--- /dev/null
+From e97c1a16dae3ab976d1d95739b69c1e0f6236642 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 22 Dec 2020 14:34:47 +0800
+Subject: ath10k: fix wmi mgmt tx queue full due to race condition
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Miaoqing Pan <miaoqing@codeaurora.org>
+
+[ Upstream commit b55379e343a3472c35f4a1245906db5158cab453 ]
+
+Failed to transmit wmi management frames:
+
+[84977.840894] ath10k_snoc a000000.wifi: wmi mgmt tx queue is full
+[84977.840913] ath10k_snoc a000000.wifi: failed to transmit packet, dropping: -28
+[84977.840924] ath10k_snoc a000000.wifi: failed to submit frame: -28
+[84977.840932] ath10k_snoc a000000.wifi: failed to transmit frame: -28
+
+This issue is caused by race condition between skb_dequeue and
+__skb_queue_tail. The queue of ‘wmi_mgmt_tx_queue’ is protected by a
+different lock: ar->data_lock vs list->lock, the result is no protection.
+So when ath10k_mgmt_over_wmi_tx_work() and ath10k_mac_tx_wmi_mgmt()
+running concurrently on different CPUs, there appear to be a rare corner
+cases when the queue length is 1,
+
+ CPUx (skb_deuque) CPUy (__skb_queue_tail)
+ next=list
+ prev=list
+ struct sk_buff *skb = skb_peek(list); WRITE_ONCE(newsk->next, next);
+ WRITE_ONCE(list->qlen, list->qlen - 1);WRITE_ONCE(newsk->prev, prev);
+ next = skb->next; WRITE_ONCE(next->prev, newsk);
+ prev = skb->prev; WRITE_ONCE(prev->next, newsk);
+ skb->next = skb->prev = NULL; list->qlen++;
+ WRITE_ONCE(next->prev, prev);
+ WRITE_ONCE(prev->next, next);
+
+If the instruction ‘next = skb->next’ is executed before
+‘WRITE_ONCE(prev->next, newsk)’, newsk will be lost, as CPUx get the
+old ‘next’ pointer, but the length is still added by one. The final
+result is the length of the queue will reach the maximum value but
+the queue is empty.
+
+So remove ar->data_lock, and use 'skb_queue_tail' instead of
+'__skb_queue_tail' to prevent the potential race condition. Also switch
+to use skb_queue_len_lockless, in case we queue a few SKBs simultaneously.
+
+Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.1.c2-00033-QCAHLSWMTPLZ-1
+
+Signed-off-by: Miaoqing Pan <miaoqing@codeaurora.org>
+Reviewed-by: Brian Norris <briannorris@chromium.org>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/1608618887-8857-1-git-send-email-miaoqing@codeaurora.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/ath/ath10k/mac.c | 15 ++++-----------
+ 1 file changed, 4 insertions(+), 11 deletions(-)
+
+diff --git a/drivers/net/wireless/ath/ath10k/mac.c b/drivers/net/wireless/ath/ath10k/mac.c
+index 7fbf2abcfc43..5fad38c3feb1 100644
+--- a/drivers/net/wireless/ath/ath10k/mac.c
++++ b/drivers/net/wireless/ath/ath10k/mac.c
+@@ -3336,23 +3336,16 @@ static bool ath10k_mac_need_offchan_tx_work(struct ath10k *ar)
+ static int ath10k_mac_tx_wmi_mgmt(struct ath10k *ar, struct sk_buff *skb)
+ {
+ struct sk_buff_head *q = &ar->wmi_mgmt_tx_queue;
+- int ret = 0;
+-
