date:20180316

4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: Maarten Lankhorst 

commit d13a8479f3584613b6aacbb793eae64578b8f69a upstream.

intel_power_domains_init_hw() calls set_init_power, but when using
runtime power management this call is skipped. This prevents hw readout
from taking place.

Signed-off-by: Maarten Lankhorst 
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=104172
Link: 
https://patchwork.freedesktop.org/patch/msgid/20180116155324.75120-1-maarten.lankho...@linux.intel.com
Fixes: bc87229f323e ("drm/i915/skl: enable PC9/10 power states during 
suspend-to-idle")
Cc: Nivedita Swaminathan 
Cc: Imre Deak 
Cc: Patrik Jakobsson 
Cc: Jani Nikula 
Cc: Joonas Lahtinen 
Cc: Rodrigo Vivi 
Cc:  # v4.5+
Reviewed-by: Imre Deak 
(cherry picked from commit ac25dfed15d470d7f23dd817e965b54aa3f94a1e)
Signed-off-by: Rodrigo Vivi 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/gpu/drm/i915/i915_drv.c |2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/gpu/drm/i915/i915_drv.c
+++ b/drivers/gpu/drm/i915/i915_drv.c
@@ -1703,6 +1703,8 @@ static int i915_drm_resume_early(struct
if (IS_BROXTON(dev_priv) ||
!(dev_priv->suspended_to_idle && dev_priv->csr.dmc_payload))
intel_power_domains_init_hw(dev_priv, true);
+   else
+   intel_display_set_init_power(dev_priv, true);
 
enable_rpm_wakeref_asserts(dev_priv);

[PATCH 4.9 19/86] MIPS: OCTEON: irq: Check for null return on kzalloc allocation

4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: Colin Ian King 

commit 902f4d067a50ccf645a58dd5fb1d113b6e0f9b5b upstream.

The allocation of host_data is not null checked, leading to a null
pointer dereference if the allocation fails. Fix this by adding a null
check and return with -ENOMEM.

Fixes: 64b139f97c01 ("MIPS: OCTEON: irq: add CIB and other fixes")
Signed-off-by: Colin Ian King 
Acked-by: David Daney 
Cc: Ralf Baechle 
Cc: "Steven J. Hill" 
Cc: linux-m...@linux-mips.org
Cc:  # 4.0+
Patchwork: https://patchwork.linux-mips.org/patch/18658/
Signed-off-by: James Hogan 
Signed-off-by: Greg Kroah-Hartman 

---
 arch/mips/cavium-octeon/octeon-irq.c |2 ++
 1 file changed, 2 insertions(+)

--- a/arch/mips/cavium-octeon/octeon-irq.c
+++ b/arch/mips/cavium-octeon/octeon-irq.c
@@ -2277,6 +2277,8 @@ static int __init octeon_irq_init_cib(st
}
 
host_data = kzalloc(sizeof(*host_data), GFP_KERNEL);
+   if (!host_data)
+   return -ENOMEM;
raw_spin_lock_init(_data->lock);
 
addr = of_get_address(ciu_node, 0, NULL, NULL);

[PATCH 4.9 02/86] RDMA/ucma: Check that user doesnt overflow QP state

4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: Leon Romanovsky 

commit a5880b84430316e3e1c1f5d23aa32ec6000cc717 upstream.

The QP state is limited and declared in enum ib_qp_state,
but ucma user was able to supply any possible (u32) value.

Reported-by: syzbot+0df1ab766f8924b1e...@syzkaller.appspotmail.com
Fixes: 75216638572f ("RDMA/cma: Export rdma cm interface to userspace")
Signed-off-by: Leon Romanovsky 
Signed-off-by: Doug Ledford 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/infiniband/core/ucma.c |3 +++
 1 file changed, 3 insertions(+)

--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -1139,6 +1139,9 @@ static ssize_t ucma_init_qp_attr(struct
if (copy_from_user(, inbuf, sizeof(cmd)))
return -EFAULT;
 
+   if (cmd.qp_state > IB_QPS_ERR)
+   return -EINVAL;
+
ctx = ucma_get_ctx(file, cmd.id);
if (IS_ERR(ctx))
return PTR_ERR(ctx);

[PATCH 4.4 39/63] netfilter: bridge: ebt_among: add missing match size checks

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Florian Westphal 

commit c4585a2823edf4d1326da44d1524ecbfda26bb37 upstream.

ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.

Therefore it must check that the size of the match structure
provided from userspace is sane by making sure em->match_size
is at least the minimum size of the expected structure.

The module has such a check, but its only done after accessing
a structure that might be out of bounds.

tested with: ebtables -A INPUT ... \
--among-dst fe:fe:fe:fe:fe:fe
--among-dst fe:fe:fe:fe:fe:fe --among-src 
fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fb,fe:fe:fe:fe:fc:fd,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe
--among-src 
fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fa,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe,fe:fe:fe:fe:fe:fe

Reported-by: 
Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Greg Kroah-Hartman 

---
 net/bridge/netfilter/ebt_among.c |   21 +++--
 1 file changed, 19 insertions(+), 2 deletions(-)

--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -172,18 +172,35 @@ ebt_among_mt(const struct sk_buff *skb,
return true;
 }
 
+static bool poolsize_invalid(const struct ebt_mac_wormhash *w)
+{
+   return w && w->poolsize >= (INT_MAX / sizeof(struct 
ebt_mac_wormhash_tuple));
+}
+
 static int ebt_among_mt_check(const struct xt_mtchk_param *par)
 {
const struct ebt_among_info *info = par->matchinfo;
const struct ebt_entry_match *em =
container_of(par->matchinfo, const struct ebt_entry_match, 
data);
-   int expected_length = sizeof(struct ebt_among_info);
+   unsigned int expected_length = sizeof(struct ebt_among_info);
const struct ebt_mac_wormhash *wh_dst, *wh_src;
int err;
 
+   if (expected_length > em->match_size)
+   return -EINVAL;
+
wh_dst = ebt_among_wh_dst(info);
-   wh_src = ebt_among_wh_src(info);
+   if (poolsize_invalid(wh_dst))
+   return -EINVAL;
+
expected_length += ebt_mac_wormhash_size(wh_dst);
+   if (expected_length > em->match_size)
+   return -EINVAL;
+
+   wh_src = ebt_among_wh_src(info);
+   if (poolsize_invalid(wh_src))
+   return -EINVAL;
+
expected_length += ebt_mac_wormhash_size(wh_src);
 
if (em->match_size != EBT_ALIGN(expected_length)) {

Re: [PATCH v8 42/42] ARM: dts: da850: Add clocks

2018-03-16 Thread David Lechner


On 03/15/2018 09:52 PM, David Lechner wrote:

This adds clock provider nodes for da850 and wires them up to all of the
devices.

Signed-off-by: David Lechner 
---


...

This is the mcasp0: mcasp@10 node...


@@ -560,6 +720,7 @@
dmas = < 1 1>,
< 0 1>;
dma-names = "tx", "rx";
+   clocks = < 7>;


After some testing, it looks like it needs to be:

+   power-domains = < 7>;

instead of

+   clocks = < 7>;


};
  
  		lcdc: display@213000 {

[PATCH 4.4 48/63] NFS: Fix an incorrect type in struct nfs_direct_req

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Trond Myklebust 

commit d9ee65539d3eabd9ade46cca1780e3309ad0f907 upstream.

The start offset needs to be of type loff_t.

Fixed: 5fadeb47dcc5c ("nfs: count DIO good bytes correctly with mirroring")
Cc: sta...@vger.kernel.org # v4.0+
Signed-off-by: Trond Myklebust 
Signed-off-by: Greg Kroah-Hartman 

---
 fs/nfs/direct.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -86,9 +86,9 @@ struct nfs_direct_req {
struct nfs_direct_mirror mirrors[NFS_PAGEIO_DESCRIPTOR_MIRROR_MAX];
int mirror_count;
 
+   loff_t  io_start;   /* Start offset for I/O */
ssize_t count,  /* bytes actually processed */
bytes_left, /* bytes left to be sent */
-   io_start,   /* start of IO */
error;  /* any reported error */
struct completion   completion; /* wait for i/o completion */

[PATCH 4.4 59/63] USB: usbmon: remove assignment from IS_ERR argument

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Julia Lawall 

commit 46c236dc7d1212d7417e6fb0317f91c44c719322 upstream.

The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)

// 
@@
expression e1,e2;
statement S1,S2;
@@

+e1 = e2;
if (IS_ERR(
e1
-   = e2
   )) S1 else S2
// 

Signed-off-by: Julia Lawall 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/usb/mon/mon_text.c |6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/drivers/usb/mon/mon_text.c
+++ b/drivers/usb/mon/mon_text.c
@@ -386,7 +386,8 @@ static ssize_t mon_text_read_t(struct fi
struct mon_event_text *ep;
struct mon_text_ptr ptr;
 
-   if (IS_ERR(ep = mon_text_read_wait(rp, file)))
+   ep = mon_text_read_wait(rp, file);
+   if (IS_ERR(ep))
return PTR_ERR(ep);
mutex_lock(>printf_lock);
ptr.cnt = 0;
@@ -413,7 +414,8 @@ static ssize_t mon_text_read_u(struct fi
struct mon_event_text *ep;
struct mon_text_ptr ptr;
 
-   if (IS_ERR(ep = mon_text_read_wait(rp, file)))
+   ep = mon_text_read_wait(rp, file);
+   if (IS_ERR(ep))
return PTR_ERR(ep);
mutex_lock(>printf_lock);
ptr.cnt = 0;

[PATCH 4.4 58/63] usb: quirks: add control message delay for 1b1c:1b20

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Danilo Krummrich 

commit cb88a0588717ba6c756cb5972d75766b273a6817 upstream.

Corsair Strafe RGB keyboard does not respond to usb control messages
sometimes and hence generates timeouts.

Commit de3af5bf259d ("usb: quirks: add delay init quirk for Corsair
Strafe RGB keyboard") tried to fix those timeouts by adding
USB_QUIRK_DELAY_INIT.

Unfortunately, even with this quirk timeouts of usb_control_msg()
can still be seen, but with a lower frequency (approx. 1 out of 15):

[   29.103520] usb 1-8: string descriptor 0 read error: -110
[   34.363097] usb 1-8: can't set config #1, error -110

Adding further delays to different locations where usb control
messages are issued just moves the timeouts to other locations,
e.g.:

[   35.400533] usbhid 1-8:1.0: can't add hid device: -110
[   35.401014] usbhid: probe of 1-8:1.0 failed with error -110

The only way to reliably avoid those issues is having a pause after
each usb control message. In approx. 200 boot cycles no more timeouts
were seen.

Addionaly, keep USB_QUIRK_DELAY_INIT as it turned out to be necessary
to have the delay in hub_port_connect() after hub_port_init().

The overall boot time seems not to be influenced by these additional
delays, even on fast machines and lightweight distributions.

Fixes: de3af5bf259d ("usb: quirks: add delay init quirk for Corsair Strafe RGB 
keyboard")
Cc: sta...@vger.kernel.org
Signed-off-by: Danilo Krummrich 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/usb/core/message.c |4 
 drivers/usb/core/quirks.c  |3 ++-
 include/linux/usb/quirks.h |3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)

--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -147,6 +147,10 @@ int usb_control_msg(struct usb_device *d
 
ret = usb_internal_control_msg(dev, pipe, dr, data, size, timeout);
 
+   /* Linger a bit, prior to the next control message. */
+   if (dev->quirks & USB_QUIRK_DELAY_CTRL_MSG)
+   msleep(200);
+
kfree(dr);
 
return ret;
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -229,7 +229,8 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT },
 
/* Corsair Strafe RGB */
-   { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT },
+   { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT |
+ USB_QUIRK_DELAY_CTRL_MSG },
 
/* Corsair K70 LUX */
{ USB_DEVICE(0x1b1c, 0x1b36), .driver_info = USB_QUIRK_DELAY_INIT },
--- a/include/linux/usb/quirks.h
+++ b/include/linux/usb/quirks.h
@@ -56,4 +56,7 @@
  */
 #define USB_QUIRK_LINEAR_FRAME_INTR_BINTERVAL  BIT(11)
 
+/* Device needs a pause after every control message. */
+#define USB_QUIRK_DELAY_CTRL_MSG   BIT(13)
+
 #endif /* __LINUX_USB_QUIRKS_H */

[PATCH 4.4 56/63] staging: android: ashmem: Fix lockdep issue during llseek

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Joel Fernandes 

commit cb57469c9573f6018cd1302953dd45d6e05aba7b upstream.

ashmem_mutex create a chain of dependencies like so:

(1)
mmap syscall ->
  mmap_sem ->  (acquired)
  ashmem_mmap
  ashmem_mutex (try to acquire)
  (block)

(2)
llseek syscall ->
  ashmem_llseek ->
  ashmem_mutex ->  (acquired)
  inode_lock ->
  inode->i_rwsem (try to acquire)
  (block)

(3)
getdents ->
  iterate_dir ->
  inode_lock ->
  inode->i_rwsem   (acquired)
  copy_to_user ->
  mmap_sem (try to acquire)

There is a lock ordering created between mmap_sem and inode->i_rwsem
causing a lockdep splat [2] during a syzcaller test, this patch fixes
the issue by unlocking the mutex earlier. Functionally that's Ok since
we don't need to protect vfs_llseek.

[1] https://patchwork.kernel.org/patch/10185031/
[2] https://lkml.org/lkml/2018/1/10/48

Acked-by: Todd Kjos 
Cc: Arve Hjonnevag 
Cc: sta...@vger.kernel.org
Reported-by: syzbot+8ec30bb7bf1a981a2...@syzkaller.appspotmail.com
Signed-off-by: Joel Fernandes 
Acked-by: Greg Hackmann 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/staging/android/ashmem.c |   15 +++
 1 file changed, 7 insertions(+), 8 deletions(-)

--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -330,24 +330,23 @@ static loff_t ashmem_llseek(struct file
mutex_lock(_mutex);
 
if (asma->size == 0) {
-   ret = -EINVAL;
-   goto out;
+   mutex_unlock(_mutex);
+   return -EINVAL;
}
 
if (!asma->file) {
-   ret = -EBADF;
-   goto out;
+   mutex_unlock(_mutex);
+   return -EBADF;
}
 
+   mutex_unlock(_mutex);
+
ret = vfs_llseek(asma->file, offset, origin);
if (ret < 0)
-   goto out;
+   return ret;
 
/** Copy f_pos from backing file, since f_ops->llseek() sets it */
file->f_pos = asma->file->f_pos;
-
-out:
-   mutex_unlock(_mutex);
return ret;
 }

[PATCH 4.4 57/63] USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Teijo Kinnunen 

commit 5126a504b63d82785eaece3a9c30c660b313785a upstream.

This USB-SATA controller seems to be similar with JMicron bridge
152d:2566 already on the list. Adding it here fixes "Invalid
field in cdb" errors.

Signed-off-by: Teijo Kinnunen 
Cc: sta...@vger.kernel.org
Acked-by: Alan Stern 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/usb/storage/unusual_devs.h |7 +++
 1 file changed, 7 insertions(+)

--- a/drivers/usb/storage/unusual_devs.h
+++ b/drivers/usb/storage/unusual_devs.h
@@ -2142,6 +2142,13 @@ UNUSUAL_DEV(  0x22b8, 0x3010, 0x0001, 0x
USB_SC_DEVICE, USB_PR_DEVICE, NULL,
US_FL_FIX_CAPACITY | US_FL_IGNORE_RESIDUE ),
 
+/* Reported by Teijo Kinnunen  */
+UNUSUAL_DEV(  0x152d, 0x2567, 0x0117, 0x0117,
+   "JMicron",
+   "USB to ATA/ATAPI Bridge",
+   USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+   US_FL_BROKEN_FUA ),
+
 /* Reported-by George Cherian  */
 UNUSUAL_DEV(0x152d, 0x9561, 0x, 0x,
"JMicron",

[PATCH 4.4 55/63] staging: comedi: fix comedi_nsamples_left.

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Frank Mori Hess 

commit a42ae5905140c324362fe5036ae1dbb16e4d359c upstream.

A rounding error was causing comedi_nsamples_left to
return the wrong value when nsamples was not a multiple
of the scan length.

Cc:  # v4.4+
Signed-off-by: Frank Mori Hess 
Reviewed-by: Ian Abbott 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/staging/comedi/drivers.c |3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/staging/comedi/drivers.c
+++ b/drivers/staging/comedi/drivers.c
@@ -484,8 +484,7 @@ unsigned int comedi_nsamples_left(struct
struct comedi_cmd *cmd = >cmd;
 
if (cmd->stop_src == TRIG_COUNT) {
-   unsigned int nscans = nsamples / cmd->scan_end_arg;
-   unsigned int scans_left = __comedi_nscans_left(s, nscans);
+   unsigned int scans_left = __comedi_nscans_left(s, 
cmd->stop_arg);
unsigned int scan_pos =
comedi_bytes_to_samples(s, async->scan_progress);
unsigned long long samples_left = 0;

[PATCH 4.4 29/63] watchdog: hpwdt: fix unused variable warning

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Arnd Bergmann 

commit aeebc6ba88ba3758ad95467ff6191fabf2074c13 upstream.

The new hpwdt_my_nmi() function is used conditionally, which produces
a harmless warning in some configurations:

drivers/watchdog/hpwdt.c:478:12: error: 'hpwdt_my_nmi' defined but not used 
[-Werror=unused-function]

This moves it inside of the #ifdef that protects its caller, to silence
the warning.

Fixes: 621174a92851 ("watchdog: hpwdt: Check source of NMI")
Signed-off-by: Arnd Bergmann 
Reviewed-by: Jerry Hoemann 
Reviewed-by: Guenter Roeck 
Signed-off-by: Guenter Roeck 
Signed-off-by: Wim Van Sebroeck 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/watchdog/hpwdt.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/watchdog/hpwdt.c
+++ b/drivers/watchdog/hpwdt.c
@@ -474,12 +474,12 @@ static int hpwdt_time_left(void)
return TICKS_TO_SECS(ioread16(hpwdt_timer_reg));
 }
 
+#ifdef CONFIG_HPWDT_NMI_DECODING
 static int hpwdt_my_nmi(void)
 {
return ioread8(hpwdt_nmistat) & 0x6;
 }
 
-#ifdef CONFIG_HPWDT_NMI_DECODING
 /*
  * NMI Handler
  */

[PATCH 4.4 30/63] netfilter: nfnetlink_queue: fix timestamp attribute

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Florian Westphal 

commit a7f1884554b81bd68cd435d72f09a3527629ac43 upstream.

Since 4.4 we erronously use timestamp of the netlink skb (which is zero).

Bugzilla: https://bugzilla.netfilter.org/show_bug.cgi?id=1066
Fixes: b28b1e826f818c30ea7 ("netfilter: nfnetlink_queue: use y2038 safe 
timestamp")
Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Greg Kroah-Hartman 

---
 net/netfilter/nfnetlink_queue.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -501,7 +501,7 @@ nfqnl_build_packet_message(struct net *n
 
if (entskb->tstamp.tv64) {
struct nfqnl_msg_packet_timestamp ts;
-   struct timespec64 kts = ktime_to_timespec64(skb->tstamp);
+   struct timespec64 kts = ktime_to_timespec64(entskb->tstamp);
 
ts.sec = cpu_to_be64(kts.tv_sec);
ts.usec = cpu_to_be64(kts.tv_nsec / NSEC_PER_USEC);

Re: [PATCH v5 11/11] KVM: x86: Disable Intel Processor Trace when VMXON in L1 guest

2018-03-16 Thread Paolo Bonzini

On 04/03/2018 13:07, Luwei Kang wrote:
> + if (pt_mode == PT_MODE_HOST_GUEST) {

This would be vmx_pt_supported(), but I think it's better to remove that
function and just test pt_mode == PT_MODE_HOST_GUEST everywhere (or !=).

Paolo

> + vmx->pt_desc.guest.ctl = 0;
> + vmcs_write64(GUEST_IA32_RTIT_CTL, 0);
> + pt_set_intercept_for_msr(vmx, 1);
> + }
> +

[PATCH 4.4 32/63] Input: tca8418_keypad - remove double read of key event register

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Dmitry Torokhov 

commit 9dd46c02532a6bed6240101ecf4bbc407f8c6adf upstream.

There is no need to tread the same register twice in a row.

Fixes: ea4348c8462a ("Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-un ...")
Signed-off-by: Dmitry Torokhov 
Cc: Ben Hutchings 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/input/keyboard/tca8418_keypad.c |2 --
 1 file changed, 2 deletions(-)

--- a/drivers/input/keyboard/tca8418_keypad.c
+++ b/drivers/input/keyboard/tca8418_keypad.c
@@ -189,8 +189,6 @@ static void tca8418_read_keypad(struct t
input_event(input, EV_MSC, MSC_SCAN, code);
input_report_key(input, keymap[code], state);
 
-   /* Read for next loop */
-   error = tca8418_read_byte(keypad_data, REG_KEY_EVENT_A, );
} while (1);
 
input_sync(input);

[PATCH 4.4 08/63] drm/radeon: Fix deadlock on runtime suspend

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Lukas Wunner 

commit 15734feff2bdac24aa3266c437cffa42851990e3 upstream.

radeon's ->runtime_suspend hook calls drm_kms_helper_poll_disable(),
which waits for the output poll worker to finish if it's running.

The output poll worker meanwhile calls pm_runtime_get_sync() in
radeon's ->detect hooks, which waits for the ongoing suspend to finish,
causing a deadlock.

Fix by not acquiring a runtime PM ref if the ->detect hooks are called
in the output poll worker's context.  This is safe because the poll
worker is only enabled while runtime active and we know that
->runtime_suspend waits for it to finish.

