--- /dev/null
+From 8c2f870890fd28e023b0fcf49dcee333f2c8bad7 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 16 Apr 2019 15:25:00 +0200
+Subject: ALSA: info: Fix racy addition/deletion of nodes
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 8c2f870890fd28e023b0fcf49dcee333f2c8bad7 upstream.
+
+The ALSA proc helper manages the child nodes in a linked list, but its
+addition and deletion is done without any lock. This leads to a
+corruption if they are operated concurrently. Usually this isn't a
+problem because the proc entries are added sequentially in the driver
+probe procedure itself. But the card registrations are done often
+asynchronously, and the crash could be actually reproduced with
+syzkaller.
+
+This patch papers over it by protecting the link addition and deletion
+with the parent's mutex. There is "access" mutex that is used for the
+file access, and this can be reused for this purpose as well.
+
+Reported-by: syzbot+48df349490c36f9f54ab@syzkaller.appspotmail.com
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/core/info.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/sound/core/info.c
++++ b/sound/core/info.c
+@@ -722,8 +722,11 @@ snd_info_create_entry(const char *name,
+ INIT_LIST_HEAD(&entry->children);
+ INIT_LIST_HEAD(&entry->list);
+ entry->parent = parent;
+- if (parent)
++ if (parent) {
++ mutex_lock(&parent->access);
+ list_add_tail(&entry->list, &parent->children);
++ mutex_unlock(&parent->access);
++ }
+ return entry;
+ }
+
+@@ -805,7 +808,12 @@ void snd_info_free_entry(struct snd_info
+ list_for_each_entry_safe(p, n, &entry->children, list)
+ snd_info_free_entry(p);
+
+- list_del(&entry->list);
++ p = entry->parent;
++ if (p) {
++ mutex_lock(&p->access);
++ list_del(&entry->list);
++ mutex_unlock(&p->access);
++ }
+ kfree(entry->name);
+ if (entry->private_free)
+ entry->private_free(entry);
--- /dev/null
+From 0fcc4c8c044e117ac126ab6df4138ea9a67fa2a9 Mon Sep 17 00:00:00 2001
+From: Jann Horn <jannh@google.com>
+Date: Tue, 19 Mar 2019 02:36:59 +0100
+Subject: device_cgroup: fix RCU imbalance in error case
+
+From: Jann Horn <jannh@google.com>
+
+commit 0fcc4c8c044e117ac126ab6df4138ea9a67fa2a9 upstream.
+
+When dev_exception_add() returns an error (due to a failed memory
+allocation), make sure that we move the RCU preemption count back to where
+it was before we were called. We dropped the RCU read lock inside the loop
+body, so we can't just "break".
+
+sparse complains about this, too:
+
+$ make -s C=2 security/device_cgroup.o
+./include/linux/rcupdate.h:647:9: warning: context imbalance in
+'propagate_exception' - unexpected unlock
+
+Fixes: d591fb56618f ("device_cgroup: simplify cgroup tree walk in propagate_exception()")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jann Horn <jannh@google.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/device_cgroup.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/security/device_cgroup.c
++++ b/security/device_cgroup.c
+@@ -560,7 +560,7 @@ static int propagate_exception(struct de
+ devcg->behavior == DEVCG_DEFAULT_ALLOW) {
+ rc = dev_exception_add(devcg, ex);
+ if (rc)
+- break;
++ return rc;
+ } else {
+ /*
+ * in the other possible cases:
--- /dev/null
+From 37803841c92d7b327147e0b1be3436423189e1cf Mon Sep 17 00:00:00 2001
+From: zhong jiang <zhongjiang@huawei.com>
+Date: Thu, 18 Apr 2019 17:50:16 -0700
+Subject: mm/memory_hotplug: do not unlock after failing to take the device_hotplug_lock
+
+From: zhong jiang <zhongjiang@huawei.com>
+
+commit 37803841c92d7b327147e0b1be3436423189e1cf upstream.
+
+When adding memory by probing a memory block in the sysfs interface,
+there is an obvious issue where we will unlock the device_hotplug_lock
+when we failed to takes it.
+
+That issue was introduced in 8df1d0e4a265 ("mm/memory_hotplug: make
+add_memory() take the device_hotplug_lock").
+
+We should drop out in time when failing to take the device_hotplug_lock.
