--- /dev/null
+From 311da7a4b894422e02bed58fc828cfa54a7f6e06 Mon Sep 17 00:00:00 2001
+From: David Howells <dhowells@redhat.com>
+Date: Thu, 20 Jun 2019 16:49:35 +0100
+Subject: afs: Fix uninitialised spinlock afs_volume::cb_break_lock
+
+[ Upstream commit 90fa9b64523a645a97edc0bdcf2d74759957eeee ]
+
+Fix the cb_break_lock spinlock in afs_volume struct by initialising it when
+the volume record is allocated.
+
+Also rename the lock to cb_v_break_lock to distinguish it from the lock of
+the same name in the afs_server struct.
+
+Without this, the following trace may be observed when a volume-break
+callback is received:
+
+ INFO: trying to register non-static key.
+ the code is fine but needs lockdep annotation.
+ turning off the locking correctness validator.
+ CPU: 2 PID: 50 Comm: kworker/2:1 Not tainted 5.2.0-rc1-fscache+ #3045
+ Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
+ Workqueue: afs SRXAFSCB_CallBack
+ Call Trace:
+ dump_stack+0x67/0x8e
+ register_lock_class+0x23b/0x421
+ ? check_usage_forwards+0x13c/0x13c
+ __lock_acquire+0x89/0xf73
+ lock_acquire+0x13b/0x166
+ ? afs_break_callbacks+0x1b2/0x3dd
+ _raw_write_lock+0x2c/0x36
+ ? afs_break_callbacks+0x1b2/0x3dd
+ afs_break_callbacks+0x1b2/0x3dd
+ ? trace_event_raw_event_afs_server+0x61/0xac
+ SRXAFSCB_CallBack+0x11f/0x16c
+ process_one_work+0x2c5/0x4ee
+ ? worker_thread+0x234/0x2ac
+ worker_thread+0x1d8/0x2ac
+ ? cancel_delayed_work_sync+0xf/0xf
+ kthread+0x11f/0x127
+ ? kthread_park+0x76/0x76
+ ret_from_fork+0x24/0x30
+
+Fixes: 68251f0a6818 ("afs: Fix whole-volume callback handling")
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/afs/callback.c | 4 ++--
+ fs/afs/internal.h | 2 +-
+ fs/afs/volume.c | 1 +
+ 3 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/fs/afs/callback.c b/fs/afs/callback.c
+index 5f261fbf2182..4ad701250299 100644
+--- a/fs/afs/callback.c
++++ b/fs/afs/callback.c
+@@ -276,9 +276,9 @@ static void afs_break_one_callback(struct afs_server *server,
+ struct afs_super_info *as = AFS_FS_S(cbi->sb);
+ struct afs_volume *volume = as->volume;
+
+- write_lock(&volume->cb_break_lock);
++ write_lock(&volume->cb_v_break_lock);
+ volume->cb_v_break++;
+- write_unlock(&volume->cb_break_lock);
++ write_unlock(&volume->cb_v_break_lock);
+ } else {
+ data.volume = NULL;
+ data.fid = *fid;
+diff --git a/fs/afs/internal.h b/fs/afs/internal.h
+index 34c02fdcc25f..aea19614c082 100644
+--- a/fs/afs/internal.h
++++ b/fs/afs/internal.h
+@@ -477,7 +477,7 @@ struct afs_volume {
+ unsigned int servers_seq; /* Incremented each time ->servers changes */
+
+ unsigned cb_v_break; /* Break-everything counter. */
+- rwlock_t cb_break_lock;
++ rwlock_t cb_v_break_lock;
+
+ afs_voltype_t type; /* type of volume */
+ short error;
+diff --git a/fs/afs/volume.c b/fs/afs/volume.c
+index 3037bd01f617..5ec186ec5651 100644
+--- a/fs/afs/volume.c
++++ b/fs/afs/volume.c
+@@ -47,6 +47,7 @@ static struct afs_volume *afs_alloc_volume(struct afs_mount_params *params,
+ atomic_set(&volume->usage, 1);
+ INIT_LIST_HEAD(&volume->proc_link);
+ rwlock_init(&volume->servers_lock);
++ rwlock_init(&volume->cb_v_break_lock);
+ memcpy(volume->name, vldb->name, vldb->name_len + 1);
+
+ slist = afs_alloc_server_list(params->cell, params->key, vldb, type_mask);
+--
+2.20.1
+
--- /dev/null
+From 935471713b59c24bd874fc2a6327698da712b290 Mon Sep 17 00:00:00 2001
+From: Linus Walleij <linus.walleij@linaro.org>
+Date: Sun, 16 Jun 2019 23:40:13 +0200
+Subject: ARM: dts: gemini Fix up DNS-313 compatible string
+
+[ Upstream commit 36558020128b1a48b7bddd5792ee70e3f64b04b0 ]
+
+It's a simple typo in the DNS file, which was pretty serious.
+No scripts were working properly. Fix it up.
+
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/gemini-dlink-dns-313.dts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/boot/dts/gemini-dlink-dns-313.dts b/arch/arm/boot/dts/gemini-dlink-dns-313.dts
+index d1329322b968..361dccd6c7ee 100644
+--- a/arch/arm/boot/dts/gemini-dlink-dns-313.dts
++++ b/arch/arm/boot/dts/gemini-dlink-dns-313.dts
+@@ -11,7 +11,7 @@
+
+ / {
+ model = "D-Link DNS-313 1-Bay Network Storage Enclosure";
+- compatible = "dlink,dir-313", "cortina,gemini";
++ compatible = "dlink,dns-313", "cortina,gemini";
+ #address-cells = <1>;
+ #size-cells = <1>;
+
+--
+2.20.1
+
--- /dev/null
+From ffb645f774de4e5456329fbb987ff81ca7930960 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Szymanski?=
+ <sebastien.szymanski@armadeus.com>
+Date: Tue, 18 Jun 2019 17:58:34 +0200
+Subject: ARM: dts: imx6ul: fix PWM[1-4] interrupts
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+[ Upstream commit 3cf10132ac8d536565f2c02f60a3aeb315863a52 ]
+
+According to the i.MX6UL/L RM, table 3.1 "ARM Cortex A7 domain interrupt
+summary", the interrupts for the PWM[1-4] go from 83 to 86.
+
+Fixes: b9901fe84f02 ("ARM: dts: imx6ul: add pwm[1-4] nodes")
+Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
+Reviewed-by: Fabio Estevam <festevam@gmail.com>
+Signed-off-by: Shawn Guo <shawnguo@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/imx6ul.dtsi | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/arm/boot/dts/imx6ul.dtsi b/arch/arm/boot/dts/imx6ul.dtsi
+index 2366f093cc76..336cdead3da5 100644
+--- a/arch/arm/boot/dts/imx6ul.dtsi
++++ b/arch/arm/boot/dts/imx6ul.dtsi
+@@ -359,7 +359,7 @@
+ pwm1: pwm@2080000 {
+ compatible = "fsl,imx6ul-pwm", "fsl,imx27-pwm";
+ reg = <0x02080000 0x4000>;
+- interrupts = <GIC_SPI 115 IRQ_TYPE_LEVEL_HIGH>;
++ interrupts = <GIC_SPI 83 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&clks IMX6UL_CLK_PWM1>,
+ <&clks IMX6UL_CLK_PWM1>;
+ clock-names = "ipg", "per";
+@@ -370,7 +370,7 @@
+ pwm2: pwm@2084000 {
+ compatible = "fsl,imx6ul-pwm", "fsl,imx27-pwm";
+ reg = <0x02084000 0x4000>;
+- interrupts = <GIC_SPI 116 IRQ_TYPE_LEVEL_HIGH>;
++ interrupts = <GIC_SPI 84 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&clks IMX6UL_CLK_PWM2>,
+ <&clks IMX6UL_CLK_PWM2>;
+ clock-names = "ipg", "per";
+@@ -381,7 +381,7 @@
+ pwm3: pwm@2088000 {
+ compatible = "fsl,imx6ul-pwm", "fsl,imx27-pwm";
+ reg = <0x02088000 0x4000>;
+- interrupts = <GIC_SPI 117 IRQ_TYPE_LEVEL_HIGH>;
++ interrupts = <GIC_SPI 85 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&clks IMX6UL_CLK_PWM3>,
+ <&clks IMX6UL_CLK_PWM3>;
+ clock-names = "ipg", "per";
+@@ -392,7 +392,7 @@
+ pwm4: pwm@208c000 {
+ compatible = "fsl,imx6ul-pwm", "fsl,imx27-pwm";
+ reg = <0x0208c000 0x4000>;
+- interrupts = <GIC_SPI 118 IRQ_TYPE_LEVEL_HIGH>;
++ interrupts = <GIC_SPI 86 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&clks IMX6UL_CLK_PWM4>,
+ <&clks IMX6UL_CLK_PWM4>;
+ clock-names = "ipg", "per";
+--
+2.20.1
+
--- /dev/null
+From bed89a390cba803f3a4b51da06966c6633a2c539 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Wed, 19 Jun 2019 15:04:54 +0200
+Subject: ARM: omap2: remove incorrect __init annotation
+
+[ Upstream commit 27e23d8975270df6999f8b5b3156fc0c04927451 ]
+
+omap3xxx_prm_enable_io_wakeup() is marked __init, but its caller is not, so
+we get a warning with clang-8:
+
+WARNING: vmlinux.o(.text+0x343c8): Section mismatch in reference from the function omap3xxx_prm_late_init() to the function .init.text:omap3xxx_prm_enable_io_wakeup()
+The function omap3xxx_prm_late_init() references
+the function __init omap3xxx_prm_enable_io_wakeup().
