--- /dev/null
+From f5f7ab168b9a60e12a4b8f2bb6fcc91321dc23c1 Mon Sep 17 00:00:00 2001
+From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
+Date: Sun, 4 Oct 2020 19:04:22 +0100
+Subject: 9P: Cast to loff_t before multiplying
+
+From: Matthew Wilcox (Oracle) <willy@infradead.org>
+
+commit f5f7ab168b9a60e12a4b8f2bb6fcc91321dc23c1 upstream.
+
+On 32-bit systems, this multiplication will overflow for files larger
+than 4GB.
+
+Link: http://lkml.kernel.org/r/20201004180428.14494-2-willy@infradead.org
+Cc: stable@vger.kernel.org
+Fixes: fb89b45cdfdc ("9P: introduction of a new cache=mmap model.")
+Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
+Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/9p/vfs_file.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/9p/vfs_file.c
++++ b/fs/9p/vfs_file.c
+@@ -612,9 +612,9 @@ static void v9fs_mmap_vm_close(struct vm
+ struct writeback_control wbc = {
+ .nr_to_write = LONG_MAX,
+ .sync_mode = WB_SYNC_ALL,
+- .range_start = vma->vm_pgoff * PAGE_SIZE,
++ .range_start = (loff_t)vma->vm_pgoff * PAGE_SIZE,
+ /* absolute end, byte at end included */
+- .range_end = vma->vm_pgoff * PAGE_SIZE +
++ .range_end = (loff_t)vma->vm_pgoff * PAGE_SIZE +
+ (vma->vm_end - vma->vm_start - 1),
+ };
+
--- /dev/null
+From c403c3a2fbe24d4ed33e10cabad048583ebd4edf Mon Sep 17 00:00:00 2001
+From: "Matthew Wilcox (Oracle)" <willy@infradead.org>
+Date: Sun, 4 Oct 2020 19:04:24 +0100
+Subject: ceph: promote to unsigned long long before shifting
+
+From: Matthew Wilcox (Oracle) <willy@infradead.org>
+
+commit c403c3a2fbe24d4ed33e10cabad048583ebd4edf upstream.
+
+On 32-bit systems, this shift will overflow for files larger than 4GB.
+
+Cc: stable@vger.kernel.org
+Fixes: 61f68816211e ("ceph: check caps in filemap_fault and page_mkwrite")
+Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ceph/addr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ceph/addr.c
++++ b/fs/ceph/addr.c
+@@ -1522,7 +1522,7 @@ static vm_fault_t ceph_filemap_fault(str
+ struct ceph_inode_info *ci = ceph_inode(inode);
+ struct ceph_file_info *fi = vma->vm_file->private_data;
+ struct page *pinned_page = NULL;
+- loff_t off = vmf->pgoff << PAGE_SHIFT;
++ loff_t off = (loff_t)vmf->pgoff << PAGE_SHIFT;
+ int want, got, err;
+ sigset_t oldset;
+ vm_fault_t ret = VM_FAULT_SIGBUS;
--- /dev/null
+From db865272d9c4687520dc29f77e701a1b2669872f Mon Sep 17 00:00:00 2001
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Fri, 23 Oct 2020 17:15:56 +0200
+Subject: cpufreq: Avoid configuring old governors as default with intel_pstate
+
+From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+
+commit db865272d9c4687520dc29f77e701a1b2669872f upstream.
+
+Commit 33aa46f252c7 ("cpufreq: intel_pstate: Use passive mode by
+default without HWP") was meant to cause intel_pstate to be used
+in the passive mode with the schedutil governor on top of it, but
+it missed the case in which either "ondemand" or "conservative"
+was selected as the default governor in the existing kernel config,
+in which case the previous old governor configuration would be used,
+causing the default legacy governor to be used on top of intel_pstate
+instead of schedutil.
+
+Address this by preventing "ondemand" and "conservative" from being
+configured as the default cpufreq governor in the case when schedutil
+is the default choice for the default governor setting.
+
+[Note that the default cpufreq governor can still be set via the
+ kernel command line if need be and that choice is not limited,
+ so if anyone really wants to use one of the legacy governors by
+ default, it can be achieved this way.]
+
+Fixes: 33aa46f252c7 ("cpufreq: intel_pstate: Use passive mode by default without HWP")
+Reported-by: Julia Lawall <julia.lawall@inria.fr>
+Cc: 5.8+ <stable@vger.kernel.org> # 5.8+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/cpufreq/Kconfig | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/cpufreq/Kconfig
++++ b/drivers/cpufreq/Kconfig
+@@ -71,6 +71,7 @@ config CPU_FREQ_DEFAULT_GOV_USERSPACE
+
+ config CPU_FREQ_DEFAULT_GOV_ONDEMAND
+ bool "ondemand"
++ depends on !(X86_INTEL_PSTATE && SMP)
+ select CPU_FREQ_GOV_ONDEMAND
+ select CPU_FREQ_GOV_PERFORMANCE
+ help
+@@ -83,6 +84,7 @@ config CPU_FREQ_DEFAULT_GOV_ONDEMAND
+
+ config CPU_FREQ_DEFAULT_GOV_CONSERVATIVE
+ bool "conservative"
++ depends on !(X86_INTEL_PSTATE && SMP)
+ select CPU_FREQ_GOV_CONSERVATIVE
+ select CPU_FREQ_GOV_PERFORMANCE
+ help
--- /dev/null
+From e0be38ed4ab413ddd492118cf146369b86ee0ab5 Mon Sep 17 00:00:00 2001
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Fri, 23 Oct 2020 17:35:32 +0200
+Subject: cpufreq: intel_pstate: Avoid missing HWP max updates in passive mode
+
+From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+
+commit e0be38ed4ab413ddd492118cf146369b86ee0ab5 upstream.
+
+If the cpufreq policy max limit is changed when intel_pstate operates
+in the passive mode with HWP enabled and the "powersave" governor is
+used on top of it, the HWP max limit is not updated as appropriate.
+
+Namely, in the "powersave" governor case, the target P-state
+is always equal to the policy min limit, so if the latter does
+not change, intel_cpufreq_adjust_hwp() is not invoked to update
+the HWP Request MSR due to the "target_pstate != old_pstate" check
+in intel_cpufreq_update_pstate(), so the HWP max limit is not
+updated as a result.
+
+Also, if the CPUFREQ_NEED_UPDATE_LIMITS flag is not set for the
+driver and the target frequency does not change along with the
+policy max limit, the "target_freq == policy->cur" check in
+__cpufreq_driver_target() prevents the driver's ->target() callback
+from being invoked at all, so the HWP max limit is not updated.
+
+To prevent that occurring, set the CPUFREQ_NEED_UPDATE_LIMITS flag
+in the intel_cpufreq driver structure if HWP is enabled and modify
+intel_cpufreq_update_pstate() to do the "target_pstate != old_pstate"
+check only in the non-HWP case and let intel_cpufreq_adjust_hwp()
+always run in the HWP case (it will update HWP Request only if the
+cached value of the register is different from the new one including
+the limits, so if neither the target P-state value nor the max limit
+changes, the register write will still be avoided).
+
+Fixes: f6ebbcf08f37 ("cpufreq: intel_pstate: Implement passive mode with HWP enabled")
+Reported-by: Zhang Rui <rui.zhang@intel.com>
+Cc: 5.9+ <stable@vger.kernel.org> # 5.9+: 1c534352f47f cpufreq: Introduce CPUFREQ_NEED_UPDATE_LIMITS ...
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
+Tested-by: Zhang Rui <rui.zhang@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/cpufreq/intel_pstate.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- a/drivers/cpufreq/intel_pstate.c
++++ b/drivers/cpufreq/intel_pstate.c
+@@ -2550,14 +2550,12 @@ static int intel_cpufreq_update_pstate(s
+ int old_pstate = cpu->pstate.current_pstate;
+
+ target_pstate = intel_pstate_prepare_request(cpu, target_pstate);
+- if (target_pstate != old_pstate) {
++ if (hwp_active) {
++ intel_cpufreq_adjust_hwp(cpu, target_pstate, fast_switch);
++ cpu->pstate.current_pstate = target_pstate;
++ } else if (target_pstate != old_pstate) {
++ intel_cpufreq_adjust_perf_ctl(cpu, target_pstate, fast_switch);
+ cpu->pstate.current_pstate = target_pstate;
+- if (hwp_active)
+- intel_cpufreq_adjust_hwp(cpu, target_pstate,
+- fast_switch);
+- else
+- intel_cpufreq_adjust_perf_ctl(cpu, target_pstate,
+- fast_switch);
+ }
+
+ intel_cpufreq_trace(cpu, fast_switch ? INTEL_PSTATE_TRACE_FAST_SWITCH :
+@@ -3014,6 +3012,7 @@ static int __init intel_pstate_init(void
+ hwp_mode_bdw = id->driver_data;
+ intel_pstate.attr = hwp_cpufreq_attrs;
+ intel_cpufreq.attr = hwp_cpufreq_attrs;
++ intel_cpufreq.flags |= CPUFREQ_NEED_UPDATE_LIMITS;
+ if (!default_driver)
+ default_driver = &intel_pstate;
+
--- /dev/null
+From 1c534352f47fd83eb08075ac2474f707e74bf7f7 Mon Sep 17 00:00:00 2001
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Fri, 23 Oct 2020 17:35:19 +0200
+Subject: cpufreq: Introduce CPUFREQ_NEED_UPDATE_LIMITS driver flag
+
+From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+
+commit 1c534352f47fd83eb08075ac2474f707e74bf7f7 upstream.