+
+Link: http://lkml.kernel.org/r/1554696437-9593-1-git-send-email-zhongjiang@huawei.com
+Fixes: 8df1d0e4a265 ("mm/memory_hotplug: make add_memory() take the device_hotplug_lock")
+Signed-off-by: zhong jiang <zhongjiang@huawei.com>
+Reported-by: Yang yingliang <yangyingliang@huawei.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Reviewed-by: Oscar Salvador <osalvador@suse.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/base/memory.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/base/memory.c
++++ b/drivers/base/memory.c
+@@ -505,7 +505,7 @@ static ssize_t probe_store(struct device
+
+ ret = lock_device_hotplug_sysfs();
+ if (ret)
+- goto out;
++ return ret;
+
+ nid = memory_add_physaddr_to_nid(phys_addr);
+ ret = __add_memory(nid, phys_addr,
--- /dev/null
+From e8277b3b52240ec1caad8e6df278863e4bf42eac Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Date: Thu, 18 Apr 2019 17:50:20 -0700
+Subject: mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
+
+From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+
+commit e8277b3b52240ec1caad8e6df278863e4bf42eac upstream.
+
+Commit 58bc4c34d249 ("mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly")
+depends on skipping vmstat entries with empty name introduced in
+7aaf77272358 ("mm: don't show nr_indirectly_reclaimable in
+/proc/vmstat") but reverted in b29940c1abd7 ("mm: rename and change
+semantics of nr_indirectly_reclaimable_bytes").
+
+So skipping no longer works and /proc/vmstat has misformatted lines " 0".
+
+This patch simply shows debug counters "nr_tlb_remote_*" for UP.
+
+Link: http://lkml.kernel.org/r/155481488468.467.4295519102880913454.stgit@buzz
+Fixes: 58bc4c34d249 ("mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly")
+Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Cc: Roman Gushchin <guro@fb.com>
+Cc: Jann Horn <jannh@google.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/vmstat.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+--- a/mm/vmstat.c
++++ b/mm/vmstat.c
+@@ -1274,13 +1274,8 @@ const char * const vmstat_text[] = {
+ #endif
+ #endif /* CONFIG_MEMORY_BALLOON */
+ #ifdef CONFIG_DEBUG_TLBFLUSH
+-#ifdef CONFIG_SMP
+ "nr_tlb_remote_flush",
+ "nr_tlb_remote_flush_received",
+-#else
+- "", /* nr_tlb_remote_flush */
+- "", /* nr_tlb_remote_flush_received */
+-#endif /* CONFIG_SMP */
+ "nr_tlb_local_flush_all",
+ "nr_tlb_local_flush_one",
+ #endif /* CONFIG_DEBUG_TLBFLUSH */
--- /dev/null
+From bafdf85dfa59374f927ff597bc8c259193afda30 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Fri, 5 Apr 2019 13:42:56 +0200
+Subject: mt76x02: avoid status_list.lock and sta->rate_ctrl_lock dependency
+
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+
+commit bafdf85dfa59374f927ff597bc8c259193afda30 upstream.
+
+Move ieee80211_tx_status_ext() outside of status_list lock section
+in order to avoid locking dependency and possible deadlock reposed by
+LOCKDEP in below warning.
+
+Also do mt76_tx_status_lock() just before it's needed.
+
+[ 440.224832] WARNING: possible circular locking dependency detected
+[ 440.224833] 5.1.0-rc2+ #22 Not tainted
+[ 440.224834] ------------------------------------------------------
+[ 440.224835] kworker/u16:28/2362 is trying to acquire lock:
+[ 440.224836] 0000000089b8cacf (&(&q->lock)->rlock#2){+.-.}, at: mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[ 440.224842]
+ but task is already holding lock:
+[ 440.224842] 000000002cfedc59 (&(&sta->lock)->rlock){+.-.}, at: ieee80211_stop_tx_ba_cb+0x32/0x1f0 [mac80211]
+[ 440.224863]
+ which lock already depends on the new lock.
