--- /dev/null
+From d511b3e4087eedbe11c7496c396432b8b7c2d7d9 Mon Sep 17 00:00:00 2001
+From: Neil Armstrong <narmstrong@baylibre.com>
+Date: Tue, 5 Jun 2018 10:52:23 +0200
+Subject: ARM64: dts: meson-gxl-s905x-p212: Add phy-supply for usb0
+
+From: Neil Armstrong <narmstrong@baylibre.com>
+
+commit d511b3e4087eedbe11c7496c396432b8b7c2d7d9 upstream.
+
+Like LibreTech-CC, the USB0 needs the 5V regulator to be enabled to power the
+devices on the P212 Reference Design based boards.
+
+Fixes: b9f07cb4f41f ("ARM64: dts: meson-gxl-s905x-p212: enable the USB controller")
+Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
+Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Signed-off-by: Kevin Hilman <khilman@baylibre.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi
++++ b/arch/arm64/boot/dts/amlogic/meson-gxl-s905x-p212.dtsi
+@@ -189,3 +189,10 @@
+ &usb0 {
+ status = "okay";
+ };
++
++&usb2_phy0 {
++ /*
++ * HDMI_5V is also used as supply for the USB VBUS.
++ */
++ phy-supply = <&hdmi_5v>;
++};
--- /dev/null
+From cede24d1b21d68d84ac5a36c44f7d37daadcc258 Mon Sep 17 00:00:00 2001
+From: Vincent Bernat <vincent@bernat.im>
+Date: Sun, 20 May 2018 13:03:38 +0200
+Subject: netfilter: ip6t_rpfilter: provide input interface for route lookup
+
+From: Vincent Bernat <vincent@bernat.im>
+
+commit cede24d1b21d68d84ac5a36c44f7d37daadcc258 upstream.
+
+In commit 47b7e7f82802, this bit was removed at the same time the
+RT6_LOOKUP_F_IFACE flag was removed. However, it is needed when
+link-local addresses are used, which is a very common case: when
+packets are routed, neighbor solicitations are done using link-local
+addresses. For example, the following neighbor solicitation is not
+matched by "-m rpfilter":
+
+ IP6 fe80::5254:33ff:fe00:1 > ff02::1:ff00:3: ICMP6, neighbor
+ solicitation, who has 2001:db8::5254:33ff:fe00:3, length 32
+
+Commit 47b7e7f82802 doesn't quite explain why we shouldn't use
+RT6_LOOKUP_F_IFACE in the rpfilter case. I suppose the interface check
+later in the function would make it redundant. However, the remaining
+of the routing code is using RT6_LOOKUP_F_IFACE when there is no
+source address (which matches rpfilter's case with a non-unicast
+destination, like with neighbor solicitation).
+
+Signed-off-by: Vincent Bernat <vincent@bernat.im>
+Fixes: 47b7e7f82802 ("netfilter: don't set F_IFACE on ipv6 fib lookups")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv6/netfilter/ip6t_rpfilter.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/net/ipv6/netfilter/ip6t_rpfilter.c
++++ b/net/ipv6/netfilter/ip6t_rpfilter.c
+@@ -48,6 +48,8 @@ static bool rpfilter_lookup_reverse6(str
+ }
+
+ fl6.flowi6_mark = flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
++ if ((flags & XT_RPFILTER_LOOSE) == 0)
++ fl6.flowi6_oif = dev->ifindex;
+
+ rt = (void *)ip6_route_lookup(net, &fl6, skb, lookup_flags);
+ if (rt->dst.error)
--- /dev/null
+From adc972c5b88829d38ede08b1069718661c7330ae Mon Sep 17 00:00:00 2001
+From: Taehee Yoo <ap420073@gmail.com>
+Date: Mon, 11 Jun 2018 22:16:33 +0900
+Subject: netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
+
+From: Taehee Yoo <ap420073@gmail.com>
+
+commit adc972c5b88829d38ede08b1069718661c7330ae upstream.
+
+When depth of chain is bigger than NFT_JUMP_STACK_SIZE, the nft_do_chain
+crashes. But there is no need to crash hard here.
