Changelog in Linux kernel 6.6.50

 
ALSA: hda/conexant: Mute speakers at suspend / shutdown [+ + +]
Author: Takashi Iwai <tiwai@suse.de>
Date:   Fri Jul 26 16:26:20 2024 +0200

    ALSA: hda/conexant: Mute speakers at suspend / shutdown
    
    [ Upstream commit 4f61c8fe35202702426cfc0003e15116a01ba885 ]
    
    Use the new helper to mute speakers at suspend / shutdown for avoiding
    click noises.
    
    Link: https://bugzilla.suse.com/show_bug.cgi?id=1228269
    Link: https://patch.msgid.link/20240726142625.2460-2-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown [+ + +]
Author: Takashi Iwai <tiwai@suse.de>
Date:   Fri Jul 26 16:26:19 2024 +0200

    ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown
    
    [ Upstream commit 6cd23b26b348fa52c88e1adf9c0e48d68e13f95e ]
    
    Some devices indicate click noises at suspend or shutdown when the
    speakers are unmuted.  This patch adds a helper,
    snd_hda_gen_shutup_speakers(), to work around it.  The new function is
    supposed to be called at suspend or shutdown by the codec driver, and
    it mutes the speakers.
    
    The mute status isn't cached, hence the original mute state will be
    restored at resume again.
    
    Link: https://patch.msgid.link/20240726142625.2460-1-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ALSA: seq: ump: Explicitly reset RPN with Null RPN [+ + +]
Author: Takashi Iwai <tiwai@suse.de>
Date:   Wed Jul 31 15:05:26 2024 +0200

    ALSA: seq: ump: Explicitly reset RPN with Null RPN
    
    [ Upstream commit 98ea612dd1150adb61cd2a0e93875e1cc77e6b87 ]
    
    RPN with 127:127 is treated as a Null RPN, just to reset the
    parameters, and it's not translated to MIDI2.  Although the current
    code can work as is in most cases, better to implement the RPN reset
    explicitly for Null message.
    
    Link: https://patch.msgid.link/20240731130528.12600-6-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception [+ + +]
Author: Takashi Iwai <tiwai@suse.de>
Date:   Wed Jul 31 15:05:25 2024 +0200

    ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception
    
    [ Upstream commit a4ff92ff0bdd731eca9f0b50b1cbb5aba89be4b2 ]
    
    Just like the core UMP conversion helper, we need to deal with the
    partially-filled RPN/NRPN data in the sequencer UMP converter as
    well.
    
    Link: https://patch.msgid.link/20240731130528.12600-5-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ALSA: seq: ump: Use the common RPN/bank conversion context [+ + +]
Author: Takashi Iwai <tiwai@suse.de>
Date:   Wed Jul 31 15:05:24 2024 +0200

    ALSA: seq: ump: Use the common RPN/bank conversion context
    
    [ Upstream commit a683030606fa5ff8b722a5e28839d19288011ede ]
    
    The UMP core conversion helper API already defines the context needed
    to record the bank and RPN/NRPN values, and we can simply re-use the
    same struct instead of re-defining the same content as a different
    name.
    
    Link: https://patch.msgid.link/20240731130528.12600-4-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ALSA: ump: Explicitly reset RPN with Null RPN [+ + +]
Author: Takashi Iwai <tiwai@suse.de>
Date:   Wed Jul 31 15:05:23 2024 +0200

    ALSA: ump: Explicitly reset RPN with Null RPN
    
    [ Upstream commit 50a6dd19dca9446475f023eaa652016bfe5b1cbe ]
    
    RPN with 127:127 is treated as a Null RPN, just to reset the
    parameters, and it's not translated to MIDI2.  Although the current
    code can work as is in most cases, better to implement the RPN reset
    explicitly for Null message.
    
    Link: https://patch.msgid.link/20240731130528.12600-3-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception [+ + +]
Author: Takashi Iwai <tiwai@suse.de>
Date:   Wed Jul 31 15:05:22 2024 +0200

    ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception
    
    [ Upstream commit e6ce8a28c768dbbad3f818db286cd0f4c7a921a8 ]
    
    The UMP 1.1 spec says that an RPN/NRPN should be sent when one of the
    following occurs:
    * a CC 38 is received
    * a subsequent CC 6 is received
    * a CC 98, 99, 100, and 101 is received, indicating the last RPN/NRPN
      message has ended and a new one has started
    
    That said, we should send a partial data even if it's not fully
    filled.  Let's change the UMP conversion helper code to follow that
    rule.
    
    Link: https://patch.msgid.link/20240731130528.12600-2-tiwai@suse.de
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
apparmor: fix possible NULL pointer dereference [+ + +]
Author: Leesoo Ahn <lsahn@ooseel.net>
Date:   Wed May 8 01:12:29 2024 +0900

    apparmor: fix possible NULL pointer dereference
    
    [ Upstream commit 3dd384108d53834002be5630132ad5c3f32166ad ]
    
    profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made
    from __create_missing_ancestors(..) and 'ent->old' is NULL in
    aa_replace_profiles(..).
    In that case, it must return an error code and the code, -ENOENT represents
    its state that the path of its parent is not existed yet.
    
    BUG: kernel NULL pointer dereference, address: 0000000000000030
    PGD 0 P4D 0
    PREEMPT SMP PTI
    CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24
    Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
    RIP: 0010:aafs_create.constprop.0+0x7f/0x130
    Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae
    RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246
    RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
    RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10
    R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
    FS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0
    Call Trace:
     <TASK>
     ? show_regs+0x6d/0x80
     ? __die+0x24/0x80
     ? page_fault_oops+0x99/0x1b0
     ? kernelmode_fixup_or_oops+0xb2/0x140
     ? __bad_area_nosemaphore+0x1a5/0x2c0
     ? find_vma+0x34/0x60
     ? bad_area_nosemaphore+0x16/0x30
     ? do_user_addr_fault+0x2a2/0x6b0
     ? exc_page_fault+0x83/0x1b0
     ? asm_exc_page_fault+0x27/0x30
     ? aafs_create.constprop.0+0x7f/0x130
     ? aafs_create.constprop.0+0x51/0x130
     __aafs_profile_mkdir+0x3d6/0x480
     aa_replace_profiles+0x83f/0x1270
     policy_update+0xe3/0x180
     profile_load+0xbc/0x150
     ? rw_verify_area+0x47/0x140
     vfs_write+0x100/0x480
     ? __x64_sys_openat+0x55/0xa0
     ? syscall_exit_to_user_mode+0x86/0x260
     ksys_write+0x73/0x100
     __x64_sys_write+0x19/0x30
     x64_sys_call+0x7e/0x25c0
     do_syscall_64+0x7f/0x180
     entry_SYSCALL_64_after_hwframe+0x78/0x80
    RIP: 0033:0x7be9f211c574
    Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89
    RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
    RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574
    RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004
    RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000
    R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80
    R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30
     </TASK>
    Modules linked in: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev input_leds serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas
    CR2: 0000000000000030
    ---[ end trace 0000000000000000 ]---
    RIP: 0010:aafs_create.constprop.0+0x7f/0x130
    Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae
    RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246
    RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
    RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10
    R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
    FS:  00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0
    
    Signed-off-by: Leesoo Ahn <lsahn@ooseel.net>
    Signed-off-by: John Johansen <john.johansen@canonical.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
ASoC: amd: yc: Support mic on HP 14-em0002la [+ + +]
Author: Bruno Ancona <brunoanconasala@gmail.com>
Date:   Sun Jul 28 22:50:32 2024 -0600

    ASoC: amd: yc: Support mic on HP 14-em0002la
    
    [ Upstream commit c118478665f467e57d06b2354de65974b246b82b ]
    
    Add support for the internal microphone for HP 14-em0002la laptop using
    a quirk entry.
    
    Signed-off-by: Bruno Ancona <brunoanconasala@gmail.com>
    Link: https://patch.msgid.link/20240729045032.223230-1-brunoanconasala@gmail.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 [+ + +]
Author: Krzysztof Stępniak <kfs.szk@gmail.com>
Date:   Wed Aug 7 02:12:19 2024 +0200

    ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
    
    [ Upstream commit 23a58b782f864951485d7a0018549729e007cb43 ]
    
    Lenovo Thinkpad E14 Gen 6 (model type 21M3)
    needs a quirk entry for internal mic to work.
    
    Signed-off-by: Krzysztof Stępniak <kfs.szk@gmail.com>
    Link: https://patch.msgid.link/20240807001219.1147-1-kfs.szk@gmail.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: codecs: ES8326: button detect issue [+ + +]
Author: Zhang Yi <zhangyi@everest-semi.com>
Date:   Wed Aug 7 10:53:55 2024 +0800

    ASoC: codecs: ES8326: button detect issue
    
    [ Upstream commit 4684a2df9c5b3fc914377127faf2515aa9049093 ]
    
    We find that we need to set snd_jack_types to 0. If not,
    there will be a probability of button detection errors
    
    Signed-off-by: Zhang Yi <zhangyi@everest-semi.com>
    Link: https://patch.msgid.link/20240807025356.24904-2-zhangyi@everest-semi.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
block: remove the blk_flush_integrity call in blk_integrity_unregister [+ + +]
Author: Christoph Hellwig <hch@lst.de>
Date:   Thu Jun 13 10:48:16 2024 +0200

    block: remove the blk_flush_integrity call in blk_integrity_unregister
    
    [ Upstream commit e8bc14d116aeac8f0f133ec8d249acf4e0658da7 ]
    
    Now that there are no indirect calls for PI processing there is no
    way to dereference a NULL pointer here.  Additionally drivers now always
    freeze the queue (or in case of stacking drivers use their internal
    equivalent) around changing the integrity profile.
    
    This is effectively a revert of commit 3df49967f6f1 ("block: flush the
    integrity workqueue in blk_integrity_unregister").
    
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
    Reviewed-by: Hannes Reinecke <hare@suse.de>
    Link: https://lore.kernel.org/r/20240613084839.1044015-7-hch@lst.de
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
btrfs: tree-checker: validate dref root and objectid [+ + +]
Author: Qu Wenruo <wqu@suse.com>
Date:   Mon Jul 15 16:07:07 2024 +0930

    btrfs: tree-checker: validate dref root and objectid
    
    [ Upstream commit f333a3c7e8323499aa65038e77fe8f3199d4e283 ]
    
    [CORRUPTION]
    There is a bug report that btrfs flips RO due to a corruption in the
    extent tree, the involved dumps looks like this:
    
            item 188 key (402811572224 168 4096) itemoff 14598 itemsize 79
                    extent refs 3 gen 3678544 flags 1
                    ref#0: extent data backref root 13835058055282163977 objectid 281473384125923 offset 81432576 count 1
                    ref#1: shared data backref parent 1947073626112 count 1
                    ref#2: shared data backref parent 1156030103552 count 1
     BTRFS critical (device vdc1: state EA): unable to find ref byte nr 402811572224 parent 0 root 265 owner 28703026 offset 81432576 slot 189
     BTRFS error (device vdc1: state EA): failed to run delayed ref for logical 402811572224 num_bytes 4096 type 178 action 2 ref_mod 1: -2
    
    [CAUSE]
    The corrupted entry is ref#0 of item 188.
    The root number 13835058055282163977 is beyond the upper limit for root
    items (the current limit is 1 << 48), and the objectid also looks
    suspicious.
    
    Only the offset and count is correct.
    
    [ENHANCEMENT]
    Although it's still unknown why we have such many bytes corrupted
    randomly, we can still enhance the tree-checker for data backrefs by:
    
    - Validate the root value
      For now there should only be 3 types of roots can have data backref:
      * subvolume trees
      * data reloc trees
      * root tree
        Only for v1 space cache
    
    - validate the objectid value
      The objectid should be a valid inode number.
    
    Hopefully we can catch such problem in the future with the new checkers.
    
    Reported-by: Kai Krakow <hurikhan77@gmail.com>
    Link: https://lore.kernel.org/linux-btrfs/CAMthOuPjg5RDT-G_LXeBBUUtzt3cq=JywF+D1_h+JYxe=WKp-Q@mail.gmail.com/#t
    Reviewed-by: Filipe Manana <fdmanana@suse.com>
    Signed-off-by: Qu Wenruo <wqu@suse.com>
    Reviewed-by: David Sterba <dsterba@suse.com>
    Signed-off-by: David Sterba <dsterba@suse.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
cpufreq: scmi: Avoid overflow of target_freq in fast switch [+ + +]
Author: Jagadeesh Kona <quic_jkona@quicinc.com>
Date:   Mon May 20 12:07:32 2024 +0530

    cpufreq: scmi: Avoid overflow of target_freq in fast switch
    
    [ Upstream commit 074cffb5020ddcaa5fafcc55655e5da6ebe8c831 ]
    
    Conversion of target_freq to HZ in scmi_cpufreq_fast_switch()
    can lead to overflow if the multiplied result is greater than
    UINT_MAX, since type of target_freq is unsigned int. Avoid this
    overflow by assigning target_freq to unsigned long variable for
    converting it to HZ.
    
    Signed-off-by: Jagadeesh Kona <quic_jkona@quicinc.com>
    Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
crypto: stm32/cryp - call finalize with bh disabled [+ + +]
Author: Maxime Méré <maxime.mere@foss.st.com>
Date:   Tue May 28 16:05:48 2024 +0200

    crypto: stm32/cryp - call finalize with bh disabled
    
    [ Upstream commit 56ddb9aa3b324c2d9645b5a7343e46010cf3f6ce ]
    
    The finalize operation in interrupt mode produce a produces a spinlock
    recursion warning. The reason is the fact that BH must be disabled
    during this process.
    
    Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
dma-debug: avoid deadlock between dma debug vs printk and netconsole [+ + +]
Author: Rik van Riel <riel@surriel.com>
Date:   Tue Aug 6 11:56:45 2024 -0400

    dma-debug: avoid deadlock between dma debug vs printk and netconsole
    
    [ Upstream commit bd44ca3de49cc1badcff7a96010fa2c64f04868c ]
    
    Currently the dma debugging code can end up indirectly calling printk
    under the radix_lock. This happens when a radix tree node allocation
    fails.
    
