--- /dev/null
+From 0a27844ce86d039d74221dd56cd8c0349b146b63 Mon Sep 17 00:00:00 2001
+From: Srinivas Dasari <dasaris@qti.qualcomm.com>
+Date: Fri, 7 Jul 2017 01:43:40 +0300
+Subject: cfg80211: Check if NAN service ID is of expected size
+
+From: Srinivas Dasari <dasaris@qti.qualcomm.com>
+
+commit 0a27844ce86d039d74221dd56cd8c0349b146b63 upstream.
+
+nla policy checks for only maximum length of the attribute data when the
+attribute type is NLA_BINARY. If userspace sends less data than
+specified, cfg80211 may access illegal memory. When type is NLA_UNSPEC,
+nla policy check ensures that userspace sends minimum specified length
+number of bytes.
+
+Remove type assignment to NLA_BINARY from nla_policy of
+NL80211_NAN_FUNC_SERVICE_ID to make these NLA_UNSPEC and to make sure
+minimum NL80211_NAN_FUNC_SERVICE_ID_LEN bytes are received from
+userspace with NL80211_NAN_FUNC_SERVICE_ID.
+
+Fixes: a442b761b24 ("cfg80211: add add_nan_func / del_nan_func")
+Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -520,7 +520,7 @@ nl80211_bss_select_policy[NL80211_BSS_SE
+ static const struct nla_policy
+ nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
+ [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
+- [NL80211_NAN_FUNC_SERVICE_ID] = { .type = NLA_BINARY,
++ [NL80211_NAN_FUNC_SERVICE_ID] = {
+ .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
+ [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
+ [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
--- /dev/null
+From 9361df14d1cbf966409d5d6f48bb334384fbe138 Mon Sep 17 00:00:00 2001
+From: Srinivas Dasari <dasaris@qti.qualcomm.com>
+Date: Fri, 7 Jul 2017 01:43:39 +0300
+Subject: cfg80211: Check if PMKID attribute is of expected size
+
+From: Srinivas Dasari <dasaris@qti.qualcomm.com>
+
+commit 9361df14d1cbf966409d5d6f48bb334384fbe138 upstream.
+
+nla policy checks for only maximum length of the attribute data
+when the attribute type is NLA_BINARY. If userspace sends less
+data than specified, the wireless drivers may access illegal
+memory. When type is NLA_UNSPEC, nla policy check ensures that
+userspace sends minimum specified length number of bytes.
+
+Remove type assignment to NLA_BINARY from nla_policy of
+NL80211_ATTR_PMKID to make this NLA_UNSPEC and to make sure minimum
+WLAN_PMKID_LEN bytes are received from userspace with
+NL80211_ATTR_PMKID.
+
+Fixes: 67fbb16be69d ("nl80211: PMKSA caching support")
+Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -291,8 +291,7 @@ static const struct nla_policy nl80211_p
+ [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
+ [NL80211_ATTR_PID] = { .type = NLA_U32 },
+ [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
+- [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
+- .len = WLAN_PMKID_LEN },
++ [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
+ [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
+ [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
+ [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
--- /dev/null
+From 8feb69c7bd89513be80eb19198d48f154b254021 Mon Sep 17 00:00:00 2001
+From: Srinivas Dasari <dasaris@qti.qualcomm.com>
+Date: Fri, 7 Jul 2017 01:43:41 +0300
+Subject: cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
+
+From: Srinivas Dasari <dasaris@qti.qualcomm.com>
+
+commit 8feb69c7bd89513be80eb19198d48f154b254021 upstream.
+
+Buffer overread may happen as nl80211_set_station() reads 4 bytes
+from the attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE without
+validating the size of data received when userspace sends less
+than 4 bytes of data with NL80211_ATTR_LOCAL_MESH_POWER_MODE.
+Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE to avoid
+the buffer overread.
+
+Fixes: 3b1c5a5307f ("{cfg,nl}80211: mesh power mode primitives and userspace access")
+Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -348,6 +348,7 @@ static const struct nla_policy nl80211_p
+ [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
+ [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
+ [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
++ [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
+ [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
+ [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
+ [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
--- /dev/null
+From d7f13f7450369281a5d0ea463cc69890a15923ae Mon Sep 17 00:00:00 2001
+From: Srinivas Dasari <dasaris@qti.qualcomm.com>
+Date: Fri, 7 Jul 2017 01:43:42 +0300
+Subject: cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
+
+From: Srinivas Dasari <dasaris@qti.qualcomm.com>
+
+commit d7f13f7450369281a5d0ea463cc69890a15923ae upstream.
+
+validate_scan_freqs() retrieves frequencies from attributes
+nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with
+nla_get_u32(), which reads 4 bytes from each attribute
+without validating the size of data received. Attributes
+nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy.
+
+Validate size of each attribute before parsing to avoid potential buffer
+overread.
+
+Fixes: 2a519311926 ("cfg80211/nl80211: scanning (and mac80211 update to use it)")
+Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
+Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/wireless/nl80211.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -6470,6 +6470,10 @@ static int validate_scan_freqs(struct nl
+ struct nlattr *attr1, *attr2;
+ int n_channels = 0, tmp1, tmp2;
+
++ nla_for_each_nested(attr1, freqs, tmp1)
++ if (nla_len(attr1) != sizeof(u32))
++ return 0;
++
+ nla_for_each_nested(attr1, freqs, tmp1) {
+ n_channels++;
+ /*
--- /dev/null
+From 9a04dbcfb33b4012d0ce8c0282f1e3ca694675b1 Mon Sep 17 00:00:00 2001
+From: David Rientjes <rientjes@google.com>
+Date: Thu, 6 Jul 2017 15:35:24 -0700
+Subject: compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
+
+From: David Rientjes <rientjes@google.com>
+
+commit 9a04dbcfb33b4012d0ce8c0282f1e3ca694675b1 upstream.
+
+The motivation for commit abb2ea7dfd82 ("compiler, clang: suppress
+warning for unused static inline functions") was to suppress clang's
+warnings about unused static inline functions.
+
+For configs without CONFIG_OPTIMIZE_INLINING enabled, such as any non-x86
+architecture, `inline' in the kernel implies that
+__attribute__((always_inline)) is used.
+
+Some code depends on that behavior, see
+ https://lkml.org/lkml/2017/6/13/918:
+
+ net/built-in.o: In function `__xchg_mb':
+ arch/arm64/include/asm/cmpxchg.h:99: undefined reference to `__compiletime_assert_99'
+ arch/arm64/include/asm/cmpxchg.h:99: undefined reference to `__compiletime_assert_99
+
+The full fix would be to identify these breakages and annotate the
+functions with __always_inline instead of `inline'. But since we are
+late in the 4.12-rc cycle, simply carry forward the forced inlining
+behavior and work toward moving arm64, and other architectures, toward
+CONFIG_OPTIMIZE_INLINING behavior.
+
+Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1706261552200.1075@chino.kir.corp.google.com
+Signed-off-by: David Rientjes <rientjes@google.com>
+Reported-by: Sodagudi Prasad <psodagud@codeaurora.org>
+Tested-by: Sodagudi Prasad <psodagud@codeaurora.org>
+Tested-by: Matthias Kaehlcke <mka@chromium.org>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Will Deacon <will.deacon@arm.com>
+Cc: Catalin Marinas <catalin.marinas@arm.com>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/compiler-clang.h | 8 --------
+ include/linux/compiler-gcc.h | 18 +++++++++++-------
+ 2 files changed, 11 insertions(+), 15 deletions(-)
+
+--- a/include/linux/compiler-clang.h
++++ b/include/linux/compiler-clang.h
+@@ -15,11 +15,3 @@
+ * with any version that can compile the kernel
+ */
+ #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__)
+-
+-/*
+- * GCC does not warn about unused static inline functions for
+- * -Wunused-function. This turns out to avoid the need for complex #ifdef
+- * directives. Suppress the warning in clang as well.
