--- /dev/null
+From 2201ac6129fa162ac24da089a034bb0971648ebb Mon Sep 17 00:00:00 2001
+From: Matthias Reichl <hias@horus.com>
+Date: Mon, 20 Feb 2017 20:01:16 +0100
+Subject: dmaengine: bcm2835: Fix cyclic DMA period splitting
+
+From: Matthias Reichl <hias@horus.com>
+
+commit 2201ac6129fa162ac24da089a034bb0971648ebb upstream.
+
+The code responsible for splitting periods into chunks that
+can be handled by the DMA controller missed to update total_len,
+the number of bytes processed in the current period, when there
+are more chunks to follow.
+
+Therefore total_len was stuck at 0 and the code didn't work at all.
+This resulted in a wrong control block layout and audio issues because
+the cyclic DMA callback wasn't executing on period boundaries.
+
+Fix this by adding the missing total_len update.
+
+Signed-off-by: Matthias Reichl <hias@horus.com>
+Signed-off-by: Martin Sperl <kernel@martin.sperl.org>
+Tested-by: Clive Messer <clive.messer@digitaldreamtime.co.uk>
+Reviewed-by: Eric Anholt <eric@anholt.net>
+Signed-off-by: Vinod Koul <vinod.koul@intel.com>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/dma/bcm2835-dma.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/dma/bcm2835-dma.c
++++ b/drivers/dma/bcm2835-dma.c
+@@ -251,8 +251,11 @@ static void bcm2835_dma_create_cb_set_le
+ */
+
+ /* have we filled in period_length yet? */
+- if (*total_len + control_block->length < period_len)
++ if (*total_len + control_block->length < period_len) {
++ /* update number of bytes in this period so far */
++ *total_len += control_block->length;
+ return;
++ }
+
+ /* calculate the length that remains to reach period_length */
+ control_block->length = period_len - *total_len;
--- /dev/null
+From 7292ae3d5a18fb922be496e6bb687647193569b4 Mon Sep 17 00:00:00 2001
+From: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
+Date: Mon, 20 Mar 2017 20:15:53 +0300
+Subject: jump label: fix passing kbuild_cflags when checking for asm goto support
+
+From: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
+
+commit 7292ae3d5a18fb922be496e6bb687647193569b4 upstream.
+
+The latest change of asm goto support check added passing of KBUILD_CFLAGS
+to compiler. When these flags reference gcc plugins that are not built yet,
+the check fails.
+
+When one runs "make bzImage" followed by "make modules", the kernel is always
+built with HAVE_JUMP_LABEL disabled, while the modules are built depending on
+CONFIG_JUMP_LABEL. If HAVE_JUMP_LABEL macro happens to be different, modules
+are built with undefined references, e.g.:
+
+ERROR: "static_key_slow_inc" [net/netfilter/xt_TEE.ko] undefined!
+ERROR: "static_key_slow_dec" [net/netfilter/xt_TEE.ko] undefined!
+ERROR: "static_key_slow_dec" [net/netfilter/nft_meta.ko] undefined!
+ERROR: "static_key_slow_inc" [net/netfilter/nft_meta.ko] undefined!
+ERROR: "nf_hooks_needed" [net/netfilter/ipvs/ip_vs.ko] undefined!
+ERROR: "nf_hooks_needed" [net/ipv6/ipv6.ko] undefined!
+ERROR: "static_key_count" [net/ipv6/ipv6.ko] undefined!
+ERROR: "static_key_slow_inc" [net/ipv6/ipv6.ko] undefined!
+
+This change moves the check before all these references are added
+to KBUILD_CFLAGS. This is correct because subsequent KBUILD_CFLAGS
+modifications are not relevant to this check.
