1. 26 Mar, 2015 40 commits
    • Doug Anderson's avatar
      regulator: rk808: Set the enable time for LDOs · c683a410
      Doug Anderson authored
      commit 28249b0c upstream.
      
      The LDOs are documented in the rk808 datasheet to have a soft start
      time of 400us.  Add that to the driver.  If this time takes longer on
      a certain board the device tree should be able to override with
      "regulator-enable-ramp-delay".
      
      This fixes some dw_mmc probing problems (together with other patches
      posted to the mmc maiing lists) on rk3288.
      Signed-off-by: default avatarDoug Anderson <dianders@chromium.org>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c683a410
    • Fugang Duan's avatar
      net: fec: fix rcv is not last issue when do suspend/resume test · 8b86cf38
      Fugang Duan authored
      commit 61615cd2 upstream.
      
      When do suspend/resume stress test, some log shows "rcv is not +last".
      The issue is that enet suspend will disable phy clock, phy link down,
      after resume back, enet MAC redo initial and ready to tx/rx packet,
      but phy still is not ready which is doing auto-negotiation. When phy
      link is not up, don't schdule napi soft irq.
      
      [Peter]
      It has fixed kernel panic after long time suspend/resume test
      with nfs rootfs.
      
      [ 8864.429458] fec 2188000.ethernet eth0: rcv is not +last
      [ 8864.434799] fec 2188000.ethernet eth0: rcv is not +last
      [ 8864.440088] fec 2188000.ethernet eth0: rcv is not +last
      [ 8864.445424] fec 2188000.ethernet eth0: rcv is not +last
      [ 8864.450782] fec 2188000.ethernet eth0: rcv is not +last
      [ 8864.456111] Unable to handle kernel NULL pointer dereference at virtual address 00000000
      [ 8864.464225] pgd = 80004000
      [ 8864.466997] [00000000] *pgd=00000000
      [ 8864.470627] Internal error: Oops: 17 [#1] SMP ARM
      [ 8864.475353] Modules linked in: evbug
      [ 8864.479006] CPU: 0 PID: 3 Comm: ksoftirqd/0 Not tainted 4.0.0-rc1-00044-g7a2a1d2 #234
      [ 8864.486854] Hardware name: Freescale i.MX6 SoloX (Device Tree)
      [ 8864.492709] task: be069380 ti: be07a000 task.ti: be07a000
      [ 8864.498137] PC is at memcpy+0x80/0x330
      [ 8864.501919] LR is at gro_pull_from_frag0+0x34/0xa8
      [ 8864.506735] pc : [<802bb080>]    lr : [<8057c204>]    psr: 00000113
      [ 8864.506735] sp : be07bbd4  ip : 00000010  fp : be07bc0c
      [ 8864.518235] r10: 0000000e  r9 : 00000000  r8 : 809c7754
      [ 8864.523479] r7 : 809c7754  r6 : bb43c040  r5 : bd280cc0  r4 : 00000012
      [ 8864.530025] r3 : 00000804  r2 : fffffff2  r1 : 00000000  r0 : bb43b83c
      [ 8864.536575] Flags: nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
      [ 8864.543904] Control: 10c5387d  Table: bd14c04a  DAC: 00000015
      [ 8864.549669] Process ksoftirqd/0 (pid: 3, stack limit = 0xbe07a210)
      [ 8864.555869] Stack: (0xbe07bbd4 to 0xbe07c000)
      [ 8864.560250] bbc0:                                              bd280cc0 bb43c040 809c7754
      [ 8864.568455] bbe0: 809c7754 bb43b83c 00000012 8057c204 00000000 bd280cc0 bd8a0718 00000003
      [ 8864.576658] bc00: be07bc5c be07bc10 8057ebf0 8057c1dc 00000000 00000000 8057ecc4 bef59760
      [ 8864.584863] bc20: 00000002 bd8a0000 be07bc64 809c7754 00000000 bd8a0718 bd280cc0 bd8a0000
      [ 8864.593066] bc40: 00000000 0000001c 00000000 bd8a0000 be07bc74 be07bc60 8057f148 8057eb90
      [ 8864.601268] bc60: bf0810a0 00000000 be07bcf4 be07bc78 8044e7b4 8057f12c 00000000 8007df6c
      [ 8864.609470] bc80: bd8a0718 00000040 00000000 bd280a80 00000002 00000019 bd8a0600 bd8a1214
      [ 8864.617672] bca0: bd8a0690 bf0810a0 00000000 00000000 bd8a1000 00000000 00000027 bd280cc0
      [ 8864.625874] bcc0: 80062708 800625cc 000943db bd8a0718 00000001 000d1166 00000040 be7c1ec0
      [ 8864.634077] bce0: 0000012c be07bd00 be07bd3c be07bcf8 8057fc98 8044e3ac 809c2ec0 3ddff000
      [ 8864.642280] bd00: be07bd00 be07bd00 be07bd08 be07bd08 00000000 00000020 809c608c 00000003
      [ 8864.650481] bd20: 809c6080 40000001 809c6088 00200100 be07bd84 be07bd40 8002e690 8057fac8
      [ 8864.658684] bd40: be07bd64 be07bd50 00000001 04208040 000d1165 0000000a be07bd84 809c0d7c
      [ 8864.666885] bd60: 00000000 809c6af8 00000000 00000001 be008000 00000000 be07bd9c be07bd88
      [ 8864.675087] bd80: 8002eb64 8002e564 00000125 809c0d7c be07bdc4 be07bda0 8006f100 8002eaac
      [ 8864.683291] bda0: c080e10c be07bde8 809c6c6c c080e100 00000002 00000000 be07bde4 be07bdc8
      [ 8864.691492] bdc0: 800087a0 8006f098 806f2934 20000013 ffffffff be07be1c be07be44 be07bde8
      [ 8864.699695] bde0: 800133a4 80008784 00000001 00000001 00000000 00000000 be7c1680 00000000
      [ 8864.707896] be00: be0cfe00 bd93eb40 00000002 00000000 00000000 be07be44 be07be00 be07be30
      [ 8864.716098] be20: 8006278c 806f2934 20000013 ffffffff be069380 be7c1680 be07be7c be07be48
      [ 8864.724300] be40: 80049cfc 806f2910 00000001 00000000 80049cb4 00000000 be07be7c be7c1680
      [ 8864.732502] be60: be3289c0 be069380 bd23b600 be0cfe00 be07bebc be07be80 806ed614 80049c68
