--- /dev/null
+From fc08a4703a418a398bbb575ac311d36d110ac786 Mon Sep 17 00:00:00 2001
+From: Vishal Verma <vishal.l.verma@intel.com>
+Date: Fri, 19 May 2017 11:39:10 +0200
+Subject: acpi, nfit: Fix the memory error check in nfit_handle_mce()
+
+From: Vishal Verma <vishal.l.verma@intel.com>
+
+commit fc08a4703a418a398bbb575ac311d36d110ac786 upstream.
+
+The check for an MCE being a memory error in the NFIT mce handler was
+bogus. Use the new mce_is_memory_error() helper to detect the error
+properly.
+
+Reported-by: Tony Luck <tony.luck@intel.com>
+Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Link: http://lkml.kernel.org/r/20170519093915.15413-3-bp@alien8.de
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/nfit/mce.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/acpi/nfit/mce.c
++++ b/drivers/acpi/nfit/mce.c
+@@ -26,7 +26,7 @@ static int nfit_handle_mce(struct notifi
+ struct nfit_spa *nfit_spa;
+
+ /* We only care about memory errors */
+- if (!(mce->status & MCACOD))
++ if (!mce_is_memory_error(mce))
+ return NOTIFY_DONE;
+
+ /*
--- /dev/null
+From 0de0e198bc7191a0e46cf71f66fec4d07ca91396 Mon Sep 17 00:00:00 2001
+From: Dan Williams <dan.j.williams@intel.com>
+Date: Tue, 25 Apr 2017 12:58:31 -0700
+Subject: ACPI / sysfs: fix acpi_get_table() leak / acpi-sysfs denial of service
+
+From: Dan Williams <dan.j.williams@intel.com>
+
+commit 0de0e198bc7191a0e46cf71f66fec4d07ca91396 upstream.
+
+Reading an ACPI table through the /sys/firmware/acpi/tables interface
+more than 65,536 times leads to the following log message:
+
+ ACPI Error: Table ffff88033595eaa8, Validation count is zero after increment
+ (20170119/tbutils-423)
+
+...and the table being unavailable until the next reboot. Add the
+missing acpi_put_table() so the table ->validation_count is decremented
+after each read.
+
+Reported-by: Anush Seetharaman <anush.seetharaman@intel.com>
+Fixes: 174cc7187e6f "ACPICA: Tables: Back port acpi_get_table_with_size() ..."
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/sysfs.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/acpi/sysfs.c
++++ b/drivers/acpi/sysfs.c
+@@ -333,14 +333,17 @@ static ssize_t acpi_table_show(struct fi
+ container_of(bin_attr, struct acpi_table_attr, attr);
+ struct acpi_table_header *table_header = NULL;
+ acpi_status status;
++ ssize_t rc;
+
+ status = acpi_get_table(table_attr->name, table_attr->instance,
+ &table_header);
+ if (ACPI_FAILURE(status))
+ return -ENODEV;
+
+- return memory_read_from_buffer(buf, count, &offset,
+- table_header, table_header->length);
++ rc = memory_read_from_buffer(buf, count, &offset, table_header,
++ table_header->length);
++ acpi_put_table(table_header);
++ return rc;
+ }
+
+ static int acpi_table_attr_init(struct kobject *tables_obj,
--- /dev/null
+From 2ea65321b83539afc1d45c1bea39c55ab42af62b Mon Sep 17 00:00:00 2001
+From: Lv Zheng <lv.zheng@intel.com>
+Date: Tue, 9 May 2017 13:57:31 +0800
+Subject: ACPICA: Tables: Fix regression introduced by a too early mechanism enabling
+
+From: Lv Zheng <lv.zheng@intel.com>
+
+commit 2ea65321b83539afc1d45c1bea39c55ab42af62b upstream.
+
+In the Linux kernel, acpi_get_table() "clones" haven't been fully
+balanced by acpi_put_table() invocations. In upstream ACPICA, due to
+the design change, there are also unbalanced acpi_get_table_by_index()
+invocations requiring special care.
+
+acpi_get_table() reference counting mismatches may occor due to that
+and printing error messages related to them is not useful at this
+point. The strict balanced validation count check should only be
+enabled after confirming that all invocations are safe and aligned
+with their designed purposes.
+
+Thus this patch removes the error value returned by acpi_tb_get_table()
+in that case along with the accompanying error message to fix the
+issue.
+
+Fixes: 174cc7187e6f (ACPICA: Tables: Back port acpi_get_table_with_size() and early_acpi_os_unmap_memory() from Linux kernel)
+Reported-by: Anush Seetharaman <anush.seetharaman@intel.com>
+Reported-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Lv Zheng <lv.zheng@intel.com>
+[ rjw: Changelog ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/acpica/tbutils.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/drivers/acpi/acpica/tbutils.c
++++ b/drivers/acpi/acpica/tbutils.c
+@@ -418,11 +418,7 @@ acpi_tb_get_table(struct acpi_table_desc
+
+ table_desc->validation_count++;
+ if (table_desc->validation_count == 0) {
+- ACPI_ERROR((AE_INFO,
+- "Table %p, Validation count is zero after increment\n",
+- table_desc));
+ table_desc->validation_count--;
+- return_ACPI_STATUS(AE_LIMIT);
+ }
+
+ *out_table = table_desc->pointer;
--- /dev/null
+From 9933e113c2e87a9f46a40fde8dafbf801dca1ab9 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Wed, 10 May 2017 03:48:23 +0800
+Subject: crypto: skcipher - Add missing API setkey checks
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 9933e113c2e87a9f46a40fde8dafbf801dca1ab9 upstream.
