49f976ccc7a504550ba0a917c723 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 20:04:37 +0200 +Subject: ath10k: fix get invalid tx rate for Mesh metric + +From: Miaoqing Pan + +[ Upstream commit 05a11003a56507023f18d3249a4d4d119c0a3e9c ] + +ath10k does not provide transmit rate info per MSDU +in tx completion, mark that as -1 so mac80211 +will ignore the rates. This fixes mac80211 update Mesh +link metric with invalid transmit rate info. + +Tested HW: QCA9984 +Tested FW: 10.4-3.9.0.2-00035 + +Signed-off-by: Hou Bao Hou +Signed-off-by: Anilkumar Kolli +Signed-off-by: Miaoqing Pan +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/ath/ath10k/txrx.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/wireless/ath/ath10k/txrx.c b/drivers/net/wireless/ath/ath10k/txrx.c +index 9852c5d51139..beeb6be06939 100644 +--- a/drivers/net/wireless/ath/ath10k/txrx.c ++++ b/drivers/net/wireless/ath/ath10k/txrx.c +@@ -99,6 +99,8 @@ int ath10k_txrx_tx_unref(struct ath10k_htt *htt, + + info = IEEE80211_SKB_CB(msdu); + memset(&info->status, 0, sizeof(info->status)); ++ info->status.rates[0].idx = -1; ++ + trace_ath10k_txrx_tx_unref(ar, tx_done->msdu_id); + + if (tx_done->status == HTT_TX_COMPL_STATE_DISCARD) { +-- +2.20.1 + diff --git a/queue-4.9/bluetooth-fix-advertising-duplicated-flags.patch b/queue-4.9/bluetooth-fix-advertising-duplicated-flags.patch new file mode 100644 index 00000000000..d1a6b2c6666 --- /dev/null +++ b/queue-4.9/bluetooth-fix-advertising-duplicated-flags.patch @@ -0,0 +1,60 @@ +From 4168dd2f8bca7b9405cb65690de7d01b9ced513b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 3 Nov 2019 23:58:15 +0200 +Subject: Bluetooth: Fix advertising duplicated flags + +From: Luiz Augusto von Dentz + +[ Upstream commit 6012b9346d8959194c239fd60a62dfec98d43048 ] + +Instances may have flags set as part of its data in which case the code +should not attempt to add it again otherwise it can cause duplication: + +< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 35 + Handle: 0x00 + Operation: Complete extended advertising data (0x03) + Fragment preference: Minimize fragmentation (0x01) + Data length: 0x06 + Flags: 0x04 + BR/EDR Not Supported + Flags: 0x06 + LE General Discoverable Mode + BR/EDR Not Supported + +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Johan Hedberg +Signed-off-by: Sasha Levin +--- + net/bluetooth/hci_request.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/net/bluetooth/hci_request.c b/net/bluetooth/hci_request.c +index 1015d9c8d97d..4a89e121d662 100644 +--- a/net/bluetooth/hci_request.c ++++ b/net/bluetooth/hci_request.c +@@ -1093,6 +1093,14 @@ static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr) + + instance_flags = get_adv_instance_flags(hdev, instance); + ++ /* If instance already has the flags set skip adding it once ++ * again. ++ */ ++ if (adv_instance && eir_get_data(adv_instance->adv_data, ++ adv_instance->adv_data_len, EIR_FLAGS, ++ NULL)) ++ goto skip_flags; ++ + /* The Add Advertising command allows userspace to set both the general + * and limited discoverable flags. + */ +@@ -1125,6 +1133,7 @@ static u8 create_instance_adv_data(struct hci_dev *hdev, u8 instance, u8 *ptr) + } + } + ++skip_flags: + if (adv_instance) { + memcpy(ptr, adv_instance->adv_data, + adv_instance->adv_data_len); +-- +2.20.1 + diff --git a/queue-4.9/bluetooth-hci_core-fix-init-for-hci_user_channel.patch b/queue-4.9/bluetooth-hci_core-fix-init-for-hci_user_channel.patch new file mode 100644 index 00000000000..f03b9e8c538 --- /dev/null +++ b/queue-4.9/bluetooth-hci_core-fix-init-for-hci_user_channel.patch @@ -0,0 +1,52 @@ +From 1d02c955ba91df1daf3622daff6aa822fbc024b9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Oct 2019 20:20:39 -0700 +Subject: Bluetooth: hci_core: fix init for HCI_USER_CHANNEL + +From: Mattijs Korpershoek + +[ Upstream commit eb8c101e28496888a0dcfe16ab86a1bee369e820 ] + +During the setup() stage, HCI device drivers expect the chip to +acknowledge its setup() completion via vendor specific frames. + +If userspace opens() such HCI device in HCI_USER_CHANNEL [1] mode, +the vendor specific frames are never tranmitted to the driver, as +they are filtered in hci_rx_work(). + +Allow HCI devices which operate in HCI_USER_CHANNEL mode to receive +frames if the HCI device is is HCI_INIT state. + +[1] https://www.spinics.net/lists/linux-bluetooth/msg37345.html + +Fixes: 23500189d7e0 ("Bluetooth: Introduce new HCI socket channel for user operation") +Signed-off-by: Mattijs Korpershoek +Signed-off-by: Marcel Holtmann +Signed-off-by: Sasha Levin +--- + net/bluetooth/hci_core.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c +index 4bd72d2fe415..a70b078ceb3c 100644 +--- a/net/bluetooth/hci_core.c ++++ b/net/bluetooth/hci_core.c +@@ -4180,7 +4180,14 @@ static void hci_rx_work(struct work_struct *work) + hci_send_to_sock(hdev, skb); + } + +- if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL)) { ++ /* If the device has been opened in HCI_USER_CHANNEL, ++ * the userspace has exclusive access to device. ++ * When device is HCI_INIT, we still need to process ++ * the data packets to the driver in order ++ * to complete its setup(). ++ */ ++ if (hci_dev_test_flag(hdev, HCI_USER_CHANNEL) && ++ !test_bit(HCI_INIT, &hdev->flags)) { + kfree_skb(skb); + continue; + } +-- +2.20.1 + diff --git a/queue-4.9/bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch b/queue-4.9/bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch new file mode 100644 index 00000000000..178be612943 --- /dev/null +++ b/queue-4.9/bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch @@ -0,0 +1,54 @@ +From 680dbcd0b12eee85dd814219e79bfea9b2f63d57 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 4 Nov 2019 21:51:11 -0800 +Subject: bnx2x: Fix PF-VF communication over multi-cos queues. + +From: Manish Chopra + +[ Upstream commit dc5a3d79c345871439ffe72550b604fcde9770e1 ] + +PF driver doesn't enable tx-switching for all cos queues/clients, +which causes packets drop from PF to VF. Fix this by enabling +tx-switching on all cos queues/clients. + +Signed-off-by: Manish Chopra +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + .../net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c +index c6e059119b22..e8a09d0afe1c 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c +@@ -2376,15 +2376,21 @@ static int bnx2x_set_pf_tx_switching(struct bnx2x *bp, bool enable) + /* send the ramrod on all the queues of the PF */ + for_each_eth_queue(bp, i) { + struct bnx2x_fastpath *fp = &bp->fp[i]; ++ int tx_idx; + + /* Set the appropriate Queue object */ + q_params.q_obj = &bnx2x_sp_obj(bp, fp).q_obj; + +- /* Update the Queue state */ +- rc = bnx2x_queue_state_change(bp, &q_params); +- if (rc) { +- BNX2X_ERR("Failed to configure Tx switching\n"); +- return rc; ++ for (tx_idx = FIRST_TX_COS_INDEX; ++ tx_idx < fp->max_cos; tx_idx++) { ++ q_params.params.update.cid_index = tx_idx; ++ ++ /* Update the Queue state */ ++ rc = bnx2x_queue_state_change(bp, &q_params); ++ if (rc) { ++ BNX2X_ERR("Failed to configure Tx switching\n"); ++ return rc; ++ } + } + } + +-- +2.20.1 + diff --git a/queue-4.9/btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch b/queue-4.9/btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch new file mode 100644 index 00000000000..fabdb7c1e72 --- /dev/null +++ b/queue-4.9/btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch @@ -0,0 +1,54 @@ +From c3a4e975eae8b17a73214dbda79e3eb90b947806 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Sep 2019 11:30:54 -0700 +Subject: btrfs: don't prematurely free work in end_workqueue_fn() + +From: Omar Sandoval + +[ Upstream commit 9be490f1e15c34193b1aae17da58e14dd9f55a95 ] + +Currently, end_workqueue_fn() frees the end_io_wq entry (which embeds +the work item) and then calls bio_endio(). This is another potential +instance of the bug in "btrfs: don't prematurely free work in +run_ordered_work()". + +In particular, the endio call may depend on other work items. For +example, btrfs_end_dio_bio() can call btrfs_subio_endio_read() -> +__btrfs_correct_data_nocsum() -> dio_read_error() -> +submit_dio_repair_bio(), which submits a bio that is also completed +through a end_workqueue_fn() work item. However, +__btrfs_correct_data_nocsum() waits for the newly submitted bio to +complete, thus it depends on another work item. + +This example currently usually works because we use different workqueue +helper functions for BTRFS_WQ_ENDIO_DATA and BTRFS_WQ_ENDIO_DIO_REPAIR. +However, it may deadlock with stacked filesystems and is fragile +overall. The proper fix is to free the work item at the very end of the +work function, so let's do that. + +Reviewed-by: Johannes Thumshirn +Signed-off-by: Omar Sandoval +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/disk-io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c +index 9d3352fe8dc9..b37519241eb1 100644 +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -1712,8 +1712,8 @@ static void end_workqueue_fn(struct btrfs_work *work) + bio->bi_error = end_io_wq->error; + bio->bi_private = end_io_wq->private; + bio->bi_end_io = end_io_wq->end_io; +- kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); + bio_endio(bio); ++ kmem_cache_free(btrfs_end_io_wq_cache, end_io_wq); + } + + static int cleaner_kthread(void *arg) +-- +2.20.1 + diff --git a/queue-4.9/btrfs-don-t-prematurely-free-work-in-reada_start_mac.patch b/queue-4.9/btrfs-don-t-prematurely-free-work-in-reada_start_mac.patch new file mode 100644 index 00000000000..b71552d121f --- /dev/null +++ b/queue-4.9/btrfs-don-t-prematurely-free-work-in-reada_start_mac.patch @@ -0,0 +1,66 @@ +From c1606b16ad2ef060272ddc88b3727c23e09ea618 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Sep 2019 11:30:55 -0700 +Subject: btrfs: don't prematurely free work in reada_start_machine_worker() + +From: Omar Sandoval + +[ Upstream commit e732fe95e4cad35fc1df278c23a32903341b08b3 ] + +Currently, reada_start_machine_worker() frees the reada_machine_work and +then calls __reada_start_machine() to do readahead. This is another +potential instance of the bug in "btrfs: don't prematurely free work in +run_ordered_work()". + +There _might_ already be a deadlock here: reada_start_machine_worker() +can depend on itself through stacked filesystems (__read_start_machine() +-> reada_start_machine_dev() -> reada_tree_block_flagged() -> +read_extent_buffer_pages() -> submit_one_bio() -> +btree_submit_bio_hook() -> btrfs_map_bio() -> submit_stripe_bio() -> +submit_bio() onto a loop device can trigger readahead on the lower +filesystem). + +Either way, let's fix it by freeing the work at the end. + +Reviewed-by: Johannes Thumshirn +Signed-off-by: Omar Sandoval +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/reada.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/fs/btrfs/reada.c b/fs/btrfs/reada.c +index 94441fdb1ecf..0d1565d71231 100644 +--- a/fs/btrfs/reada.c ++++ b/fs/btrfs/reada.c +@@ -734,21 +734,19 @@ static int reada_start_machine_dev(struct btrfs_fs_info *fs_info, + static void reada_start_machine_worker(struct btrfs_work *work) + { + struct reada_machine_work *rmw; +- struct btrfs_fs_info *fs_info; + int old_ioprio; + + rmw = container_of(work, struct reada_machine_work, work); +- fs_info = rmw->fs_info; +- +- kfree(rmw); + + old_ioprio = IOPRIO_PRIO_VALUE(task_nice_ioclass(current), + task_nice_ioprio(current)); + set_task_ioprio(current, BTRFS_IOPRIO_READA); +- __reada_start_machine(fs_info); ++ __reada_start_machine(rmw->fs_info); + set_task_ioprio(current, old_ioprio); + +- atomic_dec(&fs_info->reada_works_cnt); ++ atomic_dec(&rmw->fs_info->reada_works_cnt); ++ ++ kfree(rmw); + } + + static void __reada_start_machine(struct btrfs_fs_info *fs_info) +-- +2.20.1 + diff --git a/queue-4.9/btrfs-don-t-prematurely-free-work-in-run_ordered_wor.patch b/queue-4.9/btrfs-don-t-prematurely-free-work-in-run_ordered_wor.patch new file mode 100644 index 00000000000..22fc7dbf912 --- /dev/null +++ b/queue-4.9/btrfs-don-t-prematurely-free-work-in-run_ordered_wor.patch @@ -0,0 +1,154 @@ +From e1f7a37ffecbe6cef2cc5f32f70db8895e7371b3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Sep 2019 11:30:53 -0700 +Subject: btrfs: don't prematurely free work in run_ordered_work() + +From: Omar Sandoval + +[ Upstream commit c495dcd6fbe1dce51811a76bb85b4675f6494938 ] + +We hit the following very strange deadlock on a system with Btrfs on a +loop device backed by another Btrfs filesystem: + +1. The top (loop device) filesystem queues an async_cow work item from + cow_file_range_async(). We'll call this work X. +2. Worker thread A starts work X (normal_work_helper()). +3. Worker thread A executes the ordered work for the top filesystem + (run_ordered_work()). +4. Worker thread A finishes the ordered work for work X and frees X + (work->ordered_free()). +5. Worker thread A executes another ordered work and gets blocked on I/O + to the bottom filesystem (still in run_ordered_work()). +6. Meanwhile, the bottom filesystem allocates and queues an async_cow + work item which happens to be the recently-freed X. +7. The workqueue code sees that X is already being executed by worker + thread A, so it schedules X to be executed _after_ worker thread A + finishes (see the find_worker_executing_work() call in + process_one_work()). + +Now, the top filesystem is waiting for I/O on the bottom filesystem, but +the bottom filesystem is waiting for the top filesystem to finish, so we +deadlock. + +This happens because we are breaking the workqueue assumption that a +work item cannot be recycled while it still depends on other work. Fix +it by waiting to free the work item until we are done with all of the +related ordered work. + +P.S.: + +One might ask why the workqueue code doesn't try to detect a recycled +work item. It actually does try by checking whether the work item has +the same work function (find_worker_executing_work()), but in our case +the function is the same. This is the only key that the workqueue code +has available to compare, short of adding an additional, layer-violating +"custom key". Considering that we're the only ones that have ever hit +this, we should just play by the rules. + +Unfortunately, we haven't been able to create a minimal reproducer other +than our full container setup using a compress-force=zstd filesystem on +top of another compress-force=zstd filesystem. + +Suggested-by: Tejun Heo +Reviewed-by: Johannes Thumshirn +Signed-off-by: Omar Sandoval +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/async-thread.c | 56 ++++++++++++++++++++++++++++++++--------- + 1 file changed, 44 insertions(+), 12 deletions(-) + +diff --git a/fs/btrfs/async-thread.c b/fs/btrfs/async-thread.c +index ff0b0be92d61..a3de11d52ad0 100644 +--- a/fs/btrfs/async-thread.c ++++ b/fs/btrfs/async-thread.c +@@ -265,16 +265,17 @@ out: + } + } + +-static void run_ordered_work(struct __btrfs_workqueue *wq) ++static void run_ordered_work(struct __btrfs_workqueue *wq, ++ struct btrfs_work *self) + { + struct list_head *list = &wq->ordered_list; + struct btrfs_work *work; + spinlock_t *lock = &wq->list_lock; + unsigned long flags; ++ void *wtag; ++ bool free_self = false; + + while (1) { +- void *wtag; +- + spin_lock_irqsave(lock, flags); + if (list_empty(list)) + break; +@@ -300,16 +301,47 @@ static void run_ordered_work(struct __btrfs_workqueue *wq) + list_del(&work->ordered_list); + spin_unlock_irqrestore(lock, flags); + +- /* +- * We don't want to call the ordered free functions with the +- * lock held though. Save the work as tag for the trace event, +- * because the callback could free the structure. +- */ +- wtag = work; +- work->ordered_free(work); +- trace_btrfs_all_work_done(wq->fs_info, wtag); ++ if (work == self) { ++ /* ++ * This is the work item that the worker is currently ++ * executing. ++ * ++ * The kernel workqueue code guarantees non-reentrancy ++ * of work items. I.e., if a work item with the same ++ * address and work function is queued twice, the second ++ * execution is blocked until the first one finishes. A ++ * work item may be freed and recycled with the same ++ * work function; the workqueue code assumes that the ++ * original work item cannot depend on the recycled work ++ * item in that case (see find_worker_executing_work()). ++ * ++ * Note that the work of one Btrfs filesystem may depend ++ * on the work of another Btrfs filesystem via, e.g., a ++ * loop device. Therefore, we must not allow the current ++ * work item to be recycled until we are really done, ++ * otherwise we break the above assumption and can ++ * deadlock. ++ */ ++ free_self = true; ++ } else { ++ /* ++ * We don't want to call the ordered free functions with ++ * the lock held though. Save the work as tag for the ++ * trace event, because the callback could free the ++ * structure. ++ */ ++ wtag = work; ++ work->ordered_free(work); ++ trace_btrfs_all_work_done(wq->fs_info, wtag); ++ } + } + spin_unlock_irqrestore(lock, flags); ++ ++ if (free_self) { ++ wtag = self; ++ self->ordered_free(self); ++ trace_btrfs_all_work_done(wq->fs_info, wtag); ++ } + } + + static void normal_work_helper(struct btrfs_work *work) +@@ -337,7 +369,7 @@ static void normal_work_helper(struct btrfs_work *work) + work->func(work); + if (need_order) { + set_bit(WORK_DONE_BIT, &work->flags); +- run_ordered_work(wq); ++ run_ordered_work(wq, work); + } + if (!need_order) + trace_btrfs_all_work_done(wq->fs_info, wtag); +-- +2.20.1 + diff --git a/queue-4.9/cpufreq-register-drivers-only-after-cpu-devices-have.patch b/queue-4.9/cpufreq-register-drivers-only-after-cpu-devices-have.patch new file mode 100644 index 00000000000..04283c62205 --- /dev/null +++ b/queue-4.9/cpufreq-register-drivers-only-after-cpu-devices-have.patch @@ -0,0 +1,69 @@ +From fac4d94e8828bcd1d7adc8ce470d068e2414b295 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Nov 2019 09:06:17 +0530 +Subject: cpufreq: Register drivers only after CPU devices have been registered + +From: Viresh Kumar + +[ Upstream commit 46770be0cf94149ca48be87719bda1d951066644 ] + +The cpufreq core heavily depends on the availability of the struct +device for CPUs and if they aren't available at the time cpufreq driver +is registered, we will never succeed in making cpufreq work. + +This happens due to following sequence of events: + +- cpufreq_register_driver() + - subsys_interface_register() + - return 0; //successful registration of driver + +... at a later point of time + +- register_cpu(); + - device_register(); + - bus_probe_device(); + - sif->add_dev(); + - cpufreq_add_dev(); + - get_cpu_device(); //FAILS + - per_cpu(cpu_sys_devices, num) = &cpu->dev; //used by get_cpu_device() + - return 0; //CPU registered successfully + +Because the per-cpu variable cpu_sys_devices is set only after the CPU +device is regsitered, cpufreq will never be able to get it when +cpufreq_add_dev() is called. + +This patch avoids this failure by making sure device structure of at +least CPU0 is available when the cpufreq driver is registered, else +return -EPROBE_DEFER. + +Reported-by: Bjorn Andersson +Co-developed-by: Amit Kucheria +Signed-off-by: Viresh Kumar +Tested-by: Amit Kucheria +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/cpufreq/cpufreq.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 063ce77df619..86d48f8c6a2e 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -2449,6 +2449,13 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) + if (cpufreq_disabled()) + return -ENODEV; + ++ /* ++ * The cpufreq core depends heavily on the availability of device ++ * structure, make sure they are available before proceeding further. ++ */ ++ if (!get_cpu_device(0)) ++ return -EPROBE_DEFER; ++ + if (!driver_data || !driver_data->verify || !driver_data->init || + !(driver_data->setpolicy || driver_data->target_index || + driver_data->target) || +-- +2.20.1 + diff --git a/queue-4.9/crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch b/queue-4.9/crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch new file mode 100644 index 00000000000..0294cee7165 --- /dev/null +++ b/queue-4.9/crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch @@ -0,0 +1,61 @@ +From f248817a5671a739f011e1e3487d06ea3b7df8f6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Nov 2019 11:49:06 +0100 +Subject: crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c + +From: Corentin Labbe + +[ Upstream commit a7126603d46fe8f01aeedf589e071c6aaa6c6c39 ] + +If you try to compile this driver on a 64-bit platform then you +will get warnings because it mixes size_t with unsigned int which +only works on 32-bit. + +This patch fixes all of the warnings on sun4i-ss-hash.c. +Signed-off-by: Corentin Labbe +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + drivers/crypto/sunxi-ss/sun4i-ss-hash.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c +index ec16ec2e284d..b2e683713539 100644 +--- a/drivers/crypto/sunxi-ss/sun4i-ss-hash.c ++++ b/drivers/crypto/sunxi-ss/sun4i-ss-hash.c +@@ -286,8 +286,8 @@ static int sun4i_hash(struct ahash_request *areq) + */ + while (op->len < 64 && i < end) { + /* how many bytes we can read from current SG */ +- in_r = min3(mi.length - in_i, end - i, +- 64 - op->len); ++ in_r = min(end - i, 64 - op->len); ++ in_r = min_t(size_t, mi.length - in_i, in_r); + memcpy(op->buf + op->len, mi.addr + in_i, in_r); + op->len += in_r; + i += in_r; +@@ -307,8 +307,8 @@ static int sun4i_hash(struct ahash_request *areq) + } + if (mi.length - in_i > 3 && i < end) { + /* how many bytes we can read from current SG */ +- in_r = min3(mi.length - in_i, areq->nbytes - i, +- ((mi.length - in_i) / 4) * 4); ++ in_r = min_t(size_t, mi.length - in_i, areq->nbytes - i); ++ in_r = min_t(size_t, ((mi.length - in_i) / 4) * 4, in_r); + /* how many bytes we can write in the device*/ + todo = min3((u32)(end - i) / 4, rx_cnt, (u32)in_r / 4); + writesl(ss->base + SS_RXFIFO, mi.addr + in_i, todo); +@@ -334,8 +334,8 @@ static int sun4i_hash(struct ahash_request *areq) + if ((areq->nbytes - i) < 64) { + while (i < areq->nbytes && in_i < mi.length && op->len < 64) { + /* how many bytes we can read from current SG */ +- in_r = min3(mi.length - in_i, areq->nbytes - i, +- 64 - op->len); ++ in_r = min(areq->nbytes - i, 64 - op->len); ++ in_r = min_t(size_t, mi.length - in_i, in_r); + memcpy(op->buf + op->len, mi.addr + in_i, in_r); + op->len += in_r; + i += in_r; +-- +2.20.1 + diff --git a/queue-4.9/crypto-vmx-avoid-weird-build-failures.patch b/queue-4.9/crypto-vmx-avoid-weird-build-failures.patch new file mode 100644 index 00000000000..7f202db430d --- /dev/null +++ b/queue-4.9/crypto-vmx-avoid-weird-build-failures.patch @@ -0,0 +1,67 @@ +From 7d193ddaf64bfcbd8a3851ad65b848aa655cd3e2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Nov 2019 22:27:38 +1100 +Subject: crypto: vmx - Avoid weird build failures + +From: Michael Ellerman + +[ Upstream commit 4ee812f6143d78d8ba1399671d78c8d78bf2817c ] + +In the vmx crypto Makefile we assign to a variable called TARGET and +pass that to the aesp8-ppc.pl and ghashp8-ppc.pl scripts. + +The variable is meant to describe what flavour of powerpc we're +building for, eg. either 32 or 64-bit, and big or little endian. + +Unfortunately TARGET is a fairly common name for a make variable, and +if it happens that TARGET is specified as a command line parameter to +make, the value specified on the command line will override our value. + +In particular this can happen if the kernel Makefile is driven by an +external Makefile that uses TARGET for something. + +This leads to weird build failures, eg: + nonsense at /build/linux/drivers/crypto/vmx/ghashp8-ppc.pl line 45. + /linux/drivers/crypto/vmx/Makefile:20: recipe for target 'drivers/crypto/vmx/ghashp8-ppc.S' failed + +Which shows that we passed an empty value for $(TARGET) to the perl +script, confirmed with make V=1: + + perl /linux/drivers/crypto/vmx/ghashp8-ppc.pl > drivers/crypto/vmx/ghashp8-ppc.S + +We can avoid this confusion by using override, to tell make that we +don't want anything to override our variable, even a value specified +on the command line. We can also use a less common name, given the +script calls it "flavour", let's use that. + +Signed-off-by: Michael Ellerman +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + drivers/crypto/vmx/Makefile | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/crypto/vmx/Makefile b/drivers/crypto/vmx/Makefile +index de6e241b0866..957377c309a9 100644 +--- a/drivers/crypto/vmx/Makefile ++++ b/drivers/crypto/vmx/Makefile +@@ -2,13 +2,13 @@ obj-$(CONFIG_CRYPTO_DEV_VMX_ENCRYPT) += vmx-crypto.o + vmx-crypto-objs := vmx.o aesp8-ppc.o ghashp8-ppc.o aes.o aes_cbc.o aes_ctr.o aes_xts.o ghash.o + + ifeq ($(CONFIG_CPU_LITTLE_ENDIAN),y) +-TARGET := linux-ppc64le ++override flavour := linux-ppc64le + else +-TARGET := linux-ppc64 ++override flavour := linux-ppc64 + endif + + quiet_cmd_perl = PERL $@ +- cmd_perl = $(PERL) $(<) $(TARGET) > $(@) ++ cmd_perl = $(PERL) $(<) $(flavour) > $(@) + + $(src)/aesp8-ppc.S: $(src)/aesp8-ppc.pl + $(call cmd,perl) +-- +2.20.1 + diff --git a/queue-4.9/drm-bridge-analogix-anx78xx-silence-eprobe_defer-war.patch b/queue-4.9/drm-bridge-analogix-anx78xx-silence-eprobe_defer-war.patch new file mode 100644 index 00000000000..abb3245a33a --- /dev/null +++ b/queue-4.9/drm-bridge-analogix-anx78xx-silence-eprobe_defer-war.patch @@ -0,0 +1,50 @@ +From 59662a9bdb677aeeffcdd2d190babe255477d42a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Aug 2019 20:48:46 -0400 +Subject: drm/bridge: analogix-anx78xx: silence -EPROBE_DEFER warnings + +From: Brian Masney + +[ Upstream commit 2708e876272d89bbbff811d12834adbeef85f022 ] + +Silence two warning messages that occur due to -EPROBE_DEFER errors to +help cleanup the system boot log. + +Signed-off-by: Brian Masney +Reviewed-by: Linus Walleij +Signed-off-by: Andrzej Hajda +Link: https://patchwork.freedesktop.org/patch/msgid/20190815004854.19860-4-masneyb@onstation.org +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/bridge/analogix-anx78xx.