--- /dev/null
+From 1adecc6755e1e4193b5618ddb2e107f6d6e88f4b Mon Sep 17 00:00:00 2001
+From: Woodrow Shen <woodrow.shen@canonical.com>
+Date: Fri, 4 Sep 2015 15:08:12 +0800
+Subject: ALSA: hda - Add some FIXUP quirks for white noise on Dell laptop.
+
+From: Woodrow Shen <woodrow.shen@canonical.com>
+
+commit 1adecc6755e1e4193b5618ddb2e107f6d6e88f4b upstream.
+
+Dell laptop has a series model to use the same codec but different subsystem ID.
+At the same time they happens the white noise by login screen and headphone;
+for fixing them together, I only can add these IDs to FIXUP function ALC292_FIXUP_DISABLE_AAMIX,
+then try to solve such the similar issues.
+
+Codec: Realtek ALC3235
+Vendor Id: 0x10ec0293
+Subsystem Id: 0x102806dd
+Subsystem Id: 0x102806df
+Subsystem Id: 0x102806e0
+
+BugLink: https://bugs.launchpad.net/bugs/1492132
+Signed-off-by: Woodrow Shen <woodrow.shen@canonical.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -5118,8 +5118,11 @@ static const struct snd_pci_quirk alc269
+ SND_PCI_QUIRK(0x1028, 0x06c7, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x06d9, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x06da, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
+- SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
+ SND_PCI_QUIRK(0x1028, 0x06db, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
++ SND_PCI_QUIRK(0x1028, 0x06dd, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
++ SND_PCI_QUIRK(0x1028, 0x06de, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
++ SND_PCI_QUIRK(0x1028, 0x06df, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
++ SND_PCI_QUIRK(0x1028, 0x06e0, "Dell", ALC292_FIXUP_DISABLE_AAMIX),
+ SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2),
--- /dev/null
+From bb148bdeb0ab16fc0ae8009799471e4d7180073b Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 13 Aug 2015 18:02:39 +0200
+Subject: ALSA: hda - Enable headphone jack detect on old Fujitsu laptops
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit bb148bdeb0ab16fc0ae8009799471e4d7180073b upstream.
+
+According to the bug report, FSC Amilo laptops with ALC880 can detect
+the headphone jack but currently the driver disables it. It's partly
+intentionally, as non-working jack detect was reported in the past.
+Let's enable now.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=102501
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -1134,7 +1134,7 @@ static const struct hda_fixup alc880_fix
+ /* override all pins as BIOS on old Amilo is broken */
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+- { 0x14, 0x0121411f }, /* HP */
++ { 0x14, 0x0121401f }, /* HP */
+ { 0x15, 0x99030120 }, /* speaker */
+ { 0x16, 0x99030130 }, /* bass speaker */
+ { 0x17, 0x411111f0 }, /* N/A */
+@@ -1154,7 +1154,7 @@ static const struct hda_fixup alc880_fix
+ /* almost compatible with FUJITSU, but no bass and SPDIF */
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+- { 0x14, 0x0121411f }, /* HP */
++ { 0x14, 0x0121401f }, /* HP */
+ { 0x15, 0x99030120 }, /* speaker */
+ { 0x16, 0x411111f0 }, /* N/A */
+ { 0x17, 0x411111f0 }, /* N/A */
--- /dev/null
+From 467e1436ba85f78b8c4610c4549eb255a8211c42 Mon Sep 17 00:00:00 2001
+From: Niranjan Sivakumar <ns253@cornell.edu>
+Date: Sat, 5 Sep 2015 18:20:35 +0200
+Subject: ALSA: hda - Fix white noise on Dell M3800
+
+From: Niranjan Sivakumar <ns253@cornell.edu>
+
+commit 467e1436ba85f78b8c4610c4549eb255a8211c42 upstream.
+
+The M3800 is very minor workstation variant of the XPS 15 which has
+already been patched for this issue. I figured it's probably more
+important for this version of the laptop to be patched than the
+regular XPS as Dell sells is pre-configured with Ubuntu to be used as
+a Linux workstation. I have tested the patch on my the hardware on
+Linux 4.2.0.
