From a786a3ba1858b541e9af0bee28bc42926e8a9425 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 9 Aug 2017 11:08:22 -0700 Subject: [PATCH] 4.9-stable patches added patches: arm-8632-1-ftrace-fix-syscall-name-matching.patch arm-dts-sun8i-support-dtb-build-for-nanopi-m1.patch arm-dts-sunxi-change-node-name-for-pwrseq-pin-on-olinuxino-lime2-emmc.patch asoc-rt5645-set-sel_i2s_pre_div1-to-2.patch clk-samsung-exynos542x-mark-some-clocks-as-critical.patch drm-virtio-fix-framebuffer-sparse-warning.patch ipv4-make-tcp_notsent_lowat-sysctl-knob-behave-as-true-unsigned-int.patch ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch iw_cxgb4-do-not-send-rx_data_ack-cpls-after-close-abort.patch lib-kconfig.debug-fix-frv-build-failure.patch mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch nbd-blk_mq_init_queue-returns-an-error-code-on-failure-not-null.patch net-account-for-current-skb-length-when-deciding-about-ufo.patch net-mlx5-e-switch-re-enable-roce-on-mode-change-only-after-fdb-destroy.patch net-phy-dp83867-fix-irq-generation.patch netfilter-use-fwmark_reflect-in-nf_send_reset.patch phy-state-machine-failsafe-leave-invalid-running-state.patch scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch sh_eth-fix-eesipr-values-for-sh77-34-63.patch sh_eth-r8a7740-supports-packet-shecksumming.patch signal-protect-signal_unkillable-from-unintentional-clearing.patch spi-spi-axi-free-resources-on-error-path.patch tg3-fix-race-condition-in-tg3_get_stats64.patch virtio_blk-fix-panic-in-initialization-error-path.patch wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch x86-boot-add-missing-declaration-of-string-functions.patch --- ...2-1-ftrace-fix-syscall-name-matching.patch | 52 +++++++++ ...un8i-support-dtb-build-for-nanopi-m1.patch | 31 ++++++ ...r-pwrseq-pin-on-olinuxino-lime2-emmc.patch | 34 ++++++ ...soc-rt5645-set-sel_i2s_pre_div1-to-2.patch | 40 +++++++ ...nos542x-mark-some-clocks-as-critical.patch | 88 +++++++++++++++ ...irtio-fix-framebuffer-sparse-warning.patch | 33 ++++++ ...ctl-knob-behave-as-true-unsigned-int.patch | 40 +++++++ ..._ip_append_data-and-ip_finish_output.patch | 43 ++++++++ ...d-rx_data_ack-cpls-after-close-abort.patch | 53 +++++++++ ...-kconfig.debug-fix-frv-build-failure.patch | 54 +++++++++ ...-struct-page-fields-of-invalid-pages.patch | 54 +++++++++ ...loc_max_size-will-fit-into-max_order.patch | 79 +++++++++++++ ...ns-an-error-code-on-failure-not-null.patch | 53 +++++++++ ...t-skb-length-when-deciding-about-ufo.patch | 78 +++++++++++++ ...n-mode-change-only-after-fdb-destroy.patch | 96 ++++++++++++++++ .../net-phy-dp83867-fix-irq-generation.patch | 63 +++++++++++ ...-use-fwmark_reflect-in-nf_send_reset.patch | 54 +++++++++ ...failsafe-leave-invalid-running-state.patch | 55 +++++++++ ...ex-lock-before-checking-optrom_state.patch | 104 ++++++++++++++++++ queue-4.9/series | 27 +++++ ...eth-fix-eesipr-values-for-sh77-34-63.patch | 44 ++++++++ ...r8a7740-supports-packet-shecksumming.patch | 33 ++++++ ...killable-from-unintentional-clearing.patch | 84 ++++++++++++++ ...spi-axi-free-resources-on-error-path.patch | 34 ++++++ ...ix-race-condition-in-tg3_get_stats64.patch | 42 +++++++ ...x-panic-in-initialization-error-path.patch | 40 +++++++ ...-data-in-iwe_stream_add_point-better.patch | 45 ++++++++ ...sing-declaration-of-string-functions.patch | 50 +++++++++ 28 files changed, 1503 insertions(+) create mode 100644 queue-4.9/arm-8632-1-ftrace-fix-syscall-name-matching.patch create mode 100644 queue-4.9/arm-dts-sun8i-support-dtb-build-for-nanopi-m1.patch create mode 100644 queue-4.9/arm-dts-sunxi-change-node-name-for-pwrseq-pin-on-olinuxino-lime2-emmc.patch create mode 100644 queue-4.9/asoc-rt5645-set-sel_i2s_pre_div1-to-2.patch create mode 100644 queue-4.9/clk-samsung-exynos542x-mark-some-clocks-as-critical.patch create mode 100644 queue-4.9/drm-virtio-fix-framebuffer-sparse-warning.patch create mode 100644 queue-4.9/ipv4-make-tcp_notsent_lowat-sysctl-knob-behave-as-true-unsigned-int.patch create mode 100644 queue-4.9/ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch create mode 100644 queue-4.9/iw_cxgb4-do-not-send-rx_data_ack-cpls-after-close-abort.patch create mode 100644 queue-4.9/lib-kconfig.debug-fix-frv-build-failure.patch create mode 100644 queue-4.9/mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch create mode 100644 queue-4.9/mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch create mode 100644 queue-4.9/nbd-blk_mq_init_queue-returns-an-error-code-on-failure-not-null.patch create mode 100644 queue-4.9/net-account-for-current-skb-length-when-deciding-about-ufo.patch create mode 100644 queue-4.9/net-mlx5-e-switch-re-enable-roce-on-mode-change-only-after-fdb-destroy.patch create mode 100644 queue-4.9/net-phy-dp83867-fix-irq-generation.patch create mode 100644 queue-4.9/netfilter-use-fwmark_reflect-in-nf_send_reset.patch create mode 100644 queue-4.9/phy-state-machine-failsafe-leave-invalid-running-state.patch create mode 100644 queue-4.9/scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch create mode 100644 queue-4.9/sh_eth-fix-eesipr-values-for-sh77-34-63.patch create mode 100644 queue-4.9/sh_eth-r8a7740-supports-packet-shecksumming.patch create mode 100644 queue-4.9/signal-protect-signal_unkillable-from-unintentional-clearing.patch create mode 100644 queue-4.9/spi-spi-axi-free-resources-on-error-path.patch create mode 100644 queue-4.9/tg3-fix-race-condition-in-tg3_get_stats64.patch create mode 100644 queue-4.9/virtio_blk-fix-panic-in-initialization-error-path.patch create mode 100644 queue-4.9/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch create mode 100644 queue-4.9/x86-boot-add-missing-declaration-of-string-functions.patch diff --git a/queue-4.9/arm-8632-1-ftrace-fix-syscall-name-matching.patch b/queue-4.9/arm-8632-1-ftrace-fix-syscall-name-matching.patch new file mode 100644 index 00000000000..752786464ae --- /dev/null +++ b/queue-4.9/arm-8632-1-ftrace-fix-syscall-name-matching.patch @@ -0,0 +1,52 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Rabin Vincent +Date: Wed, 23 Nov 2016 13:02:32 +0100 +Subject: ARM: 8632/1: ftrace: fix syscall name matching + +From: Rabin Vincent + + +[ Upstream commit 270c8cf1cacc69cb8d99dea812f06067a45e4609 ] + +ARM has a few system calls (most notably mmap) for which the names of +the functions which are referenced in the syscall table do not match the +names of the syscall tracepoints. As a consequence of this, these +tracepoints are not made available. Implement +arch_syscall_match_sym_name to fix this and allow tracing even these +system calls. + +Signed-off-by: Rabin Vincent +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/include/asm/ftrace.h | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +--- a/arch/arm/include/asm/ftrace.h ++++ b/arch/arm/include/asm/ftrace.h +@@ -54,6 +54,24 @@ static inline void *return_address(unsig + + #define ftrace_return_address(n) return_address(n) + ++#define ARCH_HAS_SYSCALL_MATCH_SYM_NAME ++ ++static inline bool arch_syscall_match_sym_name(const char *sym, ++ const char *name) ++{ ++ if (!strcmp(sym, "sys_mmap2")) ++ sym = "sys_mmap_pgoff"; ++ else if (!strcmp(sym, "sys_statfs64_wrapper")) ++ sym = "sys_statfs64"; ++ else if (!strcmp(sym, "sys_fstatfs64_wrapper")) ++ sym = "sys_fstatfs64"; ++ else if (!strcmp(sym, "sys_arm_fadvise64_64")) ++ sym = "sys_fadvise64_64"; ++ ++ /* Ignore case since sym may start with "SyS" instead of "sys" */ ++ return !strcasecmp(sym, name); ++} ++ + #endif /* ifndef __ASSEMBLY__ */ + + #endif /* _ASM_ARM_FTRACE */ diff --git a/queue-4.9/arm-dts-sun8i-support-dtb-build-for-nanopi-m1.patch b/queue-4.9/arm-dts-sun8i-support-dtb-build-for-nanopi-m1.patch new file mode 100644 index 00000000000..43b3be53ec9 --- /dev/null +++ b/queue-4.9/arm-dts-sun8i-support-dtb-build-for-nanopi-m1.patch @@ -0,0 +1,31 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Milo Kim +Date: Tue, 13 Dec 2016 08:18:15 +0900 +Subject: ARM: dts: sun8i: Support DTB build for NanoPi M1 + +From: Milo Kim + + +[ Upstream commit 661ccdc1a95f18ab6c1373322fde09afd5b90a1f ] + +The commit 10efbf5f1633 ("ARM: dts: sun8i: Add dts file for NanoPi M1 SBC") +introduced NanoPi M1 board but it's missing in Allwinner H3 DTB build. + +Signed-off-by: Milo Kim +Signed-off-by: Maxime Ripard +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/Makefile | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm/boot/dts/Makefile ++++ b/arch/arm/boot/dts/Makefile +@@ -820,6 +820,7 @@ dtb-$(CONFIG_MACH_SUN8I) += \ + sun8i-a83t-allwinner-h8homlet-v2.dtb \ + sun8i-a83t-cubietruck-plus.dtb \ + sun8i-h3-bananapi-m2-plus.dtb \ ++ sun8i-h3-nanopi-m1.dtb \ + sun8i-h3-nanopi-neo.dtb \ + sun8i-h3-orangepi-2.dtb \ + sun8i-h3-orangepi-lite.dtb \ diff --git a/queue-4.9/arm-dts-sunxi-change-node-name-for-pwrseq-pin-on-olinuxino-lime2-emmc.patch b/queue-4.9/arm-dts-sunxi-change-node-name-for-pwrseq-pin-on-olinuxino-lime2-emmc.patch new file mode 100644 index 00000000000..e4fc24ffdf1 --- /dev/null +++ b/queue-4.9/arm-dts-sunxi-change-node-name-for-pwrseq-pin-on-olinuxino-lime2-emmc.patch @@ -0,0 +1,34 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Emmanuel Vadot +Date: Wed, 14 Dec 2016 15:57:24 +0100 +Subject: ARM: dts: sunxi: Change node name for pwrseq pin on Olinuxino-lime2-emmc + +From: Emmanuel Vadot + + +[ Upstream commit 3116d37651d77125bf50f81f859b1278e02ccce6 ] + +The node name for the power seq pin is mmc2@0 like the mmc2_pins_a one. +This makes the original node (mmc2_pins_a) scrapped out of the dtb and +result in a unusable eMMC if U-Boot didn't configured the pins to the +correct functions. + +Signed-off-by: Emmanuel Vadot +Signed-off-by: Maxime Ripard +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/sun7i-a20-olinuxino-lime2-emmc.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/boot/dts/sun7i-a20-olinuxino-lime2-emmc.dts ++++ b/arch/arm/boot/dts/sun7i-a20-olinuxino-lime2-emmc.dts +@@ -56,7 +56,7 @@ + }; + + &pio { +- mmc2_pins_nrst: mmc2@0 { ++ mmc2_pins_nrst: mmc2-rst-pin { + allwinner,pins = "PC16"; + allwinner,function = "gpio_out"; + allwinner,drive = ; diff --git a/queue-4.9/asoc-rt5645-set-sel_i2s_pre_div1-to-2.patch b/queue-4.9/asoc-rt5645-set-sel_i2s_pre_div1-to-2.patch new file mode 100644 index 00000000000..824449ff2df --- /dev/null +++ b/queue-4.9/asoc-rt5645-set-sel_i2s_pre_div1-to-2.patch @@ -0,0 +1,40 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Bard Liao +Date: Tue, 27 Dec 2016 12:05:05 +0800 +Subject: ASoC: rt5645: set sel_i2s_pre_div1 to 2 + +From: Bard Liao + + +[ Upstream commit 02c5c03283c52157d336abf5e44ffcda10579fbf ] + +The i2s clock pre-divider 1 is used for both i2s1 and sysclk. +The i2s1 is usually used for the main i2s and the pre-divider +will be set in hw_params function. + +However, if i2s2 is used, the pre-divider is not set in the hw_params +function and the default value of i2s clock pre-divider 1 is too high +for sysclk and DMIC usage. Fix by overriding default divider value to 2. + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=95681 +Tested-by: Pierre-Louis Bossart +Signed-off-by: Bard Liao +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/rt5645.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/sound/soc/codecs/rt5645.c ++++ b/sound/soc/codecs/rt5645.c +@@ -3833,6 +3833,9 @@ static int rt5645_i2c_probe(struct i2c_c + } + } + ++ regmap_update_bits(rt5645->regmap, RT5645_ADDA_CLK1, ++ RT5645_I2S_PD1_MASK, RT5645_I2S_PD1_2); ++ + if (rt5645->pdata.jd_invert) { + regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, + RT5645_JD_1_1_MASK, RT5645_JD_1_1_INV); diff --git a/queue-4.9/clk-samsung-exynos542x-mark-some-clocks-as-critical.patch b/queue-4.9/clk-samsung-exynos542x-mark-some-clocks-as-critical.patch new file mode 100644 index 00000000000..dc778356897 --- /dev/null +++ b/queue-4.9/clk-samsung-exynos542x-mark-some-clocks-as-critical.patch @@ -0,0 +1,88 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Marek Szyprowski +Date: Thu, 22 Dec 2016 10:44:30 +0100 +Subject: clk/samsung: exynos542x: mark some clocks as critical + +From: Marek Szyprowski + + +[ Upstream commit 318fa46cc60d37fec1e87dbf03a82aca0f5ce695 ] + +Some parent clocks of the Exynos542x clock blocks, which have separate +power domains (like DISP, MFC, MSC, GSC, FSYS and G2D) must be always +enabled to access any register related to power management unit or devices +connected to it. For the time being, until a proper solution based on +runtime PM is applied, mark those clocks as critical (instead of ignore +unused or even no flags) to prevent disabling them. + +Signed-off-by: Marek Szyprowski +Acked-by: Sylwester Nawrocki +Reviewed-by: Chanwoo Choi +Reviewed-by: Javier Martinez Canillas +Tested-by: Javier Martinez Canillas [Exynos5800 Peach Pi Chromebook] +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/samsung/clk-exynos5420.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/drivers/clk/samsung/clk-exynos5420.c ++++ b/drivers/clk/samsung/clk-exynos5420.c +@@ -586,7 +586,7 @@ static const struct samsung_gate_clock e + GATE(CLK_ACLK550_CAM, "aclk550_cam", "mout_user_aclk550_cam", + GATE_BUS_TOP, 24, 0, 0), + GATE(CLK_ACLK432_SCALER, "aclk432_scaler", "mout_user_aclk432_scaler", +- GATE_BUS_TOP, 27, 0, 0), ++ GATE_BUS_TOP, 27, CLK_IS_CRITICAL, 0), + }; + + static const struct samsung_mux_clock exynos5420_mux_clks[] __initconst = { +@@ -956,20 +956,20 @@ static const struct samsung_gate_clock e + GATE(CLK_SMMU_G2D, "smmu_g2d", "aclk333_g2d", GATE_IP_G2D, 7, 0, 0), + + GATE(0, "aclk200_fsys", "mout_user_aclk200_fsys", +- GATE_BUS_FSYS0, 9, CLK_IGNORE_UNUSED, 0), ++ GATE_BUS_FSYS0, 9, CLK_IS_CRITICAL, 0), + GATE(0, "aclk200_fsys2", "mout_user_aclk200_fsys2", + GATE_BUS_FSYS0, 10, CLK_IGNORE_UNUSED, 0), + + GATE(0, "aclk333_g2d", "mout_user_aclk333_g2d", + GATE_BUS_TOP, 0, CLK_IGNORE_UNUSED, 0), + GATE(0, "aclk266_g2d", "mout_user_aclk266_g2d", +- GATE_BUS_TOP, 1, CLK_IGNORE_UNUSED, 0), ++ GATE_BUS_TOP, 1, CLK_IS_CRITICAL, 0), + GATE(0, "aclk300_jpeg", "mout_user_aclk300_jpeg", + GATE_BUS_TOP, 4, CLK_IGNORE_UNUSED, 0), + GATE(0, "aclk333_432_isp0", "mout_user_aclk333_432_isp0", + GATE_BUS_TOP, 5, 0, 0), + GATE(0, "aclk300_gscl", "mout_user_aclk300_gscl", +- GATE_BUS_TOP, 6, CLK_IGNORE_UNUSED, 0), ++ GATE_BUS_TOP, 6, CLK_IS_CRITICAL, 0), + GATE(0, "aclk333_432_gscl", "mout_user_aclk333_432_gscl", + GATE_BUS_TOP, 7, CLK_IGNORE_UNUSED, 0), + GATE(0, "aclk333_432_isp", "mout_user_aclk333_432_isp", +@@ -983,20 +983,20 @@ static const struct samsung_gate_clock e + GATE(0, "aclk166", "mout_user_aclk166", + GATE_BUS_TOP, 14, CLK_IGNORE_UNUSED, 0), + GATE(CLK_ACLK333, "aclk333", "mout_user_aclk333", +- GATE_BUS_TOP, 15, CLK_IGNORE_UNUSED, 0), ++ GATE_BUS_TOP, 15, CLK_IS_CRITICAL, 0), + GATE(0, "aclk400_isp", "mout_user_aclk400_isp", + GATE_BUS_TOP, 16, 0, 0), + GATE(0, "aclk400_mscl", "mout_user_aclk400_mscl", + GATE_BUS_TOP, 17, 0, 0), + GATE(0, "aclk200_disp1", "mout_user_aclk200_disp1", +- GATE_BUS_TOP, 18, 0, 0), ++ GATE_BUS_TOP, 18, CLK_IS_CRITICAL, 0), + GATE(CLK_SCLK_MPHY_IXTAL24, "sclk_mphy_ixtal24", "mphy_refclk_ixtal24", + GATE_BUS_TOP, 28, 0, 0), + GATE(CLK_SCLK_HSIC_12M, "sclk_hsic_12m", "ff_hsic_12m", + GATE_BUS_TOP, 29, 0, 0), + + GATE(0, "aclk300_disp1", "mout_user_aclk300_disp1", +- SRC_MASK_TOP2, 24, 0, 0), ++ SRC_MASK_TOP2, 24, CLK_IS_CRITICAL, 0), + + GATE(CLK_MAU_EPLL, "mau_epll", "mout_mau_epll_clk", + SRC_MASK_TOP7, 20, 0, 0), diff --git a/queue-4.9/drm-virtio-fix-framebuffer-sparse-warning.patch b/queue-4.9/drm-virtio-fix-framebuffer-sparse-warning.patch new file mode 100644 index 00000000000..6fca3df68df --- /dev/null +++ b/queue-4.9/drm-virtio-fix-framebuffer-sparse-warning.patch @@ -0,0 +1,33 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Gerd Hoffmann +Date: Mon, 28 Nov 2016 08:52:20 +0100 +Subject: drm/virtio: fix framebuffer sparse warning + +From: Gerd