--- /dev/null
+From 35509737c8f958944e059d501255a0bf18361ba0 Mon Sep 17 00:00:00 2001
+From: Dmitry Osipenko <digetx@gmail.com>
+Date: Fri, 13 Mar 2020 12:01:04 +0300
+Subject: ARM: tegra: Correct PL310 Auxiliary Control Register initialization
+
+From: Dmitry Osipenko <digetx@gmail.com>
+
+commit 35509737c8f958944e059d501255a0bf18361ba0 upstream.
+
+The PL310 Auxiliary Control Register shouldn't have the "Full line of
+zero" optimization bit being set before L2 cache is enabled. The L2X0
+driver takes care of enabling the optimization by itself.
+
+This patch fixes a noisy error message on Tegra20 and Tegra30 telling
+that cache optimization is erroneously enabled without enabling it for
+the CPU:
+
+ L2C-310: enabling full line of zeros but not enabled in Cortex-A9
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
+Tested-by: Nicolas Chauvet <kwizart@gmail.com>
+Signed-off-by: Thierry Reding <treding@nvidia.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mach-tegra/tegra.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm/mach-tegra/tegra.c
++++ b/arch/arm/mach-tegra/tegra.c
+@@ -155,8 +155,8 @@ static const char * const tegra_dt_board
+ };
+
+ DT_MACHINE_START(TEGRA_DT, "NVIDIA Tegra SoC (Flattened Device Tree)")
+- .l2c_aux_val = 0x3c400001,
+- .l2c_aux_mask = 0xc20fc3fe,
++ .l2c_aux_val = 0x3c400000,
++ .l2c_aux_mask = 0xc20fc3ff,
+ .smp = smp_ops(tegra_smp_ops),
+ .map_io = tegra_map_common_io,
+ .init_early = tegra_init_early,
--- /dev/null
+From 93900337b9ac2f4eca427eff6d187be2dc3b5551 Mon Sep 17 00:00:00 2001
+From: Michael Ellerman <mpe@ellerman.id.au>
+Date: Thu, 23 Apr 2020 16:00:38 +1000
+Subject: drivers/macintosh: Fix memleak in windfarm_pm112 driver
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+commit 93900337b9ac2f4eca427eff6d187be2dc3b5551 upstream.
+
+create_cpu_loop() calls smu_sat_get_sdb_partition() which does
+kmalloc() and returns the allocated buffer. In fact it's called twice,
+and neither buffer is freed.
+
+This results in a memory leak as reported by Erhard:
+ unreferenced object 0xc00000047081f840 (size 32):
+ comm "kwindfarm", pid 203, jiffies 4294880630 (age 5552.877s)
+ hex dump (first 32 bytes):
+ c8 06 02 7f ff 02 ff 01 fb bf 00 41 00 20 00 00 ...........A. ..
+ 00 07 89 37 00 a0 00 00 00 00 00 00 00 00 00 00 ...7............
+ backtrace:
+ [<0000000083f0a65c>] .smu_sat_get_sdb_partition+0xc4/0x2d0 [windfarm_smu_sat]
+ [<000000003010fcb7>] .pm112_wf_notify+0x104c/0x13bc [windfarm_pm112]
+ [<00000000b958b2dd>] .notifier_call_chain+0xa8/0x180
+ [<0000000070490868>] .blocking_notifier_call_chain+0x64/0x90
+ [<00000000131d8149>] .wf_thread_func+0x114/0x1a0
+ [<000000000d54838d>] .kthread+0x13c/0x190
+ [<00000000669b72bc>] .ret_from_kernel_thread+0x58/0x64
+ unreferenced object 0xc0000004737089f0 (size 16):
+ comm "kwindfarm", pid 203, jiffies 4294880879 (age 5552.050s)
+ hex dump (first 16 bytes):
+ c4 04 01 7f 22 11 e0 e6 ff 55 7b 12 ec 11 00 00 ...."....U{.....
+ backtrace:
+ [<0000000083f0a65c>] .smu_sat_get_sdb_partition+0xc4/0x2d0 [windfarm_smu_sat]
+ [<00000000b94ef7e1>] .pm112_wf_notify+0x1294/0x13bc [windfarm_pm112]
+ [<00000000b958b2dd>] .notifier_call_chain+0xa8/0x180
+ [<0000000070490868>] .blocking_notifier_call_chain+0x64/0x90
+ [<00000000131d8149>] .wf_thread_func+0x114/0x1a0
+ [<000000000d54838d>] .kthread+0x13c/0x190
+ [<00000000669b72bc>] .ret_from_kernel_thread+0x58/0x64
+
+Fix it by rearranging the logic so we deal with each buffer
+separately, which then makes it easy to free the buffer once we're
+done with it.
