--- /dev/null
+From ee0761d1d8222bcc5c86bf10849dc86cf008557c Mon Sep 17 00:00:00 2001
+From: Tong Zhang <ztong0001@gmail.com>
+Date: Mon, 24 Aug 2020 18:45:41 -0400
+Subject: ALSA: ca0106: fix error code handling
+
+From: Tong Zhang <ztong0001@gmail.com>
+
+commit ee0761d1d8222bcc5c86bf10849dc86cf008557c upstream.
+
+snd_ca0106_spi_write() returns 1 on error, snd_ca0106_pcm_power_dac()
+is returning the error code directly, and the caller is expecting an
+negative error code
+
+Signed-off-by: Tong Zhang <ztong0001@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200824224541.1260307-1-ztong0001@gmail.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/ca0106/ca0106_main.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/sound/pci/ca0106/ca0106_main.c
++++ b/sound/pci/ca0106/ca0106_main.c
+@@ -551,7 +551,8 @@ static int snd_ca0106_pcm_power_dac(stru
+ else
+ /* Power down */
+ chip->spi_dac_reg[reg] |= bit;
+- return snd_ca0106_spi_write(chip, chip->spi_dac_reg[reg]);
++ if (snd_ca0106_spi_write(chip, chip->spi_dac_reg[reg]) != 0)
++ return -ENXIO;
+ }
+ return 0;
+ }
--- /dev/null
+From acd46a6b6de88569654567810acad2b0a0a25cea Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Sun, 23 Aug 2020 16:55:45 +0900
+Subject: ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit acd46a6b6de88569654567810acad2b0a0a25cea upstream.
+
+Avid Adrenaline is reported that ALSA firewire-digi00x driver is bound to.
+However, as long as he investigated, the design of this model is hardly
+similar to the one of Digi 00x family. It's better to exclude the model
+from modalias of ALSA firewire-digi00x driver.
+
+This commit changes device entries so that the model is excluded.
+
+$ python3 crpp < ~/git/am-config-rom/misc/avid-adrenaline.img
+ ROM header and bus information block
+ -----------------------------------------------------------------
+400 04203a9c bus_info_length 4, crc_length 32, crc 15004
+404 31333934 bus_name "1394"
+408 e064a002 irmc 1, cmc 1, isc 1, bmc 0, cyc_clk_acc 100, max_rec 10 (2048)
+40c 00a07e01 company_id 00a07e |
+410 00085257 device_id 0100085257 | EUI-64 00a07e0100085257
+
+ root directory
+ -----------------------------------------------------------------
+414 0005d08c directory_length 5, crc 53388
+418 0300a07e vendor
+41c 8100000c --> descriptor leaf at 44c
+420 0c008380 node capabilities
+424 8d000002 --> eui-64 leaf at 42c
+428 d1000004 --> unit directory at 438
+
+ eui-64 leaf at 42c
+ -----------------------------------------------------------------
+42c 0002410f leaf_length 2, crc 16655
+430 00a07e01 company_id 00a07e |
+434 00085257 device_id 0100085257 | EUI-64 00a07e0100085257
+
+ unit directory at 438
+ -----------------------------------------------------------------
+438 0004d6c9 directory_length 4, crc 54985
+43c 1200a02d specifier id: 1394 TA
+440 13014001 version: Vender Unique and AV/C
+444 17000001 model
+448 81000009 --> descriptor leaf at 46c
+
+ descriptor leaf at 44c
+ -----------------------------------------------------------------
+44c 00077205 leaf_length 7, crc 29189
+450 00000000 textual descriptor
+454 00000000 minimal ASCII
+458 41766964 "Avid"
+45c 20546563 " Tec"
+460 686e6f6c "hnol"
+464 6f677900 "ogy"
+468 00000000
+
+ descriptor leaf at 46c
+ -----------------------------------------------------------------
