--- /dev/null
+From ac237c28d5ac1b241d58b1b7b4b9fa10efb22fb5 Mon Sep 17 00:00:00 2001
+From: Alex Stanoev <alex@astanoev.com>
+Date: Sun, 28 Oct 2018 16:55:12 +0000
+Subject: ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
+
+From: Alex Stanoev <alex@astanoev.com>
+
+commit ac237c28d5ac1b241d58b1b7b4b9fa10efb22fb5 upstream.
+
+The Creative Audigy SE (SB0570) card currently exhibits an audible pop
+whenever playback is stopped or resumed, or during silent periods of an
+audio stream. Initialise the IZD bit to the 0 to eliminate these pops.
+
+The Infinite Zero Detection (IZD) feature on the DAC causes the output
+to be shunted to Vcap after 2048 samples of silence. This discharges the
+AC coupling capacitor through the output and causes the aforementioned
+pop/click noise.
+
+The behaviour of the IZD bit is described on page 15 of the WM8768GEDS
+datasheet: "With IZD=1, applying MUTE for 1024 consecutive input samples
+will cause all outputs to be connected directly to VCAP. This also
+happens if 2048 consecutive zero input samples are applied to all 6
+channels, and IZD=0. It will be removed as soon as any channel receives
+a non-zero input". I believe the second sentence might be referring to
+IZD=1 instead of IZD=0 given the observed behaviour of the card.
+
+This change should make the DAC initialisation consistent with
+Creative's Windows driver, as this popping persists when initialising
+the card in Linux and soft rebooting into Windows, but is not present on
+a cold boot to Windows.
+
+Signed-off-by: Alex Stanoev <alex@astanoev.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/ca0106/ca0106.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/ca0106/ca0106.h
++++ b/sound/pci/ca0106/ca0106.h
+@@ -582,7 +582,7 @@
+ #define SPI_PL_BIT_R_R (2<<7) /* right channel = right */
+ #define SPI_PL_BIT_R_C (3<<7) /* right channel = (L+R)/2 */
+ #define SPI_IZD_REG 2
+-#define SPI_IZD_BIT (1<<4) /* infinite zero detect */
++#define SPI_IZD_BIT (0<<4) /* infinite zero detect */
+
+ #define SPI_FMT_REG 3
+ #define SPI_FMT_BIT_RJ (0<<0) /* right justified mode */
--- /dev/null
+From 5cb6b5fc013ee711d19bfc4e9deb8d6ae80741db Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Tue, 16 Oct 2018 12:18:21 +0200
+Subject: ALSA: hda: Add 2 more models to the power_save blacklist
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit 5cb6b5fc013ee711d19bfc4e9deb8d6ae80741db upstream.
+
+Power-saving is causing plops on audio start/stop on Dell Precision T3600
+laptops and Intel DZ77BH boards, add these to the power_save blacklist.
+
+BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1525104
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/hda_intel.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -2257,8 +2257,12 @@ static struct snd_pci_quirk power_save_b
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1581607 */
+ SND_PCI_QUIRK(0x1558, 0x3501, "Clevo W35xSS_370SS", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
++ SND_PCI_QUIRK(0x1028, 0x0497, "Dell Precision T3600", 0),
++ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
+ /* Note the P55A-UD3 and Z87-D3HP share the subsys id for the HDA dev */
+ SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte P55A-UD3 / Z87-D3HP", 0),
++ /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */
++ SND_PCI_QUIRK(0x8086, 0x2040, "Intel DZ77BH-55K", 0),
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=199607 */
+ SND_PCI_QUIRK(0x8086, 0x2057, "Intel NUC5i7RYB", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1520902 */
--- /dev/null
+From e7bb6ad5685f05685dd8a6a5eda7bfcd14d5f95b Mon Sep 17 00:00:00 2001
+From: Jeremy Cline <jcline@redhat.com>
+Date: Thu, 11 Oct 2018 15:49:17 -0400
+Subject: ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
+
+From: Jeremy Cline <jcline@redhat.com>
+
+commit e7bb6ad5685f05685dd8a6a5eda7bfcd14d5f95b upstream.
+
+The Lenovo G50-30, like other G50 models, has a Conexant codec that
+requires a quirk for its inverted stereo dmic.
+
+Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1249364
+Reported-by: Alexander Ploumistos <alex.ploumistos@gmail.com>
+Tested-by: Alexander Ploumistos <alex.ploumistos@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Jeremy Cline <jcline@redhat.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_conexant.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -943,6 +943,7 @@ static const struct snd_pci_quirk cxt506
+ SND_PCI_QUIRK(0x17aa, 0x21da, "Lenovo X220", CXT_PINCFG_LENOVO_TP410),
+ SND_PCI_QUIRK(0x17aa, 0x21db, "Lenovo X220-tablet", CXT_PINCFG_LENOVO_TP410),
+ SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo IdeaPad Z560", CXT_FIXUP_MUTE_LED_EAPD),
++ SND_PCI_QUIRK(0x17aa, 0x3905, "Lenovo G50-30", CXT_FIXUP_STEREO_DMIC),
+ SND_PCI_QUIRK(0x17aa, 0x390b, "Lenovo G50-80", CXT_FIXUP_STEREO_DMIC),
+ SND_PCI_QUIRK(0x17aa, 0x3975, "Lenovo U300s", CXT_FIXUP_STEREO_DMIC),
+ SND_PCI_QUIRK(0x17aa, 0x3977, "Lenovo IdeaPad U310", CXT_FIXUP_STEREO_DMIC),
--- /dev/null
+From 11ba6111160290ccd35562f4e05cec08942a6c4c Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Sun, 7 Oct 2018 09:44:17 +0200
+Subject: ALSA: hda - Add quirk for ASUS G751 laptop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 11ba6111160290ccd35562f4e05cec08942a6c4c upstream.