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/bridge/analogix-anx78xx.c b/drivers/gpu/drm/bridge/analogix-anx78xx.c +index a2a82366a771..eb97e88a103c 100644 +--- a/drivers/gpu/drm/bridge/analogix-anx78xx.c ++++ b/drivers/gpu/drm/bridge/analogix-anx78xx.c +@@ -725,7 +725,9 @@ static int anx78xx_init_pdata(struct anx78xx *anx78xx) + /* 1.0V digital core power regulator */ + pdata->dvdd10 = devm_regulator_get(dev, "dvdd10"); + if (IS_ERR(pdata->dvdd10)) { +- DRM_ERROR("DVDD10 regulator not found\n"); ++ if (PTR_ERR(pdata->dvdd10) != -EPROBE_DEFER) ++ DRM_ERROR("DVDD10 regulator not found\n"); ++ + return PTR_ERR(pdata->dvdd10); + } + +@@ -1344,7 +1346,9 @@ static int anx78xx_i2c_probe(struct i2c_client *client, + + err = anx78xx_init_pdata(anx78xx); + if (err) { +- DRM_ERROR("Failed to initialize pdata: %d\n", err); ++ if (err != -EPROBE_DEFER) ++ DRM_ERROR("Failed to initialize pdata: %d\n", err); ++ + return err; + } + +-- +2.20.1 + diff --git a/queue-4.9/drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch b/queue-4.9/drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch new file mode 100644 index 00000000000..87f8cd5bca3 --- /dev/null +++ b/queue-4.9/drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch @@ -0,0 +1,44 @@ +From 9e9043332a964a49f3d69dc1f2104325cbaa72f6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Oct 2019 23:41:50 -0500 +Subject: drm/gma500: fix memory disclosures due to uninitialized bytes + +From: Kangjie Lu + +[ Upstream commit ec3b7b6eb8c90b52f61adff11b6db7a8db34de19 ] + +"clock" may be copied to "best_clock". Initializing best_clock +is not sufficient. The fix initializes clock as well to avoid +memory disclosures and informaiton leaks. + +Signed-off-by: Kangjie Lu +Signed-off-by: Daniel Vetter +Link: https://patchwork.freedesktop.org/patch/msgid/20191018044150.1899-1-kjlu@umn.edu +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/gma500/oaktrail_crtc.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/gpu/drm/gma500/oaktrail_crtc.c b/drivers/gpu/drm/gma500/oaktrail_crtc.c +index da9fd34b9550..caa6da02206a 100644 +--- a/drivers/gpu/drm/gma500/oaktrail_crtc.c ++++ b/drivers/gpu/drm/gma500/oaktrail_crtc.c +@@ -139,6 +139,7 @@ static bool mrst_sdvo_find_best_pll(const struct gma_limit_t *limit, + s32 freq_error, min_error = 100000; + + memset(best_clock, 0, sizeof(*best_clock)); ++ memset(&clock, 0, sizeof(clock)); + + for (clock.m = limit->m.min; clock.m <= limit->m.max; clock.m++) { + for (clock.n = limit->n.min; clock.n <= limit->n.max; +@@ -195,6 +196,7 @@ static bool mrst_lvds_find_best_pll(const struct gma_limit_t *limit, + int err = target; + + memset(best_clock, 0, sizeof(*best_clock)); ++ memset(&clock, 0, sizeof(clock)); + + for (clock.m = limit->m.min; clock.m <= limit->m.max; clock.m++) { + for (clock.p1 = limit->p1.min; clock.p1 <= limit->p1.max; +-- +2.20.1 + diff --git a/queue-4.9/drm-mst-fix-query_payload-ack-reply-struct.patch b/queue-4.9/drm-mst-fix-query_payload-ack-reply-struct.patch new file mode 100644 index 00000000000..a5b46a77279 --- /dev/null +++ b/queue-4.9/drm-mst-fix-query_payload-ack-reply-struct.patch @@ -0,0 +1,47 @@ +From b035d4931309b3f847b52ac79b838674ffb7b4ff Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Aug 2019 12:52:19 -0400 +Subject: drm: mst: Fix query_payload ack reply struct + +From: Sean Paul + +[ Upstream commit 268de6530aa18fe5773062367fd119f0045f6e88 ] + +Spec says[1] Allocated_PBN is 16 bits + +[1]- DisplayPort 1.2 Spec, Section 2.11.9.8, Table 2-98 + +Fixes: ad7f8a1f9ced ("drm/helper: add Displayport multi-stream helper (v0.6)") +Cc: Lyude Paul +Cc: Todd Previte +Cc: Dave Airlie +Cc: Maarten Lankhorst +Cc: Maxime Ripard +Cc: Sean Paul +Cc: David Airlie +Cc: Daniel Vetter +Cc: dri-devel@lists.freedesktop.org +Reviewed-by: Lyude Paul +Signed-off-by: Sean Paul +Link: https://patchwork.freedesktop.org/patch/msgid/20190829165223.129662-1-sean@poorly.run +Signed-off-by: Sasha Levin +--- + include/drm/drm_dp_mst_helper.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/drm/drm_dp_mst_helper.h b/include/drm/drm_dp_mst_helper.h +index 003207670597..c0542de64690 100644 +--- a/include/drm/drm_dp_mst_helper.h ++++ b/include/drm/drm_dp_mst_helper.h +@@ -312,7 +312,7 @@ struct drm_dp_resource_status_notify { + + struct drm_dp_query_payload_ack_reply { + u8 port_number; +- u8 allocated_pbn; ++ u16 allocated_pbn; + }; + + struct drm_dp_sideband_msg_req_body { +-- +2.20.1 + diff --git a/queue-4.9/edac-ghes-fix-grain-calculation.patch b/queue-4.9/edac-ghes-fix-grain-calculation.patch new file mode 100644 index 00000000000..7c98c99e2de --- /dev/null +++ b/queue-4.9/edac-ghes-fix-grain-calculation.patch @@ -0,0 +1,95 @@ +From 036c1534d1898d19af5cb2b627a17a29c7736e02 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 09:33:23 +0000 +Subject: EDAC/ghes: Fix grain calculation + +From: Robert Richter + +[ Upstream commit 7088e29e0423d3195e09079b4f849ec4837e5a75 ] + +The current code to convert a physical address mask to a grain +(defined as granularity in bytes) is: + + e->grain = ~(mem_err->physical_addr_mask & ~PAGE_MASK); + +This is broken in several ways: + +1) It calculates to wrong grain values. E.g., a physical address mask +of ~0xfff should give a grain of 0x1000. Without considering +PAGE_MASK, there is an off-by-one. Things are worse when also +filtering it with ~PAGE_MASK. This will calculate to a grain with the +upper bits set. In the example it even calculates to ~0. + +2) The grain does not depend on and is unrelated to the kernel's +page-size. The page-size only matters when unmapping memory in +memory_failure(). Smaller grains are wrongly rounded up to the +page-size, on architectures with a configurable page-size (e.g. arm64) +this could round up to the even bigger page-size of the hypervisor. + +Fix this with: + + e->grain = ~mem_err->physical_addr_mask + 1; + +The grain_bits are defined as: + + grain = 1 << grain_bits; + +Change also the grain_bits calculation accordingly, it is the same +formula as in edac_mc.c now and the code can be unified. + +The value in ->physical_addr_mask coming from firmware is assumed to +be contiguous, but this is not sanity-checked. However, in case the +mask is non-contiguous, a conversion to grain_bits effectively +converts the grain bit mask to a power of 2 by rounding it up. + +Suggested-by: James Morse +Signed-off-by: Robert Richter +Signed-off-by: Borislav Petkov +Reviewed-by: Mauro Carvalho Chehab +Cc: "linux-edac@vger.kernel.org" +Cc: Tony Luck +Link: https://lkml.kernel.org/r/20191106093239.25517-11-rrichter@marvell.com +Signed-off-by: Sasha Levin +--- + drivers/edac/ghes_edac.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/drivers/edac/ghes_edac.c b/drivers/edac/ghes_edac.c +index e3fa4390f846..4ddbf6604e2a 100644 +--- a/drivers/edac/ghes_edac.c ++++ b/drivers/edac/ghes_edac.c +@@ -189,6 +189,7 @@ void ghes_edac_report_mem_error(struct ghes *ghes, int sev, + /* Cleans the error report buffer */ + memset(e, 0, sizeof (*e)); + e->error_count = 1; ++ e->grain = 1; + strcpy(e->label, "unknown label"); + e->msg = pvt->msg; + e->other_detail = pvt->other_detail; +@@ -284,7 +285,7 @@ void ghes_edac_report_mem_error(struct ghes *ghes, int sev, + + /* Error grain */ + if (mem_err->validation_bits & CPER_MEM_VALID_PA_MASK) +- e->grain = ~(mem_err->physical_addr_mask & ~PAGE_MASK); ++ e->grain = ~mem_err->physical_addr_mask + 1; + + /* Memory error location, mapped on e->location */ + p = e->location; +@@ -391,8 +392,13 @@ void ghes_edac_report_mem_error(struct ghes *ghes, int sev, + if (p > pvt->other_detail) + *(p - 1) = '\0'; + ++ /* Sanity-check driver-supplied grain value. */ ++ if (WARN_ON_ONCE(!e->grain)) ++ e->grain = 1; ++ ++ grain_bits = fls_long(e->grain - 1); ++ + /* Generate the trace event */ +- grain_bits = fls_long(e->grain); + snprintf(pvt->detail_location, sizeof(pvt->detail_location), + "APEI location: %s %s", e->location, e->other_detail); + trace_mc_event(type, e->msg, e->label, e->error_count, +-- +2.20.1 + diff --git a/queue-4.9/extcon-sm5502-reset-registers-during-initialization.patch b/queue-4.9/extcon-sm5502-reset-registers-during-initialization.patch new file mode 100644 index 00000000000..7ff954025a6 --- /dev/null +++ b/queue-4.9/extcon-sm5502-reset-registers-during-initialization.patch @@ -0,0 +1,63 @@ +From fad9eaf4525b678c2e5f9f5ec5cf762364b46219 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 10 Oct 2019 17:47:20 +0200 +Subject: extcon: sm5502: Reset registers during initialization + +From: Stephan Gerhold + +[ Upstream commit 6942635032cfd3e003e980d2dfa4e6323a3ce145 ] + +On some devices (e.g. Samsung Galaxy A5 (2015)), the bootloader +seems to keep interrupts enabled for SM5502 when booting Linux. +Changing the cable state (i.e. plugging in a cable) - until the driver +is loaded - will therefore produce an interrupt that is never read. + +In this situation, the cable state will be stuck forever on the +initial state because SM5502 stops sending interrupts. +This can be avoided by clearing those pending interrupts after +the driver has been loaded. + +One way to do this is to reset all registers to default state +by writing to SM5502_REG_RESET. This ensures that we start from +a clean state, with all interrupts disabled. + +Suggested-by: Chanwoo Choi +Signed-off-by: Stephan Gerhold +Signed-off-by: Chanwoo Choi +Signed-off-by: Sasha Levin +--- + drivers/extcon/extcon-sm5502.c | 4 ++++ + drivers/extcon/extcon-sm5502.h | 2 ++ + 2 files changed, 6 insertions(+) + +diff --git a/drivers/extcon/extcon-sm5502.c b/drivers/extcon/extcon-sm5502.c +index b22325688503..9d2d8a6673c8 100644 +--- a/drivers/extcon/extcon-sm5502.c ++++ b/drivers/extcon/extcon-sm5502.c +@@ -69,6 +69,10 @@ struct sm5502_muic_info { + /* Default value of SM5502 register to bring up MUIC device. */ + static struct reg_data sm5502_reg_data[] = { + { ++ .reg = SM5502_REG_RESET, ++ .val = SM5502_REG_RESET_MASK, ++ .invert = true, ++ }, { + .reg = SM5502_REG_CONTROL, + .val = SM5502_REG_CONTROL_MASK_INT_MASK, + .invert = false, +diff --git a/drivers/extcon/extcon-sm5502.h b/drivers/extcon/extcon-sm5502.h +index 974b53222f56..12f8b01e5753 100644 +--- a/drivers/extcon/extcon-sm5502.h ++++ b/drivers/extcon/extcon-sm5502.h +@@ -241,6 +241,8 @@ enum sm5502_reg { + #define DM_DP_SWITCH_UART ((DM_DP_CON_SWITCH_UART < +Date: Wed, 20 Nov 2019 11:57:12 +0200 +Subject: fbtft: Make sure string is NULL terminated +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Andy Shevchenko + +[ Upstream commit 21f585480deb4bcf0d92b08879c35d066dfee030 ] + +New GCC warns about inappropriate use of strncpy(): + +drivers/staging/fbtft/fbtft-core.c: In function ‘fbtft_framebuffer_alloc’: +drivers/staging/fbtft/fbtft-core.c:665:2: warning: ‘strncpy’ specified bound 16 equals destination size [-Wstringop-truncation] + 665 | strncpy(info->fix.id, dev->driver->name, 16); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Later on the copy is being used with the assumption to be NULL terminated. +Make sure string is NULL terminated by switching to snprintf(). + +Signed-off-by: Andy Shevchenko +Link: https://lore.kernel.org/r/20191120095716.26628-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/fbtft/fbtft-core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/staging/fbtft/fbtft-core.c b/drivers/staging/fbtft/fbtft-core.c +index d9ba8c0f1353..ece713d02660 100644 +--- a/drivers/staging/fbtft/fbtft-core.c ++++ b/drivers/staging/fbtft/fbtft-core.c +@@ -766,7 +766,7 @@ struct fb_info *fbtft_framebuffer_alloc(struct fbtft_display *display, + fbdefio->deferred_io = fbtft_deferred_io; + fb_deferred_io_init(info); + +- strncpy(info->fix.id, dev->driver->name, 16); ++ snprintf(info->fix.id, sizeof(info->fix.id), "%s", dev->driver->name); + info->fix.type = FB_TYPE_PACKED_PIXELS; + info->fix.visual = FB_VISUAL_TRUECOLOR; + info->fix.xpanstep = 0; +-- +2.20.1 + diff --git a/queue-4.9/hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch b/queue-4.9/hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch new file mode 100644 index 00000000000..81e031bac52 --- /dev/null +++ b/queue-4.9/hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch @@ -0,0 +1,50 @@ +From d90463c37177c83eafb95334c2374a64977e055f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 14 Sep 2019 14:02:56 -0700 +Subject: hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not + idled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Tony Lindgren + +[ Upstream commit eaecce12f5f0d2c35d278e41e1bc4522393861ab ] + +When unloading omap3-rom-rng, we'll get the following: + +WARNING: CPU: 0 PID: 100 at drivers/clk/clk.c:948 clk_core_disable + +This is because the clock may be already disabled by omap3_rom_rng_idle(). +Let's fix the issue by checking for rng_idle on exit. + +Cc: Aaro Koskinen +Cc: Adam Ford +Cc: Pali Rohár +Cc: Sebastian Reichel +Cc: Tero Kristo +Fixes: 1c6b7c2108bd ("hwrng: OMAP3 ROM Random Number Generator support") +Signed-off-by: Tony Lindgren +Signed-off-by: Herbert Xu +Signed-off-by: Sasha Levin +--- + drivers/char/hw_random/omap3-rom-rng.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/char/hw_random/omap3-rom-rng.c b/drivers/char/hw_random/omap3-rom-rng.c +index 37a58d78aab3..3324a7f4bee3 100644 +--- a/drivers/char/hw_random/omap3-rom-rng.c ++++ b/drivers/char/hw_random/omap3-rom-rng.c +@@ -114,7 +114,8 @@ static int omap3_rom_rng_remove(struct platform_device *pdev) + { + cancel_delayed_work_sync(&idle_work); + hwrng_unregister(&omap3_rom_rng_ops); +- clk_disable_unprepare(rng_clk); ++ if (!rng_idle) ++ clk_disable_unprepare(rng_clk); + return 0; + } + +-- +2.20.1 + diff --git a/queue-4.9/ib-iser-bound-protection_sg-size-by-data_sg-size.patch b/queue-4.9/ib-iser-bound-protection_sg-size-by-data_sg-size.patch new file mode 100644 index 00000000000..91d42664fb1 --- /dev/null +++ b/queue-4.9/ib-iser-bound-protection_sg-size-by-data_sg-size.patch @@ -0,0 +1,40 @@ +From be297319b9275febe06f28b71bc164d6a358d7dd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 00:03:47 +0300 +Subject: IB/iser: bound protection_sg size by data_sg size + +From: Max Gurtovoy + +[ Upstream commit 7718cf03c3ce4b6ebd90107643ccd01c952a1fce ] + +In case we don't set the sg_prot_tablesize, the scsi layer assign the +default size (65535 entries). We should limit this size since we should +take into consideration the underlaying device capability. This cap is +considered when calculating the sg_tablesize. Otherwise, for example, +we can get that /sys/block/sdb/queue/max_segments is 128 and +/sys/block/sdb/queue/max_integrity_segments is 65535. + +Link: https://lore.kernel.org/r/1569359027-10987-1-git-send-email-maxg@mellanox.com +Signed-off-by: Max Gurtovoy +Reviewed-by: Sagi Grimberg +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/ulp/iser/iscsi_iser.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/infiniband/ulp/iser/iscsi_iser.c b/drivers/infiniband/ulp/iser/iscsi_iser.c +index e46e2b095c18..fdf5179a81c1 100644 +--- a/drivers/infiniband/ulp/iser/iscsi_iser.c ++++ b/drivers/infiniband/ulp/iser/iscsi_iser.c +@@ -649,6 +649,7 @@ iscsi_iser_session_create(struct iscsi_endpoint *ep, + if (ib_conn->pi_support) { + u32 sig_caps = ib_conn->device->ib_device->attrs.sig_prot_cap; + ++ shost->sg_prot_tablesize = shost->sg_tablesize; + scsi_host_set_prot(shost, iser_dif_prot_caps(sig_caps)); + scsi_host_set_guard(shost, SHOST_DIX_GUARD_IP | + SHOST_DIX_GUARD_CRC); +-- +2.20.1 + diff --git a/queue-4.9/iio-adc-max1027-reset-the-device-at-probe-time.patch b/queue-4.9/iio-adc-max1027-reset-the-device-at-probe-time.patch new file mode 100644 index 00000000000..935ef3b18e6 --- /dev/null +++ b/queue-4.9/iio-adc-max1027-reset-the-device-at-probe-time.patch @@ -0,0 +1,42 @@ +From 79a845d14b7d62a8653613b48fba6632031e1927 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Oct 2019 16:43:42 +0200 +Subject: iio: adc: max1027: Reset the device at probe time + +From: Miquel Raynal + +[ Upstream commit db033831b4f5589f9fcbadb837614a7c4eac0308 ] + +All the registers are configured by the driver, let's reset the chip +at probe time, avoiding any conflict with a possible earlier +configuration. + +Signed-off-by: Miquel Raynal +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/adc/max1027.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/iio/adc/max1027.c b/drivers/iio/adc/max1027.c +index 712fbd2b1f16..ec3f7bc70b75 100644 +--- a/drivers/iio/adc/max1027.c ++++ b/drivers/iio/adc/max1027.c +@@ -471,6 +471,14 @@ static int max1027_probe(struct spi_device *spi) + goto fail_dev_register; + } + ++ /* Internal reset */ ++ st->reg = MAX1027_RST_REG; ++ ret = spi_write(st->spi, &st->reg, 1); ++ if (ret < 0) { ++ dev_err(&indio_dev->dev, "Failed to reset the ADC\n"); ++ return ret; ++ } ++ + /* Disable averaging */ + st->reg = MAX1027_AVG_REG; + ret = spi_write(st->spi, &st->reg, 1); +-- +2.20.1 + diff --git a/queue-4.9/iio-light-bh1750-resolve-compiler-warning-and-make-c.patch b/queue-4.9/iio-light-bh1750-resolve-compiler-warning-and-make-c.patch new file mode 100644 index 00000000000..0bb2271e2e2 --- /dev/null +++ b/queue-4.9/iio-light-bh1750-resolve-compiler-warning-and-make-c.patch @@ -0,0 +1,55 @@ +From a8621e9c3126d388c723fc6f13d7b9516b414323 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 Sep 2019 22:24:13 +0200 +Subject: iio: light: bh1750: Resolve compiler warning and make code more + readable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Krzysztof Wilczynski + +[ Upstream commit f552fde983d378e7339f9ea74a25f918563bf0d3 ] + +Separate the declaration of struct bh1750_chip_info from definition +of bh1750_chip_info_tbl[] in a single statement as it makes the code +hard to read, and with the extra newline it makes it look as if the +bh1750_chip_info_tbl[] had no explicit type. + +This change also resolves the following compiler warning about the +unusual position of the static keyword that can be seen when building +with warnings enabled (W=1): + +drivers/iio/light/bh1750.c:64:1: warning: + ‘static’ is not at beginning of declaration [-Wold-style-declaration] + +Related to commit 3a11fbb037a1 ("iio: light: add support for ROHM +BH1710/BH1715/BH1721/BH1750/BH1751 ambient light sensors"). + +Signed-off-by: Krzysztof Wilczynski +Acked-by: Uwe Kleine-König +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/light/bh1750.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/light/bh1750.c b/drivers/iio/light/bh1750.c +index b05946604f80..6d5bb11594dc 100644 +--- a/drivers/iio/light/bh1750.c ++++ b/drivers/iio/light/bh1750.c +@@ -62,9 +62,9 @@ struct bh1750_chip_info { + + u16 int_time_low_mask; + u16 int_time_high_mask; +-} ++}; + +-static const bh1750_chip_info_tbl[] = { ++static const struct bh1750_chip_info bh1750_chip_info_tbl[] = { + [BH1710] = { 140, 1022, 300, 400, 250000000, 2, 0x001F, 0x03E0 }, + [BH1721] = { 140, 1020, 300, 400, 250000000, 2, 0x0010, 0x03E0 }, + [BH1750] = { 31, 254, 69, 1740, 57500000, 1, 0x001F, 0x00E0 }, +-- +2.20.1 + diff --git a/queue-4.9/iwlwifi-check-kasprintf-return-value.patch b/queue-4.9/iwlwifi-check-kasprintf-return-value.patch new file mode 100644 index 00000000000..c4823f23ffd --- /dev/null +++ b/queue-4.9/iwlwifi-check-kasprintf-return-value.patch @@ -0,0 +1,52 @@ +From 2f02eb57804089aef874f75340525822d0738c99 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 14:50:32 +0100 +Subject: iwlwifi: check kasprintf() return value + +From: Johannes Berg + +[ Upstream commit 5974fbb5e10b018fdbe3c3b81cb4cc54e1105ab9 ] + +kasprintf() can fail, we should check the return value. + +Fixes: 5ed540aecc2a ("iwlwifi: use mac80211 throughput trigger") +Fixes: 8ca151b568b6 ("iwlwifi: add the MVM driver") +Signed-off-by: Johannes Berg +Signed-off-by: Luca Coelho +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/dvm/led.c | 3 +++ + drivers/net/wireless/intel/iwlwifi/mvm/led.c | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/drivers/net/wireless/intel/iwlwifi/dvm/led.c b/drivers/net/wireless/intel/iwlwifi/dvm/led.c +index 1bbd17ada974..20e16c423990 100644 +--- a/drivers/net/wireless/intel/iwlwifi/dvm/led.c ++++ b/drivers/net/wireless/intel/iwlwifi/dvm/led.c +@@ -185,6 +185,9 @@ void iwl_leds_init(struct iwl_priv *priv) + + priv->led.name = kasprintf(GFP_KERNEL, "%s-led", + wiphy_name(priv->hw->wiphy)); ++ if (!priv->led.name) ++ return; ++ + priv->led.brightness_set = iwl_led_brightness_set; + priv->led.blink_set = iwl_led_blink_set; + priv->led.max_brightness = 1; +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/led.c b/drivers/net/wireless/intel/iwlwifi/mvm/led.c +index 1e51fbe95f7c..73c351a64187 100644 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/led.c ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/led.c +@@ -109,6 +109,9 @@ int iwl_mvm_leds_init(struct iwl_mvm *mvm) + + mvm->led.name = kasprintf(GFP_KERNEL, "%s-led", + wiphy_name(mvm->hw->wiphy)); ++ if (!mvm->led.name) ++ return -ENOMEM; ++ + mvm->led.brightness_set = iwl_led_brightness_set; + mvm->led.max_brightness = 1; + +-- +2.20.1 + diff --git a/queue-4.9/iwlwifi-mvm-fix-unaligned-read-of-rx_pkt_status.patch b/queue-4.9/iwlwifi-mvm-fix-unaligned-read-of-rx_pkt_status.patch new file mode 100644 index 00000000000..c6736b85ca6 --- /dev/null +++ b/queue-4.9/iwlwifi-mvm-fix-unaligned-read-of-rx_pkt_status.patch @@ -0,0 +1,50 @@ +From 1d7ba329ead9dbd65ab8d30e832df416d543208d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Nov 2019 09:28:02 +0200 +Subject: iwlwifi: mvm: fix unaligned read of rx_pkt_status + +From: Wang Xuerui + +[ Upstream commit c5aaa8be29b25dfe1731e9a8b19fd91b7b789ee3 ] + +This is present since the introduction of iwlmvm. +Example stack trace on MIPS: + +[] iwl_mvm_rx_rx_mpdu+0xa8/0xb88 [iwlmvm] +[] iwl_pcie_rx_handle+0x420/0xc48 [iwlwifi] + +Tested with a Wireless AC 7265 for ~6 months, confirmed to fix the +problem. No other unaligned accesses are spotted yet. + +Signed-off-by: Wang Xuerui +Signed-off-by: Luca Coelho +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/mvm/rx.