--- /dev/null
+From 9e25ebfe56ece7541cd10a20d715cbdd148a2e06 Mon Sep 17 00:00:00 2001
+From: Doug Berger <opendmb@gmail.com>
+Date: Thu, 29 Jun 2017 18:41:36 +0100
+Subject: ARM: 8685/1: ensure memblock-limit is pmd-aligned
+
+From: Doug Berger <opendmb@gmail.com>
+
+commit 9e25ebfe56ece7541cd10a20d715cbdd148a2e06 upstream.
+
+The pmd containing memblock_limit is cleared by prepare_page_table()
+which creates the opportunity for early_alloc() to allocate unmapped
+memory if memblock_limit is not pmd aligned causing a boot-time hang.
+
+Commit 965278dcb8ab ("ARM: 8356/1: mm: handle non-pmd-aligned end of RAM")
+attempted to resolve this problem, but there is a path through the
+adjust_lowmem_bounds() routine where if all memory regions start and
+end on pmd-aligned addresses the memblock_limit will be set to
+arm_lowmem_limit.
+
+Since arm_lowmem_limit can be affected by the vmalloc early parameter,
+the value of arm_lowmem_limit may not be pmd-aligned. This commit
+corrects this oversight such that memblock_limit is always rounded
+down to pmd-alignment.
+
+Fixes: 965278dcb8ab ("ARM: 8356/1: mm: handle non-pmd-aligned end of RAM")
+Signed-off-by: Doug Berger <opendmb@gmail.com>
+Suggested-by: Mark Rutland <mark.rutland@arm.com>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mm/mmu.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/arm/mm/mmu.c
++++ b/arch/arm/mm/mmu.c
+@@ -1211,15 +1211,15 @@ void __init adjust_lowmem_bounds(void)
+
+ high_memory = __va(arm_lowmem_limit - 1) + 1;
+
++ if (!memblock_limit)
++ memblock_limit = arm_lowmem_limit;
++
+ /*
+ * Round the memblock limit down to a pmd size. This
+ * helps to ensure that we will allocate memory from the
+ * last full pmd, which should be mapped.
+ */
+- if (memblock_limit)
+- memblock_limit = round_down(memblock_limit, PMD_SIZE);
+- if (!memblock_limit)
+- memblock_limit = arm_lowmem_limit;
++ memblock_limit = round_down(memblock_limit, PMD_SIZE);
+
+ if (!IS_ENABLED(CONFIG_HIGHMEM) || cache_is_vipt_aliasing()) {
+ if (memblock_end_of_DRAM() > arm_lowmem_limit) {
--- /dev/null
+From 06e1a5cc570703796ff1bd3a712e8e3b15c6bb0d Mon Sep 17 00:00:00 2001
+From: Adam Ford <aford173@gmail.com>
+Date: Mon, 6 Mar 2017 12:56:55 -0600
+Subject: ARM: dts: OMAP3: Fix MFG ID EEPROM
+
+From: Adam Ford <aford173@gmail.com>
+
+commit 06e1a5cc570703796ff1bd3a712e8e3b15c6bb0d upstream.
+
+The manufacturing information is stored in the EEPROM. This chip
+is an AT24C64 not not (nor has it ever been) 24C02. This patch will
+correctly address the EEPROM to read the entire contents and not just
+256 bytes (of 0xff).
+
+Fixes: 5e3447a29a38 ("ARM: dts: LogicPD Torpedo: Add AT24 EEPROM Support")
+
+Signed-off-by: Adam Ford <aford173@gmail.com>
+Signed-off-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/boot/dts/logicpd-torpedo-som.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/logicpd-torpedo-som.dtsi
++++ b/arch/arm/boot/dts/logicpd-torpedo-som.dtsi
+@@ -121,7 +121,7 @@
+ &i2c3 {
+ clock-frequency = <400000>;
+ at24@50 {
+- compatible = "at24,24c02";
++ compatible = "atmel,24c64";
+ readonly;
+ reg = <0x50>;
+ };
--- /dev/null
+From 04abaf07f6d5cdf22b7a478a86e706dfeeeef960 Mon Sep 17 00:00:00 2001
+From: Dave Gerlach <d-gerlach@ti.com>
+Date: Thu, 30 Mar 2017 14:58:18 -0500
+Subject: ARM: OMAP2+: omap_device: Sync omap_device and pm_runtime after probe defer
+
+From: Dave Gerlach <d-gerlach@ti.com>
+
+commit 04abaf07f6d5cdf22b7a478a86e706dfeeeef960 upstream.
+
+Starting from commit 5de85b9d57ab ("PM / runtime: Re-init runtime PM
+states at probe error and driver unbind") pm_runtime core now changes
+device runtime_status back to after RPM_SUSPENDED after a probe defer.
+Certain OMAP devices make use of "ti,no-idle-on-init" flag which causes
+omap_device_enable to be called during the BUS_NOTIFY_ADD_DEVICE event
+during probe, along with pm_runtime_set_active.
