--- /dev/null
+From d5406284ff803a578ca503373624312770319054 Mon Sep 17 00:00:00 2001
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Wed, 25 Mar 2020 11:55:48 +0100
+Subject: ACPI: PM: s2idle: Refine active GPEs check
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+
+commit d5406284ff803a578ca503373624312770319054 upstream.
+
+The check for any active GPEs added by commit fdde0ff8590b ("ACPI:
+PM: s2idle: Prevent spurious SCIs from waking up the system") turns
+out to be insufficiently precise to prevent some systems from
+resuming prematurely due to a spurious EC wakeup, so refine it
+by first checking if any GPEs other than the EC GPE are active
+and skipping all of the SCIs coming from the EC that do not produce
+any genuine wakeup events after processing.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206629
+Fixes: fdde0ff8590b ("ACPI: PM: s2idle: Prevent spurious SCIs from waking up the system")
+Reported-by: Ondřej Caletka <ondrej@caletka.cz>
+Tested-by: Ondřej Caletka <ondrej@caletka.cz>
+Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/ec.c | 5 +++++
+ drivers/acpi/internal.h | 1 +
+ drivers/acpi/sleep.c | 19 ++++++++++---------
+ 3 files changed, 16 insertions(+), 9 deletions(-)
+
+--- a/drivers/acpi/ec.c
++++ b/drivers/acpi/ec.c
+@@ -1964,6 +1964,11 @@ void acpi_ec_set_gpe_wake_mask(u8 action
+ acpi_set_gpe_wake_mask(NULL, first_ec->gpe, action);
+ }
+
++bool acpi_ec_other_gpes_active(void)
++{
++ return acpi_any_gpe_status_set(first_ec ? first_ec->gpe : U32_MAX);
++}
++
+ bool acpi_ec_dispatch_gpe(void)
+ {
+ u32 ret;
+--- a/drivers/acpi/internal.h
++++ b/drivers/acpi/internal.h
+@@ -201,6 +201,7 @@ void acpi_ec_remove_query_handler(struct
+
+ #ifdef CONFIG_PM_SLEEP
+ void acpi_ec_flush_work(void);
++bool acpi_ec_other_gpes_active(void);
+ bool acpi_ec_dispatch_gpe(void);
+ #endif
+
+--- a/drivers/acpi/sleep.c
++++ b/drivers/acpi/sleep.c
+@@ -1014,19 +1014,20 @@ static bool acpi_s2idle_wake(void)
+ return true;
+
+ /*
+- * If there are no EC events to process and at least one of the
+- * other enabled GPEs is active, the wakeup is regarded as a
+- * genuine one.
+- *
+- * Note that the checks below must be carried out in this order
+- * to avoid returning prematurely due to a change of the EC GPE
+- * status bit from unset to set between the checks with the
+- * status bits of all the other GPEs unset.
++ * If the status bit is set for any enabled GPE other than the
++ * EC one, the wakeup is regarded as a genuine one.
+ */
+- if (acpi_any_gpe_status_set(U32_MAX) && !acpi_ec_dispatch_gpe())
++ if (acpi_ec_other_gpes_active())
+ return true;
+
+ /*
++ * If the EC GPE status bit has not been set, the wakeup is
++ * regarded as a spurious one.
++ */
++ if (!acpi_ec_dispatch_gpe())
++ return false;
++
++ /*
+ * Cancel the wakeup and process all pending events in case
+ * there are any wakeup ones in there.
+ *
--- /dev/null
+From ecb9c790999fd6c5af0f44783bd0217f0b89ec2b Mon Sep 17 00:00:00 2001
+From: Jan Engelhardt <jengelh@inai.de>
+Date: Thu, 5 Mar 2020 13:24:25 +0100
+Subject: acpi/x86: ignore unspecified bit positions in the ACPI global lock field
+
+From: Jan Engelhardt <jengelh@inai.de>
+
+commit ecb9c790999fd6c5af0f44783bd0217f0b89ec2b upstream.
+
+The value in "new" is constructed from "old" such that all bits defined
+as reserved by the ACPI spec[1] are left untouched. But if those bits
+do not happen to be all zero, "new < 3" will not evaluate to true.
+
+The firmware of the laptop(s) Medion MD63490 / Akoya P15648 comes with
+garbage inside the "FACS" ACPI table. The starting value is
+old=0x4944454d, therefore new=0x4944454e, which is >= 3. Mask off
+the reserved bits.
+
+[1] https://uefi.org/sites/default/files/resources/ACPI_6_2.pdf
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206553
+Cc: All applicable <stable@vger.kernel.org>
+Signed-off-by: Jan Engelhardt <jengelh@inai.de>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/acpi/boot.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kernel/acpi/boot.c
++++ b/arch/x86/kernel/acpi/boot.c
+@@ -1740,7 +1740,7 @@ int __acpi_acquire_global_lock(unsigned
+ new = (((old & ~0x3) + 2) + ((old >> 1) & 0x1));
+ val = cmpxchg(lock, old, new);
+ } while (unlikely (val != old));
+- return (new < 3) ? -1 : 0;
++ return ((new & 0x3) < 3) ? -1 : 0;
+ }
+
+ int __acpi_release_global_lock(unsigned int *lock)
--- /dev/null
+From 0ce792d660bda990c675eaf14ce09594a9b85cbf Mon Sep 17 00:00:00 2001
+From: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Date: Wed, 25 Mar 2020 11:54:29 +0100
+Subject: ACPICA: Allow acpi_any_gpe_status_set() to skip one GPE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+
+commit 0ce792d660bda990c675eaf14ce09594a9b85cbf upstream.
+
+The check carried out by acpi_any_gpe_status_set() is not precise enough
+for the suspend-to-idle implementation in Linux and in some cases it is
+necessary make it skip one GPE (specifically, the EC GPE) from the check
+to prevent a race condition leading to a premature system resume from
+occurring.
+
+For this reason, redefine acpi_any_gpe_status_set() to take the number
+of a GPE to skip as an argument.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206629
+Tested-by: Ondřej Caletka <ondrej@caletka.cz>
+Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/acpica/achware.h | 2 -
+ drivers/acpi/acpica/evxfgpe.c | 17 ++++++++++-----
+ drivers/acpi/acpica/hwgpe.c | 47 +++++++++++++++++++++++++++++++++---------
+ drivers/acpi/sleep.c | 2 -
+ include/acpi/acpixf.h | 2 -
+ 5 files changed, 53 insertions(+), 17 deletions(-)
+
+--- a/drivers/acpi/acpica/achware.h
++++ b/drivers/acpi/acpica/achware.h
+@@ -101,7 +101,7 @@ acpi_status acpi_hw_enable_all_runtime_g
+
+ acpi_status acpi_hw_enable_all_wakeup_gpes(void);
+
+-u8 acpi_hw_check_all_gpes(void);
++u8 acpi_hw_check_all_gpes(acpi_handle gpe_skip_device, u32 gpe_skip_number);
+
+ acpi_status
+ acpi_hw_enable_runtime_gpe_block(struct acpi_gpe_xrupt_info *gpe_xrupt_info,
+--- a/drivers/acpi/acpica/evxfgpe.c
++++ b/drivers/acpi/acpica/evxfgpe.c
+@@ -799,17 +799,19 @@ ACPI_EXPORT_SYMBOL(acpi_enable_all_wakeu
+ *
+ * FUNCTION: acpi_any_gpe_status_set
+ *
+- * PARAMETERS: None
++ * PARAMETERS: gpe_skip_number - Number of the GPE to skip
+ *
+ * RETURN: Whether or not the status bit is set for any GPE
+ *
+- * DESCRIPTION: Check the status bits of all enabled GPEs and return TRUE if any
+- * of them is set or FALSE otherwise.
++ * DESCRIPTION: Check the status bits of all enabled GPEs, except for the one
++ * represented by the "skip" argument, and return TRUE if any of
++ * them is set or FALSE otherwise.
