new file mode 100644

@@ -0,0 +1,210 @@

+From: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>

+Date: Wed, 11 Apr 2018 12:13:31 +0530

+Subject: [PATCH 1/2] rsi: fix nommu_map_sg overflow kernel panic

+Cc: linux-wireless@vger.kernel.org,

+	Amitkumar Karwar <amit.karwar@redpinesignals.com>,

+	Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>

+

+Following overflow kernel panic is observed on some platforms while

+loading the driver. It is fixed if dynamically allocated memory is

+passed to SDIO instead of static one

+

+[  927.513963] nommu_map_sg: overflow 17d54064ba7c+20 of device mask ffffffff

+[  927.517712] Modules linked in: rsi_sdio(+) cmac bnep arc4 rsi_91x mac80211 cfg80211

+	       btrsi rfcomm bluetooth ecdh_generic snd_soc_sst_bytcr_rt5660

+[  927.517861] CPU: 0 PID: 1624 Comm: insmod Tainted: G W 4.15.0-1000 #1

+[  927.517870] RIP: 0010:sdhci_send_command+0x5f0/0xa90 [sdhci]

+[  927.517873] RSP: 0000:ffffac3fc064b6d8 EFLAGS: 00010086

+[  927.517895] Call Trace:

+[  927.517908]  ? __schedule+0x3cd/0x890

+[  927.517915]  ? mod_timer+0x17b/0x3c0

+[  927.517922]  sdhci_request+0x7c/0xf0 [sdhci]

+[  927.517928]  __mmc_start_request+0x5a/0x170

+[  927.517932]  mmc_start_request+0x74/0x90

+[  927.517936]  mmc_wait_for_req+0x87/0xe0

+[  927.517940]  mmc_io_rw_extended+0x2fd/0x330

+[  927.517946]  ? mmc_wait_data_done+0x30/0x30

+[  927.517951]  sdio_io_rw_ext_helper+0x160/0x210

+[  927.517956]  sdio_writesb+0x1d/0x20

+[  927.517966]	rsi_sdio_write_register_multiple+0x68/0x110 [rsi_sdio]

+[  927.517976]  rsi_hal_device_init+0x357/0x910 [rsi_91x]

+[  927.517983]  ? rsi_hal_device_init+0x357/0x910 [rsi_91x]

+[  927.517990]  rsi_probe+0x2c6/0x450 [rsi_sdio]

+[  927.517995]  sdio_bus_probe+0xfc/0x110

+[  927.518000]  driver_probe_device+0x2b3/0x490

+[  927.518005]  __driver_attach+0xdf/0xf0

+[  927.518008]  ? driver_probe_device+0x490/0x490

+[  927.518014]  bus_for_each_dev+0x6c/0xc0

+[  927.518018]  driver_attach+0x1e/0x20

+[  927.518021]  bus_add_driver+0x1f4/0x270

+[  927.518028]  ? rsi_sdio_ack_intr+0x50/0x50 [rsi_sdio]

+[  927.518031]  driver_register+0x60/0xe0

+[  927.518038]  ? rsi_sdio_ack_intr+0x50/0x50 [rsi_sdio]

+[  927.518041]  sdio_register_driver+0x20/0x30

+[  927.518047]  rsi_module_init+0x16/0x40 [rsi_sdio]

+

+Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>

+Signed-off-by: Amitkumar Karwar <amit.karwar@redpinesignals.com>

+---

+ drivers/net/wireless/rsi/rsi_91x_hal.c  | 35 ++++++++++++++++++++-------------

+ drivers/net/wireless/rsi/rsi_91x_sdio.c | 21 +++++++++++++-------

+ drivers/net/wireless/rsi/rsi_sdio.h     |  2 +-

+ 3 files changed, 36 insertions(+), 22 deletions(-)

+

+diff --git a/drivers/net/wireless/rsi/rsi_91x_hal.c b/drivers/net/wireless/rsi/rsi_91x_hal.c

+index b7c5403..0761e61 100644

+--- a/drivers/net/wireless/rsi/rsi_91x_hal.c

+@@ -635,28 +635,32 @@ static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content,

+ 			   u32 content_size)

+ {

+ 	struct rsi_host_intf_ops *hif_ops = adapter->host_intf_ops;

+-	struct bl_header bl_hdr;

++	struct bl_header *bl_hdr;

+ 	u32 write_addr, write_len;

+ 	int status;

+ 

+-	bl_hdr.flags = 0;

+-	bl_hdr.image_no = cpu_to_le32(adapter->priv->coex_mode);

+-	bl_hdr.check_sum = cpu_to_le32(

+-				*(u32 *)&flash_content[CHECK_SUM_OFFSET]);

+-	bl_hdr.flash_start_address = cpu_to_le32(

+-					*(u32 *)&flash_content[ADDR_OFFSET]);

