--- /dev/null
+From b500c086e4110829a308c23e83a7cdc65b26228a Mon Sep 17 00:00:00 2001
+From: Stephan Gerhold <stephan@gerhold.net>
+Date: Fri, 14 Feb 2020 12:03:24 +0100
+Subject: iio: magnetometer: ak8974: Fix negative raw values in sysfs
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Stephan Gerhold <stephan@gerhold.net>
+
+commit b500c086e4110829a308c23e83a7cdc65b26228a upstream.
+
+At the moment, reading from in_magn_*_raw in sysfs tends to return
+large values around 65000, even though the output of ak8974 is actually
+limited to ±32768. This happens because the value is never converted
+to the signed 16-bit integer variant.
+
+Add an explicit cast to s16 to fix this.
+
+Fixes: 7c94a8b2ee8c ("iio: magn: add a driver for AK8974")
+Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
+Reviewed-by: Linus Waleij <linus.walleij@linaro.org>
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iio/magnetometer/ak8974.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/iio/magnetometer/ak8974.c
++++ b/drivers/iio/magnetometer/ak8974.c
+@@ -477,7 +477,7 @@ static int ak8974_read_raw(struct iio_de
+ * We read all axes and discard all but one, for optimized
+ * reading, use the triggered buffer.
+ */
+- *val = le16_to_cpu(hw_values[chan->address]);
++ *val = (s16)le16_to_cpu(hw_values[chan->address]);
+
+ ret = IIO_VAL_INT;
+ }
--- /dev/null
+From ce666be89a8a09c5924ff08fc32e119f974bdab6 Mon Sep 17 00:00:00 2001
+From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Date: Tue, 17 Mar 2020 08:22:14 +0200
+Subject: intel_th: Fix user-visible error codes
+
+From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+
+commit ce666be89a8a09c5924ff08fc32e119f974bdab6 upstream.
+
+There are a few places in the driver that end up returning ENOTSUPP to
+the user, replace those with EINVAL.
+
+Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Fixes: ba82664c134ef ("intel_th: Add Memory Storage Unit driver")
+Cc: stable@vger.kernel.org # v4.4+
+Link: https://lore.kernel.org/r/20200317062215.15598-6-alexander.shishkin@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hwtracing/intel_th/msu.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/hwtracing/intel_th/msu.c
++++ b/drivers/hwtracing/intel_th/msu.c
+@@ -497,7 +497,7 @@ static int msc_configure(struct msc *msc
+ lockdep_assert_held(&msc->buf_mutex);
+
+ if (msc->mode > MSC_MODE_MULTI)
+- return -ENOTSUPP;
++ return -EINVAL;
+
+ if (msc->mode == MSC_MODE_MULTI)
+ msc_buffer_clear_hw_header(msc);
+@@ -948,7 +948,7 @@ static int msc_buffer_alloc(struct msc *
+ } else if (msc->mode == MSC_MODE_MULTI) {
+ ret = msc_buffer_multi_alloc(msc, nr_pages, nr_wins);
+ } else {
+- ret = -ENOTSUPP;
++ ret = -EINVAL;
+ }
+
+ if (!ret) {
+@@ -1171,7 +1171,7 @@ static ssize_t intel_th_msc_read(struct
+ if (ret >= 0)
+ *ppos = iter->offset;
+ } else {
+- ret = -ENOTSUPP;
++ ret = -EINVAL;
+ }
+
+ put_count:
--- /dev/null
+From 7d36665a5886c27ca4c4d0afd3ecc50b400f3587 Mon Sep 17 00:00:00 2001
+From: Chunguang Xu <brookxu@tencent.com>
+Date: Sat, 21 Mar 2020 18:22:10 -0700
+Subject: memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Chunguang Xu <brookxu@tencent.com>
+
+commit 7d36665a5886c27ca4c4d0afd3ecc50b400f3587 upstream.
