--- /dev/null
+From 7c2e07130090ae001a97a6b65597830d6815e93e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?David=20M=C3=BCller?= <dave.mueller@gmx.ch>
+Date: Mon, 8 Apr 2019 15:33:54 +0200
+Subject: clk: x86: Add system specific quirk to mark clocks as critical
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: David Müller <dave.mueller@gmx.ch>
+
+commit 7c2e07130090ae001a97a6b65597830d6815e93e upstream.
+
+Since commit 648e921888ad ("clk: x86: Stop marking clocks as
+CLK_IS_CRITICAL"), the pmc_plt_clocks of the Bay Trail SoC are
+unconditionally gated off. Unfortunately this will break systems where these
+clocks are used for external purposes beyond the kernel's knowledge. Fix it
+by implementing a system specific quirk to mark the necessary pmc_plt_clks as
+critical.
+
+Fixes: 648e921888ad ("clk: x86: Stop marking clocks as CLK_IS_CRITICAL")
+Signed-off-by: David Müller <dave.mueller@gmx.ch>
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/clk/x86/clk-pmc-atom.c | 14 +++++++++++---
+ drivers/platform/x86/pmc_atom.c | 21 +++++++++++++++++++++
+ include/linux/platform_data/x86/clk-pmc-atom.h | 3 +++
+ 3 files changed, 35 insertions(+), 3 deletions(-)
+
+--- a/drivers/clk/x86/clk-pmc-atom.c
++++ b/drivers/clk/x86/clk-pmc-atom.c
+@@ -165,7 +165,7 @@ static const struct clk_ops plt_clk_ops
+ };
+
+ static struct clk_plt *plt_clk_register(struct platform_device *pdev, int id,
+- void __iomem *base,
++ const struct pmc_clk_data *pmc_data,
+ const char **parent_names,
+ int num_parents)
+ {
+@@ -184,9 +184,17 @@ static struct clk_plt *plt_clk_register(
+ init.num_parents = num_parents;
+
+ pclk->hw.init = &init;
+- pclk->reg = base + PMC_CLK_CTL_OFFSET + id * PMC_CLK_CTL_SIZE;
++ pclk->reg = pmc_data->base + PMC_CLK_CTL_OFFSET + id * PMC_CLK_CTL_SIZE;
+ spin_lock_init(&pclk->lock);
+
++ /*
++ * On some systems, the pmc_plt_clocks already enabled by the
++ * firmware are being marked as critical to avoid them being
++ * gated by the clock framework.
++ */
++ if (pmc_data->critical && plt_clk_is_enabled(&pclk->hw))
++ init.flags |= CLK_IS_CRITICAL;
++
+ ret = devm_clk_hw_register(&pdev->dev, &pclk->hw);
+ if (ret) {
+ pclk = ERR_PTR(ret);
+@@ -332,7 +340,7 @@ static int plt_clk_probe(struct platform
+ return PTR_ERR(parent_names);
+
+ for (i = 0; i < PMC_CLK_NUM; i++) {
+- data->clks[i] = plt_clk_register(pdev, i, pmc_data->base,
++ data->clks[i] = plt_clk_register(pdev, i, pmc_data,
+ parent_names, data->nparents);
+ if (IS_ERR(data->clks[i])) {
+ err = PTR_ERR(data->clks[i]);
+--- a/drivers/platform/x86/pmc_atom.c
++++ b/drivers/platform/x86/pmc_atom.c
+@@ -17,6 +17,7 @@
+
+ #include <linux/debugfs.h>
+ #include <linux/device.h>
++#include <linux/dmi.h>
+ #include <linux/init.h>
+ #include <linux/io.h>
+ #include <linux/platform_data/x86/clk-pmc-atom.h>
+@@ -421,11 +422,27 @@ static int pmc_dbgfs_register(struct pmc
+ }
+ #endif /* CONFIG_DEBUG_FS */
+
++/*
++ * Some systems need one or more of their pmc_plt_clks to be
++ * marked as critical.