+-	bl_hdr.flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]);

++	bl_hdr = kzalloc(sizeof(*bl_hdr), GFP_KERNEL);

++	if (!bl_hdr)

++		return -ENOMEM;

++

++	bl_hdr->flags = 0;

++	bl_hdr->image_no = cpu_to_le32(adapter->priv->coex_mode);

++	bl_hdr->check_sum =

++		cpu_to_le32(*(u32 *)&flash_content[CHECK_SUM_OFFSET]);

++	bl_hdr->flash_start_address =

++		cpu_to_le32(*(u32 *)&flash_content[ADDR_OFFSET]);

++	bl_hdr->flash_len = cpu_to_le32(*(u32 *)&flash_content[LEN_OFFSET]);

+ 	write_len = sizeof(struct bl_header);

+ 

+ 	if (adapter->rsi_host_intf == RSI_HOST_INTF_USB) {

+ 		write_addr = PING_BUFFER_ADDRESS;

+ 		status = hif_ops->write_reg_multiple(adapter, write_addr,

+-						 (u8 *)&bl_hdr, write_len);

++						 (u8 *)bl_hdr, write_len);

+ 		if (status < 0) {

+ 			rsi_dbg(ERR_ZONE,

+ 				"%s: Failed to load Version/CRC structure\n",

+ 				__func__);

+-			return status;

++			goto fail;

+ 		}

+ 	} else {

+ 		write_addr = PING_BUFFER_ADDRESS >> 16;

+@@ -665,20 +669,23 @@ static int bl_write_header(struct rsi_hw *adapter, u8 *flash_content,

+ 			rsi_dbg(ERR_ZONE,

+ 				"%s: Unable to set ms word to common reg\n",

+ 				__func__);

+-			return status;

++			goto fail;

+ 		}

+ 		write_addr = RSI_SD_REQUEST_MASTER |

+ 			     (PING_BUFFER_ADDRESS & 0xFFFF);

+ 		status = hif_ops->write_reg_multiple(adapter, write_addr,

+-						 (u8 *)&bl_hdr, write_len);

++						 (u8 *)bl_hdr, write_len);

+ 		if (status < 0) {

+ 			rsi_dbg(ERR_ZONE,

+ 				"%s: Failed to load Version/CRC structure\n",

+ 				__func__);

+-			return status;

++			goto fail;

+ 		}

+ 	}

+-	return 0;

++	status = 0;

++fail:

++	kfree(bl_hdr);

++	return status;

+ }

+ 

+ static u32 read_flash_capacity(struct rsi_hw *adapter)

+diff --git a/drivers/net/wireless/rsi/rsi_91x_sdio.c b/drivers/net/wireless/rsi/rsi_91x_sdio.c

+index 8ef0058..f7f2820 100644

+--- a/drivers/net/wireless/rsi/rsi_91x_sdio.c

+@@ -1038,17 +1038,21 @@ static void ulp_read_write(struct rsi_hw *adapter, u16 addr, u32 data,

+ /*This function resets and re-initializes the chip.*/

+ static void rsi_reset_chip(struct rsi_hw *adapter)

+ {

+-	__le32 data;

++	u8 *data;

+ 	u8 sdio_interrupt_status = 0;

+ 	u8 request = 1;

+ 	int ret;

+ 

++	data = kzalloc(sizeof(u32), GFP_KERNEL);

++	if (!data)

++		return;

++

+ 	rsi_dbg(INFO_ZONE, "Writing disable to wakeup register\n");

+ 	ret =  rsi_sdio_write_register(adapter, 0, SDIO_WAKEUP_REG, &request);

+ 	if (ret < 0) {

+ 		rsi_dbg(ERR_ZONE,

+ 			"%s: Failed to write SDIO wakeup register\n", __func__);

+-		return;

++		goto err;

+ 	}

+ 	msleep(20);

+ 	ret =  rsi_sdio_read_register(adapter, RSI_FN1_INT_REGISTER,

+@@ -1056,7 +1060,7 @@ static void rsi_reset_chip(struct rsi_hw *adapter)

+ 	if (ret < 0) {

+ 		rsi_dbg(ERR_ZONE, "%s: Failed to Read Intr Status Register\n",

+ 			__func__);

+-		return;

++		goto err;

+ 	}

+ 	rsi_dbg(INFO_ZONE, "%s: Intr Status Register value = %d\n",

+ 		__func__, sdio_interrupt_status);

+@@ -1066,17 +1070,17 @@ static void rsi_reset_chip(struct rsi_hw *adapter)

+ 		rsi_dbg(ERR_ZONE,

+ 			"%s: Unable to set ms word to common reg\n",

+ 			__func__);

+-		return;

++		goto err;

+ 	}

+ 

+-	data = TA_HOLD_THREAD_VALUE;