+
+This call to pm_runtime_set_active typically will prevent a call to
+pm_runtime_get in a driver probe function from re-enabling the
+omap_device. However, in the case of a probe defer that happens before
+the driver probe function is able to run, such as a missing pinctrl
+states defer, pm_runtime_reinit will set the device as RPM_SUSPENDED and
+then once driver probe is actually able to run, pm_runtime_get will see
+the device as suspended and call through to the omap_device layer,
+attempting to enable the already enabled omap_device and causing errors
+like this:
+
+omap-gpmc 50000000.gpmc: omap_device: omap_device_enable() called from
+invalid state 1
+omap-gpmc 50000000.gpmc: use pm_runtime_put_sync_suspend() in driver?
+
+We can avoid this error by making sure the pm_runtime status of a device
+matches the omap_device state before a probe attempt. By extending the
+omap_device bus notifier to act on the BUS_NOTIFY_BIND_DRIVER event we
+can check if a device is enabled in omap_device but with a pm_runtime
+status of RPM_SUSPENDED and once again mark the device as RPM_ACTIVE to
+avoid a second incorrect call to omap_device_enable.
+
+Fixes: 5de85b9d57ab ("PM / runtime: Re-init runtime PM states at probe
+error and driver unbind")
+Tested-by: Franklin S Cooper Jr. <fcooper@ti.com>
+Signed-off-by: Dave Gerlach <d-gerlach@ti.com>
+Signed-off-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/mach-omap2/omap_device.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/arch/arm/mach-omap2/omap_device.c
++++ b/arch/arm/mach-omap2/omap_device.c
+@@ -222,6 +222,14 @@ static int _omap_device_notifier_call(st
+ dev_err(dev, "failed to idle\n");
+ }
+ break;
++ case BUS_NOTIFY_BIND_DRIVER:
++ od = to_omap_device(pdev);
++ if (od && (od->_state == OMAP_DEVICE_STATE_ENABLED) &&
++ pm_runtime_status_suspended(dev)) {
++ od->_driver_status = BUS_NOTIFY_BIND_DRIVER;
++ pm_runtime_set_active(dev);
++ }
++ break;
+ case BUS_NOTIFY_ADD_DEVICE:
+ if (pdev->dev.of_node)
+ omap_device_build_from_dt(pdev);
--- /dev/null
+From cb7cf772d83d2d4e6995c5bb9e0fb59aea8f7080 Mon Sep 17 00:00:00 2001
+From: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
+Date: Fri, 26 May 2017 17:40:02 +0100
+Subject: ARM64/ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation
+
+From: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
+
+commit cb7cf772d83d2d4e6995c5bb9e0fb59aea8f7080 upstream.
+
+The BAD_MADT_GICC_ENTRY() macro checks if a GICC MADT entry passes
+muster from an ACPI specification standpoint. Current macro detects the
+MADT GICC entry length through ACPI firmware version (it changed from 76
+to 80 bytes in the transition from ACPI 5.1 to ACPI 6.0 specification)
+but always uses (erroneously) the ACPICA (latest) struct (ie struct
+acpi_madt_generic_interrupt - that is 80-bytes long) length to check if
+the current GICC entry memory record exceeds the MADT table end in
+memory as defined by the MADT table header itself, which may result in
+false negatives depending on the ACPI firmware version and how the MADT
+entries are laid out in memory (ie on ACPI 5.1 firmware MADT GICC
+entries are 76 bytes long, so by adding 80 to a GICC entry start address
+in memory the resulting address may well be past the actual MADT end,
+triggering a false negative).
+
+Fix the BAD_MADT_GICC_ENTRY() macro by reshuffling the condition checks
+and update them to always use the firmware version specific MADT GICC
+entry length in order to carry out boundary checks.
+
+Fixes: b6cfb277378e ("ACPI / ARM64: add BAD_MADT_GICC_ENTRY() macro")
+Reported-by: Julien Grall <julien.grall@arm.com>
+Acked-by: Will Deacon <will.deacon@arm.com>
+Acked-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
+Cc: Julien Grall <julien.grall@arm.com>
+Cc: Hanjun Guo <hanjun.guo@linaro.org>
+Cc: Al Stone <ahs3@redhat.com>
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/include/asm/acpi.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/arm64/include/asm/acpi.h
++++ b/arch/arm64/include/asm/acpi.h
+@@ -22,9 +22,9 @@
+ #define ACPI_MADT_GICC_LENGTH \
+ (acpi_gbl_FADT.header.revision < 6 ? 76 : 80)
+
+-#define BAD_MADT_GICC_ENTRY(entry, end) \
+- (!(entry) || (unsigned long)(entry) + sizeof(*(entry)) > (end) || \
+- (entry)->header.length != ACPI_MADT_GICC_LENGTH)
++#define BAD_MADT_GICC_ENTRY(entry, end) \
++ (!(entry) || (entry)->header.length != ACPI_MADT_GICC_LENGTH || \
++ (unsigned long)(entry) + ACPI_MADT_GICC_LENGTH > (end))
+
+ /* Basic configuration for ACPI */
+ #ifdef CONFIG_ACPI
--- /dev/null
+From 29e09229d9f26129a39462fae0ddabc4d9533989 Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Fri, 17 Feb 2017 08:39:28 +0100
+Subject: netfilter: use skb_to_full_sk in ip_route_me_harder
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 29e09229d9f26129a39462fae0ddabc4d9533989 upstream.