++ */
++static const struct dmi_system_id critclk_systems[] __initconst = {
++ {
++ .ident = "MPL CEC1x",
++ .matches = {
++ DMI_MATCH(DMI_SYS_VENDOR, "MPL AG"),
++ DMI_MATCH(DMI_PRODUCT_NAME, "CEC10 Family"),
++ },
++ },
++ { /*sentinel*/ }
++};
++
+ static int pmc_setup_clks(struct pci_dev *pdev, void __iomem *pmc_regmap,
+ const struct pmc_data *pmc_data)
+ {
+ struct platform_device *clkdev;
+ struct pmc_clk_data *clk_data;
++ const struct dmi_system_id *d = dmi_first_match(critclk_systems);
+
+ clk_data = kzalloc(sizeof(*clk_data), GFP_KERNEL);
+ if (!clk_data)
+@@ -433,6 +450,10 @@ static int pmc_setup_clks(struct pci_dev
+
+ clk_data->base = pmc_regmap; /* offset is added by client */
+ clk_data->clks = pmc_data->clks;
++ if (d) {
++ clk_data->critical = true;
++ pr_info("%s critclks quirk enabled\n", d->ident);
++ }
+
+ clkdev = platform_device_register_data(&pdev->dev, "clk-pmc-atom",
+ PLATFORM_DEVID_NONE,
+--- a/include/linux/platform_data/x86/clk-pmc-atom.h
++++ b/include/linux/platform_data/x86/clk-pmc-atom.h
+@@ -35,10 +35,13 @@ struct pmc_clk {
+ *
+ * @base: PMC clock register base offset
+ * @clks: pointer to set of registered clocks, typically 0..5
++ * @critical: flag to indicate if firmware enabled pmc_plt_clks
++ * should be marked as critial or not
+ */
+ struct pmc_clk_data {
+ void __iomem *base;
+ const struct pmc_clk *clks;
++ bool critical;
+ };
+
+ #endif /* __PLATFORM_DATA_X86_CLK_PMC_ATOM_H */
--- /dev/null
+From c86da50cfd840edf223a242580913692acddbcf6 Mon Sep 17 00:00:00 2001
+From: Nicolas Le Bayon <nicolas.le.bayon@st.com>
+Date: Wed, 6 Mar 2019 15:12:16 +0000
+Subject: i2c: i2c-stm32f7: Fix SDADEL minimum formula
+
+From: Nicolas Le Bayon <nicolas.le.bayon@st.com>
+
+commit c86da50cfd840edf223a242580913692acddbcf6 upstream.
+
+It conforms with Reference Manual I2C timing section.
+
+Fixes: aeb068c57214 ("i2c: i2c-stm32f7: add driver")
+Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
+Signed-off-by: Bich Hemon <bich.hemon@st.com>
+Reviewed-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-stm32f7.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/i2c/busses/i2c-stm32f7.c
++++ b/drivers/i2c/busses/i2c-stm32f7.c
+@@ -340,7 +340,7 @@ static int stm32f7_i2c_compute_timing(st
+ STM32F7_I2C_ANALOG_FILTER_DELAY_MAX : 0);
+ dnf_delay = setup->dnf * i2cclk;
+
+- sdadel_min = setup->fall_time - i2c_specs[setup->speed].hddat_min -
++ sdadel_min = i2c_specs[setup->speed].hddat_min + setup->fall_time -
+ af_delay_min - (setup->dnf + 3) * i2cclk;
+
+ sdadel_max = i2c_specs[setup->speed].vddat_max - setup->rise_time -
--- /dev/null
+From 535005ca8e5e71918d64074032f4b9d4fef8981e Mon Sep 17 00:00:00 2001
+From: Yuval Avnery <yuvalav@mellanox.com>
+Date: Tue, 22 Jan 2019 09:02:05 +0200
+Subject: IB/core: Destroy QP if XRC QP fails
+
+From: Yuval Avnery <yuvalav@mellanox.com>
+
+commit 535005ca8e5e71918d64074032f4b9d4fef8981e upstream.
+
+The open-coded variant missed destroy of SELinux created QP, reuse already
+existing ib_detroy_qp() call and use this opportunity to clean
+ib_create_qp() from double prints and unclear exit paths.