+
+[ 440.224863]
+ the existing dependency chain (in reverse order) is:
+[ 440.224864]
+ -> #3 (&(&sta->lock)->rlock){+.-.}:
+[ 440.224869] _raw_spin_lock_bh+0x34/0x40
+[ 440.224880] ieee80211_start_tx_ba_session+0xe4/0x3d0 [mac80211]
+[ 440.224894] minstrel_ht_get_rate+0x45c/0x510 [mac80211]
+[ 440.224906] rate_control_get_rate+0xc1/0x140 [mac80211]
+[ 440.224918] ieee80211_tx_h_rate_ctrl+0x195/0x3c0 [mac80211]
+[ 440.224930] ieee80211_xmit_fast+0x26d/0xa50 [mac80211]
+[ 440.224942] __ieee80211_subif_start_xmit+0xfc/0x310 [mac80211]
+[ 440.224954] ieee80211_subif_start_xmit+0x38/0x390 [mac80211]
+[ 440.224956] dev_hard_start_xmit+0xb8/0x300
+[ 440.224957] __dev_queue_xmit+0x7d4/0xbb0
+[ 440.224968] ip6_finish_output2+0x246/0x860 [ipv6]
+[ 440.224978] mld_sendpack+0x1bd/0x360 [ipv6]
+[ 440.224987] mld_ifc_timer_expire+0x1a4/0x2f0 [ipv6]
+[ 440.224989] call_timer_fn+0x89/0x2a0
+[ 440.224990] run_timer_softirq+0x1bd/0x4d0
+[ 440.224992] __do_softirq+0xdb/0x47c
+[ 440.224994] irq_exit+0xfa/0x100
+[ 440.224996] smp_apic_timer_interrupt+0x9a/0x220
+[ 440.224997] apic_timer_interrupt+0xf/0x20
+[ 440.224999] cpuidle_enter_state+0xc1/0x470
+[ 440.225000] do_idle+0x21a/0x260
+[ 440.225001] cpu_startup_entry+0x19/0x20
+[ 440.225004] start_secondary+0x135/0x170
+[ 440.225006] secondary_startup_64+0xa4/0xb0
+[ 440.225007]
+ -> #2 (&(&sta->rate_ctrl_lock)->rlock){+.-.}:
+[ 440.225009] _raw_spin_lock_bh+0x34/0x40
+[ 440.225022] rate_control_tx_status+0x4f/0xb0 [mac80211]
+[ 440.225031] ieee80211_tx_status_ext+0x142/0x1a0 [mac80211]
+[ 440.225035] mt76x02_send_tx_status+0x2e4/0x340 [mt76x02_lib]
+[ 440.225037] mt76x02_tx_status_data+0x31/0x40 [mt76x02_lib]
+[ 440.225040] mt76u_tx_status_data+0x51/0xa0 [mt76_usb]
+[ 440.225042] process_one_work+0x237/0x5d0
+[ 440.225043] worker_thread+0x3c/0x390
+[ 440.225045] kthread+0x11d/0x140
+[ 440.225046] ret_from_fork+0x3a/0x50
+[ 440.225047]
+ -> #1 (&(&list->lock)->rlock#8){+.-.}:
+[ 440.225049] _raw_spin_lock_bh+0x34/0x40
+[ 440.225052] mt76_tx_status_skb_add+0x51/0x100 [mt76]
+[ 440.225054] mt76x02u_tx_prepare_skb+0xbd/0x116 [mt76x02_usb]
+[ 440.225056] mt76u_tx_queue_skb+0x5f/0x180 [mt76_usb]
+[ 440.225058] mt76_tx+0x93/0x190 [mt76]
+[ 440.225070] ieee80211_tx_frags+0x148/0x210 [mac80211]
+[ 440.225081] __ieee80211_tx+0x75/0x1b0 [mac80211]
+[ 440.225092] ieee80211_tx+0xde/0x110 [mac80211]
+[ 440.225105] __ieee80211_tx_skb_tid_band+0x72/0x90 [mac80211]
+[ 440.225122] ieee80211_send_auth+0x1f3/0x360 [mac80211]
+[ 440.225141] ieee80211_auth.cold.40+0x6c/0x100 [mac80211]
+[ 440.225156] ieee80211_mgd_auth.cold.50+0x132/0x15f [mac80211]
+[ 440.225171] cfg80211_mlme_auth+0x149/0x360 [cfg80211]
+[ 440.225181] nl80211_authenticate+0x273/0x2e0 [cfg80211]
+[ 440.225183] genl_family_rcv_msg+0x196/0x3a0
+[ 440.225184] genl_rcv_msg+0x47/0x8e
+[ 440.225185] netlink_rcv_skb+0x3a/0xf0
+[ 440.225187] genl_rcv+0x24/0x40
+[ 440.225188] netlink_unicast+0x16d/0x210
+[ 440.225189] netlink_sendmsg+0x204/0x3b0
+[ 440.225191] sock_sendmsg+0x36/0x40
+[ 440.225193] ___sys_sendmsg+0x259/0x2b0
+[ 440.225194] __sys_sendmsg+0x47/0x80
+[ 440.225196] do_syscall_64+0x60/0x1f0
+[ 440.225197] entry_SYSCALL_64_after_hwframe+0x49/0xbe
+[ 440.225198]
+ -> #0 (&(&q->lock)->rlock#2){+.-.}:
+[ 440.225200] lock_acquire+0xb9/0x1a0