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c +index b78e60eb600f..d0aa4d0a5537 100644 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/rx.c ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/rx.c +@@ -62,6 +62,7 @@ + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + *****************************************************************************/ ++#include + #include + #include + #include "iwl-trans.h" +@@ -289,7 +290,7 @@ void iwl_mvm_rx_rx_mpdu(struct iwl_mvm *mvm, struct napi_struct *napi, + rx_res = (struct iwl_rx_mpdu_res_start *)pkt->data; + hdr = (struct ieee80211_hdr *)(pkt->data + sizeof(*rx_res)); + len = le16_to_cpu(rx_res->byte_count); +- rx_pkt_status = le32_to_cpup((__le32 *) ++ rx_pkt_status = get_unaligned_le32((__le32 *) + (pkt->data + sizeof(*rx_res) + len)); + + /* Dont use dev_alloc_skb(), we'll have enough headroom once +-- +2.20.1 + diff --git a/queue-4.9/libata-ensure-ata_port-probe-has-completed-before-de.patch b/queue-4.9/libata-ensure-ata_port-probe-has-completed-before-de.patch new file mode 100644 index 00000000000..9df7e302772 --- /dev/null +++ b/queue-4.9/libata-ensure-ata_port-probe-has-completed-before-de.patch @@ -0,0 +1,95 @@ +From 552661b167d3324a8ec0f20359b33fc5cf5279f0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Oct 2019 18:19:52 +0800 +Subject: libata: Ensure ata_port probe has completed before detach + +From: John Garry + +[ Upstream commit 130f4caf145c3562108b245a576db30b916199d2 ] + +With CONFIG_DEBUG_TEST_DRIVER_REMOVE set, we may find the following WARN: + +[ 23.452574] ------------[ cut here ]------------ +[ 23.457190] WARNING: CPU: 59 PID: 1 at drivers/ata/libata-core.c:6676 ata_host_detach+0x15c/0x168 +[ 23.466047] Modules linked in: +[ 23.469092] CPU: 59 PID: 1 Comm: swapper/0 Not tainted 5.4.0-rc1-00010-g5b83fd27752b-dirty #296 +[ 23.477776] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI RC0 - V1.16.01 03/15/2019 +[ 23.486286] pstate: a0c00009 (NzCv daif +PAN +UAO) +[ 23.491065] pc : ata_host_detach+0x15c/0x168 +[ 23.495322] lr : ata_host_detach+0x88/0x168 +[ 23.499491] sp : ffff800011cabb50 +[ 23.502792] x29: ffff800011cabb50 x28: 0000000000000007 +[ 23.508091] x27: ffff80001137f068 x26: ffff8000112c0c28 +[ 23.513390] x25: 0000000000003848 x24: ffff0023ea185300 +[ 23.518689] x23: 0000000000000001 x22: 00000000000014c0 +[ 23.523987] x21: 0000000000013740 x20: ffff0023bdc20000 +[ 23.529286] x19: 0000000000000000 x18: 0000000000000004 +[ 23.534584] x17: 0000000000000001 x16: 00000000000000f0 +[ 23.539883] x15: ffff0023eac13790 x14: ffff0023eb76c408 +[ 23.545181] x13: 0000000000000000 x12: ffff0023eac13790 +[ 23.550480] x11: ffff0023eb76c228 x10: 0000000000000000 +[ 23.555779] x9 : ffff0023eac13798 x8 : 0000000040000000 +[ 23.561077] x7 : 0000000000000002 x6 : 0000000000000001 +[ 23.566376] x5 : 0000000000000002 x4 : 0000000000000000 +[ 23.571674] x3 : ffff0023bf08a0bc x2 : 0000000000000000 +[ 23.576972] x1 : 3099674201f72700 x0 : 0000000000400284 +[ 23.582272] Call trace: +[ 23.584706] ata_host_detach+0x15c/0x168 +[ 23.588616] ata_pci_remove_one+0x10/0x18 +[ 23.592615] ahci_remove_one+0x20/0x40 +[ 23.596356] pci_device_remove+0x3c/0xe0 +[ 23.600267] really_probe+0xdc/0x3e0 +[ 23.603830] driver_probe_device+0x58/0x100 +[ 23.608000] device_driver_attach+0x6c/0x90 +[ 23.612169] __driver_attach+0x84/0xc8 +[ 23.615908] bus_for_each_dev+0x74/0xc8 +[ 23.619730] driver_attach+0x20/0x28 +[ 23.623292] bus_add_driver+0x148/0x1f0 +[ 23.627115] driver_register+0x60/0x110 +[ 23.630938] __pci_register_driver+0x40/0x48 +[ 23.635199] ahci_pci_driver_init+0x20/0x28 +[ 23.639372] do_one_initcall+0x5c/0x1b0 +[ 23.643199] kernel_init_freeable+0x1a4/0x24c +[ 23.647546] kernel_init+0x10/0x108 +[ 23.651023] ret_from_fork+0x10/0x18 +[ 23.654590] ---[ end trace 634a14b675b71c13 ]--- + +With KASAN also enabled, we may also get many use-after-free reports. + +The issue is that when CONFIG_DEBUG_TEST_DRIVER_REMOVE is set, we may +attempt to detach the ata_port before it has been probed. + +This is because the ata_ports are async probed, meaning that there is no +guarantee that the ata_port has probed prior to detach. When the ata_port +does probe in this scenario, we get all sorts of issues as the detach may +have already happened. + +Fix by ensuring synchronisation with async_synchronize_full(). We could +alternatively use the cookie returned from the ata_port probe +async_schedule() call, but that means managing the cookie, so more +complicated. + +Signed-off-by: John Garry +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + drivers/ata/libata-core.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index da1a987c622a..b1582f161171 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -6550,6 +6550,9 @@ void ata_host_detach(struct ata_host *host) + { + int i; + ++ /* Ensure ata_port probe has completed */ ++ async_synchronize_full(); ++ + for (i = 0; i < host->n_ports; i++) + ata_port_detach(host->ports[i]); + +-- +2.20.1 + diff --git a/queue-4.9/libertas-fix-a-potential-null-pointer-dereference.patch b/queue-4.9/libertas-fix-a-potential-null-pointer-dereference.patch new file mode 100644 index 00000000000..fde68a12135 --- /dev/null +++ b/queue-4.9/libertas-fix-a-potential-null-pointer-dereference.patch @@ -0,0 +1,45 @@ +From 3a4e2c32b1a776ee6984fe0b76a48068e4bf9158 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 18 Sep 2019 22:05:00 +0530 +Subject: libertas: fix a potential NULL pointer dereference + +From: Allen Pais + +[ Upstream commit 7da413a18583baaf35dd4a8eb414fa410367d7f2 ] + +alloc_workqueue is not checked for errors and as a result, +a potential NULL dereference could occur. + +Signed-off-by: Allen Pais +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/marvell/libertas/if_sdio.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/net/wireless/marvell/libertas/if_sdio.c b/drivers/net/wireless/marvell/libertas/if_sdio.c +index 06a57c708992..44da911c9a1a 100644 +--- a/drivers/net/wireless/marvell/libertas/if_sdio.c ++++ b/drivers/net/wireless/marvell/libertas/if_sdio.c +@@ -1229,6 +1229,10 @@ static int if_sdio_probe(struct sdio_func *func, + + spin_lock_init(&card->lock); + card->workqueue = alloc_workqueue("libertas_sdio", WQ_MEM_RECLAIM, 0); ++ if (unlikely(!card->workqueue)) { ++ ret = -ENOMEM; ++ goto err_queue; ++ } + INIT_WORK(&card->packet_worker, if_sdio_host_to_card_worker); + init_waitqueue_head(&card->pwron_waitq); + +@@ -1282,6 +1286,7 @@ err_activate_card: + lbs_remove_card(priv); + free: + destroy_workqueue(card->workqueue); ++err_queue: + while (card->packets) { + packet = card->packets; + card->packets = card->packets->next; +-- +2.20.1 + diff --git a/queue-4.9/libtraceevent-fix-memory-leakage-in-copy_filter_type.patch b/queue-4.9/libtraceevent-fix-memory-leakage-in-copy_filter_type.patch new file mode 100644 index 00000000000..b6c915ea940 --- /dev/null +++ b/queue-4.9/libtraceevent-fix-memory-leakage-in-copy_filter_type.patch @@ -0,0 +1,55 @@ +From 7e0c8b2362e4ab89a1dc01cc9842db9f7ddb4797 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Nov 2019 20:44:15 -0500 +Subject: libtraceevent: Fix memory leakage in copy_filter_type + +From: Hewenliang + +[ Upstream commit 10992af6bf46a2048ad964985a5b77464e5563b1 ] + +It is necessary to free the memory that we have allocated when error occurs. + +Fixes: ef3072cd1d5c ("tools lib traceevent: Get rid of die in add_filter_type()") +Signed-off-by: Hewenliang +Reviewed-by: Steven Rostedt (VMware) +Cc: Tzvetomir Stoyanov +Link: http://lore.kernel.org/lkml/20191119014415.57210-1-hewenliang4@huawei.com +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/lib/traceevent/parse-filter.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/tools/lib/traceevent/parse-filter.c b/tools/lib/traceevent/parse-filter.c +index 5e10ba796a6f..569bceff5f51 100644 +--- a/tools/lib/traceevent/parse-filter.c ++++ b/tools/lib/traceevent/parse-filter.c +@@ -1492,8 +1492,10 @@ static int copy_filter_type(struct event_filter *filter, + if (strcmp(str, "TRUE") == 0 || strcmp(str, "FALSE") == 0) { + /* Add trivial event */ + arg = allocate_arg(); +- if (arg == NULL) ++ if (arg == NULL) { ++ free(str); + return -1; ++ } + + arg->type = FILTER_ARG_BOOLEAN; + if (strcmp(str, "TRUE") == 0) +@@ -1502,8 +1504,11 @@ static int copy_filter_type(struct event_filter *filter, + arg->boolean.value = 0; + + filter_type = add_filter_type(filter, event->id); +- if (filter_type == NULL) ++ if (filter_type == NULL) { ++ free(str); ++ free_arg(arg); + return -1; ++ } + + filter_type->filter = arg; + +-- +2.20.1 + diff --git a/queue-4.9/media-am437x-vpfe-setting-std-to-current-value-is-no.patch b/queue-4.9/media-am437x-vpfe-setting-std-to-current-value-is-no.patch new file mode 100644 index 00000000000..42b08eeaafe --- /dev/null +++ b/queue-4.9/media-am437x-vpfe-setting-std-to-current-value-is-no.patch @@ -0,0 +1,40 @@ +From c993ef81c227c1fd7e5d47bf1b800bb33a444d8d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 20 Sep 2019 14:05:48 -0300 +Subject: media: am437x-vpfe: Setting STD to current value is not an error + +From: Benoit Parrot + +[ Upstream commit 13aa21cfe92ce9ebb51824029d89f19c33f81419 ] + +VIDIOC_S_STD should not return an error if the value is identical +to the current one. +This error was highlighted by the v4l2-compliance test. + +Signed-off-by: Benoit Parrot +Acked-by: Lad Prabhakar +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/am437x/am437x-vpfe.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/media/platform/am437x/am437x-vpfe.c b/drivers/media/platform/am437x/am437x-vpfe.c +index 05489a401c5c..bd500f12d0f7 100644 +--- a/drivers/media/platform/am437x/am437x-vpfe.c ++++ b/drivers/media/platform/am437x/am437x-vpfe.c +@@ -1847,6 +1847,10 @@ static int vpfe_s_std(struct file *file, void *priv, v4l2_std_id std_id) + if (!(sdinfo->inputs[0].capabilities & V4L2_IN_CAP_STD)) + return -ENODATA; + ++ /* if trying to set the same std then nothing to do */ ++ if (vpfe_standards[vpfe->std_index].std_id == std_id) ++ return 0; ++ + /* If streaming is started, return error */ + if (vb2_is_busy(&vpfe->buffer_queue)) { + vpfe_err(vpfe, "%s device busy\n", __func__); +-- +2.20.1 + diff --git a/queue-4.9/media-cec-funcs.h-add-status_req-checks.patch b/queue-4.9/media-cec-funcs.h-add-status_req-checks.patch new file mode 100644 index 00000000000..42fe574f2e1 --- /dev/null +++ b/queue-4.9/media-cec-funcs.h-add-status_req-checks.patch @@ -0,0 +1,54 @@ +From 28db2b618effaee986753e47aab0138d010f4483 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Oct 2019 04:56:38 -0300 +Subject: media: cec-funcs.h: add status_req checks + +From: Hans Verkuil + +[ Upstream commit 9b211f9c5a0b67afc435b86f75d78273b97db1c5 ] + +The CEC_MSG_GIVE_DECK_STATUS and CEC_MSG_GIVE_TUNER_DEVICE_STATUS commands +both have a status_req argument: ON, OFF, ONCE. If ON or ONCE, then the +follower will reply with a STATUS message. Either once or whenever the +status changes (status_req == ON). + +If status_req == OFF, then it will stop sending continuous status updates, +but the follower will *not* send a STATUS message in that case. + +This means that if status_req == OFF, then msg->reply should be 0 as well +since no reply is expected in that case. + +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + include/linux/cec-funcs.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/include/linux/cec-funcs.h b/include/linux/cec-funcs.h +index 138bbf721e70..a844749a2855 100644 +--- a/include/linux/cec-funcs.h ++++ b/include/linux/cec-funcs.h +@@ -956,7 +956,8 @@ static inline void cec_msg_give_deck_status(struct cec_msg *msg, + msg->len = 3; + msg->msg[1] = CEC_MSG_GIVE_DECK_STATUS; + msg->msg[2] = status_req; +- msg->reply = reply ? CEC_MSG_DECK_STATUS : 0; ++ msg->reply = (reply && status_req != CEC_OP_STATUS_REQ_OFF) ? ++ CEC_MSG_DECK_STATUS : 0; + } + + static inline void cec_ops_give_deck_status(const struct cec_msg *msg, +@@ -1060,7 +1061,8 @@ static inline void cec_msg_give_tuner_device_status(struct cec_msg *msg, + msg->len = 3; + msg->msg[1] = CEC_MSG_GIVE_TUNER_DEVICE_STATUS; + msg->msg[2] = status_req; +- msg->reply = reply ? CEC_MSG_TUNER_DEVICE_STATUS : 0; ++ msg->reply = (reply && status_req != CEC_OP_STATUS_REQ_OFF) ? ++ CEC_MSG_TUNER_DEVICE_STATUS : 0; + } + + static inline void cec_ops_give_tuner_device_status(const struct cec_msg *msg, +-- +2.20.1 + diff --git a/queue-4.9/media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch b/queue-4.9/media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch new file mode 100644 index 00000000000..9b297673bac --- /dev/null +++ b/queue-4.9/media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch @@ -0,0 +1,46 @@ +From 1e93ce758b37d3064bd154d43c68ed053cb46ae7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Sep 2019 06:49:04 -0300 +Subject: media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() + +From: Yang Yingliang + +[ Upstream commit 649cd16c438f51d4cd777e71ca1f47f6e0c5e65d ] + +If usb_set_interface() failed, iface->cur_altsetting will +not be assigned and it will be used in flexcop_usb_transfer_init() +It may lead a NULL pointer dereference. + +Check usb_set_interface() return value in flexcop_usb_init() +and return failed to avoid using this NULL pointer. + +Signed-off-by: Yang Yingliang +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/usb/b2c2/flexcop-usb.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/media/usb/b2c2/flexcop-usb.c b/drivers/media/usb/b2c2/flexcop-usb.c +index 1fc3c8d7dd9b..2594d6a7393f 100644 +--- a/drivers/media/usb/b2c2/flexcop-usb.c ++++ b/drivers/media/usb/b2c2/flexcop-usb.c +@@ -504,7 +504,13 @@ urb_error: + static int flexcop_usb_init(struct flexcop_usb *fc_usb) + { + /* use the alternate setting with the larges buffer */ +- usb_set_interface(fc_usb->udev,0,1); ++ int ret = usb_set_interface(fc_usb->udev, 0, 1); ++ ++ if (ret) { ++ err("set interface failed."); ++ return ret; ++ } ++ + switch (fc_usb->udev->speed) { + case USB_SPEED_LOW: + err("cannot handle USB speed because it is too slow."); +-- +2.20.1 + diff --git a/queue-4.9/media-i2c-ov2659-fix-missing-720p-register-config.patch b/queue-4.9/media-i2c-ov2659-fix-missing-720p-register-config.patch new file mode 100644 index 00000000000..4e8c7a1a2b4 --- /dev/null +++ b/queue-4.9/media-i2c-ov2659-fix-missing-720p-register-config.patch @@ -0,0 +1,48 @@ +From 212c6eedf69f21686c8360cd5eac602fbf1a5a46 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 10:06:43 -0300 +Subject: media: i2c: ov2659: Fix missing 720p register config + +From: Benoit Parrot + +[ Upstream commit 9d669fbfca20e6035ead814e55d9ef1a6b500540 ] + +The initial registers sequence is only loaded at probe +time. Afterward only the resolution and format specific +register are modified. Care must be taken to make sure +registers modified by one resolution setting are reverted +back when another resolution is programmed. + +This was not done properly for the 720p case. + +Signed-off-by: Benoit Parrot +Acked-by: Lad, Prabhakar +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/i2c/ov2659.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/media/i2c/ov2659.c b/drivers/media/i2c/ov2659.c +index 49196afd15a8..ade3c48e2e0c 100644 +--- a/drivers/media/i2c/ov2659.c ++++ b/drivers/media/i2c/ov2659.c +@@ -419,10 +419,14 @@ static struct sensor_register ov2659_720p[] = { + { REG_TIMING_YINC, 0x11 }, + { REG_TIMING_VERT_FORMAT, 0x80 }, + { REG_TIMING_HORIZ_FORMAT, 0x00 }, ++ { 0x370a, 0x12 }, + { 0x3a03, 0xe8 }, + { 0x3a09, 0x6f }, + { 0x3a0b, 0x5d }, + { 0x3a15, 0x9a }, ++ { REG_VFIFO_READ_START_H, 0x00 }, ++ { REG_VFIFO_READ_START_L, 0x80 }, ++ { REG_ISP_CTRL02, 0x00 }, + { REG_NULL, 0x00 }, + }; + +-- +2.20.1 + diff --git a/queue-4.9/media-i2c-ov2659-fix-s_stream-return-value.patch b/queue-4.9/media-i2c-ov2659-fix-s_stream-return-value.patch new file mode 100644 index 00000000000..2be9a95bcfd --- /dev/null +++ b/queue-4.9/media-i2c-ov2659-fix-s_stream-return-value.patch @@ -0,0 +1,49 @@ +From 60b7ae3c896f75c848556f891bc9f85642b69ce8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 10:06:40 -0300 +Subject: media: i2c: ov2659: fix s_stream return value + +From: Benoit Parrot + +[ Upstream commit 85c4043f1d403c222d481dfc91846227d66663fb ] + +In ov2659_s_stream() return value for invoked function should be checked +and propagated. + +Signed-off-by: Benoit Parrot +Acked-by: Lad, Prabhakar +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/i2c/ov2659.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/drivers/media/i2c/ov2659.c b/drivers/media/i2c/ov2659.c +index 3554eea77e04..49196afd15a8 100644 +--- a/drivers/media/i2c/ov2659.c ++++ b/drivers/media/i2c/ov2659.c +@@ -1204,11 +1204,15 @@ static int ov2659_s_stream(struct v4l2_subdev *sd, int on) + goto unlock; + } + +- ov2659_set_pixel_clock(ov2659); +- ov2659_set_frame_size(ov2659); +- ov2659_set_format(ov2659); +- ov2659_set_streaming(ov2659, 1); +- ov2659->streaming = on; ++ ret = ov2659_set_pixel_clock(ov2659); ++ if (!ret) ++ ret = ov2659_set_frame_size(ov2659); ++ if (!ret) ++ ret = ov2659_set_format(ov2659); ++ if (!ret) { ++ ov2659_set_streaming(ov2659, 1); ++ ov2659->streaming = on; ++ } + + unlock: + mutex_unlock(&ov2659->lock); +-- +2.20.1 + diff --git a/queue-4.9/media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch b/queue-4.9/media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch new file mode 100644 index 00000000000..985d8f96cc0 --- /dev/null +++ b/queue-4.9/media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch @@ -0,0 +1,71 @@ +From 948c5d9c0c9faaba284a3a6a15cec7943b08c2fa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 3 Sep 2019 17:11:43 -0300 +Subject: media: ov6650: Fix stored frame format not in sync with hardware + +From: Janusz Krzysztofik + +[ Upstream commit 3143b459de4cdcce67b36827476c966e93c1cf01 ] + +The driver stores frame format settings supposed to be in line with +hardware state in a device private structure. Since the driver initial +submission, those settings are updated before they are actually applied +on hardware. If an error occurs on device update, the stored settings +my not reflect hardware state anymore and consecutive calls to +.get_fmt() may return incorrect information. That in turn may affect +ability of a bridge device to use correct DMA transfer settings if such +incorrect informmation on active frame format returned by .get_fmt() is +used. + +Assuming a failed device update means its state hasn't changed, update +frame format related settings stored in the device private structure +only after they are successfully applied so the stored values always +reflect hardware state as closely as possible. + +Fixes: 2f6e2404799a ("[media] SoC Camera: add driver for OV6650 sensor") +Signed-off-by: Janusz Krzysztofik +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/i2c/soc_camera/ov6650.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/drivers/media/i2c/soc_camera/ov6650.c b/drivers/media/i2c/soc_camera/ov6650.c +index fc187c5aeb1e..7a119466f973 100644 +--- a/drivers/media/i2c/soc_camera/ov6650.c ++++ b/drivers/media/i2c/soc_camera/ov6650.c +@@ -612,7 +612,6 @@ static int ov6650_s_fmt(struct v4l2_subdev *sd, struct v4l2_mbus_framefmt *mf) + dev_err(&client->dev, "Pixel format not handled: 0x%x\n", code); + return -EINVAL; + } +- priv->code = code; + + if (code == MEDIA_BUS_FMT_Y8_1X8 || + code == MEDIA_BUS_FMT_SBGGR8_1X8) { +@@ -638,7 +637,6 @@ static int ov6650_s_fmt(struct v4l2_subdev *sd, struct v4l2_mbus_framefmt *mf) + dev_dbg(&client->dev, "max resolution: CIF\n"); + coma_mask |= COMA_QCIF; + } +- priv->half_scale = half_scale; + + if (sense) { + if (sense->master_clock == 8000000) { +@@ -678,8 +676,13 @@ static int ov6650_s_fmt(struct v4l2_subdev *sd, struct v4l2_mbus_framefmt *mf) + ret = ov6650_reg_rmw(client, REG_COMA, coma_set, coma_mask); + if (!ret) + ret = ov6650_reg_write(client, REG_CLKRC, clkrc); +- if (!ret) ++ if (!ret) { ++ priv->half_scale = half_scale; ++ + ret = ov6650_reg_rmw(client, REG_COML, coml_set, coml_mask); ++ } ++ if (!ret) ++ priv->code = code; + + if (!ret) { + mf->colorspace = priv->colorspace; +-- +2.20.1 + diff --git a/queue-4.9/media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch b/queue-4.9/media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch new file mode 100644 index 00000000000..28c9c2b7f01 --- /dev/null +++ b/queue-4.9/media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch @@ -0,0 +1,60 @@ +From c86af6945f9ca1bce4ce233babd51bbd3d9b9780 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 12:11:14 +0100 +Subject: media: pvrusb2: Fix oops on tear-down when radio support is not + present + +From: Mike Isely + +[ Upstream commit 7f404ae9cf2a285f73b3c18ab9303d54b7a3d8e1 ] + +In some device configurations there's no radio or radio support in the +driver. That's OK, as the driver sets itself up accordingly. However +on tear-down in these caes it's still trying to tear down radio +related context when there isn't anything there, leading to +dereferences through a null pointer and chaos follows. + +How this bug survived unfixed for 11 years in the pvrusb2 driver is a +mystery to me. + +[hverkuil: fix two checkpatch warnings] + +Signed-off-by: Mike Isely +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/usb/pvrusb2/pvrusb2-v4l2.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c b/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c +index 2cc4d2b6f810..d18ced28797d 100644 +--- a/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c ++++ b/drivers/media/usb/pvrusb2/pvrusb2-v4l2.c +@@ -919,8 +919,12 @@ static void pvr2_v4l2_internal_check(struct pvr2_channel *chp) + pvr2_v4l2_dev_disassociate_parent(vp->dev_video); + pvr2_v4l2_dev_disassociate_parent(vp->dev_radio); + if (!list_empty(&vp->dev_video->devbase.fh_list) || +- !list_empty(&vp->dev_radio->devbase.fh_list)) ++ (vp->dev_radio && ++ !list_empty(&vp->dev_radio->devbase.fh_list))) { ++ pvr2_trace(PVR2_TRACE_STRUCT, ++ "pvr2_v4l2 internal_check exit-empty id=%p", vp); + return; ++ } + pvr2_v4l2_destroy_no_lock(vp); + } + +@@ -994,7 +998,8 @@ static int pvr2_v4l2_release(struct file *file) + kfree(fhp); + if (vp->channel.mc_head->disconnect_flag && + list_empty(&vp->dev_video->devbase.fh_list) && +- list_empty(&vp->dev_radio->devbase.fh_list)) { ++ (!vp->dev_radio || ++ list_empty(&vp->dev_radio->devbase.fh_list))) { + pvr2_v4l2_destroy_no_lock(vp); + } + return 0; +-- +2.20.1 + diff --git a/queue-4.9/media-si470x-i2c-add-missed-operations-in-remove.patch b/queue-4.9/media-si470x-i2c-add-missed-operations-in-remove.patch new file mode 100644 index 00000000000..578a7c2a41c --- /dev/null +++ b/queue-4.9/media-si470x-i2c-add-missed-operations-in-remove.patch @@ -0,0 +1,37 @@ +From d4250aec774add26976e42952fb6f58e59289d1a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 10 Nov 2019 07:28:15 +0100 +Subject: media: si470x-i2c: add missed operations in remove + +From: Chuhong Yuan + +[ Upstream commit 2df200ab234a86836a8879a05a8007d6b884eb14 ] + +The driver misses calling v4l2_ctrl_handler_free and +v4l2_device_unregister in remove like what is done in probe failure. +Add the calls to fix it. + +Signed-off-by: Chuhong Yuan +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/radio/si470x/radio-si470x-i2c.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/media/radio/si470x/radio-si470x-i2c.c b/drivers/media/radio/si470x/radio-si470x-i2c.c +index f218886c504d..fb69534a8b56 100644 +--- a/drivers/media/radio/si470x/radio-si470x-i2c.c ++++ b/drivers/media/radio/si470x/radio-si470x-i2c.c +@@ -460,6 +460,8 @@ static int si470x_i2c_remove(struct i2c_client *client) + video_unregister_device(&radio->videodev); + kfree(radio); + ++ v4l2_ctrl_handler_free(&radio->hdl); ++ v4l2_device_unregister(&radio->v4l2_dev); + return 0; + } + +-- +2.20.1 + diff --git a/queue-4.9/media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch b/queue-4.9/media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch new file mode 100644 index 00000000000..e1be2f2cae1 --- /dev/null +++ b/queue-4.9/media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch @@ -0,0 +1,51 @@ +From 816ca1f04acc9319100edf5798c4f208549b3376 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Oct 2019 12:10:00 -0300 +Subject: media: ti-vpe: vpe: fix a v4l2-compliance failure about frame + sequence number + +From: Benoit Parrot + +[ Upstream commit 2444846c0dbfa4ead21b621e4300ec32c90fbf38 ] + +v4l2-compliance fails with this message: + + fail: v4l2-test-buffers.cpp(294): \ + (int)g_sequence() < seq.last_seq + 1 + fail: v4l2-test-buffers.cpp(740): \ + buf.check(m2m_q, last_m2m_seq) + fail: v4l2-test-buffers.cpp(974): \ + captureBufs(node, q, m2m_q, frame_count, true) + test MMAP: FAIL + +The driver is failing to update the source frame sequence number in the +vb2 buffer object. Only the destination frame sequence was being +updated. + +This is only a reporting issue if the user space app actually cares +about the frame sequence number. But it is fixed nonetheless. + +Signed-off-by: Benoit Parrot +Reviewed-by: Tomi Valkeinen +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/ti-vpe/vpe.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/media/platform/ti-vpe/vpe.c b/drivers/media/platform/ti-vpe/vpe.c +index da308fa6561f..067548e14e11 100644 +--- a/drivers/media/platform/ti-vpe/vpe.c ++++ b/drivers/media/platform/ti-vpe/vpe.c +@@ -1298,6 +1298,7 @@ static irqreturn_t vpe_irq(int irq_vpe, void *data) + d_vb->timecode = s_vb->timecode; + + d_vb->sequence = ctx->sequence; ++ s_vb->sequence = ctx->sequence; + + d_q_data = &ctx->q_data[Q_DATA_DST]; + if (d_q_data->flags & Q_DATA_INTERLACED) { +-- +2.20.1 + diff --git a/queue-4.9/media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch b/queue-4.9/media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch new file mode 100644 index 00000000000..36e8f6d79cc --- /dev/null +++ b/queue-4.9/media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch @@ -0,0 +1,82 @@ +From 59ef97fb0f7193bcfe2ad4b13a5da490145525cd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Oct 2019 12:09:57 -0300 +Subject: media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel + format + +From: Benoit Parrot + +[ Upstream commit 06bec72b250b2cb3ba96fa45c2b8e0fb83745517 ] + +v4l2-compliance warns with this message: + + warn: v4l2-test-formats.cpp(717): \ + TRY_FMT cannot handle an invalid pixelformat. + warn: v4l2-test-formats.cpp(718): \ + This may or may not be a problem. For more information see: + warn: v4l2-test-formats.cpp(719): \ + http://www.mail-archive.com/linux-media@vger.kernel.org/msg56550.html + ... + test VIDIOC_TRY_FMT: FAIL + +We need to make sure that the returns a valid pixel format in all +instance. Based on the v4l2 framework convention drivers must return a +valid pixel format when the requested pixel format is either invalid or +not supported. + +Signed-off-by: Benoit Parrot +Reviewed-by: Tomi Valkeinen +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/ti-vpe/vpe.