--- /dev/null
+From 0f739fdfe9e5ce668bd6d3210f310df282321837 Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+Date: Wed, 8 Apr 2020 11:09:26 +0200
+Subject: ARM: dts: r8a73a4: Add missing CMT1 interrupts
+
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+
+commit 0f739fdfe9e5ce668bd6d3210f310df282321837 upstream.
+
+The R-Mobile APE6 Compare Match Timer 1 generates 8 interrupts, one for
+each channel, but currently only 1 is described.
+Fix this by adding the missing interrupts.
+
+Fixes: f7b65230019b9dac ("ARM: shmobile: r8a73a4: Add CMT1 node")
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Link: https://lore.kernel.org/r/20200408090926.25201-1-geert+renesas@glider.be
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/boot/dts/r8a73a4.dtsi | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/r8a73a4.dtsi
++++ b/arch/arm/boot/dts/r8a73a4.dtsi
+@@ -131,7 +131,14 @@
+ cmt1: timer@e6130000 {
+ compatible = "renesas,r8a73a4-cmt1", "renesas,rcar-gen2-cmt1";
+ reg = <0 0xe6130000 0 0x1004>;
+- interrupts = <GIC_SPI 120 IRQ_TYPE_LEVEL_HIGH>;
++ interrupts = <GIC_SPI 120 IRQ_TYPE_LEVEL_HIGH>,
++ <GIC_SPI 121 IRQ_TYPE_LEVEL_HIGH>,
++ <GIC_SPI 122 IRQ_TYPE_LEVEL_HIGH>,
++ <GIC_SPI 123 IRQ_TYPE_LEVEL_HIGH>,
++ <GIC_SPI 124 IRQ_TYPE_LEVEL_HIGH>,
++ <GIC_SPI 125 IRQ_TYPE_LEVEL_HIGH>,
++ <GIC_SPI 126 IRQ_TYPE_LEVEL_HIGH>,
++ <GIC_SPI 127 IRQ_TYPE_LEVEL_HIGH>;
+ clocks = <&mstp3_clks R8A73A4_CLK_CMT1>;
+ clock-names = "fck";
+ power-domains = <&pd_c5>;
--- /dev/null
+From e47cb97f153193d4b41ca8d48127da14513d54c7 Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+Date: Fri, 8 May 2020 11:59:18 +0200
+Subject: ARM: dts: r8a7740: Add missing extal2 to CPG node
+
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+
+commit e47cb97f153193d4b41ca8d48127da14513d54c7 upstream.
+
+The Clock Pulse Generator (CPG) device node lacks the extal2 clock.
+This may lead to a failure registering the "r" clock, or to a wrong
+parent for the "usb24s" clock, depending on MD_CK2 pin configuration and
+boot loader CPG_USBCKCR register configuration.
+
+This went unnoticed, as this does not affect the single upstream board
+configuration, which relies on the first clock input only.
+
+Fixes: d9ffd583bf345e2e ("ARM: shmobile: r8a7740: add SoC clocks to DTS")
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Reviewed-by: Ulrich Hecht <uli+renesas@fpond.eu>
+Link: https://lore.kernel.org/r/20200508095918.6061-1-geert+renesas@glider.be
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm/boot/dts/r8a7740.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/r8a7740.dtsi
++++ b/arch/arm/boot/dts/r8a7740.dtsi
+@@ -479,7 +479,7 @@
+ cpg_clocks: cpg_clocks@e6150000 {
+ compatible = "renesas,r8a7740-cpg-clocks";
+ reg = <0xe6150000 0x10000>;
+- clocks = <&extal1_clk>, <&extalr_clk>;
++ clocks = <&extal1_clk>, <&extal2_clk>, <&extalr_clk>;
+ #clock-cells = <1>;
+ clock-output-names = "system", "pllc0", "pllc1",
+ "pllc2", "r",
--- /dev/null
+From f4d71c6ea9e58c07dd4d02d09c5dd9bb780ec4b1 Mon Sep 17 00:00:00 2001
+From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Date: Fri, 17 Apr 2020 16:29:03 +0900
+Subject: arm64: dts: renesas: r8a77980: Fix IPMMU VIP[01] nodes
+
+From: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+
+commit f4d71c6ea9e58c07dd4d02d09c5dd9bb780ec4b1 upstream.