+[ 440.225202] _raw_spin_lock_bh+0x34/0x40
+[ 440.225204] mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[ 440.225215] ieee80211_agg_start_txq+0xe8/0x2b0 [mac80211]
+[ 440.225225] ieee80211_stop_tx_ba_cb+0xb8/0x1f0 [mac80211]
+[ 440.225235] ieee80211_ba_session_work+0x1c1/0x2f0 [mac80211]
+[ 440.225236] process_one_work+0x237/0x5d0
+[ 440.225237] worker_thread+0x3c/0x390
+[ 440.225239] kthread+0x11d/0x140
+[ 440.225240] ret_from_fork+0x3a/0x50
+[ 440.225240]
+ other info that might help us debug this:
+
+[ 440.225241] Chain exists of:
+ &(&q->lock)->rlock#2 --> &(&sta->rate_ctrl_lock)->rlock --> &(&sta->lock)->rlock
+
+[ 440.225243] Possible unsafe locking scenario:
+
+[ 440.225244] CPU0 CPU1
+[ 440.225244] ---- ----
+[ 440.225245] lock(&(&sta->lock)->rlock);
+[ 440.225245] lock(&(&sta->rate_ctrl_lock)->rlock);
+[ 440.225246] lock(&(&sta->lock)->rlock);
+[ 440.225247] lock(&(&q->lock)->rlock#2);
+[ 440.225248]
+ *** DEADLOCK ***
+
+[ 440.225249] 5 locks held by kworker/u16:28/2362:
+[ 440.225250] #0: 0000000048fcd291 ((wq_completion)phy0){+.+.}, at: process_one_work+0x1b5/0x5d0
+[ 440.225252] #1: 00000000f1c6828f ((work_completion)(&sta->ampdu_mlme.work)){+.+.}, at: process_one_work+0x1b5/0x5d0
+[ 440.225254] #2: 00000000433d2b2c (&sta->ampdu_mlme.mtx){+.+.}, at: ieee80211_ba_session_work+0x5c/0x2f0 [mac80211]
+[ 440.225265] #3: 000000002cfedc59 (&(&sta->lock)->rlock){+.-.}, at: ieee80211_stop_tx_ba_cb+0x32/0x1f0 [mac80211]
+[ 440.225276] #4: 000000009d7b9a44 (rcu_read_lock){....}, at: ieee80211_agg_start_txq+0x33/0x2b0 [mac80211]
+[ 440.225286]
+ stack backtrace:
+[ 440.225288] CPU: 2 PID: 2362 Comm: kworker/u16:28 Not tainted 5.1.0-rc2+ #22
+[ 440.225289] Hardware name: LENOVO 20KGS23S0P/20KGS23S0P, BIOS N23ET55W (1.30 ) 08/31/2018
+[ 440.225300] Workqueue: phy0 ieee80211_ba_session_work [mac80211]
+[ 440.225301] Call Trace:
+[ 440.225304] dump_stack+0x85/0xc0
+[ 440.225306] print_circular_bug.isra.38.cold.58+0x15c/0x195
+[ 440.225307] check_prev_add.constprop.48+0x5f0/0xc00
+[ 440.225309] ? check_prev_add.constprop.48+0x39d/0xc00
+[ 440.225311] ? __lock_acquire+0x41d/0x1100
+[ 440.225312] __lock_acquire+0xd98/0x1100
+[ 440.225313] ? __lock_acquire+0x41d/0x1100
+[ 440.225315] lock_acquire+0xb9/0x1a0
+[ 440.225317] ? mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[ 440.225319] _raw_spin_lock_bh+0x34/0x40
+[ 440.225321] ? mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[ 440.225323] mt76_wake_tx_queue+0x4c/0xb0 [mt76]
+[ 440.225334] ieee80211_agg_start_txq+0xe8/0x2b0 [mac80211]
+[ 440.225344] ieee80211_stop_tx_ba_cb+0xb8/0x1f0 [mac80211]
+[ 440.225354] ieee80211_ba_session_work+0x1c1/0x2f0 [mac80211]
+[ 440.225356] process_one_work+0x237/0x5d0
+[ 440.225358] worker_thread+0x3c/0x390
+[ 440.225359] ? wq_calc_node_cpumask+0x70/0x70
+[ 440.225360] kthread+0x11d/0x140
+[ 440.225362] ? kthread_create_on_node+0x40/0x40
+[ 440.225363] ret_from_fork+0x3a/0x50
+
+Cc: stable@vger.kernel.org
+Fixes: 88046b2c9f6d ("mt76: add support for reporting tx status with skb")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Acked-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/wireless/mediatek/mt76/mt76x02_mac.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+--- a/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