+This is often because omap3xxx_prm_late_init lacks a __init
+annotation or the annotation of omap3xxx_prm_enable_io_wakeup is wrong.
+
+When building with gcc, omap3xxx_prm_enable_io_wakeup() is always
+inlined, so we never noticed in the past.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
+Acked-by: Tony Lindgren <tony@atomide.com>
+Reviewed-by: Andrew Murray <andrew.murray@arm.com>
+Signed-off-by: Olof Johansson <olof@lixom.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/mach-omap2/prm3xxx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/mach-omap2/prm3xxx.c b/arch/arm/mach-omap2/prm3xxx.c
+index 05858f966f7d..dfa65fc2c82b 100644
+--- a/arch/arm/mach-omap2/prm3xxx.c
++++ b/arch/arm/mach-omap2/prm3xxx.c
+@@ -433,7 +433,7 @@ static void omap3_prm_reconfigure_io_chain(void)
+ * registers, and omap3xxx_prm_reconfigure_io_chain() must be called.
+ * No return value.
+ */
+-static void __init omap3xxx_prm_enable_io_wakeup(void)
++static void omap3xxx_prm_enable_io_wakeup(void)
+ {
+ if (prm_features & PRM_HAS_IO_WAKEUP)
+ omap2_prm_set_mod_reg_bits(OMAP3430_EN_IO_MASK, WKUP_MOD,
+--
+2.20.1
+
--- /dev/null
+From 6b28814f30c325dfd5e1e2153c6c8f35a10ae2a9 Mon Sep 17 00:00:00 2001
+From: Petr Oros <poros@redhat.com>
+Date: Wed, 19 Jun 2019 14:29:42 +0200
+Subject: be2net: fix link failure after ethtool offline test
+
+[ Upstream commit 2e5db6eb3c23e5dc8171eb8f6af7a97ef9fcf3a9 ]
+
+Certain cards in conjunction with certain switches need a little more
+time for link setup that results in ethtool link test failure after
+offline test. Patch adds a loop that waits for a link setup finish.
+
+Changes in v2:
+- added fixes header
+
+Fixes: 4276e47e2d1c ("be2net: Add link test to list of ethtool self tests.")
+Signed-off-by: Petr Oros <poros@redhat.com>
+Reviewed-by: Ivan Vecera <ivecera@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../net/ethernet/emulex/benet/be_ethtool.c | 28 +++++++++++++++----
+ 1 file changed, 22 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/net/ethernet/emulex/benet/be_ethtool.c b/drivers/net/ethernet/emulex/benet/be_ethtool.c
+index bfb16a474490..d1905d50c26c 100644
+--- a/drivers/net/ethernet/emulex/benet/be_ethtool.c
++++ b/drivers/net/ethernet/emulex/benet/be_ethtool.c
+@@ -895,7 +895,7 @@ static void be_self_test(struct net_device *netdev, struct ethtool_test *test,
+ u64 *data)
+ {
+ struct be_adapter *adapter = netdev_priv(netdev);
+- int status;
++ int status, cnt;
+ u8 link_status = 0;
+
+ if (adapter->function_caps & BE_FUNCTION_CAPS_SUPER_NIC) {
+@@ -906,6 +906,9 @@ static void be_self_test(struct net_device *netdev, struct ethtool_test *test,
+
+ memset(data, 0, sizeof(u64) * ETHTOOL_TESTS_NUM);
+
++ /* check link status before offline tests */
++ link_status = netif_carrier_ok(netdev);
++
+ if (test->flags & ETH_TEST_FL_OFFLINE) {
+ if (be_loopback_test(adapter, BE_MAC_LOOPBACK, &data[0]) != 0)
+ test->flags |= ETH_TEST_FL_FAILED;
+@@ -926,13 +929,26 @@ static void be_self_test(struct net_device *netdev, struct ethtool_test *test,
+ test->flags |= ETH_TEST_FL_FAILED;
+ }
+
+- status = be_cmd_link_status_query(adapter, NULL, &link_status, 0);
+- if (status) {
+- test->flags |= ETH_TEST_FL_FAILED;
+- data[4] = -1;
+- } else if (!link_status) {
++ /* link status was down prior to test */
++ if (!link_status) {
+ test->flags |= ETH_TEST_FL_FAILED;
+ data[4] = 1;
++ return;
++ }
++
++ for (cnt = 10; cnt; cnt--) {
++ status = be_cmd_link_status_query(adapter, NULL, &link_status,
++ 0);
++ if (status) {
++ test->flags |= ETH_TEST_FL_FAILED;
++ data[4] = -1;
++ break;
++ }
++
++ if (link_status)
++ break;
++
++ msleep_interruptible(500);
+ }
+ }
+
+--
+2.20.1
+
--- /dev/null
+From 2364e4e7e9deba70e860ee4326772e7daf095d72 Mon Sep 17 00:00:00 2001
+From: Tony Lindgren <tony@atomide.com>
+Date: Wed, 29 May 2019 23:55:57 -0700
+Subject: clk: ti: clkctrl: Fix returning uninitialized data
+
+[ Upstream commit 41b3588dba6ef4b7995735a97e47ff0aeea6c276 ]
+
+If we do a clk_get() for a clock that does not exists, we have
+_ti_omap4_clkctrl_xlate() return uninitialized data if no match
+is found. This can be seen in some cases with SLAB_DEBUG enabled:
+
+Unable to handle kernel paging request at virtual address 5a5a5a5a
+...
+clk_hw_create_clk.part.33
+sysc_notifier_call
+notifier_call_chain
+blocking_notifier_call_chain
+device_add
+
+Let's fix this by setting a found flag only when we find a match.
+
+Reported-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Fixes: 88a172526c32 ("clk: ti: add support for clkctrl clocks")
+Signed-off-by: Tony Lindgren <tony@atomide.com>
+Tested-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
+Tested-by: Tomi Valkeinen <tomi.valkeinen@ti.com>
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/clk/ti/clkctrl.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/clk/ti/clkctrl.c b/drivers/clk/ti/clkctrl.c
+index ca3218337fd7..dfaa5aad0692 100644
+--- a/drivers/clk/ti/clkctrl.c
++++ b/drivers/clk/ti/clkctrl.c
+@@ -229,6 +229,7 @@ static struct clk_hw *_ti_omap4_clkctrl_xlate(struct of_phandle_args *clkspec,
+ {
+ struct omap_clkctrl_provider *provider = data;
+ struct omap_clkctrl_clk *entry;
++ bool found = false;
+
+ if (clkspec->args_count != 2)
+ return ERR_PTR(-EINVAL);
+@@ -238,11 +239,13 @@ static struct clk_hw *_ti_omap4_clkctrl_xlate(struct of_phandle_args *clkspec,
+
+ list_for_each_entry(entry, &provider->clocks, node) {
+ if (entry->reg_offset == clkspec->args[0] &&
+- entry->bit_offset == clkspec->args[1])
++ entry->bit_offset == clkspec->args[1]) {
++ found = true;
+ break;
++ }
+ }
+
+- if (!entry)
++ if (!found)
+ return ERR_PTR(-EINVAL);
+
+ return entry->clk;
+--
+2.20.1
+
--- /dev/null
+From a082ce644bf8510664fba1a21bf47a3944dbb866 Mon Sep 17 00:00:00 2001
+From: Eiichi Tsukata <devel@etsukata.com>
+Date: Thu, 27 Jun 2019 11:47:32 +0900
+Subject: cpu/hotplug: Fix out-of-bounds read when setting fail state
+
+[ Upstream commit 33d4a5a7a5b4d02915d765064b2319e90a11cbde ]
+
+Setting invalid value to /sys/devices/system/cpu/cpuX/hotplug/fail
+can control `struct cpuhp_step *sp` address, results in the following
+global-out-of-bounds read.