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/drivers/media/platform/ti-vpe/vpe.c b/drivers/media/platform/ti-vpe/vpe.c +index 0189f7f7cb03..da308fa6561f 100644 +--- a/drivers/media/platform/ti-vpe/vpe.c ++++ b/drivers/media/platform/ti-vpe/vpe.c +@@ -330,20 +330,25 @@ enum { + }; + + /* find our format description corresponding to the passed v4l2_format */ +-static struct vpe_fmt *find_format(struct v4l2_format *f) ++static struct vpe_fmt *__find_format(u32 fourcc) + { + struct vpe_fmt *fmt; + unsigned int k; + + for (k = 0; k < ARRAY_SIZE(vpe_formats); k++) { + fmt = &vpe_formats[k]; +- if (fmt->fourcc == f->fmt.pix.pixelformat) ++ if (fmt->fourcc == fourcc) + return fmt; + } + + return NULL; + } + ++static struct vpe_fmt *find_format(struct v4l2_format *f) ++{ ++ return __find_format(f->fmt.pix.pixelformat); ++} ++ + /* + * there is one vpe_dev structure in the driver, it is shared by + * all instances. +@@ -1433,9 +1438,9 @@ static int __vpe_try_fmt(struct vpe_ctx *ctx, struct v4l2_format *f, + int i, depth, depth_bytes; + + if (!fmt || !(fmt->types & type)) { +- vpe_err(ctx->dev, "Fourcc format (0x%08x) invalid.\n", ++ vpe_dbg(ctx->dev, "Fourcc format (0x%08x) invalid.\n", + pix->pixelformat); +- return -EINVAL; ++ fmt = __find_format(V4L2_PIX_FMT_YUYV); + } + + if (pix->field != V4L2_FIELD_NONE && pix->field != V4L2_FIELD_ALTERNATE) +-- +2.20.1 + diff --git a/queue-4.9/media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch b/queue-4.9/media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch new file mode 100644 index 00000000000..5d31a49dac9 --- /dev/null +++ b/queue-4.9/media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch @@ -0,0 +1,53 @@ +From 396d05c60f2a54675b746ced1f5ff87c1fefe3b8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Oct 2019 12:09:58 -0300 +Subject: media: ti-vpe: vpe: Make sure YUYV is set as default format + +From: Benoit Parrot + +[ Upstream commit e20b248051ca0f90d84b4d9378e4780bc31f16c6 ] + +v4l2-compliance fails with this message: + + fail: v4l2-test-formats.cpp(672): \ + Video Capture Multiplanar: TRY_FMT(G_FMT) != G_FMT + fail: v4l2-test-formats.cpp(672): \ + Video Output Multiplanar: TRY_FMT(G_FMT) != G_FMT + ... + test VIDIOC_TRY_FMT: FAIL + +The default pixel format was setup as pointing to a specific offset in +the vpe_formats table assuming it was pointing to the V4L2_PIX_FMT_YUYV +entry. This became false after the addition on the NV21 format (see +above commid-id) + +So instead of hard-coding an offset which might change over time we need +to use a lookup helper instead so we know the default will always be what +we intended. + +Signed-off-by: Benoit Parrot +Fixes: 40cc823f7005 ("media: ti-vpe: Add support for NV21 format") +Reviewed-by: Tomi Valkeinen +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/ti-vpe/vpe.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/media/platform/ti-vpe/vpe.c b/drivers/media/platform/ti-vpe/vpe.c +index 067548e14e11..dbb4829acc43 100644 +--- a/drivers/media/platform/ti-vpe/vpe.c ++++ b/drivers/media/platform/ti-vpe/vpe.c +@@ -1998,7 +1998,7 @@ static int vpe_open(struct file *file) + v4l2_ctrl_handler_setup(hdl); + + s_q_data = &ctx->q_data[Q_DATA_SRC]; +- s_q_data->fmt = &vpe_formats[2]; ++ s_q_data->fmt = __find_format(V4L2_PIX_FMT_YUYV); + s_q_data->width = 1920; + s_q_data->height = 1080; + s_q_data->bytesperline[VPE_LUMA] = (s_q_data->width * +-- +2.20.1 + diff --git a/queue-4.9/mmc-tmio-add-mmc_cap_erase-to-allow-erase-discard-tr.patch b/queue-4.9/mmc-tmio-add-mmc_cap_erase-to-allow-erase-discard-tr.patch new file mode 100644 index 00000000000..4fc85b7245b --- /dev/null +++ b/queue-4.9/mmc-tmio-add-mmc_cap_erase-to-allow-erase-discard-tr.patch @@ -0,0 +1,73 @@ +From e7b39c7afc23d169037265904a74aa4292af34ed Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Nov 2019 14:44:30 +0100 +Subject: mmc: tmio: Add MMC_CAP_ERASE to allow erase/discard/trim requests + +From: Eugeniu Rosca + +[ Upstream commit c91843463e9e821dc3b48fe37e3155fa38299f6e ] + +Isolated initially to renesas_sdhi_internal_dmac [1], Ulf suggested +adding MMC_CAP_ERASE to the TMIO mmc core: + +On Fri, Nov 15, 2019 at 10:27:25AM +0100, Ulf Hansson wrote: + -- snip -- + This test and due to the discussions with Wolfram and you in this + thread, I would actually suggest that you enable MMC_CAP_ERASE for all + tmio variants, rather than just for this particular one. + + In other words, set the cap in tmio_mmc_host_probe() should be fine, + as it seems none of the tmio variants supports HW busy detection at + this point. + -- snip -- + +Testing on R-Car H3ULCB-KF doesn't reveal any issues (v5.4-rc7): + +root@rcar-gen3:~# lsblk +NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT +mmcblk0 179:0 0 59.2G 0 disk <--- eMMC +mmcblk0boot0 179:8 0 4M 1 disk +mmcblk0boot1 179:16 0 4M 1 disk +mmcblk1 179:24 0 30G 0 disk <--- SD card + +root@rcar-gen3:~# time blkdiscard /dev/mmcblk0 +real 0m8.659s +user 0m0.001s +sys 0m1.920s + +root@rcar-gen3:~# time blkdiscard /dev/mmcblk1 +real 0m1.176s +user 0m0.001s +sys 0m0.124s + +[1] https://lore.kernel.org/linux-renesas-soc/20191112134808.23546-1-erosca@de.adit-jv.com/ + +Cc: Wolfram Sang +Cc: Masahiro Yamada +Cc: Andrew Gabbasov +Originally-by: Harish Jenny K N +Suggested-by: Ulf Hansson +Signed-off-by: Eugeniu Rosca +Reviewed-by: Wolfram Sang +Signed-off-by: Ulf Hansson +Signed-off-by: Sasha Levin +--- + drivers/mmc/host/tmio_mmc_pio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/mmc/host/tmio_mmc_pio.c b/drivers/mmc/host/tmio_mmc_pio.c +index 0fc1f73b0d23..3e025766181b 100644 +--- a/drivers/mmc/host/tmio_mmc_pio.c ++++ b/drivers/mmc/host/tmio_mmc_pio.c +@@ -1076,7 +1076,7 @@ int tmio_mmc_host_probe(struct tmio_mmc_host *_host, + tmio_mmc_ops.start_signal_voltage_switch = _host->start_signal_voltage_switch; + mmc->ops = &tmio_mmc_ops; + +- mmc->caps |= MMC_CAP_4_BIT_DATA | pdata->capabilities; ++ mmc->caps |= MMC_CAP_ERASE | MMC_CAP_4_BIT_DATA | pdata->capabilities; + mmc->caps2 |= pdata->capabilities2; + mmc->max_segs = 32; + mmc->max_blk_size = 512; +-- +2.20.1 + diff --git a/queue-4.9/mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch b/queue-4.9/mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch new file mode 100644 index 00000000000..3ff1d901a25 --- /dev/null +++ b/queue-4.9/mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch @@ -0,0 +1,42 @@ +From ba08b98613d17d38bc179644ec3340be02d4be85 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 4 Oct 2019 15:16:48 -0500 +Subject: mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring + +From: Navid Emamdoost + +[ Upstream commit d10dcb615c8e29d403a24d35f8310a7a53e3050c ] + +In mwifiex_pcie_init_evt_ring, a new skb is allocated which should be +released if mwifiex_map_pci_memory() fails. The release for skb and +card->evtbd_ring_vbase is added. + +Fixes: 0732484b47b5 ("mwifiex: separate ring initialization and ring creation routines") +Signed-off-by: Navid Emamdoost +Acked-by: Ganapathi Bhat +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/marvell/mwifiex/pcie.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/marvell/mwifiex/pcie.c b/drivers/net/wireless/marvell/mwifiex/pcie.c +index cb681b265b10..38d45a77c06b 100644 +--- a/drivers/net/wireless/marvell/mwifiex/pcie.c ++++ b/drivers/net/wireless/marvell/mwifiex/pcie.c +@@ -632,8 +632,11 @@ static int mwifiex_pcie_init_evt_ring(struct mwifiex_adapter *adapter) + skb_put(skb, MAX_EVENT_SIZE); + + if (mwifiex_map_pci_memory(adapter, skb, MAX_EVENT_SIZE, +- PCI_DMA_FROMDEVICE)) ++ PCI_DMA_FROMDEVICE)) { ++ kfree_skb(skb); ++ kfree(card->evtbd_ring_vbase); + return -1; ++ } + + buf_pa = MWIFIEX_SKB_DMA_ADDR(skb); + +-- +2.20.1 + diff --git a/queue-4.9/net-phy-initialise-phydev-speed-and-duplex-sanely.patch b/queue-4.9/net-phy-initialise-phydev-speed-and-duplex-sanely.patch new file mode 100644 index 00000000000..0b5484e75a8 --- /dev/null +++ b/queue-4.9/net-phy-initialise-phydev-speed-and-duplex-sanely.patch @@ -0,0 +1,46 @@ +From 08c29d94f076a99c6b5c2a72e5c7ff5b9081c13e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 22 Nov 2019 15:23:23 +0000 +Subject: net: phy: initialise phydev speed and duplex sanely + +From: Russell King + +[ Upstream commit a5d66f810061e2dd70fb7a108dcd14e535bc639f ] + +When a phydev is created, the speed and duplex are set to zero and +-1 respectively, rather than using the predefined SPEED_UNKNOWN and +DUPLEX_UNKNOWN constants. + +There is a window at initialisation time where we may report link +down using the 0/-1 values. Tidy this up and use the predefined +constants, so debug doesn't complain with: + +"Unsupported (update phy-core.c)/Unsupported (update phy-core.c)" + +when the speed and duplex settings are printed. + +Signed-off-by: Russell King +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/phy/phy_device.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c +index 5c2c72b1ef8b..3289fd910c4a 100644 +--- a/drivers/net/phy/phy_device.c ++++ b/drivers/net/phy/phy_device.c +@@ -324,8 +324,8 @@ struct phy_device *phy_device_create(struct mii_bus *bus, int addr, int phy_id, + mdiodev->device_free = phy_mdio_device_free; + mdiodev->device_remove = phy_mdio_device_remove; + +- dev->speed = 0; +- dev->duplex = -1; ++ dev->speed = SPEED_UNKNOWN; ++ dev->duplex = DUPLEX_UNKNOWN; + dev->pause = 0; + dev->asym_pause = 0; + dev->link = 1; +-- +2.20.1 + diff --git a/queue-4.9/parport-load-lowlevel-driver-if-ports-not-found.patch b/queue-4.9/parport-load-lowlevel-driver-if-ports-not-found.patch new file mode 100644 index 00000000000..38a8f61636b --- /dev/null +++ b/queue-4.9/parport-load-lowlevel-driver-if-ports-not-found.patch @@ -0,0 +1,72 @@ +From 32896fadde93d70b8d368c632ed3f8ca699f78b1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Oct 2019 15:45:39 +0100 +Subject: parport: load lowlevel driver if ports not found + +From: Sudip Mukherjee + +[ Upstream commit 231ec2f24dad18d021b361045bbd618ba62a274e ] + +Usually all the distro will load the parport low level driver as part +of their initialization. But we can get into a situation where all the +parallel port drivers are built as module and we unload all the modules +at a later time. Then if we just do "modprobe parport" it will only +load the parport module and will not load the low level driver which +will actually register the ports. So, check the bus if there is any +parport registered, if not, load the low level driver. + +We can get into the above situation with all distro but only Suse has +setup the alias for "parport_lowlevel" and so it only works in Suse. +Users of Debian based distro will need to load the lowlevel module +manually. + +Signed-off-by: Sudip Mukherjee +Link: https://lore.kernel.org/r/20191016144540.18810-3-sudipm.mukherjee@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/parport/share.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/drivers/parport/share.c b/drivers/parport/share.c +index daa2eb3050df..a7ceed7182ac 100644 +--- a/drivers/parport/share.c ++++ b/drivers/parport/share.c +@@ -230,6 +230,18 @@ static int port_check(struct device *dev, void *dev_drv) + return 0; + } + ++/* ++ * Iterates through all the devices connected to the bus and return 1 ++ * if the device is a parallel port. ++ */ ++ ++static int port_detect(struct device *dev, void *dev_drv) ++{ ++ if (is_parport(dev)) ++ return 1; ++ return 0; ++} ++ + /** + * parport_register_driver - register a parallel port device driver + * @drv: structure describing the driver +@@ -282,6 +294,15 @@ int __parport_register_driver(struct parport_driver *drv, struct module *owner, + if (ret) + return ret; + ++ /* ++ * check if bus has any parallel port registered, if ++ * none is found then load the lowlevel driver. ++ */ ++ ret = bus_for_each_dev(&parport_bus_type, NULL, NULL, ++ port_detect); ++ if (!ret) ++ get_lowlevel_driver(); ++ + mutex_lock(®istration_lock); + if (drv->match_port) + bus_for_each_dev(&parport_bus_type, NULL, drv, +-- +2.20.1 + diff --git a/queue-4.9/perf-intel-bts-does-not-support-aux-area-sampling.patch b/queue-4.9/perf-intel-bts-does-not-support-aux-area-sampling.patch new file mode 100644 index 00000000000..521e48d12d1 --- /dev/null +++ b/queue-4.9/perf-intel-bts-does-not-support-aux-area-sampling.patch @@ -0,0 +1,54 @@ +From e0e5dc019e71919e17968f5d4946f7a39a38c2a9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Nov 2019 14:42:25 +0200 +Subject: perf intel-bts: Does not support AUX area sampling + +From: Adrian Hunter + +[ Upstream commit 32a1ece4bdbde24734ab16484bad7316f03fc42d ] + +Add an error message because Intel BTS does not support AUX area +sampling. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Link: http://lore.kernel.org/lkml/20191115124225.5247-16-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/arch/x86/util/auxtrace.c | 2 ++ + tools/perf/arch/x86/util/intel-bts.c | 5 +++++ + 2 files changed, 7 insertions(+) + +diff --git a/tools/perf/arch/x86/util/auxtrace.c b/tools/perf/arch/x86/util/auxtrace.c +index cc1d865e31f1..429a0b04d737 100644 +--- a/tools/perf/arch/x86/util/auxtrace.c ++++ b/tools/perf/arch/x86/util/auxtrace.c +@@ -35,6 +35,8 @@ struct auxtrace_record *auxtrace_record__init_intel(struct perf_evlist *evlist, + + intel_pt_pmu = perf_pmu__find(INTEL_PT_PMU_NAME); + intel_bts_pmu = perf_pmu__find(INTEL_BTS_PMU_NAME); ++ if (intel_bts_pmu) ++ intel_bts_pmu->auxtrace = true; + + if (evlist) { + evlist__for_each_entry(evlist, evsel) { +diff --git a/tools/perf/arch/x86/util/intel-bts.c b/tools/perf/arch/x86/util/intel-bts.c +index 5132775a044f..400bb1a52d04 100644 +--- a/tools/perf/arch/x86/util/intel-bts.c ++++ b/tools/perf/arch/x86/util/intel-bts.c +@@ -121,6 +121,11 @@ static int intel_bts_recording_options(struct auxtrace_record *itr, + const struct cpu_map *cpus = evlist->cpus; + bool privileged = geteuid() == 0 || perf_event_paranoid() < 0; + ++ if (opts->auxtrace_sample_mode) { ++ pr_err("Intel BTS does not support AUX area sampling\n"); ++ return -EINVAL; ++ } ++ + btsr->evlist = evlist; + btsr->snapshot_mode = opts->auxtrace_snapshot_mode; + +-- +2.20.1 + diff --git a/queue-4.9/perf-parse-fix-potential-memory-leak-when-handling-t.patch b/queue-4.9/perf-parse-fix-potential-memory-leak-when-handling-t.patch new file mode 100644 index 00000000000..fa8a14e1e25 --- /dev/null +++ b/queue-4.9/perf-parse-fix-potential-memory-leak-when-handling-t.patch @@ -0,0 +1,85 @@ +From ec3e191b015144fe77fb717da3a5721defdf3c1b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Nov 2019 10:09:25 -0800 +Subject: perf parse: Fix potential memory leak when handling tracepoint errors + +From: Ian Rogers + +[ Upstream commit 4584f084aa9d8033d5911935837dbee7b082d0e9 ] + +An error may be in place when tracepoint_error is called, use +parse_events__handle_error to avoid a memory leak and to capture the +first and last error. Error detected by LLVM's libFuzzer using the +following event: + +$ perf stat -e 'msr/event/,f:e' +event syntax error: 'msr/event/,f:e' + \___ can't access trace events + +Error: No permissions to read /sys/kernel/debug/tracing/events/f/e +Hint: Try 'sudo mount -o remount,mode=755 /sys/kernel/debug/tracing/' + +Initial error: +event syntax error: 'msr/event/,f:e' + \___ no value assigned for term +Run 'perf list' for a list of valid events + + Usage: perf stat [] [] + + -e, --event event selector. use 'perf list' to list available events + +Signed-off-by: Ian Rogers +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Jin Yao +Cc: Jiri Olsa +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Stephane Eranian +Cc: clang-built-linux@googlegroups.com +Link: http://lore.kernel.org/lkml/20191120180925.21787-1-irogers@google.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/parse-events.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c +index 6193be6d7639..cfb64369a18d 100644 +--- a/tools/perf/util/parse-events.c ++++ b/tools/perf/util/parse-events.c +@@ -440,6 +440,7 @@ int parse_events_add_cache(struct list_head *list, int *idx, + static void tracepoint_error(struct parse_events_error *e, int err, + const char *sys, const char *name) + { ++ const char *str; + char help[BUFSIZ]; + + if (!e) +@@ -453,18 +454,18 @@ static void tracepoint_error(struct parse_events_error *e, int err, + + switch (err) { + case EACCES: +- e->str = strdup("can't access trace events"); ++ str = "can't access trace events"; + break; + case ENOENT: +- e->str = strdup("unknown tracepoint"); ++ str = "unknown tracepoint"; + break; + default: +- e->str = strdup("failed to add tracepoint"); ++ str = "failed to add tracepoint"; + break; + } + + tracing_path__strerror_open_tp(err, help, sizeof(help), sys, name); +- e->help = strdup(help); ++ parse_events__handle_error(e, 0, strdup(str), strdup(help)); + } + + static int add_tracepoint(struct list_head *list, int *idx, +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-filter-out-instances-except-for-inlined-s.patch b/queue-4.9/perf-probe-filter-out-instances-except-for-inlined-s.patch new file mode 100644 index 00000000000..10400831a00 --- /dev/null +++ b/queue-4.9/perf-probe-filter-out-instances-except-for-inlined-s.patch @@ -0,0 +1,122 @@ +From d9118868b932284f8f9832e2bd3c2a6b540419a4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2019 16:09:30 +0900 +Subject: perf probe: Filter out instances except for inlined subroutine and + subprogram + +From: Masami Hiramatsu + +[ Upstream commit da6cb952a89efe24bb76c4971370d485737a2d85 ] + +Filter out instances except for inlined_subroutine and subprogram DIE in +die_walk_instances() and die_is_func_instance(). + +This fixes an issue that perf probe sets some probes on calling address +instead of a target function itself. + +When perf probe walks on instances of an abstruct origin (a kind of +function prototype of inlined function), die_walk_instances() can also +pass a GNU_call_site (a GNU extension for call site) to callback. Since +it is not an inlined instance of target function, we have to filter out +when searching a probe point. + +Without this patch, perf probe sets probes on call site address too.This +can happen on some function which is marked "inlined", but has actual +symbol. (I'm not sure why GCC mark it "inlined"): + + # perf probe -D vfs_read + p:probe/vfs_read _text+2500017 + p:probe/vfs_read_1 _text+2499468 + p:probe/vfs_read_2 _text+2499563 + p:probe/vfs_read_3 _text+2498876 + p:probe/vfs_read_4 _text+2498512 + p:probe/vfs_read_5 _text+2498627 + +With this patch: + +Slightly different results, similar tho: + + # perf probe -D vfs_read + p:probe/vfs_read _text+2498512 + +Committer testing: + + # uname -a + Linux quaco 5.3.8-200.fc30.x86_64 #1 SMP Tue Oct 29 14:46:22 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux + +Before: + + # perf probe -D vfs_read + p:probe/vfs_read _text+3131557 + p:probe/vfs_read_1 _text+3130975 + p:probe/vfs_read_2 _text+3131047 + p:probe/vfs_read_3 _text+3130380 + p:probe/vfs_read_4 _text+3130000 + # uname -a + Linux quaco 5.3.8-200.fc30.x86_64 #1 SMP Tue Oct 29 14:46:22 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux + # + +After: + + # perf probe -D vfs_read + p:probe/vfs_read _text+3130000 + # + +Fixes: db0d2c6420ee ("perf probe: Search concrete out-of-line instances") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157241937063.32002.11024544873990816590.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 19 +++++++++++++------ + 1 file changed, 13 insertions(+), 6 deletions(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 7eec3ae7b3c5..9b482477ddfe 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -322,18 +322,22 @@ bool die_is_func_def(Dwarf_Die *dw_die) + * @dw_die: a DIE + * + * Ensure that this DIE is an instance (which has an entry address). +- * This returns true if @dw_die is a function instance. If not, you need to +- * call die_walk_instances() to find actual instances. ++ * This returns true if @dw_die is a function instance. If not, the @dw_die ++ * must be a prototype. You can use die_walk_instances() to find actual ++ * instances. + **/ + bool die_is_func_instance(Dwarf_Die *dw_die) + { + Dwarf_Addr tmp; + Dwarf_Attribute attr_mem; ++ int tag = dwarf_tag(dw_die); + +- /* Actually gcc optimizes non-inline as like as inlined */ +- return !dwarf_func_inline(dw_die) && +- (dwarf_entrypc(dw_die, &tmp) == 0 || +- dwarf_attr(dw_die, DW_AT_ranges, &attr_mem) != NULL); ++ if (tag != DW_TAG_subprogram && ++ tag != DW_TAG_inlined_subroutine) ++ return false; ++ ++ return dwarf_entrypc(dw_die, &tmp) == 0 || ++ dwarf_attr(dw_die, DW_AT_ranges, &attr_mem) != NULL; + } + + /** +@@ -612,6 +616,9 @@ static int __die_walk_instances_cb(Dwarf_Die *inst, void *data) + Dwarf_Die *origin; + int tmp; + ++ if (!die_is_func_instance(inst)) ++ return DIE_FIND_CB_CONTINUE; ++ + attr = dwarf_attr(inst, DW_AT_abstract_origin, &attr_mem); + if (attr == NULL) + return DIE_FIND_CB_CONTINUE; +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-fix-to-find-range-only-function-instance.patch b/queue-4.9/perf-probe-fix-to-find-range-only-function-instance.patch new file mode 100644 index 00000000000..0a2de867932 --- /dev/null +++ b/queue-4.9/perf-probe-fix-to-find-range-only-function-instance.patch @@ -0,0 +1,50 @@ +From c8f22c89bf251344667795845328e59f0946068c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 24 Oct 2019 18:12:36 +0900 +Subject: perf probe: Fix to find range-only function instance + +From: Masami Hiramatsu + +[ Upstream commit b77afa1f810f37bd8a36cb1318178dfe2d7af6b6 ] + +Fix die_is_func_instance() to find range-only function instance. + +In some case, a function instance can be made without any low PC or +entry PC, but only with address ranges by optimization. (e.g. cold text +partially in "text.unlikely" section) To find such function instance, we +have to check the range attribute too. + +Fixes: e1ecbbc3fa83 ("perf probe: Fix to handle optimized not-inlined functions") +Signed-off-by: Masami Hiramatsu +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157190835669.1859.8368628035930950596.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 41e068e94349..3d0a9e09d00a 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -328,10 +328,14 @@ bool die_is_func_def(Dwarf_Die *dw_die) + bool die_is_func_instance(Dwarf_Die *dw_die) + { + Dwarf_Addr tmp; ++ Dwarf_Attribute attr_mem; + + /* Actually gcc optimizes non-inline as like as inlined */ +- return !dwarf_func_inline(dw_die) && dwarf_entrypc(dw_die, &tmp) == 0; ++ return !dwarf_func_inline(dw_die) && ++ (dwarf_entrypc(dw_die, &tmp) == 0 || ++ dwarf_attr(dw_die, DW_AT_ranges, &attr_mem) != NULL); + } ++ + /** + * die_get_data_member_location - Get the data-member offset + * @mb_die: a DIE of a member of a data structure +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-fix-to-list-probe-event-with-correct-line.patch b/queue-4.9/perf-probe-fix-to-list-probe-event-with-correct-line.patch new file mode 100644 index 00000000000..24560b7c10d --- /dev/null +++ b/queue-4.9/perf-probe-fix-to-list-probe-event-with-correct-line.patch @@ -0,0 +1,78 @@ +From b765e96a1e9f71527b6f1949f16bf896e84f925e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:46:52 +0900 +Subject: perf probe: Fix to list probe event with correct line number + +From: Masami Hiramatsu + +[ Upstream commit 3895534dd78f0fd4d3f9e05ee52b9cdd444a743e ] + +Since debuginfo__find_probe_point() uses dwarf_entrypc() for finding the +entry address of the function on which a probe is, it will fail when the +function DIE has only ranges attribute. + +To fix this issue, use die_entrypc() instead of dwarf_entrypc(). + +Without this fix, perf probe -l shows incorrect offset: + + # perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask+18446744071579263632@work/linux/linux/kernel/cpu.c) + probe:clear_tasks_mm_cpumask_1 (on clear_tasks_mm_cpumask+18446744071579263752@work/linux/linux/kernel/cpu.c) + +With this: + + # perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@work/linux/linux/kernel/cpu.c) + probe:clear_tasks_mm_cpumask_1 (on clear_tasks_mm_cpumask:21@work/linux/linux/kernel/cpu.c) + +Committer testing: + +Before: + + [root@quaco ~]# perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask+18446744071579765152@kernel/cpu.c) + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@kernel/cpu.c) + [root@quaco ~]# + +Fixes: 1d46ea2a6a40 ("perf probe: Fix listing incorrect line number with inline function") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199321227.8075.14655572419136993015.