+
+An eventfd monitors multiple memory thresholds of the cgroup, closes them,
+the kernel deletes all events related to this eventfd. Before all events
+are deleted, another eventfd monitors the memory threshold of this cgroup,
+leading to a crash:
+
+ BUG: kernel NULL pointer dereference, address: 0000000000000004
+ #PF: supervisor write access in kernel mode
+ #PF: error_code(0x0002) - not-present page
+ PGD 800000033058e067 P4D 800000033058e067 PUD 3355ce067 PMD 0
+ Oops: 0002 [#1] SMP PTI
+ CPU: 2 PID: 14012 Comm: kworker/2:6 Kdump: loaded Not tainted 5.6.0-rc4 #3
+ Hardware name: LENOVO 20AWS01K00/20AWS01K00, BIOS GLET70WW (2.24 ) 05/21/2014
+ Workqueue: events memcg_event_remove
+ RIP: 0010:__mem_cgroup_usage_unregister_event+0xb3/0x190
+ RSP: 0018:ffffb47e01c4fe18 EFLAGS: 00010202
+ RAX: 0000000000000001 RBX: ffff8bb223a8a000 RCX: 0000000000000001
+ RDX: 0000000000000001 RSI: ffff8bb22fb83540 RDI: 0000000000000001
+ RBP: ffffb47e01c4fe48 R08: 0000000000000000 R09: 0000000000000010
+ R10: 000000000000000c R11: 071c71c71c71c71c R12: ffff8bb226aba880
+ R13: ffff8bb223a8a480 R14: 0000000000000000 R15: 0000000000000000
+ FS: 0000000000000000(0000) GS:ffff8bb242680000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000000000000004 CR3: 000000032c29c003 CR4: 00000000001606e0
+ Call Trace:
+ memcg_event_remove+0x32/0x90
+ process_one_work+0x172/0x380
+ worker_thread+0x49/0x3f0
+ kthread+0xf8/0x130
+ ret_from_fork+0x35/0x40
+ CR2: 0000000000000004
+
+We can reproduce this problem in the following ways:
+
+1. We create a new cgroup subdirectory and a new eventfd, and then we
+ monitor multiple memory thresholds of the cgroup through this eventfd.
+
+2. closing this eventfd, and __mem_cgroup_usage_unregister_event ()
+ will be called multiple times to delete all events related to this
+ eventfd.
+
+The first time __mem_cgroup_usage_unregister_event() is called, the
+kernel will clear all items related to this eventfd in thresholds->
+primary.
+
+Since there is currently only one eventfd, thresholds-> primary becomes
+empty, so the kernel will set thresholds-> primary and hresholds-> spare
+to NULL. If at this time, the user creates a new eventfd and monitor
+the memory threshold of this cgroup, kernel will re-initialize
+thresholds-> primary.
+
+Then when __mem_cgroup_usage_unregister_event () is called for the
+second time, because thresholds-> primary is not empty, the system will
+access thresholds-> spare, but thresholds-> spare is NULL, which will
+trigger a crash.
+
+In general, the longer it takes to delete all events related to this
+eventfd, the easier it is to trigger this problem.
+
+The solution is to check whether the thresholds associated with the
+eventfd has been cleared when deleting the event. If so, we do nothing.
+
+[akpm@linux-foundation.org: fix comment, per Kirill]
+Fixes: 907860ed381a ("cgroups: make cftype.unregister_event() void-returning")
+Signed-off-by: Chunguang Xu <brookxu@tencent.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: http://lkml.kernel.org/r/077a6f67-aefa-4591-efec-f2f3af2b0b02@gmail.com
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/memcontrol.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/mm/memcontrol.c
++++ b/mm/memcontrol.c
+@@ -3481,7 +3481,7 @@ static void __mem_cgroup_usage_unregiste
+ struct mem_cgroup_thresholds *thresholds;
+ struct mem_cgroup_threshold_ary *new;
+ unsigned long usage;
+- int i, j, size;
++ int i, j, size, entries;
+
+ mutex_lock(&memcg->thresholds_lock);
+
+@@ -3501,14 +3501,20 @@ static void __mem_cgroup_usage_unregiste
+ __mem_cgroup_threshold(memcg, type == _MEMSWAP);
+
+ /* Calculate new number of threshold */
+- size = 0;
++ size = entries = 0;
+ for (i = 0; i < thresholds->primary->size; i++) {
+ if (thresholds->primary->entries[i].eventfd != eventfd)
+ size++;
++ else
++ entries++;
+ }
+
+ new = thresholds->spare;
+
++ /* If no items related to eventfd have been cleared, nothing to do */
++ if (!entries)
++ goto unlock;
++
+ /* Set thresholds array to NULL if we don't have thresholds */
+ if (!size) {
+ kfree(new);
--- /dev/null
+From 5076190daded2197f62fe92cf69674488be44175 Mon Sep 17 00:00:00 2001
+From: Linus Torvalds <torvalds@linux-foundation.org>
+Date: Tue, 17 Mar 2020 11:04:09 -0700
+Subject: mm: slub: be more careful about the double cmpxchg of freelist
+
+From: Linus Torvalds <torvalds@linux-foundation.org>
+
+commit 5076190daded2197f62fe92cf69674488be44175 upstream.