+ *
+ ******************************************************************************/
+-u32 acpi_any_gpe_status_set(void)
++u32 acpi_any_gpe_status_set(u32 gpe_skip_number)
+ {
+ acpi_status status;
++ acpi_handle gpe_device;
+ u8 ret;
+
+ ACPI_FUNCTION_TRACE(acpi_any_gpe_status_set);
+@@ -819,7 +821,12 @@ u32 acpi_any_gpe_status_set(void)
+ return (FALSE);
+ }
+
+- ret = acpi_hw_check_all_gpes();
++ status = acpi_get_gpe_device(gpe_skip_number, &gpe_device);
++ if (ACPI_FAILURE(status)) {
++ gpe_device = NULL;
++ }
++
++ ret = acpi_hw_check_all_gpes(gpe_device, gpe_skip_number);
+ (void)acpi_ut_release_mutex(ACPI_MTX_EVENTS);
+
+ return (ret);
+--- a/drivers/acpi/acpica/hwgpe.c
++++ b/drivers/acpi/acpica/hwgpe.c
+@@ -444,12 +444,19 @@ acpi_hw_enable_wakeup_gpe_block(struct a
+ return (AE_OK);
+ }
+
++struct acpi_gpe_block_status_context {
++ struct acpi_gpe_register_info *gpe_skip_register_info;
++ u8 gpe_skip_mask;
++ u8 retval;
++};
++
+ /******************************************************************************
+ *
+ * FUNCTION: acpi_hw_get_gpe_block_status
+ *
+ * PARAMETERS: gpe_xrupt_info - GPE Interrupt info
+ * gpe_block - Gpe Block info
++ * context - GPE list walk context data
+ *
+ * RETURN: Success
+ *
+@@ -460,12 +467,13 @@ acpi_hw_enable_wakeup_gpe_block(struct a
+ static acpi_status
+ acpi_hw_get_gpe_block_status(struct acpi_gpe_xrupt_info *gpe_xrupt_info,
+ struct acpi_gpe_block_info *gpe_block,
+- void *ret_ptr)
++ void *context)
+ {
++ struct acpi_gpe_block_status_context *c = context;
+ struct acpi_gpe_register_info *gpe_register_info;
+ u64 in_enable, in_status;
+ acpi_status status;
+- u8 *ret = ret_ptr;
++ u8 ret_mask;
+ u32 i;
+
+ /* Examine each GPE Register within the block */
+@@ -485,7 +493,11 @@ acpi_hw_get_gpe_block_status(struct acpi
+ continue;
+ }
+
+- *ret |= in_enable & in_status;
++ ret_mask = in_enable & in_status;
++ if (ret_mask && c->gpe_skip_register_info == gpe_register_info) {
++ ret_mask &= ~c->gpe_skip_mask;
++ }
++ c->retval |= ret_mask;
+ }
+
+ return (AE_OK);
+@@ -561,24 +573,41 @@ acpi_status acpi_hw_enable_all_wakeup_gp
+ *
+ * FUNCTION: acpi_hw_check_all_gpes
+ *
+- * PARAMETERS: None
++ * PARAMETERS: gpe_skip_device - GPE devoce of the GPE to skip
++ * gpe_skip_number - Number of the GPE to skip
+ *
+ * RETURN: Combined status of all GPEs
+ *
+- * DESCRIPTION: Check all enabled GPEs in all GPE blocks and return TRUE if the
++ * DESCRIPTION: Check all enabled GPEs in all GPE blocks, except for the one
++ * represented by the "skip" arguments, and return TRUE if the
+ * status bit is set for at least one of them of FALSE otherwise.
+ *
+ ******************************************************************************/
+
+-u8 acpi_hw_check_all_gpes(void)
++u8 acpi_hw_check_all_gpes(acpi_handle gpe_skip_device, u32 gpe_skip_number)
+ {
+- u8 ret = 0;
++ struct acpi_gpe_block_status_context context = {
++ .gpe_skip_register_info = NULL,
++ .retval = 0,
++ };
++ struct acpi_gpe_event_info *gpe_event_info;
++ acpi_cpu_flags flags;
+
+ ACPI_FUNCTION_TRACE(acpi_hw_check_all_gpes);
+
+- (void)acpi_ev_walk_gpe_list(acpi_hw_get_gpe_block_status, &ret);
++ flags = acpi_os_acquire_lock(acpi_gbl_gpe_lock);
++
++ gpe_event_info = acpi_ev_get_gpe_event_info(gpe_skip_device,
++ gpe_skip_number);
++ if (gpe_event_info) {
++ context.gpe_skip_register_info = gpe_event_info->register_info;
++ context.gpe_skip_mask = acpi_hw_get_gpe_register_bit(gpe_event_info);
++ }
++
++ acpi_os_release_lock(acpi_gbl_gpe_lock, flags);
+
+- return (ret != 0);
++ (void)acpi_ev_walk_gpe_list(acpi_hw_get_gpe_block_status, &context);
++ return (context.retval != 0);
+ }
+
+ #endif /* !ACPI_REDUCED_HARDWARE */
+--- a/drivers/acpi/sleep.c
++++ b/drivers/acpi/sleep.c
+@@ -1023,7 +1023,7 @@ static bool acpi_s2idle_wake(void)
+ * status bit from unset to set between the checks with the
+ * status bits of all the other GPEs unset.
+ */
+- if (acpi_any_gpe_status_set() && !acpi_ec_dispatch_gpe())
++ if (acpi_any_gpe_status_set(U32_MAX) && !acpi_ec_dispatch_gpe())
+ return true;
+
+ /*
+--- a/include/acpi/acpixf.h
++++ b/include/acpi/acpixf.h
+@@ -748,7 +748,7 @@ ACPI_HW_DEPENDENT_RETURN_UINT32(u32 acpi
+ ACPI_HW_DEPENDENT_RETURN_STATUS(acpi_status acpi_disable_all_gpes(void))
+ ACPI_HW_DEPENDENT_RETURN_STATUS(acpi_status acpi_enable_all_runtime_gpes(void))
+ ACPI_HW_DEPENDENT_RETURN_STATUS(acpi_status acpi_enable_all_wakeup_gpes(void))
+-ACPI_HW_DEPENDENT_RETURN_UINT32(u32 acpi_any_gpe_status_set(void))
++ACPI_HW_DEPENDENT_RETURN_UINT32(u32 acpi_any_gpe_status_set(u32 gpe_skip_number))
+ ACPI_HW_DEPENDENT_RETURN_UINT32(u32 acpi_any_fixed_event_status_set(void))
+
+ ACPI_HW_DEPENDENT_RETURN_STATUS(acpi_status
--- /dev/null
+From f10e80a19b07b58fc2adad7945f8313b01503bae Mon Sep 17 00:00:00 2001
+From: Tom Lendacky <thomas.lendacky@amd.com>
+Date: Fri, 28 Feb 2020 13:14:03 +0100
+Subject: efi/x86: Add TPM related EFI tables to unencrypted mapping checks
+
+From: Tom Lendacky <thomas.lendacky@amd.com>
+
+commit f10e80a19b07b58fc2adad7945f8313b01503bae upstream.
+
+When booting with SME active, EFI tables must be mapped unencrypted since
+they were built by UEFI in unencrypted memory. Update the list of tables
+to be checked during early_memremap() processing to account for the EFI
+TPM tables.
+
+This fixes a bug where an EFI TPM log table has been created by UEFI, but
+it lives in memory that has been marked as usable rather than reserved.
