--- /dev/null
+From 0803278b0b4d8eeb2b461fb698785df65a725d9e Mon Sep 17 00:00:00 2001
+From: Xu Yu <xuyu@linux.alibaba.com>
+Date: Thu, 21 Mar 2019 18:00:35 +0800
+Subject: bpf: do not restore dst_reg when cur_state is freed
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Xu Yu <xuyu@linux.alibaba.com>
+
+commit 0803278b0b4d8eeb2b461fb698785df65a725d9e upstream.
+
+Syzkaller hit 'KASAN: use-after-free Write in sanitize_ptr_alu' bug.
+
+Call trace:
+
+ dump_stack+0xbf/0x12e
+ print_address_description+0x6a/0x280
+ kasan_report+0x237/0x360
+ sanitize_ptr_alu+0x85a/0x8d0
+ adjust_ptr_min_max_vals+0x8f2/0x1ca0
+ adjust_reg_min_max_vals+0x8ed/0x22e0
+ do_check+0x1ca6/0x5d00
+ bpf_check+0x9ca/0x2570
+ bpf_prog_load+0xc91/0x1030
+ __se_sys_bpf+0x61e/0x1f00
+ do_syscall_64+0xc8/0x550
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+Fault injection trace:
+
+ kfree+0xea/0x290
+ free_func_state+0x4a/0x60
+ free_verifier_state+0x61/0xe0
+ push_stack+0x216/0x2f0 <- inject failslab
+ sanitize_ptr_alu+0x2b1/0x8d0
+ adjust_ptr_min_max_vals+0x8f2/0x1ca0
+ adjust_reg_min_max_vals+0x8ed/0x22e0
+ do_check+0x1ca6/0x5d00
+ bpf_check+0x9ca/0x2570
+ bpf_prog_load+0xc91/0x1030
+ __se_sys_bpf+0x61e/0x1f00
+ do_syscall_64+0xc8/0x550
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+When kzalloc() fails in push_stack(), free_verifier_state() will free
+current verifier state. As push_stack() returns, dst_reg was restored
+if ptr_is_dst_reg is false. However, as member of the cur_state,
+dst_reg is also freed, and error occurs when dereferencing dst_reg.
+Simply fix it by testing ret of push_stack() before restoring dst_reg.
+
+Fixes: 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer arithmetic")
+Signed-off-by: Xu Yu <xuyu@linux.alibaba.com>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/bpf/verifier.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -2815,7 +2815,7 @@ do_sim:
+ *dst_reg = *ptr_reg;
+ }
+ ret = push_stack(env, env->insn_idx + 1, env->insn_idx, true);
+- if (!ptr_is_dst_reg)
++ if (!ptr_is_dst_reg && ret)
+ *dst_reg = tmp;
+ return !ret ? -EFAULT : 0;
+ }
--- /dev/null
+From cd7753d371388e712e3ee52b693459f9b71aaac2 Mon Sep 17 00:00:00 2001
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Date: Thu, 20 Sep 2018 14:23:40 +0300
+Subject: drivers: base: Helpers for adding device connection descriptions
+
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+
+commit cd7753d371388e712e3ee52b693459f9b71aaac2 upstream.
+
+Introducing helpers for adding and removing multiple device
+connection descriptions at once.
+
+Acked-by: Hans de Goede <hdegoede@redhat.com>
+Tested-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/device.h | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+--- a/include/linux/device.h
++++ b/include/linux/device.h
+@@ -774,6 +774,30 @@ void device_connection_add(struct device
+ void device_connection_remove(struct device_connection *con);
+
+ /**
++ * device_connections_add - Add multiple device connections at once
++ * @cons: Zero terminated array of device connection descriptors
++ */
++static inline void device_connections_add(struct device_connection *cons)
++{
++ struct device_connection *c;
++
++ for (c = cons; c->endpoint[0]; c++)
++ device_connection_add(c);
++}
++
++/**
++ * device_connections_remove - Remove multiple device connections at once
++ * @cons: Zero terminated array of device connection descriptors
++ */
++static inline void device_connections_remove(struct device_connection *cons)
++{
++ struct device_connection *c;
++
++ for (c = cons; c->endpoint[0]; c++)
++ device_connection_remove(c);
++}
++
++/**
+ * enum device_link_state - Device link states.
