commit 106fa147d3daa58d2c1ae5f41a29d07036fe7d0a Author: Greg Kroah-Hartman Date: Sun Jun 7 13:17:57 2020 +0200 Linux 4.19.127 commit 3fc8e9a780ad3d51dec12d20c1dd11e7e18dba18 Author: Dinghao Liu Date: Sat May 23 16:08:20 2020 +0800 net: smsc911x: Fix runtime PM imbalance on error [ Upstream commit 539d39ad0c61b35f69565a037d7586deaf6d6166 ] Remove runtime PM usage counter decrement when the increment function has not been called to keep the counter balanced. Signed-off-by: Dinghao Liu Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 4ed49848cfcdab164da603d8eec28a3f3c4bc71c Author: Jonathan McDowell Date: Thu May 21 12:49:34 2020 +0100 net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x [ Upstream commit a96ac8a0045e3cbe3e5af6d1b3c78c6c2065dec5 ] The ipq806x_gmac_probe() function enables the PTP clock but not the appropriate interface clocks. This means that if the bootloader hasn't done so attempting to bring up the interface will fail with an error like: [ 59.028131] ipq806x-gmac-dwmac 37600000.ethernet: Failed to reset the dma [ 59.028196] ipq806x-gmac-dwmac 37600000.ethernet eth1: stmmac_hw_setup: DMA engine initialization failed [ 59.034056] ipq806x-gmac-dwmac 37600000.ethernet eth1: stmmac_open: Hw setup failed This patch, a slightly cleaned up version of one posted by Sergey Sergeev in: https://forum.openwrt.org/t/support-for-mikrotik-rb3011uias-rm/4064/257 correctly enables the clock; we have already configured the source just before this. Tested on a MikroTik RB3011. Signed-off-by: Jonathan McDowell Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 876119e5ff899365b35f7a6949665d9eaaa10fbc Author: Valentin Longchamp Date: Wed May 20 17:53:50 2020 +0200 net/ethernet/freescale: rework quiesce/activate for ucc_geth [ Upstream commit 79dde73cf9bcf1dd317a2667f78b758e9fe139ed ] ugeth_quiesce/activate are used to halt the controller when there is a link change that requires to reconfigure the mac. The previous implementation called netif_device_detach(). This however causes the initial activation of the netdevice to fail precisely because it's detached. For details, see [1]. A possible workaround was the revert of commit net: linkwatch: add check for netdevice being present to linkwatch_do_dev However, the check introduced in the above commit is correct and shall be kept. The netif_device_detach() is thus replaced with netif_tx_stop_all_queues() that prevents any tranmission. This allows to perform mac config change required by the link change, without detaching the corresponding netdevice and thus not preventing its initial activation. [1] https://lists.openwall.net/netdev/2020/01/08/201 Signed-off-by: Valentin Longchamp Acked-by: Matteo Ghidoni Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit fb1c56d1d26a97cc868fc62de26143264f004e03 Author: Chaitanya Kulkarni Date: Wed May 20 16:01:51 2020 -0700 null_blk: return error for invalid zone size [ Upstream commit e274832590211c4b1b1e807ca66fad8b5bb8b328 ] In null_init_zone_dev() check if the zone size is larger than device capacity, return error if needed. This also fixes the following oops :- null_blk: changed the number of conventional zones to 4294967295 BUG: kernel NULL pointer dereference, address: 0000000000000010 PGD 7d76c5067 P4D 7d76c5067 PUD 7d240c067 PMD 0 Oops: 0002 [#1] SMP NOPTI CPU: 4 PID: 5508 Comm: nullbtests.sh Tainted: G OE 5.7.0-rc4lblk-fnext0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-59-gc9ba5276e4 RIP: 0010:null_init_zoned_dev+0x17a/0x27f [null_blk] RSP: 0018:ffffc90007007e00 EFLAGS: 00010246 RAX: 0000000000000020 RBX: ffff8887fb3f3c00 RCX: 0000000000000007 