--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 25 Jul 2018 23:00:48 +0200
+Subject: ALSA: msnd: Fix the default sample sizes
+
+From: Takashi Iwai <tiwai@suse.de>
+
+[ Upstream commit 7c500f9ea139d0c9b80fdea5a9c911db3166ea54 ]
+
+The default sample sizes set by msnd driver are bogus; it sets ALSA
+PCM format, not the actual bit width.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/isa/msnd/msnd_pinnacle.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/isa/msnd/msnd_pinnacle.c
++++ b/sound/isa/msnd/msnd_pinnacle.c
+@@ -82,10 +82,10 @@
+
+ static void set_default_audio_parameters(struct snd_msnd *chip)
+ {
+- chip->play_sample_size = DEFSAMPLESIZE;
++ chip->play_sample_size = snd_pcm_format_width(DEFSAMPLESIZE);
+ chip->play_sample_rate = DEFSAMPLERATE;
+ chip->play_channels = DEFCHANNELS;
+- chip->capture_sample_size = DEFSAMPLESIZE;
++ chip->capture_sample_size = snd_pcm_format_width(DEFSAMPLESIZE);
+ chip->capture_sample_rate = DEFSAMPLERATE;
+ chip->capture_channels = DEFCHANNELS;
+ }
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 25 Jul 2018 23:00:46 +0200
+Subject: ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
+
+From: Takashi Iwai <tiwai@suse.de>
+
+[ Upstream commit bd1cd0eb2ce9141100628d476ead4de485501b29 ]
+
+AU0828_DEVICE() macro in quirks-table.h uses USB_DEVICE_VENDOR_SPEC()
+for expanding idVendor and idProduct fields. However, the latter
+macro adds also match_flags and bInterfaceClass, which are different
+from the values AU0828_DEVICE() macro sets after that.
+
+For fixing them, just expand idVendor and idProduct fields manually in
+AU0828_DEVICE().
+
+This fixes sparse warnings like:
+ sound/usb/quirks-table.h:2892:1: warning: Initializer entry defined twice
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/quirks-table.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/sound/usb/quirks-table.h
++++ b/sound/usb/quirks-table.h
+@@ -2910,7 +2910,8 @@ YAMAHA_DEVICE(0x7010, "UB99"),
+ */
+
+ #define AU0828_DEVICE(vid, pid, vname, pname) { \
+- USB_DEVICE_VENDOR_SPEC(vid, pid), \
++ .idVendor = vid, \
++ .idProduct = pid, \
+ .match_flags = USB_DEVICE_ID_MATCH_DEVICE | \
+ USB_DEVICE_ID_MATCH_INT_CLASS | \
+ USB_DEVICE_ID_MATCH_INT_SUBCLASS, \
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Fredrik Noring <noring@nocrew.org>
+Date: Tue, 24 Jul 2018 19:11:24 +0200
+Subject: fbdev: Distinguish between interlaced and progressive modes
+
+From: Fredrik Noring <noring@nocrew.org>
+
+[ Upstream commit 1ba0a59cea41ea05fda92daaf2a2958a2246b9cf ]
+
+I discovered the problem when developing a frame buffer driver for the
+PlayStation 2 (not yet merged), using the following video modes for the
+PlayStation 3 in drivers/video/fbdev/ps3fb.c:
+
+ }, {
+ /* 1080if */
+ "1080if", 50, 1920, 1080, 13468, 148, 484, 36, 4, 88, 5,
+ FB_SYNC_BROADCAST, FB_VMODE_INTERLACED
+ }, {
+ /* 1080pf */
+ "1080pf", 50, 1920, 1080, 6734, 148, 484, 36, 4, 88, 5,
+ FB_SYNC_BROADCAST, FB_VMODE_NONINTERLACED
+ },
+
+In ps3fb_probe, the mode_option module parameter is used with fb_find_mode
+but it can only select the interlaced variant of 1920x1080 since the loop
+matching the modes does not take the difference between interlaced and
+progressive modes into account.
+
+In short, without the patch, progressive 1920x1080 cannot be chosen as a
+mode_option parameter since fb_find_mode (falsely) thinks interlace is a
+perfect match.
+
+Signed-off-by: Fredrik Noring <noring@nocrew.org>
+Cc: "Maciej W. Rozycki" <macro@linux-mips.org>
+[b.zolnierkie: updated patch description]
+Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/core/modedb.c | 41 +++++++++++++++++++++++++++-----------
+ 1 file changed, 30 insertions(+), 11 deletions(-)
+
+--- a/drivers/video/fbdev/core/modedb.c
++++ b/drivers/video/fbdev/core/modedb.c
+@@ -533,7 +533,7 @@ static int fb_try_mode(struct fb_var_scr
+ *
+ * Valid mode specifiers for @mode_option:
+ *
+- * <xres>x<yres>[M][R][-<bpp>][@<refresh>][i][m] or
++ * <xres>x<yres>[M][R][-<bpp>][@<refresh>][i][p][m] or
+ * <name>[-<bpp>][@<refresh>]
+ *
+ * with <xres>, <yres>, <bpp> and <refresh> decimal numbers and
+@@ -542,10 +542,10 @@ static int fb_try_mode(struct fb_var_scr
+ * If 'M' is present after yres (and before refresh/bpp if present),
+ * the function will compute the timings using VESA(tm) Coordinated
+ * Video Timings (CVT). If 'R' is present after 'M', will compute with
+- * reduced blanking (for flatpanels). If 'i' is present, compute
+- * interlaced mode. If 'm' is present, add margins equal to 1.8%
+- * of xres rounded down to 8 pixels, and 1.8% of yres. The char
+- * 'i' and 'm' must be after 'M' and 'R'. Example:
++ * reduced blanking (for flatpanels). If 'i' or 'p' are present, compute
++ * interlaced or progressive mode. If 'm' is present, add margins equal
++ * to 1.8% of xres rounded down to 8 pixels, and 1.8% of yres. The chars
++ * 'i', 'p' and 'm' must be after 'M' and 'R'. Example:
+ *
+ * 1024x768MR-8@60m - Reduced blank with margins at 60Hz.