+
+The API setkey checks for key sizes and alignment went AWOL during the
+skcipher conversion. This patch restores them.
+
+Fixes: 4e6c3df4d729 ("crypto: skcipher - Add low-level skcipher...")
+Reported-by: Baozeng <sploving1@gmail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/skcipher.c | 40 +++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 39 insertions(+), 1 deletion(-)
+
+--- a/crypto/skcipher.c
++++ b/crypto/skcipher.c
+@@ -764,6 +764,44 @@ static int crypto_init_skcipher_ops_ablk
+ return 0;
+ }
+
++static int skcipher_setkey_unaligned(struct crypto_skcipher *tfm,
++ const u8 *key, unsigned int keylen)
++{
++ unsigned long alignmask = crypto_skcipher_alignmask(tfm);
++ struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
++ u8 *buffer, *alignbuffer;
++ unsigned long absize;
++ int ret;
++
++ absize = keylen + alignmask;
++ buffer = kmalloc(absize, GFP_ATOMIC);
++ if (!buffer)
++ return -ENOMEM;
++
++ alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1);
++ memcpy(alignbuffer, key, keylen);
++ ret = cipher->setkey(tfm, alignbuffer, keylen);
++ kzfree(buffer);
++ return ret;
++}
++
++static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
++ unsigned int keylen)
++{
++ struct skcipher_alg *cipher = crypto_skcipher_alg(tfm);
++ unsigned long alignmask = crypto_skcipher_alignmask(tfm);
++
++ if (keylen < cipher->min_keysize || keylen > cipher->max_keysize) {
++ crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
++ return -EINVAL;
++ }
++
++ if ((unsigned long)key & alignmask)
++ return skcipher_setkey_unaligned(tfm, key, keylen);
++
++ return cipher->setkey(tfm, key, keylen);
++}
++
+ static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
+ {
+ struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
+@@ -784,7 +822,7 @@ static int crypto_skcipher_init_tfm(stru
+ tfm->__crt_alg->cra_type == &crypto_givcipher_type)
+ return crypto_init_skcipher_ops_ablkcipher(tfm);
+
+- skcipher->setkey = alg->setkey;
++ skcipher->setkey = skcipher_setkey;
+ skcipher->encrypt = alg->encrypt;
+ skcipher->decrypt = alg->decrypt;
+ skcipher->ivsize = alg->ivsize;
--- /dev/null
+From 4c4fc90964b1cf205a67df566cc82ea1731bcb00 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Thu, 18 May 2017 12:29:55 +0100
+Subject: drivers/tty: 8250: only call fintek_8250_probe when doing port I/O
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit 4c4fc90964b1cf205a67df566cc82ea1731bcb00 upstream.
+
+Commit fa01e2ca9f53 ("serial: 8250: Integrate Fintek into 8250_base")
+modified the probing logic for PNP0501 devices, to remove a collision
+between the generic 16550A driver and the Fintek driver, which reused
+the same ACPI _HID.
+
+The Fintek device probe is now incorporated into the common 8250 probe
+path, and gets called for all discovered 16550A compatible devices,
+including ones that are MMIO mapped rather than IO mapped. However,
+the Fintek driver assumes the port base is a I/O address, and proceeds
+to probe some arbitrary offsets above it.
+
+This is generally a wrong thing to do, but on ARM systems (having no
+native port I/O), this may result in faulting accesses of completely
+unrelated MMIO regions in the PCI I/O space. Given that this is at
+serial probe time, this results in hard to diagnose crashes at boot.
+
+So let's restrict the Fintek probe to devices that we know are using
+port I/O in the first place.
+
+Fixes: fa01e2ca9f53 ("serial: 8250: Integrate Fintek into 8250_base")
+Suggested-by: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: Ricardo Ribalda <ricardo.ribalda@gmail.com>
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serial/8250/8250_port.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/tty/serial/8250/8250_port.c
++++ b/drivers/tty/serial/8250/8250_port.c
+@@ -1337,7 +1337,7 @@ out_lock:
+ /*
+ * Check if the device is a Fintek F81216A
+ */
+- if (port->type == PORT_16550A)
++ if (port->type == PORT_16550A && port->iotype == UPIO_PORT)
+ fintek_8250_probe(up);
+
+ if (up->capabilities != old_capabilities) {
--- /dev/null
+From 239e250e4acbc0104d514307029c0839e834a51a Mon Sep 17 00:00:00 2001
+From: Richard Narron <comet.berkeley@gmail.com>
+Date: Sun, 4 Jun 2017 16:23:18 -0700
+Subject: fs/ufs: Set UFS default maximum bytes per file
+
+From: Richard Narron <comet.berkeley@gmail.com>
+
+commit 239e250e4acbc0104d514307029c0839e834a51a upstream.
