drop all previously applied commits

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

6 files changed, 0 insertions, 354 deletions

diff --git a/queue/Revert-ALSA-hda-call-runtime_allow-for-all-hda-contr.patch b/queue/Revert-ALSA-hda-call-runtime_allow-for-all-hda-contr.patch
deleted file mode 100644
index 387ac3fc..00000000
--- a/queue/Revert-ALSA-hda-call-runtime_allow-for-all-hda-contr.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 07c9983b567d0ef33aefc063299de95a987e12a8 Mon Sep 17 00:00:00 2001
-From: Hui Wang <hui.wang@canonical.com>
-Date: Mon, 3 Aug 2020 14:46:38 +0800
-Subject: [PATCH] Revert "ALSA: hda: call runtime_allow() for all hda
- controllers"
-
-commit 07c9983b567d0ef33aefc063299de95a987e12a8 upstream.
-
-This reverts commit 9a6418487b56 ("ALSA: hda: call runtime_allow()
-for all hda controllers").
-
-The reverted patch already introduced some regressions on some
-machines:
- - on gemini-lake machines, the error of "azx_get_response timeout"
-   happens in the hda driver.
- - on the machines with alc662 codec, the audio jack detection doesn't
-   work anymore.
-
-Fixes: 9a6418487b56 ("ALSA: hda: call runtime_allow() for all hda controllers")
-BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=208511
-Cc: <stable@vger.kernel.org>
-Signed-off-by: Hui Wang <hui.wang@canonical.com>
-Link: https://lore.kernel.org/r/20200803064638.6139-1-hui.wang@canonical.com
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
-diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
-index e699873c8293..e34a4d5d047c 100644
---- a/sound/pci/hda/hda_intel.c
-+++ b/sound/pci/hda/hda_intel.c
-@@ -2352,7 +2352,6 @@ static int azx_probe_continue(struct azx *chip)
- 
- 	if (azx_has_pm_runtime(chip)) {
- 		pm_runtime_use_autosuspend(&pci->dev);
--		pm_runtime_allow(&pci->dev);
- 		pm_runtime_put_autosuspend(&pci->dev);
- 	}
- 
--- 
-2.27.0
-
diff --git a/queue/Revert-powerpc-kasan-Fix-shadow-pages-allocation-fai.patch b/queue/Revert-powerpc-kasan-Fix-shadow-pages-allocation-fai.patch
deleted file mode 100644
index 260352f1..00000000
--- a/queue/Revert-powerpc-kasan-Fix-shadow-pages-allocation-fai.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From b506923ee44ae87fc9f4de16b53feb313623e146 Mon Sep 17 00:00:00 2001
-From: Christophe Leroy <christophe.leroy@csgroup.eu>
-Date: Thu, 2 Jul 2020 11:52:02 +0000
-Subject: [PATCH] Revert "powerpc/kasan: Fix shadow pages allocation failure"
-
-commit b506923ee44ae87fc9f4de16b53feb313623e146 upstream.
-
-This reverts commit d2a91cef9bbdeb87b7449fdab1a6be6000930210.
-
-This commit moved too much work in kasan_init(). The allocation
-of shadow pages has to be moved for the reason explained in that
-patch, but the allocation of page tables still need to be done
-before switching to the final hash table.
-
-First revert the incorrect commit, following patch redoes it
-properly.