+
+Reproducer:
+
+ # echo -2 > /sys/devices/system/cpu/cpu0/hotplug/fail
+
+KASAN report:
+
+ BUG: KASAN: global-out-of-bounds in write_cpuhp_fail+0x2cd/0x2e0
+ Read of size 8 at addr ffffffff89734438 by task bash/1941
+
+ CPU: 0 PID: 1941 Comm: bash Not tainted 5.2.0-rc6+ #31
+ Call Trace:
+ write_cpuhp_fail+0x2cd/0x2e0
+ dev_attr_store+0x58/0x80
+ sysfs_kf_write+0x13d/0x1a0
+ kernfs_fop_write+0x2bc/0x460
+ vfs_write+0x1e1/0x560
+ ksys_write+0x126/0x250
+ do_syscall_64+0xc1/0x390
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+ RIP: 0033:0x7f05e4f4c970
+
+ The buggy address belongs to the variable:
+ cpu_hotplug_lock+0x98/0xa0
+
+ Memory state around the buggy address:
+ ffffffff89734300: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
+ ffffffff89734380: fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00
+ >ffffffff89734400: 00 00 00 00 fa fa fa fa 00 00 00 00 fa fa fa fa
+ ^
+ ffffffff89734480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ ffffffff89734500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+
+Add a sanity check for the value written from user space.
+
+Fixes: 1db49484f21ed ("smp/hotplug: Hotplug state fail injection")
+Signed-off-by: Eiichi Tsukata <devel@etsukata.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: peterz@infradead.org
+Link: https://lkml.kernel.org/r/20190627024732.31672-1-devel@etsukata.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/cpu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/kernel/cpu.c b/kernel/cpu.c
+index 46aefe5c0e35..d9f855cb9f6f 100644
+--- a/kernel/cpu.c
++++ b/kernel/cpu.c
+@@ -1925,6 +1925,9 @@ static ssize_t write_cpuhp_fail(struct device *dev,
+ if (ret)
+ return ret;
+
++ if (fail < CPUHP_OFFLINE || fail > CPUHP_ONLINE)
++ return -EINVAL;
++
+ /*
+ * Cannot fail STARTING/DYING callbacks.
+ */
+--
+2.20.1
+
--- /dev/null
+From da6a7eb0031f92173281fee7c21a462659d2368f Mon Sep 17 00:00:00 2001
+From: Jerome Marchand <jmarchan@redhat.com>
+Date: Wed, 12 Jun 2019 18:22:26 +0200
+Subject: dm table: don't copy from a NULL pointer in realloc_argv()
+
+[ Upstream commit a0651926553cfe7992166432e418987760882652 ]
+
+For the first call to realloc_argv() in dm_split_args(), old_argv is
+NULL and size is zero. Then memcpy is called, with the NULL old_argv
+as the source argument and a zero size argument. AFAIK, this is
+undefined behavior and generates the following warning when compiled
+with UBSAN on ppc64le:
+
+In file included from ./arch/powerpc/include/asm/paca.h:19,
+ from ./arch/powerpc/include/asm/current.h:16,
+ from ./include/linux/sched.h:12,
+ from ./include/linux/kthread.h:6,
+ from drivers/md/dm-core.h:12,
+ from drivers/md/dm-table.c:8:
+In function 'memcpy',
+ inlined from 'realloc_argv' at drivers/md/dm-table.c:565:3,
+ inlined from 'dm_split_args' at drivers/md/dm-table.c:588:9:
+./include/linux/string.h:345:9: error: argument 2 null where non-null expected [-Werror=nonnull]
+ return __builtin_memcpy(p, q, size);
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
+drivers/md/dm-table.c: In function 'dm_split_args':
+./include/linux/string.h:345:9: note: in a call to built-in function '__builtin_memcpy'
+
+Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/md/dm-table.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
+index c7fe4789c40e..34ab30dd5de9 100644
+--- a/drivers/md/dm-table.c
++++ b/drivers/md/dm-table.c
+@@ -562,7 +562,7 @@ static char **realloc_argv(unsigned *size, char **old_argv)
+ gfp = GFP_NOIO;
+ }
+ argv = kmalloc_array(new_size, sizeof(*argv), gfp);
+- if (argv) {
++ if (argv && old_argv) {
+ memcpy(argv, old_argv, *size * sizeof(*argv));
+ *size = new_size;
+ }
+--
+2.20.1
+
--- /dev/null
+From 46fd64638ed91876c7ca030bdf89667edf94620b Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Thu, 20 Jun 2019 13:00:19 +0200
+Subject: dm verity: use message limit for data block corruption message
+
+[ Upstream commit 2eba4e640b2c4161e31ae20090a53ee02a518657 ]
+
+DM verity should also use DMERR_LIMIT to limit repeat data block
+corruption messages.
+
+Signed-off-by: Milan Broz <gmazyland@gmail.com>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/md/dm-verity-target.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
+index fc65f0dedf7f..e3599b43f9eb 100644
+--- a/drivers/md/dm-verity-target.c
++++ b/drivers/md/dm-verity-target.c
+@@ -236,8 +236,8 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type,
+ BUG();
+ }
+
+- DMERR("%s: %s block %llu is corrupted", v->data_dev->name, type_str,
+- block);
++ DMERR_LIMIT("%s: %s block %llu is corrupted", v->data_dev->name,
++ type_str, block);
+
+ if (v->corrupted_errs == DM_VERITY_MAX_CORRUPTED_ERRS)
+ DMERR("%s: reached maximum errors", v->data_dev->name);
+--
+2.20.1
+
--- /dev/null
+From 1c71c48e9bd7d4fc083e2f3d83bfe828190de668 Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Wed, 29 May 2019 15:28:28 +0200
+Subject: efi/bgrt: Drop BGRT status field reserved bits check
+
+[ Upstream commit a483fcab38b43fb34a7f12ab1daadd3907f150e2 ]
+
+Starting with ACPI 6.2 bits 1 and 2 of the BGRT status field are no longer
+reserved. These bits are now used to indicate if the image needs to be
+rotated before being displayed.
+
+The first device using these bits has now shown up (the GPD MicroPC) and
+the reserved bits check causes us to reject the valid BGRT table on this
+device.
+
+Rather then changing the reserved bits check, allowing only the 2 new bits,
+instead just completely remove it so that we do not end up with a similar
+problem when more bits are added in the future.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/firmware/efi/efi-bgrt.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/drivers/firmware/efi/efi-bgrt.c b/drivers/firmware/efi/efi-bgrt.c
+index b22ccfb0c991..2bf4d31f4967 100644
+--- a/drivers/firmware/efi/efi-bgrt.c
++++ b/drivers/firmware/efi/efi-bgrt.c
+@@ -50,11 +50,6 @@ void __init efi_bgrt_init(struct acpi_table_header *table)
+ bgrt->version);
+ goto out;
+ }
+- if (bgrt->status & 0xfe) {
+- pr_notice("Ignoring BGRT: reserved status bits are non-zero %u\n",
+- bgrt->status);
+- goto out;
+- }
+ if (bgrt->image_type != 0) {
+ pr_notice("Ignoring BGRT: invalid image type %u (expected 0)\n",
+ bgrt->image_type);
+--
+2.20.1
+
--- /dev/null
+From 0c0c29a4e8e18c9b79dee9863c1e2d7963a56f58 Mon Sep 17 00:00:00 2001
+From: Oleksandr Natalenko <oleksandr@redhat.com>
+Date: Fri, 21 Jun 2019 11:17:36 +0200
+Subject: HID: chicony: add another quirk for PixArt mouse
+
+[ Upstream commit dcf768b0ac868630e7bdb6f2f1c9fe72788012fa ]
+
+I've spotted another Chicony PixArt mouse in the wild, which requires
+HID_QUIRK_ALWAYS_POLL quirk, otherwise it disconnects each minute.
