saa7134: fix warm Medion 7134 EEPROM read

commit 5a91206ff0d0548939f3e85a65fb76b400fb0e89 upstream.

When saa7134 module driving a Medion 7134 card is reloaded reads of this
card EEPROM (required for automatic detection of tuner model) will be
corrupted due to I2C gate in DVB-T demod being left closed.
This sometimes also happens on first saa7134 module load after a warm
reboot.

Fix this by opening this I2C gate before doing EEPROM read during i2c
initialization.

Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Cc: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

x86/mm/pat: Don't report PAT on CPUs that don't support it

commit 99c13b8c8896d7bcb92753bf0c63a8de4326e78d upstream.

The pat_enabled() logic is broken on CPUs which do not support PAT and
where the initialization code fails to call pat_init(). Due to that the
enabled flag stays true and pat_enabled() returns true wrongfully.

As a consequence the mappings, e.g. for Xorg, are set up with the wrong
caching mode and the required MTRR setups are omitted.

To cure this the following changes are required:

  1) Make pat_enabled() return true only if PAT initialization was
     invoked and successful.

  2) Invoke init_cache_modes() unconditionally in setup_arch() and
     remove the extra callsites in pat_disable() and the pat disabled
     code path in pat_init().

Also rename __pat_enabled to pat_disabled to reflect the real purpose of
this variable.

Fixes: 9cd25aac1f44 ("x86/mm/pat: Emulate PAT when it is disabled")
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Bernhard Held <berny156@gmx.de>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: "Luis R. Rodriguez" <mcgrof@suse.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/alpine.LRH.2.02.1707041749300.3456@file01.intranet.prod.int.rdu2.redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

ext4: check return value of kstrtoull correctly in reserved_clusters_store

commit 1ea1516fbbab2b30bf98c534ecaacba579a35208 upstream.

kstrtoull returns 0 on success, however, in reserved_clusters_store we
will return -EINVAL if kstrtoull returns 0, it makes us fail to update
reserved_clusters value through sysfs.

Fixes: 76d33bca5581b1dd5c3157fa168db849a784ada4
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Miao Xie <miaoxie@huawei.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: comedi: fix clean-up of comedi_class in comedi_init()

commit a9332e9ad09c2644c99058fcf6ae2f355e93ce74 upstream.

There is a clean-up bug in the core comedi module initialization
functions, `comedi_init()`.  If the `comedi_num_legacy_minors` module
parameter is non-zero (and valid), it creates that many "legacy" devices
and registers them in SysFS.  A failure causes the function to clean up
and return an error.  Unfortunately, it fails to destroy the "comedi"
class that was created earlier.  Fix it by adding a call to
`class_destroy(comedi_class)` at the appropriate place in the clean-up
sequence.

Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

staging: vt6556: vnt_start Fix missing call to vnt_key_init_table.

commit dc32190f2cd41c7dba25363ea7d618d4f5172b4e upstream.

The key table is not intialized correctly without this call.

Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

tcp: fix tcp_mark_head_lost to check skb len before fragmenting

commit d88270eef4b56bd7973841dd1fed387ccfa83709 upstream.

This commit fixes a corner case in tcp_mark_head_lost() which was
causing the WARN_ON(len > skb->len) in tcp_fragment() to fire.

tcp_mark_head_lost() was assuming that if a packet has
tcp_skb_pcount(skb) of N, then it's safe to fragment off a prefix of
M*mss bytes, for any M < N. But with the tricky way TCP pcounts are
maintained, this is not always true.

For example, suppose the sender sends 4 1-byte packets and have the
last 3 packet sacked. It will merge the last 3 packets in the write
queue into an skb with pcount = 3 and len = 3 bytes. If another
recovery happens after a sack reneging event, tcp_mark_head_lost()
may attempt to split the skb assuming it has more than 2*MSS bytes.

This sounds very counterintuitive, but as the commit description for
the related commit c0638c247f55 ("tcp: don't fragment SACKed skbs in
tcp_mark_head_lost()") notes, this is because tcp_shifted_skb()
coalesces adjacent regions of SACKed skbs, and when doing this it
preserves the sum of their packet counts in order to reflect the
real-world dynamics on the wire. The c0638c247f55 commit tried to
avoid problems by not fragmenting SACKed skbs, since SACKed skbs are
where the non-proportionality between pcount and skb->len/mss is known
to be possible. However, that commit did not handle the case where
during a reneging event one of these weird SACKed skbs becomes an
un-SACKed skb, which tcp_mark_head_lost() can then try to fragment.

The fix is to simply mark the entire skb lost when this happens.
This makes the recovery slightly more aggressive in such corner
cases before we detect reordering. But once we detect reordering
this code path is by-passed because FACK is disabled.

Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Vinson Lee <vlee@freedesktop.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

md: fix super_offset endianness in super_1_rdev_size_change

commit 3fb632e40d7667d8bedfabc28850ac06d5493f54 upstream.

The sb->super_offset should be big-endian, but the rdev->sb_start is in
host byte order, so fix this by adding cpu_to_le64.

Signed-off-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

md: fix incorrect use of lexx_to_cpu in does_sb_need_changing

commit 1345921393ba23b60d3fcf15933e699232ad25ae upstream.

The sb->layout is of type __le32, so we shoud use le32_to_cpu.

Signed-off-by: Jason Yan <yanaijie@huawei.com>
Signed-off-by: Shaohua Li <shli@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf tools: Use readdir() instead of deprecated readdir_r() again

commit 22a9f41b555673e7499b97acf3ffb07bf0af31ad upstream.

The readdir() function is thread safe as long as just one thread uses a
DIR, which is the case when parsing tracepoint event definitions, to
avoid breaking the build with glibc-2.23.90 (upcoming 2.24), use it
instead of readdir_r().

See: http://man7.org/linux/man-pages/man3/readdir.3.html

"However, in modern implementations (including the glibc implementation),
concurrent calls to readdir() that specify different directory streams
are thread-safe.  In cases where multiple threads must read from the
same directory stream, using readdir() with external synchronization is
still preferable to the use of the deprecated readdir_r(3) function."

Noticed while building on a Fedora Rawhide docker container.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-wddn49r6bz6wq4ee3dxbl7lo@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf tests: Remove wrong semicolon in while loop in CQM test

commit cf89813a5b514bff9b3b5e7eaf2090f22fba62e0 upstream.

The while loop was spinning. Fix by removing a semicolon.

The issue was pointed out by gcc-6's -Wmisleading-indentation.

Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Reviewed-by: Matt Fleming <matt@codeblueprint.co.uk>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: 035827e9f2bd ("perf tests: Add Intel CQM test")
Link: http://lkml.kernel.org/r/20151214154335.GA1409@x4
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf trace: Do not process PERF_RECORD_LOST twice

commit 3ed5ca2efff70e9f589087c2013789572901112d upstream.

We catch this record to provide a visual indication that events are
getting lost, then call the default method to allow extra logging shared
with the other tools to take place.

This extra logging was done twice because we were continuing to the
"default" clause where machine__process_event() will end up calling
machine__process_lost_event() again, fix it.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-wus2zlhw3qo24ye84ewu4aqw@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf dwarf: Guard !x86_64 definitions under #ifdef else clause

commit 62aa0e177d278462145a29c30d3c8501ae57e200 upstream.