+
+This is just a cleanup addition to Jann's fix to properly update the
+transaction ID for the slub slowpath in commit fd4d9c7d0c71 ("mm: slub:
+add missing TID bump..").
+
+The transaction ID is what protects us against any concurrent accesses,
+but we should really also make sure to make the 'freelist' comparison
+itself always use the same freelist value that we then used as the new
+next free pointer.
+
+Jann points out that if we do all of this carefully, we could skip the
+transaction ID update for all the paths that only remove entries from
+the lists, and only update the TID when adding entries (to avoid the ABA
+issue with cmpxchg and list handling re-adding a previously seen value).
+
+But this patch just does the "make sure to cmpxchg the same value we
+used" rather than then try to be clever.
+
+Acked-by: Jann Horn <jannh@google.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/slub.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -2935,11 +2935,13 @@ redo:
+ barrier();
+
+ if (likely(page == c->page)) {
+- set_freepointer(s, tail_obj, c->freelist);
++ void **freelist = READ_ONCE(c->freelist);
++
++ set_freepointer(s, tail_obj, freelist);
+
+ if (unlikely(!this_cpu_cmpxchg_double(
+ s->cpu_slab->freelist, s->cpu_slab->tid,
+- c->freelist, tid,
++ freelist, tid,
+ head, next_tid(tid)))) {
+
+ note_cmpxchg_failure("slab_free", s, tid);
--- /dev/null
+From 0715e6c516f106ed553828a671d30ad9a3431536 Mon Sep 17 00:00:00 2001
+From: Vlastimil Babka <vbabka@suse.cz>
+Date: Sat, 21 Mar 2020 18:22:37 -0700
+Subject: mm, slub: prevent kmalloc_node crashes and memory leaks
+
+From: Vlastimil Babka <vbabka@suse.cz>
+
+commit 0715e6c516f106ed553828a671d30ad9a3431536 upstream.
+
+Sachin reports [1] a crash in SLUB __slab_alloc():
+
+ BUG: Kernel NULL pointer dereference on read at 0x000073b0
+ Faulting instruction address: 0xc0000000003d55f4
+ Oops: Kernel access of bad area, sig: 11 [#1]
+ LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
+ Modules linked in:
+ CPU: 19 PID: 1 Comm: systemd Not tainted 5.6.0-rc2-next-20200218-autotest #1
+ NIP: c0000000003d55f4 LR: c0000000003d5b94 CTR: 0000000000000000
+ REGS: c0000008b37836d0 TRAP: 0300 Not tainted (5.6.0-rc2-next-20200218-autotest)
+ MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 24004844 XER: 00000000
+ CFAR: c00000000000dec4 DAR: 00000000000073b0 DSISR: 40000000 IRQMASK: 1
+ GPR00: c0000000003d5b94 c0000008b3783960 c00000000155d400 c0000008b301f500
+ GPR04: 0000000000000dc0 0000000000000002 c0000000003443d8 c0000008bb398620
+ GPR08: 00000008ba2f0000 0000000000000001 0000000000000000 0000000000000000
+ GPR12: 0000000024004844 c00000001ec52a00 0000000000000000 0000000000000000
+ GPR16: c0000008a1b20048 c000000001595898 c000000001750c18 0000000000000002
+ GPR20: c000000001750c28 c000000001624470 0000000fffffffe0 5deadbeef0000122
+ GPR24: 0000000000000001 0000000000000dc0 0000000000000002 c0000000003443d8
+ GPR28: c0000008b301f500 c0000008bb398620 0000000000000000 c00c000002287180
+ NIP ___slab_alloc+0x1f4/0x760
+ LR __slab_alloc+0x34/0x60
+ Call Trace:
+ ___slab_alloc+0x334/0x760 (unreliable)
+ __slab_alloc+0x34/0x60
+ __kmalloc_node+0x110/0x490
+ kvmalloc_node+0x58/0x110
+ mem_cgroup_css_online+0x108/0x270
+ online_css+0x48/0xd0
+ cgroup_apply_control_enable+0x2ec/0x4d0
+ cgroup_mkdir+0x228/0x5f0
+ kernfs_iop_mkdir+0x90/0xf0
+ vfs_mkdir+0x110/0x230
+ do_mkdirat+0xb0/0x1a0
+ system_call+0x5c/0x68
+