+
+inet_sk(skb->sk) is illegal in case skb is attached to request socket.
+
+Fixes: ca6fb0651883 ("tcp: attach SYNACK messages to request sockets instead of listener")
+Reported by: Daniel J Blueman <daniel@quora.org>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Tested-by: Daniel J Blueman <daniel@quora.org>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/ipv4/netfilter.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/net/ipv4/netfilter.c
++++ b/net/ipv4/netfilter.c
+@@ -23,7 +23,8 @@ int ip_route_me_harder(struct net *net,
+ struct rtable *rt;
+ struct flowi4 fl4 = {};
+ __be32 saddr = iph->saddr;
+- __u8 flags = skb->sk ? inet_sk_flowi_flags(skb->sk) : 0;
++ const struct sock *sk = skb_to_full_sk(skb);
++ __u8 flags = sk ? inet_sk_flowi_flags(sk) : 0;
+ struct net_device *dev = skb_dst(skb)->dev;
+ unsigned int hh_len;
+
+@@ -40,7 +41,7 @@ int ip_route_me_harder(struct net *net,
+ fl4.daddr = iph->daddr;
+ fl4.saddr = saddr;
+ fl4.flowi4_tos = RT_TOS(iph->tos);
+- fl4.flowi4_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0;
++ fl4.flowi4_oif = sk ? sk->sk_bound_dev_if : 0;
+ if (!fl4.flowi4_oif)
+ fl4.flowi4_oif = l3mdev_master_ifindex(dev);
+ fl4.flowi4_mark = skb->mark;
+@@ -61,7 +62,7 @@ int ip_route_me_harder(struct net *net,
+ xfrm_decode_session(skb, flowi4_to_flowi(&fl4), AF_INET) == 0) {
+ struct dst_entry *dst = skb_dst(skb);
+ skb_dst_set(skb, NULL);
+- dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), skb->sk, 0);
++ dst = xfrm_lookup(net, dst, flowi4_to_flowi(&fl4), sk, 0);
+ if (IS_ERR(dst))
+ return PTR_ERR(dst);
+ skb_dst_set(skb, dst);
--- /dev/null
+From 33496c3c3d7b88dcbe5e55aa01288b05646c6aca Mon Sep 17 00:00:00 2001
+From: Junxiao Bi <junxiao.bi@oracle.com>
+Date: Wed, 3 May 2017 14:51:41 -0700
+Subject: ocfs2: o2hb: revert hb threshold to keep compatible
+
+From: Junxiao Bi <junxiao.bi@oracle.com>
+
+commit 33496c3c3d7b88dcbe5e55aa01288b05646c6aca upstream.
+
+Configfs is the interface for ocfs2-tools to set configure to kernel and
+$configfs_dir/cluster/$clustername/heartbeat/dead_threshold is the one
+used to configure heartbeat dead threshold. Kernel has a default value
+of it but user can set O2CB_HEARTBEAT_THRESHOLD in /etc/sysconfig/o2cb
+to override it.
+
+Commit 45b997737a80 ("ocfs2/cluster: use per-attribute show and store
+methods") changed heartbeat dead threshold name while ocfs2-tools did
+not, so ocfs2-tools won't set this configurable and the default value is
+always used. So revert it.
+
+Fixes: 45b997737a80 ("ocfs2/cluster: use per-attribute show and store methods")
+Link: http://lkml.kernel.org/r/1490665245-15374-1-git-send-email-junxiao.bi@oracle.com
+Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
+Acked-by: Joseph Qi <jiangqi903@gmail.com>
+Cc: Mark Fasheh <mfasheh@versity.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ocfs2/cluster/heartbeat.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/fs/ocfs2/cluster/heartbeat.c
++++ b/fs/ocfs2/cluster/heartbeat.c
+@@ -2242,13 +2242,13 @@ unlock:
+ spin_unlock(&o2hb_live_lock);
+ }
+
+-static ssize_t o2hb_heartbeat_group_threshold_show(struct config_item *item,
++static ssize_t o2hb_heartbeat_group_dead_threshold_show(struct config_item *item,
+ char *page)
+ {
+ return sprintf(page, "%u\n", o2hb_dead_threshold);
+ }
+
+-static ssize_t o2hb_heartbeat_group_threshold_store(struct config_item *item,
++static ssize_t o2hb_heartbeat_group_dead_threshold_store(struct config_item *item,
+ const char *page, size_t count)
+ {
+ unsigned long tmp;
+@@ -2297,11 +2297,11 @@ static ssize_t o2hb_heartbeat_group_mode
+
+ }
+
+-CONFIGFS_ATTR(o2hb_heartbeat_group_, threshold);
++CONFIGFS_ATTR(o2hb_heartbeat_group_, dead_threshold);
+ CONFIGFS_ATTR(o2hb_heartbeat_group_, mode);
+
+ static struct configfs_attribute *o2hb_heartbeat_group_attrs[] = {
+- &o2hb_heartbeat_group_attr_threshold,
++ &o2hb_heartbeat_group_attr_dead_threshold,
+ &o2hb_heartbeat_group_attr_mode,
+ NULL,
+ };
--- /dev/null
+From 6308f1787fb85bc98b7241a08a9f7f33b47f8b61 Mon Sep 17 00:00:00 2001
+From: "Andrew F. Davis" <afd@ti.com>
+Date: Fri, 10 Feb 2017 11:55:47 -0600
+Subject: regulator: tps65086: Fix DT node referencing in of_parse_cb
+
+From: Andrew F. Davis <afd@ti.com>
+
+commit 6308f1787fb85bc98b7241a08a9f7f33b47f8b61 upstream.