To fix the build on Fedora Rawhide (gcc 6.0.0 20160311 (Red Hat 6.0.0-0.17):

    CC       /tmp/build/perf/arch/x86/util/dwarf-regs.o
  arch/x86/util/dwarf-regs.c:66:36: error: 'x86_32_regoffset_table' defined but not used [-Werror=unused-const-variable=]
   static const struct pt_regs_offset x86_32_regoffset_table[] = {
                                      ^~~~~~~~~~~~~~~~~~~~~~
  cc1: all warnings being treated as errors

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-fghuksc1u8ln82bof4lwcj0o@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf pmu: Fix misleadingly indented assignment (whitespace)

commit d85ce830eef6c10d1e9617172dea4681f02b8424 upstream.

One line in perf_pmu__parse_unit() is indented wrongly, leading to a
warning (=> error) from gcc 6:

  util/pmu.c:156:3: error: statement is indented as if it were guarded by... [-Werror=misleading-indentation]

    sret = read(fd, alias->unit, UNIT_MAX_LEN);
    ^~~~

  util/pmu.c:153:2: note: ...this 'if' clause, but it is not
    if (fd == -1)
    ^~

Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: 410136f5dd96 ("tools/perf/stat: Add event unit and scale support")
Link: http://lkml.kernel.org/r/20151214154440.GC1409@x4
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed

commit d4913cbd05bab685e49c8174896e563b2487d054 upstream.

The issue was pointed out by gcc-6's -Wmisleading-indentation.

Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Fixes: c97cf42219b7 ("perf top: Live TUI Annotation")
Link: http://lkml.kernel.org/r/20151214154403.GB1409@x4
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf tools: Remove duplicate const qualifier

commit 3b556bced46aa6b1873da7faa18eff235e896adc upstream.

Signed-off-by: Eric Engestrom <eric.engestrom@imgtec.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/1461577678-29517-1-git-send-email-eric.engestrom@imgtec.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf script: Use readdir() instead of deprecated readdir_r()

commit a5e8e825bd1704c488bf6a46936aaf3b9f203d6a upstream.

The readdir() function is thread safe as long as just one thread uses a
DIR, which is the case in 'perf script', so, to avoid breaking the build
with glibc-2.23.90 (upcoming 2.24), use it instead of readdir_r().

See: http://man7.org/linux/man-pages/man3/readdir.3.html

"However, in modern implementations (including the glibc implementation),
concurrent calls to readdir() that specify different directory streams
are thread-safe.  In cases where multiple threads must read from the
same directory stream, using readdir() with external synchronization is
still preferable to the use of the deprecated readdir_r(3) function."

Noticed while building on a Fedora Rawhide docker container.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-mt3xz7n2hl49ni2vx7kuq74g@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf thread_map: Use readdir() instead of deprecated readdir_r()

commit 3354cf71104de49326d19d2f9bdb1f66eea52ef4 upstream.

The readdir() function is thread safe as long as just one thread uses a
DIR, which is the case in thread_map, so, to avoid breaking the build
with glibc-2.23.90 (upcoming 2.24), use it instead of readdir_r().

See: http://man7.org/linux/man-pages/man3/readdir.3.html

"However, in modern implementations (including the glibc implementation),
concurrent calls to readdir() that specify different directory streams
are thread-safe.  In cases where multiple threads must read from the
same directory stream, using readdir() with external synchronization is
still preferable to the use of the deprecated readdir_r(3) function."

Noticed while building on a Fedora Rawhide docker container.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-del8h2a0f40z75j4r42l96l0@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf tools: Use readdir() instead of deprecated readdir_r()

commit 7093b4c963cc4e344e490c774924a180602a7092 upstream.

The readdir() function is thread safe as long as just one thread uses a
DIR, which is the case when synthesizing events for pre-existing threads
by traversing /proc, so, to avoid breaking the build with glibc-2.23.90
(upcoming 2.24), use it instead of readdir_r().

See: http://man7.org/linux/man-pages/man3/readdir.3.html

"However, in modern implementations (including the glibc implementation),
concurrent calls to readdir() that specify different directory streams
are thread-safe.  In cases where multiple threads must read from the
same directory stream, using readdir() with external synchronization is
still preferable to the use of the deprecated readdir_r(3) function."

Noticed while building on a Fedora Rawhide docker container.

   CC       /tmp/build/perf/util/event.o
  util/event.c: In function '__event__synthesize_thread':
  util/event.c:466:2: error: 'readdir_r' is deprecated [-Werror=deprecated-declarations]
    while (!readdir_r(tasks, &dirent, &next) && next) {
    ^~~~~
  In file included from /usr/include/features.h:368:0,
                   from /usr/include/stdint.h:25,
                   from /usr/lib/gcc/x86_64-redhat-linux/6.0.0/include/stdint.h:9,
                   from /git/linux/tools/include/linux/types.h:6,
                   from util/event.c:1:
  /usr/include/dirent.h:189:12: note: declared here

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-i1vj7nyjp2p750rirxgrfd3c@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf bench numa: Avoid possible truncation when using snprintf()

commit 3aff8ba0a4c9c9191bb788171a1c54778e1246a2 upstream.

Addressing this warning from gcc 7:

    CC       /tmp/build/perf/bench/numa.o
  bench/numa.c: In function '__bench_numa':
  bench/numa.c:1582:42: error: '%d' directive output may be truncated writing between 1 and 10 bytes into a region of size between 8 and 17 [-Werror=format-truncation=]
       snprintf(tname, 32, "process%d:thread%d", p, t);
                                            ^~
  bench/numa.c:1582:25: note: directive argument in the range [0, 2147483647]
       snprintf(tname, 32, "process%d:thread%d", p, t);
                           ^~~~~~~~~~~~~~~~~~~~
  In file included from /usr/include/stdio.h:939:0,
                   from bench/../util/util.h:47,
                   from bench/../builtin.h:4,
                   from bench/numa.c:11:
  /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 17 and 35 bytes into a destination of size 32
     return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          __bos (__s), __fmt, __va_arg_pack ());
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  cc1: all warnings being treated as errors

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Petr Holasek <pholasek@redhat.com>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-twa37vsfqcie5gwpqwnjuuz9@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf tests: Avoid possible truncation with dirent->d_name + snprintf

commit 2e2bbc039fad9eabad6c4c1a473c8b2554cdd2d4 upstream.

Addressing a few cases spotted by a new warning in gcc 7:

  tests/parse-events.c: In function 'test_pmu_events':
  tests/parse-events.c:1790:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 90 [-Werror=format-truncation=]
     snprintf(name, MAX_NAME, "cpu/event=%s/u", ent->d_name);
                                       ^~
  In file included from /usr/include/stdio.h:939:0,
                   from /git/linux/tools/perf/util/map.h:9,
                   from /git/linux/tools/perf/util/symbol.h:7,
                   from /git/linux/tools/perf/util/evsel.h:10,
                   from tests/parse-events.c:3:
  /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 13 and 268 bytes into a destination of size 100
     return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          __bos (__s), __fmt, __va_arg_pack ());
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  tests/parse-events.c:1798:29: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 100 [-Werror=format-truncation=]
     snprintf(name, MAX_NAME, "%s:u,cpu/event=%s/u", ent->d_name, ent->d_name);

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Fixes: 945aea220bb8 ("perf tests: Move test objects into 'tests' directory")
Link: http://lkml.kernel.org/n/tip-ty4q2p8zp1dp3mskvubxskm5@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf scripting perl: Fix compile error with some perl5 versions

commit d7dd112ea5cacf91ae72c0714c3b911eb6016fea upstream.

