commit 14260788bbb9c94b0e36abc17294266b69dd46e4 Author: Greg Kroah-Hartman Date: Sun Nov 24 08:21:09 2019 +0100 Linux 4.19.86 commit 2e1f151cd2d9d18fa7e444270e882916574ab8ba Author: Reinette Chatre Date: Mon Dec 10 14:31:13 2018 -0800 x86/resctrl: Fix rdt_find_domain() return value and checks [ Upstream commit 52eb74339a6233c69f4e3794b69ea7c98eeeae1b ] rdt_find_domain() returns an ERR_PTR() that is generated from a provided domain id when the value is negative. Care needs to be taken when creating an ERR_PTR() from this value because a subsequent check using IS_ERR() expects the error to be within the MAX_ERRNO range. Using an invalid domain id as an ERR_PTR() does work at this time since this is currently always -1. Using this undocumented assumption is fragile since future users of rdt_find_domain() may not be aware of thus assumption. Two related issues are addressed: - Ensure that rdt_find_domain() always returns a valid error value by forcing the error to be -ENODEV when a negative domain id is provided. - In a few instances the return value of rdt_find_domain() is just checked for NULL - fix these to include a check of ERR_PTR. Fixes: d89b7379015f ("x86/intel_rdt/cqm: Add mon_data") Fixes: 521348b011d6 ("x86/intel_rdt: Introduce utility to obtain CDP peer") Signed-off-by: Reinette Chatre Signed-off-by: Borislav Petkov Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Thomas Gleixner Cc: Tony Luck Cc: fenghua.yu@intel.com Cc: gavin.hindman@intel.com Cc: jithu.joseph@intel.com Cc: x86-ml Link: https://lkml.kernel.org/r/b88cd4ff6a75995bf8db9b0ea546908fe50f69f3.1544479852.git.reinette.chatre@intel.com Signed-off-by: Sasha Levin commit d64b58520670b91e0606e0864e2df66f319b5711 Author: Takeshi Saito Date: Wed May 15 20:23:46 2019 +0200 mmc: tmio: fix SCC error handling to avoid false positive CRC error [ Upstream commit 51b72656bb39fdcb8f3174f4007bcc83ad1d275f ] If an SCC error occurs during a read/write command execution, a false positive CRC error message is output. mmcblk0: response CRC error sending r/w cmd command, card status 0x900 check_scc_error() checks SCC_RVSREQ.RVSERR bit. RVSERR detects a correction error in the next (up or down) delay tap position. However, since the command is successful, only retuning needs to be executed. This has been confirmed by HW engineers. Thus, on SCC error, set retuning flag instead of setting an error code. Fixes: b85fb0a1c8ae ("mmc: tmio: Fix SCC error detection") Signed-off-by: Takeshi Saito [wsa: updated comment and commit message, removed some braces] Signed-off-by: Wolfram Sang Reviewed-by: Simon Horman Reviewed-by: Yoshihiro Shimoda Cc: stable@vger.kernel.org Signed-off-by: Ulf Hansson Signed-off-by: Sasha Levin commit e2a37708cfca2e9815fc9a2456263b4fbbcfc367 Author: Michael Ellerman Date: Wed Oct 17 23:39:41 2018 +1100 powerpc/time: Fix clockevent_decrementer initalisation for PR KVM [ Upstream commit b4d16ab58c41ff0125822464bdff074cebd0fe47 ] In the recent commit 8b78fdb045de ("powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer") we changed the way we initialise the decrementer clockevent(s). We no longer initialise the mult & shift values of decrementer_clockevent itself. This has the effect of breaking PR KVM, because it uses those values in kvmppc_emulate_dec(). The symptom is guest kernels spin forever mid-way through boot. For now fix it by assigning back to decrementer_clockevent the mult and shift values. Fixes: 8b78fdb045de ("powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer") Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin commit ff36ace6c107a3abe90f08e1712650a207eb7327 Author: Alan Mikhak Date: Thu May 23 14:18:00 2019 -0700 tools: PCI: Fix broken pcitest compilation [ Upstream commit 8a5e0af240e07dd3d4897eb8ff52aab757da7fab ] pcitest is currently broken due to the following compiler error and related warning. Fix by changing the run_test() function signature to return an integer result. pcitest.c: In function run_test: pcitest.c:143:9: warning: return with a value, in function returning void return (ret < 0) ? ret : 1 - ret; /* return 0 if test succeeded */ pcitest.c: In function main: pcitest.c:232:9: error: void value not ignored as it ought to be return run_test(test); Fixes: fef31ecaaf2c ("tools: PCI: Fix compilation warnings") Signed-off-by: Alan Mikhak Signed-off-by: Lorenzo Pieralisi Reviewed-by: Paul Walmsley Signed-off-by: Sasha Levin commit 4039b5dd0f6712c9c4e7ea4e4199c75f52a9ccbb Author: Enric Balletbo i Serra Date: Wed Mar 13 13:22:53 2019 +0100 PM / devfreq: Fix static checker warning in try_then_request_governor [ Upstream commit b53b0128052ffd687797d5f4deeb76327e7b5711 ] The patch 23c7b54ca1cd: "PM / devfreq: Fix devfreq_add_device() when drivers are built as modules." leads to the following static checker warning: drivers/devfreq/devfreq.c:1043 governor_store() warn: 'governor' can also be NULL The reason is that the try_then_request_governor() function returns both error pointers and NULL. It should just return error pointers, so fix this by returning a ERR_PTR to the error intead of returning NULL. Fixes: 23c7b54ca1cd ("PM / devfreq: Fix devfreq_add_device() when drivers are built as modules.") Reported-by: Dan Carpenter Signed-off-by: Enric Balletbo i Serra Reviewed-by: Chanwoo Choi Signed-off-by: MyungJoo Ham Signed-off-by: Sasha Levin commit 903cfafe087452e080cea6e30439e7052d1198b6 Author: Hans de Goede Date: Thu Apr 18 13:39:33 2019 +0200 ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate [ Upstream commit c8afd03486c26accdda4846e5561aa3f8e862a9d ] Commit 48402cee6889 ("ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq") makes acpi_lpss_{suspend_late,resume_early}() bail early on BYT/CHT as resume_from_noirq is set. This means that on resume from hibernate dw_i2c_plat_resume() doesn't get called by the restore_early callback, acpi_lpss_resume_early(). Instead it should be called by the restore_noirq callback matching how things are done when resume_from_noirq is set and we are doing a regular resume. Change the restore_noirq callback to acpi_lpss_resume_noirq so that dw_i2c_plat_resume() gets properly called when resume_from_noirq is set and we are resuming from hibernate. Likewise also change the poweroff_noirq callback so that dw_i2c_plat_suspend gets called properly. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202139 Fixes: 48402cee6889 ("ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq") Reported-by: Kai-Heng Feng Signed-off-by: Hans de Goede Cc: 4.20+ # 4.20+ Signed-off-by: Rafael J. Wysocki Signed-off-by: Sasha Levin commit 6491a2d26c0878d6063eda2c0ace1b24d6b2dba5 Author: Yuchung Cheng Date: Mon Oct 1 15:42:32 2018 -0700 tcp: start receiver buffer autotuning sooner [ Upstream commit 041a14d2671573611ffd6412bc16e2f64469f7fb ] Previously receiver buffer auto-tuning starts after receiving one advertised window amount of data. After the initial receiver buffer was raised by patch a337531b942b ("tcp: up initial rmem to 128KB and SYN rwin to around 64KB"), the reciver buffer may take too long to start raising. To address this issue, this patch lowers the initial bytes expected to receive roughly the expected sender's initial window. Fixes: a337531b942b ("tcp: up initial rmem to 128KB and SYN rwin to around 64KB") Signed-off-by: Yuchung Cheng Signed-off-by: Wei Wang Signed-off-by: Neal Cardwell Signed-off-by: Eric Dumazet Reviewed-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit ef0811ef95eada7b647509fde410f4ce5777d033 Author: Roger Quadros Date: Wed Dec 5 19:27:44 2018 +0200 ARM: dts: omap5: Fix dual-role mode on Super-Speed port [ Upstream commit a763ecc15d0e37c3a15ff6825183061209832685 ] OMAP5's Super-Speed USB port has a software mailbox register that needs to be fed with VBUS and ID events from an external VBUS/ID comparator. Without this, Host role will not work correctly. Fixes: 656c1a65ab55 ("ARM: dts: omap5: enable OTG role for DWC3 controller") Reported-by: H. Nikolaus Schaller Signed-off-by: Roger Quadros Signed-off-by: Tony Lindgren Signed-off-by: Sasha Levin commit 183f9ae8c4d2207448e55b6cb6a730799f33d289 Author: Ido Schimmel Date: Thu Oct 11 07:47:52 2018 +0000 mlxsw: spectrum_switchdev: Check notification relevance based on upper device [ Upstream commit 5050f6ae253ad1307af3486c26fc4f94287078b7 ] VxLAN FDB updates are sent with the VxLAN device which is not our upper and will therefore be ignored by current code. Solve this by checking whether the upper device (bridge) is our upper. Signed-off-by: Ido Schimmel Reviewed-by: Petr Machata Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 16ad1c43196abaee09a696cd99c78ba35f9c49c1 Author: Huibin Hong Date: Wed Oct 10 11:00:32 2018 +0200 spi: rockchip: initialize dma_slave_config properly [ Upstream commit dd8fd2cbc73f8650f651da71fc61a6e4f30c1566 ] The rxconf and txconf structs are allocated on the stack, so make sure we zero them before filling out the relevant fields. Signed-off-by: Huibin Hong Signed-off-by: Emil Renner Berthing Signed-off-by: Mark Brown Signed-off-by: Sasha Levin commit f28abe5a36951f3e6262a815967fd4f5db3280a8 Author: Felix Fietkau Date: Sat Oct 6 19:35:05 2018 +0200 mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode [ Upstream commit 972b66b86f85f4e8201db454f4c3e9d990cf9836 ] Long/short preamble selection cannot be sampled separately, since it depends on the BSS state. Because of that, sampling attempts to currently not used preamble modes are not counted in the statistics, which leads to CCK rates being sampled too often. Fix statistics accounting for long/short preamble by increasing the index where necessary. Fix excessive CCK rate sampling by dropping unsupported sample attempts. This improves throughput on 2.4 GHz channels Signed-off-by: Felix Fietkau Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin commit 83ea4ccdb9eb4e559a147681a97559d395239fdb Author: Felix Fietkau Date: Sat Oct 6 19:35:04 2018 +0200 mac80211: minstrel: fix CCK rate group streams value [ Upstream commit 80df9be67c44cb636bbc92caeddad8caf334c53c ] Fixes a harmless underflow issue when CCK rates are actively being used Signed-off-by: Felix Fietkau Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin commit 8bbedf4dffe98629bfa1ead73bc0171d1fb372b7 Author: Felix Fietkau Date: Sat Oct 6 19:35:03 2018 +0200 mac80211: minstrel: fix using short preamble CCK rates on HT clients [ Upstream commit 37439f2d6e43ae79e22be9be159f0af157468f82 ] mi->supported[MINSTREL_CCK_GROUP] needs to be updated short preamble rates need to be marked as supported regardless of whether it's currently enabled. Its state can change at any time without a rate_update call. Fixes: 782dda00ab8e ("mac80211: minstrel_ht: move short preamble check out of get_rate") Signed-off-by: Felix Fietkau Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin commit 5d017065cec9b946e709ec18ae2a59594ee94736 Author: zhong jiang Date: Thu Oct 4 13:02:53 2018 +0800 misc: cxl: Fix possible null pointer dereference [ Upstream commit 3dac3583bf1a61db6aaf31dfd752c677a4400afd ] It is not safe to dereference an object before a null test. It is not needed and just remove them. Ftrace can be used instead. Signed-off-by: zhong jiang Acked-by: Andrew Donnellan Acked-by: Frederic Barrat Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin commit 9089b2f0049e12a826c1440869ffd8a1b39d0116 Author: Pablo Neira Ayuso Date: Tue Oct 9 20:06:36 2018 +0200 netfilter: nft_compat: do not dump private area [ Upstream commit d701d8117200399d85e63a737d2e4e897932f3b6 ] Zero pad private area, otherwise we expose private kernel pointer to userspace. This patch also zeroes the tail area after the ->matchsize and ->targetsize that results from XT_ALIGN(). Fixes: 0ca743a55991 ("netfilter: nf_tables: add compatibility layer for x_tables") Reported-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin commit e6c540bf97860b1256ea623f4257743ea22268df Author: Eric Dumazet Date: Tue Oct 9 15:20:50 2018 -0700 net: sched: avoid writing on noop_qdisc [ Upstream commit f98ebd47fd0da1717267ce1583a105d8cc29a16a ] While noop_qdisc.gso_skb and noop_qdisc.skb_bad_txq are not used in other places, it seems not correct to overwrite their fields in dev_init_scheduler_queue(). noop_qdisc is essentially a shared and read-only object, even if it is not marked as const because of some implementation detail. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit b80939a47413c08e1756e437c435e57ffe4b87d9 Author: Petr Machata Date: Mon Oct 8 18:50:41 2018 +0000 selftests: forwarding: Have lldpad_app_wait_set() wait for unknown, too [ Upstream commit 372809055f6c830ff978564e09f58bcb9e9b937c ] Immediately after mlxsw module is probed and lldpad started, added APP entries are briefly in "unknown" state before becoming "pending". That's the state that lldpad_app_wait_set() typically sees, and since there are no pending entries at that time, it bails out. However the entries have not been pushed to the kernel yet at that point, and thus the test case fails. Fix by waiting for both unknown and pending entries to disappear before proceeding. Fixes: d159261f3662 ("selftests: mlxsw: Add test for trust-DSCP") Signed-off-by: Petr Machata Signed-off-by: Ido Schimmel Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit a119952d4be6ed23c9951e1abbf32e3652ca4add Author: Kun Yi Date: Mon Oct 8 14:49:25 2018 -0700 hwmon: (npcm-750-pwm-fan) Change initial pwm target to 255 [ Upstream commit f21c8e753b1dcb8f9e5b096db1f7f4e6fdfa7258 ] Change initial PWM target to 255 to prevent overheating, for example when BMC hangs in userspace or when userspace fan control application is not implemented yet. Signed-off-by: Kun Yi Signed-off-by: Guenter Roeck Signed-off-by: Sasha Levin commit 4bbc8deedd89665e9c31290a9e74337a917c6006 Author: Nicolin Chen Date: Sat Sep 29 14:44:06 2018 -0700 hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros [ Upstream commit 791ebc9d34e9d212fc03742c31654b017d385926 ] The three INA3221_CONFIG_MODE macros are not correctly defined here. The MODE3-1 bits are located at BIT 2-0 according to the datasheet. So this patch just fixes them by shifting all of them with a correct offset. However, this isn't a crital bug fix as the driver does not use any of them at this point. Signed-off-by: Nicolin Chen Signed-off-by: Guenter Roeck Signed-off-by: Sasha Levin commit 5bdad12ab21185a9be10bdc73156a784cebb5158 Author: Thierry Reding Date: Fri Sep 21 12:10:47 2018 +0200 hwmon: (pwm-fan) Silence error on probe deferral [ Upstream commit 9f67f7583e77fe5dc57aab3a6159c2642544eaad ] Probe deferrals aren't actual errors, so silence the error message in case the PWM cannot yet be acquired. Signed-off-by: Thierry Reding Signed-off-by: Guenter Roeck Signed-off-by: Sasha Levin commit 0cb6525b75e1c668adeeb4d1e8eba7732a429ac2 Author: Guenter Roeck Date: Wed Sep 19 21:52:49 2018 -0700 hwmon: (nct6775) Fix names of DIMM temperature sources [ Upstream commit 3be8c9d103534fadc72b3e174613f37aa19fa423 ] For NCT6795D and NCT6796D, the DIMM temperature sources are named "Agent[01] Dimm [01]" per datasheet. Match names in datasheets to avoid confusion. Signed-off-by: Guenter Roeck Signed-off-by: Sasha Levin commit a58d5770493cb624a08ed0f9c8a974363580244a Author: Guenter Roeck Date: Sun Sep 2 12:02:53 2018 -0700 hwmon: (k10temp) Support all Family 15h Model 6xh and Model 7xh processors [ Upstream commit 53dfa0088edd2e2793afa21488532b12eb2dae48 ] BIOS developer guides refer to Family 15h Models 60h-6fh and Family 15h Models 70h-7fh. So far the driver only checked for Models 60h and 70h. However, there are now processors with other model numbers in the same families. Example is A10-9620P family 15h model 65h. Follow the developer guides and mask the lower 4 bit of the model number to determine the registers to use for reading temperatures and temperature limits. Reported-by: Guglielmo Fanini Cc: Guglielmo Fanini Acked-by: Clemens Ladisch Signed-off-by: Guenter Roeck Signed-off-by: Sasha Levin commit 1301b861cf50ba0758a01da5b3920561e700367b Author: Colin Ian King Date: Mon Oct 1 00:03:07 2018 +0100 scsi: arcmsr: clean up clang warning on extraneous parentheses [ Upstream commit ca2ade24157693b4e533ccec69df00ef719d4aad ] There are extraneous parantheses that are causing clang to produce a warning so remove these. Clean up 3 clang warnings: equality comparison with extraneous parentheses [-Wparentheses-equality] Signed-off-by: Colin Ian King Acked-by: Ching Huang Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin commit b0c75ea8d3721be15ca5328e587983202c859edf Author: Linus Walleij Date: Wed Oct 10 20:39:18 2018 +0200 pinctrl: gemini: Fix up TVC clock group [ Upstream commit a85c928f6a7856a09e47d9b37faa3407c7ac6a8e ] The previous fix made the TVC clock get muxed in on the D-Link DIR-685 instead of giving nagging warnings of this not working. Not good. We didn't want that, as it breaks video. Create a specific group for the TVC CLK, and break out a specific GPIO group for it on the SL3516 so we can use that line as GPIO if we don't need the TVC CLK. Fixes: d17f477c5bc6 ("pinctrl: gemini: Mask and set properly") Signed-off-by: Linus Walleij Signed-off-by: Sasha Levin commit 2a6c8fc0af645d0565be50dfb21860387ae04247 Author: Colin Ian King Date: Wed Sep 5 15:54:01 2018 +0100 orangefs: rate limit the client not running info message [ Upstream commit 2978d873471005577e7b68a528b4f256a529b030 ] Currently accessing various /sys/fs/orangefs files will spam the kernel log with the following info message when the client is not running: [ 491.489284] sysfs_service_op_show: Client not running :-5: Rate limit this info message to make it less spammy. Signed-off-by: Colin Ian King Signed-off-by: Mike Marshall Signed-off-by: Sasha Levin commit 336793832f2669ca2ab9f33f0c2fe5ea15ff4137 Author: Thomas Gleixner Date: Mon Oct 8 21:53:48 2018 +0200 x86/mm: Do not warn about PCI BIOS W+X mappings [ Upstream commit c200dac78fec66d87ef262cac38cfe4feabdf737 ] PCI BIOS requires the BIOS area 0x0A0000-0x0FFFFFF to be mapped W+X for various legacy reasons. When CONFIG_DEBUG_WX is enabled, this triggers the WX warning, but this is misleading because the mapping is required and is not a result of an accidental oversight. Prevent the full warning when PCI BIOS is enabled and the detected WX mapping is in the BIOS area. Just emit a pr_warn() which denotes the fact. This is partially duplicating the info which the PCI BIOS code emits when it maps the area as executable, but that info is not in the context of the WX checking output. Remove the extra %p printout in the WARN_ONCE() while at it. %pS is enough. Reported-by: Paul Menzel Signed-off-by: Thomas Gleixner Tested-by: Borislav Petkov Cc: Joerg Roedel Cc: Kees Cook Cc: Bjorn Helgaas Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1810082151160.2455@nanos.tec.linutronix.de Signed-off-by: Sasha Levin commit 1eeb7407d23300db0b70ef853130e178c992c8cd Author: Timothy E Baldwin Date: Mon Oct 8 19:26:48 2018 +0100 ARM: 8802/1: Call syscall_trace_exit even when system call skipped [ Upstream commit f18aef742c8fbd68e280dff0a63ba0ca6ee8ad85 ] On at least x86 and ARM64, and as documented in the ptrace man page a skipped system call will still cause a syscall exit ptrace stop. Previous to this commit 32-bit ARM did not, resulting in strace being confused when seccomp skips system calls. This change also impacts programs that use ptrace to skip system calls. Fixes: ad75b51459ae ("ARM: 7579/1: arch/allow a scno of -1 to not cause a SIGILL") Signed-off-by: Timothy E Baldwin Signed-off-by: Eugene Syromyatnikov Reviewed-by: Kees Cook Tested-by: Kees Cook Tested-by: Eugene Syromyatnikov Signed-off-by: Russell King Signed-off-by: Sasha Levin commit e616dd603c296b88561ee394e30f6d2445960521 Author: Trent Piepho Date: Thu Sep 20 19:18:34 2018 +0000 spi: spidev: Fix OF tree warning logic [ Upstream commit 605b3bec73cbd74b4ac937b580cd0b47d1300484 ] spidev will make a big fuss if a device tree node binds a device by using "spidev" as the node's compatible property. However, the logic for this isn't looking for "spidev" in the compatible, but rather checking that the device is NOT compatible with spidev's list of devices. This causes a false positive if a device not named "rohm,dh2228fv", etc. binds to spidev, even if a means other than putting "spidev" in the device tree was used. E.g., the sysfs driver_override attribute. Signed-off-by: Trent Piepho Reviewed-by: Jan Kundrát Tested-by: Jan Kundrát Reviewed-by: Geert Uytterhoeven Signed-off-by: Mark Brown Signed-off-by: Sasha Levin commit 4fabd2e530ab503ce404adff32f977bd5b68f73b Author: Linus Walleij Date: Tue Oct 9 10:11:53 2018 +0200 pinctrl: gemini: Mask and set properly [ Upstream commit d17f477c5bc6b4a5dd9f51ae263870da132a8e89 ] The code was written under the assumption that the regmap_update_bits() would