--- /dev/null
+From 2739f30a2827660d3c1f925450df4f3516193463 Mon Sep 17 00:00:00 2001
+From: Charles Keepax <ckeepax@opensource.cirrus.com>
+Date: Thu, 18 Jul 2019 09:43:33 +0100
+Subject: ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
+
+[ Upstream commit 8dd26dff00c0636b1d8621acaeef3f6f3a39dd77 ]
+
+DPCM uses snd_soc_dapm_dai_get_connected_widgets to build a
+list of the widgets connected to a specific front end DAI so it
+can search through this list for available back end DAIs. The
+custom_stop_condition was added to is_connected_ep to facilitate this
+list not containing more widgets than is necessary. Doing so both
+speeds up the DPCM handling as less widgets need to be searched and
+avoids issues with CODEC to CODEC links as these would be confused
+with back end DAIs if they appeared in the list of available widgets.
+
+custom_stop_condition was implemented by aborting the graph walk
+when the condition is triggered, however there is an issue with this
+approach. Whilst walking the graph is_connected_ep should update the
+endpoints cache on each widget, if the walk is aborted the number
+of attached end points is unknown for that sub-graph. When the stop
+condition triggered, the original patch ignored the triggering widget
+and returned zero connected end points; a later patch updated this
+to set the triggering widget's cache to 1 and return that. Both of
+these approaches result in inaccurate values being stored in various
+end point caches as the values propagate back through the graph,
+which can result in later issues with widgets powering/not powering
+unexpectedly.
+
+As the original goal was to reduce the size of the widget list passed
+to the DPCM code, the simplest solution is to limit the functionality
+of the custom_stop_condition to the widget list. This means the rest
+of the graph will still be processed resulting in correct end point
+caches, but only widgets up to the stop condition will be added to the
+returned widget list.
+
+Fixes: 6742064aef7f ("ASoC: dapm: support user-defined stop condition in dai_get_connected_widgets")
+Fixes: 5fdd022c2026 ("ASoC: dpcm: play nice with CODEC<->CODEC links")
+Fixes: 09464974eaa8 ("ASoC: dapm: Fix to return correct path list in is_connected_ep.")
+Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
+Link: https://lore.kernel.org/r/20190718084333.15598-1-ckeepax@opensource.cirrus.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/soc-dapm.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
+index b4c8ba412a5c1..104d5f487c7d1 100644
+--- a/sound/soc/soc-dapm.c
++++ b/sound/soc/soc-dapm.c
+@@ -1152,8 +1152,8 @@ static __always_inline int is_connected_ep(struct snd_soc_dapm_widget *widget,
+ list_add_tail(&widget->work_list, list);
+
+ if (custom_stop_condition && custom_stop_condition(widget, dir)) {
+- widget->endpoints[dir] = 1;
+- return widget->endpoints[dir];
++ list = NULL;
++ custom_stop_condition = NULL;
+ }
+
+ if ((widget->is_ep & SND_SOC_DAPM_DIR_TO_EP(dir)) && widget->connected) {
+@@ -1190,8 +1190,8 @@ static __always_inline int is_connected_ep(struct snd_soc_dapm_widget *widget,
+ *
+ * Optionally, can be supplied with a function acting as a stopping condition.
+ * This function takes the dapm widget currently being examined and the walk
+- * direction as an arguments, it should return true if the walk should be
+- * stopped and false otherwise.
++ * direction as an arguments, it should return true if widgets from that point
++ * in the graph onwards should not be added to the widget list.
+ */
+ static int is_connected_output_ep(struct snd_soc_dapm_widget *widget,
+ struct list_head *list,
+--
+2.20.1
+
--- /dev/null
+From 93ce5f2035977497c1e0d5c7cfad97318ab611e7 Mon Sep 17 00:00:00 2001
+From: Ricard Wanderlof <ricard.wanderlof@axis.com>
+Date: Wed, 24 Jul 2019 11:38:44 +0200
+Subject: ASoC: Fail card instantiation if DAI format setup fails
+
+[ Upstream commit 40aa5383e393d72f6aa3943a4e7b1aae25a1e43b ]
+
+If the DAI format setup fails, there is no valid communication format
+between CPU and CODEC, so fail card instantiation, rather than continue
+with a card that will most likely not function properly.
+
+Signed-off-by: Ricard Wanderlof <ricardw@axis.com>
+Link: https://lore.kernel.org/r/alpine.DEB.2.20.1907241132350.6338@lnxricardw1.se.axis.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/soc-core.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c
+index 42c2a3065b779..ff5206f5455d9 100644
+--- a/sound/soc/soc-core.c
++++ b/sound/soc/soc-core.c
+@@ -1757,8 +1757,11 @@ static int soc_probe_link_dais(struct snd_soc_card *card,
+ }
+ }
+
+- if (dai_link->dai_fmt)
+- snd_soc_runtime_set_dai_fmt(rtd, dai_link->dai_fmt);
++ if (dai_link->dai_fmt) {
++ ret = snd_soc_runtime_set_dai_fmt(rtd, dai_link->dai_fmt);
++ if (ret)
++ return ret;
++ }
+
+ ret = soc_post_component_init(rtd, dai_link->name);
+ if (ret)
+--
+2.20.1
+
--- /dev/null
+From b1b184456d28d3f1dc20c5774bd5fa9de2fb19a8 Mon Sep 17 00:00:00 2001
+From: Peter Ujfalusi <peter.ujfalusi@ti.com>
+Date: Fri, 26 Jul 2019 09:42:43 +0300
+Subject: ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
+
+[ Upstream commit 1e112c35e3c96db7c8ca6ddaa96574f00c06e7db ]
+
+The slot_width is a property for the bus while the constraint for
+SNDRV_PCM_HW_PARAM_SAMPLE_BITS is for the in memory format.
+
+Applying slot_width constraint to sample_bits works most of the time, but
+it will blacklist valid formats in some cases.
+
+With slot_width 24 we can support S24_3LE and S24_LE formats as they both
+look the same on the bus, but a a 24 constraint on sample_bits would not
+allow S24_LE as it is stored in 32bits in memory.
+
+Implement a simple hw_rule function to allow all formats which require less
+or equal number of bits on the bus as slot_width (if configured).
+
+Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
+Link: https://lore.kernel.org/r/20190726064244.3762-2-peter.ujfalusi@ti.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/davinci/davinci-mcasp.c | 43 ++++++++++++++++++++++++-------
+ 1 file changed, 34 insertions(+), 9 deletions(-)
+
+diff --git a/sound/soc/davinci/davinci-mcasp.c b/sound/soc/davinci/davinci-mcasp.c
+index 9aa741d272798..0480ec4c80354 100644
+--- a/sound/soc/davinci/davinci-mcasp.c
++++ b/sound/soc/davinci/davinci-mcasp.c
+@@ -1158,6 +1158,28 @@ static int davinci_mcasp_trigger(struct snd_pcm_substream *substream,
+ return ret;
+ }
+
++static int davinci_mcasp_hw_rule_slot_width(struct snd_pcm_hw_params *params,
++ struct snd_pcm_hw_rule *rule)
++{
++ struct davinci_mcasp_ruledata *rd = rule->private;
++ struct snd_mask *fmt = hw_param_mask(params, SNDRV_PCM_HW_PARAM_FORMAT);
++ struct snd_mask nfmt;
++ int i, slot_width;
++
++ snd_mask_none(&nfmt);
++ slot_width = rd->mcasp->slot_width;
++
++ for (i = 0; i <= SNDRV_PCM_FORMAT_LAST; i++) {
++ if (snd_mask_test(fmt, i)) {
++ if (snd_pcm_format_width(i) <= slot_width) {
++ snd_mask_set(&nfmt, i);
++ }
++ }
++ }
++
++ return snd_mask_refine(fmt, &nfmt);
++}
++
+ static const unsigned int davinci_mcasp_dai_rates[] = {
+ 8000, 11025, 16000, 22050, 32000, 44100, 48000, 64000,
+ 88200, 96000, 176400, 192000,
+@@ -1251,7 +1273,7 @@ static int davinci_mcasp_startup(struct snd_pcm_substream *substream,
+ struct davinci_mcasp_ruledata *ruledata =
+ &mcasp->ruledata[substream->stream];
+ u32 max_channels = 0;
+- int i, dir;
++ int i, dir, ret;
+ int tdm_slots = mcasp->tdm_slots;
+
+ /* Do not allow more then one stream per direction */
+@@ -1280,6 +1302,7 @@ static int davinci_mcasp_startup(struct snd_pcm_substream *substream,
+ max_channels++;
+ }
+ ruledata->serializers = max_channels;
++ ruledata->mcasp = mcasp;
+ max_channels *= tdm_slots;
+ /*
+ * If the already active stream has less channels than the calculated
+@@ -1305,20 +1328,22 @@ static int davinci_mcasp_startup(struct snd_pcm_substream *substream,
+ 0, SNDRV_PCM_HW_PARAM_CHANNELS,
+ &mcasp->chconstr[substream->stream]);
+
+- if (mcasp->slot_width)
+- snd_pcm_hw_constraint_minmax(substream->runtime,
+- SNDRV_PCM_HW_PARAM_SAMPLE_BITS,
+- 8, mcasp->slot_width);
++ if (mcasp->slot_width) {
++ /* Only allow formats require <= slot_width bits on the bus */
++ ret = snd_pcm_hw_rule_add(substream->runtime, 0,
++ SNDRV_PCM_HW_PARAM_FORMAT,
++ davinci_mcasp_hw_rule_slot_width,
++ ruledata,
++ SNDRV_PCM_HW_PARAM_FORMAT, -1);
++ if (ret)
++ return ret;
++ }
+
+ /*
+ * If we rely on implicit BCLK divider setting we should
+ * set constraints based on what we can provide.
+ */
+ if (mcasp->bclk_master && mcasp->bclk_div == 0 && mcasp->sysclk_freq) {
+- int ret;
+-
+- ruledata->mcasp = mcasp;
+-
+ ret = snd_pcm_hw_rule_add(substream->runtime, 0,
+ SNDRV_PCM_HW_PARAM_RATE,
+ davinci_mcasp_hw_rule_rate,
+--
+2.20.1
+
--- /dev/null
+From 83a53660f4718ad4c0bcc23ebc305037651070aa Mon Sep 17 00:00:00 2001
+From: Thomas Falcon <tlfalcon@linux.ibm.com>
+Date: Tue, 16 Jul 2019 17:25:10 -0500
+Subject: bonding: Force slave speed check after link state recovery for
+ 802.3ad
+
+[ Upstream commit 12185dfe44360f814ac4ead9d22ad2af7511b2e9 ]
+
+The following scenario was encountered during testing of logical
+partition mobility on pseries partitions with bonded ibmvnic
+adapters in LACP mode.
