--- /dev/null
+From 8603591e9f729fc0ec7a91664ee068931c6fb01a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 18 Aug 2020 22:24:25 +0800
+Subject: ACPI: Add out of bounds and numa_off protections to pxm_to_node()
+
+From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+
+[ Upstream commit 8a3decac087aa897df5af04358c2089e52e70ac4 ]
+
+The function should check the validity of the pxm value before using
+it to index the pxm_to_node_map[] array.
+
+Whilst hardening this code may be good in general, the main intent
+here is to enable following patches that use this function to replace
+acpi_map_pxm_to_node() for non SRAT usecases which should return
+NO_NUMA_NODE for PXM entries not matching with those in SRAT.
+
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Reviewed-by: Barry Song <song.bao.hua@hisilicon.com>
+Reviewed-by: Hanjun Guo <guohanjun@huawei.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/acpi/numa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/acpi/numa.c b/drivers/acpi/numa.c
+index 2946e2846573b..15a506c2d20a0 100644
+--- a/drivers/acpi/numa.c
++++ b/drivers/acpi/numa.c
+@@ -46,7 +46,7 @@ unsigned char acpi_srat_revision __initdata;
+
+ int pxm_to_node(int pxm)
+ {
+- if (pxm < 0)
++ if (pxm < 0 || pxm >= MAX_PXM_DOMAINS || numa_off)
+ return NUMA_NO_NODE;
+ return pxm_to_node_map[pxm];
+ }
+--
+2.27.0
+
--- /dev/null
+From a7be055ba92aa1f00637e3a68b9622e97d03cb86 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 7 Sep 2020 18:11:23 +0200
+Subject: ARM: dts: s5pv210: move PMU node out of clock controller
+
+From: Krzysztof Kozlowski <krzk@kernel.org>
+
+[ Upstream commit bb98fff84ad1ea321823759edaba573a16fa02bd ]
+
+The Power Management Unit (PMU) is a separate device which has little
+common with clock controller. Moving it to one level up (from clock
+controller child to SoC) allows to remove fake simple-bus compatible and
+dtbs_check warnings like:
+
+ clock-controller@e0100000: $nodename:0:
+ 'clock-controller@e0100000' does not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
+
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Tested-by: Jonathan Bakker <xc-racer2@live.ca>
+Link: https://lore.kernel.org/r/20200907161141.31034-8-krzk@kernel.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/s5pv210.dtsi | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+diff --git a/arch/arm/boot/dts/s5pv210.dtsi b/arch/arm/boot/dts/s5pv210.dtsi
+index b03fe747b98ca..b78346d9c319e 100644
+--- a/arch/arm/boot/dts/s5pv210.dtsi
++++ b/arch/arm/boot/dts/s5pv210.dtsi
+@@ -99,19 +99,16 @@
+ };
+
+ clocks: clock-controller@e0100000 {
+- compatible = "samsung,s5pv210-clock", "simple-bus";
++ compatible = "samsung,s5pv210-clock";
+ reg = <0xe0100000 0x10000>;
+ clock-names = "xxti", "xusbxti";
+ clocks = <&xxti>, <&xusbxti>;
+ #clock-cells = <1>;
+- #address-cells = <1>;
+- #size-cells = <1>;
+- ranges;
++ };
+
+- pmu_syscon: syscon@e0108000 {
+- compatible = "samsung-s5pv210-pmu", "syscon";
+- reg = <0xe0108000 0x8000>;
+- };
++ pmu_syscon: syscon@e0108000 {
++ compatible = "samsung-s5pv210-pmu", "syscon";
++ reg = <0xe0108000 0x8000>;
+ };
+
+ pinctrl0: pinctrl@e0200000 {
+--
+2.27.0
+
--- /dev/null
+From c3c449fe8b08850b9146f83fad26701575cfd387 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 7 Sep 2020 18:11:24 +0200
+Subject: ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
+
+From: Krzysztof Kozlowski <krzk@kernel.org>
+
+[ Upstream commit 6c17a2974abf68a58517f75741b15c4aba42b4b8 ]
+
+The 'audio-subsystem' node is an artificial creation, not representing
+real hardware. The hardware is described by its nodes - AUDSS clock
+controller and I2S0.
+
+Remove the 'audio-subsystem' node along with its undocumented compatible
+to fix dtbs_check warnings like:
+
+ audio-subsystem: $nodename:0: 'audio-subsystem' does not match '^([a-z][a-z0-9\\-]+-bus|bus|soc|axi|ahb|apb)(@[0-9a-f]+)?$'
+
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Tested-by: Jonathan Bakker <xc-racer2@live.ca>
+Link: https://lore.kernel.org/r/20200907161141.31034-9-krzk@kernel.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/s5pv210.dtsi | 65 +++++++++++++++-------------------
+ 1 file changed, 29 insertions(+), 36 deletions(-)
+
+diff --git a/arch/arm/boot/dts/s5pv210.dtsi b/arch/arm/boot/dts/s5pv210.dtsi
+index b78346d9c319e..48bcab25720a5 100644
+--- a/arch/arm/boot/dts/s5pv210.dtsi
++++ b/arch/arm/boot/dts/s5pv210.dtsi
+@@ -225,43 +225,36 @@
+ status = "disabled";
+ };
+
+- audio-subsystem {
+- compatible = "samsung,s5pv210-audss", "simple-bus";
+- #address-cells = <1>;
+- #size-cells = <1>;
+- ranges;
+-
+- clk_audss: clock-controller@eee10000 {
+- compatible = "samsung,s5pv210-audss-clock";
+- reg = <0xeee10000 0x1000>;
+- clock-names = "hclk", "xxti",
+- "fout_epll",
+- "sclk_audio0";
+- clocks = <&clocks DOUT_HCLKP>, <&xxti>,
+- <&clocks FOUT_EPLL>,
+- <&clocks SCLK_AUDIO0>;
+- #clock-cells = <1>;
+- };
++ clk_audss: clock-controller@eee10000 {
++ compatible = "samsung,s5pv210-audss-clock";
++ reg = <0xeee10000 0x1000>;
++ clock-names = "hclk", "xxti",
++ "fout_epll",
++ "sclk_audio0";
++ clocks = <&clocks DOUT_HCLKP>, <&xxti>,
++ <&clocks FOUT_EPLL>,
++ <&clocks SCLK_AUDIO0>;
++ #clock-cells = <1>;
++ };
+
+- i2s0: i2s@eee30000 {
+- compatible = "samsung,s5pv210-i2s";
+- reg = <0xeee30000 0x1000>;
+- interrupt-parent = <&vic2>;
+- interrupts = <16>;
+- dma-names = "rx", "tx", "tx-sec";
+- dmas = <&pdma1 9>, <&pdma1 10>, <&pdma1 11>;
+- clock-names = "iis",
+- "i2s_opclk0",
+- "i2s_opclk1";
+- clocks = <&clk_audss CLK_I2S>,
+- <&clk_audss CLK_I2S>,
+- <&clk_audss CLK_DOUT_AUD_BUS>;
+- samsung,idma-addr = <0xc0010000>;
+- pinctrl-names = "default";
+- pinctrl-0 = <&i2s0_bus>;
+- #sound-dai-cells = <0>;
+- status = "disabled";
+- };
++ i2s0: i2s@eee30000 {
++ compatible = "samsung,s5pv210-i2s";
++ reg = <0xeee30000 0x1000>;
++ interrupt-parent = <&vic2>;
++ interrupts = <16>;
++ dma-names = "rx", "tx", "tx-sec";
++ dmas = <&pdma1 9>, <&pdma1 10>, <&pdma1 11>;
++ clock-names = "iis",
++ "i2s_opclk0",
++ "i2s_opclk1";
++ clocks = <&clk_audss CLK_I2S>,
++ <&clk_audss CLK_I2S>,
++ <&clk_audss CLK_DOUT_AUD_BUS>;
++ samsung,idma-addr = <0xc0010000>;
++ pinctrl-names = "default";
++ pinctrl-0 = <&i2s0_bus>;
++ #sound-dai-cells = <0>;
++ status = "disabled";
+ };
+
+ i2s1: i2s@e2100000 {
+--
+2.27.0
+
--- /dev/null
+From 79e93bdade32e45866d21cf4f9e076b0051623fb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 14 Aug 2020 13:46:11 +0530
+Subject: ath10k: fix VHT NSS calculation when STBC is enabled
+
+From: Sathishkumar Muruganandam <murugana@codeaurora.org>
+
+[ Upstream commit 99f41b8e43b8b4b31262adb8ac3e69088fff1289 ]
+
+When STBC is enabled, NSTS_SU value need to be accounted for VHT NSS
+calculation for SU case.
+
+Without this fix, 1SS + STBC enabled case was reported wrongly as 2SS
+in radiotap header on monitor mode capture.