    This is a problem because the printk code, when used together with
    netconsole, can end up inside the dma debugging code while trying to
    transmit a message over netcons.
    
    This creates the possibility of either a circular deadlock on the same
    CPU, with that CPU trying to grab the radix_lock twice, or an ABBA
    deadlock between different CPUs, where one CPU grabs the console lock
    first and then waits for the radix_lock, while the other CPU is holding
    the radix_lock and is waiting for the console lock.
    
    The trace captured by lockdep is of the ABBA variant.
    
    -> #2 (&dma_entry_hash[i].lock){-.-.}-{2:2}:
                      _raw_spin_lock_irqsave+0x5a/0x90
                      debug_dma_map_page+0x79/0x180
                      dma_map_page_attrs+0x1d2/0x2f0
                      bnxt_start_xmit+0x8c6/0x1540
                      netpoll_start_xmit+0x13f/0x180
                      netpoll_send_skb+0x20d/0x320
                      netpoll_send_udp+0x453/0x4a0
                      write_ext_msg+0x1b9/0x460
                      console_flush_all+0x2ff/0x5a0
                      console_unlock+0x55/0x180
                      vprintk_emit+0x2e3/0x3c0
                      devkmsg_emit+0x5a/0x80
                      devkmsg_write+0xfd/0x180
                      do_iter_readv_writev+0x164/0x1b0
                      vfs_writev+0xf9/0x2b0
                      do_writev+0x6d/0x110
                      do_syscall_64+0x80/0x150
                      entry_SYSCALL_64_after_hwframe+0x4b/0x53
    
    -> #0 (console_owner){-.-.}-{0:0}:
                      __lock_acquire+0x15d1/0x31a0
                      lock_acquire+0xe8/0x290
                      console_flush_all+0x2ea/0x5a0
                      console_unlock+0x55/0x180
                      vprintk_emit+0x2e3/0x3c0
                      _printk+0x59/0x80
                      warn_alloc+0x122/0x1b0
                      __alloc_pages_slowpath+0x1101/0x1120
                      __alloc_pages+0x1eb/0x2c0
                      alloc_slab_page+0x5f/0x150
                      new_slab+0x2dc/0x4e0
                      ___slab_alloc+0xdcb/0x1390
                      kmem_cache_alloc+0x23d/0x360
                      radix_tree_node_alloc+0x3c/0xf0
                      radix_tree_insert+0xf5/0x230
                      add_dma_entry+0xe9/0x360
                      dma_map_page_attrs+0x1d2/0x2f0
                      __bnxt_alloc_rx_frag+0x147/0x180
                      bnxt_alloc_rx_data+0x79/0x160
                      bnxt_rx_skb+0x29/0xc0
                      bnxt_rx_pkt+0xe22/0x1570
                      __bnxt_poll_work+0x101/0x390
                      bnxt_poll+0x7e/0x320
                      __napi_poll+0x29/0x160
                      net_rx_action+0x1e0/0x3e0
                      handle_softirqs+0x190/0x510
                      run_ksoftirqd+0x4e/0x90
                      smpboot_thread_fn+0x1a8/0x270
                      kthread+0x102/0x120
                      ret_from_fork+0x2f/0x40
                      ret_from_fork_asm+0x11/0x20
    
    This bug is more likely than it seems, because when one CPU has run out
    of memory, chances are the other has too.
    
    The good news is, this bug is hidden behind the CONFIG_DMA_API_DEBUG, so
    not many users are likely to trigger it.
    
    Signed-off-by: Rik van Riel <riel@surriel.com>
    Reported-by: Konstantin Ovsepian <ovs@meta.com>
    Signed-off-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor [+ + +]
Author: Olivier Dautricourt <olivierdautricourt@gmail.com>
Date:   Sat Jun 8 23:31:48 2024 +0200

    dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
    
    [ Upstream commit 54e4ada1a4206f878e345ae01cf37347d803d1b1 ]
    
    Remove list_del call in msgdma_chan_desc_cleanup, this should be the role
    of msgdma_free_descriptor. In consequence replace list_add_tail with
    list_move_tail in msgdma_free_descriptor.
    
    This fixes the path:
       msgdma_free_chan_resources -> msgdma_free_descriptors ->
       msgdma_free_desc_list -> msgdma_free_descriptor
    
    which does not correctly free the descriptors as first nodes were not
    removed from the list.
    
    Signed-off-by: Olivier Dautricourt <olivierdautricourt@gmail.com>
    Tested-by: Olivier Dautricourt <olivierdautricourt@gmail.com>
    Link: https://lore.kernel.org/r/20240608213216.25087-3-olivierdautricourt@gmail.com
    Signed-off-by: Vinod Koul <vkoul@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks [+ + +]
Author: Olivier Dautricourt <olivierdautricourt@gmail.com>
Date:   Sat Jun 8 23:31:46 2024 +0200

    dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks
    
    [ Upstream commit 261d3a85d959841821ca0d69f9d7b0d4087661c4 ]
    
    As we first take the lock with spin_lock_irqsave in msgdma_tasklet, Lockdep
    might complain about this. Inspired by commit 9558cf4ad07e
    ("dmaengine: zynqmp_dma: fix lockdep warning in tasklet")
    
    Signed-off-by: Olivier Dautricourt <olivierdautricourt@gmail.com>
    Tested-by: Olivier Dautricourt <olivierdautricourt@gmail.com>
    Suggested-by: Eric Schwarz <eas@sw-optimization.com>
    Link: https://lore.kernel.org/r/20240608213216.25087-1-olivierdautricourt@gmail.com
    Signed-off-by: Vinod Koul <vkoul@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
driver: iio: add missing checks on iio_info's callback access [+ + +]
Author: Julien Stephan <jstephan@baylibre.com>
Date:   Thu May 30 11:22:46 2024 +0200

    driver: iio: add missing checks on iio_info's callback access
    
    [ Upstream commit c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 ]
    
    Some callbacks from iio_info structure are accessed without any check, so
    if a driver doesn't implement them trying to access the corresponding
    sysfs entries produce a kernel oops such as:
    
    [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute
    [...]
    [ 2203.783416] Call trace:
    [ 2203.783429]  iio_read_channel_info_avail from dev_attr_show+0x18/0x48
    [ 2203.789807]  dev_attr_show from sysfs_kf_seq_show+0x90/0x120
    [ 2203.794181]  sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4
    [ 2203.798555]  seq_read_iter from vfs_read+0x238/0x2a0
    [ 2203.802236]  vfs_read from ksys_read+0xa4/0xd4
    [ 2203.805385]  ksys_read from ret_fast_syscall+0x0/0x54
    [ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)
    [ 2203.812880] dfa0:                   00000003 b6f10f80 00000003 b6eab000 00020000 00000000
    [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000
    [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0
    [ 2203.830363] Code: bad PC value
    [ 2203.832695] ---[ end trace 0000000000000000 ]---
    
    Reviewed-by: Nuno Sa <nuno.sa@analog.com>
    Signed-off-by: Julien Stephan <jstephan@baylibre.com>
    Link: https://lore.kernel.org/r/20240530-iio-core-fix-segfault-v3-1-8b7cd2a03773@baylibre.com
    Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/amd/amdgpu: Check tbo resource pointer [+ + +]
Author: Asad Kamal <asad.kamal@amd.com>
Date:   Fri Apr 26 02:26:55 2024 +0800

    drm/amd/amdgpu: Check tbo resource pointer
    
    [ Upstream commit 6cd2b872643bb29bba01a8ac739138db7bd79007 ]
    
    Validate tbo resource pointer, skip if NULL
    
    Signed-off-by: Asad Kamal <asad.kamal@amd.com>
    Reviewed-by: Christian König <christian.koenig@amd.com>
    Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/amd/display: Add array index check for hdcp ddc access [+ + +]
Author: Hersen Wu <hersenxs.wu@amd.com>
Date:   Wed Apr 24 10:09:31 2024 -0400

    drm/amd/display: Add array index check for hdcp ddc access
    
    [ Upstream commit 4e70c0f5251c25885c31ee84a31f99a01f7cf50e ]
    
    [Why]
    Coverity reports OVERRUN warning. Do not check if array
    index valid.
    
    [How]
    Check msg_id valid and valid array index.
    
    Reviewed-by: Alex Hung <alex.hung@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: added NULL check at start of dc_validate_stream [+ + +]
Author: winstang <winstang@amd.com>
Date:   Mon May 27 08:51:19 2024 -0400

    drm/amd/display: added NULL check at start of dc_validate_stream
    
    [ Upstream commit 26c56049cc4f1705b498df013949427692a4b0d5 ]
    
    [Why]
    prevent invalid memory access
    
    [How]
    check if dc and stream are NULL
    
    Co-authored-by: winstang <winstang@amd.com>
    Reviewed-by: Alvin Lee <alvin.lee2@amd.com>
    Acked-by: Zaeem Mohamed <zaeem.mohamed@amd.com>
    Signed-off-by: winstang <winstang@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Assign linear_pitch_alignment even for VM [+ + +]
Author: Alvin Lee <alvin.lee2@amd.com>
Date:   Tue Apr 16 14:42:18 2024 -0400

    drm/amd/display: Assign linear_pitch_alignment even for VM
    
    [ Upstream commit 984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 ]
    
    [Description]
    Assign linear_pitch_alignment so we don't cause a divide by 0
    error in VM environments
    
    Reviewed-by: Sohaib Nadeem <sohaib.nadeem@amd.com>
    Acked-by: Wayne Lin <wayne.lin@amd.com>
    Signed-off-by: Alvin Lee <alvin.lee2@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Check BIOS images before it is used [+ + +]
Author: Alex Hung <alex.hung@amd.com>
Date:   Mon Jun 3 08:24:13 2024 -0600

    drm/amd/display: Check BIOS images before it is used
    
    [ Upstream commit 8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c ]
    
    BIOS images may fail to load and null checks are added before they are
    used.
    
    This fixes 6 NULL_RETURNS issues reported by Coverity.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Hamza Mahfooz <hamza.mahfooz@amd.com>
    Signed-off-by: Alex Hung <alex.hung@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Check gpio_id before used as array index [+ + +]
Author: Alex Hung <alex.hung@amd.com>
Date:   Tue Apr 16 16:40:00 2024 -0600

    drm/amd/display: Check gpio_id before used as array index
    
    [ Upstream commit 2a5626eeb3b5eec7a36886f9556113dd93ec8ed6 ]
    
    [WHY & HOW]
    GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore
    should be checked in advance.
    
    This fixes 5 OVERRUN issues reported by Coverity.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Alex Hung <alex.hung@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Check index for aux_rd_interval before using [+ + +]
Author: Alex Hung <alex.hung@amd.com>
Date:   Thu Apr 18 18:22:43 2024 -0600

    drm/amd/display: Check index for aux_rd_interval before using
    
    [ Upstream commit 9ba2ea6337b4f159aecb177555a6a81da92d302e ]
    
    aux_rd_interval has size of 7 and should be checked.
    
    This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
    
    Reviewed-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Alex Hung <alex.hung@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Check msg_id before processing transcation [+ + +]
Author: Alex Hung <alex.hung@amd.com>
Date:   Tue Apr 16 16:47:42 2024 -0600

    drm/amd/display: Check msg_id before processing transcation
    
    [ Upstream commit fa71face755e27dc44bc296416ebdf2c67163316 ]
    
    [WHY & HOW]
    HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid
    array index, and it needs checking before used.
    
    This fixes 4 OVERRUN issues reported by Coverity.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Alex Hung <alex.hung@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [+ + +]
Author: Alex Hung <alex.hung@amd.com>
Date:   Tue Apr 16 16:22:35 2024 -0600

    drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]
    
    [ Upstream commit b38a4815f79b87efb196cd5121579fc51e29a7fb ]
    
    [WHY & HOW]
    num_valid_sets needs to be checked to avoid a negative index when
    accessing reader_wm_sets[num_valid_sets - 1].
    
    This fixes an OVERRUN issue reported by Coverity.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Alex Hung <alex.hung@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [+ + +]
Author: Wayne Lin <wayne.lin@amd.com>
Date:   Mon May 27 15:33:48 2024 +0800

    drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
    
    [ Upstream commit ad28d7c3d989fc5689581664653879d664da76f0 ]
    
    [Why & How]
    It actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller
    number to create array dmub_callback & dmub_thread_offload has potential to access
    item out of array bound. Fix it.
    
    Reviewed-by: Jerry Zuo <jerry.zuo@amd.com>
    Acked-by: Zaeem Mohamed <zaeem.mohamed@amd.com>
    Signed-off-by: Wayne Lin <wayne.lin@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay [+ + +]
Author: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
Date:   Wed Sep 27 15:06:41 2023 -0400

    drm/amd/display: Don't use fsleep for PSR exit waits on dmub replay
    
    [ Upstream commit b5236da757adc75d7e52c69bdc233d29249a0d0c ]
    
    [Why]
    These functions can be called from high IRQ levels and the OS will hang
    if it tries to use a usleep_highres or a msleep.
    
    [How]
    Replace the flseep with a udelay for dmub_replay_enable.
    
    Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
    Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Ensure index calculation will not overflow [+ + +]
Author: Alex Hung <alex.hung@amd.com>
Date:   Wed Apr 24 17:08:04 2024 -0600

    drm/amd/display: Ensure index calculation will not overflow
    
    [ Upstream commit 8e2734bf444767fed787305ccdcb36a2be5301a2 ]
    
    [WHY & HOW]
    Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will
    never overflow and exceess array size.
    
    This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Alex Hung <alex.hung@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create [+ + +]
Author: Hersen Wu <hersenxs.wu@amd.com>
Date:   Fri Apr 26 11:58:11 2024 -0400

    drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create
    
    [ Upstream commit c6077aa66fa230d12f37fef01161ef080d13b726 ]
    
    [Why]
    For subtraction, coverity reports integer overflow
    warning message when variable type is uint32_t.
    