+
+1. Driver receives a signal that the device has been
+ swapped, and it needs to reset to initialize the new
+ device.
+
+2. Driver reports loss of carrier and begins initialization.
+
+3. Bonding driver receives NETDEV_CHANGE notifier and checks
+ the slave's current speed and duplex settings. Because these
+ are unknown at the time, the bond sets its link state to
+ BOND_LINK_FAIL and handles the speed update, clearing
+ AD_PORT_LACP_ENABLE.
+
+4. Driver finishes recovery and reports that the carrier is on.
+
+5. Bond receives a new notification and checks the speed again.
+ The speeds are valid but miimon has not altered the link
+ state yet. AD_PORT_LACP_ENABLE remains off.
+
+Because the slave's link state is still BOND_LINK_FAIL,
+no further port checks are made when it recovers. Though
+the slave devices are operational and have valid speed
+and duplex settings, the bond will not send LACPDU's. The
+simplest fix I can see is to force another speed check
+in bond_miimon_commit. This way the bond will update
+AD_PORT_LACP_ENABLE if needed when transitioning from
+BOND_LINK_FAIL to BOND_LINK_UP.
+
+CC: Jarod Wilson <jarod@redhat.com>
+CC: Jay Vosburgh <j.vosburgh@gmail.com>
+CC: Veaceslav Falico <vfalico@gmail.com>
+CC: Andy Gospodarek <andy@greyhouse.net>
+Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/bonding/bond_main.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
+index 60d0c270af85a..c1eeba1906fdb 100644
+--- a/drivers/net/bonding/bond_main.c
++++ b/drivers/net/bonding/bond_main.c
+@@ -2153,6 +2153,15 @@ static void bond_miimon_commit(struct bonding *bond)
+ bond_for_each_slave(bond, slave, iter) {
+ switch (slave->new_link) {
+ case BOND_LINK_NOCHANGE:
++ /* For 802.3ad mode, check current slave speed and
++ * duplex again in case its port was disabled after
++ * invalid speed/duplex reporting but recovered before
++ * link monitoring could make a decision on the actual
++ * link status
++ */
++ if (BOND_MODE(bond) == BOND_MODE_8023AD &&
++ slave->link == BOND_LINK_UP)
++ bond_3ad_adapter_speed_duplex_changed(slave);
+ continue;
+
+ case BOND_LINK_UP:
+--
+2.20.1
+
--- /dev/null
+From c685d022f4875de005e150dfda00cf21cdf72d89 Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
+Date: Mon, 24 Jun 2019 08:34:13 +0000
+Subject: can: dev: call netif_carrier_off() in register_candev()
+
+[ Upstream commit c63845609c4700488e5eacd6ab4d06d5d420e5ef ]
+
+CONFIG_CAN_LEDS is deprecated. When trying to use the generic netdev
+trigger as suggested, there's a small inconsistency with the link
+property: The LED is on initially, stays on when the device is brought
+up, and then turns off (as expected) when the device is brought down.
+
+Make sure the LED always reflects the state of the CAN device.
+
+Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
+Acked-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/can/dev.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
+index 7d61d8801220e..d92113db4fb97 100644
+--- a/drivers/net/can/dev.c
++++ b/drivers/net/can/dev.c
+@@ -1217,6 +1217,8 @@ int register_candev(struct net_device *dev)
+ return -EINVAL;
+
+ dev->rtnl_link_ops = &can_link_ops;
++ netif_carrier_off(dev);
++
+ return register_netdev(dev);
+ }
+ EXPORT_SYMBOL_GPL(register_candev);
+--
+2.20.1
+
--- /dev/null
+From 9a355996390ae93bef22a247cab806575a1ce807 Mon Sep 17 00:00:00 2001
+From: Wang Xiayang <xywang.sjtu@sjtu.edu.cn>
+Date: Wed, 31 Jul 2019 15:25:59 +0800
+Subject: can: peak_usb: force the string buffer NULL-terminated
+
+[ Upstream commit e787f19373b8a5fa24087800ed78314fd17b984a ]
+
+strncpy() does not ensure NULL-termination when the input string size
+equals to the destination buffer size IFNAMSIZ. The output string is
+passed to dev_info() which relies on the NULL-termination.
+
+Use strlcpy() instead.
+
+This issue is identified by a Coccinelle script.
+
+Signed-off-by: Wang Xiayang <xywang.sjtu@sjtu.edu.cn>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/can/usb/peak_usb/pcan_usb_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_core.c b/drivers/net/can/usb/peak_usb/pcan_usb_core.c
+index d68c79f9a4b95..059282a6065c6 100644
+--- a/drivers/net/can/usb/peak_usb/pcan_usb_core.c
++++ b/drivers/net/can/usb/peak_usb/pcan_usb_core.c
+@@ -881,7 +881,7 @@ static void peak_usb_disconnect(struct usb_interface *intf)
+
+ dev_prev_siblings = dev->prev_siblings;
+ dev->state &= ~PCAN_USB_STATE_CONNECTED;
+- strncpy(name, netdev->name, IFNAMSIZ);
++ strlcpy(name, netdev->name, IFNAMSIZ);
+
+ unregister_netdev(netdev);
+
+--
+2.20.1
+
--- /dev/null
+From 4acad4d9a97f6106372e2c82ba4e17899bcc13f1 Mon Sep 17 00:00:00 2001
+From: Wang Xiayang <xywang.sjtu@sjtu.edu.cn>
+Date: Wed, 31 Jul 2019 15:31:14 +0800
+Subject: can: sja1000: force the string buffer NULL-terminated
+
+[ Upstream commit cd28aa2e056cd1ea79fc5f24eed0ce868c6cab5c ]
+
+strncpy() does not ensure NULL-termination when the input string size
+equals to the destination buffer size IFNAMSIZ. The output string
+'name' is passed to dev_info which relies on NULL-termination.
+
+Use strlcpy() instead.
+
+This issue is identified by a Coccinelle script.
+
+Signed-off-by: Wang Xiayang <xywang.sjtu@sjtu.edu.cn>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/can/sja1000/peak_pcmcia.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/can/sja1000/peak_pcmcia.c b/drivers/net/can/sja1000/peak_pcmcia.c
+index dd56133cc4616..fc9f8b01ecae2 100644
+--- a/drivers/net/can/sja1000/peak_pcmcia.c
++++ b/drivers/net/can/sja1000/peak_pcmcia.c
+@@ -487,7 +487,7 @@ static void pcan_free_channels(struct pcan_pccard *card)
+ if (!netdev)
+ continue;
+
+- strncpy(name, netdev->name, IFNAMSIZ);
++ strlcpy(name, netdev->name, IFNAMSIZ);
+
+ unregister_sja1000dev(netdev);
+
+--
+2.20.1
+
--- /dev/null
+From 0830786a7126502a3319ca9ee1ce17d1191cb4c8 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Mon, 24 Jun 2019 09:39:59 -0700
+Subject: drm/vmwgfx: fix memory leak when too many retries have occurred
+
+[ Upstream commit 6b7c3b86f0b63134b2ab56508921a0853ffa687a ]
+
+Currently when too many retries have occurred there is a memory
+leak on the allocation for reply on the error return path. Fix
+this by kfree'ing reply before returning.
+
+Addresses-Coverity: ("Resource leak")
+Fixes: a9cd9c044aa9 ("drm/vmwgfx: Add a check to handle host message failure")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Reviewed-by: Deepak Rawat <drawat@vmware.com>
+Signed-off-by: Deepak Rawat <drawat@vmware.com>
+Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/vmwgfx/vmwgfx_msg.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
+index 97000996b8dc5..50cc060cc552a 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
+@@ -300,8 +300,10 @@ static int vmw_recv_msg(struct rpc_channel *channel, void **msg,
+ break;
+ }
+
+- if (retries == RETRIES)
++ if (retries == RETRIES) {
++ kfree(reply);
+ return -EINVAL;
++ }
+
+ *msg_len = reply_len;
+ *msg = reply;
+--
+2.20.1
+
--- /dev/null
+From d58be359b17c44231ba2e8c0c1257ceb28395246 Mon Sep 17 00:00:00 2001
+From: Ilya Trukhanov <lahvuun@gmail.com>
+Date: Tue, 2 Jul 2019 13:37:16 +0300
+Subject: HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
+
+[ Upstream commit 65f11c72780fa9d598df88def045ccb6a885cf80 ]
+
+Enable force feedback for the Thrustmaster Dual Trigger 2 in 1 Rumble Force
+gamepad. Compared to other Thrustmaster devices, left and right rumble
+motors here are swapped.
+
+Signed-off-by: Ilya Trukhanov <lahvuun@gmail.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-tmff.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/drivers/hid/hid-tmff.c b/drivers/hid/hid-tmff.c
+index b83376077d722..cfa0cb22c9b3c 100644
+--- a/drivers/hid/hid-tmff.c
++++ b/drivers/hid/hid-tmff.c
+@@ -34,6 +34,8 @@
+
+ #include "hid-ids.h"
+
++#define THRUSTMASTER_DEVICE_ID_2_IN_1_DT 0xb320
++
+ static const signed short ff_rumble[] = {
+ FF_RUMBLE,
+ -1
+@@ -88,6 +90,7 @@ static int tmff_play(struct input_dev *dev, void *data,
+ struct hid_field *ff_field = tmff->ff_field;
+ int x, y;
+ int left, right; /* Rumbling */
++ int motor_swap;
+
+ switch (effect->type) {
+ case FF_CONSTANT:
+@@ -112,6 +115,13 @@ static int tmff_play(struct input_dev *dev, void *data,
+ ff_field->logical_minimum,
+ ff_field->logical_maximum);
+
++ /* 2-in-1 strong motor is left */
++ if (hid->product == THRUSTMASTER_DEVICE_ID_2_IN_1_DT) {
++ motor_swap = left;
++ left = right;
++ right = motor_swap;
++ }
++
+ dbg_hid("(left,right)=(%08x, %08x)\n", left, right);
+ ff_field->value[0] = left;
+ ff_field->value[1] = right;
+@@ -238,6 +248,8 @@ static const struct hid_device_id tm_devices[] = {
+ .driver_data = (unsigned long)ff_rumble },
+ { HID_USB_DEVICE(USB_VENDOR_ID_THRUSTMASTER, 0xb304), /* FireStorm Dual Power 2 (and 3) */
+ .driver_data = (unsigned long)ff_rumble },
++ { HID_USB_DEVICE(USB_VENDOR_ID_THRUSTMASTER, THRUSTMASTER_DEVICE_ID_2_IN_1_DT), /* Dual Trigger 2-in-1 */
++ .driver_data = (unsigned long)ff_rumble },
+ { HID_USB_DEVICE(USB_VENDOR_ID_THRUSTMASTER, 0xb323), /* Dual Trigger 3-in-1 (PC Mode) */
+ .driver_data = (unsigned long)ff_rumble },
+ { HID_USB_DEVICE(USB_VENDOR_ID_THRUSTMASTER, 0xb324), /* Dual Trigger 3-in-1 (PS3 Mode) */
+--
+2.20.1
+
--- /dev/null
+From 9dfbfd3b1c2a1d35655a7ce7c599e32f4d781a19 Mon Sep 17 00:00:00 2001
+From: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
+Date: Tue, 11 Jun 2019 14:13:20 +0200
+Subject: HID: input: fix a4tech horizontal wheel custom usage
+
+[ Upstream commit 1c703b53e5bfb5c2205c30f0fb157ce271fd42fb ]
+
+Some a4tech mice use the 'GenericDesktop.00b8' usage to inform whether
+the previous wheel report was horizontal or vertical. Before
+c01908a14bf73 ("HID: input: add mapping for "Toggle Display" key") this
+usage was being mapped to 'Relative.Misc'. After the patch it's simply
+ignored (usage->type == 0 & usage->code == 0). Which ultimately makes
+hid-a4tech ignore the WHEEL/HWHEEL selection event, as it has no
+usage->type.
