--- /dev/null
+From 1f6e1fca89a173045c8621c4b8604d2b9bca0d69 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Apr 2020 09:32:55 -0700
+Subject: arm64: Delete the space separator in __emit_inst
+
+From: Fangrui Song <maskray@google.com>
+
+[ Upstream commit c9a4ef66450145a356a626c833d3d7b1668b3ded ]
+
+In assembly, many instances of __emit_inst(x) expand to a directive. In
+a few places __emit_inst(x) is used as an assembler macro argument. For
+example, in arch/arm64/kvm/hyp/entry.S
+
+ ALTERNATIVE(nop, SET_PSTATE_PAN(1), ARM64_HAS_PAN, CONFIG_ARM64_PAN)
+
+expands to the following by the C preprocessor:
+
+ alternative_insn nop, .inst (0xd500401f | ((0) << 16 | (4) << 5) | ((!!1) << 8)), 4, 1
+
+Both comma and space are separators, with an exception that content
+inside a pair of parentheses/quotes is not split, so the clang
+integrated assembler splits the arguments to:
+
+ nop, .inst, (0xd500401f | ((0) << 16 | (4) << 5) | ((!!1) << 8)), 4, 1
+
+GNU as preprocesses the input with do_scrub_chars(). Its arm64 backend
+(along with many other non-x86 backends) sees:
+
+ alternative_insn nop,.inst(0xd500401f|((0)<<16|(4)<<5)|((!!1)<<8)),4,1
+ # .inst(...) is parsed as one argument
+
+while its x86 backend sees:
+
+ alternative_insn nop,.inst (0xd500401f|((0)<<16|(4)<<5)|((!!1)<<8)),4,1
+ # The extra space before '(' makes the whole .inst (...) parsed as two arguments
+
+The non-x86 backend's behavior is considered unintentional
+(https://sourceware.org/bugzilla/show_bug.cgi?id=25750).
+So drop the space separator inside `.inst (...)` to make the clang
+integrated assembler work.
+
+Suggested-by: Ilie Halip <ilie.halip@gmail.com>
+Signed-off-by: Fangrui Song <maskray@google.com>
+Reviewed-by: Mark Rutland <mark.rutland@arm.com>
+Link: https://github.com/ClangBuiltLinux/linux/issues/939
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/include/asm/sysreg.h | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
+index 50a89bcf9072e..2564dd429ab68 100644
+--- a/arch/arm64/include/asm/sysreg.h
++++ b/arch/arm64/include/asm/sysreg.h
+@@ -60,7 +60,9 @@
+ #ifndef CONFIG_BROKEN_GAS_INST
+
+ #ifdef __ASSEMBLY__
+-#define __emit_inst(x) .inst (x)
++// The space separator is omitted so that __emit_inst(x) can be parsed as
++// either an assembler directive or an assembler macro argument.
++#define __emit_inst(x) .inst(x)
+ #else
+ #define __emit_inst(x) ".inst " __stringify((x)) "\n\t"
+ #endif
+--
+2.20.1
+
--- /dev/null
+From d7277844a3b4d99883e6c3b391bc28883aaf0452 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 18 Apr 2020 16:26:53 -0700
+Subject: bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
+
+From: Luke Nelson <lukenels@cs.washington.edu>
+
+[ Upstream commit aee194b14dd2b2bde6252b3acf57d36dccfc743a ]
+
+This patch fixes an encoding bug in emit_stx for BPF_B when the source
+register is BPF_REG_FP.
+
+The current implementation for BPF_STX BPF_B in emit_stx saves one REX
+byte when the operands can be encoded using Mod-R/M alone. The lower 8
+bits of registers %rax, %rbx, %rcx, and %rdx can be accessed without using
+a REX prefix via %al, %bl, %cl, and %dl, respectively. Other registers,
+(e.g., %rsi, %rdi, %rbp, %rsp) require a REX prefix to use their 8-bit
+equivalents (%sil, %dil, %bpl, %spl).
+
+The current code checks if the source for BPF_STX BPF_B is BPF_REG_1
+or BPF_REG_2 (which map to %rdi and %rsi), in which case it emits the
+required REX prefix. However, it misses the case when the source is
+BPF_REG_FP (mapped to %rbp).