+
+Generally, a cpufreq driver may need to update some internal upper
+and lower frequency boundaries on policy max and min changes,
+respectively, but currently this does not work if the target
+frequency does not change along with the policy limit.
+
+Namely, if the target frequency does not change along with the
+policy min or max, the "target_freq == policy->cur" check in
+__cpufreq_driver_target() prevents driver callbacks from being
+invoked and they do not even have a chance to update the
+corresponding internal boundary.
+
+This particularly affects the "powersave" and "performance"
+governors that always set the target frequency to one of the
+policy limits and it never changes when the other limit is updated.
+
+To allow cpufreq the drivers needing to update internal frequency
+boundaries on policy limits changes to avoid this issue, introduce
+a new driver flag, CPUFREQ_NEED_UPDATE_LIMITS, that (when set) will
+neutralize the check mentioned above.
+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/cpufreq/cpufreq.c | 3 ++-
+ include/linux/cpufreq.h | 10 +++++++++-
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+--- a/drivers/cpufreq/cpufreq.c
++++ b/drivers/cpufreq/cpufreq.c
+@@ -2166,7 +2166,8 @@ int __cpufreq_driver_target(struct cpufr
+ * exactly same freq is called again and so we can save on few function
+ * calls.
+ */
+- if (target_freq == policy->cur)
++ if (target_freq == policy->cur &&
++ !(cpufreq_driver->flags & CPUFREQ_NEED_UPDATE_LIMITS))
+ return 0;
+
+ /* Save last value to restore later on errors */
+--- a/include/linux/cpufreq.h
++++ b/include/linux/cpufreq.h
+@@ -293,7 +293,7 @@ __ATTR(_name, 0644, show_##_name, store_
+
+ struct cpufreq_driver {
+ char name[CPUFREQ_NAME_LEN];
+- u8 flags;
++ u16 flags;
+ void *driver_data;
+
+ /* needed by all drivers */
+@@ -417,6 +417,14 @@ struct cpufreq_driver {
+ */
+ #define CPUFREQ_IS_COOLING_DEV BIT(7)
+
++/*
++ * Set by drivers that need to update internale upper and lower boundaries along
++ * with the target frequency and so the core and governors should also invoke
++ * the diver if the target frequency does not change, but the policy min or max
++ * may have changed.
++ */
++#define CPUFREQ_NEED_UPDATE_LIMITS BIT(8)
++
+ int cpufreq_register_driver(struct cpufreq_driver *driver_data);
+ int cpufreq_unregister_driver(struct cpufreq_driver *driver_data);
+
--- /dev/null
+From 8b7dc1fe1a5c1093551f6cd7dfbb941bd9081c2e Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 23 Oct 2020 09:46:55 +0200
+Subject: drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 8b7dc1fe1a5c1093551f6cd7dfbb941bd9081c2e upstream.
+
+ASSERT_CRITICAL() invokes kgdb_breakpoint() whenever either
+CONFIG_KGDB or CONFIG_HAVE_KGDB is set. This, however, may lead to a
+kernel panic when no kdb stuff is attached, since the
+kgdb_breakpoint() call issues INT3. It's nothing but a surprise for
+normal end-users.
+
+For avoiding the pitfall, make the kgdb_breakpoint() call only when
+CONFIG_DEBUG_KERNEL_DC is set.
+
+https://bugzilla.opensuse.org/show_bug.cgi?id=1177973
+Cc: <stable@vger.kernel.org>
+Acked-by: Alex Deucher <alexander.deucher@amd.com>
+Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/display/dc/os_types.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/display/dc/os_types.h
++++ b/drivers/gpu/drm/amd/display/dc/os_types.h
+@@ -90,7 +90,7 @@
+ * general debug capabilities
+ *
+ */
+-#if defined(CONFIG_HAVE_KGDB) || defined(CONFIG_KGDB)
++#if defined(CONFIG_DEBUG_KERNEL_DC) && (defined(CONFIG_HAVE_KGDB) || defined(CONFIG_KGDB))
+ #define ASSERT_CRITICAL(expr) do { \
+ if (WARN_ON(!(expr))) { \
+ kgdb_breakpoint(); \
--- /dev/null
+From 920bb38c518408fa2600eaefa0af9e82cf48f166 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Fri, 23 Oct 2020 09:46:54 +0200
+Subject: drm/amd/display: Fix kernel panic by dal_gpio_open() error
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 920bb38c518408fa2600eaefa0af9e82cf48f166 upstream.
+
+Currently both error code paths handled in dal_gpio_open_ex() issues
+ASSERT_CRITICAL(), and this leads to a kernel panic unnecessarily if
+CONFIG_KGDB is enabled. Since basically both are non-critical errors
+and can be recovered, drop those assert calls and use a safer one,
+BREAK_TO_DEBUGGER(), for allowing the debugging, instead.
+
+BugLink: https://bugzilla.opensuse.org/show_bug.cgi?id=1177973
+Cc: <stable@vger.kernel.org>
+Acked-by: Alex Deucher <alexander.deucher@amd.com>
+Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/display/dc/gpio/gpio_base.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpu/drm/amd/display/dc/gpio/gpio_base.c
++++ b/drivers/gpu/drm/amd/display/dc/gpio/gpio_base.c
+@@ -63,13 +63,13 @@ enum gpio_result dal_gpio_open_ex(
+ enum gpio_mode mode)
+ {
+ if (gpio->pin) {
+- ASSERT_CRITICAL(false);
++ BREAK_TO_DEBUGGER();
+ return GPIO_RESULT_ALREADY_OPENED;
+ }
+
+ // No action if allocation failed during gpio construct
+ if (!gpio->hw_container.ddc) {
+- ASSERT_CRITICAL(false);
++ BREAK_TO_DEBUGGER();
+ return GPIO_RESULT_NON_SPECIFIC_ERROR;
+ }
+ gpio->mode = mode;
--- /dev/null
+From 274c240c760ed4647ddae1f1b994e0dd3f71cbb1 Mon Sep 17 00:00:00 2001
+From: Likun Gao <Likun.Gao@amd.com>
+Date: Wed, 14 Oct 2020 14:05:18 +0800
+Subject: drm/amdgpu: add function to program pbb mode for sienna cichlid
+
+From: Likun Gao <Likun.Gao@amd.com>
+
+commit 274c240c760ed4647ddae1f1b994e0dd3f71cbb1 upstream.
+
+Add function for sienna_cichlid to force PBB workload mode to zero by
+checking whether there have SE been harvested.
