--- /dev/null
+From 56fdffca7de44e6adaf8ea90191339d46aff5443 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 13 Aug 2020 15:46:30 +0800
+Subject: ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
+
+From: Dinghao Liu <dinghao.liu@zju.edu.cn>
+
+[ Upstream commit 5a25de6df789cc805a9b8ba7ab5deef5067af47e ]
+
+Freeing chip on error may lead to an Oops at the next time
+the system goes to resume. Fix this by removing all
+snd_echo_free() calls on error.
+
+Fixes: 47b5d028fdce8 ("ALSA: Echoaudio - Add suspend support #2")
+Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
+Link: https://lore.kernel.org/r/20200813074632.17022-1-dinghao.liu@zju.edu.cn
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/pci/echoaudio/echoaudio.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/sound/pci/echoaudio/echoaudio.c b/sound/pci/echoaudio/echoaudio.c
+index 3ef2b27ebbe8c..f32c55ffffc79 100644
+--- a/sound/pci/echoaudio/echoaudio.c
++++ b/sound/pci/echoaudio/echoaudio.c
+@@ -2216,7 +2216,6 @@ static int snd_echo_resume(struct device *dev)
+ if (err < 0) {
+ kfree(commpage_bak);
+ dev_err(dev, "resume init_hw err=%d\n", err);
+- snd_echo_free(chip);
+ return err;
+ }
+
+@@ -2243,7 +2242,6 @@ static int snd_echo_resume(struct device *dev)
+ if (request_irq(pci->irq, snd_echo_interrupt, IRQF_SHARED,
+ KBUILD_MODNAME, chip)) {
+ dev_err(chip->card->dev, "cannot grab irq\n");
+- snd_echo_free(chip);
+ return -EBUSY;
+ }
+ chip->irq = pci->irq;
+--
+2.25.1
+
--- /dev/null
+From 7263005092837c6d5c9a6ea0bb6d9c99f7069a05 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 13 Jul 2020 03:21:43 +0000
+Subject: clk: clk-atlas6: fix return value check in atlas6_clk_init()
+
+From: Xu Wang <vulab@iscas.ac.cn>
+
+[ Upstream commit 12b90b40854a8461a02ef19f6f4474cc88d64b66 ]
+
+In case of error, the function clk_register() returns ERR_PTR()
+and never returns NULL. The NULL test in the return value check
+should be replaced with IS_ERR().
+
+Signed-off-by: Xu Wang <vulab@iscas.ac.cn>
+Link: https://lore.kernel.org/r/20200713032143.21362-1-vulab@iscas.ac.cn
+Acked-by: Barry Song <baohua@kernel.org>
+Fixes: 7bf21bc81f28 ("clk: sirf: re-arch to make the codes support both prima2 and atlas6")
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/clk/sirf/clk-atlas6.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/clk/sirf/clk-atlas6.c b/drivers/clk/sirf/clk-atlas6.c
+index 0cd11e6893afa..25ed60776560e 100644
+--- a/drivers/clk/sirf/clk-atlas6.c
++++ b/drivers/clk/sirf/clk-atlas6.c
+@@ -136,7 +136,7 @@ static void __init atlas6_clk_init(struct device_node *np)
+
+ for (i = pll1; i < maxclk; i++) {
+ atlas6_clks[i] = clk_register(NULL, atlas6_clk_hw_array[i]);
+- BUG_ON(!atlas6_clks[i]);
++ BUG_ON(IS_ERR(atlas6_clks[i]));
+ }
+ clk_register_clkdev(atlas6_clks[cpu], NULL, "cpu");
+ clk_register_clkdev(atlas6_clks[io], NULL, "io");
+--
+2.25.1
+
--- /dev/null
+From c5c305f2347bd8f29b7438cf2b674433b68b9cbb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 19 Jun 2020 16:42:14 +0800
+Subject: dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
+
+From: Ming Lei <ming.lei@redhat.com>
+
+[ Upstream commit e766668c6cd49d741cfb49eaeb38998ba34d27bc ]
+
+dm_stop_queue() only uses blk_mq_quiesce_queue() so it doesn't
+formally stop the blk-mq queue; therefore there is no point making the
+blk_mq_queue_stopped() check -- it will never be stopped.
+
+In addition, even though dm_stop_queue() actually tries to quiesce hw
+queues via blk_mq_quiesce_queue(), checking with blk_queue_quiesced()
+to avoid unnecessary queue quiesce isn't reliable because: the
+QUEUE_FLAG_QUIESCED flag is set before synchronize_rcu() and
+dm_stop_queue() may be called when synchronize_rcu() from another
+blk_mq_quiesce_queue() is in-progress.
+
+Fixes: 7b17c2f7292ba ("dm: Fix a race condition related to stopping and starting queues")
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/md/dm-rq.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/drivers/md/dm-rq.c b/drivers/md/dm-rq.c
+index 4d36373e1c0f0..9fde174ce3961 100644
+--- a/drivers/md/dm-rq.c
++++ b/drivers/md/dm-rq.c
+@@ -95,9 +95,6 @@ static void dm_old_stop_queue(struct request_queue *q)
+
+ static void dm_mq_stop_queue(struct request_queue *q)
+ {
+- if (blk_mq_queue_stopped(q))
+- return;
+-
+ blk_mq_quiesce_queue(q);
+ }
+
+--
+2.25.1
+
--- /dev/null
+From 70dbff0b731a90b30ba63135ada0668410ef5401 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 26 Jun 2020 13:39:59 +0300
+Subject: drm/vmwgfx: Fix two list_for_each loop exit tests
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 4437c1152ce0e57ab8f401aa696ea6291cc07ab1 ]
+
+These if statements are supposed to be true if we ended the
+list_for_each_entry() loops without hitting a break statement but they
+don't work.
+
+In the first loop, we increment "i" after the "if (i == unit)" condition
+so we don't necessarily know that "i" is not equal to unit at the end of
+the loop.
+
+In the second loop we exit when mode is not pointing to a valid
+drm_display_mode struct so it doesn't make sense to check "mode->type".
+
+Fixes: a278724aa23c ("drm/vmwgfx: Implement fbdev on kms v2")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Roland Scheidegger <sroland@vmware.com>
+Signed-off-by: Roland Scheidegger <sroland@vmware.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+index 6a712a8d59e93..e486b6517ac55 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+@@ -2861,7 +2861,7 @@ int vmw_kms_fbdev_init_data(struct vmw_private *dev_priv,
+ ++i;
+ }
+
+- if (i != unit) {
++ if (&con->head == &dev_priv->dev->mode_config.connector_list) {
+ DRM_ERROR("Could not find initial display unit.\n");
+ ret = -EINVAL;
+ goto out_unlock;
+@@ -2885,13 +2885,13 @@ int vmw_kms_fbdev_init_data(struct vmw_private *dev_priv,
+ break;
+ }
+
+- if (mode->type & DRM_MODE_TYPE_PREFERRED)
+- *p_mode = mode;
+- else {
++ if (&mode->head == &con->modes) {
+ WARN_ONCE(true, "Could not find initial preferred mode.\n");
+ *p_mode = list_first_entry(&con->modes,
+ struct drm_display_mode,
+ head);
++ } else {
++ *p_mode = mode;
+ }
+
+ out_unlock:
+--
+2.25.1
+
--- /dev/null
+From 892213c7dcdb12a1c9ce2ac0beed67c9bfee6ec4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 26 Jun 2020 13:34:37 +0300
+Subject: drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 1d2c0c565bc0da25f5e899a862fb58e612b222df ]
+
+The "entry" pointer is an offset from the list head and it doesn't
+point to a valid vmw_legacy_display_unit struct. Presumably the
+intent was to point to the last entry.
+
+Also the "i++" wasn't used so I have removed that as well.
+
+Fixes: d7e1958dbe4a ("drm/vmwgfx: Support older hardware.")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Roland Scheidegger <sroland@vmware.com>
+Signed-off-by: Roland Scheidegger <sroland@vmware.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c
+index 7235781171912..0743a73117000 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c
+@@ -79,7 +79,7 @@ static int vmw_ldu_commit_list(struct vmw_private *dev_priv)
+ struct vmw_legacy_display_unit *entry;
+ struct drm_framebuffer *fb = NULL;
+ struct drm_crtc *crtc = NULL;
+- int i = 0;
++ int i;
+
+ /* If there is no display topology the host just assumes
+ * that the guest will set the same layout as the host.
+@@ -90,12 +90,11 @@ static int vmw_ldu_commit_list(struct vmw_private *dev_priv)
+ crtc = &entry->base.crtc;
+ w = max(w, crtc->x + crtc->mode.hdisplay);
+ h = max(h, crtc->y + crtc->mode.vdisplay);
+- i++;
+ }
+
+ if (crtc == NULL)
+ return 0;
+- fb = entry->base.crtc.primary->state->fb;
++ fb = crtc->primary->state->fb;
+
+ return vmw_kms_write_svga(dev_priv, w, h, fb->pitches[0],
+ fb->format->cpp[0] * 8,
+--
+2.25.1
+
--- /dev/null
+From 2f8d9d6f05f397fe6e0a2a5d067c47079aab6d6c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Aug 2020 18:35:36 -0700
+Subject: fs/minix: fix block limit check for V1 filesystems
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit 0a12c4a8069607247cb8edc3b035a664e636fd9a ]
+
+The minix filesystem reads its maximum file size from its on-disk
+superblock. This value isn't necessarily a multiple of the block size.
+When it's not, the V1 block mapping code doesn't allow mapping the last
+possible block. Commit 6ed6a722f9ab ("minixfs: fix block limit check")
+fixed this in the V2 mapping code. Fix it in the V1 mapping code too.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: Qiujun Huang <anenbupt@gmail.com>
+Link: http://lkml.kernel.org/r/20200628060846.682158-6-ebiggers@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/minix/itree_v1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/minix/itree_v1.c b/fs/minix/itree_v1.c
+index c0d418209ead1..405573a79aab4 100644
+--- a/fs/minix/itree_v1.c
++++ b/fs/minix/itree_v1.c
+@@ -29,7 +29,7 @@ static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
+ if (block < 0) {
+ printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n",
+ block, inode->i_sb->s_bdev);
+- } else if (block >= inode->i_sb->s_maxbytes/BLOCK_SIZE) {
++ } else if ((u64)block * BLOCK_SIZE >= inode->i_sb->s_maxbytes) {
+ if (printk_ratelimit())
+ printk("MINIX-fs: block_to_path: "
+ "block %ld too big on dev %pg\n",
+--
+2.25.1
+
--- /dev/null
+From 84632fd316d9a064599d143522bea659acb7a07f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Aug 2020 18:35:39 -0700
+Subject: fs/minix: remove expected error message in block_to_path()
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit f666f9fb9a36f1c833b9d18923572f0e4d304754 ]
+
+When truncating a file to a size within the last allowed logical block,
+block_to_path() is called with the *next* block. This exceeds the limit,
+causing the "block %ld too big" error message to be printed.
+
+This case isn't actually an error; there are just no more blocks past that
+point. So, remove this error message.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: Qiujun Huang <anenbupt@gmail.com>
+Link: http://lkml.kernel.org/r/20200628060846.682158-7-ebiggers@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/minix/itree_v1.c | 12 ++++++------
+ fs/minix/itree_v2.c | 12 ++++++------
+ 2 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/fs/minix/itree_v1.c b/fs/minix/itree_v1.c
+index 405573a79aab4..1fed906042aa8 100644
+--- a/fs/minix/itree_v1.c
++++ b/fs/minix/itree_v1.c
+@@ -29,12 +29,12 @@ static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
+ if (block < 0) {
+ printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n",
+ block, inode->i_sb->s_bdev);
+- } else if ((u64)block * BLOCK_SIZE >= inode->i_sb->s_maxbytes) {
+- if (printk_ratelimit())
+- printk("MINIX-fs: block_to_path: "
+- "block %ld too big on dev %pg\n",
+- block, inode->i_sb->s_bdev);
+- } else if (block < 7) {
++ return 0;
++ }
++ if ((u64)block * BLOCK_SIZE >= inode->i_sb->s_maxbytes)
++ return 0;
++
++ if (block < 7) {
+ offsets[n++] = block;
+ } else if ((block -= 7) < 512) {
+ offsets[n++] = 7;
+diff --git a/fs/minix/itree_v2.c b/fs/minix/itree_v2.c
+index ee8af2f9e2828..9d00f31a2d9d1 100644
+--- a/fs/minix/itree_v2.c
++++ b/fs/minix/itree_v2.c
+@@ -32,12 +32,12 @@ static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
+ if (block < 0) {
+ printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n",
+ block, sb->s_bdev);
+- } else if ((u64)block * (u64)sb->s_blocksize >= sb->s_maxbytes) {
+- if (printk_ratelimit())
+- printk("MINIX-fs: block_to_path: "
+- "block %ld too big on dev %pg\n",
+- block, sb->s_bdev);
+- } else if (block < DIRCOUNT) {
++ return 0;
++ }
++ if ((u64)block * (u64)sb->s_blocksize >= sb->s_maxbytes)
++ return 0;
++
++ if (block < DIRCOUNT) {
+ offsets[n++] = block;
+ } else if ((block -= DIRCOUNT) < INDIRCOUNT(sb)) {
+ offsets[n++] = DIRCOUNT;
+--
+2.25.1
+
--- /dev/null
+From 905c491129c3b1d7a65f6bdd109de6f33af8d19e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Aug 2020 18:35:33 -0700
+Subject: fs/minix: set s_maxbytes correctly
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit 32ac86efff91a3e4ef8c3d1cadd4559e23c8e73a ]
+
+The minix filesystem leaves super_block::s_maxbytes at MAX_NON_LFS rather
+than setting it to the actual filesystem-specific limit. This is broken
+because it means userspace doesn't see the standard behavior like getting
+EFBIG and SIGXFSZ when exceeding the maximum file size.
+
+Fix this by setting s_maxbytes correctly.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Alexander Viro <viro@zeniv.linux.org.uk>
+Cc: Qiujun Huang <anenbupt@gmail.com>
+Link: http://lkml.kernel.org/r/20200628060846.682158-5-ebiggers@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/minix/inode.c | 12 +++++++-----
+ fs/minix/itree_v1.c | 2 +-
+ fs/minix/itree_v2.c | 3 +--
+ fs/minix/minix.h | 1 -
+ 4 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/fs/minix/inode.c b/fs/minix/inode.c
+index 4f994de46e6b9..03fe8bac36cf4 100644
+--- a/fs/minix/inode.c
++++ b/fs/minix/inode.c
+@@ -155,8 +155,10 @@ static int minix_remount (struct super_block * sb, int * flags, char * data)
+ return 0;
+ }
+
+-static bool minix_check_superblock(struct minix_sb_info *sbi)
++static bool minix_check_superblock(struct super_block *sb)
+ {
++ struct minix_sb_info *sbi = minix_sb(sb);
++
+ if (sbi->s_imap_blocks == 0 || sbi->s_zmap_blocks == 0)
+ return false;
+
+@@ -166,7 +168,7 @@ static bool minix_check_superblock(struct minix_sb_info *sbi)
+ * of indirect blocks which places the limit well above U32_MAX.
