--- /dev/null
+From e707180ae2df1c87e26ec7a6fd70d07483bde7fd Mon Sep 17 00:00:00 2001
+From: Sean Nyekjaer <sean@geanix.com>
+Date: Wed, 4 Dec 2019 11:36:06 +0000
+Subject: can: flexcan: fix possible deadlock and out-of-order reception after wakeup
+
+From: Sean Nyekjaer <sean@geanix.com>
+
+commit e707180ae2df1c87e26ec7a6fd70d07483bde7fd upstream.
+
+When suspending, and there is still CAN traffic on the interfaces the
+flexcan immediately wakes the platform again. As it should :-). But it
+throws this error msg:
+
+[ 3169.378661] PM: noirq suspend of devices failed
+
+On the way down to suspend the interface that throws the error message
+calls flexcan_suspend() but fails to call flexcan_noirq_suspend(). That
+means flexcan_enter_stop_mode() is called, but on the way out of suspend
+the driver only calls flexcan_resume() and skips flexcan_noirq_resume(),
+thus it doesn't call flexcan_exit_stop_mode(). This leaves the flexcan
+in stop mode, and with the current driver it can't recover from this
+even with a soft reboot, it requires a hard reboot.
+
+This patch fixes the deadlock when using self wakeup, by calling
+flexcan_exit_stop_mode() from flexcan_resume() instead of
+flexcan_noirq_resume().
+
+This also fixes another issue: CAN frames are received out-of-order in
+first IRQ handler run after wakeup.
+
+The problem is that the wakeup latency from frame reception to the IRQ
+handler (where the CAN frames are sorted by timestamp) is much bigger
+than the time stamp counter wrap around time. This means it's
+impossible to sort the CAN frames by timestamp.
+
+The reason is that the controller exits stop mode during noirq resume,
+which means it receives frames immediately, but interrupt handling is
+still not possible.
+
+So exit stop mode during resume stage instead of noirq resume fixes this
+issue.
+
+Fixes: de3578c198c6 ("can: flexcan: add self wakeup support")
+Signed-off-by: Sean Nyekjaer <sean@geanix.com>
+Tested-by: Sean Nyekjaer <sean@geanix.com>
+Signed-off-by: Joakim Zhang <qiangqing.zhang@nxp.com>
+Cc: linux-stable <stable@vger.kernel.org> # >= v5.0
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/flexcan.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/can/flexcan.c
++++ b/drivers/net/can/flexcan.c
+@@ -1703,6 +1703,9 @@ static int __maybe_unused flexcan_resume
+ netif_start_queue(dev);
+ if (device_may_wakeup(device)) {
+ disable_irq_wake(dev->irq);
++ err = flexcan_exit_stop_mode(priv);
++ if (err)
++ return err;
+ } else {
+ err = pm_runtime_force_resume(device);
+ if (err)
+@@ -1748,14 +1751,9 @@ static int __maybe_unused flexcan_noirq_
+ {
+ struct net_device *dev = dev_get_drvdata(device);
+ struct flexcan_priv *priv = netdev_priv(dev);
+- int err;
+
+- if (netif_running(dev) && device_may_wakeup(device)) {
++ if (netif_running(dev) && device_may_wakeup(device))
+ flexcan_enable_wakeup_irq(priv, false);
+- err = flexcan_exit_stop_mode(priv);
+- if (err)
+- return err;
+- }
+
+ return 0;
+ }
--- /dev/null
+From 048e3a34a2e7669bf475eb56c7345ad9d8d2b8e3 Mon Sep 17 00:00:00 2001
+From: Joakim Zhang <qiangqing.zhang@nxp.com>
+Date: Wed, 4 Dec 2019 11:36:14 +0000
+Subject: can: flexcan: poll MCR_LPM_ACK instead of GPR ACK for stop mode acknowledgment
+
+From: Joakim Zhang <qiangqing.zhang@nxp.com>
+
+commit 048e3a34a2e7669bf475eb56c7345ad9d8d2b8e3 upstream.
+
+Stop Mode is entered when Stop Mode is requested at chip level and
+MCR[LPM_ACK] is asserted by the FlexCAN.
+
+Double check with IP owner, the MCR[LPM_ACK] bit should be polled for
+stop mode acknowledgment, not the acknowledgment from chip level which
+is used to gate flexcan clocks.