+This is a PowerPC platform with following NUMA topology:
+
+ available: 2 nodes (0-1)
+ node 0 cpus:
+ node 0 size: 0 MB
+ node 0 free: 0 MB
+ node 1 cpus: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
+ node 1 size: 35247 MB
+ node 1 free: 30907 MB
+ node distances:
+ node 0 1
+ 0: 10 40
+ 1: 40 10
+
+ possible numa nodes: 0-31
+
+This only happens with a mmotm patch "mm/memcontrol.c: allocate
+shrinker_map on appropriate NUMA node" [2] which effectively calls
+kmalloc_node for each possible node. SLUB however only allocates
+kmem_cache_node on online N_NORMAL_MEMORY nodes, and relies on
+node_to_mem_node to return such valid node for other nodes since commit
+a561ce00b09e ("slub: fall back to node_to_mem_node() node if allocating
+on memoryless node"). This is however not true in this configuration
+where the _node_numa_mem_ array is not initialized for nodes 0 and 2-31,
+thus it contains zeroes and get_partial() ends up accessing
+non-allocated kmem_cache_node.
+
+A related issue was reported by Bharata (originally by Ramachandran) [3]
+where a similar PowerPC configuration, but with mainline kernel without
+patch [2] ends up allocating large amounts of pages by kmalloc-1k
+kmalloc-512. This seems to have the same underlying issue with
+node_to_mem_node() not behaving as expected, and might probably also
+lead to an infinite loop with CONFIG_SLUB_CPU_PARTIAL [4].
+
+This patch should fix both issues by not relying on node_to_mem_node()
+anymore and instead simply falling back to NUMA_NO_NODE, when
+kmalloc_node(node) is attempted for a node that's not online, or has no
+usable memory. The "usable memory" condition is also changed from
+node_present_pages() to N_NORMAL_MEMORY node state, as that is exactly
+the condition that SLUB uses to allocate kmem_cache_node structures.
+The check in get_partial() is removed completely, as the checks in
+___slab_alloc() are now sufficient to prevent get_partial() being
+reached with an invalid node.
+
+[1] https://lore.kernel.org/linux-next/3381CD91-AB3D-4773-BA04-E7A072A63968@linux.vnet.ibm.com/
+[2] https://lore.kernel.org/linux-mm/fff0e636-4c36-ed10-281c-8cdb0687c839@virtuozzo.com/
+[3] https://lore.kernel.org/linux-mm/20200317092624.GB22538@in.ibm.com/
+[4] https://lore.kernel.org/linux-mm/088b5996-faae-8a56-ef9c-5b567125ae54@suse.cz/
+
+Fixes: a561ce00b09e ("slub: fall back to node_to_mem_node() node if allocating on memoryless node")
+Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
+Reported-by: PUVICHAKRAVARTHY RAMACHANDRAN <puvichakravarthy@in.ibm.com>
+Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
+Tested-by: Bharata B Rao <bharata@linux.ibm.com>
+Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
+Cc: Mel Gorman <mgorman@techsingularity.net>
+Cc: Michael Ellerman <mpe@ellerman.id.au>
+Cc: Michal Hocko <mhocko@kernel.org>
+Cc: Christopher Lameter <cl@linux.com>
+Cc: linuxppc-dev@lists.ozlabs.org
+Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
+Cc: Pekka Enberg <penberg@kernel.org>
+Cc: David Rientjes <rientjes@google.com>
+Cc: Kirill Tkhai <ktkhai@virtuozzo.com>
+Cc: Vlastimil Babka <vbabka@suse.cz>
+Cc: Nathan Lynch <nathanl@linux.ibm.com>
+Cc: <stable@vger.kernel.org>
+Link: http://lkml.kernel.org/r/20200320115533.9604-1-vbabka@suse.cz
+Debugged-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/slub.c | 26 +++++++++++++++++---------
+ 1 file changed, 17 insertions(+), 9 deletions(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -1909,8 +1909,6 @@ static void *get_partial(struct kmem_cac