Fix below compile error:

  CC       util/scripting-engines/trace-event-perl.o
  In file included from /usr/lib/perl5/5.22.2/i686-linux/CORE/perl.h:5673:0,
                   from util/scripting-engines/trace-event-perl.c:31:
  /usr/lib/perl5/5.22.2/i686-linux/CORE/inline.h: In function 'S__is_utf8_char_slow':
  /usr/lib/perl5/5.22.2/i686-linux/CORE/inline.h:270:5: error: nested extern declaration of 'Perl___notused' [-Werror=nested-externs]
          dTHX;   /* The function called below requires thread context */
     ^
  cc1: all warnings being treated as errors

After digging perl5 repository, I find out that we will meet this
compile error with perl from v5.21.1 to v5.25.4

Signed-off-by: Wang YanQing <udknight@gmail.com>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Link: http://lkml.kernel.org/r/20170212024655.GA15997@udknight
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf thread_map: Correctly size buffer used with dirent->dt_name

commit bdf23a9a190d7ecea092fd5c4aabb7d4bd0a9980 upstream.

The size of dirent->dt_name is NAME_MAX + 1, but the size for the 'path'
buffer is hard coded at 256, which may truncate it because we also
prepend "/proc/", so that all that into account and thank gcc 7 for this
warning:

  /git/linux/tools/perf/util/thread_map.c: In function 'thread_map__new_by_uid':
  /git/linux/tools/perf/util/thread_map.c:119:39: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 250 [-Werror=format-truncation=]
     snprintf(path, sizeof(path), "/proc/%s", dirent->d_name);
                                         ^~
  In file included from /usr/include/stdio.h:939:0,
                   from /git/linux/tools/perf/util/thread_map.c:5:
  /usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 7 and 262 bytes into a destination of size 256
     return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          __bos (__s), __fmt, __va_arg_pack ());
          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-csy0r8zrvz5efccgd4k12c82@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf intel-pt: Use __fallthrough

commit 7ea6856d6f5629d742edc23b8b76e6263371ef45 upstream.

To address new warnings emmited by gcc 7, e.g.::

    CC       /tmp/build/perf/util/intel-pt-decoder/intel-pt-pkt-decoder.o
    CC       /tmp/build/perf/tests/parse-events.o
  util/intel-pt-decoder/intel-pt-pkt-decoder.c: In function 'intel_pt_pkt_desc':
  util/intel-pt-decoder/intel-pt-pkt-decoder.c:499:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
     if (!(packet->count))
        ^
  util/intel-pt-decoder/intel-pt-pkt-decoder.c:501:2: note: here
    case INTEL_PT_CYC:
    ^~~~
    CC       /tmp/build/perf/util/intel-pt-decoder/intel-pt-decoder.o
  cc1: all warnings being treated as errors

Acked-by: Andi Kleen <ak@linux.intel.com>
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-mf0hw789pu9x855us5l32c83@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

perf top: Use __fallthrough

commit 7b0214b702ad8e124e039a317beeebb3f020d125 upstream.

The implicit fall through case label here is intended, so let us inform
that to gcc >= 7:

    CC       /tmp/build/perf/builtin-top.o
  builtin-top.c: In function 'display_thread':
  builtin-top.c:644:7: error: this statement may fall through [-Werror=implicit-fallthrough=]
      if (errno == EINTR)
         ^
  builtin-top.c:647:3: note: here
     default:
   ^~~~~~~

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-lmcfnnyx9ic0m6j0aud98p4e@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

tools strfilter: Use __fallthrough

commit d64b721d27aef3fbeb16ecda9dd22ee34818ff70 upstream.

The implicit fall through case label here is intended, so let us inform
that to gcc >= 7:

  util/strfilter.c: In function 'strfilter_node__sprint':
  util/strfilter.c:270:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
     if (len < 0)
        ^
  util/strfilter.c:272:2: note: here
    case '!':
    ^~~~
  cc1: all warnings being treated as errors

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-z2dpywg7u8fim000hjfbpyfm@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

tools string: Use __fallthrough in perf_atoll()

commit 94bdd5edb34e472980d1e18b4600d6fb92bd6b0a upstream.

The implicit fall through case label here is intended, so let us inform
that to gcc >= 7:

    CC       /tmp/build/perf/util/string.o
  util/string.c: In function 'perf_atoll':
  util/string.c:22:7: error: this statement may fall through [-Werror=implicit-fallthrough=]
      if (*p)
         ^
  util/string.c:24:3: note: here
     case '\0':
     ^~~~

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: http://lkml.kernel.org/n/tip-0ophb30v9apkk6o95el0rqlq@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

tools include: Add a __fallthrough statement

commit b5bf1733d6a391c4e90ea8f8468d83023be74a2a upstream.

For cases where implicit fall through case labels are intended,
to let us inform that to gcc >= 7:

    CC       /tmp/build/perf/util/string.o
  util/string.c: In function 'perf_atoll':
  util/string.c:22:7: error: this statement may fall through [-Werror=implicit-fallthrough=]
      if (*p)
         ^
  util/string.c:24:3: note: here
     case '\0':
     ^~~~

So we introduce:

  #define __fallthrough __attribute__ ((fallthrough))

And use it in such cases.

Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Cc: William Cohen <wcohen@redhat.com>
Link: http://lkml.kernel.org/n/tip-qnpig0xfop4hwv6k4mv1wts5@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

mqueue: fix a use-after-free in sys_mq_notify()

commit f991af3daabaecff34684fd51fac80319d1baad1 upstream.

The retry logic for netlink_attachskb() inside sys_mq_notify()
is nasty and vulnerable:

1) The sock refcnt is already released when retry is needed
2) The fd is controllable by user-space because we already
   release the file refcnt

so we when retry but the fd has been just closed by user-space
during this small window, we end up calling netlink_detachskb()
on the error path which releases the sock again, later when
the user-space closes this socket a use-after-free could be
triggered.

Setting 'sock' to NULL here should be sufficient to fix it.

Reported-by: GeneBlue <geneblue.mail@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Manfred Spraul <manfred@colorfullife.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

RDMA/uverbs: Check port number supplied by user verbs cmds

commit 5ecce4c9b17bed4dc9cb58bfb10447307569b77b upstream.

The ib_uverbs_create_ah() ind ib_uverbs_modify_qp() calls receive
the port number from user input as part of its attributes and assumes
it is valid. Down on the stack, that parameter is used to access kernel
data structures.  If the value is invalid, the kernel accesses memory
it should not.  To prevent this, verify the port number before using it.