+
+Signed-off-by: Niranjan Sivakumar <ns253@cornell.edu>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -6457,6 +6457,7 @@ static const struct snd_pci_quirk alc662
+ SND_PCI_QUIRK(0x1028, 0x05db, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x05fe, "Dell XPS 15", ALC668_FIXUP_DELL_XPS13),
+ SND_PCI_QUIRK(0x1028, 0x060a, "Dell XPS 13", ALC668_FIXUP_DELL_XPS13),
++ SND_PCI_QUIRK(0x1028, 0x060d, "Dell M3800", ALC668_FIXUP_DELL_XPS13),
+ SND_PCI_QUIRK(0x1028, 0x0625, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x0626, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1028, 0x0696, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
--- /dev/null
+From a161574e200ae63a5042120e0d8c36830e81bde3 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 13 Aug 2015 18:05:06 +0200
+Subject: ALSA: hda - Use ALC880_FIXUP_FUJITSU for FSC Amilo M1437
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit a161574e200ae63a5042120e0d8c36830e81bde3 upstream.
+
+It turned out that the machine has a bass speaker, so take a correct
+fixup entry.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=102501
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -1363,7 +1363,7 @@ static const struct snd_pci_quirk alc880
+ SND_PCI_QUIRK(0x161f, 0x203d, "W810", ALC880_FIXUP_W810),
+ SND_PCI_QUIRK(0x161f, 0x205d, "Medion Rim 2150", ALC880_FIXUP_MEDION_RIM),
+ SND_PCI_QUIRK(0x1631, 0xe011, "PB 13201056", ALC880_FIXUP_6ST_AUTOMUTE),
+- SND_PCI_QUIRK(0x1734, 0x107c, "FSC F1734", ALC880_FIXUP_F1734),
++ SND_PCI_QUIRK(0x1734, 0x107c, "FSC Amilo M1437", ALC880_FIXUP_FUJITSU),
+ SND_PCI_QUIRK(0x1734, 0x1094, "FSC Amilo M1451G", ALC880_FIXUP_FUJITSU),
+ SND_PCI_QUIRK(0x1734, 0x10ac, "FSC AMILO Xi 1526", ALC880_FIXUP_F1734),
+ SND_PCI_QUIRK(0x1734, 0x10b0, "FSC Amilo Pi1556", ALC880_FIXUP_FUJITSU),
--- /dev/null
+From 6aa6925cad06159dc6e25857991bbc4960821242 Mon Sep 17 00:00:00 2001
+From: Yao-Wen Mao <yaowen@google.com>
+Date: Fri, 28 Aug 2015 16:33:25 +0800
+Subject: ALSA: usb-audio: correct the value cache check.
+
+From: Yao-Wen Mao <yaowen@google.com>
+
+commit 6aa6925cad06159dc6e25857991bbc4960821242 upstream.
+
+The check of cval->cached should be zero-based (including master channel).
+
+Signed-off-by: Yao-Wen Mao <yaowen@google.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/usb/mixer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/usb/mixer.c
++++ b/sound/usb/mixer.c
+@@ -2522,7 +2522,7 @@ static int restore_mixer_value(struct us
+ for (c = 0; c < MAX_CHANNELS; c++) {
+ if (!(cval->cmask & (1 << c)))
+ continue;
+- if (cval->cached & (1 << c)) {
++ if (cval->cached & (1 << (c + 1))) {
+ err = snd_usb_set_cur_mix_value(cval, c + 1, idx,
+ cval->cache_val[idx]);
+ if (err < 0)
--- /dev/null
+From c2f58514cfb374d5368c9da945f1765cd48eb0da Mon Sep 17 00:00:00 2001
+From: Pavel Fedin <p.fedin@samsung.com>
+Date: Wed, 5 Aug 2015 11:53:57 +0100
+Subject: arm/arm64: KVM: vgic: Check for !irqchip_in_kernel() when mapping resources
+
+From: Pavel Fedin <p.fedin@samsung.com>
+
+commit c2f58514cfb374d5368c9da945f1765cd48eb0da upstream.
+
+Until b26e5fdac43c ("arm/arm64: KVM: introduce per-VM ops"),
+kvm_vgic_map_resources() used to include a check on irqchip_in_kernel(),
+and vgic_v2_map_resources() still has it.
+
+But now vm_ops are not initialized until we call kvm_vgic_create().
+Therefore kvm_vgic_map_resources() can being called without a VGIC,
+and we die because vm_ops.map_resources is NULL.
+
+Fixing this restores QEMU's kernel-irqchip=off option to a working state,
+allowing to use GIC emulation in userspace.
