--- /dev/null
+From 7a1646d922577b5b48c0d222e03831141664bb59 Mon Sep 17 00:00:00 2001
+From: Jack Stocker <jackstocker.93@gmail.com>
+Date: Thu, 15 Feb 2018 18:24:10 +0000
+Subject: Add delay-init quirk for Corsair K70 RGB keyboards
+
+From: Jack Stocker <jackstocker.93@gmail.com>
+
+commit 7a1646d922577b5b48c0d222e03831141664bb59 upstream.
+
+Following on from this patch: https://lkml.org/lkml/2017/11/3/516,
+Corsair K70 RGB keyboards also require the DELAY_INIT quirk to
+start correctly at boot.
+
+Device ids found here:
+usb 3-3: New USB device found, idVendor=1b1c, idProduct=1b13
+usb 3-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
+usb 3-3: Product: Corsair K70 RGB Gaming Keyboard
+
+Signed-off-by: Jack Stocker <jackstocker.93@gmail.com>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/core/quirks.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/usb/core/quirks.c
++++ b/drivers/usb/core/quirks.c
+@@ -225,6 +225,9 @@ static const struct usb_device_id usb_qu
+ { USB_DEVICE(0x1a0a, 0x0200), .driver_info =
+ USB_QUIRK_LINEAR_UFRAME_INTR_BINTERVAL },
+
++ /* Corsair K70 RGB */
++ { USB_DEVICE(0x1b1c, 0x1b13), .driver_info = USB_QUIRK_DELAY_INIT },
++
+ /* Corsair Strafe RGB */
+ { USB_DEVICE(0x1b1c, 0x1b20), .driver_info = USB_QUIRK_DELAY_INIT },
+
--- /dev/null
+From 5ee39a71fd89ab7240c5339d04161c44a8e03269 Mon Sep 17 00:00:00 2001
+From: Michael Weiser <michael.weiser@gmx.de>
+Date: Thu, 1 Feb 2018 23:13:38 +0100
+Subject: arm64: Disable unhandled signal log messages by default
+
+From: Michael Weiser <michael.weiser@gmx.de>
+
+commit 5ee39a71fd89ab7240c5339d04161c44a8e03269 upstream.
+
+aarch64 unhandled signal kernel messages are very verbose, suggesting
+them to be more of a debugging aid:
+
+sigsegv[33]: unhandled level 2 translation fault (11) at 0x00000000, esr
+0x92000046, in sigsegv[400000+71000]
+CPU: 1 PID: 33 Comm: sigsegv Tainted: G W 4.15.0-rc3+ #3
+Hardware name: linux,dummy-virt (DT)
+pstate: 60000000 (nZCv daif -PAN -UAO)
+pc : 0x4003f4
+lr : 0x4006bc
+sp : 0000fffffe94a060
+x29: 0000fffffe94a070 x28: 0000000000000000
+x27: 0000000000000000 x26: 0000000000000000
+x25: 0000000000000000 x24: 00000000004001b0
+x23: 0000000000486ac8 x22: 00000000004001c8
+x21: 0000000000000000 x20: 0000000000400be8
+x19: 0000000000400b30 x18: 0000000000484728
+x17: 000000000865ffc8 x16: 000000000000270f
+x15: 00000000000000b0 x14: 0000000000000002
+x13: 0000000000000001 x12: 0000000000000000
+x11: 0000000000000000 x10: 0008000020008008
+x9 : 000000000000000f x8 : ffffffffffffffff
+x7 : 0004000000000000 x6 : ffffffffffffffff
+x5 : 0000000000000000 x4 : 0000000000000000
+x3 : 00000000004003e4 x2 : 0000fffffe94a1e8
+x1 : 000000000000000a x0 : 0000000000000000
+
+Disable them by default, so they can be enabled using
+/proc/sys/debug/exception-trace.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
+Signed-off-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/kernel/traps.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/kernel/traps.c
++++ b/arch/arm64/kernel/traps.c
+@@ -49,7 +49,7 @@ static const char *handler[]= {
+ "Error"
+ };
+
+-int show_unhandled_signals = 1;
++int show_unhandled_signals = 0;
+
+ /*
+ * Dump out the contents of some memory nicely...
+++ /dev/null
-From ard.biesheuvel@linaro.org Mon Feb 26 13:53:22 2018
-From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-Date: Fri, 23 Feb 2018 18:29:02 +0000
-Subject: arm64: mm: don't write garbage into TTBR1_EL1 register
-To: linux-arm-kernel@lists.infradead.org
-Cc: catalin.marinas@arm.com, will.deacon@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, nicolas.dechesne@linaro.org, gregkh@linuxfoundation.org, Ard Biesheuvel <ard.biesheuvel@linaro.org>
-Message-ID: <20180223182902.24873-1-ard.biesheuvel@linaro.org>
-
-From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-
-Stable backport commit 173358a49173 ("arm64: kpti: Add ->enable callback
-to remap swapper using nG mappings") of upstream commit f992b4dfd58b did
-not survive the backporting process unscathed, and ends up writing garbage
-into the TTBR1_EL1 register, rather than pointing it to the zero page to
-disable translations. Fix that.
