1. 23 Feb, 2019 14 commits
  2. 20 Feb, 2019 26 commits
    • Greg Kroah-Hartman's avatar
      Linux 4.4.175 · 332deb1f
      Greg Kroah-Hartman authored
    • Hauke Mehrtens's avatar
      uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define · cb4f43bf
      Hauke Mehrtens authored
      commit da360299 upstream.
      This fixes a compile problem of some user space applications by not
      including linux/libc-compat.h in uapi/if_ether.h.
      linux/libc-compat.h checks which "features" the header files, included
      from the libc, provide to make the Linux kernel uapi header files only
      provide no conflicting structures and enums. If a user application mixes
      kernel headers and libc headers it could happen that linux/libc-compat.h
      gets included too early where not all other libc headers are included
      yet. Then the linux/libc-compat.h would not prevent all the
      redefinitions and we run into compile problems.
      This patch removes the include of linux/libc-compat.h from
      uapi/if_ether.h to fix the recently introduced case, but not all as this
      is more or less impossible.
      It is no problem to do the check directly in the if_ether.h file and not
      in libc-compat.h as this does not need any fancy glibc header detection
      as glibc never provided struct ethhdr and should define
      __UAPI_DEF_ETHHDR by them self when they will provide this.
      The following test program did not compile correctly any more:
      #include <linux/if_ether.h>
      #include <netinet/in.h>
      #include <linux/in.h>
      int main(void)
      	return 0;
      Fixes: 6926e041
       ("uapi/if_ether.h: prevent redefinition of struct ethhdr")
      Reported-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Cc: <stable@vger.kernel.org> # 4.15
      Signed-off-by: default avatarHauke Mehrtens <hauke@hauke-m.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Cc: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Christian Lamparter's avatar
      pinctrl: msm: fix gpio-hog related boot issues · d5800cff
      Christian Lamparter authored
      commit a86caa9ba5d70696ceb35d1d39caa20d8b641387 upstream.
      Sven Eckelmann reported an issue with the current IPQ4019 pinctrl.
      Setting up any gpio-hog in the device-tree for his device would
      "kill the bootup completely":
      | [    0.477838] msm_serial 78af000.serial: could not find pctldev for node /soc/pinctrl@1000000/serial_pinmux, deferring probe
      | [    0.499828] spi_qup 78b5000.spi: could not find pctldev for node /soc/pinctrl@1000000/spi_0_pinmux, deferring probe
      | [    1.298883] requesting hog GPIO enable USB2 power (chip 1000000.pinctrl, offset 58) failed, -517
      | [    1.299609] gpiochip_add_data: GPIOs 0..99 (1000000.pinctrl) failed to register
      | [    1.308589] ipq4019-pinctrl 1000000.pinctrl: Failed register gpiochip
      | [    1.316586] msm_serial 78af000.serial: could not find pctldev for node /soc/pinctrl@1000000/serial_pinmux, deferring probe
      | [    1.322415] spi_qup 78b5000.spi: could not find pctldev for node /soc/pinctrl@1000000/spi_0_pinmux, deferri
      This was also verified on a RT-AC58U (IPQ4018) which would
      no longer boot, if a gpio-hog was specified. (Tried forcing
      the USB LED PIN (GPIO0) to high.).
      The problem is that Pinctrl+GPIO registration is currently
      peformed in the following order in pinctrl-msm.c:
      	1. pinctrl_register()
      	2. gpiochip_add()
      	3. gpiochip_add_pin_range()
      The actual error code -517 == -EPROBE_DEFER is coming from
      pinctrl_get_device_gpio_range(), which is called through:
      pinctrl_get_device_gpio_range() is unable to find any valid
      pin ranges, since nothing has been added to the pinctrldev_list yet.
      so the range can't be found, and the operation fails with -EPROBE_DEFER.