+
+Fixes: b26e5fdac43c ("arm/arm64: KVM: introduce per-VM ops")
+Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
+[maz: reworked commit message]
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/kvm/arm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/kvm/arm.c
++++ b/arch/arm/kvm/arm.c
+@@ -450,7 +450,7 @@ static int kvm_vcpu_first_run_init(struc
+ * Map the VGIC hardware resources before running a vcpu the first
+ * time on this VM.
+ */
+- if (unlikely(!vgic_ready(kvm))) {
++ if (unlikely(irqchip_in_kernel(kvm) && !vgic_ready(kvm))) {
+ ret = kvm_vgic_map_resources(kvm);
+ if (ret)
+ return ret;
--- /dev/null
+From bdec97a855ef1e239f130f7a11584721c9a1bf04 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Tue, 15 Sep 2015 12:07:06 +0100
+Subject: arm64: compat: fix vfp save/restore across signal handlers in big-endian
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit bdec97a855ef1e239f130f7a11584721c9a1bf04 upstream.
+
+When saving/restoring the VFP registers from a compat (AArch32)
+signal frame, we rely on the compat registers forming a prefix of the
+native register file and therefore make use of copy_{to,from}_user to
+transfer between the native fpsimd_state and the compat_vfp_sigframe.
+
+Unfortunately, this doesn't work so well in a big-endian environment.
+Our fpsimd save/restore code operates directly on 128-bit quantities
+(Q registers) whereas the compat_vfp_sigframe represents the registers
+as an array of 64-bit (D) registers. The architecture packs the compat D
+registers into the Q registers, with the least significant bytes holding
+the lower register. Consequently, we need to swap the 64-bit halves when
+converting between these two representations on a big-endian machine.
+
+This patch replaces the __copy_{to,from}_user invocations in our
+compat VFP signal handling code with explicit __put_user loops that
+operate on 64-bit values and swap them accordingly.
+
+Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/signal32.c | 47 ++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 36 insertions(+), 11 deletions(-)
+
+--- a/arch/arm64/kernel/signal32.c
++++ b/arch/arm64/kernel/signal32.c
+@@ -212,14 +212,32 @@ int copy_siginfo_from_user32(siginfo_t *
+
+ /*
+ * VFP save/restore code.
++ *
++ * We have to be careful with endianness, since the fpsimd context-switch
++ * code operates on 128-bit (Q) register values whereas the compat ABI
++ * uses an array of 64-bit (D) registers. Consequently, we need to swap
++ * the two halves of each Q register when running on a big-endian CPU.
+ */
++union __fpsimd_vreg {
++ __uint128_t raw;
++ struct {
++#ifdef __AARCH64EB__
++ u64 hi;
++ u64 lo;
++#else
++ u64 lo;
++ u64 hi;
++#endif
++ };
++};
++
+ static int compat_preserve_vfp_context(struct compat_vfp_sigframe __user *frame)
+ {
+ struct fpsimd_state *fpsimd = ¤t->thread.fpsimd_state;
+ compat_ulong_t magic = VFP_MAGIC;
+ compat_ulong_t size = VFP_STORAGE_SIZE;
+ compat_ulong_t fpscr, fpexc;
+- int err = 0;
++ int i, err = 0;
+
+ /*
+ * Save the hardware registers to the fpsimd_state structure.
+@@ -235,10 +253,15 @@ static int compat_preserve_vfp_context(s
+ /*
+ * Now copy the FP registers. Since the registers are packed,
+ * we can copy the prefix we want (V0-V15) as it is.
+- * FIXME: Won't work if big endian.
+ */
+- err |= __copy_to_user(&frame->ufp.fpregs, fpsimd->vregs,
+- sizeof(frame->ufp.fpregs));
++ for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) {
++ union __fpsimd_vreg vreg = {
++ .raw = fpsimd->vregs[i >> 1],
++ };
++
++ __put_user_error(vreg.lo, &frame->ufp.fpregs[i], err);
++ __put_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err);
++ }
+
+ /* Create an AArch32 fpscr from the fpsr and the fpcr. */
+ fpscr = (fpsimd->fpsr & VFP_FPSCR_STAT_MASK) |
+@@ -263,7 +286,7 @@ static int compat_restore_vfp_context(st
+ compat_ulong_t magic = VFP_MAGIC;
+ compat_ulong_t size = VFP_STORAGE_SIZE;
+ compat_ulong_t fpscr;
+- int err = 0;
++ int i, err = 0;
+
+ __get_user_error(magic, &frame->magic, err);
+ __get_user_error(size, &frame->size, err);
+@@ -273,12 +296,14 @@ static int compat_restore_vfp_context(st
+ if (magic != VFP_MAGIC || size != VFP_STORAGE_SIZE)
+ return -EINVAL;
+
+- /*
+- * Copy the FP registers into the start of the fpsimd_state.
