Workaround problem with Samba responses to SMB3.1.1
null user (guest) mounts.  The server doesn't set the
expected flag in the session setup response so we have
to do a similar check to what is done in smb3_validate_negotiate
where we also check if the user is a null user (but not sec=krb5
since username might not be passed in on mount for Kerberos case).

Note that the commit below tightened the conditions and forced signing
for the SMB2-TreeConnect commands as per MS-SMB2.
However, this should only apply to normal user sessions and not for
cases where there is no user (even if server forgets to set the flag
in the response) since we don't have anything useful to sign with.
This is especially important now that the more secure SMB3.1.1 protocol
is in the default dialect list.

An earlier patch ("cifs: allow guest mounts to work for smb3.11") fixed
the guest mounts to Windows.

    Fixes: 6188f28b ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares")
Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
Reviewed-by: Paulo Alcantara <palcantara@suse.de>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

This patch fixes the following KASAN report:

[  779.044746] BUG: KASAN: slab-out-of-bounds in string+0xab/0x180
[  779.044750] Read of size 1 at addr ffff88814f327968 by task trace-cmd/2812

[  779.044756] CPU: 1 PID: 2812 Comm: trace-cmd Not tainted 5.1.0-rc1+ #62
[  779.044760] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-0-ga698c89-prebuilt.qemu.org 04/01/2014
[  779.044761] Call Trace:
[  779.044769]  dump_stack+0x5b/0x90
[  779.044775]  ? string+0xab/0x180
[  779.044781]  print_address_description+0x6c/0x23c
[  779.044787]  ? string+0xab/0x180
[  779.044792]  ? string+0xab/0x180
[  779.044797]  kasan_report.cold.3+0x1a/0x32
[  779.044803]  ? string+0xab/0x180
[  779.044809]  string+0xab/0x180
[  779.044816]  ? widen_string+0x160/0x160
[  779.044822]  ? vsnprintf+0x5bf/0x7f0
[  779.044829]  vsnprintf+0x4e7/0x7f0
[  779.044836]  ? pointer+0x4a0/0x4a0
[  779.044841]  ? seq_buf_vprintf+0x79/0xc0
[  779.044848]  seq_buf_vprintf+0x62/0xc0
[  779.044855]  trace_seq_printf+0x113/0x210
[  779.044861]  ? trace_seq_puts+0x110/0x110
[  779.044867]  ? trace_raw_output_prep+0xd8/0x110
[  779.044876]  trace_raw_output_smb3_tcon_class+0x9f/0xc0
[  779.044882]  print_trace_line+0x377/0x890
[  779.044888]  ? tracing_buffers_read+0x300/0x300
[  779.044893]  ? ring_buffer_read+0x58/0x70
[  779.044899]  s_show+0x6e/0x140
[  779.044906]  seq_read+0x505/0x6a0
[  779.044913]  vfs_read+0xaf/0x1b0
[  779.044919]  ksys_read+0xa1/0x130
[  779.044925]  ? kernel_write+0xa0/0xa0
[  779.044931]  ? __do_page_fault+0x3d5/0x620
[  779.044938]  do_syscall_64+0x63/0x150
[  779.044944]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  779.044949] RIP: 0033:0x7f62c2c2db31
[ 779.044955] Code: fe ff ff 48 8d 3d 17 9e 09 00 48 83 ec 08 e8 96 02
02 00 66 0f 1f 44 00 00 8b 05 fa fc 2c 00 48 63 ff 85 c0 75 13 31 c0
0f 05 <48> 3d 00 f0 ff ff 77 57 f3 c3 0f 1f 44 00 00 55 53 48 89 d5 48
89
[  779.044958] RSP: 002b:00007ffd6e116678 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  779.044964] RAX: ffffffffffffffda RBX: 0000560a38be9260 RCX: 00007f62c2c2db31
[  779.044966] RDX: 0000000000002000 RSI: 00007ffd6e116710 RDI: 0000000000000003
[  779.044966] RDX: 0000000000002000 RSI: 00007ffd6e116710 RDI: 0000000000000003
[  779.044969] RBP: 00007f62c2ef5420 R08: 0000000000000000 R09: 0000000000000003
[  779.044972] R10: ffffffffffffffa8 R11: 0000000000000246 R12: 00007ffd6e116710
[  779.044975] R13: 0000000000002000 R14: 0000000000000d68 R15: 0000000000002000