RDX: 0000000000000000 RSI: ffff8887ca09d688 RDI: ffff888810fea510 RBP: 0000000000000010 R08: ffff8887ca09d688 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff8887c26e8000 R13: ffffffffa05e9390 R14: 0000000000000000 R15: 0000000000000001 FS: 00007fcb5256f740(0000) GS:ffff888810e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000081e8fe000 CR4: 00000000003406e0 Call Trace: null_add_dev+0x534/0x71b [null_blk] nullb_device_power_store.cold.41+0x8/0x2e [null_blk] configfs_write_file+0xe6/0x150 vfs_write+0xba/0x1e0 ksys_write+0x5f/0xe0 do_syscall_64+0x60/0x250 entry_SYSCALL_64_after_hwframe+0x49/0xb3 RIP: 0033:0x7fcb51c71840 Signed-off-by: Chaitanya Kulkarni Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin commit 84fc4e58e46c1091e1aaa9eeb5fe8a55f845f6c3 Author: Gerald Schaefer Date: Wed May 6 13:04:07 2020 +0200 s390/mm: fix set_huge_pte_at() for empty ptes [ Upstream commit ac8372f3b4e41015549b331a4f350224661e7fc6 ] On s390, the layout of normal and large ptes (i.e. pmds/puds) differs. Therefore, set_huge_pte_at() does a conversion from a normal pte to the corresponding large pmd/pud. So, when converting an empty pte, this should result in an empty pmd/pud, which would return true for pmd/pud_none(). However, after conversion we also mark the pmd/pud as large, and therefore present. For empty ptes, this will result in an empty pmd/pud that is also marked as large, and pmd/pud_none() would not return true. There is currently no issue with this behaviour, as set_huge_pte_at() does not seem to be called for empty ptes. It would be valid though, so let's fix this by not marking empty ptes as large in set_huge_pte_at(). This was found by testing a patch from from Anshuman Khandual, which is currently discussed on LKML ("mm/debug: Add more arch page table helper tests"). Signed-off-by: Gerald Schaefer Signed-off-by: Vasily Gorbik Signed-off-by: Sasha Levin commit 50a6a3b024505c2894a947d7756b345b9ce252c8 Author: Jan Schmidt Date: Fri May 8 04:06:28 2020 +1000 drm/edid: Add Oculus Rift S to non-desktop list [ Upstream commit 5a3f610877e9d08968ea7237551049581f02b163 ] Add a quirk for the Oculus Rift S OVR0012 display so it shows up as a non-desktop display. Signed-off-by: Jan Schmidt Signed-off-by: Dave Airlie Link: https://patchwork.freedesktop.org/patch/msgid/20200507180628.740936-1-jan@centricular.com Signed-off-by: Sasha Levin commit 7c03db83da3ba70cfdd1f52b4a846382bda3764d Author: Jeremy Kerr Date: Tue May 19 09:05:58 2020 +0800 net: bmac: Fix read of MAC address from ROM [ Upstream commit ef01cee2ee1b369c57a936166483d40942bcc3e3 ] In bmac_get_station_address, We're reading two bytes at a time from ROM, but we do that six times, resulting in 12 bytes of read & writes. This means we will write off the end of the six-byte destination buffer. This change fixes the for-loop to only read/write six bytes. Based on a proposed fix from Finn Thain . Signed-off-by: Jeremy Kerr Reported-by: Stan Johnson Tested-by: Stan Johnson Reported-by: Finn Thain Signed-off-by: David S. Miller Signed-off-by: Sasha Levin commit 9e8429bf62a08f11359526b2e1bc4b47f1c658ff Author: Nathan Chancellor Date: Wed Apr 8 13:53:23 2020 -0700 x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables [ Upstream commit d7110a26e5905ec2fe3fc88bc6a538901accb72b ] When building with Clang + -Wtautological-compare and CONFIG_CPUMASK_OFFSTACK unset: arch/x86/mm/mmio-mod.c:375:6: warning: comparison of array 'downed_cpus' equal to a null pointer is always false [-Wtautological-pointer-compare] if (downed_cpus == NULL && ^~~~~~~~~~~ ~~~~ arch/x86/mm/mmio-mod.c:405:6: warning: comparison of array 'downed_cpus' equal to a null pointer is always false [-Wtautological-pointer-compare] if (downed_cpus == NULL || cpumask_weight(downed_cpus) == 0) ^~~~~~~~~~~ ~~~~ 2 warnings generated. Commit f7e30f01a9e2 ("cpumask: Add helper cpumask_available()") added cpumask_available() to fix warnings of this nature. Use that here so that clang does not warn regardless of CONFIG_CPUMASK_OFFSTACK's value. Reported-by: Sedat Dilek Signed-off-by: Nathan Chancellor Signed-off-by: Borislav Petkov Reviewed-by: Nick Desaulniers Acked-by: Steven Rostedt (VMware) Link: https://github.com/ClangBuiltLinux/linux/issues/982 Link: https://lkml.kernel.org/r/20200408205323.44490-1-natechancellor@gmail.com Signed-off-by: Sasha Levin commit 2133e30fc2651a42a013dc622bbec6456041a7f3 Author: Atsushi Nemoto Date: Fri May 8 22:12:48 2020 +0900 i2c: altera: Fix race between xfer_msg and isr thread [ Upstream commit 5d4c7977499a736f3f80826bdc9744344ad55589 ] Use a mutex to protect access to idev->msg_len, idev->buf, etc. which are modified by both altr_i2c_xfer_msg() and altr_i2c_isr(). This is the minimal fix for easy backporting. A cleanup to remove the spinlock will be added later. Signed-off-by: Atsushi Nemoto Acked-by: Thor Thayer [wsa: updated commit message] Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin commit a0006477c6af2b0b9b59beb6695d469ebb48f9b2 Author: Madhuparna Bhowmik Date: Thu Apr 30 21:32:05 2020 +0530 evm: Fix RCU list related warnings [ Upstream commit 770f60586d2af0590be263f55fd079226313922c ] This patch fixes the following warning and few other instances of traversal of evm_config_xattrnames list: [ 32.848432] ============================= [ 32.848707] WARNING: suspicious RCU usage [ 32.848966] 5.7.0-rc1-00006-ga8d5875ce5f0b #1 Not tainted [ 32.849308] ----------------------------- [ 32.849567] security/integrity/evm/evm_main.c:231 RCU-list traversed in non-reader section!! Since entries are only added to the list and never deleted, use list_for_each_entry_lockless() instead of list_for_each_entry_rcu for traversing the list. Also, add a relevant comment in evm_secfs.c to indicate this fact. Reported-by: kernel test robot Suggested-by: Paul E. McKenney Signed-off-by: Madhuparna Bhowmik Acked-by: Paul E. McKenney (RCU viewpoint) Signed-off-by: Mimi Zohar Signed-off-by: Sasha Levin commit ad722cf7cabd9b08884d41cfbfd300068e5db6bf Author: Vineet Gupta Date: Tue Apr 14 11:41:51 2020 -0700 ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT [ Upstream commit 799587d5731db9dcdafaac4002463aa7d9cd6cf7 ] Elide invalid configuration EZNPS + ARCv2, triggered by a make allyesconfig build. Granted the root cause is in source code (asm/barrier.h) where we check for ARCv2 before PLAT_EZNPS, but it is better to avoid such combinations at onset rather then baking subtle nuances into code. Reported-by: kbuild test robot Signed-off-by: Vineet Gupta Signed-off-by: Sasha Levin commit c9c1ef681a384bb42e2d7395a33d33ed6edd077b Author: Eugeniy Paltsev Date: Thu Apr 2 20:54:28 2020 +0300 ARC: Fix ICCM & DCCM runtime size checks [ Upstream commit 43900edf67d7ef3ac8909854d75b8a1fba2d570c ] As of today the ICCM and DCCM size checks are incorrectly using mismatched units (KiB checked against bytes). The CONFIG_ARC_DCCM_SZ and CONFIG_ARC_ICCM_SZ are in KiB, but the size calculated in runtime and stored in cpu->dccm.sz and cpu->iccm.sz is in bytes. Fix that. Reported-by: Paul Greco Signed-off-by: Eugeniy Paltsev Signed-off-by: Vineet Gupta Signed-off-by: Sasha Levin commit 3825ddf5fd9de2e21d25bdb6886e6b0da5fadd2f Author: Vasily Gorbik Date: Tue Dec 10 13:50:23 