+
+This fixes a problem with reading files larger than 2GB from a UFS-2
+file system:
+
+ https://bugzilla.kernel.org/show_bug.cgi?id=195721
+
+The incorrect UFS s_maxsize limit became a problem as of commit
+c2a9737f45e2 ("vfs,mm: fix a dead loop in truncate_inode_pages_range()")
+which started using s_maxbytes to avoid a page index overflow in
+do_generic_file_read().
+
+That caused files to be truncated on UFS-2 file systems because the
+default maximum file size is 2GB (MAX_NON_LFS) and UFS didn't update it.
+
+Here I simply increase the default to a common value used by other file
+systems.
+
+Signed-off-by: Richard Narron <comet.berkeley@gmail.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Will B <will.brokenbourgh2877@gmail.com>
+Cc: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/ufs/super.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/fs/ufs/super.c
++++ b/fs/ufs/super.c
+@@ -812,9 +812,8 @@ static int ufs_fill_super(struct super_b
+ uspi->s_dirblksize = UFS_SECTOR_SIZE;
+ super_block_offset=UFS_SBLOCK;
+
+- /* Keep 2Gig file limit. Some UFS variants need to override
+- this but as I don't know which I'll let those in the know loosen
+- the rules */
++ sb->s_maxbytes = MAX_LFS_FILESIZE;
++
+ switch (sbi->s_mount_opt & UFS_MOUNT_UFSTYPE) {
+ case UFS_MOUNT_UFSTYPE_44BSD:
+ UFSD("ufstype=44bsd\n");
--- /dev/null
+From 5165da5923d6c7df6f2927b0113b2e4d9288661e Mon Sep 17 00:00:00 2001
+From: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
+Date: Fri, 5 May 2017 11:06:50 +0200
+Subject: i2c: i2c-tiny-usb: fix buffer not being DMA capable
+
+From: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
+
+commit 5165da5923d6c7df6f2927b0113b2e4d9288661e upstream.
+
+Since v4.9 i2c-tiny-usb generates the below call trace
+and longer works, since it can't communicate with the
+USB device. The reason is, that since v4.9 the USB
+stack checks, that the buffer it should transfer is DMA
+capable. This was a requirement since v2.2 days, but it
+usually worked nevertheless.
+
+[ 17.504959] ------------[ cut here ]------------
+[ 17.505488] WARNING: CPU: 0 PID: 93 at drivers/usb/core/hcd.c:1587 usb_hcd_map_urb_for_dma+0x37c/0x570
+[ 17.506545] transfer buffer not dma capable
+[ 17.507022] Modules linked in:
+[ 17.507370] CPU: 0 PID: 93 Comm: i2cdetect Not tainted 4.11.0-rc8+ #10
+[ 17.508103] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
+[ 17.509039] Call Trace:
+[ 17.509320] ? dump_stack+0x5c/0x78
+[ 17.509714] ? __warn+0xbe/0xe0
+[ 17.510073] ? warn_slowpath_fmt+0x5a/0x80
+[ 17.510532] ? nommu_map_sg+0xb0/0xb0
+[ 17.510949] ? usb_hcd_map_urb_for_dma+0x37c/0x570
+[ 17.511482] ? usb_hcd_submit_urb+0x336/0xab0
+[ 17.511976] ? wait_for_completion_timeout+0x12f/0x1a0
+[ 17.512549] ? wait_for_completion_timeout+0x65/0x1a0
+[ 17.513125] ? usb_start_wait_urb+0x65/0x160
+[ 17.513604] ? usb_control_msg+0xdc/0x130
+[ 17.514061] ? usb_xfer+0xa4/0x2a0
+[ 17.514445] ? __i2c_transfer+0x108/0x3c0
+[ 17.514899] ? i2c_transfer+0x57/0xb0
+[ 17.515310] ? i2c_smbus_xfer_emulated+0x12f/0x590
+[ 17.515851] ? _raw_spin_unlock_irqrestore+0x11/0x20
+[ 17.516408] ? i2c_smbus_xfer+0x125/0x330
+[ 17.516876] ? i2c_smbus_xfer+0x125/0x330
+[ 17.517329] ? i2cdev_ioctl_smbus+0x1c1/0x2b0
+[ 17.517824] ? i2cdev_ioctl+0x75/0x1c0
+[ 17.518248] ? do_vfs_ioctl+0x9f/0x600
+[ 17.518671] ? vfs_write+0x144/0x190
+[ 17.519078] ? SyS_ioctl+0x74/0x80
+[ 17.519463] ? entry_SYSCALL_64_fastpath+0x1e/0xad
+[ 17.519959] ---[ end trace d047c04982f5ac50 ]---
+
+Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Till Harbaum <till@harbaum.org>
+Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/i2c/busses/i2c-tiny-usb.c | 25 +++++++++++++++++++++----
+ 1 file changed, 21 insertions(+), 4 deletions(-)
+
+--- a/drivers/i2c/busses/i2c-tiny-usb.c