+
+This patch depends on:
+
+ b7603d080ffc ("can: flexcan: add low power enter/exit acknowledgment helper")
+
+Fixes: 5f186c257fa4 (can: flexcan: fix stop mode acknowledgment)
+Tested-by: Sean Nyekjaer <sean@geanix.com>
+Signed-off-by: Joakim Zhang <qiangqing.zhang@nxp.com>
+Cc: linux-stable <stable@vger.kernel.org> # >= v5.0
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/flexcan.c | 17 ++---------------
+ 1 file changed, 2 insertions(+), 15 deletions(-)
+
+--- a/drivers/net/can/flexcan.c
++++ b/drivers/net/can/flexcan.c
+@@ -407,7 +407,6 @@ static void flexcan_enable_wakeup_irq(st
+ static inline int flexcan_enter_stop_mode(struct flexcan_priv *priv)
+ {
+ struct flexcan_regs __iomem *regs = priv->regs;
+- unsigned int ackval;
+ u32 reg_mcr;
+
+ reg_mcr = priv->read(®s->mcr);
+@@ -418,36 +417,24 @@ static inline int flexcan_enter_stop_mod
+ regmap_update_bits(priv->stm.gpr, priv->stm.req_gpr,
+ 1 << priv->stm.req_bit, 1 << priv->stm.req_bit);
+
+- /* get stop acknowledgment */
+- if (regmap_read_poll_timeout(priv->stm.gpr, priv->stm.ack_gpr,
+- ackval, ackval & (1 << priv->stm.ack_bit),
+- 0, FLEXCAN_TIMEOUT_US))
+- return -ETIMEDOUT;
+-
+- return 0;
++ return flexcan_low_power_enter_ack(priv);
+ }
+
+ static inline int flexcan_exit_stop_mode(struct flexcan_priv *priv)
+ {
+ struct flexcan_regs __iomem *regs = priv->regs;
+- unsigned int ackval;
+ u32 reg_mcr;
+
+ /* remove stop request */
+ regmap_update_bits(priv->stm.gpr, priv->stm.req_gpr,
+ 1 << priv->stm.req_bit, 0);
+
+- /* get stop acknowledgment */
+- if (regmap_read_poll_timeout(priv->stm.gpr, priv->stm.ack_gpr,
+- ackval, !(ackval & (1 << priv->stm.ack_bit)),
+- 0, FLEXCAN_TIMEOUT_US))
+- return -ETIMEDOUT;
+
+ reg_mcr = priv->read(®s->mcr);
+ reg_mcr &= ~FLEXCAN_MCR_SLF_WAK;
+ priv->write(reg_mcr, ®s->mcr);
+
+- return 0;
++ return flexcan_low_power_exit_ack(priv);
+ }
+
+ static inline void flexcan_error_irq_enable(const struct flexcan_priv *priv)
--- /dev/null
+From 00d4e14d2e4caf5f7254a505fee5eeca8cd37bd4 Mon Sep 17 00:00:00 2001
+From: Oleksij Rempel <linux@rempel-privat.de>
+Date: Fri, 6 Dec 2019 15:18:35 +0100
+Subject: can: j1939: j1939_sk_bind(): take priv after lock is held
+
+From: Oleksij Rempel <o.rempel@pengutronix.de>
+
+commit 00d4e14d2e4caf5f7254a505fee5eeca8cd37bd4 upstream.
+
+syzbot reproduced following crash:
+
+===============================================================================
+kasan: CONFIG_KASAN_INLINE enabled
+kasan: GPF could be caused by NULL-ptr deref or user memory access
+general protection fault: 0000 [#1] PREEMPT SMP KASAN
+CPU: 0 PID: 9844 Comm: syz-executor.0 Not tainted 5.4.0-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
+Google 01/01/2011
+RIP: 0010:__lock_acquire+0x1254/0x4a00 kernel/locking/lockdep.c:3828
+Code: 00 0f 85 96 24 00 00 48 81 c4 f0 00 00 00 5b 41 5c 41 5d 41 5e 41
+5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02
+00 0f 85 0b 28 00 00 49 81 3e 20 19 78 8a 0f 84 5f ee ff
+RSP: 0018:ffff888099c3fb48 EFLAGS: 00010006
+RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
+RDX: 0000000000000218 RSI: 0000000000000000 RDI: 0000000000000001
+RBP: ffff888099c3fc60 R08: 0000000000000001 R09: 0000000000000001
+R10: fffffbfff146e1d0 R11: ffff888098720400 R12: 00000000000010c0
+R13: 0000000000000000 R14: 00000000000010c0 R15: 0000000000000000
+FS: 00007f0559e98700(0000) GS:ffff8880ae800000(0000)
+knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007fe4d89e0000 CR3: 0000000099606000 CR4: 00000000001406f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ lock_acquire+0x190/0x410 kernel/locking/lockdep.c:4485
+ __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
+ _raw_spin_lock_bh+0x33/0x50 kernel/locking/spinlock.c:175
+ spin_lock_bh include/linux/spinlock.h:343 [inline]
+ j1939_jsk_del+0x32/0x210 net/can/j1939/socket.c:89
+ j1939_sk_bind+0x2ea/0x8f0 net/can/j1939/socket.c:448
+ __sys_bind+0x239/0x290 net/socket.c:1648
+ __do_sys_bind net/socket.c:1659 [inline]
+ __se_sys_bind net/socket.c:1657 [inline]
+ __x64_sys_bind+0x73/0xb0 net/socket.c:1657
+ do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x45a679
+Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89
+f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
+f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
+RSP: 002b:00007f0559e97c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
+RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a679
+RDX: 0000000000000018 RSI: 0000000020000240 RDI: 0000000000000003
+RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0559e986d4
+R13: 00000000004c09e9 R14: 00000000004d37d0 R15: 00000000ffffffff
+Modules linked in:
+------------[ cut here ]------------
+WARNING: CPU: 0 PID: 9844 at kernel/locking/mutex.c:1419
+mutex_trylock+0x279/0x2f0 kernel/locking/mutex.c:1427
+===============================================================================
+
+This issues was caused by null pointer deference. Where j1939_sk_bind()
+was using currently not existing priv.