+
+ if (node == NUMA_NO_NODE)
+ searchnode = numa_mem_id();
+- else if (!node_present_pages(node))
+- searchnode = node_to_mem_node(node);
+
+ object = get_partial_node(s, get_node(s, searchnode), c, flags);
+ if (object || node != NUMA_NO_NODE)
+@@ -2506,17 +2504,27 @@ static void *___slab_alloc(struct kmem_c
+ struct page *page;
+
+ page = c->page;
+- if (!page)
++ if (!page) {
++ /*
++ * if the node is not online or has no normal memory, just
++ * ignore the node constraint
++ */
++ if (unlikely(node != NUMA_NO_NODE &&
++ !node_state(node, N_NORMAL_MEMORY)))
++ node = NUMA_NO_NODE;
+ goto new_slab;
++ }
+ redo:
+
+ if (unlikely(!node_match(page, node))) {
+- int searchnode = node;
+-
+- if (node != NUMA_NO_NODE && !node_present_pages(node))
+- searchnode = node_to_mem_node(node);
+-
+- if (unlikely(!node_match(page, searchnode))) {
++ /*
++ * same as above but node_match() being false already
++ * implies node != NUMA_NO_NODE
++ */
++ if (!node_state(node, N_NORMAL_MEMORY)) {
++ node = NUMA_NO_NODE;
++ goto redo;
++ } else {
+ stat(s, ALLOC_NODE_MISMATCH);
+ deactivate_slab(s, page, c->freelist);
+ c->page = NULL;
--- /dev/null
+From 53dd0a7cd65edc83b0c243d1c08377c8b876b2ee Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20Miros=C5=82aw?= <mirq-linux@rere.qmqm.pl>
+Date: Sun, 15 Mar 2020 17:44:25 +0100
+Subject: mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+
+commit 53dd0a7cd65edc83b0c243d1c08377c8b876b2ee upstream.
+
+SAMA5D2x doesn't drive CMD line if GPIO is used as CD line (at least
+SAMA5D27 doesn't). Fix this by forcing card-detect in the module
+if module-controlled CD is not used.
+
+Fixed commit addresses the problem only for non-removable cards. This
+amends it to also cover gpio-cd case.
+
+Cc: stable@vger.kernel.org
+Fixes: 7a1e3f143176 ("mmc: sdhci-of-at91: force card detect value for non removable devices")
+Signed-off-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Link: https://lore.kernel.org/r/8d10950d9940468577daef4772b82a071b204716.1584290561.git.mirq-linux@rere.qmqm.pl
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci-of-at91.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/mmc/host/sdhci-of-at91.c
++++ b/drivers/mmc/host/sdhci-of-at91.c
+@@ -126,7 +126,8 @@ static void sdhci_at91_reset(struct sdhc
+ {
+ sdhci_reset(host, mask);
+
+- if (host->mmc->caps & MMC_CAP_NONREMOVABLE)
++ if ((host->mmc->caps & MMC_CAP_NONREMOVABLE)
++ || mmc_gpio_get_cd(host->mmc) >= 0)
+ sdhci_at91_set_force_card_detect(host);
+ }
+
+@@ -354,8 +355,11 @@ static int sdhci_at91_probe(struct platf
+ * detection procedure using the SDMCC_CD signal is bypassed.
+ * This bit is reset when a software reset for all command is performed
+ * so we need to implement our own reset function to set back this bit.
++ *
++ * WA: SAMA5D2 doesn't drive CMD if using CD GPIO line.
+ */
+- if (host->mmc->caps & MMC_CAP_NONREMOVABLE)
++ if ((host->mmc->caps & MMC_CAP_NONREMOVABLE)
++ || mmc_gpio_get_cd(host->mmc) >= 0)
+ sdhci_at91_set_force_card_detect(host);
+
+ pm_runtime_put_autosuspend(&pdev->dev);
--- /dev/null
+From 5d892919fdd0cefd361697472d4e1b174a594991 Mon Sep 17 00:00:00 2001
+From: Corentin Labbe <clabbe@baylibre.com>
+Date: Wed, 18 Mar 2020 15:26:49 +0000
+Subject: rtc: max8907: add missing select REGMAP_IRQ
+
+From: Corentin Labbe <clabbe@baylibre.com>
+
+commit 5d892919fdd0cefd361697472d4e1b174a594991 upstream.