++++ b/drivers/i2c/busses/i2c-tiny-usb.c
+@@ -178,22 +178,39 @@ static int usb_read(struct i2c_adapter *
+ int value, int index, void *data, int len)
+ {
+ struct i2c_tiny_usb *dev = (struct i2c_tiny_usb *)adapter->algo_data;
++ void *dmadata = kmalloc(len, GFP_KERNEL);
++ int ret;
++
++ if (!dmadata)
++ return -ENOMEM;
+
+ /* do control transfer */
+- return usb_control_msg(dev->usb_dev, usb_rcvctrlpipe(dev->usb_dev, 0),
++ ret = usb_control_msg(dev->usb_dev, usb_rcvctrlpipe(dev->usb_dev, 0),
+ cmd, USB_TYPE_VENDOR | USB_RECIP_INTERFACE |
+- USB_DIR_IN, value, index, data, len, 2000);
++ USB_DIR_IN, value, index, dmadata, len, 2000);
++
++ memcpy(data, dmadata, len);
++ kfree(dmadata);
++ return ret;
+ }
+
+ static int usb_write(struct i2c_adapter *adapter, int cmd,
+ int value, int index, void *data, int len)
+ {
+ struct i2c_tiny_usb *dev = (struct i2c_tiny_usb *)adapter->algo_data;
++ void *dmadata = kmemdup(data, len, GFP_KERNEL);
++ int ret;
++
++ if (!dmadata)
++ return -ENOMEM;
+
+ /* do control transfer */
+- return usb_control_msg(dev->usb_dev, usb_sndctrlpipe(dev->usb_dev, 0),
++ ret = usb_control_msg(dev->usb_dev, usb_sndctrlpipe(dev->usb_dev, 0),
+ cmd, USB_TYPE_VENDOR | USB_RECIP_INTERFACE,
+- value, index, data, len, 2000);
++ value, index, dmadata, len, 2000);
++
++ kfree(dmadata);
++ return ret;
+ }
+
+ static void i2c_tiny_usb_free(struct i2c_tiny_usb *dev)
--- /dev/null
+From f5f968f2371ccdebb8a365487649673c9af68d09 Mon Sep 17 00:00:00 2001
+From: Srinath Mannam <srinath.mannam@broadcom.com>
+Date: Thu, 18 May 2017 22:27:40 +0530
+Subject: mmc: sdhci-iproc: suppress spurious interrupt with Multiblock read
+
+From: Srinath Mannam <srinath.mannam@broadcom.com>
+
+commit f5f968f2371ccdebb8a365487649673c9af68d09 upstream.
+
+The stingray SDHCI hardware supports ACMD12 and automatically
+issues after multi block transfer completed.
+
+If ACMD12 in SDHCI is disabled, spurious tx done interrupts are seen
+on multi block read command with below error message:
+
+Got data interrupt 0x00000002 even though no data
+operation was in progress.
+
+This patch uses SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 to enable
+ACM12 support in SDHCI hardware and suppress spurious interrupt.
+
+Signed-off-by: Srinath Mannam <srinath.mannam@broadcom.com>
+Reviewed-by: Ray Jui <ray.jui@broadcom.com>
+Reviewed-by: Scott Branden <scott.branden@broadcom.com>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Fixes: b580c52d58d9 ("mmc: sdhci-iproc: add IPROC SDHCI driver")
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/sdhci-iproc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/mmc/host/sdhci-iproc.c
++++ b/drivers/mmc/host/sdhci-iproc.c
+@@ -187,7 +187,8 @@ static const struct sdhci_iproc_data ipr
+ };
+
+ static const struct sdhci_pltfm_data sdhci_iproc_pltfm_data = {
+- .quirks = SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK,
++ .quirks = SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK |
++ SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12,
+ .quirks2 = SDHCI_QUIRK2_ACMD23_BROKEN,
+ .ops = &sdhci_iproc_ops,
+ };
--- /dev/null
+From d957fb4d173647640a2b83e7c7e56a580e7fc7e7 Mon Sep 17 00:00:00 2001
+From: Michael Neuling <mikey@neuling.org>
+Date: Wed, 24 May 2017 17:03:26 +1000
+Subject: powerpc: Fix booting P9 hash with CONFIG_PPC_RADIX_MMU=N
+
+From: Michael Neuling <mikey@neuling.org>
+
+commit d957fb4d173647640a2b83e7c7e56a580e7fc7e7 upstream.
+
+Currently if you disable CONFIG_PPC_RADIX_MMU you'll crash on boot on
+a P9. This is because we still set MMU_FTR_TYPE_RADIX via
+ibm,pa-features and MMU_FTR_TYPE_RADIX is what's used for code patching
+in much of the asm code (ie. slb_miss_realmode)
+
+This patch fixes the problem by stopping MMU_FTR_TYPE_RADIX from being
+set from ibm.pa-features.