    [How]
    Change variable type to int32_t.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy [+ + +]
Author: Hersen Wu <hersenxs.wu@amd.com>
Date:   Fri Apr 26 12:13:59 2024 -0400

    drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy
    
    [ Upstream commit 83c0c8361347cf43937348e8ca0a487679c003ae ]
    
    [Why]
    For addtion (uint8_t) variable + constant 1,
    coverity generates message below:
    Truncation due to cast operation on "cur_idx + 1" from
    32 to 8 bits.
    
    Then Coverity assume result is 32 bits value be saved into
    8 bits variable. When result is used as index to access
    array, Coverity suspects index invalid.
    
    [How]
    Change varaible type to uint32_t.
    
    Reviewed-by: Alex Hung <alex.hung@amd.com>
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info [+ + +]
Author: Hersen Wu <hersenxs.wu@amd.com>
Date:   Fri Apr 26 10:46:41 2024 -0400

    drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info
    
    [ Upstream commit 176abbcc71952e23009a6ed194fd203b99646884 ]
    
    [Why]
    For substrcation, coverity reports integer overflow
    warning message when variable type is uint32_t.
    
    [How]
    Change varaible type to int32_t.
    
    Reviewed-by: Alex Hung <alex.hung@amd.com>
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box [+ + +]
Author: Hersen Wu <hersenxs.wu@amd.com>
Date:   Thu Apr 25 09:24:44 2024 -0400

    drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box
    
    [ Upstream commit 188fd1616ec43033cedbe343b6579e9921e2d898 ]
    
    [Why]
    Coverity reports OVERRUN warning. soc.num_states could
    be 40. But array range of bw_params->clk_table.entries is 8.
    
    [How]
    Assert if soc.num_states greater than 8.
    
    Reviewed-by: Alex Hung <alex.hung@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [+ + +]
Author: Hersen Wu <hersenxs.wu@amd.com>
Date:   Fri Apr 26 16:39:37 2024 -0400

    drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration
    
    [ Upstream commit a54f7e866cc73a4cb71b8b24bb568ba35c8969df ]
    
    [Why]
    Coverity reports Memory - illegal accesses.
    
    [How]
    Skip inactive planes.
    
    Reviewed-by: Alex Hung <alex.hung@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Skip wbscl_set_scaler_filter if filter is null [+ + +]
Author: Alex Hung <alex.hung@amd.com>
Date:   Mon Jun 3 10:47:37 2024 -0600

    drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
    
    [ Upstream commit c4d31653c03b90e51515b1380115d1aedad925dd ]
    
    Callers can pass null in filter (i.e. from returned from the function
    wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is
    not the case.
    
    This fixes 4 NULL_RETURNS issues reported by Coverity.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Hamza Mahfooz <hamza.mahfooz@amd.com>
    Signed-off-by: Alex Hung <alex.hung@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Spinlock before reading event [+ + +]
Author: Alex Hung <alex.hung@amd.com>
Date:   Fri Apr 26 10:33:47 2024 -0600

    drm/amd/display: Spinlock before reading event
    
    [ Upstream commit ae13c8a5cff92015b9a3eb7cee65ebc75859487f ]
    
    [WHY & HOW]
    A read of acrtc_attach->base.state->event was not locked so moving it
    inside the spinlock.
    
    This fixes a LOCK_EVASION issue reported by Coverity.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Alex Hung <alex.hung@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [+ + +]
Author: Hersen Wu <hersenxs.wu@amd.com>
Date:   Wed Apr 24 16:00:19 2024 -0400

    drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
    
    [ Upstream commit 84723eb6068c50610c5c0893980d230d7afa2105 ]
    
    [Why]
    Coverity reports OVERRUN warning. Should abort amdgpu_dm
    initialize.
    
    [How]
    Return failure to amdgpu_dm_init.
    
    Reviewed-by: Harry Wentland <harry.wentland@amd.com>
    Acked-by: Tom Chung <chiahsuan.chung@amd.com>
    Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/display: use preferred link settings for dp signal only [+ + +]
Author: Wenjing Liu <wenjing.liu@amd.com>
Date:   Wed May 29 12:20:41 2024 -0400

    drm/amd/display: use preferred link settings for dp signal only
    
    [ Upstream commit abf34ca465f5cd182b07701d3f3d369c0fc04723 ]
    
    [why]
    We set preferred link settings for virtual signal. However we don't support
    virtual signal for UHBR link rate. If preferred is set to UHBR link rate, we
    will allow virtual signal with UHBR link rate which causes system crashes.
    
    Reviewed-by: Dillon Varone <dillon.varone@amd.com>
    Acked-by: Zaeem Mohamed <zaeem.mohamed@amd.com>
    Signed-off-by: Wenjing Liu <wenjing.liu@amd.com>
    Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/amd/pm: check negtive return for table entries [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Mon May 13 16:01:23 2024 +0800

    drm/amd/pm: check negtive return for table entries
    
    [ Upstream commit f76059fe14395b37ba8d997eb0381b1b9e80a939 ]
    
    Function hwmgr->hwmgr_func->get_num_of_pp_table_entries(hwmgr) returns a negative number
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Suggested-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: check specific index for aldebaran [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Wed May 8 17:13:28 2024 +0800

    drm/amd/pm: check specific index for aldebaran
    
    [ Upstream commit 0ce8ef2639c112ae203c985b758389e378630aac ]
    
    Check for specific indexes that may be invalid values.
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: check specific index for smu13 [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Wed May 8 17:50:21 2024 +0800

    drm/amd/pm: check specific index for smu13
    
    [ Upstream commit a3ac9d1c9751f00026c2d98b802ec8a98626c3ed ]
    
    Check for specific indexes that may be invalid values.
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Suggested-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: Fix negative array index read [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Tue Apr 30 10:23:48 2024 +0800

    drm/amd/pm: Fix negative array index read
    
    [ Upstream commit c8c19ebf7c0b202a6a2d37a52ca112432723db5f ]
    
    Avoid using the negative values
    for clk_idex as an index into an array pptable->DpmDescriptor.
    
    V2: fix clk_index return check (Tim Huang)
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: fix the Out-of-bounds read warning [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Tue Apr 30 10:29:08 2024 +0800

    drm/amd/pm: fix the Out-of-bounds read warning
    
    [ Upstream commit 12c6967428a099bbba9dfd247bb4322a984fcc0b ]
    
    using index i - 1U may beyond element index
    for mc_data[] when i = 0.
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: fix uninitialized variable warning [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Sun Apr 28 15:36:26 2024 +0800

    drm/amd/pm: fix uninitialized variable warning
    
    [ Upstream commit 7c836905520703dbc8b938993b6d4d718bc739f3 ]
    
    Check the return of function smum_send_msg_to_smc
    as it may fail to initialize the variable.
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr [+ + +]
Author: Tim Huang <Tim.Huang@amd.com>
Date:   Fri Apr 26 12:52:45 2024 +0800

    drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr
    
    [ Upstream commit 86df36b934640866eb249a4488abb148b985a0d9 ]
    
    Clear warnings that using uninitialized value level when fails
    to get the value from SMU.
    
    Signed-off-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Christian König <christian.koenig@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt [+ + +]
Author: Tim Huang <Tim.Huang@amd.com>
Date:   Sun Apr 28 15:42:03 2024 +0800

    drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt
    
    [ Upstream commit b2871de6961d24d421839fbfa4aa3008ec9170d5 ]
    
    1. Fix a issue that using uninitialized mask to get the ultimate frequency.
    2. Check return of smu_cmn_send_smc_msg_with_param to avoid using
    uninitialized variable residency.
    
    Signed-off-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr [+ + +]
Author: Tim Huang <Tim.Huang@amd.com>
Date:   Sun Apr 28 12:41:42 2024 +0800

    drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr
    
    [ Upstream commit 5fa7d540d95d97ddc021a74583f6b3da4df9c93a ]
    
    Clear warnings that using uninitialized variable when fails
    to get the valid value from SMU.
    
    Signed-off-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amd/pm: fix warning using uninitialized value of max_vid_step [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Mon Apr 29 15:26:25 2024 +0800

    drm/amd/pm: fix warning using uninitialized value of max_vid_step
    
    [ Upstream commit 17e3bea65cdc453695b2fe4ff26d25d17f5339e9 ]
    
    Check the return of pp_atomfwctrl_get_Voltage_table_v4
    as it may fail to initialize max_vid_step
    V2: change the check condition (Tim Huang)
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs [+ + +]
Author: Ma Jun <Jun.Ma2@amd.com>
Date:   Fri May 10 10:05:21 2024 +0800

    drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs
    
    [ Upstream commit df0a9bd92fbbd3fcafcb2bce6463c9228a3e6868 ]
    
    Check the input value for CUSTOM profile mode setting on legacy
    SOCs. Otherwise we may use uninitalized value of input[]
    
    Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc [+ + +]
Author: Ma Jun <Jun.Ma2@amd.com>
Date:   Fri Apr 26 14:38:04 2024 +0800

    drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc
    
    [ Upstream commit 579f0c21baec9e7506b6bb3f60f0a9b6d07693b4 ]
    
    Check the return value of smum_send_msg_to_smc, otherwise
    we might use an uninitialized variable "now"
    
    Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu/pm: Fix uninitialized variable agc_btc_response [+ + +]
Author: Ma Jun <Jun.Ma2@amd.com>
Date:   Sun Apr 28 14:41:38 2024 +0800

    drm/amdgpu/pm: Fix uninitialized variable agc_btc_response
    
    [ Upstream commit df4409d8a04dd39d7f2aa0c5f528a56b99eaaa13 ]
    
    Assign an default value to agc_btc_response in failed case
    
    Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
    Acked-by: Alex Deucher <alexander.deucher@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu/pm: Fix uninitialized variable warning for smu10 [+ + +]
Author: Ma Jun <Jun.Ma2@amd.com>
Date:   Fri Apr 26 17:46:08 2024 +0800

    drm/amdgpu/pm: Fix uninitialized variable warning for smu10
    
    [ Upstream commit 336c8f558d596699d3d9814a45600139b2f23f27 ]
    
    Check return value of smum_send_msg_to_smc to fix
    uninitialized variable varning
    
    Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
    Acked-by: Alex Deucher <alexander.deucher@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb [+ + +]
Author: Yunxiang Li <Yunxiang.Li@amd.com>
Date:   Fri May 24 17:11:30 2024 -0400

    drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb
    
    [ Upstream commit 18f2525d31401e5142db95ff3a6ec0f4147be818 ]
    
    We need to take the reset domain lock before flush hdp. We can't put the
    lock inside amdgpu_device_flush_hdp itself because it is used during
    reset where we already take the write side lock.
    
    Signed-off-by: Yunxiang Li <Yunxiang.Li@amd.com>
    Reviewed-by: Christian König <christian.koenig@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: add lock in kfd_process_dequeue_from_device [+ + +]
Author: Yunxiang Li <Yunxiang.Li@amd.com>
Date:   Mon Jun 3 12:29:30 2024 -0400

    drm/amdgpu: add lock in kfd_process_dequeue_from_device
    
    [ Upstream commit d225960c2330e102370815367b877baaf8bb8b5d ]
    
    We need to take the reset domain lock before talking to MES. While in
    this case we can take the lock inside the mes helper. We can't do so for
    most other mes helpers since they are used during reset. So for
    consistency sake we add the lock here.
    
    Signed-off-by: Yunxiang Li <Yunxiang.Li@amd.com>
    Reviewed-by: Felix Kuehling <felix.kuehling@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: add skip_hw_access checks for sriov [+ + +]
Author: Yunxiang Li <Yunxiang.Li@amd.com>
Date:   Fri May 24 16:14:55 2024 -0400

    drm/amdgpu: add skip_hw_access checks for sriov
    
    [ Upstream commit b3948ad1ac582f560e1f3aeaecf384619921c48d ]
    
    Accessing registers via host is missing the check for skip_hw_access and
    the lockdep check that comes with it.
    
    Signed-off-by: Yunxiang Li <Yunxiang.Li@amd.com>
    Reviewed-by: Christian König <christian.koenig@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: avoid reading vf2pf info size from FB [+ + +]
Author: Zhigang Luo <Zhigang.Luo@amd.com>
Date:   Tue Apr 16 16:35:14 2024 -0400

    drm/amdgpu: avoid reading vf2pf info size from FB
    
    [ Upstream commit 3bcc0ee14768d886cedff65da72d83d375a31a56 ]
    
    VF can't access FB when host is doing mode1 reset. Using sizeof to get
    vf2pf info size, instead of reading it from vf2pf header stored in FB.
    
    Signed-off-by: Zhigang Luo <Zhigang.Luo@amd.com>
    Reviewed-by: Hawking Zhang <Hawking.Zhang@amd.com>
    Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: fix dereference after null check [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Wed May 8 14:51:35 2024 +0800

    drm/amdgpu: fix dereference after null check
    
    [ Upstream commit b1f7810b05d1950350ac2e06992982974343e441 ]
    
    check the pointer hive before use.
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: fix mc_data out-of-bounds read warning [+ + +]
Author: Tim Huang <Tim.Huang@amd.com>
Date:   Mon May 6 16:30:01 2024 +0800

    drm/amdgpu: fix mc_data out-of-bounds read warning
    
    [ Upstream commit 51dfc0a4d609fe700750a62f41447f01b8c9ea50 ]
    
    Clear warning that read mc_data[i-1] may out-of-bounds.
    
    Signed-off-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number [+ + +]
Author: Ma Jun <Jun.Ma2@amd.com>
Date:   Tue May 7 09:29:33 2024 +0800

    drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
    
    [ Upstream commit d768394fa99467bcf2703bde74ddc96eeb0b71fa ]
    
    Check the fb_channel_number range to avoid the array out-of-bounds
    read error
    
    Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: Fix out-of-bounds write warning [+ + +]
Author: Ma Jun <Jun.Ma2@amd.com>
Date:   Thu Apr 25 14:00:17 2024 +0800

    drm/amdgpu: Fix out-of-bounds write warning
    
    [ Upstream commit be1684930f5262a622d40ce7a6f1423530d87f89 ]
    
    Check the ring type value to fix the out-of-bounds
    write warning
    
    Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
    Suggested-by: Christian König <christian.koenig@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: fix overflowed array index read warning [+ + +]
Author: Tim Huang <Tim.Huang@amd.com>
Date:   Thu Apr 25 13:15:27 2024 +0800

    drm/amdgpu: fix overflowed array index read warning
    
    [ Upstream commit ebbc2ada5c636a6a63d8316a3408753768f5aa9f ]
    
    Clear overflowed array index read warning by cast operation.
    