+
+Fixes: ac171c46667c ("[PATCH] powerpc: Thermal control for dual core G5s")
+Cc: stable@vger.kernel.org # v2.6.16+
+Reported-by: Erhard F. <erhard_f@mailbox.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Tested-by: Erhard F. <erhard_f@mailbox.org>
+Link: https://lore.kernel.org/r/20200423060038.3308530-1-mpe@ellerman.id.au
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/macintosh/windfarm_pm112.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+--- a/drivers/macintosh/windfarm_pm112.c
++++ b/drivers/macintosh/windfarm_pm112.c
+@@ -133,14 +133,6 @@ static int create_cpu_loop(int cpu)
+ s32 tmax;
+ int fmin;
+
+- /* Get PID params from the appropriate SAT */
+- hdr = smu_sat_get_sdb_partition(chip, 0xC8 + core, NULL);
+- if (hdr == NULL) {
+- printk(KERN_WARNING"windfarm: can't get CPU PID fan config\n");
+- return -EINVAL;
+- }
+- piddata = (struct smu_sdbp_cpupiddata *)&hdr[1];
+-
+ /* Get FVT params to get Tmax; if not found, assume default */
+ hdr = smu_sat_get_sdb_partition(chip, 0xC4 + core, NULL);
+ if (hdr) {
+@@ -153,6 +145,16 @@ static int create_cpu_loop(int cpu)
+ if (tmax < cpu_all_tmax)
+ cpu_all_tmax = tmax;
+
++ kfree(hdr);
++
++ /* Get PID params from the appropriate SAT */
++ hdr = smu_sat_get_sdb_partition(chip, 0xC8 + core, NULL);
++ if (hdr == NULL) {
++ printk(KERN_WARNING"windfarm: can't get CPU PID fan config\n");
++ return -EINVAL;
++ }
++ piddata = (struct smu_sdbp_cpupiddata *)&hdr[1];
++
+ /*
+ * Darwin has a minimum fan speed of 1000 rpm for the 4-way and
+ * 515 for the 2-way. That appears to be overkill, so for now,
+@@ -175,6 +177,9 @@ static int create_cpu_loop(int cpu)
+ pid.min = fmin;
+
+ wf_cpu_pid_init(&cpu_pid[cpu], &pid);
++
++ kfree(hdr);
++
+ return 0;
+ }
+
--- /dev/null
+From 4b50c8c4eaf06a825d1c005c0b1b4a8307087b83 Mon Sep 17 00:00:00 2001
+From: Masahiro Yamada <masahiroy@kernel.org>
+Date: Sun, 31 May 2020 17:47:06 +0900
+Subject: kbuild: force to build vmlinux if CONFIG_MODVERSION=y
+
+From: Masahiro Yamada <masahiroy@kernel.org>
+
+commit 4b50c8c4eaf06a825d1c005c0b1b4a8307087b83 upstream.
+
+This code does not work as stated in the comment.
+
+$(CONFIG_MODVERSIONS) is always empty because it is expanded before
+include/config/auto.conf is included. Hence, 'make modules' with
+CONFIG_MODVERSION=y cannot record the version CRCs.
+
+This has been broken since 2003, commit ("kbuild: Enable modules to be
+build using the "make dir/" syntax"). [1]
+
+[1]: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=15c6240cdc44bbeef3c4797ec860f9765ef4f1a7
+Cc: linux-stable <stable@vger.kernel.org> # v2.5.71+
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Makefile | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+--- a/Makefile
++++ b/Makefile
+@@ -313,12 +313,8 @@ KBUILD_MODULES :=
+ KBUILD_BUILTIN := 1
+
+ # If we have only "make modules", don't compile built-in objects.
+-# When we're building modules with modversions, we need to consider
+-# the built-in objects during the descend as well, in order to
+-# make sure the checksums are up to date before we record them.
+-
+ ifeq ($(MAKECMDGOALS),modules)
+- KBUILD_BUILTIN := $(if $(CONFIG_MODVERSIONS),1)
++ KBUILD_BUILTIN :=
+ endif
+
+ # If we have "make <whatever> modules", compile modules
+@@ -1156,6 +1152,13 @@ ifdef CONFIG_MODULES
+
+ all: modules
+
++# When we're building modules with modversions, we need to consider
++# the built-in objects during the descend as well, in order to
++# make sure the checksums are up to date before we record them.
