1. 18 Mar, 2017 40 commits
    • Sean Young's avatar
      serial_ir: ensure we're ready to receive interrupts · 2030aedc
      Sean Young authored
      commit 0265634e upstream.
      
      When the interrupt requested with devm_request_irq(), serial_ir.rcdev
      is still null so will cause null deference if the irq handler is called
      early on.
      
      Also ensure that timeout_timer is setup.
      
      Link: http://lkml.kernel.org/r/CA+55aFxsh2uF8gi5sN_guY3Z+tiLv7LpJYKBw+y8vqLzp+TsnQ@mail.gmail.com
      
      [mchehab@s-opensource.com: moved serial_ir_probe() back to its original place]
      Signed-off-by: default avatarSean Young <sean@mess.org>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2030aedc
    • Takashi Iwai's avatar
      drm/i915/gvt: Fix superfluous newline in GVT_DISPLAY_READY env var · 81383a00
      Takashi Iwai authored
      commit d8e9b2b9 upstream.
      
      send_display_send_uevent() sends two environment variable, and the
      first one GVT_DISPLAY_READY is set including a new line at the end of
      the string; that is obviously superfluous and wrong -- at least, it
      *looks* so when you only read the code.
      
      However, it doesn't appear in the actual output by a (supposedly
      unexpected) trick.  The code uses snprintf() and truncates the string
      in size 20 bytes.  This makes the string as GVT_DISPLAY_READY=0 or
      ...=1 including the trailing NUL-letter.  That is, the '\n' found in
      the format string is always cut off as a result.
      
      Although the code gives the correct result, it is confusing.  This
      patch addresses it, just removing the superfluous '\n' from the format
      string for avoiding further confusion.  If the argument "ready" were
      not a  bool, the size 20 should be corrected as well.  But it's a
      bool, so we can leave the magic number 20 as is for now.
      
      FWIW, the bug was spotted by a new GCC7 warning:
        drivers/gpu/drm/i915/gvt/handlers.c: In function 'pvinfo_mmio_write':
        drivers/gpu/drm/i915/gvt/handlers.c:1042:34: error: 'snprintf' output truncated before the last format character [-Werror=format-truncation=]
          snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d\n", ready);
                                          ^~~~~~~~~~~~~~~~~~~~~~~~
        drivers/gpu/drm/i915/gvt/handlers.c:1042:2: note: 'snprintf' output 21 bytes into a destination of size 20
          snprintf(display_ready_str, 20, "GVT_DISPLAY_READY=%d\n", ready);
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Fixes: 04d348ae ("drm/i915/gvt: vGPU display virtualization")
      Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1025903Reported-by: default avatarRichard Biener <rguenther@suse.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarZhenyu Wang <zhenyuw@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      81383a00
    • Jintack Lim's avatar
      KVM: arm/arm64: Let vcpu thread modify its own active state · 523379cd
      Jintack Lim authored
      commit 370a0ec1 upstream.
      
      Currently, if a vcpu thread tries to change the active state of an
      interrupt which is already on the same vcpu's AP list, it will loop
      forever. Since the VGIC mmio handler is called after a vcpu has
      already synced back the LR state to the struct vgic_irq, we can just
      let it proceed safely.
      Reviewed-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarJintack Lim <jintack@cs.columbia.edu>
      Signed-off-by: default avatarChristoffer Dall <cdall@linaro.org>
      Signed-off-by: default avatarMarc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      523379cd
    • Janosch Frank's avatar
      KVM: s390: Fix guest migration for huge guests resulting in panic · 1f9175b9
      Janosch Frank authored
      commit 2e4d8800 upstream.
      
      While we can technically not run huge page guests right now, we can
      setup a guest with huge pages. Trying to migrate it will trigger a
      VM_BUG_ON and, if the kernel is not configured to panic on a BUG, it
      will happily try to work on non-existing page table entries.
      
      With this patch, we always return "dirty" if we encounter a large page
      when migrating. This at least fixes the immediate problem until we
      have proper handling for both kind of pages.
      
      Fixes: 15f36ebd ("KVM: s390: Add proper dirty bitmap support to S390 kvm.")
      Signed-off-by: default avatarJanosch Frank <frankja@linux.vnet.ibm.com>
      Acked-by: default avatarChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1f9175b9
    • Krzysztof Kozlowski's avatar
      serial: samsung: Continue to work if DMA request fails · 45dc259a
      Krzysztof Kozlowski authored
      commit f98c7bce upstream.
      
      If DMA is not available (even when configured in DeviceTree), the driver
      will fail the startup procedure thus making serial console not
      available.
      
      For example this causes boot failure on QEMU ARMv7 (Exynos4210, SMDKC210):
          [    1.302575] OF: amba_device_add() failed (-19) for /amba/pdma@12680000
          ...
          [   11.435732] samsung-uart 13800000.serial: DMA request failed
          [   72.963893] samsung-uart 13800000.serial: DMA request failed
          [   73.143361] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000000
      
      DMA is not necessary for serial to work, so continue with UART startup
      after emitting a warning.
      
      Fixes: 62c37eed ("serial: samsung: add dma reqest/release functions")
      Signed-off-by: default avatarKrzysztof Kozlowski <krzk@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      45dc259a
    • Johan Hovold's avatar
      USB: serial: io_ti: fix information leak in completion handler · 7daf817d
      Johan Hovold authored
      commit 654b404f upstream.
      
      Add missing sanity check to the bulk-in completion handler to avoid an
      integer underflow that can be triggered by a malicious device.
      
      This avoids leaking 128 kB of memory content from after the URB transfer
      buffer to user space.
      
      Fixes: 8c209e67 ("USB: make actual_length in struct urb field u32")
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7daf817d
    • Johan Hovold's avatar
      USB: serial: io_ti: fix NULL-deref in interrupt callback · 9bb084c7
      Johan Hovold authored
      commit 0b1d250a upstream.
      
      Fix a NULL-pointer dereference in the interrupt callback should a
      malicious device send data containing a bad port number by adding the
      missing sanity check.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9bb084c7
    • Johan Hovold's avatar
      USB: iowarrior: fix NULL-deref in write · 14bca59b
      Johan Hovold authored
      commit de46e566 upstream.
      