+
+Suggested-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Taehee Yoo <ap420073@gmail.com>
+Acked-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_core.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_tables_core.c
++++ b/net/netfilter/nf_tables_core.c
+@@ -208,7 +208,8 @@ next_rule:
+
+ switch (regs.verdict.code) {
+ case NFT_JUMP:
+- BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE);
++ if (WARN_ON_ONCE(stackptr >= NFT_JUMP_STACK_SIZE))
++ return NF_DROP;
+ jumpstack[stackptr].chain = chain;
+ jumpstack[stackptr].rule = rule;
+ jumpstack[stackptr].rulenum = rulenum;
--- /dev/null
+From fc6ddbecce440df74fb4491c17c372b52cf5be83 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Tue, 12 Jun 2018 18:36:19 +0200
+Subject: netfilter: xt_connmark: fix list corruption on rmmod
+
+From: Florian Westphal <fw@strlen.de>
+
+commit fc6ddbecce440df74fb4491c17c372b52cf5be83 upstream.
+
+This needs to use xt_unregister_targets, else new revision is left
+on the list which then causes list to point to a target struct that has been free'd.
+
+Fixes: 472a73e00757 ("netfilter: xt_conntrack: Support bit-shifting for CONNMARK & MARK targets.")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/xt_connmark.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/xt_connmark.c
++++ b/net/netfilter/xt_connmark.c
+@@ -211,7 +211,7 @@ static int __init connmark_mt_init(void)
+ static void __exit connmark_mt_exit(void)
+ {
+ xt_unregister_match(&connmark_mt_reg);
+- xt_unregister_target(connmark_tg_reg);
++ xt_unregister_targets(connmark_tg_reg, ARRAY_SIZE(connmark_tg_reg));
+ }
+
+ module_init(connmark_mt_init);
drm-i915-disallow-interlaced-modes-on-g4x-dp-outputs.patch
drm-i915-turn-off-g4x-dp-port-in-.post_disable.patch
drm-i915-enable-provoking-vertex-fix-on-gen9-systems.patch
+netfilter-ip6t_rpfilter-provide-input-interface-for-route-lookup.patch
+netfilter-xt_connmark-fix-list-corruption-on-rmmod.patch
+netfilter-nf_tables-use-warn_on_once-instead-of-bug_on-in-nft_do_chain.patch
+arm64-dts-meson-gxl-s905x-p212-add-phy-supply-for-usb0.patch
+x86-mm-don-t-free-p4d-table-when-it-is-folded-at-runtime.patch
--- /dev/null
+From 0e311d237d7f3022b7dafb639b42541bfb42fe94 Mon Sep 17 00:00:00 2001
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Date: Mon, 25 Jun 2018 13:24:27 +0300
+Subject: x86/mm: Don't free P4D table when it is folded at runtime
+
+From: Andrey Ryabinin <aryabinin@virtuozzo.com>
+
+commit 0e311d237d7f3022b7dafb639b42541bfb42fe94 upstream.
+
+When the P4D page table layer is folded at runtime, the p4d_free()
+should do nothing, the same as in <asm-generic/pgtable-nop4d.h>.
+
+It seems this bug should cause double-free in efi_call_phys_epilog(),
+but I don't know how to trigger that code path, so I can't confirm that
+by testing.
+
+Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org # 4.17
+Fixes: 98219dda2ab5 ("x86/mm: Fold p4d page table layer at runtime")
+Link: http://lkml.kernel.org/r/20180625102427.15015-1-aryabinin@virtuozzo.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/pgalloc.h | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/x86/include/asm/pgalloc.h
++++ b/arch/x86/include/asm/pgalloc.h
+@@ -184,6 +184,9 @@ static inline p4d_t *p4d_alloc_one(struc
+
+ static inline void p4d_free(struct mm_struct *mm, p4d_t *p4d)
+ {
++ if (!pgtable_l5_enabled)
++ return;
++
+ BUG_ON((unsigned long)p4d & (PAGE_SIZE-1));
+ free_page((unsigned long)p4d);
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
