--- /dev/null
+From 109ba779d6cca2d519c5dd624a3276d03e21948e Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Mon, 2 Dec 2019 18:02:13 +0100
+Subject: ext4: check for directory entries too close to block end
+
+From: Jan Kara <jack@suse.cz>
+
+commit 109ba779d6cca2d519c5dd624a3276d03e21948e upstream.
+
+ext4_check_dir_entry() currently does not catch a case when a directory
+entry ends so close to the block end that the header of the next
+directory entry would not fit in the remaining space. This can lead to
+directory iteration code trying to access address beyond end of current
+buffer head leading to oops.
+
+CC: stable@vger.kernel.org
+Signed-off-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20191202170213.4761-3-jack@suse.cz
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/dir.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/fs/ext4/dir.c
++++ b/fs/ext4/dir.c
+@@ -77,6 +77,11 @@ int __ext4_check_dir_entry(const char *f
+ error_msg = "rec_len is too small for name_len";
+ else if (unlikely(((char *) de - buf) + rlen > size))
+ error_msg = "directory entry overrun";
++ else if (unlikely(((char *) de - buf) + rlen >
++ size - EXT4_DIR_REC_LEN(1) &&
++ ((char *) de - buf) + rlen != size)) {
++ error_msg = "directory entry too close to block end";
++ }
+ else if (unlikely(le32_to_cpu(de->inode) >
+ le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count)))
+ error_msg = "inode out of bounds";
--- /dev/null
+From 64d4ce892383b2ad6d782e080d25502f91bf2a38 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Mon, 2 Dec 2019 18:02:12 +0100
+Subject: ext4: fix ext4_empty_dir() for directories with holes
+
+From: Jan Kara <jack@suse.cz>
+
+commit 64d4ce892383b2ad6d782e080d25502f91bf2a38 upstream.
+
+Function ext4_empty_dir() doesn't correctly handle directories with
+holes and crashes on bh->b_data dereference when bh is NULL. Reorganize
+the loop to use 'offset' variable all the times instead of comparing
+pointers to current direntry with bh->b_data pointer. Also add more
+strict checking of '.' and '..' directory entries to avoid entering loop
+in possibly invalid state on corrupted filesystems.
+
+References: CVE-2019-19037
+CC: stable@vger.kernel.org
+Fixes: 4e19d6b65fb4 ("ext4: allow directory holes")
+Signed-off-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20191202170213.4761-2-jack@suse.cz
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/namei.c | 32 ++++++++++++++++++--------------
+ 1 file changed, 18 insertions(+), 14 deletions(-)
+
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -2693,7 +2693,7 @@ bool ext4_empty_dir(struct inode *inode)
+ {
+ unsigned int offset;
+ struct buffer_head *bh;
+- struct ext4_dir_entry_2 *de, *de1;
++ struct ext4_dir_entry_2 *de;
+ struct super_block *sb;
+
+ if (ext4_has_inline_data(inode)) {
+@@ -2718,19 +2718,25 @@ bool ext4_empty_dir(struct inode *inode)
+ return true;
+
+ de = (struct ext4_dir_entry_2 *) bh->b_data;
+- de1 = ext4_next_entry(de, sb->s_blocksize);
+- if (le32_to_cpu(de->inode) != inode->i_ino ||
+- le32_to_cpu(de1->inode) == 0 ||
+- strcmp(".", de->name) || strcmp("..", de1->name)) {
+- ext4_warning_inode(inode, "directory missing '.' and/or '..'");
++ if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data, bh->b_size,
++ 0) ||
++ le32_to_cpu(de->inode) != inode->i_ino || strcmp(".", de->name)) {
++ ext4_warning_inode(inode, "directory missing '.'");
+ brelse(bh);
+ return true;
+ }
+- offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize) +
+- ext4_rec_len_from_disk(de1->rec_len, sb->s_blocksize);
+- de = ext4_next_entry(de1, sb->s_blocksize);
++ offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize);
++ de = ext4_next_entry(de, sb->s_blocksize);
++ if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data, bh->b_size,
++ offset) ||
++ le32_to_cpu(de->inode) == 0 || strcmp("..", de->name)) {
++ ext4_warning_inode(inode, "directory missing '..'");
++ brelse(bh);
++ return true;
++ }
++ offset += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize);
+ while (offset < inode->i_size) {
+- if ((void *) de >= (void *) (bh->b_data+sb->s_blocksize)) {
++ if (!(offset & (sb->s_blocksize - 1))) {
+ unsigned int lblock;
+ brelse(bh);
+ lblock = offset >> EXT4_BLOCK_SIZE_BITS(sb);
+@@ -2741,12 +2747,11 @@ bool ext4_empty_dir(struct inode *inode)
+ }
+ if (IS_ERR(bh))
+ return true;
+- de = (struct ext4_dir_entry_2 *) bh->b_data;
+ }
++ de = (struct ext4_dir_entry_2 *) (bh->b_data +
++ (offset & (sb->s_blocksize - 1)));
+ if (ext4_check_dir_entry(inode, NULL, de, bh,
+ bh->b_data, bh->b_size, offset)) {
+- de = (struct ext4_dir_entry_2 *)(bh->b_data +
+- sb->s_blocksize);
+ offset = (offset | (sb->s_blocksize - 1)) + 1;
+ continue;
+ }
+@@ -2755,7 +2760,6 @@ bool ext4_empty_dir(struct inode *inode)
+ return false;
+ }
+ offset += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize);
+- de = ext4_next_entry(de, sb->s_blocksize);
+ }
+ brelse(bh);
+ return true;
--- /dev/null
+From 7f420d64a08c1dcd65b27be82a27cf2bdb2e7847 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Fri, 13 Dec 2019 21:50:11 +0300
+Subject: ext4: unlock on error in ext4_expand_extra_isize()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 7f420d64a08c1dcd65b27be82a27cf2bdb2e7847 upstream.