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index 0d9d6e0803b8..248d3ff7e345 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -1567,7 +1567,7 @@ int debuginfo__find_probe_point(struct debuginfo *dbg, unsigned long addr, + /* Get function entry information */ + func = basefunc = dwarf_diename(&spdie); + if (!func || +- dwarf_entrypc(&spdie, &baseaddr) != 0 || ++ die_entrypc(&spdie, &baseaddr) != 0 || + dwarf_decl_line(&spdie, &baseline) != 0) { + lineno = 0; + goto post; +@@ -1584,7 +1584,7 @@ int debuginfo__find_probe_point(struct debuginfo *dbg, unsigned long addr, + while (die_find_top_inlinefunc(&spdie, (Dwarf_Addr)addr, + &indie)) { + /* There is an inline function */ +- if (dwarf_entrypc(&indie, &_addr) == 0 && ++ if (die_entrypc(&indie, &_addr) == 0 && + _addr == addr) { + /* + * addr is at an inline function entry. +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-fix-to-probe-a-function-which-has-no-entr.patch b/queue-4.9/perf-probe-fix-to-probe-a-function-which-has-no-entr.patch new file mode 100644 index 00000000000..363136e96a7 --- /dev/null +++ b/queue-4.9/perf-probe-fix-to-probe-a-function-which-has-no-entr.patch @@ -0,0 +1,96 @@ +From 0572e044903909e22c3019fa224f6d0288a08b38 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:46:34 +0900 +Subject: perf probe: Fix to probe a function which has no entry pc + +From: Masami Hiramatsu + +[ Upstream commit 5d16dbcc311d91267ddb45c6da4f187be320ecee ] + +Fix 'perf probe' to probe a function which has no entry pc or low pc but +only has ranges attribute. + +probe_point_search_cb() uses dwarf_entrypc() to get the probe address, +but that doesn't work for the function DIE which has only ranges +attribute. Use die_entrypc() instead. + +Without this fix: + + # perf probe -k ../build-x86_64/vmlinux -D clear_tasks_mm_cpumask:0 + Probe point 'clear_tasks_mm_cpumask' not found. + Error: Failed to add events. + +With this: + + # perf probe -k ../build-x86_64/vmlinux -D clear_tasks_mm_cpumask:0 + p:probe/clear_tasks_mm_cpumask clear_tasks_mm_cpumask+0 + +Committer testing: + +Before: + + [root@quaco ~]# perf probe clear_tasks_mm_cpumask:0 + Probe point 'clear_tasks_mm_cpumask' not found. + Error: Failed to add events. + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe clear_tasks_mm_cpumask:0 + Added new event: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask -aR sleep 1 + + [root@quaco ~]# + +Using it with 'perf trace': + + [root@quaco ~]# perf trace -e probe:clear_tasks_mm_cpumask + +Doesn't seem to be used in x86_64: + + $ find . -name "*.c" | xargs grep clear_tasks_mm_cpumask + ./kernel/cpu.c: * clear_tasks_mm_cpumask - Safely clear tasks' mm_cpumask for a CPU + ./kernel/cpu.c:void clear_tasks_mm_cpumask(int cpu) + ./arch/xtensa/kernel/smp.c: clear_tasks_mm_cpumask(cpu); + ./arch/csky/kernel/smp.c: clear_tasks_mm_cpumask(cpu); + ./arch/sh/kernel/smp.c: clear_tasks_mm_cpumask(cpu); + ./arch/arm/kernel/smp.c: clear_tasks_mm_cpumask(cpu); + ./arch/powerpc/mm/nohash/mmu_context.c: clear_tasks_mm_cpumask(cpu); + $ find . -name "*.h" | xargs grep clear_tasks_mm_cpumask + ./include/linux/cpu.h:void clear_tasks_mm_cpumask(int cpu); + $ find . -name "*.S" | xargs grep clear_tasks_mm_cpumask + $ + +Fixes: e1ecbbc3fa83 ("perf probe: Fix to handle optimized not-inlined functions") +Reported-by: Arnaldo Carvalho de Melo +Tested-by: Arnaldo Carvalho de Melo +Signed-off-by: Masami Hiramatsu +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199319438.8075.4695576954550638618.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index 9fc6fedcfa1a..cfc2e1e7cca4 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -1002,7 +1002,7 @@ static int probe_point_search_cb(Dwarf_Die *sp_die, void *data) + param->retval = find_probe_point_by_line(pf); + } else if (die_is_func_instance(sp_die)) { + /* Instances always have the entry address */ +- dwarf_entrypc(sp_die, &pf->addr); ++ die_entrypc(sp_die, &pf->addr); + /* But in some case the entry address is 0 */ + if (pf->addr == 0) { + pr_debug("%s has no entry PC. Skipped\n", +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-fix-to-probe-an-inline-function-which-has.patch b/queue-4.9/perf-probe-fix-to-probe-an-inline-function-which-has.patch new file mode 100644 index 00000000000..91f72f310a3 --- /dev/null +++ b/queue-4.9/perf-probe-fix-to-probe-an-inline-function-which-has.patch @@ -0,0 +1,72 @@ +From 4dc518b37706642774fc7c6529a4c375ea96c082 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:46:43 +0900 +Subject: perf probe: Fix to probe an inline function which has no entry pc + +From: Masami Hiramatsu + +[ Upstream commit eb6933b29d20bf2c3053883d409a53f462c1a3ac ] + +Fix perf probe to probe an inlne function which has no entry pc +or low pc but only has ranges attribute. + +This seems very rare case, but I could find a few examples, as +same as probe_point_search_cb(), use die_entrypc() to get the +entry address in probe_point_inline_cb() too. + +Without this patch: + + # perf probe -D __amd_put_nb_event_constraints + Failed to get entry address of __amd_put_nb_event_constraints. + Probe point '__amd_put_nb_event_constraints' not found. + Error: Failed to add events. + +With this patch: + + # perf probe -D __amd_put_nb_event_constraints + p:probe/__amd_put_nb_event_constraints amd_put_event_constraints+43 + +Committer testing: + +Before: + + [root@quaco ~]# perf probe -D __amd_put_nb_event_constraints + Failed to get entry address of __amd_put_nb_event_constraints. + Probe point '__amd_put_nb_event_constraints' not found. + Error: Failed to add events. + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe -D __amd_put_nb_event_constraints + p:probe/__amd_put_nb_event_constraints _text+33789 + [root@quaco ~]# + +Fixes: 4ea42b181434 ("perf: Add perf probe subcommand, a kprobe-event setup helper") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199320336.8075.16189530425277588587.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index 248d3ff7e345..9fc6fedcfa1a 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -950,7 +950,7 @@ static int probe_point_inline_cb(Dwarf_Die *in_die, void *data) + ret = find_probe_point_lazy(in_die, pf); + else { + /* Get probe address */ +- if (dwarf_entrypc(in_die, &addr) != 0) { ++ if (die_entrypc(in_die, &addr) != 0) { + pr_warning("Failed to get entry address of %s.\n", + dwarf_diename(in_die)); + return -ENOENT; +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-fix-to-show-calling-lines-of-inlined-func.patch b/queue-4.9/perf-probe-fix-to-show-calling-lines-of-inlined-func.patch new file mode 100644 index 00000000000..5a9747dcb13 --- /dev/null +++ b/queue-4.9/perf-probe-fix-to-show-calling-lines-of-inlined-func.patch @@ -0,0 +1,122 @@ +From 06065b0c03088cc902b333b51e72ebc27380e66f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2019 16:09:40 +0900 +Subject: perf probe: Fix to show calling lines of inlined functions + +From: Masami Hiramatsu + +[ Upstream commit 86c0bf8539e7f46d91bd105e55eda96e0064caef ] + +Fix to show calling lines of inlined functions (where an inline function +is called). + +die_walk_lines() filtered out the lines inside inlined functions based +on the address. However this also filtered out the lines which call +those inlined functions from the target function. + +To solve this issue, check the call_file and call_line attributes and do +not filter out if it matches to the line information. + +Without this fix, perf probe -L doesn't show some lines correctly. +(don't see the lines after 17) + + # perf probe -L vfs_read + + 0 ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) + 1 { + 2 ssize_t ret; + + 4 if (!(file->f_mode & FMODE_READ)) + return -EBADF; + 6 if (!(file->f_mode & FMODE_CAN_READ)) + return -EINVAL; + 8 if (unlikely(!access_ok(buf, count))) + return -EFAULT; + + 11 ret = rw_verify_area(READ, file, pos, count); + 12 if (!ret) { + 13 if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + 15 ret = __vfs_read(file, buf, count, pos); + 16 if (ret > 0) { + fsnotify_access(file); + add_rchar(current, ret); + } + +With this fix: + + # perf probe -L vfs_read + + 0 ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) + 1 { + 2 ssize_t ret; + + 4 if (!(file->f_mode & FMODE_READ)) + return -EBADF; + 6 if (!(file->f_mode & FMODE_CAN_READ)) + return -EINVAL; + 8 if (unlikely(!access_ok(buf, count))) + return -EFAULT; + + 11 ret = rw_verify_area(READ, file, pos, count); + 12 if (!ret) { + 13 if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + 15 ret = __vfs_read(file, buf, count, pos); + 16 if (ret > 0) { + 17 fsnotify_access(file); + 18 add_rchar(current, ret); + } + 20 inc_syscr(current); + } + +Fixes: 4cc9cec636e7 ("perf probe: Introduce lines walker interface") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157241937995.32002.17899884017011512577.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 3aea343c7179..41bfb4c977d0 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -765,7 +765,7 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + Dwarf_Lines *lines; + Dwarf_Line *line; + Dwarf_Addr addr; +- const char *fname, *decf = NULL; ++ const char *fname, *decf = NULL, *inf = NULL; + int lineno, ret = 0; + int decl = 0, inl; + Dwarf_Die die_mem, *cu_die; +@@ -809,13 +809,21 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + */ + if (!dwarf_haspc(rt_die, addr)) + continue; ++ + if (die_find_inlinefunc(rt_die, addr, &die_mem)) { ++ /* Call-site check */ ++ inf = die_get_call_file(&die_mem); ++ if ((inf && !strcmp(inf, decf)) && ++ die_get_call_lineno(&die_mem) == lineno) ++ goto found; ++ + dwarf_decl_line(&die_mem, &inl); + if (inl != decl || + decf != dwarf_decl_file(&die_mem)) + continue; + } + } ++found: + /* Get source line */ + fname = dwarf_linesrc(line, NULL, NULL); + +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-fix-to-show-inlined-function-callsite-wit.patch b/queue-4.9/perf-probe-fix-to-show-inlined-function-callsite-wit.patch new file mode 100644 index 00000000000..5f61941e515 --- /dev/null +++ b/queue-4.9/perf-probe-fix-to-show-inlined-function-callsite-wit.patch @@ -0,0 +1,112 @@ +From b98c340ba40a640d67011dd29aae414ab6047ab5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:47:01 +0900 +Subject: perf probe: Fix to show inlined function callsite without entry_pc + +From: Masami Hiramatsu + +[ Upstream commit 18e21eb671dc87a4f0546ba505a89ea93598a634 ] + +Fix 'perf probe --line' option to show inlined function callsite lines +even if the function DIE has only ranges. + +Without this: + + # perf probe -L amd_put_event_constraints + ... + 2 { + 3 if (amd_has_nb(cpuc) && amd_is_nb_event(&event->hw)) + __amd_put_nb_event_constraints(cpuc, event); + 5 } + +With this patch: + + # perf probe -L amd_put_event_constraints + ... + 2 { + 3 if (amd_has_nb(cpuc) && amd_is_nb_event(&event->hw)) + 4 __amd_put_nb_event_constraints(cpuc, event); + 5 } + +Committer testing: + +Before: + + [root@quaco ~]# perf probe -L amd_put_event_constraints + + 0 static void amd_put_event_constraints(struct cpu_hw_events *cpuc, + struct perf_event *event) + 2 { + 3 if (amd_has_nb(cpuc) && amd_is_nb_event(&event->hw)) + __amd_put_nb_event_constraints(cpuc, event); + 5 } + + PMU_FORMAT_ATTR(event, "config:0-7,32-35"); + PMU_FORMAT_ATTR(umask, "config:8-15" ); + + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe -L amd_put_event_constraints + + 0 static void amd_put_event_constraints(struct cpu_hw_events *cpuc, + struct perf_event *event) + 2 { + 3 if (amd_has_nb(cpuc) && amd_is_nb_event(&event->hw)) + 4 __amd_put_nb_event_constraints(cpuc, event); + 5 } + + PMU_FORMAT_ATTR(event, "config:0-7,32-35"); + PMU_FORMAT_ATTR(umask, "config:8-15" ); + + [root@quaco ~]# perf probe amd_put_event_constraints:4 + Added new event: + probe:amd_put_event_constraints (on amd_put_event_constraints:4) + + You can now use it in all perf tools, such as: + + perf record -e probe:amd_put_event_constraints -aR sleep 1 + + [root@quaco ~]# + + [root@quaco ~]# perf probe -l + probe:amd_put_event_constraints (on amd_put_event_constraints:4@arch/x86/events/amd/core.c) + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@kernel/cpu.c) + [root@quaco ~]# + +Using it: + + [root@quaco ~]# perf trace -e probe:* + ^C[root@quaco ~]# + +Ok, Intel system here... :-) + +Fixes: 4cc9cec636e7 ("perf probe: Introduce lines walker interface") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199322107.8075.12659099000567865708.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 574ba3ac4fba..3aea343c7179 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -683,7 +683,7 @@ static int __die_walk_funclines_cb(Dwarf_Die *in_die, void *data) + if (dwarf_tag(in_die) == DW_TAG_inlined_subroutine) { + fname = die_get_call_file(in_die); + lineno = die_get_call_lineno(in_die); +- if (fname && lineno > 0 && dwarf_entrypc(in_die, &addr) == 0) { ++ if (fname && lineno > 0 && die_entrypc(in_die, &addr) == 0) { + lw->retval = lw->callback(fname, lineno, addr, lw->data); + if (lw->retval != 0) + return DIE_FIND_CB_END; +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-fix-to-show-ranges-of-variables-in-functi.patch b/queue-4.9/perf-probe-fix-to-show-ranges-of-variables-in-functi.patch new file mode 100644 index 00000000000..2aa4fb0669f --- /dev/null +++ b/queue-4.9/perf-probe-fix-to-show-ranges-of-variables-in-functi.patch @@ -0,0 +1,98 @@ +From 10006f4ae09250c10e1cdf090802538c4c4e1a1b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:47:10 +0900 +Subject: perf probe: Fix to show ranges of variables in functions without + entry_pc + +From: Masami Hiramatsu + +[ Upstream commit af04dd2f8ebaa8fbd46f698714acbf43da14da45 ] + +Fix to show ranges of variables (--range and --vars option) in functions +which DIE has only ranges but no entry_pc attribute. + +Without this fix: + + # perf probe --range -V clear_tasks_mm_cpumask + Available variables at clear_tasks_mm_cpumask + @ + (No matched variables) + +With this fix: + + # perf probe --range -V clear_tasks_mm_cpumask + Available variables at clear_tasks_mm_cpumask + @ + [VAL] int cpu @ + +Committer testing: + +Before: + + [root@quaco ~]# perf probe --range -V clear_tasks_mm_cpumask + Available variables at clear_tasks_mm_cpumask + @ + (No matched variables) + [root@quaco ~]# + +After: + + [root@quaco ~]# perf probe --range -V clear_tasks_mm_cpumask + Available variables at clear_tasks_mm_cpumask + @ + [VAL] int cpu @ + [root@quaco ~]# + +Using it: + + [root@quaco ~]# perf probe clear_tasks_mm_cpumask cpu + Added new event: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask with cpu) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask -aR sleep 1 + + [root@quaco ~]# perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@kernel/cpu.c with cpu) + [root@quaco ~]# + [root@quaco ~]# perf trace -e probe:*cpumask + ^C[root@quaco ~]# + +Fixes: 349e8d261131 ("perf probe: Add --range option to show a variable's location range") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157199323018.8075.8179744380479673672.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 7e7e57208323..574ba3ac4fba 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -1007,7 +1007,7 @@ static int die_get_var_innermost_scope(Dwarf_Die *sp_die, Dwarf_Die *vr_die, + bool first = true; + const char *name; + +- ret = dwarf_entrypc(sp_die, &entry); ++ ret = die_entrypc(sp_die, &entry); + if (ret) + return ret; + +@@ -1070,7 +1070,7 @@ int die_get_var_range(Dwarf_Die *sp_die, Dwarf_Die *vr_die, struct strbuf *buf) + bool first = true; + const char *name; + +- ret = dwarf_entrypc(sp_die, &entry); ++ ret = die_entrypc(sp_die, &entry); + if (ret) + return ret; + +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-return-a-better-scope-die-if-there-is-no-.patch b/queue-4.9/perf-probe-return-a-better-scope-die-if-there-is-no-.patch new file mode 100644 index 00000000000..971b6bab47b --- /dev/null +++ b/queue-4.9/perf-probe-return-a-better-scope-die-if-there-is-no-.patch @@ -0,0 +1,84 @@ +From accf4b77dd4575ba33efc17897be2241a4d71727 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 09:16:49 +0900 +Subject: perf probe: Return a better scope DIE if there is no best scope + +From: Masami Hiramatsu + +[ Upstream commit c701636aeec4c173208697d68da6e4271125564b ] + +Make find_best_scope() returns innermost DIE at given address if there +is no best matched scope DIE. Since Gcc sometimes generates intuitively +strange line info which is out of inlined function address range, we +need this fixup. + +Without this, sometimes perf probe failed to probe on a line inside an +inlined function: + + # perf probe -D ksys_open:3 + Failed to find scope of probe point. + Error: Failed to add events. + +With this fix, 'perf probe' can probe it: + + # perf probe -D ksys_open:3 + p:probe/ksys_open _text+25707308 + p:probe/ksys_open_1 _text+25710596 + p:probe/ksys_open_2 _text+25711114 + p:probe/ksys_open_3 _text+25711343 + p:probe/ksys_open_4 _text+25714058 + p:probe/ksys_open_5 _text+2819653 + p:probe/ksys_open_6 _text+2819701 + +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Namhyung Kim +Cc: Ravi Bangoria +Cc: Steven Rostedt (VMware) +Cc: Tom Zanussi +Link: http://lore.kernel.org/lkml/157291300887.19771.14936015360963292236.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 17 ++++++++++++++++- + 1 file changed, 16 insertions(+), 1 deletion(-) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index 440f0a92ade6..6ca804a01cf9 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -764,6 +764,16 @@ static int find_best_scope_cb(Dwarf_Die *fn_die, void *data) + return 0; + } + ++/* Return innermost DIE */ ++static int find_inner_scope_cb(Dwarf_Die *fn_die, void *data) ++{ ++ struct find_scope_param *fsp = data; ++ ++ memcpy(fsp->die_mem, fn_die, sizeof(Dwarf_Die)); ++ fsp->found = true; ++ return 1; ++} ++ + /* Find an appropriate scope fits to given conditions */ + static Dwarf_Die *find_best_scope(struct probe_finder *pf, Dwarf_Die *die_mem) + { +@@ -775,8 +785,13 @@ static Dwarf_Die *find_best_scope(struct probe_finder *pf, Dwarf_Die *die_mem) + .die_mem = die_mem, + .found = false, + }; ++ int ret; + +- cu_walk_functions_at(&pf->cu_die, pf->addr, find_best_scope_cb, &fsp); ++ ret = cu_walk_functions_at(&pf->cu_die, pf->addr, find_best_scope_cb, ++ &fsp); ++ if (!ret && !fsp.found) ++ cu_walk_functions_at(&pf->cu_die, pf->addr, ++ find_inner_scope_cb, &fsp); + + return fsp.found ? die_mem : NULL; + } +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-skip-end-of-sequence-and-non-statement-li.patch b/queue-4.9/perf-probe-skip-end-of-sequence-and-non-statement-li.patch new file mode 100644 index 00000000000..64f0b3930fa --- /dev/null +++ b/queue-4.9/perf-probe-skip-end-of-sequence-and-non-statement-li.patch @@ -0,0 +1,145 @@ +From d548da459c211f73b6195a0296a5c3d6d3d1bb71 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2019 16:09:21 +0900 +Subject: perf probe: Skip end-of-sequence and non statement lines +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Masami Hiramatsu + +[ Upstream commit f4d99bdfd124823a81878b44b5e8750b97f73902 ] + +Skip end-of-sequence and non-statement lines while walking through lines +list. + +The "end-of-sequence" line information means: + + "the current address is that of the first byte after the + end of a sequence of target machine instructions." + (DWARF version 4 spec 6.2.2) + +This actually means out of scope and we can not probe on it. + +On the other hand, the statement lines (is_stmt) means: + + "the current instruction is a recommended breakpoint location. + A recommended breakpoint location is intended to “represent” + a line, a statement and/or a semantically distinct subpart + of a statement." + + (DWARF version 4 spec 6.2.2) + +So, non-statement line info also should be skipped. + +These can reduce unneeded probe points and also avoid an error. + +E.g. without this patch: + + # perf probe -a "clear_tasks_mm_cpumask:1" + Added new events: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_1 (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_2 (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_3 (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_4 (on clear_tasks_mm_cpumask:1) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask_4 -aR sleep 1 + + # + +This puts 5 probes on one line, but acutally it's not inlined function. +This is because there are many non statement instructions at the +function prologue. + +With this patch: + + # perf probe -a "clear_tasks_mm_cpumask:1" + Added new event: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask:1) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask -aR sleep 1 + + # + +Now perf-probe skips unneeded addresses. + +Committer testing: + +Slightly different results, but similar: + +Before: + + # uname -a + Linux quaco 5.3.8-200.fc30.x86_64 #1 SMP Tue Oct 29 14:46:22 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux + # + # perf probe -a "clear_tasks_mm_cpumask:1" + Added new events: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_1 (on clear_tasks_mm_cpumask:1) + probe:clear_tasks_mm_cpumask_2 (on clear_tasks_mm_cpumask:1) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask_2 -aR sleep 1 + + # + +After: + + # perf probe -a "clear_tasks_mm_cpumask:1" + Added new event: + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask:1) + + You can now use it in all perf tools, such as: + + perf record -e probe:clear_tasks_mm_cpumask -aR sleep 1 + + # perf probe -l + probe:clear_tasks_mm_cpumask (on clear_tasks_mm_cpumask@kernel/cpu.c) + # + +Fixes: 4cc9cec636e7 ("perf probe: Introduce lines walker interface") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157241936090.32002.12156347518596111660.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 41bfb4c977d0..7eec3ae7b3c5 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -770,6 +770,7 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + int decl = 0, inl; + Dwarf_Die die_mem, *cu_die; + size_t nlines, i; ++ bool flag; + + /* Get the CU die */ + if (dwarf_tag(rt_die) != DW_TAG_compile_unit) { +@@ -800,6 +801,12 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + "Possible error in debuginfo.\n"); + continue; + } ++ /* Skip end-of-sequence */ ++ if (dwarf_lineendsequence(line, &flag) != 0 || flag) ++ continue; ++ /* Skip Non statement line-info */ ++ if (dwarf_linebeginstatement(line, &flag) != 0 || !flag) ++ continue; + /* Filter lines based on address */ + if (rt_die != cu_die) { + /* +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-skip-overlapped-location-on-searching-var.patch b/queue-4.9/perf-probe-skip-overlapped-location-on-searching-var.patch new file mode 100644 index 00000000000..9395634e941 --- /dev/null +++ b/queue-4.9/perf-probe-skip-overlapped-location-on-searching-var.patch @@ -0,0 +1,104 @@ +From b2a11cf0f3463ee94e918bf39e820421440cee51 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Oct 2019 16:09:49 +0900 +Subject: perf probe: Skip overlapped location on searching variables + +From: Masami Hiramatsu + +[ Upstream commit dee36a2abb67c175265d49b9a8c7dfa564463d9a ] + +Since debuginfo__find_probes() callback function can be called with the +location which already passed, the callback function must filter out +such overlapped locations. + +add_probe_trace_event() has already done it by commit 1a375ae7659a +("perf probe: Skip same probe address for a given line"), but +add_available_vars() doesn't. Thus perf probe -v shows same address +repeatedly as below: + + # perf probe -V vfs_read:18 + Available variables at vfs_read:18 + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + +With this fix, perf probe -V shows it correctly: + + # perf probe -V vfs_read:18 + Available variables at vfs_read:18 + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + @ + char* buf + loff_t* pos + ssize_t ret + struct file* file + +Fixes: cf6eb489e5c0 ("perf probe: Show accessible local variables") +Signed-off-by: Masami Hiramatsu +Tested-by: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157241938927.32002.4026859017790562751.