+
+When we check for additional DT properties in the current node we
+use the device_node passed in with the configuration data, this
+will not point to the correct DT node, use the one passed in
+for this purpose.
+
+Fixes: d2a2e729a666 ("regulator: tps65086: Add regulator driver for the TPS65086 PMIC")
+Reported-by: Steven Kipisz <s-kipisz2@ti.com>
+Signed-off-by: Andrew F. Davis <afd@ti.com>
+Tested-by: Steven Kipisz <s-kipisz2@ti.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/regulator/tps65086-regulator.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/regulator/tps65086-regulator.c
++++ b/drivers/regulator/tps65086-regulator.c
+@@ -161,14 +161,14 @@ static struct tps65086_regulator regulat
+ TPS65086_SWITCH("VTT", "vtt", VTT, TPS65086_SWVTT_EN, BIT(4)),
+ };
+
+-static int tps65086_of_parse_cb(struct device_node *dev,
++static int tps65086_of_parse_cb(struct device_node *node,
+ const struct regulator_desc *desc,
+ struct regulator_config *config)
+ {
+ int ret;
+
+ /* Check for 25mV step mode */
+- if (of_property_read_bool(config->of_node, "ti,regulator-step-size-25mv")) {
++ if (of_property_read_bool(node, "ti,regulator-step-size-25mv")) {
+ switch (desc->id) {
+ case BUCK1:
+ case BUCK2:
+@@ -192,7 +192,7 @@ static int tps65086_of_parse_cb(struct d
+ }
+
+ /* Check for decay mode */
+- if (desc->id <= BUCK6 && of_property_read_bool(config->of_node, "ti,regulator-decay")) {
++ if (desc->id <= BUCK6 && of_property_read_bool(node, "ti,regulator-decay")) {
+ ret = regmap_write_bits(config->regmap,
+ regulators[desc->id].decay_reg,
+ regulators[desc->id].decay_mask,
--- /dev/null
+From 1c47f7c316de38c30b481e1886cc6352c9efdcc1 Mon Sep 17 00:00:00 2001
+From: "Andrew F. Davis" <afd@ti.com>
+Date: Fri, 10 Feb 2017 11:55:46 -0600
+Subject: regulator: tps65086: Fix expected switch DT node names
+
+From: Andrew F. Davis <afd@ti.com>
+
+commit 1c47f7c316de38c30b481e1886cc6352c9efdcc1 upstream.
+
+The three load switches are called SWA1, SWB1, and SWB2. The
+node names describing properties for these are expected to be
+the same, but due to a typo they are not. Fix this here.
+
+Fixes: d2a2e729a666 ("regulator: tps65086: Add regulator driver for the TPS65086 PMIC")
+Reported-by: Steven Kipisz <s-kipisz2@ti.com>
+Signed-off-by: Andrew F. Davis <afd@ti.com>
+Tested-by: Steven Kipisz <s-kipisz2@ti.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/regulator/tps65086-regulator.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/regulator/tps65086-regulator.c
++++ b/drivers/regulator/tps65086-regulator.c
+@@ -156,8 +156,8 @@ static struct tps65086_regulator regulat
+ VDOA23_VID_MASK, TPS65086_LDOA3CTRL, BIT(0),
+ tps65086_ldoa23_ranges, 0, 0),
+ TPS65086_SWITCH("SWA1", "swa1", SWA1, TPS65086_SWVTT_EN, BIT(5)),
+- TPS65086_SWITCH("SWB1", "swa2", SWB1, TPS65086_SWVTT_EN, BIT(6)),
+- TPS65086_SWITCH("SWB2", "swa3", SWB2, TPS65086_SWVTT_EN, BIT(7)),
++ TPS65086_SWITCH("SWB1", "swb1", SWB1, TPS65086_SWVTT_EN, BIT(6)),
++ TPS65086_SWITCH("SWB2", "swb2", SWB2, TPS65086_SWVTT_EN, BIT(7)),
+ TPS65086_SWITCH("VTT", "vtt", VTT, TPS65086_SWVTT_EN, BIT(4)),
+ };
+
--- /dev/null
+From 6e5f32f7a43f45ee55c401c0b9585eb01f9629a8 Mon Sep 17 00:00:00 2001
+From: Matt Fleming <matt@codeblueprint.co.uk>
+Date: Fri, 17 Feb 2017 12:07:30 +0000
+Subject: sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting
+
+From: Matt Fleming <matt@codeblueprint.co.uk>
+
+commit 6e5f32f7a43f45ee55c401c0b9585eb01f9629a8 upstream.