+
+We shouldn't rely on a mapping for that usage as it's nonstandard and
+doesn't really map to an input event. So we bypass the mapping and make
+sure the custom event handling properly handles both reports.
+
+Fixes: c01908a14bf73 ("HID: input: add mapping for "Toggle Display" key")
+Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@suse.de>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-a4tech.c | 30 +++++++++++++++++++++++++++---
+ 1 file changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/hid/hid-a4tech.c b/drivers/hid/hid-a4tech.c
+index 9428ea7cdf8a0..c52bd163abb3e 100644
+--- a/drivers/hid/hid-a4tech.c
++++ b/drivers/hid/hid-a4tech.c
+@@ -26,12 +26,36 @@
+ #define A4_2WHEEL_MOUSE_HACK_7 0x01
+ #define A4_2WHEEL_MOUSE_HACK_B8 0x02
+
++#define A4_WHEEL_ORIENTATION (HID_UP_GENDESK | 0x000000b8)
++
+ struct a4tech_sc {
+ unsigned long quirks;
+ unsigned int hw_wheel;
+ __s32 delayed_value;
+ };
+
++static int a4_input_mapping(struct hid_device *hdev, struct hid_input *hi,
++ struct hid_field *field, struct hid_usage *usage,
++ unsigned long **bit, int *max)
++{
++ struct a4tech_sc *a4 = hid_get_drvdata(hdev);
++
++ if (a4->quirks & A4_2WHEEL_MOUSE_HACK_B8 &&
++ usage->hid == A4_WHEEL_ORIENTATION) {
++ /*
++ * We do not want to have this usage mapped to anything as it's
++ * nonstandard and doesn't really behave like an HID report.
++ * It's only selecting the orientation (vertical/horizontal) of
++ * the previous mouse wheel report. The input_events will be
++ * generated once both reports are recorded in a4_event().
++ */
++ return -1;
++ }
++
++ return 0;
++
++}
++
+ static int a4_input_mapped(struct hid_device *hdev, struct hid_input *hi,
+ struct hid_field *field, struct hid_usage *usage,
+ unsigned long **bit, int *max)
+@@ -53,8 +77,7 @@ static int a4_event(struct hid_device *hdev, struct hid_field *field,
+ struct a4tech_sc *a4 = hid_get_drvdata(hdev);
+ struct input_dev *input;
+
+- if (!(hdev->claimed & HID_CLAIMED_INPUT) || !field->hidinput ||
+- !usage->type)
++ if (!(hdev->claimed & HID_CLAIMED_INPUT) || !field->hidinput)
+ return 0;
+
+ input = field->hidinput->input;
+@@ -65,7 +88,7 @@ static int a4_event(struct hid_device *hdev, struct hid_field *field,
+ return 1;
+ }
+
+- if (usage->hid == 0x000100b8) {
++ if (usage->hid == A4_WHEEL_ORIENTATION) {
+ input_event(input, EV_REL, value ? REL_HWHEEL :
+ REL_WHEEL, a4->delayed_value);
+ return 1;
+@@ -129,6 +152,7 @@ MODULE_DEVICE_TABLE(hid, a4_devices);
+ static struct hid_driver a4_driver = {
+ .name = "a4tech",
+ .id_table = a4_devices,
++ .input_mapping = a4_input_mapping,
+ .input_mapped = a4_input_mapped,
+ .event = a4_event,
+ .probe = a4_probe,
+--
+2.20.1
+
--- /dev/null
+From eec2b1bc50fa1fb7b3b560be80cec7454dbfbd0c Mon Sep 17 00:00:00 2001
+From: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
+Date: Wed, 31 Jul 2019 15:17:23 +0200
+Subject: isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on
+ the stack
+
+[ Upstream commit d8a1de3d5bb881507602bc02e004904828f88711 ]
+
+Since linux 4.9 it is not possible to use buffers on the stack for DMA transfers.
+
+During usb probe the driver crashes with "transfer buffer is on stack" message.
+
+This fix k-allocates a buffer to be used on "read_reg_atomic", which is a macro
+that calls "usb_control_msg" under the hood.
+
+Kernel 4.19 backtrace:
+
+usb_hcd_submit_urb+0x3e5/0x900
+? sched_clock+0x9/0x10
+? log_store+0x203/0x270
+? get_random_u32+0x6f/0x90
+? cache_alloc_refill+0x784/0x8a0
+usb_submit_urb+0x3b4/0x550
+usb_start_wait_urb+0x4e/0xd0
+usb_control_msg+0xb8/0x120
+hfcsusb_probe+0x6bc/0xb40 [hfcsusb]
+usb_probe_interface+0xc2/0x260
+really_probe+0x176/0x280
+driver_probe_device+0x49/0x130
+__driver_attach+0xa9/0xb0
+? driver_probe_device+0x130/0x130
+bus_for_each_dev+0x5a/0x90
+driver_attach+0x14/0x20
+? driver_probe_device+0x130/0x130
+bus_add_driver+0x157/0x1e0
+driver_register+0x51/0xe0
+usb_register_driver+0x5d/0x120
+? 0xf81ed000
+hfcsusb_drv_init+0x17/0x1000 [hfcsusb]
+do_one_initcall+0x44/0x190
+? free_unref_page_commit+0x6a/0xd0
+do_init_module+0x46/0x1c0
+load_module+0x1dc1/0x2400
+sys_init_module+0xed/0x120
+do_fast_syscall_32+0x7a/0x200
+entry_SYSENTER_32+0x6b/0xbe
+
+Signed-off-by: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/isdn/hardware/mISDN/hfcsusb.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
+index 163bc482b2a78..87588198d68fc 100644
+--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
++++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
+@@ -1701,13 +1701,23 @@ hfcsusb_stop_endpoint(struct hfcsusb *hw, int channel)
+ static int
+ setup_hfcsusb(struct hfcsusb *hw)
+ {
++ void *dmabuf = kmalloc(sizeof(u_char), GFP_KERNEL);
+ u_char b;
++ int ret;
+
+ if (debug & DBG_HFC_CALL_TRACE)
+ printk(KERN_DEBUG "%s: %s\n", hw->name, __func__);
+
++ if (!dmabuf)
++ return -ENOMEM;
++
++ ret = read_reg_atomic(hw, HFCUSB_CHIP_ID, dmabuf);
++
++ memcpy(&b, dmabuf, sizeof(u_char));
++ kfree(dmabuf);
++
+ /* check the chip id */
+- if (read_reg_atomic(hw, HFCUSB_CHIP_ID, &b) != 1) {
++ if (ret != 1) {
+ printk(KERN_DEBUG "%s: %s: cannot read chip id\n",
+ hw->name, __func__);
+ return 1;
+--
+2.20.1
+
--- /dev/null
+From 4526fa50a8047a85dcc58c18621b1f3d217533a8 Mon Sep 17 00:00:00 2001
+From: Jia-Ju Bai <baijiaju1990@gmail.com>
+Date: Fri, 26 Jul 2019 16:27:36 +0800
+Subject: isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in
+ start_isoc_chain()
+
+[ Upstream commit a0d57a552b836206ad7705a1060e6e1ce5a38203 ]
+
+In start_isoc_chain(), usb_alloc_urb() on line 1392 may fail
+and return NULL. At this time, fifo->iso[i].urb is assigned to NULL.
+
+Then, fifo->iso[i].urb is used at some places, such as:
+LINE 1405: fill_isoc_urb(fifo->iso[i].urb, ...)
+ urb->number_of_packets = num_packets;
+ urb->transfer_flags = URB_ISO_ASAP;
+ urb->actual_length = 0;
+ urb->interval = interval;
+LINE 1416: fifo->iso[i].urb->...
+LINE 1419: fifo->iso[i].urb->...
+
+Thus, possible null-pointer dereferences may occur.
+
+To fix these bugs, "continue" is added to avoid using fifo->iso[i].urb
+when it is NULL.
+
+These bugs are found by a static analysis tool STCheck written by us.
+
+Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/isdn/hardware/mISDN/hfcsusb.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
+index 35983c7c31375..163bc482b2a78 100644
+--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
++++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
+@@ -1402,6 +1402,7 @@ start_isoc_chain(struct usb_fifo *fifo, int num_packets_per_urb,
+ printk(KERN_DEBUG
+ "%s: %s: alloc urb for fifo %i failed",
+ hw->name, __func__, fifo->fifonum);
++ continue;
+ }
+ fifo->iso[i].owner_fifo = (struct usb_fifo *) fifo;
+ fifo->iso[i].indx = i;
+--
+2.20.1
+
--- /dev/null
+From 029b8335b395e6981fe48aaedf42569171fd23a3 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Wed, 7 Aug 2019 12:23:57 -0600
+Subject: libata: add SG safety checks in SFF pio transfers
+
+[ Upstream commit 752ead44491e8c91e14d7079625c5916b30921c5 ]
+
+Abort processing of a command if we run out of mapped data in the
+SG list. This should never happen, but a previous bug caused it to
+be possible. Play it safe and attempt to abort nicely if we don't
+have more SG segments left.
