--- /dev/null
+From 238734262142075056653b4de091458e0ca858f2 Mon Sep 17 00:00:00 2001
+From: Chris Wilson <chris@chris-wilson.co.uk>
+Date: Fri, 21 Feb 2020 22:18:18 +0000
+Subject: drm/i915: Avoid recursing onto active vma from the shrinker
+
+From: Chris Wilson <chris@chris-wilson.co.uk>
+
+commit 238734262142075056653b4de091458e0ca858f2 upstream.
+
+We mark the vma as active while binding it in order to protect outselves
+from being shrunk under mempressure. This only works if we are strict in
+not attempting to shrink active objects.
+
+<6> [472.618968] Workqueue: events_unbound fence_work [i915]
+<4> [472.618970] Call Trace:
+<4> [472.618974] ? __schedule+0x2e5/0x810
+<4> [472.618978] schedule+0x37/0xe0
+<4> [472.618982] schedule_preempt_disabled+0xf/0x20
+<4> [472.618984] __mutex_lock+0x281/0x9c0
+<4> [472.618987] ? mark_held_locks+0x49/0x70
+<4> [472.618989] ? _raw_spin_unlock_irqrestore+0x47/0x60
+<4> [472.619038] ? i915_vma_unbind+0xae/0x110 [i915]
+<4> [472.619084] ? i915_vma_unbind+0xae/0x110 [i915]
+<4> [472.619122] i915_vma_unbind+0xae/0x110 [i915]
+<4> [472.619165] i915_gem_object_unbind+0x1dc/0x400 [i915]
+<4> [472.619208] i915_gem_shrink+0x328/0x660 [i915]
+<4> [472.619250] ? i915_gem_shrink_all+0x38/0x60 [i915]
+<4> [472.619282] i915_gem_shrink_all+0x38/0x60 [i915]
+<4> [472.619325] vm_alloc_page.constprop.25+0x1aa/0x240 [i915]
+<4> [472.619330] ? rcu_read_lock_sched_held+0x4d/0x80
+<4> [472.619363] ? __alloc_pd+0xb/0x30 [i915]
+<4> [472.619366] ? module_assert_mutex_or_preempt+0xf/0x30
+<4> [472.619368] ? __module_address+0x23/0xe0
+<4> [472.619371] ? is_module_address+0x26/0x40
+<4> [472.619374] ? static_obj+0x34/0x50
+<4> [472.619376] ? lockdep_init_map+0x4d/0x1e0
+<4> [472.619407] setup_page_dma+0xd/0x90 [i915]
+<4> [472.619437] alloc_pd+0x29/0x50 [i915]
+<4> [472.619470] __gen8_ppgtt_alloc+0x443/0x6b0 [i915]
+<4> [472.619503] gen8_ppgtt_alloc+0xd7/0x300 [i915]
+<4> [472.619535] ppgtt_bind_vma+0x2a/0xe0 [i915]
+<4> [472.619577] __vma_bind+0x26/0x40 [i915]
+<4> [472.619611] fence_work+0x1c/0x90 [i915]
+<4> [472.619617] process_one_work+0x26a/0x620
+
+Fixes: 2850748ef876 ("drm/i915: Pull i915_vma_pin under the vm->mutex")
+Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
+Cc: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
+Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20200221221818.2861432-1-chris@chris-wilson.co.uk
+(cherry picked from commit 6f24e41022f28061368776ea1514db0a6e67a9b1)
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/i915/gem/i915_gem_shrinker.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/gpu/drm/i915/gem/i915_gem_shrinker.c
++++ b/drivers/gpu/drm/i915/gem/i915_gem_shrinker.c
+@@ -257,8 +257,7 @@ unsigned long i915_gem_shrink_all(struct
+ with_intel_runtime_pm(&i915->runtime_pm, wakeref) {
+ freed = i915_gem_shrink(i915, -1UL, NULL,
+ I915_SHRINK_BOUND |
+- I915_SHRINK_UNBOUND |
+- I915_SHRINK_ACTIVE);
++ I915_SHRINK_UNBOUND);
+ }
+
+ return freed;
+@@ -337,7 +336,6 @@ i915_gem_shrinker_oom(struct notifier_bl
+ freed_pages = 0;
+ with_intel_runtime_pm(&i915->runtime_pm, wakeref)
+ freed_pages += i915_gem_shrink(i915, -1UL, NULL,
+- I915_SHRINK_ACTIVE |
+ I915_SHRINK_BOUND |
+ I915_SHRINK_UNBOUND |
+ I915_SHRINK_WRITEBACK);
--- /dev/null
+From b549c252b1292aea959cd9b83537fcb9384a6112 Mon Sep 17 00:00:00 2001
+From: Tina Zhang <tina.zhang@intel.com>
+Date: Tue, 25 Feb 2020 13:35:27 +0800
+Subject: drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime
+
+From: Tina Zhang <tina.zhang@intel.com>
+
+commit b549c252b1292aea959cd9b83537fcb9384a6112 upstream.
+
+Deleting dmabuf item's list head after releasing its container can lead
+to KASAN-reported issue:
+
+ BUG: KASAN: use-after-free in __list_del_entry_valid+0x15/0xf0
+ Read of size 8 at addr ffff88818a4598a8 by task kworker/u8:3/13119
+
+So fix this issue by puting deleting dmabuf_objs ahead of releasing its
+container.