[  779.044981] Allocated by task 1257:
[  779.044987]  __kasan_kmalloc.constprop.5+0xc1/0xd0
[  779.044992]  kmem_cache_alloc+0xad/0x1a0
[  779.044997]  getname_flags+0x6c/0x2a0
[  779.045003]  user_path_at_empty+0x1d/0x40
[  779.045008]  do_faccessat+0x12a/0x330
[  779.045012]  do_syscall_64+0x63/0x150
[  779.045017]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

[  779.045019] Freed by task 1257:
[  779.045023]  __kasan_slab_free+0x12e/0x180
[  779.045029]  kmem_cache_free+0x85/0x1b0
[  779.045034]  filename_lookup.part.70+0x176/0x250
[  779.045039]  do_faccessat+0x12a/0x330
[  779.045043]  do_syscall_64+0x63/0x150
[  779.045048]  entry_SYSCALL_64_after_hwframe+0x44/0xa9

[  779.045052] The buggy address belongs to the object at ffff88814f326600
which belongs to the cache names_cache of size 4096
[  779.045057] The buggy address is located 872 bytes to the right of
4096-byte region [ffff88814f326600, ffff88814f327600)
[  779.045058] The buggy address belongs to the page:
[  779.045062] page:ffffea00053cc800 count:1 mapcount:0 mapping:ffff88815b191b40 index:0x0 compound_mapcount: 0
[  779.045067] flags: 0x200000000010200(slab|head)
[  779.045075] raw: 0200000000010200 dead000000000100 dead000000000200 ffff88815b191b40
[  779.045081] raw: 0000000000000000 0000000000070007 00000001ffffffff 0000000000000000
[  779.045083] page dumped because: kasan: bad access detected

[  779.045085] Memory state around the buggy address:
[  779.045089]  ffff88814f327800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  779.045093]  ffff88814f327880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  779.045097] >ffff88814f327900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  779.045099]                                                           ^
[  779.045103]  ffff88814f327980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  779.045107]  ffff88814f327a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  779.045109] ==================================================================
[  779.045110] Disabling lock debugging due to kernel taint

Correctly assign tree name str for smb3_tcon event.
Signed-off-by: Paulo Alcantara (SUSE) <paulo@paulo.ac>
Signed-off-by: Steve French <stfrench@microsoft.com>

Fix Guest/Anonymous sessions so that they work with SMB 3.11.

The commit noted below tightened the conditions and forced signing for
the SMB2-TreeConnect commands as per MS-SMB2.
However, this should only apply to normal user sessions and not for
Guest/Anonumous sessions.

Fixes: 6188f28b ("Tree connect for SMB3.1.1 must be signed for non-encrypted shares")
Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
CC: Stable <stable@vger.kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>

It was mapped to EIO which can be confusing when user space
queries for an object GUID for an object for which the server
file system doesn't support (or hasn't saved one).

As Amir Goldstein suggested this is similar to ENOATTR
(equivalently ENODATA in Linux errno definitions) so
changing NT STATUS code mapping for OBJECTID_NOT_FOUND
to ENODATA.
Signed-off-by: Steve French <stfrench@microsoft.com>
CC: Amir Goldstein <amir73il@gmail.com>

dedupe_file_range operations is combiled into remap_file_range.
But it's always skipped for dedupe operations in function
cifs_remap_file_range.

Example to test:
Before this patch:
  # dd if=/dev/zero of=cifs/file bs=1M count=1
  # xfs_io -c "dedupe cifs/file 4k 64k 4k" cifs/file
  XFS_IOC_FILE_EXTENT_SAME: Invalid argument

After this patch:
  # dd if=/dev/zero of=cifs/file bs=1M count=1
  # xfs_io -c "dedupe cifs/file 4k 64k 4k" cifs/file
  XFS_IOC_FILE_EXTENT_SAME: Operation not supported

Influence for xfstests:
generic/091
generic/112
generic/127
generic/263
These tests report this error "do_copy_range:: Invalid
argument" instead of "FIDEDUPERANGE: Invalid argument".
Because there are still two bugs cause these test failed.
https://bugzilla.kernel.org/show_bug.cgi?id=202935
https://bugzilla.kernel.org/show_bug.cgi?id=202785Signed-off-by: Xiaoli Feng <fengxiaoli0714@gmail.com>
Signed-off-by: Steve French <stfrench@microsoft.com>

When sending a rdata, transport may return -EAGAIN. In this case
we should re-obtain credits because the session may have been
reconnected.

