linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability
@ 2019-01-28 15:55 Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 002/258] staging: iio: adc: ad7280a: handle error from __ad7280_read32() Sasha Levin
                   ` (256 more replies)
  0 siblings, 257 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Gustavo A. R. Silva, Daniel Vetter, Sasha Levin, dri-devel

From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>

[ Upstream commit a37805098900a6e73a55b3a43b7d3bcd987bb3f4 ]

idx can be indirectly controlled by user-space, hence leading to a
potential exploitation of the Spectre variant 1 vulnerability.

This issue was detected with the help of Smatch:

drivers/gpu/drm/drm_bufs.c:1420 drm_legacy_freebufs() warn: potential
spectre issue 'dma->buflist' [r] (local cap)

Fix this by sanitizing idx before using it to index dma->buflist

Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].

[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20181016095549.GA23586@embeddedor.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/drm_bufs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/gpu/drm/drm_bufs.c b/drivers/gpu/drm/drm_bufs.c
index ba8cfe65c65b..e2f775d1c112 100644
--- a/drivers/gpu/drm/drm_bufs.c
+++ b/drivers/gpu/drm/drm_bufs.c
@@ -36,6 +36,8 @@
 #include <drm/drmP.h>
 #include "drm_legacy.h"
 
+#include <linux/nospec.h>
+
 static struct drm_map_list *drm_find_matching_map(struct drm_device *dev,
 						  struct drm_local_map *map)
 {
@@ -1417,6 +1419,7 @@ int drm_legacy_freebufs(struct drm_device *dev, void *data,
 				  idx, dma->buf_count - 1);
 			return -EINVAL;
 		}
+		idx = array_index_nospec(idx, dma->buf_count);
 		buf = dma->buflist[idx];
 		if (buf->file_priv != file_priv) {
 			DRM_ERROR("Process %d freeing buffer not owned\n",
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 002/258] staging: iio: adc: ad7280a: handle error from __ad7280_read32()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 003/258] drm/vgem: Fix vgem_init to get drm device available Sasha Levin
                   ` (255 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Slawomir Stepien, Jonathan Cameron, Sasha Levin, linux-iio, devel

From: Slawomir Stepien <sst@poczta.fm>

[ Upstream commit 0559ef7fde67bc6c83c6eb6329dbd6649528263e ]

Inside __ad7280_read32(), the spi_sync_transfer() can fail with negative
error code. This change will ensure that this error is being passed up
in the call stack, so it can be handled.

Signed-off-by: Slawomir Stepien <sst@poczta.fm>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/iio/adc/ad7280a.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/drivers/staging/iio/adc/ad7280a.c b/drivers/staging/iio/adc/ad7280a.c
index b736275c10f5..6a48ad067a8b 100644
--- a/drivers/staging/iio/adc/ad7280a.c
+++ b/drivers/staging/iio/adc/ad7280a.c
@@ -256,7 +256,9 @@ static int ad7280_read(struct ad7280_state *st, unsigned int devaddr,
 	if (ret)
 		return ret;
 
-	__ad7280_read32(st, &tmp);
+	ret = __ad7280_read32(st, &tmp);
+	if (ret)
+		return ret;
 
 	if (ad7280_check_crc(st, tmp))
 		return -EIO;
@@ -294,7 +296,9 @@ static int ad7280_read_channel(struct ad7280_state *st, unsigned int devaddr,
 
 	ad7280_delay(st);
 
-	__ad7280_read32(st, &tmp);
+	ret = __ad7280_read32(st, &tmp);
+	if (ret)
+		return ret;
 
 	if (ad7280_check_crc(st, tmp))
 		return -EIO;
@@ -327,7 +331,9 @@ static int ad7280_read_all_channels(struct ad7280_state *st, unsigned int cnt,
 	ad7280_delay(st);
 
 	for (i = 0; i < cnt; i++) {
-		__ad7280_read32(st, &tmp);
+		ret = __ad7280_read32(st, &tmp);
+		if (ret)
+			return ret;
 
 		if (ad7280_check_crc(st, tmp))
 			return -EIO;
@@ -370,7 +376,10 @@ static int ad7280_chain_setup(struct ad7280_state *st)
 		return ret;
 
 	for (n = 0; n <= AD7280A_MAX_CHAIN; n++) {
-		__ad7280_read32(st, &val);
+		ret = __ad7280_read32(st, &val);
+		if (ret)
+			return ret;
+
 		if (val == 0)
 			return n - 1;
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 003/258] drm/vgem: Fix vgem_init to get drm device available.
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 002/258] staging: iio: adc: ad7280a: handle error from __ad7280_read32() Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 004/258] pinctrl: bcm2835: Use raw spinlock for RT compatibility Sasha Levin
                   ` (254 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Deepak Sharma, Daniel Vetter, Emil Velikov, Sasha Levin, dri-devel

From: Deepak Sharma <deepak.sharma@amd.com>

[ Upstream commit d5c04dff24870ef07ce6453a3f4e1ffd9cf88d27 ]

Modify vgem_init to take platform dev as parent in drm_dev_init.
This will make drm device available at "/sys/devices/platform/vgem"
in x86 chromebook.

v2: rebase, address checkpatch typo and line over 80 characters

Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Deepak Sharma <deepak.sharma@amd.com>
Reviewed-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: https://patchwork.freedesktop.org/patch/msgid/20181023163550.15211-1-emil.l.velikov@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/vgem/vgem_drv.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/drivers/gpu/drm/vgem/vgem_drv.c b/drivers/gpu/drm/vgem/vgem_drv.c
index 0e5620f76ee0..6887db878b38 100644
--- a/drivers/gpu/drm/vgem/vgem_drv.c
+++ b/drivers/gpu/drm/vgem/vgem_drv.c
@@ -471,31 +471,31 @@ static int __init vgem_init(void)
 	if (!vgem_device)
 		return -ENOMEM;
 
-	ret = drm_dev_init(&vgem_device->drm, &vgem_driver, NULL);
-	if (ret)
-		goto out_free;
-
 	vgem_device->platform =
 		platform_device_register_simple("vgem", -1, NULL, 0);
 	if (IS_ERR(vgem_device->platform)) {
 		ret = PTR_ERR(vgem_device->platform);
-		goto out_fini;
+		goto out_free;
 	}
 
 	dma_coerce_mask_and_coherent(&vgem_device->platform->dev,
 				     DMA_BIT_MASK(64));
+	ret = drm_dev_init(&vgem_device->drm, &vgem_driver,
+			   &vgem_device->platform->dev);
+	if (ret)
+		goto out_unregister;
 
 	/* Final step: expose the device/driver to userspace */
 	ret  = drm_dev_register(&vgem_device->drm, 0);
 	if (ret)
-		goto out_unregister;
+		goto out_fini;
 
 	return 0;
 
-out_unregister:
-	platform_device_unregister(vgem_device->platform);
 out_fini:
 	drm_dev_fini(&vgem_device->drm);
+out_unregister:
+	platform_device_unregister(vgem_device->platform);
 out_free:
 	kfree(vgem_device);
 	return ret;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 004/258] pinctrl: bcm2835: Use raw spinlock for RT compatibility
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 002/258] staging: iio: adc: ad7280a: handle error from __ad7280_read32() Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 003/258] drm/vgem: Fix vgem_init to get drm device available Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 005/258] ASoC: Intel: mrfld: fix uninitialized variable access Sasha Levin
                   ` (253 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lukas Wunner, Mathias Duckeck, Linus Walleij, Sasha Levin, linux-gpio

From: Lukas Wunner <lukas@wunner.de>

[ Upstream commit 3c7b30f704b6f5e53eed6bf89cf2c8d1b38b02c0 ]

The BCM2835 pinctrl driver acquires a spinlock in its ->irq_enable,
->irq_disable and ->irq_set_type callbacks.  Spinlocks become sleeping
locks with CONFIG_PREEMPT_RT_FULL=y, therefore invocation of one of the
callbacks in atomic context may cause a hard lockup if at least two GPIO
pins in the same bank are used as interrupts.  The issue doesn't occur
with just a single interrupt pin per bank because the lock is never
contended.  I'm experiencing such lockups with GPIO 8 and 28 used as
level-triggered interrupts, i.e. with ->irq_disable being invoked on
reception of every IRQ.

The critical section protected by the spinlock is very small (one bitop
and one RMW of an MMIO register), hence converting to a raw spinlock
seems a better trade-off than converting the driver to threaded IRQ
handling (which would increase latency to handle an interrupt).

Cc: Mathias Duckeck <m.duckeck@kunbus.de>
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Acked-by: Julia Cartwright <julia@ni.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pinctrl/bcm/pinctrl-bcm2835.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/drivers/pinctrl/bcm/pinctrl-bcm2835.c b/drivers/pinctrl/bcm/pinctrl-bcm2835.c
index fa530913a2c8..08925d24180b 100644
--- a/drivers/pinctrl/bcm/pinctrl-bcm2835.c
+++ b/drivers/pinctrl/bcm/pinctrl-bcm2835.c
@@ -90,7 +90,7 @@ struct bcm2835_pinctrl {
 	struct gpio_chip gpio_chip;
 	struct pinctrl_gpio_range gpio_range;
 
-	spinlock_t irq_lock[BCM2835_NUM_BANKS];
+	raw_spinlock_t irq_lock[BCM2835_NUM_BANKS];
 };
 
 /* pins are just named GPIO0..GPIO53 */
@@ -461,10 +461,10 @@ static void bcm2835_gpio_irq_enable(struct irq_data *data)
 	unsigned bank = GPIO_REG_OFFSET(gpio);
 	unsigned long flags;
 
-	spin_lock_irqsave(&pc->irq_lock[bank], flags);
+	raw_spin_lock_irqsave(&pc->irq_lock[bank], flags);
 	set_bit(offset, &pc->enabled_irq_map[bank]);
 	bcm2835_gpio_irq_config(pc, gpio, true);
-	spin_unlock_irqrestore(&pc->irq_lock[bank], flags);
+	raw_spin_unlock_irqrestore(&pc->irq_lock[bank], flags);
 }
 
 static void bcm2835_gpio_irq_disable(struct irq_data *data)
@@ -476,12 +476,12 @@ static void bcm2835_gpio_irq_disable(struct irq_data *data)
 	unsigned bank = GPIO_REG_OFFSET(gpio);
 	unsigned long flags;
 
-	spin_lock_irqsave(&pc->irq_lock[bank], flags);
+	raw_spin_lock_irqsave(&pc->irq_lock[bank], flags);
 	bcm2835_gpio_irq_config(pc, gpio, false);
 	/* Clear events that were latched prior to clearing event sources */
 	bcm2835_gpio_set_bit(pc, GPEDS0, gpio);
 	clear_bit(offset, &pc->enabled_irq_map[bank]);
-	spin_unlock_irqrestore(&pc->irq_lock[bank], flags);
+	raw_spin_unlock_irqrestore(&pc->irq_lock[bank], flags);
 }
 
 static int __bcm2835_gpio_irq_set_type_disabled(struct bcm2835_pinctrl *pc,
@@ -584,7 +584,7 @@ static int bcm2835_gpio_irq_set_type(struct irq_data *data, unsigned int type)
 	unsigned long flags;
 	int ret;
 
-	spin_lock_irqsave(&pc->irq_lock[bank], flags);
+	raw_spin_lock_irqsave(&pc->irq_lock[bank], flags);
 
 	if (test_bit(offset, &pc->enabled_irq_map[bank]))
 		ret = __bcm2835_gpio_irq_set_type_enabled(pc, gpio, type);
@@ -596,7 +596,7 @@ static int bcm2835_gpio_irq_set_type(struct irq_data *data, unsigned int type)
 	else
 		irq_set_handler_locked(data, handle_level_irq);
 
-	spin_unlock_irqrestore(&pc->irq_lock[bank], flags);
+	raw_spin_unlock_irqrestore(&pc->irq_lock[bank], flags);
 
 	return ret;
 }
@@ -1047,7 +1047,7 @@ static int bcm2835_pinctrl_probe(struct platform_device *pdev)
 		for_each_set_bit(offset, &events, 32)
 			bcm2835_gpio_wr(pc, GPEDS0 + i * 4, BIT(offset));
 
-		spin_lock_init(&pc->irq_lock[i]);
+		raw_spin_lock_init(&pc->irq_lock[i]);
 	}
 
 	err = gpiochip_add_data(&pc->gpio_chip, pc);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 005/258] ASoC: Intel: mrfld: fix uninitialized variable access
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (2 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 004/258] pinctrl: bcm2835: Use raw spinlock for RT compatibility Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 006/258] gpiolib: Fix possible use after free on label Sasha Levin
                   ` (252 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Arnd Bergmann, Mark Brown, Sasha Levin

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 1539c7f23f256120f89f8b9ec53160790bce9ed2 ]

Randconfig testing revealed a very old bug, with gcc-8:

sound/soc/intel/atom/sst/sst_loader.c: In function 'sst_load_fw':
sound/soc/intel/atom/sst/sst_loader.c:357:5: error: 'fw' may be used uninitialized in this function [-Werror=maybe-uninitialized]
  if (fw == NULL) {
     ^
sound/soc/intel/atom/sst/sst_loader.c:354:25: note: 'fw' was declared here
  const struct firmware *fw;

We must check the return code of request_firmware() before we look at the
pointer result that may be uninitialized when the function fails.

Fixes: 9012c9544eea ("ASoC: Intel: mrfld - Add DSP load and management")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/intel/atom/sst/sst_loader.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/sound/soc/intel/atom/sst/sst_loader.c b/sound/soc/intel/atom/sst/sst_loader.c
index 27413ebae956..b8c456753f01 100644
--- a/sound/soc/intel/atom/sst/sst_loader.c
+++ b/sound/soc/intel/atom/sst/sst_loader.c
@@ -354,14 +354,14 @@ static int sst_request_fw(struct intel_sst_drv *sst)
 	const struct firmware *fw;
 
 	retval = request_firmware(&fw, sst->firmware_name, sst->dev);
-	if (fw == NULL) {
-		dev_err(sst->dev, "fw is returning as null\n");
-		return -EINVAL;
-	}
 	if (retval) {
 		dev_err(sst->dev, "request fw failed %d\n", retval);
 		return retval;
 	}
+	if (fw == NULL) {
+		dev_err(sst->dev, "fw is returning as null\n");
+		return -EINVAL;
+	}
 	mutex_lock(&sst->sst_lock);
 	retval = sst_cache_and_parse_fw(sst, fw);
 	mutex_unlock(&sst->sst_lock);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 006/258] gpiolib: Fix possible use after free on label
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (3 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 005/258] ASoC: Intel: mrfld: fix uninitialized variable access Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 007/258] drm/sun4i: Initialize registers in tcon-top driver Sasha Levin
                   ` (251 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Muchun Song, Linus Walleij, Sasha Levin, linux-gpio

From: Muchun Song <smuchun@gmail.com>

[ Upstream commit 18534df419041e6c1f4b41af56ee7d41f757815c ]

gpiod_request_commit() copies the pointer to the label passed as
an argument only to be used later. But there's a chance the caller
could immediately free the passed string(e.g., local variable).
This could trigger a use after free when we use gpio label(e.g.,
gpiochip_unlock_as_irq(), gpiochip_is_requested()).

To be on the safe side: duplicate the string with kstrdup_const()
so that if an unaware user passes an address to a stack-allocated
buffer, we won't get the arbitrary label.

Also fix gpiod_set_consumer_name().

Signed-off-by: Muchun Song <smuchun@gmail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpio/gpiolib.c        | 25 +++++++++++++++++++++----
 include/linux/gpio/consumer.h |  6 ++++--
 2 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c
index a8e01d99919c..647da2649c91 100644
--- a/drivers/gpio/gpiolib.c
+++ b/drivers/gpio/gpiolib.c
@@ -2271,6 +2271,12 @@ static int gpiod_request_commit(struct gpio_desc *desc, const char *label)
 	unsigned long		flags;
 	unsigned		offset;
 
+	if (label) {
+		label = kstrdup_const(label, GFP_KERNEL);
+		if (!label)
+			return -ENOMEM;
+	}
+
 	spin_lock_irqsave(&gpio_lock, flags);
 
 	/* NOTE:  gpio_request() can be called in early boot,
@@ -2281,6 +2287,7 @@ static int gpiod_request_commit(struct gpio_desc *desc, const char *label)
 		desc_set_label(desc, label ? : "?");
 		status = 0;
 	} else {
+		kfree_const(label);
 		status = -EBUSY;
 		goto done;
 	}
@@ -2297,6 +2304,7 @@ static int gpiod_request_commit(struct gpio_desc *desc, const char *label)
 
 		if (status < 0) {
 			desc_set_label(desc, NULL);
+			kfree_const(label);
 			clear_bit(FLAG_REQUESTED, &desc->flags);
 			goto done;
 		}
@@ -2392,6 +2400,7 @@ static bool gpiod_free_commit(struct gpio_desc *desc)
 			chip->free(chip, gpio_chip_hwgpio(desc));
 			spin_lock_irqsave(&gpio_lock, flags);
 		}
+		kfree_const(desc->label);
 		desc_set_label(desc, NULL);
 		clear_bit(FLAG_ACTIVE_LOW, &desc->flags);
 		clear_bit(FLAG_REQUESTED, &desc->flags);
@@ -3213,11 +3222,19 @@ EXPORT_SYMBOL_GPL(gpiod_cansleep);
  * @desc: gpio to set the consumer name on
  * @name: the new consumer name
  */
-void gpiod_set_consumer_name(struct gpio_desc *desc, const char *name)
+int gpiod_set_consumer_name(struct gpio_desc *desc, const char *name)
 {
-	VALIDATE_DESC_VOID(desc);
-	/* Just overwrite whatever the previous name was */
-	desc->label = name;
+	VALIDATE_DESC(desc);
+	if (name) {
+		name = kstrdup_const(name, GFP_KERNEL);
+		if (!name)
+			return -ENOMEM;
+	}
+
+	kfree_const(desc->label);
+	desc_set_label(desc, name);
+
+	return 0;
 }
 EXPORT_SYMBOL_GPL(gpiod_set_consumer_name);
 
diff --git a/include/linux/gpio/consumer.h b/include/linux/gpio/consumer.h
index 21ddbe440030..acc4279ad5e3 100644
--- a/include/linux/gpio/consumer.h
+++ b/include/linux/gpio/consumer.h
@@ -142,7 +142,7 @@ int gpiod_is_active_low(const struct gpio_desc *desc);
 int gpiod_cansleep(const struct gpio_desc *desc);
 
 int gpiod_to_irq(const struct gpio_desc *desc);
-void gpiod_set_consumer_name(struct gpio_desc *desc, const char *name);
+int gpiod_set_consumer_name(struct gpio_desc *desc, const char *name);
 
 /* Convert between the old gpio_ and new gpiod_ interfaces */
 struct gpio_desc *gpio_to_desc(unsigned gpio);
@@ -465,10 +465,12 @@ static inline int gpiod_to_irq(const struct gpio_desc *desc)
 	return -EINVAL;
 }
 
-static inline void gpiod_set_consumer_name(struct gpio_desc *desc, const char *name)
+static inline int gpiod_set_consumer_name(struct gpio_desc *desc,
+					  const char *name)
 {
 	/* GPIO can never have been requested */
 	WARN_ON(1);
+	return -EINVAL;
 }
 
 static inline struct gpio_desc *gpio_to_desc(unsigned gpio)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 007/258] drm/sun4i: Initialize registers in tcon-top driver
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (4 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 006/258] gpiolib: Fix possible use after free on label Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 008/258] genirq/affinity: Spread IRQs to all available NUMA nodes Sasha Levin
                   ` (250 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jernej Skrabec, Maxime Ripard, Sasha Levin, dri-devel

From: Jernej Skrabec <jernej.skrabec@siol.net>

[ Upstream commit c96d62215fb540e2ae61de44cb7caf4db50958e3 ]

It turns out that TCON TOP registers in H6 SoC have non-zero reset
value. This may cause issues if bits are not changed during
configuration.

To prevent that, initialize registers to 0.

Signed-off-by: Jernej Skrabec <jernej.skrabec@siol.net>
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181104182705.18047-24-jernej.skrabec@siol.net
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/sun4i/sun8i_tcon_top.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/gpu/drm/sun4i/sun8i_tcon_top.c b/drivers/gpu/drm/sun4i/sun8i_tcon_top.c
index d5240b777a8f..adcdf946c365 100644
--- a/drivers/gpu/drm/sun4i/sun8i_tcon_top.c
+++ b/drivers/gpu/drm/sun4i/sun8i_tcon_top.c
@@ -168,6 +168,13 @@ static int sun8i_tcon_top_bind(struct device *dev, struct device *master,
 		goto err_assert_reset;
 	}
 
+	/*
+	 * At least on H6, some registers have some bits set by default
+	 * which may cause issues. Clear them here.
+	 */
+	writel(0, regs + TCON_TOP_PORT_SEL_REG);
+	writel(0, regs + TCON_TOP_GATE_SRC_REG);
+
 	/*
 	 * TCON TOP has two muxes, which select parent clock for each TCON TV
 	 * channel clock. Parent could be either TCON TV or TVE clock. For now
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 008/258] genirq/affinity: Spread IRQs to all available NUMA nodes
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (5 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 007/258] drm/sun4i: Initialize registers in tcon-top driver Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 009/258] gpu: ipu-v3: image-convert: Prevent race between run and unprepare Sasha Levin
                   ` (249 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Long Li, Thomas Gleixner, Michael Kelley, Sasha Levin

From: Long Li <longli@microsoft.com>

[ Upstream commit b82592199032bf7c778f861b936287e37ebc9f62 ]

If the number of NUMA nodes exceeds the number of MSI/MSI-X interrupts
which are allocated for a device, the interrupt affinity spreading code
fails to spread them across all nodes.

The reason is, that the spreading code starts from node 0 and continues up
to the number of interrupts requested for allocation. This leaves the nodes
past the last interrupt unused.

This results in interrupt concentration on the first nodes which violates
the assumption of the block layer that all nodes are covered evenly. As a
consequence the NUMA nodes above the number of interrupts are all assigned
to hardware queue 0 and therefore NUMA node 0, which results in bad
performance and has CPU hotplug implications, because queue 0 gets shut
down when the last CPU of node 0 is offlined.

Go over all NUMA nodes and assign them round-robin to all requested
interrupts to solve this.

[ tglx: Massaged changelog ]

Signed-off-by: Long Li <longli@microsoft.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Cc: Michael Kelley <mikelley@microsoft.com>
Link: https://lkml.kernel.org/r/20181102180248.13583-1-longli@linuxonhyperv.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/irq/affinity.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/kernel/irq/affinity.c b/kernel/irq/affinity.c
index f4f29b9d90ee..e12cdf637c71 100644
--- a/kernel/irq/affinity.c
+++ b/kernel/irq/affinity.c
@@ -117,12 +117,11 @@ static int irq_build_affinity_masks(const struct irq_affinity *affd,
 	 */
 	if (numvecs <= nodes) {
 		for_each_node_mask(n, nodemsk) {
-			cpumask_copy(masks + curvec, node_to_cpumask[n]);
-			if (++done == numvecs)
-				break;
+			cpumask_or(masks + curvec, masks + curvec, node_to_cpumask[n]);
 			if (++curvec == last_affv)
 				curvec = affd->pre_vectors;
 		}
+		done = numvecs;
 		goto out;
 	}
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 009/258] gpu: ipu-v3: image-convert: Prevent race between run and unprepare
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (6 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 008/258] genirq/affinity: Spread IRQs to all available NUMA nodes Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 010/258] nds32: Fix gcc 8.0 compiler option incompatible Sasha Levin
                   ` (248 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Steve Longerbeam, Philipp Zabel, Sasha Levin, dri-devel

From: Steve Longerbeam <slongerbeam@gmail.com>

[ Upstream commit 819bec35c8c9706185498c9222bd244e0781ad35 ]

Prevent possible race by parallel threads between ipu_image_convert_run()
and ipu_image_convert_unprepare(). This involves setting ctx->aborting
to true unconditionally so that no new job runs can be queued during
unprepare, and holding the ctx->aborting flag until the context is freed.

Note that the "normal" ipu_image_convert_abort() case (e.g. not during
context unprepare) should clear the ctx->aborting flag after aborting
any active run and clearing the context's pending queue. This is because
it should be possible to continue to use the conversion context and queue
more runs after an abort.

Signed-off-by: Steve Longerbeam <slongerbeam@gmail.com>
Tested-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/ipu-v3/ipu-image-convert.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/drivers/gpu/ipu-v3/ipu-image-convert.c b/drivers/gpu/ipu-v3/ipu-image-convert.c
index f4081962784c..91653adc41cc 100644
--- a/drivers/gpu/ipu-v3/ipu-image-convert.c
+++ b/drivers/gpu/ipu-v3/ipu-image-convert.c
@@ -1524,7 +1524,7 @@ int ipu_image_convert_queue(struct ipu_image_convert_run *run)
 EXPORT_SYMBOL_GPL(ipu_image_convert_queue);
 
 /* Abort any active or pending conversions for this context */
-void ipu_image_convert_abort(struct ipu_image_convert_ctx *ctx)
+static void __ipu_image_convert_abort(struct ipu_image_convert_ctx *ctx)
 {
 	struct ipu_image_convert_chan *chan = ctx->chan;
 	struct ipu_image_convert_priv *priv = chan->priv;
@@ -1551,7 +1551,7 @@ void ipu_image_convert_abort(struct ipu_image_convert_ctx *ctx)
 
 	need_abort = (run_count || active_run);
 
-	ctx->aborting = need_abort;
+	ctx->aborting = true;
 
 	spin_unlock_irqrestore(&chan->irqlock, flags);
 
@@ -1572,7 +1572,11 @@ void ipu_image_convert_abort(struct ipu_image_convert_ctx *ctx)
 		dev_warn(priv->ipu->dev, "%s: timeout\n", __func__);
 		force_abort(ctx);
 	}
+}
 
+void ipu_image_convert_abort(struct ipu_image_convert_ctx *ctx)
+{
+	__ipu_image_convert_abort(ctx);
 	ctx->aborting = false;
 }
 EXPORT_SYMBOL_GPL(ipu_image_convert_abort);
@@ -1586,7 +1590,7 @@ void ipu_image_convert_unprepare(struct ipu_image_convert_ctx *ctx)
 	bool put_res;
 
 	/* make sure no runs are hanging around */
-	ipu_image_convert_abort(ctx);
+	__ipu_image_convert_abort(ctx);
 
 	dev_dbg(priv->ipu->dev, "%s: task %u: removing ctx %p\n", __func__,
 		chan->ic_task, ctx);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 010/258] nds32: Fix gcc 8.0 compiler option incompatible.
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (7 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 009/258] gpu: ipu-v3: image-convert: Prevent race between run and unprepare Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 011/258] wil6210: fix reset flow for Talyn-mb Sasha Levin
                   ` (247 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Nickhu, Zong Li, Greentime Hu, Sasha Levin

From: Nickhu <nickhu@andestech.com>

[ Upstream commit 4c3d6174e0e17599549f636ec48ddf78627a17fe ]

When the kernel configs of ftrace and frame pointer options are
choosed, the compiler option of kernel will incompatible.
	Error message:
		nds32le-linux-gcc: error: -pg and -fomit-frame-pointer are incompatible

Signed-off-by: Nickhu <nickhu@andestech.com>
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/nds32/mm/Makefile | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/nds32/mm/Makefile b/arch/nds32/mm/Makefile
index 6b6855852223..7c5c15ad854a 100644
--- a/arch/nds32/mm/Makefile
+++ b/arch/nds32/mm/Makefile
@@ -4,4 +4,8 @@ obj-y				:= extable.o tlb.o \
 
 obj-$(CONFIG_ALIGNMENT_TRAP)	+= alignment.o
 obj-$(CONFIG_HIGHMEM)           += highmem.o
-CFLAGS_proc-n13.o		+= -fomit-frame-pointer
+
+ifdef CONFIG_FUNCTION_TRACER
+CFLAGS_REMOVE_proc.o     = $(CC_FLAGS_FTRACE)
+endif
+CFLAGS_proc.o              += -fomit-frame-pointer
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 011/258] wil6210: fix reset flow for Talyn-mb
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (8 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 010/258] nds32: Fix gcc 8.0 compiler option incompatible Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 012/258] wil6210: fix memory leak in wil_find_tx_bcast_2 Sasha Levin
                   ` (246 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexei Avshalom Lazar, Maya Erez, Kalle Valo, Sasha Levin,
	linux-wireless, wil6210, netdev

From: Alexei Avshalom Lazar <ailizaro@codeaurora.org>

[ Upstream commit d083b2e2b7db5cca1791643d036e6597af27f49b ]

With current reset flow, Talyn sometimes get stuck causing PCIe
enumeration to fail. Fix this by removing some reset flow operations
that are not relevant for Talyn.
Setting bit 15 in RGF_HP_CTRL is WBE specific and is not in use for
all wil6210 devices.
For Sparrow, BIT_HPAL_PERST_FROM_PAD and BIT_CAR_PERST_RST were set
as a WA an HW issue.

Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/ath/wil6210/main.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/drivers/net/wireless/ath/wil6210/main.c b/drivers/net/wireless/ath/wil6210/main.c
index 7debed6bec06..a0fe8cbad104 100644
--- a/drivers/net/wireless/ath/wil6210/main.c
+++ b/drivers/net/wireless/ath/wil6210/main.c
@@ -995,10 +995,13 @@ static int wil_target_reset(struct wil6210_priv *wil, int no_flash)
 
 	wil_dbg_misc(wil, "Resetting \"%s\"...\n", wil->hw_name);
 
-	/* Clear MAC link up */
-	wil_s(wil, RGF_HP_CTRL, BIT(15));
-	wil_s(wil, RGF_USER_CLKS_CTL_SW_RST_MASK_0, BIT_HPAL_PERST_FROM_PAD);
-	wil_s(wil, RGF_USER_CLKS_CTL_SW_RST_MASK_0, BIT_CAR_PERST_RST);
+	if (wil->hw_version < HW_VER_TALYN) {
+		/* Clear MAC link up */
+		wil_s(wil, RGF_HP_CTRL, BIT(15));
+		wil_s(wil, RGF_USER_CLKS_CTL_SW_RST_MASK_0,
+		      BIT_HPAL_PERST_FROM_PAD);
+		wil_s(wil, RGF_USER_CLKS_CTL_SW_RST_MASK_0, BIT_CAR_PERST_RST);
+	}
 
 	wil_halt_cpu(wil);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 012/258] wil6210: fix memory leak in wil_find_tx_bcast_2
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (9 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 011/258] wil6210: fix reset flow for Talyn-mb Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 013/258] ath10k: assign 'n_cipher_suites' for WCN3990 Sasha Levin
                   ` (245 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lior David, Maya Erez, Kalle Valo, Sasha Levin, linux-wireless,
	wil6210, netdev

From: Lior David <liord@codeaurora.org>

[ Upstream commit 664497400c89a4d40aee51bcf48bbd2e4dc71104 ]

A successful call to wil_tx_ring takes skb reference so
it will only be freed in wil_tx_complete. Consume the skb
in wil_find_tx_bcast_2 to prevent memory leak.

Signed-off-by: Lior David <liord@codeaurora.org>
Signed-off-by: Maya Erez <merez@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/ath/wil6210/txrx.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/wireless/ath/wil6210/txrx.c b/drivers/net/wireless/ath/wil6210/txrx.c
index 6a7943e487fb..75c8aa297107 100644
--- a/drivers/net/wireless/ath/wil6210/txrx.c
+++ b/drivers/net/wireless/ath/wil6210/txrx.c
@@ -1313,6 +1313,8 @@ static struct wil_ring *wil_find_tx_bcast_2(struct wil6210_priv *wil,
 			wil_dbg_txrx(wil, "BCAST DUP -> ring %d\n", i);
 			wil_set_da_for_vring(wil, skb2, i);
 			wil_tx_ring(wil, vif, v2, skb2);
+			/* successful call to wil_tx_ring takes skb2 ref */
+			dev_kfree_skb_any(skb2);
 		} else {
 			wil_err(wil, "skb_copy failed\n");
 		}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 013/258] ath10k: assign 'n_cipher_suites' for WCN3990
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (10 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 012/258] wil6210: fix memory leak in wil_find_tx_bcast_2 Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 014/258] ath9k: dynack: use authentication messages for 'late' ack Sasha Levin
                   ` (244 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Brian Norris, Rakesh Pillai, Govind Singh, Kalle Valo,
	Sasha Levin, ath10k, linux-wireless, netdev

From: Brian Norris <briannorris@chromium.org>

[ Upstream commit 2bd345cd2bfc0bd44528896313c0b45f087bdf67 ]

Commit 2ea9f12cefe4 ("ath10k: add new cipher suite support") added a new
n_cipher_suites HW param with a fallback value and a warning log. Commit
03a72288c546 ("ath10k: wmi: add hw params entry for wcn3990") later
added WCN3990 HW entries, but it missed the n_cipher_suites.

Rather than seeing this warning every boot

  ath10k_snoc 18800000.wifi: invalid hw_params.n_cipher_suites 0

let's provide the appropriate value.

Cc: Rakesh Pillai <pillair@qti.qualcomm.com>
Cc: Govind Singh <govinds@qti.qualcomm.com>
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/ath/ath10k/core.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/wireless/ath/ath10k/core.c b/drivers/net/wireless/ath/ath10k/core.c
index c40cd129afe7..5210cffb5344 100644
--- a/drivers/net/wireless/ath/ath10k/core.c
+++ b/drivers/net/wireless/ath/ath10k/core.c
@@ -532,6 +532,7 @@ static const struct ath10k_hw_params ath10k_hw_params_list[] = {
 		.hw_ops = &wcn3990_ops,
 		.decap_align_bytes = 1,
 		.num_peers = TARGET_HL_10_TLV_NUM_PEERS,
+		.n_cipher_suites = 8,
 		.ast_skid_limit = TARGET_HL_10_TLV_AST_SKID_LIMIT,
 		.num_wds_entries = TARGET_HL_10_TLV_NUM_WDS_ENTRIES,
 		.target_64bit = true,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 014/258] ath9k: dynack: use authentication messages for 'late' ack
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (11 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 013/258] ath10k: assign 'n_cipher_suites' for WCN3990 Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 015/258] scsi: lpfc: Correct LCB RJT handling Sasha Levin
                   ` (243 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lorenzo Bianconi, Kalle Valo, Sasha Levin, linux-wireless, netdev

From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>

[ Upstream commit 3831a2a0010c72e3956020cbf1057a1701a2e469 ]

In order to properly support dynack in ad-hoc mode running
wpa_supplicant, take into account authentication frames for
'late ack' detection. This patch has been tested on devices
mounted on offshore high-voltage stations connected through
~24Km link

Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/ath/ath9k/dynack.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/wireless/ath/ath9k/dynack.c b/drivers/net/wireless/ath/ath9k/dynack.c
index 7334c9b09e82..cc0dc966c512 100644
--- a/drivers/net/wireless/ath/ath9k/dynack.c
+++ b/drivers/net/wireless/ath/ath9k/dynack.c
@@ -187,7 +187,8 @@ void ath_dynack_sample_tx_ts(struct ath_hw *ah, struct sk_buff *skb,
 	/* late ACK */
 	if (ts->ts_status & ATH9K_TXERR_XRETRY) {
 		if (ieee80211_is_assoc_req(hdr->frame_control) ||
-		    ieee80211_is_assoc_resp(hdr->frame_control)) {
+		    ieee80211_is_assoc_resp(hdr->frame_control) ||
+		    ieee80211_is_auth(hdr->frame_control)) {
 			ath_dbg(common, DYNACK, "late ack\n");
 			ath9k_hw_setslottime(ah, (LATEACK_TO - 3) / 2);
 			ath9k_hw_set_ack_timeout(ah, LATEACK_TO);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 015/258] scsi: lpfc: Correct LCB RJT handling
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (12 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 014/258] ath9k: dynack: use authentication messages for 'late' ack Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 016/258] scsi: mpt3sas: Call sas_remove_host before removing the target devices Sasha Levin
                   ` (242 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: James Smart, Dick Kennedy, Martin K . Petersen, Sasha Levin, linux-scsi

From: James Smart <jsmart2021@gmail.com>

[ Upstream commit b114d9009d386276bfc3352289fc235781ae3353 ]

When LCB's are rejected, if beaconing was already in progress, the
Reason Code Explanation was not being set. Should have been set to
command in progress.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/lpfc/lpfc_els.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 4dda969e947c..56a4f626349c 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -5701,6 +5701,9 @@ lpfc_els_lcb_rsp(struct lpfc_hba *phba, LPFC_MBOXQ_t *pmb)
 	stat = (struct ls_rjt *)(pcmd + sizeof(uint32_t));
 	stat->un.b.lsRjtRsnCode = LSRJT_UNABLE_TPC;
 
+	if (shdr_add_status == ADD_STATUS_OPERATION_ALREADY_ACTIVE)
+		stat->un.b.lsRjtRsnCodeExp = LSEXP_CMD_IN_PROGRESS;
+
 	elsiocb->iocb_cmpl = lpfc_cmpl_els_rsp;
 	phba->fc_stat.elsXmitLSRJT++;
 	rc = lpfc_sli_issue_iocb(phba, LPFC_ELS_RING, elsiocb, 0);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 016/258] scsi: mpt3sas: Call sas_remove_host before removing the target devices
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (13 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 015/258] scsi: lpfc: Correct LCB RJT handling Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 017/258] scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event Sasha Levin
                   ` (241 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Suganath Prabu, Martin K . Petersen, Sasha Levin,
	MPT-FusionLinux.pdl, linux-scsi

From: Suganath Prabu <suganath-prabu.subramani@broadcom.com>

[ Upstream commit dc730212e8a378763cb182b889f90c8101331332 ]

Call sas_remove_host() before removing the target devices in the driver's
.remove() callback function(i.e. during driver unload time).  So that
driver can provide a way to allow SYNC CACHE, START STOP unit commands
etc. (which are issued from SML) to the target drives during driver unload
time.

Once sas_remove_host() is called before removing the target drives then
driver can just clean up the resources allocated for target devices and no
need to call sas_port_delete_phy(), sas_port_delete() API's as these API's
internally called from sas_remove_host().

Signed-off-by: Suganath Prabu <suganath-prabu.subramani@broadcom.com>
Reviewed-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/mpt3sas/mpt3sas_scsih.c     | 2 +-
 drivers/scsi/mpt3sas/mpt3sas_transport.c | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
index 53133cfd420f..622832e55211 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
@@ -9809,6 +9809,7 @@ static void scsih_remove(struct pci_dev *pdev)
 
 	/* release all the volumes */
 	_scsih_ir_shutdown(ioc);
+	sas_remove_host(shost);
 	list_for_each_entry_safe(raid_device, next, &ioc->raid_device_list,
 	    list) {
 		if (raid_device->starget) {
@@ -9851,7 +9852,6 @@ static void scsih_remove(struct pci_dev *pdev)
 		ioc->sas_hba.num_phys = 0;
 	}
 
-	sas_remove_host(shost);
 	mpt3sas_base_detach(ioc);
 	spin_lock(&gioc_lock);
 	list_del(&ioc->list);
diff --git a/drivers/scsi/mpt3sas/mpt3sas_transport.c b/drivers/scsi/mpt3sas/mpt3sas_transport.c
index f8cc2677c1cd..20d36061c217 100644
--- a/drivers/scsi/mpt3sas/mpt3sas_transport.c
+++ b/drivers/scsi/mpt3sas/mpt3sas_transport.c
@@ -834,10 +834,13 @@ mpt3sas_transport_port_remove(struct MPT3SAS_ADAPTER *ioc, u64 sas_address,
 			    mpt3sas_port->remote_identify.sas_address,
 			    mpt3sas_phy->phy_id);
 		mpt3sas_phy->phy_belongs_to_port = 0;
-		sas_port_delete_phy(mpt3sas_port->port, mpt3sas_phy->phy);
+		if (!ioc->remove_host)
+			sas_port_delete_phy(mpt3sas_port->port,
+						mpt3sas_phy->phy);
 		list_del(&mpt3sas_phy->port_siblings);
 	}
-	sas_port_delete(mpt3sas_port->port);
+	if (!ioc->remove_host)
+		sas_port_delete(mpt3sas_port->port);
 	kfree(mpt3sas_port);
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 017/258] scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (14 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 016/258] scsi: mpt3sas: Call sas_remove_host before removing the target devices Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 018/258] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Sasha Levin
                   ` (240 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: James Smart, Dick Kennedy, Martin K . Petersen, Sasha Levin, linux-scsi

From: James Smart <jsmart2021@gmail.com>

[ Upstream commit 30e196cacefdd9a38c857caed23cefc9621bc5c1 ]

After a LOGO in response to an ABTS timeout, a PLOGI wasn't issued to
re-establish the login.  An nlp_type check in the LOGO completion
handler failed to restart discovery for NVME targets.  Revised the
nlp_type check for NVME as well as SCSI.

While reviewing the LOGO handling a few other issues were seen and
were addressed:

- Better lock synchronization around ndlp data types

- When the ABTS times out, unregister the RPI before sending the LOGO
  so that all local exchange contexts are cleared and nothing received
  while awaiting LOGO/PLOGI handling will be accepted.

- LOGO handling optimized to:
   Wait only R_A_TOV for a response.
   It doesn't need to be retried on timeout. If there wasn't a
     response, a PLOGI will be sent, thus an implicit logout
     applies as well when the other port sees it.
   If there is a response, any kind of response is considered "good"
     and the XRI quarantined for a exchange qualifier window.

- PLOGI is issued as soon a LOGO state is resolved.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/lpfc/lpfc_els.c       | 49 +++++++++++++-----------------
 drivers/scsi/lpfc/lpfc_nportdisc.c |  5 +++
 2 files changed, 26 insertions(+), 28 deletions(-)

diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c
index 56a4f626349c..0d214e6b8e9a 100644
--- a/drivers/scsi/lpfc/lpfc_els.c
+++ b/drivers/scsi/lpfc/lpfc_els.c
@@ -242,6 +242,8 @@ lpfc_prep_els_iocb(struct lpfc_vport *vport, uint8_t expectRsp,
 		icmd->ulpCommand = CMD_ELS_REQUEST64_CR;
 		if (elscmd == ELS_CMD_FLOGI)
 			icmd->ulpTimeout = FF_DEF_RATOV * 2;
+		else if (elscmd == ELS_CMD_LOGO)
+			icmd->ulpTimeout = phba->fc_ratov;
 		else
 			icmd->ulpTimeout = phba->fc_ratov * 2;
 	} else {
@@ -2682,16 +2684,15 @@ lpfc_cmpl_els_logo(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
 		goto out;
 	}
 
+	/* The LOGO will not be retried on failure.  A LOGO was
+	 * issued to the remote rport and a ACC or RJT or no Answer are
+	 * all acceptable.  Note the failure and move forward with
+	 * discovery.  The PLOGI will retry.
+	 */
 	if (irsp->ulpStatus) {
-		/* Check for retry */
-		if (lpfc_els_retry(phba, cmdiocb, rspiocb)) {
-			/* ELS command is being retried */
-			skip_recovery = 1;
-			goto out;
-		}
 		/* LOGO failed */
 		lpfc_printf_vlog(vport, KERN_ERR, LOG_ELS,
-				 "2756 LOGO failure DID:%06X Status:x%x/x%x\n",
+				 "2756 LOGO failure, No Retry DID:%06X Status:x%x/x%x\n",
 				 ndlp->nlp_DID, irsp->ulpStatus,
 				 irsp->un.ulpWord[4]);
 		/* Do not call DSM for lpfc_els_abort'ed ELS cmds */
@@ -2737,7 +2738,8 @@ lpfc_cmpl_els_logo(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
 	 * For any other port type, the rpi is unregistered as an implicit
 	 * LOGO.
 	 */
-	if ((ndlp->nlp_type & NLP_FCP_TARGET) && (skip_recovery == 0)) {
+	if (ndlp->nlp_type & (NLP_FCP_TARGET | NLP_NVME_TARGET) &&
+	    skip_recovery == 0) {
 		lpfc_cancel_retry_delay_tmo(vport, ndlp);
 		spin_lock_irqsave(shost->host_lock, flags);
 		ndlp->nlp_flag |= NLP_NPR_2B_DISC;
@@ -2770,6 +2772,8 @@ lpfc_cmpl_els_logo(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb,
  * will be stored into the context1 field of the IOCB for the completion
  * callback function to the LOGO ELS command.
  *
+ * Callers of this routine are expected to unregister the RPI first
+ *
  * Return code
  *   0 - successfully issued logo
  *   1 - failed to issue logo
@@ -2811,22 +2815,6 @@ lpfc_issue_els_logo(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp,
 		"Issue LOGO:      did:x%x",
 		ndlp->nlp_DID, 0, 0);
 
-	/*
-	 * If we are issuing a LOGO, we may try to recover the remote NPort
-	 * by issuing a PLOGI later. Even though we issue ELS cmds by the
-	 * VPI, if we have a valid RPI, and that RPI gets unreg'ed while
-	 * that ELS command is in-flight, the HBA returns a IOERR_INVALID_RPI
-	 * for that ELS cmd. To avoid this situation, lets get rid of the
-	 * RPI right now, before any ELS cmds are sent.
-	 */
-	spin_lock_irq(shost->host_lock);
-	ndlp->nlp_flag |= NLP_ISSUE_LOGO;
-	spin_unlock_irq(shost->host_lock);
-	if (lpfc_unreg_rpi(vport, ndlp)) {
-		lpfc_els_free_iocb(phba, elsiocb);
-		return 0;
-	}
-
 	phba->fc_stat.elsXmitLOGO++;
 	elsiocb->iocb_cmpl = lpfc_cmpl_els_logo;
 	spin_lock_irq(shost->host_lock);
@@ -2834,7 +2822,6 @@ lpfc_issue_els_logo(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp,
 	ndlp->nlp_flag &= ~NLP_ISSUE_LOGO;
 	spin_unlock_irq(shost->host_lock);
 	rc = lpfc_sli_issue_iocb(phba, LPFC_ELS_RING, elsiocb, 0);
-
 	if (rc == IOCB_ERROR) {
 		spin_lock_irq(shost->host_lock);
 		ndlp->nlp_flag &= ~NLP_LOGO_SND;
@@ -2842,6 +2829,11 @@ lpfc_issue_els_logo(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp,
 		lpfc_els_free_iocb(phba, elsiocb);
 		return 1;
 	}
+
+	spin_lock_irq(shost->host_lock);
+	ndlp->nlp_prev_state = ndlp->nlp_state;
+	spin_unlock_irq(shost->host_lock);
+	lpfc_nlp_set_state(vport, ndlp, NLP_STE_LOGO_ISSUE);
 	return 0;
 }
 
@@ -9505,7 +9497,8 @@ lpfc_sli_abts_recover_port(struct lpfc_vport *vport,
 				"rport in state 0x%x\n", ndlp->nlp_state);
 		return;
 	}
-	lpfc_printf_log(phba, KERN_INFO, LOG_SLI,
+	lpfc_printf_log(phba, KERN_ERR,
+			LOG_ELS | LOG_FCP_ERROR | LOG_NVME_IOERR,
 			"3094 Start rport recovery on shost id 0x%x "
 			"fc_id 0x%06x vpi 0x%x rpi 0x%x state 0x%x "
 			"flags 0x%x\n",
@@ -9518,8 +9511,8 @@ lpfc_sli_abts_recover_port(struct lpfc_vport *vport,
 	 */
 	spin_lock_irqsave(shost->host_lock, flags);
 	ndlp->nlp_fcp_info &= ~NLP_FCP_2_DEVICE;
+	ndlp->nlp_flag |= NLP_ISSUE_LOGO;
 	spin_unlock_irqrestore(shost->host_lock, flags);
-	lpfc_issue_els_logo(vport, ndlp, 0);
-	lpfc_nlp_set_state(vport, ndlp, NLP_STE_LOGO_ISSUE);
+	lpfc_unreg_rpi(vport, ndlp);
 }
 
diff --git a/drivers/scsi/lpfc/lpfc_nportdisc.c b/drivers/scsi/lpfc/lpfc_nportdisc.c
index bd9bce9d9974..a6619fd8238c 100644
--- a/drivers/scsi/lpfc/lpfc_nportdisc.c
+++ b/drivers/scsi/lpfc/lpfc_nportdisc.c
@@ -836,7 +836,9 @@ lpfc_disc_set_adisc(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp)
 	struct Scsi_Host *shost = lpfc_shost_from_vport(vport);
 
 	if (!(ndlp->nlp_flag & NLP_RPI_REGISTERED)) {
+		spin_lock_irq(shost->host_lock);
 		ndlp->nlp_flag &= ~NLP_NPR_ADISC;
+		spin_unlock_irq(shost->host_lock);
 		return 0;
 	}
 
@@ -851,7 +853,10 @@ lpfc_disc_set_adisc(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp)
 			return 1;
 		}
 	}
+
+	spin_lock_irq(shost->host_lock);
 	ndlp->nlp_flag &= ~NLP_NPR_ADISC;
+	spin_unlock_irq(shost->host_lock);
 	lpfc_unreg_rpi(vport, ndlp);
 	return 0;
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 018/258] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (15 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 017/258] scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 019/258] ARM: 8808/1: kexec:offline panic_smp_self_stop CPU Sasha Levin
                   ` (239 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: João Paulo Rechi Vita, João Paulo Rechi Vita,
	Andy Shevchenko, Sasha Levin, acpi4asus-user,
	platform-driver-x86

From: João Paulo Rechi Vita <jprvita@gmail.com>

[ Upstream commit b3f2f3799a972d3863d0fdc2ab6287aef6ca631f ]

When the OS registers to handle events from the display off hotkey the
EC will send a notification with 0x35 for every key press, independent
of the backlight state.

The behavior of this key on Windows, with the ATKACPI driver from Asus
installed, is turning off the backlight of all connected displays with a
fading effect, and any cursor input or key press turning the backlight
back on. The key press or cursor input that wakes up the display is also
passed through to the application under the cursor or under focus.

The key that matches this behavior the closest is KEY_SCREENLOCK.

Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/platform/x86/asus-nb-wmi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/platform/x86/asus-nb-wmi.c b/drivers/platform/x86/asus-nb-wmi.c
index db2af09067db..5a00a7665f9b 100644
--- a/drivers/platform/x86/asus-nb-wmi.c
+++ b/drivers/platform/x86/asus-nb-wmi.c
@@ -444,6 +444,7 @@ static const struct key_entry asus_nb_wmi_keymap[] = {
 	{ KE_KEY, 0x32, { KEY_MUTE } },
 	{ KE_KEY, 0x33, { KEY_DISPLAYTOGGLE } }, /* LCD on */
 	{ KE_KEY, 0x34, { KEY_DISPLAY_OFF } }, /* LCD off */
+	{ KE_KEY, 0x35, { KEY_SCREENLOCK } },
 	{ KE_KEY, 0x40, { KEY_PREVIOUSSONG } },
 	{ KE_KEY, 0x41, { KEY_NEXTSONG } },
 	{ KE_KEY, 0x43, { KEY_STOPCD } }, /* Stop/Eject */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 019/258] ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (16 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 018/258] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 020/258] clk: boston: fix possible memory leak in clk_boston_setup() Sasha Levin
                   ` (238 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Yufen Wang, Russell King, Sasha Levin

From: Yufen Wang <wangyufen@huawei.com>

[ Upstream commit 82c08c3e7f171aa7f579b231d0abbc1d62e91974 ]

In case panic() and panic() called at the same time on different CPUS.
For example:
CPU 0:
  panic()
     __crash_kexec
       machine_crash_shutdown
         crash_smp_send_stop
       machine_kexec
         BUG_ON(num_online_cpus() > 1);

CPU 1:
  panic()
    local_irq_disable
    panic_smp_self_stop

If CPU 1 calls panic_smp_self_stop() before crash_smp_send_stop(), kdump
fails. CPU1 can't receive the ipi irq, CPU1 will be always online.
To fix this problem, this patch split out the panic_smp_self_stop()
and add set_cpu_online(smp_processor_id(), false).

Signed-off-by: Yufen Wang <wangyufen@huawei.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/kernel/smp.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
index 0978282d5fc2..f574a5e0d589 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -693,6 +693,21 @@ void smp_send_stop(void)
 		pr_warn("SMP: failed to stop secondary CPUs\n");
 }
 
+/* In case panic() and panic() called at the same time on CPU1 and CPU2,
+ * and CPU 1 calls panic_smp_self_stop() before crash_smp_send_stop()
+ * CPU1 can't receive the ipi irqs from CPU2, CPU1 will be always online,
+ * kdump fails. So split out the panic_smp_self_stop() and add
+ * set_cpu_online(smp_processor_id(), false).
+ */
+void panic_smp_self_stop(void)
+{
+	pr_debug("CPU %u will stop doing anything useful since another CPU has paniced\n",
+	         smp_processor_id());
+	set_cpu_online(smp_processor_id(), false);
+	while (1)
+		cpu_relax();
+}
+
 /*
  * not supported here
  */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 020/258] clk: boston: fix possible memory leak in clk_boston_setup()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (17 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 019/258] ARM: 8808/1: kexec:offline panic_smp_self_stop CPU Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 021/258] dlm: Don't swamp the CPU with callbacks queued during recovery Sasha Levin
                   ` (237 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Yi Wang, Stephen Boyd, Sasha Levin, linux-mips, linux-clk

From: Yi Wang <wang.yi59@zte.com.cn>

[ Upstream commit 46fda5b5067a391912cf73bf3d32c26b6a22ad09 ]

Smatch report warnings:
drivers/clk/imgtec/clk-boston.c:76 clk_boston_setup() warn: possible memory leak of 'onecell'
drivers/clk/imgtec/clk-boston.c:83 clk_boston_setup() warn: possible memory leak of 'onecell'
drivers/clk/imgtec/clk-boston.c:90 clk_boston_setup() warn: possible memory leak of 'onecell'

'onecell' is malloced in clk_boston_setup(), but not be freed
before leaving from the error handling cases.

Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/clk/imgtec/clk-boston.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/clk/imgtec/clk-boston.c b/drivers/clk/imgtec/clk-boston.c
index 15af423cc0c9..f5d54a64d33c 100644
--- a/drivers/clk/imgtec/clk-boston.c
+++ b/drivers/clk/imgtec/clk-boston.c
@@ -73,27 +73,32 @@ static void __init clk_boston_setup(struct device_node *np)
 	hw = clk_hw_register_fixed_rate(NULL, "input", NULL, 0, in_freq);
 	if (IS_ERR(hw)) {
 		pr_err("failed to register input clock: %ld\n", PTR_ERR(hw));
-		return;
+		goto error;
 	}
 	onecell->hws[BOSTON_CLK_INPUT] = hw;
 
 	hw = clk_hw_register_fixed_rate(NULL, "sys", "input", 0, sys_freq);
 	if (IS_ERR(hw)) {
 		pr_err("failed to register sys clock: %ld\n", PTR_ERR(hw));
-		return;
+		goto error;
 	}
 	onecell->hws[BOSTON_CLK_SYS] = hw;
 
 	hw = clk_hw_register_fixed_rate(NULL, "cpu", "input", 0, cpu_freq);
 	if (IS_ERR(hw)) {
 		pr_err("failed to register cpu clock: %ld\n", PTR_ERR(hw));
-		return;
+		goto error;
 	}
 	onecell->hws[BOSTON_CLK_CPU] = hw;
 
 	err = of_clk_add_hw_provider(np, of_clk_hw_onecell_get, onecell);
 	if (err)
 		pr_err("failed to add DT provider: %d\n", err);
+
+	return;
+
+error:
+	kfree(onecell);
 }
 
 /*
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 021/258] dlm: Don't swamp the CPU with callbacks queued during recovery
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (18 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 020/258] clk: boston: fix possible memory leak in clk_boston_setup() Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 022/258] x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) Sasha Levin
                   ` (236 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Bob Peterson, David Teigland, Sasha Levin, cluster-devel

From: Bob Peterson <rpeterso@redhat.com>

[ Upstream commit 216f0efd19b9cc32207934fd1b87a45f2c4c593e ]

Before this patch, recovery would cause all callbacks to be delayed,
put on a queue, and afterward they were all queued to the callback
work queue. This patch does the same thing, but occasionally takes
a break after 25 of them so it won't swamp the CPU at the expense
of other RT processes like corosync.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/dlm/ast.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/fs/dlm/ast.c b/fs/dlm/ast.c
index 562fa8c3edff..47ee66d70109 100644
--- a/fs/dlm/ast.c
+++ b/fs/dlm/ast.c
@@ -292,6 +292,8 @@ void dlm_callback_suspend(struct dlm_ls *ls)
 		flush_workqueue(ls->ls_callback_wq);
 }
 
+#define MAX_CB_QUEUE 25
+
 void dlm_callback_resume(struct dlm_ls *ls)
 {
 	struct dlm_lkb *lkb, *safe;
@@ -302,15 +304,23 @@ void dlm_callback_resume(struct dlm_ls *ls)
 	if (!ls->ls_callback_wq)
 		return;
 
+more:
 	mutex_lock(&ls->ls_cb_mutex);
 	list_for_each_entry_safe(lkb, safe, &ls->ls_cb_delay, lkb_cb_list) {
 		list_del_init(&lkb->lkb_cb_list);
 		queue_work(ls->ls_callback_wq, &lkb->lkb_cb_work);
 		count++;
+		if (count == MAX_CB_QUEUE)
+			break;
 	}
 	mutex_unlock(&ls->ls_cb_mutex);
 
 	if (count)
 		log_rinfo(ls, "dlm_callback_resume %d", count);
+	if (count == MAX_CB_QUEUE) {
+		count = 0;
+		cond_resched();
+		goto more;
+	}
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 022/258] x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (19 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 021/258] dlm: Don't swamp the CPU with callbacks queued during recovery Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 023/258] powerpc/pseries: add of_node_put() in dlpar_detach_node() Sasha Levin
                   ` (235 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Colin Ian King, Bjorn Helgaas, Sasha Levin, linux-pci

From: Colin Ian King <colin.king@canonical.com>

[ Upstream commit 53bb565fc5439f2c8c57a786feea5946804aa3e9 ]

In the expression "word1 << 16", word1 starts as u16, but is promoted to a
signed int, then sign-extended to resource_size_t, which is probably not
what was intended.  Cast to resource_size_t to avoid the sign extension.

This fixes an identical issue as fixed by commit 0b2d70764bb3 ("x86/PCI:
Fix Broadcom CNB20LE unintended sign extension") back in 2014.

Detected by CoverityScan, CID#138749, 138750 ("Unintended sign extension")

Fixes: 3f6ea84a3035 ("PCI: read memory ranges out of Broadcom CNB20LE host bridge")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Bjorn Helgaas <helgaas@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/pci/broadcom_bus.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/pci/broadcom_bus.c b/arch/x86/pci/broadcom_bus.c
index 526536c81ddc..ca1e8e6dccc8 100644
--- a/arch/x86/pci/broadcom_bus.c
+++ b/arch/x86/pci/broadcom_bus.c
@@ -50,8 +50,8 @@ static void __init cnb20le_res(u8 bus, u8 slot, u8 func)
 	word1 = read_pci_config_16(bus, slot, func, 0xc0);
 	word2 = read_pci_config_16(bus, slot, func, 0xc2);
 	if (word1 != word2) {
-		res.start = (word1 << 16) | 0x0000;
-		res.end   = (word2 << 16) | 0xffff;
+		res.start = ((resource_size_t) word1 << 16) | 0x0000;
+		res.end   = ((resource_size_t) word2 << 16) | 0xffff;
 		res.flags = IORESOURCE_MEM;
 		update_res(info, res.start, res.end, res.flags, 0);
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 023/258] powerpc/pseries: add of_node_put() in dlpar_detach_node()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (20 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 022/258] x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 024/258] srcu: Prevent __call_srcu() counter wrap with read-side critical section Sasha Levin
                   ` (234 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Frank Rowand, Sasha Levin, linuxppc-dev

From: Frank Rowand <frank.rowand@sony.com>

[ Upstream commit 5b3f5c408d8cc59b87e47f1ab9803dbd006e4a91 ]

The previous commit, "of: overlay: add missing of_node_get() in
__of_attach_node_sysfs" added a missing of_node_get() to
__of_attach_node_sysfs().  This results in a refcount imbalance
for nodes attached with dlpar_attach_node().  The calling sequence
from dlpar_attach_node() to __of_attach_node_sysfs() is:

   dlpar_attach_node()
      of_attach_node()
         __of_attach_node_sysfs()

For more detailed description of the node refcount, see
commit 68baf692c435 ("powerpc/pseries: Fix of_node_put() underflow
during DLPAR remove").

Tested-by: Alan Tull <atull@kernel.org>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/platforms/pseries/dlpar.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/arch/powerpc/platforms/pseries/dlpar.c b/arch/powerpc/platforms/pseries/dlpar.c
index a0b20c03f078..e3010b14aea5 100644
--- a/arch/powerpc/platforms/pseries/dlpar.c
+++ b/arch/powerpc/platforms/pseries/dlpar.c
@@ -272,6 +272,8 @@ int dlpar_detach_node(struct device_node *dn)
 	if (rc)
 		return rc;
 
+	of_node_put(dn);
+
 	return 0;
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 024/258] srcu: Prevent __call_srcu() counter wrap with read-side critical section
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (21 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 023/258] powerpc/pseries: add of_node_put() in dlpar_detach_node() Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 025/258] of: overlay: do not duplicate properties from overlay for new nodes Sasha Levin
                   ` (233 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Paul E. McKenney, Sasha Levin

From: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>

[ Upstream commit 0607ba8403c4cdb253f8c5200ecf654dfb7790cc ]

Ever since cdf7abc4610a ("srcu: Allow use of Tiny/Tree SRCU from
both process and interrupt context"), it has been permissible
to use SRCU read-side critical sections in interrupt context.
This allows __call_srcu() to use SRCU read-side critical sections to
prevent a new SRCU grace period from ending before the call to either
srcu_funnel_gp_start() or srcu_funnel_exp_start completes, thus preventing
SRCU grace-period counter overflow during that time.

Note that this does not permit removal of the counter-wrap checks in
srcu_gp_end().  These check are necessary to handle the case where
a given CPU does not interact at all with SRCU for an extended time
period.

This commit therefore adds an SRCU read-side critical section to
__call_srcu() in order to prevent grace period counter wrap during
the funnel-locking process.

Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/rcu/srcutree.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/rcu/srcutree.c b/kernel/rcu/srcutree.c
index 1ff17e297f0c..4b0a6e319b2c 100644
--- a/kernel/rcu/srcutree.c
+++ b/kernel/rcu/srcutree.c
@@ -853,6 +853,7 @@ void __call_srcu(struct srcu_struct *sp, struct rcu_head *rhp,
 		 rcu_callback_t func, bool do_norm)
 {
 	unsigned long flags;
+	int idx;
 	bool needexp = false;
 	bool needgp = false;
 	unsigned long s;
@@ -866,6 +867,7 @@ void __call_srcu(struct srcu_struct *sp, struct rcu_head *rhp,
 		return;
 	}
 	rhp->func = func;
+	idx = srcu_read_lock(sp);
 	local_irq_save(flags);
 	sdp = this_cpu_ptr(sp->sda);
 	spin_lock_rcu_node(sdp);
@@ -887,6 +889,7 @@ void __call_srcu(struct srcu_struct *sp, struct rcu_head *rhp,
 		srcu_funnel_gp_start(sp, sdp, s, do_norm);
 	else if (needexp)
 		srcu_funnel_exp_start(sp, sdp->mynode, s);
+	srcu_read_unlock(sp, idx);
 }
 
 /**
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 025/258] of: overlay: do not duplicate properties from overlay for new nodes
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (22 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 024/258] srcu: Prevent __call_srcu() counter wrap with read-side critical section Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 026/258] crypto: aes_ti - disable interrupts while accessing S-box Sasha Levin
                   ` (232 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Frank Rowand, Sasha Levin, devicetree

From: Frank Rowand <frank.rowand@sony.com>

[ Upstream commit 8814dc46bd9e347d4de55ec5bf8f16ea54470499 ]

When allocating a new node, add_changeset_node() was duplicating the
properties from the respective node in the overlay instead of
allocating a node with no properties.

When this patch is applied the errors reported by the devictree
unittest from patch "of: overlay: add tests to validate kfrees from
overlay removal" will no longer occur.  These error messages are of
the form:

   "OF: ERROR: ..."

and the unittest results will change from:

   ### dt-test ### end of unittest - 203 passed, 7 failed

to

   ### dt-test ### end of unittest - 210 passed, 0 failed

Tested-by: Alan Tull <atull@kernel.org>
Signed-off-by: Frank Rowand <frank.rowand@sony.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/of/overlay.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index baa9cee6fa2c..4b834518596f 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -368,7 +368,7 @@ static int add_changeset_node(struct overlay_changeset *ovcs,
 			break;
 
 	if (!tchild) {
-		tchild = __of_node_dup(node, node_kbasename);
+		tchild = __of_node_dup(NULL, node_kbasename);
 		if (!tchild)
 			return -ENOMEM;
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 026/258] crypto: aes_ti - disable interrupts while accessing S-box
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (23 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 025/258] of: overlay: do not duplicate properties from overlay for new nodes Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 027/258] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE Sasha Levin
                   ` (231 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Eric Biggers, Herbert Xu, Sasha Levin, linux-crypto

From: Eric Biggers <ebiggers@google.com>

[ Upstream commit 0a6a40c2a8c184a2fb467efacfb1cd338d719e0b ]

In the "aes-fixed-time" AES implementation, disable interrupts while
accessing the S-box, in order to make cache-timing attacks more
difficult.  Previously it was possible for the CPU to be interrupted
while the S-box was loaded into L1 cache, potentially evicting the
cachelines and causing later table lookups to be time-variant.

In tests I did on x86 and ARM, this doesn't affect performance
significantly.  Responsiveness is potentially a concern, but interrupts
are only disabled for a single AES block.

Note that even after this change, the implementation still isn't
necessarily guaranteed to be constant-time; see
https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
of the many difficulties involved in writing truly constant-time AES
software.  But it's valuable to make such attacks more difficult.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 crypto/Kconfig  |  3 ++-
 crypto/aes_ti.c | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 59e32623a7ce..0fb9586766a7 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1056,7 +1056,8 @@ config CRYPTO_AES_TI
 	  8 for decryption), this implementation only uses just two S-boxes of
 	  256 bytes each, and attempts to eliminate data dependent latencies by
 	  prefetching the entire table into the cache at the start of each
-	  block.
+	  block. Interrupts are also disabled to avoid races where cachelines
+	  are evicted when the CPU is interrupted to do something else.
 
 config CRYPTO_AES_586
 	tristate "AES cipher algorithms (i586)"
diff --git a/crypto/aes_ti.c b/crypto/aes_ti.c
index 03023b2290e8..1ff9785b30f5 100644
--- a/crypto/aes_ti.c
+++ b/crypto/aes_ti.c
@@ -269,6 +269,7 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	const u32 *rkp = ctx->key_enc + 4;
 	int rounds = 6 + ctx->key_length / 4;
 	u32 st0[4], st1[4];
+	unsigned long flags;
 	int round;
 
 	st0[0] = ctx->key_enc[0] ^ get_unaligned_le32(in);
@@ -276,6 +277,12 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	st0[2] = ctx->key_enc[2] ^ get_unaligned_le32(in + 8);
 	st0[3] = ctx->key_enc[3] ^ get_unaligned_le32(in + 12);
 
+	/*
+	 * Temporarily disable interrupts to avoid races where cachelines are
+	 * evicted when the CPU is interrupted to do something else.
+	 */
+	local_irq_save(flags);
+
 	st0[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128];
 	st0[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160];
 	st0[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192];
@@ -300,6 +307,8 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	put_unaligned_le32(subshift(st1, 1) ^ rkp[5], out + 4);
 	put_unaligned_le32(subshift(st1, 2) ^ rkp[6], out + 8);
 	put_unaligned_le32(subshift(st1, 3) ^ rkp[7], out + 12);
+
+	local_irq_restore(flags);
 }
 
 static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
@@ -308,6 +317,7 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	const u32 *rkp = ctx->key_dec + 4;
 	int rounds = 6 + ctx->key_length / 4;
 	u32 st0[4], st1[4];
+	unsigned long flags;
 	int round;
 
 	st0[0] = ctx->key_dec[0] ^ get_unaligned_le32(in);
@@ -315,6 +325,12 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	st0[2] = ctx->key_dec[2] ^ get_unaligned_le32(in + 8);
 	st0[3] = ctx->key_dec[3] ^ get_unaligned_le32(in + 12);
 
+	/*
+	 * Temporarily disable interrupts to avoid races where cachelines are
+	 * evicted when the CPU is interrupted to do something else.
+	 */
+	local_irq_save(flags);
+
 	st0[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128];
 	st0[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160];
 	st0[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192];
@@ -339,6 +355,8 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	put_unaligned_le32(inv_subshift(st1, 1) ^ rkp[5], out + 4);
 	put_unaligned_le32(inv_subshift(st1, 2) ^ rkp[6], out + 8);
 	put_unaligned_le32(inv_subshift(st1, 3) ^ rkp[7], out + 12);
+
+	local_irq_restore(flags);
 }
 
 static struct crypto_alg aes_alg = {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 027/258] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (24 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 026/258] crypto: aes_ti - disable interrupts while accessing S-box Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 028/258] serial: fsl_lpuart: clear parity enable bit when disable parity Sasha Levin
                   ` (230 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Boris Brezillon, Sasha Levin, dri-devel

From: Boris Brezillon <boris.brezillon@bootlin.com>

[ Upstream commit 0560054da5673b25d56bea6c57c8d069673af73b ]

For the YUV conversion to work properly, ->x_scaling[1] should never
be set to VC4_SCALING_NONE, but vc4_get_scaling_mode() might return
VC4_SCALING_NONE if the horizontal scaling ratio exactly matches the
horizontal subsampling factor. Add a test to turn VC4_SCALING_NONE
into VC4_SCALING_PPF when that happens.

The old ->x_scaling[0] adjustment is dropped as I couldn't find any
mention to this constraint in the spec and it's proven to be
unnecessary (I tested various multi-planar YUV formats with scaling
disabled, and all of them worked fine without this adjustment).

Fixes: fc04023fafec ("drm/vc4: Add support for YUV planes.")
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Link: https://patchwork.freedesktop.org/patch/msgid/20181109102633.32603-1-boris.brezillon@bootlin.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/vc4/vc4_plane.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c
index 629f40424bba..ab39315c9078 100644
--- a/drivers/gpu/drm/vc4/vc4_plane.c
+++ b/drivers/gpu/drm/vc4/vc4_plane.c
@@ -315,12 +315,14 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state)
 			vc4_get_scaling_mode(vc4_state->src_h[1],
 					     vc4_state->crtc_h);
 
-		/* YUV conversion requires that horizontal scaling be enabled,
-		 * even on a plane that's otherwise 1:1. Looks like only PPF
-		 * works in that case, so let's pick that one.
+		/* YUV conversion requires that horizontal scaling be enabled
+		 * on the UV plane even if vc4_get_scaling_mode() returned
+		 * VC4_SCALING_NONE (which can happen when the down-scaling
+		 * ratio is 0.5). Let's force it to VC4_SCALING_PPF in this
+		 * case.
 		 */
-		if (vc4_state->is_unity)
-			vc4_state->x_scaling[0] = VC4_SCALING_PPF;
+		if (vc4_state->x_scaling[1] == VC4_SCALING_NONE)
+			vc4_state->x_scaling[1] = VC4_SCALING_PPF;
 	} else {
 		vc4_state->is_yuv = false;
 		vc4_state->x_scaling[1] = VC4_SCALING_NONE;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 028/258] serial: fsl_lpuart: clear parity enable bit when disable parity
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (25 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 027/258] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 029/258] serial: core: Allow processing sysrq at port unlock time Sasha Levin
                   ` (229 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Andy Duan, Lukas Wunner, Greg Kroah-Hartman, Sasha Levin, linux-serial

From: Andy Duan <fugang.duan@nxp.com>

[ Upstream commit 397bd9211fe014b347ca8f95a8f4e1017bac1aeb ]

Current driver only enable parity enable bit and never clear it
when user set the termios. The fix clear the parity enable bit when
PARENB flag is not set in termios->c_cflag.

Cc: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Andy Duan <fugang.duan@nxp.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/fsl_lpuart.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/tty/serial/fsl_lpuart.c b/drivers/tty/serial/fsl_lpuart.c
index 3f8d1274fc85..7d030c2e42ff 100644
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -1477,6 +1477,8 @@ lpuart_set_termios(struct uart_port *port, struct ktermios *termios,
 			else
 				cr1 &= ~UARTCR1_PT;
 		}
+	} else {
+		cr1 &= ~UARTCR1_PE;
 	}
 
 	/* ask the core to calculate the divisor */
@@ -1688,6 +1690,8 @@ lpuart32_set_termios(struct uart_port *port, struct ktermios *termios,
 			else
 				ctrl &= ~UARTCTRL_PT;
 		}
+	} else {
+		ctrl &= ~UARTCTRL_PE;
 	}
 
 	/* ask the core to calculate the divisor */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 029/258] serial: core: Allow processing sysrq at port unlock time
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (26 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 028/258] serial: fsl_lpuart: clear parity enable bit when disable parity Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 030/258] ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl Sasha Levin
                   ` (228 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Douglas Anderson, Greg Kroah-Hartman, Sasha Levin

From: Douglas Anderson <dianders@chromium.org>

[ Upstream commit d6e1935819db0c91ce4a5af82466f3ab50d17346 ]

Right now serial drivers process sysrq keys deep in their character
receiving code.  This means that they've already grabbed their
port->lock spinlock.  This can end up getting in the way if we've go
to do serial stuff (especially kgdb) in response to the sysrq.

Serial drivers have various hacks in them to handle this.  Looking at
'8250_port.c' you can see that the console_write() skips locking if
we're in the sysrq handler.  Looking at 'msm_serial.c' you can see
that the port lock is dropped around uart_handle_sysrq_char().

It turns out that these hacks aren't exactly perfect.  If you have
lockdep turned on and use something like the 8250_port hack you'll get
a splat that looks like:

  WARNING: possible circular locking dependency detected
  [...] is trying to acquire lock:
  ... (console_owner){-.-.}, at: console_unlock+0x2e0/0x5e4

  but task is already holding lock:
  ... (&port_lock_key){-.-.}, at: serial8250_handle_irq+0x30/0xe4

  which lock already depends on the new lock.

  the existing dependency chain (in reverse order) is:

  -> #1 (&port_lock_key){-.-.}:
         _raw_spin_lock_irqsave+0x58/0x70
         serial8250_console_write+0xa8/0x250
         univ8250_console_write+0x40/0x4c
         console_unlock+0x528/0x5e4
         register_console+0x2c4/0x3b0
         uart_add_one_port+0x350/0x478
         serial8250_register_8250_port+0x350/0x3a8
         dw8250_probe+0x67c/0x754
         platform_drv_probe+0x58/0xa4
         really_probe+0x150/0x294
         driver_probe_device+0xac/0xe8
         __driver_attach+0x98/0xd0
         bus_for_each_dev+0x84/0xc8
         driver_attach+0x2c/0x34
         bus_add_driver+0xf0/0x1ec
         driver_register+0xb4/0x100
         __platform_driver_register+0x60/0x6c
         dw8250_platform_driver_init+0x20/0x28
	 ...

  -> #0 (console_owner){-.-.}:
         lock_acquire+0x1e8/0x214
         console_unlock+0x35c/0x5e4
         vprintk_emit+0x230/0x274
         vprintk_default+0x7c/0x84
         vprintk_func+0x190/0x1bc
         printk+0x80/0xa0
         __handle_sysrq+0x104/0x21c
         handle_sysrq+0x30/0x3c
         serial8250_read_char+0x15c/0x18c
         serial8250_rx_chars+0x34/0x74
         serial8250_handle_irq+0x9c/0xe4
         dw8250_handle_irq+0x98/0xcc
         serial8250_interrupt+0x50/0xe8
         ...

  other info that might help us debug this:

   Possible unsafe locking scenario:

         CPU0                    CPU1
         ----                    ----
    lock(&port_lock_key);
                                 lock(console_owner);
                                 lock(&port_lock_key);
    lock(console_owner);

   *** DEADLOCK ***

The hack used in 'msm_serial.c' doesn't cause the above splats but it
seems a bit ugly to unlock / lock our spinlock deep in our irq
handler.

It seems like we could defer processing the sysrq until the end of the
interrupt handler right after we've unlocked the port.  With this
scheme if a whole batch of sysrq characters comes in one irq then we
won't handle them all, but that seems like it should be a fine
compromise.

Signed-off-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/linux/serial_core.h | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h
index 406edae44ca3..3460b15a2607 100644
--- a/include/linux/serial_core.h
+++ b/include/linux/serial_core.h
@@ -173,6 +173,7 @@ struct uart_port {
 	struct console		*cons;			/* struct console, if any */
 #if defined(CONFIG_SERIAL_CORE_CONSOLE) || defined(SUPPORT_SYSRQ)
 	unsigned long		sysrq;			/* sysrq timeout */
+	unsigned int		sysrq_ch;		/* char for sysrq */
 #endif
 
 	/* flags must be updated while holding port mutex */
@@ -482,8 +483,42 @@ uart_handle_sysrq_char(struct uart_port *port, unsigned int ch)
 	}
 	return 0;
 }
+static inline int
+uart_prepare_sysrq_char(struct uart_port *port, unsigned int ch)
+{
+	if (port->sysrq) {
+		if (ch && time_before(jiffies, port->sysrq)) {
+			port->sysrq_ch = ch;
+			port->sysrq = 0;
+			return 1;
+		}
+		port->sysrq = 0;
+	}
+	return 0;
+}
+static inline void
+uart_unlock_and_check_sysrq(struct uart_port *port, unsigned long irqflags)
+{
+	int sysrq_ch;
+
+	sysrq_ch = port->sysrq_ch;
+	port->sysrq_ch = 0;
+
+	spin_unlock_irqrestore(&port->lock, irqflags);
+
+	if (sysrq_ch)
+		handle_sysrq(sysrq_ch);
+}
 #else
-#define uart_handle_sysrq_char(port,ch) ({ (void)port; 0; })
+static inline int
+uart_handle_sysrq_char(struct uart_port *port, unsigned int ch) { return 0; }
+static inline int
+uart_prepare_sysrq_char(struct uart_port *port, unsigned int ch) { return 0; }
+static inline void
+uart_unlock_and_check_sysrq(struct uart_port *port, unsigned long irqflags)
+{
+	spin_unlock_irqrestore(&port->lock, irqflags);
+}
 #endif
 
 /*
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 030/258] ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (27 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 029/258] serial: core: Allow processing sysrq at port unlock time Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 031/258] MIPS: Boston: Disable EG20T prefetch Sasha Levin
                   ` (227 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Miroslav Lichvar, Richard Cochran, Jacob Keller,
	David S . Miller, Sasha Levin, netdev

From: Miroslav Lichvar <mlichvar@redhat.com>

[ Upstream commit 83d0bdc7390b890905634186baaa294475cd6a06 ]

If a gettime64 call fails, return the error and avoid copying data back
to user.

Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/ptp/ptp_chardev.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/ptp/ptp_chardev.c b/drivers/ptp/ptp_chardev.c
index 2012551d93e0..796eeffdf93b 100644
--- a/drivers/ptp/ptp_chardev.c
+++ b/drivers/ptp/ptp_chardev.c
@@ -228,7 +228,9 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
 			pct->sec = ts.tv_sec;
 			pct->nsec = ts.tv_nsec;
 			pct++;
-			ptp->info->gettime64(ptp->info, &ts);
+			err = ptp->info->gettime64(ptp->info, &ts);
+			if (err)
+				goto out;
 			pct->sec = ts.tv_sec;
 			pct->nsec = ts.tv_nsec;
 			pct++;
@@ -281,6 +283,7 @@ long ptp_ioctl(struct posix_clock *pc, unsigned int cmd, unsigned long arg)
 		break;
 	}
 
+out:
 	kfree(sysoff);
 	return err;
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 031/258] MIPS: Boston: Disable EG20T prefetch
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (28 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 030/258] ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 032/258] dpaa2-ptp: defer probe when portal allocation failed Sasha Levin
                   ` (226 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Paul Burton, linux-mips, Sasha Levin, linux-mips, devicetree

From: Paul Burton <paul.burton@mips.com>

[ Upstream commit 5ec17af7ead09701e23d2065e16db6ce4e137289 ]

The Intel EG20T Platform Controller Hub used on the MIPS Boston
development board supports prefetching memory to optimize DMA transfers.
Unfortunately for unknown reasons this doesn't work well with some MIPS
CPUs such as the P6600, particularly when using an I/O Coherence Unit
(IOCU) to provide cache-coherent DMA. In these systems it is common for
DMA data to be lost, resulting in broken access to EG20T devices such as
the MMC or SATA controllers.

Support for a DT property to configure the prefetching was added a while
back by commit 549ce8f134bd ("misc: pch_phub: Read prefetch value from
device tree if passed") but we never added the DT snippet to make use of
it. Add that now in order to disable the prefetching & fix DMA on the
affected systems.

Signed-off-by: Paul Burton <paul.burton@mips.com>
Patchwork: https://patchwork.linux-mips.org/patch/21068/
Cc: linux-mips@linux-mips.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/mips/boot/dts/img/boston.dts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/arch/mips/boot/dts/img/boston.dts b/arch/mips/boot/dts/img/boston.dts
index 65af3f6ba81c..84328afa3a55 100644
--- a/arch/mips/boot/dts/img/boston.dts
+++ b/arch/mips/boot/dts/img/boston.dts
@@ -141,6 +141,12 @@
 				#size-cells = <2>;
 				#interrupt-cells = <1>;
 
+				eg20t_phub@2,0,0 {
+					compatible = "pci8086,8801";
+					reg = <0x00020000 0 0 0 0>;
+					intel,eg20t-prefetch = <0>;
+				};
+
 				eg20t_mac@2,0,1 {
 					compatible = "pci8086,8802";
 					reg = <0x00020100 0 0 0 0>;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 032/258] dpaa2-ptp: defer probe when portal allocation failed
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (29 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 031/258] MIPS: Boston: Disable EG20T prefetch Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 033/258] sctp: Fix SKB list traversal in sctp_intl_store_ordered() Sasha Levin
                   ` (225 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Ioana Ciornei, David S . Miller, Sasha Levin, devel

From: Ioana Ciornei <ioana.ciornei@nxp.com>

[ Upstream commit 5500598abbfb5b46201b9768bd9ea873a5eeaece ]

The fsl_mc_portal_allocate can fail when the requested MC portals are
not yet probed by the fsl_mc_allocator. In this situation, the driver
should defer the probe.

Signed-off-by: Ioana Ciornei <ioana.ciornei@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/fsl-dpaa2/rtc/rtc.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/fsl-dpaa2/rtc/rtc.c b/drivers/staging/fsl-dpaa2/rtc/rtc.c
index 0d52cb85441f..318a33c2f7a7 100644
--- a/drivers/staging/fsl-dpaa2/rtc/rtc.c
+++ b/drivers/staging/fsl-dpaa2/rtc/rtc.c
@@ -142,7 +142,10 @@ static int rtc_probe(struct fsl_mc_device *mc_dev)
 
 	err = fsl_mc_portal_allocate(mc_dev, 0, &mc_dev->mc_io);
 	if (err) {
-		dev_err(dev, "fsl_mc_portal_allocate err %d\n", err);
+		if (err == -ENXIO)
+			err = -EPROBE_DEFER;
+		else
+			dev_err(dev, "fsl_mc_portal_allocate err %d\n", err);
 		goto err_exit;
 	}
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 033/258] sctp: Fix SKB list traversal in sctp_intl_store_ordered().
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (30 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 032/258] dpaa2-ptp: defer probe when portal allocation failed Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 18:09   ` Marcelo Ricardo Leitner
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 034/258] sctp: Fix SKB list traversal in sctp_intl_store_reasm() Sasha Levin
                   ` (224 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: David S. Miller, Sasha Levin, linux-sctp, netdev

From: "David S. Miller" <davem@davemloft.net>

[ Upstream commit e15e067d0656625c77c52b4e5f0cfbf0c0c3583f ]

Same change as made to sctp_intl_store_reasm().

To be fully correct, an iterator has an undefined value when something
like skb_queue_walk() naturally terminates.

This will actually matter when SKB queues are converted over to
list_head.

Formalize what this code ends up doing with the current
implementation.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/sctp/stream_interleave.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/net/sctp/stream_interleave.c b/net/sctp/stream_interleave.c
index 0a78cdf86463..500449b72eca 100644
--- a/net/sctp/stream_interleave.c
+++ b/net/sctp/stream_interleave.c
@@ -383,7 +383,7 @@ static void sctp_intl_store_ordered(struct sctp_ulpq *ulpq,
 				    struct sctp_ulpevent *event)
 {
 	struct sctp_ulpevent *cevent;
-	struct sk_buff *pos;
+	struct sk_buff *pos, *loc;
 
 	pos = skb_peek_tail(&ulpq->lobby);
 	if (!pos) {
@@ -403,18 +403,25 @@ static void sctp_intl_store_ordered(struct sctp_ulpq *ulpq,
 		return;
 	}
 
+	loc = NULL;
 	skb_queue_walk(&ulpq->lobby, pos) {
 		cevent = (struct sctp_ulpevent *)pos->cb;
 
-		if (cevent->stream > event->stream)
+		if (cevent->stream > event->stream) {
+			loc = pos;
 			break;
-
+		}
 		if (cevent->stream == event->stream &&
-		    MID_lt(event->mid, cevent->mid))
+		    MID_lt(event->mid, cevent->mid)) {
+			loc = pos;
 			break;
+		}
 	}
 
-	__skb_queue_before(&ulpq->lobby, pos, sctp_event2skb(event));
+	if (!loc)
+		__skb_queue_tail(&ulpq->lobby, sctp_event2skb(event));
+	else
+		__skb_queue_before(&ulpq->lobby, loc, sctp_event2skb(event));
 }
 
 static void sctp_intl_retrieve_ordered(struct sctp_ulpq *ulpq,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 034/258] sctp: Fix SKB list traversal in sctp_intl_store_reasm().
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (31 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 033/258] sctp: Fix SKB list traversal in sctp_intl_store_ordered() Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 17:04   ` Marcelo Ricardo Leitner
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 035/258] iwlwifi: fw: do not set sgi bits for HE connection Sasha Levin
                   ` (223 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: David S. Miller, Sasha Levin, linux-sctp, netdev

From: "David S. Miller" <davem@davemloft.net>

[ Upstream commit 348bbc25c40844c5efa083a3842c7f53d70a815e ]

To be fully correct, an iterator has an undefined value when something
like skb_queue_walk() naturally terminates.

This will actually matter when SKB queues are converted over to
list_head.

Formalize what this code ends up doing with the current
implementation.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/sctp/stream_interleave.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/net/sctp/stream_interleave.c b/net/sctp/stream_interleave.c
index 500449b72eca..2b499a85db0e 100644
--- a/net/sctp/stream_interleave.c
+++ b/net/sctp/stream_interleave.c
@@ -140,7 +140,7 @@ static void sctp_intl_store_reasm(struct sctp_ulpq *ulpq,
 				  struct sctp_ulpevent *event)
 {
 	struct sctp_ulpevent *cevent;
-	struct sk_buff *pos;
+	struct sk_buff *pos, *loc;
 
 	pos = skb_peek_tail(&ulpq->reasm);
 	if (!pos) {
@@ -166,23 +166,30 @@ static void sctp_intl_store_reasm(struct sctp_ulpq *ulpq,
 		return;
 	}
 
+	loc = NULL;
 	skb_queue_walk(&ulpq->reasm, pos) {
 		cevent = sctp_skb2event(pos);
 
 		if (event->stream < cevent->stream ||
 		    (event->stream == cevent->stream &&
-		     MID_lt(event->mid, cevent->mid)))
+		     MID_lt(event->mid, cevent->mid))) {
+			loc = pos;
 			break;
-
+		}
 		if (event->stream == cevent->stream &&
 		    event->mid == cevent->mid &&
 		    !(cevent->msg_flags & SCTP_DATA_FIRST_FRAG) &&
 		    (event->msg_flags & SCTP_DATA_FIRST_FRAG ||
-		     event->fsn < cevent->fsn))
+		     event->fsn < cevent->fsn)) {
+			loc = pos;
 			break;
+		}
 	}
 
-	__skb_queue_before(&ulpq->reasm, pos, sctp_event2skb(event));
+	if (!loc)
+		__skb_queue_tail(&ulpq->reasm, sctp_event2skb(event));
+	else
+		__skb_queue_before(&ulpq->reasm, loc, sctp_event2skb(event));
 }
 
 static struct sctp_ulpevent *sctp_intl_retrieve_partial(
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 035/258] iwlwifi: fw: do not set sgi bits for HE connection
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (32 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 034/258] sctp: Fix SKB list traversal in sctp_intl_store_reasm() Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 036/258] staging:iio:ad2s90: Make probe handle spi_setup failure Sasha Levin
                   ` (222 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Naftali Goldstein, Luca Coelho, Sasha Levin, linux-wireless, netdev

From: Naftali Goldstein <naftali.goldstein@intel.com>

[ Upstream commit 5c2dbebb446539eb9640bf59a02756d6e7f1fc53 ]

If the association supports HE, HT/VHT rates will never be used for Tx
and therefore there's no need to set the sgi-per-channel-width-support
bits, so don't set them in this case.

Fixes: 110b32f065f3 ("iwlwifi: mvm: rs: add basic implementation of the new RS API handlers")
Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c
index 8169d1450b3b..d1c1a8069c7e 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c
@@ -98,8 +98,12 @@ static u8 rs_fw_sgi_cw_support(struct ieee80211_sta *sta)
 {
 	struct ieee80211_sta_ht_cap *ht_cap = &sta->ht_cap;
 	struct ieee80211_sta_vht_cap *vht_cap = &sta->vht_cap;
+	struct ieee80211_sta_he_cap *he_cap = &sta->he_cap;
 	u8 supp = 0;
 
+	if (he_cap && he_cap->has_he)
+		return 0;
+
 	if (ht_cap->cap & IEEE80211_HT_CAP_SGI_20)
 		supp |= BIT(IWL_TLC_MNG_CH_WIDTH_20MHZ);
 	if (ht_cap->cap & IEEE80211_HT_CAP_SGI_40)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 036/258] staging:iio:ad2s90: Make probe handle spi_setup failure
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (33 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 035/258] iwlwifi: fw: do not set sgi bits for HE connection Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 037/258] fpga: altera-cvp: Fix registration for CvP incapable devices Sasha Levin
                   ` (221 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Matheus Tavares, Jonathan Cameron, Sasha Levin, linux-iio, devel

From: Matheus Tavares <matheus.bernardino@usp.br>

[ Upstream commit b3a3eafeef769c6982e15f83631dcbf8d1794efb ]

Previously, ad2s90_probe ignored the return code from spi_setup, not
handling its possible failure. This patch makes ad2s90_probe check if
the code is an error code and, if so, do the following:

- Call dev_err with an appropriate error message.
- Return the spi_setup's error code.

Note: The 'return ret' statement could be out of the 'if' block, but
this whole block will be moved up in the function in the patch:
'staging:iio:ad2s90: Move device registration to the end of probe'.

Signed-off-by: Matheus Tavares <matheus.bernardino@usp.br>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/iio/resolver/ad2s90.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/iio/resolver/ad2s90.c b/drivers/staging/iio/resolver/ad2s90.c
index 59586947a936..51cda9151412 100644
--- a/drivers/staging/iio/resolver/ad2s90.c
+++ b/drivers/staging/iio/resolver/ad2s90.c
@@ -85,7 +85,12 @@ static int ad2s90_probe(struct spi_device *spi)
 	/* need 600ns between CS and the first falling edge of SCLK */
 	spi->max_speed_hz = 830000;
 	spi->mode = SPI_MODE_3;
-	spi_setup(spi);
+	ret = spi_setup(spi);
+
+	if (ret < 0) {
+		dev_err(&spi->dev, "spi_setup failed!\n");
+		return ret;
+	}
 
 	return 0;
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 037/258] fpga: altera-cvp: Fix registration for CvP incapable devices
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (34 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 036/258] staging:iio:ad2s90: Make probe handle spi_setup failure Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 038/258] Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1 Sasha Levin
                   ` (220 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Andreas Puhm, Anatolij Gustschin, Greg Kroah-Hartman,
	Sasha Levin, linux-fpga

From: Andreas Puhm <puhm@oregano.at>

[ Upstream commit 68f60538daa4bc3da5d0764d46f391916fba20fd ]

The probe function needs to verify the CvP enable bit in order to
properly determine if FPGA Manager functionality can be safely
enabled.