+
+If we crossed a sample window while in NO_HZ we will add LOAD_FREQ to
+the pending sample window time on exit, setting the next update not
+one window into the future, but two.
+
+This situation on exiting NO_HZ is described by:
+
+ this_rq->calc_load_update < jiffies < calc_load_update
+
+In this scenario, what we should be doing is:
+
+ this_rq->calc_load_update = calc_load_update [ next window ]
+
+But what we actually do is:
+
+ this_rq->calc_load_update = calc_load_update + LOAD_FREQ [ next+1 window ]
+
+This has the effect of delaying load average updates for potentially
+up to ~9seconds.
+
+This can result in huge spikes in the load average values due to
+per-cpu uninterruptible task counts being out of sync when accumulated
+across all CPUs.
+
+It's safe to update the per-cpu active count if we wake between sample
+windows because any load that we left in 'calc_load_idle' will have
+been zero'd when the idle load was folded in calc_global_load().
+
+This issue is easy to reproduce before,
+
+ commit 9d89c257dfb9 ("sched/fair: Rewrite runnable load and utilization average tracking")
+
+just by forking short-lived process pipelines built from ps(1) and
+grep(1) in a loop. I'm unable to reproduce the spikes after that
+commit, but the bug still seems to be present from code review.
+
+Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Frederic Weisbecker <fweisbec@gmail.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Mike Galbraith <efault@gmx.de>
+Cc: Mike Galbraith <umgwanakikbuti@gmail.com>
+Cc: Morten Rasmussen <morten.rasmussen@arm.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: Vincent Guittot <vincent.guittot@linaro.org>
+Fixes: commit 5167e8d ("sched/nohz: Rewrite and fix load-avg computation -- again")
+Link: http://lkml.kernel.org/r/20170217120731.11868-2-matt@codeblueprint.co.uk
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/loadavg.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/sched/loadavg.c
++++ b/kernel/sched/loadavg.c
+@@ -201,8 +201,9 @@ void calc_load_exit_idle(void)
+ struct rq *this_rq = this_rq();
+
+ /*
+- * If we're still before the sample window, we're done.
++ * If we're still before the pending sample window, we're done.
+ */
++ this_rq->calc_load_update = calc_load_update;
+ if (time_before(jiffies, this_rq->calc_load_update))
+ return;
+
+@@ -211,7 +212,6 @@ void calc_load_exit_idle(void)
+ * accounted through the nohz accounting, so skip the entire deal and
+ * sync up for the next window.
+ */
+- this_rq->calc_load_update = calc_load_update;
+ if (time_before(jiffies, this_rq->calc_load_update + 10))
+ this_rq->calc_load_update += LOAD_FREQ;
+ }
xfrm-fix-stack-access-out-of-bounds-with-config_xfrm_sub_policy.patch
xfrm-null-dereference-on-allocation-failure.patch
xfrm-oops-on-error-in-pfkey_msg2xfrm_state.patch
+netfilter-use-skb_to_full_sk-in-ip_route_me_harder.patch
+watchdog-bcm281xx-fix-use-of-uninitialized-spinlock.patch
+sched-loadavg-avoid-loadavg-spikes-caused-by-delayed-no_hz-accounting.patch
+spi-when-no-dma_chan-map-buffers-with-spi_master-s-parent.patch
+spi-fix-device-node-leaks.patch
+regulator-tps65086-fix-expected-switch-dt-node-names.patch
+regulator-tps65086-fix-dt-node-referencing-in-of_parse_cb.patch
+arm-omap2-omap_device-sync-omap_device-and-pm_runtime-after-probe-defer.patch
+arm-dts-omap3-fix-mfg-id-eeprom.patch
+arm64-acpi-fix-bad_madt_gicc_entry-macro-implementation.patch
+arm-8685-1-ensure-memblock-limit-is-pmd-aligned.patch
+tools-arch-sync-arch-x86-lib-memcpy_64.s-with-the-kernel.patch
+x86-boot-kaslr-fix-kexec-crash-due-to-virt_addr-calculation-bug.patch
+x86-mpx-correctly-report-do_mpx_bt_fault-failures-to-user-space.patch
+x86-mm-fix-flush_tlb_page-on-xen.patch
+ocfs2-o2hb-revert-hb-threshold-to-keep-compatible.patch
--- /dev/null
+From 8324147f38019865b29d03baf28412d2ec0bd828 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Mon, 30 Jan 2017 17:47:05 +0100
+Subject: spi: fix device-node leaks
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 8324147f38019865b29d03baf28412d2ec0bd828 upstream.
+
+Make sure to release the device-node reference taken in
+of_register_spi_device() on errors and when deregistering the device.