-
-Fixes: d2a91cef9bbd ("powerpc/kasan: Fix shadow pages allocation failure")
-Cc: stable@vger.kernel.org
-Reported-by: Erhard F. <erhard_f@mailbox.org>
-Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
-Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
-Link: https://bugzilla.kernel.org/show_bug.cgi?id=208181
-Link: https://lore.kernel.org/r/3667deb0911affbf999b99f87c31c77d5e870cd2.1593690707.git.christophe.leroy@csgroup.eu
-
-diff --git a/arch/powerpc/include/asm/kasan.h b/arch/powerpc/include/asm/kasan.h
-index be85c7005fb1..d635b96c7ea6 100644
---- a/arch/powerpc/include/asm/kasan.h
-+++ b/arch/powerpc/include/asm/kasan.h
-@@ -27,10 +27,12 @@
- 
- #ifdef CONFIG_KASAN
- void kasan_early_init(void);
-+void kasan_mmu_init(void);
- void kasan_init(void);
- void kasan_late_init(void);
- #else
- static inline void kasan_init(void) { }
-+static inline void kasan_mmu_init(void) { }
- static inline void kasan_late_init(void) { }
- #endif
- 
-diff --git a/arch/powerpc/mm/init_32.c b/arch/powerpc/mm/init_32.c
-index 5a5469eb3174..bf1717f8d5f4 100644
---- a/arch/powerpc/mm/init_32.c
-+++ b/arch/powerpc/mm/init_32.c
-@@ -171,6 +171,8 @@ void __init MMU_init(void)
- 	btext_unmap();
- #endif
- 
-+	kasan_mmu_init();
-+
- 	setup_kup();
- 
- 	/* Shortly after that, the entire linear mapping will be available */
-diff --git a/arch/powerpc/mm/kasan/kasan_init_32.c b/arch/powerpc/mm/kasan/kasan_init_32.c
-index 0760e1e754e4..4813c6d50889 100644
---- a/arch/powerpc/mm/kasan/kasan_init_32.c
-+++ b/arch/powerpc/mm/kasan/kasan_init_32.c
-@@ -117,7 +117,7 @@ static void __init kasan_unmap_early_shadow_vmalloc(void)
- 	kasan_update_early_region(k_start, k_end, __pte(0));
- }
- 
--static void __init kasan_mmu_init(void)
-+void __init kasan_mmu_init(void)
- {
- 	int ret;
- 	struct memblock_region *reg;
-@@ -146,8 +146,6 @@ static void __init kasan_mmu_init(void)
- 
- void __init kasan_init(void)
- {
--	kasan_mmu_init();
--
- 	kasan_remap_early_shadow_ro();
- 
- 	clear_page(kasan_early_shadow_page);
--- 
-2.27.0
-
diff --git a/queue/Revert-vxlan-fix-tos-value-before-xmit.patch b/queue/Revert-vxlan-fix-tos-value-before-xmit.patch
deleted file mode 100644
index e76cb064..00000000
--- a/queue/Revert-vxlan-fix-tos-value-before-xmit.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From a0dced17ad9dc08b1b25e0065b54c97a318e6e8b Mon Sep 17 00:00:00 2001
-From: Hangbin Liu <liuhangbin@gmail.com>
-Date: Wed, 5 Aug 2020 10:41:31 +0800
-Subject: [PATCH] Revert "vxlan: fix tos value before xmit"
-
-commit a0dced17ad9dc08b1b25e0065b54c97a318e6e8b upstream.
-
-This reverts commit 71130f29979c7c7956b040673e6b9d5643003176.
-
-In commit 71130f29979c ("vxlan: fix tos value before xmit") we want to
-make sure the tos value are filtered by RT_TOS() based on RFC1349.
-
-       0     1     2     3     4     5     6     7
-    +-----+-----+-----+-----+-----+-----+-----+-----+
-    |   PRECEDENCE    |          TOS          | MBZ |
-    +-----+-----+-----+-----+-----+-----+-----+-----+
-
-But RFC1349 has been obsoleted by RFC2474. The new DSCP field defined like
-
-       0     1     2     3     4     5     6     7
-    +-----+-----+-----+-----+-----+-----+-----+-----+
-    |          DS FIELD, DSCP           | ECN FIELD |
-    +-----+-----+-----+-----+-----+-----+-----+-----+
-
-So with
-
-IPTOS_TOS_MASK          0x1E
-RT_TOS(tos)		((tos)&IPTOS_TOS_MASK)
-
-the first 3 bits DSCP info will get lost.
-
-To take all the DSCP info in xmit, we should revert the patch and just push
-all tos bits to ip_tunnel_ecn_encap(), which will handling ECN field later.
