--- /dev/null
+From 5a22747b76ca2384057d8e783265404439d31d7f Mon Sep 17 00:00:00 2001
+From: Koen Vandeputte <koen.vandeputte@citymesh.com>
+Date: Thu, 7 Jan 2021 10:19:06 +0100
+Subject: ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
+
+From: Koen Vandeputte <koen.vandeputte@citymesh.com>
+
+commit 5a22747b76ca2384057d8e783265404439d31d7f upstream.
+
+2 regulator descriptions carry identical naming.
+
+This leads to following boot warning:
+[ 0.173138] debugfs: Directory 'vdd1p8' with parent 'regulator' already present!
+
+Fix this by renaming the one used for audio.
+
+Fixes: 5051bff33102 ("ARM: dts: imx: ventana: add LTC3676 PMIC support")
+Signed-off-by: Tim Harvey <tharvey@gateworks.com>
+Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
+Cc: stable@vger.kernel.org # v4.11
+Signed-off-by: Shawn Guo <shawnguo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/boot/dts/imx6qdl-gw52xx.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/imx6qdl-gw52xx.dtsi
++++ b/arch/arm/boot/dts/imx6qdl-gw52xx.dtsi
+@@ -273,7 +273,7 @@
+
+ /* VDD_AUD_1P8: Audio codec */
+ reg_aud_1p8v: ldo3 {
+- regulator-name = "vdd1p8";
++ regulator-name = "vdd1p8a";
+ regulator-min-microvolt = <1800000>;
+ regulator-max-microvolt = <1800000>;
+ regulator-boot-on;
--- /dev/null
+From 896111dc4bcf887b835b3ef54f48b450d4692a1d Mon Sep 17 00:00:00 2001
+From: Sean Young <sean@mess.org>
+Date: Sun, 20 Dec 2020 13:29:54 +0100
+Subject: media: rc: ensure that uevent can be read directly after rc device register
+
+From: Sean Young <sean@mess.org>
+
+commit 896111dc4bcf887b835b3ef54f48b450d4692a1d upstream.
+
+There is a race condition where if the /sys/class/rc0/uevent file is read
+before rc_dev->registered is set to true, -ENODEV will be returned.
+
+Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1901089
+
+Cc: stable@vger.kernel.org
+Fixes: a2e2d73fa281 ("media: rc: do not access device via sysfs after rc_unregister_device()")
+Signed-off-by: Sean Young <sean@mess.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/rc/rc-main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/media/rc/rc-main.c
++++ b/drivers/media/rc/rc-main.c
+@@ -1892,6 +1892,8 @@ int rc_register_device(struct rc_dev *de
+ goto out_raw;
+ }
+
++ dev->registered = true;
++
+ rc = device_add(&dev->dev);
+ if (rc)
+ goto out_rx_free;
+@@ -1901,8 +1903,6 @@ int rc_register_device(struct rc_dev *de
+ dev->device_name ?: "Unspecified device", path ?: "N/A");
+ kfree(path);
+
+- dev->registered = true;
+-
+ /*
+ * once the the input device is registered in rc_setup_rx_device,
+ * userspace can open the input device and rc_open() will be called
--- /dev/null
+From 7e0e63d09516e96994c879f07c5a3c3269d7015e Mon Sep 17 00:00:00 2001
+From: Giacinto Cifelli <gciofono@gmail.com>
+Date: Wed, 20 Jan 2021 05:56:50 +0100
+Subject: net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Giacinto Cifelli <gciofono@gmail.com>
+
+commit 7e0e63d09516e96994c879f07c5a3c3269d7015e upstream.
+
+Bus 003 Device 009: ID 1e2d:006f
+Device Descriptor:
+ bLength 18
+ bDescriptorType 1
+ bcdUSB 2.00
+ bDeviceClass 239 Miscellaneous Device
+ bDeviceSubClass 2 ?
