From: Greg Kroah-Hartman Date: Mon, 8 Jul 2019 12:45:04 +0000 (+0200) Subject: 5.1-stable patches X-Git-Tag: v5.1.17~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e8dcb4c0c161414d1b2ed27b21457a23f1f01511;p=thirdparty%2Fkernel%2Fstable-queue.git 5.1-stable patches added patches: dmaengine-imx-sdma-remove-bd_intr-for-channel0.patch dmaengine-jz4780-fix-an-endian-bug-in-irq-handler.patch dmaengine-qcom-bam_dma-fix-completed-descriptors-count.patch fs-validate_fs_parser-should-default-to-n.patch mips-add-missing-ehb-in-mtc0-mfc0-sequence.patch mips-fix-bounds-check-virt_addr_valid.patch mips-have-plain-make-calls-build-dtbs-for-selected-platforms.patch --- diff --git a/queue-5.1/dmaengine-imx-sdma-remove-bd_intr-for-channel0.patch b/queue-5.1/dmaengine-imx-sdma-remove-bd_intr-for-channel0.patch new file mode 100644 index 00000000000..43f3ed01a45 --- /dev/null +++ b/queue-5.1/dmaengine-imx-sdma-remove-bd_intr-for-channel0.patch @@ -0,0 +1,54 @@ +From 3f93a4f297961c12bb17aa16cb3a4d1291823cae Mon Sep 17 00:00:00 2001 +From: Robin Gong +Date: Fri, 21 Jun 2019 16:23:06 +0800 +Subject: dmaengine: imx-sdma: remove BD_INTR for channel0 + +From: Robin Gong + +commit 3f93a4f297961c12bb17aa16cb3a4d1291823cae upstream. + +It is possible for an irq triggered by channel0 to be received later +after clks are disabled once firmware loaded during sdma probe. If +that happens then clearing them by writing to SDMA_H_INTR won't work +and the kernel will hang processing infinite interrupts. Actually, +don't need interrupt triggered on channel0 since it's pollling +SDMA_H_STATSTOP to know channel0 done rather than interrupt in +current code, just clear BD_INTR to disable channel0 interrupt to +avoid the above case. +This issue was brought by commit 1d069bfa3c78 ("dmaengine: imx-sdma: +ack channel 0 IRQ in the interrupt handler") which didn't take care +the above case. + +Fixes: 1d069bfa3c78 ("dmaengine: imx-sdma: ack channel 0 IRQ in the interrupt handler") +Cc: stable@vger.kernel.org #5.0+ +Signed-off-by: Robin Gong +Reported-by: Sven Van Asbroeck +Tested-by: Sven Van Asbroeck +Reviewed-by: Michael Olbrich +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/dma/imx-sdma.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/dma/imx-sdma.c ++++ b/drivers/dma/imx-sdma.c +@@ -703,7 +703,7 @@ static int sdma_load_script(struct sdma_ + spin_lock_irqsave(&sdma->channel_0_lock, flags); + + bd0->mode.command = C0_SETPM; +- bd0->mode.status = BD_DONE | BD_INTR | BD_WRAP | BD_EXTD; ++ bd0->mode.status = BD_DONE | BD_WRAP | BD_EXTD; + bd0->mode.count = size / 2; + bd0->buffer_addr = buf_phys; + bd0->ext_buffer_addr = address; +@@ -1025,7 +1025,7 @@ static int sdma_load_context(struct sdma + context->gReg[7] = sdmac->watermark_level; + + bd0->mode.command = C0_SETDM; +- bd0->mode.status = BD_DONE | BD_INTR | BD_WRAP | BD_EXTD; ++ bd0->mode.status = BD_DONE | BD_WRAP | BD_EXTD; + bd0->mode.count = sizeof(*context) / 4; + bd0->buffer_addr = sdma->context_phys; + bd0->ext_buffer_addr = 2048 + (sizeof(*context) / 4) * channel; diff --git a/queue-5.1/dmaengine-jz4780-fix-an-endian-bug-in-irq-handler.patch