+
+We may eventually end up removing the CONFIG_PPC_RADIX_MMU option
+completely but until then this fixes the issue.
+
+Fixes: 17a3dd2f5fc7 ("powerpc/mm/radix: Use firmware feature to enable Radix MMU")
+Signed-off-by: Michael Neuling <mikey@neuling.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/prom.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/powerpc/kernel/prom.c
++++ b/arch/powerpc/kernel/prom.c
+@@ -161,7 +161,9 @@ static struct ibm_pa_feature {
+ { .pabyte = 0, .pabit = 3, .cpu_features = CPU_FTR_CTRL },
+ { .pabyte = 0, .pabit = 6, .cpu_features = CPU_FTR_NOEXECUTE },
+ { .pabyte = 1, .pabit = 2, .mmu_features = MMU_FTR_CI_LARGE_PAGE },
++#ifdef CONFIG_PPC_RADIX_MMU
+ { .pabyte = 40, .pabit = 0, .mmu_features = MMU_FTR_TYPE_RADIX },
++#endif
+ { .pabyte = 1, .pabit = 1, .invert = 1, .cpu_features = CPU_FTR_NODSISRALIGN },
+ { .pabyte = 5, .pabit = 0, .cpu_features = CPU_FTR_REAL_LE,
+ .cpu_user_ftrs = PPC_FEATURE_TRUE_LE },
--- /dev/null
+From d75e4919cc0b6fbcbc8d6654ef66d87a9dbf1526 Mon Sep 17 00:00:00 2001
+From: Jeremy Kerr <jk@ozlabs.org>
+Date: Wed, 24 May 2017 16:49:59 +1000
+Subject: powerpc/spufs: Fix hash faults for kernel regions
+
+From: Jeremy Kerr <jk@ozlabs.org>
+
+commit d75e4919cc0b6fbcbc8d6654ef66d87a9dbf1526 upstream.
+
+Commit ac29c64089b7 ("powerpc/mm: Replace _PAGE_USER with
+_PAGE_PRIVILEGED") swapped _PAGE_USER for _PAGE_PRIVILEGED, and
+introduced check_pte_access() which denied kernel access to
+non-_PAGE_PRIVILEGED pages.
+
+However, it didn't add _PAGE_PRIVILEGED to the hash fault handler
+for spufs' kernel accesses, so the DMAs required to establish SPE
+memory no longer work.
+
+This change adds _PAGE_PRIVILEGED to the hash fault handler for
+kernel accesses.
+
+Fixes: ac29c64089b7 ("powerpc/mm: Replace _PAGE_USER with _PAGE_PRIVILEGED")
+Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
+Reported-by: Sombat Tragolgosol <sombat3960@gmail.com>
+Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/platforms/cell/spu_base.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/powerpc/platforms/cell/spu_base.c
++++ b/arch/powerpc/platforms/cell/spu_base.c
+@@ -197,7 +197,9 @@ static int __spu_trap_data_map(struct sp
+ (REGION_ID(ea) != USER_REGION_ID)) {
+
+ spin_unlock(&spu->register_lock);
+- ret = hash_page(ea, _PAGE_PRESENT | _PAGE_READ, 0x300, dsisr);
++ ret = hash_page(ea,
++ _PAGE_PRESENT | _PAGE_READ | _PAGE_PRIVILEGED,
++ 0x300, dsisr);
+ spin_lock(&spu->register_lock);
+
+ if (!ret) {
--- /dev/null
+From 878d8db039daac0938238e9a40a5bd6e50ee3c9b Mon Sep 17 00:00:00 2001
+From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Date: Wed, 10 May 2017 18:12:40 +0200
+Subject: Revert "ACPI / button: Change default behavior to lid_init_state=open"
+
+From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+
+commit 878d8db039daac0938238e9a40a5bd6e50ee3c9b upstream.
+
+Revert commit 77e9a4aa9de1 (ACPI / button: Change default behavior to
+lid_init_state=open) which changed the kernel's behavior on laptops
+that boot with closed lids and expect the lid switch state to be
+reported accurately by the kernel.
+
+If you boot or resume your laptop with the lid closed on a docking
+station while using an external monitor connected to it, both internal
+and external displays will light on, while only the external should.
+
+There is a design choice in gdm to only provide the greeter on the
+internal display when lit on, so users only see a gray area on the
+external monitor. Also, the cursor will not show up as it's by
+default on the internal display too.
+
+To "fix" that, users have to open the laptop once and close it once
+again to sync the state of the switch with the hardware state.
+
+Even if the "method" operation mode implementation can be buggy on
+some platforms, the "open" choice is worse. It breaks docking
+stations basically and there is no way to have a user-space hwdb to
+fix that.
+
+On the contrary, it's rather easy in user-space to have a hwdb
+with the problematic platforms. Then, libinput (1.7.0+) can fix
+the state of the lid switch for us: you need to set the udev
+property LIBINPUT_ATTR_LID_SWITCH_RELIABILITY to 'write_open'.