+ */
+ if (sbi->s_version == MINIX_V1 &&
+- sbi->s_max_size > (7 + 512 + 512*512) * BLOCK_SIZE)
++ sb->s_maxbytes > (7 + 512 + 512*512) * BLOCK_SIZE)
+ return false;
+
+ return true;
+@@ -207,7 +209,7 @@ static int minix_fill_super(struct super_block *s, void *data, int silent)
+ sbi->s_zmap_blocks = ms->s_zmap_blocks;
+ sbi->s_firstdatazone = ms->s_firstdatazone;
+ sbi->s_log_zone_size = ms->s_log_zone_size;
+- sbi->s_max_size = ms->s_max_size;
++ s->s_maxbytes = ms->s_max_size;
+ s->s_magic = ms->s_magic;
+ if (s->s_magic == MINIX_SUPER_MAGIC) {
+ sbi->s_version = MINIX_V1;
+@@ -238,7 +240,7 @@ static int minix_fill_super(struct super_block *s, void *data, int silent)
+ sbi->s_zmap_blocks = m3s->s_zmap_blocks;
+ sbi->s_firstdatazone = m3s->s_firstdatazone;
+ sbi->s_log_zone_size = m3s->s_log_zone_size;
+- sbi->s_max_size = m3s->s_max_size;
++ s->s_maxbytes = m3s->s_max_size;
+ sbi->s_ninodes = m3s->s_ninodes;
+ sbi->s_nzones = m3s->s_zones;
+ sbi->s_dirsize = 64;
+@@ -250,7 +252,7 @@ static int minix_fill_super(struct super_block *s, void *data, int silent)
+ } else
+ goto out_no_fs;
+
+- if (!minix_check_superblock(sbi))
++ if (!minix_check_superblock(s))
+ goto out_illegal_sb;
+
+ /*
+diff --git a/fs/minix/itree_v1.c b/fs/minix/itree_v1.c
+index 046cc96ee7adb..c0d418209ead1 100644
+--- a/fs/minix/itree_v1.c
++++ b/fs/minix/itree_v1.c
+@@ -29,7 +29,7 @@ static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
+ if (block < 0) {
+ printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n",
+ block, inode->i_sb->s_bdev);
+- } else if (block >= (minix_sb(inode->i_sb)->s_max_size/BLOCK_SIZE)) {
++ } else if (block >= inode->i_sb->s_maxbytes/BLOCK_SIZE) {
+ if (printk_ratelimit())
+ printk("MINIX-fs: block_to_path: "
+ "block %ld too big on dev %pg\n",
+diff --git a/fs/minix/itree_v2.c b/fs/minix/itree_v2.c
+index f7fc7eccccccd..ee8af2f9e2828 100644
+--- a/fs/minix/itree_v2.c
++++ b/fs/minix/itree_v2.c
+@@ -32,8 +32,7 @@ static int block_to_path(struct inode * inode, long block, int offsets[DEPTH])
+ if (block < 0) {
+ printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n",
+ block, sb->s_bdev);
+- } else if ((u64)block * (u64)sb->s_blocksize >=
+- minix_sb(sb)->s_max_size) {
++ } else if ((u64)block * (u64)sb->s_blocksize >= sb->s_maxbytes) {
+ if (printk_ratelimit())
+ printk("MINIX-fs: block_to_path: "
+ "block %ld too big on dev %pg\n",
+diff --git a/fs/minix/minix.h b/fs/minix/minix.h
+index df081e8afcc3c..168d45d3de73e 100644
+--- a/fs/minix/minix.h
++++ b/fs/minix/minix.h
+@@ -32,7 +32,6 @@ struct minix_sb_info {
+ unsigned long s_zmap_blocks;
+ unsigned long s_firstdatazone;
+ unsigned long s_log_zone_size;
+- unsigned long s_max_size;
+ int s_dirsize;
+ int s_namelen;
+ struct buffer_head ** s_imap;
+--
+2.25.1
+
--- /dev/null
+From fea88c24d4cb5dede3c36c4a0fc31c628cf7a257 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Aug 2020 18:35:53 -0700
+Subject: fs/ufs: avoid potential u32 multiplication overflow
+
+From: Colin Ian King <colin.king@canonical.com>
+
+[ Upstream commit 88b2e9b06381551b707d980627ad0591191f7a2d ]
+
+The 64 bit ino is being compared to the product of two u32 values,
+however, the multiplication is being performed using a 32 bit multiply so
+there is a potential of an overflow. To be fully safe, cast uspi->s_ncg
+to a u64 to ensure a 64 bit multiplication occurs to avoid any chance of
+overflow.
+
+Fixes: f3e2a520f5fb ("ufs: NFS support")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Evgeniy Dushistov <dushistov@mail.ru>
+Cc: Alexey Dobriyan <adobriyan@gmail.com>
+Link: http://lkml.kernel.org/r/20200715170355.1081713-1-colin.king@canonical.com
+Addresses-Coverity: ("Unintentional integer overflow")
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ufs/super.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/ufs/super.c b/fs/ufs/super.c
+index a4e07e910f1b4..6e59e45d7bfbd 100644
+--- a/fs/ufs/super.c
++++ b/fs/ufs/super.c
+@@ -100,7 +100,7 @@ static struct inode *ufs_nfs_get_inode(struct super_block *sb, u64 ino, u32 gene
+ struct ufs_sb_private_info *uspi = UFS_SB(sb)->s_uspi;
+ struct inode *inode;
+
+- if (ino < UFS_ROOTINO || ino > uspi->s_ncg * uspi->s_ipg)
++ if (ino < UFS_ROOTINO || ino > (u64)uspi->s_ncg * uspi->s_ipg)
+ return ERR_PTR(-ESTALE);
+
+ inode = ufs_iget(sb, ino);
+--
+2.25.1
+
--- /dev/null
+From 0ab8875052a40e42be46ddb4d37f1a84e3356c02 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 17 Jun 2020 15:40:37 -0700
+Subject: gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
+
+From: Steve Longerbeam <slongerbeam@gmail.com>
+
+[ Upstream commit 0f6245f42ce9b7e4d20f2cda8d5f12b55a44d7d1 ]
+
+Combine the rotate_irq() and norotate_irq() handlers into a single
+eof_irq() handler.
+
+Signed-off-by: Steve Longerbeam <slongerbeam@gmail.com>
+Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/ipu-v3/ipu-image-convert.c | 58 +++++++++-----------------
+ 1 file changed, 20 insertions(+), 38 deletions(-)
+
+diff --git a/drivers/gpu/ipu-v3/ipu-image-convert.c b/drivers/gpu/ipu-v3/ipu-image-convert.c
+index 91653adc41cc4..cdaf1d74e31a2 100644
+--- a/drivers/gpu/ipu-v3/ipu-image-convert.c
++++ b/drivers/gpu/ipu-v3/ipu-image-convert.c
+@@ -998,9 +998,10 @@ static irqreturn_t do_irq(struct ipu_image_convert_run *run)
+ return IRQ_WAKE_THREAD;
+ }
+
+-static irqreturn_t norotate_irq(int irq, void *data)
++static irqreturn_t eof_irq(int irq, void *data)
+ {
+ struct ipu_image_convert_chan *chan = data;
++ struct ipu_image_convert_priv *priv = chan->priv;
+ struct ipu_image_convert_ctx *ctx;
+ struct ipu_image_convert_run *run;
+ unsigned long flags;
+@@ -1017,45 +1018,26 @@ static irqreturn_t norotate_irq(int irq, void *data)
+
+ ctx = run->ctx;
+
+- if (ipu_rot_mode_is_irt(ctx->rot_mode)) {
+- /* this is a rotation operation, just ignore */
+- spin_unlock_irqrestore(&chan->irqlock, flags);
+- return IRQ_HANDLED;
+- }
+-
+- ret = do_irq(run);
+-out:
+- spin_unlock_irqrestore(&chan->irqlock, flags);
+- return ret;
+-}
+-
+-static irqreturn_t rotate_irq(int irq, void *data)
+-{
+- struct ipu_image_convert_chan *chan = data;
+- struct ipu_image_convert_priv *priv = chan->priv;
+- struct ipu_image_convert_ctx *ctx;
+- struct ipu_image_convert_run *run;
+- unsigned long flags;
+- irqreturn_t ret;
+-
+- spin_lock_irqsave(&chan->irqlock, flags);
+-
+- /* get current run and its context */
+- run = chan->current_run;
+- if (!run) {
++ if (irq == chan->out_eof_irq) {
++ if (ipu_rot_mode_is_irt(ctx->rot_mode)) {
++ /* this is a rotation op, just ignore */
++ ret = IRQ_HANDLED;
++ goto out;
++ }
++ } else if (irq == chan->rot_out_eof_irq) {
++ if (!ipu_rot_mode_is_irt(ctx->rot_mode)) {
++ /* this was NOT a rotation op, shouldn't happen */
++ dev_err(priv->ipu->dev,
++ "Unexpected rotation interrupt\n");
++ ret = IRQ_HANDLED;
++ goto out;
++ }
++ } else {
++ dev_err(priv->ipu->dev, "Received unknown irq %d\n", irq);
+ ret = IRQ_NONE;
+ goto out;
+ }
+
+- ctx = run->ctx;
+-
+- if (!ipu_rot_mode_is_irt(ctx->rot_mode)) {
+- /* this was NOT a rotation operation, shouldn't happen */
+- dev_err(priv->ipu->dev, "Unexpected rotation interrupt\n");
+- spin_unlock_irqrestore(&chan->irqlock, flags);
+- return IRQ_HANDLED;
+- }
+-
+ ret = do_irq(run);
+ out:
+ spin_unlock_irqrestore(&chan->irqlock, flags);
+@@ -1148,7 +1130,7 @@ static int get_ipu_resources(struct ipu_image_convert_chan *chan)
+ chan->out_chan,
+ IPU_IRQ_EOF);
+
+- ret = request_threaded_irq(chan->out_eof_irq, norotate_irq, do_bh,
++ ret = request_threaded_irq(chan->out_eof_irq, eof_irq, do_bh,
+ 0, "ipu-ic", chan);
+ if (ret < 0) {
+ dev_err(priv->ipu->dev, "could not acquire irq %d\n",
+@@ -1161,7 +1143,7 @@ static int get_ipu_resources(struct ipu_image_convert_chan *chan)
+ chan->rotation_out_chan,
+ IPU_IRQ_EOF);
+
+- ret = request_threaded_irq(chan->rot_out_eof_irq, rotate_irq, do_bh,
++ ret = request_threaded_irq(chan->rot_out_eof_irq, eof_irq, do_bh,
+ 0, "ipu-ic", chan);
+ if (ret < 0) {
+ dev_err(priv->ipu->dev, "could not acquire irq %d\n",
+--
+2.25.1
+
--- /dev/null
+From 15af14735f7396a69097107215ae9c118cdc2a02 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 26 Jul 2020 18:16:06 +0200
+Subject: i2c: rcar: avoid race when unregistering slave
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+[ Upstream commit c7c9e914f9a0478fba4dc6f227cfd69cf84a4063 ]
+
+Due to the lockless design of the driver, it is theoretically possible
+to access a NULL pointer, if a slave interrupt was running while we were
+unregistering the slave. To make this rock solid, disable the interrupt
+for a short time while we are clearing the interrupt_enable register.
+This patch is purely based on code inspection. The OOPS is super-hard to
+trigger because clearing SAR (the address) makes interrupts even more
+unlikely to happen as well. While here, reinit SCR to SDBS because this
+bit should always be set according to documentation. There is no effect,
+though, because the interface is disabled.
+
+Fixes: 7b814d852af6 ("i2c: rcar: avoid race when unregistering slave client")
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Reviewed-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-rcar.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
+index 11d1977616858..dcdce18fc7062 100644
+--- a/drivers/i2c/busses/i2c-rcar.c
++++ b/drivers/i2c/busses/i2c-rcar.c
+@@ -861,12 +861,14 @@ static int rcar_unreg_slave(struct i2c_client *slave)
+
+ WARN_ON(!priv->slave);
+
+- /* disable irqs and ensure none is running before clearing ptr */
++ /* ensure no irq is running before clearing ptr */
++ disable_irq(priv->irq);
+ rcar_i2c_write(priv, ICSIER, 0);
+- rcar_i2c_write(priv, ICSCR, 0);
++ rcar_i2c_write(priv, ICSSR, 0);
++ enable_irq(priv->irq);
++ rcar_i2c_write(priv, ICSCR, SDBS);
+ rcar_i2c_write(priv, ICSAR, 0); /* Gen2: must be 0 if not using slave */
+
+- synchronize_irq(priv->irq);
+ priv->slave = NULL;
+
+ pm_runtime_put(rcar_i2c_priv_to_dev(priv));
+--
+2.25.1
+
--- /dev/null
+From 59ed85d3b71681aab843a70eb1d9a56318a59475 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 29 Jun 2020 17:38:07 +0200
+Subject: i2c: rcar: slave: only send STOP event when we have been addressed
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+[ Upstream commit 314139f9f0abdba61ed9a8463bbcb0bf900ac5a2 ]
+
+When the SSR interrupt is activated, it will detect every STOP condition
+on the bus, not only the ones after we have been addressed. So, enable
+this interrupt only after we have been addressed, and disable it
+otherwise.
+
+Fixes: de20d1857dd6 ("i2c: rcar: add slave support")
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-rcar.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
+index 6e49e438ef5a5..11d1977616858 100644
+--- a/drivers/i2c/busses/i2c-rcar.c
++++ b/drivers/i2c/busses/i2c-rcar.c
+@@ -587,13 +587,14 @@ static bool rcar_i2c_slave_irq(struct rcar_i2c_priv *priv)
+ rcar_i2c_write(priv, ICSIER, SDR | SSR | SAR);
+ }
+
+- rcar_i2c_write(priv, ICSSR, ~SAR & 0xff);
++ /* Clear SSR, too, because of old STOPs to other clients than us */
++ rcar_i2c_write(priv, ICSSR, ~(SAR | SSR) & 0xff);
+ }
+
+ /* master sent stop */
+ if (ssr_filtered & SSR) {
+ i2c_slave_event(priv->slave, I2C_SLAVE_STOP, &value);
+- rcar_i2c_write(priv, ICSIER, SAR | SSR);
++ rcar_i2c_write(priv, ICSIER, SAR);
+ rcar_i2c_write(priv, ICSSR, ~SSR & 0xff);
+ }
+
+@@ -848,7 +849,7 @@ static int rcar_reg_slave(struct i2c_client *slave)
+ priv->slave = slave;
+ rcar_i2c_write(priv, ICSAR, slave->addr);
+ rcar_i2c_write(priv, ICSSR, 0);
+- rcar_i2c_write(priv, ICSIER, SAR | SSR);
++ rcar_i2c_write(priv, ICSIER, SAR);
+ rcar_i2c_write(priv, ICSCR, SIE | SDBS);
+
+ return 0;
+--
+2.25.1
+
--- /dev/null
+From f3638a8b393c66d78983c452601ba6c7347dec35 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 6 Aug 2020 15:35:34 -0700
+Subject: Input: sentelic - fix error return when fsp_reg_write fails
+
+From: Colin Ian King <colin.king@canonical.com>
+
+[ Upstream commit ea38f06e0291986eb93beb6d61fd413607a30ca4 ]
+
+Currently when the call to fsp_reg_write fails -EIO is not being returned
+because the count is being returned instead of the return value in retval.
+Fix this by returning the value in retval instead of count.