+
+Tested-on: QCA9984 10.4-3.10-00047
+
+Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/1597392971-3897-1-git-send-email-murugana@codeaurora.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/ath/ath10k/htt_rx.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/ath/ath10k/htt_rx.c b/drivers/net/wireless/ath/ath10k/htt_rx.c
+index 1c6c422dbad64..78079ce1ad5a4 100644
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -665,6 +665,7 @@ static void ath10k_htt_rx_h_rates(struct ath10k *ar,
+ u8 preamble = 0;
+ u8 group_id;
+ u32 info1, info2, info3;
++ u32 stbc, nsts_su;
+
+ info1 = __le32_to_cpu(rxd->ppdu_start.info1);
+ info2 = __le32_to_cpu(rxd->ppdu_start.info2);
+@@ -708,11 +709,16 @@ static void ath10k_htt_rx_h_rates(struct ath10k *ar,
+ TODO check this */
+ bw = info2 & 3;
+ sgi = info3 & 1;
++ stbc = (info2 >> 3) & 1;
+ group_id = (info2 >> 4) & 0x3F;
+
+ if (GROUP_ID_IS_SU_MIMO(group_id)) {
+ mcs = (info3 >> 4) & 0x0F;
+- nss = ((info2 >> 10) & 0x07) + 1;
++ nsts_su = ((info2 >> 10) & 0x07);
++ if (stbc)
++ nss = (nsts_su >> 2) + 1;
++ else
++ nss = (nsts_su + 1);
+ } else {
+ /* Hardware doesn't decode VHT-SIG-B into Rx descriptor
+ * so it's impossible to decode MCS. Also since
+--
+2.27.0
+
--- /dev/null
+From cccf38edc6df3cec2fe5d0fce86119cae351fc44 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 7 Sep 2020 11:25:59 +0300
+Subject: clk: ti: clockdomain: fix static checker warning
+
+From: Tero Kristo <t-kristo@ti.com>
+
+[ Upstream commit b7a7943fe291b983b104bcbd2f16e8e896f56590 ]
+
+Fix a memory leak induced by not calling clk_put after doing of_clk_get.
+
+Reported-by: Dan Murphy <dmurphy@ti.com>
+Signed-off-by: Tero Kristo <t-kristo@ti.com>
+Link: https://lore.kernel.org/r/20200907082600.454-3-t-kristo@ti.com
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/clk/ti/clockdomain.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/clk/ti/clockdomain.c b/drivers/clk/ti/clockdomain.c
+index b9bc3b8df659d..4fde9767392e3 100644
+--- a/drivers/clk/ti/clockdomain.c
++++ b/drivers/clk/ti/clockdomain.c
+@@ -124,10 +124,12 @@ static void __init of_ti_clockdomain_setup(struct device_node *node)
+ if (clk_hw_get_flags(clk_hw) & CLK_IS_BASIC) {
+ pr_warn("can't setup clkdm for basic clk %s\n",
+ __clk_get_name(clk));
++ clk_put(clk);
+ continue;
+ }
+ to_clk_hw_omap(clk_hw)->clkdm_name = clkdm_name;
+ omap2_init_clk_clkdm(clk_hw);
++ clk_put(clk);
+ }
+ }
+
+--
+2.27.0
+
--- /dev/null
+From 0470e6b34bb41ab521b6a04b409937a16de163a0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 28 Sep 2020 05:56:43 -0700
+Subject: drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol
+ values
+
+From: Xie He <xie.he.0141@gmail.com>
+
+[ Upstream commit 8306266c1d51aac9aa7aa907fe99032a58c6382c ]
+
+The fr_hard_header function is used to prepend the header to skbs before
+transmission. It is used in 3 situations:
+1) When a control packet is generated internally in this driver;
+2) When a user sends an skb on an Ethernet-emulating PVC device;
+3) When a user sends an skb on a normal PVC device.
+
+These 3 situations need to be handled differently by fr_hard_header.
+Different headers should be prepended to the skb in different situations.
+
+Currently fr_hard_header distinguishes these 3 situations using
+skb->protocol. For situation 1 and 2, a special skb->protocol value
+will be assigned before calling fr_hard_header, so that it can recognize
+these 2 situations. All skb->protocol values other than these special ones
+are treated by fr_hard_header as situation 3.
+
+However, it is possible that in situation 3, the user sends an skb with
+one of the special skb->protocol values. In this case, fr_hard_header
+would incorrectly treat it as situation 1 or 2.
+
+This patch tries to solve this issue by using skb->dev instead of
+skb->protocol to distinguish between these 3 situations. For situation
+1, skb->dev would be NULL; for situation 2, skb->dev->type would be
+ARPHRD_ETHER; and for situation 3, skb->dev->type would be ARPHRD_DLCI.
+
+This way fr_hard_header would be able to distinguish these 3 situations
+correctly regardless what skb->protocol value the user tries to use in
+situation 3.
+
+Cc: Krzysztof Halasa <khc@pm.waw.pl>
+Signed-off-by: Xie He <xie.he.0141@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wan/hdlc_fr.c | 98 ++++++++++++++++++++-------------------
+ 1 file changed, 51 insertions(+), 47 deletions(-)
+
+diff --git a/drivers/net/wan/hdlc_fr.c b/drivers/net/wan/hdlc_fr.c
+index 74d46f7e77eaa..045158fab8fe6 100644
+--- a/drivers/net/wan/hdlc_fr.c
++++ b/drivers/net/wan/hdlc_fr.c
+@@ -275,63 +275,69 @@ static inline struct net_device **get_dev_p(struct pvc_device *pvc,
+
+ static int fr_hard_header(struct sk_buff **skb_p, u16 dlci)
+ {
+- u16 head_len;
+ struct sk_buff *skb = *skb_p;
+
+- switch (skb->protocol) {
+- case cpu_to_be16(NLPID_CCITT_ANSI_LMI):
+- head_len = 4;
+- skb_push(skb, head_len);
+- skb->data[3] = NLPID_CCITT_ANSI_LMI;
+- break;
+-
+- case cpu_to_be16(NLPID_CISCO_LMI):
+- head_len = 4;
+- skb_push(skb, head_len);
+- skb->data[3] = NLPID_CISCO_LMI;
+- break;
+-
+- case cpu_to_be16(ETH_P_IP):
+- head_len = 4;
+- skb_push(skb, head_len);
+- skb->data[3] = NLPID_IP;
+- break;
+-
+- case cpu_to_be16(ETH_P_IPV6):
+- head_len = 4;
+- skb_push(skb, head_len);
+- skb->data[3] = NLPID_IPV6;
+- break;
+-
+- case cpu_to_be16(ETH_P_802_3):
+- head_len = 10;
+- if (skb_headroom(skb) < head_len) {
+- struct sk_buff *skb2 = skb_realloc_headroom(skb,
+- head_len);
++ if (!skb->dev) { /* Control packets */
++ switch (dlci) {
++ case LMI_CCITT_ANSI_DLCI:
++ skb_push(skb, 4);
++ skb->data[3] = NLPID_CCITT_ANSI_LMI;
++ break;
++
++ case LMI_CISCO_DLCI:
++ skb_push(skb, 4);
++ skb->data[3] = NLPID_CISCO_LMI;
++ break;
++
++ default:
++ return -EINVAL;
++ }
++
++ } else if (skb->dev->type == ARPHRD_DLCI) {
++ switch (skb->protocol) {
++ case htons(ETH_P_IP):
++ skb_push(skb, 4);
++ skb->data[3] = NLPID_IP;
++ break;
++
++ case htons(ETH_P_IPV6):
++ skb_push(skb, 4);
++ skb->data[3] = NLPID_IPV6;
++ break;
++
++ default:
++ skb_push(skb, 10);
++ skb->data[3] = FR_PAD;
++ skb->data[4] = NLPID_SNAP;
++ /* OUI 00-00-00 indicates an Ethertype follows */
++ skb->data[5] = 0x00;
++ skb->data[6] = 0x00;
++ skb->data[7] = 0x00;
++ /* This should be an Ethertype: */
++ *(__be16 *)(skb->data + 8) = skb->protocol;
++ }
++
++ } else if (skb->dev->type == ARPHRD_ETHER) {
++ if (skb_headroom(skb) < 10) {
++ struct sk_buff *skb2 = skb_realloc_headroom(skb, 10);
+ if (!skb2)
+ return -ENOBUFS;
+ dev_kfree_skb(skb);
+ skb = *skb_p = skb2;
+ }
+- skb_push(skb, head_len);
++ skb_push(skb, 10);
+ skb->data[3] = FR_PAD;
+ skb->data[4] = NLPID_SNAP;
+- skb->data[5] = FR_PAD;
++ /* OUI 00-80-C2 stands for the 802.1 organization */
++ skb->data[5] = 0x00;
+ skb->data[6] = 0x80;
+ skb->data[7] = 0xC2;
++ /* PID 00-07 stands for Ethernet frames without FCS */
+ skb->data[8] = 0x00;
+- skb->data[9] = 0x07; /* bridged Ethernet frame w/out FCS */
+- break;
++ skb->data[9] = 0x07;
+
+- default:
+- head_len = 10;
+- skb_push(skb, head_len);
+- skb->data[3] = FR_PAD;
+- skb->data[4] = NLPID_SNAP;
+- skb->data[5] = FR_PAD;
+- skb->data[6] = FR_PAD;
+- skb->data[7] = FR_PAD;
+- *(__be16*)(skb->data + 8) = skb->protocol;
++ } else {
++ return -EINVAL;
+ }
+
+ dlci_to_q922(skb->data, dlci);
+@@ -427,8 +433,8 @@ static netdev_tx_t pvc_xmit(struct sk_buff *skb, struct net_device *dev)
+ skb_put(skb, pad);
+ memset(skb->data + len, 0, pad);
+ }
+- skb->protocol = cpu_to_be16(ETH_P_802_3);
+ }
++ skb->dev = dev;
+ if (!fr_hard_header(&skb, pvc->dlci)) {
+ dev->stats.tx_bytes += skb->len;
+ dev->stats.tx_packets++;
+@@ -496,10 +502,8 @@ static void fr_lmi_send(struct net_device *dev, int fullrep)
+ memset(skb->data, 0, len);
+ skb_reserve(skb, 4);
+ if (lmi == LMI_CISCO) {
+- skb->protocol = cpu_to_be16(NLPID_CISCO_LMI);
+ fr_hard_header(&skb, LMI_CISCO_DLCI);
+ } else {
+- skb->protocol = cpu_to_be16(NLPID_CCITT_ANSI_LMI);
+ fr_hard_header(&skb, LMI_CCITT_ANSI_DLCI);
+ }
+ data = skb_tail_pointer(skb);
+--
+2.27.0
+
--- /dev/null
+From bc394927392d35390df8735bc459b9261a20a7ce Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 7 Aug 2020 16:59:02 +0530
+Subject: drivers: watchdog: rdc321x_wdt: Fix race condition bugs
+
+From: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
+
+[ Upstream commit 4b2e7f99cdd314263c9d172bc17193b8b6bba463 ]
+
+In rdc321x_wdt_probe(), rdc321x_wdt_device.queue is initialized
+after misc_register(), hence if ioctl is called before its
+initialization which can call rdc321x_wdt_start() function,
+it will see an uninitialized value of rdc321x_wdt_device.queue,
+hence initialize it before misc_register().