      Make sure to verify that we have the required interrupt-out endpoint for
      IOWarrior56 devices to avoid dereferencing a NULL-pointer in write
      should a malicious device lack such an endpoint.
      
      Fixes: 946b960d ("USB: add driver for iowarrior devices.")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      14bca59b
    • Johan Hovold's avatar
      USB: iowarrior: fix NULL-deref at probe · 5ec59765
      Johan Hovold authored
      commit b7321e81 upstream.
      
      Make sure to check for the required interrupt-in endpoint to avoid
      dereferencing a NULL-pointer should a malicious device lack such an
      endpoint.
      
      Note that a fairly recent change purported to fix this issue, but added
      an insufficient test on the number of endpoints only, a test which can
      now be removed.
      
      Fixes: 4ec0ef3a ("USB: iowarrior: fix oops with malicious USB descriptors")
      Fixes: 946b960d ("USB: add driver for iowarrior devices.")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5ec59765
    • Johan Hovold's avatar
      USB: serial: omninet: fix reference leaks at open · cc6ba470
      Johan Hovold authored
      commit 30572418 upstream.
      
      This driver needlessly took another reference to the tty on open, a
      reference which was then never released on close. This lead to not just
      a leak of the tty, but also a driver reference leak that prevented the
      driver from being unloaded after a port had once been opened.
      
      Fixes: 4a90f09b ("tty: usb-serial krefs")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      cc6ba470
    • Johan Hovold's avatar
      USB: serial: safe_serial: fix information leak in completion handler · dc944b11
      Johan Hovold authored
      commit 8c76d7cd upstream.
      
      Add missing sanity check to the bulk-in completion handler to avoid an
      integer underflow that could be triggered by a malicious device.
      
      This avoids leaking up to 56 bytes from after the URB transfer buffer to
      user space.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      dc944b11
    • Guenter Roeck's avatar
      usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers · a062cb39
      Guenter Roeck authored
      commit dcc7620c upstream.
      
      Upstream commit 98d74f9c ("xhci: fix 10 second timeout on removal of
      PCI hotpluggable xhci controllers") fixes a problem with hot pluggable PCI
      xhci controllers which can result in excessive timeouts, to the point where
      the system reports a deadlock.
      
      The same problem is seen with hot pluggable xhci controllers using the
      xhci-plat driver, such as the driver used for Type-C ports on rk3399.
      Similar to hot-pluggable PCI controllers, the driver for this chip
      removes the xhci controller from the system when the Type-C cable is
      disconnected.
      
      The solution for PCI devices works just as well for non-PCI devices
      and avoids the problem.
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: default avatarMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a062cb39
    • Peter Chen's avatar
      usb: host: xhci-dbg: HCIVERSION should be a binary number · 72023536
      Peter Chen authored
      commit f95e60a7 upstream.
      
      According to xHCI spec, HCIVERSION containing a BCD encoding
      of the xHCI specification revision number, 0100h corresponds
      to xHCI version 1.0. Change "100" as "0x100".
      
      Cc: Lu Baolu <baolu.lu@linux.intel.com>
      Fixes: 04abb6de ("xhci: Read and parse new xhci 1.1 capability register")
      Signed-off-by: default avatarPeter Chen <peter.chen@nxp.com>
      Signed-off-by: default avatarMathias Nyman <mathias.nyman@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      72023536
    • Roger Quadros's avatar
      Revert "usb: gadget: uvc: Add missing call for additional setup data" · 222095ea
      Roger Quadros authored
      commit eb38d913 upstream.
      
      This reverts commit 4fbac520.
      
      This commit breaks g_webcam when used with uvc-gadget [1].
      
      The user space application (e.g. uvc-gadget) is responsible for
      sending response to UVC class specific requests on control endpoint
      in uvc_send_response() in uvc_v4l2.c.
      
      The bad commit was causing a duplicate response to be sent with
      incorrect response data thus causing UVC probe to fail at the host
      and broken control transfer endpoint at the gadget.
      
      [1] - git://git.ideasonboard.org/uvc-gadget.gitAcked-by: default avatarLaurent Pinchart <laurent.pinchart@ideasonboard.com>
      Signed-off-by: default avatarRoger Quadros <rogerq@ti.com>
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      222095ea
    • Felipe Balbi's avatar
      usb: gadget: function: f_fs: pass companion descriptor along · d60b1053
      Felipe Balbi authored
      commit 2bfa0719 upstream.
      
      If we're dealing with SuperSpeed endpoints, we need
      to make sure to pass along the companion descriptor
      and initialize fields needed by the Gadget
      API. Eventually, f_fs.c should be converted to use
      config_ep_by_speed() like all other functions,
      though.
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d60b1053
    • Jelle Martijn Kok's avatar
      usb: ohci-at91: Do not drop unhandled USB suspend control requests · a0f69738
      Jelle Martijn Kok authored
      commit 85550f91 upstream.
      
      In patch 2e2aa1bcm, USB suspend and wakeup control requests are
      passed to SFR_OHCIICR register. If a processor does not have such a
      register, this hub control request will be dropped.
      
      If no such a SFR register is available, all USB suspend control requests
      will now be processed using ohci_hub_control()
      (like before patch 2e2aa1bcm.)
      
      Tested on an Atmel AT91SAM9G20 with an on-board TI TUSB2046B hub chip
      If the last USB device is unplugged from the USB hub, the hub goes into
      sleep and will not wakeup when an USB devices is inserted.
      
      Fixes: 2e2aa1bc ("usb: ohci-at91: Forcibly suspend ports while USB suspend")
      Signed-off-by: default avatarJelle Martijn Kok <jmkok@youcom.nl>
      Tested-by: default avatarWenyou Yang <wenyou.yang@atmel.com>
      Cc: Wenyou Yang <wenyou.yang@atmel.com>
      Cc: Alan Stern <stern@rowland.harvard.edu>
      Acked-by: default avatarNicolas Ferre <nicolas.ferre@microchip.com>
      Reviewed-by: default avatarAlexandre Belloni <alexandre.belloni@free-electrons.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a0f69738
    • Roger Quadros's avatar
      usb: dwc3-omap: Fix missing break in dwc3_omap_set_mailbox() · 25b1a4fd
      Roger Quadros authored
      commit 0913750f upstream.
      