+- */
+-#undef inline
+-#define inline inline __attribute__((unused)) notrace
+--- a/include/linux/compiler-gcc.h
++++ b/include/linux/compiler-gcc.h
+@@ -66,18 +66,22 @@
+
+ /*
+ * Force always-inline if the user requests it so via the .config,
+- * or if gcc is too old:
++ * or if gcc is too old.
++ * GCC does not warn about unused static inline functions for
++ * -Wunused-function. This turns out to avoid the need for complex #ifdef
++ * directives. Suppress the warning in clang as well by using "unused"
++ * function attribute, which is redundant but not harmful for gcc.
+ */
+ #if !defined(CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING) || \
+ !defined(CONFIG_OPTIMIZE_INLINING) || (__GNUC__ < 4)
+-#define inline inline __attribute__((always_inline)) notrace
+-#define __inline__ __inline__ __attribute__((always_inline)) notrace
+-#define __inline __inline __attribute__((always_inline)) notrace
++#define inline inline __attribute__((always_inline,unused)) notrace
++#define __inline__ __inline__ __attribute__((always_inline,unused)) notrace
++#define __inline __inline __attribute__((always_inline,unused)) notrace
+ #else
+ /* A lot of inline functions can cause havoc with function tracing */
+-#define inline inline notrace
+-#define __inline__ __inline__ notrace
+-#define __inline __inline notrace
++#define inline inline __attribute__((unused)) notrace
++#define __inline__ __inline__ __attribute__((unused)) notrace
++#define __inline __inline __attribute__((unused)) notrace
+ #endif
+
+ #define __always_inline inline __attribute__((always_inline))
--- /dev/null
+From 6653ebd48f493efe3f3598ff3fe7b3d5451665df Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Fri, 2 Jun 2017 16:30:46 -0400
+Subject: drm/amdgpu/gfx6: properly cache mc_arb_ramcfg
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit 6653ebd48f493efe3f3598ff3fe7b3d5451665df upstream.
+
+This was missing for gfx6.
+
+Acked-by: Huang Rui <ray.huang@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c
++++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c
+@@ -1688,7 +1688,8 @@ static void gfx_v6_0_gpu_init(struct amd
+ WREG32(mmBIF_FB_EN, BIF_FB_EN__FB_READ_EN_MASK | BIF_FB_EN__FB_WRITE_EN_MASK);
+
+ mc_shared_chmap = RREG32(mmMC_SHARED_CHMAP);
+- mc_arb_ramcfg = RREG32(mmMC_ARB_RAMCFG);
++ adev->gfx.config.mc_arb_ramcfg = RREG32(mmMC_ARB_RAMCFG);
++ mc_arb_ramcfg = adev->gfx.config.mc_arb_ramcfg;
+
+ adev->gfx.config.num_tile_pipes = adev->gfx.config.max_tile_pipes;
+ adev->gfx.config.mem_max_burst_length_bytes = 256;
--- /dev/null
+From 457ea3f7e97881f937136ce0ba1f29f82b9abdb0 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Thu, 22 Jun 2017 12:51:36 +0200
+Subject: efi: Process the MEMATTR table only if EFI_MEMMAP is enabled
+
+From: Daniel Kiper <daniel.kiper@oracle.com>
+
+commit 457ea3f7e97881f937136ce0ba1f29f82b9abdb0 upstream.
+
+Otherwise e.g. Xen dom0 on x86_64 EFI platforms crashes.
+
+In theory we can check EFI_PARAVIRT too, however,
+EFI_MEMMAP looks more targeted and covers more cases.
+
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: andrew.cooper3@citrix.com
+Cc: boris.ostrovsky@oracle.com
+Cc: jgross@suse.com
+Cc: linux-efi@vger.kernel.org
+Cc: matt@codeblueprint.co.uk
+Cc: xen-devel@lists.xenproject.org
+Link: http://lkml.kernel.org/r/1498128697-12943-2-git-send-email-daniel.kiper@oracle.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/firmware/efi/efi.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/firmware/efi/efi.c
++++ b/drivers/firmware/efi/efi.c
+@@ -528,7 +528,8 @@ int __init efi_config_parse_tables(void
+ }
+ }
+
+- efi_memattr_init();
++ if (efi_enabled(EFI_MEMMAP))
++ efi_memattr_init();
+
+ /* Parse the EFI Properties table if it exists */
+ if (efi.properties_table != EFI_INVALID_TABLE_ADDR) {
--- /dev/null
+From b17c070fb624cf10162cf92ea5e1ec25cd8ac176 Mon Sep 17 00:00:00 2001
+From: Sahitya Tummala <stummala@codeaurora.org>
+Date: Mon, 10 Jul 2017 15:50:00 -0700
+Subject: fs/dcache.c: fix spin lockup issue on nlru->lock
+
+From: Sahitya Tummala <stummala@codeaurora.org>
+
+commit b17c070fb624cf10162cf92ea5e1ec25cd8ac176 upstream.
+
+__list_lru_walk_one() acquires nlru spin lock (nlru->lock) for longer
+duration if there are more number of items in the lru list. As per the
+current code, it can hold the spin lock for upto maximum UINT_MAX
+entries at a time. So if there are more number of items in the lru
+list, then "BUG: spinlock lockup suspected" is observed in the below
+path:
+
+ spin_bug+0x90
+ do_raw_spin_lock+0xfc
+ _raw_spin_lock+0x28
+ list_lru_add+0x28
+ dput+0x1c8
+ path_put+0x20
+ terminate_walk+0x3c
+ path_lookupat+0x100
+ filename_lookup+0x6c
+ user_path_at_empty+0x54
+ SyS_faccessat+0xd0
+ el0_svc_naked+0x24
+
+This nlru->lock is acquired by another CPU in this path -
+
+ d_lru_shrink_move+0x34
+ dentry_lru_isolate_shrink+0x48
+ __list_lru_walk_one.isra.10+0x94
+ list_lru_walk_node+0x40
+ shrink_dcache_sb+0x60
+ do_remount_sb+0xbc
+ do_emergency_remount+0xb0
+ process_one_work+0x228
+ worker_thread+0x2e0
+ kthread+0xf4
+ ret_from_fork+0x10
+
+Fix this lockup by reducing the number of entries to be shrinked from
+the lru list to 1024 at once. Also, add cond_resched() before
+processing the lru list again.
+
+Link: http://marc.info/?t=149722864900001&r=1&w=2
+Link: http://lkml.kernel.org/r/1498707575-2472-1-git-send-email-stummala@codeaurora.org
+Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
+Suggested-by: Jan Kara <jack@suse.cz>
+Suggested-by: Vladimir Davydov <vdavydov.dev@gmail.com>
+Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
+Cc: Alexander Polakov <apolyakov@beget.ru>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/dcache.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/dcache.c
++++ b/fs/dcache.c
+@@ -1133,11 +1133,12 @@ void shrink_dcache_sb(struct super_block
+ LIST_HEAD(dispose);
+
+ freed = list_lru_walk(&sb->s_dentry_lru,
+- dentry_lru_isolate_shrink, &dispose, UINT_MAX);
++ dentry_lru_isolate_shrink, &dispose, 1024);
+
+ this_cpu_sub(nr_dentry_unused, freed);
+ shrink_dentry_list(&dispose);
+- } while (freed > 0);
++ cond_resched();
++ } while (list_lru_count(&sb->s_dentry_lru) > 0);
+ }
+ EXPORT_SYMBOL(shrink_dcache_sb);
+
--- /dev/null
+From 866d7c1b0a3c70387646c4e455e727a58c5d465a Mon Sep 17 00:00:00 2001
+From: Suzuki K Poulose <suzuki.poulose@arm.com>
+Date: Fri, 30 Jun 2017 10:58:28 +0100
+Subject: irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity
+
+From: Suzuki K Poulose <suzuki.poulose@arm.com>
+
+commit 866d7c1b0a3c70387646c4e455e727a58c5d465a upstream.