+
+Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Cc: linux-efi@vger.kernel.org
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: David Hildenbrand <david@redhat.com>
+Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
+Cc: <stable@vger.kernel.org> # v5.4+
+Link: https://lore.kernel.org/r/4144cd813f113c20cdfa511cf59500a64e6015be.1582662842.git.thomas.lendacky@amd.com
+Link: https://lore.kernel.org/r/20200228121408.9075-2-ardb@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/platform/efi/efi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/x86/platform/efi/efi.c
++++ b/arch/x86/platform/efi/efi.c
+@@ -85,6 +85,8 @@ static const unsigned long * const efi_t
+ #ifdef CONFIG_EFI_RCI2_TABLE
+ &rci2_table_phys,
+ #endif
++ &efi.tpm_log,
++ &efi.tpm_final_log,
+ };
+
+ u64 efi_setup; /* efi setup_data physical address */
--- /dev/null
+From 2e356101e72ab1361821b3af024d64877d9a798d Mon Sep 17 00:00:00 2001
+From: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
+Date: Fri, 28 Feb 2020 12:41:51 +0800
+Subject: KEYS: reaching the keys quotas correctly
+
+From: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
+
+commit 2e356101e72ab1361821b3af024d64877d9a798d upstream.
+
+Currently, when we add a new user key, the calltrace as below:
+
+add_key()
+ key_create_or_update()
+ key_alloc()
+ __key_instantiate_and_link
+ generic_key_instantiate
+ key_payload_reserve
+ ......
+
+Since commit a08bf91ce28e ("KEYS: allow reaching the keys quotas exactly"),
+we can reach max bytes/keys in key_alloc, but we forget to remove this
+limit when we reserver space for payload in key_payload_reserve. So we
+can only reach max keys but not max bytes when having delta between plen
+and type->def_datalen. Remove this limit when instantiating the key, so we
+can keep consistent with key_alloc.
+
+Also, fix the similar problem in keyctl_chown_key().
+
+Fixes: 0b77f5bfb45c ("keys: make the keyring quotas controllable through /proc/sys")
+Fixes: a08bf91ce28e ("KEYS: allow reaching the keys quotas exactly")
+Cc: stable@vger.kernel.org # 5.0.x
+Cc: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Yang Xu <xuyang2018.jy@cn.fujitsu.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Reviewed-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ security/keys/key.c | 2 +-
+ security/keys/keyctl.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/security/keys/key.c
++++ b/security/keys/key.c
+@@ -381,7 +381,7 @@ int key_payload_reserve(struct key *key,
+ spin_lock(&key->user->lock);
+
+ if (delta > 0 &&
+- (key->user->qnbytes + delta >= maxbytes ||
++ (key->user->qnbytes + delta > maxbytes ||
+ key->user->qnbytes + delta < key->user->qnbytes)) {
+ ret = -EDQUOT;
+ }
+--- a/security/keys/keyctl.c
++++ b/security/keys/keyctl.c
+@@ -937,8 +937,8 @@ long keyctl_chown_key(key_serial_t id, u
+ key_quota_root_maxbytes : key_quota_maxbytes;
+
+ spin_lock(&newowner->lock);
+- if (newowner->qnkeys + 1 >= maxkeys ||
+- newowner->qnbytes + key->quotalen >= maxbytes ||
++ if (newowner->qnkeys + 1 > maxkeys ||
++ newowner->qnbytes + key->quotalen > maxbytes ||
+ newowner->qnbytes + key->quotalen <
+ newowner->qnbytes)
+ goto quota_overrun;
--- /dev/null
+From 8c5c660529209a0e324c1c1a35ce3f83d67a2aa5 Mon Sep 17 00:00:00 2001
+From: James Smart <jsmart2021@gmail.com>
+Date: Fri, 3 Apr 2020 07:33:20 -0700
+Subject: nvme-fc: Revert "add module to ops template to allow module references"
+
+From: James Smart <jsmart2021@gmail.com>
+
+commit 8c5c660529209a0e324c1c1a35ce3f83d67a2aa5 upstream.
+
+The original patch was to resolve the lldd being able to be unloaded
+while being used to talk to the boot device of the system. However, the
+end result of the original patch is that any driver unload while a nvme
+controller is live via the lldd is now being prohibited. Given the module
+reference, the module teardown routine can't be called, thus there's no
+way, other than manual actions to terminate the controllers.
+
+Fixes: 863fbae929c7 ("nvme_fc: add module to ops template to allow module references")
+Cc: <stable@vger.kernel.org> # v5.4+
+Signed-off-by: James Smart <jsmart2021@gmail.com>
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nvme/host/fc.c | 14 ++------------
+ drivers/nvme/target/fcloop.c | 1 -
+ drivers/scsi/lpfc/lpfc_nvme.c | 2 --
+ drivers/scsi/qla2xxx/qla_nvme.c | 1 -
+ include/linux/nvme-fc-driver.h | 4 ----
+ 5 files changed, 2 insertions(+), 20 deletions(-)
+
+--- a/drivers/nvme/host/fc.c
++++ b/drivers/nvme/host/fc.c
+@@ -342,8 +342,7 @@ nvme_fc_register_localport(struct nvme_f
+ !template->ls_req || !template->fcp_io ||
+ !template->ls_abort || !template->fcp_abort ||
+ !template->max_hw_queues || !template->max_sgl_segments ||
+- !template->max_dif_sgl_segments || !template->dma_boundary ||
+- !template->module) {
++ !template->max_dif_sgl_segments || !template->dma_boundary) {
+ ret = -EINVAL;
+ goto out_reghost_failed;
+ }
+@@ -2016,7 +2015,6 @@ nvme_fc_ctrl_free(struct kref *ref)
+ {
+ struct nvme_fc_ctrl *ctrl =
+ container_of(ref, struct nvme_fc_ctrl, ref);
+- struct nvme_fc_lport *lport = ctrl->lport;
+ unsigned long flags;
+
+ if (ctrl->ctrl.tagset) {
+@@ -2043,7 +2041,6 @@ nvme_fc_ctrl_free(struct kref *ref)
+ if (ctrl->ctrl.opts)
+ nvmf_free_options(ctrl->ctrl.opts);
+ kfree(ctrl);
+- module_put(lport->ops->module);
+ }
+
+ static void
+@@ -3071,15 +3068,10 @@ nvme_fc_init_ctrl(struct device *dev, st
+ goto out_fail;
+ }
+
+- if (!try_module_get(lport->ops->module)) {
+- ret = -EUNATCH;
+- goto out_free_ctrl;
+- }
+-
+ idx = ida_simple_get(&nvme_fc_ctrl_cnt, 0, 0, GFP_KERNEL);
+ if (idx < 0) {
+ ret = -ENOSPC;
+- goto out_mod_put;
++ goto out_free_ctrl;
+ }
+
+ ctrl->ctrl.opts = opts;
+@@ -3232,8 +3224,6 @@ out_free_queues:
+ out_free_ida:
+ put_device(ctrl->dev);
+ ida_simple_remove(&nvme_fc_ctrl_cnt, ctrl->cnum);
+-out_mod_put:
+- module_put(lport->ops->module);
+ out_free_ctrl:
+ kfree(ctrl);
+ out_fail:
+--- a/drivers/nvme/target/fcloop.c
++++ b/drivers/nvme/target/fcloop.c
+@@ -850,7 +850,6 @@ fcloop_targetport_delete(struct nvmet_fc
+ #define FCLOOP_DMABOUND_4G 0xFFFFFFFF
+
+ static struct nvme_fc_port_template fctemplate = {
+- .module = THIS_MODULE,
+ .localport_delete = fcloop_localport_delete,
+ .remoteport_delete = fcloop_remoteport_delete,
+ .create_queue = fcloop_create_queue,
+--- a/drivers/scsi/lpfc/lpfc_nvme.c
++++ b/drivers/scsi/lpfc/lpfc_nvme.c
+@@ -1976,8 +1976,6 @@ out_unlock:
+
+ /* Declare and initialization an instance of the FC NVME template. */
+ static struct nvme_fc_port_template lpfc_nvme_template = {
+- .module = THIS_MODULE,
+-
+ /* initiator-based functions */
+ .localport_delete = lpfc_nvme_localport_delete,
+ .remoteport_delete = lpfc_nvme_remoteport_delete,
+--- a/drivers/scsi/qla2xxx/qla_nvme.c
++++ b/drivers/scsi/qla2xxx/qla_nvme.c
+@@ -610,7 +610,6 @@ static void qla_nvme_remoteport_delete(s
+ }
+
+ static struct nvme_fc_port_template qla_nvme_fc_transport = {
+- .module = THIS_MODULE,
+ .localport_delete = qla_nvme_localport_delete,
+ .remoteport_delete = qla_nvme_remoteport_delete,
+ .create_queue = qla_nvme_alloc_queue,
+--- a/include/linux/nvme-fc-driver.h
++++ b/include/linux/nvme-fc-driver.h
+@@ -270,8 +270,6 @@ struct nvme_fc_remote_port {
+ *
+ * Host/Initiator Transport Entrypoints/Parameters:
+ *
+- * @module: The LLDD module using the interface
+- *
+ * @localport_delete: The LLDD initiates deletion of a localport via
+ * nvme_fc_deregister_localport(). However, the teardown is
+ * asynchronous. This routine is called upon the completion of the
+@@ -385,8 +383,6 @@ struct nvme_fc_remote_port {
+ * Value is Mandatory. Allowed to be zero.
