--- /dev/null
+From 46ff42017e9abd5a3907456387f5260f9df4969c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 5 Aug 2020 19:19:26 -0700
+Subject: ALSA: pci: delete repeated words in comments
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit c7fabbc51352f50cc58242a6dc3b9c1a3599849b ]
+
+Drop duplicated words in sound/pci/.
+{and, the, at}
+
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Link: https://lore.kernel.org/r/20200806021926.32418-1-rdunlap@infradead.org
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/pci/cs46xx/cs46xx_lib.c | 2 +-
+ sound/pci/cs46xx/dsp_spos_scb_lib.c | 2 +-
+ sound/pci/hda/hda_codec.c | 2 +-
+ sound/pci/hda/hda_generic.c | 2 +-
+ sound/pci/hda/patch_sigmatel.c | 2 +-
+ sound/pci/ice1712/prodigy192.c | 2 +-
+ sound/pci/oxygen/xonar_dg.c | 2 +-
+ 7 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/sound/pci/cs46xx/cs46xx_lib.c b/sound/pci/cs46xx/cs46xx_lib.c
+index 2706f271a83b0..8a174c170e0aa 100644
+--- a/sound/pci/cs46xx/cs46xx_lib.c
++++ b/sound/pci/cs46xx/cs46xx_lib.c
+@@ -780,7 +780,7 @@ static void snd_cs46xx_set_capture_sample_rate(struct snd_cs46xx *chip, unsigned
+ rate = 48000 / 9;
+
+ /*
+- * We can not capture at at rate greater than the Input Rate (48000).
++ * We can not capture at a rate greater than the Input Rate (48000).
+ * Return an error if an attempt is made to stray outside that limit.
+ */
+ if (rate > 48000)
+diff --git a/sound/pci/cs46xx/dsp_spos_scb_lib.c b/sound/pci/cs46xx/dsp_spos_scb_lib.c
+index 7488e1b7a7707..4e726d39b05d1 100644
+--- a/sound/pci/cs46xx/dsp_spos_scb_lib.c
++++ b/sound/pci/cs46xx/dsp_spos_scb_lib.c
+@@ -1742,7 +1742,7 @@ int cs46xx_iec958_pre_open (struct snd_cs46xx *chip)
+ struct dsp_spos_instance * ins = chip->dsp_spos_instance;
+
+ if ( ins->spdif_status_out & DSP_SPDIF_STATUS_OUTPUT_ENABLED ) {
+- /* remove AsynchFGTxSCB and and PCMSerialInput_II */
++ /* remove AsynchFGTxSCB and PCMSerialInput_II */
+ cs46xx_dsp_disable_spdif_out (chip);
+
+ /* save state */
+diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c
+index 825d9b27dbe12..4962a9d8a572b 100644
+--- a/sound/pci/hda/hda_codec.c
++++ b/sound/pci/hda/hda_codec.c
+@@ -3496,7 +3496,7 @@ EXPORT_SYMBOL_GPL(snd_hda_set_power_save);
+ * @nid: NID to check / update
+ *
+ * Check whether the given NID is in the amp list. If it's in the list,
+- * check the current AMP status, and update the the power-status according
++ * check the current AMP status, and update the power-status according
+ * to the mute status.
+ *
+ * This function is supposed to be set or called from the check_power_status
+diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c
+index 869c322ddae31..7cd1047a4edf3 100644
+--- a/sound/pci/hda/hda_generic.c
++++ b/sound/pci/hda/hda_generic.c
+@@ -837,7 +837,7 @@ static void activate_amp_in(struct hda_codec *codec, struct nid_path *path,
+ }
+ }
+
+-/* sync power of each widget in the the given path */
++/* sync power of each widget in the given path */
+ static hda_nid_t path_power_update(struct hda_codec *codec,
+ struct nid_path *path,
+ bool allow_powerdown)
+diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
+index d1a6d20ace0da..80b72d0702c5e 100644
+--- a/sound/pci/hda/patch_sigmatel.c
++++ b/sound/pci/hda/patch_sigmatel.c
+@@ -862,7 +862,7 @@ static int stac_auto_create_beep_ctls(struct hda_codec *codec,
+ static struct snd_kcontrol_new beep_vol_ctl =
+ HDA_CODEC_VOLUME(NULL, 0, 0, 0);
+
+- /* check for mute support for the the amp */
++ /* check for mute support for the amp */
+ if ((caps & AC_AMPCAP_MUTE) >> AC_AMPCAP_MUTE_SHIFT) {
+ const struct snd_kcontrol_new *temp;
+ if (spec->anabeep_nid == nid)
+diff --git a/sound/pci/ice1712/prodigy192.c b/sound/pci/ice1712/prodigy192.c
+index 3919aed39ca03..5e52086d7b986 100644
+--- a/sound/pci/ice1712/prodigy192.c
++++ b/sound/pci/ice1712/prodigy192.c
+@@ -31,7 +31,7 @@
+ * Experimentally I found out that only a combination of
+ * OCKS0=1, OCKS1=1 (128fs, 64fs output) and ice1724 -
+ * VT1724_MT_I2S_MCLK_128X=0 (256fs input) yields correct
+- * sampling rate. That means the the FPGA doubles the
++ * sampling rate. That means that the FPGA doubles the
+ * MCK01 rate.
+ *
+ * Copyright (c) 2003 Takashi Iwai <tiwai@suse.de>
+diff --git a/sound/pci/oxygen/xonar_dg.c b/sound/pci/oxygen/xonar_dg.c
+index 4cf3200e988b0..df44135e1b0c9 100644
+--- a/sound/pci/oxygen/xonar_dg.c
++++ b/sound/pci/oxygen/xonar_dg.c
+@@ -39,7 +39,7 @@
+ * GPIO 4 <- headphone detect
+ * GPIO 5 -> enable ADC analog circuit for the left channel
+ * GPIO 6 -> enable ADC analog circuit for the right channel
+- * GPIO 7 -> switch green rear output jack between CS4245 and and the first
++ * GPIO 7 -> switch green rear output jack between CS4245 and the first
+ * channel of CS4361 (mechanical relay)
+ * GPIO 8 -> enable output to speakers
+ *
+--
+2.25.1
+
--- /dev/null
+From 863ad060c18c7e5e8866629a4c9f2e5044575c5e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 13 Jun 2020 15:44:19 -0500
+Subject: ASoC: tegra: Fix reference count leaks.
+
+From: Qiushi Wu <wu000273@umn.edu>
+
+[ Upstream commit deca195383a6085be62cb453079e03e04d618d6e ]
+
+Calling pm_runtime_get_sync increments the counter even in case of
+failure, causing incorrect ref count if pm_runtime_put is not called in
+error handling paths. Call pm_runtime_put if pm_runtime_get_sync fails.