Change in v2: adjust_credits before re-sending
Signed-off-by: Long Li <longli@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>

When sending a wdata, transport may return -EAGAIN. In this case
we should re-obtain credits because the session may have been
reconnected.

Change in v2: adjust_credits before re-sending
Signed-off-by: Long Li <longli@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Reviewed-by: Pavel Shilovsky <pshilov@microsoft.com>

Pull powerpc fixes from Michael Ellerman:
 "One fix for a boot failure on 32-bit, introduced during the merge
  window.

  A fix for our handling of CLOCK_MONOTONIC in the 64-bit VDSO. Changing
  the wall clock across the Y2038 boundary could cause CLOCK_MONOTONIC
  to jump forward and backward.

  Our spectre_v2 reporting was a bit confusing due to a bug I
  introduced. On some systems it was reporting that the count cache was
  disabled and also that we were flushing the count cache on context
  switch. Only the former is true, and given that the count cache is
  disabled it doesn't make any sense to flush it. No one reported it, so
  presumably the presence of any mitigation is all people check for.

  Finally a small build fix for zsmalloc on 32-bit.

  Thanks to: Ben Hutchings, Christophe Leroy, Diana Craciun, Guenter
  Roeck, Michael Neuling"

* tag 'powerpc-5.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/security: Fix spectre_v2 reporting
  powerpc/mm: Only define MAX_PHYSMEM_BITS in SPARSEMEM configurations
  powerpc/6xx: fix setup and use of SPRN_SPRG_PGDIR for hash32
  powerpc/vdso64: Fix CLOCK_MONOTONIC inconsistencies across Y2038

Pull iommu fixes from Joerg Roedel:

 - AMD IOMMU fix for sg-mapping with sg->offset > PAGE_SIZE

 - Fix for IOVA code to trigger the slow-path less often

 - Two fixes for Intel VT-d to avoid writing to read-only registers and
   to flush the right domain id for the default domains in scalable mode

* tag 'iommu-fixes-v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/vt-d: Save the right domain ID used by hardware
  iommu/vt-d: Check capability before disabling protected memory
  iommu/iova: Fix tracking of recently failed iova address
  iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE

Pull sound fixes from Takashi Iwai:
 "The only significant change is the regression fixes for the jack
  detection at resume on HD-audio, while others are all small or trivial
  fixes like the coverage of missing error code or usual HD-audio quirk"

* tag 'sound-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286
  ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
  ALSA: hda - Don't trigger jackpoll_work in azx_resume
  ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
  ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
  ALSA: firewire-motu: use 'version' field of unit directory to identify model
  ALSA: sb8: add a check for request_region
  ALSA: echoaudio: add a check for ioremap_nocache

Pull device properties framework fix from Rafael Wysocki:
 "Add missing 'static' in two places (YueHaibing)"

* tag 'devprop-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  drivers: base: swnode: Make two functions static

Pull ACPI fix from Rafael Wysocki:
 "Prevent device references acquired by bus_find_device() in
  acpi_dev_present() from being leaked (Andy Shevchenko)"

* tag 'acpi-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI / utils: Drop reference in test for device presence

Pull power management fixes from Rafael Wysocki:
 "These rearrange some code in the generic power domains (genpd)
  framework to avoid a potential deadlock and make the turbostat utility
  behave more as expected.

  Specifics:

   - Rearrange the generic power domains (genpd) code to avoid a
     potential deadlock possible due to its interactions with the clock
     framework (Jiada Wang)

   - Make turbostat return the exit status of the command run under it
     if that command fails (David Arcari)"

* tag 'pm-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  PM / Domains: Avoid a potential deadlock
  tools/power turbostat: return the exit status of a command

Pull MMC fixes from Ulf Hansson:
 "A couple of MMC host fixes intended for v5.1:

   - alcor: Fix DMA reads

   - renesas_sdhi: Limit block count to 16-bit for old revisions

   - sdhci-omap: Fixup support for read-only pins

   - mxcmmc: Revert support for highmem pages

   - davinci/pxamci: Fix clang build warnings"