+46c 000599a5 leaf_length 5, crc 39333
+470 00000000 textual descriptor
+474 00000000 minimal ASCII
+478 41647265 "Adre"
+47c 6e616c69 "nali"
+480 6e650000 "ne"
+
+Reported-by: Simon Wood <simon@mungewell.org>
+Fixes: 9edf723fd858 ("ALSA: firewire-digi00x: add skeleton for Digi 002/003 family")
+Cc: <stable@vger.kernel.org> # 4.4+
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Link: https://lore.kernel.org/r/20200823075545.56305-1-o-takashi@sakamocchi.jp
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/firewire/digi00x/digi00x.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/sound/firewire/digi00x/digi00x.c
++++ b/sound/firewire/digi00x/digi00x.c
+@@ -15,6 +15,7 @@ MODULE_LICENSE("GPL v2");
+ #define VENDOR_DIGIDESIGN 0x00a07e
+ #define MODEL_CONSOLE 0x000001
+ #define MODEL_RACK 0x000002
++#define SPEC_VERSION 0x000001
+
+ static int name_card(struct snd_dg00x *dg00x)
+ {
+@@ -185,14 +186,18 @@ static const struct ieee1394_device_id s
+ /* Both of 002/003 use the same ID. */
+ {
+ .match_flags = IEEE1394_MATCH_VENDOR_ID |
++ IEEE1394_MATCH_VERSION |
+ IEEE1394_MATCH_MODEL_ID,
+ .vendor_id = VENDOR_DIGIDESIGN,
++ .version = SPEC_VERSION,
+ .model_id = MODEL_CONSOLE,
+ },
+ {
+ .match_flags = IEEE1394_MATCH_VENDOR_ID |
++ IEEE1394_MATCH_VERSION |
+ IEEE1394_MATCH_MODEL_ID,
+ .vendor_id = VENDOR_DIGIDESIGN,
++ .version = SPEC_VERSION,
+ .model_id = MODEL_RACK,
+ },
+ {}
--- /dev/null
+From 949a1ebe8cea7b342085cb6a4946b498306b9493 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 1 Sep 2020 15:18:02 +0200
+Subject: ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 949a1ebe8cea7b342085cb6a4946b498306b9493 upstream.
+
+The PCM OSS mulaw plugin has a check of the format of the counter part
+whether it's a linear format. The check is with snd_BUG_ON() that
+emits WARN_ON() when the debug config is set, and it confuses
+syzkaller as if it were a serious issue. Let's drop snd_BUG_ON() for
+avoiding that.
+
+While we're at it, correct the error code to a more suitable, EINVAL.
+
+Reported-by: syzbot+23b22dc2e0b81cbfcc95@syzkaller.appspotmail.com
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20200901131802.18157-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/core/oss/mulaw.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/core/oss/mulaw.c
++++ b/sound/core/oss/mulaw.c
+@@ -329,8 +329,8 @@ int snd_pcm_plugin_build_mulaw(struct sn
+ snd_BUG();
+ return -EINVAL;
+ }
+- if (snd_BUG_ON(!snd_pcm_format_linear(format->format)))
+- return -ENXIO;
++ if (!snd_pcm_format_linear(format->format))
++ return -EINVAL;
+
+ err = snd_pcm_plugin_build(plug, "Mu-Law<->linear conversion",
+ src_format, dst_format,
--- /dev/null
+From 7e24969022cbd61ddc586f14824fc205661bb124 Mon Sep 17 00:00:00 2001
+From: Ming Lei <ming.lei@redhat.com>
+Date: Mon, 17 Aug 2020 18:00:55 +0800
+Subject: block: allow for_each_bvec to support zero len bvec
+
+From: Ming Lei <ming.lei@redhat.com>
+
+commit 7e24969022cbd61ddc586f14824fc205661bb124 upstream.
+
+Block layer usually doesn't support or allow zero-length bvec. Since
+commit 1bdc76aea115 ("iov_iter: use bvec iterator to implement
+iterate_bvec()"), iterate_bvec() switches to bvec iterator. However,
+Al mentioned that 'Zero-length segments are not disallowed' in iov_iter.
+
+Fixes for_each_bvec() so that it can move on after seeing one zero
+length bvec.
