--- /dev/null
+From ef01f4e25c1760920e2c94f1c232350277ace69b Mon Sep 17 00:00:00 2001
+From: Paul Moore <paul@paul-moore.com>
+Date: Fri, 6 Jan 2023 10:43:59 -0500
+Subject: bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD and PERF_BPF_EVENT_PROG_UNLOAD
+
+From: Paul Moore <paul@paul-moore.com>
+
+commit ef01f4e25c1760920e2c94f1c232350277ace69b upstream.
+
+When changing the ebpf program put() routines to support being called
+from within IRQ context the program ID was reset to zero prior to
+calling the perf event and audit UNLOAD record generators, which
+resulted in problems as the ebpf program ID was bogus (always zero).
+This patch addresses this problem by removing an unnecessary call to
+bpf_prog_free_id() in __bpf_prog_offload_destroy() and adjusting
+__bpf_prog_put() to only call bpf_prog_free_id() after audit and perf
+have finished their bpf program unload tasks in
+bpf_prog_put_deferred(). For the record, no one can determine, or
+remember, why it was necessary to free the program ID, and remove it
+from the IDR, prior to executing bpf_prog_put_deferred();
+regardless, both Stanislav and Alexei agree that the approach in this
+patch should be safe.
+
+It is worth noting that when moving the bpf_prog_free_id() call, the
+do_idr_lock parameter was forced to true as the ebpf devs determined
+this was the correct as the do_idr_lock should always be true. The
+do_idr_lock parameter will be removed in a follow-up patch, but it
+was kept here to keep the patch small in an effort to ease any stable
+backports.
+
+I also modified the bpf_audit_prog() logic used to associate the
+AUDIT_BPF record with other associated records, e.g. @ctx != NULL.
+Instead of keying off the operation, it now keys off the execution
+context, e.g. '!in_irg && !irqs_disabled()', which is much more
+appropriate and should help better connect the UNLOAD operations with
+the associated audit state (other audit records).
+
+Cc: stable@vger.kernel.org
+Fixes: d809e134be7a ("bpf: Prepare bpf_prog_put() to be called from irq context.")
+Reported-by: Burn Alting <burn.alting@iinet.net.au>
+Reported-by: Jiri Olsa <olsajiri@gmail.com>
+Suggested-by: Stanislav Fomichev <sdf@google.com>
+Suggested-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Acked-by: Stanislav Fomichev <sdf@google.com>
+Link: https://lore.kernel.org/r/20230106154400.74211-1-paul@paul-moore.com
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/bpf/offload.c | 3 ---
+ kernel/bpf/syscall.c | 6 ++----
+ 2 files changed, 2 insertions(+), 7 deletions(-)
+
+--- a/kernel/bpf/offload.c
++++ b/kernel/bpf/offload.c
+@@ -216,9 +216,6 @@ static void __bpf_prog_offload_destroy(s
+ if (offload->dev_state)
+ offload->offdev->ops->destroy(prog);
+
+- /* Make sure BPF_PROG_GET_NEXT_ID can't find this dead program */
+- bpf_prog_free_id(prog, true);
+-
+ list_del_init(&offload->offloads);
+ kfree(offload);
+ prog->aux->offload = NULL;
+--- a/kernel/bpf/syscall.c
++++ b/kernel/bpf/syscall.c
+@@ -1695,7 +1695,7 @@ static void bpf_audit_prog(const struct
+ return;
+ if (audit_enabled == AUDIT_OFF)
+ return;
+- if (op == BPF_AUDIT_LOAD)
++ if (!in_irq() && !irqs_disabled())
+ ctx = audit_context();
+ ab = audit_log_start(ctx, GFP_ATOMIC, AUDIT_BPF);
+ if (unlikely(!ab))
+@@ -1790,6 +1790,7 @@ static void bpf_prog_put_deferred(struct
+ prog = aux->prog;
+ perf_event_bpf_event(prog, PERF_BPF_EVENT_PROG_UNLOAD, 0);
+ bpf_audit_prog(prog, BPF_AUDIT_UNLOAD);
++ bpf_prog_free_id(prog, true);
+ __bpf_prog_put_noref(prog, true);
+ }
+
+@@ -1798,9 +1799,6 @@ static void __bpf_prog_put(struct bpf_pr
+ struct bpf_prog_aux *aux = prog->aux;
+
+ if (atomic64_dec_and_test(&aux->refcnt)) {
+- /* bpf_prog_free_id() must be called first */
+- bpf_prog_free_id(prog, do_idr_lock);
+-
+ if (in_irq() || irqs_disabled()) {
+ INIT_WORK(&aux->work, bpf_prog_put_deferred);
+ schedule_work(&aux->work);
--- /dev/null
+From 16199ad9eb6db60a6b10794a09fc1ac6d09312ff Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Tue, 10 Jan 2023 14:56:37 +0000
+Subject: btrfs: do not abort transaction on failure to write log tree when syncing log
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit 16199ad9eb6db60a6b10794a09fc1ac6d09312ff upstream.
