We need to ensure rbu_data.lock is always held on return.

Fixes: 289790a3ea94 ("platform/x86: dell_rbu: stop abusing the DMA API")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Stuart Hayes <stuart.w.hayes@gmail.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Commit 0252894f added the Legion Y530 to the no_hw_rfkill
list, but missed a Y530 variant using the nvidia 1060 graphics card.
I have had to blacklist ideapad-laptop as a result to get Wi-Fi working.

dmidecode info:

Handle 0x0001, DMI type 1, 27 bytes
System Information
    Manufacturer: LENOVO
    Product Name: 81LB
    Version: Lenovo Legion Y530-15ICH-1060
    Serial Number: <snip>
    UUID: <snip>
    Wake-up Type: Power Switch
    SKU Number: LENOVO_MT_81LB_BU_idea_FM_Legion Y530-15ICH-1060
    Family: Legion Y530-15ICH-1060
Signed-off-by: Mark Levedahl <mlevedahl@gmail.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Add support for capability register in order to distinct between the
systems with minor LED configuration differences. It reduces the amount
of code describing systems' LED configuration.
For example one system can be equipped with six LED, while the other
with only four. Reading this information from the capability registers
allows to use the same LED structure for such systems and set the
relevant configuration dynamically based on capability register
content.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Acked-by: Jacek Anaszewski <jacek.anaszewski@gmail.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Fix the following KASAN warning produced when booting a 64-bit kernel:
[   13.334750] BUG: KASAN: stack-out-of-bounds in find_first_bit+0x19/0x70
[   13.342166] Read of size 8 at addr ffff880235067178 by task kworker/2:1/42
[   13.342176] CPU: 2 PID: 42 Comm: kworker/2:1 Not tainted 4.20.0-rc1+ #106
[   13.342179] Hardware name: Mellanox Technologies Ltd. MSN2740/Mellanox x86 SFF board, BIOS 5.6.5 06/07/2016
[   13.342190] Workqueue: events deferred_probe_work_func
[   13.342194] Call Trace:
[   13.342206]  dump_stack+0xc7/0x15b
[   13.342214]  ? show_regs_print_info+0x5/0x5
[   13.342220]  ? kmsg_dump_rewind_nolock+0x59/0x59
[   13.342234]  ? _raw_write_lock_irqsave+0x100/0x100
[   13.351593]  print_address_description+0x73/0x260
[   13.351603]  kasan_report+0x260/0x380
[   13.351611]  ? find_first_bit+0x19/0x70
[   13.351619]  find_first_bit+0x19/0x70
[   13.351630]  mlxreg_hotplug_work_handler+0x73c/0x920 [mlxreg_hotplug]
[   13.351639]  ? __lock_text_start+0x8/0x8
[   13.351646]  ? _raw_write_lock_irqsave+0x80/0x100
[   13.351656]  ? mlxreg_hotplug_remove+0x1e0/0x1e0 [mlxreg_hotplug]
[   13.351663]  ? regmap_volatile+0x40/0xb0
[   13.351668]  ? regcache_write+0x4c/0x90
[   13.351676]  ? mlxplat_mlxcpld_reg_write+0x24/0x30 [mlx_platform]
[   13.351681]  ? _regmap_write+0xea/0x220
[   13.351688]  ? __mutex_lock_slowpath+0x10/0x10
[   13.351696]  ? devm_add_action+0x70/0x70
[   13.351701]  ? mutex_unlock+0x1d/0x40
[   13.351710]  mlxreg_hotplug_probe+0x82e/0x989 [mlxreg_hotplug]
[   13.351723]  ? mlxreg_hotplug_work_handler+0x920/0x920 [mlxreg_hotplug]
[   13.351731]  ? sysfs_do_create_link_sd.isra.2+0xf4/0x190