+
+Fixes: dfb6ae4e14bd6 ("drm/i915/gvt: Handle orphan dmabuf_objs")
+Signed-off-by: Tina Zhang <tina.zhang@intel.com>
+Reviewed-by: Zhenyu Wang <zhenyuw@linux.intel.com>
+Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
+Link: http://patchwork.freedesktop.org/patch/msgid/20200225053527.8336-2-tina.zhang@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/i915/gvt/dmabuf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/i915/gvt/dmabuf.c
++++ b/drivers/gpu/drm/i915/gvt/dmabuf.c
+@@ -151,12 +151,12 @@ static void dmabuf_gem_object_free(struc
+ dmabuf_obj = container_of(pos,
+ struct intel_vgpu_dmabuf_obj, list);
+ if (dmabuf_obj == obj) {
++ list_del(pos);
+ intel_gvt_hypervisor_put_vfio_device(vgpu);
+ idr_remove(&vgpu->object_idr,
+ dmabuf_obj->dmabuf_id);
+ kfree(dmabuf_obj->info);
+ kfree(dmabuf_obj);
+- list_del(pos);
+ break;
+ }
+ }
--- /dev/null
+From 3eb55e6f753a379e293395de8d5f3be28351a7f8 Mon Sep 17 00:00:00 2001
+From: Tina Zhang <tina.zhang@intel.com>
+Date: Fri, 21 Feb 2020 10:32:34 +0800
+Subject: drm/i915/gvt: Separate display reset from ALL_ENGINES reset
+
+From: Tina Zhang <tina.zhang@intel.com>
+
+commit 3eb55e6f753a379e293395de8d5f3be28351a7f8 upstream.
+
+ALL_ENGINES reset doesn't clobber display with the current gvt-g
+supported platforms. Thus ALL_ENGINES reset shouldn't reset the
+display engine registers emulated by gvt-g.
+
+This fixes guest warning like
+
+[ 14.622026] [drm] Initialized i915 1.6.0 20200114 for 0000:00:03.0 on minor 0
+[ 14.967917] fbcon: i915drmfb (fb0) is primary device
+[ 25.100188] [drm:drm_atomic_helper_wait_for_dependencies [drm_kms_helper]] E RROR [CRTC:51:pipe A] flip_done timed out
+[ 25.100860] -----------[ cut here ]-----------
+[ 25.100861] pll on state mismatch (expected 0, found 1)
+[ 25.101024] WARNING: CPU: 1 PID: 30 at drivers/gpu/drm/i915/display/intel_dis play.c:14382 verify_single_dpll_state.isra.115+0x28f/0x320 [i915]
+[ 25.101025] Modules linked in: intel_rapl_msr intel_rapl_common kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel i915 aesni_intel cr ypto_simd cryptd glue_helper cec rc_core video drm_kms_helper joydev drm input_l eds i2c_algo_bit serio_raw fb_sys_fops syscopyarea sysfillrect sysimgblt mac_hid qemu_fw_cfg sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 e1000 psmouse i2c_piix4 pata_acpi floppy
+[ 25.101052] CPU: 1 PID: 30 Comm: kworker/u4:1 Not tainted 5.5.0+ #1
+[ 25.101053] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1 .12.1-0-ga5cab58 04/01/2014
+[ 25.101055] Workqueue: events_unbound async_run_entry_fn
+[ 25.101092] RIP: 0010:verify_single_dpll_state.isra.115+0x28f/0x320 [i915]
+[ 25.101093] Code: e0 d9 ff e9 a3 fe ff ff 80 3d e9 c2 11 00 00 44 89 f6 48 c7 c7 c0 9d 88 c0 75 3b e8 eb df d9 ff e9 c7 fe ff ff e8 d1 e0 ae c4 <0f> 0b e9 7a fe ff ff 80 3d c0 c2 11 00 00 8d 71 41 89 c2 48 c7 c7
+[ 25.101093] RSP: 0018:ffffb1de80107878 EFLAGS: 00010286
+[ 25.101094] RAX: 0000000000000000 RBX: ffffb1de80107884 RCX: 0000000000000007
+[ 25.101095] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff94fdfdd19740
+[ 25.101095] RBP: ffffb1de80107938 R08: 0000000d6bfdc7b4 R09: 000000000000002b
+[ 25.101096] R10: ffff94fdf82dc000 R11: 0000000000000225 R12: 00000000000001f8
+[ 25.101096] R13: ffff94fdb3ca6a90 R14: ffff94fdb3ca0000 R15: 0000000000000000
+[ 25.101097] FS: 0000000000000000(0000) GS:ffff94fdfdd00000(0000) knlGS:00000 00000000000
+[ 25.101098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 25.101098] CR2: 00007fbc3e2be9c8 CR3: 000000003339a003 CR4: 0000000000360ee0
+[ 25.101101] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 25.101101] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 25.101102] Call Trace:
+[ 25.101139] intel_atomic_commit_tail+0xde4/0x1520 [i915]
+[ 25.101141] ? flush_workqueue_prep_pwqs+0xfa/0x130
+[ 25.101142] ? flush_workqueue+0x198/0x3c0
+[ 25.101174] intel_atomic_commit+0x2ad/0x320 [i915]
+[ 25.101209] drm_atomic_commit+0x4a/0x50 [drm]
+[ 25.101220] drm_client_modeset_commit_atomic+0x1c4/0x200 [drm]
+[ 25.101231] drm_client_modeset_commit_force+0x47/0x170 [drm]
+[ 25.101250] drm_fb_helper_restore_fbdev_mode_unlocked+0x4e/0xa0 [drm_kms_hel per]
+[ 25.101255] drm_fb_helper_set_par+0x2d/0x60 [drm_kms_helper]
+[ 25.101287] intel_fbdev_set_par+0x1a/0x40 [i915]
+[ 25.101289] ? con_is_visible+0x2e/0x60
+[ 25.101290] fbcon_init+0x378/0x600
+[ 25.101292] visual_init+0xd5/0x130
+[ 25.101296] do_bind_con_driver+0x217/0x430
+[ 25.101297] do_take_over_console+0x7d/0x1b0
+[ 25.101298] do_fbcon_takeover+0x5c/0xb0
+[ 25.101299] fbcon_fb_registered+0x199/0x1a0
+[ 25.101301] register_framebuffer+0x22c/0x330
+[ 25.101306] __drm_fb_helper_initial_config_and_unlock+0x31a/0x520 [drm_kms_h elper]