      [ 8864.740706] be80: be07a000 0000020a 809c608c 00000003 00000001 8002e858 be07a000 be035740
      [ 8864.748907] bea0: 00000000 00000001 809d4598 00000000 be07bed4 be07bec0 806edd0c 806ed440
      [ 8864.757110] bec0: be07a000 be07a000 be07bee4 be07bed8 806edd68 806edcf0 be07bef4 be07bee8
      [ 8864.765311] bee0: 8002e860 806edd34 be07bf24 be07bef8 800494b0 8002e828 be069380 00000000
      [ 8864.773512] bf00: be035780 be035740 8004938c 00000000 00000000 00000000 be07bfac be07bf28
      [ 8864.781715] bf20: 80045928 80049398 be07bf44 00000001 00000000 be035740 00000000 00030003
      [ 8864.789917] bf40: dead4ead ffffffff ffffffff 80a2716c 80b59b00 00000000 8088c954 be07bf5c
      [ 8864.798120] bf60: be07bf5c 00000000 00000000 dead4ead ffffffff ffffffff 80a2716c 00000000
      [ 8864.806320] bf80: 00000000 8088c954 be07bf88 be07bf88 be035780 8004584c 00000000 00000000
      [ 8864.814523] bfa0: 00000000 be07bfb0 8000ed10 80045858 00000000 00000000 00000000 00000000
      [ 8864.822723] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
      [ 8864.830925] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000 5ffbb5f7 f9fcf5e7
      [ 8864.839115] Backtrace:
      [ 8864.841631] [<8057c1d0>] (gro_pull_from_frag0) from [<8057ebf0>] (dev_gro_receive+0x6c/0x3f8)
      [ 8864.850173]  r6:00000003 r5:bd8a0718 r4:bd280cc0 r3:00000000
      [ 8864.855958] [<8057eb84>] (dev_gro_receive) from [<8057f148>] (napi_gro_receive+0x28/0xac)
      [ 8864.864152]  r10:bd8a0000 r9:00000000 r8:0000001c r7:00000000 r6:bd8a0000 r5:bd280cc0
      [ 8864.872115]  r4:bd8a0718
      [ 8864.874713] [<8057f120>] (napi_gro_receive) from [<8044e7b4>] (fec_enet_rx_napi+0x414/0xc74)
      [ 8864.883167]  r5:00000000 r4:bf0810a0
      [ 8864.886823] [<8044e3a0>] (fec_enet_rx_napi) from [<8057fc98>] (net_rx_action+0x1dc/0x2ec)
      [ 8864.895016]  r10:be07bd00 r9:0000012c r8:be7c1ec0 r7:00000040 r6:000d1166 r5:00000001
      [ 8864.902982]  r4:bd8a0718
      [ 8864.905570] [<8057fabc>] (net_rx_action) from [<8002e690>] (__do_softirq+0x138/0x2c4)
      [ 8864.913417]  r10:00200100 r9:809c6088 r8:40000001 r7:809c6080 r6:00000003 r5:809c608c
      [ 8864.921382]  r4:00000020
      [ 8864.923966] [<8002e558>] (__do_softirq) from [<8002eb64>] (irq_exit+0xc4/0x138)
      [ 8864.931289]  r10:00000000 r9:be008000 r8:00000001 r7:00000000 r6:809c6af8 r5:00000000
      [ 8864.939252]  r4:809c0d7c
      [ 8864.941841] [<8002eaa0>] (irq_exit) from [<8006f100>] (__handle_domain_irq+0x74/0xe8)
      [ 8864.949688]  r4:809c0d7c r3:00000125
      [ 8864.953342] [<8006f08c>] (__handle_domain_irq) from [<800087a0>] (gic_handle_irq+0x28/0x68)
      [ 8864.961707]  r9:00000000 r8:00000002 r7:c080e100 r6:809c6c6c r5:be07bde8 r4:c080e10c
      [ 8864.969597] [<80008778>] (gic_handle_irq) from [<800133a4>] (__irq_svc+0x44/0x5c)
      [ 8864.977097] Exception stack(0xbe07bde8 to 0xbe07be30)
      [ 8864.982173] bde0:                   00000001 00000001 00000000 00000000 be7c1680 00000000
      [ 8864.990377] be00: be0cfe00 bd93eb40 00000002 00000000 00000000 be07be44 be07be00 be07be30
      [ 8864.998573] be20: 8006278c 806f2934 20000013 ffffffff
      [ 8865.003638]  r7:be07be1c r6:ffffffff r5:20000013 r4:806f2934
      [ 8865.009447] [<806f2904>] (_raw_spin_unlock_irq) from [<80049cfc>] (finish_task_switch+0xa0/0x160)
      [ 8865.018334]  r4:be7c1680 r3:be069380
      [ 8865.021993] [<80049c5c>] (finish_task_switch) from [<806ed614>] (__schedule+0x1e0/0x5dc)
      [ 8865.030098]  r8:be0cfe00 r7:bd23b600 r6:be069380 r5:be3289c0 r4:be7c1680
      [ 8865.036942] [<806ed434>] (__schedule) from [<806edd0c>] (preempt_schedule_common+0x28/0x44)
      [ 8865.045307]  r9:00000000 r8:809d4598 r7:00000001 r6:00000000 r5:be035740 r4:be07a000
      [ 8865.053197] [<806edce4>] (preempt_schedule_common) from [<806edd68>] (_cond_resched+0x40/0x48)
      [ 8865.061822]  r4:be07a000 r3:be07a000
      [ 8865.065472] [<806edd28>] (_cond_resched) from [<8002e860>] (run_ksoftirqd+0x44/0x64)
      [ 8865.073252] [<8002e81c>] (run_ksoftirqd) from [<800494b0>] (smpboot_thread_fn+0x124/0x190)
      [ 8865.081550] [<8004938c>] (smpboot_thread_fn) from [<80045928>] (kthread+0xdc/0xf8)
      [ 8865.089133]  r10:00000000 r9:00000000 r8:00000000 r7:8004938c r6:be035740 r5:be035780
      [ 8865.097097]  r4:00000000 r3:be069380
      [ 8865.100752] [<8004584c>] (kthread) from [<8000ed10>] (ret_from_fork+0x14/0x24)
      [ 8865.107990]  r7:00000000 r6:00000000 r5:8004584c r4:be035780
      [ 8865.113767] Code: e320f000 e4913004 e4914004 e4915004 (e4916004)
      [ 8865.120006] ---[ end trace b0a4c6bd499288ca ]---
      [ 8865.124697] Kernel panic - not syncing: Fatal exception in interrupt
      [ 8865.131084] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
      Tested-by: default avatarPeter Chen <peter.chen@freescale.com>
      Signed-off-by: default avatarPeter Chen <peter.chen@freescale.com>
      Signed-off-by: default avatarFugang Duan <B38611@freescale.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8b86cf38
    • Brian King's avatar
      bnx2x: Force fundamental reset for EEH recovery · 4f500c93
      Brian King authored
      commit da293700 upstream.
      
