--- /dev/null
+From a99aa42d0253f033cbb85096d3f2bd82201321e6 Mon Sep 17 00:00:00 2001
+From: Andi Kleen <ak@linux.intel.com>
+Date: Sat, 8 Feb 2014 08:52:00 +0100
+Subject: asmlinkage, pnp: Make variables used from assembler code visible
+
+From: Andi Kleen <ak@linux.intel.com>
+
+commit a99aa42d0253f033cbb85096d3f2bd82201321e6 upstream.
+
+Mark variables referenced from assembler files visible.
+
+This fixes compile problems with LTO.
+
+Cc: Jaroslav Kysela <perex@perex.cz>
+Signed-off-by: Andi Kleen <ak@linux.intel.com>
+Link: http://lkml.kernel.org/r/1391845930-28580-4-git-send-email-ak@linux.intel.com
+Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
+Cc: Christoph Biedl <linux-kernel.bfrz@manchmal.in-ulm.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pnp/pnpbios/bioscalls.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/pnp/pnpbios/bioscalls.c
++++ b/drivers/pnp/pnpbios/bioscalls.c
+@@ -21,7 +21,7 @@
+
+ #include "pnpbios.h"
+
+-static struct {
++__visible struct {
+ u16 offset;
+ u16 segment;
+ } pnp_bios_callpoint;
+@@ -41,6 +41,7 @@ asmlinkage void pnp_bios_callfunc(void);
+
+ __asm__(".text \n"
+ __ALIGN_STR "\n"
++ ".globl pnp_bios_callfunc\n"
+ "pnp_bios_callfunc:\n"
+ " pushl %edx \n"
+ " pushl %ecx \n"
+@@ -66,9 +67,9 @@ static struct desc_struct bad_bios_desc
+ * after PnP BIOS oopses.
+ */
+
+-u32 pnp_bios_fault_esp;
+-u32 pnp_bios_fault_eip;
+-u32 pnp_bios_is_utter_crap = 0;
++__visible u32 pnp_bios_fault_esp;
++__visible u32 pnp_bios_fault_eip;
++__visible u32 pnp_bios_is_utter_crap = 0;
+
+ static spinlock_t pnp_bios_lock;
+
--- /dev/null
+From 13f4bb78cf6a312bbdec367ba3da044b09bf0e29 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Wed, 4 May 2016 17:52:56 +0800
+Subject: crypto: hash - Fix page length clamping in hash walk
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 13f4bb78cf6a312bbdec367ba3da044b09bf0e29 upstream.
+
+The crypto hash walk code is broken when supplied with an offset
+greater than or equal to PAGE_SIZE. This patch fixes it by adjusting
+walk->pg and walk->offset when this happens.
+
+Reported-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/ahash.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/crypto/ahash.c
++++ b/crypto/ahash.c
+@@ -64,8 +64,9 @@ static int hash_walk_new_entry(struct cr
+ struct scatterlist *sg;
+
+ sg = walk->sg;
+- walk->pg = sg_page(sg);
+ walk->offset = sg->offset;
++ walk->pg = sg_page(walk->sg) + (walk->offset >> PAGE_SHIFT);
++ walk->offset = offset_in_page(walk->offset);
+ walk->entrylen = sg->length;
+
+ if (walk->entrylen > walk->total)
--- /dev/null
+From 99d825822eade8d827a1817357cbf3f889a552d6 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Thu, 5 May 2016 16:25:35 -0400
+Subject: get_rock_ridge_filename(): handle malformed NM entries
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 99d825822eade8d827a1817357cbf3f889a552d6 upstream.