+
+The result is that BPF_STX BPF_B with BPF_REG_FP as the source operand
+will read from register %ch instead of the correct %bpl. This patch fixes
+the problem by fixing and refactoring the check on which registers need
+the extra REX byte. Since no BPF registers map to %rsp, there is no need
+to handle %spl.
+
+Fixes: 622582786c9e0 ("net: filter: x86: internal BPF JIT")
+Signed-off-by: Xi Wang <xi.wang@gmail.com>
+Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Link: https://lore.kernel.org/bpf/20200418232655.23870-1-luke.r.nels@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/net/bpf_jit_comp.c | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
+index cdb386fa71013..0415c0cd4a191 100644
+--- a/arch/x86/net/bpf_jit_comp.c
++++ b/arch/x86/net/bpf_jit_comp.c
+@@ -153,6 +153,19 @@ static bool is_ereg(u32 reg)
+ BIT(BPF_REG_AX));
+ }
+
++/*
++ * is_ereg_8l() == true if BPF register 'reg' is mapped to access x86-64
++ * lower 8-bit registers dil,sil,bpl,spl,r8b..r15b, which need extra byte
++ * of encoding. al,cl,dl,bl have simpler encoding.
++ */
++static bool is_ereg_8l(u32 reg)
++{
++ return is_ereg(reg) ||
++ (1 << reg) & (BIT(BPF_REG_1) |
++ BIT(BPF_REG_2) |
++ BIT(BPF_REG_FP));
++}
++
+ /* add modifiers if 'reg' maps to x64 registers r8..r15 */
+ static u8 add_1mod(u8 byte, u32 reg)
+ {
+@@ -770,9 +783,8 @@ st: if (is_imm8(insn->off))
+ /* STX: *(u8*)(dst_reg + off) = src_reg */
+ case BPF_STX | BPF_MEM | BPF_B:
+ /* emit 'mov byte ptr [rax + off], al' */
+- if (is_ereg(dst_reg) || is_ereg(src_reg) ||
+- /* have to add extra byte for x86 SIL, DIL regs */
+- src_reg == BPF_REG_1 || src_reg == BPF_REG_2)
++ if (is_ereg(dst_reg) || is_ereg_8l(src_reg))
++ /* Add extra byte for eregs or SIL,DIL,BPL in src_reg */
+ EMIT2(add_2mod(0x40, dst_reg, src_reg), 0x88);
+ else
+ EMIT1(0x88);
+--
+2.20.1
+
--- /dev/null
+From db2f7cb0280cf5c3f90ed6bc100764a0bc888622 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 13 Apr 2020 23:33:05 -0400
+Subject: ext4: convert BUG_ON's to WARN_ON's in mballoc.c
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+[ Upstream commit 907ea529fc4c3296701d2bfc8b831dd2a8121a34 ]
+
+If the in-core buddy bitmap gets corrupted (or out of sync with the
+block bitmap), issue a WARN_ON and try to recover. In most cases this
+involves skipping trying to allocate out of a particular block group.
+We can end up declaring the file system corrupted, which is fair,
+since the file system probably should be checked before we proceed any
+further.
+
+Link: https://lore.kernel.org/r/20200414035649.293164-1-tytso@mit.edu
+Google-Bug-Id: 34811296
+Google-Bug-Id: 34639169
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/mballoc.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
+index 745a89d30a57a..d7cedfaa1cc08 100644
+--- a/fs/ext4/mballoc.c
++++ b/fs/ext4/mballoc.c
+@@ -1952,7 +1952,8 @@ void ext4_mb_complex_scan_group(struct ext4_allocation_context *ac,
+ int free;
+
+ free = e4b->bd_info->bb_free;
+- BUG_ON(free <= 0);
++ if (WARN_ON(free <= 0))
++ return;
+
+ i = e4b->bd_info->bb_first_free;
+
+@@ -1973,7 +1974,8 @@ void ext4_mb_complex_scan_group(struct ext4_allocation_context *ac,
+ }
+
+ mb_find_extent(e4b, i, ac->ac_g_ex.fe_len, &ex);
+- BUG_ON(ex.fe_len <= 0);
++ if (WARN_ON(ex.fe_len <= 0))
++ break;
+ if (free < ex.fe_len) {
+ ext4_grp_locked_error(sb, e4b->bd_group, 0, 0,
+ "%d free clusters as per "
+--
+2.20.1
+
--- /dev/null
+From 78e45f0d4434b368a84f377f47f312876ac76b0f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 13 Apr 2020 22:30:52 -0400
+Subject: ext4: increase wait time needed before reuse of deleted inode numbers
+
+From: Theodore Ts'o <tytso@mit.edu>
+
+[ Upstream commit a17a9d935dc4a50acefaf319d58030f1da7f115a ]
+
+Current wait times have proven to be too short to protect against inode
+reuses that lead to metadata inconsistencies.