+
+Fixes: 284b01897340 ("spi: Add OF binding support for SPI busses")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/spi/spi.c
++++ b/drivers/spi/spi.c
+@@ -621,8 +621,10 @@ void spi_unregister_device(struct spi_de
+ if (!spi)
+ return;
+
+- if (spi->dev.of_node)
++ if (spi->dev.of_node) {
+ of_node_clear_flag(spi->dev.of_node, OF_POPULATED);
++ of_node_put(spi->dev.of_node);
++ }
+ if (ACPI_COMPANION(&spi->dev))
+ acpi_device_clear_enumerated(ACPI_COMPANION(&spi->dev));
+ device_unregister(&spi->dev);
+@@ -1589,11 +1591,13 @@ of_register_spi_device(struct spi_master
+ if (rc) {
+ dev_err(&master->dev, "spi_device register error %s\n",
+ nc->full_name);
+- goto err_out;
++ goto err_of_node_put;
+ }
+
+ return spi;
+
++err_of_node_put:
++ of_node_put(nc);
+ err_out:
+ spi_dev_put(spi);
+ return ERR_PTR(rc);
--- /dev/null
+From 88b0aa544af58ce3be125a1845a227264ec9ab89 Mon Sep 17 00:00:00 2001
+From: Daniel Kurtz <djkurtz@chromium.org>
+Date: Fri, 27 Jan 2017 00:21:53 +0800
+Subject: spi: When no dma_chan map buffers with spi_master's parent
+
+From: Daniel Kurtz <djkurtz@chromium.org>
+
+commit 88b0aa544af58ce3be125a1845a227264ec9ab89 upstream.
+
+Back before commit 1dccb598df54 ("arm64: simplify dma_get_ops"), for
+arm64, devices for which dma_ops were not explicitly set were automatically
+configured to use swiotlb_dma_ops, since this was hard-coded as the
+global "dma_ops" in arm64_dma_init().
+
+Now that global "dma_ops" has been removed, all devices much have their
+dma_ops explicitly set by a call to arch_setup_dma_ops(), otherwise the
+device is assigned dummy_dma_ops, and thus calls to map_sg for such a
+device will fail (return 0).
+
+Mediatek SPI uses DMA but does not use a dma channel. Support for this
+was added by commit c37f45b5f1cd ("spi: support spi without dma channel
+to use can_dma()"), which uses the master_spi dev to DMA map buffers.
+
+The master_spi device is not a platform device, rather it is created
+in spi_alloc_device(), and therefore its dma_ops are never set.
+
+Therefore, when the mediatek SPI driver when it does DMA (for large SPI
+transactions > 32 bytes), SPI will use spi_map_buf()->dma_map_sg() to
+map the buffer for use in DMA. But dma_map_sg()->dma_map_sg_attrs() returns
+0, because ops->map_sg is dummy_dma_ops->__dummy_map_sg, and hence
+spi_map_buf() returns -ENOMEM (-12).
+
+Fix this by using the real spi_master's parent device which should be a
+real physical device with DMA properties.
+
+Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
+Fixes: c37f45b5f1cd ("spi: support spi without dma channel to use can_dma()")
+Cc: Leilk Liu <leilk.liu@mediatek.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/spi/spi.c
++++ b/drivers/spi/spi.c
+@@ -797,12 +797,12 @@ static int __spi_map_msg(struct spi_mast
+ if (master->dma_tx)
+ tx_dev = master->dma_tx->device->dev;
+ else
+- tx_dev = &master->dev;
++ tx_dev = master->dev.parent;
+
+ if (master->dma_rx)
+ rx_dev = master->dma_rx->device->dev;
+ else
+- rx_dev = &master->dev;
++ rx_dev = master->dev.parent;
+
+ list_for_each_entry(xfer, &msg->transfers, transfer_list) {
+ if (!master->can_dma(master, msg->spi, xfer))
+@@ -844,12 +844,12 @@ static int __spi_unmap_msg(struct spi_ma
+ if (master->dma_tx)
+ tx_dev = master->dma_tx->device->dev;
+ else
+- tx_dev = &master->dev;
++ tx_dev = master->dev.parent;
+
+ if (master->dma_rx)
+ rx_dev = master->dma_rx->device->dev;
+ else
+- rx_dev = &master->dev;
++ rx_dev = master->dev.parent;
+
+ list_for_each_entry(xfer, &msg->transfers, transfer_list) {
+ if (!master->can_dma(master, msg->spi, xfer))
--- /dev/null
+From e883d09c9eb2ffddfd057c17e6a0cef446ec8c9b Mon Sep 17 00:00:00 2001
+From: Arnaldo Carvalho de Melo <acme@redhat.com>
+Date: Mon, 24 Apr 2017 11:58:54 -0300
+Subject: tools arch: Sync arch/x86/lib/memcpy_64.S with the kernel
+
+From: Arnaldo Carvalho de Melo <acme@redhat.com>
+
+commit e883d09c9eb2ffddfd057c17e6a0cef446ec8c9b upstream.
