--- /dev/null
+From e660dbb68c6b3f7b9eb8b9775846a44f9798b719 Mon Sep 17 00:00:00 2001
+From: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
+Date: Tue, 14 Sep 2021 14:18:06 +0200
+Subject: power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
+
+From: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
+
+commit e660dbb68c6b3f7b9eb8b9775846a44f9798b719 upstream.
+
+max17042_set_soc_threshold gets called with offset set to 1, which means
+that minimum threshold value would underflow once SOC got down to 0,
+causing invalid alerts from the gauge.
+
+Fixes: e5f3872d2044 ("max17042: Add support for signalling change in SOC")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Sebastian Krzyszkowiak <sebastian.krzyszkowiak@puri.sm>
+Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/power/supply/max17042_battery.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/power/supply/max17042_battery.c
++++ b/drivers/power/supply/max17042_battery.c
+@@ -825,7 +825,8 @@ static void max17042_set_soc_threshold(s
+ regmap_read(map, MAX17042_RepSOC, &soc);
+ soc >>= 8;
+ soc_tr = (soc + off) << 8;
+- soc_tr |= (soc - off);
++ if (off < soc)
++ soc_tr |= soc - off;
+ regmap_write(map, MAX17042_SALRT_Th, soc_tr);
+ }
+
--- /dev/null
+From 223a3b82834f036a62aa831f67cbf1f1d644c6e2 Mon Sep 17 00:00:00 2001
+From: Henrik Grimler <henrik@grimler.se>
+Date: Wed, 29 Sep 2021 20:14:17 +0200
+Subject: power: supply: max17042_battery: use VFSOC for capacity when no rsns
+
+From: Henrik Grimler <henrik@grimler.se>
+
+commit 223a3b82834f036a62aa831f67cbf1f1d644c6e2 upstream.
+
+On Galaxy S3 (i9300/i9305), which has the max17047 fuel gauge and no
+current sense resistor (rsns), the RepSOC register does not provide an
+accurate state of charge value. The reported value is wrong, and does
+not change over time. VFSOC however, which uses the voltage fuel gauge
+to determine the state of charge, always shows an accurate value.
+
+For devices without current sense, VFSOC is already used for the
+soc-alert (0x0003 is written to MiscCFG register), so with this change
+the source of the alert and the PROP_CAPACITY value match.
+
+Fixes: 359ab9f5b154 ("power_supply: Add MAX17042 Fuel Gauge Driver")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
+Suggested-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
+Signed-off-by: Henrik Grimler <henrik@grimler.se>
+Reviewed-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/power/supply/max17042_battery.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/power/supply/max17042_battery.c
++++ b/drivers/power/supply/max17042_battery.c
+@@ -303,7 +303,10 @@ static int max17042_get_property(struct
+ val->intval = data * 625 / 8;
+ break;
+ case POWER_SUPPLY_PROP_CAPACITY:
+- ret = regmap_read(map, MAX17042_RepSOC, &data);
++ if (chip->pdata->enable_current_sense)
++ ret = regmap_read(map, MAX17042_RepSOC, &data);
++ else
++ ret = regmap_read(map, MAX17042_VFSOC, &data);
+ if (ret < 0)
+ return ret;
+
--- /dev/null
+From 4f960393a0ee9a39469ceb7c8077ae8db665cc12 Mon Sep 17 00:00:00 2001
+From: Alok Prasad <palok@marvell.com>
+Date: Wed, 27 Oct 2021 18:43:29 +0000
+Subject: RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
+
+From: Alok Prasad <palok@marvell.com>
+
+commit 4f960393a0ee9a39469ceb7c8077ae8db665cc12 upstream.
+
+This patch fixes a crash caused by querying the QP via netlink, and
+corrects the state of GSI qp. GSI qp's have a NULL qed_qp.