+Also, rdc321x_wdt_device.default_ticks is accessed in reset()
+function called from write callback, thus initialize it before
+misc_register().
+
+Found by Linux Driver Verification project (linuxtesting.org).
+
+Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
+Reviewed-by: Guenter Roeck <linux@roeck-us.net>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Link: https://lore.kernel.org/r/20200807112902.28764-1-madhuparnabhowmik10@gmail.com
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/watchdog/rdc321x_wdt.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/watchdog/rdc321x_wdt.c b/drivers/watchdog/rdc321x_wdt.c
+index 47a8f1b1087d4..4568af9a165be 100644
+--- a/drivers/watchdog/rdc321x_wdt.c
++++ b/drivers/watchdog/rdc321x_wdt.c
+@@ -244,6 +244,8 @@ static int rdc321x_wdt_probe(struct platform_device *pdev)
+
+ rdc321x_wdt_device.sb_pdev = pdata->sb_pdev;
+ rdc321x_wdt_device.base_reg = r->start;
++ rdc321x_wdt_device.queue = 0;
++ rdc321x_wdt_device.default_ticks = ticks;
+
+ err = misc_register(&rdc321x_wdt_misc);
+ if (err < 0) {
+@@ -258,14 +260,11 @@ static int rdc321x_wdt_probe(struct platform_device *pdev)
+ rdc321x_wdt_device.base_reg, RDC_WDT_RST);
+
+ init_completion(&rdc321x_wdt_device.stop);
+- rdc321x_wdt_device.queue = 0;
+
+ clear_bit(0, &rdc321x_wdt_device.inuse);
+
+ setup_timer(&rdc321x_wdt_device.timer, rdc321x_wdt_trigger, 0);
+
+- rdc321x_wdt_device.default_ticks = ticks;
+-
+ dev_info(&pdev->dev, "watchdog init success\n");
+
+ return 0;
+--
+2.27.0
+
--- /dev/null
+From 7793efc558e44be3ce85851a2ed0d45fd149c892 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 15 Oct 2020 13:03:30 +0200
+Subject: ext4: Detect already used quota file early
+
+From: Jan Kara <jack@suse.cz>
+
+[ Upstream commit e0770e91424f694b461141cbc99adf6b23006b60 ]
+
+When we try to use file already used as a quota file again (for the same
+or different quota type), strange things can happen. At the very least
+lockdep annotations may be wrong but also inode flags may be wrongly set
+/ reset. When the file is used for two quota types at once we can even
+corrupt the file and likely crash the kernel. Catch all these cases by
+checking whether passed file is already used as quota file and bail
+early in that case.
+
+This fixes occasional generic/219 failure due to lockdep complaint.
+
+Reviewed-by: Andreas Dilger <adilger@dilger.ca>
+Reported-by: Ritesh Harjani <riteshh@linux.ibm.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20201015110330.28716-1-jack@suse.cz
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/super.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c
+index aca086a25b2ef..6350971852e19 100644
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -5185,6 +5185,11 @@ static int ext4_quota_on(struct super_block *sb, int type, int format_id,
+ /* Quotafile not on the same filesystem? */
+ if (path->dentry->d_sb != sb)
+ return -EXDEV;
++
++ /* Quota already enabled for this file? */
++ if (IS_NOQUOTA(d_inode(path->dentry)))
++ return -EBUSY;
++
+ /* Journaling quota? */
+ if (EXT4_SB(sb)->s_qf_names[type]) {
+ /* Quotafile not in fs root? */
+--
+2.27.0
+
--- /dev/null
+From 6cc8072994b6d11a8a746facad5b89d806aad17d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 29 Sep 2020 09:23:12 +0800
+Subject: f2fs: fix to check segment boundary during SIT page readahead
+
+From: Chao Yu <yuchao0@huawei.com>
+
+[ Upstream commit 6a257471fa42c8c9c04a875cd3a2a22db148e0f0 ]
+
+As syzbot reported:
+
+kernel BUG at fs/f2fs/segment.h:657!
+invalid opcode: 0000 [#1] PREEMPT SMP KASAN
+CPU: 1 PID: 16220 Comm: syz-executor.0 Not tainted 5.9.0-rc5-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:f2fs_ra_meta_pages+0xa51/0xdc0 fs/f2fs/segment.h:657
+Call Trace:
+ build_sit_entries fs/f2fs/segment.c:4195 [inline]
+ f2fs_build_segment_manager+0x4b8a/0xa3c0 fs/f2fs/segment.c:4779
+ f2fs_fill_super+0x377d/0x6b80 fs/f2fs/super.c:3633
+ mount_bdev+0x32e/0x3f0 fs/super.c:1417
+ legacy_get_tree+0x105/0x220 fs/fs_context.c:592
+ vfs_get_tree+0x89/0x2f0 fs/super.c:1547
+ do_new_mount fs/namespace.c:2875 [inline]
+ path_mount+0x1387/0x2070 fs/namespace.c:3192
+ do_mount fs/namespace.c:3205 [inline]
+ __do_sys_mount fs/namespace.c:3413 [inline]
+ __se_sys_mount fs/namespace.c:3390 [inline]
+ __x64_sys_mount+0x27f/0x300 fs/namespace.c:3390
+ do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
+ entry_SYSCALL_64_after_hwframe+0x44/0xa9
+
+@blkno in f2fs_ra_meta_pages could exceed max segment count, causing panic
+in following sanity check in current_sit_addr(), add check condition to
+avoid this issue.
+
+Reported-by: syzbot+3698081bcf0bb2d12174@syzkaller.appspotmail.com
+Signed-off-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/f2fs/checkpoint.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/fs/f2fs/checkpoint.c b/fs/f2fs/checkpoint.c
+index 4b2f609f376d3..047da0f105278 100644
+--- a/fs/f2fs/checkpoint.c
++++ b/fs/f2fs/checkpoint.c
+@@ -188,6 +188,8 @@ int ra_meta_pages(struct f2fs_sb_info *sbi, block_t start, int nrpages,
+ blkno * NAT_ENTRY_PER_BLOCK);
+ break;
+ case META_SIT:
++ if (unlikely(blkno >= TOTAL_SEGS(sbi)))
++ goto out;
+ /* get sit block addr */
+ fio.blk_addr = current_sit_addr(sbi,
+ blkno * SIT_ENTRY_PER_BLOCK);
+--
+2.27.0
+
--- /dev/null
+From 03d66cfc742893c1827a60b851fa163a06c88dc7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 14 Oct 2020 22:01:09 +0530
+Subject: gfs2: add validation checks for size of superblock
+
+From: Anant Thazhemadam <anant.thazhemadam@gmail.com>
+
+[ Upstream commit 0ddc5154b24c96f20e94d653b0a814438de6032b ]
+
+In gfs2_check_sb(), no validation checks are performed with regards to
+the size of the superblock.