+
+Fixes: 1bdc76aea115 ("iov_iter: use bvec iterator to implement iterate_bvec()")
+Reported-by: syzbot <syzbot+61acc40a49a3e46e25ea@syzkaller.appspotmail.com>
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Tested-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: <stable@vger.kernel.org>
+Link: https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2262077.html
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/bvec.h | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/include/linux/bvec.h
++++ b/include/linux/bvec.h
+@@ -88,10 +88,17 @@ static inline void bvec_iter_advance(con
+ }
+ }
+
++static inline void bvec_iter_skip_zero_bvec(struct bvec_iter *iter)
++{
++ iter->bi_bvec_done = 0;
++ iter->bi_idx++;
++}
++
+ #define for_each_bvec(bvl, bio_vec, iter, start) \
+ for (iter = (start); \
+ (iter).bi_size && \
+ ((bvl = bvec_iter_bvec((bio_vec), (iter))), 1); \
+- bvec_iter_advance((bio_vec), &(iter), (bvl).bv_len))
++ (bvl).bv_len ? (void)bvec_iter_advance((bio_vec), &(iter), \
++ (bvl).bv_len) : bvec_iter_skip_zero_bvec(&(iter)))
+
+ #endif /* __LINUX_BVEC_ITER_H */
--- /dev/null
+From 233bde21aa43516baa013ef7ac33f3427056db3e Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Wed, 14 Mar 2018 15:48:06 -0700
+Subject: block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
+
+From: Bart Van Assche <bart.vanassche@wdc.com>
+
+commit 233bde21aa43516baa013ef7ac33f3427056db3e upstream.
+
+It happens often while I'm preparing a patch for a block driver that
+I'm wondering: is a definition of SECTOR_SIZE and/or SECTOR_SHIFT
+available for this driver? Do I have to introduce definitions of these
+constants before I can use these constants? To avoid this confusion,
+move the existing definitions of SECTOR_SIZE and SECTOR_SHIFT into the
+<linux/blkdev.h> header file such that these become available for all
+block drivers. Make the SECTOR_SIZE definition in the uapi msdos_fs.h
+header file conditional to avoid that including that header file after
+<linux/blkdev.h> causes the compiler to complain about a SECTOR_SIZE
+redefinition.
+
+Note: the SECTOR_SIZE / SECTOR_SHIFT / SECTOR_BITS definitions have
+not been removed from uapi header files nor from NAND drivers in
+which these constants are used for another purpose than converting
+block layer offsets and sizes into a number of sectors.
+
+Cc: David S. Miller <davem@davemloft.net>
+Cc: Mike Snitzer <snitzer@redhat.com>
+Cc: Dan Williams <dan.j.williams@intel.com>
+Cc: Minchan Kim <minchan@kernel.org>
+Cc: Nitin Gupta <ngupta@vflare.org>
+Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
+Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/xtensa/platforms/iss/simdisk.c | 1
+ drivers/block/brd.c | 1
+ drivers/block/rbd.c | 9 -------
+ drivers/block/zram/zram_drv.h | 1
+ drivers/ide/ide-cd.c | 8 +++---
+ drivers/ide/ide-cd.h | 6 -----
+ drivers/nvdimm/nd.h | 1
+ drivers/scsi/gdth.h | 3 --
+ include/linux/blkdev.h | 42 ++++++++++++++++++++++++++----------
+ include/linux/device-mapper.h | 2 -
+ include/linux/ide.h | 1
+ include/uapi/linux/msdos_fs.h | 2 +
+ 12 files changed, 38 insertions(+), 39 deletions(-)
+
+--- a/arch/xtensa/platforms/iss/simdisk.c
++++ b/arch/xtensa/platforms/iss/simdisk.c
+@@ -21,7 +21,6 @@
+ #include <platform/simcall.h>
+
+ #define SIMDISK_MAJOR 240
+-#define SECTOR_SHIFT 9
+ #define SIMDISK_MINORS 1
+ #define MAX_SIMDISK_COUNT 10
+
+--- a/drivers/block/brd.c
++++ b/drivers/block/brd.c
+@@ -25,7 +25,6 @@
+
+ #include <asm/uaccess.h>
+
+-#define SECTOR_SHIFT 9
+ #define PAGE_SECTORS_SHIFT (PAGE_SHIFT - SECTOR_SHIFT)
+ #define PAGE_SECTORS (1 << PAGE_SECTORS_SHIFT)
+
+--- a/drivers/block/rbd.c
++++ b/drivers/block/rbd.c
+@@ -51,15 +51,6 @@
+ #define RBD_DEBUG /* Activate rbd_assert() calls */
+
+ /*
+- * The basic unit of block I/O is a sector. It is interpreted in a
+- * number of contexts in Linux (blk, bio, genhd), but the default is
+- * universally 512 bytes. These symbols are just slightly more
+- * meaningful than the bare numbers they represent.
+- */
+-#define SECTOR_SHIFT 9
+-#define SECTOR_SIZE (1ULL << SECTOR_SHIFT)
+-
+-/*
+ * Increment the given counter and return its updated value.