+
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/ata/libata-sff.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/drivers/ata/libata-sff.c b/drivers/ata/libata-sff.c
+index cc2f2e35f4c2e..8c36ff0c2dd49 100644
+--- a/drivers/ata/libata-sff.c
++++ b/drivers/ata/libata-sff.c
+@@ -704,6 +704,10 @@ static void ata_pio_sector(struct ata_queued_cmd *qc)
+ unsigned int offset;
+ unsigned char *buf;
+
++ if (!qc->cursg) {
++ qc->curbytes = qc->nbytes;
++ return;
++ }
+ if (qc->curbytes == qc->nbytes - qc->sect_size)
+ ap->hsm_task_state = HSM_ST_LAST;
+
+@@ -729,6 +733,8 @@ static void ata_pio_sector(struct ata_queued_cmd *qc)
+
+ if (qc->cursg_ofs == qc->cursg->length) {
+ qc->cursg = sg_next(qc->cursg);
++ if (!qc->cursg)
++ ap->hsm_task_state = HSM_ST_LAST;
+ qc->cursg_ofs = 0;
+ }
+ }
+--
+2.20.1
+
--- /dev/null
+From dbbe2b23378f5ab22fb8d5b0746af7fac464e278 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Wed, 7 Aug 2019 12:20:52 -0600
+Subject: libata: have ata_scsi_rw_xlat() fail invalid passthrough requests
+
+[ Upstream commit 2d7271501720038381d45fb3dcbe4831228fc8cc ]
+
+For passthrough requests, libata-scsi takes what the user passes in
+as gospel. This can be problematic if the user fills in the CDB
+incorrectly. One example of that is in request sizes. For read/write
+commands, the CDB contains fields describing the transfer length of
+the request. These should match with the SG_IO header fields, but
+libata-scsi currently does no validation of that.
+
+Check that the number of blocks in the CDB for passthrough requests
+matches what was mapped into the request. If the CDB asks for more
+data then the validated SG_IO header fields, error it.
+
+Reported-by: Krishna Ram Prakash R <krp@gtux.in>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/ata/libata-scsi.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
+index bf5777bc04d35..eb0c4ee205258 100644
+--- a/drivers/ata/libata-scsi.c
++++ b/drivers/ata/libata-scsi.c
+@@ -1804,6 +1804,21 @@ nothing_to_do:
+ return 1;
+ }
+
++static bool ata_check_nblocks(struct scsi_cmnd *scmd, u32 n_blocks)
++{
++ struct request *rq = scmd->request;
++ u32 req_blocks;
++
++ if (!blk_rq_is_passthrough(rq))
++ return true;
++
++ req_blocks = blk_rq_bytes(rq) / scmd->device->sector_size;
++ if (n_blocks > req_blocks)
++ return false;
++
++ return true;
++}
++
+ /**
+ * ata_scsi_rw_xlat - Translate SCSI r/w command into an ATA one
+ * @qc: Storage for translated ATA taskfile
+@@ -1848,6 +1863,8 @@ static unsigned int ata_scsi_rw_xlat(struct ata_queued_cmd *qc)
+ scsi_10_lba_len(cdb, &block, &n_block);
+ if (cdb[1] & (1 << 3))
+ tf_flags |= ATA_TFLAG_FUA;
++ if (!ata_check_nblocks(scmd, n_block))
++ goto invalid_fld;
+ break;
+ case READ_6:
+ case WRITE_6:
+@@ -1862,6 +1879,8 @@ static unsigned int ata_scsi_rw_xlat(struct ata_queued_cmd *qc)
+ */
+ if (!n_block)
+ n_block = 256;
++ if (!ata_check_nblocks(scmd, n_block))
++ goto invalid_fld;
+ break;
+ case READ_16:
+ case WRITE_16:
+@@ -1872,6 +1891,8 @@ static unsigned int ata_scsi_rw_xlat(struct ata_queued_cmd *qc)
+ scsi_16_lba_len(cdb, &block, &n_block);
+ if (cdb[1] & (1 << 3))
+ tf_flags |= ATA_TFLAG_FUA;
++ if (!ata_check_nblocks(scmd, n_block))
++ goto invalid_fld;
+ break;
+ default:
+ DPRINTK("no-byte command\n");
+--
+2.20.1
+
--- /dev/null
+From 5247eedf1dc6761de9a4e3836d3bc0342c50320b Mon Sep 17 00:00:00 2001
+From: Vladimir Kondratiev <vladimir.kondratiev@linux.intel.com>
+Date: Tue, 16 Jul 2019 10:36:56 +0300
+Subject: mips: fix cacheinfo
+
+[ Upstream commit b8bea8a5e5d942e62203416ab41edecaed4fda02 ]
+
+Because CONFIG_OF defined for MIPS, cacheinfo attempts to fill information
+from DT, ignoring data filled by architecture routine. This leads to error
+reported
+
+ cacheinfo: Unable to detect cache hierarchy for CPU 0
+
+Way to fix this provided in
+commit fac51482577d ("drivers: base: cacheinfo: fix x86 with
+ CONFIG_OF enabled")
+
+Utilize same mechanism to report that cacheinfo set by architecture
+specific function
+
+Signed-off-by: Vladimir Kondratiev <vladimir.kondratiev@linux.intel.com>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: James Hogan <jhogan@kernel.org>
+Cc: linux-mips@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/kernel/cacheinfo.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/mips/kernel/cacheinfo.c b/arch/mips/kernel/cacheinfo.c
+index 97d5239ca47ba..428ef21892039 100644
+--- a/arch/mips/kernel/cacheinfo.c
++++ b/arch/mips/kernel/cacheinfo.c
+@@ -80,6 +80,8 @@ static int __populate_cache_leaves(unsigned int cpu)
+ if (c->tcache.waysize)
+ populate_cache(tcache, this_leaf, 3, CACHE_TYPE_UNIFIED);
+
++ this_cpu_ci->cpu_map_populated = true;
++
+ return 0;
+ }
+
+--
+2.20.1
+
--- /dev/null
+From cf5e8fa41d16db30a1d10c3822e553a3c0e22201 Mon Sep 17 00:00:00 2001
+From: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+Date: Mon, 13 May 2019 13:47:25 +0200
+Subject: MIPS: kernel: only use i8253 clocksource with periodic clockevent
+
+[ Upstream commit a07e3324538a989b7cdbf2c679be6a7f9df2544f ]
+
+i8253 clocksource needs a free running timer. This could only
+be used, if i8253 clockevent is set up as periodic.
+
+Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: James Hogan <jhogan@kernel.org>
+Cc: linux-mips@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/kernel/i8253.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/mips/kernel/i8253.c b/arch/mips/kernel/i8253.c
+index 5f209f111e59e..df7ddd246eaac 100644
+--- a/arch/mips/kernel/i8253.c
++++ b/arch/mips/kernel/i8253.c
+@@ -32,7 +32,8 @@ void __init setup_pit_timer(void)
+
+ static int __init init_pit_clocksource(void)
+ {
+- if (num_possible_cpus() > 1) /* PIT does not scale! */
++ if (num_possible_cpus() > 1 || /* PIT does not scale! */
++ !clockevent_state_periodic(&i8253_clockevent))
+ return 0;
+
+ return clocksource_i8253_init();
+--
+2.20.1
+
--- /dev/null
+From ee7f3b50c9148e423aa1329bfd4df5984c89b10b Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Tue, 6 Aug 2019 10:55:12 +0200
+Subject: net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
+
+[ Upstream commit debea2cd3193ac868289e8893c3a719c265b0612 ]
+
+A call to 'kfree_skb()' is missing in the error handling path of
+'init_one()'.
+This is already present in 'remove_one()' but is missing here.
+
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
+index 79053d2ce7a36..338683e5ef1e8 100644
+--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
++++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
+@@ -3270,7 +3270,7 @@ static int init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
+ if (!adapter->regs) {
+ dev_err(&pdev->dev, "cannot map device registers\n");
+ err = -ENOMEM;
+- goto out_free_adapter;
++ goto out_free_adapter_nofail;
+ }
+
+ adapter->pdev = pdev;
+@@ -3390,6 +3390,9 @@ out_free_dev:
+ if (adapter->port[i])
+ free_netdev(adapter->port[i]);
+
++out_free_adapter_nofail:
++ kfree_skb(adapter->nofail_skb);
++
+ out_free_adapter:
+ kfree(adapter);
+
+--
+2.20.1
+
--- /dev/null
+From 5eccf9e7aef2070de8d85bec11416d787da06f35 Mon Sep 17 00:00:00 2001
+From: Wang Xiayang <xywang.sjtu@sjtu.edu.cn>
+Date: Wed, 31 Jul 2019 16:15:42 +0800
+Subject: net/ethernet/qlogic/qed: force the string buffer NULL-terminated
+
+[ Upstream commit 3690c8c9a8edff0db077a38783112d8fe12a7dd2 ]
+
+strncpy() does not ensure NULL-termination when the input string
+size equals to the destination buffer size 30.
+The output string is passed to qed_int_deassertion_aeu_bit()
+which calls DP_INFO() and relies NULL-termination.
+
+Use strlcpy instead. The other conditional branch above strncpy()
+needs no fix as snprintf() ensures NULL-termination.
+
+This issue is identified by a Coccinelle script.
+
+Signed-off-by: Wang Xiayang <xywang.sjtu@sjtu.edu.cn>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/qlogic/qed/qed_int.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/qlogic/qed/qed_int.c b/drivers/net/ethernet/qlogic/qed/qed_int.c
+index 7746417130bd7..c5d9f290ec4c7 100644
+--- a/drivers/net/ethernet/qlogic/qed/qed_int.c
++++ b/drivers/net/ethernet/qlogic/qed/qed_int.c
+@@ -939,7 +939,7 @@ static int qed_int_deassertion(struct qed_hwfn *p_hwfn,
+ snprintf(bit_name, 30,
+ p_aeu->bit_name, num);
+ else
+- strncpy(bit_name,
++ strlcpy(bit_name,
+ p_aeu->bit_name, 30);
+
+ /* We now need to pass bitmask in its
+--
+2.20.1
+
--- /dev/null
+From 3a3c392f041e25fa6f43e6398c6b33d965e4f366 Mon Sep 17 00:00:00 2001
+From: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
+Date: Sat, 3 Aug 2019 20:31:41 +0800
+Subject: net: hisilicon: Fix dma_map_single failed on arm64
+
+[ Upstream commit 96a50c0d907ac8f5c3d6b051031a19eb8a2b53e3 ]
+
+On the arm64 platform, executing "ifconfig eth0 up" will fail,
+returning "ifconfig: SIOCSIFFLAGS: Input/output error."