      This patch fixes the issue by adding the "gpio-ranges" property to
      the pinctrl device node of all upstream Qcom SoC. The pin ranges are
      then added by the gpio core.
      In order to remain compatible with older, existing DTs (and ACPI)
      a check for the "gpio-ranges" property has been added to
      msm_gpio_init(). This prevents the driver of adding the same entry
      to the pinctrldev_list twice.
      Reported-by: default avatarSven Eckelmann <sven.eckelmann@openmesh.com>
      Tested-by: Sven Eckelmann <sven.eckelmann@openmesh.com> [ipq4019]
      Reviewed-by: default avatarBjorn Andersson <bjorn.andersson@linaro.org>
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • John Youn's avatar
      usb: dwc2: Remove unnecessary kfree · a4af2252
      John Youn authored
      commit cd4b1e34
      This shouldn't be freed by the HCD as it is owned by the core and
      allocated with devm_kzalloc.
      Signed-off-by: default avatarJohn Youn <johnyoun@synopsys.com>
      Signed-off-by: default avatarFelipe Balbi <felipe.balbi@linux.intel.com>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Eric Dumazet's avatar
      kaweth: use skb_cow_head() to deal with cloned skbs · 49cf68d7
      Eric Dumazet authored
      commit 39fba783
      We can use skb_cow_head() to properly deal with clones,
      especially the ones coming from TCP stack that allow their head being
      modified. This avoids a copy.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: James Hughes <james.hughes@raspberrypi.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Eric Dumazet's avatar
      ch9200: use skb_cow_head() to deal with cloned skbs · 4307a871
      Eric Dumazet authored
      commit 6bc6895b upstream.
      We need to ensure there is enough headroom to push extra header,
      but we also need to check if we are allowed to change headers.
      skb_cow_head() is the proper helper to deal with this.
      Fixes: 4a476bd6
       ("usbnet: New driver for QinHeng CH9200 devices")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: James Hughes <james.hughes@raspberrypi.org>
      Cc: Matthew Garrett <mjg59@srcf.ucam.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • James Hughes's avatar
      smsc95xx: Use skb_cow_head to deal with cloned skbs · f8e3d1b1
      James Hughes authored
      commit e9156cd2
      The driver was failing to check that the SKB wasn't cloned
      before adding checksum data.
      Replace existing handling to extend/copy the header buffer
      with skb_cow_head.
      Signed-off-by: default avatarJames Hughes <james.hughes@raspberrypi.org>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarWoojung Huh <Woojung.Huh@microchip.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Nikos Tsironis's avatar
      dm thin: fix bug where bio that overwrites thin block ignores FUA · 27a70770
      Nikos Tsironis authored
      commit 4ae280b4ee3463fa57bbe6eede26b97daff8a0f1 upstream.
      When provisioning a new data block for a virtual block, either because
      the block was previously unallocated or because we are breaking sharing,
      if the whole block of data is being overwritten the bio that triggered
      the provisioning is issued immediately, skipping copying or zeroing of
      the data block.
      When this bio completes the new mapping is inserted in to the pool's
      metadata by process_prepared_mapping(), where the bio completion is
      signaled to the upper layers.
      This completion is signaled without first committing the metadata.  If
      the bio in question has the REQ_FUA flag set and the system crashes
      right after its completion and before the next metadata commit, then the
      write is lost despite the REQ_FUA flag requiring that I/O completion for
      this request must only be signaled after the data has been committed to
      non-volatile storage.
      Fix this by deferring the completion of overwrite bios, with the REQ_FUA
      flag set, until after the metadata has been committed.
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarNikos Tsironis <ntsironis@arrikto.com>
      Acked-by: default avatarJoe Thornber <ejt@redhat.com>
      Acked-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Borislav Petkov's avatar
      x86/a.out: Clear the dump structure initially · 5079b1d1
      Borislav Petkov authored
      commit 10970e1b4be9c74fce8ab6e3c34a7d718f063f2c upstream.
      dump_thread32() in aout_core_dump() does not clear the user32 structure
      allocated on the stack as the first thing on function entry.
