--- /dev/null
+From d9c2bb7a7089a59537024534b38adf6fa58c5ba4 Mon Sep 17 00:00:00 2001
+From: Gertjan Halkes <gertjan@google.com>
+Date: Wed, 5 Sep 2018 15:41:29 +0900
+Subject: 9p: do not trust pdu content for stat item size
+
+[ Upstream commit 2803cf4379ed252894f046cb8812a48db35294e3 ]
+
+v9fs_dir_readdir() could deadloop if a struct was sent with a size set
+to -2
+
+Link: http://lkml.kernel.org/r/1536134432-11997-1-git-send-email-asmadeus@codewreck.org
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=88021
+Signed-off-by: Gertjan Halkes <gertjan@google.com>
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/9p/vfs_dir.c | 8 +++-----
+ net/9p/protocol.c | 3 ++-
+ 2 files changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/fs/9p/vfs_dir.c b/fs/9p/vfs_dir.c
+index 48db9a9f13f9..cb6c4031af55 100644
+--- a/fs/9p/vfs_dir.c
++++ b/fs/9p/vfs_dir.c
+@@ -105,7 +105,6 @@ static int v9fs_dir_readdir(struct file *file, struct dir_context *ctx)
+ int err = 0;
+ struct p9_fid *fid;
+ int buflen;
+- int reclen = 0;
+ struct p9_rdir *rdir;
+ struct kvec kvec;
+
+@@ -138,11 +137,10 @@ static int v9fs_dir_readdir(struct file *file, struct dir_context *ctx)
+ while (rdir->head < rdir->tail) {
+ err = p9stat_read(fid->clnt, rdir->buf + rdir->head,
+ rdir->tail - rdir->head, &st);
+- if (err) {
++ if (err <= 0) {
+ p9_debug(P9_DEBUG_VFS, "returned %d\n", err);
+ return -EIO;
+ }
+- reclen = st.size+2;
+
+ over = !dir_emit(ctx, st.name, strlen(st.name),
+ v9fs_qid2ino(&st.qid), dt_type(&st));
+@@ -150,8 +148,8 @@ static int v9fs_dir_readdir(struct file *file, struct dir_context *ctx)
+ if (over)
+ return 0;
+
+- rdir->head += reclen;
+- ctx->pos += reclen;
++ rdir->head += err;
++ ctx->pos += err;
+ }
+ }
+ }
+diff --git a/net/9p/protocol.c b/net/9p/protocol.c
+index 145f80518064..7f1b45c082c9 100644
+--- a/net/9p/protocol.c
++++ b/net/9p/protocol.c
+@@ -570,9 +570,10 @@ int p9stat_read(struct p9_client *clnt, char *buf, int len, struct p9_wstat *st)
+ if (ret) {
+ p9_debug(P9_DEBUG_9P, "<<< p9stat_read failed: %d\n", ret);
+ trace_9p_protocol_dump(clnt, &fake_pdu);
++ return ret;
+ }
+
+- return ret;
++ return fake_pdu.offset;
+ }
+ EXPORT_SYMBOL(p9stat_read);
+
+--
+2.19.1
+
--- /dev/null
+From e487e58208de5dfe8278356623aedadf262bb6a8 Mon Sep 17 00:00:00 2001
+From: Dinu-Razvan Chis-Serban <justcsdr@gmail.com>
+Date: Wed, 5 Sep 2018 16:44:12 +0900
+Subject: 9p locks: add mount option for lock retry interval
+
+[ Upstream commit 5e172f75e51e3de1b4274146d9b990f803cb5c2a ]
+
+The default P9_LOCK_TIMEOUT can be too long for some users exporting
+a local file system to a guest VM (30s), make this configurable at
+mount time.
+
+Link: http://lkml.kernel.org/r/1536295827-3181-1-git-send-email-asmadeus@codewreck.org
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=195727
+Signed-off-by: Dinu-Razvan Chis-Serban <justcsdr@gmail.com>
+Signed-off-by: Dominique Martinet <dominique.martinet@cea.fr>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/9p/v9fs.c | 21 +++++++++++++++++++++
+ fs/9p/v9fs.h | 1 +
+ fs/9p/vfs_file.c | 6 +++++-
+ 3 files changed, 27 insertions(+), 1 deletion(-)
+
+diff --git a/fs/9p/v9fs.c b/fs/9p/v9fs.c
+index 072e7599583a..a8ff43068619 100644
+--- a/fs/9p/v9fs.c
++++ b/fs/9p/v9fs.c
+@@ -59,6 +59,8 @@ enum {
+ Opt_cache_loose, Opt_fscache, Opt_mmap,
+ /* Access options */
+ Opt_access, Opt_posixacl,
++ /* Lock timeout option */
++ Opt_locktimeout,
+ /* Error token */
+ Opt_err
+ };
+@@ -78,6 +80,7 @@ static const match_table_t tokens = {
+ {Opt_cachetag, "cachetag=%s"},
+ {Opt_access, "access=%s"},
+ {Opt_posixacl, "posixacl"},
++ {Opt_locktimeout, "locktimeout=%u"},
+ {Opt_err, NULL}
+ };
+
+@@ -126,6 +129,7 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
+ #ifdef CONFIG_9P_FSCACHE
+ v9ses->cachetag = NULL;
+ #endif
++ v9ses->session_lock_timeout = P9_LOCK_TIMEOUT;
+
+ if (!opts)
+ return 0;
+@@ -298,6 +302,23 @@ static int v9fs_parse_options(struct v9fs_session_info *v9ses, char *opts)
+ #endif
+ break;
+
++ case Opt_locktimeout:
++ r = match_int(&args[0], &option);
++ if (r < 0) {
++ p9_debug(P9_DEBUG_ERROR,
++ "integer field, but no integer?\n");
++ ret = r;
++ continue;
++ }
++ if (option < 1) {
++ p9_debug(P9_DEBUG_ERROR,
++ "locktimeout must be a greater than zero integer.\n");
++ ret = -EINVAL;
++ continue;
++ }
++ v9ses->session_lock_timeout = (long)option * HZ;
++ break;
++
+ default:
+ continue;
+ }
+diff --git a/fs/9p/v9fs.h b/fs/9p/v9fs.h
+index 443d12e02043..ce6ca9f4f683 100644
+--- a/fs/9p/v9fs.h
++++ b/fs/9p/v9fs.h
+@@ -116,6 +116,7 @@ struct v9fs_session_info {
+ struct list_head slist; /* list of sessions registered with v9fs */
+ struct backing_dev_info bdi;
+ struct rw_semaphore rename_sem;
++ long session_lock_timeout; /* retry interval for blocking locks */
+ };
+
+ /* cache_validity flags */
+diff --git a/fs/9p/vfs_file.c b/fs/9p/vfs_file.c
+index 2f035b15180e..79ff727254bb 100644
+--- a/fs/9p/vfs_file.c
++++ b/fs/9p/vfs_file.c
+@@ -154,6 +154,7 @@ static int v9fs_file_do_lock(struct file *filp, int cmd, struct file_lock *fl)
+ uint8_t status = P9_LOCK_ERROR;
+ int res = 0;
+ unsigned char fl_type;
++ struct v9fs_session_info *v9ses;
+
+ fid = filp->private_data;
+ BUG_ON(fid == NULL);
+@@ -189,6 +190,8 @@ static int v9fs_file_do_lock(struct file *filp, int cmd, struct file_lock *fl)
+ if (IS_SETLKW(cmd))
+ flock.flags = P9_LOCK_FLAGS_BLOCK;
+
++ v9ses = v9fs_inode2v9ses(file_inode(filp));
++
+ /*
+ * if its a blocked request and we get P9_LOCK_BLOCKED as the status
+ * for lock request, keep on trying
+@@ -202,7 +205,8 @@ static int v9fs_file_do_lock(struct file *filp, int cmd, struct file_lock *fl)
+ break;
+ if (status == P9_LOCK_BLOCKED && !IS_SETLKW(cmd))
+ break;
+- if (schedule_timeout_interruptible(P9_LOCK_TIMEOUT) != 0)
++ if (schedule_timeout_interruptible(v9ses->session_lock_timeout)
++ != 0)
+ break;
+ /*
+ * p9_client_lock_dotl overwrites flock.client_id with the
+--
+2.19.1
+
--- /dev/null
+From f34983a7c3ef9a4591986163d084eb7a4c7218f2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ronald=20Tschal=C3=A4r?= <ronald@innovation.ch>
+Date: Sun, 30 Sep 2018 19:52:51 -0700
+Subject: ACPI / SBS: Fix GPE storm on recent MacBookPro's
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+[ Upstream commit ca1721c5bee77105829cbd7baab8ee0eab85b06d ]
+
+On Apple machines, plugging-in or unplugging the power triggers a GPE
+for the EC. Since these machines expose an SBS device, this GPE ends
+up triggering the acpi_sbs_callback(). This in turn tries to get the
+status of the SBS charger. However, on MBP13,* and MBP14,* machines,
+performing the smbus-read operation to get the charger's status triggers
+the EC's GPE again. The result is an endless re-triggering and handling
+of that GPE, consuming significant CPU resources (> 50% in irq).
+
+In the end this is quite similar to commit 3031cddea633 (ACPI / SBS:
+Don't assume the existence of an SBS charger), except that on the above
+machines a status of all 1's is returned. And like there, we just want
+ignore the charger here.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=198169
+Signed-off-by: Ronald Tschalär <ronald@innovation.ch>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/acpi/sbs.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/acpi/sbs.c b/drivers/acpi/sbs.c
+index ad0b13ad4bbb..4a76000bcf7a 100644
+--- a/drivers/acpi/sbs.c
++++ b/drivers/acpi/sbs.c
+@@ -443,9 +443,13 @@ static int acpi_ac_get_present(struct acpi_sbs *sbs)
+
+ /*
+ * The spec requires that bit 4 always be 1. If it's not set, assume
+- * that the implementation doesn't support an SBS charger
++ * that the implementation doesn't support an SBS charger.
++ *
++ * And on some MacBooks a status of 0xffff is always returned, no
++ * matter whether the charger is plugged in or not, which is also
++ * wrong, so ignore the SBS charger for those too.
+ */
+- if (!((status >> 4) & 0x1))
++ if (!((status >> 4) & 0x1) || status == 0xffff)
+ return -ENODEV;
+
+ sbs->charger_present = (status >> 15) & 0x1;
+--
+2.19.1
+
--- /dev/null
+From 4a9c45a97a419279093a8b28d80f11e6e1012443 Mon Sep 17 00:00:00 2001
+From: Kangjie Lu <kjlu@umn.edu>
+Date: Thu, 14 Mar 2019 22:58:29 -0500
+Subject: ALSA: echoaudio: add a check for ioremap_nocache
+
+[ Upstream commit 6ade657d6125ec3ec07f95fa51e28138aef6208f ]
+
+In case ioremap_nocache fails, the fix releases chip and returns
+an error code upstream to avoid NULL pointer dereference.
+
+Signed-off-by: Kangjie Lu <kjlu@umn.edu>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/pci/echoaudio/echoaudio.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/sound/pci/echoaudio/echoaudio.c b/sound/pci/echoaudio/echoaudio.c
+index 286f5e3686a3..d73ee11a32bd 100644
+--- a/sound/pci/echoaudio/echoaudio.c
++++ b/sound/pci/echoaudio/echoaudio.c
+@@ -1953,6 +1953,11 @@ static int snd_echo_create(struct snd_card *card,
+ }
+ chip->dsp_registers = (volatile u32 __iomem *)
+ ioremap_nocache(chip->dsp_registers_phys, sz);
++ if (!chip->dsp_registers) {
++ dev_err(chip->card->dev, "ioremap failed\n");
++ snd_echo_free(chip);
++ return -ENOMEM;
++ }
+
+ if (request_irq(pci->irq, snd_echo_interrupt, IRQF_SHARED,
+ KBUILD_MODNAME, chip)) {
+--
+2.19.1
+
--- /dev/null
+From 8a1576e9fb7413e7d08157fa0714734f608ab348 Mon Sep 17 00:00:00 2001
+From: Colin Ian King <colin.king@canonical.com>
+Date: Sun, 17 Mar 2019 23:21:24 +0000
+Subject: ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and
+ declaration
+
+[ Upstream commit b4748e7ab731e436cf5db4786358ada5dd2db6dd ]
+
+The function snd_opl3_drum_switch declaration in the header file
+has the order of the two arguments on_off and vel swapped when
+compared to the definition arguments of vel and on_off. Fix this
+by swapping them around to match the definition.
+
+This error predates the git history, so no idea when this error
+was introduced.
+
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/drivers/opl3/opl3_voice.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sound/drivers/opl3/opl3_voice.h b/sound/drivers/opl3/opl3_voice.h
+index a371c075ac87..e26702559f61 100644
+--- a/sound/drivers/opl3/opl3_voice.h
++++ b/sound/drivers/opl3/opl3_voice.h
+@@ -41,7 +41,7 @@ void snd_opl3_timer_func(unsigned long data);
+
+ /* Prototypes for opl3_drums.c */
+ void snd_opl3_load_drums(struct snd_opl3 *opl3);
+-void snd_opl3_drum_switch(struct snd_opl3 *opl3, int note, int on_off, int vel, struct snd_midi_channel *chan);
++void snd_opl3_drum_switch(struct snd_opl3 *opl3, int note, int vel, int on_off, struct snd_midi_channel *chan);
+
+ /* Prototypes for opl3_oss.c */
+ #ifdef CONFIG_SND_SEQUENCER_OSS
+--
+2.19.1
+
--- /dev/null
+From 2e0a2bb1e411ba370398f0266d1da45c7b87c838 Mon Sep 17 00:00:00 2001
+From: Kangjie Lu <kjlu@umn.edu>
+Date: Thu, 14 Mar 2019 23:04:14 -0500
+Subject: ALSA: sb8: add a check for request_region
+
+[ Upstream commit dcd0feac9bab901d5739de51b3f69840851f8919 ]
+
+In case request_region fails, the fix returns an error code to
+avoid NULL pointer dereference.
+
+Signed-off-by: Kangjie Lu <kjlu@umn.edu>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/isa/sb/sb8.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sound/isa/sb/sb8.c b/sound/isa/sb/sb8.c
+index ad42d2364199..e75bfc511e3e 100644
+--- a/sound/isa/sb/sb8.c
++++ b/sound/isa/sb/sb8.c
+@@ -111,6 +111,10 @@ static int snd_sb8_probe(struct device *pdev, unsigned int dev)
+
+ /* block the 0x388 port to avoid PnP conflicts */
+ acard->fm_res = request_region(0x388, 4, "SoundBlaster FM");
++ if (!acard->fm_res) {
++ err = -EBUSY;
++ goto _err;
++ }
+
+ if (port[dev] != SNDRV_AUTO_PORT) {
+ if ((err = snd_sbdsp_create(card, port[dev], irq[dev],
+--
+2.19.1
+
--- /dev/null
+From 7add13a4d9b9c39f2d704f6d353eac91d602023e Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Fri, 1 Mar 2019 10:57:57 +0800
+Subject: appletalk: Fix use-after-free in atalk_proc_exit
+
+[ Upstream commit 6377f787aeb945cae7abbb6474798de129e1f3ac ]
+
+KASAN report this:
+
+BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71
+Read of size 8 at addr ffff8881f41fe5b0 by task syz-executor.0/2806
+
+CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ #45
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
+Call Trace:
+ __dump_stack lib/dump_stack.c:77 [inline]
+ dump_stack+0xfa/0x1ce lib/dump_stack.c:113
+ print_address_description+0x65/0x270 mm/kasan/report.c:187
+ kasan_report+0x149/0x18d mm/kasan/report.c:317
+ pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71
+ remove_proc_entry+0xe8/0x420 fs/proc/generic.c:667
+ atalk_proc_exit+0x18/0x820 [appletalk]
+ atalk_exit+0xf/0x5a [appletalk]
+ __do_sys_delete_module kernel/module.c:1018 [inline]
+ __se_sys_delete_module kernel/module.c:961 [inline]
+ __x64_sys_delete_module+0x3dc/0x5e0 kernel/module.c:961
+ do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+RIP: 0033:0x462e99
+Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007fb2de6b9c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0
+RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0
+RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb2de6ba6bc
+R13: 00000000004bccaa R14: 00000000006f6bc8 R15: 00000000ffffffff
+
+Allocated by task 2806:
+ set_track mm/kasan/common.c:85 [inline]
+ __kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:496
+ slab_post_alloc_hook mm/slab.h:444 [inline]
+ slab_alloc_node mm/slub.c:2739 [inline]
+ slab_alloc mm/slub.c:2747 [inline]
+ kmem_cache_alloc+0xcf/0x250 mm/slub.c:2752
+ kmem_cache_zalloc include/linux/slab.h:730 [inline]
+ __proc_create+0x30f/0xa20 fs/proc/generic.c:408
+ proc_mkdir_data+0x47/0x190 fs/proc/generic.c:469
+ 0xffffffffc10c01bb
+ 0xffffffffc10c0166
+ do_one_initcall+0xfa/0x5ca init/main.c:887
+ do_init_module+0x204/0x5f6 kernel/module.c:3460
+ load_module+0x66b2/0x8570 kernel/module.c:3808
+ __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
+ do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+Freed by task 2806:
+ set_track mm/kasan/common.c:85 [inline]
+ __kasan_slab_free+0x130/0x180 mm/kasan/common.c:458
+ slab_free_hook mm/slub.c:1409 [inline]
+ slab_free_freelist_hook mm/slub.c:1436 [inline]
+ slab_free mm/slub.c:2986 [inline]
+ kmem_cache_free+0xa6/0x2a0 mm/slub.c:3002
+ pde_put+0x6e/0x80 fs/proc/generic.c:647
+ remove_proc_entry+0x1d3/0x420 fs/proc/generic.c:684
+ 0xffffffffc10c031c
+ 0xffffffffc10c0166
+ do_one_initcall+0xfa/0x5ca init/main.c:887
+ do_init_module+0x204/0x5f6 kernel/module.c:3460
+ load_module+0x66b2/0x8570 kernel/module.c:3808
+ __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
+ do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
+ entry_SYSCALL_64_after_hwframe+0x49/0xbe
+
+The buggy address belongs to the object at ffff8881f41fe500
+ which belongs to the cache proc_dir_entry of size 256
+The buggy address is located 176 bytes inside of
+ 256-byte region [ffff8881f41fe500, ffff8881f41fe600)
+The buggy address belongs to the page:
+page:ffffea0007d07f80 count:1 mapcount:0 mapping:ffff8881f6e69a00 index:0x0
+flags: 0x2fffc0000000200(slab)
+raw: 02fffc0000000200 dead000000000100 dead000000000200 ffff8881f6e69a00
+raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000
+page dumped because: kasan: bad access detected
+
+Memory state around the buggy address:
+ ffff8881f41fe480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
+ ffff8881f41fe500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+>ffff8881f41fe580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ^
+ ffff8881f41fe600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
+ ffff8881f41fe680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+
+It should check the return value of atalk_proc_init fails,
+otherwise atalk_exit will trgger use-after-free in pde_subdir_find
+while unload the module.This patch fix error cleanup path of atalk_init
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/atalk.h | 2 +-
+ net/appletalk/atalk_proc.c | 2 +-
+ net/appletalk/ddp.c | 37 ++++++++++++++++++++++++++------
+ net/appletalk/sysctl_net_atalk.c | 5 ++++-
+ 4 files changed, 37 insertions(+), 9 deletions(-)
+
+diff --git a/include/linux/atalk.h b/include/linux/atalk.h
+index 73fd8b7e9534..716d53799d1f 100644
+--- a/include/linux/atalk.h
++++ b/include/linux/atalk.h
+@@ -150,7 +150,7 @@ extern int sysctl_aarp_retransmit_limit;
+ extern int sysctl_aarp_resolve_time;
+
+ #ifdef CONFIG_SYSCTL
+-extern void atalk_register_sysctl(void);
++extern int atalk_register_sysctl(void);
+ extern void atalk_unregister_sysctl(void);
+ #else
+ #define atalk_register_sysctl() do { } while(0)
+diff --git a/net/appletalk/atalk_proc.c b/net/appletalk/atalk_proc.c
+index af46bc49e1e9..b5f84f428aa6 100644
+--- a/net/appletalk/atalk_proc.c
++++ b/net/appletalk/atalk_proc.c
+@@ -293,7 +293,7 @@ int __init atalk_proc_init(void)
+ goto out;
+ }
+
+-void __exit atalk_proc_exit(void)
++void atalk_proc_exit(void)
+ {
+ remove_proc_entry("interface", atalk_proc_dir);
+ remove_proc_entry("route", atalk_proc_dir);
+diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
+index 10d2bdce686e..e206d98b3b82 100644
+--- a/net/appletalk/ddp.c
++++ b/net/appletalk/ddp.c
+@@ -1912,12 +1912,16 @@ static const char atalk_err_snap[] __initconst =
+ /* Called by proto.c on kernel start up */
+ static int __init atalk_init(void)
+ {
+- int rc = proto_register(&ddp_proto, 0);
++ int rc;
+
+- if (rc != 0)
++ rc = proto_register(&ddp_proto, 0);
++ if (rc)
+ goto out;
+
+- (void)sock_register(&atalk_family_ops);
++ rc = sock_register(&atalk_family_ops);
++ if (rc)
++ goto out_proto;
++
+ ddp_dl = register_snap_client(ddp_snap_id, atalk_rcv);
+ if (!ddp_dl)
+ printk(atalk_err_snap);
+@@ -1925,12 +1929,33 @@ static int __init atalk_init(void)
+ dev_add_pack(<alk_packet_type);
+ dev_add_pack(&ppptalk_packet_type);
+
+- register_netdevice_notifier(&ddp_notifier);
++ rc = register_netdevice_notifier(&ddp_notifier);
++ if (rc)
++ goto out_sock;
++
+ aarp_proto_init();
+- atalk_proc_init();
+- atalk_register_sysctl();
++ rc = atalk_proc_init();
++ if (rc)
++ goto out_aarp;
++
++ rc = atalk_register_sysctl();
++ if (rc)
++ goto out_proc;
+ out:
+ return rc;
++out_proc:
++ atalk_proc_exit();
++out_aarp:
++ aarp_cleanup_module();
++ unregister_netdevice_notifier(&ddp_notifier);
++out_sock:
++ dev_remove_pack(&ppptalk_packet_type);
++ dev_remove_pack(<alk_packet_type);
++ unregister_snap_client(ddp_dl);
++ sock_unregister(PF_APPLETALK);
++out_proto:
++ proto_unregister(&ddp_proto);
++ goto out;
+ }
+ module_init(atalk_init);
+
+diff --git a/net/appletalk/sysctl_net_atalk.c b/net/appletalk/sysctl_net_atalk.c
+index ebb864361f7a..4e6042e0fcac 100644
+--- a/net/appletalk/sysctl_net_atalk.c
++++ b/net/appletalk/sysctl_net_atalk.c
+@@ -44,9 +44,12 @@ static struct ctl_table atalk_table[] = {
+
+ static struct ctl_table_header *atalk_table_header;
+
+-void atalk_register_sysctl(void)
++int __init atalk_register_sysctl(void)
+ {
+ atalk_table_header = register_net_sysctl(&init_net, "net/appletalk", atalk_table);
++ if (!atalk_table_header)
++ return -ENOMEM;
++ return 0;
+ }
+
+ void atalk_unregister_sysctl(void)
+--
+2.19.1
+
--- /dev/null
+From 0c41749177def400b369f161ecd70ce1f47d3057 Mon Sep 17 00:00:00 2001
+From: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
+Date: Mon, 25 Feb 2019 20:16:01 +0300
+Subject: ARC: u-boot args: check that magic number is correct
+
+[ Upstream commit edb64bca50cd736c6894cc6081d5263c007ce005 ]
+
+In case of devboards we really often disable bootloader and load
+Linux image in memory via JTAG. Even if kernel tries to verify
+uboot_tag and uboot_arg there is sill a chance that we treat some
+garbage in registers as valid u-boot arguments in JTAG case.