Fixes: 34d1dc17ce97 ("fpga manager: Add Altera CvP driver")
Signed-off-by: Andreas Puhm <puhm@oregano.at>
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Reviewed-by: Moritz Fischer <mdf@kernel.org>
Acked-by: Alan Tull <atull@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/fpga/altera-cvp.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/drivers/fpga/altera-cvp.c b/drivers/fpga/altera-cvp.c
index 68e4b2b98c8f..1f4c26b4794a 100644
--- a/drivers/fpga/altera-cvp.c
+++ b/drivers/fpga/altera-cvp.c
@@ -403,6 +403,7 @@ static int altera_cvp_probe(struct pci_dev *pdev,
 	struct altera_cvp_conf *conf;
 	struct fpga_manager *mgr;
 	u16 cmd, val;
+	u32 regval;
 	int ret;
 
 	/*
@@ -416,6 +417,14 @@ static int altera_cvp_probe(struct pci_dev *pdev,
 		return -ENODEV;
 	}
 
+	pci_read_config_dword(pdev, VSE_CVP_STATUS, &regval);
+	if (!(regval & VSE_CVP_STATUS_CVP_EN)) {
+		dev_err(&pdev->dev,
+			"CVP is disabled for this device: CVP_STATUS Reg 0x%x\n",
+			regval);
+		return -ENODEV;
+	}
+
 	conf = devm_kzalloc(&pdev->dev, sizeof(*conf), GFP_KERNEL);
 	if (!conf)
 		return -ENOMEM;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 038/258] Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (35 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 037/258] fpga: altera-cvp: Fix registration for CvP incapable devices Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 039/258] fpga: altera-cvp: fix 'bad IO access' on x86_64 Sasha Levin
                   ` (219 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Dexuan Cui, K . Y . Srinivasan, Haiyang Zhang, Stephen Hemminger,
	Greg Kroah-Hartman, Sasha Levin, devel

From: Dexuan Cui <decui@microsoft.com>

[ Upstream commit 4fcba7802c3e15a6e56e255871d6c72f829b9dd8 ]

The patch fixes:

hv_kvp_daemon.c: In function 'kvp_set_ip_info':
hv_kvp_daemon.c:1305:2: note: 'snprintf' output between 41 and 4136 bytes
into a destination of size 4096

The "(unsigned int)str_len" is to avoid:

hv_kvp_daemon.c:1309:30: warning: comparison of integer expressions of
different signedness: 'int' and 'long unsigned int' [-Wsign-compare]

Signed-off-by: Dexuan Cui <decui@microsoft.com>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/hv/hv_kvp_daemon.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index bbb2a8ef367c..d7e06fe0270e 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -1178,6 +1178,7 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val)
 	FILE *file;
 	char cmd[PATH_MAX];
 	char *mac_addr;
+	int str_len;
 
 	/*
 	 * Set the configuration for the specified interface with
@@ -1301,8 +1302,18 @@ static int kvp_set_ip_info(char *if_name, struct hv_kvp_ipaddr_value *new_val)
 	 * invoke the external script to do its magic.
 	 */
 
-	snprintf(cmd, sizeof(cmd), KVP_SCRIPTS_PATH "%s %s",
-		 "hv_set_ifconfig", if_file);
+	str_len = snprintf(cmd, sizeof(cmd), KVP_SCRIPTS_PATH "%s %s",
+			   "hv_set_ifconfig", if_file);
+	/*
+	 * This is a little overcautious, but it's necessary to suppress some
+	 * false warnings from gcc 8.0.1.
+	 */
+	if (str_len <= 0 || (unsigned int)str_len >= sizeof(cmd)) {
+		syslog(LOG_ERR, "Cmd '%s' (len=%d) may be too long",
+		       cmd, str_len);
+		return HV_E_FAIL;
+	}
+
 	if (system(cmd)) {
 		syslog(LOG_ERR, "Failed to execute cmd '%s'; error: %d %s",
 				cmd, errno, strerror(errno));
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 039/258] fpga: altera-cvp: fix 'bad IO access' on x86_64
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (36 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 038/258] Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1 Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 040/258] vbox: fix link error with 'gcc -Og' Sasha Levin
                   ` (218 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Anatolij Gustschin, Greg Kroah-Hartman, Sasha Levin, linux-fpga

From: Anatolij Gustschin <agust@denx.de>

[ Upstream commit 187fade88ca0ff2df9d360ca751d948d73db7095 ]

If mapping the CvP BAR fails, we still can configure the FPGA via
PCI config space access. In this case the iomap pointer is NULL.
On x86_64, passing NULL address to pci_iounmap() generates
"Bad IO access at port 0x0" output with stack call trace. Fix it.

Signed-off-by: Anatolij Gustschin <agust@denx.de>
Acked-by: Alan Tull <atull@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/fpga/altera-cvp.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/fpga/altera-cvp.c b/drivers/fpga/altera-cvp.c
index 1f4c26b4794a..7a42c194b944 100644
--- a/drivers/fpga/altera-cvp.c
+++ b/drivers/fpga/altera-cvp.c
@@ -480,7 +480,8 @@ static int altera_cvp_probe(struct pci_dev *pdev,
 	return 0;
 
 err_unmap:
-	pci_iounmap(pdev, conf->map);
+	if (conf->map)
+		pci_iounmap(pdev, conf->map);
 	pci_release_region(pdev, CVP_BAR);
 err_disable:
 	cmd &= ~PCI_COMMAND_MEMORY;
@@ -495,7 +496,8 @@ static void altera_cvp_remove(struct pci_dev *pdev)
 	u16 cmd;
 
 	fpga_mgr_unregister(mgr);
-	pci_iounmap(pdev, conf->map);
+	if (conf->map)
+		pci_iounmap(pdev, conf->map);
 	pci_release_region(pdev, CVP_BAR);
 	pci_read_config_word(pdev, PCI_COMMAND, &cmd);
 	cmd &= ~PCI_COMMAND_MEMORY;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 040/258] vbox: fix link error with 'gcc -Og'
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (37 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 039/258] fpga: altera-cvp: fix 'bad IO access' on x86_64 Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 041/258] platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup Sasha Levin
                   ` (217 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Arnd Bergmann, Greg Kroah-Hartman, Sasha Levin

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit b8ae30a7020d61e0504529adf45abb08fa5c59f5 ]

With the new CONFIG_CC_OPTIMIZE_FOR_DEBUGGING option, we get a link
error in the vboxguest driver, when that fails to optimize out the
call to the compat handler:

drivers/virt/vboxguest/vboxguest_core.o: In function `vbg_ioctl_hgcm_call':
vboxguest_core.c:(.text+0x1f6e): undefined reference to `vbg_hgcm_call32'

Another compile-time check documents better what we want and avoids
the error.

Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/virt/vboxguest/vboxguest_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/virt/vboxguest/vboxguest_core.c b/drivers/virt/vboxguest/vboxguest_core.c
index 3093655c7b92..1475ed5ffcde 100644
--- a/drivers/virt/vboxguest/vboxguest_core.c
+++ b/drivers/virt/vboxguest/vboxguest_core.c
@@ -1312,7 +1312,7 @@ static int vbg_ioctl_hgcm_call(struct vbg_dev *gdev,
 		return -EINVAL;
 	}
 
-	if (f32bit)
+	if (IS_ENABLED(CONFIG_COMPAT) && f32bit)
 		ret = vbg_hgcm_call32(gdev, client_id,
 				      call->function, call->timeout_ms,
 				      VBG_IOCTL_HGCM_CALL_PARMS32(call),
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 041/258] platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (38 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 040/258] vbox: fix link error with 'gcc -Og' Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 042/258] i40e: prevent overlapping tx_timeout recover Sasha Levin
                   ` (216 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Brian Norris, Benson Leung, Sasha Levin

From: Brian Norris <briannorris@chromium.org>

[ Upstream commit 6ad16b78a039b45294b1ad5d69c14ac57b2fe706 ]

EC_MKBP_EVENT_SENSOR_FIFO events can be triggered for a variety of
reasons, and there are very few cases in which they should be treated as
wakeup interrupts (particularly, when a certain
MOTIONSENSE_MODULE_FLAG_* is set, but this is not even supported in the
mainline cros_ec_sensor driver yet). Most of the time, they are benign
sensor readings. In any case, the top-level cros_ec device doesn't know
enough to determine that they should wake the system, and so it should
not report the event. This would be the job of the cros_ec_sensors
driver to parse.

This patch adds checks to cros_ec_get_next_event() such that it doesn't
signal 'wakeup' for events of type EC_MKBP_EVENT_SENSOR_FIFO.

This patch is particularly relevant on devices like Scarlet (Rockchip
RK3399 tablet, known as Acer Chromebook Tab 10), where the EC firmware
reports sensor events much more frequently. This was causing
/sys/power/wakeup_count to increase very frequently, often needlessly
interrupting our ability to suspend the system.

Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Benson Leung <bleung@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/platform/chrome/cros_ec_proto.c | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/drivers/platform/chrome/cros_ec_proto.c b/drivers/platform/chrome/cros_ec_proto.c
index b6fd4838f60f..e5d5b1adb5a9 100644
--- a/drivers/platform/chrome/cros_ec_proto.c
+++ b/drivers/platform/chrome/cros_ec_proto.c
@@ -575,6 +575,7 @@ static int get_keyboard_state_event(struct cros_ec_device *ec_dev)
 
 int cros_ec_get_next_event(struct cros_ec_device *ec_dev, bool *wake_event)
 {
+	u8 event_type;
 	u32 host_event;
 	int ret;
 
@@ -594,11 +595,22 @@ int cros_ec_get_next_event(struct cros_ec_device *ec_dev, bool *wake_event)
 		return ret;
 
 	if (wake_event) {
+		event_type = ec_dev->event_data.event_type;
 		host_event = cros_ec_get_host_event(ec_dev);
 
-		/* Consider non-host_event as wake event */
-		*wake_event = !host_event ||
-			      !!(host_event & ec_dev->host_event_wake_mask);
+		/*
+		 * Sensor events need to be parsed by the sensor sub-device.
+		 * Defer them, and don't report the wakeup here.
+		 */
+		if (event_type == EC_MKBP_EVENT_SENSOR_FIFO)
+			*wake_event = false;
+		/* Masked host-events should not count as wake events. */
+		else if (host_event &&
+			 !(host_event & ec_dev->host_event_wake_mask))
+			*wake_event = false;
+		/* Consider all other events as wake events. */
+		else
+			*wake_event = true;
 	}
 
 	return ret;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 042/258] i40e: prevent overlapping tx_timeout recover
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (39 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 041/258] platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 043/258] scsi: hisi_sas: change the time of SAS SSP connection Sasha Levin
                   ` (215 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Alan Brady, Jeff Kirsher, Sasha Levin, netdev

From: Alan Brady <alan.brady@intel.com>

[ Upstream commit d5585b7b6846a6d0f9517afe57be3843150719da ]

If a TX hang occurs, we attempt to recover by incrementally resetting.
If we're starved for CPU time, it's possible the reset doesn't actually
complete (or even fire) before another tx_timeout fires causing us to
fly through the different resets without actually doing them.

This adds a bit to set and check if a timeout recovery is already
pending and, if so, bail out of tx_timeout.  The bit will get cleared at
the end of i40e_rebuild when reset is complete.

Signed-off-by: Alan Brady <alan.brady@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/i40e/i40e.h      | 1 +
 drivers/net/ethernet/intel/i40e/i40e_main.c | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/drivers/net/ethernet/intel/i40e/i40e.h b/drivers/net/ethernet/intel/i40e/i40e.h
index 7a80652e2500..f84e2c2d02c0 100644
--- a/drivers/net/ethernet/intel/i40e/i40e.h
+++ b/drivers/net/ethernet/intel/i40e/i40e.h
@@ -122,6 +122,7 @@ enum i40e_state_t {
 	__I40E_MDD_EVENT_PENDING,
 	__I40E_VFLR_EVENT_PENDING,
 	__I40E_RESET_RECOVERY_PENDING,
+	__I40E_TIMEOUT_RECOVERY_PENDING,
 	__I40E_MISC_IRQ_REQUESTED,
 	__I40E_RESET_INTR_RECEIVED,
 	__I40E_REINIT_REQUESTED,
diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index ed9d3fc4aaba..bfa5c525cf31 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -336,6 +336,10 @@ static void i40e_tx_timeout(struct net_device *netdev)
 		      (pf->tx_timeout_last_recovery + netdev->watchdog_timeo)))
 		return;   /* don't do any new action before the next timeout */
 
+	/* don't kick off another recovery if one is already pending */
+	if (test_and_set_bit(__I40E_TIMEOUT_RECOVERY_PENDING, pf->state))
+		return;
+
 	if (tx_ring) {
 		head = i40e_get_head(tx_ring);
 		/* Read interrupt register */
@@ -9566,6 +9570,7 @@ static void i40e_rebuild(struct i40e_pf *pf, bool reinit, bool lock_acquired)
 	clear_bit(__I40E_RESET_FAILED, pf->state);
 clear_recovery:
 	clear_bit(__I40E_RESET_RECOVERY_PENDING, pf->state);
+	clear_bit(__I40E_TIMEOUT_RECOVERY_PENDING, pf->state);
 }
 
 /**
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 043/258] scsi: hisi_sas: change the time of SAS SSP connection
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (40 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 042/258] i40e: prevent overlapping tx_timeout recover Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 044/258] staging: iio: ad7780: update voltage on read Sasha Levin
                   ` (214 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Xiang Chen, John Garry, Martin K . Petersen, Sasha Levin, linux-scsi

From: Xiang Chen <chenxiang66@hisilicon.com>

[ Upstream commit 15bc43f31a074076f114e0b87931e3b220b7bff1 ]

Currently the time of SAS SSP connection is 1ms, which means the link
connection will fail if no IO response after this period.

For some disks handling large IO (such as 512k), 1ms is not enough, so
change it to 5ms.

Signed-off-by: Xiang Chen <chenxiang66@hisilicon.com>
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
index 687ff61bba9f..3922b17e2ea3 100644
--- a/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
+++ b/drivers/scsi/hisi_sas/hisi_sas_v3_hw.c
@@ -492,7 +492,7 @@ static void init_reg_v3_hw(struct hisi_hba *hisi_hba)
 		hisi_sas_phy_write32(hisi_hba, i, PHYCTRL_OOB_RESTART_MSK, 0x1);
 		hisi_sas_phy_write32(hisi_hba, i, STP_LINK_TIMER, 0x7f7a120);
 		hisi_sas_phy_write32(hisi_hba, i, CON_CFG_DRIVER, 0x2a0a01);
-
+		hisi_sas_phy_write32(hisi_hba, i, SAS_SSP_CON_TIMER_CFG, 0x32);
 		/* used for 12G negotiate */
 		hisi_sas_phy_write32(hisi_hba, i, COARSETUNE_TIME, 0x1e);
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 044/258] staging: iio: ad7780: update voltage on read
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (41 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 043/258] scsi: hisi_sas: change the time of SAS SSP connection Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 045/258] usbnet: smsc95xx: fix rx packet alignment Sasha Levin
                   ` (213 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Renato Lui Geh, Jonathan Cameron, Sasha Levin, linux-iio, devel

From: Renato Lui Geh <renatogeh@gmail.com>

[ Upstream commit 336650c785b62c3bea7c8cf6061c933a90241f67 ]

The ad7780 driver previously did not read the correct device output, as
it read an outdated value set at initialization. It now updates its
voltage on read.

Signed-off-by: Renato Lui Geh <renatogeh@gmail.com>
Acked-by: Alexandru Ardelean <alexandru.ardelean@analog.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/iio/adc/ad7780.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/staging/iio/adc/ad7780.c b/drivers/staging/iio/adc/ad7780.c
index 16d72072c076..8bcb5d5de749 100644
--- a/drivers/staging/iio/adc/ad7780.c
+++ b/drivers/staging/iio/adc/ad7780.c
@@ -87,12 +87,16 @@ static int ad7780_read_raw(struct iio_dev *indio_dev,
 			   long m)
 {
 	struct ad7780_state *st = iio_priv(indio_dev);
+	int voltage_uv;
 
 	switch (m) {
 	case IIO_CHAN_INFO_RAW:
 		return ad_sigma_delta_single_conversion(indio_dev, chan, val);
 	case IIO_CHAN_INFO_SCALE:
-		*val = st->int_vref_mv * st->gain;
+		voltage_uv = regulator_get_voltage(st->reg);
+		if (voltage_uv < 0)
+			return voltage_uv;
+		*val = (voltage_uv / 1000) * st->gain;
 		*val2 = chan->scan_type.realbits - 1;
 		return IIO_VAL_FRACTIONAL_LOG2;
 	case IIO_CHAN_INFO_OFFSET:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 045/258] usbnet: smsc95xx: fix rx packet alignment
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (42 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 044/258] staging: iio: ad7780: update voltage on read Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 046/258] drm/rockchip: fix for mailbox read size Sasha Levin
                   ` (212 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Ben Dooks, David S . Miller, Sasha Levin, netdev, linux-usb

From: Ben Dooks <ben.dooks@codethink.co.uk>

[ Upstream commit 810eeb1f41a9a272eedc94ca18c072e75678ede4 ]

The smsc95xx driver already takes into account the NET_IP_ALIGN
parameter when setting up the receive packet data, which means
we do not need to worry about aligning the packets in the usbnet
driver.

Adding the EVENT_NO_IP_ALIGN means that the IPv4 header is now
passed to the ip_rcv() routine with the start on an aligned address.

Tested on Raspberry Pi B3.

Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/usb/smsc95xx.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/net/usb/smsc95xx.c b/drivers/net/usb/smsc95xx.c
index f2d01cb6f958..6e971628bb50 100644
--- a/drivers/net/usb/smsc95xx.c
+++ b/drivers/net/usb/smsc95xx.c
@@ -1295,6 +1295,7 @@ static int smsc95xx_bind(struct usbnet *dev, struct usb_interface *intf)
 		dev->net->features |= NETIF_F_RXCSUM;
 
 	dev->net->hw_features = NETIF_F_IP_CSUM | NETIF_F_RXCSUM;
+	set_bit(EVENT_NO_IP_ALIGN, &dev->flags);
 
 	smsc95xx_init_mac_address(dev);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 046/258] drm/rockchip: fix for mailbox read size
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (43 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 045/258] usbnet: smsc95xx: fix rx packet alignment Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 047/258] ARM: OMAP2+: hwmod: Fix some section annotations Sasha Levin
                   ` (211 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Damian Kos, Heiko Stuebner, Sasha Levin, dri-devel, linux-rockchip

From: Damian Kos <dkos@cadence.com>

[ Upstream commit fa68d4f8476bea4cdf441062b614b41bb85ef1da ]

Some of the functions (like cdn_dp_dpcd_read, cdn_dp_get_edid_block)
allow to read 64KiB, but the cdn_dp_mailbox_read_receive, that is
used by them, can read only up to 255 bytes at once. Normally, it's
not a big issue as DPCD or EDID reads won't (hopefully) exceed that
value.
The real issue here is the revocation list read during the HDCP
authentication process. (problematic use case:
https://chromium.googlesource.com/chromiumos/third_party/kernel/+/chromeos-4.4/drivers/gpu/drm/rockchip/cdn-dp-reg.c#1152)
The list can reach 127*5+4 bytes (num devs * 5 bytes per ID/Bksv +
4 bytes of an additional info).
In other words - CTSes with HDCP Repeater won't pass without this
fix. Oh, and the driver will most likely stop working (best case
scenario).

Signed-off-by: Damian Kos <dkos@cadence.com>
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Link: https://patchwork.freedesktop.org/patch/msgid/1541518625-25984-1-git-send-email-dkos@cadence.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/rockchip/cdn-dp-reg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/rockchip/cdn-dp-reg.c b/drivers/gpu/drm/rockchip/cdn-dp-reg.c
index 3105965fc260..5a485489a1e2 100644
--- a/drivers/gpu/drm/rockchip/cdn-dp-reg.c
+++ b/drivers/gpu/drm/rockchip/cdn-dp-reg.c
@@ -147,7 +147,7 @@ static int cdn_dp_mailbox_validate_receive(struct cdn_dp_device *dp,
 }
 
 static int cdn_dp_mailbox_read_receive(struct cdn_dp_device *dp,
-				       u8 *buff, u8 buff_size)
+				       u8 *buff, u16 buff_size)
 {
 	u32 i;
 	int ret;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 047/258] ARM: OMAP2+: hwmod: Fix some section annotations
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (44 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 046/258] drm/rockchip: fix for mailbox read size Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 048/258] drm/amd/display: fix gamma not being applied correctly Sasha Levin
                   ` (210 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nathan Chancellor, Tony Lindgren, Sasha Levin, linux-omap

From: Nathan Chancellor <natechancellor@gmail.com>

[ Upstream commit c10b26abeb53cabc1e6271a167d3f3d396ce0218 ]

When building the kernel with Clang, the following section mismatch
warnings appears:

WARNING: vmlinux.o(.text+0x2d398): Section mismatch in reference from
the function _setup() to the function .init.text:_setup_iclk_autoidle()
The function _setup() references
the function __init _setup_iclk_autoidle().
This is often because _setup lacks a __init
annotation or the annotation of _setup_iclk_autoidle is wrong.

WARNING: vmlinux.o(.text+0x2d3a0): Section mismatch in reference from
the function _setup() to the function .init.text:_setup_reset()
The function _setup() references
the function __init _setup_reset().
This is often because _setup lacks a __init
annotation or the annotation of _setup_reset is wrong.

WARNING: vmlinux.o(.text+0x2d408): Section mismatch in reference from
the function _setup() to the function .init.text:_setup_postsetup()
The function _setup() references
the function __init _setup_postsetup().
This is often because _setup lacks a __init
annotation or the annotation of _setup_postsetup is wrong.

_setup is used in omap_hwmod_allocate_module, which isn't marked __init
and looks like it shouldn't be, meaning to fix these warnings, those
functions must be moved out of the init section, which this patch does.

Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-omap2/omap_hwmod.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
index cd65ea4e9c54..ec3789ba17b8 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -2397,7 +2397,7 @@ static int __init _init(struct omap_hwmod *oh, void *data)
  * a stub; implementing this properly requires iclk autoidle usecounting in
  * the clock code.   No return value.
  */
-static void __init _setup_iclk_autoidle(struct omap_hwmod *oh)
+static void _setup_iclk_autoidle(struct omap_hwmod *oh)
 {
 	struct omap_hwmod_ocp_if *os;
 
@@ -2428,7 +2428,7 @@ static void __init _setup_iclk_autoidle(struct omap_hwmod *oh)
  * reset.  Returns 0 upon success or a negative error code upon
  * failure.
  */
-static int __init _setup_reset(struct omap_hwmod *oh)
+static int _setup_reset(struct omap_hwmod *oh)
 {
 	int r;
 
@@ -2489,7 +2489,7 @@ static int __init _setup_reset(struct omap_hwmod *oh)
  *
  * No return value.
  */
-static void __init _setup_postsetup(struct omap_hwmod *oh)
+static void _setup_postsetup(struct omap_hwmod *oh)
 {
 	u8 postsetup_state;
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 048/258] drm/amd/display: fix gamma not being applied correctly
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (45 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 047/258] ARM: OMAP2+: hwmod: Fix some section annotations Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 049/258] drm/amd/display: calculate stream->phy_pix_clk before clock mapping Sasha Levin
                   ` (209 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Murton Liu, Alex Deucher, Sasha Levin, amd-gfx, dri-devel

From: Murton Liu <murton.liu@amd.com>

[ Upstream commit 8ce504b9389be846bcdf512ed5be8f661b3bf097 ]

[why]
Gamma was always being set as identity on SDR monitor,
leading to no changes in gamma. This caused nightlight to
not apply correctly.

[how]
Added a default gamma structure to compare against
in the sdr case.

Signed-off-by: Murton Liu <murton.liu@amd.com>
Reviewed-by: Krunoslav Kovac <Krunoslav.Kovac@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index cfcc54f2ce65..33a9d0c58966 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -1190,7 +1190,8 @@ static bool dcn10_set_input_transfer_func(struct pipe_ctx *pipe_ctx,
 		tf = plane_state->in_transfer_func;
 
 	if (plane_state->gamma_correction &&
-		!plane_state->gamma_correction->is_identity
+		!dpp_base->ctx->dc->debug.always_use_regamma
+		&& !plane_state->gamma_correction->is_identity
 			&& dce_use_lut(plane_state->format))
 		dpp_base->funcs->dpp_program_input_lut(dpp_base, plane_state->gamma_correction);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 049/258] drm/amd/display: calculate stream->phy_pix_clk before clock mapping
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (46 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 048/258] drm/amd/display: fix gamma not being applied correctly Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 050/258] bpf: libbpf: retry map creation without the name Sasha Levin
                   ` (208 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Yogesh Mohan Marimuthu, Alex Deucher, Sasha Levin, amd-gfx, dri-devel

From: Yogesh Mohan Marimuthu <yogesh.mohanmarimuthu@amd.com>

[ Upstream commit 08e1c28dd521c7b08d1b0af0bae9fb22ccc012a4 ]

[why]
phy_pix_clk is one of the variable used to check if one PLL can be shared
with displays having common mode set configuration. As of now
phy_pix_clock varialbe is calculated in function dc_validate_stream().
dc_validate_stream() function is called after clocks are assigned for the
new display. Due to this during hotplug, when PLL sharing conditions are
checked for new display phy_pix_clk variable will be 0 and for displays
that are already enabled phy_pix_clk will have some value. Hence PLL will
not be shared and if the display hardware doesn't have any more PLL to
assign, mode set will fail due to resource unavailability.

[how]
Instead of only calculating the phy_pix_clk variable after the PLL is
assigned for new display, this patch calculates phy_pix_clk also during
the before assigning the PLL for new display.

Signed-off-by: Yogesh Mohan Marimuthu <yogesh.mohanmarimuthu@amd.com>
Reviewed-by: Harry Wentland <Harry.Wentland@amd.com>
Acked-by: Bhawanpreet Lakha <Bhawanpreet.Lakha@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
index ea6beccfd89d..87bf422f16be 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c
@@ -1917,6 +1917,8 @@ enum dc_status resource_map_pool_resources(
 		}
 	*/
 
+	calculate_phy_pix_clks(stream);
+
 	/* acquire new resources */
 	pipe_idx = acquire_first_free_pipe(&context->res_ctx, pool, stream);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 050/258] bpf: libbpf: retry map creation without the name
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (47 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 049/258] drm/amd/display: calculate stream->phy_pix_clk before clock mapping Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 051/258] net/mlx5: EQ, Use the right place to store/read IRQ affinity hint Sasha Levin
                   ` (207 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Stanislav Fomichev, Daniel Borkmann, Sasha Levin, netdev

From: Stanislav Fomichev <sdf@google.com>

[ Upstream commit 23499442c319412aa8e54e7a939e2eb531bdd77d ]

Since commit 88cda1c9da02 ("bpf: libbpf: Provide basic API support
to specify BPF obj name"), libbpf unconditionally sets bpf_attr->name
for maps. Pre v4.14 kernels don't know about map names and return an
error about unexpected non-zero data. Retry sys_bpf without a map
name to cover older kernels.

v2 changes:
* check for errno == EINVAL as suggested by Daniel Borkmann

Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/lib/bpf/bpf.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tools/lib/bpf/bpf.c b/tools/lib/bpf/bpf.c
index 60aa4ca8b2c5..7a0014794bff 100644
--- a/tools/lib/bpf/bpf.c
+++ b/tools/lib/bpf/bpf.c
@@ -77,6 +77,7 @@ int bpf_create_map_xattr(const struct bpf_create_map_attr *create_attr)
 {
 	__u32 name_len = create_attr->name ? strlen(create_attr->name) : 0;
 	union bpf_attr attr;
+	int ret;
 
 	memset(&attr, '\0', sizeof(attr));
 
@@ -94,7 +95,15 @@ int bpf_create_map_xattr(const struct bpf_create_map_attr *create_attr)
 	attr.map_ifindex = create_attr->map_ifindex;
 	attr.inner_map_fd = create_attr->inner_map_fd;
 
-	return sys_bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
+	ret = sys_bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
+	if (ret < 0 && errno == EINVAL && create_attr->name) {
+		/* Retry the same syscall, but without the name.
+		 * Pre v4.14 kernels don't support map names.
+		 */
+		memset(attr.map_name, 0, sizeof(attr.map_name));
+		return sys_bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
+	}
+	return ret;
 }
 
 int bpf_create_map_node(enum bpf_map_type map_type, const char *name,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 051/258] net/mlx5: EQ, Use the right place to store/read IRQ affinity hint
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (48 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 050/258] bpf: libbpf: retry map creation without the name Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 052/258] modpost: validate symbol names also in find_elf_symbol Sasha Levin
                   ` (206 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Saeed Mahameed, Leon Romanovsky, Sasha Levin, netdev, linux-rdma

From: Saeed Mahameed <saeedm@mellanox.com>

[ Upstream commit 1e86ace4c140fd5a693e266c9b23409358f25381 ]

Currently the cpu affinity hint mask for completion EQs is stored and
read from the wrong place, since reading and storing is done from the
same index, there is no actual issue with that, but internal irq_info
for completion EQs stars at MLX5_EQ_VEC_COMP_BASE offset in irq_info
array, this patch changes the code to use the correct offset to store
and read the IRQ affinity hint.

Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/mellanox/mlx5/core/en_main.c |  2 +-
 drivers/net/ethernet/mellanox/mlx5/core/main.c    | 14 ++++++++------
 include/linux/mlx5/driver.h                       |  2 +-
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
index 7365899c3ac9..944f21f99d43 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c
@@ -1758,7 +1758,7 @@ static void mlx5e_close_cq(struct mlx5e_cq *cq)
 
 static int mlx5e_get_cpu(struct mlx5e_priv *priv, int ix)
 {
-	return cpumask_first(priv->mdev->priv.irq_info[ix].mask);
+	return cpumask_first(priv->mdev->priv.irq_info[ix + MLX5_EQ_VEC_COMP_BASE].mask);
 }
 
 static int mlx5e_open_tx_cqs(struct mlx5e_channel *c,
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c
index b5e9f664fc66..563ce3fedab4 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -640,18 +640,19 @@ u64 mlx5_read_internal_timer(struct mlx5_core_dev *dev)
 static int mlx5_irq_set_affinity_hint(struct mlx5_core_dev *mdev, int i)
 {
 	struct mlx5_priv *priv  = &mdev->priv;
-	int irq = pci_irq_vector(mdev->pdev, MLX5_EQ_VEC_COMP_BASE + i);
+	int vecidx = MLX5_EQ_VEC_COMP_BASE + i;
+	int irq = pci_irq_vector(mdev->pdev, vecidx);
 
-	if (!zalloc_cpumask_var(&priv->irq_info[i].mask, GFP_KERNEL)) {
+	if (!zalloc_cpumask_var(&priv->irq_info[vecidx].mask, GFP_KERNEL)) {
 		mlx5_core_warn(mdev, "zalloc_cpumask_var failed");
 		return -ENOMEM;
 	}
 
 	cpumask_set_cpu(cpumask_local_spread(i, priv->numa_node),
-			priv->irq_info[i].mask);
+			priv->irq_info[vecidx].mask);
 
 	if (IS_ENABLED(CONFIG_SMP) &&
-	    irq_set_affinity_hint(irq, priv->irq_info[i].mask))
+	    irq_set_affinity_hint(irq, priv->irq_info[vecidx].mask))
 		mlx5_core_warn(mdev, "irq_set_affinity_hint failed, irq 0x%.4x", irq);
 
 	return 0;
@@ -659,11 +660,12 @@ static int mlx5_irq_set_affinity_hint(struct mlx5_core_dev *mdev, int i)
 
 static void mlx5_irq_clear_affinity_hint(struct mlx5_core_dev *mdev, int i)
 {
+	int vecidx = MLX5_EQ_VEC_COMP_BASE + i;
 	struct mlx5_priv *priv  = &mdev->priv;
-	int irq = pci_irq_vector(mdev->pdev, MLX5_EQ_VEC_COMP_BASE + i);
+	int irq = pci_irq_vector(mdev->pdev, vecidx);
 
 	irq_set_affinity_hint(irq, NULL);
-	free_cpumask_var(priv->irq_info[i].mask);
+	free_cpumask_var(priv->irq_info[vecidx].mask);
 }
 
 static int mlx5_irq_set_affinity_hints(struct mlx5_core_dev *mdev)
diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h
index 88a041b73abf..bbcfe2e5fd91 100644
--- a/include/linux/mlx5/driver.h
+++ b/include/linux/mlx5/driver.h
@@ -1321,7 +1321,7 @@ enum {
 static inline const struct cpumask *
 mlx5_get_vector_affinity_hint(struct mlx5_core_dev *dev, int vector)
 {
-	return dev->priv.irq_info[vector].mask;
+	return dev->priv.irq_info[vector + MLX5_EQ_VEC_COMP_BASE].mask;
 }
 
 #endif /* MLX5_DRIVER_H */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 052/258] modpost: validate symbol names also in find_elf_symbol
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (49 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 051/258] net/mlx5: EQ, Use the right place to store/read IRQ affinity hint Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 053/258] perf tools: Add Hygon Dhyana support Sasha Levin
                   ` (205 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sami Tolvanen, Masahiro Yamada, Sasha Levin, linux-kbuild

From: Sami Tolvanen <samitolvanen@google.com>

[ Upstream commit 5818c683a619c534c113e1f66d24f636defc29bc ]

If an ARM mapping symbol shares an address with a valid symbol,
find_elf_symbol can currently return the mapping symbol instead, as the
symbol is not validated. This can result in confusing warnings:

  WARNING: vmlinux.o(.text+0x18f4028): Section mismatch in reference
  from the function set_reset_devices() to the variable .init.text:$x.0

This change adds a call to is_valid_name to find_elf_symbol, similarly
to how it's already used in find_elf_symbol2.

Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 scripts/mod/modpost.c | 50 ++++++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
index 5a5b3780456f..5a77efd39b3f 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1204,6 +1204,30 @@ static int secref_whitelist(const struct sectioncheck *mismatch,
 	return 1;
 }
 
+static inline int is_arm_mapping_symbol(const char *str)
+{
+	return str[0] == '$' && strchr("axtd", str[1])
+	       && (str[2] == '\0' || str[2] == '.');
+}
+
+/*
+ * If there's no name there, ignore it; likewise, ignore it if it's
+ * one of the magic symbols emitted used by current ARM tools.
+ *
+ * Otherwise if find_symbols_between() returns those symbols, they'll
+ * fail the whitelist tests and cause lots of false alarms ... fixable
+ * only by merging __exit and __init sections into __text, bloating
+ * the kernel (which is especially evil on embedded platforms).
+ */
+static inline int is_valid_name(struct elf_info *elf, Elf_Sym *sym)
+{
+	const char *name = elf->strtab + sym->st_name;
+
+	if (!name || !strlen(name))
+		return 0;
+	return !is_arm_mapping_symbol(name);
+}
+
 /**
  * Find symbol based on relocation record info.
  * In some cases the symbol supplied is a valid symbol so
@@ -1229,6 +1253,8 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
 			continue;
 		if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
 			continue;
+		if (!is_valid_name(elf, sym))
+			continue;
 		if (sym->st_value == addr)
 			return sym;
 		/* Find a symbol nearby - addr are maybe negative */
@@ -1247,30 +1273,6 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
 		return NULL;
 }
 
-static inline int is_arm_mapping_symbol(const char *str)
-{
-	return str[0] == '$' && strchr("axtd", str[1])
-	       && (str[2] == '\0' || str[2] == '.');
-}
-
-/*
- * If there's no name there, ignore it; likewise, ignore it if it's
- * one of the magic symbols emitted used by current ARM tools.
- *
- * Otherwise if find_symbols_between() returns those symbols, they'll
- * fail the whitelist tests and cause lots of false alarms ... fixable
- * only by merging __exit and __init sections into __text, bloating
- * the kernel (which is especially evil on embedded platforms).
- */
-static inline int is_valid_name(struct elf_info *elf, Elf_Sym *sym)
-{
-	const char *name = elf->strtab + sym->st_name;
-
-	if (!name || !strlen(name))
-		return 0;
-	return !is_arm_mapping_symbol(name);
-}
-
 /*
  * Find symbols before or equal addr and after addr - in the section sec.
  * If we find two symbols with equal offset prefer one with a valid name.
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 053/258] perf tools: Add Hygon Dhyana support
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (50 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 052/258] modpost: validate symbol names also in find_elf_symbol Sasha Levin
@ 2019-01-28 15:55 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 054/258] soc/tegra: Don't leak device tree node reference Sasha Levin
                   ` (204 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:55 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Pu Wen, Alexander Shishkin, Jiri Olsa, Namhyung Kim,
	Peter Zijlstra, Thomas Gleixner, Arnaldo Carvalho de Melo,
	Sasha Levin

From: Pu Wen <puwen@hygon.cn>

[ Upstream commit 4787eff3fa88f62fede6ed7afa06477ae6bf984d ]

The tool perf is useful for the performance analysis on the Hygon Dhyana
platform. But right now there is no Hygon support for it to analyze the
KVM guest os data. So add Hygon Dhyana support to it by checking vendor
string to share the code path of AMD.

Signed-off-by: Pu Wen <puwen@hygon.cn>
Acked-by: Borislav Petkov <bp@suse.de>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1542008451-31735-1-git-send-email-puwen@hygon.cn
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/arch/x86/util/kvm-stat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/arch/x86/util/kvm-stat.c b/tools/perf/arch/x86/util/kvm-stat.c
index b32409a0e546..081353d7b095 100644
--- a/tools/perf/arch/x86/util/kvm-stat.c
+++ b/tools/perf/arch/x86/util/kvm-stat.c
@@ -156,7 +156,7 @@ int cpu_isa_init(struct perf_kvm_stat *kvm, const char *cpuid)
 	if (strstr(cpuid, "Intel")) {
 		kvm->exit_reasons = vmx_exit_reasons;
 		kvm->exit_reasons_isa = "VMX";
-	} else if (strstr(cpuid, "AMD")) {
+	} else if (strstr(cpuid, "AMD") || strstr(cpuid, "Hygon")) {
 		kvm->exit_reasons = svm_exit_reasons;
 		kvm->exit_reasons_isa = "SVM";
 	} else
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 054/258] soc/tegra: Don't leak device tree node reference
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (51 preceding siblings ...)
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 053/258] perf tools: Add Hygon Dhyana support Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 055/258] media: rc: ensure close() is called on rc_unregister_device Sasha Levin
                   ` (203 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Yangtao Li, Thierry Reding, Sasha Levin, linux-tegra

From: Yangtao Li <tiny.windzz@gmail.com>

[ Upstream commit 9eb40fa2cd2d1f6829e7b49bb22692f754b9cfe0 ]

of_find_node_by_path() acquires a reference to the node returned by it
and that reference needs to be dropped by its caller. soc_is_tegra()
doesn't do that, so fix it.

Signed-off-by: Yangtao Li <tiny.windzz@gmail.com>
Acked-by: Jon Hunter <jonathanh@nvidia.com>
[treding: slightly rewrite to avoid inline comparison]
Signed-off-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/soc/tegra/common.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/soc/tegra/common.c b/drivers/soc/tegra/common.c
index cd8f41351add..7bfb154d6fa5 100644
--- a/drivers/soc/tegra/common.c
+++ b/drivers/soc/tegra/common.c
@@ -22,11 +22,15 @@ static const struct of_device_id tegra_machine_match[] = {
 
 bool soc_is_tegra(void)
 {
+	const struct of_device_id *match;
 	struct device_node *root;
 
 	root = of_find_node_by_path("/");
 	if (!root)
 		return false;
 
-	return of_match_node(tegra_machine_match, root) != NULL;
+	match = of_match_node(tegra_machine_match, root);
+	of_node_put(root);
+
+	return match != NULL;
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 055/258] media: rc: ensure close() is called on rc_unregister_device
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (52 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 054/258] soc/tegra: Don't leak device tree node reference Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 056/258] media: video-i2c: avoid accessing released memory area when removing driver Sasha Levin
                   ` (202 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sean Young, Mauro Carvalho Chehab, Sasha Levin, linux-media

From: Sean Young <sean@mess.org>

[ Upstream commit 8e782fcf78275f505194e767c515202d4fd274bc ]

If userspace has an open file descriptor on the rc input device or lirc
device when rc_unregister_device() is called, then the rc close() is
never called.

This ensures that the receiver is turned off on the nuvoton-cir driver
during shutdown.

Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/rc/rc-main.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c
index 8b2c16dd58bd..0f218afdadaa 100644
--- a/drivers/media/rc/rc-main.c
+++ b/drivers/media/rc/rc-main.c
@@ -1956,6 +1956,8 @@ void rc_unregister_device(struct rc_dev *dev)
 	rc_free_rx_device(dev);
 
 	mutex_lock(&dev->lock);
+	if (dev->users && dev->close)
+		dev->close(dev);
 	dev->registered = false;
 	mutex_unlock(&dev->lock);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 056/258] media: video-i2c: avoid accessing released memory area when removing driver
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (53 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 055/258] media: rc: ensure close() is called on rc_unregister_device Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 057/258] media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() Sasha Levin
                   ` (201 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Akinobu Mita, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin,
	linux-media

From: Akinobu Mita <akinobu.mita@gmail.com>

[ Upstream commit c764da98a600a4b068d25c77164f092f159cecec ]

The video device release() callback for video-i2c driver frees the whole
struct video_i2c_data.  If there is no user left for the video device
when video_unregister_device() is called, the release callback is executed.

However, in video_i2c_remove() some fields (v4l2_dev, lock, and queue_lock)
in struct video_i2c_data are still accessed after video_unregister_device()
is called.

This fixes the use after free by moving the code from video_i2c_remove()
to the release() callback.

Fixes: 5cebaac60974 ("media: video-i2c: add video-i2c driver")

Reviewed-by: Matt Ranostay <matt.ranostay@konsulko.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/i2c/video-i2c.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/media/i2c/video-i2c.c b/drivers/media/i2c/video-i2c.c
index 06d29d8f6be8..f27d294dcbef 100644
--- a/drivers/media/i2c/video-i2c.c
+++ b/drivers/media/i2c/video-i2c.c
@@ -510,7 +510,12 @@ static const struct v4l2_ioctl_ops video_i2c_ioctl_ops = {
 
 static void video_i2c_release(struct video_device *vdev)
 {
-	kfree(video_get_drvdata(vdev));
+	struct video_i2c_data *data = video_get_drvdata(vdev);
+
+	v4l2_device_unregister(&data->v4l2_dev);
+	mutex_destroy(&data->lock);
+	mutex_destroy(&data->queue_lock);
+	kfree(data);
 }
 
 static int video_i2c_probe(struct i2c_client *client,
@@ -608,10 +613,6 @@ static int video_i2c_remove(struct i2c_client *client)
 	struct video_i2c_data *data = i2c_get_clientdata(client);
 
 	video_unregister_device(&data->vdev);
-	v4l2_device_unregister(&data->v4l2_dev);
-
-	mutex_destroy(&data->lock);
-	mutex_destroy(&data->queue_lock);
 
 	return 0;
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 057/258] media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (54 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 056/258] media: video-i2c: avoid accessing released memory area when removing driver Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 058/258] staging: erofs: fix the definition of DBG_BUGON Sasha Levin
                   ` (200 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexey Khoroshilov, Hans Verkuil, Mauro Carvalho Chehab,
	Sasha Levin, linux-media

From: Alexey Khoroshilov <khoroshilov@ispras.ru>

[ Upstream commit 8ea0f2ba0fa3f91ea1b8d823a54b042026ada6b3 ]

of_parse_phandle() returns the device node with refcount incremented.
There are two nodes that are used temporary in mtk_vcodec_init_enc_pm(),
but their refcounts are not decremented.

The patch adds one of_node_put() and fixes returning error codes.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_pm.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_pm.c b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_pm.c
index 3e73e9db781f..7c025045ea90 100644
--- a/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_pm.c
+++ b/drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_pm.c
@@ -41,25 +41,27 @@ int mtk_vcodec_init_enc_pm(struct mtk_vcodec_dev *mtkdev)
 	node = of_parse_phandle(dev->of_node, "mediatek,larb", 0);
 	if (!node) {
 		mtk_v4l2_err("no mediatek,larb found");
-		return -1;
+		return -ENODEV;
 	}
 	pdev = of_find_device_by_node(node);
+	of_node_put(node);
 	if (!pdev) {
 		mtk_v4l2_err("no mediatek,larb device found");
-		return -1;
+		return -ENODEV;
 	}
 	pm->larbvenc = &pdev->dev;
 
 	node = of_parse_phandle(dev->of_node, "mediatek,larb", 1);
 	if (!node) {
 		mtk_v4l2_err("no mediatek,larb found");
-		return -1;
+		return -ENODEV;
 	}
 
 	pdev = of_find_device_by_node(node);
+	of_node_put(node);
 	if (!pdev) {
 		mtk_v4l2_err("no mediatek,larb device found");
-		return -1;
+		return -ENODEV;
 	}
 
 	pm->larbvenclt = &pdev->dev;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 058/258] staging: erofs: fix the definition of DBG_BUGON
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (55 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 057/258] media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 059/258] x86/resctrl: Fixup the user-visible strings Sasha Levin
                   ` (199 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Gao Xiang, Greg Kroah-Hartman, Sasha Levin, linux-erofs, devel

From: Gao Xiang <gaoxiang25@huawei.com>

[ Upstream commit eef168789866514e5d4316f030131c9fe65b643f ]

It's better not to positively BUG_ON the kernel, however developers
need a way to locate issues as soon as possible.

DBG_BUGON is introduced and it could only crash when EROFS_FS_DEBUG
(EROFS developping feature) is on. It is helpful for developers
to find and solve bugs quickly by eng builds.

Previously, DBG_BUGON is defined as ((void)0) if EROFS_FS_DEBUG is off,
but some unused variable warnings as follows could occur:

drivers/staging/erofs/unzip_vle.c: In function `init_alway:':
drivers/staging/erofs/unzip_vle.c:61:33: warning: unused variable `work' [-Wunused-variable]
  struct z_erofs_vle_work *const work =
                                 ^~~~

Fix it to #define DBG_BUGON(x) ((void)(x)).

Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/erofs/internal.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/staging/erofs/internal.h b/drivers/staging/erofs/internal.h
index 367b39fe46e5..e6313c54e3ad 100644
--- a/drivers/staging/erofs/internal.h
+++ b/drivers/staging/erofs/internal.h
@@ -39,7 +39,7 @@
 #define debugln(x, ...)         ((void)0)
 
 #define dbg_might_sleep()       ((void)0)
-#define DBG_BUGON(...)          ((void)0)
+#define DBG_BUGON(x)            ((void)(x))
 #endif
 
 #ifdef CONFIG_EROFS_FAULT_INJECTION
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 059/258] x86/resctrl: Fixup the user-visible strings
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (56 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 058/258] staging: erofs: fix the definition of DBG_BUGON Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 19:07   ` Reinette Chatre
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 060/258] clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel Sasha Levin
                   ` (198 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Babu Moger, Babu Moger, Borislav Petkov, Andrew Morton,
	Andy Lutomirski, Arnd Bergmann, Brijesh Singh, Chang S. Bae,
	David Miller, David Woodhouse, Dmitry Safonov, Fenghua Yu,
	Greg Kroah-Hartman, H. Peter Anvin, Ingo Molnar, Jann Horn,
	Joerg Roedel, Jonathan Corbet, Josh Poimboeuf, Kate Stewart,
	Kirill A. Shutemov, linux-doc, Mauro Carvalho Chehab,
	Paolo Bonzini, Peter Zijlstra, Philippe Ombredanne, Pu Wen,
	qianyue.zj, Rafael J. Wysocki, Reinette Chatre, Rian Hunter,
	Sherry Hurwitz, Suravee Suthikulpanit, Thomas Gleixner,
	Thomas Lendacky, Tony Luck, Vitaly Kuznetsov, xiaochen.shen,
	Sasha Levin

From: Babu Moger <Babu.Moger@amd.com>

[ Upstream commit 723f1a0dd8e26a7523ba068204bee11c95ded38d ]

Fix the messages in rdt_last_cmd_printf() and rdt_last_cmd_puts() to
make them more meaningful and consistent.

 [ bp: s/cpu/CPU/; s/mem\W/memory ]

Signed-off-by: Babu Moger <babu.moger@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: "Chang S. Bae" <chang.seok.bae@intel.com>
Cc: David Miller <davem@davemloft.net>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Dmitry Safonov <dima@arista.com>
Cc: Fenghua Yu <fenghua.yu@intel.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Cc: <linux-doc@vger.kernel.org>
Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Cc: Pu Wen <puwen@hygon.cn>
Cc: <qianyue.zj@alibaba-inc.com>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: Reinette Chatre <reinette.chatre@intel.com>
Cc: Rian Hunter <rian@alum.mit.edu>
Cc: Sherry Hurwitz <sherry.hurwitz@amd.com>
Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Thomas Lendacky <Thomas.Lendacky@amd.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: <xiaochen.shen@intel.com>
Link: https://lkml.kernel.org/r/20181121202811.4492-11-babu.moger@amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c | 22 ++++++-------
 arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c | 34 +++++++++----------
 arch/x86/kernel/cpu/intel_rdt_rdtgroup.c    | 36 ++++++++++-----------
 3 files changed, 46 insertions(+), 46 deletions(-)

diff --git a/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c b/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
index 627e5c809b33..79d099538f2e 100644
--- a/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
+++ b/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
@@ -71,7 +71,7 @@ int parse_bw(struct rdt_parse_data *data, struct rdt_resource *r,
 	unsigned long bw_val;
 
 	if (d->have_new_ctrl) {
-		rdt_last_cmd_printf("duplicate domain %d\n", d->id);
+		rdt_last_cmd_printf("Duplicate domain %d\n", d->id);
 		return -EINVAL;
 	}
 
@@ -97,12 +97,12 @@ static bool cbm_validate(char *buf, u32 *data, struct rdt_resource *r)
 
 	ret = kstrtoul(buf, 16, &val);
 	if (ret) {
-		rdt_last_cmd_printf("non-hex character in mask %s\n", buf);
+		rdt_last_cmd_printf("Non-hex character in the mask %s\n", buf);
 		return false;
 	}
 
 	if (val == 0 || val > r->default_ctrl) {
-		rdt_last_cmd_puts("mask out of range\n");
+		rdt_last_cmd_puts("Mask out of range\n");
 		return false;
 	}
 
@@ -110,12 +110,12 @@ static bool cbm_validate(char *buf, u32 *data, struct rdt_resource *r)
 	zero_bit = find_next_zero_bit(&val, cbm_len, first_bit);
 
 	if (find_next_bit(&val, cbm_len, zero_bit) < cbm_len) {
-		rdt_last_cmd_printf("mask %lx has non-consecutive 1-bits\n", val);
+		rdt_last_cmd_printf("The mask %lx has non-consecutive 1-bits\n", val);
 		return false;
 	}
 
 	if ((zero_bit - first_bit) < r->cache.min_cbm_bits) {
-		rdt_last_cmd_printf("Need at least %d bits in mask\n",
+		rdt_last_cmd_printf("Need at least %d bits in the mask\n",
 				    r->cache.min_cbm_bits);
 		return false;
 	}
@@ -135,7 +135,7 @@ int parse_cbm(struct rdt_parse_data *data, struct rdt_resource *r,
 	u32 cbm_val;
 
 	if (d->have_new_ctrl) {
-		rdt_last_cmd_printf("duplicate domain %d\n", d->id);
+		rdt_last_cmd_printf("Duplicate domain %d\n", d->id);
 		return -EINVAL;
 	}
 
@@ -145,7 +145,7 @@ int parse_cbm(struct rdt_parse_data *data, struct rdt_resource *r,
 	 */
 	if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP &&
 	    rdtgroup_pseudo_locked_in_hierarchy(d)) {
-		rdt_last_cmd_printf("pseudo-locked region in hierarchy\n");
+		rdt_last_cmd_printf("Pseudo-locked region in hierarchy\n");
 		return -EINVAL;
 	}
 
@@ -164,14 +164,14 @@ int parse_cbm(struct rdt_parse_data *data, struct rdt_resource *r,
 	 * either is exclusive.
 	 */
 	if (rdtgroup_cbm_overlaps(r, d, cbm_val, rdtgrp->closid, true)) {
-		rdt_last_cmd_printf("overlaps with exclusive group\n");
+		rdt_last_cmd_printf("Overlaps with exclusive group\n");
 		return -EINVAL;
 	}
 
 	if (rdtgroup_cbm_overlaps(r, d, cbm_val, rdtgrp->closid, false)) {
 		if (rdtgrp->mode == RDT_MODE_EXCLUSIVE ||
 		    rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP) {
-			rdt_last_cmd_printf("overlaps with other group\n");
+			rdt_last_cmd_printf("0verlaps with other group\n");
 			return -EINVAL;
 		}
 	}
@@ -293,7 +293,7 @@ static int rdtgroup_parse_resource(char *resname, char *tok,
 		if (!strcmp(resname, r->name) && rdtgrp->closid < r->num_closid)
 			return parse_line(tok, r, rdtgrp);
 	}
-	rdt_last_cmd_printf("unknown/unsupported resource name '%s'\n", resname);
+	rdt_last_cmd_printf("Unknown or unsupported resource name '%s'\n", resname);
 	return -EINVAL;
 }
 
@@ -326,7 +326,7 @@ ssize_t rdtgroup_schemata_write(struct kernfs_open_file *of,
 	 */
 	if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) {
 		ret = -EINVAL;
-		rdt_last_cmd_puts("resource group is pseudo-locked\n");
+		rdt_last_cmd_puts("Resource group is pseudo-locked\n");
 		goto out;
 	}
 
diff --git a/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c b/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
index f8c260d522ca..caa680fb5680 100644
--- a/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
+++ b/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
@@ -221,7 +221,7 @@ static int pseudo_lock_cstates_constrain(struct pseudo_lock_region *plr)
 	for_each_cpu(cpu, &plr->d->cpu_mask) {
 		pm_req = kzalloc(sizeof(*pm_req), GFP_KERNEL);
 		if (!pm_req) {
-			rdt_last_cmd_puts("fail allocating mem for PM QoS\n");
+			rdt_last_cmd_puts("Failure to allocate memory for PM QoS\n");
 			ret = -ENOMEM;
 			goto out_err;
 		}
@@ -230,7 +230,7 @@ static int pseudo_lock_cstates_constrain(struct pseudo_lock_region *plr)
 					     DEV_PM_QOS_RESUME_LATENCY,
 					     30);
 		if (ret < 0) {
-			rdt_last_cmd_printf("fail to add latency req cpu%d\n",
+			rdt_last_cmd_printf("Failed to add latency req CPU%d\n",
 					    cpu);
 			kfree(pm_req);
 			ret = -1;
@@ -297,7 +297,7 @@ static int pseudo_lock_region_init(struct pseudo_lock_region *plr)
 	plr->cpu = cpumask_first(&plr->d->cpu_mask);
 
 	if (!cpu_online(plr->cpu)) {
-		rdt_last_cmd_printf("cpu %u associated with cache not online\n",
+		rdt_last_cmd_printf("CPU %u associated with cache not online\n",
 				    plr->cpu);
 		ret = -ENODEV;
 		goto out_region;
@@ -315,7 +315,7 @@ static int pseudo_lock_region_init(struct pseudo_lock_region *plr)
 	}
 
 	ret = -1;
-	rdt_last_cmd_puts("unable to determine cache line size\n");
+	rdt_last_cmd_puts("Unable to determine cache line size\n");
 out_region:
 	pseudo_lock_region_clear(plr);
 	return ret;
@@ -369,14 +369,14 @@ static int pseudo_lock_region_alloc(struct pseudo_lock_region *plr)
 	 * KMALLOC_MAX_SIZE.
 	 */
 	if (plr->size > KMALLOC_MAX_SIZE) {
-		rdt_last_cmd_puts("requested region exceeds maximum size\n");
+		rdt_last_cmd_puts("Requested region exceeds maximum size\n");
 		ret = -E2BIG;
 		goto out_region;
 	}
 
 	plr->kmem = kzalloc(plr->size, GFP_KERNEL);
 	if (!plr->kmem) {
-		rdt_last_cmd_puts("unable to allocate memory\n");
+		rdt_last_cmd_puts("Unable to allocate memory\n");
 		ret = -ENOMEM;
 		goto out_region;
 	}
@@ -673,7 +673,7 @@ int rdtgroup_locksetup_enter(struct rdtgroup *rdtgrp)
 	 * default closid associated with it.
 	 */
 	if (rdtgrp == &rdtgroup_default) {
-		rdt_last_cmd_puts("cannot pseudo-lock default group\n");
+		rdt_last_cmd_puts("Cannot pseudo-lock default group\n");
 		return -EINVAL;
 	}
 
@@ -715,17 +715,17 @@ int rdtgroup_locksetup_enter(struct rdtgroup *rdtgrp)
 	 */
 	prefetch_disable_bits = get_prefetch_disable_bits();
 	if (prefetch_disable_bits == 0) {
-		rdt_last_cmd_puts("pseudo-locking not supported\n");
+		rdt_last_cmd_puts("Pseudo-locking not supported\n");
 		return -EINVAL;
 	}
 
 	if (rdtgroup_monitor_in_progress(rdtgrp)) {
-		rdt_last_cmd_puts("monitoring in progress\n");
+		rdt_last_cmd_puts("Monitoring in progress\n");
 		return -EINVAL;
 	}
 
 	if (rdtgroup_tasks_assigned(rdtgrp)) {
-		rdt_last_cmd_puts("tasks assigned to resource group\n");
+		rdt_last_cmd_puts("Tasks assigned to resource group\n");
 		return -EINVAL;
 	}
 
@@ -735,13 +735,13 @@ int rdtgroup_locksetup_enter(struct rdtgroup *rdtgrp)
 	}
 
 	if (rdtgroup_locksetup_user_restrict(rdtgrp)) {
-		rdt_last_cmd_puts("unable to modify resctrl permissions\n");
+		rdt_last_cmd_puts("Unable to modify resctrl permissions\n");
 		return -EIO;
 	}
 
 	ret = pseudo_lock_init(rdtgrp);
 	if (ret) {
-		rdt_last_cmd_puts("unable to init pseudo-lock region\n");
+		rdt_last_cmd_puts("Unable to init pseudo-lock region\n");
 		goto out_release;
 	}
 
@@ -778,7 +778,7 @@ int rdtgroup_locksetup_exit(struct rdtgroup *rdtgrp)
 	if (rdt_mon_capable) {
 		ret = alloc_rmid();
 		if (ret < 0) {
-			rdt_last_cmd_puts("out of RMIDs\n");
+			rdt_last_cmd_puts("Out of RMIDs\n");
 			return ret;
 		}
 		rdtgrp->mon.rmid = ret;
@@ -1234,7 +1234,7 @@ int rdtgroup_pseudo_lock_create(struct rdtgroup *rdtgrp)
 					"pseudo_lock/%u", plr->cpu);
 	if (IS_ERR(thread)) {
 		ret = PTR_ERR(thread);
-		rdt_last_cmd_printf("locking thread returned error %d\n", ret);
+		rdt_last_cmd_printf("Locking thread returned error %d\n", ret);
 		goto out_cstates;
 	}
 
@@ -1252,13 +1252,13 @@ int rdtgroup_pseudo_lock_create(struct rdtgroup *rdtgrp)
 		 * the cleared, but not freed, plr struct resulting in an
 		 * empty pseudo-locking loop.
 		 */
-		rdt_last_cmd_puts("locking thread interrupted\n");
+		rdt_last_cmd_puts("Locking thread interrupted\n");
 		goto out_cstates;
 	}
 
 	ret = pseudo_lock_minor_get(&new_minor);
 	if (ret < 0) {
-		rdt_last_cmd_puts("unable to obtain a new minor number\n");
+		rdt_last_cmd_puts("Unable to obtain a new minor number\n");
 		goto out_cstates;
 	}
 
@@ -1290,7 +1290,7 @@ int rdtgroup_pseudo_lock_create(struct rdtgroup *rdtgrp)
 
 	if (IS_ERR(dev)) {
 		ret = PTR_ERR(dev);
-		rdt_last_cmd_printf("failed to create character device: %d\n",
+		rdt_last_cmd_printf("Failed to create character device: %d\n",
 				    ret);
 		goto out_debugfs;
 	}
diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
index 643670fb8943..49ebefde9349 100644
--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
+++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
@@ -335,7 +335,7 @@ static int cpus_mon_write(struct rdtgroup *rdtgrp, cpumask_var_t newmask,
 	/* Check whether cpus belong to parent ctrl group */
 	cpumask_andnot(tmpmask, newmask, &prgrp->cpu_mask);
 	if (cpumask_weight(tmpmask)) {
-		rdt_last_cmd_puts("can only add CPUs to mongroup that belong to parent\n");
+		rdt_last_cmd_puts("Can only add CPUs to mongroup that belong to parent\n");
 		return -EINVAL;
 	}
 
@@ -460,14 +460,14 @@ static ssize_t rdtgroup_cpus_write(struct kernfs_open_file *of,
 	rdt_last_cmd_clear();
 	if (!rdtgrp) {
 		ret = -ENOENT;
-		rdt_last_cmd_puts("directory was removed\n");
+		rdt_last_cmd_puts("Directory was removed\n");
 		goto unlock;
 	}
 
 	if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED ||
 	    rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP) {
 		ret = -EINVAL;
-		rdt_last_cmd_puts("pseudo-locking in progress\n");
+		rdt_last_cmd_puts("Pseudo-locking in progress\n");
 		goto unlock;
 	}
 
@@ -477,7 +477,7 @@ static ssize_t rdtgroup_cpus_write(struct kernfs_open_file *of,
 		ret = cpumask_parse(buf, newmask);
 
 	if (ret) {
-		rdt_last_cmd_puts("bad cpu list/mask\n");
+		rdt_last_cmd_puts("Bad CPU list/mask\n");
 		goto unlock;
 	}
 
@@ -485,7 +485,7 @@ static ssize_t rdtgroup_cpus_write(struct kernfs_open_file *of,
 	cpumask_andnot(tmpmask, newmask, cpu_online_mask);
 	if (cpumask_weight(tmpmask)) {
 		ret = -EINVAL;
-		rdt_last_cmd_puts("can only assign online cpus\n");
+		rdt_last_cmd_puts("Can only assign online CPUs\n");
 		goto unlock;
 	}
 
@@ -564,7 +564,7 @@ static int __rdtgroup_move_task(struct task_struct *tsk,
 		 */
 		atomic_dec(&rdtgrp->waitcount);
 		kfree(callback);
-		rdt_last_cmd_puts("task exited\n");
+		rdt_last_cmd_puts("Task exited\n");
 	} else {
 		/*
 		 * For ctrl_mon groups move both closid and rmid.
@@ -682,7 +682,7 @@ static ssize_t rdtgroup_tasks_write(struct kernfs_open_file *of,
 	if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED ||
 	    rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP) {
 		ret = -EINVAL;
-		rdt_last_cmd_puts("pseudo-locking in progress\n");
+		rdt_last_cmd_puts("Pseudo-locking in progress\n");
 		goto unlock;
 	}
 
@@ -1042,14 +1042,14 @@ static bool rdtgroup_mode_test_exclusive(struct rdtgroup *rdtgrp)
 		list_for_each_entry(d, &r->domains, list) {
 			if (rdtgroup_cbm_overlaps(r, d, d->ctrl_val[closid],
 						  rdtgrp->closid, false)) {
-				rdt_last_cmd_puts("schemata overlaps\n");
+				rdt_last_cmd_puts("Schemata overlaps\n");
 				return false;
 			}
 		}
 	}
 
 	if (!has_cache) {
-		rdt_last_cmd_puts("cannot be exclusive without CAT/CDP\n");
+		rdt_last_cmd_puts("Cannot be exclusive without CAT/CDP\n");
 		return false;
 	}
 
@@ -1090,7 +1090,7 @@ static ssize_t rdtgroup_mode_write(struct kernfs_open_file *of,
 		goto out;
 
 	if (mode == RDT_MODE_PSEUDO_LOCKED) {
-		rdt_last_cmd_printf("cannot change pseudo-locked group\n");
+		rdt_last_cmd_printf("Cannot change pseudo-locked group\n");
 		ret = -EINVAL;
 		goto out;
 	}
@@ -1119,7 +1119,7 @@ static ssize_t rdtgroup_mode_write(struct kernfs_open_file *of,
 			goto out;
 		rdtgrp->mode = RDT_MODE_PSEUDO_LOCKSETUP;
 	} else {
-		rdt_last_cmd_printf("unknown/unsupported mode\n");
+		rdt_last_cmd_printf("Unknown orunsupported mode\n");
 		ret = -EINVAL;
 	}
 
@@ -2403,7 +2403,7 @@ static int rdtgroup_init_alloc(struct rdtgroup *rdtgrp)
 			tmp_cbm = d->new_ctrl;
 			if (bitmap_weight(&tmp_cbm, r->cache.cbm_len) <
 			    r->cache.min_cbm_bits) {
-				rdt_last_cmd_printf("no space on %s:%d\n",
+				rdt_last_cmd_printf("No space on %s:%d\n",
 						    r->name, d->id);
 				return -ENOSPC;
 			}
@@ -2420,7 +2420,7 @@ static int rdtgroup_init_alloc(struct rdtgroup *rdtgrp)
 			continue;
 		ret = update_domains(r, rdtgrp->closid);
 		if (ret < 0) {
-			rdt_last_cmd_puts("failed to initialize allocations\n");
+			rdt_last_cmd_puts("Failed to initialize allocations\n");
 			return ret;
 		}
 		rdtgrp->mode = RDT_MODE_SHAREABLE;
@@ -2443,7 +2443,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
 	rdt_last_cmd_clear();
 	if (!prdtgrp) {
 		ret = -ENODEV;
-		rdt_last_cmd_puts("directory was removed\n");
+		rdt_last_cmd_puts("Directory was removed\n");
 		goto out_unlock;
 	}
 
@@ -2451,7 +2451,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
 	    (prdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP ||
 	     prdtgrp->mode == RDT_MODE_PSEUDO_LOCKED)) {
 		ret = -EINVAL;
-		rdt_last_cmd_puts("pseudo-locking in progress\n");
+		rdt_last_cmd_puts("Pseudo-locking in progress\n");
 		goto out_unlock;
 	}
 
@@ -2459,7 +2459,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
 	rdtgrp = kzalloc(sizeof(*rdtgrp), GFP_KERNEL);
 	if (!rdtgrp) {
 		ret = -ENOSPC;
-		rdt_last_cmd_puts("kernel out of memory\n");
+		rdt_last_cmd_puts("Kernel out of memory\n");
 		goto out_unlock;
 	}
 	*r = rdtgrp;
@@ -2500,7 +2500,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
 	if (rdt_mon_capable) {
 		ret = alloc_rmid();
 		if (ret < 0) {
-			rdt_last_cmd_puts("out of RMIDs\n");
+			rdt_last_cmd_puts("Out of RMIDs\n");
 			goto out_destroy;
 		}
 		rdtgrp->mon.rmid = ret;
@@ -2588,7 +2588,7 @@ static int rdtgroup_mkdir_ctrl_mon(struct kernfs_node *parent_kn,
 	kn = rdtgrp->kn;
 	ret = closid_alloc();
 	if (ret < 0) {
-		rdt_last_cmd_puts("out of CLOSIDs\n");
+		rdt_last_cmd_puts("Out of CLOSIDs\n");
 		goto out_common_fail;
 	}
 	closid = ret;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 060/258] clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (57 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 059/258] x86/resctrl: Fixup the user-visible strings Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 061/258] clk: meson: meson8b: fix the width of the cpu_scale_div clock Sasha Levin
                   ` (197 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Martin Blumenstingl, Neil Armstrong, Sasha Levin, linux-amlogic,
	linux-clk

From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

[ Upstream commit a5ac1ead32c9aac285f6436e09b4f6111996e9b8 ]

The cpu_div3 clock (cpu_in divided by 3) generates a signal with a duty
cycle of 33%. The CPU clock however requires a clock signal with a duty
cycle of 50% to run stable.
cpu_div3 was observed to be problematic when cycling through all
available CPU frequencies (with additional patches on top of this one)
while running "stress --cpu 4" in the background. This caused sporadic
hangs where the whole system would fully lock up.

Amlogic's 3.10 kernel code also does not use the cpu_div3 clock either
when changing the CPU clock.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reviewed-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lkml.kernel.org/r/20181115224048.13511-3-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/clk/meson/meson8b.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/clk/meson/meson8b.c b/drivers/clk/meson/meson8b.c
index 50060e895e7a..580a86d120e8 100644
--- a/drivers/clk/meson/meson8b.c
+++ b/drivers/clk/meson/meson8b.c
@@ -596,20 +596,27 @@ static struct clk_regmap meson8b_cpu_scale_div = {
 	},
 };
 
+static u32 mux_table_cpu_scale_out_sel[] = { 0, 1, 3 };
 static struct clk_regmap meson8b_cpu_scale_out_sel = {
 	.data = &(struct clk_regmap_mux_data){
 		.offset = HHI_SYS_CPU_CLK_CNTL0,
 		.mask = 0x3,
 		.shift = 2,
+		.table = mux_table_cpu_scale_out_sel,
 	},
 	.hw.init = &(struct clk_init_data){
 		.name = "cpu_scale_out_sel",
 		.ops = &clk_regmap_mux_ro_ops,
+		/*
+		 * NOTE: We are skipping the parent with value 0x2 (which is
+		 * "cpu_div3") because it results in a duty cycle of 33% which
+		 * makes the system unstable and can result in a lockup of the
+		 * whole system.
+		 */
 		.parent_names = (const char *[]) { "cpu_in_sel",
 						   "cpu_div2",
-						   "cpu_div3",
 						   "cpu_scale_div" },
-		.num_parents = 4,
+		.num_parents = 3,
 		.flags = CLK_SET_RATE_PARENT,
 	},
 };
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 061/258] clk: meson: meson8b: fix the width of the cpu_scale_div clock
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (58 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 060/258] clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 062/258] clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL Sasha Levin
                   ` (196 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Martin Blumenstingl, Neil Armstrong, Sasha Levin, linux-amlogic,
	linux-clk

From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

[ Upstream commit a8662eadd1032018f31e37deda811790b2326662 ]

According to the public S805 datasheet HHI_SYS_CPU_CLK_CNTL1[29:20] is
the register for the CPU scale_div clock. This matches the code in
Amlogic's 3.10 GPL kernel sources:
N = (aml_read_reg32(P_HHI_SYS_CPU_CLK_CNTL1) >> 20) & 0x3FF;

This means that the divider register is 10 bit wide instead of 9 bits.
So far this is not a problem since all u-boot versions I have seen are
not using the cpu_scale_div clock at all (instead they are configuring
the CPU clock to run off cpu_in_sel directly).

The fixes tag points to the latest rework of the CPU clocks. However,
even before the rework it was wrong. Commit 7a29a869434e8b ("clk: meson:
Add support for Meson clock controller") defines MESON_N_WIDTH as 9 (in
drivers/clk/meson/clk-cpu.c). But since the old clk-cpu implementation
this only carries the fixes tag for the CPU clock rewordk.

Fixes: 251b6fd38bcb9c ("clk: meson: rework meson8b cpu clock")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lkml.kernel.org/r/20180927085921.24627-3-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/clk/meson/meson8b.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/clk/meson/meson8b.c b/drivers/clk/meson/meson8b.c
index 580a86d120e8..0da8334f2e43 100644
--- a/drivers/clk/meson/meson8b.c
+++ b/drivers/clk/meson/meson8b.c
@@ -583,7 +583,7 @@ static struct clk_regmap meson8b_cpu_scale_div = {
 	.data = &(struct clk_regmap_div_data){
 		.offset =  HHI_SYS_CPU_CLK_CNTL1,
 		.shift = 20,
-		.width = 9,
+		.width = 10,
 		.table = cpu_scale_table,
 		.flags = CLK_DIVIDER_ALLOW_ZERO,
 	},
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 062/258] clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (59 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 061/258] clk: meson: meson8b: fix the width of the cpu_scale_div clock Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 063/258] ptp: Fix pass zero to ERR_PTR() in ptp_clock_register Sasha Levin
                   ` (195 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Martin Blumenstingl, Neil Armstrong, Sasha Levin, linux-amlogic,
	linux-clk

From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

[ Upstream commit 0dad1ec65bc30a549aba38d34a727309bbf41bc8 ]

We don't want the common clock framework to disable the "cpu_clk" if
it's not used by any device. The cpufreq-dt driver does not enable the
CPU clocks. However, even if it would we would still want the CPU clock
to be enabled at all times because the CPU clock is also required even
if we disable CPU frequency scaling on a specific board.

The reason why we want the CPU clock to be enabled is a clock further up
in the tree:
Since commit 6f888e7bc7bd58 ("clk: meson: clk-pll: add enable bit") the
sys_pll can be disabled. However, since the CPU clock is derived from
sys_pll we don't want sys_pll to get disabled. The common clock
framework takes care of that for us by enabling all parent clocks of our
CPU clock when we mark the CPU clock with CLK_IS_CRITICAL.

Until now this is not a problem yet because all clocks in the CPU
clock's tree (including sys_pll) are read-only. However, once we allow
modifications to the clocks in that tree we will need this.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Acked-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Link: https://lkml.kernel.org/r/20181115224048.13511-4-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/clk/meson/meson8b.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/clk/meson/meson8b.c b/drivers/clk/meson/meson8b.c
index 0da8334f2e43..9d79ff857d83 100644
--- a/drivers/clk/meson/meson8b.c
+++ b/drivers/clk/meson/meson8b.c
@@ -634,7 +634,8 @@ static struct clk_regmap meson8b_cpu_clk = {
 						  "cpu_scale_out_sel" },
 		.num_parents = 2,
 		.flags = (CLK_SET_RATE_PARENT |
-			  CLK_SET_RATE_NO_REPARENT),
+			  CLK_SET_RATE_NO_REPARENT |
+			  CLK_IS_CRITICAL),
 	},
 };
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 063/258] ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (60 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 062/258] clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 064/258] dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll Sasha Levin
                   ` (194 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: YueHaibing, David S . Miller, Sasha Levin, netdev

From: YueHaibing <yuehaibing@huawei.com>

[ Upstream commit aea0a897af9e44c258e8ab9296fad417f1bc063a ]

Fix smatch warning:

drivers/ptp/ptp_clock.c:298 ptp_clock_register() warn:
 passing zero to 'ERR_PTR'

'err' should be set while device_create_with_groups and
pps_register_source fails

Fixes: 85a66e550195 ("ptp: create "pins" together with the rest of attributes")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/ptp/ptp_clock.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/ptp/ptp_clock.c b/drivers/ptp/ptp_clock.c
index 7eacc1c4b3b1..c64903a5978f 100644
--- a/drivers/ptp/ptp_clock.c
+++ b/drivers/ptp/ptp_clock.c
@@ -253,8 +253,10 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
 	ptp->dev = device_create_with_groups(ptp_class, parent, ptp->devid,
 					     ptp, ptp->pin_attr_groups,
 					     "ptp%d", ptp->index);
-	if (IS_ERR(ptp->dev))
+	if (IS_ERR(ptp->dev)) {
+		err = PTR_ERR(ptp->dev);
 		goto no_device;
+	}
 
 	/* Register a new PPS source. */
 	if (info->pps) {
@@ -265,6 +267,7 @@ struct ptp_clock *ptp_clock_register(struct ptp_clock_info *info,
 		pps.owner = info->owner;
 		ptp->pps_source = pps_register_source(&pps, PTP_PPS_DEFAULTS);
 		if (!ptp->pps_source) {
+			err = -EINVAL;
 			pr_err("failed to register pps source\n");
 			goto no_pps;
 		}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 064/258] dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (61 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 063/258] ptp: Fix pass zero to ERR_PTR() in ptp_clock_register Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 065/258] powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly Sasha Levin
                   ` (193 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nathan Chancellor, Vinod Koul, Sasha Levin, dmaengine

From: Nathan Chancellor <natechancellor@gmail.com>

[ Upstream commit aeaebcc17cdf37065d2693865eeb1ff1c7dc5bf3 ]

Clang warns:

drivers/dma/xilinx/zynqmp_dma.c:166:4: warning: attribute 'aligned' is
ignored, place it after "struct" to apply attribute to type declaration
[-Wignored-attributes]
}; __aligned(64)
   ^
./include/linux/compiler_types.h:200:38: note: expanded from macro
'__aligned'
                                               ^
1 warning generated.

As Nick pointed out in the previous version of this patch, the author
likely intended for this struct to be 8-byte (64-bit) aligned, not
64-byte, which is the default. Remove the hanging __aligned attribute.

Fixes: b0cc417c1637 ("dmaengine: Add Xilinx zynqmp dma engine driver support")
Reported-by: Nick Desaulniers <ndesaulniers@google.com>
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Vinod Koul <vkoul@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/dma/xilinx/zynqmp_dma.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c
index c74a88b65039..73de6a6179fc 100644
--- a/drivers/dma/xilinx/zynqmp_dma.c
+++ b/drivers/dma/xilinx/zynqmp_dma.c
@@ -163,7 +163,7 @@ struct zynqmp_dma_desc_ll {
 	u32 ctrl;
 	u64 nxtdscraddr;
 	u64 rsvd;
-}; __aligned(64)
+};
 
 /**
  * struct zynqmp_dma_desc_sw - Per Transaction structure
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 065/258] powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (62 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 064/258] dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 066/258] iio: adc: meson-saradc: check for devm_kasprintf failure Sasha Levin
                   ` (192 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Mathieu Malaterre, Michael Ellerman, Sasha Levin, linuxppc-dev

From: Mathieu Malaterre <malat@debian.org>

[ Upstream commit beba24ac59133cb36ecd03f9af9ccb11971ee20e ]

When both `CONFIG_LD_DEAD_CODE_DATA_ELIMINATION=y` and `CONFIG_UBSAN=y`
are set, link step typically produce numberous warnings about orphan
section:

  + powerpc-linux-gnu-ld -EB -m elf32ppc -Bstatic --orphan-handling=warn --build-id --gc-sections -X -o .tmp_vmlinux1 -T ./arch/powerpc/kernel/vmlinux.lds --who
  le-archive built-in.a --no-whole-archive --start-group lib/lib.a --end-group
  powerpc-linux-gnu-ld: warning: orphan section `.data..Lubsan_data393' from `init/main.o' being placed in section `.data..Lubsan_data393'.
  powerpc-linux-gnu-ld: warning: orphan section `.data..Lubsan_data394' from `init/main.o' being placed in section `.data..Lubsan_data394'.
  ...
  powerpc-linux-gnu-ld: warning: orphan section `.data..Lubsan_type11' from `init/main.o' being placed in section `.data..Lubsan_type11'.
  powerpc-linux-gnu-ld: warning: orphan section `.data..Lubsan_type12' from `init/main.o' being placed in section `.data..Lubsan_type12'.
  ...

This commit remove those warnings produced at W=1.

Link: https://www.mail-archive.com/linuxppc-dev@lists.ozlabs.org/msg135407.html
Suggested-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/kernel/vmlinux.lds.S | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
index 07ae018e550e..53016c753f3c 100644
--- a/arch/powerpc/kernel/vmlinux.lds.S
+++ b/arch/powerpc/kernel/vmlinux.lds.S
@@ -296,6 +296,10 @@ SECTIONS
 #ifdef CONFIG_PPC32
 	.data : AT(ADDR(.data) - LOAD_OFFSET) {
 		DATA_DATA
+#ifdef CONFIG_UBSAN
+		*(.data..Lubsan_data*)
+		*(.data..Lubsan_type*)
+#endif
 		*(.data.rel*)
 		*(SDATA_MAIN)
 		*(.sdata2)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 066/258] iio: adc: meson-saradc: check for devm_kasprintf failure
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (63 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 065/258] powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 067/258] iio: adc: meson-saradc: fix internal clock names Sasha Levin
                   ` (191 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nicholas Mc Guire, Jonathan Cameron, Sasha Levin, linux-iio,
	linux-amlogic

From: Nicholas Mc Guire <hofrat@osadl.org>

[ Upstream commit aad172b017617994343e36d8659c69e14cd694fd ]

devm_kasprintf() may return NULL on failure of internal allocation thus
the assignments to  init.name  are not safe if not checked. On error
meson_sar_adc_clk_init() returns negative values so -ENOMEM in the
(unlikely) failure case of devm_kasprintf() should be fine here.

Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Fixes: 3adbf3427330 ("iio: adc: add a driver for the SAR ADC found in Amlogic Meson SoCs")
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iio/adc/meson_saradc.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/iio/adc/meson_saradc.c b/drivers/iio/adc/meson_saradc.c
index da2d16dfa63e..da4c391b8977 100644
--- a/drivers/iio/adc/meson_saradc.c
+++ b/drivers/iio/adc/meson_saradc.c
@@ -589,6 +589,9 @@ static int meson_sar_adc_clk_init(struct iio_dev *indio_dev,
 
 	init.name = devm_kasprintf(&indio_dev->dev, GFP_KERNEL, "%pOF#adc_div",
 				   indio_dev->dev.of_node);
+	if (!init.name)
+		return -ENOMEM;
+
 	init.flags = 0;
 	init.ops = &clk_divider_ops;
 	clk_parents[0] = __clk_get_name(priv->clkin);
@@ -608,6 +611,9 @@ static int meson_sar_adc_clk_init(struct iio_dev *indio_dev,
 
 	init.name = devm_kasprintf(&indio_dev->dev, GFP_KERNEL, "%pOF#adc_en",
 				   indio_dev->dev.of_node);
+	if (!init.name)
+		return -ENOMEM;
+
 	init.flags = CLK_SET_RATE_PARENT;
 	init.ops = &clk_gate_ops;
 	clk_parents[0] = __clk_get_name(priv->adc_div_clk);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 067/258] iio: adc: meson-saradc: fix internal clock names
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (64 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 066/258] iio: adc: meson-saradc: check for devm_kasprintf failure Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 068/258] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID Sasha Levin
                   ` (190 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Martin Blumenstingl, Jonathan Cameron, Sasha Levin, linux-iio,
	linux-amlogic

From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

[ Upstream commit 50314f98b0ac468218e7c9af8c99f215a35436df ]

Before this patch we are registering the internal clocks (for example on
Meson8b, where the SAR ADC IP block implements the divider and gate
clocks) with the following names:
- /soc/cbus@c1100000/adc@8680#adc_div
- /soc/cbus@c1100000/adc@8680#adc_en

This is bad because the common clock framework uses the clock to create
a directory in <debugfs>/clk. With such name, the directory creation
(silently) fails and the debugfs entry ends up being created at the
debugfs root.

With this change, the new clock names are:
- c1108680.adc#adc_div
- c1108680.adc#adc_en

This matches the clock naming scheme used in the PWM, Ethernet and MMC
drivers. It also fixes the problem with debugfs.
The idea is shamelessly taken from commit b96e9eb62841c5 ("pwm: meson:
Fix mux clock names").

Fixes: 3921db46a8c5bc ("iio: Convert to using %pOF instead of full_name")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iio/adc/meson_saradc.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/iio/adc/meson_saradc.c b/drivers/iio/adc/meson_saradc.c
index da4c391b8977..5dd104cf0939 100644
--- a/drivers/iio/adc/meson_saradc.c
+++ b/drivers/iio/adc/meson_saradc.c
@@ -587,8 +587,8 @@ static int meson_sar_adc_clk_init(struct iio_dev *indio_dev,
 	struct clk_init_data init;
 	const char *clk_parents[1];
 
-	init.name = devm_kasprintf(&indio_dev->dev, GFP_KERNEL, "%pOF#adc_div",
-				   indio_dev->dev.of_node);
+	init.name = devm_kasprintf(&indio_dev->dev, GFP_KERNEL, "%s#adc_div",
+				   dev_name(indio_dev->dev.parent));
 	if (!init.name)
 		return -ENOMEM;
 
@@ -609,8 +609,8 @@ static int meson_sar_adc_clk_init(struct iio_dev *indio_dev,
 	if (WARN_ON(IS_ERR(priv->adc_div_clk)))
 		return PTR_ERR(priv->adc_div_clk);
 
-	init.name = devm_kasprintf(&indio_dev->dev, GFP_KERNEL, "%pOF#adc_en",
-				   indio_dev->dev.of_node);
+	init.name = devm_kasprintf(&indio_dev->dev, GFP_KERNEL, "%s#adc_en",
+				   dev_name(indio_dev->dev.parent));
 	if (!init.name)
 		return -ENOMEM;
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 068/258] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (65 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 067/258] iio: adc: meson-saradc: fix internal clock names Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 069/258] media: adv*/tc358743/ths8200: fill in min width/height/pixelclock Sasha Levin
                   ` (189 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Hans de Goede, Jonathan Cameron, Sasha Levin, linux-iio

From: Hans de Goede <hdegoede@redhat.com>

[ Upstream commit 7f6232e69539971cf9eaed07a6c14ab4a2361133 ]

Various 2-in-1's use KIOX010A and KIOX020A as HIDs for 2 KXCJ91008
accelerometers. The KIOX010A HID is for the one in the base and the
KIOX020A for the accelerometer in the keyboard.

Since userspace does not have a way yet to deal with (or ignore) the
accelerometer in the keyboard, this commit just adds the KIOX010A HID
for now so that display rotation will work.

Related: https://github.com/hadess/iio-sensor-proxy/issues/166
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iio/accel/kxcjk-1013.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/iio/accel/kxcjk-1013.c b/drivers/iio/accel/kxcjk-1013.c
index af53a1084ee5..471caa5323e4 100644
--- a/drivers/iio/accel/kxcjk-1013.c
+++ b/drivers/iio/accel/kxcjk-1013.c
@@ -1490,6 +1490,7 @@ static const struct acpi_device_id kx_acpi_match[] = {
 	{"KXCJ1008", KXCJ91008},
 	{"KXCJ9000", KXCJ91008},
 	{"KIOX000A", KXCJ91008},
+	{"KIOX010A", KXCJ91008}, /* KXCJ91008 inside the display of a 2-in-1 */
 	{"KXTJ1009", KXTJ21009},
 	{"SMO8500",  KXCJ91008},
 	{ },
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 069/258] media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (66 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 068/258] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 070/258] ACPI: SPCR: Consider baud rate 0 as preconfigured state Sasha Levin
                   ` (188 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin, linux-media

From: Hans Verkuil <hverkuil-cisco@xs4all.nl>

[ Upstream commit 2912289a518077ddb8214e05336700148e97e235 ]

The v4l2_dv_timings_cap struct is used to do sanity checks when setting and
enumerating DV timings, ensuring that only valid timings as per the HW
capabilities are allowed.

However, many drivers just filled in 0 for the minimum width, height or
pixelclock frequency. This can cause timings with e.g. 0 as width and height
to be accepted, which will in turn lead to a potential division by zero.

Fill in proper values are minimum boundaries. 640x350 was chosen since it is
the smallest resolution in v4l2-dv-timings.h. Same for 13 MHz as the lowest
pixelclock frequency (it's slightly below the minimum of 13.5 MHz in the
v4l2-dv-timings.h header).

Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/i2c/ad9389b.c  | 2 +-
 drivers/media/i2c/adv7511.c  | 2 +-
 drivers/media/i2c/adv7604.c  | 4 ++--
 drivers/media/i2c/adv7842.c  | 4 ++--
 drivers/media/i2c/tc358743.c | 2 +-
 drivers/media/i2c/ths8200.c  | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/drivers/media/i2c/ad9389b.c b/drivers/media/i2c/ad9389b.c
index 5b008b0002c0..aa8b04cfed0f 100644
--- a/drivers/media/i2c/ad9389b.c
+++ b/drivers/media/i2c/ad9389b.c
@@ -578,7 +578,7 @@ static const struct v4l2_dv_timings_cap ad9389b_timings_cap = {
 	.type = V4L2_DV_BT_656_1120,
 	/* keep this initialization for compatibility with GCC < 4.4.6 */
 	.reserved = { 0 },
-	V4L2_INIT_BT_TIMINGS(0, 1920, 0, 1200, 25000000, 170000000,
+	V4L2_INIT_BT_TIMINGS(640, 1920, 350, 1200, 25000000, 170000000,
 		V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT |
 			V4L2_DV_BT_STD_GTF | V4L2_DV_BT_STD_CVT,
 		V4L2_DV_BT_CAP_PROGRESSIVE | V4L2_DV_BT_CAP_REDUCED_BLANKING |
diff --git a/drivers/media/i2c/adv7511.c b/drivers/media/i2c/adv7511.c
index f3899cc84e27..88349b5053cc 100644
--- a/drivers/media/i2c/adv7511.c
+++ b/drivers/media/i2c/adv7511.c
@@ -130,7 +130,7 @@ static const struct v4l2_dv_timings_cap adv7511_timings_cap = {
 	.type = V4L2_DV_BT_656_1120,
 	/* keep this initialization for compatibility with GCC < 4.4.6 */
 	.reserved = { 0 },
-	V4L2_INIT_BT_TIMINGS(0, ADV7511_MAX_WIDTH, 0, ADV7511_MAX_HEIGHT,
+	V4L2_INIT_BT_TIMINGS(640, ADV7511_MAX_WIDTH, 350, ADV7511_MAX_HEIGHT,
 		ADV7511_MIN_PIXELCLOCK, ADV7511_MAX_PIXELCLOCK,
 		V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT |
 			V4L2_DV_BT_STD_GTF | V4L2_DV_BT_STD_CVT,
diff --git a/drivers/media/i2c/adv7604.c b/drivers/media/i2c/adv7604.c
index c78698199ac5..f01964c36ad5 100644
--- a/drivers/media/i2c/adv7604.c
+++ b/drivers/media/i2c/adv7604.c
@@ -766,7 +766,7 @@ static const struct v4l2_dv_timings_cap adv7604_timings_cap_analog = {
 	.type = V4L2_DV_BT_656_1120,
 	/* keep this initialization for compatibility with GCC < 4.4.6 */
 	.reserved = { 0 },
-	V4L2_INIT_BT_TIMINGS(0, 1920, 0, 1200, 25000000, 170000000,
+	V4L2_INIT_BT_TIMINGS(640, 1920, 350, 1200, 25000000, 170000000,
 		V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT |
 			V4L2_DV_BT_STD_GTF | V4L2_DV_BT_STD_CVT,
 		V4L2_DV_BT_CAP_PROGRESSIVE | V4L2_DV_BT_CAP_REDUCED_BLANKING |
@@ -777,7 +777,7 @@ static const struct v4l2_dv_timings_cap adv76xx_timings_cap_digital = {
 	.type = V4L2_DV_BT_656_1120,
 	/* keep this initialization for compatibility with GCC < 4.4.6 */
 	.reserved = { 0 },
-	V4L2_INIT_BT_TIMINGS(0, 1920, 0, 1200, 25000000, 225000000,
+	V4L2_INIT_BT_TIMINGS(640, 1920, 350, 1200, 25000000, 225000000,
 		V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT |
 			V4L2_DV_BT_STD_GTF | V4L2_DV_BT_STD_CVT,
 		V4L2_DV_BT_CAP_PROGRESSIVE | V4L2_DV_BT_CAP_REDUCED_BLANKING |
diff --git a/drivers/media/i2c/adv7842.c b/drivers/media/i2c/adv7842.c
index 71fe56565f75..bb43a75ed6d0 100644
--- a/drivers/media/i2c/adv7842.c
+++ b/drivers/media/i2c/adv7842.c
@@ -663,7 +663,7 @@ static const struct v4l2_dv_timings_cap adv7842_timings_cap_analog = {
 	.type = V4L2_DV_BT_656_1120,
 	/* keep this initialization for compatibility with GCC < 4.4.6 */
 	.reserved = { 0 },
-	V4L2_INIT_BT_TIMINGS(0, 1920, 0, 1200, 25000000, 170000000,
+	V4L2_INIT_BT_TIMINGS(640, 1920, 350, 1200, 25000000, 170000000,
 		V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT |
 			V4L2_DV_BT_STD_GTF | V4L2_DV_BT_STD_CVT,
 		V4L2_DV_BT_CAP_PROGRESSIVE | V4L2_DV_BT_CAP_REDUCED_BLANKING |
@@ -674,7 +674,7 @@ static const struct v4l2_dv_timings_cap adv7842_timings_cap_digital = {
 	.type = V4L2_DV_BT_656_1120,
 	/* keep this initialization for compatibility with GCC < 4.4.6 */
 	.reserved = { 0 },
-	V4L2_INIT_BT_TIMINGS(0, 1920, 0, 1200, 25000000, 225000000,
+	V4L2_INIT_BT_TIMINGS(640, 1920, 350, 1200, 25000000, 225000000,
 		V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT |
 			V4L2_DV_BT_STD_GTF | V4L2_DV_BT_STD_CVT,
 		V4L2_DV_BT_CAP_PROGRESSIVE | V4L2_DV_BT_CAP_REDUCED_BLANKING |
diff --git a/drivers/media/i2c/tc358743.c b/drivers/media/i2c/tc358743.c
index ff25ea9aca48..26070fb6ce4e 100644
--- a/drivers/media/i2c/tc358743.c
+++ b/drivers/media/i2c/tc358743.c
@@ -59,7 +59,7 @@ static const struct v4l2_dv_timings_cap tc358743_timings_cap = {
 	/* keep this initialization for compatibility with GCC < 4.4.6 */
 	.reserved = { 0 },
 	/* Pixel clock from REF_01 p. 20. Min/max height/width are unknown */
-	V4L2_INIT_BT_TIMINGS(1, 10000, 1, 10000, 0, 165000000,
+	V4L2_INIT_BT_TIMINGS(640, 1920, 350, 1200, 13000000, 165000000,
 			V4L2_DV_BT_STD_CEA861 | V4L2_DV_BT_STD_DMT |
 			V4L2_DV_BT_STD_GTF | V4L2_DV_BT_STD_CVT,
 			V4L2_DV_BT_CAP_PROGRESSIVE |
diff --git a/drivers/media/i2c/ths8200.c b/drivers/media/i2c/ths8200.c
index 498ad2368cbc..f5ee28058ea2 100644
--- a/drivers/media/i2c/ths8200.c
+++ b/drivers/media/i2c/ths8200.c
@@ -49,7 +49,7 @@ static const struct v4l2_dv_timings_cap ths8200_timings_cap = {
 	.type = V4L2_DV_BT_656_1120,
 	/* keep this initialization for compatibility with GCC < 4.4.6 */
 	.reserved = { 0 },
-	V4L2_INIT_BT_TIMINGS(0, 1920, 0, 1080, 25000000, 148500000,
+	V4L2_INIT_BT_TIMINGS(640, 1920, 350, 1080, 25000000, 148500000,
 		V4L2_DV_BT_STD_CEA861, V4L2_DV_BT_CAP_PROGRESSIVE)
 };
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 070/258] ACPI: SPCR: Consider baud rate 0 as preconfigured state
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (67 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 069/258] media: adv*/tc358743/ths8200: fill in min width/height/pixelclock Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 071/258] staging: pi433: fix potential null dereference Sasha Levin
                   ` (187 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Andy Shevchenko, Rafael J . Wysocki, Sasha Levin, linux-acpi

From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

[ Upstream commit b413b1abeb21b4a152c0bf8d1379efa30759b6e3 ]

Since SPCR 1.04 [1] the baud rate of 0 means a preconfigured state of UART.
Assume firmware or bootloader configures console correctly.

