--- /dev/null
+From c8b1917c8987a6fa3695d479b4d60fbbbc3e537b Mon Sep 17 00:00:00 2001
+From: Furquan Shaikh <furquan@google.com>
+Date: Wed, 20 Mar 2019 15:28:44 -0700
+Subject: ACPICA: Clear status of GPEs before enabling them
+
+From: Furquan Shaikh <furquan@google.com>
+
+commit c8b1917c8987a6fa3695d479b4d60fbbbc3e537b upstream.
+
+Commit 18996f2db918 ("ACPICA: Events: Stop unconditionally clearing
+ACPI IRQs during suspend/resume") was added to stop clearing event
+status bits unconditionally in the system-wide suspend and resume
+paths. This was done because of an issue with a laptop lid appaering
+to be closed even when it was used to wake up the system from suspend
+(see https://bugzilla.kernel.org/show_bug.cgi?id=196249), which
+happened because event status bits were cleared unconditionally on
+system resume. Though this change fixed the issue in the resume path,
+it introduced regressions in a few suspend paths.
+
+First regression was reported and fixed in the S5 entry path by commit
+fa85015c0d95 ("ACPICA: Clear status of all events when entering S5").
+Next regression was reported and fixed for all legacy sleep paths by
+commit f317c7dc12b7 ("ACPICA: Clear status of all events when entering
+sleep states"). However, there still is a suspend-to-idle regression,
+since suspend-to-idle does not follow the legacy sleep paths.
+
+In the suspend-to-idle case, wakeup is enabled as part of device
+suspend. If the status bits of wakeup GPEs are set when they are
+enabled, it causes a premature system wakeup to occur.
+
+To address that problem, partially revert commit 18996f2db918 to
+restore GPE status bits clearing before the GPE is enabled in
+acpi_ev_enable_gpe().
+
+Fixes: 18996f2db918 ("ACPICA: Events: Stop unconditionally clearing ACPI IRQs during suspend/resume")
+Signed-off-by: Furquan Shaikh <furquan@google.com>
+Cc: 4.17+ <stable@vger.kernel.org> # 4.17+
+[ rjw: Subject & changelog ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/acpica/evgpe.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/acpi/acpica/evgpe.c
++++ b/drivers/acpi/acpica/evgpe.c
+@@ -81,8 +81,12 @@ acpi_status acpi_ev_enable_gpe(struct ac
+
+ ACPI_FUNCTION_TRACE(ev_enable_gpe);
+
+- /* Enable the requested GPE */
++ /* Clear the GPE status */
++ status = acpi_hw_clear_gpe(gpe_event_info);
++ if (ACPI_FAILURE(status))
++ return_ACPI_STATUS(status);
+
++ /* Enable the requested GPE */
+ status = acpi_hw_low_set_gpe(gpe_event_info, ACPI_GPE_ENABLE);
+ return_ACPI_STATUS(status);
+ }
--- /dev/null
+From c5781ffbbd4f742a58263458145fe7f0ac01d9e0 Mon Sep 17 00:00:00 2001
+From: Erik Schmauss <erik.schmauss@intel.com>
+Date: Mon, 8 Apr 2019 13:42:26 -0700
+Subject: ACPICA: Namespace: remove address node from global list after method termination
+
+From: Erik Schmauss <erik.schmauss@intel.com>
+
+commit c5781ffbbd4f742a58263458145fe7f0ac01d9e0 upstream.
+
+ACPICA commit b233720031a480abd438f2e9c643080929d144c3
+
+ASL operation_regions declare a range of addresses that it uses. In a
+perfect world, the range of addresses should be used exclusively by
+the AML interpreter. The OS can use this information to decide which
+drivers to load so that the AML interpreter and device drivers use
+different regions of memory.
+
+During table load, the address information is added to a global
+address range list. Each node in this list contains an address range
+as well as a namespace node of the operation_region. This list is
+deleted at ACPI shutdown.
+
+Unfortunately, ASL operation_regions can be declared inside of control
+methods. Although this is not recommended, modern firmware contains
+such code. New module level code changes unintentionally removed the
+functionality of adding and removing nodes to the global address
+range list.
+
+A few months ago, support for adding addresses has been re-
+implemented. However, the removal of the address range list was
+missed and resulted in some systems to crash due to the address list
+containing bogus namespace nodes from operation_regions declared in
+control methods. In order to fix the crash, this change removes
+dynamic operation_regions after control method termination.