+
+Possible scenario may look as following:
+cpu0 cpu1
+bind()
+ bind()
+ j1939_sk_bind()
+ j1939_sk_bind()
+ priv = jsk->priv;
+ priv = jsk->priv;
+ lock_sock(sock->sk);
+ priv = j1939_netdev_start(ndev);
+ j1939_jsk_add(priv, jsk);
+ jsk->priv = priv;
+ relase_sock(sock->sk);
+ lock_sock(sock->sk);
+ j1939_jsk_del(priv, jsk);
+ ..... ooops ......
+
+With this patch we move "priv = jsk->priv;" after the lock, to avoid
+assigning of wrong priv pointer.
+
+Reported-by: syzbot+99e9e1b200a1e363237d@syzkaller.appspotmail.com
+Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
+Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
+Cc: linux-stable <stable@vger.kernel.org> # >= v5.4
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/can/j1939/socket.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/net/can/j1939/socket.c
++++ b/net/can/j1939/socket.c
+@@ -423,9 +423,9 @@ static int j1939_sk_bind(struct socket *
+ {
+ struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
+ struct j1939_sock *jsk = j1939_sk(sock->sk);
+- struct j1939_priv *priv = jsk->priv;
+- struct sock *sk = sock->sk;
+- struct net *net = sock_net(sk);
++ struct j1939_priv *priv;
++ struct sock *sk;
++ struct net *net;
+ int ret = 0;
+
+ ret = j1939_sk_sanity_check(addr, len);
+@@ -434,6 +434,10 @@ static int j1939_sk_bind(struct socket *
+
+ lock_sock(sock->sk);
+
++ priv = jsk->priv;
++ sk = sock->sk;
++ net = sock_net(sk);
++
+ /* Already bound to an interface? */
+ if (jsk->state & J1939_SOCK_BOUND) {
+ /* A re-bind() to a different interface is not
--- /dev/null
+From da2311a6385c3b499da2ed5d9be59ce331fa93e9 Mon Sep 17 00:00:00 2001
+From: Xiaolong Huang <butterflyhuangxx@gmail.com>
+Date: Sat, 7 Dec 2019 22:40:24 +0800
+Subject: can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
+
+From: Xiaolong Huang <butterflyhuangxx@gmail.com>
+
+commit da2311a6385c3b499da2ed5d9be59ce331fa93e9 upstream.
+
+Uninitialized Kernel memory can leak to USB devices.
+
+Fix this by using kzalloc() instead of kmalloc().
+
+Signed-off-by: Xiaolong Huang <butterflyhuangxx@gmail.com>
+Fixes: 7259124eac7d ("can: kvaser_usb: Split driver into kvaser_usb_core.c and kvaser_usb_leaf.c")
+Cc: linux-stable <stable@vger.kernel.org> # >= v4.19
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
++++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c
+@@ -608,7 +608,7 @@ static int kvaser_usb_leaf_simple_cmd_as
+ struct kvaser_cmd *cmd;
+ int err;
+
+- cmd = kmalloc(sizeof(*cmd), GFP_ATOMIC);
++ cmd = kzalloc(sizeof(*cmd), GFP_ATOMIC);
+ if (!cmd)
+ return -ENOMEM;
+
+@@ -1140,7 +1140,7 @@ static int kvaser_usb_leaf_set_opt_mode(
+ struct kvaser_cmd *cmd;
+ int rc;
+
+- cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
++ cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
+ if (!cmd)
+ return -ENOMEM;
+
+@@ -1206,7 +1206,7 @@ static int kvaser_usb_leaf_flush_queue(s
+ struct kvaser_cmd *cmd;
+ int rc;
+
+- cmd = kmalloc(sizeof(*cmd), GFP_KERNEL);
++ cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
+ if (!cmd)
+ return -ENOMEM;
+
--- /dev/null
+From 60552253e29c8860ee5bf1e6064591b0917c0394 Mon Sep 17 00:00:00 2001
+From: Sean Nyekjaer <sean@geanix.com>
+Date: Fri, 6 Dec 2019 16:29:22 +0100
+Subject: can: m_can: tcan4x5x: add required delay after reset
+
+From: Sean Nyekjaer <sean@geanix.com>
+
+commit 60552253e29c8860ee5bf1e6064591b0917c0394 upstream.
+
+According to section "8.3.8 RST Pin" in the datasheet we are required to
+wait >700us after the device is reset.
+
+Signed-off-by: Sean Nyekjaer <sean@geanix.com>
+Acked-by: Dan Murphy <dmurphy@ti.com>
+Cc: linux-stable <stable@vger.kernel.org> # >= v5.4
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/m_can/tcan4x5x.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/can/m_can/tcan4x5x.c
++++ b/drivers/net/can/m_can/tcan4x5x.c
+@@ -354,6 +354,8 @@ static int tcan4x5x_parse_config(struct
+ if (IS_ERR(tcan4x5x->reset_gpio))
+ tcan4x5x->reset_gpio = NULL;
+
++ usleep_range(700, 1000);
++
+ tcan4x5x->device_state_gpio = devm_gpiod_get_optional(cdev->dev,
+ "device-state",
+ GPIOD_IN);
--- /dev/null
+From 9ab79b06ddf3cdf6484d60b3e5fe113e733145c8 Mon Sep 17 00:00:00 2001
+From: Srinivas Neeli <srinivas.neeli@xilinx.com>
+Date: Tue, 3 Dec 2019 17:46:36 +0530
+Subject: can: xilinx_can: Fix missing Rx can packets on CANFD2.0
+
+From: Srinivas Neeli <srinivas.neeli@xilinx.com>
+
+commit 9ab79b06ddf3cdf6484d60b3e5fe113e733145c8 upstream.