+
+The call trace is generated by:
+ $ rdma res show
+
+ BUG: kernel NULL pointer dereference, address: 0000000000000034
+ Hardware name: Dell Inc. PowerEdge R720/0M1GCR, BIOS 1.2.6 05/10/2012
+ RIP: 0010:qed_rdma_query_qp+0x33/0x1a0 [qed]
+ RSP: 0018:ffffba560a08f580 EFLAGS: 00010206
+ RAX: 0000000200000000 RBX: ffffba560a08f5b8 RCX: 0000000000000000
+ RDX: ffffba560a08f5b8 RSI: 0000000000000000 RDI: ffff9807ee458090
+ RBP: ffffba560a08f5a0 R08: 0000000000000000 R09: ffff9807890e7048
+ R10: ffffba560a08f658 R11: 0000000000000000 R12: 0000000000000000
+ R13: ffff9807ee458090 R14: ffff9807f0afb000 R15: ffffba560a08f7ec
+ FS: 00007fbbf8bfe740(0000) GS:ffff980aafa00000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000000000000034 CR3: 00000001720ba001 CR4: 00000000000606f0
+ Call Trace:
+ qedr_query_qp+0x82/0x360 [qedr]
+ ib_query_qp+0x34/0x40 [ib_core]
+ ? ib_query_qp+0x34/0x40 [ib_core]
+ fill_res_qp_entry_query.isra.26+0x47/0x1d0 [ib_core]
+ ? __nla_put+0x20/0x30
+ ? nla_put+0x33/0x40
+ fill_res_qp_entry+0xe3/0x120 [ib_core]
+ res_get_common_dumpit+0x3f8/0x5d0 [ib_core]
+ ? fill_res_cm_id_entry+0x1f0/0x1f0 [ib_core]
+ nldev_res_get_qp_dumpit+0x1a/0x20 [ib_core]
+ netlink_dump+0x156/0x2f0
+ __netlink_dump_start+0x1ab/0x260
+ rdma_nl_rcv+0x1de/0x330 [ib_core]
+ ? nldev_res_get_cm_id_dumpit+0x20/0x20 [ib_core]
+ netlink_unicast+0x1b8/0x270
+ netlink_sendmsg+0x33e/0x470
+ sock_sendmsg+0x63/0x70
+ __sys_sendto+0x13f/0x180
+ ? setup_sgl.isra.12+0x70/0xc0
+ __x64_sys_sendto+0x28/0x30
+ do_syscall_64+0x3a/0xb0
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Cc: stable@vger.kernel.org
+Fixes: cecbcddf6461 ("qedr: Add support for QP verbs")
+Link: https://lore.kernel.org/r/20211027184329.18454-1-palok@marvell.com
+Signed-off-by: Ariel Elior <aelior@marvell.com>
+Signed-off-by: Shai Malin <smalin@marvell.com>
+Signed-off-by: Prabhakar Kushwaha <pkushwaha@marvell.com>
+Signed-off-by: Alok Prasad <palok@marvell.com>
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/infiniband/hw/qedr/verbs.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+--- a/drivers/infiniband/hw/qedr/verbs.c
++++ b/drivers/infiniband/hw/qedr/verbs.c
+@@ -2045,15 +2045,18 @@ int qedr_query_qp(struct ib_qp *ibqp,
+ int rc = 0;
+
+ memset(¶ms, 0, sizeof(params));
+-
+- rc = dev->ops->rdma_query_qp(dev->rdma_ctx, qp->qed_qp, ¶ms);
+- if (rc)
+- goto err;
+-
+ memset(qp_attr, 0, sizeof(*qp_attr));
+ memset(qp_init_attr, 0, sizeof(*qp_init_attr));
+
+- qp_attr->qp_state = qedr_get_ibqp_state(params.state);
++ if (qp->qp_type != IB_QPT_GSI) {
++ rc = dev->ops->rdma_query_qp(dev->rdma_ctx, qp->qed_qp, ¶ms);
++ if (rc)
++ goto err;
++ qp_attr->qp_state = qedr_get_ibqp_state(params.state);
++ } else {
++ qp_attr->qp_state = qedr_get_ibqp_state(QED_ROCE_QP_STATE_RTS);
++ }
++
+ qp_attr->cur_qp_state = qedr_get_ibqp_state(params.state);
+ qp_attr->path_mtu = ib_mtu_int_to_enum(params.mtu);
+ qp_attr->path_mig_state = IB_MIG_MIGRATED;
mwifiex-read-a-pci-register-after-writing-the-tx-ring-write-pointer.patch
libata-fix-checking-of-dma-state.patch
wcn36xx-handle-connection-loss-indication.patch
+rdma-qedr-fix-null-deref-for-query_qp-on-the-gsi-qp.patch
+signal-remove-the-bogus-sigkill_pending-in-ptrace_stop.patch
+signal-mips-update-_save-_restore-_fp_context-to-fail-with-efault.patch
+power-supply-max17042_battery-prevent-int-underflow-in-set_soc_threshold.patch
+power-supply-max17042_battery-use-vfsoc-for-capacity-when-no-rsns.patch
--- /dev/null
+From 95bf9d646c3c3f95cb0be7e703b371db8da5be68 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Wed, 20 Oct 2021 12:43:51 -0500
+Subject: signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit 95bf9d646c3c3f95cb0be7e703b371db8da5be68 upstream.
+
+When an instruction to save or restore a register from the stack fails
+in _save_fp_context or _restore_fp_context return with -EFAULT. This
+change was made to r2300_fpu.S[1] but it looks like it got lost with
+the introduction of EX2[2]. This is also what the other implementation
+of _save_fp_context and _restore_fp_context in r4k_fpu.S does, and
+what is needed for the callers to be able to handle the error.
+
+Furthermore calling do_exit(SIGSEGV) from bad_stack is wrong because
+it does not terminate the entire process it just terminates a single
+thread.
+
+As the changed code was the only caller of arch/mips/kernel/syscall.c:bad_stack
+remove the problematic and now unused helper function.