+
+Signed-off-by: Likun Gao <Likun.Gao@amd.com>
+Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org # 5.9.x
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 62 +++++++++++++++++++++++++++++++++
+ 1 file changed, 62 insertions(+)
+
+--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
++++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+@@ -112,6 +112,22 @@
+ #define mmCP_HYP_ME_UCODE_DATA 0x5817
+ #define mmCP_HYP_ME_UCODE_DATA_BASE_IDX 1
+
++//CC_GC_SA_UNIT_DISABLE
++#define mmCC_GC_SA_UNIT_DISABLE 0x0fe9
++#define mmCC_GC_SA_UNIT_DISABLE_BASE_IDX 0
++#define CC_GC_SA_UNIT_DISABLE__SA_DISABLE__SHIFT 0x8
++#define CC_GC_SA_UNIT_DISABLE__SA_DISABLE_MASK 0x0000FF00L
++//GC_USER_SA_UNIT_DISABLE
++#define mmGC_USER_SA_UNIT_DISABLE 0x0fea
++#define mmGC_USER_SA_UNIT_DISABLE_BASE_IDX 0
++#define GC_USER_SA_UNIT_DISABLE__SA_DISABLE__SHIFT 0x8
++#define GC_USER_SA_UNIT_DISABLE__SA_DISABLE_MASK 0x0000FF00L
++//PA_SC_ENHANCE_3
++#define mmPA_SC_ENHANCE_3 0x1085
++#define mmPA_SC_ENHANCE_3_BASE_IDX 0
++#define PA_SC_ENHANCE_3__FORCE_PBB_WORKLOAD_MODE_TO_ZERO__SHIFT 0x3
++#define PA_SC_ENHANCE_3__FORCE_PBB_WORKLOAD_MODE_TO_ZERO_MASK 0x00000008L
++
+ MODULE_FIRMWARE("amdgpu/navi10_ce.bin");
+ MODULE_FIRMWARE("amdgpu/navi10_pfp.bin");
+ MODULE_FIRMWARE("amdgpu/navi10_me.bin");
+@@ -3189,6 +3205,8 @@ static int gfx_v10_0_wait_for_rlc_autolo
+ static void gfx_v10_0_ring_emit_ce_meta(struct amdgpu_ring *ring, bool resume);
+ static void gfx_v10_0_ring_emit_de_meta(struct amdgpu_ring *ring, bool resume);
+ static void gfx_v10_0_ring_emit_frame_cntl(struct amdgpu_ring *ring, bool start, bool secure);
++static u32 gfx_v10_3_get_disabled_sa(struct amdgpu_device *adev);
++static void gfx_v10_3_program_pbb_mode(struct amdgpu_device *adev);
+
+ static void gfx10_kiq_set_resources(struct amdgpu_ring *kiq_ring, uint64_t queue_mask)
+ {
+@@ -6929,6 +6947,9 @@ static int gfx_v10_0_hw_init(void *handl
+ if (r)
+ return r;
+
++ if (adev->asic_type == CHIP_SIENNA_CICHLID)
++ gfx_v10_3_program_pbb_mode(adev);
++
+ return r;
+ }
+
+@@ -8774,6 +8795,47 @@ static int gfx_v10_0_get_cu_info(struct
+ return 0;
+ }
+
++static u32 gfx_v10_3_get_disabled_sa(struct amdgpu_device *adev)
++{
++ uint32_t efuse_setting, vbios_setting, disabled_sa, max_sa_mask;
++
++ efuse_setting = RREG32_SOC15(GC, 0, mmCC_GC_SA_UNIT_DISABLE);
++ efuse_setting &= CC_GC_SA_UNIT_DISABLE__SA_DISABLE_MASK;
++ efuse_setting >>= CC_GC_SA_UNIT_DISABLE__SA_DISABLE__SHIFT;
++
++ vbios_setting = RREG32_SOC15(GC, 0, mmGC_USER_SA_UNIT_DISABLE);
++ vbios_setting &= GC_USER_SA_UNIT_DISABLE__SA_DISABLE_MASK;
++ vbios_setting >>= GC_USER_SA_UNIT_DISABLE__SA_DISABLE__SHIFT;
++
++ max_sa_mask = amdgpu_gfx_create_bitmask(adev->gfx.config.max_sh_per_se *
++ adev->gfx.config.max_shader_engines);
++ disabled_sa = efuse_setting | vbios_setting;
++ disabled_sa &= max_sa_mask;
++
++ return disabled_sa;
++}
++
++static void gfx_v10_3_program_pbb_mode(struct amdgpu_device *adev)
++{
++ uint32_t max_sa_per_se, max_sa_per_se_mask, max_shader_engines;
++ uint32_t disabled_sa_mask, se_index, disabled_sa_per_se;
++
++ disabled_sa_mask = gfx_v10_3_get_disabled_sa(adev);
++
++ max_sa_per_se = adev->gfx.config.max_sh_per_se;
++ max_sa_per_se_mask = (1 << max_sa_per_se) - 1;
++ max_shader_engines = adev->gfx.config.max_shader_engines;
++
++ for (se_index = 0; max_shader_engines > se_index; se_index++) {
++ disabled_sa_per_se = disabled_sa_mask >> (se_index * max_sa_per_se);
++ disabled_sa_per_se &= max_sa_per_se_mask;
++ if (disabled_sa_per_se == max_sa_per_se_mask) {
++ WREG32_FIELD15(GC, 0, PA_SC_ENHANCE_3, FORCE_PBB_WORKLOAD_MODE_TO_ZERO, 1);
++ break;
++ }
++ }
++}
++
+ const struct amdgpu_ip_block_version gfx_v10_0_ip_block =
+ {
+ .type = AMD_IP_BLOCK_TYPE_GFX,
--- /dev/null
+From 55bb919be4e4973cd037a04f527ecc6686800437 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig@amd.com>
+Date: Mon, 12 Oct 2020 13:09:36 +0200
+Subject: drm/amdgpu: increase the reserved VM size to 2MB
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Christian König <christian.koenig@amd.com>
+
+commit 55bb919be4e4973cd037a04f527ecc6686800437 upstream.
+
+Ideally this should be a multiple of the VM block size.
+2MB should at least fit for Vega/Navi.
+
+Signed-off-by: Christian König <christian.koenig@amd.com>
+Reviewed-by: Madhav Chauhan <madhav.chauhan@amd.com>
+Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.h
+@@ -112,8 +112,8 @@ struct amdgpu_bo_list_entry;
+ #define AMDGPU_MMHUB_0 1
+ #define AMDGPU_MMHUB_1 2
+
+-/* hardcode that limit for now */
+-#define AMDGPU_VA_RESERVED_SIZE (1ULL << 20)
++/* Reserve 2MB at top/bottom of address space for kernel use */
++#define AMDGPU_VA_RESERVED_SIZE (2ULL << 20)
+
+ /* max vmids dedicated for process */
+ #define AMDGPU_VM_MAX_RESERVED_VMID 1
--- /dev/null
+From fea456d82c19d201c21313864105876deabe148b Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@redhat.com>
+Date: Tue, 20 Oct 2020 08:22:53 +1000
+Subject: drm/ttm: fix eviction valuable range check.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Dave Airlie <airlied@redhat.com>
+
+commit fea456d82c19d201c21313864105876deabe148b upstream.
+
+This was adding size to start, but pfn and start are in pages,
+so it should be using num_pages.
+
+Not sure this fixes anything in the real world, just noticed it
+during refactoring.
+
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Reviewed-by: Christian König <christian.koenig@amd.com>
+Cc: stable@vger.kernel.org
+Link: https://patchwork.freedesktop.org/patch/msgid/20201019222257.1684769-2-airlied@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/ttm/ttm_bo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/ttm/ttm_bo.c
++++ b/drivers/gpu/drm/ttm/ttm_bo.c
+@@ -694,7 +694,7 @@ bool ttm_bo_eviction_valuable(struct ttm
+ /* Don't evict this BO if it's outside of the
+ * requested placement range
+ */
+- if (place->fpfn >= (bo->mem.start + bo->mem.size) ||
++ if (place->fpfn >= (bo->mem.start + bo->mem.num_pages) ||
+ (place->lpfn && place->lpfn <= bo->mem.start))
+ return false;
+
--- /dev/null
+From d9befedaafcf3a111428baa7c45b02923eab2d87 Mon Sep 17 00:00:00 2001
+From: "zhangyi (F)" <yi.zhang@huawei.com>
+Date: Thu, 24 Sep 2020 15:33:31 +0800
+Subject: ext4: clear buffer verified flag if read meta block from disk
+
+From: zhangyi (F) <yi.zhang@huawei.com>
+
+commit d9befedaafcf3a111428baa7c45b02923eab2d87 upstream.
+
+The metadata buffer is no longer trusted after we read it from disk
+again because it is not uptodate for some reasons (e.g. failed to write
+back). Otherwise we may get below memory corruption problem in
+ext4_ext_split()->memset() if we read stale data from the newly
+allocated extent block on disk which has been failed to async write
+out but miss verify again since the verified bit has already been set
+on the buffer.
+
+[ 29.774674] BUG: unable to handle kernel paging request at ffff88841949d000
+...
+[ 29.783317] Oops: 0002 [#2] SMP
+[ 29.784219] R10: 00000000000f4240 R11: 0000000000002e28 R12: ffff88842fa1c800
+[ 29.784627] CPU: 1 PID: 126 Comm: kworker/u4:3 Tainted: G D W
+[ 29.785546] R13: ffffffff9cddcc20 R14: ffffffff9cddd420 R15: ffff88842fa1c2f8
+[ 29.786679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),BIOS ?-20190727_0738364
+[ 29.787588] FS: 0000000000000000(0000) GS:ffff88842fa00000(0000) knlGS:0000000000000000
+[ 29.789288] Workqueue: writeback wb_workfn
+[ 29.790319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 29.790321] (flush-8:0)
+[ 29.790844] CR2: 0000000000000008 CR3: 00000004234f2000 CR4: 00000000000006f0
+[ 29.791924] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 29.792839] RIP: 0010:__memset+0x24/0x30
+[ 29.793739] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 29.794256] Code: 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 033
+[ 29.795161] Kernel panic - not syncing: Fatal exception in interrupt
+...