BUG: KASAN: use-after-free in ib_uverbs_create_ah+0x6d5/0x7b0
Read of size 4 at addr ffff880018d67ab8 by task syz-executor/313

BUG: KASAN: slab-out-of-bounds in modify_qp.isra.4+0x19d0/0x1ef0
Read of size 4 at addr ffff88006c40ec58 by task syz-executor/819

Fixes: 67cdb40ca444 ("[IB] uverbs: Implement more commands")
Cc: Yevgeny Kliteynik <kliteyn@mellanox.com>
Cc: Tziporet Koren <tziporet@mellanox.com>
Cc: Alex Polak <alexpo@mellanox.com>
Signed-off-by: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

KEYS: Fix an error code in request_master_key()

commit 57cb17e764ba0aaa169d07796acce54ccfbc6cae upstream.

This function has two callers and neither are able to handle a NULL
return.  Really, -EINVAL is the correct thing return here anyway.  This
fixes some static checker warnings like:

security/keys/encrypted-keys/encrypted.c:709 encrypted_key_decrypt()
error: uninitialized symbol 'master_key'.

Fixes: 7e70cb497850 ("keys: add new key-type encrypted")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

ath10k: override CE5 config for QCA9377

commit b08b5b53a1ed2bd7a883f8fd29232c8f03604671 upstream.

Similarly to QCA6174, QCA9377 requires the CE5 configuration to be
available for other feature. Use the ath10k_pci_override_ce_config()
for it as well.

This is required for TF2.0 firmware. Previous FW revisions were
working fine without this patch.

Fixes: a70587b3389a ("ath10k: configure copy engine 5 for HTT messages")
Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

x86/uaccess: Optimize copy_user_enhanced_fast_string() for short strings

commit 236222d39347e0e486010f10c1493e83dbbdfba8 upstream.

According to the Intel datasheet, the REP MOVSB instruction
exposes a pretty heavy setup cost (50 ticks), which hurts
short string copy operations.

This change tries to avoid this cost by calling the explicit
loop available in the unrolled code for strings shorter
than 64 bytes.

The 64 bytes cutoff value is arbitrary from the code logic
point of view - it has been selected based on measurements,
as the largest value that still ensures a measurable gain.

Micro benchmarks of the __copy_from_user() function with
lengths in the [0-63] range show this performance gain
(shorter the string, larger the gain):

 - in the [55%-4%] range on Intel Xeon(R) CPU E5-2690 v4
 - in the [72%-9%] range on Intel Core i7-4810MQ

Other tested CPUs - namely Intel Atom S1260 and AMD Opteron
8216 - show no difference, because they do not expose the
ERMS feature bit.

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/4533a1d101fd460f80e21329a34928fad521c1d4.1498744345.git.pabeni@redhat.com
[ Clarified the changelog. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Mel Gorman <mgorman@techsingularity.net>

x86/tools: Fix gcc-7 warning in relocs.c

commit 7ebb916782949621ff6819acf373a06902df7679 upstream.

gcc-7 warns:

In file included from arch/x86/tools/relocs_64.c:17:0:
arch/x86/tools/relocs.c: In function ‘process_64’:
arch/x86/tools/relocs.c:953:2: warning: argument 1 null where non-null expected [-Wnonnull]
  qsort(r->offset, r->count, sizeof(r->offset[0]), cmp_relocs);
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from arch/x86/tools/relocs.h:6:0,
                 from arch/x86/tools/relocs_64.c:1:
/usr/include/stdlib.h:741:13: note: in a call to function ‘qsort’ declared here
 extern void qsort

This happens because relocs16 is not used for ELF_BITS == 64,
so there is no point in trying to sort it.

Make the sort_relocs(&relocs16) call 32bit only.

Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Link: http://lkml.kernel.org/r/20161215124513.GA289@x4
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

gfs2: Fix glock rhashtable rcu bug

commit 961ae1d83d055a4b9ebbfb4cc8ca62ec1a7a3b74 upstream.

Before commit 88ffbf3e03 "GFS2: Use resizable hash table for glocks",
glocks were freed via call_rcu to allow reading the glock hashtable
locklessly using rcu.  This was then changed to free glocks immediately,
which made reading the glock hashtable unsafe.  Bring back the original
code for freeing glocks via call_rcu.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: serial: qcserial: new Sierra Wireless EM7305 device ID

commit 996fab55d864ed604158f71724ff52db1c2454a3 upstream.

A new Sierra Wireless EM7305 device ID used in a Toshiba laptop.

Reported-by: Petr Kloc <petr_kloc@yahoo.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: serial: option: add two Longcheer device ids

commit 8fb060da715ad10fe956d7c0077b2fb0c12bb9d7 upstream.

Add two Longcheer device-id entries which specifically enables a
Telewell TW-3G HSPA+ branded modem (0x9801).

Reported-by: Teemu Likonen <tlikonen@iki.fi>
Reported-by: Bjørn Mork <bjorn@mork.no>
Reported-by: Lars Melin <larsm17@gmail.com>
Tested-by: Teemu Likonen <tlikonen@iki.fi>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

pinctrl: sh-pfc: Update info pointer after SoC-specific init

commit 3091ae775fae17084013021d01513bc1ad274e6a upstream.

Update the sh_pfc_soc_info pointer after calling the SoC-specific
initialization function, as it may have been updated to e.g. handle
different SoC revisions.  This makes sure the correct subdriver name is
printed later.

Fixes: 0c151062f32c9db8 ("sh-pfc: Add support for SoC-specific initialization")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

pinctrl: mxs: atomically switch mux and drive strength config

commit da6c2addf66d7ff7d0b090d6267d4292f951e4e6 upstream.

To set the mux mode of a pin two bits must be set. Up to now this is
implemented using the following idiom:

writel(mask, reg + CLR);
writel(value, reg + SET);

. This however results in the mux mode being 0 between the two writes.

On my machine there is an IC's reset pin connected to LCD_D20. The
bootloader configures this pin as GPIO output-high (i.e. not holding the
IC in reset). When Linux reconfigures the pin to GPIO the short time
LCD_D20 is muxed as LCD_D20 instead of GPIO_1_20 is enough to confuse
the connected IC.

The same problem is present for the pin's drive strength setting which is
reset to low drive strength before using the right value.

So instead of relying on the hardware to modify the register setting
using two writes implement the bit toggling using read-modify-write.

Fixes: 17723111e64f ("pinctrl: add pinctrl-mxs support")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

pinctrl: sunxi: Fix SPDIF function name for A83T

commit 7903d4f5e1dec53963cba9b1bc472a76a3532e07 upstream.

We use well known standard names for functions that have name, such as
I2C, SPI, SPDIF, etc..

Fix the function name of SPDIF, which was named OWA (One Wire Audio)
based on Allwinner datasheets.

Fixes: 4730f33f0d82 ("pinctrl: sunxi: add allwinner A83T PIO controller
      support")
Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

pinctrl: meson: meson8b: fix the NAND DQS pins

commit 97ba26b8a9343008504d4e3a87d212bc07b05212 upstream.

The nand_groups table uses different names for the NAND DQS pins than
the GROUP() definition in meson8b_cbus_groups (nand_dqs_0 vs nand_dqs0).
This prevents using the NAND DQS pins in the devicetree.

Fix this by ensuring that the GROUP() definition and the
meson8b_cbus_groups use the same name for these pins.

Fixes: 0fefcb6876d0 ("pinctrl: Add support for Meson8b")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Acked-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

pinctrl: sh-pfc: r8a7791: Fix SCIF2 pinmux data

commit 58439280f84e6b39fd7d61f25ab30489c1aaf0a9 upstream.