-
-Cc: <stable@vger.kernel.org> #v4.14
-Reported-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
-Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-Acked-by: Will Deacon <will.deacon@arm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/mm/proc.S | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
-index 08572f95bd8a..2b473ddeb7a3 100644
---- a/arch/arm64/mm/proc.S
-+++ b/arch/arm64/mm/proc.S
-@@ -155,7 +155,7 @@ ENDPROC(cpu_do_switch_mm)
-
- .macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
- adrp \tmp1, empty_zero_page
-- msr ttbr1_el1, \tmp2
-+ msr ttbr1_el1, \tmp1
- isb
- tlbi vmalle1
- dsb nsh
---
-2.11.0
-
--- /dev/null
+From bee92d06157fc39d5d7836a061c7d41289a55797 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Fri, 2 Feb 2018 16:31:23 +0100
+Subject: cfg80211: fix cfg80211_beacon_dup
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit bee92d06157fc39d5d7836a061c7d41289a55797 upstream.
+
+gcc-8 warns about some obviously incorrect code:
+
+net/mac80211/cfg.c: In function 'cfg80211_beacon_dup':
+net/mac80211/cfg.c:2896:3: error: 'memcpy' source argument is the same as destination [-Werror=restrict]
+
+From the context, I conclude that we want to copy from beacon into
+new_beacon, as we do in the rest of the function.
+
+Cc: stable@vger.kernel.org
+Fixes: 73da7d5bab79 ("mac80211: add channel switch command and beacon callbacks")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/cfg.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -2877,7 +2877,7 @@ cfg80211_beacon_dup(struct cfg80211_beac
+ }
+ if (beacon->probe_resp_len) {
+ new_beacon->probe_resp_len = beacon->probe_resp_len;
+- beacon->probe_resp = pos;
++ new_beacon->probe_resp = pos;
+ memcpy(pos, beacon->probe_resp, beacon->probe_resp_len);
+ pos += beacon->probe_resp_len;
+ }
--- /dev/null
+From 458d876eb869d5a88b53074c6c271b8b9adc0f07 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Mon, 22 Jan 2018 23:13:32 -0500
+Subject: drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit 458d876eb869d5a88b53074c6c271b8b9adc0f07 upstream.
+
+We only support vga_switcheroo and runtime pm on PX/HG systems
+so forcing runpm to 1 doesn't do anything useful anyway.
+
+Only call vga_switcheroo_init_domain_pm_ops() for PX/HG so
+that the cleanup path is correct as well. This mirrors what
+radeon does as well.
+
+v2: rework the patch originally sent by Lukas (Alex)
+
+Acked-by: Lukas Wunner <lukas@wunner.de>
+Reported-by: Lukas Wunner <lukas@wunner.de>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Lukas Wunner <lukas@wunner.de> (v1)
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+@@ -1467,8 +1467,6 @@ int amdgpu_device_init(struct amdgpu_dev
+ * ignore it */
+ vga_client_register(adev->pdev, adev, NULL, amdgpu_vga_set_decode);
+
+- if (amdgpu_runtime_pm == 1)
+- runtime = true;
+ if (amdgpu_device_is_px(ddev))
+ runtime = true;
+ vga_switcheroo_register_client(adev->pdev, &amdgpu_switcheroo_ops, runtime);
--- /dev/null
+From 06998a756a3865817b87a129a7e5d5bb66dc1ec3 Mon Sep 17 00:00:00 2001
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Date: Sun, 18 Feb 2018 16:53:59 +0800
+Subject: drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
+
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+
+commit 06998a756a3865817b87a129a7e5d5bb66dc1ec3 upstream.
+
+Similar to commit e10aec652f31 ("drm/edid: Add 6 bpc quirk for display
+AEO model 0."), the EDID reports "DFP 1.x compliant TMDS" but it support
+6bpc instead of 8 bpc.
+
+Hence, use 6 bpc quirk for this panel.
+
+Fixes: 196f954e2509 ("drm/i915/dp: Revert "drm/i915/dp: fall back to 18 bpp when sink capability is unknown"")
+BugLink: https://bugs.launchpad.net/bugs/1749420
+Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Reviewed-by: Mario Kleiner <mario.kleiner.de@gmail.com>
+Cc: <stable@vger.kernel.org> # v4.8+
+Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Link: https://patchwork.freedesktop.org/patch/msgid/20180218085359.7817-1-kai.heng.feng@canonical.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/drm_edid.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/gpu/drm/drm_edid.c
++++ b/drivers/gpu/drm/drm_edid.c
+@@ -106,6 +106,9 @@ static struct edid_quirk {
+ /* AEO model 0 reports 8 bpc, but is a 6 bpc panel */
+ { "AEO", 0, EDID_QUIRK_FORCE_6BPC },
+
++ /* CPT panel of Asus UX303LA reports 8 bpc, but is a 6 bpc panel */
++ { "CPT", 0x17df, EDID_QUIRK_FORCE_6BPC },
++
+ /* Belinea 10 15 55 */
+ { "MAX", 1516, EDID_QUIRK_PREFER_LARGE_60 },
+ { "MAX", 0x77e, EDID_QUIRK_PREFER_LARGE_60 },
--- /dev/null
+From f027e0b3a774e10302207e91d304bbf99e3a8b36 Mon Sep 17 00:00:00 2001
+From: Lars-Peter Clausen <lars@metafoo.de>
+Date: Wed, 14 Feb 2018 15:43:00 +0100
+Subject: iio: adis_lib: Initialize trigger before requesting interrupt
+
+From: Lars-Peter Clausen <lars@metafoo.de>
+
+commit f027e0b3a774e10302207e91d304bbf99e3a8b36 upstream.
+
+The adis_probe_trigger() creates a new IIO trigger and requests an
+interrupt associated with the trigger. The interrupt uses the generic
+iio_trigger_generic_data_rdy_poll() function as its interrupt handler.