* tag 'mmc-v5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: renesas_sdhi: limit block count to 16 bit for old revisions
  mmc: alcor: fix DMA reads
  mmc: sdhci-omap: Set caps2 to indicate no physical write protect pin
  mmc: mxcmmc: "Revert mmc: mxcmmc: handle highmem pages"
  mmc: davinci: remove extraneous __init annotation
  mmc: pxamci: fix enum type confusion

The driver sets a default domain id (FLPT_DEFAULT_DID) in the
first level only pasid entry, but saves a different domain id
in @sdev->did. The value saved in @sdev->did will be used to
invalidate the translation caches. Hence, the driver might
result in invalidating the caches with a wrong domain id.

Cc: Ashok Raj <ashok.raj@intel.com>
Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Fixes: 1c4f88b7 ("iommu/vt-d: Shared virtual address in scalable mode")
Signed-off-by: Liu Yi L <yi.l.liu@intel.com>
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>

The spec states in 10.4.16 that the Protected Memory Enable
Register should be treated as read-only for implementations
not supporting protected memory regions (PLMR and PHMR fields
reported as Clear in the Capability register).

Cc: Jacob Pan <jacob.jun.pan@linux.intel.com>
Cc: mark gross <mgross@intel.com>
Suggested-by: Ashok Raj <ashok.raj@intel.com>
Fixes: f8bab735 ("intel-iommu: PMEN support")
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>

If a 32 bit allocation request is too big to possibly succeed, it
early exits with a failure and then should never update max32_alloc_
size. This patch fixes current code, now the size is only updated if
the slow path failed while walking the tree. Without the fix the
allocation may enter the slow path again even if there was a failure
before of a request with the same or a smaller size.

Cc: <stable@vger.kernel.org> # 4.20+
Fixes: bee60e94 ("iommu/iova: Optimise attempts to allocate iova from 32bit address range")
Reviewed-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Robert Richter <rrichter@marvell.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>

* pm-domains:
  PM / Domains: Avoid a potential deadlock

Pull drm fixes from Dave Airlie:
 "i915, amdgpu, vmwgfx, exynos, nouveau and udl fixes.

  Seems to be lots of little minor ones for regressions in rc1, and some
  cleanups. The exynos one is the largest one, and is for a hw
  difference between exynos versions"

* tag 'drm-fixes-2019-03-22' of git://anongit.freedesktop.org/drm/drm:
  drm/nouveau/dmem: empty chunk do not have a buffer object associated with them.
  drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
  drm/nouveau/dmem: Fix a NULL vs IS_ERR() check
  drm/nouveau/dmem: remove set but not used variable 'drm'
  drm/exynos/mixer: fix MIXER shadow registry synchronisation code
  drm/vmwgfx: Don't double-free the mode stored in par->set_mode
  drm/vmwgfx: Return 0 when gmrid::get_node runs out of ID's
  drm/amdgpu: fix invalid use of change_bit
  drm/amdgpu: revert "cleanup setting bulk_movable"
  drm/i915: Sanity check mmap length against object size
  drm/i915: Fix off-by-one in reporting hanging process
  drm/i915/bios: assume eDP is present on port A when there is no VBT
  drm/udl: use drm_gem_object_put_unlocked.

- Parially revert a bulk move clean up change to fix a ref count bug
- Fix invalid use of change_bit that caused a crash on PPC64 and ARM64
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190321020933.3508-1-alexander.deucher@amd.com

Two fixes CC'd stable. One fix for a long-standing a bit hard-to-trigger fbdev
modesetting bug and one out-of-bo-id fix.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Thomas Hellstrom <thellstrom@vmware.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190321112026.114328-1-thellstrom@vmware.com

Merge tag 'exynos-drm-fixes-for-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes

- Fix page fault issue at Mixer device
  . This patch fixes the page fault issue by correcting sychronization
    method for updating shadow registers for Mixer device.
Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Inki Dae <inki.dae@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1553162223-10090-1-git-send-email-inki.dae@samsung.com

Merge tag 'drm-intel-fixes-2019-03-20' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

A protection on our mmap against attempts to map past the end of the object;
plus a fix off-by-one in our hang report and a protection;
and a fix for eDP panels on Gen9 platforms on VBT absence.
Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20190320201451.GA7993@intel.com

Some minor nouveau dmem and other fixes.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Ben Skeggs <bskeggs@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/CABDvA==kMkD6n-cS9KpQBcTU1E8p7Wc+H1ZuOhSfD7yTFJVvkw@mail.gmail.com

Empty chunk do not have a bo associated with them so no need to pin/unpin
on suspend/resume.