Hoffmann + + +[ Upstream commit 71d3f6ef7f5af38dea2975ec5715c88bae92e92d ] + +virtio uses normal ram as backing storage for the framebuffer, so we +should assign the address to new screen_buffer (added by commit +17a7b0b4d9749f80d365d7baff5dec2f54b0e992) instead of screen_base. + +Reported-by: Michael S. Tsirkin +Signed-off-by: Gerd Hoffmann +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/virtio/virtgpu_fb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/virtio/virtgpu_fb.c ++++ b/drivers/gpu/drm/virtio/virtgpu_fb.c +@@ -337,7 +337,7 @@ static int virtio_gpufb_create(struct dr + info->fbops = &virtio_gpufb_ops; + info->pixmap.flags = FB_PIXMAP_SYSTEM; + +- info->screen_base = obj->vmap; ++ info->screen_buffer = obj->vmap; + info->screen_size = obj->gem_base.size; + drm_fb_helper_fill_fix(info, fb->pitches[0], fb->depth); + drm_fb_helper_fill_var(info, &vfbdev->helper, diff --git a/queue-4.9/ipv4-make-tcp_notsent_lowat-sysctl-knob-behave-as-true-unsigned-int.patch b/queue-4.9/ipv4-make-tcp_notsent_lowat-sysctl-knob-behave-as-true-unsigned-int.patch new file mode 100644 index 00000000000..2ec78a48fdc --- /dev/null +++ b/queue-4.9/ipv4-make-tcp_notsent_lowat-sysctl-knob-behave-as-true-unsigned-int.patch @@ -0,0 +1,40 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Pavel Tikhomirov +Date: Mon, 9 Jan 2017 10:45:49 +0300 +Subject: ipv4: make tcp_notsent_lowat sysctl knob behave as true unsigned int + +From: Pavel Tikhomirov + + +[ Upstream commit b007f09072ca8afa118ade333e717ba443e8d807 ] + +> cat /proc/sys/net/ipv4/tcp_notsent_lowat +-1 +> echo 4294967295 > /proc/sys/net/ipv4/tcp_notsent_lowat +-bash: echo: write error: Invalid argument +> echo -2147483648 > /proc/sys/net/ipv4/tcp_notsent_lowat +> cat /proc/sys/net/ipv4/tcp_notsent_lowat +-2147483648 + +but in documentation we have "tcp_notsent_lowat - UNSIGNED INTEGER" + +v2: simplify to just proc_douintvec +Signed-off-by: Pavel Tikhomirov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/sysctl_net_ipv4.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/sysctl_net_ipv4.c ++++ b/net/ipv4/sysctl_net_ipv4.c +@@ -958,7 +958,7 @@ static struct ctl_table ipv4_net_table[] + .data = &init_net.ipv4.sysctl_tcp_notsent_lowat, + .maxlen = sizeof(unsigned int), + .mode = 0644, +- .proc_handler = proc_dointvec, ++ .proc_handler = proc_douintvec, + }, + #ifdef CONFIG_IP_ROUTE_MULTIPATH + { diff --git a/queue-4.9/ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch b/queue-4.9/ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch new file mode 100644 index 00000000000..a37fb460260 --- /dev/null +++ b/queue-4.9/ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch @@ -0,0 +1,43 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: zheng li +Date: Mon, 12 Dec 2016 09:56:05 +0800 +Subject: ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output + +From: zheng li + + +[ Upstream commit 0a28cfd51e17f4f0a056bcf66bfbe492c3b99f38 ] + +There is an inconsistent conditional judgement in __ip_append_data and +ip_finish_output functions, the variable length in __ip_append_data just +include the length of application's payload and udp header, don't include +the length of ip header, but in ip_finish_output use +(skb->len > ip_skb_dst_mtu(skb)) as judgement, and skb->len include the +length of ip header. + +That causes some particular application's udp payload whose length is +between (MTU - IP Header) and MTU were fragmented by ip_fragment even +though the rst->dev support UFO feature. + +Add the length of ip header to length in __ip_append_data to keep +consistent conditional judgement as ip_finish_output for ip fragment. + +Signed-off-by: Zheng Li +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/ip_output.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -936,7 +936,7 @@ static int __ip_append_data(struct sock + csummode = CHECKSUM_PARTIAL; + + cork->length += length; +- if (((length > mtu) || (skb && skb_is_gso(skb))) && ++ if ((((length + fragheaderlen) > mtu) || (skb && skb_is_gso(skb))) && + (sk->sk_protocol == IPPROTO_UDP) && + (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len && + (sk->sk_type == SOCK_DGRAM) && !sk->sk_no_check_tx) { diff --git a/queue-4.9/iw_cxgb4-do-not-send-rx_data_ack-cpls-after-close-abort.patch b/queue-4.9/iw_cxgb4-do-not-send-rx_data_ack-cpls-after-close-abort.patch new file mode 100644 index 00000000000..db3e599ad5e --- /dev/null +++ b/queue-4.9/iw_cxgb4-do-not-send-rx_data_ack-cpls-after-close-abort.patch @@ -0,0 +1,53 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Steve Wise +Date: Thu, 22 Dec 2016 07:40:37 -0800 +Subject: iw_cxgb4: do not send RX_DATA_ACK CPLs after close/abort + +From: Steve Wise + + +[ Upstream commit 3bcf96e0183f5c863657cb6ae9adad307a0f6071 ] + +Function rx_data(), which handles ingress CPL_RX_DATA messages, was +always sending an RX_DATA_ACK with the goal of updating the credits. +However, if the RDMA connection is moved out of FPDU mode abruptly, +then it is possible for iw_cxgb4 to process queued RX_DATA CPLs after HW +has aborted the connection. These CPLs should not trigger RX_DATA_ACKS. +If they do, HW can see a READ after DELETE of the DB_LE hash entry for +the tid and post a LE_DB HashTblMemCrcError. + +Signed-off-by: Steve Wise +Signed-off-by: Doug Ledford +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/hw/cxgb4/cm.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/infiniband/hw/cxgb4/cm.c ++++ b/drivers/infiniband/hw/cxgb4/cm.c +@@ -1804,20 +1804,21 @@ static int rx_data(struct c4iw_dev *dev, + skb_trim(skb, dlen); + mutex_lock(&ep->com.mutex); + +- /* update RX credits */ +- update_rx_credits(ep, dlen); +- + switch (ep->com.state) { + case MPA_REQ_SENT: ++ update_rx_credits(ep, dlen); + ep->rcv_seq += dlen; + disconnect = process_mpa_reply(ep, skb); + break; + case MPA_REQ_WAIT: ++ update_rx_credits(ep, dlen); + ep->rcv_seq += dlen; + disconnect = process_mpa_request(ep, skb); + break; + case FPDU_MODE: { + struct c4iw_qp_attributes attrs; ++ ++ update_rx_credits(ep, dlen); + BUG_ON(!ep->com.qp); + if (status) + pr_err("%s Unexpected streaming data." \ diff --git a/queue-4.9/lib-kconfig.debug-fix-frv-build-failure.patch b/queue-4.9/lib-kconfig.debug-fix-frv-build-failure.patch new file mode 100644 index 00000000000..52ee017d84c --- /dev/null +++ b/queue-4.9/lib-kconfig.debug-fix-frv-build-failure.patch @@ -0,0 +1,54 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Sudip Mukherjee +Date: Tue, 10 Jan 2017 16:57:45 -0800 +Subject: lib/Kconfig.debug: fix frv build failure + +From: Sudip Mukherjee + + +[ Upstream commit da0510c47519fe0999cffe316e1d370e29f952be ] + +The build of frv allmodconfig was failing with the errors like: + + /tmp/cc0JSPc3.s: Assembler messages: + /tmp/cc0JSPc3.s:1839: Error: symbol `.LSLT0' is already defined + /tmp/cc0JSPc3.s:1842: Error: symbol `.LASLTP0' is already defined + /tmp/cc0JSPc3.s:1969: Error: symbol `.LELTP0' is already defined + /tmp/cc0JSPc3.s:1970: Error: symbol `.LELT0' is already defined + +Commit 866ced950bcd ("kbuild: Support split debug info v4") introduced +splitting the debug info and keeping that in a separate file. Somehow, +the frv-linux gcc did not like that and I am guessing that instead of +splitting it started copying. The first report about this is at: + + https://lists.01.org/pipermail/kbuild-all/2015-July/010527.html. + +I will try and see if this can work with frv and if still fails I will +open a bug report with gcc. But meanwhile this is the easiest option to +solve build failure of frv. + +Fixes: 866ced950bcd ("kbuild: Support split debug info v4") +Link: http://lkml.kernel.org/r/1482062348-5352-1-git-send-email-sudipm.mukherjee@gmail.com +Signed-off-by: Sudip Mukherjee +Reported-by: Fengguang Wu +Cc: Andi Kleen +Cc: David Howells +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + lib/Kconfig.debug | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -145,7 +145,7 @@ config DEBUG_INFO_REDUCED + + config DEBUG_INFO_SPLIT + bool "Produce split debuginfo in .dwo files" +- depends on DEBUG_INFO ++ depends on DEBUG_INFO && !FRV + help + Generate debug info into separate .dwo files. This significantly + reduces the build directory size for builds with DEBUG_INFO, diff --git a/queue-4.9/mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch b/queue-4.9/mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch new file mode 100644 index 00000000000..132243e91e5 --- /dev/null +++ b/queue-4.9/mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch @@ -0,0 +1,54 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Ard Biesheuvel +Date: Tue, 10 Jan 2017 16:58:00 -0800 +Subject: mm: don't dereference struct page fields of invalid pages + +From: Ard Biesheuvel + + +[ Upstream commit f073bdc51771f5a5c7a8d1191bfc3ae371d44de7 ] + +The VM_BUG_ON() check in move_freepages() checks whether the node id of +a page matches the node id of its zone. However, it does this before +having checked whether the struct page pointer refers to a valid struct +page to begin with. This is guaranteed in most cases, but may not be +the case if CONFIG_HOLES_IN_ZONE=y. + +So reorder the VM_BUG_ON() with the pfn_valid_within() check. + +Link: http://lkml.kernel.org/r/1481706707-6211-2-git-send-email-ard.biesheuvel@linaro.org +Signed-off-by: Ard Biesheuvel +Acked-by: Will Deacon +Cc: Catalin Marinas +Cc: Hanjun Guo +Cc: Yisheng Xie +Cc: Robert Richter +Cc: James Morse +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + mm/page_alloc.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -1875,14 +1875,14 @@ int move_freepages(struct zone *zone, + #endif + + for (page = start_page; page <= end_page;) { +- /* Make sure we are not inadvertently changing nodes */ +- VM_BUG_ON_PAGE(page_to_nid(page) != zone_to_nid(zone), page); +- + if (!pfn_valid_within(page_to_pfn(page))) { + page++; + continue; + } + ++ /* Make sure we are not inadvertently changing nodes */ ++ VM_BUG_ON_PAGE(page_to_nid(page) != zone_to_nid(zone), page); ++ + if (!PageBuddy(page)) { + page++; + continue; diff --git a/queue-4.9/mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch b/queue-4.9/mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch new file mode 100644 index 00000000000..8a2ae2451f2 --- /dev/null +++ b/queue-4.9/mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch @@ -0,0 +1,79 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Michal Hocko +Date: Tue, 10 Jan 2017 16:57:27 -0800 +Subject: mm, slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER + +From: Michal Hocko + + +[ Upstream commit bb1107f7c6052c863692a41f78c000db792334bf ] + +Andrey Konovalov has reported the following warning triggered by the +syzkaller fuzzer. + + WARNING: CPU: 1 PID: 9935 at mm/page_alloc.c:3511 __alloc_pages_nodemask+0x159c/0x1e20 + Kernel panic - not syncing: panic_on_warn set ... + CPU: 1 PID: 9935 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #34 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 + Call Trace: + __alloc_pages_slowpath mm/page_alloc.c:3511 + __alloc_pages_nodemask+0x159c/0x1e20 mm/page_alloc.c:3781 + alloc_pages_current+0x1c7/0x6b0 mm/mempolicy.c:2072 + alloc_pages include/linux/gfp.h:469 + kmalloc_order+0x1f/0x70 mm/slab_common.c:1015 + kmalloc_order_trace+0x1f/0x160 mm/slab_common.c:1026 + kmalloc_large include/linux/slab.h:422 + __kmalloc+0x210/0x2d0 mm/slub.c:3723 + kmalloc include/linux/slab.h:495 + ep_write_iter+0x167/0xb50 drivers/usb/gadget/legacy/inode.c:664 + new_sync_write fs/read_write.c:499 + __vfs_write+0x483/0x760 fs/read_write.c:512 + vfs_write+0x170/0x4e0 fs/read_write.c:560 + SYSC_write fs/read_write.c:607 + SyS_write+0xfb/0x230 fs/read_write.c:599 + entry_SYSCALL_64_fastpath+0x1f/0xc2 + +The issue is caused by a lack of size check for the request size in +ep_write_iter which should be fixed. It, however, points to another +problem, that SLUB defines KMALLOC_MAX_SIZE too large because the its +KMALLOC_SHIFT_MAX is (MAX_ORDER + PAGE_SHIFT) which means that the +resulting page allocator request might be MAX_ORDER which is too large +(see __alloc_pages_slowpath). + +The same applies to the SLOB allocator which allows even larger sizes. +Make sure that they are capped properly and never request more than +MAX_ORDER order. + +Link: http://lkml.kernel.org/r/20161220130659.16461-2-mhocko@kernel.org +Signed-off-by: Michal Hocko +Reported-by: Andrey Konovalov +Acked-by: Christoph Lameter +Cc: Alexei Starovoitov +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/slab.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/include/linux/slab.h ++++ b/include/linux/slab.h +@@ -226,7 +226,7 @@ static inline const char *__check_heap_o + * (PAGE_SIZE*2). Larger requests are passed to the page allocator. + */ + #define KMALLOC_SHIFT_HIGH (PAGE_SHIFT + 1) +-#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT) ++#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT - 1) + #ifndef KMALLOC_SHIFT_LOW + #define KMALLOC_SHIFT_LOW 3 + #endif +@@ -239,7 +239,7 @@ static inline const char *__check_heap_o + * be allocated from the same page. + */ + #define KMALLOC_SHIFT_HIGH PAGE_SHIFT +-#define KMALLOC_SHIFT_MAX 30 ++#define KMALLOC_SHIFT_MAX (MAX_ORDER + PAGE_SHIFT - 1) + #ifndef KMALLOC_SHIFT_LOW + #define KMALLOC_SHIFT_LOW 3 + #endif diff --git a/queue-4.9/nbd-blk_mq_init_queue-returns-an-error-code-on-failure-not-null.patch b/queue-4.9/nbd-blk_mq_init_queue-returns-an-error-code-on-failure-not-null.patch new file mode 100644 index 00000000000..ed76fa62bab --- /dev/null +++ b/queue-4.9/nbd-blk_mq_init_queue-returns-an-error-code-on-failure-not-null.patch @@ -0,0 +1,53 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Jeff Moyer +Date: Mon, 9 Jan 2017 15:20:31 -0500 +Subject: nbd: blk_mq_init_queue returns an error code on failure, not NULL + +From: Jeff Moyer + + +[ Upstream commit 25b4acfc7de0fc4da3bfea3a316f7282c6fbde81 ] + +Additionally, don't assign directly to disk->queue, otherwise +blk_put_queue (called via put_disk) will choke (panic) on the errno +stored there. + +Bug found by code inspection after Omar found a similar issue in +virtio_blk. Compile-tested only. + +Signed-off-by: Jeff Moyer +Reviewed-by: Omar Sandoval +Reviewed-by: Josef Bacik +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/nbd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/block/nbd.c ++++ b/drivers/block/nbd.c +@@ -929,6 +929,7 @@ static int __init nbd_init(void) + return -ENOMEM; + + for (i = 0; i < nbds_max; i++) { ++ struct request_queue *q; + struct gendisk *disk = alloc_disk(1 << part_shift); + if (!disk) + goto out; +@@ -954,12 +955,13 @@ static int __init nbd_init(void) + * every gendisk to have its very own request_queue struct. + * These structs are big so we dynamically allocate them. + */ +- disk->queue = blk_mq_init_queue(&nbd_dev[i].tag_set); +- if (!disk->queue) { ++ q = blk_mq_init_queue(&nbd_dev[i].tag_set); ++ if (IS_ERR(q)) { + blk_mq_free_tag_set(&nbd_dev[i].tag_set); + put_disk(disk); + goto out; + } ++ disk->queue = q; + + /* + * Tell the block layer that we are not a rotational device diff --git a/queue-4.9/net-account-for-current-skb-length-when-deciding-about-ufo.patch b/queue-4.9/net-account-for-current-skb-length-when-deciding-about-ufo.patch new file mode 100644 index 00000000000..6210a122e20 --- /dev/null +++ b/queue-4.9/net-account-for-current-skb-length-when-deciding-about-ufo.patch @@ -0,0 +1,78 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Michal Kubeček +Date: Mon, 19 Jun 2017 13:03:43 +0200 +Subject: net: account for current skb length when deciding about UFO + +From: Michal Kubeček + + +[ Upstream commit a5cb659bbc1c8644efa0c3138a757a1e432a4880 ] + +Our customer encountered stuck NFS writes for blocks starting at specific +offsets w.r.t. page boundary caused by networking stack sending packets via +UFO enabled device with wrong checksum. The