+
+Just a minor fix done in:
+
+ Fixes: 26a37ab319a2 ("x86/mce: Fix copy/paste error in exception table entries")
+
+Cc: Tony Luck <tony.luck@intel.com>
+Link: http://lkml.kernel.org/n/tip-ni9jzdd5yxlail6pq8cuexw2@git.kernel.org
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/arch/x86/lib/memcpy_64.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/arch/x86/lib/memcpy_64.S
++++ b/tools/arch/x86/lib/memcpy_64.S
+@@ -286,7 +286,7 @@ ENDPROC(memcpy_mcsafe_unrolled)
+ _ASM_EXTABLE_FAULT(.L_copy_leading_bytes, .L_memcpy_mcsafe_fail)
+ _ASM_EXTABLE_FAULT(.L_cache_w0, .L_memcpy_mcsafe_fail)
+ _ASM_EXTABLE_FAULT(.L_cache_w1, .L_memcpy_mcsafe_fail)
+- _ASM_EXTABLE_FAULT(.L_cache_w3, .L_memcpy_mcsafe_fail)
++ _ASM_EXTABLE_FAULT(.L_cache_w2, .L_memcpy_mcsafe_fail)
+ _ASM_EXTABLE_FAULT(.L_cache_w3, .L_memcpy_mcsafe_fail)
+ _ASM_EXTABLE_FAULT(.L_cache_w4, .L_memcpy_mcsafe_fail)
+ _ASM_EXTABLE_FAULT(.L_cache_w5, .L_memcpy_mcsafe_fail)
--- /dev/null
+From fedf266f9955d9a019643cde199a2fd9a0259f6f Mon Sep 17 00:00:00 2001
+From: Eric Anholt <eric@anholt.net>
+Date: Thu, 27 Apr 2017 18:02:32 -0700
+Subject: watchdog: bcm281xx: Fix use of uninitialized spinlock.
+
+From: Eric Anholt <eric@anholt.net>
+
+commit fedf266f9955d9a019643cde199a2fd9a0259f6f upstream.
+
+The bcm_kona_wdt_set_resolution_reg() call takes the spinlock, so
+initialize it earlier. Fixes a warning at boot with lock debugging
+enabled.
+
+Fixes: 6adb730dc208 ("watchdog: bcm281xx: Watchdog Driver")
+Signed-off-by: Eric Anholt <eric@anholt.net>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Reviewed-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/watchdog/bcm_kona_wdt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/watchdog/bcm_kona_wdt.c
++++ b/drivers/watchdog/bcm_kona_wdt.c
+@@ -304,6 +304,8 @@ static int bcm_kona_wdt_probe(struct pla
+ if (!wdt)
+ return -ENOMEM;
+
++ spin_lock_init(&wdt->lock);
++
+ res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
+ wdt->base = devm_ioremap_resource(dev, res);
+ if (IS_ERR(wdt->base))
+@@ -316,7 +318,6 @@ static int bcm_kona_wdt_probe(struct pla
+ return ret;
+ }
+
+- spin_lock_init(&wdt->lock);
+ platform_set_drvdata(pdev, wdt);
+ watchdog_set_drvdata(&bcm_kona_wdt_wdd, wdt);
+ bcm_kona_wdt_wdd.parent = &pdev->dev;
--- /dev/null
+From 8eabf42ae5237e6b699aeac687b5b629e3537c8d Mon Sep 17 00:00:00 2001
+From: Baoquan He <bhe@redhat.com>
+Date: Tue, 27 Jun 2017 20:39:06 +0800
+Subject: x86/boot/KASLR: Fix kexec crash due to 'virt_addr' calculation bug
+
+From: Baoquan He <bhe@redhat.com>
+
+commit 8eabf42ae5237e6b699aeac687b5b629e3537c8d upstream.
+
+Kernel text KASLR is separated into physical address and virtual
+address randomization. And for virtual address randomization, we
+only randomiza to get an offset between 16M and KERNEL_IMAGE_SIZE.
+So the initial value of 'virt_addr' should be LOAD_PHYSICAL_ADDR,
+but not the original kernel loading address 'output'.
+
+The bug will cause kernel boot failure if kernel is loaded at a different
+position than the address, 16M, which is decided at compiled time.
+Kexec/kdump is such practical case.
+
+To fix it, just assign LOAD_PHYSICAL_ADDR to virt_addr as initial
+value.
+
+Tested-by: Dave Young <dyoung@redhat.com>
+Signed-off-by: Baoquan He <bhe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: 8391c73 ("x86/KASLR: Randomize virtual address separately")
+Link: http://lkml.kernel.org/r/1498567146-11990-3-git-send-email-bhe@redhat.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/boot/compressed/kaslr.c | 3 ---
+ arch/x86/boot/compressed/misc.c | 4 ++--
+ arch/x86/boot/compressed/misc.h | 2 --
+ 3 files changed, 2 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/boot/compressed/kaslr.c
++++ b/arch/x86/boot/compressed/kaslr.c
+@@ -430,9 +430,6 @@ void choose_random_location(unsigned lon
+ {
+ unsigned long random_addr, min_addr;
+
+- /* By default, keep output position unchanged. */
+- *virt_addr = *output;
+-
+ if (cmdline_find_option_bool("nokaslr")) {
+ warn("KASLR disabled: 'nokaslr' on cmdline.");
+ return;
+--- a/arch/x86/boot/compressed/misc.c
++++ b/arch/x86/boot/compressed/misc.c
+@@ -338,7 +338,7 @@ asmlinkage __visible void *extract_kerne
+ unsigned long output_len)
+ {
+ const unsigned long kernel_total_size = VO__end - VO__text;
+- unsigned long virt_addr = (unsigned long)output;
++ unsigned long virt_addr = LOAD_PHYSICAL_ADDR;
+
+ /* Retain x86 boot parameters pointer passed from startup_32/64. */
+ boot_params = rmode;
+@@ -397,7 +397,7 @@ asmlinkage __visible void *extract_kerne
+ #ifndef CONFIG_RELOCATABLE
+ if ((unsigned long)output != LOAD_PHYSICAL_ADDR)
+ error("Destination address does not match LOAD_PHYSICAL_ADDR");
+- if ((unsigned long)output != virt_addr)
++ if (virt_addr != LOAD_PHYSICAL_ADDR)
+ error("Destination virtual address changed when not relocatable");
+ #endif
+
+--- a/arch/x86/boot/compressed/misc.h
++++ b/arch/x86/boot/compressed/misc.h
+@@ -81,8 +81,6 @@ static inline void choose_random_locatio
+ unsigned long output_size,
+ unsigned long *virt_addr)
+ {
+- /* No change from existing output location. */
+- *virt_addr = *output;
+ }
+ #endif
+
--- /dev/null
+From dbd68d8e84c606673ebbcf15862f8c155fa92326 Mon Sep 17 00:00:00 2001
+From: Andy Lutomirski <luto@kernel.org>
+Date: Sat, 22 Apr 2017 00:01:22 -0700
+Subject: x86/mm: Fix flush_tlb_page() on Xen
+
+From: Andy Lutomirski <luto@kernel.org>
+
+commit dbd68d8e84c606673ebbcf15862f8c155fa92326 upstream.