+
+We need to unlock the xattr before returning on this error path.
+
+Cc: stable@kernel.org # 4.13
+Fixes: c03b45b853f5 ("ext4, project: expand inode extra size if possible")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Link: https://lore.kernel.org/r/20191213185010.6k7yl2tck3wlsdkt@kili.mountain
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ext4/inode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -6027,7 +6027,7 @@ int ext4_expand_extra_isize(struct inode
+ error = ext4_journal_get_write_access(handle, iloc->bh);
+ if (error) {
+ brelse(iloc->bh);
+- goto out_stop;
++ goto out_unlock;
+ }
+
+ error = __ext4_expand_extra_isize(inode, new_extra_isize, iloc,
+@@ -6037,8 +6037,8 @@ int ext4_expand_extra_isize(struct inode
+ if (!error)
+ error = rc;
+
++out_unlock:
+ ext4_write_unlock_xattr(inode, &no_expand);
+-out_stop:
+ ext4_journal_stop(handle);
+ return error;
+ }
--- /dev/null
+From 1ce74e96c2407df2b5867e5d45a70aacb8923c14 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will@kernel.org>
+Date: Thu, 12 Dec 2019 09:40:49 +0000
+Subject: KVM: arm64: Ensure 'params' is initialised when looking up sys register
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Will Deacon <will@kernel.org>
+
+commit 1ce74e96c2407df2b5867e5d45a70aacb8923c14 upstream.
+
+Commit 4b927b94d5df ("KVM: arm/arm64: vgic: Introduce find_reg_by_id()")
+introduced 'find_reg_by_id()', which looks up a system register only if
+the 'id' index parameter identifies a valid system register. As part of
+the patch, existing callers of 'find_reg()' were ported over to the new
+interface, but this breaks 'index_to_sys_reg_desc()' in the case that the
+initial lookup in the vCPU target table fails because we will then call
+into 'find_reg()' for the system register table with an uninitialised
+'param' as the key to the lookup.
+
+GCC 10 is bright enough to spot this (amongst a tonne of false positives,
+but hey!):
+
+ | arch/arm64/kvm/sys_regs.c: In function ‘index_to_sys_reg_desc.part.0.isra’:
+ | arch/arm64/kvm/sys_regs.c:983:33: warning: ‘params.Op2’ may be used uninitialized in this function [-Wmaybe-uninitialized]
+ | 983 | (u32)(x)->CRn, (u32)(x)->CRm, (u32)(x)->Op2);
+ | [...]
+
+Revert the hunk of 4b927b94d5df which breaks 'index_to_sys_reg_desc()' so
+that the old behaviour of checking the index upfront is restored.
+
+Fixes: 4b927b94d5df ("KVM: arm/arm64: vgic: Introduce find_reg_by_id()")
+Signed-off-by: Will Deacon <will@kernel.org>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20191212094049.12437-1-will@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kvm/sys_regs.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/arch/arm64/kvm/sys_regs.c
++++ b/arch/arm64/kvm/sys_regs.c
+@@ -2174,8 +2174,11 @@ static const struct sys_reg_desc *index_
+ if ((id & KVM_REG_ARM_COPROC_MASK) != KVM_REG_ARM64_SYSREG)
+ return NULL;
+
++ if (!index_to_params(id, ¶ms))
++ return NULL;
++
+ table = get_target_table(vcpu->arch.target, true, &num);
+- r = find_reg_by_id(id, ¶ms, table, num);
++ r = find_reg(¶ms, table, num);
+ if (!r)
+ r = find_reg(¶ms, sys_reg_descs, ARRAY_SIZE(sys_reg_descs));
+
--- /dev/null
+From 75d27ea1abf7af3cc2cdec3513e74f52191605c8 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Tue, 17 Dec 2019 11:53:49 +0200
+Subject: mmc: sdhci: Add a quirk for broken command queuing
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 75d27ea1abf7af3cc2cdec3513e74f52191605c8 upstream.
+
+Command queuing has been reported broken on some systems based on Intel
+GLK. A separate patch disables command queuing in some cases.
+
+This patch adds a quirk for broken command queuing, which enables users
+with problems to disable command queuing using sdhci module parameters for
+quirks.
+
+Fixes: 8ee82bda230f ("mmc: sdhci-pci: Add CQHCI support for Intel GLK")
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20191217095349.14592-2-adrian.hunter@intel.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci.c | 3 +++
+ drivers/mmc/host/sdhci.h | 2 ++
+ 2 files changed, 5 insertions(+)
+
+--- a/drivers/mmc/host/sdhci.c
++++ b/drivers/mmc/host/sdhci.c
+@@ -3549,6 +3549,9 @@ int sdhci_setup_host(struct sdhci_host *
+ mmc_hostname(mmc), host->version);
+ }
+
++ if (host->quirks & SDHCI_QUIRK_BROKEN_CQE)
++ mmc->caps2 &= ~MMC_CAP2_CQE;
++
+ if (host->quirks & SDHCI_QUIRK_FORCE_DMA)
+ host->flags |= SDHCI_USE_SDMA;
+ else if (!(host->caps & SDHCI_CAN_DO_SDMA))
+--- a/drivers/mmc/host/sdhci.h
++++ b/drivers/mmc/host/sdhci.h
+@@ -391,6 +391,8 @@ struct sdhci_host {
+ #define SDHCI_QUIRK_BROKEN_CARD_DETECTION (1<<15)
+ /* Controller reports inverted write-protect state */
+ #define SDHCI_QUIRK_INVERTED_WRITE_PROTECT (1<<16)
++/* Controller has unusable command queue engine */
++#define SDHCI_QUIRK_BROKEN_CQE (1<<17)
+ /* Controller does not like fast PIO transfers */
+ #define SDHCI_QUIRK_PIO_NEEDS_DELAY (1<<18)
+ /* Controller has to be forced to use block size of 2048 bytes */
--- /dev/null
+From fa56ac9792265354b565f28def7164e7d7db2b1e Mon Sep 17 00:00:00 2001
+From: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
+Date: Tue, 26 Nov 2019 10:19:16 +0000
+Subject: mmc: sdhci-msm: Correct the offset and value for DDR_CONFIG register
+
+From: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
+
+commit fa56ac9792265354b565f28def7164e7d7db2b1e upstream.