+ * @DL_STATE_NONE: The presence of the drivers is not being tracked.
+ * @DL_STATE_DORMANT: None of the supplier/consumer drivers is present.
--- /dev/null
+From 78d2b54b134ea6059e2b1554ad53fab2300a4cc6 Mon Sep 17 00:00:00 2001
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Date: Thu, 20 Sep 2018 14:23:42 +0300
+Subject: platform: x86: intel_cht_int33fe: Add connection for the DP alt mode
+
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+
+commit 78d2b54b134ea6059e2b1554ad53fab2300a4cc6 upstream.
+
+Adding a connection for the DisplayPort alternate mode.
+PI3USB30532 is used for muxing the port to DisplayPort on
+CHT platforms. The connection allows the alternate mode
+device to get handle to the mux, and therefore make it
+possible to use the USB Type-C connector as DisplayPort.
+
+Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Acked-by: Hans de Goede <hdegoede@redhat.com>
+Tested-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/intel_cht_int33fe.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/drivers/platform/x86/intel_cht_int33fe.c
++++ b/drivers/platform/x86/intel_cht_int33fe.c
+@@ -34,7 +34,7 @@ struct cht_int33fe_data {
+ struct i2c_client *fusb302;
+ struct i2c_client *pi3usb30532;
+ /* Contain a list-head must be per device */
+- struct device_connection connections[4];
++ struct device_connection connections[5];
+ };
+
+ /*
+@@ -181,8 +181,11 @@ static int cht_int33fe_probe(struct i2c_
+ data->connections[1].endpoint[1] = "i2c-pi3usb30532";
+ data->connections[1].id = "typec-mux";
+ data->connections[2].endpoint[0] = "i2c-fusb302";
+- data->connections[2].endpoint[1] = "intel_xhci_usb_sw-role-switch";
+- data->connections[2].id = "usb-role-switch";
++ data->connections[2].endpoint[1] = "i2c-pi3usb30532";
++ data->connections[2].id = "idff01m01";
++ data->connections[3].endpoint[0] = "i2c-fusb302";
++ data->connections[3].endpoint[1] = "intel_xhci_usb_sw-role-switch";
++ data->connections[3].id = "usb-role-switch";
+
+ device_connections_add(data->connections);
+
--- /dev/null
+From 495965a1002a0b301bf4fbfd1aed3233f3e7db1b Mon Sep 17 00:00:00 2001
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Date: Thu, 20 Sep 2018 14:23:43 +0300
+Subject: platform: x86: intel_cht_int33fe: Add connections for the USB Type-C port
+
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+
+commit 495965a1002a0b301bf4fbfd1aed3233f3e7db1b upstream.
+
+Assigning the mux to the USB Type-C port on top of fusb302.
+That will prepare this driver for the change in the USB
+Type-C class code, where the class driver will assume the
+muxes to be always assigned to the ports and not the
+controllers.
+
+Once the USB Type-C class driver has been updated, the
+connections between the mux and fusb302 can be dropped.