+
+ASUS G751 requires the extra COEF initialization to make it microphone
+working properly.
+
+Reported-and-tested-by: Håvard <hovardslill@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -7738,6 +7738,7 @@ enum {
+ ALC662_FIXUP_ASUS_Nx50,
+ ALC668_FIXUP_ASUS_Nx51_HEADSET_MODE,
+ ALC668_FIXUP_ASUS_Nx51,
++ ALC668_FIXUP_ASUS_G751,
+ ALC891_FIXUP_HEADSET_MODE,
+ ALC891_FIXUP_DELL_MIC_NO_PRESENCE,
+ ALC662_FIXUP_ACER_VERITON,
+@@ -8007,6 +8008,14 @@ static const struct hda_fixup alc662_fix
+ .chained = true,
+ .chain_id = ALC668_FIXUP_ASUS_Nx51_HEADSET_MODE,
+ },
++ [ALC668_FIXUP_ASUS_G751] = {
++ .type = HDA_FIXUP_VERBS,
++ .v.verbs = (const struct hda_verb[]) {
++ { 0x20, AC_VERB_SET_COEF_INDEX, 0xc3 },
++ { 0x20, AC_VERB_SET_PROC_COEF, 0x4000 },
++ {}
++ },
++ },
+ [ALC891_FIXUP_HEADSET_MODE] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc_fixup_headset_mode,
+@@ -8080,6 +8089,7 @@ static const struct snd_pci_quirk alc662
+ SND_PCI_QUIRK(0x1043, 0x11cd, "Asus N550", ALC662_FIXUP_ASUS_Nx50),
+ SND_PCI_QUIRK(0x1043, 0x13df, "Asus N550JX", ALC662_FIXUP_BASS_1A),
+ SND_PCI_QUIRK(0x1043, 0x129d, "Asus N750", ALC662_FIXUP_ASUS_Nx50),
++ SND_PCI_QUIRK(0x1043, 0x12ff, "ASUS G751", ALC668_FIXUP_ASUS_G751),
+ SND_PCI_QUIRK(0x1043, 0x1477, "ASUS N56VZ", ALC662_FIXUP_BASS_MODE4_CHMAP),
+ SND_PCI_QUIRK(0x1043, 0x15a7, "ASUS UX51VZH", ALC662_FIXUP_BASS_16),
+ SND_PCI_QUIRK(0x1043, 0x177d, "ASUS N551", ALC668_FIXUP_ASUS_Nx51),
--- /dev/null
+From 5b7c5e1f4c36b99d0f694f38b9ad910f520cb7ef Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 9 Oct 2018 14:20:17 +0200
+Subject: ALSA: hda - Fix headphone pin config for ASUS G751
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 5b7c5e1f4c36b99d0f694f38b9ad910f520cb7ef upstream.
+
+BIOS on ASUS G751 doesn't seem to map the headphone pin (NID 0x16)
+correctly. Add a quirk to address it, as well as chaining to the
+previous fix for the microphone.
+
+Reported-by: Håvard <hovardslill@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -7738,6 +7738,7 @@ enum {
+ ALC662_FIXUP_ASUS_Nx50,
+ ALC668_FIXUP_ASUS_Nx51_HEADSET_MODE,
+ ALC668_FIXUP_ASUS_Nx51,
++ ALC668_FIXUP_MIC_COEF,
+ ALC668_FIXUP_ASUS_G751,
+ ALC891_FIXUP_HEADSET_MODE,
+ ALC891_FIXUP_DELL_MIC_NO_PRESENCE,
+@@ -8008,7 +8009,7 @@ static const struct hda_fixup alc662_fix
+ .chained = true,
+ .chain_id = ALC668_FIXUP_ASUS_Nx51_HEADSET_MODE,
+ },
+- [ALC668_FIXUP_ASUS_G751] = {
++ [ALC668_FIXUP_MIC_COEF] = {
+ .type = HDA_FIXUP_VERBS,
+ .v.verbs = (const struct hda_verb[]) {
+ { 0x20, AC_VERB_SET_COEF_INDEX, 0xc3 },
+@@ -8016,6 +8017,15 @@ static const struct hda_fixup alc662_fix
+ {}
+ },
+ },
++ [ALC668_FIXUP_ASUS_G751] = {
++ .type = HDA_FIXUP_PINS,
++ .v.pins = (const struct hda_pintbl[]) {
++ { 0x16, 0x0421101f }, /* HP */
++ {}
++ },
++ .chained = true,
++ .chain_id = ALC668_FIXUP_MIC_COEF
++ },
+ [ALC891_FIXUP_HEADSET_MODE] = {
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc_fixup_headset_mode,
--- /dev/null
+From 5e93a125f521efd00d71af31c2a301f3d46af48c Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 5 Nov 2018 12:28:07 +0100
+Subject: ALSA: hda - Fix incorrect clearance of thinkpad_acpi hooks
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 5e93a125f521efd00d71af31c2a301f3d46af48c upstream.