+
+Signed-off-by: Qiushi Wu <wu000273@umn.edu>
+Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
+Link: https://lore.kernel.org/r/20200613204422.24484-1-wu000273@umn.edu
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/tegra/tegra30_ahub.c | 4 +++-
+ sound/soc/tegra/tegra30_i2s.c | 4 +++-
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/sound/soc/tegra/tegra30_ahub.c b/sound/soc/tegra/tegra30_ahub.c
+index fef3b9a21a667..e441e23a37e4f 100644
+--- a/sound/soc/tegra/tegra30_ahub.c
++++ b/sound/soc/tegra/tegra30_ahub.c
+@@ -656,8 +656,10 @@ static int tegra30_ahub_resume(struct device *dev)
+ int ret;
+
+ ret = pm_runtime_get_sync(dev);
+- if (ret < 0)
++ if (ret < 0) {
++ pm_runtime_put(dev);
+ return ret;
++ }
+ ret = regcache_sync(ahub->regmap_ahub);
+ ret |= regcache_sync(ahub->regmap_apbif);
+ pm_runtime_put(dev);
+diff --git a/sound/soc/tegra/tegra30_i2s.c b/sound/soc/tegra/tegra30_i2s.c
+index 8e55583aa104e..516f37896092c 100644
+--- a/sound/soc/tegra/tegra30_i2s.c
++++ b/sound/soc/tegra/tegra30_i2s.c
+@@ -552,8 +552,10 @@ static int tegra30_i2s_resume(struct device *dev)
+ int ret;
+
+ ret = pm_runtime_get_sync(dev);
+- if (ret < 0)
++ if (ret < 0) {
++ pm_runtime_put(dev);
+ return ret;
++ }
+ ret = regcache_sync(i2s->regmap);
+ pm_runtime_put(dev);
+
+--
+2.25.1
+
--- /dev/null
+From ee654be606bb1c76ecbb49375bdcf8dab00e3bae Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 1 Jul 2020 01:52:48 -0400
+Subject: ceph: fix potential mdsc use-after-free crash
+
+From: Xiubo Li <xiubli@redhat.com>
+
+[ Upstream commit fa9967734227b44acb1b6918033f9122dc7825b9 ]
+
+Make sure the delayed work stopped before releasing the resources.
+
+cancel_delayed_work_sync() will only guarantee that the work finishes
+executing if the work is already in the ->worklist. That means after
+the cancel_delayed_work_sync() returns, it will leave the work requeued
+if it was rearmed at the end. That can lead to a use after free once the
+work struct is freed.
+
+Fix it by flushing the delayed work instead of trying to cancel it, and
+ensure that the work doesn't rearm if the mdsc is stopping.
+
+URL: https://tracker.ceph.com/issues/46293
+Signed-off-by: Xiubo Li <xiubli@redhat.com>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ceph/mds_client.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c
+index a5de8e22629ba..b7fd7d69be075 100644
+--- a/fs/ceph/mds_client.c
++++ b/fs/ceph/mds_client.c
+@@ -3428,6 +3428,9 @@ static void delayed_work(struct work_struct *work)
+ dout("mdsc delayed_work\n");
+ ceph_check_delayed_caps(mdsc);
+
++ if (mdsc->stopping)
++ return;
++
+ mutex_lock(&mdsc->mutex);
+ renew_interval = mdsc->mdsmap->m_session_timeout >> 2;
+ renew_caps = time_after_eq(jiffies, HZ*renew_interval +
+@@ -3752,7 +3755,16 @@ void ceph_mdsc_force_umount(struct ceph_mds_client *mdsc)
+ static void ceph_mdsc_stop(struct ceph_mds_client *mdsc)
+ {
+ dout("stop\n");
+- cancel_delayed_work_sync(&mdsc->delayed_work); /* cancel timer */
++ /*
++ * Make sure the delayed work stopped before releasing
++ * the resources.
++ *
++ * Because the cancel_delayed_work_sync() will only
++ * guarantee that the work finishes executing. But the
++ * delayed work will re-arm itself again after that.
++ */
++ flush_delayed_work(&mdsc->delayed_work);
++
+ if (mdsc->mdsmap)
+ ceph_mdsmap_destroy(mdsc->mdsmap);
+ kfree(mdsc->sessions);
+--
+2.25.1
+
--- /dev/null
+From 209e623a8af08fac92cd9222202f522ba27d8897 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 14 Jun 2020 02:14:50 -0500
+Subject: drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+[ Upstream commit 5509ac65f2fe5aa3c0003237ec629ca55024307c ]
+
+in amdgpu_drm_ioctl the call to pm_runtime_get_sync increments the
+counter even in case of failure, leading to incorrect
+ref count. In case of failure, decrement the ref count before returning.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+index 8d6668cedf6db..eb3c54e1f1ca8 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c
+@@ -443,11 +443,12 @@ long amdgpu_drm_ioctl(struct file *filp,
+ dev = file_priv->minor->dev;
+ ret = pm_runtime_get_sync(dev->dev);
+ if (ret < 0)
+- return ret;
++ goto out;
+
+ ret = drm_ioctl(filp, cmd, arg);
+
+ pm_runtime_mark_last_busy(dev->dev);
++out:
+ pm_runtime_put_autosuspend(dev->dev);
+ return ret;
+ }
+--
+2.25.1
+
--- /dev/null
+From 1f0f34bc8e5f8f3c962fcfd77862aa94902010e1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 14 Jun 2020 02:05:28 -0500
+Subject: drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+[ Upstream commit f79f94765f8c39db0b7dec1d335ab046aac03f20 ]
+
+The call to pm_runtime_get_sync increments the counter even in case of
+failure, leading to incorrect ref count.
+In case of failure, decrement the ref count before returning.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
+index 1f0e6ede120c4..1b3fda2331bee 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
+@@ -734,8 +734,10 @@ amdgpu_connector_lvds_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ if (encoder) {
+@@ -863,8 +865,10 @@ amdgpu_connector_vga_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ encoder = amdgpu_connector_best_single_encoder(connector);
+@@ -986,8 +990,10 @@ amdgpu_connector_dvi_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ if (!force && amdgpu_connector_check_hpd_status_unchanged(connector)) {
+@@ -1360,8 +1366,10 @@ amdgpu_connector_dp_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ if (!force && amdgpu_connector_check_hpd_status_unchanged(connector)) {
+--
+2.25.1
+
--- /dev/null
+From e7765bca2f44f4e69667951ce72a780dcadd6d1a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 14 Jun 2020 02:09:44 -0500
+Subject: drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+[ Upstream commit e008fa6fb41544b63973a529b704ef342f47cc65 ]
+
+in amdgpu_display_crtc_set_config, the call to pm_runtime_get_sync
+increments the counter even in case of failure, leading to incorrect
+ref count. In case of failure, decrement the ref count before returning.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c
+index c555781685ea8..d3ee8f19f1ef9 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_display.c
+@@ -296,7 +296,7 @@ int amdgpu_crtc_set_config(struct drm_mode_set *set)
+
+ ret = pm_runtime_get_sync(dev->dev);
+ if (ret < 0)
+- return ret;
++ goto out;
+
+ ret = drm_crtc_helper_set_config(set);
+
+@@ -311,7 +311,7 @@ int amdgpu_crtc_set_config(struct drm_mode_set *set)
+ take the current one */
+ if (active && !adev->have_disp_power_ref) {
+ adev->have_disp_power_ref = true;
+- return ret;
++ goto out;
+ }
+ /* if we have no active crtcs, then drop the power ref
+ we got before */
+@@ -320,6 +320,7 @@ int amdgpu_crtc_set_config(struct drm_mode_set *set)
+ adev->have_disp_power_ref = false;
+ }
+
++out:
+ /* drop the power reference we got coming in here */
+ pm_runtime_put_autosuspend(dev->dev);
+ return ret;
+--
+2.25.1
+
--- /dev/null
+From d49d3068966cb0dad4a1f1f942ad8524140b022a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 14 Jun 2020 02:12:29 -0500
+Subject: drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
+
+From: Navid Emamdoost <navid.emamdoost@gmail.com>
+
+[ Upstream commit 9ba8923cbbe11564dd1bf9f3602add9a9cfbb5c6 ]
+
+in amdgpu_driver_open_kms the call to pm_runtime_get_sync increments the
+counter even in case of failure, leading to incorrect
+ref count. In case of failure, decrement the ref count before returning.