+- spin_lock_bh(&ar->data_lock);
+
+- if (skb_queue_len(q) == ATH10K_MAX_NUM_MGMT_PENDING) {
++ if (skb_queue_len_lockless(q) >= ATH10K_MAX_NUM_MGMT_PENDING) {
+ ath10k_warn(ar, "wmi mgmt tx queue is full\n");
+- ret = -ENOSPC;
+- goto unlock;
++ return -ENOSPC;
+ }
+
+- __skb_queue_tail(q, skb);
++ skb_queue_tail(q, skb);
+ ieee80211_queue_work(ar->hw, &ar->wmi_mgmt_tx_work);
+
+-unlock:
+- spin_unlock_bh(&ar->data_lock);
+-
+- return ret;
++ return 0;
+ }
+
+ static void ath10k_mac_tx(struct ath10k *ar, struct sk_buff *skb)
+--
+2.30.1
+
--- /dev/null
+From 2e1550743d876fb0a7ed74d0d38e1a04ab30812b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 2 Feb 2021 15:12:30 +0530
+Subject: Bluetooth: Fix null pointer dereference in
+ amp_read_loc_assoc_final_data
+
+From: Gopal Tiwari <gtiwari@redhat.com>
+
+[ Upstream commit e8bd76ede155fd54d8c41d045dda43cd3174d506 ]
+
+kernel panic trace looks like:
+
+ #5 [ffffb9e08698fc80] do_page_fault at ffffffffb666e0d7
+ #6 [ffffb9e08698fcb0] page_fault at ffffffffb70010fe
+ [exception RIP: amp_read_loc_assoc_final_data+63]
+ RIP: ffffffffc06ab54f RSP: ffffb9e08698fd68 RFLAGS: 00010246
+ RAX: 0000000000000000 RBX: ffff8c8845a5a000 RCX: 0000000000000004
+ RDX: 0000000000000000 RSI: ffff8c8b9153d000 RDI: ffff8c8845a5a000
+ RBP: ffffb9e08698fe40 R8: 00000000000330e0 R9: ffffffffc0675c94
+ R10: ffffb9e08698fe58 R11: 0000000000000001 R12: ffff8c8b9cbf6200
+ R13: 0000000000000000 R14: 0000000000000000 R15: ffff8c8b2026da0b
+ ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
+ #7 [ffffb9e08698fda8] hci_event_packet at ffffffffc0676904 [bluetooth]
+ #8 [ffffb9e08698fe50] hci_rx_work at ffffffffc06629ac [bluetooth]
+ #9 [ffffb9e08698fe98] process_one_work at ffffffffb66f95e7
+
+hcon->amp_mgr seems NULL triggered kernel panic in following line inside
+function amp_read_loc_assoc_final_data
+
+ set_bit(READ_LOC_AMP_ASSOC_FINAL, &mgr->state);
+
+Fixed by checking NULL for mgr.
+
+Signed-off-by: Gopal Tiwari <gtiwari@redhat.com>
+Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/bluetooth/amp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/net/bluetooth/amp.c b/net/bluetooth/amp.c
+index e32f34189007..b01b43ab6f83 100644
+--- a/net/bluetooth/amp.c
++++ b/net/bluetooth/amp.c
+@@ -305,6 +305,9 @@ void amp_read_loc_assoc_final_data(struct hci_dev *hdev,
+ struct hci_request req;
+ int err = 0;
+
++ if (!mgr)
++ return;
++
+ cp.phy_handle = hcon->handle;
+ cp.len_so_far = cpu_to_le16(0);
+ cp.max_len = cpu_to_le16(hdev->amp_assoc_size);
+--
+2.30.1
+
--- /dev/null
+From e8409e8a3bdf5c648adc63227046f00b6a5458b7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 23 Dec 2020 14:35:19 +0100
+Subject: media: uvcvideo: Allow entities with no pads
+
+From: Ricardo Ribalda <ribalda@chromium.org>
+
+[ Upstream commit 7532dad6634031d083df7af606fac655b8d08b5c ]
+
+Avoid an underflow while calculating the number of inputs for entities
+with zero pads.