++ifdef CONFIG_MODVERSIONS
++ KBUILD_BUILTIN := 1
++endif
++
+ # Build modules
+ #
+ # A module can be listed more than once in obj-m resulting in
--- /dev/null
+From b5945214b76a1f22929481724ffd448000ede914 Mon Sep 17 00:00:00 2001
+From: Douglas Anderson <dianders@chromium.org>
+Date: Mon, 4 May 2020 10:50:17 -0700
+Subject: kernel/cpu_pm: Fix uninitted local in cpu_pm
+
+From: Douglas Anderson <dianders@chromium.org>
+
+commit b5945214b76a1f22929481724ffd448000ede914 upstream.
+
+cpu_pm_notify() is basically a wrapper of notifier_call_chain().
+notifier_call_chain() doesn't initialize *nr_calls to 0 before it
+starts incrementing it--presumably it's up to the callers to do this.
+
+Unfortunately the callers of cpu_pm_notify() don't init *nr_calls.
+This potentially means you could get too many or two few calls to
+CPU_PM_ENTER_FAILED or CPU_CLUSTER_PM_ENTER_FAILED depending on the
+luck of the stack.
+
+Let's fix this.
+
+Fixes: ab10023e0088 ("cpu_pm: Add cpu power management notifiers")
+Cc: stable@vger.kernel.org
+Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Reviewed-by: Stephen Boyd <swboyd@chromium.org>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Douglas Anderson <dianders@chromium.org>
+Link: https://lore.kernel.org/r/20200504104917.v6.3.I2d44fc0053d019f239527a4e5829416714b7e299@changeid
+Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/cpu_pm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/cpu_pm.c
++++ b/kernel/cpu_pm.c
+@@ -97,7 +97,7 @@ EXPORT_SYMBOL_GPL(cpu_pm_unregister_noti
+ */
+ int cpu_pm_enter(void)
+ {
+- int nr_calls;
++ int nr_calls = 0;
+ int ret = 0;
+
+ read_lock(&cpu_pm_notifier_lock);
+@@ -156,7 +156,7 @@ EXPORT_SYMBOL_GPL(cpu_pm_exit);
+ */
+ int cpu_cluster_pm_enter(void)
+ {
+- int nr_calls;
++ int nr_calls = 0;
+ int ret = 0;
+
+ read_lock(&cpu_pm_notifier_lock);
--- /dev/null
+From f354157a7d184db430c1a564c506434e33b1bec5 Mon Sep 17 00:00:00 2001
+From: Jonathan Bakker <xc-racer2@live.ca>
+Date: Sat, 25 Apr 2020 16:10:46 -0700
+Subject: pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
+
+From: Jonathan Bakker <xc-racer2@live.ca>
+
+commit f354157a7d184db430c1a564c506434e33b1bec5 upstream.
+
+Currently, for EINT_TYPE GPIOs, the CON and FLTCON registers
+are saved and restored over a suspend/resume cycle. However, the
+EINT_MASK registers are not.
+
+On S5PV210 at the very least, these registers are not retained over
+suspend, leading to the interrupts remaining masked upon resume and
+therefore no interrupts being triggered for the device. There should
+be no effect on any SoCs that do retain these registers as theoretically
+we would just be re-writing what was already there.
+
+Fixes: 7ccbc60cd9c2 ("pinctrl: exynos: Handle suspend/resume of GPIO EINT registers")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Jonathan Bakker <xc-racer2@live.ca>
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pinctrl/samsung/pinctrl-exynos.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/pinctrl/samsung/pinctrl-exynos.c
++++ b/drivers/pinctrl/samsung/pinctrl-exynos.c
+@@ -288,6 +288,7 @@ struct exynos_eint_gpio_save {
+ u32 eint_con;
+ u32 eint_fltcon0;
+ u32 eint_fltcon1;
++ u32 eint_mask;
+ };
+
+ /*
+@@ -588,10 +589,13 @@ static void exynos_pinctrl_suspend_bank(
+ + 2 * bank->eint_offset);
+ save->eint_fltcon1 = readl(regs + EXYNOS_GPIO_EFLTCON_OFFSET
+ + 2 * bank->eint_offset + 4);
++ save->eint_mask = readl(regs + bank->irq_chip->eint_mask
++ + bank->eint_offset);
+
+ pr_debug("%s: save con %#010x\n", bank->name, save->eint_con);