+
+When syncing the log, if we fail to write log tree extent buffers, we mark
+the log for a full commit and abort the transaction. However we don't need
+to abort the transaction, all we really need to do is to make sure no one
+can commit a superblock pointing to new log tree roots. Just because we
+got a failure writing extent buffers for a log tree, it does not mean we
+will also fail to do a transaction commit.
+
+One particular case is if due to a bug somewhere, when writing log tree
+extent buffers, the tree checker detects some corruption and the writeout
+fails because of that. Aborting the transaction can be very disruptive for
+a user, specially if the issue happened on a root filesystem. One example
+is the scenario in the Link tag below, where an isolated corruption on log
+tree leaves was causing transaction aborts when syncing the log.
+
+Link: https://lore.kernel.org/linux-btrfs/ae169fc6-f504-28f0-a098-6fa6a4dfb612@leemhuis.info/
+CC: stable@vger.kernel.org # 5.15+
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/disk-io.c | 9 ++++++++-
+ fs/btrfs/tree-log.c | 2 --
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+--- a/fs/btrfs/disk-io.c
++++ b/fs/btrfs/disk-io.c
+@@ -380,7 +380,14 @@ error:
+ btrfs_print_tree(eb, 0);
+ btrfs_err(fs_info, "block=%llu write time tree block corruption detected",
+ eb->start);
+- WARN_ON(IS_ENABLED(CONFIG_BTRFS_DEBUG));
++ /*
++ * Be noisy if this is an extent buffer from a log tree. We don't abort
++ * a transaction in case there's a bad log tree extent buffer, we just
++ * fallback to a transaction commit. Still we want to know when there is
++ * a bad log tree extent buffer, as that may signal a bug somewhere.
++ */
++ WARN_ON(IS_ENABLED(CONFIG_BTRFS_DEBUG) ||
++ btrfs_header_owner(eb) == BTRFS_TREE_LOG_OBJECTID);
+ return ret;
+ }
+
+--- a/fs/btrfs/tree-log.c
++++ b/fs/btrfs/tree-log.c
+@@ -3141,7 +3141,6 @@ int btrfs_sync_log(struct btrfs_trans_ha
+ ret = 0;
+ if (ret) {
+ blk_finish_plug(&plug);
+- btrfs_abort_transaction(trans, ret);
+ btrfs_set_log_full_commit(trans);
+ mutex_unlock(&root->log_mutex);
+ goto out;
+@@ -3273,7 +3272,6 @@ int btrfs_sync_log(struct btrfs_trans_ha
+ goto out_wake_log_root;
+ } else if (ret) {
+ btrfs_set_log_full_commit(trans);
+- btrfs_abort_transaction(trans, ret);
+ mutex_unlock(&log_root_tree->log_mutex);
+ goto out_wake_log_root;
+ }
--- /dev/null
+From b7adbf9ada3513d2092362c8eac5cddc5b651f5c Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Thu, 12 Jan 2023 16:31:08 +0000
+Subject: btrfs: fix race between quota rescan and disable leading to NULL pointer deref
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit b7adbf9ada3513d2092362c8eac5cddc5b651f5c upstream.
