--- /dev/null
+From 1d617c029fd9c960f8ba7a8d1a10699d820bd6b9 Mon Sep 17 00:00:00 2001
+From: Lijo Lazar <lijo.lazar@amd.com>
+Date: Fri, 1 Oct 2021 16:49:07 +0800
+Subject: drm/amdgpu: During s0ix don't wait to signal GFXOFF
+
+From: Lijo Lazar <lijo.lazar@amd.com>
+
+commit 1d617c029fd9c960f8ba7a8d1a10699d820bd6b9 upstream.
+
+In the rare event when GFX IP suspend coincides with a s0ix entry, don't
+schedule a delayed work, instead signal PMFW immediately to allow GFXOFF
+entry. GFXOFF is a prerequisite for s0ix entry. PMFW needs to be
+signaled about GFXOFF status before amd-pmc module passes OS HINT
+to PMFW telling that everything is ready for a safe s0ix entry.
+
+Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1712
+
+Signed-off-by: Lijo Lazar <lijo.lazar@amd.com>
+Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
+Reviewed-by: Mario Limonciello <mario.limonciell@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
+@@ -31,6 +31,8 @@
+ /* delay 0.1 second to enable gfx off feature */
+ #define GFX_OFF_DELAY_ENABLE msecs_to_jiffies(100)
+
++#define GFX_OFF_NO_DELAY 0
++
+ /*
+ * GPU GFX IP block helpers function.
+ */
+@@ -551,6 +553,8 @@ int amdgpu_gfx_enable_kcq(struct amdgpu_
+
+ void amdgpu_gfx_off_ctrl(struct amdgpu_device *adev, bool enable)
+ {
++ unsigned long delay = GFX_OFF_DELAY_ENABLE;
++
+ if (!(adev->pm.pp_feature & PP_GFXOFF_MASK))
+ return;
+
+@@ -566,8 +570,14 @@ void amdgpu_gfx_off_ctrl(struct amdgpu_d
+
+ adev->gfx.gfx_off_req_count--;
+
+- if (adev->gfx.gfx_off_req_count == 0 && !adev->gfx.gfx_off_state)
+- schedule_delayed_work(&adev->gfx.gfx_off_delay_work, GFX_OFF_DELAY_ENABLE);
++ if (adev->gfx.gfx_off_req_count == 0 &&
++ !adev->gfx.gfx_off_state) {
++ /* If going to s2idle, no need to wait */
++ if (adev->in_s0ix)
++ delay = GFX_OFF_NO_DELAY;
++ schedule_delayed_work(&adev->gfx.gfx_off_delay_work,
++ delay);
++ }
+ } else {
+ if (adev->gfx.gfx_off_req_count == 0) {
+ cancel_delayed_work_sync(&adev->gfx.gfx_off_delay_work);
--- /dev/null
+From f732e2e34aa08493fdd762f3daa4e5f16bbf1e45 Mon Sep 17 00:00:00 2001
+From: Ben Skeggs <bskeggs@redhat.com>
+Date: Mon, 6 Sep 2021 10:56:28 +1000
+Subject: drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
+
+From: Ben Skeggs <bskeggs@redhat.com>
+
+commit f732e2e34aa08493fdd762f3daa4e5f16bbf1e45 upstream.
+
+Prevent NVD core channel error code 67 occuring and hanging display,
+managed to reproduce on GA102 while testing suspend/resume scenarios.
+
+Required extension of earlier commit to fix interactions with EFI.
+
+Fixes: e78b1b545c6c ("drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences")
+Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
+Cc: Lyude Paul <lyude@redhat.com>
+Cc: Karol Herbst <kherbst@redhat.com>
+Cc: <stable@vger.kernel.org> # v5.12+
+Reviewed-by: Karol Herbst <kherbst@redhat.com>
+Signed-off-by: Karol Herbst <kherbst@redhat.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20210906005628.11499-2-skeggsb@gmail.com
+Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/nouveau/dispnv50/head.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/nouveau/dispnv50/head.c
++++ b/drivers/gpu/drm/nouveau/dispnv50/head.c
+@@ -51,6 +51,7 @@ nv50_head_flush_clr(struct nv50_head *he
+ void
+ nv50_head_flush_set_wndw(struct nv50_head *head, struct nv50_head_atom *asyh)
+ {
++ if (asyh->set.curs ) head->func->curs_set(head, asyh);
+ if (asyh->set.olut ) {
+ asyh->olut.offset = nv50_lut_load(&head->olut,
+ asyh->olut.buffer,
+@@ -66,7 +67,6 @@ nv50_head_flush_set(struct nv50_head *he
+ if (asyh->set.view ) head->func->view (head, asyh);
+ if (asyh->set.mode ) head->func->mode (head, asyh);
+ if (asyh->set.core ) head->func->core_set(head, asyh);
+- if (asyh->set.curs ) head->func->curs_set(head, asyh);
+ if (asyh->set.base ) head->func->base (head, asyh);
+ if (asyh->set.ovly ) head->func->ovly (head, asyh);
+ if (asyh->set.dither ) head->func->dither (head, asyh);
--- /dev/null
+From 4d1aa9112c8e6995ef2c8a76972c9671332ccfea Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Tue, 21 Sep 2021 16:34:42 +0200
+Subject: Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
+
+From: Ben Hutchings <ben@decadent.org.uk>
+
+commit 4d1aa9112c8e6995ef2c8a76972c9671332ccfea upstream.