      As a result, the dump.u_comm, dump.u_ar0 and dump.signal which get
      assigned before the clearing, get overwritten.
      Rename that function to fill_dump() to make it clear what it does and
      call it first thing.
      This was caught while staring at a patch by Derek Robson
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Cc: Derek Robson <robsonde@gmail.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Michael Matz <matz@suse.de>
      Cc: x86@kernel.org
      Cc: <stable@vger.kernel.org>
      Link: https://lkml.kernel.org/r/20190202005512.3144-1-robsonde@gmail.com
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Eric W. Biederman's avatar
      signal: Restore the stop PTRACE_EVENT_EXIT · 492647b2
      Eric W. Biederman authored
      commit cf43a757fd49442bc38f76088b70c2299eed2c2f upstream.
      In the middle of do_exit() there is there is a call
      "ptrace_event(PTRACE_EVENT_EXIT, code);" That call places the process
      in TACKED_TRACED aka "(TASK_WAKEKILL | __TASK_TRACED)" and waits for
      for the debugger to release the task or SIGKILL to be delivered.
      Skipping past dequeue_signal when we know a fatal signal has already
      been delivered resulted in SIGKILL remaining pending and
      TIF_SIGPENDING remaining set.  This in turn caused the
      scheduler to not sleep in PTACE_EVENT_EXIT as it figured
      a fatal signal was pending.  This also caused ptrace_freeze_traced
      in ptrace_check_attach to fail because it left a per thread
      SIGKILL pending which is what fatal_signal_pending tests for.
      This difference in signal state caused strace to report
      strace: Exit of unknown pid NNNNN ignored
      Therefore update the signal handling state like dequeue_signal
      would when removing a per thread SIGKILL, by removing SIGKILL
      from the per thread signal mask and clearing TIF_SIGPENDING.
      Acked-by: default avatarOleg Nesterov <oleg@redhat.com>
      Reported-by: default avatarOleg Nesterov <oleg@redhat.com>
      Reported-by: default avatarIvan Delalande <colona@arista.com>
      Cc: stable@vger.kernel.org
      Fixes: 35634ffa1751 ("signal: Always notice exiting tasks")
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Hedi Berriche's avatar
      x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls · 7212e37c
      Hedi Berriche authored
      commit f331e766c4be33f4338574f3c9f7f77e98ab4571 upstream.
      Calls into UV firmware must be protected against concurrency, expose the
      efi_runtime_lock to the UV platform, and use it to serialise UV BIOS
      Signed-off-by: default avatarHedi Berriche <hedi.berriche@hpe.com>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Reviewed-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Reviewed-by: default avatarRuss Anderson <rja@hpe.com>
      Reviewed-by: default avatarDimitri Sivanich <sivanich@hpe.com>
      Reviewed-by: default avatarMike Travis <mike.travis@hpe.com>
      Cc: Andy Shevchenko <andy@infradead.org>
      Cc: Bhupesh Sharma <bhsharma@redhat.com>
      Cc: Darren Hart <dvhart@infradead.org>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: linux-efi <linux-efi@vger.kernel.org>
      Cc: platform-driver-x86@vger.kernel.org
      Cc: stable@vger.kernel.org # v4.9+
      Cc: Steve Wahl <steve.wahl@hpe.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: x86-ml <x86@kernel.org>
      Link: https://lkml.kernel.org/r/20190213193413.25560-5-hedi.berriche@hpe.com
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Andreas Ziegler's avatar
      tracing/uprobes: Fix output for multiple string arguments · 137f4db1
      Andreas Ziegler authored
      commit 0722069a5374b904ec1a67f91249f90e1cfae259 upstream.
      When printing multiple uprobe arguments as strings the output for the
      earlier arguments would also include all later string arguments.