+
+CANFD2.0 core uses BRAM for storing acceptance filter ID(AFID) and MASK
+(AFMASK)registers. So by default AFID and AFMASK registers contain random
+data. Due to random data, we are not able to receive all CAN ids.
+
+Initializing AFID and AFMASK registers with Zero before enabling
+acceptance filter to receive all packets irrespective of ID and Mask.
+
+Fixes: 0db9071353a0 ("can: xilinx: add can 2.0 support")
+Signed-off-by: Michal Simek <michal.simek@xilinx.com>
+Signed-off-by: Srinivas Neeli <srinivas.neeli@xilinx.com>
+Reviewed-by: Naga Sureshkumar Relli <naga.sureshkumar.relli@xilinx.com>
+Cc: linux-stable <stable@vger.kernel.org> # >= v5.0
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/can/xilinx_can.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/net/can/xilinx_can.c
++++ b/drivers/net/can/xilinx_can.c
+@@ -60,6 +60,8 @@ enum xcan_reg {
+ XCAN_TXMSG_BASE_OFFSET = 0x0100, /* TX Message Space */
+ XCAN_RXMSG_BASE_OFFSET = 0x1100, /* RX Message Space */
+ XCAN_RXMSG_2_BASE_OFFSET = 0x2100, /* RX Message Space */
++ XCAN_AFR_2_MASK_OFFSET = 0x0A00, /* Acceptance Filter MASK */
++ XCAN_AFR_2_ID_OFFSET = 0x0A04, /* Acceptance Filter ID */
+ };
+
+ #define XCAN_FRAME_ID_OFFSET(frame_base) ((frame_base) + 0x00)
+@@ -1803,6 +1805,11 @@ static int xcan_probe(struct platform_de
+
+ pm_runtime_put(&pdev->dev);
+
++ if (priv->devtype.flags & XCAN_FLAG_CANFD_2) {
++ priv->write_reg(priv, XCAN_AFR_2_ID_OFFSET, 0x00000000);
++ priv->write_reg(priv, XCAN_AFR_2_MASK_OFFSET, 0x00000000);
++ }
++
+ netdev_dbg(ndev, "reg_base=0x%p irq=%d clock=%d, tx buffers: actual %d, using %d\n",
+ priv->reg_base, ndev->irq, priv->can.clock.freq,
+ hw_tx_max, priv->tx_max);
--- /dev/null
+From 4c80ba392bf603d468ea827d902f8e7b2505fbf4 Mon Sep 17 00:00:00 2001
+From: Eric Auger <eric.auger@redhat.com>
+Date: Tue, 26 Nov 2019 18:54:13 +0100
+Subject: iommu: fix KASAN use-after-free in iommu_insert_resv_region
+
+From: Eric Auger <eric.auger@redhat.com>
+
+commit 4c80ba392bf603d468ea827d902f8e7b2505fbf4 upstream.
+
+In case the new region gets merged into another one, the nr list node is
+freed. Checking its type while completing the merge algorithm leads to
+a use-after-free. Use new->type instead.
+
+Fixes: 4dbd258ff63e ("iommu: Revisit iommu_insert_resv_region() implementation")
+Signed-off-by: Eric Auger <eric.auger@redhat.com>
+Reported-by: Qian Cai <cai@lca.pw>
+Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Cc: Stable <stable@vger.kernel.org> #v5.3+
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/iommu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/iommu/iommu.c
++++ b/drivers/iommu/iommu.c
+@@ -312,8 +312,8 @@ int iommu_insert_resv_region(struct iomm
+ list_for_each_entry_safe(iter, tmp, regions, list) {
+ phys_addr_t top_end, iter_end = iter->start + iter->length - 1;
+
+- /* no merge needed on elements of different types than @nr */
+- if (iter->type != nr->type) {
++ /* no merge needed on elements of different types than @new */
++ if (iter->type != new->type) {
+ list_move_tail(&iter->list, &stack);
+ continue;
+ }
--- /dev/null
+From d360211524bece6db9920f32c91808235290b51c Mon Sep 17 00:00:00 2001
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+Date: Tue, 10 Dec 2019 11:56:06 -0700
+Subject: iommu: set group default domain before creating direct mappings
+
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+
+commit d360211524bece6db9920f32c91808235290b51c upstream.
+
+iommu_group_create_direct_mappings uses group->default_domain, but
+right after it is called, request_default_domain_for_dev calls
+iommu_domain_free for the default domain, and sets the group default
+domain to a different domain. Move the
+iommu_group_create_direct_mappings call to after the group default
+domain is set, so the direct mappings get associated with that domain.
