--- /dev/null
+From b1fbebd4164b3d170ad916dcd692cf843c9c065d Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Mon, 17 Sep 2018 17:25:24 +0900
+Subject: ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit b1fbebd4164b3d170ad916dcd692cf843c9c065d upstream.
+
+After allocating model-dependent data for M-Audio FW1814 and ProjectMix
+I/O, ALSA bebob driver has memory leak at error path.
+
+This commit releases the allocated data at the error path.
+
+Fixes: 04a2c73c97eb('ALSA: bebob: delayed registration of sound card')
+Cc: <stable@vger.kernel.org> # v4.7+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/bebob/bebob.c | 2 ++
+ sound/firewire/bebob/bebob_maudio.c | 4 ----
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+--- a/sound/firewire/bebob/bebob.c
++++ b/sound/firewire/bebob/bebob.c
+@@ -263,6 +263,8 @@ do_registration(struct work_struct *work
+ error:
+ mutex_unlock(&devices_mutex);
+ snd_bebob_stream_destroy_duplex(bebob);
++ kfree(bebob->maudio_special_quirk);
++ bebob->maudio_special_quirk = NULL;
+ snd_card_free(bebob->card);
+ dev_info(&bebob->unit->device,
+ "Sound card registration failed: %d\n", err);
+--- a/sound/firewire/bebob/bebob_maudio.c
++++ b/sound/firewire/bebob/bebob_maudio.c
+@@ -290,10 +290,6 @@ snd_bebob_maudio_special_discover(struct
+ bebob->midi_output_ports = 2;
+ }
+ end:
+- if (err < 0) {
+- kfree(params);
+- bebob->maudio_special_quirk = NULL;
+- }
+ mutex_unlock(&bebob->mutex);
+ return err;
+ }
--- /dev/null
+From 493626f2d87a74e6dbea1686499ed6e7e600484e Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Sun, 9 Sep 2018 22:25:12 +0900
+Subject: ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 493626f2d87a74e6dbea1686499ed6e7e600484e upstream.
+
+When executing 'fw_run_transaction()' with 'TCODE_WRITE_BLOCK_REQUEST',
+an address of 'payload' argument is used for streaming DMA mapping by
+'firewire_ohci' module if 'size' argument is larger than 8 byte.
+Although in this case the address should not be on kernel stack, current
+implementation of ALSA bebob driver uses data in kernel stack for a cue
+to boot M-Audio devices. This often brings unexpected result, especially
+for a case of CONFIG_VMAP_STACK=y.
+
+This commit fixes the bug.
+
+Reference: https://bugzilla.kernel.org/show_bug.cgi?id=201021
+Reference: https://forum.manjaro.org/t/firewire-m-audio-410-driver-wont-load-firmware/51165
+Fixes: a2b2a7798fb6('ALSA: bebob: Send a cue to load firmware for M-Audio Firewire series')
+Cc: <stable@vger.kernel.org> # v3.16+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/bebob/bebob_maudio.c | 24 ++++++++++++++----------
+ 1 file changed, 14 insertions(+), 10 deletions(-)
+
+--- a/sound/firewire/bebob/bebob_maudio.c
++++ b/sound/firewire/bebob/bebob_maudio.c
+@@ -96,17 +96,13 @@ int snd_bebob_maudio_load_firmware(struc
+ struct fw_device *device = fw_parent_device(unit);
+ int err, rcode;
+ u64 date;
+- __le32 cues[3] = {
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE1),
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE2),
+- cpu_to_le32(MAUDIO_BOOTLOADER_CUE3)
+- };
++ __le32 *cues;
+
+ /* check date of software used to build */
+ err = snd_bebob_read_block(unit, INFO_OFFSET_SW_DATE,
+ &date, sizeof(u64));
+ if (err < 0)
+- goto end;
++ return err;
+ /*
+ * firmware version 5058 or later has date later than "20070401", but
+ * 'date' is not null-terminated.
+@@ -114,20 +110,28 @@ int snd_bebob_maudio_load_firmware(struc
+ if (date < 0x3230303730343031LL) {
+ dev_err(&unit->device,
+ "Use firmware version 5058 or later\n");
+- err = -ENOSYS;
+- goto end;
++ return -ENXIO;
+ }
+
++ cues = kmalloc_array(3, sizeof(*cues), GFP_KERNEL);
++ if (!cues)
++ return -ENOMEM;
++
++ cues[0] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE1);
++ cues[1] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE2);
++ cues[2] = cpu_to_le32(MAUDIO_BOOTLOADER_CUE3);
++
+ rcode = fw_run_transaction(device->card, TCODE_WRITE_BLOCK_REQUEST,
+ device->node_id, device->generation,
+ device->max_speed, BEBOB_ADDR_REG_REQ,
+- cues, sizeof(cues));
++ cues, 3 * sizeof(*cues));
++ kfree(cues);
+ if (rcode != RCODE_COMPLETE) {
+ dev_err(&unit->device,
+ "Failed to send a cue to load firmware\n");
+ err = -EIO;
+ }
+-end:
++
+ return err;
+ }
+
--- /dev/null
+From 49434c6c575d2008c0abbc93e615019f39e01252 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Sat, 8 Sep 2018 08:12:21 +0200
+Subject: ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
+
+From: Willy Tarreau <w@1wt.eu>
+
+commit 49434c6c575d2008c0abbc93e615019f39e01252 upstream.
+
+snd_emu10k1_fx8010_ioctl(SNDRV_EMU10K1_IOCTL_INFO) allocates
+memory using kmalloc() and partially fills it by calling
+snd_emu10k1_fx8010_info() before returning the resulting
+structure to userspace, leaving uninitialized holes. Let's
+just use kzalloc() here.
+
+BugLink: http://blog.infosectcbr.com.au/2018/09/linux-kernel-infoleaks.html
+Signed-off-by: Willy Tarreau <w@1wt.eu>
+Cc: Jann Horn <jannh@google.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/emu10k1/emufx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/emu10k1/emufx.c
++++ b/sound/pci/emu10k1/emufx.c
+@@ -2540,7 +2540,7 @@ static int snd_emu10k1_fx8010_ioctl(stru
+ emu->support_tlv = 1;
+ return put_user(SNDRV_EMU10K1_VERSION, (int __user *)argp);
+ case SNDRV_EMU10K1_IOCTL_INFO:
+- info = kmalloc(sizeof(*info), GFP_KERNEL);
++ info = kzalloc(sizeof(*info), GFP_KERNEL);
+ if (!info)
+ return -ENOMEM;
+ snd_emu10k1_fx8010_info(emu, info);
--- /dev/null
+From 36f3a6e02c143a7e9e4e143e416371f67bc1fae6 Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Sun, 9 Sep 2018 22:25:52 +0900
+Subject: ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 36f3a6e02c143a7e9e4e143e416371f67bc1fae6 upstream.
+
+An allocated memory forgets to be released.
+
+Fixes: 76fdb3a9e13 ('ALSA: fireface: add support for Fireface 400')
+Cc: <stable@vger.kernel.org> # 4.12+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/fireface/ff-protocol-ff400.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/sound/firewire/fireface/ff-protocol-ff400.c
++++ b/sound/firewire/fireface/ff-protocol-ff400.c
+@@ -146,6 +146,7 @@ static int ff400_switch_fetching_mode(st
+ {
+ __le32 *reg;
+ int i;
++ int err;
+
+ reg = kcalloc(18, sizeof(__le32), GFP_KERNEL);
+ if (reg == NULL)
+@@ -163,9 +164,11 @@ static int ff400_switch_fetching_mode(st
+ reg[i] = cpu_to_le32(0x00000001);
+ }
+
+- return snd_fw_transaction(ff->unit, TCODE_WRITE_BLOCK_REQUEST,
+- FF400_FETCH_PCM_FRAMES, reg,
+- sizeof(__le32) * 18, 0);
++ err = snd_fw_transaction(ff->unit, TCODE_WRITE_BLOCK_REQUEST,
++ FF400_FETCH_PCM_FRAMES, reg,
++ sizeof(__le32) * 18, 0);
++ kfree(reg);
++ return err;
+ }
+
+ static void ff400_dump_sync_status(struct snd_ff *ff,
--- /dev/null
+From a49a83ab05e34edd6c71a4fbd062c9a7ba6d18aa Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Thu, 13 Sep 2018 21:30:34 +0900
+Subject: ALSA: firewire-digi00x: fix memory leak of private data
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit a49a83ab05e34edd6c71a4fbd062c9a7ba6d18aa upstream.
+
+Although private data of sound card instance is usually allocated in the
+tail of the instance, drivers in ALSA firewire stack allocate the private
+data before allocating the instance. In this case, the private data
+should be released explicitly at .private_free callback of the instance.
+
+This commit fixes memory leak following to the above design.
+
+Fixes: 86c8dd7f4da3 ('ALSA: firewire-digi00x: delayed registration of sound card')
+Cc: <stable@vger.kernel.org> # v4.7+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/digi00x/digi00x.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/firewire/digi00x/digi00x.c
++++ b/sound/firewire/digi00x/digi00x.c
+@@ -49,6 +49,7 @@ static void dg00x_free(struct snd_dg00x
+ fw_unit_put(dg00x->unit);
+
+ mutex_destroy(&dg00x->mutex);
++ kfree(dg00x);
+ }
+
+ static void dg00x_card_free(struct snd_card *card)
--- /dev/null
+From 8d28277c065a974873c6781d44b7bcdcd8fb4e8a Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Thu, 13 Sep 2018 21:31:05 +0900
+Subject: ALSA: firewire-tascam: fix memory leak of private data
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 8d28277c065a974873c6781d44b7bcdcd8fb4e8a upstream.
+
+Although private data of sound card instance is usually allocated in the
+tail of the instance, drivers in ALSA firewire stack allocate the private
+data before allocating the instance. In this case, the private data
+should be released explicitly at .private_free callback of the instance.
+
+This commit fixes memory leak following to the above design.
+
+Fixes: b610386c8afb ('ALSA: firewire-tascam: deleyed registration of sound card')
+Cc: <stable@vger.kernel.org> # v4.7+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/tascam/tascam.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/firewire/tascam/tascam.c
++++ b/sound/firewire/tascam/tascam.c
+@@ -93,6 +93,7 @@ static void tscm_free(struct snd_tscm *t
+ fw_unit_put(tscm->unit);
+
+ mutex_destroy(&tscm->mutex);
++ kfree(tscm);
+ }
+
+ static void tscm_card_free(struct snd_card *card)
--- /dev/null
+From c3b55e2ec9c76e7a0de2a0b1dc851fdc9440385b Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Mon, 17 Sep 2018 17:26:41 +0900
+Subject: ALSA: fireworks: fix memory leak of response buffer at error path
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit c3b55e2ec9c76e7a0de2a0b1dc851fdc9440385b upstream.