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/probe-finder.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/tools/perf/util/probe-finder.c b/tools/perf/util/probe-finder.c +index cfc2e1e7cca4..440f0a92ade6 100644 +--- a/tools/perf/util/probe-finder.c ++++ b/tools/perf/util/probe-finder.c +@@ -1414,6 +1414,18 @@ error: + return DIE_FIND_CB_END; + } + ++static bool available_var_finder_overlap(struct available_var_finder *af) ++{ ++ int i; ++ ++ for (i = 0; i < af->nvls; i++) { ++ if (af->pf.addr == af->vls[i].point.address) ++ return true; ++ } ++ return false; ++ ++} ++ + /* Add a found vars into available variables list */ + static int add_available_vars(Dwarf_Die *sc_die, struct probe_finder *pf) + { +@@ -1424,6 +1436,14 @@ static int add_available_vars(Dwarf_Die *sc_die, struct probe_finder *pf) + Dwarf_Die die_mem; + int ret; + ++ /* ++ * For some reason (e.g. different column assigned to same address), ++ * this callback can be called with the address which already passed. ++ * Ignore it first. ++ */ ++ if (available_var_finder_overlap(af)) ++ return 0; ++ + /* Check number of tevs */ + if (af->nvls == af->max_vls) { + pr_warning("Too many( > %d) probe point found.\n", af->max_vls); +-- +2.20.1 + diff --git a/queue-4.9/perf-probe-walk-function-lines-in-lexical-blocks.patch b/queue-4.9/perf-probe-walk-function-lines-in-lexical-blocks.patch new file mode 100644 index 00000000000..7267c285b44 --- /dev/null +++ b/queue-4.9/perf-probe-walk-function-lines-in-lexical-blocks.patch @@ -0,0 +1,76 @@ +From 67256bae0c9bc1aeddbe113c246e0f4f33e01948 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 24 Oct 2019 18:12:45 +0900 +Subject: perf probe: Walk function lines in lexical blocks + +From: Masami Hiramatsu + +[ Upstream commit acb6a7047ac2146b723fef69ee1ab6b7143546bf ] + +Since some inlined functions are in lexical blocks of given function, we +have to recursively walk through the DIE tree. Without this fix, +perf-probe -L can miss the inlined functions which is in a lexical block +(like if (..) { func() } case.) + +However, even though, to walk the lines in a given function, we don't +need to follow the children DIE of inlined functions because those do +not have any lines in the specified function. + +We need to walk though whole trees only if we walk all lines in a given +file, because an inlined function can include another inlined function +in the same file. + +Fixes: b0e9cb2802d4 ("perf probe: Fix to search nested inlined functions in CU") +Signed-off-by: Masami Hiramatsu +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/157190836514.1859.15996864849678136353.stgit@devnote2 +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/dwarf-aux.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/tools/perf/util/dwarf-aux.c b/tools/perf/util/dwarf-aux.c +index 3d0a9e09d00a..7e7e57208323 100644 +--- a/tools/perf/util/dwarf-aux.c ++++ b/tools/perf/util/dwarf-aux.c +@@ -688,10 +688,9 @@ static int __die_walk_funclines_cb(Dwarf_Die *in_die, void *data) + if (lw->retval != 0) + return DIE_FIND_CB_END; + } ++ if (!lw->recursive) ++ return DIE_FIND_CB_SIBLING; + } +- if (!lw->recursive) +- /* Don't need to search recursively */ +- return DIE_FIND_CB_SIBLING; + + if (addr) { + fname = dwarf_decl_file(in_die); +@@ -738,6 +737,10 @@ static int __die_walk_culines_cb(Dwarf_Die *sp_die, void *data) + { + struct __line_walk_param *lw = data; + ++ /* ++ * Since inlined function can include another inlined function in ++ * the same file, we need to walk in it recursively. ++ */ + lw->retval = __die_walk_funclines(sp_die, true, lw->callback, lw->data); + if (lw->retval != 0) + return DWARF_CB_ABORT; +@@ -827,8 +830,9 @@ int die_walk_lines(Dwarf_Die *rt_die, line_walk_callback_t callback, void *data) + */ + if (rt_die != cu_die) + /* +- * Don't need walk functions recursively, because nested +- * inlined functions don't have lines of the specified DIE. ++ * Don't need walk inlined functions recursively, because ++ * inner inlined functions don't have the lines of the ++ * specified function. + */ + ret = __die_walk_funclines(rt_die, false, callback, data); + else { +-- +2.20.1 + diff --git a/queue-4.9/perf-report-add-warning-when-libunwind-not-compiled-.patch b/queue-4.9/perf-report-add-warning-when-libunwind-not-compiled-.patch new file mode 100644 index 00000000000..d30a5e18229 --- /dev/null +++ b/queue-4.9/perf-report-add-warning-when-libunwind-not-compiled-.patch @@ -0,0 +1,58 @@ +From b29aaa75d5aaddd41a65fac8ada4842a32c74c08 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Oct 2019 10:21:22 +0800 +Subject: perf report: Add warning when libunwind not compiled in + +From: Jin Yao + +[ Upstream commit 800d3f561659b5436f8c57e7c26dd1f6928b5615 ] + +We received a user report that call-graph DWARF mode was enabled in +'perf record' but 'perf report' didn't unwind the callstack correctly. +The reason was, libunwind was not compiled in. + +We can use 'perf -vv' to check the compiled libraries but it would be +valuable to report a warning to user directly (especially valuable for +a perf newbie). + +The warning is: + +Warning: +Please install libunwind development packages during the perf build. + +Both TUI and stdio are supported. + +Signed-off-by: Jin Yao +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: Kan Liang +Cc: Peter Zijlstra +Link: http://lore.kernel.org/lkml/20191011022122.26369-1-yao.jin@linux.intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/builtin-report.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c +index 6e88460cd13d..33ff5c843346 100644 +--- a/tools/perf/builtin-report.c ++++ b/tools/perf/builtin-report.c +@@ -292,6 +292,13 @@ static int report__setup_sample_type(struct report *rep) + PERF_SAMPLE_BRANCH_ANY)) + rep->nonany_branch_mode = true; + ++#ifndef HAVE_LIBUNWIND_SUPPORT ++ if (dwarf_callchain_users) { ++ ui__warning("Please install libunwind development packages " ++ "during the perf build.\n"); ++ } ++#endif ++ + return 0; + } + +-- +2.20.1 + diff --git a/queue-4.9/perf-test-report-failure-for-mmap-events.patch b/queue-4.9/perf-test-report-failure-for-mmap-events.patch new file mode 100644 index 00000000000..736e66eec2d --- /dev/null +++ b/queue-4.9/perf-test-report-failure-for-mmap-events.patch @@ -0,0 +1,43 @@ +From 4b88b6b7a2710385b1614b7a7ee6a07fee326350 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Oct 2019 17:19:41 +0800 +Subject: perf test: Report failure for mmap events + +From: Leo Yan + +[ Upstream commit 6add129c5d9210ada25217abc130df0b7096ee02 ] + +When fail to mmap events in task exit case, it misses to set 'err' to +-1; thus the testing will not report failure for it. + +This patch sets 'err' to -1 when fails to mmap events, thus Perf tool +can report correct result. + +Fixes: d723a55096b8 ("perf test: Add test case for checking number of EXIT events") +Signed-off-by: Leo Yan +Cc: Alexander Shishkin +Cc: Jiri Olsa +Cc: Mark Rutland +Cc: Namhyung Kim +Link: http://lore.kernel.org/lkml/20191011091942.29841-1-leo.yan@linaro.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/tests/task-exit.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/perf/tests/task-exit.c b/tools/perf/tests/task-exit.c +index b0d005d295a9..de2ddfe0f7c3 100644 +--- a/tools/perf/tests/task-exit.c ++++ b/tools/perf/tests/task-exit.c +@@ -98,6 +98,7 @@ int test__task_exit(int subtest __maybe_unused) + if (perf_evlist__mmap(evlist, 128, true) < 0) { + pr_debug("failed to mmap events: %d (%s)\n", errno, + str_error_r(errno, sbuf, sizeof(sbuf))); ++ err = -1; + goto out_delete_evlist; + } + +-- +2.20.1 + diff --git a/queue-4.9/pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch b/queue-4.9/pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch new file mode 100644 index 00000000000..3e464e42d2d --- /dev/null +++ b/queue-4.9/pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch @@ -0,0 +1,64 @@ +From 3dffa05fc6874cb83f5dd0b1361e5066965ba9ab Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 24 Oct 2019 15:13:08 +0200 +Subject: pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B + +From: Geert Uytterhoeven + +[ Upstream commit 884caadad128efad8e00c1cdc3177bc8912ee8ec ] + +The definitions for bit field [19:18] of the Peripheral Function Select +Register 3 were accidentally copied from bit field [20], leading to +duplicates for the TCLK1_B function, and missing TCLK0, CAN_CLK_B, and +ET0_ETXD4 functions. + +Fix this by adding the missing GPIO_FN_CAN_CLK_B and GPIO_FN_ET0_ETXD4 +enum values, and correcting the functions. + +Reported-by: Ben Dooks +Signed-off-by: Geert Uytterhoeven +Link: https://lore.kernel.org/r/20191024131308.16659-1-geert+renesas@glider.be +Signed-off-by: Sasha Levin +--- + arch/sh/include/cpu-sh4/cpu/sh7734.h | 2 +- + drivers/pinctrl/sh-pfc/pfc-sh7734.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/sh/include/cpu-sh4/cpu/sh7734.h b/arch/sh/include/cpu-sh4/cpu/sh7734.h +index 2fb9a7b71b41..a2667c9b5819 100644 +--- a/arch/sh/include/cpu-sh4/cpu/sh7734.h ++++ b/arch/sh/include/cpu-sh4/cpu/sh7734.h +@@ -133,7 +133,7 @@ enum { + GPIO_FN_EX_WAIT1, GPIO_FN_SD1_DAT0_A, GPIO_FN_DREQ2, GPIO_FN_CAN1_TX_C, + GPIO_FN_ET0_LINK_C, GPIO_FN_ET0_ETXD5_A, + GPIO_FN_EX_WAIT0, GPIO_FN_TCLK1_B, +- GPIO_FN_RD_WR, GPIO_FN_TCLK0, ++ GPIO_FN_RD_WR, GPIO_FN_TCLK0, GPIO_FN_CAN_CLK_B, GPIO_FN_ET0_ETXD4, + GPIO_FN_EX_CS5, GPIO_FN_SD1_CMD_A, GPIO_FN_ATADIR, GPIO_FN_QSSL_B, + GPIO_FN_ET0_ETXD3_A, + GPIO_FN_EX_CS4, GPIO_FN_SD1_WP_A, GPIO_FN_ATAWR, GPIO_FN_QMI_QIO1_B, +diff --git a/drivers/pinctrl/sh-pfc/pfc-sh7734.c b/drivers/pinctrl/sh-pfc/pfc-sh7734.c +index 33232041ee86..3eccc9b3ca84 100644 +--- a/drivers/pinctrl/sh-pfc/pfc-sh7734.c ++++ b/drivers/pinctrl/sh-pfc/pfc-sh7734.c +@@ -1453,7 +1453,7 @@ static const struct pinmux_func pinmux_func_gpios[] = { + GPIO_FN(ET0_ETXD2_A), + GPIO_FN(EX_CS5), GPIO_FN(SD1_CMD_A), GPIO_FN(ATADIR), GPIO_FN(QSSL_B), + GPIO_FN(ET0_ETXD3_A), +- GPIO_FN(RD_WR), GPIO_FN(TCLK1_B), ++ GPIO_FN(RD_WR), GPIO_FN(TCLK0), GPIO_FN(CAN_CLK_B), GPIO_FN(ET0_ETXD4), + GPIO_FN(EX_WAIT0), GPIO_FN(TCLK1_B), + GPIO_FN(EX_WAIT1), GPIO_FN(SD1_DAT0_A), GPIO_FN(DREQ2), + GPIO_FN(CAN1_TX_C), GPIO_FN(ET0_LINK_C), GPIO_FN(ET0_ETXD5_A), +@@ -1949,7 +1949,7 @@ static const struct pinmux_cfg_reg pinmux_config_regs[] = { + /* IP3_20 [1] */ + FN_EX_WAIT0, FN_TCLK1_B, + /* IP3_19_18 [2] */ +- FN_RD_WR, FN_TCLK1_B, 0, 0, ++ FN_RD_WR, FN_TCLK0, FN_CAN_CLK_B, FN_ET0_ETXD4, + /* IP3_17_15 [3] */ + FN_EX_CS5, FN_SD1_CMD_A, FN_ATADIR, FN_QSSL_B, + FN_ET0_ETXD3_A, 0, 0, 0, +-- +2.20.1 + diff --git a/queue-4.9/regulator-max8907-fix-the-usage-of-uninitialized-var.patch b/queue-4.9/regulator-max8907-fix-the-usage-of-uninitialized-var.patch new file mode 100644 index 00000000000..e4775d96458 --- /dev/null +++ b/queue-4.9/regulator-max8907-fix-the-usage-of-uninitialized-var.patch @@ -0,0 +1,65 @@ +From 3d157c367b4701919ce10e0b5ac665f20c60a519 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Oct 2019 10:58:13 -0700 +Subject: regulator: max8907: Fix the usage of uninitialized variable in + max8907_regulator_probe() + +From: Yizhuo + +[ Upstream commit 472b39c3d1bba0616eb0e9a8fa3ad0f56927c7d7 ] + +Inside function max8907_regulator_probe(), variable val could +be uninitialized if regmap_read() fails. However, val is used +later in the if statement to decide the content written to +"pmic", which is potentially unsafe. + +Signed-off-by: Yizhuo +Link: https://lore.kernel.org/r/20191003175813.16415-1-yzhai003@ucr.edu +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/regulator/max8907-regulator.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/drivers/regulator/max8907-regulator.c b/drivers/regulator/max8907-regulator.c +index 5e941db5ccaf..c7e70cfb581f 100644 +--- a/drivers/regulator/max8907-regulator.c ++++ b/drivers/regulator/max8907-regulator.c +@@ -299,7 +299,10 @@ static int max8907_regulator_probe(struct platform_device *pdev) + memcpy(pmic->desc, max8907_regulators, sizeof(pmic->desc)); + + /* Backwards compatibility with MAX8907B; SD1 uses different voltages */ +- regmap_read(max8907->regmap_gen, MAX8907_REG_II2RR, &val); ++ ret = regmap_read(max8907->regmap_gen, MAX8907_REG_II2RR, &val); ++ if (ret) ++ return ret; ++ + if ((val & MAX8907_II2RR_VERSION_MASK) == + MAX8907_II2RR_VERSION_REV_B) { + pmic->desc[MAX8907_SD1].min_uV = 637500; +@@ -336,14 +339,20 @@ static int max8907_regulator_probe(struct platform_device *pdev) + } + + if (pmic->desc[i].ops == &max8907_ldo_ops) { +- regmap_read(config.regmap, pmic->desc[i].enable_reg, ++ ret = regmap_read(config.regmap, pmic->desc[i].enable_reg, + &val); ++ if (ret) ++ return ret; ++ + if ((val & MAX8907_MASK_LDO_SEQ) != + MAX8907_MASK_LDO_SEQ) + pmic->desc[i].ops = &max8907_ldo_hwctl_ops; + } else if (pmic->desc[i].ops == &max8907_out5v_ops) { +- regmap_read(config.regmap, pmic->desc[i].enable_reg, ++ ret = regmap_read(config.regmap, pmic->desc[i].enable_reg, + &val); ++ if (ret) ++ return ret; ++ + if ((val & (MAX8907_MASK_OUT5V_VINEN | + MAX8907_MASK_OUT5V_ENSRC)) != + MAX8907_MASK_OUT5V_ENSRC) +-- +2.20.1 + diff --git a/queue-4.9/rtl8xxxu-fix-rtl8723bu-connection-failure-issue-afte.patch b/queue-4.9/rtl8xxxu-fix-rtl8723bu-connection-failure-issue-afte.patch new file mode 100644 index 00000000000..9a667ee7c67 --- /dev/null +++ b/queue-4.9/rtl8xxxu-fix-rtl8723bu-connection-failure-issue-afte.patch @@ -0,0 +1,73 @@ +From e7a709be2b68c088d447e0e1d036800a1d352577 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Oct 2019 09:54:08 +0800 +Subject: rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot + +From: Chris Chiu + +[ Upstream commit 0eeb91ade90ce06d2fa1e2fcb55e3316b64c203c ] + +The RTL8723BU has problems connecting to AP after each warm reboot. +Sometimes it returns no scan result, and in most cases, it fails +the authentication for unknown reason. However, it works totally +fine after cold reboot. + +Compare the value of register SYS_CR and SYS_CLK_MAC_CLK_ENABLE +for cold reboot and warm reboot, the registers imply that the MAC +is already powered and thus some procedures are skipped during +driver initialization. Double checked the vendor driver, it reads +the SYS_CR and SYS_CLK_MAC_CLK_ENABLE also but doesn't skip any +during initialization based on them. This commit only tells the +RTL8723BU to do full initialization without checking MAC status. + +Signed-off-by: Chris Chiu +Signed-off-by: Jes Sorensen +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h | 1 + + drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723b.c | 1 + + drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 3 +++ + 3 files changed, 5 insertions(+) + +diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h +index 08d587a342d3..9143b173935d 100644 +--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h ++++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.h +@@ -1348,6 +1348,7 @@ struct rtl8xxxu_fileops { + u8 has_s0s1:1; + u8 has_tx_report:1; + u8 gen2_thermal_meter:1; ++ u8 needs_full_init:1; + u32 adda_1t_init; + u32 adda_1t_path_on; + u32 adda_2t_path_on_a; +diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723b.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723b.c +index 02b8ddd98a95..f51ee88d692b 100644 +--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723b.c ++++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_8723b.c +@@ -1673,6 +1673,7 @@ struct rtl8xxxu_fileops rtl8723bu_fops = { + .has_s0s1 = 1, + .has_tx_report = 1, + .gen2_thermal_meter = 1, ++ .needs_full_init = 1, + .adda_1t_init = 0x01c00014, + .adda_1t_path_on = 0x01c00014, + .adda_2t_path_on_a = 0x01c00014, +diff --git a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c +index e78545d4add3..6d34d442294a 100644 +--- a/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c ++++ b/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c +@@ -3905,6 +3905,9 @@ static int rtl8xxxu_init_device(struct ieee80211_hw *hw) + else + macpower = true; + ++ if (fops->needs_full_init) ++ macpower = false; ++ + ret = fops->power_on(priv); + if (ret < 0) { + dev_warn(dev, "%s: Failed power on\n", __func__); +-- +2.20.1 + diff --git a/queue-4.9/rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch b/queue-4.9/rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch new file mode 100644 index 00000000000..e2a914b736b --- /dev/null +++ b/queue-4.9/rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch @@ -0,0 +1,64 @@ +From 033f6ab107e19f3ed64e056aeed5cbdb64240ceb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 10:18:38 +0800 +Subject: rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() + +From: Ping-Ke Shih + +[ Upstream commit 5174f1e41074b5186608badc2e89441d021e8c08 ] + +This leak was found by testing the EDIMAX EW-7612 on Raspberry Pi 3B+ with +Linux 5.4-rc5 (multi_v7_defconfig + rtlwifi + kmemleak) and noticed a +single memory leak during probe: + +unreferenced object 0xec13ee40 (size 176): + comm "kworker/u8:1", pid 36, jiffies 4294939321 (age 5580.790s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [] __netdev_alloc_skb+0x9c/0x164 + [<863dfa6e>] rtl92c_set_fw_rsvdpagepkt+0x254/0x340 [rtl8192c_common] + [<9572be0d>] rtl92cu_set_hw_reg+0xf48/0xfa4 [rtl8192cu] + [<116df4d8>] rtl_op_bss_info_changed+0x234/0x96c [rtlwifi] + [<8933575f>] ieee80211_bss_info_change_notify+0xb8/0x264 [mac80211] + [] ieee80211_assoc_success+0x934/0x1798 [mac80211] + [] ieee80211_rx_mgmt_assoc_resp+0x174/0x314 [mac80211] + [<5974629e>] ieee80211_sta_rx_queued_mgmt+0x3f4/0x7f0 [mac80211] + [] ieee80211_iface_work+0x208/0x318 [mac80211] + [] process_one_work+0x22c/0x564 + [] worker_thread+0x44/0x5d8 + [<82c7b073>] kthread+0x150/0x154 + [] ret_from_fork+0x14/0x2c + [<794dff30>] 0x0 + +It is because 8192cu doesn't implement usb_cmd_send_packet(), and this +patch just frees the skb within the function to resolve memleak problem +by now. Since 8192cu doesn't turn on fwctrl_lps that needs to download +command packet for firmware via the function, applying this patch doesn't +affect driver behavior. + +Reported-by: Stefan Wahren +Signed-off-by: Ping-Ke Shih +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c +index ae8f055483fa..39a6bd314ca3 100644 +--- a/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c ++++ b/drivers/net/wireless/realtek/rtlwifi/rtl8192cu/hw.c +@@ -1576,6 +1576,8 @@ static bool usb_cmd_send_packet(struct ieee80211_hw *hw, struct sk_buff *skb) + * This is maybe necessary: + * rtlpriv->cfg->ops->fill_tx_cmddesc(hw, buffer, 1, 1, skb); + */ ++ dev_kfree_skb(skb); ++ + return true; + } + +-- +2.20.1 + diff --git a/queue-4.9/rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch b/queue-4.9/rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch new file mode 100644 index 00000000000..5cf95edc758 --- /dev/null +++ b/queue-4.9/rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch @@ -0,0 +1,47 @@ +From 103fbc13821ee57a8b4be0e29751ef23a4c70796 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Sep 2019 20:20:21 -0500 +Subject: rtlwifi: prevent memory leak in rtl_usb_probe + +From: Navid Emamdoost + +[ Upstream commit 3f93616951138a598d930dcaec40f2bfd9ce43bb ] + +In rtl_usb_probe if allocation for usb_data fails the allocated hw +should be released. In addition the allocated rtlpriv->usb_data should +be released on error handling path. + +Signed-off-by: Navid Emamdoost +Signed-off-by: Kalle Valo +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/realtek/rtlwifi/usb.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c +index ae0c48f3c2bc..1f02461de261 100644 +--- a/drivers/net/wireless/realtek/rtlwifi/usb.c ++++ b/drivers/net/wireless/realtek/rtlwifi/usb.c +@@ -1088,8 +1088,10 @@ int rtl_usb_probe(struct usb_interface *intf, + rtlpriv->hw = hw; + rtlpriv->usb_data = kzalloc(RTL_USB_MAX_RX_COUNT * sizeof(u32), + GFP_KERNEL); +- if (!rtlpriv->usb_data) ++ if (!rtlpriv->usb_data) { ++ ieee80211_free_hw(hw); + return -ENOMEM; ++ } + + /* this spin lock must be initialized early */ + spin_lock_init(&rtlpriv->locks.usb_lock); +@@ -1152,6 +1154,7 @@ error_out: + _rtl_usb_io_handler_release(hw); + usb_put_dev(udev); + complete(&rtlpriv->firmware_loading_complete); ++ kfree(rtlpriv->usb_data); + return -ENODEV; + } + EXPORT_SYMBOL(rtl_usb_probe); +-- +2.20.1 + diff --git a/queue-4.9/s390-disassembler-don-t-hide-instruction-addresses.patch b/queue-4.9/s390-disassembler-don-t-hide-instruction-addresses.patch new file mode 100644 index 00000000000..4bd2dbd2a55 --- /dev/null +++ b/queue-4.9/s390-disassembler-don-t-hide-instruction-addresses.patch @@ -0,0 +1,73 @@ +From ce2d98b72ca02a4f59da2d819c79075dc09f8bb2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 31 Oct 2019 18:25:16 +0100 +Subject: s390/disassembler: don't hide instruction addresses + +From: Ilya Leoshkevich + +[ Upstream commit 544f1d62e3e6c6e6d17a5e56f6139208acb5ff46 ] + +Due to kptr_restrict, JITted BPF code is now displayed like this: + +000000000b6ed1b2: ebdff0800024 stmg %r13,%r15,128(%r15) +000000004cde2ba0: 41d0f040 la %r13,64(%r15) +00000000fbad41b0: a7fbffa0 aghi %r15,-96 + +Leaking kernel addresses to dmesg is not a concern in this case, because +this happens only when JIT debugging is explicitly activated, which only +root can do. + +Use %px in this particular instance, and also to print an instruction +address in show_code and PCREL (e.g. brasl) arguments in print_insn. +While at present functionally equivalent to %016lx, %px is recommended +by Documentation/core-api/printk-formats.rst for such cases. + +Signed-off-by: Ilya Leoshkevich +Reviewed-by: Vasily Gorbik +Signed-off-by: Vasily Gorbik +Signed-off-by: Sasha Levin +--- + arch/s390/kernel/dis.