+[ 29.808149] Call Trace:
+[ 29.808475] ext4_ext_insert_extent+0x102e/0x1be0
+[ 29.809085] ext4_ext_map_blocks+0xa89/0x1bb0
+[ 29.809652] ext4_map_blocks+0x290/0x8a0
+[ 29.809085] ext4_ext_map_blocks+0xa89/0x1bb0
+[ 29.809652] ext4_map_blocks+0x290/0x8a0
+[ 29.810161] ext4_writepages+0xc85/0x17c0
+...
+
+Fix this by clearing buffer's verified bit if we read meta block from
+disk again.
+
+Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20200924073337.861472-2-yi.zhang@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/balloc.c | 1 +
+ fs/ext4/extents.c | 1 +
+ fs/ext4/ialloc.c | 1 +
+ fs/ext4/inode.c | 5 ++++-
+ fs/ext4/super.c | 1 +
+ 5 files changed, 8 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/balloc.c
++++ b/fs/ext4/balloc.c
+@@ -494,6 +494,7 @@ ext4_read_block_bitmap_nowait(struct sup
+ * submit the buffer_head for reading
+ */
+ set_buffer_new(bh);
++ clear_buffer_verified(bh);
+ trace_ext4_read_block_bitmap_load(sb, block_group, ignore_locked);
+ bh->b_end_io = ext4_end_bitmap_read;
+ get_bh(bh);
+--- a/fs/ext4/extents.c
++++ b/fs/ext4/extents.c
+@@ -501,6 +501,7 @@ __read_extent_tree_block(const char *fun
+
+ if (!bh_uptodate_or_lock(bh)) {
+ trace_ext4_ext_load_extent(inode, pblk, _RET_IP_);
++ clear_buffer_verified(bh);
+ err = bh_submit_read(bh);
+ if (err < 0)
+ goto errout;
+--- a/fs/ext4/ialloc.c
++++ b/fs/ext4/ialloc.c
+@@ -188,6 +188,7 @@ ext4_read_inode_bitmap(struct super_bloc
+ /*
+ * submit the buffer_head for reading
+ */
++ clear_buffer_verified(bh);
+ trace_ext4_load_inode_bitmap(sb, block_group);
+ bh->b_end_io = ext4_end_bitmap_read;
+ get_bh(bh);
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -884,6 +884,7 @@ struct buffer_head *ext4_bread(handle_t
+ return bh;
+ if (!bh || ext4_buffer_uptodate(bh))
+ return bh;
++ clear_buffer_verified(bh);
+ ll_rw_block(REQ_OP_READ, REQ_META | REQ_PRIO, 1, &bh);
+ wait_on_buffer(bh);
+ if (buffer_uptodate(bh))
+@@ -909,9 +910,11 @@ int ext4_bread_batch(struct inode *inode
+
+ for (i = 0; i < bh_count; i++)
+ /* Note that NULL bhs[i] is valid because of holes. */
+- if (bhs[i] && !ext4_buffer_uptodate(bhs[i]))
++ if (bhs[i] && !ext4_buffer_uptodate(bhs[i])) {
++ clear_buffer_verified(bhs[i]);
+ ll_rw_block(REQ_OP_READ, REQ_META | REQ_PRIO, 1,
+ &bhs[i]);
++ }
+
+ if (!wait)
+ return 0;
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -156,6 +156,7 @@ ext4_sb_bread(struct super_block *sb, se
+ return ERR_PTR(-ENOMEM);
+ if (ext4_buffer_uptodate(bh))
+ return bh;
++ clear_buffer_verified(bh);
+ ll_rw_block(REQ_OP_READ, REQ_META | op_flags, 1, &bh);
+ wait_on_buffer(bh);
+ if (buffer_uptodate(bh))
--- /dev/null
+From d7dce9e08595e80bf8039a81794809c66fe26431 Mon Sep 17 00:00:00 2001
+From: yangerkun <yangerkun@huawei.com>
+Date: Wed, 28 Oct 2020 13:56:17 +0800
+Subject: ext4: do not use extent after put_bh
+
+From: yangerkun <yangerkun@huawei.com>
+
+commit d7dce9e08595e80bf8039a81794809c66fe26431 upstream.
+
+ext4_ext_search_right() will read more extent blocks and call put_bh
+after we get the information we need. However, ret_ex will break this
+and may cause use-after-free once pagecache has been freed. Fix it by
+copying the extent structure if needed.
+
+Signed-off-by: yangerkun <yangerkun@huawei.com>
+Link: https://lore.kernel.org/r/20201028055617.2569255-1-yangerkun@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Cc: stable@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/extents.c | 30 +++++++++++++++---------------
+ 1 file changed, 15 insertions(+), 15 deletions(-)
+
+--- a/fs/ext4/extents.c
++++ b/fs/ext4/extents.c
+@@ -1472,16 +1472,16 @@ static int ext4_ext_search_left(struct i
+ }
+
+ /*
+- * search the closest allocated block to the right for *logical
+- * and returns it at @logical + it's physical address at @phys
+- * if *logical is the largest allocated block, the function
+- * returns 0 at @phys
+- * return value contains 0 (success) or error code
++ * Search the closest allocated block to the right for *logical
++ * and returns it at @logical + it's physical address at @phys.
++ * If not exists, return 0 and @phys is set to 0. We will return
++ * 1 which means we found an allocated block and ret_ex is valid.
++ * Or return a (< 0) error code.
+ */
+ static int ext4_ext_search_right(struct inode *inode,
+ struct ext4_ext_path *path,
+ ext4_lblk_t *logical, ext4_fsblk_t *phys,
+- struct ext4_extent **ret_ex)
++ struct ext4_extent *ret_ex)
+ {
+ struct buffer_head *bh = NULL;
+ struct ext4_extent_header *eh;
+@@ -1575,10 +1575,11 @@ got_index:
+ found_extent:
+ *logical = le32_to_cpu(ex->ee_block);
+ *phys = ext4_ext_pblock(ex);
+- *ret_ex = ex;
++ if (ret_ex)
++ *ret_ex = *ex;
+ if (bh)
+ put_bh(bh);
+- return 0;
++ return 1;
+ }
+
+ /*
+@@ -2869,8 +2870,8 @@ again:
+ */
+ lblk = ex_end + 1;
+ err = ext4_ext_search_right(inode, path, &lblk, &pblk,
+- &ex);
+- if (err)
++ NULL);
++ if (err < 0)
+ goto out;
+ if (pblk) {
+ partial.pclu = EXT4_B2C(sbi, pblk);
+@@ -4038,7 +4039,7 @@ int ext4_ext_map_blocks(handle_t *handle
+ struct ext4_map_blocks *map, int flags)
+ {
+ struct ext4_ext_path *path = NULL;
+- struct ext4_extent newex, *ex, *ex2;
++ struct ext4_extent newex, *ex, ex2;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ ext4_fsblk_t newblock = 0, pblk;
+ int err = 0, depth, ret;
+@@ -4174,15 +4175,14 @@ int ext4_ext_map_blocks(handle_t *handle
+ if (err)
+ goto out;
+ ar.lright = map->m_lblk;
+- ex2 = NULL;
+ err = ext4_ext_search_right(inode, path, &ar.lright, &ar.pright, &ex2);
+- if (err)
++ if (err < 0)
+ goto out;
+
+ /* Check if the extent after searching to the right implies a
+ * cluster we can use. */
+- if ((sbi->s_cluster_ratio > 1) && ex2 &&
+- get_implied_cluster_alloc(inode->i_sb, map, ex2, path)) {
++ if ((sbi->s_cluster_ratio > 1) && err &&
++ get_implied_cluster_alloc(inode->i_sb, map, &ex2, path)) {
+ ar.len = allocated = map->m_len;
+ newblock = map->m_pblk;
+ goto got_allocated_blocks;
--- /dev/null
+From 9704a322ea67fdb05fc66cf431fdd01c2424bbd9 Mon Sep 17 00:00:00 2001
+From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
+Date: Sun, 27 Sep 2020 22:05:56 -0400
+Subject: ext4: fix bdev write error check failed when mount fs with ro
+
+From: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
+
+commit 9704a322ea67fdb05fc66cf431fdd01c2424bbd9 upstream.