+
+USB ID of this device is 0x04f2:0x0939.
+
+We've introduced quirks like this for other models before, so lets add
+this mouse too.
+
+Link: https://github.com/sriemer/fix-linux-mouse#usb-mouse-disconnectsreconnects-every-minute-on-linux
+Signed-off-by: Oleksandr Natalenko <oleksandr@redhat.com>
+Acked-by: Sebastian Parschauer <s.parschauer@gmx.de>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-ids.h | 1 +
+ drivers/hid/hid-quirks.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
+index 92452992b368..97b4ecab7c12 100644
+--- a/drivers/hid/hid-ids.h
++++ b/drivers/hid/hid-ids.h
+@@ -265,6 +265,7 @@
+ #define USB_DEVICE_ID_CHICONY_MULTI_TOUCH 0xb19d
+ #define USB_DEVICE_ID_CHICONY_WIRELESS 0x0618
+ #define USB_DEVICE_ID_CHICONY_PIXART_USB_OPTICAL_MOUSE 0x1053
++#define USB_DEVICE_ID_CHICONY_PIXART_USB_OPTICAL_MOUSE2 0x0939
+ #define USB_DEVICE_ID_CHICONY_WIRELESS2 0x1123
+ #define USB_DEVICE_ID_ASUS_AK1D 0x1125
+ #define USB_DEVICE_ID_CHICONY_ACER_SWITCH12 0x1421
+diff --git a/drivers/hid/hid-quirks.c b/drivers/hid/hid-quirks.c
+index 5892f1bd037e..91e86af44a04 100644
+--- a/drivers/hid/hid-quirks.c
++++ b/drivers/hid/hid-quirks.c
+@@ -45,6 +45,7 @@ static const struct hid_device_id hid_quirks[] = {
+ { HID_USB_DEVICE(USB_VENDOR_ID_ATEN, USB_DEVICE_ID_ATEN_UC100KM), HID_QUIRK_NOGET },
+ { HID_USB_DEVICE(USB_VENDOR_ID_CHICONY, USB_DEVICE_ID_CHICONY_MULTI_TOUCH), HID_QUIRK_MULTI_INPUT },
+ { HID_USB_DEVICE(USB_VENDOR_ID_CHICONY, USB_DEVICE_ID_CHICONY_PIXART_USB_OPTICAL_MOUSE), HID_QUIRK_ALWAYS_POLL },
++ { HID_USB_DEVICE(USB_VENDOR_ID_CHICONY, USB_DEVICE_ID_CHICONY_PIXART_USB_OPTICAL_MOUSE2), HID_QUIRK_ALWAYS_POLL },
+ { HID_USB_DEVICE(USB_VENDOR_ID_CHICONY, USB_DEVICE_ID_CHICONY_WIRELESS), HID_QUIRK_MULTI_INPUT },
+ { HID_USB_DEVICE(USB_VENDOR_ID_CHIC, USB_DEVICE_ID_CHIC_GAMEPAD), HID_QUIRK_BADPAD },
+ { HID_USB_DEVICE(USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_3AXIS_5BUTTON_STICK), HID_QUIRK_NOGET },
+--
+2.20.1
+
--- /dev/null
+From aed493adb849ca7b2df4c50393534a62daa2d0be Mon Sep 17 00:00:00 2001
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Date: Fri, 14 Jun 2019 16:56:55 +0800
+Subject: HID: multitouch: Add pointstick support for ALPS Touchpad
+
+[ Upstream commit 0a95fc733da375de0688d0f1fd3a2869a1c1d499 ]
+
+There's a new ALPS touchpad/pointstick combo device that requires
+MT_CLS_WIN_8_DUAL to make its pointsitck work as a mouse.
+
+The device can be found on HP ZBook 17 G5.
+
+Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-ids.h | 1 +
+ drivers/hid/hid-multitouch.c | 4 ++++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h
+index 97b4ecab7c12..50b3c0d89c9c 100644
+--- a/drivers/hid/hid-ids.h
++++ b/drivers/hid/hid-ids.h
+@@ -82,6 +82,7 @@
+ #define HID_DEVICE_ID_ALPS_U1_DUAL_3BTN_PTP 0x1220
+ #define HID_DEVICE_ID_ALPS_U1 0x1215
+ #define HID_DEVICE_ID_ALPS_T4_BTNLESS 0x120C
++#define HID_DEVICE_ID_ALPS_1222 0x1222
+
+
+ #define USB_VENDOR_ID_AMI 0x046b
+diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
+index 184e49036e1d..f9167d0e095c 100644
+--- a/drivers/hid/hid-multitouch.c
++++ b/drivers/hid/hid-multitouch.c
+@@ -1788,6 +1788,10 @@ static const struct hid_device_id mt_devices[] = {
+ HID_DEVICE(BUS_I2C, HID_GROUP_MULTITOUCH_WIN_8,
+ USB_VENDOR_ID_ALPS_JP,
+ HID_DEVICE_ID_ALPS_U1_DUAL_3BTN_PTP) },
++ { .driver_data = MT_CLS_WIN_8_DUAL,
++ HID_DEVICE(BUS_I2C, HID_GROUP_MULTITOUCH_WIN_8,
++ USB_VENDOR_ID_ALPS_JP,
++ HID_DEVICE_ID_ALPS_1222) },
+
+ /* Lenovo X1 TAB Gen 2 */
+ { .driver_data = MT_CLS_WIN_8_DUAL,
+--
+2.20.1
+
--- /dev/null
+From 4f2839f5247534db85ac1e8a356d96117e2a0488 Mon Sep 17 00:00:00 2001
+From: Heyi Guo <guoheyi@huawei.com>
+Date: Mon, 13 May 2019 19:42:06 +0800
+Subject: irqchip/gic-v3-its: Fix command queue pointer comparison bug
+
+[ Upstream commit a050fa5476d418fc16b25abe168b3d38ba11e13c ]
+
+When we run several VMs with PCI passthrough and GICv4 enabled, not
+pinning vCPUs, we will occasionally see below warnings in dmesg:
+
+ITS queue timeout (65440 65504 480)
+ITS cmd its_build_vmovp_cmd failed
+
+The reason for the above issue is that in BUILD_SINGLE_CMD_FUNC:
+1. Post the write command.
+2. Release the lock.
+3. Start to read GITS_CREADR to get the reader pointer.
+4. Compare the reader pointer to the target pointer.
+5. If reader pointer does not reach the target, sleep 1us and continue
+to try.
+
+If we have several processors running the above concurrently, other
+CPUs will post write commands while the 1st CPU is waiting the
+completion. So we may have below issue:
+
+phase 1:
+---rd_idx-----from_idx-----to_idx--0---------
+
+wait 1us:
+
+phase 2:
+--------------from_idx-----to_idx--0-rd_idx--
+
+That is the rd_idx may fly ahead of to_idx, and if in case to_idx is
+near the wrap point, rd_idx will wrap around. So the below condition
+will not be met even after 1s:
+
+if (from_idx < to_idx && rd_idx >= to_idx)
+
+There is another theoretical issue. For a slow and busy ITS, the
+initial rd_idx may fall behind from_idx a lot, just as below:
+
+---rd_idx---0--from_idx-----to_idx-----------
+
+This will cause the wait function exit too early.
+
+Actually, it does not make much sense to use from_idx to judge if
+to_idx is wrapped, but we need a initial rd_idx when lock is still
+acquired, and it can be used to judge whether to_idx is wrapped and
+the current rd_idx is wrapped.
+
+We switch to a method of calculating the delta of two adjacent reads
+and accumulating it to get the sum, so that we can get the real rd_idx
+from the wrapped value even when the queue is almost full.