+ pr_debug("%s: save fltcon0 %#010x\n", bank->name, save->eint_fltcon0);
+ pr_debug("%s: save fltcon1 %#010x\n", bank->name, save->eint_fltcon1);
++ pr_debug("%s: save mask %#010x\n", bank->name, save->eint_mask);
+ }
+
+ static void exynos_pinctrl_suspend(struct samsung_pinctrl_drv_data *drvdata)
+@@ -620,6 +624,9 @@ static void exynos_pinctrl_resume_bank(
+ pr_debug("%s: fltcon1 %#010x => %#010x\n", bank->name,
+ readl(regs + EXYNOS_GPIO_EFLTCON_OFFSET
+ + 2 * bank->eint_offset + 4), save->eint_fltcon1);
++ pr_debug("%s: mask %#010x => %#010x\n", bank->name,
++ readl(regs + bank->irq_chip->eint_mask
++ + bank->eint_offset), save->eint_mask);
+
+ writel(save->eint_con, regs + EXYNOS_GPIO_ECON_OFFSET
+ + bank->eint_offset);
+@@ -627,6 +634,8 @@ static void exynos_pinctrl_resume_bank(
+ + 2 * bank->eint_offset);
+ writel(save->eint_fltcon1, regs + EXYNOS_GPIO_EFLTCON_OFFSET
+ + 2 * bank->eint_offset + 4);
++ writel(save->eint_mask, regs + bank->irq_chip->eint_mask
++ + bank->eint_offset);
+ }
+
+ static void exynos_pinctrl_resume(struct samsung_pinctrl_drv_data *drvdata)
--- /dev/null
+From 73174acc9c75960af2daa7dcbdb9781fc0d135cb Mon Sep 17 00:00:00 2001
+From: Anders Roxell <anders.roxell@linaro.org>
+Date: Wed, 27 May 2020 13:26:04 +0200
+Subject: power: vexpress: add suppress_bind_attrs to true
+
+From: Anders Roxell <anders.roxell@linaro.org>
+
+commit 73174acc9c75960af2daa7dcbdb9781fc0d135cb upstream.
+
+Make sure that the POWER_RESET_VEXPRESS driver won't have bind/unbind
+attributes available via the sysfs, so lets be explicit here and use
+".suppress_bind_attrs = true" to prevent userspace from doing something
+silly.
+
+Link: https://lore.kernel.org/r/20200527112608.3886105-2-anders.roxell@linaro.org
+Cc: stable@vger.kernel.org
+Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/power/reset/vexpress-poweroff.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/power/reset/vexpress-poweroff.c
++++ b/drivers/power/reset/vexpress-poweroff.c
+@@ -150,6 +150,7 @@ static struct platform_driver vexpress_r
+ .driver = {
+ .name = "vexpress-reset",
+ .of_match_table = vexpress_reset_of_match,
++ .suppress_bind_attrs = true,
+ },
+ };
+
b43-fix-connection-problem-with-wpa3.patch
b43_legacy-fix-connection-problem-with-wpa3.patch
igb-report-speed-and-duplex-as-unknown-when-device-is-runtime-suspended.patch
+power-vexpress-add-suppress_bind_attrs-to-true.patch
+pinctrl-samsung-save-restore-eint_mask-over-suspend-for-eint_type-gpios.patch
+sparc32-fix-register-window-handling-in-genregs32_et.patch
+kernel-cpu_pm-fix-uninitted-local-in-cpu_pm.patch
+arm-tegra-correct-pl310-auxiliary-control-register-initialization.patch
+drivers-macintosh-fix-memleak-in-windfarm_pm112-driver.patch
+kbuild-force-to-build-vmlinux-if-config_modversion-y.patch
+sunrpc-svcauth_gss_register_pseudoflavor-must-reject-duplicate-registrations.patch
+sunrpc-clean-up-properly-in-gss_mech_unregister.patch
+w1-omap-hdq-cleanup-to-add-missing-newline-for-some-dev_dbg.patch
--- /dev/null
+From cf51e129b96847f969bfb8af1ee1516a01a70b39 Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Sun, 17 May 2020 12:20:40 -0400
+Subject: sparc32: fix register window handling in genregs32_[gs]et()
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit cf51e129b96847f969bfb8af1ee1516a01a70b39 upstream.
+
+It needs access_process_vm() if the traced process does not share
+mm with the caller. Solution is similar to what sparc64 does.
+Note that genregs32_set() is only ever called with pos being 0
+or 32 * sizeof(u32) (the latter - as part of PTRACE_SETREGS
+handling).