    Signed-off-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
    Reviewed-by: Christian König <christian.koenig@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: Fix the uninitialized variable warning [+ + +]
Author: Ma Jun <Jun.Ma2@amd.com>
Date:   Wed Apr 24 15:44:56 2024 +0800

    drm/amdgpu: Fix the uninitialized variable warning
    
    [ Upstream commit 7e39d7ec35883a168343ea02f40e260e176c6c63 ]
    
    Check the user input and phy_id value range to fix
    "Using uninitialized value phy_id"
    
    Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
    Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: fix the waring dereferencing hive [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Wed May 8 16:20:49 2024 +0800

    drm/amdgpu: fix the waring dereferencing hive
    
    [ Upstream commit 1940708ccf5aff76de4e0b399f99267c93a89193 ]
    
    Check the amdgpu_hive_info *hive that maybe is NULL.
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: Fix the warning division or modulo by zero [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Fri May 10 17:32:53 2024 +0800

    drm/amdgpu: Fix the warning division or modulo by zero
    
    [ Upstream commit 1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c ]
    
    Checks the partition mode and returns an error for an invalid mode.
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Suggested-by: Lijo Lazar <lijo.lazar@amd.com>
    Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: fix ucode out-of-bounds read warning [+ + +]
Author: Tim Huang <Tim.Huang@amd.com>
Date:   Mon May 6 16:21:00 2024 +0800

    drm/amdgpu: fix ucode out-of-bounds read warning
    
    [ Upstream commit 8944acd0f9db33e17f387fdc75d33bb473d7936f ]
    
    Clear warning that read ucode[] may out-of-bounds.
    
    Signed-off-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr [+ + +]
Author: Ma Jun <Jun.Ma2@amd.com>
Date:   Wed Apr 24 10:50:54 2024 +0800

    drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr
    
    [ Upstream commit c0d6bd3cd209419cc46ac49562bef1db65d90e70 ]
    
    Assign value to clock to fix the warning below:
    "Using uninitialized value res. Field res.clock is uninitialized"
    
    Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
    Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: the warning dereferencing obj for nbio_v7_4 [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Mon May 13 15:22:42 2024 +0800

    drm/amdgpu: the warning dereferencing obj for nbio_v7_4
    
    [ Upstream commit d190b459b2a4304307c3468ed97477b808381011 ]
    
    if ras_manager obj null, don't print NBIO err data
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Suggested-by: Tim Huang <Tim.Huang@amd.com>
    Reviewed-by: Tim Huang <Tim.Huang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdgpu: update type of buf size to u32 for eeprom functions [+ + +]
Author: Tao Zhou <tao.zhou1@amd.com>
Date:   Fri May 17 18:04:26 2024 +0800

    drm/amdgpu: update type of buf size to u32 for eeprom functions
    
    [ Upstream commit 2aadb520bfacec12527effce3566f8df55e5d08e ]
    
    Avoid overflow issue.
    
    Signed-off-by: Tao Zhou <tao.zhou1@amd.com>
    Reviewed-by: Yang Wang <kevinyang.wang@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/amdgu: fix Unintentional integer overflow for mall size [+ + +]
Author: Jesse Zhang <jesse.zhang@amd.com>
Date:   Wed May 29 17:29:01 2024 +0800

    drm/amdgu: fix Unintentional integer overflow for mall size
    
    [ Upstream commit c09d2eff81a997c169e0cacacd6b60c5e3aa33f2 ]
    
    Potentially overflowing expression mall_size_per_umc * adev->gmc.num_umc with type unsigned int (32 bits, unsigned)
    is evaluated using 32-bit arithmetic,and then used in a context that expects an expression of type u64 (64 bits, unsigned).
    
    Signed-off-by: Jesse Zhang <Jesse.Zhang@amd.com>
    Reviewed-by: Christian König <christian.koenig@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/amdkfd: Check debug trap enable before write dbg_ev_file [+ + +]
Author: Lin.Cao <lincao12@amd.com>
Date:   Wed Apr 24 11:27:16 2024 +0800

    drm/amdkfd: Check debug trap enable before write dbg_ev_file
    
    [ Upstream commit 547033b593063eb85bfdf9b25a5f1b8fd1911be2 ]
    
    In interrupt context, write dbg_ev_file will be run by work queue. It
    will cause write dbg_ev_file execution after debug_trap_disable, which
    will cause NULL pointer access.
    v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL.
    
    Signed-off-by: Lin.Cao <lincao12@amd.com>
    Reviewed-by: Jonathan Kim <jonathan.kim@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device [+ + +]
Author: Michael Chen <michael.chen@amd.com>
Date:   Fri May 3 15:31:08 2024 -0400

    drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device
    
    [ Upstream commit 10f624ef239bd136cdcc5bbc626157a57b938a31 ]
    
    Currently oem_id is defined as uint8_t[6] and casted to uint64_t*
    in some use case. This would lead code scanner to complain about
    access beyond. Re-define it in union to enforce 8-byte size and
    alignment to avoid potential issue.
    
    Signed-off-by: Michael Chen <michael.chen@amd.com>
    Reviewed-by: Felix Kuehling <felix.kuehling@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ [+ + +]
Author: Marek Vasut <marex@denx.de>
Date:   Fri May 31 22:33:12 2024 +0200

    drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
    
    [ Upstream commit 162e48cb1d84c2c966b649b8ac5c9d4f75f6d44f ]
    
    Make sure the connector is fully initialized before signalling any
    HPD events via drm_kms_helper_hotplug_event(), otherwise this may
    lead to NULL pointer dereference.
    
    Signed-off-by: Marek Vasut <marex@denx.de>
    Reviewed-by: Robert Foss <rfoss@kernel.org>
    Signed-off-by: Robert Foss <rfoss@kernel.org>
    Link: https://patchwork.freedesktop.org/patch/msgid/20240531203333.277476-1-marex@denx.de
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/fb-helper: Don't schedule_work() to flush frame buffer during panic() [+ + +]
Author: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
Date:   Wed Jul 3 22:17:37 2024 +0800

    drm/fb-helper: Don't schedule_work() to flush frame buffer during panic()
    
    [ Upstream commit 833cd3e9ad8360785b6c23c82dd3856df00732d9 ]
    
    Sometimes the system [1] hangs on x86 I/O machine checks. However, the
    expected behavior is to reboot the system, as the machine check handler
    ultimately triggers a panic(), initiating a reboot in the last step.
    
    The root cause is that sometimes the panic() is blocked when
    drm_fb_helper_damage() invoking schedule_work() to flush the frame buffer.
    This occurs during the process of flushing all messages to the frame
    buffer driver as shown in the following call trace:
    
      Machine check occurs [2]:
        panic()
          console_flush_on_panic()
            console_flush_all()
              console_emit_next_record()
                con->write()
                  vt_console_print()
                    hide_cursor()
                      vc->vc_sw->con_cursor()
                        fbcon_cursor()
                          ops->cursor()
                            bit_cursor()
                              soft_cursor()
                                info->fbops->fb_imageblit()
                                  drm_fbdev_generic_defio_imageblit()
                                    drm_fb_helper_damage_area()
                                      drm_fb_helper_damage()
                                        schedule_work() // <--- blocked here
        ...
        emergency_restart()  // wasn't invoked, so no reboot.
    
    During panic(), except the panic CPU, all the other CPUs are stopped.
    In schedule_work(), the panic CPU requires the lock of worker_pool to
    queue the work on that pool, while the lock may have been token by some
    other stopped CPU. So schedule_work() is blocked.
    
    Additionally, during a panic(), since there is no opportunity to execute
    any scheduled work, it's safe to fix this issue by skipping schedule_work()
    on 'oops_in_progress' in drm_fb_helper_damage().
    
    [1] Enable the kernel option CONFIG_FRAMEBUFFER_CONSOLE,
        CONFIG_DRM_FBDEV_EMULATION, and boot with the 'console=tty0'
        kernel command line parameter.
    
    [2] Set 'panic_timeout' to a non-zero value before calling panic().
    
    Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
    Reported-by: Yudong Wang <yudong.wang@intel.com>
    Tested-by: Yudong Wang <yudong.wang@intel.com>
    Signed-off-by: Qiuxu Zhuo <qiuxu.zhuo@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20240703141737.75378-1-qiuxu.zhuo@intel.com
    Signed-off-by: Maarten Lankhorst,,, <maarten.lankhorst@linux.intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>
 
drm/kfd: Correct pinned buffer handling at kfd restore and validate process [+ + +]
Author: Xiaogang Chen <xiaogang.chen@amd.com>
Date:   Mon May 13 23:54:25 2024 -0500

    drm/kfd: Correct pinned buffer handling at kfd restore and validate process
    
    [ Upstream commit f326d7cc745683f53052b84382bd10567b45cd5d ]
    
    This reverts commit 8a774fe912ff ("drm/amdgpu: avoid restore process run into dead loop")
    since buffer got pinned is not related whether it needs mapping
    And skip buffer validation at kfd driver if the buffer has been pinned.
    
    Signed-off-by: Xiaogang Chen <Xiaogang.Chen@amd.com>
    Reviewed-by: Felix Kuehling <felix.kuehling@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/meson: plane: Add error handling [+ + +]
Author: Haoran Liu <liuhaoran14@163.com>
Date:   Wed Nov 29 03:34:05 2023 -0800

    drm/meson: plane: Add error handling
    
    [ Upstream commit 3c28b239620e249b68beeca17f429e317fa6b8d4 ]
    
    This patch adds robust error handling to the meson_plane_create
    function in drivers/gpu/drm/meson/meson_plane.c. The function
    previously lacked proper handling for potential failure scenarios
    of the drm_universal_plane_init call.
    
    Signed-off-by: Haoran Liu <liuhaoran14@163.com>
    Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
    Link: https://lore.kernel.org/r/20231129113405.33057-1-liuhaoran14@163.com
    [narmstrong: fixe the commit subject]
    Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
    Link: https://patchwork.freedesktop.org/patch/msgid/20231129113405.33057-1-liuhaoran14@163.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm: panel-orientation-quirks: Add quirk for OrangePi Neo [+ + +]
Author: Philip Mueller <philm@manjaro.org>
Date:   Mon Jul 15 11:57:49 2024 +0700

    drm: panel-orientation-quirks: Add quirk for OrangePi Neo
    
    [ Upstream commit d60c429610a14560085d98fa6f4cdb43040ca8f0 ]
    
    This adds a DMI orientation quirk for the OrangePi Neo Linux Gaming
    Handheld.
    
    Signed-off-by: Philip Mueller <philm@manjaro.org>
    Reviewed-by: Hans de Goede <hdegoede@redhat.com>
    Signed-off-by: Hans de Goede <hdegoede@redhat.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20240715045818.1019979-1-philm@manjaro.org
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
f2fs: fix to do sanity check on blocks for inline_data inode [+ + +]
Author: Chao Yu <chao@kernel.org>
Date:   Tue May 21 14:23:18 2024 +0800

    f2fs: fix to do sanity check on blocks for inline_data inode
    
    [ Upstream commit c240c87bcd44a1a2375fc8ef8c645d1f1fe76466 ]
    
    inode can be fuzzed, so it can has F2FS_INLINE_DATA flag and valid
    i_blocks/i_nid value, this patch supports to do extra sanity check
    to detect such corrupted state.
    
    Signed-off-by: Chao Yu <chao@kernel.org>
    Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
fsnotify: clear PARENT_WATCHED flags lazily [+ + +]
Author: Amir Goldstein <amir73il@gmail.com>
Date:   Sun May 12 13:30:07 2024 +0200

    fsnotify: clear PARENT_WATCHED flags lazily
    
    [ Upstream commit 172e422ffea20a89bfdc672741c1aad6fbb5044e ]
    
    In some setups directories can have many (usually negative) dentries.
    Hence __fsnotify_update_child_dentry_flags() function can take a
    significant amount of time. Since the bulk of this function happens
    under inode->i_lock this causes a significant contention on the lock
    when we remove the watch from the directory as the
    __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask()
    races with __fsnotify_update_child_dentry_flags() calls from
    __fsnotify_parent() happening on children. This can lead upto softlockup
    reports reported by users.
    
    Fix the problem by calling fsnotify_update_children_dentry_flags() to
    set PARENT_WATCHED flags only when parent starts watching children.
    
    When parent stops watching children, clear false positive PARENT_WATCHED
    flags lazily in __fsnotify_parent() for each accessed child.
    
    Suggested-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Amir Goldstein <amir73il@gmail.com>
    Signed-off-by: Stephen Brennan <stephen.s.brennan@oracle.com>
    Signed-off-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
gfs2: Revert "Add quota_change type" [+ + +]
Author: Andreas Gruenbacher <agruenba@redhat.com>
Date:   Wed Jun 5 22:13:15 2024 +0200

    gfs2: Revert "Add quota_change type"
    
    [ Upstream commit ec4b5200c8af9ce021399d3192b3379c089396c3 ]
    
    Commit 432928c93779 ("gfs2: Add quota_change type") makes the incorrect
    assertion that function do_qc() should behave differently in the two
    contexts it is used in, but that isn't actually true.  In all cases,
    do_qc() grabs a "reference" when it starts using a slot in the per-node
    quota changes file, and it releases that "reference" when no more
    residual changes remain.  Revert that broken commit.
    
    There are some remaining issues with function do_qc() which are
    addressed in the next commit.
    
    This reverts commit 432928c9377959684c748a9bc6553ed2d3c2ea4f.
    
    Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
hwmon: (k10temp) Check return value of amd_smn_read() [+ + +]
Author: Yazen Ghannam <yazen.ghannam@amd.com>
Date:   Thu Jun 6 11:12:56 2024 -0500

    hwmon: (k10temp) Check return value of amd_smn_read()
    
    [ Upstream commit c2d79cc5455c891de6c93e1e0c73d806e299c54f ]
    
    Check the return value of amd_smn_read() before saving a value. This
    ensures invalid values aren't saved or used.
    