PINMUX_IPSR_MSEL() macro invocation for the TX2 signal has apparently wrong
1st argument -- most probably a result of cut&paste programming...

Fixes: 508845196238 ("pinctrl: sh-pfc: r8a7791 PFC support")
Signed-off-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec

commit 425fffd886bae3d127a08fa6a17f2e31e24ed7ff upstream.

Currently, inputting the following command will succeed but actually the
value will be truncated:

  # echo 0x12ffffffff > /proc/sys/net/ipv4/tcp_notsent_lowat

This is not friendly to the user, so instead, we should report error
when the value is larger than UINT_MAX.

Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

sysctl: don't print negative flag for proc_douintvec

commit 5380e5644afbba9e3d229c36771134976f05c91e upstream.

I saw some very confusing sysctl output on my system:
  # cat /proc/sys/net/core/xfrm_aevent_rseqth
  -2
  # cat /proc/sys/net/core/xfrm_aevent_etime
  -10
  # cat /proc/sys/net/ipv4/tcp_notsent_lowat
  -4294967295

Because we forget to set the *negp flag in proc_douintvec, so it will
become a garbage value.

Since the value related to proc_douintvec is always an unsigned integer,
so we can set *negp to false explictily to fix this issue.

Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

mac80211_hwsim: Replace bogus hrtimer clockid

commit 8fbcfeb8a9cc803464d6c166e7991913711c612c upstream.

mac80211_hwsim initializes a hrtimer with clockid
CLOCK_MONOTONIC_RAW. That's not supported.

Use CLOCK_MONOTONIC instead.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

usb: Fix typo in the definition of Endpoint[out]Request

commit 7cf916bd639bd26db7214f2205bccdb4b9306256 upstream.

The current definition is wrong. This breaks my upcoming
Aspeed virtual hub driver.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

usb: usbip: set buffer pointers to NULL after free

commit b3b51417d0af63fb9a06662dc292200aed9ea53f upstream.

The usbip stack dynamically allocates the transfer_buffer and
setup_packet of each urb that got generated by the tcp to usb stub code.
As these pointers are always used only once we will set them to NULL
after use. This is done likewise to the free_urb code in vudc_dev.c.
This patch fixes double kfree situations where the usbip remote side
added the URB_FREE_BUFFER.

Signed-off-by: Michael Grzeschik <m.grzeschik@pengutronix.de>
Acked-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Add USB quirk for HVR-950q to avoid intermittent device resets

commit 6836796de4019944f4ba4c99a360e8250fd2e735 upstream.

The USB core and sysfs will attempt to enumerate certain parameters
which are unsupported by the au0828 - causing inconsistent behavior
and sometimes causing the chip to reset.  Avoid making these calls.

This problem manifested as intermittent cases where the au8522 would
be reset on analog video startup, in particular when starting up ALSA
audio streaming in parallel - the sysfs entries created by
snd-usb-audio on streaming startup would result in unsupported control
messages being sent during tuning which would put the chip into an
unknown state.

Signed-off-by: Devin Heitmueller <dheitmueller@kernellabs.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick

commit fd90f73a9925f248d696bde1cfc836d9fda5570d upstream.

Added the USB serial device ID for the CEL ZigBee EM3588
radio stick.

Signed-off-by: Jeremie Rapin <rapinj@gmail.com>
Acked-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

usb: dwc3: replace %p with %pK

commit 04fb365c453e14ff9e8a28f1c46050d920a27a4a upstream.

%p will leak kernel pointers, so let's not expose the information on
dmesg and instead use %pK. %pK will only show the actual addresses if
explicitly enabled under /proc/sys/kernel/kptr_restrict.

Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drm/virtio: don't leak bo on drm_gem_object_init failure

commit 385aee965b4e4c36551c362a334378d2985b722a upstream.

Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170406155941.458-1-kraxel@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

tracing/kprobes: Allow to create probe with a module name starting with a digit

commit 9e52b32567126fe146f198971364f68d3bc5233f upstream.

Always try to parse an address, since kstrtoul() will safely fail when
given a symbol as input. If that fails (which will be the case for a
symbol), try to parse a symbol instead.

This allows creating a probe such as:

    p:probe/vlan_gro_receive 8021q:vlan_gro_receive+0

Which is necessary for this command to work:

    perf probe -m 8021q -a vlan_gro_receive

Link: http://lkml.kernel.org/r/fd72d666f45b114e2c5b9cf7e27b91de1ec966f1.1498122881.git.sd@queasysnail.net
Fixes: 413d37d1e ("tracing: Add kprobe-based event tracer")
Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

mm: fix classzone_idx underflow in shrink_zones()

[Not upstream as that would take 34+ patches]

We've got reported a BUG in do_try_to_free_pages():

BUG: unable to handle kernel paging request at ffff8ffffff28990
IP: [<ffffffff8119abe0>] do_try_to_free_pages+0x140/0x490
PGD 0
Oops: 0000 [#1] SMP
megaraid_sas sg scsi_mod efivarfs autofs4
Supported: No, Unsupported modules are loaded
Workqueue: kacpi_hotplug acpi_hotplug_work_fn
task: ffff88ffd0d4c540 ti: ffff88ffd0e48000 task.ti: ffff88ffd0e48000
RIP: 0010:[<ffffffff8119abe0>]  [<ffffffff8119abe0>] do_try_to_free_pages+0x140/0x490
RSP: 0018:ffff88ffd0e4ba60  EFLAGS: 00010206
RAX: 000006fffffff900 RBX: 00000000ffffffff RCX: ffff88fffff29000
RDX: 000000ffffffff00 RSI: 0000000000000003 RDI: 00000000024200c8
RBP: 0000000001320122 R08: 0000000000000000 R09: ffff88ffd0e4bbac
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88ffd0e4bae0
R13: 0000000000000e00 R14: ffff88fffff2a500 R15: ffff88fffff2b300
FS:  0000000000000000(0000) GS:ffff88ffe6440000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8ffffff28990 CR3: 0000000001c0a000 CR4: 00000000003406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Stack:
 00000002db570a80 024200c80000001e ffff88fffff2b300 0000000000000000
 ffff88fffffd5700 ffff88ffd0d4c540 ffff88ffd0d4c540 ffffffff0000000c
 0000000000000000 0000000000000040 00000000024200c8 ffff88ffd0e4bae0
Call Trace:
 [<ffffffff8119afea>] try_to_free_pages+0xba/0x170
 [<ffffffff8118cf2f>] __alloc_pages_nodemask+0x53f/0xb20
 [<ffffffff811d39ff>] alloc_pages_current+0x7f/0x100
 [<ffffffff811e2232>] migrate_pages+0x202/0x710
 [<ffffffff815dadaa>] __offline_pages.constprop.23+0x4ba/0x790
 [<ffffffff81463263>] memory_subsys_offline+0x43/0x70
 [<ffffffff8144cbed>] device_offline+0x7d/0xa0
 [<ffffffff81392fa2>] acpi_bus_offline+0xa5/0xef
 [<ffffffff81394a77>] acpi_device_hotplug+0x21b/0x41f
 [<ffffffff8138dab7>] acpi_hotplug_work_fn+0x1a/0x23
 [<ffffffff81093cee>] process_one_work+0x14e/0x410
 [<ffffffff81094546>] worker_thread+0x116/0x490
 [<ffffffff810999ed>] kthread+0xbd/0xe0
 [<ffffffff815e4e7f>] ret_from_fork+0x3f/0x70

This translates to the loop in shrink_zone():

classzone_idx = requested_highidx;
while (!populated_zone(zone->zone_pgdat->node_zones +
classzone_idx))
classzone_idx--;

where no zone is populated, so classzone_idx becomes -1 (in RBX).