Stack trace for posterity:

  INFO: task kworker/0:3:31847 blocked for more than 120 seconds
  Workqueue: events output_poll_execute [drm_kms_helper]
  Call Trace:
   schedule+0x3c/0x90
   rpm_resume+0x1e2/0x690
   __pm_runtime_resume+0x3f/0x60
   radeon_lvds_detect+0x39/0xf0 [radeon]
   output_poll_execute+0xda/0x1e0 [drm_kms_helper]
   process_one_work+0x14b/0x440
   worker_thread+0x48/0x4a0

  INFO: task kworker/2:0:10493 blocked for more than 120 seconds.
  Workqueue: pm pm_runtime_work
  Call Trace:
   schedule+0x3c/0x90
   schedule_timeout+0x1b3/0x240
   wait_for_common+0xc2/0x180
   wait_for_completion+0x1d/0x20
   flush_work+0xfc/0x1a0
   __cancel_work_timer+0xa5/0x1d0
   cancel_delayed_work_sync+0x13/0x20
   drm_kms_helper_poll_disable+0x1f/0x30 [drm_kms_helper]
   radeon_pmops_runtime_suspend+0x3d/0xa0 [radeon]
   pci_pm_runtime_suspend+0x61/0x1a0
   vga_switcheroo_runtime_suspend+0x21/0x70
   __rpm_callback+0x32/0x70
   rpm_callback+0x24/0x80
   rpm_suspend+0x12b/0x640
   pm_runtime_work+0x6f/0xb0
   process_one_work+0x14b/0x440
   worker_thread+0x48/0x4a0

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94147
Fixes: 10ebc0bc0934 ("drm/radeon: add runtime PM support (v2)")
Cc: sta...@vger.kernel.org # v3.13+: 27d4ee03078a: workqueue: Allow retrieval 
of current task's work struct
Cc: sta...@vger.kernel.org # v3.13+: 25c058ccaf2e: drm: Allow determining if 
current task is output poll worker
Cc: Ismo Toijala 
Cc: Alex Deucher 
Cc: Dave Airlie 
Reviewed-by: Lyude Paul 
Signed-off-by: Lukas Wunner 
Link: 
https://patchwork.freedesktop.org/patch/msgid/64ea02c44f91dda19bc563902b97bbc699040392.1518338789.git.lu...@wunner.de
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/gpu/drm/radeon/radeon_connectors.c |   74 +++--
 1 file changed, 49 insertions(+), 25 deletions(-)

--- a/drivers/gpu/drm/radeon/radeon_connectors.c
+++ b/drivers/gpu/drm/radeon/radeon_connectors.c
@@ -891,9 +891,11 @@ radeon_lvds_detect(struct drm_connector
enum drm_connector_status ret = connector_status_disconnected;
int r;
 
-   r = pm_runtime_get_sync(connector->dev->dev);
-   if (r < 0)
-   return connector_status_disconnected;
+   if (!drm_kms_helper_is_poll_worker()) {
+   r = pm_runtime_get_sync(connector->dev->dev);
+   if (r < 0)
+   return connector_status_disconnected;
+   }
 
if (encoder) {
struct radeon_encoder *radeon_encoder = 
to_radeon_encoder(encoder);
@@ -916,8 +918,12 @@ radeon_lvds_detect(struct drm_connector
/* check acpi lid status ??? */
 
radeon_connector_update_scratch_regs(connector, ret);
-   pm_runtime_mark_last_busy(connector->dev->dev);
-   pm_runtime_put_autosuspend(connector->dev->dev);
+
+   if (!drm_kms_helper_is_poll_worker()) {
+   pm_runtime_mark_last_busy(connector->dev->dev);
+   pm_runtime_put_autosuspend(connector->dev->dev);
+   }
+
return ret;
 }
 
@@ -1020,9 +1026,11 @@ radeon_vga_detect(struct drm_connector *
enum drm_connector_status ret = connector_status_disconnected;
int r;
 
-   r = pm_runtime_get_sync(connector->dev->dev);
-   if (r < 0)
-   return connector_status_disconnected;
+   if (!drm_kms_helper_is_poll_worker()) {
+   r = pm_runtime_get_sync(connector->dev->dev);
+   if (r < 0)
+   return connector_status_disconnected;
+   }
 
encoder = radeon_best_single_encoder(connector);
if (!encoder)
@@ -1089,8 +1097,10 @@ radeon_vga_detect(struct drm_connector *
radeon_connector_update_scratch_regs(connector, ret);
 
 out:
-   pm_runtime_mark_last_busy(connector->dev->dev);
-   pm_runtime_put_autosuspend(connector->dev->dev);
+   if (!drm_kms_helper_is_poll_worker()) {
+   pm_runtime_mark_last_busy(connector->dev->dev);
+   pm_runtime_put_autosuspend(connector->dev->dev);
+   }
 
return ret;
 }
@@ -1153,9 +1163,11 @@ radeon_tv_detect(struct drm_connector *c
if

[PATCH 4.4 03/63] RDMA/mlx5: Fix integer overflow while resizing CQ

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Leon Romanovsky 

commit 28e9091e3119933c38933cb8fc48d5618eb784c8 upstream.

The user can provide very large cqe_size which will cause to integer
overflow as it can be seen in the following UBSAN warning:

===
UBSAN: Undefined behaviour in drivers/infiniband/hw/mlx5/cq.c:1192:53
signed integer overflow:
64870 * 65536 cannot be represented in type 'int'
CPU: 0 PID: 267 Comm: syzkaller605279 Not tainted 4.15.0+ #90 Hardware
name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
Call Trace:
 dump_stack+0xde/0x164
 ? dma_virt_map_sg+0x22c/0x22c
 ubsan_epilogue+0xe/0x81
 handle_overflow+0x1f3/0x251
 ? __ubsan_handle_negate_overflow+0x19b/0x19b
 ? lock_acquire+0x440/0x440
 mlx5_ib_resize_cq+0x17e7/0x1e40
 ? cyc2ns_read_end+0x10/0x10
 ? native_read_msr_safe+0x6c/0x9b
 ? cyc2ns_read_end+0x10/0x10
 ? mlx5_ib_modify_cq+0x220/0x220
 ? sched_clock_cpu+0x18/0x200
 ? lookup_get_idr_uobject+0x200/0x200
 ? rdma_lookup_get_uobject+0x145/0x2f0
 ib_uverbs_resize_cq+0x207/0x3e0
 ? ib_uverbs_ex_create_cq+0x250/0x250
 ib_uverbs_write+0x7f9/0xef0
 ? cyc2ns_read_end+0x10/0x10
 ? print_irqtrace_events+0x280/0x280
 ? ib_uverbs_ex_create_cq+0x250/0x250
 ? uverbs_devnode+0x110/0x110
 ? sched_clock_cpu+0x18/0x200
 ? do_raw_spin_trylock+0x100/0x100
 ? __lru_cache_add+0x16e/0x290
 __vfs_write+0x10d/0x700
 ? uverbs_devnode+0x110/0x110
 ? kernel_read+0x170/0x170
 ? sched_clock_cpu+0x18/0x200
 ? security_file_permission+0x93/0x260
 vfs_write+0x1b0/0x550
 SyS_write+0xc7/0x1a0
 ? SyS_read+0x1a0/0x1a0
 ? trace_hardirqs_on_thunk+0x1a/0x1c
 entry_SYSCALL_64_fastpath+0x1e/0x8b
RIP: 0033:0x433549
RSP: 002b:7ffe63bd1ea8 EFLAGS: 0217
===

Cc: syzkaller 
Cc:  # 3.13
Fixes: bde51583f49b ("IB/mlx5: Add support for resize CQ")
Reported-by: Noa Osherovich 
Reviewed-by: Yishai Hadas 
Signed-off-by: Leon Romanovsky 
Signed-off-by: Doug Ledford 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/infiniband/hw/mlx5/cq.c |7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/drivers/infiniband/hw/mlx5/cq.c
+++ b/drivers/infiniband/hw/mlx5/cq.c
@@ -972,7 +972,12 @@ static int resize_user(struct mlx5_ib_de
if (ucmd.reserved0 || ucmd.reserved1)
return -EINVAL;
 
-   umem = ib_umem_get(context, ucmd.buf_addr, entries * ucmd.cqe_size,
+   /* check multiplication overflow */
+   if (ucmd.cqe_size && SIZE_MAX / ucmd.cqe_size <= entries - 1)
+   return -EINVAL;
+
+   umem = ib_umem_get(context, ucmd.buf_addr,
+  (size_t)ucmd.cqe_size * entries,
   IB_ACCESS_LOCAL_WRITE, 1);
if (IS_ERR(umem)) {
err = PTR_ERR(umem);

Re: [PATCH 0/2] net: phy: relax error checking when creating sysfs link netdev->phydev

2018-03-16 Thread Florian Fainelli



On 03/16/2018 10:22 AM, Andrew Lunn wrote:
> On Wed, Mar 14, 2018 at 05:26:22PM -0500, Grygorii Strashko wrote:
>> Some ethernet drivers (like TI CPSW) may connect and manage >1 Net PHYs per
>> one netdevice, as result such drivers will produce warning during system
>> boot and fail to connect second phy to netdevice when PHYLIB framework
>> will try to create sysfs link netdev->phydev for second PHY
>> in phy_attach_direct(), because sysfs link with the same name has been
>> created already for the first PHY.
>> As result, second CPSW external port will became unusable.
>> This issue was introduced by commits:
>> 5568363f0cb3 ("net: phy: Create sysfs reciprocal links for 
>> attached_dev/phydev"
>> a3995460491d ("net: phy: Relax error checking on sysfs_create_link()"
> 
> I wonder if it would be better to add a flag to the phydev that
> indicates it is the second PHY connected to a MAC? Add a bit to
> phydrv->mdiodrv.flags. If that bit is set, don't create the sysfs
> file.

We could indeed do that, I am fine with Grygorii's approach though in
making the creation more silent and non fatal.

> 
> For 99% of MAC drivers, having two PHYs is an error, so we want to aid
> debug by reporting the sysfs error.
That is true, either way is fine with me, really.
-- 
Florian

[PATCH 4.4 06/63] drm: Allow determining if current task is output poll worker

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Lukas Wunner 

commit 25c058ccaf2ebbc3e250ec1e199e161f91fe27d4 upstream.

Introduce a helper to determine if the current task is an output poll
worker.

This allows us to fix a long-standing deadlock in several DRM drivers
wherein the ->runtime_suspend callback waits for the output poll worker
to finish and the worker in turn calls a ->detect callback which waits
for runtime suspend to finish.  The ->detect callback is invoked from
multiple call sites and waiting for runtime suspend to finish is the
correct thing to do except if it's executing in the context of the
worker.

v2: Expand kerneldoc to specifically mention deadlock between
output poll worker and autosuspend worker as use case. (Lyude)

Cc: Dave Airlie 
Cc: Ben Skeggs 
Cc: Alex Deucher 
Reviewed-by: Lyude Paul 
Signed-off-by: Lukas Wunner 
Link: 
https://patchwork.freedesktop.org/patch/msgid/3549ce32e7f1467102e70d3e9cbf70c46bfe108e.1518593424.git.lu...@wunner.de
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/gpu/drm/drm_probe_helper.c |   20 
 include/drm/drm_crtc_helper.h  |1 +
 2 files changed, 21 insertions(+)

--- a/drivers/gpu/drm/drm_probe_helper.c
+++ b/drivers/gpu/drm/drm_probe_helper.c
@@ -412,6 +412,26 @@ out:
 }
 
 /**
+ * drm_kms_helper_is_poll_worker - is %current task an output poll worker?
+ *
+ * Determine if %current task is an output poll worker.  This can be used
+ * to select distinct code paths for output polling versus other contexts.
+ *
+ * One use case is to avoid a deadlock between the output poll worker and
+ * the autosuspend worker wherein the latter waits for polling to finish
+ * upon calling drm_kms_helper_poll_disable(), while the former waits for
+ * runtime suspend to finish upon calling pm_runtime_get_sync() in a
+ * connector ->detect hook.
+ */
+bool drm_kms_helper_is_poll_worker(void)
+{
+   struct work_struct *work = current_work();
+
+   return work && work->func == output_poll_execute;
+}
+EXPORT_SYMBOL(drm_kms_helper_is_poll_worker);
+
+/**
  * drm_kms_helper_poll_disable - disable output polling
  * @dev: drm_device
  *
--- a/include/drm/drm_crtc_helper.h
+++ b/include/drm/drm_crtc_helper.h
@@ -241,5 +241,6 @@ extern void drm_kms_helper_hotplug_event
 extern void drm_kms_helper_poll_disable(struct drm_device *dev);
 extern void drm_kms_helper_poll_enable(struct drm_device *dev);
 extern void drm_kms_helper_poll_enable_locked(struct drm_device *dev);
+extern bool drm_kms_helper_is_poll_worker(void);
 
 #endif

Re: [RESEND PATCH v2] sched/fair: Remove check in idle_balance against migration_cost

2018-03-16 Thread Peter Zijlstra

On Fri, Mar 16, 2018 at 10:21:54AM -0700, Rohit Jain wrote:
> Hi Peter,
> 
> On 03/16/2018 07:35 AM, Peter Zijlstra wrote:
> > On Wed, Mar 14, 2018 at 11:36:47AM -0700, Rohit Jain wrote:
> > > Signed-off-by: Rohit Jain 
> > > 
> > > Signed-off-by: Rohit Jain 
> > Surely you only need a single on of those.
> 
> Oh wow! I don't know how I missed this :) Thanks!

> However, when I clone from
> https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git/
> I cannot see the commit.

You need to look at:

  https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/

my queue.git is the sporadic push of my quilt tree on top of that.

RE: [PATCH v4 3/4] PCI: hv: Remove hbus->enum_sem

2018-03-16 Thread Dexuan Cui

> From: Lorenzo Pieralisi 
> Sent: Friday, March 16, 2018 03:54
> ...
> Dexuan,
> while applying/updating these patches I notice this one may be squashed
> into: https://patchwork.ozlabs.org/patch/886266/
> 
> since they logically belong in the same patch. Are you OK with me doing
> that ? Is my reading correct ?
> Lorenzo

I'm OK. 
I used two patches
[PATCH v4 1/2] PCI: hv: Serialize the present and eject work items
[PATCH v4 3/4] PCI: hv: Remove hbus->enum_sem
only because the first fixed a real issue and hence IMO should go into
stable kernels, and the second is only a cleanup patch, which doesn't
need go into stable kernels.

Either way is ok to me. 
Please feel free to do whatever you think is better. :-)

Thanks,
-- Dexuan

Re: [PATCH] staging: typec: rt1711h typec chip driver

2018-03-16 Thread 李書帆

Hi Heikki,

2018-03-16 23:05 GMT+08:00 Heikki Krogerus :
> Hi ShuFan,
>
> On Fri, Mar 16, 2018 at 05:12:49PM +0800, ShuFan Lee wrote:
>> +static int rt1711h_init_gpio(struct rt1711h_chip *chip)
>> +{
>> + int ret;
>> + struct device_node *np = chip->dev->of_node;
>> +
>> + ret = of_get_named_gpio(np, "rt,intr_gpio", 0);
>> + if (ret < 0) {
>> + dev_err(chip->dev, "%s get int gpio fail(%d)\n", __func__, 
>> ret);
>> + return ret;
>> + }
>> + chip->irq_gpio = ret;
>> +
>> + ret = devm_gpio_request_one(chip->dev, chip->irq_gpio, GPIOF_IN,
>> + dev_name(chip->dev));
>> + if (ret < 0) {
>> + dev_err(chip->dev, "%s request gpio fail(%d)\n", __func__, 
>> ret);
>> + return ret;
>> + }
>> +
>> + chip->irq = gpio_to_irq(chip->irq_gpio);
>> + if (chip->irq <= 0) {
>> + dev_err(chip->dev, "%s gpio2irq fail(%d)\n", __func__,
>> + chip->irq);
>> + return -EINVAL;
>> + }
>> + return 0;
>
> "rt,intr_gpio" should probable be "rt,intr-gpio". Then this function
> can be prepared for all types of platforms:
>
> static int rt1711h_init_gpio(struct rt1711h_chip *chip)
> {
> struct gpio_desc *gpio;
>
> gpio = devm_gpiod_get(chip->dev, "rt,intr", GFP_KERNEL);
> if (IS_ERR(gpio))
> return PTR_ERR(gpio);
>
> chip->irq = gpiod_to_irq(gpio);
> if (chip->irq < 0)
> return chip->irq;
>
> return 0;
> }
>
>
> Thanks,
>
> --
> heikki

  Thank you, I've changed it in PATCH v2.

  May I add you to Suggested-by list?

-- 
Best Regards,
書帆

Re: [PATCH] drm: Reduce object size of DRM_ERROR and DRM_DEBUG uses

2018-03-16 Thread Joe Perches

On Fri, 2018-03-16 at 08:41 +0100, Daniel Vetter wrote:
> On Tue, Mar 13, 2018 at 03:02:15PM -0700, Joe Perches wrote:
> > drm_printk is used for both DRM_ERROR and DRM_DEBUG with unnecessary
> > arguments that can be removed by creating separate functins.
> > 
> > Create specific functions for these calls to reduce x86/64 defconfig
> > size by ~20k.
> > 
> > Modify the existing macros to use the specific calls.
> > 
> > new:
> > $ size -t drivers/gpu/drm/built-in.a | tail -1
> > 1876562   44542 995 1922099  1d5433 (TOTALS)
> > 
> > old:
> > $ size -t drivers/gpu/drm/built-in.a | tail -1
> > 1897565   44542 995 1943102  1da63e (TOTALS)
> > 
> > Miscellanea:
> > 
> > o intel_display requires a change to use the specific calls.
> > 
> > Signed-off-by: Joe Perches 
> 
> Impressed with the size of the bikeshed piled on top of this I decided to
> cut this all short by merging it.

Thanks.

There was a similar patch for the DRM_DEV_ macros
awhile ago that also reduced object code.

https://lkml.org/lkml/2017/9/25/247

Never applied.

Want a remerge resend?

Re: [PATCH] KVM: x86: Fix device passthrough when SME is active

2018-03-16 Thread Paolo Bonzini

On 09/03/2018 00:17, Tom Lendacky wrote:
> When using device passthrough with SME active, the MMIO range that is
> mapped for the device should not be mapped encrypted.  Add a check in
> set_spte() to insure that a page is not mapped encrypted if that page
> is a device MMIO page as indicated by kvm_is_mmio_pfn().
> 
> Cc:  # 4.14.x-
> Signed-off-by: Tom Lendacky 
> ---
>  arch/x86/kvm/mmu.c |4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c
> index f551962..763bb3b 100644
> --- a/arch/x86/kvm/mmu.c
> +++ b/arch/x86/kvm/mmu.c
> @@ -2770,8 +2770,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep,
>   else
>   pte_access &= ~ACC_WRITE_MASK;
>  
> + if (!kvm_is_mmio_pfn(pfn))
> + spte |= shadow_me_mask;
> +
>   spte |= (u64)pfn << PAGE_SHIFT;
> - spte |= shadow_me_mask;
>  
>   if (pte_access & ACC_WRITE_MASK) {
>  
> 

No, I'm applying it.

Paolo

Re: [PATCH 4.13 28/43] SMB3: Validate negotiate request must always be signed

On Tue, Mar 13, 2018 at 10:21:45AM -0500, Steve French wrote:
> There will be a fix needed to correct an oops in calc_signature,
> besides the easy patch (smb3 validate negotiate patch).

Ok, I still have no idea how to parse this for a stable tree submission.

So can someone please just send me a simple "apply these git ids to tree
X.X.y so we can fix the problem", otherwise I'm not going to do anything
here as I'm really confused,

greg k-h

Re: Fix deadlocks in autosuspend

2018-03-16 Thread Marcus Folkesson

Ping.

Would someone please have a look?

Thanks,
Marcus Folkesson

On Wed, Feb 28, 2018 at 02:37:57PM +0100, Marcus Folkesson wrote:
> Hello,
> 
> I have not recieved any feedback on these so I resend them.
> 
> I got this deadlock on my own driver (pxrc) when using the same
> construction.
> 
> Please have a look
> 
> Here is a clip from 
> [PATCH v3] input: pxrc: new driver for PhoenixRC Flight Controller Adapter [1]
> that describes the problem.
> 
> ---8<--
> Also, I think we have a deadlock in the synaptics_usb driver.
> 
> When the device is suspended and someone is open the device, the input
> subsystem will call input_open_device() which takes the
> input_dev->mutex and then call input_dev->open().
> 
> synusb_open() has a call to usb_autopm_get_interface() which will
> result in a call to the registered resume-function if the device is
> suspended. (see Documentation/driver-api/usb/power-manaement.rst).
> 
> In the case of snaptics_usb, it will take the input_dev->mutex in the
> resume function.
> 
> I have no synaptic mouse, but tested to put the same code into my
> driver just to confirm, and got the following dump:
> 
> [ 9215.626476] INFO: task input-events:8590 blocked for more than 120 seconds.
> [ 9215.626495]   Not tainted 4.15.0-rc8-ARCH+ #6
> [ 9215.626500] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables 
> this message.
> [ 9215.626507] input-eventsD0  8590   4394 0x0004
> [ 9215.626520] Call Trace:
> [ 9215.626546]  ? __schedule+0x236/0x850
> [ 9215.626559]  schedule+0x2f/0x90
> [ 9215.626569]  schedule_preempt_disabled+0x11/0x20
> [ 9215.626579]  __mutex_lock.isra.0+0x1aa/0x520
> [ 9215.626609]  ? usb_runtime_suspend+0x70/0x70 [usbcore]
> [ 9215.626622]  ? pxrc_resume+0x37/0x70 [pxrc]
> [ 9215.626632]  pxrc_resume+0x37/0x70 [pxrc]
> [ 9215.626655]  usb_resume_interface.isra.2+0x39/0xe0 [usbcore]
> [ 9215.626676]  usb_resume_both+0xd2/0x120 [usbcore]
> [ 9215.626688]  __rpm_callback+0xb6/0x1f0
> [ 9215.626699]  rpm_callback+0x1f/0x70
> [ 9215.626718]  ? usb_runtime_suspend+0x70/0x70 [usbcore]
> [ 9215.626726]  rpm_resume+0x4e2/0x7f0
> [ 9215.626737]  rpm_resume+0x582/0x7f0
> [ 9215.626749]  __pm_runtime_resume+0x3a/0x50
> [ 9215.626767]  usb_autopm_get_interface+0x1d/0x50 [usbcore]
> [ 9215.626780]  pxrc_open+0x17/0x8d [pxrc]
> [ 9215.626791]  input_open_device+0x70/0xa0
> [ 9215.626804]  evdev_open+0x183/0x1c0 [evdev]
> [ 9215.626819]  chrdev_open+0xa0/0x1b0
> [ 9215.626830]  ? cdev_put.part.1+0x20/0x20
> [ 9215.626840]  do_dentry_open+0x1ad/0x2c0
> [ 9215.626855]  path_openat+0x576/0x1300
> [ 9215.626868]  ? alloc_set_pte+0x22c/0x520
> [ 9215.626883]  ? filemap_map_pages+0x19b/0x340
> [ 9215.626893]  do_filp_open+0x9b/0x110
> [ 9215.626908]  ? __check_object_size+0x9d/0x190
> [ 9215.626920]  ? __alloc_fd+0xaf/0x160
> [ 9215.626931]  ? do_sys_open+0x1bd/0x250
> [ 9215.626942]  do_sys_open+0x1bd/0x250
> [ 9215.626956]  entry_SYSCALL_64_fastpath+0x20/0x83
> [ 9215.626967] RIP: 0033:0x7fbf6358f7ae
> 
> 
> tablet/pegasus_notetaker.c and touchscreen/usbtouchscreen.c has the same
> construction (taking input_dev->mutex in resume/suspend and call
> usb_autopm_get_interface() in open()).
> 
> I will create a separate "pm_mutex" to use instead of input_dev->mutex
> to get rid of the lockups in those drivers 
> 
> ---8<--
> 
> 
> [1] https://lkml.org/lkml/2018/1/20/191
> 
> Thanks,
> 
> Best regards
> Marcus Folkesson
> 


signature.asc
Description: PGP signature

[PATCH v2 0/5] Allow compile-testing NO_DMA (core)

Hi all,

If NO_DMA=y, get_dma_ops() returns a reference to the non-existing
symbol bad_dma_ops, thus causing a link failure if it is ever used.

The intention of this is twofold:
1. To catch users of the DMA API on systems that do no support the DMA
mapping API,
2. To avoid building drivers that cannot work on such systems anyway.

However, the disadvantage is that we have to keep on adding dependencies
on HAS_DMA all over the place.

Thanks to the COMPILE_TEST symbol, lots of drivers now depend on one or
more platform dependencies (that imply HAS_DMA) || COMPILE_TEST, thus
already covering intention #2. Having to add an explicit dependency on
HAS_DMA here is cumbersome, and hinders compile-testing.

Hence I think the time is ripe to reconsider the link failure.
This patch series:
- Changes get_dma_ops() to return NULL instead,
- Adds a few more dummies to enable compile-testing.

A follow-up patch series will:
- Remove dependencies on HAS_DMA for symbols that already have
platform dependencies implying HAS_DMA.

Changes compared to v1:
- Add Reviewed-by, Acked-by,
- Group NO_DMA-stubs for the DMA pool API under a single #ifdef,
- Split the big Kconfig patch in per-subsystem patches, split-off in a
follow-up series.