+
+Missing the renesas,ipmmu-main property on ipmmu_vip[01] nodes.
+
+Fixes: 55697cbb44e4 ("arm64: dts: renesas: r8a779{65,80,90}: Add IPMMU devices nodes)
+Signed-off-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
+Link: https://lore.kernel.org/r/1587108543-23786-1-git-send-email-yoshihiro.shimoda.uh@renesas.com
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/boot/dts/renesas/r8a77980.dtsi | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/arch/arm64/boot/dts/renesas/r8a77980.dtsi
++++ b/arch/arm64/boot/dts/renesas/r8a77980.dtsi
+@@ -454,6 +454,7 @@
+ ipmmu_vip0: mmu@e7b00000 {
+ compatible = "renesas,ipmmu-r8a77980";
+ reg = <0 0xe7b00000 0 0x1000>;
++ renesas,ipmmu-main = <&ipmmu_mm 4>;
+ power-domains = <&sysc R8A77980_PD_ALWAYS_ON>;
+ #iommu-cells = <1>;
+ };
+@@ -461,6 +462,7 @@
+ ipmmu_vip1: mmu@e7960000 {
+ compatible = "renesas,ipmmu-r8a77980";
+ reg = <0 0xe7960000 0 0x1000>;
++ renesas,ipmmu-main = <&ipmmu_mm 11>;
+ power-domains = <&sysc R8A77980_PD_ALWAYS_ON>;
+ #iommu-cells = <1>;
+ };
--- /dev/null
+From 190c7f6fd43a776d4a6da1dac44408104649e9b7 Mon Sep 17 00:00:00 2001
+From: Chen-Yu Tsai <wens@csie.org>
+Date: Fri, 27 Mar 2020 11:04:14 +0800
+Subject: arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
+
+From: Chen-Yu Tsai <wens@csie.org>
+
+commit 190c7f6fd43a776d4a6da1dac44408104649e9b7 upstream.
+
+The device tree compiler complains that the dwc3 nodes have regs
+properties but no matching unit addresses.
+
+Add the unit addresses to the device node name. While at it, also rename
+the nodes from "dwc3" to "usb", as guidelines require device nodes have
+generic names.
+
+Fixes: 7144224f2c2b ("arm64: dts: rockchip: support dwc3 USB for rk3399")
+Signed-off-by: Chen-Yu Tsai <wens@csie.org>
+Link: https://lore.kernel.org/r/20200327030414.5903-7-wens@kernel.org
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+@@ -376,7 +376,7 @@
+ reset-names = "usb3-otg";
+ status = "disabled";
+
+- usbdrd_dwc3_0: dwc3 {
++ usbdrd_dwc3_0: usb@fe800000 {
+ compatible = "snps,dwc3";
+ reg = <0x0 0xfe800000 0x0 0x100000>;
+ interrupts = <GIC_SPI 105 IRQ_TYPE_LEVEL_HIGH 0>;
+@@ -409,7 +409,7 @@
+ reset-names = "usb3-otg";
+ status = "disabled";
+
+- usbdrd_dwc3_1: dwc3 {
++ usbdrd_dwc3_1: usb@fe900000 {
+ compatible = "snps,dwc3";
+ reg = <0x0 0xfe900000 0x0 0x100000>;
+ interrupts = <GIC_SPI 110 IRQ_TYPE_LEVEL_HIGH 0>;
--- /dev/null
+From 83b994129fb4c18a8460fd395864a28740e5e7fb Mon Sep 17 00:00:00 2001
+From: Chen-Yu Tsai <wens@csie.org>
+Date: Fri, 27 Mar 2020 11:04:10 +0800
+Subject: arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards
+
+From: Chen-Yu Tsai <wens@csie.org>
+
+commit 83b994129fb4c18a8460fd395864a28740e5e7fb upstream.
+
+In some board device tree files, "rk805" was used for the RK805 PMIC's
+node name. However the policy for device trees is that generic names
+should be used.
+
+Replace the "rk805" node name with the generic "pmic" name.