[1]: https://docs.microsoft.com/en-us/windows-hardware/drivers/serports/serial-port-console-redirection-table

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reviewed-by: Prarit Bhargava <prarit@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/acpi/spcr.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/acpi/spcr.c b/drivers/acpi/spcr.c
index 9d52743080a4..c336784d0bcb 100644
--- a/drivers/acpi/spcr.c
+++ b/drivers/acpi/spcr.c
@@ -148,6 +148,13 @@ int __init acpi_parse_spcr(bool enable_earlycon, bool enable_console)
 	}
 
 	switch (table->baud_rate) {
+	case 0:
+		/*
+		 * SPCR 1.04 defines 0 as a preconfigured state of UART.
+		 * Assume firmware or bootloader configures console correctly.
+		 */
+		baud_rate = 0;
+		break;
 	case 3:
 		baud_rate = 9600;
 		break;
@@ -196,6 +203,10 @@ int __init acpi_parse_spcr(bool enable_earlycon, bool enable_console)
 		 * UART so don't attempt to change to the baud rate state
 		 * in the table because driver cannot calculate the dividers
 		 */
+		baud_rate = 0;
+	}
+
+	if (!baud_rate) {
 		snprintf(opts, sizeof(opts), "%s,%s,0x%llx", uart, iotype,
 			 table->serial_port.address);
 	} else {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 071/258] staging: pi433: fix potential null dereference
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (68 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 070/258] ACPI: SPCR: Consider baud rate 0 as preconfigured state Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 072/258] f2fs: move dir data flush to write checkpoint process Sasha Levin
                   ` (186 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Michael Straube, Greg Kroah-Hartman, Sasha Levin, devel

From: Michael Straube <straube.linux@gmail.com>

[ Upstream commit 64c4c4ca6c129a4191e8e1e91b2d5d9b8d08c518 ]

Add a test for successful call to cdev_alloc() to avoid
potential null dereference. Issue reported by smatch.

Signed-off-by: Michael Straube <straube.linux@gmail.com>
Fixes: 874bcba65f9a ("staging: pi433: New driver")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/staging/pi433/pi433_if.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/staging/pi433/pi433_if.c b/drivers/staging/pi433/pi433_if.c
index c85a805a1243..a497ec197872 100644
--- a/drivers/staging/pi433/pi433_if.c
+++ b/drivers/staging/pi433/pi433_if.c
@@ -1255,6 +1255,10 @@ static int pi433_probe(struct spi_device *spi)
 
 	/* create cdev */
 	device->cdev = cdev_alloc();
+	if (!device->cdev) {
+		dev_dbg(device->dev, "allocation of cdev failed");
+		goto cdev_failed;
+	}
 	device->cdev->owner = THIS_MODULE;
 	cdev_init(device->cdev, &pi433_fops);
 	retval = cdev_add(device->cdev, device->devt, 1);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 072/258] f2fs: move dir data flush to write checkpoint process
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (69 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 071/258] staging: pi433: fix potential null dereference Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 073/258] f2fs: avoid build warn of fall_through Sasha Levin
                   ` (185 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Yunlei He, Jaegeuk Kim, Sasha Levin, linux-f2fs-devel

From: Yunlei He <heyunlei@huawei.com>

[ Upstream commit b61ac5b720146c619c7cdf17eff2551b934399e5 ]

This patch move dir data flush to write checkpoint process, by
doing this, it may reduce some time for dir fsync.

pre:
	-f2fs_do_sync_file enter
		-file_write_and_wait_range  <- flush & wait
		-write_checkpoint
			-do_checkpoint	    <- wait all
	-f2fs_do_sync_file exit

now:
	-f2fs_do_sync_file enter
		-write_checkpoint
			-block_operations   <- flush dir & no wait
			-do_checkpoint	    <- wait all
	-f2fs_do_sync_file exit

Signed-off-by: Yunlei He <heyunlei@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/file.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 5474aaa274b9..fd36aa6569dc 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -220,6 +220,9 @@ static int f2fs_do_sync_file(struct file *file, loff_t start, loff_t end,
 
 	trace_f2fs_sync_file_enter(inode);
 
+	if (S_ISDIR(inode->i_mode))
+		goto go_write;
+
 	/* if fdatasync is triggered, let's do in-place-update */
 	if (datasync || get_dirty_pages(inode) <= SM_I(sbi)->min_fsync_blocks)
 		set_inode_flag(inode, FI_NEED_IPU);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 073/258] f2fs: avoid build warn of fall_through
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (70 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 072/258] f2fs: move dir data flush to write checkpoint process Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 074/258] f2fs: fix race between write_checkpoint and write_begin Sasha Levin
                   ` (184 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Jaegeuk Kim, Sasha Levin, linux-f2fs-devel

From: Jaegeuk Kim <jaegeuk@kernel.org>

[ Upstream commit f5d5510e7389fa264337fb524346bac9eb93adc8 ]

After merging the f2fs tree, today's linux-next build
 (x86_64_allmodconfig) produced this warning:

 In file included from fs/f2fs/dir.c:11:
 fs/f2fs/f2fs.h: In function '__mark_inode_dirty_flag':
 fs/f2fs/f2fs.h:2388:6: warning: this statement may fall through [-Wimplicit-fallthrough=]
    if (set)
       ^
 fs/f2fs/f2fs.h:2390:2: note: here
   case FI_DATA_EXIST:
   ^~~~

 Exposed by my use of -Wimplicit-fallthrough

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/f2fs.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index ecb735142276..462a2fb8aa69 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2311,6 +2311,7 @@ static inline void __mark_inode_dirty_flag(struct inode *inode,
 	case FI_NEW_INODE:
 		if (set)
 			return;
+		/* fall through */
 	case FI_DATA_EXIST:
 	case FI_INLINE_DOTS:
 	case FI_PIN_FILE:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 074/258] f2fs: fix race between write_checkpoint and write_begin
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (71 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 073/258] f2fs: avoid build warn of fall_through Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 075/258] f2fs: fix wrong return value of f2fs_acl_create Sasha Levin
                   ` (183 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sheng Yong, Jaegeuk Kim, Sasha Levin, linux-f2fs-devel

From: Sheng Yong <shengyong1@huawei.com>

[ Upstream commit 2866fb16d67992195b0526d19e65acb6640fb87f ]

The following race could lead to inconsistent SIT bitmap:

Task A                          Task B
======                          ======
f2fs_write_checkpoint
  block_operations
    f2fs_lock_all
      down_write(node_change)
      down_write(node_write)
      ... sync ...
      up_write(node_change)
                                f2fs_file_write_iter
                                  set_inode_flag(FI_NO_PREALLOC)
                                  ......
                                  f2fs_write_begin(index=0, has inline data)
                                    prepare_write_begin
                                      __do_map_lock(AIO) => down_read(node_change)
                                      f2fs_convert_inline_page => update SIT
                                      __do_map_lock(AIO) => up_read(node_change)
  f2fs_flush_sit_entries <= inconsistent SIT
  finish write checkpoint
  sudden-power-off

If SPO occurs after checkpoint is finished, SIT bitmap will be set
incorrectly.

Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/data.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index 11f28342f641..08314fb42652 100644
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -2259,6 +2259,7 @@ static int prepare_write_begin(struct f2fs_sb_info *sbi,
 	bool locked = false;
 	struct extent_info ei = {0,0,0};
 	int err = 0;
+	int flag;
 
 	/*
 	 * we already allocated all the blocks, so we don't need to get
@@ -2268,9 +2269,15 @@ static int prepare_write_begin(struct f2fs_sb_info *sbi,
 			!is_inode_flag_set(inode, FI_NO_PREALLOC))
 		return 0;
 
+	/* f2fs_lock_op avoids race between write CP and convert_inline_page */
+	if (f2fs_has_inline_data(inode) && pos + len > MAX_INLINE_DATA(inode))
+		flag = F2FS_GET_BLOCK_DEFAULT;
+	else
+		flag = F2FS_GET_BLOCK_PRE_AIO;
+
 	if (f2fs_has_inline_data(inode) ||
 			(pos & PAGE_MASK) >= i_size_read(inode)) {
-		__do_map_lock(sbi, F2FS_GET_BLOCK_PRE_AIO, true);
+		__do_map_lock(sbi, flag, true);
 		locked = true;
 	}
 restart:
@@ -2308,6 +2315,7 @@ static int prepare_write_begin(struct f2fs_sb_info *sbi,
 				f2fs_put_dnode(&dn);
 				__do_map_lock(sbi, F2FS_GET_BLOCK_PRE_AIO,
 								true);
+				WARN_ON(flag != F2FS_GET_BLOCK_PRE_AIO);
 				locked = true;
 				goto restart;
 			}
@@ -2321,7 +2329,7 @@ static int prepare_write_begin(struct f2fs_sb_info *sbi,
 	f2fs_put_dnode(&dn);
 unlock_out:
 	if (locked)
-		__do_map_lock(sbi, F2FS_GET_BLOCK_PRE_AIO, false);
+		__do_map_lock(sbi, flag, false);
 	return err;
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 075/258] f2fs: fix wrong return value of f2fs_acl_create
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (72 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 074/258] f2fs: fix race between write_checkpoint and write_begin Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 076/258] i2c: sh_mobile: add support for r8a77990 (R-Car E3) Sasha Levin
                   ` (182 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Tiezhu Yang, Jaegeuk Kim, Sasha Levin, linux-f2fs-devel

From: Tiezhu Yang <kernelpatch@126.com>

[ Upstream commit f6176473a0c7472380eef72ebeb330cf9485bf0a ]

When call f2fs_acl_create_masq() failed, the caller f2fs_acl_create()
should return -EIO instead of -ENOMEM, this patch makes it consistent
with posix_acl_create() which has been fixed in commit beaf226b863a
("posix_acl: don't ignore return value of posix_acl_create_masq()").

Fixes: 83dfe53c185e ("f2fs: fix reference leaks in f2fs_acl_create")
Signed-off-by: Tiezhu Yang <kernelpatch@126.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/acl.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
index 111824199a88..b9fe937a3c70 100644
--- a/fs/f2fs/acl.c
+++ b/fs/f2fs/acl.c
@@ -352,12 +352,14 @@ static int f2fs_acl_create(struct inode *dir, umode_t *mode,
 		return PTR_ERR(p);
 
 	clone = f2fs_acl_clone(p, GFP_NOFS);
-	if (!clone)
-		goto no_mem;
+	if (!clone) {
+		ret = -ENOMEM;
+		goto release_acl;
+	}
 
 	ret = f2fs_acl_create_masq(clone, mode);
 	if (ret < 0)
-		goto no_mem_clone;
+		goto release_clone;
 
 	if (ret == 0)
 		posix_acl_release(clone);
@@ -371,11 +373,11 @@ static int f2fs_acl_create(struct inode *dir, umode_t *mode,
 
 	return 0;
 
-no_mem_clone:
+release_clone:
 	posix_acl_release(clone);
-no_mem:
+release_acl:
 	posix_acl_release(p);
-	return -ENOMEM;
+	return ret;
 }
 
 int f2fs_init_acl(struct inode *inode, struct inode *dir, struct page *ipage,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 076/258] i2c: sh_mobile: add support for r8a77990 (R-Car E3)
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (73 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 075/258] f2fs: fix wrong return value of f2fs_acl_create Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 077/258] arm64: io: Ensure calls to delay routines are ordered against prior readX() Sasha Levin
                   ` (181 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Simon Horman, Wolfram Sang, Sasha Levin, linux-i2c

From: Simon Horman <horms+renesas@verge.net.au>

[ Upstream commit 5eb316e636eb298c204f5b368526d4480b63c0ba ]

Add support for the IIC code for the r8a77990 (R-Car E3).

It is not considered compatible with existing fallback bindings
due to the documented absence of automatic transmission registers.

These registers are currently not used by the driver and
thus the provides the same behaviour for "renesas,iic-r8a77990" and
"renesas,rcar-gen3-iic". The point of declaring incompatibility is
to allow for automatic transmission register support to be added to
"renesas,iic-r8a77990" and "renesas,rcar-gen3-iic" in future.

Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/i2c/busses/i2c-sh_mobile.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/i2c/busses/i2c-sh_mobile.c b/drivers/i2c/busses/i2c-sh_mobile.c
index 818cab14e87c..b3ed14f4eae9 100644
--- a/drivers/i2c/busses/i2c-sh_mobile.c
+++ b/drivers/i2c/busses/i2c-sh_mobile.c
@@ -808,6 +808,7 @@ static const struct of_device_id sh_mobile_i2c_dt_ids[] = {
 	{ .compatible = "renesas,rcar-gen2-iic", .data = &fast_clock_dt_config },
 	{ .compatible = "renesas,iic-r8a7795", .data = &fast_clock_dt_config },
 	{ .compatible = "renesas,rcar-gen3-iic", .data = &fast_clock_dt_config },
+	{ .compatible = "renesas,iic-r8a77990", .data = &fast_clock_dt_config },
 	{ .compatible = "renesas,iic-sh73a0", .data = &fast_clock_dt_config },
 	{ .compatible = "renesas,rmobile-iic", .data = &default_dt_config },
 	{},
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 077/258] arm64: io: Ensure calls to delay routines are ordered against prior readX()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (74 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 076/258] i2c: sh_mobile: add support for r8a77990 (R-Car E3) Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 078/258] net: aquantia: return 'err' if set MPI_DEINIT state fails Sasha Levin
                   ` (180 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Will Deacon, Benjamin Herrenschmidt, Arnd Bergmann, Sasha Levin

From: Will Deacon <will.deacon@arm.com>

[ Upstream commit 6460d32014717686d3b7963595950ba2c6d1bb5e ]

A relatively standard idiom for ensuring that a pair of MMIO writes to a
device arrive at that device with a specified minimum delay between them
is as follows:

	writel_relaxed(42, dev_base + CTL1);
	readl(dev_base + CTL1);
	udelay(10);
	writel_relaxed(42, dev_base + CTL2);

the intention being that the read-back from the device will push the
prior write to CTL1, and the udelay will hold up the write to CTL1 until
at least 10us have elapsed.

Unfortunately, on arm64 where the underlying delay loop is implemented
as a read of the architected counter, the CPU does not guarantee
ordering from the readl() to the delay loop and therefore the delay loop
could in theory be speculated and not provide the desired interval
between the two writes.

Fix this in a similar manner to PowerPC by introducing a dummy control
dependency on the output of readX() which, combined with the ISB in the
read of the architected counter, guarantees that a subsequent delay loop
can not be executed until the readX() has returned its result.

Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/include/asm/io.h | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/arch/arm64/include/asm/io.h b/arch/arm64/include/asm/io.h
index 35b2e50f17fb..b2bc7dbc1fa6 100644
--- a/arch/arm64/include/asm/io.h
+++ b/arch/arm64/include/asm/io.h
@@ -106,7 +106,22 @@ static inline u64 __raw_readq(const volatile void __iomem *addr)
 }
 
 /* IO barriers */
-#define __iormb()		rmb()
+#define __iormb(v)							\
+({									\
+	unsigned long tmp;						\
+									\
+	rmb();								\
+									\
+	/*								\
+	 * Create a dummy control dependency from the IO read to any	\
+	 * later instructions. This ensures that a subsequent call to	\
+	 * udelay() will be ordered due to the ISB in get_cycles().	\
+	 */								\
+	asm volatile("eor	%0, %1, %1\n"				\
+		     "cbnz	%0, ."					\
+		     : "=r" (tmp) : "r" (v) : "memory");		\
+})
+
 #define __iowmb()		wmb()
 
 #define mmiowb()		do { } while (0)
@@ -131,10 +146,10 @@ static inline u64 __raw_readq(const volatile void __iomem *addr)
  * following Normal memory access. Writes are ordered relative to any prior
  * Normal memory access.
  */
-#define readb(c)		({ u8  __v = readb_relaxed(c); __iormb(); __v; })
-#define readw(c)		({ u16 __v = readw_relaxed(c); __iormb(); __v; })
-#define readl(c)		({ u32 __v = readl_relaxed(c); __iormb(); __v; })
-#define readq(c)		({ u64 __v = readq_relaxed(c); __iormb(); __v; })
+#define readb(c)		({ u8  __v = readb_relaxed(c); __iormb(__v); __v; })
+#define readw(c)		({ u16 __v = readw_relaxed(c); __iormb(__v); __v; })
+#define readl(c)		({ u32 __v = readl_relaxed(c); __iormb(__v); __v; })
+#define readq(c)		({ u64 __v = readq_relaxed(c); __iormb(__v); __v; })
 
 #define writeb(v,c)		({ __iowmb(); writeb_relaxed((v),(c)); })
 #define writew(v,c)		({ __iowmb(); writew_relaxed((v),(c)); })
@@ -185,9 +200,9 @@ extern void __iomem *ioremap_cache(phys_addr_t phys_addr, size_t size);
 /*
  * io{read,write}{16,32,64}be() macros
  */
-#define ioread16be(p)		({ __u16 __v = be16_to_cpu((__force __be16)__raw_readw(p)); __iormb(); __v; })
-#define ioread32be(p)		({ __u32 __v = be32_to_cpu((__force __be32)__raw_readl(p)); __iormb(); __v; })
-#define ioread64be(p)		({ __u64 __v = be64_to_cpu((__force __be64)__raw_readq(p)); __iormb(); __v; })
+#define ioread16be(p)		({ __u16 __v = be16_to_cpu((__force __be16)__raw_readw(p)); __iormb(__v); __v; })
+#define ioread32be(p)		({ __u32 __v = be32_to_cpu((__force __be32)__raw_readl(p)); __iormb(__v); __v; })
+#define ioread64be(p)		({ __u64 __v = be64_to_cpu((__force __be64)__raw_readq(p)); __iormb(__v); __v; })
 
 #define iowrite16be(v,p)	({ __iowmb(); __raw_writew((__force __u16)cpu_to_be16(v), p); })
 #define iowrite32be(v,p)	({ __iowmb(); __raw_writel((__force __u32)cpu_to_be32(v), p); })
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 078/258] net: aquantia: return 'err' if set MPI_DEINIT state fails
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (75 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 077/258] arm64: io: Ensure calls to delay routines are ordered against prior readX() Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 079/258] sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN Sasha Levin
                   ` (179 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: YueHaibing, David S . Miller, Sasha Levin, netdev

From: YueHaibing <yuehaibing@huawei.com>

[ Upstream commit 4e3c7c00bba0636b97eb23d582c20b0f5d95ce20 ]

Fixes gcc '-Wunused-but-set-variable' warning:

drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c:260:7:
 warning: variable 'err' set but not used [-Wunused-but-set-variable]

'err' should be returned while set MPI_DEINIT state fails
in hw_atl_utils_soft_reset.

Fixes: cce96d1883da ("net: aquantia: Regression on reset with 1.x firmware")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
index c965e65d07db..9939ccaeb125 100644
--- a/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
+++ b/drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
@@ -262,6 +262,8 @@ int hw_atl_utils_soft_reset(struct aq_hw_s *self)
 		AQ_HW_WAIT_FOR((aq_hw_read_reg(self, HW_ATL_MPI_STATE_ADR) &
 			       HW_ATL_MPI_STATE_MSK) == MPI_DEINIT,
 			       10, 1000U);
+		if (err)
+			return err;
 	}
 
 	if (self->rbl_enabled)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 079/258] sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (76 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 078/258] net: aquantia: return 'err' if set MPI_DEINIT state fails Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 080/258] soc: bcm: brcmstb: Don't leak device tree node reference Sasha Levin
                   ` (178 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Young Xiao, Jens Axboe, Sasha Levin, linux-block

From: Young Xiao <YangX92@hotmail.com>

[ Upstream commit a11f6ca9aef989b56cd31ff4ee2af4fb31a172ec ]

__vdc_tx_trigger should only loop on EAGAIN a finite
number of times.

See commit adddc32d6fde ("sunvnet: Do not spin in an
infinite loop when vio_ldc_send() returns EAGAIN") for detail.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/sunvdc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/block/sunvdc.c b/drivers/block/sunvdc.c
index f68e9baffad7..5d7024057540 100644
--- a/drivers/block/sunvdc.c
+++ b/drivers/block/sunvdc.c
@@ -45,6 +45,8 @@ MODULE_VERSION(DRV_MODULE_VERSION);
 #define WAITING_FOR_GEN_CMD	0x04
 #define WAITING_FOR_ANY		-1
 
+#define	VDC_MAX_RETRIES	10
+
 static struct workqueue_struct *sunvdc_wq;
 
 struct vdc_req_entry {
@@ -431,6 +433,7 @@ static int __vdc_tx_trigger(struct vdc_port *port)
 		.end_idx		= dr->prod,
 	};
 	int err, delay;
+	int retries = 0;
 
 	hdr.seq = dr->snd_nxt;
 	delay = 1;
@@ -443,6 +446,8 @@ static int __vdc_tx_trigger(struct vdc_port *port)
 		udelay(delay);
 		if ((delay <<= 1) > 128)
 			delay = 128;
+		if (retries++ > VDC_MAX_RETRIES)
+			break;
 	} while (err == -EAGAIN);
 
 	if (err == -ENOTCONN)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 080/258] soc: bcm: brcmstb: Don't leak device tree node reference
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (77 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 079/258] sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 081/258] nfsd4: fix crash on writing v4_end_grace before nfsd startup Sasha Levin
                   ` (177 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Yangtao Li, Florian Fainelli, Sasha Levin

From: Yangtao Li <tiny.windzz@gmail.com>

[ Upstream commit 1861a7f07e02292830a1ca256328d370deefea30 ]

of_find_node_by_path() acquires a reference to the node returned by it
and that reference needs to be dropped by its caller. soc_is_brcmstb()
doesn't do that, so fix it.

[treding: slightly rewrite to avoid inline comparison]

Fixes: d52fad262041 ("soc: add stubs for brcmstb SoC's")
Signed-off-by: Yangtao Li <tiny.windzz@gmail.com>
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/soc/bcm/brcmstb/common.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/soc/bcm/brcmstb/common.c b/drivers/soc/bcm/brcmstb/common.c
index 14185451901d..bf9123f727e8 100644
--- a/drivers/soc/bcm/brcmstb/common.c
+++ b/drivers/soc/bcm/brcmstb/common.c
@@ -31,13 +31,17 @@ static const struct of_device_id brcmstb_machine_match[] = {
 
 bool soc_is_brcmstb(void)
 {
+	const struct of_device_id *match;
 	struct device_node *root;
 
 	root = of_find_node_by_path("/");
 	if (!root)
 		return false;
 
-	return of_match_node(brcmstb_machine_match, root) != NULL;
+	match = of_match_node(brcmstb_machine_match, root);
+	of_node_put(root);
+
+	return match != NULL;
 }
 
 u32 brcmstb_get_family_id(void)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 081/258] nfsd4: fix crash on writing v4_end_grace before nfsd startup
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (78 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 080/258] soc: bcm: brcmstb: Don't leak device tree node reference Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 082/258] drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() Sasha Levin
                   ` (176 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: J. Bruce Fields, Sasha Levin, linux-nfs

From: "J. Bruce Fields" <bfields@redhat.com>

[ Upstream commit 62a063b8e7d1db684db3f207261a466fa3194e72 ]

Anatoly Trosinenko reports that this:

1) Checkout fresh master Linux branch (tested with commit e195ca6cb)
2) Copy x84_64-config-4.14 to .config, then enable NFS server v4 and build
3) From `kvm-xfstests shell`:

results in NULL dereference in locks_end_grace.

Check that nfsd has been started before trying to end the grace period.

Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/nfsd/nfsctl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
index 7fb9f7c667b1..899174c7a8ae 100644
--- a/fs/nfsd/nfsctl.c
+++ b/fs/nfsd/nfsctl.c
@@ -1126,6 +1126,8 @@ static ssize_t write_v4_end_grace(struct file *file, char *buf, size_t size)
 		case 'Y':
 		case 'y':
 		case '1':
+			if (nn->nfsd_serv)
+				return -EBUSY;
 			nfsd4_end_grace(nn);
 			break;
 		default:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 082/258] drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (79 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 081/258] nfsd4: fix crash on writing v4_end_grace before nfsd startup Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 083/258] drm: Move drm_mode_setcrtc() local re-init to failure path Sasha Levin
                   ` (175 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Sean Paul, Sasha Levin, dri-devel

From: Sean Paul <seanpaul@chromium.org>

[ Upstream commit aa394b0dd68cb00c483e151dcd84713d4d517ed1 ]

drm_atomic_helper_commit_duplicated_state() sets state->acquire_ctx to
the context given in the argument and leaves it in state after it
quits. The lifetime of state and context are not guaranteed to be the
same, so we shouldn't leave that pointer hanging around. This patch
resets the context to NULL to avoid any oopses.

Changes in v2:
- Added to the set

Suggested-by: Daniel Vetter <daniel@ffwll.ch>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20181129150423.239081-1-sean@poorly.run
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/drm_atomic_helper.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/drm_atomic_helper.c b/drivers/gpu/drm/drm_atomic_helper.c
index f77bff5aa307..23397c08be11 100644
--- a/drivers/gpu/drm/drm_atomic_helper.c
+++ b/drivers/gpu/drm/drm_atomic_helper.c
@@ -3192,7 +3192,7 @@ EXPORT_SYMBOL(drm_atomic_helper_suspend);
 int drm_atomic_helper_commit_duplicated_state(struct drm_atomic_state *state,
 					      struct drm_modeset_acquire_ctx *ctx)
 {
-	int i;
+	int i, ret;
 	struct drm_plane *plane;
 	struct drm_plane_state *new_plane_state;
 	struct drm_connector *connector;
@@ -3211,7 +3211,11 @@ int drm_atomic_helper_commit_duplicated_state(struct drm_atomic_state *state,
 	for_each_new_connector_in_state(state, connector, new_conn_state, i)
 		state->connectors[i].old_state = connector->state;
 
-	return drm_atomic_commit(state);
+	ret = drm_atomic_commit(state);
+
+	state->acquire_ctx = NULL;
+
+	return ret;
 }
 EXPORT_SYMBOL(drm_atomic_helper_commit_duplicated_state);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 083/258] drm: Move drm_mode_setcrtc() local re-init to failure path
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (80 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 082/258] drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 21:03   ` Sean Paul
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 084/258] perf: arm_spe: handle devm_kasprintf() failure Sasha Levin
                   ` (174 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Sean Paul, Sasha Levin, dri-devel

From: Sean Paul <seanpaul@chromium.org>

[ Upstream commit c232e9f41b136c141df9938024e521191a7b910d ]

Instead of always re-initializing the variables we need to clean up on
out, move the re-initialization into the branch that goes back to retry
label.

This is a lateral move right now, but will allow us to pull out the
modeset locking into common code. I kept this change separate to make
things easier to review.

Changes in v2:
- None

Reviewed-by: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Link: https://patchwork.freedesktop.org/patch/msgid/20181129150423.239081-2-sean@poorly.run
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/drm_crtc.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
index 9cbe8f5c9aca..ed9d7fc4cb2c 100644
--- a/drivers/gpu/drm/drm_crtc.c
+++ b/drivers/gpu/drm/drm_crtc.c
@@ -567,9 +567,9 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
 	struct drm_mode_crtc *crtc_req = data;
 	struct drm_crtc *crtc;
 	struct drm_plane *plane;
-	struct drm_connector **connector_set, *connector;
-	struct drm_framebuffer *fb;
-	struct drm_display_mode *mode;
+	struct drm_connector **connector_set = NULL, *connector;
+	struct drm_framebuffer *fb = NULL;
+	struct drm_display_mode *mode = NULL;
 	struct drm_mode_set set;
 	uint32_t __user *set_connectors_ptr;
 	struct drm_modeset_acquire_ctx ctx;
@@ -598,10 +598,6 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
 	mutex_lock(&crtc->dev->mode_config.mutex);
 	drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE);
 retry:
-	connector_set = NULL;
-	fb = NULL;
-	mode = NULL;
-
 	ret = drm_modeset_lock_all_ctx(crtc->dev, &ctx);
 	if (ret)
 		goto out;
@@ -763,6 +759,12 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
 	}
 	kfree(connector_set);
 	drm_mode_destroy(dev, mode);
+
+	/* In case we need to retry... */
+	connector_set = NULL;
+	fb = NULL;
+	mode = NULL;
+
 	if (ret == -EDEADLK) {
 		ret = drm_modeset_backoff(&ctx);
 		if (!ret)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 084/258] perf: arm_spe: handle devm_kasprintf() failure
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (81 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 083/258] drm: Move drm_mode_setcrtc() local re-init to failure path Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 085/258] arm64: io: Ensure value passed to __iormb() is held in a 64-bit register Sasha Levin
                   ` (173 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Nicholas Mc Guire, Will Deacon, Sasha Levin

From: Nicholas Mc Guire <hofrat@osadl.org>

[ Upstream commit 754a58db6a556e6e5f5e32f3e84e7d67b5bf9c8e ]

devm_kasprintf() may return NULL on failure of internal allocation
thus the assignment to 'name' is not safe if unchecked. If NULL
is passed in for name then perf_pmu_register() would not fail
but rather silently jump to skip_type which is not the intent
here. As perf_pmu_register() may also return -ENOMEM returning
-ENOMEM in the (unlikely) failure case of devm_kasprintf() should
be fine here as well.

Acked-by: Mark Rutland <mark.rutland@arm.com>
Fixes: d5d9696b0380 ("drivers/perf: Add support for ARMv8.2 Statistical Profiling Extension")
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
[will: reworded error message]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/perf/arm_spe_pmu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/perf/arm_spe_pmu.c b/drivers/perf/arm_spe_pmu.c
index 54ec278d2fc4..e1a77b2de78a 100644
--- a/drivers/perf/arm_spe_pmu.c
+++ b/drivers/perf/arm_spe_pmu.c
@@ -927,6 +927,11 @@ static int arm_spe_pmu_perf_init(struct arm_spe_pmu *spe_pmu)
 
 	idx = atomic_inc_return(&pmu_idx);
 	name = devm_kasprintf(dev, GFP_KERNEL, "%s_%d", PMUNAME, idx);
+	if (!name) {
+		dev_err(dev, "failed to allocate name for pmu %d\n", idx);
+		return -ENOMEM;
+	}
+
 	return perf_pmu_register(&spe_pmu->pmu, name, -1);
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 085/258] arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (82 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 084/258] perf: arm_spe: handle devm_kasprintf() failure Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 086/258] Thermal: do not clear passive state during system sleep Sasha Levin
                   ` (172 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Will Deacon, Sasha Levin

From: Will Deacon <will.deacon@arm.com>

[ Upstream commit 1b57ec8c75279b873639eb44a215479236f93481 ]

As of commit 6460d3201471 ("arm64: io: Ensure calls to delay routines
are ordered against prior readX()"), MMIO reads smaller than 64 bits
fail to compile under clang because we end up mixing 32-bit and 64-bit
register operands for the same data processing instruction:

./include/asm-generic/io.h:695:9: warning: value size does not match register size specified by the constraint and modifier [-Wasm-operand-widths]
        return readb(addr);
               ^
./arch/arm64/include/asm/io.h:147:58: note: expanded from macro 'readb'
                                                                       ^
./include/asm-generic/io.h:695:9: note: use constraint modifier "w"
./arch/arm64/include/asm/io.h:147:50: note: expanded from macro 'readb'
                                                               ^
./arch/arm64/include/asm/io.h:118:24: note: expanded from macro '__iormb'
        asm volatile("eor       %0, %1, %1\n"                           \
                                    ^

Fix the build by casting the macro argument to 'unsigned long' when used
as an input to the inline asm.

Reported-by: Nick Desaulniers <nick.desaulniers@gmail.com>
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/include/asm/io.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/include/asm/io.h b/arch/arm64/include/asm/io.h
index b2bc7dbc1fa6..49bb9a020a09 100644
--- a/arch/arm64/include/asm/io.h
+++ b/arch/arm64/include/asm/io.h
@@ -119,7 +119,8 @@ static inline u64 __raw_readq(const volatile void __iomem *addr)
 	 */								\
 	asm volatile("eor	%0, %1, %1\n"				\
 		     "cbnz	%0, ."					\
-		     : "=r" (tmp) : "r" (v) : "memory");		\
+		     : "=r" (tmp) : "r" ((unsigned long)(v))		\
+		     : "memory");					\
 })
 
 #define __iowmb()		wmb()
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 086/258] Thermal: do not clear passive state during system sleep
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (83 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 085/258] arm64: io: Ensure value passed to __iormb() is held in a 64-bit register Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 087/258] thermal: Fix locking in cooling device sysfs update cur_state Sasha Levin
                   ` (171 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Wei Wang, Zhang Rui, Sasha Levin, linux-pm

From: Wei Wang <wvw@google.com>

[ Upstream commit 964f4843a455d2ffb199512b08be8d5f077c4cac ]

commit ff140fea847e ("Thermal: handle thermal zone device properly
during system sleep") added PM hook to call thermal zone reset during
sleep. However resetting thermal zone will also clear the passive state
and thus cancel the polling queue which leads the passive cooling device
state not being cleared properly after sleep.

thermal_pm_notify => thermal_zone_device_reset set passive to 0
thermal_zone_trip_update will skip update passive as `old_target ==
instance->target'.
monitor_thermal_zone => thermal_zone_device_set_polling will cancel
tz->poll_queue, so the cooling device state will not be changed
afterwards.

Reported-by: Kame Wang <kamewang@google.com>
Signed-off-by: Wei Wang <wvw@google.com>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/thermal/thermal_core.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index 441778100887..bf9721fc2824 100644
--- a/drivers/thermal/thermal_core.c
+++ b/drivers/thermal/thermal_core.c
@@ -451,16 +451,20 @@ static void update_temperature(struct thermal_zone_device *tz)
 			tz->last_temperature, tz->temperature);
 }
 
-static void thermal_zone_device_reset(struct thermal_zone_device *tz)
+static void thermal_zone_device_init(struct thermal_zone_device *tz)
 {
 	struct thermal_instance *pos;
-
 	tz->temperature = THERMAL_TEMP_INVALID;
-	tz->passive = 0;
 	list_for_each_entry(pos, &tz->thermal_instances, tz_node)
 		pos->initialized = false;
 }
 
+static void thermal_zone_device_reset(struct thermal_zone_device *tz)
+{
+	tz->passive = 0;
+	thermal_zone_device_init(tz);
+}
+
 void thermal_zone_device_update(struct thermal_zone_device *tz,
 				enum thermal_notify_event event)
 {
@@ -1502,7 +1506,7 @@ static int thermal_pm_notify(struct notifier_block *nb,
 	case PM_POST_SUSPEND:
 		atomic_set(&in_suspend, 0);
 		list_for_each_entry(tz, &thermal_tz_list, node) {
-			thermal_zone_device_reset(tz);
+			thermal_zone_device_init(tz);
 			thermal_zone_device_update(tz,
 						   THERMAL_EVENT_UNSPECIFIED);
 		}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 087/258] thermal: Fix locking in cooling device sysfs update cur_state
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (84 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 086/258] Thermal: do not clear passive state during system sleep Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 088/258] firmware/efi: Add NULL pointer checks in efivars API functions Sasha Levin
                   ` (170 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Thara Gopinath, Zhang Rui, Sasha Levin, linux-pm

From: Thara Gopinath <thara.gopinath@linaro.org>

[ Upstream commit 68000a0d983f539c95ebe5dccd4f29535c7ac0af ]

Sysfs interface to update cooling device cur_state does not
currently holding cooling device lock sometimes leading to
stale values in cur_state if getting updated simultanelously
from user space and thermal framework. Adding the proper locking
code fixes this issue.

Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/thermal/thermal_sysfs.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/drivers/thermal/thermal_sysfs.c b/drivers/thermal/thermal_sysfs.c
index 2241ceae7d7f..aa99edb4dff7 100644
--- a/drivers/thermal/thermal_sysfs.c
+++ b/drivers/thermal/thermal_sysfs.c
@@ -712,11 +712,14 @@ cur_state_store(struct device *dev, struct device_attribute *attr,
 	if ((long)state < 0)
 		return -EINVAL;
 
+	mutex_lock(&cdev->lock);
+
 	result = cdev->ops->set_cur_state(cdev, state);
-	if (result)
-		return result;
-	thermal_cooling_device_stats_update(cdev, state);
-	return count;
+	if (!result)
+		thermal_cooling_device_stats_update(cdev, state);
+
+	mutex_unlock(&cdev->lock);
+	return result ? result : count;
 }
 
 static struct device_attribute
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 088/258] firmware/efi: Add NULL pointer checks in efivars API functions
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (85 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 087/258] thermal: Fix locking in cooling device sysfs update cur_state Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 089/258] s390/zcrypt: improve special ap message cmd handling Sasha Levin
                   ` (169 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arend van Spriel, Ard Biesheuvel, Andy Lutomirski,
	Bhupesh Sharma, Borislav Petkov, Dave Hansen, Eric Snowberg,
	Hans de Goede, Joe Perches, Julien Thierry, Linus Torvalds,
	Marc Zyngier, Matt Fleming, Nathan Chancellor, Peter Zijlstra,
	Sai Praneeth Prakhya, Sedat Dilek, Thomas Gleixner, YiFei Zhu,
	linux-efi, Ingo Molnar, Sasha Levin

From: Arend van Spriel <arend.vanspriel@broadcom.com>

[ Upstream commit ab2180a15ce54739fed381efb4cb12e78dfb1561 ]

Since commit:

   ce2e6db554fa ("brcmfmac: Add support for getting nvram contents from EFI variables")

we have a device driver accessing the efivars API. Several functions in
the efivars API assume __efivars is set, i.e., that they will be accessed
only after efivars_register() has been called. However, the following NULL
pointer access was reported calling efivar_entry_size() from the brcmfmac
device driver:

  Unable to handle kernel NULL pointer dereference at virtual address 00000008
  pgd = 60bfa5f1
  [00000008] *pgd=00000000
  Internal error: Oops: 5 [#1] SMP ARM
  ...
  Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
  Workqueue: events request_firmware_work_func
  PC is at efivar_entry_size+0x28/0x90
  LR is at brcmf_fw_complete_request+0x3f8/0x8d4 [brcmfmac]
  pc : [<c0c40718>]    lr : [<bf2a3ef4>]    psr: a00d0113
  sp : ede7fe28  ip : ee983410  fp : c1787f30
  r10: 00000000  r9 : 00000000  r8 : bf2b2258
  r7 : ee983000  r6 : c1604c48  r5 : ede7fe88  r4 : edf337c0
  r3 : 00000000  r2 : 00000000  r1 : ede7fe88  r0 : c17712c8
  Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
  Control: 10c5387d  Table: ad16804a  DAC: 00000051

Disassembly showed that the local static variable __efivars is NULL,
which is not entirely unexpected given that it is a non-EFI platform.

So add a NULL pointer check to efivar_entry_size(), and to related
functions while at it. In efivars_register() a couple of sanity checks
are added as well.

Reported-by: Jon Hunter <jonathanh@nvidia.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Bhupesh Sharma <bhsharma@redhat.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Eric Snowberg <eric.snowberg@oracle.com>
Cc: Hans de Goede <hdegoede@redhat.com>
Cc: Joe Perches <joe@perches.com>
Cc: Julien Thierry <julien.thierry@arm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sai Praneeth Prakhya <sai.praneeth.prakhya@intel.com>
Cc: Sedat Dilek <sedat.dilek@gmail.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: YiFei Zhu <zhuyifei1999@gmail.com>
Cc: linux-efi@vger.kernel.org
Link: http://lkml.kernel.org/r/20181129171230.18699-9-ard.biesheuvel@linaro.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/firmware/efi/vars.c | 99 +++++++++++++++++++++++++++++--------
 1 file changed, 78 insertions(+), 21 deletions(-)

diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
index 9336ffdf6e2c..fceaafd67ec6 100644
--- a/drivers/firmware/efi/vars.c
+++ b/drivers/firmware/efi/vars.c
@@ -318,7 +318,12 @@ EXPORT_SYMBOL_GPL(efivar_variable_is_removable);
 static efi_status_t
 check_var_size(u32 attributes, unsigned long size)
 {
-	const struct efivar_operations *fops = __efivars->ops;
+	const struct efivar_operations *fops;
+
+	if (!__efivars)
+		return EFI_UNSUPPORTED;
+
+	fops = __efivars->ops;
 
 	if (!fops->query_variable_store)
 		return EFI_UNSUPPORTED;
@@ -329,7 +334,12 @@ check_var_size(u32 attributes, unsigned long size)
 static efi_status_t
 check_var_size_nonblocking(u32 attributes, unsigned long size)
 {
-	const struct efivar_operations *fops = __efivars->ops;
+	const struct efivar_operations *fops;
+
+	if (!__efivars)
+		return EFI_UNSUPPORTED;
+
+	fops = __efivars->ops;
 
 	if (!fops->query_variable_store)
 		return EFI_UNSUPPORTED;
@@ -429,13 +439,18 @@ static void dup_variable_bug(efi_char16_t *str16, efi_guid_t *vendor_guid,
 int efivar_init(int (*func)(efi_char16_t *, efi_guid_t, unsigned long, void *),
 		void *data, bool duplicates, struct list_head *head)
 {
-	const struct efivar_operations *ops = __efivars->ops;
+	const struct efivar_operations *ops;
 	unsigned long variable_name_size = 1024;
 	efi_char16_t *variable_name;
 	efi_status_t status;
 	efi_guid_t vendor_guid;
 	int err = 0;
 
+	if (!__efivars)
+		return -EFAULT;
+
+	ops = __efivars->ops;
+
 	variable_name = kzalloc(variable_name_size, GFP_KERNEL);
 	if (!variable_name) {
 		printk(KERN_ERR "efivars: Memory allocation failed.\n");
@@ -583,12 +598,14 @@ static void efivar_entry_list_del_unlock(struct efivar_entry *entry)
  */
 int __efivar_entry_delete(struct efivar_entry *entry)
 {
-	const struct efivar_operations *ops = __efivars->ops;
 	efi_status_t status;
 
-	status = ops->set_variable(entry->var.VariableName,
-				   &entry->var.VendorGuid,
-				   0, 0, NULL);
+	if (!__efivars)
+		return -EINVAL;
+
+	status = __efivars->ops->set_variable(entry->var.VariableName,
+					      &entry->var.VendorGuid,
+					      0, 0, NULL);
 
 	return efi_status_to_err(status);
 }
@@ -607,12 +624,17 @@ EXPORT_SYMBOL_GPL(__efivar_entry_delete);
  */
 int efivar_entry_delete(struct efivar_entry *entry)
 {
-	const struct efivar_operations *ops = __efivars->ops;
+	const struct efivar_operations *ops;
 	efi_status_t status;
 
 	if (down_interruptible(&efivars_lock))
 		return -EINTR;
 
+	if (!__efivars) {
+		up(&efivars_lock);
+		return -EINVAL;
+	}
+	ops = __efivars->ops;
 	status = ops->set_variable(entry->var.VariableName,
 				   &entry->var.VendorGuid,
 				   0, 0, NULL);
@@ -650,13 +672,19 @@ EXPORT_SYMBOL_GPL(efivar_entry_delete);
 int efivar_entry_set(struct efivar_entry *entry, u32 attributes,
 		     unsigned long size, void *data, struct list_head *head)
 {
-	const struct efivar_operations *ops = __efivars->ops;
+	const struct efivar_operations *ops;
 	efi_status_t status;
 	efi_char16_t *name = entry->var.VariableName;
 	efi_guid_t vendor = entry->var.VendorGuid;
 
 	if (down_interruptible(&efivars_lock))
 		return -EINTR;
+
+	if (!__efivars) {
+		up(&efivars_lock);
+		return -EINVAL;
+	}
+	ops = __efivars->ops;
 	if (head && efivar_entry_find(name, vendor, head, false)) {
 		up(&efivars_lock);
 		return -EEXIST;
@@ -687,12 +715,17 @@ static int
 efivar_entry_set_nonblocking(efi_char16_t *name, efi_guid_t vendor,
 			     u32 attributes, unsigned long size, void *data)
 {
-	const struct efivar_operations *ops = __efivars->ops;
+	const struct efivar_operations *ops;
 	efi_status_t status;
 
 	if (down_trylock(&efivars_lock))
 		return -EBUSY;
 
+	if (!__efivars) {
+		up(&efivars_lock);
+		return -EINVAL;
+	}
+
 	status = check_var_size_nonblocking(attributes,
 					    size + ucs2_strsize(name, 1024));
 	if (status != EFI_SUCCESS) {
@@ -700,6 +733,7 @@ efivar_entry_set_nonblocking(efi_char16_t *name, efi_guid_t vendor,
 		return -ENOSPC;
 	}
 
+	ops = __efivars->ops;
 	status = ops->set_variable_nonblocking(name, &vendor, attributes,
 					       size, data);
 
@@ -727,9 +761,13 @@ efivar_entry_set_nonblocking(efi_char16_t *name, efi_guid_t vendor,
 int efivar_entry_set_safe(efi_char16_t *name, efi_guid_t vendor, u32 attributes,
 			  bool block, unsigned long size, void *data)
 {
-	const struct efivar_operations *ops = __efivars->ops;
+	const struct efivar_operations *ops;
 	efi_status_t status;
 
+	if (!__efivars)
+		return -EINVAL;
+
+	ops = __efivars->ops;
 	if (!ops->query_variable_store)
 		return -ENOSYS;
 
@@ -829,13 +867,18 @@ EXPORT_SYMBOL_GPL(efivar_entry_find);
  */
 int efivar_entry_size(struct efivar_entry *entry, unsigned long *size)
 {
-	const struct efivar_operations *ops = __efivars->ops;
+	const struct efivar_operations *ops;
 	efi_status_t status;
 
 	*size = 0;
 
 	if (down_interruptible(&efivars_lock))
 		return -EINTR;
+	if (!__efivars) {
+		up(&efivars_lock);
+		return -EINVAL;
+	}
+	ops = __efivars->ops;
 	status = ops->get_variable(entry->var.VariableName,
 				   &entry->var.VendorGuid, NULL, size, NULL);
 	up(&efivars_lock);
@@ -861,12 +904,14 @@ EXPORT_SYMBOL_GPL(efivar_entry_size);
 int __efivar_entry_get(struct efivar_entry *entry, u32 *attributes,
 		       unsigned long *size, void *data)
 {
-	const struct efivar_operations *ops = __efivars->ops;
 	efi_status_t status;
 
-	status = ops->get_variable(entry->var.VariableName,
-				   &entry->var.VendorGuid,
-				   attributes, size, data);
+	if (!__efivars)
+		return -EINVAL;
+
+	status = __efivars->ops->get_variable(entry->var.VariableName,
+					      &entry->var.VendorGuid,
+					      attributes, size, data);
 
 	return efi_status_to_err(status);
 }
@@ -882,14 +927,19 @@ EXPORT_SYMBOL_GPL(__efivar_entry_get);
 int efivar_entry_get(struct efivar_entry *entry, u32 *attributes,
 		     unsigned long *size, void *data)
 {
-	const struct efivar_operations *ops = __efivars->ops;
 	efi_status_t status;
 
 	if (down_interruptible(&efivars_lock))
 		return -EINTR;
-	status = ops->get_variable(entry->var.VariableName,
-				   &entry->var.VendorGuid,
-				   attributes, size, data);
+
+	if (!__efivars) {
+		up(&efivars_lock);
+		return -EINVAL;
+	}
+
+	status = __efivars->ops->get_variable(entry->var.VariableName,
+					      &entry->var.VendorGuid,
+					      attributes, size, data);
 	up(&efivars_lock);
 
 	return efi_status_to_err(status);
@@ -921,7 +971,7 @@ EXPORT_SYMBOL_GPL(efivar_entry_get);
 int efivar_entry_set_get_size(struct efivar_entry *entry, u32 attributes,
 			      unsigned long *size, void *data, bool *set)
 {
-	const struct efivar_operations *ops = __efivars->ops;
+	const struct efivar_operations *ops;
 	efi_char16_t *name = entry->var.VariableName;
 	efi_guid_t *vendor = &entry->var.VendorGuid;
 	efi_status_t status;
@@ -940,6 +990,11 @@ int efivar_entry_set_get_size(struct efivar_entry *entry, u32 attributes,
 	if (down_interruptible(&efivars_lock))
 		return -EINTR;
 
+	if (!__efivars) {
+		err = -EINVAL;
+		goto out;
+	}
+
 	/*
 	 * Ensure that the available space hasn't shrunk below the safe level
 	 */
@@ -956,6 +1011,8 @@ int efivar_entry_set_get_size(struct efivar_entry *entry, u32 attributes,
 		}
 	}
 
+	ops = __efivars->ops;
+
 	status = ops->set_variable(name, vendor, attributes, *size, data);
 	if (status != EFI_SUCCESS) {
 		err = efi_status_to_err(status);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 089/258] s390/zcrypt: improve special ap message cmd handling
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (86 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 088/258] firmware/efi: Add NULL pointer checks in efivars API functions Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 090/258] mt76x0: dfs: fix IBI_R11 configuration on non-radar channels Sasha Levin
                   ` (168 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Harald Freudenberger, Martin Schwidefsky, Sasha Levin, linux-s390

From: Harald Freudenberger <freude@linux.ibm.com>

[ Upstream commit be534791011100d204602e2e0496e9e6ce8edf63 ]

There exist very few ap messages which need to have the 'special' flag
enabled. This flag tells the firmware layer to do some pre- and maybe
postprocessing. However, it may happen that this special flag is
enabled but the firmware is unable to deal with this kind of message
and thus returns with reply code 0x41. For example older firmware may
not know the newest messages triggered by the zcrypt device driver and
thus react with reject and the named reply code. Unfortunately this
reply code is not known to the zcrypt error routines and thus default
behavior is to switch the ap queue offline.

This patch now makes the ap error routine aware of the reply code and
so userspace is informed about the bad processing result but the queue
is not switched to offline state any more.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/s390/include/uapi/asm/zcrypt.h | 4 ++--
 drivers/s390/crypto/zcrypt_error.h  | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/s390/include/uapi/asm/zcrypt.h b/arch/s390/include/uapi/asm/zcrypt.h
index 2bb1f3bb98ac..48c784f2101a 100644
--- a/arch/s390/include/uapi/asm/zcrypt.h
+++ b/arch/s390/include/uapi/asm/zcrypt.h
@@ -147,8 +147,8 @@ struct ica_xcRB {
  * @cprb_len:		CPRB header length [0x0020]
  * @cprb_ver_id:	CPRB version id.   [0x04]
  * @pad_000:		Alignment pad bytes
- * @flags:		Admin cmd [0x80] or functional cmd [0x00]
- * @func_id:		Function id / subtype [0x5434]
+ * @flags:		Admin bit [0x80], Special bit [0x20]
+ * @func_id:		Function id / subtype [0x5434] "T4"
  * @source_id:		Source id [originator id]
  * @target_id:		Target id [usage/ctrl domain id]
  * @ret_code:		Return code
diff --git a/drivers/s390/crypto/zcrypt_error.h b/drivers/s390/crypto/zcrypt_error.h
index 6f7ebc1dbe10..2e1a27bd97d1 100644
--- a/drivers/s390/crypto/zcrypt_error.h
+++ b/drivers/s390/crypto/zcrypt_error.h
@@ -52,6 +52,7 @@ struct error_hdr {
 #define REP82_ERROR_FORMAT_FIELD	    0x29
 #define REP82_ERROR_INVALID_COMMAND	    0x30
 #define REP82_ERROR_MALFORMED_MSG	    0x40
+#define REP82_ERROR_INVALID_SPECIAL_CMD	    0x41
 #define REP82_ERROR_INVALID_DOMAIN_PRECHECK 0x42
 #define REP82_ERROR_RESERVED_FIELDO	    0x50 /* old value	*/
 #define REP82_ERROR_WORD_ALIGNMENT	    0x60
@@ -90,6 +91,7 @@ static inline int convert_error(struct zcrypt_queue *zq,
 	case REP88_ERROR_MESSAGE_MALFORMD:
 	case REP82_ERROR_INVALID_DOMAIN_PRECHECK:
 	case REP82_ERROR_INVALID_DOMAIN_PENDING:
+	case REP82_ERROR_INVALID_SPECIAL_CMD:
 	//   REP88_ERROR_INVALID_KEY		// '82' CEX2A
 	//   REP88_ERROR_OPERAND		// '84' CEX2A
 	//   REP88_ERROR_OPERAND_EVEN_MOD	// '85' CEX2A
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 090/258] mt76x0: dfs: fix IBI_R11 configuration on non-radar channels
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (87 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 089/258] s390/zcrypt: improve special ap message cmd handling Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 091/258] arm64: ftrace: don't adjust the LR value Sasha Levin
                   ` (167 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lorenzo Bianconi, Felix Fietkau, Sasha Levin, linux-wireless, netdev

From: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>

[ Upstream commit 6bf4a8e902aad7df55d7f2b10b850cfa3f880996 ]

Fix IBI_R11 configuration on non-radar channels for mt76x0e
driver. This patch improve system stability under heavy load.
Moreover use IBI_R11 name and remove magic numbers for
0x212c register

Fixes: 0c3b3abc9251 ("mt76x0: pci: add DFS support")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/mediatek/mt76/mt76x2_dfs.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/mediatek/mt76/mt76x2_dfs.c b/drivers/net/wireless/mediatek/mt76/mt76x2_dfs.c
index 374cc655c11d..16e6b6970e28 100644
--- a/drivers/net/wireless/mediatek/mt76/mt76x2_dfs.c
+++ b/drivers/net/wireless/mediatek/mt76/mt76x2_dfs.c
@@ -799,7 +799,7 @@ static void mt76x2_dfs_set_bbp_params(struct mt76x2_dev *dev)
 
 	/* enable detection*/
 	mt76_wr(dev, MT_BBP(DFS, 0), MT_DFS_CH_EN << 16);
-	mt76_wr(dev, 0x212c, 0x0c350001);
+	mt76_wr(dev, MT_BBP(IBI, 11), 0x0c350001);
 }
 
 void mt76x2_dfs_adjust_agc(struct mt76x2_dev *dev)
@@ -842,7 +842,11 @@ void mt76x2_dfs_init_params(struct mt76x2_dev *dev)
 		mt76_wr(dev, MT_BBP(DFS, 0), 0);
 		/* clear detector status */
 		mt76_wr(dev, MT_BBP(DFS, 1), 0xf);
-		mt76_wr(dev, 0x212c, 0);
+		if (mt76_chip(&dev->mt76) == 0x7610 ||
+		    mt76_chip(&dev->mt76) == 0x7630)
+			mt76_wr(dev, MT_BBP(IBI, 11), 0xfde8081);
+		else
+			mt76_wr(dev, MT_BBP(IBI, 11), 0);
 
 		mt76x2_irq_disable(dev, MT_INT_GPTIMER);
 		mt76_rmw_field(dev, MT_INT_TIMER_EN,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 091/258] arm64: ftrace: don't adjust the LR value
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (88 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 090/258] mt76x0: dfs: fix IBI_R11 configuration on non-radar channels Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 092/258] drm/v3d: Fix prime imports of buffers from other drivers Sasha Levin
                   ` (166 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Mark Rutland, AKASHI Takahiro, Ard Biesheuvel, Catalin Marinas,
	Torsten Duwe, Will Deacon, Sasha Levin

From: Mark Rutland <mark.rutland@arm.com>

[ Upstream commit 6e803e2e6e367db9a0d6ecae1bd24bb5752011bd ]

The core ftrace code requires that when it is handed the PC of an
instrumented function, this PC is the address of the instrumented
instruction. This is necessary so that the core ftrace code can identify
the specific instrumentation site. Since the instrumented function will
be a BL, the address of the instrumented function is LR - 4 at entry to
the ftrace code.

This fixup is applied in the mcount_get_pc and mcount_get_pc0 helpers,
which acquire the PC of the instrumented function.

The mcount_get_lr helper is used to acquire the LR of the instrumented
function, whose value does not require this adjustment, and cannot be
adjusted to anything meaningful. No adjustment of this value is made on
other architectures, including arm. However, arm64 adjusts this value by
4.

This patch brings arm64 in line with other architectures and removes the
adjustment of the LR value.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Torsten Duwe <duwe@suse.de>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/kernel/entry-ftrace.S | 1 -
 1 file changed, 1 deletion(-)

diff --git a/arch/arm64/kernel/entry-ftrace.S b/arch/arm64/kernel/entry-ftrace.S
index 1175f5827ae1..295951f3172e 100644
--- a/arch/arm64/kernel/entry-ftrace.S
+++ b/arch/arm64/kernel/entry-ftrace.S
@@ -79,7 +79,6 @@
 	.macro mcount_get_lr reg
 	ldr	\reg, [x29]
 	ldr	\reg, [\reg, #8]
-	mcount_adjust_addr	\reg, \reg
 	.endm
 
 	.macro mcount_get_lr_addr reg
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 092/258] drm/v3d: Fix prime imports of buffers from other drivers.
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (89 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 091/258] arm64: ftrace: don't adjust the LR value Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 093/258] ARM: dts: mmp2: fix TWSI2 Sasha Levin
                   ` (165 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Eric Anholt, Sasha Levin, dri-devel

From: Eric Anholt <eric@anholt.net>

[ Upstream commit 62d1a752874962f072de8a779e960fcd2ab4847b ]

v3d_bo_get_pages() checks this to decide to map the imported buffer
instead of the backing shmem file.  The caller was about to set this
value anyway, and there's no error path in between.  Ideally we
wouldn't even allocate the shmem file for our imports, but that's a
more invasive fix.

Signed-off-by: Eric Anholt <eric@anholt.net>
Fixes: 57692c94dcbe ("drm/v3d: Introduce a new DRM driver for Broadcom V3D V3.x+")
Link: https://patchwork.freedesktop.org/patch/msgid/20181128230927.10951-3-eric@anholt.net
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Dave Emett <david.emett@broadcom.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/v3d/v3d_bo.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/gpu/drm/v3d/v3d_bo.c b/drivers/gpu/drm/v3d/v3d_bo.c
index 54d96518a131..a08766d39eab 100644
--- a/drivers/gpu/drm/v3d/v3d_bo.c
+++ b/drivers/gpu/drm/v3d/v3d_bo.c
@@ -293,6 +293,7 @@ v3d_prime_import_sg_table(struct drm_device *dev,
 	bo->resv = attach->dmabuf->resv;
 
 	bo->sgt = sgt;
+	obj->import_attach = attach;
 	v3d_bo_get_pages(bo);
 
 	v3d_mmu_insert_ptes(bo);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 093/258] ARM: dts: mmp2: fix TWSI2
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (90 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 092/258] drm/v3d: Fix prime imports of buffers from other drivers Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 094/258] nfp: add locking around representor changes Sasha Levin
                   ` (164 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lubomir Rintel, Olof Johansson, Sasha Levin, devicetree

From: Lubomir Rintel <lkundrak@v3.sk>

[ Upstream commit 1147e05ac9fc2ef86a3691e7ca5c2db7602d81dd ]

Marvell keeps their MMP2 datasheet secret, but there are good clues
that TWSI2 is not on 0xd4025000 on that platform, not does it use
IRQ 58. In fact, the IRQ 58 on MMP2 seems to be a signal processor:

   arch/arm/mach-mmp/irqs.h:#define IRQ_MMP2_MSP  58

I'm taking a somewhat educated guess that is probably a copy & paste
error from PXA168 or PXA910 and that the real controller in fact hides
at address 0xd4031000 and uses an interrupt line multiplexed via IRQ 17.

I'm also copying some properties from TWSI1 that were missing or
incorrect.

Tested on a OLPC XO 1.75 machine, where the RTC is on TWSI2.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Tested-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/mmp2.dtsi | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/arch/arm/boot/dts/mmp2.dtsi b/arch/arm/boot/dts/mmp2.dtsi
index 766bbb8495b6..47e5b63339d1 100644
--- a/arch/arm/boot/dts/mmp2.dtsi
+++ b/arch/arm/boot/dts/mmp2.dtsi
@@ -220,12 +220,15 @@
 				status = "disabled";
 			};
 
-			twsi2: i2c@d4025000 {
+			twsi2: i2c@d4031000 {
 				compatible = "mrvl,mmp-twsi";
-				reg = <0xd4025000 0x1000>;
-				interrupts = <58>;
+				reg = <0xd4031000 0x1000>;
+				interrupt-parent = <&intcmux17>;
+				interrupts = <0>;
 				clocks = <&soc_clocks MMP2_CLK_TWSI1>;
 				resets = <&soc_clocks MMP2_CLK_TWSI1>;
+				#address-cells = <1>;
+				#size-cells = <0>;
 				status = "disabled";
 			};
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 094/258] nfp: add locking around representor changes
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (91 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 093/258] ARM: dts: mmp2: fix TWSI2 Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 16:28   ` Jakub Kicinski
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 095/258] ARM: mmp/mmp2: dt: enable the clock Sasha Levin
                   ` (163 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jakub Kicinski, David S . Miller, Sasha Levin, oss-drivers, netdev

From: Jakub Kicinski <jakub.kicinski@netronome.com>

[ Upstream commit 71844fac1ed459024dd2a448d63d5b28b8c87daa ]

Up until now we never needed to keep a networking locks around
representors accesses, we only accessed them when device was
reconfigured (under nfp pf->lock) or on fast path (under RCU).
Now we want to be able to iterate over all representors during
notifications, so make sure representor assignment is done
under RTNL lock.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: John Hurley <john.hurley@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/netronome/nfp/abm/main.c     | 4 ++++
 drivers/net/ethernet/netronome/nfp/nfp_app.c      | 2 ++
 drivers/net/ethernet/netronome/nfp/nfp_net_repr.c | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/drivers/net/ethernet/netronome/nfp/abm/main.c b/drivers/net/ethernet/netronome/nfp/abm/main.c
index b84a6c2d387b..04ef4b986a43 100644
--- a/drivers/net/ethernet/netronome/nfp/abm/main.c
+++ b/drivers/net/ethernet/netronome/nfp/abm/main.c
@@ -415,7 +415,9 @@ nfp_abm_spawn_repr(struct nfp_app *app, struct nfp_abm_link *alink,
 
 	reprs = nfp_reprs_get_locked(app, rtype);
 	WARN(nfp_repr_get_locked(app, reprs, alink->id), "duplicate repr");
+	rtnl_lock();
 	rcu_assign_pointer(reprs->reprs[alink->id], netdev);
+	rtnl_unlock();
 
 	nfp_info(app->cpp, "%s Port %d Representor(%s) created\n",
 		 ptype == NFP_PORT_PF_PORT ? "PCIe" : "Phys",
@@ -441,7 +443,9 @@ nfp_abm_kill_repr(struct nfp_app *app, struct nfp_abm_link *alink,
 	netdev = nfp_repr_get_locked(app, reprs, alink->id);
 	if (!netdev)
 		return;
+	rtnl_lock();
 	rcu_assign_pointer(reprs->reprs[alink->id], NULL);
+	rtnl_unlock();
 	synchronize_rcu();
 	/* Cast to make sure nfp_repr_clean_and_free() takes a nfp_repr */
 	nfp_repr_clean_and_free((struct nfp_repr *)netdev_priv(netdev));
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_app.c b/drivers/net/ethernet/netronome/nfp/nfp_app.c
index 8607d09ab732..ba6abe652cce 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_app.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_app.c
@@ -156,7 +156,9 @@ nfp_app_reprs_set(struct nfp_app *app, enum nfp_repr_type type,
 	struct nfp_reprs *old;
 
 	old = nfp_reprs_get_locked(app, type);
+	rtnl_lock();
 	rcu_assign_pointer(app->reprs[type], reprs);
+	rtnl_unlock();
 
 	return old;
 }
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_repr.c b/drivers/net/ethernet/netronome/nfp/nfp_net_repr.c
index 18a09cdcd9c6..6985db8822bd 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_repr.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_repr.c
@@ -472,7 +472,9 @@ int nfp_reprs_resync_phys_ports(struct nfp_app *app)
 			continue;
 
 		nfp_app_repr_preclean(app, netdev);
+		rtnl_lock();
 		rcu_assign_pointer(reprs->reprs[i], NULL);
+		rtnl_unlock();
 		synchronize_rcu();
 		nfp_repr_clean(repr);
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 095/258] ARM: mmp/mmp2: dt: enable the clock
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (92 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 094/258] nfp: add locking around representor changes Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 096/258] ARM: dts: aspeed: add missing memory unit-address Sasha Levin
                   ` (162 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Lubomir Rintel, Olof Johansson, Sasha Levin

From: Lubomir Rintel <lkundrak@v3.sk>

[ Upstream commit f36797ee43802b367e59f0f9a9805304a4ff0c98 ]

The device-tree booted MMP2 needs to enable the timer clock, otherwise
it would stop ticking when the boot finishes.

It can also use the clock rate from the clk, the non-DT boards need to
keep using the hardcoded rates.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-mmp/common.h |  2 +-
 arch/arm/mach-mmp/mmp2.c   |  2 +-
 arch/arm/mach-mmp/pxa168.c |  2 +-
 arch/arm/mach-mmp/time.c   | 32 ++++++++++++++++++++------------
 4 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/arch/arm/mach-mmp/common.h b/arch/arm/mach-mmp/common.h
index 7e284d9c429f..5ac2851ef5d3 100644
--- a/arch/arm/mach-mmp/common.h
+++ b/arch/arm/mach-mmp/common.h
@@ -2,7 +2,7 @@
 #include <linux/reboot.h>
 #define ARRAY_AND_SIZE(x)	(x), ARRAY_SIZE(x)
 
-extern void timer_init(int irq);
+extern void timer_init(int irq, unsigned long rate);
 
 extern void __init mmp_map_io(void);
 extern void mmp_restart(enum reboot_mode, const char *);
diff --git a/arch/arm/mach-mmp/mmp2.c b/arch/arm/mach-mmp/mmp2.c
index afba5460cdaf..fb3e7e32c882 100644
--- a/arch/arm/mach-mmp/mmp2.c
+++ b/arch/arm/mach-mmp/mmp2.c
@@ -134,7 +134,7 @@ void __init mmp2_timer_init(void)
 	clk_rst = APBC_APBCLK | APBC_FNCLK | APBC_FNCLKSEL(1);
 	__raw_writel(clk_rst, APBC_TIMERS);
 
-	timer_init(IRQ_MMP2_TIMER1);
+	timer_init(IRQ_MMP2_TIMER1, 6500000);
 }
 
 /* on-chip devices */
diff --git a/arch/arm/mach-mmp/pxa168.c b/arch/arm/mach-mmp/pxa168.c
index 0f5f16fb8c66..77a358165a56 100644
--- a/arch/arm/mach-mmp/pxa168.c
+++ b/arch/arm/mach-mmp/pxa168.c
@@ -79,7 +79,7 @@ void __init pxa168_timer_init(void)
 	/* 3.25MHz, bus/functional clock enabled, release reset */
 	__raw_writel(TIMER_CLK_RST, APBC_TIMERS);
 
-	timer_init(IRQ_PXA168_TIMER1);
+	timer_init(IRQ_PXA168_TIMER1, 6500000);
 }
 
 void pxa168_clear_keypad_wakeup(void)
diff --git a/arch/arm/mach-mmp/time.c b/arch/arm/mach-mmp/time.c
index 96ad1db0b04b..eab0fd8a7343 100644
--- a/arch/arm/mach-mmp/time.c
+++ b/arch/arm/mach-mmp/time.c
@@ -22,6 +22,7 @@
 #include <linux/kernel.h>
 #include <linux/interrupt.h>
 #include <linux/clockchips.h>
+#include <linux/clk.h>
 
 #include <linux/io.h>
 #include <linux/irq.h>
@@ -38,12 +39,6 @@
 #include "cputype.h"
 #include "clock.h"
 
-#ifdef CONFIG_CPU_MMP2
-#define MMP_CLOCK_FREQ		6500000
-#else
-#define MMP_CLOCK_FREQ		3250000
-#endif
-
 #define TIMERS_VIRT_BASE	TIMERS1_VIRT_BASE
 
 #define MAX_DELTA		(0xfffffffe)
@@ -189,19 +184,18 @@ static struct irqaction timer_irq = {
 	.dev_id		= &ckevt,
 };
 
-void __init timer_init(int irq)
+void __init timer_init(int irq, unsigned long rate)
 {
 	timer_config();
 
-	sched_clock_register(mmp_read_sched_clock, 32, MMP_CLOCK_FREQ);
+	sched_clock_register(mmp_read_sched_clock, 32, rate);
 
 	ckevt.cpumask = cpumask_of(0);
 
 	setup_irq(irq, &timer_irq);
 
-	clocksource_register_hz(&cksrc, MMP_CLOCK_FREQ);
-	clockevents_config_and_register(&ckevt, MMP_CLOCK_FREQ,
-					MIN_DELTA, MAX_DELTA);
+	clocksource_register_hz(&cksrc, rate);
+	clockevents_config_and_register(&ckevt, rate, MIN_DELTA, MAX_DELTA);
 }
 
 #ifdef CONFIG_OF
@@ -213,7 +207,9 @@ static const struct of_device_id mmp_timer_dt_ids[] = {
 void __init mmp_dt_init_timer(void)
 {
 	struct device_node *np;
+	struct clk *clk;
 	int irq, ret;
+	unsigned long rate;
 
 	np = of_find_matching_node(NULL, mmp_timer_dt_ids);
 	if (!np) {
@@ -221,6 +217,18 @@ void __init mmp_dt_init_timer(void)
 		goto out;
 	}
 
+	clk = of_clk_get(np, 0);
+	if (!IS_ERR(clk)) {
+		ret = clk_prepare_enable(clk);
+		if (ret)
+			goto out;
+		rate = clk_get_rate(clk) / 2;
+	} else if (cpu_is_pj4()) {
+		rate = 6500000;
+	} else {
+		rate = 3250000;
+	}
+
 	irq = irq_of_parse_and_map(np, 0);
 	if (!irq) {
 		ret = -EINVAL;
@@ -231,7 +239,7 @@ void __init mmp_dt_init_timer(void)
 		ret = -ENOMEM;
 		goto out;
 	}
-	timer_init(irq);
+	timer_init(irq, rate);
 	return;
 out:
 	pr_err("Failed to get timer from device tree with error:%d\n", ret);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 096/258] ARM: dts: aspeed: add missing memory unit-address
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (93 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 095/258] ARM: mmp/mmp2: dt: enable the clock Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 097/258] x86/fpu: Add might_fault() to user_insn() Sasha Levin
                   ` (161 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Rob Herring, Joel Stanley, Andrew Jeffery, devicetree,
	linux-arm-kernel, linux-aspeed, Olof Johansson, Sasha Levin

From: Rob Herring <robh@kernel.org>

[ Upstream commit 8ef86955fe59f7912a40d57ae4c6d511f0187b4d ]

The base aspeed-g5.dtsi already defines a '/memory@80000000' node, so
'/memory' in the board files create a duplicate node. We're probably
getting lucky that the bootloader fixes up the memory node that the
kernel ends up using. Add the unit-address so it's merged with the base
node.

Found with DT json-schema checks.

Cc: Joel Stanley <joel@jms.id.au>
Cc: Andrew Jeffery <andrew@aj.id.au>
Cc: devicetree@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-aspeed@lists.ozlabs.org
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/aspeed-bmc-arm-centriq2400-rep.dts | 2 +-
 arch/arm/boot/dts/aspeed-bmc-intel-s2600wf.dts       | 2 +-
 arch/arm/boot/dts/aspeed-bmc-opp-lanyang.dts         | 3 +--
 arch/arm/boot/dts/aspeed-bmc-portwell-neptune.dts    | 2 +-
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/arch/arm/boot/dts/aspeed-bmc-arm-centriq2400-rep.dts b/arch/arm/boot/dts/aspeed-bmc-arm-centriq2400-rep.dts
index df1227613d48..c2ece0b91885 100644
--- a/arch/arm/boot/dts/aspeed-bmc-arm-centriq2400-rep.dts
+++ b/arch/arm/boot/dts/aspeed-bmc-arm-centriq2400-rep.dts
@@ -13,7 +13,7 @@
 		bootargs = "console=ttyS4,115200 earlyprintk";
 	};
 
-	memory {
+	memory@80000000 {
 		reg = <0x80000000 0x40000000>;
 	};
 
diff --git a/arch/arm/boot/dts/aspeed-bmc-intel-s2600wf.dts b/arch/arm/boot/dts/aspeed-bmc-intel-s2600wf.dts
index 7a291de02543..22dade6393d0 100644
--- a/arch/arm/boot/dts/aspeed-bmc-intel-s2600wf.dts
+++ b/arch/arm/boot/dts/aspeed-bmc-intel-s2600wf.dts
@@ -13,7 +13,7 @@
 		bootargs = "earlyprintk";
 	};
 
-	memory {
+	memory@80000000 {
 		reg = <0x80000000 0x20000000>;
 	};
 
diff --git a/arch/arm/boot/dts/aspeed-bmc-opp-lanyang.dts b/arch/arm/boot/dts/aspeed-bmc-opp-lanyang.dts
index d598b6391362..024e52a6cd0f 100644
--- a/arch/arm/boot/dts/aspeed-bmc-opp-lanyang.dts
+++ b/arch/arm/boot/dts/aspeed-bmc-opp-lanyang.dts
@@ -14,7 +14,7 @@
 		bootargs = "console=ttyS4,115200 earlyprintk";
 	};
 
-	memory {
+	memory@80000000 {
 		reg = <0x80000000 0x40000000>;
 	};
 
@@ -322,4 +322,3 @@
 &adc {
 	status = "okay";
 };
-
diff --git a/arch/arm/boot/dts/aspeed-bmc-portwell-neptune.dts b/arch/arm/boot/dts/aspeed-bmc-portwell-neptune.dts
index 43ed13963d35..33d704541de6 100644
--- a/arch/arm/boot/dts/aspeed-bmc-portwell-neptune.dts
+++ b/arch/arm/boot/dts/aspeed-bmc-portwell-neptune.dts
@@ -17,7 +17,7 @@
 		bootargs = "console=ttyS4,115200 earlyprintk";
 	};
 
-	memory {
+	memory@80000000 {
 		reg = <0x80000000 0x20000000>;
 	};
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 097/258] x86/fpu: Add might_fault() to user_insn()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (94 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 096/258] ARM: dts: aspeed: add missing memory unit-address Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 098/258] media: i2c: TDA1997x: select CONFIG_HDMI Sasha Levin
                   ` (160 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sebastian Andrzej Siewior, Borislav Petkov, H. Peter Anvin,
	Jason A. Donenfeld, Andy Lutomirski, Dave Hansen, Ingo Molnar,
	Jann Horn, Paolo Bonzini, Radim Krčmář,
	Thomas Gleixner, kvm ML, x86-ml, Sasha Levin

From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>

[ Upstream commit 6637401c35b2f327a35d27f44bda05e327f2f017 ]

Every user of user_insn() passes an user memory pointer to this macro.

Add might_fault() to user_insn() so we can spot users which are using
this macro in sections where page faulting is not allowed.

 [ bp: Space it out to make it more visible. ]

Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Borislav Petkov <bp@suse.de>
Reviewed-by: Rik van Riel <riel@surriel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kvm ML <kvm@vger.kernel.org>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20181128222035.2996-6-bigeasy@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/include/asm/fpu/internal.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h
index 69dcdf195b61..fa2c93cb42a2 100644
--- a/arch/x86/include/asm/fpu/internal.h
+++ b/arch/x86/include/asm/fpu/internal.h
@@ -106,6 +106,9 @@ extern void fpstate_sanitize_xstate(struct fpu *fpu);
 #define user_insn(insn, output, input...)				\
 ({									\
 	int err;							\
+									\
+	might_fault();							\
+									\
 	asm volatile(ASM_STAC "\n"					\
 		     "1:" #insn "\n\t"					\
 		     "2: " ASM_CLAC "\n"				\
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 098/258] media: i2c: TDA1997x: select CONFIG_HDMI
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (95 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 097/258] x86/fpu: Add might_fault() to user_insn() Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 099/258] media: DaVinci-VPBE: fix error handling in vpbe_initialize() Sasha Levin
                   ` (159 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnd Bergmann, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin,
	linux-media

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 79e89e36dc8a47ef965a35b484d737a5227feed1 ]

Without CONFIG_HDMI, we get a link error for this driver:

drivers/media/i2c/tda1997x.o: In function `tda1997x_parse_infoframe':
tda1997x.c:(.text+0x2195): undefined reference to `hdmi_infoframe_unpack'
tda1997x.c:(.text+0x21b6): undefined reference to `hdmi_infoframe_log'
drivers/media/i2c/tda1997x.o: In function `tda1997x_log_infoframe':
tda1997x.c:(.text.unlikely+0x13d3): undefined reference to `hdmi_infoframe_unpack'
tda1997x.c:(.text.unlikely+0x1426): undefined reference to `hdmi_infoframe_log'

All other drivers in this directory that use HDMI select CONFIG_HDMI,
so do the same here:

Fixes: 9ac0038db9a7 ("media: i2c: Add TDA1997x HDMI receiver driver")

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/i2c/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/media/i2c/Kconfig b/drivers/media/i2c/Kconfig
index 82af97430e5b..041a777dfdee 100644
--- a/drivers/media/i2c/Kconfig
+++ b/drivers/media/i2c/Kconfig
@@ -61,6 +61,7 @@ config VIDEO_TDA1997X
 	depends on VIDEO_V4L2 && I2C && VIDEO_V4L2_SUBDEV_API
 	depends on SND_SOC
 	select SND_PCM
+	select HDMI
 	---help---
 	  V4L2 subdevice driver for the NXP TDA1997x HDMI receivers.
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 099/258] media: DaVinci-VPBE: fix error handling in vpbe_initialize()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (96 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 098/258] media: i2c: TDA1997x: select CONFIG_HDMI Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 100/258] smack: fix access permissions for keyring Sasha Levin
                   ` (158 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexey Khoroshilov, Hans Verkuil, Mauro Carvalho Chehab,
	Sasha Levin, linux-media

From: Alexey Khoroshilov <khoroshilov@ispras.ru>

[ Upstream commit aa35dc3c71950e3fec3e230c06c27c0fbd0067f8 ]

If vpbe_set_default_output() or vpbe_set_default_mode() fails,
vpbe_initialize() returns error code without releasing resources.

The patch adds error handling for that case.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/platform/davinci/vpbe.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/drivers/media/platform/davinci/vpbe.c b/drivers/media/platform/davinci/vpbe.c
index 18c035ef84cf..df1ae6b5c854 100644
--- a/drivers/media/platform/davinci/vpbe.c
+++ b/drivers/media/platform/davinci/vpbe.c
@@ -740,7 +740,7 @@ static int vpbe_initialize(struct device *dev, struct vpbe_device *vpbe_dev)
 	if (ret) {
 		v4l2_err(&vpbe_dev->v4l2_dev, "Failed to set default output %s",
 			 def_output);
-		return ret;
+		goto fail_kfree_amp;
 	}
 
 	printk(KERN_NOTICE "Setting default mode to %s\n", def_mode);
@@ -748,12 +748,15 @@ static int vpbe_initialize(struct device *dev, struct vpbe_device *vpbe_dev)
 	if (ret) {
 		v4l2_err(&vpbe_dev->v4l2_dev, "Failed to set default mode %s",
 			 def_mode);
-		return ret;
+		goto fail_kfree_amp;
 	}
 	vpbe_dev->initialized = 1;
 	/* TBD handling of bootargs for default output and mode */
 	return 0;
 
+fail_kfree_amp:
+	mutex_lock(&vpbe_dev->lock);
+	kfree(vpbe_dev->amp);
 fail_kfree_encoders:
 	kfree(vpbe_dev->encoders);
 fail_dev_unregister:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 100/258] smack: fix access permissions for keyring
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (97 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 099/258] media: DaVinci-VPBE: fix error handling in vpbe_initialize() Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 101/258] xtensa: xtfpga.dtsi: fix dtc warnings about SPI Sasha Levin
                   ` (157 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Zoran Markovic, Casey Schaufler, James Morris, Serge E. Hallyn,
	Sasha Levin, linux-security-module

From: Zoran Markovic <zmarkovic@sierrawireless.com>

[ Upstream commit 5b841bfab695e3b8ae793172a9ff7990f99cc3e2 ]

Function smack_key_permission() only issues smack requests for the
following operations:
 - KEY_NEED_READ (issues MAY_READ)
 - KEY_NEED_WRITE (issues MAY_WRITE)
 - KEY_NEED_LINK (issues MAY_WRITE)
 - KEY_NEED_SETATTR (issues MAY_WRITE)
A blank smack request is issued in all other cases, resulting in
smack access being granted if there is any rule defined between
subject and object, or denied with -EACCES otherwise.

Request MAY_READ access for KEY_NEED_SEARCH and KEY_NEED_VIEW.
Fix the logic in the unlikely case when both MAY_READ and
MAY_WRITE are needed. Validate access permission field for valid
contents.

Signed-off-by: Zoran Markovic <zmarkovic@sierrawireless.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 security/smack/smack_lsm.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 70d3066e69fe..017c47eb795e 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4333,6 +4333,12 @@ static int smack_key_permission(key_ref_t key_ref,
 	int request = 0;
 	int rc;
 
+	/*
+	 * Validate requested permissions
+	 */
+	if (perm & ~KEY_NEED_ALL)
+		return -EINVAL;
+
 	keyp = key_ref_to_ptr(key_ref);
 	if (keyp == NULL)
 		return -EINVAL;
@@ -4356,10 +4362,10 @@ static int smack_key_permission(key_ref_t key_ref,
 	ad.a.u.key_struct.key = keyp->serial;
 	ad.a.u.key_struct.key_desc = keyp->description;
 #endif
-	if (perm & KEY_NEED_READ)
-		request = MAY_READ;
+	if (perm & (KEY_NEED_READ | KEY_NEED_SEARCH | KEY_NEED_VIEW))
+		request |= MAY_READ;
 	if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
-		request = MAY_WRITE;
+		request |= MAY_WRITE;
 	rc = smk_access(tkp, keyp->security, request, &ad);
 	rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
 	return rc;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 101/258] xtensa: xtfpga.dtsi: fix dtc warnings about SPI
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (98 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 100/258] smack: fix access permissions for keyring Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 102/258] usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() Sasha Levin
                   ` (156 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Max Filippov, Sasha Levin, devicetree, linux-xtensa

From: Max Filippov <jcmvbkbc@gmail.com>

[ Upstream commit f37598be4e3896359e87c824be57ddddc280cc3f ]

Rename SPI controller node in the XTFPGA DTS to spi@...
This fixes the following build warnings:

arch/xtensa/boot/dts/kc705_nommu.dtb: Warning (spi_bus_bridge):
 /soc/spi-master@0d0a0000: node name for SPI buses should be 'spi'
arch/xtensa/boot/dts/kc705_nommu.dtb: Warning (spi_bus_reg):
 Failed prerequisite 'spi_bus_bridge'
arch/xtensa/boot/dts/lx200mx.dtb: Warning (spi_bus_bridge):
 /soc/spi-master@0d0a0000: node name for SPI buses should be 'spi'
arch/xtensa/boot/dts/lx200mx.dtb: Warning (spi_bus_reg):
 Failed prerequisite 'spi_bus_bridge'
arch/xtensa/boot/dts/kc705.dtb: Warning (spi_bus_bridge):
 /soc/spi-master@0d0a0000: node name for SPI buses should be 'spi'
arch/xtensa/boot/dts/kc705.dtb: Warning (spi_bus_reg):
 Failed prerequisite 'spi_bus_bridge'
arch/xtensa/boot/dts/ml605.dtb: Warning (spi_bus_bridge):
 /soc/spi-master@0d0a0000: node name for SPI buses should be 'spi'
arch/xtensa/boot/dts/ml605.dtb: Warning (spi_bus_reg):
 Failed prerequisite 'spi_bus_bridge'
arch/xtensa/boot/dts/lx60.dtb: Warning (spi_bus_bridge):
 /soc/spi-master@0d0a0000: node name for SPI buses should be 'spi'
arch/xtensa/boot/dts/lx60.dtb: Warning (spi_bus_reg):
 Failed prerequisite 'spi_bus_bridge'

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/xtensa/boot/dts/xtfpga.dtsi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/xtensa/boot/dts/xtfpga.dtsi b/arch/xtensa/boot/dts/xtfpga.dtsi
index 1090528825ec..e46ae07bab05 100644
--- a/arch/xtensa/boot/dts/xtfpga.dtsi
+++ b/arch/xtensa/boot/dts/xtfpga.dtsi
@@ -103,7 +103,7 @@
 			};
 		};
 
-		spi0: spi-master@0d0a0000 {
+		spi0: spi@0d0a0000 {
 			compatible = "cdns,xtfpga-spi";
 			#address-cells = <1>;
 			#size-cells = <0>;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 102/258] usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (99 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 101/258] xtensa: xtfpga.dtsi: fix dtc warnings about SPI Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 103/258] usb: dwc2: Disable power down feature on Samsung SoCs Sasha Levin
                   ` (155 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Anurag Kumar Vulisha, Felipe Balbi, Sasha Levin, linux-usb

From: Anurag Kumar Vulisha <anurag.kumar.vulisha@xilinx.com>

[ Upstream commit b7a4fbe2300a8965ea760c7e871507b84aea17f6 ]

Availability of TRB's is calculated using dwc3_calc_trbs_left(), which
determines total available TRB's based on the HWO bit set in a TRB.

In the present code, __dwc3_prepare_one_trb() is called with a TRB which
needs to be prepared for transfer. This __dwc3_prepare_one_trb() calls
dwc3_calc_trbs_left() to determine total available TRBs and set IOC bit
if the total available TRBs are zero. Since the present working TRB (which
is passed as an argument to __dwc3_prepare_one_trb() )  doesn't yet have
the HWO bit set before calling dwc3_calc_trbs_left(), there are chances
that dwc3_calc_trbs_left() wrongly calculates this present working TRB
as free(since the HWO bit is not yet set) and returns the total available
TRBs as greater than zero (including the present working TRB). This could
be a problem.

This patch corrects the above mentioned problem in __dwc3_prepare_one_trb()
by increementing the dep->trb_enqueue at the last (after preparing the TRB)
instead of increementing at the start and setting the IOC bit only if the
total available TRBs returned by dwc3_calc_trbs_left() is 1 . Since we are
increementing the dep->trb_enqueue at the last, the present working TRB is
also considered as available by dwc3_calc_trbs_left() and non zero value is
returned . So, according to the modified logic, when the total available
TRBs is equal to 1 that means the total available TRBs in the pool are 0.

Signed-off-by: Anurag Kumar Vulisha <anurag.kumar.vulisha@xilinx.com>
Reviewed-by: Thinh Nguyen <thinhn@synopsys.com>
Tested-by: Tejas Joglekar <tejas.joglekar@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/dwc3/gadget.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 558949b826d0..a9f22a0a3462 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -910,8 +910,6 @@ static void __dwc3_prepare_one_trb(struct dwc3_ep *dep, struct dwc3_trb *trb,
 	struct usb_gadget	*gadget = &dwc->gadget;
 	enum usb_device_speed	speed = gadget->speed;
 
-	dwc3_ep_inc_enq(dep);
-
 	trb->size = DWC3_TRB_SIZE_LENGTH(length);
 	trb->bpl = lower_32_bits(dma);
 	trb->bph = upper_32_bits(dma);
@@ -990,7 +988,7 @@ static void __dwc3_prepare_one_trb(struct dwc3_ep *dep, struct dwc3_trb *trb,
 	}
 
 	if ((!no_interrupt && !chain) ||
-			(dwc3_calc_trbs_left(dep) == 0))
+			(dwc3_calc_trbs_left(dep) == 1))
 		trb->ctrl |= DWC3_TRB_CTRL_IOC;
 
 	if (chain)
@@ -1001,6 +999,8 @@ static void __dwc3_prepare_one_trb(struct dwc3_ep *dep, struct dwc3_trb *trb,
 
 	trb->ctrl |= DWC3_TRB_CTRL_HWO;
 
+	dwc3_ep_inc_enq(dep);
+
 	trace_dwc3_prepare_trb(dep, trb);
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 103/258] usb: dwc2: Disable power down feature on Samsung SoCs
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (100 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 102/258] usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 104/258] usb: hub: delay hub autosuspend if USB3 port is still link training Sasha Levin
                   ` (154 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Marek Szyprowski, Felipe Balbi, Sasha Levin, linux-usb

From: Marek Szyprowski <m.szyprowski@samsung.com>

[ Upstream commit 35a6054132286a4ab92b536595093b82e6bdfcbc ]

Power down feature of DWC2 module integrated in Samsung SoCs doesn't work
properly or needs some additional handling in PHY or SoC glue layer, so
disable it for now. Without disabling power down, DWC2 causes random memory
trashes and fails enumeration if there is no USB link to host on driver
probe.

Fixes: 03ea6d6e9e1ff1 ("usb: dwc2: Enable power down")
Acked-by: Minas Harutyunyan <hminas@synopsys.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/dwc2/params.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/drivers/usb/dwc2/params.c b/drivers/usb/dwc2/params.c
index ef2c199e6059..dff2c6e8d797 100644
--- a/drivers/usb/dwc2/params.c
+++ b/drivers/usb/dwc2/params.c
@@ -71,6 +71,13 @@ static void dwc2_set_his_params(struct dwc2_hsotg *hsotg)
 	p->power_down = false;
 }
 
+static void dwc2_set_s3c6400_params(struct dwc2_hsotg *hsotg)
+{
+	struct dwc2_core_params *p = &hsotg->params;
+
+	p->power_down = 0;
+}
+
 static void dwc2_set_rk_params(struct dwc2_hsotg *hsotg)
 {
 	struct dwc2_core_params *p = &hsotg->params;
@@ -151,7 +158,8 @@ const struct of_device_id dwc2_of_match_table[] = {
 	{ .compatible = "lantiq,arx100-usb", .data = dwc2_set_ltq_params },
 	{ .compatible = "lantiq,xrx200-usb", .data = dwc2_set_ltq_params },
 	{ .compatible = "snps,dwc2" },
-	{ .compatible = "samsung,s3c6400-hsotg" },
+	{ .compatible = "samsung,s3c6400-hsotg",
+	  .data = dwc2_set_s3c6400_params },
 	{ .compatible = "amlogic,meson8-usb",
 	  .data = dwc2_set_amlogic_params },
 	{ .compatible = "amlogic,meson8b-usb",
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 104/258] usb: hub: delay hub autosuspend if USB3 port is still link training
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (101 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 103/258] usb: dwc2: Disable power down feature on Samsung SoCs Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 105/258] timekeeping: Use proper seqcount initializer Sasha Levin
                   ` (153 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Mathias Nyman, Greg Kroah-Hartman, Sasha Levin, linux-usb

From: Mathias Nyman <mathias.nyman@linux.intel.com>

[ Upstream commit e86108940e541febf35813402ff29fa6f4a9ac0b ]

When initializing a hub we want to give a USB3 port in link training
the same debounce delay time before autosuspening the hub as already
trained, connected enabled ports.