This series is against v4.16-rc5. It can also be found at
https://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k.git/log/?h=no-dma-compile-testing-v2

It has been compile-tested with allmodconfig and allyesconfig for
m68k/sun3, and has received attention from the kbuild test robot.

Thanks!

Geert Uytterhoeven (5):
dma-mapping: Convert NO_DMA get_dma_ops() into a real dummy
dma-coherent: Add NO_DMA dummies for managed DMA API
usb: gadget: Add NO_DMA dummies for DMA mapping API
mm: Add NO_DMA dummies for DMA pool API
scsi: Add NO_DMA dummies for SCSI DMA mapping API

include/linux/dma-mapping.h | 19 ++-
include/linux/dmapool.h | 30 +++---
include/linux/usb/gadget.h | 12
include/scsi/scsi_cmnd.h| 5 +
4 files changed, 54 insertions(+), 12 deletions(-)

--
2.7.4

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- ge...@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds

arm64 kvm built with clang doesn't boot

2018-03-16 Thread Andrey Konovalov

Hi!

I've recently tried to boot clang built kernel on real hardware
(Odroid C2 board) instead of using a VM. The issue that I stumbled
upon is that arm64 kvm built with clang doesn't boot.

Adding -fno-jump-tables compiler flag to arch/arm64/kvm/* helps. There
was a patch some time ago that did exactly that
(https://patchwork.kernel.org/patch/10060381/), but it wasn't accepted
AFAICT (see the discussion on that thread).

What would be the best way to get this fixed?

I've also had to disable CONFIG_JUMP_LABEL to get the kernel boot
(even without kvm enabled), but that might be a different (though
related) issue.

Thanks!

Re: [PATCH] rxrpc: remove redundant initialization of variable 'len'

2018-03-16 Thread David Miller

From: Colin King 
Date: Mon, 12 Mar 2018 17:25:38 +

> From: Colin Ian King 
> 
> The variable 'len' is being initialized with a value that is never
> read and it is re-assigned later, hence the initialization is redundant
> and can be removed.
> 
> Cleans up clang warning:
> net/rxrpc/recvmsg.c:275:15: warning: Value stored to 'len' during its
> initialization is never read
> 
> Signed-off-by: Colin Ian King 

Hehe, if the diff provided just 2 more lines of context at the bottom
we'd be able to see the overriding assignment :-)

> @@ -272,7 +272,7 @@ static int rxrpc_locate_data(struct rxrpc_call *call, 
> struct sk_buff *skb,
>unsigned int *_offset, unsigned int *_len)
>  {
>   unsigned int offset = sizeof(struct rxrpc_wire_header);
> - unsigned int len = *_len;
> + unsigned int len;
>   int ret;
>   u8 annotation = *_annotation;
>  
> -- 
> 2.15.1
> 

Applied, thanks Colin.

[PATCH v2 4/5] mm: Add NO_DMA dummies for DMA pool API

Add dummies for dma{,m}_pool_{create,destroy,alloc,free}(), to allow
compile-testing if NO_DMA=y.

This prevents the following from showing up later:

ERROR: "dma_pool_destroy" [drivers/usb/mtu3/mtu3.ko] undefined!
ERROR: "dma_pool_free" [drivers/usb/mtu3/mtu3.ko] undefined!
ERROR: "dma_pool_alloc" [drivers/usb/mtu3/mtu3.ko] undefined!
ERROR: "dma_pool_create" [drivers/usb/mtu3/mtu3.ko] undefined!
ERROR: "dma_pool_destroy" [drivers/scsi/hisi_sas/hisi_sas_main.ko] 
undefined!
ERROR: "dma_pool_free" [drivers/scsi/hisi_sas/hisi_sas_main.ko] undefined!
ERROR: "dma_pool_alloc" [drivers/scsi/hisi_sas/hisi_sas_main.ko] undefined!
ERROR: "dma_pool_create" [drivers/scsi/hisi_sas/hisi_sas_main.ko] undefined!
ERROR: "dma_pool_alloc" [drivers/mailbox/bcm-pdc-mailbox.ko] undefined!
ERROR: "dma_pool_free" [drivers/mailbox/bcm-pdc-mailbox.ko] undefined!
ERROR: "dma_pool_create" [drivers/mailbox/bcm-pdc-mailbox.ko] undefined!
ERROR: "dma_pool_destroy" [drivers/mailbox/bcm-pdc-mailbox.ko] undefined!

Signed-off-by: Geert Uytterhoeven 
Reviewed-by: Mark Brown 
Acked-by: Robin Murphy 
---
v2:
  - Add Reviewed-by, Acked-by,
  - Drop RFC state,
  - Group NO_DMA-stubs under a single #ifdef,
  - Move dma_pool_zalloc() definition down.
---
 include/linux/dmapool.h | 30 +++---
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/include/linux/dmapool.h b/include/linux/dmapool.h
index 53ba737505df31c7..f632ecfb4238404e 100644
--- a/include/linux/dmapool.h
+++ b/include/linux/dmapool.h
@@ -16,6 +16,8 @@
 
 struct device;
 
+#ifdef CONFIG_HAS_DMA
+
 struct dma_pool *dma_pool_create(const char *name, struct device *dev, 
size_t size, size_t align, size_t allocation);
 
@@ -23,13 +25,6 @@ void dma_pool_destroy(struct dma_pool *pool);
 
 void *dma_pool_alloc(struct dma_pool *pool, gfp_t mem_flags,
 dma_addr_t *handle);
-
-static inline void *dma_pool_zalloc(struct dma_pool *pool, gfp_t mem_flags,
-   dma_addr_t *handle)
-{
-   return dma_pool_alloc(pool, mem_flags | __GFP_ZERO, handle);
-}
-
 void dma_pool_free(struct dma_pool *pool, void *vaddr, dma_addr_t addr);
 
 /*
@@ -39,5 +34,26 @@ struct dma_pool *dmam_pool_create(const char *name, struct 
device *dev,
  size_t size, size_t align, size_t allocation);
 void dmam_pool_destroy(struct dma_pool *pool);
 
+#else /* !CONFIG_HAS_DMA */
+static inline struct dma_pool *dma_pool_create(const char *name,
+   struct device *dev, size_t size, size_t align, size_t allocation)
+{ return NULL; }
+static inline void dma_pool_destroy(struct dma_pool *pool) { }
+static inline void *dma_pool_alloc(struct dma_pool *pool, gfp_t mem_flags,
+  dma_addr_t *handle) { return NULL; }
+static inline void dma_pool_free(struct dma_pool *pool, void *vaddr,
+dma_addr_t addr) { }
+static inline struct dma_pool *dmam_pool_create(const char *name,
+   struct device *dev, size_t size, size_t align, size_t allocation)
+{ return NULL; }
+static inline void dmam_pool_destroy(struct dma_pool *pool) { }
+#endif /* !CONFIG_HAS_DMA */
+
+static inline void *dma_pool_zalloc(struct dma_pool *pool, gfp_t mem_flags,
+   dma_addr_t *handle)
+{
+   return dma_pool_alloc(pool, mem_flags | __GFP_ZERO, handle);
+}
+
 #endif
 
-- 
2.7.4

[PATCH v2 2/5] dma-coherent: Add NO_DMA dummies for managed DMA API

Add dummies for dmam_{alloc,free}_coherent(), to allow compile-testing
if NO_DMA=y.

This prevents the following from showing up later:

ERROR: "dmam_alloc_coherent" [drivers/net/ethernet/arc/arc_emac.ko] 
undefined!
ERROR: "dmam_free_coherent" [drivers/net/ethernet/apm/xgene/xgene-enet.ko] 
undefined!
ERROR: "dmam_alloc_coherent" [drivers/net/ethernet/apm/xgene/xgene-enet.ko] 
undefined!
ERROR: "dmam_alloc_coherent" [drivers/mtd/nand/hisi504_nand.ko] undefined!
ERROR: "dmam_alloc_coherent" [drivers/mmc/host/dw_mmc.ko] undefined!

Signed-off-by: Geert Uytterhoeven 
Reviewed-by: Mark Brown 
Acked-by: Robin Murphy 
---
v2:
  - Add Reviewed-by, Acked-by,
  - Drop RFC state.
---
 include/linux/dma-mapping.h | 9 +
 1 file changed, 9 insertions(+)

diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h
index 5ea7eec83c0fbb82..94f41846b933fca7 100644
--- a/include/linux/dma-mapping.h
+++ b/include/linux/dma-mapping.h
@@ -776,10 +776,19 @@ static inline void dma_deconfigure(struct device *dev) {}
 /*
  * Managed DMA API
  */
+#ifdef CONFIG_HAS_DMA
 extern void *dmam_alloc_coherent(struct device *dev, size_t size,
 dma_addr_t *dma_handle, gfp_t gfp);
 extern void dmam_free_coherent(struct device *dev, size_t size, void *vaddr,
   dma_addr_t dma_handle);
+#else /* !CONFIG_HAS_DMA */
+static inline void *dmam_alloc_coherent(struct device *dev, size_t size,
+   dma_addr_t *dma_handle, gfp_t gfp)
+{ return NULL; }
+static inline void dmam_free_coherent(struct device *dev, size_t size,
+ void *vaddr, dma_addr_t dma_handle) { }
+#endif /* !CONFIG_HAS_DMA */
+
 extern void *dmam_alloc_attrs(struct device *dev, size_t size,
  dma_addr_t *dma_handle, gfp_t gfp,
  unsigned long attrs);
-- 
2.7.4

[PATCH v2 1/5] dma-mapping: Convert NO_DMA get_dma_ops() into a real dummy

If NO_DMA=y, get_dma_ops() returns a reference to the
non-existing symbol bad_dma_ops, thus causing a link failure if it is
ever used.

Make get_dma_ops() return NULL instead, to avoid the link failure.
This allows to improve compile-testing, and limits the need to keep on
sprinkling dependencies on HAS_DMA all over the place.

Signed-off-by: Geert Uytterhoeven 
Reviewed-by: Mark Brown 
Acked-by: Robin Murphy 
---
v2:
  - Add Reviewed-by, Acked-by,
  - Drop RFC state.
---
 include/linux/dma-mapping.h | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h
index eb9eab4ecd6d7a05..5ea7eec83c0fbb82 100644
--- a/include/linux/dma-mapping.h
+++ b/include/linux/dma-mapping.h
@@ -212,14 +212,14 @@ static inline void set_dma_ops(struct device *dev,
 }
 #else
 /*
- * Define the dma api to allow compilation but not linking of
- * dma dependent code.  Code that depends on the dma-mapping
- * API needs to set 'depends on HAS_DMA' in its Kconfig
+ * Define the dma api to allow compilation of dma dependent code.
+ * Code that depends on the dma-mapping API needs to set 'depends on HAS_DMA'
+ * in its Kconfig, unless it already depends on  || COMPILE_TEST,
+ * where  guarantuees the availability of the dma-mapping API.
  */
-extern const struct dma_map_ops bad_dma_ops;
 static inline const struct dma_map_ops *get_dma_ops(struct device *dev)
 {
-   return _dma_ops;
+   return NULL;
 }
 #endif
 
-- 
2.7.4

[PATCH v2 19/21] spi: Remove depends on HAS_DMA in case of platform dependency

Remove dependencies on HAS_DMA where a Kconfig symbol depends on another
symbol that implies HAS_DMA, and, optionally, on "|| COMPILE_TEST".
In most cases this other symbol is an architecture or platform specific
symbol, or PCI.

Generic symbols and drivers without platform dependencies keep their
dependencies on HAS_DMA, to prevent compiling subsystems or drivers that
cannot work anyway.

This simplifies the dependencies, and allows to improve compile-testing.

Signed-off-by: Geert Uytterhoeven 
Reviewed-by: Mark Brown 
Acked-by: Robin Murphy 
---
v2:
  - Add Reviewed-by, Acked-by,
  - Drop RFC state,
  - Split per subsystem.
---
 drivers/spi/Kconfig | 12 +++-
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/drivers/spi/Kconfig b/drivers/spi/Kconfig
index 603783976b8152d4..7bd3a94f58511c41 100644
--- a/drivers/spi/Kconfig
+++ b/drivers/spi/Kconfig
@@ -71,7 +71,6 @@ config SPI_ARMADA_3700
 
 config SPI_ATMEL
tristate "Atmel SPI Controller"
-   depends on HAS_DMA
depends on (ARCH_AT91 || AVR32 || COMPILE_TEST)
help
  This selects a driver for the Atmel SPI Controller, present on
@@ -252,7 +251,6 @@ config SPI_EFM32
 
 config SPI_EP93XX
tristate "Cirrus Logic EP93xx SPI controller"
-   depends on HAS_DMA
depends on ARCH_EP93XX || COMPILE_TEST
help
  This enables using the Cirrus EP93xx SPI controller in master
@@ -374,7 +372,6 @@ config SPI_FSL_SPI
 config SPI_FSL_DSPI
tristate "Freescale DSPI controller"
select REGMAP_MMIO
-   depends on HAS_DMA
depends on SOC_VF610 || SOC_LS1021A || ARCH_LAYERSCAPE || M5441x || 
COMPILE_TEST
help
  This enables support for the Freescale DSPI controller in master
@@ -450,7 +447,6 @@ config SPI_OMAP_UWIRE
 
 config SPI_OMAP24XX
tristate "McSPI driver for OMAP"
-   depends on HAS_DMA
depends on ARCH_OMAP2PLUS || COMPILE_TEST
select SG_SPLIT
help
@@ -459,7 +455,6 @@ config SPI_OMAP24XX
 
 config SPI_TI_QSPI
tristate "DRA7xxx QSPI controller support"
-   depends on HAS_DMA
depends on ARCH_OMAP2PLUS || COMPILE_TEST
help
  QSPI master controller for DRA7xxx used for flash devices.
@@ -488,7 +483,6 @@ config SPI_PIC32
 config SPI_PIC32_SQI
tristate "Microchip PIC32 Quad SPI driver"
depends on MACH_PIC32 || COMPILE_TEST
-   depends on HAS_DMA
help
  SPI driver for PIC32 Quad SPI controller.
 
@@ -591,7 +585,7 @@ config SPI_SC18IS602
 
 config SPI_SH_MSIOF
tristate "SuperH MSIOF SPI controller"
-   depends on HAVE_CLK && HAS_DMA
+   depends on HAVE_CLK
depends on ARCH_SHMOBILE || ARCH_RENESAS || COMPILE_TEST
help
  SPI driver for SuperH and SH Mobile MSIOF blocks.
@@ -669,7 +663,7 @@ config SPI_MXS
 config SPI_TEGRA114
tristate "NVIDIA Tegra114 SPI Controller"
depends on (ARCH_TEGRA && TEGRA20_APB_DMA) || COMPILE_TEST
-   depends on RESET_CONTROLLER && HAS_DMA
+   depends on RESET_CONTROLLER
help
  SPI driver for NVIDIA Tegra114 SPI Controller interface. This 
controller
  is different than the older SoCs SPI controller and also register 
interface
@@ -687,7 +681,7 @@ config SPI_TEGRA20_SFLASH
 config SPI_TEGRA20_SLINK
tristate "Nvidia Tegra20/Tegra30 SLINK Controller"
depends on (ARCH_TEGRA && TEGRA20_APB_DMA) || COMPILE_TEST
-   depends on RESET_CONTROLLER && HAS_DMA
+   depends on RESET_CONTROLLER
help
  SPI driver for Nvidia Tegra20/Tegra30 SLINK Controller interface.
 
-- 
2.7.4

Re: [RESEND PATCH] Input: joystick/analog - Use get_cycles() on PPC

2018-03-16 Thread Michael Ellerman

Dmitry Torokhov  writes:
> On Wed, Mar 14, 2018 at 10:17:52PM +1100, Michael Ellerman wrote:
>> The analog joystick driver spits a warning at us:
>> 
>>   drivers/input/joystick/analog.c:176:2: warning: #warning Precise timer
>>   not defined for this architecture.
>> 
>> PPC has get_cycles() so use that.
>> 
>> Signed-off-by: Michael Ellerman 
>
> Applied, thank you.

Thanks.

cheers

[PATCH v2 20/21] staging: vc04_services: Remove depends on HAS_DMA in case of platform dependency

Remove dependencies on HAS_DMA where a Kconfig symbol depends on another
symbol that implies HAS_DMA, and, optionally, on "|| COMPILE_TEST".
In most cases this other symbol is an architecture or platform specific
symbol, or PCI.

Generic symbols and drivers without platform dependencies keep their
dependencies on HAS_DMA, to prevent compiling subsystems or drivers that
cannot work anyway.

This simplifies the dependencies, and allows to improve compile-testing.

Signed-off-by: Geert Uytterhoeven 
Reviewed-by: Mark Brown 
Acked-by: Robin Murphy 
---
v2:
  - Add Reviewed-by, Acked-by,
  - Drop RFC state,
  - Split per subsystem.
---
 drivers/staging/vc04_services/Kconfig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/drivers/staging/vc04_services/Kconfig 
b/drivers/staging/vc04_services/Kconfig
index f5aaf7d629f0fae9..98064ce2c2b47c7f 100644
--- a/drivers/staging/vc04_services/Kconfig
+++ b/drivers/staging/vc04_services/Kconfig
@@ -1,6 +1,5 @@
 menuconfig BCM_VIDEOCORE
tristate "Broadcom VideoCore support"
-   depends on HAS_DMA
depends on OF
depends on RASPBERRYPI_FIRMWARE || (COMPILE_TEST && 
!RASPBERRYPI_FIRMWARE)
default y
-- 
2.7.4

Re: [PATCH v2 7/8] tpm: Move pcr extend to tpm2-cmd.c

2018-03-16 Thread Jarkko Sakkinen

On Thu, Mar 15, 2018 at 11:28:55PM +, Winkler, Tomas wrote:
> > 
> > On Sat, 2018-03-10 at 10:24 +0200, Tomas Winkler wrote:
> > > Add tpm2_pcr_extend function to tpm2-cmd.c with signature required by
> > > tpm-interface.c. It wraps the original open code implementation. The
> > > original original tpm2_pcr_extend function is renamed and made static,
> > > called only from new tpm2_pcr_extend.
> > >
> > > Signed-off-by: Tomas Winkler 
> > 
> > This might concern some of the earlier patches too but please use exact
> > names for functions in the short and long summary i.e.
> > 
> >   tpm: migrate all of the PCR extension code to tpm2_pcr_extend()
> > 
> > Check this also for your long descriptions and previous that I gave 
> > reviewed-
> > by (I think they were otherwise fine). And you refer to a function in text 
> > use
> > parentheses after the name. I don't like hastily written commit messages.
> 
> 
> Yeah,  got little tired of describing the obvious. but you are right.
> Tomas

Might sound nit picking but a solid git log is useful tool.

/Jarkko

[PATCH v2 02/21] ata: Remove depends on HAS_DMA in case of platform dependency

Remove dependencies on HAS_DMA where a Kconfig symbol depends on another
symbol that implies HAS_DMA, and, optionally, on "|| COMPILE_TEST".
In most cases this other symbol is an architecture or platform specific
symbol, or PCI.

Generic symbols and drivers without platform dependencies keep their
dependencies on HAS_DMA, to prevent compiling subsystems or drivers that
cannot work anyway.

This simplifies the dependencies, and allows to improve compile-testing.

Signed-off-by: Geert Uytterhoeven 
Reviewed-by: Mark Brown 
Acked-by: Robin Murphy 
---
v2:
  - Add Reviewed-by, Acked-by,
  - Drop RFC state,
  - Split per subsystem.
---
 drivers/ata/Kconfig | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/ata/Kconfig b/drivers/ata/Kconfig
index a7120d6211546949..9eaeed1fb237fa33 100644
--- a/drivers/ata/Kconfig
+++ b/drivers/ata/Kconfig
@@ -398,7 +398,6 @@ config SATA_DWC_VDEBUG
 
 config SATA_HIGHBANK
tristate "Calxeda Highbank SATA support"
-   depends on HAS_DMA
depends on ARCH_HIGHBANK || COMPILE_TEST
help
  This option enables support for the Calxeda Highbank SoC's
@@ -408,7 +407,6 @@ config SATA_HIGHBANK
 
 config SATA_MV
tristate "Marvell SATA support"
-   depends on HAS_DMA
depends on PCI || ARCH_DOVE || ARCH_MV78XX0 || \
   ARCH_MVEBU || ARCH_ORION5X || COMPILE_TEST
select GENERIC_PHY
-- 
2.7.4

Re: [PATCH 04/21] powerpc: Mark both tmp variables as unused

2018-03-16 Thread Michael Ellerman

Christophe LEROY  writes:

> Le 25/02/2018 à 18:22, Mathieu Malaterre a écrit :
>> Since the value of `tmp` is never intended to be read, declare both `tmp`
>> variables as unused. Fix warning (treated as error in W=1):
>
> What about using fault_in_pages_readable() instead ?

Yeah that looks like it would work.

I'd be happy to take a tested patch :D

cheers

[tip:x86/timers] x86/tsc: Convert ART in nanoseconds to TSC

2018-03-16 Thread tip-bot for Rajvi Jingar

Commit-ID:  fc804f65d46236c211f530174904c1ed70db5888
Gitweb: https://git.kernel.org/tip/fc804f65d46236c211f530174904c1ed70db5888
Author: Rajvi Jingar 
AuthorDate: Thu, 8 Mar 2018 09:28:36 -0800
Committer:  Thomas Gleixner 
CommitDate: Fri, 16 Mar 2018 15:14:35 +0100

x86/tsc: Convert ART in nanoseconds to TSC

Device drivers use get_device_system_crosststamp() to produce precise
system/device cross-timestamps. The PHC clock and ALSA interfaces, for
example, make the cross-timestamps available to user applications.  On
Intel platforms, get_device_system_crosststamp() requires a TSC value
derived from ART (Always Running Timer) to compute the monotonic raw and
realtime system timestamps.

Starting with Intel Goldmont platforms, the PCIe root complex supports the
PTM time sync protocol. PTM requires all timestamps to be in units of
nanoseconds. The Intel root complex hardware propagates system time derived
from ART in units of nanoseconds performing the conversion as follows:

 ART_NS = ART * 1e9 / 

When user software requests a cross-timestamp, the system timestamps
(generally read from device registers) must be converted to TSC by the
driver software as follows:

TSC = ART_NS * TSC_KHZ / 1e6

This is valid when CPU feature flag X86_FEATURE_TSC_KNOWN_FREQ is set
indicating that tsc_khz is derived from CPUID[15H]. Drivers should check
whether this flag is set before conversion to TSC is attempted.