      We need to break from all cases if we want to treat
      each one of them separately.
      Reported-by: default avatarGustavo A. R. Silva <garsilva@embeddedor.com>
      Fixes: d2728fb3 ("usb: dwc3: omap: Pass VBUS and ID events transparently")
      Signed-off-by: default avatarRoger Quadros <rogerq@ti.com>
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      25b1a4fd
    • Felipe Balbi's avatar
      usb: dwc3: gadget: make Set Endpoint Configuration macros safe · 894a0dfa
      Felipe Balbi authored
      commit 7369090a upstream.
      
      Some gadget drivers are bad, bad boys. We notice
      that ADB was passing bad Burst Size which caused top
      bits of param0 to be overwritten which confused DWC3
      when running this command.
      
      In order to avoid future issues, we're going to make
      sure values passed by macros are always safe for the
      controller. Note that ADB still needs a fix to *not*
      pass bad values.
      Reported-by: default avatarMohamed Abbas <mohamed.abbas@intel.com>
      Sugested-by: default avatarAdam Andruszak <adam.andruszak@intel.com>
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      894a0dfa
    • Peter Chen's avatar
      usb: gadget: dummy_hcd: clear usb_gadget region before registration · c73210fd
      Peter Chen authored
      commit 5bbc8526 upstream.
      
      When the user does device unbind and rebind test, the kernel will
      show below dump due to usb_gadget memory region is dirty after unbind.
      Clear usb_gadget region for every new probe.
      
      root@imx6qdlsolo:/sys/bus/platform/drivers/dummy_udc# echo dummy_udc.0 > bind
      [  102.523312] kobject (eddd78b0): tried to init an initialized object, something is seriously wrong.
      [  102.532447] CPU: 0 PID: 734 Comm: sh Not tainted 4.10.0-rc7-00872-g1b2b8e9 #1298
      [  102.539866] Hardware name: Freescale i.MX6 SoloX (Device Tree)
      [  102.545717] Backtrace:
      [  102.548225] [<c010d090>] (dump_backtrace) from [<c010d338>] (show_stack+0x18/0x1c)
      [  102.555822]  r7:ede34000 r6:60010013 r5:00000000 r4:c0f29418
      [  102.561512] [<c010d320>] (show_stack) from [<c040c2a4>] (dump_stack+0xb4/0xe8)
      [  102.568764] [<c040c1f0>] (dump_stack) from [<c040e6d4>] (kobject_init+0x80/0x9c)
      [  102.576187]  r10:0000001f r9:eddd7000 r8:eeaf8c10 r7:eddd78a8 r6:c177891c r5:c0f3b060
      [  102.584036]  r4:eddd78b0 r3:00000000
      [  102.587641] [<c040e654>] (kobject_init) from [<c05359a4>] (device_initialize+0x28/0xf8)
      [  102.595665]  r5:eebc4800 r4:eddd78a8
      [  102.599268] [<c053597c>] (device_initialize) from [<c05382ac>] (device_register+0x14/0x20)
      [  102.607556]  r7:eddd78a8 r6:00000000 r5:eebc4800 r4:eddd78a8
      [  102.613256] [<c0538298>] (device_register) from [<c0668ef4>] (usb_add_gadget_udc_release+0x8c/0x1ec)
      [  102.622410]  r5:eebc4800 r4:eddd7860
      [  102.626015] [<c0668e68>] (usb_add_gadget_udc_release) from [<c0669068>] (usb_add_gadget_udc+0x14/0x18)
      [  102.635351]  r10:0000001f r9:eddd7000 r8:eddd788c r7:bf003770 r6:eddd77f8 r5:eddd7818
      [  102.643198]  r4:eddd785c r3:eddd7b24
      [  102.646834] [<c0669054>] (usb_add_gadget_udc) from [<bf003428>] (dummy_udc_probe+0x170/0x1c4 [dummy_hcd])
      [  102.656458] [<bf0032b8>] (dummy_udc_probe [dummy_hcd]) from [<c053d114>] (platform_drv_probe+0x54/0xb8)
      [  102.665881]  r10:00000008 r9:c1778960 r8:bf004128 r7:fffffdfb r6:bf004128 r5:eeaf8c10
      [  102.673727]  r4:eeaf8c10
      [  102.676293] [<c053d0c0>] (platform_drv_probe) from [<c053b160>] (driver_probe_device+0x264/0x474)
      [  102.685186]  r7:00000000 r6:00000000 r5:c1778960 r4:eeaf8c10
      [  102.690876] [<c053aefc>] (driver_probe_device) from [<c05397c4>] (bind_store+0xb8/0x14c)
      [  102.698994]  r10:eeb3bb4c r9:ede34000 r8:0000000c r7:eeaf8c44 r6:bf004128 r5:c0f3b668
      [  102.706840]  r4:eeaf8c10
      [  102.709402] [<c053970c>] (bind_store) from [<c0538ca8>] (drv_attr_store+0x28/0x34)
      [  102.716998]  r9:ede34000 r8:00000000 r7:ee3863c0 r6:ee3863c0 r5:c0538c80 r4:c053970c
      [  102.724776] [<c0538c80>] (drv_attr_store) from [<c029c930>] (sysfs_kf_write+0x50/0x54)
      [  102.732711]  r5:c0538c80 r4:0000000c
      [  102.736313] [<c029c8e0>] (sysfs_kf_write) from [<c029be84>] (kernfs_fop_write+0x100/0x214)
      [  102.744599]  r7:ee3863c0 r6:eeb3bb40 r5:00000000 r4:00000000
      [  102.750287] [<c029bd84>] (kernfs_fop_write) from [<c0222dd8>] (__vfs_write+0x34/0x120)
      [  102.758231]  r10:00000000 r9:ede34000 r8:c0108bc4 r7:0000000c r6:ede35f80 r5:c029bd84
      [  102.766077]  r4:ee223780
      [  102.768638] [<c0222da4>] (__vfs_write) from [<c0224678>] (vfs_write+0xa8/0x170)
      [  102.775974]  r9:ede34000 r8:c0108bc4 r7:ede35f80 r6:01861cb0 r5:ee223780 r4:0000000c
      [  102.783743] [<c02245d0>] (vfs_write) from [<c0225498>] (SyS_write+0x4c/0xa8)
      [  102.790818]  r9:ede34000 r8:c0108bc4 r7:0000000c r6:01861cb0 r5:ee223780 r4:ee223780
      [  102.798595] [<c022544c>] (SyS_write) from [<c0108a20>] (ret_fast_syscall+0x0/0x1c)
      [  102.806188]  r7:00000004 r6:b6e83d58 r5:01861cb0 r4:0000000c
      