+- * FIXME: Won't work if big endian.
+- */
+- err |= __copy_from_user(fpsimd.vregs, frame->ufp.fpregs,
+- sizeof(frame->ufp.fpregs));
++ /* Copy the FP registers into the start of the fpsimd_state. */
++ for (i = 0; i < ARRAY_SIZE(frame->ufp.fpregs); i += 2) {
++ union __fpsimd_vreg vreg;
++
++ __get_user_error(vreg.lo, &frame->ufp.fpregs[i], err);
++ __get_user_error(vreg.hi, &frame->ufp.fpregs[i + 1], err);
++ fpsimd.vregs[i >> 1] = vreg.raw;
++ }
+
+ /* Extract the fpsr and the fpcr from the fpscr */
+ __get_user_error(fpscr, &frame->ufp.fpscr, err);
--- /dev/null
+From df057cc7b4fa59e9b55f07ffdb6c62bf02e99a00 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Tue, 17 Mar 2015 12:15:02 +0000
+Subject: arm64: errata: add module build workaround for erratum #843419
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit df057cc7b4fa59e9b55f07ffdb6c62bf02e99a00 upstream.
+
+Cortex-A53 processors <= r0p4 are affected by erratum #843419 which can
+lead to a memory access using an incorrect address in certain sequences
+headed by an ADRP instruction.
+
+There is a linker fix to generate veneers for ADRP instructions, but
+this doesn't work for kernel modules which are built as unlinked ELF
+objects.
+
+This patch adds a new config option for the erratum which, when enabled,
+builds kernel modules with the mcmodel=large flag. This uses absolute
+addressing for all kernel symbols, thereby removing the use of ADRP as
+a PC-relative form of addressing. The ADRP relocs are removed from the
+module loader so that we fail to load any potentially affected modules.
+
+Acked-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/Kconfig | 16 ++++++++++++++++
+ arch/arm64/Makefile | 4 ++++
+ arch/arm64/kernel/module.c | 2 ++
+ 3 files changed, 22 insertions(+)
+
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -413,6 +413,22 @@ config ARM64_ERRATUM_845719
+
+ If unsure, say Y.
+
++config ARM64_ERRATUM_843419
++ bool "Cortex-A53: 843419: A load or store might access an incorrect address"
++ depends on MODULES
++ default y
++ help
++ This option builds kernel modules using the large memory model in
++ order to avoid the use of the ADRP instruction, which can cause
++ a subsequent memory access to use an incorrect address on Cortex-A53
++ parts up to r0p4.
++
++ Note that the kernel itself must be linked with a version of ld
++ which fixes potentially affected ADRP instructions through the
++ use of veneers.
++
++ If unsure, say Y.
++
+ endmenu
+
+
+--- a/arch/arm64/Makefile
++++ b/arch/arm64/Makefile
+@@ -30,6 +30,10 @@ endif
+
+ CHECKFLAGS += -D__aarch64__
+
++ifeq ($(CONFIG_ARM64_ERRATUM_843419), y)
++CFLAGS_MODULE += -mcmodel=large
++endif
++
+ # Default value
+ head-y := arch/arm64/kernel/head.o
+
+--- a/arch/arm64/kernel/module.c
++++ b/arch/arm64/kernel/module.c
+@@ -332,12 +332,14 @@ int apply_relocate_add(Elf64_Shdr *sechd
+ ovf = reloc_insn_imm(RELOC_OP_PREL, loc, val, 0, 21,
+ AARCH64_INSN_IMM_ADR);
+ break;
++#ifndef CONFIG_ARM64_ERRATUM_843419
+ case R_AARCH64_ADR_PREL_PG_HI21_NC:
+ overflow_check = false;
+ case R_AARCH64_ADR_PREL_PG_HI21:
+ ovf = reloc_insn_imm(RELOC_OP_PAGE, loc, val, 12, 21,
+ AARCH64_INSN_IMM_ADR);
+ break;
++#endif
+ case R_AARCH64_ADD_ABS_LO12_NC:
+ case R_AARCH64_LDST8_ABS_LO12_NC:
+ overflow_check = false;
--- /dev/null
+From 674c242c9323d3c293fc4f9a3a3a619fe3063290 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Thu, 27 Aug 2015 07:12:33 +0100
+Subject: arm64: flush FP/SIMD state correctly after execve()
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit 674c242c9323d3c293fc4f9a3a3a619fe3063290 upstream.
