--- /dev/null
+From 800a7340ab7dd667edf95e74d8e4f23a17e87076 Mon Sep 17 00:00:00 2001
+From: Wenwen Wang <wang6495@umn.edu>
+Date: Wed, 3 Oct 2018 11:43:59 -0500
+Subject: dm ioctl: harden copy_params()'s copy_from_user() from malicious users
+
+From: Wenwen Wang <wang6495@umn.edu>
+
+commit 800a7340ab7dd667edf95e74d8e4f23a17e87076 upstream.
+
+In copy_params(), the struct 'dm_ioctl' is first copied from the user
+space buffer 'user' to 'param_kernel' and the field 'data_size' is
+checked against 'minimum_data_size' (size of 'struct dm_ioctl' payload
+up to its 'data' member). If the check fails, an error code EINVAL will be
+returned. Otherwise, param_kernel->data_size is used to do a second copy,
+which copies from the same user-space buffer to 'dmi'. After the second
+copy, only 'dmi->data_size' is checked against 'param_kernel->data_size'.
+Given that the buffer 'user' resides in the user space, a malicious
+user-space process can race to change the content in the buffer between
+the two copies. This way, the attacker can inject inconsistent data
+into 'dmi' (versus previously validated 'param_kernel').
+
+Fix redundant copying of 'minimum_data_size' from user-space buffer by
+using the first copy stored in 'param_kernel'. Also remove the
+'data_size' check after the second copy because it is now unnecessary.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Wenwen Wang <wang6495@umn.edu>
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/dm-ioctl.c | 18 ++++++------------
+ 1 file changed, 6 insertions(+), 12 deletions(-)
+
+--- a/drivers/md/dm-ioctl.c
++++ b/drivers/md/dm-ioctl.c
+@@ -1692,8 +1692,7 @@ static void free_params(struct dm_ioctl
+ }
+
+ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kernel,
+- int ioctl_flags,
+- struct dm_ioctl **param, int *param_flags)
++ int ioctl_flags, struct dm_ioctl **param, int *param_flags)
+ {
+ struct dm_ioctl *dmi;
+ int secure_data;
+@@ -1738,18 +1737,13 @@ static int copy_params(struct dm_ioctl _
+
+ *param_flags |= DM_PARAMS_MALLOC;
+
+- if (copy_from_user(dmi, user, param_kernel->data_size))
+- goto bad;
++ /* Copy from param_kernel (which was already copied from user) */
++ memcpy(dmi, param_kernel, minimum_data_size);
+
+-data_copied:
+- /*
+- * Abort if something changed the ioctl data while it was being copied.
+- */
+- if (dmi->data_size != param_kernel->data_size) {
+- DMERR("rejecting ioctl: data size modified while processing parameters");
++ if (copy_from_user(&dmi->data, (char __user *)user + minimum_data_size,
++ param_kernel->data_size - minimum_data_size))
+ goto bad;
+- }
+-
++data_copied:
+ /* Wipe the user buffer so we do not return it to userspace */
+ if (secure_data && clear_user(user, param_kernel->data_size))
+ goto bad;
--- /dev/null
+From 93f38b6fae0ea8987e22d9e6c38f8dfdccd867ee Mon Sep 17 00:00:00 2001
+From: Amir Goldstein <amir73il@gmail.com>
+Date: Fri, 28 Sep 2018 20:41:48 +0300
+Subject: lockd: fix access beyond unterminated strings in prints
+
+From: Amir Goldstein <amir73il@gmail.com>
+
+commit 93f38b6fae0ea8987e22d9e6c38f8dfdccd867ee upstream.
+
+printk format used %*s instead of %.*s, so hostname_len does not limit
+the number of bytes accessed from hostname.