      Fixes: 90fccb52 ("usb: gadget: Gadget directory cleanup - group UDC drivers")
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: default avatarPeter Chen <peter.chen@nxp.com>
      Tested-by: default avatarXiaolong Ye <xiaolong.ye@intel.com>
      Reported-by: default avatarFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c73210fd
    • Ethan Zhao's avatar
      PCI: Prevent VPD access for QLogic ISP2722 · b5ea65b2
      Ethan Zhao authored
      commit 0d5370d1 upstream.
      
      QLogic ISP2722-based 16/32Gb Fibre Channel to PCIe Adapter has the VPD
      access issue too, while read the common pci-sysfs access interface shown as
      
       /sys/devices/pci0000:00/0000:00:03.2/0000:0b:00.0/vpd
      
      with simple 'cat' could cause system hang and panic:
      
        Kernel panic - not syncing: An NMI occurred. Depending on your system the reason for the NMI is logged in any one of the following resources:
        1. Integrated Management Log (IML)
        2. OA Syslog
        3. OA Forward Progress Log
        4. iLO Event Log
        CPU: 0 PID: 15070 Comm: udevadm Not tainted 4.1.12
        Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 12/27/2015
         0000000000000086 000000007f0cdf51 ffff880c4fa05d58 ffffffff817193de
         ffffffffa00b42d8 0000000000000075 ffff880c4fa05dd8 ffffffff81714072
         0000000000000008 ffff880c4fa05de8 ffff880c4fa05d88 000000007f0cdf51
        Call Trace:
         <NMI>  [<ffffffff817193de>] dump_stack+0x63/0x81
         [<ffffffff81714072>] panic+0xd0/0x20e
         [<ffffffffa00b390d>] hpwdt_pretimeout+0xdd/0xe0 [hpwdt]
         [<ffffffff81021fc9>] ? sched_clock+0x9/0x10
         [<ffffffff8101c101>] nmi_handle+0x91/0x170
         [<ffffffff8101c10c>] ? nmi_handle+0x9c/0x170
         [<ffffffff8101c5fe>] io_check_error+0x1e/0xa0
         [<ffffffff8101c719>] default_do_nmi+0x99/0x140
         [<ffffffff8101c8b4>] do_nmi+0xf4/0x170
         [<ffffffff817232c5>] end_repeat_nmi+0x1a/0x1e
         [<ffffffff815d724b>] ? pci_conf1_read+0xeb/0x120
         [<ffffffff815d724b>] ? pci_conf1_read+0xeb/0x120
         [<ffffffff815d724b>] ? pci_conf1_read+0xeb/0x120
         <<EOE>>  [<ffffffff815db4b3>] raw_pci_read+0x23/0x40
         [<ffffffff815db4fc>] pci_read+0x2c/0x30
         [<ffffffff8136f612>] pci_user_read_config_word+0x72/0x110
         [<ffffffff8136f746>] pci_vpd_pci22_wait+0x96/0x130
         [<ffffffff8136ff9b>] pci_vpd_pci22_read+0xdb/0x1a0
         [<ffffffff8136ea30>] pci_read_vpd+0x20/0x30
         [<ffffffff8137d590>] read_vpd_attr+0x30/0x40
         [<ffffffff8128e037>] sysfs_kf_bin_read+0x47/0x70
         [<ffffffff8128d24e>] kernfs_fop_read+0xae/0x180
         [<ffffffff8120dd97>] __vfs_read+0x37/0x100
         [<ffffffff812ba7e4>] ? security_file_permission+0x84/0xa0
         [<ffffffff8120e366>] ? rw_verify_area+0x56/0xe0
         [<ffffffff8120e476>] vfs_read+0x86/0x140
         [<ffffffff8120f3f5>] SyS_read+0x55/0xd0
         [<ffffffff81720f2e>] system_call_fastpath+0x12/0x71
        Shutting down cpus with NMI
        Kernel Offset: disabled
        drm_kms_helper: panic occurred, switching back to text console
      
      So blacklist the access to its VPD.
      Signed-off-by: default avatarEthan Zhao <ethan.zhao@oracle.com>
      Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b5ea65b2
    • Balbir Singh's avatar
      powerpc/xics: Work around limitations of OPAL XICS priority handling · 27469baa
      Balbir Singh authored
      commit a69e2fb7 upstream.
      
      The CPPR (Current Processor Priority Register) of a XICS interrupt
      presentation controller contains a value N, such that only interrupts
      with a priority "more favoured" than N will be received by the CPU,
      where "more favoured" means "less than". So if the CPPR has the value 5
      then only interrupts with a priority of 0-4 inclusive will be received.
      
      In theory the CPPR can support a value of 0 to 255 inclusive.
      In practice Linux only uses values of 0, 4, 5 and 0xff. Setting the CPPR
      to 0 rejects all interrupts, setting it to 0xff allows all interrupts.
      The values 4 and 5 are used to differentiate IPIs from external
      interrupts. Setting the CPPR to 5 allows IPIs to be received but not
      external interrupts.
      
      The CPPR emulation in the OPAL XICS implementation only directly
      supports priorities 0 and 0xff. All other priorities are considered
      equivalent, and mapped to a single priority value internally. This means
      when using icp-opal we can not allow IPIs but not externals.
      
      This breaks Linux's use of priority values when a CPU is hot unplugged.
      After migrating IRQs away from the CPU that is being offlined, we set
      the priority to 5, meaning we still want the offline CPU to receive
      IPIs. But the effect of the OPAL XICS emulation's use of a single
      priority value is that all interrupts are rejected by the CPU. With the
      CPU offline, and not receiving IPIs, we may not be able to wake it up to
      bring it back online.
      