+
+The DDR_CONFIG register offset got updated after a specific
+minor version of sdcc V4. This offset change has not been properly
+taken care of while updating register changes for sdcc V5.
+
+Correcting proper offset for this register.
+Also updating this register value to reflect the recommended RCLK
+delay.
+
+Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
+Link: https://lore.kernel.org/r/0101016ea738ec72-fa0f852d-20f8-474a-80b2-4b0ef63b132c-000000@us-west-2.amazonses.com
+Fixes: f15358885dda ("mmc: sdhci-msm: Define new Register address map")
+Cc: stable@vger.kernel.org
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci-msm.c | 28 +++++++++++++++++++---------
+ 1 file changed, 19 insertions(+), 9 deletions(-)
+
+--- a/drivers/mmc/host/sdhci-msm.c
++++ b/drivers/mmc/host/sdhci-msm.c
+@@ -108,7 +108,7 @@
+
+ #define CORE_PWRSAVE_DLL BIT(3)
+
+-#define DDR_CONFIG_POR_VAL 0x80040853
++#define DDR_CONFIG_POR_VAL 0x80040873
+
+
+ #define INVALID_TUNING_PHASE -1
+@@ -157,8 +157,9 @@ struct sdhci_msm_offset {
+ u32 core_ddr_200_cfg;
+ u32 core_vendor_spec3;
+ u32 core_dll_config_2;
++ u32 core_dll_config_3;
++ u32 core_ddr_config_old; /* Applicable to sdcc minor ver < 0x49 */
+ u32 core_ddr_config;
+- u32 core_ddr_config_2;
+ };
+
+ static const struct sdhci_msm_offset sdhci_msm_v5_offset = {
+@@ -186,8 +187,8 @@ static const struct sdhci_msm_offset sdh
+ .core_ddr_200_cfg = 0x224,
+ .core_vendor_spec3 = 0x250,
+ .core_dll_config_2 = 0x254,
+- .core_ddr_config = 0x258,
+- .core_ddr_config_2 = 0x25c,
++ .core_dll_config_3 = 0x258,
++ .core_ddr_config = 0x25c,
+ };
+
+ static const struct sdhci_msm_offset sdhci_msm_mci_offset = {
+@@ -216,8 +217,8 @@ static const struct sdhci_msm_offset sdh
+ .core_ddr_200_cfg = 0x184,
+ .core_vendor_spec3 = 0x1b0,
+ .core_dll_config_2 = 0x1b4,
+- .core_ddr_config = 0x1b8,
+- .core_ddr_config_2 = 0x1bc,
++ .core_ddr_config_old = 0x1b8,
++ .core_ddr_config = 0x1bc,
+ };
+
+ struct sdhci_msm_variant_ops {
+@@ -260,6 +261,7 @@ struct sdhci_msm_host {
+ const struct sdhci_msm_offset *offset;
+ bool use_cdr;
+ u32 transfer_mode;
++ bool updated_ddr_cfg;
+ };
+
+ static const struct sdhci_msm_offset *sdhci_priv_msm_offset(struct sdhci_host *host)
+@@ -931,8 +933,10 @@ out:
+ static int sdhci_msm_cm_dll_sdc4_calibration(struct sdhci_host *host)
+ {
+ struct mmc_host *mmc = host->mmc;
+- u32 dll_status, config;
++ u32 dll_status, config, ddr_cfg_offset;
+ int ret;
++ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
++ struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host);
+ const struct sdhci_msm_offset *msm_offset =
+ sdhci_priv_msm_offset(host);
+
+@@ -945,8 +949,11 @@ static int sdhci_msm_cm_dll_sdc4_calibra
+ * bootloaders. In the future, if this changes, then the desired
+ * values will need to be programmed appropriately.
+ */
+- writel_relaxed(DDR_CONFIG_POR_VAL, host->ioaddr +
+- msm_offset->core_ddr_config);
++ if (msm_host->updated_ddr_cfg)
++ ddr_cfg_offset = msm_offset->core_ddr_config;
++ else
++ ddr_cfg_offset = msm_offset->core_ddr_config_old;
++ writel_relaxed(DDR_CONFIG_POR_VAL, host->ioaddr + ddr_cfg_offset);
+
+ if (mmc->ios.enhanced_strobe) {
+ config = readl_relaxed(host->ioaddr +
+@@ -1862,6 +1869,9 @@ static int sdhci_msm_probe(struct platfo
+ msm_offset->core_vendor_spec_capabilities0);
+ }
+
++ if (core_major == 1 && core_minor >= 0x49)
++ msm_host->updated_ddr_cfg = true;
++
+ /*
+ * Power on reset state may trigger power irq if previous status of
+ * PWRCTL was either BUS_ON or IO_HIGH_V. So before enabling pwr irq
--- /dev/null
+From fe0acab448f68c3146235afe03fb932e242ec94c Mon Sep 17 00:00:00 2001
+From: Yangbo Lu <yangbo.lu@nxp.com>
+Date: Mon, 16 Dec 2019 11:18:42 +0800
+Subject: mmc: sdhci-of-esdhc: fix P2020 errata handling
+
+From: Yangbo Lu <yangbo.lu@nxp.com>
+
+commit fe0acab448f68c3146235afe03fb932e242ec94c upstream.