Suggested-by: Christopher S. Hall 
Signed-off-by: Rajvi Jingar 
Signed-off-by: Thomas Gleixner 
Cc: pet...@infradead.org
Link: 
https://lkml.kernel.org/r/1520530116-4925-1-git-send-email-rajvi.jin...@intel.com

---
 arch/x86/include/asm/tsc.h |  1 +
 arch/x86/kernel/tsc.c  | 39 +++
 2 files changed, 40 insertions(+)

diff --git a/arch/x86/include/asm/tsc.h b/arch/x86/include/asm/tsc.h
index cf5d53c3f9ea..2701d221583a 100644
--- a/arch/x86/include/asm/tsc.h
+++ b/arch/x86/include/asm/tsc.h
@@ -31,6 +31,7 @@ static inline cycles_t get_cycles(void)
 }
 
 extern struct system_counterval_t convert_art_to_tsc(u64 art);
+extern struct system_counterval_t convert_art_ns_to_tsc(u64 art_ns);
 
 extern void tsc_early_delay_calibrate(void);
 extern void tsc_init(void);
diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index fb4302738410..ef32297ff17e 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -1179,6 +1179,45 @@ struct system_counterval_t convert_art_to_tsc(u64 art)
 }
 EXPORT_SYMBOL(convert_art_to_tsc);
 
+/**
+ * convert_art_ns_to_tsc() - Convert ART in nanoseconds to TSC.
+ * @art_ns: ART (Always Running Timer) in unit of nanoseconds
+ *
+ * PTM requires all timestamps to be in units of nanoseconds. When user
+ * software requests a cross-timestamp, this function converts system timestamp
+ * to TSC.
+ *
+ * This is valid when CPU feature flag X86_FEATURE_TSC_KNOWN_FREQ is set
+ * indicating the tsc_khz is derived from CPUID[15H]. Drivers should check
+ * that this flag is set before conversion to TSC is attempted.
+ *
+ * Return:
+ * struct system_counterval_t - system counter value with the pointer to the
+ * corresponding clocksource
+ * @cycles:System counter value
+ * @cs:Clocksource corresponding to system counter value. Used
+ * by timekeeping code to verify comparibility of two cycle
+ * values.
+ */
+
+struct system_counterval_t convert_art_ns_to_tsc(u64 art_ns)
+{
+   u64 tmp, res, rem;
+
+   rem = do_div(art_ns, USEC_PER_SEC);
+
+   res = art_ns * tsc_khz;
+   tmp = rem * tsc_khz;
+
+   do_div(tmp, USEC_PER_SEC);
+   res += tmp;
+
+   return (struct system_counterval_t) { .cs = art_related_clocksource,
+ .cycles = res};
+}
+EXPORT_SYMBOL(convert_art_ns_to_tsc);
+
+
 static void tsc_refine_calibration_work(struct work_struct *work);
 static DECLARE_DELAYED_WORK(tsc_irqwork, tsc_refine_calibration_work);
 /**

Re: [PATCH RFC 2/2] virtio_ring: support packed ring

2018-03-16 Thread Michael S. Tsirkin

On Fri, Mar 16, 2018 at 07:36:47PM +0800, Jason Wang wrote:
> > > @@ -1096,17 +1599,21 @@ struct virtqueue *vring_create_virtqueue(
> > > > > > > > if (!queue) {
> > > > > > > > /* Try to get a single page. You are my only 
> > > > > > > > hope! */
> > > > > > > > -   queue = vring_alloc_queue(vdev, vring_size(num, 
> > > > > > > > vring_align),
> > > > > > > > +   queue = vring_alloc_queue(vdev, 
> > > > > > > > __vring_size(num, vring_align,
> > > > > > > > +
> > > > > > > > packed),
> > > > > > > >   _addr, 
> > > > > > > > GFP_KERNEL|__GFP_ZERO);
> > > > > > > > }
> > > > > > > > if (!queue)
> > > > > > > > return NULL;
> > > > > > > > -   queue_size_in_bytes = vring_size(num, vring_align);
> > > > > > > > -   vring_init(, num, queue, vring_align);
> > > > > > > > +   queue_size_in_bytes = __vring_size(num, vring_align, 
> > > > > > > > packed);
> > > > > > > > +   if (packed)
> > > > > > > > +   vring_packed_init(_packed, num, 
> > > > > > > > queue, vring_align);
> > > > > > > > +   else
> > > > > > > > +   vring_init(_split, num, queue, 
> > > > > > > > vring_align);
> > > > > > > Let's rename vring_init to vring_init_split() like other helpers?
> > > > > > The vring_init() is a public API in 
> > > > > > include/uapi/linux/virtio_ring.h.
> > > > > > I don't think we can rename it.
> > > > > I see, then this need more thoughts to unify the API.
> > > > My thought is to keep the old API as is, and introduce
> > > > new types and helpers for packed ring.
> > > I admit it's not a fault of this patch. But we'd better think of this in 
> > > the
> > > future, consider we may have new kinds of ring.
> > > 
> > > > More details can be found in this patch:
> > > > https://lkml.org/lkml/2018/2/23/243
> > > > (PS. The type which has bit fields is just for reference,
> > > >and will be changed in next version.)
> > > > 
> > > > Do you have any other suggestions?
> > > No.
> > Hmm.. Sorry, I didn't describe my question well.
> > I mean do you have any suggestions about the API
> > design for packed ring in uapi header? Currently
> > I introduced below two new helpers:
> > 
> > static inline void vring_packed_init(struct vring_packed *vr, unsigned int 
> > num,
> >  void *p, unsigned long align);
> > static inline unsigned vring_packed_size(unsigned int num, unsigned long 
> > align);
> > 
> > When new rings are introduced in the future, above
> > helpers can't be reused. Maybe we should make the
> > helpers be able to determine the ring type?
> 
> Let's wait for Michael's comment here. Generally, I fail to understand why
> vring_init() become a part of uapi. Git grep shows the only use cases are
> virtio_test/vringh_test.
> 
> Thanks

For init - I think it's a mistake that stems from lguest which sometimes
made it less than obvious which code is where.  I don't see a reason to
add to it.

-- 
MST

Re: [PATCH v2 17/21] scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency

2018-03-16 Thread John Garry


On 16/03/2018 13:51, Geert Uytterhoeven wrote:

Remove dependencies on HAS_DMA where a Kconfig symbol depends on another
symbol that implies HAS_DMA, and, optionally, on "|| COMPILE_TEST".
In most cases this other symbol is an architecture or platform specific
symbol, or PCI.

Generic symbols and drivers without platform dependencies keep their
dependencies on HAS_DMA, to prevent compiling subsystems or drivers that
cannot work anyway.

This simplifies the dependencies, and allows to improve compile-testing.

Signed-off-by: Geert Uytterhoeven 
Reviewed-by: Mark Brown 
Acked-by: Robin Murphy 


Acked-by: John Garry

[tip:perf/core] perf/core: Clear sibling list of detached events

2018-03-16 Thread tip-bot for Mark Rutland

Commit-ID:  bbb68468641547d56c83012670bcaf77f3dacd64
Gitweb: https://git.kernel.org/tip/bbb68468641547d56c83012670bcaf77f3dacd64
Author: Mark Rutland 
AuthorDate: Fri, 16 Mar 2018 12:51:40 +
Committer:  Thomas Gleixner 
CommitDate: Fri, 16 Mar 2018 15:34:24 +0100

perf/core: Clear sibling list of detached events

When perf_group_dettach() is called on a group leader, it updates each
sibling's group_leader field to point to that sibling, effectively
upgrading each siblnig to a group leader. After perf_group_detach has
completed, the caller may free the leader event.

We only remove siblings from the group leader's sibling_list when the
leader has a non-empty group_node. This was fine prior to commit:

  8343aae66167df67 ("perf/core: Remove perf_event::group_entry")

... as the sibling's sibling_list would be empty. However, now that we
use the sibling_list field as both the list head and the list entry,
this leaves each sibling with a non-empty sibling list, including the
stale leader event.

If perf_group_detach() is subsequently called on a sibling, it will
appear to be a group leader, and we'll walk the sibling_list,
potentially dereferencing these stale events. In 0day testing, this has
been observed to result in kernel panics.

Let's avoid this by always removing siblings from the sibling list when
we promote them to leaders.

Fixes: 8343aae66167df67 ("perf/core: Remove perf_event::group_entry")
Signed-off-by: Mark Rutland 
Signed-off-by: Thomas Gleixner 
Cc: vincent.wea...@maine.edu
Cc: Peter Zijlstra 
Cc: torva...@linux-foundation.org
Cc: Alexey Budankov 
Cc: valery.cherepenni...@intel.com
Cc: linux-tip-comm...@vger.kernel.org
Cc: eran...@google.com
Cc: a...@redhat.com
Cc: alexander.shish...@linux.intel.com
Cc: davi...@google.com
Cc: kan.li...@intel.com
Cc: dmitry.proho...@intel.com
Cc: Jiri Olsa 
Link: 
https://lkml.kernel.org/r/20180316131741.3svgr64yibc6v...@lakrids.cambridge.arm.com
---
 kernel/events/core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/events/core.c b/kernel/events/core.c
index 4d7a460d6669..2776a660db15 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -1906,12 +1906,12 @@ static void perf_group_detach(struct perf_event *event)
list_for_each_entry_safe(sibling, tmp, >sibling_list, 
sibling_list) {
 
sibling->group_leader = sibling;
+   list_del_init(>sibling_list);
 
/* Inherit group flags from the previous leader */
sibling->group_caps = event->group_caps;
 
if (!RB_EMPTY_NODE(>group_node)) {
-   list_del_init(>sibling_list);
add_event_to_groups(sibling, event->ctx);
 
if (sibling->state == PERF_EVENT_STATE_ACTIVE) {

GREETINGS FROM MOHAMMED AHMED .

2018-03-16 Thread Mohammad Ahmed

My Dear Friend.

I am Mr. Mohammed Ahmed a banker in Bank of Africa Burkina Faso West
Africa, Please i want to transfer an abandoned sum of 13.5 millions
USD to your  account if you can permit and 50% will be for you and 50%
for me.

No risk involved. Contact me for more details along with your personal
information needed below to build more trust and confident.

1. Full name:.
2. Current Address:.
3. Phone.
4. Occupation:.
5. Age:
6. Country:
7. Sex
8. Your Passport or ID card or Driving License

Thanks.

Best Regards.

Mr. Mohammed Ahmed.

[PATCH] usb: dwc3: core: Fix broken system suspend/resume on AM437x

2018-03-16 Thread Roger Quadros

On TI's AM437x, the DWC3 controller looses state after a
system suspend/resume. We are re-initializing the controller
but we miss restoring the PRTCAP register. This causes
USB host to break on AM437x after a system suspend/resume.

Fix this by restoring the PRTCAP register on system resume.

Signed-off-by: Roger Quadros 
---
 drivers/usb/dwc3/core.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c
index e8890c0..5becd7f 100644
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1374,6 +1374,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, 
pm_message_t msg)
if (ret)
return ret;
 
+   dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_DEVICE);
spin_lock_irqsave(>lock, flags);
dwc3_gadget_resume(dwc);
spin_unlock_irqrestore(>lock, flags);
@@ -1384,6 +1385,7 @@ static int dwc3_resume_common(struct dwc3 *dwc, 
pm_message_t msg)
ret = dwc3_core_init(dwc);
if (ret)
return ret;
+   dwc3_set_prtcap(dwc, DWC3_GCTL_PRTCAP_HOST);
}
break;
case DWC3_GCTL_PRTCAP_OTG:
-- 
cheers,
-roger

Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. 
Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki

Re: [PATCH V8 1/5] crypto: Multi-buffer encryption infrastructure support

2018-03-16 Thread Herbert Xu

On Thu, Jan 18, 2018 at 04:44:21PM -0800, Megha Dey wrote:
>
> > So the mcryptd template is in fact completely superfluous.  You
> > can remove it and just have all the main encrypt/decrypt functions
> > invoke the underlying encrypt/decrypt function directly and achieve
> > the same result.
> > 
> > Am I missing something?
> 
> Hi Herbert,
> 
> After discussing with Tim, it seems like the mcryptd is responsible for
> queuing up the encrypt requests and dispatching them to the actual
> multi-buffer raw algorithm.  It also flushes the queue
> if we wait too long without new requests coming in to force dispatch of
> the requests in queue.
> 
> Its function is analogous to cryptd but it has its own multi-lane twists
> so we haven't reused the cryptd interface.

I have taken a deeper look and I'm even more convinced now that
mcryptd is simply not needed in your current model.

The only reason you would need mcryptd is if you need to limit
the rate of requests going into the underlying mb algorithm.

However, it doesn't do that all.  Even though it seems to have a
batch size of 10, but because it immediately reschedules itself
after the batch runs out, it's essentially just dumping all requests
at the underlying algorithm as fast as they're coming in.  The
underlying algorithm doesn't have need throttling anyway because
it'll do the work when the queue is full synchronously.

So why not just get rid of mcryptd completely and expose the
underlying algorithm as a proper async skcipher/hash?

Thanks,
-- 
Email: Herbert Xu 
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

[PATCH 0/2] irqchip/gic*: Complain about the use of IRQ_TYPE_NONE

2018-03-16 Thread Marc Zyngier

Grepping through the dts files, the documentation, and reviewing
patches, one can only notice the use of IRQ_TYPE_NONE in interrupt
specifiers. At least for the GIC, this doesn't mean anything. The
unsuspecting driver will end-up with whatever was there before, and
there is a 50% probability that it is not what it wants.

I'd love to fix it myself, but I also have a 50% probability of
getting it wrong. In order to make the user aware they are walking on
thin ice, let's add some warnings. Hopefully, they'll be annoying
enough that people will fix their firmware. Croudsourcing debugging...

If nobody complains louder than the warnings, I plan to get this into
4.17.

Marc Zyngier (2):
  irqchip/gic: Loudly complain about the use of IRQ_TYPE_NONE
  irqchip/gic-v3: Loudly complain about the use of IRQ_TYPE_NONE

 drivers/irqchip/irq-gic-v3.c | 5 +
 drivers/irqchip/irq-gic.c| 5 +
 2 files changed, 10 insertions(+)

-- 
2.14.2

[PATCH v6 1/3] dt-bindings: display: bridge: Document THC63LVD1024 LVDS decoder

2018-03-16 Thread Jacopo Mondi

Document Thine THC63LVD1024 LVDS decoder device tree bindings.

Signed-off-by: Jacopo Mondi 
Reviewed-by: Andrzej Hajda 
Reviewed-by: Niklas Söderlund 
---
 .../bindings/display/bridge/thine,thc63lvd1024.txt | 66 ++
 1 file changed, 66 insertions(+)
 create mode 100644 
Documentation/devicetree/bindings/display/bridge/thine,thc63lvd1024.txt

diff --git 
a/Documentation/devicetree/bindings/display/bridge/thine,thc63lvd1024.txt 
b/Documentation/devicetree/bindings/display/bridge/thine,thc63lvd1024.txt
new file mode 100644
index 000..8225c6a
--- /dev/null
+++ b/Documentation/devicetree/bindings/display/bridge/thine,thc63lvd1024.txt
@@ -0,0 +1,66 @@
+Thine Electronics THC63LVD1024 LVDS decoder
+---
+
+The THC63LVD1024 is a dual link LVDS receiver designed to convert LVDS streams
+to parallel data outputs. The chip supports single/dual input/output modes,
+handling up to two two input LVDS stream and up to two digital CMOS/TTL 
outputs.
+
+Single or dual operation modes, output data mapping and DDR output modes are
+configured through input signals and the chip does not expose any control bus.
+
+Required properties:
+- compatible: Shall be "thine,thc63lvd1024"
+
+Optional properties:
+- vcc-supply: Power supply for TTL output and digital circuitry
+- cvcc-supply: Power supply for TTL CLOCKOUT signal
+- lvcc-supply: Power supply for LVDS inputs
+- pvcc-supply: Power supply for PLL circuitry
+- pdwn-gpios: Power down GPIO signal. Active low
+- oe-gpios: Output enable GPIO signal. Active high
+
+The THC63LVD1024 video port connections are modeled according
+to OF graph bindings specified by Documentation/devicetree/bindings/graph.txt
+
+Required video port nodes:
+- Port@0: First LVDS input port
+- Port@2: First digital CMOS/TTL parallel output
+
+Optional video port nodes:
+- Port@1: Second LVDS input port
+- Port@3: Second digital CMOS/TTL parallel output
+
+Example:
+
+
+   thc63lvd1024: lvds-decoder {
+   compatible = "thine,thc63lvd1024";
+
+   vcc-supply = <_lvds_vcc>;
+   lvcc-supply = <_lvds_lvcc>;
+
+   pdwn-gpio = < 15 GPIO_ACTIVE_LOW>;
+
+   ports {
+   #address-cells = <1>;
+   #size-cells = <0>;
+
+   port@0 {
+   reg = <0>;
+
+   lvds_dec_in_0: endpoint {
+   remote-endpoint = <_out>;
+   };
+   };
+
+   port@2{
+   reg = <2>;
+
+   lvds_dec_out_2: endpoint {
+   remote-endpoint = <_in>;
+   };
+
+   };
+
+   };
+   };
-- 
2.7.4

[PATCH v2 04/21] fbdev: Remove depends on HAS_DMA in case of platform dependency

Remove dependencies on HAS_DMA where a Kconfig symbol depends on another
symbol that implies HAS_DMA, and, optionally, on "|| COMPILE_TEST".
In most cases this other symbol is an architecture or platform specific
symbol, or PCI.

Generic symbols and drivers without platform dependencies keep their
dependencies on HAS_DMA, to prevent compiling subsystems or drivers that
cannot work anyway.

This simplifies the dependencies, and allows to improve compile-testing.

Signed-off-by: Geert Uytterhoeven 
Reviewed-by: Mark Brown 
Acked-by: Robin Murphy 
---
v2:
  - Add Reviewed-by, Acked-by,
  - Drop RFC state,
  - Split per subsystem.
---
 drivers/video/fbdev/Kconfig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/video/fbdev/Kconfig b/drivers/video/fbdev/Kconfig
index 11e699f1062b78ea..abee481f5fb778dd 100644
--- a/drivers/video/fbdev/Kconfig
+++ b/drivers/video/fbdev/Kconfig
@@ -2174,7 +2174,8 @@ config FB_XILINX
 
 config FB_GOLDFISH
tristate "Goldfish Framebuffer"
-   depends on FB && HAS_DMA && (GOLDFISH || COMPILE_TEST)
+   depends on FB
+   depends on GOLDFISH || COMPILE_TEST
select FB_CFB_FILLRECT
select FB_CFB_COPYAREA
select FB_CFB_IMAGEBLIT
-- 
2.7.4

[PATCH 4.4 38/63] netfilter: ebtables: CONFIG_COMPAT: dont trust userland offsets

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Florian Westphal 

commit b71812168571fa55e44cdd0254471331b9c4c4c6 upstream.

We need to make sure the offsets are not out of range of the
total size.
Also check that they are in ascending order.

The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
changed to also bail out, no point in continuing parsing.

Briefly tested with simple ruleset of
-A INPUT --limit 1/s' --log
plus jump to custom chains using 32bit ebtables binary.

Reported-by: 
Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Greg Kroah-Hartman 

---
 net/bridge/netfilter/ebtables.c |   13 -
 1 file changed, 12 insertions(+), 1 deletion(-)

--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -2021,7 +2021,9 @@ static int ebt_size_mwt(struct compat_eb
if (match_kern)
match_kern->match_size = ret;
 
-   WARN_ON(type == EBT_COMPAT_TARGET && size_left);
+   if (WARN_ON(type == EBT_COMPAT_TARGET && size_left))
+   return -EINVAL;
+
match32 = (struct compat_ebt_entry_mwt *) buf;
}
 
@@ -2078,6 +2080,15 @@ static int size_entry_mwt(struct ebt_ent
 *
 * offsets are relative to beginning of struct ebt_entry (i.e., 0).
 */
+   for (i = 0; i < 4 ; ++i) {
+   if (offsets[i] >= *total)
+   return -EINVAL;
+   if (i == 0)
+   continue;
+   if (offsets[i-1] > offsets[i])
+   return -EINVAL;
+   }
+
for (i = 0, j = 1 ; j < 4 ; j++, i++) {
struct compat_ebt_entry_mwt *match32;
unsigned int size;

[PATCH 4.4 40/63] netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Florian Westphal 

commit b078556aecd791b0e5cb3a59f4c3a14273b52121 upstream.

l4proto->manip_pkt() can cause reallocation of skb head so pointer
to the ipv6 header must be reloaded.

Reported-and-tested-by: 
Fixes: 58a317f1061c89 ("netfilter: ipv6: add IPv6 NAT support")
Signed-off-by: Florian Westphal 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Greg Kroah-Hartman 

---
 net/ipv6/netfilter/nf_nat_l3proto_ipv6.c |4 
 1 file changed, 4 insertions(+)

--- a/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_nat_l3proto_ipv6.c
@@ -99,6 +99,10 @@ static bool nf_nat_ipv6_manip_pkt(struct
!l4proto->manip_pkt(skb, _nat_l3proto_ipv6, iphdroff, hdroff,
target, maniptype))
return false;
+
+   /* must reload, offset might have changed */
+   ipv6h = (void *)skb->data + iphdroff;
+
 manip_addr:
if (maniptype == NF_NAT_MANIP_SRC)
ipv6h->saddr = target->src.u3.in6;

[PATCH 4.4 51/63] x86: Treat R_X86_64_PLT32 as R_X86_64_PC32

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: H.J. Lu 

commit b21ebf2fb4cde1618915a97cc773e287ff49173e upstream.

On i386, there are 2 types of PLTs, PIC and non-PIC.  PIE and shared
objects must use PIC PLT.  To use PIC PLT, you need to load
_GLOBAL_OFFSET_TABLE_ into EBX first.  There is no need for that on
x86-64 since x86-64 uses PC-relative PLT.

On x86-64, for 32-bit PC-relative branches, we can generate PLT32
relocation, instead of PC32 relocation, which can also be used as
a marker for 32-bit PC-relative branches.  Linker can always reduce
PLT32 relocation to PC32 if function is defined locally.   Local
functions should use PC32 relocation.  As far as Linux kernel is
concerned, R_X86_64_PLT32 can be treated the same as R_X86_64_PC32
since Linux kernel doesn't use PLT.

R_X86_64_PLT32 for 32-bit PC-relative branches has been enabled in
binutils master branch which will become binutils 2.31.

[ hjl is working on having better documentation on this all, but a few
  more notes from him:

   "PLT32 relocation is used as marker for PC-relative branches. Because
of EBX, it looks odd to generate PLT32 relocation on i386 when EBX
doesn't have GOT.

As for symbol resolution, PLT32 and PC32 relocations are almost
interchangeable. But when linker sees PLT32 relocation against a
protected symbol, it can resolved locally at link-time since it is
used on a branch instruction. Linker can't do that for PC32
relocation"

  but for the kernel use, the two are basically the same, and this
  commit gets things building and working with the current binutils
  master   - Linus ]

Signed-off-by: H.J. Lu 
Signed-off-by: Linus Torvalds 
Cc: Matthias Kaehlcke 
Signed-off-by: Greg Kroah-Hartman 

---
 arch/x86/kernel/machine_kexec_64.c |1 +
 arch/x86/kernel/module.c   |1 +
 arch/x86/tools/relocs.c|3 +++
 3 files changed, 5 insertions(+)

--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -519,6 +519,7 @@ int arch_kexec_apply_relocations_add(con
goto overflow;
break;
case R_X86_64_PC32:
+   case R_X86_64_PLT32:
value -= (u64)address;
*(u32 *)location = value;
break;
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
@@ -189,6 +189,7 @@ int apply_relocate_add(Elf64_Shdr *sechd
goto overflow;
break;
case R_X86_64_PC32:
+   case R_X86_64_PLT32:
if (*(u32 *)loc != 0)
goto invalid_relocation;
val -= (u64)loc;
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
@@ -769,9 +769,12 @@ static int do_reloc64(struct section *se
break;
 
case R_X86_64_PC32:
+   case R_X86_64_PLT32:
/*
 * PC relative relocations don't need to be adjusted unless
 * referencing a percpu symbol.
+*
+* NB: R_X86_64_PLT32 can be treated as R_X86_64_PC32.
 */
if (is_percpu_sym(sym, symname))
add_reloc(, offset);

[PATCH 4.4 53/63] tty/serial: atmel: add new version check for usart

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Jonas Danielsson 

commit fd63a8903a2c40425a9811c3371dd4d0f42c0ad3 upstream.

