--- /dev/null
+From c0b15c25d25171db4b70cc0b7dbc1130ee94017d Mon Sep 17 00:00:00 2001
+From: Suzuki K Poulose <suzuki.poulose@arm.com>
+Date: Wed, 3 Feb 2021 23:00:57 +0000
+Subject: arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55
+
+From: Suzuki K Poulose <suzuki.poulose@arm.com>
+
+commit c0b15c25d25171db4b70cc0b7dbc1130ee94017d upstream.
+
+The erratum 1024718 affects Cortex-A55 r0p0 to r2p0. However
+we apply the work around for r0p0 - r1p0. Unfortunately this
+won't be fixed for the future revisions for the CPU. Thus
+extend the work around for all versions of A55, to cover
+for r2p0 and any future revisions.
+
+Cc: stable@vger.kernel.org
+Cc: Catalin Marinas <catalin.marinas@arm.com>
+Cc: Will Deacon <will@kernel.org>
+Cc: James Morse <james.morse@arm.com>
+Cc: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
+Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
+Link: https://lore.kernel.org/r/20210203230057.3961239-1-suzuki.poulose@arm.com
+[will: Update Kconfig help text]
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/Kconfig | 2 +-
+ arch/arm64/kernel/cpufeature.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -489,7 +489,7 @@ config ARM64_ERRATUM_1024718
+ help
+ This option adds a workaround for ARM Cortex-A55 Erratum 1024718.
+
+- Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect
++ Affected Cortex-A55 cores (all revisions) could cause incorrect
+ update of the hardware dirty bit when the DBM/AP bits are updated
+ without a break-before-make. The workaround is to disable the usage
+ of hardware DBM locally on the affected cores. CPUs not affected by
+--- a/arch/arm64/kernel/cpufeature.c
++++ b/arch/arm64/kernel/cpufeature.c
+@@ -1092,7 +1092,7 @@ static bool cpu_has_broken_dbm(void)
+ /* List of CPUs which have broken DBM support. */
+ static const struct midr_range cpus[] = {
+ #ifdef CONFIG_ARM64_ERRATUM_1024718
+- MIDR_RANGE(MIDR_CORTEX_A55, 0, 0, 1, 0), // A55 r0p0 -r1p0
++ MIDR_ALL_VERSIONS(MIDR_CORTEX_A55),
+ #endif
+ {},
+ };
--- /dev/null
+From a8002a35935aaefcd6a42ad3289f62bab947f2ca Mon Sep 17 00:00:00 2001
+From: Maxim Kiselev <bigunclemax@gmail.com>
+Date: Wed, 17 Feb 2021 14:10:00 +0100
+Subject: gpio: pcf857x: Fix missing first interrupt
+
+From: Maxim Kiselev <bigunclemax@gmail.com>
+
+commit a8002a35935aaefcd6a42ad3289f62bab947f2ca upstream.
+
+If no n_latch value will be provided at driver probe then all pins will
+be used as an input:
+
+ gpio->out = ~n_latch;
+
+In that case initial state for all pins is "one":
+
+ gpio->status = gpio->out;
+
+So if pcf857x IRQ happens with change pin value from "zero" to "one"
+then we miss it, because of "one" from IRQ and "one" from initial state
+leaves corresponding pin unchanged:
+change = (gpio->status ^ status) & gpio->irq_enabled;
+
+The right solution will be to read actual state at driver probe.
+
+Cc: stable@vger.kernel.org
+Fixes: 6e20a0a429bd ("gpio: pcf857x: enable gpio_to_irq() support")
+Signed-off-by: Maxim Kiselev <bigunclemax@gmail.com>
+Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpio/gpio-pcf857x.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpio/gpio-pcf857x.c
++++ b/drivers/gpio/gpio-pcf857x.c
+@@ -332,7 +332,7 @@ static int pcf857x_probe(struct i2c_clie
+ * reset state. Otherwise it flags pins to be driven low.