+
+Link: https://github.com/acpica/acpica/commit/b2337200
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=202475
+Fixes: 4abb951b73ff ("ACPICA: AML interpreter: add region addresses in global list during initialization")
+Reported-by: Michael J Gruber <mjg@fedoraproject.org>
+Signed-off-by: Erik Schmauss <erik.schmauss@intel.com>
+Signed-off-by: Bob Moore <robert.moore@intel.com>
+Cc: 4.20+ <stable@vger.kernel.org> # 4.20+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/acpica/nsobject.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/acpi/acpica/nsobject.c
++++ b/drivers/acpi/acpica/nsobject.c
+@@ -186,6 +186,10 @@ void acpi_ns_detach_object(struct acpi_n
+ }
+ }
+
++ if (obj_desc->common.type == ACPI_TYPE_REGION) {
++ acpi_ut_remove_address_range(obj_desc->region.space_id, node);
++ }
++
+ /* Clear the Node entry in all cases */
+
+ node->object = NULL;
--- /dev/null
+From cae30527901d9590db0e12ace994c1d58bea87fd Mon Sep 17 00:00:00 2001
+From: Hui Wang <hui.wang@canonical.com>
+Date: Mon, 8 Apr 2019 15:58:11 +0800
+Subject: ALSA: hda - Add two more machines to the power_save_blacklist
+
+From: Hui Wang <hui.wang@canonical.com>
+
+commit cae30527901d9590db0e12ace994c1d58bea87fd upstream.
+
+Recently we set CONFIG_SND_HDA_POWER_SAVE_DEFAULT to 1 when
+configuring the kernel, then two machines were reported to have noise
+after installing the new kernel. Put them in the blacklist, the
+noise disappears.
+
+https://bugs.launchpad.net/bugs/1821663
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Hui Wang <hui.wang@canonical.com>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/hda_intel.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/sound/pci/hda/hda_intel.c
++++ b/sound/pci/hda/hda_intel.c
+@@ -2272,6 +2272,8 @@ static struct snd_pci_quirk power_save_b
+ SND_PCI_QUIRK(0x8086, 0x2040, "Intel DZ77BH-55K", 0),
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=199607 */
+ SND_PCI_QUIRK(0x8086, 0x2057, "Intel NUC5i7RYB", 0),
++ /* https://bugs.launchpad.net/bugs/1821663 */
++ SND_PCI_QUIRK(0x8086, 0x2064, "Intel SDP 8086:2064", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1520902 */
+ SND_PCI_QUIRK(0x8086, 0x2068, "Intel NUC7i3BNB", 0),
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=198611 */
+@@ -2280,6 +2282,8 @@ static struct snd_pci_quirk power_save_b
+ SND_PCI_QUIRK(0x17aa, 0x367b, "Lenovo IdeaCentre B550", 0),
+ /* https://bugzilla.redhat.com/show_bug.cgi?id=1572975 */
+ SND_PCI_QUIRK(0x17aa, 0x36a7, "Lenovo C50 All in one", 0),
++ /* https://bugs.launchpad.net/bugs/1821663 */
++ SND_PCI_QUIRK(0x1631, 0xe017, "Packard Bell NEC IMEDIA 5204", 0),
+ {}
+ };
+ #endif /* CONFIG_PM */
--- /dev/null
+From 80690a276f444a68a332136d98bfea1c338bc263 Mon Sep 17 00:00:00 2001
+From: Richard Sailer <rs@tuxedocomputers.com>
+Date: Tue, 2 Apr 2019 15:52:04 +0200
+Subject: ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
+
+From: Richard Sailer <rs@tuxedocomputers.com>
+
+commit 80690a276f444a68a332136d98bfea1c338bc263 upstream.
+
+This adds a SND_PCI_QUIRK(...) line for the Tuxedo XC 1509.
+
+The Tuxedo XC 1509 and the System76 oryp5 are the same barebone
+notebooks manufactured by Clevo. To name the fixups both use after the
+actual underlying hardware, this patch also changes System76_orpy5
+to clevo_pb51ed in 2 enum symbols and one function name,
+matching the other pci_quirk entries which are also named after the
+device ODM.