+
+Cc: stable@kernel.org
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/sparc/kernel/ptrace_32.c | 230 ++++++++++++++++++------------------------
+ 1 file changed, 99 insertions(+), 131 deletions(-)
+
+--- a/arch/sparc/kernel/ptrace_32.c
++++ b/arch/sparc/kernel/ptrace_32.c
+@@ -45,82 +45,79 @@ enum sparc_regset {
+ REGSET_FP,
+ };
+
++static int regwindow32_get(struct task_struct *target,
++ const struct pt_regs *regs,
++ u32 *uregs)
++{
++ unsigned long reg_window = regs->u_regs[UREG_I6];
++ int size = 16 * sizeof(u32);
++
++ if (target == current) {
++ if (copy_from_user(uregs, (void __user *)reg_window, size))
++ return -EFAULT;
++ } else {
++ if (access_process_vm(target, reg_window, uregs, size,
++ FOLL_FORCE) != size)
++ return -EFAULT;
++ }
++ return 0;
++}
++
++static int regwindow32_set(struct task_struct *target,
++ const struct pt_regs *regs,
++ u32 *uregs)
++{
++ unsigned long reg_window = regs->u_regs[UREG_I6];
++ int size = 16 * sizeof(u32);
++
++ if (target == current) {
++ if (copy_to_user((void __user *)reg_window, uregs, size))
++ return -EFAULT;
++ } else {
++ if (access_process_vm(target, reg_window, uregs, size,
++ FOLL_FORCE | FOLL_WRITE) != size)
++ return -EFAULT;
++ }
++ return 0;
++}
++
+ static int genregs32_get(struct task_struct *target,
+ const struct user_regset *regset,
+ unsigned int pos, unsigned int count,
+ void *kbuf, void __user *ubuf)
+ {
+ const struct pt_regs *regs = target->thread.kregs;
+- unsigned long __user *reg_window;
+- unsigned long *k = kbuf;
+- unsigned long __user *u = ubuf;
+- unsigned long reg;
++ u32 uregs[16];
++ int ret;
+
+ if (target == current)
+ flush_user_windows();
+
+- pos /= sizeof(reg);
+- count /= sizeof(reg);
++ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
++ regs->u_regs,
++ 0, 16 * sizeof(u32));
++ if (ret || !count)
++ return ret;
+
+- if (kbuf) {
+- for (; count > 0 && pos < 16; count--)
+- *k++ = regs->u_regs[pos++];
+-
+- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6];
+- reg_window -= 16;
+- for (; count > 0 && pos < 32; count--) {
+- if (get_user(*k++, ®_window[pos++]))
+- return -EFAULT;
+- }
+- } else {
+- for (; count > 0 && pos < 16; count--) {
+- if (put_user(regs->u_regs[pos++], u++))
+- return -EFAULT;
+- }
+-
+- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6];
+- reg_window -= 16;
+- for (; count > 0 && pos < 32; count--) {
+- if (get_user(reg, ®_window[pos++]) ||
+- put_user(reg, u++))
+- return -EFAULT;
+- }
+- }
+- while (count > 0) {
+- switch (pos) {
+- case 32: /* PSR */
+- reg = regs->psr;
+- break;
+- case 33: /* PC */
+- reg = regs->pc;
+- break;
+- case 34: /* NPC */
+- reg = regs->npc;
+- break;
+- case 35: /* Y */
+- reg = regs->y;
+- break;
+- case 36: /* WIM */
+- case 37: /* TBR */
+- reg = 0;
+- break;
+- default:
+- goto finish;
+- }
+-
+- if (kbuf)
+- *k++ = reg;
+- else if (put_user(reg, u++))
++ if (pos < 32 * sizeof(u32)) {
++ if (regwindow32_get(target, regs, uregs))
+ return -EFAULT;
+- pos++;
+- count--;
++ ret = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
++ uregs,
++ 16 * sizeof(u32), 32 * sizeof(u32));
++ if (ret || !count)
++ return ret;
+ }
+-finish:
+- pos *= sizeof(reg);
+- count *= sizeof(reg);
+
+- return user_regset_copyout_zero(&pos, &count, &kbuf, &ubuf,
+- 38 * sizeof(reg), -1);
++ uregs[0] = regs->psr;
++ uregs[1] = regs->pc;
++ uregs[2] = regs->npc;
++ uregs[3] = regs->y;
++ uregs[4] = 0; /* WIM */
++ uregs[5] = 0; /* TBR */
++ return user_regset_copyout(&pos, &count, &kbuf, &ubuf,
++ uregs,
++ 32 * sizeof(u32), 38 * sizeof(u32));
+ }
+