+ */
+ gpio->out = ~n_latch;
+- gpio->status = gpio->out;
++ gpio->status = gpio->read(gpio->client);
+
+ status = devm_gpiochip_add_data(&client->dev, &gpio->chip, gpio);
+ if (status < 0)
--- /dev/null
+From 6532923237b427ed30cc7b4486f6f1ccdee3c647 Mon Sep 17 00:00:00 2001
+From: Sean Young <sean@mess.org>
+Date: Fri, 29 Jan 2021 11:54:53 +0100
+Subject: media: smipcie: fix interrupt handling and IR timeout
+
+From: Sean Young <sean@mess.org>
+
+commit 6532923237b427ed30cc7b4486f6f1ccdee3c647 upstream.
+
+After the first IR message, interrupts are no longer received. In addition,
+the code generates a timeout IR message of 10ms but sets the timeout value
+to 100ms, so no timeout was ever generated.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=204317
+
+Fixes: a49a7a4635de ("media: smipcie: add universal ir capability")
+Tested-by: Laz Lev <lazlev@web.de>
+Cc: stable@vger.kernel.org # v5.1+
+Signed-off-by: Sean Young <sean@mess.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/pci/smipcie/smipcie-ir.c | 48 ++++++++++++++++++---------------
+ 1 file changed, 27 insertions(+), 21 deletions(-)
+
+--- a/drivers/media/pci/smipcie/smipcie-ir.c
++++ b/drivers/media/pci/smipcie/smipcie-ir.c
+@@ -60,39 +60,45 @@ static void smi_ir_decode(struct smi_rc
+ {
+ struct smi_dev *dev = ir->dev;
+ struct rc_dev *rc_dev = ir->rc_dev;
+- u32 dwIRControl, dwIRData;
+- u8 index, ucIRCount, readLoop;
++ u32 control, data;
++ u8 index, ir_count, read_loop;
+
+- dwIRControl = smi_read(IR_Init_Reg);
++ control = smi_read(IR_Init_Reg);
+
+- if (dwIRControl & rbIRVld) {
+- ucIRCount = (u8) smi_read(IR_Data_Cnt);
++ dev_dbg(&rc_dev->dev, "ircontrol: 0x%08x\n", control);
+
+- readLoop = ucIRCount/4;
+- if (ucIRCount % 4)
+- readLoop += 1;
+- for (index = 0; index < readLoop; index++) {
+- dwIRData = smi_read(IR_DATA_BUFFER_BASE + (index * 4));
+-
+- ir->irData[index*4 + 0] = (u8)(dwIRData);
+- ir->irData[index*4 + 1] = (u8)(dwIRData >> 8);
+- ir->irData[index*4 + 2] = (u8)(dwIRData >> 16);
+- ir->irData[index*4 + 3] = (u8)(dwIRData >> 24);
++ if (control & rbIRVld) {
++ ir_count = (u8)smi_read(IR_Data_Cnt);
++
++ dev_dbg(&rc_dev->dev, "ircount %d\n", ir_count);
++
++ read_loop = ir_count / 4;
++ if (ir_count % 4)
++ read_loop += 1;
++ for (index = 0; index < read_loop; index++) {
++ data = smi_read(IR_DATA_BUFFER_BASE + (index * 4));
++ dev_dbg(&rc_dev->dev, "IRData 0x%08x\n", data);
++
++ ir->irData[index * 4 + 0] = (u8)(data);
++ ir->irData[index * 4 + 1] = (u8)(data >> 8);
++ ir->irData[index * 4 + 2] = (u8)(data >> 16);
++ ir->irData[index * 4 + 3] = (u8)(data >> 24);
+ }
+- smi_raw_process(rc_dev, ir->irData, ucIRCount);
+- smi_set(IR_Init_Reg, rbIRVld);
++ smi_raw_process(rc_dev, ir->irData, ir_count);
+ }
+