+
+When a task calls execve(), its FP/SIMD state is flushed so that
+none of the original program state is observeable by the incoming
+program.
+
+However, since this flushing consists of setting the in-memory copy
+of the FP/SIMD state to all zeroes, the CPU field is set to CPU 0 as
+well, which indicates to the lazy FP/SIMD preserve/restore code that
+the FP/SIMD state does not need to be reread from memory if the task
+is scheduled again on CPU 0 without any other tasks having entered
+userland (or used the FP/SIMD in kernel mode) on the same CPU in the
+mean time. If this happens, the FP/SIMD state of the old program will
+still be present in the registers when the new program starts.
+
+So set the CPU field to the invalid value of NR_CPUS when performing
+the flush, by calling fpsimd_flush_task_state().
+
+Reported-by: Chunyan Zhang <chunyan.zhang@spreadtrum.com>
+Reported-by: Janet Liu <janet.liu@spreadtrum.com>
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/fpsimd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/arm64/kernel/fpsimd.c
++++ b/arch/arm64/kernel/fpsimd.c
+@@ -157,6 +157,7 @@ void fpsimd_thread_switch(struct task_st
+ void fpsimd_flush_thread(void)
+ {
+ memset(¤t->thread.fpsimd_state, 0, sizeof(struct fpsimd_state));
++ fpsimd_flush_task_state(current);
+ set_thread_flag(TIF_FOREIGN_FPSTATE);
+ }
+
--- /dev/null
+From d10bcd473301888f957ec4b6b12aa3621be78d59 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Wed, 2 Sep 2015 18:49:28 +0100
+Subject: arm64: head.S: initialise mdcr_el2 in el2_setup
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit d10bcd473301888f957ec4b6b12aa3621be78d59 upstream.
+
+When entering the kernel at EL2, we fail to initialise the MDCR_EL2
+register which controls debug access and PMU capabilities at EL1.
+
+This patch ensures that the register is initialised so that all traps
+are disabled and all the PMU counters are available to the host. When a
+guest is scheduled, KVM takes care to configure trapping appropriately.
+
+Acked-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/head.S | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/arch/arm64/kernel/head.S
++++ b/arch/arm64/kernel/head.S
+@@ -565,6 +565,11 @@ CPU_LE( movk x0, #0x30d0, lsl #16 ) // C
+ msr hstr_el2, xzr // Disable CP15 traps to EL2
+ #endif
+
++ /* EL2 debug */
++ mrs x0, pmcr_el0 // Disable debug access traps
++ ubfx x0, x0, #11, #5 // to EL2 and allow access to
++ msr mdcr_el2, x0 // all PMU counters from EL1
++
+ /* Stage-2 translation */
+ msr vttbr_el2, xzr
+
--- /dev/null
+From bf0c4e04732479f650ff59d1ee82de761c0071f0 Mon Sep 17 00:00:00 2001
+From: Jeff Vander Stoep <jeffv@google.com>
+Date: Tue, 18 Aug 2015 20:50:10 +0100
+Subject: arm64: kconfig: Move LIST_POISON to a safe value
+
+From: Jeff Vander Stoep <jeffv@google.com>
+
+commit bf0c4e04732479f650ff59d1ee82de761c0071f0 upstream.
+
+Move the poison pointer offset to 0xdead000000000000, a
+recognized value that is not mappable by user-space exploits.
+
+Acked-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Thierry Strudel <tstrudel@google.com>
+Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/Kconfig | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -101,6 +101,10 @@ config NO_IOPORT_MAP
+ config STACKTRACE_SUPPORT
+ def_bool y
+
++config ILLEGAL_POINTER_VALUE
++ hex
++ default 0xdead000000000000
++
+ config LOCKDEP_SUPPORT
+ def_bool y
+
--- /dev/null
+From c4cbba9fa078f55d9f6d081dbb4aec7cf969e7c7 Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <marc.zyngier@arm.com>
+Date: Wed, 16 Sep 2015 16:18:59 +0100
+Subject: arm64: KVM: Disable virtual timer even if the guest is not using it
+
+From: Marc Zyngier <marc.zyngier@arm.com>
+
+commit c4cbba9fa078f55d9f6d081dbb4aec7cf969e7c7 upstream.