+ */
+ struct nvme_fc_port_template {
+- struct module *module;
+-
+ /* initiator-based functions */
+ void (*localport_delete)(struct nvme_fc_local_port *);
+ void (*remoteport_delete)(struct nvme_fc_remote_port *);
--- /dev/null
+From 9cda34e37489244a8c8628617e24b2dbc8a8edad Mon Sep 17 00:00:00 2001
+From: Sagi Grimberg <sagi@grimberg.me>
+Date: Tue, 25 Feb 2020 16:42:27 -0800
+Subject: nvmet-tcp: fix maxh2cdata icresp parameter
+
+From: Sagi Grimberg <sagi@grimberg.me>
+
+commit 9cda34e37489244a8c8628617e24b2dbc8a8edad upstream.
+
+MAXH2CDATA is not zero based. Also no reason to limit ourselves to
+1M transfers as we can do more easily. Make this an arbitrary limit
+of 16M.
+
+Reported-by: Wenhua Liu <liuw@vmware.com>
+Cc: stable@vger.kernel.org # v5.0+
+Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/nvme/target/tcp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/nvme/target/tcp.c
++++ b/drivers/nvme/target/tcp.c
+@@ -794,7 +794,7 @@ static int nvmet_tcp_handle_icreq(struct
+ icresp->hdr.pdo = 0;
+ icresp->hdr.plen = cpu_to_le32(icresp->hdr.hlen);
+ icresp->pfv = cpu_to_le16(NVME_TCP_PFV_1_0);
+- icresp->maxdata = cpu_to_le32(0xffff); /* FIXME: support r2t */
++ icresp->maxdata = cpu_to_le32(0x400000); /* 16M arbitrary limit */
+ icresp->cpda = 0;
+ if (queue->hdr_digest)
+ icresp->digest |= NVME_TCP_HDR_DIGEST_ENABLE;
--- /dev/null
+From b88bf6c3b6ff77948c153cac4e564642b0b90632 Mon Sep 17 00:00:00 2001
+From: Sean V Kelley <sean.v.kelley@linux.intel.com>
+Date: Thu, 20 Feb 2020 11:29:29 -0800
+Subject: PCI: Add boot interrupt quirk mechanism for Xeon chipsets
+
+From: Sean V Kelley <sean.v.kelley@linux.intel.com>
+
+commit b88bf6c3b6ff77948c153cac4e564642b0b90632 upstream.
+
+The following was observed by Kar Hin Ong with RT patchset:
+
+ Backtrace:
+ irq 19: nobody cared (try booting with the "irqpoll" option)
+ CPU: 0 PID: 3329 Comm: irq/34-nipalk Tainted:4.14.87-rt49 #1
+ Hardware name: National Instruments NI PXIe-8880/NI PXIe-8880,
+ BIOS 2.1.5f1 01/09/2020
+ Call Trace:
+ <IRQ>
+ ? dump_stack+0x46/0x5e
+ ? __report_bad_irq+0x2e/0xb0
+ ? note_interrupt+0x242/0x290
+ ? nNIKAL100_memoryRead16+0x8/0x10 [nikal]
+ ? handle_irq_event_percpu+0x55/0x70
+ ? handle_irq_event+0x4f/0x80
+ ? handle_fasteoi_irq+0x81/0x180
+ ? handle_irq+0x1c/0x30
+ ? do_IRQ+0x41/0xd0
+ ? common_interrupt+0x84/0x84
+ </IRQ>
+ ...
+ handlers:
+ [<ffffffffb3297200>] irq_default_primary_handler threaded
+ [<ffffffffb3669180>] usb_hcd_irq
+ Disabling IRQ #19
+
+The problem being that this device is triggering boot interrupts
+due to threaded interrupt handling and masking of the IO-APIC. These
+boot interrupts are then forwarded on to the legacy PCH's PIRQ lines
+where there is no handler present for the device.
+
+Whenever a PCI device fires interrupt (INTx) to Pin 20 of IOAPIC 2
+(GSI 44), the kernel receives two interrupts:
+
+ 1. Interrupt from Pin 20 of IOAPIC 2 -> Expected
+ 2. Interrupt from Pin 19 of IOAPIC 1 -> UNEXPECTED
+
+Quirks for disabling boot interrupts (preferred) or rerouting the
+handler exist but do not address these Xeon chipsets' mechanism:
+https://lore.kernel.org/lkml/12131949181903-git-send-email-sassmann@suse.de/
+
+Add a new mechanism via PCI CFG for those chipsets supporting CIPINTRC
+register's dis_intx_rout2ich bit.
+
+Link: https://lore.kernel.org/r/20200220192930.64820-2-sean.v.kelley@linux.intel.com
+Reported-by: Kar Hin Ong <kar.hin.ong@ni.com>
+Tested-by: Kar Hin Ong <kar.hin.ong@ni.com>
+Signed-off-by: Sean V Kelley <sean.v.kelley@linux.intel.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/quirks.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 73 insertions(+), 7 deletions(-)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -1970,26 +1970,92 @@ DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_I
+ /*
+ * IO-APIC1 on 6300ESB generates boot interrupts, see Intel order no
+ * 300641-004US, section 5.7.3.
++ *
++ * Core IO on Xeon E5 1600/2600/4600, see Intel order no 326509-003.
++ * Core IO on Xeon E5 v2, see Intel order no 329188-003.
++ * Core IO on Xeon E7 v2, see Intel order no 329595-002.
++ * Core IO on Xeon E5 v3, see Intel order no 330784-003.
++ * Core IO on Xeon E7 v3, see Intel order no 332315-001US.
++ * Core IO on Xeon E5 v4, see Intel order no 333810-002US.
++ * Core IO on Xeon E7 v4, see Intel order no 332315-001US.
++ * Core IO on Xeon D-1500, see Intel order no 332051-001.
++ * Core IO on Xeon Scalable, see Intel order no 610950.