+
+ndev->dev is not initialized, dma_map_single->get_dma_ops->
+dummy_dma_ops->__dummy_map_page will return DMA_ERROR_CODE
+directly, so when we use dma_map_single, the first parameter
+is to use the device of platform_device.
+
+Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/hisilicon/hip04_eth.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/drivers/net/ethernet/hisilicon/hip04_eth.c b/drivers/net/ethernet/hisilicon/hip04_eth.c
+index b04fb82d7fa3e..1bfe9544b3c10 100644
+--- a/drivers/net/ethernet/hisilicon/hip04_eth.c
++++ b/drivers/net/ethernet/hisilicon/hip04_eth.c
+@@ -157,6 +157,7 @@ struct hip04_priv {
+ unsigned int reg_inten;
+
+ struct napi_struct napi;
++ struct device *dev;
+ struct net_device *ndev;
+
+ struct tx_desc *tx_desc;
+@@ -387,7 +388,7 @@ static int hip04_tx_reclaim(struct net_device *ndev, bool force)
+ }
+
+ if (priv->tx_phys[tx_tail]) {
+- dma_unmap_single(&ndev->dev, priv->tx_phys[tx_tail],
++ dma_unmap_single(priv->dev, priv->tx_phys[tx_tail],
+ priv->tx_skb[tx_tail]->len,
+ DMA_TO_DEVICE);
+ priv->tx_phys[tx_tail] = 0;
+@@ -437,8 +438,8 @@ static int hip04_mac_start_xmit(struct sk_buff *skb, struct net_device *ndev)
+ return NETDEV_TX_BUSY;
+ }
+
+- phys = dma_map_single(&ndev->dev, skb->data, skb->len, DMA_TO_DEVICE);
+- if (dma_mapping_error(&ndev->dev, phys)) {
++ phys = dma_map_single(priv->dev, skb->data, skb->len, DMA_TO_DEVICE);
++ if (dma_mapping_error(priv->dev, phys)) {
+ dev_kfree_skb(skb);
+ return NETDEV_TX_OK;
+ }
+@@ -508,7 +509,7 @@ static int hip04_rx_poll(struct napi_struct *napi, int budget)
+ goto refill;
+ }
+
+- dma_unmap_single(&ndev->dev, priv->rx_phys[priv->rx_head],
++ dma_unmap_single(priv->dev, priv->rx_phys[priv->rx_head],
+ RX_BUF_SIZE, DMA_FROM_DEVICE);
+ priv->rx_phys[priv->rx_head] = 0;
+
+@@ -537,9 +538,9 @@ refill:
+ buf = netdev_alloc_frag(priv->rx_buf_size);
+ if (!buf)
+ goto done;
+- phys = dma_map_single(&ndev->dev, buf,
++ phys = dma_map_single(priv->dev, buf,
+ RX_BUF_SIZE, DMA_FROM_DEVICE);
+- if (dma_mapping_error(&ndev->dev, phys))
++ if (dma_mapping_error(priv->dev, phys))
+ goto done;
+ priv->rx_buf[priv->rx_head] = buf;
+ priv->rx_phys[priv->rx_head] = phys;
+@@ -642,9 +643,9 @@ static int hip04_mac_open(struct net_device *ndev)
+ for (i = 0; i < RX_DESC_NUM; i++) {
+ dma_addr_t phys;
+
+- phys = dma_map_single(&ndev->dev, priv->rx_buf[i],
++ phys = dma_map_single(priv->dev, priv->rx_buf[i],
+ RX_BUF_SIZE, DMA_FROM_DEVICE);
+- if (dma_mapping_error(&ndev->dev, phys))
++ if (dma_mapping_error(priv->dev, phys))
+ return -EIO;
+
+ priv->rx_phys[i] = phys;
+@@ -678,7 +679,7 @@ static int hip04_mac_stop(struct net_device *ndev)
+
+ for (i = 0; i < RX_DESC_NUM; i++) {
+ if (priv->rx_phys[i]) {
+- dma_unmap_single(&ndev->dev, priv->rx_phys[i],
++ dma_unmap_single(priv->dev, priv->rx_phys[i],
+ RX_BUF_SIZE, DMA_FROM_DEVICE);
+ priv->rx_phys[i] = 0;
+ }
+@@ -822,6 +823,7 @@ static int hip04_mac_probe(struct platform_device *pdev)
+ return -ENOMEM;
+
+ priv = netdev_priv(ndev);
++ priv->dev = d;
+ priv->ndev = ndev;
+ platform_set_drvdata(pdev, ndev);
+ SET_NETDEV_DEV(ndev, &pdev->dev);
+--
+2.20.1
+
--- /dev/null
+From f109a2d94b010dc5b2cfa7b9da6bf8c87dea5016 Mon Sep 17 00:00:00 2001
+From: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
+Date: Sat, 3 Aug 2019 20:31:40 +0800
+Subject: net: hisilicon: fix hip04-xmit never return TX_BUSY
+
+[ Upstream commit f2243b82785942be519016067ee6c55a063bbfe2 ]
+
+TX_DESC_NUM is 256, in tx_count, the maximum value of
+mod(TX_DESC_NUM - 1) is 254, the variable "count" in
+the hip04_mac_start_xmit function is never equal to
+(TX_DESC_NUM - 1), so hip04_mac_start_xmit never
+return NETDEV_TX_BUSY.
+
+tx_count is modified to mod(TX_DESC_NUM) so that
+the maximum value of tx_count can reach
+(TX_DESC_NUM - 1), then hip04_mac_start_xmit can reurn
+NETDEV_TX_BUSY.
+
+Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/hisilicon/hip04_eth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/hisilicon/hip04_eth.c b/drivers/net/ethernet/hisilicon/hip04_eth.c
+index 60ef6d40e4896..b04fb82d7fa3e 100644
+--- a/drivers/net/ethernet/hisilicon/hip04_eth.c
++++ b/drivers/net/ethernet/hisilicon/hip04_eth.c
+@@ -185,7 +185,7 @@ struct hip04_priv {
+
+ static inline unsigned int tx_count(unsigned int head, unsigned int tail)
+ {
+- return (head - tail) % (TX_DESC_NUM - 1);
++ return (head - tail) % TX_DESC_NUM;
+ }
+
+ static void hip04_config_port(struct net_device *ndev, u32 speed, u32 duplex)
+--
+2.20.1
+
--- /dev/null
+From a8b9accaa87989cb0ef692b0b53df73da2fc52ec Mon Sep 17 00:00:00 2001
+From: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
+Date: Sat, 3 Aug 2019 20:31:39 +0800
+Subject: net: hisilicon: make hip04_tx_reclaim non-reentrant
+
+[ Upstream commit 1a2c070ae805910a853b4a14818481ed2e17c727 ]
+
+If hip04_tx_reclaim is interrupted while it is running
+and then __napi_schedule continues to execute
+hip04_rx_poll->hip04_tx_reclaim, reentrancy occurs
+and oops is generated. So you need to mask the interrupt
+during the hip04_tx_reclaim run.
+
+The kernel oops exception stack is as follows:
+
+Unable to handle kernel NULL pointer dereference
+at virtual address 00000050
+pgd = c0003000
+[00000050] *pgd=80000000a04003, *pmd=00000000
+Internal error: Oops: 206 [#1] SMP ARM
+Modules linked in: hip04_eth mtdblock mtd_blkdevs mtd
+ohci_platform ehci_platform ohci_hcd ehci_hcd
+vfat fat sd_mod usb_storage scsi_mod usbcore usb_common
+CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 4.4.185 #1
+Hardware name: Hisilicon A15
+task: c0a250e0 task.stack: c0a00000
+PC is at hip04_tx_reclaim+0xe0/0x17c [hip04_eth]
+LR is at hip04_tx_reclaim+0x30/0x17c [hip04_eth]
+pc : [<bf30c3a4>] lr : [<bf30c2f4>] psr: 600e0313
+sp : c0a01d88 ip : 00000000 fp : c0601f9c
+r10: 00000000 r9 : c3482380 r8 : 00000001
+r7 : 00000000 r6 : 000000e1 r5 : c3482000 r4 : 0000000c
+r3 : f2209800 r2 : 00000000 r1 : 00000000 r0 : 00000000
+Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment kernel
+Control: 32c5387d Table: 03d28c80 DAC: 55555555
+Process swapper/0 (pid: 0, stack limit = 0xc0a00190)
+Stack: (0xc0a01d88 to 0xc0a02000)
+[<bf30c3a4>] (hip04_tx_reclaim [hip04_eth]) from [<bf30d2e0>]
+ (hip04_rx_poll+0x88/0x368 [hip04_eth])
+[<bf30d2e0>] (hip04_rx_poll [hip04_eth]) from [<c04c2d9c>] (net_rx_action+0x114/0x34c)
+[<c04c2d9c>] (net_rx_action) from [<c021eed8>] (__do_softirq+0x218/0x318)
+[<c021eed8>] (__do_softirq) from [<c021f284>] (irq_exit+0x88/0xac)
+[<c021f284>] (irq_exit) from [<c0240090>] (msa_irq_exit+0x11c/0x1d4)
+[<c0240090>] (msa_irq_exit) from [<c02677e0>] (__handle_domain_irq+0x110/0x148)
+[<c02677e0>] (__handle_domain_irq) from [<c0201588>] (gic_handle_irq+0xd4/0x118)
+[<c0201588>] (gic_handle_irq) from [<c0551700>] (__irq_svc+0x40/0x58)
+Exception stack(0xc0a01f30 to 0xc0a01f78)
+1f20: c0ae8b40 00000000 00000000 00000000
+1f40: 00000002 ffffe000 c0601f9c 00000000 ffffffff c0a2257c c0a22440 c0831a38
+1f60: c0a01ec4 c0a01f80 c0203714 c0203718 600e0213 ffffffff
+[<c0551700>] (__irq_svc) from [<c0203718>] (arch_cpu_idle+0x20/0x3c)
+[<c0203718>] (arch_cpu_idle) from [<c025bfd8>] (cpu_startup_entry+0x244/0x29c)
+[<c025bfd8>] (cpu_startup_entry) from [<c054b0d8>] (rest_init+0xc8/0x10c)
+[<c054b0d8>] (rest_init) from [<c0800c58>] (start_kernel+0x468/0x514)
+Code: a40599e5 016086e2 018088e2 7660efe6 (503090e5)
+---[ end trace 1db21d6d09c49d74 ]---
+Kernel panic - not syncing: Fatal exception in interrupt
+CPU3: stopping
+CPU: 3 PID: 0 Comm: swapper/3 Tainted: G D O 4.4.185 #1
+
+Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/hisilicon/hip04_eth.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/hisilicon/hip04_eth.c b/drivers/net/ethernet/hisilicon/hip04_eth.c
+index c27054b8ce81b..60ef6d40e4896 100644