+
+Consider a situation when a filesystem was uncleanly shutdown and the
+orphan list is not empty and a read-only mount is attempted. The orphan
+list cleanup during mount will fail with:
+
+ext4_check_bdev_write_error:193: comm mount: Error while async write back metadata
+
+This happens because sbi->s_bdev_wb_err is not initialized when mounting
+the filesystem in read only mode and so ext4_check_bdev_write_error()
+falsely triggers.
+
+Initialize sbi->s_bdev_wb_err unconditionally to avoid this problem.
+
+Fixes: bc71726c7257 ("ext4: abort the filesystem if failed to async write metadata buffer")
+Cc: stable@kernel.org
+Signed-off-by: Zhang Xiaoxu <zhangxiaoxu5@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20200928020556.710971-1-zhangxiaoxu5@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/super.c | 13 ++-----------
+ 1 file changed, 2 insertions(+), 11 deletions(-)
+
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -4826,9 +4826,8 @@ no_journal:
+ * used to detect the metadata async write error.
+ */
+ spin_lock_init(&sbi->s_bdev_wb_lock);
+- if (!sb_rdonly(sb))
+- errseq_check_and_advance(&sb->s_bdev->bd_inode->i_mapping->wb_err,
+- &sbi->s_bdev_wb_err);
++ errseq_check_and_advance(&sb->s_bdev->bd_inode->i_mapping->wb_err,
++ &sbi->s_bdev_wb_err);
+ sb->s_bdev->bd_super = sb;
+ EXT4_SB(sb)->s_mount_state |= EXT4_ORPHAN_FS;
+ ext4_orphan_cleanup(sb, es);
+@@ -5721,14 +5720,6 @@ static int ext4_remount(struct super_blo
+ }
+
+ /*
+- * Update the original bdev mapping's wb_err value
+- * which could be used to detect the metadata async
+- * write error.
+- */
+- errseq_check_and_advance(&sb->s_bdev->bd_inode->i_mapping->wb_err,
+- &sbi->s_bdev_wb_err);
+-
+- /*
+ * Mounting a RDONLY partition read-write, so reread
+ * and store the current valid flag. (It may have
+ * been changed by e2fsck since we originally mounted
--- /dev/null
+From d1e18b8824dd50cff255e6cecf515ea598eaf9f0 Mon Sep 17 00:00:00 2001
+From: Ritesh Harjani <riteshh@linux.ibm.com>
+Date: Thu, 8 Oct 2020 20:32:48 +0530
+Subject: ext4: fix bs < ps issue reported with dioread_nolock mount opt
+
+From: Ritesh Harjani <riteshh@linux.ibm.com>
+
+commit d1e18b8824dd50cff255e6cecf515ea598eaf9f0 upstream.
+
+left shifting m_lblk by blkbits was causing value overflow and hence
+it was not able to convert unwritten to written extent.
+So, make sure we typecast it to loff_t before do left shift operation.
+Also in func ext4_convert_unwritten_io_end_vec(), make sure to initialize
+ret variable to avoid accidentally returning an uninitialized ret.
+
+This patch fixes the issue reported in ext4 for bs < ps with
+dioread_nolock mount option.
+
+Fixes: c8cc88163f40df39e50c ("ext4: Add support for blocksize < pagesize in dioread_nolock")
+Cc: stable@kernel.org
+Reported-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/af902b5db99e8b73980c795d84ad7bb417487e76.1602168865.git.riteshh@linux.ibm.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/extents.c | 2 +-
+ fs/ext4/inode.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/ext4/extents.c
++++ b/fs/ext4/extents.c
+@@ -4770,7 +4770,7 @@ int ext4_convert_unwritten_extents(handl
+
+ int ext4_convert_unwritten_io_end_vec(handle_t *handle, ext4_io_end_t *io_end)
+ {
+- int ret, err = 0;
++ int ret = 0, err = 0;
+ struct ext4_io_end_vec *io_end_vec;
+
+ /*
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -2257,7 +2257,7 @@ static int mpage_process_page(struct mpa
+ err = PTR_ERR(io_end_vec);
+ goto out;
+ }
+- io_end_vec->offset = mpd->map.m_lblk << blkbits;
++ io_end_vec->offset = (loff_t)mpd->map.m_lblk << blkbits;
+ }
+ *map_bh = true;
+ goto out;
--- /dev/null
+From c9e87161cc621cbdcfc472fa0b2d81c63780c8f5 Mon Sep 17 00:00:00 2001
+From: Dinghao Liu <dinghao.liu@zju.edu.cn>
+Date: Sat, 29 Aug 2020 10:54:02 +0800
+Subject: ext4: fix error handling code in add_new_gdb
+
+From: Dinghao Liu <dinghao.liu@zju.edu.cn>
+
+commit c9e87161cc621cbdcfc472fa0b2d81c63780c8f5 upstream.
+
+When ext4_journal_get_write_access() fails, we should
+terminate the execution flow and release n_group_desc,
+iloc.bh, dind and gdb_bh.
+
+Cc: stable@kernel.org
+Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Link: https://lore.kernel.org/r/20200829025403.3139-1-dinghao.liu@zju.edu.cn
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/resize.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -843,8 +843,10 @@ static int add_new_gdb(handle_t *handle,
+
+ BUFFER_TRACE(dind, "get_write_access");
+ err = ext4_journal_get_write_access(handle, dind);
+- if (unlikely(err))
++ if (unlikely(err)) {
+ ext4_std_error(sb, err);
++ goto errout;
++ }
+
+ /* ext4_reserve_inode_write() gets a reference on the iloc */
+ err = ext4_reserve_inode_write(handle, inode, &iloc);
--- /dev/null
+From 1322181170bb01bce3c228b82ae3d5c6b793164f Mon Sep 17 00:00:00 2001
+From: Luo Meng <luomeng12@huawei.com>
+Date: Tue, 20 Oct 2020 09:36:31 +0800
+Subject: ext4: fix invalid inode checksum
+
+From: Luo Meng <luomeng12@huawei.com>
+
+commit 1322181170bb01bce3c228b82ae3d5c6b793164f upstream.
+
+During the stability test, there are some errors:
+ ext4_lookup:1590: inode #6967: comm fsstress: iget: checksum invalid.
+
+If the inode->i_iblocks too big and doesn't set huge file flag, checksum
+will not be recalculated when update the inode information to it's buffer.
+If other inode marks the buffer dirty, then the inconsistent inode will
+be flushed to disk.
+
+Fix this problem by checking i_blocks in advance.
+
+Cc: stable@kernel.org
+Signed-off-by: Luo Meng <luomeng12@huawei.com>
+Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
+Link: https://lore.kernel.org/r/20201020013631.3796673-1-luomeng12@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/inode.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -4982,6 +4982,12 @@ static int ext4_do_update_inode(handle_t
+ if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
+ memset(raw_inode, 0, EXT4_SB(inode->i_sb)->s_inode_size);
+
++ err = ext4_inode_blocks_set(handle, raw_inode, ei);
++ if (err) {
++ spin_unlock(&ei->i_raw_lock);
++ goto out_brelse;
++ }
++
+ raw_inode->i_mode = cpu_to_le16(inode->i_mode);
+ i_uid = i_uid_read(inode);
+ i_gid = i_gid_read(inode);
+@@ -5015,11 +5021,6 @@ static int ext4_do_update_inode(handle_t
+ EXT4_INODE_SET_XTIME(i_atime, inode, raw_inode);
+ EXT4_EINODE_SET_XTIME(i_crtime, ei, raw_inode);
+
+- err = ext4_inode_blocks_set(handle, raw_inode, ei);
+- if (err) {
+- spin_unlock(&ei->i_raw_lock);
+- goto out_brelse;
+- }
+ raw_inode->i_dtime = cpu_to_le32(ei->i_dtime);
+ raw_inode->i_flags = cpu_to_le32(ei->i_flags & 0xFFFFFFFF);
+ if (likely(!test_opt2(inode->i_sb, HURD_COMPAT)))
--- /dev/null
+From cb8d53d2c97369029cc638c9274ac7be0a316c75 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Tue, 22 Sep 2020 09:24:56 -0700
+Subject: ext4: fix leaking sysfs kobject after failed mount
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit cb8d53d2c97369029cc638c9274ac7be0a316c75 upstream.
+
+ext4_unregister_sysfs() only deletes the kobject. The reference to it
+needs to be put separately, like ext4_put_super() does.
+
+This addresses the syzbot report
+"memory leak in kobject_set_name_vargs (3)"
+(https://syzkaller.appspot.com/bug?extid=9f864abad79fae7c17e1).