+
+Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+index 5bf98f0195fbd..6025c69871a86 100644
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c
+@@ -522,7 +522,7 @@ int amdgpu_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv)
+
+ r = pm_runtime_get_sync(dev->dev);
+ if (r < 0)
+- return r;
++ goto pm_put;
+
+ fpriv = kzalloc(sizeof(*fpriv), GFP_KERNEL);
+ if (unlikely(!fpriv))
+@@ -540,6 +540,7 @@ int amdgpu_driver_open_kms(struct drm_device *dev, struct drm_file *file_priv)
+ file_priv->driver_priv = fpriv;
+
+ pm_runtime_mark_last_busy(dev->dev);
++pm_put:
+ pm_runtime_put_autosuspend(dev->dev);
+ return 0;
+
+--
+2.25.1
+
--- /dev/null
+From eeb86701024b56bd493cb765380f6945a933eec5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 13 Jun 2020 14:32:26 -0500
+Subject: drm/amdkfd: Fix reference count leaks.
+
+From: Qiushi Wu <wu000273@umn.edu>
+
+[ Upstream commit 20eca0123a35305e38b344d571cf32768854168c ]
+
+kobject_init_and_add() takes reference even when it fails.
+If this function returns an error, kobject_put() must be called to
+properly clean up the memory associated with the object.
+
+Signed-off-by: Qiushi Wu <wu000273@umn.edu>
+Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
+Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 20 +++++++++++++++-----
+ 1 file changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c
+index 2acbd43f9a531..965489b20429c 100644
+--- a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c
++++ b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c
+@@ -841,8 +841,10 @@ static int kfd_build_sysfs_node_entry(struct kfd_topology_device *dev,
+
+ ret = kobject_init_and_add(dev->kobj_node, &node_type,
+ sys_props.kobj_nodes, "%d", id);
+- if (ret < 0)
++ if (ret < 0) {
++ kobject_put(dev->kobj_node);
+ return ret;
++ }
+
+ dev->kobj_mem = kobject_create_and_add("mem_banks", dev->kobj_node);
+ if (!dev->kobj_mem)
+@@ -885,8 +887,10 @@ static int kfd_build_sysfs_node_entry(struct kfd_topology_device *dev,
+ return -ENOMEM;
+ ret = kobject_init_and_add(mem->kobj, &mem_type,
+ dev->kobj_mem, "%d", i);
+- if (ret < 0)
++ if (ret < 0) {
++ kobject_put(mem->kobj);
+ return ret;
++ }
+
+ mem->attr.name = "properties";
+ mem->attr.mode = KFD_SYSFS_FILE_MODE;
+@@ -904,8 +908,10 @@ static int kfd_build_sysfs_node_entry(struct kfd_topology_device *dev,
+ return -ENOMEM;
+ ret = kobject_init_and_add(cache->kobj, &cache_type,
+ dev->kobj_cache, "%d", i);
+- if (ret < 0)
++ if (ret < 0) {
++ kobject_put(cache->kobj);
+ return ret;
++ }
+
+ cache->attr.name = "properties";
+ cache->attr.mode = KFD_SYSFS_FILE_MODE;
+@@ -923,8 +929,10 @@ static int kfd_build_sysfs_node_entry(struct kfd_topology_device *dev,
+ return -ENOMEM;
+ ret = kobject_init_and_add(iolink->kobj, &iolink_type,
+ dev->kobj_iolink, "%d", i);
+- if (ret < 0)
++ if (ret < 0) {
++ kobject_put(iolink->kobj);
+ return ret;
++ }
+
+ iolink->attr.name = "properties";
+ iolink->attr.mode = KFD_SYSFS_FILE_MODE;
+@@ -976,8 +984,10 @@ static int kfd_topology_update_sysfs(void)
+ ret = kobject_init_and_add(sys_props.kobj_topology,
+ &sysprops_type, &kfd_device->kobj,
+ "topology");
+- if (ret < 0)
++ if (ret < 0) {
++ kobject_put(sys_props.kobj_topology);
+ return ret;
++ }
+
+ sys_props.kobj_nodes = kobject_create_and_add("nodes",
+ sys_props.kobj_topology);
+--
+2.25.1
+
--- /dev/null
+From 090fa5e8cd99d6308a4d69bc057822c0dea9fa9b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 13 Jun 2020 20:33:42 -0500
+Subject: drm/nouveau/drm/noveau: fix reference count leak in
+ nouveau_fbcon_open
+
+From: Aditya Pakki <pakki001@umn.edu>
+
+[ Upstream commit bfad51c7633325b5d4b32444efe04329d53297b2 ]
+
+nouveau_fbcon_open() calls calls pm_runtime_get_sync() that
+increments the reference count. In case of failure, decrement the
+ref count before returning the error.
+
+Signed-off-by: Aditya Pakki <pakki001@umn.edu>
+Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/nouveau/nouveau_fbcon.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/nouveau/nouveau_fbcon.c b/drivers/gpu/drm/nouveau/nouveau_fbcon.c
+index edb3a23ded5d5..11183839f6fad 100644
+--- a/drivers/gpu/drm/nouveau/nouveau_fbcon.c
++++ b/drivers/gpu/drm/nouveau/nouveau_fbcon.c
+@@ -184,8 +184,10 @@ nouveau_fbcon_open(struct fb_info *info, int user)
+ struct nouveau_fbdev *fbcon = info->par;
+ struct nouveau_drm *drm = nouveau_drm(fbcon->dev);
+ int ret = pm_runtime_get_sync(drm->dev->dev);
+- if (ret < 0 && ret != -EACCES)
++ if (ret < 0 && ret != -EACCES) {
++ pm_runtime_put(drm->dev->dev);
+ return ret;
++ }
+ return 0;
+ }
+
+--
+2.25.1
+
--- /dev/null
+From 475a5c942e63a7a34f024d7b4d68ba960095b00b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 13 Jun 2020 20:22:23 -0500
+Subject: drm/nouveau: Fix reference count leak in nouveau_connector_detect
+
+From: Aditya Pakki <pakki001@umn.edu>
+
+[ Upstream commit 990a1162986e8eff7ca18cc5a0e03b4304392ae2 ]
+
+nouveau_connector_detect() calls pm_runtime_get_sync and in turn
+increments the reference count. In case of failure, decrement the
+ref count before returning the error.
+
+Signed-off-by: Aditya Pakki <pakki001@umn.edu>
+Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/nouveau/nouveau_connector.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c
+index 1855b475cc0b2..42be04813b682 100644
+--- a/drivers/gpu/drm/nouveau/nouveau_connector.c
++++ b/drivers/gpu/drm/nouveau/nouveau_connector.c
+@@ -263,8 +263,10 @@ nouveau_connector_detect(struct drm_connector *connector, bool force)
+ pm_runtime_get_noresume(dev->dev);
+ } else {
+ ret = pm_runtime_get_sync(dev->dev);
+- if (ret < 0 && ret != -EACCES)
++ if (ret < 0 && ret != -EACCES) {
++ pm_runtime_put_autosuspend(dev->dev);
+ return conn_status;
++ }
+ }
+
+ nv_encoder = nouveau_connector_ddc_detect(connector);
+--
+2.25.1
+
--- /dev/null
+From b262c59ddb1a68b95d7f4282090c9881ed835b98 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 13 Jun 2020 20:55:39 -0500
+Subject: drm/radeon: fix multiple reference count leak
+
+From: Aditya Pakki <pakki001@umn.edu>
+
+[ Upstream commit 6f2e8acdb48ed166b65d47837c31b177460491ec ]
+
+On calling pm_runtime_get_sync() the reference count of the device
+is incremented. In case of failure, decrement the
+reference count before returning the error.