+
+Fixes: 7f665b1c3283 ("ALSA: hda/realtek - Headset microphone and internal speaker support for System76 oryp5")
+Signed-off-by: Richard Sailer <rs@tuxedocomputers.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 19 ++++++++++---------
+ 1 file changed, 10 insertions(+), 9 deletions(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -1864,8 +1864,8 @@ enum {
+ ALC887_FIXUP_BASS_CHMAP,
+ ALC1220_FIXUP_GB_DUAL_CODECS,
+ ALC1220_FIXUP_CLEVO_P950,
+- ALC1220_FIXUP_SYSTEM76_ORYP5,
+- ALC1220_FIXUP_SYSTEM76_ORYP5_PINS,
++ ALC1220_FIXUP_CLEVO_PB51ED,
++ ALC1220_FIXUP_CLEVO_PB51ED_PINS,
+ };
+
+ static void alc889_fixup_coef(struct hda_codec *codec,
+@@ -2070,7 +2070,7 @@ static void alc1220_fixup_clevo_p950(str
+ static void alc_fixup_headset_mode_no_hp_mic(struct hda_codec *codec,
+ const struct hda_fixup *fix, int action);
+
+-static void alc1220_fixup_system76_oryp5(struct hda_codec *codec,
++static void alc1220_fixup_clevo_pb51ed(struct hda_codec *codec,
+ const struct hda_fixup *fix,
+ int action)
+ {
+@@ -2322,18 +2322,18 @@ static const struct hda_fixup alc882_fix
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc1220_fixup_clevo_p950,
+ },
+- [ALC1220_FIXUP_SYSTEM76_ORYP5] = {
++ [ALC1220_FIXUP_CLEVO_PB51ED] = {
+ .type = HDA_FIXUP_FUNC,
+- .v.func = alc1220_fixup_system76_oryp5,
++ .v.func = alc1220_fixup_clevo_pb51ed,
+ },
+- [ALC1220_FIXUP_SYSTEM76_ORYP5_PINS] = {
++ [ALC1220_FIXUP_CLEVO_PB51ED_PINS] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+ { 0x19, 0x01a1913c }, /* use as headset mic, without its own jack detect */
+ {}
+ },
+ .chained = true,
+- .chain_id = ALC1220_FIXUP_SYSTEM76_ORYP5,
++ .chain_id = ALC1220_FIXUP_CLEVO_PB51ED,
+ },
+ };
+
+@@ -2411,8 +2411,9 @@ static const struct snd_pci_quirk alc882
+ SND_PCI_QUIRK(0x1558, 0x9501, "Clevo P950HR", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1558, 0x95e1, "Clevo P95xER", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1558, 0x95e2, "Clevo P950ER", ALC1220_FIXUP_CLEVO_P950),
+- SND_PCI_QUIRK(0x1558, 0x96e1, "System76 Oryx Pro (oryp5)", ALC1220_FIXUP_SYSTEM76_ORYP5_PINS),
+- SND_PCI_QUIRK(0x1558, 0x97e1, "System76 Oryx Pro (oryp5)", ALC1220_FIXUP_SYSTEM76_ORYP5_PINS),
++ SND_PCI_QUIRK(0x1558, 0x96e1, "System76 Oryx Pro (oryp5)", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
++ SND_PCI_QUIRK(0x1558, 0x97e1, "System76 Oryx Pro (oryp5)", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
++ SND_PCI_QUIRK(0x1558, 0x65d1, "Tuxedo Book XC1509", ALC1220_FIXUP_CLEVO_PB51ED_PINS),
+ SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD),
+ SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD),
+ SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Y530", ALC882_FIXUP_LENOVO_Y530),
--- /dev/null
+From ea5c7eba216e832906e594799b8670f1954a588c Mon Sep 17 00:00:00 2001
+From: Jian-Hong Pan <jian-hong@endlessm.com>
+Date: Mon, 1 Apr 2019 11:25:05 +0800
+Subject: ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233
+
+From: Jian-Hong Pan <jian-hong@endlessm.com>
+
+commit ea5c7eba216e832906e594799b8670f1954a588c upstream.
+
+The Acer TravelMate B114-21 laptop cannot detect and record sound from
+headset MIC. This patch adds the ALC233_FIXUP_ACER_HEADSET_MIC HDA verb
+quirk chained with ALC233_FIXUP_ASUS_MIC_NO_PRESENCE pin quirk to fix
+this issue.