Added debugging output reveals that we enter the function with
sc->gfp_mask == GFP_NOFS|__GFP_NOFAIL|__GFP_HARDWALL|__GFP_MOVABLE
requested_highidx = gfp_zone(sc->gfp_mask) == 2 (ZONE_NORMAL)

Inside the for loop, however:
gfp_zone(sc->gfp_mask) == 3 (ZONE_MOVABLE)

This means we have gone through this branch:

if (buffer_heads_over_limit)
    sc->gfp_mask |= __GFP_HIGHMEM;

This changes the gfp_zone() result, but requested_highidx remains unchanged.
On nodes where the only populated zone is movable, the inner while loop will
check only lower zones, which are not populated, and underflow classzone_idx.

To sum up, the bug occurs in configurations with ZONE_MOVABLE (such as when
booted with the movable_node parameter) and only in situations when
buffer_heads_over_limit is true, and there's an allocation with __GFP_MOVABLE
and without __GFP_HIGHMEM performing direct reclaim.

This patch makes sure that classzone_idx starts with the correct zone.

Mainline has been affected in versions 4.6 and 4.7, but the culprit commit has
been also included in stable trees.
In mainline, this has been fixed accidentally as part of 34-patch series (plus
follow-up fixes) "Move LRU page reclaim from zones to nodes", which makes the
mainline commit unsuitable for stable backport, unfortunately.

Fixes: 7bf52fb891b6 ("mm: vmscan: reclaim highmem zone if buffer_heads is over limit")
Obsoleted-by: b2e18757f2c9 ("mm, vmscan: begin reclaiming pages on a per-node basis")
Debugged-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

bgmac: reset & enable Ethernet core before using it

commit b4dfd8e92956b396d3438212bc9a0be6267b8b34 upstream.

This fixes Ethernet on D-Link DIR-885L with BCM47094 SoC. Felix reported
similar fix was needed for his BCM4709 device (Buffalo WXR-1900DHP?).
I tested this for regressions on BCM4706, BCM4708A0 and BCM47081A0.

Cc: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

driver core: platform: fix race condition with driver_override

commit 6265539776a0810b7ce6398c27866ddb9c6bd154 upstream.

The driver_override implementation is susceptible to race condition when
different threads are reading vs storing a different driver override.
Add locking to avoid race condition.

Fixes: 3d713e0e382e ("driver core: platform: add device binding path 'driver_override'")
Cc: stable@vger.kernel.org
Signed-off-by: Adrian Salido <salidoa@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs: completely ignore unknown open flags

commit 629e014bb8349fcf7c1e4df19a842652ece1c945 upstream.

Currently we just stash anything we got into file->f_flags, and the
report it in fcntl(F_GETFD).  This patch just clears out all unknown
flags so that we don't pass them to the fs or report them.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

fs: add a VALID_OPEN_FLAGS

commit 80f18379a7c350c011d30332658aa15fe49a8fa5 upstream.

Add a central define for all valid open flags, and use it in the uniqueness
check.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

hid: rkvr: fix application of sizeof to pointer

Change-Id: I698445dd006551090578fc04226d5c792094ad05
Signed-off-by: lanshh <lsh@rock-chips.com>

arm64: dts: rockchip: Add rk3366-sheep and rk3366-android dts file for Android7.1

Change-Id: Ib0f2dd27cb5154bed68e71780cfff4a1730399a3
Signed-off-by: David Wu <david.wu@rock-chips.com>

arm64: dts: rockchip: Add drm dispaly nodes and move nod-drm display nodes to rk3366-android-6.0.dtsi

Change-Id: I98cafab3739f322e1b3826e597b7191ddd0e49c3
Signed-off-by: David Wu <david.wu@rock-chips.com>

arm64: dts: rockchip: rk3368-r88: Fix power and platform suspend support

Change-Id: I9b3d8178a3bf245cad91dec3c1284f395378ff68
Signed-off-by: Zhangbin Tong <zebulun.tong@rock-chips.com>

regulator: remove unused rockchip-pwm-regulator driver

Change-Id: I20594d198f49f6232b409031884ca27f95470592
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>

PM / devfreq: rockchip_dmc: fix coccinelle warnings

drivers/devfreq/rockchip_dmc.c:665:2-3: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:676:2-3: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:686:2-3: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:697:2-3: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:707:2-3: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:766:2-3: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:776:2-3: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:1397:2-3: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:1022:3-4: Unneeded semicolon
drivers/devfreq/rockchip_dmc.c:662:5-11: inconsistent IS_ERR and PTR_ERR on line 664.
drivers/devfreq/rockchip_dmc.c:683:5-11: inconsistent IS_ERR and PTR_ERR on line 685.
drivers/devfreq/rockchip_dmc.c:704:5-11: inconsistent IS_ERR and PTR_ERR on line 706.
drivers/devfreq/rockchip_dmc.c:773:5-11: inconsistent IS_ERR and PTR_ERR on line 775.

Change-Id: I95f2f66649ead3d0c0f59ae713d9272863eb9f63
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>

drm/rockchip: gem: add begin/end cpu access

Change-Id: Ie2c54addcf037cf501edcad76470e5e46c667b7e
Signed-off-by: Mark Yao <mark.yao@rock-chips.com>

drm/prime: add dmabuf begin/end cpu access

Change-Id: I0b4be7f8d78142024a2067db041e4f1c2670086c
Signed-off-by: Mark Yao <mark.yao@rock-chips.com>

ARM: dts: rk3288-android: add 1800MHz for cpu

Change-Id: I9206739d879b7648ae4e19df9f5a67ad9844c5d6
Signed-off-by: Finley Xiao <finley.xiao@rock-chips.com>

clk: rockchip: Add adaptive frequency scaling for pll_rk3399

Change-Id: Id7be0fd4045f273052d69f49df1272922fb8f8dc
Signed-off-by: Finley Xiao <finley.xiao@rock-chips.com>

Revert "ARM64: dts: rk3328-evb: enable tve"

This reverts commit c69d61610a887799edcc2da4e31fbd8d699193e0.
There is conflict between cvbs and hdmi.Hdmi is used more than cvbs,
so disable cvbs by default.

Change-Id: I1c0966e0166715da0d4c11426686b28386d16a0c
Signed-off-by: algea.cao <algea.cao@rock-chips.com>

usb: dwc_otg_310: hcd: fix isoc urb actual length

USB isochronous urb consists of some isoc frames, urb use iso_frame_desc
structure record actual_length, then device drivers always use this and
don't care urb actual_length. But in usb devio driver, processcompl()
function will process urb complete and copy data to user depend on urb
actual_length.

In dwc controller driver, update_isoc_urb_state() function will only
update isoc frames actual_length, urb actual_length will be 0. When use
usb devio driver, there is no data copy to user, so need update urb
actual_length at the same time.