+
+Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Acked-by: Hans de Goede <hdegoede@redhat.com>
+Tested-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/intel_cht_int33fe.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/drivers/platform/x86/intel_cht_int33fe.c
++++ b/drivers/platform/x86/intel_cht_int33fe.c
+@@ -34,7 +34,7 @@ struct cht_int33fe_data {
+ struct i2c_client *fusb302;
+ struct i2c_client *pi3usb30532;
+ /* Contain a list-head must be per device */
+- struct device_connection connections[5];
++ struct device_connection connections[8];
+ };
+
+ /*
+@@ -187,6 +187,16 @@ static int cht_int33fe_probe(struct i2c_
+ data->connections[3].endpoint[1] = "intel_xhci_usb_sw-role-switch";
+ data->connections[3].id = "usb-role-switch";
+
++ data->connections[4].endpoint[0] = "port0";
++ data->connections[4].endpoint[1] = "i2c-pi3usb30532";
++ data->connections[4].id = "typec-switch";
++ data->connections[5].endpoint[0] = "port0";
++ data->connections[5].endpoint[1] = "i2c-pi3usb30532";
++ data->connections[5].id = "typec-mux";
++ data->connections[6].endpoint[0] = "port0";
++ data->connections[6].endpoint[1] = "i2c-pi3usb30532";
++ data->connections[6].id = "idff01m01";
++
+ device_connections_add(data->connections);
+
+ memset(&board_info, 0, sizeof(board_info));
--- /dev/null
+From 140a4ec4adddda615b4e8e8055ca37a30c7fe5e8 Mon Sep 17 00:00:00 2001
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Date: Thu, 20 Sep 2018 14:23:41 +0300
+Subject: platform: x86: intel_cht_int33fe: Register all connections at once
+
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+
+commit 140a4ec4adddda615b4e8e8055ca37a30c7fe5e8 upstream.
+
+We can register all device connection descriptors with a
+single call to device_connections_add().
+
+Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Acked-by: Hans de Goede <hdegoede@redhat.com>
+Tested-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/intel_cht_int33fe.c | 14 ++++----------
+ 1 file changed, 4 insertions(+), 10 deletions(-)
+
+--- a/drivers/platform/x86/intel_cht_int33fe.c
++++ b/drivers/platform/x86/intel_cht_int33fe.c
+@@ -34,7 +34,7 @@ struct cht_int33fe_data {
+ struct i2c_client *fusb302;
+ struct i2c_client *pi3usb30532;
+ /* Contain a list-head must be per device */
+- struct device_connection connections[3];
++ struct device_connection connections[4];
+ };
+
+ /*
+@@ -184,9 +184,7 @@ static int cht_int33fe_probe(struct i2c_
+ data->connections[2].endpoint[1] = "intel_xhci_usb_sw-role-switch";
+ data->connections[2].id = "usb-role-switch";
+
+- device_connection_add(&data->connections[0]);
+- device_connection_add(&data->connections[1]);
+- device_connection_add(&data->connections[2]);
++ device_connections_add(data->connections);
+
+ memset(&board_info, 0, sizeof(board_info));
+ strlcpy(board_info.type, "typec_fusb302", I2C_NAME_SIZE);
+@@ -217,9 +215,7 @@ out_unregister_max17047:
+ if (data->max17047)
+ i2c_unregister_device(data->max17047);
+
+- device_connection_remove(&data->connections[2]);
+- device_connection_remove(&data->connections[1]);
+- device_connection_remove(&data->connections[0]);
++ device_connections_remove(data->connections);
+
+ return -EPROBE_DEFER; /* Wait for the i2c-adapter to load */
+ }
+@@ -233,9 +229,7 @@ static int cht_int33fe_remove(struct i2c
+ if (data->max17047)
+ i2c_unregister_device(data->max17047);
+
+- device_connection_remove(&data->connections[2]);
+- device_connection_remove(&data->connections[1]);
+- device_connection_remove(&data->connections[0]);
++ device_connections_remove(data->connections);
+
+ return 0;
+ }
--- /dev/null
+From 148b0aa78e4e1077e38f928124bbc9c2d2d24006 Mon Sep 17 00:00:00 2001
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Date: Thu, 20 Sep 2018 14:23:45 +0300
+Subject: platform: x86: intel_cht_int33fe: Remove the old connections for the muxes
+
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+
+commit 148b0aa78e4e1077e38f928124bbc9c2d2d24006 upstream.