+ *
+@@ -586,7 +586,8 @@ int fb_find_mode(struct fb_var_screeninf
+ unsigned int namelen = strlen(name);
+ int res_specified = 0, bpp_specified = 0, refresh_specified = 0;
+ unsigned int xres = 0, yres = 0, bpp = default_bpp, refresh = 0;
+- int yres_specified = 0, cvt = 0, rb = 0, interlace = 0;
++ int yres_specified = 0, cvt = 0, rb = 0;
++ int interlace_specified = 0, interlace = 0;
+ int margins = 0;
+ u32 best, diff, tdiff;
+
+@@ -637,9 +638,17 @@ int fb_find_mode(struct fb_var_screeninf
+ if (!cvt)
+ margins = 1;
+ break;
++ case 'p':
++ if (!cvt) {
++ interlace = 0;
++ interlace_specified = 1;
++ }
++ break;
+ case 'i':
+- if (!cvt)
++ if (!cvt) {
+ interlace = 1;
++ interlace_specified = 1;
++ }
+ break;
+ default:
+ goto done;
+@@ -708,11 +717,21 @@ done:
+ if ((name_matches(db[i], name, namelen) ||
+ (res_specified && res_matches(db[i], xres, yres))) &&
+ !fb_try_mode(var, info, &db[i], bpp)) {
+- if (refresh_specified && db[i].refresh == refresh)
+- return 1;
++ const int db_interlace = (db[i].vmode &
++ FB_VMODE_INTERLACED ? 1 : 0);
++ int score = abs(db[i].refresh - refresh);
++
++ if (interlace_specified)
++ score += abs(db_interlace - interlace);
++
++ if (!interlace_specified ||
++ db_interlace == interlace)
++ if (refresh_specified &&
++ db[i].refresh == refresh)
++ return 1;
+
+- if (abs(db[i].refresh - refresh) < diff) {
+- diff = abs(db[i].refresh - refresh);
++ if (score < diff) {
++ diff = score;
+ best = i;
+ }
+ }
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Tue, 24 Jul 2018 19:11:28 +0200
+Subject: fbdev: omapfb: off by one in omapfb_register_client()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 5ec1ec35b2979b59d0b33381e7c9aac17e159d16 ]
+
+The omapfb_register_client[] array has OMAPFB_PLANE_NUM elements so the
+> should be >= or we are one element beyond the end of the array.
+
+Fixes: 8b08cf2b64f5 ("OMAP: add TI OMAP framebuffer driver")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Cc: Imre Deak <imre.deak@solidboot.com>
+Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/omap/omapfb_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/video/fbdev/omap/omapfb_main.c
++++ b/drivers/video/fbdev/omap/omapfb_main.c
+@@ -982,7 +982,7 @@ int omapfb_register_client(struct omapfb
+ {
+ int r;
+
+- if ((unsigned)omapfb_nb->plane_idx > OMAPFB_PLANE_NUM)
++ if ((unsigned)omapfb_nb->plane_idx >= OMAPFB_PLANE_NUM)
+ return -EINVAL;
+
+ if (!notifier_inited) {
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Tue, 24 Jul 2018 19:11:27 +0200
+Subject: fbdev/via: fix defined but not used warning
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit b6566b47a67e07fdca44cf51abb14e2fbe17d3eb ]
+
+Fix a build warning in viafbdev.c when CONFIG_PROC_FS is not enabled
+by marking the unused function as __maybe_unused.
+
+../drivers/video/fbdev/via/viafbdev.c:1471:12: warning: 'viafb_sup_odev_proc_show' defined but not used [-Wunused-function]
+
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Cc: Florian Tobias Schandinat <FlorianSchandinat@gmx.de>
+Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/via/viafbdev.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/video/fbdev/via/viafbdev.c
++++ b/drivers/video/fbdev/via/viafbdev.c
+@@ -19,6 +19,7 @@
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
++#include <linux/compiler.h>
+ #include <linux/module.h>
+ #include <linux/seq_file.h>
+ #include <linux/slab.h>
+@@ -1468,7 +1469,7 @@ static const struct file_operations viaf
+
+ #endif /* CONFIG_FB_VIA_DIRECT_PROCFS */
+
+-static int viafb_sup_odev_proc_show(struct seq_file *m, void *v)
++static int __maybe_unused viafb_sup_odev_proc_show(struct seq_file *m, void *v)
+ {
+ via_odev_to_seq(m, supported_odev_map[
+ viaparinfo->shared->chip_info.gfx_chip_name]);
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Bob Peterson <rpeterso@redhat.com>
+Date: Mon, 18 Jun 2018 13:24:13 -0500
+Subject: gfs2: Don't reject a supposedly full bitmap if we have blocks reserved
+
+From: Bob Peterson <rpeterso@redhat.com>
+
+[ Upstream commit e79e0e1428188b24c3b57309ffa54a33c4ae40c4 ]
+
+Before this patch, you could get into situations like this:
+
+1. Process 1 searches for X free blocks, finds them, makes a reservation
+2. Process 2 searches for free blocks in the same rgrp, but now the
+ bitmap is full because process 1's reservation is skipped over.
+ So it marks the bitmap as GBF_FULL.
+3. Process 1 tries to allocate blocks from its own reservation, but
+ since the GBF_FULL bit is set, it skips over the rgrp and searches
+ elsewhere, thus not using its own reservation.
+
+This patch adds an additional check to allow processes to use their
+own reservations.
+
+Signed-off-by: Bob Peterson <rpeterso@redhat.com>
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/gfs2/rgrp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/gfs2/rgrp.c
++++ b/fs/gfs2/rgrp.c
+@@ -1643,7 +1643,8 @@ static int gfs2_rbm_find(struct gfs2_rbm
+
+ while(1) {
+ bi = rbm_bi(rbm);
+- if (test_bit(GBF_FULL, &bi->bi_flags) &&
++ if ((ip == NULL || !gfs2_rs_active(&ip->i_res)) &&
++ test_bit(GBF_FULL, &bi->bi_flags) &&
+ (state == GFS2_BLKST_FREE))
+ goto next_bitmap;
+
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Andreas Gruenbacher <agruenba@redhat.com>
+Date: Wed, 25 Jul 2018 18:45:08 +0100
+Subject: gfs2: Special-case rindex for gfs2_grow
+
+From: Andreas Gruenbacher <agruenba@redhat.com>
+
+[ Upstream commit 776125785a87ff05d49938bd5b9f336f2a05bff6 ]
+
+To speed up the common case of appending to a file,
+gfs2_write_alloc_required presumes that writing beyond the end of a file
+will always require additional blocks to be allocated. This assumption
+is incorrect for preallocates files, but there are no negative
+consequences as long as *some* space is still left on the filesystem.