+
+Reported-by: syzbot+9f864abad79fae7c17e1@syzkaller.appspotmail.com
+Fixes: 72ba74508b28 ("ext4: release sysfs kobject when failing to enable quotas on mount")
+Cc: stable@vger.kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20200922162456.93657-1-ebiggers@kernel.org
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/super.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -4872,6 +4872,7 @@ cantfind_ext4:
+
+ failed_mount8:
+ ext4_unregister_sysfs(sb);
++ kobject_put(&sbi->s_kobj);
+ failed_mount7:
+ ext4_unregister_li_request(sb);
+ failed_mount6:
--- /dev/null
+From acaa532687cdc3a03757defafece9c27aa667546 Mon Sep 17 00:00:00 2001
+From: Constantine Sapuntzakis <costa@purestorage.com>
+Date: Mon, 14 Sep 2020 10:10:14 -0600
+Subject: ext4: fix superblock checksum calculation race
+
+From: Constantine Sapuntzakis <costa@purestorage.com>
+
+commit acaa532687cdc3a03757defafece9c27aa667546 upstream.
+
+The race condition could cause the persisted superblock checksum
+to not match the contents of the superblock, causing the
+superblock to be considered corrupt.
+
+An example of the race follows. A first thread is interrupted in the
+middle of a checksum calculation. Then, another thread changes the
+superblock, calculates a new checksum, and sets it. Then, the first
+thread resumes and sets the checksum based on the older superblock.
+
+To fix, serialize the superblock checksum calculation using the buffer
+header lock. While a spinlock is sufficient, the buffer header is
+already there and there is precedent for locking it (e.g. in
+ext4_commit_super).
+
+Tested the patch by booting up a kernel with the patch, creating
+a filesystem and some files (including some orphans), and then
+unmounting and remounting the file system.
+
+Cc: stable@kernel.org
+Signed-off-by: Constantine Sapuntzakis <costa@purestorage.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Suggested-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20200914161014.22275-1-costa@purestorage.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/super.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -201,7 +201,18 @@ void ext4_superblock_csum_set(struct sup
+ if (!ext4_has_metadata_csum(sb))
+ return;
+
++ /*
++ * Locking the superblock prevents the scenario
++ * where:
++ * 1) a first thread pauses during checksum calculation.
++ * 2) a second thread updates the superblock, recalculates
++ * the checksum, and updates s_checksum
++ * 3) the first thread resumes and finishes its checksum calculation
++ * and updates s_checksum with a potentially stale or torn value.
++ */
++ lock_buffer(EXT4_SB(sb)->s_sbh);
+ es->s_checksum = ext4_superblock_csum(sb, es);
++ unlock_buffer(EXT4_SB(sb)->s_sbh);
+ }
+
+ ext4_fsblk_t ext4_block_bitmap(struct super_block *sb,
--- /dev/null
+From 0e6895ba00b7be45f3ab0d2107dda3ef1245f5b4 Mon Sep 17 00:00:00 2001
+From: Ritesh Harjani <riteshh@linux.ibm.com>
+Date: Fri, 4 Sep 2020 14:46:53 +0530
+Subject: ext4: implement swap_activate aops using iomap
+
+From: Ritesh Harjani <riteshh@linux.ibm.com>
+
+commit 0e6895ba00b7be45f3ab0d2107dda3ef1245f5b4 upstream.
+
+After moving ext4's bmap to iomap interface, swapon functionality
+on files created using fallocate (which creates unwritten extents) are
+failing. This is since iomap_bmap interface returns 0 for unwritten
+extents and thus generic_swapfile_activate considers this as holes
+and hence bail out with below kernel msg :-
+
+[340.915835] swapon: swapfile has holes
+
+To fix this we need to implement ->swap_activate aops in ext4
+which will use ext4_iomap_report_ops. Since we only need to return
+the list of extents so ext4_iomap_report_ops should be enough.
+
+Cc: stable@kernel.org
+Reported-by: Yuxuan Shui <yshuiv7@gmail.com>
+Fixes: ac58e4fb03f ("ext4: move ext4 bmap to use iomap infrastructure")
+Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com>
+Link: https://lore.kernel.org/r/20200904091653.1014334-1-riteshh@linux.ibm.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/inode.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -3601,6 +3601,13 @@ static int ext4_set_page_dirty(struct pa
+ return __set_page_dirty_buffers(page);
+ }
+
++static int ext4_iomap_swap_activate(struct swap_info_struct *sis,
++ struct file *file, sector_t *span)
++{
++ return iomap_swapfile_activate(sis, file, span,
++ &ext4_iomap_report_ops);
++}
++
+ static const struct address_space_operations ext4_aops = {
+ .readpage = ext4_readpage,
+ .readahead = ext4_readahead,
+@@ -3616,6 +3623,7 @@ static const struct address_space_operat
+ .migratepage = buffer_migrate_page,
+ .is_partially_uptodate = block_is_partially_uptodate,
+ .error_remove_page = generic_error_remove_page,
++ .swap_activate = ext4_iomap_swap_activate,
+ };
+
+ static const struct address_space_operations ext4_journalled_aops = {
+@@ -3632,6 +3640,7 @@ static const struct address_space_operat
+ .direct_IO = noop_direct_IO,
+ .is_partially_uptodate = block_is_partially_uptodate,
+ .error_remove_page = generic_error_remove_page,
++ .swap_activate = ext4_iomap_swap_activate,
+ };
+
+ static const struct address_space_operations ext4_da_aops = {
+@@ -3649,6 +3658,7 @@ static const struct address_space_operat
+ .migratepage = buffer_migrate_page,
+ .is_partially_uptodate = block_is_partially_uptodate,
+ .error_remove_page = generic_error_remove_page,
++ .swap_activate = ext4_iomap_swap_activate,
+ };
+
+ static const struct address_space_operations ext4_dax_aops = {
+@@ -3657,6 +3667,7 @@ static const struct address_space_operat
+ .set_page_dirty = noop_set_page_dirty,
+ .bmap = ext4_bmap,
+ .invalidatepage = noop_invalidatepage,
++ .swap_activate = ext4_iomap_swap_activate,
+ };
+
+ void ext4_set_aops(struct inode *inode)
--- /dev/null
+From 4e0ba5577dba686f96c1c10ef4166380667fdec7 Mon Sep 17 00:00:00 2001
+From: Chen Yu <yu.c.chen@intel.com>
+Date: Sun, 25 Oct 2020 00:29:53 +0800
+Subject: intel_idle: Fix max_cstate for processor models without C-state tables
+
+From: Chen Yu <yu.c.chen@intel.com>
+
+commit 4e0ba5577dba686f96c1c10ef4166380667fdec7 upstream.
+
+Currently intel_idle driver gets the c-state information from ACPI
+_CST if the processor model is not recognized by it. However the
+c-state in _CST starts with index 1 which is different from the
+index in intel_idle driver's internal c-state table.
+
+While intel_idle_max_cstate_reached() was previously introduced to
+deal with intel_idle driver's internal c-state table, re-using
+this function directly on _CST is incorrect.
+
+Fix this by subtracting 1 from the index when checking max_cstate
+in the _CST case.
+
+For example, append intel_idle.max_cstate=1 in boot command line,
+Before the patch:
+grep . /sys/devices/system/cpu/cpu0/cpuidle/state*/name
+POLL
+After the patch:
+grep . /sys/devices/system/cpu/cpu0/cpuidle/state*/name
+/sys/devices/system/cpu/cpu0/cpuidle/state0/name:POLL
+/sys/devices/system/cpu/cpu0/cpuidle/state1/name:C1_ACPI
+
+Fixes: 18734958e9bf ("intel_idle: Use ACPI _CST for processor models without C-state tables")
+Reported-by: Pengfei Xu <pengfei.xu@intel.com>
+Cc: 5.6+ <stable@vger.kernel.org> # 5.6+
+Signed-off-by: Chen Yu <yu.c.chen@intel.com>
+[ rjw: Changelog edits ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/idle/intel_idle.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/idle/intel_idle.c
++++ b/drivers/idle/intel_idle.c
+@@ -1235,7 +1235,7 @@ static void __init intel_idle_init_cstat
+ struct acpi_processor_cx *cx;
+ struct cpuidle_state *state;
+
+- if (intel_idle_max_cstate_reached(cstate))
++ if (intel_idle_max_cstate_reached(cstate - 1))
+ break;
+
+ cx = &acpi_state_table.states[cstate];
--- /dev/null
+From 75af76d0a34e048651a6af311781d7206b6964c7 Mon Sep 17 00:00:00 2001
+From: Mel Gorman <mgorman@techsingularity.net>
+Date: Fri, 16 Oct 2020 17:28:32 +0200
+Subject: intel_idle: Ignore _CST if control cannot be taken from the platform
+
+From: Mel Gorman <mgorman@techsingularity.net>
+
+commit 75af76d0a34e048651a6af311781d7206b6964c7 upstream.