[   13.351737]  ? sysfs_rename_link_ns+0xf0/0xf0
[   13.351743]  ? devres_close_group+0x2b0/0x2b0
[   13.351749]  ? pinctrl_put+0x20/0x20
[   13.351755]  ? acpi_dev_pm_attach+0x2c/0xd0
[   13.351763]  platform_drv_probe+0x70/0xd0
[   13.351771]  really_probe+0x480/0x6e0
[   13.351778]  ? device_attach+0x10/0x10
[   13.351784]  ? __lock_text_start+0x8/0x8
[   13.351790]  ? _raw_write_lock_irqsave+0x80/0x100
[   13.351797]  ? _raw_write_lock_irqsave+0x80/0x100
[   13.351806]  ? __driver_attach+0x190/0x190
[   13.351812]  driver_probe_device+0x17d/0x1a0
[   13.351819]  ? __driver_attach+0x190/0x190
[   13.351825]  bus_for_each_drv+0xd6/0x130
[   13.351831]  ? bus_rescan_devices+0x20/0x20
[   13.351837]  ? __mutex_lock_slowpath+0x10/0x10
[   13.351845]  __device_attach+0x18c/0x230
[   13.351852]  ? device_bind_driver+0x70/0x70
[   13.351859]  ? __mutex_lock_slowpath+0x10/0x10
[   13.351866]  bus_probe_device+0xea/0x110
[   13.351874]  deferred_probe_work_func+0x1c9/0x290
[   13.351882]  ? driver_deferred_probe_add+0x1d0/0x1d0
[   13.351889]  ? preempt_notifier_dec+0x20/0x20
[   13.351897]  ? read_word_at_a_time+0xe/0x20
[   13.351904]  ? strscpy+0x151/0x290
[   13.351912]  ? set_work_pool_and_clear_pending+0x9c/0xf0
[   13.351918]  ? __switch_to_asm+0x34/0x70
[   13.351924]  ? __switch_to_asm+0x40/0x70
[   13.351929]  ? __switch_to_asm+0x34/0x70
[   13.351935]  ? __switch_to_asm+0x40/0x70
[   13.351942]  process_one_work+0x5cc/0xa00
[   13.351952]  ? pwq_dec_nr_in_flight+0x1e0/0x1e0
[   13.351960]  ? pci_mmcfg_check_reserved+0x80/0xb8
[   13.351967]  ? run_rebalance_domains+0x250/0x250
[   13.351980]  ? stack_access_ok+0x35/0x80
[   13.351986]  ? deref_stack_reg+0xa1/0xe0
[   13.351994]  ? schedule+0xcd/0x250
[   13.352000]  ? worker_enter_idle+0x2d6/0x330
[   13.352006]  ? __schedule+0xeb0/0xeb0
[   13.352014]  ? fork_usermode_blob+0x130/0x130
[   13.352019]  ? mutex_lock+0xa7/0x100
[   13.352026]  ? _raw_spin_lock_irq+0x98/0xf0
[   13.352032]  ? _raw_read_unlock_irqrestore+0x30/0x30
[   13.352037] i2c i2c-2: Added multiplexed i2c bus 11
[   13.352043]  worker_thread+0x181/0xa80
[   13.352052]  ? __switch_to_asm+0x34/0x70
[   13.352058]  ? __switch_to_asm+0x40/0x70
[   13.352064]  ? process_one_work+0xa00/0xa00
[   13.352070]  ? __switch_to_asm+0x34/0x70
[   13.352076]  ? __switch_to_asm+0x40/0x70
[   13.352081]  ? __switch_to_asm+0x34/0x70
[   13.352086]  ? __switch_to_asm+0x40/0x70
[   13.352092]  ? __switch_to_asm+0x34/0x70
[   13.352097]  ? __switch_to_asm+0x40/0x70
[   13.352105]  ? __schedule+0x3d6/0xeb0
[   13.352112]  ? migrate_swap_stop+0x470/0x470
[   13.352119]  ? save_stack+0x89/0xb0
[   13.352127]  ? kmem_cache_alloc_trace+0xe5/0x570
[   13.352132]  ? kthread+0x59/0x1d0
[   13.352138]  ? ret_from_fork+0x35/0x40
[   13.352154]  ? __schedule+0xeb0/0xeb0
[   13.352161]  ? remove_wait_queue+0x150/0x150
[   13.352169]  ? _raw_write_lock_irqsave+0x80/0x100
[   13.352175]  ? __lock_text_start+0x8/0x8
[   13.352183]  ? process_one_work+0xa00/0xa00
[   13.352188]  kthread+0x1a4/0x1d0
[   13.352195]  ? kthread_create_worker_on_cpu+0xc0/0xc0
[   13.352202]  ret_from_fork+0x35/0x40