      The first part of the fix is in icp_opal_set_cpu_priority(). CPPR values
      of 0 to 4 inclusive will correctly cause all interrupts to be rejected,
      so we pass those CPPR values through to OPAL. However if we are called
      with a CPPR of 5 or greater, the caller is expecting to be able to allow
      IPIs but not external interrupts. We know this doesn't work, so instead
      of rejecting all interrupts we choose the opposite which is to allow all
      interrupts. This is still not correct behaviour, but we know for the
      only existing caller (xics_migrate_irqs_away()), that it is the better
      option.
      
      The other part of the fix is in xics_migrate_irqs_away(). Instead of
      setting priority (CPPR) to 0, and then back to 5 before migrating IRQs,
      we migrate the IRQs before setting the priority back to 5. This should
      have no effect on an ICP backend with a working set_priority(), and on
      icp-opal it means we will keep all interrupts blocked until after we've
      finished doing the IRQ migration. Additionally we wait for 5ms after
      doing the migration to make sure there are no IRQs in flight.
      
      Fixes: d7436188 ("powerpc/xics: Add ICP OPAL backend")
      Suggested-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Reported-by: default avatarVaidyanathan Srinivasan <svaidy@linux.vnet.ibm.com>
      Tested-by: default avatarVaidyanathan Srinivasan <svaidy@linux.vnet.ibm.com>
      Signed-off-by: default avatarBalbir Singh <bsingharora@gmail.com>
      [mpe: Rewrote comments and change log, change delay to 5ms]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      27469baa
    • Laurentiu Tudor's avatar
      powerpc/booke: Fix boot crash due to null hugepd · 74e236a5
      Laurentiu Tudor authored
      commit 3fb66a70 upstream.
      
      On 32-bit book-e machines, hugepd_ok() no longer takes into account null
      hugepd values, causing this crash at boot:
      
        Unable to handle kernel paging request for data at address 0x80000000
        ...
        NIP [c0018378] follow_huge_addr+0x38/0xf0
        LR [c001836c] follow_huge_addr+0x2c/0xf0
        Call Trace:
         follow_huge_addr+0x2c/0xf0 (unreliable)
         follow_page_mask+0x40/0x3e0
         __get_user_pages+0xc8/0x450
         get_user_pages_remote+0x8c/0x250
         copy_strings+0x110/0x390
         copy_strings_kernel+0x2c/0x50
         do_execveat_common+0x478/0x630
         do_execve+0x2c/0x40
         try_to_run_init_process+0x18/0x60
         kernel_init+0xbc/0x110
         ret_from_kernel_thread+0x5c/0x64
      
      This impacts all nxp (ex-freescale) 32-bit booke platforms.
      
      This was caused by the change of hugepd_t.pd from signed to unsigned,
      and the update to the nohash version of hugepd_ok(). Previously
      hugepd_ok() could exclude all non-huge and NULL pgds using > 0, whereas
      now we need to explicitly check that the value is not zero and also that
      PD_HUGE is *clear*.
      
      This isn't protected by the pgd_none() check in __find_linux_pte_or_hugepte()
      because on 32-bit we use pgtable-nopud.h, which causes the pgd_none()
      check to be always false.
      
      Fixes: 20717e1f ("powerpc/mm: Fix little-endian 4K hugetlb")
      Reported-by: default avatarMadalin-Cristian Bucur <madalin.bucur@nxp.com>
      Signed-off-by: default avatarLaurentiu Tudor <laurentiu.tudor@nxp.com>
      [mpe: Flesh out change log details.]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      74e236a5
    • Ravi Bangoria's avatar
      powerpc: Emulation support for load/store instructions on LE · 1006828d
      Ravi Bangoria authored
      commit e148bd17 upstream.
      
      emulate_step() uses a number of underlying kernel functions that were
      initially not enabled for LE. This has been rectified since. So, fix
      emulate_step() for LE for the corresponding instructions.
      Reported-by: default avatarAnton Blanchard <anton@samba.org>
      Signed-off-by: default avatarRavi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1006828d
    • Qi Hou's avatar
      i2c: add missing of_node_put in i2c_mux_del_adapters · 80eae855
      Qi Hou authored
      commit 2e1e4949 upstream.
      
      Refcount of of_node is increased with of_node_get() in i2c_mux_add_adapter().
      It must be decreased with of_node_put() in i2c_mux_del_adapters().
      Signed-off-by: default avatarQi Hou <qi.hou@windriver.com>
      Reviewed-by: default avatarZhang Xiao <xiao.zhang@windriver.com>
      Signed-off-by: default avatarPeter Rosin <peda@axentia.se>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      80eae855
    • Jonathan McDowell's avatar
      dw2102: don't do DMA on stack · be20197d
      Jonathan McDowell authored
      commit 606142af upstream.
      
      On Kernel 4.9, WARNINGs about doing DMA on stack are hit at
      the dw2102 driver: one in su3000_power_ctrl() and the other in tt_s2_4600_frontend_attach().
      
      Both were due to the use of buffers on the stack as parameters to
      dvb_usb_generic_rw() and the resulting attempt to do DMA with them.
      
      The device was non-functional as a result.
      
      So, switch this driver over to use a buffer within the device state
      structure, as has been done with other DVB-USB drivers.
      
      Tested with TechnoTrend TT-connect S2-4600.
      
      [mchehab@osg.samsung.com: fixed a warning at su3000_i2c_transfer() that
       state var were dereferenced before check 'd']
      Signed-off-by: default avatarJonathan McDowell <noodles@earth.li>
      Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      be20197d
    • Ard Biesheuvel's avatar
      efi/arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y · 7399dec2
      Ard Biesheuvel authored
      commit d1eb9814 upstream.
      
      On ARM and arm64, we use a dedicated mm_struct to map the UEFI
      Runtime Services regions, which allows us to map those regions
      on demand, and in a way that is guaranteed to be compatible
      with incoming kernels across kexec.
      