+
+e6d4f08a6776 ("intel_idle: Use ACPI _CST on server systems") avoids
+enabling c-states that have been disabled by the platform with the
+exception of C1E.
+
+Unfortunately, BIOS implementations are not always consistent in terms
+of how capabilities are advertised and control cannot always be handed
+over. If control cannot be handed over then intel_idle reports that "ACPI
+_CST not found or not usable" but does not clear acpi_state_table.count
+meaning the information is still partially used.
+
+This patch ignores ACPI information if CST control cannot be requested from
+the platform. This was only observed on a number of Haswell platforms that
+had identical CPUs but not identical BIOS versions. While this problem
+may be rare overall, 24 separate test cases bisected to this specific
+commit across 4 separate test machines and is worth addressing. If the
+situation occurs, the kernel behaves as it did before commit e6d4f08a6776
+and uses any c-states that are discovered.
+
+The affected test cases were all ones that involved a small number of
+processes -- exec microbenchmark, pipe microbenchmark, git test suite,
+netperf, tbench with one client and system call microbenchmark. Each
+case benefits from being able to use turboboost which is prevented if the
+lower c-states are unavailable. This may mask real regressions specific
+to older hardware so it is worth addressing.
+
+C-state status before and after the patch
+
+5.9.0-vanilla POLL latency:0 disabled:0 default:enabled
+5.9.0-vanilla C1 latency:2 disabled:0 default:enabled
+5.9.0-vanilla C1E latency:10 disabled:0 default:enabled
+5.9.0-vanilla C3 latency:33 disabled:1 default:disabled
+5.9.0-vanilla C6 latency:133 disabled:1 default:disabled
+5.9.0-ignore-cst-v1r1 POLL latency:0 disabled:0 default:enabled
+5.9.0-ignore-cst-v1r1 C1 latency:2 disabled:0 default:enabled
+5.9.0-ignore-cst-v1r1 C1E latency:10 disabled:0 default:enabled
+5.9.0-ignore-cst-v1r1 C3 latency:33 disabled:0 default:enabled
+5.9.0-ignore-cst-v1r1 C6 latency:133 disabled:0 default:enabled
+
+Patch enables C3/C6.
+
+Netperf UDP_STREAM
+
+netperf-udp
+ 5.5.0 5.9.0
+ vanilla ignore-cst-v1r1
+Hmean send-64 193.41 ( 0.00%) 226.54 * 17.13%*
+Hmean send-128 392.16 ( 0.00%) 450.54 * 14.89%*
+Hmean send-256 769.94 ( 0.00%) 881.85 * 14.53%*
+Hmean send-1024 2994.21 ( 0.00%) 3468.95 * 15.85%*
+Hmean send-2048 5725.60 ( 0.00%) 6628.99 * 15.78%*
+Hmean send-3312 8468.36 ( 0.00%) 10288.02 * 21.49%*
+Hmean send-4096 10135.46 ( 0.00%) 12387.57 * 22.22%*
+Hmean send-8192 17142.07 ( 0.00%) 19748.11 * 15.20%*
+Hmean send-16384 28539.71 ( 0.00%) 30084.45 * 5.41%*
+
+Fixes: e6d4f08a6776 ("intel_idle: Use ACPI _CST on server systems")
+Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
+Cc: 5.6+ <stable@vger.kernel.org> # 5.6+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/idle/intel_idle.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/drivers/idle/intel_idle.c
++++ b/drivers/idle/intel_idle.c
+@@ -1212,14 +1212,13 @@ static bool __init intel_idle_acpi_cst_e
+ if (!intel_idle_cst_usable())
+ continue;
+
+- if (!acpi_processor_claim_cst_control()) {
+- acpi_state_table.count = 0;
+- return false;
+- }
++ if (!acpi_processor_claim_cst_control())
++ break;
+
+ return true;
+ }
+
++ acpi_state_table.count = 0;
+ pr_debug("ACPI _CST not found or not usable\n");
+ return false;
+ }
--- /dev/null
+From 28e1581c3b4ea5f98530064a103c6217bedeea73 Mon Sep 17 00:00:00 2001
+From: Ilya Dryomov <idryomov@gmail.com>
+Date: Wed, 7 Oct 2020 20:06:48 +0200
+Subject: libceph: clear con->out_msg on Policy::stateful_server faults
+
+From: Ilya Dryomov <idryomov@gmail.com>
+
+commit 28e1581c3b4ea5f98530064a103c6217bedeea73 upstream.
+
+con->out_msg must be cleared on Policy::stateful_server
+(!CEPH_MSG_CONNECT_LOSSY) faults. Not doing so botches the
+reconnection attempt, because after writing the banner the
+messenger moves on to writing the data section of that message
+(either from where it got interrupted by the connection reset or
+from the beginning) instead of writing struct ceph_msg_connect.
+This results in a bizarre error message because the server
+sends CEPH_MSGR_TAG_BADPROTOVER but we think we wrote struct
+ceph_msg_connect:
+
+ libceph: mds0 (1)172.21.15.45:6828 socket error on write
+ ceph: mds0 reconnect start
+ libceph: mds0 (1)172.21.15.45:6829 socket closed (con state OPEN)
+ libceph: mds0 (1)172.21.15.45:6829 protocol version mismatch, my 32 != server's 32
+ libceph: mds0 (1)172.21.15.45:6829 protocol version mismatch
+
+AFAICT this bug goes back to the dawn of the kernel client.
+The reason it survived for so long is that only MDS sessions
+are stateful and only two MDS messages have a data section:
+CEPH_MSG_CLIENT_RECONNECT (always, but reconnecting is rare)
+and CEPH_MSG_CLIENT_REQUEST (only when xattrs are involved).
+The connection has to get reset precisely when such message
+is being sent -- in this case it was the former.
+
+Cc: stable@vger.kernel.org
+Link: https://tracker.ceph.com/issues/47723
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ceph/messenger.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/net/ceph/messenger.c
++++ b/net/ceph/messenger.c
+@@ -2998,6 +2998,11 @@ static void con_fault(struct ceph_connec
+ ceph_msg_put(con->in_msg);
+ con->in_msg = NULL;
+ }
++ if (con->out_msg) {
++ BUG_ON(con->out_msg->con != con);
++ ceph_msg_put(con->out_msg);
++ con->out_msg = NULL;
++ }
+
+ /* Requeue anything that hasn't been acked */
+ list_splice_init(&con->out_sent, &con->out_queue);
--- /dev/null
+From c09f56b8f68d4d536bff518227aea323b835b2ce Mon Sep 17 00:00:00 2001
+From: Artur Molchanov <arturmolchanov@gmail.com>
+Date: Mon, 12 Oct 2020 01:00:45 +0300
+Subject: net/sunrpc: Fix return value for sysctl sunrpc.transports
+
+From: Artur Molchanov <arturmolchanov@gmail.com>
+
+commit c09f56b8f68d4d536bff518227aea323b835b2ce upstream.
+
+Fix returning value for sysctl sunrpc.transports.
+Return error code from sysctl proc_handler function proc_do_xprt instead of number of the written bytes.
+Otherwise sysctl returns random garbage for this key.
+
+Since v1:
+- Handle negative returned value from memory_read_from_buffer as an error
+
+Signed-off-by: Artur Molchanov <arturmolchanov@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/sysctl.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/net/sunrpc/sysctl.c
++++ b/net/sunrpc/sysctl.c
+@@ -70,7 +70,13 @@ static int proc_do_xprt(struct ctl_table
+ return 0;
+ }
+ len = svc_print_xprts(tmpbuf, sizeof(tmpbuf));
+- return memory_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len);
++ *lenp = memory_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len);
++
++ if (*lenp < 0) {
++ *lenp = 0;
++ return -EINVAL;
++ }
++ return 0;
+ }
+
+ static int
--- /dev/null
+From d3d4d028afb785e52c55024d779089654f8302e7 Mon Sep 17 00:00:00 2001
+From: Ansuel Smith <ansuelsmth@gmail.com>
+Date: Tue, 1 Sep 2020 14:49:54 +0200
+Subject: PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0
+
+From: Ansuel Smith <ansuelsmth@gmail.com>
+
+commit d3d4d028afb785e52c55024d779089654f8302e7 upstream.