+
+Fixes: 1e28037ec88e ("arm64: dts: rockchip: add rk805 node for rk3328-evb")
+Fixes: 955bebde057e ("arm64: dts: rockchip: add rk3328-rock64 board")
+Signed-off-by: Chen-Yu Tsai <wens@csie.org>
+Link: https://lore.kernel.org/r/20200327030414.5903-3-wens@kernel.org
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arm64/boot/dts/rockchip/rk3328-evb.dts | 2 +-
+ arch/arm64/boot/dts/rockchip/rk3328-rock64.dts | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/arch/arm64/boot/dts/rockchip/rk3328-evb.dts
++++ b/arch/arm64/boot/dts/rockchip/rk3328-evb.dts
+@@ -92,7 +92,7 @@
+ &i2c1 {
+ status = "okay";
+
+- rk805: rk805@18 {
++ rk805: pmic@18 {
+ compatible = "rockchip,rk805";
+ reg = <0x18>;
+ interrupt-parent = <&gpio2>;
+--- a/arch/arm64/boot/dts/rockchip/rk3328-rock64.dts
++++ b/arch/arm64/boot/dts/rockchip/rk3328-rock64.dts
+@@ -112,7 +112,7 @@
+ &i2c1 {
+ status = "okay";
+
+- rk805: rk805@18 {
++ rk805: pmic@18 {
+ compatible = "rockchip,rk805";
+ reg = <0x18>;
+ interrupt-parent = <&gpio2>;
--- /dev/null
+From b2a5212fb634561bb734c6356904e37f6665b955 Mon Sep 17 00:00:00 2001
+From: Daniel Borkmann <daniel@iogearbox.net>
+Date: Fri, 15 May 2020 12:11:18 +0200
+Subject: bpf: Restrict bpf_trace_printk()'s %s usage and add %pks, %pus specifier
+
+From: Daniel Borkmann <daniel@iogearbox.net>
+
+commit b2a5212fb634561bb734c6356904e37f6665b955 upstream.
+
+Usage of plain %s conversion specifier in bpf_trace_printk() suffers from the
+very same issue as bpf_probe_read{,str}() helpers, that is, it is broken on
+archs with overlapping address ranges.
+
+While the helpers have been addressed through work in 6ae08ae3dea2 ("bpf: Add
+probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers"), we need
+an option for bpf_trace_printk() as well to fix it.
+
+Similarly as with the helpers, force users to make an explicit choice by adding
+%pks and %pus specifier to bpf_trace_printk() which will then pick the corresponding
+strncpy_from_unsafe*() variant to perform the access under KERNEL_DS or USER_DS.
+The %pk* (kernel specifier) and %pu* (user specifier) can later also be extended
+for other objects aside strings that are probed and printed under tracing, and
+reused out of other facilities like bpf_seq_printf() or BTF based type printing.
+
+Existing behavior of %s for current users is still kept working for archs where it
+is not broken and therefore gated through CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE.
+For archs not having this property we fall-back to pick probing under KERNEL_DS as
+a sensible default.
+
+Fixes: 8d3b7dce8622 ("bpf: add support for %s specifier to bpf_trace_printk()")
+Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
+Reported-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
+Link: https://lore.kernel.org/bpf/20200515101118.6508-4-daniel@iogearbox.net
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/core-api/printk-formats.rst | 14 ++++
+ kernel/trace/bpf_trace.c | 94 +++++++++++++++++++-----------
+ lib/vsprintf.c | 12 +++
+ 3 files changed, 88 insertions(+), 32 deletions(-)
+
+--- a/Documentation/core-api/printk-formats.rst
++++ b/Documentation/core-api/printk-formats.rst
+@@ -94,6 +94,20 @@ used when printing stack backtraces. The
+ consideration the effect of compiler optimisations which may occur
+ when tail-calls are used and marked with the noreturn GCC attribute.
+
++Probed Pointers from BPF / tracing
++----------------------------------
++
++::
++
++ %pks kernel string
++ %pus user string
++
++The ``k`` and ``u`` specifiers are used for printing prior probed memory from
++either kernel memory (k) or user memory (u). The subsequent ``s`` specifier
++results in printing a string. For direct use in regular vsnprintf() the (k)
++and (u) annotation is ignored, however, when used out of BPF's bpf_trace_printk(),
++for example, it reads the memory it is pointing to without faulting.