      EEH recovery for bnx2x based adapters is not reliable on all Power
      systems using the default hot reset, which can result in an
      unrecoverable EEH error. Forcing the use of fundamental reset
      during EEH recovery fixes this.
      Signed-off-by: default avatarBrian King <brking@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4f500c93
    • Maxime Ripard's avatar
      mtd: nand: pxa3xx: Fix PIO FIFO draining · e93d9bd1
      Maxime Ripard authored
      commit 8dad0386 upstream.
      
      The NDDB register holds the data that are needed by the read and write
      commands.
      
      However, during a read PIO access, the datasheet specifies that after each 32
      bytes read in that register, when BCH is enabled, we have to make sure that the
      RDDREQ bit is set in the NDSR register.
      
      This fixes an issue that was seen on the Armada 385, and presumably other mvebu
      SoCs, when a read on a newly erased page would end up in the driver reporting a
      timeout from the NAND.
      Signed-off-by: default avatarMaxime Ripard <maxime.ripard@free-electrons.com>
      Reviewed-by: default avatarBoris Brezillon <boris.brezillon@free-electrons.com>
      Acked-by: default avatarEzequiel Garcia <ezequiel.garcia@free-electrons.com>
      Signed-off-by: default avatarBrian Norris <computersforpeace@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e93d9bd1
    • Takashi Iwai's avatar
      ALSA: hda - Treat stereo-to-mono mix properly · 03fa7bb8
      Takashi Iwai authored
      commit cc261738 upstream.
      
      The commit [ef403edb: ALSA: hda - Don't access stereo amps for
      mono channel widgets] fixed the handling of mono widgets in general,
      but it still misses an exceptional case: namely, a mono mixer widget
      taking a single stereo input.  In this case, it has stereo volumes
      although it's a mono widget, and thus we have to take care of both
      left and right input channels, as stated in HD-audio spec ("7.1.3
      Widget Interconnection Rules").
      
      This patch covers this missing piece by adding proper checks of stereo
      amps in both the generic parser and the proc output codes.
      Reported-by: default avatarRaymond Yau <superquad.vortex2@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      03fa7bb8
    • Takashi Iwai's avatar
      ALSA: hda - Fix regression of HD-audio controller fallback modes · 6bbe2bea
      Takashi Iwai authored
      commit a1f3f1ca upstream.
      
      The commit [63e51fd7: ALSA: hda - Don't take unresponsive D3
      transition too serious] introduced a conditional fallback behavior to
      the HD-audio controller depending on the flag set.  However, it
      introduced a silly bug, too, that the flag was evaluated in a reverse
      way.  This resulted in a regression of HD-audio controller driver
      where it can't go to the fallback mode at communication errors.
      
      Unfortunately (or fortunately?) this didn't come up until recently
      because the affected code path is an error handling that happens only
      on an unstable hardware chip.  Most of recent chips work stably, thus
      they didn't hit this problem.  Now, we've got a regression report with
      a VIA chip, and this seems indeed requiring the fallback to the
      polling mode, and finally the bug was revealed.
      
      The fix is a oneliner to remove the wrong logical NOT in the check.
      (Lesson learned - be careful about double negation.)
      
      The bug should be backported to stable, but the patch won't be
      applicable to 3.13 or earlier because of the code splits.  The stable
      fix patches for earlier kernels will be posted later manually.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94021
      Fixes: 63e51fd7 ('ALSA: hda - Don't take unresponsive D3 transition too serious')
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6bbe2bea
    • Takashi Iwai's avatar
      ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic · c8bdcd4c
      Takashi Iwai authored
      commit 2ddee91a upstream.
      
      MacBook Air 5,2 has the same problem as MacBook Pro 8,1 where the
      built-in mic records only the right channel.  Apply the same
      workaround as MBP8,1 to spread the mono channel via a Cirrus codec
      vendor-specific COEF setup.
      Reported-and-tested-by: default avatarVasil Zlatanov <vasil.zlatanov@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c8bdcd4c
    • Takashi Iwai's avatar
      ALSA: hda - Set single_adc_amp flag for CS420x codecs · 3718eb97
      Takashi Iwai authored
      commit bad994f5 upstream.
      
      CS420x codecs seem to deal only the single amps of ADC nodes even
      though the nodes receive multiple inputs.  This leads to the
      inconsistent amp value after S3/S4 resume, for example.
      
      The fix is just to set codec->single_adc_amp flag.  Then the driver
      handles these ADC amps as if single connections.
      Reported-and-tested-by: default avatarVasil Zlatanov <vasil.zlatanov@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3718eb97
    • Takashi Iwai's avatar
      ALSA: hda - Don't access stereo amps for mono channel widgets · 7ebbfe77
      Takashi Iwai authored
      commit ef403edb upstream.
      
      The current HDA generic parser initializes / modifies the amp values
      always in stereo, but this seems causing the problem on ALC3229 codec
      that has a few mono channel widgets: namely, these mono widgets react
      to actions for both channels equally.
      