problem can be reproduced by +composing a long UDP datagram from multiple parts using MSG_MORE flag: + + sendto(sd, buff, 1000, MSG_MORE, ...); + sendto(sd, buff, 1000, MSG_MORE, ...); + sendto(sd, buff, 3000, 0, ...); + +Assume this packet is to be routed via a device with MTU 1500 and +NETIF_F_UFO enabled. When second sendto() gets into __ip_append_data(), +this condition is tested (among others) to decide whether to call +ip_ufo_append_data(): + + ((length + fragheaderlen) > mtu) || (skb && skb_is_gso(skb)) + +At the moment, we already have skb with 1028 bytes of data which is not +marked for GSO so that the test is false (fragheaderlen is usually 20). +Thus we append second 1000 bytes to this skb without invoking UFO. Third +sendto(), however, has sufficient length to trigger the UFO path so that we +end up with non-UFO skb followed by a UFO one. Later on, udp_send_skb() +uses udp_csum() to calculate the checksum but that assumes all fragments +have correct checksum in skb->csum which is not true for UFO fragments. + +When checking against MTU, we need to add skb->len to length of new segment +if we already have a partially filled skb and fragheaderlen only if there +isn't one. + +In the IPv6 case, skb can only be null if this is the first segment so that +we have to use headersize (length of the first IPv6 header) rather than +fragheaderlen (length of IPv6 header of further fragments) for skb == NULL. + +Fixes: e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") +Fixes: e4c5e13aa45c ("ipv6: Should use consistent conditional judgement for + ip6 fragment between __ip6_append_data and ip6_finish_output") +Signed-off-by: Michal Kubecek +Acked-by: Vlad Yasevich +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/ip_output.c | 3 ++- + net/ipv6/ip6_output.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -936,7 +936,8 @@ static int __ip_append_data(struct sock + csummode = CHECKSUM_PARTIAL; + + cork->length += length; +- if ((((length + fragheaderlen) > mtu) || (skb && skb_is_gso(skb))) && ++ if ((((length + (skb ? skb->len : fragheaderlen)) > mtu) || ++ (skb && skb_is_gso(skb))) && + (sk->sk_protocol == IPPROTO_UDP) && + (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len && + (sk->sk_type == SOCK_DGRAM) && !sk->sk_no_check_tx) { +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1372,7 +1372,7 @@ emsgsize: + */ + + cork->length += length; +- if ((((length + fragheaderlen) > mtu) || ++ if ((((length + (skb ? skb->len : headersize)) > mtu) || + (skb && skb_is_gso(skb))) && + (sk->sk_protocol == IPPROTO_UDP) && + (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len && diff --git a/queue-4.9/net-mlx5-e-switch-re-enable-roce-on-mode-change-only-after-fdb-destroy.patch b/queue-4.9/net-mlx5-e-switch-re-enable-roce-on-mode-change-only-after-fdb-destroy.patch new file mode 100644 index 00000000000..4d71f11fc9b --- /dev/null +++ b/queue-4.9/net-mlx5-e-switch-re-enable-roce-on-mode-change-only-after-fdb-destroy.patch @@ -0,0 +1,96 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Or Gerlitz +Date: Sun, 15 Jan 2017 19:05:38 +0200 +Subject: net/mlx5: E-Switch, Re-enable RoCE on mode change only after FDB destroy + +From: Or Gerlitz + + +[ Upstream commit 5bae8c031053c69b4aa74b7f1ba15d4ec8426208 ] + +We must re-enable RoCE on the e-switch management port (PF) only after destroying +the FDB in its switchdev/offloaded mode. Otherwise, when encapsulation is supported, +this re-enablement will fail. + +Also, it's more natural and symmetric to disable RoCE on the PF before we create +the FDB under switchdev mode, so do that as well and revert if getting into error +during the mode change later. + +Fixes: 9da34cd34e85 ('net/mlx5: Disable RoCE on the e-switch management [..]') +Signed-off-by: Or Gerlitz +Reviewed-by: Hadar Hen Zion +Signed-off-by: Saeed Mahameed +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 29 ++++++++----- + 1 file changed, 18 insertions(+), 11 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c +@@ -651,9 +651,14 @@ int esw_offloads_init(struct mlx5_eswitc + int vport; + int err; + ++ /* disable PF RoCE so missed packets don't go through RoCE steering */ ++ mlx5_dev_list_lock(); ++ mlx5_remove_dev_by_protocol(esw->dev, MLX5_INTERFACE_PROTOCOL_IB); ++ mlx5_dev_list_unlock(); ++ + err = esw_create_offloads_fdb_table(esw, nvports); + if (err) +- return err; ++ goto create_fdb_err; + + err = esw_create_offloads_table(esw); + if (err) +@@ -673,11 +678,6 @@ int esw_offloads_init(struct mlx5_eswitc + goto err_reps; + } + +- /* disable PF RoCE so missed packets don't go through RoCE steering */ +- mlx5_dev_list_lock(); +- mlx5_remove_dev_by_protocol(esw->dev, MLX5_INTERFACE_PROTOCOL_IB); +- mlx5_dev_list_unlock(); +- + return 0; + + err_reps: +@@ -694,6 +694,13 @@ create_fg_err: + + create_ft_err: + esw_destroy_offloads_fdb_table(esw); ++ ++create_fdb_err: ++ /* enable back PF RoCE */ ++ mlx5_dev_list_lock(); ++ mlx5_add_dev_by_protocol(esw->dev, MLX5_INTERFACE_PROTOCOL_IB); ++ mlx5_dev_list_unlock(); ++ + return err; + } + +@@ -701,11 +708,6 @@ static int esw_offloads_stop(struct mlx5 + { + int err, err1, num_vfs = esw->dev->priv.sriov.num_vfs; + +- /* enable back PF RoCE */ +- mlx5_dev_list_lock(); +- mlx5_add_dev_by_protocol(esw->dev, MLX5_INTERFACE_PROTOCOL_IB); +- mlx5_dev_list_unlock(); +- + mlx5_eswitch_disable_sriov(esw); + err = mlx5_eswitch_enable_sriov(esw, num_vfs, SRIOV_LEGACY); + if (err) { +@@ -715,6 +717,11 @@ static int esw_offloads_stop(struct mlx5 + esw_warn(esw->dev, "Failed setting eswitch back to offloads, err %d\n", err); + } + ++ /* enable back PF RoCE */ ++ mlx5_dev_list_lock(); ++ mlx5_add_dev_by_protocol(esw->dev, MLX5_INTERFACE_PROTOCOL_IB); ++ mlx5_dev_list_unlock(); ++ + return err; + } + diff --git a/queue-4.9/net-phy-dp83867-fix-irq-generation.patch b/queue-4.9/net-phy-dp83867-fix-irq-generation.patch new file mode 100644 index 00000000000..f0ff6717950 --- /dev/null +++ b/queue-4.9/net-phy-dp83867-fix-irq-generation.patch @@ -0,0 +1,63 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Grygorii Strashko +Date: Thu, 5 Jan 2017 14:48:07 -0600 +Subject: net: phy: dp83867: fix irq generation + +From: Grygorii Strashko + + +[ Upstream commit 5ca7d1ca77dc23934504b95a96d2660d345f83c2 ] + +For proper IRQ generation by DP83867 phy the INT/PWDN pin has to be +programmed as an interrupt output instead of a Powerdown input in +Configuration Register 3 (CFG3), Address 0x001E, bit 7 INT_OE = 1. The +current driver doesn't do this and as result IRQs will not be generated by +DP83867 phy even if they are properly configured in DT. + +Hence, fix IRQ generation by properly configuring CFG3.INT_OE bit and +ensure that Link Status Change (LINK_STATUS_CHNG_INT) and Auto-Negotiation +Complete (AUTONEG_COMP_INT) interrupt are enabled. After this the DP83867 +driver will work properly in interrupt enabled mode. + +Signed-off-by: Grygorii Strashko +Reviewed-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/phy/dp83867.