+
+Signed-off-by: Amir Goldstein <amir73il@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/lockd/host.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/lockd/host.c
++++ b/fs/lockd/host.c
+@@ -340,7 +340,7 @@ struct nlm_host *nlmsvc_lookup_host(cons
+ };
+ struct lockd_net *ln = net_generic(net, lockd_net_id);
+
+- dprintk("lockd: %s(host='%*s', vers=%u, proto=%s)\n", __func__,
++ dprintk("lockd: %s(host='%.*s', vers=%u, proto=%s)\n", __func__,
+ (int)hostname_len, hostname, rqstp->rq_vers,
+ (rqstp->rq_prot == IPPROTO_UDP ? "udp" : "tcp"));
+
--- /dev/null
+From 250854eed5d45a73d81e4137dfd85180af6f2ec3 Mon Sep 17 00:00:00 2001
+From: Hans Verkuil <hverkuil@xs4all.nl>
+Date: Mon, 8 Oct 2018 15:08:27 -0400
+Subject: media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
+
+From: Hans Verkuil <hverkuil@xs4all.nl>
+
+commit 250854eed5d45a73d81e4137dfd85180af6f2ec3 upstream.
+
+When the OSD is on (i.e. vivid displays text on top of the test pattern), and
+you enable hflip, then the driver crashes.
+
+The cause turned out to be a division of a negative number by an unsigned value.
+You expect that -8 / 2U would be -4, but in reality it is 2147483644 :-(
+
+Fixes: 3e14e7a82c1ef ("vivid-tpg: add hor/vert downsampling support to tpg_gen_text")
+
+Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
+Reported-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Cc: <stable@vger.kernel.org> # for v4.1 and up
+Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/common/v4l2-tpg/v4l2-tpg-core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
++++ b/drivers/media/common/v4l2-tpg/v4l2-tpg-core.c
+@@ -1650,7 +1650,7 @@ typedef struct { u16 __; u8 _; } __packe
+ pos[7] = (chr & (0x01 << 0) ? fg : bg); \
+ } \
+ \
+- pos += (tpg->hflip ? -8 : 8) / hdiv; \
++ pos += (tpg->hflip ? -8 : 8) / (int)hdiv; \
+ } \
+ } \
+ } while (0)
--- /dev/null
+From c0fae7e2452b90c31edd2d25eb3baf0c76b400ca Mon Sep 17 00:00:00 2001
+From: Aaro Koskinen <aaro.koskinen@iki.fi>
+Date: Sat, 27 Oct 2018 01:46:34 +0300
+Subject: MIPS: OCTEON: fix out of bounds array access on CN68XX
+
+From: Aaro Koskinen <aaro.koskinen@iki.fi>
+
+commit c0fae7e2452b90c31edd2d25eb3baf0c76b400ca upstream.
+
+The maximum number of interfaces is returned by
+cvmx_helper_get_number_of_interfaces(), and the value is used to access
+interface_port_count[]. When CN68XX support was added, we forgot
+to increase the array size. Fix that.
+
+Fixes: 2c8c3f0201333 ("MIPS: Octeon: Support additional interfaces on CN68XX")
+Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Patchwork: https://patchwork.linux-mips.org/patch/20949/
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Cc: linux-mips@linux-mips.org
+Cc: linux-kernel@vger.kernel.org
+Cc: stable@vger.kernel.org # v4.3+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/cavium-octeon/executive/cvmx-helper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/cavium-octeon/executive/cvmx-helper.c
++++ b/arch/mips/cavium-octeon/executive/cvmx-helper.c
+@@ -67,7 +67,7 @@ void (*cvmx_override_pko_queue_priority)
+ void (*cvmx_override_ipd_port_setup) (int ipd_port);
+
+ /* Port count per interface */
+-static int interface_port_count[5];
++static int interface_port_count[9];
+
+ /* Port last configured link info index by IPD/PKO port */
+ static cvmx_helper_link_info_t
--- /dev/null
+From d397dbe606120a1ea1b11b0020c3f7a3852da5ac Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Mon, 27 Aug 2018 10:21:50 +0200
+Subject: net: bcmgenet: fix OF child-node lookup
+
+From: Johan Hovold <johan@kernel.org>
+
+commit d397dbe606120a1ea1b11b0020c3f7a3852da5ac upstream.