This fix suspend/resume on 5.1rc1 when NOUVEAU_SVM is enabled.
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Reviewed-by: Tobias Klausmann <tobias.johannes.klausmann@mni.thm.de>
Tested-by: Tobias Klausmann <tobias.johannes.klausmann@mni.thm.de>
Cc: Ben Skeggs <bskeggs@redhat.com>
Cc: dri-devel@lists.freedesktop.org
Cc: nouveau@lists.freedesktop.org
Cc: David Airlie <airlied@linux.ie>
Cc: Daniel Vetter <daniel@ffwll.ch>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>

pm_runtime_get_sync returns negative on failure.

Fixes: eaeb9010 ("drm/nouveau/debugfs: Wake up GPU before doing any reclocking")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>

The hmm_devmem_add() function doesn't return NULL, it returns error
pointers.

Fixes: 5be73b69 ("drm/nouveau/dmem: device memory helpers for SVM")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>

Fixes gcc '-Wunused-but-set-variable' warning:

drivers/gpu/drm/nouveau/nouveau_dmem.c: In function 'nouveau_dmem_free':
drivers/gpu/drm/nouveau/nouveau_dmem.c:103:22: warning:
 variable 'drm' set but not used [-Wunused-but-set-variable]
  struct nouveau_drm *drm;
                      ^
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>

Pull arm64 fixes from Catalin Marinas:
 "Mostly fixes apart from the kprobe blacklist checking which was
  deferred because of conflicting with a fix merged after I pinned the
  arm64 for-next/core branch (f2b3d856 "arm64: kprobe: Always
  blacklist the KVM world-switch code").

  Summary:

   - Update the kprobe blacklist checking for arm64. This was supposed
     to be queued during the merging window but, due to conflicts, it
     was deferred post -rc1

   - Extend the Fujitsu erratum 010001 workaround to A64FX v1r0

   - Whitelist HiSilicon Taishan v110 CPUs as not susceptible to
     Meltdown

   - Export save_stack_trace_regs()

   - Remove obsolete selection of MULTI_IRQ_HANDLER"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: remove obsolete selection of MULTI_IRQ_HANDLER
  arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs
  arm64: Add MIDR encoding for HiSilicon Taishan CPUs
  arm64/stacktrace: Export save_stack_trace_regs()
  arm64: apply workaround on A64FX v1r0
  arm64: kprobes: Use arch_populate_kprobe_blacklist()
  arm64: kprobes: Move exception_text check in blacklist
  arm64: kprobes: Remove unneeded RODATA check
  arm64: kprobes: Move extable address check into arch_prepare_kprobe()

Pull selinux fix from Paul Moore:
 "Another small SELinux fix for v5.1"

* tag 'selinux-pr-20190321' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: fix NULL dereference in policydb_destroy()

Pull udf fixes from Jan Kara:
 "Two udf error handling fixes"

* tag 'fixes_for_v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  udf: Propagate errors from udf_truncate_extents()
  udf: Fix crash on IO error during truncate

Pull fsnotify fixes from Jan Kara:
 "One inotify and one fanotify fix"

* tag 'fsnotify_for_v5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  fanotify: Allow copying of file handle to userspace
  inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()

R-Car Gen2 has two different SDHI incarnations in the same chip. The
older one does not support the recently introduced 32 bit register
access to the block count register. Make sure we use this feature only
after the first known version.

Thanks to the Renesas Testing team for this bug report!

Fixes: 5603731a ("mmc: tmio: fix access width of Block Count Register")
Reported-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Reviewed-by: Simon Horman <horms+renesas@verge.net.au>
Tested-by: Phong Hoang <phong.hoang.wz@renesas.com>
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

Setting max_blk_count to 1 here was causing the mmc block layer
to always use the MMC_READ_SINGLE_BLOCK command here, which the
driver does not DMA-accelerate.

Drop the max_blk_ settings here. The mmc host defaults suffice,
along with the max_segs and max_seg_size settings, which I have
now documented in more detail.