+
+Since the commit c647f806b8c2 ("ALSA: hda - Allow multiple ADCs for
+mic mute LED controls") we allow enabling the mic mute LED with
+multiple ADCs. The commit changed the function return value to be
+zero or a negative error, while this change was overlooked in the
+thinkpad_acpi helper code where it still expects a positive return
+value for success. This eventually leads to a NULL dereference on a
+system that has only a mic mute LED.
+
+This patch corrects the return value check in the corresponding code
+as well.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=201621
+Fixes: c647f806b8c2 ("ALSA: hda - Allow multiple ADCs for mic mute LED controls")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/thinkpad_helper.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/pci/hda/thinkpad_helper.c
++++ b/sound/pci/hda/thinkpad_helper.c
+@@ -58,8 +58,8 @@ static void hda_fixup_thinkpad_acpi(stru
+ removefunc = false;
+ }
+ if (led_set_func(TPACPI_LED_MICMUTE, false) >= 0 &&
+- snd_hda_gen_add_micmute_led(codec,
+- update_tpacpi_micmute) > 0)
++ !snd_hda_gen_add_micmute_led(codec,
++ update_tpacpi_micmute))
+ removefunc = false;
+ }
+
--- /dev/null
+From d06fb562bff5d14defdacbd92449bacbaedd5cdf Mon Sep 17 00:00:00 2001
+From: Hui Wang <hui.wang@canonical.com>
+Date: Wed, 10 Oct 2018 11:57:25 +0800
+Subject: ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
+
+From: Hui Wang <hui.wang@canonical.com>
+
+commit d06fb562bff5d14defdacbd92449bacbaedd5cdf upstream.
+
+The front MIC on the Lenovo M715 can't record sound, after applying
+the ALC294_FIXUP_LENOVO_MIC_LOCATION, the problem is fixed. So add
+the pin configuration of this machine to the pin quirk table.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Hui Wang <hui.wang@canonical.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -6843,6 +6843,12 @@ static const struct snd_hda_pin_quirk al
+ {0x21, 0x0221101f}),
+ SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION,
+ {0x14, 0x90170110},
++ {0x19, 0x02a11030},
++ {0x1a, 0x02a11040},
++ {0x1b, 0x01011020},
++ {0x21, 0x0221101f}),
++ SND_HDA_PIN_QUIRK(0x10ec0235, 0x17aa, "Lenovo", ALC294_FIXUP_LENOVO_MIC_LOCATION,
++ {0x14, 0x90170110},
+ {0x19, 0x02a11020},
+ {0x1a, 0x02a11030},
+ {0x21, 0x0221101f}),
--- /dev/null
+From 1138b6718ff74d2a934459643e3754423d23b5e2 Mon Sep 17 00:00:00 2001
+From: John David Anglin <dave.anglin@bell.net>
+Date: Sat, 6 Oct 2018 13:11:30 -0400
+Subject: parisc: Fix address in HPMC IVA
+
+From: John David Anglin <dave.anglin@bell.net>
+
+commit 1138b6718ff74d2a934459643e3754423d23b5e2 upstream.
+
+Helge noticed that the address of the os_hpmc handler was not being
+correctly calculated in the hpmc macro. As a result, PDCE_CHECK would
+fail to call os_hpmc:
+
+<Cpu2> e800009802e00000 0000000000000000 CC_ERR_CHECK_HPMC
+<Cpu2> 37000f7302e00000 8040004000000000 CC_ERR_CPU_CHECK_SUMMARY
+<Cpu2> f600105e02e00000 fffffff0f0c00000 CC_MC_HPMC_MONARCH_SELECTED
+<Cpu2> 140003b202e00000 000000000000000b CC_ERR_HPMC_STATE_ENTRY
+<Cpu2> 5600100b02e00000 00000000000001a0 CC_MC_OS_HPMC_LEN_ERR
+<Cpu2> 5600106402e00000 fffffff0f0438e70 CC_MC_BR_TO_OS_HPMC_FAILED
+<Cpu2> e800009802e00000 0000000000000000 CC_ERR_CHECK_HPMC
+<Cpu2> 37000f7302e00000 8040004000000000 CC_ERR_CPU_CHECK_SUMMARY
+<Cpu2> 4000109f02e00000 0000000000000000 CC_MC_HPMC_INITIATED
+<Cpu2> 4000101902e00000 0000000000000000 CC_MC_MULTIPLE_HPMCS
+<Cpu2> 030010d502e00000 0000000000000000 CC_CPU_STOP
+
+The address problem can be seen by dumping the fault vector:
+
+0000000040159000 <fault_vector_20>:
+ 40159000: 63 6f 77 73 stb r15,-2447(dp)
+ 40159004: 20 63 61 6e ldil L%b747000,r3
+ 40159008: 20 66 6c 79 ldil L%-1c3b3000,r3
+ ...