+
+Reported-by: Anton V. Boyarshinov <boyarsh@altlinux.org>
+Fixes: 35f860f9ba6a ("jump label: pass kbuild_cflags when checking for asm goto support")
+Signed-off-by: Gleb Fotengauer-Malinovskiy <glebfm@altlinux.org>
+Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
+Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Acked-by: David Lin <dtwlin@google.com>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Makefile | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -651,6 +651,12 @@ KBUILD_CFLAGS += $(call cc-ifversion, -l
+ # Tell gcc to never replace conditional load with a non-conditional one
+ KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
+
++# check for 'asm goto'
++ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-goto.sh $(CC) $(KBUILD_CFLAGS)), y)
++ KBUILD_CFLAGS += -DCC_HAVE_ASM_GOTO
++ KBUILD_AFLAGS += -DCC_HAVE_ASM_GOTO
++endif
++
+ include scripts/Makefile.gcc-plugins
+
+ ifdef CONFIG_READABLE_ASM
+@@ -796,12 +802,6 @@ KBUILD_CFLAGS += $(call cc-option,-Wer
+ # use the deterministic mode of AR if available
+ KBUILD_ARFLAGS := $(call ar-option,D)
+
+-# check for 'asm goto'
+-ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-goto.sh $(CC) $(KBUILD_CFLAGS)), y)
+- KBUILD_CFLAGS += -DCC_HAVE_ASM_GOTO
+- KBUILD_AFLAGS += -DCC_HAVE_ASM_GOTO
+-endif
+-
+ include scripts/Makefile.kasan
+ include scripts/Makefile.extrawarn
+ include scripts/Makefile.ubsan
--- /dev/null
+From 898805e0cdf7fd860ec21bf661d3a0285a3defbd Mon Sep 17 00:00:00 2001
+From: Russell King <rmk+kernel@armlinux.org.uk>
+Date: Tue, 30 May 2017 16:21:51 +0100
+Subject: net: phy: fix marvell phy status reading
+
+From: Russell King <rmk+kernel@armlinux.org.uk>
+
+commit 898805e0cdf7fd860ec21bf661d3a0285a3defbd upstream.
+
+The Marvell driver incorrectly provides phydev->lp_advertising as the
+logical and of the link partner's advert and our advert. This is
+incorrect - this field is supposed to store the link parter's unmodified
+advertisment.
+
+This allows ethtool to report the correct link partner auto-negotiation
+status.
+
+Fixes: be937f1f89ca ("Marvell PHY m88e1111 driver fix")
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/phy/marvell.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/net/phy/marvell.c
++++ b/drivers/net/phy/marvell.c
+@@ -1114,8 +1114,6 @@ static int marvell_read_status_page(stru
+ if (adv < 0)
+ return adv;
+
+- lpa &= adv;
+-
+ if (status & MII_M1011_PHY_STATUS_FULLDUPLEX)
+ phydev->duplex = DUPLEX_FULL;
+ else
--- /dev/null
+From bb1a619735b4660f21bce3e728b937640024b4ad Mon Sep 17 00:00:00 2001
+From: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
+Date: Wed, 8 Feb 2017 17:14:26 -0500
+Subject: net: phy: Initialize mdio clock at probe function
+
+From: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
+
+commit bb1a619735b4660f21bce3e728b937640024b4ad upstream.
+
+USB PHYs need the MDIO clock divisor enabled earlier to work.
+Initialize mdio clock divisor in probe function. The ext bus
+bit available in the same register will be used by mdio mux
+to enable external mdio.