+
+USB Type-C class driver now expects the muxes to be always
+assigned to the ports and not controllers, so the
+connections for the mux and fusb302 can be removed.
+
+Acked-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Acked-by: Hans de Goede <hdegoede@redhat.com>
+Tested-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/platform/x86/intel_cht_int33fe.c | 18 ++++--------------
+ 1 file changed, 4 insertions(+), 14 deletions(-)
+
+--- a/drivers/platform/x86/intel_cht_int33fe.c
++++ b/drivers/platform/x86/intel_cht_int33fe.c
+@@ -34,7 +34,7 @@ struct cht_int33fe_data {
+ struct i2c_client *fusb302;
+ struct i2c_client *pi3usb30532;
+ /* Contain a list-head must be per device */
+- struct device_connection connections[8];
++ struct device_connection connections[5];
+ };
+
+ /*
+@@ -174,29 +174,19 @@ static int cht_int33fe_probe(struct i2c_
+ return -EPROBE_DEFER; /* Wait for i2c-adapter to load */
+ }
+
+- data->connections[0].endpoint[0] = "i2c-fusb302";
++ data->connections[0].endpoint[0] = "port0";
+ data->connections[0].endpoint[1] = "i2c-pi3usb30532";
+ data->connections[0].id = "typec-switch";
+- data->connections[1].endpoint[0] = "i2c-fusb302";
++ data->connections[1].endpoint[0] = "port0";
+ data->connections[1].endpoint[1] = "i2c-pi3usb30532";
+ data->connections[1].id = "typec-mux";
+- data->connections[2].endpoint[0] = "i2c-fusb302";
++ data->connections[2].endpoint[0] = "port0";
+ data->connections[2].endpoint[1] = "i2c-pi3usb30532";
+ data->connections[2].id = "idff01m01";
+ data->connections[3].endpoint[0] = "i2c-fusb302";
+ data->connections[3].endpoint[1] = "intel_xhci_usb_sw-role-switch";
+ data->connections[3].id = "usb-role-switch";
+
+- data->connections[4].endpoint[0] = "port0";
+- data->connections[4].endpoint[1] = "i2c-pi3usb30532";
+- data->connections[4].id = "typec-switch";
+- data->connections[5].endpoint[0] = "port0";
+- data->connections[5].endpoint[1] = "i2c-pi3usb30532";
+- data->connections[5].id = "typec-mux";
+- data->connections[6].endpoint[0] = "port0";
+- data->connections[6].endpoint[1] = "i2c-pi3usb30532";
+- data->connections[6].id = "idff01m01";
+-
+ device_connections_add(data->connections);
+
+ memset(&board_info, 0, sizeof(board_info));
kvm-reject-device-ioctls-from-processes-other-than-the-vm-s-creator.patch
kvm-x86-update-rip-after-emulating-io.patch
kvm-x86-emulate-msr_ia32_arch_capabilities-on-amd-hosts.patch
+staging-erofs-fix-error-handling-when-failed-to-read-compresssed-data.patch
+staging-erofs-keep-corrupted-fs-from-crashing-kernel-in-erofs_readdir.patch
+bpf-do-not-restore-dst_reg-when-cur_state-is-freed.patch
+drivers-base-helpers-for-adding-device-connection-descriptions.patch
+platform-x86-intel_cht_int33fe-register-all-connections-at-once.patch
+platform-x86-intel_cht_int33fe-add-connection-for-the-dp-alt-mode.patch
+platform-x86-intel_cht_int33fe-add-connections-for-the-usb-type-c-port.patch
+usb-typec-class-don-t-use-port-parent-for-getting-mux-handles.patch
+platform-x86-intel_cht_int33fe-remove-the-old-connections-for-the-muxes.patch
--- /dev/null
+From b6391ac73400eff38377a4a7364bd3df5efb5178 Mon Sep 17 00:00:00 2001
+From: Gao Xiang <gaoxiang25@huawei.com>
+Date: Mon, 25 Mar 2019 11:40:07 +0800
+Subject: staging: erofs: fix error handling when failed to read compresssed data
+
+From: Gao Xiang <gaoxiang25@huawei.com>
+
+commit b6391ac73400eff38377a4a7364bd3df5efb5178 upstream.