+ 40159020: 08 00 02 40 nop
+ 40159024: 20 6e 60 02 ldil L%15d000,r3
+ 40159028: 34 63 00 00 ldo 0(r3),r3
+ 4015902c: e8 60 c0 02 bv,n r0(r3)
+ 40159030: 08 00 02 40 nop
+ 40159034: 00 00 00 00 break 0,0
+ 40159038: c0 00 70 00 bb,*< r0,sar,40159840 <fault_vector_20+0x840>
+ 4015903c: 00 00 00 00 break 0,0
+
+Location 40159038 should contain the physical address of os_hpmc:
+
+000000004015d000 <os_hpmc>:
+ 4015d000: 08 1a 02 43 copy r26,r3
+ 4015d004: 01 c0 08 a4 mfctl iva,r4
+ 4015d008: 48 85 00 68 ldw 34(r4),r5
+
+This patch moves the address setup into initialize_ivt to resolve the
+above problem. I tested the change by dumping the HPMC entry after setup:
+
+0000000040209020: 8000240
+0000000040209024: 206a2004
+0000000040209028: 34630ac0
+000000004020902c: e860c002
+0000000040209030: 8000240
+0000000040209034: 1bdddce6
+0000000040209038: 15d000
+000000004020903c: 1a0
+
+Signed-off-by: John David Anglin <dave.anglin@bell.net>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/kernel/entry.S | 2 +-
+ arch/parisc/kernel/traps.c | 3 ++-
+ 2 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/arch/parisc/kernel/entry.S
++++ b/arch/parisc/kernel/entry.S
+@@ -186,7 +186,7 @@
+ bv,n 0(%r3)
+ nop
+ .word 0 /* checksum (will be patched) */
+- .word PA(os_hpmc) /* address of handler */
++ .word 0 /* address of handler */
+ .word 0 /* length of handler */
+ .endm
+
+--- a/arch/parisc/kernel/traps.c
++++ b/arch/parisc/kernel/traps.c
+@@ -802,7 +802,8 @@ void __init initialize_ivt(const void *i
+ * the Length/4 words starting at Address is zero.
+ */
+
+- /* Compute Checksum for HPMC handler */
++ /* Setup IVA and compute checksum for HPMC handler */
++ ivap[6] = (u32)__pa(os_hpmc);
+ length = os_hpmc_size;
+ ivap[7] = length;
+
--- /dev/null
+From 99a3ae51d557d8e38a7aece65678a31f9db215ee Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sun, 14 Oct 2018 21:58:00 +0200
+Subject: parisc: Fix exported address of os_hpmc handler
+
+From: Helge Deller <deller@gmx.de>
+
+commit 99a3ae51d557d8e38a7aece65678a31f9db215ee upstream.
+
+In the C-code we need to put the physical address of the hpmc handler in
+the interrupt vector table (IVA) in order to get HPMCs working. Since
+on parisc64 function pointers are indirect (in fact they are function
+descriptors) we instead export the address as variable and not as
+function.
+
+This reverts a small part of commit f39cce654f9a ("parisc: Add
+cfi_startproc and cfi_endproc to assembly code").
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: <stable@vger.kernel.org> [4.9+]
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/kernel/hpmc.S | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/arch/parisc/kernel/hpmc.S
++++ b/arch/parisc/kernel/hpmc.S
+@@ -85,7 +85,7 @@ END(hpmc_pim_data)
+
+ .import intr_save, code
+ .align 16
+-ENTRY_CFI(os_hpmc)
++ENTRY(os_hpmc)
+ .os_hpmc:
+
+ /*
+@@ -302,7 +302,6 @@ os_hpmc_6:
+ b .
+ nop
+ .align 16 /* make function length multiple of 16 bytes */
+-ENDPROC_CFI(os_hpmc)
+ .os_hpmc_end:
+
+
--- /dev/null
+From 3c229b3f2dd8133f61bb81d3cb018be92f4bba39 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Fri, 12 Oct 2018 22:37:46 +0200
+Subject: parisc: Fix map_pages() to not overwrite existing pte entries
+
+From: Helge Deller <deller@gmx.de>
+
+commit 3c229b3f2dd8133f61bb81d3cb018be92f4bba39 upstream.
+
+Fix a long-existing small nasty bug in the map_pages() implementation which
+leads to overwriting already written pte entries with zero, *if* map_pages() is
+called a second time with an end address which isn't aligned on a pmd boundry.