Now each MMC command reads 4 512-byte blocks, using DMA instead of
PIO. On my SD card, this increases read performance (measured with dd)
from 167kb/sec to 4.6mb/sec.

Link: http://lkml.kernel.org/r/CAD8Lp47L5T3jnAjBiPs1cQ+yFA3L6LJtgFvMETnBrY63-Zdi2g@mail.gmail.comSigned-off-by: Daniel Drake <drake@endlessm.com>
Reviewed-by: Oleksij Rempel <linux@rempel-privat.de>
Fixes: c5413ad8 ("mmc: add new Alcor Micro Cardreader SD/MMC driver")
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

After commit 6d5cd068 ("mmc: sdhci: use WP GPIO in
sdhci_check_ro()") and commit 39ee32ce ("mmc: sdhci-omap: drop
->get_ro() implementation"), sdhci-omap relied on SDHCI_PRESENT_STATE
to check if the card is read-only, if wp-gpios is not populated
in device tree. However SDHCI_PRESENT_STATE in sdhci-omap does not have
correct read-only state.

sdhci-omap can be used by platforms with both micro SD slot and standard
SD slot with physical write protect pin (using GPIO). Set caps2 to
MMC_CAP2_NO_WRITE_PROTECT based on if wp-gpios property is populated or
not.

This fix is required since existing device-tree node doesn't have
"disable-wp" property and to preserve old-dt compatibility.

Fixes: 6d5cd068 ("mmc: sdhci: use WP GPIO in sdhci_check_ro()")
Fixes: 39ee32ce ("mmc: sdhci-omap: drop ->get_ro() implementation")
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

When I updated the spectre_v2 reporting to handle software count cache
flush I got the logic wrong when there's no software count cache
enabled at all.

The result is that on systems with the software count cache flush
disabled we print:

  Mitigation: Indirect branch cache disabled, Software count cache flush

Which correctly indicates that the count cache is disabled, but
incorrectly says the software count cache flush is enabled.

The root of the problem is that we are trying to handle all
combinations of options. But we know now that we only expect to see
the software count cache flush enabled if the other options are false.

So split the two cases, which simplifies the logic and fixes the bug.
We were also missing a space before "(hardware accelerated)".

The result is we see one of:

  Mitigation: Indirect branch serialisation (kernel only)
  Mitigation: Indirect branch cache disabled
  Mitigation: Software count cache flush
  Mitigation: Software count cache flush (hardware accelerated)

Fixes: ee13cb24 ("powerpc/64s: Add support for software count cache flush")
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Reviewed-by: Michael Neuling <mikey@neuling.org>
Reviewed-by: Diana Craciun <diana.craciun@nxp.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

This reverts commit b189e758.

Unable to handle kernel paging request at virtual address c8358000
pgd = efa405c3
[c8358000] *pgd=00000000
Internal error: Oops: 805 [#1] PREEMPT ARM
CPU: 0 PID: 711 Comm: kworker/0:2 Not tainted 4.20.0+ #30
Hardware name: Freescale i.MX27 (Device Tree Support)
Workqueue: events mxcmci_datawork
PC is at mxcmci_datawork+0xbc/0x2ac
LR is at mxcmci_datawork+0xac/0x2ac
pc : [<c04e33c8>]    lr : [<c04e33b8>]    psr: 60000013
sp : c6c93f08  ip : 24004180  fp : 00000008
r10: c8358000  r9 : c78b3e24  r8 : c6c92000
r7 : 00000000  r6 : c7bb8680  r5 : c7bb86d4  r4 : c78b3de0
r3 : 00002502  r2 : c090b2e0  r1 : 00000880  r0 : 00000000
Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 0005317f  Table: a68a8000  DAC: 00000055
Process kworker/0:2 (pid: 711, stack limit = 0x389543bc)
Stack: (0xc6c93f08 to 0xc6c94000)
3f00:                   c7bb86d4 00000000 00000000 c6cbfde0 c7bb86d4 c7ee4200
3f20: 00000000 c0907ea8 00000000 c7bb86d8 c0907ea8 c012077c c6cbfde0 c7bb86d4
3f40: c6cbfde0 c6c92000 c6cbfdf4 c09280ba c0907ea8 c090b2e0 c0907ebc c0120c18
3f60: c6cbfde0 00000000 00000000 c6cbb580 c7ba7c40 c7837edc c6cbb598 00000000
3f80: c6cbfde0 c01208f8 00000000 c01254fc c7ba7c40 c0125400 00000000 00000000
3fa0: 00000000 00000000 00000000 c01010d0 00000000 00000000 00000000 00000000
3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 00000000 00000000
[<c04e33c8>] (mxcmci_datawork) from [<c012077c>] (process_one_work+0x1f0/0x338)
[<c012077c>] (process_one_work) from [<c0120c18>] (worker_thread+0x320/0x474)
[<c0120c18>] (worker_thread) from [<c01254fc>] (kthread+0xfc/0x118)
[<c01254fc>] (kthread) from [<c01010d0>] (ret_from_fork+0x14/0x24)
Exception stack(0xc6c93fb0 to 0xc6c93ff8)
3fa0:                                     00000000 00000000 00000000 00000000
3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
Code: e3500000 1a000059 e5153050 e5933038 (e48a3004)
---[ end trace 54ca629b75f0e737 ]---
note: kworker/0:2[711] exited with preempt_count 1
Signed-off-by: Alexander Shiyan <shc_work@mail.ru>
Fixes: b189e758 ("mmc: mxcmmc: handle highmem pages")
Cc: stable@vger.kernel.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