+
+One special file that always has some space preallocated beyond the end
+of the file is the rindex: when growing a filesystem, gfs2_grow adds one
+or more new resource groups and appends records describing those
+resource groups to the rindex; the preallocated space ensures that this
+is always possible.
+
+However, when a filesystem is completely full, gfs2_write_alloc_required
+will indicate that an additional allocation is required, and appending
+the next record to the rindex will fail even though space for that
+record has already been preallocated. To fix that, skip the incorrect
+optimization in gfs2_write_alloc_required, but for the rindex only.
+Other writes to preallocated space beyond the end of the file are still
+allowed to fail on completely full filesystems.
+
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+Reviewed-by: Bob Peterson <rpeterso@redhat.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/gfs2/bmap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/gfs2/bmap.c
++++ b/fs/gfs2/bmap.c
+@@ -1476,7 +1476,7 @@ int gfs2_write_alloc_required(struct gfs
+ end_of_file = (i_size_read(&ip->i_inode) + sdp->sd_sb.sb_bsize - 1) >> shift;
+ lblock = offset >> shift;
+ lblock_stop = (offset + len + sdp->sd_sb.sb_bsize - 1) >> shift;
+- if (lblock_stop > end_of_file)
++ if (lblock_stop > end_of_file && ip != GFS2_I(sdp->sd_rindex))
+ return 1;
+
+ size = (lblock_stop - lblock) << shift;
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Manikanta Pubbisetty <mpubbise@codeaurora.org>
+Date: Tue, 10 Jul 2018 16:48:27 +0530
+Subject: mac80211: restrict delayed tailroom needed decrement
+
+From: Manikanta Pubbisetty <mpubbise@codeaurora.org>
+
+[ Upstream commit 133bf90dbb8b873286f8ec2e81ba26e863114b8c ]
+
+As explained in ieee80211_delayed_tailroom_dec(), during roam,
+keys of the old AP will be destroyed and new keys will be
+installed. Deletion of the old key causes
+crypto_tx_tailroom_needed_cnt to go from 1 to 0 and the new key
+installation causes a transition from 0 to 1.
+
+Whenever crypto_tx_tailroom_needed_cnt transitions from 0 to 1,
+we invoke synchronize_net(); the reason for doing this is to avoid
+a race in the TX path as explained in increment_tailroom_need_count().
+This synchronize_net() operation can be slow and can affect the station
+roam time. To avoid this, decrementing the crypto_tx_tailroom_needed_cnt
+is delayed for a while so that upon installation of new key the
+transition would be from 1 to 2 instead of 0 to 1 and thereby
+improving the roam time.
+
+This is all correct for a STA iftype, but deferring the tailroom_needed
+decrement for other iftypes may be unnecessary.
+
+For example, let's consider the case of a 4-addr client connecting to
+an AP for which AP_VLAN interface is also created, let the initial
+value for tailroom_needed on the AP be 1.
+
+* 4-addr client connects to the AP (AP: tailroom_needed = 1)
+* AP will clear old keys, delay decrement of tailroom_needed count
+* AP_VLAN is created, it takes the tailroom count from master
+ (AP_VLAN: tailroom_needed = 1, AP: tailroom_needed = 1)
+* Install new key for the station, assume key is plumbed in the HW,
+ there won't be any change in tailroom_needed count on AP iface
+* Delayed decrement of tailroom_needed count on AP
+ (AP: tailroom_needed = 0, AP_VLAN: tailroom_needed = 1)
+
+Because of the delayed decrement on AP iface, tailroom_needed count goes
+out of sync between AP(master iface) and AP_VLAN(slave iface) and
+there would be unnecessary tailroom created for the packets going
+through AP_VLAN iface.
+
+Also, WARN_ONs were observed while trying to bring down the AP_VLAN
+interface:
+(warn_slowpath_common) (warn_slowpath_null+0x18/0x20)
+(warn_slowpath_null) (ieee80211_free_keys+0x114/0x1e4)
+(ieee80211_free_keys) (ieee80211_del_virtual_monitor+0x51c/0x850)
+(ieee80211_del_virtual_monitor) (ieee80211_stop+0x30/0x3c)
+(ieee80211_stop) (__dev_close_many+0x94/0xb8)
+(__dev_close_many) (dev_close_many+0x5c/0xc8)
+
+Restricting delayed decrement to station interface alone fixes the problem
+and it makes sense to do so because delayed decrement is done to improve
+roam time which is applicable only for client devices.
+
+Signed-off-by: Manikanta Pubbisetty <mpubbise@codeaurora.org>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mac80211/cfg.c | 2 +-
+ net/mac80211/key.c | 24 +++++++++++++++---------
+ 2 files changed, 16 insertions(+), 10 deletions(-)
+
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -276,7 +276,7 @@ static int ieee80211_del_key(struct wiph
+ goto out_unlock;
+ }
+
+- ieee80211_key_free(key, true);
++ ieee80211_key_free(key, sdata->vif.type == NL80211_IFTYPE_STATION);
+
+ ret = 0;
+ out_unlock:
+--- a/net/mac80211/key.c
++++ b/net/mac80211/key.c
+@@ -515,11 +515,15 @@ int ieee80211_key_link(struct ieee80211_
+ {
+ struct ieee80211_local *local = sdata->local;
+ struct ieee80211_key *old_key;
+- int idx, ret;
+- bool pairwise;
+-
+- pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
+- idx = key->conf.keyidx;
++ int idx = key->conf.keyidx;
++ bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
++ /*
++ * We want to delay tailroom updates only for station - in that
++ * case it helps roaming speed, but in other cases it hurts and
++ * can cause warnings to appear.