+
+Reported-by: Parav Pandit <parav@mellanox.com>
+Fixes: d291f1a65232 ("IB/core: Enforce PKey security on QPs")
+Signed-off-by: Yuval Avnery <yuvalav@mellanox.com>
+Reviewed-by: Parav Pandit <parav@mellanox.com>
+Reviewed-by: Daniel Jurgens <danielj@mellanox.com>
+Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/verbs.c | 41 +++++++++++++++++++++++-----------------
+ 1 file changed, 24 insertions(+), 17 deletions(-)
+
+--- a/drivers/infiniband/core/verbs.c
++++ b/drivers/infiniband/core/verbs.c
+@@ -766,8 +766,8 @@ struct ib_qp *ib_open_qp(struct ib_xrcd
+ }
+ EXPORT_SYMBOL(ib_open_qp);
+
+-static struct ib_qp *ib_create_xrc_qp(struct ib_qp *qp,
+- struct ib_qp_init_attr *qp_init_attr)
++static struct ib_qp *create_xrc_qp(struct ib_qp *qp,
++ struct ib_qp_init_attr *qp_init_attr)
+ {
+ struct ib_qp *real_qp = qp;
+
+@@ -782,10 +782,10 @@ static struct ib_qp *ib_create_xrc_qp(st
+
+ qp = __ib_open_qp(real_qp, qp_init_attr->event_handler,
+ qp_init_attr->qp_context);
+- if (!IS_ERR(qp))
+- __ib_insert_xrcd_qp(qp_init_attr->xrcd, real_qp);
+- else
+- real_qp->device->destroy_qp(real_qp);
++ if (IS_ERR(qp))
++ return qp;
++
++ __ib_insert_xrcd_qp(qp_init_attr->xrcd, real_qp);
+ return qp;
+ }
+
+@@ -816,10 +816,8 @@ struct ib_qp *ib_create_qp(struct ib_pd
+ return qp;
+
+ ret = ib_create_qp_security(qp, device);
+- if (ret) {
+- ib_destroy_qp(qp);
+- return ERR_PTR(ret);
+- }
++ if (ret)
++ goto err;
+
+ qp->device = device;
+ qp->real_qp = qp;
+@@ -834,8 +832,15 @@ struct ib_qp *ib_create_qp(struct ib_pd
+ INIT_LIST_HEAD(&qp->sig_mrs);
+ qp->port = 0;
+
+- if (qp_init_attr->qp_type == IB_QPT_XRC_TGT)
+- return ib_create_xrc_qp(qp, qp_init_attr);
++ if (qp_init_attr->qp_type == IB_QPT_XRC_TGT) {
++ struct ib_qp *xrc_qp = create_xrc_qp(qp, qp_init_attr);
++
++ if (IS_ERR(xrc_qp)) {
++ ret = PTR_ERR(xrc_qp);
++ goto err;
++ }
++ return xrc_qp;
++ }
+
+ qp->event_handler = qp_init_attr->event_handler;
+ qp->qp_context = qp_init_attr->qp_context;
+@@ -863,11 +868,8 @@ struct ib_qp *ib_create_qp(struct ib_pd
+
+ if (qp_init_attr->cap.max_rdma_ctxs) {
+ ret = rdma_rw_init_mrs(qp, qp_init_attr);
+- if (ret) {
+- pr_err("failed to init MR pool ret= %d\n", ret);
+- ib_destroy_qp(qp);
+- return ERR_PTR(ret);
+- }
++ if (ret)
++ goto err;
+ }
+
+ /*
+@@ -880,6 +882,11 @@ struct ib_qp *ib_create_qp(struct ib_pd
+ device->attrs.max_sge_rd);
+
+ return qp;
++
++err:
++ ib_destroy_qp(qp);
++ return ERR_PTR(ret);
++
+ }
+ EXPORT_SYMBOL(ib_create_qp);
+
--- /dev/null
+From 6e88e672b69f0e627acdae74a527b730ea224b6b Mon Sep 17 00:00:00 2001
+From: Daniel Jurgens <danielj@mellanox.com>
+Date: Sat, 2 Feb 2019 11:09:43 +0200
+Subject: IB/core: Fix potential memory leak while creating MAD agents
+
+From: Daniel Jurgens <danielj@mellanox.com>
+
+commit 6e88e672b69f0e627acdae74a527b730ea224b6b upstream.