      In the driver code, we do care the mono channel and create a control
      only for the left channel (as defined in HD-audio spec) for such a
      node.  When the control is updated, only the left channel value is
      changed.  However, in the resume, the right channel value is also
      restored from the initial value we took as stereo, and this overwrites
      the left channel value.  This ends up being the silent output as the
      right channel has been never touched and remains muted.
      
      This patch covers the places where unconditional stereo amp accesses
      are done and converts to the conditional accesses.
      
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=94581Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7ebbfe77
    • Takashi Iwai's avatar
      ALSA: hda - Fix built-in mic on Compaq Presario CQ60 · 0bf939be
      Takashi Iwai authored
      commit ddb6ca75 upstream.
      
      Compaq Presario CQ60 laptop with CX20561 gives a wrong pin for the
      built-in mic NID 0x17 instead of NID 0x1d, and it results in the
      non-working mic.  This patch just remaps the pin correctly via fixup.
      
      Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=920604Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0bf939be
    • Takashi Iwai's avatar
      ALSA: control: Add sanity checks for user ctl id name string · 7f582e8a
      Takashi Iwai authored
      commit be3bb823 upstream.
      
      There was no check about the id string of user control elements, so we
      accepted even a control element with an empty string, which is
      obviously bogus.  This patch adds more sanity checks of id strings.
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7f582e8a
    • Daniel Mack's avatar
      ALSA: snd-usb: add quirks for Roland UA-22 · 2838a548
      Daniel Mack authored
      commit fcdcd1de upstream.
      
      The device complies to the UAC1 standard but hides that fact with
      proprietary descriptors. The autodetect quirk for Roland devices
      catches the audio interface but misses the MIDI part, so a specific
      quirk is needed.
      Signed-off-by: default avatarDaniel Mack <daniel@zonque.org>
      Reported-by: default avatarRafa Lafuente <rafalafuente@gmail.com>
      Tested-by: default avatarRaphaël Doursenaud <raphael@doursenaud.fr>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2838a548
    • Alexander Sverdlin's avatar
      spi: pl022: Fix race in giveback() leading to driver lock-up · f1cb26ab
      Alexander Sverdlin authored
      commit cd6fa8d2 upstream.
      
      Commit fd316941 ("spi/pl022: disable port when unused") introduced a race,
      which leads to possible driver lock up (easily reproducible on SMP).
      
      The problem happens in giveback() function where the completion of the transfer
      is signalled to SPI subsystem and then the HW SPI controller is disabled. Another
      transfer might be setup in between, which brings driver in locked-up state.
      
      Exact event sequence on SMP:
      
      core0                                   core1
      
                                              => pump_transfers()
                                              /* message->state == STATE_DONE */
                                                => giveback()
                                                  => spi_finalize_current_message()
      
      => pl022_unprepare_transfer_hardware()
      => pl022_transfer_one_message
        => flush()
        => do_interrupt_dma_transfer()
          => set_up_next_transfer()
          /* Enable SSP, turn on interrupts */
          writew((readw(SSP_CR1(pl022->virtbase)) |
                 SSP_CR1_MASK_SSE), SSP_CR1(pl022->virtbase));
      
      ...
      
      => pl022_interrupt_handler()
        => readwriter()
      
                                              /* disable the SPI/SSP operation */
                                              => writew((readw(SSP_CR1(pl022->virtbase)) &
                                                        (~SSP_CR1_MASK_SSE)), SSP_CR1(pl022->virtbase));
      
      Lockup! SPI controller is disabled and the data will never be received. Whole
      SPI subsystem is waiting for transfer ACK and blocked.
      
      So, only signal transfer completion after disabling the controller.
      
      Fixes: fd316941 (spi/pl022: disable port when unused)
      Signed-off-by: default avatarAlexander Sverdlin <alexander.sverdlin@nokia.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f1cb26ab
    • Andy Shevchenko's avatar
      spi: dw-mid: avoid potential NULL dereference · 218e39d0
      Andy Shevchenko authored
      commit c9dafb27 upstream.
      
      When DMA descriptor allocation fails we should not try to assign any fields in
      the bad descriptor. The patch adds the necessary checks for that.
      
      Fixes: 7063c0d9 (spi/dw_spi: add DMA support)
      Signed-off-by: default avatarAndy Shevchenko <andriy.shevchenko@linux.intel.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      218e39d0
    • Torsten Fleischer's avatar
      spi: atmel: Fix interrupt setup for PDC transfers · 5d581084
      Torsten Fleischer authored
      commit 76e1d14b upstream.
      
      Additionally to the current DMA transfer the PDC allows to set up a next DMA
      transfer. This is useful for larger SPI transfers.
      
      The driver currently waits for ENDRX as end of the transfer. But ENDRX is set
      when the current DMA transfer is done (RCR = 0), i.e. it doesn't include the
      next DMA transfer.
      Thus a subsequent SPI transfer could be started although there is currently a
      transfer in progress. This can cause invalid accesses to the SPI slave devices
      and to SPI transfer errors.
      
      This issue has been observed on a hardware with a M25P128 SPI NOR flash.
      
      So instead of ENDRX we should wait for RXBUFF. This flag is set if there is
      no more DMA transfer in progress (RCR = RNCR = 0).
      Signed-off-by: default avatarTorsten Fleischer <torfl6749@gmail.com>
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5d581084
    • Sebastian Ott's avatar
      s390/pci: fix possible information leak in mmio syscall · 5bbd2846
      Sebastian Ott authored
      commit f0483044 upstream.
      
      Make sure that even in error situations we do not use copy_to_user
      on uninitialized kernel memory.
      Signed-off-by: default avatarSebastian Ott <sebott@linux.vnet.ibm.com>
      Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5bbd2846
    • Christophe Ricard's avatar
      tpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFO · a1e7c4d0
      Christophe Ricard authored
      commit c4eadfaf upstream.
      