+
+Addresses-Coverity: ("Unused value")
+Fixes: fc69f4a6af49 ("Input: add new driver for Sentelic Finger Sensing Pad")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Link: https://lore.kernel.org/r/20200603141218.131663-1-colin.king@canonical.com
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/input/mouse/sentelic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/input/mouse/sentelic.c b/drivers/input/mouse/sentelic.c
+index 1d6010d463e2c..022a8cb58a066 100644
+--- a/drivers/input/mouse/sentelic.c
++++ b/drivers/input/mouse/sentelic.c
+@@ -454,7 +454,7 @@ static ssize_t fsp_attr_set_setreg(struct psmouse *psmouse, void *data,
+
+ fsp_reg_write_enable(psmouse, false);
+
+- return count;
++ return retval;
+ }
+
+ PSMOUSE_DEFINE_WO_ATTR(setreg, S_IWUSR, NULL, fsp_attr_set_setreg);
+--
+2.25.1
+
--- /dev/null
+From 68e532cce3d0ef8cf9d9c41057668ead9c18a72b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Jul 2020 20:22:11 +0100
+Subject: iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
+
+From: Colin Ian King <colin.king@canonical.com>
+
+[ Upstream commit dee9d154f40c58d02f69acdaa5cfd1eae6ebc28b ]
+
+It is possible for the call to omap_iommu_dump_ctx to return
+a negative error number, so check for the failure and return
+the error number rather than pass the negative value to
+simple_read_from_buffer.
+
+Fixes: 14e0e6796a0d ("OMAP: iommu: add initial debugfs support")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Link: https://lore.kernel.org/r/20200714192211.744776-1-colin.king@canonical.com
+Addresses-Coverity: ("Improper use of negative value")
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/iommu/omap-iommu-debug.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/iommu/omap-iommu-debug.c b/drivers/iommu/omap-iommu-debug.c
+index 50217548c3b8e..5ce55fabc9d80 100644
+--- a/drivers/iommu/omap-iommu-debug.c
++++ b/drivers/iommu/omap-iommu-debug.c
+@@ -101,8 +101,11 @@ static ssize_t debug_read_regs(struct file *file, char __user *userbuf,
+ mutex_lock(&iommu_debug_lock);
+
+ bytes = omap_iommu_dump_ctx(obj, p, count);
++ if (bytes < 0)
++ goto err;
+ bytes = simple_read_from_buffer(userbuf, count, ppos, buf, bytes);
+
++err:
+ mutex_unlock(&iommu_debug_lock);
+ kfree(buf);
+
+--
+2.25.1
+
--- /dev/null
+From 465a125784d2da826c1d4cff5fa75fc03a784062 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 24 Jul 2020 09:49:14 +0800
+Subject: iommu/vt-d: Enforce PASID devTLB field mask
+
+From: Liu Yi L <yi.l.liu@intel.com>
+
+[ Upstream commit 5f77d6ca5ca74e4b4a5e2e010f7ff50c45dea326 ]
+
+Set proper masks to avoid invalid input spillover to reserved bits.
+
+Signed-off-by: Liu Yi L <yi.l.liu@intel.com>
+Signed-off-by: Jacob Pan <jacob.jun.pan@linux.intel.com>
+Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Link: https://lore.kernel.org/r/20200724014925.15523-2-baolu.lu@linux.intel.com
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/intel-iommu.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h
+index b1b4411b4c6b8..539f4a84412f4 100644
+--- a/include/linux/intel-iommu.h
++++ b/include/linux/intel-iommu.h
+@@ -308,8 +308,8 @@ enum {
+
+ #define QI_DEV_EIOTLB_ADDR(a) ((u64)(a) & VTD_PAGE_MASK)
+ #define QI_DEV_EIOTLB_SIZE (((u64)1) << 11)
+-#define QI_DEV_EIOTLB_GLOB(g) ((u64)g)
+-#define QI_DEV_EIOTLB_PASID(p) (((u64)p) << 32)
++#define QI_DEV_EIOTLB_GLOB(g) ((u64)(g) & 0x1)
++#define QI_DEV_EIOTLB_PASID(p) ((u64)((p) & 0xfffff) << 32)
+ #define QI_DEV_EIOTLB_SID(sid) ((u64)((sid) & 0xffff) << 16)
+ #define QI_DEV_EIOTLB_QDEP(qd) ((u64)((qd) & 0x1f) << 4)
+ #define QI_DEV_EIOTLB_PFSID(pfsid) (((u64)(pfsid & 0xf) << 12) | \
+--
+2.25.1
+
--- /dev/null
+From 29bd817d87c4bb739af5b1f0720255dd075907eb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 30 Apr 2020 18:42:44 +0200
+Subject: media: rockchip: rga: Introduce color fmt macros and refactor CSC
+ mode logic
+
+From: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
+
+[ Upstream commit ded874ece29d3fe2abd3775810a06056067eb68c ]
+
+This introduces two macros: RGA_COLOR_FMT_IS_YUV and RGA_COLOR_FMT_IS_RGB
+which allow quick checking of the colorspace familily of a RGA color format.
+
+These macros are then used to refactor the logic for CSC mode selection.
+The two nested tests for input colorspace are simplified into a single one,
+with a logical and, making the whole more readable.
+
+Signed-off-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
+Reviewed-by: Ezequiel Garcia <ezequiel@collabora.com>
+Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/media/platform/rockchip/rga/rga-hw.c | 23 +++++++++-----------
+ drivers/media/platform/rockchip/rga/rga-hw.h | 5 +++++
+ 2 files changed, 15 insertions(+), 13 deletions(-)
+
+diff --git a/drivers/media/platform/rockchip/rga/rga-hw.c b/drivers/media/platform/rockchip/rga/rga-hw.c
+index 96d1b1b3fe8e8..6d12491b79d78 100644
+--- a/drivers/media/platform/rockchip/rga/rga-hw.c
++++ b/drivers/media/platform/rockchip/rga/rga-hw.c
+@@ -208,22 +208,19 @@ static void rga_cmd_set_trans_info(struct rga_ctx *ctx)
+ dst_info.data.format = ctx->out.fmt->hw_format;
+ dst_info.data.swap = ctx->out.fmt->color_swap;
+
+- if (ctx->in.fmt->hw_format >= RGA_COLOR_FMT_YUV422SP) {
+- if (ctx->out.fmt->hw_format < RGA_COLOR_FMT_YUV422SP) {
+- switch (ctx->in.colorspace) {
+- case V4L2_COLORSPACE_REC709:
+- src_info.data.csc_mode =
+- RGA_SRC_CSC_MODE_BT709_R0;
+- break;
+- default:
+- src_info.data.csc_mode =
+- RGA_SRC_CSC_MODE_BT601_R0;
+- break;
+- }
++ if (RGA_COLOR_FMT_IS_YUV(ctx->in.fmt->hw_format) &&
++ RGA_COLOR_FMT_IS_RGB(ctx->out.fmt->hw_format)) {
++ switch (ctx->in.colorspace) {
++ case V4L2_COLORSPACE_REC709:
++ src_info.data.csc_mode = RGA_SRC_CSC_MODE_BT709_R0;
++ break;
++ default:
++ src_info.data.csc_mode = RGA_SRC_CSC_MODE_BT601_R0;
++ break;
+ }
+ }
+
+- if (ctx->out.fmt->hw_format >= RGA_COLOR_FMT_YUV422SP) {
++ if (RGA_COLOR_FMT_IS_YUV(ctx->out.fmt->hw_format)) {
+ switch (ctx->out.colorspace) {
+ case V4L2_COLORSPACE_REC709:
+ dst_info.data.csc_mode = RGA_SRC_CSC_MODE_BT709_R0;
+diff --git a/drivers/media/platform/rockchip/rga/rga-hw.h b/drivers/media/platform/rockchip/rga/rga-hw.h
+index ca3c204abe420..3e4b70eb9ced5 100644
+--- a/drivers/media/platform/rockchip/rga/rga-hw.h
++++ b/drivers/media/platform/rockchip/rga/rga-hw.h
+@@ -103,6 +103,11 @@
+ #define RGA_COLOR_FMT_CP_8BPP 15
+ #define RGA_COLOR_FMT_MASK 15
+
++#define RGA_COLOR_FMT_IS_YUV(fmt) \
++ (((fmt) >= RGA_COLOR_FMT_YUV422SP) && ((fmt) < RGA_COLOR_FMT_CP_1BPP))
++#define RGA_COLOR_FMT_IS_RGB(fmt) \
++ ((fmt) < RGA_COLOR_FMT_YUV422SP)
++
+ #define RGA_COLOR_NONE_SWAP 0
+ #define RGA_COLOR_RB_SWAP 1
+ #define RGA_COLOR_ALPHA_SWAP 2
+--
+2.25.1
+
--- /dev/null
+From 39e94c687dd9d4dfd2c4b8d06f55e2bc88a8e647 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 30 Apr 2020 18:42:45 +0200
+Subject: media: rockchip: rga: Only set output CSC mode for RGB input
+
+From: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
+
+[ Upstream commit 0f879bab72f47e8ba2421a984e7acfa763d3e84e ]
+
+Setting the output CSC mode is required for a YUV output, but must not
+be set when the input is also YUV. Doing this (as tested with a YUV420P
+to YUV420P conversion) results in wrong colors.
+
+Adapt the logic to only set the output CSC mode when the output is YUV and
+the input is RGB. Also add a comment to clarify the rationale.
+
+Fixes: f7e7b48e6d79 ("[media] rockchip/rga: v4l2 m2m support")
+Signed-off-by: Paul Kocialkowski <paul.kocialkowski@bootlin.com>
+Reviewed-by: Ezequiel Garcia <ezequiel@collabora.com>
+Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/media/platform/rockchip/rga/rga-hw.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/media/platform/rockchip/rga/rga-hw.c b/drivers/media/platform/rockchip/rga/rga-hw.c
+index 6d12491b79d78..681de42f12e9a 100644
+--- a/drivers/media/platform/rockchip/rga/rga-hw.c
++++ b/drivers/media/platform/rockchip/rga/rga-hw.c
+@@ -208,6 +208,11 @@ static void rga_cmd_set_trans_info(struct rga_ctx *ctx)
+ dst_info.data.format = ctx->out.fmt->hw_format;
+ dst_info.data.swap = ctx->out.fmt->color_swap;
+
++ /*
++ * CSC mode must only be set when the colorspace families differ between
++ * input and output. It must remain unset (zeroed) if both are the same.
++ */
++
+ if (RGA_COLOR_FMT_IS_YUV(ctx->in.fmt->hw_format) &&
+ RGA_COLOR_FMT_IS_RGB(ctx->out.fmt->hw_format)) {
+ switch (ctx->in.colorspace) {
+@@ -220,7 +225,8 @@ static void rga_cmd_set_trans_info(struct rga_ctx *ctx)
+ }
+ }
+
+- if (RGA_COLOR_FMT_IS_YUV(ctx->out.fmt->hw_format)) {
++ if (RGA_COLOR_FMT_IS_RGB(ctx->in.fmt->hw_format) &&
++ RGA_COLOR_FMT_IS_YUV(ctx->out.fmt->hw_format)) {
+ switch (ctx->out.colorspace) {
+ case V4L2_COLORSPACE_REC709:
+ dst_info.data.csc_mode = RGA_SRC_CSC_MODE_BT709_R0;
+--
+2.25.1
+
--- /dev/null
+From bfed100fb8521852b359b7a76fc70caee15dc7c5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 15 Jun 2020 14:53:21 +0100
+Subject: mfd: arizona: Ensure 32k clock is put on driver unbind and error
+
+From: Charles Keepax <ckeepax@opensource.cirrus.com>
+
+[ Upstream commit ddff6c45b21d0437ce0c85f8ac35d7b5480513d7 ]
+
+Whilst it doesn't matter if the internal 32k clock register settings
+are cleaned up on exit, as the part will be turned off losing any
+settings, hence the driver hasn't historially bothered. The external
+clock should however be cleaned up, as it could cause clocks to be
+left on, and will at best generate a warning on unbind.
+
+Add clean up on both the probe error path and unbind for the 32k
+clock.
+
+Fixes: cdd8da8cc66b ("mfd: arizona: Add gating of external MCLKn clocks")
+Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
+Signed-off-by: Lee Jones <lee.jones@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mfd/arizona-core.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/drivers/mfd/arizona-core.c b/drivers/mfd/arizona-core.c
+index a4403a57ddc89..09acaa2cf74a2 100644
+--- a/drivers/mfd/arizona-core.c
++++ b/drivers/mfd/arizona-core.c
+@@ -1433,6 +1433,15 @@ int arizona_dev_init(struct arizona *arizona)
+ arizona_irq_exit(arizona);
+ err_pm:
+ pm_runtime_disable(arizona->dev);
++
++ switch (arizona->pdata.clk32k_src) {
++ case ARIZONA_32KZ_MCLK1:
++ case ARIZONA_32KZ_MCLK2:
++ arizona_clk32k_disable(arizona);
++ break;
++ default:
++ break;
++ }
+ err_reset:
+ arizona_enable_reset(arizona);
+ regulator_disable(arizona->dcvdd);
+@@ -1455,6 +1464,15 @@ int arizona_dev_exit(struct arizona *arizona)
+ regulator_disable(arizona->dcvdd);
+ regulator_put(arizona->dcvdd);
+
++ switch (arizona->pdata.clk32k_src) {
++ case ARIZONA_32KZ_MCLK1:
++ case ARIZONA_32KZ_MCLK2:
++ arizona_clk32k_disable(arizona);
++ break;
++ default:
++ break;
++ }
++
+ mfd_remove_devices(arizona->dev);
+ arizona_free_irq(arizona, ARIZONA_IRQ_UNDERCLOCKED, arizona);
+ arizona_free_irq(arizona, ARIZONA_IRQ_OVERCLOCKED, arizona);
+--
+2.25.1
+
--- /dev/null
+From a8e46c9542422ee52120d8552c94ea491b07eeb7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 23 Jul 2020 16:02:46 +0300
+Subject: mfd: dln2: Run event handler loop under spinlock
+
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+
+[ Upstream commit 3d858942250820b9adc35f963a257481d6d4c81d ]
+
+The event handler loop must be run with interrupts disabled.
+Otherwise we will have a warning:
+
+[ 1970.785649] irq 31 handler lineevent_irq_handler+0x0/0x20 enabled interrupts
+[ 1970.792739] WARNING: CPU: 0 PID: 0 at kernel/irq/handle.c:159 __handle_irq_event_percpu+0x162/0x170
+[ 1970.860732] RIP: 0010:__handle_irq_event_percpu+0x162/0x170
+...
+[ 1970.946994] Call Trace:
+[ 1970.949446] <IRQ>
+[ 1970.951471] handle_irq_event_percpu+0x2c/0x80
+[ 1970.955921] handle_irq_event+0x23/0x43
+[ 1970.959766] handle_simple_irq+0x57/0x70
+[ 1970.963695] generic_handle_irq+0x42/0x50
+[ 1970.967717] dln2_rx+0xc1/0x210 [dln2]
+[ 1970.971479] ? usb_hcd_unmap_urb_for_dma+0xa6/0x1c0
+[ 1970.976362] __usb_hcd_giveback_urb+0x77/0xe0
+[ 1970.980727] usb_giveback_urb_bh+0x8e/0xe0
+[ 1970.984837] tasklet_action_common.isra.0+0x4a/0xe0
+...
+
+Recently xHCI driver switched to tasklets in the commit 36dc01657b49
+("usb: host: xhci: Support running urb giveback in tasklet context").
+
+The handle_irq_event_* functions are expected to be called with interrupts
+disabled and they rightfully complain here because we run in tasklet context
+with interrupts enabled.
+
+Use a event spinlock to protect event handler from being interrupted.
+
+Note, that there are only two users of this GPIO and ADC drivers and both of
+them are using generic_handle_irq() which makes above happen.