+ */
+-#define INTEL_6300_IOAPIC_ABAR 0x40
++#define INTEL_6300_IOAPIC_ABAR 0x40 /* Bus 0, Dev 29, Func 5 */
+ #define INTEL_6300_DISABLE_BOOT_IRQ (1<<14)
+
++#define INTEL_CIPINTRC_CFG_OFFSET 0x14C /* Bus 0, Dev 5, Func 0 */
++#define INTEL_CIPINTRC_DIS_INTX_ICH (1<<25)
++
+ static void quirk_disable_intel_boot_interrupt(struct pci_dev *dev)
+ {
+ u16 pci_config_word;
++ u32 pci_config_dword;
+
+ if (noioapicquirk)
+ return;
+
+- pci_read_config_word(dev, INTEL_6300_IOAPIC_ABAR, &pci_config_word);
+- pci_config_word |= INTEL_6300_DISABLE_BOOT_IRQ;
+- pci_write_config_word(dev, INTEL_6300_IOAPIC_ABAR, pci_config_word);
+-
++ switch (dev->device) {
++ case PCI_DEVICE_ID_INTEL_ESB_10:
++ pci_read_config_word(dev, INTEL_6300_IOAPIC_ABAR,
++ &pci_config_word);
++ pci_config_word |= INTEL_6300_DISABLE_BOOT_IRQ;
++ pci_write_config_word(dev, INTEL_6300_IOAPIC_ABAR,
++ pci_config_word);
++ break;
++ case 0x3c28: /* Xeon E5 1600/2600/4600 */
++ case 0x0e28: /* Xeon E5/E7 V2 */
++ case 0x2f28: /* Xeon E5/E7 V3,V4 */
++ case 0x6f28: /* Xeon D-1500 */
++ case 0x2034: /* Xeon Scalable Family */
++ pci_read_config_dword(dev, INTEL_CIPINTRC_CFG_OFFSET,
++ &pci_config_dword);
++ pci_config_dword |= INTEL_CIPINTRC_DIS_INTX_ICH;
++ pci_write_config_dword(dev, INTEL_CIPINTRC_CFG_OFFSET,
++ pci_config_dword);
++ break;
++ default:
++ return;
++ }
+ pci_info(dev, "disabled boot interrupts on device [%04x:%04x]\n",
+ dev->vendor, dev->device);
+ }
+-DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ESB_10, quirk_disable_intel_boot_interrupt);
+-DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ESB_10, quirk_disable_intel_boot_interrupt);
++/*
++ * Device 29 Func 5 Device IDs of IO-APIC
++ * containing ABAR—APIC1 Alternate Base Address Register
++ */
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ESB_10,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ESB_10,
++ quirk_disable_intel_boot_interrupt);
++
++/*
++ * Device 5 Func 0 Device IDs of Core IO modules/hubs
++ * containing Coherent Interface Protocol Interrupt Control
++ *
++ * Device IDs obtained from volume 2 datasheets of commented
++ * families above.
++ */
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x3c28,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x0e28,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x2f28,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x6f28,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x2034,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_INTEL, 0x3c28,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_INTEL, 0x0e28,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_INTEL, 0x2f28,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_INTEL, 0x6f28,
++ quirk_disable_intel_boot_interrupt);
++DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_INTEL, 0x2034,
++ quirk_disable_intel_boot_interrupt);
+
+ /* Disable boot interrupts on HT-1000 */
+ #define BC_HT1000_FEATURE_REG 0x64
--- /dev/null
+From 58a3862a10a317a81097ab0c78aecebabb1704f5 Mon Sep 17 00:00:00 2001
+From: Yicong Yang <yangyicong@hisilicon.com>
+Date: Fri, 13 Mar 2020 17:53:47 +0800
+Subject: PCI/ASPM: Clear the correct bits when enabling L1 substates
+
+From: Yicong Yang <yangyicong@hisilicon.com>
+
+commit 58a3862a10a317a81097ab0c78aecebabb1704f5 upstream.
+
+In pcie_config_aspm_l1ss(), we cleared the wrong bits when enabling ASPM L1
+Substates. Instead of the L1.x enable bits (PCI_L1SS_CTL1_L1SS_MASK, 0xf), we
+cleared the Link Activation Interrupt Enable bit (PCI_L1SS_CAP_L1_PM_SS,
+0x10).
+
+Clear the L1.x enable bits before writing the new L1.x configuration.
+
+[bhelgaas: changelog]
+Fixes: aeda9adebab8 ("PCI/ASPM: Configure L1 substate settings")
+Link: https://lore.kernel.org/r/1584093227-1292-1-git-send-email-yangyicong@hisilicon.com
+Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+CC: stable@vger.kernel.org # v4.11+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/pcie/aspm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/pci/pcie/aspm.c
++++ b/drivers/pci/pcie/aspm.c
+@@ -742,9 +742,9 @@ static void pcie_config_aspm_l1ss(struct
+
+ /* Enable what we need to enable */
+ pci_clear_and_set_dword(parent, up_cap_ptr + PCI_L1SS_CTL1,
+- PCI_L1SS_CAP_L1_PM_SS, val);
++ PCI_L1SS_CTL1_L1SS_MASK, val);
+ pci_clear_and_set_dword(child, dw_cap_ptr + PCI_L1SS_CTL1,
+- PCI_L1SS_CAP_L1_PM_SS, val);
++ PCI_L1SS_CTL1_L1SS_MASK, val);
+ }
+
+ static void pcie_config_aspm_dev(struct pci_dev *pdev, u32 val)
--- /dev/null
+From 04e046ca57ebed3943422dee10eec9e73aec081e Mon Sep 17 00:00:00 2001
+From: Kishon Vijay Abraham I <kishon@ti.com>
+Date: Mon, 24 Feb 2020 15:23:36 +0530
+Subject: PCI: endpoint: Fix for concurrent memory allocation in OB address region
+
+From: Kishon Vijay Abraham I <kishon@ti.com>
+
+commit 04e046ca57ebed3943422dee10eec9e73aec081e upstream.
+
+pci-epc-mem uses a bitmap to manage the Endpoint outbound (OB) address
+region. This address region will be shared by multiple endpoint
+functions (in the case of multi function endpoint) and it has to be
+protected from concurrent access to avoid updating an inconsistent state.
+
+Use a mutex to protect bitmap updates to prevent the memory
+allocation API from returning incorrect addresses.
+
+Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
+Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
+Cc: stable@vger.kernel.org # v4.14+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/endpoint/pci-epc-mem.c | 10 ++++++++--
+ include/linux/pci-epc.h | 3 +++
+ 2 files changed, 11 insertions(+), 2 deletions(-)
+
+--- a/drivers/pci/endpoint/pci-epc-mem.c
++++ b/drivers/pci/endpoint/pci-epc-mem.c
+@@ -79,6 +79,7 @@ int __pci_epc_mem_init(struct pci_epc *e
+ mem->page_size = page_size;
+ mem->pages = pages;
+ mem->size = size;
++ mutex_init(&mem->lock);
+
+ epc->mem = mem;
+
+@@ -122,7 +123,7 @@ void __iomem *pci_epc_mem_alloc_addr(str
+ phys_addr_t *phys_addr, size_t size)
+ {
+ int pageno;
+- void __iomem *virt_addr;
++ void __iomem *virt_addr = NULL;
+ struct pci_epc_mem *mem = epc->mem;
+ unsigned int page_shift = ilog2(mem->page_size);
+ int order;
+@@ -130,15 +131,18 @@ void __iomem *pci_epc_mem_alloc_addr(str
+ size = ALIGN(size, mem->page_size);
+ order = pci_epc_mem_get_order(mem, size);
+
++ mutex_lock(&mem->lock);
+ pageno = bitmap_find_free_region(mem->bitmap, mem->pages, order);
+ if (pageno < 0)
+- return NULL;
++ goto ret;
+
+ *phys_addr = mem->phys_base + (pageno << page_shift);
+ virt_addr = ioremap(*phys_addr, size);
+ if (!virt_addr)
+ bitmap_release_region(mem->bitmap, pageno, order);
+
++ret:
++ mutex_unlock(&mem->lock);
+ return virt_addr;
+ }
+ EXPORT_SYMBOL_GPL(pci_epc_mem_alloc_addr);
+@@ -164,7 +168,9 @@ void pci_epc_mem_free_addr(struct pci_ep
+ pageno = (phys_addr - mem->phys_base) >> page_shift;
+ size = ALIGN(size, mem->page_size);
+ order = pci_epc_mem_get_order(mem, size);
++ mutex_lock(&mem->lock);
+ bitmap_release_region(mem->bitmap, pageno, order);
++ mutex_unlock(&mem->lock);
+ }
+ EXPORT_SYMBOL_GPL(pci_epc_mem_free_addr);
+
+--- a/include/linux/pci-epc.h
++++ b/include/linux/pci-epc.h
+@@ -71,6 +71,7 @@ struct pci_epc_ops {
+ * @bitmap: bitmap to manage the PCI address space
+ * @pages: number of bits representing the address region
+ * @page_size: size of each page
++ * @lock: mutex to protect bitmap
+ */
+ struct pci_epc_mem {
+ phys_addr_t phys_base;
+@@ -78,6 +79,8 @@ struct pci_epc_mem {
+ unsigned long *bitmap;
+ size_t page_size;
+ int pages;
++ /* mutex to protect against concurrent access for memory allocation*/
++ struct mutex lock;
+ };
+
+ /**
--- /dev/null
+From 3e487d2e4aa466decd226353755c9d423e8fbacc Mon Sep 17 00:00:00 2001
+From: Lukas Wunner <lukas@wunner.de>
+Date: Wed, 18 Mar 2020 12:33:12 +0100
+Subject: PCI: pciehp: Fix indefinite wait on sysfs requests
+
+From: Lukas Wunner <lukas@wunner.de>
+
+commit 3e487d2e4aa466decd226353755c9d423e8fbacc upstream.