+
+Payloads of NM entries are not supposed to contain NUL. When we run
+into such, only the part prior to the first NUL goes into the
+concatenation (i.e. the directory entry name being encoded by a bunch
+of NM entries). We do stop when the amount collected so far + the
+claimed amount in the current NM entry exceed 254. So far, so good,
+but what we return as the total length is the sum of *claimed*
+sizes, not the actual amount collected. And that can grow pretty
+large - not unlimited, since you'd need to put CE entries in
+between to be able to get more than the maximum that could be
+contained in one isofs directory entry / continuation chunk and
+we are stop once we'd encountered 32 CEs, but you can get about 8Kb
+easily. And that's what will be passed to readdir callback as the
+name length. 8Kb __copy_to_user() from a buffer allocated by
+__get_free_page()
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/isofs/rock.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+--- a/fs/isofs/rock.c
++++ b/fs/isofs/rock.c
+@@ -203,6 +203,8 @@ int get_rock_ridge_filename(struct iso_d
+ int retnamlen = 0;
+ int truncate = 0;
+ int ret = 0;
++ char *p;
++ int len;
+
+ if (!ISOFS_SB(inode->i_sb)->s_rock)
+ return 0;
+@@ -267,12 +269,17 @@ repeat:
+ rr->u.NM.flags);
+ break;
+ }
+- if ((strlen(retname) + rr->len - 5) >= 254) {
++ len = rr->len - 5;
++ if (retnamlen + len >= 254) {
+ truncate = 1;
+ break;
+ }
+- strncat(retname, rr->u.NM.name, rr->len - 5);
+- retnamlen += rr->len - 5;
++ p = memchr(rr->u.NM.name, '\0', len);
++ if (unlikely(p))
++ len = p - rr->u.NM.name;
++ memcpy(retname + retnamlen, rr->u.NM.name, len);
++ retnamlen += len;
++ retname[retnamlen] = '\0';
+ break;
+ case SIG('R', 'E'):
+ kfree(rs.buffer);
--- /dev/null
+From 6ae645d5fa385f3787bf1723639cd907fe5865e7 Mon Sep 17 00:00:00 2001
+From: Marek Szyprowski <m.szyprowski@samsung.com>
+Date: Mon, 9 May 2016 09:31:47 -0700
+Subject: Input: max8997-haptic - fix NULL pointer dereference
+
+From: Marek Szyprowski <m.szyprowski@samsung.com>
+
+commit 6ae645d5fa385f3787bf1723639cd907fe5865e7 upstream.
+
+NULL pointer derefence happens when booting with DTB because the
+platform data for haptic device is not set in supplied data from parent
+MFD device.
+
+The MFD device creates only platform data (from Device Tree) for itself,
+not for haptic child.
+
+Unable to handle kernel NULL pointer dereference at virtual address 0000009c
+pgd = c0004000
+ [0000009c] *pgd=00000000
+ Internal error: Oops: 5 [#1] PREEMPT SMP ARM
+ (max8997_haptic_probe) from [<c03f9cec>] (platform_drv_probe+0x4c/0xb0)
+ (platform_drv_probe) from [<c03f8440>] (driver_probe_device+0x214/0x2c0)
+ (driver_probe_device) from [<c03f8598>] (__driver_attach+0xac/0xb0)
+ (__driver_attach) from [<c03f67ac>] (bus_for_each_dev+0x68/0x9c)
+ (bus_for_each_dev) from [<c03f7a38>] (bus_add_driver+0x1a0/0x218)
+ (bus_add_driver) from [<c03f8db0>] (driver_register+0x78/0xf8)
+ (driver_register) from [<c0101774>] (do_one_initcall+0x90/0x1d8)
+ (do_one_initcall) from [<c0a00dbc>] (kernel_init_freeable+0x15c/0x1fc)
+ (kernel_init_freeable) from [<c06bb5b4>] (kernel_init+0x8/0x114)
+ (kernel_init) from [<c0107938>] (ret_from_fork+0x14/0x3c)
+
+Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
+Fixes: 104594b01ce7 ("Input: add driver support for MAX8997-haptic")
+[k.kozlowski: Write commit message, add CC-stable]
+Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/input/misc/max8997_haptic.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/input/misc/max8997_haptic.c
++++ b/drivers/input/misc/max8997_haptic.c
+@@ -245,12 +245,14 @@ static int max8997_haptic_probe(struct p
+ struct max8997_dev *iodev = dev_get_drvdata(pdev->dev.parent);
+ const struct max8997_platform_data *pdata =
+ dev_get_platdata(iodev->dev);
+- const struct max8997_haptic_platform_data *haptic_pdata =
+- pdata->haptic_pdata;
++ const struct max8997_haptic_platform_data *haptic_pdata = NULL;
+ struct max8997_haptic *chip;
+ struct input_dev *input_dev;
+ int error;
+
++ if (pdata)
++ haptic_pdata = pdata->haptic_pdata;