+
+Two previous patches introduced below quirks for P2020 platforms.
+- SDHCI_QUIRK_RESET_AFTER_REQUEST
+- SDHCI_QUIRK_BROKEN_TIMEOUT_VAL
+
+The patches made a mistake to add them in quirks2 of sdhci_host
+structure, while they were defined for quirks.
+ host->quirks2 |= SDHCI_QUIRK_RESET_AFTER_REQUEST;
+ host->quirks2 |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL;
+
+This patch is to fix them.
+ host->quirks |= SDHCI_QUIRK_RESET_AFTER_REQUEST;
+ host->quirks |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL;
+
+Fixes: 05cb6b2a66fa ("mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support")
+Fixes: a46e42712596 ("mmc: sdhci-of-esdhc: add erratum eSDHC5 support")
+Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20191216031842.40068-1-yangbo.lu@nxp.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci-of-esdhc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/mmc/host/sdhci-of-esdhc.c
++++ b/drivers/mmc/host/sdhci-of-esdhc.c
+@@ -923,8 +923,8 @@ static int sdhci_esdhc_probe(struct plat
+ host->quirks &= ~SDHCI_QUIRK_NO_BUSY_IRQ;
+
+ if (of_find_compatible_node(NULL, NULL, "fsl,p2020-esdhc")) {
+- host->quirks2 |= SDHCI_QUIRK_RESET_AFTER_REQUEST;
+- host->quirks2 |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL;
++ host->quirks |= SDHCI_QUIRK_RESET_AFTER_REQUEST;
++ host->quirks |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL;
+ }
+
+ if (of_device_is_compatible(np, "fsl,p5040-esdhc") ||
--- /dev/null
+From 8b6dc6b2d60221e90703babbc141f063b8a07e72 Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Date: Wed, 4 Dec 2019 09:54:46 +0100
+Subject: mmc: sdhci-of-esdhc: Revert "mmc: sdhci-of-esdhc: add erratum A-009204 support"
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+commit 8b6dc6b2d60221e90703babbc141f063b8a07e72 upstream.
+
+This reverts commit 5dd195522562542bc6ebe6e7bd47890d8b7ca93c.
+
+First, the fix seems to be plain wrong, since the erratum suggests
+waiting 5ms before setting setting SYSCTL[RSTD], but this msleep()
+happens after the call of sdhci_reset() which is where that bit gets
+set (if SDHCI_RESET_DATA is in mask).
+
+Second, walking the whole device tree to figure out if some node has a
+"fsl,p2020-esdhc" compatible string is hugely expensive - about 70 to
+100 us on our mpc8309 board. Walking the device tree is done under a
+raw_spin_lock, so this is obviously really bad on an -rt system, and a
+waste of time on all.
+
+In fact, since esdhc_reset() seems to get called around 100 times per
+second, that mpc8309 now spends 0.8% of its time determining that
+it is not a p2020. Whether those 100 calls/s are normal or due to some
+other bug or misconfiguration, regularly hitting a 100 us
+non-preemptible window is unacceptable.
+
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20191204085447.27491-1-linux@rasmusvillemoes.dk
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci-of-esdhc.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/drivers/mmc/host/sdhci-of-esdhc.c
++++ b/drivers/mmc/host/sdhci-of-esdhc.c
+@@ -648,9 +648,6 @@ static void esdhc_reset(struct sdhci_hos
+ sdhci_writel(host, host->ier, SDHCI_INT_ENABLE);
+ sdhci_writel(host, host->ier, SDHCI_SIGNAL_ENABLE);
+
+- if (of_find_compatible_node(NULL, NULL, "fsl,p2020-esdhc"))
+- mdelay(5);
+-
+ if (mask & SDHCI_RESET_ALL) {
+ val = sdhci_readl(host, ESDHC_TBCTL);
+ val &= ~ESDHC_TB_EN;
--- /dev/null
+From 2c92dd20304f505b6ef43d206fff21bda8f1f0ae Mon Sep 17 00:00:00 2001
+From: Faiz Abbas <faiz_abbas@ti.com>
+Date: Fri, 6 Dec 2019 17:13:26 +0530
+Subject: mmc: sdhci: Update the tuning failed messages to pr_debug level
+
+From: Faiz Abbas <faiz_abbas@ti.com>
+
+commit 2c92dd20304f505b6ef43d206fff21bda8f1f0ae upstream.
+
+Tuning support in DDR50 speed mode was added in SD Specifications Part1
+Physical Layer Specification v3.01. Its not possible to distinguish
+between v3.00 and v3.01 from the SCR and that is why since
+commit 4324f6de6d2e ("mmc: core: enable CMD19 tuning for DDR50 mode")
+tuning failures are ignored in DDR50 speed mode.
+
+Cards compatible with v3.00 don't respond to CMD19 in DDR50 and this
+error gets printed during enumeration and also if retune is triggered at
+any time during operation. Update the printk level to pr_debug so that
+these errors don't lead to false error reports.