+syzkaller detected a slab-out-of-bounds bug that was primarily caused
+because the block size for a superblock was set to zero.
+A valid size for a superblock is a power of 2 between 512 and PAGE_SIZE.
+Performing validation checks and ensuring that the size of the superblock
+is valid fixes this bug.
+
+Reported-by: syzbot+af90d47a37376844e731@syzkaller.appspotmail.com
+Tested-by: syzbot+af90d47a37376844e731@syzkaller.appspotmail.com
+Suggested-by: Andrew Price <anprice@redhat.com>
+Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
+[Minor code reordering.]
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/gfs2/ops_fstype.c | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
+index b7b43d00cc6d7..8ed2b1a716376 100644
+--- a/fs/gfs2/ops_fstype.c
++++ b/fs/gfs2/ops_fstype.c
+@@ -160,15 +160,19 @@ static int gfs2_check_sb(struct gfs2_sbd *sdp, int silent)
+ return -EINVAL;
+ }
+
+- /* If format numbers match exactly, we're done. */
+-
+- if (sb->sb_fs_format == GFS2_FORMAT_FS &&
+- sb->sb_multihost_format == GFS2_FORMAT_MULTI)
+- return 0;
++ if (sb->sb_fs_format != GFS2_FORMAT_FS ||
++ sb->sb_multihost_format != GFS2_FORMAT_MULTI) {
++ fs_warn(sdp, "Unknown on-disk format, unable to mount\n");
++ return -EINVAL;
++ }
+
+- fs_warn(sdp, "Unknown on-disk format, unable to mount\n");
++ if (sb->sb_bsize < 512 || sb->sb_bsize > PAGE_SIZE ||
++ (sb->sb_bsize & (sb->sb_bsize - 1))) {
++ pr_warn("Invalid superblock size\n");
++ return -EINVAL;
++ }
+
+- return -EINVAL;
++ return 0;
+ }
+
+ static void end_bio_io_page(struct bio *bio)
+--
+2.27.0
+
--- /dev/null
+From 4889a4e692dfc7059d37eb54c02737ead754c6ed Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 30 Jun 2020 15:14:38 -0700
+Subject: kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
+
+From: Douglas Anderson <dianders@chromium.org>
+
+[ Upstream commit b18b099e04f450cdc77bec72acefcde7042bd1f3 ]
+
+On my system the kernel processes the "kgdb_earlycon" parameter before
+the "kgdbcon" parameter. When we setup "kgdb_earlycon" we'll end up
+in kgdb_register_callbacks() and "kgdb_use_con" won't have been set
+yet so we'll never get around to starting "kgdbcon". Let's remedy
+this by detecting that the IO module was already registered when
+setting "kgdb_use_con" and registering the console then.
+
+As part of this, to avoid pre-declaring things, move the handling of
+the "kgdbcon" further down in the file.
+
+Signed-off-by: Douglas Anderson <dianders@chromium.org>
+Link: https://lore.kernel.org/r/20200630151422.1.I4aa062751ff5e281f5116655c976dff545c09a46@changeid
+Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/debug/debug_core.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
+index 321ccdbb73649..bc791cec58e63 100644
+--- a/kernel/debug/debug_core.c
++++ b/kernel/debug/debug_core.c
+@@ -94,14 +94,6 @@ int dbg_switch_cpu;
+ /* Use kdb or gdbserver mode */
+ int dbg_kdb_mode = 1;
+
+-static int __init opt_kgdb_con(char *str)
+-{
+- kgdb_use_con = 1;
+- return 0;
+-}
+-
+-early_param("kgdbcon", opt_kgdb_con);
+-
+ module_param(kgdb_use_con, int, 0644);
+ module_param(kgdbreboot, int, 0644);
+
+@@ -811,6 +803,20 @@ static struct console kgdbcons = {
+ .index = -1,
+ };
+
++static int __init opt_kgdb_con(char *str)
++{
++ kgdb_use_con = 1;
++
++ if (kgdb_io_module_registered && !kgdb_con_registered) {
++ register_console(&kgdbcons);
++ kgdb_con_registered = 1;
++ }
++
++ return 0;
++}
++
++early_param("kgdbcon", opt_kgdb_con);
++
+ #ifdef CONFIG_MAGIC_SYSRQ
+ static void sysrq_handle_dbg(int key)
+ {
+--
+2.27.0
+
--- /dev/null
+From e9e8cae2958340193606eae6b7841d39e25e51da Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 11 Sep 2020 01:16:07 -0300
+Subject: KVM: PPC: Book3S HV: Do not allocate HPT for a nested guest
+
+From: Fabiano Rosas <farosas@linux.ibm.com>
+
+[ Upstream commit 05e6295dc7de859c9d56334805485c4d20bebf25 ]
+
+The current nested KVM code does not support HPT guests. This is
+informed/enforced in some ways:
+
+- Hosts < P9 will not be able to enable the nested HV feature;
+
+- The nested hypervisor MMU capabilities will not contain
+ KVM_CAP_PPC_MMU_HASH_V3;
+
+- QEMU reflects the MMU capabilities in the
+ 'ibm,arch-vec-5-platform-support' device-tree property;
+
+- The nested guest, at 'prom_parse_mmu_model' ignores the
+ 'disable_radix' kernel command line option if HPT is not supported;
+
+- The KVM_PPC_CONFIGURE_V3_MMU ioctl will fail if trying to use HPT.
+
+There is, however, still a way to start a HPT guest by using
+max-compat-cpu=power8 at the QEMU machine options. This leads to the
+guest being set to use hash after QEMU calls the KVM_PPC_ALLOCATE_HTAB
+ioctl.
+
+With the guest set to hash, the nested hypervisor goes through the
+entry path that has no knowledge of nesting (kvmppc_run_vcpu) and
+crashes when it tries to execute an hypervisor-privileged (mtspr
+HDEC) instruction at __kvmppc_vcore_entry:
+
+root@L1:~ $ qemu-system-ppc64 -machine pseries,max-cpu-compat=power8 ...
+
+<snip>
+[ 538.543303] CPU: 83 PID: 25185 Comm: CPU 0/KVM Not tainted 5.9.0-rc4 #1
+[ 538.543355] NIP: c00800000753f388 LR: c00800000753f368 CTR: c0000000001e5ec0
+[ 538.543417] REGS: c0000013e91e33b0 TRAP: 0700 Not tainted (5.9.0-rc4)
+[ 538.543470] MSR: 8000000002843033 <SF,VEC,VSX,FP,ME,IR,DR,RI,LE> CR: 22422882 XER: 20040000
+[ 538.543546] CFAR: c00800000753f4b0 IRQMASK: 3
+ GPR00: c0080000075397a0 c0000013e91e3640 c00800000755e600 0000000080000000
+ GPR04: 0000000000000000 c0000013eab19800 c000001394de0000 00000043a054db72
+ GPR08: 00000000003b1652 0000000000000000 0000000000000000 c0080000075502e0
+ GPR12: c0000000001e5ec0 c0000007ffa74200 c0000013eab19800 0000000000000008
+ GPR16: 0000000000000000 c00000139676c6c0 c000000001d23948 c0000013e91e38b8
+ GPR20: 0000000000000053 0000000000000000 0000000000000001 0000000000000000
+ GPR24: 0000000000000001 0000000000000001 0000000000000000 0000000000000001
+ GPR28: 0000000000000001 0000000000000053 c0000013eab19800 0000000000000001
+[ 538.544067] NIP [c00800000753f388] __kvmppc_vcore_entry+0x90/0x104 [kvm_hv]
+[ 538.544121] LR [c00800000753f368] __kvmppc_vcore_entry+0x70/0x104 [kvm_hv]
+[ 538.544173] Call Trace:
+[ 538.544196] [c0000013e91e3640] [c0000013e91e3680] 0xc0000013e91e3680 (unreliable)
+[ 538.544260] [c0000013e91e3820] [c0080000075397a0] kvmppc_run_core+0xbc8/0x19d0 [kvm_hv]
+[ 538.544325] [c0000013e91e39e0] [c00800000753d99c] kvmppc_vcpu_run_hv+0x404/0xc00 [kvm_hv]
+[ 538.544394] [c0000013e91e3ad0] [c0080000072da4fc] kvmppc_vcpu_run+0x34/0x48 [kvm]
+[ 538.544472] [c0000013e91e3af0] [c0080000072d61b8] kvm_arch_vcpu_ioctl_run+0x310/0x420 [kvm]
+[ 538.544539] [c0000013e91e3b80] [c0080000072c7450] kvm_vcpu_ioctl+0x298/0x778 [kvm]
+[ 538.544605] [c0000013e91e3ce0] [c0000000004b8c2c] sys_ioctl+0x1dc/0xc90
+[ 538.544662] [c0000013e91e3dc0] [c00000000002f9a4] system_call_exception+0xe4/0x1c0
+[ 538.544726] [c0000013e91e3e20] [c00000000000d140] system_call_common+0xf0/0x27c
+[ 538.544787] Instruction dump:
+[ 538.544821] f86d1098 60000000 60000000 48000099 e8ad0fe8 e8c500a0 e9264140 75290002
+[ 538.544886] 7d1602a6 7cec42a6 40820008 7d0807b4 <7d164ba6> 7d083a14 f90d10a0 480104fd
+[ 538.544953] ---[ end trace 74423e2b948c2e0c ]---
+
+This patch makes the KVM_PPC_ALLOCATE_HTAB ioctl fail when running in
+the nested hypervisor, causing QEMU to abort.