+- if (dwIRControl & rbIRhighidle) {
++ if (control & rbIRhighidle) {
+ struct ir_raw_event rawir = {};
+
++ dev_dbg(&rc_dev->dev, "high idle\n");
++
+ rawir.pulse = 0;
+ rawir.duration = US_TO_NS(SMI_SAMPLE_PERIOD *
+ SMI_SAMPLE_IDLEMIN);
+ ir_raw_event_store_with_filter(rc_dev, &rawir);
+- smi_set(IR_Init_Reg, rbIRhighidle);
+ }
+
++ smi_set(IR_Init_Reg, rbIRVld);
+ ir_raw_event_handle(rc_dev);
+ }
+
+@@ -151,7 +157,7 @@ int smi_ir_init(struct smi_dev *dev)
+ rc_dev->dev.parent = &dev->pci_dev->dev;
+
+ rc_dev->map_name = dev->info->rc_map;
+- rc_dev->timeout = MS_TO_NS(100);
++ rc_dev->timeout = US_TO_NS(SMI_SAMPLE_PERIOD * SMI_SAMPLE_IDLEMIN);
+ rc_dev->rx_resolution = US_TO_NS(SMI_SAMPLE_PERIOD);
+
+ ir->rc_dev = rc_dev;
+@@ -174,7 +180,7 @@ void smi_ir_exit(struct smi_dev *dev)
+ struct smi_rc *ir = &dev->ir;
+ struct rc_dev *rc_dev = ir->rc_dev;
+
+- smi_ir_stop(ir);
+ rc_unregister_device(rc_dev);
++ smi_ir_stop(ir);
+ ir->rc_dev = NULL;
+ }
--- /dev/null
+From a56f44138a2c57047f1ea94ea121af31c595132b Mon Sep 17 00:00:00 2001
+From: Frank Li <Frank.Li@nxp.com>
+Date: Wed, 10 Feb 2021 12:19:33 -0600
+Subject: mmc: sdhci-esdhc-imx: fix kernel panic when remove module
+
+From: Frank Li <Frank.Li@nxp.com>
+
+commit a56f44138a2c57047f1ea94ea121af31c595132b upstream.
+
+In sdhci_esdhc_imx_remove() the SDHCI_INT_STATUS in read. Under some
+circumstances, this may be done while the device is runtime suspended,
+triggering the below splat.
+
+Fix the problem by adding a pm_runtime_get_sync(), before reading the
+register, which will turn on clocks etc making the device accessible again.
+
+[ 1811.323148] mmc1: card aaaa removed
+[ 1811.347483] Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP
+[ 1811.354988] Modules linked in: sdhci_esdhc_imx(-) sdhci_pltfm sdhci cqhci mmc_block mmc_core [last unloaded: mmc_core]
+[ 1811.365726] CPU: 0 PID: 3464 Comm: rmmod Not tainted 5.10.1-sd-99871-g53835a2e8186 #5
+[ 1811.373559] Hardware name: Freescale i.MX8DXL EVK (DT)
+[ 1811.378705] pstate: 60000005 (nZCv daif -PAN -UAO -TCO BTYPE=--)
+[ 1811.384723] pc : sdhci_esdhc_imx_remove+0x28/0x15c [sdhci_esdhc_imx]
+[ 1811.391090] lr : platform_drv_remove+0x2c/0x50
+[ 1811.395536] sp : ffff800012c7bcb0
+[ 1811.398855] x29: ffff800012c7bcb0 x28: ffff00002c72b900
+[ 1811.404181] x27: 0000000000000000 x26: 0000000000000000
+[ 1811.409497] x25: 0000000000000000 x24: 0000000000000000
+[ 1811.414814] x23: ffff0000042b3890 x22: ffff800009127120
+[ 1811.420131] x21: ffff00002c4c9580 x20: ffff0000042d0810
+[ 1811.425456] x19: ffff0000042d0800 x18: 0000000000000020
+[ 1811.430773] x17: 0000000000000000 x16: 0000000000000000
+[ 1811.436089] x15: 0000000000000004 x14: ffff000004019c10
+[ 1811.441406] x13: 0000000000000000 x12: 0000000000000020