+
+Use the new of_get_compatible_child() helper to lookup the mdio child
+node instead of using of_find_compatible_node(), which searches the
+entire tree from a given start node and thus can return an unrelated
+(i.e. non-child) node.
+
+This also addresses a potential use-after-free (e.g. after probe
+deferral) as the tree-wide helper drops a reference to its first
+argument (i.e. the node of the device being probed).
+
+Fixes: aa09677cba42 ("net: bcmgenet: add MDIO routines")
+Cc: stable <stable@vger.kernel.org> # 3.15
+Cc: David S. Miller <davem@davemloft.net>
+Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
+@@ -483,7 +483,7 @@ static int bcmgenet_mii_of_init(struct b
+ if (!compat)
+ return -ENOMEM;
+
+- priv->mdio_dn = of_find_compatible_node(dn, NULL, compat);
++ priv->mdio_dn = of_get_compatible_child(dn, compat);
+ kfree(compat);
+ if (!priv->mdio_dn) {
+ dev_err(kdev, "unable to find MDIO bus node\n");
--- /dev/null
+From 5bf59773aaf36dd62117dc83d50e1bbf9ef432da Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Mon, 27 Aug 2018 10:21:52 +0200
+Subject: NFC: nfcmrvl_uart: fix OF child-node lookup
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 5bf59773aaf36dd62117dc83d50e1bbf9ef432da upstream.
+
+Use the new of_get_compatible_child() helper to lookup the nfc child
+node instead of using of_find_compatible_node(), which searches the
+entire tree from a given start node and thus can return an unrelated
+(i.e. non-child) node.
+
+This also addresses a potential use-after-free (e.g. after probe
+deferral) as the tree-wide helper drops a reference to its first
+argument (i.e. the parent node).
+
+Fixes: e097dc624f78 ("NFC: nfcmrvl: add UART driver")
+Fixes: d8e018c0b321 ("NFC: nfcmrvl: update device tree bindings for Marvell NFC")
+Cc: stable <stable@vger.kernel.org> # 4.2
+Cc: Vincent Cuissard <cuissard@marvell.com>
+Cc: Samuel Ortiz <sameo@linux.intel.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nfc/nfcmrvl/uart.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/nfc/nfcmrvl/uart.c
++++ b/drivers/nfc/nfcmrvl/uart.c
+@@ -73,10 +73,9 @@ static int nfcmrvl_uart_parse_dt(struct
+ struct device_node *matched_node;
+ int ret;
+
+- matched_node = of_find_compatible_node(node, NULL, "marvell,nfc-uart");
++ matched_node = of_get_compatible_child(node, "marvell,nfc-uart");
+ if (!matched_node) {
+- matched_node = of_find_compatible_node(node, NULL,
+- "mrvl,nfc-uart");
++ matched_node = of_get_compatible_child(node, "mrvl,nfc-uart");
+ if (!matched_node)
+ return -ENODEV;
+ }
--- /dev/null
+From bb6ad5572c0022e17e846b382d7413cdcf8055be Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trondmy@gmail.com>
+Date: Tue, 9 Oct 2018 15:54:15 -0400
+Subject: nfsd: Fix an Oops in free_session()
+
+From: Trond Myklebust <trondmy@gmail.com>
+
+commit bb6ad5572c0022e17e846b382d7413cdcf8055be upstream.
+
+In call_xpt_users(), we delete the entry from the list, but we
+do not reinitialise it. This triggers the list poisoning when
+we later call unregister_xpt_user() in nfsd4_del_conns().