+
+Reported-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
+Signed-off-by: Fabiano Rosas <farosas@linux.ibm.com>
+Reviewed-by: Greg Kurz <groug@kaod.org>
+Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/kvm/book3s_hv.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c
+index 54c6ba87a25ad..b005ce9dc8f04 100644
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -3157,6 +3157,12 @@ static long kvm_arch_vm_ioctl_hv(struct file *filp,
+ case KVM_PPC_ALLOCATE_HTAB: {
+ u32 htab_order;
+
++ /* If we're a nested hypervisor, we currently only support radix */
++ if (kvmhv_on_pseries()) {
++ r = -EOPNOTSUPP;
++ break;
++ }
++
+ r = -EFAULT;
+ if (get_user(htab_order, (u32 __user *)argp))
+ break;
+--
+2.27.0
+
--- /dev/null
+From 3eec2ec7cff1ab86d74a86fa2989c308629ca91b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Oct 2020 00:00:24 +0800
+Subject: md/bitmap: md_bitmap_get_counter returns wrong blocks
+
+From: Zhao Heming <heming.zhao@suse.com>
+
+[ Upstream commit d837f7277f56e70d82b3a4a037d744854e62f387 ]
+
+md_bitmap_get_counter() has code:
+
+```
+ if (bitmap->bp[page].hijacked ||
+ bitmap->bp[page].map == NULL)
+ csize = ((sector_t)1) << (bitmap->chunkshift +
+ PAGE_COUNTER_SHIFT - 1);
+```
+
+The minus 1 is wrong, this branch should report 2048 bits of space.
+With "-1" action, this only report 1024 bit of space.
+
+This bug code returns wrong blocks, but it doesn't inflence bitmap logic:
+1. Most callers focus this function return value (the counter of offset),
+ not the parameter blocks.
+2. The bug is only triggered when hijacked is true or map is NULL.
+ the hijacked true condition is very rare.
+ the "map == null" only true when array is creating or resizing.
+3. Even the caller gets wrong blocks, current code makes caller just to
+ call md_bitmap_get_counter() one more time.
+
+Signed-off-by: Zhao Heming <heming.zhao@suse.com>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/md/bitmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
+index 391090c455cea..65281f168c6fb 100644
+--- a/drivers/md/bitmap.c
++++ b/drivers/md/bitmap.c
+@@ -1332,7 +1332,7 @@ __acquires(bitmap->lock)
+ if (bitmap->bp[page].hijacked ||
+ bitmap->bp[page].map == NULL)
+ csize = ((sector_t)1) << (bitmap->chunkshift +
+- PAGE_COUNTER_SHIFT - 1);
++ PAGE_COUNTER_SHIFT);
+ else
+ csize = ((sector_t)1) << bitmap->chunkshift;
+ *blocks = csize - (offset & (csize - 1));
+--
+2.27.0
+
--- /dev/null
+From 457b0384904fcb8349ed123414ec70adcd825917 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 Aug 2020 14:37:59 +0300
+Subject: memory: emif: Remove bogus debugfs error handling
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit fd22781648080cc400772b3c68aa6b059d2d5420 ]
+
+Callers are generally not supposed to check the return values from
+debugfs functions. Debugfs functions never return NULL so this error
+handling will never trigger. (Historically debugfs functions used to
+return a mix of NULL and error pointers but it was eventually deemed too
+complicated for something which wasn't intended to be used in normal
+situations).
+
+Delete all the error handling.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Acked-by: Santosh Shilimkar <ssantosh@kernel.org>
+Link: https://lore.kernel.org/r/20200826113759.GF393664@mwanda
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/memory/emif.c | 33 +++++----------------------------
+ 1 file changed, 5 insertions(+), 28 deletions(-)
+
+diff --git a/drivers/memory/emif.c b/drivers/memory/emif.c
+index 04644e7b42b12..88c32b8dc88a1 100644
+--- a/drivers/memory/emif.c
++++ b/drivers/memory/emif.c
+@@ -165,35 +165,12 @@ static const struct file_operations emif_mr4_fops = {
+
+ static int __init_or_module emif_debugfs_init(struct emif_data *emif)
+ {
+- struct dentry *dentry;
+- int ret;
+-
+- dentry = debugfs_create_dir(dev_name(emif->dev), NULL);
+- if (!dentry) {
+- ret = -ENOMEM;
+- goto err0;
+- }
+- emif->debugfs_root = dentry;
+-
+- dentry = debugfs_create_file("regcache_dump", S_IRUGO,
+- emif->debugfs_root, emif, &emif_regdump_fops);
+- if (!dentry) {
+- ret = -ENOMEM;
+- goto err1;
+- }
+-
+- dentry = debugfs_create_file("mr4", S_IRUGO,
+- emif->debugfs_root, emif, &emif_mr4_fops);
+- if (!dentry) {
+- ret = -ENOMEM;
+- goto err1;
+- }
+-
++ emif->debugfs_root = debugfs_create_dir(dev_name(emif->dev), NULL);
++ debugfs_create_file("regcache_dump", S_IRUGO, emif->debugfs_root, emif,
++ &emif_regdump_fops);
++ debugfs_create_file("mr4", S_IRUGO, emif->debugfs_root, emif,
++ &emif_mr4_fops);
+ return 0;
+-err1:
+- debugfs_remove_recursive(emif->debugfs_root);
+-err0:
+- return ret;
+ }
+
+ static void __exit emif_debugfs_exit(struct emif_data *emif)
+--
+2.27.0
+
--- /dev/null
+From ae01bdebd25f5c3c6e47f56dd600122c383a4034 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 22 Aug 2020 11:45:28 +0530
+Subject: mmc: via-sdmmc: Fix data race bug
+
+From: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
+
+[ Upstream commit 87d7ad089b318b4f319bf57f1daa64eb6d1d10ad ]
+
+via_save_pcictrlreg() should be called with host->lock held
+as it writes to pm_pcictrl_reg, otherwise there can be a race
+condition between via_sd_suspend() and via_sdc_card_detect().
+The same pattern is used in the function via_reset_pcictrl()
+as well, where via_save_pcictrlreg() is called with host->lock
+held.
+
+Found by Linux Driver Verification project (linuxtesting.org).
+
+Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com>
+Link: https://lore.kernel.org/r/20200822061528.7035-1-madhuparnabhowmik10@gmail.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mmc/host/via-sdmmc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/mmc/host/via-sdmmc.c b/drivers/mmc/host/via-sdmmc.c
+index 63fac78b3d46a..b455e9cf95afc 100644
+--- a/drivers/mmc/host/via-sdmmc.c
++++ b/drivers/mmc/host/via-sdmmc.c
+@@ -1269,11 +1269,14 @@ static void via_init_sdc_pm(struct via_crdr_mmc_host *host)
+ static int via_sd_suspend(struct pci_dev *pcidev, pm_message_t state)
+ {
+ struct via_crdr_mmc_host *host;
++ unsigned long flags;
+
+ host = pci_get_drvdata(pcidev);
+
++ spin_lock_irqsave(&host->lock, flags);
+ via_save_pcictrlreg(host);
+ via_save_sdcreg(host);
++ spin_unlock_irqrestore(&host->lock, flags);
+
+ pci_save_state(pcidev);
+ pci_enable_wake(pcidev, pci_choose_state(pcidev, state), 0);
+--
+2.27.0
+
--- /dev/null
+From 32d866662064a2601fd58d6c8a0475817c5a5815 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 12 Oct 2020 09:54:04 +0530
+Subject: net: 9p: initialize sun_server.sun_path to have addr's value only
+ when addr is valid
+
+From: Anant Thazhemadam <anant.thazhemadam@gmail.com>
+
+[ Upstream commit 7ca1db21ef8e0e6725b4d25deed1ca196f7efb28 ]
+
+In p9_fd_create_unix, checking is performed to see if the addr (passed
+as an argument) is NULL or not.