b/queue-5.1/dmaengine-jz4780-fix-an-endian-bug-in-irq-handler.patch new file mode 100644 index 00000000000..56c15afae93 --- /dev/null +++ b/queue-5.1/dmaengine-jz4780-fix-an-endian-bug-in-irq-handler.patch @@ -0,0 +1,40 @@ +From 4c89cc73d1da42ae48b5c5dfbfd12304d0b86786 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Mon, 24 Jun 2019 16:49:40 +0300 +Subject: dmaengine: jz4780: Fix an endian bug in IRQ handler + +From: Dan Carpenter + +commit 4c89cc73d1da42ae48b5c5dfbfd12304d0b86786 upstream. + +The "pending" variable was a u32 but we cast it to an unsigned long +pointer when we do the for_each_set_bit() loop. The problem is that on +big endian 64bit systems that results in an out of bounds read. + +Fixes: 4e4106f5e942 ("dmaengine: jz4780: Fix transfers being ACKed too soon") +Signed-off-by: Dan Carpenter +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/dma/dma-jz4780.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/dma/dma-jz4780.c ++++ b/drivers/dma/dma-jz4780.c +@@ -722,12 +722,13 @@ static irqreturn_t jz4780_dma_irq_handle + { + struct jz4780_dma_dev *jzdma = data; + unsigned int nb_channels = jzdma->soc_data->nb_channels; +- uint32_t pending, dmac; ++ unsigned long pending; ++ uint32_t dmac; + int i; + + pending = jz4780_dma_ctrl_readl(jzdma, JZ_DMA_REG_DIRQP); + +- for_each_set_bit(i, (unsigned long *)&pending, nb_channels) { ++ for_each_set_bit(i, &pending, nb_channels) { + if (jz4780_dma_chan_irq(jzdma, &jzdma->chan[i])) + pending &= ~BIT(i); + } diff --git a/queue-5.1/dmaengine-qcom-bam_dma-fix-completed-descriptors-count.patch b/queue-5.1/dmaengine-qcom-bam_dma-fix-completed-descriptors-count.patch new file mode 100644 index 00000000000..59e3a7d477e --- /dev/null +++ b/queue-5.1/dmaengine-qcom-bam_dma-fix-completed-descriptors-count.patch @@ -0,0 +1,39 @@ +From f6034225442c4a87906d36e975fd9e99a8f95487 Mon Sep 17 00:00:00 2001 +From: Sricharan R +Date: Fri, 28 Jun 2019 17:39:46 +0530 +Subject: dmaengine: qcom: bam_dma: Fix completed descriptors count + +From: Sricharan R + +commit f6034225442c4a87906d36e975fd9e99a8f95487 upstream. + +One space is left unused in circular FIFO to differentiate +'full' and 'empty' cases. So take that in to account while +counting for the descriptors completed. + +Fixes the issue reported here, + https://lkml.org/lkml/2019/6/18/669 + +Cc: stable@vger.kernel.org +Reported-by: Srinivas Kandagatla +Signed-off-by: Sricharan R +Tested-by: Srinivas Kandagatla +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/dma/qcom/bam_dma.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/dma/qcom/bam_dma.c ++++ b/drivers/dma/qcom/bam_dma.c +@@ -808,6 +808,9 @@ static u32 process_channel_irqs(struct b + /* Number of bytes available to read */ + avail = CIRC_CNT(offset, bchan->head, MAX_DESCRIPTORS + 1); + ++ if (offset < bchan->head) ++ avail--; ++ + list_for_each_entry_safe(async_desc, tmp, + &bchan->desc_list, desc_node) { + /* Not enough data to read */ diff --git a/queue-5.1/fs-validate_fs_parser-should-default-to-n.patch b/queue-5.1/fs-validate_fs_parser-should-default-to-n.patch new file mode 