On our at91sam9260 based board the usart0 and usart1 ports report
their versions (ATMEL_US_VERSION) as 0x10302. This version is not
included in the current checks in the driver.

Signed-off-by: Jonas Danielsson 
Acked-by: Richard Genoud 
Acked-by: Nicolas Ferre 
Cc: stable 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/tty/serial/atmel_serial.c |1 +
 1 file changed, 1 insertion(+)

--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1783,6 +1783,7 @@ static void atmel_get_ip_name(struct uar
switch (version) {
case 0x302:
case 0x10213:
+   case 0x10302:
dev_dbg(port->dev, "This version is usart\n");
atmel_port->is_usart = true;
break;

[PATCH 4.4 41/63] netfilter: use skb_to_full_sk in ip_route_me_harder

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Florian Westphal 

commit 29e09229d9f26129a39462fae0ddabc4d9533989 upstream.

inet_sk(skb->sk) is illegal in case skb is attached to request socket.

Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of 
listener")
Reported by: Daniel J Blueman 
Signed-off-by: Florian Westphal 
Tested-by: Daniel J Blueman 
Signed-off-by: Pablo Neira Ayuso 
Signed-off-by: Greg Kroah-Hartman 

---
 net/ipv4/netfilter.c |7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -23,7 +23,8 @@ int ip_route_me_harder(struct net *net,
struct rtable *rt;
struct flowi4 fl4 = {};
__be32 saddr = iph->saddr;
-   __u8 flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : 0;
+   const struct sock *sk = skb_to_full_sk(skb);
+   __u8 flags = sk ? inet_sk_flowi_flags(sk) : 0;
unsigned int hh_len;
 
if (addr_type == RTN_UNSPEC)
@@ -39,7 +40,7 @@ int ip_route_me_harder(struct net *net,
fl4.daddr = iph->daddr;
fl4.saddr = saddr;
fl4.flowi4_tos = RT_TOS(iph->tos);
-   fl4.flowi4_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
+   fl4.flowi4_oif = sk ? sk->sk_bound_dev_if : 0;
fl4.flowi4_mark = skb->mark;
fl4.flowi4_flags = flags;
rt = ip_route_output_key(net, );
@@ -58,7 +59,7 @@ int ip_route_me_harder(struct net *net,
xfrm_decode_session(skb, flowi4_to_flowi(), AF_INET) == 0) {
struct dst_entry *dst = skb_dst(skb);
skb_dst_set(skb, NULL);
-   dst = xfrm_lookup(net, dst, flowi4_to_flowi(), skb->sk, 0);
+   dst = xfrm_lookup(net, dst, flowi4_to_flowi(), sk, 0);
if (IS_ERR(dst))
return PTR_ERR(dst);
skb_dst_set(skb, dst);

[PATCH 4.4 60/63] usb: usbmon: Read text within supplied buffer size

4.4-stable review patch.  If anyone has any objections, please let me know.

--

From: Pete Zaitcev 

commit a5f596830e27e15f7a0ecd6be55e433d776986d8 upstream.

This change fixes buffer overflows and silent data corruption with the
usbmon device driver text file read operations.

Signed-off-by: Fredrik Noring 
Signed-off-by: Pete Zaitcev 
Cc: stable 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/usb/mon/mon_text.c |  124 +++--
 1 file changed, 77 insertions(+), 47 deletions(-)

--- a/drivers/usb/mon/mon_text.c
+++ b/drivers/usb/mon/mon_text.c
@@ -82,6 +82,8 @@ struct mon_reader_text {
 
wait_queue_head_t wait;
int printf_size;
+   size_t printf_offset;
+   size_t printf_togo;
char *printf_buf;
struct mutex printf_lock;
 
@@ -373,75 +375,103 @@ err_alloc:
return rc;
 }
 
-/*
- * For simplicity, we read one record in one system call and throw out
- * what does not fit. This means that the following does not work:
- *   dd if=/dbg/usbmon/0t bs=10
- * Also, we do not allow seeks and do not bother advancing the offset.
- */
+static ssize_t mon_text_copy_to_user(struct mon_reader_text *rp,
+char __user * const buf, const size_t nbytes)
+{
+   const size_t togo = min(nbytes, rp->printf_togo);
+
+   if (copy_to_user(buf, >printf_buf[rp->printf_offset], togo))
+   return -EFAULT;
+   rp->printf_togo -= togo;
+   rp->printf_offset += togo;
+   return togo;
+}
+
+/* ppos is not advanced since the llseek operation is not permitted. */
 static ssize_t mon_text_read_t(struct file *file, char __user *buf,
-   size_t nbytes, loff_t *ppos)
+size_t nbytes, loff_t *ppos)
 {
struct mon_reader_text *rp = file->private_data;
struct mon_event_text *ep;
struct mon_text_ptr ptr;
+   ssize_t ret;
 
-   ep = mon_text_read_wait(rp, file);
-   if (IS_ERR(ep))
-   return PTR_ERR(ep);
mutex_lock(>printf_lock);
-   ptr.cnt = 0;
-   ptr.pbuf = rp->printf_buf;
-   ptr.limit = rp->printf_size;
-
-   mon_text_read_head_t(rp, , ep);
-   mon_text_read_statset(rp, , ep);
-   ptr.cnt += snprintf(ptr.pbuf + ptr.cnt, ptr.limit - ptr.cnt,
-   " %d", ep->length);
-   mon_text_read_data(rp, , ep);
 
-   if (copy_to_user(buf, rp->printf_buf, ptr.cnt))
-   ptr.cnt = -EFAULT;
+   if (rp->printf_togo == 0) {
+
+   ep = mon_text_read_wait(rp, file);
+   if (IS_ERR(ep)) {
+   mutex_unlock(>printf_lock);
+   return PTR_ERR(ep);
+   }
+   ptr.cnt = 0;
+   ptr.pbuf = rp->printf_buf;
+   ptr.limit = rp->printf_size;
+
+   mon_text_read_head_t(rp, , ep);
+   mon_text_read_statset(rp, , ep);
+   ptr.cnt += snprintf(ptr.pbuf + ptr.cnt, ptr.limit - ptr.cnt,
+   " %d", ep->length);
+   mon_text_read_data(rp, , ep);
+
+   rp->printf_togo = ptr.cnt;
+   rp->printf_offset = 0;
+
+   kmem_cache_free(rp->e_slab, ep);
+   }
+
+   ret = mon_text_copy_to_user(rp, buf, nbytes);
mutex_unlock(>printf_lock);
-   kmem_cache_free(rp->e_slab, ep);
-   return ptr.cnt;
+   return ret;
 }
 
+/* ppos is not advanced since the llseek operation is not permitted. */
 static ssize_t mon_text_read_u(struct file *file, char __user *buf,
-   size_t nbytes, loff_t *ppos)
+size_t nbytes, loff_t *ppos)
 {
struct mon_reader_text *rp = file->private_data;
struct mon_event_text *ep;
struct mon_text_ptr ptr;
+   ssize_t ret;
 
-   ep = mon_text_read_wait(rp, file);
-   if (IS_ERR(ep))
-   return PTR_ERR(ep);
mutex_lock(>printf_lock);
-   ptr.cnt = 0;
-   ptr.pbuf = rp->printf_buf;
-   ptr.limit = rp->printf_size;
 
-   mon_text_read_head_u(rp, , ep);
-   if (ep->type == 'E') {
-   mon_text_read_statset(rp, , ep);
-   } else if (ep->xfertype == USB_ENDPOINT_XFER_ISOC) {
-   mon_text_read_isostat(rp, , ep);
-   mon_text_read_isodesc(rp, , ep);
-   } else if (ep->xfertype == USB_ENDPOINT_XFER_INT) {
-   mon_text_read_intstat(rp, , ep);
-   } else {
-   mon_text_read_statset(rp, , ep);
+   if (rp->printf_togo == 0) {
+
+   ep = mon_text_read_wait(rp, file);
+   if (IS_ERR(ep)) {
+   mutex_unlock(>printf_lock);
+   return PTR_ERR(ep);
+   }
+   ptr.cnt = 0;
+   ptr.pbuf = rp->printf_buf;
+   ptr.limit = rp->printf_size;
+
+   mon_text_read_head_u(rp, , ep);
+

[PATCH 4.14 078/109] ath10k: fix invalid STS_CAP_OFFSET_MASK

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Ben Greear 


[ Upstream commit 8cec57f5277ef0e354e37a0bf909dc71bc1f865b ]

The 10.4 firmware defines this as a 3-bit field, as does the
mac80211 stack.  The 4th bit is defined as CONF_IMPLICIT_BF
at least in the firmware header I have seen.  This patch
fixes the ath10k wmi header to match the firmware.

Signed-off-by: Ben Greear 
Signed-off-by: Kalle Valo 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/net/wireless/ath/ath10k/wmi.h |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/net/wireless/ath/ath10k/wmi.h
+++ b/drivers/net/wireless/ath/ath10k/wmi.h
@@ -5235,7 +5235,8 @@ enum wmi_10_4_vdev_param {
 #define WMI_VDEV_PARAM_TXBF_MU_TX_BFER BIT(3)
 
 #define WMI_TXBF_STS_CAP_OFFSET_LSB4
-#define WMI_TXBF_STS_CAP_OFFSET_MASK   0xf0
+#define WMI_TXBF_STS_CAP_OFFSET_MASK   0x70
+#define WMI_TXBF_CONF_IMPLICIT_BF   BIT(7)
 #define WMI_BF_SOUND_DIM_OFFSET_LSB8
 #define WMI_BF_SOUND_DIM_OFFSET_MASK   0xf00

[PATCH 4.14 071/109] pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using STP_ISEN_1_D

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Takeshi Kihara 


[ Upstream commit b16cd900de7911f96af17327a081a2141a0b763f ]

This patch fixes the implementation incorrect of MOD_SEL1 bit[25:24]
value when STP_ISEN_1_D pin function is selected for IPSR16 bit[27:24].

This is a correction to the incorrect implementation of MOD_SEL register
pin assignment for R8A7795 SoC specification of R-Car Gen3 Hardware
User's Manual Rev.0.51E.

Fixes: 0b0ffc96dbe30fa9 ("pinctrl: sh-pfc: Initial R8A7795 PFC support)
Signed-off-by: Takeshi Kihara 
Signed-off-by: Yoshihiro Kaneko 
Signed-off-by: Geert Uytterhoeven 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/pinctrl/sh-pfc/pfc-r8a7795-es1.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/pinctrl/sh-pfc/pfc-r8a7795-es1.c
+++ b/drivers/pinctrl/sh-pfc/pfc-r8a7795-es1.c
@@ -1397,7 +1397,7 @@ static const u16 pinmux_data[] = {
PINMUX_IPSR_MSEL(IP16_27_24,AUDIO_CLKOUT_B, SEL_ADG_1),
PINMUX_IPSR_MSEL(IP16_27_24,SSI_SCK2_B, SEL_SSI_1),
PINMUX_IPSR_MSEL(IP16_27_24,TS_SDEN1_D, SEL_TSIF1_3),
-   PINMUX_IPSR_MSEL(IP16_27_24,STP_ISEN_1_D,   SEL_SSP1_1_2),
+   PINMUX_IPSR_MSEL(IP16_27_24,STP_ISEN_1_D,   SEL_SSP1_1_3),
PINMUX_IPSR_MSEL(IP16_27_24,STP_OPWM_0_E,   SEL_SSP1_0_4),
PINMUX_IPSR_MSEL(IP16_27_24,RIF3_D0_B,  SEL_DRIF3_1),
PINMUX_IPSR_MSEL(IP16_27_24,TCLK2_B,
SEL_TIMER_TMU_1),

[PATCH 4.14 064/109] dmaengine: bcm2835-dma: Use vchan_terminate_vdesc() instead of desc_free

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Peter Ujfalusi 


[ Upstream commit de92436ac40ffe9933230aa503e24dbb5ede9201 ]

To avoid race with vchan_complete, use the race free way to terminate
running transfer.

Implement the device_synchronize callback to make sure that the terminated
descriptor is freed.

Signed-off-by: Peter Ujfalusi 
Acked-by: Eric Anholt 
Signed-off-by: Vinod Koul 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/dma/bcm2835-dma.c |   10 +-
 1 file changed, 9 insertions(+), 1 deletion(-)

--- a/drivers/dma/bcm2835-dma.c
+++ b/drivers/dma/bcm2835-dma.c
@@ -812,7 +812,7 @@ static int bcm2835_dma_terminate_all(str
 * c->desc is NULL and exit.)
 */
if (c->desc) {
-   bcm2835_dma_desc_free(>desc->vd);
+   vchan_terminate_vdesc(>desc->vd);
c->desc = NULL;
bcm2835_dma_abort(c->chan_base);
 
@@ -836,6 +836,13 @@ static int bcm2835_dma_terminate_all(str
return 0;
 }
 
+static void bcm2835_dma_synchronize(struct dma_chan *chan)
+{
+   struct bcm2835_chan *c = to_bcm2835_dma_chan(chan);
+
+   vchan_synchronize(>vc);
+}
+
 static int bcm2835_dma_chan_init(struct bcm2835_dmadev *d, int chan_id,
 int irq, unsigned int irq_flags)
 {
@@ -942,6 +949,7 @@ static int bcm2835_dma_probe(struct plat
od->ddev.device_prep_dma_memcpy = bcm2835_dma_prep_dma_memcpy;
od->ddev.device_config = bcm2835_dma_slave_config;
od->ddev.device_terminate_all = bcm2835_dma_terminate_all;
+   od->ddev.device_synchronize = bcm2835_dma_synchronize;
od->ddev.src_addr_widths = BIT(DMA_SLAVE_BUSWIDTH_4_BYTES);
od->ddev.dst_addr_widths = BIT(DMA_SLAVE_BUSWIDTH_4_BYTES);
od->ddev.directions = BIT(DMA_DEV_TO_MEM) | BIT(DMA_MEM_TO_DEV) |

[PATCH 4.15 001/128] x86: Treat R_X86_64_PLT32 as R_X86_64_PC32

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: H.J. Lu 

commit b21ebf2fb4cde1618915a97cc773e287ff49173e upstream.

On i386, there are 2 types of PLTs, PIC and non-PIC.  PIE and shared
objects must use PIC PLT.  To use PIC PLT, you need to load
_GLOBAL_OFFSET_TABLE_ into EBX first.  There is no need for that on
x86-64 since x86-64 uses PC-relative PLT.

On x86-64, for 32-bit PC-relative branches, we can generate PLT32
relocation, instead of PC32 relocation, which can also be used as
a marker for 32-bit PC-relative branches.  Linker can always reduce
PLT32 relocation to PC32 if function is defined locally.   Local
functions should use PC32 relocation.  As far as Linux kernel is
concerned, R_X86_64_PLT32 can be treated the same as R_X86_64_PC32
since Linux kernel doesn't use PLT.

R_X86_64_PLT32 for 32-bit PC-relative branches has been enabled in
binutils master branch which will become binutils 2.31.

[ hjl is working on having better documentation on this all, but a few
  more notes from him:

   "PLT32 relocation is used as marker for PC-relative branches. Because
of EBX, it looks odd to generate PLT32 relocation on i386 when EBX
doesn't have GOT.

As for symbol resolution, PLT32 and PC32 relocations are almost
interchangeable. But when linker sees PLT32 relocation against a
protected symbol, it can resolved locally at link-time since it is
used on a branch instruction. Linker can't do that for PC32
relocation"

  but for the kernel use, the two are basically the same, and this
  commit gets things building and working with the current binutils
  master   - Linus ]

Signed-off-by: H.J. Lu 
Signed-off-by: Linus Torvalds 
Cc: Matthias Kaehlcke 
Signed-off-by: Greg Kroah-Hartman 

---
 arch/x86/kernel/machine_kexec_64.c |1 +
 arch/x86/kernel/module.c   |1 +
 arch/x86/tools/relocs.c|3 +++
 3 files changed, 5 insertions(+)

--- a/arch/x86/kernel/machine_kexec_64.c
+++ b/arch/x86/kernel/machine_kexec_64.c
@@ -542,6 +542,7 @@ int arch_kexec_apply_relocations_add(con
goto overflow;
break;
case R_X86_64_PC32:
+   case R_X86_64_PLT32:
value -= (u64)address;
*(u32 *)location = value;
break;
--- a/arch/x86/kernel/module.c
+++ b/arch/x86/kernel/module.c
@@ -191,6 +191,7 @@ int apply_relocate_add(Elf64_Shdr *sechd
goto overflow;
break;
case R_X86_64_PC32:
+   case R_X86_64_PLT32:
if (*(u32 *)loc != 0)
goto invalid_relocation;
val -= (u64)loc;
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
@@ -770,9 +770,12 @@ static int do_reloc64(struct section *se
break;
 
case R_X86_64_PC32:
+   case R_X86_64_PLT32:
/*
 * PC relative relocations don't need to be adjusted unless
 * referencing a percpu symbol.
+*
+* NB: R_X86_64_PLT32 can be treated as R_X86_64_PC32.
 */
if (is_percpu_sym(sym, symname))
add_reloc(, offset);

[PATCH 4.14 063/109] cpufreq: Fix governor module removal race

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: "Rafael J. Wysocki" 


[ Upstream commit a8b149d32b663c1a4105273295184b78f53d33cf ]

It is possible to remove a cpufreq governor module after
cpufreq_parse_governor() has returned success in
store_scaling_governor() and before cpufreq_set_policy()
acquires a reference to it, because the governor list is
not protected during that period and nothing prevents the
governor from being unregistered then.

Prevent that from happening by acquiring an extra reference
to the governor module temporarily in cpufreq_parse_governor(),
under cpufreq_governor_mutex, and dropping it in
store_scaling_governor(), when cpufreq_set_policy() returns.

Note that the second cpufreq_parse_governor() call site is fine,
because it only cares about the policy member of new_policy.

Signed-off-by: Rafael J. Wysocki 
Acked-by: Viresh Kumar 
Signed-off-by: Rafael J. Wysocki 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/cpufreq/cpufreq.c |6 ++
 1 file changed, 6 insertions(+)

--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
@@ -631,6 +631,8 @@ static int cpufreq_parse_governor(char *
*governor = t;
err = 0;
}
+   if (t && !try_module_get(t->owner))
+   t = NULL;
 
mutex_unlock(_governor_mutex);
}
@@ -759,6 +761,10 @@ static ssize_t store_scaling_governor(st
return -EINVAL;
 
ret = cpufreq_set_policy(policy, _policy);
+
+   if (new_policy.governor)
+   module_put(new_policy.governor->owner);
+
return ret ? ret : count;
 }

[PATCH 4.14 108/109] dmaengine: qcom_hidma: check pending interrupts

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Sinan Kaya 


[ Upstream commit 38680bc6b1e3592bc9e18adc1d6e259667df27ce ]

Driver is missing the interrupts if two requests are queued up at the same
time as the interrupt handler is servicing a request that was just
delivered.

The ISR clears the interrupt at the end but it could be clearing the
interrupt for an outstanding event. Therefore, second interrupt never
arrives.

Clear the interrupt first and then check for completions.

Also, make sure that request start and interrupt clear do not overlap in
time by using a spinlock.

Signed-off-by: Sinan Kaya 
Signed-off-by: Vinod Koul 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/dma/qcom/hidma_ll.c |9 ++---
 1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/dma/qcom/hidma_ll.c
+++ b/drivers/dma/qcom/hidma_ll.c
@@ -393,6 +393,8 @@ static int hidma_ll_reset(struct hidma_l
  */
 static void hidma_ll_int_handler_internal(struct hidma_lldev *lldev, int cause)
 {
+   unsigned long irqflags;
+
if (cause & HIDMA_ERR_INT_MASK) {
dev_err(lldev->dev, "error 0x%x, disabling...\n",
cause);
@@ -410,6 +412,10 @@ static void hidma_ll_int_handler_interna
return;
}
 
+   spin_lock_irqsave(>lock, irqflags);
+   writel_relaxed(cause, lldev->evca + HIDMA_EVCA_IRQ_CLR_REG);
+   spin_unlock_irqrestore(>lock, irqflags);
+
/*
 * Fine tuned for this HW...
 *
@@ -421,9 +427,6 @@ static void hidma_ll_int_handler_interna
 * Try to consume as many EVREs as possible.
 */
hidma_handle_tre_completion(lldev);
-
-   /* We consumed TREs or there are pending TREs or EVREs. */
-   writel_relaxed(cause, lldev->evca + HIDMA_EVCA_IRQ_CLR_REG);
 }
 
 irqreturn_t hidma_ll_inthandler(int chirq, void *arg)

[PATCH 4.15 012/128] staging: comedi: fix comedi_nsamples_left.

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Frank Mori Hess 

commit a42ae5905140c324362fe5036ae1dbb16e4d359c upstream.

A rounding error was causing comedi_nsamples_left to
return the wrong value when nsamples was not a multiple
of the scan length.

Cc:  # v4.4+
Signed-off-by: Frank Mori Hess 
Reviewed-by: Ian Abbott 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/staging/comedi/drivers.c |3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- a/drivers/staging/comedi/drivers.c
+++ b/drivers/staging/comedi/drivers.c
@@ -484,8 +484,7 @@ unsigned int comedi_nsamples_left(struct
struct comedi_cmd *cmd = >cmd;
 
if (cmd->stop_src == TRIG_COUNT) {
-   unsigned int nscans = nsamples / cmd->scan_end_arg;
-   unsigned int scans_left = __comedi_nscans_left(s, nscans);
+   unsigned int scans_left = __comedi_nscans_left(s, 
cmd->stop_arg);
unsigned int scan_pos =
comedi_bytes_to_samples(s, async->scan_progress);
unsigned long long samples_left = 0;

[PATCH 4.15 017/128] usb: quirks: add control message delay for 1b1c:1b20

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Danilo Krummrich 

commit cb88a0588717ba6c756cb5972d75766b273a6817 upstream.

Corsair Strafe RGB keyboard does not respond to usb control messages
sometimes and hence generates timeouts.

Commit de3af5bf259d ("usb: quirks: add delay init quirk for Corsair
Strafe RGB keyboard") tried to fix those timeouts by adding
USB_QUIRK_DELAY_INIT.

Unfortunately, even with this quirk timeouts of usb_control_msg()
can still be seen, but with a lower frequency (approx. 1 out of 15):

[   29.103520] usb 1-8: string descriptor 0 read error: -110
[   34.363097] usb 1-8: can't set config #1, error -110

Adding further delays to different locations where usb control
messages are issued just moves the timeouts to other locations,
e.g.:

[   35.400533] usbhid 1-8:1.0: can't add hid device: -110
[   35.401014] usbhid: probe of 1-8:1.0 failed with error -110

The only way to reliably avoid those issues is having a pause after
each usb control message. In approx. 200 boot cycles no more timeouts
were seen.

Addionaly, keep USB_QUIRK_DELAY_INIT as it turned out to be necessary
to have the delay in hub_port_connect() after hub_port_init().

The overall boot time seems not to be influenced by these additional
delays, even on fast machines and lightweight distributions.