+
+This reverts commit cb9c1cfc86926d0e86d19c8e34f6c23458cd3478 for
+USB_LED_TRIG. This config symbol has bool type and enables extra code
+in usb_common itself, not a separate driver. Enabling it should not
+force usb_common to be built-in!
+
+Fixes: cb9c1cfc8692 ("usb: Kconfig: using select for USB_COMMON dependency")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+Link: https://lore.kernel.org/r/20210921143442.340087-1-carnil@debian.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/common/Kconfig | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/drivers/usb/common/Kconfig
++++ b/drivers/usb/common/Kconfig
+@@ -6,8 +6,7 @@ config USB_COMMON
+
+ config USB_LED_TRIG
+ bool "USB LED Triggers"
+- depends on LEDS_CLASS && LEDS_TRIGGERS
+- select USB_COMMON
++ depends on LEDS_CLASS && USB_COMMON && LEDS_TRIGGERS
+ help
+ This option adds LED triggers for USB host and/or gadget activity.
+
partially-revert-usb-kconfig-using-select-for-usb_common-dependency.patch
usb-chipidea-ci_hdrc_imx-also-search-for-phys-phandle.patch
+usb-cdc-acm-fix-racy-tty-buffer-accesses.patch
+usb-cdc-acm-fix-break-reporting.patch
+usb-typec-tcpm-handle-src_startup-state-if-cc-changes.patch
+drm-amdgpu-during-s0ix-don-t-wait-to-signal-gfxoff.patch
+drm-nouveau-kms-tu102-delay-enabling-cursor-until-after-assign_windows.patch
+xen-privcmd-fix-error-handling-in-mmap-resource-processing.patch
--- /dev/null
+From 58fc1daa4d2e9789b9ffc880907c961ea7c062cc Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Wed, 29 Sep 2021 11:09:37 +0200
+Subject: USB: cdc-acm: fix break reporting
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 58fc1daa4d2e9789b9ffc880907c961ea7c062cc upstream.
+
+A recent change that started reporting break events forgot to push the
+event to the line discipline, which meant that a detected break would
+not be reported until further characters had been receive (the port
+could even have been closed and reopened in between).
+
+Fixes: 08dff274edda ("cdc-acm: fix BREAK rx code path adding necessary calls")
+Cc: stable@vger.kernel.org
+Acked-by: Oliver Neukum <oneukum@suse.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Link: https://lore.kernel.org/r/20210929090937.7410-3-johan@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/class/cdc-acm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/usb/class/cdc-acm.c
++++ b/drivers/usb/class/cdc-acm.c
+@@ -340,6 +340,9 @@ static void acm_process_notification(str
+ acm->iocount.overrun++;
+ spin_unlock_irqrestore(&acm->read_lock, flags);
+
++ if (newctrl & ACM_CTRL_BRK)
++ tty_flip_buffer_push(&acm->port);
++
+ if (difference)
+ wake_up_all(&acm->wioctl);
+
--- /dev/null
+From 65a205e6113506e69a503b61d97efec43fc10fd7 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Wed, 29 Sep 2021 11:09:36 +0200
+Subject: USB: cdc-acm: fix racy tty buffer accesses
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 65a205e6113506e69a503b61d97efec43fc10fd7 upstream.
+
+A recent change that started reporting break events to the line
+discipline caused the tty-buffer insertions to no longer be serialised
+by inserting events also from the completion handler for the interrupt
+endpoint.