++
+ Kernel Pointers
+ ---------------
+
+--- a/kernel/trace/bpf_trace.c
++++ b/kernel/trace/bpf_trace.c
+@@ -158,17 +158,15 @@ static const struct bpf_func_proto *bpf_
+
+ /*
+ * Only limited trace_printk() conversion specifiers allowed:
+- * %d %i %u %x %ld %li %lu %lx %lld %lli %llu %llx %p %s
++ * %d %i %u %x %ld %li %lu %lx %lld %lli %llu %llx %p %pks %pus %s
+ */
+ BPF_CALL_5(bpf_trace_printk, char *, fmt, u32, fmt_size, u64, arg1,
+ u64, arg2, u64, arg3)
+ {
++ int i, mod[3] = {}, fmt_cnt = 0;
++ char buf[64], fmt_ptype;
++ void *unsafe_ptr = NULL;
+ bool str_seen = false;
+- int mod[3] = {};
+- int fmt_cnt = 0;
+- u64 unsafe_addr;
+- char buf[64];
+- int i;
+
+ /*
+ * bpf_check()->check_func_arg()->check_stack_boundary()
+@@ -194,40 +192,71 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt
+ if (fmt[i] == 'l') {
+ mod[fmt_cnt]++;
+ i++;
+- } else if (fmt[i] == 'p' || fmt[i] == 's') {
++ } else if (fmt[i] == 'p') {
+ mod[fmt_cnt]++;
++ if ((fmt[i + 1] == 'k' ||
++ fmt[i + 1] == 'u') &&
++ fmt[i + 2] == 's') {
++ fmt_ptype = fmt[i + 1];
++ i += 2;
++ goto fmt_str;
++ }
++
+ /* disallow any further format extensions */
+ if (fmt[i + 1] != 0 &&
+ !isspace(fmt[i + 1]) &&
+ !ispunct(fmt[i + 1]))
+ return -EINVAL;
+- fmt_cnt++;
+- if (fmt[i] == 's') {
+- if (str_seen)
+- /* allow only one '%s' per fmt string */
+- return -EINVAL;
+- str_seen = true;
+-
+- switch (fmt_cnt) {
+- case 1:
+- unsafe_addr = arg1;
+- arg1 = (long) buf;
+- break;
+- case 2:
+- unsafe_addr = arg2;
+- arg2 = (long) buf;
+- break;
+- case 3:
+- unsafe_addr = arg3;
+- arg3 = (long) buf;
+- break;
+- }
+- buf[0] = 0;
+- strncpy_from_unsafe(buf,
+- (void *) (long) unsafe_addr,
++
++ goto fmt_next;
++ } else if (fmt[i] == 's') {
++ mod[fmt_cnt]++;
++ fmt_ptype = fmt[i];
++fmt_str:
++ if (str_seen)
++ /* allow only one '%s' per fmt string */
++ return -EINVAL;
++ str_seen = true;
++
++ if (fmt[i + 1] != 0 &&
++ !isspace(fmt[i + 1]) &&
++ !ispunct(fmt[i + 1]))
++ return -EINVAL;
++
++ switch (fmt_cnt) {
++ case 0:
++ unsafe_ptr = (void *)(long)arg1;
++ arg1 = (long)buf;
++ break;
++ case 1:
++ unsafe_ptr = (void *)(long)arg2;
++ arg2 = (long)buf;
++ break;
++ case 2:
++ unsafe_ptr = (void *)(long)arg3;
++ arg3 = (long)buf;
++ break;
++ }
++
++ buf[0] = 0;
++ switch (fmt_ptype) {
++ case 's':
++#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
++ strncpy_from_unsafe(buf, unsafe_ptr,
+ sizeof(buf));
++ break;
++#endif
++ case 'k':
++ strncpy_from_unsafe_strict(buf, unsafe_ptr,
++ sizeof(buf));
++ break;
++ case 'u':
++ strncpy_from_unsafe_user(buf,
++ (__force void __user *)unsafe_ptr,
++ sizeof(buf));
++ break;
+ }
+- continue;
++ goto fmt_next;
+ }
+
+ if (fmt[i] == 'l') {
+@@ -238,6 +267,7 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt
+ if (fmt[i] != 'i' && fmt[i] != 'd' &&
+ fmt[i] != 'u' && fmt[i] != 'x')
+ return -EINVAL;
++fmt_next:
+ fmt_cnt++;
+ }
+
+--- a/lib/vsprintf.c
++++ b/lib/vsprintf.c
+@@ -1845,6 +1845,10 @@ static char *ptr_to_id(char *buf, char *
+ * C full compatible string
+ *
+ * - 'x' For printing the address. Equivalent to "%lx".