+ bDeviceProtocol 1 Interface Association
+ bMaxPacketSize0 64
+ idVendor 0x1e2d
+ idProduct 0x006f
+ bcdDevice 0.00
+ iManufacturer 3 Cinterion Wireless Modules
+ iProduct 2 PLSx3
+ iSerial 4 fa3c1419
+ bNumConfigurations 1
+ Configuration Descriptor:
+ bLength 9
+ bDescriptorType 2
+ wTotalLength 303
+ bNumInterfaces 9
+ bConfigurationValue 1
+ iConfiguration 1 Cinterion Configuration
+ bmAttributes 0xe0
+ Self Powered
+ Remote Wakeup
+ MaxPower 500mA
+ Interface Association:
+ bLength 8
+ bDescriptorType 11
+ bFirstInterface 0
+ bInterfaceCount 2
+ bFunctionClass 2 Communications
+ bFunctionSubClass 2 Abstract (modem)
+ bFunctionProtocol 1 AT-commands (v.25ter)
+ iFunction 0
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 0
+ bAlternateSetting 0
+ bNumEndpoints 1
+ bInterfaceClass 2 Communications
+ bInterfaceSubClass 2 Abstract (modem)
+ bInterfaceProtocol 1 AT-commands (v.25ter)
+ iInterface 0
+ CDC Header:
+ bcdCDC 1.10
+ CDC ACM:
+ bmCapabilities 0x02
+ line coding and serial state
+ CDC Call Management:
+ bmCapabilities 0x03
+ call management
+ use DataInterface
+ bDataInterface 1
+ CDC Union:
+ bMasterInterface 0
+ bSlaveInterface 1
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x81 EP 1 IN
+ bmAttributes 3
+ Transfer Type Interrupt
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0040 1x 64 bytes
+ bInterval 5
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 1
+ bAlternateSetting 0
+ bNumEndpoints 2
+ bInterfaceClass 10 CDC Data
+ bInterfaceSubClass 0 Unused
+ bInterfaceProtocol 0
+ iInterface 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x82 EP 2 IN
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x01 EP 1 OUT
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Interface Association:
+ bLength 8
+ bDescriptorType 11
+ bFirstInterface 2
+ bInterfaceCount 2
+ bFunctionClass 2 Communications
+ bFunctionSubClass 2 Abstract (modem)
+ bFunctionProtocol 1 AT-commands (v.25ter)
+ iFunction 0
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 2
+ bAlternateSetting 0
+ bNumEndpoints 1
+ bInterfaceClass 2 Communications
+ bInterfaceSubClass 2 Abstract (modem)
+ bInterfaceProtocol 1 AT-commands (v.25ter)
+ iInterface 0
+ CDC Header:
+ bcdCDC 1.10
+ CDC ACM:
+ bmCapabilities 0x02
+ line coding and serial state
+ CDC Call Management:
+ bmCapabilities 0x03
+ call management
+ use DataInterface
+ bDataInterface 3
+ CDC Union:
+ bMasterInterface 2
+ bSlaveInterface 3
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x83 EP 3 IN
+ bmAttributes 3
+ Transfer Type Interrupt
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0040 1x 64 bytes
+ bInterval 5
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 3
+ bAlternateSetting 0
+ bNumEndpoints 2
+ bInterfaceClass 10 CDC Data
+ bInterfaceSubClass 0 Unused
+ bInterfaceProtocol 0
+ iInterface 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x84 EP 4 IN
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x02 EP 2 OUT
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Interface Association:
+ bLength 8
+ bDescriptorType 11
+ bFirstInterface 4
+ bInterfaceCount 2
+ bFunctionClass 2 Communications
+ bFunctionSubClass 2 Abstract (modem)
+ bFunctionProtocol 1 AT-commands (v.25ter)
+ iFunction 0
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 4
+ bAlternateSetting 0
+ bNumEndpoints 1
+ bInterfaceClass 2 Communications
+ bInterfaceSubClass 2 Abstract (modem)
+ bInterfaceProtocol 1 AT-commands (v.25ter)
+ iInterface 0
+ CDC Header:
+ bcdCDC 1.10
+ CDC ACM:
+ bmCapabilities 0x02
+ line coding and serial state
+ CDC Call Management:
+ bmCapabilities 0x03
+ call management
+ use DataInterface
+ bDataInterface 5
+ CDC Union:
+ bMasterInterface 4
+ bSlaveInterface 5
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x85 EP 5 IN
+ bmAttributes 3
+ Transfer Type Interrupt
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0040 1x 64 bytes