++ */
++ bool delay_tailroom = sdata->vif.type == NL80211_IFTYPE_STATION;
++ int ret;
+
+ mutex_lock(&sdata->local->key_mtx);
+
+@@ -547,14 +551,14 @@ int ieee80211_key_link(struct ieee80211_
+ increment_tailroom_need_count(sdata);
+
+ ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
+- ieee80211_key_destroy(old_key, true);
++ ieee80211_key_destroy(old_key, delay_tailroom);
+
+ ieee80211_debugfs_key_add(key);
+
+ if (!local->wowlan) {
+ ret = ieee80211_key_enable_hw_accel(key);
+ if (ret)
+- ieee80211_key_free(key, true);
++ ieee80211_key_free(key, delay_tailroom);
+ } else {
+ ret = 0;
+ }
+@@ -705,7 +709,8 @@ void ieee80211_free_sta_keys(struct ieee
+ ieee80211_key_replace(key->sdata, key->sta,
+ key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
+ key, NULL);
+- __ieee80211_key_destroy(key, true);
++ __ieee80211_key_destroy(key, key->sdata->vif.type ==
++ NL80211_IFTYPE_STATION);
+ }
+
+ for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
+@@ -715,7 +720,8 @@ void ieee80211_free_sta_keys(struct ieee
+ ieee80211_key_replace(key->sdata, key->sta,
+ key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
+ key, NULL);
+- __ieee80211_key_destroy(key, true);
++ __ieee80211_key_destroy(key, key->sdata->vif.type ==
++ NL80211_IFTYPE_STATION);
+ }
+
+ mutex_unlock(&local->key_mtx);
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Felix Fietkau <nbd@nbd.name>
+Date: Fri, 20 Jul 2018 13:58:22 +0200
+Subject: MIPS: ath79: fix system restart
+
+From: Felix Fietkau <nbd@nbd.name>
+
+[ Upstream commit f8a7bfe1cb2c1ebfa07775c9c8ac0ad3ba8e5ff5 ]
+
+This patch disables irq on reboot to fix hang issues that were observed
+due to pending interrupts.
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: John Crispin <john@phrozen.org>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Patchwork: https://patchwork.linux-mips.org/patch/19913/
+Cc: James Hogan <jhogan@kernel.org>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-mips@linux-mips.org
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/ath79/setup.c | 1 +
+ arch/mips/include/asm/mach-ath79/ath79.h | 1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/arch/mips/ath79/setup.c
++++ b/arch/mips/ath79/setup.c
+@@ -40,6 +40,7 @@ static char ath79_sys_type[ATH79_SYS_TYP
+
+ static void ath79_restart(char *command)
+ {
++ local_irq_disable();
+ ath79_device_reset_set(AR71XX_RESET_FULL_CHIP);
+ for (;;)
+ if (cpu_wait)
+--- a/arch/mips/include/asm/mach-ath79/ath79.h
++++ b/arch/mips/include/asm/mach-ath79/ath79.h
+@@ -132,6 +132,7 @@ static inline u32 ath79_pll_rr(unsigned
+ static inline void ath79_reset_wr(unsigned reg, u32 val)
+ {
+ __raw_writel(val, ath79_reset_base + reg);
++ (void) __raw_readl(ath79_reset_base + reg); /* flush */
+ }
+
+ static inline u32 ath79_reset_rr(unsigned reg)
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Tue, 24 Jul 2018 11:29:01 -0700
+Subject: mtd/maps: fix solutionengine.c printk format warnings
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit 1d25e3eeed1d987404e2d2e451eebac8c15cecc1 ]
+
+Fix 2 printk format warnings (this driver is currently only used by
+arch/sh/) by using "%pap" instead of "%lx".
+
+Fixes these build warnings:
+
+../drivers/mtd/maps/solutionengine.c: In function 'init_soleng_maps':
+../include/linux/kern_levels.h:5:18: warning: format '%lx' expects argument of type 'long unsigned int', but argument 2 has type 'resource_size_t' {aka 'unsigned int'} [-Wformat=]
+../drivers/mtd/maps/solutionengine.c:62:54: note: format string is defined here
+ printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n",
+ ~~~~^
+ %08x
+../include/linux/kern_levels.h:5:18: warning: format '%lx' expects argument of type 'long unsigned int', but argument 3 has type 'resource_size_t' {aka 'unsigned int'} [-Wformat=]
+../drivers/mtd/maps/solutionengine.c:62:72: note: format string is defined here
+ printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n",
+ ~~~~^
+ %08x
+
+Cc: David Woodhouse <dwmw2@infradead.org>
+Cc: Brian Norris <computersforpeace@gmail.com>
+Cc: Boris Brezillon <boris.brezillon@bootlin.com>
+Cc: Marek Vasut <marek.vasut@gmail.com>
+Cc: Richard Weinberger <richard@nod.at>
+Cc: linux-mtd@lists.infradead.org
+Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
+Cc: Rich Felker <dalias@libc.org>
+Cc: linux-sh@vger.kernel.org
+Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
+
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mtd/maps/solutionengine.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/mtd/maps/solutionengine.c
++++ b/drivers/mtd/maps/solutionengine.c
+@@ -59,9 +59,9 @@ static int __init init_soleng_maps(void)
+ return -ENXIO;
+ }
+ }
+- printk(KERN_NOTICE "Solution Engine: Flash at 0x%08lx, EPROM at 0x%08lx\n",
+- soleng_flash_map.phys & 0x1fffffff,
+- soleng_eprom_map.phys & 0x1fffffff);
++ printk(KERN_NOTICE "Solution Engine: Flash at 0x%pap, EPROM at 0x%pap\n",
++ &soleng_flash_map.phys,
++ &soleng_eprom_map.phys);
+ flash_mtd->owner = THIS_MODULE;
+
+ eprom_mtd = do_map_probe("map_rom", &soleng_eprom_map);
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Sandipan Das <sandipan@linux.ibm.com>
+Date: Tue, 10 Jul 2018 19:28:14 +0530
+Subject: perf powerpc: Fix callchain ip filtering when return address is in a register
+
+From: Sandipan Das <sandipan@linux.ibm.com>
+
+[ Upstream commit 9068533e4f470daf2b0f29c71d865990acd8826e ]
+
+For powerpc64, perf will filter out the second entry in the callchain,
+i.e. the LR value, if the return address of the function corresponding
+to the probed location has already been saved on its caller's stack.