+ * If the counter is already 0 it will not be incremented.
+ * If the counter is already at its maximum value returns
+--- a/drivers/block/zram/zram_drv.h
++++ b/drivers/block/zram/zram_drv.h
+@@ -37,7 +37,6 @@ static const size_t max_zpage_size = PAG
+
+ /*-- End of configurable params */
+
+-#define SECTOR_SHIFT 9
+ #define SECTORS_PER_PAGE_SHIFT (PAGE_SHIFT - SECTOR_SHIFT)
+ #define SECTORS_PER_PAGE (1 << SECTORS_PER_PAGE_SHIFT)
+ #define ZRAM_LOGICAL_BLOCK_SHIFT 12
+--- a/drivers/ide/ide-cd.c
++++ b/drivers/ide/ide-cd.c
+@@ -704,7 +704,7 @@ static ide_startstop_t cdrom_start_rw(id
+ struct request_queue *q = drive->queue;
+ int write = rq_data_dir(rq) == WRITE;
+ unsigned short sectors_per_frame =
+- queue_logical_block_size(q) >> SECTOR_BITS;
++ queue_logical_block_size(q) >> SECTOR_SHIFT;
+
+ ide_debug_log(IDE_DBG_RQ, "rq->cmd[0]: 0x%x, rq->cmd_flags: 0x%x, "
+ "secs_per_frame: %u",
+@@ -900,7 +900,7 @@ static int cdrom_read_capacity(ide_drive
+ * end up being bogus.
+ */
+ blocklen = be32_to_cpu(capbuf.blocklen);
+- blocklen = (blocklen >> SECTOR_BITS) << SECTOR_BITS;
++ blocklen = (blocklen >> SECTOR_SHIFT) << SECTOR_SHIFT;
+ switch (blocklen) {
+ case 512:
+ case 1024:
+@@ -916,7 +916,7 @@ static int cdrom_read_capacity(ide_drive
+ }
+
+ *capacity = 1 + be32_to_cpu(capbuf.lba);
+- *sectors_per_frame = blocklen >> SECTOR_BITS;
++ *sectors_per_frame = blocklen >> SECTOR_SHIFT;
+
+ ide_debug_log(IDE_DBG_PROBE, "cap: %lu, sectors_per_frame: %lu",
+ *capacity, *sectors_per_frame);
+@@ -993,7 +993,7 @@ int ide_cd_read_toc(ide_drive_t *drive,
+ drive->probed_capacity = toc->capacity * sectors_per_frame;
+
+ blk_queue_logical_block_size(drive->queue,
+- sectors_per_frame << SECTOR_BITS);
++ sectors_per_frame << SECTOR_SHIFT);
+
+ /* first read just the header, so we know how long the TOC is */
+ stat = cdrom_read_tocentry(drive, 0, 1, 0, (char *) &toc->hdr,
+--- a/drivers/ide/ide-cd.h
++++ b/drivers/ide/ide-cd.h
+@@ -20,11 +20,7 @@
+
+ /************************************************************************/
+
+-#define SECTOR_BITS 9
+-#ifndef SECTOR_SIZE
+-#define SECTOR_SIZE (1 << SECTOR_BITS)
+-#endif
+-#define SECTORS_PER_FRAME (CD_FRAMESIZE >> SECTOR_BITS)
++#define SECTORS_PER_FRAME (CD_FRAMESIZE >> SECTOR_SHIFT)
+ #define SECTOR_BUFFER_SIZE (CD_FRAMESIZE * 32)
+
+ /* Capabilities Page size including 8 bytes of Mode Page Header */
+--- a/drivers/nvdimm/nd.h
++++ b/drivers/nvdimm/nd.h
+@@ -29,7 +29,6 @@ enum {
+ * BTT instance
+ */
+ ND_MAX_LANES = 256,
+- SECTOR_SHIFT = 9,
+ INT_LBASIZE_ALIGNMENT = 64,
+ };
+
+--- a/drivers/scsi/gdth.h
++++ b/drivers/scsi/gdth.h
+@@ -177,9 +177,6 @@
+ #define MSG_SIZE 34 /* size of message structure */
+ #define MSG_REQUEST 0 /* async. event: message */
+
+-/* cacheservice defines */
+-#define SECTOR_SIZE 0x200 /* always 512 bytes per sec. */
+-
+ /* DPMEM constants */
+ #define DPMEM_MAGIC 0xC0FFEE11
+ #define IC_HEADER_BYTES 48
+--- a/include/linux/blkdev.h
++++ b/include/linux/blkdev.h
+@@ -851,6 +851,19 @@ static inline struct request_queue *bdev
+ }
+
+ /*
++ * The basic unit of block I/O is a sector. It is used in a number of contexts
++ * in Linux (blk, bio, genhd). The size of one sector is 512 = 2**9
++ * bytes. Variables of type sector_t represent an offset or size that is a
++ * multiple of 512 bytes. Hence these two constants.