+
+[ fixed the missing brace and reordered the entry -- tiwai ]
+
+Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
+Signed-off-by: Daniel Drake <drake@endlessm.com>
+Reviewed-by: Kailang Yang <kailang@realtek.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -5594,6 +5594,7 @@ enum {
+ ALC233_FIXUP_ASUS_MIC_NO_PRESENCE,
+ ALC233_FIXUP_EAPD_COEF_AND_MIC_NO_PRESENCE,
+ ALC233_FIXUP_LENOVO_MULTI_CODECS,
++ ALC233_FIXUP_ACER_HEADSET_MIC,
+ ALC294_FIXUP_LENOVO_MIC_LOCATION,
+ ALC225_FIXUP_DELL_WYSE_MIC_NO_PRESENCE,
+ ALC700_FIXUP_INTEL_REFERENCE,
+@@ -6401,6 +6402,16 @@ static const struct hda_fixup alc269_fix
+ .type = HDA_FIXUP_FUNC,
+ .v.func = alc233_alc662_fixup_lenovo_dual_codecs,
+ },
++ [ALC233_FIXUP_ACER_HEADSET_MIC] = {
++ .type = HDA_FIXUP_VERBS,
++ .v.verbs = (const struct hda_verb[]) {
++ { 0x20, AC_VERB_SET_COEF_INDEX, 0x45 },
++ { 0x20, AC_VERB_SET_PROC_COEF, 0x5089 },
++ { }
++ },
++ .chained = true,
++ .chain_id = ALC233_FIXUP_ASUS_MIC_NO_PRESENCE
++ },
+ [ALC294_FIXUP_LENOVO_MIC_LOCATION] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = (const struct hda_pintbl[]) {
+@@ -6644,6 +6655,7 @@ static const struct snd_pci_quirk alc269
+ SND_PCI_QUIRK(0x1025, 0x1290, "Acer Veriton Z4860G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC),
+ SND_PCI_QUIRK(0x1025, 0x1291, "Acer Veriton Z4660G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC),
+ SND_PCI_QUIRK(0x1025, 0x1308, "Acer Aspire Z24-890", ALC286_FIXUP_ACER_AIO_HEADSET_MIC),
++ SND_PCI_QUIRK(0x1025, 0x132a, "Acer TravelMate B114-21", ALC233_FIXUP_ACER_HEADSET_MIC),
+ SND_PCI_QUIRK(0x1025, 0x1330, "Acer TravelMate X514-51T", ALC255_FIXUP_ACER_HEADSET_MIC),
+ SND_PCI_QUIRK(0x1028, 0x0470, "Dell M101z", ALC269_FIXUP_DELL_M101Z),
+ SND_PCI_QUIRK(0x1028, 0x054b, "Dell XPS one 2710", ALC275_FIXUP_DELL_XPS),
--- /dev/null
+From 212ac181c158c09038c474ba68068be49caecebb Mon Sep 17 00:00:00 2001
+From: Zubin Mithra <zsm@chromium.org>
+Date: Thu, 4 Apr 2019 14:33:55 -0700
+Subject: ALSA: seq: Fix OOB-reads from strlcpy
+
+From: Zubin Mithra <zsm@chromium.org>
+
+commit 212ac181c158c09038c474ba68068be49caecebb upstream.
+
+When ioctl calls are made with non-null-terminated userspace strings,
+strlcpy causes an OOB-read from within strlen. Fix by changing to use
+strscpy instead.
+
+Signed-off-by: Zubin Mithra <zsm@chromium.org>
+Reviewed-by: Guenter Roeck <groeck@chromium.org>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/core/seq/seq_clientmgr.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/sound/core/seq/seq_clientmgr.c
++++ b/sound/core/seq/seq_clientmgr.c
+@@ -1252,7 +1252,7 @@ static int snd_seq_ioctl_set_client_info
+
+ /* fill the info fields */
+ if (client_info->name[0])
+- strlcpy(client->name, client_info->name, sizeof(client->name));
++ strscpy(client->name, client_info->name, sizeof(client->name));
+
+ client->filter = client_info->filter;
+ client->event_lost = client_info->event_lost;
+@@ -1530,7 +1530,7 @@ static int snd_seq_ioctl_create_queue(st
+ /* set queue name */
+ if (!info->name[0])
+ snprintf(info->name, sizeof(info->name), "Queue-%d", q->queue);
+- strlcpy(q->name, info->name, sizeof(q->name));
++ strscpy(q->name, info->name, sizeof(q->name));
+ snd_use_lock_free(&q->use_lock);
+
+ return 0;
+@@ -1592,7 +1592,7 @@ static int snd_seq_ioctl_set_queue_info(
+ queuefree(q);
+ return -EPERM;
+ }
+- strlcpy(q->name, info->name, sizeof(q->name));
++ strscpy(q->name, info->name, sizeof(q->name));
+ queuefree(q);
+
+ return 0;
--- /dev/null
+From a165dcc923ada2ffdee1d4f41f12f81b66d04c55 Mon Sep 17 00:00:00 2001
+From: Axel Lin <axel.lin@ingics.com>
+Date: Mon, 11 Mar 2019 17:57:30 +0800
+Subject: hwmon: (w83773g) Select REGMAP_I2C to fix build error
+
+From: Axel Lin <axel.lin@ingics.com>
+
+commit a165dcc923ada2ffdee1d4f41f12f81b66d04c55 upstream.