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/arch/s390/kernel/dis.c b/arch/s390/kernel/dis.c +index aaf9dab3c193..f9dca1aed9a4 100644 +--- a/arch/s390/kernel/dis.c ++++ b/arch/s390/kernel/dis.c +@@ -1930,10 +1930,11 @@ static int print_insn(char *buffer, unsigned char *code, unsigned long addr) + ptr += sprintf(ptr, "%%c%i", value); + else if (operand->flags & OPERAND_VR) + ptr += sprintf(ptr, "%%v%i", value); +- else if (operand->flags & OPERAND_PCREL) +- ptr += sprintf(ptr, "%lx", (signed int) value +- + addr); +- else if (operand->flags & OPERAND_SIGNED) ++ else if (operand->flags & OPERAND_PCREL) { ++ void *pcrel = (void *)((int)value + addr); ++ ++ ptr += sprintf(ptr, "%px", pcrel); ++ } else if (operand->flags & OPERAND_SIGNED) + ptr += sprintf(ptr, "%i", value); + else + ptr += sprintf(ptr, "%u", value); +@@ -2005,7 +2006,7 @@ void show_code(struct pt_regs *regs) + else + *ptr++ = ' '; + addr = regs->psw.addr + start - 32; +- ptr += sprintf(ptr, "%016lx: ", addr); ++ ptr += sprintf(ptr, "%px: ", (void *)addr); + if (start + opsize >= end) + break; + for (i = 0; i < opsize; i++) +@@ -2033,7 +2034,7 @@ void print_fn_code(unsigned char *code, unsigned long len) + opsize = insn_length(*code); + if (opsize > len) + break; +- ptr += sprintf(ptr, "%p: ", code); ++ ptr += sprintf(ptr, "%px: ", code); + for (i = 0; i < opsize; i++) + ptr += sprintf(ptr, "%02x", code[i]); + *ptr++ = '\t'; +-- +2.20.1 + diff --git a/queue-4.9/samples-pktgen-fix-proc_cmd-command-result-check-log.patch b/queue-4.9/samples-pktgen-fix-proc_cmd-command-result-check-log.patch new file mode 100644 index 00000000000..4cf37fe0a3c --- /dev/null +++ b/queue-4.9/samples-pktgen-fix-proc_cmd-command-result-check-log.patch @@ -0,0 +1,82 @@ +From f61e772061292a2c621ed04476e9ec0031b86de1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 5 Oct 2019 17:25:07 +0900 +Subject: samples: pktgen: fix proc_cmd command result check logic + +From: Daniel T. Lee + +[ Upstream commit 3cad8f911575191fb3b81d8ed0e061e30f922223 ] + +Currently, proc_cmd is used to dispatch command to 'pg_ctrl', 'pg_thread', +'pg_set'. proc_cmd is designed to check command result with grep the +"Result:", but this might fail since this string is only shown in +'pg_thread' and 'pg_set'. + +This commit fixes this logic by grep-ing the "Result:" string only when +the command is not for 'pg_ctrl'. + +For clarity of an execution flow, 'errexit' flag has been set. + +To cleanup pktgen on exit, trap has been added for EXIT signal. + +Signed-off-by: Daniel T. Lee +Acked-by: Jesper Dangaard Brouer +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + samples/pktgen/functions.sh | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/samples/pktgen/functions.sh b/samples/pktgen/functions.sh +index 205e4cde4601..065a7e296ee3 100644 +--- a/samples/pktgen/functions.sh ++++ b/samples/pktgen/functions.sh +@@ -5,6 +5,8 @@ + # Author: Jesper Dangaaard Brouer + # License: GPL + ++set -o errexit ++ + ## -- General shell logging cmds -- + function err() { + local exitcode=$1 +@@ -58,6 +60,7 @@ function pg_set() { + function proc_cmd() { + local result + local proc_file=$1 ++ local status=0 + # after shift, the remaining args are contained in $@ + shift + local proc_ctrl=${PROC_DIR}/$proc_file +@@ -73,13 +76,13 @@ function proc_cmd() { + echo "cmd: $@ > $proc_ctrl" + fi + # Quoting of "$@" is important for space expansion +- echo "$@" > "$proc_ctrl" +- local status=$? ++ echo "$@" > "$proc_ctrl" || status=$? + +- result=$(grep "Result: OK:" $proc_ctrl) +- # Due to pgctrl, cannot use exit code $? from grep +- if [[ "$result" == "" ]]; then +- grep "Result:" $proc_ctrl >&2 ++ if [[ "$proc_file" != "pgctrl" ]]; then ++ result=$(grep "Result: OK:" $proc_ctrl) || true ++ if [[ "$result" == "" ]]; then ++ grep "Result:" $proc_ctrl >&2 ++ fi + fi + if (( $status != 0 )); then + err 5 "Write error($status) occurred cmd: \"$@ > $proc_ctrl\"" +@@ -105,6 +108,8 @@ function pgset() { + fi + } + ++[[ $EUID -eq 0 ]] && trap 'pg_ctrl "reset"' EXIT ++ + ## -- General shell tricks -- + + function root_check_run_with_sudo() { +-- +2.20.1 + diff --git a/queue-4.9/series b/queue-4.9/series new file mode 100644 index 00000000000..6fde85a6a89 --- /dev/null +++ b/queue-4.9/series @@ -0,0 +1,81 @@ +drm-mst-fix-query_payload-ack-reply-struct.patch +drm-bridge-analogix-anx78xx-silence-eprobe_defer-war.patch +iio-light-bh1750-resolve-compiler-warning-and-make-c.patch +spi-add-call-to-spi_slave_abort-function-when-spidev.patch +staging-rtl8192u-fix-multiple-memory-leaks-on-error-.patch +staging-rtl8188eu-fix-possible-null-dereference.patch +rtlwifi-prevent-memory-leak-in-rtl_usb_probe.patch +libertas-fix-a-potential-null-pointer-dereference.patch +ib-iser-bound-protection_sg-size-by-data_sg-size.patch +media-am437x-vpfe-setting-std-to-current-value-is-no.patch +media-i2c-ov2659-fix-s_stream-return-value.patch +media-i2c-ov2659-fix-missing-720p-register-config.patch +media-ov6650-fix-stored-frame-format-not-in-sync-wit.patch +tools-power-cpupower-fix-initializer-override-in-hsw.patch +usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch +hwrng-omap3-rom-call-clk_disable_unprepare-on-exit-o.patch +regulator-max8907-fix-the-usage-of-uninitialized-var.patch +media-flexcop-usb-fix-null-ptr-deref-in-flexcop_usb_.patch +media-cec-funcs.h-add-status_req-checks.patch +samples-pktgen-fix-proc_cmd-command-result-check-log.patch +mwifiex-pcie-fix-memory-leak-in-mwifiex_pcie_init_ev.patch +media-ti-vpe-vpe-fix-a-v4l2-compliance-warning-about.patch +media-ti-vpe-vpe-fix-a-v4l2-compliance-failure-about.patch +media-ti-vpe-vpe-make-sure-yuyv-is-set-as-default-fo.patch +extcon-sm5502-reset-registers-during-initialization.patch +x86-mm-use-the-correct-function-type-for-native_set_.patch +perf-test-report-failure-for-mmap-events.patch +perf-report-add-warning-when-libunwind-not-compiled-.patch +usb-usbfs-suppress-problematic-bind-and-unbind-ueven.patch +iio-adc-max1027-reset-the-device-at-probe-time.patch +bluetooth-hci_core-fix-init-for-hci_user_channel.patch +x86-mce-lower-throttling-mce-messages-priority-to-wa.patch +drm-gma500-fix-memory-disclosures-due-to-uninitializ.patch +rtl8xxxu-fix-rtl8723bu-connection-failure-issue-afte.patch +x86-ioapic-prevent-inconsistent-state-when-moving-an.patch +arm64-psci-reduce-the-waiting-time-for-cpu_psci_cpu_.patch +libata-ensure-ata_port-probe-has-completed-before-de.patch +pinctrl-sh-pfc-sh7734-fix-duplicate-tclk1_b.patch +bluetooth-fix-advertising-duplicated-flags.patch +bnx2x-fix-pf-vf-communication-over-multi-cos-queues.patch +spi-img-spfi-fix-potential-double-release.patch +alsa-timer-limit-max-amount-of-slave-instances.patch +rtlwifi-fix-memory-leak-in-rtl92c_set_fw_rsvdpagepkt.patch +perf-probe-fix-to-find-range-only-function-instance.patch +perf-probe-fix-to-list-probe-event-with-correct-line.patch +perf-probe-walk-function-lines-in-lexical-blocks.patch +perf-probe-fix-to-probe-an-inline-function-which-has.patch +perf-probe-fix-to-show-ranges-of-variables-in-functi.patch +perf-probe-fix-to-show-inlined-function-callsite-wit.patch +perf-probe-fix-to-probe-a-function-which-has-no-entr.patch +perf-probe-skip-overlapped-location-on-searching-var.patch +perf-probe-return-a-better-scope-die-if-there-is-no-.patch +perf-probe-fix-to-show-calling-lines-of-inlined-func.patch +perf-probe-skip-end-of-sequence-and-non-statement-li.patch +perf-probe-filter-out-instances-except-for-inlined-s.patch +ath10k-fix-get-invalid-tx-rate-for-mesh-metric.patch +media-pvrusb2-fix-oops-on-tear-down-when-radio-suppo.patch +media-si470x-i2c-add-missed-operations-in-remove.patch +edac-ghes-fix-grain-calculation.patch +spi-pxa2xx-add-missed-security-checks.patch +asoc-rt5677-mark-reg-rt5677_pwr_anlg2-as-volatile.patch +s390-disassembler-don-t-hide-instruction-addresses.patch +parport-load-lowlevel-driver-if-ports-not-found.patch +cpufreq-register-drivers-only-after-cpu-devices-have.patch +x86-crash-add-a-forward-declaration-of-struct-kimage.patch +iwlwifi-mvm-fix-unaligned-read-of-rx_pkt_status.patch +spi-tegra20-slink-add-missed-clk_unprepare.patch +mmc-tmio-add-mmc_cap_erase-to-allow-erase-discard-tr.patch +btrfs-don-t-prematurely-free-work-in-end_workqueue_f.patch +btrfs-don-t-prematurely-free-work-in-run_ordered_wor.patch +spi-st-ssc4-add-missed-pm_runtime_disable.patch +x86-insn-add-some-intel-instructions-to-the-opcode-m.patch +iwlwifi-check-kasprintf-return-value.patch +fbtft-make-sure-string-is-null-terminated.patch +crypto-sun4i-ss-fix-64-bit-size_t-warnings-on-sun4i-.patch +crypto-vmx-avoid-weird-build-failures.patch +libtraceevent-fix-memory-leakage-in-copy_filter_type.patch +perf-parse-fix-potential-memory-leak-when-handling-t.patch +perf-intel-bts-does-not-support-aux-area-sampling.patch +net-phy-initialise-phydev-speed-and-duplex-sanely.patch +btrfs-don-t-prematurely-free-work-in-reada_start_mac.patch diff --git a/queue-4.9/spi-add-call-to-spi_slave_abort-function-when-spidev.patch b/queue-4.9/spi-add-call-to-spi_slave_abort-function-when-spidev.patch new file mode 100644 index 00000000000..4fb372e5182 --- /dev/null +++ b/queue-4.9/spi-add-call-to-spi_slave_abort-function-when-spidev.patch @@ -0,0 +1,50 @@ +From c0f6bf7f159a5ef7329d1fd587e324678365912b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 11:11:42 +0200 +Subject: spi: Add call to spi_slave_abort() function when spidev driver is + released + +From: Lukasz Majewski + +[ Upstream commit 9f918a728cf86b2757b6a7025e1f46824bfe3155 ] + +This change is necessary for spidev devices (e.g. /dev/spidev3.0) working +in the slave mode (like NXP's dspi driver for Vybrid SoC). + +When SPI HW works in this mode - the master is responsible for providing +CS and CLK signals. However, when some fault happens - like for example +distortion on SPI lines - the SPI Linux driver needs a chance to recover +from this abnormal situation and prepare itself for next (correct) +transmission. + +This change doesn't pose any threat on drivers working in master mode as +spi_slave_abort() function checks if SPI slave mode is supported. + +Signed-off-by: Lukasz Majewski +Link: https://lore.kernel.org/r/20190924110547.14770-2-lukma@denx.de +Signed-off-by: Mark Brown +Reported-by: kbuild test robot +Link: https://lore.kernel.org/r/20190925091143.15468-2-lukma@denx.de +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spidev.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c +index f4ea286b0121..a685c6114a8d 100644 +--- a/drivers/spi/spidev.c ++++ b/drivers/spi/spidev.c +@@ -663,6 +663,9 @@ static int spidev_release(struct inode *inode, struct file *filp) + if (dofree) + kfree(spidev); + } ++#ifdef CONFIG_SPI_SLAVE ++ spi_slave_abort(spidev->spi); ++#endif + mutex_unlock(&device_list_lock); + + return 0; +-- +2.20.1 + diff --git a/queue-4.9/spi-img-spfi-fix-potential-double-release.patch b/queue-4.9/spi-img-spfi-fix-potential-double-release.patch new file mode 100644 index 00000000000..f4adb229bd9 --- /dev/null +++ b/queue-4.9/spi-img-spfi-fix-potential-double-release.patch @@ -0,0 +1,39 @@ +From 272d5d5a8bb0ad2383f53a4b31935ba692f524d9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Nov 2019 10:36:09 +0800 +Subject: spi: img-spfi: fix potential double release + +From: Pan Bian + +[ Upstream commit e9a8ba9769a0e354341bc6cc01b98aadcea1dfe9 ] + +The channels spfi->tx_ch and spfi->rx_ch are not set to NULL after they +are released. As a result, they will be released again, either on the +error handling branch in the same function or in the corresponding +remove function, i.e. img_spfi_remove(). This patch fixes the bug by +setting the two members to NULL. + +Signed-off-by: Pan Bian +Link: https://lore.kernel.org/r/1573007769-20131-1-git-send-email-bianpan2016@163.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-img-spfi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/spi/spi-img-spfi.c b/drivers/spi/spi-img-spfi.c +index 7a37090dabbe..2e65b70c7879 100644 +--- a/drivers/spi/spi-img-spfi.c ++++ b/drivers/spi/spi-img-spfi.c +@@ -673,6 +673,8 @@ static int img_spfi_probe(struct platform_device *pdev) + dma_release_channel(spfi->tx_ch); + if (spfi->rx_ch) + dma_release_channel(spfi->rx_ch); ++ spfi->tx_ch = NULL; ++ spfi->rx_ch = NULL; + dev_warn(spfi->dev, "Failed to get DMA channels, falling back to PIO mode\n"); + } else { + master->dma_tx = spfi->tx_ch; +-- +2.20.1 + diff --git a/queue-4.9/spi-pxa2xx-add-missed-security-checks.patch b/queue-4.9/spi-pxa2xx-add-missed-security-checks.patch new file mode 100644 index 00000000000..407c67a45d4 --- /dev/null +++ b/queue-4.9/spi-pxa2xx-add-missed-security-checks.patch @@ -0,0 +1,45 @@ +From ff7c24c83a1dbf850075e886b1b8824ef2113dad Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 9 Nov 2019 16:09:43 +0800 +Subject: spi: pxa2xx: Add missed security checks + +From: Chuhong Yuan + +[ Upstream commit 5eb263ef08b5014cfc2539a838f39d2fd3531423 ] + +pxa2xx_spi_init_pdata misses checks for devm_clk_get and +platform_get_irq. +Add checks for them to fix the bugs. + +Since ssp->clk and ssp->irq are used in probe, they are mandatory here. +So we cannot use _optional() for devm_clk_get and platform_get_irq. + +Signed-off-by: Chuhong Yuan +Link: https://lore.kernel.org/r/20191109080943.30428-1-hslester96@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-pxa2xx.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/spi/spi-pxa2xx.c b/drivers/spi/spi-pxa2xx.c +index 6dd195b94c57..2f84d7653afd 100644 +--- a/drivers/spi/spi-pxa2xx.c ++++ b/drivers/spi/spi-pxa2xx.c +@@ -1529,7 +1529,13 @@ pxa2xx_spi_init_pdata(struct platform_device *pdev) + } + + ssp->clk = devm_clk_get(&pdev->dev, NULL); ++ if (IS_ERR(ssp->clk)) ++ return NULL; ++ + ssp->irq = platform_get_irq(pdev, 0); ++ if (ssp->irq < 0) ++ return NULL; ++ + ssp->type = type; + ssp->pdev = pdev; + ssp->port_id = pxa2xx_spi_get_port_id(adev); +-- +2.20.1 + diff --git a/queue-4.9/spi-st-ssc4-add-missed-pm_runtime_disable.patch b/queue-4.9/spi-st-ssc4-add-missed-pm_runtime_disable.patch new file mode 100644 index 00000000000..1d95a757f10 --- /dev/null +++ b/queue-4.9/spi-st-ssc4-add-missed-pm_runtime_disable.patch @@ -0,0 +1,45 @@ +From 50f5de487ac2babcd5f6350baae1bb518048382c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Nov 2019 10:48:48 +0800 +Subject: spi: st-ssc4: add missed pm_runtime_disable + +From: Chuhong Yuan + +[ Upstream commit cd050abeba2a95fe5374eec28ad2244617bcbab6 ] + +The driver forgets to call pm_runtime_disable in probe failure +and remove. +Add the missed calls to fix it. + +Signed-off-by: Chuhong Yuan +Link: https://lore.kernel.org/r/20191118024848.21645-1-hslester96@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-st-ssc4.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/spi/spi-st-ssc4.c b/drivers/spi/spi-st-ssc4.c +index e54b59638458..710adbc2485f 100644 +--- a/drivers/spi/spi-st-ssc4.c ++++ b/drivers/spi/spi-st-ssc4.c +@@ -385,6 +385,7 @@ static int spi_st_probe(struct platform_device *pdev) + return 0; + + clk_disable: ++ pm_runtime_disable(&pdev->dev); + clk_disable_unprepare(spi_st->clk); + put_master: + spi_master_put(master); +@@ -396,6 +397,8 @@ static int spi_st_remove(struct platform_device *pdev) + struct spi_master *master = platform_get_drvdata(pdev); + struct spi_st *spi_st = spi_master_get_devdata(master); + ++ pm_runtime_disable(&pdev->dev); ++ + clk_disable_unprepare(spi_st->clk); + + pinctrl_pm_select_sleep_state(&pdev->dev); +-- +2.20.1 + diff --git a/queue-4.9/spi-tegra20-slink-add-missed-clk_unprepare.patch b/queue-4.9/spi-tegra20-slink-add-missed-clk_unprepare.patch new file mode 100644 index 00000000000..30ccdeba3b5 --- /dev/null +++ b/queue-4.9/spi-tegra20-slink-add-missed-clk_unprepare.patch @@ -0,0 +1,53 @@ +From 613026a9f6536a626b563e5df9d034ac10dc8456 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Nov 2019 16:31:22 +0800 +Subject: spi: tegra20-slink: add missed clk_unprepare + +From: Chuhong Yuan + +[ Upstream commit 04358e40ba96d687c0811c21d9dede73f5244a98 ] + +The driver misses calling clk_unprepare in probe failure and remove. +Add the calls to fix it. + +Signed-off-by: Chuhong Yuan +Link: https://lore.kernel.org/r/20191115083122.12278-1-hslester96@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-tegra20-slink.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/spi/spi-tegra20-slink.c b/drivers/spi/spi-tegra20-slink.c +index af2880d0c112..cf2a329fd895 100644 +--- a/drivers/spi/spi-tegra20-slink.c ++++ b/drivers/spi/spi-tegra20-slink.c +@@ -1078,7 +1078,7 @@ static int tegra_slink_probe(struct platform_device *pdev) + ret = clk_enable(tspi->clk); + if (ret < 0) { + dev_err(&pdev->dev, "Clock enable failed %d\n", ret); +- goto exit_free_master; ++ goto exit_clk_unprepare; + } + + spi_irq = platform_get_irq(pdev, 0); +@@ -1151,6 +1151,8 @@ exit_free_irq: + free_irq(spi_irq, tspi); + exit_clk_disable: + clk_disable(tspi->clk); ++exit_clk_unprepare: ++ clk_unprepare(tspi->clk); + exit_free_master: + spi_master_put(master); + return ret; +@@ -1164,6 +1166,7 @@ static int tegra_slink_remove(struct platform_device *pdev) + free_irq(tspi->irq, tspi); + + clk_disable(tspi->clk); ++ clk_unprepare(tspi->clk); + + if (tspi->tx_dma_chan) + tegra_slink_deinit_dma_param(tspi, false); +-- +2.20.1 + diff --git a/queue-4.9/staging-rtl8188eu-fix-possible-null-dereference.patch b/queue-4.9/staging-rtl8188eu-fix-possible-null-dereference.patch new file mode 100644 index 00000000000..6826722f036 --- /dev/null +++ b/queue-4.9/staging-rtl8188eu-fix-possible-null-dereference.patch @@ -0,0 +1,54 @@ +From ee31e97b54ec08255f59452c59dc2671fe7fc274 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Sep 2019 08:03:17 -0700 +Subject: staging: rtl8188eu: fix possible null dereference + +From: Connor Kuehl + +[ Upstream commit 228241944a48113470d3c3b46c88ba7fbe0a274b ] + +Inside a nested 'else' block at the beginning of this function is a +call that assigns 'psta' to the return value of 'rtw_get_stainfo()'. +If 'rtw_get_stainfo()' returns NULL and the flow of control reaches +the 'else if' where 'psta' is dereferenced, then we will dereference +a NULL pointer. + +Fix this by checking if 'psta' is not NULL before reading its +'psta->qos_option' data member. + +Addresses-Coverity: ("Dereference null return value") + +Signed-off-by: Connor Kuehl +Acked-by: Larry Finger +Link: https://lore.kernel.org/r/20190926150317.5894-1-connor.kuehl@canonical.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/rtl8188eu/core/rtw_xmit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/staging/rtl8188eu/core/rtw_xmit.c b/drivers/staging/rtl8188eu/core/rtw_xmit.c +index 0f8b8e0bffdf..dedc313e9dea 100644 +--- a/drivers/staging/rtl8188eu/core/rtw_xmit.c ++++ b/drivers/staging/rtl8188eu/core/rtw_xmit.c +@@ -805,7 +805,7 @@ s32 rtw_make_wlanhdr(struct adapter *padapter, u8 *hdr, struct pkt_attrib *pattr + memcpy(pwlanhdr->addr2, get_bssid(pmlmepriv), ETH_ALEN); + memcpy(pwlanhdr->addr3, pattrib->src, ETH_ALEN); + +- if (psta->qos_option) ++ if (psta && psta->qos_option) + qos_option = true; + } else if (check_fwstate(pmlmepriv, WIFI_ADHOC_STATE) || + check_fwstate(pmlmepriv, WIFI_ADHOC_MASTER_STATE)) { +@@ -813,7 +813,7 @@ s32 rtw_make_wlanhdr(struct adapter *padapter, u8 *hdr, struct pkt_attrib *pattr + memcpy(pwlanhdr->addr2, pattrib->src, ETH_ALEN); + memcpy(pwlanhdr->addr3, get_bssid(pmlmepriv), ETH_ALEN); + +- if (psta->qos_option) ++ if (psta && psta->qos_option) + qos_option = true; + } else { + RT_TRACE(_module_rtl871x_xmit_c_, _drv_err_, ("fw_state:%x is not allowed to xmit frame\n", get_fwstate(pmlmepriv))); +-- +2.20.1 + diff --git a/queue-4.9/staging-rtl8192u-fix-multiple-memory-leaks-on-error-.patch b/queue-4.9/staging-rtl8192u-fix-multiple-memory-leaks-on-error-.patch new file mode 100644 index 00000000000..817200f05b8 --- /dev/null +++ b/queue-4.9/staging-rtl8192u-fix-multiple-memory-leaks-on-error-.patch @@ -0,0 +1,72 @@ +From 712f03cc5ed127b1d3edebc51ff922b3b57fed08 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Sep 2019 21:51:33 -0500 +Subject: staging: rtl8192u: fix multiple memory leaks on error path + +From: Navid Emamdoost + +[ Upstream commit ca312438cf176a16d4b89350cade8789ba8d7133 ] + +In rtl8192_tx on error handling path allocated urbs and also skb should +be released. + +Signed-off-by: Navid Emamdoost +Link: https://lore.kernel.org/r/20190920025137.29407-1-navid.emamdoost@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/rtl8192u/r8192U_core.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/drivers/staging/rtl8192u/r8192U_core.c b/drivers/staging/rtl8192u/r8192U_core.c +index 5fe95937d811..6ec379056650 100644 +--- a/drivers/staging/rtl8192u/r8192U_core.c ++++ b/drivers/staging/rtl8192u/r8192U_core.c +@@ -1509,7 +1509,7 @@ short rtl8192_tx(struct net_device *dev, struct sk_buff *skb) + (tx_fwinfo_819x_usb *)(skb->data + USB_HWDESC_HEADER_LEN); + struct usb_device *udev = priv->udev; + int pend; +- int status; ++ int status, rt = -1; + struct urb *tx_urb = NULL, *tx_urb_zero = NULL; + unsigned int idx_pipe; + +@@ -1653,8 +1653,10 @@ short rtl8192_tx(struct net_device *dev, struct sk_buff *skb) + } + if (bSend0Byte) { + tx_urb_zero = usb_alloc_urb(0, GFP_ATOMIC); +- if (!tx_urb_zero) +- return -ENOMEM; ++ if (!tx_urb_zero) { ++ rt = -ENOMEM; ++ goto error; ++ } + usb_fill_bulk_urb(tx_urb_zero, udev, + usb_sndbulkpipe(udev, idx_pipe), + &zero, 0, tx_zero_isr, dev); +@@ -1664,7 +1666,7 @@ short rtl8192_tx(struct net_device *dev, struct sk_buff *skb) + "Error TX URB for zero byte %d, error %d", + atomic_read(&priv->tx_pending[tcb_desc->queue_index]), + status); +- return -1; ++ goto error; + } + } + netif_trans_update(dev); +@@ -1675,7 +1677,12 @@ short rtl8192_tx(struct net_device *dev, struct sk_buff *skb) + RT_TRACE(COMP_ERR, "Error TX URB %d, error %d", + atomic_read(&priv->tx_pending[tcb_desc->queue_index]), + status); +- return -1; ++ ++error: ++ dev_kfree_skb_any(skb); ++ usb_free_urb(tx_urb); ++ usb_free_urb(tx_urb_zero); ++ return rt; + } + + static short rtl8192_usb_initendpoints(struct net_device *dev) +-- +2.20.1 + diff --git a/queue-4.9/tools-power-cpupower-fix-initializer-override-in-hsw.patch b/queue-4.9/tools-power-cpupower-fix-initializer-override-in-hsw.patch new file mode 100644 index 00000000000..99b2809a4fc --- /dev/null +++ b/queue-4.9/tools-power-cpupower-fix-initializer-override-in-hsw.patch @@ -0,0 +1,63 @@ +From 62d64e667dd188399f1dbf3c8cf695f0404e7731 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Sep 2019 09:26:42 -0700 +Subject: tools/power/cpupower: Fix initializer override in hsw_ext_cstates + +From: Nathan Chancellor + +[ Upstream commit 7e5705c635ecfccde559ebbbe1eaf05b5cc60529 ] + +When building cpupower with clang, the following warning appears: + + utils/idle_monitor/hsw_ext_idle.c:42:16: warning: initializer overrides + prior initialization of this subobject [-Winitializer-overrides] + .desc = N_("Processor Package C2"), + ^~~~~~~~~~~~~~~~~~~~~~ + ./utils/helpers/helpers.h:25:33: note: expanded from macro 'N_' + #define N_(String) gettext_noop(String) + ^~~~~~ + ./utils/helpers/helpers.h:23:30: note: expanded from macro + 'gettext_noop' + #define gettext_noop(String) String + ^~~~~~ + utils/idle_monitor/hsw_ext_idle.c:41:16: note: previous initialization + is here + .desc = N_("Processor Package C9"), + ^~~~~~~~~~~~~~~~~~~~~~ + ./utils/helpers/helpers.h:25:33: note: expanded from macro 'N_' + #define N_(String) gettext_noop(String) + ^~~~~~ + ./utils/helpers/helpers.h:23:30: note: expanded from macro + 'gettext_noop' + #define gettext_noop(String) String + ^~~~~~ + 1 warning generated. + +This appears to be a copy and paste or merge mistake because the name +and id fields both have PC9 in them, not PC2. Remove the second +assignment to fix the warning. + +Fixes: 7ee767b69b68 ("cpupower: Add Haswell family 0x45 specific idle monitor to show PC8,9,10 states") +Link: https://github.com/ClangBuiltLinux/linux/issues/718 +Signed-off-by: Nathan Chancellor +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c b/tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c +index ebeaba6571a3..475e18e04318 100644 +--- a/tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c ++++ b/tools/power/cpupower/utils/idle_monitor/hsw_ext_idle.c +@@ -40,7 +40,6 @@ static cstate_t hsw_ext_cstates[HSW_EXT_CSTATE_COUNT] = { + { + .name = "PC9", + .desc = N_("Processor Package C9"), +- .desc = N_("Processor Package C2"), + .id = PC9, + .range = RANGE_PACKAGE, + .get_count_percent = hsw_ext_get_count_percent, +-- +2.20.1 + diff --git a/queue-4.9/usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch b/queue-4.9/usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch new file mode 100644 index 00000000000..2c10ac32ce7 --- /dev/null +++ b/queue-4.9/usb-renesas_usbhs-add-suspend-event-support-in-gadge.patch @@ -0,0 +1,89 @@ +From 3fab48d2b2eae6b2f9f69ea53688069b39b94ab7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 11 Sep 2019 15:15:56 +0200 +Subject: usb: renesas_usbhs: add suspend event support in gadget mode + +From: Veeraiyan Chidambaram + +[ Upstream commit 39abcc84846bbc0538f13c190b6a9c7e36890cd2 ] + +When R-Car Gen3 USB 2.0 is in Gadget mode, if host is detached an interrupt +will be generated and Suspended state bit is set in interrupt status +register. Interrupt handler will call driver->suspend(composite_suspend) +if suspended state bit is set. composite_suspend will call +ffs_func_suspend which will post FUNCTIONFS_SUSPEND and will be consumed +by user space application via /dev/ep0. + +To be able to detect host detach, extend the DVSQ_MASK to cover the +Suspended bit of the DVSQ[2:0] bitfield from the Interrupt Status +Register 0 (INTSTS0) register and perform appropriate action in the +DVST interrupt handler (usbhsg_irq_dev_state). + +Without this commit, disconnection of the phone from R-Car-H3 ES2.0 +Salvator-X CN9 port is not recognized and reverse role switch does +not happen. If phone is connected again it does not enumerate. + +With this commit, disconnection will be recognized and reverse role +switch will happen by a user space application. If phone is connected +again it will enumerate properly and will become visible in the output +of 'lsusb'. + +Signed-off-by: Veeraiyan Chidambaram +Signed-off-by: Eugeniu Rosca +Reviewed-by: Yoshihiro Shimoda +Tested-by: Yoshihiro Shimoda +Link: https://lore.kernel.org/r/1568207756-22325-3-git-send-email-external.veeraiyan.c@de.adit-jv.