++ */
++#ifndef SECTOR_SHIFT
++#define SECTOR_SHIFT 9
++#endif
++#ifndef SECTOR_SIZE
++#define SECTOR_SIZE (1 << SECTOR_SHIFT)
++#endif
++
++/*
+ * blk_rq_pos() : the current sector
+ * blk_rq_bytes() : bytes left in the entire request
+ * blk_rq_cur_bytes() : bytes left in the current segment
+@@ -877,19 +890,20 @@ extern unsigned int blk_rq_err_bytes(con
+
+ static inline unsigned int blk_rq_sectors(const struct request *rq)
+ {
+- return blk_rq_bytes(rq) >> 9;
++ return blk_rq_bytes(rq) >> SECTOR_SHIFT;
+ }
+
+ static inline unsigned int blk_rq_cur_sectors(const struct request *rq)
+ {
+- return blk_rq_cur_bytes(rq) >> 9;
++ return blk_rq_cur_bytes(rq) >> SECTOR_SHIFT;
+ }
+
+ static inline unsigned int blk_queue_get_max_sectors(struct request_queue *q,
+ int op)
+ {
+ if (unlikely(op == REQ_OP_DISCARD || op == REQ_OP_SECURE_ERASE))
+- return min(q->limits.max_discard_sectors, UINT_MAX >> 9);
++ return min(q->limits.max_discard_sectors,
++ UINT_MAX >> SECTOR_SHIFT);
+
+ if (unlikely(op == REQ_OP_WRITE_SAME))
+ return q->limits.max_write_same_sectors;
+@@ -1162,16 +1176,21 @@ extern int blkdev_issue_zeroout(struct b
+ static inline int sb_issue_discard(struct super_block *sb, sector_t block,
+ sector_t nr_blocks, gfp_t gfp_mask, unsigned long flags)
+ {
+- return blkdev_issue_discard(sb->s_bdev, block << (sb->s_blocksize_bits - 9),
+- nr_blocks << (sb->s_blocksize_bits - 9),
++ return blkdev_issue_discard(sb->s_bdev,
++ block << (sb->s_blocksize_bits -
++ SECTOR_SHIFT),
++ nr_blocks << (sb->s_blocksize_bits -
++ SECTOR_SHIFT),
+ gfp_mask, flags);
+ }
+ static inline int sb_issue_zeroout(struct super_block *sb, sector_t block,
+ sector_t nr_blocks, gfp_t gfp_mask)
+ {
+ return blkdev_issue_zeroout(sb->s_bdev,
+- block << (sb->s_blocksize_bits - 9),
+- nr_blocks << (sb->s_blocksize_bits - 9),
++ block << (sb->s_blocksize_bits -
++ SECTOR_SHIFT),
++ nr_blocks << (sb->s_blocksize_bits -
++ SECTOR_SHIFT),
+ gfp_mask, true);
+ }
+
+@@ -1278,7 +1297,8 @@ static inline int queue_alignment_offset
+ static inline int queue_limit_alignment_offset(struct queue_limits *lim, sector_t sector)
+ {
+ unsigned int granularity = max(lim->physical_block_size, lim->io_min);
+- unsigned int alignment = sector_div(sector, granularity >> 9) << 9;
++ unsigned int alignment = sector_div(sector, granularity >> SECTOR_SHIFT)
++ << SECTOR_SHIFT;
+
+ return (granularity + lim->alignment_offset - alignment) % granularity;
+ }
+@@ -1312,8 +1332,8 @@ static inline int queue_limit_discard_al
+ return 0;
+
+ /* Why are these in bytes, not sectors? */
+- alignment = lim->discard_alignment >> 9;
+- granularity = lim->discard_granularity >> 9;
++ alignment = lim->discard_alignment >> SECTOR_SHIFT;
++ granularity = lim->discard_granularity >> SECTOR_SHIFT;
+ if (!granularity)
+ return 0;
+
+@@ -1324,7 +1344,7 @@ static inline int queue_limit_discard_al
+ offset = (granularity + alignment - offset) % granularity;
+
+ /* Turn it back into bytes, gaah */
+- return offset << 9;
++ return offset << SECTOR_SHIFT;
+ }
+
+ static inline int bdev_discard_alignment(struct block_device *bdev)
+--- a/include/linux/device-mapper.h
++++ b/include/linux/device-mapper.h
+@@ -576,8 +576,6 @@ extern struct ratelimit_state dm_ratelim
+ #define DMEMIT(x...) sz += ((sz >= maxlen) ? \
+ 0 : scnprintf(result + sz, maxlen - sz, x))
+
+-#define SECTOR_SHIFT 9
+-
+ /*
+ * Definitions of return values from target end_io function.