+
+Signed-off-by: Faiz Abbas <faiz_abbas@ti.com>
+Cc: stable@vger.kernel.org # v4.4+
+Link: https://lore.kernel.org/r/20191206114326.15856-1-faiz_abbas@ti.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/mmc/host/sdhci.c
++++ b/drivers/mmc/host/sdhci.c
+@@ -2244,8 +2244,8 @@ static void __sdhci_execute_tuning(struc
+ sdhci_send_tuning(host, opcode);
+
+ if (!host->tuning_done) {
+- pr_info("%s: Tuning timeout, falling back to fixed sampling clock\n",
+- mmc_hostname(host->mmc));
++ pr_debug("%s: Tuning timeout, falling back to fixed sampling clock\n",
++ mmc_hostname(host->mmc));
+ sdhci_abort_tuning(host, opcode);
+ return;
+ }
--- /dev/null
+From bedf9fc01ff1f40cfd1a79ccacedd9f3cd8e652a Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Tue, 17 Dec 2019 11:53:48 +0200
+Subject: mmc: sdhci: Workaround broken command queuing on Intel GLK
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit bedf9fc01ff1f40cfd1a79ccacedd9f3cd8e652a upstream.
+
+Command queuing has been reported broken on some Lenovo systems based on
+Intel GLK. This is likely a BIOS issue, so disable command queuing for
+Intel GLK if the BIOS vendor string is "LENOVO".
+
+Fixes: 8ee82bda230f ("mmc: sdhci-pci: Add CQHCI support for Intel GLK")
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20191217095349.14592-1-adrian.hunter@intel.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci-pci-core.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/drivers/mmc/host/sdhci-pci-core.c
++++ b/drivers/mmc/host/sdhci-pci-core.c
+@@ -30,6 +30,7 @@
+ #include <linux/mmc/slot-gpio.h>
+ #include <linux/mmc/sdhci-pci-data.h>
+ #include <linux/acpi.h>
++#include <linux/dmi.h>
+
+ #include "cqhci.h"
+
+@@ -732,11 +733,18 @@ static int byt_emmc_probe_slot(struct sd
+ return 0;
+ }
+
++static bool glk_broken_cqhci(struct sdhci_pci_slot *slot)
++{
++ return slot->chip->pdev->device == PCI_DEVICE_ID_INTEL_GLK_EMMC &&
++ dmi_match(DMI_BIOS_VENDOR, "LENOVO");
++}
++
+ static int glk_emmc_probe_slot(struct sdhci_pci_slot *slot)
+ {
+ int ret = byt_emmc_probe_slot(slot);
+
+- slot->host->mmc->caps2 |= MMC_CAP2_CQE;
++ if (!glk_broken_cqhci(slot))
++ slot->host->mmc->caps2 |= MMC_CAP2_CQE;
+
+ if (slot->chip->pdev->device != PCI_DEVICE_ID_INTEL_GLK_EMMC) {
+ slot->host->mmc->caps2 |= MMC_CAP2_HS400_ES,
--- /dev/null
+From 1c05839aa973cfae8c3db964a21f9c0eef8fcc21 Mon Sep 17 00:00:00 2001
+From: Mike Christie <mchristi@redhat.com>
+Date: Sun, 8 Dec 2019 16:51:50 -0600
+Subject: nbd: fix shutdown and recv work deadlock v2
+
+From: Mike Christie <mchristi@redhat.com>
+
+commit 1c05839aa973cfae8c3db964a21f9c0eef8fcc21 upstream.
+
+This fixes a regression added with:
+
+commit e9e006f5fcf2bab59149cb38a48a4817c1b538b4
+Author: Mike Christie <mchristi@redhat.com>
+Date: Sun Aug 4 14:10:06 2019 -0500
+
+ nbd: fix max number of supported devs
+
+where we can deadlock during device shutdown. The problem occurs if
+the recv_work's nbd_config_put occurs after nbd_start_device_ioctl has
+returned and the userspace app has droppped its reference via closing
+the device and running nbd_release. The recv_work nbd_config_put call
+would then drop the refcount to zero and try to destroy the config which
+would try to do destroy_workqueue from the recv work.
+
+This patch just has nbd_start_device_ioctl do a flush_workqueue when it
+wakes so we know after the ioctl returns running works have exited. This
+also fixes a possible race where we could try to reuse the device while
+old recv_works are still running.
+
+Cc: stable@vger.kernel.org
+Fixes: e9e006f5fcf2 ("nbd: fix max number of supported devs")
+Signed-off-by: Mike Christie <mchristi@redhat.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/block/nbd.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/block/nbd.c
++++ b/drivers/block/nbd.c
+@@ -1247,10 +1247,10 @@ static int nbd_start_device_ioctl(struct
+ mutex_unlock(&nbd->config_lock);
+ ret = wait_event_interruptible(config->recv_wq,
+ atomic_read(&config->recv_threads) == 0);
+- if (ret) {
++ if (ret)
+ sock_shutdown(nbd);
+- flush_workqueue(nbd->recv_workq);
+- }
++ flush_workqueue(nbd->recv_workq);
++
+ mutex_lock(&nbd->config_lock);
+ nbd_bdev_reset(bdev);
+ /* user requested, ignore socket errors */
--- /dev/null
+From 099bc4812f09155da77eeb960a983470249c9ce1 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Mon, 9 Dec 2019 06:19:08 +0000
+Subject: powerpc/irq: fix stack overflow verification
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 099bc4812f09155da77eeb960a983470249c9ce1 upstream.
+
+Before commit 0366a1c70b89 ("powerpc/irq: Run softirqs off the top of
+the irq stack"), check_stack_overflow() was called by do_IRQ(), before
+switching to the irq stack.