+
+If we have one task trying to start the quota rescan worker while another
+one is trying to disable quotas, we can end up hitting a race that results
+in the quota rescan worker doing a NULL pointer dereference. The steps for
+this are the following:
+
+1) Quotas are enabled;
+
+2) Task A calls the quota rescan ioctl and enters btrfs_qgroup_rescan().
+ It calls qgroup_rescan_init() which returns 0 (success) and then joins a
+ transaction and commits it;
+
+3) Task B calls the quota disable ioctl and enters btrfs_quota_disable().
+ It clears the bit BTRFS_FS_QUOTA_ENABLED from fs_info->flags and calls
+ btrfs_qgroup_wait_for_completion(), which returns immediately since the
+ rescan worker is not yet running.
+ Then it starts a transaction and locks fs_info->qgroup_ioctl_lock;
+
+4) Task A queues the rescan worker, by calling btrfs_queue_work();
+
+5) The rescan worker starts, and calls rescan_should_stop() at the start
+ of its while loop, which results in 0 iterations of the loop, since
+ the flag BTRFS_FS_QUOTA_ENABLED was cleared from fs_info->flags by
+ task B at step 3);
+
+6) Task B sets fs_info->quota_root to NULL;
+
+7) The rescan worker tries to start a transaction and uses
+ fs_info->quota_root as the root argument for btrfs_start_transaction().
+ This results in a NULL pointer dereference down the call chain of
+ btrfs_start_transaction(). The stack trace is something like the one
+ reported in Link tag below:
+
+ general protection fault, probably for non-canonical address 0xdffffc0000000041: 0000 [#1] PREEMPT SMP KASAN
+ KASAN: null-ptr-deref in range [0x0000000000000208-0x000000000000020f]
+ CPU: 1 PID: 34 Comm: kworker/u4:2 Not tainted 6.1.0-syzkaller-13872-gb6bb9676f216 #0
+ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
+ Workqueue: btrfs-qgroup-rescan btrfs_work_helper
+ RIP: 0010:start_transaction+0x48/0x10f0 fs/btrfs/transaction.c:564
+ Code: 48 89 fb 48 (...)
+ RSP: 0018:ffffc90000ab7ab0 EFLAGS: 00010206
+ RAX: 0000000000000041 RBX: 0000000000000208 RCX: ffff88801779ba80
+ RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
+ RBP: dffffc0000000000 R08: 0000000000000001 R09: fffff52000156f5d
+ R10: fffff52000156f5d R11: 1ffff92000156f5c R12: 0000000000000000
+ R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000003
+ FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 00007f2bea75b718 CR3: 000000001d0cc000 CR4: 00000000003506e0
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ Call Trace:
+ <TASK>
+ btrfs_qgroup_rescan_worker+0x3bb/0x6a0 fs/btrfs/qgroup.c:3402
+ btrfs_work_helper+0x312/0x850 fs/btrfs/async-thread.c:280
+ process_one_work+0x877/0xdb0 kernel/workqueue.c:2289
+ worker_thread+0xb14/0x1330 kernel/workqueue.c:2436
+ kthread+0x266/0x300 kernel/kthread.c:376
+ ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
+ </TASK>
+ Modules linked in:
+
+So fix this by having the rescan worker function not attempt to start a
+transaction if it didn't do any rescan work.
+
+Reported-by: syzbot+96977faa68092ad382c4@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/linux-btrfs/000000000000e5454b05f065a803@google.com/
+Fixes: e804861bd4e6 ("btrfs: fix deadlock between quota disable and qgroup rescan worker")
+CC: stable@vger.kernel.org # 5.4+
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/qgroup.c | 25 +++++++++++++++++--------
+ 1 file changed, 17 insertions(+), 8 deletions(-)
+
+--- a/fs/btrfs/qgroup.c
++++ b/fs/btrfs/qgroup.c
+@@ -3286,6 +3286,7 @@ static void btrfs_qgroup_rescan_worker(s
+ int err = -ENOMEM;
+ int ret = 0;
+ bool stopped = false;
++ bool did_leaf_rescans = false;
+
+ path = btrfs_alloc_path();
+ if (!path)
+@@ -3306,6 +3307,7 @@ static void btrfs_qgroup_rescan_worker(s
+ }
+
+ err = qgroup_rescan_leaf(trans, path);
++ did_leaf_rescans = true;
+
+ if (err > 0)
+ btrfs_commit_transaction(trans);
+@@ -3326,16 +3328,23 @@ out:
+ mutex_unlock(&fs_info->qgroup_rescan_lock);
+
+ /*
+- * only update status, since the previous part has already updated the
+- * qgroup info.