+--- a/drivers/net/ethernet/hisilicon/hip04_eth.c
++++ b/drivers/net/ethernet/hisilicon/hip04_eth.c
+@@ -497,6 +497,9 @@ static int hip04_rx_poll(struct napi_struct *napi, int budget)
+ u16 len;
+ u32 err;
+
++ /* clean up tx descriptors */
++ tx_remaining = hip04_tx_reclaim(ndev, false);
++
+ while (cnt && !last) {
+ buf = priv->rx_buf[priv->rx_head];
+ skb = build_skb(buf, priv->rx_buf_size);
+@@ -557,8 +560,7 @@ refill:
+ }
+ napi_complete_done(napi, rx);
+ done:
+- /* clean up tx descriptors and start a new timer if necessary */
+- tx_remaining = hip04_tx_reclaim(ndev, false);
++ /* start a new timer if necessary */
+ if (rx < budget && tx_remaining)
+ hip04_start_tx_timer(priv);
+
+--
+2.20.1
+
--- /dev/null
+From 2aeccb8945a828967b8f3eceec128fb1ddcad38f Mon Sep 17 00:00:00 2001
+From: Bob Ham <bob.ham@puri.sm>
+Date: Wed, 24 Jul 2019 07:52:27 -0700
+Subject: net: usb: qmi_wwan: Add the BroadMobi BM818 card
+
+[ Upstream commit 9a07406b00cdc6ec689dc142540739575c717f3c ]
+
+The BroadMobi BM818 M.2 card uses the QMI protocol
+
+Signed-off-by: Bob Ham <bob.ham@puri.sm>
+Signed-off-by: Angus Ainslie (Purism) <angus@akkea.ca>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/qmi_wwan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
+index 4b0144b2a2523..e2050afaab7a8 100644
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1220,6 +1220,7 @@ static const struct usb_device_id products[] = {
+ {QMI_FIXED_INTF(0x2001, 0x7e35, 4)}, /* D-Link DWM-222 */
+ {QMI_FIXED_INTF(0x2020, 0x2031, 4)}, /* Olicard 600 */
+ {QMI_FIXED_INTF(0x2020, 0x2033, 4)}, /* BroadMobi BM806U */
++ {QMI_FIXED_INTF(0x2020, 0x2060, 4)}, /* BroadMobi BM818 */
+ {QMI_FIXED_INTF(0x0f3d, 0x68a2, 8)}, /* Sierra Wireless MC7700 */
+ {QMI_FIXED_INTF(0x114f, 0x68a2, 8)}, /* Sierra Wireless MC7750 */
+ {QMI_FIXED_INTF(0x1199, 0x68a2, 8)}, /* Sierra Wireless MC7710 in QMI mode */
+--
+2.20.1
+
--- /dev/null
+From 2e2ebcda12325dfe4fb8db7eb816922d5e7c0d9e Mon Sep 17 00:00:00 2001
+From: Wenwen Wang <wenwen@cs.uga.edu>
+Date: Sat, 20 Jul 2019 07:22:45 -0500
+Subject: netfilter: ebtables: fix a memory leak bug in compat
+
+[ Upstream commit 15a78ba1844a8e052c1226f930133de4cef4e7ad ]
+
+In compat_do_replace(), a temporary buffer is allocated through vmalloc()
+to hold entries copied from the user space. The buffer address is firstly
+saved to 'newinfo->entries', and later on assigned to 'entries_tmp'. Then
+the entries in this temporary buffer is copied to the internal kernel
+structure through compat_copy_entries(). If this copy process fails,
+compat_do_replace() should be terminated. However, the allocated temporary
+buffer is not freed on this path, leading to a memory leak.
+
+To fix the bug, free the buffer before returning from compat_do_replace().
+
+Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
+Reviewed-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/bridge/netfilter/ebtables.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
+index f9c6e8ca1fcb0..100b4f88179a2 100644
+--- a/net/bridge/netfilter/ebtables.c
++++ b/net/bridge/netfilter/ebtables.c
+@@ -2273,8 +2273,10 @@ static int compat_do_replace(struct net *net, void __user *user,
+ state.buf_kern_len = size64;
+
+ ret = compat_copy_entries(entries_tmp, tmp.entries_size, &state);
+- if (WARN_ON(ret < 0))
++ if (WARN_ON(ret < 0)) {
++ vfree(entries_tmp);
+ goto out_unlock;
++ }
+
+ vfree(entries_tmp);
+ tmp.entries_size = size64;
+--
+2.20.1
+
--- /dev/null
+From 79bdf18d9e25a19522245b301433a20ec732fdda Mon Sep 17 00:00:00 2001
+From: Jozsef Kadlecsik <kadlec@netfilter.org>
+Date: Tue, 23 Jul 2019 10:25:55 +0200
+Subject: netfilter: ipset: Fix rename concurrency with listing
+
+[ Upstream commit 6c1f7e2c1b96ab9b09ac97c4df2bd9dc327206f6 ]
+
+Shijie Luo reported that when stress-testing ipset with multiple concurrent
+create, rename, flush, list, destroy commands, it can result
+
+ipset <version>: Broken LIST kernel message: missing DATA part!
+
+error messages and broken list results. The problem was the rename operation
+was not properly handled with respect of listing. The patch fixes the issue.
+
+Reported-by: Shijie Luo <luoshijie1@huawei.com>
+Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/ipset/ip_set_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
+index a3f1dc7cf5382..dbf17d3596a69 100644
+--- a/net/netfilter/ipset/ip_set_core.c
++++ b/net/netfilter/ipset/ip_set_core.c
+@@ -1128,7 +1128,7 @@ static int ip_set_rename(struct net *net, struct sock *ctnl,
+ return -ENOENT;
+
+ write_lock_bh(&ip_set_ref_lock);
+- if (set->ref != 0) {
++ if (set->ref != 0 || set->ref_netlink != 0) {
+ ret = -IPSET_ERR_REFERENCED;
+ goto out;
+ }
+--
+2.20.1
+
--- /dev/null
+From 29bbe283e468c802eda4e7eb4db0eaa625547e45 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Sat, 3 Aug 2019 10:11:27 -0400
+Subject: NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
+
+[ Upstream commit c77e22834ae9a11891cb613bd9a551be1b94f2bc ]
+
+John Hubbard reports seeing the following stack trace:
+
+nfs4_do_reclaim
+ rcu_read_lock /* we are now in_atomic() and must not sleep */
+ nfs4_purge_state_owners
+ nfs4_free_state_owner
+ nfs4_destroy_seqid_counter
+ rpc_destroy_wait_queue
+ cancel_delayed_work_sync
+ __cancel_work_timer
+ __flush_work
+ start_flush_work
+ might_sleep:
+ (kernel/workqueue.c:2975: BUG)
+
+The solution is to separate out the freeing of the state owners
+from nfs4_purge_state_owners(), and perform that outside the atomic
+context.
+
+Reported-by: John Hubbard <jhubbard@nvidia.com>
+Fixes: 0aaaf5c424c7f ("NFS: Cache state owners after files are closed")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/nfs4_fs.h | 3 ++-
+ fs/nfs/nfs4client.c | 5 ++++-
+ fs/nfs/nfs4state.c | 27 ++++++++++++++++++++++-----
+ 3 files changed, 28 insertions(+), 7 deletions(-)
+
+diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h
+index a73144b3cb8c8..22cff39cca29a 100644
+--- a/fs/nfs/nfs4_fs.h
++++ b/fs/nfs/nfs4_fs.h
+@@ -433,7 +433,8 @@ static inline void nfs4_schedule_session_recovery(struct nfs4_session *session,
+
+ extern struct nfs4_state_owner *nfs4_get_state_owner(struct nfs_server *, struct rpc_cred *, gfp_t);
+ extern void nfs4_put_state_owner(struct nfs4_state_owner *);
+-extern void nfs4_purge_state_owners(struct nfs_server *);
++extern void nfs4_purge_state_owners(struct nfs_server *, struct list_head *);
++extern void nfs4_free_state_owners(struct list_head *head);
+ extern struct nfs4_state * nfs4_get_open_state(struct inode *, struct nfs4_state_owner *);
+ extern void nfs4_put_open_state(struct nfs4_state *);
+ extern void nfs4_close_state(struct nfs4_state *, fmode_t);
+diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
+index 8f96f6548dc82..0924b68b56574 100644
+--- a/fs/nfs/nfs4client.c
++++ b/fs/nfs/nfs4client.c
+@@ -739,9 +739,12 @@ out:
+
+ static void nfs4_destroy_server(struct nfs_server *server)
+ {
++ LIST_HEAD(freeme);
++
+ nfs_server_return_all_delegations(server);
+ unset_pnfs_layoutdriver(server);
+- nfs4_purge_state_owners(server);
++ nfs4_purge_state_owners(server, &freeme);
++ nfs4_free_state_owners(&freeme);
+ }
+
+ /*
+diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
+index 85ec07e4aa91b..f92bfc787c5fe 100644
+--- a/fs/nfs/nfs4state.c
++++ b/fs/nfs/nfs4state.c
+@@ -614,24 +614,39 @@ void nfs4_put_state_owner(struct nfs4_state_owner *sp)
+ /**
+ * nfs4_purge_state_owners - Release all cached state owners
+ * @server: nfs_server with cached state owners to release
++ * @head: resulting list of state owners
+ *
+ * Called at umount time. Remaining state owners will be on
+ * the LRU with ref count of zero.
++ * Note that the state owners are not freed, but are added
++ * to the list @head, which can later be used as an argument
++ * to nfs4_free_state_owners.