+ */
+--- a/include/linux/ide.h
++++ b/include/linux/ide.h
+@@ -128,7 +128,6 @@ struct ide_io_ports {
+ */
+ #define PARTN_BITS 6 /* number of minor dev bits for partitions */
+ #define MAX_DRIVES 2 /* per interface; 2 assumed by lots of code */
+-#define SECTOR_SIZE 512
+
+ /*
+ * Timeouts for various operations:
+--- a/include/uapi/linux/msdos_fs.h
++++ b/include/uapi/linux/msdos_fs.h
+@@ -9,7 +9,9 @@
+ * The MS-DOS filesystem constants/structures
+ */
+
++#ifndef SECTOR_SIZE
+ #define SECTOR_SIZE 512 /* sector size (bytes) */
++#endif
+ #define SECTOR_BITS 9 /* log2(SECTOR_SIZE) */
+ #define MSDOS_DPB (MSDOS_DPS) /* dir entries per block */
+ #define MSDOS_DPB_BITS 4 /* log2(MSDOS_DPB) */
--- /dev/null
+From d16ff19e69ab57e08bf908faaacbceaf660249de Mon Sep 17 00:00:00 2001
+From: Ye Bin <yebin10@huawei.com>
+Date: Tue, 1 Sep 2020 14:25:42 +0800
+Subject: dm cache metadata: Avoid returning cmd->bm wild pointer on error
+
+From: Ye Bin <yebin10@huawei.com>
+
+commit d16ff19e69ab57e08bf908faaacbceaf660249de upstream.
+
+Maybe __create_persistent_data_objects() caller will use PTR_ERR as a
+pointer, it will lead to some strange things.
+
+Signed-off-by: Ye Bin <yebin10@huawei.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/dm-cache-metadata.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/md/dm-cache-metadata.c
++++ b/drivers/md/dm-cache-metadata.c
+@@ -508,12 +508,16 @@ static int __create_persistent_data_obje
+ CACHE_MAX_CONCURRENT_LOCKS);
+ if (IS_ERR(cmd->bm)) {
+ DMERR("could not create block manager");
+- return PTR_ERR(cmd->bm);
++ r = PTR_ERR(cmd->bm);
++ cmd->bm = NULL;
++ return r;
+ }
+
+ r = __open_or_format_metadata(cmd, may_format_device);
+- if (r)
++ if (r) {
+ dm_block_manager_destroy(cmd->bm);
++ cmd->bm = NULL;
++ }
+
+ return r;
+ }
--- /dev/null
+From 219403d7e56f9b716ad80ab87db85d29547ee73e Mon Sep 17 00:00:00 2001
+From: Ye Bin <yebin10@huawei.com>
+Date: Tue, 1 Sep 2020 14:25:43 +0800
+Subject: dm thin metadata: Avoid returning cmd->bm wild pointer on error
+
+From: Ye Bin <yebin10@huawei.com>
+
+commit 219403d7e56f9b716ad80ab87db85d29547ee73e upstream.
+
+Maybe __create_persistent_data_objects() caller will use PTR_ERR as a
+pointer, it will lead to some strange things.