+
+Fixes: 338a12814297 ("mfd: Add support for Diolan DLN-2 devices")
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Lee Jones <lee.jones@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mfd/dln2.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/mfd/dln2.c b/drivers/mfd/dln2.c
+index 6ea0dd37b4535..fe614ba5fec90 100644
+--- a/drivers/mfd/dln2.c
++++ b/drivers/mfd/dln2.c
+@@ -290,7 +290,11 @@ static void dln2_rx(struct urb *urb)
+ len = urb->actual_length - sizeof(struct dln2_header);
+
+ if (handle == DLN2_HANDLE_EVENT) {
++ unsigned long flags;
++
++ spin_lock_irqsave(&dln2->event_cb_lock, flags);
+ dln2_run_event_callbacks(dln2, id, echo, data, len);
++ spin_unlock_irqrestore(&dln2->event_cb_lock, flags);
+ } else {
+ /* URB will be re-submitted in _dln2_transfer (free_rx_slot) */
+ if (dln2_transfer_complete(dln2, urb, handle, echo))
+--
+2.25.1
+
--- /dev/null
+From f0711fafc285eba2ffc79b311014210c09b637ef Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 21 May 2020 16:01:05 +0900
+Subject: mmc: renesas_sdhi_internal_dmac: clean up the code for dma complete
+
+From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+
+[ Upstream commit 2b26e34e9af3fa24fa1266e9ea2d66a1f7d62dc0 ]
+
+To add end() operation in the future, clean the code of
+renesas_sdhi_internal_dmac_complete_tasklet_fn(). No behavior change.
+
+Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Link: https://lore.kernel.org/r/1590044466-28372-3-git-send-email-yoshihiro.shimoda.uh@renesas.com
+Tested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mmc/host/renesas_sdhi_internal_dmac.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/mmc/host/renesas_sdhi_internal_dmac.c b/drivers/mmc/host/renesas_sdhi_internal_dmac.c
+index 382172fb3da8f..74eea8247490d 100644
+--- a/drivers/mmc/host/renesas_sdhi_internal_dmac.c
++++ b/drivers/mmc/host/renesas_sdhi_internal_dmac.c
+@@ -222,15 +222,12 @@ static void renesas_sdhi_internal_dmac_issue_tasklet_fn(unsigned long arg)
+ DTRAN_CTRL_DM_START);
+ }
+
+-static void renesas_sdhi_internal_dmac_complete_tasklet_fn(unsigned long arg)
++static bool renesas_sdhi_internal_dmac_complete(struct tmio_mmc_host *host)
+ {
+- struct tmio_mmc_host *host = (struct tmio_mmc_host *)arg;
+ enum dma_data_direction dir;
+
+- spin_lock_irq(&host->lock);
+-
+ if (!host->data)
+- goto out;
++ return false;
+
+ if (host->data->flags & MMC_DATA_READ)
+ dir = DMA_FROM_DEVICE;
+@@ -243,6 +240,17 @@ static void renesas_sdhi_internal_dmac_complete_tasklet_fn(unsigned long arg)
+ if (dir == DMA_FROM_DEVICE)
+ clear_bit(SDHI_INTERNAL_DMAC_RX_IN_USE, &global_flags);
+
++ return true;
++}
++
++static void renesas_sdhi_internal_dmac_complete_tasklet_fn(unsigned long arg)
++{
++ struct tmio_mmc_host *host = (struct tmio_mmc_host *)arg;
++
++ spin_lock_irq(&host->lock);
++ if (!renesas_sdhi_internal_dmac_complete(host))
++ goto out;
++
+ tmio_mmc_do_data_irq(host);
+ out:
+ spin_unlock_irq(&host->lock);
+--
+2.25.1
+
--- /dev/null
+From 2b6c4d940a06a2bff63f4c1a89683e8f7ee66147 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 10 Aug 2020 10:57:05 +0800
+Subject: net: qcom/emac: add missed clk_disable_unprepare in error path of
+ emac_clks_phase1_init
+
+From: Wang Hai <wanghai38@huawei.com>
+
+[ Upstream commit 50caa777a3a24d7027748e96265728ce748b41ef ]
+
+Fix the missing clk_disable_unprepare() before return
+from emac_clks_phase1_init() in the error handling case.
+
+Fixes: b9b17debc69d ("net: emac: emac gigabit ethernet controller driver")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Wang Hai <wanghai38@huawei.com>
+Acked-by: Timur Tabi <timur@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/qualcomm/emac/emac.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/ethernet/qualcomm/emac/emac.c b/drivers/net/ethernet/qualcomm/emac/emac.c
+index 2a0cbc535a2ed..19673ed929e68 100644
+--- a/drivers/net/ethernet/qualcomm/emac/emac.c
++++ b/drivers/net/ethernet/qualcomm/emac/emac.c
+@@ -493,13 +493,24 @@ static int emac_clks_phase1_init(struct platform_device *pdev,
+
+ ret = clk_prepare_enable(adpt->clk[EMAC_CLK_CFG_AHB]);
+ if (ret)
+- return ret;
++ goto disable_clk_axi;
+
+ ret = clk_set_rate(adpt->clk[EMAC_CLK_HIGH_SPEED], 19200000);
+ if (ret)
+- return ret;
++ goto disable_clk_cfg_ahb;
++
++ ret = clk_prepare_enable(adpt->clk[EMAC_CLK_HIGH_SPEED]);
++ if (ret)
++ goto disable_clk_cfg_ahb;
+
+- return clk_prepare_enable(adpt->clk[EMAC_CLK_HIGH_SPEED]);
++ return 0;
++
++disable_clk_cfg_ahb:
++ clk_disable_unprepare(adpt->clk[EMAC_CLK_CFG_AHB]);
++disable_clk_axi:
++ clk_disable_unprepare(adpt->clk[EMAC_CLK_AXI]);
++
++ return ret;
+ }
+
+ /* Enable clocks; needs emac_clks_phase1_init to be called before */
+--
+2.25.1
+
--- /dev/null
+From 62c42d5b1ff3c55abb72790769a37775fefbc8b0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 5 Aug 2020 12:23:19 -0500
+Subject: nfs: Fix getxattr kernel panic and memory overflow
+
+From: Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
+
+[ Upstream commit b4487b93545214a9db8cbf32e86411677b0cca21 ]
+
+Move the buffer size check to decode_attr_security_label() before memcpy()
+Only call memcpy() if the buffer is large enough
+
+Fixes: aa9c2669626c ("NFS: Client implementation of Labeled-NFS")
+Signed-off-by: Jeffrey Mitchell <jeffrey.mitchell@starlab.io>
+[Trond: clean up duplicate test of label->len != 0]
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/nfs4proc.c | 2 --
+ fs/nfs/nfs4xdr.c | 6 +++++-
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index 05cb68ca1ba1a..1ef75b1deffa3 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -5603,8 +5603,6 @@ static int _nfs4_get_security_label(struct inode *inode, void *buf,
+ return ret;
+ if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL))
+ return -ENOENT;
+- if (buflen < label.len)
+- return -ERANGE;
+ return 0;
+ }
+
+diff --git a/fs/nfs/nfs4xdr.c b/fs/nfs/nfs4xdr.c
+index c4cf0192d7bb8..0a5cae8f8aff9 100644
+--- a/fs/nfs/nfs4xdr.c
++++ b/fs/nfs/nfs4xdr.c
+@@ -4280,7 +4280,11 @@ static int decode_attr_security_label(struct xdr_stream *xdr, uint32_t *bitmap,
+ goto out_overflow;
+ if (len < NFS4_MAXLABELLEN) {
+ if (label) {
+- memcpy(label->label, p, len);
++ if (label->len) {
++ if (label->len < len)
++ return -ERANGE;
++ memcpy(label->label, p, len);
++ }
+ label->len = len;
+ label->pi = pi;
+ label->lfs = lfs;
+--
+2.25.1
+
--- /dev/null
+From 06e742d2885cd4c3cb2113d99077f7a48e4e1eb5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 16 Jun 2020 06:19:46 +0900
+Subject: openrisc: Fix oops caused when dumping stack
+
+From: Stafford Horne <shorne@gmail.com>
+
+[ Upstream commit 57b8e277c33620e115633cdf700a260b55095460 ]
+
+When dumping a stack with 'cat /proc/#/stack' the kernel would oops.
+For example:
+
+ # cat /proc/690/stack
+ Unable to handle kernel access
+ at virtual address 0x7fc60f58
+
+ Oops#: 0000
+ CPU #: 0
+ PC: c00097fc SR: 0000807f SP: d6f09b9c
+ GPR00: 00000000 GPR01: d6f09b9c GPR02: d6f09bb8 GPR03: d6f09bc4
+ GPR04: 7fc60f5c GPR05: c00099b4 GPR06: 00000000 GPR07: d6f09ba3
+ GPR08: ffffff00 GPR09: c0009804 GPR10: d6f08000 GPR11: 00000000
+ GPR12: ffffe000 GPR13: dbb86000 GPR14: 00000001 GPR15: dbb86250
+ GPR16: 7fc60f63 GPR17: 00000f5c GPR18: d6f09bc4 GPR19: 00000000
+ GPR20: c00099b4 GPR21: ffffffc0 GPR22: 00000000 GPR23: 00000000
+ GPR24: 00000001 GPR25: 000002c6 GPR26: d78b6850 GPR27: 00000001
+ GPR28: 00000000 GPR29: dbb86000 GPR30: ffffffff GPR31: dbb862fc
+ RES: 00000000 oGPR11: ffffffff
+ Process cat (pid: 702, stackpage=d79d6000)
+
+ Stack:
+ Call trace:
+ [<598977f2>] save_stack_trace_tsk+0x40/0x74
+ [<95063f0e>] stack_trace_save_tsk+0x44/0x58
+ [<b557bfdd>] proc_pid_stack+0xd0/0x13c
+ [<a2df8eda>] proc_single_show+0x6c/0xf0
+ [<e5a737b7>] seq_read+0x1b4/0x688
+ [<2d6c7480>] do_iter_read+0x208/0x248
+ [<2182a2fb>] vfs_readv+0x64/0x90
+
+This was caused by the stack trace code in save_stack_trace_tsk using
+the wrong stack pointer. It was using the user stack pointer instead of
+the kernel stack pointer. Fix this by using the right stack.
+
+Also for good measure we add try_get_task_stack/put_task_stack to ensure
+the task is not lost while we are walking it's stack.
+
+Fixes: eecac38b0423a ("openrisc: support framepointers and STACKTRACE_SUPPORT")
+Signed-off-by: Stafford Horne <shorne@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/openrisc/kernel/stacktrace.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/arch/openrisc/kernel/stacktrace.c b/arch/openrisc/kernel/stacktrace.c
+index 43f140a28bc72..54d38809e22cb 100644
+--- a/arch/openrisc/kernel/stacktrace.c
++++ b/arch/openrisc/kernel/stacktrace.c
+@@ -13,6 +13,7 @@
+ #include <linux/export.h>
+ #include <linux/sched.h>
+ #include <linux/sched/debug.h>
++#include <linux/sched/task_stack.h>
+ #include <linux/stacktrace.h>
+
+ #include <asm/processor.h>
+@@ -68,12 +69,25 @@ void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
+ {
+ unsigned long *sp = NULL;
+
++ if (!try_get_task_stack(tsk))
++ return;
++
+ if (tsk == current)
+ sp = (unsigned long *) &sp;
+- else
+- sp = (unsigned long *) KSTK_ESP(tsk);
++ else {
++ unsigned long ksp;
++
++ /* Locate stack from kernel context */
++ ksp = task_thread_info(tsk)->ksp;
++ ksp += STACK_FRAME_OVERHEAD; /* redzone */
++ ksp += sizeof(struct pt_regs);
++
++ sp = (unsigned long *) ksp;
++ }
+
+ unwind_stack(trace, sp, save_stack_address_nosched);
++
++ put_task_stack(tsk);
+ }
+ EXPORT_SYMBOL_GPL(save_stack_trace_tsk);
+
+--
+2.25.1
+
--- /dev/null
+From 8f715a087a98d86ba3d7c33f5ca2c7ede2d6aef4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 10 Aug 2020 15:34:04 +0200
+Subject: perf bench mem: Always memset source before memcpy
+
+From: Vincent Whitchurch <vincent.whitchurch@axis.com>
+
+[ Upstream commit 1beaef29c34154ccdcb3f1ae557f6883eda18840 ]
+
+For memcpy, the source pages are memset to zero only when --cycles is
+used. This leads to wildly different results with or without --cycles,
+since all sources pages are likely to be mapped to the same zero page
+without explicit writes.
+
+Before this fix:
+
+$ export cmd="./perf stat -e LLC-loads -- ./perf bench \
+ mem memcpy -s 1024MB -l 100 -f default"
+$ $cmd
+
+ 2,935,826 LLC-loads
+ 3.821677452 seconds time elapsed
+
+$ $cmd --cycles
+
+ 217,533,436 LLC-loads
+ 8.616725985 seconds time elapsed
+
+After this fix:
+
+$ $cmd
+
+ 214,459,686 LLC-loads
+ 8.674301124 seconds time elapsed
+
+$ $cmd --cycles
+
+ 214,758,651 LLC-loads
+ 8.644480006 seconds time elapsed
+
+Fixes: 47b5757bac03c338 ("perf bench mem: Move boilerplate memory allocation to the infrastructure")
+Signed-off-by: Vincent Whitchurch <vincent.whitchurch@axis.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: kernel@axis.com
+Link: http://lore.kernel.org/lkml/20200810133404.30829-1-vincent.whitchurch@axis.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/bench/mem-functions.c | 21 +++++++++++----------
+ 1 file changed, 11 insertions(+), 10 deletions(-)
+
+diff --git a/tools/perf/bench/mem-functions.c b/tools/perf/bench/mem-functions.c
+index 0251dd348124a..4864fc67d01b5 100644
+--- a/tools/perf/bench/mem-functions.c
++++ b/tools/perf/bench/mem-functions.c
+@@ -222,12 +222,8 @@ static int bench_mem_common(int argc, const char **argv, struct bench_mem_info *
+ return 0;
+ }
+
+-static u64 do_memcpy_cycles(const struct function *r, size_t size, void *src, void *dst)
++static void memcpy_prefault(memcpy_t fn, size_t size, void *src, void *dst)
+ {
+- u64 cycle_start = 0ULL, cycle_end = 0ULL;
+- memcpy_t fn = r->fn.memcpy;
+- int i;
+-
+ /* Make sure to always prefault zero pages even if MMAP_THRESH is crossed: */
+ memset(src, 0, size);
+
+@@ -236,6 +232,15 @@ static u64 do_memcpy_cycles(const struct function *r, size_t size, void *src, vo
+ * to not measure page fault overhead:
+ */
+ fn(dst, src, size);
++}
++
++static u64 do_memcpy_cycles(const struct function *r, size_t size, void *src, void *dst)
++{
++ u64 cycle_start = 0ULL, cycle_end = 0ULL;
++ memcpy_t fn = r->fn.memcpy;
++ int i;
++
++ memcpy_prefault(fn, size, src, dst);
+
+ cycle_start = get_cycles();
+ for (i = 0; i < nr_loops; ++i)
+@@ -251,11 +256,7 @@ static double do_memcpy_gettimeofday(const struct function *r, size_t size, void
+ memcpy_t fn = r->fn.memcpy;
+ int i;
+
+- /*
+- * We prefault the freshly allocated memory range here,
+- * to not measure page fault overhead:
+- */
+- fn(dst, src, size);
++ memcpy_prefault(fn, size, src, dst);
+
+ BUG_ON(gettimeofday(&tv_start, NULL));
+ for (i = 0; i < nr_loops; ++i)
+--
+2.25.1
+
--- /dev/null
+From d4e0d2b7ddb8a514cd2c6e2c7bd5ff4c586181ee Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 17 Jul 2020 21:46:06 -0700
+Subject: pwm: bcm-iproc: handle clk_get_rate() return
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
+
+[ Upstream commit 6ced5ff0be8e94871ba846dfbddf69d21363f3d7 ]
+
+Handle clk_get_rate() returning 0 to avoid possible division by zero.