+ */
+-void nfs4_purge_state_owners(struct nfs_server *server)
++void nfs4_purge_state_owners(struct nfs_server *server, struct list_head *head)
+ {
+ struct nfs_client *clp = server->nfs_client;
+ struct nfs4_state_owner *sp, *tmp;
+- LIST_HEAD(doomed);
+
+ spin_lock(&clp->cl_lock);
+ list_for_each_entry_safe(sp, tmp, &server->state_owners_lru, so_lru) {
+- list_move(&sp->so_lru, &doomed);
++ list_move(&sp->so_lru, head);
+ nfs4_remove_state_owner_locked(sp);
+ }
+ spin_unlock(&clp->cl_lock);
++}
+
+- list_for_each_entry_safe(sp, tmp, &doomed, so_lru) {
++/**
++ * nfs4_purge_state_owners - Release all cached state owners
++ * @head: resulting list of state owners
++ *
++ * Frees a list of state owners that was generated by
++ * nfs4_purge_state_owners
++ */
++void nfs4_free_state_owners(struct list_head *head)
++{
++ struct nfs4_state_owner *sp, *tmp;
++
++ list_for_each_entry_safe(sp, tmp, head, so_lru) {
+ list_del(&sp->so_lru);
+ nfs4_free_state_owner(sp);
+ }
+@@ -1782,12 +1797,13 @@ static int nfs4_do_reclaim(struct nfs_client *clp, const struct nfs4_state_recov
+ struct nfs4_state_owner *sp;
+ struct nfs_server *server;
+ struct rb_node *pos;
++ LIST_HEAD(freeme);
+ int status = 0;
+
+ restart:
+ rcu_read_lock();
+ list_for_each_entry_rcu(server, &clp->cl_superblocks, client_link) {
+- nfs4_purge_state_owners(server);
++ nfs4_purge_state_owners(server, &freeme);
+ spin_lock(&clp->cl_lock);
+ for (pos = rb_first(&server->state_owners);
+ pos != NULL;
+@@ -1816,6 +1832,7 @@ restart:
+ spin_unlock(&clp->cl_lock);
+ }
+ rcu_read_unlock();
++ nfs4_free_state_owners(&freeme);
+ return 0;
+ }
+
+--
+2.20.1
+
--- /dev/null
+From 1d4d13abc4030e01b0091d0a7eae36adc2d4b63e Mon Sep 17 00:00:00 2001
+From: Jiri Olsa <jolsa@kernel.org>
+Date: Thu, 1 Aug 2019 16:26:42 +0200
+Subject: perf bench numa: Fix cpu0 binding
+
+[ Upstream commit 6bbfe4e602691b90ac866712bd4c43c51e546a60 ]
+
+Michael reported an issue with perf bench numa failing with binding to
+cpu0 with '-0' option.
+
+ # perf bench numa mem -p 3 -t 1 -P 512 -s 100 -zZcm0 --thp 1 -M 1 -ddd
+ # Running 'numa/mem' benchmark:
+
+ # Running main, "perf bench numa numa-mem -p 3 -t 1 -P 512 -s 100 -zZcm0 --thp 1 -M 1 -ddd"
+ binding to node 0, mask: 0000000000000001 => -1
+ perf: bench/numa.c:356: bind_to_memnode: Assertion `!(ret)' failed.
+ Aborted (core dumped)
+
+This happens when the cpu0 is not part of node0, which is the benchmark
+assumption and we can see that's not the case for some powerpc servers.
+
+Using correct node for cpu0 binding.
+
+Reported-by: Michael Petlan <mpetlan@redhat.com>
+Signed-off-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
+Link: http://lkml.kernel.org/r/20190801142642.28004-1-jolsa@kernel.org
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/bench/numa.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/tools/perf/bench/numa.c b/tools/perf/bench/numa.c
+index 997875c770b10..275f1c3c73b62 100644
+--- a/tools/perf/bench/numa.c
++++ b/tools/perf/bench/numa.c
+@@ -378,8 +378,10 @@ static u8 *alloc_data(ssize_t bytes0, int map_flags,
+
+ /* Allocate and initialize all memory on CPU#0: */
+ if (init_cpu0) {
+- orig_mask = bind_to_node(0);
+- bind_to_memnode(0);
++ int node = numa_node_of_cpu(0);
++
++ orig_mask = bind_to_node(node);
++ bind_to_memnode(node);
+ }
+
+ bytes = bytes0 + HPSIZE;
+--
+2.20.1
+
--- /dev/null
+From ea2fc777d02eec2f473e13a24db83bae53f0398a Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he@windriver.com>
+Date: Fri, 2 Aug 2019 16:29:52 +0800
+Subject: perf cpumap: Fix writing to illegal memory in handling cpumap mask
+
+[ Upstream commit 5f5e25f1c7933a6e1673515c0b1d5acd82fea1ed ]
+
+cpu_map__snprint_mask() would write to illegal memory pointed by
+zalloc(0) when there is only one cpu.
+
+This patch fixes the calculation and adds sanity check against the input
+parameters.
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Kan Liang <kan.liang@linux.intel.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Stephane Eranian <eranian@google.com>
+Fixes: 4400ac8a9a90 ("perf cpumap: Introduce cpu_map__snprint_mask()")
+Link: http://lkml.kernel.org/r/1564734592-15624-2-git-send-email-zhe.he@windriver.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/cpumap.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/tools/perf/util/cpumap.c b/tools/perf/util/cpumap.c
+index 383674f448fcd..f93846edc1e0d 100644
+--- a/tools/perf/util/cpumap.c
++++ b/tools/perf/util/cpumap.c
+@@ -701,7 +701,10 @@ size_t cpu_map__snprint_mask(struct cpu_map *map, char *buf, size_t size)
+ unsigned char *bitmap;
+ int last_cpu = cpu_map__cpu(map, map->nr - 1);
+
+- bitmap = zalloc((last_cpu + 7) / 8);
++ if (buf == NULL)
++ return 0;
++
++ bitmap = zalloc(last_cpu / 8 + 1);
+ if (bitmap == NULL) {
+ buf[0] = '\0';
+ return 0;
+--
+2.20.1
+
--- /dev/null
+From 73c4b0365ea0d47254c0e6654c1390167be0912c Mon Sep 17 00:00:00 2001
+From: He Zhe <zhe.he@windriver.com>
+Date: Fri, 2 Aug 2019 16:29:51 +0800
+Subject: perf ftrace: Fix failure to set cpumask when only one cpu is present
+
+[ Upstream commit cf30ae726c011e0372fd4c2d588466c8b50a8907 ]
+
+The buffer containing the string used to set cpumask is overwritten at
+the end of the string later in cpu_map__snprint_mask due to not enough
+memory space, when there is only one cpu.
+
+And thus causes the following failure:
+
+ $ perf ftrace ls
+ failed to reset ftrace
+ $
+
+This patch fixes the calculation of the cpumask string size.
+
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Kan Liang <kan.liang@linux.intel.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Stephane Eranian <eranian@google.com>
+Fixes: dc23103278c5 ("perf ftrace: Add support for -a and -C option")
+Link: http://lkml.kernel.org/r/1564734592-15624-1-git-send-email-zhe.he@windriver.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/builtin-ftrace.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/perf/builtin-ftrace.c b/tools/perf/builtin-ftrace.c
+index 25a42acabee18..13a33fb71a6da 100644
+--- a/tools/perf/builtin-ftrace.c
++++ b/tools/perf/builtin-ftrace.c
+@@ -162,7 +162,7 @@ static int set_tracing_cpumask(struct cpu_map *cpumap)
+ int last_cpu;
+
+ last_cpu = cpu_map__cpu(cpumap, cpumap->nr - 1);
+- mask_size = (last_cpu + 3) / 4 + 1;
++ mask_size = last_cpu / 4 + 2; /* one more byte for EOS */
+ mask_size += last_cpu / 32; /* ',' is needed for every 32th cpus */
+
+ cpumask = malloc(mask_size);
+--
+2.20.1
+
--- /dev/null
+From 5d8453679448a836c2552db693c8fcf9204a6372 Mon Sep 17 00:00:00 2001
+From: Jin Yao <yao.jin@linux.intel.com>
+Date: Mon, 29 Jul 2019 15:27:55 +0800
+Subject: perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
+
+[ Upstream commit 8e6e5bea2e34c61291d00cb3f47560341aa84bc3 ]
+
+The events defined in pmu-events JSON are parsed and added into perf
+tool. For fixed counters, we handle the encodings between JSON and perf
+by using a static array fixed[].
+
+But the fixed[] has missed an important event "cpu_clk_unhalted.core".
+
+For example, on the Tremont platform,
+
+ [root@localhost ~]# perf stat -e cpu_clk_unhalted.core -a
+ event syntax error: 'cpu_clk_unhalted.core'
+ \___ parser error
+
+With this patch, the event cpu_clk_unhalted.core can be parsed.
+
+ [root@localhost perf]# ./perf stat -e cpu_clk_unhalted.core -a -vvv
+ ------------------------------------------------------------
+ perf_event_attr:
+ type 4
+ size 112
+ config 0x3c
+ sample_type IDENTIFIER
+ read_format TOTAL_TIME_ENABLED|TOTAL_TIME_RUNNING
+ disabled 1
+ inherit 1
+ exclude_guest 1
+ ------------------------------------------------------------
+...
+
+Signed-off-by: Jin Yao <yao.jin@linux.intel.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Jin Yao <yao.jin@intel.com>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: Kan Liang <kan.liang@linux.intel.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: http://lkml.kernel.org/r/20190729072755.2166-1-yao.jin@linux.intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/pmu-events/jevents.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-events/jevents.c
+index d51dc9ca8861a..94a7cabe9b824 100644
+--- a/tools/perf/pmu-events/jevents.c
++++ b/tools/perf/pmu-events/jevents.c
+@@ -346,6 +346,7 @@ static struct fixed {
+ { "inst_retired.any_p", "event=0xc0" },
+ { "cpu_clk_unhalted.ref", "event=0x0,umask=0x03" },
+ { "cpu_clk_unhalted.thread", "event=0x3c" },
++ { "cpu_clk_unhalted.core", "event=0x3c" },
+ { "cpu_clk_unhalted.thread_any", "event=0x3c,any=1" },
+ { NULL, NULL},
+ };
+--
+2.20.1
+
--- /dev/null
+From 297db98a70ed0a73073dcafb2d6a3ff554d9eb57 Mon Sep 17 00:00:00 2001
+From: Michal Kalderon <michal.kalderon@marvell.com>
+Date: Thu, 25 Jul 2019 13:59:55 +0300
+Subject: qed: RDMA - Fix the hw_ver returned in device attributes
+
+[ Upstream commit 81af04b432fdfabcdbd2c06be2ee647e3ca41a22 ]
+
+The hw_ver field was initialized to zero. Return the chip revision.
+This is relevant for rdma driver.