[   13.353879] The buggy address belongs to the page:
[   13.353885] page:ffffea0008d419c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   13.353890] flags: 0x2ffff8000000000()
[   13.353897] raw: 02ffff8000000000 ffffea0008d419c8 ffffea0008d419c8 0000000000000000
[   13.353903] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[   13.353905] page dumped because: kasan: bad access detected

[   13.353908] Memory state around the buggy address:
[   13.353912]  ffff880235067000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.353917]  ffff880235067080: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04
[   13.353921] >ffff880235067100: f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 f2 f2 f2 f2 04
[   13.353923]                                                                 ^
[   13.353927]  ffff880235067180: f2 f2 f2 f2 f2 f2 f2 04 f2 f2 f2 00 00 00 00 00
[   13.353931]  ffff880235067200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   13.353933] ==================================================================

The warning is caused by the below loop:
	for_each_set_bit(bit, (unsigned long *)&asserted, 8) {
while "asserted" is declared as 'unsigned'.

The casting of 32-bit unsigned integer pointer to a 64-bit unsigned long
pointer. There are two problems here.
It causes the access of four extra byte, which can corrupt memory
The 32-bit pointer address may not be 64-bit aligned.

The fix changes variable "asserted" to "unsigned long".

Fixes: 1f976f69 ("platform/x86: Move Mellanox platform hotplug driver to platform/mellanox")
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

In the function wmi_dev_match() the variable id is dereferenced without
first performing a NULL check. The variable can for example be NULL if
a WMI driver is registered without specifying the id_table field in
struct wmi_driver.

Add a NULL check and return that the driver can't handle the device if
the variable is NULL.

Fixes: 844af950 ("platform/x86: wmi: Turn WMI into a bus driver")
Signed-off-by: Mattias Jacobsson <2pi@mok.nu>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

For some odd reason dell_rbu actually seems to want the physical and
not a bus address for the allocated buffer.  Lets assume that actually
is correct given that it is BIOS-related and that is a good source
of insanity.  In that case we should not use dma_alloc_coherent with
a NULL device to allocate memory, but use GFP_DMA32 to stay under
the 32-bit BIOS limit.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Stuart Hayes <stuart.w.hayes@gmail.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Commit ae7c8cba ("platform/x86: ideapad-laptop: add lenovo RESCUER
R720-15IKBN to no_hw_rfkill_list") added
    DMI_MATCH(DMI_BOARD_NAME, "80WW")
for Lenovo RESCUER R720-15IKBN.

But DMI_BOARD_NAME does not match 80WW on Lenovo RESCUER R720-15IKBN,
thus cause Wireless LAN still be hard blocked.

On Lenovo RESCUER R720-15IKBN:
    ~$ cat /sys/class/dmi/id/sys_vendor
    LENOVO
    ~$ cat /sys/class/dmi/id/board_name
    Provence-5R3
    ~$ cat /sys/class/dmi/id/product_name
    80WW
    ~$ cat /sys/class/dmi/id/product_version
    Lenovo R720-15IKBN

So on Lenovo RESCUER R720-15IKBN:
    DMI_SYS_VENDOR should match "LENOVO",
    DMI_BOARD_NAME should match "Provence-5R3",
    DMI_PRODUCT_NAME should match "80WW",
    DMI_PRODUCT_VERSION should match "Lenovo R720-15IKBN".

Fix it, and in according with other entries in no_hw_rfkill_list,
use DMI_PRODUCT_VERSION instead of DMI_BOARD_NAME.