+ static int genregs32_set(struct task_struct *target,
+@@ -129,82 +126,53 @@ static int genregs32_set(struct task_str
+ const void *kbuf, const void __user *ubuf)
+ {
+ struct pt_regs *regs = target->thread.kregs;
+- unsigned long __user *reg_window;
+- const unsigned long *k = kbuf;
+- const unsigned long __user *u = ubuf;
+- unsigned long reg;
++ u32 uregs[16];
++ u32 psr;
++ int ret;
+
+ if (target == current)
+ flush_user_windows();
+
+- pos /= sizeof(reg);
+- count /= sizeof(reg);
+-
+- if (kbuf) {
+- for (; count > 0 && pos < 16; count--)
+- regs->u_regs[pos++] = *k++;
+-
+- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6];
+- reg_window -= 16;
+- for (; count > 0 && pos < 32; count--) {
+- if (put_user(*k++, ®_window[pos++]))
+- return -EFAULT;
+- }
+- } else {
+- for (; count > 0 && pos < 16; count--) {
+- if (get_user(reg, u++))
+- return -EFAULT;
+- regs->u_regs[pos++] = reg;
+- }
+-
+- reg_window = (unsigned long __user *) regs->u_regs[UREG_I6];
+- reg_window -= 16;
+- for (; count > 0 && pos < 32; count--) {
+- if (get_user(reg, u++) ||
+- put_user(reg, ®_window[pos++]))
+- return -EFAULT;
+- }
+- }
+- while (count > 0) {
+- unsigned long psr;
+-
+- if (kbuf)
+- reg = *k++;
+- else if (get_user(reg, u++))
+- return -EFAULT;
+-
+- switch (pos) {
+- case 32: /* PSR */
+- psr = regs->psr;
+- psr &= ~(PSR_ICC | PSR_SYSCALL);
+- psr |= (reg & (PSR_ICC | PSR_SYSCALL));
+- regs->psr = psr;
+- break;
+- case 33: /* PC */
+- regs->pc = reg;
+- break;
+- case 34: /* NPC */
+- regs->npc = reg;
+- break;
+- case 35: /* Y */
+- regs->y = reg;
+- break;
+- case 36: /* WIM */
+- case 37: /* TBR */
+- break;
+- default:
+- goto finish;
+- }
++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
++ regs->u_regs,
++ 0, 16 * sizeof(u32));
++ if (ret || !count)
++ return ret;
+
+- pos++;
+- count--;
++ if (pos < 32 * sizeof(u32)) {
++ if (regwindow32_get(target, regs, uregs))
++ return -EFAULT;
++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
++ uregs,
++ 16 * sizeof(u32), 32 * sizeof(u32));
++ if (ret)
++ return ret;
++ if (regwindow32_set(target, regs, uregs))
++ return -EFAULT;
++ if (!count)
++ return 0;
+ }
+-finish:
+- pos *= sizeof(reg);
+- count *= sizeof(reg);
+-
++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
++ &psr,
++ 32 * sizeof(u32), 33 * sizeof(u32));
++ if (ret)
++ return ret;
++ regs->psr = (regs->psr & ~(PSR_ICC | PSR_SYSCALL)) |
++ (psr & (PSR_ICC | PSR_SYSCALL));
++ if (!count)
++ return 0;
++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
++ ®s->pc,
++ 33 * sizeof(u32), 34 * sizeof(u32));
++ if (ret || !count)
++ return ret;
++ ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf,
++ ®s->y,
++ 34 * sizeof(u32), 35 * sizeof(u32));
++ if (ret || !count)
++ return ret;
+ return user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
+- 38 * sizeof(reg), -1);
++ 35 * sizeof(u32), 38 * sizeof(u32));
+ }
+
+ static int fpregs32_get(struct task_struct *target,
--- /dev/null
+From 24c5efe41c29ee3e55bcf5a1c9f61ca8709622e8 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Fri, 22 May 2020 12:01:33 +1000
+Subject: sunrpc: clean up properly in gss_mech_unregister()
+
+From: NeilBrown <neilb@suse.de>
+
+commit 24c5efe41c29ee3e55bcf5a1c9f61ca8709622e8 upstream.
+
+gss_mech_register() calls svcauth_gss_register_pseudoflavor() for each
+flavour, but gss_mech_unregister() does not call auth_domain_put().
+This is unbalanced and makes it impossible to reload the module.
+
+Change svcauth_gss_register_pseudoflavor() to return the registered
+auth_domain, and save it for later release.