+
+Fixes: daa5abc41c80 ("pwm: Add support for Broadcom iProc PWM controller")
+Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
+Signed-off-by: Scott Branden <scott.branden@broadcom.com>
+Reviewed-by: Ray Jui <ray.jui@broadcom.com>
+Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pwm/pwm-bcm-iproc.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/pwm/pwm-bcm-iproc.c b/drivers/pwm/pwm-bcm-iproc.c
+index 31b01035d0ab3..8cfba3614e601 100644
+--- a/drivers/pwm/pwm-bcm-iproc.c
++++ b/drivers/pwm/pwm-bcm-iproc.c
+@@ -85,8 +85,6 @@ static void iproc_pwmc_get_state(struct pwm_chip *chip, struct pwm_device *pwm,
+ u64 tmp, multi, rate;
+ u32 value, prescale;
+
+- rate = clk_get_rate(ip->clk);
+-
+ value = readl(ip->base + IPROC_PWM_CTRL_OFFSET);
+
+ if (value & BIT(IPROC_PWM_CTRL_EN_SHIFT(pwm->hwpwm)))
+@@ -99,6 +97,13 @@ static void iproc_pwmc_get_state(struct pwm_chip *chip, struct pwm_device *pwm,
+ else
+ state->polarity = PWM_POLARITY_INVERSED;
+
++ rate = clk_get_rate(ip->clk);
++ if (rate == 0) {
++ state->period = 0;
++ state->duty_cycle = 0;
++ return;
++ }
++
+ value = readl(ip->base + IPROC_PWM_PRESCALE_OFFSET);
+ prescale = value >> IPROC_PWM_PRESCALE_SHIFT(pwm->hwpwm);
+ prescale &= IPROC_PWM_PRESCALE_MAX;
+--
+2.25.1
+
--- /dev/null
+From c8eb7771b2793524b2056aea158da2c8dd9f10b4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 25 Jun 2020 20:42:19 +0300
+Subject: RDMA/ipoib: Fix ABBA deadlock with ipoib_reap_ah()
+
+From: Jason Gunthorpe <jgg@nvidia.com>
+
+[ Upstream commit 65936bf25f90fe440bb2d11624c7d10fab266639 ]
+
+ipoib_mcast_carrier_on_task() insanely open codes a rtnl_lock() such that
+the only time flush_workqueue() can be called is if it also clears
+IPOIB_FLAG_OPER_UP.
+
+Thus the flush inside ipoib_flush_ah() will deadlock if it gets unlucky
+enough, and lockdep doesn't help us to find it early:
+
+ CPU0 CPU1 CPU2
+ __ipoib_ib_dev_flush()
+ down_read(vlan_rwsem)
+
+ ipoib_vlan_add()
+ rtnl_trylock()
+ down_write(vlan_rwsem)
+
+ ipoib_mcast_carrier_on_task()
+ while (!rtnl_trylock())
+ msleep(20);
+
+ ipoib_flush_ah()
+ flush_workqueue(priv->wq)
+
+Clean up the ah_reaper related functions and lifecycle to make sense:
+
+ - Start/Stop of the reaper should only be done in open/stop NDOs, not in
+ any other places
+
+ - cancel and flush of the reaper should only happen in the stop NDO.
+ cancel is only functional when combined with IPOIB_STOP_REAPER.
+
+ - Non-stop places were flushing the AH's just need to flush out dead AH's
+ synchronously and ignore the background task completely. It is fully
+ locked and harmless to leave running.
+
+Which ultimately fixes the ABBA deadlock by removing the unnecessary
+flush_workqueue() from the problematic place under the vlan_rwsem.
+
+Fixes: efc82eeeae4e ("IB/ipoib: No longer use flush as a parameter")
+Link: https://lore.kernel.org/r/20200625174219.290842-1-kamalheib1@gmail.com
+Reported-by: Kamal Heib <kheib@redhat.com>
+Tested-by: Kamal Heib <kheib@redhat.com>
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/infiniband/ulp/ipoib/ipoib_ib.c | 65 ++++++++++-------------
+ drivers/infiniband/ulp/ipoib/ipoib_main.c | 2 +
+ 2 files changed, 31 insertions(+), 36 deletions(-)
+
+diff --git a/drivers/infiniband/ulp/ipoib/ipoib_ib.c b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
+index 925258ffbde3c..82b9c5b6e3e65 100644
+--- a/drivers/infiniband/ulp/ipoib/ipoib_ib.c
++++ b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
+@@ -669,14 +669,13 @@ int ipoib_send(struct net_device *dev, struct sk_buff *skb,
+ return rc;
+ }
+
+-static void __ipoib_reap_ah(struct net_device *dev)
++static void ipoib_reap_dead_ahs(struct ipoib_dev_priv *priv)
+ {
+- struct ipoib_dev_priv *priv = ipoib_priv(dev);
+ struct ipoib_ah *ah, *tah;
+ LIST_HEAD(remove_list);
+ unsigned long flags;
+
+- netif_tx_lock_bh(dev);
++ netif_tx_lock_bh(priv->dev);
+ spin_lock_irqsave(&priv->lock, flags);
+
+ list_for_each_entry_safe(ah, tah, &priv->dead_ahs, list)
+@@ -687,37 +686,37 @@ static void __ipoib_reap_ah(struct net_device *dev)
+ }
+
+ spin_unlock_irqrestore(&priv->lock, flags);
+- netif_tx_unlock_bh(dev);
++ netif_tx_unlock_bh(priv->dev);
+ }
+
+ void ipoib_reap_ah(struct work_struct *work)
+ {
+ struct ipoib_dev_priv *priv =
+ container_of(work, struct ipoib_dev_priv, ah_reap_task.work);
+- struct net_device *dev = priv->dev;
+
+- __ipoib_reap_ah(dev);
++ ipoib_reap_dead_ahs(priv);
+
+ if (!test_bit(IPOIB_STOP_REAPER, &priv->flags))
+ queue_delayed_work(priv->wq, &priv->ah_reap_task,
+ round_jiffies_relative(HZ));
+ }
+
+-static void ipoib_flush_ah(struct net_device *dev)
++static void ipoib_start_ah_reaper(struct ipoib_dev_priv *priv)
+ {
+- struct ipoib_dev_priv *priv = ipoib_priv(dev);
+-
+- cancel_delayed_work(&priv->ah_reap_task);
+- flush_workqueue(priv->wq);
+- ipoib_reap_ah(&priv->ah_reap_task.work);
++ clear_bit(IPOIB_STOP_REAPER, &priv->flags);
++ queue_delayed_work(priv->wq, &priv->ah_reap_task,
++ round_jiffies_relative(HZ));
+ }
+
+-static void ipoib_stop_ah(struct net_device *dev)
++static void ipoib_stop_ah_reaper(struct ipoib_dev_priv *priv)
+ {
+- struct ipoib_dev_priv *priv = ipoib_priv(dev);
+-
+ set_bit(IPOIB_STOP_REAPER, &priv->flags);
+- ipoib_flush_ah(dev);
++ cancel_delayed_work(&priv->ah_reap_task);
++ /*
++ * After ipoib_stop_ah_reaper() we always go through
++ * ipoib_reap_dead_ahs() which ensures the work is really stopped and
++ * does a final flush out of the dead_ah's list
++ */
+ }
+
+ static int recvs_pending(struct net_device *dev)
+@@ -846,16 +845,6 @@ int ipoib_ib_dev_stop_default(struct net_device *dev)
+ return 0;
+ }
+
+-void ipoib_ib_dev_stop(struct net_device *dev)
+-{
+- struct ipoib_dev_priv *priv = ipoib_priv(dev);
+-
+- priv->rn_ops->ndo_stop(dev);
+-
+- clear_bit(IPOIB_FLAG_INITIALIZED, &priv->flags);
+- ipoib_flush_ah(dev);
+-}
+-
+ int ipoib_ib_dev_open_default(struct net_device *dev)
+ {
+ struct ipoib_dev_priv *priv = ipoib_priv(dev);
+@@ -899,10 +888,7 @@ int ipoib_ib_dev_open(struct net_device *dev)
+ return -1;
+ }
+
+- clear_bit(IPOIB_STOP_REAPER, &priv->flags);
+- queue_delayed_work(priv->wq, &priv->ah_reap_task,
+- round_jiffies_relative(HZ));
+-
++ ipoib_start_ah_reaper(priv);
+ if (priv->rn_ops->ndo_open(dev)) {
+ pr_warn("%s: Failed to open dev\n", dev->name);
+ goto dev_stop;
+@@ -913,13 +899,20 @@ int ipoib_ib_dev_open(struct net_device *dev)
+ return 0;
+
+ dev_stop:
+- set_bit(IPOIB_STOP_REAPER, &priv->flags);
+- cancel_delayed_work(&priv->ah_reap_task);
+- set_bit(IPOIB_FLAG_INITIALIZED, &priv->flags);
+- ipoib_ib_dev_stop(dev);
++ ipoib_stop_ah_reaper(priv);
+ return -1;
+ }
+
++void ipoib_ib_dev_stop(struct net_device *dev)
++{
++ struct ipoib_dev_priv *priv = ipoib_priv(dev);
++
++ priv->rn_ops->ndo_stop(dev);
++
++ clear_bit(IPOIB_FLAG_INITIALIZED, &priv->flags);
++ ipoib_stop_ah_reaper(priv);
++}
++
+ void ipoib_pkey_dev_check_presence(struct net_device *dev)
+ {
+ struct ipoib_dev_priv *priv = ipoib_priv(dev);
+@@ -1230,7 +1223,7 @@ static void __ipoib_ib_dev_flush(struct ipoib_dev_priv *priv,
+ ipoib_mcast_dev_flush(dev);
+ if (oper_up)
+ set_bit(IPOIB_FLAG_OPER_UP, &priv->flags);
+- ipoib_flush_ah(dev);
++ ipoib_reap_dead_ahs(priv);
+ }
+
+ if (level >= IPOIB_FLUSH_NORMAL)
+@@ -1305,7 +1298,7 @@ void ipoib_ib_dev_cleanup(struct net_device *dev)
+ * the neighbor garbage collection is stopped and reaped.
+ * That should all be done now, so make a final ah flush.
+ */
+- ipoib_stop_ah(dev);
++ ipoib_reap_dead_ahs(priv);
+
+ clear_bit(IPOIB_PKEY_ASSIGNED, &priv->flags);
+
+diff --git a/drivers/infiniband/ulp/ipoib/ipoib_main.c b/drivers/infiniband/ulp/ipoib/ipoib_main.c
+index 6093e8268583d..d0c35eb687aeb 100644
+--- a/drivers/infiniband/ulp/ipoib/ipoib_main.c
++++ b/drivers/infiniband/ulp/ipoib/ipoib_main.c
+@@ -1979,6 +1979,8 @@ static void ipoib_ndo_uninit(struct net_device *dev)
+
+ /* no more works over the priv->wq */
+ if (priv->wq) {
++ /* See ipoib_mcast_carrier_on_task() */
++ WARN_ON(test_bit(IPOIB_FLAG_OPER_UP, &priv->flags));
+ flush_workqueue(priv->wq);
+ destroy_workqueue(priv->wq);
+ priv->wq = NULL;
+--
+2.25.1
+
--- /dev/null
+From 91db3c7926bdc4a05bc443c82a91315cf1a20181 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 23 Jun 2020 13:52:36 +0300
+Subject: RDMA/ipoib: Return void from ipoib_ib_dev_stop()
+
+From: Kamal Heib <kamalheib1@gmail.com>
+
+[ Upstream commit 95a5631f6c9f3045f26245e6045244652204dfdb ]
+
+The return value from ipoib_ib_dev_stop() is always 0 - change it to be
+void.
+
+Link: https://lore.kernel.org/r/20200623105236.18683-1-kamalheib1@gmail.com
+Signed-off-by: Kamal Heib <kamalheib1@gmail.com>
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/infiniband/ulp/ipoib/ipoib.h | 2 +-
+ drivers/infiniband/ulp/ipoib/ipoib_ib.c | 4 +---
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/infiniband/ulp/ipoib/ipoib.h b/drivers/infiniband/ulp/ipoib/ipoib.h
+index 85267bbf48360..ef12221017053 100644
+--- a/drivers/infiniband/ulp/ipoib/ipoib.h
++++ b/drivers/infiniband/ulp/ipoib/ipoib.h
+@@ -513,7 +513,7 @@ void ipoib_ib_dev_cleanup(struct net_device *dev);
+
+ int ipoib_ib_dev_open_default(struct net_device *dev);
+ int ipoib_ib_dev_open(struct net_device *dev);
+-int ipoib_ib_dev_stop(struct net_device *dev);
++void ipoib_ib_dev_stop(struct net_device *dev);
+ void ipoib_ib_dev_up(struct net_device *dev);
+ void ipoib_ib_dev_down(struct net_device *dev);
+ int ipoib_ib_dev_stop_default(struct net_device *dev);
+diff --git a/drivers/infiniband/ulp/ipoib/ipoib_ib.c b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
+index 0f2e80f54d333..925258ffbde3c 100644
+--- a/drivers/infiniband/ulp/ipoib/ipoib_ib.c
++++ b/drivers/infiniband/ulp/ipoib/ipoib_ib.c
+@@ -846,7 +846,7 @@ int ipoib_ib_dev_stop_default(struct net_device *dev)
+ return 0;
+ }
+
+-int ipoib_ib_dev_stop(struct net_device *dev)
++void ipoib_ib_dev_stop(struct net_device *dev)
+ {
+ struct ipoib_dev_priv *priv = ipoib_priv(dev);
+
+@@ -854,8 +854,6 @@ int ipoib_ib_dev_stop(struct net_device *dev)
+
+ clear_bit(IPOIB_FLAG_INITIALIZED, &priv->flags);
+ ipoib_flush_ah(dev);
+-
+- return 0;
+ }
+
+ int ipoib_ib_dev_open_default(struct net_device *dev)
+--
+2.25.1
+
--- /dev/null
+From fb6bde6ebdf5f908ec443ec07b24340e7126173f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 29 Jul 2020 19:10:11 -0400
+Subject: scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
+ targetport
+
+From: Ewan D. Milne <emilne@redhat.com>
+
+[ Upstream commit af6de8c60fe9433afa73cea6fcccdccd98ad3e5e ]
+
+We cannot wait on a completion object in the lpfc_nvme_targetport structure
+in the _destroy_targetport() code path because the NVMe/fc transport will
+free that structure immediately after the .targetport_delete() callback.
+This results in a use-after-free, and a crash if slub_debug=FZPU is
+enabled.
+
+An earlier fix put put the completion on the stack, but commit 2a0fb340fcc8
+("scsi: lpfc: Correct localport timeout duration error") subsequently
+changed the code to reference the completion through a pointer in the
+object rather than the local stack variable. Fix this by using the stack
+variable directly.