+[ 25.101311] drm_fb_helper_initial_config+0x35/0x40 [drm_kms_helper]
+[ 25.101341] intel_fbdev_initial_config+0x18/0x30 [i915]
+[ 25.101342] async_run_entry_fn+0x3c/0x150
+[ 25.101343] process_one_work+0x1fd/0x3f0
+[ 25.101344] worker_thread+0x34/0x410
+[ 25.101346] kthread+0x121/0x140
+[ 25.101346] ? process_one_work+0x3f0/0x3f0
+[ 25.101347] ? kthread_park+0x90/0x90
+[ 25.101350] ret_from_fork+0x35/0x40
+[ 25.101351] --[ end trace b5b47d44cd998ba1 ]--
+
+Fixes: 6294b61ba769 ("drm/i915/gvt: add missing display part reset for vGPU reset")
+Signed-off-by: Tina Zhang <tina.zhang@intel.com>
+Reviewed-by: Zhenyu Wang <zhenyuw@linux.intel.com>
+Signed-off-by: Zhenyu Wang <zhenyuw@linux.intel.com>
+Link: http://patchwork.freedesktop.org/patch/msgid/20200221023234.28635-1-tina.zhang@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/i915/gvt/vgpu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/i915/gvt/vgpu.c
++++ b/drivers/gpu/drm/i915/gvt/vgpu.c
+@@ -560,9 +560,9 @@ void intel_gvt_reset_vgpu_locked(struct
+
+ intel_vgpu_reset_mmio(vgpu, dmlr);
+ populate_pvinfo_page(vgpu);
+- intel_vgpu_reset_display(vgpu);
+
+ if (dmlr) {
++ intel_vgpu_reset_display(vgpu);
+ intel_vgpu_reset_cfg_space(vgpu);
+ /* only reset the failsafe mode when dmlr reset */
+ vgpu->failsafe = false;
--- /dev/null
+From 8d2e77b39b8fecb794e19cd006a12f90b14dd077 Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Wed, 4 Dec 2019 04:35:25 +0100
+Subject: HID: alps: Fix an error handling path in 'alps_input_configured()'
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit 8d2e77b39b8fecb794e19cd006a12f90b14dd077 upstream.
+
+They are issues:
+ - if 'input_allocate_device()' fails and return NULL, there is no need
+ to free anything and 'input_free_device()' call is a no-op. It can
+ be axed.
+ - 'ret' is known to be 0 at this point, so we must set it to a
+ meaningful value before returning
+
+Fixes: 2562756dde55 ("HID: add Alps I2C HID Touchpad-Stick support")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-alps.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hid/hid-alps.c
++++ b/drivers/hid/hid-alps.c
+@@ -730,7 +730,7 @@ static int alps_input_configured(struct
+ if (data->has_sp) {
+ input2 = input_allocate_device();
+ if (!input2) {
+- input_free_device(input2);
++ ret = -ENOMEM;
+ goto exit;
+ }
+
--- /dev/null
+From 5c02c447eaeda29d3da121a2e17b97ccaf579b51 Mon Sep 17 00:00:00 2001
+From: "dan.carpenter@oracle.com" <dan.carpenter@oracle.com>
+Date: Wed, 15 Jan 2020 20:46:28 +0300
+Subject: HID: hiddev: Fix race in in hiddev_disconnect()
+
+From: dan.carpenter@oracle.com <dan.carpenter@oracle.com>
+
+commit 5c02c447eaeda29d3da121a2e17b97ccaf579b51 upstream.
+
+Syzbot reports that "hiddev" is used after it's free in hiddev_disconnect().
+The hiddev_disconnect() function sets "hiddev->exist = 0;" so
+hiddev_release() can free it as soon as we drop the "existancelock"
+lock. This patch moves the mutex_unlock(&hiddev->existancelock) until
+after we have finished using it.
+
+Reported-by: syzbot+784ccb935f9900cc7c9e@syzkaller.appspotmail.com
+Fixes: 7f77897ef2b6 ("HID: hiddev: fix potential use-after-free")
+Suggested-by: Alan Stern <stern@rowland.harvard.edu>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/usbhid/hiddev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/hid/usbhid/hiddev.c
++++ b/drivers/hid/usbhid/hiddev.c
+@@ -932,9 +932,9 @@ void hiddev_disconnect(struct hid_device
+ hiddev->exist = 0;
+
+ if (hiddev->open) {
+- mutex_unlock(&hiddev->existancelock);
+ hid_hw_close(hiddev->hid);
+ wake_up_interruptible(&hiddev->wait);
++ mutex_unlock(&hiddev->existancelock);
+ } else {
+ mutex_unlock(&hiddev->existancelock);
+ kfree(hiddev);
--- /dev/null
+From f6f13c125e05603f68f5bf31f045b95e6d493598 Mon Sep 17 00:00:00 2001
+From: Haiyang Zhang <haiyangz@microsoft.com>
+Date: Fri, 21 Feb 2020 08:32:18 -0800
+Subject: hv_netvsc: Fix unwanted wakeup in netvsc_attach()
+
+From: Haiyang Zhang <haiyangz@microsoft.com>
+
+commit f6f13c125e05603f68f5bf31f045b95e6d493598 upstream.
+
+When netvsc_attach() is called by operations like changing MTU, etc.,
+an extra wakeup may happen while netvsc_attach() calling
+rndis_filter_device_add() which sends rndis messages when queue is
+stopped in netvsc_detach(). The completion message will wake up queue 0.
+
+We can reproduce the issue by changing MTU etc., then the wake_queue
+counter from "ethtool -S" will increase beyond stop_queue counter:
+ stop_queue: 0
+ wake_queue: 1
+The issue causes queue wake up, and counter increment, no other ill
+effects in current code. So we didn't see any network problem for now.
+
+To fix this, initialize tx_disable to true, and set it to false when
+the NIC is ready to be attached or registered.