+[ 1811.446723] x11: 0101010101010101 x10: 7f7f7f7f7f7f7f7f
+[ 1811.452040] x9 : fefefeff6364626d x8 : 7f7f7f7f7f7f7f7f
+[ 1811.457356] x7 : 78725e6473607372 x6 : 0000000080808080
+[ 1811.462673] x5 : 0000000000000000 x4 : 0000000000000000
+[ 1811.467990] x3 : ffff800011ac1cb0 x2 : 0000000000000000
+[ 1811.473307] x1 : ffff8000091214d4 x0 : ffff8000133a0030
+[ 1811.478624] Call trace:
+[ 1811.481081] sdhci_esdhc_imx_remove+0x28/0x15c [sdhci_esdhc_imx]
+[ 1811.487098] platform_drv_remove+0x2c/0x50
+[ 1811.491198] __device_release_driver+0x188/0x230
+[ 1811.495818] driver_detach+0xc0/0x14c
+[ 1811.499487] bus_remove_driver+0x5c/0xb0
+[ 1811.503413] driver_unregister+0x30/0x60
+[ 1811.507341] platform_driver_unregister+0x14/0x20
+[ 1811.512048] sdhci_esdhc_imx_driver_exit+0x1c/0x3a8 [sdhci_esdhc_imx]
+[ 1811.518495] __arm64_sys_delete_module+0x19c/0x230
+[ 1811.523291] el0_svc_common.constprop.0+0x78/0x1a0
+[ 1811.528086] do_el0_svc+0x24/0x90
+[ 1811.531405] el0_svc+0x14/0x20
+[ 1811.534461] el0_sync_handler+0x1a4/0x1b0
+[ 1811.538474] el0_sync+0x174/0x180
+[ 1811.541801] Code: a9025bf5 f9403e95 f9400ea0 9100c000 (b9400000)
+[ 1811.547902] ---[ end trace 3fb1a3bd48ff7be5 ]---
+
+Signed-off-by: Frank Li <Frank.Li@nxp.com>
+Cc: stable@vger.kernel.org # v4.0+
+Link: https://lore.kernel.org/r/20210210181933.29263-1-Frank.Li@nxp.com
+[Ulf: Clarified the commit message a bit]
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mmc/host/sdhci-esdhc-imx.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/mmc/host/sdhci-esdhc-imx.c
++++ b/drivers/mmc/host/sdhci-esdhc-imx.c
+@@ -1589,9 +1589,10 @@ static int sdhci_esdhc_imx_remove(struct
+ struct sdhci_host *host = platform_get_drvdata(pdev);
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct pltfm_imx_data *imx_data = sdhci_pltfm_priv(pltfm_host);
+- int dead = (readl(host->ioaddr + SDHCI_INT_STATUS) == 0xffffffff);
++ int dead;
+
+ pm_runtime_get_sync(&pdev->dev);
++ dead = (readl(host->ioaddr + SDHCI_INT_STATUS) == 0xffffffff);
+ pm_runtime_disable(&pdev->dev);
+ pm_runtime_put_noidle(&pdev->dev);
+
--- /dev/null
+From ebfac7b778fac8b0e8e92ec91d0b055f046b4604 Mon Sep 17 00:00:00 2001
+From: Fangrui Song <maskray@google.com>
+Date: Fri, 15 Jan 2021 11:52:22 -0800
+Subject: module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
+
+From: Fangrui Song <maskray@google.com>
+
+commit ebfac7b778fac8b0e8e92ec91d0b055f046b4604 upstream.
+
+clang-12 -fno-pic (since
+https://github.com/llvm/llvm-project/commit/a084c0388e2a59b9556f2de0083333232da3f1d6)
+can emit `call __stack_chk_fail@PLT` instead of `call __stack_chk_fail`
+on x86. The two forms should have identical behaviors on x86-64 but the
+former causes GNU as<2.37 to produce an unreferenced undefined symbol
+_GLOBAL_OFFSET_TABLE_.