+
+Signed-off-by: Aditya Pakki <pakki001@umn.edu>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/radeon/radeon_connectors.c | 20 +++++++++++++++-----
+ 1 file changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c
+index bebcef2ce6b88..a9f1d99bb6f99 100644
+--- a/drivers/gpu/drm/radeon/radeon_connectors.c
++++ b/drivers/gpu/drm/radeon/radeon_connectors.c
+@@ -886,8 +886,10 @@ radeon_lvds_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ if (encoder) {
+@@ -1021,8 +1023,10 @@ radeon_vga_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ encoder = radeon_best_single_encoder(connector);
+@@ -1158,8 +1162,10 @@ radeon_tv_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ encoder = radeon_best_single_encoder(connector);
+@@ -1241,8 +1247,10 @@ radeon_dvi_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ if (radeon_connector->detected_hpd_without_ddc) {
+@@ -1681,8 +1689,10 @@ radeon_dp_detect(struct drm_connector *connector, bool force)
+
+ if (!drm_kms_helper_is_poll_worker()) {
+ r = pm_runtime_get_sync(connector->dev->dev);
+- if (r < 0)
++ if (r < 0) {
++ pm_runtime_put_autosuspend(connector->dev->dev);
+ return connector_status_disconnected;
++ }
+ }
+
+ if (!force && radeon_check_hpd_status_unchanged(connector)) {
+--
+2.25.1
+
--- /dev/null
+From 6f668eed4678103f73288a64e76ab186aac318b2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 16 Jul 2020 14:25:11 -0400
+Subject: EDAC/ie31200: Fallback if host bridge device is already initialized
+
+From: Jason Baron <jbaron@akamai.com>
+
+[ Upstream commit 709ed1bcef12398ac1a35c149f3e582db04456c2 ]
+
+The Intel uncore driver may claim some of the pci ids from ie31200 which
+means that the ie31200 edac driver will not initialize them as part of
+pci_register_driver().
+
+Let's add a fallback for this case to 'pci_get_device()' to get a
+reference on the device such that it can still be configured. This is
+similar in approach to other edac drivers.
+
+Signed-off-by: Jason Baron <jbaron@akamai.com>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Mauro Carvalho Chehab <mchehab@kernel.org>
+Cc: linux-edac <linux-edac@vger.kernel.org>
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Link: https://lore.kernel.org/r/1594923911-10885-1-git-send-email-jbaron@akamai.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/edac/ie31200_edac.c | 50 ++++++++++++++++++++++++++++++++++---
+ 1 file changed, 47 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/edac/ie31200_edac.c b/drivers/edac/ie31200_edac.c
+index 18d77ace4813c..30f83fb6b145a 100644
+--- a/drivers/edac/ie31200_edac.c
++++ b/drivers/edac/ie31200_edac.c
+@@ -131,6 +131,8 @@
+ #define IE31200_PAGES(n) (n << (28 - PAGE_SHIFT))
+
+ static int nr_channels;
++static struct pci_dev *mci_pdev;
++static int ie31200_registered = 1;
+
+ struct ie31200_priv {
+ void __iomem *window;
+@@ -456,12 +458,16 @@ fail_free:
+ static int ie31200_init_one(struct pci_dev *pdev,
+ const struct pci_device_id *ent)
+ {
+- edac_dbg(0, "MC:\n");
++ int rc;
+
++ edac_dbg(0, "MC:\n");
+ if (pci_enable_device(pdev) < 0)
+ return -EIO;
++ rc = ie31200_probe1(pdev, ent->driver_data);
++ if (rc == 0 && !mci_pdev)
++ mci_pdev = pci_dev_get(pdev);
+
+- return ie31200_probe1(pdev, ent->driver_data);
++ return rc;
+ }
+
+ static void ie31200_remove_one(struct pci_dev *pdev)
+@@ -470,6 +476,8 @@ static void ie31200_remove_one(struct pci_dev *pdev)
+ struct ie31200_priv *priv;
+
+ edac_dbg(0, "\n");
++ pci_dev_put(mci_pdev);
++ mci_pdev = NULL;
+ mci = edac_mc_del_mc(&pdev->dev);
+ if (!mci)
+ return;
+@@ -515,17 +523,53 @@ static struct pci_driver ie31200_driver = {
+
+ static int __init ie31200_init(void)
+ {
++ int pci_rc, i;
++
+ edac_dbg(3, "MC:\n");
+ /* Ensure that the OPSTATE is set correctly for POLL or NMI */
+ opstate_init();
+
+- return pci_register_driver(&ie31200_driver);
++ pci_rc = pci_register_driver(&ie31200_driver);
++ if (pci_rc < 0)
++ goto fail0;
++
++ if (!mci_pdev) {
++ ie31200_registered = 0;
++ for (i = 0; ie31200_pci_tbl[i].vendor != 0; i++) {
++ mci_pdev = pci_get_device(ie31200_pci_tbl[i].vendor,
++ ie31200_pci_tbl[i].device,
++ NULL);
++ if (mci_pdev)
++ break;
++ }
++ if (!mci_pdev) {
++ edac_dbg(0, "ie31200 pci_get_device fail\n");
++ pci_rc = -ENODEV;
++ goto fail1;
++ }
++ pci_rc = ie31200_init_one(mci_pdev, &ie31200_pci_tbl[i]);
++ if (pci_rc < 0) {
++ edac_dbg(0, "ie31200 init fail\n");
++ pci_rc = -ENODEV;
++ goto fail1;
++ }
++ }
++ return 0;
++
++fail1:
++ pci_unregister_driver(&ie31200_driver);
++fail0:
++ pci_dev_put(mci_pdev);
++
++ return pci_rc;
+ }
+
+ static void __exit ie31200_exit(void)
+ {
+ edac_dbg(3, "MC:\n");
+ pci_unregister_driver(&ie31200_driver);
++ if (!ie31200_registered)
++ ie31200_remove_one(mci_pdev);
+ }
+
+ module_init(ie31200_init);
+--
+2.25.1
+
--- /dev/null
+From eb2306625b2dbe7f3d8b878f36b99d629a3299aa Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 25 Jul 2020 19:51:10 +0100
+Subject: locking/lockdep: Fix overflow in presentation of average lock-time
+
+From: Chris Wilson <chris@chris-wilson.co.uk>
+
+[ Upstream commit a7ef9b28aa8d72a1656fa6f0a01bbd1493886317 ]
+
+Though the number of lock-acquisitions is tracked as unsigned long, this
+is passed as the divisor to div_s64() which interprets it as a s32,
+giving nonsense values with more than 2 billion acquisitons. E.g.
+
+ acquisitions holdtime-min holdtime-max holdtime-total holdtime-avg
+ -------------------------------------------------------------------------
+ 2350439395 0.07 353.38 649647067.36 0.-32
+
+Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: https://lore.kernel.org/r/20200725185110.11588-1-chris@chris-wilson.co.uk
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/locking/lockdep_proc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/locking/lockdep_proc.c b/kernel/locking/lockdep_proc.c
+index 35b34eccdd109..9484f934aa349 100644
+--- a/kernel/locking/lockdep_proc.c
++++ b/kernel/locking/lockdep_proc.c
+@@ -423,7 +423,7 @@ static void seq_lock_time(struct seq_file *m, struct lock_time *lt)
+ seq_time(m, lt->min);
+ seq_time(m, lt->max);
+ seq_time(m, lt->total);
+- seq_time(m, lt->nr ? div_s64(lt->total, lt->nr) : 0);
++ seq_time(m, lt->nr ? div64_u64(lt->total, lt->nr) : 0);
+ }
+
+ static void seq_stats(struct seq_file *m, struct lock_stat_data *data)
+--
+2.25.1
+
--- /dev/null
+From 19a33ac2c973f6c47563e4e890405123a8326ea9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 30 May 2020 16:42:08 +0200
+Subject: media: pci: ttpci: av7110: fix possible buffer overflow caused by bad
+ DMA value in debiirq()
+
+From: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>
+
+[ Upstream commit 6499a0db9b0f1e903d52f8244eacc1d4be00eea2 ]
+
+The value av7110->debi_virt is stored in DMA memory, and it is assigned
+to data, and thus data[0] can be modified at any time by malicious
+hardware. In this case, "if (data[0] < 2)" can be passed, but then
+data[0] can be changed into a large number, which may cause buffer
+overflow when the code "av7110->ci_slot[data[0]]" is used.