-
-Fixes: 71130f29979c ("vxlan: fix tos value before xmit")
-Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
-Acked-by: Guillaume Nault <gnault@redhat.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-
-diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index 6d5816be6131..b9fefe27e3e8 100644
---- a/drivers/net/vxlan.c
-+++ b/drivers/net/vxlan.c
-@@ -2740,7 +2740,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
- 			goto out_unlock;
- 		}
- 
--		tos = ip_tunnel_ecn_encap(RT_TOS(tos), old_iph, skb);
-+		tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
- 		ttl = ttl ? : ip4_dst_hoplimit(&rt->dst);
- 		err = vxlan_build_skb(skb, ndst, sizeof(struct iphdr),
- 				      vni, md, flags, udp_sum);
-@@ -2797,7 +2797,7 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
- 			goto out_unlock;
- 		}
- 
--		tos = ip_tunnel_ecn_encap(RT_TOS(tos), old_iph, skb);
-+		tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
- 		ttl = ttl ? : ip6_dst_hoplimit(ndst);
- 		skb_scrub_packet(skb, xnet);
- 		err = vxlan_build_skb(skb, ndst, sizeof(struct ipv6hdr),
--- 
-2.27.0
-
diff --git a/queue/USB-iowarrior-fix-up-report-size-handling-for-some-d.patch b/queue/USB-iowarrior-fix-up-report-size-handling-for-some-d.patch
deleted file mode 100644
index cd09283c..00000000
--- a/queue/USB-iowarrior-fix-up-report-size-handling-for-some-d.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 17a82716587e9d7c3b246a789add490b2b5dcab6 Mon Sep 17 00:00:00 2001
-From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Date: Sun, 26 Jul 2020 11:49:39 +0200
-Subject: [PATCH] USB: iowarrior: fix up report size handling for some devices
-
-commit 17a82716587e9d7c3b246a789add490b2b5dcab6 upstream.
-
-In previous patches that added support for new iowarrior devices, the
-handling of the report size was not done correct.
-
-Fix that up and update the copyright date for the driver
-
-Reworked from an original patch written by Christoph Jung.
-
-Fixes: bab5417f5f01 ("USB: misc: iowarrior: add support for the 100 device")
-Fixes: 5f6f8da2d7b5 ("USB: misc: iowarrior: add support for the 28 and 28L devices")
-Fixes: 461d8deb26a7 ("USB: misc: iowarrior: add support for 2 OEMed devices")
-Cc: stable <stable@kernel.org>
-Reported-by: Christoph Jung <jung@codemercs.com>
-Link: https://lore.kernel.org/r/20200726094939.1268978-1-gregkh@linuxfoundation.org
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-diff --git a/drivers/usb/misc/iowarrior.c b/drivers/usb/misc/iowarrior.c
-index 4afd1ace3d32..70ec29681526 100644
---- a/drivers/usb/misc/iowarrior.c
-+++ b/drivers/usb/misc/iowarrior.c
-@@ -2,8 +2,9 @@
- /*
-  *  Native support for the I/O-Warrior USB devices
-  *
-- *  Copyright (c) 2003-2005  Code Mercenaries GmbH
-- *  written by Christian Lucht <lucht@codemercs.com>
-+ *  Copyright (c) 2003-2005, 2020  Code Mercenaries GmbH
-+ *  written by Christian Lucht <lucht@codemercs.com> and
-+ *  Christoph Jung <jung@codemercs.com>
-  *
-  *  based on
- 
-@@ -802,14 +803,28 @@ static int iowarrior_probe(struct usb_interface *interface,
- 
- 	/* we have to check the report_size often, so remember it in the endianness suitable for our machine */
- 	dev->report_size = usb_endpoint_maxp(dev->int_in_endpoint);
--	if ((dev->interface->cur_altsetting->desc.bInterfaceNumber == 0) &&
--	    ((dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56) ||
--	     (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW56AM) ||
--	     (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW28) ||
--	     (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW28L) ||
--	     (dev->product_id == USB_DEVICE_ID_CODEMERCS_IOW100)))
--		/* IOWarrior56 has wMaxPacketSize different from report size */
--		dev->report_size = 7;
-+
-+	/*
-+	 * Some devices need the report size to be different than the
-+	 * endpoint size.