++	put_unaligned_le32(TA_HOLD_THREAD_VALUE, data);

+ 	if (rsi_sdio_write_register_multiple(adapter, TA_HOLD_THREAD_REG |

+ 					     RSI_SD_REQUEST_MASTER,

+-					     (u8 *)&data, 4)) {

++					     data, 4)) {

+ 		rsi_dbg(ERR_ZONE,

+ 			"%s: Unable to hold Thread-Arch processor threads\n",

+ 			__func__);

+-		return;

++		goto err;

+ 	}

+ 

+ 	/* This msleep will ensure Thread-Arch processor to go to hold

+@@ -1097,6 +1101,9 @@ static void rsi_reset_chip(struct rsi_hw *adapter)

+ 	 * read write operations to complete for chip reset.

+ 	 */

+ 	msleep(500);

++err:

++	kfree(data);

++	return;

+ }

+ 

+ /**

+diff --git a/drivers/net/wireless/rsi/rsi_sdio.h b/drivers/net/wireless/rsi/rsi_sdio.h

+index ead8e7c..353dbdf 100644

+--- a/drivers/net/wireless/rsi/rsi_sdio.h

+@@ -87,7 +87,7 @@ enum sdio_interrupt_type {

+ #define TA_SOFT_RST_CLR              0

+ #define TA_SOFT_RST_SET              BIT(0)

+ #define TA_PC_ZERO                   0

+-#define TA_HOLD_THREAD_VALUE         cpu_to_le32(0xF)

++#define TA_HOLD_THREAD_VALUE         0xF

+ #define TA_RELEASE_THREAD_VALUE      cpu_to_le32(0xF)

+ #define TA_BASE_ADDR                 0x2200

+ #define MISC_CFG_BASE_ADDR           0x4105

@@ -1526,7 +1526,36 @@ CONFIG_CAN_CALC_BITTIMING=y

 # CONFIG_CAN_8DEV_USB is not set

 # CONFIG_CAN_MCBA_USB is not set

 # CONFIG_CAN_DEBUG_DEVICES is not set

-# CONFIG_BT is not set

+CONFIG_BT=m

+CONFIG_BT_BREDR=y

+CONFIG_BT_RFCOMM=m

+CONFIG_BT_RFCOMM_TTY=y

+CONFIG_BT_BNEP=m

+# CONFIG_BT_BNEP_MC_FILTER is not set

+# CONFIG_BT_BNEP_PROTO_FILTER is not set

+CONFIG_BT_HIDP=m

+CONFIG_BT_HS=y

+CONFIG_BT_LE=y

+# CONFIG_BT_LEDS is not set

+# CONFIG_BT_SELFTEST is not set

+CONFIG_BT_DEBUGFS=y

+

+#

+# Bluetooth device drivers

+#

+CONFIG_BT_INTEL=m

+CONFIG_BT_BCM=m

+CONFIG_BT_RTL=m

+CONFIG_BT_HCIBTUSB=m

+CONFIG_BT_HCIBTUSB_BCM=y

+CONFIG_BT_HCIBTUSB_RTL=y

+CONFIG_BT_HCIBTSDIO=m

+# CONFIG_BT_HCIUART is not set

+CONFIG_BT_HCIBCM203X=m

+# CONFIG_BT_HCIBFUSB is not set

+# CONFIG_BT_HCIVHCI is not set

+# CONFIG_BT_MRVL is not set

+# CONFIG_BT_ATH3K is not set

 # CONFIG_AF_RXRPC is not set

 # CONFIG_AF_KCM is not set

 # CONFIG_STREAM_PARSER is not set

@@ -2863,7 +2892,7 @@ CONFIG_GPIOLIB=y

 CONFIG_GPIO_ACPI=y

 CONFIG_GPIOLIB_IRQCHIP=y

 # CONFIG_DEBUG_GPIO is not set

-# CONFIG_GPIO_SYSFS is not set

+CONFIG_GPIO_SYSFS=y

 #

 # Memory mapped GPIO drivers

@@ -5312,10 +5341,11 @@ CONFIG_CRYPTO_RNG_DEFAULT=m

 CONFIG_CRYPTO_AKCIPHER2=y

 CONFIG_CRYPTO_AKCIPHER=y

 CONFIG_CRYPTO_KPP2=y

+CONFIG_CRYPTO_KPP=m

 CONFIG_CRYPTO_ACOMP2=y

 CONFIG_CRYPTO_RSA=y

 # CONFIG_CRYPTO_DH is not set

-# CONFIG_CRYPTO_ECDH is not set

+CONFIG_CRYPTO_ECDH=m

 CONFIG_CRYPTO_MANAGER=y

 CONFIG_CRYPTO_MANAGER2=y

 # CONFIG_CRYPTO_USER is not set

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux

 Version:        4.14.54

-Release:        3%{?kat_build:.%kat_build}%{?dist}

+Release:        4%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

@@ -13,9 +13,11 @@ Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar

 Source1:	config

 Source2:	initramfs.trigger

 %define ena_version 1.5.0

-Source3:       https://github.com/amzn/amzn-drivers/archive/ena_linux_%{ena_version}.tar.gz