Fixes: de3af5bf259d ("usb: quirks: add delay init quirk for Corsair Strafe RGB 
keyboard")
Cc: sta...@vger.kernel.org
Signed-off-by: Danilo Krummrich 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/usb/core/message.c |4 
 drivers/usb/core/quirks.c  |3 ++-
 include/linux/usb/quirks.h |3 +++
 3 files changed, 9 insertions(+), 1 deletion(-)

--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -150,6 +150,10 @@ int usb_control_msg(struct usb_device *d
 
ret = usb_internal_control_msg(dev, pipe, dr, data, size, timeout);
 
+   /* Linger a bit, prior to the next control message. */
+   if (dev->quirks & USB_QUIRK_DELAY_CTRL_MSG)
+   msleep(200);
+
kfree(dr);
 
return ret;
--- a/drivers/usb/core/quirks.c
+++ b/drivers/usb/core/quirks.c
@@ -230,7 +230,8 @@ static const struct usb_device_id usb_qu
{ USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT },
 
/* Corsair Strafe RGB */
-   { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT },
+   { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT |
+ USB_QUIRK_DELAY_CTRL_MSG },
 
/* Corsair K70 LUX */
{ USB_DEVICE(0x1b1c, 0x1b36), .driver_info = USB_QUIRK_DELAY_INIT },
--- a/include/linux/usb/quirks.h
+++ b/include/linux/usb/quirks.h
@@ -63,4 +63,7 @@
  */
 #define USB_QUIRK_DISCONNECT_SUSPEND   BIT(12)
 
+/* Device needs a pause after every control message. */
+#define USB_QUIRK_DELAY_CTRL_MSG   BIT(13)
+
 #endif /* __LINUX_USB_QUIRKS_H */

[PATCH 4.15 022/128] serial: core: mark port as initialized in autoconfig

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Sebastian Andrzej Siewior 

commit 714569064adee3c114a2a6490735b94abe269068 upstream.

This is a followup on 44117a1d1732 ("serial: core: mark port as
initialized after successful IRQ change").
Nikola has been using autoconfig via setserial and reported a crash
similar to what I fixed in the earlier mentioned commit. Here I do the
same fixup for the autoconfig. I wasn't sure that this is the right
approach. Nikola confirmed that it fixes his crash.

Fixes: b3b576461864 ("tty: serial_core: convert uart_open to use tty_port_open")
Link: http://lkml.kernel.org/r/20180131072000.GD1853@localhost.localdomain
Reported-by: Nikola Ciprich 
Tested-by: Nikola Ciprich 
Cc: 
Signed-off-by: Sebastian Andrzej Siewior 
Tested-by: Nikola Ciprich 
Acked-by: Johan Hovold 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/tty/serial/serial_core.c |2 ++
 1 file changed, 2 insertions(+)

--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -1144,6 +1144,8 @@ static int uart_do_autoconfig(struct tty
uport->ops->config_port(uport, flags);
 
ret = uart_startup(tty, state, 1);
+   if (ret == 0)
+   tty_port_set_initialized(port, true);
if (ret > 0)
ret = 0;
}

[PATCH 4.15 013/128] staging: android: ashmem: Fix lockdep issue during llseek

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Joel Fernandes 

commit cb57469c9573f6018cd1302953dd45d6e05aba7b upstream.

ashmem_mutex create a chain of dependencies like so:

(1)
mmap syscall ->
  mmap_sem ->  (acquired)
  ashmem_mmap
  ashmem_mutex (try to acquire)
  (block)

(2)
llseek syscall ->
  ashmem_llseek ->
  ashmem_mutex ->  (acquired)
  inode_lock ->
  inode->i_rwsem (try to acquire)
  (block)

(3)
getdents ->
  iterate_dir ->
  inode_lock ->
  inode->i_rwsem   (acquired)
  copy_to_user ->
  mmap_sem (try to acquire)

There is a lock ordering created between mmap_sem and inode->i_rwsem
causing a lockdep splat [2] during a syzcaller test, this patch fixes
the issue by unlocking the mutex earlier. Functionally that's Ok since
we don't need to protect vfs_llseek.

[1] https://patchwork.kernel.org/patch/10185031/
[2] https://lkml.org/lkml/2018/1/10/48

Acked-by: Todd Kjos 
Cc: Arve Hjonnevag 
Cc: sta...@vger.kernel.org
Reported-by: syzbot+8ec30bb7bf1a981a2...@syzkaller.appspotmail.com
Signed-off-by: Joel Fernandes 
Acked-by: Greg Hackmann 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/staging/android/ashmem.c |   15 +++
 1 file changed, 7 insertions(+), 8 deletions(-)

--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -334,24 +334,23 @@ static loff_t ashmem_llseek(struct file
mutex_lock(_mutex);
 
if (asma->size == 0) {
-   ret = -EINVAL;
-   goto out;
+   mutex_unlock(_mutex);
+   return -EINVAL;
}
 
if (!asma->file) {
-   ret = -EBADF;
-   goto out;
+   mutex_unlock(_mutex);
+   return -EBADF;
}
 
+   mutex_unlock(_mutex);
+
ret = vfs_llseek(asma->file, offset, origin);
if (ret < 0)
-   goto out;
+   return ret;
 
/** Copy f_pos from backing file, since f_ops->llseek() sets it */
file->f_pos = asma->file->f_pos;
-
-out:
-   mutex_unlock(_mutex);
return ret;
 }

[PATCH 4.15 024/128] dm mpath: fix passing integrity data

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Steffen Maier 

commit 8c5c147339d2e201108169327b1f99aa6d57d2cd upstream.

After v4.12 commit e2460f2a4bc7 ("dm: mark targets that pass integrity
data"), dm-multipath, e.g. on DIF+DIX SCSI disk paths, does not support
block integrity any more. So add it to the whitelist.

This is also a pre-requisite to use block integrity with other dm layer(s)
on top of multipath, such as kpartx partitions (dm-linear) or LVM.

Also, bump target version to reflect this fix.

Fixes: e2460f2a4bc7 ("dm: mark targets that pass integrity data")
Cc:  #4.12+
Bisected-by: Fedor Loshakov 
Signed-off-by: Steffen Maier 
Reviewed-by: Hannes Reinecke 
Reviewed-by: Martin K. Petersen 
Signed-off-by: Mike Snitzer 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/md/dm-mpath.c |5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/drivers/md/dm-mpath.c
+++ b/drivers/md/dm-mpath.c
@@ -1968,8 +1968,9 @@ static int multipath_busy(struct dm_targ
  *---*/
 static struct target_type multipath_target = {
.name = "multipath",
-   .version = {1, 12, 0},
-   .features = DM_TARGET_SINGLETON | DM_TARGET_IMMUTABLE,
+   .version = {1, 13, 0},
+   .features = DM_TARGET_SINGLETON | DM_TARGET_IMMUTABLE |
+   DM_TARGET_PASSES_INTEGRITY,
.module = THIS_MODULE,
.ctr = multipath_ctr,
.dtr = multipath_dtr,

[PATCH 4.15 015/128] USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Teijo Kinnunen 

commit 5126a504b63d82785eaece3a9c30c660b313785a upstream.

This USB-SATA controller seems to be similar with JMicron bridge
152d:2566 already on the list. Adding it here fixes "Invalid
field in cdb" errors.

Signed-off-by: Teijo Kinnunen 
Cc: sta...@vger.kernel.org
Acked-by: Alan Stern 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/usb/storage/unusual_devs.h |7 +++
 1 file changed, 7 insertions(+)

--- a/drivers/usb/storage/unusual_devs.h
+++ b/drivers/usb/storage/unusual_devs.h
@@ -2124,6 +2124,13 @@ UNUSUAL_DEV(  0x152d, 0x2566, 0x0114, 0x
USB_SC_DEVICE, USB_PR_DEVICE, NULL,
US_FL_BROKEN_FUA ),
 
+/* Reported by Teijo Kinnunen  */
+UNUSUAL_DEV(  0x152d, 0x2567, 0x0117, 0x0117,
+   "JMicron",
+   "USB to ATA/ATAPI Bridge",
+   USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+   US_FL_BROKEN_FUA ),
+
 /* Reported-by George Cherian  */
 UNUSUAL_DEV(0x152d, 0x9561, 0x, 0x,
"JMicron",

[PATCH 4.15 025/128] [PATCH] Revert "btrfs: use proper endianness accessors for super_copy"

4.15-stable review patch.  If anyone has any objections, please let me know.

--

This reverts commit 3c181c12c431fe33b669410d663beb9cceefcd1b as it
causes breakage on big endian systems with btrfs images.

Reported-by: Christoph Biedl 
Cc: Anand Jain 
Cc: Liu Bo 
Cc: David Sterba 
Signed-off-by: Greg Kroah-Hartman 
---
 fs/btrfs/sysfs.c   |8 +---
 fs/btrfs/transaction.c |   20 
 2 files changed, 13 insertions(+), 15 deletions(-)

--- a/fs/btrfs/sysfs.c
+++ b/fs/btrfs/sysfs.c
@@ -423,7 +423,7 @@ static ssize_t btrfs_nodesize_show(struc
 {
struct btrfs_fs_info *fs_info = to_fs_info(kobj);
 
-   return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->nodesize);
+   return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->super_copy->nodesize);
 }
 
 BTRFS_ATTR(, nodesize, btrfs_nodesize_show);
@@ -433,7 +433,8 @@ static ssize_t btrfs_sectorsize_show(str
 {
struct btrfs_fs_info *fs_info = to_fs_info(kobj);
 
-   return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->sectorsize);
+   return snprintf(buf, PAGE_SIZE, "%u\n",
+   fs_info->super_copy->sectorsize);
 }
 
 BTRFS_ATTR(, sectorsize, btrfs_sectorsize_show);
@@ -443,7 +444,8 @@ static ssize_t btrfs_clone_alignment_sho
 {
struct btrfs_fs_info *fs_info = to_fs_info(kobj);
 
-   return snprintf(buf, PAGE_SIZE, "%u\n", fs_info->sectorsize);
+   return snprintf(buf, PAGE_SIZE, "%u\n",
+   fs_info->super_copy->sectorsize);
 }
 
 BTRFS_ATTR(, clone_alignment, btrfs_clone_alignment_show);
--- a/fs/btrfs/transaction.c
+++ b/fs/btrfs/transaction.c
@@ -1723,23 +1723,19 @@ static void update_super_roots(struct bt
 
super = fs_info->super_copy;
 
-   /* update latest btrfs_super_block::chunk_root refs */
root_item = _info->chunk_root->root_item;
-   btrfs_set_super_chunk_root(super, root_item->bytenr);
-   btrfs_set_super_chunk_root_generation(super, root_item->generation);
-   btrfs_set_super_chunk_root_level(super, root_item->level);
+   super->chunk_root = root_item->bytenr;
+   super->chunk_root_generation = root_item->generation;
+   super->chunk_root_level = root_item->level;
 
-   /* update latest btrfs_super_block::root refs */
root_item = _info->tree_root->root_item;
-   btrfs_set_super_root(super, root_item->bytenr);
-   btrfs_set_super_generation(super, root_item->generation);
-   btrfs_set_super_root_level(super, root_item->level);
-
+   super->root = root_item->bytenr;
+   super->generation = root_item->generation;
+   super->root_level = root_item->level;
if (btrfs_test_opt(fs_info, SPACE_CACHE))
-   btrfs_set_super_cache_generation(super, root_item->generation);
+   super->cache_generation = root_item->generation;
if (test_bit(BTRFS_FS_UPDATE_UUID_TREE_GEN, _info->flags))
-   btrfs_set_super_uuid_tree_generation(super,
-root_item->generation);
+   super->uuid_tree_generation = root_item->generation;
 }
 
 int btrfs_transaction_in_commit(struct btrfs_fs_info *info)

[PATCH 4.15 122/128] ipvlan: add L2 check for packets arriving via virtual devices

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Mahesh Bandewar 


[ Upstream commit 92ff42645028fa6f9b8aa767718457b9264316b4 ]

Packets that don't have dest mac as the mac of the master device should
not be entertained by the IPvlan rx-handler. This is mostly true as the
packet path mostly takes care of that, except when the master device is
a virtual device. As demonstrated in the following case -

  ip netns add ns1
  ip link add ve1 type veth peer name ve2
  ip link add link ve2 name iv1 type ipvlan mode l2
  ip link set dev iv1 netns ns1
  ip link set ve1 up
  ip link set ve2 up
  ip -n ns1 link set iv1 up
  ip addr add 192.168.10.1/24 dev ve1
  ip -n ns1 addr 192.168.10.2/24 dev iv1
  ping -c2 192.168.10.2
  
  ip neigh show dev ve1
  ip neigh show 192.168.10.2 lladdr  dev ve1
  ping -c2 192.168.10.2
  

This patch adds that missing check in the IPvlan rx-handler.

Reported-by: Amit Sikka 
Signed-off-by: Mahesh Bandewar 
Signed-off-by: David S. Miller 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/net/ipvlan/ipvlan_core.c |4 
 1 file changed, 4 insertions(+)

--- a/drivers/net/ipvlan/ipvlan_core.c
+++ b/drivers/net/ipvlan/ipvlan_core.c
@@ -322,6 +322,10 @@ static int ipvlan_rcv_frame(struct ipvl_
if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
success = true;
} else {
+   if (!ether_addr_equal_64bits(eth_hdr(skb)->h_dest,
+ipvlan->phy_dev->dev_addr))
+   skb->pkt_type = PACKET_OTHERHOST;
+
ret = RX_HANDLER_ANOTHER;
success = true;
}

[PATCH 4.15 120/128] mmc: mmc_test: Ensure command queue is disabled for testing

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Adrian Hunter 


[ Upstream commit 23a185254ace8e63dc4ca36e0315aed9440ae749 ]

mmc_test disables the command queue because none of the tests use the
command queue. However the Reset Test will re-enable it, so disable it in
that case too.

Fixes: 9d4579a85c84 ("mmc: mmc_test: Disable Command Queue while mmc_test is 
used")
Signed-off-by: Adrian Hunter 
Signed-off-by: Ulf Hansson 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/mmc/core/mmc_test.c |   11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- a/drivers/mmc/core/mmc_test.c
+++ b/drivers/mmc/core/mmc_test.c
@@ -2328,10 +2328,17 @@ static int mmc_test_reset(struct mmc_tes
int err;
 
err = mmc_hw_reset(host);
-   if (!err)
+   if (!err) {
+   /*
+* Reset will re-enable the card's command queue, but tests
+* expect it to be disabled.
+*/
+   if (card->ext_csd.cmdq_en)
+   mmc_cmdq_disable(card);
return RESULT_OK;
-   else if (err == -EOPNOTSUPP)
+   } else if (err == -EOPNOTSUPP) {
return RESULT_UNSUP_HOST;
+   }
 
return RESULT_FAIL;
 }

[PATCH 4.15 121/128] Fix misannotated out-of-line _copy_to_user()

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Christophe Leroy 


[ Upstream commit a0e94598e6b6c0d1df6a5fa14eb7c767ca817a20 ]

Destination is a kernel pointer and source - a userland one
in _copy_from_user(); _copy_to_user() is the other way round.

Fixes: d597580d37377 ("generic ...copy_..._user primitives")
Signed-off-by: Christophe Leroy 
Signed-off-by: Al Viro 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 lib/usercopy.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/lib/usercopy.c
+++ b/lib/usercopy.c
@@ -20,7 +20,7 @@ EXPORT_SYMBOL(_copy_from_user);
 #endif
 
 #ifndef INLINE_COPY_TO_USER
-unsigned long _copy_to_user(void *to, const void __user *from, unsigned long n)
+unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n)
 {
might_fault();
if (likely(access_ok(VERIFY_WRITE, to, n))) {

[PATCH 4.15 123/128] rcutorture/configinit: Fix build directory error message

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: SeongJae Park 


[ Upstream commit 2adfa4210f8f35cdfb4e08318cc06b99752964c2 ]

The 'configinit.sh' script checks the format of optional argument for the
build directory, printing an error message if the format is not valid.
However, the error message uses the wrong variable, indicating an empty
string even though the user entered a non-empty (but erroneous) string.
This commit fixes the script to use the correct variable.

Fixes: c87b9c601ac8 ("rcutorture: Add KVM-based test framework")

Signed-off-by: SeongJae Park 
Signed-off-by: Paul E. McKenney 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 tools/testing/selftests/rcutorture/bin/configinit.sh |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/tools/testing/selftests/rcutorture/bin/configinit.sh
+++ b/tools/testing/selftests/rcutorture/bin/configinit.sh
@@ -51,7 +51,7 @@ then
mkdir $builddir
fi
else
-   echo Bad build directory: \"$builddir\"
+   echo Bad build directory: \"$buildloc\"
exit 2
fi
 fi

[PATCH 4.15 114/128] arm64: dts: renesas: salvator-common: Add EthernetAVB PHY reset

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Geert Uytterhoeven 


[ Upstream commit f5bbcd533a9d1af97b8a0862a421bb8455f1bf6d ]

Describe the GPIO used to reset the Ethernet PHY for EthernetAVB.
This allows the driver to reset the PHY during probe and after system
resume.

This fixes Ethernet operation after resume from s2ram on Salvator-XS,
where the enable pin of the regulator providing PHY power is connected
to PRESETn, and PSCI powers down the SoC during system suspend.

On Salvator-X, the enable pin is always pulled high, but the driver may
still need to reset the PHY if this wasn't done by the bootloader
before.

Inspired by patches in the BSP for the individual Salvator-X/XS boards
by Kazuya Mizuguchi.

Signed-off-by: Geert Uytterhoeven 
Signed-off-by: Simon Horman 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 arch/arm64/boot/dts/renesas/salvator-common.dtsi |1 +
 1 file changed, 1 insertion(+)

--- a/arch/arm64/boot/dts/renesas/salvator-common.dtsi
+++ b/arch/arm64/boot/dts/renesas/salvator-common.dtsi
@@ -263,6 +263,7 @@
reg = <0>;
interrupt-parent = <>;
interrupts = <11 IRQ_TYPE_LEVEL_LOW>;
+   reset-gpios = < 10 GPIO_ACTIVE_LOW>;
};
 };

[PATCH 2/2] fpga: lattice machxo2: Add Lattice MachXO2 support

2018-03-16 Thread Paolo Pisati

This patch adds support to the FPGA manager for programming
MachXO2 device’s internal flash memory, via slave SPI.

Signed-off-by: Paolo Pisati 
---
 drivers/fpga/Kconfig   |   8 +
 drivers/fpga/Makefile  |   1 +
 drivers/fpga/machxo2-spi.c | 410 +
 3 files changed, 419 insertions(+)
 create mode 100644 drivers/fpga/machxo2-spi.c

diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig
index ad5448f..65ccbc5 100644
--- a/drivers/fpga/Kconfig
+++ b/drivers/fpga/Kconfig
@@ -38,6 +38,14 @@ config FPGA_MGR_ALTERA_PS_SPI
  FPGA manager driver support for Altera Arria/Cyclone/Stratix
  using the passive serial interface over SPI.
 
+config FPGA_MGR_MACHXO2_SPI
+   tristate "Lattice MachXO2 SPI"
+   depends on SPI
+   help
+ FPGA manager driver support for Lattice MachXO2 configuration
+ over slave SPI interface.
+
+
 config FPGA_MGR_SOCFPGA
tristate "Altera SOCFPGA FPGA Manager"
depends on ARCH_SOCFPGA || COMPILE_TEST
diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile
index f98dcf1..38abb08 100644
--- a/drivers/fpga/Makefile
+++ b/drivers/fpga/Makefile
@@ -10,6 +10,7 @@ obj-$(CONFIG_FPGA)+= fpga-mgr.o
 obj-$(CONFIG_FPGA_MGR_ALTERA_CVP)  += altera-cvp.o
 obj-$(CONFIG_FPGA_MGR_ALTERA_PS_SPI)   += altera-ps-spi.o
 obj-$(CONFIG_FPGA_MGR_ICE40_SPI)   += ice40-spi.o
+obj-$(CONFIG_FPGA_MGR_MACHXO2_SPI) += machxo2-spi.o
 obj-$(CONFIG_FPGA_MGR_SOCFPGA) += socfpga.o
 obj-$(CONFIG_FPGA_MGR_SOCFPGA_A10) += socfpga-a10.o
 obj-$(CONFIG_FPGA_MGR_TS73XX)  += ts73xx-fpga.o
diff --git a/drivers/fpga/machxo2-spi.c b/drivers/fpga/machxo2-spi.c
new file mode 100644
index 000..3c7fc3e
--- /dev/null
+++ b/drivers/fpga/machxo2-spi.c
@@ -0,0 +1,410 @@
+/**
+ * Lattice MachXO2 Slave SPI Driver
+ *
+ * Copyright (C) 2018 Paolo Pisati 
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * Manage Lattice FPGA firmware that is loaded over SPI using
+ * the slave serial configuration interface.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+//#define MACHXO2_DEBUG
+
+/* MachXO2 Programming Guide - sysCONFIG Programming Commands */
+#define IDCODE_PUB {0xe0, 0x00, 0x00, 0x00}
+#define ISC_ENABLE {0xc6, 0x08, 0x00, 0x00}
+#define ISC_ERASE  {0x0e, 0x04, 0x00, 0x00}
+#define ISC_PROGRAMDONE{0x5e, 0x00, 0x00, 0x00}
+#define LSC_INITADDRESS{0x46, 0x00, 0x00, 0x00}
+#define LSC_PROGINCRNV {0x70, 0x00, 0x00, 0x01}
+#define LSC_READ_STATUS{0x3c, 0x00, 0x00, 0x00}
+#define LSC_REFRESH{0x79, 0x00, 0x00, 0x00}
+
+/*
+ * Max CCLK in Slave SPI mode according to 'MachXO2 Family Data
+ * Sheet' sysCONFIG Port Timing Specifications (3-36)
+ */
+#define MACHXO2_MAX_SPEED  6600
+
+#define MACHXO2_LOW_DELAY  5   /* us */
+#define MACHXO2_HIGH_DELAY 200 /* us */
+#define MACHXO2_REFRESH4800/* us */
+#define MACHXO2_MAX_BUSY_LOOP  128
+#define MACHXO2_MAX_REFRESH_LOOP   16
+
+#define MACHXO2_PAGE_SIZE  16
+#define MACHXO2_BUF_SIZE   (MACHXO2_PAGE_SIZE + 4)
+
+/* Status register bits, errors and error mask */
+#define BUSY   12
+#define DONE   8
+#define DVER   27
+#define ENAB   9
+#define ERRBITS23
+#define ERRMASK7
+#define FAIL   13
+
+#define ENOERR 0 /* no error */
+#define EID1
+#define ECMD   2
+#defineECRC3
+#define EPREAM 4 /* preamble error */
+#define EABRT  5 /* abort error */
+#define EOVERFL 6 /* overflow error */
+#define ESDMEOF 7 /* SDM EOF */
+
+static inline u8 get_err(unsigned long *status)
+{
+   return (*status >> ERRBITS) & ERRMASK;
+}
+
+static int get_status(struct spi_device *spi, unsigned long *status)
+{
+   struct spi_message msg;
+   struct spi_transfer rx, tx;
+   u8 cmd[] = LSC_READ_STATUS;
+   int ret;
+
+   memset(, 0, sizeof(rx));
+   memset(, 0, sizeof(tx));
+   tx.tx_buf = cmd;
+   tx.len = sizeof(cmd);
+   rx.rx_buf = status;
+   rx.len = 4;
+   spi_message_init();
+   spi_message_add_tail(, );
+   spi_message_add_tail(, );
+   ret = spi_sync(spi, );
+   if (ret)
+   return ret;
+
+   *status = be32_to_cpu(*status);
+   return 0;
+}
+
+#ifdef MACHXO2_DEBUG
+static void dump_status_reg(unsigned long *status)
+{
+   char *ferr;
+
+   switch (get_err(status)) {
+   case ENOERR:
+   ferr = "No Error";
+   break;
+   case EID:
+   ferr = "ID ERR";

[PATCH 0/2 v6] Lattice MachXO2 Slave SPI FPGA Manager support

2018-03-16 Thread Paolo Pisati

Hi all,
this series adds support for the Lattice MachXO2 FPGA chip, programmed
over Slave SPI.