+
+After allocating memory object for response buffer, ALSA fireworks
+driver has leak of the memory object at error path.
+
+This commit releases the object at the error path.
+
+Fixes: 7d3c1d5901aa('ALSA: fireworks: delayed registration of sound card')
+Cc: <stable@vger.kernel.org> # v4.7+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/fireworks/fireworks.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/firewire/fireworks/fireworks.c
++++ b/sound/firewire/fireworks/fireworks.c
+@@ -301,6 +301,8 @@ error:
+ snd_efw_transaction_remove_instance(efw);
+ snd_efw_stream_destroy_duplex(efw);
+ snd_card_free(efw->card);
++ kfree(efw->resp_buf);
++ efw->resp_buf = NULL;
+ dev_info(&efw->unit->device,
+ "Sound card registration failed: %d\n", err);
+ }
--- /dev/null
+From ce925f088b979537f22f9e05eb923ef9822ca139 Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Mon, 17 Sep 2018 17:26:08 +0900
+Subject: ALSA: oxfw: fix memory leak for model-dependent data at error path
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit ce925f088b979537f22f9e05eb923ef9822ca139 upstream.
+
+After allocating model-dependent data, ALSA OXFW driver has memory leak
+of the data at error path.
+
+This commit releases the data at the error path.
+
+Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card')
+Cc: <stable@vger.kernel.org> # v4.7+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/oxfw/oxfw.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/firewire/oxfw/oxfw.c
++++ b/sound/firewire/oxfw/oxfw.c
+@@ -270,6 +270,8 @@ error:
+ if (oxfw->has_output)
+ snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->tx_stream);
+ snd_card_free(oxfw->card);
++ kfree(oxfw->spec);
++ oxfw->spec = NULL;
+ dev_info(&oxfw->unit->device,
+ "Sound card registration failed: %d\n", err);
+ }
--- /dev/null
+From 1064bc685d359f549f91c2d5f111965a9284f328 Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Mon, 17 Sep 2018 17:26:20 +0900
+Subject: ALSA: oxfw: fix memory leak of discovered stream formats at error path
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 1064bc685d359f549f91c2d5f111965a9284f328 upstream.
+
+After finishing discover of stream formats, ALSA OXFW driver has memory
+leak of allocated memory object at error path.
+
+This commit releases the memory object at the error path.
+
+Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card')
+Cc: <stable@vger.kernel.org> # v4.7+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/oxfw/oxfw.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/sound/firewire/oxfw/oxfw.c
++++ b/sound/firewire/oxfw/oxfw.c
+@@ -207,6 +207,7 @@ static int detect_quirks(struct snd_oxfw
+ static void do_registration(struct work_struct *work)
+ {
+ struct snd_oxfw *oxfw = container_of(work, struct snd_oxfw, dwork.work);
++ int i;
+ int err;
+
+ if (oxfw->registered)
+@@ -269,6 +270,12 @@ error:
+ snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->rx_stream);
+ if (oxfw->has_output)
+ snd_oxfw_stream_destroy_simplex(oxfw, &oxfw->tx_stream);
++ for (i = 0; i < SND_OXFW_STREAM_FORMAT_ENTRIES; ++i) {
++ kfree(oxfw->tx_stream_formats[i]);
++ oxfw->tx_stream_formats[i] = NULL;
++ kfree(oxfw->rx_stream_formats[i]);
++ oxfw->rx_stream_formats[i] = NULL;
++ }
+ snd_card_free(oxfw->card);
+ kfree(oxfw->spec);
+ oxfw->spec = NULL;
--- /dev/null
+From 498fe23aad8e3b5a9554f55719c537603b4476ea Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Thu, 13 Sep 2018 21:31:18 +0900
+Subject: ALSA: oxfw: fix memory leak of private data
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 498fe23aad8e3b5a9554f55719c537603b4476ea upstream.
+
+Although private data of sound card instance is usually allocated in the
+tail of the instance, drivers in ALSA firewire stack allocate the private
+data before allocating the instance. In this case, the private data
+should be released explicitly at .private_free callback of the instance.
+
+This commit fixes memory leak following to the above design.
+
+Fixes: 6c29230e2a5f ('ALSA: oxfw: delayed registration of sound card')
+Cc: <stable@vger.kernel.org> # v4.7+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/oxfw/oxfw.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/firewire/oxfw/oxfw.c
++++ b/sound/firewire/oxfw/oxfw.c
+@@ -130,6 +130,7 @@ static void oxfw_free(struct snd_oxfw *o
+
+ kfree(oxfw->spec);
+ mutex_destroy(&oxfw->mutex);
++ kfree(oxfw);
+ }
+
+ /*
--- /dev/null
+From 90a3b7f8aba3011badacd6d8121e03aa24ac79d1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Szymanski?=
+ <sebastien.szymanski@armadeus.com>
+Date: Thu, 6 Sep 2018 11:16:00 +0200
+Subject: ASoC: cs4265: fix MMTLR Data switch control
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
+
+commit 90a3b7f8aba3011badacd6d8121e03aa24ac79d1 upstream.
+
+The MMTLR bit is in the CS4265_SPDIF_CTL2 register at address 0x12 bit 0
+and not at address 0x0 bit 1. Fix this.
+
+Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/cs4265.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/soc/codecs/cs4265.c
++++ b/sound/soc/codecs/cs4265.c
+@@ -157,8 +157,8 @@ static const struct snd_kcontrol_new cs4
+ SOC_SINGLE("Validity Bit Control Switch", CS4265_SPDIF_CTL2,
+ 3, 1, 0),
+ SOC_ENUM("SPDIF Mono/Stereo", spdif_mono_stereo_enum),
+- SOC_SINGLE("MMTLR Data Switch", 0,
+- 1, 1, 0),
++ SOC_SINGLE("MMTLR Data Switch", CS4265_SPDIF_CTL2,
++ 0, 1, 0),
+ SOC_ENUM("Mono Channel Select", spdif_mono_select_enum),
+ SND_SOC_BYTES("C Data Buffer", CS4265_C_DATA_BUFF, 24),
+ };
--- /dev/null
+From 4d230d12710646788af581ba0155d83ab48b955c Mon Sep 17 00:00:00 2001
+From: Jiada Wang <jiada_wang@mentor.com>
+Date: Mon, 3 Sep 2018 07:08:58 +0000
+Subject: ASoC: rsnd: fixup not to call clk_get/set under non-atomic
+
+From: Jiada Wang <jiada_wang@mentor.com>
+
+commit 4d230d12710646788af581ba0155d83ab48b955c upstream.
+
+Clocking operations clk_get/set_rate, are non-atomic,
+they shouldn't be called in soc_pcm_trigger() which is atomic.
+
+Following issue was found due to execution of clk_get_rate() causes
+sleep in soc_pcm_trigger(), which shouldn't be blocked.
+
+We can reproduce this issue by following
+ > enable CONFIG_DEBUG_ATOMIC_SLEEP=y
+ > compile, and boot
+ > mount -t debugfs none /sys/kernel/debug
+ > while true; do cat /sys/kernel/debug/clk/clk_summary > /dev/null; done &
+ > while true; do aplay xxx; done
+
+This patch adds support to .prepare callback, and moves non-atomic
+clocking operations to it. As .prepare is non-atomic, it is always
+called before trigger_start/trigger_stop.
+
+ BUG: sleeping function called from invalid context at kernel/locking/mutex.c:620
+ in_atomic(): 1, irqs_disabled(): 128, pid: 2242, name: aplay
+ INFO: lockdep is turned off.