+
+Cc: Joerg Roedel <jroedel@suse.de>
+Cc: Lu Baolu <baolu.lu@linux.intel.com>
+Cc: iommu@lists.linux-foundation.org
+Cc: stable@vger.kernel.org
+Fixes: 7423e01741dd ("iommu: Add API to request DMA domain for device")
+Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Reviewed-by: Lu Baolu <baolu.lu@linux.intel.com>
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/iommu.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/iommu/iommu.c
++++ b/drivers/iommu/iommu.c
+@@ -2221,13 +2221,13 @@ request_default_domain_for_dev(struct de
+ goto out;
+ }
+
+- iommu_group_create_direct_mappings(group, dev);
+-
+ /* Make the domain the default for this group */
+ if (group->default_domain)
+ iommu_domain_free(group->default_domain);
+ group->default_domain = domain;
+
++ iommu_group_create_direct_mappings(group, dev);
++
+ dev_info(dev, "Using iommu %s mapping\n",
+ type == IOMMU_DOMAIN_DMA ? "dma" : "direct");
+
--- /dev/null
+From cde9319e884eb6267a0df446f3c131fe1108defb Mon Sep 17 00:00:00 2001
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+Date: Thu, 12 Dec 2019 22:36:42 -0700
+Subject: iommu/vt-d: Allocate reserved region for ISA with correct permission
+
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+
+commit cde9319e884eb6267a0df446f3c131fe1108defb upstream.
+
+Currently the reserved region for ISA is allocated with no
+permissions. If a dma domain is being used, mapping this region will
+fail. Set the permissions to DMA_PTE_READ|DMA_PTE_WRITE.
+
+Cc: Joerg Roedel <jroedel@suse.de>
+Cc: Lu Baolu <baolu.lu@linux.intel.com>
+Cc: iommu@lists.linux-foundation.org
+Cc: stable@vger.kernel.org # v5.3+
+Fixes: d850c2ee5fe2 ("iommu/vt-d: Expose ISA direct mapping region via iommu_get_resv_regions")
+Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/intel-iommu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -5697,7 +5697,7 @@ static void intel_iommu_get_resv_regions
+ struct pci_dev *pdev = to_pci_dev(device);
+
+ if ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA) {
+- reg = iommu_alloc_resv_region(0, 1UL << 24, 0,
++ reg = iommu_alloc_resv_region(0, 1UL << 24, prot,
+ IOMMU_RESV_DIRECT_RELAXABLE);
+ if (reg)
+ list_add_tail(®->list, head);
--- /dev/null
+From 75d18385394f56db76845d91a192532aba421875 Mon Sep 17 00:00:00 2001
+From: Lu Baolu <baolu.lu@linux.intel.com>
+Date: Wed, 11 Dec 2019 09:40:15 +0800
+Subject: iommu/vt-d: Fix dmar pte read access not set error
+
+From: Lu Baolu <baolu.lu@linux.intel.com>
+
+commit 75d18385394f56db76845d91a192532aba421875 upstream.
+
+If the default DMA domain of a group doesn't fit a device, it
+will still sit in the group but use a private identity domain.
+When map/unmap/iova_to_phys come through iommu API, the driver
+should still serve them, otherwise, other devices in the same
+group will be impacted. Since identity domain has been mapped
+with the whole available memory space and RMRRs, we don't need
+to worry about the impact on it.
+
+Link: https://www.spinics.net/lists/iommu/msg40416.html
+Cc: Jerry Snitselaar <jsnitsel@redhat.com>
+Reported-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Fixes: 942067f1b6b97 ("iommu/vt-d: Identify default domains replaced with private")
+Cc: stable@vger.kernel.org # v5.3+
+Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
+Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Tested-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/intel-iommu.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -5447,9 +5447,6 @@ static int intel_iommu_map(struct iommu_
+ int prot = 0;
+ int ret;
+
+- if (dmar_domain->flags & DOMAIN_FLAG_LOSE_CHILDREN)
+- return -EINVAL;
+-
+ if (iommu_prot & IOMMU_READ)
+ prot |= DMA_PTE_READ;
+ if (iommu_prot & IOMMU_WRITE)
+@@ -5492,8 +5489,6 @@ static size_t intel_iommu_unmap(struct i
+ /* Cope with horrid API which requires us to unmap more than the
+ size argument if it happens to be a large-page mapping. */
+ BUG_ON(!pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level));
+- if (dmar_domain->flags & DOMAIN_FLAG_LOSE_CHILDREN)
+- return 0;
+
+ if (size < VTD_PAGE_SIZE << level_to_offset_bits(level))
+ size = VTD_PAGE_SIZE << level_to_offset_bits(level);
+@@ -5525,9 +5520,6 @@ static phys_addr_t intel_iommu_iova_to_p
+ int level = 0;
+ u64 phys = 0;
+
+- if (dmar_domain->flags & DOMAIN_FLAG_LOSE_CHILDREN)
+- return 0;
+-
+ pte = pfn_to_dma_pte(dmar_domain, iova >> VTD_PAGE_SHIFT, &level);
+ if (pte)
+ phys = dma_pte_addr(pte);
--- /dev/null
+From d8018a0e9195ba9f0fb9cf0fd3843807c8b952d5 Mon Sep 17 00:00:00 2001
+From: Alex Williamson <alex.williamson@redhat.com>
+Date: Wed, 11 Dec 2019 13:28:29 -0700
+Subject: iommu/vt-d: Set ISA bridge reserved region as relaxable
+
+From: Alex Williamson <alex.williamson@redhat.com>
+
+commit d8018a0e9195ba9f0fb9cf0fd3843807c8b952d5 upstream.