+ bInterval 5
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 5
+ bAlternateSetting 0
+ bNumEndpoints 2
+ bInterfaceClass 10 CDC Data
+ bInterfaceSubClass 0 Unused
+ bInterfaceProtocol 0
+ iInterface 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x86 EP 6 IN
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x03 EP 3 OUT
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Interface Association:
+ bLength 8
+ bDescriptorType 11
+ bFirstInterface 6
+ bInterfaceCount 2
+ bFunctionClass 2 Communications
+ bFunctionSubClass 2 Abstract (modem)
+ bFunctionProtocol 1 AT-commands (v.25ter)
+ iFunction 0
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 6
+ bAlternateSetting 0
+ bNumEndpoints 1
+ bInterfaceClass 2 Communications
+ bInterfaceSubClass 2 Abstract (modem)
+ bInterfaceProtocol 1 AT-commands (v.25ter)
+ iInterface 0
+ CDC Header:
+ bcdCDC 1.10
+ CDC ACM:
+ bmCapabilities 0x02
+ line coding and serial state
+ CDC Call Management:
+ bmCapabilities 0x03
+ call management
+ use DataInterface
+ bDataInterface 7
+ CDC Union:
+ bMasterInterface 6
+ bSlaveInterface 7
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x87 EP 7 IN
+ bmAttributes 3
+ Transfer Type Interrupt
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0040 1x 64 bytes
+ bInterval 5
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 7
+ bAlternateSetting 0
+ bNumEndpoints 2
+ bInterfaceClass 10 CDC Data
+ bInterfaceSubClass 0 Unused
+ bInterfaceProtocol 0
+ iInterface 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x88 EP 8 IN
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x04 EP 4 OUT
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 8
+ bAlternateSetting 0
+ bNumEndpoints 3
+ bInterfaceClass 255 Vendor Specific Class
+ bInterfaceSubClass 255 Vendor Specific Subclass
+ bInterfaceProtocol 255 Vendor Specific Protocol
+ iInterface 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x89 EP 9 IN
+ bmAttributes 3
+ Transfer Type Interrupt
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0040 1x 64 bytes
+ bInterval 5
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x8a EP 10 IN
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+ Endpoint Descriptor:
+ bLength 7
+ bDescriptorType 5
+ bEndpointAddress 0x05 EP 5 OUT
+ bmAttributes 2
+ Transfer Type Bulk
+ Synch Type None
+ Usage Type Data
+ wMaxPacketSize 0x0200 1x 512 bytes
+ bInterval 0
+Device Qualifier (for other device speed):
+ bLength 10
+ bDescriptorType 6
+ bcdUSB 2.00
+ bDeviceClass 239 Miscellaneous Device
+ bDeviceSubClass 2 ?
+ bDeviceProtocol 1 Interface Association
+ bMaxPacketSize0 64
+ bNumConfigurations 1
+Device Status: 0x0000
+ (Bus Powered)
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Giacinto Cifelli <gciofono@gmail.com>
+Acked-by: Bjørn Mork <bjorn@mork.no>
+Link: https://lore.kernel.org/r/20210120045650.10855-1-gciofono@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/usb/qmi_wwan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1347,6 +1347,7 @@ static const struct usb_device_id produc
+ {QMI_FIXED_INTF(0x0b3c, 0xc00a, 6)}, /* Olivetti Olicard 160 */
+ {QMI_FIXED_INTF(0x0b3c, 0xc00b, 4)}, /* Olivetti Olicard 500 */
+ {QMI_FIXED_INTF(0x1e2d, 0x0060, 4)}, /* Cinterion PLxx */
++ {QMI_QUIRK_SET_DTR(0x1e2d, 0x006f, 8)}, /* Cinterion PLS83/PLS63 */
+ {QMI_FIXED_INTF(0x1e2d, 0x0053, 4)}, /* Cinterion PHxx,PXxx */
+ {QMI_FIXED_INTF(0x1e2d, 0x0063, 10)}, /* Cinterion ALASxx (1 RmNet) */
+ {QMI_FIXED_INTF(0x1e2d, 0x0082, 4)}, /* Cinterion PHxx,PXxx (2 RmNet) */
--- /dev/null
+From fef9c8d28e28a808274a18fbd8cc2685817fd62a Mon Sep 17 00:00:00 2001
+From: Laurent Badel <laurentbadel@eaton.com>
+Date: Fri, 22 Jan 2021 17:19:41 +0100
+Subject: PM: hibernate: flush swap writer after marking
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Laurent Badel <laurentbadel@eaton.com>
+
+commit fef9c8d28e28a808274a18fbd8cc2685817fd62a upstream.