+
+(On x86-32, there is an R_386_PC32 vs R_386_PLT32 difference but the
+linker behavior is identical as far as Linux kernel is concerned.)
+
+Simply ignore _GLOBAL_OFFSET_TABLE_ for now, like what
+scripts/mod/modpost.c:ignore_undef_symbol does. This also fixes the
+problem for gcc/clang -fpie and -fpic, which may emit `call foo@PLT` for
+external function calls on x86.
+
+Note: ld -z defs and dynamic loaders do not error for unreferenced
+undefined symbols so the module loader is reading too much. If we ever
+need to ignore more symbols, the code should be refactored to ignore
+unreferenced symbols.
+
+Cc: <stable@vger.kernel.org>
+Link: https://github.com/ClangBuiltLinux/linux/issues/1250
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=27178
+Reported-by: Marco Elver <elver@google.com>
+Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
+Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
+Tested-by: Marco Elver <elver@google.com>
+Signed-off-by: Fangrui Song <maskray@google.com>
+Signed-off-by: Jessica Yu <jeyu@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/module.c | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -2310,6 +2310,21 @@ static int verify_exported_symbols(struc
+ return 0;
+ }
+
++static bool ignore_undef_symbol(Elf_Half emachine, const char *name)
++{
++ /*
++ * On x86, PIC code and Clang non-PIC code may have call foo@PLT. GNU as
++ * before 2.37 produces an unreferenced _GLOBAL_OFFSET_TABLE_ on x86-64.
++ * i386 has a similar problem but may not deserve a fix.
++ *
++ * If we ever have to ignore many symbols, consider refactoring the code to
++ * only warn if referenced by a relocation.
++ */
++ if (emachine == EM_386 || emachine == EM_X86_64)
++ return !strcmp(name, "_GLOBAL_OFFSET_TABLE_");
++ return false;
++}
++
+ /* Change all symbols so that st_value encodes the pointer directly. */
+ static int simplify_symbols(struct module *mod, const struct load_info *info)
+ {
+@@ -2355,8 +2370,10 @@ static int simplify_symbols(struct modul
+ break;
+ }
+
+- /* Ok if weak. */
+- if (!ksym && ELF_ST_BIND(sym[i].st_info) == STB_WEAK)
++ /* Ok if weak or ignored. */
++ if (!ksym &&
++ (ELF_ST_BIND(sym[i].st_info) == STB_WEAK ||
++ ignore_undef_symbol(info->hdr->e_machine, name)))
+ break;
+
+ ret = PTR_ERR(ksym) ?: -ENOENT;
--- /dev/null
+From 57fdfbce89137ae85cd5cef48be168040a47dd13 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@csgroup.eu>
+Date: Mon, 8 Feb 2021 15:10:20 +0000
+Subject: powerpc/32s: Add missing call to kuep_lock on syscall entry
+
+From: Christophe Leroy <christophe.leroy@csgroup.eu>
+
+commit 57fdfbce89137ae85cd5cef48be168040a47dd13 upstream.
+
+Userspace Execution protection and fast syscall entry were implemented
+independently from each other and were both merged in kernel 5.2,
+leading to syscall entry missing userspace execution protection.
+
+On syscall entry, execution of user space memory must be
+locked in the same way as on exception entry.