+
+I have hit the following build error:
+
+ armv7a-hardfloat-linux-gnueabi-ld: drivers/rtc/rtc-max8907.o: in function `max8907_rtc_probe':
+ rtc-max8907.c:(.text+0x400): undefined reference to `regmap_irq_get_virq'
+
+max8907 should select REGMAP_IRQ
+
+Fixes: 94c01ab6d7544 ("rtc: add MAX8907 RTC driver")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/rtc/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/rtc/Kconfig
++++ b/drivers/rtc/Kconfig
+@@ -304,6 +304,7 @@ config RTC_DRV_MAX6900
+ config RTC_DRV_MAX8907
+ tristate "Maxim MAX8907"
+ depends on MFD_MAX8907
++ select REGMAP_IRQ
+ help
+ If you say yes here you will get support for the
+ RTC of Maxim MAX8907 PMIC.
alsa-seq-oss-fix-running-status-after-receiving-sysex.patch
alsa-pcm-oss-avoid-plugin-buffer-overflow.patch
alsa-pcm-oss-remove-warning-from-snd_pcm_plug_alloc-checks.patch
+iio-magnetometer-ak8974-fix-negative-raw-values-in-sysfs.patch
+mmc-sdhci-of-at91-fix-cd-gpios-for-sama5d2.patch
+staging-rtl8188eu-add-device-id-for-mercusys-mw150us-v2.patch
+staging-speakup-fix-get_word-non-space-look-ahead.patch
+intel_th-fix-user-visible-error-codes.patch
+rtc-max8907-add-missing-select-regmap_irq.patch
+memcg-fix-null-pointer-dereference-in-__mem_cgroup_usage_unregister_event.patch
+mm-slub-be-more-careful-about-the-double-cmpxchg-of-freelist.patch
+mm-slub-prevent-kmalloc_node-crashes-and-memory-leaks.patch
+x86-mm-split-vmalloc_sync_all.patch
--- /dev/null
+From bb5786b9286c253557a0115bc8d21879e61b7b94 Mon Sep 17 00:00:00 2001
+From: Michael Straube <straube.linux@gmail.com>
+Date: Thu, 12 Mar 2020 10:36:52 +0100
+Subject: staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
+
+From: Michael Straube <straube.linux@gmail.com>
+
+commit bb5786b9286c253557a0115bc8d21879e61b7b94 upstream.
+
+This device was added to the stand-alone driver on github.
+Add it to the staging driver as well.
+
+Link: https://github.com/lwfinger/rtl8188eu/commit/2141f244c3e7
+Signed-off-by: Michael Straube <straube.linux@gmail.com>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200312093652.13918-1-straube.linux@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/rtl8188eu/os_dep/usb_intf.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c
++++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c
+@@ -46,6 +46,7 @@ static struct usb_device_id rtw_usb_id_t
+ {USB_DEVICE(0x2001, 0x331B)}, /* D-Link DWA-121 rev B1 */
+ {USB_DEVICE(0x2357, 0x010c)}, /* TP-Link TL-WN722N v2 */
+ {USB_DEVICE(0x2357, 0x0111)}, /* TP-Link TL-WN727N v5.21 */
++ {USB_DEVICE(0x2C4E, 0x0102)}, /* MERCUSYS MW150US v2 */
+ {USB_DEVICE(0x0df6, 0x0076)}, /* Sitecom N150 v2 */
+ {USB_DEVICE(USB_VENDER_ID_REALTEK, 0xffef)}, /* Rosewill RNX-N150NUB */
+ {} /* Terminating entry */
--- /dev/null
+From 9d32c0cde4e2d1343dfb88a67b2ec6397705b32b Mon Sep 17 00:00:00 2001
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Date: Fri, 6 Mar 2020 01:30:47 +0100
+Subject: staging/speakup: fix get_word non-space look-ahead
+
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+
+commit 9d32c0cde4e2d1343dfb88a67b2ec6397705b32b upstream.
+
+get_char was erroneously given the address of the pointer to the text
+instead of the address of the text, thus leading to random crashes when
+the user requests speaking a word while the current position is on a space
+character and say_word_ctl is not enabled.