      This is best explained in an example:
      Consider adding a uprobe to a function receiving two strings as
      parameters which is at offset 0xa0 in strlib.so and we want to print
      both parameters when the uprobe is hit (on x86_64):
      $ echo 'p:func /lib/strlib.so:0xa0 +0(%di):string +0(%si):string' > \
      When the function is called as func("foo", "bar") and we hit the probe,
      the trace file shows a line like the following:
        [...] func: (0x7f7e683706a0) arg1="foobar" arg2="bar"
      Note the extra "bar" printed as part of arg1. This behaviour stacks up
      for additional string arguments.
      The strings are stored in a dynamically growing part of the uprobe
      buffer by fetch_store_string() after copying them from userspace via
      strncpy_from_user(). The return value of strncpy_from_user() is then
      directly used as the required size for the string. However, this does
      not take the terminating null byte into account as the documentation
      for strncpy_from_user() cleary states that it "[...] returns the
      length of the string (not including the trailing NUL)" even though the
      null byte will be copied to the destination.
      Therefore, subsequent calls to fetch_store_string() will overwrite
      the terminating null byte of the most recently fetched string with
      the first character of the current string, leading to the
      "accumulation" of strings in earlier arguments in the output.
      Fix this by incrementing the return value of strncpy_from_user() by
      one if we did not hit the maximum buffer size.
      Link: http://lkml.kernel.org/r/20190116141629.5752-1-andreas.ziegler@fau.de
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: stable@vger.kernel.org
      Fixes: 5baaa59e
       ("tracing/probes: Implement 'memory' fetch method for uprobes")
      Acked-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarAndreas Ziegler <andreas.ziegler@fau.de>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Meelis Roos's avatar
      alpha: Fix Eiger NR_IRQS to 128 · 5fc95186
      Meelis Roos authored
      commit bfc913682464f45bc4d6044084e370f9048de9d5 upstream.
      Eiger machine vector definition has nr_irqs 128, and working 2.6.26
      boot shows SCSI getting IRQ-s 64 and 65. Current kernel boot fails
      because Symbios SCSI fails to request IRQ-s and does not find the disks.
      It has been broken at least since 3.18 - the earliest I could test with
      my gcc-5.
      The headers have moved around and possibly another order of defines has
      worked in the past - but since 128 seems to be correct and used, fix
      arch/alpha/include/asm/irq.h to have NR_IRQS=128 for Eiger.
      This fixes 4.19-rc7 boot on my Force Flexor A264 (Eiger subarch).
      Cc: stable@vger.kernel.org # v3.18+
      Signed-off-by: default avatarMeelis Roos <mroos@linux.ee>
      Signed-off-by: default avatarMatt Turner <mattst88@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Sergei Trofimovich's avatar
      alpha: fix page fault handling for r16-r18 targets · 1d8b2030
      Sergei Trofimovich authored
      commit 491af60ffb848b59e82f7c9145833222e0bf27a5 upstream.
      Fix page fault handling code to fixup r16-r18 registers.
      Before the patch code had off-by-two registers bug.
      This bug caused overwriting of ps,pc,gp registers instead
      of fixing intended r16,r17,r18 (see `struct pt_regs`).