+
+Link: https://lore.kernel.org/r/20200729231011.13240-1-emilne@redhat.com
+Fixes: 2a0fb340fcc8 ("scsi: lpfc: Correct localport timeout duration error")
+Reviewed-by: James Smart <james.smart@broadcom.com>
+Signed-off-by: Ewan D. Milne <emilne@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/lpfc/lpfc_nvmet.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c
+index 768eba8c111d9..5bc33817568ea 100644
+--- a/drivers/scsi/lpfc/lpfc_nvmet.c
++++ b/drivers/scsi/lpfc/lpfc_nvmet.c
+@@ -1712,7 +1712,7 @@ lpfc_nvmet_destroy_targetport(struct lpfc_hba *phba)
+ }
+ tgtp->tport_unreg_cmp = &tport_unreg_cmp;
+ nvmet_fc_unregister_targetport(phba->targetport);
+- if (!wait_for_completion_timeout(tgtp->tport_unreg_cmp,
++ if (!wait_for_completion_timeout(&tport_unreg_cmp,
+ msecs_to_jiffies(LPFC_NVMET_WAIT_TMO)))
+ lpfc_printf_log(phba, KERN_ERR, LOG_NVME,
+ "6179 Unreg targetport %p timeout "
+--
+2.25.1
+
--- /dev/null
+From 5e577843aabec2883bdf7639f0705e56f2149f75 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 9 Jul 2020 08:59:45 +0530
+Subject: selftests/powerpc: ptrace-pkey: Don't update expected UAMOR value
+
+From: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+
+[ Upstream commit 3563b9bea0ca7f53e4218b5e268550341a49f333 ]
+
+With commit 4a4a5e5d2aad ("powerpc/pkeys: key allocation/deallocation
+must not change pkey registers") we are not updating UAMOR on key
+allocation. So don't update the expected uamor value in the test.
+
+Fixes: 4a4a5e5d2aad ("powerpc/pkeys: key allocation/deallocation must not change pkey registers")
+Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200709032946.881753-23-aneesh.kumar@linux.ibm.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c b/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
+index bc33d748d95b4..3694613f418f6 100644
+--- a/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
++++ b/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
+@@ -101,15 +101,20 @@ static int child(struct shared_info *info)
+ */
+ info->invalid_amr = info->amr2 | (~0x0UL & ~info->expected_uamor);
+
++ /*
++ * if PKEY_DISABLE_EXECUTE succeeded we should update the expected_iamr
++ */
+ if (disable_execute)
+ info->expected_iamr |= 1ul << pkeyshift(pkey1);
+ else
+ info->expected_iamr &= ~(1ul << pkeyshift(pkey1));
+
+- info->expected_iamr &= ~(1ul << pkeyshift(pkey2) | 1ul << pkeyshift(pkey3));
++ /*
++ * We allocated pkey2 and pkey 3 above. Clear the IAMR bits.
++ */
++ info->expected_iamr &= ~(1ul << pkeyshift(pkey2));
++ info->expected_iamr &= ~(1ul << pkeyshift(pkey3));
+
+- info->expected_uamor |= 3ul << pkeyshift(pkey1) |
+- 3ul << pkeyshift(pkey2);
+ /*
+ * Create an IAMR value different from expected value.
+ * Kernel will reject an IAMR and UAMOR change.
+--
+2.25.1
+
--- /dev/null
+From 595b8caa416494d2ac87124eaec061e569cbd445 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 9 Jul 2020 08:59:43 +0530
+Subject: selftests/powerpc: ptrace-pkey: Rename variables to make it easier to
+ follow code
+
+From: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+
+[ Upstream commit 9a11f12e0a6c374b3ef1ce81e32ce477d28eb1b8 ]
+
+Rename variable to indicate that they are invalid values which we will
+use to test ptrace update of pkeys.
+
+Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200709032946.881753-21-aneesh.kumar@linux.ibm.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../selftests/powerpc/ptrace/ptrace-pkey.c | 26 +++++++++----------
+ 1 file changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c b/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
+index bdbbbe8431e03..f9216c7a1829e 100644
+--- a/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
++++ b/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
+@@ -44,7 +44,7 @@ struct shared_info {
+ unsigned long amr2;
+
+ /* AMR value that ptrace should refuse to write to the child. */
+- unsigned long amr3;
++ unsigned long invalid_amr;
+
+ /* IAMR value the parent expects to read from the child. */
+ unsigned long expected_iamr;
+@@ -57,8 +57,8 @@ struct shared_info {
+ * (even though they're valid ones) because userspace doesn't have
+ * access to those registers.
+ */
+- unsigned long new_iamr;
+- unsigned long new_uamor;
++ unsigned long invalid_iamr;
++ unsigned long invalid_uamor;
+ };
+
+ static int sys_pkey_alloc(unsigned long flags, unsigned long init_access_rights)
+@@ -100,7 +100,7 @@ static int child(struct shared_info *info)
+
+ info->amr1 |= 3ul << pkeyshift(pkey1);
+ info->amr2 |= 3ul << pkeyshift(pkey2);
+- info->amr3 |= info->amr2 | 3ul << pkeyshift(pkey3);
++ info->invalid_amr |= info->amr2 | 3ul << pkeyshift(pkey3);
+
+ if (disable_execute)
+ info->expected_iamr |= 1ul << pkeyshift(pkey1);
+@@ -111,8 +111,8 @@ static int child(struct shared_info *info)
+
+ info->expected_uamor |= 3ul << pkeyshift(pkey1) |
+ 3ul << pkeyshift(pkey2);
+- info->new_iamr |= 1ul << pkeyshift(pkey1) | 1ul << pkeyshift(pkey2);
+- info->new_uamor |= 3ul << pkeyshift(pkey1);
++ info->invalid_iamr |= 1ul << pkeyshift(pkey1) | 1ul << pkeyshift(pkey2);
++ info->invalid_uamor |= 3ul << pkeyshift(pkey1);
+
+ /*
+ * We won't use pkey3. We just want a plausible but invalid key to test
+@@ -196,9 +196,9 @@ static int parent(struct shared_info *info, pid_t pid)
+ PARENT_SKIP_IF_UNSUPPORTED(ret, &info->child_sync);
+ PARENT_FAIL_IF(ret, &info->child_sync);
+
+- info->amr1 = info->amr2 = info->amr3 = regs[0];
+- info->expected_iamr = info->new_iamr = regs[1];
+- info->expected_uamor = info->new_uamor = regs[2];
++ info->amr1 = info->amr2 = info->invalid_amr = regs[0];
++ info->expected_iamr = info->invalid_iamr = regs[1];
++ info->expected_uamor = info->invalid_uamor = regs[2];
+
+ /* Wake up child so that it can set itself up. */
+ ret = prod_child(&info->child_sync);
+@@ -234,10 +234,10 @@ static int parent(struct shared_info *info, pid_t pid)
+ return ret;
+
+ /* Write invalid AMR value in child. */
+- ret = ptrace_write_regs(pid, NT_PPC_PKEY, &info->amr3, 1);
++ ret = ptrace_write_regs(pid, NT_PPC_PKEY, &info->invalid_amr, 1);
+ PARENT_FAIL_IF(ret, &info->child_sync);
+
+- printf("%-30s AMR: %016lx\n", ptrace_write_running, info->amr3);
++ printf("%-30s AMR: %016lx\n", ptrace_write_running, info->invalid_amr);
+
+ /* Wake up child so that it can verify it didn't change. */
+ ret = prod_child(&info->child_sync);
+@@ -249,7 +249,7 @@ static int parent(struct shared_info *info, pid_t pid)
+
+ /* Try to write to IAMR. */
+ regs[0] = info->amr1;
+- regs[1] = info->new_iamr;
++ regs[1] = info->invalid_iamr;
+ ret = ptrace_write_regs(pid, NT_PPC_PKEY, regs, 2);
+ PARENT_FAIL_IF(!ret, &info->child_sync);
+
+@@ -257,7 +257,7 @@ static int parent(struct shared_info *info, pid_t pid)
+ ptrace_write_running, regs[0], regs[1]);
+
+ /* Try to write to IAMR and UAMOR. */
+- regs[2] = info->new_uamor;
++ regs[2] = info->invalid_uamor;
+ ret = ptrace_write_regs(pid, NT_PPC_PKEY, regs, 3);
+ PARENT_FAIL_IF(!ret, &info->child_sync);
+
+--
+2.25.1
+
--- /dev/null
+From e34910f09b58ed51a3d7db4c41758bde394233a1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 9 Jul 2020 08:59:44 +0530
+Subject: selftests/powerpc: ptrace-pkey: Update the test to mark an invalid
+ pkey correctly
+
+From: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+
+[ Upstream commit 0eaa3b5ca7b5a76e3783639c828498343be66a01 ]
+
+Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200709032946.881753-22-aneesh.kumar@linux.ibm.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../selftests/powerpc/ptrace/ptrace-pkey.c | 30 ++++++++-----------
+ 1 file changed, 12 insertions(+), 18 deletions(-)
+
+diff --git a/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c b/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
+index f9216c7a1829e..bc33d748d95b4 100644
+--- a/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
++++ b/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c
+@@ -66,11 +66,6 @@ static int sys_pkey_alloc(unsigned long flags, unsigned long init_access_rights)
+ return syscall(__NR_pkey_alloc, flags, init_access_rights);
+ }
+
+-static int sys_pkey_free(int pkey)
+-{
+- return syscall(__NR_pkey_free, pkey);
+-}
+-
+ static int child(struct shared_info *info)
+ {
+ unsigned long reg;
+@@ -100,7 +95,11 @@ static int child(struct shared_info *info)
+
+ info->amr1 |= 3ul << pkeyshift(pkey1);
+ info->amr2 |= 3ul << pkeyshift(pkey2);
+- info->invalid_amr |= info->amr2 | 3ul << pkeyshift(pkey3);
++ /*
++ * invalid amr value where we try to force write
++ * things which are deined by a uamor setting.
++ */
++ info->invalid_amr = info->amr2 | (~0x0UL & ~info->expected_uamor);
+
+ if (disable_execute)
+ info->expected_iamr |= 1ul << pkeyshift(pkey1);
+@@ -111,17 +110,12 @@ static int child(struct shared_info *info)
+
+ info->expected_uamor |= 3ul << pkeyshift(pkey1) |
+ 3ul << pkeyshift(pkey2);
+- info->invalid_iamr |= 1ul << pkeyshift(pkey1) | 1ul << pkeyshift(pkey2);
+- info->invalid_uamor |= 3ul << pkeyshift(pkey1);
+-
+ /*
+- * We won't use pkey3. We just want a plausible but invalid key to test
+- * whether ptrace will let us write to AMR bits we are not supposed to.
+- *
+- * This also tests whether the kernel restores the UAMOR permissions
+- * after a key is freed.
++ * Create an IAMR value different from expected value.
++ * Kernel will reject an IAMR and UAMOR change.
+ */
+- sys_pkey_free(pkey3);
++ info->invalid_iamr = info->expected_iamr | (1ul << pkeyshift(pkey1) | 1ul << pkeyshift(pkey2));
++ info->invalid_uamor = info->expected_uamor & ~(0x3ul << pkeyshift(pkey1));
+
+ printf("%-30s AMR: %016lx pkey1: %d pkey2: %d pkey3: %d\n",
+ user_write, info->amr1, pkey1, pkey2, pkey3);
+@@ -196,9 +190,9 @@ static int parent(struct shared_info *info, pid_t pid)
+ PARENT_SKIP_IF_UNSUPPORTED(ret, &info->child_sync);
+ PARENT_FAIL_IF(ret, &info->child_sync);
+
+- info->amr1 = info->amr2 = info->invalid_amr = regs[0];
+- info->expected_iamr = info->invalid_iamr = regs[1];
+- info->expected_uamor = info->invalid_uamor = regs[2];
++ info->amr1 = info->amr2 = regs[0];
++ info->expected_iamr = regs[1];
++ info->expected_uamor = regs[2];
+
+ /* Wake up child so that it can set itself up. */
+ ret = prod_child(&info->child_sync);
+--
+2.25.1
+
perf-intel-pt-fix-fup-packet-state.patch
remoteproc-qcom-q6v5-update-running-state-before-requesting-stop.patch
drm-imx-imx-ldb-disable-both-channels-for-split-mode-in-enc-disable.patch
+mfd-arizona-ensure-32k-clock-is-put-on-driver-unbind.patch
+rdma-ipoib-return-void-from-ipoib_ib_dev_stop.patch
+rdma-ipoib-fix-abba-deadlock-with-ipoib_reap_ah.patch
+media-rockchip-rga-introduce-color-fmt-macros-and-re.patch
+media-rockchip-rga-only-set-output-csc-mode-for-rgb-.patch
+usb-serial-ftdi_sio-make-process-packet-buffer-unsig.patch
+usb-serial-ftdi_sio-clean-up-receive-processing.patch
+usb-serial-ftdi_sio-fix-break-and-sysrq-handling.patch
+mmc-renesas_sdhi_internal_dmac-clean-up-the-code-for.patch
+gpu-ipu-v3-image-convert-combine-rotate-no-rotate-ir.patch
+dm-rq-don-t-call-blk_mq_queue_stopped-in-dm_stop_que.patch
+selftests-powerpc-ptrace-pkey-rename-variables-to-ma.patch
+selftests-powerpc-ptrace-pkey-update-the-test-to-mar.patch
+selftests-powerpc-ptrace-pkey-don-t-update-expected-.patch
+iommu-omap-check-for-failure-of-a-call-to-omap_iommu.patch
+iommu-vt-d-enforce-pasid-devtlb-field-mask.patch
+i2c-rcar-slave-only-send-stop-event-when-we-have-bee.patch
+clk-clk-atlas6-fix-return-value-check-in-atlas6_clk_.patch
+pwm-bcm-iproc-handle-clk_get_rate-return.patch
+tools-build-feature-use-cc-and-cxx-from-parent.patch
+i2c-rcar-avoid-race-when-unregistering-slave.patch
+openrisc-fix-oops-caused-when-dumping-stack.patch
+scsi-lpfc-nvmet-avoid-hang-use-after-free-again-when.patch
+watchdog-initialize-device-before-misc_register.patch
+input-sentelic-fix-error-return-when-fsp_reg_write-f.patch
+drm-vmwgfx-use-correct-vmw_legacy_display_unit-point.patch
+drm-vmwgfx-fix-two-list_for_each-loop-exit-tests.patch
+net-qcom-emac-add-missed-clk_disable_unprepare-in-er.patch
+nfs-fix-getxattr-kernel-panic-and-memory-overflow.patch
+fs-minix-set-s_maxbytes-correctly.patch
+fs-minix-fix-block-limit-check-for-v1-filesystems.patch
+fs-minix-remove-expected-error-message-in-block_to_p.patch
+fs-ufs-avoid-potential-u32-multiplication-overflow.patch
+test_kmod-avoid-potential-double-free-in-trigger_con.patch
+mfd-dln2-run-event-handler-loop-under-spinlock.patch
+alsa-echoaudio-fix-potential-oops-in-snd_echo_resume.patch
+perf-bench-mem-always-memset-source-before-memcpy.patch
+tools-build-feature-quote-cc-and-cxx-for-their-argum.patch
+sh-landisk-add-missing-initialization-of-sh_io_port_.patch
--- /dev/null
+From 184c93b2b4cac2c59df8f89c27429a9ea98b2038 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 14 Aug 2020 14:42:45 +0200
+Subject: sh: landisk: Add missing initialization of sh_io_port_base
+
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+
+[ Upstream commit 0c64a0dce51faa9c706fdf1f957d6f19878f4b81 ]
+
+The Landisk setup code maps the CF IDE area using ioremap_prot(), and
+passes the resulting virtual addresses to the pata_platform driver,
+disguising them as I/O port addresses. Hence the pata_platform driver
+translates them again using ioport_map().