+ irq event stamp: 5964
+ hardirqs last enabled at (5963): [<ffff200008e59e40>] mutex_lock_nested+0x6e8/0x6f0
+ hardirqs last disabled at (5964): [<ffff200008e623f0>] _raw_spin_lock_irqsave+0x24/0x68
+ softirqs last enabled at (5502): [<ffff200008081838>] __do_softirq+0x560/0x10c0
+ softirqs last disabled at (5495): [<ffff2000080c2e78>] irq_exit+0x160/0x25c
+ Preemption disabled at:[ 62.904063] [<ffff200008be4d48>] snd_pcm_stream_lock+0xb4/0xc0
+ CPU: 2 PID: 2242 Comm: aplay Tainted: G B C 4.9.54+ #186
+ Hardware name: Renesas Salvator-X board based on r8a7795 (DT)
+ Call trace:
+ [<ffff20000808fe48>] dump_backtrace+0x0/0x37c
+ [<ffff2000080901d8>] show_stack+0x14/0x1c
+ [<ffff2000086f4458>] dump_stack+0xfc/0x154
+ [<ffff2000081134a0>] ___might_sleep+0x57c/0x58c
+ [<ffff2000081136b8>] __might_sleep+0x208/0x21c
+ [<ffff200008e5980c>] mutex_lock_nested+0xb4/0x6f0
+ [<ffff2000087cac74>] clk_prepare_lock+0xb0/0x184
+ [<ffff2000087cb094>] clk_core_get_rate+0x14/0x54
+ [<ffff2000087cb0f4>] clk_get_rate+0x20/0x34
+ [<ffff20000113aa00>] rsnd_adg_ssi_clk_try_start+0x158/0x4f8 [snd_soc_rcar]
+ [<ffff20000113da00>] rsnd_ssi_init+0x668/0x7a0 [snd_soc_rcar]
+ [<ffff200001133ff4>] rsnd_soc_dai_trigger+0x4bc/0xcf8 [snd_soc_rcar]
+ [<ffff200008c1af24>] soc_pcm_trigger+0x2a4/0x2d4
+
+Fixes: e7d850dd10f4 ("ASoC: rsnd: use mod base common method on SSI-parent")
+Signed-off-by: Jiada Wang <jiada_wang@mentor.com>
+Signed-off-by: Timo Wischer <twischer@de.adit-jv.com>
+[Kuninori: tidyup for upstream]
+Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
+Tested-by: Hiroyuki Yokoyama <hiroyuki.yokoyama.vx@renesas.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/sh/rcar/core.c | 11 +++++++++++
+ sound/soc/sh/rcar/rsnd.h | 7 +++++++
+ sound/soc/sh/rcar/ssi.c | 16 ++++++++++------
+ 3 files changed, 28 insertions(+), 6 deletions(-)
+
+--- a/sound/soc/sh/rcar/core.c
++++ b/sound/soc/sh/rcar/core.c
+@@ -953,12 +953,23 @@ static void rsnd_soc_dai_shutdown(struct
+ rsnd_dai_stream_quit(io);
+ }
+
++static int rsnd_soc_dai_prepare(struct snd_pcm_substream *substream,
++ struct snd_soc_dai *dai)
++{
++ struct rsnd_priv *priv = rsnd_dai_to_priv(dai);
++ struct rsnd_dai *rdai = rsnd_dai_to_rdai(dai);
++ struct rsnd_dai_stream *io = rsnd_rdai_to_io(rdai, substream);
++
++ return rsnd_dai_call(prepare, io, priv);
++}
++
+ static const struct snd_soc_dai_ops rsnd_soc_dai_ops = {
+ .startup = rsnd_soc_dai_startup,
+ .shutdown = rsnd_soc_dai_shutdown,
+ .trigger = rsnd_soc_dai_trigger,
+ .set_fmt = rsnd_soc_dai_set_fmt,
+ .set_tdm_slot = rsnd_soc_set_dai_tdm_slot,
++ .prepare = rsnd_soc_dai_prepare,
+ };
+
+ void rsnd_parse_connect_common(struct rsnd_dai *rdai,
+--- a/sound/soc/sh/rcar/rsnd.h
++++ b/sound/soc/sh/rcar/rsnd.h
+@@ -283,6 +283,9 @@ struct rsnd_mod_ops {
+ int (*nolock_stop)(struct rsnd_mod *mod,
+ struct rsnd_dai_stream *io,
+ struct rsnd_priv *priv);
++ int (*prepare)(struct rsnd_mod *mod,
++ struct rsnd_dai_stream *io,
++ struct rsnd_priv *priv);
+ };
+
+ struct rsnd_dai_stream;
+@@ -312,6 +315,7 @@ struct rsnd_mod {
+ * H 0: fallback
+ * H 0: hw_params
+ * H 0: pointer
++ * H 0: prepare
+ */
+ #define __rsnd_mod_shift_nolock_start 0
+ #define __rsnd_mod_shift_nolock_stop 0
+@@ -326,6 +330,7 @@ struct rsnd_mod {
+ #define __rsnd_mod_shift_fallback 28 /* always called */
+ #define __rsnd_mod_shift_hw_params 28 /* always called */
+ #define __rsnd_mod_shift_pointer 28 /* always called */
++#define __rsnd_mod_shift_prepare 28 /* always called */
+
+ #define __rsnd_mod_add_probe 0
+ #define __rsnd_mod_add_remove 0
+@@ -340,6 +345,7 @@ struct rsnd_mod {
+ #define __rsnd_mod_add_fallback 0
+ #define __rsnd_mod_add_hw_params 0
+ #define __rsnd_mod_add_pointer 0
++#define __rsnd_mod_add_prepare 0
+
+ #define __rsnd_mod_call_probe 0
+ #define __rsnd_mod_call_remove 0
+@@ -354,6 +360,7 @@ struct rsnd_mod {
+ #define __rsnd_mod_call_pointer 0
+ #define __rsnd_mod_call_nolock_start 0
+ #define __rsnd_mod_call_nolock_stop 1
++#define __rsnd_mod_call_prepare 0
+
+ #define rsnd_mod_to_priv(mod) ((mod)->priv)
+ #define rsnd_mod_name(mod) ((mod)->ops->name)
+--- a/sound/soc/sh/rcar/ssi.c
++++ b/sound/soc/sh/rcar/ssi.c
+@@ -286,7 +286,7 @@ static int rsnd_ssi_master_clk_start(str
+ if (rsnd_ssi_is_multi_slave(mod, io))
+ return 0;
+
+- if (ssi->usrcnt > 1) {
++ if (ssi->rate) {
+ if (ssi->rate != rate) {
+ dev_err(dev, "SSI parent/child should use same rate\n");
+ return -EINVAL;
+@@ -431,7 +431,6 @@ static int rsnd_ssi_init(struct rsnd_mod
+ struct rsnd_priv *priv)
+ {
+ struct rsnd_ssi *ssi = rsnd_mod_to_ssi(mod);
+- int ret;
+
+ if (!rsnd_ssi_is_run_mods(mod, io))
+ return 0;
+@@ -440,10 +439,6 @@ static int rsnd_ssi_init(struct rsnd_mod
+
+ rsnd_mod_power_on(mod);
+
+- ret = rsnd_ssi_master_clk_start(mod, io);
+- if (ret < 0)
+- return ret;
+-
+ rsnd_ssi_config_init(mod, io);
+
+ rsnd_ssi_register_setup(mod);
+@@ -846,6 +841,13 @@ static int rsnd_ssi_pio_pointer(struct r
+ return 0;
+ }
+
++static int rsnd_ssi_prepare(struct rsnd_mod *mod,
++ struct rsnd_dai_stream *io,
++ struct rsnd_priv *priv)
++{
++ return rsnd_ssi_master_clk_start(mod, io);
++}
++
+ static struct rsnd_mod_ops rsnd_ssi_pio_ops = {
+ .name = SSI_NAME,
+ .probe = rsnd_ssi_common_probe,
+@@ -858,6 +860,7 @@ static struct rsnd_mod_ops rsnd_ssi_pio_
+ .pointer = rsnd_ssi_pio_pointer,
+ .pcm_new = rsnd_ssi_pcm_new,
+ .hw_params = rsnd_ssi_hw_params,
++ .prepare = rsnd_ssi_prepare,
+ };
+
+ static int rsnd_ssi_dma_probe(struct rsnd_mod *mod,
+@@ -934,6 +937,7 @@ static struct rsnd_mod_ops rsnd_ssi_dma_
+ .pcm_new = rsnd_ssi_pcm_new,
+ .fallback = rsnd_ssi_fallback,
+ .hw_params = rsnd_ssi_hw_params,
++ .prepare = rsnd_ssi_prepare,
+ };
+
+ int rsnd_ssi_is_dma_mode(struct rsnd_mod *mod)
--- /dev/null
+From d40e3e9e44db4b3c8777f3b515ba6097ba26e3b2 Mon Sep 17 00:00:00 2001
+From: "Andrew F. Davis" <afd@ti.com>
+Date: Fri, 31 Aug 2018 10:14:05 -0500
+Subject: ASoC: tas6424: Save last fault register even when clear
+
+From: Andrew F. Davis <afd@ti.com>
+
+commit d40e3e9e44db4b3c8777f3b515ba6097ba26e3b2 upstream.
+
+When there is no fault bit set in a fault register we skip the fault
+reporting section for that register. This also skips over saving that
+registers value. We save the value so we will not double report an
+error, but if an error clears then returns we will also not report it
+as we did not save the all cleared register value. Fix this by saving
+the fault register value in the all clear path.
+
+Signed-off-by: Andrew F. Davis <afd@ti.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/tas6424.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+--- a/sound/soc/codecs/tas6424.c
++++ b/sound/soc/codecs/tas6424.c
+@@ -424,8 +424,10 @@ static void tas6424_fault_check_work(str
+ TAS6424_FAULT_PVDD_UV |
+ TAS6424_FAULT_VBAT_UV;
+
+- if (reg)
++ if (!reg) {
++ tas6424->last_fault1 = reg;
+ goto check_global_fault2_reg;
++ }
+
+ /*
+ * Only flag errors once for a given occurrence. This is needed as
+@@ -461,8 +463,10 @@ check_global_fault2_reg:
+ TAS6424_FAULT_OTSD_CH3 |
+ TAS6424_FAULT_OTSD_CH4;
+
+- if (!reg)
++ if (!reg) {
++ tas6424->last_fault2 = reg;
+ goto check_warn_reg;
++ }
+
+ if ((reg & TAS6424_FAULT_OTSD) && !(tas6424->last_fault2 & TAS6424_FAULT_OTSD))
+ dev_crit(dev, "experienced a global overtemp shutdown\n");
+@@ -497,8 +501,10 @@ check_warn_reg:
+ TAS6424_WARN_VDD_OTW_CH3 |
+ TAS6424_WARN_VDD_OTW_CH4;
+
+- if (!reg)
++ if (!reg) {
++ tas6424->last_warn = reg;
+ goto out;
++ }
+
+ if ((reg & TAS6424_WARN_VDD_UV) && !(tas6424->last_warn & TAS6424_WARN_VDD_UV))
+ dev_warn(dev, "experienced a VDD under voltage condition\n");
--- /dev/null
+From fb504caae7ef85be159743bd4b08ecde269ba55f Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Mon, 13 Aug 2018 18:50:02 +0300
+Subject: ASoC: uapi: fix sound/skl-tplg-interface.h userspace compilation errors
+
+From: Dmitry V. Levin <ldv@altlinux.org>
+
+commit fb504caae7ef85be159743bd4b08ecde269ba55f upstream.