+
+The state of the return address is determined using debug information.
+At any point within a function, if the return address is already saved
+somewhere, a DWARF expression can tell us about its location. If the
+return address in still in LR only, no DWARF expression would exist.
+
+Typically, the instructions in a function's prologue first copy the LR
+value to R0 and then pushes R0 on to the stack. If LR has already been
+copied to R0 but R0 is yet to be pushed to the stack, we can still get a
+DWARF expression that says that the return address is in R0. This is
+indicating that getting a DWARF expression for the return address does
+not guarantee the fact that it has already been saved on the stack.
+
+This can be observed on a powerpc64le system running Fedora 27 as shown
+below.
+
+ # objdump -d /usr/lib64/libc-2.26.so | less
+ ...
+ 000000000015af20 <inet_pton>:
+ 15af20: 0b 00 4c 3c addis r2,r12,11
+ 15af24: e0 c1 42 38 addi r2,r2,-15904
+ 15af28: a6 02 08 7c mflr r0
+ 15af2c: f0 ff c1 fb std r30,-16(r1)
+ 15af30: f8 ff e1 fb std r31,-8(r1)
+ 15af34: 78 1b 7f 7c mr r31,r3
+ 15af38: 78 23 83 7c mr r3,r4
+ 15af3c: 78 2b be 7c mr r30,r5
+ 15af40: 10 00 01 f8 std r0,16(r1)
+ 15af44: c1 ff 21 f8 stdu r1,-64(r1)
+ 15af48: 28 00 81 f8 std r4,40(r1)
+ ...
+
+ # readelf --debug-dump=frames-interp /usr/lib64/libc-2.26.so | less
+ ...
+ 00027024 0000000000000024 00027028 FDE cie=00000000 pc=000000000015af20..000000000015af88
+ LOC CFA r30 r31 ra
+ 000000000015af20 r1+0 u u u
+ 000000000015af34 r1+0 c-16 c-8 r0
+ 000000000015af48 r1+64 c-16 c-8 c+16
+ 000000000015af5c r1+0 c-16 c-8 c+16
+ 000000000015af78 r1+0 u u
+ ...
+
+ # perf probe -x /usr/lib64/libc-2.26.so -a inet_pton+0x18
+ # perf record -e probe_libc:inet_pton -g ping -6 -c 1 ::1
+ # perf script
+
+Before:
+
+ ping 2829 [005] 512917.460174: probe_libc:inet_pton: (7fff7e2baf38)
+ 7fff7e2baf38 __GI___inet_pton+0x18 (/usr/lib64/libc-2.26.so)
+ 7fff7e2705b4 getaddrinfo+0x164 (/usr/lib64/libc-2.26.so)
+ 12f152d70 _init+0xbfc (/usr/bin/ping)
+ 7fff7e1836a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so)
+ 7fff7e183898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so)
+ 0 [unknown] ([unknown])
+
+After:
+
+ ping 2829 [005] 512917.460174: probe_libc:inet_pton: (7fff7e2baf38)
+ 7fff7e2baf38 __GI___inet_pton+0x18 (/usr/lib64/libc-2.26.so)
+ 7fff7e26fa54 gaih_inet.constprop.7+0xf44 (/usr/lib64/libc-2.26.so)
+ 7fff7e2705b4 getaddrinfo+0x164 (/usr/lib64/libc-2.26.so)
+ 12f152d70 _init+0xbfc (/usr/bin/ping)
+ 7fff7e1836a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so)
+ 7fff7e183898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so)
+ 0 [unknown] ([unknown])
+
+Reported-by: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
+Signed-off-by: Sandipan Das <sandipan@linux.ibm.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Maynard Johnson <maynard@us.ibm.com>
+Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
+Cc: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
+Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
+Link: http://lkml.kernel.org/r/66e848a7bdf2d43b39210a705ff6d828a0865661.1530724939.git.sandipan@linux.ibm.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/perf/arch/powerpc/util/skip-callchain-idx.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c
++++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
+@@ -58,9 +58,13 @@ static int check_return_reg(int ra_regno
+ }
+
+ /*
+- * Check if return address is on the stack.
++ * Check if return address is on the stack. If return address
++ * is in a register (typically R0), it is yet to be saved on
++ * the stack.
+ */
+- if (nops != 0 || ops != NULL)
++ if ((nops != 0 || ops != NULL) &&
++ !(nops == 1 && ops[0].atom == DW_OP_regx &&
++ ops[0].number2 == 0 && ops[0].offset == 0))
+ return 0;
+
+ /*
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Sandipan Das <sandipan@linux.ibm.com>
+Date: Tue, 10 Jul 2018 19:28:13 +0530
+Subject: perf powerpc: Fix callchain ip filtering
+
+From: Sandipan Das <sandipan@linux.ibm.com>
+
+[ Upstream commit c715fcfda5a08edabaa15508742be926b7ee51db ]
+
+For powerpc64, redundant entries in the callchain are filtered out by
+determining the state of the return address and the stack frame using
+DWARF debug information.
+
+For making these filtering decisions we must analyze the debug
+information for the location corresponding to the program counter value,
+i.e. the first entry in the callchain, and not the LR value; otherwise,
+perf may filter out either the second or the third entry in the
+callchain incorrectly.
+
+This can be observed on a powerpc64le system running Fedora 27 as shown
+below.
+
+Case 1 - Attaching a probe at inet_pton+0x8 (binary offset 0x15af28).
+ Return address is still in LR and a new stack frame is not yet
+ allocated. The LR value, i.e. the second entry, should not be
+ filtered out.
+
+ # objdump -d /usr/lib64/libc-2.26.so | less
+ ...
+ 000000000010eb10 <gaih_inet.constprop.7>:
+ ...
+ 10fa48: 78 bb e4 7e mr r4,r23
+ 10fa4c: 0a 00 60 38 li r3,10
+ 10fa50: d9 b4 04 48 bl 15af28 <inet_pton+0x8>
+ 10fa54: 00 00 00 60 nop
+ 10fa58: ac f4 ff 4b b 10ef04 <gaih_inet.constprop.7+0x3f4>
+ ...