+
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Jason Cooper <jason@lakedaemon.net>
+Signed-off-by: Heyi Guo <guoheyi@huawei.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/irqchip/irq-gic-v3-its.c | 35 ++++++++++++++++++++++----------
+ 1 file changed, 24 insertions(+), 11 deletions(-)
+
+diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c
+index 65ab2c80529c..ee30e8965d1b 100644
+--- a/drivers/irqchip/irq-gic-v3-its.c
++++ b/drivers/irqchip/irq-gic-v3-its.c
+@@ -740,32 +740,43 @@ static void its_flush_cmd(struct its_node *its, struct its_cmd_block *cmd)
+ }
+
+ static int its_wait_for_range_completion(struct its_node *its,
+- struct its_cmd_block *from,
++ u64 prev_idx,
+ struct its_cmd_block *to)
+ {
+- u64 rd_idx, from_idx, to_idx;
++ u64 rd_idx, to_idx, linear_idx;
+ u32 count = 1000000; /* 1s! */
+
+- from_idx = its_cmd_ptr_to_offset(its, from);
++ /* Linearize to_idx if the command set has wrapped around */
+ to_idx = its_cmd_ptr_to_offset(its, to);
++ if (to_idx < prev_idx)
++ to_idx += ITS_CMD_QUEUE_SZ;
++
++ linear_idx = prev_idx;
+
+ while (1) {
++ s64 delta;
++
+ rd_idx = readl_relaxed(its->base + GITS_CREADR);
+
+- /* Direct case */
+- if (from_idx < to_idx && rd_idx >= to_idx)
+- break;
++ /*
++ * Compute the read pointer progress, taking the
++ * potential wrap-around into account.
++ */
++ delta = rd_idx - prev_idx;
++ if (rd_idx < prev_idx)
++ delta += ITS_CMD_QUEUE_SZ;
+
+- /* Wrapped case */
+- if (from_idx >= to_idx && rd_idx >= to_idx && rd_idx < from_idx)
++ linear_idx += delta;
++ if (linear_idx >= to_idx)
+ break;
+
+ count--;
+ if (!count) {
+- pr_err_ratelimited("ITS queue timeout (%llu %llu %llu)\n",
+- from_idx, to_idx, rd_idx);
++ pr_err_ratelimited("ITS queue timeout (%llu %llu)\n",
++ to_idx, linear_idx);
+ return -1;
+ }
++ prev_idx = rd_idx;
+ cpu_relax();
+ udelay(1);
+ }
+@@ -782,6 +793,7 @@ void name(struct its_node *its, \
+ struct its_cmd_block *cmd, *sync_cmd, *next_cmd; \
+ synctype *sync_obj; \
+ unsigned long flags; \
++ u64 rd_idx; \
+ \
+ raw_spin_lock_irqsave(&its->lock, flags); \
+ \
+@@ -803,10 +815,11 @@ void name(struct its_node *its, \
+ } \
+ \
+ post: \
++ rd_idx = readl_relaxed(its->base + GITS_CREADR); \
+ next_cmd = its_post_commands(its); \
+ raw_spin_unlock_irqrestore(&its->lock, flags); \
+ \
+- if (its_wait_for_range_completion(its, cmd, next_cmd)) \
++ if (its_wait_for_range_completion(its, rd_idx, next_cmd)) \
+ pr_err_ratelimited("ITS cmd %ps failed\n", builder); \
+ }
+
+--
+2.20.1
+
--- /dev/null
+From 119bc71617bc7646463bee4ff9ec2bec08b116b1 Mon Sep 17 00:00:00 2001
+From: Vinod Koul <vkoul@kernel.org>
+Date: Fri, 28 Jun 2019 12:07:21 -0700
+Subject: linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL
+
+[ Upstream commit 8f9fab480c7a87b10bb5440b5555f370272a5d59 ]
+
+DIV_ROUND_UP_ULL adds the two arguments and then invokes
+DIV_ROUND_DOWN_ULL. But on a 32bit system the addition of two 32 bit
+values can overflow. DIV_ROUND_DOWN_ULL does it correctly and stashes
+the addition into a unsigned long long so cast the result to unsigned
+long long here to avoid the overflow condition.
+
+[akpm@linux-foundation.org: DIV_ROUND_UP_ULL must be an rval]
+Link: http://lkml.kernel.org/r/20190625100518.30753-1-vkoul@kernel.org
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
+Cc: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/kernel.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/linux/kernel.h b/include/linux/kernel.h
+index 3d83ebb302cf..f6f94e54ab96 100644
+--- a/include/linux/kernel.h
++++ b/include/linux/kernel.h
+@@ -118,7 +118,8 @@
+ #define DIV_ROUND_DOWN_ULL(ll, d) \
+ ({ unsigned long long _tmp = (ll); do_div(_tmp, d); _tmp; })
+
+-#define DIV_ROUND_UP_ULL(ll, d) DIV_ROUND_DOWN_ULL((ll) + (d) - 1, (d))
++#define DIV_ROUND_UP_ULL(ll, d) \
++ DIV_ROUND_DOWN_ULL((unsigned long long)(ll) + (d) - 1, (d))
+
+ #if BITS_PER_LONG == 32
+ # define DIV_ROUND_UP_SECTOR_T(ll,d) DIV_ROUND_UP_ULL(ll, d)
+--
+2.20.1
+
--- /dev/null
+From c40fc174b6bbe77e871e6433ac75a566293f1c75 Mon Sep 17 00:00:00 2001
+From: Peter Zijlstra <peterz@infradead.org>
+Date: Wed, 29 May 2019 14:37:24 +0200
+Subject: perf/core: Fix perf_sample_regs_user() mm check
+
+[ Upstream commit 085ebfe937d7a7a5df1729f35a12d6d655fea68c ]
+
+perf_sample_regs_user() uses 'current->mm' to test for the presence of
+userspace, but this is insufficient, consider use_mm().
+
+A better test is: '!(current->flags & PF_KTHREAD)', exec() clears
+PF_KTHREAD after it sets the new ->mm but before it drops to userspace
+for the first time.
+
+Possibly obsoletes: bf05fc25f268 ("powerpc/perf: Fix oops when kthread execs user process")
+
+Reported-by: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
+Reported-by: Young Xiao <92siuyang@gmail.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
+Cc: Frederic Weisbecker <fweisbec@gmail.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Michael Ellerman <mpe@ellerman.id.au>
+Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Stephane Eranian <eranian@google.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: 4018994f3d87 ("perf: Add ability to attach user level registers dump to sample")
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/events/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 171b83ebed4a..3b61ff40bfe2 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -5906,7 +5906,7 @@ static void perf_sample_regs_user(struct perf_regs *regs_user,
+ if (user_mode(regs)) {
+ regs_user->abi = perf_reg_abi(current);
+ regs_user->regs = regs;
+- } else if (current->mm) {
++ } else if (!(current->flags & PF_KTHREAD)) {
+ perf_get_regs_user(regs_user, regs, regs_user_copy);
+ } else {
+ regs_user->abi = PERF_SAMPLE_REGS_ABI_NONE;
+--
+2.20.1
+
--- /dev/null
+From b55df59e6a397bb54ccf219516df5d09acf0d38d Mon Sep 17 00:00:00 2001
+From: Phil Reid <preid@electromag.com.au>
+Date: Thu, 13 Jun 2019 12:10:23 +0800
+Subject: pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order
+
+[ Upstream commit 6dbc6e6f58556369bf999cd7d9793586f1b0e4b4 ]
+
+Currently probing of the mcp23s08 results in an error message
+"detected irqchip that is shared with multiple gpiochips:
+please fix the driver"
+
+This is due to the following:
+
+Call to mcp23s08_irqchip_setup() with call hierarchy:
+mcp23s08_irqchip_setup()
+ gpiochip_irqchip_add_nested()
+ gpiochip_irqchip_add_key()
+ gpiochip_set_irq_hooks()
+
+Call to devm_gpiochip_add_data() with call hierarchy:
+devm_gpiochip_add_data()
+ gpiochip_add_data_with_key()
+ gpiochip_add_irqchip()
+ gpiochip_set_irq_hooks()
+
+The gpiochip_add_irqchip() returns immediately if there isn't a irqchip
+but we added a irqchip due to the previous mcp23s08_irqchip_setup()
+call. So it calls gpiochip_set_irq_hooks() a second time.