+
+Completion calls for distinct endpoints are not guaranteed to be
+serialised. For example, in case a host-controller driver uses
+bottom-half completion, the interrupt and bulk-in completion handlers
+can end up running in parallel on two CPUs (high-and low-prio tasklets,
+respectively) thereby breaking the tty layer's single producer
+assumption.
+
+Fix this by holding the read lock also when inserting characters from
+the bulk endpoint.
+
+Fixes: 08dff274edda ("cdc-acm: fix BREAK rx code path adding necessary calls")
+Cc: stable@vger.kernel.org
+Acked-by: Oliver Neukum <oneukum@suse.com>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Link: https://lore.kernel.org/r/20210929090937.7410-2-johan@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/class/cdc-acm.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/usb/class/cdc-acm.c
++++ b/drivers/usb/class/cdc-acm.c
+@@ -475,11 +475,16 @@ static int acm_submit_read_urbs(struct a
+
+ static void acm_process_read_urb(struct acm *acm, struct urb *urb)
+ {
++ unsigned long flags;
++
+ if (!urb->actual_length)
+ return;
+
++ spin_lock_irqsave(&acm->read_lock, flags);
+ tty_insert_flip_string(&acm->port, urb->transfer_buffer,
+ urb->actual_length);
++ spin_unlock_irqrestore(&acm->read_lock, flags);
++
+ tty_flip_buffer_push(&acm->port);
+ }
+
--- /dev/null
+From 8253a34bfae3278baca52fc1209b7c29270486ca Mon Sep 17 00:00:00 2001
+From: Fabio Estevam <festevam@gmail.com>
+Date: Tue, 21 Sep 2021 08:37:54 -0300
+Subject: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle
+
+From: Fabio Estevam <festevam@gmail.com>
+
+commit 8253a34bfae3278baca52fc1209b7c29270486ca upstream.
+
+When passing 'phys' in the devicetree to describe the USB PHY phandle
+(which is the recommended way according to
+Documentation/devicetree/bindings/usb/ci-hdrc-usb2.txt) the
+following NULL pointer dereference is observed on i.MX7 and i.MX8MM:
+
+[ 1.489344] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098
+[ 1.498170] Mem abort info:
+[ 1.500966] ESR = 0x96000044
+[ 1.504030] EC = 0x25: DABT (current EL), IL = 32 bits
+[ 1.509356] SET = 0, FnV = 0
+[ 1.512416] EA = 0, S1PTW = 0
+[ 1.515569] FSC = 0x04: level 0 translation fault
+[ 1.520458] Data abort info:
+[ 1.523349] ISV = 0, ISS = 0x00000044
+[ 1.527196] CM = 0, WnR = 1
+[ 1.530176] [0000000000000098] user address but active_mm is swapper
+[ 1.536544] Internal error: Oops: 96000044 [#1] PREEMPT SMP
+[ 1.542125] Modules linked in:
+[ 1.545190] CPU: 3 PID: 7 Comm: kworker/u8:0 Not tainted 5.14.0-dirty #3
+[ 1.551901] Hardware name: Kontron i.MX8MM N801X S (DT)
+[ 1.557133] Workqueue: events_unbound deferred_probe_work_func
+[ 1.562984] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO BTYPE=--)
+[ 1.568998] pc : imx7d_charger_detection+0x3f0/0x510
+[ 1.573973] lr : imx7d_charger_detection+0x22c/0x510
+
+This happens because the charger functions check for the phy presence
+inside the imx_usbmisc_data structure (data->usb_phy), but the chipidea
+core populates the usb_phy passed via 'phys' inside 'struct ci_hdrc'
+(ci->usb_phy) instead.
+
+This causes the NULL pointer dereference inside imx7d_charger_detection().
+
+Fix it by also searching for 'phys' in case 'fsl,usbphy' is not found.
+
+Tested on a imx7s-warp board.