+
+Now that we will retry the inode allocation if we can't find any
+recently deleted inodes, it's a lot safer to increase the recently
+deleted time from 5 seconds to a minute.
+
+Link: https://lore.kernel.org/r/20200414023925.273867-1-tytso@mit.edu
+Google-Bug-Id: 36602237
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/ialloc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c
+index 2a480c0ef1bc1..96efe53855a0b 100644
+--- a/fs/ext4/ialloc.c
++++ b/fs/ext4/ialloc.c
+@@ -673,7 +673,7 @@ static int find_group_other(struct super_block *sb, struct inode *parent,
+ * block has been written back to disk. (Yes, these values are
+ * somewhat arbitrary...)
+ */
+-#define RECENTCY_MIN 5
++#define RECENTCY_MIN 60
+ #define RECENTCY_DIRTY 300
+
+ static int recently_deleted(struct super_block *sb, ext4_group_t group, int ino)
+--
+2.20.1
+
--- /dev/null
+From 55c84801a528e4528e33a95d1fa605149f0d7f2c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 Feb 2020 12:10:02 +0800
+Subject: ext4: use matching invalidatepage in ext4_writepage
+
+From: yangerkun <yangerkun@huawei.com>
+
+[ Upstream commit c2a559bc0e7ed5a715ad6b947025b33cb7c05ea7 ]
+
+Run generic/388 with journal data mode sometimes may trigger the warning
+in ext4_invalidatepage. Actually, we should use the matching invalidatepage
+in ext4_writepage.
+
+Signed-off-by: yangerkun <yangerkun@huawei.com>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Reviewed-by: Ritesh Harjani <riteshh@linux.ibm.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20200226041002.13914-1-yangerkun@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/inode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
+index 5b0d5ca2c2b2a..0cbb241488ec3 100644
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -2123,7 +2123,7 @@ static int ext4_writepage(struct page *page,
+ bool keep_towrite = false;
+
+ if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb)))) {
+- ext4_invalidatepage(page, 0, PAGE_SIZE);
++ inode->i_mapping->a_ops->invalidatepage(page, 0, PAGE_SIZE);
+ unlock_page(page);
+ return -EIO;
+ }
+--
+2.20.1
+
--- /dev/null
+From f82968adfeaf85970fa6810a9532cc3fcdafccdb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 17 Apr 2020 11:28:53 +0200
+Subject: hwmon: (jc42) Fix name to have no illegal characters
+
+From: Sascha Hauer <s.hauer@pengutronix.de>
+
+[ Upstream commit c843b382e61b5f28a3d917712c69a344f632387c ]
+
+The jc42 driver passes I2C client's name as hwmon device name. In case
+of device tree probed devices this ends up being part of the compatible
+string, "jc-42.4-temp". This name contains hyphens and the hwmon core
+doesn't like this:
+
+jc42 2-0018: hwmon: 'jc-42.4-temp' is not a valid name attribute, please fix
+
+This changes the name to "jc42" which doesn't have any illegal
+characters.