+
+Flush the swap writer after, not before, marking the files, to ensure the
+signature is properly written.
+
+Fixes: 6f612af57821 ("PM / Hibernate: Group swap ops")
+Signed-off-by: Laurent Badel <laurentbadel@eaton.com>
+Cc: All applicable <stable@vger.kernel.org>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/power/swap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/power/swap.c
++++ b/kernel/power/swap.c
+@@ -489,10 +489,10 @@ static int swap_writer_finish(struct swa
+ unsigned int flags, int error)
+ {
+ if (!error) {
+- flush_swap_writer(handle);
+ pr_info("S");
+ error = mark_swapfiles(handle, flags);
+ pr_cont("|\n");
++ flush_swap_writer(handle);
+ }
+
+ if (error)
--- /dev/null
+From f21916ec4826766463fe9fb55a5f43d2a365811d Mon Sep 17 00:00:00 2001
+From: Tony Krowiak <akrowiak@linux.ibm.com>
+Date: Tue, 22 Dec 2020 20:20:13 -0500
+Subject: s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated
+
+From: Tony Krowiak <akrowiak@linux.ibm.com>
+
+commit f21916ec4826766463fe9fb55a5f43d2a365811d upstream.
+
+The vfio_ap device driver registers a group notifier with VFIO when the
+file descriptor for a VFIO mediated device for a KVM guest is opened to
+receive notification that the KVM pointer is set (VFIO_GROUP_NOTIFY_SET_KVM
+event). When the KVM pointer is set, the vfio_ap driver takes the
+following actions:
+1. Stashes the KVM pointer in the vfio_ap_mdev struct that holds the state
+ of the mediated device.
+2. Calls the kvm_get_kvm() function to increment its reference counter.
+3. Sets the function pointer to the function that handles interception of
+ the instruction that enables/disables interrupt processing.
+4. Sets the masks in the KVM guest's CRYCB to pass AP resources through to
+ the guest.
+
+In order to avoid memory leaks, when the notifier is called to receive
+notification that the KVM pointer has been set to NULL, the vfio_ap device
+driver should reverse the actions taken when the KVM pointer was set.
+
+Fixes: 258287c994de ("s390: vfio-ap: implement mediated device open callback")
+Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
+Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
+Reviewed-by: Cornelia Huck <cohuck@redhat.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20201223012013.5418-1-akrowiak@linux.ibm.com
+Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/s390/crypto/vfio_ap_ops.c | 49 +++++++++++++++++++++-----------------
+ 1 file changed, 28 insertions(+), 21 deletions(-)
+
+--- a/drivers/s390/crypto/vfio_ap_ops.c
++++ b/drivers/s390/crypto/vfio_ap_ops.c
+@@ -1038,19 +1038,14 @@ static int vfio_ap_mdev_set_kvm(struct a
+ {
+ struct ap_matrix_mdev *m;
+
+- mutex_lock(&matrix_dev->lock);
+-
+ list_for_each_entry(m, &matrix_dev->mdev_list, node) {
+- if ((m != matrix_mdev) && (m->kvm == kvm)) {
+- mutex_unlock(&matrix_dev->lock);
++ if ((m != matrix_mdev) && (m->kvm == kvm))
+ return -EPERM;
+- }
+ }
+
+ matrix_mdev->kvm = kvm;
+ kvm_get_kvm(kvm);
+ kvm->arch.crypto.pqap_hook = &matrix_mdev->pqap_hook;
+- mutex_unlock(&matrix_dev->lock);
+
+ return 0;
+ }