+
+When libinput detects internal keyboard events, it will overwrite the
+state of the switch to open, making it reliable again. Given that
+logind only checks the lid switch value after a timeout, we can
+assume the user will use the internal keyboard before this timeout
+expires.
+
+For example, such a hwdb entry is:
+
+libinput:name:*Lid Switch*:dmi:*svnMicrosoftCorporation:pnSurface3:*
+ LIBINPUT_ATTR_LID_SWITCH_RELIABILITY=write_open
+
+Link: https://bugzilla.gnome.org/show_bug.cgi?id=782380
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/button.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/acpi/button.c
++++ b/drivers/acpi/button.c
+@@ -113,7 +113,7 @@ struct acpi_button {
+
+ static BLOCKING_NOTIFIER_HEAD(acpi_lid_notifier);
+ static struct acpi_device *lid_device;
+-static u8 lid_init_state = ACPI_BUTTON_LID_INIT_OPEN;
++static u8 lid_init_state = ACPI_BUTTON_LID_INIT_METHOD;
+
+ static unsigned long lid_report_interval __read_mostly = 500;
+ module_param(lid_report_interval, ulong, 0644);
--- /dev/null
+From f369fdf4f661322b73f3307e9f3cd55fb3a20123 Mon Sep 17 00:00:00 2001
+From: Lv Zheng <lv.zheng@intel.com>
+Date: Tue, 9 May 2017 15:02:22 +0800
+Subject: Revert "ACPI / button: Remove lid_init_state=method mode"
+
+From: Lv Zheng <lv.zheng@intel.com>
+
+commit f369fdf4f661322b73f3307e9f3cd55fb3a20123 upstream.
+
+This reverts commit ecb10b694b72ca5ea51b3c90a71ff2a11963425a.
+
+The only expected ACPI control method lid device's usage model is
+
+ 1. Listen to the lid notification,
+ 2. Evaluate _LID after being notified by BIOS,
+ 3. Suspend the system (if users configure to do so) after seeing "close".
+
+It's not ensured that BIOS will notify OS after boot/resume, and
+it's not ensured that BIOS will always generate "open" event upon
+opening the lid.
+
+But there are 2 wrong usage models:
+
+ 1. When the lid device is responsible for suspend/resume the system,
+ userspace requires to see "open" event to be paired with "close" after
+ the system is resumed, or it will suspend the system again.
+
+ 2. When an external monitor connects to the laptop attached docks,
+ userspace requires to see "close" event after the system is resumed so
+ that it can determine whether the internal display should remain dark
+ and the external display should be lit on.
+
+After we made default kernel behavior to be suitable for usage model 1,
+users of usage model 2 start to report regressions for such behavior
+change.
+
+Reversion of button.lid_init_state=method doesn't actually reverts to old
+default behavior as doing so can enter a regression loop, but facilitates
+users to work the reported regressions around with
+button.lid_init_state=method.
+
+Fixes: ecb10b694b72 (ACPI / button: Remove lid_init_state=method mode)
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=195455
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=1430259
+Tested-by: Steffen Weber <steffen.weber@gmail.com>
+Tested-by: Julian Wiedmann <julian.wiedmann@jwi.name>
+Reported-by: Joachim Frieben <jfrieben@hotmail.com>
+Signed-off-by: Lv Zheng <lv.zheng@intel.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/acpi/acpi-lid.txt | 16 ++++++++++++----
+ drivers/acpi/button.c | 9 +++++++++
+ 2 files changed, 21 insertions(+), 4 deletions(-)
+
+--- a/Documentation/acpi/acpi-lid.txt
++++ b/Documentation/acpi/acpi-lid.txt
+@@ -59,20 +59,28 @@ button driver uses the following 3 modes
+ If the userspace hasn't been prepared to ignore the unreliable "opened"
+ events and the unreliable initial state notification, Linux users can use
+ the following kernel parameters to handle the possible issues:
+-A. button.lid_init_state=open:
++A. button.lid_init_state=method:
++ When this option is specified, the ACPI button driver reports the
++ initial lid state using the returning value of the _LID control method
++ and whether the "opened"/"closed" events are paired fully relies on the
++ firmware implementation.
++ This option can be used to fix some platforms where the returning value
++ of the _LID control method is reliable but the initial lid state
++ notification is missing.
++ This option is the default behavior during the period the userspace
++ isn't ready to handle the buggy AML tables.
++B. button.lid_init_state=open:
+ When this option is specified, the ACPI button driver always reports the
+ initial lid state as "opened" and whether the "opened"/"closed" events
+ are paired fully relies on the firmware implementation.
+ This may fix some platforms where the returning value of the _LID
+ control method is not reliable and the initial lid state notification is
+ missing.
+- This option is the default behavior during the period the userspace
+- isn't ready to handle the buggy AML tables.