+E.g. it is enough to have '1' in r0 to treat any value in r2 as
+a boot command line.
+
+So check that magic number passed from u-boot is correct and drop
+u-boot arguments otherwise. That helps to reduce the possibility
+of using garbage as u-boot arguments in JTAG case.
+
+We can safely check U-boot magic value (0x0) in linux passed via
+r1 register as U-boot pass it from the beginning. So there is no
+backward-compatibility issues.
+
+Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arc/kernel/head.S | 1 +
+ arch/arc/kernel/setup.c | 8 ++++++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/arch/arc/kernel/head.S b/arch/arc/kernel/head.S
+index 1f945d0f40da..208bf2c9e7b0 100644
+--- a/arch/arc/kernel/head.S
++++ b/arch/arc/kernel/head.S
+@@ -107,6 +107,7 @@ ENTRY(stext)
+ ; r2 = pointer to uboot provided cmdline or external DTB in mem
+ ; These are handled later in handle_uboot_args()
+ st r0, [@uboot_tag]
++ st r1, [@uboot_magic]
+ st r2, [@uboot_arg]
+ #endif
+
+diff --git a/arch/arc/kernel/setup.c b/arch/arc/kernel/setup.c
+index 9119bea503a7..9f96120eee6e 100644
+--- a/arch/arc/kernel/setup.c
++++ b/arch/arc/kernel/setup.c
+@@ -32,6 +32,7 @@ unsigned int intr_to_DE_cnt;
+
+ /* Part of U-boot ABI: see head.S */
+ int __initdata uboot_tag;
++int __initdata uboot_magic;
+ char __initdata *uboot_arg;
+
+ const struct machine_desc *machine_desc;
+@@ -400,6 +401,8 @@ static inline bool uboot_arg_invalid(unsigned long addr)
+ #define UBOOT_TAG_NONE 0
+ #define UBOOT_TAG_CMDLINE 1
+ #define UBOOT_TAG_DTB 2
++/* We always pass 0 as magic from U-boot */
++#define UBOOT_MAGIC_VALUE 0
+
+ void __init handle_uboot_args(void)
+ {
+@@ -415,6 +418,11 @@ void __init handle_uboot_args(void)
+ goto ignore_uboot_args;
+ }
+
++ if (uboot_magic != UBOOT_MAGIC_VALUE) {
++ pr_warn(IGNORE_ARGS "non zero uboot magic\n");
++ goto ignore_uboot_args;
++ }
++
+ if (uboot_tag != UBOOT_TAG_NONE &&
+ uboot_arg_invalid((unsigned long)uboot_arg)) {
+ pr_warn(IGNORE_ARGS "invalid uboot arg: '%px'\n", uboot_arg);
+--
+2.19.1
+
--- /dev/null
+From 70e7d1ae6f39040a3c21bb3d4002d2e695012df4 Mon Sep 17 00:00:00 2001
+From: Yang Shi <yang.shi@linaro.org>
+Date: Wed, 13 Feb 2019 17:14:23 +0100
+Subject: ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
+
+[ Upstream commit 143c2a89e0e5fda6c6fd08d7bc1126438c19ae90 ]
+
+When running kprobe on -rt kernel, the below bug is caught:
+
+|BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:931
+|in_atomic(): 1, irqs_disabled(): 128, pid: 14, name: migration/0
+|Preemption disabled at:[<802f2b98>] cpu_stopper_thread+0xc0/0x140
+|CPU: 0 PID: 14 Comm: migration/0 Tainted: G O 4.8.3-rt2 #1
+|Hardware name: Freescale LS1021A
+|[<8025a43c>] (___might_sleep)
+|[<80b5b324>] (rt_spin_lock)
+|[<80b5c31c>] (__patch_text_real)
+|[<80b5c3ac>] (patch_text_stop_machine)
+|[<802f2920>] (multi_cpu_stop)
+
+Since patch_text_stop_machine() is called in stop_machine() which
+disables IRQ, sleepable lock should be not used in this atomic context,
+ so replace patch_lock to raw lock.
+
+Signed-off-by: Yang Shi <yang.shi@linaro.org>
+Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Reviewed-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/kernel/patch.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/arch/arm/kernel/patch.c b/arch/arm/kernel/patch.c
+index 69bda1a5707e..1f665acaa6a9 100644
+--- a/arch/arm/kernel/patch.c
++++ b/arch/arm/kernel/patch.c
+@@ -15,7 +15,7 @@ struct patch {
+ unsigned int insn;
+ };
+
+-static DEFINE_SPINLOCK(patch_lock);
++static DEFINE_RAW_SPINLOCK(patch_lock);
+
+ static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags)
+ __acquires(&patch_lock)
+@@ -32,7 +32,7 @@ static void __kprobes *patch_map(void *addr, int fixmap, unsigned long *flags)
+ return addr;
+
+ if (flags)
+- spin_lock_irqsave(&patch_lock, *flags);
++ raw_spin_lock_irqsave(&patch_lock, *flags);
+ else
+ __acquire(&patch_lock);
+
+@@ -47,7 +47,7 @@ static void __kprobes patch_unmap(int fixmap, unsigned long *flags)
+ clear_fixmap(fixmap);
+
+ if (flags)
+- spin_unlock_irqrestore(&patch_lock, *flags);
++ raw_spin_unlock_irqrestore(&patch_lock, *flags);
+ else
+ __release(&patch_lock);
+ }
+--
+2.19.1
+
--- /dev/null
+From bde23aacdb8b8aa9cd49ab063b9f3aed47c0e2ef Mon Sep 17 00:00:00 2001
+From: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Date: Fri, 28 Sep 2018 15:32:46 +0200
+Subject: ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos
+ platforms
+
+[ Upstream commit 6862fdf2201ab67cd962dbf0643d37db909f4860 ]
+
+"S3C2410 PM Suspend Memory CRC" feature (controlled by
+SAMSUNG_PM_CHECK config option) is incompatible with highmem
+(uses phys_to_virt() instead of proper mapping) which is used by
+the majority of Exynos boards. The issue manifests itself in OOPS
+on affected boards, i.e. on Odroid-U3 I got the following one:
+
+Unable to handle kernel paging request at virtual address f0000000
+pgd = 1c0f9bb4
+[f0000000] *pgd=00000000
+Internal error: Oops: 5 [#1] PREEMPT SMP ARM
+[<c0458034>] (crc32_le) from [<c0121f8c>] (s3c_pm_makecheck+0x34/0x54)
+[<c0121f8c>] (s3c_pm_makecheck) from [<c0121efc>] (s3c_pm_run_res+0x74/0x8c)
+[<c0121efc>] (s3c_pm_run_res) from [<c0121ecc>] (s3c_pm_run_res+0x44/0x8c)
+[<c0121ecc>] (s3c_pm_run_res) from [<c01210b8>] (exynos_suspend_enter+0x64/0x148)
+[<c01210b8>] (exynos_suspend_enter) from [<c018893c>] (suspend_devices_and_enter+0x9ec/0xe74)
+[<c018893c>] (suspend_devices_and_enter) from [<c0189534>] (pm_suspend+0x770/0xc04)
+[<c0189534>] (pm_suspend) from [<c0186ce8>] (state_store+0x6c/0xcc)
+[<c0186ce8>] (state_store) from [<c09db434>] (kobj_attr_store+0x14/0x20)
+[<c09db434>] (kobj_attr_store) from [<c02fa63c>] (sysfs_kf_write+0x4c/0x50)
+[<c02fa63c>] (sysfs_kf_write) from [<c02f97a4>] (kernfs_fop_write+0xfc/0x1e4)
+[<c02f97a4>] (kernfs_fop_write) from [<c027b198>] (__vfs_write+0x2c/0x140)
+[<c027b198>] (__vfs_write) from [<c027b418>] (vfs_write+0xa4/0x160)
+[<c027b418>] (vfs_write) from [<c027b5d8>] (ksys_write+0x40/0x8c)
+[<c027b5d8>] (ksys_write) from [<c0101000>] (ret_fast_syscall+0x0/0x28)
+
+Add PLAT_S3C24XX, ARCH_S3C64XX and ARCH_S5PV210 dependencies to
+SAMSUNG_PM_CHECK config option to hide it on Exynos platforms.
+
+Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/plat-samsung/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/plat-samsung/Kconfig b/arch/arm/plat-samsung/Kconfig
+index e8229b9fee4a..3265b8f86069 100644
+--- a/arch/arm/plat-samsung/Kconfig
++++ b/arch/arm/plat-samsung/Kconfig
+@@ -258,7 +258,7 @@ config S3C_PM_DEBUG_LED_SMDK
+
+ config SAMSUNG_PM_CHECK
+ bool "S3C2410 PM Suspend Memory CRC"
+- depends on PM
++ depends on PM && (PLAT_S3C24XX || ARCH_S3C64XX || ARCH_S5PV210)
+ select CRC32
+ help
+ Enable the PM code's memory area checksum over sleep. This option
+--
+2.19.1
+
--- /dev/null
+From 59a58697c297918bace9fdd1a25cd211fabf1fa1 Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Fri, 19 Oct 2018 01:58:22 -0500
+Subject: cifs: fallback to older infolevels on findfirst queryinfo retry
+
+[ Upstream commit 3b7960caceafdfc2cdfe2850487f8d091eb41144 ]
+
+In cases where queryinfo fails, we have cases in cifs (vers=1.0)
+where with backupuid mounts we retry the query info with findfirst.
+This doesn't work to some NetApp servers which don't support
+WindowsXP (and later) infolevel 261 (SMB_FIND_FILE_ID_FULL_DIR_INFO)
+so in this case use other info levels (in this case it will usually
+be level 257, SMB_FIND_FILE_DIRECTORY_INFO).
+
+(Also fixes some indentation)
+
+See kernel bugzilla 201435
+
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/cifs/inode.c | 67 +++++++++++++++++++++++++++----------------------
+ 1 file changed, 37 insertions(+), 30 deletions(-)
+
+diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
+index 57c938ffeb6e..a8a2fc9ae056 100644
+--- a/fs/cifs/inode.c
++++ b/fs/cifs/inode.c
+@@ -771,43 +771,50 @@ cifs_get_inode_info(struct inode **inode, const char *full_path,
+ } else if ((rc == -EACCES) && backup_cred(cifs_sb) &&
+ (strcmp(server->vals->version_string, SMB1_VERSION_STRING)
+ == 0)) {
+- /*
+- * For SMB2 and later the backup intent flag is already
+- * sent if needed on open and there is no path based
+- * FindFirst operation to use to retry with
+- */
++ /*
++ * For SMB2 and later the backup intent flag is already
++ * sent if needed on open and there is no path based
++ * FindFirst operation to use to retry with
++ */
+
+- srchinf = kzalloc(sizeof(struct cifs_search_info),
+- GFP_KERNEL);
+- if (srchinf == NULL) {
+- rc = -ENOMEM;
+- goto cgii_exit;
+- }
++ srchinf = kzalloc(sizeof(struct cifs_search_info),
++ GFP_KERNEL);
++ if (srchinf == NULL) {
++ rc = -ENOMEM;
++ goto cgii_exit;
++ }
+
+- srchinf->endOfSearch = false;
++ srchinf->endOfSearch = false;
++ if (tcon->unix_ext)
++ srchinf->info_level = SMB_FIND_FILE_UNIX;
++ else if ((tcon->ses->capabilities &
++ tcon->ses->server->vals->cap_nt_find) == 0)
++ srchinf->info_level = SMB_FIND_FILE_INFO_STANDARD;
++ else if (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM)
+ srchinf->info_level = SMB_FIND_FILE_ID_FULL_DIR_INFO;
++ else /* no srvino useful for fallback to some netapp */
++ srchinf->info_level = SMB_FIND_FILE_DIRECTORY_INFO;
+
+- srchflgs = CIFS_SEARCH_CLOSE_ALWAYS |
+- CIFS_SEARCH_CLOSE_AT_END |
+- CIFS_SEARCH_BACKUP_SEARCH;
++ srchflgs = CIFS_SEARCH_CLOSE_ALWAYS |
++ CIFS_SEARCH_CLOSE_AT_END |
++ CIFS_SEARCH_BACKUP_SEARCH;
+
+- rc = CIFSFindFirst(xid, tcon, full_path,
+- cifs_sb, NULL, srchflgs, srchinf, false);
+- if (!rc) {
+- data =
+- (FILE_ALL_INFO *)srchinf->srch_entries_start;
++ rc = CIFSFindFirst(xid, tcon, full_path,
++ cifs_sb, NULL, srchflgs, srchinf, false);
++ if (!rc) {
++ data = (FILE_ALL_INFO *)srchinf->srch_entries_start;
+
+- cifs_dir_info_to_fattr(&fattr,
+- (FILE_DIRECTORY_INFO *)data, cifs_sb);
+- fattr.cf_uniqueid = le64_to_cpu(
+- ((SEARCH_ID_FULL_DIR_INFO *)data)->UniqueId);
+- validinum = true;
++ cifs_dir_info_to_fattr(&fattr,
++ (FILE_DIRECTORY_INFO *)data, cifs_sb);
++ fattr.cf_uniqueid = le64_to_cpu(
++ ((SEARCH_ID_FULL_DIR_INFO *)data)->UniqueId);
++ validinum = true;
+
+- cifs_buf_release(srchinf->ntwrk_buf_start);
+- }
+- kfree(srchinf);
+- if (rc)
+- goto cgii_exit;
++ cifs_buf_release(srchinf->ntwrk_buf_start);
++ }
++ kfree(srchinf);
++ if (rc)
++ goto cgii_exit;
+ } else
+ goto cgii_exit;
+
+--
+2.19.1
+
--- /dev/null
+From 533125a5ad08d36cc4e7614d7e39100e9f29954f Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Sat, 16 Feb 2019 14:51:25 +0100
+Subject: crypto: sha256/arm - fix crash bug in Thumb2 build
+
+[ Upstream commit 69216a545cf81b2b32d01948f7039315abaf75a0 ]
+
+The SHA256 code we adopted from the OpenSSL project uses a rather
+peculiar way to take the address of the round constant table: it
+takes the address of the sha256_block_data_order() routine, and
+substracts a constant known quantity to arrive at the base of the
+table, which is emitted by the same assembler code right before
+the routine's entry point.
+
+However, recent versions of binutils have helpfully changed the
+behavior of references emitted via an ADR instruction when running
+in Thumb2 mode: it now takes the Thumb execution mode bit into
+account, which is bit 0 af the address. This means the produced
+table address also has bit 0 set, and so we end up with an address
+value pointing 1 byte past the start of the table, which results
+in crashes such as
+
+ Unable to handle kernel paging request at virtual address bf825000
+ pgd = 42f44b11
+ [bf825000] *pgd=80000040206003, *pmd=5f1bd003, *pte=00000000
+ Internal error: Oops: 207 [#1] PREEMPT SMP THUMB2
+ Modules linked in: sha256_arm(+) sha1_arm_ce sha1_arm ...