+
+Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
+Link: https://lore.kernel.org/r/20200417092853.31206-1-s.hauer@pengutronix.de
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hwmon/jc42.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/hwmon/jc42.c b/drivers/hwmon/jc42.c
+index e5234f953a6d1..b6e5aaa54963d 100644
+--- a/drivers/hwmon/jc42.c
++++ b/drivers/hwmon/jc42.c
+@@ -527,7 +527,7 @@ static int jc42_probe(struct i2c_client *client, const struct i2c_device_id *id)
+ }
+ data->config = config;
+
+- hwmon_dev = devm_hwmon_device_register_with_info(dev, client->name,
++ hwmon_dev = devm_hwmon_device_register_with_info(dev, "jc42",
+ data, &jc42_chip_info,
+ NULL);
+ return PTR_ERR_OR_ZERO(hwmon_dev);
+--
+2.20.1
+
--- /dev/null
+From 6c524b4ed8bddce5822bda738b1774eff8a61052 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 1 Apr 2020 13:23:25 -0500
+Subject: objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
+
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+
+[ Upstream commit bd841d6154f5f41f8a32d3c1b0bc229e326e640a ]
+
+CONFIG_UBSAN_TRAP causes GCC to emit a UD2 whenever it encounters an
+unreachable code path. This includes __builtin_unreachable(). Because
+the BUG() macro uses __builtin_unreachable() after it emits its own UD2,
+this results in a double UD2. In this case objtool rightfully detects
+that the second UD2 is unreachable:
+
+ init/main.o: warning: objtool: repair_env_string()+0x1c8: unreachable instruction
+
+We weren't able to figure out a way to get rid of the double UD2s, so
+just silence the warning.
+
+Reported-by: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Kees Cook <keescook@chromium.org>
+Reviewed-by: Miroslav Benes <mbenes@suse.cz>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/6653ad73c6b59c049211bd7c11ed3809c20ee9f5.1585761021.git.jpoimboe@redhat.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/objtool/check.c | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/tools/objtool/check.c b/tools/objtool/check.c
+index ccd5319d1284c..04fc04b4ab67e 100644
+--- a/tools/objtool/check.c
++++ b/tools/objtool/check.c
+@@ -2062,14 +2062,27 @@ static bool ignore_unreachable_insn(struct instruction *insn)
+ !strcmp(insn->sec->name, ".altinstr_aux"))
+ return true;
+
++ if (!insn->func)
++ return false;
++
++ /*
++ * CONFIG_UBSAN_TRAP inserts a UD2 when it sees
++ * __builtin_unreachable(). The BUG() macro has an unreachable() after
++ * the UD2, which causes GCC's undefined trap logic to emit another UD2
++ * (or occasionally a JMP to UD2).
++ */
++ if (list_prev_entry(insn, list)->dead_end &&
++ (insn->type == INSN_BUG ||
++ (insn->type == INSN_JUMP_UNCONDITIONAL &&
++ insn->jump_dest && insn->jump_dest->type == INSN_BUG)))
++ return true;
++
+ /*
+ * Check if this (or a subsequent) instruction is related to
+ * CONFIG_UBSAN or CONFIG_KASAN.
+ *
+ * End the search at 5 instructions to avoid going into the weeds.
+ */
+- if (!insn->func)
+- return false;
+ for (i = 0; i < 5; i++) {
+
+ if (is_kasan_insn(insn) || is_ubsan_insn(insn))
+--
+2.20.1
+
--- /dev/null
+From e5fe0a681309ce5c219278dd99766cfdc4ca0019 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 1 Apr 2020 13:23:26 -0500
+Subject: objtool: Support Clang non-section symbols in ORC dump
+
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+
+[ Upstream commit 8782e7cab51b6bf01a5a86471dd82228af1ac185 ]
+
+Historically, the relocation symbols for ORC entries have only been
+section symbols:
+
+ .text+0: sp:sp+8 bp:(und) type:call end:0
+
+However, the Clang assembler is aggressive about stripping section
+symbols. In that case we will need to use function symbols:
+
+ freezing_slow_path+0: sp:sp+8 bp:(und) type:call end:0
+
+In preparation for the generation of such entries in "objtool orc
+generate", add support for reading them in "objtool orc dump".