+However, no check is performed to see if addr is a valid address, i.e.,
+it doesn't entirely consist of only 0's.
+The initialization of sun_server.sun_path to be equal to this faulty
+addr value leads to an uninitialized variable, as detected by KMSAN.
+Checking for this (faulty addr) and returning a negative error number
+appropriately, resolves this issue.
+
+Link: http://lkml.kernel.org/r/20201012042404.2508-1-anant.thazhemadam@gmail.com
+Reported-by: syzbot+75d51fe5bf4ebe988518@syzkaller.appspotmail.com
+Tested-by: syzbot+75d51fe5bf4ebe988518@syzkaller.appspotmail.com
+Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
+Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/9p/trans_fd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
+index eab058f93ec97..6f8e84844bb27 100644
+--- a/net/9p/trans_fd.c
++++ b/net/9p/trans_fd.c
+@@ -991,7 +991,7 @@ p9_fd_create_unix(struct p9_client *client, const char *addr, char *args)
+
+ csocket = NULL;
+
+- if (addr == NULL)
++ if (!addr || !strlen(addr))
+ return -EINVAL;
+
+ if (strlen(addr) >= UNIX_PATH_MAX) {
+--
+2.27.0
+
--- /dev/null
+From afe0aac63b699a24ff1e74477fd9df7383084612 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 4 Sep 2020 14:09:58 +0800
+Subject: power: supply: test_power: add missing newlines when printing
+ parameters by sysfs
+
+From: Xiongfeng Wang <wangxiongfeng2@huawei.com>
+
+[ Upstream commit c07fa6c1631333f02750cf59f22b615d768b4d8f ]
+
+When I cat some module parameters by sysfs, it displays as follows.
+It's better to add a newline for easy reading.
+
+root@syzkaller:~# cd /sys/module/test_power/parameters/
+root@syzkaller:/sys/module/test_power/parameters# cat ac_online
+onroot@syzkaller:/sys/module/test_power/parameters# cat battery_present
+trueroot@syzkaller:/sys/module/test_power/parameters# cat battery_health
+goodroot@syzkaller:/sys/module/test_power/parameters# cat battery_status
+dischargingroot@syzkaller:/sys/module/test_power/parameters# cat battery_technology
+LIONroot@syzkaller:/sys/module/test_power/parameters# cat usb_online
+onroot@syzkaller:/sys/module/test_power/parameters#
+
+Signed-off-by: Xiongfeng Wang <wangxiongfeng2@huawei.com>
+Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/power/test_power.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/drivers/power/test_power.c b/drivers/power/test_power.c
+index 57246cdbd0426..925abec45380f 100644
+--- a/drivers/power/test_power.c
++++ b/drivers/power/test_power.c
+@@ -344,6 +344,7 @@ static int param_set_ac_online(const char *key, const struct kernel_param *kp)
+ static int param_get_ac_online(char *buffer, const struct kernel_param *kp)
+ {
+ strcpy(buffer, map_get_key(map_ac_online, ac_online, "unknown"));
++ strcat(buffer, "\n");
+ return strlen(buffer);
+ }
+
+@@ -357,6 +358,7 @@ static int param_set_usb_online(const char *key, const struct kernel_param *kp)
+ static int param_get_usb_online(char *buffer, const struct kernel_param *kp)
+ {
+ strcpy(buffer, map_get_key(map_ac_online, usb_online, "unknown"));
++ strcat(buffer, "\n");
+ return strlen(buffer);
+ }
+
+@@ -371,6 +373,7 @@ static int param_set_battery_status(const char *key,
+ static int param_get_battery_status(char *buffer, const struct kernel_param *kp)
+ {
+ strcpy(buffer, map_get_key(map_status, battery_status, "unknown"));
++ strcat(buffer, "\n");
+ return strlen(buffer);
+ }
+
+@@ -385,6 +388,7 @@ static int param_set_battery_health(const char *key,
+ static int param_get_battery_health(char *buffer, const struct kernel_param *kp)
+ {
+ strcpy(buffer, map_get_key(map_health, battery_health, "unknown"));
++ strcat(buffer, "\n");
+ return strlen(buffer);
+ }
+
+@@ -400,6 +404,7 @@ static int param_get_battery_present(char *buffer,
+ const struct kernel_param *kp)
+ {
+ strcpy(buffer, map_get_key(map_present, battery_present, "unknown"));
++ strcat(buffer, "\n");
+ return strlen(buffer);
+ }
+
+@@ -417,6 +422,7 @@ static int param_get_battery_technology(char *buffer,
+ {
+ strcpy(buffer,
+ map_get_key(map_technology, battery_technology, "unknown"));
++ strcat(buffer, "\n");
+ return strlen(buffer);
+ }
+
+--
+2.27.0
+
--- /dev/null
+From 28e06d451edd1c14d5ba8c79aeb3feb2f4a9056b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 4 Aug 2020 10:54:05 +1000
+Subject: powerpc/powernv/smp: Fix spurious DBG() warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Oliver O'Halloran <oohall@gmail.com>
+
+[ Upstream commit f6bac19cf65c5be21d14a0c9684c8f560f2096dd ]
+
+When building with W=1 we get the following warning:
+
+ arch/powerpc/platforms/powernv/smp.c: In function ‘pnv_smp_cpu_kill_self’:
+ arch/powerpc/platforms/powernv/smp.c:276:16: error: suggest braces around
+ empty body in an ‘if’ statement [-Werror=empty-body]
+ 276 | cpu, srr1);
+ | ^
+ cc1: all warnings being treated as errors
+
+The full context is this block:
+
+ if (srr1 && !generic_check_cpu_restart(cpu))
+ DBG("CPU%d Unexpected exit while offline srr1=%lx!\n",
+ cpu, srr1);
+
+When building with DEBUG undefined DBG() expands to nothing and GCC emits
+the warning due to the lack of braces around an empty statement.
+
+Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
+Reviewed-by: Joel Stanley <joel@jms.id.au>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200804005410.146094-2-oohall@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/platforms/powernv/smp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/powerpc/platforms/powernv/smp.c b/arch/powerpc/platforms/powernv/smp.c
+index ad7b1a3dbed09..c605c78a80896 100644
+--- a/arch/powerpc/platforms/powernv/smp.c
++++ b/arch/powerpc/platforms/powernv/smp.c
+@@ -41,7 +41,7 @@
+ #include <asm/udbg.h>
+ #define DBG(fmt...) udbg_printf(fmt)
+ #else
+-#define DBG(fmt...)
