--- /dev/null
+From 9debfb81e7654fe7388a49f45bc4d789b94c1103 Mon Sep 17 00:00:00 2001
+From: Nick Desaulniers <ndesaulniers@google.com>
+Date: Sat, 7 Nov 2020 00:49:39 -0800
+Subject: ACPI: GED: fix -Wformat
+
+From: Nick Desaulniers <ndesaulniers@google.com>
+
+commit 9debfb81e7654fe7388a49f45bc4d789b94c1103 upstream.
+
+Clang is more aggressive about -Wformat warnings when the format flag
+specifies a type smaller than the parameter. It turns out that gsi is an
+int. Fixes:
+
+drivers/acpi/evged.c:105:48: warning: format specifies type 'unsigned
+char' but the argument has type 'unsigned int' [-Wformat]
+trigger == ACPI_EDGE_SENSITIVE ? 'E' : 'L', gsi);
+ ^~~
+
+Link: https://github.com/ClangBuiltLinux/linux/issues/378
+Fixes: ea6f3af4c5e6 ("ACPI: GED: add support for _Exx / _Lxx handler methods")
+Acked-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/acpi/evged.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/acpi/evged.c
++++ b/drivers/acpi/evged.c
+@@ -104,7 +104,7 @@ static acpi_status acpi_ged_request_inte
+
+ switch (gsi) {
+ case 0 ... 255:
+- sprintf(ev_name, "_%c%02hhX",
++ sprintf(ev_name, "_%c%02X",
+ trigger == ACPI_EDGE_SENSITIVE ? 'E' : 'L', gsi);
+
+ if (ACPI_SUCCESS(acpi_get_handle(handle, ev_name, &evt_handle)))
--- /dev/null
+From 51b958e5aeb1e18c00332e0b37c5d4e95a3eff84 Mon Sep 17 00:00:00 2001
+From: David Edmondson <david.edmondson@oracle.com>
+Date: Tue, 3 Nov 2020 12:04:00 +0000
+Subject: KVM: x86: clflushopt should be treated as a no-op by emulation
+
+From: David Edmondson <david.edmondson@oracle.com>
+
+commit 51b958e5aeb1e18c00332e0b37c5d4e95a3eff84 upstream.
+
+The instruction emulator ignores clflush instructions, yet fails to
+support clflushopt. Treat both similarly.
+
+Fixes: 13e457e0eebf ("KVM: x86: Emulator does not decode clflush well")
+Signed-off-by: David Edmondson <david.edmondson@oracle.com>
+Message-Id: <20201103120400.240882-1-david.edmondson@oracle.com>
+Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kvm/emulate.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/emulate.c
++++ b/arch/x86/kvm/emulate.c
+@@ -3934,6 +3934,12 @@ static int em_clflush(struct x86_emulate
+ return X86EMUL_CONTINUE;
+ }
+
++static int em_clflushopt(struct x86_emulate_ctxt *ctxt)
++{
++ /* emulating clflushopt regardless of cpuid */
++ return X86EMUL_CONTINUE;
++}
++
+ static int em_movsxd(struct x86_emulate_ctxt *ctxt)
+ {
+ ctxt->dst.val = (s32) ctxt->src.val;
+@@ -4423,7 +4429,7 @@ static const struct opcode group11[] = {
+ };
+
+ static const struct gprefix pfx_0f_ae_7 = {
+- I(SrcMem | ByteOp, em_clflush), N, N, N,
++ I(SrcMem | ByteOp, em_clflush), I(SrcMem | ByteOp, em_clflushopt), N, N,
+ };
+
+ static const struct group_dual group15 = { {
--- /dev/null
+From dcd479e10a0510522a5d88b29b8f79ea3467d501 Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 9 Oct 2020 14:17:11 +0200
+Subject: mac80211: always wind down STA state
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit dcd479e10a0510522a5d88b29b8f79ea3467d501 upstream.
+
+When (for example) an IBSS station is pre-moved to AUTHORIZED
+before it's inserted, and then the insertion fails, we don't
+clean up the fast RX/TX states that might already have been
+created, since we don't go through all the state transitions
+again on the way down.
+
+Do that, if it hasn't been done already, when the station is
+freed. I considered only freeing the fast TX/RX state there,
+but we might add more state so it's more robust to wind down
+the state properly.
+
+Note that we warn if the station was ever inserted, it should
+have been properly cleaned up in that case, and the driver
+will probably not like things happening out of order.
+
+Reported-by: syzbot+2e293dbd67de2836ba42@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/r/20201009141710.7223b322a955.I95bd08b9ad0e039c034927cce0b75beea38e059b@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/mac80211/sta_info.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+--- a/net/mac80211/sta_info.c
++++ b/net/mac80211/sta_info.c
+@@ -243,6 +243,24 @@ struct sta_info *sta_info_get_by_idx(str
+ */
+ void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
+ {
++ /*
++ * If we had used sta_info_pre_move_state() then we might not
++ * have gone through the state transitions down again, so do
++ * it here now (and warn if it's inserted).
++ *
++ * This will clear state such as fast TX/RX that may have been
++ * allocated during state transitions.
++ */
++ while (sta->sta_state > IEEE80211_STA_NONE) {
++ int ret;
++
++ WARN_ON_ONCE(test_sta_flag(sta, WLAN_STA_INSERTED));
++
++ ret = sta_info_move_state(sta, sta->sta_state - 1);
++ if (WARN_ONCE(ret, "sta_info_move_state() returned %d\n", ret))
++ break;
++ }
++
+ if (sta->rate_ctrl)
+ rate_control_free_sta(sta);
+
i2c-mux-pca954x-add-missing-pca9546-definition-to-chip_desc.patch
powerpc-8xx-always-fault-when-_page_accessed-is-not-set.patch
input-sunkbd-avoid-use-after-free-in-teardown-paths.patch
+mac80211-always-wind-down-sta-state.patch
+kvm-x86-clflushopt-should-be-treated-as-a-no-op-by-emulation.patch
+acpi-ged-fix-wformat.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