+
+Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
+Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/media/usb/uvc/uvc_driver.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
+index f353ab569b8e..def22b7fef9c 100644
+--- a/drivers/media/usb/uvc/uvc_driver.c
++++ b/drivers/media/usb/uvc/uvc_driver.c
+@@ -869,7 +869,10 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u8 id,
+ unsigned int i;
+
+ extra_size = roundup(extra_size, sizeof(*entity->pads));
+- num_inputs = (type & UVC_TERM_OUTPUT) ? num_pads : num_pads - 1;
++ if (num_pads)
++ num_inputs = type & UVC_TERM_OUTPUT ? num_pads : num_pads - 1;
++ else
++ num_inputs = 0;
+ size = sizeof(*entity) + extra_size + sizeof(*entity->pads) * num_pads
+ + num_inputs;
+ entity = kzalloc(size, GFP_KERNEL);
+@@ -885,7 +888,7 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u8 id,
+
+ for (i = 0; i < num_inputs; ++i)
+ entity->pads[i].flags = MEDIA_PAD_FL_SINK;
+- if (!UVC_ENTITY_IS_OTERM(entity))
++ if (!UVC_ENTITY_IS_OTERM(entity) && num_pads)
+ entity->pads[num_pads-1].flags = MEDIA_PAD_FL_SOURCE;
+
+ entity->bNrInPins = num_inputs;
+--
+2.30.1
+
--- /dev/null
+From f3a5168bfb0abcc9e9780c49f37f48d9cbcf61eb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 25 Jan 2021 20:42:29 +0800
+Subject: pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
+
+From: Di Zhu <zhudi21@huawei.com>
+
+[ Upstream commit 275b1e88cabb34dbcbe99756b67e9939d34a99b6 ]
+
+pktgen create threads for all online cpus and bond these threads to
+relevant cpu repecivtily. when this thread firstly be woken up, it
+will compare cpu currently running with the cpu specified at the time
+of creation and if the two cpus are not equal, BUG_ON() will take effect
+causing panic on the system.
+Notice that these threads could be migrated to other cpus before start
+running because of the cpu hotplug after these threads have created. so the
+BUG_ON() used here seems unreasonable and we can replace it with WARN_ON()
+to just printf a warning other than panic the system.
+
+Signed-off-by: Di Zhu <zhudi21@huawei.com>
+Link: https://lore.kernel.org/r/20210125124229.19334-1-zhudi21@huawei.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/core/pktgen.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/core/pktgen.c b/net/core/pktgen.c
+index 4ea957c1e7ee..5d0759e2102e 100644
+--- a/net/core/pktgen.c
++++ b/net/core/pktgen.c
+@@ -3519,7 +3519,7 @@ static int pktgen_thread_worker(void *arg)
+ struct pktgen_dev *pkt_dev = NULL;
+ int cpu = t->cpu;
+
+- BUG_ON(smp_processor_id() != cpu);
++ WARN_ON(smp_processor_id() != cpu);
+
+ init_waitqueue_head(&t->queue);
+ complete(&t->start_done);
+--
+2.30.1
+
xfs-fix-assert-failure-in-xfs_setattr_size.patch
net-fix-up-truesize-of-cloned-skb-in-skb_prepare_for_shift.patch
mm-hugetlb.c-fix-unnecessary-address-expansion-of-pmd-sharing.patch
+staging-fwserial-fix-error-handling-in-fwserial_crea.patch
+x86-reboot-add-zotac-zbox-ci327-nano-pci-reboot-quir.patch
+vt-consolemap-do-font-sum-unsigned.patch
+wlcore-fix-command-execute-failure-19-for-wl12xx.patch
+pktgen-fix-misuse-of-bug_on-in-pktgen_thread_worker.patch
+ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch
+x86-build-treat-r_386_plt32-relocation-as-r_386_pc32.patch
+bluetooth-fix-null-pointer-dereference-in-amp_read_l.patch
+staging-most-sound-add-sanity-check-for-function-arg.patch
+media-uvcvideo-allow-entities-with-no-pads.patch
--- /dev/null
+From a154d948a327cfffc3b3b7e668c7b5b9219647f4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 21 Dec 2020 20:24:35 +0800
+Subject: staging: fwserial: Fix error handling in fwserial_create
+
+From: Dinghao Liu <dinghao.liu@zju.edu.cn>
+
+[ Upstream commit f31559af97a0eabd467e4719253675b7dccb8a46 ]
+
+When fw_core_add_address_handler() fails, we need to destroy
+the port by tty_port_destroy(). Also we need to unregister
+the address handler by fw_core_remove_address_handler() on
+failure.