+This happens for example if we want to remap only the text segment read/write
+in order to run alternative patching on the code. Exiting the loop when we
+reach the end address fixes this.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/mm/init.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+--- a/arch/parisc/mm/init.c
++++ b/arch/parisc/mm/init.c
+@@ -494,12 +494,8 @@ static void __init map_pages(unsigned lo
+ pte = pte_mkhuge(pte);
+ }
+
+- if (address >= end_paddr) {
+- if (force)
+- break;
+- else
+- pte_val(pte) = 0;
+- }
++ if (address >= end_paddr)
++ break;
+
+ set_pte(pg_table, pte);
+
kprobes-x86-use-preempt_enable-in-optimized_callback.patch
ipmi-fix-timer-race-with-module-unload.patch
mailbox-pcc-handle-parse-error.patch
+parisc-fix-address-in-hpmc-iva.patch
+parisc-fix-map_pages-to-not-overwrite-existing-pte-entries.patch
+parisc-fix-exported-address-of-os_hpmc-handler.patch
+alsa-hda-add-quirk-for-asus-g751-laptop.patch
+alsa-hda-fix-headphone-pin-config-for-asus-g751.patch
+alsa-hda-realtek-fix-the-problem-of-the-front-mic-on-the-lenovo-m715.patch
+alsa-hda-add-mic-quirk-for-the-lenovo-g50-30-17aa-3905.patch
+alsa-hda-add-2-more-models-to-the-power_save-blacklist.patch
+alsa-ca0106-disable-izd-on-sb0570-dac-to-fix-audio-pops.patch
+alsa-hda-fix-incorrect-clearance-of-thinkpad_acpi-hooks.patch
+x86-speculation-enable-cross-hyperthread-spectre-v2-stibp-mitigation.patch
+x86-xen-fix-boot-loader-version-reported-for-pvh-guests.patch
+x86-corruption-check-fix-panic-in-memory_corruption_check-when-boot-option-without-value-is-provided.patch
+x86-kvm-nvmx-allow-bare-vmxon-state-migration.patch
+x86-mm-pat-disable-preemption-around-__flush_tlb_all.patch
+x86-numa_emulation-fix-uniform-split-numa-emulation.patch
--- /dev/null
+From ccde460b9ae5c2bd5e4742af0a7f623c2daad566 Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he@windriver.com>
+Date: Tue, 14 Aug 2018 23:33:42 +0800
+Subject: x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
+
+From: He Zhe <zhe.he@windriver.com>
+
+commit ccde460b9ae5c2bd5e4742af0a7f623c2daad566 upstream.
+
+memory_corruption_check[{_period|_size}]()'s handlers do not check input
+argument before passing it to kstrtoul() or simple_strtoull(). The argument
+would be a NULL pointer if each of the kernel parameters, without its
+value, is set in command line and thus cause the following panic.
+
+PANIC: early exception 0xe3 IP 10:ffffffff73587c22 error 0 cr2 0x0
+[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.18-rc8+ #2
+[ 0.000000] RIP: 0010:kstrtoull+0x2/0x10
+...
+[ 0.000000] Call Trace
+[ 0.000000] ? set_corruption_check+0x21/0x49
+[ 0.000000] ? do_early_param+0x4d/0x82
+[ 0.000000] ? parse_args+0x212/0x330
+[ 0.000000] ? rdinit_setup+0x26/0x26
+[ 0.000000] ? parse_early_options+0x20/0x23
+[ 0.000000] ? rdinit_setup+0x26/0x26
+[ 0.000000] ? parse_early_param+0x2d/0x39
+[ 0.000000] ? setup_arch+0x2f7/0xbf4
+[ 0.000000] ? start_kernel+0x5e/0x4c2
+[ 0.000000] ? load_ucode_bsp+0x113/0x12f
+[ 0.000000] ? secondary_startup_64+0xa5/0xb0
+
+This patch adds checks to prevent the panic.
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: gregkh@linuxfoundation.org
+Cc: kstewart@linuxfoundation.org
+Cc: pombredanne@nexb.com
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/1534260823-87917-1-git-send-email-zhe.he@windriver.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/check.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+--- a/arch/x86/kernel/check.c
++++ b/arch/x86/kernel/check.c
+@@ -31,6 +31,11 @@ static __init int set_corruption_check(c
+ ssize_t ret;
+ unsigned long val;
+
++ if (!arg) {
++ pr_err("memory_corruption_check config string not provided\n");
++ return -EINVAL;
++ }
++
+ ret = kstrtoul(arg, 10, &val);
+ if (ret)
+ return ret;
+@@ -45,6 +50,11 @@ static __init int set_corruption_check_p
+ ssize_t ret;
+ unsigned long val;
+
++ if (!arg) {
++ pr_err("memory_corruption_check_period config string not provided\n");
++ return -EINVAL;
++ }
++
+ ret = kstrtoul(arg, 10, &val);
+ if (ret)
+ return ret;
+@@ -59,6 +69,11 @@ static __init int set_corruption_check_s
+ char *end;
+ unsigned size;
+
++ if (!arg) {
++ pr_err("memory_corruption_check_size config string not provided\n");
++ return -EINVAL;
++ }
++
+ size = memparse(arg, &end);
+
+ if (*end == '\0')
--- /dev/null
+From a1b0c1c64dfef0cff8555bb708bfc5d7c66c6ca4 Mon Sep 17 00:00:00 2001
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+Date: Tue, 16 Oct 2018 18:50:07 +0200
+Subject: x86/kvm/nVMX: allow bare VMXON state migration
+
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+
+commit a1b0c1c64dfef0cff8555bb708bfc5d7c66c6ca4 upstream.
+
+It is perfectly valid for a guest to do VMXON and not do VMPTRLD. This
+state needs to be preserved on migration.
