--- /dev/null
+From fe5405353b7359ec0958204bed64f17e059ce1ef Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 28 Oct 2019 11:58:03 +0100
+Subject: ALSA: hda - Fix pending unsol events at shutdown
+
+From: Takashi Iwai <tiwai@suse.de>
+
+[ Upstream commit ca58f55108fee41d87c9123f85ad4863e5de7f45 ]
+
+This is an alternative fix attemp for the issue reported in the commit
+caa8422d01e9 ("ALSA: hda: Flush interrupts on disabling") that was
+reverted later due to regressions. Instead of tweaking the hardware
+disablement order and the enforced irq flushing, do calling
+cancel_work_sync() of the unsol work early enough, and explicitly
+ignore the unsol events during the shutdown by checking the
+bus->shutdown flag.
+
+Fixes: caa8422d01e9 ("ALSA: hda: Flush interrupts on disabling")
+Cc: Chris Wilson <chris@chris-wilson.co.uk>
+Link: https://lore.kernel.org/r/s5h1ruxt9cz.wl-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/pci/hda/hda_bind.c | 4 ++++
+ sound/pci/hda/hda_intel.c | 3 +++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c
+index 8db1890605f60..c175b2cf63f77 100644
+--- a/sound/pci/hda/hda_bind.c
++++ b/sound/pci/hda/hda_bind.c
+@@ -42,6 +42,10 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev)
+ {
+ struct hda_codec *codec = container_of(dev, struct hda_codec, core);
+
++ /* ignore unsol events during shutdown */
++ if (codec->bus->shutdown)
++ return;
++
+ if (codec->patch_ops.unsol_event)
+ codec->patch_ops.unsol_event(codec, ev);
+ }
+diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
+index 0b24c5ce2fd6a..d63fea5d1c929 100644
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -1492,8 +1492,11 @@ static int azx_free(struct azx *chip)
+ static int azx_dev_disconnect(struct snd_device *device)
+ {
+ struct azx *chip = device->device_data;
++ struct hdac_bus *bus = azx_bus(chip);
+
+ chip->bus.shutdown = 1;
++ cancel_work_sync(&bus->unsol_work);
++
+ return 0;
+ }
+
+--
+2.20.1
+
--- /dev/null
+From 3d79a48c6ae292496d090d98c0cb9ae4d10fda55 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 2 Dec 2018 08:38:07 -0800
+Subject: iomap: partially revert 4721a601099 (simulated directio short read on
+ EFAULT)
+
+From: Darrick J. Wong <darrick.wong@oracle.com>
+
+[ Upstream commit 8f67b5adc030553fbc877124306f3f3bdab89aa8 ]
+
+In commit 4721a601099, we tried to fix a problem wherein directio reads
+into a splice pipe will bounce EFAULT/EAGAIN all the way out to
+userspace by simulating a zero-byte short read. This happens because
+some directio read implementations (xfs) will call
+bio_iov_iter_get_pages to grab pipe buffer pages and issue asynchronous
+reads, but as soon as we run out of pipe buffers that _get_pages call
+returns EFAULT, which the splice code translates to EAGAIN and bounces
+out to userspace.
+
+In that commit, the iomap code catches the EFAULT and simulates a
+zero-byte read, but that causes assertion errors on regular splice reads
+because xfs doesn't allow short directio reads. This causes infinite
+splice() loops and assertion failures on generic/095 on overlayfs
+because xfs only permit total success or total failure of a directio
+operation. The underlying issue in the pipe splice code has now been
+fixed by changing the pipe splice loop to avoid avoid reading more data
+than there is space in the pipe.
+
+Therefore, it's no longer necessary to simulate the short directio, so
+remove the hack from iomap.
+
+Fixes: 4721a601099 ("iomap: dio data corruption and spurious errors when pipes fill")
+Reported-by: Murphy Zhou <jencce.kernel@gmail.com>
+Ranted-by: Amir Goldstein <amir73il@gmail.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/iomap.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/fs/iomap.c b/fs/iomap.c
+index a9e40dafcc1ca..03edf62633dcc 100644
+--- a/fs/iomap.c
++++ b/fs/iomap.c
+@@ -1900,15 +1900,6 @@ iomap_dio_rw(struct kiocb *iocb, struct iov_iter *iter,
+ wait_for_completion = true;
+ ret = 0;
+ }
+-
+- /*
+- * Splicing to pipes can fail on a full pipe. We have to
+- * swallow this to make it look like a short IO
+- * otherwise the higher splice layers will completely
+- * mishandle the error and stop moving data.
+- */
+- if (ret == -EFAULT)
+- ret = 0;
+ break;
+ }
+ pos += ret;
+--
+2.20.1
+
--- /dev/null
+From 66f38362c64111fc651ebd2013830ac4393e579d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 21 Sep 2019 09:00:31 +0300
+Subject: md/raid0: Fix an error message in raid0_make_request()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit e3fc3f3d0943b126f76b8533960e4168412d9e5a ]
+
+The first argument to WARN() is supposed to be a condition. The
+original code will just print the mdname() instead of the full warning
+message.