+
+David Hoyer reports that powering pciehp slots up or down via sysfs may
+hang: The call to wait_event() in pciehp_sysfs_enable_slot() and
+_disable_slot() does not return because ctrl->ist_running remains true.
+
+This flag, which was introduced by commit 157c1062fcd8 ("PCI: pciehp: Avoid
+returning prematurely from sysfs requests"), signifies that the IRQ thread
+pciehp_ist() is running. It is set to true at the top of pciehp_ist() and
+reset to false at the end. However there are two additional return
+statements in pciehp_ist() before which the commit neglected to reset the
+flag to false and wake up waiters for the flag.
+
+That omission opens up the following race when powering up the slot:
+
+* pciehp_ist() runs because a PCI_EXP_SLTSTA_PDC event was requested
+ by pciehp_sysfs_enable_slot()
+
+* pciehp_ist() turns on slot power via the following call stack:
+ pciehp_handle_presence_or_link_change() -> pciehp_enable_slot() ->
+ __pciehp_enable_slot() -> board_added() -> pciehp_power_on_slot()
+
+* after slot power is turned on, the link comes up, resulting in a
+ PCI_EXP_SLTSTA_DLLSC event
+
+* the IRQ handler pciehp_isr() stores the event in ctrl->pending_events
+ and returns IRQ_WAKE_THREAD
+
+* the IRQ thread is already woken (it's bringing up the slot), but the
+ genirq code remembers to re-run the IRQ thread after it has finished
+ (such that it can deal with the new event) by setting IRQTF_RUNTHREAD
+ via __handle_irq_event_percpu() -> __irq_wake_thread()
+
+* the IRQ thread removes PCI_EXP_SLTSTA_DLLSC from ctrl->pending_events
+ via board_added() -> pciehp_check_link_status() in order to deal with
+ presence and link flaps per commit 6c35a1ac3da6 ("PCI: pciehp:
+ Tolerate initially unstable link")
+
+* after pciehp_ist() has successfully brought up the slot, it resets
+ ctrl->ist_running to false and wakes up the sysfs requester
+
+* the genirq code re-runs pciehp_ist(), which sets ctrl->ist_running
+ to true but then returns with IRQ_NONE because ctrl->pending_events
+ is empty
+
+* pciehp_sysfs_enable_slot() is finally woken but notices that
+ ctrl->ist_running is true, hence continues waiting
+
+The only way to get the hung task going again is to trigger a hotplug
+event which brings down the slot, e.g. by yanking out the card.
+
+The same race exists when powering down the slot because remove_board()
+likewise clears link or presence changes in ctrl->pending_events per commit
+3943af9d01e9 ("PCI: pciehp: Ignore Link State Changes after powering off a
+slot") and thereby may cause a re-run of pciehp_ist() which returns with
+IRQ_NONE without resetting ctrl->ist_running to false.
+
+Fix by adding a goto label before the teardown steps at the end of
+pciehp_ist() and jumping to that label from the two return statements which
+currently neglect to reset the ctrl->ist_running flag.
+
+Fixes: 157c1062fcd8 ("PCI: pciehp: Avoid returning prematurely from sysfs requests")
+Link: https://lore.kernel.org/r/cca1effa488065cb055120aa01b65719094bdcb5.1584530321.git.lukas@wunner.de
+Reported-by: David Hoyer <David.Hoyer@netapp.com>
+Signed-off-by: Lukas Wunner <lukas@wunner.de>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Reviewed-by: Keith Busch <kbusch@kernel.org>
+Cc: stable@vger.kernel.org # v4.19+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/hotplug/pciehp_hpc.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+--- a/drivers/pci/hotplug/pciehp_hpc.c
++++ b/drivers/pci/hotplug/pciehp_hpc.c
+@@ -590,17 +590,15 @@ static irqreturn_t pciehp_ist(int irq, v
+ if (atomic_fetch_and(~RERUN_ISR, &ctrl->pending_events) & RERUN_ISR) {
+ ret = pciehp_isr(irq, dev_id);
+ enable_irq(irq);
+- if (ret != IRQ_WAKE_THREAD) {
+- pci_config_pm_runtime_put(pdev);
+- return ret;
+- }
++ if (ret != IRQ_WAKE_THREAD)
++ goto out;
+ }
+
+ synchronize_hardirq(irq);
+ events = atomic_xchg(&ctrl->pending_events, 0);
+ if (!events) {
+- pci_config_pm_runtime_put(pdev);
+- return IRQ_NONE;
++ ret = IRQ_NONE;
++ goto out;
+ }
+
+ /* Check Attention Button Pressed */
+@@ -629,10 +627,12 @@ static irqreturn_t pciehp_ist(int irq, v
+ pciehp_handle_presence_or_link_change(ctrl, events);
+ up_read(&ctrl->reset_lock);
+
++ ret = IRQ_HANDLED;
++out:
+ pci_config_pm_runtime_put(pdev);
+ ctrl->ist_running = false;
+ wake_up(&ctrl->requester);
+- return IRQ_HANDLED;
++ return ret;
+ }
+
+ static int pciehp_poll(void *data)
--- /dev/null
+From 604f3956524a6a53c1e3dd27b4b685b664d181ec Mon Sep 17 00:00:00 2001
+From: Bjorn Andersson <bjorn.andersson@linaro.org>
+Date: Thu, 26 Dec 2019 17:27:17 -0800
+Subject: PCI: qcom: Fix the fixup of PCI_VENDOR_ID_QCOM
+
+From: Bjorn Andersson <bjorn.andersson@linaro.org>
+
+commit 604f3956524a6a53c1e3dd27b4b685b664d181ec upstream.
+
+There exists non-bridge PCIe devices with PCI_VENDOR_ID_QCOM, so limit
+the fixup to only affect the relevant PCIe bridges.