+
+Cc: stable@vger.kernel.org
+Fixes: 8fcc4b5923af5de58b80b53a069453b135693304
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/vmx.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/kvm/vmx.c
++++ b/arch/x86/kvm/vmx.c
+@@ -14010,13 +14010,6 @@ static int vmx_set_nested_state(struct k
+ if (!page_address_valid(vcpu, kvm_state->vmx.vmxon_pa))
+ return -EINVAL;
+
+- if (kvm_state->size < sizeof(kvm_state) + sizeof(*vmcs12))
+- return -EINVAL;
+-
+- if (kvm_state->vmx.vmcs_pa == kvm_state->vmx.vmxon_pa ||
+- !page_address_valid(vcpu, kvm_state->vmx.vmcs_pa))
+- return -EINVAL;
+-
+ if ((kvm_state->vmx.smm.flags & KVM_STATE_NESTED_SMM_GUEST_MODE) &&
+ (kvm_state->flags & KVM_STATE_NESTED_GUEST_MODE))
+ return -EINVAL;
+@@ -14046,6 +14039,14 @@ static int vmx_set_nested_state(struct k
+ if (ret)
+ return ret;
+
++ /* Empty 'VMXON' state is permitted */
++ if (kvm_state->size < sizeof(kvm_state) + sizeof(*vmcs12))
++ return 0;
++
++ if (kvm_state->vmx.vmcs_pa == kvm_state->vmx.vmxon_pa ||
++ !page_address_valid(vcpu, kvm_state->vmx.vmcs_pa))
++ return -EINVAL;
++
+ set_current_vmptr(vmx, kvm_state->vmx.vmcs_pa);
+
+ if (kvm_state->vmx.smm.flags & KVM_STATE_NESTED_SMM_VMXON) {
--- /dev/null
+From f77084d96355f5fba8e2c1fb3a51a393b1570de7 Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Date: Wed, 17 Oct 2018 12:34:32 +0200
+Subject: x86/mm/pat: Disable preemption around __flush_tlb_all()
+
+From: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+
+commit f77084d96355f5fba8e2c1fb3a51a393b1570de7 upstream.
+
+The WARN_ON_ONCE(__read_cr3() != build_cr3()) in switch_mm_irqs_off()
+triggers every once in a while during a snapshotted system upgrade.
+
+The warning triggers since commit decab0888e6e ("x86/mm: Remove
+preempt_disable/enable() from __native_flush_tlb()"). The callchain is:
+
+ get_page_from_freelist() -> post_alloc_hook() -> __kernel_map_pages()
+
+with CONFIG_DEBUG_PAGEALLOC enabled.
+
+Disable preemption during CR3 reset / __flush_tlb_all() and add a comment
+why preemption has to be disabled so it won't be removed accidentaly.
+
+Add another preemptible() check in __flush_tlb_all() to catch callers with
+enabled preemption when PGE is enabled, because PGE enabled does not
+trigger the warning in __native_flush_tlb(). Suggested by Andy Lutomirski.
+
+Fixes: decab0888e6e ("x86/mm: Remove preempt_disable/enable() from __native_flush_tlb()")
+Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20181017103432.zgv46nlu3hc7k4rq@linutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/tlbflush.h | 6 ++++++
+ arch/x86/mm/pageattr.c | 6 +++++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/tlbflush.h
++++ b/arch/x86/include/asm/tlbflush.h
+@@ -469,6 +469,12 @@ static inline void __native_flush_tlb_on
+ */
+ static inline void __flush_tlb_all(void)
+ {
++ /*
++ * This is to catch users with enabled preemption and the PGE feature
++ * and don't trigger the warning in __native_flush_tlb().
++ */
++ VM_WARN_ON_ONCE(preemptible());
++
+ if (boot_cpu_has(X86_FEATURE_PGE)) {
+ __flush_tlb_global();
+ } else {
+--- a/arch/x86/mm/pageattr.c
++++ b/arch/x86/mm/pageattr.c
+@@ -2086,9 +2086,13 @@ void __kernel_map_pages(struct page *pag
+
+ /*
+ * We should perform an IPI and flush all tlbs,
+- * but that can deadlock->flush only current cpu:
++ * but that can deadlock->flush only current cpu.
++ * Preemption needs to be disabled around __flush_tlb_all() due to
++ * CR3 reload in __native_flush_tlb().
+ */
++ preempt_disable();
+ __flush_tlb_all();
++ preempt_enable();
+
+ arch_flush_lazy_mmu_mode();
+ }
--- /dev/null
+From c6ee7a548e2c291398b4f32c1f741c66b9f98e1c Mon Sep 17 00:00:00 2001
+From: Dave Jiang <dave.jiang@intel.com>
+Date: Thu, 25 Oct 2018 13:26:45 -0700
+Subject: x86/numa_emulation: Fix uniform-split numa emulation
+
+From: Dave Jiang <dave.jiang@intel.com>
+
+commit c6ee7a548e2c291398b4f32c1f741c66b9f98e1c upstream.
+
+The numa_emulation() routine in the 'uniform' case walks through all the
+physical 'memblk' instances and divides them into N emulated nodes with
+split_nodes_size_interleave_uniform(). As each physical node is consumed it
+is removed from the physical memblk array in the numa_remove_memblk_from()
+helper.