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/drivers/net/phy/dp83867.c ++++ b/drivers/net/phy/dp83867.c +@@ -29,6 +29,7 @@ + #define MII_DP83867_MICR 0x12 + #define MII_DP83867_ISR 0x13 + #define DP83867_CTRL 0x1f ++#define DP83867_CFG3 0x1e + + /* Extended Registers */ + #define DP83867_RGMIICTL 0x0032 +@@ -90,6 +91,8 @@ static int dp83867_config_intr(struct ph + micr_status |= + (MII_DP83867_MICR_AN_ERR_INT_EN | + MII_DP83867_MICR_SPEED_CHNG_INT_EN | ++ MII_DP83867_MICR_AUTONEG_COMP_INT_EN | ++ MII_DP83867_MICR_LINK_STS_CHNG_INT_EN | + MII_DP83867_MICR_DUP_MODE_CHNG_INT_EN | + MII_DP83867_MICR_SLEEP_MODE_CHNG_INT_EN); + +@@ -190,6 +193,13 @@ static int dp83867_config_init(struct ph + DP83867_DEVADDR, delay); + } + ++ /* Enable Interrupt output INT_OE in CFG3 register */ ++ if (phy_interrupt_is_valid(phydev)) { ++ val = phy_read(phydev, DP83867_CFG3); ++ val |= BIT(7); ++ phy_write(phydev, DP83867_CFG3, val); ++ } ++ + return 0; + } + diff --git a/queue-4.9/netfilter-use-fwmark_reflect-in-nf_send_reset.patch b/queue-4.9/netfilter-use-fwmark_reflect-in-nf_send_reset.patch new file mode 100644 index 00000000000..042761fc218 --- /dev/null +++ b/queue-4.9/netfilter-use-fwmark_reflect-in-nf_send_reset.patch @@ -0,0 +1,54 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Pau Espin Pedrol +Date: Fri, 6 Jan 2017 20:33:27 +0100 +Subject: netfilter: use fwmark_reflect in nf_send_reset + +From: Pau Espin Pedrol + + +[ Upstream commit cc31d43b4154ad5a7d8aa5543255a93b7e89edc2 ] + +Otherwise, RST packets generated by ipt_REJECT always have mark 0 when +the routing is checked later in the same code path. + +Fixes: e110861f8609 ("net: add a sysctl to reflect the fwmark on replies") +Cc: Lorenzo Colitti +Signed-off-by: Pau Espin Pedrol +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/netfilter/nf_reject_ipv4.c | 2 ++ + net/ipv6/netfilter/nf_reject_ipv6.c | 3 +++ + 2 files changed, 5 insertions(+) + +--- a/net/ipv4/netfilter/nf_reject_ipv4.c ++++ b/net/ipv4/netfilter/nf_reject_ipv4.c +@@ -126,6 +126,8 @@ void nf_send_reset(struct net *net, stru + /* ip_route_me_harder expects skb->dst to be set */ + skb_dst_set_noref(nskb, skb_dst(oldskb)); + ++ nskb->mark = IP4_REPLY_MARK(net, oldskb->mark); ++ + skb_reserve(nskb, LL_MAX_HEADER); + niph = nf_reject_iphdr_put(nskb, oldskb, IPPROTO_TCP, + ip4_dst_hoplimit(skb_dst(nskb))); +--- a/net/ipv6/netfilter/nf_reject_ipv6.c ++++ b/net/ipv6/netfilter/nf_reject_ipv6.c +@@ -157,6 +157,7 @@ void nf_send_reset6(struct net *net, str + fl6.fl6_sport = otcph->dest; + fl6.fl6_dport = otcph->source; + fl6.flowi6_oif = l3mdev_master_ifindex(skb_dst(oldskb)->dev); ++ fl6.flowi6_mark = IP6_REPLY_MARK(net, oldskb->mark); + security_skb_classify_flow(oldskb, flowi6_to_flowi(&fl6)); + dst = ip6_route_output(net, NULL, &fl6); + if (dst->error) { +@@ -180,6 +181,8 @@ void nf_send_reset6(struct net *net, str + + skb_dst_set(nskb, dst); + ++ nskb->mark = fl6.flowi6_mark; ++ + skb_reserve(nskb, hh_len + dst->header_len); + ip6h = nf_reject_ip6hdr_put(nskb, oldskb, IPPROTO_TCP, + ip6_dst_hoplimit(dst)); diff --git a/queue-4.9/phy-state-machine-failsafe-leave-invalid-running-state.patch b/queue-4.9/phy-state-machine-failsafe-leave-invalid-running-state.patch new file mode 100644 index 00000000000..b4d8a77491f --- /dev/null +++ b/queue-4.9/phy-state-machine-failsafe-leave-invalid-running-state.patch @@ -0,0 +1,55 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Zefir Kurtisi +Date: Fri, 6 Jan 2017 12:14:48 +0100 +Subject: phy state machine: failsafe leave invalid RUNNING state + +From: Zefir Kurtisi + + +[ Upstream commit 811a919135b980bac8009d042acdccf10dc1ef5e ] + +While in RUNNING state, phy_state_machine() checks for link changes by +comparing phydev->link before and after calling phy_read_status(). +This works as long as it is guaranteed that phydev->link is never +changed outside the phy_state_machine(). + +If in some setups this happens, it causes the state machine to miss +a link loss and remain RUNNING despite phydev->link being 0. + +This has been observed running a dsa setup with a process continuously +polling the link states over ethtool each second (SNMPD RFC-1213 +agent). Disconnecting the link on a phy followed by a ETHTOOL_GSET +causes dsa_slave_get_settings() / dsa_slave_get_link_ksettings() to +call phy_read_status() and with that modify the link status - and +with that bricking the phy state machine. + +This patch adds a fail-safe check while in RUNNING, which causes to +move to CHANGELINK when the link is gone and we are still RUNNING. + +Signed-off-by: Zefir Kurtisi +Reviewed-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/phy/phy.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/net/phy/phy.c ++++ b/drivers/net/phy/phy.c +@@ -1063,6 +1063,15 @@ void phy_state_machine(struct work_struc + if (old_link != phydev->link) + phydev->state = PHY_CHANGELINK; + } ++ /* ++ * Failsafe: check that nobody set phydev->link=0 between two ++ * poll cycles, otherwise we won't leave RUNNING state as long ++ * as link remains down. ++ */ ++ if (!phydev->link && phydev->state == PHY_RUNNING) { ++ phydev->state = PHY_CHANGELINK; ++ phydev_err(phydev, "no link in PHY_RUNNING\n"); ++ } + break; + case PHY_CHANGELINK: + err = phy_read_status(phydev); diff --git a/queue-4.9/scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch b/queue-4.9/scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch new file mode 100644 index 00000000000..6b9517a7998 --- /dev/null +++ b/queue-4.9/scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch @@ -0,0 +1,104 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: "Milan P. Gandhi" +Date: Sat, 24 Dec 2016 22:02:46 +0530 +Subject: scsi: qla2xxx: Get mutex lock before checking optrom_state + +From: "Milan P. Gandhi" + + +[ Upstream commit c7702b8c22712a06080e10f1d2dee1a133ec8809 ] + +There is a race condition with qla2xxx optrom functions where one thread +might modify optrom buffer, optrom_state while other thread is still +reading from it. + +In couple of crashes, it was found that we had successfully passed the +following 'if' check where we confirm optrom_state to be +QLA_SREADING. But by the time we acquired mutex lock to proceed with +memory_read_from_buffer function, some other thread/process had already +modified that option rom buffer and optrom_state from QLA_SREADING to +QLA_SWAITING. Then we got ha->optrom_buffer 0x0 and crashed the system: + + if (ha->optrom_state != QLA_SREADING) + return 0; + + mutex_lock(&ha->optrom_mutex); + rval = memory_read_from_buffer(buf, count, &off, ha->optrom_buffer, + ha->optrom_region_size); + mutex_unlock(&ha->optrom_mutex); + +With current optrom function we get following crash due to a race +condition: + +[ 1479.466679] BUG: unable to handle kernel NULL pointer dereference at (null) +[ 1479.466707] IP: [] memcpy+0x6/0x110 +[...] +[ 1479.473673] Call Trace: +[ 1479.474296] [] ? memory_read_from_buffer+0x3c/0x60 +[ 1479.474941] [] qla2x00_sysfs_read_optrom+0x9c/0xc0 [qla2xxx] +[ 1479.475571] [] read+0xdb/0x1f0 +[ 1479.476206] [] vfs_read+0x9e/0x170 +[ 1479.476839] [] SyS_read+0x7f/0xe0 +[ 1479.477466] [] system_call_fastpath+0x16/0x1b + +Below patch modifies qla2x00_sysfs_read_optrom, +qla2x00_sysfs_write_optrom functions to get the mutex_lock before +checking ha->optrom_state to avoid similar crashes. + +The patch was applied and tested and same crashes were no longer +observed again. + +Tested-by: Milan P. Gandhi +Signed-off-by: Milan P. Gandhi +Reviewed-by: Laurence Oberman +Acked-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_attr.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_attr.c ++++ b/drivers/scsi/qla2xxx/qla_attr.c +@@ -243,12 +243,15 @@ qla2x00_sysfs_read_optrom(struct file *f + struct qla_hw_data *ha = vha->hw; + ssize_t rval = 0; + ++ mutex_lock(&ha->optrom_mutex); ++ + if (ha->optrom_state != QLA_SREADING) +- return 0; ++ goto out; + +- mutex_lock(&ha->optrom_mutex); + rval = memory_read_from_buffer(buf, count, &off, ha->optrom_buffer, + ha->optrom_region_size); ++ ++out: + mutex_unlock(&ha->optrom_mutex); + + return rval; +@@ -263,14 +266,19 @@ qla2x00_sysfs_write_optrom(struct file * + struct device, kobj))); + struct qla_hw_data *ha = vha->hw; + +- if (ha->optrom_state != QLA_SWRITING) ++ mutex_lock(&ha->optrom_mutex); ++ ++ if (ha->optrom_state != QLA_SWRITING) { ++ mutex_unlock(&ha->optrom_mutex); + return -EINVAL; +- if (off > ha->optrom_region_size) ++ } ++ if (off > ha->optrom_region_size) { ++ mutex_unlock(&ha->optrom_mutex); + return -ERANGE; ++ } + if (off + count > ha->optrom_region_size) + count = ha->optrom_region_size - off; + +- mutex_lock(&ha->optrom_mutex); + memcpy(&ha->optrom_buffer[off], buf, count); + mutex_unlock(&ha->optrom_mutex); + diff --git a/queue-4.9/series b/queue-4.9/series index 06a8ceb8bf2..ce5a4e2ab52 