+
+Fixes: 7b2ee50c0cd5 ("hv_netvsc: common detach logic")
+Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/hyperv/netvsc.c | 2 +-
+ drivers/net/hyperv/netvsc_drv.c | 3 +++
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/hyperv/netvsc.c
++++ b/drivers/net/hyperv/netvsc.c
+@@ -99,7 +99,7 @@ static struct netvsc_device *alloc_net_d
+
+ init_waitqueue_head(&net_device->wait_drain);
+ net_device->destroy = false;
+- net_device->tx_disable = false;
++ net_device->tx_disable = true;
+
+ net_device->max_pkt = RNDIS_MAX_PKT_DEFAULT;
+ net_device->pkt_align = RNDIS_PKT_ALIGN_DEFAULT;
+--- a/drivers/net/hyperv/netvsc_drv.c
++++ b/drivers/net/hyperv/netvsc_drv.c
+@@ -977,6 +977,7 @@ static int netvsc_attach(struct net_devi
+ }
+
+ /* In any case device is now ready */
++ nvdev->tx_disable = false;
+ netif_device_attach(ndev);
+
+ /* Note: enable and attach happen when sub-channels setup */
+@@ -2354,6 +2355,8 @@ static int netvsc_probe(struct hv_device
+ else
+ net->max_mtu = ETH_DATA_LEN;
+
++ nvdev->tx_disable = false;
++
+ ret = register_netdevice(net);
+ if (ret != 0) {
+ pr_err("Unable to register netdev.\n");
--- /dev/null
+From 54498e8070e19e74498a72c7331348143e7e1f8c Mon Sep 17 00:00:00 2001
+From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
+Date: Tue, 11 Feb 2020 08:47:04 -0600
+Subject: i2c: altera: Fix potential integer overflow
+
+From: Gustavo A. R. Silva <gustavo@embeddedor.com>
+
+commit 54498e8070e19e74498a72c7331348143e7e1f8c upstream.
+
+Factor out 100 from the equation and do 32-bit arithmetic (3 * clk_mhz / 10)
+instead of 64-bit.
+
+Notice that clk_mhz is MHz, so the multiplication will never wrap 32 bits
+and there is no need for div_u64().
+
+Addresses-Coverity: 1458369 ("Unintentional integer overflow")
+Fixes: 0560ad576268 ("i2c: altera: Add Altera I2C Controller driver")
+Suggested-by: David Laight <David.Laight@ACULAB.COM>
+Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
+Reviewed-by: Thor Thayer <thor.thayer@linux.intel.com>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-altera.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/i2c/busses/i2c-altera.c
++++ b/drivers/i2c/busses/i2c-altera.c
+@@ -171,7 +171,7 @@ static void altr_i2c_init(struct altr_i2
+ /* SCL Low Time */
+ writel(t_low, idev->base + ALTR_I2C_SCL_LOW);
+ /* SDA Hold Time, 300ns */
+- writel(div_u64(300 * clk_mhz, 1000), idev->base + ALTR_I2C_SDA_HOLD);
++ writel(3 * clk_mhz / 10, idev->base + ALTR_I2C_SDA_HOLD);
+
+ /* Mask all master interrupt bits */
+ altr_i2c_int_enable(idev, ALTR_I2C_ALL_IRQ, false);
--- /dev/null
+From 9e661cedcc0a072d91a32cb88e0515ea26e35711 Mon Sep 17 00:00:00 2001
+From: Wolfram Sang <wsa@the-dreams.de>
+Date: Wed, 12 Feb 2020 10:35:30 +0100
+Subject: i2c: jz4780: silence log flood on txabrt
+
+From: Wolfram Sang <wsa@the-dreams.de>
+
+commit 9e661cedcc0a072d91a32cb88e0515ea26e35711 upstream.
+
+The printout for txabrt is way too talkative and is highly annoying with
+scanning programs like 'i2cdetect'. Reduce it to the minimum, the rest
+can be gained by I2C core debugging and datasheet information. Also,
+make it a debug printout, it won't help the regular user.
+
+Fixes: ba92222ed63a ("i2c: jz4780: Add i2c bus controller driver for Ingenic JZ4780")
+Reported-by: H. Nikolaus Schaller <hns@goldelico.com>
+Tested-by: H. Nikolaus Schaller <hns@goldelico.com>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-jz4780.c | 36 ++----------------------------------
+ 1 file changed, 2 insertions(+), 34 deletions(-)
+
+--- a/drivers/i2c/busses/i2c-jz4780.c
++++ b/drivers/i2c/busses/i2c-jz4780.c
+@@ -73,25 +73,6 @@
+ #define JZ4780_I2C_STA_TFNF BIT(1)
+ #define JZ4780_I2C_STA_ACT BIT(0)
+
+-static const char * const jz4780_i2c_abrt_src[] = {
+- "ABRT_7B_ADDR_NOACK",
+- "ABRT_10ADDR1_NOACK",
+- "ABRT_10ADDR2_NOACK",
+- "ABRT_XDATA_NOACK",
+- "ABRT_GCALL_NOACK",
+- "ABRT_GCALL_READ",
+- "ABRT_HS_ACKD",
+- "SBYTE_ACKDET",
+- "ABRT_HS_NORSTRT",
+- "SBYTE_NORSTRT",
+- "ABRT_10B_RD_NORSTRT",
+- "ABRT_MASTER_DIS",
+- "ARB_LOST",
+- "SLVFLUSH_TXFIFO",
+- "SLV_ARBLOST",
+- "SLVRD_INTX",
+-};
+-
+ #define JZ4780_I2C_INTST_IGC BIT(11)
+ #define JZ4780_I2C_INTST_ISTT BIT(10)
+ #define JZ4780_I2C_INTST_ISTP BIT(9)
+@@ -529,21 +510,8 @@ done:
+
+ static void jz4780_i2c_txabrt(struct jz4780_i2c *i2c, int src)
+ {
+- int i;
+-
+- dev_err(&i2c->adap.dev, "txabrt: 0x%08x\n", src);
+- dev_err(&i2c->adap.dev, "device addr=%x\n",
+- jz4780_i2c_readw(i2c, JZ4780_I2C_TAR));
+- dev_err(&i2c->adap.dev, "send cmd count:%d %d\n",
+- i2c->cmd, i2c->cmd_buf[i2c->cmd]);
+- dev_err(&i2c->adap.dev, "receive data count:%d %d\n",
+- i2c->cmd, i2c->data_buf[i2c->cmd]);
+-
+- for (i = 0; i < 16; i++) {
+- if (src & BIT(i))
+- dev_dbg(&i2c->adap.dev, "I2C TXABRT[%d]=%s\n",
+- i, jz4780_i2c_abrt_src[i]);
+- }
++ dev_dbg(&i2c->adap.dev, "txabrt: 0x%08x, cmd: %d, send: %d, recv: %d\n",
++ src, i2c->cmd, i2c->cmd_buf[i2c->cmd], i2c->data_buf[i2c->cmd]);
+ }
+
+ static inline int jz4780_i2c_xfer_read(struct jz4780_i2c *i2c,
--- /dev/null
+From 7a04960560640ac5b0b89461f7757322b57d0c7a Mon Sep 17 00:00:00 2001
+From: Masahiro Yamada <masahiroy@kernel.org>
+Date: Sun, 23 Feb 2020 04:04:31 +0900
+Subject: kbuild: fix DT binding schema rule to detect command line changes
+
+From: Masahiro Yamada <masahiroy@kernel.org>
+
+commit 7a04960560640ac5b0b89461f7757322b57d0c7a upstream.