+In that commit, do_IRQ() was renamed __do_irq(), and is now executing
+on the irq stack, so check_stack_overflow() has just become almost
+useless.
+
+Move check_stack_overflow() call in do_IRQ() to do the check while
+still on the current stack.
+
+Fixes: 0366a1c70b89 ("powerpc/irq: Run softirqs off the top of the irq stack")
+Cc: stable@vger.kernel.org
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/e033aa8116ab12b7ca9a9c75189ad0741e3b9b5f.1575872340.git.christophe.leroy@c-s.fr
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/irq.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/powerpc/kernel/irq.c
++++ b/arch/powerpc/kernel/irq.c
+@@ -634,8 +634,6 @@ void __do_irq(struct pt_regs *regs)
+
+ trace_irq_entry(regs);
+
+- check_stack_overflow();
+-
+ /*
+ * Query the platform PIC for the interrupt & ack it.
+ *
+@@ -667,6 +665,8 @@ void do_IRQ(struct pt_regs *regs)
+ irqtp = hardirq_ctx[raw_smp_processor_id()];
+ sirqtp = softirq_ctx[raw_smp_processor_id()];
+
++ check_stack_overflow();
++
+ /* Already there ? */
+ if (unlikely(curtp == irqtp || curtp == sirqtp)) {
+ __do_irq(regs);
--- /dev/null
+From 14c73bd344da60abaf7da3ea2e7733ddda35bbac Mon Sep 17 00:00:00 2001
+From: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
+Date: Thu, 5 Dec 2019 14:02:17 +0530
+Subject: powerpc/vcpu: Assume dedicated processors as non-preempt
+
+From: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
+
+commit 14c73bd344da60abaf7da3ea2e7733ddda35bbac upstream.
+
+With commit 247f2f6f3c70 ("sched/core: Don't schedule threads on
+pre-empted vCPUs"), the scheduler avoids preempted vCPUs to schedule
+tasks on wakeup. This leads to wrong choice of CPU, which in-turn
+leads to larger wakeup latencies. Eventually, it leads to performance
+regression in latency sensitive benchmarks like soltp, schbench etc.
+
+On Powerpc, vcpu_is_preempted() only looks at yield_count. If the
+yield_count is odd, the vCPU is assumed to be preempted. However
+yield_count is increased whenever the LPAR enters CEDE state (idle).
+So any CPU that has entered CEDE state is assumed to be preempted.
+
+Even if vCPU of dedicated LPAR is preempted/donated, it should have
+right of first-use since they are supposed to own the vCPU.
+
+On a Power9 System with 32 cores:
+ # lscpu
+ Architecture: ppc64le
+ Byte Order: Little Endian
+ CPU(s): 128
+ On-line CPU(s) list: 0-127
+ Thread(s) per core: 8
+ Core(s) per socket: 1
+ Socket(s): 16
+ NUMA node(s): 2
+ Model: 2.2 (pvr 004e 0202)
+ Model name: POWER9 (architected), altivec supported
+ Hypervisor vendor: pHyp
+ Virtualization type: para
+ L1d cache: 32K
+ L1i cache: 32K
+ L2 cache: 512K
+ L3 cache: 10240K
+ NUMA node0 CPU(s): 0-63
+ NUMA node1 CPU(s): 64-127
+
+ # perf stat -a -r 5 ./schbench
+ v5.4 v5.4 + patch
+ Latency percentiles (usec) Latency percentiles (usec)
+ 50.0000th: 45 50.0th: 45
+ 75.0000th: 62 75.0th: 63
+ 90.0000th: 71 90.0th: 74
+ 95.0000th: 77 95.0th: 78
+ *99.0000th: 91 *99.0th: 82
+ 99.5000th: 707 99.5th: 83
+ 99.9000th: 6920 99.9th: 86
+ min=0, max=10048 min=0, max=96
+ Latency percentiles (usec) Latency percentiles (usec)
+ 50.0000th: 45 50.0th: 46
+ 75.0000th: 61 75.0th: 64
+ 90.0000th: 72 90.0th: 75
+ 95.0000th: 79 95.0th: 79
+ *99.0000th: 691 *99.0th: 83
+ 99.5000th: 3972 99.5th: 85
+ 99.9000th: 8368 99.9th: 91
+ min=0, max=16606 min=0, max=117
+ Latency percentiles (usec) Latency percentiles (usec)
+ 50.0000th: 45 50.0th: 46
+ 75.0000th: 61 75.0th: 64
+ 90.0000th: 71 90.0th: 75
+ 95.0000th: 77 95.0th: 79
+ *99.0000th: 106 *99.0th: 83
+ 99.5000th: 2364 99.5th: 84
+ 99.9000th: 7480 99.9th: 90
+ min=0, max=10001 min=0, max=95
+ Latency percentiles (usec) Latency percentiles (usec)
+ 50.0000th: 45 50.0th: 47
+ 75.0000th: 62 75.0th: 65
+ 90.0000th: 72 90.0th: 75
+ 95.0000th: 78 95.0th: 79
+ *99.0000th: 93 *99.0th: 84
+ 99.5000th: 108 99.5th: 85
+ 99.9000th: 6792 99.9th: 90
+ min=0, max=17681 min=0, max=117
+ Latency percentiles (usec) Latency percentiles (usec)
+ 50.0000th: 46 50.0th: 45
+ 75.0000th: 62 75.0th: 64
+ 90.0000th: 73 90.0th: 75
+ 95.0000th: 79 95.0th: 79
+ *99.0000th: 113 *99.0th: 82
+ 99.5000th: 2724 99.5th: 83
+ 99.9000th: 6184 99.9th: 93
+ min=0, max=9887 min=0, max=111
+
+ Performance counter stats for 'system wide' (5 runs):
+
+ context-switches 43,373 ( +- 0.40% ) 44,597 ( +- 0.55% )
+ cpu-migrations 1,211 ( +- 5.04% ) 220 ( +- 6.23% )
+ page-faults 15,983 ( +- 5.21% ) 15,360 ( +- 3.38% )
+
+Waiman Long suggested using static_keys.