+
+Commit d850c2ee5fe2 ("iommu/vt-d: Expose ISA direct mapping region via
+iommu_get_resv_regions") created a direct-mapped reserved memory region
+in order to replace the static identity mapping of the ISA address
+space, where the latter was then removed in commit df4f3c603aeb
+("iommu/vt-d: Remove static identity map code"). According to the
+history of this code and the Kconfig option surrounding it, this direct
+mapping exists for the benefit of legacy ISA drivers that are not
+compatible with the DMA API.
+
+In conjuntion with commit 9b77e5c79840 ("vfio/type1: check dma map
+request is within a valid iova range") this change introduced a
+regression where the vfio IOMMU backend enforces reserved memory regions
+per IOMMU group, preventing userspace from creating IOMMU mappings
+conflicting with prescribed reserved regions. A necessary prerequisite
+for the vfio change was the introduction of "relaxable" direct mappings
+introduced by commit adfd37382090 ("iommu: Introduce
+IOMMU_RESV_DIRECT_RELAXABLE reserved memory regions"). These relaxable
+direct mappings provide the same identity mapping support in the default
+domain, but also indicate that the reservation is software imposed and
+may be relaxed under some conditions, such as device assignment.
+
+Convert the ISA bridge direct-mapped reserved region to relaxable to
+reflect that the restriction is self imposed and need not be enforced
+by drivers such as vfio.
+
+Fixes: 1c5c59fbad20 ("iommu/vt-d: Differentiate relaxable and non relaxable RMRRs")
+Cc: stable@vger.kernel.org # v5.3+
+Link: https://lore.kernel.org/linux-iommu/20191211082304.2d4fab45@x1.home
+Reported-by: cprt <cprt@protonmail.com>
+Tested-by: cprt <cprt@protonmail.com>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Acked-by: Lu Baolu <baolu.lu@linux.intel.com>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Tested-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/intel-iommu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -5698,7 +5698,7 @@ static void intel_iommu_get_resv_regions
+
+ if ((pdev->class >> 8) == PCI_CLASS_BRIDGE_ISA) {
+ reg = iommu_alloc_resv_region(0, 1UL << 24, 0,
+- IOMMU_RESV_DIRECT);
++ IOMMU_RESV_DIRECT_RELAXABLE);
+ if (reg)
+ list_add_tail(®->list, head);
+ }
--- /dev/null
+From 8f34e5bd7024d1ffebddd82d7318b1be17be9e9a Mon Sep 17 00:00:00 2001
+From: Chaotian Jing <chaotian.jing@mediatek.com>
+Date: Wed, 4 Dec 2019 15:19:58 +0800
+Subject: mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode
+
+From: Chaotian Jing <chaotian.jing@mediatek.com>
+
+commit 8f34e5bd7024d1ffebddd82d7318b1be17be9e9a upstream.
+
+there is a chance that always get response CRC error after HS200 tuning,
+the reason is that need set CMD_TA to 2. this modification is only for
+MT8173.
+
+Signed-off-by: Chaotian Jing <chaotian.jing@mediatek.com>
+Tested-by: Hsin-Yi Wang <hsinyi@chromium.org>
+Cc: stable@vger.kernel.org
+Fixes: 1ede5cb88a29 ("mmc: mediatek: Use data tune for CMD line tune")
+Link: https://lore.kernel.org/r/20191204071958.18553-1-chaotian.jing@mediatek.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/mtk-sd.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/mmc/host/mtk-sd.c
++++ b/drivers/mmc/host/mtk-sd.c
+@@ -228,6 +228,7 @@
+ #define MSDC_PATCH_BIT_SPCPUSH (0x1 << 29) /* RW */
+ #define MSDC_PATCH_BIT_DECRCTMO (0x1 << 30) /* RW */
+
++#define MSDC_PATCH_BIT1_CMDTA (0x7 << 3) /* RW */
+ #define MSDC_PATCH_BIT1_STOP_DLY (0xf << 8) /* RW */
+
+ #define MSDC_PATCH_BIT2_CFGRESP (0x1 << 15) /* RW */
+@@ -1881,6 +1882,7 @@ static int hs400_tune_response(struct mm
+
+ /* select EMMC50 PAD CMD tune */
+ sdr_set_bits(host->base + PAD_CMD_TUNE, BIT(0));
++ sdr_set_field(host->base + MSDC_PATCH_BIT1, MSDC_PATCH_BIT1_CMDTA, 2);
+
+ if (mmc->ios.timing == MMC_TIMING_MMC_HS200 ||
+ mmc->ios.timing == MMC_TIMING_UHS_SDR104)
--- /dev/null
+From 07bcc411567cb96f9d1fc84fff8d387118a2920d Mon Sep 17 00:00:00 2001
+From: Faiz Abbas <faiz_abbas@ti.com>
+Date: Thu, 28 Nov 2019 16:34:22 +0530
+Subject: Revert "mmc: sdhci: Fix incorrect switch to HS mode"
+
+From: Faiz Abbas <faiz_abbas@ti.com>
+
+commit 07bcc411567cb96f9d1fc84fff8d387118a2920d upstream.