+ CPU: 7 PID: 396 Comm: cryptomgr_test Not tainted 5.0.0-rc6+ #144
+ Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
+ PC is at sha256_block_data_order+0xaaa/0xb30 [sha256_arm]
+ LR is at __this_module+0x17fd/0xffffe800 [sha256_arm]
+ pc : [<bf820bca>] lr : [<bf824ffd>] psr: 800b0033
+ sp : ebc8bbe8 ip : faaabe1c fp : 2fdd3433
+ r10: 4c5f1692 r9 : e43037df r8 : b04b0a5a
+ r7 : c369d722 r6 : 39c3693e r5 : 7a013189 r4 : 1580d26b
+ r3 : 8762a9b0 r2 : eea9c2cd r1 : 3e9ab536 r0 : 1dea4ae7
+ Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA Thumb Segment user
+ Control: 70c5383d Table: 6b8467c0 DAC: dbadc0de
+ Process cryptomgr_test (pid: 396, stack limit = 0x69e1fe23)
+ Stack: (0xebc8bbe8 to 0xebc8c000)
+ ...
+ unwind: Unknown symbol address bf820bca
+ unwind: Index not found bf820bca
+ Code: 441a ea80 40f9 440a (f85e) 3b04
+ ---[ end trace e560cce92700ef8a ]---
+
+Given that this affects older kernels as well, in case they are built
+with a recent toolchain, apply a minimal backportable fix, which is
+to emit another non-code label at the start of the routine, and
+reference that instead. (This is similar to the current upstream state
+of this file in OpenSSL)
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/crypto/sha256-armv4.pl | 3 ++-
+ arch/arm/crypto/sha256-core.S_shipped | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/arch/arm/crypto/sha256-armv4.pl b/arch/arm/crypto/sha256-armv4.pl
+index fac0533ea633..f64e8413ab9a 100644
+--- a/arch/arm/crypto/sha256-armv4.pl
++++ b/arch/arm/crypto/sha256-armv4.pl
+@@ -205,10 +205,11 @@ K256:
+ .global sha256_block_data_order
+ .type sha256_block_data_order,%function
+ sha256_block_data_order:
++.Lsha256_block_data_order:
+ #if __ARM_ARCH__<7
+ sub r3,pc,#8 @ sha256_block_data_order
+ #else
+- adr r3,sha256_block_data_order
++ adr r3,.Lsha256_block_data_order
+ #endif
+ #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+ ldr r12,.LOPENSSL_armcap
+diff --git a/arch/arm/crypto/sha256-core.S_shipped b/arch/arm/crypto/sha256-core.S_shipped
+index 555a1a8eec90..72c248081d27 100644
+--- a/arch/arm/crypto/sha256-core.S_shipped
++++ b/arch/arm/crypto/sha256-core.S_shipped
+@@ -86,10 +86,11 @@ K256:
+ .global sha256_block_data_order
+ .type sha256_block_data_order,%function
+ sha256_block_data_order:
++.Lsha256_block_data_order:
+ #if __ARM_ARCH__<7
+ sub r3,pc,#8 @ sha256_block_data_order
+ #else
+- adr r3,sha256_block_data_order
++ adr r3,.Lsha256_block_data_order
+ #endif
+ #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+ ldr r12,.LOPENSSL_armcap
+--
+2.19.1
+
--- /dev/null
+From c68711779088e4879aba03401c70c857b14c73db Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Date: Sat, 16 Feb 2019 14:51:26 +0100
+Subject: crypto: sha512/arm - fix crash bug in Thumb2 build
+
+[ Upstream commit c64316502008064c158fa40cc250665e461b0f2a ]
+
+The SHA512 code we adopted from the OpenSSL project uses a rather
+peculiar way to take the address of the round constant table: it
+takes the address of the sha256_block_data_order() routine, and
+substracts a constant known quantity to arrive at the base of the
+table, which is emitted by the same assembler code right before
+the routine's entry point.
+
+However, recent versions of binutils have helpfully changed the
+behavior of references emitted via an ADR instruction when running
+in Thumb2 mode: it now takes the Thumb execution mode bit into
+account, which is bit 0 af the address. This means the produced
+table address also has bit 0 set, and so we end up with an address
+value pointing 1 byte past the start of the table, which results
+in crashes such as
+
+ Unable to handle kernel paging request at virtual address bf825000
+ pgd = 42f44b11
+ [bf825000] *pgd=80000040206003, *pmd=5f1bd003, *pte=00000000
+ Internal error: Oops: 207 [#1] PREEMPT SMP THUMB2
+ Modules linked in: sha256_arm(+) sha1_arm_ce sha1_arm ...
+ CPU: 7 PID: 396 Comm: cryptomgr_test Not tainted 5.0.0-rc6+ #144
+ Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
+ PC is at sha256_block_data_order+0xaaa/0xb30 [sha256_arm]
+ LR is at __this_module+0x17fd/0xffffe800 [sha256_arm]
+ pc : [<bf820bca>] lr : [<bf824ffd>] psr: 800b0033
+ sp : ebc8bbe8 ip : faaabe1c fp : 2fdd3433
+ r10: 4c5f1692 r9 : e43037df r8 : b04b0a5a
+ r7 : c369d722 r6 : 39c3693e r5 : 7a013189 r4 : 1580d26b
+ r3 : 8762a9b0 r2 : eea9c2cd r1 : 3e9ab536 r0 : 1dea4ae7
+ Flags: Nzcv IRQs on FIQs on Mode SVC_32 ISA Thumb Segment user
+ Control: 70c5383d Table: 6b8467c0 DAC: dbadc0de
+ Process cryptomgr_test (pid: 396, stack limit = 0x69e1fe23)
+ Stack: (0xebc8bbe8 to 0xebc8c000)
+ ...
+ unwind: Unknown symbol address bf820bca
+ unwind: Index not found bf820bca
+ Code: 441a ea80 40f9 440a (f85e) 3b04
+ ---[ end trace e560cce92700ef8a ]---
+
+Given that this affects older kernels as well, in case they are built
+with a recent toolchain, apply a minimal backportable fix, which is
+to emit another non-code label at the start of the routine, and
+reference that instead. (This is similar to the current upstream state
+of this file in OpenSSL)
+
+Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/crypto/sha512-armv4.pl | 3 ++-
+ arch/arm/crypto/sha512-core.S_shipped | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/arch/arm/crypto/sha512-armv4.pl b/arch/arm/crypto/sha512-armv4.pl
+index a2b11a844357..5fe336420bcf 100644
+--- a/arch/arm/crypto/sha512-armv4.pl
++++ b/arch/arm/crypto/sha512-armv4.pl
+@@ -267,10 +267,11 @@ WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
+ .global sha512_block_data_order
+ .type sha512_block_data_order,%function
+ sha512_block_data_order:
++.Lsha512_block_data_order:
+ #if __ARM_ARCH__<7
+ sub r3,pc,#8 @ sha512_block_data_order
+ #else
+- adr r3,sha512_block_data_order
++ adr r3,.Lsha512_block_data_order
+ #endif
+ #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+ ldr r12,.LOPENSSL_armcap
+diff --git a/arch/arm/crypto/sha512-core.S_shipped b/arch/arm/crypto/sha512-core.S_shipped
+index 3694c4d4ca2b..de9bd7f55242 100644
+--- a/arch/arm/crypto/sha512-core.S_shipped
++++ b/arch/arm/crypto/sha512-core.S_shipped
+@@ -134,10 +134,11 @@ WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
+ .global sha512_block_data_order
+ .type sha512_block_data_order,%function
+ sha512_block_data_order:
++.Lsha512_block_data_order:
+ #if __ARM_ARCH__<7
+ sub r3,pc,#8 @ sha512_block_data_order
+ #else
+- adr r3,sha512_block_data_order
++ adr r3,.Lsha512_block_data_order
+ #endif
+ #if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
+ ldr r12,.LOPENSSL_armcap
+--
+2.19.1
+
--- /dev/null
+From 42ede83cd8b3a803a6b30d1799fb960703f7bc55 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 15 Mar 2019 00:15:32 -0400
+Subject: ext4: add missing brelse() in add_new_gdb_meta_bg()
+
+[ Upstream commit d64264d6218e6892edd832dc3a5a5857c2856c53 ]
+
+Currently in add_new_gdb_meta_bg() there is a missing brelse of gdb_bh
+in case ext4_journal_get_write_access() fails.
+Additionally kvfree() is missing in the same error path. Fix it by
+moving the ext4_journal_get_write_access() before the ext4 sb update as
+Ted suggested and release n_group_desc and gdb_bh in case it fails.
+
+Fixes: 61a9c11e5e7a ("ext4: add missing brelse() add_new_gdb_meta_bg()'s error path")
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/resize.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
+index 67b359629a66..e16fb545d441 100644
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -907,11 +907,18 @@ static int add_new_gdb_meta_bg(struct super_block *sb,
+ memcpy(n_group_desc, o_group_desc,
+ EXT4_SB(sb)->s_gdb_count * sizeof(struct buffer_head *));
+ n_group_desc[gdb_num] = gdb_bh;
++
++ BUFFER_TRACE(gdb_bh, "get_write_access");
++ err = ext4_journal_get_write_access(handle, gdb_bh);
++ if (err) {
++ kvfree(n_group_desc);
++ brelse(gdb_bh);
++ return err;
++ }
++
+ EXT4_SB(sb)->s_group_desc = n_group_desc;
+ EXT4_SB(sb)->s_gdb_count++;
+ kvfree(o_group_desc);
+- BUFFER_TRACE(gdb_bh, "get_write_access");
+- err = ext4_journal_get_write_access(handle, gdb_bh);
+ return err;
+ }
+
+--
+2.19.1
+
--- /dev/null
+From 92a88a05446bd66749f21ab2afd75e7e17183810 Mon Sep 17 00:00:00 2001
+From: "Darrick J. Wong" <darrick.wong@oracle.com>
+Date: Sat, 23 Mar 2019 12:10:29 -0400
+Subject: ext4: prohibit fstrim in norecovery mode
+
+[ Upstream commit 18915b5873f07e5030e6fb108a050fa7c71c59fb ]
+
+The ext4 fstrim implementation uses the block bitmaps to find free space
+that can be discarded. If we haven't replayed the journal, the bitmaps
+will be stale and we absolutely *cannot* use stale metadata to zap the
+underlying storage.
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/ioctl.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
+index 2880e017cd0a..2ce73287b53c 100644
+--- a/fs/ext4/ioctl.c
++++ b/fs/ext4/ioctl.c
+@@ -749,6 +749,13 @@ long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
+ if (!blk_queue_discard(q))
+ return -EOPNOTSUPP;
+
++ /*
++ * We haven't replayed the journal, so we cannot use our
++ * block-bitmap-guided storage zapping commands.
++ */
++ if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
++ return -EROFS;
++
+ if (copy_from_user(&range, (struct fstrim_range __user *)arg,
+ sizeof(range)))
+ return -EFAULT;
+--
+2.19.1
+
--- /dev/null
+From dedf6de316dee37272731ee19f1b08619db1d8b1 Mon Sep 17 00:00:00 2001
+From: Lukas Czerner <lczerner@redhat.com>
+Date: Fri, 15 Mar 2019 00:22:28 -0400
+Subject: ext4: report real fs size after failed resize
+
+[ Upstream commit 6c7328400e0488f7d49e19e02290ba343b6811b2 ]
+
+Currently when the file system resize using ext4_resize_fs() fails it
+will report into log that "resized filesystem to <requested block
+count>". However this may not be true in the case of failure. Use the
+current block count as returned by ext4_blocks_count() to report the
+block count.
+
+Additionally, report a warning that "error occurred during file system
+resize"
+
+Signed-off-by: Lukas Czerner <lczerner@redhat.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/resize.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
+index e16fb545d441..aef2a24dc9f9 100644
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -2047,6 +2047,10 @@ int ext4_resize_fs(struct super_block *sb, ext4_fsblk_t n_blocks_count)
+ free_flex_gd(flex_gd);
+ if (resize_inode != NULL)
+ iput(resize_inode);
+- ext4_msg(sb, KERN_INFO, "resized filesystem to %llu", n_blocks_count);
++ if (err)
++ ext4_warning(sb, "error (%d) occurred during "
++ "file system resize", err);
++ ext4_msg(sb, KERN_INFO, "resized filesystem to %llu",
++ ext4_blocks_count(es));
+ return err;
+ }
+--
+2.19.1
+
--- /dev/null
+From 3a9b598537d3fb7e7b5b4f64d4a784578f643ac9 Mon Sep 17 00:00:00 2001
+From: Chao Yu <yuchao0@huawei.com>
+Date: Thu, 6 Sep 2018 20:34:12 +0800
+Subject: f2fs: fix to do sanity check with current segment number
+
+[ Upstream commit 042be0f849e5fc24116d0afecfaf926eed5cac63 ]
+
+https://bugzilla.kernel.org/show_bug.cgi?id=200219
+
+Reproduction way:
+- mount image
+- run poc code
+- umount image
+
+F2FS-fs (loop1): Bitmap was wrongly set, blk:15364
+------------[ cut here ]------------
+kernel BUG at /home/yuchao/git/devf2fs/segment.c:2061!
+invalid opcode: 0000 [#1] PREEMPT SMP
+CPU: 2 PID: 17686 Comm: umount Tainted: G W O 4.18.0-rc2+ #39
+Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
+EIP: update_sit_entry+0x459/0x4e0 [f2fs]
+Code: e8 1c b5 fd ff 0f 0b 0f 0b 8b 45 e4 c7 44 24 08 9c 7a 6c f8 c7 44 24 04 bc 4a 6c f8 89 44 24 0c 8b 06 89 04 24 e8 f7 b4 fd ff <0f> 0b 8b 45 e4 0f b6 d2 89 54 24 10 c7 44 24 08 60 7a 6c f8 c7 44
+EAX: 00000032 EBX: 000000f8 ECX: 00000002 EDX: 00000001
+ESI: d7177000 EDI: f520fe68 EBP: d6477c6c ESP: d6477c34
+DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010282
+CR0: 80050033 CR2: b7fbe000 CR3: 2a99b3c0 CR4: 000406f0
+Call Trace:
+ f2fs_allocate_data_block+0x124/0x580 [f2fs]
+ do_write_page+0x78/0x150 [f2fs]
+ f2fs_do_write_node_page+0x25/0xa0 [f2fs]
+ __write_node_page+0x2bf/0x550 [f2fs]
+ f2fs_sync_node_pages+0x60e/0x6d0 [f2fs]
+ ? sync_inode_metadata+0x2f/0x40
+ ? f2fs_write_checkpoint+0x28f/0x7d0 [f2fs]
+ ? up_write+0x1e/0x80
+ f2fs_write_checkpoint+0x2a9/0x7d0 [f2fs]
+ ? mark_held_locks+0x5d/0x80
+ ? _raw_spin_unlock_irq+0x27/0x50
+ kill_f2fs_super+0x68/0x90 [f2fs]
+ deactivate_locked_super+0x3d/0x70
+ deactivate_super+0x40/0x60
+ cleanup_mnt+0x39/0x70
+ __cleanup_mnt+0x10/0x20
+ task_work_run+0x81/0xa0
+ exit_to_usermode_loop+0x59/0xa7
+ do_fast_syscall_32+0x1f5/0x22c
+ entry_SYSENTER_32+0x53/0x86
+EIP: 0xb7f95c51
+Code: c1 1e f7 ff ff 89 e5 8b 55 08 85 d2 8b 81 64 cd ff ff 74 02 89 02 5d c3 8b 0c 24 c3 8b 1c 24 c3 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
+EAX: 00000000 EBX: 0871ab90 ECX: bfb2cd00 EDX: 00000000
+ESI: 00000000 EDI: 0871ab90 EBP: 0871ab90 ESP: bfb2cd7c
+DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
+Modules linked in: f2fs(O) crc32_generic bnep rfcomm bluetooth ecdh_generic snd_intel8x0 snd_ac97_codec ac97_bus snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq pcbc joydev aesni_intel snd_seq_device aes_i586 snd_timer crypto_simd snd cryptd soundcore mac_hid serio_raw video i2c_piix4 parport_pc ppdev lp parport hid_generic psmouse usbhid hid e1000 [last unloaded: f2fs]
+---[ end trace d423f83982cfcdc5 ]---
+
+The reason is, different log headers using the same segment, once
+one log's next block address is used by another log, it will cause
+panic as above.
+
+Main area: 24 segs, 24 secs 24 zones
+ - COLD data: 0, 0, 0
+ - WARM data: 1, 1, 1
+ - HOT data: 20, 20, 20
+ - Dir dnode: 22, 22, 22
+ - File dnode: 22, 22, 22
+ - Indir nodes: 21, 21, 21
+
+So this patch adds sanity check to detect such condition to avoid
+this issue.
+
+Signed-off-by: Chao Yu <yuchao0@huawei.com>
+
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/f2fs/super.c | 34 +++++++++++++++++++++++++++++++++-
+ 1 file changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c
+index 83a96334dc07..4ebe69572475 100644
+--- a/fs/f2fs/super.c
++++ b/fs/f2fs/super.c
+@@ -1489,7 +1489,7 @@ int sanity_check_ckpt(struct f2fs_sb_info *sbi)
+ unsigned int segment_count_main;
+ unsigned int cp_pack_start_sum, cp_payload;
+ block_t user_block_count;
+- int i;
++ int i, j;
+
+ total = le32_to_cpu(raw_super->segment_count);
+ fsmeta = le32_to_cpu(raw_super->segment_count_ckpt);
+@@ -1530,11 +1530,43 @@ int sanity_check_ckpt(struct f2fs_sb_info *sbi)
+ if (le32_to_cpu(ckpt->cur_node_segno[i]) >= main_segs ||
+ le16_to_cpu(ckpt->cur_node_blkoff[i]) >= blocks_per_seg)
+ return 1;
++ for (j = i + 1; j < NR_CURSEG_NODE_TYPE; j++) {
++ if (le32_to_cpu(ckpt->cur_node_segno[i]) ==
++ le32_to_cpu(ckpt->cur_node_segno[j])) {
++ f2fs_msg(sbi->sb, KERN_ERR,
++ "Node segment (%u, %u) has the same "
++ "segno: %u", i, j,
++ le32_to_cpu(ckpt->cur_node_segno[i]));
++ return 1;
++ }
++ }
+ }
+ for (i = 0; i < NR_CURSEG_DATA_TYPE; i++) {
+ if (le32_to_cpu(ckpt->cur_data_segno[i]) >= main_segs ||
+ le16_to_cpu(ckpt->cur_data_blkoff[i]) >= blocks_per_seg)
+ return 1;
++ for (j = i + 1; j < NR_CURSEG_DATA_TYPE; j++) {
++ if (le32_to_cpu(ckpt->cur_data_segno[i]) ==
++ le32_to_cpu(ckpt->cur_data_segno[j])) {
++ f2fs_msg(sbi->sb, KERN_ERR,
++ "Data segment (%u, %u) has the same "
++ "segno: %u", i, j,
++ le32_to_cpu(ckpt->cur_data_segno[i]));
++ return 1;
++ }
++ }
++ }
++ for (i = 0; i < NR_CURSEG_NODE_TYPE; i++) {
++ for (j = i; j < NR_CURSEG_DATA_TYPE; j++) {
++ if (le32_to_cpu(ckpt->cur_node_segno[i]) ==
++ le32_to_cpu(ckpt->cur_data_segno[j])) {
++ f2fs_msg(sbi->sb, KERN_ERR,
++ "Data segment (%u) and Data segment (%u)"
++ " has the same segno: %u", i, j,
++ le32_to_cpu(ckpt->cur_node_segno[i]));
++ return 1;
++ }
++ }
+ }
+
+ sit_bitmap_size = le32_to_cpu(ckpt->sit_ver_bitmap_bytesize);
+--
+2.19.1
+
--- /dev/null
+From f816361ff9067ef3f057f6393247ab595ce0dcbc Mon Sep 17 00:00:00 2001
+From: Steve French <stfrench@microsoft.com>
+Date: Sun, 17 Mar 2019 15:58:38 -0500
+Subject: fix incorrect error code mapping for OBJECTID_NOT_FOUND
+
+[ Upstream commit 85f9987b236cf46e06ffdb5c225cf1f3c0acb789 ]
+
+It was mapped to EIO which can be confusing when user space
+queries for an object GUID for an object for which the server
+file system doesn't support (or hasn't saved one).