mask the bits in the mask and set the bits in the value. It missed the points that it will not set bits in the value unless these are also masked in the mask. Set value bits that are not in the mask will simply be ignored. Fixes: 06351d133dea ("pinctrl: add a Gemini SoC pin controller") Signed-off-by: Linus Walleij Signed-off-by: Sasha Levin commit 8aa36b8a7684eb616807631e27b96494110a5102 Author: Hieu Tran Dang Date: Tue Oct 2 18:06:36 2018 +0700 spi: fsl-lpspi: Prevent FIFO under/overrun by default [ Upstream commit de8978c388c66b8fca192213ec9f0727e964c652 ] Certain devices don't work well when a transmit FIFO underrun or receive FIFO overrun occurs. Example is the SAF400x radio chip when running at high speed which leads to garbage being sent to/received from the chip. In which case, it should stall waiting for further data to be available before proceeding. This patch unset the NOSTALL bit in CFGR1 by default to prevent this issue. Signed-off-by: Hieu Tran Dang Signed-off-by: Mark Brown Signed-off-by: Sasha Levin commit 07ed61a0a711bf7b2c91041a332ec5a4035689cb Author: Marek Vasut Date: Thu Oct 4 00:52:52 2018 +0200 gpio: syscon: Fix possible NULL ptr usage [ Upstream commit 70728c29465bc4bfa7a8c14304771eab77e923c7 ] The priv->data->set can be NULL while flags contains GPIO_SYSCON_FEAT_OUT and chip->set is valid pointer. This happens in case the controller uses the default GPIO setter. Always use chip->set to access the setter to avoid possible NULL pointer dereferencing. Signed-off-by: Marek Vasut Signed-off-by: Linus Walleij Signed-off-by: Sasha Levin commit 312de5a09d10d15984082b5c3e9e5e358386f51a Author: Jesper Dangaard Brouer Date: Tue Oct 9 12:04:43 2018 +0200 net: fix generic XDP to handle if eth header was mangled [ Upstream commit 2972495699320229b55b8e5065a310be5c81485b ] XDP can modify (and resize) the Ethernet header in the packet. There is a bug in generic-XDP, because skb->protocol and skb->pkt_type are setup before reaching (netif_receive_)generic_xdp. This bug was hit when XDP were popping VLAN headers (changing eth->h_proto), as skb->protocol still contains VLAN-indication (ETH_P_8021Q) causing invocation of skb_vlan_untag(skb), which corrupt the packet (basically popping the VLAN again). This patch catch if XDP changed eth header in such a way, that SKB fields needs to be updated. V2: on request from Song Liu, use ETH_HLEN instead of mac_len, in __skb_push() as eth_type_trans() use ETH_HLEN in paired skb_pull_inline(). Fixes: d445516966dc ("net: xdp: support xdp generic on virtual devices") Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Alexei Starovoitov Signed-off-by: Sasha Levin commit 014045888a74981dbf085163216af84bb2a0c60c Author: Wenwen Wang Date: Sun Oct 7 15:23:15 2018 -0500 bpf: btf: Fix a missing check bug [ Upstream commit 8af03d1ae2e154a8be3631e8694b87007e1bdbc2 ] In btf_parse_hdr(), the length of the btf data header is firstly copied from the user space to 'hdr_len' and checked to see whether it is larger than 'btf_data_size'. If yes, an error code EINVAL is returned. Otherwise, the whole header is copied again from the user space to 'btf->hdr'. However, after the second copy, there is no check between 'btf->hdr->hdr_len' and 'hdr_len' to confirm that the two copies get the same value. Given that the btf data is in the user space, a malicious user can race to change the data between the two copies. By doing so, the user can provide malicious data to the kernel and cause undefined behavior. This patch adds a necessary check after the second copy, to make sure 'btf->hdr->hdr_len' has the same value as 'hdr_len'. Otherwise, an error code EINVAL will be returned. Signed-off-by: Wenwen Wang Acked-by: Song Liu Signed-off-by: Alexei Starovoitov Signed-off-by: Sasha Levin commit 85f996c36e1531ac7a199137728c02438c8dd82d Author: Bjorn Helgaas Date: Thu Sep 27 09:21:55 2018 -0500 x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error [ Upstream commit 51fbf14f2528a8c6401290e37f1c893a2412f1d3 ] The only use of KEXEC_BACKUP_SRC_END is as an argument to walk_system_ram_res(): int crash_load_segments(struct kimage *image) { ... walk_system_ram_res(KEXEC_BACKUP_SRC_START, KEXEC_BACKUP_SRC_END, image, determine_backup_region); walk_system_ram_res() expects "start, end" arguments that are inclusive, i.e., the range to be walked includes both the start and end addresses. KEXEC_BACKUP_SRC_END was previously defined as (640 * 1024UL), which is the first address *past* the desired 0-640KB range. Define KEXEC_BACKUP_SRC_END as (640 * 1024UL - 1) so the KEXEC_BACKUP_SRC region is [0-0x9ffff], not [0-0xa0000]. Fixes: dd5f726076cc ("kexec: support for kexec on panic using new system call") Signed-off-by: Bjorn Helgaas Signed-off-by: Borislav Petkov CC: "H. Peter Anvin" CC: Andrew Morton CC: Brijesh Singh CC: Greg Kroah-Hartman CC: Ingo Molnar CC: Lianbo Jiang CC: Takashi Iwai CC: Thomas Gleixner CC: Tom Lendacky CC: Vivek Goyal CC: baiyaowei@cmss.chinamobile.com CC: bhe@redhat.com CC: dan.j.williams@intel.com CC: dyoung@redhat.com CC: kexec@lists.infradead.org Link: http://lkml.kernel.org/r/153805811578.1157.6948388946904655969.stgit@bhelgaas-glaptop.roam.corp.google.com Signed-off-by: Sasha Levin commit 3f4f4c639f2930bf658cddef4ebac5b2b96417d5 Author: Zhoujie Wu Date: Tue Oct 9 13:12:14 2018 +0200 lightnvm: pblk: consider max hw sectors supported for max_write_pgs [ Upstream commit 8a57fc3823d08edb1661a06d9e0a8c2365ac561e ] When do GC, the number of read/write sectors are determined by max_write_pgs(see gc_rq preparation in pblk_gc_line_prepare_ws). Due to max_write_pgs doesn't consider max hw sectors supported by nvme controller(128K), which leads to GC tries to read 64 * 4K in one command, and see below error caused by pblk_bio_map_addr in function pblk_submit_read_gc. [ 2923.005376] pblk: could not add page to bio [ 2923.005377] pblk: could not allocate GC bio (18446744073709551604) Signed-off-by: Zhoujie Wu Reviewed-by: Javier González Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit d4ab0df8d5dd109e75adf3382a9e118551c50945 Author: Wei Yongjun Date: Tue Oct 9 13:12:13 2018 +0200 lightnvm: pblk: fix error handling of pblk_lines_init() [ Upstream commit a70985f83c625a5eaf618be81621e5e4521a66c6 ] In the too many bad blocks error handling case, we should release all the allocated resources, otherwise it will cause memory leak. Fixes: 2deeefc02dff ("lightnvm: pblk: fail gracefully on line alloc. failure") Signed-off-by: Wei Yongjun Reviewed-by: Hans Holmberg Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit cdf73455471adec2886e3ec884141ee5558f3c3b Author: Javier González Date: Tue Oct 9 13:12:12 2018 +0200 lightnvm: do no update csecs and sos on 1.2 [ Upstream commit 6fd05cad5ee1290b276dd8ed90a1e019b1fa577a ] 1.2 devices exposes their data and metadata size through the separate identify command. Make sure that the NVMe LBA format does not override these values. Signed-off-by: Javier González Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 1fb60da4d736124797f45e55a4db7e787c52f549 Author: Javier González Date: Tue Oct 9 13:12:11 2018 +0200 lightnvm: pblk: guarantee mw_cunits on read buffer [ Upstream commit d672d92d9c433c365fd6cdb4da1c02562b5f1178 ] OCSSD 2.0 defines the amount of data that the host must buffer per chunk to guarantee reads through the geometry field mw_cunits. This value is the base that pblk uses to determine the size of its read buffer. Currently, this size is set to be the closes power-of-2 to mw_cunits times the number of parallel units available to the pblk instance for each open line (currently one). When an entry (4KB) is put in the buffer, the L2P table points to it. As the buffer wraps up, the L2P is updated to point to addresses on the device, thus guaranteeing mw_cunits at a chunk level. However, given that pblk cannot write to the device under ws_min (normally ws_opt), there might be a window in which the buffer starts wrapping up and updating L2P entries before the mw_cunits value in a chunk has been surpassed. In order not to violate the mw_cunits constrain in this case, account for ws_opt on the read buffer creation. Signed-off-by: Javier González Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 1e9796622bc73a8b917ca12111534df747fe0e9d Author: Hans Holmberg Date: Tue Oct 9 13:11:50 2018 +0200 lightnvm: pblk: fix write amplificiation calculation [ Upstream commit 765462fa4c4d0fd3eb718f2ba14cb04c35219854 ] When the user data counter exceeds 32 bits, the write amplification calculation does not provide the right value. Fix this by using div64_u64 in stead of div64. Fixes: 76758390f83e ("lightnvm: pblk: export write amplification counters to sysfs") Signed-off-by: Hans Holmberg Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit d56fe8f59a236845ed3c90deba063780282ec2ba Author: Javier González Date: Tue Oct 9 13:11:45 2018 +0200 lightnvm: pblk: guarantee emeta on line close [ Upstream commit 9cc85bc761f83da41935cdd6edcdb7c122bc90bf ] If a line is recovered from open chunks, the memory structures for emeta have not necessarily been properly set on line initialization. When closing a line, make sure that emeta is consistent so that the line can be recovered on the fast path on next reboot. Also, remove a couple of empty lines at the end of the function. Signed-off-by: Javier González Signed-off-by: Matias Bjørling Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit c7e49f73152f246925285814a8b7dee5abbe944f Author: Matias Bjørling Date: Tue Oct 9 13:11:38 2018 +0200 lightnvm: pblk: fix incorrect min_write_pgs [ Upstream commit 8bbd45d02a118cbefdf4e1a6274bd965a6aa3c59 ] The calculation of pblk->min_write_pgs should only use the optimal write size attribute provided by the drive, it does not correlate to the memory page size of the system, which can be smaller or larger than the LBA size reported. Signed-off-by: Matias Bjørling Reviewed-by: Javier González Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit ced6b5dae1dcfc451926890a91dafcd958464ce6 Author: Matias Bjørling Date: Tue Oct 9 13:11:33 2018 +0200 lightnvm: pblk: fix rqd.error return value in pblk_blk_erase_sync [ Upstream commit 4b5d56edb8fc565c5db029aecaea598eadfba7f6 ] rqd.error is masked by the return value of pblk_submit_io_sync. The rqd structure is then passed on to the end_io function, which assumes that any error should lead to a chunk being marked offline/bad. Since the pblk_submit_io_sync can fail before the command is issued to the device, the error value maybe not correspond to a media failure, leading to chunks being immaturely retired. Also, the pblk_blk_erase_sync function prints an error message in case the erase fails. Since the caller prints an error message by itself, remove the error message in this function. Signed-off-by: Matias Bjørling Reviewed-by: Javier González Reviewed-by: Hans Holmberg Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit e99956093f7018d243a04b73b90af65c020b6095 Author: Connor McAdams Date: Mon Oct 8 15:40:00 2018 -0400 ALSA: hda/ca0132 - Fix input effect controls for desktop cards [ Upstream commit 7a2dc84fc480aec4f8f96e152327423014edf668 ] This patch removes the echo cancellation control for desktop cards, and makes use of the special 0x47 SCP command for noise reduction. Signed-off-by: Connor McAdams Reviewed-by: Takashi Sakamoto Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin commit 9c30ea2dda5dcd061bc1e8546ea64d50600db357 Author: Vikash Garodia Date: Mon Oct 8 07:09:04 2018 -0400 media: venus: vdec: fix decoded data size [ Upstream commit ce32c0a530bd955206fe45c2eff77e581202d699 ] Existing code returns the max of the decoded size and buffer size. It turns out that buffer size is always greater due to hardware alignment requirement. As a result, payload size given to client is incorrect. This change ensures that the bytesused is assigned to actual payload size, when available. Signed-off-by: Vikash Garodia Acked-by: Stanimir Varbanov Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 5b388c45c3e57ff597d666ad3f84d848a18237f2 Author: Colin Ian King Date: Sat Oct 6 14:01:42 2018 -0400 media: cx231xx: fix potential sign-extension overflow on large shift [ Upstream commit 32ae592036d7aeaabcccb2b1715373a68639a768 ] Shifting the u8 value[3] by an int can lead to sign-extension overflow. For example, if value[3] is 0xff and the shift is 24 then it is promoted to int and then the top bit is sign-extended so that all upper 32 bits are set. Fix this by casting value[3] to a u32 before the shift. Detected by CoverityScan, CID#1016522 ("Unintended sign extension") Fixes: e0d3bafd0258 ("V4L/DVB (10954): Add cx231xx USB driver") Signed-off-by: Colin Ian King Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 4d7cf69b77ce77fecb25464439237a5dfe513e2f Author: Tim Smith Date: Mon Oct 8 12:15:40 2018 -0500 GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads [ Upstream commit 1eb8d7387908022951792a46fa040ad3942b3b08 ] Flushing the workqueue can cause operations to happen which might call gfs2_log_reserve(), or get stuck waiting for locks taken by such operations. gfs2_log_reserve() can io_schedule(). If this happens, it will never wake because the only thing which can wake it is gfs2_logd() which was already stopped. This causes umount of a gfs2 filesystem to wedge permanently if, for example, the umount immediately follows a large delete operation. When this occured, the following stack trace was obtained from the umount command [] flush_workqueue+0x1c8/0x520 [] gfs2_make_fs_ro+0x69/0x160 [gfs2] [] gfs2_put_super+0xa9/0x1c0 [gfs2] [] generic_shutdown_super+0x6f/0x100 [] kill_block_super+0x27/0x70 [] gfs2_kill_sb+0x71/0x80 [gfs2] [] deactivate_locked_super+0x3b/0x70 [] deactivate_super+0x59/0x60 [] cleanup_mnt+0x58/0x80 [] __cleanup_mnt+0x12/0x20 [] task_work_run+0x7d/0xa0 [] exit_to_usermode_loop+0x73/0x98 [] syscall_return_slowpath+0x41/0x50 [] int_ret_from_sys_call+0x25/0x8f [] 0xffffffffffffffff Signed-off-by: Tim Smith Signed-off-by: Mark Syms Signed-off-by: Bob Peterson Signed-off-by: Sasha Levin commit 1adde6589b4af8a010eeef2170165856edbc6d9a Author: Wenwen Wang Date: Thu Oct 4 11:44:02 2018 -0400 media: isif: fix a NULL pointer dereference bug [ Upstream commit a26ac6c1bed951b2066cc4b2257facd919e35c0b ] In isif_probe(), there is a while loop to get the ISIF base address and linearization table0 and table1 address. In the loop body, the function platform_get_resource() is called to get the resource. If platform_get_resource() returns NULL, the loop is terminated and the execution goes to 'fail_nobase_res'. Suppose the loop is terminated at the first iteration because platform_get_resource() returns NULL and the execution goes to 'fail_nobase_res'. Given that there is another while loop at 'fail_nobase_res' and i equals to 0, one iteration of the second while loop will be executed. However, the second while loop does not check the return value of platform_get_resource(). This can cause a NULL pointer dereference bug if the return value is a NULL pointer. This patch avoids the above issue by adding a check in the second while loop after the call to platform_get_resource(). Signed-off-by: Wenwen Wang Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 3404019d6d0f4c0108b77d44e97e2e39ca937e6f Author: He Zhe Date: Sun Sep 30 00:45:53 2018 +0800 printk: Give error on attempt to set log buffer length to over 2G [ Upstream commit e6fe3e5b7d16e8f146a4ae7fe481bc6e97acde1e ] The current printk() is ready to handle log buffer size up to 2G. Give an explicit error for users who want to use larger log buffer. Also fix printk formatting to show the 2G as a positive number. Link: http://lkml.kernel.org/r/20181008135916.gg4kkmoki5bgtco5@pathway.suse.cz Cc: rostedt@goodmis.org Cc: linux-kernel@vger.kernel.org Suggested-by: Sergey Senozhatsky Signed-off-by: He Zhe Reviewed-by: Sergey Senozhatsky [pmladek: Fixed to the really safe limit 2GB.] Signed-off-by: Petr Mladek Signed-off-by: Sasha Levin commit b2d6db3e572a87d5c31605619679a07b60e0c76c Author: Vignesh R Date: Sat Jun 30 16:03:16 2018 +0530 mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable [ Upstream commit c974ac771479327b5424f60d58845e31daddadea ] If a child device like touchscreen is wakeup capable, then keep ADC interface on, so that a touching resistive screen will generate wakeup event to the system. Signed-off-by: Vignesh R Signed-off-by: Lee Jones Signed-off-by: Sasha Levin commit b0c6a78a8a5a8da442c8b42b6f362972b76e3ff9 Author: Nathan Chancellor Date: Fri Sep 21 13:21:31 2018 -0700 backlight: lm3639: Unconditionally call led_classdev_unregister [ Upstream commit 7cea645ae9c5a54aa7904fddb2cdf250acd63a6c ] Clang warns that the address of a pointer will always evaluated as true in a boolean context. drivers/video/backlight/lm3639_bl.c:403:14: warning: address of 'pchip->cdev_torch' will always evaluate to 'true' [-Wpointer-bool-conversion] if (&pchip->cdev_torch) ~~ ~~~~~~~^~~~~~~~~~ drivers/video/backlight/lm3639_bl.c:405:14: warning: address of 'pchip->cdev_flash' will always evaluate to 'true' [-Wpointer-bool-conversion] if (&pchip->cdev_flash) ~~ ~~~~~~~^~~~~~~~~~ 2 warnings generated. These statements have been present since 2012, introduced by commit 0f59858d5119 ("backlight: add new lm3639 backlight driver"). Given that they have been called unconditionally since then presumably without any issues, removing the always true if statements to fix the warnings without any real world changes. Link: https://github.com/ClangBuiltLinux/linux/issues/119 Signed-off-by: Nathan Chancellor Reviewed-by: Daniel Thompson Signed-off-by: Lee Jones Signed-off-by: Sasha Levin commit 94764e3ae569573903af9ea8201073eb96cb4d64 Author: Borislav Petkov Date: Mon Oct 8 10:05:20 2018 +0200 proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted() [ Upstream commit cf089611f4c446285046fcd426d90c18f37d2905 ] Lianbo reported a build error with a particular 32-bit config, see Link below for details. Provide a weak copy_oldmem_page_encrypted() function which architectures can override, in the same manner other functionality in that file is supplied. Reported-by: Lianbo Jiang Signed-off-by: Borislav Petkov CC: x86@kernel.org Link: http://lkml.kernel.org/r/710b9d95-2f70-eadf-c4a1-c3dc80ee4ebb@redhat.com Signed-off-by: Sasha Levin commit e78c55ad66571aa6803478b3f4b6379dc18cc137 Author: Vasily Gorbik Date: Fri Nov 17 17:20:28 2017 +0100 s390/kasan: avoid user access code instrumentation [ Upstream commit b6cbe3e8bdff6f21f1b58b08a55f479cdcf98282 ] Kasan instrumentation adds "store" check for variables marked as modified by inline assembly. With user pointers containing addresses from another address space this produces false positives. static inline unsigned long clear_user_xc(void __user *to, ...) { asm volatile( ... : "+a" (to) ... User space access functions are wrapped by manually instrumented functions in kasan common code, which should be sufficient to catch errors. So, we just disable uaccess.o instrumentation altogether. Reviewed-by: Martin Schwidefsky Signed-off-by: Vasily Gorbik Signed-off-by: Martin Schwidefsky Signed-off-by: Sasha Levin commit ef5ad4f11e74262692bc194ab28f3dd7ae5e465c Author: Vasily Gorbik Date: Fri Nov 17 13:10:33 2017 +0100 s390/kasan: avoid instrumentation of early C code [ Upstream commit 0a9b40911baffac6fc9cc2d88e893585870a97f7 ] Instrumented C code cannot run without the kasan shadow area. Exempt source code files from kasan which are running before / used during kasan initialization. Reviewed-by: Martin Schwidefsky Signed-off-by: Vasily Gorbik Signed-off-by: Martin Schwidefsky Signed-off-by: Sasha Levin commit 5228d07c4f92995486ed64e8c3feec300455e584 Author: Vasily Gorbik Date: Fri Nov 17 13:02:36 2017 +0100 s390/kasan: avoid vdso instrumentation [ Upstream commit 348498458505e202df41b6b9a78da448d39298b7 ] vdso is mapped into user space processes, which won't have kasan shodow mapped. Reviewed-by: Martin Schwidefsky Signed-off-by: Vasily Gorbik Signed-off-by: Martin Schwidefsky Signed-off-by: Sasha Levin commit 0046af383099432b44348050400178838b6380fc Author: Ludovic Barre Date: Mon Oct 8 14:08:44 2018 +0200 mmc: mmci: expand startbiterr to irqmask and error check [ Upstream commit daf9713c5ef8c3ffb0bdf7de11b53b2b2756c4f1 ] All variants don't pretend to have a startbiterr. -While data error check, if status register return an error (like MCI_DATACRCFAIL) we must avoid to check MCI_STARTBITERR (if not desired). -expand start_err to MCI_IRQENABLE to avoid to set this bit by default. Signed-off-by: Ludovic Barre Signed-off-by: Ulf Hansson Signed-off-by: Sasha Levin commit 322f530fd9597e594d183da3d78fdaf88d2fcd84 Author: Reinette Chatre Date: Wed Oct 3 15:17:02 2018 -0700 x86/intel_rdt: CBM overlap should also check for overlap with CDP peer [ Upstream commit