Fixes: ae7c8cba ("platform/x86: ideapad-laptop: add lenovo RESCUER R720-15IKBN to no_hw_rfkill_list")
Signed-off-by: Yang Fan <nullptr.cpp@gmail.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

hid-asus depends on asus-wmi through the asus_wmi_evaluate_method. Before
this commit asus-wmi, and thus hid-asus, could not be loaded on non-Asus
systems. This breaks using Asus bluetooth keyboards such as the Asus
T100CHI keyboard with non Asus systems.

This commit fixes this by allowing asus-wmi to load on systems without the
Asus Management GUID.

This is safe to do since all asus-wmi sub drivers use
asus_wmi_register_driver which also checks for the GUID.

This commit also improves the error messages in asus_wmi_register_driver
to include "ASUS" in their description to make them more clear. This is
important since we now rely on those errors when loaded on systems without
the Asus Management GUID.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Recently introduced commit "platform/x86: intel_pmc_core: Show Latency
Tolerance info <51337cd94d18184601ac0fb4cf1a02b8bbabc3d7> skipped the
LTR from a reserved IP. Though this doesn't cause any functional issue
but it is needed for the consumers of "ltr_ignore" as the index printing
for "ltr_show" is missing. For example, w/o this change, a user that wants
to ignore LTR from ME would do something like

echo 5 > ltr_ignore

but the index for ME is 6. Printing a reserved IP helps to properly
calculate LTR ignore offsets.

Cc: "David E. Box" <david.e.box@intel.com>
Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Rajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

File permissions for ltr_show attribute should be similar to other
debugfs attributes created by this driver. '0644' should be used only
when there is a write operation desired such as for ltr_ignore.

Cc: "David E. Box" <david.e.box@intel.com>
Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Fixes: 2eb15055 ("platform/x86: intel_pmc_core: Show Latency Tolerance info")
Signed-off-by: Rajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

For Cannonlake and Icelake, the IP name for Res_6 should be SPF i.e.
South Port F. No functional change is intended other than just renaming
the IP appropriately.

Cc: "David E. Box" <david.e.box@intel.com>
Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Fixes: 291101f6 ("platform/x86: intel_pmc_core: Add CannonLake PCH support")
Signed-off-by: Rajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

A previous commit "platform/x86: intel_pmc_core: Make the driver PCH
family agnostic <c977b98b>" provided
better abstraction to this driver but has some fundamental issues.

e.g. the following condition

for (index = 0; index < pmcdev->map->ppfear_buckets &&
	index < PPFEAR_MAX_NUM_ENTRIES; index++, iter++)

is wrong because for CNL, PPFEAR_MAX_NUM_ENTRIES is hardcoded as 5 which
is _wrong_ and even though ppfear_buckets is 8, the loop fails to read
all eight registers needed for CNL PCH i.e. PPFEAR0 and PPFEAR1. This
patch refactors the pfear show logic to correctly read PCH IP power
gating status for Cannonlake and beyond.

Cc: "David E. Box" <david.e.box@intel.com>
Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Fixes: c977b98b ("platform/x86: intel_pmc_core: Make the driver PCH family agnostic")
Signed-off-by: Rajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

Only Coffeelake should use Cannonlake regmap other than Cannonlake
platform. This allows Coffeelake special handling only when there is no
matching PCI device and default reg map selected as per CPUID is for
Sunrisepoint PCH. This change is needed to enable support for newer SoCs
such as Icelake.

Cc: "David E. Box" <david.e.box@intel.com>
Cc: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Fixes: 661405bd ("platform/x86: intel_pmc_core: Special case for Coffeelake")
Acked-by: "David E. Box" <david.e.box@linux.intel.com>
Signed-off-by: Rajneesh Bhardwaj <rajneesh.bhardwaj@linux.intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

Commit c3b8e884 ("platform/x86: intel_int0002_vgpio: Implement irq_set_wake"),
was written to fix some wakeup issues on Bay Trail (BYT) devices.

We've received a bug report that this causes a suspend regression on some
Cherry Trail (CHT) based devices.