+
+Fixes: c84a1372df92 ("md/raid0: avoid RAID0 data corruption due to layout confusion.")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Song Liu <songliubraving@fb.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/md/raid0.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
+index 3cafbfd655f5d..475e5f8b22873 100644
+--- a/drivers/md/raid0.c
++++ b/drivers/md/raid0.c
+@@ -620,7 +620,7 @@ static bool raid0_make_request(struct mddev *mddev, struct bio *bio)
+ tmp_dev = map_sector(mddev, zone, sector, §or);
+ break;
+ default:
+- WARN("md/raid0:%s: Invalid layout\n", mdname(mddev));
++ WARN(1, "md/raid0:%s: Invalid layout\n", mdname(mddev));
+ bio_io_error(bio);
+ return true;
+ }
+--
+2.20.1
+
--- /dev/null
+From bcc2c2362f5ac3569b9d03500cdbb78bd7561ee5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 Nov 2019 11:56:31 +0200
+Subject: perf script: Fix invalid LBR/binary mismatch error
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+[ Upstream commit 5172672da02e483d9b3c4d814c3482d0c8ffb1a6 ]
+
+The 'len' returned by grab_bb() includes an extra MAXINSN bytes to allow
+for the last instruction, so the the final 'offs' will not be 'len'.
+Fix the error condition logic accordingly.
+
+Before:
+
+ $ perf record -e '{intel_pt//,cpu/mem_inst_retired.all_loads,aux-sample-size=8192/pp}:u' grep -rqs jhgjhg /boot
+ [ perf record: Woken up 19 times to write data ]
+ [ perf record: Captured and wrote 2.274 MB perf.data ]
+ $ perf script -F +brstackinsn --xed --itrace=i1usl100 | head
+ grep 13759 [002] 8091.310257: 1862 instructions:uH: 5641d58069eb bmexec+0x86b (/bin/grep)
+ bmexec+2485:
+ 00005641d5806b35 jnz 0x5641d5806bd0 # MISPRED
+ 00005641d5806bd0 movzxb (%r13,%rdx,1), %eax
+ 00005641d5806bd6 add %rdi, %rax
+ 00005641d5806bd9 movzxb -0x1(%rax), %edx
+ 00005641d5806bdd cmp %rax, %r14
+ 00005641d5806be0 jnb 0x5641d58069c0 # MISPRED
+ mismatch of LBR data and executable
+ 00005641d58069c0 movzxb (%r13,%rdx,1), %edi
+
+After:
+
+ $ perf script -F +brstackinsn --xed --itrace=i1usl100 | head
+ grep 13759 [002] 8091.310257: 1862 instructions:uH: 5641d58069eb bmexec+0x86b (/bin/grep)
+ bmexec+2485:
+ 00005641d5806b35 jnz 0x5641d5806bd0 # MISPRED
+ 00005641d5806bd0 movzxb (%r13,%rdx,1), %eax
+ 00005641d5806bd6 add %rdi, %rax
+ 00005641d5806bd9 movzxb -0x1(%rax), %edx
+ 00005641d5806bdd cmp %rax, %r14
+ 00005641d5806be0 jnb 0x5641d58069c0 # MISPRED
+ 00005641d58069c0 movzxb (%r13,%rdx,1), %edi
+ 00005641d58069c6 add %rax, %rdi
+
+Fixes: e98df280bc2a ("perf script brstackinsn: Fix recovery from LBR/binary mismatch")
+Reported-by: Andi Kleen <ak@linux.intel.com>
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Link: http://lore.kernel.org/lkml/20191127095631.15663-1-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/builtin-script.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/perf/builtin-script.c b/tools/perf/builtin-script.c
+index d20f851796c52..a4c78499c838b 100644
+--- a/tools/perf/builtin-script.c
++++ b/tools/perf/builtin-script.c
+@@ -1037,7 +1037,7 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample,
+ insn++;
+ }
+ }
+- if (off != (unsigned)len)
++ if (off != end - start)
+ printed += fprintf(fp, "\tmismatch of LBR data and executable\n");
+ }
+
+--
+2.20.1
+
vcs-prevent-write-access-to-vcsu-devices.patch
binder-fix-race-between-mmap-and-binder_alloc_print_pages.patch
binder-handle-start-null-in-binder_update_page_range.patch
+alsa-hda-fix-pending-unsol-events-at-shutdown.patch
+md-raid0-fix-an-error-message-in-raid0_make_request.patch
+watchdog-aspeed-fix-clock-behaviour-for-ast2600.patch
+perf-script-fix-invalid-lbr-binary-mismatch-error.patch
+splice-don-t-read-more-than-available-pipe-space.patch
+iomap-partially-revert-4721a601099-simulated-directi.patch
--- /dev/null
+From e93dba9d0ead86be962cfc2c21046151f95394a5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 30 Nov 2018 10:37:49 -0800
+Subject: splice: don't read more than available pipe space
+
+From: Darrick J. Wong <darrick.wong@oracle.com>
+
+[ Upstream commit 17614445576b6af24e9cf36607c6448164719c96 ]
+
+In commit 4721a601099, we tried to fix a problem wherein directio reads
+into a splice pipe will bounce EFAULT/EAGAIN all the way out to
+userspace by simulating a zero-byte short read. This happens because
+some directio read implementations (xfs) will call
+bio_iov_iter_get_pages to grab pipe buffer pages and issue asynchronous
+reads, but as soon as we run out of pipe buffers that _get_pages call
+returns EFAULT, which the splice code translates to EAGAIN and bounces
+out to userspace.