e5f3530c391105fdd6174852e3ea6136d073b45a ] The CBM overlap test is used to manage the allocations of RDT resources where overlap is possible between resource groups. When a resource group is in exclusive mode then there should be no overlap between resource groups. The current overlap test only considers overlap between the same resources, for example, that usage of a RDT_RESOURCE_L2DATA resource in one resource group does not overlap with usage of a RDT_RESOURCE_L2DATA resource in another resource group. The problem with this is that it allows overlap between a RDT_RESOURCE_L2DATA resource in one resource group with a RDT_RESOURCE_L2CODE resource in another resource group - even if both resource groups are in exclusive mode. This is a problem because even though these appear to be different resources they end up sharing the same underlying hardware and thus does not fulfill the user's request for exclusive use of hardware resources. Fix this by including the CDP peer (if there is one) in every CBM overlap test. This does not impact the overlap between resources within the same exclusive resource group that is allowed. Fixes: 49f7b4efa110 ("x86/intel_rdt: Enable setting of exclusive mode") Reported-by: Jithu Joseph Signed-off-by: Reinette Chatre Signed-off-by: Thomas Gleixner Tested-by: Jithu Joseph Acked-by: Fenghua Yu Cc: tony.luck@intel.com Cc: gavin.hindman@intel.com Cc: dave.hansen@intel.com Cc: hpa@zytor.com Link: https://lkml.kernel.org/r/e538b7f56f7ca15963dce2e00ac3be8edb8a68e1.1538603665.git.reinette.chatre@intel.com Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin commit 36cf91317ca9c988480b4d7a7c7898762dd8fe9a Author: Reinette Chatre Date: Wed Oct 3 15:17:01 2018 -0700 x86/intel_rdt: Introduce utility to obtain CDP peer [ Upstream commit 521348b011d64cf3febb10b64ba5b472681bef94 ] Introduce a utility that, when provided with a RDT resource and an instance of this RDT resource (a RDT domain), would return pointers to the RDT resource and RDT domain that share the same hardware. This is specific to the CDP resources that share the same hardware. For example, if a pointer to the RDT_RESOURCE_L2DATA resource (struct rdt_resource) and a pointer to an instance of this resource (struct rdt_domain) is provided, then it will return a pointer to the RDT_RESOURCE_L2CODE resource as well as the specific instance that shares the same hardware as the provided rdt_domain. This utility is created in support of the "exclusive" resource group mode where overlap of resource allocation between resource groups need to be avoided. The overlap test need to consider not just the matching resources, but also the resources that share the same hardware. Temporarily mark it as unused in support of patch testing to avoid compile warnings until it is used. Fixes: 49f7b4efa110 ("x86/intel_rdt: Enable setting of exclusive mode") Signed-off-by: Reinette Chatre Signed-off-by: Thomas Gleixner Tested-by: Jithu Joseph Acked-by: Fenghua Yu Cc: tony.luck@intel.com Cc: gavin.hindman@intel.com Cc: dave.hansen@intel.com Cc: hpa@zytor.com Link: https://lkml.kernel.org/r/9b4bc4d59ba2e903b6a3eb17e16ef41a8e7b7c3e.1538603665.git.reinette.chatre@intel.com Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin commit f9a2a8b8a5d4a84438e84b32424e262046a9cc3d Author: Yogesh Gaur Date: Wed Jun 13 11:39:18 2018 +0530 mtd: devices: m25p80: Make sure WRITE_EN is issued before each write [ Upstream commit 3baa8ec88c2feb902328e59a4dcf0f0aaab7d2ff ] Some SPI controllers can't write nor->page_size bytes in a single step because their TX FIFO is too small, but when that happens we should make sure a WRITE_EN command before each write access and READ_SR command after each write access is issued. The core is already taking care of that, so all we have to do here is return the actual number of bytes that were written during the spi_mem_exec_op() operation. Signed-off-by: Yogesh Gaur Signed-off-by: Boris Brezillon Signed-off-by: Sasha Levin commit 6664533b4fc1cf0117495f2fcebc8f4b22da83a5 Author: Nathan Chancellor Date: Tue Sep 25 00:32:03 2018 -0700 mtd: spi-nor: cadence-quadspi: Use proper enum for dma_[un]map_single [ Upstream commit 900f5e0d8c9edc5dacc57873d22aee2ae699a8e1 ] Clang warns when one enumerated type is converted implicitly to another. drivers/mtd/spi-nor/cadence-quadspi.c:962:47: warning: implicit conversion from enumeration type 'enum dma_transfer_direction' to different enumeration type 'enum dma_data_direction' [-Wenum-conversion] dma_dst = dma_map_single(nor->dev, buf, len, DMA_DEV_TO_MEM); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~ ./include/linux/dma-mapping.h:428:66: note: expanded from macro 'dma_map_single' ~~~~~~~~~~~~~~~~~~~~ ^ drivers/mtd/spi-nor/cadence-quadspi.c:997:43: warning: implicit conversion from enumeration type 'enum dma_transfer_direction' to different enumeration type 'enum dma_data_direction' [-Wenum-conversion] dma_unmap_single(nor->dev, dma_dst, len, DMA_DEV_TO_MEM); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~ ./include/linux/dma-mapping.h:429:70: note: expanded from macro 'dma_unmap_single' ~~~~~~~~~~~~~~~~~~~~~~ ^ 2 warnings generated. Use the proper enums from dma_data_direction to satisfy Clang. DMA_FROM_DEVICE = DMA_DEV_TO_MEM = 2 Link: https://github.com/ClangBuiltLinux/linux/issues/108 Signed-off-by: Nathan Chancellor Signed-off-by: Boris Brezillon Signed-off-by: Sasha Levin commit 370dbbc7b5cb4cff1cd1afbb4e8dbdcf77374d26 Author: Nathan Chancellor Date: Mon Oct 1 11:21:11 2018 -0400 media: cx18: Don't check for address of video_dev [ Upstream commit eb1ca9a428fdc3f98be4898f6cd8bcb803878619 ] Clang warns that the address of a pointer will always evaluated as true in a boolean context. drivers/media/pci/cx18/cx18-driver.c:1255:23: warning: address of 'cx->streams[i].video_dev' will always evaluate to 'true' [-Wpointer-bool-conversion] if (&cx->streams[i].video_dev) ~~ ~~~~~~~~~~~~~~~^~~~~~~~~ 1 warning generated. Check whether v4l2_dev is null, not the address, so that the statement doesn't fire all the time. This check has been present since 2009, introduced by commit 21a278b85d3c ("V4L/DVB (11619): cx18: Simplify the work handler for outgoing mailbox commands") Reported-by: Nick Desaulniers Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 76765353043b2496ca1054a4c0557180d98855d6 Author: Sakari Ailus Date: Fri Oct 5 17:20:09 2018 -0400 media: dw9807-vcm: Fix probe error handling [ Upstream commit 9e5b5081fa117ae34eca94b63b1cb6d43dc28f10 ] v4l2_async_unregister_subdev() may not be called without v4l2_async_register_subdev() being called first. Fix this. Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 96134bbea649a44f166c65f40ff155fff6abdf11 Author: Rajmohan Mani Date: Fri Oct 5 12:22:17 2018 -0400 media: dw9714: Fix error handling in probe function [ Upstream commit f9a0b14240a2d0bd196d35e8aac73df6eabd6382 ] Fixed the case where v4l2_async_unregister_subdev() is called unnecessarily in the error handling path in probe function. Signed-off-by: Rajmohan Mani Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 2103ebde9ac0fd1ae9efd08784778340902e2a3b Author: Nathan Chancellor Date: Tue Sep 25 22:21:15 2018 -0700 platform/x86: mlx-platform: Properly use mlxplat_mlxcpld_msn201x_items [ Upstream commit 8289c4b6f2e53750de78bd38cecb6bce4d7a988c ] Clang warns that mlxplat_mlxcpld_msn201x_items is not going to be emitted in the final assembly because it's only used in ARRAY_SIZE right now, which is a compile time evaluation since the array's size is known. drivers/platform/x86/mlx-platform.c:555:32: warning: variable 'mlxplat_mlxcpld_msn201x_items' is not needed and will not be emitted [-Wunneeded-internal-declaration] static struct mlxreg_core_item mlxplat_mlxcpld_msn201x_items[] = { ^ 1 warning generated. It appears this was a copy and paste mistake from when this item was first added. Use the definition in mlxplat_mlxcpld_msn201x_data so that Clang no longer warns. Link: https://github.com/ClangBuiltLinux/linux/issues/141 Fixes: a49a41482f61 ("platform/x86: mlx-platform: Add support for new msn201x system type") Signed-off-by: Nathan Chancellor Acked-by: Vadim Pasternak Signed-off-by: Andy Shevchenko Signed-off-by: Sasha Levin commit 04d38fa8436b8e6df1c5d35709d3cae4485d66a9 Author: Shenghui Wang Date: Mon Oct 8 20:41:15 2018 +0800 bcache: recal cached_dev_sectors on detach [ Upstream commit 46010141da6677b81cc77f9b47f8ac62bd1cbfd3 ] Recal cached_dev_sectors on cached_dev detached, as recal done on cached_dev attached. Update the cached_dev_sectors before bcache_device_detach called as bcache_device_detach will set bcache_device->c to NULL. Signed-off-by: Shenghui Wang Signed-off-by: Coly Li Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 65910055b56077cd54277a115d5ff67469c21683 Author: Shenghui Wang Date: Mon Oct 8 20:41:07 2018 +0800 bcache: account size of buckets used in uuid write to ca->meta_sectors_written [ Upstream commit 7a55948d38eb9b274cbbdd56dc1dd4b96ebfbe04 ] UUIDs are considered as metadata. __uuid_write should add the number of buckets (in sectors) written to disk to ca->meta_sectors_written. Currently only 1 bucket is used in uuid write. Steps to test: 1) create a fresh backing device and a fresh cache device separately. The backing device didn't attach to any cache set. 2) cd /sys/block//bcache cat metadata_written // record the output value cat bucket_size 3) attach the backing device to cache set 4) cat metadata_written The output value is almost the same as the value in step 2 before the change. After the change, the value is bigger about 1 bucket size. Signed-off-by: Shenghui Wang Reviewed-by: Tang Junhui Signed-off-by: Coly Li Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 16c2d36b11239b0f8f03818764d7c94aa4abd542 Author: Geert Uytterhoeven Date: Mon Oct 8 13:14:35 2018 +0200 reset: Fix potential use-after-free in __of_reset_control_get() [ Upstream commit b790c8ea5593d6dc3580adfad8e117eeb56af874 ] Calling of_node_put() decreases the reference count of a device tree object, and may free some data. However, the of_phandle_args structure embedding it is passed to reset_controller_dev.of_xlate() after that, so it may still be accessed. Move the call to of_node_put() down to fix this. Signed-off-by: Geert Uytterhoeven [p.zabel@pengutronix.de: moved of_node_put after mutex_unlock] Signed-off-by: Philipp Zabel Signed-off-by: Sasha Levin commit 84b787e35482b871046349c3a9b237aaa0980169 Author: Randy Dunlap Date: Mon Oct 8 12:57:36 2018 +0200 fbdev: fix broken menu dependencies [ Upstream commit aae3394ef0ef90cf00a21133357448385f13a5d4 ] The framebuffer options and devices menu is unintentionally split or broken because some items in it do not depend on FB (including several under omap and mmp). Fix this by moving FB_CMDLINE, FB_NOTIFY, and FB_CLPS711X_OLD to just before the FB Kconfig symbol definition and by moving the omap, omap2, and mmp menus to last, following FB_SM712. Also, the FB_VIA dependencies are duplicated by both being inside an "if FB_VIA/endif" block and "depends on FB_VIA", so drop the "depends on FB_VIA" lines since they are redundant. Fixes: ea6763c104c9 ("video/fbdev: Always built-in video= cmdline parsing") Fixes: 5ec9653806ba ("fbdev: Make fb-notify a no-op if CONFIG_FB=n") Fixes: ef74d46a4ef3 ("video: clps711x: Add new Cirrus Logic CLPS711X framebuffer driver") Signed-off-by: Randy Dunlap Cc: Ezequiel Garcia Cc: Daniel Vetter Cc: Alexander Shiyan Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Sasha Levin commit 21bb43c0dd8662a9b56d9063f3ae9c4bd885fdf1 Author: Dan Carpenter Date: Mon Oct 8 12:57:36 2018 +0200 fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() [ Upstream commit e5017716adb8aa5c01c52386c1b7470101ffe9c5 ] The "index + count" addition can overflow. Both come directly from the user. This bug leads to an information leak. Signed-off-by: Dan Carpenter Cc: Peter Malone Cc: Philippe Ombredanne Cc: Mathieu Malaterre Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Sasha Levin commit e57ba9db8c5fe16229a0f56d41ffe63f3076f4b9 Author: Dan Carpenter Date: Mon Oct 8 12:57:36 2018 +0200 fbdev: sbuslib: use checked version of put_user() [ Upstream commit d8bad911e5e55e228d59c0606ff7e6b8131ca7bf ] I'm not sure why the code assumes that only the first put_user() needs an access_ok() check. I have made all the put_user() and get_user() calls checked. Signed-off-by: Dan Carpenter Cc: Philippe Ombredanne Cc: Mathieu Malaterre Cc: Peter Malone , Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Sasha Levin commit 964cd867ef63d82d3f59a7be17a113bb35699f37 Author: Sam Ravnborg Date: Mon Oct 8 12:57:35 2018 +0200 atmel_lcdfb: support native-mode display-timings [ Upstream commit 60e5e48dba72c6b59a7a9c7686ba320766913368 ] When a device tree set a display-timing using native-mode then according to the bindings doc this should: native-mode: The native mode for the display, in case multiple modes are provided. When omitted, assume the first node is the native. The atmel_lcdfb used the last timing subnode and did not respect the timing mode specified with native-mode. Introduce use of of_get_videomode() which allowed a nice simplification of the code while also added support for native-mode. As a nice side-effect this fixes a memory leak where the data used for timings and the display_np was not freed. Signed-off-by: Sam Ravnborg Cc: Nicolas Ferre Cc: Alexandre Belloni Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Sasha Levin commit a3a76b5d22f0685de55648aef99ca248b99f85c2 Author: Niklas Söderlund Date: Thu Sep 13 16:47:08 2018 +0200 mmc: renesas_sdhi_internal_dmac: set scatter/gather max segment size [ Upstream commit 54541815b43f4e49c82628bf28bbb31d86d2f58a ] Fix warning when running with CONFIG_DMA_API_DEBUG_SG=y by allocating a device_dma_parameters structure and filling in the max segment size. The size used is the result of a discussion with Renesas hardware engineers and unfortunately not found in the datasheet. renesas_sdhi_internal_dmac ee140000.sd: DMA-API: mapping sg segment longer than device claims to support [len=126976] [max=65536] Reported-by: Geert Uytterhoeven Signed-off-by: Niklas Söderlund [wsa: simplified some logic after validating intended dma_parms life cycle and added comment] Signed-off-by: Wolfram Sang Signed-off-by: Ulf Hansson Signed-off-by: Sasha Levin commit e8853ef02e2d9460d272a07ec6a7d4d5fcd3c825 Author: Masaharu Hayakawa Date: Thu Aug 30 01:32:07 2018 +0200 mmc: tmio: Fix SCC error detection [ Upstream commit b85fb0a1c8aeaaa40d08945d51a6656b512173f0 ] SDR104, HS200 and HS400 need to check for SCC error. If SCC error is detected, retuning is necessary. Signed-off-by: Masaharu Hayakawa [Niklas: update commit message] Signed-off-by: Niklas Söderlund Reviewed-by: Wolfram Sang Tested-by: Wolfram Sang Signed-off-by: Ulf Hansson Signed-off-by: Sasha Levin commit 01395b5f089b10bd355b962b9ca95f225a402125 Author: Fabrizio Castro Date: Tue Aug 14 13:34:33 2018 +0100 mmc: renesas_sdhi_internal_dmac: Whitelist r8a774a1 [ Upstream commit 2e1501a8bdd49eaa0e967c0ad00e9dcd68d0b30f ] We need r8a774a1 to be whitelisted for SDHI to work on the RZ/G2M, but we don't care about the revision of the SoC, so just whitelist the generic part number. Signed-off-by: Fabrizio Castro Reviewed-by: Biju Das Reviewed-by: Simon Horman Reviewed-by: Wolfram Sang Signed-off-by: Ulf Hansson Signed-off-by: Sasha Levin commit 500c933055e7ecb211554bf4e11b730ecc5199d6 Author: Andy Lutomirski Date: Tue Sep 18 16:08:52 2018 -0700 x86/fsgsbase/64: Fix ptrace() to read the FS/GS base accurately [ Upstream commit 07e1d88adaaeab247b300926f78cc3f950dbeda3 ] On 64-bit kernels ptrace can read the FS/GS base using the register access APIs (PTRACE_PEEKUSER, etc.) or PTRACE_ARCH_PRCTL. Make both of these mechanisms return the actual FS/GS base. This will improve debuggability by providing the correct information to ptracer such as GDB. [ chang: Rebased and revised patch description. ] [ mingo: Revised the changelog some more. ] Signed-off-by: Andy Lutomirski Signed-off-by: Chang S. Bae Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Dave Hansen Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Markus T Metzger Cc: Peter Zijlstra Cc: Ravi Shankar Cc: Rik van Riel Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1537312139-5580-2-git-send-email-chang.seok.bae@intel.com Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin commit b17ddbdc603576a25f4d50eeed13b3c100a10db9 Author: Björn Töpel Date: Fri Oct 5 13:25:15 2018 +0200 xsk: proper AF_XDP socket teardown ordering [ Upstream commit 541d7fdd7694560404c502f64298a90ffe017e6b ] The AF_XDP socket struct can exist in three different, implicit states: setup, bound and released. Setup is prior the socket has been bound to a device. Bound is when the socket is active for receive and send. Released is when the process/userspace side of the socket is released, but the sock object is still lingering, e.g. when there is a reference to the socket in an XSKMAP after process termination. The Rx fast-path code uses the "dev" member of struct xdp_sock to check whether a socket is bound or relased, and the Tx code uses the struct xdp_umem "xsk_list" member in conjunction with "dev" to determine the state of a socket. However, the transition from bound to released did not tear the socket down in correct order. On the Rx side "dev" was cleared after synchronize_net() making the synchronization useless. On the Tx side, the internal queues were destroyed prior removing them from the "xsk_list". This commit corrects the cleanup order, and by doing so xdp_del_sk_umem() can be simplified and one synchronize_net() can be removed. Fixes: 965a99098443 ("xsk: add support for bind for Rx") Fixes: ac98d8aab61b ("xsk: wire upp Tx zero-copy functions") Reported-by: Jesper Dangaard Brouer Signed-off-by: Björn Töpel Acked-by: Song Liu Signed-off-by: Daniel Borkmann Signed-off-by: Sasha Levin commit 29fda86178fece824d9c29b86f39925b02a04af5 Author: Sara Sharon Date: Sun Jul 1 14:52:06 2018 +0300 iwlwifi: mvm: don't send keys when entering D3 [ Upstream commit 8c7fd6a365eb5b2647b2c01918730d0a485b9f85 ] In the past, we needed to program the keys when entering D3. This was since we replaced the image. However, now that there is a single image, this is no longer needed. Note that RSC is sent separately in a new command. This solves issues with newer devices that support PN offload. Since driver re-sent the keys, the PN got zeroed and the receiver dropped the next packets, until PN caught up again. Signed-off-by: Sara Sharon Signed-off-by: Luca Coelho Signed-off-by: Sasha Levin commit d43b7b99fe770266e8b968827a2e4aead3135680 Author: Ronald Tschalär Date: Sun Sep 30 19:53:13 2018 -0700 ACPI / SBS: Fix rare oops when removing modules [ Upstream commit 757c968c442397f1249bb775a7c8c03842e3e0c7 ] There was a small race when removing the sbshc module where smbus_alarm() had queued acpi_smbus_callback() for deferred execution but it hadn't been run yet, so that when it did run hc had been freed and the module unloaded, resulting in an invalid paging request. A similar race existed when removing the sbs module with regards to acpi_sbs_callback() (which is called from acpi_smbus_callback()). We therefore need to ensure no callbacks are pending or executing before the cleanups are done and the modules are removed. Signed-off-by: Ronald Tschalär Signed-off-by: Rafael J. Wysocki Signed-off-by: Sasha Levin commit 7f02606367b3aecf1c365d3f076ae643c90fdb8d Author: Li RongQing Date: Sun Oct 7 10:22:42 2018 +0800 xfrm: use correct size to initialise sp->ovec [ Upstream commit f1193e915748291fb205a908db33bd3debece6e2 ] This place should want to initialize array, not a element, so it should be sizeof(array) instead of sizeof(element) but now this array only has one element, so no error in this condition that XFRM_MAX_OFFLOAD_DEPTH is 1 Signed-off-by: Li RongQing Signed-off-by: Steffen Klassert Signed-off-by: Sasha Levin commit 6b9c4eddb3bebde1c1ae229fdce876fb82205920 Author: Radu Solea Date: Tue Oct 2 19:01:52 2018 +0000 crypto: mxs-dcp - Fix AES issues [ Upstream commit fadd7a6e616b89c7f4f7bfa7b824f290bab32c3c ] The DCP driver does not obey cryptlen, when doing android CTS this results in passing to hardware input stream lengths which are not multiple of block size. Add a check to prevent future erroneous stream lengths from reaching the hardware and adjust the scatterlist walking code to obey cryptlen. Also properly copy-out the IV for chaining. Signed-off-by: Radu Solea Signed-off-by: Franck LENORMAND Signed-off-by: Leonard Crestez Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin commit 70ecd0459d0397229b907f3c193687245b2d7743 Author: Radu Solea Date: Tue Oct 2 19:01:50 2018 +0000 crypto: mxs-dcp - Fix SHA null hashes and output length [ Upstream commit