+
+The GICv3 driver doesn't check if the target CPU for gic_set_affinity
+is valid before going ahead and making the changes. This triggers the
+following splat with KASAN:
+
+[ 141.189434] BUG: KASAN: global-out-of-bounds in gic_set_affinity+0x8c/0x140
+[ 141.189704] Read of size 8 at addr ffff200009741d20 by task swapper/1/0
+[ 141.189958]
+[ 141.190158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.12.0-rc7
+[ 141.190458] Hardware name: Foundation-v8A (DT)
+[ 141.190658] Call trace:
+[ 141.190908] [<ffff200008089d70>] dump_backtrace+0x0/0x328
+[ 141.191224] [<ffff20000808a1b4>] show_stack+0x14/0x20
+[ 141.191507] [<ffff200008504c3c>] dump_stack+0xa4/0xc8
+[ 141.191858] [<ffff20000826c19c>] print_address_description+0x13c/0x250
+[ 141.192219] [<ffff20000826c5c8>] kasan_report+0x210/0x300
+[ 141.192547] [<ffff20000826ad54>] __asan_load8+0x84/0x98
+[ 141.192874] [<ffff20000854eeec>] gic_set_affinity+0x8c/0x140
+[ 141.193158] [<ffff200008148b14>] irq_do_set_affinity+0x54/0xb8
+[ 141.193473] [<ffff200008148d2c>] irq_set_affinity_locked+0x64/0xf0
+[ 141.193828] [<ffff200008148e00>] __irq_set_affinity+0x48/0x78
+[ 141.194158] [<ffff200008bc48a4>] arm_perf_starting_cpu+0x104/0x150
+[ 141.194513] [<ffff2000080d73bc>] cpuhp_invoke_callback+0x17c/0x1f8
+[ 141.194783] [<ffff2000080d94ec>] notify_cpu_starting+0x8c/0xb8
+[ 141.195130] [<ffff2000080911ec>] secondary_start_kernel+0x15c/0x200
+[ 141.195390] [<0000000080db81b4>] 0x80db81b4
+[ 141.195603]
+[ 141.195685] The buggy address belongs to the variable:
+[ 141.196012] __cpu_logical_map+0x200/0x220
+[ 141.196176]
+[ 141.196315] Memory state around the buggy address:
+[ 141.196586] ffff200009741c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+[ 141.196913] ffff200009741c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+[ 141.197158] >ffff200009741d00: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
+[ 141.197487] ^
+[ 141.197758] ffff200009741d80: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
+[ 141.198060] ffff200009741e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+[ 141.198358] ==================================================================
+[ 141.198609] Disabling lock debugging due to kernel taint
+[ 141.198961] CPU1: Booted secondary processor [410fd051]
+
+This patch adds the check to make sure the cpu is valid.
+
+Fixes: commit 021f653791ad17e03f98 ("irqchip: gic-v3: Initial support for GICv3")
+Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/irqchip/irq-gic-v3.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/irqchip/irq-gic-v3.c
++++ b/drivers/irqchip/irq-gic-v3.c
+@@ -645,6 +645,9 @@ static int gic_set_affinity(struct irq_d
+ int enabled;
+ u64 val;
+
++ if (cpu >= nr_cpu_ids)
++ return -EINVAL;
++
+ if (gic_irq_in_rdist(d))
+ return -EINVAL;
+
--- /dev/null
+From c0d80ddab89916273cb97114889d3f337bc370ae Mon Sep 17 00:00:00 2001
+From: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
+Date: Thu, 6 Jul 2017 15:35:31 -0700
+Subject: kernel/extable.c: mark core_kernel_text notrace
+
+From: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
+
+commit c0d80ddab89916273cb97114889d3f337bc370ae upstream.
+
+core_kernel_text is used by MIPS in its function graph trace processing,
+so having this method traced leads to an infinite set of recursive calls
+such as:
+
+ Call Trace:
+ ftrace_return_to_handler+0x50/0x128
+ core_kernel_text+0x10/0x1b8
+ prepare_ftrace_return+0x6c/0x114
+ ftrace_graph_caller+0x20/0x44
+ return_to_handler+0x10/0x30
+ return_to_handler+0x0/0x30
+ return_to_handler+0x0/0x30
+ ftrace_ops_no_ops+0x114/0x1bc
+ core_kernel_text+0x10/0x1b8
+ core_kernel_text+0x10/0x1b8
+ core_kernel_text+0x10/0x1b8
+ ftrace_ops_no_ops+0x114/0x1bc
+ core_kernel_text+0x10/0x1b8
+ prepare_ftrace_return+0x6c/0x114
+ ftrace_graph_caller+0x20/0x44
+ (...)
+
+Mark the function notrace to avoid it being traced.
+
+Link: http://lkml.kernel.org/r/1498028607-6765-1-git-send-email-marcin.nowakowski@imgtec.com
+Signed-off-by: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
+Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Meyer <thomas@m3y3r.de>
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/extable.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/kernel/extable.c
++++ b/kernel/extable.c
+@@ -69,7 +69,7 @@ static inline int init_kernel_text(unsig
+ return 0;
+ }
+
+-int core_kernel_text(unsigned long addr)
++int notrace core_kernel_text(unsigned long addr)
+ {
+ if (addr >= (unsigned long)_stext &&
+ addr < (unsigned long)_etext)
--- /dev/null
+From 02d50cdaff36c135d222015cffdca3ff11d168ea Mon Sep 17 00:00:00 2001
+From: Hu Huajun <huhuajun@huawei.com>
+Date: Mon, 12 Jun 2017 22:37:48 +0800
+Subject: KVM: ARM64: fix phy counter access failure in guest.
+
+From: Hu Huajun <huhuajun@huawei.com>
+
+commit 02d50cdaff36c135d222015cffdca3ff11d168ea upstream.
+
+When reading the cntpct_el0 in guest with VHE (Virtual Host Extension)
+enabled in host, the "Unsupported guest sys_reg access" error reported.
+The reason is cnthctl_el2.EL1PCTEN is not enabled, which is expected
+to be done in kvm_timer_init_vhe(). The problem is kvm_timer_init_vhe
+is called by cpu_init_hyp_mode, and which is called when VHE is disabled.
+This patch remove the incorrect call to kvm_timer_init_vhe() from
+cpu_init_hyp_mode(), and calls kvm_timer_init_vhe() to enable
+cnthctl_el2.EL1PCTEN in cpu_hyp_reinit().
+
+Fixes: 488f94d7212b ("KVM: arm64: Access CNTHCTL_EL2 bit fields correctly on VHE systems")
+Signed-off-by: Hu Huajun <huhuajun@huawei.com>
+Reviewed-by: Christoffer Dall <cdall@linaro.org>
+Acked-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Christoffer Dall <cdall@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/arm/arm.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/virt/kvm/arm/arm.c
++++ b/virt/kvm/arm/arm.c
+@@ -1115,9 +1115,6 @@ static void cpu_init_hyp_mode(void *dumm
+ __cpu_init_hyp_mode(pgd_ptr, hyp_stack_ptr, vector_ptr);
+ __cpu_init_stage2();
+
+- if (is_kernel_in_hyp_mode())
+- kvm_timer_init_vhe();
+-
+ kvm_arm_init_debug();
+ }
+
+@@ -1137,6 +1134,7 @@ static void cpu_hyp_reinit(void)
+ * event was cancelled before the CPU was reset.
+ */
+ __cpu_init_stage2();
++ kvm_timer_init_vhe();
+ } else {
+ cpu_init_hyp_mode(NULL);
+ }
--- /dev/null
+From b49defe83659cefbb1763d541e779da32594ab10 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 30 Jun 2017 13:25:45 +0200
+Subject: kvm: avoid unused variable warning for UP builds
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit b49defe83659cefbb1763d541e779da32594ab10 upstream.