+
+Include <linux/types.h> and consistently use types it provides
+to fix the following sound/skl-tplg-interface.h userspace compilation errors:
+
+/usr/include/sound/skl-tplg-interface.h:146:2: error: unknown type name 'u32'
+ u32 set_params:2;
+/usr/include/sound/skl-tplg-interface.h:147:2: error: unknown type name 'u32'
+ u32 rsvd:30;
+/usr/include/sound/skl-tplg-interface.h:148:2: error: unknown type name 'u32'
+ u32 param_id;
+/usr/include/sound/skl-tplg-interface.h:149:2: error: unknown type name 'u32'
+ u32 max;
+/usr/include/sound/skl-tplg-interface.h:166:2: error: unknown type name 'u16'
+ u16 module_id;
+/usr/include/sound/skl-tplg-interface.h:167:2: error: unknown type name 'u16'
+ u16 instance_id;
+/usr/include/sound/skl-tplg-interface.h:171:2: error: unknown type name 'u32'
+ u32 channels;
+/usr/include/sound/skl-tplg-interface.h:172:2: error: unknown type name 'u32'
+ u32 freq;
+/usr/include/sound/skl-tplg-interface.h:173:2: error: unknown type name 'u32'
+ u32 bit_depth;
+/usr/include/sound/skl-tplg-interface.h:174:2: error: unknown type name 'u32'
+ u32 valid_bit_depth;
+/usr/include/sound/skl-tplg-interface.h:175:2: error: unknown type name 'u32'
+ u32 ch_cfg;
+/usr/include/sound/skl-tplg-interface.h:176:2: error: unknown type name 'u32'
+ u32 interleaving_style;
+/usr/include/sound/skl-tplg-interface.h:177:2: error: unknown type name 'u32'
+ u32 sample_type;
+/usr/include/sound/skl-tplg-interface.h:178:2: error: unknown type name 'u32'
+ u32 ch_map;
+/usr/include/sound/skl-tplg-interface.h:182:2: error: unknown type name 'u32'
+ u32 set_params:2;
+/usr/include/sound/skl-tplg-interface.h:183:2: error: unknown type name 'u32'
+ u32 rsvd:30;
+/usr/include/sound/skl-tplg-interface.h:184:2: error: unknown type name 'u32'
+ u32 param_id;
+/usr/include/sound/skl-tplg-interface.h:185:2: error: unknown type name 'u32'
+ u32 caps_size;
+/usr/include/sound/skl-tplg-interface.h:186:2: error: unknown type name 'u32'
+ u32 caps[HDA_SST_CFG_MAX];
+/usr/include/sound/skl-tplg-interface.h:190:2: error: unknown type name 'u8'
+ u8 pipe_id;
+/usr/include/sound/skl-tplg-interface.h:191:2: error: unknown type name 'u8'
+ u8 pipe_priority;
+/usr/include/sound/skl-tplg-interface.h:192:2: error: unknown type name 'u16'
+ u16 conn_type:4;
+/usr/include/sound/skl-tplg-interface.h:193:2: error: unknown type name 'u16'
+ u16 rsvd:4;
+/usr/include/sound/skl-tplg-interface.h:194:2: error: unknown type name 'u16'
+ u16 memory_pages:8;
+/usr/include/sound/skl-tplg-interface.h:200:2: error: unknown type name 'u16'
+ u16 module_id;
+/usr/include/sound/skl-tplg-interface.h:201:2: error: unknown type name 'u16'
+ u16 instance_id;
+/usr/include/sound/skl-tplg-interface.h:202:2: error: unknown type name 'u32'
+ u32 max_mcps;
+/usr/include/sound/skl-tplg-interface.h:203:2: error: unknown type name 'u32'
+ u32 mem_pages;
+/usr/include/sound/skl-tplg-interface.h:204:2: error: unknown type name 'u32'
+ u32 obs;
+/usr/include/sound/skl-tplg-interface.h:205:2: error: unknown type name 'u32'
+ u32 ibs;
+/usr/include/sound/skl-tplg-interface.h:206:2: error: unknown type name 'u32'
+ u32 vbus_id;
+/usr/include/sound/skl-tplg-interface.h:208:2: error: unknown type name 'u32'
+ u32 max_in_queue:8;
+/usr/include/sound/skl-tplg-interface.h:209:2: error: unknown type name 'u32'
+ u32 max_out_queue:8;
+/usr/include/sound/skl-tplg-interface.h:210:2: error: unknown type name 'u32'
+ u32 time_slot:8;
+/usr/include/sound/skl-tplg-interface.h:211:2: error: unknown type name 'u32'
+ u32 core_id:4;
+/usr/include/sound/skl-tplg-interface.h:212:2: error: unknown type name 'u32'
+ u32 rsvd1:4;
+/usr/include/sound/skl-tplg-interface.h:214:2: error: unknown type name 'u32'
+ u32 module_type:8;
+/usr/include/sound/skl-tplg-interface.h:215:2: error: unknown type name 'u32'
+ u32 conn_type:4;
+/usr/include/sound/skl-tplg-interface.h:216:2: error: unknown type name 'u32'
+ u32 dev_type:4;
+/usr/include/sound/skl-tplg-interface.h:217:2: error: unknown type name 'u32'
+ u32 hw_conn_type:4;
+/usr/include/sound/skl-tplg-interface.h:218:2: error: unknown type name 'u32'
+ u32 rsvd2:12;
+/usr/include/sound/skl-tplg-interface.h:220:2: error: unknown type name 'u32'
+ u32 params_fixup:8;
+/usr/include/sound/skl-tplg-interface.h:221:2: error: unknown type name 'u32'
+ u32 converter:8;
+/usr/include/sound/skl-tplg-interface.h:222:2: error: unknown type name 'u32'
+ u32 input_pin_type:1;
+/usr/include/sound/skl-tplg-interface.h:223:2: error: unknown type name 'u32'
+ u32 output_pin_type:1;
+/usr/include/sound/skl-tplg-interface.h:224:2: error: unknown type name 'u32'
+ u32 is_dynamic_in_pin:1;
+/usr/include/sound/skl-tplg-interface.h:225:2: error: unknown type name 'u32'
+ u32 is_dynamic_out_pin:1;
+/usr/include/sound/skl-tplg-interface.h:226:2: error: unknown type name 'u32'
+ u32 is_loadable:1;
+/usr/include/sound/skl-tplg-interface.h:227:2: error: unknown type name 'u32'
+ u32 rsvd3:11;
+
+Fixes: 0c24fdc00244 ("ASoC: topology: Move skl-tplg-interface.h to uapi")
+Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
+Reviewed-by: Guenter Roeck <groeck@chromium.org>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: <stable@vger.kernel.org> # v4.18
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/uapi/sound/skl-tplg-interface.h | 106 ++++++++++++++++----------------
+ 1 file changed, 54 insertions(+), 52 deletions(-)
+
+--- a/include/uapi/sound/skl-tplg-interface.h
++++ b/include/uapi/sound/skl-tplg-interface.h
+@@ -10,6 +10,8 @@
+ #ifndef __HDA_TPLG_INTERFACE_H__
+ #define __HDA_TPLG_INTERFACE_H__
+
++#include <linux/types.h>
++
+ /*
+ * Default types range from 0~12. type can range from 0 to 0xff
+ * SST types start at higher to avoid any overlapping in future
+@@ -143,10 +145,10 @@ enum skl_module_param_type {
+ };
+
+ struct skl_dfw_algo_data {
+- u32 set_params:2;
+- u32 rsvd:30;
+- u32 param_id;
+- u32 max;
++ __u32 set_params:2;
++ __u32 rsvd:30;
++ __u32 param_id;
++ __u32 max;
+ char params[0];
+ } __packed;
+
+@@ -163,68 +165,68 @@ enum skl_tuple_type {
+ /* v4 configuration data */
+
+ struct skl_dfw_v4_module_pin {
+- u16 module_id;
+- u16 instance_id;
++ __u16 module_id;
++ __u16 instance_id;
+ } __packed;
+
+ struct skl_dfw_v4_module_fmt {
+- u32 channels;
+- u32 freq;
+- u32 bit_depth;
+- u32 valid_bit_depth;
+- u32 ch_cfg;
+- u32 interleaving_style;
+- u32 sample_type;
+- u32 ch_map;
++ __u32 channels;
++ __u32 freq;
++ __u32 bit_depth;
++ __u32 valid_bit_depth;
++ __u32 ch_cfg;
++ __u32 interleaving_style;
++ __u32 sample_type;
++ __u32 ch_map;
+ } __packed;
+
+ struct skl_dfw_v4_module_caps {
+- u32 set_params:2;
+- u32 rsvd:30;
+- u32 param_id;
+- u32 caps_size;
+- u32 caps[HDA_SST_CFG_MAX];
++ __u32 set_params:2;
++ __u32 rsvd:30;
++ __u32 param_id;
++ __u32 caps_size;
++ __u32 caps[HDA_SST_CFG_MAX];
+ } __packed;
+
+ struct skl_dfw_v4_pipe {
+- u8 pipe_id;
+- u8 pipe_priority;
+- u16 conn_type:4;
+- u16 rsvd:4;
+- u16 memory_pages:8;
++ __u8 pipe_id;
++ __u8 pipe_priority;
++ __u16 conn_type:4;
++ __u16 rsvd:4;
++ __u16 memory_pages:8;
+ } __packed;
+
+ struct skl_dfw_v4_module {
+ char uuid[SKL_UUID_STR_SZ];
+
+- u16 module_id;
+- u16 instance_id;
+- u32 max_mcps;
+- u32 mem_pages;
+- u32 obs;
+- u32 ibs;
+- u32 vbus_id;
+-
+- u32 max_in_queue:8;
+- u32 max_out_queue:8;
+- u32 time_slot:8;
+- u32 core_id:4;
+- u32 rsvd1:4;
+-
+- u32 module_type:8;
+- u32 conn_type:4;
+- u32 dev_type:4;
+- u32 hw_conn_type:4;
+- u32 rsvd2:12;
+-
+- u32 params_fixup:8;
+- u32 converter:8;
+- u32 input_pin_type:1;
+- u32 output_pin_type:1;
+- u32 is_dynamic_in_pin:1;
+- u32 is_dynamic_out_pin:1;
+- u32 is_loadable:1;
+- u32 rsvd3:11;
++ __u16 module_id;
++ __u16 instance_id;
++ __u32 max_mcps;
++ __u32 mem_pages;
++ __u32 obs;
++ __u32 ibs;
++ __u32 vbus_id;
++
++ __u32 max_in_queue:8;
++ __u32 max_out_queue:8;
++ __u32 time_slot:8;
++ __u32 core_id:4;
++ __u32 rsvd1:4;
++
++ __u32 module_type:8;
++ __u32 conn_type:4;
++ __u32 dev_type:4;
++ __u32 hw_conn_type:4;
++ __u32 rsvd2:12;
++
++ __u32 params_fixup:8;
++ __u32 converter:8;
++ __u32 input_pin_type:1;
++ __u32 output_pin_type:1;
++ __u32 is_dynamic_in_pin:1;
++ __u32 is_dynamic_out_pin:1;
++ __u32 is_loadable:1;
++ __u32 rsvd3:11;
+
+ struct skl_dfw_v4_pipe pipe;
+ struct skl_dfw_v4_module_fmt in_fmt[MAX_IN_QUEUE];
--- /dev/null
+From 5e4cfadaf5b73a0801b2fa7fb007f98400ebfe6e Mon Sep 17 00:00:00 2001
+From: Marcel Ziswiler <marcel.ziswiler@toradex.com>
+Date: Tue, 14 Aug 2018 00:35:56 +0200
+Subject: ASoC: wm9712: fix replace codec to component
+
+From: Marcel Ziswiler <marcel.ziswiler@toradex.com>
+
+commit 5e4cfadaf5b73a0801b2fa7fb007f98400ebfe6e upstream.