c709eebaf5c5faa8a0f140355f9cfe67e8f7afb1 ] DCP writes at least 32 bytes in the output buffer instead of hash length as documented. Add intermediate buffer to prevent write out of bounds. When requested to produce null hashes DCP fails to produce valid output. Add software workaround to bypass hardware and return valid output. Signed-off-by: Radu Solea Signed-off-by: Leonard Crestez Signed-off-by: Herbert Xu Signed-off-by: Sasha Levin commit fef30612e23c3836b38be79bd283db1c2f7dbff8 Author: Wolfram Sang Date: Fri Sep 14 17:43:28 2018 +0200 dmaengine: rcar-dmac: set scatter/gather max segment size [ Upstream commit 97d49c59e219acac576e16293a6b8cb99302f62f ] Fix warning when running with CONFIG_DMA_API_DEBUG_SG=y by allocating a device_dma_parameters structure and filling in the max segment size. Signed-off-by: Wolfram Sang Signed-off-by: Vinod Koul Signed-off-by: Sasha Levin commit af23231acaf6d6990f67bcf9c84196bbd1c25b29 Author: Borislav Petkov Date: Fri Oct 5 15:13:07 2018 +0200 x86/olpc: Fix build error with CONFIG_MFD_CS5535=m [ Upstream commit fa112cf1e8bc693d5a666b1c479a2859c8b6e0f1 ] When building a 32-bit config which has the above MFD item as module but OLPC_XO1_PM is enabled =y - which is bool, btw - the kernel fails building with: ld: arch/x86/platform/olpc/olpc-xo1-pm.o: in function `xo1_pm_remove': /home/boris/kernel/linux/arch/x86/platform/olpc/olpc-xo1-pm.c:159: undefined reference to `mfd_cell_disable' ld: arch/x86/platform/olpc/olpc-xo1-pm.o: in function `xo1_pm_probe': /home/boris/kernel/linux/arch/x86/platform/olpc/olpc-xo1-pm.c:133: undefined reference to `mfd_cell_enable' make: *** [Makefile:1030: vmlinux] Error 1 Force MFD_CS5535 to y if OLPC_XO1_PM is enabled. Signed-off-by: Borislav Petkov Cc: Lubomir Rintel Cc: x86@kernel.org Link: http://lkml.kernel.org/r/20181005131750.GA5366@zn.tnic Signed-off-by: Sasha Levin commit 624cd074631a1e300b2a09b687c2c0abf9a50d33 Author: Lianbo Jiang Date: Sun Sep 30 11:10:31 2018 +0800 kexec: Allocate decrypted control pages for kdump if SME is enabled [ Upstream commit 9cf38d5559e813cccdba8b44c82cc46ba48d0896 ] When SME is enabled in the first kernel, it needs to allocate decrypted pages for kdump because when the kdump kernel boots, these pages need to be accessed decrypted in the initial boot stage, before SME is enabled. [ bp: clean up text. ] Signed-off-by: Lianbo Jiang Signed-off-by: Borislav Petkov Reviewed-by: Tom Lendacky Cc: kexec@lists.infradead.org Cc: tglx@linutronix.de Cc: mingo@redhat.com Cc: hpa@zytor.com Cc: akpm@linux-foundation.org Cc: dan.j.williams@intel.com Cc: bhelgaas@google.com Cc: baiyaowei@cmss.chinamobile.com Cc: tiwai@suse.de Cc: brijesh.singh@amd.com Cc: dyoung@redhat.com Cc: bhe@redhat.com Cc: jroedel@suse.de Link: https://lkml.kernel.org/r/20180930031033.22110-3-lijiang@redhat.com Signed-off-by: Sasha Levin commit 59e5269c692ee771b6f7b545b751288b9745e36d Author: Sibi Sankar Date: Mon Oct 1 19:55:00 2018 +0530 remoteproc: qcom: q6v5: Fix a race condition on fatal crash [ Upstream commit d3ae96c0e6b042a883927493351b2af6ee05e92c ] Currently with GLINK_SSR enabled each fatal crash results in servicing a crash from wdog as well. This is due to a race that occurs in setting the running flag in the shutdown path. Fix this by moving the running flag to the end of fatal interrupt handler. Crash Logs: qcom-q6v5-pil 4080000.remoteproc: fatal error without message remoteproc remoteproc0: crash detected in 4080000.remoteproc: type fatal error remoteproc remoteproc0: handling crash #1 in 4080000.remoteproc remoteproc remoteproc0: recovering 4080000.remoteproc qcom-q6v5-pil 4080000.remoteproc: watchdog without message remoteproc remoteproc0: crash detected in 4080000.remoteproc: type watchdog remoteproc:glink-edge: intent request timed out qcom_glink_ssr remoteproc:glink-edge.glink_ssr.-1.-1: failed to send cleanup message qcom_glink_ssr remoteproc:glink-edge.glink_ssr.-1.-1: timeout waiting for cleanup done message qcom-q6v5-pil 4080000.remoteproc: timed out on wait qcom-q6v5-pil 4080000.remoteproc: port failed halt remoteproc remoteproc0: stopped remote processor 4080000.remoteproc qcom-q6v5-pil 4080000.remoteproc: MBA booted, loading mpss remoteproc remoteproc0: remote processor 4080000.remoteproc is now up remoteproc remoteproc0: handling crash #2 in 4080000.remoteproc remoteproc remoteproc0: recovering 4080000.remoteproc qcom-q6v5-pil 4080000.remoteproc: port failed halt remoteproc remoteproc0: stopped remote processor 4080000.remoteproc qcom-q6v5-pil 4080000.remoteproc: MBA booted, loading mpss remoteproc remoteproc0: remote processor 4080000.remoteproc is now up Suggested-by: Bjorn Andersson Signed-off-by: Sibi Sankar Signed-off-by: Bjorn Andersson Signed-off-by: Sasha Levin commit 4b8c7bce49caff113c2aa03989ad8b8642cd9a6c Author: Suman Anna Date: Fri Sep 14 19:37:22 2018 -0500 remoteproc: Check for NULL firmwares in sysfs interface [ Upstream commit faeadbb64094757150a8c2a3175ca418dbdd472c ] The remoteproc framework provides a sysfs file 'firmware' for modifying the firmware image name from userspace. Add an additional check to ensure NULL firmwares are errored out right away, rather than getting a delayed error while requesting a firmware during the start of a remoteproc later on. Tested-by: Arnaud Pouliquen Signed-off-by: Suman Anna Signed-off-by: Bjorn Andersson Signed-off-by: Sasha Levin commit e4aecc15d7c4741f72c83bef46f2b69a9cbb73f6 Author: Davide Caratti Date: Thu Oct 4 18:34:38 2018 +0200 tc-testing: fix build of eBPF programs [ Upstream commit cf5eafbfa586d030f9321cee516b91d089e38280 ] rely on uAPI headers in the current kernel tree, rather than requiring the correct version installed on the test system. While at it, group all sections in a single binary and test the 'section' parameter. Reported-by: Lucas Bates Signed-off-by: Davide Caratti Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit d653bd939cb1bb69dc8ea5b51b12626481e85c50 Author: Jian Shen Date: Fri Oct 5 18:03:29 2018 +0100 net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware [ Upstream commit 701a6d6ac78c76083ddb7c6581fdbedd95093e11 ] In revision 0x20, we use vlan id != 0 to check whether a vlan tag has been offloaded, so vlan id 0 is not supported. In revision 0x21, rx buffer descriptor adds two bits to indicate whether one or more vlan tags have been offloaded, so vlan id 0 is valid now. This patch seperates the handle for vlan id 0, add vlan id 0 support for revision 0x21. Fixes: 5b5455a9ed5a ("net: hns3: Add STRP_TAGP field support for hardware revision 0x21") Signed-off-by: Jian Shen Signed-off-by: Salil Mehta Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 3bef7420e129e3fb65e4e8368d61f909c4393786 Author: Laurentiu Tudor Date: Wed Sep 26 16:22:32 2018 +0300 soc: fsl: bman_portals: defer probe after bman's probe [ Upstream commit e0940b34c40e95d1879691d2474d182c57aae0de ] A crash in bman portal probing could not be triggered (as is the case with qman portals) but it does make calls [1] into the bman driver so lets make sure the bman portal probing happens after bman's. [1] bman_p_irqsource_add() (in bman) called by: init_pcfg() called by: bman_portal_probe() Signed-off-by: Laurentiu Tudor Signed-off-by: Li Yang Signed-off-by: Sasha Levin commit 090122baa262e11c778d73547c72e6eab89f84e9 Author: Julian Sax Date: Fri Oct 5 11:48:31 2018 -0700 Input: silead - try firmware reload after unsuccessful resume [ Upstream commit dde27443211062e841806feaf690674b7c3a599f ] A certain silead controller (Chip ID: 0x56810000) loses its firmware after suspend, causing the resume to fail. This patch tries to load the firmware, should a resume error occur and retries the resuming. Signed-off-by: Julian Sax Acked-by: Hans de Goede Signed-off-by: Dmitry Torokhov Signed-off-by: Sasha Levin commit c13b00c39464df49235039f6362a3b0cc4c7b484 Author: Martin Kepplinger Date: Fri Oct 5 11:44:45 2018 -0700 Input: st1232 - set INPUT_PROP_DIRECT property [ Upstream commit 20bbb312079494a406c10c90932e3c80837c9d94 ] This is how userspace checks for touchscreen devices most reliably. Signed-off-by: Martin Kepplinger Signed-off-by: Dmitry Torokhov Signed-off-by: Sasha Levin commit 205ae6b06288a6f08c693003d59cdb9fc6571103 Author: Wolfram Sang Date: Mon Jul 23 22:26:13 2018 +0200 i2c: zx2967: use core to detect 'no zero length' quirk [ Upstream commit e2115ace4196bcd2126446fb874bcfc90cba79be ] And don't reimplement in the driver. Signed-off-by: Wolfram Sang Acked-by: Shawn Guo Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin commit 1698ed9f0e2f959d4eb8b8e1c5e8c7157ff273d8 Author: Wolfram Sang Date: Mon Jul 23 22:26:12 2018 +0200 i2c: tegra: use core to detect 'no zero length' quirk [ Upstream commit c96c0f2683804b710531e7b754dcd02b5ded6d4a ] And don't reimplement in the driver. Signed-off-by: Wolfram Sang Acked-by: Jon Hunter Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin commit d511166558a48fdaa9c40075860c37070f8e3125 Author: Wolfram Sang Date: Mon Jul 23 22:26:10 2018 +0200 i2c: qup: use core to detect 'no zero length' quirk [ Upstream commit de82bb431855580ad659bfed3e858bd9dd12efd0 ] And don't reimplement in the driver. Signed-off-by: Wolfram Sang Reviewed-by: Andy Gross Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin commit e0d9c58c49e6bd4bce67a741dbb0920d4eef6fce Author: Wolfram Sang Date: Mon Jul 23 22:26:08 2018 +0200 i2c: omap: use core to detect 'no zero length' quirk [ Upstream commit f37b2bb6ac3e6ebf855d9d4f05cc6932a8e5b463 ] And don't reimplement in the driver. Signed-off-by: Wolfram Sang Reviewed-by: Grygorii Strashko Acked-by: Tony Lindgren Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin commit f3afad5d1eff57182da425d3488a7497e2093f89 Author: Bob Peterson Date: Thu Oct 4 10:21:07 2018 -0500 gfs2: slow the deluge of io error messages [ Upstream commit b524abcc01483b2ac093cc6a8a2a7375558d2b64 ] When an io error is hit, it calls gfs2_io_error_bh_i for every journal buffer it can't write. Since we changed gfs2_io_error_bh_i recently to withdraw later in the cycle, it sends a flood of errors to the console. This patch checks for the file system already being withdrawn, and if so, doesn't send more messages. It doesn't stop the flood of messages, but it slows it down and keeps it more reasonable. Signed-off-by: Bob Peterson Signed-off-by: Sasha Levin commit 35c8125cbea4b668f87e1286cbbf26d3810e4408 Author: Hans Verkuil Date: Fri Oct 5 08:51:45 2018 -0400 media: cec-gpio: select correct Signal Free Time [ Upstream commit c439d5c1e13dbf66cff53455432f21d4d0536c51 ] If a receive is in progress or starts before the transmit has a chance, then lower the Signal Free Time of the upcoming transmit to no more than CEC_SIGNAL_FREE_TIME_NEW_INITIATOR. This is per the specification requirements. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 58d0a3dbad2b66144e6c8150f0a45807e14c8297 Author: Hugues Fruchet Date: Thu Oct 4 07:21:57 2018 -0400 media: ov5640: fix framerate update [ Upstream commit 0929983e49c81c1d413702cd9b83bb06c4a2555c ] Changing framerate right before streamon had no effect, the new framerate value was taken into account only at next streamon, fix this. Signed-off-by: Hugues Fruchet Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 47dd538e9c445f2e0d91753993ab3ce1e361c972 Author: Rami Rosen Date: Fri Oct 5 00:03:10 2018 +0300 dmaengine: ioat: fix prototype of ioat_enumerate_channels [ Upstream commit f4d34aa8c887a8a2d23ef546da0efa10e3f77241 ] Signed-off-by: Rami Rosen Signed-off-by: Vinod Koul Signed-off-by: Sasha Levin commit 90d73c1cadb8af69fb8805638c29a9af482b46a9 Author: Olga Kornievskaia Date: Thu Oct 4 14:45:00 2018 -0400 NFSv4.x: fix lock recovery during delegation recall [ Upstream commit 44f411c353bf6d98d5a34f8f1b8605d43b2e50b8 ] Running "./nfstest_delegation --runtest recall26" uncovers that client doesn't recover the lock when we have an appending open, where the initial open got a write delegation. Instead of checking for the passed in open context against the file lock's open context. Check that the state is the same. Signed-off-by: Olga Kornievskaia Signed-off-by: Trond Myklebust Signed-off-by: Sasha Levin commit 799c98cba0713ddd91697a2a8fc1d551fb22101a Author: He Zhe Date: Sun Sep 30 00:45:51 2018 +0800 printk: Correct wrong casting [ Upstream commit 51a72ab7372d85c96104e58036f1b49ba11e5d2b ] log_first_seq and console_seq are 64-bit unsigned integers. Correct a wrong casting that might cut off the output. Link: http://lkml.kernel.org/r/1538239553-81805-2-git-send-email-zhe.he@windriver.com Cc: rostedt@goodmis.org Cc: linux-kernel@vger.kernel.org Signed-off-by: He Zhe [sergey.senozhatsky@gmail.com: More descriptive commit message] Reviewed-by: Sergey Senozhatsky Signed-off-by: Petr Mladek Signed-off-by: Sasha Levin commit e7ff1141b60cc2f852621035a1da95e89341911f Author: Florian Fainelli Date: Mon Oct 1 10:43:47 2018 -0700 i2c: brcmstb: Allow enabling the driver on DSL SoCs [ Upstream commit e1eba2ea54a2de0e4c58d87270d25706bb77b844 ] ARCH_BCM_63XX which is used by ARM-based DSL SoCs from Broadcom uses the same controller, make it possible to select the STB driver and update the Kconfig and help text a bit. Signed-off-by: Florian Fainelli Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin commit 8b3e444fe8d0357dc63e3c4178fcfeba4eddc92e Author: Marek Szyprowski Date: Tue Oct 2 13:52:10 2018 +0200 clk: samsung: Use clk_hw API for calling clk framework from clk notifiers [ Upstream commit 1da220e3a5d22fccda0bc8542997abc1d1741268 ] clk_notifier_register() documentation states, that the provided notifier callbacks associated with the notifier must not re-enter into the clk framework by calling any top-level clk APIs. Fix this by replacing clk_get_rate() calls with clk_hw_get_rate(), which is safe in this context. Signed-off-by: Marek Szyprowski Signed-off-by: Sylwester Nawrocki Signed-off-by: Sasha Levin commit 599d5350f1230ef9f25e392303badb551753f17c Author: Joonyoung Shim Date: Mon Sep 24 13:00:56 2018 +0200 clk: samsung: exynos5420: Define CLK_SECKEY gate clock only or Exynos5420 [ Upstream commit d32dd2a1a0f80edad158c9a1ba5f47650d9504a0 ] The bit of GATE_BUS_PERIS1 for CLK_SECKEY is just reserved on exynos5422/5800, not exynos5420. Define gate clk for exynos5420 to handle the bit only on exynos5420. Signed-off-by: Joonyoung Shim [m.szyprow: rewrote commit subject] Signed-off-by: Marek Szyprowski Signed-off-by: Sylwester Nawrocki Signed-off-by: Sasha Levin commit 06da39429640139f19da49162bcd94c27695bd97 Author: Marek Szyprowski Date: Thu Sep 6 18:02:35 2018 +0200 clk: samsung: Use NOIRQ stage for Exynos5433 clocks suspend/resume [ Upstream commit 70da9ee80228e6d98fd68e3c1db124c4461d283c ] SoC clock drivers should suspend after every other drivers in the system, which are using clocks and resume before them. The last stage for calling suspend device callbacks is NOIRQ stage and there exists driver, which use that state (dwmmc-exynos), so Exynos5433 clocks driver should also use it. During the same stage, clocks driver will be always suspended after its clients as a direct result of proper device probe order (deferred probe reorders the suspend call sequence). Signed-off-by: Marek Szyprowski Acked-by: Chanwoo Choi Reviewed-by: Krzysztof Kozlowski Signed-off-by: Sylwester Nawrocki Signed-off-by: Sasha Levin commit fe46630cd2a161d606455644c7fb99f122dd4a07 Author: Sergey Matyukevich Date: Fri Oct 5 10:11:40 2018 +0000 qtnfmac: drop error reports for out-of-bounds key indexes [ Upstream commit 35da3fe63b8647ce3cc52fccdf186a60710815fb ] On disconnect wireless core attempts to remove all the supported keys. Following cfg80211_ops conventions, firmware returns -ENOENT code for the out-of-bound key indexes. This is a normal behavior, so no need to report errors for this case. Signed-off-by: Sergey Matyukevich Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit 4ecc631d975cc218c03449bec04bc79a45a7b711 Author: Sergey Matyukevich Date: Fri Oct 5 10:11:38 2018 +0000 qtnfmac: inform wireless core about supported extended capabilities [ Upstream commit ab1c64a1d349cc7f1090a60ce85a53298e3d371d ] Driver retrieves information about supported extended capabilities from wireless card. However this information is not propagated further to Linux wireless core. Fix this by setting extended capabilities fields of wiphy structure. Signed-off-by: Sergey Matyukevich Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit 28d5342b2ae4df811f6dc35627b5e228e4164c26 Author: Sergey Matyukevich Date: Fri Oct 5 10:11:36 2018 +0000 qtnfmac: pass sgi rate info flag to wireless core [ Upstream commit d5657b709e2a92a0e581109010765d1d485580df ] SGI should be passed to wireless core as a part of rate structure. Otherwise wireless core performs incorrect rate calculation when SGI is enabled in hardware but not reported to host. Signed-off-by: Sergey Matyukevich Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit 5554e47a2946a05452ba726564dceb77637bd884 Author: Igor Mitsyanko Date: Fri Oct 5 10:11:30 2018 +0000 qtnfmac: request userspace to do OBSS scanning if FW can not [ Upstream commit 92246b126ebf66ab1fec9d631df78d7c675b66db ] In case firmware reports that it can not do OBSS scanning for 40MHz 2.4GHz channels itself, tell userpsace to do that instead by setting NL80211_FEATURE_NEED_OBSS_SCAN flag. Signed-off-by: Igor mitsyanko Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit 75a1e8dec421cd675db774b1f819ac896c2e92a8 Author: Chung-Hsien Hsu Date: Thu Sep 27 14:59:49 2018 +0000 brcmfmac: fix full timeout waiting for action frame on-channel tx [ Upstream commit fbf07000960d9c8a13fdc17c6de0230d681c7543 ] The driver sends an action frame down and waits for a completion signal triggered by the received BRCMF_E_ACTION_FRAME_OFF_CHAN_COMPLETE event to continue the process. However, the action frame could be transmitted either on the current channel or on an off channel. For the on-channel case, only BRCMF_E_ACTION_FRAME_COMPLETE event will be received when the frame is transmitted, which make the driver always wait a full timeout duration. This patch has the completion signal be triggered by receiving the BRCMF_E_ACTION_FRAME_COMPLETE event for the on-channel case. This change fixes WFA p2p certification 5.1.19 failure. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Chi-Hsien Lin Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit c01258a2ad7dabec1c291560c828c11f3d3ece2e Author: Chung-Hsien Hsu Date: Thu Sep 27 14:59:44 2018 +0000 brcmfmac: reduce timeout for action frame scan [ Upstream commit edb6d6885bef82d1eac432dbeca9fbf4ec349d7e ] Finding a common channel to send an action frame out is required for some action types. Since a loop with several scan retry is used to find the channel, a short wait time could be considered for each attempt. This patch reduces the wait time from 1500 to 450 msec for each action frame scan. This patch fixes the WFA p2p certification 5.1.20 failure caused by the long action frame send time. Signed-off-by: Chung-Hsien Hsu Signed-off-by: Chi-Hsien Lin Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit 89cf2472a295d29a60aac8b38aec54bc8c928528 Author: Borislav Petkov Date: Thu Oct 4 19:22:27 2018 +0200 cpu/SMT: State SMT is disabled even with nosmt and without "=force" [ Upstream commit d0e7d14455d41163126afecd0fcce935463cc512 ] When booting with "nosmt=force" a message is issued into dmesg to confirm that SMT has been force-disabled but such a message is not issued when only "nosmt" is on the kernel command line. Fix that. Signed-off-by: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20181004172227.10094-1-bp@alien8.de Signed-off-by: Ingo Molnar Signed-off-by: Sasha Levin commit 8fce141f4805dccad309a68435138c7926b8a36b Author: Ricardo Ribalda Delgado Date: Thu Oct 4 15:34:45 2018 +0200 mtd: physmap_of: Release resources on error [ Upstream commit ef0de747f7ad179c7698a5b0e28db05f18ecbf57 ] During probe, if there was an error the memory region and the memory map were not properly released.This can lead a system unusable if deferred probe is in use. Replace mem_request and map with devm_ioremap_resource Signed-off-by: Ricardo Ribalda Delgado Signed-off-by: Boris Brezillon Signed-off-by: Sasha Levin commit d46cd42b4ffa93b8258a01e7be270be0caee07f3 Author: SolidHal Date: Tue Oct 2 20:58:16 2018 -0500 usb: dwc2: disable power_down on rockchip devices [ Upstream commit c216765d3a1defda5e7e2dabd878f99f0cd2ebf2 ] The bug would let the usb controller enter partial power down, which was formally known as hibernate, upon boot if nothing was plugged in to the port. Partial power down couldn't be exited properly, so any usb devices plugged in after boot would not be usable. Before the name change, params.hibernation was false by default, so _dwc2_hcd_suspend() would skip entering hibernation. With the rename, _dwc2_hcd_suspend() was changed to use params.power_down to decide whether or not to enter partial power down. Since params.power_down is non-zero by default, it needs to be set to 0 for rockchip devices to restore functionality. This bug was reported in the linux-usb thread: REGRESSION: usb: dwc2: USB device not seen after boot The commit that caused this regression is: 6d23ee9caa6790aea047f9aca7f3c03cb8d96eb6 Signed-off-by: SolidHal Acked-by: Minas Harutyunyan Signed-off-by: Felipe Balbi Signed-off-by: Sasha Levin commit 3ad0531dbe0c4646b42a8da28fffd2c5e2e3bb12 Author: Johan Hovold Date: Sun Sep 30 18:03:11 2018 +0200 USB: serial: cypress_m8: fix interrupt-out transfer length [ Upstream commit 56445eef55cb5904096fed7a73cf87b755dfffc7 ] Fix interrupt-out transfer length which was being set to the transfer-buffer length rather than the size of the outgoing packet. Note that no slab data was leaked as the whole transfer buffer is always cleared before each transfer. Fixes: 9aa8dae7b1fa ("cypress_m8: use usb_fill_int_urb where appropriate") Signed-off-by: Johan Hovold Signed-off-by: Sasha Levin commit 24ce099a5388f0d821fdb1db12a38e7abe20a646 Author: Cameron Kaiser Date: Tue Jul 31 07:39:21 2018 -0700 KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR [ Upstream commit 1006284c5e411872333967b1970c2ca46a9e225f ] When an OS (currently only classic Mac OS) is running in KVM-PR and makes a linked jump from code with split hack addressing enabled into code that does not, LR is not correctly updated and reflects the previously munged PC. To fix this, this patch undoes the address munge when exiting split hack mode so that code relying on LR being a proper address will now execute. This does not affect OS X or other operating systems running on KVM-PR. Signed-off-by: Cameron Kaiser Signed-off-by: Paul Mackerras Signed-off-by: Sasha Levin commit 8b6021ca47a3975601e5adcdadb69c12b9731490 Author: Vasundhara Volam Date: Thu Oct 4 11:13:48 2018 +0530 bnxt_en: return proper error when FW returns HWRM_ERR_CODE_RESOURCE_ACCESS_DENIED [ Upstream commit 3a1d52a54a6a4030b294e5f5732f0bfbae0e3815 ] Return proper error code when Firmware returns HWRM_ERR_CODE_RESOURCE_ACCESS_DENIED for HWRM_NVM_GET/SET_VARIABLE commands. Cc: Michael Chan Signed-off-by: Vasundhara Volam Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 6e454b0ad02d0c4aa23c6b2d854118946eb59e7c Author: Michael Pobega Date: Thu Oct 4 14:58:21 2018 -0400 ALSA: hda/sigmatel - Disable automute for Elo VuPoint [ Upstream commit d153135e93a50cdb6f1b52e238909e9965b56056 ] The Elo VuPoint 15MX has two headphone jacks of which neither work by default. Disabling automute allows ALSA to work normally with the speakers & left headphone jack. Future pin configuration changes may be required in the future to get the right headphone jack working in tandem. Signed-off-by: Michael Pobega Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin commit 6925a5afc14842ae6bbc953c7591a2ae2642aa73 Author: Jacopo Mondi Date: Mon Sep 17 07:30:54 2018 -0400 media: i2c: adv748x: Support probing a single output [ Upstream commit eccf442ce156ec2b4e06b1239d5fdcb0c732f63f ] Currently the adv748x driver will fail to probe unless both of its output endpoints (TXA and TXB) are connected. Make the driver support probing provided that there is at least one input, and one output connected and protect the clean-up function from accessing un-initialized fields. Following patches will fix other uses of un-initialized TXs in the driver, such as power management functions. Tested-by: Laurent Pinchart Signed-off-by: Jacopo Mondi Signed-off-by: Kieran Bingham Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit a02bad04d1100b30b8acbe8e3499574e5aba8c5d Author: Niklas Söderlund Date: Wed Sep 26 17:40:06 2018 -0400 media: rcar-vin: fix redeclaration of symbol [ Upstream commit 4e673ed4e2bfac00b3c3043a84e007874c17c84d ] When adding support for parallel subdev for Gen3 it was missed that the symbol 'i' in rvin_group_link_notify() was already declared, remove the dupe as it's only used as a loop variable this have no functional change. This fixes warning: rcar-core.c:117:52: originally declared here rcar-core.c:173:30: warning: symbol 'i' shadows an earlier one Fixes: 1284605dc821cebd ("media: rcar-vin: Handle parallel subdev in link_notify") Signed-off-by: Niklas Söderlund Acked-by: Jacopo Mondi Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 14dc7aeef3f4ada5adeab3a3836e4e28f9452c66 Author: Nathan Chancellor Date: Fri Sep 21 06:00:45 2018 -0400 media: pxa_camera: Fix check for pdev->dev.of_node [ Upstream commit 44d7f1a77d8c84f8e42789b5475b74ae0e6d4758 ] Clang warns that the address of a pointer will always evaluated as true in a boolean context. drivers/media/platform/pxa_camera.c:2400:17: warning: address of 'pdev->dev.of_node' will always evaluate to 'true' [-Wpointer-bool-conversion] if (&pdev->dev.of_node && !pcdev->pdata) { ~~~~~~~~~~^~~~~~~ ~~ 1 warning generated. Judging from the rest of the kernel, it seems like this was an error and just the value of of_node should be checked rather than the address. Reported-by: Nick Desaulniers Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 7672ca60a14a82fcbfbede78559a0be250c686cc Author: Matthias Reichl Date: Tue Aug 28 09:49:42 2018 -0400 media: rc: ir-rc6-decoder: enable toggle bit for Kathrein RCU-676 remote [ Upstream commit 85e4af0a7ae2f146769b7475ae531bf8a3f3afb4 ] The Kathrein RCU-676 remote uses the 32-bit rc6 protocol and toggles bit 15 (0x8000) on repeated button presses, like MCE remotes. Add it's customer code 0x80460000 to the 32-bit rc6 toggle handling code to get proper scancodes and toggle reports. Signed-off-by: Matthias Reichl Signed-off-by: Sean Young Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin commit 01e9e39f4f616a3b1b9e2d7747b902af789825b7 Author: Nathan Chancellor Date: Thu Oct 4 09:39:20 2018 -0700 qed: Avoid implicit enum conversion in qed_ooo_submit_tx_buffers [ Upstream commit 8fa74e3c49204bdf788d99ef71840490cccc210d ] Clang warns when one enumerated type is implicitly converted to another. drivers/net/ethernet/qlogic/qed/qed_ll2.c:799:32: warning: implicit conversion from enumeration type 'enum core_tx_dest' to different enumeration type 'enum qed_ll2_tx_dest' [-Wenum-conversion] tx_pkt.tx_dest = p_ll2_conn->tx_dest; ~ ~~~~~~~~~~~~^~~~~~~ 1 warning generated. Fix this by using a switch statement to convert between the enumerated values since they are not 1 to 1, which matches how the rest of the driver handles this conversion. Link: https://github.com/ClangBuiltLinux/linux/issues/125 Suggested-by: Tomer Tayar Signed-off-by: Nathan Chancellor Acked-by: Tomer Tayar Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit d1dff747758f04746ed0619215bde2b88bf21e21 Author: Nathan Chancellor Date: Wed Oct 3 19:37:54 2018 -0700 ata: ep93xx: Use proper enums for directions [ Upstream commit 6adde4a36f1b6a562a1057fbb1065007851050e7 ] Clang warns when one enumerated type is implicitly converted to another. drivers/ata/pata_ep93xx.c:662:36: warning: implicit conversion from enumeration type 'enum dma_data_direction' to different enumeration type 'enum dma_transfer_direction' [-Wenum-conversion] drv_data->dma_rx_data.direction = DMA_FROM_DEVICE; ~ ^~~~~~~~~~~~~~~ drivers/ata/pata_ep93xx.c:670:36: warning: implicit conversion from enumeration type 'enum dma_data_direction' to different enumeration type 'enum dma_transfer_direction' [-Wenum-conversion] drv_data->dma_tx_data.direction = DMA_TO_DEVICE; ~ ^~~~~~~~~~~~~ drivers/ata/pata_ep93xx.c:681:19: warning: implicit conversion from enumeration type 'enum dma_data_direction' to different enumeration type 'enum dma_transfer_direction' [-Wenum-conversion] conf.direction = DMA_FROM_DEVICE; ~ ^~~~~~~~~~~~~~~ drivers/ata/pata_ep93xx.c:692:19: warning: implicit conversion from enumeration type 'enum dma_data_direction' to different enumeration type 'enum dma_transfer_direction' [-Wenum-conversion] conf.direction = DMA_TO_DEVICE; ~ ^~~~~~~~~~~~~ Use the equivalent valued enums from the expected type so that Clang no longer warns about a conversion. DMA_TO_DEVICE = DMA_MEM_TO_DEV = 1 DMA_FROM_DEVICE = DMA_DEV_TO_MEM = 2 Acked-by: Bartlomiej Zolnierkiewicz Signed-off-by: Nathan Chancellor Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 6a70c66a84e01b4835829911b57bccdab8ee8131 Author: Nicholas Piggin Date: Mon Aug 27 13:03:02 2018 +1000 powerpc/64s/radix: Explicitly flush ERAT with local LPID invalidation [ Upstream commit 053c5a753e951c5dd1729af2cf4d8107f2e6e09b ] Local radix TLB flush operations that operate on congruence classes have explicit ERAT flushes for POWER9. The process scoped LPID flush did not have a flush, so add it. Signed-off-by: Nicholas Piggin Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin commit 9e4649e443e24fecfc5521f6452a0a4184488d30 Author: Anton Blanchard Date: Tue Oct 2 09:01:04 2018 +1000 powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer [ Upstream commit 8b78fdb045de60a4eb35460092bbd3cffa925353 ] We currently cap the decrementer clockevent at 4 seconds, even on systems with large decrementer support. Fix this by converting the code to use clockevents_register_device() which calculates the upper bound based on the max_delta passed in. Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin commit d7e546d06182165ceb5c5c1d8ef54f2c02ee75cd Author: Dan Carpenter Date: Mon Oct 1 19:44:30 2018 +0300 ASoC: qdsp6: q6asm-dai: checking NULL vs IS_ERR() [ Upstream commit 8e9f7265eda9f3a662ca1ca47a69042a7840735b ] The q6asm_audio_client_alloc() doesn't return NULL, it returns error pointers. Fixes: 2a9e92d371db ("ASoC: qdsp6: q6asm: Add q6asm dai driver") Signed-off-by: Dan Carpenter Signed-off-by: Mark Brown Signed-off-by: Sasha Levin commit 27ab8f1648ac53dbddd97486c0beb6d6a2d44aa9 Author: Rafael J. Wysocki Date: Tue Oct 2 23:42:02 2018 +0200 cpuidle: menu: Fix wakeup statistics updates for polling state [ Upstream commit 5f26bdceb9c0a5e6c696aa2899d077cd3ae93413 ] If the CPU exits the "polling" state due to the time limit in the loop in poll_idle(), this is not a real wakeup and it just means that the "polling" state selection was not adequate. The governor mispredicted short idle duration, but had a more suitable state been selected, the CPU might have spent more time in it. In fact, there is no reason to expect that there would have been a wakeup event earlier than the next timer in that case. Handling such cases as regular wakeups in menu_update() may cause the menu governor to make suboptimal decisions going forward, but ignoring them altogether would not be correct either, because every time menu_select() is invoked, it makes a separate new attempt to predict the idle duration taking distinct time to the closest timer event as input and the outcomes of all those attempts should be recorded. For this reason, make menu_update() always assume that if the "polling" state was exited due to the time limit, the next proper wakeup event for the CPU would be the next timer event (not including the tick). Fixes: a37b969a61c1 "cpuidle: poll_state: Add time limit to poll_idle()" Signed-off-by: Rafael J. Wysocki Acked-by: Peter Zijlstra (Intel) Reviewed-by: Daniel Lezcano Signed-off-by: Sasha Levin commit 38ad2aa9331b4f4c8974b6c37ee7abdd430a7861 Author: Bob Moore Date: Wed Oct 3 11:45:38 2018 -0700 ACPICA: Never run _REG on system_memory and system_IO [ Upstream commit 8b1cafdcb4b75c5027c52f1e82b47ebe727ad7ed ] These address spaces are defined by the ACPI spec to be "always available", and thus _REG should never be run on them. Provides compatibility with other ACPI implementations. Signed-off-by: Bob Moore Signed-off-by: Erik Schmauss Signed-off-by: Rafael J. Wysocki Signed-off-by: Sasha Levin commit 216929d15b2c655d960d72b6e76e1c744870a729 Author: Viresh Kumar Date: Wed Oct 3 15:22:03 2018 +0530 OPP: Return error on error from dev_pm_opp_get_opp_count() [ Upstream commit 09f662f95306f3e3d47ab6842bc4b0bb868a80ad ] Return error number instead of 0 on failures. Fixes: a1e8c13600bf ("PM / OPP: "opp-hz" is optional for power domains") Signed-off-by: Viresh Kumar Signed-off-by: Sasha Levin commit 3d0c72f99efcbe7645c6490e81a4dc0acf53adcb Author: Jordan Crouse Date: Fri Sep 14 09:03:46 2018 -0600 msm/gpu/a6xx: Force of_dma_configure to setup DMA for GMU [ Upstream commit 32aa27e15c28d3898ed6f9b3c98f95f34a81eab2 ] The point of the 'force_dma' parameter for of_dma_configure is to force the device to be set up even if DMA capability is not described by the firmware which is exactly the use case we have for GMU - we need SMMU to get set up but we have no other dma capabilities since memory is managed by the GPU driver. Currently we pass false so of_dma_configure() fails and subsequently GMU and GPU probe does as well. Fixes: 4b565ca5a2c ("drm/msm: Add A6XX device support") Signed-off-by: Jordan Crouse Tested-by: Sibi Sankar Signed-off-by: Rob Clark Signed-off-by: Sasha Levin commit 674b223d7a4881229c37322474b4274d4ff7d942 Author: Arun Kumar Neelakantam Date: Wed Oct 3 17:08:20 2018 +0530 rpmsg: glink: smem: Support rx peak for size less than 4 bytes [ Upstream commit 928002a5e9dab2ddc1a0fe3e00739e89be30dc6b ] The current rx peak function fails to read the data if size is less than 4bytes. Use memcpy_fromio to support data reads of size less than 4 bytes. Cc: stable@vger.kernel.org Fixes: f0beb4ba9b18 ("rpmsg: glink: Remove chunk size word align warning") Signed-off-by: Arun Kumar Neelakantam Signed-off-by: Bjorn Andersson Signed-off-by: Sasha Levin commit ec9fc981de57ea48cf9ba8a8313c6d32b4eda2bf Author: Nathan Chancellor Date: Mon Sep 24 12:57:16 2018 -0700 IB/mlx4: Avoid implicit enumerated type conversion [ Upstream commit b56511c15713ba6c7572e77a41f7ddba9c1053ec ] Clang warns when one enumerated type is implicitly converted to another. drivers/infiniband/hw/mlx4/mad.c:1811:41: warning: implicit conversion from enumeration type 'enum mlx4_ib_qp_flags' to different enumeration type 'enum ib_qp_create_flags' [-Wenum-conversion] qp_init_attr.init_attr.create_flags = MLX4_IB_SRIOV_TUNNEL_QP; ~ ^~~~~~~~~~~~~~~~~~~~~~~ drivers/infiniband/hw/mlx4/mad.c:1819:41: warning: implicit conversion from enumeration type 'enum mlx4_ib_qp_flags' to different enumeration type 'enum ib_qp_create_flags' [-Wenum-conversion] qp_init_attr.init_attr.create_flags = MLX4_IB_SRIOV_SQP; ~ ^~~~~~~~~~~~~~~~~ The type mlx4_ib_qp_flags explicitly provides supplemental values to the type ib_qp_create_flags. Make that clear to Clang by changing the create_flags type to u32. Reported-by: Nick Desaulniers Signed-off-by: Nathan Chancellor Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit d5d78049b7a4fbd5ec0399388030038938937ec0 Author: Lijun Ou Date: Sun Sep 30 17:00:31 2018 +0800 RDMA/hns: Limit the size of extend sge of sq [ Upstream commit 05ad5482a5904c416bcfd74afd7193e206e563ce ] The hip08 split two hardware version. The version id are 0x20 and 0x21 according to the PCI revison. The max size of extend sge of sq is limited to 2M for 0x20 version and 8M for 0x21 version. It may be exceeded to 2M according to the algorithm that compute the product of wqe count and extend sge number of every wqe. But the product always less than 8M. Signed-off-by: Lijun Ou Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit 010af7a8d0aee6c3d75e82a896f00540bc27fa45 Author: Lijun Ou Date: Sun Sep 30 17:00:30 2018 +0800 RDMA/hns: Bugfix for CM test [ Upstream commit 15fc056fba7b17b9abfbe80a12f188403fc949fb ] It will print the warning when the MSB bit of SLID is not zero running cm_req_handler function that test CM. It needs to fixed zero when test RoCE device. Signed-off-by: Lijun Ou Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit 5b7064adfb4b11e8cf7bdb8ab232c4b7463db861 Author: Lijun Ou Date: Sun Sep 30 17:00:29 2018 +0800 RDMA/hns: Submit bad wr when post send wr exception [ Upstream commit c80e066100b5fed722c8da67c1bd2312e7bcf129 ] When user issues a RDMA read and enables sq inline, it needs to report a bad wr to user. Signed-off-by: Lijun Ou Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit af76265532a870ff27d7be1889570d71a8032049 Author: Lijun Ou Date: Sun Sep 30 17:00:28 2018 +0800 RDMA/hns: Bugfix for reserved qp number [ Upstream commit 06ef0ee4b569101f3a07ce08335dbf29fd1404ef ] It needs to include two special qps for every port. The hip08 have four ports and the all reserved qp numbers are eight. Signed-off-by: Lijun Ou Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit 350703fae672d4d649c3562c199eab5ec9dc7c79 Author: Zhu Yanjun Date: Sun Sep 30 02:27:16 2018 -0400 IB/rxe: avoid srq memory leak [ Upstream commit aae0484e15f062ad2c2502e68e15dfb8b8f84608 ] In rxe_queue_init, q and q->buf are allocated. In do_mmap_info, q->ip is allocated. When error occurs, rxe_srq_from_init and the later error handler do not free these allocated memories. This will make memory leak. Signed-off-by: Zhu Yanjun Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit e3db306d1fda584d63ea02ac628b1858317b26ab Author: Wei Yongjun Date: Sat Sep 29 03:55:16 2018 +0000 IB/mthca: Fix error return code in __mthca_init_one() [ Upstream commit 39f2495618c5e980d2873ea3f2d1877dd253e07a ] Fix to return a negative error code from the mthca_cmd_init() error handling case instead of 0, as done elsewhere in this function. Fixes: 80fd8238734c ("[PATCH] IB/mthca: Encapsulate command interface init") Signed-off-by: Wei Yongjun Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit 1b86b8ad6e4738521378ce6879a7e148c9494cd4 Author: Radoslaw Tyl Date: Mon Sep 24 09:24:20 2018 +0200 ixgbe: Fix crash with VFs and flow director on interface flap [ Upstream commit 5d826d209164b0752c883607be4cdbbcf7cab494 ] This patch fix crash when we have restore flow director filters after reset adapter. In ixgbe_fdir_filter_restore() filter->action is outside of the rx_ring array, as it has a VF identifier in the upper 32 bits. Signed-off-by: Radoslaw Tyl Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: Sasha Levin commit 0e1fd69cff757e110d82f85cb21f72df3071df35 Author: Nathan Chancellor Date: Fri Sep 21 03:13:59 2018 -0700 i40e: Use proper enum in i40e_ndo_set_vf_link_state [ Upstream commit 43ade6ad18416b8fd5bb3c9e9789faa666527eec ] Clang warns when one enumerated type is converted implicitly to another. drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c:4214:42: warning: implicit conversion from enumeration type 'enum i40e_aq_link_speed' to different enumeration type 'enum virtchnl_link_speed' [-Wenum-conversion] pfe.event_data.link_event.link_speed = I40E_LINK_SPEED_40GB; ~ ^~~~~~~~~~~~~~~~~~~~ 1 warning generated. Use the proper enum from virtchnl_link_speed, which has the same value as I40E_LINK_SPEED_40GB, VIRTCHNL_LINK_SPEED_40GB. This appears to be missed by commit ff3f4cc267f6 ("virtchnl: finish conversion to virtchnl interface"). Link: https://github.com/ClangBuiltLinux/linux/issues/81 Signed-off-by: Nathan Chancellor Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: Sasha Levin commit 22b8d7e3bcb597261e7e75da44081518d7b18d3c Author: Radoslaw Tyl Date: Wed Sep 5 09:00:51 2018 +0200 ixgbe: Fix ixgbe TX hangs with XDP_TX beyond queue limit [ Upstream commit 8d7179b1e2d64b3493c0114916486fe92e6109a9 ] We have Tx hang when number Tx and XDP queues are more than 64. In XDP always is MTQC == 0x0 (64TxQs). We need more space for Tx queues. Signed-off-by: Radoslaw Tyl Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: Sasha Levin commit b69cfc4f2665798264475b4812fae34d05059944 Author: NeilBrown Date: Wed Oct 3 15:04:41 2018 +1000 md: allow metadata updates while suspending an array - fix [ Upstream commit 059421e041eb461fb2b3e81c9adaec18ef03ca3c ] Commit 35bfc52187f6 ("md: allow metadata update while suspending.") added support for allowing md_check_recovery() to still perform metadata updates while the array is entering the 'suspended' state. This is needed to allow the processes of entering the state to complete. Unfortunately, the patch doesn't really work. The test for "mddev->suspended" at the start of md_check_recovery() means that the function doesn't try to do anything at all while entering suspend. This patch moves the code of updating the metadata while suspending to *before* the test on mddev->suspended. Reported-by: Jeff Mahoney Fixes: 35bfc52187f6 ("md: allow metadata update while suspending.") Signed-off-by: NeilBrown Signed-off-by: Shaohua Li Signed-off-by: Sasha Levin commit 4aa110048087228ccc260f5319886fcbaedd8875 Author: Anirudh Venkataramanan Date: Wed Sep 19 17:43:02 2018 -0700 ice: Fix forward to queue group logic [ Upstream commit be8ff000bf83e658e63ab64cf4d2755abc5add5b ] When adding a rule, queue region size needs to be provided as log base 2 of the number of queues in region. Fix that. Signed-off-by: Anirudh Venkataramanan Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher Signed-off-by: Sasha Levin commit d97a02b84879e6434c61a74574de3d402dfb3d0a Author: Sergei Shtylyov Date: Mon Sep 10 23:22:16 2018 +0300 clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines [ Upstream commit 37e7742c55ba856eaec7e35673ee370f36eb17f3 ] The driver seems to abuse *unsigned long* not only for the (32-bit) register values but also for the 'sh_cmt_channel::total_cycles' which needs to always be 64-bit -- as a result, the clocksource's mask is needlessly clamped down to 32-bits on the 32-bit machines... Fixes: 19bdc9d061bc ("clocksource: sh_cmt clocksource support") Reported-by: Geert Uytterhoeven Signed-off-by: Sergei Shtylyov Reviewed-by: Simon Horman Reviewed-by: Geert Uytterhoeven Signed-off-by: Daniel Lezcano Signed-off-by: Sasha Levin commit 31fb5ea6ed1b1f5dfcc88ec454fb9a6d313125d6 Author: Sergei Shtylyov Date: Sat Sep 8 23:54:05 2018 +0300 clocksource/drivers/sh_cmt: Fixup for 64-bit machines [ Upstream commit 22627c6f3ed3d9d0df13eec3c831b08f8186c38e ] When trying to use CMT for clockevents on R-Car gen3 SoCs, I noticed that 'max_delta_ns' for the broadcast timer (CMT) was shown as 1000 in /proc/timer_list. It turned out that when calculating it, the driver did 1 << 32 (causing what I think was undefined behavior) resulting in a zero delta, later clamped to 1000 by cev_delta2ns(). The root cause turned out to be that the driver abused *unsigned long* for the CMT register values (which are 16/32-bit), so that the calculation of 'ch->max_match_value' in sh_cmt_setup_channel() used the wrong branch. Using more proper 'u32' instead fixed 'max_delta_ns' and even fixed the switching an active clocksource to CMT (which caused the system to turn non-interactive before). Signed-off-by: Sergei Shtylyov Reviewed-by: Geert Uytterhoeven Signed-off-by: Daniel Lezcano Signed-off-by: Sasha Levin commit 0e8855ba9f9ac220ef6261cfba5918d9f761b07d Author: Gustavo Pimentel Date: Thu Aug 23 13:34:53 2018 +0200 tools: PCI: Fix compilation warnings [ Upstream commit fef31ecaaf2c5c54db85b35e893bf8abec96b93f ] Current compilation produces the following warnings: tools/pci/pcitest.c: In function 'run_test': tools/pci/pcitest.c:56:9: warning: unused variable 'time' [-Wunused-variable] double time; ^~~~ tools/pci/pcitest.c:55:25: warning: unused variable 'end' [-Wunused-variable] struct timespec start, end; ^~~ tools/pci/pcitest.c:55:18: warning: unused variable 'start' [-Wunused-variable] struct timespec start, end; ^~~~~ tools/pci/pcitest.c:146:1: warning: control reaches end of non-void function [-Wreturn-type] } ^ Fix them: - remove unused variables - change function return from int to void, since it's not used Signed-off-by: Gustavo Pimentel [lorenzo.pieralisi@arm.com: rewrote the commit log] Signed-off-by: Lorenzo Pieralisi Reviewed-by: Kishon Vijay Abraham I Signed-off-by: Sasha Levin commit 9372023e10ee3f46f82acb1695c8de32ee59262a Author: Chen Yu Date: Fri Sep 21 14:26:38 2018 +0800 PM / hibernate: Check the success of generating md5 digest before hibernation [ Upstream commit 749fa17093ff67b31dea864531a3698b6a95c26c ] Currently if get_e820_md5() fails, then it will hibernate nevertheless. Actually the error code should be propagated to upper caller so that the hibernation could be aware of the result and terminates the process if md5 digest fails. Suggested-by: Thomas Gleixner Acked-by: Pavel Machek Signed-off-by: Chen Yu Acked-by: Thomas Gleixner Signed-off-by: Rafael J. Wysocki Signed-off-by: Sasha Levin commit ed896ddfae942b6a87bf3a273f88a11d8f85317d Author: Nathan Chancellor Date: Thu Sep 20 16:30:25 2018 -0700 mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer [ Upstream commit e2bfa4ca23d9b5a7bdfcf21319fad9b59e38a05c ] Clang warns when one enumerated type is converted implicitly to another: drivers/mtd/nand/raw/sh_flctl.c:483:46: warning: implicit conversion from enumeration type 'enum dma_transfer_direction' to different enumeration type 'enum dma_data_direction' [-Wenum-conversion] flctl_dma_fifo0_transfer(flctl, buf, rlen, DMA_DEV_TO_MEM) > 0) ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~ drivers/mtd/nand/raw/sh_flctl.c:542:46: warning: implicit conversion from enumeration type 'enum dma_transfer_direction' to different enumeration type 'enum dma_data_direction' [-Wenum-conversion] flctl_dma_fifo0_transfer(flctl, buf, rlen, DMA_MEM_TO_DEV) > 0) ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~ 2 warnings generated. Use the proper enums from dma_data_direction to satisfy Clang. DMA_MEM_TO_DEV = DMA_TO_DEVICE = 1 DMA_DEV_TO_MEM = DMA_FROM_DEVICE = 2 Reported-by: Nick Desaulniers Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: Miquel Raynal Signed-off-by: Sasha Levin commit 83cda9ea18760fd61ebbc2b0d2b5df724d990d6e Author: Tudor Ambarus Date: Tue Oct 2 16:20:35 2018 +0300 ARM: dts: at91: sama5d2_ptc_ek: fix bootloader env offsets [ Upstream commit f602b4871c5f7ac01d37d8b285ca947ba7613065 ] The offsets for the bootloader environment and its redundant partition were inverted. Fix the addresses to match our nand flash map available at: http://www.at91.com/linux4sam/pub/Linux4SAM/SambaSubsections//demo_nandflash_map_lnx4sam5x.png Signed-off-by: Tudor Ambarus Signed-off-by: Ludovic Desroches Signed-off-by: Sasha Levin commit 10551e574d79f658e52d1c1f6ba85f8c62942310 Author: Tudor Ambarus Date: Tue Oct 2 16:00:36 2018 +0300 ARM: dts: at91: at91sam9x5cm: fix addressable nand flash size [ Upstream commit 6f270d88a0c4a11725afd8fd2001ae408733afbf ] at91sam9x5cm comes with a 2Gb NAND flash. Fix the rootfs size to match this limit. Signed-off-by: Tudor Ambarus Signed-off-by: Ludovic Desroches Signed-off-by: Sasha Levin commit 825d176a1049966ed3fe53a248cb45a90c9cd7a9 Author: Tudor Ambarus Date: Tue Oct 2 16:00:35 2018 +0300 ARM: dts: at91: sama5d4_xplained: fix addressable nand flash size [ Upstream commit df90fc64367ffdb6f1b5c0f0c4940d44832b0174 ] sama5d4_xplained comes with a 4Gb NAND flash. Increase the rootfs size to match this limit. Signed-off-by: Tudor Ambarus Signed-off-by: Ludovic Desroches Signed-off-by: Sasha Levin commit ab99285882836a50bc087f9d98883608bd8058be Author: zhong jiang Date: Wed Sep 26 20:09:32 2018 +0800 powerpc/xive: Move a dereference below a NULL test [ Upstream commit cd5ff94577e004e0a4457e70d0ef3a030f4010b8 ] Move the dereference of xc below the NULL test. Signed-off-by: zhong jiang Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin commit 38d7fa28157e00819741e419543a56d37f2b1ab5 Author: Naveen N. Rao Date: Thu Sep 27 13:40:58 2018 +0530 powerpc/pseries: Fix how we iterate over the DTL entries [ Upstream commit 9258227e9dd1da8feddb07ad9702845546a581c9 ] When CONFIG_VIRT_CPU_ACCOUNTING_NATIVE is not set, we look up dtl_idx in the lppaca to determine the number of entries in the buffer. Since lppaca is in big endian, we need to do an endian conversion before using this in our calculation to determine the number of entries in the buffer. Without this, we do not iterate over the existing entries in the DTL buffer properly. Fixes: 7c105b63bd98 ("powerpc: Add CONFIG_CPU_LITTLE_ENDIAN kernel config option.") Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin commit a3576a228404f5eb2b1dbb42e8dce5390b00088d Author: Naveen N. Rao Date: Thu Sep 27 13:40:57 2018 +0530 powerpc/pseries: Fix DTL buffer registration [ Upstream commit db787af1b8a6b4be428ee2ea7d409dafcaa4a43c ] When CONFIG_VIRT_CPU_ACCOUNTING_NATIVE is not set, we register the DTL buffer for a cpu when the associated file under powerpc/dtl in debugfs is opened. When doing so, we need to set the size of the buffer being registered in the second u32 word of the buffer. This needs to be in big endian, but we are not doing the conversion resulting in the below error showing up in dmesg: dtl_start: DTL registration for cpu 0 (hw 0) failed with -4 Fix this in the obvious manner. Fixes: 7c105b63bd98 ("powerpc: Add CONFIG_CPU_LITTLE_ENDIAN kernel config option.") Signed-off-by: Naveen N. Rao Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin commit b28aa87d081c1c2562bbd02d91b1b16fc0bf8f1b Author: Nathan Chancellor Date: Sun Sep 30 20:47:38 2018 -0700 cxgb4: Use proper enum in IEEE_FAUX_SYNC [ Upstream commit 258b6d141878530ba1f8fc44db683822389de914 ] Clang warns when one enumerated type is implicitly converted to another. drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.c:390:4: warning: implicit conversion from enumeration type 'enum cxgb4_dcb_state' to different enumeration type 'enum cxgb4_dcb_state_input' [-Wenum-conversion] IEEE_FAUX_SYNC(dev, dcb); ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.h:70:10: note: expanded from macro 'IEEE_FAUX_SYNC' CXGB4_DCB_STATE_FW_ALLSYNCED); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ Use the equivalent value of the expected type to silence Clang while resulting in no functional change. CXGB4_DCB_STATE_FW_ALLSYNCED = CXGB4_DCB_INPUT_FW_ALLSYNCED = 3 Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit efdacf2b7aa7a3767cf632f501d7d894147bbc27 Author: Nathan Chancellor Date: Sun Sep 30 20:51:43 2018 -0700 cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update [ Upstream commit 3b0b8f0d9a259f6a428af63e7a77547325f8e081 ] Clang warns when one enumerated type is implicitly converted to another. drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.c:303:7: warning: implicit conversion from enumeration type 'enum cxgb4_dcb_state' to different enumeration type 'enum cxgb4_dcb_state_input' [-Wenum-conversion] ? CXGB4_DCB_STATE_FW_ALLSYNCED ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/ethernet/chelsio/cxgb4/cxgb4_dcb.c:304:7: warning: implicit conversion from enumeration type 'enum cxgb4_dcb_state' to different enumeration type 'enum cxgb4_dcb_state_input' [-Wenum-conversion] : CXGB4_DCB_STATE_FW_INCOMPLETE); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2 warnings generated. Use the equivalent value of the expected type to silence Clang while resulting in no functional change. CXGB4_DCB_STATE_FW_INCOMPLETE = CXGB4_DCB_INPUT_FW_INCOMPLETE = 2 CXGB4_DCB_STATE_FW_ALLSYNCED = CXGB4_DCB_INPUT_FW_ALLSYNCED = 3 Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 743ccf759e8ec9126ce691eccfc266c356c32158 Author: Dan Carpenter Date: Mon Oct 1 19:44:41 2018 +0300 mei: samples: fix a signedness bug in amt_host_if_call() [ Upstream commit 185647813cac080453cb73a2e034a8821049f2a7 ] "out_buf_sz" needs to be signed for the error handling to work. Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman Signed-off-by: Sasha Levin commit cc7d996a4428ca44652e5518e865c42ac7dfca0d Author: Jon Derrick Date: Fri Sep 7 13:22:30 2018 -0600 x86/PCI: Apply VMD's AERSID fixup generically [ Upstream commit 4f475e8e0a6d4f5d430350d1f74f7e4899fb1692 ] A root port Device ID changed between simulation and production. Rather than match Device IDs which may not be future-proof if left unmaintained, match all root ports which exist in a VMD domain. Signed-off-by: Jon Derrick Signed-off-by: Bjorn Helgaas Signed-off-by: Sasha Levin commit 6cedfaffb4acb43225be0812e0f92889026517b4 Author: Chuck Lever Date: Mon Oct 1 14:25:36 2018 -0400 sunrpc: Fix connect metrics [ Upstream commit 3968a8a5310404c2f0b9e4d9f28cab13a12bc4fd ] For TCP, the logic in xprt_connect_status is currently never invoked to record a successful connection. Commit 2a4919919a97 ("SUNRPC: Return EAGAIN instead of ENOTCONN when waking up xprt->pending") changed the way TCP xprt's are awoken after a connect succeeds. Instead, change connection-oriented transports to bump connect_count and compute connect_time the moment that XPRT_CONNECTED is set. Signed-off-by: Chuck Lever Signed-off-by: Anna Schumaker Signed-off-by: Sasha Levin commit 7e4602eac6664330b47a5a74ab423b0b4dd90ad3 Author: Nishanth Menon Date: Mon Aug 27 19:50:56 2018 -0500 clk: keystone: Enable TISCI clocks if K3_ARCH [ Upstream commit 2f149e6e14bcb5e581e49307b54aafcd6f74a74f ] K3_ARCH uses TISCI for clocks as well. Enable the same for the driver support. Signed-off-by: Nishanth Menon Acked-by: Santosh Shilimkar Signed-off-by: Stephen Boyd Signed-off-by: Sasha Levin commit 6c487c0e877a082c4ecb9d15ac6c641022193b83 Author: Gabriel Krisman Bertazi Date: Tue Oct 2 12:43:51 2018 -0400 ext4: fix build error when DX_DEBUG is defined [ Upstream commit 799578ab16e86b074c184ec5abbda0bc698c7b0b ] Enabling DX_DEBUG triggers the build error below. info is an attribute of the dxroot structure. linux/fs/ext4/namei.c:2264:12: error: ‘info’ undeclared (first use in this function); did you mean ‘insl’? info->indirect_levels)); Fixes: e08ac99fa2a2 ("ext4: add largedir feature") Signed-off-by: Gabriel Krisman Bertazi Signed-off-by: Theodore Ts'o Reviewed-by: Lukas Czerner Signed-off-by: Sasha Levin commit f2877a3c332d3f4ee6897f52228baee4457f6cf8 Author: Keyon Jie Date: Fri Sep 28 17:38:59 2018 +0800 ALSA: hda: Fix mismatch for register mask and value in ext controller. [ Upstream commit c32bf867cb6721d6ea04044d33f19c8bd81280c1 ] E.g. for snd_hdac_ext_bus_link_power_up(), we should set mask to be AZX_MLCTL_SPA(it was 0), and AZX_MLCTL_SPA as value to power up it, here correct it and several similar mismatches. Signed-off-by: Keyon Jie Signed-off-by: Takashi Iwai Signed-off-by: Sasha Levin commit ae3765a0a33db2a4f63dfd4b850e9b29f668ea09 Author: Nathan Chancellor Date: Tue Sep 11 16:20:25 2018 -0700 dmaengine: timb_dma: Use proper enum in td_prep_slave_sg [ Upstream commit 5e621f5d538985f010035c6f3e28c22829d36db1 ] Clang warns when implicitly converting from one enumerated type to another. Avoid this by using the equivalent value from the expected type. drivers/dma/timb_dma.c:548:27: warning: implicit conversion from enumeration type 'enum dma_transfer_direction' to different enumeration type 'enum dma_data_direction' [-Wenum-conversion] td_desc->desc_list_len, DMA_MEM_TO_DEV); ^~~~~~~~~~~~~~ 1 warning generated. Reported-by: Nick Desaulniers Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: Vinod Koul Signed-off-by: Sasha Levin commit 0c21aa9b5651f2e8e2fd26832042000bb9ad0152 Author: Nathan Chancellor Date: Tue Sep 11 16:40:20 2018 -0700 dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction [ Upstream commit 9524d6b265f9b2b9a61fceb2ee2ce1c2a83e39ca ] Clang warns when implicitly converting from one enumerated type to another. Avoid this by using the equivalent value from the expected type. In file included from drivers/dma/ep93xx_dma.c:30: ./include/linux/platform_data/dma-ep93xx.h:88:10: warning: implicit conversion from enumeration type 'enum dma_data_direction' to different enumeration type 'enum dma_transfer_direction' [-Wenum-conversion] return DMA_NONE; ~~~~~~ ^~~~~~~~ 1 warning generated. Reported-by: Nick Desaulniers Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: Vinod Koul Signed-off-by: Sasha Levin commit 671ce9f892b93fb1e98ac2977f705a0fd301b0cb Author: Sergey Senozhatsky Date: Fri Sep 28 18:53:04 2018 +0900 printk: CON_PRINTBUFFER console registration is a bit racy [ Upstream commit 884e370ea88c109a3b982f4eb9ecd82510a3a1fe ] CON_PRINTBUFFER console registration requires us to do several preparation steps: - Rollback console_seq to replay logbuf messages which were already seen on other consoles; - Set exclusive_console flag so console_unlock() will ->write() logbuf messages only to the exclusive_console driver. The way we do it, however, is a bit racy logbuf_lock_irqsave(flags); console_seq = syslog_seq; console_idx = syslog_idx; logbuf_unlock_irqrestore(flags); << preemption enabled << irqs enabled exclusive_console = newcon; console_unlock(); We rollback console_seq under logbuf_lock with IRQs disabled, but we set exclusive_console with local IRQs enabled and logbuf unlocked. If the system oops-es or panic-s before we set exclusive_console - and given that we have IRQs and preemption enabled there is such a possibility - we will re-play all logbuf messages to every registered console, which may be a bit annoying and time consuming. Move exclusive_console assignment to the same IRQs-disabled and logbuf_lock-protected section where we rollback console_seq. Link: http://lkml.kernel.org/r/20180928095304.9972-1-sergey.senozhatsky@gmail.com To: Steven Rostedt Cc: Sergey Senozhatsky Cc: linux-kernel@vger.kernel.org Signed-off-by: Sergey Senozhatsky Signed-off-by: Petr Mladek Signed-off-by: Sasha Levin commit cd120df118d7e9fc3320a2e4eb56f0fef88ae1f4 Author: Petr Mladek Date: Thu Sep 13 14:34:06 2018 +0200 printk: Do not miss new messages when replaying the log [ Upstream commit f92b070f2dc89a8ff1a0cc8b608e20abef894c7d ] The variable "exclusive_console" is used to reply all existing messages on a newly registered console. It is cleared when all messages are out. The problem is that new messages might appear in the meantime. These are then visible only on the exclusive console. The obvious solution is to clear "exclusive_console" after we replay all messages that were already proceed before we started the reply. Reported-by: Sergey Senozhatsky Link: http://lkml.kernel.org/r/20180913123406.14378-1-pmladek@suse.com To: Steven Rostedt Cc: Peter Zijlstra Cc: Sergey Senozhatsky Cc: linux-kernel@vger.kernel.org Acked-by: Sergey Senozhatsky Signed-off-by: Petr Mladek Signed-off-by: Sasha Levin commit 5a6f7274e67bcbcebbf8423d8ed56666563b46bf Author: Alexey Kardashevskiy Date: Mon Sep 10 18:29:09 2018 +1000 KVM: PPC: Inform the userspace about TCE update failures [ Upstream commit f7960e299f13f069d6f3d4e157d91bfca2669677 ] We return H_TOO_HARD from TCE update handlers when we think that the next handler (realmode -> virtual mode -> user mode) has a chance to handle the request; H_HARDWARE/H_CLOSED otherwise. This changes the handlers to return H_TOO_HARD on every error giving the userspace an opportunity to handle any request or at least log them all. Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Signed-off-by: Michael Ellerman Signed-off-by: Sasha Levin commit 38374aa3c9166e6d44363e400fb889ba6b8282ab Author: Guenter Roeck Date: Sun Sep 23 06:54:11 2018 -0700 watchdog: w83627hf_wdt: Support NCT6796D, NCT6797D, NCT6798D [ Upstream commit 57cbf0e3a0fd48e5ad8f3884562e8dde4827c1c8 ] The watchdog controller on NCT6796D, NCT6797D, and NCT6798D is compatible with the wtachdog controller on other Nuvoton chips. Signed-off-by: Guenter Roeck Reviewed-by: Wim Van Sebroeck Signed-off-by: Wim Van Sebroeck Signed-off-by: Sasha Levin commit 96505abd243570ddadb122df73252b24a5bac2c1 Author: Romain Izard Date: Fri Sep 14 12:13:38 2018 +0200 watchdog: sama5d4: fix timeout-sec usage [ Upstream commit 2e0432f8f8ad11b4bd208445360220efa5b37d82 ] When using watchdog_init_timeout to update the default timeout value, an error means that there is no "timeout-sec" in the relevant device tree node. This should not prevent binding of the driver to the device. Fixes: 976932e40036 ("watchdog: sama5d4: make use of timeout-secs provided in devicetree") Signed-off-by: Romain Izard Reviewed-by: Marcus Folkesson Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck Signed-off-by: Sasha Levin commit 26d6e542dc4720ceba57363ad8860aeeca5ac7ca Author: Wolfram Sang Date: Tue Aug 28 12:13:48 2018 +0200 watchdog: renesas_wdt: stop when unregistering [ Upstream commit 14de99b44b34dbb9d0f64845b1cbb675e047767e ] We want to go into a sane state when unregistering. Currently, it happens that the watchdog stops when unbinding because of RuntimePM stopping the core clock. When rebinding, the core clock gets reactivated and the watchdog fires even though it hasn't been opened by userspace yet. Strange scenario, yes, but sane state is much preferred anyhow. Signed-off-by: Wolfram Sang Reviewed-by: Fabrizio Castro Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck Signed-off-by: Sasha Levin commit f4cfb7eeae62ef491a5370903032e2a808bfbea1 Author: Wolfram Sang Date: Tue Aug 28 12:13:47 2018 +0200 watchdog: core: fix null pointer dereference when releasing cdev [ Upstream commit 953b9dd7725bad55a922a35e75bff7bebf7b9978 ] watchdog_stop() calls watchdog_update_worker() which needs a valid wdd->wd_data pointer. So, when unregistering the cdev, clear the pointers after we call watchdog_stop(), not before. Fixes: bb292ac1c602 ("watchdog: Introduce watchdog_stop_on_unregister helper") Signed-off-by: Wolfram Sang Reviewed-by: Fabrizio Castro Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck Signed-off-by: Wim Van Sebroeck Signed-off-by: Sasha Levin commit a9f36455edc1f99d6215c4790caeb46028204e58 Author: Miquel Raynal Date: Mon Oct 1 16:13:47 2018 +0200 irqchip/irq-mvebu-icu: Fix wrong private data retrieval [ Upstream commit 2b4dab69dcca13c5be2ddaf1337ae4accd087de6 ] The irq_domain structure has an host_data pointer that just stores private data. It is meant to not be touched by the IRQ core. However, when it comes to MSI, the MSI layer adds its own private data there with a structure that also has a host_data pointer. Because this IRQ domain is an MSI domain, to access private data we should do a d->host_data->host_data, also wrapped as 'platform_msi_get_host_data()'. This bug was lying there silently because the 'icu' structure retrieved this way was just called by dev_err(), only producing a '(NULL device *):' output on the console. Reviewed-by: Thomas Petazzoni Signed-off-by: Miquel Raynal Signed-off-by: Marc Zyngier Signed-off-by: Sasha Levin commit be4f5457a5fde737000efd278b3c8b2ae6bda732 Author: Andrew Zaborowski Date: Mon Sep 24 18:10:22 2018 +0200 nl80211: Fix a GET_KEY reply attribute [ Upstream commit efdfce7270de85a8706d1ea051bef3a7486809ff ] Use the NL80211_KEY_IDX attribute inside the NL80211_ATTR_KEY in NL80211_CMD_GET_KEY responses to comply with nl80211_key_policy. This is unlikely to affect existing userspace. Signed-off-by: Andrew Zaborowski Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin commit 21ba66937e0d08d9dbf08cd21e891665e502fc13 Author: Thinh Nguyen Date: Tue Sep 11 12:42:05 2018 -0700 usb: dwc3: gadget: Check ENBLSLPM before sending ep command [ Upstream commit 87dd96111b0bb8e616fcbd74dbf4bb4182f2c596 ] When operating in USB 2.0 speeds (HS/FS), if GUSB2PHYCFG.ENBLSLPM or GUSB2PHYCFG.SUSPHY is set, it must be cleared before issuing an endpoint command. Current implementation only save and restore GUSB2PHYCFG.SUSPHY configuration. We must save and clear both GUSB2PHYCFG.ENBLSLPM and GUSB2PHYCFG.SUSPHY settings. Restore them after the command is completed. DWC_usb3 3.30a and DWC_usb31 1.90a programming guide section 3.2.2 Signed-off-by: Thinh Nguyen Signed-off-by: Felipe Balbi Signed-off-by: Sasha Levin commit 639fce0bc8b5b3a760f7303739e217905a0b4848 Author: Jia-Ju Bai Date: Sat Sep 15 11:04:40 2018 +0800 usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() [ Upstream commit 2337a77c1cc86bc4e504ecf3799f947659c86026 ] The driver may sleep in an interrupt handler. The function call path (from bottom to top) in Linux-4.17 is: [FUNC] fotg210_ep_queue(GFP_KERNEL) drivers/usb/gadget/udc/fotg210-udc.c, 744: fotg210_ep_queue in fotg210_get_status drivers/usb/gadget/udc/fotg210-udc.c, 768: fotg210_get_status in fotg210_setup_packet drivers/usb/gadget/udc/fotg210-udc.c, 949: fotg210_setup_packet in fotg210_irq (interrupt handler) To fix this bug, GFP_KERNEL is replaced with GFP_ATOMIC. If possible, spin_unlock() and spin_lock() around fotg210_ep_queue() can be also removed. This bug is found by my static analysis tool DSAC. Signed-off-by: Jia-Ju Bai Signed-off-by: Felipe Balbi Signed-off-by: Sasha Levin commit f22a4d8cf0493116624137b15bf3046e4666be6b Author: Vakul Garg Date: Fri Sep 28 21:48:08 2018 +0530 selftests/tls: Fix recv(MSG_PEEK) & splice() test cases [ Upstream commit 0ed3015c9964dab7a1693b3e40650f329c16691e ] TLS test cases splice_from_pipe, send_and_splice & recv_peek_multiple_records expect to receive a given nummber of bytes and then compare them against the number of bytes which were sent. Therefore, system call recv() must not return before receiving the requested number of bytes, otherwise the subsequent memcmp() fails. This patch passes MSG_WAITALL flag to recv() so that it does not return prematurely before requested number of bytes are copied to receive buffer. Signed-off-by: Vakul Garg Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 475398b7298443d431475318bd36bd7100a3d0da Author: Simon Wunderlich Date: Mon Oct 1 17:26:59 2018 +0300 ath9k: fix reporting calculated new FFT upper max [ Upstream commit 4fb5837ac2bd46a85620b297002c704e9958f64d ] Since the debug print code is outside of the loop, it shouldn't use the loop iterator anymore but instead print the found maximum index. Cc: Nick Kossifidis Signed-off-by: Simon Wunderlich Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit f6ec4fccbf9ac23feea3ae85470d9083c5a04663 Author: Vincent Donnefort Date: Mon Sep 3 09:02:07 2018 +0900 PM / devfreq: stopping the governor before device_unregister() [ Upstream commit 2f061fd0c2d852e32e03a903fccd810663c5c31e ] device_release() is freeing the resources before calling the device specific release callback which is, in the case of devfreq, stopping the governor. It is a problem as some governors are using the device resources. e.g. simpleondemand which is using the devfreq deferrable monitoring work. If it is not stopped before the resources are freed, it might lead to a use after free. Signed-off-by: Vincent Donnefort Reviewed-by: John Einar Reitan [cw00.choi: Fix merge conflict] Reviewed-by: Chanwoo Choi Signed-off-by: MyungJoo Ham Signed-off-by: Sasha Levin commit fc491a1e77be398b53a264c6d9956c83fcabc46e Author: Matthias Kaehlcke Date: Fri Aug 3 13:05:09 2018 -0700 PM / devfreq: Fix handling of min/max_freq == 0 [ Upstream commit df5cf4a36178c5d4f2b8b9469cb2f722e64cd102 ] Commit ab8f58ad72c4 ("PM / devfreq: Set min/max_freq when adding the devfreq device") initializes df->min/max_freq with the min/max OPP when the device is added. Later commit f1d981eaecf8 ("PM / devfreq: Use the available min/max frequency") adds df->scaling_min/max_freq and the following to the frequency adjustment code: max_freq = MIN(devfreq->scaling_max_freq, devfreq->max_freq); With the current handling of min/max_freq this is incorrect: Even though df->max_freq is now initialized to a value != 0 user space can still set it to 0, in this case max_freq would be 0 instead of df->scaling_max_freq as intended. In consequence the frequency adjustment is not performed: if (max_freq && freq > max_freq) { freq = max_freq; To fix this set df->min/max freq to the min/max OPP in max/max_freq_store, when the user passes a value of 0. This also prevents df->max_freq from being set below the min OPP when df->min_freq is 0, and similar for min_freq. Since it is now guaranteed that df->min/max_freq can't be 0 the checks for this case can be removed. Fixes: f1d981eaecf8 ("PM / devfreq: Use the available min/max frequency") Signed-off-by: Matthias Kaehlcke Reviewed-by: Brian Norris Reviewed-by: Chanwoo Choi Signed-off-by: MyungJoo Ham Signed-off-by: Sasha Levin commit b5add975c871a05a07a7ac81cd019a0057843661 Author: Enric Balletbo i Serra Date: Wed Jul 4 10:45:50 2018 +0200 PM / devfreq: Fix devfreq_add_device() when drivers are built as modules. [ Upstream commit 23c7b54ca1cd1797ef39169ab85e6d46f1c2d061 ] When the devfreq driver and the governor driver are built as modules, the call to devfreq_add_device() or governor_store() fails because the governor driver is not loaded at the time the devfreq driver loads. The devfreq driver has a build dependency on the governor but also should have a runtime dependency. We need to make sure that the governor driver is loaded before the devfreq driver. This patch fixes this bug by adding a try_then_request_governor() function. First tries to find the governor, and then, if it is not found, it requests the module and tries again. Fixes: 1b5c1be2c88e (PM / devfreq: map devfreq drivers to governor using name) Signed-off-by: Enric Balletbo i Serra Reviewed-by: Chanwoo Choi Signed-off-by: MyungJoo Ham Signed-off-by: Sasha Levin commit 5f5a8d36749fbeb32711a720a7e84193f0581592 Author: Florian Fainelli Date: Mon Oct 1 10:33:02 2018 -0700 ata: ahci_brcm: Allow using driver or DSL SoCs [ Upstream commit 7fb44929cb0e5cdcde143e1ca3ca57b5b8247db0 ] The Broadcom STB AHCI controller is the same as the one found on DSL SoCs, so we will utilize the same driver on these systems as well. Signed-off-by: Florian Fainelli Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 4cfcb5379a9c1c7bb2ed810abfd9fdec4701cf13 Author: Nathan Chancellor Date: Sat Sep 22 23:31:15 2018 -0700 rtlwifi: btcoex: Use proper enumerated types for Wi-Fi only interface [ Upstream commit 31138a827d1b3d6e4855bddb5a1e44e7b32309c0 ] Clang warns when one enumerated type is implicitly converted to another. drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c:1327:34: warning: implicit conversion from enumeration type 'enum btc_chip_interface' to different enumeration type 'enum wifionly_chip_interface' [-Wenum-conversion] wifionly_cfg->chip_interface = BTC_INTF_PCI; ~ ^~~~~~~~~~~~ drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c:1330:34: warning: implicit conversion from enumeration type 'enum btc_chip_interface' to different enumeration type 'enum wifionly_chip_interface' [-Wenum-conversion] wifionly_cfg->chip_interface = BTC_INTF_USB; ~ ^~~~~~~~~~~~ drivers/net/wireless/realtek/rtlwifi/btcoexist/halbtcoutsrc.c:1333:34: warning: implicit conversion from enumeration type 'enum btc_chip_interface' to different enumeration type 'enum wifionly_chip_interface' [-Wenum-conversion] wifionly_cfg->chip_interface = BTC_INTF_UNKNOWN; ~ ^~~~~~~~~~~~~~~~ 3 warnings generated. Use the values from the correct enumerated type, wifionly_chip_interface. BTC_INTF_UNKNOWN = WIFIONLY_INTF_UNKNOWN = 0 BTC_INTF_PCI = WIFIONLY_INTF_PCI = 1 BTC_INTF_USB = WIFIONLY_INTF_USB = 2 Link: https://github.com/ClangBuiltLinux/linux/issues/135 Signed-off-by: Nathan Chancellor Acked-by: Ping-Ke Shih Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit e5895e41aeb39d85fdf19e797ae24b5401c530cd Author: Ben Greear Date: Thu Sep 6 19:46:20 2018 +0300 ath10k: fix vdev-start timeout on error [ Upstream commit 833fd34d743c728afe6d127ef7bee67e7d9199a8 ] The vdev-start-response message should cause the completion to fire, even in the error case. Otherwise, the user still gets no useful information and everything is blocked until the timeout period. Add some warning text to print out the invalid status code to aid debugging, and propagate failure code. Signed-off-by: Ben Greear Signed-off-by: Kalle Valo Signed-off-by: Sasha Levin commit 06cb99e6399d5a0467009a8495dfa71ea6fb6d85 Author: Anshuman Khandual Date: Sat Sep 22 21:09:55 2018 +0530 arm64/numa: Report correct memblock range for the dummy node [ Upstream commit 77cfe950901e5c13aca2df6437a05f39dd9a929b ] The dummy node ID is marked into all memory ranges on the system. So the dummy node really extends the entire memblock.memory. Hence report correct extent information for the dummy node using memblock range helper functions instead of the range [0LLU, PFN_PHYS(max_pfn) - 1)]. Fixes: 1a2db30034 ("arm64, numa: Add NUMA support for arm64 platforms") Acked-by: Punit Agrawal Signed-off-by: Anshuman Khandual Signed-off-by: Catalin Marinas Signed-off-by: Sasha Levin commit 256a29480733bf5e1a26e779ea8982a8fe7986e5 Author: Suzuki K Poulose Date: Wed Sep 26 17:32:37 2018 +0100 kvm: arm/arm64: Fix stage2_flush_memslot for 4 level page table [ Upstream commit d2db7773ba864df6b4e19643dfc54838550d8049 ] So far we have only supported 3 level page table with fixed IPA of 40bits, where PUD is folded. With 4 level page tables, we need to check if the PUD entry is valid or not. Fix stage2_flush_memslot() to do this check, before walking down the table. Acked-by: Christoffer Dall Acked-by: Marc Zyngier Reviewed-by: Eric Auger Signed-off-by: Suzuki K Poulose Signed-off-by: Marc Zyngier Signed-off-by: Sasha Levin commit bae080e72e92a39dc77e1649be51632337f3a958 Author: Zhen Lei Date: Sun Aug 19 15:51:10 2018 +0800 iommu/arm-smmu-v3: Fix unexpected CMD_SYNC timeout [ Upstream commit 0f02477d16980938a84aba8688a4e3a303306116 ] The condition break condition of: (int)(VAL - sync_idx) >= 0 in the __arm_smmu_sync_poll_msi() polling loop requires that sync_idx must be increased monotonically according to the sequence of the CMDs in the cmdq. However, since the msidata is populated using atomic_inc_return_relaxed() before taking the command-queue spinlock, then the following scenario can occur: CPU0 CPU1 msidata=0 msidata=1 insert cmd1 insert cmd0 smmu execute cmd1 smmu execute cmd0 poll timeout, because msidata=1 is overridden by cmd0, that means VAL=0, sync_idx=1. This is not a functional problem, since the caller will eventually either timeout or exit due to another CMD_SYNC, however it's clearly not what the code is supposed to be doing. Fix it, by incrementing the sequence count with the command-queue lock held, allowing us to drop the atomic operations altogether. Signed-off-by: Zhen Lei [will: dropped the specialised cmd building routine for now] Signed-off-by: Will Deacon Signed-off-by: Sasha Levin commit 2bab3df8f506615b6903979573a35ad5740fed65 Author: Robin Murphy Date: Thu Sep 6 17:59:50 2018 +0100 iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() [ Upstream commit 85c7a0f1ef624ef58173ef52ea77780257bdfe04 ] In removing the pagetable-wide lock, we gained the possibility of the vanishingly unlikely case where we have a race between two concurrent unmappers splitting the same block entry. The logic to handle this is fairly straightforward - whoever loses the race frees their partial next-level table and instead dereferences the winner's newly-installed entry in order to fall back to a regular unmap, which intentionally echoes the pre-existing case of recursively splitting a 1GB block down to 4KB pages by installing a full table of 2MB blocks first. Unfortunately, the chump who implemented that logic failed to update the condition check for that fallback, meaning that if said race occurs at the last level (where the loser's unmap_idx is valid) then the unmap won't actually happen. Fix that to properly account for both the race and recursive cases. Fixes: 2c3d273eabe8 ("iommu/io-pgtable-arm: Support lockless operation") Signed-off-by: Robin Murphy [will: re-jig control flow to avoid duplicate cmpxchg test] Signed-off-by: Will Deacon Signed-off-by: Sasha Levin commit 741a445a88e4aab3f876cd47527f72bef2c2ff09 Author: Felix Fietkau Date: Sat Sep 29 13:13:09 2018 +0200 mt76: fix handling ps-poll frames [ Upstream commit 36d910960fae3f9e74bedf3e0ef39ee26bdaa51f ] Hardware station lookup for pspoll frames can fail, which makes the driver ignore ps-poll frames. Fix the resulting powersave issues by looking up the station for pspoll frames in software Signed-off-by: Felix Fietkau Signed-off-by: Sasha Levin commit ddb4299f1d78a258254ead08c97d397665c94c2f Author: Felix Fietkau Date: Wed Sep 26 21:37:38 2018 +0200 mt76x2: disable WLAN core before probe [ Upstream commit 62e04f8a31fcc375c978b7f83b4229a10c3e746d ] If the WLAN core is still active during initialization, it might cause the MCU or DMA to hang. This can happen during soft reboot, so disable the core + clock early to avoid this issue. Signed-off-by: Felix Fietkau Signed-off-by: Sasha Levin commit b14825a5c652fbf9a825de43ddee3fd3be53ac94 Author: Lorenzo Bianconi Date: Fri Sep 21 15:57:50 2018 +0200 mt76x2: fix tx power configuration for VHT mcs 9 [ Upstream commit 60b6645ef1a9239a02c70adeae136298395d145a ] Fix tx power configuration for VHT 1SS/STBC mcs 9 since in MT_TX_PWR_CFG_{8,9} mcs 8,9 bits are GENMASK(21,16) and GENMASK(29,24) while GENMASK(15,6) are marked as reserved Fixes: 7bc04215a66b ("mt76: add driver code for MT76x2e") Signed-off-by: Lorenzo Bianconi Signed-off-by: Felix Fietkau Signed-off-by: Sasha Levin commit 449b9ae3504c425a615d2dc6452e33cd883e1bf5 Author: Dennis Dalessandro Date: Wed Sep 26 10:55:53 2018 -0700 IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds [ Upstream commit 3144533bf667c8e53bb20656b78295960073e57b ] The dlid assignment made by looking into the u_ucast_dlid array does not do an explicit check for the size of the array. The code path to arrive at def_port, the index value is long and complicated so its best to just have an explicit check here. Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit e0dee1c839e3bc66e8a5ca0316eec9ca742d7c02 Author: Michael J. Ruhl Date: Fri Sep 28 07:34:57 2018 -0700 IB/hfi1: Error path MAD response size is incorrect [ Upstream commit 935c84ac649a147e1aad2c48ee5c5a1a9176b2d0 ] If a MAD packet has incorrect header information, the logic uses the reply path to report the error. The reply path expects *resp_len to be set prior to return. Unfortunately, *resp_len is set to 0 for this path. This causes an incorrect response packet. Fix by ensuring that the *resp_len is defaulted to the incoming packet size (wc->bytes_len - sizeof(GRH)). Reviewed-by: Mike Marciniszyn Signed-off-by: Michael J. Ruhl Signed-off-by: Dennis Dalessandro Signed-off-by: Jason Gunthorpe Signed-off-by: Sasha Levin commit 8d93707e71958661198b643be9e0bf8e5b7415d0 Author: Jaegeuk Kim Date: Fri Sep 28 00:24:39 2018 -0700 f2fs: keep lazytime on remount [ Upstream commit 095680f24f2673d860fd1d3d2f54f40f330b4c63 ] This patch fixes losing lazytime when remounting f2fs. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Sasha Levin commit a5f7bf0379d35d95ac63c815e928ce110cc6a7cb Author: Hans de Goede Date: Sun Sep 23 15:58:11 2018 +0200 ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq [ Upstream commit 48402cee6889fb3fce58e95fea1471626286dc63 ] On some Cherry Trail systems the GPU ACPI fwnode has power-resources which point to the PMIC, which is connected over a LPSS I2C controller. We add a device-link to make sure that the I2C controller is resumed before the GPU is. But the pci-core changes the power-state of PCI devices from D3 to D0 at noirq time (to restore the PCI config registers) and before this commit we were bringing up the I2C controllers from a resume_early handler which runs later. More specifically the pm-core will first run all resume_noirq handlers in order and then all resume_early handlers. So we must not only make sure that the handlers are run in the right order, but also that the resume of the I2C controller is done at noirq time. The behavior before this commit, resuming the I2C controller from a resume_early handler leads to the following errors: i2c_designware 808622C1:06: controller timed out ACPI Error: AE_ERROR, Returned by Handler for [UserDefinedRegion] ACPI Error: Method parse/execution failed \_SB.P18W._ON, AE_ERROR video LNXVIDEO:00: Failed to change power state to D0 This commit changes the acpi_lpss.c code to resume the BYT/CHT I2C controllers at resume_noirq time fixing this. Tested-by: Jarkko Nikula Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki Signed-off-by: Sasha Levin commit aa39d53f2b89361127554d4fd7461d49ad38eed5 Author: Hans de Goede Date: Sun Sep 23 15:58:08 2018 +0200 ACPI / LPSS: Make acpi_lpss_find_device() also find PCI devices [ Upstream commit 1e30124ac60abc41d74793900f8b4034f29bcb3d ] On some Cherry Trail systems the GPU ACPI fwnode has power-resources which point to the PMIC, which is connected over one of the LPSS I2C controllers. To get the suspend/resume ordering correct for this we need to be able to add device-links between the GPU and the I2c controller. The GPU is a PCI device, so this requires acpi_lpss_find_device() to also work on PCI devs. Tested-by: Jarkko Nikula Signed-off-by: Hans de Goede Reviewed-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki Signed-off-by: Sasha Levin commit 9372a40b54d0e7cf535beb4d9fd93b417d33bf72 Author: Trond Myklebust Date: Sat Sep 8 22:09:48 2018 -0400 SUNRPC: Fix priority queue fairness [ Upstream commit f42f7c283078ce3c1e8368b140e270755b1ae313 ] Fix up the priority queue to not batch by owner, but by queue, so that we allow '1 << priority' elements to be dequeued before switching to the next priority queue. The owner field is still used to wake up requests in round robin order by owner to avoid single processes hogging the RPC layer by loading the queues. Signed-off-by: Trond Myklebust Signed-off-by: Sasha Levin commit 43876b1ce42be40179068aeff2a5aac0b21b16fe Author: Yuchung Cheng Date: Thu Sep 27 11:21:19 2018 -0700 tcp: up initial rmem to 128KB and SYN rwin to around 64KB [ Upstream commit a337531b942bd8a03e7052444d7e36972aac2d92 ] Previously TCP initial receive buffer is ~87KB by default and the initial receive window is ~29KB (20 MSS). This patch changes the two numbers to 128KB and ~64KB (rounding down to the multiples of MSS) respectively. The patch also simplifies the calculations s.t. the two numbers are directly controlled by sysctl tcp_rmem[1]: 1) Initial receiver buffer budget (sk_rcvbuf): while this should be configured via sysctl tcp_rmem[1], previously tcp_fixup_rcvbuf() always override and set a larger size when a new connection establishes. 