+
+If the MAD agents isn't allowed to manage the subnet, or fails to register
+for the LSM notifier, the security context is leaked. Free the context in
+these cases.
+
+Fixes: 47a2b338fe63 ("IB/core: Enforce security on management datagrams")
+Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
+Reviewed-by: Parav Pandit <parav@mellanox.com>
+Reported-by: Parav Pandit <parav@mellanox.com>
+Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/security.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/infiniband/core/security.c
++++ b/drivers/infiniband/core/security.c
+@@ -715,16 +715,20 @@ int ib_mad_agent_security_setup(struct i
+ agent->device->name,
+ agent->port_num);
+ if (ret)
+- return ret;
++ goto free_security;
+
+ agent->lsm_nb.notifier_call = ib_mad_agent_security_change;
+ ret = register_lsm_notifier(&agent->lsm_nb);
+ if (ret)
+- return ret;
++ goto free_security;
+
+ agent->smp_allowed = true;
+ agent->lsm_nb_reg = true;
+ return 0;
++
++free_security:
++ security_ib_free_security(agent->security);
++ return ret;
+ }
+
+ void ib_mad_agent_security_cleanup(struct ib_mad_agent *agent)
--- /dev/null
+From d60667fc398ed34b3c7456b020481c55c760e503 Mon Sep 17 00:00:00 2001
+From: Daniel Jurgens <danielj@mellanox.com>
+Date: Sat, 2 Feb 2019 11:09:42 +0200
+Subject: IB/core: Unregister notifier before freeing MAD security
+
+From: Daniel Jurgens <danielj@mellanox.com>
+
+commit d60667fc398ed34b3c7456b020481c55c760e503 upstream.
+
+If the notifier runs after the security context is freed an access of
+freed memory can occur.
+
+Fixes: 47a2b338fe63 ("IB/core: Enforce security on management datagrams")
+Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
+Reviewed-by: Parav Pandit <parav@mellanox.com>
+Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/security.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/infiniband/core/security.c
++++ b/drivers/infiniband/core/security.c
+@@ -732,9 +732,10 @@ void ib_mad_agent_security_cleanup(struc
+ if (!rdma_protocol_ib(agent->device, agent->port_num))
+ return;
+
+- security_ib_free_security(agent->security);
+ if (agent->lsm_nb_reg)
+ unregister_lsm_notifier(&agent->lsm_nb);
++
++ security_ib_free_security(agent->security);
+ }
+
+ int ib_mad_enforce_security(struct ib_mad_agent_private *map, u16 pkey_index)
--- /dev/null
+From bf2a7ca39fd3ab47ef71c621a7ee69d1813b1f97 Mon Sep 17 00:00:00 2001
+From: Anson Huang <anson.huang@nxp.com>
+Date: Wed, 3 Apr 2019 15:14:44 -0700
+Subject: Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
+
+From: Anson Huang <anson.huang@nxp.com>
+
+commit bf2a7ca39fd3ab47ef71c621a7ee69d1813b1f97 upstream.
+
+SNVS IRQ is requested before necessary driver data initialized,
+if there is a pending IRQ during driver probe phase, kernel
+NULL pointer panic will occur in IRQ handler. To avoid such
+scenario, just initialize necessary driver data before enabling
+IRQ. This patch is inspired by NXP's internal kernel tree.
+
+Fixes: d3dc6e232215 ("input: keyboard: imx: add snvs power key driver")
+Signed-off-by: Anson Huang <Anson.Huang@nxp.com>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/input/keyboard/snvs_pwrkey.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/input/keyboard/snvs_pwrkey.c
++++ b/drivers/input/keyboard/snvs_pwrkey.c
+@@ -156,6 +156,9 @@ static int imx_snvs_pwrkey_probe(struct
+ return error;
+ }
+
++ pdata->input = input;
++ platform_set_drvdata(pdev, pdata);
++
+ error = devm_request_irq(&pdev->dev, pdata->irq,
+ imx_snvs_pwrkey_interrupt,
+ 0, pdev->name, pdev);
+@@ -171,9 +174,6 @@ static int imx_snvs_pwrkey_probe(struct
+ return error;
+ }
+
+- pdata->input = input;
+- platform_set_drvdata(pdev, pdata);
+-
+ device_init_wakeup(&pdev->dev, pdata->wakeup);
+
+ return 0;
--- /dev/null
+From 937c4e552fd1174784045684740edfcea536159d Mon Sep 17 00:00:00 2001
+From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Date: Tue, 5 Feb 2019 14:40:40 -0800
+Subject: Input: stmfts - acknowledge that setting brightness is a blocking call
+
+From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+
+commit 937c4e552fd1174784045684740edfcea536159d upstream.