+
+Fix this by moving the call to devm_gpiochip_add_data before
+the call to mcp23s08_irqchip_setup
+
+Fixes: 02e389e63e35 ("pinctrl: mcp23s08: fix irq setup order")
+Suggested-by: Marco Felsch <m.felsch@pengutronix.de>
+Signed-off-by: Phil Reid <preid@electromag.com.au>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pinctrl/pinctrl-mcp23s08.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/pinctrl/pinctrl-mcp23s08.c b/drivers/pinctrl/pinctrl-mcp23s08.c
+index cecbce21d01f..33c3eca0ece9 100644
+--- a/drivers/pinctrl/pinctrl-mcp23s08.c
++++ b/drivers/pinctrl/pinctrl-mcp23s08.c
+@@ -889,6 +889,10 @@ static int mcp23s08_probe_one(struct mcp23s08 *mcp, struct device *dev,
+ if (ret < 0)
+ goto fail;
+
++ ret = devm_gpiochip_add_data(dev, &mcp->chip, mcp);
++ if (ret < 0)
++ goto fail;
++
+ mcp->irq_controller =
+ device_property_read_bool(dev, "interrupt-controller");
+ if (mcp->irq && mcp->irq_controller) {
+@@ -930,10 +934,6 @@ static int mcp23s08_probe_one(struct mcp23s08 *mcp, struct device *dev,
+ goto fail;
+ }
+
+- ret = devm_gpiochip_add_data(dev, &mcp->chip, mcp);
+- if (ret < 0)
+- goto fail;
+-
+ if (one_regmap_config) {
+ mcp->pinctrl_desc.name = devm_kasprintf(dev, GFP_KERNEL,
+ "mcp23xxx-pinctrl.%d", raw_chip_address);
+--
+2.20.1
+
--- /dev/null
+From 007987d6072d7ea41235ec1e9964ca8dfc1f524d Mon Sep 17 00:00:00 2001
+From: Nicolas Boichat <drinkcat@chromium.org>
+Date: Mon, 29 Apr 2019 11:55:14 +0800
+Subject: pinctrl: mediatek: Ignore interrupts that are wake only during resume
+
+[ Upstream commit 35594bc7cecf3a78504b590e350570e8f4d7779e ]
+
+Before suspending, mtk-eint would set the interrupt mask to the
+one in wake_mask. However, some of these interrupts may not have a
+corresponding interrupt handler, or the interrupt may be disabled.
+
+On resume, the eint irq handler would trigger nevertheless,
+and irq/pm.c:irq_pm_check_wakeup would be called, which would
+try to call irq_disable. However, if the interrupt is not enabled
+(irqd_irq_disabled(&desc->irq_data) is true), the call does nothing,
+and the interrupt is left enabled in the eint driver.
+
+Especially for level-sensitive interrupts, this will lead to an
+interrupt storm on resume.
+
+If we detect that an interrupt is only in wake_mask, but not in
+cur_mask, we can just mask it out immediately (as mtk_eint_resume
+would do anyway at a later stage in the resume sequence, when
+restoring cur_mask).
+
+Fixes: bf22ff45bed6 ("genirq: Avoid unnecessary low level irq function calls")
+Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
+Acked-by: Sean Wang <sean.wang@kernel.org>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pinctrl/mediatek/mtk-eint.c | 16 +++++++++++++++-
+ 1 file changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/pinctrl/mediatek/mtk-eint.c b/drivers/pinctrl/mediatek/mtk-eint.c
+index a613e546717a..b9f3c02ba59d 100644
+--- a/drivers/pinctrl/mediatek/mtk-eint.c
++++ b/drivers/pinctrl/mediatek/mtk-eint.c
+@@ -318,7 +318,7 @@ static void mtk_eint_irq_handler(struct irq_desc *desc)
+ struct irq_chip *chip = irq_desc_get_chip(desc);
+ struct mtk_eint *eint = irq_desc_get_handler_data(desc);
+ unsigned int status, eint_num;
+- int offset, index, virq;
++ int offset, mask_offset, index, virq;
+ void __iomem *reg = mtk_eint_get_offset(eint, 0, eint->regs->stat);
+ int dual_edge, start_level, curr_level;
+
+@@ -328,10 +328,24 @@ static void mtk_eint_irq_handler(struct irq_desc *desc)
+ status = readl(reg);
+ while (status) {
+ offset = __ffs(status);
++ mask_offset = eint_num >> 5;
+ index = eint_num + offset;
+ virq = irq_find_mapping(eint->domain, index);
+ status &= ~BIT(offset);
+
++ /*
++ * If we get an interrupt on pin that was only required
++ * for wake (but no real interrupt requested), mask the
++ * interrupt (as would mtk_eint_resume do anyway later
++ * in the resume sequence).
++ */
++ if (eint->wake_mask[mask_offset] & BIT(offset) &&
++ !(eint->cur_mask[mask_offset] & BIT(offset))) {
++ writel_relaxed(BIT(offset), reg -
++ eint->regs->stat +
++ eint->regs->mask_set);
++ }
++
+ dual_edge = eint->dual_edge[index];
+ if (dual_edge) {
+ /*
+--
+2.20.1
+
--- /dev/null
+From 78af18de80e972ebcc15758f75aabb249253f64d Mon Sep 17 00:00:00 2001
+From: Nicolas Boichat <drinkcat@chromium.org>
+Date: Wed, 26 Jun 2019 11:54:45 +0800
+Subject: pinctrl: mediatek: Update cur_mask in mask/mask ops
+
+[ Upstream commit 9d957a959bc8c3dfe37572ac8e99affb5a885965 ]
+
+During suspend/resume, mtk_eint_mask may be called while
+wake_mask is active. For example, this happens if a wake-source
+with an active interrupt handler wakes the system:
+irq/pm.c:irq_pm_check_wakeup would disable the interrupt, so
+that it can be handled later on in the resume flow.
+
+However, this may happen before mtk_eint_do_resume is called:
+in this case, wake_mask is loaded, and cur_mask is restored
+from an older copy, re-enabling the interrupt, and causing
+an interrupt storm (especially for level interrupts).
+
+Step by step, for a line that has both wake and interrupt enabled:
+ 1. cur_mask[irq] = 1; wake_mask[irq] = 1; EINT_EN[irq] = 1 (interrupt
+ enabled at hardware level)
+ 2. System suspends, resumes due to that line (at this stage EINT_EN
+ == wake_mask)
+ 3. irq_pm_check_wakeup is called, and disables the interrupt =>
+ EINT_EN[irq] = 0, but we still have cur_mask[irq] = 1
+ 4. mtk_eint_do_resume is called, and restores EINT_EN = cur_mask, so
+ it reenables EINT_EN[irq] = 1 => interrupt storm as the driver
+ is not yet ready to handle the interrupt.
+
+This patch fixes the issue in step 3, by recording all mask/unmask
+changes in cur_mask. This also avoids the need to read the current
+mask in eint_do_suspend, and we can remove mtk_eint_chip_read_mask
+function.
+
+The interrupt will be re-enabled properly later on, sometimes after
+mtk_eint_do_resume, when the driver is ready to handle it.