      As it turns out, we don't fully initialize the mm_struct in the
      same way as process mm_structs are initialized on fork(), which
      results in the following crash on ARM if CONFIG_CPUMASK_OFFSTACK=y
      is enabled:
      
        ...
        EFI Variables Facility v0.08 2004-May-17
        Unable to handle kernel NULL pointer dereference at virtual address 00000000
        [...]
        Process swapper/0 (pid: 1)
        ...
        __memzero()
        check_and_switch_context()
        virt_efi_get_next_variable()
        efivar_init()
        efivars_sysfs_init()
        do_one_initcall()
        ...
      
      This is due to a missing call to mm_init_cpumask(), so add it.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-efi@vger.kernel.org
      Link: http://lkml.kernel.org/r/1488395154-29786-1-git-send-email-ard.biesheuvel@linaro.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7399dec2
    • Eric W. Biederman's avatar
      ucount: Remove the atomicity from ucount->count · da603aad
      Eric W. Biederman authored
      commit 040757f7 upstream.
      
      Always increment/decrement ucount->count under the ucounts_lock.  The
      increments are there already and moving the decrements there means the
      locking logic of the code is simpler.  This simplification in the
      locking logic fixes a race between put_ucounts and get_ucounts that
      could result in a use-after-free because the count could go zero then
      be found by get_ucounts and then be freed by put_ucounts.
      
      A bug presumably this one was found by a combination of syzkaller and
      KASAN.  JongWhan Kim reported the syzkaller failure and Dmitry Vyukov
      spotted the race in the code.
      
      Fixes: f6b2db1a ("userns: Make the count of user namespaces per user")
      Reported-by: default avatarJongHwan Kim <zzoru007@gmail.com>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Reviewed-by: default avatarAndrei Vagin <avagin@gmail.com>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      da603aad
    • Rik van Riel's avatar
      tracing: Add #undef to fix compile error · b7e9ef5c
      Rik van Riel authored
      commit bf7165cf upstream.
      
      There are several trace include files that define TRACE_INCLUDE_FILE.
      
      Include several of them in the same .c file (as I currently have in
      some code I am working on), and the compile will blow up with a
      "warning: "TRACE_INCLUDE_FILE" redefined #define TRACE_INCLUDE_FILE syscalls"
      
      Every other include file in include/trace/events/ avoids that issue
      by having a #undef TRACE_INCLUDE_FILE before the #define; syscalls.h
      should have one, too.
      
      Link: http://lkml.kernel.org/r/20160928225554.13bd7ac6@annuminas.surriel.com
      
      Fixes: b8007ef7 ("tracing: Separate raw syscall from syscall tracer")
      Signed-off-by: default avatarRik van Riel <riel@redhat.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b7e9ef5c
    • Stefan Wahren's avatar
      i2c: bcm2835: Avoid possible NULL ptr dereference · 3eded4f5
      Stefan Wahren authored
      commit ababb089 upstream.
      
      Since commit e2474541 ("bcm2835: Fix hang for writing messages
      larger than 16 bytes") the interrupt handler is prone to a possible
      NULL pointer dereference. This could happen if an interrupt fires
      before curr_msg is set by bcm2835_i2c_xfer_msg() and randomly occurs
      on the RPi 3. Even this is an unexpected behavior the driver must
      handle that with an error instead of a crash.
      Reported-by: default avatarPeter Robinson <pbrobinson@gmail.com>
      Fixes: e2474541 ("bcm2835: Fix hang for writing messages larger than 16 bytes")
      Signed-off-by: default avatarStefan Wahren <stefan.wahren@i2se.com>
      Acked-by: default avatarNoralf Trønnes <noralf@tronnes.org>
      Signed-off-by: default avatarWolfram Sang <wsa@the-dreams.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3eded4f5
    • Arnd Bergmann's avatar
      MIPS: ralink: Remove unused rt*_wdt_reset functions · 393be4bc
      Arnd Bergmann authored
      commit 886f9c69 upstream.
      
      All pointers to these functions were removed, so now they produce
      warnings:
      
      arch/mips/ralink/rt305x.c:92:13: error: 'rt305x_wdt_reset' defined but not used [-Werror=unused-function]
      
      This removes the functions. If we need them again, the patch can be
      reverted later.
      
      Fixes: f576fb6a ("MIPS: ralink: cleanup the soc specific pinmux data")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: John Crispin <john@phrozen.org>
      Cc: Colin Ian King <colin.king@canonical.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15044/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      393be4bc
    • Arnd Bergmann's avatar
      MIPS: ralink: Remove unused timer functions · 4ddb085a
      Arnd Bergmann authored
      commit d92240d1 upstream.
      
      The functions were originally used for the module unload path,
      but are not referenced any more and just cause warnings:
      
      arch/mips/ralink/timer.c:104:13: error: 'rt_timer_disable' defined but not used [-Werror=unused-function]
      arch/mips/ralink/timer.c:74:13: error: 'rt_timer_free' defined but not used [-Werror=unused-function]
      
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Fixes: 62ee73d2 ("MIPS: ralink: Make timer explicitly non-modular")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: John Crispin <john@phrozen.org>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15041/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4ddb085a
    • John Crispin's avatar
      MIPS: ralink: Cosmetic change to prom_init(). · e1d9f759
      John Crispin authored
      commit 9c48568b upstream.
      
      Over the years the code has been changed various times leading to
      argc/argv being defined in a different function to where we actually
      use the variables. Clean this up by moving them to prom_init_cmdline().
      Signed-off-by: default avatarJohn Crispin <john@phrozen.org>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14902/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e1d9f759
    • Arnd Bergmann's avatar
      mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy · 02b210c1
      Arnd Bergmann authored
      commit 906b2684 upstream.
      
      kernelci.org reports a warning for this driver, as it copies a local
      variable into a 'const char *' string:
      
          drivers/mtd/maps/pmcmsp-flash.c:149:30: warning: passing argument 1 of 'strncpy' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
      
      Using kstrndup() simplifies the code and avoids the warning.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarMarek Vasut <marek.vasut@gmail.com>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      02b210c1
    • Arnd Bergmann's avatar
      MIPS: Update lemote2f_defconfig for CPU_FREQ_STAT change · ee9cc4c5
      Arnd Bergmann authored
      commit b3f60461 upstream.
      
      Since linux-4.8, CPU_FREQ_STAT is a bool symbol, causing a warning in
      kernelci.org:
      
      arch/mips/configs/lemote2f_defconfig:42:warning: symbol value 'm' invalid for CPU_FREQ_STAT
      
      This updates the defconfig to have the feature built-in.
      