+
+To fix this possible bug, data[0] is assigned to a local variable, which
+replaces the use of data[0].
+
+Signed-off-by: Jia-Ju Bai <baijiaju@tsinghua.edu.cn>
+Signed-off-by: Sean Young <sean@mess.org>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/media/pci/ttpci/av7110.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/media/pci/ttpci/av7110.c b/drivers/media/pci/ttpci/av7110.c
+index f89364951ebdf..fb13cc3c591da 100644
+--- a/drivers/media/pci/ttpci/av7110.c
++++ b/drivers/media/pci/ttpci/av7110.c
+@@ -426,14 +426,15 @@ static void debiirq(unsigned long cookie)
+ case DATA_CI_GET:
+ {
+ u8 *data = av7110->debi_virt;
++ u8 data_0 = data[0];
+
+- if ((data[0] < 2) && data[2] == 0xff) {
++ if (data_0 < 2 && data[2] == 0xff) {
+ int flags = 0;
+ if (data[5] > 0)
+ flags |= CA_CI_MODULE_PRESENT;
+ if (data[5] > 5)
+ flags |= CA_CI_MODULE_READY;
+- av7110->ci_slot[data[0]].flags = flags;
++ av7110->ci_slot[data_0].flags = flags;
+ } else
+ ci_get_data(&av7110->ci_rbuffer,
+ av7110->debi_virt,
+--
+2.25.1
+
--- /dev/null
+From 4ab972569f8c58bba08ed119b068298f068b140b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Jul 2020 20:30:18 +0800
+Subject: mips/vdso: Fix resource leaks in genvdso.c
+
+From: Peng Fan <fanpeng@loongson.cn>
+
+[ Upstream commit a859647b4e6bfeb192284d27d24b6a0c914cae1d ]
+
+Close "fd" before the return of map_vdso() and close "out_file"
+in main().
+
+Signed-off-by: Peng Fan <fanpeng@loongson.cn>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/vdso/genvdso.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/arch/mips/vdso/genvdso.c b/arch/mips/vdso/genvdso.c
+index 530a36f465ced..afcc86726448e 100644
+--- a/arch/mips/vdso/genvdso.c
++++ b/arch/mips/vdso/genvdso.c
+@@ -126,6 +126,7 @@ static void *map_vdso(const char *path, size_t *_size)
+ if (fstat(fd, &stat) != 0) {
+ fprintf(stderr, "%s: Failed to stat '%s': %s\n", program_name,
+ path, strerror(errno));
++ close(fd);
+ return NULL;
+ }
+
+@@ -134,6 +135,7 @@ static void *map_vdso(const char *path, size_t *_size)
+ if (addr == MAP_FAILED) {
+ fprintf(stderr, "%s: Failed to map '%s': %s\n", program_name,
+ path, strerror(errno));
++ close(fd);
+ return NULL;
+ }
+
+@@ -143,6 +145,7 @@ static void *map_vdso(const char *path, size_t *_size)
+ if (memcmp(ehdr->e_ident, ELFMAG, SELFMAG) != 0) {
+ fprintf(stderr, "%s: '%s' is not an ELF file\n", program_name,
+ path);
++ close(fd);
+ return NULL;
+ }
+
+@@ -154,6 +157,7 @@ static void *map_vdso(const char *path, size_t *_size)
+ default:
+ fprintf(stderr, "%s: '%s' has invalid ELF class\n",
+ program_name, path);
++ close(fd);
+ return NULL;
+ }
+
+@@ -165,6 +169,7 @@ static void *map_vdso(const char *path, size_t *_size)
+ default:
+ fprintf(stderr, "%s: '%s' has invalid ELF data order\n",
+ program_name, path);
++ close(fd);
+ return NULL;
+ }
+
+@@ -172,15 +177,18 @@ static void *map_vdso(const char *path, size_t *_size)
+ fprintf(stderr,
+ "%s: '%s' has invalid ELF machine (expected EM_MIPS)\n",
+ program_name, path);
++ close(fd);
+ return NULL;
+ } else if (swap_uint16(ehdr->e_type) != ET_DYN) {
+ fprintf(stderr,
+ "%s: '%s' has invalid ELF type (expected ET_DYN)\n",
+ program_name, path);
++ close(fd);
+ return NULL;
+ }
+
+ *_size = stat.st_size;
++ close(fd);
+ return addr;
+ }
+
+@@ -284,10 +292,12 @@ int main(int argc, char **argv)
+ /* Calculate and write symbol offsets to <output file> */
+ if (!get_symbols(dbg_vdso_path, dbg_vdso)) {
+ unlink(out_path);
++ fclose(out_file);
+ return EXIT_FAILURE;
+ }
+
+ fprintf(out_file, "};\n");
++ fclose(out_file);
+
+ return EXIT_SUCCESS;
+ }
+--
+2.25.1
+
--- /dev/null
+From 8777969a15dc8bbb98cf54115f0bbecb5bbe62d7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 May 2020 21:13:22 -0500
+Subject: PCI: Fix pci_create_slot() reference count leak
+
+From: Qiushi Wu <wu000273@umn.edu>
+
+[ Upstream commit 8a94644b440eef5a7b9c104ac8aa7a7f413e35e5 ]
+
+kobject_init_and_add() takes a reference even when it fails. If it returns
+an error, kobject_put() must be called to clean up the memory associated
+with the object.
+
+When kobject_init_and_add() fails, call kobject_put() instead of kfree().
+
+b8eb718348b8 ("net-sysfs: Fix reference count leak in
+rx|netdev_queue_add_kobject") fixed a similar problem.
+
+Link: https://lore.kernel.org/r/20200528021322.1984-1-wu000273@umn.edu
+Signed-off-by: Qiushi Wu <wu000273@umn.edu>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/pci/slot.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/pci/slot.c b/drivers/pci/slot.c
+index 429d34c348b9f..01a343ad7155c 100644
+--- a/drivers/pci/slot.c
++++ b/drivers/pci/slot.c
+@@ -303,13 +303,16 @@ placeholder:
+ slot_name = make_slot_name(name);
+ if (!slot_name) {
+ err = -ENOMEM;
++ kfree(slot);
+ goto err;
+ }
+
+ err = kobject_init_and_add(&slot->kobj, &pci_slot_ktype, NULL,
+ "%s", slot_name);
+- if (err)
++ if (err) {
++ kobject_put(&slot->kobj);
+ goto err;
++ }
+
+ INIT_LIST_HEAD(&slot->list);
+ list_add(&slot->list, &parent->slots);
+@@ -328,7 +331,6 @@ out:
+ mutex_unlock(&pci_slot_mutex);
+ return slot;
+ err:
+- kfree(slot);
+ slot = ERR_PTR(err);
+ goto out;
+ }
+--
+2.25.1
+
--- /dev/null
+From 52cea33caf20ba4058f4e220aefc42c27c2c8424 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 27 Aug 2020 13:13:07 +0530
+Subject: powerpc/pseries: Do not initiate shutdown when system is running on
+ UPS
+
+From: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
+
+commit 90a9b102eddf6a3f987d15f4454e26a2532c1c98 upstream.
+
+As per PAPR we have to look for both EPOW sensor value and event
+modifier to identify the type of event and take appropriate action.