+
+Fixes: 58a5e1b64bb0 ("pinctrl: mediatek: Implement wake handler and suspend resume")
+Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
+Acked-by: Sean Wang <sean.wang@kernel.org>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pinctrl/mediatek/mtk-eint.c | 18 ++++--------------
+ 1 file changed, 4 insertions(+), 14 deletions(-)
+
+diff --git a/drivers/pinctrl/mediatek/mtk-eint.c b/drivers/pinctrl/mediatek/mtk-eint.c
+index b9f3c02ba59d..564cfaee129d 100644
+--- a/drivers/pinctrl/mediatek/mtk-eint.c
++++ b/drivers/pinctrl/mediatek/mtk-eint.c
+@@ -113,6 +113,8 @@ static void mtk_eint_mask(struct irq_data *d)
+ void __iomem *reg = mtk_eint_get_offset(eint, d->hwirq,
+ eint->regs->mask_set);
+
++ eint->cur_mask[d->hwirq >> 5] &= ~mask;
++
+ writel(mask, reg);
+ }
+
+@@ -123,6 +125,8 @@ static void mtk_eint_unmask(struct irq_data *d)
+ void __iomem *reg = mtk_eint_get_offset(eint, d->hwirq,
+ eint->regs->mask_clr);
+
++ eint->cur_mask[d->hwirq >> 5] |= mask;
++
+ writel(mask, reg);
+
+ if (eint->dual_edge[d->hwirq])
+@@ -217,19 +221,6 @@ static void mtk_eint_chip_write_mask(const struct mtk_eint *eint,
+ }
+ }
+
+-static void mtk_eint_chip_read_mask(const struct mtk_eint *eint,
+- void __iomem *base, u32 *buf)
+-{
+- int port;
+- void __iomem *reg;
+-
+- for (port = 0; port < eint->hw->ports; port++) {
+- reg = base + eint->regs->mask + (port << 2);
+- buf[port] = ~readl_relaxed(reg);
+- /* Mask is 0 when irq is enabled, and 1 when disabled. */
+- }
+-}
+-
+ static int mtk_eint_irq_request_resources(struct irq_data *d)
+ {
+ struct mtk_eint *eint = irq_data_get_irq_chip_data(d);
+@@ -384,7 +375,6 @@ static void mtk_eint_irq_handler(struct irq_desc *desc)
+
+ int mtk_eint_do_suspend(struct mtk_eint *eint)
+ {
+- mtk_eint_chip_read_mask(eint, eint->base, eint->cur_mask);
+ mtk_eint_chip_write_mask(eint, eint->base, eint->wake_mask);
+
+ return 0;
+--
+2.20.1
+
--- /dev/null
+From 16907457f7e08afd63b94593d99b4009c22c538b Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 19 Jun 2019 15:34:07 +0200
+Subject: ppp: mppe: Add softdep to arc4
+
+[ Upstream commit aad1dcc4f011ea409850e040363dff1e59aa4175 ]
+
+The arc4 crypto is mandatory at ppp_mppe probe time, so let's put a
+softdep line, so that the corresponding module gets prepared
+gracefully. Without this, a simple inclusion to initrd via dracut
+failed due to the missing dependency, for example.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ppp/ppp_mppe.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp/ppp_mppe.c
+index a205750b431b..8609c1a0777b 100644
+--- a/drivers/net/ppp/ppp_mppe.c
++++ b/drivers/net/ppp/ppp_mppe.c
+@@ -63,6 +63,7 @@ MODULE_AUTHOR("Frank Cusack <fcusack@fcusack.com>");
+ MODULE_DESCRIPTION("Point-to-Point Protocol Microsoft Point-to-Point Encryption support");
+ MODULE_LICENSE("Dual BSD/GPL");
+ MODULE_ALIAS("ppp-compress-" __stringify(CI_MPPE));
++MODULE_SOFTDEP("pre: arc4");
+ MODULE_VERSION("1.0.2");
+
+ static unsigned int
+--
+2.20.1
+
nilfs2-do-not-use-unexported-cpu_to_le32-le32_to_cpu-in-uapi-header.patch
drivers-base-cacheinfo-ensure-cpu-hotplug-work-is-done-before-intel-rdt.patch
firmware-improve-lsm-ima-security-behaviour.patch
+irqchip-gic-v3-its-fix-command-queue-pointer-compari.patch
+clk-ti-clkctrl-fix-returning-uninitialized-data.patch
+efi-bgrt-drop-bgrt-status-field-reserved-bits-check.patch
+perf-core-fix-perf_sample_regs_user-mm-check.patch
+arm-dts-gemini-fix-up-dns-313-compatible-string.patch
+arm-omap2-remove-incorrect-__init-annotation.patch
+afs-fix-uninitialised-spinlock-afs_volume-cb_break_l.patch
+x86-apic-fix-integer-overflow-on-10-bit-left-shift-o.patch
+be2net-fix-link-failure-after-ethtool-offline-test.patch
+ppp-mppe-add-softdep-to-arc4.patch
+sis900-fix-tx-completion.patch
+arm-dts-imx6ul-fix-pwm-1-4-interrupts.patch
+pinctrl-mcp23s08-fix-add_data-and-irqchip_add_nested.patch
+dm-table-don-t-copy-from-a-null-pointer-in-realloc_a.patch
+dm-verity-use-message-limit-for-data-block-corruptio.patch
+x86-boot-64-fix-crash-if-kernel-image-crosses-page-t.patch
+x86-boot-64-add-missing-fixup_pointer-for-next_early.patch
+hid-chicony-add-another-quirk-for-pixart-mouse.patch
+hid-multitouch-add-pointstick-support-for-alps-touch.patch
+pinctrl-mediatek-ignore-interrupts-that-are-wake-onl.patch
+cpu-hotplug-fix-out-of-bounds-read-when-setting-fail.patch
+pinctrl-mediatek-update-cur_mask-in-mask-mask-ops.patch
+linux-kernel.h-fix-overflow-for-div_round_up_ull.patch
--- /dev/null
+From bc436ab983f089b6cb114bce997849c8cb20d368 Mon Sep 17 00:00:00 2001
+From: Sergej Benilov <sergej.benilov@googlemail.com>
+Date: Thu, 20 Jun 2019 11:02:18 +0200
+Subject: sis900: fix TX completion
+
+[ Upstream commit 8ac8a01092b2added0749ef937037bf1912e13e3 ]
+
+Since commit 605ad7f184b60cfaacbc038aa6c55ee68dee3c89 "tcp: refine TSO autosizing",
+outbound throughput is dramatically reduced for some connections, as sis900
+is doing TX completion within idle states only.
+
+Make TX completion happen after every transmitted packet.
+
+Test:
+netperf
+
+before patch:
+> netperf -H remote -l -2000000 -- -s 1000000
+MIGRATED TCP STREAM TEST from 0.0.0.0 () port 0 AF_INET to 95.223.112.76 () port 0 AF_INET : demo
+Recv Send Send
+Socket Socket Message Elapsed
+Size Size Size Time Throughput
+bytes bytes bytes secs. 10^6bits/sec
+
+ 87380 327680 327680 253.44 0.06
+
+after patch:
+> netperf -H remote -l -10000000 -- -s 1000000
+MIGRATED TCP STREAM TEST from 0.0.0.0 () port 0 AF_INET to 95.223.112.76 () port 0 AF_INET : demo
+Recv Send Send
+Socket Socket Message Elapsed
+Size Size Size Time Throughput
+bytes bytes bytes secs. 10^6bits/sec
+
+ 87380 327680 327680 5.38 14.89
+
+Thx to Dave Miller and Eric Dumazet for helpful hints
+
+Signed-off-by: Sergej Benilov <sergej.benilov@googlemail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/sis/sis900.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/net/ethernet/sis/sis900.c b/drivers/net/ethernet/sis/sis900.c
+index 4bb89f74742c..d5bcbc40a55f 100644
+--- a/drivers/net/ethernet/sis/sis900.c
++++ b/drivers/net/ethernet/sis/sis900.c
+@@ -1057,7 +1057,7 @@ sis900_open(struct net_device *net_dev)
+ sis900_set_mode(sis_priv, HW_SPEED_10_MBPS, FDX_CAPABLE_HALF_SELECTED);
+
+ /* Enable all known interrupts by setting the interrupt mask. */
+- sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE);
++ sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE | TxDESC);
+ sw32(cr, RxENA | sr32(cr));
+ sw32(ier, IE);
+
+@@ -1578,7 +1578,7 @@ static void sis900_tx_timeout(struct net_device *net_dev)
+ sw32(txdp, sis_priv->tx_ring_dma);
+
+ /* Enable all known interrupts by setting the interrupt mask. */
+- sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE);
++ sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE | TxDESC);
+ }
+
+ /**
+@@ -1618,7 +1618,7 @@ sis900_start_xmit(struct sk_buff *skb, struct net_device *net_dev)
+ spin_unlock_irqrestore(&sis_priv->lock, flags);
+ return NETDEV_TX_OK;
+ }
+- sis_priv->tx_ring[entry].cmdsts = (OWN | skb->len);
++ sis_priv->tx_ring[entry].cmdsts = (OWN | INTR | skb->len);
+ sw32(cr, TxENA | sr32(cr));
+
+ sis_priv->cur_tx ++;
+@@ -1674,7 +1674,7 @@ static irqreturn_t sis900_interrupt(int irq, void *dev_instance)
+ do {
+ status = sr32(isr);
+
+- if ((status & (HIBERR|TxURN|TxERR|TxIDLE|RxORN|RxERR|RxOK)) == 0)
++ if ((status & (HIBERR|TxURN|TxERR|TxIDLE|TxDESC|RxORN|RxERR|RxOK)) == 0)
+ /* nothing intresting happened */
+ break;
+ handled = 1;
+@@ -1684,7 +1684,7 @@ static irqreturn_t sis900_interrupt(int irq, void *dev_instance)
+ /* Rx interrupt */
+ sis900_rx(net_dev);
+
+- if (status & (TxURN | TxERR | TxIDLE))
++ if (status & (TxURN | TxERR | TxIDLE | TxDESC))
+ /* Tx interrupt */
+ sis900_finish_xmit(net_dev);
+
+@@ -1896,8 +1896,8 @@ static void sis900_finish_xmit (struct net_device *net_dev)
+
+ if (tx_status & OWN) {
+ /* The packet is not transmitted yet (owned by hardware) !