+
+Complete read error handling paths for all three kinds of
+compressed pages:
+
+ 1) For cache-managed pages, PG_uptodate will be checked since
+ read_endio will unlock and SetPageUptodate for these pages;
+
+ 2) For inplaced pages, read_endio cannot SetPageUptodate directly
+ since it should be used to mark the final decompressed data,
+ PG_error will be set with page locked for IO error instead;
+
+ 3) For staging pages, PG_error is used, which is similar to
+ what we do for inplaced pages.
+
+Fixes: 3883a79abd02 ("staging: erofs: introduce VLE decompression support")
+Cc: <stable@vger.kernel.org> # 4.19+
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/staging/erofs/unzip_vle.c | 42 ++++++++++++++++++++++++++------------
+ 1 file changed, 29 insertions(+), 13 deletions(-)
+
+--- a/drivers/staging/erofs/unzip_vle.c
++++ b/drivers/staging/erofs/unzip_vle.c
+@@ -885,6 +885,7 @@ repeat:
+ overlapped = false;
+ compressed_pages = grp->compressed_pages;
+
++ err = 0;
+ for (i = 0; i < clusterpages; ++i) {
+ unsigned pagenr;
+
+@@ -894,26 +895,39 @@ repeat:
+ DBG_BUGON(page == NULL);
+ DBG_BUGON(page->mapping == NULL);
+
+- if (z_erofs_is_stagingpage(page))
+- continue;
++ if (!z_erofs_is_stagingpage(page)) {
+ #ifdef EROFS_FS_HAS_MANAGED_CACHE
+- if (page->mapping == mngda) {
+- DBG_BUGON(!PageUptodate(page));
+- continue;
+- }
++ if (page->mapping == mngda) {
++ if (unlikely(!PageUptodate(page)))
++ err = -EIO;
++ continue;
++ }
+ #endif
+
+- /* only non-head page could be reused as a compressed page */
+- pagenr = z_erofs_onlinepage_index(page);
++ /*
++ * only if non-head page can be selected
++ * for inplace decompression
++ */
++ pagenr = z_erofs_onlinepage_index(page);
++
++ DBG_BUGON(pagenr >= nr_pages);
++ DBG_BUGON(pages[pagenr]);
++ ++sparsemem_pages;
++ pages[pagenr] = page;
+
+- DBG_BUGON(pagenr >= nr_pages);
+- DBG_BUGON(pages[pagenr]);
+- ++sparsemem_pages;
+- pages[pagenr] = page;
++ overlapped = true;
++ }
+
+- overlapped = true;
++ /* PG_error needs checking for inplaced and staging pages */
++ if (unlikely(PageError(page))) {
++ DBG_BUGON(PageUptodate(page));
++ err = -EIO;
++ }
+ }
+
++ if (unlikely(err))
++ goto out;
++
+ llen = (nr_pages << PAGE_SHIFT) - work->pageofs;
+
+ if (z_erofs_vle_workgrp_fmt(grp) == Z_EROFS_VLE_WORKGRP_FMT_PLAIN) {
+@@ -1082,6 +1096,8 @@ static inline bool recover_managed_page(
+ return true;
+
+ lock_page(page);
++ ClearPageError(page);
++
+ if (unlikely(!PagePrivate(page))) {
+ set_page_private(page, (unsigned long)grp);
+ SetPagePrivate(page);
--- /dev/null
+From 33bac912840fe64dbc15556302537dc6a17cac63 Mon Sep 17 00:00:00 2001
+From: Gao Xiang <gaoxiang25@huawei.com>
+Date: Fri, 29 Mar 2019 04:14:58 +0800
+Subject: staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir()
+
+From: Gao Xiang <gaoxiang25@huawei.com>
+
+commit 33bac912840fe64dbc15556302537dc6a17cac63 upstream.