2019 +0100 s390/ftrace: save traced function caller [ Upstream commit b4adfe55915d8363e244e42386d69567db1719b9 ] A typical backtrace acquired from ftraced function currently looks like the following (e.g. for "path_openat"): arch_stack_walk+0x15c/0x2d8 stack_trace_save+0x50/0x68 stack_trace_call+0x15a/0x3b8 ftrace_graph_caller+0x0/0x1c 0x3e0007e3c98 <- ftraced function caller (should be do_filp_open+0x7c/0xe8) do_open_execat+0x70/0x1b8 __do_execve_file.isra.0+0x7d8/0x860 __s390x_sys_execve+0x56/0x68 system_call+0xdc/0x2d8 Note random "0x3e0007e3c98" stack value as ftraced function caller. This value causes either imprecise unwinder result or unwinding failure. That "0x3e0007e3c98" comes from r14 of ftraced function stack frame, which it haven't had a chance to initialize since the very first instruction calls ftrace code ("ftrace_caller"). (ftraced function might never save r14 as well). Nevertheless according to s390 ABI any function is called with stack frame allocated for it and r14 contains return address. "ftrace_caller" itself is called with "brasl %r0,ftrace_caller". So, to fix this issue simply always save traced function caller onto ftraced function stack frame. Reported-by: Sven Schnelle Signed-off-by: Vasily Gorbik Signed-off-by: Sasha Levin commit a81a1935d135de42c4fa34b640d787e0774be35b Author: Xinwei Kong Date: Fri Jan 3 10:52:10 2020 +0800 spi: dw: use "smp_mb()" to avoid sending spi data error [ Upstream commit bfda044533b213985bc62bd7ca96f2b984d21b80 ] Because of out-of-order execution about some CPU architecture, In this debug stage we find Completing spi interrupt enable -> prodrucing TXEI interrupt -> running "interrupt_transfer" function will prior to set "dw->rx and dws->rx_end" data, so this patch add memory barrier to enable dw->rx and dw->rx_end to be visible and solve to send SPI data error. eg: it will fix to this following low possibility error in testing environment which using SPI control to connect TPM Modules kernel: tpm tpm0: Operation Timed out kernel: tpm tpm0: tpm_relinquish_locality: : error -1 Signed-off-by: fengsheng Signed-off-by: Xinwei Kong Link: https://lore.kernel.org/r/1578019930-55858-1-git-send-email-kong.kongxinwei@hisilicon.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin commit cfad68d10849c910bfe3885e2a17de3ca4707588 Author: Anju T Sudhakar Date: Wed Nov 27 12:50:35 2019 +0530 powerpc/powernv: Avoid re-registration of imc debugfs directory [ Upstream commit 48e626ac85b43cc589dd1b3b8004f7f85f03544d ] export_imc_mode_and_cmd() function which creates the debugfs interface for imc-mode and imc-command, is invoked when each nest pmu units is registered. When the first nest pmu unit is registered, export_imc_mode_and_cmd() creates 'imc' directory under `/debug/powerpc/`. In the subsequent invocations debugfs_create_dir() function returns, since the directory already exists. The recent commit (debugfs: make error message a bit more verbose), throws a warning if we try to invoke `debugfs_create_dir()` with an already existing directory name. Address this warning by making the debugfs directory registration in the opal_imc_counters_probe() function, i.e invoke export_imc_mode_and_cmd() function from the probe function. Signed-off-by: Anju T Sudhakar Tested-by: Nageswara R Sastry Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20191127072035.4283-1-anju@linux.vnet.ibm.com Signed-off-by: Sasha Levin commit fbfce5c5f9c4341a535d252cef302a3d49bcb3f2 Author: Xiang Chen Date: Tue Nov 12 17:30:56 2019 +0800 scsi: hisi_sas: Check sas_port before using it [ Upstream commit 8c39673d5474b95374df2104dc1f65205c5278b8 ] Need to check the structure sas_port before using it. Link: https://lore.kernel.org/r/1573551059-107873-2-git-send-email-john.garry@huawei.com Signed-off-by: Xiang Chen Signed-off-by: John Garry Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin commit f13a44533df598d5dc8fdb432e81d3e24611b262 Author: Lucas De Marchi Date: Thu Oct 10 18:09:03 2019 -0700 drm/i915: fix port checks for MST support on gen >= 11 [ Upstream commit 10d987fd1b7baceaafa78d805e71427ab735b4e4 ] Both Ice Lake and Elkhart Lake (gen 11) support MST on all external connections except DDI A. Tiger Lake (gen 12) supports on all external connections. Move the check to happen inside intel_dp_mst_encoder_init() and add specific platform checks. v2: Replace != with == checks for ports on gen < 11 (Ville) Signed-off-by: Lucas De Marchi Reviewed-by: Ville Syrjälä Link: https://patchwork.freedesktop.org/patch/msgid/20191015164029.18431-3-lucas.demarchi@intel.com Signed-off-by: Sasha Levin commit ce8fd1a4a9ba42d469b499c4adf8745258328492 Author: Dan Carpenter Date: Wed May 27 21:48:30 2020 +0300 airo: Fix read overflows sending packets commit 11e7a91994c29da96d847f676be023da6a2c1359 upstream. The problem is that we always copy a minimum of ETH_ZLEN (60) bytes from skb->data even when skb->len is less than ETH_ZLEN so it leads to a read overflow. The fix is to pad skb->data to at least ETH_ZLEN bytes. Cc: Reported-by: Hu Jiahui Signed-off-by: Dan Carpenter Reviewed-by: Eric Dumazet Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20200527184830.GA1164846@mwanda Signed-off-by: Greg Kroah-Hartman commit 28d6453add540a3b568760ac271a17b3dcc68916 Author: DENG Qingfang Date: Wed May 13 23:37:17 2020 +0800 net: dsa: mt7530: set CPU port to fallback mode commit 38152ea37d8bdaffa22603e0a5b5b86cfa8714c9 upstream. Currently, setting a bridge's self PVID to other value and deleting the default VID 1 renders untagged ports of that VLAN unable to talk to the CPU port: bridge vlan add dev br0 vid 2 pvid untagged self bridge vlan del dev br0 vid 1 self bridge vlan add dev sw0p0 vid 2 pvid untagged bridge vlan del dev sw0p0 vid 1 # br0 cannot send untagged frames out of sw0p0 anymore That is because the CPU port is set to security mode and its PVID is still 1, and untagged frames are dropped due to VLAN member violation. Set the CPU port to fallback mode so untagged frames can pass through. Fixes: 83163f7dca56 ("net: dsa: mediatek: add VLAN support for MT7530") Signed-off-by: DENG Qingfang Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman commit 01aeb332006e1f1d9cc32ab519c1e843a23172cf Author: Can Guo Date: Thu Dec 5 02:14:33 2019 +0000 scsi: ufs: Release clock if DMA map fails commit 17c7d35f141ef6158076adf3338f115f64fcf760 upstream. In queuecommand path, if DMA map fails, it bails out with clock held. In this case, release the clock to keep its usage paired. [mkp: applied by hand] Link: https://lore.kernel.org/r/0101016ed3d66395-1b7e7fce-b74d-42ca-a88a-4db78b795d3b-000000@us-west-2.amazonses.com Reviewed-by: Bean Huo Signed-off-by: Can Guo Signed-off-by: Martin K. Petersen [EB: resolved cherry-pick conflict caused by newer kernels not having the clear_bit_unlock() line] Signed-off-by: Eric Biggers Signed-off-by: Greg Kroah-Hartman commit 2aabc12bf2d6ba3e0b39a91222e575a791b5282b Author: Jérôme Pouiller Date: Mon May 11 18:19:02 2020 +0200 mmc: fix compilation of user API commit 83fc5dd57f86c3ec7d6d22565a6ff6c948853b64 upstream. The definitions of MMC_IOC_CMD and of MMC_IOC_MULTI_CMD rely on MMC_BLOCK_MAJOR: #define MMC_IOC_CMD _IOWR(MMC_BLOCK_MAJOR, 0, struct mmc_ioc_cmd) #define