+- * Note: the interrupt is generated only when Tx Machine
+- * is idle, so this is an almost impossible case */
++ * Note: this is an almost impossible condition
++ * in case of TxDESC ('descriptor interrupt') */
+ break;
+ }
+
+@@ -2473,7 +2473,7 @@ static int sis900_resume(struct pci_dev *pci_dev)
+ sis900_set_mode(sis_priv, HW_SPEED_10_MBPS, FDX_CAPABLE_HALF_SELECTED);
+
+ /* Enable all known interrupts by setting the interrupt mask. */
+- sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE);
++ sw32(imr, RxSOVR | RxORN | RxERR | RxOK | TxURN | TxERR | TxIDLE | TxDESC);
+ sw32(cr, RxENA | sr32(cr));
+ sw32(ier, IE);
+
+--
+2.20.1
+
--- /dev/null
+From c3b0b6c7f7325a2326335a95280230b4b6d59b99 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Wed, 19 Jun 2019 19:14:46 +0100
+Subject: x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz
+
+[ Upstream commit ea136a112d89bade596314a1ae49f748902f4727 ]
+
+The left shift of unsigned int cpu_khz will overflow for large values of
+cpu_khz, so cast it to a long long before shifting it to avoid overvlow.
+For example, this can happen when cpu_khz is 4194305, i.e. ~4.2 GHz.
+
+Addresses-Coverity: ("Unintentional integer overflow")
+Fixes: 8c3ba8d04924 ("x86, apic: ack all pending irqs when crashed/on kexec")
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: "H . Peter Anvin" <hpa@zytor.com>
+Cc: kernel-janitors@vger.kernel.org
+Link: https://lkml.kernel.org/r/20190619181446.13635-1-colin.king@canonical.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/apic/apic.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c
+index 84132eddb5a8..2646234380cc 100644
+--- a/arch/x86/kernel/apic/apic.c
++++ b/arch/x86/kernel/apic/apic.c
+@@ -1452,7 +1452,8 @@ static void apic_pending_intr_clear(void)
+ if (queued) {
+ if (boot_cpu_has(X86_FEATURE_TSC) && cpu_khz) {
+ ntsc = rdtsc();
+- max_loops = (cpu_khz << 10) - (ntsc - tsc);
++ max_loops = (long long)cpu_khz << 10;
++ max_loops -= ntsc - tsc;
+ } else {
+ max_loops--;
+ }
+--
+2.20.1
+
--- /dev/null
+From 736261dd3410c68ca2613a2f8c8877dbdbaa0f68 Mon Sep 17 00:00:00 2001
+From: "Kirill A. Shutemov" <kirill@shutemov.name>
+Date: Thu, 20 Jun 2019 14:24:22 +0300
+Subject: x86/boot/64: Add missing fixup_pointer() for next_early_pgt access
+
+[ Upstream commit c1887159eb48ba40e775584cfb2a443962cf1a05 ]
+
+__startup_64() uses fixup_pointer() to access global variables in a
+position-independent fashion. Access to next_early_pgt was wrapped into the
+helper, but one instance in the 5-level paging branch was missed.
+
+GCC generates a R_X86_64_PC32 PC-relative relocation for the access which
+doesn't trigger the issue, but Clang emmits a R_X86_64_32S which leads to
+an invalid memory access and system reboot.
+
+Fixes: 187e91fe5e91 ("x86/boot/64/clang: Use fixup_pointer() to access 'next_early_pgt'")
+Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Alexander Potapenko <glider@google.com>
+Link: https://lkml.kernel.org/r/20190620112422.29264-1-kirill.shutemov@linux.intel.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/head64.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
+index cc5b519dc687..250cfa85b633 100644
+--- a/arch/x86/kernel/head64.c
++++ b/arch/x86/kernel/head64.c
+@@ -184,7 +184,8 @@ unsigned long __head __startup_64(unsigned long physaddr,
+ pgtable_flags = _KERNPG_TABLE_NOENC + sme_get_me_mask();
+
+ if (la57) {
+- p4d = fixup_pointer(early_dynamic_pgts[next_early_pgt++], physaddr);
++ p4d = fixup_pointer(early_dynamic_pgts[(*next_pgt_ptr)++],
++ physaddr);
+
+ i = (physaddr >> PGDIR_SHIFT) % PTRS_PER_PGD;
+ pgd[i + 0] = (pgdval_t)p4d + pgtable_flags;
+--
+2.20.1
+
--- /dev/null
+From a02a2e83ab164acd007c5a42656bb7c36a27dfdd Mon Sep 17 00:00:00 2001
+From: "Kirill A. Shutemov" <kirill@shutemov.name>
+Date: Thu, 20 Jun 2019 14:23:45 +0300
+Subject: x86/boot/64: Fix crash if kernel image crosses page table boundary
+
+[ Upstream commit 81c7ed296dcd02bc0b4488246d040e03e633737a ]
+
+A kernel which boots in 5-level paging mode crashes in a small percentage
+of cases if KASLR is enabled.
+
+This issue was tracked down to the case when the kernel image unpacks in a
+way that it crosses an 1G boundary. The crash is caused by an overrun of
+the PMD page table in __startup_64() and corruption of P4D page table
+allocated next to it. This particular issue is not visible with 4-level
+paging as P4D page tables are not used.
+
+But the P4D and the PUD calculation have similar problems.
+
+The PMD index calculation is wrong due to operator precedence, which fails
+to confine the PMDs in the PMD array on wrap around.
+
+The P4D calculation for 5-level paging and the PUD calculation calculate
+the first index correctly, but then blindly increment it which causes the
+same issue when a kernel image is located across a 512G and for 5-level
+paging across a 46T boundary.
+
+This wrap around mishandling was introduced when these parts moved from
+assembly to C.
+
+Restore it to the correct behaviour.
+
+Fixes: c88d71508e36 ("x86/boot/64: Rewrite startup_64() in C")
+Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/20190620112345.28833-1-kirill.shutemov@linux.intel.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/head64.c | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
+index ddee1f0870c4..cc5b519dc687 100644
+--- a/arch/x86/kernel/head64.c
++++ b/arch/x86/kernel/head64.c
+@@ -190,18 +190,18 @@ unsigned long __head __startup_64(unsigned long physaddr,
+ pgd[i + 0] = (pgdval_t)p4d + pgtable_flags;
+ pgd[i + 1] = (pgdval_t)p4d + pgtable_flags;
+
+- i = (physaddr >> P4D_SHIFT) % PTRS_PER_P4D;
+- p4d[i + 0] = (pgdval_t)pud + pgtable_flags;
+- p4d[i + 1] = (pgdval_t)pud + pgtable_flags;
++ i = physaddr >> P4D_SHIFT;
++ p4d[(i + 0) % PTRS_PER_P4D] = (pgdval_t)pud + pgtable_flags;
++ p4d[(i + 1) % PTRS_PER_P4D] = (pgdval_t)pud + pgtable_flags;
+ } else {
+ i = (physaddr >> PGDIR_SHIFT) % PTRS_PER_PGD;
+ pgd[i + 0] = (pgdval_t)pud + pgtable_flags;
+ pgd[i + 1] = (pgdval_t)pud + pgtable_flags;
+ }
+
+- i = (physaddr >> PUD_SHIFT) % PTRS_PER_PUD;
+- pud[i + 0] = (pudval_t)pmd + pgtable_flags;
+- pud[i + 1] = (pudval_t)pmd + pgtable_flags;
++ i = physaddr >> PUD_SHIFT;
++ pud[(i + 0) % PTRS_PER_PUD] = (pudval_t)pmd + pgtable_flags;
++ pud[(i + 1) % PTRS_PER_PUD] = (pudval_t)pmd + pgtable_flags;
+
+ pmd_entry = __PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL;
+ /* Filter out unsupported __PAGE_KERNEL_* bits: */
+@@ -211,8 +211,9 @@ unsigned long __head __startup_64(unsigned long physaddr,
+ pmd_entry += physaddr;
+
+ for (i = 0; i < DIV_ROUND_UP(_end - _text, PMD_SIZE); i++) {
+- int idx = i + (physaddr >> PMD_SHIFT) % PTRS_PER_PMD;
+- pmd[idx] = pmd_entry + i * PMD_SIZE;
++ int idx = i + (physaddr >> PMD_SHIFT);
++
++ pmd[idx % PTRS_PER_PMD] = pmd_entry + i * PMD_SIZE;
+ }
+
+ /*
+--
+2.20.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