Tested on a raspberry pi3, beaglebone black (little endian mode) and imx6
hummingboard (big endian mode) + bugblat's pif2 fpga hat (machxo2 7000HC) or
tinyfpga A1/A2 (machxo2 256HC / 1200HC), in SPI slave mode with varying bus
speed.

Changes since v5:
* fixed all the endianess issues
* introduced a cleanup() path invoked in case of flash failure
* moved back machxo2_write() to use a spi_sync() transaction per line write
  (in v5 i queued all the spi_write()s and executed a single spi_sync() at the
  end, but that, sometimes, resulted in the REFRESH command to fail with a
  CMD_ERR, depending on the SPI bus speed)


Paolo Pisati (2):
  dt: bindings: fpga: add lattice machxo2 slave spi binding description
  fpga: lattice machxo2: Add Lattice MachXO2 support

 .../bindings/fpga/lattice-machxo2-spi.txt  |  29 ++
 drivers/fpga/Kconfig   |   8 +
 drivers/fpga/Makefile  |   1 +
 drivers/fpga/machxo2-spi.c | 410 +
 4 files changed, 448 insertions(+)
 create mode 100644 
Documentation/devicetree/bindings/fpga/lattice-machxo2-spi.txt
 create mode 100644 drivers/fpga/machxo2-spi.c

-- 
2.7.4

[PATCH 1/2] dt: bindings: fpga: add lattice machxo2 slave spi binding description

2018-03-16 Thread Paolo Pisati

Add dt binding documentation details for Lattice MachXO2 FPGA configuration
over Slave SPI interface.

Signed-off-by: Paolo Pisati 
Acked-by: Rob Herring 
---
 .../bindings/fpga/lattice-machxo2-spi.txt  | 29 ++
 1 file changed, 29 insertions(+)
 create mode 100644 
Documentation/devicetree/bindings/fpga/lattice-machxo2-spi.txt

diff --git a/Documentation/devicetree/bindings/fpga/lattice-machxo2-spi.txt 
b/Documentation/devicetree/bindings/fpga/lattice-machxo2-spi.txt
new file mode 100644
index 000..a8c362e
--- /dev/null
+++ b/Documentation/devicetree/bindings/fpga/lattice-machxo2-spi.txt
@@ -0,0 +1,29 @@
+Lattice MachXO2 Slave SPI FPGA Manager
+
+Lattice MachXO2 FPGAs support a method of loading the bitstream over
+'slave SPI' interface.
+
+See 'MachXO2ProgrammingandConfigurationUsageGuide.pdf' on www.latticesemi.com
+
+Required properties:
+- compatible: should contain "lattice,machxo2-slave-spi"
+- reg: spi chip select of the FPGA
+
+Example for full FPGA configuration:
+
+   fpga-region0 {
+   compatible = "fpga-region";
+   fpga-mgr = <_mgr_spi>;
+   #address-cells = <0x1>;
+   #size-cells = <0x1>;
+   };
+
+   spi1: spi@2000 {
+...
+
+   fpga_mgr_spi: fpga-mgr@0 {
+   compatible = "lattice,machxo2-slave-spi";
+   spi-max-frequency = <800>;
+   reg = <0>;
+   };
+   };
-- 
2.7.4

Re: [PATCH] libata: blacklist Micron 500IT SSD with MU01 firmware

2018-03-16 Thread Martin K. Petersen


Sudip,

> While whitelisting Micron M500DC drives, the tweaked blacklist entry
> enabled queued TRIM from M500IT variants also. But these do not support
> queued TRIM. And while using those SSDs with the latest kernel we have
> seen errors and even the partition table getting corrupted.

> + { "Micron_M500IT_*","MU01", ATA_HORKAGE_NO_NCQ_TRIM |
> + ATA_HORKAGE_ZERO_AFTER_TRIM, },

Any reason to believe this deficiency is limited to MU01 firmware?

-- 
Martin K. Petersen  Oracle Linux Engineering

Re: [PATCH] dcache: remove trailing whitespace

2018-03-16 Thread Al Viro

On Fri, Mar 16, 2018 at 03:34:00PM +0100, Niklas Cassel wrote:
> Remove trailing whitespace.
> Remove empty line and trailing whitespace after function comments.
> Remove an extra space in one of the comments.
> Fix a typo in of the comments.
> 
> Signed-off-by: Niklas Cassel 
> ---
> I know that these type of patches are not really appreciated,
> however, there is enough trailing whitespace in this file to
> distract me from reading the real code.

No, they are not, and here's why:

Applying: dcache: remove trailing whitespace
error: patch failed: fs/dcache.c:254
error: fs/dcache.c: patch does not apply
Patch failed at 0001 dcache: remove trailing whitespace

... which, BTW, happens in *all* branches.  If you do that kind
of stuff, at least do it against something in the public trees
and _tell_ _what_ _it_ _is_ _against_.

Or send a sed script for doing that[1] - even Linus takes those
for search-and-replace stuff.

[1] sed -i -e 's/[[:space:]]*$//' fs/dcache.c
or, if you are not sending to Linus,
ed fs/dcache.c <<'EOF'
%s/[[:space:]]*$//
wq
EOF

Not applied.  Please, do it sanely.  BTW, which editor is _that_
annoying?  Anything that shoves trailing whitespace in my face
would've been either configured (with considerable cursing at
the people who'd set such defaults) or, should that prove
impossible, given a boot...

RE: [PATCH] storvsc: Set up correct queue depth values for IDE devices

2018-03-16 Thread Michael Kelley (EOSG)

> -Original Message-
> From: linux-kernel-ow...@vger.kernel.org  
> On Behalf
> Of Long Li
> Sent: Thursday, March 15, 2018 4:52 PM
> To: KY Srinivasan ; Haiyang Zhang 
> ; Stephen
> Hemminger ; James E . J . Bottomley 
> ;
> Martin K . Petersen ; 
> de...@linuxdriverproject.org; linux-
> s...@vger.kernel.org; linux-kernel@vger.kernel.org
> Cc: Long Li 
> Subject: [PATCH] storvsc: Set up correct queue depth values for IDE devices
> 
> From: Long Li 
> 
> Unlike SCSI and FC, we don't use multiple channels for IDE. So set queue depth
> correctly for IDE.
> 
> Also set the correct cmd_per_lun for all devices.
> 
> Signed-off-by: Long Li 
> ---
>  drivers/scsi/storvsc_drv.c | 8 ++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/scsi/storvsc_drv.c b/drivers/scsi/storvsc_drv.c
> index 8c51d628b52e..fba170640e9c 100644
> --- a/drivers/scsi/storvsc_drv.c
> +++ b/drivers/scsi/storvsc_drv.c
> @@ -1722,15 +1722,19 @@ static int storvsc_probe(struct hv_device *device,
>   max_targets = STORVSC_MAX_TARGETS;
>   max_channels = STORVSC_MAX_CHANNELS;
>   /*
> -  * On Windows8 and above, we support sub-channels for storage.
> +  * On Windows8 and above, we support sub-channels for storage
> +  * on SCSI and FC controllers.
>* The number of sub-channels offerred is based on the number of
>* VCPUs in the guest.
>*/
> - max_sub_channels = (num_cpus / storvsc_vcpus_per_sub_channel);
> + if (!dev_is_ide)
> + max_sub_channels =
> + num_cpus / storvsc_vcpus_per_sub_channel;

This calculation of the # of sub-channels doesn't get the right answer (and it
didn't before this patch either).  storvsc_vcpus_per_sub_channel defaults to 4.
If num_cpus is 8, max_sub_channels will be 2, but it should be 1.  The
sub-channel count should not include the main channel since we add 1 to the
sub-channel count below when calculating can_queue.

Furthermore, this is calculation is just a guess, in the sense that we're
replicating the algorithm we think Hyper-V is using to determine the number
of sub-channels to offer.   It turns out Hyper-V is changing that algorithm for
particular devices in an upcoming new Azure VM size.  But the only use of
max_sub_channels is in the calculation of can_queue below, so the impact
is minimal.

>   }
> 
>   scsi_driver.can_queue = (max_outstanding_req_per_channel *
>(max_sub_channels + 1));
> + scsi_driver.cmd_per_lun = scsi_driver.can_queue;

can_queue is defined as "int", while cmd_per_lun is defined as "short".
The calculated value of can_queue could easily be over 32,767 with
15 sub-channels and max_outstanding_req_per_channel being 3036
for the default 1 Mbyte ring buffer.  So the assignment to cmd_per_lun
could produce truncation and even a negative number.

More broadly, since max_outstanding_req_per_channel is based on
the ring buffer size, these calculations imply that Hyper-V storvsp's
queuing capacity is based on the ring buffer size.  I don't think that's
the case.  From conversations with the storvsp folks, I think Hyper-V
always removes entries from the guest->host ring buffer and then
lets storvsp queue them separately.   So we don't want to be linking
cmd_per_lun (or even can_queue, for that matter) to the ring buffer
size.  The current default ring buffer size of 1 Mbyte is probably 10x
bigger than needed, and we want to be able to adjust that without
ending up with can_queue and cmd_per_lun values that are too
small.

We would probably do better to set can_queue to a constant, and
leave cmd_per_lun at its current value of 2048.   The can_queue
value is already capped at 10240 in the blk-mq layer, so maybe
that's a reasonable constant to use.

Thoughts?

> 
>   host = scsi_host_alloc(_driver,
>  sizeof(struct hv_host_device));
> --
> 2.14.1

[PATCH 4.15 037/128] iwlwifi: mvm: rs: dont override the rate history in the search cycle

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Emmanuel Grumbach 


[ Upstream commit 992172e3aec19e5b0ea5b757ba40a146b9282d1e ]

When we are in a search cycle, we try different combinations
of parameters. Those combinations are called 'columns'.
When we switch to a new column, we first need to check if
this column has a suitable rate, if not, we can't try it.
This means we must not erase the statistics we gathered
for the previous column until we are sure that we are
indeed switching column.

The code that tries to switch to a new column first sets
a whole bunch of things for the new column, and only then
checks that we can find suitable rates in that column.
While doing that, the code mistakenly erased the rate
statistics. This code was right until
struct iwl_scale_tbl_info grew up for TPC.

Fix this to make sure we don't erase the rate statistics
until we are sure that we can indeed switch to the new
column.

Note that this bug is really harmless since it causes a
change in the behavior only when we can't find any rate
in the new column which should really not happen. In the
case we do find a suitable we reset the rate statistics
a few lines later anyway.

Signed-off-by: Emmanuel Grumbach 
Signed-off-by: Luca Coelho 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/net/wireless/intel/iwlwifi/mvm/rs.c |4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

--- a/drivers/net/wireless/intel/iwlwifi/mvm/rs.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/rs.c
@@ -1877,12 +1877,10 @@ static int rs_switch_to_column(struct iw
struct rs_rate *rate = _tbl->rate;
const struct rs_tx_column *column = _tx_columns[col_id];
const struct rs_tx_column *curr_column = _tx_columns[tbl->column];
-   u32 sz = (sizeof(struct iwl_scale_tbl_info) -
- (sizeof(struct iwl_rate_scale_data) * IWL_RATE_COUNT));
unsigned long rate_mask = 0;
u32 rate_idx = 0;
 
-   memcpy(search_tbl, tbl, sz);
+   memcpy(search_tbl, tbl, offsetof(struct iwl_scale_tbl_info, win));
 
rate->sgi = column->sgi;
rate->ant = column->ant;

[PATCH 4.15 043/128] typec: tcpm: fusb302: Resolve out of order messaging events

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Adam Thomson 


[ Upstream commit ab69f61321140ff632d560775bc226259a78dfa2 ]

The expectation in the FUSB302 driver is that a TX_SUCCESS event
should occur after a message has been sent, but before a GCRCSENT
event is raised to indicate successful receipt of a message from
the partner. However in some circumstances it is possible to see
the hardware raise a GCRCSENT event before a TX_SUCCESS event
is raised. The upshot of this is that the GCRCSENT handling portion
of code ends up reporting the GoodCRC message to TCPM because the
TX_SUCCESS event hasn't yet arrived to trigger a consumption of it.
When TX_SUCCESS is then raised by the chip it ends up consuming the
actual message that was meant for TCPM, and this incorrect sequence
results in a hard reset from TCPM.

To avoid this problem, this commit updates the message reading
code to check whether a GoodCRC message was received or not. Based
on this check it will either report that the previous transmission
has completed or it will pass the msg data to TCPM for futher
processing. This way the incorrect ordering of the events no longer
matters.

Signed-off-by: Adam Thomson 
Reviewed-by: Guenter Roeck 
Acked-by: Heikki Krogerus 
Signed-off-by: Greg Kroah-Hartman 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/usb/typec/fusb302/fusb302.c |   21 +
 1 file changed, 17 insertions(+), 4 deletions(-)

--- a/drivers/usb/typec/fusb302/fusb302.c
+++ b/drivers/usb/typec/fusb302/fusb302.c
@@ -1543,6 +1543,21 @@ static int fusb302_pd_read_message(struc
fusb302_log(chip, "PD message header: %x", msg->header);
fusb302_log(chip, "PD message len: %d", len);
 
+   /*
+* Check if we've read off a GoodCRC message. If so then indicate to
+* TCPM that the previous transmission has completed. Otherwise we pass
+* the received message over to TCPM for processing.
+*
+* We make this check here instead of basing the reporting decision on
+* the IRQ event type, as it's possible for the chip to report the
+* TX_SUCCESS and GCRCSENT events out of order on occasion, so we need
+* to check the message type to ensure correct reporting to TCPM.
+*/
+   if ((!len) && (pd_header_type_le(msg->header) == PD_CTRL_GOOD_CRC))
+   tcpm_pd_transmit_complete(chip->tcpm_port, TCPC_TX_SUCCESS);
+   else
+   tcpm_pd_receive(chip->tcpm_port, msg);
+
return ret;
 }
 
@@ -1650,13 +1665,12 @@ static irqreturn_t fusb302_irq_intn(int
 
if (interrupta & FUSB_REG_INTERRUPTA_TX_SUCCESS) {
fusb302_log(chip, "IRQ: PD tx success");
-   /* read out the received good CRC */
ret = fusb302_pd_read_message(chip, _msg);
if (ret < 0) {
-   fusb302_log(chip, "cannot read in GCRC, ret=%d", ret);
+   fusb302_log(chip,
+   "cannot read in PD message, ret=%d", ret);
goto done;
}
-   tcpm_pd_transmit_complete(chip->tcpm_port, TCPC_TX_SUCCESS);
}
 
if (interrupta & FUSB_REG_INTERRUPTA_HARDRESET) {
@@ -1677,7 +1691,6 @@ static irqreturn_t fusb302_irq_intn(int
"cannot read in PD message, ret=%d", ret);
goto done;
}
-   tcpm_pd_receive(chip->tcpm_port, _msg);
}
 done:
mutex_unlock(>lock);

[PATCH 4.15 039/128] clk: meson: gxbb: fix wrong clock for SARADC/SANA

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Yixun Lan 


[ Upstream commit 75eccf5ed83250c0aeaeeb76f7288254ac0a87b4 ]

According to the datasheet, in Meson-GXBB/GXL series,
The clock gate bit for SARADC is HHI_GCLK_MPEG2 bit[22],
while clock gate bit for SANA is HHI_GCLK_MPEG0 bit[10].

Test passed at gxl-s905x-p212 board.

The following published datasheets are wrong and should be updated
[1] GXBB v1.1.4
[2] GXL v0.3_20170314

Fixes: 738f66d3211d ("clk: gxbb: add AmLogic GXBB clk controller driver")
Tested-by: Xingyu Chen 
Signed-off-by: Yixun Lan 
Signed-off-by: Jerome Brunet 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/clk/meson/gxbb.c |4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/drivers/clk/meson/gxbb.c
+++ b/drivers/clk/meson/gxbb.c
@@ -1386,7 +1386,7 @@ static MESON_GATE(gxbb_pl301, HHI_GCLK_M
 static MESON_GATE(gxbb_periphs, HHI_GCLK_MPEG0, 7);
 static MESON_GATE(gxbb_spicc, HHI_GCLK_MPEG0, 8);
 static MESON_GATE(gxbb_i2c, HHI_GCLK_MPEG0, 9);
-static MESON_GATE(gxbb_sar_adc, HHI_GCLK_MPEG0, 10);
+static MESON_GATE(gxbb_sana, HHI_GCLK_MPEG0, 10);
 static MESON_GATE(gxbb_smart_card, HHI_GCLK_MPEG0, 11);
 static MESON_GATE(gxbb_rng0, HHI_GCLK_MPEG0, 12);
 static MESON_GATE(gxbb_uart0, HHI_GCLK_MPEG0, 13);
@@ -1437,7 +1437,7 @@ static MESON_GATE(gxbb_usb0_ddr_bridge,
 static MESON_GATE(gxbb_mmc_pclk, HHI_GCLK_MPEG2, 11);
 static MESON_GATE(gxbb_dvin, HHI_GCLK_MPEG2, 12);
 static MESON_GATE(gxbb_uart2, HHI_GCLK_MPEG2, 15);
-static MESON_GATE(gxbb_sana, HHI_GCLK_MPEG2, 22);
+static MESON_GATE(gxbb_sar_adc, HHI_GCLK_MPEG2, 22);
 static MESON_GATE(gxbb_vpu_intr, HHI_GCLK_MPEG2, 25);
 static MESON_GATE(gxbb_sec_ahb_ahb3_bridge, HHI_GCLK_MPEG2, 26);
 static MESON_GATE(gxbb_clk81_a53, HHI_GCLK_MPEG2, 29);

[PATCH 4.15 055/128] rtc: brcmstb-waketimer: fix error handling in brcmstb_waketmr_probe()

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Alexey Khoroshilov 


[ Upstream commit f2eef045de9defbc6fc6b72b17f0941cbe26c81d ]

brcmstb_waketmr_probe() does not disable timer->clk on error paths.

Found by Linux Driver Verification project (linuxtesting.org).

Fixes: c4f07ecee22e ("rtc: brcmstb-waketimer: Add Broadcom STB wake-timer")
Signed-off-by: Alexey Khoroshilov 
Reviewed-by: Florian Fainelli 
Signed-off-by: Alexandre Belloni 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/rtc/rtc-brcmstb-waketimer.c |   15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

--- a/drivers/rtc/rtc-brcmstb-waketimer.c
+++ b/drivers/rtc/rtc-brcmstb-waketimer.c
@@ -253,7 +253,7 @@ static int brcmstb_waketmr_probe(struct
ret = devm_request_irq(dev, timer->irq, brcmstb_waketmr_irq, 0,
   "brcmstb-waketimer", timer);
if (ret < 0)
-   return ret;
+   goto err_clk;
 
timer->reboot_notifier.notifier_call = brcmstb_waketmr_reboot;
register_reboot_notifier(>reboot_notifier);
@@ -262,12 +262,21 @@ static int brcmstb_waketmr_probe(struct
 _waketmr_ops, THIS_MODULE);
if (IS_ERR(timer->rtc)) {
dev_err(dev, "unable to register device\n");
-   unregister_reboot_notifier(>reboot_notifier);
-   return PTR_ERR(timer->rtc);
+   ret = PTR_ERR(timer->rtc);
+   goto err_notifier;
}
 
dev_info(dev, "registered, with irq %d\n", timer->irq);
 
+   return 0;
+
+err_notifier:
+   unregister_reboot_notifier(>reboot_notifier);
+
+err_clk:
+   if (timer->clk)
+   clk_disable_unprepare(timer->clk);
+
return ret;
 }

[PATCH 4.15 028/128] drm/panel: rpi-touchscreen: propagate errors in rpi_touchscreen_i2c_read()

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Dan Carpenter 


[ Upstream commit 85b4587f8e94143bafb8b6a4003a5187b9a8753d ]

There is one caller which checks whether rpi_touchscreen_i2c_read()
returns negative error codes.  Currently it can't because negative
error codes are truncated to u8, but that's easy to fix if we change the
type to int.

Fixes: 2f733d6194bd ("drm/panel: Add support for the Raspberry Pi 7" 
Touchscreen.")
Signed-off-by: Dan Carpenter 
Signed-off-by: Eric Anholt 
Link: 
https://patchwork.freedesktop.org/patch/msgid/20171020002845.kar2wg7gqxg7tzqi@mwanda
Reviewed-by: Eric Anholt 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c 
b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c
index 890fd6ff397c..d964d454e4ae 100644
--- a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c
+++ b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c
@@ -221,7 +221,7 @@ static struct rpi_touchscreen *panel_to_ts(struct drm_panel 
*panel)
return container_of(panel, struct rpi_touchscreen, base);
 }
 
-static u8 rpi_touchscreen_i2c_read(struct rpi_touchscreen *ts, u8 reg)
+static int rpi_touchscreen_i2c_read(struct rpi_touchscreen *ts, u8 reg)
 {
return i2c_smbus_read_byte_data(ts->i2c, reg);
 }
-- 
2.16.2

[PATCH 4.15 023/128] earlycon: add reg-offset to physical address before mapping

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Greentime Hu 

commit 1f66dd36bb18437397ea0d7882c52f7e3c476e15 upstream.

It will get the wrong virtual address because port->mapbase is not added
the correct reg-offset yet. We have to update it before earlycon_map()
is called

Signed-off-by: Greentime Hu 
Acked-by: Arnd Bergmann 
Cc: Peter Hurley 
Cc: sta...@vger.kernel.org
Fixes: 088da2a17619 ("of: earlycon: Initialize port fields from DT properties")
Acked-by: Rob Herring 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/tty/serial/earlycon.c |3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/drivers/tty/serial/earlycon.c
+++ b/drivers/tty/serial/earlycon.c
@@ -250,11 +250,12 @@ int __init of_setup_earlycon(const struc
}
port->mapbase = addr;
port->uartclk = BASE_BAUD * 16;
-   port->membase = earlycon_map(port->mapbase, SZ_4K);
 
val = of_get_flat_dt_prop(node, "reg-offset", NULL);
if (val)
port->mapbase += be32_to_cpu(*val);
+   port->membase = earlycon_map(port->mapbase, SZ_4K);
+
val = of_get_flat_dt_prop(node, "reg-shift", NULL);
if (val)
port->regshift = be32_to_cpu(*val);

[PATCH v3 16/18] IB/mlx4: Eliminate duplicate barriers on weakly-ordered archs

Code includes wmb() followed by writel(). writel() already has a barrier on
some architectures like arm64.

This ends up CPU observing two barriers back to back before executing the
register write.

Since code already has an explicit barrier call, changing writel() to
writel_relaxed().

Signed-off-by: Sinan Kaya 
---
 drivers/infiniband/hw/mlx4/qp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/infiniband/hw/mlx4/qp.c b/drivers/infiniband/hw/mlx4/qp.c
index f045491..74b27b0 100644
--- a/drivers/infiniband/hw/mlx4/qp.c
+++ b/drivers/infiniband/hw/mlx4/qp.c
@@ -3880,8 +3880,8 @@ int mlx4_ib_post_send(struct ib_qp *ibqp, struct 
ib_send_wr *wr,
 */
wmb();
 
-   writel(qp->doorbell_qpn,
-  to_mdev(ibqp->device)->uar_map + MLX4_SEND_DOORBELL);
+   writel_relaxed(qp->doorbell_qpn,
+   to_mdev(ibqp->device)->uar_map + MLX4_SEND_DOORBELL);
 
/*
 * Make sure doorbells don't leak out of SQ spinlock
-- 
2.7.4

[PATCH v3 06/18] ixgbevf: eliminate duplicate barriers on weakly-ordered archs

Code includes wmb() followed by writel() in multiple places. writel()
already has a barrier on some architectures like arm64.