+@@ -1084,35 +1079,52 @@ static int vfio_ap_mdev_iommu_notifier(s
+ return NOTIFY_DONE;
+ }
+
++static void vfio_ap_mdev_unset_kvm(struct ap_matrix_mdev *matrix_mdev)
++{
++ kvm_arch_crypto_clear_masks(matrix_mdev->kvm);
++ matrix_mdev->kvm->arch.crypto.pqap_hook = NULL;
++ vfio_ap_mdev_reset_queues(matrix_mdev->mdev);
++ kvm_put_kvm(matrix_mdev->kvm);
++ matrix_mdev->kvm = NULL;
++}
++
+ static int vfio_ap_mdev_group_notifier(struct notifier_block *nb,
+ unsigned long action, void *data)
+ {
+- int ret;
++ int ret, notify_rc = NOTIFY_OK;
+ struct ap_matrix_mdev *matrix_mdev;
+
+ if (action != VFIO_GROUP_NOTIFY_SET_KVM)
+ return NOTIFY_OK;
+
+ matrix_mdev = container_of(nb, struct ap_matrix_mdev, group_notifier);
++ mutex_lock(&matrix_dev->lock);
+
+ if (!data) {
+- matrix_mdev->kvm = NULL;
+- return NOTIFY_OK;
++ if (matrix_mdev->kvm)
++ vfio_ap_mdev_unset_kvm(matrix_mdev);
++ goto notify_done;
+ }
+
+ ret = vfio_ap_mdev_set_kvm(matrix_mdev, data);
+- if (ret)
+- return NOTIFY_DONE;
++ if (ret) {
++ notify_rc = NOTIFY_DONE;
++ goto notify_done;
++ }
+
+ /* If there is no CRYCB pointer, then we can't copy the masks */
+- if (!matrix_mdev->kvm->arch.crypto.crycbd)
+- return NOTIFY_DONE;
++ if (!matrix_mdev->kvm->arch.crypto.crycbd) {
++ notify_rc = NOTIFY_DONE;
++ goto notify_done;
++ }
+
+ kvm_arch_crypto_set_masks(matrix_mdev->kvm, matrix_mdev->matrix.apm,
+ matrix_mdev->matrix.aqm,
+ matrix_mdev->matrix.adm);
+
+- return NOTIFY_OK;
++notify_done:
++ mutex_unlock(&matrix_dev->lock);
++ return notify_rc;
+ }
+
+ static struct vfio_ap_queue *vfio_ap_find_queue(int apqn)
+@@ -1246,13 +1258,8 @@ static void vfio_ap_mdev_release(struct
+ struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
+
+ mutex_lock(&matrix_dev->lock);
+- if (matrix_mdev->kvm) {
+- kvm_arch_crypto_clear_masks(matrix_mdev->kvm);
+- matrix_mdev->kvm->arch.crypto.pqap_hook = NULL;
+- vfio_ap_mdev_reset_queues(mdev);
+- kvm_put_kvm(matrix_mdev->kvm);
+- matrix_mdev->kvm = NULL;
+- }
++ if (matrix_mdev->kvm)
++ vfio_ap_mdev_unset_kvm(matrix_mdev);
+ mutex_unlock(&matrix_dev->lock);
+
+ vfio_unregister_notifier(mdev_dev(mdev), VFIO_IOMMU_NOTIFY,
--- /dev/null
+From 6c12a6384e0c0b96debd88b24028e58f2ebd417b Mon Sep 17 00:00:00 2001
+From: Tony Krowiak <akrowiak@linux.ibm.com>
+Date: Tue, 22 Dec 2020 20:15:53 -0500
+Subject: s390/vfio-ap: No need to disable IRQ after queue reset
+
+From: Tony Krowiak <akrowiak@linux.ibm.com>
+
+commit 6c12a6384e0c0b96debd88b24028e58f2ebd417b upstream.
+
+The queues assigned to a matrix mediated device are currently reset when:
+
+* The VFIO_DEVICE_RESET ioctl is invoked
+* The mdev fd is closed by userspace (QEMU)
+* The mdev is removed from sysfs.
+
+Immediately after the reset of a queue, a call is made to disable
+interrupts for the queue. This is entirely unnecessary because the reset of
+a queue disables interrupts, so this will be removed.
+
+Furthermore, vfio_ap_irq_disable() does an unconditional PQAP/AQIC which
+can result in a specification exception (when the corresponding facility
+is not available), so this is actually a bugfix.