+
+The uniprocessor version of smp_call_function_many does not evaluate
+all of its argument, and the compiler emits a warning about "wait"
+being unused. This breaks the build on architectures for which
+"-Werror" is enabled by default.
+
+Work around it by moving the invocation of smp_call_function_many to
+its own inline function.
+
+Reported-by: Paul Mackerras <paulus@ozlabs.org>
+Fixes: 7a97cec26b94c909f4cbad2dc3186af3e457a522
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/kvm_main.c | 24 +++++++++++++++---------
+ 1 file changed, 15 insertions(+), 9 deletions(-)
+
+--- a/virt/kvm/kvm_main.c
++++ b/virt/kvm/kvm_main.c
+@@ -187,12 +187,23 @@ static void ack_flush(void *_completed)
+ {
+ }
+
++static inline bool kvm_kick_many_cpus(const struct cpumask *cpus, bool wait)
++{
++ if (unlikely(!cpus))
++ cpus = cpu_online_mask;
++
++ if (cpumask_empty(cpus))
++ return false;
++
++ smp_call_function_many(cpus, ack_flush, NULL, wait);
++ return true;
++}
++
+ bool kvm_make_all_cpus_request(struct kvm *kvm, unsigned int req)
+ {
+ int i, cpu, me;
+ cpumask_var_t cpus;
+- bool called = true;
+- bool wait = req & KVM_REQUEST_WAIT;
++ bool called;
+ struct kvm_vcpu *vcpu;
+
+ zalloc_cpumask_var(&cpus, GFP_ATOMIC);
+@@ -207,14 +218,9 @@ bool kvm_make_all_cpus_request(struct kv
+
+ if (cpus != NULL && cpu != -1 && cpu != me &&
+ kvm_request_needs_ipi(vcpu, req))
+- cpumask_set_cpu(cpu, cpus);
++ __cpumask_set_cpu(cpu, cpus);
+ }
+- if (unlikely(cpus == NULL))
+- smp_call_function_many(cpu_online_mask, ack_flush, NULL, wait);
+- else if (!cpumask_empty(cpus))
+- smp_call_function_many(cpus, ack_flush, NULL, wait);
+- else
+- called = false;
++ called = kvm_kick_many_cpus(cpus, !!(req & KVM_REQUEST_WAIT));
+ put_cpu();
+ free_cpumask_var(cpus);
+ return called;
--- /dev/null
+From 00c14757f6abacd78cad9b2690a0e1f42e4b76c8 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Fri, 30 Jun 2017 16:39:55 +1000
+Subject: KVM: PPC: Book3S: Fix typo in XICS-on-XIVE state saving code
+
+From: Paul Mackerras <paulus@ozlabs.org>
+
+commit 00c14757f6abacd78cad9b2690a0e1f42e4b76c8 upstream.
+
+This fixes a typo where the wrong loop index was used to index
+the kvmppc_xive_vcpu.queues[] array in xive_pre_save_scan().
+The variable i contains the vcpu number; we need to index queues[]
+using j, which iterates from 0 to KVMPPC_XIVE_Q_COUNT-1.
+
+The effect of this bug is that things that save the interrupt
+controller state, such as "virsh dump", on a VM with more than
+8 vCPUs, result in xive_pre_save_queue() getting called on a
+bogus queue structure, usually resulting in a crash like this:
+
+[ 501.821107] Unable to handle kernel paging request for data at address 0x00000084
+[ 501.821212] Faulting instruction address: 0xc008000004c7c6f8
+[ 501.821234] Oops: Kernel access of bad area, sig: 11 [#1]
+[ 501.821305] SMP NR_CPUS=1024
+[ 501.821307] NUMA
+[ 501.821376] PowerNV
+[ 501.821470] Modules linked in: vhost_net vhost tap xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables ses enclosure scsi_transport_sas ipmi_powernv ipmi_devintf ipmi_msghandler powernv_op_panel kvm_hv nfsd auth_rpcgss oid_registry nfs_acl lockd grace sunrpc kvm tg3 ptp pps_core
+[ 501.822477] CPU: 3 PID: 3934 Comm: live_migration Not tainted 4.11.0-4.git8caa70f.el7.centos.ppc64le #1
+[ 501.822633] task: c0000003f9e3ae80 task.stack: c0000003f9ed4000
+[ 501.822745] NIP: c008000004c7c6f8 LR: c008000004c7c628 CTR: 0000000030058018
+[ 501.822877] REGS: c0000003f9ed7980 TRAP: 0300 Not tainted (4.11.0-4.git8caa70f.el7.centos.ppc64le)
+[ 501.823030] MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE>
+[ 501.823047] CR: 28022244 XER: 00000000
+[ 501.823203] CFAR: c008000004c7c77c DAR: 0000000000000084 DSISR: 40000000 SOFTE: 1
+[ 501.823203] GPR00: c008000004c7c628 c0000003f9ed7c00 c008000004c91450 00000000000000ff
+[ 501.823203] GPR04: c0000003f5580000 c0000003f559bf98 9000000000009033 0000000000000000
+[ 501.823203] GPR08: 0000000000000084 0000000000000000 00000000000001e0 9000000000001003
+[ 501.823203] GPR12: c00000000008a7d0 c00000000fdc1b00 000000000a9a0000 0000000000000000
+[ 501.823203] GPR16: 00000000402954e8 000000000a9a0000 0000000000000004 0000000000000000
+[ 501.823203] GPR20: 0000000000000008 c000000002e8f180 c000000002e8f1e0 0000000000000001
+[ 501.823203] GPR24: 0000000000000008 c0000003f5580008 c0000003f4564018 c000000002e8f1e8
+[ 501.823203] GPR28: 00003ff6e58bdc28 c0000003f4564000 0000000000000000 0000000000000000
+[ 501.825441] NIP [c008000004c7c6f8] xive_get_attr+0x3b8/0x5b0 [kvm]
+[ 501.825671] LR [c008000004c7c628] xive_get_attr+0x2e8/0x5b0 [kvm]
+[ 501.825887] Call Trace:
+[ 501.825991] [c0000003f9ed7c00] [c008000004c7c628] xive_get_attr+0x2e8/0x5b0 [kvm] (unreliable)
+[ 501.826312] [c0000003f9ed7cd0] [c008000004c62ec4] kvm_device_ioctl_attr+0x64/0xa0 [kvm]
+[ 501.826581] [c0000003f9ed7d20] [c008000004c62fcc] kvm_device_ioctl+0xcc/0xf0 [kvm]
+[ 501.826843] [c0000003f9ed7d40] [c000000000350c70] do_vfs_ioctl+0xd0/0x8c0
+[ 501.827060] [c0000003f9ed7de0] [c000000000351534] SyS_ioctl+0xd4/0xf0
+[ 501.827282] [c0000003f9ed7e30] [c00000000000b8e0] system_call+0x38/0xfc
+[ 501.827496] Instruction dump:
+[ 501.827632] 419e0078 3b760008 e9160008 83fb000c 83db0010 80fb0008 2f280000 60000000
+[ 501.827901] 60000000 60420000 419a0050 7be91764 <7d284c2c> 552a0ffe 7f8af040 419e003c
+[ 501.828176] ---[ end trace 2d0529a5bbbbafed ]---
+
+Fixes: 5af50993850a ("KVM: PPC: Book3S HV: Native usage of the XIVE interrupt controller")
+Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kvm/book3s_xive.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/powerpc/kvm/book3s_xive.c
++++ b/arch/powerpc/kvm/book3s_xive.c
+@@ -1257,8 +1257,8 @@ static void xive_pre_save_scan(struct kv
+ if (!xc)
+ continue;
+ for (j = 0; j < KVMPPC_XIVE_Q_COUNT; j++) {
+- if (xc->queues[i].qpage)
+- xive_pre_save_queue(xive, &xc->queues[i]);
++ if (xc->queues[j].qpage)
++ xive_pre_save_queue(xive, &xc->queues[j]);
+ }
+ }
+
--- /dev/null
+From e323369b2e204da4dc771bbddceef986f4bf85d5 Mon Sep 17 00:00:00 2001
+From: Alex Williamson <alex.williamson@redhat.com>
+Date: Wed, 28 Jun 2017 13:49:52 -0600
+Subject: kvm-vfio: Decouple only when we match a group
+
+From: Alex Williamson <alex.williamson@redhat.com>
+
+commit e323369b2e204da4dc771bbddceef986f4bf85d5 upstream.
