--- /dev/null
+From bb490825271f8d29c154b77febc840ccb8c0dd79 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 2 Apr 2019 23:28:56 -0700
+Subject: iio: imu: mpu6050: Fix FIFO layout for ICM20602
+
+From: Steve Moskovchenko <stevemo@skydio.com>
+
+[ Upstream commit 1615fe41a1959a2ee2814ba62736b2bb54e9802a ]
+
+The MPU6050 driver has recently gained support for the
+ICM20602 IMU, which is very similar to MPU6xxx. However,
+the ICM20602's FIFO data specifically includes temperature
+readings, which were not present on MPU6xxx parts. As a
+result, the driver will under-read the ICM20602's FIFO
+register, causing the same (partial) sample to be returned
+for all reads, until the FIFO overflows.
+
+Fix this by adding a table of scan elements specifically
+for the ICM20602, which takes the extra temperature data
+into consideration.
+
+While we're at it, fix the temperature offset and scaling
+on ICM20602, since it uses different scale/offset constants
+than the rest of the MPU6xxx devices.
+
+Signed-off-by: Steve Moskovchenko <stevemo@skydio.com>
+Fixes: 22904bdff978 ("iio: imu: mpu6050: Add support for the ICM 20602 IMU")
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/iio/imu/inv_mpu6050/inv_mpu_core.c | 46 ++++++++++++++++++++--
+ drivers/iio/imu/inv_mpu6050/inv_mpu_iio.h | 20 +++++++++-
+ drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 3 ++
+ 3 files changed, 64 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c
+index ea099523e0355..baba8e5459d00 100644
+--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c
++++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_core.c
+@@ -479,7 +479,10 @@ inv_mpu6050_read_raw(struct iio_dev *indio_dev,
+ return IIO_VAL_INT_PLUS_MICRO;
+ case IIO_TEMP:
+ *val = 0;
+- *val2 = INV_MPU6050_TEMP_SCALE;
++ if (st->chip_type == INV_ICM20602)
++ *val2 = INV_ICM20602_TEMP_SCALE;
++ else
++ *val2 = INV_MPU6050_TEMP_SCALE;
+
+ return IIO_VAL_INT_PLUS_MICRO;
+ default:
+@@ -488,7 +491,10 @@ inv_mpu6050_read_raw(struct iio_dev *indio_dev,
+ case IIO_CHAN_INFO_OFFSET:
+ switch (chan->type) {
+ case IIO_TEMP:
+- *val = INV_MPU6050_TEMP_OFFSET;
++ if (st->chip_type == INV_ICM20602)
++ *val = INV_ICM20602_TEMP_OFFSET;
++ else
++ *val = INV_MPU6050_TEMP_OFFSET;
+
+ return IIO_VAL_INT;
+ default:
+@@ -853,6 +859,32 @@ static const struct iio_chan_spec inv_mpu_channels[] = {
+ INV_MPU6050_CHAN(IIO_ACCEL, IIO_MOD_Z, INV_MPU6050_SCAN_ACCL_Z),
+ };
+
++static const struct iio_chan_spec inv_icm20602_channels[] = {
++ IIO_CHAN_SOFT_TIMESTAMP(INV_ICM20602_SCAN_TIMESTAMP),
++ {
++ .type = IIO_TEMP,
++ .info_mask_separate = BIT(IIO_CHAN_INFO_RAW)
++ | BIT(IIO_CHAN_INFO_OFFSET)
++ | BIT(IIO_CHAN_INFO_SCALE),
++ .scan_index = INV_ICM20602_SCAN_TEMP,
++ .scan_type = {
++ .sign = 's',
++ .realbits = 16,
++ .storagebits = 16,
++ .shift = 0,
++ .endianness = IIO_BE,
++ },
++ },
++
++ INV_MPU6050_CHAN(IIO_ANGL_VEL, IIO_MOD_X, INV_ICM20602_SCAN_GYRO_X),
++ INV_MPU6050_CHAN(IIO_ANGL_VEL, IIO_MOD_Y, INV_ICM20602_SCAN_GYRO_Y),
++ INV_MPU6050_CHAN(IIO_ANGL_VEL, IIO_MOD_Z, INV_ICM20602_SCAN_GYRO_Z),
++
++ INV_MPU6050_CHAN(IIO_ACCEL, IIO_MOD_Y, INV_ICM20602_SCAN_ACCL_Y),
++ INV_MPU6050_CHAN(IIO_ACCEL, IIO_MOD_X, INV_ICM20602_SCAN_ACCL_X),
++ INV_MPU6050_CHAN(IIO_ACCEL, IIO_MOD_Z, INV_ICM20602_SCAN_ACCL_Z),
++};
++
+ /*
+ * The user can choose any frequency between INV_MPU6050_MIN_FIFO_RATE and
+ * INV_MPU6050_MAX_FIFO_RATE, but only these frequencies are matched by the