+
+Cc: stable@vger.kernel.org (v2.6.12+)
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/sunrpc/gss_api.h | 1 +
+ include/linux/sunrpc/svcauth_gss.h | 3 ++-
+ net/sunrpc/auth_gss/gss_mech_switch.c | 12 +++++++++---
+ net/sunrpc/auth_gss/svcauth_gss.c | 12 ++++++------
+ 4 files changed, 18 insertions(+), 10 deletions(-)
+
+--- a/include/linux/sunrpc/gss_api.h
++++ b/include/linux/sunrpc/gss_api.h
+@@ -81,6 +81,7 @@ struct pf_desc {
+ u32 service;
+ char *name;
+ char *auth_domain_name;
++ struct auth_domain *domain;
+ };
+
+ /* Different mechanisms (e.g., krb5 or spkm3) may implement gss-api, and
+--- a/include/linux/sunrpc/svcauth_gss.h
++++ b/include/linux/sunrpc/svcauth_gss.h
+@@ -20,7 +20,8 @@ int gss_svc_init(void);
+ void gss_svc_shutdown(void);
+ int gss_svc_init_net(struct net *net);
+ void gss_svc_shutdown_net(struct net *net);
+-int svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name);
++struct auth_domain *svcauth_gss_register_pseudoflavor(u32 pseudoflavor,
++ char *name);
+ u32 svcauth_gss_flavor(struct auth_domain *dom);
+
+ #endif /* __KERNEL__ */
+--- a/net/sunrpc/auth_gss/gss_mech_switch.c
++++ b/net/sunrpc/auth_gss/gss_mech_switch.c
+@@ -61,6 +61,8 @@ gss_mech_free(struct gss_api_mech *gm)
+
+ for (i = 0; i < gm->gm_pf_num; i++) {
+ pf = &gm->gm_pfs[i];
++ if (pf->domain)
++ auth_domain_put(pf->domain);
+ kfree(pf->auth_domain_name);
+ pf->auth_domain_name = NULL;
+ }
+@@ -83,6 +85,7 @@ make_auth_domain_name(char *name)
+ static int
+ gss_mech_svc_setup(struct gss_api_mech *gm)
+ {
++ struct auth_domain *dom;
+ struct pf_desc *pf;
+ int i, status;
+
+@@ -92,10 +95,13 @@ gss_mech_svc_setup(struct gss_api_mech *
+ status = -ENOMEM;
+ if (pf->auth_domain_name == NULL)
+ goto out;
+- status = svcauth_gss_register_pseudoflavor(pf->pseudoflavor,
+- pf->auth_domain_name);
+- if (status)
++ dom = svcauth_gss_register_pseudoflavor(
++ pf->pseudoflavor, pf->auth_domain_name);
++ if (IS_ERR(dom)) {
++ status = PTR_ERR(dom);
+ goto out;
++ }
++ pf->domain = dom;
+ }
+ return 0;
+ out:
+--- a/net/sunrpc/auth_gss/svcauth_gss.c
++++ b/net/sunrpc/auth_gss/svcauth_gss.c
+@@ -772,7 +772,7 @@ u32 svcauth_gss_flavor(struct auth_domai
+
+ EXPORT_SYMBOL_GPL(svcauth_gss_flavor);
+
+-int
++struct auth_domain *
+ svcauth_gss_register_pseudoflavor(u32 pseudoflavor, char * name)
+ {
+ struct gss_domain *new;
+@@ -795,17 +795,17 @@ svcauth_gss_register_pseudoflavor(u32 ps
+ name);
+ stat = -EADDRINUSE;
+ auth_domain_put(test);
+- kfree(new->h.name);
+- goto out_free_dom;
++ goto out_free_name;
+ }
+- return 0;
++ return test;
+
++out_free_name:
++ kfree(new->h.name);
+ out_free_dom:
+ kfree(new);
+ out:
+- return stat;
++ return ERR_PTR(stat);
+ }
+-
+ EXPORT_SYMBOL_GPL(svcauth_gss_register_pseudoflavor);
+
+ static inline int
--- /dev/null
+From d47a5dc2888fd1b94adf1553068b8dad76cec96c Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Fri, 22 May 2020 12:01:33 +1000
+Subject: sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
+
+From: NeilBrown <neilb@suse.de>
+
+commit d47a5dc2888fd1b94adf1553068b8dad76cec96c upstream.
+
+There is no valid case for supporting duplicate pseudoflavor
+registrations.
+Currently the silent acceptance of such registrations is hiding a bug.
+The rpcsec_gss_krb5 module registers 2 flavours but does not unregister
+them, so if you load, unload, reload the module, it will happily
+continue to use the old registration which now has pointers to the
+memory were the module was originally loaded. This could lead to
+unexpected results.