+
+We need to turn regulators on and off when switching brightness, and
+that may block, therefore we have to set stmfts_brightness_set() as
+LED's brightness_set_blocking() method.
+
+Fixes: 78bcac7b2ae1 ("Input: add support for the STMicroelectronics FingerTip touchscreen")
+Acked-by: Andi Shyti <andi@etezian.org>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/input/touchscreen/stmfts.c | 30 ++++++++++++++++--------------
+ 1 file changed, 16 insertions(+), 14 deletions(-)
+
+--- a/drivers/input/touchscreen/stmfts.c
++++ b/drivers/input/touchscreen/stmfts.c
+@@ -111,27 +111,29 @@ struct stmfts_data {
+ bool running;
+ };
+
+-static void stmfts_brightness_set(struct led_classdev *led_cdev,
++static int stmfts_brightness_set(struct led_classdev *led_cdev,
+ enum led_brightness value)
+ {
+ struct stmfts_data *sdata = container_of(led_cdev,
+ struct stmfts_data, led_cdev);
+ int err;
+
+- if (value == sdata->led_status || !sdata->ledvdd)
+- return;
+-
+- if (!value) {
+- regulator_disable(sdata->ledvdd);
+- } else {
+- err = regulator_enable(sdata->ledvdd);
+- if (err)
+- dev_warn(&sdata->client->dev,
+- "failed to disable ledvdd regulator: %d\n",
+- err);
++ if (value != sdata->led_status && sdata->ledvdd) {
++ if (!value) {
++ regulator_disable(sdata->ledvdd);
++ } else {
++ err = regulator_enable(sdata->ledvdd);
++ if (err) {
++ dev_warn(&sdata->client->dev,
++ "failed to disable ledvdd regulator: %d\n",
++ err);
++ return err;
++ }
++ }
++ sdata->led_status = value;
+ }
+
+- sdata->led_status = value;
++ return 0;
+ }
+
+ static enum led_brightness stmfts_brightness_get(struct led_classdev *led_cdev)
+@@ -613,7 +615,7 @@ static int stmfts_enable_led(struct stmf
+ sdata->led_cdev.name = STMFTS_DEV_NAME;
+ sdata->led_cdev.max_brightness = LED_ON;
+ sdata->led_cdev.brightness = LED_OFF;
+- sdata->led_cdev.brightness_set = stmfts_brightness_set;
++ sdata->led_cdev.brightness_set_blocking = stmfts_brightness_set;
+ sdata->led_cdev.brightness_get = stmfts_brightness_get;
+
+ err = devm_led_classdev_register(&sdata->client->dev, &sdata->led_cdev);
--- /dev/null
+From 61da76beef1e4f0b6ba7be4f8d0cf0dac7ce1f55 Mon Sep 17 00:00:00 2001
+From: Jacopo Mondi <jacopo+renesas@jmondi.org>
+Date: Fri, 29 Dec 2017 07:22:26 -0500
+Subject: media: v4l2: i2c: ov7670: Fix PLL bypass register values
+
+From: Jacopo Mondi <jacopo+renesas@jmondi.org>
+
+commit 61da76beef1e4f0b6ba7be4f8d0cf0dac7ce1f55 upstream.
+
+The following commits:
+commit f6dd927f34d6 ("[media] media: ov7670: calculate framerate properly for ov7675")
+commit 04ee6d92047e ("[media] media: ov7670: add possibility to bypass pll for ov7675")
+introduced the ability to bypass PLL multiplier and use input clock (xvclk)
+as pixel clock output frequency for ov7675 sensor.
+
+PLL is bypassed using register DBLV[7:6], according to ov7670 and ov7675
+sensor manuals. Macros used to set DBLV register seem wrong in the
+driver, as their values do not match what reported in the datasheet.