+
+Since commit 143b44845d87 ("ASoC: wm9712: replace codec to component")
+"wm9712-codec" got renamed to "wm9712-component", however, this change
+never got propagated down to the actual board/platform drivers. E.g. on
+Colibri T20 this lead to the following spew upon boot with sound/touch
+being broken:
+
+[ 2.214121] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered
+[ 2.222137] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517)
+...
+[ 2.344384] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered
+[ 2.351885] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517)
+...
+[ 2.668339] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered
+[ 2.675811] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517)
+...
+[ 3.208408] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered
+[ 3.216312] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517)
+...
+[ 3.235397] tegra-snd-wm9712 sound: ASoC: CODEC DAI wm9712-hifi not registered
+[ 3.248938] tegra-snd-wm9712 sound: snd_soc_register_card failed (-517)
+...
+[ 14.970443] ALSA device list:
+[ 14.996628] No soundcards found.
+
+This commit finally fixes this again.
+
+Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
+Acked-by: Charles Keepax <ckeepax@opensource.cirrus.com>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/codecs/wm9712.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/soc/codecs/wm9712.c
++++ b/sound/soc/codecs/wm9712.c
+@@ -719,7 +719,7 @@ static int wm9712_probe(struct platform_
+
+ static struct platform_driver wm9712_component_driver = {
+ .driver = {
+- .name = "wm9712-component",
++ .name = "wm9712-codec",
+ },
+
+ .probe = wm9712_probe,
--- /dev/null
+From 24568b47d48ec8c906fd0f589489a08b17e1edca Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Wed, 5 Sep 2018 09:26:41 +0200
+Subject: crypto: x86/aegis,morus - Do not require OSXSAVE for SSE2
+
+From: Ondrej Mosnacek <omosnace@redhat.com>
+
+commit 24568b47d48ec8c906fd0f589489a08b17e1edca upstream.
+
+It turns out OSXSAVE needs to be checked only for AVX, not for SSE.
+Without this patch the affected modules refuse to load on CPUs with SSE2
+but without AVX support.
+
+Fixes: 877ccce7cbe8 ("crypto: x86/aegis,morus - Fix and simplify CPUID checks")
+Cc: <stable@vger.kernel.org> # 4.18
+Reported-by: Zdenek Kaspar <zkaspar82@gmail.com>
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/crypto/aegis128-aesni-glue.c | 1 -
+ arch/x86/crypto/aegis128l-aesni-glue.c | 1 -
+ arch/x86/crypto/aegis256-aesni-glue.c | 1 -
+ arch/x86/crypto/morus1280-sse2-glue.c | 1 -
+ arch/x86/crypto/morus640-sse2-glue.c | 1 -
+ 5 files changed, 5 deletions(-)
+
+--- a/arch/x86/crypto/aegis128-aesni-glue.c
++++ b/arch/x86/crypto/aegis128-aesni-glue.c
+@@ -379,7 +379,6 @@ static int __init crypto_aegis128_aesni_
+ {
+ if (!boot_cpu_has(X86_FEATURE_XMM2) ||
+ !boot_cpu_has(X86_FEATURE_AES) ||
+- !boot_cpu_has(X86_FEATURE_OSXSAVE) ||
+ !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL))
+ return -ENODEV;
+
+--- a/arch/x86/crypto/aegis128l-aesni-glue.c
++++ b/arch/x86/crypto/aegis128l-aesni-glue.c
+@@ -379,7 +379,6 @@ static int __init crypto_aegis128l_aesni
+ {
+ if (!boot_cpu_has(X86_FEATURE_XMM2) ||
+ !boot_cpu_has(X86_FEATURE_AES) ||
+- !boot_cpu_has(X86_FEATURE_OSXSAVE) ||
+ !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL))
+ return -ENODEV;
+
+--- a/arch/x86/crypto/aegis256-aesni-glue.c
++++ b/arch/x86/crypto/aegis256-aesni-glue.c
+@@ -379,7 +379,6 @@ static int __init crypto_aegis256_aesni_
+ {
+ if (!boot_cpu_has(X86_FEATURE_XMM2) ||
+ !boot_cpu_has(X86_FEATURE_AES) ||
+- !boot_cpu_has(X86_FEATURE_OSXSAVE) ||
+ !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL))
+ return -ENODEV;
+
+--- a/arch/x86/crypto/morus1280-sse2-glue.c
++++ b/arch/x86/crypto/morus1280-sse2-glue.c
+@@ -40,7 +40,6 @@ MORUS1280_DECLARE_ALGS(sse2, "morus1280-
+ static int __init crypto_morus1280_sse2_module_init(void)
+ {
+ if (!boot_cpu_has(X86_FEATURE_XMM2) ||
+- !boot_cpu_has(X86_FEATURE_OSXSAVE) ||
+ !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL))
+ return -ENODEV;
+
+--- a/arch/x86/crypto/morus640-sse2-glue.c
++++ b/arch/x86/crypto/morus640-sse2-glue.c
+@@ -40,7 +40,6 @@ MORUS640_DECLARE_ALGS(sse2, "morus640-ss
+ static int __init crypto_morus640_sse2_module_init(void)
+ {
+ if (!boot_cpu_has(X86_FEATURE_XMM2) ||
+- !boot_cpu_has(X86_FEATURE_OSXSAVE) ||
+ !cpu_has_xfeatures(XFEATURE_MASK_SSE, NULL))
+ return -ENODEV;
+
--- /dev/null
+From f83606f5eb007adc33bc8541ede00590f477bdeb Mon Sep 17 00:00:00 2001
+From: KJ Tsanaktsidis <ktsanaktsidis@zendesk.com>
+Date: Thu, 20 Sep 2018 12:22:25 -0700
+Subject: fork: report pid exhaustion correctly
+
+From: KJ Tsanaktsidis <ktsanaktsidis@zendesk.com>
+
+commit f83606f5eb007adc33bc8541ede00590f477bdeb upstream.
+
+Make the clone and fork syscalls return EAGAIN when the limit on the
+number of pids /proc/sys/kernel/pid_max is exceeded.
+
+Currently, when the pid_max limit is exceeded, the kernel will return
+ENOSPC from the fork and clone syscalls. This is contrary to the
+documented behaviour, which explicitly calls out the pid_max case as one
+where EAGAIN should be returned. It also leads to really confusing error
+messages in userspace programs which will complain about a lack of disk
+space when they fail to create processes/threads for this reason.
+
+This error is being returned because alloc_pid() uses the idr api to find
+a new pid; when there are none available, idr_alloc_cyclic() returns
+-ENOSPC, and this is being propagated back to userspace.
+
+This behaviour has been broken before, and was explicitly fixed in
+commit 35f71bc0a09a ("fork: report pid reservation failure properly"),
+so I think -EAGAIN is definitely the right thing to return in this case.
+The current behaviour change dates from commit 95846ecf9dac ("pid:
+replace pid bitmap implementation with IDR AIP") and was I believe
+unintentional.
+
+This patch has no impact on the case where allocating a pid fails because
+the child reaper for the namespace is dead; that case will still return
+-ENOMEM.
+
+Link: http://lkml.kernel.org/r/20180903111016.46461-1-ktsanaktsidis@zendesk.com
+Fixes: 95846ecf9dac ("pid: replace pid bitmap implementation with IDR AIP")
+Signed-off-by: KJ Tsanaktsidis <ktsanaktsidis@zendesk.com>
+Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Cc: Gargi Sharma <gs051095@gmail.com>
+Cc: Rik van Riel <riel@redhat.com>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/pid.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/pid.c
++++ b/kernel/pid.c
+@@ -195,7 +195,7 @@ struct pid *alloc_pid(struct pid_namespa
+ idr_preload_end();
+
+ if (nr < 0) {
+- retval = nr;
++ retval = (nr == -ENOSPC) ? -EAGAIN : nr;
+ goto out_free;
+ }
+
--- /dev/null
+From 889c695d419f19e5db52592dafbaf26143c36d1f Mon Sep 17 00:00:00 2001
+From: Pasha Tatashin <Pavel.Tatashin@microsoft.com>
+Date: Thu, 20 Sep 2018 12:22:30 -0700
+Subject: mm: disable deferred struct page for 32-bit arches
+
+From: Pasha Tatashin <Pavel.Tatashin@microsoft.com>
+
+commit 889c695d419f19e5db52592dafbaf26143c36d1f upstream.
+
+Deferred struct page init is needed only on systems with large amount of
+physical memory to improve boot performance. 32-bit systems do not
+benefit from this feature.
+
+Jiri reported a problem where deferred struct pages do not work well with
+x86-32:
+
+[ 0.035162] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
+[ 0.035725] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
+[ 0.036269] Initializing CPU#0
+[ 0.036513] Initializing HighMem for node 0 (00036ffe:0007ffe0)
+[ 0.038459] page:f6780000 is uninitialized and poisoned
+[ 0.038460] raw: ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff
+[ 0.039509] page dumped because: VM_BUG_ON_PAGE(1 && PageCompound(page))
+[ 0.040038] ------------[ cut here ]------------
+[ 0.040399] kernel BUG at include/linux/page-flags.h:293!
+[ 0.040823] invalid opcode: 0000 [#1] SMP PTI
+[ 0.041166] CPU: 0 PID: 0 Comm: swapper Not tainted 4.19.0-rc1_pt_jiri #9
+[ 0.041694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
+[ 0.042496] EIP: free_highmem_page+0x64/0x80
+[ 0.042839] Code: 13 46 d8 c1 e8 18 5d 83 e0 03 8d 04 c0 c1 e0 06 ff 80 ec 5f 44 d8 c3 8d b4 26 00 00 00 00 ba 08 65 28 d8 89 d8 e8 fc 71 02 00 <0f> 0b 8d 76 00 8d bc 27 00 00 00 00 ba d0 b1 26 d8 89 d8 e8 e4 71
+[ 0.044338] EAX: 0000003c EBX: f6780000 ECX: 00000000 EDX: d856cbe8
+[ 0.044868] ESI: 0007ffe0 EDI: d838df20 EBP: d838df00 ESP: d838defc
+[ 0.045372] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210086
+[ 0.045913] CR0: 80050033 CR2: 00000000 CR3: 18556000 CR4: 00040690
+[ 0.046413] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
+[ 0.046913] DR6: fffe0ff0 DR7: 00000400
+[ 0.047220] Call Trace:
+[ 0.047419] add_highpages_with_active_regions+0xbd/0x10d
+[ 0.047854] set_highmem_pages_init+0x5b/0x71
+[ 0.048202] mem_init+0x2b/0x1e8
+[ 0.048460] start_kernel+0x1d2/0x425
+[ 0.048757] i386_start_kernel+0x93/0x97
+[ 0.049073] startup_32_smp+0x164/0x168
+[ 0.049379] Modules linked in:
+[ 0.049626] ---[ end trace 337949378db0abbb ]---
+
+We free highmem pages before their struct pages are initialized:
+
+mem_init()
+ set_highmem_pages_init()
+ add_highpages_with_active_regions()
+ free_highmem_page()
+ .. Access uninitialized struct page here..