+
+In LoPAPR v1.1 section 10.2.2 includes table 136 "EPOW Action Codes":
+
+ SYSTEM_SHUTDOWN 3
+
+ The system must be shut down. An EPOW-aware OS logs the EPOW error
+ log information, then schedules the system to be shut down to begin
+ after an OS defined delay internal (default is 10 minutes.)
+
+Then in section 10.3.2.2.8 there is table 146 "Platform Event Log
+Format, Version 6, EPOW Section", which includes the "EPOW Event
+Modifier":
+
+ For EPOW sensor value = 3
+ 0x01 = Normal system shutdown with no additional delay
+ 0x02 = Loss of utility power, system is running on UPS/Battery
+ 0x03 = Loss of system critical functions, system should be shutdown
+ 0x04 = Ambient temperature too high
+ All other values = reserved
+
+We have a user space tool (rtas_errd) on LPAR to monitor for
+EPOW_SHUTDOWN_ON_UPS. Once it gets an event it initiates shutdown
+after predefined time. It also starts monitoring for any new EPOW
+events. If it receives "Power restored" event before predefined time
+it will cancel the shutdown. Otherwise after predefined time it will
+shutdown the system.
+
+Commit 79872e35469b ("powerpc/pseries: All events of
+EPOW_SYSTEM_SHUTDOWN must initiate shutdown") changed our handling of
+the "on UPS/Battery" case, to immediately shutdown the system. This
+breaks existing setups that rely on the userspace tool to delay
+shutdown and let the system run on the UPS.
+
+Fixes: 79872e35469b ("powerpc/pseries: All events of EPOW_SYSTEM_SHUTDOWN must initiate shutdown")
+Cc: stable@vger.kernel.org # v4.0+
+Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
+[mpe: Massage change log and add PAPR references]
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200820061844.306460-1-hegdevasant@linux.vnet.ibm.com
+Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/platforms/pseries/ras.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/arch/powerpc/platforms/pseries/ras.c b/arch/powerpc/platforms/pseries/ras.c
+index 9e817c1b78087..1fa8e492ce27d 100644
+--- a/arch/powerpc/platforms/pseries/ras.c
++++ b/arch/powerpc/platforms/pseries/ras.c
+@@ -90,7 +90,6 @@ static void handle_system_shutdown(char event_modifier)
+ pr_emerg("Loss of power reported by firmware, system is "
+ "running on UPS/battery");
+ pr_emerg("Check RTAS error log for details");
+- orderly_poweroff(true);
+ break;
+
+ case EPOW_SHUTDOWN_LOSS_OF_CRITICAL_FUNCTIONS:
+--
+2.25.1
+
--- /dev/null
+From cb86a668aba9dfdccf969e1455a30a774ebd6ef5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 22 Jun 2020 15:21:12 +0200
+Subject: rtlwifi: rtl8192cu: Prevent leaking urb
+
+From: Reto Schneider <code@reto-schneider.ch>
+
+[ Upstream commit 03128643eb5453a798db5770952c73dc64fcaf00 ]
+
+If usb_submit_urb fails the allocated urb should be unanchored and
+released.
+
+Signed-off-by: Reto Schneider <code@reto-schneider.ch>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/20200622132113.14508-3-code@reto-schneider.ch
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/realtek/rtlwifi/usb.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
+index 9408c1f8e3977..f01ef8ecfaf39 100644
+--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
++++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
+@@ -755,8 +755,11 @@ static int _rtl_usb_receive(struct ieee80211_hw *hw)
+
+ usb_anchor_urb(urb, &rtlusb->rx_submitted);
+ err = usb_submit_urb(urb, GFP_KERNEL);
+- if (err)
++ if (err) {
++ usb_unanchor_urb(urb);
++ usb_free_urb(urb);
+ goto err_out;
++ }
+ usb_free_urb(urb);
+ }
+ return 0;
+--
+2.25.1
+
--- /dev/null
+From 3c0da224060810bcf95a9cb86cfba12a04fc0281 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 29 Jul 2020 01:18:24 -0700
+Subject: scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
+
+From: Javed Hasan <jhasan@marvell.com>
+
+[ Upstream commit e95b4789ff4380733006836d28e554dc296b2298 ]
+
+In fcoe_sysfs_fcf_del(), we first deleted the fcf from the list and then
+freed it if ctlr_dev was not NULL. This was causing a memory leak.
+
+Free the fcf even if ctlr_dev is NULL.
+
+Link: https://lore.kernel.org/r/20200729081824.30996-3-jhasan@marvell.com
+Reviewed-by: Girish Basrur <gbasrur@marvell.com>
+Reviewed-by: Santosh Vernekar <svernekar@marvell.com>
+Reviewed-by: Saurav Kashyap <skashyap@marvell.com>
+Reviewed-by: Shyam Sundar <ssundar@marvell.com>
+Signed-off-by: Javed Hasan <jhasan@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/fcoe/fcoe_ctlr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/fcoe/fcoe_ctlr.c b/drivers/scsi/fcoe/fcoe_ctlr.c
+index 3bc610d160f57..53afdbe17d71d 100644
+--- a/drivers/scsi/fcoe/fcoe_ctlr.c
++++ b/drivers/scsi/fcoe/fcoe_ctlr.c
+@@ -264,9 +264,9 @@ static void fcoe_sysfs_fcf_del(struct fcoe_fcf *new)
+ WARN_ON(!fcf_dev);
+ new->fcf_dev = NULL;
+ fcoe_fcf_device_delete(fcf_dev);
+- kfree(new);
+ mutex_unlock(&cdev->lock);
+ }
++ kfree(new);
+ }
+
+ /**
+--
+2.25.1
+
--- /dev/null
+From 4cccbe40313993e22aa314fd0308f80d2da0b0ae Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 15 Jun 2020 16:12:26 +0800
+Subject: scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
+
+From: Jing Xiangfeng <jingxiangfeng@huawei.com>
+
+[ Upstream commit 68e12e5f61354eb42cfffbc20a693153fc39738e ]
+
+If scsi_host_lookup() fails we will jump to put_host which may cause a
+panic. Jump to exit_set_fnode instead.
+
+Link: https://lore.kernel.org/r/20200615081226.183068-1-jingxiangfeng@huawei.com
+Reviewed-by: Mike Christie <michael.christie@oracle.com>
+Signed-off-by: Jing Xiangfeng <jingxiangfeng@huawei.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/scsi_transport_iscsi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
+index de10b461ec7ef..4903640316480 100644
+--- a/drivers/scsi/scsi_transport_iscsi.c
++++ b/drivers/scsi/scsi_transport_iscsi.c
+@@ -3192,7 +3192,7 @@ static int iscsi_set_flashnode_param(struct iscsi_transport *transport,
+ pr_err("%s could not find host no %u\n",
+ __func__, ev->u.set_flashnode.host_no);
+ err = -ENODEV;
+- goto put_host;
++ goto exit_set_fnode;
+ }
+
+ idx = ev->u.set_flashnode.flashnode_idx;
+--
+2.25.1
+
--- /dev/null
+From a7439496cfe32f6cb349b0881844a8de443e45a6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 30 Jun 2020 14:49:54 -0700
+Subject: scsi: lpfc: Fix shost refcount mismatch when deleting vport
+
+From: Dick Kennedy <dick.kennedy@broadcom.com>
+
+[ Upstream commit 03dbfe0668e6692917ac278883e0586cd7f7d753 ]
+
+When vports are deleted, it is observed that there is memory/kthread
+leakage as the vport isn't fully being released.
+
+There is a shost reference taken in scsi_add_host_dma that is not released
+during scsi_remove_host. It was noticed that other drivers resolve this by
+doing a scsi_host_put after calling scsi_remove_host.