++ * - '[ku]s' For a BPF/tracing related format specifier, e.g. used out of
++ * bpf_trace_printk() where [ku] prefix specifies either kernel (k)
++ * or user (u) memory to probe, and:
++ * s a string, equivalent to "%s" on direct vsnprintf() use
+ *
+ * ** When making changes please also update:
+ * Documentation/core-api/printk-formats.rst
+@@ -1970,6 +1974,14 @@ char *pointer(const char *fmt, char *buf
+ break;
+ case 'x':
+ return pointer_string(buf, end, ptr, spec);
++ case 'u':
++ case 'k':
++ switch (fmt[1]) {
++ case 's':
++ return string(buf, end, ptr, spec);
++ default:
++ return error_string(buf, end, "(einval)", spec);
++ }
+ }
+
+ /* default is to _not_ leak addresses, hash before printing */
--- /dev/null
+From 018d4671b9bbd4a5c55cf6eab3e1dbc70a50b66e Mon Sep 17 00:00:00 2001
+From: Marc Zyngier <maz@kernel.org>
+Date: Tue, 5 May 2020 15:09:53 +0100
+Subject: clk: Unlink clock if failed to prepare or enable
+
+From: Marc Zyngier <maz@kernel.org>
+
+commit 018d4671b9bbd4a5c55cf6eab3e1dbc70a50b66e upstream.
+
+On failing to prepare or enable a clock, remove the core structure
+from the list it has been inserted as it is about to be freed.
+
+This otherwise leads to random crashes when subsequent clocks get
+registered, during which parsing of the clock tree becomes adventurous.
+
+Observed with QEMU's RPi-3 emulation.
+
+Fixes: 12ead77432f2 ("clk: Don't try to enable critical clocks if prepare failed")
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Cc: Stephen Boyd <sboyd@kernel.org>
+Cc: Michael Turquette <mturquette@baylibre.com>
+Link: https://lkml.kernel.org/r/20200505140953.409430-1-maz@kernel.org
+Signed-off-by: Stephen Boyd <sboyd@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/clk/clk.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/clk/clk.c
++++ b/drivers/clk/clk.c
+@@ -3105,6 +3105,9 @@ static int __clk_core_init(struct clk_co
+ out:
+ clk_pm_runtime_put(core);
+ unlock:
++ if (ret)
++ hlist_del_init(&core->child_node);
++
+ clk_prepare_unlock();
+
+ if (!ret)
--- /dev/null
+From c4e0e4ab4cf3ec2b3f0b628ead108d677644ebd9 Mon Sep 17 00:00:00 2001
+From: Jim Mattson <jmattson@google.com>
+Date: Mon, 11 May 2020 15:56:16 -0700
+Subject: KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
+
+From: Jim Mattson <jmattson@google.com>
+
+commit c4e0e4ab4cf3ec2b3f0b628ead108d677644ebd9 upstream.
+
+Bank_num is a one-based count of banks, not a zero-based index. It
+overflows the allocated space only when strictly greater than
+KVM_MAX_MCE_BANKS.
+
+Fixes: a9e38c3e01ad ("KVM: x86: Catch potential overrun in MCE setup")
+Signed-off-by: Jue Wang <juew@google.com>
+Signed-off-by: Jim Mattson <jmattson@google.com>
+Reviewed-by: Peter Shier <pshier@google.com>
+Message-Id: <20200511225616.19557-1-jmattson@google.com>
+Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/x86.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3423,7 +3423,7 @@ static int kvm_vcpu_ioctl_x86_setup_mce(
+ unsigned bank_num = mcg_cap & 0xff, bank;
+
+ r = -EINVAL;
+- if (!bank_num || bank_num >= KVM_MAX_MCE_BANKS)
++ if (!bank_num || bank_num > KVM_MAX_MCE_BANKS)
+ goto out;
+ if (mcg_cap & ~(kvm_mce_cap_supported | 0xff | 0xff0000))
+ goto out;
--- /dev/null
+From b1112139a103b4b1101d0d2d72931f2d33d8c978 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyfox@gentoo.org>
+Date: Tue, 17 Mar 2020 00:07:18 +0000
+Subject: Makefile: disallow data races on gcc-10 as well
+
+From: Sergei Trofimovich <slyfox@gentoo.org>
+
+commit b1112139a103b4b1101d0d2d72931f2d33d8c978 upstream.