+
+Currently the driver initializes some fields of the trigger structure after
+the interrupt has been requested. But an interrupt can fire as soon as it
+has been requested. This opens up a race condition.
+
+iio_trigger_generic_data_rdy_poll() will access the trigger data structure
+and dereference the ops field. If the ops field is not yet initialized this
+will result in a NULL pointer deref.
+
+It is not expected that the device generates an interrupt at this point, so
+typically this issue did not surface unless e.g. due to a hardware
+misconfiguration (wrong interrupt number, wrong polarity, etc.).
+
+But some newer devices from the ADIS family start to generate periodic
+interrupts in their power-on reset configuration and unfortunately the
+interrupt can not be masked in the device. This makes the race condition
+much more visible and the following crash has been observed occasionally
+when booting a system using the ADIS16460.
+
+ Unable to handle kernel NULL pointer dereference at virtual address 00000008
+ pgd = c0004000
+ [00000008] *pgd=00000000
+ Internal error: Oops: 5 [#1] PREEMPT SMP ARM
+ Modules linked in:
+ CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.0-04126-gf9739f0-dirty #257
+ Hardware name: Xilinx Zynq Platform
+ task: ef04f640 task.stack: ef050000
+ PC is at iio_trigger_notify_done+0x30/0x68
+ LR is at iio_trigger_generic_data_rdy_poll+0x18/0x20
+ pc : [<c042d868>] lr : [<c042d924>] psr: 60000193
+ sp : ef051bb8 ip : 00000000 fp : ef106400
+ r10: c081d80a r9 : ef3bfa00 r8 : 00000087
+ r7 : ef051bec r6 : 00000000 r5 : ef3bfa00 r4 : ee92ab00
+ r3 : 00000000 r2 : 00000000 r1 : 00000000 r0 : ee97e400
+ Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none
+ Control: 18c5387d Table: 0000404a DAC: 00000051
+ Process swapper/0 (pid: 1, stack limit = 0xef050210)
+ [<c042d868>] (iio_trigger_notify_done) from [<c0065b10>] (__handle_irq_event_percpu+0x88/0x118)
+ [<c0065b10>] (__handle_irq_event_percpu) from [<c0065bbc>] (handle_irq_event_percpu+0x1c/0x58)
+ [<c0065bbc>] (handle_irq_event_percpu) from [<c0065c30>] (handle_irq_event+0x38/0x5c)
+ [<c0065c30>] (handle_irq_event) from [<c0068e28>] (handle_level_irq+0xa4/0x130)
+ [<c0068e28>] (handle_level_irq) from [<c0064e74>] (generic_handle_irq+0x24/0x34)
+ [<c0064e74>] (generic_handle_irq) from [<c021ab7c>] (zynq_gpio_irqhandler+0xb8/0x13c)
+ [<c021ab7c>] (zynq_gpio_irqhandler) from [<c0064e74>] (generic_handle_irq+0x24/0x34)
+ [<c0064e74>] (generic_handle_irq) from [<c0065370>] (__handle_domain_irq+0x5c/0xb4)
+ [<c0065370>] (__handle_domain_irq) from [<c000940c>] (gic_handle_irq+0x48/0x8c)
+ [<c000940c>] (gic_handle_irq) from [<c0013e8c>] (__irq_svc+0x6c/0xa8)
+
+To fix this make sure that the trigger is fully initialized before
+requesting the interrupt.
+
+Fixes: ccd2b52f4ac6 ("staging:iio: Add common ADIS library")
+Reported-by: Robin Getz <Robin.Getz@analog.com>
+Signed-off-by: Lars-Peter Clausen <lars@metafoo.de>
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iio/imu/adis_trigger.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/drivers/iio/imu/adis_trigger.c
++++ b/drivers/iio/imu/adis_trigger.c
+@@ -47,6 +47,10 @@ int adis_probe_trigger(struct adis *adis
+ if (adis->trig == NULL)
+ return -ENOMEM;
+
++ adis->trig->dev.parent = &adis->spi->dev;
++ adis->trig->ops = &adis_trigger_ops;
++ iio_trigger_set_drvdata(adis->trig, adis);
++
+ ret = request_irq(adis->spi->irq,
+ &iio_trigger_generic_data_rdy_poll,
+ IRQF_TRIGGER_RISING,
+@@ -55,9 +59,6 @@ int adis_probe_trigger(struct adis *adis
+ if (ret)
+ goto error_free_trig;
+
+- adis->trig->dev.parent = &adis->spi->dev;
+- adis->trig->ops = &adis_trigger_ops;
+- iio_trigger_set_drvdata(adis->trig, adis);
+ ret = iio_trigger_register(adis->trig);
+
+ indio_dev->trig = iio_trigger_get(adis->trig);
--- /dev/null
+From 4cd140bda6494543f1c1b0ccceceaa44b676eef6 Mon Sep 17 00:00:00 2001
+From: Stefan Windfeldt-Prytz <stefan.windfeldt@axis.com>
+Date: Thu, 15 Feb 2018 15:02:53 +0100
+Subject: iio: buffer: check if a buffer has been set up when poll is called
+
+From: Stefan Windfeldt-Prytz <stefan.windfeldt@axis.com>
+
+commit 4cd140bda6494543f1c1b0ccceceaa44b676eef6 upstream.
+
+If no iio buffer has been set up and poll is called return 0.