+As CONFIG_GENERIC_IOMAP=n, and CONFIG_HAS_IOPORT_MAP=y, the
+SuperH-specific mapping code in arch/sh/kernel/ioport.c translates
+I/O port addresses to virtual addresses by adding sh_io_port_base, which
+defaults to -1, thus breaking the assumption of an identity mapping.
+
+Fix this by setting sh_io_port_base to zero.
+
+Fixes: 37b7a97884ba64bf ("sh: machvec IO death.")
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Rich Felker <dalias@libc.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/sh/boards/mach-landisk/setup.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/arch/sh/boards/mach-landisk/setup.c b/arch/sh/boards/mach-landisk/setup.c
+index f1147caebacf0..af69fb7fef7c7 100644
+--- a/arch/sh/boards/mach-landisk/setup.c
++++ b/arch/sh/boards/mach-landisk/setup.c
+@@ -85,6 +85,9 @@ device_initcall(landisk_devices_setup);
+
+ static void __init landisk_setup(char **cmdline_p)
+ {
++ /* I/O port identity mapping */
++ __set_io_port_base(0);
++
+ /* LED ON */
+ __raw_writeb(__raw_readb(PA_LED) | 0x03, PA_LED);
+
+--
+2.25.1
+
--- /dev/null
+From bac8d0b7e918146921cd3d92c8b9ae5aeb6f0917 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Aug 2020 18:36:16 -0700
+Subject: test_kmod: avoid potential double free in trigger_config_run_type()
+
+From: Tiezhu Yang <yangtiezhu@loongson.cn>
+
+[ Upstream commit 0776d1231bec0c7ab43baf440a3f5ef5f49dd795 ]
+
+Reset the member "test_fs" of the test configuration after a call of the
+function "kfree_const" to a null pointer so that a double memory release
+will not be performed.
+
+Fixes: d9c6a72d6fa2 ("kmod: add test driver to stress test the module loader")
+Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn>
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Acked-by: Luis Chamberlain <mcgrof@kernel.org>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Christian Brauner <christian.brauner@ubuntu.com>
+Cc: Chuck Lever <chuck.lever@oracle.com>
+Cc: David Howells <dhowells@redhat.com>
+Cc: David S. Miller <davem@davemloft.net>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Jakub Kicinski <kuba@kernel.org>
+Cc: James Morris <jmorris@namei.org>
+Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Cc: J. Bruce Fields <bfields@fieldses.org>
+Cc: Jens Axboe <axboe@kernel.dk>
+Cc: Josh Triplett <josh@joshtriplett.org>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Lars Ellenberg <lars.ellenberg@linbit.com>
+Cc: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Cc: Philipp Reisner <philipp.reisner@linbit.com>
+Cc: Roopa Prabhu <roopa@cumulusnetworks.com>
+Cc: "Serge E. Hallyn" <serge@hallyn.com>
+Cc: Sergei Trofimovich <slyfox@gentoo.org>
+Cc: Sergey Kvachonok <ravenexp@gmail.com>
+Cc: Shuah Khan <shuah@kernel.org>
+Cc: Tony Vroon <chainsaw@gentoo.org>
+Cc: Christoph Hellwig <hch@infradead.org>
+Link: http://lkml.kernel.org/r/20200610154923.27510-4-mcgrof@kernel.org
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ lib/test_kmod.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/test_kmod.c b/lib/test_kmod.c
+index 9cf77628fc913..87a0cc750ea23 100644
+--- a/lib/test_kmod.c
++++ b/lib/test_kmod.c
+@@ -745,7 +745,7 @@ static int trigger_config_run_type(struct kmod_test_device *test_dev,
+ break;
+ case TEST_KMOD_FS_TYPE:
+ kfree_const(config->test_fs);
+- config->test_driver = NULL;
++ config->test_fs = NULL;
+ copied = config_copy_test_fs(config, test_str,
+ strlen(test_str));
+ break;
+--
+2.25.1
+
--- /dev/null
+From 1cc01d39a796af9691d8453a52cc645832c343f0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 12 Aug 2020 17:15:17 -0500
+Subject: tools build feature: Quote CC and CXX for their arguments
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Daniel DÃaz <daniel.diaz@linaro.org>
+
+[ Upstream commit fa5c893181ed2ca2f96552f50073786d2cfce6c0 ]
+
+When using a cross-compilation environment, such as OpenEmbedded,
+the CC an CXX variables are set to something more than just a
+command: there are arguments (such as --sysroot) that need to be
+passed on to the compiler so that the right set of headers and
+libraries are used.
+
+For the particular case that our systems detected, CC is set to
+the following:
+
+ export CC="aarch64-linaro-linux-gcc --sysroot=/oe/build/tmp/work/machine/perf/1.0-r9/recipe-sysroot"
+
+Without quotes, detection is as follows:
+
+ Auto-detecting system features:
+ ... dwarf: [ OFF ]
+ ... dwarf_getlocations: [ OFF ]
+ ... glibc: [ OFF ]
+ ... gtk2: [ OFF ]
+ ... libbfd: [ OFF ]
+ ... libcap: [ OFF ]
+ ... libelf: [ OFF ]
+ ... libnuma: [ OFF ]
+ ... numa_num_possible_cpus: [ OFF ]
+ ... libperl: [ OFF ]
+ ... libpython: [ OFF ]
+ ... libcrypto: [ OFF ]
+ ... libunwind: [ OFF ]
+ ... libdw-dwarf-unwind: [ OFF ]
+ ... zlib: [ OFF ]
+ ... lzma: [ OFF ]
+ ... get_cpuid: [ OFF ]
+ ... bpf: [ OFF ]
+ ... libaio: [ OFF ]
+ ... libzstd: [ OFF ]
+ ... disassembler-four-args: [ OFF ]
+
+ Makefile.config:414: *** No gnu/libc-version.h found, please install glibc-dev[el]. Stop.
+ Makefile.perf:230: recipe for target 'sub-make' failed
+ make[1]: *** [sub-make] Error 2
+ Makefile:69: recipe for target 'all' failed
+ make: *** [all] Error 2
+
+With CC and CXX quoted, some of those features are now detected.
+
+Fixes: e3232c2f39ac ("tools build feature: Use CC and CXX from parent")
+Signed-off-by: Daniel DÃaz <daniel.diaz@linaro.org>
+Reviewed-by: Thomas Hebb <tommyhebb@gmail.com>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Andrii Nakryiko <andriin@fb.com>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: John Fastabend <john.fastabend@gmail.com>
+Cc: KP Singh <kpsingh@chromium.org>
+Cc: Martin KaFai Lau <kafai@fb.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Song Liu <songliubraving@fb.com>
+Cc: Stephane Eranian <eranian@google.com>
+Cc: Yonghong Song <yhs@fb.com>
+Link: http://lore.kernel.org/lkml/20200812221518.2869003-1-daniel.diaz@linaro.org
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/build/Makefile.feature | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/build/Makefile.feature b/tools/build/Makefile.feature
+index 7d9d70c0b3800..7c17f17ea2cd2 100644
+--- a/tools/build/Makefile.feature
++++ b/tools/build/Makefile.feature
+@@ -7,7 +7,7 @@ endif
+
+ feature_check = $(eval $(feature_check_code))
+ define feature_check_code
+- feature-$(1) := $(shell $(MAKE) OUTPUT=$(OUTPUT_FEATURES) CC=$(CC) CXX=$(CXX) CFLAGS="$(EXTRA_CFLAGS) $(FEATURE_CHECK_CFLAGS-$(1))" CXXFLAGS="$(EXTRA_CXXFLAGS) $(FEATURE_CHECK_CXXFLAGS-$(1))" LDFLAGS="$(LDFLAGS) $(FEATURE_CHECK_LDFLAGS-$(1))" -C $(feature_dir) $(OUTPUT_FEATURES)test-$1.bin >/dev/null 2>/dev/null && echo 1 || echo 0)
++ feature-$(1) := $(shell $(MAKE) OUTPUT=$(OUTPUT_FEATURES) CC="$(CC)" CXX="$(CXX)" CFLAGS="$(EXTRA_CFLAGS) $(FEATURE_CHECK_CFLAGS-$(1))" CXXFLAGS="$(EXTRA_CXXFLAGS) $(FEATURE_CHECK_CXXFLAGS-$(1))" LDFLAGS="$(LDFLAGS) $(FEATURE_CHECK_LDFLAGS-$(1))" -C $(feature_dir) $(OUTPUT_FEATURES)test-$1.bin >/dev/null 2>/dev/null && echo 1 || echo 0)
+ endef
+
+ feature_set = $(eval $(feature_set_code))
+--
+2.25.1
+
--- /dev/null
+From 77e806822a0a6abee257b96ddb5c51664d424418 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 26 Jul 2020 21:08:14 -0700
+Subject: tools build feature: Use CC and CXX from parent
+
+From: Thomas Hebb <tommyhebb@gmail.com>
+
+[ Upstream commit e3232c2f39acafd5a29128425bc30b9884642cfa ]
+
+commit c8c188679ccf ("tools build: Use the same CC for feature detection
+and actual build") changed these assignments from unconditional (:=) to
+conditional (?=) so that they wouldn't clobber values from the
+environment. However, conditional assignment does not work properly for
+variables that Make implicitly sets, among which are CC and CXX. To
+quote tools/scripts/Makefile.include, which handles this properly:
+
+ # Makefiles suck: This macro sets a default value of $(2) for the
+ # variable named by $(1), unless the variable has been set by
+ # environment or command line. This is necessary for CC and AR
+ # because make sets default values, so the simpler ?= approach
+ # won't work as expected.
+
+In other words, the conditional assignments will not run even if the
+variables are not overridden in the environment; Make will set CC to
+"cc" and CXX to "g++" when it starts[1], meaning the variables are not
+empty by the time the conditional assignments are evaluated. This breaks
+cross-compilation when CROSS_COMPILE is set but CC isn't, since "cc"
+gets used for feature detection instead of the cross compiler (and
+likewise for CXX).
+
+To fix the issue, just pass down the values of CC and CXX computed by
+the parent Makefile, which gets included by the Makefile that actually
+builds whatever we're detecting features for and so is guaranteed to
+have good values. This is a better solution anyway, since it means we
+aren't trying to replicate the logic of the parent build system and so
+don't risk it getting out of sync.
+
+Leave PKG_CONFIG alone, since 1) there's no common logic to compute it
+in Makefile.include, and 2) it's not an implicit variable, so
+conditional assignment works properly.
+
+[1] https://www.gnu.org/software/make/manual/html_node/Implicit-Variables.html
+
+Fixes: c8c188679ccf ("tools build: Use the same CC for feature detection and actual build")
+Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
+Acked-by: Jiri Olsa <jolsa@kernel.org>
+Cc: David Carrillo-Cisneros <davidcc@google.com>
+Cc: Ian Rogers <irogers@google.com>
+Cc: Igor Lubashev <ilubashe@akamai.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Quentin Monnet <quentin@isovalent.com>
+Cc: Song Liu <songliubraving@fb.com>
+Cc: Stephane Eranian <eranian@google.com>
+Cc: thomas hebb <tommyhebb@gmail.com>
+Link: http://lore.kernel.org/lkml/0a6e69d1736b0fa231a648f50b0cce5d8a6734ef.1595822871.git.tommyhebb@gmail.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/build/Makefile.feature | 2 +-
+ tools/build/feature/Makefile | 2 --
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/tools/build/Makefile.feature b/tools/build/Makefile.feature
+index 42a787856cd87..7d9d70c0b3800 100644
+--- a/tools/build/Makefile.feature
++++ b/tools/build/Makefile.feature
+@@ -7,7 +7,7 @@ endif
+
+ feature_check = $(eval $(feature_check_code))
+ define feature_check_code
+- feature-$(1) := $(shell $(MAKE) OUTPUT=$(OUTPUT_FEATURES) CFLAGS="$(EXTRA_CFLAGS) $(FEATURE_CHECK_CFLAGS-$(1))" CXXFLAGS="$(EXTRA_CXXFLAGS) $(FEATURE_CHECK_CXXFLAGS-$(1))" LDFLAGS="$(LDFLAGS) $(FEATURE_CHECK_LDFLAGS-$(1))" -C $(feature_dir) $(OUTPUT_FEATURES)test-$1.bin >/dev/null 2>/dev/null && echo 1 || echo 0)
++ feature-$(1) := $(shell $(MAKE) OUTPUT=$(OUTPUT_FEATURES) CC=$(CC) CXX=$(CXX) CFLAGS="$(EXTRA_CFLAGS) $(FEATURE_CHECK_CFLAGS-$(1))" CXXFLAGS="$(EXTRA_CXXFLAGS) $(FEATURE_CHECK_CXXFLAGS-$(1))" LDFLAGS="$(LDFLAGS) $(FEATURE_CHECK_LDFLAGS-$(1))" -C $(feature_dir) $(OUTPUT_FEATURES)test-$1.bin >/dev/null 2>/dev/null && echo 1 || echo 0)
+ endef
+
+ feature_set = $(eval $(feature_set_code))
+diff --git a/tools/build/feature/Makefile b/tools/build/feature/Makefile
+index bf8a8ebcca1eb..c4845b66b9baa 100644
+--- a/tools/build/feature/Makefile
++++ b/tools/build/feature/Makefile
+@@ -62,8 +62,6 @@ FILES= \
+
+ FILES := $(addprefix $(OUTPUT),$(FILES))
+
+-CC ?= $(CROSS_COMPILE)gcc
+-CXX ?= $(CROSS_COMPILE)g++
+ PKG_CONFIG ?= $(CROSS_COMPILE)pkg-config
+ LLVM_CONFIG ?= llvm-config
+
+--
+2.25.1
+
--- /dev/null
+From e85fe301c6265f24e52137bff40b1a538b748b8b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 8 Jul 2020 14:49:52 +0200
+Subject: USB: serial: ftdi_sio: clean up receive processing
+
+From: Johan Hovold <johan@kernel.org>
+
+[ Upstream commit ce054039ba5e47b75a3be02a00274e52b06a6456 ]
+
+Clean up receive processing by dropping the character pointer and
+keeping the length argument unchanged throughout the function.
+
+Also make it more apparent that sysrq processing can consume a
+characters by adding an explicit continue.
+
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/serial/ftdi_sio.c | 19 +++++++++----------
+ 1 file changed, 9 insertions(+), 10 deletions(-)
+
+diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
+index d0ae6318d6e96..ce9cc1f90b052 100644
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -2040,7 +2040,6 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ struct ftdi_private *priv, unsigned char *buf, int len)
+ {
+ unsigned char status;
+- unsigned char *ch;
+ int i;
+ char flag;
+
+@@ -2083,8 +2082,7 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ else
+ priv->transmit_empty = 0;
+
+- len -= 2;
+- if (!len)
++ if (len == 2)
+ return 0; /* status only */
+
+ /*
+@@ -2113,19 +2111,20 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ }
+ }
+
+- port->icount.rx += len;
+- ch = buf + 2;
++ port->icount.rx += len - 2;
+
+ if (port->port.console && port->sysrq) {
+- for (i = 0; i < len; i++, ch++) {
+- if (!usb_serial_handle_sysrq_char(port, *ch))
+- tty_insert_flip_char(&port->port, *ch, flag);
++ for (i = 2; i < len; i++) {
++ if (usb_serial_handle_sysrq_char(port, buf[i]))
++ continue;
++ tty_insert_flip_char(&port->port, buf[i], flag);
+ }
+ } else {
+- tty_insert_flip_string_fixed_flag(&port->port, ch, flag, len);
++ tty_insert_flip_string_fixed_flag(&port->port, buf + 2, flag,
++ len - 2);
+ }
+
+- return len;
++ return len - 2;
+ }
+
+ static void ftdi_process_read_urb(struct urb *urb)
+--
+2.25.1
+
--- /dev/null
+From cda7b26dd90d8dca943dd48b568753cb5826c8fa Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 8 Jul 2020 14:49:53 +0200
+Subject: USB: serial: ftdi_sio: fix break and sysrq handling
+
+From: Johan Hovold <johan@kernel.org>
+
+[ Upstream commit 733fff67941dad64b8a630450b8372b1873edc41 ]
+
+Only the last NUL in a packet should be flagged as a break character,
+for example, to avoid dropping unrelated characters when IGNBRK is set.