+@@ -1053,8 +1085,14 @@ int inv_mpu_core_probe(struct regmap *regmap, int irq, const char *name,
+ indio_dev->name = name;
+ else
+ indio_dev->name = dev_name(dev);
+- indio_dev->channels = inv_mpu_channels;
+- indio_dev->num_channels = ARRAY_SIZE(inv_mpu_channels);
++
++ if (chip_type == INV_ICM20602) {
++ indio_dev->channels = inv_icm20602_channels;
++ indio_dev->num_channels = ARRAY_SIZE(inv_icm20602_channels);
++ } else {
++ indio_dev->channels = inv_mpu_channels;
++ indio_dev->num_channels = ARRAY_SIZE(inv_mpu_channels);
++ }
+
+ indio_dev->info = &mpu_info;
+ indio_dev->modes = INDIO_BUFFER_TRIGGERED;
+diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_iio.h b/drivers/iio/imu/inv_mpu6050/inv_mpu_iio.h
+index e56c1d191ae46..6ef872f97c175 100644
+--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_iio.h
++++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_iio.h
+@@ -208,6 +208,9 @@ struct inv_mpu6050_state {
+ #define INV_MPU6050_BYTES_PER_3AXIS_SENSOR 6
+ #define INV_MPU6050_FIFO_COUNT_BYTE 2
+
++/* ICM20602 FIFO samples include temperature readings */
++#define INV_ICM20602_BYTES_PER_TEMP_SENSOR 2
++
+ /* mpu6500 registers */
+ #define INV_MPU6500_REG_ACCEL_CONFIG_2 0x1D
+ #define INV_MPU6500_REG_ACCEL_OFFSET 0x77
+@@ -229,6 +232,9 @@ struct inv_mpu6050_state {
+ #define INV_MPU6050_GYRO_CONFIG_FSR_SHIFT 3
+ #define INV_MPU6050_ACCL_CONFIG_FSR_SHIFT 3
+
++#define INV_ICM20602_TEMP_OFFSET 8170
++#define INV_ICM20602_TEMP_SCALE 3060
++
+ /* 6 + 6 round up and plus 8 */
+ #define INV_MPU6050_OUTPUT_DATA_SIZE 24
+
+@@ -270,7 +276,7 @@ struct inv_mpu6050_state {
+ #define INV_ICM20608_WHOAMI_VALUE 0xAF
+ #define INV_ICM20602_WHOAMI_VALUE 0x12
+
+-/* scan element definition */
++/* scan element definition for generic MPU6xxx devices */
+ enum inv_mpu6050_scan {
+ INV_MPU6050_SCAN_ACCL_X,
+ INV_MPU6050_SCAN_ACCL_Y,
+@@ -281,6 +287,18 @@ enum inv_mpu6050_scan {
+ INV_MPU6050_SCAN_TIMESTAMP,
+ };
+
++/* scan element definition for ICM20602, which includes temperature */
++enum inv_icm20602_scan {
++ INV_ICM20602_SCAN_ACCL_X,
++ INV_ICM20602_SCAN_ACCL_Y,
++ INV_ICM20602_SCAN_ACCL_Z,
++ INV_ICM20602_SCAN_TEMP,
++ INV_ICM20602_SCAN_GYRO_X,
++ INV_ICM20602_SCAN_GYRO_Y,
++ INV_ICM20602_SCAN_GYRO_Z,
++ INV_ICM20602_SCAN_TIMESTAMP,
++};
++
+ enum inv_mpu6050_filter_e {
+ INV_MPU6050_FILTER_256HZ_NOLPF2 = 0,
+ INV_MPU6050_FILTER_188HZ,
+diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c
+index 4f9c2765aa23f..0e54f2d54bd70 100644
+--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c
++++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c
+@@ -204,6 +204,9 @@ irqreturn_t inv_mpu6050_read_fifo(int irq, void *p)
+ if (st->chip_config.gyro_fifo_enable)
+ bytes_per_datum += INV_MPU6050_BYTES_PER_3AXIS_SENSOR;
+
++ if (st->chip_type == INV_ICM20602)
++ bytes_per_datum += INV_ICM20602_BYTES_PER_TEMP_SENSOR;
++
+ /*
+ * read fifo_count register to know how many bytes are inside the FIFO
+ * right now
+--
+2.20.1
+
--- /dev/null
+From 3d474267252fc00f03ede87bb9b7f5533141089b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 4 Nov 2019 21:38:43 -0800
+Subject: net: prevent load/store tearing on sk->sk_stamp
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit f75359f3ac855940c5718af10ba089b8977bf339 ]
+
+Add a couple of READ_ONCE() and WRITE_ONCE() to prevent
+load-tearing and store-tearing in sock_read_timestamp()
+and sock_write_timestamp()
+
+This might prevent another KCSAN report.