      Add a return value check when reading data from the FIFO register.
      Reviewed-by: default avatarJason Gunthorpe <jason.gunthorpe@obsidianresearch.com>
      Signed-off-by: default avatarChristophe Ricard <christophe-h.ricard@st.com>
      Reviewed-by: default avatarPeter Huewe <peterhuewe@gmx.de>
      Signed-off-by: default avatarPeter Huewe <peterhuewe@gmx.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a1e7c4d0
    • jmlatten@linux.vnet.ibm.com's avatar
      tpm/ibmvtpm: Additional LE support for tpm_ibmvtpm_send · 974fb186
      jmlatten@linux.vnet.ibm.com authored
      commit 62dfd912 upstream.
      
      Problem: When IMA and VTPM are both enabled in kernel config,
      kernel hangs during bootup on LE OS.
      
      Why?: IMA calls tpm_pcr_read() which results in tpm_ibmvtpm_send
      and tpm_ibmtpm_recv getting called. A trace showed that
      tpm_ibmtpm_recv was hanging.
      
      Resolution: tpm_ibmtpm_recv was hanging because tpm_ibmvtpm_send
      was sending CRQ message that probably did not make much sense
      to phype because of Endianness. The fix below sends correctly
      converted CRQ for LE. This was not caught before because it
      seems IMA is not enabled by default in kernel config and
      IMA exercises this particular code path in vtpm.
      
      Tested with IMA and VTPM enabled in kernel config and VTPM
      enabled on both a BE OS and a LE OS ppc64 lpar. This exercised
      CRQ and TPM command code paths in vtpm.
      Patch is against Peter's tpmdd tree on github which included
      Vicky's previous vtpm le patches.
      Signed-off-by: default avatarJoy Latten <jmlatten@linux.vnet.ibm.com>
      Reviewed-by: default avatarAshley Lai <ashley@ahsleylai.com>
      Signed-off-by: default avatarPeter Huewe <peterhuewe@gmx.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      974fb186
    • Jason Low's avatar
      cpuset: Fix cpuset sched_relax_domain_level · f8f48d97
      Jason Low authored
      commit 283cb41f upstream.
      
      The cpuset.sched_relax_domain_level can control how far we do
      immediate load balancing on a system. However, it was found on recent
      kernels that echo'ing a value into cpuset.sched_relax_domain_level
      did not reduce any immediate load balancing.
      
      The reason this occurred was because the update_domain_attr_tree() traversal
      did not update for the "top_cpuset". This resulted in nothing being changed
      when modifying the sched_relax_domain_level parameter.
      
      This patch is able to address that problem by having update_domain_attr_tree()
      allow updates for the root in the cpuset traversal.
      
      Fixes: fc560a26 ("cpuset: replace cpuset->stack_list with cpuset_for_each_descendant_pre()")
      Signed-off-by: default avatarJason Low <jason.low2@hp.com>
      Signed-off-by: default avatarZefan Li <lizefan@huawei.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Tested-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f8f48d97
    • Zefan Li's avatar
      cpuset: fix a warning when clearing configured masks in old hierarchy · 9b1c6e3a
      Zefan Li authored
      commit 79063bff upstream.
      
      When we clear cpuset.cpus, cpuset.effective_cpus won't be cleared:
      
        # mount -t cgroup -o cpuset xxx /mnt
        # mkdir /mnt/tmp
        # echo 0 > /mnt/tmp/cpuset.cpus
        # echo > /mnt/tmp/cpuset.cpus
        # cat cpuset.cpus
      
        # cat cpuset.effective_cpus
        0-15
      
      And a kernel warning in update_cpumasks_hier() is triggered:
      
       ------------[ cut here ]------------
       WARNING: CPU: 0 PID: 4028 at kernel/cpuset.c:894 update_cpumasks_hier+0x471/0x650()
      Signed-off-by: default avatarZefan Li <lizefan@huawei.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Tested-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      9b1c6e3a
    • Zefan Li's avatar
      cpuset: initialize effective masks when clone_children is enabled · fbbca5e8
      Zefan Li authored
      commit 790317e1 upstream.
      
      If clone_children is enabled, effective masks won't be initialized
      due to the bug:
      
        # mount -t cgroup -o cpuset xxx /mnt
        # echo 1 > cgroup.clone_children
        # mkdir /mnt/tmp
        # cat /mnt/tmp/
        # cat cpuset.effective_cpus
      
        # cat cpuset.cpus
        0-15
      
      And then this cpuset won't constrain the tasks in it.
      
      Either the bug or the fix has no effect on unified hierarchy, as
      there's no clone_chidren flag there any more.
      Reported-by: default avatarChristian Brauner <christianvanbrauner@gmail.com>
      Reported-by: default avatarSerge Hallyn <serge.hallyn@ubuntu.com>
      Signed-off-by: default avatarZefan Li <lizefan@huawei.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Tested-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      fbbca5e8
    • Steven Rostedt (Red Hat)'s avatar
      seq_buf: Fix seq_buf_bprintf() truncation · 0dab2665
      Steven Rostedt (Red Hat) authored
      commit 4d4eb4d4 upstream.
      
      In seq_buf_bprintf(), bstr_printf() is used to copy the format into the
      buffer remaining in the seq_buf structure. The return of bstr_printf()
      is the amount of characters written to the buffer excluding the '\0',
      unless the line was truncated!
      
      If the line copied does not fit, it is truncated, and a '\0' is added
      to the end of the buffer. But in this case, '\0' is included in the length
      of the line written. To know if the buffer had overflowed, the return
      length will be the same or greater than the length of the buffer passed in.
      
      The check in seq_buf_bprintf() only checked if the length returned from
      bstr_printf() would fit in the buffer, as the seq_buf_bprintf() is only
      to be an all or nothing command. It either writes all the string into
      the seq_buf, or none of it. If the string is truncated, the pointers
      inside the seq_buf must be reset to what they were when the function was
      called. This is not the case. On overflow, it copies only part of the string.
      
      The fix is to change the overflow check to see if the length returned from
      bstr_printf() is less than the length remaining in the seq_buf buffer, and not
      if it is less than or equal to as it currently does. Then seq_buf_bprintf()
      will know if the write from bstr_printf() was truncated or not.
      
      Link: http://lkml.kernel.org/r/1425500481.2712.27.camel@perches.comReported-by: default avatarJoe Perches <joe@perches.com>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0dab2665
    • Steven Rostedt (Red Hat)'s avatar
      seq_buf: Fix seq_buf_vprintf() truncation · c50360e4
      Steven Rostedt (Red Hat) authored
      commit 4a8fe4e1 upstream.
      