+Without this check there will be a null pointer dereference when
+calling poll on a iio driver without an iio buffer.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Stefan Windfeldt-Prytz <stefan.windfeldt@axis.com>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iio/industrialio-buffer.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/iio/industrialio-buffer.c
++++ b/drivers/iio/industrialio-buffer.c
+@@ -174,7 +174,7 @@ unsigned int iio_buffer_poll(struct file
+ struct iio_dev *indio_dev = filp->private_data;
+ struct iio_buffer *rb = indio_dev->buffer;
+
+- if (!indio_dev->info)
++ if (!indio_dev->info || rb == NULL)
+ return 0;
+
+ poll_wait(filp, &rb->pollq, wait);
--- /dev/null
+From 21ec30c0ef5234fb1039cc7c7737d885bf875a9e Mon Sep 17 00:00:00 2001
+From: Shanker Donthineni <shankerd@codeaurora.org>
+Date: Wed, 31 Jan 2018 18:03:42 -0600
+Subject: irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
+
+From: Shanker Donthineni <shankerd@codeaurora.org>
+
+commit 21ec30c0ef5234fb1039cc7c7737d885bf875a9e upstream.
+
+A DMB instruction can be used to ensure the relative order of only
+memory accesses before and after the barrier. Since writes to system
+registers are not memory operations, barrier DMB is not sufficient
+for observability of memory accesses that occur before ICC_SGI1R_EL1
+writes.
+
+A DSB instruction ensures that no instructions that appear in program
+order after the DSB instruction, can execute until the DSB instruction
+has completed.
+
+Cc: stable@vger.kernel.org
+Acked-by: Will Deacon <will.deacon@arm.com>,
+Signed-off-by: Shanker Donthineni <shankerd@codeaurora.org>
+Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/irqchip/irq-gic-v3.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/irqchip/irq-gic-v3.c
++++ b/drivers/irqchip/irq-gic-v3.c
+@@ -604,7 +604,7 @@ static void gic_raise_softirq(const stru
+ * Ensure that stores to Normal memory are visible to the
+ * other CPUs before issuing the IPI.
+ */
+- smp_wmb();
++ wmb();
+
+ for_each_cpu(cpu, mask) {
+ unsigned long cluster_id = cpu_logical_map(cpu) & ~0xffUL;
--- /dev/null
+From c39813652700f3df552b6557530f1e5f782dbe2f Mon Sep 17 00:00:00 2001
+From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+Date: Tue, 23 Jan 2018 20:11:32 -0600
+Subject: scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
+
+From: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+
+commit c39813652700f3df552b6557530f1e5f782dbe2f upstream.
+
+The fcp_rsp_info structure as defined in the FC spec has an initial 3
+bytes reserved field. The ibmvfc driver mistakenly defined this field as
+4 bytes resulting in the rsp_code field being defined in what should be
+the start of the second reserved field and thus always being reported as
+zero by the driver.
+
+Ideally, we should wire ibmvfc up with libfc for the sake of code
+deduplication, and ease of maintaining standardized structures in a
+single place. However, for now simply fixup the definition in ibmvfc for
+backporting to distros on older kernels. Wiring up with libfc will be
+done in a followup patch.
+
+Cc: <stable@vger.kernel.org>
+Reported-by: Hannes Reinecke <hare@suse.de>
+Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/ibmvscsi/ibmvfc.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/ibmvscsi/ibmvfc.h
++++ b/drivers/scsi/ibmvscsi/ibmvfc.h
+@@ -366,7 +366,7 @@ enum ibmvfc_fcp_rsp_info_codes {
+ };
+
+ struct ibmvfc_fcp_rsp_info {
+- __be16 reserved;
++ u8 reserved[3];
+ u8 rsp_code;
+ u8 reserved2[4];
+ }__attribute__((packed, aligned (2)));
pci-keystone-fix-interrupt-controller-node-lookup.patch
ip_tunnel-replace-dst_cache-with-generic-implementation.patch
ip_tunnel-fix-preempt-warning-in-ip-tunnel-creation-updating.patch
-arm64-mm-don-t-write-garbage-into-ttbr1_el1-register.patch
+xtensa-fix-high-memory-reserved-memory-collision.patch
+scsi-ibmvfc-fix-misdefined-reserved-field-in-ibmvfc_fcp_rsp_info.patch
+cfg80211-fix-cfg80211_beacon_dup.patch
+iio-buffer-check-if-a-buffer-has-been-set-up-when-poll-is-called.patch
+iio-adis_lib-initialize-trigger-before-requesting-interrupt.patch
+x86-oprofile-fix-bogus-gcc-8-warning-in-nmi_setup.patch
+irqchip-gic-v3-use-wmb-instead-of-smb_wmb-in-gic_raise_softirq.patch
+usb-ohci-proper-handling-of-ed_rm_list-to-handle-race-condition-between-usb_kill_urb-and-finish_unlinks.patch
+arm64-disable-unhandled-signal-log-messages-by-default.patch
+add-delay-init-quirk-for-corsair-k70-rgb-keyboards.patch
+drm-edid-add-6-bpc-quirk-for-cpt-panel-in-asus-ux303la.patch
+usb-dwc3-gadget-set-maxpacket-size-for-ep0-in.patch
+usb-ldusb-add-pids-for-new-cassy-devices-supported-by-this-driver.patch
+usb-gadget-f_fs-process-all-descriptors-during-bind.patch
+usb-renesas_usbhs-missed-the-running-flag-in-usb_dmac-with-rx-path.patch
+drm-amdgpu-avoid-leaking-pm-domain-on-driver-unbind-v2.patch
--- /dev/null
+From 6180026341e852a250e1f97ebdcf71684a3c81b9 Mon Sep 17 00:00:00 2001
+From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+Date: Fri, 12 Jan 2018 18:18:05 -0800
+Subject: usb: dwc3: gadget: Set maxpacket size for ep0 IN
+
+From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
+
+commit 6180026341e852a250e1f97ebdcf71684a3c81b9 upstream.