+
+Also make sysrq work by consuming the break character instead of having
+it immediately cancel the sysrq request, and by not processing it
+prematurely to avoid triggering a sysrq based on an unrelated character
+received in the same packet (which was received *before* the break).
+
+Note that the break flag can be left set also for a packet received
+immediately following a break and that and an ending NUL in such a
+packet will continue to be reported as a break as there's no good way to
+tell it apart from an actual break.
+
+Tested on FT232R and FT232H.
+
+Fixes: 72fda3ca6fc1 ("USB: serial: ftd_sio: implement sysrq handling on break")
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/serial/ftdi_sio.c | 24 +++++++++++++++++-------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
+index ce9cc1f90b052..aa72ce2642bf1 100644
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -2040,6 +2040,7 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ struct ftdi_private *priv, unsigned char *buf, int len)
+ {
+ unsigned char status;
++ bool brkint = false;
+ int i;
+ char flag;
+
+@@ -2091,13 +2092,17 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ */
+ flag = TTY_NORMAL;
+ if (buf[1] & FTDI_RS_ERR_MASK) {
+- /* Break takes precedence over parity, which takes precedence
+- * over framing errors */
+- if (buf[1] & FTDI_RS_BI) {
+- flag = TTY_BREAK;
++ /*
++ * Break takes precedence over parity, which takes precedence
++ * over framing errors. Note that break is only associated
++ * with the last character in the buffer and only when it's a
++ * NUL.
++ */
++ if (buf[1] & FTDI_RS_BI && buf[len - 1] == '\0') {
+ port->icount.brk++;
+- usb_serial_handle_break(port);
+- } else if (buf[1] & FTDI_RS_PE) {
++ brkint = true;
++ }
++ if (buf[1] & FTDI_RS_PE) {
+ flag = TTY_PARITY;
+ port->icount.parity++;
+ } else if (buf[1] & FTDI_RS_FE) {
+@@ -2113,8 +2118,13 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+
+ port->icount.rx += len - 2;
+
+- if (port->port.console && port->sysrq) {
++ if (brkint || (port->port.console && port->sysrq)) {
+ for (i = 2; i < len; i++) {
++ if (brkint && i == len - 1) {
++ if (usb_serial_handle_break(port))
++ return len - 3;
++ flag = TTY_BREAK;
++ }
+ if (usb_serial_handle_sysrq_char(port, buf[i]))
+ continue;
+ tty_insert_flip_char(&port->port, buf[i], flag);
+--
+2.25.1
+
--- /dev/null
+From 5151e08f9ca760bf5f9c8c43e9ea27b707d93845 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 8 Jul 2020 14:49:51 +0200
+Subject: USB: serial: ftdi_sio: make process-packet buffer unsigned
+
+From: Johan Hovold <johan@kernel.org>
+
+[ Upstream commit ab4cc4ef6724ea588e835fc1e764c4b4407a70b7 ]
+
+Use an unsigned type for the process-packet buffer argument and give it
+a more apt name.
+
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/serial/ftdi_sio.c | 22 +++++++++++-----------
+ 1 file changed, 11 insertions(+), 11 deletions(-)
+
+diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
+index 3c0f38cd3a5a4..d0ae6318d6e96 100644
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -2037,12 +2037,12 @@ static int ftdi_prepare_write_buffer(struct usb_serial_port *port,
+ #define FTDI_RS_ERR_MASK (FTDI_RS_BI | FTDI_RS_PE | FTDI_RS_FE | FTDI_RS_OE)
+
+ static int ftdi_process_packet(struct usb_serial_port *port,
+- struct ftdi_private *priv, char *packet, int len)
++ struct ftdi_private *priv, unsigned char *buf, int len)
+ {
++ unsigned char status;
++ unsigned char *ch;
+ int i;
+- char status;
+ char flag;
+- char *ch;
+
+ if (len < 2) {
+ dev_dbg(&port->dev, "malformed packet\n");
+@@ -2052,7 +2052,7 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ /* Compare new line status to the old one, signal if different/
+ N.B. packet may be processed more than once, but differences
+ are only processed once. */
+- status = packet[0] & FTDI_STATUS_B0_MASK;
++ status = buf[0] & FTDI_STATUS_B0_MASK;
+ if (status != priv->prev_status) {
+ char diff_status = status ^ priv->prev_status;
+
+@@ -2078,7 +2078,7 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ }
+
+ /* save if the transmitter is empty or not */
+- if (packet[1] & FTDI_RS_TEMT)
++ if (buf[1] & FTDI_RS_TEMT)
+ priv->transmit_empty = 1;
+ else
+ priv->transmit_empty = 0;
+@@ -2092,29 +2092,29 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ * data payload to avoid over-reporting.
+ */
+ flag = TTY_NORMAL;
+- if (packet[1] & FTDI_RS_ERR_MASK) {
++ if (buf[1] & FTDI_RS_ERR_MASK) {
+ /* Break takes precedence over parity, which takes precedence
+ * over framing errors */
+- if (packet[1] & FTDI_RS_BI) {
++ if (buf[1] & FTDI_RS_BI) {
+ flag = TTY_BREAK;
+ port->icount.brk++;
+ usb_serial_handle_break(port);
+- } else if (packet[1] & FTDI_RS_PE) {
++ } else if (buf[1] & FTDI_RS_PE) {
+ flag = TTY_PARITY;
+ port->icount.parity++;
+- } else if (packet[1] & FTDI_RS_FE) {
++ } else if (buf[1] & FTDI_RS_FE) {
+ flag = TTY_FRAME;
+ port->icount.frame++;
+ }
+ /* Overrun is special, not associated with a char */
+- if (packet[1] & FTDI_RS_OE) {
++ if (buf[1] & FTDI_RS_OE) {
+ port->icount.overrun++;
+ tty_insert_flip_char(&port->port, 0, TTY_OVERRUN);
+ }
+ }
+
+ port->icount.rx += len;
+- ch = packet + 2;
++ ch = buf + 2;
+
+ if (port->port.console && port->sysrq) {
+ for (i = 0; i < len; i++, ch++) {
+--
+2.25.1
+
--- /dev/null
+From 9710e180ec438bcdcc967e8fc0028194492bec0c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 17 Jul 2020 12:31:09 +0200
+Subject: watchdog: initialize device before misc_register
+
+From: Krzysztof Sobota <krzysztof.sobota@nokia.com>
+
+[ Upstream commit cb36e29bb0e4b0c33c3d5866a0a4aebace4c99b7 ]
+
+When watchdog device is being registered, it calls misc_register that
+makes watchdog available for systemd to open. This is a data race
+scenario, because when device is open it may still have device struct
+not initialized - this in turn causes a crash. This patch moves
+device initialization before misc_register call and it solves the
+problem printed below.
+
+------------[ cut here ]------------
+WARNING: CPU: 3 PID: 1 at lib/kobject.c:612 kobject_get+0x50/0x54
+kobject: '(null)' ((ptrval)): is not initialized, yet kobject_get() is being called.
+Modules linked in: k2_reset_status(O) davinci_wdt(+) sfn_platform_hwbcn(O) fsmddg_sfn(O) clk_misc_mmap(O) clk_sw_bcn(O) fsp_reset(O) cma_mod(O) slave_sup_notif(O) fpga_master(O) latency(O+) evnotify(O) enable_arm_pmu(O) xge(O) rio_mport_cdev br_netfilter bridge stp llc nvrd_checksum(O) ipv6
+CPU: 3 PID: 1 Comm: systemd Tainted: G O 4.19.113-g2579778-fsm4_k2 #1
+Hardware name: Keystone
+[<c02126c4>] (unwind_backtrace) from [<c020da94>] (show_stack+0x18/0x1c)
+[<c020da94>] (show_stack) from [<c07f87d8>] (dump_stack+0xb4/0xe8)
+[<c07f87d8>] (dump_stack) from [<c0221f70>] (__warn+0xfc/0x114)
+[<c0221f70>] (__warn) from [<c0221fd8>] (warn_slowpath_fmt+0x50/0x74)
+[<c0221fd8>] (warn_slowpath_fmt) from [<c07fd394>] (kobject_get+0x50/0x54)
+[<c07fd394>] (kobject_get) from [<c0602ce8>] (get_device+0x1c/0x24)
+[<c0602ce8>] (get_device) from [<c06961e0>] (watchdog_open+0x90/0xf0)
+[<c06961e0>] (watchdog_open) from [<c06001dc>] (misc_open+0x130/0x17c)
+[<c06001dc>] (misc_open) from [<c0388228>] (chrdev_open+0xec/0x1a8)
+[<c0388228>] (chrdev_open) from [<c037fa98>] (do_dentry_open+0x204/0x3cc)
+[<c037fa98>] (do_dentry_open) from [<c0391e2c>] (path_openat+0x330/0x1148)
+[<c0391e2c>] (path_openat) from [<c0394518>] (do_filp_open+0x78/0xec)
+[<c0394518>] (do_filp_open) from [<c0381100>] (do_sys_open+0x130/0x1f4)
+[<c0381100>] (do_sys_open) from [<c0201000>] (ret_fast_syscall+0x0/0x28)
+Exception stack(0xd2ceffa8 to 0xd2cefff0)
+ffa0: b6f69968 00000000 ffffff9c b6ebd210 000a0001 00000000
+ffc0: b6f69968 00000000 00000000 00000142 fffffffd ffffffff 00b65530 bed7bb78
+ffe0: 00000142 bed7ba70 b6cc2503 b6cc41d6
+---[ end trace 7b16eb105513974f ]---
+
+------------[ cut here ]------------
+WARNING: CPU: 3 PID: 1 at lib/refcount.c:153 kobject_get+0x24/0x54
+refcount_t: increment on 0; use-after-free.
+Modules linked in: k2_reset_status(O) davinci_wdt(+) sfn_platform_hwbcn(O) fsmddg_sfn(O) clk_misc_mmap(O) clk_sw_bcn(O) fsp_reset(O) cma_mod(O) slave_sup_notif(O) fpga_master(O) latency(O+) evnotify(O) enable_arm_pmu(O) xge(O) rio_mport_cdev br_netfilter bridge stp llc nvrd_checksum(O) ipv6
+CPU: 3 PID: 1 Comm: systemd Tainted: G W O 4.19.113-g2579778-fsm4_k2 #1
+Hardware name: Keystone
+[<c02126c4>] (unwind_backtrace) from [<c020da94>] (show_stack+0x18/0x1c)
+[<c020da94>] (show_stack) from [<c07f87d8>] (dump_stack+0xb4/0xe8)
+[<c07f87d8>] (dump_stack) from [<c0221f70>] (__warn+0xfc/0x114)
+[<c0221f70>] (__warn) from [<c0221fd8>] (warn_slowpath_fmt+0x50/0x74)
+[<c0221fd8>] (warn_slowpath_fmt) from [<c07fd368>] (kobject_get+0x24/0x54)
+[<c07fd368>] (kobject_get) from [<c0602ce8>] (get_device+0x1c/0x24)
+[<c0602ce8>] (get_device) from [<c06961e0>] (watchdog_open+0x90/0xf0)
+[<c06961e0>] (watchdog_open) from [<c06001dc>] (misc_open+0x130/0x17c)
+[<c06001dc>] (misc_open) from [<c0388228>] (chrdev_open+0xec/0x1a8)
+[<c0388228>] (chrdev_open) from [<c037fa98>] (do_dentry_open+0x204/0x3cc)
+[<c037fa98>] (do_dentry_open) from [<c0391e2c>] (path_openat+0x330/0x1148)
+[<c0391e2c>] (path_openat) from [<c0394518>] (do_filp_open+0x78/0xec)
+[<c0394518>] (do_filp_open) from [<c0381100>] (do_sys_open+0x130/0x1f4)
+[<c0381100>] (do_sys_open) from [<c0201000>] (ret_fast_syscall+0x0/0x28)
+Exception stack(0xd2ceffa8 to 0xd2cefff0)
+ffa0: b6f69968 00000000 ffffff9c b6ebd210 000a0001 00000000
+ffc0: b6f69968 00000000 00000000 00000142 fffffffd ffffffff 00b65530 bed7bb78
+ffe0: 00000142 bed7ba70 b6cc2503 b6cc41d6
+---[ end trace 7b16eb1055139750 ]---
+
+Fixes: 72139dfa2464 ("watchdog: Fix the race between the release of watchdog_core_data and cdev")
+Reviewed-by: Guenter Roeck <linux@roeck-us.net>
+Reviewed-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
+Signed-off-by: Krzysztof Sobota <krzysztof.sobota@nokia.com>
+Link: https://lore.kernel.org/r/20200717103109.14660-1-krzysztof.sobota@nokia.com
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/watchdog/watchdog_dev.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/drivers/watchdog/watchdog_dev.c b/drivers/watchdog/watchdog_dev.c
+index 10b2090f3e5e7..1c322caecf7f1 100644
+--- a/drivers/watchdog/watchdog_dev.c
++++ b/drivers/watchdog/watchdog_dev.c
+@@ -947,6 +947,15 @@ static int watchdog_cdev_register(struct watchdog_device *wdd)
+ if (IS_ERR_OR_NULL(watchdog_kworker))
+ return -ENODEV;
+
++ device_initialize(&wd_data->dev);
++ wd_data->dev.devt = MKDEV(MAJOR(watchdog_devt), wdd->id);
++ wd_data->dev.class = &watchdog_class;
++ wd_data->dev.parent = wdd->parent;
++ wd_data->dev.groups = wdd->groups;
++ wd_data->dev.release = watchdog_core_data_release;
++ dev_set_drvdata(&wd_data->dev, wdd);
++ dev_set_name(&wd_data->dev, "watchdog%d", wdd->id);
++
+ kthread_init_work(&wd_data->work, watchdog_ping_work);
+ hrtimer_init(&wd_data->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL);
+ wd_data->timer.function = watchdog_timer_expired;
+@@ -967,15 +976,6 @@ static int watchdog_cdev_register(struct watchdog_device *wdd)
+ }
+ }
+
+- device_initialize(&wd_data->dev);
+- wd_data->dev.devt = MKDEV(MAJOR(watchdog_devt), wdd->id);
+- wd_data->dev.class = &watchdog_class;
+- wd_data->dev.parent = wdd->parent;
+- wd_data->dev.groups = wdd->groups;
+- wd_data->dev.release = watchdog_core_data_release;
+- dev_set_drvdata(&wd_data->dev, wdd);
+- dev_set_name(&wd_data->dev, "watchdog%d", wdd->id);
+-
+ /* Fill in the data structures */
+ cdev_init(&wd_data->cdev, &watchdog_fops);
+
+--
+2.25.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