++ * Only update status, since the previous part has already updated the
++ * qgroup info, and only if we did any actual work. This also prevents
++ * race with a concurrent quota disable, which has already set
++ * fs_info->quota_root to NULL and cleared BTRFS_FS_QUOTA_ENABLED at
++ * btrfs_quota_disable().
+ */
+- trans = btrfs_start_transaction(fs_info->quota_root, 1);
+- if (IS_ERR(trans)) {
+- err = PTR_ERR(trans);
++ if (did_leaf_rescans) {
++ trans = btrfs_start_transaction(fs_info->quota_root, 1);
++ if (IS_ERR(trans)) {
++ err = PTR_ERR(trans);
++ trans = NULL;
++ btrfs_err(fs_info,
++ "fail to start transaction for status update: %d",
++ err);
++ }
++ } else {
+ trans = NULL;
+- btrfs_err(fs_info,
+- "fail to start transaction for status update: %d",
+- err);
+ }
+
+ mutex_lock(&fs_info->qgroup_rescan_lock);
--- /dev/null
+From 30b2b2196d6e4cc24cbec633535a2404f258ce69 Mon Sep 17 00:00:00 2001
+From: Enzo Matsumiya <ematsumiya@suse.de>
+Date: Wed, 18 Jan 2023 14:06:57 -0300
+Subject: cifs: do not include page data when checking signature
+
+From: Enzo Matsumiya <ematsumiya@suse.de>
+
+commit 30b2b2196d6e4cc24cbec633535a2404f258ce69 upstream.
+
+On async reads, page data is allocated before sending. When the
+response is received but it has no data to fill (e.g.
+STATUS_END_OF_FILE), __calc_signature() will still include the pages in
+its computation, leading to an invalid signature check.
+
+This patch fixes this by not setting the async read smb_rqst page data
+(zeroed by default) if its got_bytes is 0.
+
+This can be reproduced/verified with xfstests generic/465.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Enzo Matsumiya <ematsumiya@suse.de>
+Reviewed-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2pdu.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+--- a/fs/cifs/smb2pdu.c
++++ b/fs/cifs/smb2pdu.c
+@@ -3999,12 +3999,15 @@ smb2_readv_callback(struct mid_q_entry *
+ (struct smb2_sync_hdr *)rdata->iov[0].iov_base;
+ struct cifs_credits credits = { .value = 0, .instance = 0 };
+ struct smb_rqst rqst = { .rq_iov = &rdata->iov[1],
+- .rq_nvec = 1,
+- .rq_pages = rdata->pages,
+- .rq_offset = rdata->page_offset,
+- .rq_npages = rdata->nr_pages,
+- .rq_pagesz = rdata->pagesz,
+- .rq_tailsz = rdata->tailsz };
++ .rq_nvec = 1, };
++
++ if (rdata->got_bytes) {
++ rqst.rq_pages = rdata->pages;
++ rqst.rq_offset = rdata->page_offset;
++ rqst.rq_npages = rdata->nr_pages;
++ rqst.rq_pagesz = rdata->pagesz;
++ rqst.rq_tailsz = rdata->tailsz;
++ }
+
+ WARN_ONCE(rdata->server != mid->server,
+ "rdata server %p != mid server %p",
--- /dev/null
+From 1e336aa0c0250ec84c6f16efac40c9f0138e367d Mon Sep 17 00:00:00 2001
+From: Haibo Chen <haibo.chen@nxp.com>
+Date: Wed, 7 Dec 2022 19:23:15 +0800
+Subject: mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting
+
+From: Haibo Chen <haibo.chen@nxp.com>
+
+commit 1e336aa0c0250ec84c6f16efac40c9f0138e367d upstream.