      Fixes: 1aefc75b ("cpufreq: stats: Make the stats code non-modular")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15000/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ee9cc4c5
    • Arnd Bergmann's avatar
      MIPS: ip22: Fix ip28 build for modern gcc · 9ad686e6
      Arnd Bergmann authored
      commit 23ca9b52 upstream.
      
      kernelci reports a failure of the ip28_defconfig build after upgrading its
      gcc version:
      
      arch/mips/sgi-ip22/Platform:29: *** gcc doesn't support needed option -mr10k-cache-barrier=store.  Stop.
      
      The problem apparently is that the -mr10k-cache-barrier=store option is now
      rejected for CPUs other than r10k. Explicitly including the CPU in the
      check fixes this and is safe because both options were introduced in
      gcc-4.4.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15049/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9ad686e6
    • Arnd Bergmann's avatar
      MIPS: Update ip27_defconfig for SCSI_DH change · 715bb84b
      Arnd Bergmann authored
      commit ea58fca1 upstream.
      
      Since linux-4.3, SCSI_DH is a bool symbol, causing a warning in
      kernelci.org:
      
      arch/mips/configs/ip27_defconfig:136:warning: symbol value 'm' invalid for SCSI_DH
      
      This updates the defconfig to have the feature built-in.
      
      Fixes: 086b91d0 ("scsi_dh: integrate into the core SCSI code")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15001/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      715bb84b
    • Arnd Bergmann's avatar
      MIPS: ip27: Disable qlge driver in defconfig · b57e5d5d
      Arnd Bergmann authored
      commit b6176494 upstream.
      
      One of the last remaining failures in kernelci.org is for a gcc bug:
      
      drivers/net/ethernet/qlogic/qlge/qlge_main.c:4819:1: error: insn does not satisfy its constraints:
      drivers/net/ethernet/qlogic/qlge/qlge_main.c:4819:1: internal compiler error: in extract_constrain_insn, at recog.c:2190
      
      This is apparently broken in gcc-6 but fixed in gcc-7, and I cannot
      reproduce the problem here. However, it is clear that ip27_defconfig
      does not actually need this driver as the platform has only PCI-X but
      not PCIe, and the qlge adapter in turn is PCIe-only.
      
      The driver was originally enabled in 2010 along with lots of other
      drivers.
      
      Fixes: 59d302b3 ("MIPS: IP27: Make defconfig useful again.")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15197/Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b57e5d5d
    • Arnd Bergmann's avatar
      MIPS: VDSO: avoid duplicate CAC_BASE definition · 2260890b
      Arnd Bergmann authored
      commit 1742ac26 upstream.
      
      vdso.h includes <spaces.h> implicitly after defining CONFIG_32BITS.
      This defeats the override in mach-ip27/spaces.h, leading to
      a build error that shows up in kernelci.org:
      
      In file included from arch/mips/include/asm/mach-ip27/spaces.h:29:0,
                       from arch/mips/include/asm/page.h:12,
                       from arch/mips/vdso/vdso.h:26,
                       from arch/mips/vdso/gettimeofday.c:11:
      arch/mips/include/asm/mach-generic/spaces.h:28:0: error: "CAC_BASE" redefined [-Werror]
       #define CAC_BASE  _AC(0x80000000, UL)
      
      An earlier patch tried to make the second definition conditional,
      but that patch had the #ifdef in the wrong place, and would lead
      to another warning:
      
      arch/mips/include/asm/io.h: In function 'phys_to_virt':
      arch/mips/include/asm/io.h:138:9: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
      
      For all I can tell, there is no other reason than vdso32 to ever
      include this file with CONFIG_32BITS set, and the vdso itself should
      never refer to the base addresses as it is running in user space,
      so adding an #ifdef here is safe.
      
      Link: https://patchwork.kernel.org/patch/9418187/
      Fixes: 3ffc17d8 ("MIPS: Adjust MIPS64 CAC_BASE to reflect Config.K0")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/15039/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2260890b
    • Arnd Bergmann's avatar
      MIPS: Update defconfigs for NF_CT_PROTO_DCCP/UDPLITE change · d2b0d01a
      Arnd Bergmann authored
      commit 9ddc16ad upstream.
      
      In linux-4.10-rc, NF_CT_PROTO_UDPLITE and NF_CT_PROTO_DCCP are bool
      symbols instead of tristate, and kernelci.org reports a bunch of
      warnings for this, like:
      
      arch/mips/configs/malta_kvm_guest_defconfig:63:warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE
      arch/mips/configs/malta_defconfig:62:warning: symbol value 'm' invalid for NF_CT_PROTO_DCCP
      arch/mips/configs/malta_defconfig:63:warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE
      arch/mips/configs/ip22_defconfig:70:warning: symbol value 'm' invalid for NF_CT_PROTO_DCCP
      arch/mips/configs/ip22_defconfig:71:warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE
      
      This changes all the MIPS defconfigs with these symbols to have them
      built-in.
      
      Fixes: 9b91c96c ("netfilter: conntrack: built-in support for UDPlite")
      Fixes: c51d3901 ("netfilter: conntrack: built-in support for DCCP")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14999/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d2b0d01a
    • Arnd Bergmann's avatar
      crypto: improve gcc optimization flags for serpent and wp512 · aab419fc
      Arnd Bergmann authored
      commit 7d6e9105 upstream.
      
      An ancient gcc bug (first reported in 2003) has apparently resurfaced
      on MIPS, where kernelci.org reports an overly large stack frame in the
      whirlpool hash algorithm:
      
      crypto/wp512.c:987:1: warning: the frame size of 1112 bytes is larger than 1024 bytes [-Wframe-larger-than=]
      
      With some testing in different configurations, I'm seeing large
      variations in stack frames size up to 1500 bytes for what should have
      around 300 bytes at most. I also checked the reference implementation,
      which is essentially the same code but also comes with some test and
      benchmarking infrastructure.
      