+
+Reported-on: https://github.com/bytefire/speakup/issues/1
+Reported-by: Kirk Reiser <kirk@reisers.ca>
+Reported-by: Janina Sajka <janina@rednote.net>
+Reported-by: Alexandr Epaneshnikov <aarnaarn2@gmail.com>
+Reported-by: Gregory Nowak <greg@gregn.net>
+Reported-by: deedra waters <deedra@the-brannons.com>
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Tested-by: Alexandr Epaneshnikov <aarnaarn2@gmail.com>
+Tested-by: Gregory Nowak <greg@gregn.net>
+Tested-by: Michael Taboada <michael@michaels.world>
+Cc: stable <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200306003047.thijtmqrnayd3dmw@function
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/staging/speakup/main.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/staging/speakup/main.c
++++ b/drivers/staging/speakup/main.c
+@@ -565,8 +565,7 @@ static u_long get_word(struct vc_data *v
+ return 0;
+ } else if ((tmpx < vc->vc_cols - 2)
+ && (ch == SPACE || ch == 0 || IS_WDLM(ch))
+- && ((char)get_char(vc, (u_short *) &tmp_pos + 1, &temp) >
+- SPACE)) {
++ && ((char)get_char(vc, (u_short *)tmp_pos + 1, &temp) > SPACE)) {
+ tmp_pos += 2;
+ tmpx++;
+ } else
--- /dev/null
+From 763802b53a427ed3cbd419dbba255c414fdd9e7c Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <jroedel@suse.de>
+Date: Sat, 21 Mar 2020 18:22:41 -0700
+Subject: x86/mm: split vmalloc_sync_all()
+
+From: Joerg Roedel <jroedel@suse.de>
+
+commit 763802b53a427ed3cbd419dbba255c414fdd9e7c upstream.
+
+Commit 3f8fd02b1bf1 ("mm/vmalloc: Sync unmappings in
+__purge_vmap_area_lazy()") introduced a call to vmalloc_sync_all() in
+the vunmap() code-path. While this change was necessary to maintain
+correctness on x86-32-pae kernels, it also adds additional cycles for
+architectures that don't need it.
+
+Specifically on x86-64 with CONFIG_VMAP_STACK=y some people reported
+severe performance regressions in micro-benchmarks because it now also
+calls the x86-64 implementation of vmalloc_sync_all() on vunmap(). But
+the vmalloc_sync_all() implementation on x86-64 is only needed for newly
+created mappings.
+
+To avoid the unnecessary work on x86-64 and to gain the performance
+back, split up vmalloc_sync_all() into two functions:
+
+ * vmalloc_sync_mappings(), and
+ * vmalloc_sync_unmappings()
+
+Most call-sites to vmalloc_sync_all() only care about new mappings being
+synchronized. The only exception is the new call-site added in the
+above mentioned commit.
+
+Shile Zhang directed us to a report of an 80% regression in reaim
+throughput.
+
+Fixes: 3f8fd02b1bf1 ("mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()")
+Reported-by: kernel test robot <oliver.sang@intel.com>
+Reported-by: Shile Zhang <shile.zhang@linux.alibaba.com>
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Tested-by: Borislav Petkov <bp@suse.de>
+Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> [GHES]
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: <stable@vger.kernel.org>
+Link: http://lkml.kernel.org/r/20191009124418.8286-1-joro@8bytes.org
+Link: https://lists.01.org/hyperkitty/list/lkp@lists.01.org/thread/4D3JPPHBNOSPFK2KEPC6KGKS6J25AIDB/
+Link: http://lkml.kernel.org/r/20191113095530.228959-1-shile.zhang@linux.alibaba.com
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/mm/fault.c | 26 ++++++++++++++++++++++++--
+ drivers/acpi/apei/ghes.c | 2 +-
+ include/linux/vmalloc.h | 5 +++--
+ kernel/notifier.c | 2 +-
+ mm/nommu.c | 10 +++++++---
+ mm/vmalloc.c | 11 +++++++----
+ 6 files changed, 43 insertions(+), 13 deletions(-)
+
+--- a/arch/x86/mm/fault.c
++++ b/arch/x86/mm/fault.c
+@@ -285,7 +285,7 @@ static inline pmd_t *vmalloc_sync_one(pg
+ return pmd_k;
+ }
+
+-void vmalloc_sync_all(void)
++static void vmalloc_sync(void)
+ {
+ unsigned long address;
+
+@@ -312,6 +312,16 @@ void vmalloc_sync_all(void)
+ }
+ }
+
++void vmalloc_sync_mappings(void)
++{
++ vmalloc_sync();
++}
++
++void vmalloc_sync_unmappings(void)
++{
++ vmalloc_sync();
++}
++
+ /*
+ * 32-bit:
+ *
+@@ -406,11 +416,23 @@ out:
+
+ #else /* CONFIG_X86_64: */
+
+-void vmalloc_sync_all(void)
++void vmalloc_sync_mappings(void)
+ {
++ /*
++ * 64-bit mappings might allocate new p4d/pud pages
++ * that need to be propagated to all tasks' PGDs.