+
+The vport_delete routine is taking two references one that corresponds to
+an access to the scsi_host in the vport_delete routine and another that is
+released after the adapter mailbox command completes that destroys the VPI
+that corresponds to the vport.
+
+Remove one of the references taken such that the second reference that is
+put will complete the missing scsi_add_host_dma reference and the shost
+will be terminated.
+
+Link: https://lore.kernel.org/r/20200630215001.70793-8-jsmart2021@gmail.com
+Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
+Signed-off-by: James Smart <jsmart2021@gmail.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/lpfc/lpfc_vport.c | 26 ++++++++------------------
+ 1 file changed, 8 insertions(+), 18 deletions(-)
+
+diff --git a/drivers/scsi/lpfc/lpfc_vport.c b/drivers/scsi/lpfc/lpfc_vport.c
+index 861c57bc4520a..72248712949e0 100644
+--- a/drivers/scsi/lpfc/lpfc_vport.c
++++ b/drivers/scsi/lpfc/lpfc_vport.c
+@@ -615,27 +615,16 @@ lpfc_vport_delete(struct fc_vport *fc_vport)
+ vport->port_state < LPFC_VPORT_READY)
+ return -EAGAIN;
+ }
++
+ /*
+- * This is a bit of a mess. We want to ensure the shost doesn't get
+- * torn down until we're done with the embedded lpfc_vport structure.
+- *
+- * Beyond holding a reference for this function, we also need a
+- * reference for outstanding I/O requests we schedule during delete
+- * processing. But once we scsi_remove_host() we can no longer obtain
+- * a reference through scsi_host_get().
+- *
+- * So we take two references here. We release one reference at the
+- * bottom of the function -- after delinking the vport. And we
+- * release the other at the completion of the unreg_vpi that get's
+- * initiated after we've disposed of all other resources associated
+- * with the port.
++ * Take early refcount for outstanding I/O requests we schedule during
++ * delete processing for unreg_vpi. Always keep this before
++ * scsi_remove_host() as we can no longer obtain a reference through
++ * scsi_host_get() after scsi_host_remove as shost is set to SHOST_DEL.
+ */
+ if (!scsi_host_get(shost))
+ return VPORT_INVAL;
+- if (!scsi_host_get(shost)) {
+- scsi_host_put(shost);
+- return VPORT_INVAL;
+- }
++
+ lpfc_free_sysfs_attr(vport);
+
+ lpfc_debugfs_terminate(vport);
+@@ -783,8 +772,9 @@ skip_logo:
+ if (!(vport->vpi_state & LPFC_VPI_REGISTERED) ||
+ lpfc_mbx_unreg_vpi(vport))
+ scsi_host_put(shost);
+- } else
++ } else {
+ scsi_host_put(shost);
++ }
+
+ lpfc_free_vpi(phba, vport->vpi);
+ vport->work_port_events = 0;
+--
+2.25.1
+
--- /dev/null
+From 8a3264ac976966e366327e30d1dd374a078a1ca7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 29 Jun 2020 11:37:56 +0200
+Subject: scsi: target: tcmu: Fix crash on ARM during cmd completion
+
+From: Bodo Stroesser <bstroesser@ts.fujitsu.com>
+
+[ Upstream commit 5a0c256d96f020e4771f6fd5524b80f89a2d3132 ]
+
+If tcmu_handle_completions() has to process a padding shorter than
+sizeof(struct tcmu_cmd_entry), the current call to
+tcmu_flush_dcache_range() with sizeof(struct tcmu_cmd_entry) as length
+param is wrong and causes crashes on e.g. ARM, because
+tcmu_flush_dcache_range() in this case calls
+flush_dcache_page(vmalloc_to_page(start)); with start being an invalid
+address above the end of the vmalloc'ed area.
+
+The fix is to use the minimum of remaining ring space and sizeof(struct
+tcmu_cmd_entry) as the length param.
+
+The patch was tested on kernel 4.19.118.
+
+See https://bugzilla.kernel.org/show_bug.cgi?id=208045#c10
+
+Link: https://lore.kernel.org/r/20200629093756.8947-1-bstroesser@ts.fujitsu.com
+Tested-by: JiangYu <lnsyyj@hotmail.com>
+Acked-by: Mike Christie <michael.christie@oracle.com>
+Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/target/target_core_user.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c
+index c43c942e1f876..bccde58bc5e30 100644
+--- a/drivers/target/target_core_user.c
++++ b/drivers/target/target_core_user.c
+@@ -590,7 +590,14 @@ static unsigned int tcmu_handle_completions(struct tcmu_dev *udev)
+ struct tcmu_cmd_entry *entry = (void *) mb + CMDR_OFF + udev->cmdr_last_cleaned;
+ struct tcmu_cmd *cmd;
+
+- tcmu_flush_dcache_range(entry, sizeof(*entry));
++ /*
++ * Flush max. up to end of cmd ring since current entry might
++ * be a padding that is shorter than sizeof(*entry)
++ */
++ size_t ring_left = head_to_end(udev->cmdr_last_cleaned,
++ udev->cmdr_size);
++ tcmu_flush_dcache_range(entry, ring_left < sizeof(*entry) ?
++ ring_left : sizeof(*entry));
+
+ if (tcmu_hdr_get_op(entry->hdr.len_op) == TCMU_OP_PAD) {
+ UPDATE_HEAD(udev->cmdr_last_cleaned,
+--
+2.25.1
+
--- /dev/null
+From 8769d20b6a898ce3b217f3bb6c1629aced64a2ef Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 26 Jun 2020 13:47:37 -0300
+Subject: selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
+
+From: Desnes A. Nunes do Rosario <desnesn@linux.ibm.com>
+
+[ Upstream commit 3337bf41e0dd70b4064cdf60acdfcdc2d050066c ]
+
+An extra count on ebb_state.stats.pmc_count[PMC_INDEX(pmc)] is being per-
+formed when count_pmc() is used to reset PMCs on a few selftests. This
+extra pmc_count can occasionally invalidate results, such as the ones from
+cycles_test shown hereafter. The ebb_check_count() failed with an above
+the upper limit error due to the extra value on ebb_state.stats.pmc_count.
+
+Furthermore, this extra count is also indicated by extra PMC1 trace_log on
+the output of the cycle test (as well as on pmc56_overflow_test):
+
+==========
+ ...