+
+Fixes: b86fb88855ea ("powerpc/32: implement fast entry for syscalls on non BOOKE")
+Cc: stable@vger.kernel.org
+Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/c65e105b63aaf74f91a14f845bc77192350b84a6.1612796617.git.christophe.leroy@csgroup.eu
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kernel/entry_32.S | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/powerpc/kernel/entry_32.S
++++ b/arch/powerpc/kernel/entry_32.S
+@@ -336,6 +336,9 @@ trace_syscall_entry_irq_off:
+
+ .globl transfer_to_syscall
+ transfer_to_syscall:
++#ifdef CONFIG_PPC_BOOK3S_32
++ kuep_lock r11, r12
++#endif
+ #ifdef CONFIG_TRACE_IRQFLAGS
+ andi. r12,r9,MSR_EE
+ beq- trace_syscall_entry_irq_off
--- /dev/null
+From 8a8109f303e25a27f92c1d8edd67d7cbbc60a4eb Mon Sep 17 00:00:00 2001
+From: Muchun Song <songmuchun@bytedance.com>
+Date: Wed, 10 Feb 2021 11:48:23 +0800
+Subject: printk: fix deadlock when kernel panic
+
+From: Muchun Song <songmuchun@bytedance.com>
+
+commit 8a8109f303e25a27f92c1d8edd67d7cbbc60a4eb upstream.
+
+printk_safe_flush_on_panic() caused the following deadlock on our
+server:
+
+CPU0: CPU1:
+panic rcu_dump_cpu_stacks
+ kdump_nmi_shootdown_cpus nmi_trigger_cpumask_backtrace
+ register_nmi_handler(crash_nmi_callback) printk_safe_flush
+ __printk_safe_flush
+ raw_spin_lock_irqsave(&read_lock)
+ // send NMI to other processors
+ apic_send_IPI_allbutself(NMI_VECTOR)
+ // NMI interrupt, dead loop
+ crash_nmi_callback
+ printk_safe_flush_on_panic
+ printk_safe_flush
+ __printk_safe_flush
+ // deadlock
+ raw_spin_lock_irqsave(&read_lock)
+
+DEADLOCK: read_lock is taken on CPU1 and will never get released.
+
+It happens when panic() stops a CPU by NMI while it has been in
+the middle of printk_safe_flush().
+
+Handle the lock the same way as logbuf_lock. The printk_safe buffers
+are flushed only when both locks can be safely taken. It can avoid
+the deadlock _in this particular case_ at expense of losing contents
+of printk_safe buffers.
+
+Note: It would actually be safe to re-init the locks when all CPUs were
+ stopped by NMI. But it would require passing this information
+ from arch-specific code. It is not worth the complexity.
+ Especially because logbuf_lock and printk_safe buffers have been
+ obsoleted by the lockless ring buffer.
+
+Fixes: cf9b1106c81c ("printk/nmi: flush NMI messages on the system panic")
+Signed-off-by: Muchun Song <songmuchun@bytedance.com>
+Reviewed-by: Petr Mladek <pmladek@suse.com>
+Cc: <stable@vger.kernel.org>
+Acked-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+Link: https://lore.kernel.org/r/20210210034823.64867-1-songmuchun@bytedance.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/printk/printk_safe.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+--- a/kernel/printk/printk_safe.c
++++ b/kernel/printk/printk_safe.c
+@@ -43,6 +43,8 @@ struct printk_safe_seq_buf {
+ static DEFINE_PER_CPU(struct printk_safe_seq_buf, safe_print_seq);
+ static DEFINE_PER_CPU(int, printk_context);
+
++static DEFINE_RAW_SPINLOCK(safe_read_lock);
++
+ #ifdef CONFIG_PRINTK_NMI
+ static DEFINE_PER_CPU(struct printk_safe_seq_buf, nmi_print_seq);
+ #endif
+@@ -178,8 +180,6 @@ static void report_message_lost(struct p
+ */
+ static void __printk_safe_flush(struct irq_work *work)
+ {
+- static raw_spinlock_t read_lock =
+- __RAW_SPIN_LOCK_INITIALIZER(read_lock);
+ struct printk_safe_seq_buf *s =
+ container_of(work, struct printk_safe_seq_buf, work);
+ unsigned long flags;
+@@ -193,7 +193,7 @@ static void __printk_safe_flush(struct i
+ * different CPUs. This is especially important when printing
+ * a backtrace.