+
+Since split_nodes_size_interleave_uniform() handles advancing the array as
+the 'memblk' is consumed it is expected that the base of the array is
+always specified as the argument.
+
+Otherwise, on multi-socket (> 2) configurations the uniform-split
+capability can generate an invalid numa configuration leading to boot
+failures with signatures like the following:
+
+ rcu: INFO: rcu_sched detected stalls on CPUs/tasks:
+ Sending NMI from CPU 0 to CPUs 2:
+ NMI backtrace for cpu 2
+ CPU: 2 PID: 1332 Comm: pgdatinit0 Not tainted 4.19.0-rc8-next-20181019-baseline #59
+ RIP: 0010:__init_single_page.isra.74+0x81/0x90
+ [..]
+ Call Trace:
+ deferred_init_pages+0xaa/0xe3
+ deferred_init_memmap+0x18f/0x318
+ kthread+0xf8/0x130
+ ? deferred_free_pages.isra.105+0xc9/0xc9
+ ? kthread_stop+0x110/0x110
+ ret_from_fork+0x35/0x40
+
+Fixes: 1f6a2c6d9f121 ("x86/numa_emulation: Introduce uniform split capability")
+Signed-off-by: Dave Jiang <dave.jiang@intel.com>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
+Reviewed-by: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/154049911459.2685845.9210186007479774286.stgit@dwillia2-desk3.amr.corp.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/mm/numa_emulation.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/mm/numa_emulation.c
++++ b/arch/x86/mm/numa_emulation.c
+@@ -400,9 +400,17 @@ void __init numa_emulation(struct numa_m
+ n = simple_strtoul(emu_cmdline, &emu_cmdline, 0);
+ ret = -1;
+ for_each_node_mask(i, physnode_mask) {
++ /*
++ * The reason we pass in blk[0] is due to
++ * numa_remove_memblk_from() called by
++ * emu_setup_memblk() will delete entry 0
++ * and then move everything else up in the pi.blk
++ * array. Therefore we should always be looking
++ * at blk[0].
++ */
+ ret = split_nodes_size_interleave_uniform(&ei, &pi,
+- pi.blk[i].start, pi.blk[i].end, 0,
+- n, &pi.blk[i], nid);
++ pi.blk[0].start, pi.blk[0].end, 0,
++ n, &pi.blk[0], nid);
+ if (ret < 0)
+ break;
+ if (ret < n) {
--- /dev/null
+From 53c613fe6349994f023245519265999eed75957f Mon Sep 17 00:00:00 2001
+From: Jiri Kosina <jkosina@suse.cz>
+Date: Tue, 25 Sep 2018 14:38:55 +0200
+Subject: x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
+
+From: Jiri Kosina <jkosina@suse.cz>
+
+commit 53c613fe6349994f023245519265999eed75957f upstream.
+
+STIBP is a feature provided by certain Intel ucodes / CPUs. This feature
+(once enabled) prevents cross-hyperthread control of decisions made by
+indirect branch predictors.
+
+Enable this feature if
+
+- the CPU is vulnerable to spectre v2
+- the CPU supports SMT and has SMT siblings online
+- spectre_v2 mitigation autoselection is enabled (default)
+
+After some previous discussion, this leaves STIBP on all the time, as wrmsr
+on crossing kernel boundary is a no-no. This could perhaps later be a bit
+more optimized (like disabling it in NOHZ, experiment with disabling it in
+idle, etc) if needed.
+
+Note that the synchronization of the mask manipulation via newly added
+spec_ctrl_mutex is currently not strictly needed, as the only updater is
+already being serialized by cpu_add_remove_lock, but let's make this a
+little bit more future-proof.
+
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: "WoodhouseDavid" <dwmw@amazon.co.uk>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Tim Chen <tim.c.chen@linux.intel.com>
+Cc: "SchauflerCasey" <casey.schaufler@intel.com>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/nycvar.YFH.7.76.1809251438240.15880@cbobk.fhfr.pm
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/bugs.c | 57 ++++++++++++++++++++++++++++++++++++++++-----
+ kernel/cpu.c | 11 +++++++-
+ 2 files changed, 61 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -35,12 +35,10 @@ static void __init spectre_v2_select_mit
+ static void __init ssb_select_mitigation(void);
+ static void __init l1tf_select_mitigation(void);
+
+-/*
+- * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any
+- * writes to SPEC_CTRL contain whatever reserved bits have been set.
+- */
+-u64 __ro_after_init x86_spec_ctrl_base;
++/* The base value of the SPEC_CTRL MSR that always has to be preserved. */
++u64 x86_spec_ctrl_base;
+ EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
++static DEFINE_MUTEX(spec_ctrl_mutex);
+
+ /*
+ * The vendor and possibly platform specific bits which can be modified in
+@@ -325,6 +323,46 @@ static enum spectre_v2_mitigation_cmd __
+ return cmd;
+ }
+
++static bool stibp_needed(void)
++{
++ if (spectre_v2_enabled == SPECTRE_V2_NONE)
++ return false;
++
++ if (!boot_cpu_has(X86_FEATURE_STIBP))
++ return false;
++
++ return true;
++}
++
++static void update_stibp_msr(void *info)
++{
++ wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
++}
++
++void arch_smt_update(void)
++{
++ u64 mask;
++
++ if (!stibp_needed())
++ return;
++
++ mutex_lock(&spec_ctrl_mutex);
++ mask = x86_spec_ctrl_base;
++ if (cpu_smt_control == CPU_SMT_ENABLED)
++ mask |= SPEC_CTRL_STIBP;
++ else
++ mask &= ~SPEC_CTRL_STIBP;
++
++ if (mask != x86_spec_ctrl_base) {
++ pr_info("Spectre v2 cross-process SMT mitigation: %s STIBP\n",
++ cpu_smt_control == CPU_SMT_ENABLED ?