+
+Because there is no reason to have this feature on 32-bit systems, just
+disable it.
+
+Link: http://lkml.kernel.org/r/20180831150506.31246-1-pavel.tatashin@microsoft.com
+Fixes: 2e3ca40f03bb ("mm: relax deferred struct page requirements")
+Signed-off-by: Pavel Tatashin <pavel.tatashin@microsoft.com>
+Reported-by: Jiri Slaby <jslaby@suse.cz>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/mm/Kconfig
++++ b/mm/Kconfig
+@@ -637,6 +637,7 @@ config DEFERRED_STRUCT_PAGE_INIT
+ depends on NO_BOOTMEM
+ depends on SPARSEMEM
+ depends on !NEED_PER_CPU_KM
++ depends on 64BIT
+ help
+ Ordinarily all struct pages are initialised during early boot in a
+ single thread. On very large machines this can take a considerable
--- /dev/null
+From b45d71fb89ab8adfe727b9d0ee188ed58582a647 Mon Sep 17 00:00:00 2001
+From: "Joel Fernandes (Google)" <joel@joelfernandes.org>
+Date: Thu, 20 Sep 2018 12:22:39 -0700
+Subject: mm: shmem.c: Correctly annotate new inodes for lockdep
+
+From: Joel Fernandes (Google) <joel@joelfernandes.org>
+
+commit b45d71fb89ab8adfe727b9d0ee188ed58582a647 upstream.
+
+Directories and inodes don't necessarily need to be in the same lockdep
+class. For ex, hugetlbfs splits them out too to prevent false positives
+in lockdep. Annotate correctly after new inode creation. If its a
+directory inode, it will be put into a different class.
+
+This should fix a lockdep splat reported by syzbot:
+
+> ======================================================
+> WARNING: possible circular locking dependency detected
+> 4.18.0-rc8-next-20180810+ #36 Not tainted
+> ------------------------------------------------------
+> syz-executor900/4483 is trying to acquire lock:
+> 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at: inode_lock
+> include/linux/fs.h:765 [inline]
+> 00000000d2bfc8fe (&sb->s_type->i_mutex_key#9){++++}, at:
+> shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602
+>
+> but task is already holding lock:
+> 0000000025208078 (ashmem_mutex){+.+.}, at: ashmem_shrink_scan+0xb4/0x630
+> drivers/staging/android/ashmem.c:448
+>
+> which lock already depends on the new lock.
+>
+> -> #2 (ashmem_mutex){+.+.}:
+> __mutex_lock_common kernel/locking/mutex.c:925 [inline]
+> __mutex_lock+0x171/0x1700 kernel/locking/mutex.c:1073
+> mutex_lock_nested+0x16/0x20 kernel/locking/mutex.c:1088
+> ashmem_mmap+0x55/0x520 drivers/staging/android/ashmem.c:361
+> call_mmap include/linux/fs.h:1844 [inline]
+> mmap_region+0xf27/0x1c50 mm/mmap.c:1762
+> do_mmap+0xa10/0x1220 mm/mmap.c:1535
+> do_mmap_pgoff include/linux/mm.h:2298 [inline]
+> vm_mmap_pgoff+0x213/0x2c0 mm/util.c:357
+> ksys_mmap_pgoff+0x4da/0x660 mm/mmap.c:1585
+> __do_sys_mmap arch/x86/kernel/sys_x86_64.c:100 [inline]
+> __se_sys_mmap arch/x86/kernel/sys_x86_64.c:91 [inline]
+> __x64_sys_mmap+0xe9/0x1b0 arch/x86/kernel/sys_x86_64.c:91
+> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
+> entry_SYSCALL_64_after_hwframe+0x49/0xbe
+>
+> -> #1 (&mm->mmap_sem){++++}:
+> __might_fault+0x155/0x1e0 mm/memory.c:4568
+> _copy_to_user+0x30/0x110 lib/usercopy.c:25
+> copy_to_user include/linux/uaccess.h:155 [inline]
+> filldir+0x1ea/0x3a0 fs/readdir.c:196
+> dir_emit_dot include/linux/fs.h:3464 [inline]
+> dir_emit_dots include/linux/fs.h:3475 [inline]
+> dcache_readdir+0x13a/0x620 fs/libfs.c:193
+> iterate_dir+0x48b/0x5d0 fs/readdir.c:51
+> __do_sys_getdents fs/readdir.c:231 [inline]
+> __se_sys_getdents fs/readdir.c:212 [inline]
+> __x64_sys_getdents+0x29f/0x510 fs/readdir.c:212
+> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
+> entry_SYSCALL_64_after_hwframe+0x49/0xbe
+>
+> -> #0 (&sb->s_type->i_mutex_key#9){++++}:
+> lock_acquire+0x1e4/0x540 kernel/locking/lockdep.c:3924
+> down_write+0x8f/0x130 kernel/locking/rwsem.c:70
+> inode_lock include/linux/fs.h:765 [inline]
+> shmem_fallocate+0x18b/0x12e0 mm/shmem.c:2602
+> ashmem_shrink_scan+0x236/0x630 drivers/staging/android/ashmem.c:455
+> ashmem_ioctl+0x3ae/0x13a0 drivers/staging/android/ashmem.c:797
+> vfs_ioctl fs/ioctl.c:46 [inline]
+> file_ioctl fs/ioctl.c:501 [inline]
+> do_vfs_ioctl+0x1de/0x1720 fs/ioctl.c:685
+> ksys_ioctl+0xa9/0xd0 fs/ioctl.c:702
+> __do_sys_ioctl fs/ioctl.c:709 [inline]
+> __se_sys_ioctl fs/ioctl.c:707 [inline]
+> __x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:707
+> do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
+> entry_SYSCALL_64_after_hwframe+0x49/0xbe
+>
+> other info that might help us debug this:
+>
+> Chain exists of:
+> &sb->s_type->i_mutex_key#9 --> &mm->mmap_sem --> ashmem_mutex
+>
+> Possible unsafe locking scenario:
+>
+> CPU0 CPU1
+> ---- ----
+> lock(ashmem_mutex);
+> lock(&mm->mmap_sem);
+> lock(ashmem_mutex);
+> lock(&sb->s_type->i_mutex_key#9);
+>
+> *** DEADLOCK ***
+>
+> 1 lock held by syz-executor900/4483:
+> #0: 0000000025208078 (ashmem_mutex){+.+.}, at:
+> ashmem_shrink_scan+0xb4/0x630 drivers/staging/android/ashmem.c:448
+
+Link: http://lkml.kernel.org/r/20180821231835.166639-1-joel@joelfernandes.org
+Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Reviewed-by: NeilBrown <neilb@suse.com>
+Suggested-by: NeilBrown <neilb@suse.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Hugh Dickins <hughd@google.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/shmem.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -2226,6 +2226,8 @@ static struct inode *shmem_get_inode(str
+ mpol_shared_policy_init(&info->policy, NULL);
+ break;
+ }
++
++ lockdep_annotate_inode_mutex_key(inode);
+ } else
+ shmem_free_inode(sb);
+ return inode;
--- /dev/null
+From 4a3e85f2674cbfb81052059107d0165269778e2f Mon Sep 17 00:00:00 2001
+From: Boris Brezillon <boris.brezillon@bootlin.com>
+Date: Mon, 17 Sep 2018 16:31:30 +0200
+Subject: mtd: devices: m25p80: Make sure the buffer passed in op is DMA-able
+
+From: Boris Brezillon <boris.brezillon@bootlin.com>
+
+commit 4a3e85f2674cbfb81052059107d0165269778e2f upstream.
+
+As documented in spi-mem.h, spi_mem_op->data.buf.{in,out} must be
+DMA-able, and commit 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx()
+API") failed to follow this rule as buffers passed to
+->{read,write}_reg() are usually placed on the stack.
+
+Fix that by allocating a scratch buffer and copying the data around.
+
+Fixes: 4120f8d158ef ("mtd: spi-nor: Use the spi_mem_xx() API")
+Reported-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Tested-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
+Reviewed-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mtd/devices/m25p80.c | 26 +++++++++++++++++++++++---
+ 1 file changed, 23 insertions(+), 3 deletions(-)
+
+--- a/drivers/mtd/devices/m25p80.c
++++ b/drivers/mtd/devices/m25p80.c
+@@ -41,13 +41,23 @@ static int m25p80_read_reg(struct spi_no
+ struct spi_mem_op op = SPI_MEM_OP(SPI_MEM_OP_CMD(code, 1),
+ SPI_MEM_OP_NO_ADDR,
+ SPI_MEM_OP_NO_DUMMY,
+- SPI_MEM_OP_DATA_IN(len, val, 1));
++ SPI_MEM_OP_DATA_IN(len, NULL, 1));
++ void *scratchbuf;
+ int ret;
+
++ scratchbuf = kmalloc(len, GFP_KERNEL);
++ if (!scratchbuf)
++ return -ENOMEM;
++
++ op.data.buf.in = scratchbuf;
+ ret = spi_mem_exec_op(flash->spimem, &op);
+ if (ret < 0)
+ dev_err(&flash->spimem->spi->dev, "error %d reading %x\n", ret,
+ code);
++ else
++ memcpy(val, scratchbuf, len);
++
++ kfree(scratchbuf);
+
+ return ret;
+ }
+@@ -58,9 +68,19 @@ static int m25p80_write_reg(struct spi_n
+ struct spi_mem_op op = SPI_MEM_OP(SPI_MEM_OP_CMD(opcode, 1),
+ SPI_MEM_OP_NO_ADDR,
+ SPI_MEM_OP_NO_DUMMY,
+- SPI_MEM_OP_DATA_OUT(len, buf, 1));
++ SPI_MEM_OP_DATA_OUT(len, NULL, 1));
++ void *scratchbuf;
++ int ret;
++
++ scratchbuf = kmemdup(buf, len, GFP_KERNEL);
++ if (!scratchbuf)
++ return -ENOMEM;
+
+- return spi_mem_exec_op(flash->spimem, &op);
++ op.data.buf.out = scratchbuf;
++ ret = spi_mem_exec_op(flash->spimem, &op);
++ kfree(scratchbuf);
++
++ return ret;
+ }
+
+ static ssize_t m25p80_write(struct spi_nor *nor, loff_t to, size_t len,
--- /dev/null
+From cf51e4b9c34407bf0c3d9b582b7837e047e1df47 Mon Sep 17 00:00:00 2001
+From: Masahiro Yamada <yamada.masahiro@socionext.com>
+Date: Thu, 13 Sep 2018 14:58:49 +0900
+Subject: mtd: rawnand: denali: fix a race condition when DMA is kicked
+
+From: Masahiro Yamada <yamada.masahiro@socionext.com>
+
+commit cf51e4b9c34407bf0c3d9b582b7837e047e1df47 upstream.