+
+In that commit, the iomap code catches the EFAULT and simulates a
+zero-byte read, but that causes assertion errors on regular splice reads
+because xfs doesn't allow short directio reads.
+
+The brokenness is compounded by splice_direct_to_actor immediately
+bailing on do_splice_to returning <= 0 without ever calling ->actor
+(which empties out the pipe), so if userspace calls back we'll EFAULT
+again on the full pipe, and nothing ever gets copied.
+
+Therefore, teach splice_direct_to_actor to clamp its requests to the
+amount of free space in the pipe and remove the simulated short read
+from the iomap directio code.
+
+Fixes: 4721a601099 ("iomap: dio data corruption and spurious errors when pipes fill")
+Reported-by: Murphy Zhou <jencce.kernel@gmail.com>
+Ranted-by: Amir Goldstein <amir73il@gmail.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/splice.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/fs/splice.c b/fs/splice.c
+index 485e409ef841b..8af8c318afd64 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -946,11 +946,16 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
+ sd->flags &= ~SPLICE_F_NONBLOCK;
+ more = sd->flags & SPLICE_F_MORE;
+
++ WARN_ON_ONCE(pipe->nrbufs != 0);
++
+ while (len) {
+ size_t read_len;
+ loff_t pos = sd->pos, prev_pos = pos;
+
+- ret = do_splice_to(in, &pos, pipe, len, flags);
++ /* Don't try to read more the pipe has space for. */
++ read_len = min_t(size_t, len,
++ (pipe->buffers - pipe->nrbufs) << PAGE_SHIFT);
++ ret = do_splice_to(in, &pos, pipe, read_len, flags);
+ if (unlikely(ret <= 0))
+ goto out_release;
+
+--
+2.20.1
+
--- /dev/null
+From b21ad0347da78b8fa0751e3ed9a9fdb271d1e278 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 8 Nov 2019 13:59:05 +1030
+Subject: watchdog: aspeed: Fix clock behaviour for ast2600
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Joel Stanley <joel@jms.id.au>
+
+[ Upstream commit c04571251b3d842096f1597f5d4badb508be016d ]
+
+The ast2600 no longer uses bit 4 in the control register to indicate a
+1MHz clock (It now controls whether this watchdog is reset by a SOC
+reset). This means we do not want to set it. It also does not need to be
+set for the ast2500, as it is read-only on that SoC.
+
+The comment next to the clock rate selection wandered away from where it
+was set, so put it back next to the register setting it's describing.
+
+Fixes: b3528b487448 ("watchdog: aspeed: Add support for AST2600")
+Signed-off-by: Joel Stanley <joel@jms.id.au>
+Reviewed-by: Cédric Le Goater <clg@kaod.org>
+Reviewed-by: Guenter Roeck <linux@roeck-us.net>
+Link: https://lore.kernel.org/r/20191108032905.22463-1-joel@jms.id.au
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/watchdog/aspeed_wdt.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/watchdog/aspeed_wdt.c b/drivers/watchdog/aspeed_wdt.c
+index ffde179a9bb2c..d84d6cbd96977 100644
+--- a/drivers/watchdog/aspeed_wdt.c
++++ b/drivers/watchdog/aspeed_wdt.c
+@@ -207,11 +207,6 @@ static int aspeed_wdt_probe(struct platform_device *pdev)
+ if (IS_ERR(wdt->base))
+ return PTR_ERR(wdt->base);
+
+- /*
+- * The ast2400 wdt can run at PCLK, or 1MHz. The ast2500 only
+- * runs at 1MHz. We chose to always run at 1MHz, as there's no
+- * good reason to have a faster watchdog counter.
+- */
+ wdt->wdd.info = &aspeed_wdt_info;
+ wdt->wdd.ops = &aspeed_wdt_ops;
+ wdt->wdd.max_hw_heartbeat_ms = WDT_MAX_TIMEOUT_MS;
+@@ -227,7 +222,16 @@ static int aspeed_wdt_probe(struct platform_device *pdev)
+ return -EINVAL;
+ config = ofdid->data;
+
+- wdt->ctrl = WDT_CTRL_1MHZ_CLK;
++ /*
++ * On clock rates:
++ * - ast2400 wdt can run at PCLK, or 1MHz
++ * - ast2500 only runs at 1MHz, hard coding bit 4 to 1
++ * - ast2600 always runs at 1MHz
++ *
++ * Set the ast2400 to run at 1MHz as it simplifies the driver.
++ */
++ if (of_device_is_compatible(np, "aspeed,ast2400-wdt"))
++ wdt->ctrl = WDT_CTRL_1MHZ_CLK;
+
+ /*
+ * Control reset on a per-device basis to ensure the
+--
+2.20.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