+Source3:	https://github.com/amzn/amzn-drivers/archive/ena_linux_%{ena_version}.tar.gz

 %define sha1 ena_linux=cbbbe8a3bbab6d01a4e38417cb0ead2f7cb8b2ee

 Source4:	config_aarch64

+Source5:	xr_usb_serial_common_lnx-3.6-and-newer-pak.tar.xz

+%define sha1 xr=74df7143a86dd1519fa0ccf5276ed2225665a9db

 # common

 Patch0:         linux-4.14-Log-kmsg-dump-on-panic.patch

 Patch1:         double-tcp_mem-limits.patch

@@ -25,8 +27,11 @@ Patch3:         SUNRPC-Do-not-reuse-srcport-for-TIME_WAIT-socket.patch

 Patch4:         SUNRPC-xs_bind-uses-ip_local_reserved_ports.patch

 Patch5:         vsock-transport-for-9p.patch

 Patch6:         x86-vmware-STA-support.patch

+Patch9:         1-2-rsi-fix-nommu_map_sg-overflow-kernel-panic.patch

 # rpi3 dts

 Patch10:	arm-dts-add-vchiq-entry.patch

+# ttyXRUSB support

+Patch11:	usb-acm-exclude-exar-usb-serial-ports.patch

 #HyperV patches

 Patch13:        0004-vmbus-Don-t-spam-the-logs-with-unknown-GUIDs.patch

 # TODO: Is CONFIG_HYPERV_VSOCKETS the same?

@@ -121,6 +126,7 @@ Kernel Device Tree Blob files for Raspberry Pi3

 %setup -q -n linux-%{version}

 %ifarch x86_64

 %setup -D -b 3 -n linux-%{version}

+%setup -D -b 5 -n linux-%{version}

 %endif

 %patch0 -p1

 %patch1 -p1

@@ -128,7 +134,9 @@ Kernel Device Tree Blob files for Raspberry Pi3

 %patch4 -p1

 %patch5 -p1

 %patch6 -p1

+%patch9 -p1

 %patch10 -p1

+%patch11 -p1

 %patch13 -p1

 %patch24 -p1

 %patch26 -p1

@@ -162,6 +170,11 @@ bldroot=`pwd`

 pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena

 make -C $bldroot M=`pwd` VERBOSE=1 modules %{?_smp_mflags}

 popd

+# build XR module

+bldroot=`pwd`

+pushd ../xr_usb_serial_common_lnx-3.6-and-newer-pak

+make KERNELDIR=$bldroot %{?_smp_mflags} all

+popd

 %endif

 %define __modules_install_post \

@@ -196,6 +209,12 @@ pushd ../amzn-drivers-ena_linux_%{ena_version}/kernel/linux/ena

 make -C $bldroot M=`pwd` INSTALL_MOD_PATH=%{buildroot} modules_install

 popd

+# install XR module

+bldroot=`pwd`

+pushd ../xr_usb_serial_common_lnx-3.6-and-newer-pak

+make KERNELDIR=$bldroot INSTALL_MOD_PATH=%{buildroot} modules_install

+popd

+

 # Verify for build-id match

 # We observe different IDs sometimes

 # TODO: debug it

@@ -341,6 +360,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+*   Wed Aug 22 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.54-4

+-   Fix overflow kernel panic in rsi driver.

+-   .config: enable BT stack, enable GPIO sysfs.

+-   Add Exar USB serial driver.

 *   Fri Aug 17 2018 Ajay Kaher <akaher@vmware.com> 4.14.54-3

 -   Enabled USB PCI in config_aarch64

 -   Build hang (at make oldconfig) fix in config_aarch64

new file mode 100644

@@ -0,0 +1,25 @@

+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c

+index 3b9aadd007f5..96a55ea46c25 100644

+--- a/drivers/usb/class/cdc-acm.c

+@@ -1942,6 +1942,20 @@ static const struct usb_device_id acm_ids[] = {

+ 	.driver_info = IGNORE_DEVICE,

+ 	},

+ 

++	/* Exclude Exar USB serial ports */

++	{ USB_DEVICE(0x04e2, 0x1400), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1401), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1402), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1403), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1410), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1411), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1412), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1414), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1420), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1421), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1422), .driver_info = IGNORE_DEVICE, },

++	{ USB_DEVICE(0x04e2, 0x1424), .driver_info = IGNORE_DEVICE, },

++

+ 	/* control interfaces without any protocol set */

+ 	{ USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_ACM,

+ 		USB_CDC_PROTO_NONE) },