+
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Miroslav Benes <mbenes@suse.cz>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/b811b5eb1a42602c3b523576dc5efab9ad1c174d.1585761021.git.jpoimboe@redhat.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/objtool/orc_dump.c | 44 ++++++++++++++++++++++++----------------
+ 1 file changed, 27 insertions(+), 17 deletions(-)
+
+diff --git a/tools/objtool/orc_dump.c b/tools/objtool/orc_dump.c
+index c3343820916a6..7cbbbdd932f1d 100644
+--- a/tools/objtool/orc_dump.c
++++ b/tools/objtool/orc_dump.c
+@@ -78,7 +78,7 @@ int orc_dump(const char *_objname)
+ char *name;
+ size_t nr_sections;
+ Elf64_Addr orc_ip_addr = 0;
+- size_t shstrtab_idx;
++ size_t shstrtab_idx, strtab_idx = 0;
+ Elf *elf;
+ Elf_Scn *scn;
+ GElf_Shdr sh;
+@@ -139,6 +139,8 @@ int orc_dump(const char *_objname)
+
+ if (!strcmp(name, ".symtab")) {
+ symtab = data;
++ } else if (!strcmp(name, ".strtab")) {
++ strtab_idx = i;
+ } else if (!strcmp(name, ".orc_unwind")) {
+ orc = data->d_buf;
+ orc_size = sh.sh_size;
+@@ -150,7 +152,7 @@ int orc_dump(const char *_objname)
+ }
+ }
+
+- if (!symtab || !orc || !orc_ip)
++ if (!symtab || !strtab_idx || !orc || !orc_ip)
+ return 0;
+
+ if (orc_size % sizeof(*orc) != 0) {
+@@ -171,21 +173,29 @@ int orc_dump(const char *_objname)
+ return -1;
+ }
+
+- scn = elf_getscn(elf, sym.st_shndx);
+- if (!scn) {
+- WARN_ELF("elf_getscn");
+- return -1;
+- }
+-
+- if (!gelf_getshdr(scn, &sh)) {
+- WARN_ELF("gelf_getshdr");
+- return -1;
+- }
+-
+- name = elf_strptr(elf, shstrtab_idx, sh.sh_name);
+- if (!name || !*name) {
+- WARN_ELF("elf_strptr");
+- return -1;
++ if (GELF_ST_TYPE(sym.st_info) == STT_SECTION) {
++ scn = elf_getscn(elf, sym.st_shndx);
++ if (!scn) {
++ WARN_ELF("elf_getscn");
++ return -1;
++ }
++
++ if (!gelf_getshdr(scn, &sh)) {
++ WARN_ELF("gelf_getshdr");
++ return -1;
++ }
++
++ name = elf_strptr(elf, shstrtab_idx, sh.sh_name);
++ if (!name) {
++ WARN_ELF("elf_strptr");
++ return -1;
++ }
++ } else {
++ name = elf_strptr(elf, strtab_idx, sym.st_name);
++ if (!name) {
++ WARN_ELF("elf_strptr");
++ return -1;
++ }
+ }
+
+ printf("%s+%llx:", name, (unsigned long long)rela.r_addend);
+--
+2.20.1
+
--- /dev/null
+From 3cc24c9f756b3c6cf053671d0a108bc8736abe7e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 16 Apr 2020 16:42:46 -0500
+Subject: of: unittest: kmemleak on changeset destroy
+
+From: Frank Rowand <frank.rowand@sony.com>
+
+[ Upstream commit b3fb36ed694b05738d45218ea72cf7feb10ce2b1 ]
+
+kmemleak reports several memory leaks from devicetree unittest.
+This is the fix for problem 1 of 5.
+
+of_unittest_changeset() reaches deeply into the dynamic devicetree
+functions. Several nodes were left with an elevated reference
+count and thus were not properly cleaned up. Fix the reference
+counts so that the memory will be freed.
+
+Fixes: 201c910bd689 ("of: Transactional DT support.")