+
+This reverts commit c894e33ddc1910e14d6f2a2016f60ab613fd8b37.
+
+This commit aims to treat SD High speed and SDR25 as the same while
+setting UHS Timings in HOST_CONTROL2 which leads to failures with some
+SD cards in AM65x. Revert this commit.
+
+The issue this commit was trying to fix can be implemented in a platform
+specific callback instead of common sdhci code.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Faiz Abbas <faiz_abbas@ti.com>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Link: https://lore.kernel.org/r/20191128110422.25917-1-faiz_abbas@ti.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/mmc/host/sdhci.c
++++ b/drivers/mmc/host/sdhci.c
+@@ -1871,9 +1871,7 @@ void sdhci_set_uhs_signaling(struct sdhc
+ ctrl_2 |= SDHCI_CTRL_UHS_SDR104;
+ else if (timing == MMC_TIMING_UHS_SDR12)
+ ctrl_2 |= SDHCI_CTRL_UHS_SDR12;
+- else if (timing == MMC_TIMING_SD_HS ||
+- timing == MMC_TIMING_MMC_HS ||
+- timing == MMC_TIMING_UHS_SDR25)
++ else if (timing == MMC_TIMING_UHS_SDR25)
+ ctrl_2 |= SDHCI_CTRL_UHS_SDR25;
+ else if (timing == MMC_TIMING_UHS_SDR50)
+ ctrl_2 |= SDHCI_CTRL_UHS_SDR50;
mips-futex-restore-n-after-sync-instructions.patch
btrfs-don-t-prematurely-free-work-in-reada_start_mac.patch
btrfs-don-t-prematurely-free-work-in-scrub_missing_r.patch
+revert-mmc-sdhci-fix-incorrect-switch-to-hs-mode.patch
+mmc-mediatek-fix-cmd_ta-to-2-for-mt8173-hs200-hs400-mode.patch
+tpm_tis-reserve-chip-for-duration-of-tpm_tis_core_init.patch
+tpm-fix-invalid-locking-in-nonblocking-mode.patch
+iommu-fix-kasan-use-after-free-in-iommu_insert_resv_region.patch
+iommu-set-group-default-domain-before-creating-direct-mappings.patch
+iommu-vt-d-fix-dmar-pte-read-access-not-set-error.patch
+iommu-vt-d-set-isa-bridge-reserved-region-as-relaxable.patch
+iommu-vt-d-allocate-reserved-region-for-isa-with-correct-permission.patch
+can-xilinx_can-fix-missing-rx-can-packets-on-canfd2.0.patch
+can-m_can-tcan4x5x-add-required-delay-after-reset.patch
+can-j1939-j1939_sk_bind-take-priv-after-lock-is-held.patch
+can-flexcan-fix-possible-deadlock-and-out-of-order-reception-after-wakeup.patch
+can-flexcan-poll-mcr_lpm_ack-instead-of-gpr-ack-for-stop-mode-acknowledgment.patch
+can-kvaser_usb-kvaser_usb_leaf-fix-some-info-leaks-to-usb-devices.patch
--- /dev/null
+From d23d12484307b40eea549b8a858f5fffad913897 Mon Sep 17 00:00:00 2001
+From: Tadeusz Struk <tadeusz.struk@intel.com>
+Date: Thu, 12 Dec 2019 09:48:47 -0800
+Subject: tpm: fix invalid locking in NONBLOCKING mode
+
+From: Tadeusz Struk <tadeusz.struk@intel.com>
+
+commit d23d12484307b40eea549b8a858f5fffad913897 upstream.
+
+When an application sends TPM commands in NONBLOCKING mode
+the driver holds chip->tpm_mutex returning from write(),
+which triggers: "WARNING: lock held when returning to user space".
+To fix this issue the driver needs to release the mutex before
+returning and acquire it again in tpm_dev_async_work() before
+sending the command.
+
+Cc: stable@vger.kernel.org
+Fixes: 9e1b74a63f776 (tpm: add support for nonblocking operation)
+Reported-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
+Tested-by: Jeffrin Jose T <jeffrin@rajagiritech.edu.in>
+Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/tpm-dev-common.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/char/tpm/tpm-dev-common.c
++++ b/drivers/char/tpm/tpm-dev-common.c
+@@ -61,6 +61,12 @@ static void tpm_dev_async_work(struct wo
+
+ mutex_lock(&priv->buffer_mutex);
+ priv->command_enqueued = false;
++ ret = tpm_try_get_ops(priv->chip);
++ if (ret) {
++ priv->response_length = ret;
++ goto out;
++ }
++
+ ret = tpm_dev_transmit(priv->chip, priv->space, priv->data_buffer,
+ sizeof(priv->data_buffer));
+ tpm_put_ops(priv->chip);
+@@ -68,6 +74,7 @@ static void tpm_dev_async_work(struct wo
+ priv->response_length = ret;
+ mod_timer(&priv->user_read_timer, jiffies + (120 * HZ));
+ }
++out:
+ mutex_unlock(&priv->buffer_mutex);
+ wake_up_interruptible(&priv->async_wait);
+ }
+@@ -204,6 +211,7 @@ ssize_t tpm_common_write(struct file *fi
+ if (file->f_flags & O_NONBLOCK) {
+ priv->command_enqueued = true;
+ queue_work(tpm_dev_wq, &priv->async_work);
++ tpm_put_ops(priv->chip);
+ mutex_unlock(&priv->buffer_mutex);
+ return size;
+ }
--- /dev/null
+From 21df4a8b6018b842d4db181a8b24166006bad3cd Mon Sep 17 00:00:00 2001
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+Date: Wed, 11 Dec 2019 16:54:55 -0700
+Subject: tpm_tis: reserve chip for duration of tpm_tis_core_init
+
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+
+commit 21df4a8b6018b842d4db181a8b24166006bad3cd upstream.