+
+Fixes: 322f03436692 ("PCI: qcom: Use default config space read function")
+Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
+Acked-by: Stanimir Varbanov <svarbanov@mm-sol.com>
+Cc: stable@vger.kernel.org # v5.2+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pci/controller/dwc/pcie-qcom.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/drivers/pci/controller/dwc/pcie-qcom.c
++++ b/drivers/pci/controller/dwc/pcie-qcom.c
+@@ -1289,7 +1289,13 @@ static void qcom_fixup_class(struct pci_
+ {
+ dev->class = PCI_CLASS_BRIDGE_PCI << 8;
+ }
+-DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_QCOM, PCI_ANY_ID, qcom_fixup_class);
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_QCOM, 0x0101, qcom_fixup_class);
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_QCOM, 0x0104, qcom_fixup_class);
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_QCOM, 0x0106, qcom_fixup_class);
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_QCOM, 0x0107, qcom_fixup_class);
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_QCOM, 0x0302, qcom_fixup_class);
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_QCOM, 0x1000, qcom_fixup_class);
++DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_QCOM, 0x1001, qcom_fixup_class);
+
+ static struct platform_driver qcom_pcie_driver = {
+ .probe = qcom_pcie_probe,
--- /dev/null
+From fe61468b2cbc2b7ce5f8d3bf32ae5001d4c434e9 Mon Sep 17 00:00:00 2001
+From: Vincent Guittot <vincent.guittot@linaro.org>
+Date: Fri, 6 Mar 2020 14:52:57 +0100
+Subject: sched/fair: Fix enqueue_task_fair warning
+
+From: Vincent Guittot <vincent.guittot@linaro.org>
+
+commit fe61468b2cbc2b7ce5f8d3bf32ae5001d4c434e9 upstream.
+
+When a cfs rq is throttled, the latter and its child are removed from the
+leaf list but their nr_running is not changed which includes staying higher
+than 1. When a task is enqueued in this throttled branch, the cfs rqs must
+be added back in order to ensure correct ordering in the list but this can
+only happens if nr_running == 1.
+When cfs bandwidth is used, we call unconditionnaly list_add_leaf_cfs_rq()
+when enqueuing an entity to make sure that the complete branch will be
+added.
+
+Similarly unthrottle_cfs_rq() can stop adding cfs in the list when a parent
+is throttled. Iterate the remaining entity to ensure that the complete
+branch will be added in the list.
+
+Reported-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
+Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
+Tested-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
+Cc: stable@vger.kernel.org
+Cc: stable@vger.kernel.org #v5.1+
+Link: https://lkml.kernel.org/r/20200306135257.25044-1-vincent.guittot@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/sched/fair.c | 26 ++++++++++++++++++++++----
+ 1 file changed, 22 insertions(+), 4 deletions(-)
+
+--- a/kernel/sched/fair.c
++++ b/kernel/sched/fair.c
+@@ -3927,6 +3927,7 @@ static inline void check_schedstat_requi
+ #endif
+ }
+
++static inline bool cfs_bandwidth_used(void);
+
+ /*
+ * MIGRATION
+@@ -4005,10 +4006,16 @@ enqueue_entity(struct cfs_rq *cfs_rq, st
+ __enqueue_entity(cfs_rq, se);
+ se->on_rq = 1;
+
+- if (cfs_rq->nr_running == 1) {
++ /*
++ * When bandwidth control is enabled, cfs might have been removed
++ * because of a parent been throttled but cfs->nr_running > 1. Try to
++ * add it unconditionnally.
++ */
++ if (cfs_rq->nr_running == 1 || cfs_bandwidth_used())
+ list_add_leaf_cfs_rq(cfs_rq);
++
++ if (cfs_rq->nr_running == 1)
+ check_enqueue_throttle(cfs_rq);
+- }
+ }
+
+ static void __clear_buddies_last(struct sched_entity *se)
+@@ -4589,11 +4596,22 @@ void unthrottle_cfs_rq(struct cfs_rq *cf
+ break;
+ }
+
+- assert_list_leaf_cfs_rq(rq);
+-
+ if (!se)
+ add_nr_running(rq, task_delta);
+
++ /*
++ * The cfs_rq_throttled() breaks in the above iteration can result in
++ * incomplete leaf list maintenance, resulting in triggering the
++ * assertion below.
++ */
++ for_each_sched_entity(se) {
++ cfs_rq = cfs_rq_of(se);
++
++ list_add_leaf_cfs_rq(cfs_rq);
++ }
++
++ assert_list_leaf_cfs_rq(rq);
++
+ /* Determine whether we need to wake up potentially idle CPU: */
+ if (rq->curr == rq->idle && rq->cfs.nr_running)
+ resched_curr(rq);
--- /dev/null
+From 3db81afd99494a33f1c3839103f0429c8f30cb9d Mon Sep 17 00:00:00 2001
+From: Sven Schnelle <svens@linux.ibm.com>
+Date: Tue, 10 Mar 2020 13:33:32 +0100
+Subject: seccomp: Add missing compat_ioctl for notify
+
+From: Sven Schnelle <svens@linux.ibm.com>
+
+commit 3db81afd99494a33f1c3839103f0429c8f30cb9d upstream.
+
+Executing the seccomp_bpf testsuite under a 64-bit kernel with 32-bit
+userland (both s390 and x86) doesn't work because there's no compat_ioctl
+handler defined. Add the handler.
+
+Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
+Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20200310123332.42255-1-svens@linux.ibm.com
+Signed-off-by: Kees Cook <keescook@chromium.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/seccomp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/kernel/seccomp.c
++++ b/kernel/seccomp.c
+@@ -1205,6 +1205,7 @@ static const struct file_operations secc
+ .poll = seccomp_notify_poll,
+ .release = seccomp_notify_release,
+ .unlocked_ioctl = seccomp_notify_ioctl,
++ .compat_ioctl = seccomp_notify_ioctl,
+ };
+
+ static struct file *init_listener(struct seccomp_filter *filter)
media-hantro-read-be32-words-starting-at-every-fourth-byte.patch
media-ti-vpe-cal-fix-disable_irqs-to-only-the-intended-target.patch
media-ti-vpe-cal-fix-a-kernel-oops-when-unloading-module.patch
+seccomp-add-missing-compat_ioctl-for-notify.patch
+acpi-x86-ignore-unspecified-bit-positions-in-the-acpi-global-lock-field.patch
+acpica-allow-acpi_any_gpe_status_set-to-skip-one-gpe.patch
+acpi-pm-s2idle-refine-active-gpes-check.patch
+thermal-devfreq_cooling-inline-all-stubs-for-config_devfreq_thermal-n.patch
+nvmet-tcp-fix-maxh2cdata-icresp-parameter.patch
+nvme-fc-revert-add-module-to-ops-template-to-allow-module-references.patch
+efi-x86-add-tpm-related-efi-tables-to-unencrypted-mapping-checks.patch
+pci-pciehp-fix-indefinite-wait-on-sysfs-requests.patch
+pci-aspm-clear-the-correct-bits-when-enabling-l1-substates.patch
+pci-add-boot-interrupt-quirk-mechanism-for-xeon-chipsets.patch
+pci-qcom-fix-the-fixup-of-pci_vendor_id_qcom.patch
+pci-endpoint-fix-for-concurrent-memory-allocation-in-ob-address-region.patch
+sched-fair-fix-enqueue_task_fair-warning.patch
+tpm-don-t-make-log-failures-fatal.patch
+tpm-tpm1_bios_measurements_next-should-increase-position-index.patch
+tpm-tpm2_bios_measurements_next-should-increase-position-index.patch
+keys-reaching-the-keys-quotas-correctly.patch
--- /dev/null
+From 3f5b9959041e0db6dacbea80bb833bff5900999f Mon Sep 17 00:00:00 2001
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Date: Fri, 3 Apr 2020 22:51:33 +0200
+Subject: thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
+
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+
+commit 3f5b9959041e0db6dacbea80bb833bff5900999f upstream.
+
+When CONFIG_DEVFREQ_THERMAL is disabled all functions except
+of_devfreq_cooling_register_power() were already inlined. Also inline
+the last function to avoid compile errors when multiple drivers call
+of_devfreq_cooling_register_power() when CONFIG_DEVFREQ_THERMAL is not
+set. Compilation failed with the following message:
+ multiple definition of `of_devfreq_cooling_register_power'
+(which then lists all usages of of_devfreq_cooling_register_power())
+
+Thomas Zimmermann reported this problem [0] on a kernel config with
+CONFIG_DRM_LIMA={m,y}, CONFIG_DRM_PANFROST={m,y} and
+CONFIG_DEVFREQ_THERMAL=n after both, the lima and panfrost drivers
+gained devfreq cooling support.