+
+Signed-off-by: Yendapally Reddy Dhananjaya Reddy <yendapally.reddy@broadcom.com>
+Fixes: ddc24ae1 ("net: phy: Broadcom iProc MDIO bus driver")
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Jon Mason <jon.mason@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/phy/mdio-bcm-iproc.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/phy/mdio-bcm-iproc.c
++++ b/drivers/net/phy/mdio-bcm-iproc.c
+@@ -81,8 +81,6 @@ static int iproc_mdio_read(struct mii_bu
+ if (rc)
+ return rc;
+
+- iproc_mdio_config_clk(priv->base);
+-
+ /* Prepare the read operation */
+ cmd = (MII_DATA_TA_VAL << MII_DATA_TA_SHIFT) |
+ (reg << MII_DATA_RA_SHIFT) |
+@@ -112,8 +110,6 @@ static int iproc_mdio_write(struct mii_b
+ if (rc)
+ return rc;
+
+- iproc_mdio_config_clk(priv->base);
+-
+ /* Prepare the write operation */
+ cmd = (MII_DATA_TA_VAL << MII_DATA_TA_SHIFT) |
+ (reg << MII_DATA_RA_SHIFT) |
+@@ -163,6 +159,8 @@ static int iproc_mdio_probe(struct platf
+ bus->read = iproc_mdio_read;
+ bus->write = iproc_mdio_write;
+
++ iproc_mdio_config_clk(priv->base);
++
+ rc = of_mdiobus_register(bus, pdev->dev.of_node);
+ if (rc) {
+ dev_err(&pdev->dev, "MDIO bus registration failed\n");
--- /dev/null
+From 6232c17438ed01f43665197db5a98a4a4f77ef47 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Thu, 2 Feb 2017 10:57:40 +0100
+Subject: rt2x00: avoid introducing a USB dependency in the rt2x00lib module
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit 6232c17438ed01f43665197db5a98a4a4f77ef47 upstream.
+
+As reported by Felix:
+
+Though protected by an ifdef, introducing an usb symbol dependency in
+the rt2x00lib module is a major inconvenience for distributions that
+package kernel modules split into individual packages.
+
+Get rid of this unnecessary dependency by calling the usb related
+function from a more suitable place.
+
+Cc: Vishal Thanki <vishalthanki@gmail.com>
+Reported-by: Felix Fietkau <nbd@nbd.name>
+Fixes: 8b4c0009313f ("rt2x00usb: Use usb anchor to manage URB")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/ralink/rt2x00/rt2x00dev.c | 23 ++++++++---------------
+ drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 5 +++++
+ 2 files changed, 13 insertions(+), 15 deletions(-)
+
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00dev.c
+@@ -1422,21 +1422,6 @@ void rt2x00lib_remove_dev(struct rt2x00_
+ cancel_work_sync(&rt2x00dev->intf_work);
+ cancel_delayed_work_sync(&rt2x00dev->autowakeup_work);
+ cancel_work_sync(&rt2x00dev->sleep_work);
+-#if IS_ENABLED(CONFIG_RT2X00_LIB_USB)
+- if (rt2x00_is_usb(rt2x00dev)) {
+- usb_kill_anchored_urbs(rt2x00dev->anchor);
+- hrtimer_cancel(&rt2x00dev->txstatus_timer);
+- cancel_work_sync(&rt2x00dev->rxdone_work);
+- cancel_work_sync(&rt2x00dev->txdone_work);
+- }
+-#endif
+- if (rt2x00dev->workqueue)
+- destroy_workqueue(rt2x00dev->workqueue);
+-
+- /*
+- * Free the tx status fifo.
+- */
+- kfifo_free(&rt2x00dev->txstatus_fifo);
+
+ /*
+ * Kill the tx status tasklet.
+@@ -1452,6 +1437,14 @@ void rt2x00lib_remove_dev(struct rt2x00_
+ */
+ rt2x00lib_uninitialize(rt2x00dev);
+
++ if (rt2x00dev->workqueue)
++ destroy_workqueue(rt2x00dev->workqueue);
++
++ /*
++ * Free the tx status fifo.