      More details:
      Initially Dmitry noticed a kernel bug as a failure
      on strace test suite. Test passes unmapped userspace
      pointer to io_submit:
          #include <err.h>
          #include <unistd.h>
          #include <sys/mman.h>
          #include <asm/unistd.h>
          int main(void)
              unsigned long ctx = 0;
              if (syscall(__NR_io_setup, 1, &ctx))
                  err(1, "io_setup");
              const size_t page_size = sysconf(_SC_PAGESIZE);
              const size_t size = page_size * 2;
              void *ptr = mmap(NULL, size, PROT_READ | PROT_WRITE,
                               MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
              if (MAP_FAILED == ptr)
                  err(1, "mmap(%zu)", size);
              if (munmap(ptr, size))
                  err(1, "munmap");
              syscall(__NR_io_submit, ctx, 1, ptr + page_size);
              syscall(__NR_io_destroy, ctx);
              return 0;
      Running this test causes kernel to crash when handling page fault:
          Unable to handle kernel paging request at virtual address ffffffffffff9468
          CPU 3
          aio(26027): Oops 0
          pc = [<fffffc00004eddf8>]  ra = [<fffffc00004edd5c>]  ps = 0000    Not tainted
          pc is at sys_io_submit+0x108/0x200
          ra is at sys_io_submit+0x6c/0x200
          v0 = fffffc00c58e6300  t0 = fffffffffffffff2  t1 = 000002000025e000
          t2 = fffffc01f159fef8  t3 = fffffc0001009640  t4 = fffffc0000e0f6e0
          t5 = 0000020001002e9e  t6 = 4c41564e49452031  t7 = fffffc01f159c000
          s0 = 0000000000000002  s1 = 000002000025e000  s2 = 0000000000000000
          s3 = 0000000000000000  s4 = 0000000000000000  s5 = fffffffffffffff2
          s6 = fffffc00c58e6300
          a0 = fffffc00c58e6300  a1 = 0000000000000000  a2 = 000002000025e000
          a3 = 00000200001ac260  a4 = 00000200001ac1e8  a5 = 0000000000000001
          t8 = 0000000000000008  t9 = 000000011f8bce30  t10= 00000200001ac440
          t11= 0000000000000000  pv = fffffc00006fd320  at = 0000000000000000
          gp = 0000000000000000  sp = 00000000265fd174
          Disabling lock debugging due to kernel taint
          [<fffffc0000311404>] entSys+0xa4/0xc0
      Here `gp` has invalid value. `gp is s overwritten by a fixup for the
      following page fault handler in `io_submit` syscall handler:
              ldq     a1,0(t1)
              bne     t0,4280 <__se_sys_io_submit+0x180>
      After a page fault `t0` should contain -EFALUT and `a1` is 0.
      Instead `gp` was overwritten in place of `a1`.
      This happens due to a off-by-two bug in `dpf_reg()` for `r16-r18`
      (aka `a0-a2`).
      I think the bug went unnoticed for a long time as `gp` is one
      of scratch registers. Any kernel function call would re-calculate `gp`.
      Dmitry tracked down the bug origin back to 2.1.32 kernel version
      where trap_a{0,1,2} fields were inserted into struct pt_regs.
      And even before that `dpf_reg()` contained off-by-one error.
      Cc: Richard Henderson <rth@twiddle.net>
      Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
      Cc: linux-alpha@vger.kernel.org
      Cc: linux-kernel@vger.kernel.org
      Reported-and-reviewed-by: default avatar"Dmitry V. Levin" <ldv@altlinux.org>
      Cc: stable@vger.kernel.org # v2.1.32+
      Bug: https://bugs.gentoo.org/672040
      Signed-off-by: default avatarSergei Trofimovich <slyfox@gentoo.org>
      Signed-off-by: default avatarMatt Turner <mattst88@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Matti Kurkela's avatar
      Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 · fd08513b
      Matti Kurkela authored
      commit e8b22d0a329f0fb5c7ef95406872d268f01ee3b1 upstream.
      Like Fujitsu CELSIUS H760, the H780 also has a three-button Elantech
      touchpad, but the driver needs to be told so to enable the middle touchpad
      The elantech_dmi_force_crc_enabled quirk was not necessary with the H780.
      Also document the fw_version and caps values detected for both H760 and
      H780 models.
      Signed-off-by: default avatarMatti Kurkela <Matti.Kurkela@iki.fi>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Jonathan Bakker's avatar
      Input: bma150 - register input device after setting private data · 6d6d6255
      Jonathan Bakker authored
      commit 90cc55f067f6ca0e64e5e52883ece47d8af7b67b upstream.