+
+As Amir Goldstein suggested this is similar to ENOATTR
+(equivalently ENODATA in Linux errno definitions) so
+changing NT STATUS code mapping for OBJECTID_NOT_FOUND
+to ENODATA.
+
+Signed-off-by: Steve French <stfrench@microsoft.com>
+CC: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/cifs/smb2maperror.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/cifs/smb2maperror.c b/fs/cifs/smb2maperror.c
+index 98c25b969ab8..7e93d5706bf6 100644
+--- a/fs/cifs/smb2maperror.c
++++ b/fs/cifs/smb2maperror.c
+@@ -1034,7 +1034,8 @@ static const struct status_to_posix_error smb2_error_map_table[] = {
+ {STATUS_UNFINISHED_CONTEXT_DELETED, -EIO,
+ "STATUS_UNFINISHED_CONTEXT_DELETED"},
+ {STATUS_NO_TGT_REPLY, -EIO, "STATUS_NO_TGT_REPLY"},
+- {STATUS_OBJECTID_NOT_FOUND, -EIO, "STATUS_OBJECTID_NOT_FOUND"},
++ /* Note that ENOATTTR and ENODATA are the same errno */
++ {STATUS_OBJECTID_NOT_FOUND, -ENODATA, "STATUS_OBJECTID_NOT_FOUND"},
+ {STATUS_NO_IP_ADDRESSES, -EIO, "STATUS_NO_IP_ADDRESSES"},
+ {STATUS_WRONG_CREDENTIAL_HANDLE, -EIO,
+ "STATUS_WRONG_CREDENTIAL_HANDLE"},
+--
+2.19.1
+
--- /dev/null
+From b38a9c4b3f991166aeb9c761cc0fd829d86b6c78 Mon Sep 17 00:00:00 2001
+From: Robert Jarzmik <robert.jarzmik@free.fr>
+Date: Sat, 25 Aug 2018 10:44:17 +0200
+Subject: gpio: pxa: handle corner case of unprobed device
+
+[ Upstream commit 9ce3ebe973bf4073426f35f282c6b955ed802765 ]
+
+In the corner case where the gpio driver probe fails, for whatever
+reason, the suspend and resume handlers will still be called as they
+have to be registered as syscore operations. This applies as well when
+no probe was called while the driver has been built in the kernel.
+
+Nicolas tracked this in :
+https://bugzilla.kernel.org/show_bug.cgi?id=200905
+
+Therefore, add a failsafe in these function, and test if a proper probe
+succeeded and the driver is functional.
+
+Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
+Reported-by: Nicolas Chauvet <kwizart@gmail.com>
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpio/gpio-pxa.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/drivers/gpio/gpio-pxa.c b/drivers/gpio/gpio-pxa.c
+index 7a6305884f97..32d22bdf7164 100644
+--- a/drivers/gpio/gpio-pxa.c
++++ b/drivers/gpio/gpio-pxa.c
+@@ -774,6 +774,9 @@ static int pxa_gpio_suspend(void)
+ struct pxa_gpio_bank *c;
+ int gpio;
+
++ if (!pchip)
++ return 0;
++
+ for_each_gpio_bank(gpio, c, pchip) {
+ c->saved_gplr = readl_relaxed(c->regbase + GPLR_OFFSET);
+ c->saved_gpdr = readl_relaxed(c->regbase + GPDR_OFFSET);
+@@ -792,6 +795,9 @@ static void pxa_gpio_resume(void)
+ struct pxa_gpio_bank *c;
+ int gpio;
+
++ if (!pchip)
++ return;
++
+ for_each_gpio_bank(gpio, c, pchip) {
+ /* restore level with set/clear */
+ writel_relaxed(c->saved_gplr, c->regbase + GPSR_OFFSET);
+--
+2.19.1
+
--- /dev/null
+From 33c620b67b7660349ac1b62746b101499e68445c Mon Sep 17 00:00:00 2001
+From: Julian Sax <jsbc@gmx.de>
+Date: Wed, 19 Sep 2018 11:46:23 +0200
+Subject: HID: i2c-hid: override HID descriptors for certain devices
+
+[ Upstream commit 9ee3e06610fdb8a601cde59c92089fb6c1deb4aa ]
+
+A particular touchpad (SIPODEV SP1064) refuses to supply the HID
+descriptors. This patch provides the framework for overriding these
+descriptors based on DMI data. It also includes the descriptors for
+said touchpad, which were extracted by listening to the traffic of the
+windows filter driver, as well as the DMI data for the laptops known
+to use this device.
+
+Relevant Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1526312
+
+Cc: Hans de Goede <hdegoede@redhat.com>
+Reported-and-tested-by: ahormann@gmx.net
+Reported-and-tested-by: Bruno Jesus <bruno.fl.jesus@gmail.com>
+Reported-and-tested-by: Dietrich <enaut.w@googlemail.com>
+Reported-and-tested-by: kloxdami@yahoo.com
+Signed-off-by: Julian Sax <jsbc@gmx.de>
+Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/i2c-hid/Makefile | 3 +
+ .../hid/i2c-hid/{i2c-hid.c => i2c-hid-core.c} | 56 ++-
+ drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 376 ++++++++++++++++++
+ drivers/hid/i2c-hid/i2c-hid.h | 20 +
+ 4 files changed, 437 insertions(+), 18 deletions(-)
+ rename drivers/hid/i2c-hid/{i2c-hid.c => i2c-hid-core.c} (96%)
+ create mode 100644 drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
+ create mode 100644 drivers/hid/i2c-hid/i2c-hid.h
+
+diff --git a/drivers/hid/i2c-hid/Makefile b/drivers/hid/i2c-hid/Makefile
+index 832d8f9aaba2..099e1ce2f234 100644
+--- a/drivers/hid/i2c-hid/Makefile
++++ b/drivers/hid/i2c-hid/Makefile
+@@ -3,3 +3,6 @@
+ #
+
+ obj-$(CONFIG_I2C_HID) += i2c-hid.o
++
++i2c-hid-objs = i2c-hid-core.o
++i2c-hid-$(CONFIG_DMI) += i2c-hid-dmi-quirks.o
+diff --git a/drivers/hid/i2c-hid/i2c-hid.c b/drivers/hid/i2c-hid/i2c-hid-core.c
+similarity index 96%
+rename from drivers/hid/i2c-hid/i2c-hid.c
+rename to drivers/hid/i2c-hid/i2c-hid-core.c
+index ce2b80009c19..850527d5fab1 100644
+--- a/drivers/hid/i2c-hid/i2c-hid.c
++++ b/drivers/hid/i2c-hid/i2c-hid-core.c
+@@ -42,6 +42,7 @@
+ #include <linux/i2c/i2c-hid.h>
+
+ #include "../hid-ids.h"
++#include "i2c-hid.h"
+
+ /* quirks to control the device */
+ #define I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV BIT(0)
+@@ -724,6 +725,7 @@ static int i2c_hid_parse(struct hid_device *hid)
+ char *rdesc;
+ int ret;
+ int tries = 3;
++ char *use_override;
+
+ i2c_hid_dbg(ihid, "entering %s\n", __func__);
+
+@@ -742,26 +744,37 @@ static int i2c_hid_parse(struct hid_device *hid)
+ if (ret)
+ return ret;
+
+- rdesc = kzalloc(rsize, GFP_KERNEL);
++ use_override = i2c_hid_get_dmi_hid_report_desc_override(client->name,
++ &rsize);
+
+- if (!rdesc) {
+- dbg_hid("couldn't allocate rdesc memory\n");
+- return -ENOMEM;
+- }
++ if (use_override) {
++ rdesc = use_override;
++ i2c_hid_dbg(ihid, "Using a HID report descriptor override\n");
++ } else {
++ rdesc = kzalloc(rsize, GFP_KERNEL);
+
+- i2c_hid_dbg(ihid, "asking HID report descriptor\n");
++ if (!rdesc) {
++ dbg_hid("couldn't allocate rdesc memory\n");
++ return -ENOMEM;
++ }
+
+- ret = i2c_hid_command(client, &hid_report_descr_cmd, rdesc, rsize);
+- if (ret) {
+- hid_err(hid, "reading report descriptor failed\n");
+- kfree(rdesc);
+- return -EIO;
++ i2c_hid_dbg(ihid, "asking HID report descriptor\n");
++
++ ret = i2c_hid_command(client, &hid_report_descr_cmd,
++ rdesc, rsize);
++ if (ret) {
++ hid_err(hid, "reading report descriptor failed\n");
++ kfree(rdesc);
++ return -EIO;
++ }
+ }
+
+ i2c_hid_dbg(ihid, "Report Descriptor: %*ph\n", rsize, rdesc);
+
+ ret = hid_parse_report(hid, rdesc, rsize);
+- kfree(rdesc);
++ if (!use_override)
++ kfree(rdesc);
++
+ if (ret) {
+ dbg_hid("parsing report descriptor failed\n");
+ return ret;
+@@ -899,12 +912,19 @@ static int i2c_hid_fetch_hid_descriptor(struct i2c_hid *ihid)
+ int ret;
+
+ /* i2c hid fetch using a fixed descriptor size (30 bytes) */
+- i2c_hid_dbg(ihid, "Fetching the HID descriptor\n");
+- ret = i2c_hid_command(client, &hid_descr_cmd, ihid->hdesc_buffer,
+- sizeof(struct i2c_hid_desc));
+- if (ret) {
+- dev_err(&client->dev, "hid_descr_cmd failed\n");
+- return -ENODEV;
++ if (i2c_hid_get_dmi_i2c_hid_desc_override(client->name)) {
++ i2c_hid_dbg(ihid, "Using a HID descriptor override\n");
++ ihid->hdesc =
++ *i2c_hid_get_dmi_i2c_hid_desc_override(client->name);
++ } else {
++ i2c_hid_dbg(ihid, "Fetching the HID descriptor\n");
++ ret = i2c_hid_command(client, &hid_descr_cmd,
++ ihid->hdesc_buffer,
++ sizeof(struct i2c_hid_desc));
++ if (ret) {
++ dev_err(&client->dev, "hid_descr_cmd failed\n");
++ return -ENODEV;
++ }
+ }
+
+ /* Validate the length of HID descriptor, the 4 first bytes:
+diff --git a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
+new file mode 100644
+index 000000000000..1d645c9ab417
+--- /dev/null
++++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c
+@@ -0,0 +1,376 @@
++// SPDX-License-Identifier: GPL-2.0+
++
++/*
++ * Quirks for I2C-HID devices that do not supply proper descriptors
++ *
++ * Copyright (c) 2018 Julian Sax <jsbc@gmx.de>
++ *
++ */
++
++#include <linux/types.h>
++#include <linux/dmi.h>
++#include <linux/mod_devicetable.h>
++
++#include "i2c-hid.h"
++
++
++struct i2c_hid_desc_override {
++ union {
++ struct i2c_hid_desc *i2c_hid_desc;
++ uint8_t *i2c_hid_desc_buffer;
++ };
++ uint8_t *hid_report_desc;
++ unsigned int hid_report_desc_size;
++ uint8_t *i2c_name;
++};
++
++
++/*
++ * descriptors for the SIPODEV SP1064 touchpad
++ *
++ * This device does not supply any descriptors and on windows a filter
++ * driver operates between the i2c-hid layer and the device and injects
++ * these descriptors when the device is prompted. The descriptors were
++ * extracted by listening to the i2c-hid traffic that occurs between the
++ * windows filter driver and the windows i2c-hid driver.
++ */
++
++static const struct i2c_hid_desc_override sipodev_desc = {
++ .i2c_hid_desc_buffer = (uint8_t [])
++ {0x1e, 0x00, /* Length of descriptor */
++ 0x00, 0x01, /* Version of descriptor */
++ 0xdb, 0x01, /* Length of report descriptor */
++ 0x21, 0x00, /* Location of report descriptor */
++ 0x24, 0x00, /* Location of input report */
++ 0x1b, 0x00, /* Max input report length */
++ 0x25, 0x00, /* Location of output report */
++ 0x11, 0x00, /* Max output report length */
++ 0x22, 0x00, /* Location of command register */
++ 0x23, 0x00, /* Location of data register */
++ 0x11, 0x09, /* Vendor ID */
++ 0x88, 0x52, /* Product ID */
++ 0x06, 0x00, /* Version ID */
++ 0x00, 0x00, 0x00, 0x00 /* Reserved */
++ },
++
++ .hid_report_desc = (uint8_t [])
++ {0x05, 0x01, /* Usage Page (Desktop), */
++ 0x09, 0x02, /* Usage (Mouse), */
++ 0xA1, 0x01, /* Collection (Application), */
++ 0x85, 0x01, /* Report ID (1), */
++ 0x09, 0x01, /* Usage (Pointer), */
++ 0xA1, 0x00, /* Collection (Physical), */
++ 0x05, 0x09, /* Usage Page (Button), */
++ 0x19, 0x01, /* Usage Minimum (01h), */
++ 0x29, 0x02, /* Usage Maximum (02h), */
++ 0x25, 0x01, /* Logical Maximum (1), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x95, 0x06, /* Report Count (6), */
++ 0x81, 0x01, /* Input (Constant), */
++ 0x05, 0x01, /* Usage Page (Desktop), */
++ 0x09, 0x30, /* Usage (X), */
++ 0x09, 0x31, /* Usage (Y), */
++ 0x15, 0x81, /* Logical Minimum (-127), */
++ 0x25, 0x7F, /* Logical Maximum (127), */
++ 0x75, 0x08, /* Report Size (8), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0x81, 0x06, /* Input (Variable, Relative), */
++ 0xC0, /* End Collection, */
++ 0xC0, /* End Collection, */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x09, 0x05, /* Usage (Touchpad), */
++ 0xA1, 0x01, /* Collection (Application), */
++ 0x85, 0x04, /* Report ID (4), */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x09, 0x22, /* Usage (Finger), */
++ 0xA1, 0x02, /* Collection (Logical), */
++ 0x15, 0x00, /* Logical Minimum (0), */
++ 0x25, 0x01, /* Logical Maximum (1), */
++ 0x09, 0x47, /* Usage (Touch Valid), */
++ 0x09, 0x42, /* Usage (Tip Switch), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x75, 0x03, /* Report Size (3), */
++ 0x25, 0x05, /* Logical Maximum (5), */
++ 0x09, 0x51, /* Usage (Contact Identifier), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x95, 0x03, /* Report Count (3), */
++ 0x81, 0x03, /* Input (Constant, Variable), */
++ 0x05, 0x01, /* Usage Page (Desktop), */
++ 0x26, 0x44, 0x0A, /* Logical Maximum (2628), */
++ 0x75, 0x10, /* Report Size (16), */
++ 0x55, 0x0E, /* Unit Exponent (14), */
++ 0x65, 0x11, /* Unit (Centimeter), */
++ 0x09, 0x30, /* Usage (X), */
++ 0x46, 0x1A, 0x04, /* Physical Maximum (1050), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x46, 0xBC, 0x02, /* Physical Maximum (700), */
++ 0x26, 0x34, 0x05, /* Logical Maximum (1332), */
++ 0x09, 0x31, /* Usage (Y), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0xC0, /* End Collection, */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x09, 0x22, /* Usage (Finger), */
++ 0xA1, 0x02, /* Collection (Logical), */
++ 0x25, 0x01, /* Logical Maximum (1), */
++ 0x09, 0x47, /* Usage (Touch Valid), */
++ 0x09, 0x42, /* Usage (Tip Switch), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x75, 0x03, /* Report Size (3), */
++ 0x25, 0x05, /* Logical Maximum (5), */
++ 0x09, 0x51, /* Usage (Contact Identifier), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x95, 0x03, /* Report Count (3), */
++ 0x81, 0x03, /* Input (Constant, Variable), */
++ 0x05, 0x01, /* Usage Page (Desktop), */
++ 0x26, 0x44, 0x0A, /* Logical Maximum (2628), */
++ 0x75, 0x10, /* Report Size (16), */
++ 0x09, 0x30, /* Usage (X), */
++ 0x46, 0x1A, 0x04, /* Physical Maximum (1050), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x46, 0xBC, 0x02, /* Physical Maximum (700), */
++ 0x26, 0x34, 0x05, /* Logical Maximum (1332), */
++ 0x09, 0x31, /* Usage (Y), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0xC0, /* End Collection, */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x09, 0x22, /* Usage (Finger), */
++ 0xA1, 0x02, /* Collection (Logical), */
++ 0x25, 0x01, /* Logical Maximum (1), */
++ 0x09, 0x47, /* Usage (Touch Valid), */
++ 0x09, 0x42, /* Usage (Tip Switch), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x75, 0x03, /* Report Size (3), */
++ 0x25, 0x05, /* Logical Maximum (5), */
++ 0x09, 0x51, /* Usage (Contact Identifier), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x95, 0x03, /* Report Count (3), */
++ 0x81, 0x03, /* Input (Constant, Variable), */
++ 0x05, 0x01, /* Usage Page (Desktop), */
++ 0x26, 0x44, 0x0A, /* Logical Maximum (2628), */
++ 0x75, 0x10, /* Report Size (16), */
++ 0x09, 0x30, /* Usage (X), */
++ 0x46, 0x1A, 0x04, /* Physical Maximum (1050), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x46, 0xBC, 0x02, /* Physical Maximum (700), */
++ 0x26, 0x34, 0x05, /* Logical Maximum (1332), */
++ 0x09, 0x31, /* Usage (Y), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0xC0, /* End Collection, */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x09, 0x22, /* Usage (Finger), */
++ 0xA1, 0x02, /* Collection (Logical), */
++ 0x25, 0x01, /* Logical Maximum (1), */
++ 0x09, 0x47, /* Usage (Touch Valid), */
++ 0x09, 0x42, /* Usage (Tip Switch), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x75, 0x03, /* Report Size (3), */
++ 0x25, 0x05, /* Logical Maximum (5), */
++ 0x09, 0x51, /* Usage (Contact Identifier), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x95, 0x03, /* Report Count (3), */
++ 0x81, 0x03, /* Input (Constant, Variable), */
++ 0x05, 0x01, /* Usage Page (Desktop), */
++ 0x26, 0x44, 0x0A, /* Logical Maximum (2628), */
++ 0x75, 0x10, /* Report Size (16), */
++ 0x09, 0x30, /* Usage (X), */
++ 0x46, 0x1A, 0x04, /* Physical Maximum (1050), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x46, 0xBC, 0x02, /* Physical Maximum (700), */
++ 0x26, 0x34, 0x05, /* Logical Maximum (1332), */
++ 0x09, 0x31, /* Usage (Y), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0xC0, /* End Collection, */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x55, 0x0C, /* Unit Exponent (12), */
++ 0x66, 0x01, 0x10, /* Unit (Seconds), */
++ 0x47, 0xFF, 0xFF, 0x00, 0x00,/* Physical Maximum (65535), */
++ 0x27, 0xFF, 0xFF, 0x00, 0x00,/* Logical Maximum (65535), */
++ 0x75, 0x10, /* Report Size (16), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x09, 0x56, /* Usage (Scan Time), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x09, 0x54, /* Usage (Contact Count), */
++ 0x25, 0x7F, /* Logical Maximum (127), */
++ 0x75, 0x08, /* Report Size (8), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x05, 0x09, /* Usage Page (Button), */
++ 0x09, 0x01, /* Usage (01h), */
++ 0x25, 0x01, /* Logical Maximum (1), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x81, 0x02, /* Input (Variable), */