++ */
+ sync_global_pgds(VMALLOC_START & PGDIR_MASK, VMALLOC_END, 0);
+ }
+
++void vmalloc_sync_unmappings(void)
++{
++ /*
++ * Unmappings never allocate or free p4d/pud pages.
++ * No work is required here.
++ */
++}
++
+ /*
+ * 64-bit:
+ *
+--- a/drivers/acpi/apei/ghes.c
++++ b/drivers/acpi/apei/ghes.c
+@@ -234,7 +234,7 @@ static int ghes_estatus_pool_expand(unsi
+ * New allocation must be visible in all pgd before it can be found by
+ * an NMI allocating from the pool.
+ */
+- vmalloc_sync_all();
++ vmalloc_sync_mappings();
+
+ return gen_pool_add(ghes_estatus_pool, addr, PAGE_ALIGN(len), -1);
+ }
+--- a/include/linux/vmalloc.h
++++ b/include/linux/vmalloc.h
+@@ -93,8 +93,9 @@ extern int remap_vmalloc_range_partial(s
+
+ extern int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+ unsigned long pgoff);
+-void vmalloc_sync_all(void);
+-
++void vmalloc_sync_mappings(void);
++void vmalloc_sync_unmappings(void);
++
+ /*
+ * Lowlevel-APIs (not for driver use!)
+ */
+--- a/kernel/notifier.c
++++ b/kernel/notifier.c
+@@ -552,7 +552,7 @@ NOKPROBE_SYMBOL(notify_die);
+
+ int register_die_notifier(struct notifier_block *nb)
+ {
+- vmalloc_sync_all();
++ vmalloc_sync_mappings();
+ return atomic_notifier_chain_register(&die_chain, nb);
+ }
+ EXPORT_SYMBOL_GPL(register_die_notifier);
+--- a/mm/nommu.c
++++ b/mm/nommu.c
+@@ -445,10 +445,14 @@ void vm_unmap_aliases(void)
+ EXPORT_SYMBOL_GPL(vm_unmap_aliases);
+
+ /*
+- * Implement a stub for vmalloc_sync_all() if the architecture chose not to
+- * have one.
++ * Implement a stub for vmalloc_sync_[un]mapping() if the architecture
++ * chose not to have one.
+ */
+-void __weak vmalloc_sync_all(void)
++void __weak vmalloc_sync_mappings(void)
++{
++}
++
++void __weak vmalloc_sync_unmappings(void)
+ {
+ }
+
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -1711,7 +1711,7 @@ void *__vmalloc_node_range(unsigned long
+ * First make sure the mappings are removed from all page-tables
+ * before they are freed.
+ */
+- vmalloc_sync_all();
++ vmalloc_sync_unmappings();
+
+ /*
+ * In this function, newly allocated vm_struct has VM_UNINITIALIZED
+@@ -2247,16 +2247,19 @@ int remap_vmalloc_range(struct vm_area_s
+ EXPORT_SYMBOL(remap_vmalloc_range);
+
+ /*
+- * Implement a stub for vmalloc_sync_all() if the architecture chose not to
+- * have one.
++ * Implement stubs for vmalloc_sync_[un]mappings () if the architecture chose
++ * not to have one.
+ *
+ * The purpose of this function is to make sure the vmalloc area
+ * mappings are identical in all page-tables in the system.
+ */
+-void __weak vmalloc_sync_all(void)
++void __weak vmalloc_sync_mappings(void)
+ {
+ }
+
++void __weak vmalloc_sync_unmappings(void)
++{
++}
+
+ static int f(pte_t *pte, pgtable_t table, unsigned long addr, void *data)
+ {
projects / thirdparty / kernel / stable-queue.git / commitdiff