MMC_IOC_MULTI_CMD _IOWR(MMC_BLOCK_MAJOR, 1, struct mmc_ioc_multi_cmd) However, MMC_BLOCK_MAJOR is defined in linux/major.h and linux/mmc/ioctl.h did not include it. Signed-off-by: Jérôme Pouiller Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20200511161902.191405-1-Jerome.Pouiller@silabs.com Signed-off-by: Ulf Hansson Signed-off-by: Greg Kroah-Hartman commit 8b5dfa53eeb6c8bba5a035d38f6f8b981aebb622 Author: Daniel Axtens Date: Thu Jun 4 16:51:27 2020 -0700 kernel/relay.c: handle alloc_percpu returning NULL in relay_open commit 54e200ab40fc14c863bcc80a51e20b7906608fce upstream. alloc_percpu() may return NULL, which means chan->buf may be set to NULL. In that case, when we do *per_cpu_ptr(chan->buf, ...), we dereference an invalid pointer: BUG: Unable to handle kernel data access at 0x7dae0000 Faulting instruction address: 0xc0000000003f3fec ... NIP relay_open+0x29c/0x600 LR relay_open+0x270/0x600 Call Trace: relay_open+0x264/0x600 (unreliable) __blk_trace_setup+0x254/0x600 blk_trace_setup+0x68/0xa0 sg_ioctl+0x7bc/0x2e80 do_vfs_ioctl+0x13c/0x1300 ksys_ioctl+0x94/0x130 sys_ioctl+0x48/0xb0 system_call+0x5c/0x68 Check if alloc_percpu returns NULL. This was found by syzkaller both on x86 and powerpc, and the reproducer it found on powerpc is capable of hitting the issue as an unprivileged user. Fixes: 017c59c042d0 ("relay: Use per CPU constructs for the relay channel buffer pointers") Reported-by: syzbot+1e925b4b836afe85a1c6@syzkaller-ppc64.appspotmail.com Reported-by: syzbot+587b2421926808309d21@syzkaller-ppc64.appspotmail.com Reported-by: syzbot+58320b7171734bf79d26@syzkaller.appspotmail.com Reported-by: syzbot+d6074fb08bdb2e010520@syzkaller.appspotmail.com Signed-off-by: Daniel Axtens Signed-off-by: Andrew Morton Reviewed-by: Michael Ellerman Reviewed-by: Andrew Donnellan Acked-by: David Rientjes Cc: Akash Goel Cc: Andrew Donnellan Cc: Guenter Roeck Cc: Salvatore Bonaccorso Cc: [4.10+] Link: http://lkml.kernel.org/r/20191219121256.26480-1-dja@axtens.net Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit 5d398ef38bfc37339583ad0bc587f53b01d1d7dd Author: Giuseppe Marco Randazzo Date: Mon Apr 6 00:06:59 2020 +0200 p54usb: add AirVasT USB stick device-id commit 63e49a9fdac1b4e97ac26cb3fe953f210d83bc53 upstream. This patch adds the AirVasT USB wireless devices 124a:4026 to the list of supported devices. It's using the ISL3886 usb firmware. Without this modification, the wiki adapter is not recognized. Cc: Signed-off-by: Giuseppe Marco Randazzo Signed-off-by: Christian Lamparter [formatted, reworded] Signed-off-by: Kalle Valo Link: https://lore.kernel.org/r/20200405220659.45621-1-chunkeey@gmail.com Signed-off-by: Greg Kroah-Hartman commit 51851d365fbe24e935ffa859d87061a09b0f4a8b Author: Julian Sax Date: Tue May 5 17:10:42 2020 +0200 HID: i2c-hid: add Schneider SCL142ALM to descriptor override commit 6507ef10660efdfee93f0f3b9fac24b5e4d83e56 upstream. This device uses the SIPODEV SP1064 touchpad, which does not supply descriptors, so it has to be added to the override list. Cc: stable@vger.kernel.org Signed-off-by: Julian Sax Signed-off-by: Jiri Kosina Signed-off-by: Greg Kroah-Hartman commit 23b1c7bcb791215ce0ba64edbb20837850603571 Author: Scott Shumate Date: Wed May 13 13:39:26 2020 -0500 HID: sony: Fix for broken buttons on DS3 USB dongles commit e72455b898ac678667c5674668186b4670d87d11 upstream. Fix for non-working buttons on knock-off USB dongles for Sony controllers. These USB dongles are used to connect older Sony DA/DS1/DS2 controllers via USB and are common on Amazon, AliExpress, etc. Without the patch, the square, X, and circle buttons do