+
+Current code logic may be impacted by the setting of ROM/Bootloader,
+so unmask these bits first, then setting these bits accordingly.
+
+Fixes: 2b16cf326b70 ("mmc: sdhci-esdhc-imx: move tuning static configuration into hwinit function")
+Signed-off-by: Haibo Chen <haibo.chen@nxp.com>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20221207112315.1812222-1-haibo.chen@nxp.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mmc/host/sdhci-esdhc-imx.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+--- a/drivers/mmc/host/sdhci-esdhc-imx.c
++++ b/drivers/mmc/host/sdhci-esdhc-imx.c
+@@ -107,6 +107,7 @@
+ #define ESDHC_TUNING_START_TAP_DEFAULT 0x1
+ #define ESDHC_TUNING_START_TAP_MASK 0x7f
+ #define ESDHC_TUNING_CMD_CRC_CHECK_DISABLE (1 << 7)
++#define ESDHC_TUNING_STEP_DEFAULT 0x1
+ #define ESDHC_TUNING_STEP_MASK 0x00070000
+ #define ESDHC_TUNING_STEP_SHIFT 16
+
+@@ -1346,7 +1347,7 @@ static void sdhci_esdhc_imx_hwinit(struc
+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
+ struct pltfm_imx_data *imx_data = sdhci_pltfm_priv(pltfm_host);
+ struct cqhci_host *cq_host = host->mmc->cqe_private;
+- int tmp;
++ u32 tmp;
+
+ if (esdhc_is_usdhc(imx_data)) {
+ /*
+@@ -1399,17 +1400,24 @@ static void sdhci_esdhc_imx_hwinit(struc
+
+ if (imx_data->socdata->flags & ESDHC_FLAG_STD_TUNING) {
+ tmp = readl(host->ioaddr + ESDHC_TUNING_CTRL);
+- tmp |= ESDHC_STD_TUNING_EN |
+- ESDHC_TUNING_START_TAP_DEFAULT;
+- if (imx_data->boarddata.tuning_start_tap) {
+- tmp &= ~ESDHC_TUNING_START_TAP_MASK;
++ tmp |= ESDHC_STD_TUNING_EN;
++
++ /*
++ * ROM code or bootloader may config the start tap
++ * and step, unmask them first.
++ */
++ tmp &= ~(ESDHC_TUNING_START_TAP_MASK | ESDHC_TUNING_STEP_MASK);
++ if (imx_data->boarddata.tuning_start_tap)
+ tmp |= imx_data->boarddata.tuning_start_tap;
+- }
++ else
++ tmp |= ESDHC_TUNING_START_TAP_DEFAULT;
+
+ if (imx_data->boarddata.tuning_step) {
+- tmp &= ~ESDHC_TUNING_STEP_MASK;
+ tmp |= imx_data->boarddata.tuning_step
+ << ESDHC_TUNING_STEP_SHIFT;
++ } else {
++ tmp |= ESDHC_TUNING_STEP_DEFAULT
++ << ESDHC_TUNING_STEP_SHIFT;
+ }
+
+ /* Disable the CMD CRC check for tuning, if not, need to
--- /dev/null
+From 8509419758f2cc28dd05370385af0d91573b76b4 Mon Sep 17 00:00:00 2001
+From: Samuel Holland <samuel@sholland.org>
+Date: Tue, 9 Aug 2022 21:25:09 -0500
+Subject: mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
+
+From: Samuel Holland <samuel@sholland.org>
+
+commit 8509419758f2cc28dd05370385af0d91573b76b4 upstream.
+
+If the controller is suspended by runtime PM, the clock is already
+disabled, so do not try to disable it again during removal. Use
+pm_runtime_disable() to flush any pending runtime PM transitions.