-+	 */
-+	if (dev->interface->cur_altsetting->desc.bInterfaceNumber == 0) {
-+		switch (dev->product_id) {
-+		case USB_DEVICE_ID_CODEMERCS_IOW56:
-+		case USB_DEVICE_ID_CODEMERCS_IOW56AM:
-+			dev->report_size = 7;
-+			break;
-+
-+		case USB_DEVICE_ID_CODEMERCS_IOW28:
-+		case USB_DEVICE_ID_CODEMERCS_IOW28L:
-+			dev->report_size = 4;
-+			break;
-+
-+		case USB_DEVICE_ID_CODEMERCS_IOW100:
-+			dev->report_size = 13;
-+			break;
-+		}
-+	}
- 
- 	/* create the urb and buffer for reading */
- 	dev->int_in_urb = usb_alloc_urb(0, GFP_KERNEL);
--- 
-2.27.0
-
diff --git a/queue/series b/queue/series
index 73dfbc49..0df00424 100644
--- a/queue/series
+++ b/queue/series
@@ -1,8 +1,6 @@
 USB-serial-qcserial-add-EM7305-QDL-product-ID.patch
-USB-iowarrior-fix-up-report-size-handling-for-some-d.patch
 usb-xhci-define-IDs-for-various-ASMedia-host-control.patch
 usb-xhci-Fix-ASMedia-ASM1142-DMA-addressing.patch
-Revert-ALSA-hda-call-runtime_allow-for-all-hda-contr.patch
 ALSA-hda-realtek-Add-alc269-alc662-pin-tables-for-Lo.patch
 ALSA-hda-ca0132-Add-new-quirk-ID-for-Recon3D.patch
 ALSA-hda-ca0132-Fix-ZxR-Headphone-gain-control-get-v.patch
@@ -17,7 +15,6 @@ Bluetooth-Prevent-out-of-bounds-read-in-hci_inquiry_.patch
 omapfb-dss-Fix-max-fclk-divider-for-omap36xx.patch
 binder-Prevent-context-manager-from-incrementing-ref.patch
 Smack-fix-use-after-free-in-smk_write_relabel_self.patch
-vgacon-Fix-for-missing-check-in-scrollback-handling.patch
 mtd-properly-check-all-write-ioctls-for-permissions.patch
 leds-wm831x-status-fix-use-after-free-on-unbind.patch
 leds-da903x-fix-use-after-free-on-unbind.patch
@@ -40,7 +37,6 @@ atm-fix-atm_dev-refcnt-leaks-in-atmtcp_remove_persis.patch
 tools-lib-traceevent-Fix-memory-leak-in-process_dyna.patch
 Drivers-hv-vmbus-Ignore-CHANNELMSG_TL_CONNECT_RESULT.patch
 xattr-break-delegations-in-set-remove-xattr.patch
-Revert-powerpc-kasan-Fix-shadow-pages-allocation-fai.patch
 ipv4-Silence-suspicious-RCU-usage-warning.patch
 ipv6-fix-memory-leaks-on-IPV6_ADDRFORM-path.patch
 rxrpc-Fix-race-between-recvmsg-and-sendmsg-on-immedi.patch
@@ -52,7 +48,6 @@ hv_netvsc-do-not-use-VF-device-if-link-is-down.patch
 net-gre-recompute-gre-csum-for-sctp-over-gre-tunnels.patch
 net-thunderx-use-spin_lock_bh-in-nicvf_set_rx_mode_t.patch
 openvswitch-Prevent-kernel-infoleak-in-ovs_ct_put_ke.patch
-Revert-vxlan-fix-tos-value-before-xmit.patch
 selftests-net-relax-cpu-affinity-requirement-in-msg_.patch
 tcp-apply-a-floor-of-1-for-RTT-samples-from-TCP-time.patch
 ima-move-APPRAISE_BOOTPARAM-dependency-on-ARCH_POLIC.patch
diff --git a/queue/vgacon-Fix-for-missing-check-in-scrollback-handling.patch b/queue/vgacon-Fix-for-missing-check-in-scrollback-handling.patch
deleted file mode 100644
index f97d6145..00000000
--- a/queue/vgacon-Fix-for-missing-check-in-scrollback-handling.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-From ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d Mon Sep 17 00:00:00 2001
-From: Yunhai Zhang <zhangyunhai@nsfocus.com>
-Date: Tue, 28 Jul 2020 09:58:03 +0800
-Subject: [PATCH] vgacon: Fix for missing check in scrollback handling
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-commit ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d upstream.