+ 0000000000110450 <getaddrinfo>:
+ ...
+ 1105a8: 54 00 ff 38 addi r7,r31,84
+ 1105ac: 58 00 df 38 addi r6,r31,88
+ 1105b0: 69 e5 ff 4b bl 10eb18 <gaih_inet.constprop.7+0x8>
+ 1105b4: 78 1b 71 7c mr r17,r3
+ 1105b8: 50 01 7f e8 ld r3,336(r31)
+ ...
+ 000000000015af20 <inet_pton>:
+ 15af20: 0b 00 4c 3c addis r2,r12,11
+ 15af24: e0 c1 42 38 addi r2,r2,-15904
+ 15af28: a6 02 08 7c mflr r0
+ 15af2c: f0 ff c1 fb std r30,-16(r1)
+ 15af30: f8 ff e1 fb std r31,-8(r1)
+ ...
+
+ # perf probe -x /usr/lib64/libc-2.26.so -a inet_pton+0x8
+ # perf record -e probe_libc:inet_pton -g ping -6 -c 1 ::1
+ # perf script
+
+Before:
+
+ ping 4507 [002] 514985.546540: probe_libc:inet_pton: (7fffa7dbaf28)
+ 7fffa7dbaf28 __GI___inet_pton+0x8 (/usr/lib64/libc-2.26.so)
+ 7fffa7d705b4 getaddrinfo+0x164 (/usr/lib64/libc-2.26.so)
+ 13fb52d70 _init+0xbfc (/usr/bin/ping)
+ 7fffa7c836a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so)
+ 7fffa7c83898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so)
+ 0 [unknown] ([unknown])
+
+After:
+
+ ping 4507 [002] 514985.546540: probe_libc:inet_pton: (7fffa7dbaf28)
+ 7fffa7dbaf28 __GI___inet_pton+0x8 (/usr/lib64/libc-2.26.so)
+ 7fffa7d6fa54 gaih_inet.constprop.7+0xf44 (/usr/lib64/libc-2.26.so)
+ 7fffa7d705b4 getaddrinfo+0x164 (/usr/lib64/libc-2.26.so)
+ 13fb52d70 _init+0xbfc (/usr/bin/ping)
+ 7fffa7c836a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so)
+ 7fffa7c83898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so)
+ 0 [unknown] ([unknown])
+
+Case 2 - Attaching a probe at _int_malloc+0x180 (binary offset 0x9cf10).
+ Return address in still in LR and a new stack frame has already
+ been allocated but not used. The caller's caller, i.e. the third
+ entry, is invalid and should be filtered out and not the second
+ one.
+
+ # objdump -d /usr/lib64/libc-2.26.so | less
+ ...
+ 000000000009cd90 <_int_malloc>:
+ 9cd90: 17 00 4c 3c addis r2,r12,23
+ 9cd94: 70 a3 42 38 addi r2,r2,-23696
+ 9cd98: 26 00 80 7d mfcr r12
+ 9cd9c: f8 ff e1 fb std r31,-8(r1)
+ 9cda0: 17 00 e4 3b addi r31,r4,23
+ 9cda4: d8 ff 61 fb std r27,-40(r1)
+ 9cda8: 78 23 9b 7c mr r27,r4
+ 9cdac: 1f 00 bf 2b cmpldi cr7,r31,31
+ 9cdb0: f0 ff c1 fb std r30,-16(r1)
+ 9cdb4: b0 ff c1 fa std r22,-80(r1)
+ 9cdb8: 78 1b 7e 7c mr r30,r3
+ 9cdbc: 08 00 81 91 stw r12,8(r1)
+ 9cdc0: 11 ff 21 f8 stdu r1,-240(r1)
+ 9cdc4: 4c 01 9d 41 bgt cr7,9cf10 <_int_malloc+0x180>
+ 9cdc8: 20 00 a4 2b cmpldi cr7,r4,32
+ ...
+ 9cf08: 00 00 00 60 nop
+ 9cf0c: 00 00 42 60 ori r2,r2,0
+ 9cf10: e4 06 ff 7b rldicr r31,r31,0,59
+ 9cf14: 40 f8 a4 7f cmpld cr7,r4,r31
+ 9cf18: 68 05 9d 41 bgt cr7,9d480 <_int_malloc+0x6f0>
+ ...
+ 000000000009e3c0 <tcache_init.part.4>:
+ ...
+ 9e420: 40 02 80 38 li r4,576
+ 9e424: 78 fb e3 7f mr r3,r31
+ 9e428: 71 e9 ff 4b bl 9cd98 <_int_malloc+0x8>
+ 9e42c: 00 00 a3 2f cmpdi cr7,r3,0
+ 9e430: 78 1b 7e 7c mr r30,r3
+ ...
+ 000000000009f7a0 <__libc_malloc>:
+ ...
+ 9f8f8: 00 00 89 2f cmpwi cr7,r9,0
+ 9f8fc: 1c ff 9e 40 bne cr7,9f818 <__libc_malloc+0x78>
+ 9f900: c9 ea ff 4b bl 9e3c8 <tcache_init.part.4+0x8>
+ 9f904: 00 00 00 60 nop
+ 9f908: e8 90 22 e9 ld r9,-28440(r2)
+ ...