+
+Select REGMAP_I2C to avoid below build error:
+ERROR: "__devm_regmap_init_i2c" [drivers/hwmon/w83773g.ko] undefined!
+
+Fixes: ee249f271524 ("hwmon: Add W83773G driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Axel Lin <axel.lin@ingics.com>
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hwmon/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/hwmon/Kconfig
++++ b/drivers/hwmon/Kconfig
+@@ -1755,6 +1755,7 @@ config SENSORS_VT8231
+ config SENSORS_W83773G
+ tristate "Nuvoton W83773G"
+ depends on I2C
++ select REGMAP_I2C
+ help
+ If you say yes here you get support for the Nuvoton W83773G hardware
+ monitoring chip.
netfilter-nfnetlink_cttimeout-pass-default-timeout-p.patch
netfilter-nfnetlink_cttimeout-fetch-timeouts-for-udp.patch
arm64-kaslr-reserve-size-of-arm64_memstart_align-in-.patch
+tty-mark-siemens-r3964-line-discipline-as-broken.patch
+tty-ldisc-add-sysctl-to-prevent-autoloading-of-ldiscs.patch
+hwmon-w83773g-select-regmap_i2c-to-fix-build-error.patch
+acpica-clear-status-of-gpes-before-enabling-them.patch
+acpica-namespace-remove-address-node-from-global-list-after-method-termination.patch
+alsa-seq-fix-oob-reads-from-strlcpy.patch
+alsa-hda-realtek-enable-headset-mic-of-acer-travelmate-b114-21-with-alc233.patch
+alsa-hda-realtek-add-quirk-for-tuxedo-xc-1509.patch
+alsa-hda-add-two-more-machines-to-the-power_save_blacklist.patch
--- /dev/null
+From 7c0cca7c847e6e019d67b7d793efbbe3b947d004 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Mon, 21 Jan 2019 17:26:42 +0100
+Subject: tty: ldisc: add sysctl to prevent autoloading of ldiscs
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+commit 7c0cca7c847e6e019d67b7d793efbbe3b947d004 upstream.
+
+By default, the kernel will automatically load the module of any line
+dicipline that is asked for. As this sometimes isn't the safest thing
+to do, provide a sysctl to disable this feature.
+
+By default, we set this to 'y' as that is the historical way that Linux
+has worked, and we do not want to break working systems. But in the
+future, perhaps this can default to 'n' to prevent this functionality.
+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Reviewed-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/tty/Kconfig | 24 ++++++++++++++++++++++++
+ drivers/tty/tty_io.c | 3 +++
+ drivers/tty/tty_ldisc.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 74 insertions(+)
+
+--- a/drivers/tty/Kconfig
++++ b/drivers/tty/Kconfig
+@@ -441,4 +441,28 @@ config VCC
+ depends on SUN_LDOMS
+ help
+ Support for Sun logical domain consoles.
++
++config LDISC_AUTOLOAD
++ bool "Automatically load TTY Line Disciplines"
++ default y
++ help
++ Historically the kernel has always automatically loaded any
++ line discipline that is in a kernel module when a user asks
++ for it to be loaded with the TIOCSETD ioctl, or through other
++ means. This is not always the best thing to do on systems
++ where you know you will not be using some of the more
++ "ancient" line disciplines, so prevent the kernel from doing
++ this unless the request is coming from a process with the
++ CAP_SYS_MODULE permissions.
++
++ Say 'Y' here if you trust your userspace users to do the right
++ thing, or if you have only provided the line disciplines that
++ you know you will be using, or if you wish to continue to use
++ the traditional method of on-demand loading of these modules
++ by any user.
++
++ This functionality can be changed at runtime with the
++ dev.tty.ldisc_autoload sysctl, this configuration option will
++ only set the default value of this functionality.