To fix the issues this causes on CHT devices, this commit modifies the
irq_set_wake support so that we only implement irq_set_wake on BYT devices,

Fixes: c3b8e884 ("platform/x86: intel_int0002_vgpio: ... irq_set_wake")
Reported-and-tested-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

Lenovo ideapad 330-15ICH does not have hardware radio switch
but driver wrongly reports all radios as hard-blocked, add
it to no_hw_rfkill to fix it.

BugLink: https://bugs.launchpad.net/bugs/1811815Signed-off-by: Anthony Wong <anthony.wong@ubuntu.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

Add touchscreen platform data for the Chuwi Hi8 Air tablet.
Signed-off-by: Kai Renzig <k.renzig@gmail.com>
[andy: fixed driver name and rewrote subject]
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

Add touchscreen info for the Point of View Wintab P1006w (v1.0) tablet.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

There's a new wmi event generated by dell-wmi when pressing keyboard
backlight hotkey:
[ 3285.474172] dell_wmi: Unknown key with type 0x0010 and code 0x003f pressed

This event is for notification purpose, let's ignore it. The keyboard
backlight hotkey uses another event so it still works without event
0x3f.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Reviewed-by: Pali Rohár <pali.rohar@gmail.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

The Point of View TAB-P1006W-232-3G tablet has an ACPI firmware node with
a HID of BSG2150 describing the 2 Bosch sensors used in the device a
BMC150 compatible accelerometer and a BMC150 compatible magnetometer.

The ACPI firmware node actually contains 3 I2cSerialBusV2 resources,
but this seems to be a copy and paste job from the BSG1160 firmware node
on other devices, since there is no i2c-client listening to the 0x68
address listed in the third resource and the 0x68 address is identical
to the address of the third resource in the BSG1160 nodes, where as the
other 2 addresses are different.

Add the ID to the I2C multi instantiate list, so that the
i2c-multi-instantiate.c driver can handle it;

And add the necessary info to the i2c-multi-instantiate.c driver to
enumerate all I2C slaves correctly.

To avoid triggering the:

        if (i < multi->num_clients) {
                dev_err(dev, "Error finding driver, idx %d\n", i);

Error this commit lists the 3th device in the i2c_inst_data with a
type of "bsg2150_dummy_dev".
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>

Add support for new Mellanox system type MSN3700C, which is
a cost reduced flavor of the MSN37 system class.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Provide support for the fan capability registers for the next generation
systems of types MQM87xx, MSN34xx, MSN37xx. These new registers provide
configuration for tachometers and fan drawers connectivity.  Use these
registers for next generation led, fan and hotplug structures in order
to distinguish between the systems which have minor configuration
differences. This reduces the amount of code used to describe such
systems.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Add capability field to "mlxreg_core_platform_data" structure.
The purpose of this register is to provide additional info to platform
driver through the atribute related capability register.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Remove "led" from the description, since the structure
"mlxreg_core_platform_data" is used not only for led data.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Add documentation for the new attribute fan_dir (fan direction for
systems of types MQM87xx, MSN34xx, MSN37xx.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
[dvhart: minor gramatical correction]
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Provide support for the fan direction register.
This register shows configuration for system fans direction, which could
be forward or reversed.
For forward direction - relevant bit is set 0;
For reversed direction - relevant bit is set 1.
Signed-off-by: Vadim Pasternak <vadimp@mellanox.com>
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

The mlxreg-io for the merge window assumed 4.21 as the next kernel
version. Replace 4.21 with 5.0.
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>

Power button suspend for some Dell models was added in:

commit 821b8536 ("platform/x86: intel-hid: Power button suspend on Dell Latitude 7275")

by checking against the power button press notification (0xCE) to report
the power button press event. The corresponding power button release
notification (0xCF) was caught and ignored to stop it from being reported
as an "unknown event" in the logs.

The missing button release event is creating issues on Android-x86, as
reported on the project mailing list for a Dell Latitude 5175 model, since
the events are expected in down/up pairs.

Report the power button release event to fix this issue.