Some Acer AIO desktops like Veriton Z6860G, Z4860G and Z4660G cannot
record sound from headset MIC.  This patch adds the
ALC286_FIXUP_ACER_AIO_HEADSET_MIC quirk to fix this issue.

Fixes: 9f8aefed ("ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G")
Fixes: b72f936f ("ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G")
Signed-off-by: Jian-Hong Pan <jian-hong@endlessm.com>
Reviewed-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

MIXER on Exynos5 SoCs uses different synchronisation method than Exynos4
to update internal state (shadow registers).
Apparently the driver implements it incorrectly. The rule should be
as follows:
- do not request updating registers until previous request was finished,
  ie. MXR_CFG_LAYER_UPDATE_COUNT must be 0.
- before setting registers synchronisation on VSYNC should be turned off,
  ie. MXR_STATUS_SYNC_ENABLE should be reset,
- after finishing MXR_STATUS_SYNC_ENABLE should be set again.
The patch hopefully implements it correctly.
Below sample kernel log from page fault caused by the bug:

[   25.670038] exynos-sysmmu 14650000.sysmmu: 14450000.mixer: PAGE FAULT occurred at 0x2247b800
[   25.677888] ------------[ cut here ]------------
[   25.682164] kernel BUG at ../drivers/iommu/exynos-iommu.c:450!
[   25.687971] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP ARM
[   25.693778] Modules linked in:
[   25.696816] CPU: 5 PID: 1553 Comm: fb-release_test Not tainted 5.0.0-rc7-01157-g5f86b1566bdd #136
[   25.705646] Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
[   25.711710] PC is at exynos_sysmmu_irq+0x1c0/0x264
[   25.716470] LR is at lock_is_held_type+0x44/0x64

v2: added missing MXR_CFG_LAYER_UPDATE bit setting in mixer_enable_sync
Reported-by: Marian Mihailescu <mihailescu2m@gmail.com>
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>

Pull ARC updates from Vineet Gupta:

 - unaligned access support for HS cores

 - Removed extra memory barrier around spinlock code

 - HSDK platform updates: enable dmac, reset

 - some more boot logging updates

 - misc minor fixes

* tag 'arc-5.1-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  arch: arc: Kconfig: pedantic formatting
  ARCv2: spinlock: remove the extra smp_mb before lock, after unlock
  ARC: unaligned: relax the check for gcc supporting -mno-unaligned-access
  ARC: boot log: cut down on verbosity
  ARCv2: boot log: refurbish HS core/release identification
  arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
  ARC: u-boot args: check that magic number is correct
  ARC: perf: bpok condition only exists for ARCompact
  ARCv2: Add explcit unaligned access support (and ability to disable too)
  ARCv2: lib: introduce memcpy optimized for unaligned access
  ARC: [plat-hsdk]: Enable AXI DW DMAC support
  ARC: [plat-hsdk]: Add reset controller handle to manage USB reset
  ARC: DTB: [scripted] fix node name and address spelling