      Otherwise we introduce a race condition where userspace can request input
      before we're ready leading to null pointer dereference such as
      input: bma150 as /devices/platform/i2c-gpio-2/i2c-5/5-0038/input/input3
      Unable to handle kernel NULL pointer dereference at virtual address 00000018
      pgd = (ptrval)
      [00000018] *pgd=55dac831, *pte=00000000, *ppte=00000000
      Internal error: Oops: 17 [#1] PREEMPT ARM
      Modules linked in: bma150 input_polldev [last unloaded: bma150]
      CPU: 0 PID: 2870 Comm: accelerometer Not tainted 5.0.0-rc3-dirty #46
      Hardware name: Samsung S5PC110/S5PV210-based board
      PC is at input_event+0x8/0x60
      LR is at bma150_report_xyz+0x9c/0xe0 [bma150]
      pc : [<80450f70>]    lr : [<7f0a614c>]    psr: 800d0013
      sp : a4c1fd78  ip : 00000081  fp : 00020000
      r10: 00000000  r9 : a5e2944c  r8 : a7455000
      r7 : 00000016  r6 : 00000101  r5 : a7617940  r4 : 80909048
      r3 : fffffff2  r2 : 00000000  r1 : 00000003  r0 : 00000000
      Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      Control: 10c5387d  Table: 54e34019  DAC: 00000051
      Process accelerometer (pid: 2870, stack limit = 0x(ptrval))
      Stackck: (0xa4c1fd78 to 0xa4c20000)
      fd60:                                                       fffffff3 fc813f6c
      fd80: 40410581 d7530ce3 a5e2817c a7617f00 a5e29404 a5e2817c 00000000 7f008324
      fda0: a5e28000 8044f59c a5fdd9d0 a5e2945c a46a4a00 a5e29668 a7455000 80454f10
      fdc0: 80909048 a5e29668 a5fdd9d0 a46a4a00 806316d0 00000000 a46a4a00 801df5f0
      fde0: 00000000 d7530ce3 a4c1fec0 a46a4a00 00000000 a5fdd9d0 a46a4a08 801df53c
      fe00: 00000000 801d74bc a4c1fec0 00000000 a4c1ff70 00000000 a7038da8 00000000
      fe20: a46a4a00 801e91fc a411bbe0 801f2e88 00000004 00000000 80909048 00000041
      fe40: 00000000 00020000 00000000 dead4ead a6a88da0 00000000 ffffe000 806fcae8
      fe60: a4c1fec8 00000000 80909048 00000002 a5fdd9d0 a7660110 a411bab0 00000001
      fe80: dead4ead ffffffff ffffffff a4c1fe8c a4c1fe8c d7530ce3 20000013 80909048
      fea0: 80909048 a4c1ff70 00000001 fffff000 a4c1e000 00000005 00026038 801eabd8
      fec0: a7660110 a411bab0 b9394901 00000006 a696201b 76fb3000 00000000 a7039720
      fee0: a5fdd9d0 00000101 00000002 00000096 00000000 00000000 00000000 a4c1ff00
      ff00: a6b310f4 805cb174 a6b310f4 00000010 00000fe0 00000010 a4c1e000 d7530ce3
      ff20: 00000003 a5f41400 a5f41424 00000000 a6962000 00000000 00000003 00000002
      ff40: ffffff9c 000a0000 80909048 d7530ce3 a6962000 00000003 80909048 ffffff9c
      ff60: a6962000 801d890c 00000000 00000000 00020000 a7590000 00000004 00000100
      ff80: 00000001 d7530ce3 000288b8 00026320 000288b8 00000005 80101204 a4c1e000
      ffa0: 00000005 80101000 000288b8 00026320 000288b8 000a0000 00000000 00000000
      ffc0: 000288b8 00026320 000288b8 00000005 7eef3bac 000264e8 00028ad8 00026038
      ffe0: 00000005 7eef3300 76f76e91 76f78546 800d0030 000288b8 00000000 00000000
      [<80450f70>] (input_event) from [<a5e2817c>] (0xa5e2817c)
      Code: e1a08148 eaffffa8 e351001f 812fff1e (e590c018)
      ---[ end trace 1c691ee85f2ff243 ]---
      Signed-off-by: default avatarJonathan Bakker <xc-racer2@live.ca>
      Signed-off-by: default avatarPaweł Chmiel <pawel.mikolaj.chmiel@gmail.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Manuel Reinhardt's avatar
      ALSA: usb-audio: Fix implicit fb endpoint setup by quirk · 05268b5c
      Manuel Reinhardt authored
      commit 2bc16b9f3223d049b57202ee702fcb5b9b507019 upstream.