+
+Unset-KVM and decrement-assignment only when we find the group in our
+list. Otherwise we can get out of sync if the user triggers this for
+groups that aren't currently on our list.
+
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
+Reviewed-by: Eric Auger <eric.auger@redhat.com>
+Tested-by: Eric Auger <eric.auger@redhat.com>
+Acked-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ virt/kvm/vfio.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+--- a/virt/kvm/vfio.c
++++ b/virt/kvm/vfio.c
+@@ -246,21 +246,20 @@ static int kvm_vfio_set_group(struct kvm
+ continue;
+
+ list_del(&kvg->node);
++ kvm_arch_end_assignment(dev->kvm);
++#ifdef CONFIG_SPAPR_TCE_IOMMU
++ kvm_spapr_tce_release_vfio_group(dev->kvm,
++ kvg->vfio_group);
++#endif
++ kvm_vfio_group_set_kvm(kvg->vfio_group, NULL);
+ kvm_vfio_group_put_external_user(kvg->vfio_group);
+ kfree(kvg);
+ ret = 0;
+ break;
+ }
+
+- kvm_arch_end_assignment(dev->kvm);
+-
+ mutex_unlock(&kv->lock);
+
+-#ifdef CONFIG_SPAPR_TCE_IOMMU
+- kvm_spapr_tce_release_vfio_group(dev->kvm, vfio_group);
+-#endif
+- kvm_vfio_group_set_kvm(vfio_group, NULL);
+-
+ kvm_vfio_group_put_external_user(vfio_group);
+
+ kvm_vfio_update_coherency(dev);
--- /dev/null
+From 2c80cd57c74339889a8752b20862a16c28929c3a Mon Sep 17 00:00:00 2001
+From: Sahitya Tummala <stummala@codeaurora.org>
+Date: Mon, 10 Jul 2017 15:49:57 -0700
+Subject: mm/list_lru.c: fix list_lru_count_node() to be race free
+
+From: Sahitya Tummala <stummala@codeaurora.org>
+
+commit 2c80cd57c74339889a8752b20862a16c28929c3a upstream.
+
+list_lru_count_node() iterates over all memcgs to get the total number of
+entries on the node but it can race with memcg_drain_all_list_lrus(),
+which migrates the entries from a dead cgroup to another. This can return
+incorrect number of entries from list_lru_count_node().
+
+Fix this by keeping track of entries per node and simply return it in
+list_lru_count_node().
+
+Link: http://lkml.kernel.org/r/1498707555-30525-1-git-send-email-stummala@codeaurora.org
+Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
+Acked-by: Vladimir Davydov <vdavydov.dev@gmail.com>
+Cc: Jan Kara <jack@suse.cz>
+Cc: Alexander Polakov <apolyakov@beget.ru>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/list_lru.h | 1 +
+ mm/list_lru.c | 14 ++++++--------
+ 2 files changed, 7 insertions(+), 8 deletions(-)
+
+--- a/include/linux/list_lru.h
++++ b/include/linux/list_lru.h
+@@ -44,6 +44,7 @@ struct list_lru_node {
+ /* for cgroup aware lrus points to per cgroup lists, otherwise NULL */
+ struct list_lru_memcg *memcg_lrus;
+ #endif
++ long nr_items;
+ } ____cacheline_aligned_in_smp;
+
+ struct list_lru {
+--- a/mm/list_lru.c
++++ b/mm/list_lru.c
+@@ -117,6 +117,7 @@ bool list_lru_add(struct list_lru *lru,
+ l = list_lru_from_kmem(nlru, item);
+ list_add_tail(item, &l->list);
+ l->nr_items++;
++ nlru->nr_items++;
+ spin_unlock(&nlru->lock);
+ return true;
+ }
+@@ -136,6 +137,7 @@ bool list_lru_del(struct list_lru *lru,
+ l = list_lru_from_kmem(nlru, item);
+ list_del_init(item);
+ l->nr_items--;
++ nlru->nr_items--;
+ spin_unlock(&nlru->lock);
+ return true;
+ }
+@@ -183,15 +185,10 @@ EXPORT_SYMBOL_GPL(list_lru_count_one);
+
+ unsigned long list_lru_count_node(struct list_lru *lru, int nid)
+ {
+- long count = 0;
+- int memcg_idx;
++ struct list_lru_node *nlru;
+
+- count += __list_lru_count_one(lru, nid, -1);
+- if (list_lru_memcg_aware(lru)) {
+- for_each_memcg_cache_index(memcg_idx)
+- count += __list_lru_count_one(lru, nid, memcg_idx);
+- }
+- return count;
++ nlru = &lru->node[nid];
++ return nlru->nr_items;
+ }
+ EXPORT_SYMBOL_GPL(list_lru_count_node);
+
+@@ -226,6 +223,7 @@ restart:
+ assert_spin_locked(&nlru->lock);
+ case LRU_REMOVED:
+ isolated++;
++ nlru->nr_items--;
+ /*
+ * If the lru lock has been dropped, our list
+ * traversal is now invalid and so we have to
--- /dev/null
+From 33f9e02495d15a061f0c94ef46f5103a2d0c20f3 Mon Sep 17 00:00:00 2001
+From: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Date: Mon, 3 Jul 2017 10:38:05 +0200
+Subject: parisc: DMA API: return error instead of BUG_ON for dma ops on non dma devs
+
+From: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+
+commit 33f9e02495d15a061f0c94ef46f5103a2d0c20f3 upstream.
+
+Enabling parport pc driver on a B2600 (and probably other 64bit PARISC
+systems) produced following BUG:
+
+CPU: 0 PID: 1 Comm: swapper Not tainted 4.12.0-rc5-30198-g1132d5e #156
+task: 000000009e050000 task.stack: 000000009e04c000
+
+ YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
+PSW: 00001000000001101111111100001111 Not tainted
+r00-03 000000ff0806ff0f 000000009e04c990 0000000040871b78 000000009e04cac0
+r04-07 0000000040c14de0 ffffffffffffffff 000000009e07f098 000000009d82d200
+r08-11 000000009d82d210 0000000000000378 0000000000000000 0000000040c345e0
+r12-15 0000000000000005 0000000040c345e0 0000000000000000 0000000040c9d5e0
+r16-19 0000000040c345e0 00000000f00001c4 00000000f00001bc 0000000000000061
+r20-23 000000009e04ce28 0000000000000010 0000000000000010 0000000040b89e40
+r24-27 0000000000000003 0000000000ffffff 000000009d82d210 0000000040c14de0
+r28-31 0000000000000000 000000009e04ca90 000000009e04cb40 0000000000000000
+sr00-03 0000000000000000 0000000000000000 0000000000000000 0000000000000000
+sr04-07 0000000000000000 0000000000000000 0000000000000000 0000000000000000
+
+IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000404aece0 00000000404aece4
+ IIR: 03ffe01f ISR: 0000000010340000 IOR: 000001781304cac8
+ CPU: 0 CR30: 000000009e04c000 CR31: 00000000e2976de2
+ ORIG_R28: 0000000000000200
+ IAOQ[0]: sba_dma_supported+0x80/0xd0
+ IAOQ[1]: sba_dma_supported+0x84/0xd0
+ RP(r2): parport_pc_probe_port+0x178/0x1200
+
+Cause is a call to dma_coerce_mask_and_coherenet in parport_pc_probe_port,
+which PARISC DMA API doesn't handle very nicely. This commit gives back
+DMA_ERROR_CODE for DMA API calls, if device isn't capable of DMA
+transaction.