+
+Signed-off-by: Ye Bin <yebin10@huawei.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/md/dm-thin-metadata.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/md/dm-thin-metadata.c
++++ b/drivers/md/dm-thin-metadata.c
+@@ -700,12 +700,16 @@ static int __create_persistent_data_obje
+ THIN_MAX_CONCURRENT_LOCKS);
+ if (IS_ERR(pmd->bm)) {
+ DMERR("could not create block manager");
+- return PTR_ERR(pmd->bm);
++ r = PTR_ERR(pmd->bm);
++ pmd->bm = NULL;
++ return r;
+ }
+
+ r = __open_or_format_metadata(pmd, format_device);
+- if (r)
++ if (r) {
+ dm_block_manager_destroy(pmd->bm);
++ pmd->bm = NULL;
++ }
+
+ return r;
+ }
--- /dev/null
+From 3b5455636fe26ea21b4189d135a424a6da016418 Mon Sep 17 00:00:00 2001
+From: Tejun Heo <tj@kernel.org>
+Date: Wed, 2 Sep 2020 12:32:45 -0400
+Subject: libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks
+
+From: Tejun Heo <tj@kernel.org>
+
+commit 3b5455636fe26ea21b4189d135a424a6da016418 upstream.
+
+All three generations of Sandisk SSDs lock up hard intermittently.
+Experiments showed that disabling NCQ lowered the failure rate significantly
+and the kernel has been disabling NCQ for some models of SD7's and 8's,
+which is obviously undesirable.
+
+Karthik worked with Sandisk to root cause the hard lockups to trim commands
+larger than 128M. This patch implements ATA_HORKAGE_MAX_TRIM_128M which
+limits max trim size to 128M and applies it to all three generations of
+Sandisk SSDs.
+
+Signed-off-by: Tejun Heo <tj@kernel.org>
+Cc: Karthik Shivaram <karthikgs@fb.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/ata/libata-core.c | 5 ++---
+ drivers/ata/libata-scsi.c | 8 +++++++-
+ include/linux/libata.h | 1 +
+ 3 files changed, 10 insertions(+), 4 deletions(-)
+
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4371,9 +4371,8 @@ static const struct ata_blacklist_entry
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=15573 */
+ { "C300-CTFDDAC128MAG", "0001", ATA_HORKAGE_NONCQ, },
+
+- /* Some Sandisk SSDs lock up hard with NCQ enabled. Reported on
+- SD7SN6S256G and SD8SN8U256G */
+- { "SanDisk SD[78]SN*G", NULL, ATA_HORKAGE_NONCQ, },
++ /* Sandisk SD7/8/9s lock up hard on large trims */
++ { "SanDisk SD[789]*", NULL, ATA_HORKAGE_MAX_TRIM_128M, },
+
+ /* devices which puke on READ_NATIVE_MAX */
+ { "HDS724040KLSA80", "KFAOA20N", ATA_HORKAGE_BROKEN_HPA, },
+--- a/drivers/ata/libata-scsi.c
++++ b/drivers/ata/libata-scsi.c
+@@ -2314,6 +2314,7 @@ static unsigned int ata_scsiop_inq_89(st
+
+ static unsigned int ata_scsiop_inq_b0(struct ata_scsi_args *args, u8 *rbuf)
+ {
++ struct ata_device *dev = args->dev;
+ u16 min_io_sectors;
+
+ rbuf[1] = 0xb0;
+@@ -2339,7 +2340,12 @@ static unsigned int ata_scsiop_inq_b0(st
+ * with the unmap bit set.
+ */
+ if (ata_id_has_trim(args->id)) {
+- put_unaligned_be64(65535 * ATA_MAX_TRIM_RNUM, &rbuf[36]);
++ u64 max_blocks = 65535 * ATA_MAX_TRIM_RNUM;
++
++ if (dev->horkage & ATA_HORKAGE_MAX_TRIM_128M)
++ max_blocks = 128 << (20 - SECTOR_SHIFT);
++
++ put_unaligned_be64(max_blocks, &rbuf[36]);
+ put_unaligned_be32(1, &rbuf[28]);
+ }
+
+--- a/include/linux/libata.h
++++ b/include/linux/libata.h
+@@ -435,6 +435,7 @@ enum {
+ ATA_HORKAGE_NO_NCQ_LOG = (1 << 23), /* don't use NCQ for log read */
+ ATA_HORKAGE_NOTRIM = (1 << 24), /* don't use TRIM */
+ ATA_HORKAGE_MAX_SEC_1024 = (1 << 25), /* Limit max sects to 1024 */
++ ATA_HORKAGE_MAX_TRIM_128M = (1 << 26), /* Limit max trim size to 128M */
+
+ /* DMA mask for user DMA control: User visible values; DO NOT
+ renumber */
--- /dev/null
+From dc07a728d49cf025f5da2c31add438d839d076c0 Mon Sep 17 00:00:00 2001
+From: Eugeniu Rosca <erosca@de.adit-jv.com>
+Date: Fri, 4 Sep 2020 16:35:30 -0700
+Subject: mm: slub: fix conversion of freelist_corrupted()
+
+From: Eugeniu Rosca <erosca@de.adit-jv.com>
+
+commit dc07a728d49cf025f5da2c31add438d839d076c0 upstream.