+
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/sunrpc/svc_xprt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/sunrpc/svc_xprt.c
++++ b/net/sunrpc/svc_xprt.c
+@@ -1038,7 +1038,7 @@ static void call_xpt_users(struct svc_xp
+ spin_lock(&xprt->xpt_lock);
+ while (!list_empty(&xprt->xpt_users)) {
+ u = list_first_entry(&xprt->xpt_users, struct svc_xpt_user, list);
+- list_del(&u->list);
++ list_del_init(&u->list);
+ u->callback(u);
+ }
+ spin_unlock(&xprt->xpt_lock);
--- /dev/null
+From 943cff67b842839f4f35364ba2db5c2d3f025d94 Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Tue, 18 Sep 2018 10:07:44 -0400
+Subject: NFSv4.1: Fix the r/wsize checking
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+commit 943cff67b842839f4f35364ba2db5c2d3f025d94 upstream.
+
+The intention of nfs4_session_set_rwsize() was to cap the r/wsize to the
+buffer sizes negotiated by the CREATE_SESSION. The initial code had a
+bug whereby we would not check the values negotiated by nfs_probe_fsinfo()
+(the assumption being that CREATE_SESSION will always negotiate buffer values
+that are sane w.r.t. the server's preferred r/wsizes) but would only check
+values set by the user in the 'mount' command.
+
+The code was changed in 4.11 to _always_ set the r/wsize, meaning that we
+now never use the server preferred r/wsizes. This is the regression that
+this patch fixes.
+Also rename the function to nfs4_session_limit_rwsize() in order to avoid
+future confusion.
+
+Fixes: 033853325fe3 (NFSv4.1 respect server's max size in CREATE_SESSION")
+Cc: stable@vger.kernel.org # v4.11+
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs4client.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+--- a/fs/nfs/nfs4client.c
++++ b/fs/nfs/nfs4client.c
+@@ -988,10 +988,10 @@ EXPORT_SYMBOL_GPL(nfs4_set_ds_client);
+
+ /*
+ * Session has been established, and the client marked ready.
+- * Set the mount rsize and wsize with negotiated fore channel
+- * attributes which will be bound checked in nfs_server_set_fsinfo.
++ * Limit the mount rsize, wsize and dtsize using negotiated fore
++ * channel attributes.
+ */
+-static void nfs4_session_set_rwsize(struct nfs_server *server)
++static void nfs4_session_limit_rwsize(struct nfs_server *server)
+ {
+ #ifdef CONFIG_NFS_V4_1
+ struct nfs4_session *sess;
+@@ -1004,9 +1004,11 @@ static void nfs4_session_set_rwsize(stru
+ server_resp_sz = sess->fc_attrs.max_resp_sz - nfs41_maxread_overhead;
+ server_rqst_sz = sess->fc_attrs.max_rqst_sz - nfs41_maxwrite_overhead;
+
+- if (!server->rsize || server->rsize > server_resp_sz)
++ if (server->dtsize > server_resp_sz)
++ server->dtsize = server_resp_sz;
++ if (server->rsize > server_resp_sz)
+ server->rsize = server_resp_sz;
+- if (!server->wsize || server->wsize > server_rqst_sz)
++ if (server->wsize > server_rqst_sz)
+ server->wsize = server_rqst_sz;
+ #endif /* CONFIG_NFS_V4_1 */
+ }
+@@ -1053,12 +1055,12 @@ static int nfs4_server_common_setup(stru
+ (unsigned long long) server->fsid.minor);
+ nfs_display_fhandle(mntfh, "Pseudo-fs root FH");
+
+- nfs4_session_set_rwsize(server);
+-
+ error = nfs_probe_fsinfo(server, mntfh, fattr);
+ if (error < 0)
+ goto out;
+
++ nfs4_session_limit_rwsize(server);
++
+ if (server->namelen == 0 || server->namelen > NFS4_MAXNAMLEN)
+ server->namelen = NFS4_MAXNAMLEN;
+
--- /dev/null
+From 0f99153def98134403c9149128e59d3e1786cf04 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Fri, 19 Oct 2018 06:12:50 +0000
+Subject: powerpc/msi: Fix compile error on mpc83xx
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit 0f99153def98134403c9149128e59d3e1786cf04 upstream.