+Reported-by: Erhard F. <erhard_f@mailbox.org>
+Signed-off-by: Frank Rowand <frank.rowand@sony.com>
+Signed-off-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/of/unittest.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
+index 55c98f119df22..e7e6dd07f2150 100644
+--- a/drivers/of/unittest.c
++++ b/drivers/of/unittest.c
+@@ -605,6 +605,10 @@ static void __init of_unittest_changeset(void)
+ unittest(!of_changeset_revert(&chgset), "revert failed\n");
+
+ of_changeset_destroy(&chgset);
++
++ of_node_put(n1);
++ of_node_put(n2);
++ of_node_put(n21);
+ #endif
+ }
+
+--
+2.20.1
+
--- /dev/null
+From 66f05f862358294158d981abe6a9e3344a048119 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 8 Apr 2020 15:26:10 +0200
+Subject: scsi: target: fix PR IN / READ FULL STATUS for FC
+
+From: Bodo Stroesser <bstroesser@ts.fujitsu.com>
+
+[ Upstream commit 8fed04eb79a74cbf471dfaa755900a51b37273ab ]
+
+Creation of the response to READ FULL STATUS fails for FC based
+reservations. Reason is the too high loop limit (< 24) in
+fc_get_pr_transport_id(). The string representation of FC WWPN is 23 chars
+long only ("11:22:33:44:55:66:77:88"). So when i is 23, the loop body is
+executed a last time for the ending '\0' of the string and thus hex2bin()
+reports an error.
+
+Link: https://lore.kernel.org/r/20200408132610.14623-3-bstroesser@ts.fujitsu.com
+Signed-off-by: Bodo Stroesser <bstroesser@ts.fujitsu.com>
+Reviewed-by: Mike Christie <mchristi@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/target/target_core_fabric_lib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/target/target_core_fabric_lib.c b/drivers/target/target_core_fabric_lib.c
+index 95aa47ac4dcd2..f8621fe673767 100644
+--- a/drivers/target/target_core_fabric_lib.c
++++ b/drivers/target/target_core_fabric_lib.c
+@@ -76,7 +76,7 @@ static int fc_get_pr_transport_id(
+ * encoded TransportID.
+ */
+ ptr = &se_nacl->initiatorname[0];
+- for (i = 0; i < 24; ) {
++ for (i = 0; i < 23; ) {
+ if (!strncmp(&ptr[i], ":", 1)) {
+ i++;
+ continue;
+--
+2.20.1
+
arm-dts-bcm283x-disable-dsi0-node.patch
perf-core-fix-parent-pid-tid-in-task-exit-events.patch
mm-shmem-disable-interrupt-when-acquiring-info-lock-in-userfaultfd_copy-path.patch
+bpf-x86-fix-encoding-for-lower-8-bit-registers-in-bp.patch
+x86-hyperv-report-value-of-misc_features.patch
+xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch
+scsi-target-fix-pr-in-read-full-status-for-fc.patch
+objtool-fix-config_ubsan_trap-unreachable-warnings.patch
+objtool-support-clang-non-section-symbols-in-orc-dum.patch
+xen-xenbus-ensure-xenbus_map_ring_valloc-returns-pro.patch
+arm64-delete-the-space-separator-in-__emit_inst.patch
+ext4-use-matching-invalidatepage-in-ext4_writepage.patch
+ext4-increase-wait-time-needed-before-reuse-of-delet.patch
+ext4-convert-bug_on-s-to-warn_on-s-in-mballoc.c.patch
+of-unittest-kmemleak-on-changeset-destroy.patch
+hwmon-jc42-fix-name-to-have-no-illegal-characters.patch
--- /dev/null
+From 6b5f0fa9ed39832ceea89b9cce463ae0a8d6ad0e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 7 Apr 2020 19:27:39 +0200
+Subject: x86: hyperv: report value of misc_features
+
+From: Olaf Hering <olaf@aepfle.de>
+
+[ Upstream commit 97d9f1c43bedd400301d6f1eff54d46e8c636e47 ]
+
+A few kernel features depend on ms_hyperv.misc_features, but unlike its
+siblings ->features and ->hints, the value was never reported during boot.