    There are three cases here with slightly different behavior:
    
    1) read_tempreg_nb_zen():
            This is a function pointer which does not include a return code.
            In this case, set the register value to 0 on failure. This
            enforces Read-as-Zero behavior.
    
    2) k10temp_read_temp():
            This function does have return codes, so return the error code
            from the failed register read. Continued operation is not
            necessary, since there is no valid data from the register.
            Furthermore, if the register value was set to 0, then the
            following operation would underflow.
    
    3) k10temp_get_ccd_support():
            This function reads the same register from multiple CCD
            instances in a loop. And a bitmask is formed if a specific bit
            is set in each register instance. The loop should continue on a
            failed register read, skipping the bit check.
    
    Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
    Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
    Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
    Acked-by: Guenter Roeck <linux@roeck-us.net>
    Link: https://lore.kernel.org/r/20240606-fix-smn-bad-read-v4-3-ffde21931c3f@amd.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
hwspinlock: Introduce hwspin_lock_bust() [+ + +]
Author: Richard Maina <quic_rmaina@quicinc.com>
Date:   Wed May 29 11:09:55 2024 -0700

    hwspinlock: Introduce hwspin_lock_bust()
    
    [ Upstream commit 7c327d56597d8de1680cf24e956b704270d3d84a ]
    
    When a remoteproc crashes or goes down unexpectedly this can result in
    a state where locks held by the remoteproc will remain locked possibly
    resulting in deadlock. This new API hwspin_lock_bust() allows
    hwspinlock implementers to define a bust operation for freeing previously
    acquired hwspinlocks after verifying ownership of the acquired lock.
    
    Signed-off-by: Richard Maina <quic_rmaina@quicinc.com>
    Reviewed-by: Bjorn Andersson <andersson@kernel.org>
    Signed-off-by: Chris Lew <quic_clew@quicinc.com>
    Link: https://lore.kernel.org/r/20240529-hwspinlock-bust-v3-1-c8b924ffa5a2@quicinc.com
    Signed-off-by: Bjorn Andersson <andersson@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
i2c: Fix conditional for substituting empty ACPI functions [+ + +]
Author: Richard Fitzgerald <rf@opensource.cirrus.com>
Date:   Fri Aug 2 16:22:14 2024 +0100

    i2c: Fix conditional for substituting empty ACPI functions
    
    [ Upstream commit f17c06c6608ad4ecd2ccf321753fb511812d821b ]
    
    Add IS_ENABLED(CONFIG_I2C) to the conditional around a bunch of ACPI
    functions.
    
    The conditional around these functions depended only on CONFIG_ACPI.
    But the functions are implemented in I2C core, so are only present if
    CONFIG_I2C is enabled.
    
    Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
    Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

i2c: Use IS_REACHABLE() for substituting empty ACPI functions [+ + +]
Author: Richard Fitzgerald <rf@opensource.cirrus.com>
Date:   Wed Aug 14 13:16:49 2024 +0100

    i2c: Use IS_REACHABLE() for substituting empty ACPI functions
    
    commit 71833e79a42178d8a50b5081c98c78ace9325628 upstream.
    
    Replace IS_ENABLED() with IS_REACHABLE() to substitute empty stubs for:
        i2c_acpi_get_i2c_resource()
        i2c_acpi_client_count()
        i2c_acpi_find_bus_speed()
        i2c_acpi_new_device_by_fwnode()
        i2c_adapter *i2c_acpi_find_adapter_by_handle()
        i2c_acpi_waive_d0_probe()
    
    commit f17c06c6608a ("i2c: Fix conditional for substituting empty ACPI
    functions") partially fixed this conditional to depend on CONFIG_I2C,
    but used IS_ENABLED(), which is wrong since CONFIG_I2C is tristate.
    
    CONFIG_ACPI is boolean but let's also change it to use IS_REACHABLE()
    to future-proof it against becoming tristate.
    
    Somehow despite testing various combinations of CONFIG_I2C and CONFIG_ACPI
    we missed the combination CONFIG_I2C=m, CONFIG_ACPI=y.
    
    Signed-off-by: Richard Fitzgerald <rf@opensource.cirrus.com>
    Fixes: f17c06c6608a ("i2c: Fix conditional for substituting empty ACPI functions")
    Reported-by: kernel test robot <lkp@intel.com>
    Closes: https://lore.kernel.org/oe-kbuild-all/202408141333.gYnaitcV-lkp@intel.com/
    Reviewed-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 
ionic: fix potential irq name truncation [+ + +]
Author: Shannon Nelson <shannon.nelson@amd.com>
Date:   Tue May 28 17:02:53 2024 -0700

    ionic: fix potential irq name truncation
    
    [ Upstream commit 3eb76e71b16e8ba5277bf97617aef51f5e64dbe4 ]
    
    Address a warning about potential string truncation based on the
    string buffer sizes.  We can add some hints to the string format
    specifier to set limits on the resulting possible string to
    squelch the complaints.
    
    Signed-off-by: Shannon Nelson <shannon.nelson@amd.com>
    Link: https://lore.kernel.org/r/20240529000259.25775-2-shannon.nelson@amd.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
Linux: Linux 6.6.50 [+ + +]
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date:   Sun Sep 8 07:54:49 2024 +0200

    Linux 6.6.50
    
    Link: https://lore.kernel.org/r/20240905093722.230767298@linuxfoundation.org
    Tested-by: Shuah Khan <skhan@linuxfoundation.org>
    Link: https://lore.kernel.org/r/20240905163540.863769972@linuxfoundation.org
    Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
    Tested-by: Mark Brown <broonie@kernel.org>
    Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
    Tested-by: Jon Hunter <jonathanh@nvidia.com>
    Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
    Tested-by: Peter Schneider <pschneider1968@googlemail.com>
    Tested-by: Takeshi Ogasawara <takeshi.ogasawara@futuring-girl.com>
    Tested-by: Ron Economos <re@w6rz.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 
media: uvcvideo: Enforce alignment of frame and interval [+ + +]
Author: Ricardo Ribalda <ribalda@chromium.org>
Date:   Thu Apr 4 17:56:18 2024 +0000

    media: uvcvideo: Enforce alignment of frame and interval
    
    [ Upstream commit c8931ef55bd325052ec496f242aea7f6de47dc9c ]
    
    Struct uvc_frame and interval (u32*) are packaged together on
    streaming->formats on a single contiguous allocation.
    
    Right now they are allocated right after uvc_format, without taking into
    consideration their required alignment.
    
    This is working fine because both structures have a field with a
    pointer, but it will stop working when the sizeof() of any of those
    structs is not a multiple of the sizeof(void*).
    
    Enforce that alignment during the allocation.
    
    Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
    Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
    Link: https://lore.kernel.org/r/20240404-uvc-align-v2-1-9e104b0ecfbd@chromium.org
    Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

media: v4l2-cci: Always assign *val [+ + +]
Author: Sakari Ailus <sakari.ailus@linux.intel.com>
Date:   Tue May 28 14:00:51 2024 +0300

    media: v4l2-cci: Always assign *val
    
    [ Upstream commit 7417b1b1f36cc214dc458e717278a27a912d3b51 ]
    
    Always assign *val to 0 in cci_read(). This has the benefit of not
    requiring initialisation of the variables data is read to using
    cci_read(). Once smatch is fixed, it could catch the use of uninitialised
    reads.
    
    Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
    Tested-by: Benjamin Mugnier <benjamin.mugnier@foss.st.com>
    Reviewed-by: Hans de Goede <hdegoede@redhat.com>
    Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
mptcp: avoid duplicated SUB_CLOSED events [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Tue Sep 3 12:17:48 2024 +0200

    mptcp: avoid duplicated SUB_CLOSED events
    
    commit d82809b6c5f2676b382f77a5cbeb1a5d91ed2235 upstream.
    
    The initial subflow might have already been closed, but still in the
    connection list. When the worker is instructed to close the subflows
    that have been marked as closed, it might then try to close the initial
    subflow again.
    
     A consequence of that is that the SUB_CLOSED event can be seen twice:
    
      # ip mptcp endpoint
      1.1.1.1 id 1 subflow dev eth0
      2.2.2.2 id 2 subflow dev eth1
    
      # ip mptcp monitor &
      [         CREATED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9
      [     ESTABLISHED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9
      [  SF_ESTABLISHED] remid=0 locid=2 saddr4=2.2.2.2 daddr4=9.9.9.9
    
      # ip mptcp endpoint delete id 1
      [       SF_CLOSED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9
      [       SF_CLOSED] remid=0 locid=0 saddr4=1.1.1.1 daddr4=9.9.9.9
    
    The first one is coming from mptcp_pm_nl_rm_subflow_received(), and the
    second one from __mptcp_close_subflow().
    
    To avoid doing the post-closed processing twice, the subflow is now
    marked as closed the first time.
    
    Note that it is not enough to check if we are dealing with the first
    subflow and check its sk_state: the subflow might have been reset or
    closed before calling mptcp_close_ssk().
    
    Fixes: b911c97c7dc7 ("mptcp: add netlink event support")
    Cc: stable@vger.kernel.org
    Tested-by: Arınç ÜNAL <arinc.unal@arinc9.com>
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    [ Conflict in protocol.h due to commit f1f26512a9bf ("mptcp: use plain
      bool instead of custom binary enum") and more that are not in this
      version, because they modify the context and the size of __unused. The
      conflict is easy to resolve, by not modifying data_avail type. ]
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

mptcp: make pm_remove_addrs_and_subflows static [+ + +]
Author: Geliang Tang <geliang@kernel.org>
Date:   Fri Mar 1 19:18:25 2024 +0100

    mptcp: make pm_remove_addrs_and_subflows static
    
    [ Upstream commit e38b117d7f3b4a5d810f6d0069ad0f643e503796 ]
    
    mptcp_pm_remove_addrs_and_subflows() is only used in pm_netlink.c, it's
    no longer used in pm_userspace.c any more since the commit 8b1c94da1e48
    ("mptcp: only send RM_ADDR in nl_cmd_remove"). So this patch changes it
    to a static function.
    
    Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
    Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Stable-dep-of: 87b5896f3f78 ("mptcp: pm: fix RM_ADDR ID for the initial subflow")
    Signed-off-by: Sasha Levin <sashal@kernel.org>

mptcp: pm: fix RM_ADDR ID for the initial subflow [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Wed Aug 28 08:14:25 2024 +0200

    mptcp: pm: fix RM_ADDR ID for the initial subflow
    
    [ Upstream commit 87b5896f3f7848130095656739b05881904e2697 ]
    
    The initial subflow has a special local ID: 0. When an endpoint is being
    deleted, it is then important to check if its address is not linked to
    the initial subflow to send the right ID.
    
    If there was an endpoint linked to the initial subflow, msk's
    mpc_endpoint_id field will be set. We can then use this info when an
    endpoint is being removed to see if it is linked to the initial subflow.
    
    So now, the correct IDs are passed to mptcp_pm_nl_rm_addr_or_subflow(),
    it is no longer needed to use mptcp_local_id_match().
    
    Fixes: 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking")
    Cc: stable@vger.kernel.org
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

mptcp: pr_debug: add missing \n at the end [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Tue Sep 3 12:09:58 2024 +0200

    mptcp: pr_debug: add missing \n at the end
    
    commit cb41b195e634d3f1ecfcd845314e64fd4bb3c7aa upstream.
    
    pr_debug() have been added in various places in MPTCP code to help
    developers to debug some situations. With the dynamic debug feature, it
    is easy to enable all or some of them, and asks users to reproduce
    issues with extra debug.
    
    Many of these pr_debug() don't end with a new line, while no 'pr_cont()'
    are used in MPTCP code. So the goal was not to display multiple debug
    messages on one line: they were then not missing the '\n' on purpose.
    Not having the new line at the end causes these messages to be printed
    with a delay, when something else needs to be printed. This issue is not
    visible when many messages need to be printed, but it is annoying and
    confusing when only specific messages are expected, e.g.
    
      # echo "func mptcp_pm_add_addr_echoed +fmp" \
            > /sys/kernel/debug/dynamic_debug/control
      # ./mptcp_join.sh "signal address"; \
            echo "$(awk '{print $1}' /proc/uptime) - end"; \
            sleep 5s; \
            echo "$(awk '{print $1}' /proc/uptime) - restart"; \
            ./mptcp_join.sh "signal address"
      013 signal address
          (...)
      10.75 - end
      15.76 - restart
      013 signal address
      [  10.367935] mptcp:mptcp_pm_add_addr_echoed: MPTCP: msk=(...)
          (...)
    
      => a delay of 5 seconds: printed with a 10.36 ts, but after 'restart'
         which was printed at the 15.76 ts.
    
    The 'Fixes' tag here below points to the first pr_debug() used without
    '\n' in net/mptcp. This patch could be split in many small ones, with
    different Fixes tag, but it doesn't seem worth it, because it is easy to
    re-generate this patch with this simple 'sed' command:
    
      git grep -l pr_debug -- net/mptcp |
        xargs sed -i "s/\(pr_debug(\".*[^n]\)\(\"[,)]\)/\1\\\n\2/g"
    
    So in case of conflicts, simply drop the modifications, and launch this
    command.
    
    Fixes: f870fa0b5768 ("mptcp: Add MPTCP socket stubs")
    Cc: stable@vger.kernel.org
    Reviewed-by: Geliang Tang <geliang@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-4-905199fe1172@kernel.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    [ As mentioned above, conflicts were expected, and resolved by using the
      'sed' command which is visible above. ]
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 
net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule [+ + +]
Author: Yevgeny Kliteynik <kliteyn@nvidia.com>
Date:   Tue Jul 30 09:16:32 2024 +0300

    net/mlx5: DR, Fix 'stack guard page was hit' error in dr_rule
    
    [ Upstream commit 94a3ad6c081381fa9ee523781789802b4ed00faf ]
    
    This patch reduces the size of hw_ste_arr_optimized array that is
    allocated on stack from 640 bytes (5 match STEs + 5 action STES)
    to 448 bytes (2 match STEs + 5 action STES).
    This fixes the 'stack guard page was hit' issue, while still fitting
    majority of the usecases (up to 2 match STEs).
    