TEST=use libusb to transport isochronous data

Change-Id: I1dc8e8d8c6609924626761525b98f41a739aeb65
Signed-off-by: Feng Mingli <fml@rock-chips.com>
Signed-off-by: William Wu <william.wu@rock-chips.com>

camera: rockchip: camsys_drv: 0.0x22.0x2

modify the condition of DRM iommu, which makes code  more readable
by using of_parse_phandle to check whether the "iommus" phandle exists
in the isp device node.

Change-Id: I41d2c1c1e237364f19d79abb15aaca4a81616287
Signed-off-by: zhangyunlong <dalon.zhang@rock-chips.com>

arm64: rockchip_linux_defconfig: enable CIF_ISP10

Change-Id: I2e677e3b80b6ba065543ab0123e8154cf7d794a3
Signed-off-by: Jacob Chen <cc@rock-chips.com>

arm64: dts: rk3399-sapphire-excavator-linux: add camera nodes

Change-Id: I7f2e356f33439723a9ebec6fd341e213ebb2c871
Signed-off-by: Jacob Chen <cc@rock-chips.com>

arm64: dts: rk3399-linux: add cif isp nodes

Change-Id: Iaadc9bcfdf7b2a236a0740170cc7bcfa0e7d9398
Signed-off-by: Jacob Chen <cc@rock-chips.com>

media: isp: migrate isp driver to videobuf2

Verify the functionality of isp driver with
sensor ov7750.
V4l2n or gstreamer is suitable for test.

Change-Id: I4f0cf68b84f4909dd1c132ec3506777f39d487ee
Signed-off-by: Jacob Chen <cc@rock-chips.com>

media: soc_camera: add ov7750 sensor driver

Change-Id: Ibe6e393b5e1ce518181d285b5c08e191a0b2dca4
Signed-off-by: Jacob Chen <cc@rock-chips.com>

ARM: dts: rk3288: add leakage nvmem-cells property for cpu

Change-Id: I0238f29b0c79daa683ffd8a2a1f09f51761a5358
Signed-off-by: Finley Xiao <finley.xiao@rock-chips.com>

arm64: dts: rk3399: add leakage nvmem-cells properties for cpu

Change-Id: Id156f2a9a3871747d9379b49d09034238d204670
Signed-off-by: Finley Xiao <finley.xiao@rock-chips.com>

phy: rockchip-inno-mipi-dphy: Add support for rk3366

Change-Id: I1e0898b8b588bf71df9a0e1f848f350654446dcf
Signed-off-by: WeiYong Bi <bivvy.bi@rock-chips.com>

drm/rockchip: dsi: Add support for rk3366

Change-Id: I9edfea9652d8c56065590ea01480b49f1c432145
Signed-off-by: WeiYong Bi <bivvy.bi@rock-chips.com>

UPSTREAM: Coccinelle: misc: Add support for devm variant in all modes

Add missing support for the devm_request_threaded_irq in
the rules of context, report and org modes.

Misc:
----
To be consistent with other scripts, change confidence level
of the script to 'Moderate'.

Change-Id: I3ad8fc93081be82512e6143e27c8936c988a98f1
Signed-off-by: Vaishali Thakkar <vaishali.thakkar@oracle.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit d1e774f49f0305092c9975d9070aefe318f49872)

UPSTREAM: Coccinelle: misc: Improve the result given by context mode

To eliminate false positives given by the context mode, add
necessary arguments for the function request_threaded_irq.

Change-Id: I692db266239a03964d17505108e700bc1ffa9bd3
Signed-off-by: Vaishali Thakkar <vaishali.thakkar@oracle.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit 35b303ae361611a6b418e385fee06fa08732b2e6)

UPSTREAM: Coccinelle: misc: Improve the matching of rules

Currently because of the left associativity of the operators, pattern
IRQF_ONESHOT | flags does not match with the pattern when we have more
than one flag after the disjunction. This eventually results in giving
false positives by the script. This patch eliminates these FPs by
improving the rule.

Change-Id: I1043d1e6fca848997982305cd8fb3ac2706e7f1f
Signed-off-by: Vaishali Thakkar <vaishali.thakkar@oracle.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit dca24c4544d96989f521b5aa49fd44ae0ae5a5b6)

UPSTREAM: Coccinelle: Add misc/boolconv.cocci

Add a script to check for unneeded conversions to bool.

Change-Id: I881d423eb72595b11a861eaf01c0c8eb8f262e05
Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit 75238b9e6aadca6d9255d4b385e026385e78bb15)

UPSTREAM: Coccinelle: flag conditions with no effect

Report code constructs where the if and else branch are functionally
identical. In cases where this is intended it really should be
documented - most reported cases probably are bugs.

Change-Id: I81c863f2a744d26dd1f0cd0b621580f73d0c70d5
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit c8990359d4b12f14656386526ddf904635076902)

UPSTREAM: Coccinelle: pm_runtime: ensure relevance of pm_runtime reports

pm_runtime.cocci starts with one rule that searches for a variety of
functions calls, followed by various rules that report errors.  Previously,
the only connection between the first rule and the rest was to check that
the first rule had matched somewhere.  Change the rules to propagate a
position from the first rule to the others, to make sure that the sites
reported on are the same as the sites that were identified as having the
relevant functions.

Change-Id: I2f5c56634f170348666acb373f7b9323c8edf68e
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit d97629f1686574a800a76eb0d2ce65e3f3d3ef92)

UPSTREAM: Coccinelle: limit memdup_user transformation to GFP_KERNEL case

Memdup_user encapsulates a memory allocation with the flag GFP_KERNEL, so
only allow this flag in the original code.

Change-Id: I504d5558ef6bfa955983523918397872494b1abc
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit 43d96390d57aa0e61d15ce2bcb887df8516d58f5)

UPSTREAM: scripts/coccinelle: require coccinelle >= 1.0.4 on device_node_continue.cocci

Make use of the new Requires: tag to be able to specify coccinelle binary
version requirements. The cocci file device_node_continue.cocci requires at
least coccinelle 1.0.4.

Change-Id: I11e894e3b2cbd88362271ea064ec3674ae9ffd71
Signed-off-by: Luis R. Rodriguez <mcgrof@kernel.org>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Acked-by: Nicolas Palix <nicolas.palix@imag.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit cc65e823363834a7ff0a2eca9bef2bbef64135f7)

UPSTREAM: coccinelle: catch krealloc() on devm_*() allocated memory

krealloc() must not be used against devm_*() allocated
memory regions:

- if a bigger memory is to be allocated, krealloc() and
  __krealloc() could return a different pointer than the
  one given to them, creating a memory region which is not
  managed, thus it will not be automatically released on
  device removal.

- if a bigger memory is to be allocated, krealloc() could
  kfree() the managed memory region which is passed to it.
  The old pointer is left registered as a resource for the
  device. On device removal, this dangling pointer will be
  used and an unrelated memory region could be released.

- if the requested size is equal to 0, krealloc() can also
  just behave like kfree(). Here too, the old pointer is
  kept associated with the device. On device removal, this
  invalid pointer will be used and an unrelated memory
  region could be released.

For all these reasons, krealloc() must not be used on a
pointer returned by devm_*() functions.