++ 0x95, 0x07, /* Report Count (7), */
++ 0x81, 0x03, /* Input (Constant, Variable), */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x85, 0x02, /* Report ID (2), */
++ 0x09, 0x55, /* Usage (Contact Count Maximum), */
++ 0x09, 0x59, /* Usage (59h), */
++ 0x75, 0x04, /* Report Size (4), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0x25, 0x0F, /* Logical Maximum (15), */
++ 0xB1, 0x02, /* Feature (Variable), */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x85, 0x07, /* Report ID (7), */
++ 0x09, 0x60, /* Usage (60h), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0x25, 0x01, /* Logical Maximum (1), */
++ 0xB1, 0x02, /* Feature (Variable), */
++ 0x95, 0x07, /* Report Count (7), */
++ 0xB1, 0x03, /* Feature (Constant, Variable), */
++ 0x85, 0x06, /* Report ID (6), */
++ 0x06, 0x00, 0xFF, /* Usage Page (FF00h), */
++ 0x09, 0xC5, /* Usage (C5h), */
++ 0x26, 0xFF, 0x00, /* Logical Maximum (255), */
++ 0x75, 0x08, /* Report Size (8), */
++ 0x96, 0x00, 0x01, /* Report Count (256), */
++ 0xB1, 0x02, /* Feature (Variable), */
++ 0xC0, /* End Collection, */
++ 0x06, 0x00, 0xFF, /* Usage Page (FF00h), */
++ 0x09, 0x01, /* Usage (01h), */
++ 0xA1, 0x01, /* Collection (Application), */
++ 0x85, 0x0D, /* Report ID (13), */
++ 0x26, 0xFF, 0x00, /* Logical Maximum (255), */
++ 0x19, 0x01, /* Usage Minimum (01h), */
++ 0x29, 0x02, /* Usage Maximum (02h), */
++ 0x75, 0x08, /* Report Size (8), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0xB1, 0x02, /* Feature (Variable), */
++ 0xC0, /* End Collection, */
++ 0x05, 0x0D, /* Usage Page (Digitizer), */
++ 0x09, 0x0E, /* Usage (Configuration), */
++ 0xA1, 0x01, /* Collection (Application), */
++ 0x85, 0x03, /* Report ID (3), */
++ 0x09, 0x22, /* Usage (Finger), */
++ 0xA1, 0x02, /* Collection (Logical), */
++ 0x09, 0x52, /* Usage (Device Mode), */
++ 0x25, 0x0A, /* Logical Maximum (10), */
++ 0x95, 0x01, /* Report Count (1), */
++ 0xB1, 0x02, /* Feature (Variable), */
++ 0xC0, /* End Collection, */
++ 0x09, 0x22, /* Usage (Finger), */
++ 0xA1, 0x00, /* Collection (Physical), */
++ 0x85, 0x05, /* Report ID (5), */
++ 0x09, 0x57, /* Usage (57h), */
++ 0x09, 0x58, /* Usage (58h), */
++ 0x75, 0x01, /* Report Size (1), */
++ 0x95, 0x02, /* Report Count (2), */
++ 0x25, 0x01, /* Logical Maximum (1), */
++ 0xB1, 0x02, /* Feature (Variable), */
++ 0x95, 0x06, /* Report Count (6), */
++ 0xB1, 0x03, /* Feature (Constant, Variable),*/
++ 0xC0, /* End Collection, */
++ 0xC0 /* End Collection */
++ },
++ .hid_report_desc_size = 475,
++ .i2c_name = "SYNA3602:00"
++};
++
++
++static const struct dmi_system_id i2c_hid_dmi_desc_override_table[] = {
++ {
++ .ident = "Teclast F6 Pro",
++ .matches = {
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "TECLAST"),
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "F6 Pro"),
++ },
++ .driver_data = (void *)&sipodev_desc
++ },
++ {
++ .ident = "Teclast F7",
++ .matches = {
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "TECLAST"),
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "F7"),
++ },
++ .driver_data = (void *)&sipodev_desc
++ },
++ {
++ .ident = "Trekstor Primebook C13",
++ .matches = {
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "TREKSTOR"),
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Primebook C13"),
++ },
++ .driver_data = (void *)&sipodev_desc
++ },
++ {
++ .ident = "Trekstor Primebook C11",
++ .matches = {
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "TREKSTOR"),
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Primebook C11"),
++ },
++ .driver_data = (void *)&sipodev_desc
++ },
++ {
++ .ident = "Direkt-Tek DTLAPY116-2",
++ .matches = {
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Direkt-Tek"),
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "DTLAPY116-2"),
++ },
++ .driver_data = (void *)&sipodev_desc
++ },
++ {
++ .ident = "Mediacom Flexbook Edge 11",
++ .matches = {
++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "MEDIACOM"),
++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "FlexBook edge11 - M-FBE11"),
++ },
++ .driver_data = (void *)&sipodev_desc
++ }
++};
++
++
++struct i2c_hid_desc *i2c_hid_get_dmi_i2c_hid_desc_override(uint8_t *i2c_name)
++{
++ struct i2c_hid_desc_override *override;
++ const struct dmi_system_id *system_id;
++
++ system_id = dmi_first_match(i2c_hid_dmi_desc_override_table);
++ if (!system_id)
++ return NULL;
++
++ override = system_id->driver_data;
++ if (strcmp(override->i2c_name, i2c_name))
++ return NULL;
++
++ return override->i2c_hid_desc;
++}
++
++char *i2c_hid_get_dmi_hid_report_desc_override(uint8_t *i2c_name,
++ unsigned int *size)
++{
++ struct i2c_hid_desc_override *override;
++ const struct dmi_system_id *system_id;
++
++ system_id = dmi_first_match(i2c_hid_dmi_desc_override_table);
++ if (!system_id)
++ return NULL;
++
++ override = system_id->driver_data;
++ if (strcmp(override->i2c_name, i2c_name))
++ return NULL;
++
++ *size = override->hid_report_desc_size;
++ return override->hid_report_desc;
++}
+diff --git a/drivers/hid/i2c-hid/i2c-hid.h b/drivers/hid/i2c-hid/i2c-hid.h
+new file mode 100644
+index 000000000000..a8c19aef5824
+--- /dev/null
++++ b/drivers/hid/i2c-hid/i2c-hid.h
+@@ -0,0 +1,20 @@
++/* SPDX-License-Identifier: GPL-2.0+ */
++
++#ifndef I2C_HID_H
++#define I2C_HID_H
++
++
++#ifdef CONFIG_DMI
++struct i2c_hid_desc *i2c_hid_get_dmi_i2c_hid_desc_override(uint8_t *i2c_name);
++char *i2c_hid_get_dmi_hid_report_desc_override(uint8_t *i2c_name,
++ unsigned int *size);
++#else
++static inline struct i2c_hid_desc
++ *i2c_hid_get_dmi_i2c_hid_desc_override(uint8_t *i2c_name)
++{ return NULL; }
++static inline char *i2c_hid_get_dmi_hid_report_desc_override(uint8_t *i2c_name,
++ unsigned int *size)
++{ return NULL; }
++#endif
++
++#endif
+--
+2.19.1
+
--- /dev/null
+From e410e8b628202fbbcc7998b303e015a0a0939f3c Mon Sep 17 00:00:00 2001
+From: Jack Morgenstein <jackm@dev.mellanox.co.il>
+Date: Wed, 6 Mar 2019 19:17:56 +0200
+Subject: IB/mlx4: Fix race condition between catas error reset and aliasguid
+ flows
+
+[ Upstream commit 587443e7773e150ae29e643ee8f41a1eed226565 ]
+
+Code review revealed a race condition which could allow the catas error
+flow to interrupt the alias guid query post mechanism at random points.
+Thiis is fixed by doing cancel_delayed_work_sync() instead of
+cancel_delayed_work() during the alias guid mechanism destroy flow.
+
+Fixes: a0c64a17aba8 ("mlx4: Add alias_guid mechanism")
+Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
+Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/infiniband/hw/mlx4/alias_GUID.c b/drivers/infiniband/hw/mlx4/alias_GUID.c
+index 5e9939045852..ec138845a474 100644
+--- a/drivers/infiniband/hw/mlx4/alias_GUID.c
++++ b/drivers/infiniband/hw/mlx4/alias_GUID.c
+@@ -805,8 +805,8 @@ void mlx4_ib_destroy_alias_guid_service(struct mlx4_ib_dev *dev)
+ unsigned long flags;
+
+ for (i = 0 ; i < dev->num_ports; i++) {
+- cancel_delayed_work(&dev->sriov.alias_guid.ports_guid[i].alias_guid_work);
+ det = &sriov->alias_guid.ports_guid[i];
++ cancel_delayed_work_sync(&det->alias_guid_work);
+ spin_lock_irqsave(&sriov->alias_guid.ag_work_lock, flags);
+ while (!list_empty(&det->cb_list)) {
+ cb_ctx = list_entry(det->cb_list.next,
+--
+2.19.1
+
--- /dev/null
+From 25841b03f51a20b23d0d74d0254e178bc61d4b53 Mon Sep 17 00:00:00 2001
+From: Pi-Hsun Shih <pihsun@chromium.org>
+Date: Wed, 13 Mar 2019 11:44:33 -0700
+Subject: include/linux/swap.h: use offsetof() instead of custom __swapoffset
+ macro
+
+[ Upstream commit a4046c06be50a4f01d435aa7fe57514818e6cc82 ]
+
+Use offsetof() to calculate offset of a field to take advantage of
+compiler built-in version when possible, and avoid UBSAN warning when
+compiling with Clang:
+
+ UBSAN: Undefined behaviour in mm/swapfile.c:3010:38
+ member access within null pointer of type 'union swap_header'
+ CPU: 6 PID: 1833 Comm: swapon Tainted: G S 4.19.23 #43
+ Call trace:
+ dump_backtrace+0x0/0x194
+ show_stack+0x20/0x2c
+ __dump_stack+0x20/0x28
+ dump_stack+0x70/0x94
+ ubsan_epilogue+0x14/0x44
+ ubsan_type_mismatch_common+0xf4/0xfc
+ __ubsan_handle_type_mismatch_v1+0x34/0x54
+ __se_sys_swapon+0x654/0x1084
+ __arm64_sys_swapon+0x1c/0x24
+ el0_svc_common+0xa8/0x150
+ el0_svc_compat_handler+0x2c/0x38
+ el0_svc_compat+0x8/0x18
+
+Link: http://lkml.kernel.org/r/20190312081902.223764-1-pihsun@chromium.org
+Signed-off-by: Pi-Hsun Shih <pihsun@chromium.org>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/swap.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/linux/swap.h b/include/linux/swap.h
+index 55ff5593c193..2228907d08ff 100644
+--- a/include/linux/swap.h
++++ b/include/linux/swap.h
+@@ -135,9 +135,9 @@ struct swap_extent {
+ /*
+ * Max bad pages in the new format..
+ */
+-#define __swapoffset(x) ((unsigned long)&((union swap_header *)0)->x)
+ #define MAX_SWAP_BADPAGES \
+- ((__swapoffset(magic.magic) - __swapoffset(info.badpages)) / sizeof(int))
++ ((offsetof(union swap_header, magic.magic) - \
++ offsetof(union swap_header, info.badpages)) / sizeof(int))
+
+ enum {
+ SWP_USED = (1 << 0), /* is slot in swap_info[] used? */
+--
+2.19.1
+
--- /dev/null
+From d16fdf746a9e61070ce5dc64c78b9e447e046167 Mon Sep 17 00:00:00 2001
+From: Julia Cartwright <julia@ni.com>
+Date: Wed, 20 Feb 2019 16:46:31 +0000
+Subject: iommu/dmar: Fix buffer overflow during PCI bus notification
+
+[ Upstream commit cffaaf0c816238c45cd2d06913476c83eb50f682 ]
+
+Commit 57384592c433 ("iommu/vt-d: Store bus information in RMRR PCI
+device path") changed the type of the path data, however, the change in
+path type was not reflected in size calculations. Update to use the
+correct type and prevent a buffer overflow.
+
+This bug manifests in systems with deep PCI hierarchies, and can lead to
+an overflow of the static allocated buffer (dmar_pci_notify_info_buf),
+or can lead to overflow of slab-allocated data.
+
+ BUG: KASAN: global-out-of-bounds in dmar_alloc_pci_notify_info+0x1d5/0x2e0
+ Write of size 1 at addr ffffffff90445d80 by task swapper/0/1
+ CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 4.14.87-rt49-02406-gd0a0e96 #1
+ Call Trace:
+ ? dump_stack+0x46/0x59
+ ? print_address_description+0x1df/0x290
+ ? dmar_alloc_pci_notify_info+0x1d5/0x2e0
+ ? kasan_report+0x256/0x340
+ ? dmar_alloc_pci_notify_info+0x1d5/0x2e0
+ ? e820__memblock_setup+0xb0/0xb0
+ ? dmar_dev_scope_init+0x424/0x48f
+ ? __down_write_common+0x1ec/0x230
+ ? dmar_dev_scope_init+0x48f/0x48f
+ ? dmar_free_unused_resources+0x109/0x109
+ ? cpumask_next+0x16/0x20
+ ? __kmem_cache_create+0x392/0x430
+ ? kmem_cache_create+0x135/0x2f0
+ ? e820__memblock_setup+0xb0/0xb0
+ ? intel_iommu_init+0x170/0x1848
+ ? _raw_spin_unlock_irqrestore+0x32/0x60
+ ? migrate_enable+0x27a/0x5b0
+ ? sched_setattr+0x20/0x20
+ ? migrate_disable+0x1fc/0x380
+ ? task_rq_lock+0x170/0x170
+ ? try_to_run_init_process+0x40/0x40
+ ? locks_remove_file+0x85/0x2f0
+ ? dev_prepare_static_identity_mapping+0x78/0x78
+ ? rt_spin_unlock+0x39/0x50
+ ? lockref_put_or_lock+0x2a/0x40
+ ? dput+0x128/0x2f0
+ ? __rcu_read_unlock+0x66/0x80
+ ? __fput+0x250/0x300
+ ? __rcu_read_lock+0x1b/0x30
+ ? mntput_no_expire+0x38/0x290
+ ? e820__memblock_setup+0xb0/0xb0
+ ? pci_iommu_init+0x25/0x63
+ ? pci_iommu_init+0x25/0x63
+ ? do_one_initcall+0x7e/0x1c0
+ ? initcall_blacklisted+0x120/0x120
+ ? kernel_init_freeable+0x27b/0x307
+ ? rest_init+0xd0/0xd0
+ ? kernel_init+0xf/0x120
+ ? rest_init+0xd0/0xd0
+ ? ret_from_fork+0x1f/0x40
+ The buggy address belongs to the variable:
+ dmar_pci_notify_info_buf+0x40/0x60
+
+Fixes: 57384592c433 ("iommu/vt-d: Store bus information in RMRR PCI device path")
+Signed-off-by: Julia Cartwright <julia@ni.com>
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/iommu/dmar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
+index 63110fbbb410..d51734e0c350 100644
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -143,7 +143,7 @@ dmar_alloc_pci_notify_info(struct pci_dev *dev, unsigned long event)
+ for (tmp = dev; tmp; tmp = tmp->bus->self)
+ level++;
+
+- size = sizeof(*info) + level * sizeof(struct acpi_dmar_pci_path);
++ size = sizeof(*info) + level * sizeof(info->path[0]);
+ if (size <= sizeof(dmar_pci_notify_info_buf)) {
+ info = (struct dmar_pci_notify_info *)dmar_pci_notify_info_buf;
+ } else {
+--
+2.19.1
+
--- /dev/null
+From 5c4663d7c25f1a8522418d5b77a09e5f784e5791 Mon Sep 17 00:00:00 2001
+From: Lu Baolu <baolu.lu@linux.intel.com>
+Date: Wed, 20 Mar 2019 09:58:33 +0800
+Subject: iommu/vt-d: Check capability before disabling protected memory
+
+[ Upstream commit 5bb71fc790a88d063507dc5d445ab8b14e845591 ]
+
+The spec states in 10.4.16 that the Protected Memory Enable
+Register should be treated as read-only for implementations
+not supporting protected memory regions (PLMR and PHMR fields
+reported as Clear in the Capability register).
+
+Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
+Cc: mark gross <mgross@intel.com>
+Suggested-by: Ashok Raj <ashok.raj@intel.com>
+Fixes: f8bab73515ca5 ("intel-iommu: PMEN support")
+Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/iommu/intel-iommu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
+index 86e349614e21..28feb1744710 100644
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -1636,6 +1636,9 @@ static void iommu_disable_protect_mem_regions(struct intel_iommu *iommu)
+ u32 pmen;
+ unsigned long flags;
+
++ if (!cap_plmr(iommu->cap) && !cap_phmr(iommu->cap))
++ return;
++
+ raw_spin_lock_irqsave(&iommu->register_lock, flags);
+ pmen = readl(iommu->reg + DMAR_PMEN_REG);
+ pmen &= ~DMA_PMEN_EPM;
+--
+2.19.1
+
--- /dev/null
+From 8458b480cd451b18f9c59042d804721b506cb9d7 Mon Sep 17 00:00:00 2001
+From: Jianguo Chen <chenjianguo3@huawei.com>
+Date: Wed, 20 Mar 2019 18:54:21 +0000
+Subject: irqchip/mbigen: Don't clear eventid when freeing an MSI
+
+[ Upstream commit fca269f201a8d9985c0a31fb60b15d4eb57cef80 ]
+
+mbigen_write_msg clears eventid bits of a mbigen register
+when free a interrupt, because msi_domain_deactivate memset
+struct msg to zero. Then multiple mbigen pins with zero eventid
+will report the same interrupt number.
+
+The eventid clear call trace:
+ free_irq
+ __free_irq
+ irq_shutdown
+ irq_domain_deactivate_irq
+ __irq_domain_deactivate_irq
+ __irq_domain_deactivate_irq
+ msi_domain_deactivate
+ platform_msi_write_msg
+ mbigen_write_msg
+
+Signed-off-by: Jianguo Chen <chenjianguo3@huawei.com>
+[maz: massaged subject]
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/irqchip/irq-mbigen.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/irqchip/irq-mbigen.c b/drivers/irqchip/irq-mbigen.c
+index 05d87f60d929..406bfe618448 100644
+--- a/drivers/irqchip/irq-mbigen.c
++++ b/drivers/irqchip/irq-mbigen.c
+@@ -160,6 +160,9 @@ static void mbigen_write_msg(struct msi_desc *desc, struct msi_msg *msg)
+ void __iomem *base = d->chip_data;
+ u32 val;
+
++ if (!msg->address_lo && !msg->address_hi)
++ return;
++
+ base += get_mbigen_vec_reg(d->hwirq);
+ val = readl_relaxed(base);
+
+--
+2.19.1
+
--- /dev/null
+From 247952e5f2aad78b1a083c465816434289beceff Mon Sep 17 00:00:00 2001
+From: Vitaly Kuznetsov <vkuznets@redhat.com>
+Date: Wed, 17 Oct 2018 13:23:55 +0200
+Subject: kernel: hung_task.c: disable on suspend
+
+[ Upstream commit a1c6ca3c6de763459a6e93b644ec6518c890ba1c ]
+
+It is possible to observe hung_task complaints when system goes to
+suspend-to-idle state:
+
+ # echo freeze > /sys/power/state
+
+ PM: Syncing filesystems ... done.
+ Freezing user space processes ... (elapsed 0.001 seconds) done.
+ OOM killer disabled.
+ Freezing remaining freezable tasks ... (elapsed 0.002 seconds) done.
+ sd 0:0:0:0: [sda] Synchronizing SCSI cache
+ INFO: task bash:1569 blocked for more than 120 seconds.