+
+Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
+Link: https://lore.kernel.org/r/20201221122437.10274-1-dinghao.liu@zju.edu.cn
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/staging/fwserial/fwserial.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/staging/fwserial/fwserial.c b/drivers/staging/fwserial/fwserial.c
+index b3ea4bb54e2c..68ed97398faf 100644
+--- a/drivers/staging/fwserial/fwserial.c
++++ b/drivers/staging/fwserial/fwserial.c
+@@ -2255,6 +2255,7 @@ static int fwserial_create(struct fw_unit *unit)
+ err = fw_core_add_address_handler(&port->rx_handler,
+ &fw_high_memory_region);
+ if (err) {
++ tty_port_destroy(&port->port);
+ kfree(port);
+ goto free_ports;
+ }
+@@ -2337,6 +2338,7 @@ unregister_ttys:
+
+ free_ports:
+ for (--i; i >= 0; --i) {
++ fw_core_remove_address_handler(&serial->ports[i]->rx_handler);
+ tty_port_destroy(&serial->ports[i]->port);
+ kfree(serial->ports[i]);
+ }
+--
+2.30.1
+
--- /dev/null
+From c99844e10a74c939fb18579aa76927b7dc81edb3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 2 Feb 2021 17:21:05 +0100
+Subject: staging: most: sound: add sanity check for function argument
+
+From: Christian Gromm <christian.gromm@microchip.com>
+
+[ Upstream commit 45b754ae5b82949dca2b6e74fa680313cefdc813 ]
+
+This patch checks the function parameter 'bytes' before doing the
+subtraction to prevent memory corruption.
+
+Signed-off-by: Christian Gromm <christian.gromm@microchip.com>
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Link: https://lore.kernel.org/r/1612282865-21846-1-git-send-email-christian.gromm@microchip.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/staging/most/aim-sound/sound.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/staging/most/aim-sound/sound.c b/drivers/staging/most/aim-sound/sound.c
+index 9c645801cff4..532ec0f7100e 100644
+--- a/drivers/staging/most/aim-sound/sound.c
++++ b/drivers/staging/most/aim-sound/sound.c
+@@ -92,6 +92,8 @@ static void swap_copy24(u8 *dest, const u8 *source, unsigned int bytes)
+ {
+ unsigned int i = 0;
+
++ if (bytes < 2)
++ return;
+ while (i < bytes - 2) {
+ dest[i] = source[i + 2];
+ dest[i + 1] = source[i + 1];
+--
+2.30.1
+
--- /dev/null
+From 393be6c7cd6d65d9d39b78ca8d67c38b560cef52 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 5 Jan 2021 13:02:34 +0100
+Subject: vt/consolemap: do font sum unsigned
+
+From: Jiri Slaby <jslaby@suse.cz>
+
+[ Upstream commit 9777f8e60e718f7b022a94f2524f967d8def1931 ]
+
+The constant 20 makes the font sum computation signed which can lead to
+sign extensions and signed wraps. It's not much of a problem as we build
+with -fno-strict-overflow. But if we ever decide not to, be ready, so
+switch the constant to unsigned.
+
+Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+Link: https://lore.kernel.org/r/20210105120239.28031-7-jslaby@suse.cz
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/tty/vt/consolemap.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
+index c8c91f0476a2..e8301dcf4c84 100644
+--- a/drivers/tty/vt/consolemap.c
++++ b/drivers/tty/vt/consolemap.c
+@@ -494,7 +494,7 @@ con_insert_unipair(struct uni_pagedir *p, u_short unicode, u_short fontpos)
+
+ p2[unicode & 0x3f] = fontpos;
+
+- p->sum += (fontpos << 20) + unicode;
++ p->sum += (fontpos << 20U) + unicode;
+
+ return 0;
+ }
+--
+2.30.1
+
--- /dev/null
+From f051101766f2cdd3558cbd28fa5d9c160cae230d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 15 Jan 2021 08:56:13 +0200
+Subject: wlcore: Fix command execute failure 19 for wl12xx
+
+From: Tony Lindgren <tony@atomide.com>
+
+[ Upstream commit cb88d01b67383a095e3f7caeb4cdade5a6cf0417 ]
+
+We can currently get a "command execute failure 19" error on beacon loss
+if the signal is weak:
+
+wlcore: Beacon loss detected. roles:0xff
+wlcore: Connection loss work (role_id: 0).
+...