+
+There are 2 control endpoint structures for DWC3. However, the driver
+only updates the OUT direction control endpoint structure during
+ConnectDone event. DWC3 driver needs to update the endpoint max packet
+size for control IN endpoint as well. If the max packet size is not
+properly set, then the driver will incorrectly calculate the data
+transfer size and fail to send ZLP for HS/FS 3-stage control read
+transfer.
+
+The fix is simply to update the max packet size for the ep0 IN direction
+during ConnectDone event.
+
+Cc: stable@vger.kernel.org
+Fixes: 72246da40f37 ("usb: Introduce DesignWare USB3 DRD Driver")
+Signed-off-by: Thinh Nguyen <thinhn@synopsys.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/dwc3/gadget.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/dwc3/gadget.c
++++ b/drivers/usb/dwc3/gadget.c
+@@ -2393,6 +2393,8 @@ static void dwc3_gadget_conndone_interru
+ break;
+ }
+
++ dwc->eps[1]->endpoint.maxpacket = dwc->gadget.ep0->maxpacket;
++
+ /* Enable USB2 LPM Capability */
+
+ if ((dwc->revision > DWC3_REVISION_194A)
--- /dev/null
+From 6cf439e0d37463e42784271179c8a308fd7493c6 Mon Sep 17 00:00:00 2001
+From: Jack Pham <jackp@codeaurora.org>
+Date: Wed, 24 Jan 2018 00:11:53 -0800
+Subject: usb: gadget: f_fs: Process all descriptors during bind
+
+From: Jack Pham <jackp@codeaurora.org>
+
+commit 6cf439e0d37463e42784271179c8a308fd7493c6 upstream.
+
+During _ffs_func_bind(), the received descriptors are evaluated
+to prepare for binding with the gadget in order to allocate
+endpoints and optionally set up OS descriptors. However, the
+high- and super-speed descriptors are only parsed based on
+whether the gadget_is_dualspeed() and gadget_is_superspeed()
+calls are true, respectively.
+
+This is a problem in case a userspace program always provides
+all of the {full,high,super,OS} descriptors when configuring a
+function. Then, for example if a gadget device is not capable
+of SuperSpeed, the call to ffs_do_descs() for the SS descriptors
+is skipped, resulting in an incorrect offset calculation for
+the vla_ptr when moving on to the OS descriptors that follow.
+This causes ffs_do_os_descs() to fail as it is now looking at
+the SS descriptors' offset within the raw_descs buffer instead.
+
+_ffs_func_bind() should evaluate the descriptors unconditionally,
+so remove the checks for gadget speed.
+
+Fixes: f0175ab51993 ("usb: gadget: f_fs: OS descriptors support")
+Cc: stable@vger.kernel.org
+Co-Developed-by: Mayank Rana <mrana@codeaurora.org>
+Signed-off-by: Mayank Rana <mrana@codeaurora.org>
+Signed-off-by: Jack Pham <jackp@codeaurora.org>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/function/f_fs.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/drivers/usb/gadget/function/f_fs.c
++++ b/drivers/usb/gadget/function/f_fs.c
+@@ -2756,10 +2756,8 @@ static int _ffs_func_bind(struct usb_con
+ struct ffs_data *ffs = func->ffs;
+
+ const int full = !!func->ffs->fs_descs_count;
+- const int high = gadget_is_dualspeed(func->gadget) &&
+- func->ffs->hs_descs_count;
+- const int super = gadget_is_superspeed(func->gadget) &&
+- func->ffs->ss_descs_count;
++ const int high = !!func->ffs->hs_descs_count;
++ const int super = !!func->ffs->ss_descs_count;
+
+ int fs_len, hs_len, ss_len, ret, i;
+ struct ffs_ep *eps_ptr;
--- /dev/null
+From 52ad2bd8918158266fc88a05f95429b56b6a33c5 Mon Sep 17 00:00:00 2001
+From: Karsten Koop <kkoop@ld-didactic.de>
+Date: Fri, 9 Feb 2018 09:12:06 +0000
+Subject: usb: ldusb: add PIDs for new CASSY devices supported by this driver
+
+From: Karsten Koop <kkoop@ld-didactic.de>
+
+commit 52ad2bd8918158266fc88a05f95429b56b6a33c5 upstream.
+
+This patch adds support for new CASSY devices to the ldusb driver. The
+PIDs are also added to the ignore list in hid-quirks.