++ */
++ kfifo_free(&rt2x00dev->txstatus_fifo);
++
+ /*
+ * Free extra components
+ */
+--- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
++++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c
+@@ -740,6 +740,11 @@ void rt2x00usb_uninitialize(struct rt2x0
+ {
+ struct data_queue *queue;
+
++ usb_kill_anchored_urbs(rt2x00dev->anchor);
++ hrtimer_cancel(&rt2x00dev->txstatus_timer);
++ cancel_work_sync(&rt2x00dev->rxdone_work);
++ cancel_work_sync(&rt2x00dev->txdone_work);
++
+ queue_for_each(rt2x00dev, queue)
+ rt2x00usb_free_entries(queue);
+ }
rxrpc-fix-several-cases-where-a-padded-len-isn-t-checked-in-ticket-decode.patch
of-add-check-to-of_scan_flat_dt-before-accessing-initial_boot_params.patch
mtd-spi-nor-fix-spansion-quad-enable.patch
+usb-gadget-f_fs-avoid-out-of-bounds-access-on-comp_desc.patch
+rt2x00-avoid-introducing-a-usb-dependency-in-the-rt2x00lib-module.patch
+net-phy-initialize-mdio-clock-at-probe-function.patch
+dmaengine-bcm2835-fix-cyclic-dma-period-splitting.patch
+spi-double-time-out-tolerance.patch
+net-phy-fix-marvell-phy-status-reading.patch
+jump-label-fix-passing-kbuild_cflags-when-checking-for-asm-goto-support.patch
--- /dev/null
+From 833bfade96561216aa2129516a5926a0326860a2 Mon Sep 17 00:00:00 2001
+From: Hauke Mehrtens <hauke@hauke-m.de>
+Date: Mon, 17 Apr 2017 01:38:05 +0200
+Subject: spi: double time out tolerance
+
+From: Hauke Mehrtens <hauke@hauke-m.de>
+
+commit 833bfade96561216aa2129516a5926a0326860a2 upstream.
+
+The generic SPI code calculates how long the issued transfer would take
+and adds 100ms in addition to the timeout as tolerance. On my 500 MHz
+Lantiq Mips SoC I am getting timeouts from the SPI like this when the
+system boots up:
+
+m25p80 spi32766.4: SPI transfer timed out
+blk_update_request: I/O error, dev mtdblock3, sector 2
+SQUASHFS error: squashfs_read_data failed to read block 0x6e
+
+After increasing the tolerance for the timeout to 200ms I haven't seen
+these SPI transfer time outs any more.
+The Lantiq SPI driver in use here has an extra work queue in between,
+which gets triggered when the controller send the last word and the
+hardware FIFOs used for reading and writing are only 8 words long.
+
+Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/spi/spi.c
++++ b/drivers/spi/spi.c
+@@ -1004,7 +1004,7 @@ static int spi_transfer_one_message(stru
+ ret = 0;
+ ms = 8LL * 1000LL * xfer->len;
+ do_div(ms, xfer->speed_hz);
+- ms += ms + 100; /* some tolerance */
++ ms += ms + 200; /* some tolerance */
+
+ if (ms > UINT_MAX)
+ ms = UINT_MAX;
--- /dev/null
+From b7f73850bb4fac1e2209a4dd5e636d39be92f42c Mon Sep 17 00:00:00 2001
+From: William Wu <william.wu@rock-chips.com>
+Date: Tue, 25 Apr 2017 17:45:48 +0800
+Subject: usb: gadget: f_fs: avoid out of bounds access on comp_desc
+
+From: William Wu <william.wu@rock-chips.com>
+
+commit b7f73850bb4fac1e2209a4dd5e636d39be92f42c upstream.
+
+Companion descriptor is only used for SuperSpeed endpoints,
+if the endpoints are HighSpeed or FullSpeed, the Companion
+descriptor will not allocated, so we can only access it if
+gadget is SuperSpeed.
+
+I can reproduce this issue on Rockchip platform rk3368 SoC
+which supports USB 2.0, and use functionfs for ADB. Kernel
+build with CONFIG_KASAN=y and CONFIG_SLUB_DEBUG=y report
+the following BUG:
+
+==================================================================
+BUG: KASAN: slab-out-of-bounds in ffs_func_set_alt+0x224/0x3a0 at addr ffffffc0601f6509
+Read of size 1 by task swapper/0/0
+============================================================================
+BUG kmalloc-256 (Not tainted): kasan: bad access detected
+----------------------------------------------------------------------------
+
+Disabling lock debugging due to kernel taint
+INFO: Allocated in ffs_func_bind+0x52c/0x99c age=1275 cpu=0 pid=1
+alloc_debug_processing+0x128/0x17c
+___slab_alloc.constprop.58+0x50c/0x610
+__slab_alloc.isra.55.constprop.57+0x24/0x34
+__kmalloc+0xe0/0x250
+ffs_func_bind+0x52c/0x99c
+usb_add_function+0xd8/0x1d4
+configfs_composite_bind+0x48c/0x570
+udc_bind_to_driver+0x6c/0x170
+usb_udc_attach_driver+0xa4/0xd0
+gadget_dev_desc_UDC_store+0xcc/0x118
+configfs_write_file+0x1a0/0x1f8
+__vfs_write+0x64/0x174
+vfs_write+0xe4/0x200
+SyS_write+0x68/0xc8
+el0_svc_naked+0x24/0x28
+INFO: Freed in inode_doinit_with_dentry+0x3f0/0x7c4 age=1275 cpu=7 pid=247
+...