+wlcore: ERROR command execute failure 19
+...
+WARNING: CPU: 0 PID: 1552 at drivers/net/wireless/ti/wlcore/main.c:803
+...
+(wl12xx_queue_recovery_work.part.0 [wlcore])
+(wl12xx_cmd_role_start_sta [wlcore])
+(wl1271_op_bss_info_changed [wlcore])
+(ieee80211_prep_connection [mac80211])
+
+Error 19 is defined as CMD_STATUS_WRONG_NESTING from the wlcore firmware,
+and seems to mean that the firmware no longer wants to see the quirk
+handling for WLCORE_QUIRK_START_STA_FAILS done.
+
+This quirk got added with commit 18eab430700d ("wlcore: workaround
+start_sta problem in wl12xx fw"), and it seems that this already got fixed
+in the firmware long time ago back in 2012 as wl18xx never had this quirk
+in place to start with.
+
+As we no longer even support firmware that early, to me it seems that it's
+safe to just drop WLCORE_QUIRK_START_STA_FAILS to fix the error. Looks
+like earlier firmware got disabled back in 2013 with commit 0e284c074ef9
+("wl12xx: increase minimum singlerole firmware version required").
+
+If it turns out we still need WLCORE_QUIRK_START_STA_FAILS with any
+firmware that the driver works with, we can simply revert this patch and
+add extra checks for firmware version used.
+
+With this fix wlcore reconnects properly after a beacon loss.
+
+Cc: Raz Bouganim <r-bouganim@ti.com>
+Signed-off-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Link: https://lore.kernel.org/r/20210115065613.7731-1-tony@atomide.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/ti/wl12xx/main.c | 3 ---
+ drivers/net/wireless/ti/wlcore/main.c | 15 +--------------
+ drivers/net/wireless/ti/wlcore/wlcore.h | 3 ---
+ 3 files changed, 1 insertion(+), 20 deletions(-)
+
+diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c
+index af0fe2e17151..e4b28d37046a 100644
+--- a/drivers/net/wireless/ti/wl12xx/main.c
++++ b/drivers/net/wireless/ti/wl12xx/main.c
+@@ -647,7 +647,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
+ wl->quirks |= WLCORE_QUIRK_LEGACY_NVS |
+ WLCORE_QUIRK_DUAL_PROBE_TMPL |
+ WLCORE_QUIRK_TKIP_HEADER_SPACE |
+- WLCORE_QUIRK_START_STA_FAILS |
+ WLCORE_QUIRK_AP_ZERO_SESSION_ID;
+ wl->sr_fw_name = WL127X_FW_NAME_SINGLE;
+ wl->mr_fw_name = WL127X_FW_NAME_MULTI;
+@@ -671,7 +670,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
+ wl->quirks |= WLCORE_QUIRK_LEGACY_NVS |
+ WLCORE_QUIRK_DUAL_PROBE_TMPL |
+ WLCORE_QUIRK_TKIP_HEADER_SPACE |
+- WLCORE_QUIRK_START_STA_FAILS |
+ WLCORE_QUIRK_AP_ZERO_SESSION_ID;
+ wl->plt_fw_name = WL127X_PLT_FW_NAME;
+ wl->sr_fw_name = WL127X_FW_NAME_SINGLE;
+@@ -700,7 +698,6 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
+ wl->quirks |= WLCORE_QUIRK_TX_BLOCKSIZE_ALIGN |
+ WLCORE_QUIRK_DUAL_PROBE_TMPL |
+ WLCORE_QUIRK_TKIP_HEADER_SPACE |
+- WLCORE_QUIRK_START_STA_FAILS |
+ WLCORE_QUIRK_AP_ZERO_SESSION_ID;
+
+ wlcore_set_min_fw_ver(wl, WL128X_CHIP_VER,
+diff --git a/drivers/net/wireless/ti/wlcore/main.c b/drivers/net/wireless/ti/wlcore/main.c
+index cc10b72607c6..3f61289ce036 100644
+--- a/drivers/net/wireless/ti/wlcore/main.c
++++ b/drivers/net/wireless/ti/wlcore/main.c
+@@ -2889,21 +2889,8 @@ static int wlcore_join(struct wl1271 *wl, struct wl12xx_vif *wlvif)
+
+ if (is_ibss)
+ ret = wl12xx_cmd_role_start_ibss(wl, wlvif);
+- else {
+- if (wl->quirks & WLCORE_QUIRK_START_STA_FAILS) {
+- /*
+- * TODO: this is an ugly workaround for wl12xx fw
+- * bug - we are not able to tx/rx after the first
+- * start_sta, so make dummy start+stop calls,
+- * and then call start_sta again.