This ends up CPU observing two barriers back to back before executing the
register write.

Since code already has an explicit barrier call, changing writel() to
writel_relaxed().

Signed-off-by: Sinan Kaya 
---
 drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c 
b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
index 6bf778a..774b2a6 100644
--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
@@ -659,7 +659,7 @@ static void ixgbevf_alloc_rx_buffers(struct ixgbevf_ring 
*rx_ring,
 * such as IA-64).
 */
wmb();
-   writel(i, rx_ring->tail);
+   writel_relaxed(i, rx_ring->tail);
}
 }
 
@@ -3644,7 +3644,7 @@ static void ixgbevf_tx_map(struct ixgbevf_ring *tx_ring,
tx_ring->next_to_use = i;
 
/* notify HW of packet */
-   writel(i, tx_ring->tail);
+   writel_relaxed(i, tx_ring->tail);
 
return;
 dma_error:
-- 
2.7.4

[PATCH v3 13/18] net: cxgb4/cxgb4vf: Eliminate duplicate barriers on weakly-ordered archs

Code includes wmb() followed by writel(). writel() already has a barrier on
some architectures like arm64.

This ends up CPU observing two barriers back to back before executing the
register write.

Create a new wrapper function with relaxed write operator. Use the new
wrapper when a write is following a wmb().

Signed-off-by: Sinan Kaya 
---
 drivers/net/ethernet/chelsio/cxgb4/cxgb4.h  |  6 ++
 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 13 +++--
 drivers/net/ethernet/chelsio/cxgb4/sge.c|  8 
 drivers/net/ethernet/chelsio/cxgb4/t4_hw.c  |  2 +-
 drivers/net/ethernet/chelsio/cxgb4vf/adapter.h  | 14 ++
 drivers/net/ethernet/chelsio/cxgb4vf/sge.c  | 16 +---
 6 files changed, 41 insertions(+), 18 deletions(-)

diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h 
b/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
index 9040e13..6bde0b9 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4.h
@@ -1202,6 +1202,12 @@ static inline void t4_write_reg(struct adapter *adap, 
u32 reg_addr, u32 val)
writel(val, adap->regs + reg_addr);
 }
 
+static inline void t4_write_reg_relaxed(struct adapter *adap, u32 reg_addr,
+   u32 val)
+{
+   writel_relaxed(val, adap->regs + reg_addr);
+}
+
 #ifndef readq
 static inline u64 readq(const volatile void __iomem *addr)
 {
diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c 
b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
index 7b452e8..276472d 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c
@@ -1723,8 +1723,8 @@ int cxgb4_sync_txq_pidx(struct net_device *dev, u16 qid, 
u16 pidx,
else
val = PIDX_T5_V(delta);
wmb();
-   t4_write_reg(adap, MYPF_REG(SGE_PF_KDOORBELL_A),
-QID_V(qid) | val);
+   t4_write_reg_relaxed(adap, MYPF_REG(SGE_PF_KDOORBELL_A),
+QID_V(qid) | val);
}
 out:
return ret;
@@ -1902,8 +1902,9 @@ static void enable_txq_db(struct adapter *adap, struct 
sge_txq *q)
 * are committed before we tell HW about them.
 */
wmb();
-   t4_write_reg(adap, MYPF_REG(SGE_PF_KDOORBELL_A),
-QID_V(q->cntxt_id) | PIDX_V(q->db_pidx_inc));
+   t4_write_reg_relaxed(adap, MYPF_REG(SGE_PF_KDOORBELL_A),
+QID_V(q->cntxt_id) |
+   PIDX_V(q->db_pidx_inc));
q->db_pidx_inc = 0;
}
q->db_disabled = 0;
@@ -2003,8 +2004,8 @@ static void sync_txq_pidx(struct adapter *adap, struct 
sge_txq *q)
else
val = PIDX_T5_V(delta);
wmb();
-   t4_write_reg(adap, MYPF_REG(SGE_PF_KDOORBELL_A),
-QID_V(q->cntxt_id) | val);
+   t4_write_reg_relaxed(adap, MYPF_REG(SGE_PF_KDOORBELL_A),
+QID_V(q->cntxt_id) | val);
}
 out:
q->db_disabled = 0;
diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c 
b/drivers/net/ethernet/chelsio/cxgb4/sge.c
index 6e310a0..1a1738a 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c
@@ -530,11 +530,11 @@ static inline void ring_fl_db(struct adapter *adap, 
struct sge_fl *q)
 * mechanism.
 */
if (unlikely(q->bar2_addr == NULL)) {
-   t4_write_reg(adap, MYPF_REG(SGE_PF_KDOORBELL_A),
-val | QID_V(q->cntxt_id));
+   t4_write_reg_relaxed(adap, MYPF_REG(SGE_PF_KDOORBELL_A),
+val | QID_V(q->cntxt_id));
} else {
-   writel(val | QID_V(q->bar2_qid),
-  q->bar2_addr + SGE_UDB_KDOORBELL);
+   writel_relaxed(val | QID_V(q->bar2_qid),
+  q->bar2_addr + SGE_UDB_KDOORBELL);
 
/* This Write memory Barrier will force the write to
 * the User Doorbell area to be flushed.
diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c 
b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
index 920bccd..8b723a0 100644
--- a/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
+++ b/drivers/net/ethernet/chelsio/cxgb4/t4_hw.c
@@ -139,7 +139,7 @@ void t4_write_indirect(struct adapter *adap, unsigned int 
addr_reg,
 {
while (nregs--) {
t4_write_reg(adap, addr_reg, start_idx++);
-   t4_write_reg(adap, data_reg, *vals++);
+   t4_write_reg_relaxed(adap, data_reg, *vals++);
}
 }
 
diff --git

[PATCH v3 07/18] drivers: net: cxgb: Eliminate duplicate barriers on weakly-ordered archs

Code includes wmb() followed by writel(). writel() already has a barrier on
some architectures like arm64.

This ends up CPU observing two barriers back to back before executing the
register write.

Since code already has an explicit barrier call, changing writel() to
writel_relaxed().

Signed-off-by: Sinan Kaya 
---
 drivers/net/ethernet/chelsio/cxgb/sge.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/net/ethernet/chelsio/cxgb/sge.c 
b/drivers/net/ethernet/chelsio/cxgb/sge.c
index 30de26e..57891bd6 100644
--- a/drivers/net/ethernet/chelsio/cxgb/sge.c
+++ b/drivers/net/ethernet/chelsio/cxgb/sge.c
@@ -495,7 +495,7 @@ static struct sk_buff *sched_skb(struct sge *sge, struct 
sk_buff *skb,
 static inline void doorbell_pio(struct adapter *adapter, u32 val)
 {
wmb();
-   writel(val, adapter->regs + A_SG_DOORBELL);
+   writel_relaxed(val, adapter->regs + A_SG_DOORBELL);
 }
 
 /*
-- 
2.7.4

[PATCH 4.15 011/128] uas: fix comparison for error code

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Oliver Neukum 

commit 9a513c905bb95bef79d96feb08621c1ec8d8c4bb upstream.

A typo broke the comparison.

Fixes: cbeef22fd611 ("usb: uas: unconditionally bring back host after reset")
Signed-off-by: Oliver Neukum 
CC: sta...@kernel.org
Acked-by: Hans de Goede 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/usb/storage/uas.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -1076,7 +1076,7 @@ static int uas_post_reset(struct usb_int
return 0;
 
err = uas_configure_endpoints(devinfo);
-   if (err && err != ENODEV)
+   if (err && err != -ENODEV)
shost_printk(KERN_ERR, shost,
 "%s: alloc streams error %d after reset",
 __func__, err);

Re: [PATCH 2/2] fpga: lattice machxo2: Add Lattice MachXO2 support

2018-03-16 Thread Moritz Fischer

On Fri, Mar 16, 2018 at 04:54:29PM +0100, Paolo Pisati wrote:
> This patch adds support to the FPGA manager for programming
> MachXO2 device’s internal flash memory, via slave SPI.
> 
> Signed-off-by: Paolo Pisati 
> ---
>  drivers/fpga/Kconfig   |   8 +
>  drivers/fpga/Makefile  |   1 +
>  drivers/fpga/machxo2-spi.c | 410 
> +
>  3 files changed, 419 insertions(+)
>  create mode 100644 drivers/fpga/machxo2-spi.c
> 
> diff --git a/drivers/fpga/Kconfig b/drivers/fpga/Kconfig
> index ad5448f..65ccbc5 100644
> --- a/drivers/fpga/Kconfig
> +++ b/drivers/fpga/Kconfig
> @@ -38,6 +38,14 @@ config FPGA_MGR_ALTERA_PS_SPI
> FPGA manager driver support for Altera Arria/Cyclone/Stratix
> using the passive serial interface over SPI.
>  
> +config FPGA_MGR_MACHXO2_SPI
> + tristate "Lattice MachXO2 SPI"
> + depends on SPI
> + help
> +   FPGA manager driver support for Lattice MachXO2 configuration
> +   over slave SPI interface.
> +
> +
>  config FPGA_MGR_SOCFPGA
>   tristate "Altera SOCFPGA FPGA Manager"
>   depends on ARCH_SOCFPGA || COMPILE_TEST
> diff --git a/drivers/fpga/Makefile b/drivers/fpga/Makefile
> index f98dcf1..38abb08 100644
> --- a/drivers/fpga/Makefile
> +++ b/drivers/fpga/Makefile
> @@ -10,6 +10,7 @@ obj-$(CONFIG_FPGA)  += fpga-mgr.o
>  obj-$(CONFIG_FPGA_MGR_ALTERA_CVP)+= altera-cvp.o
>  obj-$(CONFIG_FPGA_MGR_ALTERA_PS_SPI) += altera-ps-spi.o
>  obj-$(CONFIG_FPGA_MGR_ICE40_SPI) += ice40-spi.o
> +obj-$(CONFIG_FPGA_MGR_MACHXO2_SPI)   += machxo2-spi.o
>  obj-$(CONFIG_FPGA_MGR_SOCFPGA)   += socfpga.o
>  obj-$(CONFIG_FPGA_MGR_SOCFPGA_A10)   += socfpga-a10.o
>  obj-$(CONFIG_FPGA_MGR_TS73XX)+= ts73xx-fpga.o
> diff --git a/drivers/fpga/machxo2-spi.c b/drivers/fpga/machxo2-spi.c
> new file mode 100644
> index 000..3c7fc3e
> --- /dev/null
> +++ b/drivers/fpga/machxo2-spi.c
> @@ -0,0 +1,410 @@
> +/**
> + * Lattice MachXO2 Slave SPI Driver
> + *
> + * Copyright (C) 2018 Paolo Pisati 
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms and conditions of the GNU General Public License,
> + * version 2, as published by the Free Software Foundation.
SPDX please.
> + *
> + * Manage Lattice FPGA firmware that is loaded over SPI using
> + * the slave serial configuration interface.

> + */
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +//#define MACHXO2_DEBUG
?! No ;-)
> +
> +/* MachXO2 Programming Guide - sysCONFIG Programming Commands */
> +#define IDCODE_PUB   {0xe0, 0x00, 0x00, 0x00}
> +#define ISC_ENABLE   {0xc6, 0x08, 0x00, 0x00}
> +#define ISC_ERASE{0x0e, 0x04, 0x00, 0x00}
> +#define ISC_PROGRAMDONE  {0x5e, 0x00, 0x00, 0x00}
> +#define LSC_INITADDRESS  {0x46, 0x00, 0x00, 0x00}
> +#define LSC_PROGINCRNV   {0x70, 0x00, 0x00, 0x01}
> +#define LSC_READ_STATUS  {0x3c, 0x00, 0x00, 0x00}
> +#define LSC_REFRESH  {0x79, 0x00, 0x00, 0x00}
> +
> +/*
> + * Max CCLK in Slave SPI mode according to 'MachXO2 Family Data
> + * Sheet' sysCONFIG Port Timing Specifications (3-36)
> + */
> +#define MACHXO2_MAX_SPEED6600
> +
> +#define MACHXO2_LOW_DELAY5   /* us */
> +#define MACHXO2_HIGH_DELAY   200 /* us */
> +#define MACHXO2_REFRESH  4800/* us */
> +#define MACHXO2_MAX_BUSY_LOOP128
> +#define MACHXO2_MAX_REFRESH_LOOP 16
> +
> +#define MACHXO2_PAGE_SIZE16
> +#define MACHXO2_BUF_SIZE (MACHXO2_PAGE_SIZE + 4)
> +
> +/* Status register bits, errors and error mask */
> +#define BUSY 12
> +#define DONE 8
> +#define DVER 27
> +#define ENAB 9
> +#define ERRBITS  23
> +#define ERRMASK  7
> +#define FAIL 13
> +
> +#define ENOERR   0 /* no error */
> +#define EID  1
> +#define ECMD 2
> +#define  ECRC3
> +#define EPREAM   4 /* preamble error */
> +#define EABRT5 /* abort error */
> +#define EOVERFL 6 /* overflow error */
> +#define ESDMEOF 7 /* SDM EOF */
> +
> +static inline u8 get_err(unsigned long *status)
> +{
> + return (*status >> ERRBITS) & ERRMASK;
> +}
> +
> +static int get_status(struct spi_device *spi, unsigned long *status)
> +{
> + struct spi_message msg;
> + struct spi_transfer rx, tx;
> + u8 cmd[] = LSC_READ_STATUS;
> + int ret;
> +
> + memset(, 0, sizeof(rx));
> + memset(, 0, sizeof(tx));
> + tx.tx_buf = cmd;
> + tx.len = sizeof(cmd);
> + rx.rx_buf = status;
> + rx.len = 4;
> + spi_message_init();
> + spi_message_add_tail(, );
> + spi_message_add_tail(, );
> + ret = spi_sync(spi, );
> + if (ret)
> + return ret;
> +
> + *status =

[PATCH 4.15 010/128] tty/serial: atmel: add new version check for usart

4.15-stable review patch.  If anyone has any objections, please let me know.

--

From: Jonas Danielsson 

commit fd63a8903a2c40425a9811c3371dd4d0f42c0ad3 upstream.

On our at91sam9260 based board the usart0 and usart1 ports report
their versions (ATMEL_US_VERSION) as 0x10302. This version is not
included in the current checks in the driver.

Signed-off-by: Jonas Danielsson 
Acked-by: Richard Genoud 
Acked-by: Nicolas Ferre 
Cc: stable 
Signed-off-by: Greg Kroah-Hartman 

---
 drivers/tty/serial/atmel_serial.c |1 +
 1 file changed, 1 insertion(+)

--- a/drivers/tty/serial/atmel_serial.c
+++ b/drivers/tty/serial/atmel_serial.c
@@ -1734,6 +1734,7 @@ static void atmel_get_ip_name(struct uar
switch (version) {
case 0x302:
case 0x10213:
+   case 0x10302:
dev_dbg(port->dev, "This version is usart\n");
atmel_port->has_frac_baudrate = true;
atmel_port->has_hw_timer = true;

[PATCH 4.14 094/109] powerpc/64: Dont trace irqs-off at interrupt return to soft-disabled context

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Nicholas Piggin 


[ Upstream commit acb1feab320e38588fccc568e3767761f494976f ]

When an interrupt is returning to a soft-disabled context (which can
happen for non-maskable interrupts or synchronous interrupts), it goes
through the motions of soft-disabling again, including calling
TRACE_DISABLE_INTS (i.e., trace_hardirqs_off()).

This is not necessary, because we must already be soft-disabled in the
interrupt context, it also may be causing crashes in the irq tracing
code to re-enter as an nmi. Replace it with a warning to ensure that
soft-interrupts are still disabled.

Fixes: 7c0482e3d055 ("powerpc/irq: Fix another case of lazy IRQ state getting 
out of sync")
Signed-off-by: Nicholas Piggin 
Signed-off-by: Michael Ellerman 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 arch/powerpc/kernel/entry_64.S |   10 +++---
 1 file changed, 7 insertions(+), 3 deletions(-)

--- a/arch/powerpc/kernel/entry_64.S
+++ b/arch/powerpc/kernel/entry_64.S
@@ -939,9 +939,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR)
beq 1f
rlwinm  r7,r7,0,~PACA_IRQ_HARD_DIS
stb r7,PACAIRQHAPPENED(r13)
-1: li  r0,0
-   stb r0,PACASOFTIRQEN(r13);
-   TRACE_DISABLE_INTS
+1:
+#if defined(CONFIG_TRACE_IRQFLAGS) && defined(CONFIG_BUG)
+   /* The interrupt should not have soft enabled. */
+   lbz r7,PACASOFTIRQEN(r13)
+1: tdnei   r7,0
+   EMIT_BUG_ENTRY 1b,__FILE__,__LINE__,BUGFLAG_WARNING
+#endif
b   .Ldo_restore
 
/*

[PATCH 4.14 092/109] drm/amdkfd: Fix memory leaks in kfd topology

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Yong Zhao 


[ Upstream commit 5108d768408abc80e4e8d99f5b406a73cb04056b ]

Kobject created using kobject_create_and_add() can be freed using
kobject_put() when there is no referenece any more. However,
kobject memory allocated with kzalloc() has to set up a release
callback in order to free it when the counter decreases to 0.
Otherwise it causes memory leak.

Signed-off-by: Yong Zhao 
Signed-off-by: Felix Kuehling 
Reviewed-by: Oded Gabbay 
Signed-off-by: Oded Gabbay 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/gpu/drm/amd/amdkfd/kfd_topology.c |   10 ++
 1 file changed, 10 insertions(+)

--- a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c
@@ -501,11 +501,17 @@ static ssize_t sysprops_show(struct kobj
return ret;
 }
 
+static void kfd_topology_kobj_release(struct kobject *kobj)
+{
+   kfree(kobj);
+}
+
 static const struct sysfs_ops sysprops_ops = {
.show = sysprops_show,
 };
 
 static struct kobj_type sysprops_type = {
+   .release = kfd_topology_kobj_release,
.sysfs_ops = _ops,
 };
 
@@ -541,6 +547,7 @@ static const struct sysfs_ops iolink_ops
 };
 
 static struct kobj_type iolink_type = {
+   .release = kfd_topology_kobj_release,
.sysfs_ops = _ops,
 };
 
@@ -568,6 +575,7 @@ static const struct sysfs_ops mem_ops =
 };
 
 static struct kobj_type mem_type = {
+   .release = kfd_topology_kobj_release,
.sysfs_ops = _ops,
 };
 
@@ -607,6 +615,7 @@ static const struct sysfs_ops cache_ops
 };
 
 static struct kobj_type cache_type = {
+   .release = kfd_topology_kobj_release,
.sysfs_ops = _ops,
 };
 
@@ -729,6 +738,7 @@ static const struct sysfs_ops node_ops =
 };
 
 static struct kobj_type node_type = {
+   .release = kfd_topology_kobj_release,
.sysfs_ops = _ops,
 };

[PATCH 4.14 093/109] powerpc/modules: Dont try to restore r2 after a sibling call

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Josh Poimboeuf 


[ Upstream commit b9eab08d012fa093947b230f9a87257c27fb829b ]

When attempting to load a livepatch module, I got the following error:

  module_64: patch_module: Expect noop after relocate, got 3c82

The error was triggered by the following code in
unregister_netdevice_queue():

  14c:   00 00 00 48 b   14c 
 14c: R_PPC64_REL24  net_set_todo
  150:   00 00 82 3c addis   r4,r2,0

GCC didn't insert a nop after the branch to net_set_todo() because it's
a sibling call, so it never returns.  The nop isn't needed after the
branch in that case.

Signed-off-by: Josh Poimboeuf 
Acked-by: Naveen N. Rao 
Reviewed-and-tested-by: Kamalesh Babulal 
Signed-off-by: Michael Ellerman 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 arch/powerpc/include/asm/code-patching.h |1 +
 arch/powerpc/kernel/module_64.c  |   12 +++-
 arch/powerpc/lib/code-patching.c |5 +
 3 files changed, 17 insertions(+), 1 deletion(-)

--- a/arch/powerpc/include/asm/code-patching.h
+++ b/arch/powerpc/include/asm/code-patching.h
@@ -33,6 +33,7 @@ int patch_branch(unsigned int *addr, uns
 int patch_instruction(unsigned int *addr, unsigned int instr);
 
 int instr_is_relative_branch(unsigned int instr);
+int instr_is_relative_link_branch(unsigned int instr);
 int instr_is_branch_to_addr(const unsigned int *instr, unsigned long addr);
 unsigned long branch_target(const unsigned int *instr);
 unsigned int translate_branch(const unsigned int *dest,
--- a/arch/powerpc/kernel/module_64.c
+++ b/arch/powerpc/kernel/module_64.c
@@ -486,7 +486,17 @@ static bool is_early_mcount_callsite(u32
restore r2. */
 static int restore_r2(u32 *instruction, struct module *me)
 {
-   if (is_early_mcount_callsite(instruction - 1))
+   u32 *prev_insn = instruction - 1;
+
+   if (is_early_mcount_callsite(prev_insn))
+   return 1;
+
+   /*
+* Make sure the branch isn't a sibling call.  Sibling calls aren't
+* "link" branches and they don't return, so they don't need the r2
+* restore afterwards.
+*/
+   if (!instr_is_relative_link_branch(*prev_insn))
return 1;
 
if (*instruction != PPC_INST_NOP) {
--- a/arch/powerpc/lib/code-patching.c
+++ b/arch/powerpc/lib/code-patching.c
@@ -302,6 +302,11 @@ int instr_is_relative_branch(unsigned in
return instr_is_branch_iform(instr) || instr_is_branch_bform(instr);
 }
 
+int instr_is_relative_link_branch(unsigned int instr)
+{
+   return instr_is_relative_branch(instr) && (instr & BRANCH_SET_LINK);
+}
+
 static unsigned long branch_iform_target(const unsigned int *instr)
 {
signed long imm;

[PATCH 4.14 076/109] clk: qcom: msm8916: fix mnd_width for codec_digcodec

4.14-stable review patch.  If anyone has any objections, please let me know.

--

From: Srinivas Kandagatla 


[ Upstream commit d8e488e8242ecf129eebc440c92d800a99ca109d ]

This patch fixes missing mnd_width for codec_digital clk, this is now set to
8 inline with datasheet.

Fixes: 3966fab8b6ab ("clk: qcom: Add MSM8916 Global Clock Controller support")
Signed-off-by: Srinivas Kandagatla 
Signed-off-by: Stephen Boyd 
Signed-off-by: Sasha Levin 
Signed-off-by: Greg Kroah-Hartman 
---
 drivers/clk/qcom/gcc-msm8916.c |1 +
 1 file changed, 1 insertion(+)

--- a/drivers/clk/qcom/gcc-msm8916.c
+++ b/drivers/clk/qcom/gcc-msm8916.c
@@ -1438,6 +1438,7 @@ static const struct freq_tbl ftbl_codec_
 
 static struct clk_rcg2 codec_digcodec_clk_src = {
.cmd_rcgr = 0x1c09c,
+   .mnd_width = 8,
.hid_width = 5,
.parent_map = gcc_xo_gpll1_emclk_sleep_map,
.freq_tbl = ftbl_codec_clk,

[PATCH 4.14 033/109] ARM: dts: koelsch: Move cec_clock to root node