      It seems that recent compiler versions on at least arm, arm64 and powerpc
      have a partial fix for this problem, but enabling "-fsched-pressure", but
      even with that fix they suffer from the issue to a certain degree. Some
      testing on arm64 shows that the time needed to hash a given amount of
      data is roughly proportional to the stack frame size here, which makes
      sense given that the wp512 implementation is doing lots of loads for
      table lookups, and the problem with the overly large stack is a result
      of doing a lot more loads and stores for spilled registers (as seen from
      inspecting the object code).
      
      Disabling -fschedule-insns consistently fixes the problem for wp512,
      in my collection of cross-compilers, the results are consistently better
      or identical when comparing the stack sizes in this function, though
      some architectures (notable x86) have schedule-insns disabled by
      default.
      
      The four columns are:
      default: -O2
      press:	 -O2 -fsched-pressure
      nopress: -O2 -fschedule-insns -fno-sched-pressure
      nosched: -O2 -no-schedule-insns (disables sched-pressure)
      
      				default	press	nopress	nosched
      alpha-linux-gcc-4.9.3		1136	848	1136	176
      am33_2.0-linux-gcc-4.9.3	2100	2076	2100	2104
      arm-linux-gnueabi-gcc-4.9.3	848	848	1048	352
      cris-linux-gcc-4.9.3		272	272	272	272
      frv-linux-gcc-4.9.3		1128	1000	1128	280
      hppa64-linux-gcc-4.9.3		1128	336	1128	184
      hppa-linux-gcc-4.9.3		644	308	644	276
      i386-linux-gcc-4.9.3		352	352	352	352
      m32r-linux-gcc-4.9.3		720	656	720	268
      microblaze-linux-gcc-4.9.3	1108	604	1108	256
      mips64-linux-gcc-4.9.3		1328	592	1328	208
      mips-linux-gcc-4.9.3		1096	624	1096	240
      powerpc64-linux-gcc-4.9.3	1088	432	1088	160
      powerpc-linux-gcc-4.9.3		1080	584	1080	224
      s390-linux-gcc-4.9.3		456	456	624	360
      sh3-linux-gcc-4.9.3		292	292	292	292
      sparc64-linux-gcc-4.9.3		992	240	992	208
      sparc-linux-gcc-4.9.3		680	592	680	312
      x86_64-linux-gcc-4.9.3		224	240	272	224
      xtensa-linux-gcc-4.9.3		1152	704	1152	304
      
      aarch64-linux-gcc-7.0.0		224	224	1104	208
      arm-linux-gnueabi-gcc-7.0.1	824	824	1048	352
      mips-linux-gcc-7.0.0		1120	648	1120	272
      x86_64-linux-gcc-7.0.1		240	240	304	240
      
      arm-linux-gnueabi-gcc-4.4.7	840			392
      arm-linux-gnueabi-gcc-4.5.4	784	728	784	320
      arm-linux-gnueabi-gcc-4.6.4	736	728	736	304
      arm-linux-gnueabi-gcc-4.7.4	944	784	944	352
      arm-linux-gnueabi-gcc-4.8.5	464	464	760	352
      arm-linux-gnueabi-gcc-4.9.3	848	848	1048	352
      arm-linux-gnueabi-gcc-5.3.1	824	824	1064	336
      arm-linux-gnueabi-gcc-6.1.1	808	808	1056	344
      arm-linux-gnueabi-gcc-7.0.1	824	824	1048	352
      
      Trying the same test for serpent-generic, the picture is a bit different,
      and while -fno-schedule-insns is generally better here than the default,
      -fsched-pressure wins overall, so I picked that instead.
      
      				default	press	nopress	nosched
      alpha-linux-gcc-4.9.3		1392	864	1392	960
      am33_2.0-linux-gcc-4.9.3	536	524	536	528
      arm-linux-gnueabi-gcc-4.9.3	552	552	776	536
      cris-linux-gcc-4.9.3		528	528	528	528
      frv-linux-gcc-4.9.3		536	400	536	504
      hppa64-linux-gcc-4.9.3		524	208	524	480
      hppa-linux-gcc-4.9.3		768	472	768	508
      i386-linux-gcc-4.9.3		564	564	564	564
      m32r-linux-gcc-4.9.3		712	576	712	532
      microblaze-linux-gcc-4.9.3	724	392	724	512
      mips64-linux-gcc-4.9.3		720	384	720	496
      mips-linux-gcc-4.9.3		728	384	728	496
      powerpc64-linux-gcc-4.9.3	704	304	704	480
      powerpc-linux-gcc-4.9.3		704	296	704	480
      s390-linux-gcc-4.9.3		560	560	592	536
      sh3-linux-gcc-4.9.3		540	540	540	540
      sparc64-linux-gcc-4.9.3		544	352	544	496
      sparc-linux-gcc-4.9.3		544	344	544	496
      x86_64-linux-gcc-4.9.3		528	536	576	528
      xtensa-linux-gcc-4.9.3		752	544	752	544
      
      aarch64-linux-gcc-7.0.0		432	432	656	480
      arm-linux-gnueabi-gcc-7.0.1	616	616	808	536
      mips-linux-gcc-7.0.0		720	464	720	488
      x86_64-linux-gcc-7.0.1		536	528	600	536
      
      arm-linux-gnueabi-gcc-4.4.7	592			440
      arm-linux-gnueabi-gcc-4.5.4	776	448	776	544
      arm-linux-gnueabi-gcc-4.6.4	776	448	776	544
      arm-linux-gnueabi-gcc-4.7.4	768	448	768	544
      arm-linux-gnueabi-gcc-4.8.5	488	488	776	544
      arm-linux-gnueabi-gcc-4.9.3	552	552	776	536
      arm-linux-gnueabi-gcc-5.3.1	552	552	776	536
      arm-linux-gnueabi-gcc-6.1.1	560	560	776	536
      arm-linux-gnueabi-gcc-7.0.1	616	616	808	536
      
      I did not do any runtime tests with serpent, so it is possible that stack
      frame size does not directly correlate with runtime performance here and
      it actually makes things worse, but it's more likely to help here, and
      the reduced stack frame size is probably enough reason to apply the patch,
      especially given that the crypto code is often used in deep call chains.
      
      Link: https://kernelci.org/build/id/58797d7559b5149efdf6c3a9/logs/
      Link: http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html
      Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=11488
      Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      aab419fc