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/renesas_usbhs/common.h | 3 ++- + drivers/usb/renesas_usbhs/mod_gadget.c | 12 +++++++++--- + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/drivers/usb/renesas_usbhs/common.h b/drivers/usb/renesas_usbhs/common.h +index b8620aa6b72e..8424c165f732 100644 +--- a/drivers/usb/renesas_usbhs/common.h ++++ b/drivers/usb/renesas_usbhs/common.h +@@ -163,11 +163,12 @@ struct usbhs_priv; + #define VBSTS (1 << 7) /* VBUS_0 and VBUSIN_0 Input Status */ + #define VALID (1 << 3) /* USB Request Receive */ + +-#define DVSQ_MASK (0x3 << 4) /* Device State */ ++#define DVSQ_MASK (0x7 << 4) /* Device State */ + #define POWER_STATE (0 << 4) + #define DEFAULT_STATE (1 << 4) + #define ADDRESS_STATE (2 << 4) + #define CONFIGURATION_STATE (3 << 4) ++#define SUSPENDED_STATE (4 << 4) + + #define CTSQ_MASK (0x7) /* Control Transfer Stage */ + #define IDLE_SETUP_STAGE 0 /* Idle stage or setup stage */ +diff --git a/drivers/usb/renesas_usbhs/mod_gadget.c b/drivers/usb/renesas_usbhs/mod_gadget.c +index 6898ca1ef98c..b0397bcfe1f6 100644 +--- a/drivers/usb/renesas_usbhs/mod_gadget.c ++++ b/drivers/usb/renesas_usbhs/mod_gadget.c +@@ -465,12 +465,18 @@ static int usbhsg_irq_dev_state(struct usbhs_priv *priv, + { + struct usbhsg_gpriv *gpriv = usbhsg_priv_to_gpriv(priv); + struct device *dev = usbhsg_gpriv_to_dev(gpriv); ++ int state = usbhs_status_get_device_state(irq_state); + + gpriv->gadget.speed = usbhs_bus_get_speed(priv); + +- dev_dbg(dev, "state = %x : speed : %d\n", +- usbhs_status_get_device_state(irq_state), +- gpriv->gadget.speed); ++ dev_dbg(dev, "state = %x : speed : %d\n", state, gpriv->gadget.speed); ++ ++ if (gpriv->gadget.speed != USB_SPEED_UNKNOWN && ++ (state & SUSPENDED_STATE)) { ++ if (gpriv->driver && gpriv->driver->suspend) ++ gpriv->driver->suspend(&gpriv->gadget); ++ usb_gadget_set_state(&gpriv->gadget, USB_STATE_SUSPENDED); ++ } + + return 0; + } +-- +2.20.1 + diff --git a/queue-4.9/usb-usbfs-suppress-problematic-bind-and-unbind-ueven.patch b/queue-4.9/usb-usbfs-suppress-problematic-bind-and-unbind-ueven.patch new file mode 100644 index 00000000000..35ba5f41656 --- /dev/null +++ b/queue-4.9/usb-usbfs-suppress-problematic-bind-and-unbind-ueven.patch @@ -0,0 +1,82 @@ +From ec0dd7547b5e714a1181e05c5842e8e7a2f8e46b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Oct 2019 13:55:18 +0200 +Subject: usb: usbfs: Suppress problematic bind and unbind uevents. + +From: Ingo Rohloff + +[ Upstream commit abb0b3d96a1f9407dd66831ae33985a386d4200d ] + +commit 1455cf8dbfd0 ("driver core: emit uevents when device is bound +to a driver") added bind and unbind uevents when a driver is bound or +unbound to a physical device. + +For USB devices which are handled via the generic usbfs layer (via +libusb for example), this is problematic: +Each time a user space program calls + ioctl(usb_fd, USBDEVFS_CLAIMINTERFACE, &usb_intf_nr); +and then later + ioctl(usb_fd, USBDEVFS_RELEASEINTERFACE, &usb_intf_nr); +The kernel will now produce a bind or unbind event, which does not +really contain any useful information. + +This allows a user space program to run a DoS attack against programs +which listen to uevents (in particular systemd/eudev/upowerd): +A malicious user space program just has to call in a tight loop + + ioctl(usb_fd, USBDEVFS_CLAIMINTERFACE, &usb_intf_nr); + ioctl(usb_fd, USBDEVFS_RELEASEINTERFACE, &usb_intf_nr); + +With this loop the malicious user space program floods the kernel and +all programs listening to uevents with tons of bind and unbind +events. + +This patch suppresses uevents for ioctls USBDEVFS_CLAIMINTERFACE and +USBDEVFS_RELEASEINTERFACE. + +Signed-off-by: Ingo Rohloff +Link: https://lore.kernel.org/r/20191011115518.2801-1-ingo.rohloff@lauterbach.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/core/devio.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c +index 06a8f645106b..059e71d71b66 100644 +--- a/drivers/usb/core/devio.c ++++ b/drivers/usb/core/devio.c +@@ -754,8 +754,15 @@ static int claimintf(struct usb_dev_state *ps, unsigned int ifnum) + intf = usb_ifnum_to_if(dev, ifnum); + if (!intf) + err = -ENOENT; +- else ++ else { ++ unsigned int old_suppress; ++ ++ /* suppress uevents while claiming interface */ ++ old_suppress = dev_get_uevent_suppress(&intf->dev); ++ dev_set_uevent_suppress(&intf->dev, 1); + err = usb_driver_claim_interface(&usbfs_driver, intf, ps); ++ dev_set_uevent_suppress(&intf->dev, old_suppress); ++ } + if (err == 0) + set_bit(ifnum, &ps->ifclaimed); + return err; +@@ -775,7 +782,13 @@ static int releaseintf(struct usb_dev_state *ps, unsigned int ifnum) + if (!intf) + err = -ENOENT; + else if (test_and_clear_bit(ifnum, &ps->ifclaimed)) { ++ unsigned int old_suppress; ++ ++ /* suppress uevents while releasing interface */ ++ old_suppress = dev_get_uevent_suppress(&intf->dev); ++ dev_set_uevent_suppress(&intf->dev, 1); + usb_driver_release_interface(&usbfs_driver, intf); ++ dev_set_uevent_suppress(&intf->dev, old_suppress); + err = 0; + } + return err; +-- +2.20.1 + diff --git a/queue-4.9/x86-crash-add-a-forward-declaration-of-struct-kimage.patch b/queue-4.9/x86-crash-add-a-forward-declaration-of-struct-kimage.patch new file mode 100644 index 00000000000..0a60cedf414 --- /dev/null +++ b/queue-4.9/x86-crash-add-a-forward-declaration-of-struct-kimage.patch @@ -0,0 +1,72 @@ +From 69cedc1991ef28249aa4fe33757dc974e62070dc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 8 Nov 2019 17:00:27 +0800 +Subject: x86/crash: Add a forward declaration of struct kimage +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Lianbo Jiang + +[ Upstream commit 112eee5d06007dae561f14458bde7f2a4879ef4e ] + +Add a forward declaration of struct kimage to the crash.h header because +future changes will invoke a crash-specific function from the realmode +init path and the compiler will complain otherwise like this: + + In file included from arch/x86/realmode/init.c:11: + ./arch/x86/include/asm/crash.h:5:32: warning: ‘struct kimage’ declared inside\ + parameter list will not be visible outside of this definition or declaration + 5 | int crash_load_segments(struct kimage *image); + | ^~~~~~ + ./arch/x86/include/asm/crash.h:6:37: warning: ‘struct kimage’ declared inside\ + parameter list will not be visible outside of this definition or declaration + 6 | int crash_copy_backup_region(struct kimage *image); + | ^~~~~~ + ./arch/x86/include/asm/crash.h:7:39: warning: ‘struct kimage’ declared inside\ + parameter list will not be visible outside of this definition or declaration + 7 | int crash_setup_memmap_entries(struct kimage *image, + | + + [ bp: Rewrite the commit message. ] + +Reported-by: kbuild test robot +Signed-off-by: Lianbo Jiang +Signed-off-by: Borislav Petkov +Cc: bhe@redhat.com +Cc: d.hatayama@fujitsu.com +Cc: dhowells@redhat.com +Cc: dyoung@redhat.com +Cc: ebiederm@xmission.com +Cc: horms@verge.net.au +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: Jürgen Gross +Cc: kexec@lists.infradead.org +Cc: Thomas Gleixner +Cc: Tom Lendacky +Cc: vgoyal@redhat.com +Cc: x86-ml +Link: https://lkml.kernel.org/r/20191108090027.11082-4-lijiang@redhat.com +Link: https://lkml.kernel.org/r/201910310233.EJRtTMWP%25lkp@intel.com +Signed-off-by: Sasha Levin +--- + arch/x86/include/asm/crash.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/x86/include/asm/crash.h b/arch/x86/include/asm/crash.h +index f498411f2500..1b15304dd098 100644 +--- a/arch/x86/include/asm/crash.h ++++ b/arch/x86/include/asm/crash.h +@@ -1,6 +1,8 @@ + #ifndef _ASM_X86_CRASH_H + #define _ASM_X86_CRASH_H + ++struct kimage; ++ + int crash_load_segments(struct kimage *image); + int crash_copy_backup_region(struct kimage *image); + int crash_setup_memmap_entries(struct kimage *image, +-- +2.20.1 + diff --git a/queue-4.9/x86-insn-add-some-intel-instructions-to-the-opcode-m.patch b/queue-4.9/x86-insn-add-some-intel-instructions-to-the-opcode-m.patch new file mode 100644 index 00000000000..3a5994f5cf0 --- /dev/null +++ b/queue-4.9/x86-insn-add-some-intel-instructions-to-the-opcode-m.patch @@ -0,0 +1,258 @@ +From 240f8695ef69a52d657b65db5579f5e2776076ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Nov 2019 15:54:47 +0200 +Subject: x86/insn: Add some Intel instructions to the opcode map + +From: Adrian Hunter + +[ Upstream commit b980be189c9badba50634671e2303e92bf28e35a ] + +Add to the opcode map the following instructions: + cldemote + tpause + umonitor + umwait + movdiri + movdir64b + enqcmd + enqcmds + encls + enclu + enclv + pconfig + wbnoinvd + +For information about the instructions, refer Intel SDM May 2019 +(325462-070US) and Intel Architecture Instruction Set Extensions +May 2019 (319433-037). + +The instruction decoding can be tested using the perf tools' +"x86 instruction decoder - new instructions" test as folllows: + + $ perf test -v "new " 2>&1 | grep -i cldemote + Decoded ok: 0f 1c 00 cldemote (%eax) + Decoded ok: 0f 1c 05 78 56 34 12 cldemote 0x12345678 + Decoded ok: 0f 1c 84 c8 78 56 34 12 cldemote 0x12345678(%eax,%ecx,8) + Decoded ok: 0f 1c 00 cldemote (%rax) + Decoded ok: 41 0f 1c 00 cldemote (%r8) + Decoded ok: 0f 1c 04 25 78 56 34 12 cldemote 0x12345678 + Decoded ok: 0f 1c 84 c8 78 56 34 12 cldemote 0x12345678(%rax,%rcx,8) + Decoded ok: 41 0f 1c 84 c8 78 56 34 12 cldemote 0x12345678(%r8,%rcx,8) + $ perf test -v "new " 2>&1 | grep -i tpause + Decoded ok: 66 0f ae f3 tpause %ebx + Decoded ok: 66 0f ae f3 tpause %ebx + Decoded ok: 66 41 0f ae f0 tpause %r8d + $ perf test -v "new " 2>&1 | grep -i umonitor + Decoded ok: 67 f3 0f ae f0 umonitor %ax + Decoded ok: f3 0f ae f0 umonitor %eax + Decoded ok: 67 f3 0f ae f0 umonitor %eax + Decoded ok: f3 0f ae f0 umonitor %rax + Decoded ok: 67 f3 41 0f ae f0 umonitor %r8d + $ perf test -v "new " 2>&1 | grep -i umwait + Decoded ok: f2 0f ae f0 umwait %eax + Decoded ok: f2 0f ae f0 umwait %eax + Decoded ok: f2 41 0f ae f0 umwait %r8d + $ perf test -v "new " 2>&1 | grep -i movdiri + Decoded ok: 0f 38 f9 03 movdiri %eax,(%ebx) + Decoded ok: 0f 38 f9 88 78 56 34 12 movdiri %ecx,0x12345678(%eax) + Decoded ok: 48 0f 38 f9 03 movdiri %rax,(%rbx) + Decoded ok: 48 0f 38 f9 88 78 56 34 12 movdiri %rcx,0x12345678(%rax) + $ perf test -v "new " 2>&1 | grep -i movdir64b + Decoded ok: 66 0f 38 f8 18 movdir64b (%eax),%ebx + Decoded ok: 66 0f 38 f8 88 78 56 34 12 movdir64b 0x12345678(%eax),%ecx + Decoded ok: 67 66 0f 38 f8 1c movdir64b (%si),%bx + Decoded ok: 67 66 0f 38 f8 8c 34 12 movdir64b 0x1234(%si),%cx + Decoded ok: 66 0f 38 f8 18 movdir64b (%rax),%rbx + Decoded ok: 66 0f 38 f8 88 78 56 34 12 movdir64b 0x12345678(%rax),%rcx + Decoded ok: 67 66 0f 38 f8 18 movdir64b (%eax),%ebx + Decoded ok: 67 66 0f 38 f8 88 78 56 34 12 movdir64b 0x12345678(%eax),%ecx + $ perf test -v "new " 2>&1 | grep -i enqcmd + Decoded ok: f2 0f 38 f8 18 enqcmd (%eax),%ebx + Decoded ok: f2 0f 38 f8 88 78 56 34 12 enqcmd 0x12345678(%eax),%ecx + Decoded ok: 67 f2 0f 38 f8 1c enqcmd (%si),%bx + Decoded ok: 67 f2 0f 38 f8 8c 34 12 enqcmd 0x1234(%si),%cx + Decoded ok: f3 0f 38 f8 18 enqcmds (%eax),%ebx + Decoded ok: f3 0f 38 f8 88 78 56 34 12 enqcmds 0x12345678(%eax),%ecx + Decoded ok: 67 f3 0f 38 f8 1c enqcmds (%si),%bx + Decoded ok: 67 f3 0f 38 f8 8c 34 12 enqcmds 0x1234(%si),%cx + Decoded ok: f2 0f 38 f8 18 enqcmd (%rax),%rbx + Decoded ok: f2 0f 38 f8 88 78 56 34 12 enqcmd 0x12345678(%rax),%rcx + Decoded ok: 67 f2 0f 38 f8 18 enqcmd (%eax),%ebx + Decoded ok: 67 f2 0f 38 f8 88 78 56 34 12 enqcmd 0x12345678(%eax),%ecx + Decoded ok: f3 0f 38 f8 18 enqcmds (%rax),%rbx + Decoded ok: f3 0f 38 f8 88 78 56 34 12 enqcmds 0x12345678(%rax),%rcx + Decoded ok: 67 f3 0f 38 f8 18 enqcmds (%eax),%ebx + Decoded ok: 67 f3 0f 38 f8 88 78 56 34 12 enqcmds 0x12345678(%eax),%ecx + $ perf test -v "new " 2>&1 | grep -i enqcmds + Decoded ok: f3 0f 38 f8 18 enqcmds (%eax),%ebx + Decoded ok: f3 0f 38 f8 88 78 56 34 12 enqcmds 0x12345678(%eax),%ecx + Decoded ok: 67 f3 0f 38 f8 1c enqcmds (%si),%bx + Decoded ok: 67 f3 0f 38 f8 8c 34 12 enqcmds 0x1234(%si),%cx + Decoded ok: f3 0f 38 f8 18 enqcmds (%rax),%rbx + Decoded ok: f3 0f 38 f8 88 78 56 34 12 enqcmds 0x12345678(%rax),%rcx + Decoded ok: 67 f3 0f 38 f8 18 enqcmds (%eax),%ebx + Decoded ok: 67 f3 0f 38 f8 88 78 56 34 12 enqcmds 0x12345678(%eax),%ecx + $ perf test -v "new " 2>&1 | grep -i encls + Decoded ok: 0f 01 cf encls + Decoded ok: 0f 01 cf encls + $ perf test -v "new " 2>&1 | grep -i enclu + Decoded ok: 0f 01 d7 enclu + Decoded ok: 0f 01 d7 enclu + $ perf test -v "new " 2>&1 | grep -i enclv + Decoded ok: 0f 01 c0 enclv + Decoded ok: 0f 01 c0 enclv + $ perf test -v "new " 2>&1 | grep -i pconfig + Decoded ok: 0f 01 c5 pconfig + Decoded ok: 0f 01 c5 pconfig + $ perf test -v "new " 2>&1 | grep -i wbnoinvd + Decoded ok: f3 0f 09 wbnoinvd + Decoded ok: f3 0f 09 wbnoinvd + +Signed-off-by: Adrian Hunter +Reviewed-by: Andi Kleen +Acked-by: Masami Hiramatsu +Cc: Borislav Petkov +Cc: H. Peter Anvin +Cc: Jiri Olsa +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: x86@kernel.org +Link: http://lore.kernel.org/lkml/20191115135447.6519-3-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + arch/x86/lib/x86-opcode-map.txt | 18 ++++++++++++------ + tools/objtool/arch/x86/lib/x86-opcode-map.txt | 18 ++++++++++++------ + 2 files changed, 24 insertions(+), 12 deletions(-) + +diff --git a/arch/x86/lib/x86-opcode-map.txt b/arch/x86/lib/x86-opcode-map.txt +index 1754e094bc28..0f7eb4f5bdb7 100644 +--- a/arch/x86/lib/x86-opcode-map.txt ++++ b/arch/x86/lib/x86-opcode-map.txt +@@ -333,7 +333,7 @@ AVXcode: 1 + 06: CLTS + 07: SYSRET (o64) + 08: INVD +-09: WBINVD ++09: WBINVD | WBNOINVD (F3) + 0a: + 0b: UD2 (1B) + 0c: +@@ -364,7 +364,7 @@ AVXcode: 1 + # a ModR/M byte. + 1a: BNDCL Gv,Ev (F3) | BNDCU Gv,Ev (F2) | BNDMOV Gv,Ev (66) | BNDLDX Gv,Ev + 1b: BNDCN Gv,Ev (F2) | BNDMOV Ev,Gv (66) | BNDMK Gv,Ev (F3) | BNDSTX Ev,Gv +-1c: ++1c: Grp20 (1A),(1C) + 1d: + 1e: + 1f: NOP Ev +@@ -792,6 +792,8 @@ f3: Grp17 (1A) + f5: BZHI Gy,Ey,By (v) | PEXT Gy,By,Ey (F3),(v) | PDEP Gy,By,Ey (F2),(v) + f6: ADCX Gy,Ey (66) | ADOX Gy,Ey (F3) | MULX By,Gy,rDX,Ey (F2),(v) + f7: BEXTR Gy,Ey,By (v) | SHLX Gy,Ey,By (66),(v) | SARX Gy,Ey,By (F3),(v) | SHRX Gy,Ey,By (F2),(v) ++f8: MOVDIR64B Gv,Mdqq (66) | ENQCMD Gv,Mdqq (F2) | ENQCMDS Gv,Mdqq (F3) ++f9: MOVDIRI My,Gy + EndTable + + Table: 3-byte opcode 2 (0x0f 0x3a) +@@ -943,9 +945,9 @@ GrpTable: Grp6 + EndTable + + GrpTable: Grp7 +-0: SGDT Ms | VMCALL (001),(11B) | VMLAUNCH (010),(11B) | VMRESUME (011),(11B) | VMXOFF (100),(11B) +-1: SIDT Ms | MONITOR (000),(11B) | MWAIT (001),(11B) | CLAC (010),(11B) | STAC (011),(11B) +-2: LGDT Ms | XGETBV (000),(11B) | XSETBV (001),(11B) | VMFUNC (100),(11B) | XEND (101)(11B) | XTEST (110)(11B) ++0: SGDT Ms | VMCALL (001),(11B) | VMLAUNCH (010),(11B) | VMRESUME (011),(11B) | VMXOFF (100),(11B) | PCONFIG (101),(11B) | ENCLV (000),(11B) ++1: SIDT Ms | MONITOR (000),(11B) | MWAIT (001),(11B) | CLAC (010),(11B) | STAC (011),(11B) | ENCLS (111),(11B) ++2: LGDT Ms | XGETBV (000),(11B) | XSETBV (001),(11B) | VMFUNC (100),(11B) | XEND (101)(11B) | XTEST (110)(11B) | ENCLU (111),(11B) + 3: LIDT Ms + 4: SMSW Mw/Rv + 5: rdpkru (110),(11B) | wrpkru (111),(11B) +@@ -1011,7 +1013,7 @@ GrpTable: Grp15 + 3: vstmxcsr Md (v1) | WRGSBASE Ry (F3),(11B) + 4: XSAVE + 5: XRSTOR | lfence (11B) +-6: XSAVEOPT | clwb (66) | mfence (11B) ++6: XSAVEOPT | clwb (66) | mfence (11B) | TPAUSE Rd (66),(11B) | UMONITOR Rv (F3),(11B) | UMWAIT Rd (F2),(11B) + 7: clflush | clflushopt (66) | sfence (11B) + EndTable + +@@ -1042,6 +1044,10 @@ GrpTable: Grp19 + 6: vscatterpf1qps/d Wx (66),(ev) + EndTable + ++GrpTable: Grp20 ++0: cldemote Mb ++EndTable ++ + # AMD's Prefetch Group + GrpTable: GrpP + 0: PREFETCH +diff --git a/tools/objtool/arch/x86/lib/x86-opcode-map.txt b/tools/objtool/arch/x86/lib/x86-opcode-map.txt +index 1754e094bc28..0f7eb4f5bdb7 100644 +--- a/tools/objtool/arch/x86/lib/x86-opcode-map.txt ++++ b/tools/objtool/arch/x86/lib/x86-opcode-map.txt +@@ -333,7 +333,7 @@ AVXcode: 1 + 06: CLTS + 07: SYSRET (o64) + 08: INVD +-09: WBINVD ++09: WBINVD | WBNOINVD (F3) + 0a: + 0b: UD2 (1B) + 0c: +@@ -364,7 +364,7 @@ AVXcode: 1 + # a ModR/M byte. + 1a: BNDCL Gv,Ev (F3) | BNDCU Gv,Ev (F2) | BNDMOV Gv,Ev (66) | BNDLDX Gv,Ev + 1b: BNDCN Gv,Ev (F2) | BNDMOV Ev,Gv (66) | BNDMK Gv,Ev (F3) | BNDSTX Ev,Gv +-1c: ++1c: Grp20 (1A),(1C) + 1d: + 1e: + 1f: NOP Ev +@@ -792,6 +792,8 @@ f3: Grp17 (1A) + f5: BZHI Gy,Ey,By (v) | PEXT Gy,By,Ey (F3),(v) | PDEP Gy,By,Ey (F2),(v) + f6: ADCX Gy,Ey (66) | ADOX Gy,Ey (F3) | MULX By,Gy,rDX,Ey (F2),(v) + f7: BEXTR Gy,Ey,By (v) | SHLX Gy,Ey,By (66),(v) | SARX Gy,Ey,By (F3),(v) | SHRX Gy,Ey,By (F2),(v) ++f8: MOVDIR64B Gv,Mdqq (66) | ENQCMD Gv,Mdqq (F2) | ENQCMDS Gv,Mdqq (F3) ++f9: MOVDIRI My,Gy + EndTable + + Table: 3-byte opcode 2 (0x0f 0x3a) +@@ -943,9 +945,9 @@ GrpTable: Grp6 + EndTable + + GrpTable: Grp7 +-0: SGDT Ms | VMCALL (001),(11B) | VMLAUNCH (010),(11B) | VMRESUME (011),(11B) | VMXOFF (100),(11B) +-1: SIDT Ms | MONITOR (000),(11B) | MWAIT (001),(11B) | CLAC (010),(11B) | STAC (011),(11B) +-2: LGDT Ms | XGETBV (000),(11B) | XSETBV (001),(11B) | VMFUNC (100),(11B) | XEND (101)(11B) | XTEST (110)(11B) ++0: SGDT Ms | VMCALL (001),(11B) | VMLAUNCH (010),(11B) | VMRESUME (011),(11B) | VMXOFF (100),(11B) | PCONFIG (101),(11B) | ENCLV (000),(11B) ++1: SIDT Ms | MONITOR (000),(11B) | MWAIT (001),(11B) | CLAC (010),(11B) | STAC (011),(11B) | ENCLS (111),(11B) ++2: LGDT Ms | XGETBV (000),(11B) | XSETBV (001),(11B) | VMFUNC (100),(11B) | XEND (101)(11B) | XTEST (110)(11B) | ENCLU (111),(11B) + 3: LIDT Ms + 4: SMSW Mw/Rv + 5: rdpkru (110),(11B) | wrpkru (111),(11B) +@@ -1011,7 +1013,7 @@ GrpTable: Grp15 + 3: vstmxcsr Md (v1) | WRGSBASE Ry (F3),(11B) + 4: XSAVE + 5: XRSTOR | lfence (11B) +-6: XSAVEOPT | clwb (66) | mfence (11B) ++6: XSAVEOPT | clwb (66) | mfence (11B) | TPAUSE Rd (66),(11B) | UMONITOR Rv (F3),(11B) | UMWAIT Rd (F2),(11B) + 7: clflush | clflushopt (66) | sfence (11B) + EndTable + +@@ -1042,6 +1044,10 @@ GrpTable: Grp19 + 6: vscatterpf1qps/d Wx (66),(ev) + EndTable + ++GrpTable: Grp20 ++0: cldemote Mb ++EndTable ++ + # AMD's Prefetch Group + GrpTable: GrpP + 0: PREFETCH +-- +2.20.1 + diff --git a/queue-4.9/x86-ioapic-prevent-inconsistent-state-when-moving-an.patch b/queue-4.9/x86-ioapic-prevent-inconsistent-state-when-moving-an.patch new file mode 100644 index 00000000000..eca98d8cc59 --- /dev/null +++ b/queue-4.9/x86-ioapic-prevent-inconsistent-state-when-moving-an.patch @@ -0,0 +1,81 @@ +From 67913286fad1be47357e44d74949dd189b5c3c85 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Oct 2019 12:19:01 +0200 +Subject: x86/ioapic: Prevent inconsistent state when moving an interrupt + +From: Thomas Gleixner + +[ Upstream commit df4393424af3fbdcd5c404077176082a8ce459c4 ] + +There is an issue with threaded interrupts which are marked ONESHOT +and using the fasteoi handler: + + if (IS_ONESHOT()) + mask_irq(); + .... + cond_unmask_eoi_irq() + chip->irq_eoi(); + if (setaffinity_pending) { + mask_ioapic(); + ... + move_affinity(); + unmask_ioapic(); + } + +So if setaffinity is pending the interrupt will be moved and then +unconditionally unmasked at the ioapic level, which is wrong in two +aspects: + + 1) It should be kept masked up to the point where the threaded handler + finished. + + 2) The physical chip state and the software masked state are inconsistent + +Guard both the mask and the unmask with a check for the software masked +state. If the line is marked masked then the ioapic line is also masked, so +both mask_ioapic() and unmask_ioapic() can be skipped safely. + +Signed-off-by: Thomas Gleixner +Cc: Andy Shevchenko +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Sebastian Siewior +Fixes: 3aa551c9b4c4 ("genirq: add threaded interrupt handler support") +Link: https://lkml.kernel.org/r/20191017101938.321393687@linutronix.de +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/apic/io_apic.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c +index 09dd95cabfc2..3401b28f1312 100644 +--- a/arch/x86/kernel/apic/io_apic.c ++++ b/arch/x86/kernel/apic/io_apic.c +@@ -1712,9 +1712,10 @@ static bool io_apic_level_ack_pending(struct mp_chip_data *data) + + static inline bool ioapic_irqd_mask(struct irq_data *data) + { +- /* If we are moving the irq we need to mask it */ ++ /* If we are moving the IRQ we need to mask it */ + if (unlikely(irqd_is_setaffinity_pending(data))) { +- mask_ioapic_irq(data); ++ if (!irqd_irq_masked(data)) ++ mask_ioapic_irq(data); + return true; + } + return false; +@@ -1751,7 +1752,9 @@ static inline void ioapic_irqd_unmask(struct irq_data *data, bool masked) + */ + if (!io_apic_level_ack_pending(data->chip_data)) + irq_move_masked_irq(data); +- unmask_ioapic_irq(data); ++ /* If the IRQ is masked in the core, leave it: */ ++ if (!irqd_irq_masked(data)) ++ unmask_ioapic_irq(data); + } + } + #else +-- +2.20.1 + diff --git a/queue-4.9/x86-mce-lower-throttling-mce-messages-priority-to-wa.patch b/queue-4.9/x86-mce-lower-throttling-mce-messages-priority-to-wa.patch new file mode 100644 index 00000000000..7ba30abb8c6 --- /dev/null +++ b/queue-4.9/x86-mce-lower-throttling-mce-messages-priority-to-wa.patch @@ -0,0 +1,67 @@ +From 2f2bc46c1251a8f565f992001062678c5f77e57e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Oct 2019 17:54:24 +0200 +Subject: x86/mce: Lower throttling MCE messages' priority to warning + +From: Benjamin Berg + +[ Upstream commit 9c3bafaa1fd88e4dd2dba3735a1f1abb0f2c7bb7 ] + +On modern CPUs it is quite normal that the temperature limits are +reached and the CPU is throttled. In fact, often the thermal design is +not sufficient to cool the CPU at full load and limits can quickly be +reached when a burst in load happens. This will even happen with +technologies like RAPL limitting the long term power consumption of +the package. + +Also, these limits are "softer", as Srinivas explains: + +"CPU temperature doesn't have to hit max(TjMax) to get these warnings. +OEMs ha[ve] an ability to program a threshold where a thermal interrupt +can be generated. In some systems the offset is 20C+ (Read only value). + +In recent systems, there is another offset on top of it which can be +programmed by OS, once some agent can adjust power limits dynamically. +By default this is set to low by the firmware, which I guess the +prime motivation of Benjamin to submit the patch." + +So these messages do not usually indicate a hardware issue (e.g. +insufficient cooling). Log them as warnings to avoid confusion about +their severity. + + [ bp: Massage commit mesage. ] + +Signed-off-by: Benjamin Berg +Signed-off-by: Borislav Petkov +Reviewed-by: Hans de Goede +Tested-by: Christian Kellner +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: linux-edac +Cc: Peter Zijlstra +Cc: Srinivas Pandruvada +Cc: Thomas Gleixner +Cc: Tony Luck +Cc: x86-ml +Link: https://lkml.kernel.org/r/20191009155424.249277-1-bberg@redhat.com +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/cpu/mcheck/therm_throt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c +index c460c91d0c8f..be2439592b0e 100644 +--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c ++++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c +@@ -190,7 +190,7 @@ static int therm_throt_process(bool new_event, int event, int level) + /* if we just entered the thermal event */ + if (new_event) { + if (event == THERMAL_THROTTLING_EVENT) +- pr_crit("CPU%d: %s temperature above threshold, cpu clock throttled (total events = %lu)\n", ++ pr_warn("CPU%d: %s temperature above threshold, cpu clock throttled (total events = %lu)\n", + this_cpu, + level == CORE_LEVEL ? "Core" : "Package", + state->count); +-- +2.20.1 + diff --git a/queue-4.9/x86-mm-use-the-correct-function-type-for-native_set_.patch b/queue-4.9/x86-mm-use-the-correct-function-type-for-native_set_.patch new file mode 100644 index 00000000000..710da09ad89 --- /dev/null +++ b/queue-4.9/x86-mm-use-the-correct-function-type-for-native_set_.patch @@ -0,0 +1,65 @@ +From be4d6d0710e7cf200b3c6a071278c8f2d6bf1541 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 Sep 2019 14:14:02 -0700 +Subject: x86/mm: Use the correct function type for native_set_fixmap() + +From: Sami Tolvanen + +[ Upstream commit f53e2cd0b8ab7d9e390414470bdbd830f660133f ] + +We call native_set_fixmap indirectly through the function pointer +struct pv_mmu_ops::set_fixmap, which expects the first parameter to be +'unsigned' instead of 'enum fixed_addresses'. This patch changes the +function type for native_set_fixmap to match the pointer, which fixes +indirect call mismatches with Control-Flow Integrity (CFI) checking. + +Signed-off-by: Sami Tolvanen +Reviewed-by: Kees Cook +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Dave Hansen +Cc: H . Peter Anvin +Cc: H. Peter Anvin +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Rik van Riel +Cc: Thomas Gleixner +Link: https://lkml.kernel.org/r/20190913211402.193018-1-samitolvanen@google.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + arch/x86/include/asm/fixmap.h | 2 +- + arch/x86/mm/pgtable.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h +index 8554f960e21b..61d6f2c05757 100644 +--- a/arch/x86/include/asm/fixmap.h ++++ b/arch/x86/include/asm/fixmap.h +@@ -142,7 +142,7 @@ extern pte_t *kmap_pte; + extern pte_t *pkmap_page_table; + + void __native_set_fixmap(enum fixed_addresses idx, pte_t pte); +-void native_set_fixmap(enum fixed_addresses idx, ++void native_set_fixmap(unsigned /* enum fixed_addresses */ idx, + phys_addr_t phys, pgprot_t flags); + + #ifndef CONFIG_PARAVIRT +diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c +index dff8ac2d255c..08e0380414a9 100644 +--- a/arch/x86/mm/pgtable.c ++++ b/arch/x86/mm/pgtable.c +@@ -544,8 +544,8 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) + fixmaps_set++; + } + +-void native_set_fixmap(enum fixed_addresses idx, phys_addr_t phys, +- pgprot_t flags) ++void native_set_fixmap(unsigned /* enum fixed_addresses */ idx, ++ phys_addr_t phys, pgprot_t flags) + { + __native_set_fixmap(idx, pfn_pte(phys >> PAGE_SHIFT, flags)); + } +-- +2.20.1 + -- 2.47.3