+
+Fix by changing DBLV_* macros to use bits [7:6] and set bits [3:0] to
+default 0x0a reserved value (according to datasheets).
+
+While at there, remove a write to DBLV register in
+"ov7675_set_framerate()" that over-writes the previous one to the same
+register that takes "info->pll_bypass" flag into account instead of setting PLL
+multiplier to 4x unconditionally.
+
+And, while at there, since "info->pll_bypass" is only used in
+set/get_framerate() functions used by ov7675 only, it is not necessary
+to check for the device id at probe time to make sure that when using
+ov7670 "info->pll_bypass" is set to false.
+
+Fixes: f6dd927f34d6 ("[media] media: ov7670: calculate framerate properly for ov7675")
+
+Signed-off-by: Jacopo Mondi <jacopo+renesas@jmondi.org>
+Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/i2c/ov7670.c | 16 ++++++----------
+ 1 file changed, 6 insertions(+), 10 deletions(-)
+
+--- a/drivers/media/i2c/ov7670.c
++++ b/drivers/media/i2c/ov7670.c
+@@ -158,10 +158,10 @@ MODULE_PARM_DESC(debug, "Debug level (0-
+ #define REG_GFIX 0x69 /* Fix gain control */
+
+ #define REG_DBLV 0x6b /* PLL control an debugging */
+-#define DBLV_BYPASS 0x00 /* Bypass PLL */
+-#define DBLV_X4 0x01 /* clock x4 */
+-#define DBLV_X6 0x10 /* clock x6 */
+-#define DBLV_X8 0x11 /* clock x8 */
++#define DBLV_BYPASS 0x0a /* Bypass PLL */
++#define DBLV_X4 0x4a /* clock x4 */
++#define DBLV_X6 0x8a /* clock x6 */
++#define DBLV_X8 0xca /* clock x8 */
+
+ #define REG_REG76 0x76 /* OV's name */
+ #define R76_BLKPCOR 0x80 /* Black pixel correction enable */
+@@ -837,7 +837,7 @@ static int ov7675_set_framerate(struct v
+ if (ret < 0)
+ return ret;
+
+- return ov7670_write(sd, REG_DBLV, DBLV_X4);
++ return 0;
+ }
+
+ static void ov7670_get_framerate_legacy(struct v4l2_subdev *sd,
+@@ -1601,11 +1601,7 @@ static int ov7670_probe(struct i2c_clien
+ if (config->clock_speed)
+ info->clock_speed = config->clock_speed;
+
+- /*
+- * It should be allowed for ov7670 too when it is migrated to
+- * the new frame rate formula.
+- */
+- if (config->pll_bypass && id->driver_data != MODEL_OV7670)
++ if (config->pll_bypass)
+ info->pll_bypass = true;
+
+ if (config->pclk_hb_disable)
--- /dev/null
+From 3b4d07d2674f6b4a9281031f99d1f7efd325b16d Mon Sep 17 00:00:00 2001
+From: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
+Date: Tue, 26 Feb 2019 10:09:35 +0530
+Subject: powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search
+
+From: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+
+commit 3b4d07d2674f6b4a9281031f99d1f7efd325b16d upstream.
+
+When doing top-down search the low_limit is not PAGE_SIZE but rather
+max(PAGE_SIZE, mmap_min_addr). This handle cases in which mmap_min_addr >
+PAGE_SIZE.