+
+After commit 419d6efc50e9, kernel cannot be crashed in the namei
+path. However, corrupted nameoff can do harm in the process of
+readdir for scenerios without dm-verity as well. Fix it now.
+
+Fixes: 3aa8ec716e52 ("staging: erofs: add directory operations")
+Cc: <stable@vger.kernel.org> # 4.19+
+Signed-off-by: Gao Xiang <gaoxiang25@huawei.com>
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/staging/erofs/dir.c | 45 ++++++++++++++++++++++++--------------------
+ 1 file changed, 25 insertions(+), 20 deletions(-)
+
+--- a/drivers/staging/erofs/dir.c
++++ b/drivers/staging/erofs/dir.c
+@@ -23,6 +23,21 @@ static const unsigned char erofs_filetyp
+ [EROFS_FT_SYMLINK] = DT_LNK,
+ };
+
++static void debug_one_dentry(unsigned char d_type, const char *de_name,
++ unsigned int de_namelen)
++{
++#ifdef CONFIG_EROFS_FS_DEBUG
++ /* since the on-disk name could not have the trailing '\0' */
++ unsigned char dbg_namebuf[EROFS_NAME_LEN + 1];
++
++ memcpy(dbg_namebuf, de_name, de_namelen);
++ dbg_namebuf[de_namelen] = '\0';
++
++ debugln("found dirent %s de_len %u d_type %d", dbg_namebuf,
++ de_namelen, d_type);
++#endif
++}
++
+ static int erofs_fill_dentries(struct dir_context *ctx,
+ void *dentry_blk, unsigned *ofs,
+ unsigned nameoff, unsigned maxsize)
+@@ -33,14 +48,10 @@ static int erofs_fill_dentries(struct di
+ de = dentry_blk + *ofs;
+ while (de < end) {
+ const char *de_name;
+- int de_namelen;
++ unsigned int de_namelen;
+ unsigned char d_type;
+-#ifdef CONFIG_EROFS_FS_DEBUG
+- unsigned dbg_namelen;
+- unsigned char dbg_namebuf[EROFS_NAME_LEN];
+-#endif
+
+- if (unlikely(de->file_type < EROFS_FT_MAX))
++ if (de->file_type < EROFS_FT_MAX)
+ d_type = erofs_filetype_table[de->file_type];
+ else
+ d_type = DT_UNKNOWN;
+@@ -48,26 +59,20 @@ static int erofs_fill_dentries(struct di
+ nameoff = le16_to_cpu(de->nameoff);
+ de_name = (char *)dentry_blk + nameoff;
+
+- de_namelen = unlikely(de + 1 >= end) ?
+- /* last directory entry */
+- strnlen(de_name, maxsize - nameoff) :
+- le16_to_cpu(de[1].nameoff) - nameoff;
++ /* the last dirent in the block? */
++ if (de + 1 >= end)
++ de_namelen = strnlen(de_name, maxsize - nameoff);
++ else
++ de_namelen = le16_to_cpu(de[1].nameoff) - nameoff;
+
+ /* a corrupted entry is found */
+- if (unlikely(de_namelen < 0)) {
++ if (unlikely(nameoff + de_namelen > maxsize ||
++ de_namelen > EROFS_NAME_LEN)) {
+ DBG_BUGON(1);
+ return -EIO;
+ }
+
+-#ifdef CONFIG_EROFS_FS_DEBUG
+- dbg_namelen = min(EROFS_NAME_LEN - 1, de_namelen);
+- memcpy(dbg_namebuf, de_name, dbg_namelen);
+- dbg_namebuf[dbg_namelen] = '\0';
+-
+- debugln("%s, found de_name %s de_len %d d_type %d", __func__,
+- dbg_namebuf, de_namelen, d_type);
+-#endif
+-
++ debug_one_dentry(d_type, de_name, de_namelen);
+ if (!dir_emit(ctx, de_name, de_namelen,
+ le64_to_cpu(de->nid), d_type))
+ /* stoped by some reason */
--- /dev/null
+From 23481121c81d984193edf1532f5e123637e50903 Mon Sep 17 00:00:00 2001
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Date: Thu, 20 Sep 2018 14:23:44 +0300
+Subject: usb: typec: class: Don't use port parent for getting mux handles
+
+From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+
+commit 23481121c81d984193edf1532f5e123637e50903 upstream.