Link: https://groups.google.com/forum/#!topic/android-x86/aSwZK9Nf9RoTested-by: Tristian Celestin <tristian.celestin@outlook.com>
Tested-by: Jérôme de Bretagne <jerome.debretagne@gmail.com>
Signed-off-by: Jérôme de Bretagne <jerome.debretagne@gmail.com>
Reviewed-by: Mario Limonciello <mario.limonciello@dell.com>
[dvhart: corrected commit reference format per checkpatch]
Signed-off-by: Darren Hart (VMware) <dvhart@infradead.org>

Pull pstore fixes from Kees Cook:

 - Fix console ramoops to show the previous boot logs (Sai Prakash
   Ranjan)

 - Avoid allocation and leak of platform data

* tag 'pstore-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  pstore/ram: Avoid allocation and leak of platform data
  pstore/ram: Fix console ramoops to show the previous boot logs

Pull gcc-plugins fixes from Kees Cook:
 "Fix ARM per-task stack protector plugin under GCC 9 (Ard Biesheuvel)"

* tag 'gcc-plugins-v5.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  gcc-plugins: arm_ssp_per_task_plugin: fix for GCC 9+
  gcc-plugins: arm_ssp_per_task_plugin: sign extend the SP mask

Pull networking fixes from David Miller:

 1) Fix endless loop in nf_tables, from Phil Sutter.

 2) Fix cross namespace ip6_gre tunnel hash list corruption, from
    Olivier Matz.

 3) Don't be too strict in phy_start_aneg() otherwise we might not allow
    restarting auto negotiation. From Heiner Kallweit.

 4) Fix various KMSAN uninitialized value cases in tipc, from Ying Xue.

 5) Memory leak in act_tunnel_key, from Davide Caratti.

 6) Handle chip errata of mv88e6390 PHY, from Andrew Lunn.

 7) Remove linear SKB assumption in fou/fou6, from Eric Dumazet.

 8) Missing udplite rehash callbacks, from Alexey Kodanev.

 9) Log dirty pages properly in vhost, from Jason Wang.

10) Use consume_skb() in neigh_probe() as this is a normal free not a
    drop, from Yang Wei. Likewise in macvlan_process_broadcast().

11) Missing device_del() in mdiobus_register() error paths, from Thomas
    Petazzoni.

12) Fix checksum handling of short packets in mlx5, from Cong Wang.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (96 commits)
  bpf: in __bpf_redirect_no_mac pull mac only if present
  virtio_net: bulk free tx skbs
  net: phy: phy driver features are mandatory
  isdn: avm: Fix string plus integer warning from Clang
  net/mlx5e: Fix cb_ident duplicate in indirect block register
  net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
  net/mlx5e: Fix wrong error code return on FEC query failure
  net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
  tools: bpftool: Cleanup license mess
  bpf: fix inner map masking to prevent oob under speculation
  bpf: pull in pkt_sched.h header for tooling to fix bpftool build
  selftests: forwarding: Add a test case for externally learned FDB entries
  selftests: mlxsw: Test FDB offload indication
  mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
  net: bridge: Mark FDB entries that were added by user as such
  mlxsw: spectrum_fid: Update dummy FID index
  mlxsw: pci: Return error on PCI reset timeout
  mlxsw: pci: Increase PCI SW reset timeout
  mlxsw: pci: Ring CQ's doorbell before RDQ's
  MAINTAINERS: update email addresses of liquidio driver maintainers
  ...

Yue Hu noticed that when parsing device tree the allocated platform data
was never freed. Since it's not used beyond the function scope, this
switches to using a stack variable instead.
Reported-by: Yue Hu <huyue2@yulong.com>
Fixes: 35da6094 ("pstore/ram: add Device Tree bindings")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>

GCC 9 reworks the way the references to the stack canary are
emitted, to prevent the value from being spilled to the stack
before the final comparison in the epilogue, defeating the
purpose, given that the spill slot is under control of the
attacker that we are protecting ourselves from.