      In seq_buf_vprintf(), vsnprintf() is used to copy the format into the
      buffer remaining in the seq_buf structure. The return of vsnprintf()
      is the amount of characters written to the buffer excluding the '\0',
      unless the line was truncated!
      
      If the line copied does not fit, it is truncated, and a '\0' is added
      to the end of the buffer. But in this case, '\0' is included in the length
      of the line written. To know if the buffer had overflowed, the return
      length will be the same as the length of the buffer passed in.
      
      The check in seq_buf_vprintf() only checked if the length returned from
      vsnprintf() would fit in the buffer, as the seq_buf_vprintf() is only
      to be an all or nothing command. It either writes all the string into
      the seq_buf, or none of it. If the string is truncated, the pointers
      inside the seq_buf must be reset to what they were when the function was
      called. This is not the case. On overflow, it copies only part of the string.
      
      The fix is to change the overflow check to see if the length returned from
      vsnprintf() is less than the length remaining in the seq_buf buffer, and not
      if it is less than or equal to as it currently does. Then seq_buf_vprintf()
      will know if the write from vsnpritnf() was truncated or not.
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      c50360e4
    • Tejun Heo's avatar
      workqueue: fix hang involving racing cancel[_delayed]_work_sync()'s for PREEMPT_NONE · 23bf1322
      Tejun Heo authored
      commit 8603e1b3 upstream.
      
      cancel[_delayed]_work_sync() are implemented using
      __cancel_work_timer() which grabs the PENDING bit using
      try_to_grab_pending() and then flushes the work item with PENDING set
      to prevent the on-going execution of the work item from requeueing
      itself.
      
      try_to_grab_pending() can always grab PENDING bit without blocking
      except when someone else is doing the above flushing during
      cancelation.  In that case, try_to_grab_pending() returns -ENOENT.  In
      this case, __cancel_work_timer() currently invokes flush_work().  The
      assumption is that the completion of the work item is what the other
      canceling task would be waiting for too and thus waiting for the same
      condition and retrying should allow forward progress without excessive
      busy looping
      
      Unfortunately, this doesn't work if preemption is disabled or the
      latter task has real time priority.  Let's say task A just got woken
      up from flush_work() by the completion of the target work item.  If,
      before task A starts executing, task B gets scheduled and invokes
      __cancel_work_timer() on the same work item, its try_to_grab_pending()
      will return -ENOENT as the work item is still being canceled by task A
      and flush_work() will also immediately return false as the work item
      is no longer executing.  This puts task B in a busy loop possibly
      preventing task A from executing and clearing the canceling state on
      the work item leading to a hang.
      
      task A			task B			worker
      
      						executing work
      __cancel_work_timer()
        try_to_grab_pending()
        set work CANCELING
        flush_work()
          block for work completion
      						completion, wakes up A
      			__cancel_work_timer()
      			while (forever) {
      			  try_to_grab_pending()
      			    -ENOENT as work is being canceled
      			  flush_work()
      			    false as work is no longer executing
      			}
      
      This patch removes the possible hang by updating __cancel_work_timer()
      to explicitly wait for clearing of CANCELING rather than invoking
      flush_work() after try_to_grab_pending() fails with -ENOENT.
      
      Link: http://lkml.kernel.org/g/20150206171156.GA8942@axis.com
      
      v3: bit_waitqueue() can't be used for work items defined in vmalloc
          area.  Switched to custom wake function which matches the target
          work item and exclusive wait and wakeup.
      
      v2: v1 used wake_up() on bit_waitqueue() which leads to NULL deref if
          the target bit waitqueue has wait_bit_queue's on it.  Use
          DEFINE_WAIT_BIT() and __wake_up_bit() instead.  Reported by Tomeu
          Vizoso.
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Reported-by: default avatarRabin Vincent <rabin.vincent@axis.com>
      Cc: Tomeu Vizoso <tomeu.vizoso@gmail.com>
      Tested-by: default avatarJesper Nilsson <jesper.nilsson@axis.com>
      Tested-by: default avatarRabin Vincent <rabin.vincent@axis.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      23bf1322
    • Ahmed S. Darwish's avatar
      can: kvaser_usb: Read all messages in a bulk-in URB buffer · add9df23
      Ahmed S. Darwish authored
      commit 2fec5104 upstream.
      
      The Kvaser firmware can only read and write messages that are
      not crossing the USB endpoint's wMaxPacketSize boundary. While
      receiving commands from the CAN device, if the next command in
      the same URB buffer crossed that max packet size boundary, the
      firmware puts a zero-length placeholder command in its place
      then moves the real command to the next boundary mark.
      
      The driver did not recognize such behavior, leading to missing
      a good number of rx events during a heavy rx load session.
      
      Moreover, a tx URB context only gets freed upon receiving its
      respective tx ACK event. Over time, the free tx URB contexts
      pool gets depleted due to the missing ACK events. Consequently,
      the netif transmission queue gets __permanently__ stopped; no
      frames could be sent again except after restarting the CAN
      newtwork interface.
      Signed-off-by: default avatarAhmed S. Darwish <ahmed.darwish@valeo.com>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      add9df23
    • Oliver Hartkopp's avatar
      can: add missing initialisations in CAN related skbuffs · 1db8d025
      Oliver Hartkopp authored
      commit 96943901 upstream.
      
      When accessing CAN network interfaces with AF_PACKET sockets e.g. by dhclient
      this can lead to a skb_under_panic due to missing skb initialisations.
      
      Add the missing initialisations at the CAN skbuff creation times on driver
      level (rx path) and in the network layer (tx path).
      Reported-by: default avatarAustin Schuh <austin@peloton-tech.com>
      Reported-by: default avatarDaniel Steer <daniel.steer@mclaren.com>
      Signed-off-by: default avatarOliver Hartkopp <socketcan@hartkopp.net>
      Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      1db8d025
    • Steven Rostedt (Red Hat)'s avatar
      ftrace: Fix ftrace enable ordering of sysctl ftrace_enabled · 7ae4221a
      Steven Rostedt (Red Hat) authored
      commit 524a3868 upstream.
      