++#define DBG(fmt...) do { } while (0)
+ #endif
+
+ static void pnv_smp_setup_cpu(int cpu)
+--
+2.27.0
+
--- /dev/null
+From d3322b0b66f8cb6f38eb8a426e8e446019a4bfc9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 12 Aug 2020 09:37:22 +0206
+Subject: printk: reduce LOG_BUF_SHIFT range for H8300
+
+From: John Ogness <john.ogness@linutronix.de>
+
+[ Upstream commit 550c10d28d21bd82a8bb48debbb27e6ed53262f6 ]
+
+The .bss section for the h8300 is relatively small. A value of
+CONFIG_LOG_BUF_SHIFT that is larger than 19 will create a static
+printk ringbuffer that is too large. Limit the range appropriately
+for the H8300.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: John Ogness <john.ogness@linutronix.de>
+Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+Link: https://lore.kernel.org/r/20200812073122.25412-1-john.ogness@linutronix.de
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ init/Kconfig | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/init/Kconfig b/init/Kconfig
+index f9fb621c95623..5d8ada360ca34 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -823,7 +823,8 @@ config IKCONFIG_PROC
+
+ config LOG_BUF_SHIFT
+ int "Kernel log buffer size (16 => 64KB, 17 => 128KB)"
+- range 12 25
++ range 12 25 if !H8300
++ range 12 19 if H8300
+ default 17
+ depends on PRINTK
+ help
+--
+2.27.0
+
ata-sata_rcar-fix-dma-boundary-mask.patch
fscrypt-return-exdev-for-incompatible-rename-or-link-into-encrypted-dir.patch
f2fs-crypto-avoid-unneeded-memory-allocation-in-readdir.patch
+powerpc-powernv-smp-fix-spurious-dbg-warning.patch
+sparc64-remove-mm_cpumask-clearing-to-fix-kthread_us.patch
+f2fs-fix-to-check-segment-boundary-during-sit-page-r.patch
+um-change-sigio_spinlock-to-a-mutex.patch
+xfs-fix-realtime-bitmap-summary-file-truncation-when.patch
+video-fbdev-pvr2fb-initialize-variables.patch
+ath10k-fix-vht-nss-calculation-when-stbc-is-enabled.patch
+mmc-via-sdmmc-fix-data-race-bug.patch
+printk-reduce-log_buf_shift-range-for-h8300.patch
+kgdb-make-kgdbcon-work-properly-with-kgdb_earlycon.patch
+usb-adutux-fix-debugging.patch
+acpi-add-out-of-bounds-and-numa_off-protections-to-p.patch
+drivers-net-wan-hdlc_fr-correctly-handle-special-skb.patch
+power-supply-test_power-add-missing-newlines-when-pr.patch
+md-bitmap-md_bitmap_get_counter-returns-wrong-blocks.patch
+clk-ti-clockdomain-fix-static-checker-warning.patch
+net-9p-initialize-sun_server.sun_path-to-have-addr-s.patch
+drivers-watchdog-rdc321x_wdt-fix-race-condition-bugs.patch
+ext4-detect-already-used-quota-file-early.patch
+kvm-ppc-book3s-hv-do-not-allocate-hpt-for-a-nested-g.patch
+gfs2-add-validation-checks-for-size-of-superblock.patch
+memory-emif-remove-bogus-debugfs-error-handling.patch
+arm-dts-s5pv210-move-pmu-node-out-of-clock-controlle.patch
+arm-dts-s5pv210-remove-dedicated-audio-subsystem-nod.patch
--- /dev/null
+From 20dccd9ed5f93f149efd426b3ce20d10cb481561 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 14 Sep 2020 14:52:18 +1000
+Subject: sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
+
+From: Nicholas Piggin <npiggin@gmail.com>
+
+[ Upstream commit bafb056ce27940c9994ea905336aa8f27b4f7275 ]
+
+The de facto (and apparently uncommented) standard for using an mm had,
+thanks to this code in sparc if nothing else, been that you must have a
+reference on mm_users *and that reference must have been obtained with
+mmget()*, i.e., from a thread with a reference to mm_users that had used
+the mm.
+
+The introduction of mmget_not_zero() in commit d2005e3f41d4
+("userfaultfd: don't pin the user memory in userfaultfd_file_create()")
+allowed mm_count holders to aoperate on user mappings asynchronously
+from the actual threads using the mm, but they were not to load those
+mappings into their TLB (i.e., walking vmas and page tables is okay,
+kthread_use_mm() is not).
+
+io_uring 2b188cc1bb857 ("Add io_uring IO interface") added code which
+does a kthread_use_mm() from a mmget_not_zero() refcount.
+
+The problem with this is code which previously assumed mm == current->mm
+and mm->mm_users == 1 implies the mm will remain single-threaded at
+least until this thread creates another mm_users reference, has now
+broken.
+
+arch/sparc/kernel/smp_64.c:
+
+ if (atomic_read(&mm->mm_users) == 1) {
+ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
+ goto local_flush_and_out;
+ }
+
+vs fs/io_uring.c
+
+ if (unlikely(!(ctx->flags & IORING_SETUP_SQPOLL) ||
+ !mmget_not_zero(ctx->sqo_mm)))
+ return -EFAULT;
+ kthread_use_mm(ctx->sqo_mm);
+
+mmget_not_zero() could come in right after the mm_users == 1 test, then
+kthread_use_mm() which sets its CPU in the mm_cpumask. That update could
+be lost if cpumask_copy() occurs afterward.
+
+I propose we fix this by allowing mmget_not_zero() to be a first-class
+reference, and not have this obscure undocumented and unchecked
+restriction.
+
+The basic fix for sparc64 is to remove its mm_cpumask clearing code. The
+optimisation could be effectively restored by sending IPIs to mm_cpumask
+members and having them remove themselves from mm_cpumask. This is more
+tricky so I leave it as an exercise for someone with a sparc64 SMP.
+powerpc has a (currently similarly broken) example.
+
+Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+Acked-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200914045219.3736466-4-npiggin@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/sparc/kernel/smp_64.c | 65 ++++++++------------------------------
+ 1 file changed, 14 insertions(+), 51 deletions(-)
+
+diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
+index 46866b2097e81..bd27e86ce36db 100644
+--- a/arch/sparc/kernel/smp_64.c
++++ b/arch/sparc/kernel/smp_64.c
+@@ -1030,38 +1030,9 @@ void smp_fetch_global_pmu(void)
+ * are flush_tlb_*() routines, and these run after flush_cache_*()
+ * which performs the flushw.
+ *
+- * The SMP TLB coherency scheme we use works as follows:
+- *
+- * 1) mm->cpu_vm_mask is a bit mask of which cpus an address
+- * space has (potentially) executed on, this is the heuristic
+- * we use to avoid doing cross calls.
+- *
+- * Also, for flushing from kswapd and also for clones, we
+- * use cpu_vm_mask as the list of cpus to make run the TLB.
+- *
+- * 2) TLB context numbers are shared globally across all processors
+- * in the system, this allows us to play several games to avoid
+- * cross calls.
+- *
+- * One invariant is that when a cpu switches to a process, and
+- * that processes tsk->active_mm->cpu_vm_mask does not have the
+- * current cpu's bit set, that tlb context is flushed locally.
+- *
+- * If the address space is non-shared (ie. mm->count == 1) we avoid
+- * cross calls when we want to flush the currently running process's
+- * tlb state. This is done by clearing all cpu bits except the current
+- * processor's in current->mm->cpu_vm_mask and performing the
+- * flush locally only. This will force any subsequent cpus which run
+- * this task to flush the context from the local tlb if the process
+- * migrates to another cpu (again).
+- *
+- * 3) For shared address spaces (threads) and swapping we bite the
+- * bullet for most cases and perform the cross call (but only to
+- * the cpus listed in cpu_vm_mask).
+- *
+- * The performance gain from "optimizing" away the cross call for threads is
+- * questionable (in theory the big win for threads is the massive sharing of
+- * address space state across processors).
++ * mm->cpu_vm_mask is a bit mask of which cpus an address
++ * space has (potentially) executed on, this is the heuristic
++ * we use to limit cross calls.
+ */
+
+ /* This currently is only used by the hugetlb arch pre-fault
+@@ -1071,18 +1042,13 @@ void smp_fetch_global_pmu(void)
+ void smp_flush_tlb_mm(struct mm_struct *mm)
+ {
+ u32 ctx = CTX_HWBITS(mm->context);
+- int cpu = get_cpu();
+
+- if (atomic_read(&mm->mm_users) == 1) {
+- cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
+- goto local_flush_and_out;
+- }
++ get_cpu();
+
+ smp_cross_call_masked(&xcall_flush_tlb_mm,
+ ctx, 0, 0,
+ mm_cpumask(mm));
+
+-local_flush_and_out:
+ __flush_tlb_mm(ctx, SECONDARY_CONTEXT);
+
+ put_cpu();
+@@ -1105,17 +1071,15 @@ void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long
+ {
+ u32 ctx = CTX_HWBITS(mm->context);
+ struct tlb_pending_info info;
+- int cpu = get_cpu();
++
++ get_cpu();
+
+ info.ctx = ctx;
+ info.nr = nr;
+ info.vaddrs = vaddrs;
+
+- if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
+- cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
+- else
+- smp_call_function_many(mm_cpumask(mm), tlb_pending_func,
+- &info, 1);
++ smp_call_function_many(mm_cpumask(mm), tlb_pending_func,
++ &info, 1);
+
+ __flush_tlb_pending(ctx, nr, vaddrs);
+
+@@ -1125,14 +1089,13 @@ void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long
+ void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr)
+ {
+ unsigned long context = CTX_HWBITS(mm->context);
+- int cpu = get_cpu();
+
+- if (mm == current->mm && atomic_read(&mm->mm_users) == 1)
+- cpumask_copy(mm_cpumask(mm), cpumask_of(cpu));
+- else
+- smp_cross_call_masked(&xcall_flush_tlb_page,
+- context, vaddr, 0,
+- mm_cpumask(mm));
++ get_cpu();
++
++ smp_cross_call_masked(&xcall_flush_tlb_page,
++ context, vaddr, 0,
++ mm_cpumask(mm));
++
+ __flush_tlb_page(context, vaddr);
+
+ put_cpu();
+--
+2.27.0
+
--- /dev/null
+From 09387b80d85a6d5ebc82bd61a289ef82c4cf803b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 4 Jun 2020 13:23:17 +0200
+Subject: um: change sigio_spinlock to a mutex
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+[ Upstream commit f2d05059e15af3f70502074f4e3a504530af504a ]
+
+Lockdep complains at boot:
+
+=============================
+[ BUG: Invalid wait context ]
+5.7.0-05093-g46d91ecd597b #98 Not tainted
+-----------------------------
+swapper/1 is trying to lock:
+0000000060931b98 (&desc[i].request_mutex){+.+.}-{3:3}, at: __setup_irq+0x11d/0x623
+other info that might help us debug this:
+context-{4:4}
+1 lock held by swapper/1:
+ #0: 000000006074fed8 (sigio_spinlock){+.+.}-{2:2}, at: sigio_lock+0x1a/0x1c
+stack backtrace:
+CPU: 0 PID: 1 Comm: swapper Not tainted 5.7.0-05093-g46d91ecd597b #98
+Stack:
+ 7fa4fab0 6028dfd1 0000002a 6008bea5
+ 7fa50700 7fa50040 7fa4fac0 6028e016
+ 7fa4fb50 6007f6da 60959c18 00000000
+Call Trace:
+ [<60023a0e>] show_stack+0x13b/0x155
+ [<6028e016>] dump_stack+0x2a/0x2c
+ [<6007f6da>] __lock_acquire+0x515/0x15f2
+ [<6007eb50>] lock_acquire+0x245/0x273
+ [<6050d9f1>] __mutex_lock+0xbd/0x325
+ [<6050dc76>] mutex_lock_nested+0x1d/0x1f
+ [<6008e27e>] __setup_irq+0x11d/0x623
+ [<6008e8ed>] request_threaded_irq+0x169/0x1a6
+ [<60021eb0>] um_request_irq+0x1ee/0x24b
+ [<600234ee>] write_sigio_irq+0x3b/0x76
+ [<600383ca>] sigio_broken+0x146/0x2e4
+ [<60020bd8>] do_one_initcall+0xde/0x281
+
+Because we hold sigio_spinlock and then get into requesting
+an interrupt with a mutex.