+
+ # perf probe -x /usr/lib64/libc-2.26.so -a _int_malloc+0x180
+ # perf record -e probe_libc:_int_malloc -g ./test-malloc
+ # perf script
+
+Before:
+
+ test-malloc 6554 [009] 515975.797403: probe_libc:_int_malloc: (7fffa6e6cf10)
+ 7fffa6e6cf10 _int_malloc+0x180 (/usr/lib64/libc-2.26.so)
+ 7fffa6dd0000 [unknown] (/usr/lib64/libc-2.26.so)
+ 7fffa6e6f904 malloc+0x164 (/usr/lib64/libc-2.26.so)
+ 7fffa6e6f9fc malloc+0x25c (/usr/lib64/libc-2.26.so)
+ 100006b4 main+0x38 (/home/testuser/test-malloc)
+ 7fffa6df36a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so)
+ 7fffa6df3898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so)
+ 0 [unknown] ([unknown])
+
+After:
+
+ test-malloc 6554 [009] 515975.797403: probe_libc:_int_malloc: (7fffa6e6cf10)
+ 7fffa6e6cf10 _int_malloc+0x180 (/usr/lib64/libc-2.26.so)
+ 7fffa6e6e42c tcache_init.part.4+0x6c (/usr/lib64/libc-2.26.so)
+ 7fffa6e6f904 malloc+0x164 (/usr/lib64/libc-2.26.so)
+ 7fffa6e6f9fc malloc+0x25c (/usr/lib64/libc-2.26.so)
+ 100006b4 main+0x38 (/home/sandipan/test-malloc)
+ 7fffa6df36a0 generic_start_main.isra.0+0x140 (/usr/lib64/libc-2.26.so)
+ 7fffa6df3898 __libc_start_main+0xb8 (/usr/lib64/libc-2.26.so)
+ 0 [unknown] ([unknown])
+
+Signed-off-by: Sandipan Das <sandipan@linux.ibm.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Maynard Johnson <maynard@us.ibm.com>
+Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
+Cc: Ravi Bangoria <ravi.bangoria@linux.vnet.ibm.com>
+Cc: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
+Fixes: a60335ba3298 ("perf tools powerpc: Adjust callchain based on DWARF debug info")
+Link: http://lkml.kernel.org/r/24bb726d91ed173aebc972ec3f41a2ef2249434e.1530724939.git.sandipan@linux.ibm.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/perf/arch/powerpc/util/skip-callchain-idx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/perf/arch/powerpc/util/skip-callchain-idx.c
++++ b/tools/perf/arch/powerpc/util/skip-callchain-idx.c
+@@ -237,7 +237,7 @@ int arch_skip_callchain_idx(struct machi
+ if (!chain || chain->nr < 3)
+ return skip_slot;
+
+- ip = chain->ips[2];
++ ip = chain->ips[1];
+
+ thread__find_addr_location(thread, machine, PERF_RECORD_MISC_USER,
+ MAP__FUNCTION, ip, &al);
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Randy Dunlap <rdunlap@infradead.org>
+Date: Fri, 6 Jul 2018 20:53:09 -0700
+Subject: platform/x86: toshiba_acpi: Fix defined but not used build warnings
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit c2e2a618eb7104e18fdcf739d4d911563812a81c ]
+
+Fix a build warning in toshiba_acpi.c when CONFIG_PROC_FS is not enabled
+by marking the unused function as __maybe_unused.
+
+../drivers/platform/x86/toshiba_acpi.c:1685:12: warning: 'version_proc_show' defined but not used [-Wunused-function]
+
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Cc: Azael Avalos <coproscefalo@gmail.com>
+Cc: platform-driver-x86@vger.kernel.org
+Cc: Andy Shevchenko <andy@infradead.org>
+Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/platform/x86/toshiba_acpi.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/platform/x86/toshiba_acpi.c
++++ b/drivers/platform/x86/toshiba_acpi.c
+@@ -41,6 +41,7 @@
+ #define TOSHIBA_ACPI_VERSION "0.20"
+ #define PROC_INTERFACE_VERSION 1
+
++#include <linux/compiler.h>
+ #include <linux/kernel.h>
+ #include <linux/module.h>
+ #include <linux/init.h>
+@@ -1233,7 +1234,7 @@ static const struct file_operations keys
+ .write = keys_proc_write,
+ };
+
+-static int version_proc_show(struct seq_file *m, void *v)
++static int __maybe_unused version_proc_show(struct seq_file *m, void *v)
+ {
+ seq_printf(m, "driver: %s\n", TOSHIBA_ACPI_VERSION);
+ seq_printf(m, "proc_interface: %d\n", PROC_INTERFACE_VERSION);
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Nicholas Piggin <npiggin@gmail.com>
+Date: Tue, 1 May 2018 00:55:44 +1000
+Subject: powerpc/powernv: opal_put_chars partial write fix
+
+From: Nicholas Piggin <npiggin@gmail.com>
+
+[ Upstream commit bd90284cc6c1c9e8e48c8eadd0c79574fcce0b81 ]
+
+The intention here is to consume and discard the remaining buffer
+upon error. This works if there has not been a previous partial write.
+If there has been, then total_len is no longer total number of bytes
+to copy. total_len is always "bytes left to copy", so it should be
+added to written bytes.
+
+This code may not be exercised any more if partial writes will not be
+hit, but this is a small bugfix before a larger change.
+
+Reviewed-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/platforms/powernv/opal.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/powerpc/platforms/powernv/opal.c
++++ b/arch/powerpc/platforms/powernv/opal.c
+@@ -452,7 +452,7 @@ int opal_put_chars(uint32_t vtermno, con
+ /* Closed or other error drop */
+ if (rc != OPAL_SUCCESS && rc != OPAL_BUSY &&
+ rc != OPAL_BUSY_EVENT) {
+- written = total_len;
++ written += total_len;
+ break;
+ }
+ if (rc == OPAL_SUCCESS) {
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Julian Wiedmann <jwi@linux.ibm.com>
+Date: Thu, 19 Jul 2018 12:43:48 +0200
+Subject: s390/qeth: fix race in used-buffer accounting
+
+From: Julian Wiedmann <jwi@linux.ibm.com>
+
+[ Upstream commit a702349a4099cd5a7bab0904689d8e0bf8dcd622 ]
+
+By updating q->used_buffers only _after_ do_QDIO() has completed, there
+is a potential race against the buffer's TX completion. In the unlikely
+case that the TX completion path wins, qeth_qdio_output_handler() would
+decrement the counter before qeth_flush_buffers() even incremented it.