+
+mpic_get_primary_version() is not defined when not using MPIC.
+The compile error log like:
+
+arch/powerpc/sysdev/built-in.o: In function `fsl_of_msi_probe':
+fsl_msi.c:(.text+0x150c): undefined reference to `fsl_mpic_primary_get_version'
+
+Signed-off-by: Jia Hongtao <hongtao.jia@freescale.com>
+Signed-off-by: Scott Wood <scottwood@freescale.com>
+Reported-by: Radu Rendec <radu.rendec@gmail.com>
+Fixes: 807d38b73b6 ("powerpc/mpic: Add get_version API both for internal and external use")
+Cc: stable@vger.kernel.org
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/include/asm/mpic.h | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/arch/powerpc/include/asm/mpic.h
++++ b/arch/powerpc/include/asm/mpic.h
+@@ -392,7 +392,14 @@ extern struct bus_type mpic_subsys;
+ #define MPIC_REGSET_TSI108 MPIC_REGSET(1) /* Tsi108/109 PIC */
+
+ /* Get the version of primary MPIC */
++#ifdef CONFIG_MPIC
+ extern u32 fsl_mpic_primary_get_version(void);
++#else
++static inline u32 fsl_mpic_primary_get_version(void)
++{
++ return 0;
++}
++#endif
+
+ /* Allocate the controller structure and setup the linux irq descs
+ * for the range if interrupts passed in. No HW initialization is
smb3-on-kerberos-mount-if-server-doesn-t-specify-auth-type-use-krb5.patch
printk-fix-panic-caused-by-passing-log_buf_len-to-command-line.patch
genirq-fix-race-on-spurious-interrupt-detection.patch
+nfc-nfcmrvl_uart-fix-of-child-node-lookup.patch
+nfsv4.1-fix-the-r-wsize-checking.patch
+nfsd-fix-an-oops-in-free_session.patch
+lockd-fix-access-beyond-unterminated-strings-in-prints.patch
+dm-ioctl-harden-copy_params-s-copy_from_user-from-malicious-users.patch
+powerpc-msi-fix-compile-error-on-mpc83xx.patch
+mips-octeon-fix-out-of-bounds-array-access-on-cn68xx.patch
+tc-set-dma-masks-for-devices.patch
+net-bcmgenet-fix-of-child-node-lookup.patch
+media-v4l2-tpg-fix-kernel-oops-when-enabling-hflip-and-osd.patch
--- /dev/null
+From 3f2aa244ee1a0d17ed5b6c86564d2c1b24d1c96b Mon Sep 17 00:00:00 2001
+From: "Maciej W. Rozycki" <macro@linux-mips.org>
+Date: Wed, 3 Oct 2018 13:21:07 +0100
+Subject: TC: Set DMA masks for devices
+
+From: Maciej W. Rozycki <macro@linux-mips.org>
+
+commit 3f2aa244ee1a0d17ed5b6c86564d2c1b24d1c96b upstream.
+
+Fix a TURBOchannel support regression with commit 205e1b7f51e4
+("dma-mapping: warn when there is no coherent_dma_mask") that caused
+coherent DMA allocations to produce a warning such as:
+
+defxx: v1.11 2014/07/01 Lawrence V. Stefani and others
+tc1: DEFTA at MMIO addr = 0x1e900000, IRQ = 20, Hardware addr = 08-00-2b-a3-a3-29
+------------[ cut here ]------------
+WARNING: CPU: 0 PID: 1 at ./include/linux/dma-mapping.h:516 dfx_dev_register+0x670/0x678
+Modules linked in:
+CPU: 0 PID: 1 Comm: swapper Not tainted 4.19.0-rc6 #2
+Stack : ffffffff8009ffc0 fffffffffffffec0 0000000000000000 ffffffff80647650
+ 0000000000000000 0000000000000000 ffffffff806f5f80 ffffffffffffffff
+ 0000000000000000 0000000000000000 0000000000000001 ffffffff8065d4e8
+ 98000000031b6300 ffffffff80563478 ffffffff805685b0 ffffffffffffffff
+ 0000000000000000 ffffffff805d6720 0000000000000204 ffffffff80388df8
+ 0000000000000000 0000000000000009 ffffffff8053efd0 ffffffff806657d0
+ 0000000000000000 ffffffff803177f8 0000000000000000 ffffffff806d0000
+ 9800000003078000 980000000307b9e0 000000001e900000 ffffffff80067940
+ 0000000000000000 ffffffff805d6720 0000000000000204 ffffffff80388df8
+ ffffffff805176c0 ffffffff8004dc78 0000000000000000 ffffffff80067940
+ ...