+
+Change the spinlock to a mutex to avoid that.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/um/kernel/sigio.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/arch/um/kernel/sigio.c b/arch/um/kernel/sigio.c
+index b5e0cbb343828..476ded92affac 100644
+--- a/arch/um/kernel/sigio.c
++++ b/arch/um/kernel/sigio.c
+@@ -36,14 +36,14 @@ int write_sigio_irq(int fd)
+ }
+
+ /* These are called from os-Linux/sigio.c to protect its pollfds arrays. */
+-static DEFINE_SPINLOCK(sigio_spinlock);
++static DEFINE_MUTEX(sigio_mutex);
+
+ void sigio_lock(void)
+ {
+- spin_lock(&sigio_spinlock);
++ mutex_lock(&sigio_mutex);
+ }
+
+ void sigio_unlock(void)
+ {
+- spin_unlock(&sigio_spinlock);
++ mutex_unlock(&sigio_mutex);
+ }
+--
+2.27.0
+
--- /dev/null
+From 7b6f1f5839e52ebb331851458a1c53b224a3a23c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 17 Sep 2020 13:26:00 +0200
+Subject: USB: adutux: fix debugging
+
+From: Oliver Neukum <oneukum@suse.com>
+
+[ Upstream commit c56150c1bc8da5524831b1dac2eec3c67b89f587 ]
+
+Handling for removal of the controller was missing at one place.
+Add it.
+
+Signed-off-by: Oliver Neukum <oneukum@suse.com>
+Link: https://lore.kernel.org/r/20200917112600.26508-1-oneukum@suse.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/misc/adutux.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/usb/misc/adutux.c b/drivers/usb/misc/adutux.c
+index ba5c0a4591ac9..012d97f9c30c7 100644
+--- a/drivers/usb/misc/adutux.c
++++ b/drivers/usb/misc/adutux.c
+@@ -210,6 +210,7 @@ static void adu_interrupt_out_callback(struct urb *urb)
+
+ if (status != 0) {
+ if ((status != -ENOENT) &&
++ (status != -ESHUTDOWN) &&
+ (status != -ECONNRESET)) {
+ dev_dbg(&dev->udev->dev,
+ "%s :nonzero status received: %d\n", __func__,
+--
+2.27.0
+
--- /dev/null
+From 5eab38713a28962b1c7963eef8a458f190f3b175 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 20 Jul 2020 12:18:45 -0700
+Subject: video: fbdev: pvr2fb: initialize variables
+
+From: Tom Rix <trix@redhat.com>
+
+[ Upstream commit 8e1ba47c60bcd325fdd097cd76054639155e5d2e ]
+
+clang static analysis reports this repesentative error
+
+pvr2fb.c:1049:2: warning: 1st function call argument
+ is an uninitialized value [core.CallAndMessage]
+ if (*cable_arg)
+ ^~~~~~~~~~~~~~~
+
+Problem is that cable_arg depends on the input loop to
+set the cable_arg[0]. If it does not, then some random
+value from the stack is used.
+
+A similar problem exists for output_arg.
+
+So initialize cable_arg and output_arg.
+
+Signed-off-by: Tom Rix <trix@redhat.com>
+Acked-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
+Link: https://patchwork.freedesktop.org/patch/msgid/20200720191845.20115-1-trix@redhat.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/video/fbdev/pvr2fb.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/video/fbdev/pvr2fb.c b/drivers/video/fbdev/pvr2fb.c
+index 750a384bf1915..1a015a6b682e7 100644
+--- a/drivers/video/fbdev/pvr2fb.c
++++ b/drivers/video/fbdev/pvr2fb.c
+@@ -1029,6 +1029,8 @@ static int __init pvr2fb_setup(char *options)
+ if (!options || !*options)
+ return 0;
+
++ cable_arg[0] = output_arg[0] = 0;
++
+ while ((this_opt = strsep(&options, ","))) {
+ if (!*this_opt)
+ continue;
+--
+2.27.0
+
--- /dev/null
+From 211e1406ff0df0837d30818bb89af774c5577ef3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 7 Oct 2020 13:55:16 -0700
+Subject: xfs: fix realtime bitmap/summary file truncation when growing rt
+ volume
+
+From: Darrick J. Wong <darrick.wong@oracle.com>
+
+[ Upstream commit f4c32e87de7d66074d5612567c5eac7325024428 ]
+
+The realtime bitmap and summary files are regular files that are hidden
+away from the directory tree. Since they're regular files, inode
+inactivation will try to purge what it thinks are speculative
+preallocations beyond the incore size of the file. Unfortunately,
+xfs_growfs_rt forgets to update the incore size when it resizes the
+inodes, with the result that inactivating the rt inodes at unmount time
+will cause their contents to be truncated.
+
+Fix this by updating the incore size when we change the ondisk size as
+part of updating the superblock. Note that we don't do this when we're
+allocating blocks to the rt inodes because we actually want those blocks
+to get purged if the growfs fails.
+
+This fixes corruption complaints from the online rtsummary checker when
+running xfs/233. Since that test requires rmap, one can also trigger
+this by growing an rt volume, cycling the mount, and creating rt files.
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Reviewed-by: Chandan Babu R <chandanrlinux@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/xfs/xfs_rtalloc.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c
+index bda5248fc6498..acadeaf72674e 100644
+--- a/fs/xfs/xfs_rtalloc.c
++++ b/fs/xfs/xfs_rtalloc.c
+@@ -1017,10 +1017,13 @@ xfs_growfs_rt(
+ xfs_ilock(mp->m_rbmip, XFS_ILOCK_EXCL);
+ xfs_trans_ijoin(tp, mp->m_rbmip, XFS_ILOCK_EXCL);
+ /*
+- * Update the bitmap inode's size.
++ * Update the bitmap inode's size ondisk and incore. We need
++ * to update the incore size so that inode inactivation won't
++ * punch what it thinks are "posteof" blocks.
+ */
+ mp->m_rbmip->i_d.di_size =
+ nsbp->sb_rbmblocks * nsbp->sb_blocksize;
++ i_size_write(VFS_I(mp->m_rbmip), mp->m_rbmip->i_d.di_size);
+ xfs_trans_log_inode(tp, mp->m_rbmip, XFS_ILOG_CORE);
+ /*
+ * Get the summary inode into the transaction.
+@@ -1028,9 +1031,12 @@ xfs_growfs_rt(
+ xfs_ilock(mp->m_rsumip, XFS_ILOCK_EXCL);
+ xfs_trans_ijoin(tp, mp->m_rsumip, XFS_ILOCK_EXCL);
+ /*
+- * Update the summary inode's size.
++ * Update the summary inode's size. We need to update the
++ * incore size so that inode inactivation won't punch what it
++ * thinks are "posteof" blocks.
+ */
+ mp->m_rsumip->i_d.di_size = nmp->m_rsumsize;
++ i_size_write(VFS_I(mp->m_rsumip), mp->m_rsumip->i_d.di_size);
+ xfs_trans_log_inode(tp, mp->m_rsumip, XFS_ILOG_CORE);
+ /*
+ * Copy summary data from old to new sizes.
+--
+2.27.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