+
+Fixes: 247f2f6f3c70 ("sched/core: Don't schedule threads on pre-empted vCPUs")
+Cc: stable@vger.kernel.org # v4.18+
+Reported-by: Parth Shah <parth@linux.ibm.com>
+Reported-by: Ihor Pasichnyk <Ihor.Pasichnyk@ibm.com>
+Tested-by: Juri Lelli <juri.lelli@redhat.com>
+Acked-by: Waiman Long <longman@redhat.com>
+Reviewed-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
+Signed-off-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
+Acked-by: Phil Auld <pauld@redhat.com>
+Reviewed-by: Vaidyanathan Srinivasan <svaidy@linux.ibm.com>
+Tested-by: Parth Shah <parth@linux.ibm.com>
+[mpe: Move the key and setting of the key to pseries/setup.c]
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20191213035036.6913-1-mpe@ellerman.id.au
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/include/asm/spinlock.h | 4 +++-
+ arch/powerpc/platforms/pseries/setup.c | 7 +++++++
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+--- a/arch/powerpc/include/asm/spinlock.h
++++ b/arch/powerpc/include/asm/spinlock.h
+@@ -53,10 +53,12 @@
+ #endif
+
+ #ifdef CONFIG_PPC_PSERIES
++DECLARE_STATIC_KEY_FALSE(shared_processor);
++
+ #define vcpu_is_preempted vcpu_is_preempted
+ static inline bool vcpu_is_preempted(int cpu)
+ {
+- if (!firmware_has_feature(FW_FEATURE_SPLPAR))
++ if (!static_branch_unlikely(&shared_processor))
+ return false;
+ return !!(be32_to_cpu(lppaca_of(cpu).yield_count) & 1);
+ }
+--- a/arch/powerpc/platforms/pseries/setup.c
++++ b/arch/powerpc/platforms/pseries/setup.c
+@@ -75,6 +75,9 @@
+ #include "pseries.h"
+ #include "../../../../drivers/pci/pci.h"
+
++DEFINE_STATIC_KEY_FALSE(shared_processor);
++EXPORT_SYMBOL_GPL(shared_processor);
++
+ int CMO_PrPSP = -1;
+ int CMO_SecPSP = -1;
+ unsigned long CMO_PageSize = (ASM_CONST(1) << IOMMU_PAGE_SHIFT_4K);
+@@ -761,6 +764,10 @@ static void __init pSeries_setup_arch(vo
+
+ if (firmware_has_feature(FW_FEATURE_LPAR)) {
+ vpa_init(boot_cpuid);
++
++ if (lppaca_shared_proc(get_lppaca()))
++ static_branch_enable(&shared_processor);
++
+ ppc_md.power_save = pseries_lpar_idle;
+ ppc_md.enable_pmcs = pseries_lpar_enable_pmcs;
+ #ifdef CONFIG_PCI_IOV
intel_th-pci-add-elkhart-lake-soc-support.patch
platform-x86-hp-wmi-make-buffer-for-hpwmi_feature2_query-128-bytes.patch
staging-comedi-gsc_hpdi-check-dma_alloc_coherent-return-value.patch
+ext4-fix-ext4_empty_dir-for-directories-with-holes.patch
+ext4-check-for-directory-entries-too-close-to-block-end.patch
+ext4-unlock-on-error-in-ext4_expand_extra_isize.patch
+kvm-arm64-ensure-params-is-initialised-when-looking-up-sys-register.patch
+x86-mce-amd-do-not-use-rdmsr_safe_on_cpu-in-smca_configure.patch
+x86-mce-amd-allow-reserved-types-to-be-overwritten-in-smca_banks.patch
+powerpc-vcpu-assume-dedicated-processors-as-non-preempt.patch
+powerpc-irq-fix-stack-overflow-verification.patch
+mmc-sdhci-msm-correct-the-offset-and-value-for-ddr_config-register.patch
+mmc-sdhci-of-esdhc-revert-mmc-sdhci-of-esdhc-add-erratum-a-009204-support.patch
+mmc-sdhci-update-the-tuning-failed-messages-to-pr_debug-level.patch
+mmc-sdhci-of-esdhc-fix-p2020-errata-handling.patch
+mmc-sdhci-workaround-broken-command-queuing-on-intel-glk.patch
+mmc-sdhci-add-a-quirk-for-broken-command-queuing.patch
+nbd-fix-shutdown-and-recv-work-deadlock-v2.patch
--- /dev/null
+From 966af20929ac24360ba3fac5533eb2ab003747da Mon Sep 17 00:00:00 2001
+From: Yazen Ghannam <yazen.ghannam@amd.com>
+Date: Thu, 21 Nov 2019 08:15:08 -0600
+Subject: x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks[]
+
+From: Yazen Ghannam <yazen.ghannam@amd.com>
+
+commit 966af20929ac24360ba3fac5533eb2ab003747da upstream.
+
+Each logical CPU in Scalable MCA systems controls a unique set of MCA
+banks in the system. These banks are not shared between CPUs. The bank
+types and ordering will be the same across CPUs on currently available
+systems.