+
+I thought the read-back of the DMA_ENABLE register was unnecessary
+(at least it is working on my boards), then deleted it in commit
+586a2c52909d ("mtd: nand: denali: squash denali_enable_dma() helper
+into caller"). Sorry, I was wrong - it caused a timing issue on
+Cyclone5 SoCFPGAs.
+
+Revive the register read-back, commenting why this is necessary.
+
+Fixes: 586a2c52909d ("mtd: nand: denali: squash denali_enable_dma() helper into caller")
+Cc: <stable@vger.kernel.org>
+Reported-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mtd/nand/raw/denali.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/mtd/nand/raw/denali.c
++++ b/drivers/mtd/nand/raw/denali.c
+@@ -604,6 +604,12 @@ static int denali_dma_xfer(struct denali
+ }
+
+ iowrite32(DMA_ENABLE__FLAG, denali->reg + DMA_ENABLE);
++ /*
++ * The ->setup_dma() hook kicks DMA by using the data/command
++ * interface, which belongs to a different AXI port from the
++ * register interface. Read back the register to avoid a race.
++ */
++ ioread32(denali->reg + DMA_ENABLE);
+
+ denali_reset_irq(denali);
+ denali->setup_dma(denali, dma_addr, page, write);
--- /dev/null
+From 674d9de02aa7d521ebdf66c3958758bdd9c64e11 Mon Sep 17 00:00:00 2001
+From: Suren Baghdasaryan <surenb@google.com>
+Date: Mon, 17 Sep 2018 15:51:40 +0200
+Subject: NFC: Fix possible memory corruption when handling SHDLC I-Frame commands
+
+From: Suren Baghdasaryan <surenb@google.com>
+
+commit 674d9de02aa7d521ebdf66c3958758bdd9c64e11 upstream.
+
+When handling SHDLC I-Frame commands "pipe" field used for indexing
+into an array should be checked before usage. If left unchecked it
+might access memory outside of the array of size NFC_HCI_MAX_PIPES(127).
+
+Malformed NFC HCI frames could be injected by a malicious NFC device
+communicating with the device being attacked (remote attack vector),
+or even by an attacker with physical access to the I2C bus such that
+they could influence the data transfers on that bus (local attack vector).
+skb->data is controlled by the attacker and has only been sanitized in
+the most trivial ways (CRC check), therefore we can consider the
+create_info struct and all of its members to tainted. 'create_info->pipe'
+with max value of 255 (uint8) is used to take an offset of the
+hdev->pipes array of 127 elements which can lead to OOB write.
+
+Cc: Samuel Ortiz <sameo@linux.intel.com>
+Cc: Allen Pais <allen.pais@oracle.com>
+Cc: "David S. Miller" <davem@davemloft.net>
+Suggested-by: Kevin Deus <kdeus@google.com>
+Signed-off-by: Suren Baghdasaryan <surenb@google.com>
+Acked-by: Kees Cook <keescook@chromium.org>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/nfc/hci/core.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/net/nfc/hci/core.c
++++ b/net/nfc/hci/core.c
+@@ -209,6 +209,11 @@ void nfc_hci_cmd_received(struct nfc_hci
+ }
+ create_info = (struct hci_create_pipe_resp *)skb->data;
+
++ if (create_info->pipe >= NFC_HCI_MAX_PIPES) {
++ status = NFC_HCI_ANY_E_NOK;
++ goto exit;
++ }
++
+ /* Save the new created pipe and bind with local gate,
+ * the description for skb->data[3] is destination gate id
+ * but since we received this cmd from host controller, we
+@@ -232,6 +237,11 @@ void nfc_hci_cmd_received(struct nfc_hci
+ }
+ delete_info = (struct hci_delete_pipe_noti *)skb->data;
+
++ if (delete_info->pipe >= NFC_HCI_MAX_PIPES) {
++ status = NFC_HCI_ANY_E_NOK;
++ goto exit;
++ }
++
+ hdev->pipes[delete_info->pipe].gate = NFC_HCI_INVALID_GATE;
+ hdev->pipes[delete_info->pipe].dest_host = NFC_HCI_INVALID_HOST;
+ break;
--- /dev/null
+From e285d5bfb7e9785d289663baef252dd315e171f8 Mon Sep 17 00:00:00 2001
+From: Suren Baghdasaryan <surenb@google.com>
+Date: Mon, 17 Sep 2018 15:51:41 +0200
+Subject: NFC: Fix the number of pipes
+
+From: Suren Baghdasaryan <surenb@google.com>
+
+commit e285d5bfb7e9785d289663baef252dd315e171f8 upstream.
+
+According to ETSI TS 102 622 specification chapter 4.4 pipe identifier
+is 7 bits long which allows for 128 unique pipe IDs. Because
+NFC_HCI_MAX_PIPES is used as the number of pipes supported and not
+as the max pipe ID, its value should be 128 instead of 127.
+
+nfc_hci_recv_from_llc extracts pipe ID from packet header using
+NFC_HCI_FRAGMENT(0x7F) mask which allows for pipe ID value of 127.
+Same happens when NCI_HCP_MSG_GET_PIPE() is being used. With
+pipes array having only 127 elements and pipe ID of 127 the OOB memory
+access will result.
+
+Cc: Samuel Ortiz <sameo@linux.intel.com>
+Cc: Allen Pais <allen.pais@oracle.com>
+Cc: "David S. Miller" <davem@davemloft.net>
+Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Suren Baghdasaryan <surenb@google.com>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/net/nfc/hci.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/net/nfc/hci.h
++++ b/include/net/nfc/hci.h
+@@ -87,7 +87,7 @@ struct nfc_hci_pipe {
+ * According to specification 102 622 chapter 4.4 Pipes,
+ * the pipe identifier is 7 bits long.
+ */
+-#define NFC_HCI_MAX_PIPES 127
++#define NFC_HCI_MAX_PIPES 128
+ struct nfc_hci_init_data {
+ u8 gate_count;
+ struct nfc_hci_gate gates[NFC_HCI_MAX_CUSTOM_GATES];
--- /dev/null
+From ff0e9f26288d2daee4950f42b37a3d3d30d36ec1 Mon Sep 17 00:00:00 2001
+From: Mario Limonciello <mario.limonciello@dell.com>
+Date: Mon, 10 Sep 2018 13:01:53 -0500
+Subject: platform/x86: alienware-wmi: Correct a memory leak
+
+From: Mario Limonciello <mario.limonciello@dell.com>
+
+commit ff0e9f26288d2daee4950f42b37a3d3d30d36ec1 upstream.
+
+An ACPI buffer that was allocated was not being freed after use.
+
+Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/alienware-wmi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/platform/x86/alienware-wmi.c
++++ b/drivers/platform/x86/alienware-wmi.c
+@@ -536,6 +536,7 @@ static acpi_status alienware_wmax_comman
+ if (obj && obj->type == ACPI_TYPE_INTEGER)
+ *out_data = (u32) obj->integer.value;
+ }
++ kfree(output.pointer);
+ return status;
+
+ }
--- /dev/null
+From affab51082174f60ef71ced8ab5fbe71f00e9ae3 Mon Sep 17 00:00:00 2001
+From: Mario Limonciello <mario.limonciello@dell.com>
+Date: Mon, 10 Sep 2018 13:01:52 -0500
+Subject: platform/x86: dell-smbios-wmi: Correct a memory leak
+
+From: Mario Limonciello <mario.limonciello@dell.com>
+
+commit affab51082174f60ef71ced8ab5fbe71f00e9ae3 upstream.
+
+ACPI buffers were being allocated but never freed.
+
+Reported-by: Pinzhen Xu <pinzhen.xu@intel.com>
+Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/dell-smbios-wmi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/platform/x86/dell-smbios-wmi.c
++++ b/drivers/platform/x86/dell-smbios-wmi.c
+@@ -78,6 +78,7 @@ static int run_smbios_call(struct wmi_de
+ dev_dbg(&wdev->dev, "result: [%08x,%08x,%08x,%08x]\n",
+ priv->buf->std.output[0], priv->buf->std.output[1],
+ priv->buf->std.output[2], priv->buf->std.output[3]);
++ kfree(output.pointer);
+
+ return 0;
+ }
--- /dev/null
+From 50ca031b51106b1b46162d4e9ecccb7edc95682f Mon Sep 17 00:00:00 2001
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+Date: Wed, 5 Sep 2018 14:09:54 +0300
+Subject: Revert "PCI: Add ACS quirk for Intel 300 series"
+
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+
+commit 50ca031b51106b1b46162d4e9ecccb7edc95682f upstream.
+
+This reverts f154a718e6cc ("PCI: Add ACS quirk for Intel 300 series").
+
+It turns out that erratum "PCH PCIe* Controller Root Port (ACSCTLR) Appear
+As Read Only" has been fixed in 300 series chipsets, even though the
+datasheet [1] claims otherwise. To make ACS work properly on 300 series
+root ports, revert the faulty commit.
+
+[1] https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/300-series-c240-series-chipset-pch-spec-update.pdf
+
+Fixes: f154a718e6cc ("PCI: Add ACS quirk for Intel 300 series")
+Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Cc: stable@vger.kernel.org # v4.18+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/quirks.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -4235,11 +4235,6 @@ static int pci_quirk_qcom_rp_acs(struct
+ *
+ * 0x9d10-0x9d1b PCI Express Root port #{1-12}
+ *
+- * The 300 series chipset suffers from the same bug so include those root
+- * ports here as well.