-
-vgacon_scrollback_update() always leaves enbough room in the scrollback
-buffer for the next call, but if the console size changed that room
-might not actually be enough, and so we need to re-check.
-
-The check should be in the loop since vgacon_scrollback_cur->tail is
-updated in the loop and count may be more than 1 when triggered by CSI M,
-as Jiri's PoC:
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <fcntl.h>
-
-int main(int argc, char** argv)
-{
-        int fd = open("/dev/tty1", O_RDWR);
-        unsigned short size[3] = {25, 200, 0};
-        ioctl(fd, 0x5609, size); // VT_RESIZE
-
-        write(fd, "\e[1;1H", 6);
-        for (int i = 0; i < 30; i++)
-                write(fd, "\e[10M", 5);
-}
-
-It leads to various crashes as vgacon_scrollback_update writes out of
-the buffer:
- BUG: unable to handle page fault for address: ffffc900001752a0
- #PF: supervisor write access in kernel mode
- #PF: error_code(0x0002) - not-present page
- RIP: 0010:mutex_unlock+0x13/0x30
-...
- Call Trace:
-  n_tty_write+0x1a0/0x4d0
-  tty_write+0x1a0/0x2e0
-
-Or to KASAN reports:
-BUG: KASAN: slab-out-of-bounds in vgacon_scroll+0x57a/0x8ed
-
-This fixes CVE-2020-14331.
-
-Reported-by: 张云海 <zhangyunhai@nsfocus.com>
-Reported-by: Yang Yingliang <yangyingliang@huawei.com>
-Reported-by: Kyungtae Kim <kt0755@gmail.com>
-Fixes: 15bdab959c9b ([PATCH] vgacon: Add support for soft scrollback)
-Cc: stable@vger.kernel.org
-Cc: linux-fbdev@vger.kernel.org
-Cc: Linus Torvalds <torvalds@linux-foundation.org>
-Cc: Solar Designer <solar@openwall.com>
-Cc: "Srivatsa S. Bhat" <srivatsa@csail.mit.edu>
-Cc: Anthony Liguori <aliguori@amazon.com>
-Cc: Yang Yingliang <yangyingliang@huawei.com>
-Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
-Cc: Jiri Slaby <jirislaby@kernel.org>
-Signed-off-by: Yunhai Zhang <zhangyunhai@nsfocus.com>
-Link: https://lore.kernel.org/r/9fb43895-ca91-9b07-ebfd-808cf854ca95@nsfocus.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
-diff --git a/drivers/video/console/vgacon.c b/drivers/video/console/vgacon.c
-index f0f3d573f848..a52bb3740073 100644
---- a/drivers/video/console/vgacon.c
-+++ b/drivers/video/console/vgacon.c
-@@ -251,6 +251,10 @@ static void vgacon_scrollback_update(struct vc_data *c, int t, int count)
- 	p = (void *) (c->vc_origin + t * c->vc_size_row);
- 
- 	while (count--) {
-+		if ((vgacon_scrollback_cur->tail + c->vc_size_row) >
-+		    vgacon_scrollback_cur->size)
-+			vgacon_scrollback_cur->tail = 0;
-+
- 		scr_memcpyw(vgacon_scrollback_cur->data +
- 			    vgacon_scrollback_cur->tail,
- 			    p, c->vc_size_row);
--- 
-2.27.0
-