2) Initial receive window in SYN: previously it is set to 20 packets if MSS <= 1460. The number 20 was based on the initial congestion window of 10: the receiver needs twice amount to avoid being limited by the receive window upon out-of-order delivery in the first window burst. But since this only applies if the receiving MSS <= 1460, connection using large MTU (e.g. to utilize receiver zero-copy) may be limited by the receive window. With this patch TCP memory configuration is more straight-forward and more properly sized to modern high-speed networks by default. Several popular stacks have been announcing 64KB rwin in SYNs as well. Signed-off-by: Yuchung Cheng Signed-off-by: Wei Wang Signed-off-by: Neal Cardwell Signed-off-by: Eric Dumazet Reviewed-by: Soheil Hassas Yeganeh Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit d2cacb6ac4ff8a66a083b73dc261307f280d02f7 Author: Chen-Yu Tsai Date: Thu Aug 30 16:09:24 2018 +0800 ARM: dts: sun8i: h3: bpi-m2-plus: Fix address for external RGMII Ethernet PHY [ Upstream commit db9fd9d13e30fc67737ac9893a82e6b095e85a64 ] The external RTL8211E RGMII Ethernet PHY is configured via external resistors to use the address 0x1. The 0x0 address is a broadcast address for this family of PHYs, and should not be used explicitly. Fixes: 8c7ba536e709 ("ARM: sun8i: bananapi-m2-plus: Enable dwmac-sun8i") Fixes: 4904337fe34f ("ARM: dts: sunxi: Restore EMAC changes (boards)") Acked-by: Maxime Ripard Signed-off-by: Chen-Yu Tsai Signed-off-by: Sasha Levin commit ed220d3dcc791aaab64e3a2e3b3518a1d34f8b9a Author: Philipp Rossak Date: Wed Aug 1 11:48:01 2018 +0200 ARM: dts: sun8i: h3-h5: ir register size should be the whole memory block [ Upstream commit 6c700289a3e84d5d3f2a95cf27732a7f7fce105b ] The size of the register should be the size of the whole memory block, not just the registers, that are needed. Signed-off-by: Philipp Rossak Acked-by: Maxime Ripard Signed-off-by: Chen-Yu Tsai Signed-off-by: Sasha Levin commit ac02379889e2d8f8540bd3f22bfcb2d20b3d9b08 Author: Jaegeuk Kim Date: Tue Sep 25 15:25:21 2018 -0700 f2fs: return correct errno in f2fs_gc [ Upstream commit 61f7725aa148ee870436a29d3a24d5c00ab7e9af ] This fixes overriding error number in f2fs_gc. Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Sasha Levin commit 7cbac9d598a795a361c7df913c56597a6c58e5d8 Author: Huazhong Tan Date: Wed Sep 26 19:28:40 2018 +0100 net: hns3: Fix loss of coal configuration while doing reset [ Upstream commit e4fd75022c24eb28cc1034e97e60cecc24f325f3 ] The user's coal configuration will be lost after reset, so the tx_coal and rx_coal fields are added to the struct hns_nic_priv to save the coal configuration and used to restore the user's configuration after the reset is complete. Fixes: bb6b94a896d4 ("net: hns3: Add reset interface implementation in client") Signed-off-by: Huazhong Tan Signed-off-by: Yunsheng Lin Signed-off-by: Salil Mehta Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit af98283da9e92d672d4a5f0208f40aa55d95c20c Author: Yunsheng Lin Date: Wed Sep 26 19:28:37 2018 +0100 net: hns3: Fix for netdev not up problem when setting mtu [ Upstream commit 93d8daf460183871a965dae339839d9e35d44309 ] Currently hns3_nic_change_mtu will try to down the netdev before setting mtu, and it does not up the netdev when the setting fails, which causes netdev not up problem. This patch fixes it by not returning when the setting fails. Fixes: a8e8b7ff3517 ("net: hns3: Add support to change MTU in HNS3 hardware") Signed-off-by: Yunsheng Lin Signed-off-by: Peng Li Signed-off-by: Salil Mehta Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 7a1f314e3c804a8d4eeb456fdc17095a6d26f420 Author: H. Nikolaus Schaller Date: Fri Sep 28 17:54:00 2018 +0200 ARM: dts: omap5: enable OTG role for DWC3 controller [ Upstream commit 656c1a65ab555ee5c7cd0d6aee8ab82ca3c1795f ] Since SMPS10 and OTG cable detection extcon are described here, and work to enable OTG power when an OTG cable is plugged in, we can define OTG mode in the controller (which is disabled by default in omap5.dtsi). Tested on OMAP5EVM and Pyra. Suggested-by: Roger Quadros Signed-off-by: H. Nikolaus Schaller Signed-off-by: Tony Lindgren Signed-off-by: Sasha Levin commit 789d29044793f1cc83dfbefe8f9e1d96b989a73c Author: Vignesh R Date: Fri Sep 28 11:34:42 2018 +0530 ARM: dts: dra7: Enable workaround for errata i870 in PCIe host mode [ Upstream commit b830526f304764753fcb8b4a563a94080e982a6c ] Add ti,syscon-unaligned-access property to PCIe RC nodes to set appropriate bits in CTRL_CORE_SMA_SW_7 register to enable workaround for errata i870. Signed-off-by: Vignesh R Signed-off-by: Tony Lindgren Signed-off-by: Sasha Levin commit 6d286faeee74f5145895dc15f2e37012fb603382 Author: YueHaibing Date: Wed Sep 26 17:18:14 2018 +0800 net: xen-netback: fix return type of ndo_start_xmit function [ Upstream commit a9ca7f17c6d240e269a24cbcd76abf9a940309dd ] The method ndo_start_xmit() is defined as returning an 'netdev_tx_t', which is a typedef for an enum type, so make sure the implementation in this driver has returns 'netdev_tx_t' value, and change the function return type to netdev_tx_t. Found by coccinelle. Signed-off-by: YueHaibing Acked-by: Wei Liu Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit c234566f1ea088d82a1bb997f075848bc5a1c2de Author: YueHaibing Date: Wed Sep 26 17:15:38 2018 +0800 net: ovs: fix return type of ndo_start_xmit function [ Upstream commit eddf11e18dff0e8671e06ce54e64cfc843303ab9 ] The method ndo_start_xmit() is defined as returning an 'netdev_tx_t', which is a typedef for an enum type, so make sure the implementation in this driver has returns 'netdev_tx_t' value, and change the function return type to netdev_tx_t. Found by coccinelle. Signed-off-by: YueHaibing Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit d51d9605888d6a9fddec1676dda734a9737e65d6 Author: Wang YanQing Date: Sat Apr 27 16:28:26 2019 +0800 bpf, x32: Fix bug for BPF_JMP | {BPF_JSGT, BPF_JSLE, BPF_JSLT, BPF_JSGE} commit 711aef1bbf88212a21f7103e88f397b47a528805 upstream. The current method to compare 64-bit numbers for conditional jump is: 1) Compare the high 32-bit first. 2) If the high 32-bit isn't the same, then goto step 4. 3) Compare the low 32-bit. 4) Check the desired condition. This method is right for unsigned comparison, but it is buggy for signed comparison, because it does signed comparison for low 32-bit too. There is only one sign bit in 64-bit number, that is the MSB in the 64-bit number, it is wrong to treat low 32-bit as signed number and do the signed comparison for it. This patch fixes the bug and adds a testcase in selftests/bpf for such bug. Link: https://bugzilla.kernel.org/show_bug.cgi?id=205469 Reported-by: Tony Ambardar Cc: Tony Ambardar Cc: stable@vger.kernel.org #v4.19 Signed-off-by: Wang YanQing Signed-off-by: Daniel Borkmann Signed-off-by: Greg Kroah-Hartman commit f3c40792cf4be25622a90053a2e9ea4a2dde0a82 Author: Luke Nelson Date: Fri Jun 28 22:57:50 2019 -0700 bpf, x32: Fix bug with ALU64 {LSH, RSH, ARSH} BPF_K shift by 0 commit 6fa632e719eec4d1b1ebf3ddc0b2d667997b057b upstream. The current x32 BPF JIT does not correctly compile shift operations when the immediate shift amount is 0. The expected behavior is for this to be a no-op. The following program demonstrates the bug. The expexceted result is 1, but the current JITed code returns 2. r0 = 1 r1 = 1 r1 <<= 0 if r1 == 1 goto end r0 = 2 end: exit This patch simplifies the code and fixes the bug. Fixes: 03f5781be2c7 ("bpf, x86_32: add eBPF JIT compiler for ia32") Co-developed-by: Xi Wang Signed-off-by: Xi Wang Signed-off-by: Luke Nelson Signed-off-by: Daniel Borkmann Signed-off-by: Wang YanQing Signed-off-by: Greg Kroah-Hartman commit a085f797449e5b9d260cdca4959da61a30940f0e Author: Luke Nelson Date: Fri Jun 28 22:57:49 2019 -0700 bpf, x32: Fix bug with ALU64 {LSH, RSH, ARSH} BPF_X shift by 0 commit 68a8357ec15bdce55266e9fba8b8b3b8143fa7d2 upstream. The current x32 BPF JIT for shift operations is not correct when the shift amount in a register is 0. The expected behavior is a no-op, whereas the current implementation changes bits in the destination register. The following example demonstrates the bug. The expected result of this program is 1, but the current JITed code returns 2. r0 = 1 r1 = 1 r2 = 0 r1 <<= r2 if r1 == 1 goto end r0 = 2 end: exit The bug is caused by an incorrect assumption by the JIT that a shift by 32 clear the register. On x32 however, shifts use the lower 5 bits of the source, making a shift by 32 equivalent to a shift by 0. This patch fixes the bug using double-precision shifts, which also simplifies the code. Fixes: 03f5781be2c7 ("bpf, x86_32: add eBPF JIT compiler for ia32") Co-developed-by: Xi Wang Signed-off-by: Xi Wang Signed-off-by: Luke Nelson Signed-off-by: Daniel Borkmann Signed-off-by: Wang YanQing Signed-off-by: Greg Kroah-Hartman commit 860a7d18b9e626d496522e73f60f50a770c089dd Author: Wang YanQing Date: Sun Apr 28 10:33:02 2019 +0800 bpf, x32: Fix bug for BPF_ALU64 | BPF_NEG commit b9aa0b35d878dff9ed19f94101fe353a4de00cc4 upstream. The current implementation has two errors: 1: The second xor instruction will clear carry flag which is necessary for following sbb instruction. 2: The select coding for sbb instruction is wrong, the coding is "sbb dreg_hi,ecx", but what we need is "sbb ecx,dreg_hi". This patch rewrites the implementation and fixes the errors. This patch fixes below errors reported by bpf/test_verifier in x32 platform when the jit is enabled: " 0: (b4) w1 = 4 1: (b4) w2 = 4 2: (1f) r2 -= r1 3: (4f) r2 |= r1 4: (87) r2 = -r2 5: (c7) r2 s>>= 63 6: (5f) r1 &= r2 7: (bf) r0 = r1 8: (95) exit processed 9 insns (limit 131072), stack depth 0 0: (b4) w1 = 4 1: (b4) w2 = 4 2: (1f) r2 -= r1 3: (4f) r2 |= r1 4: (87) r2 = -r2 5: (c7) r2 s>>= 63 6: (5f) r1 &= r2 7: (bf) r0 = r1 8: (95) exit processed 9 insns (limit 131072), stack depth 0 ...... Summary: 1189 PASSED, 125 SKIPPED, 15 FAILED " Signed-off-by: Wang YanQing Signed-off-by: Daniel Borkmann Signed-off-by: Greg Kroah-Hartman commit 03543b9c5573188f86f3aab0173f4c5f010892a8 Author: Daniel Vetter Date: Sun Jul 21 22:19:56 2019 +0200 fbdev: Ditch fb_edid_add_monspecs commit 3b8720e63f4a1fc6f422a49ecbaa3b59c86d5aaf upstream. It's dead code ever since commit 34280340b1dc74c521e636f45cd728f9abf56ee2 Author: Geert Uytterhoeven Date: Fri Dec 4 17:01:43 2015 +0100 fbdev: Remove unused SH-Mobile HDMI driver Also with this gone we can remove the cea_modes db. This entire thing is massively incomplete anyway, compared to the CEA parsing that drm_edid.c does. Acked-by: Linus Torvalds Cc: Tavis Ormandy Signed-off-by: Daniel Vetter Signed-off-by: Bartlomiej Zolnierkiewicz Link: https://patchwork.freedesktop.org/patch/msgid/20190721201956.941-1-daniel.vetter@ffwll.ch Signed-off-by: Greg Kroah-Hartman commit 703662598b9cde76526bb354b7167d40555f954c Author: Pavel Tatashin Date: Tue Nov 19 17:10:06 2019 -0500 arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault commit 94bb804e1e6f0a9a77acf20d7c70ea141c6c821e upstream. A number of our uaccess routines ('__arch_clear_user()' and '__arch_copy_{in,from,to}_user()') fail to re-enable PAN if they encounter an unhandled fault whilst accessing userspace. For CPUs implementing both hardware PAN and UAO, this bug has no effect when both extensions are in use by the kernel. For CPUs implementing hardware PAN but not UAO, this means that a kernel using hardware PAN may execute portions of code with PAN inadvertently disabled, opening us up to potential security vulnerabilities that rely on userspace access from within the kernel which would usually be prevented by this mechanism. In other words, parts of the kernel run the same way as they would on a CPU without PAN implemented/emulated at all. For CPUs not implementing hardware PAN and instead relying on software emulation via 'CONFIG_ARM64_SW_TTBR0_PAN=y', the impact is unfortunately much worse. Calling 'schedule()' with software PAN disabled means that the next task will execute in the kernel using the page-table and ASID of the previous process even after 'switch_mm()', since the actual hardware switch is deferred until return to userspace. At this point, or if there is a intermediate call to 'uaccess_enable()', the page-table and ASID of the new process are installed. Sadly, due to the changes introduced by KPTI, this is not an atomic operation and there is a very small window (two instructions) where the CPU is configured with the page-table of the old task and the ASID of the new task; a speculative access in this state is disastrous because it would corrupt the TLB entries for the new task with mappings from the previous address space. As Pavel explains: | I was able to reproduce memory corruption problem on Broadcom's SoC | ARMv8-A like this: | | Enable software perf-events with PERF_SAMPLE_CALLCHAIN so userland's | stack is accessed and copied. | | The test program performed the following on every CPU and forking | many processes: | | unsigned long *map = mmap(NULL, PAGE_SIZE, PROT_READ|PROT_WRITE, | MAP_SHARED | MAP_ANONYMOUS, -1, 0); | map[0] = getpid(); | sched_yield(); | if (map[0] != getpid()) { | fprintf(stderr, "Corruption detected!"); | } | munmap(map, PAGE_SIZE); | | From time to time I was getting map[0] to contain pid for a | different process. Ensure that PAN is re-enabled when returning after an unhandled user fault from our uaccess routines. Cc: Catalin Marinas Reviewed-by: Mark Rutland Tested-by: Mark Rutland Cc: Fixes: 338d4f49d6f7 ("arm64: kernel: Add support for Privileged Access Never") Signed-off-by: Pavel Tatashin [will: rewrote commit message] Signed-off-by: Will Deacon Signed-off-by: Greg Kroah-Hartman commit f8b09a043685add642ce395cfef8b0cfd31330eb Author: David Hildenbrand Date: Tue Nov 5 21:17:10 2019 -0800 mm/memory_hotplug: fix updating the node span commit 656d571193262a11c2daa4012e53e4d645bbce56 upstream. We recently started updating the node span based on the zone span to avoid touching uninitialized memmaps. Currently, we will always detect the node span to start at 0, meaning a node can easily span too many pages. pgdat_is_empty() will still work correctly if all zones span no pages. We should skip over all zones without spanned pages and properly handle the first detected zone that spans pages. Unfortunately, in contrast to the zone span (/proc/zoneinfo), the node span cannot easily be inspected and tested. The node span gives no real guarantees when an architecture supports memory hotplug, meaning it can easily contain holes or span pages of different nodes. The node span is not really used after init on architectures that support memory hotplug. E.g., we use it in mm/memory_hotplug.c:try_offline_node() and in mm/kmemleak.c:kmemleak_scan(). These users seem to be fine. Link: http://lkml.kernel.org/r/20191027222714.5313-1-david@redhat.com Fixes: 00d6c019b5bc ("mm/memory_hotplug: don't access uninitialized memmaps in shrink_pgdat_span()") Signed-off-by: David Hildenbrand Cc: Michal Hocko Cc: Oscar Salvador Cc: Stephen Rothwell Cc: Dan Williams Cc: Pavel Tatashin Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 6631def3ee38af01b3b87732ba88ec5be2d86c9f Author: David Hildenbrand Date: Fri Oct 18 20:19:33 2019 -0700 mm/memory_hotplug: don't access uninitialized memmaps in shrink_pgdat_span() commit 00d6c019b5bc175cee3770e0e659f2b5f4804ea5 upstream. We might use the nid of memmaps that were never initialized. For example, if the memmap was poisoned, we will crash the kernel in pfn_to_nid() right now. Let's use the calculated boundaries of the separate zones instead. This now also avoids having to iterate over a whole bunch of subsections again, after shrinking one zone. Before commit d0dc12e86b31 ("mm/memory_hotplug: optimize memory hotplug"), the memmap was initialized to 0 and the node was set to the right value. After that commit, the node might be garbage. We'll have to fix shrink_zone_span() next. Link: http://lkml.kernel.org/r/20191006085646.5768-4-david@redhat.com Fixes: f1dd2cd13c4b ("mm, memory_hotplug: do not associate hotadded memory to zones until online") [d0dc12e86b319] Signed-off-by: David Hildenbrand Reported-by: Aneesh Kumar K.V Cc: Oscar Salvador Cc: David Hildenbrand Cc: Michal Hocko Cc: Pavel Tatashin Cc: Dan Williams Cc: Wei Yang Cc: Alexander Duyck Cc: Alexander Potapenko Cc: Andy Lutomirski Cc: Anshuman Khandual Cc: Benjamin Herrenschmidt Cc: Borislav Petkov Cc: Catalin Marinas Cc: Christian Borntraeger Cc: Christophe Leroy Cc: Damian Tometzki Cc: Dave Hansen Cc: Fenghua Yu Cc: Gerald Schaefer Cc: Greg Kroah-Hartman Cc: Halil Pasic Cc: Heiko Carstens Cc: "H. Peter Anvin" Cc: Ingo Molnar Cc: Ira Weiny Cc: Jason Gunthorpe Cc: Jun Yao Cc: Logan Gunthorpe Cc: Mark Rutland Cc: Masahiro Yamada Cc: "Matthew Wilcox (Oracle)" Cc: Mel Gorman Cc: Michael Ellerman Cc: Mike Rapoport Cc: Pankaj Gupta Cc: Paul Mackerras Cc: Pavel Tatashin Cc: Peter Zijlstra Cc: Qian Cai Cc: Rich Felker Cc: Robin Murphy Cc: Steve Capper Cc: Thomas Gleixner Cc: Tom Lendacky Cc: Tony Luck Cc: Vasily Gorbik Cc: Vlastimil Babka Cc: Wei Yang Cc: Will Deacon Cc: Yoshinori Sato Cc: Yu Zhao Cc: [4.13+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit a16a3669273b4331fe5a0e4c7058c6e8df9d30b7 Author: Matthew Wilcox (Oracle) Date: Tue May 14 16:05:45 2019 -0400 idr: Fix idr_get_next race with idr_remove commit 5c089fd0c73411f2170ab795c9ffc16718c7d007 upstream. If the entry is deleted from the IDR between the call to radix_tree_iter_find() and rcu_dereference_raw(), idr_get_next() will return NULL, which will end the iteration prematurely. We should instead continue to the next entry in the IDR. This only happens if the iteration is protected by the RCU lock. Most IDR users use a spinlock or semaphore to exclude simultaneous modifications. It was noticed once the PID allocator was converted to use the IDR, as it uses the RCU lock, but there may be other users elsewhere in the kernel. We can't use the normal pattern of calling radix_tree_deref_retry() (which catches both a retry entry in a leaf node and a node entry in the root) as the IDR supports storing entries which are unaligned, which will trigger an infinite loop if they are encountered. Instead, we have to explicitly check whether the entry is a retry entry. Fixes: 0a835c4f090a ("Reimplement IDR and IDA using the radix tree") Reported-by: Brendan Gregg Tested-by: Brendan Gregg Signed-off-by: Matthew Wilcox (Oracle) Signed-off-by: Greg Kroah-Hartman commit 4c62337d8f1727f5005e41a141fe42c0154c21f9 Author: Dan Carpenter Date: Wed Nov 13 21:28:31 2019 +0300 net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() commit a56dcc6b455830776899ce3686735f1172e12243 upstream. This code is supposed to test for negative error codes and partial reads, but because sizeof() is size_t (unsigned) type then negative error codes are type promoted to high positive values and the condition doesn't work as expected. Fixes: 332f989a3b00 ("CDC-NCM: handle incomplete transfer of MTU") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller Signed-off-by: Nobuhiro Iwamatsu Signed-off-by: Greg Kroah-Hartman commit 17a82bc67728e788d0f8fbe80db6645e463b2037 Author: Greg Kroah-Hartman Date: Thu Nov 21 14:49:19 2019 +0100 Revert "OPP: Protect dev_list with opp_table lock" This reverts commit 4c64ce947cfa447993efe005cbaad7ba31a91612 which is commit 3d2556992a878a2210d3be498416aee39e0c32aa upstream. Turns out to break the build on the odroid machines, so it needs to be reverted. Reported-by: Viresh Kumar Reported-by: "kernelci.org bot" Cc: Niklas Cassel Cc: Sasha Levin Signed-off-by: Greg Kroah-Hartman commit 4f4ab0b49cf2e85a9dd94fa1a34e782fba15c8e1 Author: Julia Lawall Date: Sat Feb 23 14:20:36 2019 +0100 tee: optee: add missing of_node_put after of_device_is_available commit c7c0d8df0b94a67377555a550b8d66ee2ad2f4ed upstream. Add an of_node_put when a tested device node is not available. The semantic patch that fixes this problem is as follows (http://coccinelle.lip6.fr): // @@ identifier f; local idexpression e; expression x; @@ e = f(...); ... when != of_node_put(e) when != x = e when != e = x when any if (<+...of_device_is_available(e)...+>) { ... when != of_node_put(e) ( return e; | + of_node_put(e); return ...; ) } // Fixes: db878f76b9ff ("tee: optee: take DT status property into account") Signed-off-by: Julia Lawall Signed-off-by: Jens Wiklander Cc: Nobuhiro Iwamatsu Signed-off-by: Greg Kroah-Hartman commit 2008d0e3d364ab6237bedf5c401afcde09826e8d Author: Hsin-Yi Wang Date: Fri Feb 15 17:02:02 2019 +0800 i2c: mediatek: modify threshold passed to i2c_get_dma_safe_msg_buf() commit bc1a7f75c85e226e82f183d30d75c357f92b6029 upstream. DMA with zero-length transfers doesn't make sense and this HW doesn't support them at all, so increase the threshold. Fixes: fc66b39fe36a ("i2c: mediatek: Use DMA safe buffers for i2c transactions") Signed-off-by: Hsin-Yi Wang [wsa: reworded commit message] Signed-off-by: Wolfram Sang Cc: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit 976e944e005f555e90d92e504a38f8231551925b Author: Leilk Liu Date: Wed Oct 31 16:49:16 2018 +0800 spi: mediatek: use correct mata->xfer_len when in fifo transfer commit a4d8f64f7267a88d4688f5c216926f5f6cafbae6 upstream. when xfer_len is greater than 64 bytes and use fifo mode to transfer, the actual length from the third time is mata->xfer_len but not len in mtk_spi_interrupt(). Signed-off-by: Leilk Liu Signed-off-by: Mark Brown Cc: Guenter Roeck Signed-off-by: Greg Kroah-Hartman