+- *
+- * 0xa32c-0xa343 PCI Express Root port #{0-24}
+- *
+ * [1] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-datasheet-vol-2.html
+ * [2] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-datasheet-vol-1.html
+ * [3] http://www.intel.com/content/www/us/en/chipsets/100-series-chipset-spec-update.html
+@@ -4257,7 +4252,6 @@ static bool pci_quirk_intel_spt_pch_acs_
+ case 0xa110 ... 0xa11f: case 0xa167 ... 0xa16a: /* Sunrise Point */
+ case 0xa290 ... 0xa29f: case 0xa2e7 ... 0xa2ee: /* Union Point */
+ case 0x9d10 ... 0x9d1b: /* 7th & 8th Gen Mobile */
+- case 0xa32c ... 0xa343: /* 300 series */
+ return true;
+ }
+
--- /dev/null
+From 83f365554e47997ec68dc4eca3f5dce525cd15c3 Mon Sep 17 00:00:00 2001
+From: Vaibhav Nagarnaik <vnagarnaik@google.com>
+Date: Fri, 7 Sep 2018 15:31:29 -0700
+Subject: ring-buffer: Allow for rescheduling when removing pages
+
+From: Vaibhav Nagarnaik <vnagarnaik@google.com>
+
+commit 83f365554e47997ec68dc4eca3f5dce525cd15c3 upstream.
+
+When reducing ring buffer size, pages are removed by scheduling a work
+item on each CPU for the corresponding CPU ring buffer. After the pages
+are removed from ring buffer linked list, the pages are free()d in a
+tight loop. The loop does not give up CPU until all pages are removed.
+In a worst case behavior, when lot of pages are to be freed, it can
+cause system stall.
+
+After the pages are removed from the list, the free() can happen while
+the work is rescheduled. Call cond_resched() in the loop to prevent the
+system hangup.
+
+Link: http://lkml.kernel.org/r/20180907223129.71994-1-vnagarnaik@google.com
+
+Cc: stable@vger.kernel.org
+Fixes: 83f40318dab00 ("ring-buffer: Make removal of ring buffer pages atomic")
+Reported-by: Jason Behmer <jbehmer@google.com>
+Signed-off-by: Vaibhav Nagarnaik <vnagarnaik@google.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/ring_buffer.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/trace/ring_buffer.c
++++ b/kernel/trace/ring_buffer.c
+@@ -1545,6 +1545,8 @@ rb_remove_pages(struct ring_buffer_per_c
+ tmp_iter_page = first_page;
+
+ do {
++ cond_resched();
++
+ to_remove_page = tmp_iter_page;
+ rb_inc_page(cpu_buffer, &tmp_iter_page);
+
net-ipv6-do-not-copy-dst-flags-on-rt-init.patch
net-mvpp2-let-phylink-manage-the-carrier-state.patch
net-rtnl_configure_link-fix-dev-flags-changes-arg-to-__dev_notify_flags.patch
+nfc-fix-possible-memory-corruption-when-handling-shdlc-i-frame-commands.patch
+nfc-fix-the-number-of-pipes.patch
+asoc-wm9712-fix-replace-codec-to-component.patch
+asoc-cs4265-fix-mmtlr-data-switch-control.patch
+asoc-tas6424-save-last-fault-register-even-when-clear.patch
+asoc-rsnd-fixup-not-to-call-clk_get-set-under-non-atomic.patch
+asoc-uapi-fix-sound-skl-tplg-interface.h-userspace-compilation-errors.patch
+alsa-bebob-fix-memory-leak-for-m-audio-fw1814-and-projectmix-i-o-at-error-path.patch
+alsa-bebob-use-address-returned-by-kmalloc-instead-of-kernel-stack-for-streaming-dma-mapping.patch
+alsa-emu10k1-fix-possible-info-leak-to-userspace-on-sndrv_emu10k1_ioctl_info.patch
+alsa-fireface-fix-memory-leak-in-ff400_switch_fetching_mode.patch
+alsa-firewire-digi00x-fix-memory-leak-of-private-data.patch
+alsa-firewire-tascam-fix-memory-leak-of-private-data.patch
+alsa-fireworks-fix-memory-leak-of-response-buffer-at-error-path.patch
+alsa-oxfw-fix-memory-leak-for-model-dependent-data-at-error-path.patch
+alsa-oxfw-fix-memory-leak-of-discovered-stream-formats-at-error-path.patch
+alsa-oxfw-fix-memory-leak-of-private-data.patch
+mtd-devices-m25p80-make-sure-the-buffer-passed-in-op-is-dma-able.patch
+mtd-rawnand-denali-fix-a-race-condition-when-dma-is-kicked.patch
+platform-x86-dell-smbios-wmi-correct-a-memory-leak.patch
+platform-x86-alienware-wmi-correct-a-memory-leak.patch
+xen-netfront-don-t-bug-in-case-of-too-many-frags.patch
+xen-x86-vpmu-zero-struct-pt_regs-before-calling-into-sample-handling-code.patch
+spi-fix-idr-collision-on-systems-with-both-fixed-and-dynamic-spi-bus-numbers.patch
+revert-pci-add-acs-quirk-for-intel-300-series.patch
+ring-buffer-allow-for-rescheduling-when-removing-pages.patch
+crypto-x86-aegis-morus-do-not-require-osxsave-for-sse2.patch
+fork-report-pid-exhaustion-correctly.patch
+mm-disable-deferred-struct-page-for-32-bit-arches.patch
+mm-shmem.c-correctly-annotate-new-inodes-for-lockdep.patch
--- /dev/null
+From 1a4327fbf4554d5b78d75b19a13d40d6de220159 Mon Sep 17 00:00:00 2001
+From: Kirill Kapranov <kirill.kapranov@compulab.co.il>
+Date: Mon, 13 Aug 2018 19:48:10 +0300
+Subject: spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers
+
+From: Kirill Kapranov <kirill.kapranov@compulab.co.il>
+
+commit 1a4327fbf4554d5b78d75b19a13d40d6de220159 upstream.
+
+On systems where some controllers get a dynamic ID assigned and some have
+a fixed number (e.g. from ACPI tables), the current implementation might
+run into an IDR collision: in case of a fixed bus number is gotten by a
+driver (but not marked busy in IDR tree) and a driver with dynamic bus
+number gets the same ID and predictably fails.
+
+Fix this by means of checking-in fixed IDsin IDR as far as dynamic ones
+at the moment of the controller registration.
+
+Fixes: 9b61e302210e (spi: Pick spi bus number from Linux idr or spi alias)
+Signed-off-by: Kirill Kapranov <kirill.kapranov@compulab.co.il>
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/spi/spi.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/spi/spi.c
++++ b/drivers/spi/spi.c
+@@ -2170,6 +2170,15 @@ int spi_register_controller(struct spi_c
+ if (WARN(id < 0, "couldn't get idr"))
+ return id;
+ ctlr->bus_num = id;
++ } else {
++ /* devices with a fixed bus num must check-in with the num */
++ mutex_lock(&board_lock);
++ id = idr_alloc(&spi_master_idr, ctlr, ctlr->bus_num,
++ ctlr->bus_num + 1, GFP_KERNEL);
++ mutex_unlock(&board_lock);
++ if (WARN(id < 0, "couldn't get idr"))
++ return id == -ENOSPC ? -EBUSY : id;
++ ctlr->bus_num = id;
+ }
+ INIT_LIST_HEAD(&ctlr->queue);
+ spin_lock_init(&ctlr->queue_lock);
--- /dev/null
+From ad4f15dc2c70b1de5e0a64d27335962fbc9cf71c Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross@suse.com>
+Date: Tue, 11 Sep 2018 09:04:48 +0200
+Subject: xen/netfront: don't bug in case of too many frags
+
+From: Juergen Gross <jgross@suse.com>
+
+commit ad4f15dc2c70b1de5e0a64d27335962fbc9cf71c upstream.
+
+Commit 57f230ab04d291 ("xen/netfront: raise max number of slots in
+xennet_get_responses()") raised the max number of allowed slots by one.
+This seems to be problematic in some configurations with netback using
+a larger MAX_SKB_FRAGS value (e.g. old Linux kernel with MAX_SKB_FRAGS
+defined as 18 instead of nowadays 17).
+
+Instead of BUG_ON() in this case just fall back to retransmission.
+
+Fixes: 57f230ab04d291 ("xen/netfront: raise max number of slots in xennet_get_responses()")
+Cc: stable@vger.kernel.org
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/xen-netfront.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/xen-netfront.c
++++ b/drivers/net/xen-netfront.c
+@@ -907,7 +907,11 @@ static RING_IDX xennet_fill_frags(struct
+ BUG_ON(pull_to <= skb_headlen(skb));
+ __pskb_pull_tail(skb, pull_to - skb_headlen(skb));
+ }
+- BUG_ON(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS);
++ if (unlikely(skb_shinfo(skb)->nr_frags >= MAX_SKB_FRAGS)) {
++ queue->rx.rsp_cons = ++cons;
++ kfree_skb(nskb);
++ return ~0U;
++ }
+
+ skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags,
+ skb_frag_page(nfrag),
+@@ -1044,6 +1048,8 @@ err:
+ skb->len += rx->status;
+
+ i = xennet_fill_frags(queue, skb, &tmpq);
++ if (unlikely(i == ~0U))
++ goto err;
+
+ if (rx->flags & XEN_NETRXF_csum_blank)
+ skb->ip_summed = CHECKSUM_PARTIAL;
--- /dev/null
+From 70513d58751d7c6c1a0133557b13089b9f2e3e66 Mon Sep 17 00:00:00 2001
+From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Date: Thu, 12 Jul 2018 13:27:00 -0400
+Subject: xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code
+
+From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+
+commit 70513d58751d7c6c1a0133557b13089b9f2e3e66 upstream.
+
+Otherwise we may leak kernel stack for events that sample user
+registers.
+
+Reported-by: Mark Rutland <mark.rutland@arm.com>
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/pmu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/xen/pmu.c
++++ b/arch/x86/xen/pmu.c
+@@ -478,7 +478,7 @@ static void xen_convert_regs(const struc
+ irqreturn_t xen_pmu_irq_handler(int irq, void *dev_id)
+ {
+ int err, ret = IRQ_NONE;
+- struct pt_regs regs;
++ struct pt_regs regs = {0};
+ const struct xen_pmu_data *xenpmu_data = get_xenpmu_data();
+ uint8_t xenpmu_flags = get_xenpmu_flags();
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