+
+Signed-off-by: Tony Krowiak <akrowiak@linux.ibm.com>
+[pasic@linux.ibm.com: minor rework before merging]
+Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
+Fixes: ec89b55e3bce ("s390: ap: implement PAPQ AQIC interception in kernel")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/s390/crypto/vfio_ap_drv.c | 6 --
+ drivers/s390/crypto/vfio_ap_ops.c | 100 +++++++++++++++++++++-------------
+ drivers/s390/crypto/vfio_ap_private.h | 12 ++--
+ 3 files changed, 69 insertions(+), 49 deletions(-)
+
+--- a/drivers/s390/crypto/vfio_ap_drv.c
++++ b/drivers/s390/crypto/vfio_ap_drv.c
+@@ -71,15 +71,11 @@ static int vfio_ap_queue_dev_probe(struc
+ static void vfio_ap_queue_dev_remove(struct ap_device *apdev)
+ {
+ struct vfio_ap_queue *q;
+- int apid, apqi;
+
+ mutex_lock(&matrix_dev->lock);
+ q = dev_get_drvdata(&apdev->device);
++ vfio_ap_mdev_reset_queue(q, 1);
+ dev_set_drvdata(&apdev->device, NULL);
+- apid = AP_QID_CARD(q->apqn);
+- apqi = AP_QID_QUEUE(q->apqn);
+- vfio_ap_mdev_reset_queue(apid, apqi, 1);
+- vfio_ap_irq_disable(q);
+ kfree(q);
+ mutex_unlock(&matrix_dev->lock);
+ }
+--- a/drivers/s390/crypto/vfio_ap_ops.c
++++ b/drivers/s390/crypto/vfio_ap_ops.c
+@@ -25,6 +25,7 @@
+ #define VFIO_AP_MDEV_NAME_HWVIRT "VFIO AP Passthrough Device"
+
+ static int vfio_ap_mdev_reset_queues(struct mdev_device *mdev);
++static struct vfio_ap_queue *vfio_ap_find_queue(int apqn);
+
+ static int match_apqn(struct device *dev, const void *data)
+ {
+@@ -49,20 +50,15 @@ static struct vfio_ap_queue *vfio_ap_get
+ int apqn)
+ {
+ struct vfio_ap_queue *q;
+- struct device *dev;
+
+ if (!test_bit_inv(AP_QID_CARD(apqn), matrix_mdev->matrix.apm))
+ return NULL;
+ if (!test_bit_inv(AP_QID_QUEUE(apqn), matrix_mdev->matrix.aqm))
+ return NULL;
+
+- dev = driver_find_device(&matrix_dev->vfio_ap_drv->driver, NULL,
+- &apqn, match_apqn);
+- if (!dev)
+- return NULL;
+- q = dev_get_drvdata(dev);
+- q->matrix_mdev = matrix_mdev;
+- put_device(dev);
++ q = vfio_ap_find_queue(apqn);
++ if (q)
++ q->matrix_mdev = matrix_mdev;
+
+ return q;
+ }
+@@ -119,13 +115,18 @@ static void vfio_ap_wait_for_irqclear(in
+ */
+ static void vfio_ap_free_aqic_resources(struct vfio_ap_queue *q)
+ {
+- if (q->saved_isc != VFIO_AP_ISC_INVALID && q->matrix_mdev)
++ if (!q)
++ return;
++ if (q->saved_isc != VFIO_AP_ISC_INVALID &&
++ !WARN_ON(!(q->matrix_mdev && q->matrix_mdev->kvm))) {
+ kvm_s390_gisc_unregister(q->matrix_mdev->kvm, q->saved_isc);
+- if (q->saved_pfn && q->matrix_mdev)
++ q->saved_isc = VFIO_AP_ISC_INVALID;
++ }
++ if (q->saved_pfn && !WARN_ON(!q->matrix_mdev)) {
+ vfio_unpin_pages(mdev_dev(q->matrix_mdev->mdev),
+ &q->saved_pfn, 1);
+- q->saved_pfn = 0;
+- q->saved_isc = VFIO_AP_ISC_INVALID;
++ q->saved_pfn = 0;
++ }
+ }
+
+ /**
+@@ -144,7 +145,7 @@ static void vfio_ap_free_aqic_resources(
+ * Returns if ap_aqic function failed with invalid, deconfigured or
+ * checkstopped AP.