+
+So disallow duplicate registrations.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651
+Cc: stable@vger.kernel.org (v2.6.12+)
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/auth_gss/svcauth_gss.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/net/sunrpc/auth_gss/svcauth_gss.c
++++ b/net/sunrpc/auth_gss/svcauth_gss.c
+@@ -789,9 +789,11 @@ svcauth_gss_register_pseudoflavor(u32 ps
+ new->h.flavour = &svcauthops_gss;
+ new->pseudoflavor = pseudoflavor;
+
+- stat = 0;
+ test = auth_domain_lookup(name, &new->h);
+- if (test != &new->h) { /* Duplicate registration */
++ if (test != &new->h) {
++ pr_warn("svc: duplicate registration of gss pseudo flavour %s.\n",
++ name);
++ stat = -EADDRINUSE;
+ auth_domain_put(test);
+ kfree(new->h.name);
+ goto out_free_dom;
--- /dev/null
+From 5e02f3b31704e24537697bce54f8156bdb72b7a6 Mon Sep 17 00:00:00 2001
+From: "H. Nikolaus Schaller" <hns@goldelico.com>
+Date: Sat, 23 May 2020 19:32:54 +0200
+Subject: w1: omap-hdq: cleanup to add missing newline for some dev_dbg
+
+From: H. Nikolaus Schaller <hns@goldelico.com>
+
+commit 5e02f3b31704e24537697bce54f8156bdb72b7a6 upstream.
+
+Otherwise it will corrupt the console log during debugging.
+
+Fixes: 7b5362a603a1 ("w1: omap_hdq: Fix some error/debug handling.")
+Cc: stable@vger.kernel.org
+Acked-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
+Link: https://lore.kernel.org/r/cd0d55749a091214106575f6e1d363c6db56622f.1590255176.git.hns@goldelico.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/w1/masters/omap_hdq.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/drivers/w1/masters/omap_hdq.c
++++ b/drivers/w1/masters/omap_hdq.c
+@@ -204,7 +204,7 @@ static int hdq_write_byte(struct hdq_dat
+ /* check irqstatus */
+ if (!(*status & OMAP_HDQ_INT_STATUS_TXCOMPLETE)) {
+ dev_dbg(hdq_data->dev, "timeout waiting for"
+- " TXCOMPLETE/RXCOMPLETE, %x", *status);
++ " TXCOMPLETE/RXCOMPLETE, %x\n", *status);
+ ret = -ETIMEDOUT;
+ goto out;
+ }
+@@ -215,7 +215,7 @@ static int hdq_write_byte(struct hdq_dat
+ OMAP_HDQ_FLAG_CLEAR, &tmp_status);
+ if (ret) {
+ dev_dbg(hdq_data->dev, "timeout waiting GO bit"
+- " return to zero, %x", tmp_status);
++ " return to zero, %x\n", tmp_status);
+ }
+
+ out:
+@@ -231,7 +231,7 @@ static irqreturn_t hdq_isr(int irq, void
+ spin_lock_irqsave(&hdq_data->hdq_spinlock, irqflags);
+ hdq_data->hdq_irqstatus = hdq_reg_in(hdq_data, OMAP_HDQ_INT_STATUS);
+ spin_unlock_irqrestore(&hdq_data->hdq_spinlock, irqflags);
+- dev_dbg(hdq_data->dev, "hdq_isr: %x", hdq_data->hdq_irqstatus);
++ dev_dbg(hdq_data->dev, "hdq_isr: %x\n", hdq_data->hdq_irqstatus);
+
+ if (hdq_data->hdq_irqstatus &
+ (OMAP_HDQ_INT_STATUS_TXCOMPLETE | OMAP_HDQ_INT_STATUS_RXCOMPLETE
+@@ -339,7 +339,7 @@ static int omap_hdq_break(struct hdq_dat
+ tmp_status = hdq_data->hdq_irqstatus;
+ /* check irqstatus */
+ if (!(tmp_status & OMAP_HDQ_INT_STATUS_TIMEOUT)) {
+- dev_dbg(hdq_data->dev, "timeout waiting for TIMEOUT, %x",
++ dev_dbg(hdq_data->dev, "timeout waiting for TIMEOUT, %x\n",
+ tmp_status);
+ ret = -ETIMEDOUT;
+ goto out;
+@@ -366,7 +366,7 @@ static int omap_hdq_break(struct hdq_dat
+ &tmp_status);
+ if (ret)
+ dev_dbg(hdq_data->dev, "timeout waiting INIT&GO bits"
+- " return to zero, %x", tmp_status);
++ " return to zero, %x\n", tmp_status);
+
+ out:
+ mutex_unlock(&hdq_data->hdq_mutex);
projects / thirdparty / kernel / stable-queue.git / commitdiff