+
+Instead of repeatedly calling tpm_chip_start/tpm_chip_stop when
+issuing commands to the tpm during initialization, just reserve the
+chip after wait_startup, and release it when we are ready to call
+tpm_chip_register.
+
+Cc: Christian Bundy <christianbundy@fraction.io>
+Cc: Dan Williams <dan.j.williams@intel.com>
+Cc: Peter Huewe <peterhuewe@gmx.de>
+Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Cc: Jason Gunthorpe <jgg@ziepe.ca>
+Cc: Stefan Berger <stefanb@linux.vnet.ibm.com>
+Cc: stable@vger.kernel.org
+Cc: linux-integrity@vger.kernel.org
+Fixes: a3fbfae82b4c ("tpm: take TPM chip power gating out of tpm_transmit()")
+Fixes: 5b359c7c4372 ("tpm_tis_core: Turn on the TPM before probing IRQ's")
+Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/tpm_tis_core.c | 35 ++++++++++++++++++-----------------
+ 1 file changed, 18 insertions(+), 17 deletions(-)
+
+--- a/drivers/char/tpm/tpm_tis_core.c
++++ b/drivers/char/tpm/tpm_tis_core.c
+@@ -899,13 +899,13 @@ int tpm_tis_core_init(struct device *dev
+
+ if (wait_startup(chip, 0) != 0) {
+ rc = -ENODEV;
+- goto out_err;
++ goto err_start;
+ }
+
+ /* Take control of the TPM's interrupt hardware and shut it off */
+ rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
+ if (rc < 0)
+- goto out_err;
++ goto err_start;
+
+ intmask |= TPM_INTF_CMD_READY_INT | TPM_INTF_LOCALITY_CHANGE_INT |
+ TPM_INTF_DATA_AVAIL_INT | TPM_INTF_STS_VALID_INT;
+@@ -914,21 +914,21 @@ int tpm_tis_core_init(struct device *dev
+
+ rc = tpm_chip_start(chip);
+ if (rc)
+- goto out_err;
++ goto err_start;
++
+ rc = tpm2_probe(chip);
+- tpm_chip_stop(chip);
+ if (rc)
+- goto out_err;
++ goto err_probe;
+
+ rc = tpm_tis_read32(priv, TPM_DID_VID(0), &vendor);
+ if (rc < 0)
+- goto out_err;
++ goto err_probe;
+
+ priv->manufacturer_id = vendor;
+
+ rc = tpm_tis_read8(priv, TPM_RID(0), &rid);
+ if (rc < 0)
+- goto out_err;
++ goto err_probe;
+
+ dev_info(dev, "%s TPM (device-id 0x%X, rev-id %d)\n",
+ (chip->flags & TPM_CHIP_FLAG_TPM2) ? "2.0" : "1.2",
+@@ -937,13 +937,13 @@ int tpm_tis_core_init(struct device *dev
+ probe = probe_itpm(chip);
+ if (probe < 0) {
+ rc = -ENODEV;
+- goto out_err;
++ goto err_probe;
+ }
+
+ /* Figure out the capabilities */
+ rc = tpm_tis_read32(priv, TPM_INTF_CAPS(priv->locality), &intfcaps);
+ if (rc < 0)
+- goto out_err;
++ goto err_probe;
+
+ dev_dbg(dev, "TPM interface capabilities (0x%x):\n",
+ intfcaps);
+@@ -977,10 +977,9 @@ int tpm_tis_core_init(struct device *dev
+ if (tpm_get_timeouts(chip)) {
+ dev_err(dev, "Could not get TPM timeouts and durations\n");
+ rc = -ENODEV;
+- goto out_err;
++ goto err_probe;
+ }
+
+- tpm_chip_start(chip);
+ chip->flags |= TPM_CHIP_FLAG_IRQ;
+ if (irq) {
+ tpm_tis_probe_irq_single(chip, intmask, IRQF_SHARED,
+@@ -991,18 +990,20 @@ int tpm_tis_core_init(struct device *dev
+ } else {
+ tpm_tis_probe_irq(chip, intmask);
+ }
+- tpm_chip_stop(chip);
+ }
+
++ tpm_chip_stop(chip);
++
+ rc = tpm_chip_register(chip);
+ if (rc)
+- goto out_err;
+-
+- if (chip->ops->clk_enable != NULL)
+- chip->ops->clk_enable(chip, false);
++ goto err_start;
+
+ return 0;
+-out_err:
++
++err_probe:
++ tpm_chip_stop(chip);
++
++err_start:
+ if ((chip->ops != NULL) && (chip->ops->clk_enable != NULL))
+ chip->ops->clk_enable(chip, false);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