++
+ if (!haptic_pdata) {
+ dev_err(&pdev->dev, "no haptic platform data\n");
+ return -EINVAL;
--- /dev/null
+crypto-hash-fix-page-length-clamping-in-hash-walk.patch
+get_rock_ridge_filename-handle-malformed-nm-entries.patch
+input-max8997-haptic-fix-null-pointer-dereference.patch
+asmlinkage-pnp-make-variables-used-from-assembler-code-visible.patch
--- /dev/null
+ocfs2-revert-using-ocfs2_acl_chmod-to-avoid-inode-cluster-lock-hang.patch
+ocfs2-fix-posix_acl_create-deadlock.patch
+zsmalloc-fix-zs_can_compact-integer-overflow.patch
+s390-mm-fix-asce_bits-handling-with-dynamic-pagetable-levels.patch
+crypto-qat-fix-invalid-pf2vf_resp_wq-logic.patch
+crypto-hash-fix-page-length-clamping-in-hash-walk.patch
+crypto-testmgr-use-kmalloc-memory-for-rsa-input.patch
+alsa-usb-audio-quirk-for-yet-another-phoenix-audio-devices-v2.patch
+alsa-usb-audio-yet-another-phoneix-audio-device-quirk.patch
+alsa-hda-fix-subwoofer-pin-on-asus-n751-and-n551.patch
+alsa-hda-fix-white-noise-on-asus-ux501vw-headset.patch
+alsa-hda-fix-broken-reconfig.patch
+spi-pxa2xx-do-not-detect-number-of-enabled-chip-selects-on-intel-spt.patch
+spi-spi-ti-qspi-fix-flen-and-wlen-settings-if-bits_per_word-is-overridden.patch
+spi-spi-ti-qspi-handle-truncated-frames-properly.patch
+pinctrl-at91-pio4-fix-pull-up-down-logic.patch
+regmap-spmi-fix-regmap_spmi_ext_read-in-multi-byte-case.patch
+perf-core-disable-the-event-on-a-truncated-aux-record.patch
+vfs-add-vfs_select_inode-helper.patch
+vfs-rename-check-backing-inode-being-equal.patch
+arm-dts-at91-sam9x5-fix-the-memory-range-assigned-to-the-pmc.patch
+workqueue-fix-rebind-bound-workers-warning.patch
+regulator-s2mps11-fix-invalid-selector-mask-and-voltages-for-buck9.patch
+regulator-axp20x-fix-axp22x-ldo_io-voltage-ranges.patch
+atomic_open-fix-the-handling-of-create_error.patch
+qla1280-don-t-allocate-512kb-of-host-tags.patch
+tools-lib-traceevent-do-not-reassign-parg-after-collapse_tree.patch
+get_rock_ridge_filename-handle-malformed-nm-entries.patch
+input-max8997-haptic-fix-null-pointer-dereference.patch
+revert-videobuf2-v4l2-verify-planes-array-in-buffer-dequeueing.patch
--- /dev/null
+ocfs2-revert-using-ocfs2_acl_chmod-to-avoid-inode-cluster-lock-hang.patch
+ocfs2-fix-posix_acl_create-deadlock.patch
+zsmalloc-fix-zs_can_compact-integer-overflow.patch
+mm-thp-calculate-the-mapcount-correctly-for-thp-pages-during-wp-faults.patch
+crypto-qat-fix-invalid-pf2vf_resp_wq-logic.patch
+crypto-qat-fix-adf_ctl_drv.c-undefined-reference-to-adf_init_pf_wq.patch
+crypto-hash-fix-page-length-clamping-in-hash-walk.patch
+crypto-testmgr-use-kmalloc-memory-for-rsa-input.patch
+alsa-usb-audio-quirk-for-yet-another-phoenix-audio-devices-v2.patch
+alsa-usb-audio-yet-another-phoneix-audio-device-quirk.patch
+alsa-hda-fix-subwoofer-pin-on-asus-n751-and-n551.patch
+alsa-hda-fix-white-noise-on-asus-ux501vw-headset.patch
+alsa-hda-fix-broken-reconfig.patch
+spi-pxa2xx-do-not-detect-number-of-enabled-chip-selects-on-intel-spt.patch
+spi-spi-ti-qspi-fix-flen-and-wlen-settings-if-bits_per_word-is-overridden.patch
+spi-spi-ti-qspi-handle-truncated-frames-properly.patch
+pinctrl-at91-pio4-fix-pull-up-down-logic.patch
+regmap-spmi-fix-regmap_spmi_ext_read-in-multi-byte-case.patch
+perf-diff-fix-duplicated-output-column.patch
+perf-core-disable-the-event-on-a-truncated-aux-record.patch
+vfs-add-vfs_select_inode-helper.patch
+vfs-rename-check-backing-inode-being-equal.patch
+arm-dts-at91-sam9x5-fix-the-memory-range-assigned-to-the-pmc.patch
+workqueue-fix-rebind-bound-workers-warning.patch
+regulator-s2mps11-fix-invalid-selector-mask-and-voltages-for-buck9.patch
+regulator-axp20x-fix-axp22x-ldo_io-voltage-ranges.patch
+atomic_open-fix-the-handling-of-create_error.patch
+qla1280-don-t-allocate-512kb-of-host-tags.patch
+tools-lib-traceevent-do-not-reassign-parg-after-collapse_tree.patch
+get_rock_ridge_filename-handle-malformed-nm-entries.patch
+input-max8997-haptic-fix-null-pointer-dereference.patch
+revert-videobuf2-v4l2-verify-planes-array-in-buffer-dequeueing.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