+
+gcc-10 will rename --param=allow-store-data-races=0
+to -fno-allow-store-data-races.
+
+The flag change happened at https://gcc.gnu.org/PR92046.
+
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+Acked-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Cc: Thomas Backlund <tmb@mageia.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Makefile | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/Makefile
++++ b/Makefile
+@@ -664,6 +664,7 @@ endif
+
+ # Tell gcc to never replace conditional load with a non-conditional one
+ KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++KBUILD_CFLAGS += $(call cc-option,-fno-allow-store-data-races)
+
+ include scripts/Makefile.kcov
+ include scripts/Makefile.gcc-plugins
--- /dev/null
+From f41224efcf8aafe80ea47ac870c5e32f3209ffc8 Mon Sep 17 00:00:00 2001
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Date: Sun, 3 May 2020 23:24:46 +0800
+Subject: Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
+
+From: Kai-Heng Feng <kai.heng.feng@canonical.com>
+
+commit f41224efcf8aafe80ea47ac870c5e32f3209ffc8 upstream.
+
+This reverts commit 3b36b13d5e69d6f51ff1c55d1b404a74646c9757.
+
+Enable power save node breaks some systems with ACL225. Revert the patch
+and use a platform specific quirk for the original issue isntead.
+
+Fixes: 3b36b13d5e69 ("ALSA: hda/realtek: Fix pop noise on ALC225")
+BugLink: https://bugs.launchpad.net/bugs/1875916
+Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
+Link: https://lore.kernel.org/r/20200503152449.22761-1-kai.heng.feng@canonical.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/pci/hda/patch_realtek.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -7827,8 +7827,6 @@ static int patch_alc269(struct hda_codec
+ spec->gen.mixer_nid = 0;
+ break;
+ case 0x10ec0225:
+- codec->power_save_node = 1;
+- /* fall through */
+ case 0x10ec0295:
+ case 0x10ec0299:
+ spec->codec_variant = ALC269_TYPE_ALC225;
exec-move-would_dump-into-flush_old_exec.patch
clk-rockchip-fix-incorrect-configuration-of-rk3228-aclk_gpu-clocks.patch
dwc3-remove-check-for-hwo-flag-in-dwc3_gadget_ep_reclaim_trb_sg.patch
+usb-gadget-net2272-fix-a-memory-leak-in-an-error-handling-path-in-net2272_plat_probe.patch
+usb-gadget-audio-fix-a-missing-error-return-value-in-audio_bind.patch
+usb-gadget-legacy-fix-error-return-code-in-gncm_bind.patch
+usb-gadget-legacy-fix-error-return-code-in-cdc_bind.patch
+revert-alsa-hda-realtek-fix-pop-noise-on-alc225.patch
+clk-unlink-clock-if-failed-to-prepare-or-enable.patch
+arm64-dts-rockchip-replace-rk805-pmic-node-name-with-pmic-on-rk3328-boards.patch
+arm64-dts-rockchip-rename-dwc3-device-nodes-on-rk3399-to-make-dtc-happy.patch
+arm-dts-r8a73a4-add-missing-cmt1-interrupts.patch
+arm64-dts-renesas-r8a77980-fix-ipmmu-vip-nodes.patch
+arm-dts-r8a7740-add-missing-extal2-to-cpg-node.patch
+kvm-x86-fix-off-by-one-error-in-kvm_vcpu_ioctl_x86_setup_mce.patch
+bpf-restrict-bpf_trace_printk-s-s-usage-and-add-pks-pus-specifier.patch
+makefile-disallow-data-races-on-gcc-10-as-well.patch
--- /dev/null
+From 19b94c1f9c9a16d41a8de3ccbdb8536cf1aecdbf Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Sun, 3 May 2020 12:47:07 +0200
+Subject: usb: gadget: audio: Fix a missing error return value in audio_bind()
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit 19b94c1f9c9a16d41a8de3ccbdb8536cf1aecdbf upstream.