+
+Signed-off-by: Olaf Hering <olaf@aepfle.de>
+Link: https://lore.kernel.org/r/20200407172739.31371-1-olaf@aepfle.de
+Signed-off-by: Wei Liu <wei.liu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/cpu/mshyperv.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c
+index c0201b11e9e2a..a6b323a3a6304 100644
+--- a/arch/x86/kernel/cpu/mshyperv.c
++++ b/arch/x86/kernel/cpu/mshyperv.c
+@@ -178,8 +178,8 @@ static void __init ms_hyperv_init_platform(void)
+ ms_hyperv.misc_features = cpuid_edx(HYPERV_CPUID_FEATURES);
+ ms_hyperv.hints = cpuid_eax(HYPERV_CPUID_ENLIGHTMENT_INFO);
+
+- pr_info("Hyper-V: features 0x%x, hints 0x%x\n",
+- ms_hyperv.features, ms_hyperv.hints);
++ pr_info("Hyper-V: features 0x%x, hints 0x%x, misc 0x%x\n",
++ ms_hyperv.features, ms_hyperv.hints, ms_hyperv.misc_features);
+
+ ms_hyperv.max_vp_index = cpuid_eax(HVCPUID_IMPLEMENTATION_LIMITS);
+ ms_hyperv.max_lp_index = cpuid_ebx(HVCPUID_IMPLEMENTATION_LIMITS);
+--
+2.20.1
+
--- /dev/null
+From bb3b49a2034547d397defd458b21af75595868a9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 26 Mar 2020 09:03:58 +0100
+Subject: xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant
+ status
+
+From: Juergen Gross <jgross@suse.com>
+
+[ Upstream commit 6b51fd3f65a22e3d1471b18a1d56247e246edd46 ]
+
+xenbus_map_ring_valloc() maps a ring page and returns the status of the
+used grant (0 meaning success).
+
+There are Xen hypervisors which might return the value 1 for the status
+of a failed grant mapping due to a bug. Some callers of
+xenbus_map_ring_valloc() test for errors by testing the returned status
+to be less than zero, resulting in no error detected and crashing later
+due to a not available ring page.
+
+Set the return value of xenbus_map_ring_valloc() to GNTST_general_error
+in case the grant status reported by Xen is greater than zero.
+
+This is part of XSA-316.
+
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Reviewed-by: Wei Liu <wl@xen.org>
+Link: https://lore.kernel.org/r/20200326080358.1018-1-jgross@suse.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/xen/xenbus/xenbus_client.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c
+index a1c17000129ba..e94a61eaeceb0 100644
+--- a/drivers/xen/xenbus/xenbus_client.c
++++ b/drivers/xen/xenbus/xenbus_client.c
+@@ -450,7 +450,14 @@ EXPORT_SYMBOL_GPL(xenbus_free_evtchn);
+ int xenbus_map_ring_valloc(struct xenbus_device *dev, grant_ref_t *gnt_refs,
+ unsigned int nr_grefs, void **vaddr)
+ {
+- return ring_ops->map(dev, gnt_refs, nr_grefs, vaddr);
++ int err;
++
++ err = ring_ops->map(dev, gnt_refs, nr_grefs, vaddr);
++ /* Some hypervisors are buggy and can return 1. */
++ if (err > 0)
++ err = GNTST_general_error;
++
++ return err;
+ }
+ EXPORT_SYMBOL_GPL(xenbus_map_ring_valloc);
+
+--
+2.20.1
+
--- /dev/null
+From 225a82600f15550379bca56873833af10e0a915f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 12 Apr 2020 13:11:11 -0700
+Subject: xfs: fix partially uninitialized structure in
+ xfs_reflink_remap_extent
+
+From: Darrick J. Wong <darrick.wong@oracle.com>
+
+[ Upstream commit c142932c29e533ee892f87b44d8abc5719edceec ]
+
+In the reflink extent remap function, it turns out that uirec (the block
+mapping corresponding only to the part of the passed-in mapping that got
+unmapped) was not fully initialized. Specifically, br_state was not
+being copied from the passed-in struct to the uirec. This could lead to
+unpredictable results such as the reflinked mapping being marked
+unwritten in the destination file.
+
+Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
+Reviewed-by: Brian Foster <bfoster@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/xfs/xfs_reflink.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c
+index 37e603bf15913..db7f9fdd20a30 100644
+--- a/fs/xfs/xfs_reflink.c
++++ b/fs/xfs/xfs_reflink.c
+@@ -1125,6 +1125,7 @@ xfs_reflink_remap_extent(
+ uirec.br_startblock = irec->br_startblock + rlen;
+ uirec.br_startoff = irec->br_startoff + rlen;
+ uirec.br_blockcount = unmap_len - rlen;
++ uirec.br_state = irec->br_state;
+ unmap_len = rlen;
+
+ /* If this isn't a real mapping, we're done. */
+--
+2.20.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