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -64,3 +64,30 @@ xen-netback-correctly-schedule-rate-limited-queues.patch sparc64-measure-receiver-forward-progress-to-avoid-send-mondo-timeout.patch sparc64-prevent-perf-from-running-during-super-critical-sections.patch sparc64-fix-exception-handling-in-ultrasparc-iii-memcpy.patch +wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch +sh_eth-fix-eesipr-values-for-sh77-34-63.patch +sh_eth-r8a7740-supports-packet-shecksumming.patch +net-phy-dp83867-fix-irq-generation.patch +tg3-fix-race-condition-in-tg3_get_stats64.patch +x86-boot-add-missing-declaration-of-string-functions.patch +spi-spi-axi-free-resources-on-error-path.patch +asoc-rt5645-set-sel_i2s_pre_div1-to-2.patch +netfilter-use-fwmark_reflect-in-nf_send_reset.patch +phy-state-machine-failsafe-leave-invalid-running-state.patch +ipv4-make-tcp_notsent_lowat-sysctl-knob-behave-as-true-unsigned-int.patch +clk-samsung-exynos542x-mark-some-clocks-as-critical.patch +scsi-qla2xxx-get-mutex-lock-before-checking-optrom_state.patch +drm-virtio-fix-framebuffer-sparse-warning.patch +arm-dts-sun8i-support-dtb-build-for-nanopi-m1.patch +arm-dts-sunxi-change-node-name-for-pwrseq-pin-on-olinuxino-lime2-emmc.patch +iw_cxgb4-do-not-send-rx_data_ack-cpls-after-close-abort.patch +nbd-blk_mq_init_queue-returns-an-error-code-on-failure-not-null.patch +virtio_blk-fix-panic-in-initialization-error-path.patch +arm-8632-1-ftrace-fix-syscall-name-matching.patch +mm-slab-make-sure-that-kmalloc_max_size-will-fit-into-max_order.patch +lib-kconfig.debug-fix-frv-build-failure.patch +signal-protect-signal_unkillable-from-unintentional-clearing.patch +mm-don-t-dereference-struct-page-fields-of-invalid-pages.patch +net-mlx5-e-switch-re-enable-roce-on-mode-change-only-after-fdb-destroy.patch +ipv4-should-use-consistent-conditional-judgement-for-ip-fragment-in-__ip_append_data-and-ip_finish_output.patch +net-account-for-current-skb-length-when-deciding-about-ufo.patch diff --git a/queue-4.9/sh_eth-fix-eesipr-values-for-sh77-34-63.patch b/queue-4.9/sh_eth-fix-eesipr-values-for-sh77-34-63.patch new file mode 100644 index 00000000000..b7e2c0d5884 --- /dev/null +++ b/queue-4.9/sh_eth-fix-eesipr-values-for-sh77-34-63.patch @@ -0,0 +1,44 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Sergei Shtylyov +Date: Wed, 4 Jan 2017 22:18:24 +0300 +Subject: sh_eth: fix EESIPR values for SH77{34|63} + +From: Sergei Shtylyov + + +[ Upstream commit 978d3639fd13d987950e4ce85c8737ae92154b2c ] + +As the SH77{34|63} manuals are freely available, I've checked the EESIPR +values written against the manuals, and they appeared to set the reserved +bits 11-15 (which should be 0 on write). Fix those EESIPR values. + +Fixes: 380af9e390ec ("net: sh_eth: CPU dependency code collect to "struct sh_eth_cpu_data"") +Fixes: f5d12767c8fd ("sh_eth: get SH77{34|63} support out of #ifdef") +Signed-off-by: Sergei Shtylyov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/renesas/sh_eth.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/renesas/sh_eth.c ++++ b/drivers/net/ethernet/renesas/sh_eth.c +@@ -802,7 +802,7 @@ static struct sh_eth_cpu_data sh7734_dat + + .ecsr_value = ECSR_ICD | ECSR_MPD, + .ecsipr_value = ECSIPR_LCHNGIP | ECSIPR_ICDIP | ECSIPR_MPDIP, +- .eesipr_value = DMAC_M_RFRMER | DMAC_M_ECI | 0x003fffff, ++ .eesipr_value = DMAC_M_RFRMER | DMAC_M_ECI | 0x003f07ff, + + .tx_check = EESR_TC1 | EESR_FTC, + .eesr_err_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_RABT | +@@ -832,7 +832,7 @@ static struct sh_eth_cpu_data sh7763_dat + + .ecsr_value = ECSR_ICD | ECSR_MPD, + .ecsipr_value = ECSIPR_LCHNGIP | ECSIPR_ICDIP | ECSIPR_MPDIP, +- .eesipr_value = DMAC_M_RFRMER | DMAC_M_ECI | 0x003fffff, ++ .eesipr_value = DMAC_M_RFRMER | DMAC_M_ECI | 0x003f07ff, + + .tx_check = EESR_TC1 | EESR_FTC, + .eesr_err_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_RABT | diff --git a/queue-4.9/sh_eth-r8a7740-supports-packet-shecksumming.patch b/queue-4.9/sh_eth-r8a7740-supports-packet-shecksumming.patch new file mode 100644 index 00000000000..cfc3593433e --- /dev/null +++ b/queue-4.9/sh_eth-r8a7740-supports-packet-shecksumming.patch @@ -0,0 +1,33 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Sergei Shtylyov +Date: Thu, 5 Jan 2017 00:29:32 +0300 +Subject: sh_eth: R8A7740 supports packet shecksumming + +From: Sergei Shtylyov + + +[ Upstream commit 0f1f9cbc04dbb3cc310f70a11cba0cf1f2109d9c ] + +The R8A7740 GEther controller supports the packet checksum offloading +but the 'hw_crc' (bad name, I'll fix it) flag isn't set in the R8A7740 +data, thus CSMR isn't cleared... + +Fixes: 73a0d907301e ("net: sh_eth: add support R8A7740") +Signed-off-by: Sergei Shtylyov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/renesas/sh_eth.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/renesas/sh_eth.c ++++ b/drivers/net/ethernet/renesas/sh_eth.c +@@ -574,6 +574,7 @@ static struct sh_eth_cpu_data r8a7740_da + .rpadir_value = 2 << 16, + .no_trimd = 1, + .no_ade = 1, ++ .hw_crc = 1, + .tsu = 1, + .select_mii = 1, + .shift_rd0 = 1, diff --git a/queue-4.9/signal-protect-signal_unkillable-from-unintentional-clearing.patch b/queue-4.9/signal-protect-signal_unkillable-from-unintentional-clearing.patch new file mode 100644 index 00000000000..3b67a9d67db --- /dev/null +++ b/queue-4.9/signal-protect-signal_unkillable-from-unintentional-clearing.patch @@ -0,0 +1,84 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Jamie Iles +Date: Tue, 10 Jan 2017 16:57:54 -0800 +Subject: signal: protect SIGNAL_UNKILLABLE from unintentional clearing. + +From: Jamie Iles + + +[ Upstream commit 2d39b3cd34e6d323720d4c61bd714f5ae202c022 ] + +Since commit 00cd5c37afd5 ("ptrace: permit ptracing of /sbin/init") we +can now trace init processes. init is initially protected with +SIGNAL_UNKILLABLE which will prevent fatal signals such as SIGSTOP, but +there are a number of paths during tracing where SIGNAL_UNKILLABLE can +be implicitly cleared. + +This can result in init becoming stoppable/killable after tracing. For +example, running: + + while true; do kill -STOP 1; done & + strace -p 1 + +and then stopping strace and the kill loop will result in init being +left in state TASK_STOPPED. Sending SIGCONT to init will resume it, but +init will now respond to future SIGSTOP signals rather than ignoring +them. + +Make sure that when setting SIGNAL_STOP_CONTINUED/SIGNAL_STOP_STOPPED +that we don't clear SIGNAL_UNKILLABLE. + +Link: http://lkml.kernel.org/r/20170104122017.25047-1-jamie.iles@oracle.com +Signed-off-by: Jamie Iles +Acked-by: Oleg Nesterov +Cc: Alexander Viro +Cc: Ingo Molnar +Cc: Peter Zijlstra +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/sched.h | 10 ++++++++++ + kernel/signal.c | 4 ++-- + 2 files changed, 12 insertions(+), 2 deletions(-) + +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -830,6 +830,16 @@ struct signal_struct { + + #define SIGNAL_UNKILLABLE 0x00000040 /* for init: ignore fatal signals */ + ++#define SIGNAL_STOP_MASK (SIGNAL_CLD_MASK | SIGNAL_STOP_STOPPED | \ ++ SIGNAL_STOP_CONTINUED) ++ ++static inline void signal_set_stop_flags(struct signal_struct *sig, ++ unsigned int flags) ++{ ++ WARN_ON(sig->flags & (SIGNAL_GROUP_EXIT|SIGNAL_GROUP_COREDUMP)); ++ sig->flags = (sig->flags & ~SIGNAL_STOP_MASK) | flags; ++} ++ + /* If true, all threads except ->group_exit_task have pending SIGKILL */ + static inline int signal_group_exit(const struct signal_struct *sig) + { +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -346,7 +346,7 @@ static bool task_participate_group_stop( + * fresh group stop. Read comment in do_signal_stop() for details. + */ + if (!sig->group_stop_count && !