+
+Fixes: fba2369e6ceb ("mm: use vm_unmapped_area() on powerpc architecture")
+Reviewed-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
+Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/mm/slice.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/arch/powerpc/mm/slice.c
++++ b/arch/powerpc/mm/slice.c
+@@ -31,6 +31,7 @@
+ #include <linux/spinlock.h>
+ #include <linux/export.h>
+ #include <linux/hugetlb.h>
++#include <linux/security.h>
+ #include <asm/mman.h>
+ #include <asm/mmu.h>
+ #include <asm/copro.h>
+@@ -328,6 +329,7 @@ static unsigned long slice_find_area_top
+ int pshift = max_t(int, mmu_psize_defs[psize].shift, PAGE_SHIFT);
+ unsigned long addr, found, prev;
+ struct vm_unmapped_area_info info;
++ unsigned long min_addr = max(PAGE_SIZE, mmap_min_addr);
+
+ info.flags = VM_UNMAPPED_AREA_TOPDOWN;
+ info.length = len;
+@@ -344,7 +346,7 @@ static unsigned long slice_find_area_top
+ if (high_limit > DEFAULT_MAP_WINDOW)
+ addr += mm->context.addr_limit - DEFAULT_MAP_WINDOW;
+
+- while (addr > PAGE_SIZE) {
++ while (addr > min_addr) {
+ info.high_limit = addr;
+ if (!slice_scan_available(addr - 1, available, 0, &addr))
+ continue;
+@@ -356,8 +358,8 @@ static unsigned long slice_find_area_top
+ * Check if we need to reduce the range, or if we can
+ * extend it to cover the previous available slice.
+ */
+- if (addr < PAGE_SIZE)
+- addr = PAGE_SIZE;
++ if (addr < min_addr)
++ addr = min_addr;
+ else if (slice_scan_available(addr - 1, available, 0, &prev)) {
+ addr = prev;
+ goto prev_slice;
+@@ -479,7 +481,7 @@ unsigned long slice_get_unmapped_area(un
+ addr = _ALIGN_UP(addr, page_size);
+ slice_dbg(" aligned addr=%lx\n", addr);
+ /* Ignore hint if it's too large or overlaps a VMA */
+- if (addr > high_limit - len ||
++ if (addr > high_limit - len || addr < mmap_min_addr ||
+ !slice_area_is_free(mm, addr, len))
+ addr = 0;
+ }
--- /dev/null
+From a83d6ddaebe541570291205cb538e35ad4ff94f9 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Fri, 21 Dec 2018 21:18:52 +0100
+Subject: selinux: never allow relabeling on context mounts
+
+From: Ondrej Mosnacek <omosnace@redhat.com>
+
+commit a83d6ddaebe541570291205cb538e35ad4ff94f9 upstream.
+
+In the SECURITY_FS_USE_MNTPOINT case we never want to allow relabeling
+files/directories, so we should never set the SBLABEL_MNT flag. The
+'special handling' in selinux_is_sblabel_mnt() is only intended for when
+the behavior is set to SECURITY_FS_USE_GENFS.
+
+While there, make the logic in selinux_is_sblabel_mnt() more explicit
+and add a BUILD_BUG_ON() to make sure that introducing a new
+SECURITY_FS_USE_* forces a review of the logic.
+
+Fixes: d5f3a5f6e7e7 ("selinux: add security in-core xattr support for pstore and debugfs")
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/selinux/hooks.c | 40 +++++++++++++++++++++++++++++++---------
+ 1 file changed, 31 insertions(+), 9 deletions(-)
+
+--- a/security/selinux/hooks.c
++++ b/security/selinux/hooks.c
+@@ -471,16 +471,10 @@ static int may_context_mount_inode_relab
+ return rc;
+ }
+
+-static int selinux_is_sblabel_mnt(struct super_block *sb)
++static int selinux_is_genfs_special_handling(struct super_block *sb)
+ {
+- struct superblock_security_struct *sbsec = sb->s_security;
+-
+- return sbsec->behavior == SECURITY_FS_USE_XATTR ||
+- sbsec->behavior == SECURITY_FS_USE_TRANS ||
+- sbsec->behavior == SECURITY_FS_USE_TASK ||
+- sbsec->behavior == SECURITY_FS_USE_NATIVE ||
+- /* Special handling. Genfs but also in-core setxattr handler */
+- !strcmp(sb->s_type->name, "sysfs") ||
++ /* Special handling. Genfs but also in-core setxattr handler */
++ return !strcmp(sb->s_type->name, "sysfs") ||
+ !strcmp(sb->s_type->name, "pstore") ||
+ !strcmp(sb->s_type->name, "debugfs") ||
+ !strcmp(sb->s_type->name, "tracefs") ||
+@@ -490,6 +484,34 @@ static int selinux_is_sblabel_mnt(struct
+ !strcmp(sb->s_type->name, "cgroup2")));
+ }
+
++static int selinux_is_sblabel_mnt(struct super_block *sb)
++{
++ struct superblock_security_struct *sbsec = sb->s_security;
++
++ /*
++ * IMPORTANT: Double-check logic in this function when adding a new
++ * SECURITY_FS_USE_* definition!