+
+This if_change_rule is not working properly; it cannot detect any
+command line change.
+
+The reason is because cmd-check in scripts/Kbuild.include compares
+$(cmd_$@) and $(cmd_$1), but cmd_dtc_dt_yaml does not exist here.
+
+For if_change_rule to work properly, the stem part of cmd_* and rule_*
+must match. Because this cmd_and_fixdep invokes cmd_dtc, this rule must
+be named rule_dtc.
+
+Fixes: 4f0e3a57d6eb ("kbuild: Add support for DT binding schema checks")
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Acked-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ scripts/Makefile.lib | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/scripts/Makefile.lib
++++ b/scripts/Makefile.lib
+@@ -291,13 +291,13 @@ DT_TMP_SCHEMA := $(objtree)/$(DT_BINDING
+ quiet_cmd_dtb_check = CHECK $@
+ cmd_dtb_check = $(DT_CHECKER) -u $(srctree)/$(DT_BINDING_DIR) -p $(DT_TMP_SCHEMA) $@ ;
+
+-define rule_dtc_dt_yaml
++define rule_dtc
+ $(call cmd_and_fixdep,dtc,yaml)
+ $(call cmd,dtb_check)
+ endef
+
+ $(obj)/%.dt.yaml: $(src)/%.dts $(DTC) $(DT_TMP_SCHEMA) FORCE
+- $(call if_changed_rule,dtc_dt_yaml)
++ $(call if_changed_rule,dtc)
+
+ dtc-tmp = $(subst $(comma),_,$(dot-target).dts.tmp)
+
--- /dev/null
+From 5ef8acbdd687c9d72582e2c05c0b9756efb37863 Mon Sep 17 00:00:00 2001
+From: Oliver Upton <oupton@google.com>
+Date: Fri, 7 Feb 2020 02:36:07 -0800
+Subject: KVM: nVMX: Emulate MTF when performing instruction emulation
+
+From: Oliver Upton <oupton@google.com>
+
+commit 5ef8acbdd687c9d72582e2c05c0b9756efb37863 upstream.
+
+Since commit 5f3d45e7f282 ("kvm/x86: add support for
+MONITOR_TRAP_FLAG"), KVM has allowed an L1 guest to use the monitor trap
+flag processor-based execution control for its L2 guest. KVM simply
+forwards any MTF VM-exits to the L1 guest, which works for normal
+instruction execution.
+
+However, when KVM needs to emulate an instruction on the behalf of an L2
+guest, the monitor trap flag is not emulated. Add the necessary logic to
+kvm_skip_emulated_instruction() to synthesize an MTF VM-exit to L1 upon
+instruction emulation for L2.