+
+Signed-off-by: Michal Kalderon <michal.kalderon@marvell.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/qlogic/qed/qed_rdma.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/qlogic/qed/qed_rdma.c b/drivers/net/ethernet/qlogic/qed/qed_rdma.c
+index 1e13dea66989e..c9258aabca2d4 100644
+--- a/drivers/net/ethernet/qlogic/qed/qed_rdma.c
++++ b/drivers/net/ethernet/qlogic/qed/qed_rdma.c
+@@ -398,7 +398,7 @@ static void qed_rdma_init_devinfo(struct qed_hwfn *p_hwfn,
+ /* Vendor specific information */
+ dev->vendor_id = cdev->vendor_id;
+ dev->vendor_part_id = cdev->device_id;
+- dev->hw_ver = 0;
++ dev->hw_ver = cdev->chip_rev;
+ dev->fw_ver = (FW_MAJOR_VERSION << 24) | (FW_MINOR_VERSION << 16) |
+ (FW_REVISION_VERSION << 8) | (FW_ENGINEERING_VERSION);
+
+--
+2.20.1
+
--- /dev/null
+From a954676477a5a61a08a3d9c73603d95a164a6618 Mon Sep 17 00:00:00 2001
+From: Naresh Kamboju <naresh.kamboju () linaro ! org>
+Date: Wed, 7 Aug 2019 13:58:14 +0000
+Subject: selftests: kvm: Adding config fragments
+
+[ Upstream commit c096397c78f766db972f923433031f2dec01cae0 ]
+
+selftests kvm test cases need pre-required kernel configs for the test
+to get pass.
+
+Signed-off-by: Naresh Kamboju <naresh.kamboju@linaro.org>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/kvm/config | 3 +++
+ 1 file changed, 3 insertions(+)
+ create mode 100644 tools/testing/selftests/kvm/config
+
+diff --git a/tools/testing/selftests/kvm/config b/tools/testing/selftests/kvm/config
+new file mode 100644
+index 0000000000000..63ed533f73d6e
+--- /dev/null
++++ b/tools/testing/selftests/kvm/config
+@@ -0,0 +1,3 @@
++CONFIG_KVM=y
++CONFIG_KVM_INTEL=y
++CONFIG_KVM_AMD=y
+--
+2.20.1
+
--- /dev/null
+hid-add-044f-b320-thrustmaster-inc.-2-in-1-dt.patch
+mips-kernel-only-use-i8253-clocksource-with-periodic.patch
+mips-fix-cacheinfo.patch
+netfilter-ebtables-fix-a-memory-leak-bug-in-compat.patch
+asoc-dapm-fix-handling-of-custom_stop_condition-on-d.patch
+bonding-force-slave-speed-check-after-link-state-rec.patch
+can-dev-call-netif_carrier_off-in-register_candev.patch
+asoc-fail-card-instantiation-if-dai-format-setup-fai.patch
+st21nfca_connectivity_event_received-null-check-the-.patch
+st_nci_hci_connectivity_event_received-null-check-th.patch
+asoc-ti-davinci-mcasp-correct-slot_width-posed-const.patch
+net-usb-qmi_wwan-add-the-broadmobi-bm818-card.patch
+qed-rdma-fix-the-hw_ver-returned-in-device-attribute.patch
+isdn-misdn-hfcsusb-fix-possible-null-pointer-derefer.patch
+netfilter-ipset-fix-rename-concurrency-with-listing.patch
+isdn-hfcsusb-fix-misdn-driver-crash-caused-by-transf.patch
+perf-bench-numa-fix-cpu0-binding.patch
+can-sja1000-force-the-string-buffer-null-terminated.patch
+can-peak_usb-force-the-string-buffer-null-terminated.patch
+net-ethernet-qlogic-qed-force-the-string-buffer-null.patch
+nfsv4-fix-a-potential-sleep-while-atomic-in-nfs4_do_.patch
+hid-input-fix-a4tech-horizontal-wheel-custom-usage.patch
+smb3-kernel-oops-mounting-a-encryptdata-share-with-c.patch
+net-cxgb3_main-fix-a-resource-leak-in-a-error-path-i.patch
+net-hisilicon-make-hip04_tx_reclaim-non-reentrant.patch
+net-hisilicon-fix-hip04-xmit-never-return-tx_busy.patch
+net-hisilicon-fix-dma_map_single-failed-on-arm64.patch
+libata-have-ata_scsi_rw_xlat-fail-invalid-passthroug.patch
+libata-add-sg-safety-checks-in-sff-pio-transfers.patch
+x86-lib-cpu-address-missing-prototypes-warning.patch
+drm-vmwgfx-fix-memory-leak-when-too-many-retries-hav.patch
+perf-ftrace-fix-failure-to-set-cpumask-when-only-one.patch
+perf-cpumap-fix-writing-to-illegal-memory-in-handlin.patch
+perf-pmu-events-fix-missing-cpu_clk_unhalted.core-ev.patch
+selftests-kvm-adding-config-fragments.patch
--- /dev/null
+From 5422d0d58e06fb9758524abc4cb55bc63e2b6145 Mon Sep 17 00:00:00 2001
+From: Sebastien Tisserant <stisserant@wallix.com>
+Date: Thu, 1 Aug 2019 12:06:08 -0500
+Subject: SMB3: Kernel oops mounting a encryptData share with
+ CONFIG_DEBUG_VIRTUAL
+
+[ Upstream commit ee9d66182392695535cc9fccfcb40c16f72de2a9 ]
+
+Fix kernel oops when mounting a encryptData CIFS share with
+CONFIG_DEBUG_VIRTUAL
+
+Signed-off-by: Sebastien Tisserant <stisserant@wallix.com>
+Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/cifs/smb2ops.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
+index 23326b0cd5628..58a502e622aa4 100644
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -2168,7 +2168,15 @@ fill_transform_hdr(struct smb2_transform_hdr *tr_hdr, struct smb_rqst *old_rq)
+ static inline void smb2_sg_set_buf(struct scatterlist *sg, const void *buf,
+ unsigned int buflen)
+ {
+- sg_set_page(sg, virt_to_page(buf), buflen, offset_in_page(buf));
++ void *addr;
++ /*
++ * VMAP_STACK (at least) puts stack into the vmalloc address space
++ */
++ if (is_vmalloc_addr(buf))
++ addr = vmalloc_to_page(buf);
++ else
++ addr = virt_to_page(buf);
++ sg_set_page(sg, addr, buflen, offset_in_page(buf));
+ }
+
+ static struct scatterlist *
+--
+2.20.1
+
--- /dev/null
+From b7885855d8117794a9998c872076fb288169ab2f Mon Sep 17 00:00:00 2001
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+Date: Tue, 23 Jul 2019 17:04:30 -0500
+Subject: st21nfca_connectivity_event_received: null check the allocation
+
+[ Upstream commit 9891d06836e67324c9e9c4675ed90fc8b8110034 ]
+
+devm_kzalloc may fail and return null. So the null check is needed.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nfc/st21nfca/se.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/nfc/st21nfca/se.c b/drivers/nfc/st21nfca/se.c
+index 3a98563d4a121..eac608a457f03 100644
+--- a/drivers/nfc/st21nfca/se.c
++++ b/drivers/nfc/st21nfca/se.c
+@@ -326,6 +326,8 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host,
+
+ transaction = (struct nfc_evt_transaction *)devm_kzalloc(dev,
+ skb->len - 2, GFP_KERNEL);
++ if (!transaction)
++ return -ENOMEM;
+
+ transaction->aid_len = skb->data[1];
+ memcpy(transaction->aid, &skb->data[2],
+--
+2.20.1
+
--- /dev/null
+From cfbdf7fda337273d9a0a070f82dc95ed77038644 Mon Sep 17 00:00:00 2001
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+Date: Tue, 23 Jul 2019 17:11:51 -0500
+Subject: st_nci_hci_connectivity_event_received: null check the allocation
+
+[ Upstream commit 3008e06fdf0973770370f97d5f1fba3701d8281d ]
+
+devm_kzalloc may fail and return NULL. So the null check is needed.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nfc/st-nci/se.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/nfc/st-nci/se.c b/drivers/nfc/st-nci/se.c
+index 56f2112e0cd84..85df2e0093109 100644
+--- a/drivers/nfc/st-nci/se.c
++++ b/drivers/nfc/st-nci/se.c
+@@ -344,6 +344,8 @@ static int st_nci_hci_connectivity_event_received(struct nci_dev *ndev,
+
+ transaction = (struct nfc_evt_transaction *)devm_kzalloc(dev,
+ skb->len - 2, GFP_KERNEL);
++ if (!transaction)
++ return -ENOMEM;
+
+ transaction->aid_len = skb->data[1];
+ memcpy(transaction->aid, &skb->data[2], transaction->aid_len);
+--
+2.20.1
+
--- /dev/null
+From 2a3c635d11d5f27a834c32f15e6472a88e3bfb86 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Valdis=20Kl=C4=93tnieks?= <valdis.kletnieks@vt.edu>
+Date: Wed, 7 Aug 2019 23:27:17 -0400
+Subject: x86/lib/cpu: Address missing prototypes warning
+
+[ Upstream commit 04f5bda84b0712d6f172556a7e8dca9ded5e73b9 ]
+
+When building with W=1, warnings about missing prototypes are emitted:
+
+ CC arch/x86/lib/cpu.o
+arch/x86/lib/cpu.c:5:14: warning: no previous prototype for 'x86_family' [-Wmissing-prototypes]
+ 5 | unsigned int x86_family(unsigned int sig)
+ | ^~~~~~~~~~
+arch/x86/lib/cpu.c:18:14: warning: no previous prototype for 'x86_model' [-Wmissing-prototypes]
+ 18 | unsigned int x86_model(unsigned int sig)
+ | ^~~~~~~~~
+arch/x86/lib/cpu.c:33:14: warning: no previous prototype for 'x86_stepping' [-Wmissing-prototypes]
+ 33 | unsigned int x86_stepping(unsigned int sig)
+ | ^~~~~~~~~~~~
+
+Add the proper include file so the prototypes are there.
+
+Signed-off-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Link: https://lkml.kernel.org/r/42513.1565234837@turing-police
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/lib/cpu.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/x86/lib/cpu.c b/arch/x86/lib/cpu.c
+index 2dd1fe13a37b3..19f707992db22 100644
+--- a/arch/x86/lib/cpu.c
++++ b/arch/x86/lib/cpu.c
+@@ -1,5 +1,6 @@
+ #include <linux/types.h>
+ #include <linux/export.h>
++#include <asm/cpu.h>
+
+ unsigned int x86_family(unsigned int sig)
+ {
+--
+2.20.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