+
+However, some CPUs may see a bank as Reserved/Read-as-Zero (RAZ) while
+other CPUs do not. In this case, the bank seen as Reserved on one CPU is
+assumed to be the same type as the bank seen as a known type on another
+CPU.
+
+In general, this occurs when the hardware represented by the MCA bank
+is disabled, e.g. disabled memory controllers on certain models, etc.
+The MCA bank is disabled in the hardware, so there is no possibility of
+getting an MCA/MCE from it even if it is assumed to have a known type.
+
+For example:
+
+Full system:
+ Bank | Type seen on CPU0 | Type seen on CPU1
+ ------------------------------------------------
+ 0 | LS | LS
+ 1 | UMC | UMC
+ 2 | CS | CS
+
+System with hardware disabled:
+ Bank | Type seen on CPU0 | Type seen on CPU1
+ ------------------------------------------------
+ 0 | LS | LS
+ 1 | UMC | RAZ
+ 2 | CS | CS
+
+For this reason, there is a single, global struct smca_banks[] that is
+initialized at boot time. This array is initialized on each CPU as it
+comes online. However, the array will not be updated if an entry already
+exists.
+
+This works as expected when the first CPU (usually CPU0) has all
+possible MCA banks enabled. But if the first CPU has a subset, then it
+will save a "Reserved" type in smca_banks[]. Successive CPUs will then
+not be able to update smca_banks[] even if they encounter a known bank
+type.
+
+This may result in unexpected behavior. Depending on the system
+configuration, a user may observe issues enumerating the MCA
+thresholding sysfs interface. The issues may be as trivial as sysfs
+entries not being available, or as severe as system hangs.
+
+For example:
+
+ Bank | Type seen on CPU0 | Type seen on CPU1
+ ------------------------------------------------
+ 0 | LS | LS
+ 1 | RAZ | UMC
+ 2 | CS | CS
+
+Extend the smca_banks[] entry check to return if the entry is a
+non-reserved type. Otherwise, continue so that CPUs that encounter a
+known bank type can update smca_banks[].
+
+Fixes: 68627a697c19 ("x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type")
+Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: linux-edac <linux-edac@vger.kernel.org>
+Cc: <stable@vger.kernel.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Tony Luck <tony.luck@intel.com>
+Cc: x86-ml <x86@kernel.org>
+Link: https://lkml.kernel.org/r/20191121141508.141273-1-Yazen.Ghannam@amd.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/mcheck/mce_amd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c
++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c
+@@ -228,7 +228,7 @@ static void smca_configure(unsigned int
+ }
+
+ /* Return early if this bank was already initialized. */
+- if (smca_banks[bank].hwid)
++ if (smca_banks[bank].hwid && smca_banks[bank].hwid->hwid_mcatype != 0)
+ return;
+
+ if (rdmsr_safe(MSR_AMD64_SMCA_MCx_IPID(bank), &low, &high)) {
--- /dev/null
+From 246ff09f89e54fdf740a8d496176c86743db3ec7 Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Date: Thu, 31 Oct 2019 16:04:48 +0300
+Subject: x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure()
+
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+
+commit 246ff09f89e54fdf740a8d496176c86743db3ec7 upstream.
+
+... because interrupts are disabled that early and sending IPIs can
+deadlock:
+
+ BUG: sleeping function called from invalid context at kernel/sched/completion.c:99
+ in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1
+ no locks held by swapper/1/0.
+ irq event stamp: 0
+ hardirqs last enabled at (0): [<0000000000000000>] 0x0
+ hardirqs last disabled at (0): [<ffffffff8106dda9>] copy_process+0x8b9/0x1ca0
+ softirqs last enabled at (0): [<ffffffff8106dda9>] copy_process+0x8b9/0x1ca0
+ softirqs last disabled at (0): [<0000000000000000>] 0x0
+ Preemption disabled at:
+ [<ffffffff8104703b>] start_secondary+0x3b/0x190
+ CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.5.0-rc2+ #1
+ Hardware name: GIGABYTE MZ01-CE1-00/MZ01-CE1-00, BIOS F02 08/29/2018
+ Call Trace:
+ dump_stack
+ ___might_sleep.cold.92
+ wait_for_completion
+ ? generic_exec_single
+ rdmsr_safe_on_cpu
+ ? wrmsr_on_cpus
+ mce_amd_feature_init
+ mcheck_cpu_init
+ identify_cpu
+ identify_secondary_cpu
+ smp_store_cpu_info
+ start_secondary
+ secondary_startup_64
+
+The function smca_configure() is called only on the current CPU anyway,
+therefore replace rdmsr_safe_on_cpu() with atomic rdmsr_safe() and avoid
+the IPI.
+
+ [ bp: Update commit message. ]
+
+Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Yazen Ghannam <yazen.ghannam@amd.com>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: linux-edac <linux-edac@vger.kernel.org>
+Cc: <stable@vger.kernel.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Tony Luck <tony.luck@intel.com>
+Cc: x86-ml <x86@kernel.org>
+Link: https://lkml.kernel.org/r/157252708836.3876.4604398213417262402.stgit@buzz
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/mcheck/mce_amd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c
++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c
+@@ -231,7 +231,7 @@ static void smca_configure(unsigned int
+ if (smca_banks[bank].hwid)
+ return;
+
+- if (rdmsr_safe_on_cpu(cpu, MSR_AMD64_SMCA_MCx_IPID(bank), &low, &high)) {
++ if (rdmsr_safe(MSR_AMD64_SMCA_MCx_IPID(bank), &low, &high)) {
+ pr_warn("Failed to read MCA_IPID for bank %d\n", bank);
+ return;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