      Some archs (specifically PowerPC), are sensitive with the ordering of
      the enabling of the calls to function tracing and setting of the
      function to use to be traced.
      
      That is, update_ftrace_function() sets what function the ftrace_caller
      trampoline should call. Some archs require this to be set before
      calling ftrace_run_update_code().
      
      Another bug was discovered, that ftrace_startup_sysctl() called
      ftrace_run_update_code() directly. If the function the ftrace_caller
      trampoline changes, then it will not be updated. Instead a call
      to ftrace_startup_enable() should be called because it tests to see
      if the callback changed since the code was disabled, and will
      tell the arch to update appropriately. Most archs do not need this
      notification, but PowerPC does.
      
      The problem could be seen by the following commands:
      
       # echo 0 > /proc/sys/kernel/ftrace_enabled
       # echo function > /sys/kernel/debug/tracing/current_tracer
       # echo 1 > /proc/sys/kernel/ftrace_enabled
       # cat /sys/kernel/debug/tracing/trace
      
      The trace will show that function tracing was not active.
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      7ae4221a
    • Pratyush Anand's avatar
      ftrace: Fix en(dis)able graph caller when en(dis)abling record via sysctl · 0482042f
      Pratyush Anand authored
      commit 1619dc3f upstream.
      
      When ftrace is enabled globally through the proc interface, we must check if
      ftrace_graph_active is set. If it is set, then we should also pass the
      FTRACE_START_FUNC_RET command to ftrace_run_update_code(). Similarly, when
      ftrace is disabled globally through the proc interface, we must check if
      ftrace_graph_active is set. If it is set, then we should also pass the
      FTRACE_STOP_FUNC_RET command to ftrace_run_update_code().
      
      Consider the following situation.
      
       # echo 0 > /proc/sys/kernel/ftrace_enabled
      
      After this ftrace_enabled = 0.
      
       # echo function_graph > /sys/kernel/debug/tracing/current_tracer
      
      Since ftrace_enabled = 0, ftrace_enable_ftrace_graph_caller() is never
      called.
      
       # echo 1 > /proc/sys/kernel/ftrace_enabled
      
      Now ftrace_enabled will be set to true, but still
      ftrace_enable_ftrace_graph_caller() will not be called, which is not
      desired.
      
      Further if we execute the following after this:
        # echo nop > /sys/kernel/debug/tracing/current_tracer
      
      Now since ftrace_enabled is set it will call
      ftrace_disable_ftrace_graph_caller(), which causes a kernel warning on
      the ARM platform.
      
      On the ARM platform, when ftrace_enable_ftrace_graph_caller() is called,
      it checks whether the old instruction is a nop or not. If it's not a nop,
      then it returns an error. If it is a nop then it replaces instruction at
      that address with a branch to ftrace_graph_caller.
      ftrace_disable_ftrace_graph_caller() behaves just the opposite. Therefore,
      if generic ftrace code ever calls either ftrace_enable_ftrace_graph_caller()
      or ftrace_disable_ftrace_graph_caller() consecutively two times in a row,
      then it will return an error, which will cause the generic ftrace code to
      raise a warning.
      
      Note, x86 does not have an issue with this because the architecture
      specific code for ftrace_enable_ftrace_graph_caller() and
      ftrace_disable_ftrace_graph_caller() does not check the previous state,
      and calling either of these functions twice in a row has no ill effect.
      
      Link: http://lkml.kernel.org/r/e4fbe64cdac0dd0e86a3bf914b0f83c0b419f146.1425666454.git.panand@redhat.comSigned-off-by: default avatarPratyush Anand <panand@redhat.com>
      [
        removed extra if (ftrace_start_up) and defined ftrace_graph_active as 0
        if CONFIG_FUNCTION_GRAPH_TRACER is not set.
      ]
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0482042f
    • Steven Rostedt (Red Hat)'s avatar
      ftrace: Clear REGS_EN and TRAMP_EN flags on disabling record via sysctl · 63056f67
      Steven Rostedt (Red Hat) authored
      commit b24d443b upstream.
      
      When /proc/sys/kernel/ftrace_enabled is set to zero, all function
      tracing is disabled. But the records that represent the functions
      still hold information about the ftrace_ops that are hooked to them.
      
      ftrace_ops may request "REGS" (have a full set of pt_regs passed to
      the callback), or "TRAMP" (the ops has its own trampoline to use).
      When the record is updated to represent the state of the ops hooked
      to it, it sets "REGS_EN" and/or "TRAMP_EN" to state that the callback
      points to the correct trampoline (REGS has its own trampoline).
      
      When ftrace_enabled is set to zero, all ftrace locations are a nop,
      so they do not point to any trampoline. But the _EN flags are still
      set. This can cause the accounting to go wrong when ftrace_enabled
      is cleared and an ops that has a trampoline is registered or unregistered.
      
      For example, the following will cause ftrace to crash:
      
       # echo function_graph > /sys/kernel/debug/tracing/current_tracer
       # echo 0 > /proc/sys/kernel/ftrace_enabled
       # echo nop > /sys/kernel/debug/tracing/current_tracer
       # echo 1 > /proc/sys/kernel/ftrace_enabled
       # echo function_graph > /sys/kernel/debug/tracing/current_tracer
      
      As function_graph uses a trampoline, when ftrace_enabled is set to zero
      the updates to the record are not done. When enabling function_graph
      again, the record will still have the TRAMP_EN flag set, and it will
      look for an op that has a trampoline other than the function_graph
      ops, and fail to find one.
      Reported-by: default avatarPratyush Anand <panand@redhat.com>
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      63056f67
    • Russell King's avatar
      Change email address for 8250_pci · 34deb2f3
      Russell King authored
      commit f2e0ea86 upstream.
      