USB3 ports won't reach the enabled state with "current connect status" and
"connect status change" bits set until the USB3 link training finishes.

Catching the port in link training (polling) and adding the debounce delay
prevents unnecessary failed attempts to autosuspend the hub.

Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/core/hub.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
index cc62707c0251..3adff4da2ee1 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -1111,6 +1111,16 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type)
 						   USB_PORT_FEAT_ENABLE);
 		}
 
+		/*
+		 * Add debounce if USB3 link is in polling/link training state.
+		 * Link will automatically transition to Enabled state after
+		 * link training completes.
+		 */
+		if (hub_is_superspeed(hdev) &&
+		    ((portstatus & USB_PORT_STAT_LINK_STATE) ==
+						USB_SS_PORT_LS_POLLING))
+			need_debounce_delay = true;
+
 		/* Clear status-change flags; we'll debounce later */
 		if (portchange & USB_PORT_STAT_C_CONNECTION) {
 			need_debounce_delay = true;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 105/258] timekeeping: Use proper seqcount initializer
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (102 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 104/258] usb: hub: delay hub autosuspend if USB3 port is still link training Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 106/258] usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) Sasha Levin
                   ` (152 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Bart Van Assche, Thomas Gleixner, peterz, tj, johannes.berg, Sasha Levin

From: Bart Van Assche <bvanassche@acm.org>

[ Upstream commit ce10a5b3954f2514af726beb78ed8d7350c5e41c ]

tk_core.seq is initialized open coded, but that misses to initialize the
lockdep map when lockdep is enabled. Lockdep splats involving tk_core seq
consequently lack a name and are hard to read.

Use the proper initializer which takes care of the lockdep map
initialization.

[ tglx: Massaged changelog ]

Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: peterz@infradead.org
Cc: tj@kernel.org
Cc: johannes.berg@intel.com
Link: https://lkml.kernel.org/r/20181128234325.110011-12-bvanassche@acm.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/time/timekeeping.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
index f3b22f456fac..7846ce24ecc0 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -50,7 +50,9 @@ enum timekeeping_adv_mode {
 static struct {
 	seqcount_t		seq;
 	struct timekeeper	timekeeper;
-} tk_core ____cacheline_aligned;
+} tk_core ____cacheline_aligned = {
+	.seq = SEQCNT_ZERO(tk_core.seq),
+};
 
 static DEFINE_RAW_SPINLOCK(timekeeper_lock);
 static struct timekeeper shadow_timekeeper;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 106/258] usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (103 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 105/258] timekeeping: Use proper seqcount initializer Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 107/258] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks Sasha Levin
                   ` (151 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Chunfeng Yun, Felipe Balbi, Sasha Levin

From: Chunfeng Yun <chunfeng.yun@mediatek.com>

[ Upstream commit a0678e2eed41e81004308693ac84ea95614b0920 ]

Fix the issue: device doesn't accept LGO_U1/U2:
1. set SW_U1/U2_ACCEPT_ENABLE to eanble controller to accept LGO_U1/U2
    by default;
2. enable/disable controller to initiate requests for transition into
    U1/U2 by SW_U1/U2_REQUEST_ENABLE instead of SW_U1/U2_ACCEPT_ENABLE;

Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/mtu3/mtu3_core.c       | 4 +++-
 drivers/usb/mtu3/mtu3_gadget_ep0.c | 8 ++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/drivers/usb/mtu3/mtu3_core.c b/drivers/usb/mtu3/mtu3_core.c
index d045d8458f81..48d10a61e271 100644
--- a/drivers/usb/mtu3/mtu3_core.c
+++ b/drivers/usb/mtu3/mtu3_core.c
@@ -578,8 +578,10 @@ static void mtu3_regs_init(struct mtu3 *mtu)
 	if (mtu->is_u3_ip) {
 		/* disable LGO_U1/U2 by default */
 		mtu3_clrbits(mbase, U3D_LINK_POWER_CONTROL,
-				SW_U1_ACCEPT_ENABLE | SW_U2_ACCEPT_ENABLE |
 				SW_U1_REQUEST_ENABLE | SW_U2_REQUEST_ENABLE);
+		/* enable accept LGO_U1/U2 link command from host */
+		mtu3_setbits(mbase, U3D_LINK_POWER_CONTROL,
+				SW_U1_ACCEPT_ENABLE | SW_U2_ACCEPT_ENABLE);
 		/* device responses to u3_exit from host automatically */
 		mtu3_clrbits(mbase, U3D_LTSSM_CTRL, SOFT_U3_EXIT_EN);
 		/* automatically build U2 link when U3 detect fail */
diff --git a/drivers/usb/mtu3/mtu3_gadget_ep0.c b/drivers/usb/mtu3/mtu3_gadget_ep0.c
index 25216e79cd6e..3c464d8ae023 100644
--- a/drivers/usb/mtu3/mtu3_gadget_ep0.c
+++ b/drivers/usb/mtu3/mtu3_gadget_ep0.c
@@ -336,9 +336,9 @@ static int ep0_handle_feature_dev(struct mtu3 *mtu,
 
 		lpc = mtu3_readl(mbase, U3D_LINK_POWER_CONTROL);
 		if (set)
-			lpc |= SW_U1_ACCEPT_ENABLE;
+			lpc |= SW_U1_REQUEST_ENABLE;
 		else
-			lpc &= ~SW_U1_ACCEPT_ENABLE;
+			lpc &= ~SW_U1_REQUEST_ENABLE;
 		mtu3_writel(mbase, U3D_LINK_POWER_CONTROL, lpc);
 
 		mtu->u1_enable = !!set;
@@ -351,9 +351,9 @@ static int ep0_handle_feature_dev(struct mtu3 *mtu,
 
 		lpc = mtu3_readl(mbase, U3D_LINK_POWER_CONTROL);
 		if (set)
-			lpc |= SW_U2_ACCEPT_ENABLE;
+			lpc |= SW_U2_REQUEST_ENABLE;
 		else
-			lpc &= ~SW_U2_ACCEPT_ENABLE;
+			lpc &= ~SW_U2_REQUEST_ENABLE;
 		mtu3_writel(mbase, U3D_LINK_POWER_CONTROL, lpc);
 
 		mtu->u2_enable = !!set;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 107/258] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (104 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 106/258] usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 108/258] media: imx274: select REGMAP_I2C Sasha Levin
                   ` (150 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Chen-Yu Tsai, Maxime Ripard, Sasha Levin, linux-clk

From: Chen-Yu Tsai <wens@csie.org>

[ Upstream commit 6e6da2039c82271dd873b9ad2b902a692a7dd554 ]

All the audio interfaces on Allwinner SoCs need to change their module
clocks during operation, to switch between support for 44.1 kHz and 48
kHz family sample rates. The clock rate for the module clocks is
governed by their upstream audio PLL. The module clocks themselves only
have a gate, and sometimes a divider or mux. Thus any rate changes need
to be propagated upstream.

Set the CLK_SET_RATE_PARENT flag for all audio module clocks to achieve
this.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Maxime Ripard <maxime.ripard@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/clk/sunxi-ng/ccu-sun8i-a33.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/clk/sunxi-ng/ccu-sun8i-a33.c b/drivers/clk/sunxi-ng/ccu-sun8i-a33.c
index 13eb5b23c5e7..c40d572a7602 100644
--- a/drivers/clk/sunxi-ng/ccu-sun8i-a33.c
+++ b/drivers/clk/sunxi-ng/ccu-sun8i-a33.c
@@ -366,10 +366,10 @@ static SUNXI_CCU_MP_WITH_MUX_GATE(spi1_clk, "spi1", mod0_default_parents, 0x0a4,
 static const char * const i2s_parents[] = { "pll-audio-8x", "pll-audio-4x",
 					    "pll-audio-2x", "pll-audio" };
 static SUNXI_CCU_MUX_WITH_GATE(i2s0_clk, "i2s0", i2s_parents,
-			       0x0b0, 16, 2, BIT(31), 0);
+			       0x0b0, 16, 2, BIT(31), CLK_SET_RATE_PARENT);
 
 static SUNXI_CCU_MUX_WITH_GATE(i2s1_clk, "i2s1", i2s_parents,
-			       0x0b4, 16, 2, BIT(31), 0);
+			       0x0b4, 16, 2, BIT(31), CLK_SET_RATE_PARENT);
 
 /* TODO: the parent for most of the USB clocks is not known */
 static SUNXI_CCU_GATE(usb_phy0_clk,	"usb-phy0",	"osc24M",
@@ -446,7 +446,7 @@ static SUNXI_CCU_M_WITH_GATE(ve_clk, "ve", "pll-ve",
 static SUNXI_CCU_GATE(ac_dig_clk,	"ac-dig",	"pll-audio",
 		      0x140, BIT(31), CLK_SET_RATE_PARENT);
 static SUNXI_CCU_GATE(ac_dig_4x_clk,	"ac-dig-4x",	"pll-audio-4x",
-		      0x140, BIT(30), 0);
+		      0x140, BIT(30), CLK_SET_RATE_PARENT);
 static SUNXI_CCU_GATE(avs_clk,		"avs",		"osc24M",
 		      0x144, BIT(31), 0);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 108/258] media: imx274: select REGMAP_I2C
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (105 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 107/258] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 109/258] drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2) Sasha Levin
                   ` (149 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Luca Ceresoli, Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin,
	linux-media

From: Luca Ceresoli <luca@lucaceresoli.net>

[ Upstream commit 4f9d7225c70dd9d3f406b79e60f8dbd2cd5ae743 ]

The imx274 driver uses regmap and the build will fail without it.

Fixes:

  drivers/media/i2c/imx274.c:142:21: error: variable ‘imx274_regmap_config’ has initializer but incomplete type
   static const struct regmap_config imx274_regmap_config = {
                       ^~~~~~~~~~~~~
  drivers/media/i2c/imx274.c:1869:19: error: implicit declaration of function ‘devm_regmap_init_i2c’ [-Werror=implicit-function-declaration]
    imx274->regmap = devm_regmap_init_i2c(client, &imx274_regmap_config);
                     ^~~~~~~~~~~~~~~~~~~~

and others.

Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/i2c/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/media/i2c/Kconfig b/drivers/media/i2c/Kconfig
index 041a777dfdee..63c9ac2c6a5f 100644
--- a/drivers/media/i2c/Kconfig
+++ b/drivers/media/i2c/Kconfig
@@ -611,6 +611,7 @@ config VIDEO_IMX274
 	tristate "Sony IMX274 sensor support"
 	depends on I2C && VIDEO_V4L2 && VIDEO_V4L2_SUBDEV_API
 	depends on MEDIA_CAMERA_SUPPORT
+	select REGMAP_I2C
 	---help---
 	  This is a V4L2 sensor driver for the Sony IMX274
 	  CMOS image sensor.
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 109/258] drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2)
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (106 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 108/258] media: imx274: select REGMAP_I2C Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 110/258] tipc: fix node keep alive interval calculation Sasha Levin
                   ` (148 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Alex Deucher, Sasha Levin, amd-gfx, dri-devel

From: Alex Deucher <alexander.deucher@amd.com>

[ Upstream commit de4aaab5cc9770a8c4dc13d9bfb6a83b06bba57e ]

Adjust limits for newer polaris variants.

v2: fix polaris11 kicker (Jerry)

Reviewed-by: Junwei Zhang <Jerry.Zhang@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../drm/amd/powerplay/smumgr/polaris10_smumgr.c | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/drm/amd/powerplay/smumgr/polaris10_smumgr.c b/drivers/gpu/drm/amd/powerplay/smumgr/polaris10_smumgr.c
index 5b67f575cd34..45629f26dbc2 100644
--- a/drivers/gpu/drm/amd/powerplay/smumgr/polaris10_smumgr.c
+++ b/drivers/gpu/drm/amd/powerplay/smumgr/polaris10_smumgr.c
@@ -1528,8 +1528,21 @@ static int polaris10_populate_clock_stretcher_data_table(struct pp_hwmgr *hwmgr)
 	efuse = efuse >> 24;
 
 	if (hwmgr->chip_id == CHIP_POLARIS10) {
-		min = 1000;
-		max = 2300;
+		if (hwmgr->is_kicker) {
+			min = 1200;
+			max = 2500;
+		} else {
+			min = 1000;
+			max = 2300;
+		}
+	} else if (hwmgr->chip_id == CHIP_POLARIS11) {
+		if (hwmgr->is_kicker) {
+			min = 900;
+			max = 2100;
+		} else {
+			min = 1100;
+			max = 2100;
+		}
 	} else {
 		min = 1100;
 		max = 2100;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 110/258] tipc: fix node keep alive interval calculation
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (107 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 109/258] drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2) Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 111/258] driver core: Move async_synchronize_full call Sasha Levin
                   ` (147 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Hoang Le, David S . Miller, Sasha Levin, netdev, tipc-discussion

From: Hoang Le <hoang.h.le@dektech.com.au>

[ Upstream commit f5d6c3e5a359c0507800e7ac68d565c21de9b5a1 ]

When setting LINK tolerance, node timer interval will be calculated
base on the LINK with lowest tolerance.

But when calculated, the old node timer interval only updated if current
setting value (tolerance/4) less than old ones regardless of number of
links as well as links' lowest tolerance value.

This caused to two cases missing if tolerance changed as following:
Case 1:
1.1/ There is one link (L1) available in the system
1.2/ Set L1's tolerance from 1500ms => lower (i.e 500ms)
1.3/ Then, fallback to default (1500ms) or higher (i.e 2000ms)

Expected:
    node timer interval is 1500/4=375ms after 1.3

Result:
node timer interval will not being updated after changing tolerance at 1.3
since its value 1500/4=375ms is not less than 500/4=125ms at 1.2.

Case 2:
2.1/ There are two links (L1, L2) available in the system
2.2/ L1 and L2 tolerance value are 2000ms as initial
2.3/ Set L2's tolerance from 2000ms => lower 1500ms
2.4/ Disable link L2 (bring down its bearer)

Expected:
    node timer interval is 2000ms/4=500ms after 2.4

Result:
node timer interval will not being updated after disabling L2 since
its value 2000ms/4=500ms is still not less than 1500/4=375ms at 2.3
although L2 is already not available in the system.

To fix this, we start the node interval calculation by initializing it to
a value larger than any conceivable calculated value. This way, the link
with the lowest tolerance will always determine the calculated value.

Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/tipc/node.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/tipc/node.c b/net/tipc/node.c
index 488019766433..32556f480a60 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -624,6 +624,12 @@ static void tipc_node_timeout(struct timer_list *t)
 
 	__skb_queue_head_init(&xmitq);
 
+	/* Initial node interval to value larger (10 seconds), then it will be
+	 * recalculated with link lowest tolerance
+	 */
+	tipc_node_read_lock(n);
+	n->keepalive_intv = 10000;
+	tipc_node_read_unlock(n);
 	for (bearer_id = 0; remains && (bearer_id < MAX_BEARERS); bearer_id++) {
 		tipc_node_read_lock(n);
 		le = &n->links[bearer_id];
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 111/258] driver core: Move async_synchronize_full call
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (108 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 110/258] tipc: fix node keep alive interval calculation Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 112/258] kobject: return error code if writing /sys/.../uevent fails Sasha Levin
                   ` (146 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Alexander Duyck, Greg Kroah-Hartman, Sasha Levin

From: Alexander Duyck <alexander.h.duyck@linux.intel.com>

[ Upstream commit c37d721c68ad88925ba0e72f6e14acb829a8c6bb ]

Move the async_synchronize_full call out of __device_release_driver and
into driver_detach.

The idea behind this is that the async_synchronize_full call will only
guarantee that any existing async operations are flushed. This doesn't do
anything to guarantee that a hotplug event that may occur while we are
doing the release of the driver will not be asynchronously scheduled.

By moving this into the driver_detach path we can avoid potential deadlocks
as we aren't holding the device lock at this point and we should not have
the driver we want to flush loaded so the flush will take care of any
asynchronous events the driver we are detaching might have scheduled.

Fixes: 765230b5f084 ("driver-core: add asynchronous probing support for drivers")
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/base/dd.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/base/dd.c b/drivers/base/dd.c
index 2607f859881a..7caa1adaf62a 100644
--- a/drivers/base/dd.c
+++ b/drivers/base/dd.c
@@ -926,9 +926,6 @@ static void __device_release_driver(struct device *dev, struct device *parent)
 
 	drv = dev->driver;
 	if (drv) {
-		if (driver_allows_async_probing(drv))
-			async_synchronize_full();
-
 		while (device_links_busy(dev)) {
 			device_unlock(dev);
 			if (parent && dev->bus->need_parent_lock)
@@ -1034,6 +1031,9 @@ void driver_detach(struct device_driver *drv)
 	struct device_private *dev_prv;
 	struct device *dev;
 
+	if (driver_allows_async_probing(drv))
+		async_synchronize_full();
+
 	for (;;) {
 		spin_lock(&drv->p->klist_devices.k_lock);
 		if (list_empty(&drv->p->klist_devices.k_list)) {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 112/258] kobject: return error code if writing /sys/.../uevent fails
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (109 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 111/258] driver core: Move async_synchronize_full call Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 113/258] IB/hfi1: Unreserve a reserved request when it is completed Sasha Levin
                   ` (145 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Peter Rajnoha, Greg Kroah-Hartman, Sasha Levin

From: Peter Rajnoha <prajnoha@redhat.com>

[ Upstream commit df44b479654f62b478c18ee4d8bc4e9f897a9844 ]

Propagate error code back to userspace if writing the /sys/.../uevent
file fails. Before, the write operation always returned with success,
even if we failed to recognize the input string or if we failed to
generate the uevent itself.

With the error codes properly propagated back to userspace, we are
able to react in userspace accordingly by not assuming and awaiting
a uevent that is not delivered.

Signed-off-by: Peter Rajnoha <prajnoha@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/base/bus.c  | 12 ++++++++----
 drivers/base/core.c |  8 +++++++-
 kernel/module.c     |  6 ++++--
 3 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index 585e2e1c9c8f..e06a57936cc9 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -614,8 +614,10 @@ static void remove_probe_files(struct bus_type *bus)
 static ssize_t uevent_store(struct device_driver *drv, const char *buf,
 			    size_t count)
 {
-	kobject_synth_uevent(&drv->p->kobj, buf, count);
-	return count;
+	int rc;
+
+	rc = kobject_synth_uevent(&drv->p->kobj, buf, count);
+	return rc ? rc : count;
 }
 static DRIVER_ATTR_WO(uevent);
 
@@ -831,8 +833,10 @@ static void klist_devices_put(struct klist_node *n)
 static ssize_t bus_uevent_store(struct bus_type *bus,
 				const char *buf, size_t count)
 {
-	kobject_synth_uevent(&bus->p->subsys.kobj, buf, count);
-	return count;
+	int rc;
+
+	rc = kobject_synth_uevent(&bus->p->subsys.kobj, buf, count);
+	return rc ? rc : count;
 }
 static BUS_ATTR(uevent, S_IWUSR, NULL, bus_uevent_store);
 
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 04bbcd779e11..92e2c32c2227 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -1067,8 +1067,14 @@ static ssize_t uevent_show(struct device *dev, struct device_attribute *attr,
 static ssize_t uevent_store(struct device *dev, struct device_attribute *attr,
 			    const char *buf, size_t count)
 {
-	if (kobject_synth_uevent(&dev->kobj, buf, count))
+	int rc;
+
+	rc = kobject_synth_uevent(&dev->kobj, buf, count);
+
+	if (rc) {
 		dev_err(dev, "uevent: failed to send synthetic uevent\n");
+		return rc;
+	}
 
 	return count;
 }
diff --git a/kernel/module.c b/kernel/module.c
index 6746c85511fe..38bf28b5cc20 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1207,8 +1207,10 @@ static ssize_t store_uevent(struct module_attribute *mattr,
 			    struct module_kobject *mk,
 			    const char *buffer, size_t count)
 {
-	kobject_synth_uevent(&mk->kobj, buffer, count);
-	return count;
+	int rc;
+
+	rc = kobject_synth_uevent(&mk->kobj, buffer, count);
+	return rc ? rc : count;
 }
 
 struct module_attribute module_uevent =
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 113/258] IB/hfi1: Unreserve a reserved request when it is completed
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (110 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 112/258] kobject: return error code if writing /sys/.../uevent fails Sasha Levin
@ 2019-01-28 15:56 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 114/258] usb: dwc3: trace: add missing break statement to make compiler happy Sasha Levin
                   ` (144 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:56 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Kaike Wan, Dennis Dalessandro, Jason Gunthorpe, Sasha Levin, linux-rdma

From: Kaike Wan <kaike.wan@intel.com>

[ Upstream commit ca95f802ef5139722acc8d30aeaab6fe5bbe939e ]

Currently, When a reserved operation is completed, its entry in the send
queue will not be unreserved, which leads to the miscalculation of
qp->s_avail and thus the triggering of a WARN_ON call trace. This patch
fixes the problem by unreserving the reserved operation when it is
completed.

Fixes: 856cc4c237ad ("IB/hfi1: Add the capability for reserved operations")
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Kaike Wan <kaike.wan@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/infiniband/hw/hfi1/rc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/infiniband/hw/hfi1/rc.c b/drivers/infiniband/hw/hfi1/rc.c
index 9bd63abb2dfe..6f013a565353 100644
--- a/drivers/infiniband/hw/hfi1/rc.c
+++ b/drivers/infiniband/hw/hfi1/rc.c
@@ -1157,6 +1157,7 @@ void hfi1_rc_send_complete(struct rvt_qp *qp, struct hfi1_opa_header *opah)
 		if (cmp_psn(wqe->lpsn, qp->s_sending_psn) >= 0 &&
 		    cmp_psn(qp->s_sending_psn, qp->s_sending_hpsn) <= 0)
 			break;
+		rvt_qp_wqe_unreserve(qp, wqe);
 		s_last = qp->s_last;
 		trace_hfi1_qp_send_completion(qp, wqe, s_last);
 		if (++s_last >= qp->s_size)
@@ -1209,6 +1210,7 @@ static struct rvt_swqe *do_rc_completion(struct rvt_qp *qp,
 		u32 s_last;
 
 		rvt_put_swqe(wqe);
+		rvt_qp_wqe_unreserve(qp, wqe);
 		s_last = qp->s_last;
 		trace_hfi1_qp_send_completion(qp, wqe, s_last);
 		if (++s_last >= qp->s_size)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 114/258] usb: dwc3: trace: add missing break statement to make compiler happy
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (111 preceding siblings ...)
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 113/258] IB/hfi1: Unreserve a reserved request when it is completed Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 115/258] gpio: mt7621: report failure of devm_kasprintf() Sasha Levin
                   ` (143 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Andy Shevchenko, Felipe Balbi, Sasha Levin, linux-usb

From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

[ Upstream commit 54d48183d21e03f780053d7129312049cb5dd591 ]

The missed break statement in the outer switch makes the code fall through
always and thus always same value will be printed.

Besides that, compiler warns about missed fall through marker:

drivers/usb/dwc3/./trace.h: In function ‘trace_raw_output_dwc3_log_trb’:
drivers/usb/dwc3/./trace.h:246:4: warning: this statement may fall through [-Wimplicit-fallthrough=]
    switch (pcm) {
    ^~~~~~

Add the missing break statement to work correctly without compilation
warnings.

Fixes: fa8d965d736b ("usb: dwc3: trace: pretty print high-bandwidth transfers too")
Cc: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/dwc3/trace.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/usb/dwc3/trace.h b/drivers/usb/dwc3/trace.h
index f22714cce070..f27c5cbe285c 100644
--- a/drivers/usb/dwc3/trace.h
+++ b/drivers/usb/dwc3/trace.h
@@ -251,9 +251,11 @@ DECLARE_EVENT_CLASS(dwc3_log_trb,
 				s = "2x ";
 				break;
 			case 3:
+			default:
 				s = "3x ";
 				break;
 			}
+			break;
 		default:
 			s = "";
 		} s; }),
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 115/258] gpio: mt7621: report failure of devm_kasprintf()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (112 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 114/258] usb: dwc3: trace: add missing break statement to make compiler happy Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 116/258] gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack Sasha Levin
                   ` (142 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nicholas Mc Guire, Linus Walleij, Sasha Levin, linux-gpio

From: Nicholas Mc Guire <hofrat@osadl.org>

[ Upstream commit 59d646c775d6ae688ee90fda9f2a4270c47b7490 ]

kasprintf() may return NULL on failure of internal allocation thus the
assigned  label  is not safe if not explicitly checked. On error
mediatek_gpio_bank_probe() returns negative values so -ENOMEM in the
(unlikely) failure case should be fine here.

Fixes: 4ba9c3afda41 ("gpio: mt7621: Add a driver for MT7621")
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Reviewed-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Acked-by: Sean Wang <sean.wang@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpio/gpio-mt7621.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/gpio/gpio-mt7621.c b/drivers/gpio/gpio-mt7621.c
index d72af6f6cdbd..1ec95bc18f5b 100644
--- a/drivers/gpio/gpio-mt7621.c
+++ b/drivers/gpio/gpio-mt7621.c
@@ -244,6 +244,8 @@ mediatek_gpio_bank_probe(struct device *dev,
 	rg->chip.of_xlate = mediatek_gpio_xlate;
 	rg->chip.label = devm_kasprintf(dev, GFP_KERNEL, "%s-bank%d",
 					dev_name(dev), bank);
+	if (!rg->chip.label)
+		return -ENOMEM;
 
 	ret = devm_gpiochip_add_data(dev, &rg->chip, mtk);
 	if (ret < 0) {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 116/258] gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (113 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 115/258] gpio: mt7621: report failure of devm_kasprintf() Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 117/258] pinctrl: sx150x: handle failure case of devm_kstrdup Sasha Levin
                   ` (141 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nicholas Mc Guire, Linus Walleij, Sasha Levin, linux-gpio

From: Nicholas Mc Guire <hofrat@osadl.org>

[ Upstream commit a109c2dbb571b10bb9969285b646f57309c98251 ]

The error cases of mediatek_gpio_bank_probe() would go unnoticed (except
for the dev_err() messages). The probe function should return an error
if one of the banks failed to initialize properly indicated by
not returning non-0.

Fixes: 4ba9c3afda41 ("gpio: mt7621: Add a driver for MT7621")
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Acked-by: Sean Wang <sean.wang@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpio/gpio-mt7621.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/gpio/gpio-mt7621.c b/drivers/gpio/gpio-mt7621.c
index 1ec95bc18f5b..00e954f22bc9 100644
--- a/drivers/gpio/gpio-mt7621.c
+++ b/drivers/gpio/gpio-mt7621.c
@@ -297,6 +297,7 @@ mediatek_gpio_probe(struct platform_device *pdev)
 	struct device_node *np = dev->of_node;
 	struct mtk *mtk;
 	int i;
+	int ret;
 
 	mtk = devm_kzalloc(dev, sizeof(*mtk), GFP_KERNEL);
 	if (!mtk)
@@ -311,8 +312,11 @@ mediatek_gpio_probe(struct platform_device *pdev)
 	platform_set_drvdata(pdev, mtk);
 	mediatek_gpio_irq_chip.name = dev_name(dev);
 
-	for (i = 0; i < MTK_BANK_CNT; i++)
-		mediatek_gpio_bank_probe(dev, np, i);
+	for (i = 0; i < MTK_BANK_CNT; i++) {
+		ret = mediatek_gpio_bank_probe(dev, np, i);
+		if (ret)
+			return ret;
+	}
 
 	return 0;
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 117/258] pinctrl: sx150x: handle failure case of devm_kstrdup
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (114 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 116/258] gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 118/258] iommu/amd: Fix amd_iommu=force_isolation Sasha Levin
                   ` (140 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nicholas Mc Guire, Linus Walleij, Sasha Levin, linux-gpio

From: Nicholas Mc Guire <hofrat@osadl.org>

[ Upstream commit a9d9f6b83f1bb05da849b3540e6d1f70ef1c2343 ]

devm_kstrdup() may return NULL if internal allocation failed.
Thus using  label, name  is unsafe without checking. Therefor
in the unlikely case of allocation failure, sx150x_probe() simply
returns -ENOMEM.

Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Fixes: 9e80f9064e73 ("pinctrl: Add SX150X GPIO Extender Pinctrl Driver")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pinctrl/pinctrl-sx150x.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/pinctrl/pinctrl-sx150x.c b/drivers/pinctrl/pinctrl-sx150x.c
index cbf58a10113d..4d87d75b9c6e 100644
--- a/drivers/pinctrl/pinctrl-sx150x.c
+++ b/drivers/pinctrl/pinctrl-sx150x.c
@@ -1166,7 +1166,6 @@ static int sx150x_probe(struct i2c_client *client,
 	}
 
 	/* Register GPIO controller */
-	pctl->gpio.label = devm_kstrdup(dev, client->name, GFP_KERNEL);
 	pctl->gpio.base = -1;
 	pctl->gpio.ngpio = pctl->data->npins;
 	pctl->gpio.get_direction = sx150x_gpio_get_direction;
@@ -1180,6 +1179,10 @@ static int sx150x_probe(struct i2c_client *client,
 	pctl->gpio.of_node = dev->of_node;
 #endif
 	pctl->gpio.can_sleep = true;
+	pctl->gpio.label = devm_kstrdup(dev, client->name, GFP_KERNEL);
+	if (!pctl->gpio.label)
+		return -ENOMEM;
+
 	/*
 	 * Setting multiple pins is not safe when all pins are not
 	 * handled by the same regmap register. The oscio pin (present
@@ -1200,13 +1203,15 @@ static int sx150x_probe(struct i2c_client *client,
 
 	/* Add Interrupt support if an irq is specified */
 	if (client->irq > 0) {
-		pctl->irq_chip.name = devm_kstrdup(dev, client->name,
-						   GFP_KERNEL);
 		pctl->irq_chip.irq_mask = sx150x_irq_mask;
 		pctl->irq_chip.irq_unmask = sx150x_irq_unmask;
 		pctl->irq_chip.irq_set_type = sx150x_irq_set_type;
 		pctl->irq_chip.irq_bus_lock = sx150x_irq_bus_lock;
 		pctl->irq_chip.irq_bus_sync_unlock = sx150x_irq_bus_sync_unlock;
+		pctl->irq_chip.name = devm_kstrdup(dev, client->name,
+						   GFP_KERNEL);
+		if (!pctl->irq_chip.name)
+			return -ENOMEM;
 
 		pctl->irq.masked = ~0;
 		pctl->irq.sense = 0;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 118/258] iommu/amd: Fix amd_iommu=force_isolation
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (115 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 117/258] pinctrl: sx150x: handle failure case of devm_kstrdup Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 119/258] ARM: dts: Fix OMAP4430 SDP Ethernet startup Sasha Levin
                   ` (139 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Yu Zhao, Joerg Roedel, Sasha Levin, iommu

From: Yu Zhao <yuzhao@google.com>

[ Upstream commit c12b08ebbe16f0d3a96a116d86709b04c1ee8e74 ]

The parameter is still there but it's ignored. We need to check its
value before deciding to go into passthrough mode for AMD IOMMU v2
capable device.

We occasionally use this parameter to force v2 capable device into
translation mode to debug memory corruption that we suspect is
caused by DMA writes.

To address the following comment from Joerg Roedel on the first
version, v2 capability of device is completely ignored.
> This breaks the iommu_v2 use-case, as it needs a direct mapping for the
> devices that support it.

And from Documentation/admin-guide/kernel-parameters.txt:
  This option does not override iommu=pt

Fixes: aafd8ba0ca74 ("iommu/amd: Implement add_device and remove_device")

Signed-off-by: Yu Zhao <yuzhao@google.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iommu/amd_iommu.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c
index bee0dfb7b93b..34c9aa76a7bd 100644
--- a/drivers/iommu/amd_iommu.c
+++ b/drivers/iommu/amd_iommu.c
@@ -438,7 +438,14 @@ static int iommu_init_device(struct device *dev)
 
 	dev_data->alias = get_alias(dev);
 
-	if (dev_is_pci(dev) && pci_iommuv2_capable(to_pci_dev(dev))) {
+	/*
+	 * By default we use passthrough mode for IOMMUv2 capable device.
+	 * But if amd_iommu=force_isolation is set (e.g. to debug DMA to
+	 * invalid address), we ignore the capability for the device so
+	 * it'll be forced to go into translation mode.
+	 */
+	if ((iommu_pass_through || !amd_iommu_force_isolation) &&
+	    dev_is_pci(dev) && pci_iommuv2_capable(to_pci_dev(dev))) {
 		struct amd_iommu *iommu;
 
 		iommu = amd_iommu_rlookup_table[dev_data->devid];
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 119/258] ARM: dts: Fix OMAP4430 SDP Ethernet startup
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (116 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 118/258] iommu/amd: Fix amd_iommu=force_isolation Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 120/258] mips: bpf: fix encoding bug for mm_srlv32_op Sasha Levin
                   ` (138 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Russell King - ARM Linux, Russell King, Tony Lindgren,
	Sasha Levin, linux-omap, devicetree

From: Russell King - ARM Linux <linux@armlinux.org.uk>

[ Upstream commit 84fb6c7feb1494ebb7d1ec8b95cfb7ada0264465 ]

It was noticed that unbinding and rebinding the KSZ8851 ethernet
resulted in the driver reporting "failed to read device ID" at probe.
Probing the reset line with a 'scope while repeatedly attempting to
bind the driver in a shell loop revealed that the KSZ8851 RSTN pin is
constantly held at zero, meaning the device is held in reset, and
does not respond on the SPI bus.

Experimentation with the startup delay on the regulator set to 50ms
shows that the reset is positively released after 20ms.

Schematics for this board are not available, and the traces are buried
in the inner layers of the board which makes tracing where the RSTN pin
extremely difficult.  We can only guess that the RSTN pin is wired to a
reset generator chip driven off the ethernet supply, which fits the
observed behaviour.

Include this delay in the regulator startup delay - effectively
treating the reset as a "supply stable" indicator.

This can not be modelled as a delay in the KSZ8851 driver since the
reset generation is board specific - if the RSTN pin had been wired to
a GPIO, reset could be released earlier via the already provided support
in the KSZ8851 driver.

This also got confirmed by Peter Ujfalusi <peter.ujfalusi@ti.com> based
on Blaze schematics that should be very close to SDP4430:

TPS22902YFPR is used as the regulator switch (gpio48 controlled):
Convert arm boot_lock to raw The VOUT is routed to TPS3808G01DBV.
(SCH Note: Threshold set at 90%. Vsense: 0.405V).

According to the TPS3808 data sheet the RESET delay time when Ct is
open (this is the case in the schema): MIN/TYP/MAX: 12/20/28 ms.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Reviewed-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
[tony@atomide.com: updated with notes from schematics from Peter]
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/omap4-sdp.dts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/arm/boot/dts/omap4-sdp.dts b/arch/arm/boot/dts/omap4-sdp.dts
index 490726b52216..9dc7ec7655cb 100644
--- a/arch/arm/boot/dts/omap4-sdp.dts
+++ b/arch/arm/boot/dts/omap4-sdp.dts
@@ -33,6 +33,7 @@
 		gpio = <&gpio2 16 GPIO_ACTIVE_HIGH>;  /* gpio line 48 */
 		enable-active-high;
 		regulator-boot-on;
+		startup-delay-us = <25000>;
 	};
 
 	vbat: fixedregulator-vbat {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 120/258] mips: bpf: fix encoding bug for mm_srlv32_op
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (117 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 119/258] ARM: dts: Fix OMAP4430 SDP Ethernet startup Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 121/258] media: coda: fix H.264 deblocking filter controls Sasha Levin
                   ` (137 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jiong Wang, Markos Chandras, Paul Burton, linux-mips,
	Alexei Starovoitov, Sasha Levin

From: Jiong Wang <jiong.wang@netronome.com>

[ Upstream commit 17f6c83fb5ebf7db4fcc94a5be4c22d5a7bfe428 ]

For micro-mips, srlv inside POOL32A encoding space should use 0x50
sub-opcode, NOT 0x90.

Some early version ISA doc describes the encoding as 0x90 for both srlv and
srav, this looks to me was a typo. I checked Binutils libopcode
implementation which is using 0x50 for srlv and 0x90 for srav.

v1->v2:
  - Keep mm_srlv32_op sorted by value.

Fixes: f31318fdf324 ("MIPS: uasm: Add srlv uasm instruction")
Cc: Markos Chandras <markos.chandras@imgtec.com>
Cc: Paul Burton <paul.burton@mips.com>
Cc: linux-mips@vger.kernel.org
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Jiong Wang <jiong.wang@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/mips/include/uapi/asm/inst.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/mips/include/uapi/asm/inst.h b/arch/mips/include/uapi/asm/inst.h
index c05dcf5ab414..273ef58f4d43 100644
--- a/arch/mips/include/uapi/asm/inst.h
+++ b/arch/mips/include/uapi/asm/inst.h
@@ -369,8 +369,8 @@ enum mm_32a_minor_op {
 	mm_ext_op = 0x02c,
 	mm_pool32axf_op = 0x03c,
 	mm_srl32_op = 0x040,
+	mm_srlv32_op = 0x050,
 	mm_sra_op = 0x080,
-	mm_srlv32_op = 0x090,
 	mm_rotr_op = 0x0c0,
 	mm_lwxs_op = 0x118,
 	mm_addu32_op = 0x150,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 121/258] media: coda: fix H.264 deblocking filter controls
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (118 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 120/258] mips: bpf: fix encoding bug for mm_srlv32_op Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 122/258] ARM: dts: Fix up the D-Link DIR-685 MTD partition info Sasha Levin
                   ` (136 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Philipp Zabel, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin,
	linux-media

From: Philipp Zabel <p.zabel@pengutronix.de>

[ Upstream commit 75fa6e4f83a0923fe753827d354998d448b4fd6a ]

Add support for the third loop filter mode
V4L2_MPEG_VIDEO_H264_LOOP_FILTER_MODE_DISABLED_AT_SLICE_BOUNDARY,
and fix V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_ALPHA and
V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_BETA controls.

The filter offset controls are signed values in the -6 to 6 range and
are stored into the slice header fields slice_alpha_c0_offset_div2 and
slice_beta_offset_div2. The actual filter offsets FilterOffsetA/B are
double their value, in range of -12 to 12.

Rename variables to more closely match the nomenclature in the H.264
specification.

Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/platform/coda/coda-bit.c    | 19 +++++++++----------
 drivers/media/platform/coda/coda-common.c | 15 +++++++--------
 drivers/media/platform/coda/coda.h        |  6 +++---
 drivers/media/platform/coda/coda_regs.h   |  2 +-
 4 files changed, 20 insertions(+), 22 deletions(-)

diff --git a/drivers/media/platform/coda/coda-bit.c b/drivers/media/platform/coda/coda-bit.c
index d26c2d85a009..d20d3df5778b 100644
--- a/drivers/media/platform/coda/coda-bit.c
+++ b/drivers/media/platform/coda/coda-bit.c
@@ -991,16 +991,15 @@ static int coda_start_encoding(struct coda_ctx *ctx)
 		else
 			coda_write(dev, CODA_STD_H264,
 				   CODA_CMD_ENC_SEQ_COD_STD);
-		if (ctx->params.h264_deblk_enabled) {
-			value = ((ctx->params.h264_deblk_alpha &
-				  CODA_264PARAM_DEBLKFILTEROFFSETALPHA_MASK) <<
-				 CODA_264PARAM_DEBLKFILTEROFFSETALPHA_OFFSET) |
-				((ctx->params.h264_deblk_beta &
-				  CODA_264PARAM_DEBLKFILTEROFFSETBETA_MASK) <<
-				 CODA_264PARAM_DEBLKFILTEROFFSETBETA_OFFSET);
-		} else {
-			value = 1 << CODA_264PARAM_DISABLEDEBLK_OFFSET;
-		}
+		value = ((ctx->params.h264_disable_deblocking_filter_idc &
+			  CODA_264PARAM_DISABLEDEBLK_MASK) <<
+			 CODA_264PARAM_DISABLEDEBLK_OFFSET) |
+			((ctx->params.h264_slice_alpha_c0_offset_div2 &
+			  CODA_264PARAM_DEBLKFILTEROFFSETALPHA_MASK) <<
+			 CODA_264PARAM_DEBLKFILTEROFFSETALPHA_OFFSET) |
+			((ctx->params.h264_slice_beta_offset_div2 &
+			  CODA_264PARAM_DEBLKFILTEROFFSETBETA_MASK) <<
+			 CODA_264PARAM_DEBLKFILTEROFFSETBETA_OFFSET);
 		coda_write(dev, value, CODA_CMD_ENC_SEQ_264_PARA);
 		break;
 	case V4L2_PIX_FMT_JPEG:
diff --git a/drivers/media/platform/coda/coda-common.c b/drivers/media/platform/coda/coda-common.c
index bf7b8417c27f..19d92edcc981 100644
--- a/drivers/media/platform/coda/coda-common.c
+++ b/drivers/media/platform/coda/coda-common.c
@@ -1793,14 +1793,13 @@ static int coda_s_ctrl(struct v4l2_ctrl *ctrl)
 		ctx->params.h264_max_qp = ctrl->val;
 		break;
 	case V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_ALPHA:
-		ctx->params.h264_deblk_alpha = ctrl->val;
+		ctx->params.h264_slice_alpha_c0_offset_div2 = ctrl->val;
 		break;
 	case V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_BETA:
-		ctx->params.h264_deblk_beta = ctrl->val;
+		ctx->params.h264_slice_beta_offset_div2 = ctrl->val;
 		break;
 	case V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_MODE:
-		ctx->params.h264_deblk_enabled = (ctrl->val ==
-				V4L2_MPEG_VIDEO_H264_LOOP_FILTER_MODE_ENABLED);
+		ctx->params.h264_disable_deblocking_filter_idc = ctrl->val;
 		break;
 	case V4L2_CID_MPEG_VIDEO_H264_PROFILE:
 		/* TODO: switch between baseline and constrained baseline */
@@ -1882,13 +1881,13 @@ static void coda_encode_ctrls(struct coda_ctx *ctx)
 	v4l2_ctrl_new_std(&ctx->ctrls, &coda_ctrl_ops,
 		V4L2_CID_MPEG_VIDEO_H264_MAX_QP, 0, 51, 1, 51);
 	v4l2_ctrl_new_std(&ctx->ctrls, &coda_ctrl_ops,
-		V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_ALPHA, 0, 15, 1, 0);
+		V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_ALPHA, -6, 6, 1, 0);
 	v4l2_ctrl_new_std(&ctx->ctrls, &coda_ctrl_ops,
-		V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_BETA, 0, 15, 1, 0);
+		V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_BETA, -6, 6, 1, 0);
 	v4l2_ctrl_new_std_menu(&ctx->ctrls, &coda_ctrl_ops,
 		V4L2_CID_MPEG_VIDEO_H264_LOOP_FILTER_MODE,
-		V4L2_MPEG_VIDEO_H264_LOOP_FILTER_MODE_DISABLED, 0x0,
-		V4L2_MPEG_VIDEO_H264_LOOP_FILTER_MODE_ENABLED);
+		V4L2_MPEG_VIDEO_H264_LOOP_FILTER_MODE_DISABLED_AT_SLICE_BOUNDARY,
+		0x0, V4L2_MPEG_VIDEO_H264_LOOP_FILTER_MODE_ENABLED);
 	v4l2_ctrl_new_std_menu(&ctx->ctrls, &coda_ctrl_ops,
 		V4L2_CID_MPEG_VIDEO_H264_PROFILE,
 		V4L2_MPEG_VIDEO_H264_PROFILE_BASELINE, 0x0,
diff --git a/drivers/media/platform/coda/coda.h b/drivers/media/platform/coda/coda.h
index 19ac0b9dc6eb..2469ca1dc598 100644
--- a/drivers/media/platform/coda/coda.h
+++ b/drivers/media/platform/coda/coda.h
@@ -115,9 +115,9 @@ struct coda_params {
 	u8			h264_inter_qp;
 	u8			h264_min_qp;
 	u8			h264_max_qp;
-	u8			h264_deblk_enabled;
-	u8			h264_deblk_alpha;
-	u8			h264_deblk_beta;
+	u8			h264_disable_deblocking_filter_idc;
+	s8			h264_slice_alpha_c0_offset_div2;
+	s8			h264_slice_beta_offset_div2;
 	u8			h264_profile_idc;
 	u8			h264_level_idc;
 	u8			mpeg4_intra_qp;
diff --git a/drivers/media/platform/coda/coda_regs.h b/drivers/media/platform/coda/coda_regs.h
index 5e7b00a97671..e675e38f3475 100644
--- a/drivers/media/platform/coda/coda_regs.h
+++ b/drivers/media/platform/coda/coda_regs.h
@@ -292,7 +292,7 @@
 #define		CODA_264PARAM_DEBLKFILTEROFFSETALPHA_OFFSET	8
 #define		CODA_264PARAM_DEBLKFILTEROFFSETALPHA_MASK	0x0f
 #define		CODA_264PARAM_DISABLEDEBLK_OFFSET		6
-#define		CODA_264PARAM_DISABLEDEBLK_MASK		0x01
+#define		CODA_264PARAM_DISABLEDEBLK_MASK		0x03
 #define		CODA_264PARAM_CONSTRAINEDINTRAPREDFLAG_OFFSET	5
 #define		CODA_264PARAM_CONSTRAINEDINTRAPREDFLAG_MASK	0x01
 #define		CODA_264PARAM_CHROMAQPOFFSET_OFFSET		0
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 122/258] ARM: dts: Fix up the D-Link DIR-685 MTD partition info
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (119 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 121/258] media: coda: fix H.264 deblocking filter controls Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 123/258] tracing: Have trace_stack nr_entries compare not be so subtle Sasha Levin
                   ` (135 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Linus Walleij, Sasha Levin, devicetree

From: Linus Walleij <linus.walleij@linaro.org>

[ Upstream commit 738a05e673435afb986b53da43befd83ad87ec3b ]

The vendor firmware was analyzed to get the right idea about
this flash layout. /proc/mtd contains:

dev:    size   erasesize  name
mtd0: 01e7ff40 00020000 "rootfs"
mtd1: 01f40000 00020000 "upgrade"
mtd2: 00040000 00020000 "rgdb"
mtd3: 00020000 00020000 "nvram"
mtd4: 00040000 00020000 "RedBoot"
mtd5: 00020000 00020000 "LangPack"
mtd6: 02000000 00020000 "flash"

Here "flash" is obviously the whole device and we know "rootfs"
is a bogus hack to point to a squashfs rootfs inside of the main
"upgrade partition". We know "RedBoot" is the first 0x40000 of
the flash and the "upgrade" partition follows from 0x40000 to
0x1f8000. So we have mtd0, 1, 4 and 6 covered.

Remains:
mtd2: 00040000 00020000 "rgdb"
mtd3: 00020000 00020000 "nvram"
mtd5: 00020000 00020000 "LangPack"

Inspecting the flash at 0x1f8000 and 0x1fa000 reveals each of
these starting with "RGCFG1" so we assume 0x1f8000-1fbfff is
"rgdb" of 0x40000.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/gemini-dlink-dir-685.dts | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/arch/arm/boot/dts/gemini-dlink-dir-685.dts b/arch/arm/boot/dts/gemini-dlink-dir-685.dts
index 6f258b50eb44..502a361d1fe9 100644
--- a/arch/arm/boot/dts/gemini-dlink-dir-685.dts
+++ b/arch/arm/boot/dts/gemini-dlink-dir-685.dts
@@ -274,20 +274,16 @@
 				read-only;
 			};
 			/*
-			 * Between the boot loader and the rootfs is the kernel
-			 * in a custom Storlink format flashed from the boot
-			 * menu. The rootfs is in squashfs format.
+			 * This firmware image contains the kernel catenated
+			 * with the squashfs root filesystem. For some reason
+			 * this is called "upgrade" on the vendor system.
 			 */
-			partition@1800c0 {
-				label = "rootfs";
-				reg = <0x001800c0 0x01dbff40>;
-				read-only;
-			};
-			partition@1f40000 {
+			partition@40000 {
 				label = "upgrade";
-				reg = <0x01f40000 0x00040000>;
+				reg = <0x00040000 0x01f40000>;
 				read-only;
 			};
+			/* RGDB, Residental Gateway Database? */
 			partition@1f80000 {
 				label = "rgdb";
 				reg = <0x01f80000 0x00040000>;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 123/258] tracing: Have trace_stack nr_entries compare not be so subtle
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (120 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 122/258] ARM: dts: Fix up the D-Link DIR-685 MTD partition info Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 124/258] Input: rotary-encoder - don't log EPROBE_DEFER to kernel log Sasha Levin
                   ` (134 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Dan Carpenter, Steven Rostedt, Sasha Levin

From: Dan Carpenter <dan.carpenter@oracle.com>

[ Upstream commit ca16b0fbb05242f18da9d810c07d3882ffed831c ]

Dan Carpenter reviewed the trace_stack.c code and figured he found an off by
one bug.

 "From reviewing the code, it seems possible for
  stack_trace_max.nr_entries to be set to .max_entries and in that case we
  would be reading one element beyond the end of the stack_dump_trace[]
  array.  If it's not set to .max_entries then the bug doesn't affect
  runtime."

Although it looks to be the case, it is not. Because we have:

 static unsigned long stack_dump_trace[STACK_TRACE_ENTRIES+1] =
	 { [0 ... (STACK_TRACE_ENTRIES)] = ULONG_MAX };

 struct stack_trace stack_trace_max = {
	.max_entries		= STACK_TRACE_ENTRIES - 1,
	.entries		= &stack_dump_trace[0],
 };

And:

	stack_trace_max.nr_entries = x;
	for (; x < i; x++)
		stack_dump_trace[x] = ULONG_MAX;

Even if nr_entries equals max_entries, indexing with it into the
stack_dump_trace[] array will not overflow the array. But if it is the case,
the second part of the conditional that tests stack_dump_trace[nr_entries]
to ULONG_MAX will always be true.

By applying Dan's patch, it removes the subtle aspect of it and makes the if
conditional slightly more efficient.

Link: http://lkml.kernel.org/r/20180620110758.crunhd5bfep7zuiz@kili.mountain

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/trace/trace_stack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c
index 4237eba4ef20..6e3edd745c68 100644
--- a/kernel/trace/trace_stack.c
+++ b/kernel/trace/trace_stack.c
@@ -286,7 +286,7 @@ __next(struct seq_file *m, loff_t *pos)
 {
 	long n = *pos - 1;
 
-	if (n > stack_trace_max.nr_entries || stack_dump_trace[n] == ULONG_MAX)
+	if (n >= stack_trace_max.nr_entries || stack_dump_trace[n] == ULONG_MAX)
 		return NULL;
 
 	m->private = (void *)n;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 124/258] Input: rotary-encoder - don't log EPROBE_DEFER to kernel log
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (121 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 123/258] tracing: Have trace_stack nr_entries compare not be so subtle Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 125/258] watchdog: renesas_wdt: don't set divider while watchdog is running Sasha Levin
                   ` (133 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Uwe Kleine-König, Dmitry Torokhov, Sasha Levin, linux-input

From: Uwe Kleine-König <uwe@kleine-koenig.org>

[ Upstream commit 0832e93632c61987d504e251b927a2be769dd21a ]

When a driver fails to bind because a resource it still missing it's not
helpful to report this as (usually) probing is repeated later.

Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/input/misc/rotary_encoder.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/input/misc/rotary_encoder.c b/drivers/input/misc/rotary_encoder.c
index 30ec77ad32c6..d748897bf5e9 100644
--- a/drivers/input/misc/rotary_encoder.c
+++ b/drivers/input/misc/rotary_encoder.c
@@ -240,8 +240,10 @@ static int rotary_encoder_probe(struct platform_device *pdev)
 
 	encoder->gpios = devm_gpiod_get_array(dev, NULL, GPIOD_IN);
 	if (IS_ERR(encoder->gpios)) {
-		dev_err(dev, "unable to get gpios\n");
-		return PTR_ERR(encoder->gpios);
+		err = PTR_ERR(encoder->gpios);
+		if (err != -EPROBE_DEFER)
+			dev_err(dev, "unable to get gpios: %d\n", err);
+		return err;
 	}
 	if (encoder->gpios->ndescs < 2) {
 		dev_err(dev, "not enough gpios found\n");
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 125/258] watchdog: renesas_wdt: don't set divider while watchdog is running
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (122 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 124/258] Input: rotary-encoder - don't log EPROBE_DEFER to kernel log Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 126/258] ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1 Sasha Levin
                   ` (132 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Wolfram Sang, Guenter Roeck, Wim Van Sebroeck, Sasha Levin,
	linux-watchdog

From: Wolfram Sang <wsa+renesas@sang-engineering.com>

[ Upstream commit e990e12741877e9bfac402ca468f4007a75f6e2a ]

The datasheet says we must stop the timer before changing the clock
divider. This can happen when the restart handler is called while the
watchdog is running.

Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Fabrizio Castro <fabrizio.castro@bp.renesas.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/watchdog/renesas_wdt.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/watchdog/renesas_wdt.c b/drivers/watchdog/renesas_wdt.c
index 88d81feba4e6..d01efd342dc0 100644
--- a/drivers/watchdog/renesas_wdt.c
+++ b/drivers/watchdog/renesas_wdt.c
@@ -77,12 +77,17 @@ static int rwdt_init_timeout(struct watchdog_device *wdev)
 static int rwdt_start(struct watchdog_device *wdev)
 {
 	struct rwdt_priv *priv = watchdog_get_drvdata(wdev);
+	u8 val;
 
 	pm_runtime_get_sync(wdev->parent);
 
-	rwdt_write(priv, 0, RWTCSRB);
-	rwdt_write(priv, priv->cks, RWTCSRA);
+	/* Stop the timer before we modify any register */
+	val = readb_relaxed(priv->base + RWTCSRA) & ~RWTCSRA_TME;
+	rwdt_write(priv, val, RWTCSRA);
+
 	rwdt_init_timeout(wdev);
+	rwdt_write(priv, priv->cks, RWTCSRA);
+	rwdt_write(priv, 0, RWTCSRB);
 
 	while (readb_relaxed(priv->base + RWTCSRA) & RWTCSRA_WRFLG)
 		cpu_relax();
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 126/258] ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (123 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 125/258] watchdog: renesas_wdt: don't set divider while watchdog is running Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 127/258] usb: dwc3: gadget: Disable CSP for stream OUT ep Sasha Levin
                   ` (131 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Andrey Smirnov, Fabio Estevam, Shawn Guo, Sasha Levin, devicetree

From: Andrey Smirnov <andrew.smirnov@gmail.com>

[ Upstream commit 79da07dec740a42c70963ebacbd2bf8866af9e20 ]

TPA6130A2 SD pin on RDU1 is not really controlled by SoC and instead
is only meant to notify the system that audio was "muted" by external
actors. To accommodate that, drop "power-gpio" property of hpa1 node as
well as specify a name for that GPIO so that userspace can access it.

Signed-off-by: Andrey Smirnov <andrew.smirnov@gmail.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Chris Healy <cphealy@gmail.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/boot/dts/imx51-zii-rdu1.dts | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/arch/arm/boot/dts/imx51-zii-rdu1.dts b/arch/arm/boot/dts/imx51-zii-rdu1.dts
index 469cce2c0357..6e80254c4562 100644
--- a/arch/arm/boot/dts/imx51-zii-rdu1.dts
+++ b/arch/arm/boot/dts/imx51-zii-rdu1.dts
@@ -477,6 +477,15 @@
 };
 
 &gpio1 {
+	gpio-line-names = "", "", "", "",
+			  "", "", "", "",
+			  "", "hp-amp-shutdown-b", "", "",
+			  "", "", "", "",
+			  "", "", "", "",
+			  "", "", "", "",
+			  "", "", "", "",
+			  "", "", "", "";
+
 	unused-sd3-wp-gpio {
 		/*
 		 * See pinctrl_esdhc1 below for more details on this
@@ -501,9 +510,6 @@
 	hpa1: amp@60 {
 		compatible = "ti,tpa6130a2";
 		reg = <0x60>;
-		pinctrl-names = "default";
-		pinctrl-0 = <&pinctrl_ampgpio>;
-		power-gpio = <&gpio1 9 GPIO_ACTIVE_HIGH>;
 		Vdd-supply = <&reg_3p3v>;
 	};
 
@@ -677,7 +683,10 @@
 };
 
 &iomuxc {
-	pinctrl_ampgpio: ampgpiogrp {
+	pinctrl-names = "default";
+	pinctrl-0 = <&pinctrl_hog>;
+
+	pinctrl_hog: hoggrp {
 		fsl,pins = <
 			MX51_PAD_GPIO1_9__GPIO1_9		0x5e
 		>;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 127/258] usb: dwc3: gadget: Disable CSP for stream OUT ep
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (124 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 126/258] ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1 Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 128/258] iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads Sasha Levin
                   ` (130 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Tejas Joglekar, Tejas Joglekar, Felipe Balbi, Sasha Levin, linux-usb

From: Tejas Joglekar <tejas.joglekar@synopsys.com>

[ Upstream commit 244add8ebfb231c39db9e33b204bd0ce8f24f782 ]

In stream mode, when fast-forwarding TRBs, the stream number
is not cleared causing the new stream to not get assigned. So
we don't want controller to carry on transfers when short packet
is received. So disable the CSP for stream capable endpoint.

This is based on the 3.30a Programming guide, where table 3-1
device descriptor structure field definitions says for CSP bit
If this bit is 0, the controller generates an XferComplete event
and remove the stream. So if we keep CSP as 1 then switching between
streams would not happen as in stream mode, when fast-forwarding
TRBs, the stream number is not cleared causing the new stream to not get
assigned.

Signed-off-by: Tejas Joglekar <joglekar@synopsys.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/dwc3/gadget.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index a9f22a0a3462..e82be2ec859a 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -979,9 +979,13 @@ static void __dwc3_prepare_one_trb(struct dwc3_ep *dep, struct dwc3_trb *trb,
 				usb_endpoint_type(dep->endpoint.desc));
 	}
 
-	/* always enable Continue on Short Packet */
+	/*
+	 * Enable Continue on Short Packet
+	 * when endpoint is not a stream capable
+	 */
 	if (usb_endpoint_dir_out(dep->endpoint.desc)) {
-		trb->ctrl |= DWC3_TRB_CTRL_CSP;
+		if (!dep->stream_capable)
+			trb->ctrl |= DWC3_TRB_CTRL_CSP;
 
 		if (short_not_ok)
 			trb->ctrl |= DWC3_TRB_CTRL_ISP_IMI;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 128/258] iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (125 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 127/258] usb: dwc3: gadget: Disable CSP for stream OUT ep Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 129/258] iommu/arm-smmu: Add support for qcom,smmu-v2 variant Sasha Levin
                   ` (129 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Zhen Lei, Will Deacon, Sasha Levin, iommu

From: Zhen Lei <thunder.leizhen@huawei.com>

[ Upstream commit 84a9a75774961612d0c7dd34a1777e8f98a65abd ]

The GITS_TRANSLATER MMIO doorbell register in the ITS hardware is
architected to be 4 bytes in size, yet on hi1620 and earlier, Hisilicon
have allocated the adjacent 4 bytes to carry some IMPDEF sideband
information which results in an 8-byte MSI payload being delivered when
signalling an interrupt:

MSIAddr:
	 |----4bytes----|----4bytes----|
	 |    MSIData   |    IMPDEF    |

This poses no problem for the ITS hardware because the adjacent 4 bytes
are reserved in the memory map. However, when delivering MSIs to memory,
as we do in the SMMUv3 driver for signalling the completion of a SYNC
command, the extended payload will corrupt the 4 bytes adjacent to the
"sync_count" member in struct arm_smmu_device. Fortunately, the current
layout allocates these bytes to padding, but this is fragile and we
should make this explicit.

Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
[will: Rewrote commit message and comment]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iommu/arm-smmu-v3.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 3e02aace38b1..4afb9cb99ea3 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -586,7 +586,11 @@ struct arm_smmu_device {
 
 	struct arm_smmu_strtab_cfg	strtab_cfg;
 
-	u32				sync_count;
+	/* Hi16xx adds an extra 32 bits of goodness to its MSI payload */
+	union {
+		u32			sync_count;
+		u64			padding;
+	};
 
 	/* IOMMU core code handle */
 	struct iommu_device		iommu;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 129/258] iommu/arm-smmu: Add support for qcom,smmu-v2 variant
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (126 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 128/258] iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 130/258] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer Sasha Levin
                   ` (128 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Vivek Gautam, Will Deacon, Sasha Levin, iommu

From: Vivek Gautam <vivek.gautam@codeaurora.org>

[ Upstream commit 89cddc563743cb1e0068867ac97013b2a5bf86aa ]

qcom,smmu-v2 is an arm,smmu-v2 implementation with specific
clock and power requirements.
On msm8996, multiple cores, viz. mdss, video, etc. use this
smmu. On sdm845, this smmu is used with gpu.
Add bindings for the same.

Signed-off-by: Vivek Gautam <vivek.gautam@codeaurora.org>
Reviewed-by: Rob Herring <robh@kernel.org>
Reviewed-by: Tomasz Figa <tfiga@chromium.org>
Tested-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iommu/arm-smmu.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c
index e7cbf4fcf61d..ce119cb279c3 100644
--- a/drivers/iommu/arm-smmu.c
+++ b/drivers/iommu/arm-smmu.c
@@ -118,6 +118,7 @@ enum arm_smmu_implementation {
 	GENERIC_SMMU,
 	ARM_MMU500,
 	CAVIUM_SMMUV2,
+	QCOM_SMMUV2,
 };
 
 struct arm_smmu_s2cr {
@@ -1912,6 +1913,7 @@ ARM_SMMU_MATCH_DATA(smmu_generic_v2, ARM_SMMU_V2, GENERIC_SMMU);
 ARM_SMMU_MATCH_DATA(arm_mmu401, ARM_SMMU_V1_64K, GENERIC_SMMU);
 ARM_SMMU_MATCH_DATA(arm_mmu500, ARM_SMMU_V2, ARM_MMU500);
 ARM_SMMU_MATCH_DATA(cavium_smmuv2, ARM_SMMU_V2, CAVIUM_SMMUV2);
+ARM_SMMU_MATCH_DATA(qcom_smmuv2, ARM_SMMU_V2, QCOM_SMMUV2);
 
 static const struct of_device_id arm_smmu_of_match[] = {
 	{ .compatible = "arm,smmu-v1", .data = &smmu_generic_v1 },
@@ -1920,6 +1922,7 @@ static const struct of_device_id arm_smmu_of_match[] = {
 	{ .compatible = "arm,mmu-401", .data = &arm_mmu401 },
 	{ .compatible = "arm,mmu-500", .data = &arm_mmu500 },
 	{ .compatible = "cavium,smmu-v2", .data = &cavium_smmuv2 },
+	{ .compatible = "qcom,smmu-v2", .data = &qcom_smmuv2 },
 	{ },
 };
 MODULE_DEVICE_TABLE(of, arm_smmu_of_match);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 130/258] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (127 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 129/258] iommu/arm-smmu: Add support for qcom,smmu-v2 variant Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 131/258] sata_rcar: fix deferred probing Sasha Levin
                   ` (127 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Will Deacon, Robin Murphy, Sasha Levin, iommu

From: Will Deacon <will.deacon@arm.com>

[ Upstream commit a868e8530441286342f90c1fd9c5f24de3aa2880 ]

After removing an entry from a queue (e.g. reading an event in
arm_smmu_evtq_thread()) it is necessary to advance the MMIO consumer
pointer to free the queue slot back to the SMMU. A memory barrier is
required here so that all reads targetting the queue entry have
completed before the consumer pointer is updated.

The implementation of queue_inc_cons() relies on a writel() to complete
the previous reads, but this is incorrect because writel() is only
guaranteed to complete prior writes. This patch replaces the call to
writel() with an mb(); writel_relaxed() sequence, which gives us the
read->write ordering which we require.

Cc: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/iommu/arm-smmu-v3.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c
index 4afb9cb99ea3..9ae3678844eb 100644
--- a/drivers/iommu/arm-smmu-v3.c
+++ b/drivers/iommu/arm-smmu-v3.c
@@ -688,7 +688,13 @@ static void queue_inc_cons(struct arm_smmu_queue *q)
 	u32 cons = (Q_WRP(q, q->cons) | Q_IDX(q, q->cons)) + 1;
 
 	q->cons = Q_OVF(q, q->cons) | Q_WRP(q, cons) | Q_IDX(q, cons);
-	writel(q->cons, q->cons_reg);
+
+	/*
+	 * Ensure that all CPU accesses (reads and writes) to the queue
+	 * are complete before we update the cons pointer.
+	 */
+	mb();
+	writel_relaxed(q->cons, q->cons_reg);
 }
 
 static int queue_sync_prod(struct arm_smmu_queue *q)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 131/258] sata_rcar: fix deferred probing
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (128 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 130/258] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 132/258] clk: imx6sl: ensure MMDC CH0 handshake is bypassed Sasha Levin
                   ` (126 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Sergei Shtylyov, Jens Axboe, Sasha Levin, linux-ide

From: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>

[ Upstream commit 9f83cfdb1ace3ef268ecc6fda50058d2ec37d603 ]

The driver overrides the error codes returned by platform_get_irq() to
-EINVAL, so if it returns -EPROBE_DEFER, the driver would fail the probe
permanently instead of the deferred probing. Switch to propagating the
error code upstream, still checking/overriding IRQ0 as libata regards it
as "no IRQ" (thus polling) anyway...

Fixes: 9ec36cafe43b ("of/irq: do irq resolution in platform_get_irq")
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/ata/sata_rcar.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/ata/sata_rcar.c b/drivers/ata/sata_rcar.c
index 10ecb232245d..03867f539f3a 100644
--- a/drivers/ata/sata_rcar.c
+++ b/drivers/ata/sata_rcar.c
@@ -895,7 +895,9 @@ static int sata_rcar_probe(struct platform_device *pdev)
 	int ret = 0;
 
 	irq = platform_get_irq(pdev, 0);
-	if (irq <= 0)
+	if (irq < 0)
+		return irq;
+	if (!irq)
 		return -EINVAL;
 
 	priv = devm_kzalloc(dev, sizeof(struct sata_rcar_priv), GFP_KERNEL);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 132/258] clk: imx6sl: ensure MMDC CH0 handshake is bypassed
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (129 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 131/258] sata_rcar: fix deferred probing Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 133/258] platform/x86: mlx-platform: Fix tachometer registers Sasha Levin
                   ` (125 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Anson Huang, Anson Huang, Stephen Boyd, Sasha Levin, linux-clk

From: Anson Huang <anson.huang@nxp.com>

[ Upstream commit 0efcc2c0fd2001a83240a8c3d71f67770484917e ]

Same as other i.MX6 SoCs, ensure unused MMDC channel's
handshake is bypassed, this is to make sure no request
signal will be generated when periphe_clk_sel is changed
or SRC warm reset is triggered.

Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
Signed-off-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/clk/imx/clk-imx6sl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/clk/imx/clk-imx6sl.c b/drivers/clk/imx/clk-imx6sl.c
index eb6bcbf345a3..390e3e0ecc45 100644
--- a/drivers/clk/imx/clk-imx6sl.c
+++ b/drivers/clk/imx/clk-imx6sl.c
@@ -17,6 +17,8 @@
 
 #include "clk.h"
 
+#define CCDR				0x4
+#define BM_CCM_CCDR_MMDC_CH0_MASK	(1 << 17)
 #define CCSR			0xc
 #define BM_CCSR_PLL1_SW_CLK_SEL	(1 << 2)
 #define CACRR			0x10
@@ -409,6 +411,10 @@ static void __init imx6sl_clocks_init(struct device_node *ccm_node)
 	clks[IMX6SL_CLK_USDHC3]       = imx_clk_gate2("usdhc3",       "usdhc3_podf",       base + 0x80, 6);
 	clks[IMX6SL_CLK_USDHC4]       = imx_clk_gate2("usdhc4",       "usdhc4_podf",       base + 0x80, 8);
 
+	/* Ensure the MMDC CH0 handshake is bypassed */
+	writel_relaxed(readl_relaxed(base + CCDR) |
+		BM_CCM_CCDR_MMDC_CH0_MASK, base + CCDR);
+
 	imx_check_clocks(clks, ARRAY_SIZE(clks));
 
 	clk_data.clks = clks;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 133/258] platform/x86: mlx-platform: Fix tachometer registers
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (130 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 132/258] clk: imx6sl: ensure MMDC CH0 handshake is bypassed Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 134/258] cpuidle: big.LITTLE: fix refcount leak Sasha Levin
                   ` (124 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Vadim Pasternak, Darren Hart, Sasha Levin, platform-driver-x86

From: Vadim Pasternak <vadimp@mellanox.com>

[ Upstream commit edd45cba5ed7f53974475ddc9a1453c2c87b3328 ]

Shift by one the registers for tachometers (7 - 12).

This fix is relevant for the same new systems MQMB7, MSN37, MSN34,
which are about to be released to the customers.
At the moment, none of them is at customers sites. The customers will
not suffer from this change.
This fix is necessary, because register used before for tachometer 7
has been than reserved for the second PWM for newer systems, which are
not supported yet in mlx-platform driver. So registers of tachometers
7-12 have been shifted by one.

Fixes: 0378123c5800 ("platform/x86: mlx-platform: Add mlxreg-fan platform driver activation")
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/platform/x86/mlx-platform.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/platform/x86/mlx-platform.c b/drivers/platform/x86/mlx-platform.c
index d89936c93ba0..78b4aa4410fb 100644
--- a/drivers/platform/x86/mlx-platform.c
+++ b/drivers/platform/x86/mlx-platform.c
@@ -83,12 +83,12 @@
 #define MLXPLAT_CPLD_LPC_REG_TACHO4_OFFSET	0xe7
 #define MLXPLAT_CPLD_LPC_REG_TACHO5_OFFSET	0xe8
 #define MLXPLAT_CPLD_LPC_REG_TACHO6_OFFSET	0xe9
-#define MLXPLAT_CPLD_LPC_REG_TACHO7_OFFSET	0xea
-#define MLXPLAT_CPLD_LPC_REG_TACHO8_OFFSET	0xeb
-#define MLXPLAT_CPLD_LPC_REG_TACHO9_OFFSET	0xec
-#define MLXPLAT_CPLD_LPC_REG_TACHO10_OFFSET	0xed
-#define MLXPLAT_CPLD_LPC_REG_TACHO11_OFFSET	0xee
-#define MLXPLAT_CPLD_LPC_REG_TACHO12_OFFSET	0xef
+#define MLXPLAT_CPLD_LPC_REG_TACHO7_OFFSET	0xeb
+#define MLXPLAT_CPLD_LPC_REG_TACHO8_OFFSET	0xec
+#define MLXPLAT_CPLD_LPC_REG_TACHO9_OFFSET	0xed
+#define MLXPLAT_CPLD_LPC_REG_TACHO10_OFFSET	0xee
+#define MLXPLAT_CPLD_LPC_REG_TACHO11_OFFSET	0xef
+#define MLXPLAT_CPLD_LPC_REG_TACHO12_OFFSET	0xf0
 #define MLXPLAT_CPLD_LPC_IO_RANGE		0x100
 #define MLXPLAT_CPLD_LPC_I2C_CH1_OFF		0xdb
 #define MLXPLAT_CPLD_LPC_I2C_CH2_OFF		0xda
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 134/258] cpuidle: big.LITTLE: fix refcount leak
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (131 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 133/258] platform/x86: mlx-platform: Fix tachometer registers Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 135/258] OPP: Use opp_table->regulators to verify no regulator case Sasha Levin
                   ` (123 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Yangtao Li, Rafael J . Wysocki, Sasha Levin, linux-pm, linux-arm-kernel

From: Yangtao Li <tiny.windzz@gmail.com>

[ Upstream commit 9456823c842f346c74265fcd98d008d87a7eb6f5 ]

of_find_node_by_path() acquires a reference to the node
returned by it and that reference needs to be dropped by its caller.
bl_idle_init() doesn't do that, so fix it.

Signed-off-by: Yangtao Li <tiny.windzz@gmail.com>
Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/cpuidle/cpuidle-big_little.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/cpuidle/cpuidle-big_little.c b/drivers/cpuidle/cpuidle-big_little.c
index db2ede565f1a..b44476a1b7ad 100644
--- a/drivers/cpuidle/cpuidle-big_little.c
+++ b/drivers/cpuidle/cpuidle-big_little.c
@@ -167,6 +167,7 @@ static int __init bl_idle_init(void)
 {
 	int ret;
 	struct device_node *root = of_find_node_by_path("/");
+	const struct of_device_id *match_id;
 
 	if (!root)
 		return -ENODEV;
@@ -174,7 +175,11 @@ static int __init bl_idle_init(void)
 	/*
 	 * Initialize the driver just for a compliant set of machines
 	 */
-	if (!of_match_node(compatible_machine_match, root))
+	match_id = of_match_node(compatible_machine_match, root);
+
+	of_node_put(root);
+
+	if (!match_id)
 		return -ENODEV;
 
 	if (!mcpm_is_available())
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 135/258] OPP: Use opp_table->regulators to verify no regulator case
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (132 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 134/258] cpuidle: big.LITTLE: fix refcount leak Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 136/258] tee: optee: avoid possible double list_del() Sasha Levin
                   ` (122 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Viresh Kumar, Sasha Levin, linux-pm

From: Viresh Kumar <viresh.kumar@linaro.org>

[ Upstream commit 90e3577b5feb42bac1269e16bb3d2bdd8f6df40f ]

The value of opp_table->regulator_count is not very consistent right now
and it may end up being 0 while we do have a "opp-microvolt" property in
the OPP table. It was kept that way as we used to check if any
regulators are set with the OPP core for a device or not using value of
regulator_count.

Lets use opp_table->regulators for that purpose as the meaning of
regulator_count is going to change in the later patches.

Reported-by: Quentin Perret <quentin.perret@arm.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/opp/core.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/drivers/opp/core.c b/drivers/opp/core.c
index 31ff03dbeb83..f3433bf47b10 100644
--- a/drivers/opp/core.c
+++ b/drivers/opp/core.c
@@ -191,12 +191,12 @@ unsigned long dev_pm_opp_get_max_volt_latency(struct device *dev)
 	if (IS_ERR(opp_table))
 		return 0;
 
-	count = opp_table->regulator_count;
-
 	/* Regulator may not be required for the device */
-	if (!count)
+	if (!opp_table->regulators)
 		goto put_opp_table;
 
+	count = opp_table->regulator_count;
+
 	uV = kmalloc_array(count, sizeof(*uV), GFP_KERNEL);
 	if (!uV)
 		goto put_opp_table;
@@ -976,6 +976,9 @@ static bool _opp_supported_by_regulators(struct dev_pm_opp *opp,
 	struct regulator *reg;
 	int i;
 
+	if (!opp_table->regulators)
+		return true;
+
 	for (i = 0; i < opp_table->regulator_count; i++) {
 		reg = opp_table->regulators[i];
 
@@ -1263,7 +1266,7 @@ static int _allocate_set_opp_data(struct opp_table *opp_table)
 	struct dev_pm_set_opp_data *data;
 	int len, count = opp_table->regulator_count;
 
-	if (WARN_ON(!count))
+	if (WARN_ON(!opp_table->regulators))
 		return -EINVAL;
 
 	/* space for set_opp_data */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 136/258] tee: optee: avoid possible double list_del()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (133 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 135/258] OPP: Use opp_table->regulators to verify no regulator case Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 137/258] drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver Sasha Levin
                   ` (121 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Zhizhou Zhang, Jens Wiklander, Sasha Levin

From: Zhizhou Zhang <zhizhouzhang@asrmicro.com>

[ Upstream commit b2d102bd0146d9eb1fa630ca0cd19a15ef2f74c8 ]

This bug occurs when:

- a new request arrives, one thread(let's call it A) is pending in
  optee_supp_req() with req->busy is initial value false.

- tee-supplicant is killed, then optee_supp_release() is called, this
  function calls list_del(&req->link), and set supp->ctx to NULL. And
  it also wake up process A.

- process A continues, it firstly checks supp->ctx which is NULL,
  then checks req->busy which is false, at last run list_del(&req->link).
  This triggers double list_del() and results kernel panic.

For solve this problem, we rename req->busy to req->in_queue, and
associate it with state of whether req is linked to supp->reqs. So we
can just only check req->in_queue to make decision calling list_del()
or not.

Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tee/optee/supp.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/drivers/tee/optee/supp.c b/drivers/tee/optee/supp.c
index df35fc01fd3e..43626e15703a 100644
--- a/drivers/tee/optee/supp.c
+++ b/drivers/tee/optee/supp.c
@@ -19,7 +19,7 @@
 struct optee_supp_req {
 	struct list_head link;
 
-	bool busy;
+	bool in_queue;
 	u32 func;
 	u32 ret;
 	size_t num_params;
@@ -54,7 +54,6 @@ void optee_supp_release(struct optee_supp *supp)
 
 	/* Abort all request retrieved by supplicant */
 	idr_for_each_entry(&supp->idr, req, id) {
-		req->busy = false;
 		idr_remove(&supp->idr, id);
 		req->ret = TEEC_ERROR_COMMUNICATION;
 		complete(&req->c);
@@ -63,6 +62,7 @@ void optee_supp_release(struct optee_supp *supp)
 	/* Abort all queued requests */
 	list_for_each_entry_safe(req, req_tmp, &supp->reqs, link) {
 		list_del(&req->link);
+		req->in_queue = false;
 		req->ret = TEEC_ERROR_COMMUNICATION;
 		complete(&req->c);
 	}
@@ -103,6 +103,7 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params,
 	/* Insert the request in the request list */
 	mutex_lock(&supp->mutex);
 	list_add_tail(&req->link, &supp->reqs);
+	req->in_queue = true;
 	mutex_unlock(&supp->mutex);
 
 	/* Tell an eventual waiter there's a new request */
@@ -130,9 +131,10 @@ u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params,
 			 * will serve all requests in a timely manner and
 			 * interrupting then wouldn't make sense.
 			 */
-			interruptable = !req->busy;
-			if (!req->busy)
+			if (req->in_queue) {
 				list_del(&req->link);
+				req->in_queue = false;
+			}
 		}
 		mutex_unlock(&supp->mutex);
 
@@ -176,7 +178,7 @@ static struct optee_supp_req  *supp_pop_entry(struct optee_supp *supp,
 		return ERR_PTR(-ENOMEM);
 
 	list_del(&req->link);
-	req->busy = true;
+	req->in_queue = false;
 
 	return req;
 }
@@ -318,7 +320,6 @@ static struct optee_supp_req *supp_pop_req(struct optee_supp *supp,
 	if ((num_params - nm) != req->num_params)
 		return ERR_PTR(-EINVAL);
 
-	req->busy = false;
 	idr_remove(&supp->idr, id);
 	supp->req_id = -1;
 	*num_meta = nm;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 137/258] drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (134 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 136/258] tee: optee: avoid possible double list_del() Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 138/258] drm/msm: dpu: Only check flush register against pending flushes Sasha Levin
                   ` (120 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Abhinav Kumar, Sean Paul, Rob Clark, Sasha Levin, linux-arm-msm,
	dri-devel, freedreno

From: Abhinav Kumar <abhinavk@codeaurora.org>

[ Upstream commit c1866d44d149a1ea5c303632114fb6aa08cfd263 ]

Fix the dsi clock names in the DSI 10nm PLL driver to
match the names in the dispcc driver as those are
according to the clock plan of the chipset.

Changes in v2:
- Update the clock diagram with the new clock name

Reviewed-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Abhinav Kumar <abhinavk@codeaurora.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/msm/dsi/pll/dsi_pll_10nm.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/gpu/drm/msm/dsi/pll/dsi_pll_10nm.c b/drivers/gpu/drm/msm/dsi/pll/dsi_pll_10nm.c
index 41bec570c518..31205625c734 100644
--- a/drivers/gpu/drm/msm/dsi/pll/dsi_pll_10nm.c
+++ b/drivers/gpu/drm/msm/dsi/pll/dsi_pll_10nm.c
@@ -17,7 +17,7 @@
  *                              |                |
  *                              |                |
  *                 +---------+  |  +----------+  |  +----+
- *  dsi0vco_clk ---| out_div |--o--| divl_3_0 |--o--| /8 |-- dsi0pllbyte
+ *  dsi0vco_clk ---| out_div |--o--| divl_3_0 |--o--| /8 |-- dsi0_phy_pll_out_byteclk
  *                 +---------+  |  +----------+  |  +----+
  *                              |                |
  *                              |                |         dsi0_pll_by_2_bit_clk
@@ -25,7 +25,7 @@
  *                              |                |  +----+  |  |\  dsi0_pclk_mux
  *                              |                |--| /2 |--o--| \   |
  *                              |                |  +----+     |  \  |  +---------+
- *                              |                --------------|  |--o--| div_7_4 |-- dsi0pll
+ *                              |                --------------|  |--o--| div_7_4 |-- dsi0_phy_pll_out_dsiclk
  *                              |------------------------------|  /     +---------+
  *                              |          +-----+             | /
  *                              -----------| /4? |--o----------|/
@@ -690,7 +690,7 @@ static int pll_10nm_register(struct dsi_pll_10nm *pll_10nm)
 
 	hws[num++] = hw;
 
-	snprintf(clk_name, 32, "dsi%dpllbyte", pll_10nm->id);
+	snprintf(clk_name, 32, "dsi%d_phy_pll_out_byteclk", pll_10nm->id);
 	snprintf(parent, 32, "dsi%d_pll_bit_clk", pll_10nm->id);
 
 	/* DSI Byte clock = VCO_CLK / OUT_DIV / BIT_DIV / 8 */
@@ -739,7 +739,7 @@ static int pll_10nm_register(struct dsi_pll_10nm *pll_10nm)
 
 	hws[num++] = hw;
 
-	snprintf(clk_name, 32, "dsi%dpll", pll_10nm->id);
+	snprintf(clk_name, 32, "dsi%d_phy_pll_out_dsiclk", pll_10nm->id);
 	snprintf(parent, 32, "dsi%d_pclk_mux", pll_10nm->id);
 
 	/* PIX CLK DIV : DIV_CTRL_7_4*/
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 138/258] drm/msm: dpu: Only check flush register against pending flushes
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (135 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 137/258] drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 139/258] lightnvm: pblk: fix resubmission of overwritten write err lbas Sasha Levin
                   ` (119 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sean Paul, Rob Clark, Sasha Levin, linux-arm-msm, dri-devel, freedreno

From: Sean Paul <seanpaul@chromium.org>

[ Upstream commit 5f79e03b1f7c1b2cf0019ce6365fe5d52629813d ]

There exists a case where a flush of a plane/dma may have been triggered
& started from an async commit. If that plane/dma is subsequently disabled
by the next commit, the flush register will continue to hold the flush
bit for the disabled plane. Since the bit remains active,
pending_kickoff_cnt will never decrement and we'll miss frame_done
events.

This patch limits the check of flush_register to include only those bits
which have been updated with the latest commit.

Changes in v2:
- None

Reviewed-by: Jeykumar Sankaran <jsanka@codeaurora.org>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c
index 14fc7c2a6bb7..c9962a36b86b 100644
--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c
+++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c
@@ -331,7 +331,7 @@ static void dpu_encoder_phys_vid_vblank_irq(void *arg, int irq_idx)
 	if (hw_ctl && hw_ctl->ops.get_flush_register)
 		flush_register = hw_ctl->ops.get_flush_register(hw_ctl);
 
-	if (flush_register == 0)
+	if (!(flush_register & hw_ctl->ops.get_pending_flush(hw_ctl)))
 		new_cnt = atomic_add_unless(&phys_enc->pending_kickoff_cnt,
 				-1, 0);
 	spin_unlock_irqrestore(phys_enc->enc_spinlock, lock_flags);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 139/258] lightnvm: pblk: fix resubmission of overwritten write err lbas
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (136 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 138/258] drm/msm: dpu: Only check flush register against pending flushes Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 140/258] lightnvm: pblk: add lock protection to list operations Sasha Levin
                   ` (118 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Hans Holmberg, Matias Bjørling, Jens Axboe, Sasha Levin,
	linux-block

From: Hans Holmberg <hans.holmberg@cnexlabs.com>

[ Upstream commit c12fa401ac8c94a74aff68bb5736b3f1dc695fa8 ]

Make sure we only look up valid lba addresses on the resubmission path.

If an lba is invalidated in the write buffer, that sector will be
submitted to disk (as it is already mapped to a ppa), and that write
might fail, resulting in a crash when trying to look up the lba in the
mapping table (as the lba is marked as invalid).

Signed-off-by: Hans Holmberg <hans.holmberg@cnexlabs.com>
Reviewed-by: Javier González <javier@javigon.com>
Signed-off-by: Matias Bjørling <mb@lightnvm.io>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/lightnvm/pblk-write.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/lightnvm/pblk-write.c b/drivers/lightnvm/pblk-write.c
index 879227d584e7..c3e038d4b22e 100644
--- a/drivers/lightnvm/pblk-write.c
+++ b/drivers/lightnvm/pblk-write.c
@@ -158,9 +158,11 @@ static void pblk_prepare_resubmit(struct pblk *pblk, unsigned int sentry,
 		w_ctx = &entry->w_ctx;
 
 		/* Check if the lba has been overwritten */
-		ppa_l2p = pblk_trans_map_get(pblk, w_ctx->lba);
-		if (!pblk_ppa_comp(ppa_l2p, entry->cacheline))
-			w_ctx->lba = ADDR_EMPTY;
+		if (w_ctx->lba != ADDR_EMPTY) {
+			ppa_l2p = pblk_trans_map_get(pblk, w_ctx->lba);
+			if (!pblk_ppa_comp(ppa_l2p, entry->cacheline))
+				w_ctx->lba = ADDR_EMPTY;
+		}
 
 		/* Mark up the entry as submittable again */
 		flags = READ_ONCE(w_ctx->flags);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 140/258] lightnvm: pblk: add lock protection to list operations
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (137 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 139/258] lightnvm: pblk: fix resubmission of overwritten write err lbas Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 141/258] i2c-axxia: check for error conditions first Sasha Levin
                   ` (117 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Hua Su, Matias Bjørling, Jens Axboe, Sasha Levin, linux-block

From: Hua Su <suhua.tanke@gmail.com>

[ Upstream commit fde201a466c6ad5efd72cb54fdf2cefa8b6c6ad7 ]

Protect the list_add on the pblk_line_init_bb() error
path in case this code is used for some other purpose
in the future.

Signed-off-by: Hua Su <suhua.tanke@gmail.com>
Reviewed-by: Javier González <javier@cnexlabs.com>
Signed-off-by: Matias Bjørling <mb@lightnvm.io>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/lightnvm/pblk-core.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/drivers/lightnvm/pblk-core.c b/drivers/lightnvm/pblk-core.c
index 2940cdc87af1..95be6e36c7dd 100644
--- a/drivers/lightnvm/pblk-core.c
+++ b/drivers/lightnvm/pblk-core.c
@@ -1252,15 +1252,22 @@ int pblk_line_recov_alloc(struct pblk *pblk, struct pblk_line *line)
 
 	ret = pblk_line_alloc_bitmaps(pblk, line);
 	if (ret)
-		return ret;
+		goto fail;
 
 	if (!pblk_line_init_bb(pblk, line, 0)) {
-		list_add(&line->list, &l_mg->free_list);
-		return -EINTR;
+		ret = -EINTR;
+		goto fail;
 	}
 
 	pblk_rl_free_lines_dec(&pblk->rl, line, true);
 	return 0;
+
+fail:
+	spin_lock(&l_mg->free_lock);
+	list_add(&line->list, &l_mg->free_list);
+	spin_unlock(&l_mg->free_lock);
+
+	return ret;
 }
 
 void pblk_line_recov_close(struct pblk *pblk, struct pblk_line *line)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 141/258] i2c-axxia: check for error conditions first
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (138 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 140/258] lightnvm: pblk: add lock protection to list operations Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 142/258] phy: sun4i-usb: add support for missing USB PHY index Sasha Levin
                   ` (116 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Adamski, Krzysztof (Nokia - PL/Wroclaw),
	Wolfram Sang, Sasha Levin, linux-i2c

From: "Adamski, Krzysztof (Nokia - PL/Wroclaw)" <krzysztof.adamski@nokia.com>

[ Upstream commit 4f5c85fe3a60ace555d09898166af372547f97fc ]

It was observed that when using seqentional mode contrary to the
documentation, the SS bit (which is supposed to only be set if
automatic/sequence command completed normally), is sometimes set
together with NA (NAK in address phase) causing transfer to falsely be
considered successful.

My assumption is that this does not happen during manual mode since the
controller is stopping its work the moment it sets NA/ND bit in status
register. This is not the case in Automatic/Sequentional mode where it
is still working to send STOP condition and the actual status we get
depends on the time when the ISR is run.

This patch changes the order of checking status bits in ISR - error
conditions are checked first and only if none of them occurred, the
transfer may be considered successful. This is required to introduce
using of sequentional mode in next patch.

Signed-off-by: Krzysztof Adamski <krzysztof.adamski@nokia.com>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/i2c/busses/i2c-axxia.c | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/drivers/i2c/busses/i2c-axxia.c b/drivers/i2c/busses/i2c-axxia.c
index 51d34959709b..fb5bac079e83 100644
--- a/drivers/i2c/busses/i2c-axxia.c
+++ b/drivers/i2c/busses/i2c-axxia.c
@@ -296,22 +296,7 @@ static irqreturn_t axxia_i2c_isr(int irq, void *_dev)
 			i2c_int_disable(idev, MST_STATUS_TFL);
 	}
 
-	if (status & MST_STATUS_SCC) {
-		/* Stop completed */
-		i2c_int_disable(idev, ~MST_STATUS_TSS);
-		complete(&idev->msg_complete);
-	} else if (status & MST_STATUS_SNS) {
-		/* Transfer done */
-		i2c_int_disable(idev, ~MST_STATUS_TSS);
-		if (i2c_m_rd(idev->msg) && idev->msg_xfrd < idev->msg->len)
-			axxia_i2c_empty_rx_fifo(idev);
-		complete(&idev->msg_complete);
-	} else if (status & MST_STATUS_TSS) {
-		/* Transfer timeout */
-		idev->msg_err = -ETIMEDOUT;
-		i2c_int_disable(idev, ~MST_STATUS_TSS);
-		complete(&idev->msg_complete);
-	} else if (unlikely(status & MST_STATUS_ERR)) {
+	if (unlikely(status & MST_STATUS_ERR)) {
 		/* Transfer error */
 		i2c_int_disable(idev, ~0);
 		if (status & MST_STATUS_AL)
@@ -328,6 +313,21 @@ static irqreturn_t axxia_i2c_isr(int irq, void *_dev)
 			readl(idev->base + MST_TX_BYTES_XFRD),
 			readl(idev->base + MST_TX_XFER));
 		complete(&idev->msg_complete);
+	} else if (status & MST_STATUS_SCC) {
+		/* Stop completed */
+		i2c_int_disable(idev, ~MST_STATUS_TSS);
+		complete(&idev->msg_complete);
+	} else if (status & MST_STATUS_SNS) {
+		/* Transfer done */
+		i2c_int_disable(idev, ~MST_STATUS_TSS);
+		if (i2c_m_rd(idev->msg) && idev->msg_xfrd < idev->msg->len)
+			axxia_i2c_empty_rx_fifo(idev);
+		complete(&idev->msg_complete);
+	} else if (status & MST_STATUS_TSS) {
+		/* Transfer timeout */
+		idev->msg_err = -ETIMEDOUT;
+		i2c_int_disable(idev, ~MST_STATUS_TSS);
+		complete(&idev->msg_complete);
 	}
 
 out:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 142/258] phy: sun4i-usb: add support for missing USB PHY index
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (139 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 141/258] i2c-axxia: check for error conditions first Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 143/258] mlxsw: spectrum_acl: Limit priority value Sasha Levin
                   ` (115 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Icenowy Zheng, Kishon Vijay Abraham I, Sasha Levin

From: Icenowy Zheng <icenowy@aosc.io>

[ Upstream commit 2659392e5c08dff626e6db1d739adff58a94604d ]

The new Allwinner H6 SoC's USB2 PHY has two holes -- USB1 (which is a
3.0 port with dedicated PHY) and USB2 (which doesn't exist at all).