+
+Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/s390/net/qeth_core_main.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/s390/net/qeth_core_main.c
++++ b/drivers/s390/net/qeth_core_main.c
+@@ -3489,13 +3489,14 @@ static void qeth_flush_buffers(struct qe
+ qdio_flags = QDIO_FLAG_SYNC_OUTPUT;
+ if (atomic_read(&queue->set_pci_flags_count))
+ qdio_flags |= QDIO_FLAG_PCI_OUT;
++ atomic_add(count, &queue->used_buffers);
++
+ rc = do_QDIO(CARD_DDEV(queue->card), qdio_flags,
+ queue->queue_no, index, count);
+ if (queue->card->options.performance_stats)
+ queue->card->perf_stats.outbound_do_qdio_time +=
+ qeth_get_micros() -
+ queue->card->perf_stats.outbound_do_qdio_start_time;
+- atomic_add(count, &queue->used_buffers);
+ if (rc) {
+ queue->card->stats.tx_errors += count;
+ /* ignore temporary SIGA errors without busy condition */
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Julian Wiedmann <jwi@linux.ibm.com>
+Date: Thu, 19 Jul 2018 12:43:49 +0200
+Subject: s390/qeth: reset layer2 attribute on layer switch
+
+From: Julian Wiedmann <jwi@linux.ibm.com>
+
+[ Upstream commit 70551dc46ffa3555a0b5f3545b0cd87ab67fd002 ]
+
+After the subdriver's remove() routine has completed, the card's layer
+mode is undetermined again. Reflect this in the layer2 field.
+
+If qeth_dev_layer2_store() hits an error after remove() was called, the
+card _always_ requires a setup(), even if the previous layer mode is
+requested again.
+But qeth_dev_layer2_store() bails out early if the requested layer mode
+still matches the current one. So unless we reset the layer2 field,
+re-probing the card back to its previous mode is currently not possible.
+
+Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/s390/net/qeth_core_sys.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/s390/net/qeth_core_sys.c
++++ b/drivers/s390/net/qeth_core_sys.c
+@@ -456,6 +456,7 @@ static ssize_t qeth_dev_layer2_store(str
+ if (card->discipline) {
+ card->discipline->remove(card->gdev);
+ qeth_core_free_discipline(card);
++ card->options.layer2 = -1;
+ }
+
+ rc = qeth_core_load_discipline(card, newdis);
xhci-fix-use-after-free-in-xhci_free_virt_device.patch
netfilter-x_tables-avoid-stack-out-of-bounds-read-in-xt_copy_counters_from_user.patch
mm-get-rid-of-vmacache_flush_all-entirely.patch
+alsa-msnd-fix-the-default-sample-sizes.patch
+alsa-usb-audio-fix-multiple-definitions-in-au0828_device-macro.patch
+xfrm-fix-passing-zero-to-err_ptr-warning.patch
+gfs2-special-case-rindex-for-gfs2_grow.patch
+mips-ath79-fix-system-restart.patch
+mtd-maps-fix-solutionengine.c-printk-format-warnings.patch
+gfs2-don-t-reject-a-supposedly-full-bitmap-if-we-have-blocks-reserved.patch
+fbdev-omapfb-off-by-one-in-omapfb_register_client.patch
+video-goldfishfb-fix-memory-leak-on-driver-remove.patch
+fbdev-via-fix-defined-but-not-used-warning.patch
+perf-powerpc-fix-callchain-ip-filtering-when-return-address-is-in-a-register.patch
+fbdev-distinguish-between-interlaced-and-progressive-modes.patch
+perf-powerpc-fix-callchain-ip-filtering.patch
+powerpc-powernv-opal_put_chars-partial-write-fix.patch
+mac80211-restrict-delayed-tailroom-needed-decrement.patch
+s390-qeth-fix-race-in-used-buffer-accounting.patch
+s390-qeth-reset-layer2-attribute-on-layer-switch.patch
+platform-x86-toshiba_acpi-fix-defined-but-not-used-build-warnings.patch
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: Anton Vasilyev <vasilyev@ispras.ru>
+Date: Tue, 24 Jul 2018 19:11:27 +0200
+Subject: video: goldfishfb: fix memory leak on driver remove
+
+From: Anton Vasilyev <vasilyev@ispras.ru>
+
+[ Upstream commit 5958fde72d04e7b8c6de3669d1f794a90997e3eb ]
+
+goldfish_fb_probe() allocates memory for fb, but goldfish_fb_remove() does
+not have deallocation of fb, which leads to memory leak on probe/remove.
+
+The patch adds deallocation into goldfish_fb_remove().
+
+Found by Linux Driver Verification project (linuxtesting.org).
+
+Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
+Cc: Aleksandar Markovic <aleksandar.markovic@mips.com>
+Cc: Miodrag Dinic <miodrag.dinic@mips.com>
+Cc: Goran Ferenc <goran.ferenc@mips.com>
+Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/goldfishfb.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/video/fbdev/goldfishfb.c
++++ b/drivers/video/fbdev/goldfishfb.c
+@@ -301,6 +301,7 @@ static int goldfish_fb_remove(struct pla
+ dma_free_coherent(&pdev->dev, framesize, (void *)fb->fb.screen_base,
+ fb->fb.fix.smem_start);
+ iounmap(fb->reg_base);
++ kfree(fb);
+ return 0;
+ }
+
--- /dev/null
+From foo@baz Fri Sep 21 09:23:07 CEST 2018
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Wed, 25 Jul 2018 16:54:33 +0800
+Subject: xfrm: fix 'passing zero to ERR_PTR()' warning
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+[ Upstream commit 934ffce1343f22ed5e2d0bd6da4440f4848074de ]
+
+Fix a static code checker warning:
+
+ net/xfrm/xfrm_policy.c:1836 xfrm_resolve_and_create_bundle() warn: passing zero to 'ERR_PTR'
+
+xfrm_tmpl_resolve return 0 just means no xdst found, return NULL
+instead of passing zero to ERR_PTR.
+
+Fixes: d809ec895505 ("xfrm: do not assume that template resolving always returns xfrms")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
+Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/xfrm/xfrm_policy.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -1809,7 +1809,10 @@ xfrm_resolve_and_create_bundle(struct xf
+ /* Try to instantiate a bundle */
+ err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family);
+ if (err <= 0) {
+- if (err != 0 && err != -EAGAIN)
++ if (err == 0)
++ return NULL;
++
++ if (err != -EAGAIN)
+ XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
+ return ERR_PTR(err);
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