100644 index 00000000000..eec46f0c2f5 --- /dev/null +++ b/queue-5.1/fs-validate_fs_parser-should-default-to-n.patch @@ -0,0 +1,34 @@ +From 75f2d86b20bf6aec0392d6dd2ae3ffff26d2ae0e Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Mon, 1 Apr 2019 13:53:57 +0200 +Subject: fs: VALIDATE_FS_PARSER should default to n + +From: Geert Uytterhoeven + +commit 75f2d86b20bf6aec0392d6dd2ae3ffff26d2ae0e upstream. + +CONFIG_VALIDATE_FS_PARSER is a debugging tool to check that the parser +tables are vaguely sane. It was set to default to 'Y' for the moment to +catch errors in upcoming fs conversion development. + +Make sure it is not enabled by default in the final release of v5.1. + +Fixes: 31d921c7fb969172 ("vfs: Add configuration parser helpers") +Signed-off-by: Geert Uytterhoeven +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + fs/Kconfig | 1 - + 1 file changed, 1 deletion(-) + +--- a/fs/Kconfig ++++ b/fs/Kconfig +@@ -10,7 +10,6 @@ config DCACHE_WORD_ACCESS + + config VALIDATE_FS_PARSER + bool "Validate filesystem parameter description" +- default y + help + Enable this to perform validation of the parameter description for a + filesystem when it is registered. diff --git a/queue-5.1/mips-add-missing-ehb-in-mtc0-mfc0-sequence.patch b/queue-5.1/mips-add-missing-ehb-in-mtc0-mfc0-sequence.patch new file mode 100644 index 00000000000..5e085ad4d0f --- /dev/null +++ b/queue-5.1/mips-add-missing-ehb-in-mtc0-mfc0-sequence.patch @@ -0,0 +1,127 @@ +From 0b24cae4d535045f4c9e177aa228d4e97bad212c Mon Sep 17 00:00:00 2001 +From: Dmitry Korotin +Date: Mon, 24 Jun 2019 19:05:27 +0000 +Subject: MIPS: Add missing EHB in mtc0 -> mfc0 sequence. + +From: Dmitry Korotin + +commit 0b24cae4d535045f4c9e177aa228d4e97bad212c upstream. + +Add a missing EHB (Execution Hazard Barrier) in mtc0 -> mfc0 sequence. +Without this execution hazard barrier it's possible for the value read +back from the KScratch register to be the value from before the mtc0. + +Reproducible on P5600 & P6600. + +The hazard is documented in the MIPS Architecture Reference Manual Vol. +III: MIPS32/microMIPS32 Privileged Resource Architecture (MD00088), rev +6.03 table 8.1 which includes: + + Producer | Consumer | Hazard + ----------|----------|---------------------------- + mtc0 | mfc0 | any coprocessor 0 register + +Signed-off-by: Dmitry Korotin +[paul.burton@mips.com: + - Commit message tweaks. + - Add Fixes tags. + - Mark for stable back to v3.15 where P5600 support was introduced.] +Signed-off-by: Paul Burton +Fixes: 3d8bfdd03072 ("MIPS: Use C0_KScratch (if present) to hold PGD pointer.") +Fixes: 829dcc0a956a ("MIPS: Add MIPS P5600 probe support") +Cc: linux-mips@vger.kernel.org +Cc: stable@vger.kernel.org # v3.15+ +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/mm/tlbex.c | 29 ++++++++++++++++++++--------- + 1 file changed, 20 insertions(+), 9 deletions(-) + +--- a/arch/mips/mm/tlbex.c ++++ b/arch/mips/mm/tlbex.c +@@ -391,6 +391,7 @@ static struct work_registers build_get_w + static void build_restore_work_registers(u32 **p) + { + if (scratch_reg >= 0) { ++ uasm_i_ehb(p); + UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg); + return; + } +@@ -668,10 +669,12 @@ static void build_restore_pagemask(u32 * + uasm_i_mtc0(p, 0, C0_PAGEMASK); + uasm_il_b(p, r, lid); + } +- if (scratch_reg >= 0) ++ if (scratch_reg >= 0) { ++ uasm_i_ehb(p); + UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg); +- else ++ } else { + UASM_i_LW(p, 1, scratchpad_offset(0), 0); ++ } + } else { + /* Reset default page size */ + if (PM_DEFAULT_MASK >> 16) { +@@ -938,10 +941,12 @@ build_get_pgd_vmalloc64(u32 **p, struct + uasm_i_jr(p, ptr); + + if (mode == refill_scratch) { +- if (scratch_reg >= 0) ++ if (scratch_reg >= 0) { ++ uasm_i_ehb(p); + UASM_i_MFC0(p, 1, c0_kscratch(), scratch_reg); +- else ++ } else { + UASM_i_LW(p, 1, scratchpad_offset(0), 0); ++ } + } else { + uasm_i_nop(p); + } +@@ -1258,6 +1263,7 @@ build_fast_tlb_refill_handler (u32 **p, + UASM_i_MTC0(p, odd, C0_ENTRYLO1); /* load it */ + + if (c0_scratch_reg >= 0) { ++ uasm_i_ehb(p); + UASM_i_MFC0(p, scratch, c0_kscratch(), c0_scratch_reg); + build_tlb_write_entry(p, l, r, tlb_random); + uasm_l_leave(l, *p); +@@ -1603,15 +1609,17 @@ static void build_setup_pgd(void) + uasm_i_dinsm(&p, a0, 0, 29, 64 - 29); + uasm_l_tlbl_goaround1(&l, p); + UASM_i_SLL(&p, a0, a0, 11); +- uasm_i_jr(&p, 31); + UASM_i_MTC0(&p, a0, C0_CONTEXT); ++ uasm_i_jr(&p, 31); ++ uasm_i_ehb(&p); + } else { + /* PGD in c0_KScratch */ +- uasm_i_jr(&p, 31); + if (cpu_has_ldpte) + UASM_i_MTC0(&p, a0, C0_PWBASE); + else + UASM_i_MTC0(&p, a0, c0_kscratch(), pgd_reg); ++ uasm_i_jr(&p, 31); ++ uasm_i_ehb(&p); + } + #else + #ifdef CONFIG_SMP +@@ -1625,13 +1633,16 @@ static void build_setup_pgd(void) + UASM_i_LA_mostly(&p, a2, pgdc); + UASM_i_SW(&p, a0, uasm_rel_lo(pgdc), a2); + #endif /* SMP */ +- uasm_i_jr(&p, 31); + + /* if pgd_reg is allocated, save PGD also to scratch register */ +- if (pgd_reg != -1) ++ if (pgd_reg != -1) { + UASM_i_MTC0(&p, a0, c0_kscratch(), pgd_reg); +- else ++ uasm_i_jr(&p, 31); ++ uasm_i_ehb(&p); ++ } else { ++ uasm_i_jr(&p, 31); + uasm_i_nop(&p); ++ } + #endif + if (p >= (u32 *)tlbmiss_handler_setup_pgd_end) + panic("tlbmiss_handler_setup_pgd space exceeded"); diff --git a/queue-5.1/mips-fix-bounds-check-virt_addr_valid.patch b/queue-5.1/mips-fix-bounds-check-virt_addr_valid.patch new file mode 100644 index 00000000000..6b7862c53d9 --- /dev/null +++ b/queue-5.1/mips-fix-bounds-check-virt_addr_valid.patch @@ -0,0 +1,46 @@ +From d6ed083f5cc621e15c15b56c3b585fd524dbcb0f Mon Sep 17 00:00:00 2001 +From: Hauke Mehrtens +Date: Mon, 17 Jun 2019 00:30:39 +0200 +Subject: MIPS: Fix bounds check virt_addr_valid + +From: Hauke Mehrtens + +commit d6ed083f5cc621e15c15b56c3b585fd524dbcb0f upstream. + +The bounds check used the uninitialized variable vaddr, it should use +the given parameter kaddr instead. When using the uninitialized value +the compiler assumed it to be 0 and optimized this function to just +return 0 in all cases. + +This should make the function check the range of the given address and +only do the page map check in case it is in the expected range of +virtual addresses. + +Fixes: 074a1e1167af ("MIPS: Bounds check virt_addr_valid") +Cc: stable@vger.kernel.org # v4.12+ +Cc: Paul Burton +Signed-off-by: Hauke Mehrtens +Signed-off-by: Paul Burton +Cc: ralf@linux-mips.org +Cc: jhogan@kernel.org +Cc: f4bug@amsat.org +Cc: linux-mips@vger.kernel.org +Cc: ysu@wavecomp.com +Cc: jcristau@debian.