+
+Signed-off-by: Karsten Koop <kkoop@ld-didactic.de>
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/hid/hid-core.c | 3 +++
+ drivers/hid/hid-ids.h | 3 +++
+ drivers/usb/misc/ldusb.c | 6 ++++++
+ 3 files changed, 12 insertions(+)
+
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -2386,6 +2386,9 @@ static const struct hid_device_id hid_ig
+ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYTIME) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYTEMPERATURE) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYPH) },
++ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_POWERANALYSERCASSY) },
++ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_CONVERTERCONTROLLERCASSY) },
++ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MACHINETESTCASSY) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_JWM) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_DMMP) },
+ { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_UMIP) },
+--- a/drivers/hid/hid-ids.h
++++ b/drivers/hid/hid-ids.h
+@@ -570,6 +570,9 @@
+ #define USB_DEVICE_ID_LD_MICROCASSYTIME 0x1033
+ #define USB_DEVICE_ID_LD_MICROCASSYTEMPERATURE 0x1035
+ #define USB_DEVICE_ID_LD_MICROCASSYPH 0x1038
++#define USB_DEVICE_ID_LD_POWERANALYSERCASSY 0x1040
++#define USB_DEVICE_ID_LD_CONVERTERCONTROLLERCASSY 0x1042
++#define USB_DEVICE_ID_LD_MACHINETESTCASSY 0x1043
+ #define USB_DEVICE_ID_LD_JWM 0x1080
+ #define USB_DEVICE_ID_LD_DMMP 0x1081
+ #define USB_DEVICE_ID_LD_UMIP 0x1090
+--- a/drivers/usb/misc/ldusb.c
++++ b/drivers/usb/misc/ldusb.c
+@@ -46,6 +46,9 @@
+ #define USB_DEVICE_ID_LD_MICROCASSYTIME 0x1033 /* USB Product ID of Micro-CASSY Time (reserved) */
+ #define USB_DEVICE_ID_LD_MICROCASSYTEMPERATURE 0x1035 /* USB Product ID of Micro-CASSY Temperature */
+ #define USB_DEVICE_ID_LD_MICROCASSYPH 0x1038 /* USB Product ID of Micro-CASSY pH */
++#define USB_DEVICE_ID_LD_POWERANALYSERCASSY 0x1040 /* USB Product ID of Power Analyser CASSY */
++#define USB_DEVICE_ID_LD_CONVERTERCONTROLLERCASSY 0x1042 /* USB Product ID of Converter Controller CASSY */
++#define USB_DEVICE_ID_LD_MACHINETESTCASSY 0x1043 /* USB Product ID of Machine Test CASSY */
+ #define USB_DEVICE_ID_LD_JWM 0x1080 /* USB Product ID of Joule and Wattmeter */
+ #define USB_DEVICE_ID_LD_DMMP 0x1081 /* USB Product ID of Digital Multimeter P (reserved) */
+ #define USB_DEVICE_ID_LD_UMIP 0x1090 /* USB Product ID of UMI P */
+@@ -88,6 +91,9 @@ static const struct usb_device_id ld_usb
+ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYTIME) },
+ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYTEMPERATURE) },
+ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MICROCASSYPH) },
++ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_POWERANALYSERCASSY) },
++ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_CONVERTERCONTROLLERCASSY) },
++ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MACHINETESTCASSY) },
+ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_JWM) },
+ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_DMMP) },
+ { USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_UMIP) },
--- /dev/null
+From 46408ea558df13b110e0866b99624384a33bdeba Mon Sep 17 00:00:00 2001
+From: AMAN DEEP <aman.deep@samsung.com>
+Date: Thu, 8 Feb 2018 11:55:01 +0800
+Subject: usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks()
+
+From: AMAN DEEP <aman.deep@samsung.com>
+
+commit 46408ea558df13b110e0866b99624384a33bdeba upstream.
+
+There is a race condition between finish_unlinks->finish_urb() function
+and usb_kill_urb() in ohci controller case. The finish_urb calls
+spin_unlock(&ohci->lock) before usb_hcd_giveback_urb() function call,
+then if during this time, usb_kill_urb is called for another endpoint,
+then new ed will be added to ed_rm_list at beginning for unlink, and
+ed_rm_list will point to newly added.
+
+When finish_urb() is completed in finish_unlinks() and ed->td_list
+becomes empty as in below code (in finish_unlinks() function):
+
+ if (list_empty(&ed->td_list)) {
+ *last = ed->ed_next;
+ ed->ed_next = NULL;
+ } else if (ohci->rh_state == OHCI_RH_RUNNING) {
+ *last = ed->ed_next;
+ ed->ed_next = NULL;
+ ed_schedule(ohci, ed);
+ }
+
+The *last = ed->ed_next will make ed_rm_list to point to ed->ed_next
+and previously added ed by usb_kill_urb will be left unreferenced by
+ed_rm_list. This causes usb_kill_urb() hang forever waiting for
+finish_unlink to remove added ed from ed_rm_list.
+
+The main reason for hang in this race condtion is addition and removal
+of ed from ed_rm_list in the beginning during usb_kill_urb and later
+last* is modified in finish_unlinks().
+
+As suggested by Alan Stern, the solution for proper handling of
+ohci->ed_rm_list is to remove ed from the ed_rm_list before finishing
+any URBs. Then at the end, we can add ed back to the list if necessary.
+
+This properly handle the updated ohci->ed_rm_list in usb_kill_urb().
+
+Fixes: 977dcfdc6031 ("USB: OHCI: don't lose track of EDs when a controller dies")
+Acked-by: Alan Stern <stern@rowland.harvard.edu>
+CC: <stable@vger.kernel.org>
+Signed-off-by: Aman Deep <aman.deep@samsung.com>
+Signed-off-by: Jeffy Chen <jeffy.chen@rock-chips.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/host/ohci-q.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+--- a/drivers/usb/host/ohci-q.c
++++ b/drivers/usb/host/ohci-q.c
+@@ -1018,6 +1018,8 @@ skip_ed:
+ * have modified this list. normally it's just prepending
+ * entries (which we'd ignore), but paranoia won't hurt.