+ */
+- raw_spin_lock_irqsave(&read_lock, flags);
++ raw_spin_lock_irqsave(&safe_read_lock, flags);
+
+ i = 0;
+ more:
+@@ -230,7 +230,7 @@ more:
+
+ out:
+ report_message_lost(s);
+- raw_spin_unlock_irqrestore(&read_lock, flags);
++ raw_spin_unlock_irqrestore(&safe_read_lock, flags);
+ }
+
+ /**
+@@ -276,6 +276,14 @@ void printk_safe_flush_on_panic(void)
+ raw_spin_lock_init(&logbuf_lock);
+ }
+
++ if (raw_spin_is_locked(&safe_read_lock)) {
++ if (num_online_cpus() > 1)
++ return;
++
++ debug_locks_off();
++ raw_spin_lock_init(&safe_read_lock);
++ }
++
+ printk_safe_flush();
+ }
+
x86-fix-seq_file-iteration-for-pat-memtype.c.patch
hugetlb-fix-update_and_free_page-contig-page-struct-assumption.patch
hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch
+arm64-extend-workaround-for-erratum-1024718-to-all-versions-of-cortex-a55.patch
+media-smipcie-fix-interrupt-handling-and-ir-timeout.patch
+module-ignore-_global_offset_table_-when-warning-for-undefined-symbols.patch
+mmc-sdhci-esdhc-imx-fix-kernel-panic-when-remove-module.patch
+powerpc-32s-add-missing-call-to-kuep_lock-on-syscall-entry.patch
+spmi-spmi-pmic-arb-fix-hw_irq-overflow.patch
+gpio-pcf857x-fix-missing-first-interrupt.patch
+printk-fix-deadlock-when-kernel-panic.patch
--- /dev/null
+From d19db80a366576d3ffadf2508ed876b4c1faf959 Mon Sep 17 00:00:00 2001
+From: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
+Date: Thu, 11 Feb 2021 19:14:17 -0800
+Subject: spmi: spmi-pmic-arb: Fix hw_irq overflow
+
+From: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
+
+commit d19db80a366576d3ffadf2508ed876b4c1faf959 upstream.
+
+Currently, when handling the SPMI summary interrupt, the hw_irq
+number is calculated based on SID, Peripheral ID, IRQ index and
+APID. This is then passed to irq_find_mapping() to see if a
+mapping exists for this hw_irq and if available, invoke the
+interrupt handler. Since the IRQ index uses an "int" type, hw_irq
+which is of unsigned long data type can take a large value when
+SID has its MSB set to 1 and the type conversion happens. Because
+of this, irq_find_mapping() returns 0 as there is no mapping
+for this hw_irq. This ends up invoking cleanup_irq() as if
+the interrupt is spurious whereas it is actually a valid
+interrupt. Fix this by using the proper data type (u32) for id.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
+Link: https://lore.kernel.org/r/1612812784-26369-1-git-send-email-subbaram@codeaurora.org
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Link: https://lore.kernel.org/r/20210212031417.3148936-1-sboyd@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/spmi/spmi-pmic-arb.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/spmi/spmi-pmic-arb.c
++++ b/drivers/spmi/spmi-pmic-arb.c
+@@ -1,6 +1,6 @@
+ // SPDX-License-Identifier: GPL-2.0-only
+ /*
+- * Copyright (c) 2012-2015, 2017, The Linux Foundation. All rights reserved.
++ * Copyright (c) 2012-2015, 2017, 2021, The Linux Foundation. All rights reserved.
+ */
+ #include <linux/bitmap.h>
+ #include <linux/delay.h>
+@@ -505,8 +505,7 @@ static void cleanup_irq(struct spmi_pmic
+ static void periph_interrupt(struct spmi_pmic_arb *pmic_arb, u16 apid)
+ {
+ unsigned int irq;
+- u32 status;
+- int id;
++ u32 status, id;
+ u8 sid = (pmic_arb->apid_data[apid].ppid >> 8) & 0xF;
+ u8 per = pmic_arb->apid_data[apid].ppid & 0xFF;
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