    Signed-off-by: Yevgeny Kliteynik <kliteyn@nvidia.com>
    Reviewed-by: Alex Vesker <valex@nvidia.com>
    Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
    Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
    Link: https://patch.msgid.link/20240730061638.1831002-4-tariqt@nvidia.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
net/mlx5e: SHAMPO, Fix incorrect page release [+ + +]
Author: Dragos Tatulea <dtatulea@nvidia.com>
Date:   Tue Jun 4 00:22:07 2024 +0300

    net/mlx5e: SHAMPO, Fix incorrect page release
    
    [ Upstream commit 70bd03b89f20b9bbe51a7f73c4950565a17a45f7 ]
    
    Under the following conditions:
    1) No skb created yet
    2) header_size == 0 (no SHAMPO header)
    3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the
       last page fragment of a SHAMPO header page)
    
    a new skb is formed with a page that is NOT a SHAMPO header page (it
    is a regular data page). Further down in the same function
    (mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from
    header_index is released. This is wrong and it leads to SHAMPO header
    pages being released more than once.
    
    Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
    Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
    Link: https://lore.kernel.org/r/20240603212219.1037656-3-tariqt@nvidia.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
net: remove NULL-pointer net parameter in ip_metrics_convert [+ + +]
Author: Jason Xing <kernelxing@tencent.com>
Date:   Fri May 31 23:46:34 2024 +0800

    net: remove NULL-pointer net parameter in ip_metrics_convert
    
    [ Upstream commit 61e2bbafb00e4b9a5de45e6448a7b6b818658576 ]
    
    When I was doing some experiments, I found that when using the first
    parameter, namely, struct net, in ip_metrics_convert() always triggers NULL
    pointer crash. Then I digged into this part, realizing that we can remove
    this one due to its uselessness.
    
    Signed-off-by: Jason Xing <kernelxing@tencent.com>
    Reviewed-by: Simon Horman <horms@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

net: usb: qmi_wwan: add MeiG Smart SRM825L [+ + +]
Author: ZHANG Yuntian <yt@radxa.com>
Date:   Sat Aug 3 15:46:51 2024 +0800

    net: usb: qmi_wwan: add MeiG Smart SRM825L
    
    [ Upstream commit 1ca645a2f74a4290527ae27130c8611391b07dbf ]
    
    Add support for MeiG Smart SRM825L which is based on Qualcomm 315 chip.
    
    T:  Bus=04 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#=  2 Spd=5000 MxCh= 0
    D:  Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs=  1
    P:  Vendor=2dee ProdID=4d22 Rev= 4.14
    S:  Manufacturer=MEIG
    S:  Product=LTE-A Module
    S:  SerialNumber=6f345e48
    C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=896mA
    I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
    E:  Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    E:  Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
    E:  Ad=83(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
    E:  Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    E:  Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
    E:  Ad=85(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
    E:  Ad=84(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    E:  Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
    E:  Ad=87(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
    E:  Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    E:  Ad=04(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    I:* If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
    E:  Ad=05(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    E:  Ad=88(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    I:* If#= 5 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
    E:  Ad=89(I) Atr=03(Int.) MxPS=   8 Ivl=32ms
    E:  Ad=8e(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    E:  Ad=0f(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms
    
    Signed-off-by: ZHANG Yuntian <yt@radxa.com>
    Link: https://patch.msgid.link/D1EB81385E405DFE+20240803074656.567061-1-yt@radxa.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
PCI: al: Check IORESOURCE_BUS existence during probe [+ + +]
Author: Aleksandr Mishin <amishin@t-argos.ru>
Date:   Fri May 3 15:57:05 2024 +0300

    PCI: al: Check IORESOURCE_BUS existence during probe
    
    [ Upstream commit a9927c2cac6e9831361e43a14d91277818154e6a ]
    
    If IORESOURCE_BUS is not provided in Device Tree it will be fabricated in
    of_pci_parse_bus_range(), so NULL pointer dereference should not happen
    here.
    
    But that's hard to verify, so check for NULL anyway.
    
    Found by Linux Verification Center (linuxtesting.org) with SVACE.
    
    Link: https://lore.kernel.org/linux-pci/20240503125705.46055-1-amishin@t-argos.ru
    Suggested-by: Bjorn Helgaas <helgaas@kernel.org>
    Signed-off-by: Aleksandr Mishin <amishin@t-argos.ru>
    Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
    [bhelgaas: commit log]
    Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
platform/chrome: cros_ec_lpc: MEC access can use an AML mutex [+ + +]
Author: Ben Walsh <ben@jubnut.com>
Date:   Wed Jun 5 07:33:48 2024 +0100

    platform/chrome: cros_ec_lpc: MEC access can use an AML mutex
    
    [ Upstream commit 60c7df66450e3a7821a8d68496c20c95de6a15c5 ]
    
    Framework Laptops have ACPI code which accesses the MEC memory. It
    uses an AML mutex to prevent concurrent access. But the cros_ec_lpc
    driver was not aware of this mutex. The ACPI code and LPC driver both
    attempted to talk to the EC at the same time, messing up communication
    with the EC.
    
    Allow the LPC driver MEC code to find and use the AML mutex.
    
    Tested-by: Dustin L. Howett <dustin@howett.net>
    Signed-off-by: Ben Walsh <ben@jubnut.com>
    Link: https://lore.kernel.org/r/20240605063351.14836-3-ben@jubnut.com
    Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode. [+ + +]
Author: Ken Sloat <ksloat@designlinxhs.com>
Date:   Thu Dec 15 16:07:15 2022 +0000

    pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode.
    
    [ Upstream commit 56f45266df67aa0f5b2a6881c8c4d16dbfff6b7d ]
    
    This timer HW supports 8, 16 and 32-bit timer widths. This
    driver currently uses a u32 to store the max possible value
    of the timer. However, statements perform addition of 2 in
    xilinx_pwm_apply() when calculating the period_cycles and
    duty_cycles values. Since priv->max is a u32, this will
    result in an overflow to 1 which will not only be incorrect
    but fail on range comparison. This results in making it
    impossible to set the PWM in this timer mode.
    
    There are two obvious solutions to the current problem:
    1. Cast each instance where overflow occurs to u64.
    2. Change priv->max from a u32 to a u64.
    
    Solution #1 requires more code modifications, and leaves
    opportunity to introduce similar overflows if other math
    statements are added in the future. These may also go
    undetected if running in non 32-bit timer modes.
    
    Solution #2 is the much smaller and cleaner approach and
    thus the chosen method in this patch.
    
    This was tested on a Zynq UltraScale+ with multiple
    instances of the PWM IP.
    
    Signed-off-by: Ken Sloat <ksloat@designlinxhs.com>
    Reviewed-by: Michal Simek <michal.simek@amd.com>
    Reviewed-by: Sean Anderson <sean.anderson@seco.com>
    Link: https://lore.kernel.org/r/SJ0P222MB0107490C5371B848EF04351CA1E19@SJ0P222MB0107.NAMP222.PROD.OUTLOOK.COM
    Signed-off-by: Michal Simek <michal.simek@amd.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
rcu/nocb: Remove buggy bypass lock contention mitigation [+ + +]
Author: Frederic Weisbecker <frederic@kernel.org>
Date:   Thu Apr 25 16:18:35 2024 +0200

    rcu/nocb: Remove buggy bypass lock contention mitigation
    
    [ Upstream commit e4f78057291608f6968a6789c5ebb3bde7d95504 ]
    
    The bypass lock contention mitigation assumes there can be at most
    2 contenders on the bypass lock, following this scheme:
    
    1) One kthread takes the bypass lock
    2) Another one spins on it and increment the contended counter
    3) A third one (a bypass enqueuer) sees the contended counter on and
      busy loops waiting on it to decrement.
    
    However this assumption is wrong. There can be only one CPU to find the
    lock contended because call_rcu() (the bypass enqueuer) is the only
    bypass lock acquire site that may not already hold the NOCB lock
    beforehand, all the other sites must first contend on the NOCB lock.
    Therefore step 2) is impossible.
    
    The other problem is that the mitigation assumes that contenders all
    belong to the same rdp CPU, which is also impossible for a raw spinlock.
    In theory the warning could trigger if the enqueuer holds the bypass
    lock and another CPU flushes the bypass queue concurrently but this is
    prevented from all flush users:
    
    1) NOCB kthreads only flush if they successfully _tried_ to lock the
       bypass lock. So no contention management here.
    
    2) Flush on callbacks migration happen remotely when the CPU is offline.
       No concurrency against bypass enqueue.
    
    3) Flush on deoffloading happen either locally with IRQs disabled or
       remotely when the CPU is not yet online. No concurrency against
       bypass enqueue.
    
    4) Flush on barrier entrain happen either locally with IRQs disabled or
       remotely when the CPU is offline. No concurrency against
       bypass enqueue.
    
    For those reasons, the bypass lock contention mitigation isn't needed
    and is even wrong. Remove it but keep the warning reporting a contended
    bypass lock on a remote CPU, to keep unexpected contention awareness.
    
    Signed-off-by: Frederic Weisbecker <frederic@kernel.org>
    Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
RDMA/efa: Properly handle unexpected AQ completions [+ + +]
Author: Michael Margolin <mrgolin@amazon.com>
Date:   Mon May 13 06:46:30 2024 +0000

    RDMA/efa: Properly handle unexpected AQ completions
    
    [ Upstream commit 2d0e7ba468eae365f3c4bc9266679e1f8dd405f0 ]
    
    Do not try to handle admin command completion if it has an unexpected
    command id and print a relevant error message.
    
    Reviewed-by: Firas Jahjah <firasj@amazon.com>
    Reviewed-by: Yehuda Yitschak <yehuday@amazon.com>
    Signed-off-by: Michael Margolin <mrgolin@amazon.com>
    Link: https://lore.kernel.org/r/20240513064630.6247-1-mrgolin@amazon.com
    Reviewed-by: Gal Pressman <gal.pressman@linux.dev>
    Signed-off-by: Leon Romanovsky <leon@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
regmap: spi: Fix potential off-by-one when calculating reserved size [+ + +]
Author: Andy Shevchenko <andy.shevchenko@gmail.com>
Date:   Wed Jun 5 23:53:15 2024 +0300

    regmap: spi: Fix potential off-by-one when calculating reserved size
    
    [ Upstream commit d4ea1d504d2701ba04412f98dc00d45a104c52ab ]
    
    If we ever meet a hardware that uses weird register bits and padding,
    we may end up in off-by-one error since x/8 + y/8 might not be equal
    to (x + y)/8 in some cases.
    
    bits    pad   x/8+y/8 (x+y)/8
    4..7    0..3    0       0 // x + y from 4 up to 7
    4..7    4..7    0       1 // x + y from 8 up to 11
    4..7    8..11   1       1 // x + y from 12 up to 15
    8..15   0..7    1       1 // x + y from 8 up to 15
    8..15   8..15   2       2 // x + y from 16 up to 23
    
    Fix this by using (x+y)/8.
    
    Signed-off-by: Andy Shevchenko <andy.shevchenko@gmail.com>
    Link: https://msgid.link/r/20240605205315.19132-1-andy.shevchenko@gmail.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
scsi: ufs: core: Bypass quick recovery if force reset is needed [+ + +]
Author: Peter Wang <peter.wang@mediatek.com>
Date:   Fri Jul 12 17:45:06 2024 +0800

    scsi: ufs: core: Bypass quick recovery if force reset is needed
    
    [ Upstream commit 022587d8aec3da1d1698ddae9fb8cfe35f3ad49c ]
    
    If force_reset is true, bypass quick recovery.  This will shorten error
    recovery time.
    
    Signed-off-by: Peter Wang <peter.wang@mediatek.com>
    Link: https://lore.kernel.org/r/20240712094506.11284-1-peter.wang@mediatek.com
    Reviewed-by: Bean Huo <beanhuo@micron.com>
    Reviewed-by: Bart Van Assche <bvanassche@acm.org>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

scsi: ufs: core: Check LSDBS cap when !mcq [+ + +]
Author: Kyoungrul Kim <k831.kim@samsung.com>
Date:   Wed Jul 10 08:25:20 2024 +0900

    scsi: ufs: core: Check LSDBS cap when !mcq
    
    [ Upstream commit 0c60eb0cc320fffbb8b10329d276af14f6f5e6bf ]
    
    If the user sets use_mcq_mode to 0, the host will try to activate the LSDB
    mode unconditionally even when the LSDBS of device HCI cap is 1. This makes
    commands time out and causes device probing to fail.
    
    To prevent that problem, check the LSDBS cap when MCQ is not supported.
    
    Signed-off-by: Kyoungrul Kim <k831.kim@samsung.com>
    Link: https://lore.kernel.org/r/20240709232520epcms2p8ebdb5c4fccc30a6221390566589bf122@epcms2p8
    Reviewed-by: Bart Van Assche <bvanassche@acm.org>
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
selftests: mptcp: add explicit test case for remove/readd [+ + +]
Author: Paolo Abeni <pabeni@redhat.com>
Date:   Sat Jul 27 11:04:01 2024 +0200

    selftests: mptcp: add explicit test case for remove/readd
    
    [ Upstream commit b5e2fb832f48bc01d937a053e0550a1465a2f05d ]
    
    Delete and re-create a signal endpoint and ensure that the PM
    actually deletes and re-create the subflow.
    
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Stable-dep-of: 1c2326fcae4f ("selftests: mptcp: join: check re-adding init endp with != id")
    Signed-off-by: Sasha Levin <sashal@kernel.org>

selftests: mptcp: add mptcp_lib_events helper [+ + +]
Author: Geliang Tang <geliang@kernel.org>
Date:   Tue Sep 3 12:23:49 2024 +0200

    selftests: mptcp: add mptcp_lib_events helper
    
    commit 35bc143a8514ee72b2e9d6b8b385468608b93a53 upstream.
    
    To avoid duplicated code in different MPTCP selftests, we can add and
    use helpers defined in mptcp_lib.sh.
    