+
+When running a guest with the architected timer disabled (with QEMU and
+the kernel_irqchip=off option, for example), it is important to make
+sure the timer gets turned off. Otherwise, the guest may try to
+enable it anyway, leading to a screaming HW interrupt.
+
+The fix is to unconditionally turn off the virtual timer on guest
+exit.
+
+Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kvm/hyp.S | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/kvm/hyp.S
++++ b/arch/arm64/kvm/hyp.S
+@@ -844,8 +844,6 @@
+ mrs x3, cntv_ctl_el0
+ and x3, x3, #3
+ str w3, [x0, #VCPU_TIMER_CNTV_CTL]
+- bic x3, x3, #1 // Clear Enable
+- msr cntv_ctl_el0, x3
+
+ isb
+
+@@ -853,6 +851,9 @@
+ str x3, [x0, #VCPU_TIMER_CNTV_CVAL]
+
+ 1:
++ // Disable the virtual timer
++ msr cntv_ctl_el0, xzr
++
+ // Allow physical timer/counter access for the host
+ mrs x2, cnthctl_el2
+ orr x2, x2, #3
--- /dev/null
+From 34ba2c4247e5c4b1542b1106e156af324660c4f0 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 18 Aug 2015 10:34:42 +0100
+Subject: arm64: set MAX_MEMBLOCK_ADDR according to linear region size
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit 34ba2c4247e5c4b1542b1106e156af324660c4f0 upstream.
+
+The linear region size of a 39-bit VA kernel is only 256 GB, which
+may be insufficient to cover all of system RAM, even on platforms
+that have much less than 256 GB of memory but which is laid out
+very sparsely.
+
+So make sure we clip the memory we will not be able to map before
+installing it into the memblock memory table, by setting
+MAX_MEMBLOCK_ADDR accordingly.
+
+Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
+Tested-by: Stuart Yoder <stuart.yoder@freescale.com>
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/include/asm/memory.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/arch/arm64/include/asm/memory.h
++++ b/arch/arm64/include/asm/memory.h
+@@ -114,6 +114,14 @@ extern phys_addr_t memstart_addr;
+ #define PHYS_OFFSET ({ memstart_addr; })
+
+ /*
++ * The maximum physical address that the linear direct mapping
++ * of system RAM can cover. (PAGE_OFFSET can be interpreted as
++ * a 2's complement signed quantity and negated to derive the
++ * maximum size of the linear mapping.)
++ */
++#define MAX_MEMBLOCK_ADDR ({ memstart_addr - PAGE_OFFSET - 1; })
++
++/*
+ * PFNs are used to describe any physical page; this means
+ * PFN 0 == physical address 0.
+ *
--- /dev/null
+From eb38f3a4f6e86f8bb10a3217ebd85ecc5d763aae Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 3 Sep 2015 22:20:00 -0700
+Subject: Input: evdev - do not report errors form flush()
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit eb38f3a4f6e86f8bb10a3217ebd85ecc5d763aae upstream.
+
+We've got bug reports showing the old systemd-logind (at least
+system-210) aborting unexpectedly, and this turned out to be because
+of an invalid error code from close() call to evdev devices. close()
+is supposed to return only either EINTR or EBADFD, while the device
+returned ENODEV. logind was overreacting to it and decided to kill
+itself when an unexpected error code was received. What a tragedy.
+
+The bad error code comes from flush fops, and actually evdev_flush()
+returns ENODEV when device is disconnected or client's access to it is
+revoked. But in these cases the fact that flush did not actually happen is
+not an error, but rather normal behavior. For non-disconnected devices
+result of flush is also not that interesting as there is no potential of
+data loss and even if it fails application has no way of handling the
+error. Because of that we are better off always returning success from
+evdev_flush().
+
+Also returning EINTR from flush()/close() is discouraged (as it is not
+clear how application should handle this error), so let's stop taking
+evdev->mutex interruptibly.