+ */
++ *last = ed->ed_next;
++ ed->ed_next = NULL;
+ modified = 0;
+
+ /* unlink urbs as requested, but rescan the list after
+@@ -1076,21 +1078,22 @@ rescan_this:
+ goto rescan_this;
+
+ /*
+- * If no TDs are queued, take ED off the ed_rm_list.
++ * If no TDs are queued, ED is now idle.
+ * Otherwise, if the HC is running, reschedule.
+- * If not, leave it on the list for further dequeues.
++ * If the HC isn't running, add ED back to the
++ * start of the list for later processing.
+ */
+ if (list_empty(&ed->td_list)) {
+- *last = ed->ed_next;
+- ed->ed_next = NULL;
+ ed->state = ED_IDLE;
+ list_del(&ed->in_use_list);
+ } else if (ohci->rh_state == OHCI_RH_RUNNING) {
+- *last = ed->ed_next;
+- ed->ed_next = NULL;
+ ed_schedule(ohci, ed);
+ } else {
+- last = &ed->ed_next;
++ ed->ed_next = ohci->ed_rm_list;
++ ohci->ed_rm_list = ed;
++ /* Don't loop on the same ED */
++ if (last == &ohci->ed_rm_list)
++ last = &ed->ed_next;
+ }
+
+ if (modified)
--- /dev/null
+From 17aa31f13cad25daa19d3f923323f552e87bc874 Mon Sep 17 00:00:00 2001
+From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Date: Mon, 5 Feb 2018 17:12:35 +0900
+Subject: usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
+
+From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+
+commit 17aa31f13cad25daa19d3f923323f552e87bc874 upstream.
+
+This fixes an issue that a gadget driver (usb_f_fs) is possible to
+stop rx transactions after the usb-dmac is used because the following
+functions missed to set/check the "running" flag.
+ - usbhsf_dma_prepare_pop_with_usb_dmac()
+ - usbhsf_dma_pop_done_with_usb_dmac()
+
+So, if next transaction uses pio, the usbhsf_prepare_pop() can not
+start the transaction because the "running" flag is 0.
+
+Fixes: 8355b2b3082d ("usb: renesas_usbhs: fix the behavior of some usbhs_pkt_handle")
+Cc: <stable@vger.kernel.org> # v3.19+
+Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/renesas_usbhs/fifo.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/usb/renesas_usbhs/fifo.c
++++ b/drivers/usb/renesas_usbhs/fifo.c
+@@ -999,6 +999,10 @@ static int usbhsf_dma_prepare_pop_with_u
+ if ((uintptr_t)pkt->buf & (USBHS_USB_DMAC_XFER_SIZE - 1))
+ goto usbhsf_pio_prepare_pop;
+
++ /* return at this time if the pipe is running */
++ if (usbhs_pipe_is_running(pipe))
++ return 0;
++
+ usbhs_pipe_config_change_bfre(pipe, 1);
+
+ ret = usbhsf_fifo_select(pipe, fifo, 0);
+@@ -1189,6 +1193,7 @@ static int usbhsf_dma_pop_done_with_usb_
+ usbhsf_fifo_clear(pipe, fifo);
+ pkt->actual = usbhs_dma_calc_received_size(pkt, chan, rcv_len);
+
++ usbhs_pipe_running(pipe, 0);
+ usbhsf_dma_stop(pipe, fifo);
+ usbhsf_dma_unmap(pkt);
+ usbhsf_fifo_unselect(pipe, pipe->fifo);
--- /dev/null
+From 85c615eb52222bc5fab6c7190d146bc59fac289e Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Tue, 20 Feb 2018 21:58:21 +0100
+Subject: x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 85c615eb52222bc5fab6c7190d146bc59fac289e upstream.
+
+GCC-8 shows a warning for the x86 oprofile code that copies per-CPU
+data from CPU 0 to all other CPUs, which when building a non-SMP
+kernel turns into a memcpy() with identical source and destination
+pointers:
+
+ arch/x86/oprofile/nmi_int.c: In function 'mux_clone':
+ arch/x86/oprofile/nmi_int.c:285:2: error: 'memcpy' source argument is the same as destination [-Werror=restrict]
+ memcpy(per_cpu(cpu_msrs, cpu).multiplex,
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ per_cpu(cpu_msrs, 0).multiplex,
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ sizeof(struct op_msr) * model->num_virt_counters);
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ arch/x86/oprofile/nmi_int.c: In function 'nmi_setup':
+ arch/x86/oprofile/nmi_int.c:466:3: error: 'memcpy' source argument is the same as destination [-Werror=restrict]
+ arch/x86/oprofile/nmi_int.c:470:3: error: 'memcpy' source argument is the same as destination [-Werror=restrict]
+
+I have analyzed a number of such warnings now: some are valid and the
+GCC warning is welcome. Others turned out to be false-positives, and
+GCC was changed to not warn about those any more. This is a corner case
+that is a false-positive but the GCC developers feel it's better to keep
+warning about it.
+
+In this case, it seems best to work around it by telling GCC
+a little more clearly that this code path is never hit with
+an IS_ENABLED() configuration check.
+
+Cc:stable as we also want old kernels to build cleanly with GCC-8.