+
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/include/asm/dma-mapping.h | 11 +++++++----
+ drivers/parisc/ccio-dma.c | 12 ++++++++++++
+ drivers/parisc/dino.c | 5 ++++-
+ drivers/parisc/lba_pci.c | 6 ++++--
+ drivers/parisc/sba_iommu.c | 14 ++++++++++++++
+ 5 files changed, 41 insertions(+), 7 deletions(-)
+
+--- a/arch/parisc/include/asm/dma-mapping.h
++++ b/arch/parisc/include/asm/dma-mapping.h
+@@ -20,6 +20,8 @@
+ ** flush/purge and allocate "regular" cacheable pages for everything.
+ */
+
++#define DMA_ERROR_CODE (~(dma_addr_t)0)
++
+ #ifdef CONFIG_PA11
+ extern const struct dma_map_ops pcxl_dma_ops;
+ extern const struct dma_map_ops pcx_dma_ops;
+@@ -54,12 +56,13 @@ parisc_walk_tree(struct device *dev)
+ break;
+ }
+ }
+- BUG_ON(!dev->platform_data);
+ return dev->platform_data;
+ }
+-
+-#define GET_IOC(dev) (HBA_DATA(parisc_walk_tree(dev))->iommu)
+-
++
++#define GET_IOC(dev) ({ \
++ void *__pdata = parisc_walk_tree(dev); \
++ __pdata ? HBA_DATA(__pdata)->iommu : NULL; \
++})
+
+ #ifdef CONFIG_IOMMU_CCIO
+ struct parisc_device;
+--- a/drivers/parisc/ccio-dma.c
++++ b/drivers/parisc/ccio-dma.c
+@@ -741,6 +741,8 @@ ccio_map_single(struct device *dev, void
+
+ BUG_ON(!dev);
+ ioc = GET_IOC(dev);
++ if (!ioc)
++ return DMA_ERROR_CODE;
+
+ BUG_ON(size <= 0);
+
+@@ -814,6 +816,10 @@ ccio_unmap_page(struct device *dev, dma_
+
+ BUG_ON(!dev);
+ ioc = GET_IOC(dev);
++ if (!ioc) {
++ WARN_ON(!ioc);
++ return;
++ }
+
+ DBG_RUN("%s() iovp 0x%lx/%x\n",
+ __func__, (long)iova, size);
+@@ -918,6 +924,8 @@ ccio_map_sg(struct device *dev, struct s
+
+ BUG_ON(!dev);
+ ioc = GET_IOC(dev);
++ if (!ioc)
++ return 0;
+
+ DBG_RUN_SG("%s() START %d entries\n", __func__, nents);
+
+@@ -990,6 +998,10 @@ ccio_unmap_sg(struct device *dev, struct
+
+ BUG_ON(!dev);
+ ioc = GET_IOC(dev);
++ if (!ioc) {
++ WARN_ON(!ioc);
++ return;
++ }
+
+ DBG_RUN_SG("%s() START %d entries, %p,%x\n",
+ __func__, nents, sg_virt(sglist), sglist->length);
+--- a/drivers/parisc/dino.c
++++ b/drivers/parisc/dino.c
+@@ -154,7 +154,10 @@ struct dino_device
+ };
+
+ /* Looks nice and keeps the compiler happy */
+-#define DINO_DEV(d) ((struct dino_device *) d)
++#define DINO_DEV(d) ({ \
++ void *__pdata = d; \
++ BUG_ON(!__pdata); \
++ (struct dino_device *)__pdata; })
+
+
+ /*
+--- a/drivers/parisc/lba_pci.c
++++ b/drivers/parisc/lba_pci.c
+@@ -111,8 +111,10 @@ static u32 lba_t32;
+
+
+ /* Looks nice and keeps the compiler happy */
+-#define LBA_DEV(d) ((struct lba_device *) (d))
+-
++#define LBA_DEV(d) ({ \
++ void *__pdata = d; \
++ BUG_ON(!__pdata); \
++ (struct lba_device *)__pdata; })
+
+ /*
+ ** Only allow 8 subsidiary busses per LBA
+--- a/drivers/parisc/sba_iommu.c
++++ b/drivers/parisc/sba_iommu.c
+@@ -691,6 +691,8 @@ static int sba_dma_supported( struct dev
+ return 0;
+
+ ioc = GET_IOC(dev);
++ if (!ioc)
++ return 0;
+
+ /*
+ * check if mask is >= than the current max IO Virt Address
+@@ -722,6 +724,8 @@ sba_map_single(struct device *dev, void
+ int pide;
+
+ ioc = GET_IOC(dev);
++ if (!ioc)
++ return DMA_ERROR_CODE;
+
+ /* save offset bits */
+ offset = ((dma_addr_t) (long) addr) & ~IOVP_MASK;
+@@ -813,6 +817,10 @@ sba_unmap_page(struct device *dev, dma_a
+ DBG_RUN("%s() iovp 0x%lx/%x\n", __func__, (long) iova, size);
+
+ ioc = GET_IOC(dev);
++ if (!ioc) {
++ WARN_ON(!ioc);
++ return;
++ }
+ offset = iova & ~IOVP_MASK;
+ iova ^= offset; /* clear offset bits */
+ size += offset;
+@@ -952,6 +960,8 @@ sba_map_sg(struct device *dev, struct sc
+ DBG_RUN_SG("%s() START %d entries\n", __func__, nents);
+
+ ioc = GET_IOC(dev);
++ if (!ioc)
++ return 0;
+
+ /* Fast path single entry scatterlists. */
+ if (nents == 1) {
+@@ -1037,6 +1047,10 @@ sba_unmap_sg(struct device *dev, struct
+ __func__, nents, sg_virt(sglist), sglist->length);
+
+ ioc = GET_IOC(dev);
++ if (!ioc) {
++ WARN_ON(!ioc);
++ return;
++ }
+
+ #ifdef SBA_COLLECT_STATS
+ ioc->usg_calls++;
--- /dev/null
+From 649aa24254e85bf6bd7807dd372d083707852b1f Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Mon, 29 May 2017 17:14:16 +0200
+Subject: parisc/mm: Ensure IRQs are off in switch_mm()
+
+From: Helge Deller <deller@gmx.de>
+
+commit 649aa24254e85bf6bd7807dd372d083707852b1f upstream.
+
+This is because of commit f98db6013c55 ("sched/core: Add switch_mm_irqs_off()
+and use it in the scheduler") in which switch_mm_irqs_off() is called by the
+scheduler, vs switch_mm() which is used by use_mm().
+
+This patch lets the parisc code mirror the x86 and powerpc code, ie. it
+disables interrupts in switch_mm(), and optimises the scheduler case by
+defining switch_mm_irqs_off().