++ */
++ BUILD_BUG_ON(SECURITY_FS_USE_MAX != 7);
++
++ switch (sbsec->behavior) {
++ case SECURITY_FS_USE_XATTR:
++ case SECURITY_FS_USE_TRANS:
++ case SECURITY_FS_USE_TASK:
++ case SECURITY_FS_USE_NATIVE:
++ return 1;
++
++ case SECURITY_FS_USE_GENFS:
++ return selinux_is_genfs_special_handling(sb);
++
++ /* Never allow relabeling on context mounts */
++ case SECURITY_FS_USE_MNTPOINT:
++ case SECURITY_FS_USE_NONE:
++ default:
++ return 0;
++ }
++}
++
+ static int sb_finish_set_opts(struct super_block *sb)
+ {
+ struct superblock_security_struct *sbsec = sb->s_security;
staging-iio-adt7316-fix-the-dac-write-calculation.patch
scsi-rdma-srpt-fix-a-credit-leak-for-aborted-commands.patch
asoc-stm32-fix-sai-driver-name-initialisation.patch
+ib-core-unregister-notifier-before-freeing-mad-security.patch
+ib-core-fix-potential-memory-leak-while-creating-mad-agents.patch
+ib-core-destroy-qp-if-xrc-qp-fails.patch
+input-snvs_pwrkey-initialize-necessary-driver-data-before-enabling-irq.patch
+input-stmfts-acknowledge-that-setting-brightness-is-a-blocking-call.patch
+selinux-never-allow-relabeling-on-context-mounts.patch
+powerpc-mm-hash-handle-mmap_min_addr-correctly-in-get_unmapped_area-topdown-search.patch
+x86-mce-improve-error-message-when-kernel-cannot-recover-p2.patch
+clk-x86-add-system-specific-quirk-to-mark-clocks-as-critical.patch
+i2c-i2c-stm32f7-fix-sdadel-minimum-formula.patch
+media-v4l2-i2c-ov7670-fix-pll-bypass-register-values.patch
--- /dev/null
+From 41f035a86b5b72a4f947c38e94239d20d595352a Mon Sep 17 00:00:00 2001
+From: Tony Luck <tony.luck@intel.com>
+Date: Mon, 25 Feb 2019 12:59:40 -0800
+Subject: x86/mce: Improve error message when kernel cannot recover, p2
+
+From: Tony Luck <tony.luck@intel.com>
+
+commit 41f035a86b5b72a4f947c38e94239d20d595352a upstream.
+
+In
+
+ c7d606f560e4 ("x86/mce: Improve error message when kernel cannot recover")
+
+a case was added for a machine check caused by a DATA access to poison
+memory from the kernel. A case should have been added also for an
+uncorrectable error during an instruction fetch in the kernel.
+
+Add that extra case so the error message now reads:
+
+ mce: [Hardware Error]: Machine check: Instruction fetch error in kernel
+
+Fixes: c7d606f560e4 ("x86/mce: Improve error message when kernel cannot recover")
+Signed-off-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Pu Wen <puwen@hygon.cn>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: x86-ml <x86@kernel.org>
+Link: https://lkml.kernel.org/r/20190225205940.15226-1-tony.luck@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/cpu/mcheck/mce-severity.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/arch/x86/kernel/cpu/mcheck/mce-severity.c
++++ b/arch/x86/kernel/cpu/mcheck/mce-severity.c
+@@ -148,6 +148,11 @@ static struct severity {
+ SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_DATA),
+ KERNEL
+ ),
++ MCESEV(
++ PANIC, "Instruction fetch error in kernel",
++ SER, MASK(MCI_STATUS_OVER|MCI_UC_SAR|MCI_ADDR|MCACOD, MCI_UC_SAR|MCI_ADDR|MCACOD_INSTR),
++ KERNEL
++ ),
+ #endif
+ MCESEV(
+ PANIC, "Action required: unknown MCACOD",
projects / thirdparty / kernel / stable-queue.git / commitdiff