+
+flush_tlb_page() passes a bogus range to flush_tlb_others() and
+expects the latter to fix it up. native_flush_tlb_others() has the
+fixup but Xen's version doesn't. Move the fixup to
+flush_tlb_others().
+
+AFAICS the only real effect is that, without this fix, Xen would
+flush everything instead of just the one page on remote vCPUs in
+when flush_tlb_page() was called.
+
+Signed-off-by: Andy Lutomirski <luto@kernel.org>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Juergen Gross <jgross@suse.com>
+Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Michal Hocko <mhocko@suse.com>
+Cc: Nadav Amit <namit@vmware.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: e7b52ffd45a6 ("x86/flush_tlb: try flush_tlb_single one by one in flush_tlb_range")
+Link: http://lkml.kernel.org/r/10ed0e4dfea64daef10b87fb85df1746999b4dba.1492844372.git.luto@kernel.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/mm/tlb.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/arch/x86/mm/tlb.c
++++ b/arch/x86/mm/tlb.c
+@@ -263,8 +263,6 @@ void native_flush_tlb_others(const struc
+ {
+ struct flush_tlb_info info;
+
+- if (end == 0)
+- end = start + PAGE_SIZE;
+ info.flush_mm = mm;
+ info.flush_start = start;
+ info.flush_end = end;
+@@ -393,7 +391,7 @@ void flush_tlb_page(struct vm_area_struc
+ }
+
+ if (cpumask_any_but(mm_cpumask(mm), smp_processor_id()) < nr_cpu_ids)
+- flush_tlb_others(mm_cpumask(mm), mm, start, 0UL);
++ flush_tlb_others(mm_cpumask(mm), mm, start, start + PAGE_SIZE);
+
+ preempt_enable();
+ }
--- /dev/null
+From 5ed386ec09a5d75bcf073967e55e895c2607a5c3 Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <jroedel@suse.de>
+Date: Thu, 6 Apr 2017 16:19:22 +0200
+Subject: x86/mpx: Correctly report do_mpx_bt_fault() failures to user-space
+
+From: Joerg Roedel <jroedel@suse.de>
+
+commit 5ed386ec09a5d75bcf073967e55e895c2607a5c3 upstream.
+
+When this function fails it just sends a SIGSEGV signal to
+user-space using force_sig(). This signal is missing
+essential information about the cause, e.g. the trap_nr or
+an error code.
+
+Fix this by propagating the error to the only caller of
+mpx_handle_bd_fault(), do_bounds(), which sends the correct
+SIGSEGV signal to the process.
+
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Cc: Andy Lutomirski <luto@kernel.org>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: Brian Gerst <brgerst@gmail.com>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: Denys Vlasenko <dvlasenk@redhat.com>
+Cc: H. Peter Anvin <hpa@zytor.com>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Fixes: fe3d197f84319 ('x86, mpx: On-demand kernel allocation of bounds tables')
+Link: http://lkml.kernel.org/r/1491488362-27198-1-git-send-email-joro@8bytes.org
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/mm/mpx.c | 10 +---------
+ 1 file changed, 1 insertion(+), 9 deletions(-)
+
+--- a/arch/x86/mm/mpx.c
++++ b/arch/x86/mm/mpx.c
+@@ -525,15 +525,7 @@ int mpx_handle_bd_fault(void)
+ if (!kernel_managing_mpx_tables(current->mm))
+ return -EINVAL;
+
+- if (do_mpx_bt_fault()) {
+- force_sig(SIGSEGV, current);
+- /*
+- * The force_sig() is essentially "handling" this
+- * exception, so we do not pass up the error
+- * from do_mpx_bt_fault().
+- */
+- }
+- return 0;
++ return do_mpx_bt_fault();
+ }
+
+ /*
projects / thirdparty / kernel / stable-queue.git / commitdiff