+ [21]: counter = 8
+ [22]: register SPRN_MMCR0 = 0x0000000080000080
+ [23]: register SPRN_PMC1 = 0x0000000080000004
+ [24]: counter = 9
+ [25]: register SPRN_MMCR0 = 0x0000000080000080
+ [26]: register SPRN_PMC1 = 0x0000000080000004
+ [27]: counter = 10
+ [28]: register SPRN_MMCR0 = 0x0000000080000080
+ [29]: register SPRN_PMC1 = 0x0000000080000004
+>> [30]: register SPRN_PMC1 = 0x000000004000051e
+PMC1 count (0x280000546) above upper limit 0x2800003e8 (+0x15e)
+[FAIL] Test FAILED on line 52
+failure: cycles
+==========
+
+Signed-off-by: Desnes A. Nunes do Rosario <desnesn@linux.ibm.com>
+Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200626164737.21943-1-desnesn@linux.ibm.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../selftests/powerpc/pmu/ebb/back_to_back_ebbs_test.c | 2 --
+ tools/testing/selftests/powerpc/pmu/ebb/cycles_test.c | 2 --
+ .../selftests/powerpc/pmu/ebb/cycles_with_freeze_test.c | 2 --
+ .../selftests/powerpc/pmu/ebb/cycles_with_mmcr2_test.c | 2 --
+ tools/testing/selftests/powerpc/pmu/ebb/ebb.c | 2 --
+ .../selftests/powerpc/pmu/ebb/ebb_on_willing_child_test.c | 2 --
+ .../selftests/powerpc/pmu/ebb/lost_exception_test.c | 1 -
+ .../testing/selftests/powerpc/pmu/ebb/multi_counter_test.c | 7 -------
+ .../selftests/powerpc/pmu/ebb/multi_ebb_procs_test.c | 2 --
+ .../testing/selftests/powerpc/pmu/ebb/pmae_handling_test.c | 2 --
+ .../selftests/powerpc/pmu/ebb/pmc56_overflow_test.c | 2 --
+ 11 files changed, 26 deletions(-)
+
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/back_to_back_ebbs_test.c b/tools/testing/selftests/powerpc/pmu/ebb/back_to_back_ebbs_test.c
+index 94110b1dcd3d8..031baa43646fb 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/back_to_back_ebbs_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/back_to_back_ebbs_test.c
+@@ -91,8 +91,6 @@ int back_to_back_ebbs(void)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+-
+ dump_ebb_state();
+
+ event_close(&event);
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/cycles_test.c b/tools/testing/selftests/powerpc/pmu/ebb/cycles_test.c
+index 7c57a8d79535d..361e0be9df9ae 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/cycles_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/cycles_test.c
+@@ -42,8 +42,6 @@ int cycles(void)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+-
+ dump_ebb_state();
+
+ event_close(&event);
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/cycles_with_freeze_test.c b/tools/testing/selftests/powerpc/pmu/ebb/cycles_with_freeze_test.c
+index ecf5ee3283a3e..fe7d0dc2a1a26 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/cycles_with_freeze_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/cycles_with_freeze_test.c
+@@ -99,8 +99,6 @@ int cycles_with_freeze(void)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+-
+ dump_ebb_state();
+
+ printf("EBBs while frozen %d\n", ebbs_while_frozen);
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/cycles_with_mmcr2_test.c b/tools/testing/selftests/powerpc/pmu/ebb/cycles_with_mmcr2_test.c
+index c0faba520b35c..b9b30f974b5ea 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/cycles_with_mmcr2_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/cycles_with_mmcr2_test.c
+@@ -71,8 +71,6 @@ int cycles_with_mmcr2(void)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+-
+ dump_ebb_state();
+
+ event_close(&event);
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/ebb.c b/tools/testing/selftests/powerpc/pmu/ebb/ebb.c
+index 9729d9f902187..4154498bc5dc5 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/ebb.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/ebb.c
+@@ -398,8 +398,6 @@ int ebb_child(union pipe read_pipe, union pipe write_pipe)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+-
+ dump_ebb_state();
+
+ event_close(&event);
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/ebb_on_willing_child_test.c b/tools/testing/selftests/powerpc/pmu/ebb/ebb_on_willing_child_test.c
+index a991d2ea8d0a1..174e4f4dae6c0 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/ebb_on_willing_child_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/ebb_on_willing_child_test.c
+@@ -38,8 +38,6 @@ static int victim_child(union pipe read_pipe, union pipe write_pipe)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+-
+ dump_ebb_state();
+
+ FAIL_IF(ebb_state.stats.ebb_count == 0);
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/lost_exception_test.c b/tools/testing/selftests/powerpc/pmu/ebb/lost_exception_test.c
+index eb8acb78bc6c1..531083accfcad 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/lost_exception_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/lost_exception_test.c
+@@ -75,7 +75,6 @@ static int test_body(void)
+ ebb_freeze_pmcs();
+ ebb_global_disable();
+
+- count_pmc(4, sample_period);
+ mtspr(SPRN_PMC4, 0xdead);
+
+ dump_summary_ebb_state();
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/multi_counter_test.c b/tools/testing/selftests/powerpc/pmu/ebb/multi_counter_test.c
+index 6ff8c8ff27d66..035c02273cd49 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/multi_counter_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/multi_counter_test.c
+@@ -70,13 +70,6 @@ int multi_counter(void)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+- count_pmc(2, sample_period);
+- count_pmc(3, sample_period);
+- count_pmc(4, sample_period);
+- count_pmc(5, sample_period);
+- count_pmc(6, sample_period);
+-
+ dump_ebb_state();
+
+ for (i = 0; i < 6; i++)
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/multi_ebb_procs_test.c b/tools/testing/selftests/powerpc/pmu/ebb/multi_ebb_procs_test.c
+index 037cb6154f360..3e9d4ac965c85 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/multi_ebb_procs_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/multi_ebb_procs_test.c
+@@ -61,8 +61,6 @@ static int cycles_child(void)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+-
+ dump_summary_ebb_state();
+
+ event_close(&event);
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/pmae_handling_test.c b/tools/testing/selftests/powerpc/pmu/ebb/pmae_handling_test.c
+index c5fa64790c22e..d90891fe96a32 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/pmae_handling_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/pmae_handling_test.c
+@@ -82,8 +82,6 @@ static int test_body(void)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(1, sample_period);
+-
+ dump_ebb_state();
+
+ if (mmcr0_mismatch)
+diff --git a/tools/testing/selftests/powerpc/pmu/ebb/pmc56_overflow_test.c b/tools/testing/selftests/powerpc/pmu/ebb/pmc56_overflow_test.c
+index 30e1ac62e8cb4..8ca92b9ee5b01 100644
+--- a/tools/testing/selftests/powerpc/pmu/ebb/pmc56_overflow_test.c
++++ b/tools/testing/selftests/powerpc/pmu/ebb/pmc56_overflow_test.c
+@@ -76,8 +76,6 @@ int pmc56_overflow(void)
+ ebb_global_disable();
+ ebb_freeze_pmcs();
+
+- count_pmc(2, sample_period);
+-
+ dump_ebb_state();
+
+ printf("PMC5/6 overflow %d\n", pmc56_overflowed);
+--
+2.25.1
+
ipvlan-fix-device-features.patch
bonding-show-saner-speed-for-broadcast-mode.patch
bonding-fix-a-potential-double-unregister.patch
+powerpc-pseries-do-not-initiate-shutdown-when-system.patch
+alsa-pci-delete-repeated-words-in-comments.patch
+asoc-tegra-fix-reference-count-leaks.patch
+media-pci-ttpci-av7110-fix-possible-buffer-overflow-.patch
+scsi-target-tcmu-fix-crash-on-arm-during-cmd-complet.patch
+drm-amdkfd-fix-reference-count-leaks.patch
+drm-radeon-fix-multiple-reference-count-leak.patch
+drm-amdgpu-fix-ref-count-leak-in-amdgpu_driver_open_.patch
+drm-amd-display-fix-ref-count-leak-in-amdgpu_drm_ioc.patch
+drm-amdgpu-fix-ref-count-leak-in-amdgpu_display_crtc.patch
+drm-amdgpu-display-fix-ref-count-leak-when-pm_runtim.patch
+scsi-lpfc-fix-shost-refcount-mismatch-when-deleting-.patch
+selftests-powerpc-purge-extra-count_pmc-calls-of-ebb.patch
+pci-fix-pci_create_slot-reference-count-leak.patch
+rtlwifi-rtl8192cu-prevent-leaking-urb.patch
+mips-vdso-fix-resource-leaks-in-genvdso.c.patch
+drm-nouveau-drm-noveau-fix-reference-count-leak-in-n.patch
+drm-nouveau-fix-reference-count-leak-in-nouveau_conn.patch
+locking-lockdep-fix-overflow-in-presentation-of-aver.patch
+scsi-iscsi-do-not-put-host-in-iscsi_set_flashnode_pa.patch
+ceph-fix-potential-mdsc-use-after-free-crash.patch
+scsi-fcoe-memory-leak-fix-in-fcoe_sysfs_fcf_del.patch
+edac-ie31200-fallback-if-host-bridge-device-is-alrea.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