      I'm still receiving reports to my email address, so let's point this
      at the linux-serial mailing list instead.
      Signed-off-by: default avatarRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      34deb2f3
    • Michael S. Tsirkin's avatar
      virtio_console: avoid config access from irq · 849de63a
      Michael S. Tsirkin authored
      commit eeb8a7e8 upstream.
      
      when multiport is off, virtio console invokes config access from irq
      context, config access is blocking on s390.
      Fix this up by scheduling work from config irq - similar to what we do
      for multiport configs.
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: default avatarAmit Shah <amit.shah@redhat.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      849de63a
    • Michael S. Tsirkin's avatar
      virtio_console: init work unconditionally · 3bb2dae3
      Michael S. Tsirkin authored
      commit 4f6e24ed upstream.
      
      when multiport is off, we don't initialize config work,
      but we then cancel uninitialized control_work on freeze.
      Signed-off-by: default avatarMichael S. Tsirkin <mst@redhat.com>
      Reviewed-by: default avatarAmit Shah <amit.shah@redhat.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      3bb2dae3
    • Peter Hurley's avatar
      console: Fix console name size mismatch · 2cf6258c
      Peter Hurley authored
      commit 30a22c21 upstream.
      
      commit 6ae9200f ("enlarge console.name") increased the storage
      for the console name to 16 bytes, but not the corresponding
      struct console_cmdline::name storage. Console names longer than
      8 bytes cause read beyond end-of-string and failure to match
      console; I'm not sure if there are other unexpected consequences.
      Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2cf6258c
    • Peter Hurley's avatar
      serial: 8250_dw: Fix deadlock in LCR workaround · 180c14a6
      Peter Hurley authored
      commit 7fd6f640 upstream.
      
      Trying to write console output from within the serial console driver
      while the port->lock is held causes recursive deadlock:
      
        CPU 0
      spin_lock_irqsave(&port->lock)
      printk()
        console_unlock()
          call_console_drivers()
            serial8250_console_write()
              spin_lock_irqsave(&port->lock)
      ** DEADLOCK **
      
      The 8250_dw i/o accessors try to write a console error message if the
      LCR workaround was unsuccessful. When the port->lock is already held
      (eg., when called from serial8250_set_termios()), this deadlocks.
      
      Make the error message a FIXME until a general solution is devised.
      
      Cc: Tim Kryger <tim.kryger@gmail.com>
      Reported-by: default avatarZhang Zhen <zhenzhang.zhang@huawei.com>
      Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      180c14a6
    • Peter Hurley's avatar
      serial: core: Fix iotype userspace breakage · f582a6d9
      Peter Hurley authored
      commit 2bb78516 upstream.
      
      commit 3ffb1a81 ("serial: core: Add big-endian iotype")
      re-numbered userspace-dependent values; ioctl(TIOCSSERIAL) can
      assign the port iotype (which is expected to match the selected
      i/o accessors), so iotype values must not be changed.
      
      Cc: Kevin Cernekee <cernekee@gmail.com>
      Signed-off-by: default avatarPeter Hurley <peter@hurleysoftware.com>
      Reviewed-by: default avatarKevin Cernekee <cernekee@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      f582a6d9
    • Miklos Szeredi's avatar
      fuse: notify: don't move pages · ec1b2f10
      Miklos Szeredi authored
      commit 0d278362 upstream.
      
      fuse_try_move_page() is not prepared for replacing pages that have already
      been read.
      Reported-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ec1b2f10
    • Miklos Szeredi's avatar
      fuse: set stolen page uptodate · ac299821
      Miklos Szeredi authored
      commit aa991b3b upstream.
      
      Regular pipe buffers' ->steal method (generic_pipe_buf_steal()) doesn't set
      PG_uptodate.
      
      Don't warn on this condition, just set the uptodate flag.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ac299821
    • JeHyeon Yeon's avatar
      LZ4 : fix the data abort issue · 5a2581b9
      JeHyeon Yeon authored
      commit d5e7cafd upstream.
      
      If the part of the compression data are corrupted, or the compression
      data is totally fake, the memory access over the limit is possible.
      
      This is the log from my system usning lz4 decompression.
         [6502]data abort, halting
         [6503]r0  0x00000000 r1  0x00000000 r2  0xdcea0ffc r3  0xdcea0ffc
         [6509]r4  0xb9ab0bfd r5  0xdcea0ffc r6  0xdcea0ff8 r7  0xdce80000
         [6515]r8  0x00000000 r9  0x00000000 r10 0x00000000 r11 0xb9a98000
         [6522]r12 0xdcea1000 usp 0x00000000 ulr 0x00000000 pc  0x820149bc
         [6528]spsr 0x400001f3
      and the memory addresses of some variables at the moment are
          ref:0xdcea0ffc, op:0xdcea0ffc, oend:0xdcea1000
      
      As you can see, COPYLENGH is 8bytes, so @ref and @op can access the momory
      over @oend.
      Signed-off-by: default avatarJeHyeon Yeon <tom.yeon@windriver.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.cz>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5a2581b9
    • Alex Deucher's avatar
      drm/radeon: drop ttm two ended allocation · 0cd0c386
      Alex Deucher authored
      commit a239118a upstream.
      
      radeon_bo_create() calls radeon_ttm_placement_from_domain()
      before ttm_bo_init() is called.  radeon_ttm_placement_from_domain()
      uses the ttm bo size to determine when to select top down
      allocation but since the ttm bo is not initialized yet the
      check is always false.  It only took effect when buffers
      were validated later.  It also seemed to regress suspend
      and resume on some systems possibly due to it not
      taking effect in radeon_bo_create().
      
      radeon_bo_create() and radeon_ttm_placement_from_domain()
      need to be reworked substantially for this to be optimally
      effective.  Re-enable it at that point.
      Noticed-by: default avatarOded Gabbay <oded.gabbay@amd.com>
      Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
      Signed-off-by: default avatarAlex Deucher <alexander.deucher@amd.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      0cd0c386
    • Ben Goz's avatar
      drm/radeon: Changing number of compute pipe lines · e411e579
      Ben Goz authored
      commit e405ca3a upstream.
      
      The current CP firmware can handle Usermode Queues only on MEC1.
      To reflect this firmware change, this commit reduces number of compute pipelines
      to 4 - 1, from 8 - 1 (the first pipeline is allocated for kgd).
      Signed-off-by: default avatarBen Goz <ben.goz@amd.com>
      Signed-off-by: default avatarOded Gabbay <oded.gabbay@amd.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      e411e579