+
+Fixes: 5f3d45e7f282 ("kvm/x86: add support for MONITOR_TRAP_FLAG")
+Signed-off-by: Oliver Upton <oupton@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/include/asm/kvm_host.h | 1 +
+ arch/x86/include/uapi/asm/kvm.h | 1 +
+ arch/x86/kvm/svm.c | 1 +
+ arch/x86/kvm/vmx/nested.c | 35 ++++++++++++++++++++++++++++++++++-
+ arch/x86/kvm/vmx/nested.h | 5 +++++
+ arch/x86/kvm/vmx/vmx.c | 37 ++++++++++++++++++++++++++++++++++++-
+ arch/x86/kvm/vmx/vmx.h | 3 +++
+ arch/x86/kvm/x86.c | 2 ++
+ 8 files changed, 83 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -1092,6 +1092,7 @@ struct kvm_x86_ops {
+ void (*run)(struct kvm_vcpu *vcpu);
+ int (*handle_exit)(struct kvm_vcpu *vcpu);
+ int (*skip_emulated_instruction)(struct kvm_vcpu *vcpu);
++ void (*update_emulated_instruction)(struct kvm_vcpu *vcpu);
+ void (*set_interrupt_shadow)(struct kvm_vcpu *vcpu, int mask);
+ u32 (*get_interrupt_shadow)(struct kvm_vcpu *vcpu);
+ void (*patch_hypercall)(struct kvm_vcpu *vcpu,
+--- a/arch/x86/include/uapi/asm/kvm.h
++++ b/arch/x86/include/uapi/asm/kvm.h
+@@ -390,6 +390,7 @@ struct kvm_sync_regs {
+ #define KVM_STATE_NESTED_GUEST_MODE 0x00000001
+ #define KVM_STATE_NESTED_RUN_PENDING 0x00000002
+ #define KVM_STATE_NESTED_EVMCS 0x00000004
++#define KVM_STATE_NESTED_MTF_PENDING 0x00000008
+
+ #define KVM_STATE_NESTED_SMM_GUEST_MODE 0x00000001
+ #define KVM_STATE_NESTED_SMM_VMXON 0x00000002
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -7311,6 +7311,7 @@ static struct kvm_x86_ops svm_x86_ops __
+ .run = svm_vcpu_run,
+ .handle_exit = handle_exit,
+ .skip_emulated_instruction = skip_emulated_instruction,
++ .update_emulated_instruction = NULL,
+ .set_interrupt_shadow = svm_set_interrupt_shadow,
+ .get_interrupt_shadow = svm_get_interrupt_shadow,
+ .patch_hypercall = svm_patch_hypercall,
+--- a/arch/x86/kvm/vmx/nested.c
++++ b/arch/x86/kvm/vmx/nested.c
+@@ -3616,8 +3616,15 @@ static int vmx_check_nested_events(struc
+ unsigned long exit_qual;
+ bool block_nested_events =
+ vmx->nested.nested_run_pending || kvm_event_needs_reinjection(vcpu);
++ bool mtf_pending = vmx->nested.mtf_pending;
+ struct kvm_lapic *apic = vcpu->arch.apic;
+
++ /*
++ * Clear the MTF state. If a higher priority VM-exit is delivered first,
++ * this state is discarded.
++ */
++ vmx->nested.mtf_pending = false;
++
+ if (lapic_in_kernel(vcpu) &&
+ test_bit(KVM_APIC_INIT, &apic->pending_events)) {
+ if (block_nested_events)
+@@ -3628,8 +3635,28 @@ static int vmx_check_nested_events(struc
+ return 0;
+ }
+
++ /*
++ * Process any exceptions that are not debug traps before MTF.
++ */
++ if (vcpu->arch.exception.pending &&
++ !vmx_pending_dbg_trap(vcpu) &&
++ nested_vmx_check_exception(vcpu, &exit_qual)) {
++ if (block_nested_events)
++ return -EBUSY;
++ nested_vmx_inject_exception_vmexit(vcpu, exit_qual);
++ return 0;
++ }
++
++ if (mtf_pending) {
++ if (block_nested_events)
++ return -EBUSY;
++ nested_vmx_update_pending_dbg(vcpu);
++ nested_vmx_vmexit(vcpu, EXIT_REASON_MONITOR_TRAP_FLAG, 0, 0);
++ return 0;
++ }
++
+ if (vcpu->arch.exception.pending &&
+- nested_vmx_check_exception(vcpu, &exit_qual)) {
++ nested_vmx_check_exception(vcpu, &exit_qual)) {
+ if (block_nested_events)
+ return -EBUSY;
+ nested_vmx_inject_exception_vmexit(vcpu, exit_qual);
+@@ -5742,6 +5769,9 @@ static int vmx_get_nested_state(struct k
+
+ if (vmx->nested.nested_run_pending)
+ kvm_state.flags |= KVM_STATE_NESTED_RUN_PENDING;
++
++ if (vmx->nested.mtf_pending)
++ kvm_state.flags |= KVM_STATE_NESTED_MTF_PENDING;
+ }
+ }
+
+@@ -5922,6 +5952,9 @@ static int vmx_set_nested_state(struct k
+ vmx->nested.nested_run_pending =
+ !!(kvm_state->flags & KVM_STATE_NESTED_RUN_PENDING);
+
++ vmx->nested.mtf_pending =
++ !!(kvm_state->flags & KVM_STATE_NESTED_MTF_PENDING);
++
+ ret = -EINVAL;
+ if (nested_cpu_has_shadow_vmcs(vmcs12) &&
+ vmcs12->vmcs_link_pointer != -1ull) {
+--- a/arch/x86/kvm/vmx/nested.h
++++ b/arch/x86/kvm/vmx/nested.h
+@@ -176,6 +176,11 @@ static inline bool nested_cpu_has_virtua
+ return vmcs12->pin_based_vm_exec_control & PIN_BASED_VIRTUAL_NMIS;
+ }
+
++static inline int nested_cpu_has_mtf(struct vmcs12 *vmcs12)
++{
++ return nested_cpu_has(vmcs12, CPU_BASED_MONITOR_TRAP_FLAG);
++}
++
+ static inline int nested_cpu_has_ept(struct vmcs12 *vmcs12)
+ {
+ return nested_cpu_has2(vmcs12, SECONDARY_EXEC_ENABLE_EPT);
+--- a/arch/x86/kvm/vmx/vmx.c
++++ b/arch/x86/kvm/vmx/vmx.c
+@@ -1595,6 +1595,40 @@ static int skip_emulated_instruction(str
+ return 1;
+ }
+
++
++/*
++ * Recognizes a pending MTF VM-exit and records the nested state for later
++ * delivery.
++ */
++static void vmx_update_emulated_instruction(struct kvm_vcpu *vcpu)
++{
++ struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
++ struct vcpu_vmx *vmx = to_vmx(vcpu);
++
++ if (!is_guest_mode(vcpu))
++ return;
++
++ /*
++ * Per the SDM, MTF takes priority over debug-trap exceptions besides
++ * T-bit traps. As instruction emulation is completed (i.e. at the
++ * instruction boundary), any #DB exception pending delivery must be a
++ * debug-trap. Record the pending MTF state to be delivered in
++ * vmx_check_nested_events().