Add support for this kind of missing USB PHY index.

Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
Reviewed-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/phy/allwinner/phy-sun4i-usb.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/drivers/phy/allwinner/phy-sun4i-usb.c b/drivers/phy/allwinner/phy-sun4i-usb.c
index d4dcd39b8d76..881078ff73f6 100644
--- a/drivers/phy/allwinner/phy-sun4i-usb.c
+++ b/drivers/phy/allwinner/phy-sun4i-usb.c
@@ -126,6 +126,7 @@ struct sun4i_usb_phy_cfg {
 	bool dedicated_clocks;
 	bool enable_pmu_unk1;
 	bool phy0_dual_route;
+	int missing_phys;
 };
 
 struct sun4i_usb_phy_data {
@@ -646,6 +647,9 @@ static struct phy *sun4i_usb_phy_xlate(struct device *dev,
 	if (args->args[0] >= data->cfg->num_phys)
 		return ERR_PTR(-ENODEV);
 
+	if (data->cfg->missing_phys & BIT(args->args[0]))
+		return ERR_PTR(-ENODEV);
+
 	return data->phys[args->args[0]].phy;
 }
 
@@ -741,6 +745,9 @@ static int sun4i_usb_phy_probe(struct platform_device *pdev)
 		struct sun4i_usb_phy *phy = data->phys + i;
 		char name[16];
 
+		if (data->cfg->missing_phys & BIT(i))
+			continue;
+
 		snprintf(name, sizeof(name), "usb%d_vbus", i);
 		phy->vbus = devm_regulator_get_optional(dev, name);
 		if (IS_ERR(phy->vbus)) {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 143/258] mlxsw: spectrum_acl: Limit priority value
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (140 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 142/258] phy: sun4i-usb: add support for missing USB PHY index Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 144/258] udf: Fix BUG on corrupted inode Sasha Levin
                   ` (114 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nir Dotan, Ido Schimmel, David S . Miller, Sasha Levin, netdev

From: Nir Dotan <nird@mellanox.com>

[ Upstream commit d7263ab35be25505ab57ebecd93cbc5dba8be717 ]

In Spectrum-2, higher priority value wins and priority valid values are in
the range of {1,cap_kvd_size-1}. mlxsw_sp_acl_tcam_priority_get converts
from lower-bound priorities alike tc flower to Spectrum-2 HW range. Up
until now tc flower did not provide priority 0 or reached the maximal
value, however multicast routing does provide priority 0.

Therefore, Change mlxsw_sp_acl_tcam_priority_get to verify priority is in
the correct range. Make sure priority is never set to zero and never
exceeds the maximal allowed value.

Signed-off-by: Nir Dotan <nird@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c
index e171513bb32a..30931a2c025b 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c
@@ -95,8 +95,9 @@ int mlxsw_sp_acl_tcam_priority_get(struct mlxsw_sp *mlxsw_sp,
 	if (!MLXSW_CORE_RES_VALID(mlxsw_sp->core, KVD_SIZE))
 		return -EIO;
 
-	max_priority = MLXSW_CORE_RES_GET(mlxsw_sp->core, KVD_SIZE);
-	if (rulei->priority > max_priority)
+	/* Priority range is 1..cap_kvd_size-1. */
+	max_priority = MLXSW_CORE_RES_GET(mlxsw_sp->core, KVD_SIZE) - 1;
+	if (rulei->priority >= max_priority)
 		return -EINVAL;
 
 	/* Unlike in TC, in HW, higher number means higher priority. */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 144/258] udf: Fix BUG on corrupted inode
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (141 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 143/258] mlxsw: spectrum_acl: Limit priority value Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 145/258] switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite Sasha Levin
                   ` (113 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Jan Kara, Sasha Levin

From: Jan Kara <jack@suse.cz>

[ Upstream commit d288d95842f1503414b7eebce3773bac3390457e ]

When inode is corrupted so that extent type is invalid, some functions
(such as udf_truncate_extents()) will just BUG. Check that extent type
is valid when loading the inode to memory.

Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/udf/inode.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 5df554a9f9c9..ae796e10f68b 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -1357,6 +1357,12 @@ static int udf_read_inode(struct inode *inode, bool hidden_inode)
 
 	iinfo->i_alloc_type = le16_to_cpu(fe->icbTag.flags) &
 							ICBTAG_FLAG_AD_MASK;
+	if (iinfo->i_alloc_type != ICBTAG_FLAG_AD_SHORT &&
+	    iinfo->i_alloc_type != ICBTAG_FLAG_AD_LONG &&
+	    iinfo->i_alloc_type != ICBTAG_FLAG_AD_IN_ICB) {
+		ret = -EIO;
+		goto out;
+	}
 	iinfo->i_unique = 0;
 	iinfo->i_lenEAttr = 0;
 	iinfo->i_lenExtents = 0;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 145/258] switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (142 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 144/258] udf: Fix BUG on corrupted inode Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 146/258] selftests/bpf: use __bpf_constant_htons in test_prog.c Sasha Levin
                   ` (112 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Joey Zhang, Wesley Sheng, Bjorn Helgaas, Sasha Levin, linux-pci

From: Joey Zhang <joey.zhang@microchip.com>

[ Upstream commit e4a7dca5de625018b29417ecc39dc5037d9a5a36 ]

In the ioctl_event_ctl() SWITCHTEC_IOCTL_EVENT_IDX_ALL case, we call
event_ctl() several times with the same "ctl" struct.  Each call clobbers
ctl.flags, which leads to the problem that we may not actually enable or
disable all events as the user requested.

Preserve the event flag value with a temporary variable.

Fixes: 52eabba5bcdb ("switchtec: Add IOCTLs to the Switchtec driver")
Signed-off-by: Joey Zhang <joey.zhang@microchip.com>
Signed-off-by: Wesley Sheng <wesley.sheng@microchip.com>
[bhelgaas: changelog]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/switch/switchtec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/pci/switch/switchtec.c b/drivers/pci/switch/switchtec.c
index 54a8b30dda38..37d0c15c9eeb 100644
--- a/drivers/pci/switch/switchtec.c
+++ b/drivers/pci/switch/switchtec.c
@@ -800,6 +800,7 @@ static int ioctl_event_ctl(struct switchtec_dev *stdev,
 {
 	int ret;
 	int nr_idxs;
+	unsigned int event_flags;
 	struct switchtec_ioctl_event_ctl ctl;
 
 	if (copy_from_user(&ctl, uctl, sizeof(ctl)))
@@ -821,7 +822,9 @@ static int ioctl_event_ctl(struct switchtec_dev *stdev,
 		else
 			return -EINVAL;
 
+		event_flags = ctl.flags;
 		for (ctl.index = 0; ctl.index < nr_idxs; ctl.index++) {
+			ctl.flags = event_flags;
 			ret = event_ctl(stdev, &ctl);
 			if (ret < 0)
 				return ret;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 146/258] selftests/bpf: use __bpf_constant_htons in test_prog.c
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (143 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 145/258] switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 147/258] ARM: pxa: avoid section mismatch warning Sasha Levin
                   ` (111 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Stanislav Fomichev, Daniel Borkmann, Alexei Starovoitov,
	Sasha Levin, netdev, linux-kselftest

From: Stanislav Fomichev <sdf@google.com>

[ Upstream commit a0517a0f7ef23550b4484c37e2b9c2d32abebf64 ]

For some reason, my older GCC (< 4.8) isn't smart enough to optimize the
!__builtin_constant_p() branch in bpf_htons, I see:
  error: implicit declaration of function '__builtin_bswap16'

Let's use __bpf_constant_htons as suggested by Daniel Borkmann.

I tried to use simple htons, but it produces the following:
  test_progs.c:54:17: error: braced-group within expression allowed only
  inside a function
    .eth.h_proto = htons(ETH_P_IP),

Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/testing/selftests/bpf/test_progs.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/tools/testing/selftests/bpf/test_progs.c b/tools/testing/selftests/bpf/test_progs.c
index 0ef68204c84b..d029cad08cbd 100644
--- a/tools/testing/selftests/bpf/test_progs.c
+++ b/tools/testing/selftests/bpf/test_progs.c
@@ -51,10 +51,10 @@ static struct {
 	struct iphdr iph;
 	struct tcphdr tcp;
 } __packed pkt_v4 = {
-	.eth.h_proto = bpf_htons(ETH_P_IP),
+	.eth.h_proto = __bpf_constant_htons(ETH_P_IP),
 	.iph.ihl = 5,
 	.iph.protocol = 6,
-	.iph.tot_len = bpf_htons(MAGIC_BYTES),
+	.iph.tot_len = __bpf_constant_htons(MAGIC_BYTES),
 	.tcp.urg_ptr = 123,
 };
 
@@ -64,9 +64,9 @@ static struct {
 	struct ipv6hdr iph;
 	struct tcphdr tcp;
 } __packed pkt_v6 = {
-	.eth.h_proto = bpf_htons(ETH_P_IPV6),
+	.eth.h_proto = __bpf_constant_htons(ETH_P_IPV6),
 	.iph.nexthdr = 6,
-	.iph.payload_len = bpf_htons(MAGIC_BYTES),
+	.iph.payload_len = __bpf_constant_htons(MAGIC_BYTES),
 	.tcp.urg_ptr = 123,
 };
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 147/258] ARM: pxa: avoid section mismatch warning
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (144 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 146/258] selftests/bpf: use __bpf_constant_htons in test_prog.c Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 148/258] ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M Sasha Levin
                   ` (110 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Arnd Bergmann, Olof Johansson, Sasha Levin

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 88af3209aa0881aa5ffd99664b6080a4be5f24e5 ]

WARNING: vmlinux.o(.text+0x19f90): Section mismatch in reference from the function littleton_init_lcd() to the function .init.text:pxa_set_fb_info()
The function littleton_init_lcd() references
the function __init pxa_set_fb_info().
This is often because littleton_init_lcd lacks a __init
annotation or the annotation of pxa_set_fb_info is wrong.

WARNING: vmlinux.o(.text+0xf824): Section mismatch in reference from the function zeus_register_ohci() to the function .init.text:pxa_set_ohci_info()
The function zeus_register_ohci() references
the function __init pxa_set_ohci_info().
This is often because zeus_register_ohci lacks a __init
annotation or the annotation of pxa_set_ohci_info is wrong.

WARNING: vmlinux.o(.text+0xf95c): Section mismatch in reference from the function cm_x300_init_u2d() to the function .init.text:pxa3xx_set_u2d_info()
The function cm_x300_init_u2d() references
the function __init pxa3xx_set_u2d_info().
This is often because cm_x300_init_u2d lacks a __init
annotation or the annotation of pxa3xx_set_u2d_info is wrong.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-pxa/cm-x300.c   | 2 +-
 arch/arm/mach-pxa/littleton.c | 2 +-
 arch/arm/mach-pxa/zeus.c      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/arm/mach-pxa/cm-x300.c b/arch/arm/mach-pxa/cm-x300.c
index c5c0ab8ac9f9..024c1fbcc55a 100644
--- a/arch/arm/mach-pxa/cm-x300.c
+++ b/arch/arm/mach-pxa/cm-x300.c
@@ -558,7 +558,7 @@ static struct pxa3xx_u2d_platform_data cm_x300_u2d_platform_data = {
 	.exit		= cm_x300_u2d_exit,
 };
 
-static void cm_x300_init_u2d(void)
+static void __init cm_x300_init_u2d(void)
 {
 	pxa3xx_set_u2d_info(&cm_x300_u2d_platform_data);
 }
diff --git a/arch/arm/mach-pxa/littleton.c b/arch/arm/mach-pxa/littleton.c
index 9e132b3e48c6..9960ea158829 100644
--- a/arch/arm/mach-pxa/littleton.c
+++ b/arch/arm/mach-pxa/littleton.c
@@ -184,7 +184,7 @@ static struct pxafb_mach_info littleton_lcd_info = {
 	.lcd_conn		= LCD_COLOR_TFT_16BPP,
 };
 
-static void littleton_init_lcd(void)
+static void __init littleton_init_lcd(void)
 {
 	pxa_set_fb_info(NULL, &littleton_lcd_info);
 }
diff --git a/arch/arm/mach-pxa/zeus.c b/arch/arm/mach-pxa/zeus.c
index e3851795d6d7..68a536de542d 100644
--- a/arch/arm/mach-pxa/zeus.c
+++ b/arch/arm/mach-pxa/zeus.c
@@ -559,7 +559,7 @@ static struct pxaohci_platform_data zeus_ohci_platform_data = {
 	.flags		= ENABLE_PORT_ALL | POWER_SENSE_LOW,
 };
 
-static void zeus_register_ohci(void)
+static void __init zeus_register_ohci(void)
 {
 	/* Port 2 is shared between host and client interface. */
 	UP2OCR = UP2OCR_HXOE | UP2OCR_HXS | UP2OCR_DMPDE | UP2OCR_DPPDE;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 148/258] ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (145 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 147/258] ARM: pxa: avoid section mismatch warning Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 149/258] ARM: mmp: fix timer_init calls Sasha Levin
                   ` (109 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Fabio Estevam, Mark Brown, Sasha Levin

From: Fabio Estevam <festevam@gmail.com>

[ Upstream commit add6883619a9e3bf9658eaff1a547354131bbcd9 ]

eukrea-tlv320.c machine driver runs on non-DT platforms
and include <asm/mach-types.h> header file in order to be able
to use some machine_is_eukrea_xxx() macros.

Building it for ARM64 causes the following build error:

sound/soc/fsl/eukrea-tlv320.c:28:10: fatal error: asm/mach-types.h: No such file or directory

Avoid this error by not allowing to build the SND_SOC_EUKREA_TLV320
driver when ARM64 is selected.

This is needed in preparation for the i.MX8M support.

Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Fabio Estevam <festevam@gmail.com>
Acked-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 sound/soc/fsl/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/fsl/Kconfig b/sound/soc/fsl/Kconfig
index 6ec19fb4a934..2e75b5bc5f1d 100644
--- a/sound/soc/fsl/Kconfig
+++ b/sound/soc/fsl/Kconfig
@@ -221,7 +221,7 @@ config SND_SOC_PHYCORE_AC97
 
 config SND_SOC_EUKREA_TLV320
 	tristate "Eukrea TLV320"
-	depends on ARCH_MXC && I2C
+	depends on ARCH_MXC && !ARM64 && I2C
 	select SND_SOC_TLV320AIC23_I2C
 	select SND_SOC_IMX_AUDMUX
 	select SND_SOC_IMX_SSI
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 149/258] ARM: mmp: fix timer_init calls
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (146 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 148/258] ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 150/258] KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines Sasha Levin
                   ` (108 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Arnd Bergmann, Olof Johansson, Sasha Levin

From: Arnd Bergmann <arnd@arndb.de>

[ Upstream commit 12d3a30db4a3b3df5fbadf5974b9cf50544a9950 ]

The change to passing the timer frequency as a function argument
was a good idea, but caused a build failure for one user that
was missed in the update:

arch/arm/mach-mmp/time.c: In function 'mmp_dt_init_timer':
arch/arm/mach-mmp/time.c:242:2: error: implicit declaration of function 'timer_init'; did you mean 'hrtimer_init'? [-Werror=implicit-function-declaration]

Change that as well to fix the build error, and rename the
function to put it into a proper namespace and make it clearer
what is actually going on.

I saw that the high 6500000 HZ frequency was previously only
set with CONFIG_MMP2, but is now also used with MMP (pxa910),
so I'm changing that back here. Please make sure that the
frequencies are all correct now.

Fixes: f36797ee4380 ("ARM: mmp/mmp2: dt: enable the clock")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm/mach-mmp/common.h | 2 +-
 arch/arm/mach-mmp/mmp2.c   | 2 +-
 arch/arm/mach-mmp/pxa168.c | 2 +-
 arch/arm/mach-mmp/pxa910.c | 2 +-
 arch/arm/mach-mmp/time.c   | 4 ++--
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/arch/arm/mach-mmp/common.h b/arch/arm/mach-mmp/common.h
index 5ac2851ef5d3..483b8b6d3005 100644
--- a/arch/arm/mach-mmp/common.h
+++ b/arch/arm/mach-mmp/common.h
@@ -2,7 +2,7 @@
 #include <linux/reboot.h>
 #define ARRAY_AND_SIZE(x)	(x), ARRAY_SIZE(x)
 
-extern void timer_init(int irq, unsigned long rate);
+extern void mmp_timer_init(int irq, unsigned long rate);
 
 extern void __init mmp_map_io(void);
 extern void mmp_restart(enum reboot_mode, const char *);
diff --git a/arch/arm/mach-mmp/mmp2.c b/arch/arm/mach-mmp/mmp2.c
index fb3e7e32c882..726c1a642dea 100644
--- a/arch/arm/mach-mmp/mmp2.c
+++ b/arch/arm/mach-mmp/mmp2.c
@@ -134,7 +134,7 @@ void __init mmp2_timer_init(void)
 	clk_rst = APBC_APBCLK | APBC_FNCLK | APBC_FNCLKSEL(1);
 	__raw_writel(clk_rst, APBC_TIMERS);
 
-	timer_init(IRQ_MMP2_TIMER1, 6500000);
+	mmp_timer_init(IRQ_MMP2_TIMER1, 6500000);
 }
 
 /* on-chip devices */
diff --git a/arch/arm/mach-mmp/pxa168.c b/arch/arm/mach-mmp/pxa168.c
index 77a358165a56..cdcf65ace3f9 100644
--- a/arch/arm/mach-mmp/pxa168.c
+++ b/arch/arm/mach-mmp/pxa168.c
@@ -79,7 +79,7 @@ void __init pxa168_timer_init(void)
 	/* 3.25MHz, bus/functional clock enabled, release reset */
 	__raw_writel(TIMER_CLK_RST, APBC_TIMERS);
 
-	timer_init(IRQ_PXA168_TIMER1, 6500000);
+	mmp_timer_init(IRQ_PXA168_TIMER1, 3250000);
 }
 
 void pxa168_clear_keypad_wakeup(void)
diff --git a/arch/arm/mach-mmp/pxa910.c b/arch/arm/mach-mmp/pxa910.c
index 1ccbba9ac495..d30a7d12bc98 100644
--- a/arch/arm/mach-mmp/pxa910.c
+++ b/arch/arm/mach-mmp/pxa910.c
@@ -116,7 +116,7 @@ void __init pxa910_timer_init(void)
 	__raw_writel(APBC_APBCLK | APBC_RST, APBC_TIMERS);
 	__raw_writel(TIMER_CLK_RST, APBC_TIMERS);
 
-	timer_init(IRQ_PXA910_AP1_TIMER1);
+	mmp_timer_init(IRQ_PXA910_AP1_TIMER1, 3250000);
 }
 
 /* on-chip devices */
diff --git a/arch/arm/mach-mmp/time.c b/arch/arm/mach-mmp/time.c
index eab0fd8a7343..f9c295154b94 100644
--- a/arch/arm/mach-mmp/time.c
+++ b/arch/arm/mach-mmp/time.c
@@ -184,7 +184,7 @@ static struct irqaction timer_irq = {
 	.dev_id		= &ckevt,
 };
 
-void __init timer_init(int irq, unsigned long rate)
+void __init mmp_timer_init(int irq, unsigned long rate)
 {
 	timer_config();
 
@@ -239,7 +239,7 @@ void __init mmp_dt_init_timer(void)
 		ret = -ENOMEM;
 		goto out;
 	}
-	timer_init(irq, rate);
+	mmp_timer_init(irq, rate);
 	return;
 out:
 	pr_err("Failed to get timer from device tree with error:%d\n", ret);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 150/258] KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (147 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 149/258] ARM: mmp: fix timer_init calls Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 151/258] mmc: bcm2835: Recover from MMC_SEND_EXT_CSD Sasha Levin
                   ` (107 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Suraj Jitindar Singh, Paul Mackerras, Sasha Levin, kvm-ppc, linuxppc-dev

From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>

[ Upstream commit 693ac10a88a2219bde553b2e8460dbec97e594e6 ]

The kvm capability KVM_CAP_SPAPR_TCE_VFIO is used to indicate the
availability of in kernel tce acceleration for vfio. However it is
currently the case that this is only available on a powernv machine,
not for a pseries machine.

Thus make this capability dependent on having the cpu feature
CPU_FTR_HVMODE.

[paulus@ozlabs.org - fixed compilation for Book E.]

Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/kvm/powerpc.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
index eba5756d5b41..79b79408d92e 100644
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -543,8 +543,11 @@ int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)
 #ifdef CONFIG_PPC_BOOK3S_64
 	case KVM_CAP_SPAPR_TCE:
 	case KVM_CAP_SPAPR_TCE_64:
-		/* fallthrough */
+		r = 1;
+		break;
 	case KVM_CAP_SPAPR_TCE_VFIO:
+		r = !!cpu_has_feature(CPU_FTR_HVMODE);
+		break;
 	case KVM_CAP_PPC_RTAS:
 	case KVM_CAP_PPC_FIXUP_HCALL:
 	case KVM_CAP_PPC_ENABLE_HCALL:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 151/258] mmc: bcm2835: Recover from MMC_SEND_EXT_CSD
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (148 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 150/258] KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 152/258] mmc: bcm2835: reset host on timeout Sasha Levin
                   ` (106 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Phil Elwell, Stefan Wahren, Ulf Hansson, Sasha Levin, linux-mmc

From: Phil Elwell <phil@raspberrypi.org>

[ Upstream commit 07d405769afea5718529fc9e341f0b13b3189b6f ]

If the user issues an "mmc extcsd read", the SD controller receives
what it thinks is a SEND_IF_COND command with an unexpected data block.
The resulting operations leave the FSM stuck in READWAIT, a state which
persists until the MMC framework resets the controller, by which point
the root filesystem is likely to have been unmounted.

A less heavyweight solution is to detect the condition and nudge the
FSM by asserting the (self-clearing) FORCE_DATA_MODE bit.

Link: https://github.com/raspberrypi/linux/issues/2728
Signed-off-by: Phil Elwell <phil@raspberrypi.org>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Acked-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/host/bcm2835.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/drivers/mmc/host/bcm2835.c b/drivers/mmc/host/bcm2835.c
index 768972af8b85..aef40e1739ee 100644
--- a/drivers/mmc/host/bcm2835.c
+++ b/drivers/mmc/host/bcm2835.c
@@ -772,6 +772,8 @@ static void bcm2835_finish_command(struct bcm2835_host *host)
 
 		if (!(sdhsts & SDHSTS_CRC7_ERROR) ||
 		    (host->cmd->opcode != MMC_SEND_OP_COND)) {
+			u32 edm, fsm;
+
 			if (sdhsts & SDHSTS_CMD_TIME_OUT) {
 				host->cmd->error = -ETIMEDOUT;
 			} else {
@@ -780,6 +782,13 @@ static void bcm2835_finish_command(struct bcm2835_host *host)
 				bcm2835_dumpregs(host);
 				host->cmd->error = -EILSEQ;
 			}
+			edm = readl(host->ioaddr + SDEDM);
+			fsm = edm & SDEDM_FSM_MASK;
+			if (fsm == SDEDM_FSM_READWAIT ||
+			    fsm == SDEDM_FSM_WRITESTART1)
+				/* Kick the FSM out of its wait */
+				writel(edm | SDEDM_FORCE_DATA_MODE,
+				       host->ioaddr + SDEDM);
 			bcm2835_finish_request(host);
 			return;
 		}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 152/258] mmc: bcm2835: reset host on timeout
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (149 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 151/258] mmc: bcm2835: Recover from MMC_SEND_EXT_CSD Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 153/258] mmc: meson-mx-sdio: check devm_kasprintf for failure Sasha Levin
                   ` (105 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Michal Suchanek, Stefan Wahren, Ulf Hansson, Sasha Levin, linux-mmc

From: Michal Suchanek <msuchanek@suse.de>

[ Upstream commit f6000a4eb34e6462bc0dd39809c1bb99f9633269 ]

The bcm2835 mmc host tends to lock up for unknown reason so reset it on
timeout. The upper mmc block layer tries retransimitting with single
blocks which tends to work out after a long wait.

This is better than giving up and leaving the machine broken for no
obvious reason.

Fixes: 660fc733bd74 ("mmc: bcm2835: Add new driver for the sdhost controller.")
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Signed-off-by: Stefan Wahren <stefan.wahren@i2se.com>
Acked-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/host/bcm2835.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/mmc/host/bcm2835.c b/drivers/mmc/host/bcm2835.c
index aef40e1739ee..a251be266ad7 100644
--- a/drivers/mmc/host/bcm2835.c
+++ b/drivers/mmc/host/bcm2835.c
@@ -286,6 +286,7 @@ static void bcm2835_reset(struct mmc_host *mmc)
 
 	if (host->dma_chan)
 		dmaengine_terminate_sync(host->dma_chan);
+	host->dma_chan = NULL;
 	bcm2835_reset_internal(host);
 }
 
@@ -846,6 +847,8 @@ static void bcm2835_timeout(struct work_struct *work)
 		dev_err(dev, "timeout waiting for hardware interrupt.\n");
 		bcm2835_dumpregs(host);
 
+		bcm2835_reset(host->mmc);
+
 		if (host->data) {
 			host->data->error = -ETIMEDOUT;
 			bcm2835_finish_data(host);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 153/258] mmc: meson-mx-sdio: check devm_kasprintf for failure
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (150 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 152/258] mmc: bcm2835: reset host on timeout Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 154/258] memstick: Prevent memstick host from getting runtime suspended during card detection Sasha Levin
                   ` (104 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nicholas Mc Guire, Ulf Hansson, Sasha Levin, linux-mmc, linux-amlogic

From: Nicholas Mc Guire <hofrat@osadl.org>

[ Upstream commit b0d06f1cb0e2079a3c64fb6e27c19d9a55c723a1 ]

devm_kasprintf() may return NULL on failure of internal allocation thus
the assignments to  init.name  are not safe if not checked. On error
meson_mx_mmc_register_clks() returns negative values so -ENOMEM in the
(unlikely) failure case of devm_kasprintf() should be fine here.

Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Fixes: ed80a13bb4c4 ("mmc: meson-mx-sdio: Add a driver for the Amlogic Meson8 and Meson8b SoCs")
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/host/meson-mx-sdio.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/mmc/host/meson-mx-sdio.c b/drivers/mmc/host/meson-mx-sdio.c
index 2cfec33178c1..9841b447ccde 100644
--- a/drivers/mmc/host/meson-mx-sdio.c
+++ b/drivers/mmc/host/meson-mx-sdio.c
@@ -596,6 +596,9 @@ static int meson_mx_mmc_register_clks(struct meson_mx_mmc_host *host)
 	init.name = devm_kasprintf(host->controller_dev, GFP_KERNEL,
 				   "%s#fixed_factor",
 				   dev_name(host->controller_dev));
+	if (!init.name)
+		return -ENOMEM;
+
 	init.ops = &clk_fixed_factor_ops;
 	init.flags = 0;
 	init.parent_names = &clk_fixed_factor_parent;
@@ -612,6 +615,9 @@ static int meson_mx_mmc_register_clks(struct meson_mx_mmc_host *host)
 	clk_div_parent = __clk_get_name(host->fixed_factor_clk);
 	init.name = devm_kasprintf(host->controller_dev, GFP_KERNEL,
 				   "%s#div", dev_name(host->controller_dev));
+	if (!init.name)
+		return -ENOMEM;
+
 	init.ops = &clk_divider_ops;
 	init.flags = CLK_SET_RATE_PARENT;
 	init.parent_names = &clk_div_parent;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 154/258] memstick: Prevent memstick host from getting runtime suspended during card detection
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (151 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 153/258] mmc: meson-mx-sdio: check devm_kasprintf for failure Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 155/258] mmc: sdhci-of-esdhc: Fix timeout checks Sasha Levin
                   ` (103 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Kai-Heng Feng, Ulf Hansson, Sasha Levin

From: Kai-Heng Feng <kai.heng.feng@canonical.com>

[ Upstream commit e03e303edf1c63e6dd455ccd568c74e93ef3ba8c ]

We can use MEMSTICK_POWER_{ON,OFF} along with pm_runtime_{get,put}
helpers to let memstick host support runtime pm.

The rpm count may go down to zero before the memstick host powers on, so
the host can be runtime suspended.

So before doing card detection, increment the rpm count to avoid the
host gets runtime suspended. Balance the rpm count after card detection
is done.

Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Tested-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/memstick/core/memstick.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/memstick/core/memstick.c b/drivers/memstick/core/memstick.c
index 76382c858c35..1246d69ba187 100644
--- a/drivers/memstick/core/memstick.c
+++ b/drivers/memstick/core/memstick.c
@@ -18,6 +18,7 @@
 #include <linux/delay.h>
 #include <linux/slab.h>
 #include <linux/module.h>
+#include <linux/pm_runtime.h>
 
 #define DRIVER_NAME "memstick"
 
@@ -436,6 +437,7 @@ static void memstick_check(struct work_struct *work)
 	struct memstick_dev *card;
 
 	dev_dbg(&host->dev, "memstick_check started\n");
+	pm_runtime_get_noresume(host->dev.parent);
 	mutex_lock(&host->lock);
 	if (!host->card) {
 		if (memstick_power_on(host))
@@ -479,6 +481,7 @@ static void memstick_check(struct work_struct *work)
 		host->set_param(host, MEMSTICK_POWER, MEMSTICK_POWER_OFF);
 
 	mutex_unlock(&host->lock);
+	pm_runtime_put(host->dev.parent);
 	dev_dbg(&host->dev, "memstick_check finished\n");
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 155/258] mmc: sdhci-of-esdhc: Fix timeout checks
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (152 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 154/258] memstick: Prevent memstick host from getting runtime suspended during card detection Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 156/258] mmc: sdhci-omap: " Sasha Levin
                   ` (102 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Adrian Hunter, Ulf Hansson, Sasha Levin, linux-mmc

From: Adrian Hunter <adrian.hunter@intel.com>

[ Upstream commit ea6d027312111c6d96309ad1a684b33cb37e6764 ]

Always check the wait condition before returning timeout.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Reviewed-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/host/sdhci-of-esdhc.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c
index 9cb7554a463d..a7bf8515116f 100644
--- a/drivers/mmc/host/sdhci-of-esdhc.c
+++ b/drivers/mmc/host/sdhci-of-esdhc.c
@@ -526,8 +526,12 @@ static void esdhc_clock_enable(struct sdhci_host *host, bool enable)
 	/* Wait max 20 ms */
 	timeout = ktime_add_ms(ktime_get(), 20);
 	val = ESDHC_CLOCK_STABLE;
-	while (!(sdhci_readl(host, ESDHC_PRSSTAT) & val)) {
-		if (ktime_after(ktime_get(), timeout)) {
+	while  (1) {
+		bool timedout = ktime_after(ktime_get(), timeout);
+
+		if (sdhci_readl(host, ESDHC_PRSSTAT) & val)
+			break;
+		if (timedout) {
 			pr_err("%s: Internal clock never stabilised.\n",
 				mmc_hostname(host->mmc));
 			break;
@@ -591,8 +595,12 @@ static void esdhc_of_set_clock(struct sdhci_host *host, unsigned int clock)
 
 	/* Wait max 20 ms */
 	timeout = ktime_add_ms(ktime_get(), 20);
-	while (!(sdhci_readl(host, ESDHC_PRSSTAT) & ESDHC_CLOCK_STABLE)) {
-		if (ktime_after(ktime_get(), timeout)) {
+	while (1) {
+		bool timedout = ktime_after(ktime_get(), timeout);
+
+		if (sdhci_readl(host, ESDHC_PRSSTAT) & ESDHC_CLOCK_STABLE)
+			break;
+		if (timedout) {
 			pr_err("%s: Internal clock never stabilised.\n",
 				mmc_hostname(host->mmc));
 			return;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 156/258] mmc: sdhci-omap: Fix timeout checks
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (153 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 155/258] mmc: sdhci-of-esdhc: Fix timeout checks Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 157/258] mmc: sdhci-xenon: " Sasha Levin
                   ` (101 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Adrian Hunter, Ulf Hansson, Sasha Levin, linux-mmc

From: Adrian Hunter <adrian.hunter@intel.com>

[ Upstream commit 9f0ea0bda1d06120b053bb0c283f54afec59293d ]

Always check the wait condition before returning timeout.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/host/sdhci-omap.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/mmc/host/sdhci-omap.c b/drivers/mmc/host/sdhci-omap.c
index d264391616f9..d02f5cf76b3d 100644
--- a/drivers/mmc/host/sdhci-omap.c
+++ b/drivers/mmc/host/sdhci-omap.c
@@ -220,8 +220,12 @@ static void sdhci_omap_conf_bus_power(struct sdhci_omap_host *omap_host,
 
 	/* wait 1ms */
 	timeout = ktime_add_ms(ktime_get(), SDHCI_OMAP_TIMEOUT);
-	while (!(sdhci_omap_readl(omap_host, SDHCI_OMAP_HCTL) & HCTL_SDBP)) {
-		if (WARN_ON(ktime_after(ktime_get(), timeout)))
+	while (1) {
+		bool timedout = ktime_after(ktime_get(), timeout);
+
+		if (sdhci_omap_readl(omap_host, SDHCI_OMAP_HCTL) & HCTL_SDBP)
+			break;
+		if (WARN_ON(timedout))
 			return;
 		usleep_range(5, 10);
 	}
@@ -653,8 +657,12 @@ static void sdhci_omap_init_74_clocks(struct sdhci_host *host, u8 power_mode)
 
 	/* wait 1ms */
 	timeout = ktime_add_ms(ktime_get(), SDHCI_OMAP_TIMEOUT);
-	while (!(sdhci_omap_readl(omap_host, SDHCI_OMAP_STAT) & INT_CC_EN)) {
-		if (WARN_ON(ktime_after(ktime_get(), timeout)))
+	while (1) {
+		bool timedout = ktime_after(ktime_get(), timeout);
+
+		if (sdhci_omap_readl(omap_host, SDHCI_OMAP_STAT) & INT_CC_EN)
+			break;
+		if (WARN_ON(timedout))
 			return;
 		usleep_range(5, 10);
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 157/258] mmc: sdhci-xenon: Fix timeout checks
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (154 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 156/258] mmc: sdhci-omap: " Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 158/258] mmc: jz4740: Get CD/WP GPIOs from descriptors Sasha Levin
                   ` (100 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Adrian Hunter, Ulf Hansson, Sasha Levin, linux-mmc

From: Adrian Hunter <adrian.hunter@intel.com>

[ Upstream commit 0e6e7c2ff397e1bbebc882ca3132148aaaef1ddd ]

Always check the wait condition before returning timeout.

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Reviewed-by: Zhoujie Wu <zjwu@marvell.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/mmc/host/sdhci-xenon-phy.c | 10 +++++++---
 drivers/mmc/host/sdhci-xenon.c     | 10 +++++++---
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/drivers/mmc/host/sdhci-xenon-phy.c b/drivers/mmc/host/sdhci-xenon-phy.c
index c335052d0c02..caccedc836dc 100644
--- a/drivers/mmc/host/sdhci-xenon-phy.c
+++ b/drivers/mmc/host/sdhci-xenon-phy.c
@@ -357,9 +357,13 @@ static int xenon_emmc_phy_enable_dll(struct sdhci_host *host)
 
 	/* Wait max 32 ms */
 	timeout = ktime_add_ms(ktime_get(), 32);
-	while (!(sdhci_readw(host, XENON_SLOT_EXT_PRESENT_STATE) &
-		XENON_DLL_LOCK_STATE)) {
-		if (ktime_after(ktime_get(), timeout)) {
+	while (1) {
+		bool timedout = ktime_after(ktime_get(), timeout);
+
+		if (sdhci_readw(host, XENON_SLOT_EXT_PRESENT_STATE) &
+		    XENON_DLL_LOCK_STATE)
+			break;
+		if (timedout) {
 			dev_err(mmc_dev(host->mmc), "Wait for DLL Lock time-out\n");
 			return -ETIMEDOUT;
 		}
diff --git a/drivers/mmc/host/sdhci-xenon.c b/drivers/mmc/host/sdhci-xenon.c
index 4d0791f6ec23..a0b5089b3274 100644
--- a/drivers/mmc/host/sdhci-xenon.c
+++ b/drivers/mmc/host/sdhci-xenon.c
@@ -34,9 +34,13 @@ static int xenon_enable_internal_clk(struct sdhci_host *host)
 	sdhci_writel(host, reg, SDHCI_CLOCK_CONTROL);
 	/* Wait max 20 ms */
 	timeout = ktime_add_ms(ktime_get(), 20);
-	while (!((reg = sdhci_readw(host, SDHCI_CLOCK_CONTROL))
-			& SDHCI_CLOCK_INT_STABLE)) {
-		if (ktime_after(ktime_get(), timeout)) {
+	while (1) {
+		bool timedout = ktime_after(ktime_get(), timeout);
+
+		reg = sdhci_readw(host, SDHCI_CLOCK_CONTROL);
+		if (reg & SDHCI_CLOCK_INT_STABLE)
+			break;
+		if (timedout) {
 			dev_err(mmc_dev(host->mmc), "Internal clock never stabilised.\n");
 			return -ETIMEDOUT;
 		}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 158/258] mmc: jz4740: Get CD/WP GPIOs from descriptors
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (155 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 157/258] mmc: sdhci-xenon: " Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 159/258] usb: renesas_usbhs: add support for RZ/G2E Sasha Levin
                   ` (99 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Linus Walleij, Paul Cercueil, linux-mips, Ulf Hansson,
	Sasha Levin, linux-mips, linux-mmc

From: Linus Walleij <linus.walleij@linaro.org>

[ Upstream commit 0c901c0566fb4edc2631c3786e5085a037be91f8 ]

Modifty the JZ4740 driver to retrieve card detect and write
protect GPIO pins from GPIO descriptors instead of hard-coded
global numbers. Augment the only board file using this in the
process and cut down on passed in platform data.

Preserve the code setting the caps2 flags for CD and WP
as active low or high since the slot GPIO code currently
ignores the gpiolib polarity inversion semantice and uses
the raw accessors to read the GPIO lines, but set the right
polarity flags in the descriptor table for jz4740.

Cc: Paul Cercueil <paul@crapouillou.net>
Cc: linux-mips@linux-mips.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Acked-by: Paul Burton <paul.burton@mips.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../mips/include/asm/mach-jz4740/jz4740_mmc.h |  2 --
 arch/mips/jz4740/board-qi_lb60.c              | 12 ++++++++---
 drivers/mmc/host/jz4740_mmc.c                 | 20 +++++++++----------
 3 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/arch/mips/include/asm/mach-jz4740/jz4740_mmc.h b/arch/mips/include/asm/mach-jz4740/jz4740_mmc.h
index e9cc62cfac99..ff50aeb1a933 100644
--- a/arch/mips/include/asm/mach-jz4740/jz4740_mmc.h
+++ b/arch/mips/include/asm/mach-jz4740/jz4740_mmc.h
@@ -4,8 +4,6 @@
 
 struct jz4740_mmc_platform_data {
 	int gpio_power;
-	int gpio_card_detect;
-	int gpio_read_only;
 	unsigned card_detect_active_low:1;
 	unsigned read_only_active_low:1;
 	unsigned power_active_low:1;
diff --git a/arch/mips/jz4740/board-qi_lb60.c b/arch/mips/jz4740/board-qi_lb60.c
index af0c8ace0141..705593d40d12 100644
--- a/arch/mips/jz4740/board-qi_lb60.c
+++ b/arch/mips/jz4740/board-qi_lb60.c
@@ -43,7 +43,6 @@
 #include "clock.h"
 
 /* GPIOs */
-#define QI_LB60_GPIO_SD_CD		JZ_GPIO_PORTD(0)
 #define QI_LB60_GPIO_SD_VCC_EN_N	JZ_GPIO_PORTD(2)
 
 #define QI_LB60_GPIO_KEYOUT(x)		(JZ_GPIO_PORTC(10) + (x))
@@ -386,12 +385,18 @@ static struct platform_device qi_lb60_gpio_keys = {
 };
 
 static struct jz4740_mmc_platform_data qi_lb60_mmc_pdata = {
-	.gpio_card_detect	= QI_LB60_GPIO_SD_CD,
-	.gpio_read_only		= -1,
 	.gpio_power		= QI_LB60_GPIO_SD_VCC_EN_N,
 	.power_active_low	= 1,
 };
 
+static struct gpiod_lookup_table qi_lb60_mmc_gpio_table = {
+	.dev_id = "jz4740-mmc.0",
+	.table = {
+		GPIO_LOOKUP("GPIOD", 0, "cd", GPIO_ACTIVE_HIGH),
+		{ },
+	},
+};
+
 /* beeper */
 static struct pwm_lookup qi_lb60_pwm_lookup[] = {
 	PWM_LOOKUP("jz4740-pwm", 4, "pwm-beeper", NULL, 0,
@@ -500,6 +505,7 @@ static int __init qi_lb60_init_platform_devices(void)
 	gpiod_add_lookup_table(&qi_lb60_audio_gpio_table);
 	gpiod_add_lookup_table(&qi_lb60_nand_gpio_table);
 	gpiod_add_lookup_table(&qi_lb60_spigpio_gpio_table);
+	gpiod_add_lookup_table(&qi_lb60_mmc_gpio_table);
 
 	spi_register_board_info(qi_lb60_spi_board_info,
 				ARRAY_SIZE(qi_lb60_spi_board_info));
diff --git a/drivers/mmc/host/jz4740_mmc.c b/drivers/mmc/host/jz4740_mmc.c
index 993386c9ea50..864338e308e2 100644
--- a/drivers/mmc/host/jz4740_mmc.c
+++ b/drivers/mmc/host/jz4740_mmc.c
@@ -983,17 +983,17 @@ static int jz4740_mmc_request_gpios(struct mmc_host *mmc,
 	if (!pdata->read_only_active_low)
 		mmc->caps2 |= MMC_CAP2_RO_ACTIVE_HIGH;
 
-	if (gpio_is_valid(pdata->gpio_card_detect)) {
-		ret = mmc_gpio_request_cd(mmc, pdata->gpio_card_detect, 0);
-		if (ret)
-			return ret;
-	}
+	/*
+	 * Get optional card detect and write protect GPIOs,
+	 * only back out on probe deferral.
+	 */
+	ret = mmc_gpiod_request_cd(mmc, "cd", 0, false, 0, NULL);
+	if (ret == -EPROBE_DEFER)
+		return ret;
 
-	if (gpio_is_valid(pdata->gpio_read_only)) {
-		ret = mmc_gpio_request_ro(mmc, pdata->gpio_read_only);
-		if (ret)
-			return ret;
-	}
+	ret = mmc_gpiod_request_ro(mmc, "wp", 0, false, 0, NULL);
+	if (ret == -EPROBE_DEFER)
+		return ret;
 
 	return jz4740_mmc_request_gpio(&pdev->dev, pdata->gpio_power,
 			"MMC read only", true, pdata->power_active_low);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 159/258] usb: renesas_usbhs: add support for RZ/G2E
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (156 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 158/258] mmc: jz4740: Get CD/WP GPIOs from descriptors Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 160/258] btrfs: harden agaist duplicate fsid on scanned devices Sasha Levin
                   ` (98 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Fabrizio Castro, Greg Kroah-Hartman, Sasha Levin, linux-usb

From: Fabrizio Castro <fabrizio.castro@bp.renesas.com>

[ Upstream commit 1d6e81a288e28d8d0e38e0501a324216f79bba35 ]

HS-USB found in RZ/G2E (a.k.a. r8a774c0) is very similar to the
one found in R-Car E3 (a.k.a. r8a77990), as it needs to release
the PLL reset by the UGCTRL register like R-Car E3, therefore add
r8a774c0 support in a similar fashion to what was done for the
r8a77990.

Signed-off-by: Fabrizio Castro <fabrizio.castro@bp.renesas.com>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Acked-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/renesas_usbhs/common.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/usb/renesas_usbhs/common.c b/drivers/usb/renesas_usbhs/common.c
index 4310df46639d..b0792585d5bc 100644
--- a/drivers/usb/renesas_usbhs/common.c
+++ b/drivers/usb/renesas_usbhs/common.c
@@ -457,6 +457,10 @@ static int usbhsc_drvcllbck_notify_hotplug(struct platform_device *pdev)
  *		platform functions
  */
 static const struct of_device_id usbhs_of_match[] = {
+	{
+		.compatible = "renesas,usbhs-r8a774c0",
+		.data = (void *)USBHS_TYPE_RCAR_GEN3_WITH_PLL,
+	},
 	{
 		.compatible = "renesas,usbhs-r8a7790",
 		.data = (void *)USBHS_TYPE_RCAR_GEN2,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 160/258] btrfs: harden agaist duplicate fsid on scanned devices
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (157 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 159/258] usb: renesas_usbhs: add support for RZ/G2E Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 161/258] btrfs: reada: reorder dev-replace locks before radix tree preload Sasha Levin
                   ` (97 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Anand Jain, David Sterba, Sasha Levin, linux-btrfs

From: Anand Jain <anand.jain@oracle.com>

[ Upstream commit a9261d4125c97ce8624e9941b75dee1b43ad5df9 ]

It's not that impossible to imagine that a device OR a btrfs image is
copied just by using the dd or the cp command. Which in case both the
copies of the btrfs will have the same fsid. If on the system with
automount enabled, the copied FS gets scanned.

We have a known bug in btrfs, that we let the device path be changed
after the device has been mounted. So using this loop hole the new
copied device would appears as if its mounted immediately after it's
been copied.

For example:

Initially.. /dev/mmcblk0p4 is mounted as /

  $ lsblk
  NAME        MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
  mmcblk0     179:0    0 29.2G  0 disk
  |-mmcblk0p4 179:4    0    4G  0 part /
  |-mmcblk0p2 179:2    0  500M  0 part /boot
  |-mmcblk0p3 179:3    0  256M  0 part [SWAP]
  `-mmcblk0p1 179:1    0  256M  0 part /boot/efi

  $ btrfs fi show
     Label: none  uuid: 07892354-ddaa-4443-90ea-f76a06accaba
     Total devices 1 FS bytes used 1.40GiB
     devid    1 size 4.00GiB used 3.00GiB path /dev/mmcblk0p4

Copy mmcblk0 to sda

  $ dd if=/dev/mmcblk0 of=/dev/sda

And immediately after the copy completes the change in the device
superblock is notified which the automount scans using btrfs device scan
and the new device sda becomes the mounted root device.

  $ lsblk
  NAME        MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
  sda           8:0    1 14.9G  0 disk
  |-sda4        8:4    1    4G  0 part /
  |-sda2        8:2    1  500M  0 part
  |-sda3        8:3    1  256M  0 part
  `-sda1        8:1    1  256M  0 part
  mmcblk0     179:0    0 29.2G  0 disk
  |-mmcblk0p4 179:4    0    4G  0 part
  |-mmcblk0p2 179:2    0  500M  0 part /boot
  |-mmcblk0p3 179:3    0  256M  0 part [SWAP]
  `-mmcblk0p1 179:1    0  256M  0 part /boot/efi

  $ btrfs fi show /
    Label: none  uuid: 07892354-ddaa-4443-90ea-f76a06accaba
    Total devices 1 FS bytes used 1.40GiB
    devid    1 size 4.00GiB used 3.00GiB path /dev/sda4

The bug is quite nasty that you can't either unmount /dev/sda4 or
/dev/mmcblk0p4. And the problem does not get solved until you take sda
out of the system on to another system to change its fsid using the
'btrfstune -u' command.

Signed-off-by: Anand Jain <anand.jain@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/btrfs/volumes.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 0ee1cd4b56fb..285f64f2de5f 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -850,6 +850,35 @@ static noinline struct btrfs_device *device_list_add(const char *path,
 			return ERR_PTR(-EEXIST);
 		}
 
+		/*
+		 * We are going to replace the device path for a given devid,
+		 * make sure it's the same device if the device is mounted
+		 */
+		if (device->bdev) {
+			struct block_device *path_bdev;
+
+			path_bdev = lookup_bdev(path);
+			if (IS_ERR(path_bdev)) {
+				mutex_unlock(&fs_devices->device_list_mutex);
+				return ERR_CAST(path_bdev);
+			}
+
+			if (device->bdev != path_bdev) {
+				bdput(path_bdev);
+				mutex_unlock(&fs_devices->device_list_mutex);
+				btrfs_warn_in_rcu(device->fs_info,
+			"duplicate device fsid:devid for %pU:%llu old:%s new:%s",
+					disk_super->fsid, devid,
+					rcu_str_deref(device->name), path);
+				return ERR_PTR(-EEXIST);
+			}
+			bdput(path_bdev);
+			btrfs_info_in_rcu(device->fs_info,
+				"device fsid %pU devid %llu moved old:%s new:%s",
+				disk_super->fsid, devid,
+				rcu_str_deref(device->name), path);
+		}
+
 		name = rcu_string_strdup(path, GFP_NOFS);
 		if (!name) {
 			mutex_unlock(&fs_devices->device_list_mutex);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 161/258] btrfs: reada: reorder dev-replace locks before radix tree preload
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (158 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 160/258] btrfs: harden agaist duplicate fsid on scanned devices Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 162/258] serial: sh-sci: Fix locking in sci_submit_rx() Sasha Levin
                   ` (96 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: David Sterba, Sasha Levin, linux-btrfs

From: David Sterba <dsterba@suse.com>

[ Upstream commit ceb21a8db48559fd0809e03c4df9eb37743d9170 ]

The device-replace read lock is going to use rw semaphore in followup
commits. The semaphore might sleep which is not possible in the radix
tree preload section. The lock nesting is now:

* device replace
  * radix tree preload
    * readahead spinlock

Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/btrfs/reada.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/fs/btrfs/reada.c b/fs/btrfs/reada.c
index dec14b739b10..6f81f3e88b6d 100644
--- a/fs/btrfs/reada.c
+++ b/fs/btrfs/reada.c
@@ -376,26 +376,28 @@ static struct reada_extent *reada_find_extent(struct btrfs_fs_info *fs_info,
 		goto error;
 	}
 
+	/* Insert extent in reada tree + all per-device trees, all or nothing */
+	btrfs_dev_replace_read_lock(&fs_info->dev_replace);
 	ret = radix_tree_preload(GFP_KERNEL);
-	if (ret)
+	if (ret) {
+		btrfs_dev_replace_read_unlock(&fs_info->dev_replace);
 		goto error;
+	}
 
-	/* insert extent in reada_tree + all per-device trees, all or nothing */
-	btrfs_dev_replace_read_lock(&fs_info->dev_replace);
 	spin_lock(&fs_info->reada_lock);
 	ret = radix_tree_insert(&fs_info->reada_tree, index, re);
 	if (ret == -EEXIST) {
 		re_exist = radix_tree_lookup(&fs_info->reada_tree, index);
 		re_exist->refcnt++;
 		spin_unlock(&fs_info->reada_lock);
-		btrfs_dev_replace_read_unlock(&fs_info->dev_replace);
 		radix_tree_preload_end();
+		btrfs_dev_replace_read_unlock(&fs_info->dev_replace);
 		goto error;
 	}
 	if (ret) {
 		spin_unlock(&fs_info->reada_lock);
-		btrfs_dev_replace_read_unlock(&fs_info->dev_replace);
 		radix_tree_preload_end();
+		btrfs_dev_replace_read_unlock(&fs_info->dev_replace);
 		goto error;
 	}
 	radix_tree_preload_end();
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 162/258] serial: sh-sci: Fix locking in sci_submit_rx()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (159 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 161/258] btrfs: reada: reorder dev-replace locks before radix tree preload Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 163/258] serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure Sasha Levin
                   ` (95 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Geert Uytterhoeven, Greg Kroah-Hartman, Sasha Levin, linux-serial

From: Geert Uytterhoeven <geert+renesas@glider.be>

[ Upstream commit dd1f2250da95e87cb3e612858f94b14f99445a7c ]

Some callers of sci_submit_rx() hold the port spinlock, others don't.
During fallback to PIO, the driver needs to obtain the port spinlock.
If the lock was already held, spinlock recursion is detected, causing a
deadlock: BUG: spinlock recursion on CPU#0.

Fix this by adding a flag parameter to sci_submit_rx() for the caller to
indicate the port spinlock is already held, so spinlock recursion can be
avoided.

Move the spin_lock_irqsave() up, so all DMA disable steps are protected,
which is safe as the recently introduced dmaengine_terminate_async() can
be called in atomic context.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/sh-sci.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index effba6ce0caa..5fdd7944b73b 100644
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -1331,7 +1331,7 @@ static void sci_tx_dma_release(struct sci_port *s)
 	dma_release_channel(chan);
 }
 
-static void sci_submit_rx(struct sci_port *s)
+static void sci_submit_rx(struct sci_port *s, bool port_lock_held)
 {
 	struct dma_chan *chan = s->chan_rx;
 	struct uart_port *port = &s->port;
@@ -1362,16 +1362,18 @@ static void sci_submit_rx(struct sci_port *s)
 	return;
 
 fail:
+	/* Switch to PIO */
+	if (!port_lock_held)
+		spin_lock_irqsave(&port->lock, flags);
 	if (i)
 		dmaengine_terminate_async(chan);
 	for (i = 0; i < 2; i++)
 		s->cookie_rx[i] = -EINVAL;
 	s->active_rx = -EINVAL;
-	/* Switch to PIO */
-	spin_lock_irqsave(&port->lock, flags);
 	s->chan_rx = NULL;
 	sci_start_rx(port);
-	spin_unlock_irqrestore(&port->lock, flags);
+	if (!port_lock_held)
+		spin_unlock_irqrestore(&port->lock, flags);
 }
 
 static void work_fn_tx(struct work_struct *work)
@@ -1491,7 +1493,7 @@ static enum hrtimer_restart rx_timer_fn(struct hrtimer *t)
 	}
 
 	if (port->type == PORT_SCIFA || port->type == PORT_SCIFB)
-		sci_submit_rx(s);
+		sci_submit_rx(s, true);
 
 	/* Direct new serial port interrupts back to CPU */
 	scr = serial_port_in(port, SCSCR);
@@ -1617,7 +1619,7 @@ static void sci_request_dma(struct uart_port *port)
 		s->chan_rx_saved = s->chan_rx = chan;
 
 		if (port->type == PORT_SCIFA || port->type == PORT_SCIFB)
-			sci_submit_rx(s);
+			sci_submit_rx(s, false);
 	}
 }
 
@@ -1667,7 +1669,7 @@ static irqreturn_t sci_rx_interrupt(int irq, void *ptr)
 			scr |= SCSCR_RDRQE;
 		} else {
 			scr &= ~SCSCR_RIE;
-			sci_submit_rx(s);
+			sci_submit_rx(s, false);
 		}
 		serial_port_out(port, SCSCR, scr);
 		/* Clear current interrupt */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 163/258] serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (160 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 162/258] serial: sh-sci: Fix locking in sci_submit_rx() Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 164/258] tty: serial: samsung: Properly set flags in autoCTS mode Sasha Levin
                   ` (94 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Geert Uytterhoeven, Greg Kroah-Hartman, Sasha Levin, linux-serial

From: Geert Uytterhoeven <geert+renesas@glider.be>

[ Upstream commit 71ab1c0336c71ace5725740f200beca9667a339f ]

On (H)SCIF, sci_submit_rx() is called in the receive interrupt handler.
Hence if DMA submission fails, the interrupt handler should resume
handling reception using PIO, else no more data is received.

Make sci_submit_rx() return an error indicator, so the receive interrupt
handler can act appropriately.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Acked-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/sh-sci.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/drivers/tty/serial/sh-sci.c b/drivers/tty/serial/sh-sci.c
index 5fdd7944b73b..c6e8ca2e5f7d 100644
--- a/drivers/tty/serial/sh-sci.c
+++ b/drivers/tty/serial/sh-sci.c
@@ -1331,7 +1331,7 @@ static void sci_tx_dma_release(struct sci_port *s)
 	dma_release_channel(chan);
 }
 
-static void sci_submit_rx(struct sci_port *s, bool port_lock_held)
+static int sci_submit_rx(struct sci_port *s, bool port_lock_held)
 {
 	struct dma_chan *chan = s->chan_rx;
 	struct uart_port *port = &s->port;
@@ -1359,7 +1359,7 @@ static void sci_submit_rx(struct sci_port *s, bool port_lock_held)
 	s->active_rx = s->cookie_rx[0];
 
 	dma_async_issue_pending(chan);
-	return;
+	return 0;
 
 fail:
 	/* Switch to PIO */
@@ -1374,6 +1374,7 @@ static void sci_submit_rx(struct sci_port *s, bool port_lock_held)
 	sci_start_rx(port);
 	if (!port_lock_held)
 		spin_unlock_irqrestore(&port->lock, flags);
+	return -EAGAIN;
 }
 
 static void work_fn_tx(struct work_struct *work)
@@ -1668,8 +1669,10 @@ static irqreturn_t sci_rx_interrupt(int irq, void *ptr)
 			disable_irq_nosync(irq);
 			scr |= SCSCR_RDRQE;
 		} else {
+			if (sci_submit_rx(s, false) < 0)
+				goto handle_pio;
+
 			scr &= ~SCSCR_RIE;
-			sci_submit_rx(s, false);
 		}
 		serial_port_out(port, SCSCR, scr);
 		/* Clear current interrupt */
@@ -1681,6 +1684,8 @@ static irqreturn_t sci_rx_interrupt(int irq, void *ptr)
 
 		return IRQ_HANDLED;
 	}
+
+handle_pio:
 #endif
 
 	if (s->rx_trigger > 1 && s->rx_fifo_timeout > 0) {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 164/258] tty: serial: samsung: Properly set flags in autoCTS mode
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (161 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 163/258] serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 165/258] perf test: Fix perf_event_attr test failure Sasha Levin
                   ` (93 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Beomho Seo, Marek Szyprowski, Greg Kroah-Hartman, Sasha Levin,
	linux-serial

From: Beomho Seo <beomho.seo@samsung.com>

[ Upstream commit 31e933645742ee6719d37573a27cce0761dcf92b ]

Commit 391f93f2ec9f ("serial: core: Rework hw-assited flow control support")
has changed the way the autoCTS mode is handled.

According to that change, serial drivers which enable H/W autoCTS mode must
set UPSTAT_AUTOCTS to prevent the serial core from inadvertently disabling
TX. This patch adds proper handling of UPSTAT_AUTOCTS flag.

Signed-off-by: Beomho Seo <beomho.seo@samsung.com>
[mszyprow: rephrased commit message]
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/tty/serial/samsung.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
index 2f8fa184aafa..c6058b52d5d5 100644
--- a/drivers/tty/serial/samsung.c
+++ b/drivers/tty/serial/samsung.c
@@ -1365,11 +1365,14 @@ static void s3c24xx_serial_set_termios(struct uart_port *port,
 	wr_regl(port, S3C2410_ULCON, ulcon);
 	wr_regl(port, S3C2410_UBRDIV, quot);
 
+	port->status &= ~UPSTAT_AUTOCTS;
+
 	umcon = rd_regl(port, S3C2410_UMCON);
 	if (termios->c_cflag & CRTSCTS) {
 		umcon |= S3C2410_UMCOM_AFC;
 		/* Disable RTS when RX FIFO contains 63 bytes */
 		umcon &= ~S3C2412_UMCON_AFC_8;
+		port->status = UPSTAT_AUTOCTS;
 	} else {
 		umcon &= ~S3C2410_UMCOM_AFC;
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 165/258] perf test: Fix perf_event_attr test failure
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (162 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 164/258] tty: serial: samsung: Properly set flags in autoCTS mode Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 166/258] perf dso: Fix unchecked usage of strncpy() Sasha Levin
                   ` (92 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Adrian Hunter, Jiri Olsa, Arnaldo Carvalho de Melo, Sasha Levin

From: Adrian Hunter <adrian.hunter@intel.com>

[ Upstream commit 741dad88dde296999da30332157ca47f0543747d ]

Fix inconsistent use of tabs and spaces error:

  # perf test 16 -v
  16: Setup struct perf_event_attr                          :
  --- start ---
  test child forked, pid 20224
    File "/usr/libexec/perf-core/tests/attr.py", line 119
      log.warning("expected %s=%s, got %s" % (t, self[t], other[t]))
                                                                 ^
  TabError: inconsistent use of tabs and spaces in indentation
  test child finished with -1
  ---- end ----
  Setup struct perf_event_attr: FAILED!

Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Link: http://lkml.kernel.org/r/20181122140456.16817-1-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/tests/attr.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/tests/attr.py b/tools/perf/tests/attr.py
index ff9b60b99f52..44090a9a19f3 100644
--- a/tools/perf/tests/attr.py
+++ b/tools/perf/tests/attr.py
@@ -116,7 +116,7 @@ class Event(dict):
             if not self.has_key(t) or not other.has_key(t):
                 continue
             if not data_equal(self[t], other[t]):
-		log.warning("expected %s=%s, got %s" % (t, self[t], other[t]))
+                log.warning("expected %s=%s, got %s" % (t, self[t], other[t]))
 
 # Test file description needs to have following sections:
 # [config]
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 166/258] perf dso: Fix unchecked usage of strncpy()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (163 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 165/258] perf test: Fix perf_event_attr test failure Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 167/258] perf header: " Sasha Levin
                   ` (91 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnaldo Carvalho de Melo, Adrian Hunter, Jiri Olsa, Namhyung Kim,
	Sasha Levin

From: Arnaldo Carvalho de Melo <acme@redhat.com>

[ Upstream commit fca5085c15255bbde203b7322c15f07ebb12f63e ]

The strncpy() function may leave the destination string buffer
unterminated, better use strlcpy() that we have a __weak fallback
implementation for systems without it.

This fixes this warning on an Alpine Linux Edge system with gcc 8.2:

  In function 'decompress_kmodule',
      inlined from 'dso__decompress_kmodule_fd' at util/dso.c:305:9:
  util/dso.c:298:3: error: 'strncpy' destination unchanged after copying no bytes [-Werror=stringop-truncation]
     strncpy(pathname, tmpbuf, len);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    CC       /tmp/build/perf/util/values.o
    CC       /tmp/build/perf/util/debug.o
  cc1: all warnings being treated as errors

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Fixes: c9a8a6131fb6 ("perf tools: Move the temp file processing into decompress_kmodule")
Link: https://lkml.kernel.org/n/tip-tl2hdxj64tt4k8btbi6a0ugw@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/dso.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/dso.c b/tools/perf/util/dso.c
index bbed90e5d9bb..cee717a3794f 100644
--- a/tools/perf/util/dso.c
+++ b/tools/perf/util/dso.c
@@ -295,7 +295,7 @@ static int decompress_kmodule(struct dso *dso, const char *name,
 		unlink(tmpbuf);
 
 	if (pathname && (fd >= 0))
-		strncpy(pathname, tmpbuf, len);
+		strlcpy(pathname, tmpbuf, len);
 
 	return fd;
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 167/258] perf header: Fix unchecked usage of strncpy()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (164 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 166/258] perf dso: Fix unchecked usage of strncpy() Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 168/258] btrfs: use tagged writepage to mitigate livelock of snapshot Sasha Levin
                   ` (90 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnaldo Carvalho de Melo, Adrian Hunter, Jiri Olsa, Namhyung Kim,
	Sasha Levin

From: Arnaldo Carvalho de Melo <acme@redhat.com>

[ Upstream commit 7572588085a13d5db02bf159542189f52fdb507e ]

The strncpy() function may leave the destination string buffer
unterminated, better use strlcpy() that we have a __weak fallback
implementation for systems without it.

This fixes this warning on an Alpine Linux Edge system with gcc 8.2:

  util/header.c: In function 'perf_event__synthesize_event_update_unit':
  util/header.c:3586:2: error: 'strncpy' output truncated before terminating nul copying as many bytes from a string as its length [-Werror=stringop-truncation]
    strncpy(ev->data, evsel->unit, size);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  util/header.c:3579:16: note: length computed here
    size_t size = strlen(evsel->unit);
                  ^~~~~~~~~~~~~~~~~~~

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Fixes: a6e5281780d1 ("perf tools: Add event_update event unit type")
Link: https://lkml.kernel.org/n/tip-fiikh5nay70bv4zskw2aa858@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/header.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
index 3cadc252dd89..ac3c59e7da16 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -3521,7 +3521,7 @@ perf_event__synthesize_event_update_unit(struct perf_tool *tool,
 	if (ev == NULL)
 		return -ENOMEM;
 
-	strncpy(ev->data, evsel->unit, size);
+	strlcpy(ev->data, evsel->unit, size + 1);
 	err = process(tool, (union perf_event *)ev, NULL, NULL);
 	free(ev);
 	return err;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 168/258] btrfs: use tagged writepage to mitigate livelock of snapshot
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (165 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 167/258] perf header: " Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 169/258] perf probe: Fix unchecked usage of strncpy() Sasha Levin
                   ` (89 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Ethan Lien, David Sterba, Sasha Levin, linux-btrfs

From: Ethan Lien <ethanlien@synology.com>

[ Upstream commit 3cd24c698004d2f7668e0eb9fc1f096f533c791b ]

Snapshot is expected to be fast. But if there are writers steadily
creating dirty pages in our subvolume, the snapshot may take a very long
time to complete. To fix the problem, we use tagged writepage for
snapshot flusher as we do in the generic write_cache_pages(), so we can
omit pages dirtied after the snapshot command.

This does not change the semantics regarding which data get to the
snapshot, if there are pages being dirtied during the snapshotting
operation.  There's a sync called before snapshot is taken in old/new
case, any IO in flight just after that may be in the snapshot but this
depends on other system effects that might still sync the IO.

We do a simple snapshot speed test on a Intel D-1531 box:

fio --ioengine=libaio --iodepth=32 --bs=4k --rw=write --size=64G
--direct=0 --thread=1 --numjobs=1 --time_based --runtime=120
--filename=/mnt/sub/testfile --name=job1 --group_reporting & sleep 5;
time btrfs sub snap -r /mnt/sub /mnt/snap; killall fio

original: 1m58sec
patched:  6.54sec

This is the best case for this patch since for a sequential write case,
we omit nearly all pages dirtied after the snapshot command.

For a multi writers, random write test:

fio --ioengine=libaio --iodepth=32 --bs=4k --rw=randwrite --size=64G
--direct=0 --thread=1 --numjobs=4 --time_based --runtime=120
--filename=/mnt/sub/testfile --name=job1 --group_reporting & sleep 5;
time btrfs sub snap -r /mnt/sub /mnt/snap; killall fio

original: 15.83sec
patched:  10.35sec

The improvement is smaller compared to the sequential write case,
since we omit only half of the pages dirtied after snapshot command.

Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Ethan Lien <ethanlien@synology.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/btrfs/btrfs_inode.h |  1 +
 fs/btrfs/ctree.h       |  2 +-
 fs/btrfs/extent_io.c   | 17 +++++++++++++++--
 fs/btrfs/inode.c       | 11 +++++++----
 fs/btrfs/ioctl.c       |  2 +-
 5 files changed, 25 insertions(+), 8 deletions(-)

diff --git a/fs/btrfs/btrfs_inode.h b/fs/btrfs/btrfs_inode.h
index 7177d1d33584..45f5cf9cd203 100644
--- a/fs/btrfs/btrfs_inode.h
+++ b/fs/btrfs/btrfs_inode.h
@@ -29,6 +29,7 @@ enum {
 	BTRFS_INODE_IN_DELALLOC_LIST,
 	BTRFS_INODE_READDIO_NEED_LOCK,
 	BTRFS_INODE_HAS_PROPS,
+	BTRFS_INODE_SNAPSHOT_FLUSH,
 };
 
 /* in memory btrfs inode */
diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
index 2cddfe7806a4..82682da5a40d 100644
--- a/fs/btrfs/ctree.h
+++ b/fs/btrfs/ctree.h
@@ -3155,7 +3155,7 @@ int btrfs_truncate_inode_items(struct btrfs_trans_handle *trans,
 			       struct inode *inode, u64 new_size,
 			       u32 min_type);
 
-int btrfs_start_delalloc_inodes(struct btrfs_root *root);
+int btrfs_start_delalloc_snapshot(struct btrfs_root *root);
 int btrfs_start_delalloc_roots(struct btrfs_fs_info *fs_info, int nr);
 int btrfs_set_extent_delalloc(struct inode *inode, u64 start, u64 end,
 			      unsigned int extra_bits,
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 4dd6faab02bb..79f82f2ec4d5 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -3928,12 +3928,25 @@ static int extent_write_cache_pages(struct address_space *mapping,
 			range_whole = 1;
 		scanned = 1;
 	}
-	if (wbc->sync_mode == WB_SYNC_ALL)
+
+	/*
+	 * We do the tagged writepage as long as the snapshot flush bit is set
+	 * and we are the first one who do the filemap_flush() on this inode.
+	 *
+	 * The nr_to_write == LONG_MAX is needed to make sure other flushers do
+	 * not race in and drop the bit.
+	 */
+	if (range_whole && wbc->nr_to_write == LONG_MAX &&
+	    test_and_clear_bit(BTRFS_INODE_SNAPSHOT_FLUSH,
+			       &BTRFS_I(inode)->runtime_flags))
+		wbc->tagged_writepages = 1;
+
+	if (wbc->sync_mode == WB_SYNC_ALL || wbc->tagged_writepages)
 		tag = PAGECACHE_TAG_TOWRITE;
 	else
 		tag = PAGECACHE_TAG_DIRTY;
 retry:
-	if (wbc->sync_mode == WB_SYNC_ALL)
+	if (wbc->sync_mode == WB_SYNC_ALL || wbc->tagged_writepages)
 		tag_pages_for_writeback(mapping, index, end);
 	done_index = index;
 	while (!done && !nr_to_write_done && (index <= end) &&
diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c
index 83b3a626c796..59f361f7d0c1 100644
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -10005,7 +10005,7 @@ static struct btrfs_delalloc_work *btrfs_alloc_delalloc_work(struct inode *inode
  * some fairly slow code that needs optimization. This walks the list
  * of all the inodes with pending delalloc and forces them to disk.
  */
-static int start_delalloc_inodes(struct btrfs_root *root, int nr)
+static int start_delalloc_inodes(struct btrfs_root *root, int nr, bool snapshot)
 {
 	struct btrfs_inode *binode;
 	struct inode *inode;
@@ -10033,6 +10033,9 @@ static int start_delalloc_inodes(struct btrfs_root *root, int nr)
 		}
 		spin_unlock(&root->delalloc_lock);
 
+		if (snapshot)
+			set_bit(BTRFS_INODE_SNAPSHOT_FLUSH,
+				&binode->runtime_flags);
 		work = btrfs_alloc_delalloc_work(inode);
 		if (!work) {
 			iput(inode);
@@ -10066,7 +10069,7 @@ static int start_delalloc_inodes(struct btrfs_root *root, int nr)
 	return ret;
 }
 
-int btrfs_start_delalloc_inodes(struct btrfs_root *root)
+int btrfs_start_delalloc_snapshot(struct btrfs_root *root)
 {
 	struct btrfs_fs_info *fs_info = root->fs_info;
 	int ret;
@@ -10074,7 +10077,7 @@ int btrfs_start_delalloc_inodes(struct btrfs_root *root)
 	if (test_bit(BTRFS_FS_STATE_ERROR, &fs_info->fs_state))
 		return -EROFS;
 
-	ret = start_delalloc_inodes(root, -1);
+	ret = start_delalloc_inodes(root, -1, true);
 	if (ret > 0)
 		ret = 0;
 	return ret;
@@ -10103,7 +10106,7 @@ int btrfs_start_delalloc_roots(struct btrfs_fs_info *fs_info, int nr)
 			       &fs_info->delalloc_roots);
 		spin_unlock(&fs_info->delalloc_root_lock);
 
-		ret = start_delalloc_inodes(root, nr);
+		ret = start_delalloc_inodes(root, nr, false);
 		btrfs_put_fs_root(root);
 		if (ret < 0)
 			goto out;
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index c9152155fcbf..8bf9cce11213 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -778,7 +778,7 @@ static int create_snapshot(struct btrfs_root *root, struct inode *dir,
 	wait_event(root->subv_writers->wait,
 		   percpu_counter_sum(&root->subv_writers->counter) == 0);
 
-	ret = btrfs_start_delalloc_inodes(root);
+	ret = btrfs_start_delalloc_snapshot(root);
 	if (ret)
 		goto dec_and_free;
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 169/258] perf probe: Fix unchecked usage of strncpy()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (166 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 168/258] btrfs: use tagged writepage to mitigate livelock of snapshot Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 170/258] i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E) Sasha Levin
                   ` (88 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnaldo Carvalho de Melo, Adrian Hunter, Jiri Olsa,
	Masami Hiramatsu, Namhyung Kim, Sasha Levin

From: Arnaldo Carvalho de Melo <acme@redhat.com>

[ Upstream commit bef0b8970f27da5ca223e522a174d03e2587761d ]

The strncpy() function may leave the destination string buffer
unterminated, better use strlcpy() that we have a __weak fallback
implementation for systems without it.

In this case the 'target' buffer is coming from a list of build-ids that
are expected to have a len of at most (SBUILD_ID_SIZE - 1) chars, so
probably we're safe, but since we're using strncpy() here, use strlcpy()
instead to provide the intended safety checking without the using the
problematic strncpy() function.

This fixes this warning on an Alpine Linux Edge system with gcc 8.2:

  util/probe-file.c: In function 'probe_cache__open.isra.5':
  util/probe-file.c:427:3: error: 'strncpy' specified bound 41 equals destination size [-Werror=stringop-truncation]
     strncpy(sbuildid, target, SBUILD_ID_SIZE);
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  cc1: all warnings being treated as errors

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Fixes: 1f3736c9c833 ("perf probe: Show all cached probes")
Link: https://lkml.kernel.org/n/tip-l7n8ggc9kl38qtdlouke5yp5@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/probe-file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/probe-file.c b/tools/perf/util/probe-file.c
index b76088fadf3d..6a6548890d5a 100644
--- a/tools/perf/util/probe-file.c
+++ b/tools/perf/util/probe-file.c
@@ -424,7 +424,7 @@ static int probe_cache__open(struct probe_cache *pcache, const char *target,
 
 	if (target && build_id_cache__cached(target)) {
 		/* This is a cached buildid */
-		strncpy(sbuildid, target, SBUILD_ID_SIZE);
+		strlcpy(sbuildid, target, SBUILD_ID_SIZE);
 		dir_name = build_id_cache__linkname(sbuildid, NULL, 0);
 		goto found;
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 170/258] i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E)
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (167 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 169/258] perf probe: Fix unchecked usage of strncpy() Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 171/258] bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings Sasha Levin
                   ` (87 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Fabrizio Castro, Wolfram Sang, Sasha Levin, linux-i2c

From: Fabrizio Castro <fabrizio.castro@bp.renesas.com>

[ Upstream commit 51243b73455f2d12cb82abffa7bc9028aec656e0 ]

Similarly to R-Car E3, RZ/G2E doesn't come with automatic
transmission registers, as such it is not considered compatible
with the existing fallback bindings.

Add SoC specific binding compatibility to allow for later
support for automatic transmission.

Signed-off-by: Fabrizio Castro <fabrizio.castro@bp.renesas.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/i2c/busses/i2c-sh_mobile.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/i2c/busses/i2c-sh_mobile.c b/drivers/i2c/busses/i2c-sh_mobile.c
index b3ed14f4eae9..ddcfb6d349d1 100644
--- a/drivers/i2c/busses/i2c-sh_mobile.c
+++ b/drivers/i2c/busses/i2c-sh_mobile.c
@@ -800,6 +800,7 @@ static const struct sh_mobile_dt_config r8a7740_dt_config = {
 static const struct of_device_id sh_mobile_i2c_dt_ids[] = {
 	{ .compatible = "renesas,iic-r8a73a4", .data = &fast_clock_dt_config },
 	{ .compatible = "renesas,iic-r8a7740", .data = &r8a7740_dt_config },
+	{ .compatible = "renesas,iic-r8a774c0", .data = &fast_clock_dt_config },
 	{ .compatible = "renesas,iic-r8a7790", .data = &v2_freq_calc_dt_config },
 	{ .compatible = "renesas,iic-r8a7791", .data = &fast_clock_dt_config },
 	{ .compatible = "renesas,iic-r8a7792", .data = &fast_clock_dt_config },
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 171/258] bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings.
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (168 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 170/258] i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E) Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 172/258] KVM: s390: unregister debug feature on failing arch init Sasha Levin
                   ` (86 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Michael Chan, David S . Miller, Sasha Levin, netdev

From: Michael Chan <michael.chan@broadcom.com>

[ Upstream commit 36d65be9a88052cdfc8524eb591baf0e6c878408 ]

When bringing up a device, the code checks to see if the number of
MSIX has changed.  pci_disable_msix() should be called first before
changing the number of reserved NQs/CMPL rings.  This ensures that
the MSIX vectors associated with the NQs/CMPL rings are still
properly mapped when pci_disable_msix() masks the vectors.

This patch will prevent errors when RDMA support is added for the new
57500 chips.  When the RDMA driver shuts down, the number of NQs is
decreased and we must use the new sequence to prevent MSIX errors.

Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
index e2d92548226a..034f57500f00 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
@@ -6073,23 +6073,26 @@ static void bnxt_clear_int_mode(struct bnxt *bp)
 int bnxt_reserve_rings(struct bnxt *bp)
 {
 	int tcs = netdev_get_num_tc(bp->dev);
+	bool reinit_irq = false;
 	int rc;
 
 	if (!bnxt_need_reserve_rings(bp))
 		return 0;
 
-	rc = __bnxt_reserve_rings(bp);
-	if (rc) {
-		netdev_err(bp->dev, "ring reservation failure rc: %d\n", rc);
-		return rc;
-	}
 	if (BNXT_NEW_RM(bp) && (bnxt_get_num_msix(bp) != bp->total_irqs)) {
 		bnxt_ulp_irq_stop(bp);
 		bnxt_clear_int_mode(bp);
-		rc = bnxt_init_int_mode(bp);
+		reinit_irq = true;
+	}
+	rc = __bnxt_reserve_rings(bp);
+	if (reinit_irq) {
+		if (!rc)
+			rc = bnxt_init_int_mode(bp);
 		bnxt_ulp_irq_restart(bp, rc);
-		if (rc)
-			return rc;
+	}
+	if (rc) {
+		netdev_err(bp->dev, "ring reservation/IRQ init failure rc: %d\n", rc);
+		return rc;
 	}
 	if (tcs && (bp->tx_nr_rings_per_tc * tcs != bp->tx_nr_rings)) {
 		netdev_err(bp->dev, "tx ring reservation failure\n");
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 172/258] KVM: s390: unregister debug feature on failing arch init
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (169 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 171/258] bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 173/258] tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file Sasha Levin
                   ` (85 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Michael Mueller, Christian Borntraeger, Sasha Levin, linux-s390

From: Michael Mueller <mimu@linux.ibm.com>

[ Upstream commit 308c3e6673b012beecb96ef04cc65f4a0e7cdd99 ]

Make sure the debug feature and its allocated resources get
released upon unsuccessful architecture initialization.

A related indication of the issue will be reported as kernel
message.

Signed-off-by: Michael Mueller <mimu@linux.ibm.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20181130143215.69496-2-mimu@linux.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/s390/kvm/kvm-s390.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index ac5da6b0b862..6aacb8d3dd9e 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -416,19 +416,30 @@ static void kvm_s390_cpu_feat_init(void)
 
 int kvm_arch_init(void *opaque)
 {
+	int rc;
+
 	kvm_s390_dbf = debug_register("kvm-trace", 32, 1, 7 * sizeof(long));
 	if (!kvm_s390_dbf)
 		return -ENOMEM;
 
 	if (debug_register_view(kvm_s390_dbf, &debug_sprintf_view)) {
-		debug_unregister(kvm_s390_dbf);
-		return -ENOMEM;
+		rc = -ENOMEM;
+		goto out_debug_unreg;
 	}
 
 	kvm_s390_cpu_feat_init();
 
 	/* Register floating interrupt controller interface. */
-	return kvm_register_device_ops(&kvm_flic_ops, KVM_DEV_TYPE_FLIC);
+	rc = kvm_register_device_ops(&kvm_flic_ops, KVM_DEV_TYPE_FLIC);
+	if (rc) {
+		pr_err("Failed to register FLIC rc=%d\n", rc);
+		goto out_debug_unreg;
+	}
+	return 0;
+
+out_debug_unreg:
+	debug_unregister(kvm_s390_dbf);
+	return rc;
 }
 
 void kvm_arch_exit(void)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 173/258] tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (170 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 172/258] KVM: s390: unregister debug feature on failing arch init Sasha Levin
@ 2019-01-28 15:57 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 174/258] livepatch: check kzalloc return values Sasha Levin
                   ` (84 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:57 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Doug Smythies, Doug Smythies, Rafael J . Wysocki, Sasha Levin

From: Doug Smythies <doug.smythies@gmail.com>

[ Upstream commit 663546903c835fe46308b1b1e53d32d1f2b33da9 ]

This script is supposed to be allowed to run with regular user
privileges if a previously captured trace is being post processed.

Commit fbe313884d7d (tools/power/x86/intel_pstate_tracer: Free the
trace buffer memory) introduced a bug that breaks that option.

Commit 35459105deb2 (tools/power/x86/intel_pstate_tracer: Add
optional setting of trace buffer memory allocation) moved the code
but kept the bug.

This patch fixes the issue.

Fixes: 35459105deb2 (tools/power/x86/intel_pstate_tracer: Add optional ...)
Signed-off-by: Doug Smythies <dsmythies@telus.net>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py b/tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py
index 84e2b648e622..2fa3c5757bcb 100755
--- a/tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py
+++ b/tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py
@@ -585,9 +585,9 @@ current_max_cpu = 0
 
 read_trace_data(filename)
 
-clear_trace_file()
-# Free the memory
 if interval:
+    clear_trace_file()
+    # Free the memory
     free_trace_buffer()
 
 if graph_data_present == False:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 174/258] livepatch: check kzalloc return values
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (171 preceding siblings ...)
  2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 173/258] tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 17:28   ` Miroslav Benes
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 175/258] arm64: KVM: Skip MMIO insn after emulation Sasha Levin
                   ` (83 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nicholas Mc Guire, Jiri Kosina, Sasha Levin, live-patching

From: Nicholas Mc Guire <hofrat@osadl.org>

[ Upstream commit 5f30b2e823484ce6a79f2b59901b6351c15effa6 ]

kzalloc() return should always be checked - notably in example code
where this may be seen as reference. On failure of allocation in
livepatch_fix1_dummy_alloc() respectively dummy_alloc() previous
allocation is freed (thanks to Petr Mladek <pmladek@suse.com> for
catching this) and NULL returned.

Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Fixes: 439e7271dc2b ("livepatch: introduce shadow variable API")
Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Acked-by: Miroslav Benes <mbenes@suse.cz>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 samples/livepatch/livepatch-shadow-fix1.c | 5 +++++
 samples/livepatch/livepatch-shadow-mod.c  | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
index 49b13553eaae..e8f1bd6b29b1 100644
--- a/samples/livepatch/livepatch-shadow-fix1.c
+++ b/samples/livepatch/livepatch-shadow-fix1.c
@@ -89,6 +89,11 @@ struct dummy *livepatch_fix1_dummy_alloc(void)
 	 * pointer to handle resource release.
 	 */
 	leak = kzalloc(sizeof(int), GFP_KERNEL);
+	if (!leak) {
+		kfree(d);
+		return NULL;
+	}
+
 	klp_shadow_alloc(d, SV_LEAK, sizeof(leak), GFP_KERNEL,
 			 shadow_leak_ctor, leak);
 
diff --git a/samples/livepatch/livepatch-shadow-mod.c b/samples/livepatch/livepatch-shadow-mod.c
index 4c54b250332d..4aa8a88d3cd6 100644
--- a/samples/livepatch/livepatch-shadow-mod.c
+++ b/samples/livepatch/livepatch-shadow-mod.c
@@ -118,6 +118,10 @@ noinline struct dummy *dummy_alloc(void)
 
 	/* Oops, forgot to save leak! */
 	leak = kzalloc(sizeof(int), GFP_KERNEL);
+	if (!leak) {
+		kfree(d);
+		return NULL;
+	}
 
 	pr_info("%s: dummy @ %p, expires @ %lx\n",
 		__func__, d, d->jiffies_expire);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 175/258] arm64: KVM: Skip MMIO insn after emulation
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (172 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 174/258] livepatch: check kzalloc return values Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 176/258] usb: musb: dsps: fix otg state machine Sasha Levin
                   ` (82 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Mark Rutland, Peter Maydell, Marc Zyngier, Sasha Levin, kvmarm

From: Mark Rutland <mark.rutland@arm.com>

[ Upstream commit 0d640732dbebed0f10f18526de21652931f0b2f2 ]

When we emulate an MMIO instruction, we advance the CPU state within
decode_hsr(), before emulating the instruction effects.

Having this logic in decode_hsr() is opaque, and advancing the state
before emulation is problematic. It gets in the way of applying
consistent single-step logic, and it prevents us from being able to fail
an MMIO instruction with a synchronous exception.

Clean this up by only advancing the CPU state *after* the effects of the
instruction are emulated.

Cc: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Christoffer Dall <christoffer.dall@arm.com>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 virt/kvm/arm/mmio.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/virt/kvm/arm/mmio.c b/virt/kvm/arm/mmio.c
index dac7ceb1a677..08443a15e6be 100644
--- a/virt/kvm/arm/mmio.c
+++ b/virt/kvm/arm/mmio.c
@@ -117,6 +117,12 @@ int kvm_handle_mmio_return(struct kvm_vcpu *vcpu, struct kvm_run *run)
 		vcpu_set_reg(vcpu, vcpu->arch.mmio_decode.rt, data);
 	}
 
+	/*
+	 * The MMIO instruction is emulated and should not be re-executed
+	 * in the guest.
+	 */
+	kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu));
+
 	return 0;
 }
 
@@ -144,11 +150,6 @@ static int decode_hsr(struct kvm_vcpu *vcpu, bool *is_write, int *len)
 	vcpu->arch.mmio_decode.sign_extend = sign_extend;
 	vcpu->arch.mmio_decode.rt = rt;
 
-	/*
-	 * The MMIO instruction is emulated and should not be re-executed
-	 * in the guest.
-	 */
-	kvm_skip_instr(vcpu, kvm_vcpu_trap_il_is32bit(vcpu));
 	return 0;
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 176/258] usb: musb: dsps: fix otg state machine
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (173 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 175/258] arm64: KVM: Skip MMIO insn after emulation Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 17:07   ` Bin Liu
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 177/258] usb: musb: dsps: fix runtime pm for peripheral mode Sasha Levin
                   ` (81 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Bin Liu, Greg Kroah-Hartman, Sasha Levin, linux-usb

From: Bin Liu <b-liu@ti.com>

[ Upstream commit 6010abf2c2c0e382d7e8ee44bd11f343aae90cce ]

Due to lack of ID pin interrupt event on AM335x devices, the musb dsps
driver uses polling to detect usb device attach for dual-role port.

But in the case if a micro-A cable adapter is attached without a USB device
attached to the cable, the musb state machine gets stuck in a_wait_vrise
state waiting for the MUSB_CONNECT interrupt which won't happen due to the
usb device is not attached. The state is stuck in a_wait_vrise even after
the micro-A cable is detached, which could cause VBUS retention if then the
dual-role port is attached to a host port.

To fix the problem, make a_wait_vrise as a transient state, then move the
state to either a_wait_bcon for host port or a_idle state for dual-role
port, if no usb device is attached to the port.

Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/musb/musb_dsps.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c
index 23a0df79ef21..1e6d78b1334e 100644
--- a/drivers/usb/musb/musb_dsps.c
+++ b/drivers/usb/musb/musb_dsps.c
@@ -227,8 +227,13 @@ static int dsps_check_status(struct musb *musb, void *unused)
 
 	switch (musb->xceiv->otg->state) {
 	case OTG_STATE_A_WAIT_VRISE:
-		dsps_mod_timer_optional(glue);
-		break;
+		if (musb->port_mode == MUSB_HOST) {
+			musb->xceiv->otg->state = OTG_STATE_A_WAIT_BCON;
+			dsps_mod_timer_optional(glue);
+			break;
+		}
+		/* fall through */
+
 	case OTG_STATE_A_WAIT_BCON:
 		/* keep VBUS on for host-only mode */
 		if (musb->port_mode == MUSB_HOST) {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 177/258] usb: musb: dsps: fix runtime pm for peripheral mode
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (174 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 176/258] usb: musb: dsps: fix otg state machine Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 17:09   ` Bin Liu
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 178/258] perf header: Fix up argument to ctime() Sasha Levin
                   ` (80 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Bin Liu, Greg Kroah-Hartman, Sasha Levin, linux-usb

From: Bin Liu <b-liu@ti.com>

[ Upstream commit 54578ee883e34d2d1c518d48f1c1e2dd3f387188 ]

Since the runtime PM support was added in musb, dsps relies on the timer
calling otg_timer() to activate the usb subsystem. However the driver
doesn't enable the timer for peripheral port, then the peripheral port is
unable to be enumerated by a host if the other usb port is disabled or in
peripheral mode too.

So let's start the timer for peripheral port too.

Fixes: ea2f35c01d5e ("usb: musb: Fix sleeping function called from invalid context for hdrc glue")
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Bin Liu <b-liu@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/usb/musb/musb_dsps.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c
index 1e6d78b1334e..403eb97915f8 100644
--- a/drivers/usb/musb/musb_dsps.c
+++ b/drivers/usb/musb/musb_dsps.c
@@ -181,9 +181,11 @@ static void dsps_musb_enable(struct musb *musb)
 
 	musb_writel(reg_base, wrp->epintr_set, epmask);
 	musb_writel(reg_base, wrp->coreintr_set, coremask);
-	/* start polling for ID change in dual-role idle mode */
-	if (musb->xceiv->otg->state == OTG_STATE_B_IDLE &&
-			musb->port_mode == MUSB_OTG)
+	/*
+	 * start polling for runtime PM active and idle,
+	 * and for ID change in dual-role idle mode.
+	 */
+	if (musb->xceiv->otg->state == OTG_STATE_B_IDLE)
 		dsps_mod_timer(glue, -1);
 }
 
@@ -254,6 +256,10 @@ static int dsps_check_status(struct musb *musb, void *unused)
 				musb->xceiv->otg->state = OTG_STATE_A_IDLE;
 				MUSB_HST_MODE(musb);
 			}
+
+			if (musb->port_mode == MUSB_PERIPHERAL)
+				skip_session = 1;
+
 			if (!(devctl & MUSB_DEVCTL_SESSION) && !skip_session)
 				musb_writeb(mregs, MUSB_DEVCTL,
 					    MUSB_DEVCTL_SESSION);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 178/258] perf header: Fix up argument to ctime()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (175 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 177/258] usb: musb: dsps: fix runtime pm for peripheral mode Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 179/258] perf tools: Cast off_t to s64 to avoid warning on bionic libc Sasha Levin
                   ` (79 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnaldo Carvalho de Melo, Adrian Hunter, Jiri Olsa, Namhyung Kim,
	Sasha Levin

From: Arnaldo Carvalho de Melo <acme@redhat.com>

[ Upstream commit 0afcf29bab35d3785204cd9bd51693b231ad7181 ]

Reducing this noise when cross building to the Android NDK:

  util/header.c: In function 'perf_header__fprintf_info':
  util/header.c:2710:45: warning: pointer targets in passing argument 1 of 'ctime' differ in signedness [-Wpointer-sign]
    fprintf(fp, "# captured on    : %s", ctime(&st.st_ctime));
                                               ^
  In file included from util/../perf.h:5:0,
                   from util/evlist.h:11,
                   from util/header.c:22:
  /opt/android-ndk-r15c/platforms/android-26/arch-arm/usr/include/time.h:81:14: note: expected 'const time_t *' but argument is of type 'long unsigned int *'
   extern char* ctime(const time_t*) __LIBC_ABI_PUBLIC__;
                ^

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: https://lkml.kernel.org/n/tip-6bz74zp080yhmtiwb36enso9@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/header.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c
index ac3c59e7da16..bd9226bc5945 100644
--- a/tools/perf/util/header.c
+++ b/tools/perf/util/header.c
@@ -2636,6 +2636,7 @@ int perf_header__fprintf_info(struct perf_session *session, FILE *fp, bool full)
 	struct perf_header *header = &session->header;
 	int fd = perf_data__fd(session->data);
 	struct stat st;
+	time_t stctime;
 	int ret, bit;
 
 	hd.fp = fp;
@@ -2645,7 +2646,8 @@ int perf_header__fprintf_info(struct perf_session *session, FILE *fp, bool full)
 	if (ret == -1)
 		return -1;
 
-	fprintf(fp, "# captured on    : %s", ctime(&st.st_ctime));
+	stctime = st.st_ctime;
+	fprintf(fp, "# captured on    : %s", ctime(&stctime));
 
 	fprintf(fp, "# header version : %u\n", header->version);
 	fprintf(fp, "# data offset    : %" PRIu64 "\n", header->data_offset);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 179/258] perf tools: Cast off_t to s64 to avoid warning on bionic libc
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (176 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 178/258] perf header: Fix up argument to ctime() Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 180/258] percpu: convert spin_lock_irq to spin_lock_irqsave Sasha Levin
                   ` (78 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnaldo Carvalho de Melo, Adrian Hunter, Jiri Olsa, Namhyung Kim,
	Thomas Richter, Sasha Levin

From: Arnaldo Carvalho de Melo <acme@redhat.com>

[ Upstream commit 866053bb644f754d1a93aaa9db9998fecf7a8978 ]

To avoid this warning:

    CC       /tmp/build/perf/util/s390-cpumsf.o
  util/s390-cpumsf.c: In function 's390_cpumsf_samples':
  util/s390-cpumsf.c:508:3: warning: format '%llx' expects argument of type 'long long unsigned int', but argument 4 has type 'off_t' [-Wformat=]
     pr_err("[%#08" PRIx64 "] Invalid AUX trailer entry TOD clock base\n",
     ^

Now the various Android cross toolchains used in the perf tools
container test builds are all clean and we can remove this:

  export EXTRA_MAKE_ARGS="WERROR=0"

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Thomas Richter <tmricht@linux.ibm.com>
Link: https://lkml.kernel.org/n/tip-5rav4ccyb0sjciysz2i4p3sx@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/s390-cpumsf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/perf/util/s390-cpumsf.c b/tools/perf/util/s390-cpumsf.c
index d2c78ffd9fee..aa7f8c11fbb7 100644
--- a/tools/perf/util/s390-cpumsf.c
+++ b/tools/perf/util/s390-cpumsf.c
@@ -499,7 +499,7 @@ static int s390_cpumsf_samples(struct s390_cpumsf_queue *sfq, u64 *ts)
 	aux_ts = get_trailer_time(buf);
 	if (!aux_ts) {
 		pr_err("[%#08" PRIx64 "] Invalid AUX trailer entry TOD clock base\n",
-		       sfq->buffer->data_offset);
+		       (s64)sfq->buffer->data_offset);
 		aux_ts = ~0ULL;
 		goto out;
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 180/258] percpu: convert spin_lock_irq to spin_lock_irqsave.
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (177 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 179/258] perf tools: Cast off_t to s64 to avoid warning on bionic libc Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 181/258] tools uapi asm: Update asm-generic/unistd.h copy Sasha Levin
                   ` (77 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Dennis Zhou, Sasha Levin, linux-mm

From: Dennis Zhou <dennis@kernel.org>

[ Upstream commit 6ab7d47bcbf0144a8cb81536c2cead4cde18acfe ]

From Michael Cree:
  "Bisection lead to commit b38d08f3181c ("percpu: restructure
   locking") as being the cause of lockups at initial boot on
   the kernel built for generic Alpha.