+
+Fixes: 3a0ed3e96197 ("sock: Make sock->sk_stamp thread-safe")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Deepa Dinamani <deepa.kernel@gmail.com>
+Acked-by: Deepa Dinamani <deepa.kernel@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/net/sock.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/net/sock.h b/include/net/sock.h
+index 05e8faa84717f..0252c0d003104 100644
+--- a/include/net/sock.h
++++ b/include/net/sock.h
+@@ -2318,7 +2318,7 @@ static inline ktime_t sock_read_timestamp(struct sock *sk)
+
+ return kt;
+ #else
+- return sk->sk_stamp;
++ return READ_ONCE(sk->sk_stamp);
+ #endif
+ }
+
+@@ -2329,7 +2329,7 @@ static inline void sock_write_timestamp(struct sock *sk, ktime_t kt)
+ sk->sk_stamp = kt;
+ write_sequnlock(&sk->sk_stamp_seq);
+ #else
+- sk->sk_stamp = kt;
++ WRITE_ONCE(sk->sk_stamp, kt);
+ #endif
+ }
+
+--
+2.20.1
+
--- /dev/null
+From eacbff422794191ab65afe8510310289fb51d7db Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 10 Oct 2019 19:18:14 +0200
+Subject: netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets
+
+From: Stefano Brivio <sbrivio@redhat.com>
+
+[ Upstream commit 97664bc2c77e2b65cdedddcae2643fc93291d958 ]
+
+Same as commit 1b4a75108d5b ("netfilter: ipset: Copy the right MAC
+address in bitmap:ip,mac and hash:ip,mac sets"), another copy and paste
+went wrong in commit 8cc4ccf58379 ("netfilter: ipset: Allow matching on
+destination MAC address for mac and ipmac sets").
+
+When I fixed this for IPv4 in 1b4a75108d5b, I didn't realise that
+hash:ip,mac sets also support IPv6 as family, and this is covered by a
+separate function, hash_ipmac6_kadt().
+
+In hash:ip,mac sets, the first dimension is the IP address, and the
+second dimension is the MAC address: check the IPSET_DIM_TWO_SRC flag
+in flags while deciding which MAC address to copy, destination or
+source.
+
+This way, mixing source and destination matches for the two dimensions
+of ip,mac hash type works as expected, also for IPv6. With this setup:
+
+ ip netns add A
+ ip link add veth1 type veth peer name veth2 netns A
+ ip addr add 2001:db8::1/64 dev veth1
+ ip -net A addr add 2001:db8::2/64 dev veth2
+ ip link set veth1 up
+ ip -net A link set veth2 up
+
+ dst=$(ip netns exec A cat /sys/class/net/veth2/address)
+
+ ip netns exec A ipset create test_hash hash:ip,mac family inet6
+ ip netns exec A ipset add test_hash 2001:db8::1,${dst}
+ ip netns exec A ip6tables -A INPUT -p icmpv6 --icmpv6-type 135 -j ACCEPT
+ ip netns exec A ip6tables -A INPUT -m set ! --match-set test_hash src,dst -j DROP
+
+ipset now correctly matches a test packet:
+
+ # ping -c1 2001:db8::2 >/dev/null
+ # echo $?
+ 0
+
+Reported-by: Chen, Yi <yiche@redhat.com>
+Fixes: 8cc4ccf58379 ("netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets")
+Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
+Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/ipset/ip_set_hash_ipmac.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/netfilter/ipset/ip_set_hash_ipmac.c b/net/netfilter/ipset/ip_set_hash_ipmac.c
+index 25560ea742d66..f2c2f72e2fffc 100644
+--- a/net/netfilter/ipset/ip_set_hash_ipmac.c
++++ b/net/netfilter/ipset/ip_set_hash_ipmac.c
+@@ -212,7 +212,7 @@ hash_ipmac6_kadt(struct ip_set *set, const struct sk_buff *skb,
+ (skb_mac_header(skb) + ETH_HLEN) > skb->data)
+ return -EINVAL;
+
+- if (opt->flags & IPSET_DIM_ONE_SRC)
++ if (opt->flags & IPSET_DIM_TWO_SRC)
+ ether_addr_copy(e.ether, eth_hdr(skb)->h_source);
+ else
+ ether_addr_copy(e.ether, eth_hdr(skb)->h_dest);
+--
+2.20.1
+
iio-imu-inv_mpu6050-fix-no-data-on-mpu6050.patch
mm-filemap.c-don-t-initiate-writeback-if-mapping-has-no-dirty-pages.patch
cgroup-writeback-don-t-switch-wbs-immediately-on-dead-wbs-if-the-memcg-is-dead.patch
+usbip-fix-free-of-unallocated-memory-in-vhci-tx.patch
+netfilter-ipset-copy-the-right-mac-address-in-hash-i.patch
+net-prevent-load-store-tearing-on-sk-sk_stamp.patch
+iio-imu-mpu6050-fix-fifo-layout-for-icm20602.patch
+vsock-virtio-fix-sock-refcnt-holding-during-the-shut.patch
--- /dev/null
+From 604acb43f872c071848f3aedb8ad4c1d6a397747 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 22 Oct 2019 18:30:17 +0900
+Subject: usbip: Fix free of unallocated memory in vhci tx
+
+From: Suwan Kim <suwan.kim027@gmail.com>
+
+[ Upstream commit d4d8257754c3300ea2a465dadf8d2b02c713c920 ]
+
+iso_buffer should be set to NULL after use and free in the while loop.