+
+[0] https://www.spinics.net/lists/dri-devel/msg252825.html
+
+Fixes: a76caf55e5b356 ("thermal: Add devfreq cooling")
+Cc: stable@vger.kernel.org
+Reported-by: Thomas Zimmermann <tzimmermann@suse.de>
+Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Tested-by: Thomas Zimmermann <tzimmermann@suse.de>
+Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
+Link: https://lore.kernel.org/r/20200403205133.1101808-1-martin.blumenstingl@googlemail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/devfreq_cooling.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/include/linux/devfreq_cooling.h
++++ b/include/linux/devfreq_cooling.h
+@@ -75,7 +75,7 @@ void devfreq_cooling_unregister(struct t
+
+ #else /* !CONFIG_DEVFREQ_THERMAL */
+
+-struct thermal_cooling_device *
++static inline struct thermal_cooling_device *
+ of_devfreq_cooling_register_power(struct device_node *np, struct devfreq *df,
+ struct devfreq_cooling_power *dfc_power)
+ {
--- /dev/null
+From 805fa88e0780b7ce1cc9b649dd91a0a7164c6eb4 Mon Sep 17 00:00:00 2001
+From: Matthew Garrett <matthewgarrett@google.com>
+Date: Thu, 2 Jan 2020 13:55:18 -0800
+Subject: tpm: Don't make log failures fatal
+
+From: Matthew Garrett <matthewgarrett@google.com>
+
+commit 805fa88e0780b7ce1cc9b649dd91a0a7164c6eb4 upstream.
+
+If a TPM is in disabled state, it's reasonable for it to have an empty
+log. Bailing out of probe in this case means that the PPI interface
+isn't available, so there's no way to then enable the TPM from the OS.
+In general it seems reasonable to ignore log errors - they shouldn't
+interfere with any other TPM functionality.
+
+Signed-off-by: Matthew Garrett <matthewgarrett@google.com>
+Cc: stable@vger.kernel.org # 4.19.x
+Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/eventlog/common.c | 12 ++++--------
+ drivers/char/tpm/tpm-chip.c | 4 +---
+ drivers/char/tpm/tpm.h | 2 +-
+ 3 files changed, 6 insertions(+), 12 deletions(-)
+
+--- a/drivers/char/tpm/eventlog/common.c
++++ b/drivers/char/tpm/eventlog/common.c
+@@ -99,11 +99,8 @@ static int tpm_read_log(struct tpm_chip
+ *
+ * If an event log is found then the securityfs files are setup to
+ * export it to userspace, otherwise nothing is done.
+- *
+- * Returns -ENODEV if the firmware has no event log or securityfs is not
+- * supported.
+ */
+-int tpm_bios_log_setup(struct tpm_chip *chip)
++void tpm_bios_log_setup(struct tpm_chip *chip)
+ {
+ const char *name = dev_name(&chip->dev);
+ unsigned int cnt;
+@@ -112,7 +109,7 @@ int tpm_bios_log_setup(struct tpm_chip *
+
+ rc = tpm_read_log(chip);
+ if (rc < 0)
+- return rc;
++ return;
+ log_version = rc;
+
+ cnt = 0;
+@@ -158,13 +155,12 @@ int tpm_bios_log_setup(struct tpm_chip *
+ cnt++;
+ }
+
+- return 0;
++ return;
+
+ err:
+- rc = PTR_ERR(chip->bios_dir[cnt]);
+ chip->bios_dir[cnt] = NULL;
+ tpm_bios_log_teardown(chip);
+- return rc;
++ return;
+ }
+
+ void tpm_bios_log_teardown(struct tpm_chip *chip)
+--- a/drivers/char/tpm/tpm-chip.c
++++ b/drivers/char/tpm/tpm-chip.c
+@@ -596,9 +596,7 @@ int tpm_chip_register(struct tpm_chip *c
+
+ tpm_sysfs_add_device(chip);
+
+- rc = tpm_bios_log_setup(chip);
+- if (rc != 0 && rc != -ENODEV)
+- return rc;
++ tpm_bios_log_setup(chip);
+
+ tpm_add_ppi(chip);
+
+--- a/drivers/char/tpm/tpm.h
++++ b/drivers/char/tpm/tpm.h
+@@ -464,7 +464,7 @@ int tpm2_prepare_space(struct tpm_chip *
+ int tpm2_commit_space(struct tpm_chip *chip, struct tpm_space *space, void *buf,
+ size_t *bufsiz);
+
+-int tpm_bios_log_setup(struct tpm_chip *chip);
++void tpm_bios_log_setup(struct tpm_chip *chip);
+ void tpm_bios_log_teardown(struct tpm_chip *chip);
+ int tpm_dev_common_init(void);
+ void tpm_dev_common_exit(void);
--- /dev/null
+From d7a47b96ed1102551eb7325f97937e276fb91045 Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Tue, 25 Feb 2020 09:26:08 +0300
+Subject: tpm: tpm1_bios_measurements_next should increase position index
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+commit d7a47b96ed1102551eb7325f97937e276fb91045 upstream.
+
+If .next function does not change position index,
+following .show function will repeat output related
+to current position index.
+
+In case of /sys/kernel/security/tpm0/ascii_bios_measurements
+and binary_bios_measurements:
+1) read after lseek beyound end of file generates whole last line.
+2) read after lseek to middle of last line generates
+expected end of last line and unexpected whole last line once again.
+
+Cc: stable@vger.kernel.org # 4.19.x
+Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206283
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/eventlog/tpm1.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/tpm/eventlog/tpm1.c
++++ b/drivers/char/tpm/eventlog/tpm1.c
+@@ -115,6 +115,7 @@ static void *tpm1_bios_measurements_next
+ u32 converted_event_size;
+ u32 converted_event_type;
+
++ (*pos)++;
+ converted_event_size = do_endian_conversion(event->event_size);
+
+ v += sizeof(struct tcpa_event) + converted_event_size;
+@@ -132,7 +133,6 @@ static void *tpm1_bios_measurements_next
+ ((v + sizeof(struct tcpa_event) + converted_event_size) > limit))
+ return NULL;
+
+- (*pos)++;
+ return v;
+ }
+
--- /dev/null
+From f9bf8adb55cd5a357b247a16aafddf8c97b276e0 Mon Sep 17 00:00:00 2001
+From: Vasily Averin <vvs@virtuozzo.com>
+Date: Tue, 25 Feb 2020 09:26:22 +0300
+Subject: tpm: tpm2_bios_measurements_next should increase position index
+
+From: Vasily Averin <vvs@virtuozzo.com>
+
+commit f9bf8adb55cd5a357b247a16aafddf8c97b276e0 upstream.
+
+If .next function does not change position index,
+following .show function will repeat output related
+to current position index.
+
+For /sys/kernel/security/tpm0/binary_bios_measurements:
+1) read after lseek beyound end of file generates whole last line.
+2) read after lseek to middle of last line generates
+expected end of last line and unexpected whole last line once again.
+
+Cc: stable@vger.kernel.org # 4.19.x
+Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...")
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=206283
+Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
+Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/eventlog/tpm2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/tpm/eventlog/tpm2.c
++++ b/drivers/char/tpm/eventlog/tpm2.c
+@@ -94,6 +94,7 @@ static void *tpm2_bios_measurements_next
+ size_t event_size;
+ void *marker;
+
++ (*pos)++;
+ event_header = log->bios_event_log;
+
+ if (v == SEQ_START_TOKEN) {
+@@ -118,7 +119,6 @@ static void *tpm2_bios_measurements_next
+ if (((v + event_size) >= limit) || (event_size == 0))
+ return NULL;
+
+- (*pos)++;
+ return v;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