++ */
++ if (nested_cpu_has_mtf(vmcs12) &&
++ (!vcpu->arch.exception.pending ||
++ vcpu->arch.exception.nr == DB_VECTOR))
++ vmx->nested.mtf_pending = true;
++ else
++ vmx->nested.mtf_pending = false;
++}
++
++static int vmx_skip_emulated_instruction(struct kvm_vcpu *vcpu)
++{
++ vmx_update_emulated_instruction(vcpu);
++ return skip_emulated_instruction(vcpu);
++}
++
+ static void vmx_clear_hlt(struct kvm_vcpu *vcpu)
+ {
+ /*
+@@ -7886,7 +7920,8 @@ static struct kvm_x86_ops vmx_x86_ops __
+
+ .run = vmx_vcpu_run,
+ .handle_exit = vmx_handle_exit,
+- .skip_emulated_instruction = skip_emulated_instruction,
++ .skip_emulated_instruction = vmx_skip_emulated_instruction,
++ .update_emulated_instruction = vmx_update_emulated_instruction,
+ .set_interrupt_shadow = vmx_set_interrupt_shadow,
+ .get_interrupt_shadow = vmx_get_interrupt_shadow,
+ .patch_hypercall = vmx_patch_hypercall,
+--- a/arch/x86/kvm/vmx/vmx.h
++++ b/arch/x86/kvm/vmx/vmx.h
+@@ -150,6 +150,9 @@ struct nested_vmx {
+ /* L2 must run next, and mustn't decide to exit to L1. */
+ bool nested_run_pending;
+
++ /* Pending MTF VM-exit into L1. */
++ bool mtf_pending;
++
+ struct loaded_vmcs vmcs02;
+
+ /*
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -6838,6 +6838,8 @@ restart:
+ kvm_rip_write(vcpu, ctxt->eip);
+ if (r && ctxt->tf)
+ r = kvm_vcpu_do_singlestep(vcpu);
++ if (kvm_x86_ops->update_emulated_instruction)
++ kvm_x86_ops->update_emulated_instruction(vcpu);
+ __kvm_set_rflags(vcpu, ctxt->eflags);
+ }
+
--- /dev/null
+From 0daa63ed4c6c4302790ce67b7a90c0997ceb7514 Mon Sep 17 00:00:00 2001
+From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
+Date: Fri, 21 Feb 2020 10:47:20 +0100
+Subject: mac80211: Remove a redundant mutex unlock
+
+From: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
+
+commit 0daa63ed4c6c4302790ce67b7a90c0997ceb7514 upstream.
+
+The below-mentioned commit changed the code to unlock *inside*
+the function, but previously the unlock was *outside*. It failed
+to remove the outer unlock, however, leading to double unlock.
+
+Fix this.
+
+Fixes: 33483a6b88e4 ("mac80211: fix missing unlock on error in ieee80211_mark_sta_auth()")
+Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
+Link: https://lore.kernel.org/r/20200221104719.cce4741cf6eb.I671567b185c8a4c2409377e483fd149ce590f56d@changeid
+[rewrite commit message to better explain what happened]
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/mlme.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -2959,7 +2959,7 @@ static void ieee80211_rx_mgmt_auth(struc
+ (auth_transaction == 2 &&
+ ifmgd->auth_data->expected_transaction == 2)) {
+ if (!ieee80211_mark_sta_auth(sdata, bssid))
+- goto out_err;
++ return; /* ignore frame -- wait for timeout */
+ } else if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
+ auth_transaction == 2) {
+ sdata_info(sdata, "SAE peer confirmed\n");
+@@ -2967,10 +2967,6 @@ static void ieee80211_rx_mgmt_auth(struc
+ }
+
+ cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
+- return;
+- out_err:
+- mutex_unlock(&sdata->local->sta_mtx);
+- /* ignore frame -- wait for timeout */
+ }
+
+ #define case_WLAN(type) \
--- /dev/null
+From 97e914b7de3c943011779b979b8093fdc0d85722 Mon Sep 17 00:00:00 2001
+From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
+Date: Wed, 12 Feb 2020 10:24:55 +1300
+Subject: MIPS: cavium_octeon: Fix syncw generation.
+
+From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
+
+commit 97e914b7de3c943011779b979b8093fdc0d85722 upstream.
+
+The Cavium Octeon CPU uses a special sync instruction for implementing
+wmb, and due to a CPU bug, the instruction must appear twice. A macro
+had been defined to hide this:
+
+ #define __SYNC_rpt(type) (1 + (type == __SYNC_wmb))
+
+which was intended to evaluate to 2 for __SYNC_wmb, and 1 for any other
+type of sync. However, this expression is evaluated by the assembler,
+and not the compiler, and the result of '==' in the assembler is 0 or
+-1, not 0 or 1 as it is in C. The net result was wmb() producing no code
+at all. The simple fix in this patch is to change the '+' to '-'.
+
+Fixes: bf92927251b3 ("MIPS: barrier: Add __SYNC() infrastructure")
+Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
+Tested-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
+Signed-off-by: Paul Burton <paulburton@kernel.org>
+Cc: linux-mips@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/include/asm/sync.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/mips/include/asm/sync.h
++++ b/arch/mips/include/asm/sync.h
+@@ -155,9 +155,11 @@
+ * effective barrier as noted by commit 6b07d38aaa52 ("MIPS: Octeon: Use
+ * optimized memory barrier primitives."). Here we specify that the affected
+ * sync instructions should be emitted twice.
++ * Note that this expression is evaluated by the assembler (not the compiler),
++ * and that the assembler evaluates '==' as 0 or -1, not 0 or 1.
+ */
+ #ifdef CONFIG_CPU_CAVIUM_OCTEON
+-# define __SYNC_rpt(type) (1 + (type == __SYNC_wmb))
++# define __SYNC_rpt(type) (1 - (type == __SYNC_wmb))
+ #else
+ # define __SYNC_rpt(type) 1
+ #endif
--- /dev/null
+From bef8e2dfceed6daeb6ca3e8d33f9c9d43b926580 Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Sun, 2 Feb 2020 21:19:22 +0100
+Subject: MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit bef8e2dfceed6daeb6ca3e8d33f9c9d43b926580 upstream.