+ */
+-struct ap_queue_status vfio_ap_irq_disable(struct vfio_ap_queue *q)
++static struct ap_queue_status vfio_ap_irq_disable(struct vfio_ap_queue *q)
+ {
+ struct ap_qirq_ctrl aqic_gisa = {};
+ struct ap_queue_status status;
+@@ -1114,48 +1115,70 @@ static int vfio_ap_mdev_group_notifier(s
+ return NOTIFY_OK;
+ }
+
+-static void vfio_ap_irq_disable_apqn(int apqn)
++static struct vfio_ap_queue *vfio_ap_find_queue(int apqn)
+ {
+ struct device *dev;
+- struct vfio_ap_queue *q;
++ struct vfio_ap_queue *q = NULL;
+
+ dev = driver_find_device(&matrix_dev->vfio_ap_drv->driver, NULL,
+ &apqn, match_apqn);
+ if (dev) {
+ q = dev_get_drvdata(dev);
+- vfio_ap_irq_disable(q);
+ put_device(dev);
+ }
++
++ return q;
+ }
+
+-int vfio_ap_mdev_reset_queue(unsigned int apid, unsigned int apqi,
++int vfio_ap_mdev_reset_queue(struct vfio_ap_queue *q,
+ unsigned int retry)
+ {
+ struct ap_queue_status status;
++ int ret;
+ int retry2 = 2;
+- int apqn = AP_MKQID(apid, apqi);
+
+- do {
+- status = ap_zapq(apqn);
+- switch (status.response_code) {
+- case AP_RESPONSE_NORMAL:
+- while (!status.queue_empty && retry2--) {
+- msleep(20);
+- status = ap_tapq(apqn, NULL);
+- }
+- WARN_ON_ONCE(retry2 <= 0);
+- return 0;
+- case AP_RESPONSE_RESET_IN_PROGRESS:
+- case AP_RESPONSE_BUSY:
++ if (!q)
++ return 0;
++
++retry_zapq:
++ status = ap_zapq(q->apqn);
++ switch (status.response_code) {
++ case AP_RESPONSE_NORMAL:
++ ret = 0;
++ break;
++ case AP_RESPONSE_RESET_IN_PROGRESS:
++ if (retry--) {
+ msleep(20);
+- break;
+- default:
+- /* things are really broken, give up */
+- return -EIO;
++ goto retry_zapq;
+ }
+- } while (retry--);
++ ret = -EBUSY;
++ break;
++ case AP_RESPONSE_Q_NOT_AVAIL:
++ case AP_RESPONSE_DECONFIGURED:
++ case AP_RESPONSE_CHECKSTOPPED:
++ WARN_ON_ONCE(status.irq_enabled);
++ ret = -EBUSY;
++ goto free_resources;
++ default:
++ /* things are really broken, give up */
++ WARN(true, "PQAP/ZAPQ completed with invalid rc (%x)\n",
++ status.response_code);
++ return -EIO;
++ }
++
++ /* wait for the reset to take effect */
++ while (retry2--) {
++ if (status.queue_empty && !status.irq_enabled)
++ break;
++ msleep(20);
++ status = ap_tapq(q->apqn, NULL);
++ }
++ WARN_ON_ONCE(retry2 <= 0);
+
+- return -EBUSY;
++free_resources:
++ vfio_ap_free_aqic_resources(q);
++
++ return ret;
+ }
+
+ static int vfio_ap_mdev_reset_queues(struct mdev_device *mdev)
+@@ -1163,13 +1186,15 @@ static int vfio_ap_mdev_reset_queues(str
+ int ret;
+ int rc = 0;
+ unsigned long apid, apqi;
++ struct vfio_ap_queue *q;
+ struct ap_matrix_mdev *matrix_mdev = mdev_get_drvdata(mdev);
+
+ for_each_set_bit_inv(apid, matrix_mdev->matrix.apm,
+ matrix_mdev->matrix.apm_max + 1) {
+ for_each_set_bit_inv(apqi, matrix_mdev->matrix.aqm,
+ matrix_mdev->matrix.aqm_max + 1) {
+- ret = vfio_ap_mdev_reset_queue(apid, apqi, 1);
++ q = vfio_ap_find_queue(AP_MKQID(apid, apqi));
++ ret = vfio_ap_mdev_reset_queue(q, 1);
+ /*
+ * Regardless whether a queue turns out to be busy, or
+ * is not operational, we need to continue resetting
+@@ -1177,7 +1202,6 @@ static int vfio_ap_mdev_reset_queues(str
+ */
+ if (ret)
+ rc = ret;
+- vfio_ap_irq_disable_apqn(AP_MKQID(apid, apqi));
+ }
+ }
+
+--- a/drivers/s390/crypto/vfio_ap_private.h
++++ b/drivers/s390/crypto/vfio_ap_private.h