    This patch unifies "pm_nl_ctl events" related code in userspace_pm.sh
    and mptcp_join.sh into a helper mptcp_lib_events(). Define it in
    mptcp_lib.sh and use it in both scripts.
    
    Note that mptcp_lib_kill_wait is now call before starting 'events' for
    mptcp_join.sh as well, but that's fine: each test is started from a new
    netns, so there will not be any existing pid there, and nothing is done
    when mptcp_lib_kill_wait is called with 0.
    
    Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
    Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Link: https://lore.kernel.org/r/20240306-upstream-net-next-20240304-selftests-mptcp-shared-code-shellcheck-v2-6-bc79e6e5e6a0@kernel.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Stable-dep-of: 20ccc7c5f7a3 ("selftests: mptcp: join: validate event numbers")
    [ Conflicts in mptcp_lib.sh, because the context is different at the end
      of the file, where the new helper is supposed to go. The new helper
      has simply be added at the end. ]
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

selftests: mptcp: declare event macros in mptcp_lib [+ + +]
Author: Geliang Tang <geliang@kernel.org>
Date:   Fri Mar 8 23:10:21 2024 +0100

    selftests: mptcp: declare event macros in mptcp_lib
    
    [ Upstream commit 23a0485d1c0491a3044026263cf9a0acd33d30a2 ]
    
    MPTCP event macros (SUB_ESTABLISHED, LISTENER_CREATED, LISTENER_CLOSED),
    and the protocol family macros (AF_INET, AF_INET6) are defined in both
    mptcp_join.sh and userspace_pm.sh. In order not to duplicate code, this
    patch declares them all in mptcp_lib.sh with MPTCP_LIB_ prefixs.
    
    Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
    Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Link: https://lore.kernel.org/r/20240308-upstream-net-next-20240308-selftests-mptcp-unification-v1-14-4f42c347b653@kernel.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Stable-dep-of: e93681afcb96 ("selftests: mptcp: join: cannot rm sf if closed")
    Signed-off-by: Sasha Levin <sashal@kernel.org>

selftests: mptcp: dump userspace addrs list [+ + +]
Author: Geliang Tang <geliang@kernel.org>
Date:   Fri Mar 1 19:18:34 2024 +0100

    selftests: mptcp: dump userspace addrs list
    
    [ Upstream commit 38f027fca1b724c6814fff4b8ad16b59c14a3e2a ]
    
    This patch adds a new helper userspace_pm_dump() to dump addresses
    for the userspace PM. Use this helper to check whether an ID 0 subflow
    is listed in the output of dump command after creating an ID 0 subflow
    in "userspace pm create id 0 subflow" test. Dump userspace PM addresses
    list in "userspace pm add & remove address" test and in "userspace pm
    create destroy subflow" test.
    
    Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
    Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Stable-dep-of: e93681afcb96 ("selftests: mptcp: join: cannot rm sf if closed")
    Signed-off-by: Sasha Levin <sashal@kernel.org>

selftests: mptcp: join: cannot rm sf if closed [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Mon Aug 26 19:11:19 2024 +0200

    selftests: mptcp: join: cannot rm sf if closed
    
    [ Upstream commit e93681afcb96864ec26c3b2ce94008ce93577373 ]
    
    Thanks to the previous commit, the MPTCP subflows are now closed on both
    directions even when only the MPTCP path-manager of one peer asks for
    their closure.
    
    In the two tests modified here -- "userspace pm add & remove address"
    and "userspace pm create destroy subflow" -- one peer is controlled by
    the userspace PM, and the other one by the in-kernel PM. When the
    userspace PM sends a RM_ADDR notification, the in-kernel PM will
    automatically react by closing all subflows using this address. Now,
    thanks to the previous commit, the subflows are properly closed on both
    directions, the userspace PM can then no longer closes the same
    subflows if they are already closed. Before, it was OK to do that,
    because the subflows were still half-opened, still OK to send a RM_ADDR.
    
    In other words, thanks to the previous commit closing the subflows, an
    error will be returned to the userspace if it tries to close a subflow
    that has already been closed. So no need to run this command, which mean
    that the linked counters will then not be incremented.
    
    These tests are then no longer sending both a RM_ADDR, then closing the
    linked subflow just after. The test with the userspace PM on the server
    side is now removing one subflow linked to one address, then sending
    a RM_ADDR for another address. The test with the userspace PM on the
    client side is now only removing the subflow that was previously
    created.
    
    Fixes: 4369c198e599 ("selftests: mptcp: test userspace pm out of transfer")
    Cc: stable@vger.kernel.org
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Link: https://patch.msgid.link/20240826-net-mptcp-close-extra-sf-fin-v1-2-905199fe1172@kernel.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

selftests: mptcp: join: check re-adding init endp with != id [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Wed Aug 28 08:14:30 2024 +0200

    selftests: mptcp: join: check re-adding init endp with != id
    
    [ Upstream commit 1c2326fcae4f0c5de8ad0d734ced43a8e5f17dac ]
    
    The initial subflow has a special local ID: 0. It is specific per
    connection.
    
    When a global endpoint is deleted and re-added later, it can have a
    different ID, but the kernel should still use the ID 0 if it corresponds
    to the initial address.
    
    This test validates this behaviour: the endpoint linked to the initial
    subflow is removed, and re-added with a different ID.
    
    Note that removing the initial subflow will not decrement the 'subflows'
    counters, which corresponds to the *additional* subflows. On the other
    hand, when the same endpoint is re-added, it will increment this
    counter, as it will be seen as an additional subflow this time.
    
    The 'Fixes' tag here below is the same as the one from the previous
    commit: this patch here is not fixing anything wrong in the selftests,
    but it validates the previous fix for an issue introduced by this commit
    ID.
    
    Fixes: 3ad14f54bd74 ("mptcp: more accurate MPC endpoint tracking")
    Cc: stable@vger.kernel.org
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

selftests: mptcp: join: check re-re-adding ID 0 signal [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Tue Sep 3 12:23:51 2024 +0200

    selftests: mptcp: join: check re-re-adding ID 0 signal
    
    commit f18fa2abf81099d822d842a107f8c9889c86043c upstream.
    
    This test extends "delete re-add signal" to validate the previous
    commit: when the 'signal' endpoint linked to the initial subflow (ID 0)
    is re-added multiple times, it will re-send the ADD_ADDR with id 0. The
    client should still be able to re-create this subflow, even if the
    add_addr_accepted limit has been reached as this special address is not
    considered as a new address.
    
    The 'Fixes' tag here below is the same as the one from the previous
    commit: this patch here is not fixing anything wrong in the selftests,
    but it validates the previous fix for an issue introduced by this commit
    ID.
    
    Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support")
    Cc: stable@vger.kernel.org
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

selftests: mptcp: join: check re-using ID of unused ADD_ADDR [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Mon Aug 19 21:45:20 2024 +0200

    selftests: mptcp: join: check re-using ID of unused ADD_ADDR
    
    [ Upstream commit a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 ]
    
    This test extends "delete re-add signal" to validate the previous
    commit. An extra address is announced by the server, but this address
    cannot be used by the client. The result is that no subflow will be
    established to this address.
    
    Later, the server will delete this extra endpoint, and set a new one,
    with a valid address, but re-using the same ID. Before the previous
    commit, the server would not have been able to announce this new
    address.
    
    While at it, extra checks have been added to validate the expected
    numbers of MPJ, ADD_ADDR and RM_ADDR.
    
    The 'Fixes' tag here below is the same as the one from the previous
    commit: this patch here is not fixing anything wrong in the selftests,
    but it validates the previous fix for an issue introduced by this commit
    ID.
    
    Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink")
    Cc: stable@vger.kernel.org
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-2-38035d40de5b@kernel.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Stable-dep-of: 1c2326fcae4f ("selftests: mptcp: join: check re-adding init endp with != id")
    Signed-off-by: Sasha Levin <sashal@kernel.org>

selftests: mptcp: join: disable get and dump addr checks [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Wed Sep 4 15:37:57 2024 +0200

    selftests: mptcp: join: disable get and dump addr checks
    
    These new checks have been recently queued to v6.6 [1] with the backport
    of commit 38f027fca1b7 ("selftests: mptcp: dump userspace addrs list"),
    and commit 4cc5cc7ca052 ("selftests: mptcp: userspace pm get addr
    tests").
    
    On v6.6, these checks will simply print 'skip', because the associated
    features are not available in this version. That's fine, except that the
    MPTCP CI sets the SELFTESTS_MPTCP_LIB_EXPECT_ALL_FEATURES=1 env var,
    which will force these subtests to fail when using the selftests from
    v6.6 on a v6.6 kernel, because the feature is not available.
    
    To ease the backports (and possible future ones), I suggest to keep the
    recent backports, but skip calling mptcp_lib_kallsyms_has() not to have
    the CIs setting this env var complaining about the associated features
    not being available.
    
    Link: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=bd2122541bd8 [1]
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

selftests: mptcp: join: stop transfer when check is done (part 2.2) [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Wed Sep 4 15:37:58 2024 +0200

    selftests: mptcp: join: stop transfer when check is done (part 2.2)
    
    Use mptcp_lib_kill_wait in "userspace pm create id 0 subflow" subtest.
    
    This new test has recently been queued to v6.6 [1] with the backport of
    commit b2e2248f365a ("selftests: mptcp: userspace pm create id 0
    subflow").
    
    The modification here was part of commit 04b57c9e096a ("selftests:
    mptcp: join: stop transfer when check is done (part 2)") that has been
    backported to v6.6 a few months ago -- see commit 358f02b84fbb
    ("selftests: mptcp: join: stop transfer when check is done (part 2)") --
    but it was not modifying this subtest as it was not present in v6.6.
    
    Link: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=bd2122541bd8 [1]
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

selftests: mptcp: join: test for flush/re-add endpoints [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Mon Aug 19 21:45:24 2024 +0200

    selftests: mptcp: join: test for flush/re-add endpoints
    
    commit e06959e9eebdfea4654390f53b65cff57691872e upstream.
    
    After having flushed endpoints that didn't cause the creation of new
    subflows, it is important to check endpoints can be re-created, re-using
    previously used IDs.
    
    Before the previous commit, the client would not have been able to
    re-create the subflow that was previously rejected.
    
    The 'Fixes' tag here below is the same as the one from the previous
    commit: this patch here is not fixing anything wrong in the selftests,
    but it validates the previous fix for an issue introduced by this commit
    ID.
    
    Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM")
    Cc: stable@vger.kernel.org
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-6-38035d40de5b@kernel.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

selftests: mptcp: join: validate event numbers [+ + +]
Author: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Date:   Tue Sep 3 12:23:50 2024 +0200

    selftests: mptcp: join: validate event numbers
    
    commit 20ccc7c5f7a3aa48092441a4b182f9f40418392e upstream.
    
    This test extends "delete and re-add" and "delete re-add signal" to
    validate the previous commit: the number of MPTCP events are checked to
    make sure there are no duplicated or unexpected ones.
    
    A new helper has been introduced to easily check these events. The
    missing events have been added to the lib.
    
    The 'Fixes' tag here below is the same as the one from the previous
    commit: this patch here is not fixing anything wrong in the selftests,
    but it validates the previous fix for an issue introduced by this commit
    ID.
    
    Fixes: b911c97c7dc7 ("mptcp: add netlink event support")
    Cc: stable@vger.kernel.org
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    [ Conflicts in mptcp_join.sh and mptcp_lib.sh, due to commit
      38f027fca1b7 ("selftests: mptcp: dump userspace addrs list") -- linked
      to a new feature, not backportable to stable -- and commit
      23a0485d1c04 ("selftests: mptcp: declare event macros in mptcp_lib")
      -- depending on the previous one -- not in this version. The conflicts
      in mptcp_join.sh were in the context, because a new helper had to be
      added after others that are not in this version. The conflicts in
      mptcp_lib.sh were due to the fact the other MPTCP_LIB_EVENT_*
      constants were not present. They have all been added in this version
      to ease future backports if any. ]
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

selftests: mptcp: userspace pm create id 0 subflow [+ + +]
Author: Geliang Tang <geliang@kernel.org>
Date:   Tue Nov 28 15:18:49 2023 -0800

    selftests: mptcp: userspace pm create id 0 subflow
    
    [ Upstream commit b2e2248f365a7ef0687fe048c335fe1a32f98b36 ]
    
    This patch adds a selftest to create id 0 subflow. Pass id 0 to the
    helper userspace_pm_add_sf() to create id 0 subflow. chk_mptcp_info
    shows one subflow but chk_subflows_total shows two subflows in each
    namespace.
    
    Reviewed-by: Matthieu Baerts <matttbe@kernel.org>
    Signed-off-by: Geliang Tang <geliang.tang@suse.com>
    Signed-off-by: Mat Martineau <martineau@kernel.org>
    Link: https://lore.kernel.org/r/20231128-send-net-next-2023107-v4-5-8d6b94150f6b@kernel.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Stable-dep-of: e93681afcb96 ("selftests: mptcp: join: cannot rm sf if closed")
    Signed-off-by: Sasha Levin <sashal@kernel.org>

selftests: mptcp: userspace pm get addr tests [+ + +]
Author: Geliang Tang <geliang@kernel.org>
Date:   Fri Mar 1 19:18:39 2024 +0100

    selftests: mptcp: userspace pm get addr tests
    
    [ Upstream commit 4cc5cc7ca052c816e20ed0cbc160299b454cbb75 ]
    
    This patch adds a new helper userspace_pm_get_addr() in mptcp_join.sh.
    In it, parse the token value from the output of 'pm_nl_ctl events', then
    pass it to pm_nl_ctl get_addr command. Use this helper in userspace pm
    dump tests.
    
    Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
    Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Reviewed-by: Mat Martineau <martineau@kernel.org>
    Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Stable-dep-of: e93681afcb96 ("selftests: mptcp: join: cannot rm sf if closed")
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
smack: tcp: ipv4, fix incorrect labeling [+ + +]
Author: Casey Schaufler <casey@schaufler-ca.com>
Date:   Wed Jun 5 15:41:50 2024 -0700

    smack: tcp: ipv4, fix incorrect labeling
    
    [ Upstream commit 2fe209d0ad2e2729f7e22b9b31a86cc3ff0db550 ]
    
    Currently, Smack mirrors the label of incoming tcp/ipv4 connections:
    when a label 'foo' connects to a label 'bar' with tcp/ipv4,
    'foo' always gets 'foo' in returned ipv4 packets. So,
    1) returned packets are incorrectly labeled ('foo' instead of 'bar')
    2) 'bar' can write to 'foo' without being authorized to write.
    
    Here is a scenario how to see this:
    
    * Take two machines, let's call them C and S,
       with active Smack in the default state
       (no settings, no rules, no labeled hosts, only builtin labels)
    
    * At S, add Smack rule 'foo bar w'
       (labels 'foo' and 'bar' are instantiated at S at this moment)
    
    * At S, at label 'bar', launch a program
       that listens for incoming tcp/ipv4 connections
    
    * From C, at label 'foo', connect to the listener at S.
       (label 'foo' is instantiated at C at this moment)
       Connection succeedes and works.
    
    * Send some data in both directions.
    * Collect network traffic of this connection.
    
    All packets in both directions are labeled with the CIPSO
    of the label 'foo'. Hence, label 'bar' writes to 'foo' without
    being authorized, and even without ever being known at C.
    
    If anybody cares: exactly the same happens with DCCP.
    
    This behavior 1st manifested in release 2.6.29.4 (see Fixes below)
    and it looks unintentional. At least, no explanation was provided.
    
    I changed returned packes label into the 'bar',
    to bring it into line with the Smack documentation claims.
    
    Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
    Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp [+ + +]
Author: Paulo Alcantara <pc@manguebit.com>
Date:   Thu Aug 1 18:12:39 2024 -0300

    smb: client: fix FSCTL_GET_REPARSE_POINT against NetApp
    
    [ Upstream commit ddecea00f87f0c46e9c8339a7c89fb2ff891521a ]
    
    NetApp server requires the file to be open with FILE_READ_EA access in
    order to support FSCTL_GET_REPARSE_POINT, otherwise it will return
    STATUS_INVALID_DEVICE_REQUEST.  It doesn't make any sense because
    there's no requirement for FILE_READ_EA bit to be set nor
    STATUS_INVALID_DEVICE_REQUEST being used for something other than
    "unsupported reparse points" in MS-FSA.
    
    To fix it and improve compatibility, set FILE_READ_EA & SYNCHRONIZE
    bits to match what Windows client currently does.
    
    Tested-by: Sebastian Steinbeisser <Sebastian.Steinbeisser@lrz.de>
    Acked-by: Tom Talpey <tom@talpey.com>
    Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
    Signed-off-by: Steve French <stfrench@microsoft.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host() [+ + +]
Author: Chris Lew <quic_clew@quicinc.com>
Date:   Wed May 29 11:09:57 2024 -0700

    soc: qcom: smem: Add qcom_smem_bust_hwspin_lock_by_host()
    
    [ Upstream commit 2e3f0d693875db698891ffe89a18121bda5b95b8 ]
    
    Add qcom_smem_bust_hwspin_lock_by_host to enable remoteproc to bust the
    hwspin_lock owned by smem. In the event the remoteproc crashes
    unexpectedly, the remoteproc driver can invoke this API to try and bust
    the hwspin_lock and release the lock if still held by the remoteproc
    device.
    
    Signed-off-by: Chris Lew <quic_clew@quicinc.com>
    Reviewed-by: Bjorn Andersson <quic_bjorande@quicinc.com>
    Link: https://lore.kernel.org/r/20240529-hwspinlock-bust-v3-3-c8b924ffa5a2@quicinc.com
    Signed-off-by: Bjorn Andersson <andersson@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
spi: hisi-kunpeng: Add validation for the minimum value of speed_hz [+ + +]
Author: Devyn Liu <liudingyuan@huawei.com>
Date:   Tue Jul 30 11:20:39 2024 +0800

    spi: hisi-kunpeng: Add validation for the minimum value of speed_hz
    
    [ Upstream commit c3c4f22b7c814a6ee485ce294065836f8ede30fa ]
    
    The speed specified by the user is used to calculate the clk_div based
    on the max_speed_hz in hisi_calc_effective_speed.  A very low speed
    value can lead to a clk_div larger than the variable range. Avoid this
    by setting the min_speed_hz so that such a small speed value is
    rejected.  __spi_validate() in spi.c will return -EINVAL for the
    specified speed_hz lower than min_speed_hz.
    
    Signed-off-by: Devyn Liu <liudingyuan@huawei.com>
    Reviewed-by: Jay Fang <f.fangjian@huawei.com>
    Link: https://patch.msgid.link/20240730032040.3156393-2-liudingyuan@huawei.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
usb: typec: ucsi: Fix null pointer dereference in trace [+ + +]
Author: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
Date:   Fri May 10 20:12:41 2024 +0000

    usb: typec: ucsi: Fix null pointer dereference in trace
    
    [ Upstream commit 99516f76db48e1a9d54cdfed63c1babcee4e71a5 ]
    
    ucsi_register_altmode checks IS_ERR for the alt pointer and treats
    NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,
    ucsi_register_displayport returns NULL which causes a NULL pointer
    dereference in trace. Rather than return NULL, call
    typec_port_register_altmode to register DisplayPort alternate mode
    as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.
    
    Reviewed-by: Benson Leung <bleung@chromium.org>
    Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
    Signed-off-by: Abhishek Pandit-Subedi <abhishekpandit@chromium.org>
    Signed-off-by: Jameson Thies <jthies@google.com>
    Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
    Link: https://lore.kernel.org/r/20240510201244.2968152-2-jthies@google.com
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
usbip: Don't submit special requests twice [+ + +]
Author: Simon Holesch <simon@holesch.de>
Date:   Sun May 19 16:15:38 2024 +0200

    usbip: Don't submit special requests twice
    
    [ Upstream commit 8b6b386f9aa936ed0c190446c71cf59d4a507690 ]
    
    Skip submitting URBs, when identical requests were already sent in
    tweak_special_requests(). Instead call the completion handler directly
    to return the result of the URB.
    
    Even though submitting those requests twice should be harmless, there
    are USB devices that react poorly to some duplicated requests.
    
    One example is the ChipIdea controller implementation in U-Boot: The
    second SET_CONFIGURATION request makes U-Boot disable and re-enable all
    endpoints. Re-enabling an endpoint in the ChipIdea controller, however,
    was broken until U-Boot commit b272c8792502 ("usb: ci: Fix gadget
    reinit").
    
    Signed-off-by: Simon Holesch <simon@holesch.de>
    Acked-by: Shuah Khan <skhan@linuxfoundation.org>
    Reviewed-by: Hongren Zheng <i@zenithal.me>
    Tested-by: Hongren Zheng <i@zenithal.me>
    Link: https://lore.kernel.org/r/20240519141922.171460-1-simon@holesch.de
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
virtio_net: Fix napi_skb_cache_put warning [+ + +]
Author: Breno Leitao <leitao@debian.org>
Date:   Fri Jul 12 04:53:25 2024 -0700

    virtio_net: Fix napi_skb_cache_put warning
    
    commit f8321fa75102246d7415a6af441872f6637c93ab upstream.
    
    After the commit bdacf3e34945 ("net: Use nested-BH locking for
    napi_alloc_cache.") was merged, the following warning began to appear:
    
             WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0
    
              __warn+0x12f/0x340
              napi_skb_cache_put+0x82/0x4b0
              napi_skb_cache_put+0x82/0x4b0
              report_bug+0x165/0x370
              handle_bug+0x3d/0x80
              exc_invalid_op+0x1a/0x50
              asm_exc_invalid_op+0x1a/0x20
              __free_old_xmit+0x1c8/0x510
              napi_skb_cache_put+0x82/0x4b0
              __free_old_xmit+0x1c8/0x510
              __free_old_xmit+0x1c8/0x510
              __pfx___free_old_xmit+0x10/0x10
    
    The issue arises because virtio is assuming it's running in NAPI context
    even when it's not, such as in the netpoll case.
    
    To resolve this, modify virtnet_poll_tx() to only set NAPI when budget
    is available. Same for virtnet_poll_cleantx(), which always assumed that
    it was in a NAPI context.
    
    Fixes: df133f3f9625 ("virtio_net: bulk free tx skbs")
    Suggested-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Breno Leitao <leitao@debian.org>
    Reviewed-by: Jakub Kicinski <kuba@kernel.org>
    Acked-by: Michael S. Tsirkin <mst@redhat.com>
    Acked-by: Jason Wang <jasowang@redhat.com>
    Reviewed-by: Heng Qi <hengqi@linux.alibaba.com>
    Link: https://patch.msgid.link/20240712115325.54175-1-leitao@debian.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    [Shivani: Modified to apply on v6.6.y]
    Signed-off-by: Shivani Agarwal <shivani.agarwal@broadcom.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 
wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() [+ + +]
Author: Jeff Johnson <quic_jjohnson@quicinc.com>
Date:   Sat May 4 11:52:09 2024 -0700

    wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem()
    
    [ Upstream commit 199f149e97dc7be80e5eed4b232529c1d1aa8055 ]
    
    smatch flagged the following issue:
    
    drivers/net/wireless/ath/ath11k/qmi.c:2401 ath11k_qmi_load_file_target_mem() error: uninitialized symbol 'ret'.
    
    The reality is that 'ret' is initialized in every path through
    ath11k_qmi_load_file_target_mem() except one, the case where the input
    'len' is 0, and hence the "while (remaining)" loop is never entered.
    But to make sure this case is also handled, add an initializer to the
    declaration of 'ret'.
    
    No functional changes, compile tested only.
    
    Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
    Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
    Link: https://msgid.link/20240504-qmi_load_file_target_mem-v1-2-069fc44c45eb@quicinc.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() [+ + +]
Author: Jeff Johnson <quic_jjohnson@quicinc.com>
Date:   Sat May 4 11:52:08 2024 -0700

    wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem()
    
    [ Upstream commit bb0b0a6b96e6de854cb1e349e17bd0e8bf421a59 ]
    
    smatch flagged the following issue:
    
    drivers/net/wireless/ath/ath12k/qmi.c:2619 ath12k_qmi_load_file_target_mem() error: uninitialized symbol 'ret'.
    
    The reality is that 'ret' is initialized in every path through
    ath12k_qmi_load_file_target_mem() except one, the case where the input
    'len' is 0, and hence the "while (remaining)" loop is never entered.
    But to make sure this case is also handled, add an initializer to the
    declaration of 'ret'.
    
    No functional changes, compile tested only.
    
    Signed-off-by: Jeff Johnson <quic_jjohnson@quicinc.com>
    Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
    Link: https://msgid.link/20240504-qmi_load_file_target_mem-v1-1-069fc44c45eb@quicinc.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

wifi: cfg80211: make hash table duplicates more survivable [+ + +]
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Fri Jun 7 20:17:17 2024 +0200

    wifi: cfg80211: make hash table duplicates more survivable
    
    [ Upstream commit 7f12e26a194d0043441f870708093d9c2c3bad7d ]
    
    Jiazi Li reported that they occasionally see hash table duplicates
    as evidenced by the WARN_ON() in rb_insert_bss() in this code.  It
    isn't clear how that happens, nor have I been able to reproduce it,
    but if it does happen, the kernel crashes later, when it tries to
    unhash the entry that's now not hashed.
    
    Try to make this situation more survivable by removing the BSS from
    the list(s) as well, that way it's fully leaked here (as had been
    the intent in the hash insert error path), and no longer reachable
    through the list(s) so it shouldn't be unhashed again later.
    
    Link: https://lore.kernel.org/r/20231026013528.GA24122@Jiazi.Li
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>
    Link: https://msgid.link/20240607181726.36835-2-johannes@sipsolutions.net
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

wifi: iwlwifi: remove fw_running op [+ + +]
Author: Shahar S Matityahu <shahar.s.matityahu@intel.com>
Date:   Fri May 10 17:06:40 2024 +0300

    wifi: iwlwifi: remove fw_running op
    
    [ Upstream commit 37733bffda3285d18bd1d72c14b3a1cf39c56a5e ]
    
    fw_running assumes that memory can be retrieved only after alive.
    This assumption is no longer true as we support dump before alive.
    To avoid invalid access to the NIC, check that STATUS_DEVICE_ENABLED
    bit in trans status is set before dumping instead of the prior check.
    
    Signed-off-by: Shahar S Matityahu <shahar.s.matityahu@intel.com>
    Reviewed-by: Luciano Coelho <luciano.coelho@intel.com>
    Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
    Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
    Link: https://msgid.link/20240510170500.ca07138cedeb.I090e31d3eaeb4ba19f5f84aba997ccd36927e9ac@changeid
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD [+ + +]
Author: Johannes Berg <johannes.berg@intel.com>
Date:   Thu May 23 12:11:40 2024 +0200

    wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD
    
    [ Upstream commit a0ca76e5b7d550fcd74753d5fdaaf23f1a9bfdb4 ]
    
    It's not valid to call ieee80211_bss_info_change_notify() with
    an sdata that's an MLD, remove the FIXME comment (it's not true)
    and add a warning.
    
    Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
    Link: https://msgid.link/20240523121140.97a589b13d24.I61988788d81fb3cf97a490dfd3167f67a141d1fd@changeid
    Signed-off-by: Johannes Berg <johannes.berg@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

wifi: rtw89: ser: avoid multiple deinit on same CAM [+ + +]
Author: Zong-Zhe Yang <kevin_yang@realtek.com>
Date:   Thu May 9 17:06:43 2024 +0800

    wifi: rtw89: ser: avoid multiple deinit on same CAM
    
    [ Upstream commit cea4066588308fa932b6b03486c608efff1d761c ]
    
    We did deinit CAM in STA iteration in VIF loop. But, the STA iteration
    missed to restrict the target VIF. So, if there are multiple VIFs, we
    would deinit a CAM multiple times. Now, fix it.
    
    Signed-off-by: Zong-Zhe Yang <kevin_yang@realtek.com>
    Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
    Link: https://msgid.link/20240509090646.35304-2-pkshih@realtek.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>