++++ b/drivers/net/wireless/mediatek/mt76/mt76x02_mac.c
+@@ -421,7 +421,6 @@ void mt76x02_send_tx_status(struct mt76x
+ return;
+
+ rcu_read_lock();
+- mt76_tx_status_lock(mdev, &list);
+
+ if (stat->wcid < ARRAY_SIZE(dev->mt76.wcid))
+ wcid = rcu_dereference(dev->mt76.wcid[stat->wcid]);
+@@ -434,6 +433,8 @@ void mt76x02_send_tx_status(struct mt76x
+ drv_priv);
+ }
+
++ mt76_tx_status_lock(mdev, &list);
++
+ if (wcid) {
+ if (stat->pktid)
+ status.skb = mt76_tx_status_skb_get(mdev, wcid,
+@@ -453,7 +454,9 @@ void mt76x02_send_tx_status(struct mt76x
+ if (*update == 0 && stat_val == stat_cache &&
+ stat->wcid == msta->status.wcid && msta->n_frames < 32) {
+ msta->n_frames++;
+- goto out;
++ mt76_tx_status_unlock(mdev, &list);
++ rcu_read_unlock();
++ return;
+ }
+
+ mt76x02_mac_fill_tx_status(dev, status.info, &msta->status,
+@@ -469,11 +472,10 @@ void mt76x02_send_tx_status(struct mt76x
+
+ if (status.skb)
+ mt76_tx_status_skb_done(mdev, status.skb, &list);
+- else
+- ieee80211_tx_status_ext(mt76_hw(dev), &status);
+-
+-out:
+ mt76_tx_status_unlock(mdev, &list);
++
++ if (!status.skb)
++ ieee80211_tx_status_ext(mt76_hw(dev), &status);
+ rcu_read_unlock();
+ }
+
--- /dev/null
+From 00206a69ee32f03e6f40837684dcbe475ea02266 Mon Sep 17 00:00:00 2001
+From: Matteo Croce <mcroce@redhat.com>
+Date: Mon, 18 Mar 2019 02:32:36 +0100
+Subject: percpu: stop printing kernel addresses
+
+From: Matteo Croce <mcroce@redhat.com>
+
+commit 00206a69ee32f03e6f40837684dcbe475ea02266 upstream.
+
+Since commit ad67b74d2469d9b8 ("printk: hash addresses printed with %p"),
+at boot "____ptrval____" is printed instead of actual addresses:
+
+ percpu: Embedded 38 pages/cpu @(____ptrval____) s124376 r0 d31272 u524288
+
+Instead of changing the print to "%px", and leaking kernel addresses,
+just remove the print completely, cfr. e.g. commit 071929dbdd865f77
+("arm64: Stop printing the virtual memory layout").
+
+Signed-off-by: Matteo Croce <mcroce@redhat.com>
+Signed-off-by: Dennis Zhou <dennis@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/percpu.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/mm/percpu.c
++++ b/mm/percpu.c
+@@ -2531,8 +2531,8 @@ int __init pcpu_embed_first_chunk(size_t
+ ai->groups[group].base_offset = areas[group] - base;
+ }
+
+- pr_info("Embedded %zu pages/cpu @%p s%zu r%zu d%zu u%zu\n",
+- PFN_DOWN(size_sum), base, ai->static_size, ai->reserved_size,
++ pr_info("Embedded %zu pages/cpu s%zu r%zu d%zu u%zu\n",
++ PFN_DOWN(size_sum), ai->static_size, ai->reserved_size,
+ ai->dyn_size, ai->unit_size);
+
+ rc = pcpu_setup_first_chunk(ai, base);
+@@ -2653,8 +2653,8 @@ int __init pcpu_page_first_chunk(size_t
+ }
+
+ /* we're ready, commit */
+- pr_info("%d %s pages/cpu @%p s%zu r%zu d%zu\n",
+- unit_pages, psize_str, vm.addr, ai->static_size,
++ pr_info("%d %s pages/cpu s%zu r%zu d%zu\n",
++ unit_pages, psize_str, ai->static_size,
+ ai->reserved_size, ai->dyn_size);
+
+ rc = pcpu_setup_first_chunk(ai, vm.addr);
--- /dev/null
+From 339bc4183596e1f68c2c98a03b87aa124107c317 Mon Sep 17 00:00:00 2001
+From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Date: Fri, 29 Mar 2019 11:13:38 +0200
+Subject: perf/ring_buffer: Fix AUX record suppression
+
+From: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+
+commit 339bc4183596e1f68c2c98a03b87aa124107c317 upstream.