   On a suggestion by Tejun Heo that:

   So, the only thing I can think of is that it's calling
   spin_unlock_irq() while irq handling isn't set up yet.
   Can you please try the followings?

   1. Convert all spin_[un]lock_irq() to
      spin_lock_irqsave/unlock_irqrestore()."

Fixes: b38d08f3181c ("percpu: restructure locking")
Reported-and-tested-by: Michael Cree <mcree@orcon.net.nz>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Dennis Zhou <dennis@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/percpu-km.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mm/percpu-km.c b/mm/percpu-km.c
index 38de70ab1a0d..0f643dc2dc65 100644
--- a/mm/percpu-km.c
+++ b/mm/percpu-km.c
@@ -50,6 +50,7 @@ static struct pcpu_chunk *pcpu_create_chunk(gfp_t gfp)
 	const int nr_pages = pcpu_group_sizes[0] >> PAGE_SHIFT;
 	struct pcpu_chunk *chunk;
 	struct page *pages;
+	unsigned long flags;
 	int i;
 
 	chunk = pcpu_alloc_chunk(gfp);
@@ -68,9 +69,9 @@ static struct pcpu_chunk *pcpu_create_chunk(gfp_t gfp)
 	chunk->data = pages;
 	chunk->base_addr = page_address(pages) - pcpu_group_offsets[0];
 
-	spin_lock_irq(&pcpu_lock);
+	spin_lock_irqsave(&pcpu_lock, flags);
 	pcpu_chunk_populated(chunk, 0, nr_pages, false);
-	spin_unlock_irq(&pcpu_lock);
+	spin_unlock_irqrestore(&pcpu_lock, flags);
 
 	pcpu_stats_chunk_alloc();
 	trace_percpu_create_chunk(chunk->base_addr);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 181/258] tools uapi asm: Update asm-generic/unistd.h copy
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (178 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 180/258] percpu: convert spin_lock_irq to spin_lock_irqsave Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 16:56   ` Arnd Bergmann
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 182/258] net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data() Sasha Levin
                   ` (76 subsequent siblings)
  256 siblings, 1 reply; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Arnaldo Carvalho de Melo, Adrian Hunter, Arnd Bergmann, Guo Ren,
	Jiri Olsa, Namhyung Kim, Sasha Levin

From: Arnaldo Carvalho de Melo <acme@redhat.com>

[ Upstream commit 89a0948984896352cac1ebe079cb3d64d6c3adc6 ]

To get the change in:

  b7d624ab4312 ("asm-generic: unistd.h: fixup broken macro include.")

That doesn't imply in any changes in the tools.

This silences the following perf build warning:

  Warning: Kernel ABI header at 'tools/include/uapi/asm-generic/unistd.h' differs from latest version at 'include/uapi/asm-generic/unistd.h'
  diff -u tools/include/uapi/asm-generic/unistd.h include/uapi/asm-generic/unistd.h

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Guo Ren <ren_guo@c-sky.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: https://lkml.kernel.org/n/tip-2e7xwm5i2qcc88jp2lyawdyd@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/include/uapi/asm-generic/unistd.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/include/uapi/asm-generic/unistd.h b/tools/include/uapi/asm-generic/unistd.h
index df4bedb9b01c..1e4e48355eda 100644
--- a/tools/include/uapi/asm-generic/unistd.h
+++ b/tools/include/uapi/asm-generic/unistd.h
@@ -758,8 +758,10 @@ __SYSCALL(__NR_rseq, sys_rseq)
 #define __NR_ftruncate __NR3264_ftruncate
 #define __NR_lseek __NR3264_lseek
 #define __NR_sendfile __NR3264_sendfile
+#if defined(__ARCH_WANT_NEW_STAT) || defined(__ARCH_WANT_STAT64)
 #define __NR_newfstatat __NR3264_fstatat
 #define __NR_fstat __NR3264_fstat
+#endif
 #define __NR_mmap __NR3264_mmap
 #define __NR_fadvise64 __NR3264_fadvise64
 #ifdef __NR3264_stat
@@ -774,8 +776,10 @@ __SYSCALL(__NR_rseq, sys_rseq)
 #define __NR_ftruncate64 __NR3264_ftruncate
 #define __NR_llseek __NR3264_lseek
 #define __NR_sendfile64 __NR3264_sendfile
+#if defined(__ARCH_WANT_NEW_STAT) || defined(__ARCH_WANT_STAT64)
 #define __NR_fstatat64 __NR3264_fstatat
 #define __NR_fstat64 __NR3264_fstat
+#endif
 #define __NR_mmap2 __NR3264_mmap
 #define __NR_fadvise64_64 __NR3264_fadvise64
 #ifdef __NR3264_stat
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 182/258] net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (179 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 181/258] tools uapi asm: Update asm-generic/unistd.h copy Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 183/258] drm/amd/display: Add retry to read ddc_clock pin Sasha Levin
                   ` (75 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Huazhong Tan, Peng Li, David S . Miller, Sasha Levin, netdev

From: Huazhong Tan <tanhuazhong@huawei.com>

[ Upstream commit ae6017a71115ebc4e5c1a3f0f451319ab3f5c447 ]

In the hns3_nic_uninit_vector_data(), the procedure of uninitializing
the tqp_vector's IRQ has not set affinity_notify to NULL and changes
its init flag. This patch fixes it. And for simplificaton, local
variable tqp_vector is used instead of priv->tqp_vector[i].

Fixes: 424eb834a9be ("net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC")
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index b7b2f8254ce1..d5f15d8d18a9 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -2760,12 +2760,12 @@ static int hns3_nic_uninit_vector_data(struct hns3_nic_priv *priv)
 
 		hns3_free_vector_ring_chain(tqp_vector, &vector_ring_chain);
 
-		if (priv->tqp_vector[i].irq_init_flag == HNS3_VECTOR_INITED) {
-			(void)irq_set_affinity_hint(
-				priv->tqp_vector[i].vector_irq,
-						    NULL);
-			free_irq(priv->tqp_vector[i].vector_irq,
-				 &priv->tqp_vector[i]);
+		if (tqp_vector->irq_init_flag == HNS3_VECTOR_INITED) {
+			irq_set_affinity_notifier(tqp_vector->vector_irq,
+						  NULL);
+			irq_set_affinity_hint(tqp_vector->vector_irq, NULL);
+			free_irq(tqp_vector->vector_irq, tqp_vector);
+			tqp_vector->irq_init_flag = HNS3_VECTOR_NOT_INITED;
 		}
 
 		priv->ring_data[i].ring->irq_init_flag = HNS3_VECTOR_NOT_INITED;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 183/258] drm/amd/display: Add retry to read ddc_clock pin
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (180 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 182/258] net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data() Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 184/258] Bluetooth: hci_bcm: Handle deferred probing for the clock supply Sasha Levin
                   ` (74 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Paul Hsieh, Alex Deucher, Sasha Levin, amd-gfx, dri-devel

From: Paul Hsieh <paul.hsieh@amd.com>

[ Upstream commit bd4905a9583c760da31ded7256dca6f71483c3dc ]

[WHY]
On customer board, there is one pluse (1v , < 1ms) on
DDC_CLK pin when plug / unplug DP cable. Driver will read
it and config DP to HDMI/DVI dongle.

[HOW]
If there is a real dongle, DDC_CLK should be always pull high.
Try to read again to recovery this special case. Retry times = 3.
Need additional 3ms to detect DP passive dongle(3 failures)

Signed-off-by: Paul Hsieh <paul.hsieh@amd.com>
Reviewed-by: Eric Yang <eric.yang2@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/dc/core/dc_link.c | 23 ++++++++++++++-----
 1 file changed, 17 insertions(+), 6 deletions(-)

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link.c b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
index 7c89785fd731..23a7ef97afdd 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link.c
@@ -324,7 +324,7 @@ bool dc_link_is_dp_sink_present(struct dc_link *link)
 {
 	enum gpio_result gpio_result;
 	uint32_t clock_pin = 0;
-
+	uint8_t retry = 0;
 	struct ddc *ddc;
 
 	enum connector_id connector_id =
@@ -353,11 +353,22 @@ bool dc_link_is_dp_sink_present(struct dc_link *link)
 		return present;
 	}
 
-	/* Read GPIO: DP sink is present if both clock and data pins are zero */
-	/* [anaumov] in DAL2, there was no check for GPIO failure */
-
-	gpio_result = dal_gpio_get_value(ddc->pin_clock, &clock_pin);
-	ASSERT(gpio_result == GPIO_RESULT_OK);
+	/*
+	 * Read GPIO: DP sink is present if both clock and data pins are zero
+	 *
+	 * [W/A] plug-unplug DP cable, sometimes customer board has
+	 * one short pulse on clk_pin(1V, < 1ms). DP will be config to HDMI/DVI
+	 * then monitor can't br light up. Add retry 3 times
+	 * But in real passive dongle, it need additional 3ms to detect
+	 */
+	do {
+		gpio_result = dal_gpio_get_value(ddc->pin_clock, &clock_pin);
+		ASSERT(gpio_result == GPIO_RESULT_OK);
+		if (clock_pin)
+			udelay(1000);
+		else
+			break;
+	} while (retry++ < 3);
 
 	present = (gpio_result == GPIO_RESULT_OK) && !clock_pin;
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 184/258] Bluetooth: hci_bcm: Handle deferred probing for the clock supply
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (181 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 183/258] drm/amd/display: Add retry to read ddc_clock pin Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 185/258] drm/amd/display: fix YCbCr420 blank color Sasha Levin
                   ` (73 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Chen-Yu Tsai, Marcel Holtmann, Sasha Levin, linux-bluetooth

From: Chen-Yu Tsai <wens@csie.org>

[ Upstream commit 28ac03b9ac3f784c2f048a910c8d0a7a87483b66 ]

On some systems that actually have the bluetooth controller wired up
with an extra clock signal, it's possible the bluetooth controller
probes before the clock provider. clk_get would return a defer probe
error, which was not handled by this driver.

Handle this properly, so that these systems can work reliably.

Tested-by: Ondrej Jirman <megous@megous.com>
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/bluetooth/hci_bcm.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c
index ddbd8c6a0ceb..800132369134 100644
--- a/drivers/bluetooth/hci_bcm.c
+++ b/drivers/bluetooth/hci_bcm.c
@@ -907,6 +907,10 @@ static int bcm_get_resources(struct bcm_device *dev)
 
 	dev->clk = devm_clk_get(dev->dev, NULL);
 
+	/* Handle deferred probing */
+	if (dev->clk == ERR_PTR(-EPROBE_DEFER))
+		return PTR_ERR(dev->clk);
+
 	dev->device_wakeup = devm_gpiod_get_optional(dev->dev, "device-wakeup",
 						     GPIOD_OUT_LOW);
 	if (IS_ERR(dev->device_wakeup))
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 185/258] drm/amd/display: fix YCbCr420 blank color
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (182 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 184/258] Bluetooth: hci_bcm: Handle deferred probing for the clock supply Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 186/258] powerpc/uaccess: fix warning/error with access_ok() Sasha Levin
                   ` (72 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Eric Yang, Alex Deucher, Sasha Levin, amd-gfx, dri-devel

From: Eric Yang <Eric.Yang2@amd.com>

[ Upstream commit 12750d1647f118496f1da727146f255f5e44d500 ]

[Why]
YCbCr420 packing format uses two chanels for luma, and 1
channel for both chroma component. Our previous implementation
did not account for this and results in every other pixel having
very high luma value, showing greyish color instead of black.

YCbCr444 = <Y1, Cb1, Cr1>; <Y2, Cb2, Cr2> .....
YCbCr420 = <Y1, Y2,  Cb1>; <Y3, Y4,  Cr1> .....

[How]
Program the second channel with the black color value for luma
as well.

Signed-off-by: Eric Yang <Eric.Yang2@amd.com>
Reviewed-by: Hugo Hu <Hugo.Hu@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../drm/amd/display/dc/dce110/dce110_hw_sequencer.c   | 11 ++++++++++-
 .../gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c |  9 +++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
index 0941f3c689bc..580e7e82034f 100644
--- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c
@@ -1268,10 +1268,19 @@ static void program_scaler(const struct dc *dc,
 		pipe_ctx->plane_res.scl_data.lb_params.depth,
 		&pipe_ctx->stream->bit_depth_params);
 
-	if (pipe_ctx->stream_res.tg->funcs->set_overscan_blank_color)
+	if (pipe_ctx->stream_res.tg->funcs->set_overscan_blank_color) {
+		/*
+		 * The way 420 is packed, 2 channels carry Y component, 1 channel
+		 * alternate between Cb and Cr, so both channels need the pixel
+		 * value for Y
+		 */
+		if (pipe_ctx->stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420)
+			color.color_r_cr = color.color_g_y;
+
 		pipe_ctx->stream_res.tg->funcs->set_overscan_blank_color(
 				pipe_ctx->stream_res.tg,
 				&color);
+	}
 
 	pipe_ctx->plane_res.xfm->funcs->transform_set_scaler(pipe_ctx->plane_res.xfm,
 		&pipe_ctx->plane_res.scl_data);
diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
index 33a9d0c58966..4058b59d9bea 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c
@@ -2121,6 +2121,15 @@ static void dcn10_blank_pixel_data(
 	color_space = stream->output_color_space;
 	color_space_to_black_color(dc, color_space, &black_color);
 
+	/*
+	 * The way 420 is packed, 2 channels carry Y component, 1 channel
+	 * alternate between Cb and Cr, so both channels need the pixel
+	 * value for Y
+	 */
+	if (stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420)
+		black_color.color_r_cr = black_color.color_g_y;
+
+
 	if (stream_res->tg->funcs->set_blank_color)
 		stream_res->tg->funcs->set_blank_color(
 				stream_res->tg,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 186/258] powerpc/uaccess: fix warning/error with access_ok()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (183 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 185/258] drm/amd/display: fix YCbCr420 blank color Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 187/258] mac80211: fix radiotap vendor presence bitmap handling Sasha Levin
                   ` (71 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Christophe Leroy, Michael Ellerman, Sasha Levin, linuxppc-dev

From: Christophe Leroy <christophe.leroy@c-s.fr>

[ Upstream commit 05a4ab823983d9136a460b7b5e0d49ee709a6f86 ]

With the following piece of code, the following compilation warning
is encountered:

	if (_IOC_DIR(ioc) != _IOC_NONE) {
		int verify = _IOC_DIR(ioc) & _IOC_READ ? VERIFY_WRITE : VERIFY_READ;

		if (!access_ok(verify, ioarg, _IOC_SIZE(ioc))) {

drivers/platform/test/dev.c: In function 'my_ioctl':
drivers/platform/test/dev.c:219:7: warning: unused variable 'verify' [-Wunused-variable]
   int verify = _IOC_DIR(ioc) & _IOC_READ ? VERIFY_WRITE : VERIFY_READ;

This patch fixes it by referencing 'type' in the macro allthough
doing nothing with it.

Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/include/asm/uaccess.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
index bac225bb7f64..23bea99bf8d5 100644
--- a/arch/powerpc/include/asm/uaccess.h
+++ b/arch/powerpc/include/asm/uaccess.h
@@ -63,7 +63,7 @@ static inline int __access_ok(unsigned long addr, unsigned long size,
 #endif
 
 #define access_ok(type, addr, size)		\
-	(__chk_user_ptr(addr),			\
+	(__chk_user_ptr(addr), (void)(type),		\
 	 __access_ok((__force unsigned long)(addr), (size), get_fs()))
 
 /*
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 187/258] mac80211: fix radiotap vendor presence bitmap handling
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (184 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 186/258] powerpc/uaccess: fix warning/error with access_ok() Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 188/258] xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi Sasha Levin
                   ` (70 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Johannes Berg, Luca Coelho, Sasha Levin, linux-wireless, netdev

From: Johannes Berg <johannes.berg@intel.com>

[ Upstream commit efc38dd7d5fa5c8cdd0c917c5d00947aa0539443 ]

Due to the alignment handling, it actually matters where in the code
we add the 4 bytes for the presence bitmap to the length; the first
field is the timestamp with 8 byte alignment so we need to add the
space for the extra vendor namespace presence bitmap *before* we do
any alignment for the fields.

Move the presence bitmap length accounting to the right place to fix
the alignment for the data properly.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/mac80211/rx.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 5e2b4a41acf1..51ad330bf8e8 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -142,6 +142,9 @@ ieee80211_rx_radiotap_hdrlen(struct ieee80211_local *local,
 	/* allocate extra bitmaps */
 	if (status->chains)
 		len += 4 * hweight8(status->chains);
+	/* vendor presence bitmap */
+	if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA)
+		len += 4;
 
 	if (ieee80211_have_rx_timestamp(status)) {
 		len = ALIGN(len, 8);
@@ -197,8 +200,6 @@ ieee80211_rx_radiotap_hdrlen(struct ieee80211_local *local,
 	if (status->flag & RX_FLAG_RADIOTAP_VENDOR_DATA) {
 		struct ieee80211_vendor_radiotap *rtap = (void *)skb->data;
 
-		/* vendor presence bitmap */
-		len += 4;
 		/* alignment for fixed 6-byte vendor data header */
 		len = ALIGN(len, 2);
 		/* vendor data header */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 188/258] xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (185 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 187/258] mac80211: fix radiotap vendor presence bitmap handling Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 189/258] mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG Sasha Levin
                   ` (69 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: YueHaibing, Steffen Klassert, Sasha Levin, netdev

From: YueHaibing <yuehaibing@huawei.com>

[ Upstream commit fa89a4593b927b3f59c3b69379f31d3b22272e4e ]

gcc warn this:

net/ipv6/xfrm6_tunnel.c:143 __xfrm6_tunnel_alloc_spi() warn:
 always true condition '(spi <= 4294967295) => (0-u32max <= u32max)'

'spi' is u32, which always not greater than XFRM6_TUNNEL_SPI_MAX
because of wrap around. So the second forloop will never reach.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv6/xfrm6_tunnel.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index 4a46df8441c9..f5b4febeaa25 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -144,6 +144,9 @@ static u32 __xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr)
 		index = __xfrm6_tunnel_spi_check(net, spi);
 		if (index >= 0)
 			goto alloc_spi;
+
+		if (spi == XFRM6_TUNNEL_SPI_MAX)
+			break;
 	}
 	for (spi = XFRM6_TUNNEL_SPI_MIN; spi < xfrm6_tn->spi; spi++) {
 		index = __xfrm6_tunnel_spi_check(net, spi);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 189/258] mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (186 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 188/258] xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 190/258] scsi: smartpqi: correct host serial num for ssa Sasha Levin
                   ` (68 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Ido Schimmel, David S . Miller, Sasha Levin, netdev

From: Ido Schimmel <idosch@mellanox.com>

[ Upstream commit be2d6f421f680e01d58f7cd452646e0d8586d49b ]

When a LAG device or a VLAN device on top of it is enslaved to a bridge,
the driver propagates the CHANGEUPPER event to the LAG's slaves.

This causes each physical port to increase the reference count of the
internal representation of the bridge port by calling
mlxsw_sp_port_bridge_join().

However, when a port is removed from a LAG, the corresponding leave()
function is not called and the reference count is not decremented. This
leads to ugly hacks such as mlxsw_sp_bridge_port_should_destroy() that
try to understand if the bridge port should be destroyed even when its
reference count is not 0.

Instead, make sure that when a port is unlinked from a LAG it would see
the same events as if the LAG (or its uppers) were unlinked from a
bridge.

The above is achieved by walking the LAG's uppers when a port is
unlinked and calling mlxsw_sp_port_bridge_leave() for each upper that is
enslaved to a bridge.

Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 .../net/ethernet/mellanox/mlxsw/spectrum.c    | 23 ++++++++++++++++
 .../mellanox/mlxsw/spectrum_switchdev.c       | 27 +------------------
 2 files changed, 24 insertions(+), 26 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
index de821a9fdfaf..d64cd8d44d83 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c
@@ -4235,6 +4235,25 @@ void mlxsw_sp_port_dev_put(struct mlxsw_sp_port *mlxsw_sp_port)
 	dev_put(mlxsw_sp_port->dev);
 }
 
+static void
+mlxsw_sp_port_lag_uppers_cleanup(struct mlxsw_sp_port *mlxsw_sp_port,
+				 struct net_device *lag_dev)
+{
+	struct net_device *br_dev = netdev_master_upper_dev_get(lag_dev);
+	struct net_device *upper_dev;
+	struct list_head *iter;
+
+	if (netif_is_bridge_port(lag_dev))
+		mlxsw_sp_port_bridge_leave(mlxsw_sp_port, lag_dev, br_dev);
+
+	netdev_for_each_upper_dev_rcu(lag_dev, upper_dev, iter) {
+		if (!netif_is_bridge_port(upper_dev))
+			continue;
+		br_dev = netdev_master_upper_dev_get(upper_dev);
+		mlxsw_sp_port_bridge_leave(mlxsw_sp_port, upper_dev, br_dev);
+	}
+}
+
 static int mlxsw_sp_lag_create(struct mlxsw_sp *mlxsw_sp, u16 lag_id)
 {
 	char sldr_pl[MLXSW_REG_SLDR_LEN];
@@ -4427,6 +4446,10 @@ static void mlxsw_sp_port_lag_leave(struct mlxsw_sp_port *mlxsw_sp_port,
 
 	/* Any VLANs configured on the port are no longer valid */
 	mlxsw_sp_port_vlan_flush(mlxsw_sp_port);
+	/* Make the LAG and its directly linked uppers leave bridges they
+	 * are memeber in
+	 */
+	mlxsw_sp_port_lag_uppers_cleanup(mlxsw_sp_port, lag_dev);
 
 	if (lag->ref_count == 1)
 		mlxsw_sp_lag_destroy(mlxsw_sp, lag_id);
diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
index 0d9ea37c5d21..cdec48bcc6ad 100644
--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
+++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c
@@ -282,30 +282,6 @@ mlxsw_sp_bridge_port_destroy(struct mlxsw_sp_bridge_port *bridge_port)
 	kfree(bridge_port);
 }
 
-static bool
-mlxsw_sp_bridge_port_should_destroy(const struct mlxsw_sp_bridge_port *
-				    bridge_port)
-{
-	struct net_device *dev = bridge_port->dev;
-	struct mlxsw_sp *mlxsw_sp;
-
-	if (is_vlan_dev(dev))
-		mlxsw_sp = mlxsw_sp_lower_get(vlan_dev_real_dev(dev));
-	else
-		mlxsw_sp = mlxsw_sp_lower_get(dev);
-
-	/* In case ports were pulled from out of a bridged LAG, then
-	 * it's possible the reference count isn't zero, yet the bridge
-	 * port should be destroyed, as it's no longer an upper of ours.
-	 */
-	if (!mlxsw_sp && list_empty(&bridge_port->vlans_list))
-		return true;
-	else if (bridge_port->ref_count == 0)
-		return true;
-	else
-		return false;
-}
-
 static struct mlxsw_sp_bridge_port *
 mlxsw_sp_bridge_port_get(struct mlxsw_sp_bridge *bridge,
 			 struct net_device *brport_dev)
@@ -343,8 +319,7 @@ static void mlxsw_sp_bridge_port_put(struct mlxsw_sp_bridge *bridge,
 {
 	struct mlxsw_sp_bridge_device *bridge_device;
 
-	bridge_port->ref_count--;
-	if (!mlxsw_sp_bridge_port_should_destroy(bridge_port))
+	if (--bridge_port->ref_count != 0)
 		return;
 	bridge_device = bridge_port->bridge_device;
 	mlxsw_sp_bridge_port_destroy(bridge_port);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 190/258] scsi: smartpqi: correct host serial num for ssa
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (187 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 189/258] mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 191/258] scsi: smartpqi: correct volume status Sasha Levin
                   ` (67 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Mahesh Rajashekhara, Don Brace, Martin K . Petersen, Sasha Levin,
	esc.storagedev, linux-scsi

From: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>

[ Upstream commit b2346b5030cf9458f30a84028d9fe904b8c942a7 ]

Reviewed-by: Scott Benesh <scott.benesh@microsemi.com>
Reviewed-by: Ajish Koshy <ajish.koshy@microsemi.com>
Reviewed-by: Murthy Bhat <murthy.bhat@microsemi.com>
Reviewed-by: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
Reviewed-by: Dave Carroll <david.carroll@microsemi.com>
Reviewed-by: Scott Teel <scott.teel@microsemi.com>
Reviewed-by: Kevin Barnett <kevin.barnett@microsemi.com>
Signed-off-by: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
Signed-off-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/smartpqi/smartpqi_init.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index 8c1a232ac6bf..58eb0d31d8d9 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -653,6 +653,7 @@ struct bmic_host_wellness_driver_version {
 	u8	driver_version_tag[2];
 	__le16	driver_version_length;
 	char	driver_version[32];
+	u8	dont_write_tag[2];
 	u8	end_tag[2];
 };
 
@@ -682,6 +683,8 @@ static int pqi_write_driver_version_to_host_wellness(
 	strncpy(buffer->driver_version, "Linux " DRIVER_VERSION,
 		sizeof(buffer->driver_version) - 1);
 	buffer->driver_version[sizeof(buffer->driver_version) - 1] = '\0';
+	buffer->dont_write_tag[0] = 'D';
+	buffer->dont_write_tag[1] = 'W';
 	buffer->end_tag[0] = 'Z';
 	buffer->end_tag[1] = 'Z';
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 191/258] scsi: smartpqi: correct volume status
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (188 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 190/258] scsi: smartpqi: correct host serial num for ssa Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 192/258] scsi: smartpqi: increase fw status register read timeout Sasha Levin
                   ` (66 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Dave Carroll, Don Brace, Martin K . Petersen, Sasha Levin,
	esc.storagedev, linux-scsi

From: Dave Carroll <david.carroll@microsemi.com>

[ Upstream commit 7ff44499bafbd376115f0bb6b578d980f56ee13b ]

- fix race condition when a unit is deleted after an RLL,
  and before we have gotten the LV_STATUS page of the unit.
  - In this case we will get a standard inquiry, rather than
    the desired page.  This will result in a unit presented
    which no longer exists.
  - If we ask for LV_STATUS, insure we get LV_STATUS

Reviewed-by: Murthy Bhat <murthy.bhat@microsemi.com>
Reviewed-by: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
Reviewed-by: Scott Teel <scott.teel@microsemi.com>
Reviewed-by: Kevin Barnett <kevin.barnett@microsemi.com>
Signed-off-by: Dave Carroll <david.carroll@microsemi.com>
Signed-off-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/smartpqi/smartpqi_init.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smartpqi_init.c
index 58eb0d31d8d9..3781e8109dd7 100644
--- a/drivers/scsi/smartpqi/smartpqi_init.c
+++ b/drivers/scsi/smartpqi/smartpqi_init.c
@@ -1184,6 +1184,9 @@ static void pqi_get_volume_status(struct pqi_ctrl_info *ctrl_info,
 	if (rc)
 		goto out;
 
+	if (vpd->page_code != CISS_VPD_LV_STATUS)
+		goto out;
+
 	page_length = offsetof(struct ciss_vpd_logical_volume_status,
 		volume_status) + vpd->page_length;
 	if (page_length < sizeof(*vpd))
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 192/258] scsi: smartpqi: increase fw status register read timeout
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (189 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 191/258] scsi: smartpqi: correct volume status Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 193/258] cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() Sasha Levin
                   ` (65 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Mahesh Rajashekhara, Don Brace, Martin K . Petersen, Sasha Levin,
	esc.storagedev, linux-scsi

From: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>

[ Upstream commit 65111785acccb836ec75263b03b0e33f21e74f47 ]

Problem:
 - during the driver initialization, driver will poll fw
   for KERNEL_UP in a 30 seconds timeout.

 - if the firmware is not ready after 30 seconds,
   driver will not be loaded.

Fix:
 - change timeout from 30 seconds to 3 minutes.

Reported-by: Feng Li <lifeng1519@gmail.com>
Reviewed-by: Ajish Koshy <ajish.koshy@microsemi.com>
Reviewed-by: Murthy Bhat <Murthy.Bhat@microsemi.com>
Reviewed-by: Dave Carroll <david.carroll@microsemi.com>
Reviewed-by: Kevin Barnett <kevin.barnett@microsemi.com>
Signed-off-by: Mahesh Rajashekhara <mahesh.rajashekhara@microsemi.com>
Signed-off-by: Don Brace <don.brace@microsemi.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/scsi/smartpqi/smartpqi_sis.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/smartpqi/smartpqi_sis.c b/drivers/scsi/smartpqi/smartpqi_sis.c
index 5141bd4c9f06..ca7dfb3a520f 100644
--- a/drivers/scsi/smartpqi/smartpqi_sis.c
+++ b/drivers/scsi/smartpqi/smartpqi_sis.c
@@ -59,7 +59,7 @@
 
 #define SIS_CTRL_KERNEL_UP			0x80
 #define SIS_CTRL_KERNEL_PANIC			0x100
-#define SIS_CTRL_READY_TIMEOUT_SECS		30
+#define SIS_CTRL_READY_TIMEOUT_SECS		180
 #define SIS_CTRL_READY_RESUME_TIMEOUT_SECS	90
 #define SIS_CTRL_READY_POLL_INTERVAL_MSECS	10
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 193/258] cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (190 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 192/258] scsi: smartpqi: increase fw status register read timeout Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 194/258] net: hns3: add max vector number check for pf Sasha Levin
                   ` (64 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jia-Ju Bai, Kalle Valo, Sasha Levin, linux-wireless, netdev

From: Jia-Ju Bai <baijiaju1990@gmail.com>

[ Upstream commit 4f68ef64cd7feb1220232bd8f501d8aad340a099 ]

The function cw1200_bss_info_changed() and cw1200_hw_scan() can be
concurrently executed.
The two functions both access a possible shared variable "frame.skb".

This shared variable is freed by dev_kfree_skb() in cw1200_upload_beacon(),
which is called by cw1200_bss_info_changed(). The free operation is
protected by a mutex lock "priv->conf_mutex" in cw1200_bss_info_changed().

In cw1200_hw_scan(), this shared variable is accessed without the
protection of the mutex lock "priv->conf_mutex".
Thus, concurrency use-after-free bugs may occur.

To fix these bugs, the original calls to mutex_lock(&priv->conf_mutex) and
mutex_unlock(&priv->conf_mutex) are moved to the places, which can
protect the accesses to the shared variable.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/st/cw1200/scan.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/drivers/net/wireless/st/cw1200/scan.c b/drivers/net/wireless/st/cw1200/scan.c
index 67213f11acbd..0a9eac93dd01 100644
--- a/drivers/net/wireless/st/cw1200/scan.c
+++ b/drivers/net/wireless/st/cw1200/scan.c
@@ -78,6 +78,10 @@ int cw1200_hw_scan(struct ieee80211_hw *hw,
 	if (req->n_ssids > WSM_SCAN_MAX_NUM_OF_SSIDS)
 		return -EINVAL;
 
+	/* will be unlocked in cw1200_scan_work() */
+	down(&priv->scan.lock);
+	mutex_lock(&priv->conf_mutex);
+
 	frame.skb = ieee80211_probereq_get(hw, priv->vif->addr, NULL, 0,
 		req->ie_len);
 	if (!frame.skb)
@@ -86,19 +90,15 @@ int cw1200_hw_scan(struct ieee80211_hw *hw,
 	if (req->ie_len)
 		skb_put_data(frame.skb, req->ie, req->ie_len);
 
-	/* will be unlocked in cw1200_scan_work() */
-	down(&priv->scan.lock);
-	mutex_lock(&priv->conf_mutex);
-
 	ret = wsm_set_template_frame(priv, &frame);
 	if (!ret) {
 		/* Host want to be the probe responder. */
 		ret = wsm_set_probe_responder(priv, true);
 	}
 	if (ret) {
+		dev_kfree_skb(frame.skb);
 		mutex_unlock(&priv->conf_mutex);
 		up(&priv->scan.lock);
-		dev_kfree_skb(frame.skb);
 		return ret;
 	}
 
@@ -120,10 +120,9 @@ int cw1200_hw_scan(struct ieee80211_hw *hw,
 		++priv->scan.n_ssids;
 	}
 
-	mutex_unlock(&priv->conf_mutex);
-
 	if (frame.skb)
 		dev_kfree_skb(frame.skb);
+	mutex_unlock(&priv->conf_mutex);
 	queue_work(priv->workqueue, &priv->scan.work);
 	return 0;
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 194/258] net: hns3: add max vector number check for pf
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (191 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 193/258] cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 195/258] powerpc/perf: Fix thresholding counter data for unknown type Sasha Levin
                   ` (63 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jian Shen, Peng Li, David S . Miller, Sasha Levin, netdev

From: Jian Shen <shenjian15@huawei.com>

[ Upstream commit 75edb610860fda65ceedb017fc69afabd2806b8b ]

Each pf supports max 64 vectors and 128 tqps. For 2p/4p core scenario,
there may be more than 64 cpus online. So the result of min_t(u16,
num_Online_cpus(), tqp_num) may be more than 64. This patch adds check
for the vector number.

Fixes: dd38c72604dc ("net: hns3: fix for coalesce configuration lost during reset")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index d5f15d8d18a9..0ccfa6a84535 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -2691,6 +2691,8 @@ static int hns3_nic_init_vector_data(struct hns3_nic_priv *priv)
 
 static int hns3_nic_alloc_vector_data(struct hns3_nic_priv *priv)
 {
+#define HNS3_VECTOR_PF_MAX_NUM		64
+
 	struct hnae3_handle *h = priv->ae_handle;
 	struct hns3_enet_tqp_vector *tqp_vector;
 	struct hnae3_vector_info *vector;
@@ -2703,6 +2705,8 @@ static int hns3_nic_alloc_vector_data(struct hns3_nic_priv *priv)
 	/* RSS size, cpu online and vector_num should be the same */
 	/* Should consider 2p/4p later */
 	vector_num = min_t(u16, num_online_cpus(), tqp_num);
+	vector_num = min_t(u16, vector_num, HNS3_VECTOR_PF_MAX_NUM);
+
 	vector = devm_kcalloc(&pdev->dev, vector_num, sizeof(*vector),
 			      GFP_KERNEL);
 	if (!vector)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 195/258] powerpc/perf: Fix thresholding counter data for unknown type
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (192 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 194/258] net: hns3: add max vector number check for pf Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 196/258] iwlwifi: mvm: fix setting HE ppe FW config Sasha Levin
                   ` (62 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Madhavan Srinivasan, Michael Ellerman, Sasha Levin, linuxppc-dev

From: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>

[ Upstream commit 17cfccc91545682513541924245abb876d296063 ]

MMCRA[34:36] and MMCRA[38:44] expose the thresholding counter value.
Thresholding counter can be used to count latency cycles such as
load miss to reload. But threshold counter value is not relevant
when the sampled instruction type is unknown or reserved. Patch to
fix the thresholding counter value to zero when sampled instruction
type is unknown or reserved.

Fixes: 170a315f41c6('powerpc/perf: Support to export MMCRA[TEC*] field to userspace')
Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/perf/isa207-common.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/perf/isa207-common.c b/arch/powerpc/perf/isa207-common.c
index 177de814286f..6a2f65d3d088 100644
--- a/arch/powerpc/perf/isa207-common.c
+++ b/arch/powerpc/perf/isa207-common.c
@@ -226,8 +226,13 @@ void isa207_get_mem_weight(u64 *weight)
 	u64 mmcra = mfspr(SPRN_MMCRA);
 	u64 exp = MMCRA_THR_CTR_EXP(mmcra);
 	u64 mantissa = MMCRA_THR_CTR_MANT(mmcra);
+	u64 sier = mfspr(SPRN_SIER);
+	u64 val = (sier & ISA207_SIER_TYPE_MASK) >> ISA207_SIER_TYPE_SHIFT;
 
-	*weight = mantissa << (2 * exp);
+	if (val == 0 || val == 7)
+		*weight = 0;
+	else
+		*weight = mantissa << (2 * exp);
 }
 
 int isa207_get_constraint(u64 event, unsigned long *maskp, unsigned long *valp)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 196/258] iwlwifi: mvm: fix setting HE ppe FW config
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (193 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 195/258] powerpc/perf: Fix thresholding counter data for unknown type Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 197/258] powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand Sasha Levin
                   ` (61 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Naftali Goldstein, Luca Coelho, Kalle Valo, Sasha Levin,
	linux-wireless, netdev

From: Naftali Goldstein <naftali.goldstein@intel.com>

[ Upstream commit 189b8d441b0f7825f0b4278851c52afaa0515ed2 ]

The FW expects to get the ppe value for each NSS-BW pair in the same
format as in the he phy capabilities IE, which means that a value of 0
implies ppe should be used for BPSK (mcs 0). If there are no PPE
thresholds in the IE, or if for some NSS-RU pair there's no threshold
set for it (this could happen because it's a variable-sized field), it
means no PPE should not be used for that pair, so the value sent to FW
should be 7 which corresponds to "none".

Fixes: 514c30696fbc ("iwlwifi: add support for IEEE802.11ax")
Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/wireless/intel/iwlwifi/fw/api/mac.h   | 2 +-
 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/net/wireless/intel/iwlwifi/fw/api/mac.h b/drivers/net/wireless/intel/iwlwifi/fw/api/mac.h
index 55594c93b014..47dbd2d3e3b4 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/api/mac.h
+++ b/drivers/net/wireless/intel/iwlwifi/fw/api/mac.h
@@ -442,7 +442,7 @@ struct iwl_he_backoff_conf {
  * Support for Nss x BW (or RU) matrix:
  *	(0=SISO, 1=MIMO2) x (0-20MHz, 1-40MHz, 2-80MHz, 3-160MHz)
  * Each entry contains 2 QAM thresholds for 8us and 16us:
- *	0=BPSK, 1=QPSK, 2=16QAM, 3=64QAM, 4=256QAM, 5=1024QAM, 6/7=RES
+ *	0=BPSK, 1=QPSK, 2=16QAM, 3=64QAM, 4=256QAM, 5=1024QAM, 6=RES, 7=NONE
  * i.e. QAM_th1 < QAM_th2 such if TX uses QAM_tx:
  *	QAM_tx < QAM_th1            --> PPE=0us
  *	QAM_th1 <= QAM_tx < QAM_th2 --> PPE=8us
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
index 9a764af30f36..0f357e8c4f94 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -1997,7 +1997,13 @@ static void iwl_mvm_cfg_he_sta(struct iwl_mvm *mvm,
 	if (sta->he_cap.he_cap_elem.mac_cap_info[4] & IEEE80211_HE_MAC_CAP4_BQR)
 		sta_ctxt_cmd.htc_flags |= cpu_to_le32(IWL_HE_HTC_BQR_SUPP);
 
-	/* If PPE Thresholds exist, parse them into a FW-familiar format */
+	/*
+	 * Initialize the PPE thresholds to "None" (7), as described in Table
+	 * 9-262ac of 80211.ax/D3.0.
+	 */
+	memset(&sta_ctxt_cmd.pkt_ext, 7, sizeof(sta_ctxt_cmd.pkt_ext));
+
+	/* If PPE Thresholds exist, parse them into a FW-familiar format. */
 	if (sta->he_cap.he_cap_elem.phy_cap_info[6] &
 	    IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT) {
 		u8 nss = (sta->he_cap.ppe_thres[0] &
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 197/258] powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (194 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 196/258] iwlwifi: mvm: fix setting HE ppe FW config Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 198/258] mlx5: update timecounter at least twice per counter overflow Sasha Levin
                   ` (60 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexey Kardashevskiy, Michael Ellerman, Sasha Levin, linuxppc-dev

From: Alexey Kardashevskiy <aik@ozlabs.ru>

[ Upstream commit bdbf649efe21173cae63b4b71db84176420f9039 ]

The powernv platform maintains 2 TCE tables for VFIO - a hardware TCE
table and a table with userspace addresses; the latter is used for
marking pages dirty when corresponging TCEs are unmapped from
the hardware table.

a68bd1267b72 ("powerpc/powernv/ioda: Allocate indirect TCE levels
on demand") enabled on-demand allocation of the hardware table,
however it missed the other table so it has still been fully allocated
at the boot time. This fixes the issue by allocating a single level,
just like we do for the hardware table.

Fixes: a68bd1267b72 ("powerpc/powernv/ioda: Allocate indirect TCE levels on demand")
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/platforms/powernv/pci-ioda-tce.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/platforms/powernv/pci-ioda-tce.c b/arch/powerpc/platforms/powernv/pci-ioda-tce.c
index fe9691040f54..7639b2168755 100644
--- a/arch/powerpc/platforms/powernv/pci-ioda-tce.c
+++ b/arch/powerpc/platforms/powernv/pci-ioda-tce.c
@@ -299,7 +299,7 @@ long pnv_pci_ioda2_table_alloc_pages(int nid, __u64 bus_offset,
 	if (alloc_userspace_copy) {
 		offset = 0;
 		uas = pnv_pci_ioda2_table_do_alloc_pages(nid, level_shift,
-				levels, tce_table_size, &offset,
+				tmplevels, tce_table_size, &offset,
 				&total_allocated_uas);
 		if (!uas)
 			goto free_tces_exit;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 198/258] mlx5: update timecounter at least twice per counter overflow
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (195 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 197/258] powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 199/258] drbd: narrow rcu_read_lock in drbd_sync_handshake Sasha Levin
                   ` (59 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Miroslav Lichvar, Richard Cochran, Ariel Levkovich,
	Saeed Mahameed, Sasha Levin, netdev, linux-rdma

From: Miroslav Lichvar <mlichvar@redhat.com>

[ Upstream commit 5d8678365c90b9ce1fd2243ff5ea562609f6cec1 ]

The timecounter needs to be updated at least once in half of the
cyclecounter interval to prevent timecounter_cyc2time() interpreting a
new timestamp as an old value and causing a backward jump.

This would be an issue if the timecounter multiplier was so small that
the update interval would not be limited by the 64-bit overflow in
multiplication.

Shorten the calculated interval to make sure the timecounter is updated
in time even when the system clock is slowed down by up to 10%, the
multiplier is increased by up to 10%, and the scheduled overflow check
is late by 15%.

Cc: Richard Cochran <richardcochran@gmail.com>
Cc: Ariel Levkovich <lariel@mellanox.com>
Cc: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
index 3f767cde4c1d..54f1a40a68ed 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
@@ -511,14 +511,14 @@ void mlx5_init_clock(struct mlx5_core_dev *mdev)
 			 ktime_to_ns(ktime_get_real()));
 
 	/* Calculate period in seconds to call the overflow watchdog - to make
-	 * sure counter is checked at least once every wrap around.
+	 * sure counter is checked at least twice every wrap around.
 	 * The period is calculated as the minimum between max HW cycles count
 	 * (The clock source mask) and max amount of cycles that can be
 	 * multiplied by clock multiplier where the result doesn't exceed
 	 * 64bits.
 	 */
 	overflow_cycles = div64_u64(~0ULL >> 1, clock->cycles.mult);
-	overflow_cycles = min(overflow_cycles, clock->cycles.mask >> 1);
+	overflow_cycles = min(overflow_cycles, div_u64(clock->cycles.mask, 3));
 
 	ns = cyclecounter_cyc2ns(&clock->cycles, overflow_cycles,
 				 frac, &frac);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 199/258] drbd: narrow rcu_read_lock in drbd_sync_handshake
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (196 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 198/258] mlx5: update timecounter at least twice per counter overflow Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 200/258] drbd: disconnect, if the wrong UUIDs are attached on a connected peer Sasha Levin
                   ` (58 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Roland Kammerer, Jens Axboe, Sasha Levin, drbd-dev, linux-block

From: Roland Kammerer <roland.kammerer@linbit.com>

[ Upstream commit d29e89e34952a9ad02c77109c71a80043544296e ]

So far there was the possibility that we called
genlmsg_new(GFP_NOIO)/mutex_lock() while holding an rcu_read_lock().

This included cases like:

drbd_sync_handshake (acquire the RCU lock)
  drbd_asb_recover_1p
    drbd_khelper
      drbd_bcast_event
        genlmsg_new(GFP_NOIO) --> may sleep

drbd_sync_handshake (acquire the RCU lock)
  drbd_asb_recover_1p
    drbd_khelper
      notify_helper
        genlmsg_new(GFP_NOIO) --> may sleep

drbd_sync_handshake (acquire the RCU lock)
  drbd_asb_recover_1p
    drbd_khelper
      notify_helper
        mutex_lock --> may sleep

While using GFP_ATOMIC whould have been possible in the first two cases,
the real fix is to narrow the rcu_read_lock.

Reported-by: Jia-Ju Bai <baijiaju1990@163.com>
Reviewed-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Roland Kammerer <roland.kammerer@linbit.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/drbd/drbd_receiver.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index 75f6b47169e6..45ac5fe288e4 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -3364,7 +3364,7 @@ static enum drbd_conns drbd_sync_handshake(struct drbd_peer_device *peer_device,
 	enum drbd_conns rv = C_MASK;
 	enum drbd_disk_state mydisk;
 	struct net_conf *nc;
-	int hg, rule_nr, rr_conflict, tentative;
+	int hg, rule_nr, rr_conflict, tentative, always_asbp;
 
 	mydisk = device->state.disk;
 	if (mydisk == D_NEGOTIATING)
@@ -3415,8 +3415,12 @@ static enum drbd_conns drbd_sync_handshake(struct drbd_peer_device *peer_device,
 
 	rcu_read_lock();
 	nc = rcu_dereference(peer_device->connection->net_conf);
+	always_asbp = nc->always_asbp;
+	rr_conflict = nc->rr_conflict;
+	tentative = nc->tentative;
+	rcu_read_unlock();
 
-	if (hg == 100 || (hg == -100 && nc->always_asbp)) {
+	if (hg == 100 || (hg == -100 && always_asbp)) {
 		int pcount = (device->state.role == R_PRIMARY)
 			   + (peer_role == R_PRIMARY);
 		int forced = (hg == -100);
@@ -3455,9 +3459,6 @@ static enum drbd_conns drbd_sync_handshake(struct drbd_peer_device *peer_device,
 			     "Sync from %s node\n",
 			     (hg < 0) ? "peer" : "this");
 	}
-	rr_conflict = nc->rr_conflict;
-	tentative = nc->tentative;
-	rcu_read_unlock();
 
 	if (hg == -100) {
 		/* FIXME this log message is not correct if we end up here
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 200/258] drbd: disconnect, if the wrong UUIDs are attached on a connected peer
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (197 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 199/258] drbd: narrow rcu_read_lock in drbd_sync_handshake Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 201/258] drbd: skip spurious timeout (ping-timeo) when failing promote Sasha Levin
                   ` (57 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lars Ellenberg, Jens Axboe, Sasha Levin, drbd-dev, linux-block

From: Lars Ellenberg <lars.ellenberg@linbit.com>

[ Upstream commit b17b59602b6dcf8f97a7dc7bc489a48388d7063a ]

With "on-no-data-accessible suspend-io", DRBD requires the next attach
or connect to be to the very same data generation uuid tag it lost last.

If we first lost connection to the peer,
then later lost connection to our own disk,
we would usually refuse to re-connect to the peer,
because it presents the wrong data set.

However, if the peer first connects without a disk,
and then attached its disk, we accepted that same wrong data set,
which would be "unexpected" by any user of that DRBD
and cause "undefined results" (read: very likely data corruption).

The fix is to forcefully disconnect as soon as we notice that the peer
attached to the "wrong" dataset.

Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/drbd/drbd_receiver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
index 45ac5fe288e4..cb919b964066 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -4142,7 +4142,7 @@ static int receive_uuids(struct drbd_connection *connection, struct packet_info
 	kfree(device->p_uuid);
 	device->p_uuid = p_uuid;
 
-	if (device->state.conn < C_CONNECTED &&
+	if ((device->state.conn < C_CONNECTED || device->state.pdsk == D_DISKLESS) &&
 	    device->state.disk < D_INCONSISTENT &&
 	    device->state.role == R_PRIMARY &&
 	    (device->ed_uuid & ~((u64)1)) != (p_uuid[UI_CURRENT] & ~((u64)1))) {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 201/258] drbd: skip spurious timeout (ping-timeo) when failing promote
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (198 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 200/258] drbd: disconnect, if the wrong UUIDs are attached on a connected peer Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 202/258] drbd: Avoid Clang warning about pointless switch statment Sasha Levin
                   ` (56 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lars Ellenberg, Jens Axboe, Sasha Levin, drbd-dev, linux-block

From: Lars Ellenberg <lars.ellenberg@linbit.com>

[ Upstream commit 9848b6ddd8c92305252f94592c5e278574e7a6ac ]

If you try to promote a Secondary while connected to a Primary
and allow-two-primaries is NOT set, we will wait for "ping-timeout"
to give this node a chance to detect a dead primary,
in case the cluster manager noticed faster than we did.

But if we then are *still* connected to a Primary,
we fail (after an additional timeout of ping-timout).

This change skips the spurious second timeout.

Most people won't notice really,
since "ping-timeout" by default is half a second.

But in some installations, ping-timeout may be 10 or 20 seconds or more,
and spuriously delaying the error return becomes annoying.

Signed-off-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/drbd/drbd_nl.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
index b4f02768ba47..319fabdd63a3 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -668,14 +668,15 @@ drbd_set_role(struct drbd_device *const device, enum drbd_role new_role, int for
 		if (rv == SS_TWO_PRIMARIES) {
 			/* Maybe the peer is detected as dead very soon...
 			   retry at most once more in this case. */
-			int timeo;
-			rcu_read_lock();
-			nc = rcu_dereference(connection->net_conf);
-			timeo = nc ? (nc->ping_timeo + 1) * HZ / 10 : 1;
-			rcu_read_unlock();
-			schedule_timeout_interruptible(timeo);
-			if (try < max_tries)
+			if (try < max_tries) {
+				int timeo;
 				try = max_tries - 1;
+				rcu_read_lock();
+				nc = rcu_dereference(connection->net_conf);
+				timeo = nc ? (nc->ping_timeo + 1) * HZ / 10 : 1;
+				rcu_read_unlock();
+				schedule_timeout_interruptible(timeo);
+			}
 			continue;
 		}
 		if (rv < SS_SUCCESS) {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 202/258] drbd: Avoid Clang warning about pointless switch statment
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (199 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 201/258] drbd: skip spurious timeout (ping-timeo) when failing promote Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 203/258] drm/amd/display: validate extended dongle caps Sasha Levin
                   ` (55 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Nathan Chancellor, Jens Axboe, Sasha Levin

From: Nathan Chancellor <natechancellor@gmail.com>

[ Upstream commit a52c5a16cf19d8a85831bb1b915a221dd4ffae3c ]

There are several warnings from Clang about no case statement matching
the constant 0:

In file included from drivers/block/drbd/drbd_receiver.c:48:
In file included from drivers/block/drbd/drbd_int.h:48:
In file included from ./include/linux/drbd_genl_api.h:54:
In file included from ./include/linux/genl_magic_struct.h:236:
./include/linux/drbd_genl.h:321:1: warning: no case matching constant
switch condition '0'
GENL_struct(DRBD_NLA_HELPER, 24, drbd_helper_info,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./include/linux/genl_magic_struct.h:220:10: note: expanded from macro
'GENL_struct'
        switch (0) {
                ^

Silence this warning by adding a 'case 0:' statement. Additionally,
adjust the alignment of the statements in the ct_assert_unique macro to
avoid a checkpatch warning.

This solution was originally sent by Arnd Bergmann with a default case
statement: https://lore.kernel.org/patchwork/patch/756723/

Link: https://github.com/ClangBuiltLinux/linux/issues/43
Suggested-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/linux/genl_magic_struct.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/linux/genl_magic_struct.h b/include/linux/genl_magic_struct.h
index 5972e4969197..eeae59d3ceb7 100644
--- a/include/linux/genl_magic_struct.h
+++ b/include/linux/genl_magic_struct.h
@@ -191,6 +191,7 @@ static inline void ct_assert_unique_operations(void)
 {
 	switch (0) {
 #include GENL_MAGIC_INCLUDE_FILE
+	case 0:
 		;
 	}
 }
@@ -209,6 +210,7 @@ static inline void ct_assert_unique_top_level_attributes(void)
 {
 	switch (0) {
 #include GENL_MAGIC_INCLUDE_FILE
+	case 0:
 		;
 	}
 }
@@ -218,7 +220,8 @@ static inline void ct_assert_unique_top_level_attributes(void)
 static inline void ct_assert_unique_ ## s_name ## _attributes(void)	\
 {									\
 	switch (0) {							\
-		s_fields						\
+	s_fields							\
+	case 0:								\
 			;						\
 	}								\
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 203/258] drm/amd/display: validate extended dongle caps
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (200 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 202/258] drbd: Avoid Clang warning about pointless switch statment Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 204/258] video: clps711x-fb: release disp device node in probe() Sasha Levin
                   ` (54 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Wenjing Liu, Alex Deucher, Sasha Levin, amd-gfx, dri-devel

From: Wenjing Liu <Wenjing.Liu@amd.com>

[ Upstream commit 99b922f9ed6a6313c0d2247cde8aa1e4a0bd67e4 ]

[why]
Some dongle doesn't have a valid extended dongle caps,
but we still set the extended dongle caps to be valid.
This causes validation fails for all timing.

[how]
If no dp_hdmi_max_pixel_clk is provided,
don't use extended dongle caps.

Signed-off-by: Wenjing Liu <Wenjing.Liu@amd.com>
Reviewed-by: Aric Cyr <Aric.Cyr@amd.com>
Reviewed-by: Jun Lei <Jun.Lei@amd.com>
Acked-by: Abdoulaye Berthe <Abdoulaye.Berthe@amd.com>
Acked-by: Leo Li <sunpeng.li@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c b/drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c
index a7553b6d59c2..05840f5bddd5 100644
--- a/drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c
+++ b/drivers/gpu/drm/amd/display/dc/core/dc_link_dp.c
@@ -2240,7 +2240,8 @@ static void get_active_converter_info(
 					translate_dpcd_max_bpc(
 						hdmi_color_caps.bits.MAX_BITS_PER_COLOR_COMPONENT);
 
-				link->dpcd_caps.dongle_caps.extendedCapValid = true;
+				if (link->dpcd_caps.dongle_caps.dp_hdmi_max_pixel_clk != 0)
+					link->dpcd_caps.dongle_caps.extendedCapValid = true;
 			}
 
 			break;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 204/258] video: clps711x-fb: release disp device node in probe()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (201 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 203/258] drm/amd/display: validate extended dongle caps Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 205/258] md: fix raid10 hang issue caused by barrier Sasha Levin
                   ` (53 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Alexey Khoroshilov, Alexander Shiyan, Bartlomiej Zolnierkiewicz,
	Sasha Levin, dri-devel, linux-fbdev

From: Alexey Khoroshilov <khoroshilov@ispras.ru>

[ Upstream commit fdac751355cd76e049f628afe6acb8ff4b1399f7 ]

clps711x_fb_probe() increments refcnt of disp device node by
of_parse_phandle() and leaves it undecremented on both
successful and error paths.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Cc: Alexander Shiyan <shc_work@mail.ru>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/video/fbdev/clps711x-fb.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/video/fbdev/clps711x-fb.c b/drivers/video/fbdev/clps711x-fb.c
index ff561073ee4e..42f909618f04 100644
--- a/drivers/video/fbdev/clps711x-fb.c
+++ b/drivers/video/fbdev/clps711x-fb.c
@@ -287,14 +287,17 @@ static int clps711x_fb_probe(struct platform_device *pdev)
 	}
 
 	ret = of_get_fb_videomode(disp, &cfb->mode, OF_USE_NATIVE_MODE);
-	if (ret)
+	if (ret) {
+		of_node_put(disp);
 		goto out_fb_release;
+	}
 
 	of_property_read_u32(disp, "ac-prescale", &cfb->ac_prescale);
 	cfb->cmap_invert = of_property_read_bool(disp, "cmap-invert");
 
 	ret = of_property_read_u32(disp, "bits-per-pixel",
 				   &info->var.bits_per_pixel);
+	of_node_put(disp);
 	if (ret)
 		goto out_fb_release;
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 205/258] md: fix raid10 hang issue caused by barrier
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (202 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 204/258] video: clps711x-fb: release disp device node in probe() Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 206/258] fbdev: fbmem: behave better with small rotated displays and many CPUs Sasha Levin
                   ` (52 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Guoqing Jiang, Shaohua Li, Sasha Levin, linux-raid

From: Guoqing Jiang <gqjiang@suse.com>

[ Upstream commit e820d55cb99dd93ac2dc949cf486bb187e5cd70d ]

When both regular IO and resync IO happen at the same time,
and if we also need to split regular. Then we can see tasks
hang due to barrier.

1. resync thread
[ 1463.757205] INFO: task md1_resync:5215 blocked for more than 480 seconds.
[ 1463.757207]       Not tainted 4.19.5-1-default #1
[ 1463.757209] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1463.757212] md1_resync      D    0  5215      2 0x80000000
[ 1463.757216] Call Trace:
[ 1463.757223]  ? __schedule+0x29a/0x880
[ 1463.757231]  ? raise_barrier+0x8d/0x140 [raid10]
[ 1463.757236]  schedule+0x78/0x110
[ 1463.757243]  raise_barrier+0x8d/0x140 [raid10]
[ 1463.757248]  ? wait_woken+0x80/0x80
[ 1463.757257]  raid10_sync_request+0x1f6/0x1e30 [raid10]
[ 1463.757265]  ? _raw_spin_unlock_irq+0x22/0x40
[ 1463.757284]  ? is_mddev_idle+0x125/0x137 [md_mod]
[ 1463.757302]  md_do_sync.cold.78+0x404/0x969 [md_mod]
[ 1463.757311]  ? wait_woken+0x80/0x80
[ 1463.757336]  ? md_rdev_init+0xb0/0xb0 [md_mod]
[ 1463.757351]  md_thread+0xe9/0x140 [md_mod]
[ 1463.757358]  ? _raw_spin_unlock_irqrestore+0x2e/0x60
[ 1463.757364]  ? __kthread_parkme+0x4c/0x70
[ 1463.757369]  kthread+0x112/0x130
[ 1463.757374]  ? kthread_create_worker_on_cpu+0x40/0x40
[ 1463.757380]  ret_from_fork+0x3a/0x50

2. regular IO
[ 1463.760679] INFO: task kworker/0:8:5367 blocked for more than 480 seconds.
[ 1463.760683]       Not tainted 4.19.5-1-default #1
[ 1463.760684] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1463.760687] kworker/0:8     D    0  5367      2 0x80000000
[ 1463.760718] Workqueue: md submit_flushes [md_mod]
[ 1463.760721] Call Trace:
[ 1463.760731]  ? __schedule+0x29a/0x880
[ 1463.760741]  ? wait_barrier+0xdd/0x170 [raid10]
[ 1463.760746]  schedule+0x78/0x110
[ 1463.760753]  wait_barrier+0xdd/0x170 [raid10]
[ 1463.760761]  ? wait_woken+0x80/0x80
[ 1463.760768]  raid10_write_request+0xf2/0x900 [raid10]
[ 1463.760774]  ? wait_woken+0x80/0x80
[ 1463.760778]  ? mempool_alloc+0x55/0x160
[ 1463.760795]  ? md_write_start+0xa9/0x270 [md_mod]
[ 1463.760801]  ? try_to_wake_up+0x44/0x470
[ 1463.760810]  raid10_make_request+0xc1/0x120 [raid10]
[ 1463.760816]  ? wait_woken+0x80/0x80
[ 1463.760831]  md_handle_request+0x121/0x190 [md_mod]
[ 1463.760851]  md_make_request+0x78/0x190 [md_mod]
[ 1463.760860]  generic_make_request+0x1c6/0x470
[ 1463.760870]  raid10_write_request+0x77a/0x900 [raid10]
[ 1463.760875]  ? wait_woken+0x80/0x80
[ 1463.760879]  ? mempool_alloc+0x55/0x160
[ 1463.760895]  ? md_write_start+0xa9/0x270 [md_mod]
[ 1463.760904]  raid10_make_request+0xc1/0x120 [raid10]
[ 1463.760910]  ? wait_woken+0x80/0x80
[ 1463.760926]  md_handle_request+0x121/0x190 [md_mod]
[ 1463.760931]  ? _raw_spin_unlock_irq+0x22/0x40
[ 1463.760936]  ? finish_task_switch+0x74/0x260
[ 1463.760954]  submit_flushes+0x21/0x40 [md_mod]

So resync io is waiting for regular write io to complete to
decrease nr_pending (conf->barrier++ is called before waiting).
The regular write io splits another bio after call wait_barrier
which call nr_pending++, then the splitted bio would continue
with raid10_write_request -> wait_barrier, so the splitted bio
has to wait for barrier to be zero, then deadlock happens as
follows.

	resync io		regular io

	raise_barrier
				wait_barrier
				generic_make_request
				wait_barrier

To resolve the issue, we need to call allow_barrier to decrease
nr_pending before generic_make_request since regular IO is not
issued to underlying devices, and wait_barrier is called again
to ensure no internal IO happening.

Fixes: fc9977dd069e ("md/raid10: simplify the splitting of requests.")
Reported-and-tested-by: Siniša Bandin <sinisa@4net.rs>
Signed-off-by: Guoqing Jiang <gqjiang@suse.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/md/raid10.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 811427e53126..7033a2880771 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -1208,7 +1208,9 @@ static void raid10_read_request(struct mddev *mddev, struct bio *bio,
 		struct bio *split = bio_split(bio, max_sectors,
 					      gfp, &conf->bio_split);
 		bio_chain(split, bio);
+		allow_barrier(conf);
 		generic_make_request(bio);
+		wait_barrier(conf);
 		bio = split;
 		r10_bio->master_bio = bio;
 		r10_bio->sectors = max_sectors;
@@ -1513,7 +1515,9 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio,
 		struct bio *split = bio_split(bio, r10_bio->sectors,
 					      GFP_NOIO, &conf->bio_split);
 		bio_chain(split, bio);
+		allow_barrier(conf);
 		generic_make_request(bio);
+		wait_barrier(conf);
 		bio = split;
 		r10_bio->master_bio = bio;
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 206/258] fbdev: fbmem: behave better with small rotated displays and many CPUs
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (203 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 205/258] md: fix raid10 hang issue caused by barrier Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 207/258] i40e: define proper net_device::neigh_priv_len Sasha Levin
                   ` (51 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Peter Rosin, Tomi Valkeinen, Fabian Frederick,
	Geert Uytterhoeven, Geoff Levand, James Simmons,
	Bartlomiej Zolnierkiewicz, Sasha Levin, dri-devel, linux-fbdev

From: Peter Rosin <peda@axentia.se>

[ Upstream commit f75df8d4b4fabfad7e3cba2debfad12741c6fde7 ]

Blitting an image with "negative" offsets is not working since there
is no clipping. It hopefully just crashes. For the bootup logo, there
is protection so that blitting does not happen as the image is drawn
further and further to the right (ROTATE_UR) or further and further
down (ROTATE_CW). There is however no protection when drawing in the
opposite directions (ROTATE_UD and ROTATE_CCW).

Add back this protection.

The regression is 20-odd years old but the mindless warning-killing
mentality displayed in commit 34bdb666f4b2 ("fbdev: fbmem: remove
positive test on unsigned values") is also to blame, methinks.

Fixes: 448d479747b8 ("fbdev: fb_do_show_logo() updates")
Signed-off-by: Peter Rosin <peda@axentia.se>
Cc: Tomi Valkeinen <tomi.valkeinen@ti.com>
Cc: Fabian Frederick <ffrederick@users.sourceforge.net>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
cc: Geoff Levand <geoff@infradead.org>
Cc: James Simmons <jsimmons@users.sf.net>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/video/fbdev/core/fbmem.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c
index 20405421a5ed..77cee99fc36c 100644
--- a/drivers/video/fbdev/core/fbmem.c
+++ b/drivers/video/fbdev/core/fbmem.c
@@ -435,7 +435,9 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
 			image->dx += image->width + 8;
 		}
 	} else if (rotate == FB_ROTATE_UD) {
-		for (x = 0; x < num; x++) {
+		u32 dx = image->dx;
+
+		for (x = 0; x < num && image->dx <= dx; x++) {
 			info->fbops->fb_imageblit(info, image);
 			image->dx -= image->width + 8;
 		}
@@ -447,7 +449,9 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
 			image->dy += image->height + 8;
 		}
 	} else if (rotate == FB_ROTATE_CCW) {
-		for (x = 0; x < num; x++) {
+		u32 dy = image->dy;
+
+		for (x = 0; x < num && image->dy <= dy; x++) {
 			info->fbops->fb_imageblit(info, image);
 			image->dy -= image->height + 8;
 		}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 207/258] i40e: define proper net_device::neigh_priv_len
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (204 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 206/258] fbdev: fbmem: behave better with small rotated displays and many CPUs Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 208/258] ice: Do not enable NAPI on q_vectors that have no rings Sasha Levin
                   ` (50 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Konstantin Khorenko, Jeff Kirsher, Sasha Levin, netdev

From: Konstantin Khorenko <khorenko@virtuozzo.com>

[ Upstream commit 31389b53b3e0b535867af9090a5d19ec64768d55 ]

Out of bound read reported by KASan.

i40iw_net_event() reads unconditionally 16 bytes from
neigh->primary_key while the memory allocated for
"neighbour" struct is evaluated in neigh_alloc() as

  tbl->entry_size + dev->neigh_priv_len

where "dev" is a net_device.

But the driver does not setup dev->neigh_priv_len and
we read beyond the neigh entry allocated memory,
so the patch in the next mail fixes this.

Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index bfa5c525cf31..41fa22c562c1 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -12016,6 +12016,9 @@ static int i40e_config_netdev(struct i40e_vsi *vsi)
 	ether_addr_copy(netdev->dev_addr, mac_addr);
 	ether_addr_copy(netdev->perm_addr, mac_addr);
 
+	/* i40iw_net_event() reads 16 bytes from neigh->primary_key */
+	netdev->neigh_priv_len = sizeof(u32) * 4;
+
 	netdev->priv_flags |= IFF_UNICAST_FLT;
 	netdev->priv_flags |= IFF_SUPP_NOFCS;
 	/* Setup netdev TC information */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 208/258] ice: Do not enable NAPI on q_vectors that have no rings
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (205 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 207/258] i40e: define proper net_device::neigh_priv_len Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 209/258] igb: Fix an issue that PME is not enabled during runtime suspend Sasha Levin
                   ` (49 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Young Xiao, Jeff Kirsher, Sasha Levin, netdev

From: Young Xiao <YangX92@hotmail.com>

[ Upstream commit eec903769b4ea476591ffff73bb7359f14f38c51 ]

If ice driver has q_vectors w/ active NAPI that has no rings,
then this will result in a divide by zero error. To correct it
I am updating the driver code so that we only support NAPI on
q_vectors that have 1 or more rings allocated to them.

See commit 13a8cd191a2b ("i40e: Do not enable NAPI on q_vectors
that have no rings") for detail.

Signed-off-by: Young Xiao <YangX92@hotmail.com>
Acked-by: Anirudh Venkataramanan <anirudh.venkataramanan@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/ice/ice_main.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/drivers/net/ethernet/intel/ice/ice_main.c b/drivers/net/ethernet/intel/ice/ice_main.c
index 3f047bb43348..db1543bca701 100644
--- a/drivers/net/ethernet/intel/ice/ice_main.c
+++ b/drivers/net/ethernet/intel/ice/ice_main.c
@@ -4333,8 +4333,12 @@ static void ice_napi_enable_all(struct ice_vsi *vsi)
 	if (!vsi->netdev)
 		return;
 
-	for (q_idx = 0; q_idx < vsi->num_q_vectors; q_idx++)
-		napi_enable(&vsi->q_vectors[q_idx]->napi);
+	for (q_idx = 0; q_idx < vsi->num_q_vectors; q_idx++) {
+		struct ice_q_vector *q_vector = vsi->q_vectors[q_idx];
+
+		if (q_vector->rx.ring || q_vector->tx.ring)
+			napi_enable(&q_vector->napi);
+	}
 }
 
 /**
@@ -4817,8 +4821,12 @@ static void ice_napi_disable_all(struct ice_vsi *vsi)
 	if (!vsi->netdev)
 		return;
 
-	for (q_idx = 0; q_idx < vsi->num_q_vectors; q_idx++)
-		napi_disable(&vsi->q_vectors[q_idx]->napi);
+	for (q_idx = 0; q_idx < vsi->num_q_vectors; q_idx++) {
+		struct ice_q_vector *q_vector = vsi->q_vectors[q_idx];
+
+		if (q_vector->rx.ring || q_vector->tx.ring)
+			napi_disable(&q_vector->napi);
+	}
 }
 
 /**
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 209/258] igb: Fix an issue that PME is not enabled during runtime suspend
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (206 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 208/258] ice: Do not enable NAPI on q_vectors that have no rings Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 210/258] ACPI/APEI: Clear GHES block_status before panic() Sasha Levin
                   ` (48 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Kai-Heng Feng, Jeff Kirsher, Sasha Levin, netdev

From: Kai-Heng Feng <kai.heng.feng@canonical.com>

[ Upstream commit 1fb3a7a75e2efcc83ef21f2434069cddd6fae6f5 ]

I210 ethernet card doesn't wakeup when a cable gets plugged. It's
because its PME is not set.

Since commit 42eca2302146 ("PCI: Don't touch card regs after runtime
suspend D3"), if the PCI state is saved, pci_pm_runtime_suspend() stops
calling pci_finish_runtime_suspend(), which enables the PCI PME.

To fix the issue, let's not to save PCI states when it's runtime
suspend, to let the PCI subsystem enables PME.

Fixes: 42eca2302146 ("PCI: Don't touch card regs after runtime suspend D3")
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/intel/igb/igb_main.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
index 0796cef96fa3..ffaa6e031632 100644
--- a/drivers/net/ethernet/intel/igb/igb_main.c
+++ b/drivers/net/ethernet/intel/igb/igb_main.c
@@ -8770,9 +8770,11 @@ static int __igb_shutdown(struct pci_dev *pdev, bool *enable_wake,
 	rtnl_unlock();
 
 #ifdef CONFIG_PM
-	retval = pci_save_state(pdev);
-	if (retval)
-		return retval;
+	if (!runtime) {
+		retval = pci_save_state(pdev);
+		if (retval)
+			return retval;
+	}
 #endif
 
 	status = rd32(E1000_STATUS);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 210/258] ACPI/APEI: Clear GHES block_status before panic()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (207 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 209/258] igb: Fix an issue that PME is not enabled during runtime suspend Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 211/258] fbdev: fbcon: Fix unregister crash when more than one framebuffer Sasha Levin
                   ` (47 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Lenny Szubowicz, David Arcari, Rafael J . Wysocki, Sasha Levin,
	linux-acpi

From: Lenny Szubowicz <lszubowi@redhat.com>

[ Upstream commit 98cff8b23ed1c763a029ee81ea300df0d153d07d ]

In __ghes_panic() clear the block status in the APEI generic
error status block for that generic hardware error source before
calling panic() to prevent a second panic() in the crash kernel
for exactly the same fatal error.

Otherwise ghes_probe(), running in the crash kernel, would see
an unhandled error in the APEI generic error status block and
panic again, thereby precluding any crash dump.

Signed-off-by: Lenny Szubowicz <lszubowi@redhat.com>
Signed-off-by: David Arcari <darcari@redhat.com>
Tested-by: Tyler Baicar <baicar.tyler@gmail.com>
Acked-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/acpi/apei/ghes.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
index 02c6fd9caff7..f008ba7c9ced 100644
--- a/drivers/acpi/apei/ghes.c
+++ b/drivers/acpi/apei/ghes.c
@@ -691,6 +691,8 @@ static void __ghes_panic(struct ghes *ghes)
 {
 	__ghes_print_estatus(KERN_EMERG, ghes->generic, ghes->estatus);
 
+	ghes_clear_estatus(ghes);
+
 	/* reboot to log the error! */
 	if (!panic_timeout)
 		panic_timeout = ghes_panic_timeout;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 211/258] fbdev: fbcon: Fix unregister crash when more than one framebuffer
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (208 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 210/258] ACPI/APEI: Clear GHES block_status before panic() Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 212/258] powerpc/mm: Fix reporting of kernel execute faults on the 8xx Sasha Levin
                   ` (46 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Noralf Trønnes, Bartlomiej Zolnierkiewicz, Sasha Levin,
	dri-devel, linux-fbdev

From: Noralf Trønnes <noralf@tronnes.org>

[ Upstream commit 2122b40580dd9d0620398739c773d07a7b7939d0 ]

When unregistering fbdev using unregister_framebuffer(), any bound
console will unbind automatically. This is working fine if this is the
only framebuffer, resulting in a switch to the dummy console. However if
there is a fb0 and I unregister fb1 having a bound console, I eventually
get a crash. The fastest way for me to trigger the crash is to do a
reboot, resulting in this splat:

[   76.478825] WARNING: CPU: 0 PID: 527 at linux/kernel/workqueue.c:1442 __queue_work+0x2d4/0x41c
[   76.478849] Modules linked in: raspberrypi_hwmon gpio_backlight backlight bcm2835_rng rng_core [last unloaded: tinydrm]
[   76.478916] CPU: 0 PID: 527 Comm: systemd-udevd Not tainted 4.20.0-rc4+ #4
[   76.478933] Hardware name: BCM2835
[   76.478949] Backtrace:
[   76.478995] [<c010d388>] (dump_backtrace) from [<c010d670>] (show_stack+0x20/0x24)
[   76.479022]  r6:00000000 r5:c0bc73be r4:00000000 r3:6fb5bf81
[   76.479060] [<c010d650>] (show_stack) from [<c08e82f4>] (dump_stack+0x20/0x28)
[   76.479102] [<c08e82d4>] (dump_stack) from [<c0120070>] (__warn+0xec/0x12c)
[   76.479134] [<c011ff84>] (__warn) from [<c01201e4>] (warn_slowpath_null+0x4c/0x58)
[   76.479165]  r9:c0eb6944 r8:00000001 r7:c0e927f8 r6:c0bc73be r5:000005a2 r4:c0139e84
[   76.479197] [<c0120198>] (warn_slowpath_null) from [<c0139e84>] (__queue_work+0x2d4/0x41c)
[   76.479222]  r6:d7666a00 r5:c0e918ee r4:dbc4e700
[   76.479251] [<c0139bb0>] (__queue_work) from [<c013a02c>] (queue_work_on+0x60/0x88)
[   76.479281]  r10:c0496bf8 r9:00000100 r8:c0e92ae0 r7:00000001 r6:d9403700 r5:d7666a00
[   76.479298]  r4:20000113
[   76.479348] [<c0139fcc>] (queue_work_on) from [<c0496c28>] (cursor_timer_handler+0x30/0x54)
[   76.479374]  r7:d8a8fabc r6:c0e08088 r5:d8afdc5c r4:d8a8fabc
[   76.479413] [<c0496bf8>] (cursor_timer_handler) from [<c0178744>] (call_timer_fn+0x100/0x230)
[   76.479435]  r4:c0e9192f r3:d758a340
[   76.479465] [<c0178644>] (call_timer_fn) from [<c0178980>] (expire_timers+0x10c/0x12c)
[   76.479495]  r10:40000000 r9:c0e9192f r8:c0e92ae0 r7:d8afdccc r6:c0e19280 r5:c0496bf8
[   76.479513]  r4:d8a8fabc
[   76.479541] [<c0178874>] (expire_timers) from [<c0179630>] (run_timer_softirq+0xa8/0x184)
[   76.479570]  r9:00000001 r8:c0e19280 r7:00000000 r6:c0e08088 r5:c0e1a3e0 r4:c0e19280
[   76.479603] [<c0179588>] (run_timer_softirq) from [<c0102404>] (__do_softirq+0x1ac/0x3fc)
[   76.479632]  r10:c0e91680 r9:d8afc020 r8:0000000a r7:00000100 r6:00000001 r5:00000002
[   76.479650]  r4:c0eb65ec
[   76.479686] [<c0102258>] (__do_softirq) from [<c0124d10>] (irq_exit+0xe8/0x168)
[   76.479716]  r10:d8d1a9b0 r9:d8afc000 r8:00000001 r7:d949c000 r6:00000000 r5:c0e8b3f0
[   76.479734]  r4:00000000
[   76.479764] [<c0124c28>] (irq_exit) from [<c016b72c>] (__handle_domain_irq+0x94/0xb0)
[   76.479793] [<c016b698>] (__handle_domain_irq) from [<c01021dc>] (bcm2835_handle_irq+0x3c/0x48)
[   76.479823]  r8:d8afdebc r7:d8afddfc r6:ffffffff r5:c0e089f8 r4:d8afddc8 r3:d8afddc8
[   76.479851] [<c01021a0>] (bcm2835_handle_irq) from [<c01019f0>] (__irq_svc+0x70/0x98)

The problem is in the console rebinding in fbcon_fb_unbind(). It uses the
virtual console index as the new framebuffer index to bind the console(s)
to. The correct way is to use the con2fb_map lookup table to find the
framebuffer index.

Fixes: cfafca8067c6 ("fbdev: fbcon: console unregistration from unregister_framebuffer")
Signed-off-by: Noralf Trønnes <noralf@tronnes.org>
Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/video/fbdev/core/fbcon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index 75ebbbf0a1fb..5d961e3ac66e 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -3066,7 +3066,7 @@ static int fbcon_fb_unbind(int idx)
 	for (i = first_fb_vc; i <= last_fb_vc; i++) {
 		if (con2fb_map[i] != idx &&
 		    con2fb_map[i] != -1) {
-			new_idx = i;
+			new_idx = con2fb_map[i];
 			break;
 		}
 	}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 212/258] powerpc/mm: Fix reporting of kernel execute faults on the 8xx
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (209 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 211/258] fbdev: fbcon: Fix unregister crash when more than one framebuffer Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 213/258] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins Sasha Levin
                   ` (45 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Christophe Leroy, Michael Ellerman, Sasha Levin, linuxppc-dev

From: Christophe Leroy <christophe.leroy@c-s.fr>

[ Upstream commit ffca395b11c4a5a6df6d6345f794b0e3d578e2d0 ]

On the 8xx, no-execute is set via PPP bits in the PTE. Therefore
a no-exec fault generates DSISR_PROTFAULT error bits,
not DSISR_NOEXEC_OR_G.

This patch adds DSISR_PROTFAULT in the test mask.

Fixes: d3ca587404b3 ("powerpc/mm: Fix reporting of kernel execute faults")
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/mm/fault.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index d51cf5f4e45e..365526ee29b8 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
@@ -221,7 +221,9 @@ static int mm_fault_error(struct pt_regs *regs, unsigned long addr,
 static bool bad_kernel_fault(bool is_exec, unsigned long error_code,
 			     unsigned long address)
 {
-	if (is_exec && (error_code & (DSISR_NOEXEC_OR_G | DSISR_KEYFAULT))) {
+	/* NX faults set DSISR_PROTFAULT on the 8xx, DSISR_NOEXEC_OR_G on others */
+	if (is_exec && (error_code & (DSISR_NOEXEC_OR_G | DSISR_KEYFAULT |
+				      DSISR_PROTFAULT))) {
 		printk_ratelimited(KERN_CRIT "kernel tried to execute"
 				   " exec-protected page (%lx) -"
 				   "exploit attempt? (uid: %d)\n",
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 213/258] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (210 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 212/258] powerpc/mm: Fix reporting of kernel execute faults on the 8xx Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 214/258] pinctrl: meson: meson8b: " Sasha Levin
                   ` (44 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Martin Blumenstingl, Linus Walleij, Sasha Levin, linux-gpio,
	linux-amlogic

From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

[ Upstream commit 42f9b48cc5402be11d2364275eb18c257d2a79e8 ]

The GPIOAO pins (as well as the two exotic GPIO_BSD_EN and GPIO_TEST_N)
only belong to the pin controller in the AO domain. With the current
definition these pins cannot be referred to in .dts files as group
(which is possible on GXBB and GXL for example).

Add a separate "gpio_aobus" function to fix the mapping between the pin
controller and the GPIO pins in the AO domain. This is similar to how
the GXBB and GXL drivers implement this functionality.

Fixes: 9dab1868ec0db4 ("pinctrl: amlogic: Make driver independent from two-domain configuration")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pinctrl/meson/pinctrl-meson8.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/pinctrl/meson/pinctrl-meson8.c b/drivers/pinctrl/meson/pinctrl-meson8.c
index 86466173114d..e482672e833a 100644
--- a/drivers/pinctrl/meson/pinctrl-meson8.c
+++ b/drivers/pinctrl/meson/pinctrl-meson8.c
@@ -807,7 +807,9 @@ static const char * const gpio_groups[] = {
 	"BOOT_5", "BOOT_6", "BOOT_7", "BOOT_8", "BOOT_9",
 	"BOOT_10", "BOOT_11", "BOOT_12", "BOOT_13", "BOOT_14",
 	"BOOT_15", "BOOT_16", "BOOT_17", "BOOT_18",
+};
 
+static const char * const gpio_aobus_groups[] = {
 	"GPIOAO_0", "GPIOAO_1", "GPIOAO_2", "GPIOAO_3",
 	"GPIOAO_4", "GPIOAO_5", "GPIOAO_6", "GPIOAO_7",
 	"GPIOAO_8", "GPIOAO_9", "GPIOAO_10", "GPIOAO_11",
@@ -1030,6 +1032,7 @@ static struct meson_pmx_func meson8_cbus_functions[] = {
 };
 
 static struct meson_pmx_func meson8_aobus_functions[] = {
+	FUNCTION(gpio_aobus),
 	FUNCTION(uart_ao),
 	FUNCTION(remote),
 	FUNCTION(i2c_slave_ao),
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 214/258] pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (211 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 213/258] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 215/258] KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported Sasha Levin
                   ` (43 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Martin Blumenstingl, Linus Walleij, Sasha Levin, linux-gpio,
	linux-amlogic

From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>

[ Upstream commit 2b745ac3cceb8fc1d9985990c8241a821ea97e53 ]

The GPIOAO pins (as well as the two exotic GPIO_BSD_EN and GPIO_TEST_N)
only belong to the pin controller in the AO domain. With the current
definition these pins cannot be referred to in .dts files as group
(which is possible on GXBB and GXL for example).

Add a separate "gpio_aobus" function to fix the mapping between the pin
controller and the GPIO pins in the AO domain. This is similar to how
the GXBB and GXL drivers implement this functionality.

Fixes: 9dab1868ec0db4 ("pinctrl: amlogic: Make driver independent from two-domain configuration")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pinctrl/meson/pinctrl-meson8b.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/drivers/pinctrl/meson/pinctrl-meson8b.c b/drivers/pinctrl/meson/pinctrl-meson8b.c
index 647ad15d5c3c..91cffc051055 100644
--- a/drivers/pinctrl/meson/pinctrl-meson8b.c
+++ b/drivers/pinctrl/meson/pinctrl-meson8b.c
@@ -646,16 +646,18 @@ static const char * const gpio_groups[] = {
 	"BOOT_10", "BOOT_11", "BOOT_12", "BOOT_13", "BOOT_14",
 	"BOOT_15", "BOOT_16", "BOOT_17", "BOOT_18",
 
-	"GPIOAO_0", "GPIOAO_1", "GPIOAO_2", "GPIOAO_3",
-	"GPIOAO_4", "GPIOAO_5", "GPIOAO_6", "GPIOAO_7",
-	"GPIOAO_8", "GPIOAO_9", "GPIOAO_10", "GPIOAO_11",
-	"GPIOAO_12", "GPIOAO_13", "GPIO_BSD_EN", "GPIO_TEST_N",
-
 	"DIF_0_P", "DIF_0_N", "DIF_1_P", "DIF_1_N",
 	"DIF_2_P", "DIF_2_N", "DIF_3_P", "DIF_3_N",
 	"DIF_4_P", "DIF_4_N"
 };
 
+static const char * const gpio_aobus_groups[] = {
+	"GPIOAO_0", "GPIOAO_1", "GPIOAO_2", "GPIOAO_3",
+	"GPIOAO_4", "GPIOAO_5", "GPIOAO_6", "GPIOAO_7",
+	"GPIOAO_8", "GPIOAO_9", "GPIOAO_10", "GPIOAO_11",
+	"GPIOAO_12", "GPIOAO_13", "GPIO_BSD_EN", "GPIO_TEST_N"
+};
+
 static const char * const sd_a_groups[] = {
 	"sd_d0_a", "sd_d1_a", "sd_d2_a", "sd_d3_a", "sd_clk_a",
 	"sd_cmd_a"
@@ -871,6 +873,7 @@ static struct meson_pmx_func meson8b_cbus_functions[] = {
 };
 
 static struct meson_pmx_func meson8b_aobus_functions[] = {
+	FUNCTION(gpio_aobus),
 	FUNCTION(uart_ao),
 	FUNCTION(uart_ao_b),
 	FUNCTION(i2c_slave_ao),
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 215/258] KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (212 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 214/258] pinctrl: meson: meson8b: " Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 216/258] powerpc/fadump: Do not allow hot-remove memory from fadump reserved area Sasha Levin
                   ` (42 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Vitaly Kuznetsov, Radim Krčmář, Sasha Levin, kvm

From: Vitaly Kuznetsov <vkuznets@redhat.com>

[ Upstream commit e87555e550cef4941579cd879759a7c0dee24e68 ]

AMD doesn't seem to implement MSR_IA32_MCG_EXT_CTL and svm code in kvm
knows nothing about it, however, this MSR is among emulated_msrs and
thus returned with KVM_GET_MSR_INDEX_LIST. The consequent KVM_GET_MSRS,
of course, fails.

Report the MSR as unsupported to not confuse userspace.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/x86/kvm/svm.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index f1d3fe5a0c65..02ac8fa0cd6d 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -5837,6 +5837,13 @@ static bool svm_cpu_has_accelerated_tpr(void)
 
 static bool svm_has_emulated_msr(int index)
 {
+	switch (index) {
+	case MSR_IA32_MCG_EXT_CTL:
+		return false;
+	default:
+		break;
+	}
+
 	return true;
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 216/258] powerpc/fadump: Do not allow hot-remove memory from fadump reserved area.
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (213 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 215/258] KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 217/258] kvm: Change offset in kvm_write_guest_offset_cached to unsigned Sasha Levin
                   ` (41 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Mahesh Salgaonkar, Michael Ellerman, Sasha Levin, linuxppc-dev

From: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>

[ Upstream commit 0db6896ff6332ba694f1e61b93ae3b2640317633 ]

For fadump to work successfully there should not be any holes in reserved
memory ranges where kernel has asked firmware to move the content of old
kernel memory in event of crash. Now that fadump uses CMA for reserved
area, this memory area is now not protected from hot-remove operations
unless it is cma allocated. Hence, fadump service can fail to re-register
after the hot-remove operation, if hot-removed memory belongs to fadump
reserved region. To avoid this make sure that memory from fadump reserved
area is not hot-removable if fadump is registered.

However, if user still wants to remove that memory, he can do so by
manually stopping fadump service before hot-remove operation.

Signed-off-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/powerpc/include/asm/fadump.h               |  2 +-
 arch/powerpc/kernel/fadump.c                    | 10 ++++++++--
 arch/powerpc/platforms/pseries/hotplug-memory.c |  7 +++++--
 3 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/arch/powerpc/include/asm/fadump.h b/arch/powerpc/include/asm/fadump.h
index 1e7a33592e29..15bc07a31c46 100644
--- a/arch/powerpc/include/asm/fadump.h
+++ b/arch/powerpc/include/asm/fadump.h
@@ -200,7 +200,7 @@ struct fad_crash_memory_ranges {
 	unsigned long long	size;
 };
 
-extern int is_fadump_boot_memory_area(u64 addr, ulong size);
+extern int is_fadump_memory_area(u64 addr, ulong size);
 extern int early_init_dt_scan_fw_dump(unsigned long node,
 		const char *uname, int depth, void *data);
 extern int fadump_reserve_mem(void);
diff --git a/arch/powerpc/kernel/fadump.c b/arch/powerpc/kernel/fadump.c
index a711d22339ea..c02c95287a5f 100644
--- a/arch/powerpc/kernel/fadump.c
+++ b/arch/powerpc/kernel/fadump.c
@@ -118,13 +118,19 @@ int __init early_init_dt_scan_fw_dump(unsigned long node,
 
 /*
  * If fadump is registered, check if the memory provided
- * falls within boot memory area.
+ * falls within boot memory area and reserved memory area.
  */
-int is_fadump_boot_memory_area(u64 addr, ulong size)
+int is_fadump_memory_area(u64 addr, ulong size)
 {
+	u64 d_start = fw_dump.reserve_dump_area_start;
+	u64 d_end = d_start + fw_dump.reserve_dump_area_size;
+
 	if (!fw_dump.dump_registered)
 		return 0;
 
+	if (((addr + size) > d_start) && (addr <= d_end))
+		return 1;
+
 	return (addr + size) > RMA_START && addr <= fw_dump.boot_memory_size;
 }
 
diff --git a/arch/powerpc/platforms/pseries/hotplug-memory.c b/arch/powerpc/platforms/pseries/hotplug-memory.c
index c1578f54c626..e4c658cda3a7 100644
--- a/arch/powerpc/platforms/pseries/hotplug-memory.c
+++ b/arch/powerpc/platforms/pseries/hotplug-memory.c
@@ -389,8 +389,11 @@ static bool lmb_is_removable(struct drmem_lmb *lmb)
 	phys_addr = lmb->base_addr;
 
 #ifdef CONFIG_FA_DUMP
-	/* Don't hot-remove memory that falls in fadump boot memory area */
-	if (is_fadump_boot_memory_area(phys_addr, block_sz))
+	/*
+	 * Don't hot-remove memory that falls in fadump boot memory area
+	 * and memory that is reserved for capturing old kernel memory.
+	 */
+	if (is_fadump_memory_area(phys_addr, block_sz))
 		return false;
 #endif
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 217/258] kvm: Change offset in kvm_write_guest_offset_cached to unsigned
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (214 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 216/258] powerpc/fadump: Do not allow hot-remove memory from fadump reserved area Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 218/258] NFS: nfs_compare_mount_options always compare auth flavors Sasha Levin
                   ` (40 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jim Mattson, Radim Krčmář, Sasha Levin, kvm

From: Jim Mattson <jmattson@google.com>

[ Upstream commit 7a86dab8cf2f0fdf508f3555dddfc236623bff60 ]

Since the offset is added directly to the hva from the
gfn_to_hva_cache, a negative offset could result in an out of bounds
write. The existing BUG_ON only checks for addresses beyond the end of
the gfn_to_hva_cache, not for addresses before the start of the
gfn_to_hva_cache.