++ "Enabling" : "Disabling");
++ x86_spec_ctrl_base = mask;
++ on_each_cpu(update_stibp_msr, NULL, 1);
++ }
++ mutex_unlock(&spec_ctrl_mutex);
++}
++
+ static void __init spectre_v2_select_mitigation(void)
+ {
+ enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline();
+@@ -424,6 +462,9 @@ specv2_set_mode:
+ setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW);
+ pr_info("Enabling Restricted Speculation for firmware calls\n");
+ }
++
++ /* Enable STIBP if appropriate */
++ arch_smt_update();
+ }
+
+ #undef pr_fmt
+@@ -814,6 +855,8 @@ static ssize_t l1tf_show_state(char *buf
+ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
+ char *buf, unsigned int bug)
+ {
++ int ret;
++
+ if (!boot_cpu_has_bug(bug))
+ return sprintf(buf, "Not affected\n");
+
+@@ -831,10 +874,12 @@ static ssize_t cpu_show_common(struct de
+ return sprintf(buf, "Mitigation: __user pointer sanitization\n");
+
+ case X86_BUG_SPECTRE_V2:
+- return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
++ ret = sprintf(buf, "%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
+ boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
+ boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
++ (x86_spec_ctrl_base & SPEC_CTRL_STIBP) ? ", STIBP" : "",
+ spectre_v2_module_string());
++ return ret;
+
+ case X86_BUG_SPEC_STORE_BYPASS:
+ return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
+--- a/kernel/cpu.c
++++ b/kernel/cpu.c
+@@ -2026,6 +2026,12 @@ static void cpuhp_online_cpu_device(unsi
+ kobject_uevent(&dev->kobj, KOBJ_ONLINE);
+ }
+
++/*
++ * Architectures that need SMT-specific errata handling during SMT hotplug
++ * should override this.
++ */
++void __weak arch_smt_update(void) { };
++
+ static int cpuhp_smt_disable(enum cpuhp_smt_control ctrlval)
+ {
+ int cpu, ret = 0;
+@@ -2052,8 +2058,10 @@ static int cpuhp_smt_disable(enum cpuhp_
+ */
+ cpuhp_offline_cpu_device(cpu);
+ }
+- if (!ret)
++ if (!ret) {
+ cpu_smt_control = ctrlval;
++ arch_smt_update();
++ }
+ cpu_maps_update_done();
+ return ret;
+ }
+@@ -2064,6 +2072,7 @@ static int cpuhp_smt_enable(void)
+
+ cpu_maps_update_begin();
+ cpu_smt_control = CPU_SMT_ENABLED;
++ arch_smt_update();
+ for_each_present_cpu(cpu) {
+ /* Skip online CPUs and CPUs on offline nodes */
+ if (cpu_online(cpu) || !node_online(cpu_to_node(cpu)))
--- /dev/null
+From 357d291ce035d1b757568058f3c9898c60d125b1 Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross@suse.com>
+Date: Wed, 10 Oct 2018 08:14:54 +0200
+Subject: x86/xen: Fix boot loader version reported for PVH guests
+
+From: Juergen Gross <jgross@suse.com>
+
+commit 357d291ce035d1b757568058f3c9898c60d125b1 upstream.
+
+The boot loader version reported via sysfs is wrong in case of the
+kernel being booted via the Xen PVH boot entry. it should be 2.12
+(0x020c), but it is reported to be 2.18 (0x0212).
+
+As the current way to set the version is error prone use the more
+readable variant (2 << 8) | 12.
+
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Cc: <stable@vger.kernel.org> # 4.12
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: boris.ostrovsky@oracle.com
+Cc: bp@alien8.de
+Cc: corbet@lwn.net
+Cc: linux-doc@vger.kernel.org
+Cc: xen-devel@lists.xenproject.org
+Link: http://lkml.kernel.org/r/20181010061456.22238-2-jgross@suse.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/enlighten_pvh.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/xen/enlighten_pvh.c
++++ b/arch/x86/xen/enlighten_pvh.c
+@@ -75,7 +75,7 @@ static void __init init_pvh_bootparams(v
+ * Version 2.12 supports Xen entry point but we will use default x86/PC
+ * environment (i.e. hardware_subarch 0).
+ */
+- pvh_bootparams.hdr.version = 0x212;
++ pvh_bootparams.hdr.version = (2 << 8) | 12;
+ pvh_bootparams.hdr.type_of_loader = (9 << 4) | 0; /* Xen loader */
+
+ x86_init.acpi.get_root_pointer = pvh_get_root_pointer;