+Call Trace:
+[<ffffffff8004dc78>] show_stack+0xa0/0x130
+[<ffffffff80067940>] __warn+0x128/0x170
+---[ end trace b1d1e094f67f3bb2 ]---
+
+This is because the TURBOchannel bus driver fails to set the coherent
+DMA mask for devices enumerated.
+
+Set the regular and coherent DMA masks for TURBOchannel devices then,
+observing that the bus protocol supports a 34-bit (16GiB) DMA address
+space, by interpreting the value presented in the address cycle across
+the 32 `ad' lines as a 32-bit word rather than byte address[1]. The
+architectural size of the TURBOchannel DMA address space exceeds the
+maximum amount of RAM any actual TURBOchannel system in existence may
+have, hence both masks are the same.
+
+This removes the warning shown above.
+
+References:
+
+[1] "TURBOchannel Hardware Specification", EK-369AA-OD-007B, Digital
+ Equipment Corporation, January 1993, Section "DMA", pp. 1-15 -- 1-17
+
+Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Patchwork: https://patchwork.linux-mips.org/patch/20835/
+Fixes: 205e1b7f51e4 ("dma-mapping: warn when there is no coherent_dma_mask")
+Cc: stable@vger.kernel.org # 4.16+
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tc/tc.c | 8 +++++++-
+ include/linux/tc.h | 1 +
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+--- a/drivers/tc/tc.c
++++ b/drivers/tc/tc.c
+@@ -2,7 +2,7 @@
+ * TURBOchannel bus services.
+ *
+ * Copyright (c) Harald Koerfgen, 1998
+- * Copyright (c) 2001, 2003, 2005, 2006 Maciej W. Rozycki
++ * Copyright (c) 2001, 2003, 2005, 2006, 2018 Maciej W. Rozycki
+ * Copyright (c) 2005 James Simmons
+ *
+ * This file is subject to the terms and conditions of the GNU
+@@ -10,6 +10,7 @@
+ * directory of this archive for more details.
+ */
+ #include <linux/compiler.h>
++#include <linux/dma-mapping.h>
+ #include <linux/errno.h>
+ #include <linux/init.h>
+ #include <linux/ioport.h>
+@@ -92,6 +93,11 @@ static void __init tc_bus_add_devices(st
+ tdev->dev.bus = &tc_bus_type;
+ tdev->slot = slot;
+
++ /* TURBOchannel has 34-bit DMA addressing (16GiB space). */
++ tdev->dma_mask = DMA_BIT_MASK(34);
++ tdev->dev.dma_mask = &tdev->dma_mask;
++ tdev->dev.coherent_dma_mask = DMA_BIT_MASK(34);
++
+ for (i = 0; i < 8; i++) {
+ tdev->firmware[i] =
+ readb(module + offset + TC_FIRM_VER + 4 * i);
+--- a/include/linux/tc.h
++++ b/include/linux/tc.h
+@@ -84,6 +84,7 @@ struct tc_dev {
+ device. */
+ struct device dev; /* Generic device interface. */
+ struct resource resource; /* Address space of this device. */
++ u64 dma_mask; /* DMA addressable range. */
+ char vendor[9];
+ char name[9];
+ char firmware[9];
projects / thirdparty / kernel / stable-queue.git / commitdiff