++
+ endif # TTY
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -512,6 +512,8 @@ static const struct file_operations hung
+ static DEFINE_SPINLOCK(redirect_lock);
+ static struct file *redirect;
+
++extern void tty_sysctl_init(void);
++
+ /**
+ * tty_wakeup - request more data
+ * @tty: terminal
+@@ -3340,6 +3342,7 @@ void console_sysfs_notify(void)
+ */
+ int __init tty_init(void)
+ {
++ tty_sysctl_init();
+ cdev_init(&tty_cdev, &tty_fops);
+ if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
+ register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
+--- a/drivers/tty/tty_ldisc.c
++++ b/drivers/tty/tty_ldisc.c
+@@ -156,6 +156,13 @@ static void put_ldops(struct tty_ldisc_o
+ * takes tty_ldiscs_lock to guard against ldisc races
+ */
+
++#if defined(CONFIG_LDISC_AUTOLOAD)
++ #define INITIAL_AUTOLOAD_STATE 1
++#else
++ #define INITIAL_AUTOLOAD_STATE 0
++#endif
++static int tty_ldisc_autoload = INITIAL_AUTOLOAD_STATE;
++
+ static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc)
+ {
+ struct tty_ldisc *ld;
+@@ -170,6 +177,8 @@ static struct tty_ldisc *tty_ldisc_get(s
+ */
+ ldops = get_ldops(disc);
+ if (IS_ERR(ldops)) {
++ if (!capable(CAP_SYS_MODULE) && !tty_ldisc_autoload)
++ return ERR_PTR(-EPERM);
+ request_module("tty-ldisc-%d", disc);
+ ldops = get_ldops(disc);
+ if (IS_ERR(ldops))
+@@ -829,3 +838,41 @@ void tty_ldisc_deinit(struct tty_struct
+ tty_ldisc_put(tty->ldisc);
+ tty->ldisc = NULL;
+ }
++
++static int zero;
++static int one = 1;
++static struct ctl_table tty_table[] = {
++ {
++ .procname = "ldisc_autoload",
++ .data = &tty_ldisc_autoload,
++ .maxlen = sizeof(tty_ldisc_autoload),
++ .mode = 0644,
++ .proc_handler = proc_dointvec,
++ .extra1 = &zero,
++ .extra2 = &one,
++ },
++ { }
++};
++
++static struct ctl_table tty_dir_table[] = {
++ {
++ .procname = "tty",
++ .mode = 0555,
++ .child = tty_table,
++ },
++ { }
++};
++
++static struct ctl_table tty_root_table[] = {
++ {
++ .procname = "dev",
++ .mode = 0555,
++ .child = tty_dir_table,
++ },
++ { }
++};
++
++void tty_sysctl_init(void)
++{
++ register_sysctl_table(tty_root_table);
++}
--- /dev/null
+From c7084edc3f6d67750f50d4183134c4fb5712a5c8 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Fri, 5 Apr 2019 15:39:26 +0200
+Subject: tty: mark Siemens R3964 line discipline as BROKEN
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+commit c7084edc3f6d67750f50d4183134c4fb5712a5c8 upstream.
+
+The n_r3964 line discipline driver was written in a different time, when
+SMP machines were rare, and users were trusted to do the right thing.
+Since then, the world has moved on but not this code, it has stayed
+rooted in the past with its lovely hand-crafted list structures and
+loads of "interesting" race conditions all over the place.
+
+After attempting to clean up most of the issues, I just gave up and am
+now marking the driver as BROKEN so that hopefully someone who has this
+hardware will show up out of the woodwork (I know you are out there!)
+and will help with debugging a raft of changes that I had laying around
+for the code, but was too afraid to commit as odds are they would break
+things.
+
+Many thanks to Jann and Linus for pointing out the initial problems in
+this codebase, as well as many reviews of my attempts to fix the issues.
+It was a case of whack-a-mole, and as you can see, the mole won.
+
+Reported-by: Jann Horn <jannh@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+
+---
+ drivers/char/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/Kconfig
++++ b/drivers/char/Kconfig
+@@ -343,7 +343,7 @@ config XILINX_HWICAP
+
+ config R3964
+ tristate "Siemens R3964 line discipline"
+- depends on TTY
++ depends on TTY && BROKEN
+ ---help---
+ This driver allows synchronous communication with devices using the
+ Siemens R3964 packet protocol. Unless you are dealing with special