Change-Id: I36061f5668a1b1128df9414b577150281f0f8a5a
Cc: Tejun Heo <tj@kernel.org>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit b7b2ee41f300b69c67c798df0cd5b8648bcb26a3)

UPSTREAM: coccinelle: recognize more devm_* memory allocation functions

Updates free/devm_free.cocci to recognize functions added by:

- commit 64c862a839a8 ('devres: add kernel standard devm_k.alloc functions')
- commit e31108cad3de ('devres: introduce API "devm_kstrdup"')
- commit 3046365bb470 ('devres: introduce API "devm_kmemdup')
- commit 43339bed7010 ('devres: Add devm_get_free_pages API')
- commit 75f2a4ead5d5 ('devres: Add devm_kasprintf and devm_kvasprintf API')

See also Documentation/driver-model/devres.txt

Change-Id: I5224960b028811484f27dd174629df6d5b052cd3
Cc: Joe Perches <joe@perches.com>
Cc: Manish Badarkhe <badarkhe.manish@gmail.com>
Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Cc: Eli Billauer <eli.billauer@gmail.com>
Cc: Himangi Saraogi <himangi774@gmail.com>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Wolfram Sang <w.sang@pengutronix.de>
Cc: Daniel Thompson <daniel.thompson@linaro.org>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit a720c0644d14011d3a1bcc8d1b36e80571ad2ce1)

UPSTREAM: coccinelle: also catch kzfree() issues

Since commit 3ef0e5ba4673 ('slab: introduce kzfree()'),
kfree() is no more the only function to be considered:
kzfree() should be recognized too.

In particular, kzfree() must not be called on memory
allocated through devm_*() functions.

Change-Id: I9cde2ad48245c628c6708ab008e0513945a04cef
Cc: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit 6dd9379e8f327e70d182b15be3ba21aa2b5d2cba)

UPSTREAM: Coccinelle: noderef: Add new rules and correct the old rule

Add new rules to detect the cases where sizeof is used in
function calls as a argument.

Also, for the patch mode third rule should behave same as
second rule with arguments reversed. So, change that as well.

Change-Id: Id50b413c43d1c7f8c17a8cd784aa4d9d90046e62
Signed-off-by: Vaishali Thakkar <vaishali.thakkar@oracle.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit bf56cc04ef97c8ec536e3fcd16fc57902cba339f)

UPSTREAM: scripts: coccinelle: remove check to move constants to right

The header mentions this check depends on personal taste. I agree.
Running coccicheck on patches before I apply them, this SmPL produced
enough false positives for me that I'd rather see it removed.

Change-Id: Ia9638b059dd9eedb5f266061ae61ede963870acd
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit f931362b38191016b7a6dc31d90a515b37658e02)

UPSTREAM: Coccinelle: setup_timer: Add space in front of parentheses

Add space in front of the offending parentheses to silent the
parse error for older Coccinelle versions. This makes the rule
usable with all Coccinelle versions.

Change-Id: I44060c14a88fa322ac609474cc9b03b0856d5dab
Reported-by: Nishanth Menon <nm@ti.com>
Signed-off-by: Vaishali Thakkar <vaishali.thakkar@oracle.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Fixes: c5eda8fd10c6 ("Coccinelle: Add api/setup_timer.cocci")
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit 531f50388f1b05a297c6eab7a0c1e8e6d997678b)

UPSTREAM: Coccinelle: Add api/setup_timer.cocci

Use the timer API function setup_timer instead of structure field
assignments to initialize a timer.

Change-Id: I18ecc8a8ac368b893f0ceab9ad41add255bc3cd5
Signed-off-by: Vaishali Thakkar <vaishali.thakkar@oracle.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit c5eda8fd10c64720d5232189f812a3b1cc983b8b)

UPSTREAM: coccinelle: bugon: reduce rule applicability

Rule r is only use in org or report mode, so only execute it in those
cases.

Change-Id: If04125246bc21159b37d41c67a5b2556ec8ede3a
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit f75621c6ecadbd1802a7142fd346511cea05250a)

UPSTREAM: Coccinelle: pm_runtime: reduce rule applicability

Rule r is only used in org or report mode, so only execute it in those
cases.

Change-Id: Ib2311a33fca6544b885bbf44b9695e1984680f96
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit 79ff2b3deae7db21e73f1e0add92c988135defd2)

UPSTREAM: Coccinelle: array_size: reduce rule applicability

Rule r is only use in org or report mode, so only execute it in those
cases.

Change-Id: I00224a5dda297070e31defd650247261e08dc830
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit c7eaa8873b3e50667e0b6529141139147f34748e)

UPSTREAM: Coccinelle: reduce rule applicability

Rule r is only use in org or report mode, so only execute it in those
cases.

Change-Id: Id2705a31f11329132b5af54ba933c208a49557bd
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit 8f551befa2269dc244bcfbcad795132f833cb71c)

UPSTREAM: coccinelle: tests: unsigned value cannot be lesser than zero

Unsigned expressions cannot be lesser than zero. Presence of comparisons
'unsigned (<|<=|>|>=) 0' often indicates a bug, usually wrong type of variable.
The patch beside finding such comparisons tries to eliminate false positives,
mainly by bypassing range checks.

gcc can detect such comparisons also using -Wtype-limits switch, but it warns
also in correct cases, making too much noise.

Change-Id: I9fbf55a16d9ae508ca46cba2f8292d5e4b4cc697
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>
(cherry picked from commit 3f984cb39907f87515d83657ecd471ae396a6c4a)

sched/fair: fix building without CGROUP_SCHEDTUNE

Fixes: e00ebdcb8a7c ("sched/tune: don't use schedtune before it is ready")
Change-Id: I86312b6d271365cfb94e6ca570771a6bca46e67b
Signed-off-by: Huang, Tao <huangtao@rock-chips.com>

Merge tag 'lsk-v4.4-17.06-android' of git://git.linaro.org/kernel/linux-linaro-stable.git

LSK 17.06 v4.4-android

* tag 'lsk-v4.4-17.06-android': (134 commits)
  ANDROID: sdcardfs: remove dead function open_flags_to_access_mode()
  ANDROID: android-base.cfg: split out arm64-specific configs
  usb: gadget: f_fs: Fix possibe deadlock
  ANDROID: uid_sys_stats: check previous uid_entry before call find_or_register_uid
  ANDROID: sdcardfs: d_splice_alias can return error values
  android: base-cfg: disable CONFIG_NFS_FS and CONFIG_NFSD
  schedstats/eas: guard properly to avoid breaking non-smp schedstats users
  BACKPORT: f2fs: sanity check size of nat and sit cache
  FROMLIST: f2fs: sanity check checkpoint segno and blkoff
  sched/tune: don't use schedtune before it is ready
  sched/fair: use SCHED_CAPACITY_SCALE for energy normalization
  sched/{fair,tune}: use reciprocal_value to compute boost margin
  sched/tune: Initialize raw_spin_lock in boosted_groups
  sched/tune: report when SchedTune has not been initialized
  sched/tune: fix sched_energy_diff tracepoint
  sched/tune: increase group count to 5
  cpufreq/schedutil: use boosted_cpu_util for PELT to match WALT
  sched/fair: Fix sched_group_energy() to support per-cpu capacity states
  sched/fair: discount task contribution to find CPU with lowest utilization
  sched/fair: ensure utilization signals are synchronized before use
  ...