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/include/asm/mmu_context.h | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+--- a/arch/parisc/include/asm/mmu_context.h
++++ b/arch/parisc/include/asm/mmu_context.h
+@@ -49,15 +49,26 @@ static inline void load_context(mm_conte
+ mtctl(__space_to_prot(context), 8);
+ }
+
+-static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, struct task_struct *tsk)
++static inline void switch_mm_irqs_off(struct mm_struct *prev,
++ struct mm_struct *next, struct task_struct *tsk)
+ {
+-
+ if (prev != next) {
+ mtctl(__pa(next->pgd), 25);
+ load_context(next->context);
+ }
+ }
+
++static inline void switch_mm(struct mm_struct *prev,
++ struct mm_struct *next, struct task_struct *tsk)
++{
++ unsigned long flags;
++
++ local_irq_save(flags);
++ switch_mm_irqs_off(prev, next, tsk);
++ local_irq_restore(flags);
++}
++#define switch_mm_irqs_off switch_mm_irqs_off
++
+ #define deactivate_mm(tsk,mm) do { } while (0)
+
+ static inline void activate_mm(struct mm_struct *prev, struct mm_struct *next)
--- /dev/null
+From 247462316f85a9e0479445c1a4223950b68ffac1 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Sun, 2 Jul 2017 22:00:41 +0200
+Subject: parisc: Report SIGSEGV instead of SIGBUS when running out of stack
+
+From: Helge Deller <deller@gmx.de>
+
+commit 247462316f85a9e0479445c1a4223950b68ffac1 upstream.
+
+When a process runs out of stack the parisc kernel wrongly faults with SIGBUS
+instead of the expected SIGSEGV signal.
+
+This example shows how the kernel faults:
+do_page_fault() command='a.out' type=15 address=0xfaac2000 in libc-2.24.so[f8308000+16c000]
+trap #15: Data TLB miss fault, vm_start = 0xfa2c2000, vm_end = 0xfaac2000
+
+The vma->vm_end value is the first address which does not belong to the vma, so
+adjust the check to include vma->vm_end to the range for which to send the
+SIGSEGV signal.
+
+This patch unbreaks building the debian libsigsegv package.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/mm/fault.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/parisc/mm/fault.c
++++ b/arch/parisc/mm/fault.c
+@@ -367,7 +367,7 @@ bad_area:
+ case 15: /* Data TLB miss fault/Data page fault */
+ /* send SIGSEGV when outside of vma */
+ if (!vma ||
+- address < vma->vm_start || address > vma->vm_end) {
++ address < vma->vm_start || address >= vma->vm_end) {
+ si.si_signo = SIGSEGV;
+ si.si_code = SEGV_MAPERR;
+ break;
--- /dev/null
+From b0f94efd5aa8daa8a07d7601714c2573266cd4c9 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Mon, 12 Jun 2017 23:18:30 -0700
+Subject: parisc: use compat_sys_keyctl()
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit b0f94efd5aa8daa8a07d7601714c2573266cd4c9 upstream.
+
+Architectures with a compat syscall table must put compat_sys_keyctl()
+in it, not sys_keyctl(). The parisc architecture was not doing this;
+fix it.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Acked-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/parisc/kernel/syscall_table.S | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/parisc/kernel/syscall_table.S
++++ b/arch/parisc/kernel/syscall_table.S
+@@ -361,7 +361,7 @@
+ ENTRY_SAME(ni_syscall) /* 263: reserved for vserver */
+ ENTRY_SAME(add_key)
+ ENTRY_SAME(request_key) /* 265 */
+- ENTRY_SAME(keyctl)
++ ENTRY_COMP(keyctl)
+ ENTRY_SAME(ioprio_set)
+ ENTRY_SAME(ioprio_get)
+ ENTRY_SAME(inotify_init)
sparc64-fix-gup_huge_pmd.patch
brcmfmac-fix-a-memory-leak-in-error-handling-path-in-brcmf_cfg80211_attach.patch
brcmfmac-fix-glom_skb-leak-in-brcmf_sdiod_recv_chain.patch
+x86-xen-efi-initialize-only-the-efi-struct-members-used-by-xen.patch
+efi-process-the-memattr-table-only-if-efi_memmap-is-enabled.patch
+cfg80211-define-nla_policy-for-nl80211_attr_local_mesh_power_mode.patch
+cfg80211-validate-frequencies-nested-in-nl80211_attr_scan_frequencies.patch
+cfg80211-check-if-pmkid-attribute-is-of-expected-size.patch
+cfg80211-check-if-nan-service-id-is-of-expected-size.patch
+drm-amdgpu-gfx6-properly-cache-mc_arb_ramcfg.patch
+kvm-arm64-fix-phy-counter-access-failure-in-guest.patch
+kvm-ppc-book3s-fix-typo-in-xics-on-xive-state-saving-code.patch
+kvm-vfio-decouple-only-when-we-match-a-group.patch
+kvm-avoid-unused-variable-warning-for-up-builds.patch
+irqchip-gic-v3-fix-out-of-bound-access-in-gic_set_affinity.patch
+parisc-report-sigsegv-instead-of-sigbus-when-running-out-of-stack.patch
+parisc-use-compat_sys_keyctl.patch
+parisc-dma-api-return-error-instead-of-bug_on-for-dma-ops-on-non-dma-devs.patch
+parisc-mm-ensure-irqs-are-off-in-switch_mm.patch
+tools-lib-lockdep-reduce-max_lock_depth-to-avoid-overflowing-lock_chain-depth.patch
+compiler-clang-always-inline-when-config_optimize_inlining-is-disabled.patch
+thp-mm-fix-crash-due-race-in-madv_free-handling.patch
+kernel-extable.c-mark-core_kernel_text-notrace.patch
+mm-list_lru.c-fix-list_lru_count_node-to-be-race-free.patch
+fs-dcache.c-fix-spin-lockup-issue-on-nlru-lock.patch
--- /dev/null
+From bbf29ffc7f963bb894f84f0580c70cfea01c3892 Mon Sep 17 00:00:00 2001
+From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
+Date: Thu, 6 Jul 2017 15:35:28 -0700
+Subject: thp, mm: fix crash due race in MADV_FREE handling
+
+From: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+
+commit bbf29ffc7f963bb894f84f0580c70cfea01c3892 upstream.
+
+Reinette reported the following crash:
+
+ BUG: Bad page state in process log2exe pfn:57600
+ page:ffffea00015d8000 count:0 mapcount:0 mapping: (null) index:0x20200
+ flags: 0x4000000000040019(locked|uptodate|dirty|swapbacked)
+ raw: 4000000000040019 0000000000000000 0000000000020200 00000000ffffffff
+ raw: ffffea00015d8020 ffffea00015d8020 0000000000000000 0000000000000000
+ page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
+ bad because of flags: 0x1(locked)
+ Modules linked in: rfcomm 8021q bnep intel_rapl x86_pkg_temp_thermal coretemp efivars btusb btrtl btbcm pwm_lpss_pci snd_hda_codec_hdmi btintel pwm_lpss snd_hda_codec_realtek snd_soc_skl snd_hda_codec_generic snd_soc_skl_ipc spi_pxa2xx_platform snd_soc_sst_ipc snd_soc_sst_dsp i2c_designware_platform i2c_designware_core snd_hda_ext_core snd_soc_sst_match snd_hda_intel snd_hda_codec mei_me snd_hda_core mei snd_soc_rt286 snd_soc_rl6347a snd_soc_core efivarfs
+ CPU: 1 PID: 354 Comm: log2exe Not tainted 4.12.0-rc7-test-test #19
+ Hardware name: Intel corporation NUC6CAYS/NUC6CAYB, BIOS AYAPLCEL.86A.0027.2016.1108.1529 11/08/2016
+ Call Trace:
+ bad_page+0x16a/0x1f0
+ free_pages_check_bad+0x117/0x190
+ free_hot_cold_page+0x7b1/0xad0
+ __put_page+0x70/0xa0
+ madvise_free_huge_pmd+0x627/0x7b0
+ madvise_free_pte_range+0x6f8/0x1150
+ __walk_page_range+0x6b5/0xe30
+ walk_page_range+0x13b/0x310
+ madvise_free_page_range.isra.16+0xad/0xd0
+ madvise_free_single_vma+0x2e4/0x470
+ SyS_madvise+0x8ce/0x1450
+
+If somebody frees the page under us and we hold the last reference to
+it, put_page() would attempt to free the page before unlocking it.
+
+The fix is trivial reorder of operations.