+@@ -88,11 +88,6 @@ struct ap_matrix_mdev {
+ struct mdev_device *mdev;
+ };
+
+-extern int vfio_ap_mdev_register(void);
+-extern void vfio_ap_mdev_unregister(void);
+-int vfio_ap_mdev_reset_queue(unsigned int apid, unsigned int apqi,
+- unsigned int retry);
+-
+ struct vfio_ap_queue {
+ struct ap_matrix_mdev *matrix_mdev;
+ unsigned long saved_pfn;
+@@ -100,5 +95,10 @@ struct vfio_ap_queue {
+ #define VFIO_AP_ISC_INVALID 0xff
+ unsigned char saved_isc;
+ };
+-struct ap_queue_status vfio_ap_irq_disable(struct vfio_ap_queue *q);
++
++int vfio_ap_mdev_register(void);
++void vfio_ap_mdev_unregister(void);
++int vfio_ap_mdev_reset_queue(struct vfio_ap_queue *q,
++ unsigned int retry);
++
+ #endif /* _VFIO_AP_PRIVATE_H_ */
kernel-kexec-remove-the-lock-operation-of-system_transition_mutex.patch
alsa-hda-realtek-enable-headset-of-asus-b1400cepe-with-alc256.patch
alsa-hda-via-apply-the-workaround-generically-for-clevo-machines.patch
+media-rc-ensure-that-uevent-can-be-read-directly-after-rc-device-register.patch
+arm-dts-imx6qdl-gw52xx-fix-duplicate-regulator-naming.patch
+wext-fix-null-ptr-dereference-with-cfg80211-s-lack-of-commit.patch
+net-usb-qmi_wwan-added-support-for-thales-cinterion-plsx3-modem-family.patch
+s390-vfio-ap-no-need-to-disable-irq-after-queue-reset.patch
+s390-vfio-ap-clean-up-vfio_ap-resources-when-kvm-pointer-invalidated.patch
+pm-hibernate-flush-swap-writer-after-marking.patch
--- /dev/null
+From 5122565188bae59d507d90a9a9fd2fd6107f4439 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Thu, 21 Jan 2021 17:16:22 +0100
+Subject: wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit 5122565188bae59d507d90a9a9fd2fd6107f4439 upstream.
+
+Since cfg80211 doesn't implement commit, we never really cared about
+that code there (and it's configured out w/o CONFIG_WIRELESS_EXT).
+After all, since it has no commit, it shouldn't return -EIWCOMMIT to
+indicate commit is needed.
+
+However, EIWCOMMIT is actually an alias for EINPROGRESS, which _can_
+happen if e.g. we try to change the frequency but we're already in
+the process of connecting to some network, and drivers could return
+that value (or even cfg80211 itself might).
+
+This then causes us to crash because dev->wireless_handlers is NULL
+but we try to check dev->wireless_handlers->standard[0].
+
+Fix this by also checking dev->wireless_handlers. Also simplify the
+code a little bit.
+
+Cc: stable@vger.kernel.org
+Reported-by: syzbot+444248c79e117bc99f46@syzkaller.appspotmail.com
+Reported-by: syzbot+8b2a88a09653d4084179@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/r/20210121171621.2076e4a37d5a.I5d9c72220fe7bb133fb718751da0180a57ecba4e@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/wext-core.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/net/wireless/wext-core.c
++++ b/net/wireless/wext-core.c
+@@ -896,8 +896,9 @@ out:
+ int call_commit_handler(struct net_device *dev)
+ {
+ #ifdef CONFIG_WIRELESS_EXT
+- if ((netif_running(dev)) &&
+- (dev->wireless_handlers->standard[0] != NULL))
++ if (netif_running(dev) &&
++ dev->wireless_handlers &&
++ dev->wireless_handlers->standard[0])
+ /* Call the commit handler on the driver */
+ return dev->wireless_handlers->standard[0](dev, NULL,
+ NULL, NULL);
projects / thirdparty / kernel / stable-queue.git / commitdiff