+
+Qsdk U-Boot can incorrectly leave the PCIe interface in an undefined
+state if bootm command is used instead of bootipq. This is caused by the
+not deinit of PCIe when bootm is called. Reset the PCIe before init
+anyway to fix this U-Boot bug.
+
+Link: https://lore.kernel.org/r/20200901124955.137-1-ansuelsmth@gmail.com
+Fixes: 82a823833f4e ("PCI: qcom: Add Qualcomm PCIe controller driver")
+Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
+Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
+Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Cc: stable@vger.kernel.org # v4.19+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/controller/dwc/pcie-qcom.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/drivers/pci/controller/dwc/pcie-qcom.c
++++ b/drivers/pci/controller/dwc/pcie-qcom.c
+@@ -302,6 +302,9 @@ static void qcom_pcie_deinit_2_1_0(struc
+ reset_control_assert(res->por_reset);
+ reset_control_assert(res->ext_reset);
+ reset_control_assert(res->phy_reset);
++
++ writel(1, pcie->parf + PCIE20_PARF_PHY_CTRL);
++
+ regulator_bulk_disable(ARRAY_SIZE(res->supplies), res->supplies);
+ }
+
+@@ -314,6 +317,16 @@ static int qcom_pcie_init_2_1_0(struct q
+ u32 val;
+ int ret;
+
++ /* reset the PCIe interface as uboot can leave it undefined state */
++ reset_control_assert(res->pci_reset);
++ reset_control_assert(res->axi_reset);
++ reset_control_assert(res->ahb_reset);
++ reset_control_assert(res->por_reset);
++ reset_control_assert(res->ext_reset);
++ reset_control_assert(res->phy_reset);
++
++ writel(1, pcie->parf + PCIE20_PARF_PHY_CTRL);
++
+ ret = regulator_bulk_enable(ARRAY_SIZE(res->supplies), res->supplies);
+ if (ret < 0) {
+ dev_err(dev, "cannot enable regulators\n");
--- /dev/null
+From 0a1754b2a97efa644aa6e84d1db5b17c42251483 Mon Sep 17 00:00:00 2001
+From: Qiujun Huang <hqjagain@gmail.com>
+Date: Mon, 19 Oct 2020 22:22:42 +0800
+Subject: ring-buffer: Return 0 on success from ring_buffer_resize()
+
+From: Qiujun Huang <hqjagain@gmail.com>
+
+commit 0a1754b2a97efa644aa6e84d1db5b17c42251483 upstream.
+
+We don't need to check the new buffer size, and the return value
+had confused resize_buffer_duplicate_size().
+...
+ ret = ring_buffer_resize(trace_buf->buffer,
+ per_cpu_ptr(size_buf->data,cpu_id)->entries, cpu_id);
+ if (ret == 0)
+ per_cpu_ptr(trace_buf->data, cpu_id)->entries =
+ per_cpu_ptr(size_buf->data, cpu_id)->entries;
+...
+
+Link: https://lkml.kernel.org/r/20201019142242.11560-1-hqjagain@gmail.com
+
+Cc: stable@vger.kernel.org
+Fixes: d60da506cbeb3 ("tracing: Add a resize function to make one buffer equivalent to another buffer")
+Signed-off-by: Qiujun Huang <hqjagain@gmail.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/ring_buffer.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -1952,18 +1952,18 @@ int ring_buffer_resize(struct trace_buff
+ {
+ struct ring_buffer_per_cpu *cpu_buffer;
+ unsigned long nr_pages;
+- int cpu, err = 0;
++ int cpu, err;
+
+ /*
+ * Always succeed at resizing a non-existent buffer:
+ */
+ if (!buffer)
+- return size;
++ return 0;
+
+ /* Make sure the requested buffer exists */
+ if (cpu_id != RING_BUFFER_ALL_CPUS &&
+ !cpumask_test_cpu(cpu_id, buffer->cpumask))
+- return size;
++ return 0;
+
+ nr_pages = DIV_ROUND_UP(size, BUF_PAGE_SIZE);
+
+@@ -2119,7 +2119,7 @@ int ring_buffer_resize(struct trace_buff
+ }
+
+ mutex_unlock(&buffer->mutex);
+- return size;
++ return 0;
+
+ out_err:
+ for_each_buffer_cpu(buffer, cpu) {
drm-amdgpu-correct-the-gpu-reset-handling-for-job-null-case.patch
drm-amdkfd-use-same-sq-prefetch-setting-as-amdgpu.patch
drm-amd-display-avoid-mst-manager-resource-leak.patch
+drm-amdgpu-add-function-to-program-pbb-mode-for-sienna-cichlid.patch
+drm-amdgpu-increase-the-reserved-vm-size-to-2mb.patch
+drm-amd-display-don-t-invoke-kgdb_breakpoint-unconditionally.patch
+drm-amd-display-fix-kernel-panic-by-dal_gpio_open-error.patch
+ceph-promote-to-unsigned-long-long-before-shifting.patch
+libceph-clear-con-out_msg-on-policy-stateful_server-faults.patch
+9p-cast-to-loff_t-before-multiplying.patch
+net-sunrpc-fix-return-value-for-sysctl-sunrpc.transports.patch
+pci-qcom-make-sure-pcie-is-reset-before-init-for-rev-2.1.0.patch
+ring-buffer-return-0-on-success-from-ring_buffer_resize.patch
+intel_idle-ignore-_cst-if-control-cannot-be-taken-from-the-platform.patch
+intel_idle-fix-max_cstate-for-processor-models-without-c-state-tables.patch
+cpufreq-avoid-configuring-old-governors-as-default-with-intel_pstate.patch
+cpufreq-introduce-cpufreq_need_update_limits-driver-flag.patch
+cpufreq-intel_pstate-avoid-missing-hwp-max-updates-in-passive-mode.patch
+vringh-fix-__vringh_iov-when-riov-and-wiov-are-different.patch
+ext4-fix-leaking-sysfs-kobject-after-failed-mount.patch
+ext4-fix-error-handling-code-in-add_new_gdb.patch
+ext4-implement-swap_activate-aops-using-iomap.patch
+ext4-fix-invalid-inode-checksum.patch
+ext4-fix-superblock-checksum-calculation-race.patch
+ext4-clear-buffer-verified-flag-if-read-meta-block-from-disk.patch
+ext4-fix-bdev-write-error-check-failed-when-mount-fs-with-ro.patch
+ext4-fix-bs-ps-issue-reported-with-dioread_nolock-mount-opt.patch
+ext4-do-not-use-extent-after-put_bh.patch
+drm-ttm-fix-eviction-valuable-range-check.patch
--- /dev/null
+From 5745bcfbbf89b158416075374254d3c013488f21 Mon Sep 17 00:00:00 2001
+From: Stefano Garzarella <sgarzare@redhat.com>
+Date: Thu, 8 Oct 2020 22:42:56 +0200
+Subject: vringh: fix __vringh_iov() when riov and wiov are different
+
+From: Stefano Garzarella <sgarzare@redhat.com>
+
+commit 5745bcfbbf89b158416075374254d3c013488f21 upstream.
+
+If riov and wiov are both defined and they point to different
+objects, only riov is initialized. If the wiov is not initialized
+by the caller, the function fails returning -EINVAL and printing
+"Readable desc 0x... after writable" error message.
+
+This issue happens when descriptors have both readable and writable
+buffers (eg. virtio-blk devices has virtio_blk_outhdr in the readable
+buffer and status as last byte of writable buffer) and we call
+__vringh_iov() to get both type of buffers in two different iovecs.
+
+Let's replace the 'else if' clause with 'if' to initialize both
+riov and wiov if they are not NULL.
+
+As checkpatch pointed out, we also avoid crashing the kernel
+when riov and wiov are both NULL, replacing BUG() with WARN_ON()
+and returning -EINVAL.
+
+Fixes: f87d0fbb5798 ("vringh: host-side implementation of virtio rings.")
+Cc: stable@vger.kernel.org
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+Link: https://lore.kernel.org/r/20201008204256.162292-1-sgarzare@redhat.com
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/vhost/vringh.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/vhost/vringh.c
++++ b/drivers/vhost/vringh.c
+@@ -284,13 +284,14 @@ __vringh_iov(struct vringh *vrh, u16 i,
+ desc_max = vrh->vring.num;
+ up_next = -1;
+
++ /* You must want something! */
++ if (WARN_ON(!riov && !wiov))
++ return -EINVAL;
++
+ if (riov)
+ riov->i = riov->used = 0;
+- else if (wiov)
++ if (wiov)
+ wiov->i = wiov->used = 0;
+- else
+- /* You must want something! */
+- BUG();
+
+ for (;;) {
+ void *addr;
projects / thirdparty / kernel / stable-queue.git / commitdiff