+
+Fixes: 746f316b753a ("usb: chipidea: introduce imx7d USB charger detection")
+Cc: stable@vger.kernel.org
+Reported-by: Heiko Thiery <heiko.thiery@gmail.com>
+Tested-by: Frieder Schrempf <frieder.schrempf@kontron.de>
+Reviewed-by: Frieder Schrempf <frieder.schrempf@kontron.de>
+Acked-by: Peter Chen <peter.chen@kernel.org>
+Signed-off-by: Fabio Estevam <festevam@gmail.com>
+Link: https://lore.kernel.org/r/20210921113754.767631-1-festevam@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/chipidea/ci_hdrc_imx.c | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+--- a/drivers/usb/chipidea/ci_hdrc_imx.c
++++ b/drivers/usb/chipidea/ci_hdrc_imx.c
+@@ -425,11 +425,16 @@ static int ci_hdrc_imx_probe(struct plat
+ data->phy = devm_usb_get_phy_by_phandle(dev, "fsl,usbphy", 0);
+ if (IS_ERR(data->phy)) {
+ ret = PTR_ERR(data->phy);
+- /* Return -EINVAL if no usbphy is available */
+- if (ret == -ENODEV)
+- data->phy = NULL;
+- else
+- goto err_clk;
++ if (ret == -ENODEV) {
++ data->phy = devm_usb_get_phy_by_phandle(dev, "phys", 0);
++ if (IS_ERR(data->phy)) {
++ ret = PTR_ERR(data->phy);
++ if (ret == -ENODEV)
++ data->phy = NULL;
++ else
++ goto err_clk;
++ }
++ }
+ }
+
+ pdata.usb_phy = data->phy;
--- /dev/null
+From 6d91017a295e9790eec02c4e43f020cdb55f5d98 Mon Sep 17 00:00:00 2001
+From: Xu Yang <xu.yang_2@nxp.com>
+Date: Tue, 28 Sep 2021 19:16:39 +0800
+Subject: usb: typec: tcpm: handle SRC_STARTUP state if cc changes
+
+From: Xu Yang <xu.yang_2@nxp.com>
+
+commit 6d91017a295e9790eec02c4e43f020cdb55f5d98 upstream.
+
+TCPM for DRP should do the same action as SRC_ATTACHED when cc changes in
+SRC_STARTUP state. Otherwise, TCPM will transition to SRC_UNATTACHED state
+which is not satisfied with the Type-C spec.
+
+Per Type-C spec:
+DRP port should move to Unattached.SNK instead of Unattached.SRC if sink
+removed.
+
+Fixes: 4b4e02c83167 ("typec: tcpm: Move out of staging")
+cc: <stable@vger.kernel.org>
+Reviewed-by: Guenter Roeck <linux@roeck-us.net>
+Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
+Signed-off-by: Xu Yang <xu.yang_2@nxp.com>
+Link: https://lore.kernel.org/r/20210928111639.3854174-1-xu.yang_2@nxp.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/typec/tcpm/tcpm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/usb/typec/tcpm/tcpm.c
++++ b/drivers/usb/typec/tcpm/tcpm.c
+@@ -3922,6 +3922,7 @@ static void _tcpm_cc_change(struct tcpm_
+ tcpm_set_state(port, SRC_ATTACH_WAIT, 0);
+ break;
+ case SRC_ATTACHED:
++ case SRC_STARTUP:
+ case SRC_SEND_CAPABILITIES:
+ case SRC_READY:
+ if (tcpm_port_is_disconnected(port) ||
--- /dev/null
+From e11423d6721dd63b23fb41ade5e8d0b448b17780 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Wed, 22 Sep 2021 12:17:48 +0200
+Subject: xen/privcmd: fix error handling in mmap-resource processing
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit e11423d6721dd63b23fb41ade5e8d0b448b17780 upstream.
+
+xen_pfn_t is the same size as int only on 32-bit builds (and not even
+on Arm32). Hence pfns[] can't be used directly to read individual error
+values returned from xen_remap_domain_mfn_array(); every other error
+indicator would be skipped/ignored on 64-bit.
+
+Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+Link: https://lore.kernel.org/r/aa6d6a67-6889-338a-a910-51e889f792d5@suse.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+---
+ drivers/xen/privcmd.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+--- a/drivers/xen/privcmd.c
++++ b/drivers/xen/privcmd.c
+@@ -803,11 +803,12 @@ static long privcmd_ioctl_mmap_resource(
+ unsigned int domid =
+ (xdata.flags & XENMEM_rsrc_acq_caller_owned) ?
+ DOMID_SELF : kdata.dom;
+- int num;
++ int num, *errs = (int *)pfns;
+
++ BUILD_BUG_ON(sizeof(*errs) > sizeof(*pfns));
+ num = xen_remap_domain_mfn_array(vma,
+ kdata.addr & PAGE_MASK,
+- pfns, kdata.num, (int *)pfns,
++ pfns, kdata.num, errs,
+ vma->vm_page_prot,
+ domid,
+ vma->vm_private_data);
+@@ -817,7 +818,7 @@ static long privcmd_ioctl_mmap_resource(
+ unsigned int i;
+
+ for (i = 0; i < num; i++) {
+- rc = pfns[i];
++ rc = errs[i];
+ if (rc < 0)
+ break;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