+
+It is not possible to use the parent of the port device when
+requesting mux handles as the parent may be a multiport USB
+Type-C or PD controller. The muxes must be assigned to the
+ports, not the controllers.
+
+This will also move the requesting of the muxes after the
+port device is initialized.
+
+Acked-by: Hans de Goede <hdegoede@redhat.com>
+Tested-by: Hans de Goede <hdegoede@redhat.com>
+Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+
+---
+ drivers/usb/typec/class.c | 38 +++++++++++++++-----------------------
+ 1 file changed, 15 insertions(+), 23 deletions(-)
+
+--- a/drivers/usb/typec/class.c
++++ b/drivers/usb/typec/class.c
+@@ -1500,7 +1500,7 @@ typec_port_register_altmode(struct typec
+
+ sprintf(id, "id%04xm%02x", desc->svid, desc->mode);
+
+- mux = typec_mux_get(port->dev.parent, id);
++ mux = typec_mux_get(&port->dev, id);
+ if (IS_ERR(mux))
+ return ERR_CAST(mux);
+
+@@ -1540,18 +1540,6 @@ struct typec_port *typec_register_port(s
+ return ERR_PTR(id);
+ }
+
+- port->sw = typec_switch_get(cap->fwnode ? &port->dev : parent);
+- if (IS_ERR(port->sw)) {
+- ret = PTR_ERR(port->sw);
+- goto err_switch;
+- }
+-
+- port->mux = typec_mux_get(parent, "typec-mux");
+- if (IS_ERR(port->mux)) {
+- ret = PTR_ERR(port->mux);
+- goto err_mux;
+- }
+-
+ switch (cap->type) {
+ case TYPEC_PORT_SRC:
+ port->pwr_role = TYPEC_SOURCE;
+@@ -1592,13 +1580,26 @@ struct typec_port *typec_register_port(s
+ port->port_type = cap->type;
+ port->prefer_role = cap->prefer_role;
+
++ device_initialize(&port->dev);
+ port->dev.class = typec_class;
+ port->dev.parent = parent;
+ port->dev.fwnode = cap->fwnode;
+ port->dev.type = &typec_port_dev_type;
+ dev_set_name(&port->dev, "port%d", id);
+
+- ret = device_register(&port->dev);
++ port->sw = typec_switch_get(&port->dev);
++ if (IS_ERR(port->sw)) {
++ put_device(&port->dev);
++ return ERR_CAST(port->sw);
++ }
++
++ port->mux = typec_mux_get(&port->dev, "typec-mux");
++ if (IS_ERR(port->mux)) {
++ put_device(&port->dev);
++ return ERR_CAST(port->mux);
++ }
++
++ ret = device_add(&port->dev);
+ if (ret) {
+ dev_err(parent, "failed to register port (%d)\n", ret);
+ put_device(&port->dev);
+@@ -1606,15 +1607,6 @@ struct typec_port *typec_register_port(s
+ }
+
+ return port;
+-
+-err_mux:
+- typec_switch_put(port->sw);
+-
+-err_switch:
+- ida_simple_remove(&typec_index_ida, port->id);
+- kfree(port);
+-
+- return ERR_PTR(ret);
+ }
+ EXPORT_SYMBOL_GPL(typec_register_port);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