+
+Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Cc: Maciej Rozycki <macro@orcam.me.uk>
+Cc: linux-mips@vger.kernel.org
+[1] 35938a00ba86 ("MIPS: Fix ISA I FP sigcontext access violation handling")
+[2] f92722dc4545 ("MIPS: Correct MIPS I FP sigcontext layout")
+Cc: stable@vger.kernel.org
+Fixes: f92722dc4545 ("MIPS: Correct MIPS I FP sigcontext layout")
+Acked-by: Maciej W. Rozycki <macro@orcam.me.uk>
+Acked-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Link: https://lkml.kernel.org/r/20211020174406.17889-5-ebiederm@xmission.com
+Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/kernel/r2300_fpu.S | 4 ++--
+ arch/mips/kernel/syscall.c | 9 ---------
+ 2 files changed, 2 insertions(+), 11 deletions(-)
+
+--- a/arch/mips/kernel/r2300_fpu.S
++++ b/arch/mips/kernel/r2300_fpu.S
+@@ -29,8 +29,8 @@
+ #define EX2(a,b) \
+ 9: a,##b; \
+ .section __ex_table,"a"; \
+- PTR 9b,bad_stack; \
+- PTR 9b+4,bad_stack; \
++ PTR 9b,fault; \
++ PTR 9b+4,fault; \
+ .previous
+
+ .set mips1
+--- a/arch/mips/kernel/syscall.c
++++ b/arch/mips/kernel/syscall.c
+@@ -233,12 +233,3 @@ SYSCALL_DEFINE3(cachectl, char *, addr,
+ {
+ return -ENOSYS;
+ }
+-
+-/*
+- * If we ever come here the user sp is bad. Zap the process right away.
+- * Due to the bad stack signaling wouldn't work.
+- */
+-asmlinkage void bad_stack(void)
+-{
+- do_exit(SIGSEGV);
+-}
--- /dev/null
+From 7d613f9f72ec8f90ddefcae038fdae5adb8404b3 Mon Sep 17 00:00:00 2001
+From: "Eric W. Biederman" <ebiederm@xmission.com>
+Date: Wed, 1 Sep 2021 13:21:34 -0500
+Subject: signal: Remove the bogus sigkill_pending in ptrace_stop
+
+From: Eric W. Biederman <ebiederm@xmission.com>
+
+commit 7d613f9f72ec8f90ddefcae038fdae5adb8404b3 upstream.
+
+The existence of sigkill_pending is a little silly as it is
+functionally a duplicate of fatal_signal_pending that is used in
+exactly one place.
+
+Checking for pending fatal signals and returning early in ptrace_stop
+is actively harmful. It casues the ptrace_stop called by
+ptrace_signal to return early before setting current->exit_code.
+Later when ptrace_signal reads the signal number from
+current->exit_code is undefined, making it unpredictable what will
+happen.
+
+Instead rely on the fact that schedule will not sleep if there is a
+pending signal that can awaken a task.
+
+Removing the explict sigkill_pending test fixes fixes ptrace_signal
+when ptrace_stop does not stop because current->exit_code is always
+set to to signr.
+
+Cc: stable@vger.kernel.org
+Fixes: 3d749b9e676b ("ptrace: simplify ptrace_stop()->sigkill_pending() path")
+Fixes: 1a669c2f16d4 ("Add arch_ptrace_stop")
+Link: https://lkml.kernel.org/r/87pmsyx29t.fsf@disp2133
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/signal.c | 19 ++++---------------
+ 1 file changed, 4 insertions(+), 15 deletions(-)
+
+--- a/kernel/signal.c
++++ b/kernel/signal.c
+@@ -1839,16 +1839,6 @@ static inline int may_ptrace_stop(void)
+ }
+
+ /*
+- * Return non-zero if there is a SIGKILL that should be waking us up.
+- * Called with the siglock held.
+- */
+-static int sigkill_pending(struct task_struct *tsk)
+-{
+- return sigismember(&tsk->pending.signal, SIGKILL) ||
+- sigismember(&tsk->signal->shared_pending.signal, SIGKILL);
+-}
+-
+-/*
+ * This must be called with current->sighand->siglock held.
+ *
+ * This should be the path for all ptrace stops.
+@@ -1873,17 +1863,16 @@ static void ptrace_stop(int exit_code, i
+ * calling arch_ptrace_stop, so we must release it now.
+ * To preserve proper semantics, we must do this before
+ * any signal bookkeeping like checking group_stop_count.
+- * Meanwhile, a SIGKILL could come in before we retake the
+- * siglock. That must prevent us from sleeping in TASK_TRACED.
+- * So after regaining the lock, we must check for SIGKILL.
+ */
+ spin_unlock_irq(¤t->sighand->siglock);
+ arch_ptrace_stop(exit_code, info);
+ spin_lock_irq(¤t->sighand->siglock);
+- if (sigkill_pending(current))
+- return;
+ }
+
++ /*
++ * schedule() will not sleep if there is a pending signal that
++ * can awaken the task.
++ */
+ set_special_state(TASK_TRACED);
+
+ /*
projects / thirdparty / kernel / stable-queue.git / commitdiff