Note that all current call sites have non-negative offsets.

Fixes: 4ec6e8636256 ("kvm: Introduce kvm_write_guest_offset_cached()")
Reported-by: Cfir Cohen <cfir@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Cfir Cohen <cfir@google.com>
Reviewed-by: Peter Shier <pshier@google.com>
Reviewed-by: Krish Sadhukhan <krish.sadhukhan@oracle.com>
Reviewed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 include/linux/kvm_host.h | 3 ++-
 virt/kvm/kvm_main.c      | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
index c926698040e0..a03d5e264e5e 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
@@ -694,7 +694,8 @@ int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data,
 int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
 			   void *data, unsigned long len);
 int kvm_write_guest_offset_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
-			   void *data, int offset, unsigned long len);
+				  void *data, unsigned int offset,
+				  unsigned long len);
 int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
 			      gpa_t gpa, unsigned long len);
 int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len);
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index f986e31fa68c..0ddf81dea6fd 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1959,7 +1959,8 @@ int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
 EXPORT_SYMBOL_GPL(kvm_gfn_to_hva_cache_init);
 
 int kvm_write_guest_offset_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc,
-			   void *data, int offset, unsigned long len)
+				  void *data, unsigned int offset,
+				  unsigned long len)
 {
 	struct kvm_memslots *slots = kvm_memslots(kvm);
 	int r;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 218/258] NFS: nfs_compare_mount_options always compare auth flavors.
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (215 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 217/258] kvm: Change offset in kvm_write_guest_offset_cached to unsigned Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 219/258] perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz Sasha Levin
                   ` (39 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Chris Perl, Anna Schumaker, Sasha Levin, linux-nfs

From: Chris Perl <cperl@janestreet.com>

[ Upstream commit 594d1644cd59447f4fceb592448d5cd09eb09b5e ]

This patch removes the check from nfs_compare_mount_options to see if a
`sec' option was passed for the current mount before comparing auth
flavors and instead just always compares auth flavors.

Consider the following scenario:

You have a server with the address 192.168.1.1 and two exports /export/a
and /export/b.  The first export supports `sys' and `krb5' security, the
second just `sys'.

Assume you start with no mounts from the server.

The following results in EIOs being returned as the kernel nfs client
incorrectly thinks it can share the underlying `struct nfs_server's:

$ mkdir /tmp/{a,b}
$ sudo mount -t nfs -o vers=3,sec=krb5 192.168.1.1:/export/a /tmp/a
$ sudo mount -t nfs -o vers=3          192.168.1.1:/export/b /tmp/b
$ df >/dev/null
df: ‘/tmp/b’: Input/output error

Signed-off-by: Chris Perl <cperl@janestreet.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/nfs/super.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/nfs/super.c b/fs/nfs/super.c
index ac4b2f005778..5ef2c71348bd 100644
--- a/fs/nfs/super.c
+++ b/fs/nfs/super.c
@@ -2409,8 +2409,7 @@ static int nfs_compare_mount_options(const struct super_block *s, const struct n
 		goto Ebusy;
 	if (a->acdirmax != b->acdirmax)
 		goto Ebusy;
-	if (b->auth_info.flavor_len > 0 &&
-	   clnt_a->cl_auth->au_flavor != clnt_b->cl_auth->au_flavor)
+	if (clnt_a->cl_auth->au_flavor != clnt_b->cl_auth->au_flavor)
 		goto Ebusy;
 	return 1;
 Ebusy:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 219/258] perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (216 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 218/258] NFS: nfs_compare_mount_options always compare auth flavors Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 220/258] hwmon: (lm80) fix a missing check of the status of SMBus read Sasha Levin
                   ` (38 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Stanislav Fomichev, Alexander Shishkin, Mathieu Poirier,
	Namhyung Kim, Peter Zijlstra, Arnaldo Carvalho de Melo,
	Sasha Levin

From: Stanislav Fomichev <sdf@google.com>

[ Upstream commit 14541b1e7e723859ff2c75c6fc10cdbbec6b8c34 ]

Current libbfd feature test unconditionally links against -liberty and -lz.
While it's required on some systems (e.g. opensuse), it's completely
unnecessary on the others, where only -lbdf is sufficient (debian).
This patch streamlines (and renames) the following feature checks:

feature-libbfd           - only link against -lbfd (debian),
                           see commit 2cf9040714f3 ("perf tools: Fix bfd
			   dependency libraries detection")
feature-libbfd-liberty   - link against -lbfd and -liberty
feature-libbfd-liberty-z - link against -lbfd, -liberty and -lz (opensuse),
                           see commit 280e7c48c3b8 ("perf tools: fix BFD
			   detection on opensuse")

(feature-liberty{,-z} were renamed to feature-libbfd-liberty{,z}
for clarity)

The main motivation is to fix this feature test for bpftool which is
currently broken on debian (libbfd feature shows OFF, but we still
unconditionally link against -lbfd and it works).

Tested on debian with only -lbfd installed (without -liberty); I'd
appreciate if somebody on the other systems can test this new detection
method.

Signed-off-by: Stanislav Fomichev <sdf@google.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/4dfc634cfcfb236883971b5107cf3c28ec8a31be.1542328222.git.sdf@google.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/build/Makefile.feature |  4 ++--
 tools/build/feature/Makefile | 10 ++++----
 tools/perf/Makefile.config   | 44 +++++++++++++++++++-----------------
 3 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/tools/build/Makefile.feature b/tools/build/Makefile.feature
index f216b2f5c3d7..42a787856cd8 100644
--- a/tools/build/Makefile.feature
+++ b/tools/build/Makefile.feature
@@ -79,8 +79,8 @@ FEATURE_TESTS_EXTRA :=                  \
          cplus-demangle                 \
          hello                          \
          libbabeltrace                  \
-         liberty                        \
-         liberty-z                      \
+         libbfd-liberty                 \
+         libbfd-liberty-z               \
          libunwind-debug-frame          \
          libunwind-debug-frame-arm      \
          libunwind-debug-frame-aarch64  \
diff --git a/tools/build/feature/Makefile b/tools/build/feature/Makefile
index 0516259be70f..bf8a8ebcca1e 100644
--- a/tools/build/feature/Makefile
+++ b/tools/build/feature/Makefile
@@ -15,8 +15,8 @@ FILES=                                          \
          test-libbfd.bin                        \
          test-disassembler-four-args.bin        \
          test-reallocarray.bin			\
-         test-liberty.bin                       \
-         test-liberty-z.bin                     \
+         test-libbfd-liberty.bin                \
+         test-libbfd-liberty-z.bin              \
          test-cplus-demangle.bin                \
          test-libelf.bin                        \
          test-libelf-getphdrnum.bin             \
@@ -200,7 +200,7 @@ $(OUTPUT)test-libpython-version.bin:
 	$(BUILD)
 
 $(OUTPUT)test-libbfd.bin:
-	$(BUILD) -DPACKAGE='"perf"' -lbfd -lz -liberty -ldl
+	$(BUILD) -DPACKAGE='"perf"' -lbfd -ldl
 
 $(OUTPUT)test-disassembler-four-args.bin:
 	$(BUILD) -DPACKAGE='"perf"' -lbfd -lopcodes
@@ -208,10 +208,10 @@ $(OUTPUT)test-disassembler-four-args.bin:
 $(OUTPUT)test-reallocarray.bin:
 	$(BUILD)
 
-$(OUTPUT)test-liberty.bin:
+$(OUTPUT)test-libbfd-liberty.bin:
 	$(CC) $(CFLAGS) -Wall -Werror -o $@ test-libbfd.c -DPACKAGE='"perf"' $(LDFLAGS) -lbfd -ldl -liberty
 
-$(OUTPUT)test-liberty-z.bin:
+$(OUTPUT)test-libbfd-liberty-z.bin:
 	$(CC) $(CFLAGS) -Wall -Werror -o $@ test-libbfd.c -DPACKAGE='"perf"' $(LDFLAGS) -lbfd -ldl -liberty -lz
 
 $(OUTPUT)test-cplus-demangle.bin:
diff --git a/tools/perf/Makefile.config b/tools/perf/Makefile.config
index f00ea77f5f08..849b3be15bd8 100644
--- a/tools/perf/Makefile.config
+++ b/tools/perf/Makefile.config
@@ -688,18 +688,20 @@ endif
 
 ifeq ($(feature-libbfd), 1)
   EXTLIBS += -lbfd
+else
+  # we are on a system that requires -liberty and (maybe) -lz
+  # to link against -lbfd; test each case individually here
 
   # call all detections now so we get correct
   # status in VF output
-  $(call feature_check,liberty)
-  $(call feature_check,liberty-z)
-  $(call feature_check,cplus-demangle)
+  $(call feature_check,libbfd-liberty)
+  $(call feature_check,libbfd-liberty-z)
 
-  ifeq ($(feature-liberty), 1)
-    EXTLIBS += -liberty
+  ifeq ($(feature-libbfd-liberty), 1)
+    EXTLIBS += -lbfd -liberty
   else
-    ifeq ($(feature-liberty-z), 1)
-      EXTLIBS += -liberty -lz
+    ifeq ($(feature-libbfd-liberty-z), 1)
+      EXTLIBS += -lbfd -liberty -lz
     endif
   endif
 endif
@@ -709,24 +711,24 @@ ifdef NO_DEMANGLE
 else
   ifdef HAVE_CPLUS_DEMANGLE_SUPPORT
     EXTLIBS += -liberty
-    CFLAGS += -DHAVE_CPLUS_DEMANGLE_SUPPORT
   else
-    ifneq ($(feature-libbfd), 1)
-      ifneq ($(feature-liberty), 1)
-        ifneq ($(feature-liberty-z), 1)
-          # we dont have neither HAVE_CPLUS_DEMANGLE_SUPPORT
-          # or any of 'bfd iberty z' trinity
-          ifeq ($(feature-cplus-demangle), 1)
-            EXTLIBS += -liberty
-            CFLAGS += -DHAVE_CPLUS_DEMANGLE_SUPPORT
-          else
-            msg := $(warning No bfd.h/libbfd found, please install binutils-dev[el]/zlib-static/libiberty-dev to gain symbol demangling)
-            CFLAGS += -DNO_DEMANGLE
-          endif
-        endif
+    ifeq ($(filter -liberty,$(EXTLIBS)),)
+      $(call feature_check,cplus-demangle)
+
+      # we dont have neither HAVE_CPLUS_DEMANGLE_SUPPORT
+      # or any of 'bfd iberty z' trinity
+      ifeq ($(feature-cplus-demangle), 1)
+        EXTLIBS += -liberty
+      else
+        msg := $(warning No bfd.h/libbfd found, please install binutils-dev[el]/zlib-static/libiberty-dev to gain symbol demangling)
+        CFLAGS += -DNO_DEMANGLE
       endif
     endif
   endif
+
+  ifneq ($(filter -liberty,$(EXTLIBS)),)
+    CFLAGS += -DHAVE_CPLUS_DEMANGLE_SUPPORT
+  endif
 endif
 
 ifneq ($(filter -lbfd,$(EXTLIBS)),)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 220/258] hwmon: (lm80) fix a missing check of the status of SMBus read
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (217 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 219/258] perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 221/258] hwmon: (lm80) fix a missing check of bus read in lm80 probe Sasha Levin
                   ` (37 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Kangjie Lu, Guenter Roeck, Sasha Levin, linux-hwmon

From: Kangjie Lu <kjlu@umn.edu>

[ Upstream commit c9c63915519b1def7043b184680f33c24cd49d7b ]

If lm80_read_value() fails, it returns a negative number instead of the
correct read data. Therefore, we should avoid using the data if it
fails.

The fix checks if lm80_read_value() fails, and if so, returns with the
error number.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
[groeck: One variable for return values is enough]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwmon/lm80.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/drivers/hwmon/lm80.c b/drivers/hwmon/lm80.c
index 08e3945a6fbf..04f9df0d2341 100644
--- a/drivers/hwmon/lm80.c
+++ b/drivers/hwmon/lm80.c
@@ -360,9 +360,11 @@ static ssize_t set_fan_div(struct device *dev, struct device_attribute *attr,
 	struct i2c_client *client = data->client;
 	unsigned long min, val;
 	u8 reg;
-	int err = kstrtoul(buf, 10, &val);
-	if (err < 0)
-		return err;
+	int rv;
+
+	rv = kstrtoul(buf, 10, &val);
+	if (rv < 0)
+		return rv;
 
 	/* Save fan_min */
 	mutex_lock(&data->update_lock);
@@ -390,8 +392,11 @@ static ssize_t set_fan_div(struct device *dev, struct device_attribute *attr,
 		return -EINVAL;
 	}
 
-	reg = (lm80_read_value(client, LM80_REG_FANDIV) &
-	       ~(3 << (2 * (nr + 1)))) | (data->fan_div[nr] << (2 * (nr + 1)));
+	rv = lm80_read_value(client, LM80_REG_FANDIV);
+	if (rv < 0)
+		return rv;
+	reg = (rv & ~(3 << (2 * (nr + 1))))
+	    | (data->fan_div[nr] << (2 * (nr + 1)));
 	lm80_write_value(client, LM80_REG_FANDIV, reg);
 
 	/* Restore fan_min */
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 221/258] hwmon: (lm80) fix a missing check of bus read in lm80 probe
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (218 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 220/258] hwmon: (lm80) fix a missing check of the status of SMBus read Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 222/258] seq_buf: Make seq_buf_puts() null-terminate the buffer Sasha Levin
                   ` (36 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Kangjie Lu, Guenter Roeck, Sasha Levin, linux-hwmon

From: Kangjie Lu <kjlu@umn.edu>

[ Upstream commit 9aa3aa15f4c2f74f47afd6c5db4b420fadf3f315 ]

In lm80_probe(), if lm80_read_value() fails, it returns a negative
error number which is stored to data->fan[f_min] and will be further
used. We should avoid using the data if the read fails.

The fix checks if lm80_read_value() fails, and if so, returns with the
error number.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hwmon/lm80.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/hwmon/lm80.c b/drivers/hwmon/lm80.c
index 04f9df0d2341..0e30fa00204c 100644
--- a/drivers/hwmon/lm80.c
+++ b/drivers/hwmon/lm80.c
@@ -628,6 +628,7 @@ static int lm80_probe(struct i2c_client *client,
 	struct device *dev = &client->dev;
 	struct device *hwmon_dev;
 	struct lm80_data *data;
+	int rv;
 
 	data = devm_kzalloc(dev, sizeof(struct lm80_data), GFP_KERNEL);
 	if (!data)
@@ -640,8 +641,14 @@ static int lm80_probe(struct i2c_client *client,
 	lm80_init_client(client);
 
 	/* A few vars need to be filled upon startup */
-	data->fan[f_min][0] = lm80_read_value(client, LM80_REG_FAN_MIN(1));
-	data->fan[f_min][1] = lm80_read_value(client, LM80_REG_FAN_MIN(2));
+	rv = lm80_read_value(client, LM80_REG_FAN_MIN(1));
+	if (rv < 0)
+		return rv;
+	data->fan[f_min][0] = rv;
+	rv = lm80_read_value(client, LM80_REG_FAN_MIN(2));
+	if (rv < 0)
+		return rv;
+	data->fan[f_min][1] = rv;
 
 	hwmon_dev = devm_hwmon_device_register_with_groups(dev, client->name,
 							   data, lm80_groups);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 222/258] seq_buf: Make seq_buf_puts() null-terminate the buffer
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (219 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 221/258] hwmon: (lm80) fix a missing check of bus read in lm80 probe Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 223/258] crypto: ux500 - Use proper enum in cryp_set_dma_transfer Sasha Levin
                   ` (35 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Michael Ellerman, Steven Rostedt, Sasha Levin

From: Michael Ellerman <mpe@ellerman.id.au>

[ Upstream commit 0464ed24380905d640030d368cd84a4e4d1e15e2 ]

Currently seq_buf_puts() will happily create a non null-terminated
string for you in the buffer. This is particularly dangerous if the
buffer is on the stack.

For example:

  char buf[8];
  char secret = "secret";
  struct seq_buf s;

  seq_buf_init(&s, buf, sizeof(buf));
  seq_buf_puts(&s, "foo");
  printk("Message is %s\n", buf);

Can result in:

  Message is fooªªªªªsecret

We could require all users to memset() their buffer to zero before
use. But that seems likely to be forgotten and lead to bugs.

Instead we can change seq_buf_puts() to always leave the buffer in a
null-terminated state.

The only downside is that this makes the buffer 1 character smaller
for seq_buf_puts(), but that seems like a good trade off.

Link: http://lkml.kernel.org/r/20181019042109.8064-1-mpe@ellerman.id.au

Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 lib/seq_buf.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/seq_buf.c b/lib/seq_buf.c
index 11f2ae0f9099..6aabb609dd87 100644
--- a/lib/seq_buf.c
+++ b/lib/seq_buf.c
@@ -144,9 +144,13 @@ int seq_buf_puts(struct seq_buf *s, const char *str)
 
 	WARN_ON(s->size == 0);
 
+	/* Add 1 to len for the trailing null byte which must be there */
+	len += 1;
+
 	if (seq_buf_can_fit(s, len)) {
 		memcpy(s->buffer + s->len, str, len);
-		s->len += len;
+		/* Don't count the trailing null byte against the capacity */
+		s->len += len - 1;
 		return 0;
 	}
 	seq_buf_set_overflow(s);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 223/258] crypto: ux500 - Use proper enum in cryp_set_dma_transfer
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (220 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 222/258] seq_buf: Make seq_buf_puts() null-terminate the buffer Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 224/258] crypto: ux500 - Use proper enum in hash_set_dma_transfer Sasha Levin
                   ` (34 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nathan Chancellor, Herbert Xu, Sasha Levin, linux-crypto

From: Nathan Chancellor <natechancellor@gmail.com>

[ Upstream commit 9d880c5945c748d8edcac30965f3349a602158c4 ]

Clang warns when one enumerated type is implicitly converted to another:

drivers/crypto/ux500/cryp/cryp_core.c:559:5: warning: implicit
conversion from enumeration type 'enum dma_data_direction' to different
enumeration type 'enum dma_transfer_direction' [-Wenum-conversion]
                                direction, DMA_CTRL_ACK);
                                ^~~~~~~~~
drivers/crypto/ux500/cryp/cryp_core.c:583:5: warning: implicit
conversion from enumeration type 'enum dma_data_direction' to different
enumeration type 'enum dma_transfer_direction' [-Wenum-conversion]
                                direction,
                                ^~~~~~~~~
2 warnings generated.

dmaengine_prep_slave_sg expects an enum from dma_transfer_direction.
Because we know the value of the dma_data_direction enum from the
switch statement, we can just use the proper value from
dma_transfer_direction so there is no more conversion.

DMA_TO_DEVICE = DMA_MEM_TO_DEV = 1
DMA_FROM_DEVICE = DMA_DEV_TO_MEM = 2

Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/crypto/ux500/cryp/cryp_core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/crypto/ux500/cryp/cryp_core.c b/drivers/crypto/ux500/cryp/cryp_core.c
index d2663a4e1f5e..a92a66b1ff46 100644
--- a/drivers/crypto/ux500/cryp/cryp_core.c
+++ b/drivers/crypto/ux500/cryp/cryp_core.c
@@ -556,7 +556,7 @@ static int cryp_set_dma_transfer(struct cryp_ctx *ctx,
 		desc = dmaengine_prep_slave_sg(channel,
 				ctx->device->dma.sg_src,
 				ctx->device->dma.sg_src_len,
-				direction, DMA_CTRL_ACK);
+				DMA_MEM_TO_DEV, DMA_CTRL_ACK);
 		break;
 
 	case DMA_FROM_DEVICE:
@@ -580,7 +580,7 @@ static int cryp_set_dma_transfer(struct cryp_ctx *ctx,
 		desc = dmaengine_prep_slave_sg(channel,
 				ctx->device->dma.sg_dst,
 				ctx->device->dma.sg_dst_len,
-				direction,
+				DMA_DEV_TO_MEM,
 				DMA_CTRL_ACK |
 				DMA_PREP_INTERRUPT);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 224/258] crypto: ux500 - Use proper enum in hash_set_dma_transfer
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (221 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 223/258] crypto: ux500 - Use proper enum in cryp_set_dma_transfer Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 225/258] MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 Sasha Levin
                   ` (33 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Nathan Chancellor, Herbert Xu, Sasha Levin, linux-crypto

From: Nathan Chancellor <natechancellor@gmail.com>

[ Upstream commit 5ac93f808338f4dd465402e91869702eb87db241 ]

Clang warns when one enumerated type is implicitly converted to another:

drivers/crypto/ux500/hash/hash_core.c:169:4: warning: implicit
conversion from enumeration type 'enum dma_data_direction' to different
enumeration type 'enum dma_transfer_direction' [-Wenum-conversion]
                        direction, DMA_CTRL_ACK | DMA_PREP_INTERRUPT);
                        ^~~~~~~~~
1 warning generated.

dmaengine_prep_slave_sg expects an enum from dma_transfer_direction.
We know that the only direction supported by this function is
DMA_TO_DEVICE because of the check at the top of this function so we can
just use the equivalent value from dma_transfer_direction.

DMA_TO_DEVICE = DMA_MEM_TO_DEV = 1

Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/crypto/ux500/hash/hash_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/crypto/ux500/hash/hash_core.c b/drivers/crypto/ux500/hash/hash_core.c
index 633321a8dd03..a0bb8a6eec3f 100644
--- a/drivers/crypto/ux500/hash/hash_core.c
+++ b/drivers/crypto/ux500/hash/hash_core.c
@@ -166,7 +166,7 @@ static int hash_set_dma_transfer(struct hash_ctx *ctx, struct scatterlist *sg,
 		__func__);
 	desc = dmaengine_prep_slave_sg(channel,
 			ctx->device->dma.sg, ctx->device->dma.sg_len,
-			direction, DMA_CTRL_ACK | DMA_PREP_INTERRUPT);
+			DMA_MEM_TO_DEV, DMA_CTRL_ACK | DMA_PREP_INTERRUPT);
 	if (!desc) {
 		dev_err(ctx->device->dev,
 			"%s: dmaengine_prep_slave_sg() failed!\n", __func__);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 225/258] MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (222 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 224/258] crypto: ux500 - Use proper enum in hash_set_dma_transfer Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 226/258] cifs: check ntwrk_buf_start for NULL before dereferencing it Sasha Levin
                   ` (32 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Stefan Roese, Paul Burton, John Crispin, Daniel Schwierzeck,
	Ralf Baechle, linux-mips, Sasha Levin, linux-mips

From: Stefan Roese <sr@denx.de>

[ Upstream commit 0b15394475e3bcaf35ca4bf22fc55d56df67224e ]

Testing has shown, that when using mainline U-Boot on MT7688 based
boards, the system may hang or crash while mounting the root-fs. The
main issue here is that mainline U-Boot configures EBase to a value
near the end of system memory. And with CONFIG_CPU_MIPSR2_IRQ_VI
disabled, trap_init() will not allocate a new area to place the
exception handler. The original value will be used and the handler
will be copied to this location, which might already be used by some
userspace application.

The MT7688 supports VI - its config3 register is 0x00002420, so VInt
(Bit 5) is set. But without setting CONFIG_CPU_MIPSR2_IRQ_VI this
bit will not be evaluated to result in "cpu_has_vi" being set. This
patch now selects CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 which results
trap_init() to allocate some memory for the exception handler.

Please note that this issue was not seen with the Mediatek U-Boot
version, as it does not touch EBase (stays at default of 0x8000.0000).
This is strictly also not correct as the kernel (_text) resides
here.

Signed-off-by: Stefan Roese <sr@denx.de>
[paul.burton@mips.com: s/beeing/being/]
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: John Crispin <blogic@openwrt.org>
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: linux-mips@linux-mips.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/mips/ralink/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/mips/ralink/Kconfig b/arch/mips/ralink/Kconfig
index 1f9cb0e3c79a..613d61763433 100644
--- a/arch/mips/ralink/Kconfig
+++ b/arch/mips/ralink/Kconfig
@@ -38,6 +38,7 @@ choice
 
 	config SOC_MT7620
 		bool "MT7620/8"
+		select CPU_MIPSR2_IRQ_VI
 		select HW_HAS_PCI
 
 	config SOC_MT7621
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 226/258] cifs: check ntwrk_buf_start for NULL before dereferencing it
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (223 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 225/258] MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 227/258] f2fs: fix use-after-free issue when accessing sbi->stat_info Sasha Levin
                   ` (31 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Ronnie Sahlberg, Steve French, Sasha Levin, linux-cifs

From: Ronnie Sahlberg <lsahlber@redhat.com>

[ Upstream commit 59a63e479ce36a3f24444c3a36efe82b78e4a8e0 ]

RHBZ: 1021460

There is an issue where when multiple threads open/close the same directory
ntwrk_buf_start might end up being NULL, causing the call to smbCalcSize
later to oops with a NULL deref.

The real bug is why this happens and why this can become NULL for an
open cfile, which should not be allowed.
This patch tries to avoid a oops until the time when we fix the underlying
issue.

Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/cifs/readdir.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c
index e169e1a5fd35..3925a7bfc74d 100644
--- a/fs/cifs/readdir.c
+++ b/fs/cifs/readdir.c
@@ -655,7 +655,14 @@ find_cifs_entry(const unsigned int xid, struct cifs_tcon *tcon, loff_t pos,
 		/* scan and find it */
 		int i;
 		char *cur_ent;
-		char *end_of_smb = cfile->srch_inf.ntwrk_buf_start +
+		char *end_of_smb;
+
+		if (cfile->srch_inf.ntwrk_buf_start == NULL) {
+			cifs_dbg(VFS, "ntwrk_buf_start is NULL during readdir\n");
+			return -EIO;
+		}
+
+		end_of_smb = cfile->srch_inf.ntwrk_buf_start +
 			server->ops->calc_smb_size(
 					cfile->srch_inf.ntwrk_buf_start,
 					server);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 227/258] f2fs: fix use-after-free issue when accessing sbi->stat_info
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (224 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 226/258] cifs: check ntwrk_buf_start for NULL before dereferencing it Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 228/258] um: Avoid marking pages with "changed protection" Sasha Levin
                   ` (30 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sahitya Tummala, Jaegeuk Kim, Sasha Levin, linux-f2fs-devel

From: Sahitya Tummala <stummala@codeaurora.org>

[ Upstream commit 60aa4d5536ab7fe32433ca1173bd9d6633851f27 ]

iput() on sbi->node_inode can update sbi->stat_info
in the below context, if the f2fs_write_checkpoint()
has failed with error.

f2fs_balance_fs_bg+0x1ac/0x1ec
f2fs_write_node_pages+0x4c/0x260
do_writepages+0x80/0xbc
__writeback_single_inode+0xdc/0x4ac
writeback_single_inode+0x9c/0x144
write_inode_now+0xc4/0xec
iput+0x194/0x22c
f2fs_put_super+0x11c/0x1e8
generic_shutdown_super+0x70/0xf4
kill_block_super+0x2c/0x5c
kill_f2fs_super+0x44/0x50
deactivate_locked_super+0x60/0x8c
deactivate_super+0x68/0x74
cleanup_mnt+0x40/0x78

Fix this by moving f2fs_destroy_stats() further below iput() in
both f2fs_put_super() and f2fs_fill_super() paths.

Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/super.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
index 338138b34993..c9639ef0e8d5 100644
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@@ -1039,9 +1039,6 @@ static void f2fs_put_super(struct super_block *sb)
 		f2fs_write_checkpoint(sbi, &cpc);
 	}
 
-	/* f2fs_write_checkpoint can update stat informaion */
-	f2fs_destroy_stats(sbi);
-
 	/*
 	 * normally superblock is clean, so we need to release this.
 	 * In addition, EIO will skip do checkpoint, we need this as well.
@@ -1061,6 +1058,12 @@ static void f2fs_put_super(struct super_block *sb)
 	iput(sbi->node_inode);
 	iput(sbi->meta_inode);
 
+	/*
+	 * iput() can update stat information, if f2fs_write_checkpoint()
+	 * above failed with error.
+	 */
+	f2fs_destroy_stats(sbi);
+
 	/* destroy f2fs internal modules */
 	f2fs_destroy_node_manager(sbi);
 	f2fs_destroy_segment_manager(sbi);
@@ -2980,30 +2983,30 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
 
 	f2fs_build_gc_manager(sbi);
 
+	err = f2fs_build_stats(sbi);
+	if (err)
+		goto free_nm;
+
 	/* get an inode for node space */
 	sbi->node_inode = f2fs_iget(sb, F2FS_NODE_INO(sbi));
 	if (IS_ERR(sbi->node_inode)) {
 		f2fs_msg(sb, KERN_ERR, "Failed to read node inode");
 		err = PTR_ERR(sbi->node_inode);
-		goto free_nm;
+		goto free_stats;
 	}
 
-	err = f2fs_build_stats(sbi);
-	if (err)
-		goto free_node_inode;
-
 	/* read root inode and dentry */
 	root = f2fs_iget(sb, F2FS_ROOT_INO(sbi));
 	if (IS_ERR(root)) {
 		f2fs_msg(sb, KERN_ERR, "Failed to read root inode");
 		err = PTR_ERR(root);
-		goto free_stats;
+		goto free_node_inode;
 	}
 	if (!S_ISDIR(root->i_mode) || !root->i_blocks ||
 			!root->i_size || !root->i_nlink) {
 		iput(root);
 		err = -EINVAL;
-		goto free_stats;
+		goto free_node_inode;
 	}
 
 	sb->s_root = d_make_root(root); /* allocate root dentry */
@@ -3121,12 +3124,12 @@ static int f2fs_fill_super(struct super_block *sb, void *data, int silent)
 free_root_inode:
 	dput(sb->s_root);
 	sb->s_root = NULL;
-free_stats:
-	f2fs_destroy_stats(sbi);
 free_node_inode:
 	f2fs_release_ino_entry(sbi, true);
 	truncate_inode_pages_final(NODE_MAPPING(sbi));
 	iput(sbi->node_inode);
+free_stats:
+	f2fs_destroy_stats(sbi);
 free_nm:
 	f2fs_destroy_node_manager(sbi);
 free_sm:
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 228/258] um: Avoid marking pages with "changed protection"
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (225 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 227/258] f2fs: fix use-after-free issue when accessing sbi->stat_info Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 229/258] niu: fix missing checks of niu_pci_eeprom_read Sasha Levin
                   ` (29 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Anton Ivanov, Richard Weinberger, Sasha Levin, linux-um

From: Anton Ivanov <anton.ivanov@cambridgegreys.com>

[ Upstream commit 8892d8545f2d0342b9c550defbfb165db237044b ]

Changing protection is a very high cost operation in UML
because in addition to an extra syscall it also interrupts
mmap merge sequences generated by the tlb.

While the condition is not particularly common it is worth
avoiding.

Signed-off-by: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/um/include/asm/pgtable.h | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/arch/um/include/asm/pgtable.h b/arch/um/include/asm/pgtable.h
index 7485398d0737..9c04562310b3 100644
--- a/arch/um/include/asm/pgtable.h
+++ b/arch/um/include/asm/pgtable.h
@@ -197,12 +197,17 @@ static inline pte_t pte_mkold(pte_t pte)
 
 static inline pte_t pte_wrprotect(pte_t pte)
 { 
-	pte_clear_bits(pte, _PAGE_RW);
+	if (likely(pte_get_bits(pte, _PAGE_RW)))
+		pte_clear_bits(pte, _PAGE_RW);
+	else
+		return pte;
 	return(pte_mknewprot(pte)); 
 }
 
 static inline pte_t pte_mkread(pte_t pte)
 { 
+	if (unlikely(pte_get_bits(pte, _PAGE_USER)))
+		return pte;
 	pte_set_bits(pte, _PAGE_USER);
 	return(pte_mknewprot(pte)); 
 }
@@ -221,6 +226,8 @@ static inline pte_t pte_mkyoung(pte_t pte)
 
 static inline pte_t pte_mkwrite(pte_t pte)	
 {
+	if (unlikely(pte_get_bits(pte,  _PAGE_RW)))
+		return pte;
 	pte_set_bits(pte, _PAGE_RW);
 	return(pte_mknewprot(pte)); 
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 229/258] niu: fix missing checks of niu_pci_eeprom_read
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (226 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 228/258] um: Avoid marking pages with "changed protection" Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 230/258] f2fs: fix sbi->extent_list corruption issue Sasha Levin
                   ` (28 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Kangjie Lu, David S . Miller, Sasha Levin, netdev

From: Kangjie Lu <kjlu@umn.edu>

[ Upstream commit 26fd962bde0b15e54234fe762d86bc0349df1de4 ]

niu_pci_eeprom_read() may fail, so we should check its return value
before using the read data.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Acked-by: Shannon Nelson <shannon.lee.nelson@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/sun/niu.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c
index 9319d84bf49f..d84501441edd 100644
--- a/drivers/net/ethernet/sun/niu.c
+++ b/drivers/net/ethernet/sun/niu.c
@@ -8100,6 +8100,8 @@ static int niu_pci_vpd_scan_props(struct niu *np, u32 start, u32 end)
 		start += 3;
 
 		prop_len = niu_pci_eeprom_read(np, start + 4);
+		if (prop_len < 0)
+			return prop_len;
 		err = niu_pci_vpd_get_propname(np, start + 5, namebuf, 64);
 		if (err < 0)
 			return err;
@@ -8144,8 +8146,12 @@ static int niu_pci_vpd_scan_props(struct niu *np, u32 start, u32 end)
 			netif_printk(np, probe, KERN_DEBUG, np->dev,
 				     "VPD_SCAN: Reading in property [%s] len[%d]\n",
 				     namebuf, prop_len);
-			for (i = 0; i < prop_len; i++)
-				*prop_buf++ = niu_pci_eeprom_read(np, off + i);
+			for (i = 0; i < prop_len; i++) {
+				err = niu_pci_eeprom_read(np, off + i);
+				if (err >= 0)
+					*prop_buf = err;
+				++prop_buf;
+			}
 		}
 
 		start += len;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 230/258] f2fs: fix sbi->extent_list corruption issue
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (227 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 229/258] niu: fix missing checks of niu_pci_eeprom_read Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 231/258] cgroup: fix parsing empty mount option string Sasha Levin
                   ` (27 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Sahitya Tummala, Jaegeuk Kim, Sasha Levin, linux-f2fs-devel

From: Sahitya Tummala <stummala@codeaurora.org>

[ Upstream commit e4589fa545e0020dbbc3c9bde35f35f949901392 ]

When there is a failure in f2fs_fill_super() after/during
the recovery of fsync'd nodes, it frees the current sbi and
retries again. This time the mount is successful, but the files
that got recovered before retry, still holds the extent tree,
whose extent nodes list is corrupted since sbi and sbi->extent_list
is freed up. The list_del corruption issue is observed when the
file system is getting unmounted and when those recoverd files extent
node is being freed up in the below context.

list_del corruption. prev->next should be fffffff1e1ef5480, but was (null)
<...>
kernel BUG at kernel/msm-4.14/lib/list_debug.c:53!
lr : __list_del_entry_valid+0x94/0xb4
pc : __list_del_entry_valid+0x94/0xb4
<...>
Call trace:
__list_del_entry_valid+0x94/0xb4
__release_extent_node+0xb0/0x114
__free_extent_tree+0x58/0x7c
f2fs_shrink_extent_tree+0xdc/0x3b0
f2fs_leave_shrinker+0x28/0x7c
f2fs_put_super+0xfc/0x1e0
generic_shutdown_super+0x70/0xf4
kill_block_super+0x2c/0x5c
kill_f2fs_super+0x44/0x50
deactivate_locked_super+0x60/0x8c
deactivate_super+0x68/0x74
cleanup_mnt+0x40/0x78
__cleanup_mnt+0x1c/0x28
task_work_run+0x48/0xd0
do_notify_resume+0x678/0xe98
work_pending+0x8/0x14

Fix this by not creating extents for those recovered files if shrinker is
not registered yet. Once mount is successful and shrinker is registered,
those files can have extents again.

Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/f2fs/f2fs.h     | 11 ++++++++++-
 fs/f2fs/shrinker.c |  2 +-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 462a2fb8aa69..eea2811dc672 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -2614,10 +2614,19 @@ static inline bool is_dot_dotdot(const struct qstr *str)
 
 static inline bool f2fs_may_extent_tree(struct inode *inode)
 {
-	if (!test_opt(F2FS_I_SB(inode), EXTENT_CACHE) ||
+	struct f2fs_sb_info *sbi = F2FS_I_SB(inode);
+
+	if (!test_opt(sbi, EXTENT_CACHE) ||
 			is_inode_flag_set(inode, FI_NO_EXTENT))
 		return false;
 
+	/*
+	 * for recovered files during mount do not create extents
+	 * if shrinker is not registered.
+	 */
+	if (list_empty(&sbi->s_list))
+		return false;
+
 	return S_ISREG(inode->i_mode);
 }
 
diff --git a/fs/f2fs/shrinker.c b/fs/f2fs/shrinker.c
index 36cfd816c160..29042e6d5126 100644
--- a/fs/f2fs/shrinker.c
+++ b/fs/f2fs/shrinker.c
@@ -138,6 +138,6 @@ void f2fs_leave_shrinker(struct f2fs_sb_info *sbi)
 	f2fs_shrink_extent_tree(sbi, __count_extent_cache(sbi));
 
 	spin_lock(&f2fs_list_lock);
-	list_del(&sbi->s_list);
+	list_del_init(&sbi->s_list);
 	spin_unlock(&f2fs_list_lock);
 }
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 231/258] cgroup: fix parsing empty mount option string
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (228 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 230/258] f2fs: fix sbi->extent_list corruption issue Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 232/258] perf python: Do not force closing original perf descriptor in evlist.get_pollfd() Sasha Levin
                   ` (26 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Ondrej Mosnacek, Tejun Heo, Sasha Levin

From: Ondrej Mosnacek <omosnace@redhat.com>

[ Upstream commit e250d91d65750a0c0c62483ac4f9f357e7317617 ]

This fixes the case where all mount options specified are consumed by an
LSM and all that's left is an empty string. In this case cgroupfs should
accept the string and not fail.

How to reproduce (with SELinux enabled):

    # umount /sys/fs/cgroup/unified
    # mount -o context=system_u:object_r:cgroup_t:s0 -t cgroup2 cgroup2 /sys/fs/cgroup/unified
    mount: /sys/fs/cgroup/unified: wrong fs type, bad option, bad superblock on cgroup2, missing codepage or helper program, or other error.
    # dmesg | tail -n 1
    [   31.575952] cgroup: cgroup2: unknown option ""

Fixes: 67e9c74b8a87 ("cgroup: replace __DEVEL__sane_behavior with cgroup2 fs type")
[NOTE: should apply on top of commit 5136f6365ce3 ("cgroup: implement "nsdelegate" mount option"), older versions need manual rebase]
Suggested-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/cgroup/cgroup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 1aa517908561..e578c3999970 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -1743,7 +1743,7 @@ static int parse_cgroup_root_flags(char *data, unsigned int *root_flags)
 
 	*root_flags = 0;
 
-	if (!data)
+	if (!data || *data == '\0')
 		return 0;
 
 	while ((token = strsep(&data, ",")) != NULL) {
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 232/258] perf python: Do not force closing original perf descriptor in evlist.get_pollfd()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (229 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 231/258] cgroup: fix parsing empty mount option string Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 233/258] scripts/decode_stacktrace: only strip base path when a prefix of the path Sasha Levin
                   ` (25 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Jiri Olsa, Alexander Shishkin, Jaroslav Škarvada,
	Namhyung Kim, Peter Zijlstra, Arnaldo Carvalho de Melo,
	Sasha Levin

From: Jiri Olsa <jolsa@kernel.org>

[ Upstream commit a389aece97938966616ce0336466b98b0351ef10 ]

Ondřej reported that when compiled with python3, the python extension
regresses in evlist.get_pollfd function behaviour.

The evlist.get_pollfd function creates file objects from evlist's fds
and returns them in a list. The python3 version also sets them to 'close
the original descriptor' when the object dies (is closed), by passing
True via the 'closefd' arg in the PyFile_FromFd call.

The python's closefd doc says:

  If closefd is False, the underlying file descriptor will be kept open
  when the file is closed.

That's why the following line in python3 closes all evlist fds:

  evlist.get_pollfd()

the returned list is immediately destroyed and that takes down the
original events fds.

Passing closefd as False to PyFile_FromFd to fix this.

Reported-by: Ondřej Lysoněk <olysonek@redhat.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jaroslav Škarvada <jskarvad@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: 66dfdff03d19 ("perf tools: Add Python 3 support")
Link: http://lkml.kernel.org/r/20181226112121.5285-1-jolsa@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 tools/perf/util/python.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/perf/util/python.c b/tools/perf/util/python.c
index ce501ba14b08..69f5f6142dcf 100644
--- a/tools/perf/util/python.c
+++ b/tools/perf/util/python.c
@@ -939,7 +939,8 @@ static PyObject *pyrf_evlist__get_pollfd(struct pyrf_evlist *pevlist,
 
 		file = PyFile_FromFile(fp, "perf", "r", NULL);
 #else
-		file = PyFile_FromFd(evlist->pollfd.entries[i].fd, "perf", "r", -1, NULL, NULL, NULL, 1);
+		file = PyFile_FromFd(evlist->pollfd.entries[i].fd, "perf", "r", -1,
+				     NULL, NULL, NULL, 0);
 #endif
 		if (file == NULL)
 			goto free_list;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 233/258] scripts/decode_stacktrace: only strip base path when a prefix of the path
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (230 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 232/258] perf python: Do not force closing original perf descriptor in evlist.get_pollfd() Sasha Levin
@ 2019-01-28 15:58 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 234/258] arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning Sasha Levin
                   ` (24 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:58 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Marc Zyngier, Will Deacon, Andrew Morton, Linus Torvalds, Sasha Levin

From: Marc Zyngier <marc.zyngier@arm.com>

[ Upstream commit 67a28de47faa83585dd644bd4c31e5a1d9346c50 ]

Running something like:

	decodecode vmlinux .

leads to interested results where not only the leading "." gets stripped
from the displayed paths, but also anywhere in the string, displaying
something like:

	kvm_vcpu_check_block (arch/arm64/kvm/virt/kvm/kvm_mainc:2141)

which doesn't help further processing.

Fix it by only stripping the base path if it is a prefix of the path.

Link: http://lkml.kernel.org/r/20181210174659.31054-3-marc.zyngier@arm.com
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 scripts/decode_stacktrace.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/decode_stacktrace.sh b/scripts/decode_stacktrace.sh
index 64220e36ce3b..98a7d63a723e 100755
--- a/scripts/decode_stacktrace.sh
+++ b/scripts/decode_stacktrace.sh
@@ -78,7 +78,7 @@ parse_symbol() {
 	fi
 
 	# Strip out the base of the path
-	code=${code//$basepath/""}
+	code=${code//^$basepath/""}
 
 	# In the case of inlines, move everything to same line
 	code=${code//$'\n'/' '}
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 234/258] arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (231 preceding siblings ...)
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 233/258] scripts/decode_stacktrace: only strip base path when a prefix of the path Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 235/258] mm/page_owner: clamp read count to PAGE_SIZE Sasha Levin
                   ` (23 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Randy Dunlap, Yoshinori Sato, Rich Felker, Jacopo Mondi,
	Magnus Damm, Andrew Morton, Linus Torvalds, Sasha Levin,
	linux-sh

From: Randy Dunlap <rdunlap@infradead.org>

[ Upstream commit 440e7b379f91acd245d5c8de94d533f40f5dffb3 ]

arch/sh/boards/mach-kfr2r09/setup.c does not need to #include
<mtd/onenand.h>, and doing so causes a build warning, so drop that header
file.

In file included from ../arch/sh/boards/mach-kfr2r09/setup.c:28:
../include/linux/mtd/onenand.h:225:12: warning: 'struct mtd_oob_ops' declared inside parameter list will not be visible outside of this definition or declaration
     struct mtd_oob_ops *ops);

Link: http://lkml.kernel.org/r/702f0a25-c63e-6912-4640-6ab0f00afbc7@infradead.org
Fixes: f3590dc32974 ("media: arch: sh: kfr2r09: Use new renesas-ceu camera driver")

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Suggested-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Cc: Rich Felker <dalias@libc.org>
Cc: Jacopo Mondi <jacopo+renesas@jmondi.org>
Cc: Magnus Damm <magnus.damm@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/sh/boards/mach-kfr2r09/setup.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/arch/sh/boards/mach-kfr2r09/setup.c b/arch/sh/boards/mach-kfr2r09/setup.c
index e59c577ed871..c70bc7809dda 100644
--- a/arch/sh/boards/mach-kfr2r09/setup.c
+++ b/arch/sh/boards/mach-kfr2r09/setup.c
@@ -25,7 +25,6 @@
 #include <linux/memblock.h>
 #include <linux/mfd/tmio.h>
 #include <linux/mmc/host.h>
-#include <linux/mtd/onenand.h>
 #include <linux/mtd/physmap.h>
 #include <linux/platform_data/lv5207lp.h>
 #include <linux/platform_device.h>
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 235/258] mm/page_owner: clamp read count to PAGE_SIZE
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (232 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 234/258] arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 236/258] ocfs2: don't clear bh uptodate for block read Sasha Levin
                   ` (22 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Miles Chen, Joe Perches, Matthew Wilcox, Andrew Morton,
	Linus Torvalds, Sasha Levin, linux-mm

From: Miles Chen <miles.chen@mediatek.com>

[ Upstream commit c8f61cfc871fadfb73ad3eacd64fda457279e911 ]

The (root-only) page owner read might allocate a large size of memory with
a large read count.  Allocation fails can easily occur when doing high
order allocations.

Clamp buffer size to PAGE_SIZE to avoid arbitrary size allocation
and avoid allocation fails due to high order allocation.

[akpm@linux-foundation.org: use min_t()]
Link: http://lkml.kernel.org/r/1541091607-27402-1-git-send-email-miles.chen@mediatek.com
Signed-off-by: Miles Chen <miles.chen@mediatek.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/page_owner.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mm/page_owner.c b/mm/page_owner.c
index d80adfe702d3..9ad588444671 100644
--- a/mm/page_owner.c
+++ b/mm/page_owner.c
@@ -351,6 +351,7 @@ print_page_owner(char __user *buf, size_t count, unsigned long pfn,
 		.skip = 0
 	};
 
+	count = min_t(size_t, count, PAGE_SIZE);
 	kbuf = kmalloc(count, GFP_KERNEL);
 	if (!kbuf)
 		return -ENOMEM;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 236/258] ocfs2: don't clear bh uptodate for block read
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (233 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 235/258] mm/page_owner: clamp read count to PAGE_SIZE Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 237/258] ocfs2: improve ocfs2 Makefile Sasha Levin
                   ` (21 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Junxiao Bi, Joel Becker, Joseph Qi, Jun Piao, Mark Fasheh,
	Andrew Morton, Linus Torvalds, Sasha Levin

From: Junxiao Bi <junxiao.bi@oracle.com>

[ Upstream commit 70306d9dce75abde855cefaf32b3f71eed8602a3 ]

For sync io read in ocfs2_read_blocks_sync(), first clear bh uptodate flag
and submit the io, second wait io done, last check whether bh uptodate, if
not return io error.

If two sync io for the same bh were issued, it could be the first io done
and set uptodate flag, but just before check that flag, the second io came
in and cleared uptodate, then ocfs2_read_blocks_sync() for the first io
will return IO error.

Indeed it's not necessary to clear uptodate flag, as the io end handler
end_buffer_read_sync() will set or clear it based on io succeed or failed.

The following message was found from a nfs server but the underlying
storage returned no error.

[4106438.567376] (nfsd,7146,3):ocfs2_get_suballoc_slot_bit:2780 ERROR: read block 1238823695 failed -5
[4106438.567569] (nfsd,7146,3):ocfs2_get_suballoc_slot_bit:2812 ERROR: status = -5
[4106438.567611] (nfsd,7146,3):ocfs2_test_inode_bit:2894 ERROR: get alloc slot and bit failed -5
[4106438.567643] (nfsd,7146,3):ocfs2_test_inode_bit:2932 ERROR: status = -5
[4106438.567675] (nfsd,7146,3):ocfs2_get_dentry:94 ERROR: test inode bit failed -5

Same issue in non sync read ocfs2_read_blocks(), fixed it as well.

Link: http://lkml.kernel.org/r/20181121020023.3034-4-junxiao.bi@oracle.com
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Changwei Ge <ge.changwei@h3c.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: Mark Fasheh <mfasheh@versity.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ocfs2/buffer_head_io.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/fs/ocfs2/buffer_head_io.c b/fs/ocfs2/buffer_head_io.c
index 1d098c3c00e0..9f8250df99f1 100644
--- a/fs/ocfs2/buffer_head_io.c
+++ b/fs/ocfs2/buffer_head_io.c
@@ -152,7 +152,6 @@ int ocfs2_read_blocks_sync(struct ocfs2_super *osb, u64 block,
 #endif
 		}
 
-		clear_buffer_uptodate(bh);
 		get_bh(bh); /* for end_buffer_read_sync() */
 		bh->b_end_io = end_buffer_read_sync;
 		submit_bh(REQ_OP_READ, 0, bh);
@@ -306,7 +305,6 @@ int ocfs2_read_blocks(struct ocfs2_caching_info *ci, u64 block, int nr,
 				continue;
 			}
 
-			clear_buffer_uptodate(bh);
 			get_bh(bh); /* for end_buffer_read_sync() */
 			if (validate)
 				set_buffer_needs_validate(bh);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 237/258] ocfs2: improve ocfs2 Makefile
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (234 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 236/258] ocfs2: don't clear bh uptodate for block read Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 238/258] mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init Sasha Levin
                   ` (20 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Larry Chen, Mark Fasheh, Joel Becker, Junxiao Bi, Joseph Qi,
	Changwei Ge, Andrew Morton, Linus Torvalds, Sasha Levin

From: Larry Chen <lchen@suse.com>

[ Upstream commit 9e6aea22802b5684c7e1d69822aeb0844dd01953 ]

Included file path was hard-wired in the ocfs2 makefile, which might
causes some confusion when compiling ocfs2 as an external module.

Say if we compile ocfs2 module as following.
cp -r /kernel/tree/fs/ocfs2 /other/dir/ocfs2
cd /other/dir/ocfs2
make -C /path/to/kernel_source M=`pwd` modules

Acutally, the compiler wil try to find included file in
/kernel/tree/fs/ocfs2, rather than the directory /other/dir/ocfs2.

To fix this little bug, we introduce the var $(src) provided by kbuild.
$(src) means the absolute path of the running kbuild file.

Link: http://lkml.kernel.org/r/20181108085546.15149-1-lchen@suse.com
Signed-off-by: Larry Chen <lchen@suse.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Joseph Qi <jiangqi903@gmail.com>
Cc: Changwei Ge <ge.changwei@h3c.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ocfs2/Makefile       | 2 +-
 fs/ocfs2/dlm/Makefile   | 2 +-
 fs/ocfs2/dlmfs/Makefile | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/ocfs2/Makefile b/fs/ocfs2/Makefile
index 99ee093182cb..cc9b32b9db7c 100644
--- a/fs/ocfs2/Makefile
+++ b/fs/ocfs2/Makefile
@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: GPL-2.0
-ccflags-y := -Ifs/ocfs2
+ccflags-y := -I$(src)
 
 obj-$(CONFIG_OCFS2_FS) += 	\
 	ocfs2.o			\
diff --git a/fs/ocfs2/dlm/Makefile b/fs/ocfs2/dlm/Makefile
index bd1aab1f49a4..ef2854422a6e 100644
--- a/fs/ocfs2/dlm/Makefile
+++ b/fs/ocfs2/dlm/Makefile
@@ -1,4 +1,4 @@
-ccflags-y := -Ifs/ocfs2
+ccflags-y := -I$(src)/..
 
 obj-$(CONFIG_OCFS2_FS_O2CB) += ocfs2_dlm.o
 
diff --git a/fs/ocfs2/dlmfs/Makefile b/fs/ocfs2/dlmfs/Makefile
index eed3db8c5b49..33431a0296a3 100644
--- a/fs/ocfs2/dlmfs/Makefile
+++ b/fs/ocfs2/dlmfs/Makefile
@@ -1,4 +1,4 @@
-ccflags-y := -Ifs/ocfs2
+ccflags-y := -I$(src)/..
 
 obj-$(CONFIG_OCFS2_FS) += ocfs2_dlmfs.o
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 238/258] mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (235 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 237/258] ocfs2: improve ocfs2 Makefile Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 239/258] zram: fix lockdep warning of free block handling Sasha Levin
                   ` (19 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Waiman Long, Andrey Ryabinin, Alexander Potapenko, Dmitry Vyukov,
	Michal Hocko, Pasha Tatashin, Oscar Salvador, Andrew Morton,
	Linus Torvalds, Sasha Levin, linux-mm

From: Waiman Long <longman@redhat.com>

[ Upstream commit 3c0c12cc8f00ca5f81acb010023b8eb13e9a7004 ]

When CONFIG_KASAN is enabled on large memory SMP systems, the deferrred
pages initialization can take a long time.  Below were the reported init
times on a 8-socket 96-core 4TB IvyBridge system.

  1) Non-debug kernel without CONFIG_KASAN
     [    8.764222] node 1 initialised, 132086516 pages in 7027ms

  2) Debug kernel with CONFIG_KASAN
     [  146.288115] node 1 initialised, 132075466 pages in 143052ms

So the page init time in a debug kernel was 20X of the non-debug kernel.
The long init time can be problematic as the page initialization is done
with interrupt disabled.  In this particular case, it caused the
appearance of following warning messages as well as NMI backtraces of all
the cores that were doing the initialization.

[   68.240049] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
[   68.241000] rcu: 	25-...0: (100 ticks this GP) idle=b72/1/0x4000000000000000 softirq=915/915 fqs=16252
[   68.241000] rcu: 	44-...0: (95 ticks this GP) idle=49a/1/0x4000000000000000 softirq=788/788 fqs=16253
[   68.241000] rcu: 	54-...0: (104 ticks this GP) idle=03a/1/0x4000000000000000 softirq=721/825 fqs=16253
[   68.241000] rcu: 	60-...0: (103 ticks this GP) idle=cbe/1/0x4000000000000000 softirq=637/740 fqs=16253
[   68.241000] rcu: 	72-...0: (105 ticks this GP) idle=786/1/0x4000000000000000 softirq=536/641 fqs=16253
[   68.241000] rcu: 	84-...0: (99 ticks this GP) idle=292/1/0x4000000000000000 softirq=537/537 fqs=16253
[   68.241000] rcu: 	111-...0: (104 ticks this GP) idle=bde/1/0x4000000000000000 softirq=474/476 fqs=16253
[   68.241000] rcu: 	(detected by 13, t=65018 jiffies, g=249, q=2)

The long init time was mainly caused by the call to kasan_free_pages() to
poison the newly initialized pages.  On a 4TB system, we are talking about
almost 500GB of memory probably on the same node.

In reality, we may not need to poison the newly initialized pages before
they are ever allocated.  So KASAN poisoning of freed pages before the
completion of deferred memory initialization is now disabled.  Those pages
will be properly poisoned when they are allocated or freed after deferred
pages initialization is done.

With this change, the new page initialization time became:

[   21.948010] node 1 initialised, 132075466 pages in 18702ms

This was still about double the non-debug kernel time, but was much
better than before.

Link: http://lkml.kernel.org/r/1544459388-8736-1-git-send-email-longman@redhat.com
Signed-off-by: Waiman Long <longman@redhat.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Pasha Tatashin <Pavel.Tatashin@microsoft.com>
Cc: Oscar Salvador <osalvador@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 mm/page_alloc.c | 37 +++++++++++++++++++++++++++++--------
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 93e73ccb4dec..b87dc47db5ed 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -294,6 +294,32 @@ EXPORT_SYMBOL(nr_online_nodes);
 int page_group_by_mobility_disabled __read_mostly;
 
 #ifdef CONFIG_DEFERRED_STRUCT_PAGE_INIT
+/*
+ * During boot we initialize deferred pages on-demand, as needed, but once
+ * page_alloc_init_late() has finished, the deferred pages are all initialized,
+ * and we can permanently disable that path.
+ */
+static DEFINE_STATIC_KEY_TRUE(deferred_pages);
+
+/*
+ * Calling kasan_free_pages() only after deferred memory initialization
+ * has completed. Poisoning pages during deferred memory init will greatly
+ * lengthen the process and cause problem in large memory systems as the
+ * deferred pages initialization is done with interrupt disabled.
+ *
+ * Assuming that there will be no reference to those newly initialized
+ * pages before they are ever allocated, this should have no effect on
+ * KASAN memory tracking as the poison will be properly inserted at page
+ * allocation time. The only corner case is when pages are allocated by
+ * on-demand allocation and then freed again before the deferred pages
+ * initialization is done, but this is not likely to happen.
+ */
+static inline void kasan_free_nondeferred_pages(struct page *page, int order)
+{
+	if (!static_branch_unlikely(&deferred_pages))
+		kasan_free_pages(page, order);
+}
+
 /* Returns true if the struct page for the pfn is uninitialised */
 static inline bool __meminit early_page_uninitialised(unsigned long pfn)
 {
@@ -326,6 +352,8 @@ static inline bool update_defer_init(pg_data_t *pgdat,
 	return true;
 }
 #else
+#define kasan_free_nondeferred_pages(p, o)	kasan_free_pages(p, o)
+
 static inline bool early_page_uninitialised(unsigned long pfn)
 {
 	return false;
@@ -1030,7 +1058,7 @@ static __always_inline bool free_pages_prepare(struct page *page,
 	arch_free_page(page, order);
 	kernel_poison_pages(page, 1 << order, 0);
 	kernel_map_pages(page, 1 << order, 0);
-	kasan_free_pages(page, order);
+	kasan_free_nondeferred_pages(page, order);
 
 	return true;
 }
@@ -1593,13 +1621,6 @@ static int __init deferred_init_memmap(void *data)
 	return 0;
 }
 
-/*
- * During boot we initialize deferred pages on-demand, as needed, but once
- * page_alloc_init_late() has finished, the deferred pages are all initialized,
- * and we can permanently disable that path.
- */
-static DEFINE_STATIC_KEY_TRUE(deferred_pages);
-
 /*
  * If this zone has deferred pages, try to grow it by initializing enough
  * deferred pages to satisfy the allocation specified by order, rounded up to
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 239/258] zram: fix lockdep warning of free block handling
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (236 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 238/258] mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 240/258] isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() Sasha Levin
                   ` (18 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Minchan Kim, Andrew Morton, Linus Torvalds, Sasha Levin, linux-block

From: Minchan Kim <minchan@kernel.org>

[ Upstream commit 3c9959e025472122a61faebb208525cf26b305d1 ]

Patch series "zram idle page writeback", v3.

Inherently, swap device has many idle pages which are rare touched since
it was allocated.  It is never problem if we use storage device as swap.
However, it's just waste for zram-swap.

This patchset supports zram idle page writeback feature.

* Admin can define what is idle page "no access since X time ago"
* Admin can define when zram should writeback them
* Admin can define when zram should stop writeback to prevent wearout

Details are in each patch's description.

This patch (of 7):

  ================================
  WARNING: inconsistent lock state
  4.19.0+ #390 Not tainted
  --------------------------------
  inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
  zram_verify/2095 [HC0[0]:SC1[1]:HE1:SE0] takes:
  00000000b1828693 (&(&zram->bitmap_lock)->rlock){+.?.}, at: put_entry_bdev+0x1e/0x50
  {SOFTIRQ-ON-W} state was registered at:
    _raw_spin_lock+0x2c/0x40
    zram_make_request+0x755/0xdc9
    generic_make_request+0x373/0x6a0
    submit_bio+0x6c/0x140
    __swap_writepage+0x3a8/0x480
    shrink_page_list+0x1102/0x1a60
    shrink_inactive_list+0x21b/0x3f0
    shrink_node_memcg.constprop.99+0x4f8/0x7e0
    shrink_node+0x7d/0x2f0
    do_try_to_free_pages+0xe0/0x300
    try_to_free_pages+0x116/0x2b0
    __alloc_pages_slowpath+0x3f4/0xf80
    __alloc_pages_nodemask+0x2a2/0x2f0
    __handle_mm_fault+0x42e/0xb50
    handle_mm_fault+0x55/0xb0
    __do_page_fault+0x235/0x4b0
    page_fault+0x1e/0x30
  irq event stamp: 228412
  hardirqs last  enabled at (228412): [<ffffffff98245846>] __slab_free+0x3e6/0x600
  hardirqs last disabled at (228411): [<ffffffff98245625>] __slab_free+0x1c5/0x600
  softirqs last  enabled at (228396): [<ffffffff98e0031e>] __do_softirq+0x31e/0x427
  softirqs last disabled at (228403): [<ffffffff98072051>] irq_exit+0xd1/0xe0

  other info that might help us debug this:
   Possible unsafe locking scenario:

         CPU0
         ----
    lock(&(&zram->bitmap_lock)->rlock);
    <Interrupt>
      lock(&(&zram->bitmap_lock)->rlock);

   *** DEADLOCK ***

  no locks held by zram_verify/2095.

  stack backtrace:
  CPU: 5 PID: 2095 Comm: zram_verify Not tainted 4.19.0+ #390
  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
  Call Trace:
   <IRQ>
   dump_stack+0x67/0x9b
   print_usage_bug+0x1bd/0x1d3
   mark_lock+0x4aa/0x540
   __lock_acquire+0x51d/0x1300
   lock_acquire+0x90/0x180
   _raw_spin_lock+0x2c/0x40
   put_entry_bdev+0x1e/0x50
   zram_free_page+0xf6/0x110
   zram_slot_free_notify+0x42/0xa0
   end_swap_bio_read+0x5b/0x170
   blk_update_request+0x8f/0x340
   scsi_end_request+0x2c/0x1e0
   scsi_io_completion+0x98/0x650
   blk_done_softirq+0x9e/0xd0
   __do_softirq+0xcc/0x427
   irq_exit+0xd1/0xe0
   do_IRQ+0x93/0x120
   common_interrupt+0xf/0xf
   </IRQ>

With writeback feature, zram_slot_free_notify could be called in softirq
context by end_swap_bio_read.  However, bitmap_lock is not aware of that
so lockdep yell out:

  get_entry_bdev
  spin_lock(bitmap->lock);
  irq
  softirq
  end_swap_bio_read
  zram_slot_free_notify
  zram_slot_lock <-- deadlock prone
  zram_free_page
  put_entry_bdev
  spin_lock(bitmap->lock); <-- deadlock prone

With akpm's suggestion (i.e.  bitmap operation is already atomic), we
could remove bitmap lock.  It might fail to find a empty slot if serious
contention happens.  However, it's not severe problem because huge page
writeback has already possiblity to fail if there is severe memory
pressure.  Worst case is just keeping the incompressible in memory, not
storage.

The other problem is zram_slot_lock in zram_slot_slot_free_notify.  To
make it safe is this patch introduces zram_slot_trylock where
zram_slot_free_notify uses it.  Although it's rare to be contented, this
patch adds new debug stat "miss_free" to keep monitoring how often it
happens.

Link: http://lkml.kernel.org/r/20181127055429.251614-2-minchan@kernel.org
Signed-off-by: Minchan Kim <minchan@kernel.org>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Reviewed-by: Joey Pabalinas <joeypabalinas@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/zram/zram_drv.c | 38 +++++++++++++++++++----------------
 drivers/block/zram/zram_drv.h |  2 +-
 2 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
index e19bf0a750cf..a65505db09e5 100644
--- a/drivers/block/zram/zram_drv.c
+++ b/drivers/block/zram/zram_drv.c
@@ -53,6 +53,11 @@ static size_t huge_class_size;
 
 static void zram_free_page(struct zram *zram, size_t index);
 
+static int zram_slot_trylock(struct zram *zram, u32 index)
+{
+	return bit_spin_trylock(ZRAM_LOCK, &zram->table[index].value);
+}
+
 static void zram_slot_lock(struct zram *zram, u32 index)
 {
 	bit_spin_lock(ZRAM_LOCK, &zram->table[index].value);
@@ -401,7 +406,6 @@ static ssize_t backing_dev_store(struct device *dev,
 		goto out;
 
 	reset_bdev(zram);
-	spin_lock_init(&zram->bitmap_lock);
 
 	zram->old_block_size = old_block_size;
 	zram->bdev = bdev;
@@ -445,29 +449,24 @@ static ssize_t backing_dev_store(struct device *dev,
 
 static unsigned long get_entry_bdev(struct zram *zram)
 {
-	unsigned long entry;
-
-	spin_lock(&zram->bitmap_lock);
+	unsigned long blk_idx = 1;
+retry:
 	/* skip 0 bit to confuse zram.handle = 0 */
-	entry = find_next_zero_bit(zram->bitmap, zram->nr_pages, 1);
-	if (entry == zram->nr_pages) {
-		spin_unlock(&zram->bitmap_lock);
+	blk_idx = find_next_zero_bit(zram->bitmap, zram->nr_pages, blk_idx);
+	if (blk_idx == zram->nr_pages)
 		return 0;
-	}
 
-	set_bit(entry, zram->bitmap);
-	spin_unlock(&zram->bitmap_lock);
+	if (test_and_set_bit(blk_idx, zram->bitmap))
+		goto retry;
 
-	return entry;
+	return blk_idx;
 }
 
 static void put_entry_bdev(struct zram *zram, unsigned long entry)
 {
 	int was_set;
 
-	spin_lock(&zram->bitmap_lock);
 	was_set = test_and_clear_bit(entry, zram->bitmap);
-	spin_unlock(&zram->bitmap_lock);
 	WARN_ON_ONCE(!was_set);
 }
 
@@ -888,9 +887,10 @@ static ssize_t debug_stat_show(struct device *dev,
 
 	down_read(&zram->init_lock);
 	ret = scnprintf(buf, PAGE_SIZE,
-			"version: %d\n%8llu\n",
+			"version: %d\n%8llu %8llu\n",
 			version,
-			(u64)atomic64_read(&zram->stats.writestall));
+			(u64)atomic64_read(&zram->stats.writestall),
+			(u64)atomic64_read(&zram->stats.miss_free));
 	up_read(&zram->init_lock);
 
 	return ret;
@@ -1402,10 +1402,14 @@ static void zram_slot_free_notify(struct block_device *bdev,
 
 	zram = bdev->bd_disk->private_data;
 
-	zram_slot_lock(zram, index);
+	atomic64_inc(&zram->stats.notify_free);
+	if (!zram_slot_trylock(zram, index)) {
+		atomic64_inc(&zram->stats.miss_free);
+		return;
+	}
+
 	zram_free_page(zram, index);
 	zram_slot_unlock(zram, index);
-	atomic64_inc(&zram->stats.notify_free);
 }
 
 static int zram_rw_page(struct block_device *bdev, sector_t sector,
diff --git a/drivers/block/zram/zram_drv.h b/drivers/block/zram/zram_drv.h
index 72c8584b6dff..d1095dfdffa8 100644
--- a/drivers/block/zram/zram_drv.h
+++ b/drivers/block/zram/zram_drv.h
@@ -79,6 +79,7 @@ struct zram_stats {
 	atomic64_t pages_stored;	/* no. of pages currently stored */
 	atomic_long_t max_used_pages;	/* no. of maximum pages stored */
 	atomic64_t writestall;		/* no. of write slow paths */
+	atomic64_t miss_free;		/* no. of missed free */
 };
 
 struct zram {
@@ -110,7 +111,6 @@ struct zram {
 	unsigned int old_block_size;
 	unsigned long *bitmap;
 	unsigned long nr_pages;
-	spinlock_t bitmap_lock;
 #endif
 #ifdef CONFIG_ZRAM_MEMORY_TRACKING
 	struct dentry *debugfs_dir;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 240/258] isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (237 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 239/258] zram: fix lockdep warning of free block handling Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 241/258] gdrom: fix a memory leak bug Sasha Levin
                   ` (17 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Jia-Ju Bai, David S . Miller, Sasha Levin, netdev

From: Jia-Ju Bai <baijiaju1990@gmail.com>

[ Upstream commit 7418e6520f22a2e35815122fa5a53d5bbfa2c10f ]

In drivers/isdn/hisax/hfc_pci.c, the functions hfcpci_interrupt() and
HFCPCI_l1hw() may be concurrently executed.

HFCPCI_l1hw()
  line 1173: if (!cs->tx_skb)

hfcpci_interrupt()
  line 942: spin_lock_irqsave();
  line 1066: dev_kfree_skb_irq(cs->tx_skb);

Thus, a possible concurrency use-after-free bug may occur
in HFCPCI_l1hw().

To fix these bugs, the calls to spin_lock_irqsave() and
spin_unlock_irqrestore() are added in HFCPCI_l1hw(), to protect the
access to cs->tx_skb.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/isdn/hisax/hfc_pci.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/isdn/hisax/hfc_pci.c b/drivers/isdn/hisax/hfc_pci.c
index 8e5b03161b2f..64a63711fd95 100644
--- a/drivers/isdn/hisax/hfc_pci.c
+++ b/drivers/isdn/hisax/hfc_pci.c
@@ -1170,11 +1170,13 @@ HFCPCI_l1hw(struct PStack *st, int pr, void *arg)
 		if (cs->debug & L1_DEB_LAPD)
 			debugl1(cs, "-> PH_REQUEST_PULL");
 #endif
+		spin_lock_irqsave(&cs->lock, flags);
 		if (!cs->tx_skb) {
 			test_and_clear_bit(FLG_L1_PULL_REQ, &st->l1.Flags);
 			st->l1.l1l2(st, PH_PULL | CONFIRM, NULL);
 		} else
 			test_and_set_bit(FLG_L1_PULL_REQ, &st->l1.Flags);
+		spin_unlock_irqrestore(&cs->lock, flags);
 		break;
 	case (HW_RESET | REQUEST):
 		spin_lock_irqsave(&cs->lock, flags);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 241/258] gdrom: fix a memory leak bug
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (238 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 240/258] isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 242/258] fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() Sasha Levin
                   ` (16 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Wenwen Wang, Jens Axboe, Sasha Levin

From: Wenwen Wang <wang6495@umn.edu>

[ Upstream commit 093c48213ee37c3c3ff1cf5ac1aa2a9d8bc66017 ]

In probe_gdrom(), the buffer pointed by 'gd.cd_info' is allocated through
kzalloc() and is used to hold the information of the gdrom device. To
register and unregister the device, the pointer 'gd.cd_info' is passed to
the functions register_cdrom() and unregister_cdrom(), respectively.
However, this buffer is not freed after it is used, which can cause a
memory leak bug.

This patch simply frees the buffer 'gd.cd_info' in exit_gdrom() to fix the
above issue.

Signed-off-by: Wenwen Wang <wang6495@umn.edu>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/cdrom/gdrom.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
index ae3a7537cf0f..72cd96a8eb19 100644
--- a/drivers/cdrom/gdrom.c
+++ b/drivers/cdrom/gdrom.c
@@ -889,6 +889,7 @@ static void __exit exit_gdrom(void)
 	platform_device_unregister(pd);
 	platform_driver_unregister(&gdrom_driver);
 	kfree(gd.toc);
+	kfree(gd.cd_info);
 }
 
 module_init(init_gdrom);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 242/258] fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (239 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 241/258] gdrom: fix a memory leak bug Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 243/258] block/swim3: Fix -EBUSY error when re-opening device after unmount Sasha Levin
                   ` (15 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Scott Wood, David S . Miller, Sasha Levin, netdev

From: Scott Wood <oss@buserror.net>

[ Upstream commit 0d9c9a238faf925823bde866182c663b6d734f2e ]

These functions are called from atomic context:

[    9.150239] BUG: sleeping function called from invalid context at /home/scott/git/linux/mm/slab.h:421
[    9.158159] in_atomic(): 1, irqs_disabled(): 0, pid: 4432, name: ip
[    9.163128] CPU: 8 PID: 4432 Comm: ip Not tainted 4.20.0-rc2-00169-g63d86876f324 #29
[    9.163130] Call Trace:
[    9.170701] [c0000002e899a980] [c0000000009c1068] .dump_stack+0xa8/0xec (unreliable)
[    9.177140] [c0000002e899aa10] [c00000000007a7b4] .___might_sleep+0x138/0x164
[    9.184440] [c0000002e899aa80] [c0000000001d5bac] .kmem_cache_alloc_trace+0x238/0x30c
[    9.191216] [c0000002e899ab40] [c00000000065ea1c] .memac_add_hash_mac_address+0x104/0x198
[    9.199464] [c0000002e899abd0] [c00000000065a788] .set_multi+0x1c8/0x218
[    9.206242] [c0000002e899ac80] [c0000000006615ec] .dpaa_set_rx_mode+0xdc/0x17c
[    9.213544] [c0000002e899ad00] [c00000000083d2b0] .__dev_set_rx_mode+0x80/0xd4
[    9.219535] [c0000002e899ad90] [c00000000083d334] .dev_set_rx_mode+0x30/0x54
[    9.225271] [c0000002e899ae10] [c00000000083d4a0] .__dev_open+0x148/0x1c8
[    9.230751] [c0000002e899aeb0] [c00000000083d934] .__dev_change_flags+0x19c/0x1e0
[    9.230755] [c0000002e899af60] [c00000000083d9a4] .dev_change_flags+0x2c/0x80
[    9.242752] [c0000002e899aff0] [c0000000008554ec] .do_setlink+0x350/0xf08
[    9.248228] [c0000002e899b170] [c000000000857ad0] .rtnl_newlink+0x588/0x7e0
[    9.253965] [c0000002e899b740] [c000000000852424] .rtnetlink_rcv_msg+0x3e0/0x498
[    9.261440] [c0000002e899b820] [c000000000884790] .netlink_rcv_skb+0x134/0x14c
[    9.267607] [c0000002e899b8e0] [c000000000851840] .rtnetlink_rcv+0x18/0x2c
[    9.274558] [c0000002e899b950] [c000000000883c8c] .netlink_unicast+0x214/0x318
[    9.281163] [c0000002e899ba00] [c000000000884220] .netlink_sendmsg+0x348/0x444
[    9.287076] [c0000002e899bae0] [c00000000080d13c] .sock_sendmsg+0x2c/0x54
[    9.287080] [c0000002e899bb50] [c0000000008106c0] .___sys_sendmsg+0x2d0/0x2d8
[    9.298375] [c0000002e899bd30] [c000000000811a80] .__sys_sendmsg+0x5c/0xb0
[    9.303939] [c0000002e899be20] [c0000000000006b0] system_call+0x60/0x6c

Signed-off-by: Scott Wood <oss@buserror.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/net/ethernet/freescale/fman/fman_memac.c | 2 +-
 drivers/net/ethernet/freescale/fman/fman_tgec.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/freescale/fman/fman_memac.c b/drivers/net/ethernet/freescale/fman/fman_memac.c
index bc6eb30aa20f..41c6fa200e74 100644
--- a/drivers/net/ethernet/freescale/fman/fman_memac.c
+++ b/drivers/net/ethernet/freescale/fman/fman_memac.c
@@ -928,7 +928,7 @@ int memac_add_hash_mac_address(struct fman_mac *memac, enet_addr_t *eth_addr)
 	hash = get_mac_addr_hash_code(addr) & HASH_CTRL_ADDR_MASK;
 
 	/* Create element to be added to the driver hash table */
-	hash_entry = kmalloc(sizeof(*hash_entry), GFP_KERNEL);
+	hash_entry = kmalloc(sizeof(*hash_entry), GFP_ATOMIC);
 	if (!hash_entry)
 		return -ENOMEM;
 	hash_entry->addr = addr;
diff --git a/drivers/net/ethernet/freescale/fman/fman_tgec.c b/drivers/net/ethernet/freescale/fman/fman_tgec.c
index 40705938eecc..f75b9c11b2d2 100644
--- a/drivers/net/ethernet/freescale/fman/fman_tgec.c
+++ b/drivers/net/ethernet/freescale/fman/fman_tgec.c
@@ -553,7 +553,7 @@ int tgec_add_hash_mac_address(struct fman_mac *tgec, enet_addr_t *eth_addr)
 	hash = (crc >> TGEC_HASH_MCAST_SHIFT) & TGEC_HASH_ADR_MSK;
 
 	/* Create element to be added to the driver hash table */
-	hash_entry = kmalloc(sizeof(*hash_entry), GFP_KERNEL);
+	hash_entry = kmalloc(sizeof(*hash_entry), GFP_ATOMIC);
 	if (!hash_entry)
 		return -ENOMEM;
 	hash_entry->addr = addr;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 243/258] block/swim3: Fix -EBUSY error when re-opening device after unmount
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (240 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 242/258] fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 244/258] thermal: bcm2835: enable hwmon explicitly Sasha Levin
                   ` (14 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Finn Thain, linuxppc-dev, Jens Axboe, Sasha Levin, linux-block

From: Finn Thain <fthain@telegraphics.com.au>

[ Upstream commit 296dcc40f2f2e402facf7cd26cf3f2c8f4b17d47 ]

When the block device is opened with FMODE_EXCL, ref_count is set to -1.
This value doesn't get reset when the device is closed which means the
device cannot be opened again. Fix this by checking for refcount <= 0
in the release method.

Reported-and-tested-by: Stan Johnson <userm57@yahoo.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/block/swim3.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/drivers/block/swim3.c b/drivers/block/swim3.c
index 469541c1e51e..20907a0a043b 100644
--- a/drivers/block/swim3.c
+++ b/drivers/block/swim3.c
@@ -1026,7 +1026,11 @@ static void floppy_release(struct gendisk *disk, fmode_t mode)
 	struct swim3 __iomem *sw = fs->swim3;
 
 	mutex_lock(&swim3_mutex);
-	if (fs->ref_count > 0 && --fs->ref_count == 0) {
+	if (fs->ref_count > 0)
+		--fs->ref_count;
+	else if (fs->ref_count == -1)
+		fs->ref_count = 0;
+	if (fs->ref_count == 0) {
 		swim3_action(fs, MOTOR_OFF);
 		out_8(&sw->control_bic, 0xff);
 		swim3_select(fs, RELAX);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 244/258] thermal: bcm2835: enable hwmon explicitly
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (241 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 243/258] block/swim3: Fix -EBUSY error when re-opening device after unmount Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 245/258] kdb: Don't back trace on a cpu that didn't round up Sasha Levin
                   ` (13 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Matthias Brugger, Eduardo Valentin, Sasha Levin, linux-pm

From: Matthias Brugger <mbrugger@suse.com>

[ Upstream commit d56c19d07e0bc3ceff366a49b7d7a2440c967b1b ]

By defaul of-based thermal driver do not enable hwmon.
This patch does this explicitly, so that the temperature can be read
through the common hwmon sysfs.

Signed-off-by: Matthias Brugger <mbrugger@suse.com>
Acked-by: Stefan Wahren <stefan.wahren@i2se.com>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/thermal/broadcom/bcm2835_thermal.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/thermal/broadcom/bcm2835_thermal.c b/drivers/thermal/broadcom/bcm2835_thermal.c
index 23ad4f9f2143..24b006a95142 100644
--- a/drivers/thermal/broadcom/bcm2835_thermal.c
+++ b/drivers/thermal/broadcom/bcm2835_thermal.c
@@ -27,6 +27,8 @@
 #include <linux/platform_device.h>
 #include <linux/thermal.h>
 
+#include "../thermal_hwmon.h"
+
 #define BCM2835_TS_TSENSCTL			0x00
 #define BCM2835_TS_TSENSSTAT			0x04
 
@@ -275,6 +277,15 @@ static int bcm2835_thermal_probe(struct platform_device *pdev)
 
 	platform_set_drvdata(pdev, tz);
 
+	/*
+	 * Thermal_zone doesn't enable hwmon as default,
+	 * enable it here
+	 */
+	tz->tzp->no_hwmon = false;
+	err = thermal_add_hwmon_sysfs(tz);
+	if (err)
+		goto err_tz;
+
 	bcm2835_thermal_debugfs(pdev);
 
 	return 0;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 245/258] kdb: Don't back trace on a cpu that didn't round up
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (242 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 244/258] thermal: bcm2835: enable hwmon explicitly Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 246/258] PCI: imx: Enable MSI from downstream components Sasha Levin
                   ` (12 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Douglas Anderson, Daniel Thompson, Sasha Levin, kgdb-bugreport

From: Douglas Anderson <dianders@chromium.org>

[ Upstream commit 162bc7f5afd75b72acbe3c5f3488ef7e64a3fe36 ]

If you have a CPU that fails to round up and then run 'btc' you'll end
up crashing in kdb becaue we dereferenced NULL.  Let's add a check.
It's wise to also set the task to NULL when leaving the debugger so
that if we fail to round up on a later entry into the debugger we
won't backtrace a stale task.

Signed-off-by: Douglas Anderson <dianders@chromium.org>
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/debug/debug_core.c       |  4 ++++
 kernel/debug/kdb/kdb_bt.c       | 11 ++++++++++-
 kernel/debug/kdb/kdb_debugger.c |  7 -------
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
index 65c0f1363788..94aa9ae0007a 100644
--- a/kernel/debug/debug_core.c
+++ b/kernel/debug/debug_core.c
@@ -535,6 +535,8 @@ static int kgdb_cpu_enter(struct kgdb_state *ks, struct pt_regs *regs,
 				arch_kgdb_ops.correct_hw_break();
 			if (trace_on)
 				tracing_on();
+			kgdb_info[cpu].debuggerinfo = NULL;
+			kgdb_info[cpu].task = NULL;
 			kgdb_info[cpu].exception_state &=
 				~(DCPU_WANT_MASTER | DCPU_IS_SLAVE);
 			kgdb_info[cpu].enter_kgdb--;
@@ -667,6 +669,8 @@ static int kgdb_cpu_enter(struct kgdb_state *ks, struct pt_regs *regs,
 	if (trace_on)
 		tracing_on();
 
+	kgdb_info[cpu].debuggerinfo = NULL;
+	kgdb_info[cpu].task = NULL;
 	kgdb_info[cpu].exception_state &=
 		~(DCPU_WANT_MASTER | DCPU_IS_SLAVE);
 	kgdb_info[cpu].enter_kgdb--;
diff --git a/kernel/debug/kdb/kdb_bt.c b/kernel/debug/kdb/kdb_bt.c
index 7921ae4fca8d..7e2379aa0a1e 100644
--- a/kernel/debug/kdb/kdb_bt.c
+++ b/kernel/debug/kdb/kdb_bt.c
@@ -186,7 +186,16 @@ kdb_bt(int argc, const char **argv)
 		kdb_printf("btc: cpu status: ");
 		kdb_parse("cpu\n");
 		for_each_online_cpu(cpu) {
-			sprintf(buf, "btt 0x%px\n", KDB_TSK(cpu));
+			void *kdb_tsk = KDB_TSK(cpu);
+
+			/* If a CPU failed to round up we could be here */
+			if (!kdb_tsk) {
+				kdb_printf("WARNING: no task for cpu %ld\n",
+					   cpu);
+				continue;
+			}
+
+			sprintf(buf, "btt 0x%px\n", kdb_tsk);
 			kdb_parse(buf);
 			touch_nmi_watchdog();
 		}
diff --git a/kernel/debug/kdb/kdb_debugger.c b/kernel/debug/kdb/kdb_debugger.c
index 15e1a7af5dd0..53a0df6e4d92 100644
--- a/kernel/debug/kdb/kdb_debugger.c
+++ b/kernel/debug/kdb/kdb_debugger.c
@@ -118,13 +118,6 @@ int kdb_stub(struct kgdb_state *ks)
 	kdb_bp_remove();
 	KDB_STATE_CLEAR(DOING_SS);
 	KDB_STATE_SET(PAGER);
-	/* zero out any offline cpu data */
-	for_each_present_cpu(i) {
-		if (!cpu_online(i)) {
-			kgdb_info[i].debuggerinfo = NULL;
-			kgdb_info[i].task = NULL;
-		}
-	}
 	if (ks->err_code == DIE_OOPS || reason == KDB_REASON_OOPS) {
 		ks->pass_exception = 1;
 		KDB_FLAG_SET(CATASTROPHIC);
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 246/258] PCI: imx: Enable MSI from downstream components
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (243 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 245/258] kdb: Don't back trace on a cpu that didn't round up Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 247/258] thermal: generic-adc: Fix adc to temp interpolation Sasha Levin
                   ` (11 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Richard Zhu, Bjorn Helgaas, Sasha Levin, linux-pci

From: Richard Zhu <hongxing.zhu@nxp.com>

[ Upstream commit 75cb8d20c112aba70f23d98e3f8d0a38ace16006 ]

The MSI Enable bit in the MSI Capability (PCIe r4.0, sec 7.7.1.2) controls
whether a Function can request service using MSI.

i.MX6 Root Ports implement the MSI Capability and may use MSI to request
service for events like PME, hotplug, AER, etc.  In addition, on i.MX6, the
MSI Enable bit controls delivery of MSI interrupts from components below
the Root Port.

Prior to f3fdfc4ac3a2 ("PCI: Remove host driver Kconfig selection of
CONFIG_PCIEPORTBUS"), enabling CONFIG_PCI_IMX6 automatically also enabled
CONFIG_PCIEPORTBUS, and when portdrv claimed the Root Ports, it set the MSI
Enable bit so it could use PME, hotplug, AER, etc.  As a side effect, that
also enabled delivery of MSI interrupts from downstream components.

The imx6q-pcie driver itself does not depend on portdrv, so set MSI Enable
in imx6q-pcie so MSI from downstream components works even if nobody uses
MSI for the Root Port events.

Fixes: f3fdfc4ac3a2 ("PCI: Remove host driver Kconfig selection of CONFIG_PCIEPORTBUS")
Signed-off-by: Richard Zhu <hongxing.zhu@nxp.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Sven Van Asbroeck <TheSven73@googlemail.com>
Tested-by: Trent Piepho <tpiepho@impinj.com>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/pci/controller/dwc/pci-imx6.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c
index 975050a69494..3826b444298c 100644
--- a/drivers/pci/controller/dwc/pci-imx6.c
+++ b/drivers/pci/controller/dwc/pci-imx6.c
@@ -66,6 +66,7 @@ struct imx6_pcie {
 #define PHY_PLL_LOCK_WAIT_USLEEP_MAX	200
 
 /* PCIe Root Complex registers (memory-mapped) */
+#define PCIE_RC_IMX6_MSI_CAP			0x50
 #define PCIE_RC_LCR				0x7c
 #define PCIE_RC_LCR_MAX_LINK_SPEEDS_GEN1	0x1
 #define PCIE_RC_LCR_MAX_LINK_SPEEDS_GEN2	0x2
@@ -682,6 +683,7 @@ static int imx6_pcie_probe(struct platform_device *pdev)
 	struct resource *dbi_base;
 	struct device_node *node = dev->of_node;
 	int ret;
+	u16 val;
 
 	imx6_pcie = devm_kzalloc(dev, sizeof(*imx6_pcie), GFP_KERNEL);
 	if (!imx6_pcie)
@@ -816,6 +818,14 @@ static int imx6_pcie_probe(struct platform_device *pdev)
 	if (ret < 0)
 		return ret;
 
+	if (pci_msi_enabled()) {
+		val = dw_pcie_readw_dbi(pci, PCIE_RC_IMX6_MSI_CAP +
+					PCI_MSI_FLAGS);
+		val |= PCI_MSI_FLAGS_ENABLE;
+		dw_pcie_writew_dbi(pci, PCIE_RC_IMX6_MSI_CAP + PCI_MSI_FLAGS,
+				   val);
+	}
+
 	return 0;
 }
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 247/258] thermal: generic-adc: Fix adc to temp interpolation
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (244 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 246/258] PCI: imx: Enable MSI from downstream components Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 248/258] bpf: fix check_map_access smin_value test when pointer contains offset Sasha Levin
                   ` (10 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Bjorn Andersson, Laxman Dewangan, Eduardo Valentin, Sasha Levin,
	linux-pm

From: Bjorn Andersson <bjorn.andersson@linaro.org>

[ Upstream commit 9d216211fded20fff301d0317af3238d8383634c ]

First correct the edge case to return the last element if we're
outside the range, rather than at the last element, so that
interpolation is not omitted for points between the two last entries in
the table.

Then correct the formula to perform linear interpolation based the two
points surrounding the read ADC value. The indices for temp are kept as
"hi" and "lo" to pair with the adc indices, but there's no requirement
that the temperature is provided in descendent order. mult_frac() is
used to prevent issues with overflowing the int.

Cc: Laxman Dewangan <ldewangan@nvidia.com>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/thermal/thermal-generic-adc.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/drivers/thermal/thermal-generic-adc.c b/drivers/thermal/thermal-generic-adc.c
index bf1c628d4a7a..e22fc60ad36d 100644
--- a/drivers/thermal/thermal-generic-adc.c
+++ b/drivers/thermal/thermal-generic-adc.c
@@ -26,7 +26,7 @@ struct gadc_thermal_info {
 
 static int gadc_thermal_adc_to_temp(struct gadc_thermal_info *gti, int val)
 {
-	int temp, adc_hi, adc_lo;
+	int temp, temp_hi, temp_lo, adc_hi, adc_lo;
 	int i;
 
 	for (i = 0; i < gti->nlookup_table; i++) {
@@ -36,13 +36,17 @@ static int gadc_thermal_adc_to_temp(struct gadc_thermal_info *gti, int val)
 
 	if (i == 0) {
 		temp = gti->lookup_table[0];
-	} else if (i >= (gti->nlookup_table - 1)) {
+	} else if (i >= gti->nlookup_table) {
 		temp = gti->lookup_table[2 * (gti->nlookup_table - 1)];
 	} else {
 		adc_hi = gti->lookup_table[2 * i - 1];
 		adc_lo = gti->lookup_table[2 * i + 1];
-		temp = gti->lookup_table[2 * i];
-		temp -= ((val - adc_lo) * 1000) / (adc_hi - adc_lo);
+
+		temp_hi = gti->lookup_table[2 * i - 2];
+		temp_lo = gti->lookup_table[2 * i];
+
+		temp = temp_hi + mult_frac(temp_lo - temp_hi, val - adc_hi,
+					   adc_lo - adc_hi);
 	}
 
 	return temp;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 248/258] bpf: fix check_map_access smin_value test when pointer contains offset
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (245 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 247/258] thermal: generic-adc: Fix adc to temp interpolation Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 249/258] HID: lenovo: Add checks to fix of_led_classdev_register Sasha Levin
                   ` (9 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Daniel Borkmann, Alexei Starovoitov, Sasha Levin, netdev

From: Daniel Borkmann <daniel@iogearbox.net>

[ Upstream commit b7137c4eab85c1cf3d46acdde90ce1163b28c873 ]

In check_map_access() we probe actual bounds through __check_map_access()
with offset of reg->smin_value + off for lower bound and offset of
reg->umax_value + off for the upper bound. However, even though the
reg->smin_value could have a negative value, the final result of the
sum with off could be positive when pointer arithmetic with known and
unknown scalars is combined. In this case we reject the program with
an error such as "R<x> min value is negative, either use unsigned index
or do a if (index >=0) check." even though the access itself would be
fine. Therefore extend the check to probe whether the actual resulting
reg->smin_value + off is less than zero.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/bpf/verifier.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 341806668f03..9997723038d3 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1268,13 +1268,17 @@ static int check_map_access(struct bpf_verifier_env *env, u32 regno,
 	 */
 	if (env->log.level)
 		print_verifier_state(env, state);
+
 	/* The minimum value is only important with signed
 	 * comparisons where we can't assume the floor of a
 	 * value is 0.  If we are using signed variables for our
 	 * index'es we need to make sure that whatever we use
 	 * will have a set floor within our range.
 	 */
-	if (reg->smin_value < 0) {
+	if (reg->smin_value < 0 &&
+	    (reg->smin_value == S64_MIN ||
+	     (off + reg->smin_value != (s64)(s32)(off + reg->smin_value)) ||
+	      reg->smin_value + off < 0)) {
 		verbose(env, "R%d min value is negative, either use unsigned index or do a if (index >=0) check.\n",
 			regno);
 		return -EACCES;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 249/258] HID: lenovo: Add checks to fix of_led_classdev_register
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (246 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 248/258] bpf: fix check_map_access smin_value test when pointer contains offset Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 250/258] arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition Sasha Levin
                   ` (8 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Aditya Pakki, Jiri Kosina, Sasha Levin, linux-input

From: Aditya Pakki <pakki001@umn.edu>

[ Upstream commit 6ae16dfb61bce538d48b7fe98160fada446056c5 ]

In lenovo_probe_tpkbd(), the function of_led_classdev_register() could
return an error value that is unchecked. The fix adds these checks.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/hid/hid-lenovo.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/hid/hid-lenovo.c b/drivers/hid/hid-lenovo.c
index 643b6eb54442..eacc76d2ab96 100644
--- a/drivers/hid/hid-lenovo.c
+++ b/drivers/hid/hid-lenovo.c
@@ -743,7 +743,9 @@ static int lenovo_probe_tpkbd(struct hid_device *hdev)
 	data_pointer->led_mute.brightness_get = lenovo_led_brightness_get_tpkbd;
 	data_pointer->led_mute.brightness_set = lenovo_led_brightness_set_tpkbd;
 	data_pointer->led_mute.dev = dev;
-	led_classdev_register(dev, &data_pointer->led_mute);
+	ret = led_classdev_register(dev, &data_pointer->led_mute);
+	if (ret < 0)
+		goto err;
 
 	data_pointer->led_micmute.name = name_micmute;
 	data_pointer->led_micmute.brightness_get =
@@ -751,7 +753,11 @@ static int lenovo_probe_tpkbd(struct hid_device *hdev)
 	data_pointer->led_micmute.brightness_set =
 		lenovo_led_brightness_set_tpkbd;
 	data_pointer->led_micmute.dev = dev;
-	led_classdev_register(dev, &data_pointer->led_micmute);
+	ret = led_classdev_register(dev, &data_pointer->led_micmute);
+	if (ret < 0) {
+		led_classdev_unregister(&data_pointer->led_mute);
+		goto err;
+	}
 
 	lenovo_features_set_tpkbd(hdev);
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 250/258] arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (247 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 249/258] HID: lenovo: Add checks to fix of_led_classdev_register Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 251/258] fs/proc/base.c: use ns_capable instead of capable for timerslack_ns Sasha Levin
                   ` (7 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable; +Cc: Dave Martin, Will Deacon, Sasha Levin

From: Dave Martin <Dave.Martin@arm.com>

[ Upstream commit ee1b465b303591d3a04d403122bbc0d7026520fb ]

SVE_PT_REGS_OFFSET is supposed to indicate the offset for skipping
over the ptrace NT_ARM_SVE header (struct user_sve_header) to the
start of the SVE register data proper.