+- * this should be fixed in the fw.
+- */
+- wl12xx_cmd_role_start_sta(wl, wlvif);
+- wl12xx_cmd_role_stop_sta(wl, wlvif);
+- }
+-
++ else
+ ret = wl12xx_cmd_role_start_sta(wl, wlvif);
+- }
+
+ return ret;
+ }
+diff --git a/drivers/net/wireless/ti/wlcore/wlcore.h b/drivers/net/wireless/ti/wlcore/wlcore.h
+index 906be6aa4eb6..a0647d4384d2 100644
+--- a/drivers/net/wireless/ti/wlcore/wlcore.h
++++ b/drivers/net/wireless/ti/wlcore/wlcore.h
+@@ -556,9 +556,6 @@ wlcore_set_min_fw_ver(struct wl1271 *wl, unsigned int chip,
+ /* Each RX/TX transaction requires an end-of-transaction transfer */
+ #define WLCORE_QUIRK_END_OF_TRANSACTION BIT(0)
+
+-/* the first start_role(sta) sometimes doesn't work on wl12xx */
+-#define WLCORE_QUIRK_START_STA_FAILS BIT(1)
+-
+ /* wl127x and SPI don't support SDIO block size alignment */
+ #define WLCORE_QUIRK_TX_BLOCKSIZE_ALIGN BIT(2)
+
+--
+2.30.1
+
--- /dev/null
+From f4eb35a321448899fc0b5c3b3e9c6ddab0478389 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 Jan 2021 12:56:00 -0800
+Subject: x86/build: Treat R_386_PLT32 relocation as R_386_PC32
+
+From: Fangrui Song <maskray@google.com>
+
+[ Upstream commit bb73d07148c405c293e576b40af37737faf23a6a ]
+
+This is similar to commit
+
+ b21ebf2fb4cd ("x86: Treat R_X86_64_PLT32 as R_X86_64_PC32")
+
+but for i386. As far as the kernel is concerned, R_386_PLT32 can be
+treated the same as R_386_PC32.
+
+R_386_PLT32/R_X86_64_PLT32 are PC-relative relocation types which
+can only be used by branches. If the referenced symbol is defined
+externally, a PLT will be used.
+
+R_386_PC32/R_X86_64_PC32 are PC-relative relocation types which can be
+used by address taking operations and branches. If the referenced symbol
+is defined externally, a copy relocation/canonical PLT entry will be
+created in the executable.
+
+On x86-64, there is no PIC vs non-PIC PLT distinction and an
+R_X86_64_PLT32 relocation is produced for both `call/jmp foo` and
+`call/jmp foo@PLT` with newer (2018) GNU as/LLVM integrated assembler.
+This avoids canonical PLT entries (st_shndx=0, st_value!=0).
+
+On i386, there are 2 types of PLTs, PIC and non-PIC. Currently,
+the GCC/GNU as convention is to use R_386_PC32 for non-PIC PLT and
+R_386_PLT32 for PIC PLT. Copy relocations/canonical PLT entries
+are possible ABI issues but GCC/GNU as will likely keep the status
+quo because (1) the ABI is legacy (2) the change will drop a GNU
+ld diagnostic for non-default visibility ifunc in shared objects.
+
+clang-12 -fno-pic (since [1]) can emit R_386_PLT32 for compiler
+generated function declarations, because preventing canonical PLT
+entries is weighed over the rare ifunc diagnostic.