+ Not tainted 4.19.0-rc3_+ #687
+ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
+ bash D 0 1569 604 0x00000000
+ Call Trace:
+ ? __schedule+0x1fe/0x7e0
+ schedule+0x28/0x80
+ suspend_devices_and_enter+0x4ac/0x750
+ pm_suspend+0x2c0/0x310
+
+Register a PM notifier to disable the detector on suspend and re-enable
+back on wakeup.
+
+Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/hung_task.c | 30 +++++++++++++++++++++++++++++-
+ 1 file changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/hung_task.c b/kernel/hung_task.c
+index fd781a468f32..fb00cf30abd1 100644
+--- a/kernel/hung_task.c
++++ b/kernel/hung_task.c
+@@ -15,6 +15,7 @@
+ #include <linux/lockdep.h>
+ #include <linux/export.h>
+ #include <linux/sysctl.h>
++#include <linux/suspend.h>
+ #include <linux/utsname.h>
+ #include <trace/events/sched.h>
+
+@@ -221,6 +222,28 @@ void reset_hung_task_detector(void)
+ }
+ EXPORT_SYMBOL_GPL(reset_hung_task_detector);
+
++static bool hung_detector_suspended;
++
++static int hungtask_pm_notify(struct notifier_block *self,
++ unsigned long action, void *hcpu)
++{
++ switch (action) {
++ case PM_SUSPEND_PREPARE:
++ case PM_HIBERNATION_PREPARE:
++ case PM_RESTORE_PREPARE:
++ hung_detector_suspended = true;
++ break;
++ case PM_POST_SUSPEND:
++ case PM_POST_HIBERNATION:
++ case PM_POST_RESTORE:
++ hung_detector_suspended = false;
++ break;
++ default:
++ break;
++ }
++ return NOTIFY_OK;
++}
++
+ /*
+ * kthread which checks for tasks stuck in D state
+ */
+@@ -235,7 +258,8 @@ static int watchdog(void *dummy)
+ long t = hung_timeout_jiffies(hung_last_checked, timeout);
+
+ if (t <= 0) {
+- if (!atomic_xchg(&reset_hung_task, 0))
++ if (!atomic_xchg(&reset_hung_task, 0) &&
++ !hung_detector_suspended)
+ check_hung_uninterruptible_tasks(timeout);
+ hung_last_checked = jiffies;
+ continue;
+@@ -249,6 +273,10 @@ static int watchdog(void *dummy)
+ static int __init hung_task_init(void)
+ {
+ atomic_notifier_chain_register(&panic_notifier_list, &panic_block);
++
++ /* Disable hung task detector on suspend */
++ pm_notifier(hungtask_pm_notify, 0);
++
+ watchdog_task = kthread_run(watchdog, NULL, "khungtaskd");
+
+ return 0;
+--
+2.19.1
+
--- /dev/null
+From b412039a6392376d96a8444eedc8a88500a52aa9 Mon Sep 17 00:00:00 2001
+From: Stanislaw Gruszka <sgruszka@redhat.com>
+Date: Thu, 7 Mar 2019 16:28:18 -0800
+Subject: lib/div64.c: off by one in shift
+
+[ Upstream commit cdc94a37493135e355dfc0b0e086d84e3eadb50d ]
+
+fls counts bits starting from 1 to 32 (returns 0 for zero argument). If
+we add 1 we shift right one bit more and loose precision from divisor,
+what cause function incorect results with some numbers.
+
+Corrected code was tested in user-space, see bugzilla:
+ https://bugzilla.kernel.org/show_bug.cgi?id=202391
+
+Link: http://lkml.kernel.org/r/1548686944-11891-1-git-send-email-sgruszka@redhat.com
+Fixes: 658716d19f8f ("div64_u64(): improve precision on 32bit platforms")
+Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
+Reported-by: Siarhei Volkau <lis8215@gmail.com>
+Tested-by: Siarhei Volkau <lis8215@gmail.com>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ lib/div64.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/div64.c b/lib/div64.c
+index 7f345259c32f..c1c1a4c36dd5 100644
+--- a/lib/div64.c
++++ b/lib/div64.c
+@@ -102,7 +102,7 @@ u64 div64_u64_rem(u64 dividend, u64 divisor, u64 *remainder)
+ quot = div_u64_rem(dividend, divisor, &rem32);
+ *remainder = rem32;
+ } else {
+- int n = 1 + fls(high);
++ int n = fls(high);
+ quot = div_u64(dividend >> n, divisor >> n);
+
+ if (quot != 0)
+@@ -140,7 +140,7 @@ u64 div64_u64(u64 dividend, u64 divisor)
+ if (high == 0) {
+ quot = div_u64(dividend, divisor);
+ } else {
+- int n = 1 + fls(high);
++ int n = fls(high);
+ quot = div_u64(dividend >> n, divisor >> n);
+
+ if (quot != 0)
+--
+2.19.1
+
--- /dev/null
+From 43f7b3853e7af7ccbd59f279b5d00bbe962910b6 Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Fri, 14 Dec 2018 15:26:20 +0000
+Subject: lkdtm: Add tests for NULL pointer dereference
+
+[ Upstream commit 59a12205d3c32aee4c13ca36889fdf7cfed31126 ]
+
+Introduce lkdtm tests for NULL pointer dereference: check access or exec
+at NULL address, since these errors tend to be reported differently from
+the general fault error text. For example from x86:
+
+ pr_alert("BUG: unable to handle kernel %s at %px\n",
+ address < PAGE_SIZE ? "NULL pointer dereference" : "paging request",
+ (void *)address);
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/misc/lkdtm.h | 2 ++
+ drivers/misc/lkdtm_core.c | 2 ++
+ drivers/misc/lkdtm_perms.c | 18 ++++++++++++++++++
+ 3 files changed, 22 insertions(+)
+
+diff --git a/drivers/misc/lkdtm.h b/drivers/misc/lkdtm.h
+index fdf954c2107f..6abc97b245e4 100644
+--- a/drivers/misc/lkdtm.h
++++ b/drivers/misc/lkdtm.h
+@@ -40,7 +40,9 @@ void lkdtm_EXEC_KMALLOC(void);
+ void lkdtm_EXEC_VMALLOC(void);
+ void lkdtm_EXEC_RODATA(void);
+ void lkdtm_EXEC_USERSPACE(void);
++void lkdtm_EXEC_NULL(void);
+ void lkdtm_ACCESS_USERSPACE(void);
++void lkdtm_ACCESS_NULL(void);
+
+ /* lkdtm_rodata.c */
+ void lkdtm_rodata_do_nothing(void);
+diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c
+index b2989f2d3126..035e51bea450 100644
+--- a/drivers/misc/lkdtm_core.c
++++ b/drivers/misc/lkdtm_core.c
+@@ -214,7 +214,9 @@ struct crashtype crashtypes[] = {
+ CRASHTYPE(EXEC_VMALLOC),
+ CRASHTYPE(EXEC_RODATA),
+ CRASHTYPE(EXEC_USERSPACE),
++ CRASHTYPE(EXEC_NULL),
+ CRASHTYPE(ACCESS_USERSPACE),
++ CRASHTYPE(ACCESS_NULL),
+ CRASHTYPE(WRITE_RO),
+ CRASHTYPE(WRITE_RO_AFTER_INIT),
+ CRASHTYPE(WRITE_KERN),
+diff --git a/drivers/misc/lkdtm_perms.c b/drivers/misc/lkdtm_perms.c
+index 45f1c0f96612..1a9dcdaa95f0 100644
+--- a/drivers/misc/lkdtm_perms.c
++++ b/drivers/misc/lkdtm_perms.c
+@@ -160,6 +160,11 @@ void lkdtm_EXEC_USERSPACE(void)
+ vm_munmap(user_addr, PAGE_SIZE);
+ }
+
++void lkdtm_EXEC_NULL(void)
++{
++ execute_location(NULL, CODE_AS_IS);
++}
++
+ void lkdtm_ACCESS_USERSPACE(void)
+ {
+ unsigned long user_addr, tmp = 0;
+@@ -191,6 +196,19 @@ void lkdtm_ACCESS_USERSPACE(void)
+ vm_munmap(user_addr, PAGE_SIZE);
+ }
+
++void lkdtm_ACCESS_NULL(void)
++{
++ unsigned long tmp;
++ unsigned long *ptr = (unsigned long *)NULL;
++
++ pr_info("attempting bad read at %px\n", ptr);
++ tmp = *ptr;
++ tmp += 0xc0dec0de;
++
++ pr_info("attempting bad write at %px\n", ptr);
++ *ptr = tmp;
++}
++
+ void __init lkdtm_perms_init(void)
+ {
+ /* Make sure we can write to __ro_after_init values during __init */
+--
+2.19.1
+
--- /dev/null
+From 49a0a23a7327d709e9178698000d67bb05ff5a4a Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Thu, 7 Mar 2019 11:10:11 +0100
+Subject: mmc: davinci: remove extraneous __init annotation
+
+[ Upstream commit 9ce58dd7d9da3ca0d7cb8c9568f1c6f4746da65a ]
+
+Building with clang finds a mistaken __init tag:
+
+WARNING: vmlinux.o(.text+0x5e4250): Section mismatch in reference from the function davinci_mmcsd_probe() to the function .init.text:init_mmcsd_host()
+The function davinci_mmcsd_probe() references
+the function __init init_mmcsd_host().
+This is often because davinci_mmcsd_probe lacks a __init
+annotation or the annotation of init_mmcsd_host is wrong.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Acked-by: Wolfram Sang <wsa@the-dreams.de>
+Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mmc/host/davinci_mmc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/mmc/host/davinci_mmc.c b/drivers/mmc/host/davinci_mmc.c
+index 8fa478c3b0db..619457b90dc7 100644
+--- a/drivers/mmc/host/davinci_mmc.c
++++ b/drivers/mmc/host/davinci_mmc.c
+@@ -1120,7 +1120,7 @@ static inline void mmc_davinci_cpufreq_deregister(struct mmc_davinci_host *host)
+ {
+ }
+ #endif
+-static void __init init_mmcsd_host(struct mmc_davinci_host *host)
++static void init_mmcsd_host(struct mmc_davinci_host *host)
+ {
+
+ mmc_davinci_reset_ctrl(host, 1);
+--
+2.19.1
+
--- /dev/null
+From b6c67a402f5d294c40f689c66f831dca8fa6a669 Mon Sep 17 00:00:00 2001
+From: Changbin Du <changbin.du@gmail.com>
+Date: Sat, 16 Mar 2019 16:05:46 +0800
+Subject: perf build-id: Fix memory leak in print_sdt_events()
+
+[ Upstream commit 8bde8516893da5a5fdf06121f74d11b52ab92df5 ]
+
+Detected with gcc's ASan:
+
+ Direct leak of 4356 byte(s) in 120 object(s) allocated from:
+ #0 0x7ff1a2b5a070 in __interceptor_strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3b070)
+ #1 0x55719aef4814 in build_id_cache__origname util/build-id.c:215
+ #2 0x55719af649b6 in print_sdt_events util/parse-events.c:2339
+ #3 0x55719af66272 in print_events util/parse-events.c:2542
+ #4 0x55719ad1ecaa in cmd_list /home/changbin/work/linux/tools/perf/builtin-list.c:58
+ #5 0x55719aec745d in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302
+ #6 0x55719aec7d1a in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354
+ #7 0x55719aec8184 in run_argv /home/changbin/work/linux/tools/perf/perf.c:398
+ #8 0x55719aeca41a in main /home/changbin/work/linux/tools/perf/perf.c:520
+ #9 0x7ff1a07ae09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
+
+Signed-off-by: Changbin Du <changbin.du@gmail.com>
+Reviewed-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Fixes: 40218daea1db ("perf list: Show SDT and pre-cached events")
+Link: http://lkml.kernel.org/r/20190316080556.3075-7-changbin.du@gmail.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/build-id.c | 1 +
+ tools/perf/util/parse-events.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/tools/perf/util/build-id.c b/tools/perf/util/build-id.c
+index 993ef2762508..32aab95e1459 100644
+--- a/tools/perf/util/build-id.c
++++ b/tools/perf/util/build-id.c
+@@ -176,6 +176,7 @@ char *build_id_cache__linkname(const char *sbuild_id, char *bf, size_t size)
+ return bf;
+ }
+
++/* The caller is responsible to free the returned buffer. */
+ char *build_id_cache__origname(const char *sbuild_id)
+ {
+ char *linkname;
+diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
+index 14f111a10650..6193be6d7639 100644
+--- a/tools/perf/util/parse-events.c
++++ b/tools/perf/util/parse-events.c
+@@ -2104,6 +2104,7 @@ void print_sdt_events(const char *subsys_glob, const char *event_glob,
+ printf(" %-50s [%s]\n", buf, "SDT event");
+ free(buf);
+ }
++ free(path);
+ } else
+ printf(" %-50s [%s]\n", nd->s, "SDT event");
+ if (nd2) {
+--
+2.19.1
+
--- /dev/null
+From 6b84218124ffb62701572d91befc62a81192cd8e Mon Sep 17 00:00:00 2001
+From: Changbin Du <changbin.du@gmail.com>
+Date: Sat, 16 Mar 2019 16:05:45 +0800
+Subject: perf config: Fix a memory leak in collect_config()
+
+[ Upstream commit 54569ba4b06d5baedae4614bde33a25a191473ba ]
+
+Detected with gcc's ASan:
+
+ Direct leak of 66 byte(s) in 5 object(s) allocated from:
+ #0 0x7ff3b1f32070 in __interceptor_strdup (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3b070)
+ #1 0x560c8761034d in collect_config util/config.c:597
+ #2 0x560c8760d9cb in get_value util/config.c:169
+ #3 0x560c8760dfd7 in perf_parse_file util/config.c:285
+ #4 0x560c8760e0d2 in perf_config_from_file util/config.c:476
+ #5 0x560c876108fd in perf_config_set__init util/config.c:661
+ #6 0x560c87610c72 in perf_config_set__new util/config.c:709
+ #7 0x560c87610d2f in perf_config__init util/config.c:718
+ #8 0x560c87610e5d in perf_config util/config.c:730
+ #9 0x560c875ddea0 in main /home/changbin/work/linux/tools/perf/perf.c:442
+ #10 0x7ff3afb8609a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
+
+Signed-off-by: Changbin Du <changbin.du@gmail.com>
+Reviewed-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Cc: Taeung Song <treeze.taeung@gmail.com>
+Fixes: 20105ca1240c ("perf config: Introduce perf_config_set class")
+Link: http://lkml.kernel.org/r/20190316080556.3075-6-changbin.du@gmail.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/config.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/tools/perf/util/config.c b/tools/perf/util/config.c
+index 18dae745034f..1d66f8eab9f9 100644
+--- a/tools/perf/util/config.c
++++ b/tools/perf/util/config.c
+@@ -595,11 +595,10 @@ static int collect_config(const char *var, const char *value,
+ }
+
+ ret = set_value(item, value);
+- return ret;
+
+ out_free:
+ free(key);
+- return -1;
++ return ret;
+ }
+
+ static int perf_config_set__init(struct perf_config_set *set)
+--
+2.19.1
+
--- /dev/null
+From 5a5ac05fd845e69608b30fcb6a972d1ecf70b249 Mon Sep 17 00:00:00 2001
+From: Changbin Du <changbin.du@gmail.com>
+Date: Sat, 16 Mar 2019 16:05:44 +0800
+Subject: perf config: Fix an error in the config template documentation
+
+[ Upstream commit 9b40dff7ba3caaf0d1919f98e136fa3400bd34aa ]
+
+The option 'sort-order' should be 'sort_order'.
+
+Signed-off-by: Changbin Du <changbin.du@gmail.com>
+Reviewed-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Milian Wolff <milian.wolff@kdab.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Fixes: 893c5c798be9 ("perf config: Show default report configuration in example and docs")
+Link: http://lkml.kernel.org/r/20190316080556.3075-5-changbin.du@gmail.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/Documentation/perf-config.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tools/perf/Documentation/perf-config.txt b/tools/perf/Documentation/perf-config.txt
+index cb081ac59fd1..bd359a04cb94 100644
+--- a/tools/perf/Documentation/perf-config.txt
++++ b/tools/perf/Documentation/perf-config.txt
+@@ -112,7 +112,7 @@ Given a $HOME/.perfconfig like this:
+
+ [report]
+ # Defaults
+- sort-order = comm,dso,symbol
++ sort_order = comm,dso,symbol
+ percent-limit = 0
+ queue-size = 0
+ children = true
+--
+2.19.1
+
--- /dev/null
+From 3aab4df41bb811b40815bdfc42158254fd8ddfe3 Mon Sep 17 00:00:00 2001
+From: Stephane Eranian <eranian@google.com>
+Date: Thu, 7 Mar 2019 10:52:33 -0800
+Subject: perf/core: Restore mmap record type correctly
+
+[ Upstream commit d9c1bb2f6a2157b38e8eb63af437cb22701d31ee ]
+
+On mmap(), perf_events generates a RECORD_MMAP record and then checks
+which events are interested in this record. There are currently 2
+versions of mmap records: RECORD_MMAP and RECORD_MMAP2. MMAP2 is larger.
+The event configuration controls which version the user level tool
+accepts.
+
+If the event->attr.mmap2=1 field then MMAP2 record is returned. The
+perf_event_mmap_output() takes care of this. It checks attr->mmap2 and
+corrects the record fields before putting it in the sampling buffer of
+the event. At the end the function restores the modified MMAP record
+fields.
+
+The problem is that the function restores the size but not the type.
+Thus, if a subsequent event only accepts MMAP type, then it would
+instead receive an MMAP2 record with a size of MMAP record.
+
+This patch fixes the problem by restoring the record type on exit.