+Call trace:
+[<ffffff900808aab4>] dump_backtrace+0x0/0x230
+[<ffffff900808acf8>] show_stack+0x14/0x1c
+[<ffffff90084ad420>] dump_stack+0xa0/0xc8
+[<ffffff90082157cc>] print_trailer+0x188/0x198
+[<ffffff9008215948>] object_err+0x3c/0x4c
+[<ffffff900821b5ac>] kasan_report+0x324/0x4dc
+[<ffffff900821aa38>] __asan_load1+0x24/0x50
+[<ffffff90089eb750>] ffs_func_set_alt+0x224/0x3a0
+[<ffffff90089d3760>] composite_setup+0xdcc/0x1ac8
+[<ffffff90089d7394>] android_setup+0x124/0x1a0
+[<ffffff90089acd18>] _setup+0x54/0x74
+[<ffffff90089b6b98>] handle_ep0+0x3288/0x4390
+[<ffffff90089b9b44>] dwc_otg_pcd_handle_out_ep_intr+0x14dc/0x2ae4
+[<ffffff90089be85c>] dwc_otg_pcd_handle_intr+0x1ec/0x298
+[<ffffff90089ad680>] dwc_otg_pcd_irq+0x10/0x20
+[<ffffff9008116328>] handle_irq_event_percpu+0x124/0x3ac
+[<ffffff9008116610>] handle_irq_event+0x60/0xa0
+[<ffffff900811af30>] handle_fasteoi_irq+0x10c/0x1d4
+[<ffffff9008115568>] generic_handle_irq+0x30/0x40
+[<ffffff90081159b4>] __handle_domain_irq+0xac/0xdc
+[<ffffff9008080e9c>] gic_handle_irq+0x64/0xa4
+...
+Memory state around the buggy address:
+ ffffffc0601f6400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ ffffffc0601f6480: 00 00 00 00 00 00 00 00 00 00 06 fc fc fc fc fc
+ >ffffffc0601f6500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+ ^
+ ffffffc0601f6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+ ffffffc0601f6600: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
+==================================================================
+
+Signed-off-by: William Wu <william.wu@rock-chips.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Cc: Jerry Zhang <zhangjerry@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/function/f_fs.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/drivers/usb/gadget/function/f_fs.c
++++ b/drivers/usb/gadget/function/f_fs.c
+@@ -1858,12 +1858,12 @@ static int ffs_func_eps_enable(struct ff
+ ep->ep->driver_data = ep;
+ ep->ep->desc = ds;
+
+- comp_desc = (struct usb_ss_ep_comp_descriptor *)(ds +
+- USB_DT_ENDPOINT_SIZE);
+- ep->ep->maxburst = comp_desc->bMaxBurst + 1;
+-
+- if (needs_comp_desc)
++ if (needs_comp_desc) {
++ comp_desc = (struct usb_ss_ep_comp_descriptor *)(ds +
++ USB_DT_ENDPOINT_SIZE);
++ ep->ep->maxburst = comp_desc->bMaxBurst + 1;
+ ep->ep->comp_desc = comp_desc;
++ }
+
+ ret = usb_ep_enable(ep->ep);
+ if (likely(!ret)) {
projects / thirdparty / kernel / stable-queue.git / commitdiff