+
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Cc: Jessica Yu <jeyu@kernel.org>
+Cc: Kees Cook <keescook@chromium.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Martin Sebor <msebor@gcc.gnu.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Robert Richter <rric@kernel.org>
+Cc: Thomas Gleixner <tglx@linutronix.de>
+Cc: oprofile-list@lists.sf.net
+Cc: stable@vger.kernel.org
+Link: http://lkml.kernel.org/r/20180220205826.2008875-1-arnd@arndb.de
+Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84095
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/oprofile/nmi_int.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/oprofile/nmi_int.c
++++ b/arch/x86/oprofile/nmi_int.c
+@@ -471,7 +471,7 @@ static int nmi_setup(void)
+ goto fail;
+
+ for_each_possible_cpu(cpu) {
+- if (!cpu)
++ if (!IS_ENABLED(CONFIG_SMP) || !cpu)
+ continue;
+
+ memcpy(per_cpu(cpu_msrs, cpu).counters,
--- /dev/null
+From 6ac5a11dc674bc5016ea716e8082fff61f524dc1 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Tue, 13 Feb 2018 15:31:05 -0800
+Subject: xtensa: fix high memory/reserved memory collision
+
+From: Max Filippov <jcmvbkbc@gmail.com>
+
+commit 6ac5a11dc674bc5016ea716e8082fff61f524dc1 upstream.
+
+Xtensa memory initialization code frees high memory pages without
+checking whether they are in the reserved memory regions or not. That
+results in invalid value of totalram_pages and duplicate page usage by
+CMA and highmem. It produces a bunch of BUGs at startup looking like
+this:
+
+BUG: Bad page state in process swapper pfn:70800
+page:be60c000 count:0 mapcount:-127 mapping: (null) index:0x1
+flags: 0x80000000()
+raw: 80000000 00000000 00000001 ffffff80 00000000 be60c014 be60c014 0000000a
+page dumped because: nonzero mapcount
+Modules linked in:
+CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.16.0-rc1-00015-g7928b2cbe55b-dirty #23
+Stack:
+ bd839d33 00000000 00000018 ba97b64c a106578c bd839d70 be60c000 00000000
+ a1378054 bd86a000 00000003 ba97b64c a1066166 bd839da0 be60c000 ffe00000
+ a1066b58 bd839dc0 be504000 00000000 000002f4 bd838000 00000000 0000001e
+Call Trace:
+ [<a1065734>] bad_page+0xac/0xd0
+ [<a106578c>] free_pages_check_bad+0x34/0x4c
+ [<a1066166>] __free_pages_ok+0xae/0x14c
+ [<a1066b58>] __free_pages+0x30/0x64
+ [<a1365de5>] init_cma_reserved_pageblock+0x35/0x44
+ [<a13682dc>] cma_init_reserved_areas+0xf4/0x148
+ [<a10034b8>] do_one_initcall+0x80/0xf8
+ [<a1361c16>] kernel_init_freeable+0xda/0x13c
+ [<a125b59d>] kernel_init+0x9/0xd0
+ [<a1004304>] ret_from_kernel_thread+0xc/0x18
+
+Only free high memory pages that are not reserved.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/xtensa/mm/init.c | 70 +++++++++++++++++++++++++++++++++++++++++++++-----
+ 1 file changed, 63 insertions(+), 7 deletions(-)
+
+--- a/arch/xtensa/mm/init.c
++++ b/arch/xtensa/mm/init.c
+@@ -318,19 +318,75 @@ void __init zones_init(void)
+ free_area_init_node(0, zones_size, ARCH_PFN_OFFSET, NULL);
+ }
+
++#ifdef CONFIG_HIGHMEM
++static void __init free_area_high(unsigned long pfn, unsigned long end)
++{
++ for (; pfn < end; pfn++)
++ free_highmem_page(pfn_to_page(pfn));
++}
++
++static void __init free_highpages(void)
++{
++ unsigned long max_low = max_low_pfn;
++ struct memblock_region *mem, *res;
++
++ reset_all_zones_managed_pages();
++ /* set highmem page free */
++ for_each_memblock(memory, mem) {
++ unsigned long start = memblock_region_memory_base_pfn(mem);
++ unsigned long end = memblock_region_memory_end_pfn(mem);
++
++ /* Ignore complete lowmem entries */
++ if (end <= max_low)
++ continue;
++
++ if (memblock_is_nomap(mem))
++ continue;
++
++ /* Truncate partial highmem entries */
++ if (start < max_low)
++ start = max_low;
++
++ /* Find and exclude any reserved regions */
++ for_each_memblock(reserved, res) {
++ unsigned long res_start, res_end;
++
++ res_start = memblock_region_reserved_base_pfn(res);
++ res_end = memblock_region_reserved_end_pfn(res);
++
++ if (res_end < start)
++ continue;
++ if (res_start < start)
++ res_start = start;
++ if (res_start > end)
++ res_start = end;
++ if (res_end > end)
++ res_end = end;
++ if (res_start != start)
++ free_area_high(start, res_start);
++ start = res_end;
++ if (start == end)
++ break;
++ }
++
++ /* And now free anything which remains */
++ if (start < end)
++ free_area_high(start, end);
++ }
++}
++#else
++static void __init free_highpages(void)
++{
++}
++#endif
++
+ /*
+ * Initialize memory pages.
+ */
+
+ void __init mem_init(void)
+ {
+-#ifdef CONFIG_HIGHMEM
+- unsigned long tmp;
+-
+- reset_all_zones_managed_pages();
+- for (tmp = max_low_pfn; tmp < max_pfn; tmp++)
+- free_highmem_page(pfn_to_page(tmp));
+-#endif
++ free_highpages();
+
+ max_mapnr = max_pfn - ARCH_PFN_OFFSET;
+ high_memory = (void *)__va(max_low_pfn << PAGE_SHIFT);
projects / thirdparty / kernel / stable-queue.git / commitdiff