+
+Signed-off-by: Stephane Eranian <eranian@google.com>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Jiri Olsa <jolsa@redhat.com>
+Cc: Kan Liang <kan.liang@linux.intel.com>
+Fixes: 13d7a2410fa6 ("perf: Add attr->mmap2 attribute to an event")
+Link: http://lkml.kernel.org/r/20190307185233.225521-1-eranian@google.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/events/core.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 5cbb2eda80b5..7929526e96e2 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -6616,6 +6616,7 @@ static void perf_event_mmap_output(struct perf_event *event,
+ struct perf_output_handle handle;
+ struct perf_sample_data sample;
+ int size = mmap_event->event_id.header.size;
++ u32 type = mmap_event->event_id.header.type;
+ int ret;
+
+ if (!perf_event_mmap_match(event, data))
+@@ -6659,6 +6660,7 @@ static void perf_event_mmap_output(struct perf_event *event,
+ perf_output_end(&handle);
+ out:
+ mmap_event->event_id.header.size = size;
++ mmap_event->event_id.header.type = type;
+ }
+
+ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+--
+2.19.1
+
--- /dev/null
+From 6e50d31ce11810e2990d5beeb207fef3df796659 Mon Sep 17 00:00:00 2001
+From: Arnaldo Carvalho de Melo <acme@redhat.com>
+Date: Mon, 18 Mar 2019 16:41:28 -0300
+Subject: perf evsel: Free evsel->counts in perf_evsel__exit()
+
+[ Upstream commit 42dfa451d825a2ad15793c476f73e7bbc0f9d312 ]
+
+Using gcc's ASan, Changbin reports:
+
+ =================================================================
+ ==7494==ERROR: LeakSanitizer: detected memory leaks
+
+ Direct leak of 48 byte(s) in 1 object(s) allocated from:
+ #0 0x7f0333a89138 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xee138)
+ #1 0x5625e5330a5e in zalloc util/util.h:23
+ #2 0x5625e5330a9b in perf_counts__new util/counts.c:10
+ #3 0x5625e5330ca0 in perf_evsel__alloc_counts util/counts.c:47
+ #4 0x5625e520d8e5 in __perf_evsel__read_on_cpu util/evsel.c:1505
+ #5 0x5625e517a985 in perf_evsel__read_on_cpu /home/work/linux/tools/perf/util/evsel.h:347
+ #6 0x5625e517ad1a in test__openat_syscall_event tests/openat-syscall.c:47
+ #7 0x5625e51528e6 in run_test tests/builtin-test.c:358
+ #8 0x5625e5152baf in test_and_print tests/builtin-test.c:388
+ #9 0x5625e51543fe in __cmd_test tests/builtin-test.c:583
+ #10 0x5625e515572f in cmd_test tests/builtin-test.c:722
+ #11 0x5625e51c3fb8 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302
+ #12 0x5625e51c44f7 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354
+ #13 0x5625e51c48fb in run_argv /home/changbin/work/linux/tools/perf/perf.c:398
+ #14 0x5625e51c5069 in main /home/changbin/work/linux/tools/perf/perf.c:520
+ #15 0x7f033214d09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
+
+ Indirect leak of 72 byte(s) in 1 object(s) allocated from:
+ #0 0x7f0333a89138 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xee138)
+ #1 0x5625e532560d in zalloc util/util.h:23
+ #2 0x5625e532566b in xyarray__new util/xyarray.c:10
+ #3 0x5625e5330aba in perf_counts__new util/counts.c:15
+ #4 0x5625e5330ca0 in perf_evsel__alloc_counts util/counts.c:47
+ #5 0x5625e520d8e5 in __perf_evsel__read_on_cpu util/evsel.c:1505
+ #6 0x5625e517a985 in perf_evsel__read_on_cpu /home/work/linux/tools/perf/util/evsel.h:347
+ #7 0x5625e517ad1a in test__openat_syscall_event tests/openat-syscall.c:47
+ #8 0x5625e51528e6 in run_test tests/builtin-test.c:358
+ #9 0x5625e5152baf in test_and_print tests/builtin-test.c:388
+ #10 0x5625e51543fe in __cmd_test tests/builtin-test.c:583
+ #11 0x5625e515572f in cmd_test tests/builtin-test.c:722
+ #12 0x5625e51c3fb8 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302
+ #13 0x5625e51c44f7 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354
+ #14 0x5625e51c48fb in run_argv /home/changbin/work/linux/tools/perf/perf.c:398
+ #15 0x5625e51c5069 in main /home/changbin/work/linux/tools/perf/perf.c:520
+ #16 0x7f033214d09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
+
+His patch took care of evsel->prev_raw_counts, but the above backtraces
+are about evsel->counts, so fix that instead.
+
+Reported-by: Changbin Du <changbin.du@gmail.com>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Link: https://lkml.kernel.org/n/tip-hd1x13g59f0nuhe4anxhsmfp@git.kernel.org
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/evsel.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
+index f7128c2a6386..a62f79558146 100644
+--- a/tools/perf/util/evsel.c
++++ b/tools/perf/util/evsel.c
+@@ -1167,6 +1167,7 @@ void perf_evsel__exit(struct perf_evsel *evsel)
+ {
+ assert(list_empty(&evsel->node));
+ assert(evsel->evlist == NULL);
++ perf_evsel__free_counts(evsel);
+ perf_evsel__free_fd(evsel);
+ perf_evsel__free_id(evsel);
+ perf_evsel__free_config_terms(evsel);
+--
+2.19.1
+
--- /dev/null
+From cfd8c280609cd7d00f0345b9d993ba4c179413d6 Mon Sep 17 00:00:00 2001
+From: Changbin Du <changbin.du@gmail.com>
+Date: Sat, 16 Mar 2019 16:05:49 +0800
+Subject: perf hist: Add missing map__put() in error case
+
+[ Upstream commit cb6186aeffda4d27e56066c79e9579e7831541d3 ]
+
+We need to map__put() before returning from failure of
+sample__resolve_callchain().
+
+Detected with gcc's ASan.
+
+Signed-off-by: Changbin Du <changbin.du@gmail.com>
+Reviewed-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Krister Johansen <kjlx@templeofstupid.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Fixes: 9c68ae98c6f7 ("perf callchain: Reference count maps")
+Link: http://lkml.kernel.org/r/20190316080556.3075-10-changbin.du@gmail.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/util/hist.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tools/perf/util/hist.c b/tools/perf/util/hist.c
+index ad613ea51434..82833ceba339 100644
+--- a/tools/perf/util/hist.c
++++ b/tools/perf/util/hist.c
+@@ -1027,8 +1027,10 @@ int hist_entry_iter__add(struct hist_entry_iter *iter, struct addr_location *al,
+
+ err = sample__resolve_callchain(iter->sample, &callchain_cursor, &iter->parent,
+ iter->evsel, al, max_stack_depth);
+- if (err)
++ if (err) {
++ map__put(alm);
+ return err;
++ }
+
+ err = iter->ops->prepare_entry(iter, al);
+ if (err)
+--
+2.19.1
+
--- /dev/null
+From c3c3ef0e621a187dd21c49171bb742445d77831d Mon Sep 17 00:00:00 2001
+From: Changbin Du <changbin.du@gmail.com>
+Date: Sat, 16 Mar 2019 16:05:56 +0800
+Subject: perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
+
+[ Upstream commit d982b33133284fa7efa0e52ae06b88f9be3ea764 ]
+
+ =================================================================
+ ==20875==ERROR: LeakSanitizer: detected memory leaks
+
+ Direct leak of 1160 byte(s) in 1 object(s) allocated from:
+ #0 0x7f1b6fc84138 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xee138)
+ #1 0x55bd50005599 in zalloc util/util.h:23
+ #2 0x55bd500068f5 in perf_evsel__newtp_idx util/evsel.c:327
+ #3 0x55bd4ff810fc in perf_evsel__newtp /home/work/linux/tools/perf/util/evsel.h:216
+ #4 0x55bd4ff81608 in test__perf_evsel__tp_sched_test tests/evsel-tp-sched.c:69
+ #5 0x55bd4ff528e6 in run_test tests/builtin-test.c:358
+ #6 0x55bd4ff52baf in test_and_print tests/builtin-test.c:388
+ #7 0x55bd4ff543fe in __cmd_test tests/builtin-test.c:583
+ #8 0x55bd4ff5572f in cmd_test tests/builtin-test.c:722
+ #9 0x55bd4ffc4087 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302
+ #10 0x55bd4ffc45c6 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354
+ #11 0x55bd4ffc49ca in run_argv /home/changbin/work/linux/tools/perf/perf.c:398
+ #12 0x55bd4ffc5138 in main /home/changbin/work/linux/tools/perf/perf.c:520
+ #13 0x7f1b6e34809a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
+
+ Indirect leak of 19 byte(s) in 1 object(s) allocated from:
+ #0 0x7f1b6fc83f30 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedf30)
+ #1 0x7f1b6e3ac30f in vasprintf (/lib/x86_64-linux-gnu/libc.so.6+0x8830f)
+
+Signed-off-by: Changbin Du <changbin.du@gmail.com>
+Reviewed-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Fixes: 6a6cd11d4e57 ("perf test: Add test for the sched tracepoint format fields")
+Link: http://lkml.kernel.org/r/20190316080556.3075-17-changbin.du@gmail.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/tests/evsel-tp-sched.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/perf/tests/evsel-tp-sched.c b/tools/perf/tests/evsel-tp-sched.c
+index ea772d41e472..b5d0be524655 100644
+--- a/tools/perf/tests/evsel-tp-sched.c
++++ b/tools/perf/tests/evsel-tp-sched.c
+@@ -84,5 +84,6 @@ int test__perf_evsel__tp_sched_test(int subtest __maybe_unused)
+ if (perf_evsel__test_field(evsel, "target_cpu", 4, true))
+ ret = -1;
+
++ perf_evsel__delete(evsel);
+ return ret;
+ }
+--
+2.19.1
+
--- /dev/null
+From 7353318018fae6fee3a692bbdc45daec6663acb5 Mon Sep 17 00:00:00 2001
+From: Changbin Du <changbin.du@gmail.com>
+Date: Sat, 16 Mar 2019 16:05:54 +0800
+Subject: perf tests: Fix a memory leak of cpu_map object in the
+ openat_syscall_event_on_all_cpus test
+
+[ Upstream commit 93faa52e8371f0291ee1ff4994edae2b336b6233 ]
+
+ =================================================================
+ ==7497==ERROR: LeakSanitizer: detected memory leaks
+
+ Direct leak of 40 byte(s) in 1 object(s) allocated from:
+ #0 0x7f0333a88f30 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedf30)
+ #1 0x5625e5326213 in cpu_map__trim_new util/cpumap.c:45
+ #2 0x5625e5326703 in cpu_map__read util/cpumap.c:103
+ #3 0x5625e53267ef in cpu_map__read_all_cpu_map util/cpumap.c:120
+ #4 0x5625e5326915 in cpu_map__new util/cpumap.c:135
+ #5 0x5625e517b355 in test__openat_syscall_event_on_all_cpus tests/openat-syscall-all-cpus.c:36
+ #6 0x5625e51528e6 in run_test tests/builtin-test.c:358
+ #7 0x5625e5152baf in test_and_print tests/builtin-test.c:388
+ #8 0x5625e51543fe in __cmd_test tests/builtin-test.c:583
+ #9 0x5625e515572f in cmd_test tests/builtin-test.c:722
+ #10 0x5625e51c3fb8 in run_builtin /home/changbin/work/linux/tools/perf/perf.c:302
+ #11 0x5625e51c44f7 in handle_internal_command /home/changbin/work/linux/tools/perf/perf.c:354
+ #12 0x5625e51c48fb in run_argv /home/changbin/work/linux/tools/perf/perf.c:398
+ #13 0x5625e51c5069 in main /home/changbin/work/linux/tools/perf/perf.c:520
+ #14 0x7f033214d09a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
+
+Signed-off-by: Changbin Du <changbin.du@gmail.com>
+Reviewed-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Fixes: f30a79b012e5 ("perf tools: Add reference counting for cpu_map object")
+Link: http://lkml.kernel.org/r/20190316080556.3075-15-changbin.du@gmail.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/tests/openat-syscall-all-cpus.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/tools/perf/tests/openat-syscall-all-cpus.c b/tools/perf/tests/openat-syscall-all-cpus.c
+index c8d9592eb142..75d504e9eeaf 100644
+--- a/tools/perf/tests/openat-syscall-all-cpus.c
++++ b/tools/perf/tests/openat-syscall-all-cpus.c
+@@ -38,7 +38,7 @@ int test__openat_syscall_event_on_all_cpus(int subtest __maybe_unused)
+ if (IS_ERR(evsel)) {
+ tracing_path__strerror_open_tp(errno, errbuf, sizeof(errbuf), "syscalls", "sys_enter_openat");
+ pr_debug("%s\n", errbuf);
+- goto out_thread_map_delete;
++ goto out_cpu_map_delete;
+ }
+
+ if (perf_evsel__open(evsel, cpus, threads) < 0) {
+@@ -112,6 +112,8 @@ int test__openat_syscall_event_on_all_cpus(int subtest __maybe_unused)
+ perf_evsel__close_fd(evsel, 1, threads->nr);
+ out_evsel_delete:
+ perf_evsel__delete(evsel);
++out_cpu_map_delete:
++ cpu_map__put(cpus);
+ out_thread_map_delete:
+ thread_map__put(threads);
+ return err;
+--
+2.19.1
+
--- /dev/null
+From 4ad1b439d901b66e8352ca21c1d7934b9236ddd7 Mon Sep 17 00:00:00 2001
+From: Changbin Du <changbin.du@gmail.com>
+Date: Sat, 16 Mar 2019 16:05:48 +0800
+Subject: perf top: Fix error handling in cmd_top()
+
+[ Upstream commit 70c819e4bf1c5f492768b399d898d458ccdad2b6 ]
+
+We should go to the cleanup path, to avoid leaks, detected using gcc's
+ASan.
+
+Signed-off-by: Changbin Du <changbin.du@gmail.com>
+Reviewed-by: Jiri Olsa <jolsa@kernel.org>
+Cc: Alexei Starovoitov <ast@kernel.org>
+Cc: Daniel Borkmann <daniel@iogearbox.net>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Link: http://lkml.kernel.org/r/20190316080556.3075-9-changbin.du@gmail.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/perf/builtin-top.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/tools/perf/builtin-top.c b/tools/perf/builtin-top.c
+index e68c866ae798..cd2900ac473f 100644
+--- a/tools/perf/builtin-top.c
++++ b/tools/perf/builtin-top.c
+@@ -1323,8 +1323,9 @@ int cmd_top(int argc, const char **argv, const char *prefix __maybe_unused)
+ goto out_delete_evlist;
+
+ symbol_conf.try_vmlinux_path = (symbol_conf.vmlinux_name == NULL);
+- if (symbol__init(NULL) < 0)
+- return -1;
++ status = symbol__init(NULL);
++ if (status < 0)
++ goto out_delete_evlist;
+
+ sort__setup_elide(stdout);
+
+--
+2.19.1
+
--- /dev/null
+From cc949b398b9ce8801eae9ff88bc7a8f860c940e7 Mon Sep 17 00:00:00 2001
+From: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
+Date: Mon, 27 Aug 2018 17:05:15 +0530
+Subject: rsi: improve kernel thread handling to fix kernel panic
+
+[ Upstream commit 4c62764d0fc21a34ffc44eec1210038c3a2e4473 ]
+
+While running regressions, observed below kernel panic when sdio disconnect
+called. This is because of, kthread_stop() is taking care of
+wait_for_completion() by default. When wait_for_completion triggered
+in kthread_stop and as it was done already, giving kernel panic.
+Hence, removing redundant wait_for_completion() from rsi_kill_thread().
+
+... skipping ...
+BUG: unable to handle kernel NULL pointer dereference at (null)
+IP: [<ffffffff810a63df>] exit_creds+0x1f/0x50
+PGD 0
+Oops: 0002 [#1] SMP
+CPU: 0 PID: 6502 Comm: rmmod Tainted: G OE 4.15.9-Generic #154-Ubuntu
+Hardware name: Dell Inc. Edge Gateway 3003/ , BIOS 01.00.00 04/17/2017
+Stack:
+ffff88007392e600 ffff880075847dc0 ffffffff8108160a 0000000000000000
+ffff88007392e600 ffff880075847de8 ffffffff810a484b ffff880076127000
+ffff88003cd3a800 ffff880074f12a00 ffff880075847e28 ffffffffc09bed15
+Call Trace:
+[<ffffffff8108160a>] __put_task_struct+0x5a/0x140
+[<ffffffff810a484b>] kthread_stop+0x10b/0x110
+[<ffffffffc09bed15>] rsi_disconnect+0x2f5/0x300 [ven_rsi_sdio]
+[<ffffffff81578bcb>] ? __pm_runtime_resume+0x5b/0x80
+[<ffffffff816f0918>] sdio_bus_remove+0x38/0x100
+[<ffffffff8156cc64>] __device_release_driver+0xa4/0x150
+[<ffffffff8156d7a5>] driver_detach+0xb5/0xc0
+[<ffffffff8156c6c5>] bus_remove_driver+0x55/0xd0
+[<ffffffff8156dfbc>] driver_unregister+0x2c/0x50
+[<ffffffff816f0b8a>] sdio_unregister_driver+0x1a/0x20
+[<ffffffffc09bf0f5>] rsi_module_exit+0x15/0x30 [ven_rsi_sdio]
+[<ffffffff8110cad8>] SyS_delete_module+0x1b8/0x210
+[<ffffffff81851dc8>] entry_SYSCALL_64_fastpath+0x1c/0xbb
+
+Signed-off-by: Siva Rebbagondla <siva.rebbagondla@redpinesignals.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/rsi/rsi_common.h | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/drivers/net/wireless/rsi/rsi_common.h b/drivers/net/wireless/rsi/rsi_common.h
+index d3fbe33d2324..a13f08fd8690 100644
+--- a/drivers/net/wireless/rsi/rsi_common.h
++++ b/drivers/net/wireless/rsi/rsi_common.h
+@@ -75,7 +75,6 @@ static inline int rsi_kill_thread(struct rsi_thread *handle)
+ atomic_inc(&handle->thread_done);
+ rsi_set_event(&handle->event);
+
+- wait_for_completion(&handle->completion);
+ return kthread_stop(handle->task);
+ }
+
+--
+2.19.1
+
--- /dev/null
+From 7527c2694ba2e593d3f7ad97405f1afa9630f672 Mon Sep 17 00:00:00 2001
+From: Michal Simek <michal.simek@xilinx.com>
+Date: Mon, 3 Sep 2018 15:10:49 +0200
+Subject: serial: uartps: console_setup() can't be placed to init section
+
+[ Upstream commit 4bb1ce2350a598502b23088b169e16b43d4bc639 ]
+
+When console device is rebinded, console_setup() is called again.
+But marking it as __init means that function will be clear after boot is
+complete. If console device is binded again console_setup() is not found
+and error "Unable to handle kernel paging request at virtual address"
+is reported.
+
+Signed-off-by: Michal Simek <michal.simek@xilinx.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/tty/serial/xilinx_uartps.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
+index ffb474c49f0f..eb61a07fcbbc 100644
+--- a/drivers/tty/serial/xilinx_uartps.c
++++ b/drivers/tty/serial/xilinx_uartps.c
+@@ -1261,7 +1261,7 @@ static void cdns_uart_console_write(struct console *co, const char *s,
+ *
+ * Return: 0 on success, negative errno otherwise.
+ */
+-static int __init cdns_uart_console_setup(struct console *co, char *options)
++static int cdns_uart_console_setup(struct console *co, char *options)
+ {
+ struct uart_port *port = &cdns_uart_port[co->index];
+ int baud = 9600;
+--
+2.19.1
+
--- /dev/null
+arc-u-boot-args-check-that-magic-number-is-correct.patch
+perf-core-restore-mmap-record-type-correctly.patch
+ext4-add-missing-brelse-in-add_new_gdb_meta_bg.patch
+ext4-report-real-fs-size-after-failed-resize.patch
+alsa-echoaudio-add-a-check-for-ioremap_nocache.patch
+alsa-sb8-add-a-check-for-request_region.patch
+ib-mlx4-fix-race-condition-between-catas-error-reset.patch
+mmc-davinci-remove-extraneous-__init-annotation.patch
+alsa-opl3-fix-mismatch-between-snd_opl3_drum_switch-.patch
+thermal-int340x_thermal-add-additional-uuids.patch
+thermal-int340x_thermal-fix-mode-setting.patch
+tools-power-turbostat-return-the-exit-status-of-a-co.patch
+perf-config-fix-an-error-in-the-config-template-docu.patch
+perf-config-fix-a-memory-leak-in-collect_config.patch
+perf-build-id-fix-memory-leak-in-print_sdt_events.patch
+perf-top-fix-error-handling-in-cmd_top.patch
+perf-hist-add-missing-map__put-in-error-case.patch
+perf-evsel-free-evsel-counts-in-perf_evsel__exit.patch
+perf-tests-fix-a-memory-leak-of-cpu_map-object-in-th.patch
+perf-tests-fix-a-memory-leak-in-test__perf_evsel__tp.patch
+irqchip-mbigen-don-t-clear-eventid-when-freeing-an-m.patch
+x86-hpet-prevent-potential-null-pointer-dereference.patch
+x86-cpu-cyrix-use-correct-macros-for-cyrix-calls-on-.patch
+iommu-vt-d-check-capability-before-disabling-protect.patch
+x86-hw_breakpoints-make-default-case-in-hw_breakpoin.patch
+fix-incorrect-error-code-mapping-for-objectid_not_fo.patch
+ext4-prohibit-fstrim-in-norecovery-mode.patch
+gpio-pxa-handle-corner-case-of-unprobed-device.patch
+rsi-improve-kernel-thread-handling-to-fix-kernel-pan.patch
+9p-do-not-trust-pdu-content-for-stat-item-size.patch
+9p-locks-add-mount-option-for-lock-retry-interval.patch
+f2fs-fix-to-do-sanity-check-with-current-segment-num.patch
+serial-uartps-console_setup-can-t-be-placed-to-init-.patch
+hid-i2c-hid-override-hid-descriptors-for-certain-dev.patch
+arm-samsung-limit-samsung_pm_check-config-option-to-.patch
+acpi-sbs-fix-gpe-storm-on-recent-macbookpro-s.patch
+cifs-fallback-to-older-infolevels-on-findfirst-query.patch
+kernel-hung_task.c-disable-on-suspend.patch
+crypto-sha256-arm-fix-crash-bug-in-thumb2-build.patch
+crypto-sha512-arm-fix-crash-bug-in-thumb2-build.patch
+iommu-dmar-fix-buffer-overflow-during-pci-bus-notifi.patch
+soc-tegra-pmc-drop-locking-from-tegra_powergate_is_p.patch
+lkdtm-add-tests-for-null-pointer-dereference.patch
+arm-8839-1-kprobe-make-patch_lock-a-raw_spinlock_t.patch
+appletalk-fix-use-after-free-in-atalk_proc_exit.patch
+lib-div64.c-off-by-one-in-shift.patch
+include-linux-swap.h-use-offsetof-instead-of-custom-.patch
--- /dev/null
+From 59cc276f51c81b7dc9812a2303ebd9d1eea43f37 Mon Sep 17 00:00:00 2001
+From: Dmitry Osipenko <digetx@gmail.com>
+Date: Sun, 21 Oct 2018 21:36:14 +0300
+Subject: soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
+
+[ Upstream commit b6e1fd17a38bd1d97c11d69fd3207b3ef9bfa4b3 ]
+
+This fixes splats like the one below if CONFIG_DEBUG_ATOMIC_SLEEP=y
+and machine (Tegra30) booted with SMP=n or all secondary CPU's are put
+offline. Locking isn't needed because it protects atomic operation.