+
+Commit 52f23478081ae0 ("mm/slub.c: fix corrupted freechain in
+deactivate_slab()") suffered an update when picked up from LKML [1].
+
+Specifically, relocating 'freelist = NULL' into 'freelist_corrupted()'
+created a no-op statement. Fix it by sticking to the behavior intended
+in the original patch [1]. In addition, make freelist_corrupted()
+immune to passing NULL instead of &freelist.
+
+The issue has been spotted via static analysis and code review.
+
+[1] https://lore.kernel.org/linux-mm/20200331031450.12182-1-dongli.zhang@oracle.com/
+
+Fixes: 52f23478081ae0 ("mm/slub.c: fix corrupted freechain in deactivate_slab()")
+Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Dongli Zhang <dongli.zhang@oracle.com>
+Cc: Joe Jin <joe.jin@oracle.com>
+Cc: Christoph Lameter <cl@linux.com>
+Cc: Pekka Enberg <penberg@kernel.org>
+Cc: David Rientjes <rientjes@google.com>
+Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lkml.kernel.org/r/20200824130643.10291-1-erosca@de.adit-jv.com
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ mm/slub.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -625,12 +625,12 @@ static void slab_fix(struct kmem_cache *
+ }
+
+ static bool freelist_corrupted(struct kmem_cache *s, struct page *page,
+- void *freelist, void *nextfree)
++ void **freelist, void *nextfree)
+ {
+ if ((s->flags & SLAB_CONSISTENCY_CHECKS) &&
+- !check_valid_pointer(s, page, nextfree)) {
+- object_err(s, page, freelist, "Freechain corrupt");
+- freelist = NULL;
++ !check_valid_pointer(s, page, nextfree) && freelist) {
++ object_err(s, page, *freelist, "Freechain corrupt");
++ *freelist = NULL;
+ slab_fix(s, "Isolate corrupted freechain");
+ return true;
+ }
+@@ -1320,7 +1320,7 @@ static inline void dec_slabs_node(struct
+ int objects) {}
+
+ static bool freelist_corrupted(struct kmem_cache *s, struct page *page,
+- void *freelist, void *nextfree)
++ void **freelist, void *nextfree)
+ {
+ return false;
+ }
+@@ -2040,7 +2040,7 @@ static void deactivate_slab(struct kmem_
+ * 'freelist' is already corrupted. So isolate all objects
+ * starting at 'freelist'.
+ */
+- if (freelist_corrupted(s, page, freelist, nextfree))
++ if (freelist_corrupted(s, page, &freelist, nextfree))
+ break;
+
+ do {
drivers-net-usb-qmi_wwan-add-qmi_quirk_set_dtr-for-t.patch
qmi_wwan-new-telewell-and-sierra-device-ids.patch
usb-qmi_wwan-add-d-link-dwm-222-a2-device-id.patch
+alsa-ca0106-fix-error-code-handling.patch
+alsa-pcm-oss-remove-superfluous-warn_on-for-mulaw-sanity-check.patch
+alsa-firewire-digi00x-exclude-avid-adrenaline-from-detection.patch
+block-allow-for_each_bvec-to-support-zero-len-bvec.patch
+block-move-sector_size-and-sector_shift-definitions-into-linux-blkdev.h.patch
+libata-implement-ata_horkage_max_trim_128m-and-apply-to-sandisks.patch
+dm-cache-metadata-avoid-returning-cmd-bm-wild-pointer-on-error.patch
+dm-thin-metadata-avoid-returning-cmd-bm-wild-pointer-on-error.patch
+mm-slub-fix-conversion-of-freelist_corrupted.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