+
+Bugzilla: http://bugzilla.suse.com/show_bug.cgi?id=939834
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/input/evdev.c | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+--- a/drivers/input/evdev.c
++++ b/drivers/input/evdev.c
+@@ -290,19 +290,14 @@ static int evdev_flush(struct file *file
+ {
+ struct evdev_client *client = file->private_data;
+ struct evdev *evdev = client->evdev;
+- int retval;
+
+- retval = mutex_lock_interruptible(&evdev->mutex);
+- if (retval)
+- return retval;
++ mutex_lock(&evdev->mutex);
+
+- if (!evdev->exist || client->revoked)
+- retval = -ENODEV;
+- else
+- retval = input_flush_device(&evdev->handle, file);
++ if (evdev->exist && !client->revoked)
++ input_flush_device(&evdev->handle, file);
+
+ mutex_unlock(&evdev->mutex);
+- return retval;
++ return 0;
+ }
+
+ static void evdev_free(struct device *dev)
--- /dev/null
+From e51e38494a8ecc18650efb0c840600637891de2c Mon Sep 17 00:00:00 2001
+From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Date: Thu, 20 Aug 2015 14:28:48 -0700
+Subject: Input: synaptics - fix handling of disabling gesture mode
+
+From: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+
+commit e51e38494a8ecc18650efb0c840600637891de2c upstream.
+
+Bit 2 of the mode byte has dual meaning: it can disable reporting of
+gestures when touchpad works in Relative mode or normal Absolute mode,
+or it can enable so called Extended W-Mode when touchpad uses enhanced
+Absolute mode (W-mode). The extended W-Mode confuses our driver and
+causes missing button presses on some Thinkpads (x250, T450s), so let's
+make sure we do not enable it.
+
+Also, according to the spec W mode "... bit is defined only in Absolute
+mode on pads whose capExtended capability bit is set. In Relative mode and
+in TouchPads without this capability, the bit is reserved and should be
+left at 0.", so let's make sure we respect this requirement as well.
+
+Reported-by: Nick Bowler <nbowler@draconx.ca>
+Suggested-by: Gabor Balla <gaborwho@gmail.com>
+Tested-by: Gabor Balla <gaborwho@gmail.com>
+Tested-by: Nick Bowler <nbowler@draconx.ca>
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/input/mouse/synaptics.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+--- a/drivers/input/mouse/synaptics.c
++++ b/drivers/input/mouse/synaptics.c
+@@ -519,14 +519,18 @@ static int synaptics_set_mode(struct psm
+ struct synaptics_data *priv = psmouse->private;
+
+ priv->mode = 0;
+- if (priv->absolute_mode)
++
++ if (priv->absolute_mode) {
+ priv->mode |= SYN_BIT_ABSOLUTE_MODE;
+- if (priv->disable_gesture)
++ if (SYN_CAP_EXTENDED(priv->capabilities))
++ priv->mode |= SYN_BIT_W_MODE;
++ }
++
++ if (!SYN_MODE_WMODE(priv->mode) && priv->disable_gesture)
+ priv->mode |= SYN_BIT_DISABLE_GESTURE;
++
+ if (psmouse->rate >= 80)
+ priv->mode |= SYN_BIT_HIGH_RATE;
+- if (SYN_CAP_EXTENDED(priv->capabilities))
+- priv->mode |= SYN_BIT_W_MODE;
+
+ if (synaptics_mode_cmd(psmouse, priv->mode))
+ return -1;
--- /dev/null
+From 43297dda0a51e4ffed0888ce727c218cfb7474b6 Mon Sep 17 00:00:00 2001
+From: Will Deacon <will.deacon@arm.com>
+Date: Mon, 14 Sep 2015 16:06:03 +0100
+Subject: KVM: arm64: add workaround for Cortex-A57 erratum #852523
+
+From: Will Deacon <will.deacon@arm.com>
+
+commit 43297dda0a51e4ffed0888ce727c218cfb7474b6 upstream.
+
+When restoring the system register state for an AArch32 guest at EL2,
+writes to DACR32_EL2 may not be correctly synchronised by Cortex-A57,
+which can lead to the guest effectively running with junk in the DACR
+and running into unexpected domain faults.
+
+This patch works around the issue by re-ordering our restoration of the
+AArch32 register aliases so that they happen before the AArch64 system
+registers. Ensuring that the registers are restored in this order
+guarantees that they will be correctly synchronised by the core.
+
+Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kvm/hyp.S | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/arm64/kvm/hyp.S
++++ b/arch/arm64/kvm/hyp.S
+@@ -947,13 +947,15 @@ ENTRY(__kvm_vcpu_run)
+ // Guest context
+ add x2, x0, #VCPU_CONTEXT
+
++ // We must restore the 32-bit state before the sysregs, thanks
++ // to Cortex-A57 erratum #852523.