+
+If 'usb_otg_descriptor_alloc()' fails, we must return an error code, not 0.
+
+Fixes: 56023ce0fd70 ("usb: gadget: audio: allocate and init otg descriptor by otg capabilities")
+Reviewed-by: Peter Chen <peter.chen@nxp.com>
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/legacy/audio.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/gadget/legacy/audio.c
++++ b/drivers/usb/gadget/legacy/audio.c
+@@ -300,8 +300,10 @@ static int audio_bind(struct usb_composi
+ struct usb_descriptor_header *usb_desc;
+
+ usb_desc = usb_otg_descriptor_alloc(cdev->gadget);
+- if (!usb_desc)
++ if (!usb_desc) {
++ status = -ENOMEM;
+ goto fail;
++ }
+ usb_otg_descriptor_init(cdev->gadget, usb_desc);
+ otg_desc[0] = usb_desc;
+ otg_desc[1] = NULL;
--- /dev/null
+From e8f7f9e3499a6d96f7f63a4818dc7d0f45a7783b Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Thu, 7 May 2020 05:13:32 +0000
+Subject: usb: gadget: legacy: fix error return code in cdc_bind()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit e8f7f9e3499a6d96f7f63a4818dc7d0f45a7783b upstream.
+
+If 'usb_otg_descriptor_alloc()' fails, we must return a
+negative error code -ENOMEM, not 0.
+
+Fixes: ab6796ae9833 ("usb: gadget: cdc2: allocate and init otg descriptor by otg capabilities")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Signed-off-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/legacy/cdc2.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/gadget/legacy/cdc2.c
++++ b/drivers/usb/gadget/legacy/cdc2.c
+@@ -179,8 +179,10 @@ static int cdc_bind(struct usb_composite
+ struct usb_descriptor_header *usb_desc;
+
+ usb_desc = usb_otg_descriptor_alloc(gadget);
+- if (!usb_desc)
++ if (!usb_desc) {
++ status = -ENOMEM;
+ goto fail1;
++ }
+ usb_otg_descriptor_init(gadget, usb_desc);
+ otg_desc[0] = usb_desc;
+ otg_desc[1] = NULL;
--- /dev/null
+From e27d4b30b71c66986196d8a1eb93cba9f602904a Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Thu, 7 May 2020 05:13:23 +0000
+Subject: usb: gadget: legacy: fix error return code in gncm_bind()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit e27d4b30b71c66986196d8a1eb93cba9f602904a upstream.
+
+If 'usb_otg_descriptor_alloc()' fails, we must return a
+negative error code -ENOMEM, not 0.
+
+Fixes: 1156e91dd7cc ("usb: gadget: ncm: allocate and init otg descriptor by otg capabilities")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Signed-off-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/legacy/ncm.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/gadget/legacy/ncm.c
++++ b/drivers/usb/gadget/legacy/ncm.c
+@@ -156,8 +156,10 @@ static int gncm_bind(struct usb_composit
+ struct usb_descriptor_header *usb_desc;
+
+ usb_desc = usb_otg_descriptor_alloc(gadget);
+- if (!usb_desc)
++ if (!usb_desc) {
++ status = -ENOMEM;
+ goto fail;
++ }
+ usb_otg_descriptor_init(gadget, usb_desc);
+ otg_desc[0] = usb_desc;
+ otg_desc[1] = NULL;
--- /dev/null
+From ccaef7e6e354fb65758eaddd3eae8065a8b3e295 Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Mon, 27 Apr 2020 20:04:23 +0200
+Subject: usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit ccaef7e6e354fb65758eaddd3eae8065a8b3e295 upstream.
+
+'dev' is allocated in 'net2272_probe_init()'. It must be freed in the error
+handling path, as already done in the remove function (i.e.
+'net2272_plat_remove()')
+
+Fixes: 90fccb529d24 ("usb: gadget: Gadget directory cleanup - group UDC drivers")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: Felipe Balbi <balbi@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/usb/gadget/udc/net2272.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/gadget/udc/net2272.c
++++ b/drivers/usb/gadget/udc/net2272.c
+@@ -2653,6 +2653,8 @@ net2272_plat_probe(struct platform_devic
+ err_req:
+ release_mem_region(base, len);
+ err:
++ kfree(dev);
++
+ return ret;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