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/mm/mmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/mm/mmap.c ++++ b/arch/mips/mm/mmap.c +@@ -203,7 +203,7 @@ unsigned long arch_randomize_brk(struct + + int __virt_addr_valid(const volatile void *kaddr) + { +- unsigned long vaddr = (unsigned long)vaddr; ++ unsigned long vaddr = (unsigned long)kaddr; + + if ((vaddr < PAGE_OFFSET) || (vaddr >= MAP_BASE)) + return 0; diff --git a/queue-5.1/mips-have-plain-make-calls-build-dtbs-for-selected-platforms.patch b/queue-5.1/mips-have-plain-make-calls-build-dtbs-for-selected-platforms.patch new file mode 100644 index 00000000000..a2048bc3fdc --- /dev/null +++ b/queue-5.1/mips-have-plain-make-calls-build-dtbs-for-selected-platforms.patch @@ -0,0 +1,44 @@ +From 637dfa0fad6d91a9a709dc70549a6d20fa77f615 Mon Sep 17 00:00:00 2001 +From: Cedric Hombourger +Date: Thu, 13 Jun 2019 10:52:50 +0200 +Subject: MIPS: have "plain" make calls build dtbs for selected platforms + +From: Cedric Hombourger + +commit 637dfa0fad6d91a9a709dc70549a6d20fa77f615 upstream. + +scripts/package/builddeb calls "make dtbs_install" after executing +a plain make (i.e. no build targets specified). It will fail if dtbs +were not built beforehand. Match the arm64 architecture where DTBs get +built by the "all" target. + +Signed-off-by: Cedric Hombourger +[paul.burton@mips.com: s/builddep/builddeb] +Signed-off-by: Paul Burton +Cc: linux-mips@vger.kernel.org +Cc: stable@vger.kernel.org # v4.1+ +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/Makefile | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/mips/Makefile ++++ b/arch/mips/Makefile +@@ -17,6 +17,7 @@ archscripts: scripts_basic + $(Q)$(MAKE) $(build)=arch/mips/boot/tools relocs + + KBUILD_DEFCONFIG := 32r2el_defconfig ++KBUILD_DTBS := dtbs + + # + # Select the object file format to substitute into the linker script. +@@ -384,7 +385,7 @@ quiet_cmd_64 = OBJCOPY $@ + vmlinux.64: vmlinux + $(call cmd,64) + +-all: $(all-y) ++all: $(all-y) $(KBUILD_DTBS) + + # boot + $(boot-y): $(vmlinux-32) FORCE diff --git a/queue-5.1/series b/queue-5.1/series index 8836ea5ee0e..3ee5a7a6315 100644 --- a/queue-5.1/series +++ b/queue-5.1/series @@ -86,3 +86,10 @@ kvm-x86-degrade-warn-to-pr_warn_ratelimited.patch kvm-lapic-fix-pending-interrupt-in-irr-blocked-by-software-disable-lapic.patch nfsd-fix-overflow-causing-non-working-mounts-on-1-tb-machines.patch svcrdma-ignore-source-port-when-computing-drc-hash.patch +mips-fix-bounds-check-virt_addr_valid.patch +mips-add-missing-ehb-in-mtc0-mfc0-sequence.patch +mips-have-plain-make-calls-build-dtbs-for-selected-platforms.patch +dmaengine-qcom-bam_dma-fix-completed-descriptors-count.patch +dmaengine-imx-sdma-remove-bd_intr-for-channel0.patch +dmaengine-jz4780-fix-an-endian-bug-in-irq-handler.patch +fs-validate_fs_parser-should-default-to-n.patch