(sig->flags & SIGNAL_STOP_STOPPED)) { +- sig->flags = SIGNAL_STOP_STOPPED; ++ signal_set_stop_flags(sig, SIGNAL_STOP_STOPPED); + return true; + } + return false; +@@ -845,7 +845,7 @@ static bool prepare_signal(int sig, stru + * will take ->siglock, notice SIGNAL_CLD_MASK, and + * notify its parent. See get_signal_to_deliver(). + */ +- signal->flags = why | SIGNAL_STOP_CONTINUED; ++ signal_set_stop_flags(signal, why | SIGNAL_STOP_CONTINUED); + signal->group_stop_count = 0; + signal->group_exit_code = 0; + } diff --git a/queue-4.9/spi-spi-axi-free-resources-on-error-path.patch b/queue-4.9/spi-spi-axi-free-resources-on-error-path.patch new file mode 100644 index 00000000000..91c05ffb7c2 --- /dev/null +++ b/queue-4.9/spi-spi-axi-free-resources-on-error-path.patch @@ -0,0 +1,34 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Christophe JAILLET +Date: Mon, 9 Jan 2017 01:02:47 +0100 +Subject: spi: spi-axi: Free resources on error path + +From: Christophe JAILLET + + +[ Upstream commit 9620ca90115d4bd700f05862d3b210a266a66efe ] + +We should go to 'err_put_master' here instead of returning directly. +Otherwise a call to 'spi_master_put' is missing. + +Signed-off-by: Christophe JAILLET +Acked-by: Lars-Peter Clausen +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/spi/spi-axi-spi-engine.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/spi/spi-axi-spi-engine.c ++++ b/drivers/spi/spi-axi-spi-engine.c +@@ -494,7 +494,8 @@ static int spi_engine_probe(struct platf + SPI_ENGINE_VERSION_MAJOR(version), + SPI_ENGINE_VERSION_MINOR(version), + SPI_ENGINE_VERSION_PATCH(version)); +- return -ENODEV; ++ ret = -ENODEV; ++ goto err_put_master; + } + + spi_engine->clk = devm_clk_get(&pdev->dev, "s_axi_aclk"); diff --git a/queue-4.9/tg3-fix-race-condition-in-tg3_get_stats64.patch b/queue-4.9/tg3-fix-race-condition-in-tg3_get_stats64.patch new file mode 100644 index 00000000000..5d13577a456 --- /dev/null +++ b/queue-4.9/tg3-fix-race-condition-in-tg3_get_stats64.patch @@ -0,0 +1,42 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Michael Chan +Date: Fri, 6 Jan 2017 16:18:53 -0500 +Subject: tg3: Fix race condition in tg3_get_stats64(). + +From: Michael Chan + + +[ Upstream commit f5992b72ebe0dde488fa8f706b887194020c66fc ] + +The driver's ndo_get_stats64() method is not always called under RTNL. +So it can race with driver close or ethtool reconfigurations. Fix the +race condition by taking tp->lock spinlock in tg3_free_consistent() +when freeing the tp->hw_stats memory block. tg3_get_stats64() is +already taking tp->lock. + +Reported-by: Wang Yufen +Signed-off-by: Michael Chan +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/broadcom/tg3.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -8720,11 +8720,14 @@ static void tg3_free_consistent(struct t + tg3_mem_rx_release(tp); + tg3_mem_tx_release(tp); + ++ /* Protect tg3_get_stats64() from reading freed tp->hw_stats. */ ++ tg3_full_lock(tp, 0); + if (tp->hw_stats) { + dma_free_coherent(&tp->pdev->dev, sizeof(struct tg3_hw_stats), + tp->hw_stats, tp->stats_mapping); + tp->hw_stats = NULL; + } ++ tg3_full_unlock(tp); + } + + /* diff --git a/queue-4.9/virtio_blk-fix-panic-in-initialization-error-path.patch b/queue-4.9/virtio_blk-fix-panic-in-initialization-error-path.patch new file mode 100644 index 00000000000..8c56b48644b --- /dev/null +++ b/queue-4.9/virtio_blk-fix-panic-in-initialization-error-path.patch @@ -0,0 +1,40 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Omar Sandoval +Date: Mon, 9 Jan 2017 11:44:12 -0800 +Subject: virtio_blk: fix panic in initialization error path + +From: Omar Sandoval + + +[ Upstream commit 6bf6b0aa3da84a3d9126919a94c49c0fb7ee2fb3 ] + +If blk_mq_init_queue() returns an error, it gets assigned to +vblk->disk->queue. Then, when we call put_disk(), we end up calling +blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by +only assigning to vblk->disk->queue on success. + +Signed-off-by: Omar Sandoval +Reviewed-by: Jeff Moyer +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/virtio_blk.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/block/virtio_blk.c ++++ b/drivers/block/virtio_blk.c +@@ -630,11 +630,12 @@ static int virtblk_probe(struct virtio_d + if (err) + goto out_put_disk; + +- q = vblk->disk->queue = blk_mq_init_queue(&vblk->tag_set); ++ q = blk_mq_init_queue(&vblk->tag_set); + if (IS_ERR(q)) { + err = -ENOMEM; + goto out_free_tags; + } ++ vblk->disk->queue = q; + + q->queuedata = vblk; + diff --git a/queue-4.9/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch b/queue-4.9/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch new file mode 100644 index 00000000000..638587eacd4 --- /dev/null +++ b/queue-4.9/wext-handle-null-extra-data-in-iwe_stream_add_point-better.patch @@ -0,0 +1,45 @@ +From 93be2b74279c15c2844684b1a027fdc71dd5d9bf Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Wed, 11 Jan 2017 15:35:25 +0100 +Subject: wext: handle NULL extra data in iwe_stream_add_point better + +From: Arnd Bergmann + +commit 93be2b74279c15c2844684b1a027fdc71dd5d9bf upstream. + +gcc-7 complains that wl3501_cs passes NULL into a function that +then uses the argument as the input for memcpy: + +drivers/net/wireless/wl3501_cs.c: In function 'wl3501_get_scan': +include/net/iw_handler.h:559:3: error: argument 2 null where non-null expected [-Werror=nonnull] + memcpy(stream + point_len, extra, iwe->u.data.length); + +This works fine here because iwe->u.data.length is guaranteed to be 0 +and the memcpy doesn't actually have an effect. + +Making the length check explicit avoids the warning and should have +no other effect here. + +Also check the pointer itself, since otherwise we get warnings +elsewhere in the code. + +Signed-off-by: Arnd Bergmann +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + include/net/iw_handler.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/include/net/iw_handler.h ++++ b/include/net/iw_handler.h +@@ -556,7 +556,8 @@ iwe_stream_add_point(struct iw_request_i + memcpy(stream + lcp_len, + ((char *) &iwe->u) + IW_EV_POINT_OFF, + IW_EV_POINT_PK_LEN - IW_EV_LCP_PK_LEN); +- memcpy(stream + point_len, extra, iwe->u.data.length); ++ if (iwe->u.data.length && extra) ++ memcpy(stream + point_len, extra, iwe->u.data.length); + stream += event_len; + } + return stream; diff --git a/queue-4.9/x86-boot-add-missing-declaration-of-string-functions.patch b/queue-4.9/x86-boot-add-missing-declaration-of-string-functions.patch new file mode 100644 index 00000000000..7f9f4f828ba --- /dev/null +++ b/queue-4.9/x86-boot-add-missing-declaration-of-string-functions.patch @@ -0,0 +1,50 @@ +From foo@baz Wed Aug 9 10:32:06 PDT 2017 +From: Nicholas Mc Guire +Date: Sat, 7 Jan 2017 10:38:31 +0100 +Subject: x86/boot: Add missing declaration of string functions + +From: Nicholas Mc Guire + + +[ Upstream commit fac69d0efad08fc15e4dbfc116830782acc0dc9a ] + +Add the missing declarations of basic string functions to string.h to allow +a clean build. + +Fixes: 5be865661516 ("String-handling functions for the new x86 setup code.") +Signed-off-by: Nicholas Mc Guire +Link: http://lkml.kernel.org/r/1483781911-21399-1-git-send-email-hofrat@osadl.org +Signed-off-by: Thomas Gleixner +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/boot/string.c | 1 + + arch/x86/boot/string.h | 9 +++++++++ + 2 files changed, 10 insertions(+) + +--- a/arch/x86/boot/string.c ++++ b/arch/x86/boot/string.c +@@ -14,6 +14,7 @@ + + #include + #include "ctype.h" ++#include "string.h" + + int memcmp(const void *s1, const void *s2, size_t len) + { +--- a/arch/x86/boot/string.h ++++ b/arch/x86/boot/string.h +@@ -18,4 +18,13 @@ int memcmp(const void *s1, const void *s + #define memset(d,c,l) __builtin_memset(d,c,l) + #define memcmp __builtin_memcmp + ++extern int strcmp(const char *str1, const char *str2); ++extern int strncmp(const char *cs, const char *ct, size_t count); ++extern size_t strlen(const char *s); ++extern char *strstr(const char *s1, const char *s2); ++extern size_t strnlen(const char *s, size_t maxlen); ++extern unsigned int atou(const char *s); ++extern unsigned long long simple_strtoull(const char *cp, char **endp, ++ unsigned int base); ++ + #endif /* BOOT_STRING_H */ -- 2.47.3