+
+BUG: sleeping function called from invalid context at kernel/locking/mutex.c:254
+in_atomic(): 1, irqs_disabled(): 128, pid: 0, name: swapper/0
+CPU: 0 PID: 0 Comm: swapper/0 Tainted: G C 4.18.0-next-20180821-00180-gc3ebb6544e44-dirty #823
+Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
+[<c01134f4>] (unwind_backtrace) from [<c010db2c>] (show_stack+0x20/0x24)
+[<c010db2c>] (show_stack) from [<c0bd0f3c>] (dump_stack+0x94/0xa8)
+[<c0bd0f3c>] (dump_stack) from [<c0151df8>] (___might_sleep+0x13c/0x174)
+[<c0151df8>] (___might_sleep) from [<c0151ea0>] (__might_sleep+0x70/0xa8)
+[<c0151ea0>] (__might_sleep) from [<c0bec2b8>] (mutex_lock+0x2c/0x70)
+[<c0bec2b8>] (mutex_lock) from [<c0589844>] (tegra_powergate_is_powered+0x44/0xa8)
+[<c0589844>] (tegra_powergate_is_powered) from [<c0581a60>] (tegra30_cpu_rail_off_ready+0x30/0x74)
+[<c0581a60>] (tegra30_cpu_rail_off_ready) from [<c0122244>] (tegra30_idle_lp2+0xa0/0x108)
+[<c0122244>] (tegra30_idle_lp2) from [<c0853438>] (cpuidle_enter_state+0x140/0x540)
+[<c0853438>] (cpuidle_enter_state) from [<c08538a4>] (cpuidle_enter+0x40/0x4c)
+[<c08538a4>] (cpuidle_enter) from [<c01595e0>] (call_cpuidle+0x30/0x48)
+[<c01595e0>] (call_cpuidle) from [<c01599f8>] (do_idle+0x238/0x28c)
+[<c01599f8>] (do_idle) from [<c0159d28>] (cpu_startup_entry+0x28/0x2c)
+[<c0159d28>] (cpu_startup_entry) from [<c0be76c8>] (rest_init+0xd8/0xdc)
+[<c0be76c8>] (rest_init) from [<c1200f50>] (start_kernel+0x41c/0x430)
+
+Signed-off-by: Dmitry Osipenko <digetx@gmail.com>
+Acked-by: Jon Hunter <jonathanh@nvidia.com>
+Signed-off-by: Thierry Reding <treding@nvidia.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/soc/tegra/pmc.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/drivers/soc/tegra/pmc.c b/drivers/soc/tegra/pmc.c
+index 9685f9b8be07..a12710c917a1 100644
+--- a/drivers/soc/tegra/pmc.c
++++ b/drivers/soc/tegra/pmc.c
+@@ -512,16 +512,10 @@ EXPORT_SYMBOL(tegra_powergate_power_off);
+ */
+ int tegra_powergate_is_powered(unsigned int id)
+ {
+- int status;
+-
+ if (!tegra_powergate_is_valid(id))
+ return -EINVAL;
+
+- mutex_lock(&pmc->powergates_lock);
+- status = tegra_powergate_state(id);
+- mutex_unlock(&pmc->powergates_lock);
+-
+- return status;
++ return tegra_powergate_state(id);
+ }
+
+ /**
+--
+2.19.1
+
--- /dev/null
+From 3e6248113be57b9f25c1e1ac5700fb65345c28d6 Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <matthewgarrett@google.com>
+Date: Wed, 10 Oct 2018 01:30:06 -0700
+Subject: thermal/int340x_thermal: Add additional UUIDs
+
+[ Upstream commit 16fc8eca1975358111dbd7ce65e4ce42d1a848fb ]
+
+Add more supported DPTF policies than the driver currently exposes.
+
+Signed-off-by: Matthew Garrett <mjg59@google.com>
+Cc: Nisha Aram <nisha.aram@intel.com>
+Signed-off-by: Zhang Rui <rui.zhang@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/thermal/int340x_thermal/int3400_thermal.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/drivers/thermal/int340x_thermal/int3400_thermal.c b/drivers/thermal/int340x_thermal/int3400_thermal.c
+index 5836e5554433..0beed2899163 100644
+--- a/drivers/thermal/int340x_thermal/int3400_thermal.c
++++ b/drivers/thermal/int340x_thermal/int3400_thermal.c
+@@ -20,6 +20,13 @@ enum int3400_thermal_uuid {
+ INT3400_THERMAL_PASSIVE_1,
+ INT3400_THERMAL_ACTIVE,
+ INT3400_THERMAL_CRITICAL,
++ INT3400_THERMAL_ADAPTIVE_PERFORMANCE,
++ INT3400_THERMAL_EMERGENCY_CALL_MODE,
++ INT3400_THERMAL_PASSIVE_2,
++ INT3400_THERMAL_POWER_BOSS,
++ INT3400_THERMAL_VIRTUAL_SENSOR,
++ INT3400_THERMAL_COOLING_MODE,
++ INT3400_THERMAL_HARDWARE_DUTY_CYCLING,
+ INT3400_THERMAL_MAXIMUM_UUID,
+ };
+
+@@ -27,6 +34,13 @@ static u8 *int3400_thermal_uuids[INT3400_THERMAL_MAXIMUM_UUID] = {
+ "42A441D6-AE6A-462b-A84B-4A8CE79027D3",
+ "3A95C389-E4B8-4629-A526-C52C88626BAE",
+ "97C68AE7-15FA-499c-B8C9-5DA81D606E0A",
++ "63BE270F-1C11-48FD-A6F7-3AF253FF3E2D",
++ "5349962F-71E6-431D-9AE8-0A635B710AEE",
++ "9E04115A-AE87-4D1C-9500-0F3E340BFE75",
++ "F5A35014-C209-46A4-993A-EB56DE7530A1",
++ "6ED722A7-9240-48A5-B479-31EEF723D7CF",
++ "16CAF1B7-DD38-40ED-B1C1-1B8A1913D531",
++ "BE84BABF-C4D4-403D-B495-3128FD44dAC1",
+ };
+
+ struct int3400_thermal_priv {
+--
+2.19.1
+
--- /dev/null
+From bb95f8fd7e7ecf67845319e0cb20d96d3fe61631 Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <matthewgarrett@google.com>
+Date: Wed, 10 Oct 2018 01:30:07 -0700
+Subject: thermal/int340x_thermal: fix mode setting
+
+[ Upstream commit 396ee4d0cd52c13b3f6421b8d324d65da5e7e409 ]
+
+int3400 only pushes the UUID into the firmware when the mode is flipped
+to "enable". The current code only exposes the mode flag if the firmware
+supports the PASSIVE_1 UUID, which not all machines do. Remove the
+restriction.
+
+Signed-off-by: Matthew Garrett <mjg59@google.com>
+Signed-off-by: Zhang Rui <rui.zhang@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/thermal/int340x_thermal/int3400_thermal.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/thermal/int340x_thermal/int3400_thermal.c b/drivers/thermal/int340x_thermal/int3400_thermal.c
+index 0beed2899163..d4c374cc4f74 100644
+--- a/drivers/thermal/int340x_thermal/int3400_thermal.c
++++ b/drivers/thermal/int340x_thermal/int3400_thermal.c
+@@ -285,10 +285,9 @@ static int int3400_thermal_probe(struct platform_device *pdev)
+
+ platform_set_drvdata(pdev, priv);
+
+- if (priv->uuid_bitmap & 1 << INT3400_THERMAL_PASSIVE_1) {
+- int3400_thermal_ops.get_mode = int3400_thermal_get_mode;
+- int3400_thermal_ops.set_mode = int3400_thermal_set_mode;
+- }
++ int3400_thermal_ops.get_mode = int3400_thermal_get_mode;
++ int3400_thermal_ops.set_mode = int3400_thermal_set_mode;
++
+ priv->thermal = thermal_zone_device_register("INT3400 Thermal", 0, 0,
+ priv, &int3400_thermal_ops,
+ &int3400_thermal_params, 0, 0);
+--
+2.19.1
+
--- /dev/null
+From 56c18d87a62a6e97c58a30579c06a11c0b245435 Mon Sep 17 00:00:00 2001
+From: David Arcari <darcari@redhat.com>
+Date: Tue, 12 Feb 2019 09:34:39 -0500
+Subject: tools/power turbostat: return the exit status of a command
+
+[ Upstream commit 2a95496634a017c19641f26f00907af75b962f01 ]
+
+turbostat failed to return a non-zero exit status even though the
+supplied command (turbostat <command>) failed. Currently when turbostat
+forks a command it returns zero instead of the actual exit status of the
+command. Modify the code to return the exit status.
+
+Signed-off-by: David Arcari <darcari@redhat.com>
+Acked-by: Len Brown <len.brown@intel.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/power/x86/turbostat/turbostat.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c
+index 5ec2de8f49b4..b4c5d96e54c1 100644
+--- a/tools/power/x86/turbostat/turbostat.c
++++ b/tools/power/x86/turbostat/turbostat.c
+@@ -3691,6 +3691,9 @@ int fork_it(char **argv)
+ signal(SIGQUIT, SIG_IGN);
+ if (waitpid(child_pid, &status, 0) == -1)
+ err(status, "waitpid");
++
++ if (WIFEXITED(status))
++ status = WEXITSTATUS(status);
+ }
+ /*
+ * n.b. fork_it() does not check for errors from for_all_cpus()
+--
+2.19.1
+
--- /dev/null
+From b7843af0f1a6880fd55290f425a21d8701e640cb Mon Sep 17 00:00:00 2001
+From: Matthew Whitehead <tedheadster@gmail.com>
+Date: Thu, 14 Mar 2019 16:46:00 -0400
+Subject: x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
+
+[ Upstream commit 18fb053f9b827bd98cfc64f2a35df8ab19745a1d ]
+
+There are comments in processor-cyrix.h advising you to _not_ make calls
+using the deprecated macros in this style:
+
+ setCx86_old(CX86_CCR4, getCx86_old(CX86_CCR4) | 0x80);
+
+This is because it expands the macro into a non-functioning calling
+sequence. The calling order must be:
+
+ outb(CX86_CCR2, 0x22);
+ inb(0x23);
+
+From the comments:
+
+ * When using the old macros a line like
+ * setCx86(CX86_CCR2, getCx86(CX86_CCR2) | 0x88);
+ * gets expanded to:
+ * do {
+ * outb((CX86_CCR2), 0x22);
+ * outb((({
+ * outb((CX86_CCR2), 0x22);
+ * inb(0x23);
+ * }) | 0x88), 0x23);
+ * } while (0);
+
+The new macros fix this problem, so use them instead. Tested on an
+actual Geode processor.
+
+Signed-off-by: Matthew Whitehead <tedheadster@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: luto@kernel.org
+Link: https://lkml.kernel.org/r/1552596361-8967-2-git-send-email-tedheadster@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/cpu/cyrix.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/arch/x86/kernel/cpu/cyrix.c b/arch/x86/kernel/cpu/cyrix.c
+index d39cfb2c6b63..311d0fad17e6 100644
+--- a/arch/x86/kernel/cpu/cyrix.c
++++ b/arch/x86/kernel/cpu/cyrix.c
+@@ -121,7 +121,7 @@ static void set_cx86_reorder(void)
+ setCx86(CX86_CCR3, (ccr3 & 0x0f) | 0x10); /* enable MAPEN */
+
+ /* Load/Store Serialize to mem access disable (=reorder it) */
+- setCx86_old(CX86_PCR0, getCx86_old(CX86_PCR0) & ~0x80);
++ setCx86(CX86_PCR0, getCx86(CX86_PCR0) & ~0x80);
+ /* set load/store serialize from 1GB to 4GB */
+ ccr3 |= 0xe0;
+ setCx86(CX86_CCR3, ccr3);
+@@ -132,11 +132,11 @@ static void set_cx86_memwb(void)
+ pr_info("Enable Memory-Write-back mode on Cyrix/NSC processor.\n");
+
+ /* CCR2 bit 2: unlock NW bit */
+- setCx86_old(CX86_CCR2, getCx86_old(CX86_CCR2) & ~0x04);
++ setCx86(CX86_CCR2, getCx86(CX86_CCR2) & ~0x04);
+ /* set 'Not Write-through' */
+ write_cr0(read_cr0() | X86_CR0_NW);
+ /* CCR2 bit 2: lock NW bit and set WT1 */
+- setCx86_old(CX86_CCR2, getCx86_old(CX86_CCR2) | 0x14);
++ setCx86(CX86_CCR2, getCx86(CX86_CCR2) | 0x14);
+ }
+
+ /*
+@@ -150,14 +150,14 @@ static void geode_configure(void)
+ local_irq_save(flags);
+
+ /* Suspend on halt power saving and enable #SUSP pin */
+- setCx86_old(CX86_CCR2, getCx86_old(CX86_CCR2) | 0x88);
++ setCx86(CX86_CCR2, getCx86(CX86_CCR2) | 0x88);
+
+ ccr3 = getCx86(CX86_CCR3);
+ setCx86(CX86_CCR3, (ccr3 & 0x0f) | 0x10); /* enable MAPEN */
+
+
+ /* FPU fast, DTE cache, Mem bypass */
+- setCx86_old(CX86_CCR4, getCx86_old(CX86_CCR4) | 0x38);
++ setCx86(CX86_CCR4, getCx86(CX86_CCR4) | 0x38);
+ setCx86(CX86_CCR3, ccr3); /* disable MAPEN */
+
+ set_cx86_memwb();
+@@ -293,7 +293,7 @@ static void init_cyrix(struct cpuinfo_x86 *c)
+ /* GXm supports extended cpuid levels 'ala' AMD */
+ if (c->cpuid_level == 2) {
+ /* Enable cxMMX extensions (GX1 Datasheet 54) */
+- setCx86_old(CX86_CCR7, getCx86_old(CX86_CCR7) | 1);
++ setCx86(CX86_CCR7, getCx86(CX86_CCR7) | 1);
+
+ /*
+ * GXm : 0x30 ... 0x5f GXm datasheet 51
+@@ -316,7 +316,7 @@ static void init_cyrix(struct cpuinfo_x86 *c)
+ if (dir1 > 7) {
+ dir0_msn++; /* M II */
+ /* Enable MMX extensions (App note 108) */
+- setCx86_old(CX86_CCR7, getCx86_old(CX86_CCR7)|1);
++ setCx86(CX86_CCR7, getCx86(CX86_CCR7)|1);
+ } else {
+ /* A 6x86MX - it has the bug. */
+ set_cpu_bug(c, X86_BUG_COMA);
+--
+2.19.1
+
--- /dev/null
+From e8567b9102c3abdc96f7144f82ec7061c9f04836 Mon Sep 17 00:00:00 2001
+From: Aditya Pakki <pakki001@umn.edu>
+Date: Mon, 18 Mar 2019 21:19:56 -0500
+Subject: x86/hpet: Prevent potential NULL pointer dereference
+
+[ Upstream commit 2e84f116afca3719c9d0a1a78b47b48f75fd5724 ]
+
+hpet_virt_address may be NULL when ioremap_nocache fail, but the code lacks
+a check.
+
+Add a check to prevent NULL pointer dereference.
+
+Signed-off-by: Aditya Pakki <pakki001@umn.edu>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: kjlu@umn.edu
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Joe Perches <joe@perches.com>
+Cc: Nicolai Stange <nstange@suse.de>
+Cc: Roland Dreier <roland@purestorage.com>
+Link: https://lkml.kernel.org/r/20190319021958.17275-1-pakki001@umn.edu
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/hpet.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
+index 756634f14df6..775c23d4021a 100644
+--- a/arch/x86/kernel/hpet.c
++++ b/arch/x86/kernel/hpet.c
+@@ -914,6 +914,8 @@ int __init hpet_enable(void)
+ return 0;
+
+ hpet_set_mapping();
++ if (!hpet_virt_address)
++ return 0;
+
+ /*
+ * Read the period and check for a sane value:
+--
+2.19.1
+
--- /dev/null
+From d6c90d2921b07a73ef87208967b0b7f7c5fdb886 Mon Sep 17 00:00:00 2001
+From: Nathan Chancellor <natechancellor@gmail.com>
+Date: Thu, 7 Mar 2019 14:27:56 -0700
+Subject: x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse()
+ return an error
+
+[ Upstream commit e898e69d6b9475bf123f99b3c5d1a67bb7cb2361 ]
+
+When building with -Wsometimes-uninitialized, Clang warns:
+
+arch/x86/kernel/hw_breakpoint.c:355:2: warning: variable 'align' is used
+uninitialized whenever switch default is taken
+[-Wsometimes-uninitialized]
+
+The default cannot be reached because arch_build_bp_info() initializes
+hw->len to one of the specified cases. Nevertheless the warning is valid
+and returning -EINVAL makes sure that this cannot be broken by future
+modifications.
+
+Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
+Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
+Cc: Borislav Petkov <bp@alien8.de>
+Cc: "H. Peter Anvin" <hpa@zytor.com>
+Cc: clang-built-linux@googlegroups.com
+Link: https://github.com/ClangBuiltLinux/linux/issues/392
+Link: https://lkml.kernel.org/r/20190307212756.4648-1-natechancellor@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/hw_breakpoint.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/x86/kernel/hw_breakpoint.c b/arch/x86/kernel/hw_breakpoint.c
+index 8771766d46b6..9954a604a822 100644
+--- a/arch/x86/kernel/hw_breakpoint.c
++++ b/arch/x86/kernel/hw_breakpoint.c
+@@ -352,6 +352,7 @@ int arch_validate_hwbkpt_settings(struct perf_event *bp)
+ #endif
+ default:
+ WARN_ON_ONCE(1);
++ return -EINVAL;
+ }
+
+ /*
+--
+2.19.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