+
+Pointer on the memory allocated by 'alloc_progmem()' is stored in
+'v->load_addr'. So this is this memory that should be freed by
+'release_progmem()'.
+
+'release_progmem()' is only a call to 'kfree()'.
+
+With the current code, there is both a double free and a memory leak.
+Fix it by passing the correct pointer to 'release_progmem()'.
+
+Fixes: e01402b115ccc ("More AP / SP bits for the 34K, the Malta bits and things. Still wants")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Paul Burton <paulburton@kernel.org>
+Cc: ralf@linux-mips.org
+Cc: linux-mips@vger.kernel.org
+Cc: linux-kernel@vger.kernel.org
+Cc: kernel-janitors@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/mips/kernel/vpe.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/mips/kernel/vpe.c
++++ b/arch/mips/kernel/vpe.c
+@@ -134,7 +134,7 @@ void release_vpe(struct vpe *v)
+ {
+ list_del(&v->list);
+ if (v->load_addr)
+- release_progmem(v);
++ release_progmem(v->load_addr);
+ kfree(v);
+ }
+
--- /dev/null
+From 9951ebfcdf2b97dbb28a5d930458424341e61aa2 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 21 Feb 2020 10:41:43 +0100
+Subject: nl80211: fix potential leak in AP start
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit 9951ebfcdf2b97dbb28a5d930458424341e61aa2 upstream.
+
+If nl80211_parse_he_obss_pd() fails, we leak the previously
+allocated ACL memory. Free it in this case.
+
+Fixes: 796e90f42b7e ("cfg80211: add support for parsing OBBS_PD attributes")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Link: https://lore.kernel.org/r/20200221104142.835aba4cdd14.I1923b55ba9989c57e13978f91f40bfdc45e60cbd@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -4800,8 +4800,7 @@ static int nl80211_start_ap(struct sk_bu
+ err = nl80211_parse_he_obss_pd(
+ info->attrs[NL80211_ATTR_HE_OBSS_PD],
+ ¶ms.he_obss_pd);
+- if (err)
+- return err;
++ goto out;
+ }
+
+ nl80211_calculate_ap_params(¶ms);
+@@ -4823,6 +4822,7 @@ static int nl80211_start_ap(struct sk_bu
+ }
+ wdev_unlock(wdev);
+
++out:
+ kfree(params.acl);
+
+ return err;
--- /dev/null
+From 6a1ce99dc4bde564e4a072936f9d41f4a439140e Mon Sep 17 00:00:00 2001
+From: Anup Patel <anup.patel@wdc.com>
+Date: Sun, 2 Feb 2020 16:32:02 +0530
+Subject: RISC-V: Don't enable all interrupts in trap_init()
+
+From: Anup Patel <anup.patel@wdc.com>
+
+commit 6a1ce99dc4bde564e4a072936f9d41f4a439140e upstream.
+
+Historically, we have been enabling all interrupts for each
+HART in trap_init(). Ideally, we should only enable M-mode
+interrupts for M-mode kernel and S-mode interrupts for S-mode
+kernel in trap_init().
+
+Currently, we get suprious S-mode interrupts on Kendryte K210
+board running M-mode NO-MMU kernel because we are enabling all
+interrupts in trap_init(). To fix this, we only enable software
+and external interrupt in trap_init(). In future, trap_init()
+will only enable software interrupt and PLIC driver will enable
+external interrupt using CPU notifiers.
+
+Fixes: a4c3733d32a7 ("riscv: abstract out CSR names for supervisor vs machine mode")
+Signed-off-by: Anup Patel <anup.patel@wdc.com>
+Reviewed-by: Atish Patra <atish.patra@wdc.com>
+Tested-by: Palmer Dabbelt <palmerdabbelt@google.com> [QMEU virt machine with SMP]
+[Palmer: Move the Fixes up to a newer commit]
+Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com>
+Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/riscv/kernel/traps.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/riscv/kernel/traps.c
++++ b/arch/riscv/kernel/traps.c
+@@ -156,6 +156,6 @@ void __init trap_init(void)
+ csr_write(CSR_SCRATCH, 0);
+ /* Set the exception vector address */
+ csr_write(CSR_TVEC, &handle_exception);
+- /* Enable all interrupts */
+- csr_write(CSR_IE, -1);
++ /* Enable interrupts */
++ csr_write(CSR_IE, IE_SIE | IE_EIE);
+ }
vhost-check-docket-sk_family-instead-of-call-getname.patch
netfilter-ipset-fix-forceadd-evaluation-path.patch
netfilter-xt_hashlimit-reduce-hashlimit_mutex-scope-for-htable_put.patch
+hid-alps-fix-an-error-handling-path-in-alps_input_configured.patch
+hid-hiddev-fix-race-in-in-hiddev_disconnect.patch
+risc-v-don-t-enable-all-interrupts-in-trap_init.patch
+mips-vpe-fix-a-double-free-and-a-memory-leak-in-release_vpe.patch
+kvm-nvmx-emulate-mtf-when-performing-instruction-emulation.patch
+i2c-altera-fix-potential-integer-overflow.patch
+i2c-jz4780-silence-log-flood-on-txabrt.patch
+mips-cavium_octeon-fix-syncw-generation.patch
+drm-i915-gvt-fix-orphan-vgpu-dmabuf_objs-lifetime.patch
+drm-i915-avoid-recursing-onto-active-vma-from-the-shrinker.patch
+drm-i915-gvt-separate-display-reset-from-all_engines-reset.patch
+nl80211-fix-potential-leak-in-ap-start.patch
+mac80211-remove-a-redundant-mutex-unlock.patch
+kbuild-fix-dt-binding-schema-rule-to-detect-command-line-changes.patch
+hv_netvsc-fix-unwanted-wakeup-in-netvsc_attach.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