      The commit a60945fd ("ALSA: usb-audio: move implicit fb quirks to
      separate function") introduced an error in the handling of quirks for
      implicit feedback endpoints. This commit fixes this.
      If a quirk successfully sets up an implicit feedback endpoint, usb-audio
      no longer tries to find the implicit fb endpoint itself.
      Fixes: a60945fd
       ("ALSA: usb-audio: move implicit fb quirks to separate function")
      Signed-off-by: default avatarManuel Reinhardt <manuel.rhdt@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Jurica Vukadin's avatar
      ALSA: hda - Add quirk for HP EliteBook 840 G5 · 422e1adf
      Jurica Vukadin authored
      commit 4cd3016ce996494f78fdfd87ea35c8ca5d0b413e upstream.
      This enables mute LED support and fixes switching jacks when the laptop
      is docked.
      Signed-off-by: default avatarJurica Vukadin <jurica.vukadin@rt-rk.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Ingo Molnar's avatar
      perf/core: Fix impossible ring-buffer sizes warning · 222b22e1
      Ingo Molnar authored
      commit 528871b456026e6127d95b1b2bd8e3a003dc1614 upstream.
      The following commit:
        9dff0aa95a32 ("perf/core: Don't WARN() for impossible ring-buffer sizes")
      results in perf recording failures with larger mmap areas:
        root@skl:/tmp# perf record -g -a
        failed to mmap with 12 (Cannot allocate memory)
      The root cause is that the following condition is buggy:
      	if (order_base_2(size) >= MAX_ORDER)
      		goto fail;
      The problem is that @size is in bytes and MAX_ORDER is in pages,
      so the right test is:
      	if (order_base_2(size) >= PAGE_SHIFT+MAX_ORDER)
      		goto fail;
      Fix it.
      Reported-by: default avatar"Jin, Yao" <yao.jin@linux.intel.com>
      Bisected-by: default avatarBorislav Petkov <bp@alien8.de>
      Analyzed-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Cc: Julien Thierry <julien.thierry@arm.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: <stable@vger.kernel.org>
      Fixes: 9dff0aa95a32 ("perf/core: Don't WARN() for impossible ring-buffer sizes")
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Mauro Ciancio's avatar
      Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK · b7febf3b
      Mauro Ciancio authored
      commit 7ad222b3aed350adfc27ee7eec4587ffe55dfdce upstream.
      This adds ELAN0617 to the ACPI table to support Elan touchpad found in
      Lenovo V330-15ISK.
      Signed-off-by: default avatarMauro Ciancio <mauro@acadeu.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Dmitry Torokhov's avatar
      Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" · d347a894
      Dmitry Torokhov authored
      commit f420c54e4b12c1361c6ed313002ee7bd7ac58362 upstream.
      This reverts commit 7db54c89f0b30a101584e09d3729144e6170059d as it
      breaks Acer Aspire V-371 and other devices. According to Elan:
      "Acer Aspire F5-573G is MS Precision touchpad which should use hid
       multitouch driver. ELAN0501 should not be added in elan_i2c."
      Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202503
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    • Mark Rustad's avatar
      Documentation/network: reword kernel version reference · 29c84aa9
      Mark Rustad authored
      It seemed odd to say "since 4.17" in a 4.4 kernel. Consider
      rewording the reference to indicate where in the stable series
      it was introduced as well as where it originated.
      Signed-off-by: default avatarMark Rustad <mrustad@gmail.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    • Ross Lagerwall's avatar
      cifs: Limit memory used by lock request calls to a page · 1f39e518
      Ross Lagerwall authored
      [ Upstream commit 92a8109e4d3a34fb6b115c9098b51767dc933444 ]
      The code tries to allocate a contiguous buffer with a size supplied by
      the server (maxBuf). This could fail if memory is fragmented since it
      results in high order allocations for commonly used server
      implementations. It is also wasteful since there are probably
      few locks in the usual case. Limit the buffer to be no larger than a
      page to avoid memory allocation failures due to fragmentation.
      Signed-off-by: default avatarRoss Lagerwall <ross.lagerwall@citrix.com>
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    • Nicholas Mc Guire's avatar
      gpio: pl061: handle failed allocations · 83476701
      Nicholas Mc Guire authored
      [ Upstream commit df209c43a0e8258e096fb722dfbdae4f0dd13fde ]
      devm_kzalloc(), devm_kstrdup() and devm_kasprintf() all can
      fail internal allocation and return NULL. Using any of the assigned
      objects without checking is not safe. As this is early in the boot
      phase and these allocations really should not fail, any failure here
      is probably an indication of a more serious issue so it makes little
      sense to try and rollback the previous allocated resources or try to
      continue;  but rather the probe function is simply exited with -ENOMEM.
      Signed-off-by: default avatarNicholas Mc Guire <hofrat@osadl.org>
      Fixes: 684284b6
       ("ARM: integrator: add MMCI device to IM-PD1")
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    • Linus Walleij's avatar
      ARM: dts: kirkwood: Fix polarity of GPIO fan lines · 32f04710
      Linus Walleij authored
      [ Upstream commit b5f034845e70916fd33e172fad5ad530a29c10ab ]
      These two lines are active high, not active low. The bug was
      found when we changed the kernel to respect the polarity defined
      in the device tree.
      Fixes: 1b90e06b
       ("ARM: kirkwood: Use devicetree to define DNS-32[05] fan")
      Cc: Jamie Lentin <jm@lentin.co.uk>
      Cc: Guenter Roeck <linux@roeck-us.net>
      Cc: Jason Cooper <jason@lakedaemon.net>
      Cc: Andrew Lunn <andrew@lunn.ch>
      Cc: Gregory Clement <gregory.clement@bootlin.com>
      Cc: Sebastian Hesselbarth <sebastian.hesselbarth@gmail.com>
      Cc: Julien D'Ascenzio <jdascenzio@posteo.net>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Tested-by: default avatarJamie Lentin <jm@lentin.co.uk>
      Reported-by: default avatarJulien D'Ascenzio <jdascenzio@posteo.net>
      Tested-by: default avatarJulien D'Ascenzio <jdascenzio@posteo.net>
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Signed-off-by: default avatarGregory CLEMENT <gregory.clement@bootlin.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    • Peter Ujfalusi's avatar
      ARM: dts: da850-evm: Correct the sound card name · 20ad5046
      Peter Ujfalusi authored
      [ Upstream commit 7fca69d4e43fa1ae9cb4f652772c132dc5a659c6 ]
      To avoid  the following error:
      asoc-simple-card sound: ASoC: Failed to create card debugfs directory
      Which is because the card name contains '/' character, which can not be
      used in file or directory names.
      Signed-off-by: default avatarPeter Ujfalusi <peter.ujfalusi@ti.com>
      Signed-off-by: default avatarSekhar Nori <nsekhar@ti.com>
      Signed-off-by: default avatarSasha Levin <sashal@kernel.org>