+
+Dave said:
+ "I came up with the exact same patch. For posterity, here's the test
+ case, generated by syzkaller and trimmed down by Reinette:
+
+ https://www.sr71.net/~dave/intel/log2.c
+
+ And the config that helps detect this:
+
+ https://www.sr71.net/~dave/intel/config-log2"
+
+Fixes: b8d3c4c3009d ("mm/huge_memory.c: don't split THP page when MADV_FREE syscall is called")
+Link: http://lkml.kernel.org/r/20170628101249.17879-1-kirill.shutemov@linux.intel.com
+Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Reported-by: Reinette Chatre <reinette.chatre@intel.com>
+Acked-by: Dave Hansen <dave.hansen@intel.com>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Acked-by: Minchan Kim <minchan@kernel.org>
+Cc: Huang Ying <ying.huang@intel.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/huge_memory.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/huge_memory.c
++++ b/mm/huge_memory.c
+@@ -1575,8 +1575,8 @@ bool madvise_free_huge_pmd(struct mmu_ga
+ get_page(page);
+ spin_unlock(ptl);
+ split_huge_page(page);
+- put_page(page);
+ unlock_page(page);
++ put_page(page);
+ goto out_unlocked;
+ }
+
--- /dev/null
+From 98dcea0cfd04e083ac74137ceb9a632604740e2d Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Thu, 25 May 2017 12:58:33 +0000
+Subject: tools/lib/lockdep: Reduce MAX_LOCK_DEPTH to avoid overflowing lock_chain/: Depth
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+commit 98dcea0cfd04e083ac74137ceb9a632604740e2d upstream.
+
+liblockdep has been broken since commit 75dd602a5198 ("lockdep: Fix
+lock_chain::base size"), as that adds a check that MAX_LOCK_DEPTH is
+within the range of lock_chain::depth and in liblockdep it is much
+too large.
+
+That should have resulted in a compiler error, but didn't because:
+
+- the check uses ARRAY_SIZE(), which isn't yet defined in liblockdep
+ so is assumed to be an (undeclared) function
+- putting a function call inside a BUILD_BUG_ON() expression quietly
+ turns it into some nonsense involving a variable-length array
+
+It did produce a compiler warning, but I didn't notice because
+liblockdep already produces too many warnings if -Wall is enabled
+(which I'll fix shortly).
+
+Even before that commit, which reduced lock_chain::depth from 8 bits
+to 6, MAX_LOCK_DEPTH was too large.
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: a.p.zijlstra@chello.nl
+Link: http://lkml.kernel.org/r/20170525130005.5947-3-alexander.levin@verizon.com
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/lib/lockdep/uinclude/linux/lockdep.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tools/lib/lockdep/uinclude/linux/lockdep.h
++++ b/tools/lib/lockdep/uinclude/linux/lockdep.h
+@@ -8,7 +8,7 @@
+ #include <linux/utsname.h>
+ #include <linux/compiler.h>
+
+-#define MAX_LOCK_DEPTH 2000UL
++#define MAX_LOCK_DEPTH 63UL
+
+ #define asmlinkage
+ #define __visible
--- /dev/null
+From 6c64447ec58b0bac612732303f7ab04562124587 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Thu, 22 Jun 2017 12:51:37 +0200
+Subject: x86/xen/efi: Initialize only the EFI struct members used by Xen
+
+From: Daniel Kiper <daniel.kiper@oracle.com>
+
+commit 6c64447ec58b0bac612732303f7ab04562124587 upstream.
+
+The current approach, which is the wholesale efi struct initialization from
+a 'efi_xen' local template is not robust. Usually if new member is defined
+then it is properly initialized in drivers/firmware/efi/efi.c, but not in
+arch/x86/xen/efi.c.
+
+The effect is that the Xen initialization clears any fields the generic code
+might have set and the Xen code does not know about yet.
+
+I saw this happen a few times, so let's initialize only the EFI struct members
+used by Xen and maintain no local duplicate, to avoid such issues in the future.
+
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: andrew.cooper3@citrix.com
+Cc: jgross@suse.com
+Cc: linux-efi@vger.kernel.org
+Cc: matt@codeblueprint.co.uk
+Cc: xen-devel@lists.xenproject.org
+Link: http://lkml.kernel.org/r/1498128697-12943-3-git-send-email-daniel.kiper@oracle.com
+[ Clarified the changelog. ]
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/xen/efi.c | 45 ++++++++++++---------------------------------
+ 1 file changed, 12 insertions(+), 33 deletions(-)
+
+--- a/arch/x86/xen/efi.c
++++ b/arch/x86/xen/efi.c
+@@ -54,38 +54,6 @@ static efi_system_table_t efi_systab_xen
+ .tables = EFI_INVALID_TABLE_ADDR /* Initialized later. */
+ };
+
+-static const struct efi efi_xen __initconst = {
+- .systab = NULL, /* Initialized later. */
+- .runtime_version = 0, /* Initialized later. */
+- .mps = EFI_INVALID_TABLE_ADDR,
+- .acpi = EFI_INVALID_TABLE_ADDR,
+- .acpi20 = EFI_INVALID_TABLE_ADDR,
+- .smbios = EFI_INVALID_TABLE_ADDR,
+- .smbios3 = EFI_INVALID_TABLE_ADDR,
+- .sal_systab = EFI_INVALID_TABLE_ADDR,
+- .boot_info = EFI_INVALID_TABLE_ADDR,
+- .hcdp = EFI_INVALID_TABLE_ADDR,
+- .uga = EFI_INVALID_TABLE_ADDR,
+- .uv_systab = EFI_INVALID_TABLE_ADDR,
+- .fw_vendor = EFI_INVALID_TABLE_ADDR,
+- .runtime = EFI_INVALID_TABLE_ADDR,
+- .config_table = EFI_INVALID_TABLE_ADDR,
+- .get_time = xen_efi_get_time,
+- .set_time = xen_efi_set_time,
+- .get_wakeup_time = xen_efi_get_wakeup_time,
+- .set_wakeup_time = xen_efi_set_wakeup_time,
+- .get_variable = xen_efi_get_variable,
+- .get_next_variable = xen_efi_get_next_variable,
+- .set_variable = xen_efi_set_variable,
+- .query_variable_info = xen_efi_query_variable_info,
+- .update_capsule = xen_efi_update_capsule,
+- .query_capsule_caps = xen_efi_query_capsule_caps,
+- .get_next_high_mono_count = xen_efi_get_next_high_mono_count,
+- .reset_system = xen_efi_reset_system,
+- .set_virtual_address_map = NULL, /* Not used under Xen. */
+- .flags = 0 /* Initialized later. */
+-};
+-
+ static efi_system_table_t __init *xen_efi_probe(void)
+ {
+ struct xen_platform_op op = {
+@@ -102,7 +70,18 @@ static efi_system_table_t __init *xen_ef
+
+ /* Here we know that Xen runs on EFI platform. */
+
+- efi = efi_xen;
++ efi.get_time = xen_efi_get_time;
++ efi.set_time = xen_efi_set_time;
++ efi.get_wakeup_time = xen_efi_get_wakeup_time;
++ efi.set_wakeup_time = xen_efi_set_wakeup_time;
++ efi.get_variable = xen_efi_get_variable;
++ efi.get_next_variable = xen_efi_get_next_variable;
++ efi.set_variable = xen_efi_set_variable;
++ efi.query_variable_info = xen_efi_query_variable_info;
++ efi.update_capsule = xen_efi_update_capsule;
++ efi.query_capsule_caps = xen_efi_query_capsule_caps;
++ efi.get_next_high_mono_count = xen_efi_get_next_high_mono_count;
++ efi.reset_system = xen_efi_reset_system;
+
+ efi_systab_xen.tables = info->cfg.addr;
+ efi_systab_xen.nr_tables = info->cfg.nent;
projects / thirdparty / kernel / stable-queue.git / commitdiff