However, currently SVE_PT_REGS_OFFSET is defined in terms of struct
sve_context, which is wrong: that structure describes the SVE
header in the signal frame, not in the ptrace regset.

This patch fixes the definition to use the ptrace header structure
struct user_sve_header instead.

By good fortune, the two structures are the same size anyway, so
there is no functional or ABI change.

Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 arch/arm64/include/uapi/asm/ptrace.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm64/include/uapi/asm/ptrace.h b/arch/arm64/include/uapi/asm/ptrace.h
index 98c4ce55d9c3..ad64d2c92ef5 100644
--- a/arch/arm64/include/uapi/asm/ptrace.h
+++ b/arch/arm64/include/uapi/asm/ptrace.h
@@ -130,7 +130,7 @@ struct user_sve_header {
 
 /* Offset from the start of struct user_sve_header to the register data */
 #define SVE_PT_REGS_OFFSET					\
-	((sizeof(struct sve_context) + (SVE_VQ_BYTES - 1))	\
+	((sizeof(struct user_sve_header) + (SVE_VQ_BYTES - 1))	\
 		/ SVE_VQ_BYTES * SVE_VQ_BYTES)
 
 /*
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 251/258] fs/proc/base.c: use ns_capable instead of capable for timerslack_ns
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (248 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 250/258] arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 252/258] kernel/hung_task.c: break RCU locks based on jiffies Sasha Levin
                   ` (6 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Benjamin Gordon, John Stultz, Eric W. Biederman, Kees Cook,
	Serge E. Hallyn, Thomas Gleixner, Arjan van de Ven, Oren Laadan,
	Ruchi Kandoi, Rom Lemarchand, Todd Kjos, Colin Cross,
	Nick Kralevich, Dmitry Shmidt, Elliott Hughes, Alexey Dobriyan,
	Andrew Morton, Linus Torvalds, Sasha Levin, linux-fsdevel

From: Benjamin Gordon <bmgordon@google.com>

[ Upstream commit 8da0b4f692c6d90b09c91f271517db746a22ff67 ]

Access to timerslack_ns is controlled by a process having CAP_SYS_NICE
in its effective capability set, but the current check looks in the root
namespace instead of the process' user namespace.  Since a process is
allowed to do other activities controlled by CAP_SYS_NICE inside a
namespace, it should also be able to adjust timerslack_ns.

Link: http://lkml.kernel.org/r/20181030180012.232896-1-bmgordon@google.com
Signed-off-by: Benjamin Gordon <bmgordon@google.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: John Stultz <john.stultz@linaro.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Oren Laadan <orenl@cellrox.com>
Cc: Ruchi Kandoi <kandoiruchi@google.com>
Cc: Rom Lemarchand <romlem@android.com>
Cc: Todd Kjos <tkjos@google.com>
Cc: Colin Cross <ccross@android.com>
Cc: Nick Kralevich <nnk@google.com>
Cc: Dmitry Shmidt <dimitrysh@google.com>
Cc: Elliott Hughes <enh@google.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/proc/base.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/fs/proc/base.c b/fs/proc/base.c
index 7e9f07bf260d..5bdcf2159ff0 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -2356,10 +2356,13 @@ static ssize_t timerslack_ns_write(struct file *file, const char __user *buf,
 		return -ESRCH;
 
 	if (p != current) {
-		if (!capable(CAP_SYS_NICE)) {
+		rcu_read_lock();
+		if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) {
+			rcu_read_unlock();
 			count = -EPERM;
 			goto out;
 		}
+		rcu_read_unlock();
 
 		err = security_task_setscheduler(p);
 		if (err) {
@@ -2392,11 +2395,14 @@ static int timerslack_ns_show(struct seq_file *m, void *v)
 		return -ESRCH;
 
 	if (p != current) {
-
-		if (!capable(CAP_SYS_NICE)) {
+		rcu_read_lock();
+		if (!ns_capable(__task_cred(p)->user_ns, CAP_SYS_NICE)) {
+			rcu_read_unlock();
 			err = -EPERM;
 			goto out;
 		}
+		rcu_read_unlock();
+
 		err = security_task_getscheduler(p);
 		if (err)
 			goto out;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 252/258] kernel/hung_task.c: break RCU locks based on jiffies
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (249 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 251/258] fs/proc/base.c: use ns_capable instead of capable for timerslack_ns Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 253/258] proc/sysctl: fix return error for proc_doulongvec_minmax() Sasha Levin
                   ` (5 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Tetsuo Handa, Petr Mladek, Sergey Senozhatsky, Dmitry Vyukov,
	Rafael J. Wysocki, Vitaly Kuznetsov, Andrew Morton,
	Linus Torvalds, Sasha Levin

From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

[ Upstream commit 304ae42739b108305f8d7b3eb3c1aec7c2b643a9 ]

check_hung_uninterruptible_tasks() is currently calling rcu_lock_break()
for every 1024 threads.  But check_hung_task() is very slow if printk()
was called, and is very fast otherwise.

If many threads within some 1024 threads called printk(), the RCU grace
period might be extended enough to trigger RCU stall warnings.
Therefore, calling rcu_lock_break() for every some fixed jiffies will be
safer.

Link: http://lkml.kernel.org/r/1544800658-11423-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Acked-by: Paul E. McKenney <paulmck@linux.ibm.com>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/hung_task.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/hung_task.c b/kernel/hung_task.c
index b9132d1269ef..aa3c51f300aa 100644
--- a/kernel/hung_task.c
+++ b/kernel/hung_task.c
@@ -33,7 +33,7 @@ int __read_mostly sysctl_hung_task_check_count = PID_MAX_LIMIT;
  * is disabled during the critical section. It also controls the size of
  * the RCU grace period. So it needs to be upper-bound.
  */
-#define HUNG_TASK_BATCHING 1024
+#define HUNG_TASK_LOCK_BREAK (HZ / 10)
 
 /*
  * Zero means infinite timeout - no checking done:
@@ -172,7 +172,7 @@ static bool rcu_lock_break(struct task_struct *g, struct task_struct *t)
 static void check_hung_uninterruptible_tasks(unsigned long timeout)
 {
 	int max_count = sysctl_hung_task_check_count;
-	int batch_count = HUNG_TASK_BATCHING;
+	unsigned long last_break = jiffies;
 	struct task_struct *g, *t;
 
 	/*
@@ -187,10 +187,10 @@ static void check_hung_uninterruptible_tasks(unsigned long timeout)
 	for_each_process_thread(g, t) {
 		if (!max_count--)
 			goto unlock;
-		if (!--batch_count) {
-			batch_count = HUNG_TASK_BATCHING;
+		if (time_after(jiffies, last_break + HUNG_TASK_LOCK_BREAK)) {
 			if (!rcu_lock_break(g, t))
 				goto unlock;
+			last_break = jiffies;
 		}
 		/* use "==" to skip the TASK_KILLABLE tasks waiting on NFS */
 		if (t->state == TASK_UNINTERRUPTIBLE)
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 253/258] proc/sysctl: fix return error for proc_doulongvec_minmax()
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (250 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 252/258] kernel/hung_task.c: break RCU locks based on jiffies Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 254/258] kernel/hung_task.c: force console verbose before panic Sasha Levin
                   ` (4 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Cheng Lin, Alexey Dobriyan, Andrew Morton, Linus Torvalds,
	Sasha Levin, linux-fsdevel

From: Cheng Lin <cheng.lin130@zte.com.cn>

[ Upstream commit 09be178400829dddc1189b50a7888495dd26aa84 ]

If the number of input parameters is less than the total parameters, an
EINVAL error will be returned.

For example, we use proc_doulongvec_minmax to pass up to two parameters
with kern_table:

{
	.procname       = "monitor_signals",
	.data           = &monitor_sigs,
	.maxlen         = 2*sizeof(unsigned long),
	.mode           = 0644,
	.proc_handler   = proc_doulongvec_minmax,
},

Reproduce:

When passing two parameters, it's work normal.  But passing only one
parameter, an error "Invalid argument"(EINVAL) is returned.

  [root@cl150 ~]# echo 1 2 > /proc/sys/kernel/monitor_signals
  [root@cl150 ~]# cat /proc/sys/kernel/monitor_signals
  1       2
  [root@cl150 ~]# echo 3 > /proc/sys/kernel/monitor_signals
  -bash: echo: write error: Invalid argument
  [root@cl150 ~]# echo $?
  1
  [root@cl150 ~]# cat /proc/sys/kernel/monitor_signals
  3       2
  [root@cl150 ~]#

The following is the result after apply this patch.  No error is
returned when the number of input parameters is less than the total
parameters.

  [root@cl150 ~]# echo 1 2 > /proc/sys/kernel/monitor_signals
  [root@cl150 ~]# cat /proc/sys/kernel/monitor_signals
  1       2
  [root@cl150 ~]# echo 3 > /proc/sys/kernel/monitor_signals
  [root@cl150 ~]# echo $?
  0
  [root@cl150 ~]# cat /proc/sys/kernel/monitor_signals
  3       2
  [root@cl150 ~]#

There are three processing functions dealing with digital parameters,
__do_proc_dointvec/__do_proc_douintvec/__do_proc_doulongvec_minmax.

This patch deals with __do_proc_doulongvec_minmax, just as
__do_proc_dointvec does, adding a check for parameters 'left'.  In
__do_proc_douintvec, its code implementation explicitly does not support
multiple inputs.

static int __do_proc_douintvec(...){
         ...
         /*
          * Arrays are not supported, keep this simple. *Do not* add
          * support for them.
          */
         if (vleft != 1) {
                 *lenp = 0;
                 return -EINVAL;
         }
         ...
}

So, just __do_proc_doulongvec_minmax has the problem.  And most use of
proc_doulongvec_minmax/proc_doulongvec_ms_jiffies_minmax just have one
parameter.

Link: http://lkml.kernel.org/r/1544081775-15720-1-git-send-email-cheng.lin130@zte.com.cn
Signed-off-by: Cheng Lin <cheng.lin130@zte.com.cn>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sysctl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index cc02050fd0c4..32dea29d05a0 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2767,6 +2767,8 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
 			bool neg;
 
 			left -= proc_skip_spaces(&p);
+			if (!left)
+				break;
 
 			err = proc_get_long(&p, &left, &val, &neg,
 					     proc_wspace_sep,
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 254/258] kernel/hung_task.c: force console verbose before panic
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (251 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 253/258] proc/sysctl: fix return error for proc_doulongvec_minmax() Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 255/258] fs/epoll: drop ovflist branch prediction Sasha Levin
                   ` (3 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Liu, Chuansheng, Tetsuo Handa, Andrew Morton, Linus Torvalds,
	Sasha Levin

From: "Liu, Chuansheng" <chuansheng.liu@intel.com>

[ Upstream commit 168e06f7937d96c7222037d8a05565e8a6eb00fe ]

Based on commit 401c636a0eeb ("kernel/hung_task.c: show all hung tasks
before panic"), we could get the call stack of hung task.

However, if the console loglevel is not high, we still can not see the
useful panic information in practice, and in most cases users don't set
console loglevel to high level.

This patch is to force console verbose before system panic, so that the
real useful information can be seen in the console, instead of being
like the following, which doesn't have hung task information.

  INFO: task init:1 blocked for more than 120 seconds.
        Tainted: G     U  W         4.19.0-quilt-2e5dc0ac-g51b6c21d76cc #1
  "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
  Kernel panic - not syncing: hung_task: blocked tasks
  CPU: 2 PID: 479 Comm: khungtaskd Tainted: G     U  W         4.19.0-quilt-2e5dc0ac-g51b6c21d76cc #1
  Call Trace:
   dump_stack+0x4f/0x65
   panic+0xde/0x231
   watchdog+0x290/0x410
   kthread+0x12c/0x150
   ret_from_fork+0x35/0x40
  reboot: panic mode set: p,w
  Kernel Offset: 0x34000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)

Link: http://lkml.kernel.org/r/27240C0AC20F114CBF8149A2696CBE4A6015B675@SHSMSX101.ccr.corp.intel.com
Signed-off-by: Chuansheng Liu <chuansheng.liu@intel.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/hung_task.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/kernel/hung_task.c b/kernel/hung_task.c
index aa3c51f300aa..9eca2371f189 100644
--- a/kernel/hung_task.c
+++ b/kernel/hung_task.c
@@ -111,8 +111,11 @@ static void check_hung_task(struct task_struct *t, unsigned long timeout)
 
 	trace_sched_process_hang(t);
 
-	if (!sysctl_hung_task_warnings && !sysctl_hung_task_panic)
-		return;
+	if (sysctl_hung_task_panic) {
+		console_verbose();
+		hung_task_show_lock = true;
+		hung_task_call_panic = true;
+	}
 
 	/*
 	 * Ok, the task did not get scheduled for more than 2 minutes,
@@ -134,11 +137,6 @@ static void check_hung_task(struct task_struct *t, unsigned long timeout)
 	}
 
 	touch_nmi_watchdog();
-
-	if (sysctl_hung_task_panic) {
-		hung_task_show_lock = true;
-		hung_task_call_panic = true;
-	}
 }
 
 /*
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 255/258] fs/epoll: drop ovflist branch prediction
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (252 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 254/258] kernel/hung_task.c: force console verbose before panic Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 256/258] exec: load_script: don't blindly truncate shebang string Sasha Levin
                   ` (2 subsequent siblings)
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Davidlohr Bueso, Davidlohr Bueso, Al Viro, Jason Baron,
	Andrew Morton, Linus Torvalds, Sasha Levin, linux-fsdevel

From: Davidlohr Bueso <dave@stgolabs.net>

[ Upstream commit 76699a67f3041ff4c7af6d6ee9be2bfbf1ffb671 ]

The ep->ovflist is a secondary ready-list to temporarily store events
that might occur when doing sproc without holding the ep->wq.lock.  This
accounts for every time we check for ready events and also send events
back to userspace; both callbacks, particularly the latter because of
copy_to_user, can account for a non-trivial time.

As such, the unlikely() check to see if the pointer is being used, seems
both misleading and sub-optimal.  In fact, we go to an awful lot of
trouble to sync both lists, and populating the ovflist is far from an
uncommon scenario.

For example, profiling a concurrent epoll_wait(2) benchmark, with
CONFIG_PROFILE_ANNOTATED_BRANCHES shows that for a two threads a 33%
incorrect rate was seen; and when incrementally increasing the number of
epoll instances (which is used, for example for multiple queuing load
balancing models), up to a 90% incorrect rate was seen.

Similarly, by deleting the prediction, 3% throughput boost was seen
across incremental threads.

Link: http://lkml.kernel.org/r/20181108051006.18751-4-dave@stgolabs.net
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jason Baron <jbaron@akamai.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/eventpoll.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 42bbe6824b4b..58f48ea0db23 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1154,7 +1154,7 @@ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, v
 	 * semantics). All the events that happen during that period of time are
 	 * chained in ep->ovflist and requeued later on.
 	 */
-	if (unlikely(ep->ovflist != EP_UNACTIVE_PTR)) {
+	if (ep->ovflist != EP_UNACTIVE_PTR) {
 		if (epi->next == EP_UNACTIVE_PTR) {
 			epi->next = ep->ovflist;
 			ep->ovflist = epi;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 256/258] exec: load_script: don't blindly truncate shebang string
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (253 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 255/258] fs/epoll: drop ovflist branch prediction Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 257/258] kernel/kcov.c: mark write_comp_data() as notrace Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 258/258] scripts/gdb: fix lx-version string output Sasha Levin
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Oleg Nesterov, Ben Woodard, Eric W. Biederman, Andrew Morton,
	Linus Torvalds, Sasha Levin, linux-fsdevel

From: Oleg Nesterov <oleg@redhat.com>

[ Upstream commit 8099b047ecc431518b9bb6bdbba3549bbecdc343 ]

load_script() simply truncates bprm->buf and this is very wrong if the
length of shebang string exceeds BINPRM_BUF_SIZE-2.  This can silently
truncate i_arg or (worse) we can execute the wrong binary if buf[2:126]
happens to be the valid executable path.

Change load_script() to return ENOEXEC if it can't find '\n' or zero in
bprm->buf.  Note that '\0' can come from either
prepare_binprm()->memset() or from kernel_read(), we do not care.

Link: http://lkml.kernel.org/r/20181112160931.GA28463@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Ben Woodard <woodard@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/binfmt_script.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c
index 7cde3f46ad26..d0078cbb718b 100644
--- a/fs/binfmt_script.c
+++ b/fs/binfmt_script.c
@@ -42,10 +42,14 @@ static int load_script(struct linux_binprm *bprm)
 	fput(bprm->file);
 	bprm->file = NULL;
 
-	bprm->buf[BINPRM_BUF_SIZE - 1] = '\0';
-	if ((cp = strchr(bprm->buf, '\n')) == NULL)
-		cp = bprm->buf+BINPRM_BUF_SIZE-1;
+	for (cp = bprm->buf+2;; cp++) {
+		if (cp >= bprm->buf + BINPRM_BUF_SIZE)
+			return -ENOEXEC;
+		if (!*cp || (*cp == '\n'))
+			break;
+	}
 	*cp = '\0';
+
 	while (cp > bprm->buf) {
 		cp--;
 		if ((*cp == ' ') || (*cp == '\t'))
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 257/258] kernel/kcov.c: mark write_comp_data() as notrace
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (254 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 256/258] exec: load_script: don't blindly truncate shebang string Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 258/258] scripts/gdb: fix lx-version string output Sasha Levin
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Anders Roxell, Arnd Bergmann, Will Deacon, Andrew Morton,
	Linus Torvalds, Sasha Levin

From: Anders Roxell <anders.roxell@linaro.org>

[ Upstream commit 634724431607f6f46c495dfef801a1c8b44a96d9 ]

Since __sanitizer_cov_trace_const_cmp4 is marked as notrace, the
function called from __sanitizer_cov_trace_const_cmp4 shouldn't be
traceable either.  ftrace_graph_caller() gets called every time func
write_comp_data() gets called if it isn't marked 'notrace'.  This is the
backtrace from gdb:

 #0  ftrace_graph_caller () at ../arch/arm64/kernel/entry-ftrace.S:179
 #1  0xffffff8010201920 in ftrace_caller () at ../arch/arm64/kernel/entry-ftrace.S:151
 #2  0xffffff8010439714 in write_comp_data (type=5, arg1=0, arg2=0, ip=18446743524224276596) at ../kernel/kcov.c:116
 #3  0xffffff8010439894 in __sanitizer_cov_trace_const_cmp4 (arg1=<optimized out>, arg2=<optimized out>) at ../kernel/kcov.c:188
 #4  0xffffff8010201874 in prepare_ftrace_return (self_addr=18446743524226602768, parent=0xffffff801014b918, frame_pointer=18446743524223531344) at ./include/generated/atomic-instrumented.h:27
 #5  0xffffff801020194c in ftrace_graph_caller () at ../arch/arm64/kernel/entry-ftrace.S:182

Rework so that write_comp_data() that are called from
__sanitizer_cov_trace_*_cmp*() are marked as 'notrace'.

Commit 903e8ff86753 ("kernel/kcov.c: mark funcs in __sanitizer_cov_trace_pc() as notrace")
missed to mark write_comp_data() as 'notrace'. When that patch was
created gcc-7 was used. In lib/Kconfig.debug
config KCOV_ENABLE_COMPARISONS
	depends on $(cc-option,-fsanitize-coverage=trace-cmp)

That code path isn't hit with gcc-7. However, it were that with gcc-8.

Link: http://lkml.kernel.org/r/20181206143011.23719-1-anders.roxell@linaro.org
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Co-developed-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/kcov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/kcov.c b/kernel/kcov.c
index 97959d7b77e2..c2277dbdbfb1 100644
--- a/kernel/kcov.c
+++ b/kernel/kcov.c
@@ -112,7 +112,7 @@ void notrace __sanitizer_cov_trace_pc(void)
 EXPORT_SYMBOL(__sanitizer_cov_trace_pc);
 
 #ifdef CONFIG_KCOV_ENABLE_COMPARISONS
-static void write_comp_data(u64 type, u64 arg1, u64 arg2, u64 ip)
+static void notrace write_comp_data(u64 type, u64 arg1, u64 arg2, u64 ip)
 {
 	struct task_struct *t;
 	u64 *area;
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* [PATCH AUTOSEL 4.19 258/258] scripts/gdb: fix lx-version string output
  2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
                   ` (255 preceding siblings ...)
  2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 257/258] kernel/kcov.c: mark write_comp_data() as notrace Sasha Levin
@ 2019-01-28 15:59 ` Sasha Levin
  256 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 15:59 UTC (permalink / raw)
  To: linux-kernel, stable
  Cc: Du Changbin, Kieran Bingham, Jan Kiszka, Jason Wessel,
	Daniel Thompson, Andrew Morton, Linus Torvalds, Sasha Levin

From: Du Changbin <changbin.du@gmail.com>

[ Upstream commit b058809bfc8faeb7b7cae047666e23375a060059 ]

A bug is present in GDB which causes early string termination when
parsing variables.  This has been reported [0], but we should ensure
that we can support at least basic printing of the core kernel strings.

For current gdb version (has been tested with 7.3 and 8.1), 'lx-version'
only prints one character.

  (gdb) lx-version
  L(gdb)

This can be fixed by casting 'linux_banner' as (char *).

  (gdb) lx-version
  Linux version 4.19.0-rc1+ (changbin@acer) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #21 SMP Sat Sep 1 21:43:30 CST 2018

[0] https://sourceware.org/bugzilla/show_bug.cgi?id=20077

[kbingham@kernel.org: add detail to commit message]
Link: http://lkml.kernel.org/r/20181111162035.8356-1-kieran.bingham@ideasonboard.com
Fixes: 2d061d999424 ("scripts/gdb: add version command")
Signed-off-by: Du Changbin <changbin.du@gmail.com>
Signed-off-by: Kieran Bingham <kbingham@kernel.org>
Acked-by: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Cc: Jason Wessel <jason.wessel@windriver.com>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 scripts/gdb/linux/proc.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/gdb/linux/proc.py b/scripts/gdb/linux/proc.py
index 086d27223c0c..0aebd7565b03 100644
--- a/scripts/gdb/linux/proc.py
+++ b/scripts/gdb/linux/proc.py
@@ -41,7 +41,7 @@ class LxVersion(gdb.Command):
 
     def invoke(self, arg, from_tty):
         # linux_banner should contain a newline
-        gdb.write(gdb.parse_and_eval("linux_banner").string())
+        gdb.write(gdb.parse_and_eval("(char *)linux_banner").string())
 
 LxVersion()
 
-- 
2.19.1


^ permalink raw reply related	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 094/258] nfp: add locking around representor changes
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 094/258] nfp: add locking around representor changes Sasha Levin
@ 2019-01-28 16:28   ` Jakub Kicinski
  2019-01-28 17:21     ` Sasha Levin
  0 siblings, 1 reply; 273+ messages in thread
From: Jakub Kicinski @ 2019-01-28 16:28 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, stable, David S . Miller, oss-drivers, netdev

On Mon, 28 Jan 2019 10:56:40 -0500, Sasha Levin wrote:
> From: Jakub Kicinski <jakub.kicinski@netronome.com>
> 
> [ Upstream commit 71844fac1ed459024dd2a448d63d5b28b8c87daa ]
> 
> Up until now we never needed to keep a networking locks around
> representors accesses, we only accessed them when device was
> reconfigured (under nfp pf->lock) or on fast path (under RCU).
> Now we want to be able to iterate over all representors during
> notifications, so make sure representor assignment is done
> under RTNL lock.
> 
> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
> Reviewed-by: John Hurley <john.hurley@netronome.com>
> Signed-off-by: David S. Miller <davem@davemloft.net>
> Signed-off-by: Sasha Levin <sashal@kernel.org>

Hi Sasha!

There is no need for backporting this unless 51a6588e8c08 ("nfp: add
offloads on representors") is also back ported (which is a feature).

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 181/258] tools uapi asm: Update asm-generic/unistd.h copy
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 181/258] tools uapi asm: Update asm-generic/unistd.h copy Sasha Levin
@ 2019-01-28 16:56   ` Arnd Bergmann
  2019-02-02 17:30     ` Sasha Levin
  0 siblings, 1 reply; 273+ messages in thread
From: Arnd Bergmann @ 2019-01-28 16:56 UTC (permalink / raw)
  To: Sasha Levin
  Cc: Linux Kernel Mailing List, # 3.4.x, Arnaldo Carvalho de Melo,
	Adrian Hunter, Guo Ren, Jiri Olsa, Namhyung Kim

On Mon, Jan 28, 2019 at 5:07 PM Sasha Levin <sashal@kernel.org> wrote:
>
> From: Arnaldo Carvalho de Melo <acme@redhat.com>
>
> [ Upstream commit 89a0948984896352cac1ebe079cb3d64d6c3adc6 ]
>
> To get the change in:
>
>   b7d624ab4312 ("asm-generic: unistd.h: fixup broken macro include.")
>
> That doesn't imply in any changes in the tools.

This one should only be in linux-4.20, not any earlier tree that
does not also backport b7d624ab4312, otherwise the uapi headers
are wrong.

I don't think we want b7d624ab4312 backported, it would only
be useful if we backport all y2038 patches.

      Arnd

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 034/258] sctp: Fix SKB list traversal in sctp_intl_store_reasm().
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 034/258] sctp: Fix SKB list traversal in sctp_intl_store_reasm() Sasha Levin
@ 2019-01-28 17:04   ` Marcelo Ricardo Leitner
  2019-01-28 18:04     ` Sasha Levin
  0 siblings, 1 reply; 273+ messages in thread
From: Marcelo Ricardo Leitner @ 2019-01-28 17:04 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, stable, David S. Miller, linux-sctp, netdev

On Mon, Jan 28, 2019 at 10:55:40AM -0500, Sasha Levin wrote:
> From: "David S. Miller" <davem@davemloft.net>
> 
> [ Upstream commit 348bbc25c40844c5efa083a3842c7f53d70a815e ]
> 
> To be fully correct, an iterator has an undefined value when something
> like skb_queue_walk() naturally terminates.
> 
> This will actually matter when SKB queues are converted over to
> list_head.
> 
> Formalize what this code ends up doing with the current
> implementation.

I don't think this patch is really needed for -stable without the SKB
queue convertion, but okay.

  Marcelo

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 176/258] usb: musb: dsps: fix otg state machine
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 176/258] usb: musb: dsps: fix otg state machine Sasha Levin
@ 2019-01-28 17:07   ` Bin Liu
  0 siblings, 0 replies; 273+ messages in thread
From: Bin Liu @ 2019-01-28 17:07 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, stable, Greg Kroah-Hartman, linux-usb

Hi Sasha,

On Mon, Jan 28, 2019 at 10:58:02AM -0500, Sasha Levin wrote:
> From: Bin Liu <b-liu@ti.com>
> 
> [ Upstream commit 6010abf2c2c0e382d7e8ee44bd11f343aae90cce ]
> 
> Due to lack of ID pin interrupt event on AM335x devices, the musb dsps
> driver uses polling to detect usb device attach for dual-role port.
> 
> But in the case if a micro-A cable adapter is attached without a USB device
> attached to the cable, the musb state machine gets stuck in a_wait_vrise
> state waiting for the MUSB_CONNECT interrupt which won't happen due to the
> usb device is not attached. The state is stuck in a_wait_vrise even after
> the micro-A cable is detached, which could cause VBUS retention if then the
> dual-role port is attached to a host port.
> 
> To fix the problem, make a_wait_vrise as a transient state, then move the
> state to either a_wait_bcon for host port or a_idle state for dual-role
> port, if no usb device is attached to the port.
> 
> Signed-off-by: Bin Liu <b-liu@ti.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
>  drivers/usb/musb/musb_dsps.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c
> index 23a0df79ef21..1e6d78b1334e 100644
> --- a/drivers/usb/musb/musb_dsps.c
> +++ b/drivers/usb/musb/musb_dsps.c
> @@ -227,8 +227,13 @@ static int dsps_check_status(struct musb *musb, void *unused)
>  
>  	switch (musb->xceiv->otg->state) {
>  	case OTG_STATE_A_WAIT_VRISE:
> -		dsps_mod_timer_optional(glue);
> -		break;
> +		if (musb->port_mode == MUSB_HOST) {
> +			musb->xceiv->otg->state = OTG_STATE_A_WAIT_BCON;
> +			dsps_mod_timer_optional(glue);
> +			break;
> +		}
> +		/* fall through */
> +
>  	case OTG_STATE_A_WAIT_BCON:
>  		/* keep VBUS on for host-only mode */
>  		if (musb->port_mode == MUSB_HOST) {

This backport won't apply to stables cleanly. I have sent the manual
backport [1] for v4.9+ a few weeks ago.

[1] https://marc.info/?l=linux-usb&m=154696800204159&w=2

Regards,
-Bin,

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 177/258] usb: musb: dsps: fix runtime pm for peripheral mode
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 177/258] usb: musb: dsps: fix runtime pm for peripheral mode Sasha Levin
@ 2019-01-28 17:09   ` Bin Liu
  0 siblings, 0 replies; 273+ messages in thread
From: Bin Liu @ 2019-01-28 17:09 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, stable, Greg Kroah-Hartman, linux-usb

Hi Sasha,

On Mon, Jan 28, 2019 at 10:58:03AM -0500, Sasha Levin wrote:
> From: Bin Liu <b-liu@ti.com>
> 
> [ Upstream commit 54578ee883e34d2d1c518d48f1c1e2dd3f387188 ]
> 
> Since the runtime PM support was added in musb, dsps relies on the timer
> calling otg_timer() to activate the usb subsystem. However the driver
> doesn't enable the timer for peripheral port, then the peripheral port is
> unable to be enumerated by a host if the other usb port is disabled or in
> peripheral mode too.
> 
> So let's start the timer for peripheral port too.
> 
> Fixes: ea2f35c01d5e ("usb: musb: Fix sleeping function called from invalid context for hdrc glue")
> Acked-by: Tony Lindgren <tony@atomide.com>
> Signed-off-by: Bin Liu <b-liu@ti.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
>  drivers/usb/musb/musb_dsps.c | 12 +++++++++---
>  1 file changed, 9 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/usb/musb/musb_dsps.c b/drivers/usb/musb/musb_dsps.c
> index 1e6d78b1334e..403eb97915f8 100644
> --- a/drivers/usb/musb/musb_dsps.c
> +++ b/drivers/usb/musb/musb_dsps.c
> @@ -181,9 +181,11 @@ static void dsps_musb_enable(struct musb *musb)
>  
>  	musb_writel(reg_base, wrp->epintr_set, epmask);
>  	musb_writel(reg_base, wrp->coreintr_set, coremask);
> -	/* start polling for ID change in dual-role idle mode */
> -	if (musb->xceiv->otg->state == OTG_STATE_B_IDLE &&
> -			musb->port_mode == MUSB_OTG)
> +	/*
> +	 * start polling for runtime PM active and idle,
> +	 * and for ID change in dual-role idle mode.
> +	 */
> +	if (musb->xceiv->otg->state == OTG_STATE_B_IDLE)
>  		dsps_mod_timer(glue, -1);
>  }
>  
> @@ -254,6 +256,10 @@ static int dsps_check_status(struct musb *musb, void *unused)
>  				musb->xceiv->otg->state = OTG_STATE_A_IDLE;
>  				MUSB_HST_MODE(musb);
>  			}
> +
> +			if (musb->port_mode == MUSB_PERIPHERAL)
> +				skip_session = 1;
> +
>  			if (!(devctl & MUSB_DEVCTL_SESSION) && !skip_session)
>  				musb_writeb(mregs, MUSB_DEVCTL,
>  					    MUSB_DEVCTL_SESSION);

This backport won't apply to stables cleanly. I have sent the manual
backport [1] for v4.9+ a few weeks ago.

[1] https://marc.info/?l=linux-usb&m=154696698103763&w=2

Regards,
-Bin.

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 094/258] nfp: add locking around representor changes
  2019-01-28 16:28   ` Jakub Kicinski
@ 2019-01-28 17:21     ` Sasha Levin
  0 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 17:21 UTC (permalink / raw)
  To: Jakub Kicinski
  Cc: linux-kernel, stable, David S . Miller, oss-drivers, netdev

On Mon, Jan 28, 2019 at 08:28:25AM -0800, Jakub Kicinski wrote:
>On Mon, 28 Jan 2019 10:56:40 -0500, Sasha Levin wrote:
>> From: Jakub Kicinski <jakub.kicinski@netronome.com>
>>
>> [ Upstream commit 71844fac1ed459024dd2a448d63d5b28b8c87daa ]
>>
>> Up until now we never needed to keep a networking locks around
>> representors accesses, we only accessed them when device was
>> reconfigured (under nfp pf->lock) or on fast path (under RCU).
>> Now we want to be able to iterate over all representors during
>> notifications, so make sure representor assignment is done
>> under RTNL lock.
>>
>> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
>> Reviewed-by: John Hurley <john.hurley@netronome.com>
>> Signed-off-by: David S. Miller <davem@davemloft.net>
>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>
>Hi Sasha!
>
>There is no need for backporting this unless 51a6588e8c08 ("nfp: add
>offloads on representors") is also back ported (which is a feature).

I'll drop it. Thanks for the heads-up.

--
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 174/258] livepatch: check kzalloc return values
  2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 174/258] livepatch: check kzalloc return values Sasha Levin
@ 2019-01-28 17:28   ` Miroslav Benes
  2019-01-28 18:12     ` Sasha Levin
  0 siblings, 1 reply; 273+ messages in thread
From: Miroslav Benes @ 2019-01-28 17:28 UTC (permalink / raw)
  To: Sasha Levin
  Cc: linux-kernel, stable, Nicholas Mc Guire, Jiri Kosina, live-patching

On Mon, 28 Jan 2019, Sasha Levin wrote:

> From: Nicholas Mc Guire <hofrat@osadl.org>
> 
> [ Upstream commit 5f30b2e823484ce6a79f2b59901b6351c15effa6 ]
> 
> kzalloc() return should always be checked - notably in example code
> where this may be seen as reference. On failure of allocation in
> livepatch_fix1_dummy_alloc() respectively dummy_alloc() previous
> allocation is freed (thanks to Petr Mladek <pmladek@suse.com> for
> catching this) and NULL returned.
> 
> Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
> Fixes: 439e7271dc2b ("livepatch: introduce shadow variable API")
> Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
> Reviewed-by: Petr Mladek <pmladek@suse.com>
> Acked-by: Miroslav Benes <mbenes@suse.cz>
> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
> Signed-off-by: Sasha Levin <sashal@kernel.org>

Hi Sasha,

I am not sure what stable policy is, but the patch is for samples/ 
directory and I do not think it is something which should necessarily go 
to stable. It is your call though.

Regards,
Miroslav

> ---
>  samples/livepatch/livepatch-shadow-fix1.c | 5 +++++
>  samples/livepatch/livepatch-shadow-mod.c  | 4 ++++
>  2 files changed, 9 insertions(+)
> 
> diff --git a/samples/livepatch/livepatch-shadow-fix1.c b/samples/livepatch/livepatch-shadow-fix1.c
> index 49b13553eaae..e8f1bd6b29b1 100644
> --- a/samples/livepatch/livepatch-shadow-fix1.c
> +++ b/samples/livepatch/livepatch-shadow-fix1.c
> @@ -89,6 +89,11 @@ struct dummy *livepatch_fix1_dummy_alloc(void)
>  	 * pointer to handle resource release.
>  	 */
>  	leak = kzalloc(sizeof(int), GFP_KERNEL);
> +	if (!leak) {
> +		kfree(d);
> +		return NULL;
> +	}
> +
>  	klp_shadow_alloc(d, SV_LEAK, sizeof(leak), GFP_KERNEL,
>  			 shadow_leak_ctor, leak);
>  
> diff --git a/samples/livepatch/livepatch-shadow-mod.c b/samples/livepatch/livepatch-shadow-mod.c
> index 4c54b250332d..4aa8a88d3cd6 100644
> --- a/samples/livepatch/livepatch-shadow-mod.c
> +++ b/samples/livepatch/livepatch-shadow-mod.c
> @@ -118,6 +118,10 @@ noinline struct dummy *dummy_alloc(void)
>  
>  	/* Oops, forgot to save leak! */
>  	leak = kzalloc(sizeof(int), GFP_KERNEL);
> +	if (!leak) {
> +		kfree(d);
> +		return NULL;
> +	}
>  
>  	pr_info("%s: dummy @ %p, expires @ %lx\n",
>  		__func__, d, d->jiffies_expire);
> -- 
> 2.19.1
> 


^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 034/258] sctp: Fix SKB list traversal in sctp_intl_store_reasm().
  2019-01-28 17:04   ` Marcelo Ricardo Leitner
@ 2019-01-28 18:04     ` Sasha Levin
  0 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 18:04 UTC (permalink / raw)
  To: Marcelo Ricardo Leitner
  Cc: linux-kernel, stable, David S. Miller, linux-sctp, netdev

On Mon, Jan 28, 2019 at 03:04:34PM -0200, Marcelo Ricardo Leitner wrote:
>On Mon, Jan 28, 2019 at 10:55:40AM -0500, Sasha Levin wrote:
>> From: "David S. Miller" <davem@davemloft.net>
>>
>> [ Upstream commit 348bbc25c40844c5efa083a3842c7f53d70a815e ]
>>
>> To be fully correct, an iterator has an undefined value when something
>> like skb_queue_walk() naturally terminates.
>>
>> This will actually matter when SKB queues are converted over to
>> list_head.
>>
>> Formalize what this code ends up doing with the current
>> implementation.
>
>I don't think this patch is really needed for -stable without the SKB
>queue convertion, but okay.

I'll drop it. I'm not sure why this sctp patch wasn't filtered out as
davem deals with net/. Sorry for the noise.

--
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 033/258] sctp: Fix SKB list traversal in sctp_intl_store_ordered().
  2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 033/258] sctp: Fix SKB list traversal in sctp_intl_store_ordered() Sasha Levin
@ 2019-01-28 18:09   ` Marcelo Ricardo Leitner
  0 siblings, 0 replies; 273+ messages in thread
From: Marcelo Ricardo Leitner @ 2019-01-28 18:09 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, stable, David S. Miller, linux-sctp, netdev

On Mon, Jan 28, 2019 at 10:55:39AM -0500, Sasha Levin wrote:
> From: "David S. Miller" <davem@davemloft.net>
> 
> [ Upstream commit e15e067d0656625c77c52b4e5f0cfbf0c0c3583f ]
> 
> Same change as made to sctp_intl_store_reasm().
> 
> To be fully correct, an iterator has an undefined value when something
> like skb_queue_walk() naturally terminates.
> 
> This will actually matter when SKB queues are converted over to
> list_head.
> 
> Formalize what this code ends up doing with the current
> implementation.

Hi Sasha,

This one too then.

Thanks,
Marcelo

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 174/258] livepatch: check kzalloc return values
  2019-01-28 17:28   ` Miroslav Benes
@ 2019-01-28 18:12     ` Sasha Levin
  0 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-01-28 18:12 UTC (permalink / raw)
  To: Miroslav Benes
  Cc: linux-kernel, stable, Nicholas Mc Guire, Jiri Kosina, live-patching

On Mon, Jan 28, 2019 at 06:28:14PM +0100, Miroslav Benes wrote:
>On Mon, 28 Jan 2019, Sasha Levin wrote:
>
>> From: Nicholas Mc Guire <hofrat@osadl.org>
>>
>> [ Upstream commit 5f30b2e823484ce6a79f2b59901b6351c15effa6 ]
>>
>> kzalloc() return should always be checked - notably in example code
>> where this may be seen as reference. On failure of allocation in
>> livepatch_fix1_dummy_alloc() respectively dummy_alloc() previous
>> allocation is freed (thanks to Petr Mladek <pmladek@suse.com> for
>> catching this) and NULL returned.
>>
>> Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
>> Fixes: 439e7271dc2b ("livepatch: introduce shadow variable API")
>> Acked-by: Joe Lawrence <joe.lawrence@redhat.com>
>> Reviewed-by: Petr Mladek <pmladek@suse.com>
>> Acked-by: Miroslav Benes <mbenes@suse.cz>
>> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>
>Hi Sasha,
>
>I am not sure what stable policy is, but the patch is for samples/
>directory and I do not think it is something which should necessarily go
>to stable. It is your call though.

The thing with samples/ is that (I'm hopefull that) the code that lives
in there is being used as a basis for userspace code and is copy&pasted
shamelessly.

So on one hand, yes, samples/ isn't exactly critical code, but on the
other hand it's also very unlikely to cause a regression, so I've been
treating it similarily to tools/testing/.

If anyone disagrees I'd be happy to discuss it.

--
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 059/258] x86/resctrl: Fixup the user-visible strings
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 059/258] x86/resctrl: Fixup the user-visible strings Sasha Levin
@ 2019-01-28 19:07   ` Reinette Chatre
  2019-02-02 19:30     ` Sasha Levin
  0 siblings, 1 reply; 273+ messages in thread
From: Reinette Chatre @ 2019-01-28 19:07 UTC (permalink / raw)
  To: Sasha Levin, linux-kernel, stable
  Cc: Babu Moger, Borislav Petkov, Andrew Morton, Andy Lutomirski,
	Arnd Bergmann, Brijesh Singh, Chang S. Bae, David Miller,
	David Woodhouse, Dmitry Safonov, Fenghua Yu, Greg Kroah-Hartman,
	H. Peter Anvin, Ingo Molnar, Jann Horn, Joerg Roedel,
	Jonathan Corbet, Josh Poimboeuf, Kate Stewart,
	Kirill A. Shutemov, linux-doc, Mauro Carvalho Chehab,
	Paolo Bonzini, Peter Zijlstra, Philippe Ombredanne, Pu Wen,
	qianyue.zj, Rafael J. Wysocki, Rian Hunter, Sherry Hurwitz,
	Suravee Suthikulpanit, Thomas Gleixner, Thomas Lendacky,
	Tony Luck, Vitaly Kuznetsov, xiaochen.shen

Hi Sasha,

On 1/28/2019 7:56 AM, Sasha Levin wrote:
> From: Babu Moger <Babu.Moger@amd.com>
> 
> [ Upstream commit 723f1a0dd8e26a7523ba068204bee11c95ded38d ]
> 
> Fix the messages in rdt_last_cmd_printf() and rdt_last_cmd_puts() to
> make them more meaningful and consistent.

It is not clear to me why this patch is considered for stable since it
just changes user visible strings to be more consistent.

If user visible string consistency/correctness is of concern and is what
prompted its consideration then please also consider to include upstream
commit
456824896de2b68df40b3ea5777ef49dc6cc8fda "x86/resctrl: Use
rdt_last_cmd_puts() where possible" that fixes two typos that was
introduced in this commit. This may introduce difficultly though since
the file layout changed between the kernel versions these patches are
found in.

Reinette

> 
>  [ bp: s/cpu/CPU/; s/mem\W/memory ]
> 
> Signed-off-by: Babu Moger <babu.moger@amd.com>
> Signed-off-by: Borislav Petkov <bp@suse.de>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Andy Lutomirski <luto@kernel.org>
> Cc: Arnd Bergmann <arnd@arndb.de>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: "Chang S. Bae" <chang.seok.bae@intel.com>
> Cc: David Miller <davem@davemloft.net>
> Cc: David Woodhouse <dwmw2@infradead.org>
> Cc: Dmitry Safonov <dima@arista.com>
> Cc: Fenghua Yu <fenghua.yu@intel.com>
> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Cc: "H. Peter Anvin" <hpa@zytor.com>
> Cc: Ingo Molnar <mingo@redhat.com>
> Cc: Jann Horn <jannh@google.com>
> Cc: Joerg Roedel <jroedel@suse.de>
> Cc: Jonathan Corbet <corbet@lwn.net>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> Cc: Kate Stewart <kstewart@linuxfoundation.org>
> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
> Cc: <linux-doc@vger.kernel.org>
> Cc: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Peter Zijlstra <peterz@infradead.org>
> Cc: Philippe Ombredanne <pombredanne@nexb.com>
> Cc: Pu Wen <puwen@hygon.cn>
> Cc: <qianyue.zj@alibaba-inc.com>
> Cc: "Rafael J. Wysocki" <rafael@kernel.org>
> Cc: Reinette Chatre <reinette.chatre@intel.com>
> Cc: Rian Hunter <rian@alum.mit.edu>
> Cc: Sherry Hurwitz <sherry.hurwitz@amd.com>
> Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
> Cc: Thomas Gleixner <tglx@linutronix.de>
> Cc: Thomas Lendacky <Thomas.Lendacky@amd.com>
> Cc: Tony Luck <tony.luck@intel.com>
> Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
> Cc: <xiaochen.shen@intel.com>
> Link: https://lkml.kernel.org/r/20181121202811.4492-11-babu.moger@amd.com
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
>  arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c | 22 ++++++-------
>  arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c | 34 +++++++++----------
>  arch/x86/kernel/cpu/intel_rdt_rdtgroup.c    | 36 ++++++++++-----------
>  3 files changed, 46 insertions(+), 46 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c b/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
> index 627e5c809b33..79d099538f2e 100644
> --- a/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
> +++ b/arch/x86/kernel/cpu/intel_rdt_ctrlmondata.c
> @@ -71,7 +71,7 @@ int parse_bw(struct rdt_parse_data *data, struct rdt_resource *r,
>  	unsigned long bw_val;
>  
>  	if (d->have_new_ctrl) {
> -		rdt_last_cmd_printf("duplicate domain %d\n", d->id);
> +		rdt_last_cmd_printf("Duplicate domain %d\n", d->id);
>  		return -EINVAL;
>  	}
>  
> @@ -97,12 +97,12 @@ static bool cbm_validate(char *buf, u32 *data, struct rdt_resource *r)
>  
>  	ret = kstrtoul(buf, 16, &val);
>  	if (ret) {
> -		rdt_last_cmd_printf("non-hex character in mask %s\n", buf);
> +		rdt_last_cmd_printf("Non-hex character in the mask %s\n", buf);
>  		return false;
>  	}
>  
>  	if (val == 0 || val > r->default_ctrl) {
> -		rdt_last_cmd_puts("mask out of range\n");
> +		rdt_last_cmd_puts("Mask out of range\n");
>  		return false;
>  	}
>  
> @@ -110,12 +110,12 @@ static bool cbm_validate(char *buf, u32 *data, struct rdt_resource *r)
>  	zero_bit = find_next_zero_bit(&val, cbm_len, first_bit);
>  
>  	if (find_next_bit(&val, cbm_len, zero_bit) < cbm_len) {
> -		rdt_last_cmd_printf("mask %lx has non-consecutive 1-bits\n", val);
> +		rdt_last_cmd_printf("The mask %lx has non-consecutive 1-bits\n", val);
>  		return false;
>  	}
>  
>  	if ((zero_bit - first_bit) < r->cache.min_cbm_bits) {
> -		rdt_last_cmd_printf("Need at least %d bits in mask\n",
> +		rdt_last_cmd_printf("Need at least %d bits in the mask\n",
>  				    r->cache.min_cbm_bits);
>  		return false;
>  	}
> @@ -135,7 +135,7 @@ int parse_cbm(struct rdt_parse_data *data, struct rdt_resource *r,
>  	u32 cbm_val;
>  
>  	if (d->have_new_ctrl) {
> -		rdt_last_cmd_printf("duplicate domain %d\n", d->id);
> +		rdt_last_cmd_printf("Duplicate domain %d\n", d->id);
>  		return -EINVAL;
>  	}
>  
> @@ -145,7 +145,7 @@ int parse_cbm(struct rdt_parse_data *data, struct rdt_resource *r,
>  	 */
>  	if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP &&
>  	    rdtgroup_pseudo_locked_in_hierarchy(d)) {
> -		rdt_last_cmd_printf("pseudo-locked region in hierarchy\n");
> +		rdt_last_cmd_printf("Pseudo-locked region in hierarchy\n");
>  		return -EINVAL;
>  	}
>  
> @@ -164,14 +164,14 @@ int parse_cbm(struct rdt_parse_data *data, struct rdt_resource *r,
>  	 * either is exclusive.
>  	 */
>  	if (rdtgroup_cbm_overlaps(r, d, cbm_val, rdtgrp->closid, true)) {
> -		rdt_last_cmd_printf("overlaps with exclusive group\n");
> +		rdt_last_cmd_printf("Overlaps with exclusive group\n");
>  		return -EINVAL;
>  	}
>  
>  	if (rdtgroup_cbm_overlaps(r, d, cbm_val, rdtgrp->closid, false)) {
>  		if (rdtgrp->mode == RDT_MODE_EXCLUSIVE ||
>  		    rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP) {
> -			rdt_last_cmd_printf("overlaps with other group\n");
> +			rdt_last_cmd_printf("0verlaps with other group\n");
>  			return -EINVAL;
>  		}
>  	}
> @@ -293,7 +293,7 @@ static int rdtgroup_parse_resource(char *resname, char *tok,
>  		if (!strcmp(resname, r->name) && rdtgrp->closid < r->num_closid)
>  			return parse_line(tok, r, rdtgrp);
>  	}
> -	rdt_last_cmd_printf("unknown/unsupported resource name '%s'\n", resname);
> +	rdt_last_cmd_printf("Unknown or unsupported resource name '%s'\n", resname);
>  	return -EINVAL;
>  }
>  
> @@ -326,7 +326,7 @@ ssize_t rdtgroup_schemata_write(struct kernfs_open_file *of,
>  	 */
>  	if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) {
>  		ret = -EINVAL;
> -		rdt_last_cmd_puts("resource group is pseudo-locked\n");
> +		rdt_last_cmd_puts("Resource group is pseudo-locked\n");
>  		goto out;
>  	}
>  
> diff --git a/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c b/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
> index f8c260d522ca..caa680fb5680 100644
> --- a/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
> +++ b/arch/x86/kernel/cpu/intel_rdt_pseudo_lock.c
> @@ -221,7 +221,7 @@ static int pseudo_lock_cstates_constrain(struct pseudo_lock_region *plr)
>  	for_each_cpu(cpu, &plr->d->cpu_mask) {
>  		pm_req = kzalloc(sizeof(*pm_req), GFP_KERNEL);
>  		if (!pm_req) {
> -			rdt_last_cmd_puts("fail allocating mem for PM QoS\n");
> +			rdt_last_cmd_puts("Failure to allocate memory for PM QoS\n");
>  			ret = -ENOMEM;
>  			goto out_err;
>  		}
> @@ -230,7 +230,7 @@ static int pseudo_lock_cstates_constrain(struct pseudo_lock_region *plr)
>  					     DEV_PM_QOS_RESUME_LATENCY,
>  					     30);
>  		if (ret < 0) {
> -			rdt_last_cmd_printf("fail to add latency req cpu%d\n",
> +			rdt_last_cmd_printf("Failed to add latency req CPU%d\n",
>  					    cpu);
>  			kfree(pm_req);
>  			ret = -1;
> @@ -297,7 +297,7 @@ static int pseudo_lock_region_init(struct pseudo_lock_region *plr)
>  	plr->cpu = cpumask_first(&plr->d->cpu_mask);
>  
>  	if (!cpu_online(plr->cpu)) {
> -		rdt_last_cmd_printf("cpu %u associated with cache not online\n",
> +		rdt_last_cmd_printf("CPU %u associated with cache not online\n",
>  				    plr->cpu);
>  		ret = -ENODEV;
>  		goto out_region;
> @@ -315,7 +315,7 @@ static int pseudo_lock_region_init(struct pseudo_lock_region *plr)
>  	}
>  
>  	ret = -1;
> -	rdt_last_cmd_puts("unable to determine cache line size\n");
> +	rdt_last_cmd_puts("Unable to determine cache line size\n");
>  out_region:
>  	pseudo_lock_region_clear(plr);
>  	return ret;
> @@ -369,14 +369,14 @@ static int pseudo_lock_region_alloc(struct pseudo_lock_region *plr)
>  	 * KMALLOC_MAX_SIZE.
>  	 */
>  	if (plr->size > KMALLOC_MAX_SIZE) {
> -		rdt_last_cmd_puts("requested region exceeds maximum size\n");
> +		rdt_last_cmd_puts("Requested region exceeds maximum size\n");
>  		ret = -E2BIG;
>  		goto out_region;
>  	}
>  
>  	plr->kmem = kzalloc(plr->size, GFP_KERNEL);
>  	if (!plr->kmem) {
> -		rdt_last_cmd_puts("unable to allocate memory\n");
> +		rdt_last_cmd_puts("Unable to allocate memory\n");
>  		ret = -ENOMEM;
>  		goto out_region;
>  	}
> @@ -673,7 +673,7 @@ int rdtgroup_locksetup_enter(struct rdtgroup *rdtgrp)
>  	 * default closid associated with it.
>  	 */
>  	if (rdtgrp == &rdtgroup_default) {
> -		rdt_last_cmd_puts("cannot pseudo-lock default group\n");
> +		rdt_last_cmd_puts("Cannot pseudo-lock default group\n");
>  		return -EINVAL;
>  	}
>  
> @@ -715,17 +715,17 @@ int rdtgroup_locksetup_enter(struct rdtgroup *rdtgrp)
>  	 */
>  	prefetch_disable_bits = get_prefetch_disable_bits();
>  	if (prefetch_disable_bits == 0) {
> -		rdt_last_cmd_puts("pseudo-locking not supported\n");
> +		rdt_last_cmd_puts("Pseudo-locking not supported\n");
>  		return -EINVAL;
>  	}
>  
>  	if (rdtgroup_monitor_in_progress(rdtgrp)) {
> -		rdt_last_cmd_puts("monitoring in progress\n");
> +		rdt_last_cmd_puts("Monitoring in progress\n");
>  		return -EINVAL;
>  	}
>  
>  	if (rdtgroup_tasks_assigned(rdtgrp)) {
> -		rdt_last_cmd_puts("tasks assigned to resource group\n");
> +		rdt_last_cmd_puts("Tasks assigned to resource group\n");
>  		return -EINVAL;
>  	}
>  
> @@ -735,13 +735,13 @@ int rdtgroup_locksetup_enter(struct rdtgroup *rdtgrp)
>  	}
>  
>  	if (rdtgroup_locksetup_user_restrict(rdtgrp)) {
> -		rdt_last_cmd_puts("unable to modify resctrl permissions\n");
> +		rdt_last_cmd_puts("Unable to modify resctrl permissions\n");
>  		return -EIO;
>  	}
>  
>  	ret = pseudo_lock_init(rdtgrp);
>  	if (ret) {
> -		rdt_last_cmd_puts("unable to init pseudo-lock region\n");
> +		rdt_last_cmd_puts("Unable to init pseudo-lock region\n");
>  		goto out_release;
>  	}
>  
> @@ -778,7 +778,7 @@ int rdtgroup_locksetup_exit(struct rdtgroup *rdtgrp)
>  	if (rdt_mon_capable) {
>  		ret = alloc_rmid();
>  		if (ret < 0) {
> -			rdt_last_cmd_puts("out of RMIDs\n");
> +			rdt_last_cmd_puts("Out of RMIDs\n");
>  			return ret;
>  		}
>  		rdtgrp->mon.rmid = ret;
> @@ -1234,7 +1234,7 @@ int rdtgroup_pseudo_lock_create(struct rdtgroup *rdtgrp)
>  					"pseudo_lock/%u", plr->cpu);
>  	if (IS_ERR(thread)) {
>  		ret = PTR_ERR(thread);
> -		rdt_last_cmd_printf("locking thread returned error %d\n", ret);
> +		rdt_last_cmd_printf("Locking thread returned error %d\n", ret);
>  		goto out_cstates;
>  	}
>  
> @@ -1252,13 +1252,13 @@ int rdtgroup_pseudo_lock_create(struct rdtgroup *rdtgrp)
>  		 * the cleared, but not freed, plr struct resulting in an
>  		 * empty pseudo-locking loop.
>  		 */
> -		rdt_last_cmd_puts("locking thread interrupted\n");
> +		rdt_last_cmd_puts("Locking thread interrupted\n");
>  		goto out_cstates;
>  	}
>  
>  	ret = pseudo_lock_minor_get(&new_minor);
>  	if (ret < 0) {
> -		rdt_last_cmd_puts("unable to obtain a new minor number\n");
> +		rdt_last_cmd_puts("Unable to obtain a new minor number\n");
>  		goto out_cstates;
>  	}
>  
> @@ -1290,7 +1290,7 @@ int rdtgroup_pseudo_lock_create(struct rdtgroup *rdtgrp)
>  
>  	if (IS_ERR(dev)) {
>  		ret = PTR_ERR(dev);
> -		rdt_last_cmd_printf("failed to create character device: %d\n",
> +		rdt_last_cmd_printf("Failed to create character device: %d\n",
>  				    ret);
>  		goto out_debugfs;
>  	}
> diff --git a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
> index 643670fb8943..49ebefde9349 100644
> --- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
> +++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c
> @@ -335,7 +335,7 @@ static int cpus_mon_write(struct rdtgroup *rdtgrp, cpumask_var_t newmask,
>  	/* Check whether cpus belong to parent ctrl group */
>  	cpumask_andnot(tmpmask, newmask, &prgrp->cpu_mask);
>  	if (cpumask_weight(tmpmask)) {
> -		rdt_last_cmd_puts("can only add CPUs to mongroup that belong to parent\n");
> +		rdt_last_cmd_puts("Can only add CPUs to mongroup that belong to parent\n");
>  		return -EINVAL;
>  	}
>  
> @@ -460,14 +460,14 @@ static ssize_t rdtgroup_cpus_write(struct kernfs_open_file *of,
>  	rdt_last_cmd_clear();
>  	if (!rdtgrp) {
>  		ret = -ENOENT;
> -		rdt_last_cmd_puts("directory was removed\n");
> +		rdt_last_cmd_puts("Directory was removed\n");
>  		goto unlock;
>  	}
>  
>  	if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED ||
>  	    rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP) {
>  		ret = -EINVAL;
> -		rdt_last_cmd_puts("pseudo-locking in progress\n");
> +		rdt_last_cmd_puts("Pseudo-locking in progress\n");
>  		goto unlock;
>  	}
>  
> @@ -477,7 +477,7 @@ static ssize_t rdtgroup_cpus_write(struct kernfs_open_file *of,
>  		ret = cpumask_parse(buf, newmask);
>  
>  	if (ret) {
> -		rdt_last_cmd_puts("bad cpu list/mask\n");
> +		rdt_last_cmd_puts("Bad CPU list/mask\n");
>  		goto unlock;
>  	}
>  
> @@ -485,7 +485,7 @@ static ssize_t rdtgroup_cpus_write(struct kernfs_open_file *of,
>  	cpumask_andnot(tmpmask, newmask, cpu_online_mask);
>  	if (cpumask_weight(tmpmask)) {
>  		ret = -EINVAL;
> -		rdt_last_cmd_puts("can only assign online cpus\n");
> +		rdt_last_cmd_puts("Can only assign online CPUs\n");
>  		goto unlock;
>  	}
>  
> @@ -564,7 +564,7 @@ static int __rdtgroup_move_task(struct task_struct *tsk,
>  		 */
>  		atomic_dec(&rdtgrp->waitcount);
>  		kfree(callback);
> -		rdt_last_cmd_puts("task exited\n");
> +		rdt_last_cmd_puts("Task exited\n");
>  	} else {
>  		/*
>  		 * For ctrl_mon groups move both closid and rmid.
> @@ -682,7 +682,7 @@ static ssize_t rdtgroup_tasks_write(struct kernfs_open_file *of,
>  	if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED ||
>  	    rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP) {
>  		ret = -EINVAL;
> -		rdt_last_cmd_puts("pseudo-locking in progress\n");
> +		rdt_last_cmd_puts("Pseudo-locking in progress\n");
>  		goto unlock;
>  	}
>  
> @@ -1042,14 +1042,14 @@ static bool rdtgroup_mode_test_exclusive(struct rdtgroup *rdtgrp)
>  		list_for_each_entry(d, &r->domains, list) {
>  			if (rdtgroup_cbm_overlaps(r, d, d->ctrl_val[closid],
>  						  rdtgrp->closid, false)) {
> -				rdt_last_cmd_puts("schemata overlaps\n");
> +				rdt_last_cmd_puts("Schemata overlaps\n");
>  				return false;
>  			}
>  		}
>  	}
>  
>  	if (!has_cache) {
> -		rdt_last_cmd_puts("cannot be exclusive without CAT/CDP\n");
> +		rdt_last_cmd_puts("Cannot be exclusive without CAT/CDP\n");
>  		return false;
>  	}
>  
> @@ -1090,7 +1090,7 @@ static ssize_t rdtgroup_mode_write(struct kernfs_open_file *of,
>  		goto out;
>  
>  	if (mode == RDT_MODE_PSEUDO_LOCKED) {
> -		rdt_last_cmd_printf("cannot change pseudo-locked group\n");
> +		rdt_last_cmd_printf("Cannot change pseudo-locked group\n");
>  		ret = -EINVAL;
>  		goto out;
>  	}
> @@ -1119,7 +1119,7 @@ static ssize_t rdtgroup_mode_write(struct kernfs_open_file *of,
>  			goto out;
>  		rdtgrp->mode = RDT_MODE_PSEUDO_LOCKSETUP;
>  	} else {
> -		rdt_last_cmd_printf("unknown/unsupported mode\n");
> +		rdt_last_cmd_printf("Unknown orunsupported mode\n");
>  		ret = -EINVAL;
>  	}
>  
> @@ -2403,7 +2403,7 @@ static int rdtgroup_init_alloc(struct rdtgroup *rdtgrp)
>  			tmp_cbm = d->new_ctrl;
>  			if (bitmap_weight(&tmp_cbm, r->cache.cbm_len) <
>  			    r->cache.min_cbm_bits) {
> -				rdt_last_cmd_printf("no space on %s:%d\n",
> +				rdt_last_cmd_printf("No space on %s:%d\n",
>  						    r->name, d->id);
>  				return -ENOSPC;
>  			}
> @@ -2420,7 +2420,7 @@ static int rdtgroup_init_alloc(struct rdtgroup *rdtgrp)
>  			continue;
>  		ret = update_domains(r, rdtgrp->closid);
>  		if (ret < 0) {
> -			rdt_last_cmd_puts("failed to initialize allocations\n");
> +			rdt_last_cmd_puts("Failed to initialize allocations\n");
>  			return ret;
>  		}
>  		rdtgrp->mode = RDT_MODE_SHAREABLE;
> @@ -2443,7 +2443,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
>  	rdt_last_cmd_clear();
>  	if (!prdtgrp) {
>  		ret = -ENODEV;
> -		rdt_last_cmd_puts("directory was removed\n");
> +		rdt_last_cmd_puts("Directory was removed\n");
>  		goto out_unlock;
>  	}
>  
> @@ -2451,7 +2451,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
>  	    (prdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP ||
>  	     prdtgrp->mode == RDT_MODE_PSEUDO_LOCKED)) {
>  		ret = -EINVAL;
> -		rdt_last_cmd_puts("pseudo-locking in progress\n");
> +		rdt_last_cmd_puts("Pseudo-locking in progress\n");
>  		goto out_unlock;
>  	}
>  
> @@ -2459,7 +2459,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
>  	rdtgrp = kzalloc(sizeof(*rdtgrp), GFP_KERNEL);
>  	if (!rdtgrp) {
>  		ret = -ENOSPC;
> -		rdt_last_cmd_puts("kernel out of memory\n");
> +		rdt_last_cmd_puts("Kernel out of memory\n");
>  		goto out_unlock;
>  	}
>  	*r = rdtgrp;
> @@ -2500,7 +2500,7 @@ static int mkdir_rdt_prepare(struct kernfs_node *parent_kn,
>  	if (rdt_mon_capable) {
>  		ret = alloc_rmid();
>  		if (ret < 0) {
> -			rdt_last_cmd_puts("out of RMIDs\n");
> +			rdt_last_cmd_puts("Out of RMIDs\n");
>  			goto out_destroy;
>  		}
>  		rdtgrp->mon.rmid = ret;
> @@ -2588,7 +2588,7 @@ static int rdtgroup_mkdir_ctrl_mon(struct kernfs_node *parent_kn,
>  	kn = rdtgrp->kn;
>  	ret = closid_alloc();
>  	if (ret < 0) {
> -		rdt_last_cmd_puts("out of CLOSIDs\n");
> +		rdt_last_cmd_puts("Out of CLOSIDs\n");
>  		goto out_common_fail;
>  	}
>  	closid = ret;
> 


^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 083/258] drm: Move drm_mode_setcrtc() local re-init to failure path
  2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 083/258] drm: Move drm_mode_setcrtc() local re-init to failure path Sasha Levin
@ 2019-01-28 21:03   ` Sean Paul
  2019-02-02 17:32     ` Sasha Levin
  0 siblings, 1 reply; 273+ messages in thread
From: Sean Paul @ 2019-01-28 21:03 UTC (permalink / raw)
  To: Sasha Levin; +Cc: linux-kernel, stable, Sean Paul, dri-devel

On Mon, Jan 28, 2019 at 10:56:29AM -0500, Sasha Levin wrote:
> From: Sean Paul <seanpaul@chromium.org>
> 
> [ Upstream commit c232e9f41b136c141df9938024e521191a7b910d ]
> 
> Instead of always re-initializing the variables we need to clean up on
> out, move the re-initialization into the branch that goes back to retry
> label.
> 
> This is a lateral move right now, but will allow us to pull out the
> modeset locking into common code. I kept this change separate to make
> things easier to review.
> 
> Changes in v2:
> - None
> 
> Reviewed-by: Daniel Vetter <daniel@ffwll.ch>
> Signed-off-by: Sean Paul <seanpaul@chromium.org>
> Link: https://patchwork.freedesktop.org/patch/msgid/20181129150423.239081-2-sean@poorly.run
> Signed-off-by: Sasha Levin <sashal@kernel.org>

This probably doesn't need to get pulled back to stable. It was a pre-cursor for
some new helper macros that also don't need to be pulled back.

(Same comment for the 4.20 version)

Sean

> ---
>  drivers/gpu/drm/drm_crtc.c | 16 +++++++++-------
>  1 file changed, 9 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
> index 9cbe8f5c9aca..ed9d7fc4cb2c 100644
> --- a/drivers/gpu/drm/drm_crtc.c
> +++ b/drivers/gpu/drm/drm_crtc.c
> @@ -567,9 +567,9 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
>  	struct drm_mode_crtc *crtc_req = data;
>  	struct drm_crtc *crtc;
>  	struct drm_plane *plane;
> -	struct drm_connector **connector_set, *connector;
> -	struct drm_framebuffer *fb;
> -	struct drm_display_mode *mode;
> +	struct drm_connector **connector_set = NULL, *connector;
> +	struct drm_framebuffer *fb = NULL;
> +	struct drm_display_mode *mode = NULL;
>  	struct drm_mode_set set;
>  	uint32_t __user *set_connectors_ptr;
>  	struct drm_modeset_acquire_ctx ctx;
> @@ -598,10 +598,6 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
>  	mutex_lock(&crtc->dev->mode_config.mutex);
>  	drm_modeset_acquire_init(&ctx, DRM_MODESET_ACQUIRE_INTERRUPTIBLE);
>  retry:
> -	connector_set = NULL;
> -	fb = NULL;
> -	mode = NULL;
> -
>  	ret = drm_modeset_lock_all_ctx(crtc->dev, &ctx);
>  	if (ret)
>  		goto out;
> @@ -763,6 +759,12 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
>  	}
>  	kfree(connector_set);
>  	drm_mode_destroy(dev, mode);
> +
> +	/* In case we need to retry... */
> +	connector_set = NULL;
> +	fb = NULL;
> +	mode = NULL;
> +
>  	if (ret == -EDEADLK) {
>  		ret = drm_modeset_backoff(&ctx);
>  		if (!ret)
> -- 
> 2.19.1
> 
> _______________________________________________
> dri-devel mailing list
> dri-devel@lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/dri-devel

-- 
Sean Paul, Software Engineer, Google / Chromium OS

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 181/258] tools uapi asm: Update asm-generic/unistd.h copy
  2019-01-28 16:56   ` Arnd Bergmann
@ 2019-02-02 17:30     ` Sasha Levin
  0 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-02-02 17:30 UTC (permalink / raw)
  To: Arnd Bergmann
  Cc: Linux Kernel Mailing List, # 3.4.x, Arnaldo Carvalho de Melo,
	Adrian Hunter, Guo Ren, Jiri Olsa, Namhyung Kim

On Mon, Jan 28, 2019 at 05:56:55PM +0100, Arnd Bergmann wrote:
>On Mon, Jan 28, 2019 at 5:07 PM Sasha Levin <sashal@kernel.org> wrote:
>>
>> From: Arnaldo Carvalho de Melo <acme@redhat.com>
>>
>> [ Upstream commit 89a0948984896352cac1ebe079cb3d64d6c3adc6 ]
>>
>> To get the change in:
>>
>>   b7d624ab4312 ("asm-generic: unistd.h: fixup broken macro include.")
>>
>> That doesn't imply in any changes in the tools.
>
>This one should only be in linux-4.20, not any earlier tree that
>does not also backport b7d624ab4312, otherwise the uapi headers
>are wrong.
>
>I don't think we want b7d624ab4312 backported, it would only
>be useful if we backport all y2038 patches.

I dropped it, thanks!

--
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 083/258] drm: Move drm_mode_setcrtc() local re-init to failure path
  2019-01-28 21:03   ` Sean Paul
@ 2019-02-02 17:32     ` Sasha Levin
  0 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-02-02 17:32 UTC (permalink / raw)
  To: Sean Paul; +Cc: linux-kernel, stable, Sean Paul, dri-devel

On Mon, Jan 28, 2019 at 04:03:41PM -0500, Sean Paul wrote:
>On Mon, Jan 28, 2019 at 10:56:29AM -0500, Sasha Levin wrote:
>> From: Sean Paul <seanpaul@chromium.org>
>>
>> [ Upstream commit c232e9f41b136c141df9938024e521191a7b910d ]
>>
>> Instead of always re-initializing the variables we need to clean up on
>> out, move the re-initialization into the branch that goes back to retry
>> label.
>>
>> This is a lateral move right now, but will allow us to pull out the
>> modeset locking into common code. I kept this change separate to make
>> things easier to review.
>>
>> Changes in v2:
>> - None
>>
>> Reviewed-by: Daniel Vetter <daniel@ffwll.ch>
>> Signed-off-by: Sean Paul <seanpaul@chromium.org>
>> Link: https://patchwork.freedesktop.org/patch/msgid/20181129150423.239081-2-sean@poorly.run
>> Signed-off-by: Sasha Levin <sashal@kernel.org>
>
>This probably doesn't need to get pulled back to stable. It was a pre-cursor for
>some new helper macros that also don't need to be pulled back.
>
>(Same comment for the 4.20 version)

Now dropped, thank you.

--
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 273+ messages in thread

* Re: [PATCH AUTOSEL 4.19 059/258] x86/resctrl: Fixup the user-visible strings
  2019-01-28 19:07   ` Reinette Chatre
@ 2019-02-02 19:30     ` Sasha Levin
  0 siblings, 0 replies; 273+ messages in thread
From: Sasha Levin @ 2019-02-02 19:30 UTC (permalink / raw)
  To: Reinette Chatre
  Cc: linux-kernel, stable, Babu Moger, Borislav Petkov, Andrew Morton,
	Andy Lutomirski, Arnd Bergmann, Brijesh Singh, Chang S. Bae,
	David Miller, David Woodhouse, Dmitry Safonov, Fenghua Yu,
	Greg Kroah-Hartman, H. Peter Anvin, Ingo Molnar, Jann Horn,
	Joerg Roedel, Jonathan Corbet, Josh Poimboeuf, Kate Stewart,
	Kirill A. Shutemov, linux-doc, Mauro Carvalho Chehab,
	Paolo Bonzini, Peter Zijlstra, Philippe Ombredanne, Pu Wen,
	qianyue.zj, Rafael J. Wysocki, Rian Hunter, Sherry Hurwitz,
	Suravee Suthikulpanit, Thomas Gleixner, Thomas Lendacky,
	Tony Luck, Vitaly Kuznetsov, xiaochen.shen

On Mon, Jan 28, 2019 at 11:07:34AM -0800, Reinette Chatre wrote:
>Hi Sasha,
>
>On 1/28/2019 7:56 AM, Sasha Levin wrote:
>> From: Babu Moger <Babu.Moger@amd.com>
>>
>> [ Upstream commit 723f1a0dd8e26a7523ba068204bee11c95ded38d ]
>>
>> Fix the messages in rdt_last_cmd_printf() and rdt_last_cmd_puts() to
>> make them more meaningful and consistent.
>
>It is not clear to me why this patch is considered for stable since it
>just changes user visible strings to be more consistent.
>
>If user visible string consistency/correctness is of concern and is what
>prompted its consideration then please also consider to include upstream
>commit
>456824896de2b68df40b3ea5777ef49dc6cc8fda "x86/resctrl: Use
>rdt_last_cmd_puts() where possible" that fixes two typos that was
>introduced in this commit. This may introduce difficultly though since
>the file layout changed between the kernel versions these patches are
>found in.

I've dropped it, it shouldn't have been included to begin with.

--
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 273+ messages in thread

end of thread, other threads:[~2019-02-02 19:30 UTC | newest]

Thread overview: 273+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-28 15:55 [PATCH AUTOSEL 4.19 001/258] drm/bufs: Fix Spectre v1 vulnerability Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 002/258] staging: iio: adc: ad7280a: handle error from __ad7280_read32() Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 003/258] drm/vgem: Fix vgem_init to get drm device available Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 004/258] pinctrl: bcm2835: Use raw spinlock for RT compatibility Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 005/258] ASoC: Intel: mrfld: fix uninitialized variable access Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 006/258] gpiolib: Fix possible use after free on label Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 007/258] drm/sun4i: Initialize registers in tcon-top driver Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 008/258] genirq/affinity: Spread IRQs to all available NUMA nodes Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 009/258] gpu: ipu-v3: image-convert: Prevent race between run and unprepare Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 010/258] nds32: Fix gcc 8.0 compiler option incompatible Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 011/258] wil6210: fix reset flow for Talyn-mb Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 012/258] wil6210: fix memory leak in wil_find_tx_bcast_2 Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 013/258] ath10k: assign 'n_cipher_suites' for WCN3990 Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 014/258] ath9k: dynack: use authentication messages for 'late' ack Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 015/258] scsi: lpfc: Correct LCB RJT handling Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 016/258] scsi: mpt3sas: Call sas_remove_host before removing the target devices Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 017/258] scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 018/258] platform/x86: asus-nb-wmi: Map 0x35 to KEY_SCREENLOCK Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 019/258] ARM: 8808/1: kexec:offline panic_smp_self_stop CPU Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 020/258] clk: boston: fix possible memory leak in clk_boston_setup() Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 021/258] dlm: Don't swamp the CPU with callbacks queued during recovery Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 022/258] x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 023/258] powerpc/pseries: add of_node_put() in dlpar_detach_node() Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 024/258] srcu: Prevent __call_srcu() counter wrap with read-side critical section Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 025/258] of: overlay: do not duplicate properties from overlay for new nodes Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 026/258] crypto: aes_ti - disable interrupts while accessing S-box Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 027/258] drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 028/258] serial: fsl_lpuart: clear parity enable bit when disable parity Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 029/258] serial: core: Allow processing sysrq at port unlock time Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 030/258] ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 031/258] MIPS: Boston: Disable EG20T prefetch Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 032/258] dpaa2-ptp: defer probe when portal allocation failed Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 033/258] sctp: Fix SKB list traversal in sctp_intl_store_ordered() Sasha Levin
2019-01-28 18:09   ` Marcelo Ricardo Leitner
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 034/258] sctp: Fix SKB list traversal in sctp_intl_store_reasm() Sasha Levin
2019-01-28 17:04   ` Marcelo Ricardo Leitner
2019-01-28 18:04     ` Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 035/258] iwlwifi: fw: do not set sgi bits for HE connection Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 036/258] staging:iio:ad2s90: Make probe handle spi_setup failure Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 037/258] fpga: altera-cvp: Fix registration for CvP incapable devices Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 038/258] Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1 Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 039/258] fpga: altera-cvp: fix 'bad IO access' on x86_64 Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 040/258] vbox: fix link error with 'gcc -Og' Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 041/258] platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 042/258] i40e: prevent overlapping tx_timeout recover Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 043/258] scsi: hisi_sas: change the time of SAS SSP connection Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 044/258] staging: iio: ad7780: update voltage on read Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 045/258] usbnet: smsc95xx: fix rx packet alignment Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 046/258] drm/rockchip: fix for mailbox read size Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 047/258] ARM: OMAP2+: hwmod: Fix some section annotations Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 048/258] drm/amd/display: fix gamma not being applied correctly Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 049/258] drm/amd/display: calculate stream->phy_pix_clk before clock mapping Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 050/258] bpf: libbpf: retry map creation without the name Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 051/258] net/mlx5: EQ, Use the right place to store/read IRQ affinity hint Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 052/258] modpost: validate symbol names also in find_elf_symbol Sasha Levin
2019-01-28 15:55 ` [PATCH AUTOSEL 4.19 053/258] perf tools: Add Hygon Dhyana support Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 054/258] soc/tegra: Don't leak device tree node reference Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 055/258] media: rc: ensure close() is called on rc_unregister_device Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 056/258] media: video-i2c: avoid accessing released memory area when removing driver Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 057/258] media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 058/258] staging: erofs: fix the definition of DBG_BUGON Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 059/258] x86/resctrl: Fixup the user-visible strings Sasha Levin
2019-01-28 19:07   ` Reinette Chatre
2019-02-02 19:30     ` Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 060/258] clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 061/258] clk: meson: meson8b: fix the width of the cpu_scale_div clock Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 062/258] clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 063/258] ptp: Fix pass zero to ERR_PTR() in ptp_clock_register Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 064/258] dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 065/258] powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 066/258] iio: adc: meson-saradc: check for devm_kasprintf failure Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 067/258] iio: adc: meson-saradc: fix internal clock names Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 068/258] iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 069/258] media: adv*/tc358743/ths8200: fill in min width/height/pixelclock Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 070/258] ACPI: SPCR: Consider baud rate 0 as preconfigured state Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 071/258] staging: pi433: fix potential null dereference Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 072/258] f2fs: move dir data flush to write checkpoint process Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 073/258] f2fs: avoid build warn of fall_through Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 074/258] f2fs: fix race between write_checkpoint and write_begin Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 075/258] f2fs: fix wrong return value of f2fs_acl_create Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 076/258] i2c: sh_mobile: add support for r8a77990 (R-Car E3) Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 077/258] arm64: io: Ensure calls to delay routines are ordered against prior readX() Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 078/258] net: aquantia: return 'err' if set MPI_DEINIT state fails Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 079/258] sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 080/258] soc: bcm: brcmstb: Don't leak device tree node reference Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 081/258] nfsd4: fix crash on writing v4_end_grace before nfsd startup Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 082/258] drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 083/258] drm: Move drm_mode_setcrtc() local re-init to failure path Sasha Levin
2019-01-28 21:03   ` Sean Paul
2019-02-02 17:32     ` Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 084/258] perf: arm_spe: handle devm_kasprintf() failure Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 085/258] arm64: io: Ensure value passed to __iormb() is held in a 64-bit register Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 086/258] Thermal: do not clear passive state during system sleep Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 087/258] thermal: Fix locking in cooling device sysfs update cur_state Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 088/258] firmware/efi: Add NULL pointer checks in efivars API functions Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 089/258] s390/zcrypt: improve special ap message cmd handling Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 090/258] mt76x0: dfs: fix IBI_R11 configuration on non-radar channels Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 091/258] arm64: ftrace: don't adjust the LR value Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 092/258] drm/v3d: Fix prime imports of buffers from other drivers Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 093/258] ARM: dts: mmp2: fix TWSI2 Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 094/258] nfp: add locking around representor changes Sasha Levin
2019-01-28 16:28   ` Jakub Kicinski
2019-01-28 17:21     ` Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 095/258] ARM: mmp/mmp2: dt: enable the clock Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 096/258] ARM: dts: aspeed: add missing memory unit-address Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 097/258] x86/fpu: Add might_fault() to user_insn() Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 098/258] media: i2c: TDA1997x: select CONFIG_HDMI Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 099/258] media: DaVinci-VPBE: fix error handling in vpbe_initialize() Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 100/258] smack: fix access permissions for keyring Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 101/258] xtensa: xtfpga.dtsi: fix dtc warnings about SPI Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 102/258] usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 103/258] usb: dwc2: Disable power down feature on Samsung SoCs Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 104/258] usb: hub: delay hub autosuspend if USB3 port is still link training Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 105/258] timekeeping: Use proper seqcount initializer Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 106/258] usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 107/258] clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 108/258] media: imx274: select REGMAP_I2C Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 109/258] drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2) Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 110/258] tipc: fix node keep alive interval calculation Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 111/258] driver core: Move async_synchronize_full call Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 112/258] kobject: return error code if writing /sys/.../uevent fails Sasha Levin
2019-01-28 15:56 ` [PATCH AUTOSEL 4.19 113/258] IB/hfi1: Unreserve a reserved request when it is completed Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 114/258] usb: dwc3: trace: add missing break statement to make compiler happy Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 115/258] gpio: mt7621: report failure of devm_kasprintf() Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 116/258] gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 117/258] pinctrl: sx150x: handle failure case of devm_kstrdup Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 118/258] iommu/amd: Fix amd_iommu=force_isolation Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 119/258] ARM: dts: Fix OMAP4430 SDP Ethernet startup Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 120/258] mips: bpf: fix encoding bug for mm_srlv32_op Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 121/258] media: coda: fix H.264 deblocking filter controls Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 122/258] ARM: dts: Fix up the D-Link DIR-685 MTD partition info Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 123/258] tracing: Have trace_stack nr_entries compare not be so subtle Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 124/258] Input: rotary-encoder - don't log EPROBE_DEFER to kernel log Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 125/258] watchdog: renesas_wdt: don't set divider while watchdog is running Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 126/258] ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1 Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 127/258] usb: dwc3: gadget: Disable CSP for stream OUT ep Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 128/258] iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 129/258] iommu/arm-smmu: Add support for qcom,smmu-v2 variant Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 130/258] iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 131/258] sata_rcar: fix deferred probing Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 132/258] clk: imx6sl: ensure MMDC CH0 handshake is bypassed Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 133/258] platform/x86: mlx-platform: Fix tachometer registers Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 134/258] cpuidle: big.LITTLE: fix refcount leak Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 135/258] OPP: Use opp_table->regulators to verify no regulator case Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 136/258] tee: optee: avoid possible double list_del() Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 137/258] drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 138/258] drm/msm: dpu: Only check flush register against pending flushes Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 139/258] lightnvm: pblk: fix resubmission of overwritten write err lbas Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 140/258] lightnvm: pblk: add lock protection to list operations Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 141/258] i2c-axxia: check for error conditions first Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 142/258] phy: sun4i-usb: add support for missing USB PHY index Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 143/258] mlxsw: spectrum_acl: Limit priority value Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 144/258] udf: Fix BUG on corrupted inode Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 145/258] switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 146/258] selftests/bpf: use __bpf_constant_htons in test_prog.c Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 147/258] ARM: pxa: avoid section mismatch warning Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 148/258] ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 149/258] ARM: mmp: fix timer_init calls Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 150/258] KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 151/258] mmc: bcm2835: Recover from MMC_SEND_EXT_CSD Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 152/258] mmc: bcm2835: reset host on timeout Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 153/258] mmc: meson-mx-sdio: check devm_kasprintf for failure Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 154/258] memstick: Prevent memstick host from getting runtime suspended during card detection Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 155/258] mmc: sdhci-of-esdhc: Fix timeout checks Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 156/258] mmc: sdhci-omap: " Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 157/258] mmc: sdhci-xenon: " Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 158/258] mmc: jz4740: Get CD/WP GPIOs from descriptors Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 159/258] usb: renesas_usbhs: add support for RZ/G2E Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 160/258] btrfs: harden agaist duplicate fsid on scanned devices Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 161/258] btrfs: reada: reorder dev-replace locks before radix tree preload Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 162/258] serial: sh-sci: Fix locking in sci_submit_rx() Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 163/258] serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 164/258] tty: serial: samsung: Properly set flags in autoCTS mode Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 165/258] perf test: Fix perf_event_attr test failure Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 166/258] perf dso: Fix unchecked usage of strncpy() Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 167/258] perf header: " Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 168/258] btrfs: use tagged writepage to mitigate livelock of snapshot Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 169/258] perf probe: Fix unchecked usage of strncpy() Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 170/258] i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E) Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 171/258] bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 172/258] KVM: s390: unregister debug feature on failing arch init Sasha Levin
2019-01-28 15:57 ` [PATCH AUTOSEL 4.19 173/258] tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 174/258] livepatch: check kzalloc return values Sasha Levin
2019-01-28 17:28   ` Miroslav Benes
2019-01-28 18:12     ` Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 175/258] arm64: KVM: Skip MMIO insn after emulation Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 176/258] usb: musb: dsps: fix otg state machine Sasha Levin
2019-01-28 17:07   ` Bin Liu
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 177/258] usb: musb: dsps: fix runtime pm for peripheral mode Sasha Levin
2019-01-28 17:09   ` Bin Liu
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 178/258] perf header: Fix up argument to ctime() Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 179/258] perf tools: Cast off_t to s64 to avoid warning on bionic libc Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 180/258] percpu: convert spin_lock_irq to spin_lock_irqsave Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 181/258] tools uapi asm: Update asm-generic/unistd.h copy Sasha Levin
2019-01-28 16:56   ` Arnd Bergmann
2019-02-02 17:30     ` Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 182/258] net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data() Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 183/258] drm/amd/display: Add retry to read ddc_clock pin Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 184/258] Bluetooth: hci_bcm: Handle deferred probing for the clock supply Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 185/258] drm/amd/display: fix YCbCr420 blank color Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 186/258] powerpc/uaccess: fix warning/error with access_ok() Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 187/258] mac80211: fix radiotap vendor presence bitmap handling Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 188/258] xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 189/258] mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 190/258] scsi: smartpqi: correct host serial num for ssa Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 191/258] scsi: smartpqi: correct volume status Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 192/258] scsi: smartpqi: increase fw status register read timeout Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 193/258] cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 194/258] net: hns3: add max vector number check for pf Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 195/258] powerpc/perf: Fix thresholding counter data for unknown type Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 196/258] iwlwifi: mvm: fix setting HE ppe FW config Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 197/258] powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 198/258] mlx5: update timecounter at least twice per counter overflow Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 199/258] drbd: narrow rcu_read_lock in drbd_sync_handshake Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 200/258] drbd: disconnect, if the wrong UUIDs are attached on a connected peer Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 201/258] drbd: skip spurious timeout (ping-timeo) when failing promote Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 202/258] drbd: Avoid Clang warning about pointless switch statment Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 203/258] drm/amd/display: validate extended dongle caps Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 204/258] video: clps711x-fb: release disp device node in probe() Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 205/258] md: fix raid10 hang issue caused by barrier Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 206/258] fbdev: fbmem: behave better with small rotated displays and many CPUs Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 207/258] i40e: define proper net_device::neigh_priv_len Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 208/258] ice: Do not enable NAPI on q_vectors that have no rings Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 209/258] igb: Fix an issue that PME is not enabled during runtime suspend Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 210/258] ACPI/APEI: Clear GHES block_status before panic() Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 211/258] fbdev: fbcon: Fix unregister crash when more than one framebuffer Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 212/258] powerpc/mm: Fix reporting of kernel execute faults on the 8xx Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 213/258] pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 214/258] pinctrl: meson: meson8b: " Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 215/258] KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 216/258] powerpc/fadump: Do not allow hot-remove memory from fadump reserved area Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 217/258] kvm: Change offset in kvm_write_guest_offset_cached to unsigned Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 218/258] NFS: nfs_compare_mount_options always compare auth flavors Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 219/258] perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 220/258] hwmon: (lm80) fix a missing check of the status of SMBus read Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 221/258] hwmon: (lm80) fix a missing check of bus read in lm80 probe Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 222/258] seq_buf: Make seq_buf_puts() null-terminate the buffer Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 223/258] crypto: ux500 - Use proper enum in cryp_set_dma_transfer Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 224/258] crypto: ux500 - Use proper enum in hash_set_dma_transfer Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 225/258] MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 226/258] cifs: check ntwrk_buf_start for NULL before dereferencing it Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 227/258] f2fs: fix use-after-free issue when accessing sbi->stat_info Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 228/258] um: Avoid marking pages with "changed protection" Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 229/258] niu: fix missing checks of niu_pci_eeprom_read Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 230/258] f2fs: fix sbi->extent_list corruption issue Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 231/258] cgroup: fix parsing empty mount option string Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 232/258] perf python: Do not force closing original perf descriptor in evlist.get_pollfd() Sasha Levin
2019-01-28 15:58 ` [PATCH AUTOSEL 4.19 233/258] scripts/decode_stacktrace: only strip base path when a prefix of the path Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 234/258] arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 235/258] mm/page_owner: clamp read count to PAGE_SIZE Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 236/258] ocfs2: don't clear bh uptodate for block read Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 237/258] ocfs2: improve ocfs2 Makefile Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 238/258] mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 239/258] zram: fix lockdep warning of free block handling Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 240/258] isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 241/258] gdrom: fix a memory leak bug Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 242/258] fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 243/258] block/swim3: Fix -EBUSY error when re-opening device after unmount Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 244/258] thermal: bcm2835: enable hwmon explicitly Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 245/258] kdb: Don't back trace on a cpu that didn't round up Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 246/258] PCI: imx: Enable MSI from downstream components Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 247/258] thermal: generic-adc: Fix adc to temp interpolation Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 248/258] bpf: fix check_map_access smin_value test when pointer contains offset Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 249/258] HID: lenovo: Add checks to fix of_led_classdev_register Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 250/258] arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 251/258] fs/proc/base.c: use ns_capable instead of capable for timerslack_ns Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 252/258] kernel/hung_task.c: break RCU locks based on jiffies Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 253/258] proc/sysctl: fix return error for proc_doulongvec_minmax() Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 254/258] kernel/hung_task.c: force console verbose before panic Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 255/258] fs/epoll: drop ovflist branch prediction Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 256/258] exec: load_script: don't blindly truncate shebang string Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 257/258] kernel/kcov.c: mark write_comp_data() as notrace Sasha Levin
2019-01-28 15:59 ` [PATCH AUTOSEL 4.19 258/258] scripts/gdb: fix lx-version string output Sasha Levin

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).