+
+The following commit:
+
+ 1627314fb54a33e ("perf: Suppress AUX/OVERWRITE records")
+
+has an unintended side-effect of also suppressing all AUX records with no flags
+and non-zero size, so all the regular records in the full trace mode.
+This breaks some use cases for people.
+
+Fix this by restoring "regular" AUX records.
+
+Reported-by: Ben Gainey <Ben.Gainey@arm.com>
+Tested-by: Ben Gainey <Ben.Gainey@arm.com>
+Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: <stable@vger.kernel.org>
+Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Stephane Eranian <eranian@google.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Vince Weaver <vincent.weaver@maine.edu>
+Fixes: 1627314fb54a33e ("perf: Suppress AUX/OVERWRITE records")
+Link: https://lkml.kernel.org/r/20190329091338.29999-1-alexander.shishkin@linux.intel.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/events/ring_buffer.c | 33 +++++++++++++++------------------
+ 1 file changed, 15 insertions(+), 18 deletions(-)
+
+--- a/kernel/events/ring_buffer.c
++++ b/kernel/events/ring_buffer.c
+@@ -456,24 +456,21 @@ void perf_aux_output_end(struct perf_out
+ rb->aux_head += size;
+ }
+
+- if (size || handle->aux_flags) {
+- /*
+- * Only send RECORD_AUX if we have something useful to communicate
+- *
+- * Note: the OVERWRITE records by themselves are not considered
+- * useful, as they don't communicate any *new* information,
+- * aside from the short-lived offset, that becomes history at
+- * the next event sched-in and therefore isn't useful.
+- * The userspace that needs to copy out AUX data in overwrite
+- * mode should know to use user_page::aux_head for the actual
+- * offset. So, from now on we don't output AUX records that
+- * have *only* OVERWRITE flag set.
+- */
+-
+- if (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE)
+- perf_event_aux_event(handle->event, aux_head, size,
+- handle->aux_flags);
+- }
++ /*
++ * Only send RECORD_AUX if we have something useful to communicate
++ *
++ * Note: the OVERWRITE records by themselves are not considered
++ * useful, as they don't communicate any *new* information,
++ * aside from the short-lived offset, that becomes history at
++ * the next event sched-in and therefore isn't useful.
++ * The userspace that needs to copy out AUX data in overwrite
++ * mode should know to use user_page::aux_head for the actual
++ * offset. So, from now on we don't output AUX records that
++ * have *only* OVERWRITE flag set.
++ */
++ if (size || (handle->aux_flags & ~(u64)PERF_AUX_FLAG_OVERWRITE))
++ perf_event_aux_event(handle->event, aux_head, size,
++ handle->aux_flags);
+
+ rb->user_page->aux_head = rb->aux_head;
+ if (rb_need_aux_wakeup(rb))
revert-kbuild-use-oz-instead-of-os-when-using-clang.patch
sched-fair-limit-sched_cfs_period_timer-loop-to-avoi.patch
tpm-fix-an-invalid-condition-in-tpm_common_poll.patch
+mt76x02-avoid-status_list.lock-and-sta-rate_ctrl_lock-dependency.patch
+device_cgroup-fix-rcu-imbalance-in-error-case.patch
+perf-ring_buffer-fix-aux-record-suppression.patch
+mm-memory_hotplug-do-not-unlock-after-failing-to-take-the-device_hotplug_lock.patch
+mm-vmstat.c-fix-proc-vmstat-format-for-config_debug_tlbflush-y-config_smp-n.patch
+alsa-info-fix-racy-addition-deletion-of-nodes.patch
+percpu-stop-printing-kernel-addresses.patch