+In the case of isochronous URB in the while loop, iso_buffer is
+allocated and after sending it to server, buffer is deallocated. And
+then, if the next URB in the while loop is not a isochronous pipe,
+iso_buffer still holds the previously deallocated buffer address and
+kfree tries to free wrong buffer address.
+
+Fixes: ea44d190764b ("usbip: Implement SG support to vhci-hcd and stub driver")
+Reported-by: kbuild test robot <lkp@intel.com>
+Reported-by: Julia Lawall <julia.lawall@lip6.fr>
+Signed-off-by: Suwan Kim <suwan.kim027@gmail.com>
+Reviewed-by: Julia Lawall <julia.lawall@lip6.fr>
+Acked-by: Shuah Khan <skhan@linuxfoundation.org>
+Link: https://lore.kernel.org/r/20191022093017.8027-1-suwan.kim027@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/usbip/vhci_tx.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/usb/usbip/vhci_tx.c b/drivers/usb/usbip/vhci_tx.c
+index 61b1fd379ad2f..acac49402c2b1 100644
+--- a/drivers/usb/usbip/vhci_tx.c
++++ b/drivers/usb/usbip/vhci_tx.c
+@@ -147,7 +147,10 @@ static int vhci_send_cmd_submit(struct vhci_device *vdev)
+ }
+
+ kfree(iov);
++ /* This is only for isochronous case */
+ kfree(iso_buffer);
++ iso_buffer = NULL;
++
+ usbip_dbg_vhci_tx("send txdata\n");
+
+ total_size += txsize;
+--
+2.20.1
+
--- /dev/null
+From 8473245e0ac7e1d2b863e417cdc3aeae6b242112 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 8 Nov 2019 17:08:50 +0100
+Subject: vsock/virtio: fix sock refcnt holding during the shutdown
+
+From: Stefano Garzarella <sgarzare@redhat.com>
+
+[ Upstream commit ad8a7220355d39cddce8eac1cea9677333e8b821 ]
+
+The "42f5cda5eaf4" commit rightly set SOCK_DONE on peer shutdown,
+but there is an issue if we receive the SHUTDOWN(RDWR) while the
+virtio_transport_close_timeout() is scheduled.
+In this case, when the timeout fires, the SOCK_DONE is already
+set and the virtio_transport_close_timeout() will not call
+virtio_transport_reset() and virtio_transport_do_close().
+This causes that both sockets remain open and will never be released,
+preventing the unloading of [virtio|vhost]_transport modules.
+
+This patch fixes this issue, calling virtio_transport_reset() and
+virtio_transport_do_close() when we receive the SHUTDOWN(RDWR)
+and there is nothing left to read.
+
+Fixes: 42f5cda5eaf4 ("vsock/virtio: set SOCK_DONE on peer shutdown")
+Cc: Stephen Barber <smbarber@chromium.org>
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/vmw_vsock/virtio_transport_common.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
+index 3c199f752fd3c..2a8651aa90c89 100644
+--- a/net/vmw_vsock/virtio_transport_common.c
++++ b/net/vmw_vsock/virtio_transport_common.c
+@@ -871,9 +871,11 @@ virtio_transport_recv_connected(struct sock *sk,
+ if (le32_to_cpu(pkt->hdr.flags) & VIRTIO_VSOCK_SHUTDOWN_SEND)
+ vsk->peer_shutdown |= SEND_SHUTDOWN;
+ if (vsk->peer_shutdown == SHUTDOWN_MASK &&
+- vsock_stream_has_data(vsk) <= 0) {
+- sock_set_flag(sk, SOCK_DONE);
+- sk->sk_state = TCP_CLOSING;
++ vsock_stream_has_data(vsk) <= 0 &&
++ !sock_flag(sk, SOCK_DONE)) {
++ (void)virtio_transport_reset(vsk, NULL);
++
++ virtio_transport_do_close(vsk, true);
+ }
+ if (le32_to_cpu(pkt->hdr.flags))
+ sk->sk_state_change(sk);
+--
+2.20.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