Since our canary value address is obtained without accessing
memory (as opposed to pre-v7 code that will obtain it from a
literal pool), it is unlikely (although not guaranteed) that
the compiler will spill the canary value in the same way, so
let's just disable this improvement when building with GCC9+.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Kees Cook <keescook@chromium.org>

The ARM per-task stack protector GCC plugin hits an assert in
the compiler in some case, due to the fact the the SP mask
expression is not sign-extended as it should be. So fix that.
Suggested-by: Kugan Vivekanandarajah <kugan.vivekanandarajah@linaro.org>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Kees Cook <keescook@chromium.org>

Pull virtio/vhost fixes and cleanups from Michael Tsirkin:
 "Fixes and cleanups all over the place"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  vhost/scsi: Use copy_to_iter() to send control queue response
  vhost: return EINVAL if iovecs size does not match the message size
  virtio-balloon: tweak config_changed implementation
  virtio: don't allocate vqs when names[i] = NULL
  virtio_pci: use queue idx instead of array idx to set up the vq
  virtio: document virtio_config_ops restrictions
  virtio: fix virtio_config_ops description

Pull btrfs fixes from David Sterba:
 "A handful of fixes (some of them in testing for a long time):

   - fix some test failures regarding cleanup after transaction abort

   - revert of a patch that could cause a deadlock

   - delayed iput fixes, that can help in ENOSPC situation when there's
     low space and a lot data to write"

* tag 'for-5.0-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: wakeup cleaner thread when adding delayed iput
  btrfs: run delayed iputs before committing
  btrfs: wait on ordered extents on abort cleanup
  btrfs: handle delayed ref head accounting cleanup in abort
  Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"

Merge tags 'compiler-attributes-for-linus-v5.0-rc3' and 'clang-format-for-linus-v5.0-rc3' of git://github.com/ojeda/linux

Pull misc clang fixes from Miguel Ojeda:

  - A fix for OPTIMIZER_HIDE_VAR from Michael S Tsirkin

  - Update clang-format with the latest for_each macro list from Jason
    Gunthorpe

* tag 'compiler-attributes-for-linus-v5.0-rc3' of git://github.com/ojeda/linux:
  include/linux/compiler*.h: fix OPTIMIZER_HIDE_VAR

* tag 'clang-format-for-linus-v5.0-rc3' of git://github.com/ojeda/linux:
  clang-format: Update .clang-format with the latest for_each macro list

If an input number x for int_sqrt64() has the highest bit set, then
fls64(x) is 64.  (1UL << 64) is an overflow and breaks the algorithm.

Subtracting 1 is a better guess for the initial value of m anyway and
that's what also done in int_sqrt() implicitly [*].

[*] Note how int_sqrt() uses __fls() with two underscores, which already
    returns the proper raw bit number.

    In contrast, int_sqrt64() used fls64(), and that returns bit numbers
    illogically starting at 1, because of error handling for the "no
    bits set" case. Will points out that he bug probably is due to a
    copy-and-paste error from the regular int_sqrt() case.
Signed-off-by: Florian La Roche <Florian.LaRoche@googlemail.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Commit 594cc251 ("make 'user_access_begin()' do 'access_ok()'")
makes the access_ok() check part of the user_access_begin() preceding a
series of 'unsafe' accesses.  This has the desirable effect of ensuring
that all 'unsafe' accesses have been range-checked, without having to
pick through all of the callsites to verify whether the appropriate
checking has been made.

However, the consolidated range check does not inhibit speculation, so
it is still up to the caller to ensure that they are not susceptible to
any speculative side-channel attacks for user addresses that ultimately
fail the access_ok() check.

This is an oversight, so use __uaccess_begin_nospec() to ensure that
speculation is inhibited until the access_ok() check has passed.
Reported-by: Julien Thierry <julien.thierry@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull arm64 fixes from Will Deacon:
 "Three arm64 fixes for -rc3.

  We've plugged a couple of nasty issues involving KASLR-enabled
  kernels, and removed a redundant #define that was introduced as part
  of the KHWASAN fixes from akpm at -rc2.

   - Fix broken kpti page-table rewrite in bizarre KASLR configuration

   - Fix module loading with KASLR

   - Remove redundant definition of ARCH_SLAB_MINALIGN"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  kasan, arm64: remove redundant ARCH_SLAB_MINALIGN define
  arm64: kaslr: ensure randomized quantities are clean to the PoC
  arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on