++ restore_guest_32bit_state
+ bl __restore_sysregs
+ bl __restore_fpsimd
+
+ skip_debug_state x3, 1f
+ bl __restore_debug
+ 1:
+- restore_guest_32bit_state
+ restore_guest_regs
+
+ // That's it, no more messing around.
--- /dev/null
+From 8eafeb48022816513abc4f440bdad4c350fe81a3 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Tue, 18 Aug 2015 10:34:41 +0100
+Subject: of/fdt: make memblock maximum physical address arch configurable
+
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+
+commit 8eafeb48022816513abc4f440bdad4c350fe81a3 upstream.
+
+When parsing the memory nodes to populate the memblock memory
+table, we check against high and low limits and clip any memory
+that exceeds either one of them.
+
+However, for arm64, the high limit of (phys_addr_t)~0 is not very
+meaningful, since phys_addr_t is 64 bits (i.e., no limit) but there
+may be other constraints that limit the memory ranges that we can
+support.
+
+So rename MAX_PHYS_ADDR to MAX_MEMBLOCK_ADDR (for clarity) and only
+define it if the arch does not supply a definition of its own.
+
+Acked-by: Rob Herring <robh@kernel.org>
+Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
+Tested-by: Stuart Yoder <stuart.yoder@freescale.com>
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/of/fdt.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/drivers/of/fdt.c
++++ b/drivers/of/fdt.c
+@@ -955,7 +955,9 @@ int __init early_init_dt_scan_chosen(uns
+ }
+
+ #ifdef CONFIG_HAVE_MEMBLOCK
+-#define MAX_PHYS_ADDR ((phys_addr_t)~0)
++#ifndef MAX_MEMBLOCK_ADDR
++#define MAX_MEMBLOCK_ADDR ((phys_addr_t)~0)
++#endif
+
+ void __init __weak early_init_dt_add_memory_arch(u64 base, u64 size)
+ {
+@@ -972,16 +974,16 @@ void __init __weak early_init_dt_add_mem
+ }
+ size &= PAGE_MASK;
+
+- if (base > MAX_PHYS_ADDR) {
++ if (base > MAX_MEMBLOCK_ADDR) {
+ pr_warning("Ignoring memory block 0x%llx - 0x%llx\n",
+ base, base + size);
+ return;
+ }
+
+- if (base + size - 1 > MAX_PHYS_ADDR) {
++ if (base + size - 1 > MAX_MEMBLOCK_ADDR) {
+ pr_warning("Ignoring memory range 0x%llx - 0x%llx\n",
+- ((u64)MAX_PHYS_ADDR) + 1, base + size);
+- size = MAX_PHYS_ADDR - base + 1;
++ ((u64)MAX_MEMBLOCK_ADDR) + 1, base + size);
++ size = MAX_MEMBLOCK_ADDR - base + 1;
+ }
+
+ if (base + size < phys_offset) {
cxl-fix-unbalanced-pci_dev_get-in-cxl_probe.patch
ext4-don-t-manipulate-recovery-flag-when-freezing-no-journal-fs.patch
revert-ext4-remove-block_device_ejected.patch
+arm64-kconfig-move-list_poison-to-a-safe-value.patch
+arm64-flush-fp-simd-state-correctly-after-execve.patch
+of-fdt-make-memblock-maximum-physical-address-arch-configurable.patch
+arm64-set-max_memblock_addr-according-to-linear-region-size.patch
+arm64-compat-fix-vfp-save-restore-across-signal-handlers-in-big-endian.patch
+arm64-head.s-initialise-mdcr_el2-in-el2_setup.patch
+arm64-errata-add-module-build-workaround-for-erratum-843419.patch
+arm-arm64-kvm-vgic-check-for-irqchip_in_kernel-when-mapping-resources.patch
+kvm-arm64-add-workaround-for-cortex-a57-erratum-852523.patch
+arm64-kvm-disable-virtual-timer-even-if-the-guest-is-not-using-it.patch
+input-synaptics-fix-handling-of-disabling-gesture-mode.patch
+input-evdev-do-not-report-errors-form-flush.patch
+alsa-usb-audio-correct-the-value-cache-check.patch
+alsa-hda-enable-headphone-jack-detect-on-old-fujitsu-laptops.patch
+alsa-hda-use-alc880_fixup_fujitsu-for-fsc-amilo-m1437.patch
+alsa-hda-add-some-fixup-quirks-for-white-noise-on-dell-laptop.patch
+alsa-hda-fix-white-noise-on-dell-m3800.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