not function. These dongles used to work prior to kernel 4.10 but removing the global DS3 report fixup in commit e19a267b9987 ("HID: sony: DS3 comply to Linux gamepad spec") exposed the problem. Many people reported the problem on the Ubuntu forums and are working around the problem by falling back to the 4.9 hid-sony driver. The problem stems from these dongles incorrectly reporting their button count as 13 instead of 16. This patch fixes up the report descriptor by changing the button report count to 16 and removing 3 padding bits. Cc: stable@vger.kernel.org Fixes: e19a267b9987 ("HID: sony: DS3 comply to Linux gamepad spec") Signed-off-by: Scott Shumate Signed-off-by: Jiri Kosina Signed-off-by: Greg Kroah-Hartman commit 78385480fd6572a83e7541e37658d9a7de6dc9b1 Author: Fan Yang Date: Thu Jun 4 18:22:07 2020 +0800 mm: Fix mremap not considering huge pmd devmap commit 5bfea2d9b17f1034a68147a8b03b9789af5700f9 upstream. The original code in mm/mremap.c checks huge pmd by: if (is_swap_pmd(*old_pmd) || pmd_trans_huge(*old_pmd)) { However, a DAX mapped nvdimm is mapped as huge page (by default) but it is not transparent huge page (_PAGE_PSE | PAGE_DEVMAP). This commit changes the condition to include the case. This addresses CVE-2020-10757. Fixes: 5c7fb56e5e3f ("mm, dax: dax-pmd vs thp-pmd vs hugetlbfs-pmd") Cc: Reported-by: Fan Yang Signed-off-by: Fan Yang Tested-by: Fan Yang Tested-by: Dan Williams Reviewed-by: Dan Williams Acked-by: Kirill A. Shutemov Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman commit ee37d219a186b553ff06d75bc3c6b2c3f11cdf72 Author: Aneesh Kumar K.V Date: Fri Aug 9 13:17:26 2019 +0530 libnvdimm: Fix endian conversion issues  commit 86aa66687442ef45909ff9814b82b4d2bb892294 upstream. nd_label->dpa issue was observed when trying to enable the namespace created with little-endian kernel on a big-endian kernel. That made me run `sparse` on the rest of the code and other changes are the result of that. Fixes: d9b83c756953 ("libnvdimm, btt: rework error clearing") Fixes: 9dedc73a4658 ("libnvdimm/btt: Fix LBA masking during 'free list' population") Reviewed-by: Vishal Verma Signed-off-by: Aneesh Kumar K.V Link: https://lore.kernel.org/r/20190809074726.27815-1-aneesh.kumar@linux.ibm.com Signed-off-by: Dan Williams Cc: Guenter Roeck Signed-off-by: Greg Kroah-Hartman commit 7cbf0e5ceac4fcef5b6a48652733e84c828557c8 Author: Tejun Heo Date: Thu Apr 9 14:55:35 2020 -0400 Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window" [ Upstream commit d8ef4b38cb69d907f9b0e889c44d05fc0f890977 ] This reverts commit 9a9e97b2f1f2 ("cgroup: Add memory barriers to plug cgroup_rstat_updated() race window"). The commit was added in anticipation of memcg rstat conversion which needed synchronous accounting for the event counters (e.g. oom kill count). However, the conversion didn't get merged due to percpu memory overhead concern which couldn't be addressed at the time. Unfortunately, the patch's addition of smp_mb() to cgroup_rstat_updated() meant that every scheduling event now had to go through an additional full barrier and Mel Gorman noticed it as 1% regression in netperf UDP_STREAM test. There's no need to have this barrier in tree now and even if we need synchronous accounting in the future, the right thing to do is separating that out to a separate function so that hot paths which don't care about synchronous behavior don't have to pay the overhead of the full barrier. Let's revert. Signed-off-by: Tejun Heo Reported-by: Mel Gorman Link: http://lkml.kernel.org/r/20200409154413.GK3818@techsingularity.net Cc: v4.18+ Signed-off-by: Sasha Levin