+
+ If the userspace has been prepared to ignore the unreliable "opened" events
+ and the unreliable initial state notification, Linux users should always
+ use the following kernel parameter:
+-B. button.lid_init_state=ignore:
++C. button.lid_init_state=ignore:
+ When this option is specified, the ACPI button driver never reports the
+ initial lid state and there is a compensation mechanism implemented to
+ ensure that the reliable "closed" notifications can always be delievered
+--- a/drivers/acpi/button.c
++++ b/drivers/acpi/button.c
+@@ -57,6 +57,7 @@
+
+ #define ACPI_BUTTON_LID_INIT_IGNORE 0x00
+ #define ACPI_BUTTON_LID_INIT_OPEN 0x01
++#define ACPI_BUTTON_LID_INIT_METHOD 0x02
+
+ #define _COMPONENT ACPI_BUTTON_COMPONENT
+ ACPI_MODULE_NAME("button");
+@@ -376,6 +377,9 @@ static void acpi_lid_initialize_state(st
+ case ACPI_BUTTON_LID_INIT_OPEN:
+ (void)acpi_lid_notify_state(device, 1);
+ break;
++ case ACPI_BUTTON_LID_INIT_METHOD:
++ (void)acpi_lid_update_state(device);
++ break;
+ case ACPI_BUTTON_LID_INIT_IGNORE:
+ default:
+ break;
+@@ -559,6 +563,9 @@ static int param_set_lid_init_state(cons
+ if (!strncmp(val, "open", sizeof("open") - 1)) {
+ lid_init_state = ACPI_BUTTON_LID_INIT_OPEN;
+ pr_info("Notify initial lid state as open\n");
++ } else if (!strncmp(val, "method", sizeof("method") - 1)) {
++ lid_init_state = ACPI_BUTTON_LID_INIT_METHOD;
++ pr_info("Notify initial lid state with _LID return value\n");
+ } else if (!strncmp(val, "ignore", sizeof("ignore") - 1)) {
+ lid_init_state = ACPI_BUTTON_LID_INIT_IGNORE;
+ pr_info("Do not notify initial lid state\n");
+@@ -572,6 +579,8 @@ static int param_get_lid_init_state(char
+ switch (lid_init_state) {
+ case ACPI_BUTTON_LID_INIT_OPEN:
+ return sprintf(buffer, "open");
++ case ACPI_BUTTON_LID_INIT_METHOD:
++ return sprintf(buffer, "method");
+ case ACPI_BUTTON_LID_INIT_IGNORE:
+ return sprintf(buffer, "ignore");
+ default:
--- /dev/null
+From d3ba126a226a6b6da021ebfea444a2a807cde945 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Tue, 11 Apr 2017 19:07:28 +0200
+Subject: Revert "tty_port: register tty ports with serdev bus"
+
+From: Johan Hovold <johan@kernel.org>
+
+commit d3ba126a226a6b6da021ebfea444a2a807cde945 upstream.
+
+This reverts commit 8ee3fde047589dc9c201251f07d0ca1dc776feca.
+
+The new serdev bus hooked into the tty layer in
+tty_port_register_device() by registering a serdev controller instead of
+a tty device whenever a serdev client is present, and by deregistering
+the controller in the tty-port destructor. This is broken in several
+ways:
+
+Firstly, it leads to a NULL-pointer dereference whenever a tty driver
+later deregisters its devices as no corresponding character device will
+exist.
+
+Secondly, far from every tty driver uses tty-port refcounting (e.g.
+serial core) so the serdev devices might never be deregistered or
+deallocated.
+
+Thirdly, deregistering at tty-port destruction is too late as the
+underlying device and structures may be long gone by then. A port is not
+released before an open tty device is closed, something which a
+registered serdev client can prevent from ever happening. A driver
+callback while the device is gone typically also leads to crashes.
+
+Many tty drivers even keep their ports around until the driver is
+unloaded (e.g. serial core), something which even if a late callback
+never happens, leads to leaks if a device is unbound from its driver and
+is later rebound.
+
+The right solution here is to add a new tty_port_unregister_device()
+helper and to never call tty_device_unregister() whenever the port has
+been claimed by serdev, but since this requires modifying just about
+every tty driver (and multiple subsystems) it will need to be done
+incrementally.
+
+Reverting the offending patch is the first step in fixing the broken
+lifetime assumptions. A follow-up patch will add a new pair of
+tty-device registration helpers, which a vetted tty driver can use to
+support serdev (initially serial core). When every tty driver uses the
+serdev helpers (at least for deregistration), we can add serdev
+registration to tty_port_register_device() again.
+
+Note that this also fixes another issue with serdev, which currently
+allocates and registers a serdev controller for every tty device
+registered using tty_port_device_register() only to immediately
+deregister and deallocate it when the corresponding OF node or serdev
+child node is missing. This should be addressed before enabling serdev
+for hot-pluggable buses.