+
+Further info for the more interested:
+
+ https://github.com/ClangBuiltLinux/linux/issues/1210
+ https://sourceware.org/bugzilla/show_bug.cgi?id=27169
+ https://github.com/llvm/llvm-project/commit/a084c0388e2a59b9556f2de0083333232da3f1d6 [1]
+
+ [ bp: Massage commit message. ]
+
+Reported-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Fangrui Song <maskray@google.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
+Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
+Tested-by: Nick Desaulniers <ndesaulniers@google.com>
+Tested-by: Nathan Chancellor <natechancellor@gmail.com>
+Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
+Link: https://lkml.kernel.org/r/20210127205600.1227437-1-maskray@google.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/module.c | 1 +
+ arch/x86/tools/relocs.c | 12 ++++++++----
+ 2 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c
+index 94779f66bf49..6f0d340594ca 100644
+--- a/arch/x86/kernel/module.c
++++ b/arch/x86/kernel/module.c
+@@ -124,6 +124,7 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+ *location += sym->st_value;
+ break;
+ case R_386_PC32:
++ case R_386_PLT32:
+ /* Add the value, subtract its position */
+ *location += sym->st_value - (uint32_t)location;
+ break;
+diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
+index 5b6c8486a0be..d1c3f82c7882 100644
+--- a/arch/x86/tools/relocs.c
++++ b/arch/x86/tools/relocs.c
+@@ -839,9 +839,11 @@ static int do_reloc32(struct section *sec, Elf_Rel *rel, Elf_Sym *sym,
+ case R_386_PC32:
+ case R_386_PC16:
+ case R_386_PC8:
++ case R_386_PLT32:
+ /*
+- * NONE can be ignored and PC relative relocations don't
+- * need to be adjusted.
++ * NONE can be ignored and PC relative relocations don't need
++ * to be adjusted. Because sym must be defined, R_386_PLT32 can
++ * be treated the same way as R_386_PC32.
+ */
+ break;
+
+@@ -882,9 +884,11 @@ static int do_reloc_real(struct section *sec, Elf_Rel *rel, Elf_Sym *sym,
+ case R_386_PC32:
+ case R_386_PC16:
+ case R_386_PC8:
++ case R_386_PLT32:
+ /*
+- * NONE can be ignored and PC relative relocations don't
+- * need to be adjusted.
++ * NONE can be ignored and PC relative relocations don't need
++ * to be adjusted. Because sym must be defined, R_386_PLT32 can
++ * be treated the same way as R_386_PC32.
+ */
+ break;
+
+--
+2.30.1
+
--- /dev/null
+From 7abc05dc957df7dfb39c3bb57b93802be37d2262 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 1 Dec 2020 12:39:57 +0100
+Subject: x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
+
+From: Heiner Kallweit <hkallweit1@gmail.com>
+
+[ Upstream commit 4b2d8ca9208be636b30e924b1cbcb267b0740c93 ]
+
+On this system the M.2 PCIe WiFi card isn't detected after reboot, only
+after cold boot. reboot=pci fixes this behavior. In [0] the same issue
+is described, although on another system and with another Intel WiFi
+card. In case it's relevant, both systems have Celeron CPUs.
+
+Add a PCI reboot quirk on affected systems until a more generic fix is
+available.
+
+[0] https://bugzilla.kernel.org/show_bug.cgi?id=202399
+
+ [ bp: Massage commit message. ]
+
+Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
+Signed-off-by: Borislav Petkov <bp@suse.de>
+Link: https://lkml.kernel.org/r/1524eafd-f89c-cfa4-ed70-0bde9e45eec9@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/reboot.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c
+index cbe14f7c2826..1c2451107e49 100644
+--- a/arch/x86/kernel/reboot.c
++++ b/arch/x86/kernel/reboot.c
+@@ -418,6 +418,15 @@ static struct dmi_system_id __initdata reboot_dmi_table[] = {
+ },
+ },
+
++ { /* PCIe Wifi card isn't detected after reboot otherwise */
++ .callback = set_pci_reboot,
++ .ident = "Zotac ZBOX CI327 nano",
++ .matches = {
++ DMI_MATCH(DMI_SYS_VENDOR, "NA"),
++ DMI_MATCH(DMI_PRODUCT_NAME, "ZBOX-CI327NANO-GS-01"),
++ },
++ },
++
+ /* Sony */
+ { /* Handle problems with rebooting on Sony VGN-Z540N */
+ .callback = set_bios_reboot,
+--
+2.30.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