+
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Reviewed-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/tty_port.c | 12 ------------
+ 1 file changed, 12 deletions(-)
+
+--- a/drivers/tty/tty_port.c
++++ b/drivers/tty/tty_port.c
+@@ -16,7 +16,6 @@
+ #include <linux/bitops.h>
+ #include <linux/delay.h>
+ #include <linux/module.h>
+-#include <linux/serdev.h>
+
+ static int tty_port_default_receive_buf(struct tty_port *port,
+ const unsigned char *p,
+@@ -129,15 +128,7 @@ struct device *tty_port_register_device_
+ struct device *device, void *drvdata,
+ const struct attribute_group **attr_grp)
+ {
+- struct device *dev;
+-
+ tty_port_link_device(port, driver, index);
+-
+- dev = serdev_tty_port_register(port, device, driver, index);
+- if (PTR_ERR(dev) != -ENODEV)
+- /* Skip creating cdev if we registered a serdev device */
+- return dev;
+-
+ return tty_register_device_attr(driver, index, device, drvdata,
+ attr_grp);
+ }
+@@ -189,9 +180,6 @@ static void tty_port_destructor(struct k
+ /* check if last port ref was dropped before tty release */
+ if (WARN_ON(port->itty))
+ return;
+-
+- serdev_tty_port_unregister(port);
+-
+ if (port->xmit_buf)
+ free_page((unsigned long)port->xmit_buf);
+ tty_port_destroy(port);
--- /dev/null
+From aee5da7838787f8ed47f825dbe09e2812acdf97b Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Tue, 11 Apr 2017 19:07:29 +0200
+Subject: serdev: fix tty-port client deregistration
+
+From: Johan Hovold <johan@kernel.org>
+
+commit aee5da7838787f8ed47f825dbe09e2812acdf97b upstream.
+
+The port client data must be set when registering the serdev controller
+or client deregistration will fail (and the serdev devices are left
+registered and allocated) if the port was never opened in between.
+
+Make sure to clear the port client data on any probe errors to avoid a
+use-after-free when the client is later deregistered unconditionally
+(e.g. in a tty-port deregistration helper).
+
+Also move port client operation initialisation to registration. Note
+that the client ops must be restored on failed probe.
+
+Fixes: bed35c6dfa6a ("serdev: add a tty port controller driver")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Reviewed-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/serdev/serdev-ttyport.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+--- a/drivers/tty/serdev/serdev-ttyport.c
++++ b/drivers/tty/serdev/serdev-ttyport.c
+@@ -101,9 +101,6 @@ static int ttyport_open(struct serdev_co
+ return PTR_ERR(tty);
+ serport->tty = tty;
+
+- serport->port->client_ops = &client_ops;
+- serport->port->client_data = ctrl;
+-
+ if (tty->ops->open)
+ tty->ops->open(serport->tty, NULL);
+ else
+@@ -181,6 +178,7 @@ struct device *serdev_tty_port_register(
+ struct device *parent,
+ struct tty_driver *drv, int idx)
+ {
++ const struct tty_port_client_operations *old_ops;
+ struct serdev_controller *ctrl;
+ struct serport *serport;
+ int ret;
+@@ -199,15 +197,22 @@ struct device *serdev_tty_port_register(
+
+ ctrl->ops = &ctrl_ops;
+
++ old_ops = port->client_ops;
++ port->client_ops = &client_ops;
++ port->client_data = ctrl;
++
+ ret = serdev_controller_add(ctrl);
+ if (ret)
+- goto err_controller_put;
++ goto err_reset_data;
+
+ dev_info(&ctrl->dev, "tty port %s%d registered\n", drv->name, idx);
+ return &ctrl->dev;
+
+-err_controller_put:
++err_reset_data:
++ port->client_data = NULL;
++ port->client_ops = old_ops;
+ serdev_controller_put(ctrl);
++
+ return ERR_PTR(ret);
+ }
+
sparc64-fix-mapping-of-64k-pages-with-map_fixed.patch
sparc-fix-wstringop-overflow-warning.patch
sparc-ftrace-fix-ftrace-graph-time-measurement.patch
+fs-ufs-set-ufs-default-maximum-bytes-per-file.patch
+powerpc-fix-booting-p9-hash-with-config_ppc_radix_mmu-n.patch
+powerpc-spufs-fix-hash-faults-for-kernel-regions.patch
+revert-tty_port-register-tty-ports-with-serdev-bus.patch
+serdev-fix-tty-port-client-deregistration.patch
+drivers-tty-8250-only-call-fintek_8250_probe-when-doing-port-i-o.patch
+i2c-i2c-tiny-usb-fix-buffer-not-being-dma-capable.patch
+crypto-skcipher-add-missing-api-setkey-checks.patch
+revert-acpi-button-remove-lid_init_state-method-mode.patch
+acpi-nfit-fix-the-memory-error-check-in-nfit_handle_mce.patch
+acpi-sysfs-fix-acpi_get_table-leak-acpi-sysfs-denial-of-service.patch
+acpica-tables-fix-regression-introduced-by-a-too-early-mechanism-enabling.patch
+revert-acpi-button-change-default-behavior-to-lid_init_state-open.patch
+mmc-sdhci-iproc-suppress-spurious-interrupt-with-multiblock-read.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