+
+Fixes: 9a8e1e8cc2c0 ("mmc: sunxi: Add runtime_pm support")
+Signed-off-by: Samuel Holland <samuel@sholland.org>
+Acked-by: Jernej Skrabec <jernej.skrabec@gmail.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20220810022509.43743-1-samuel@sholland.org
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mmc/host/sunxi-mmc.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/drivers/mmc/host/sunxi-mmc.c
++++ b/drivers/mmc/host/sunxi-mmc.c
+@@ -1483,9 +1483,11 @@ static int sunxi_mmc_remove(struct platf
+ struct sunxi_mmc_host *host = mmc_priv(mmc);
+
+ mmc_remove_host(mmc);
+- pm_runtime_force_suspend(&pdev->dev);
+- disable_irq(host->irq);
+- sunxi_mmc_disable(host);
++ pm_runtime_disable(&pdev->dev);
++ if (!pm_runtime_status_suspended(&pdev->dev)) {
++ disable_irq(host->irq);
++ sunxi_mmc_disable(host);
++ }
+ dma_free_coherent(&pdev->dev, PAGE_SIZE, host->sg_cpu, host->sg_dma);
+ mmc_free_host(mmc);
+
--- /dev/null
+From 43d5f5d63699724d47f0d9e0eae516a260d232b4 Mon Sep 17 00:00:00 2001
+From: Ben Dooks <ben.dooks@codethink.co.uk>
+Date: Fri, 6 Jan 2023 13:44:56 +0000
+Subject: riscv: dts: sifive: fu740: fix size of pcie 32bit memory
+
+From: Ben Dooks <ben.dooks@codethink.co.uk>
+
+commit 43d5f5d63699724d47f0d9e0eae516a260d232b4 upstream.
+
+The 32-bit memory resource is needed for non-prefetchable memory
+allocations on the PCIe bus, however with some cards (such as the
+SM768) the system fails to allocate memory from this.
+
+Checking the allocation against the datasheet, it looks like there
+has been a mis-calcualation of the resource for the first memory
+region (0x0060090000..0x0070ffffff) which in the data-sheet for
+the fu740 (v1p2) is from 0x0060000000..0x007fffffff. Changing
+this to allocate from 0x0060090000..0x007fffffff fixes the probing
+issues.
+
+Fixes: ae80d5148085 ("riscv: dts: Add PCIe support for the SiFive FU740-C000 SoC")
+Cc: Paul Walmsley <paul.walmsley@sifive.com>
+Cc: Greentime Hu <greentime.hu@sifive.com>
+Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
+Cc: stable@vger.kernel.org
+Tested-by: Ron Economos <re@w6rz.net> # from IRC
+Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
+Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/boot/dts/sifive/fu740-c000.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/riscv/boot/dts/sifive/fu740-c000.dtsi
++++ b/arch/riscv/boot/dts/sifive/fu740-c000.dtsi
+@@ -328,7 +328,7 @@
+ bus-range = <0x0 0xff>;
+ ranges = <0x81000000 0x0 0x60080000 0x0 0x60080000 0x0 0x10000>, /* I/O */
+ <0x82000000 0x0 0x60090000 0x0 0x60090000 0x0 0xff70000>, /* mem */
+- <0x82000000 0x0 0x70000000 0x0 0x70000000 0x0 0x1000000>, /* mem */
++ <0x82000000 0x0 0x70000000 0x0 0x70000000 0x0 0x10000000>, /* mem */
+ <0xc3000000 0x20 0x00000000 0x20 0x00000000 0x20 0x00000000>; /* mem prefetchable */
+ num-lanes = <0x8>;
+ interrupts = <56>, <57>, <58>, <59>, <60>, <61>, <62>, <63>, <64>;
usb-core-hub-disable-autosuspend-for-ti-tusb8041.patch
comedi-adv_pci1760-fix-pwm-instruction-handling.patch
acpi-prm-check-whether-efi-runtime-is-available.patch
+mmc-sunxi-mmc-fix-clock-refcount-imbalance-during-unbind.patch
+mmc-sdhci-esdhc-imx-correct-the-tuning-start-tap-and-step-setting.patch
+btrfs-do-not-abort-transaction-on-failure-to-write-log-tree-when-syncing-log.patch
+btrfs-fix-race-between-quota-rescan-and-disable-leading-to-null-pointer-deref.patch
+cifs-do-not-include-page-data-when-checking-signature.patch
+thunderbolt-use-correct-function-to-calculate-maximum-usb3-link-rate.patch
+riscv-dts-sifive-fu740-fix-size-of-pcie-32bit-memory.patch
+bpf-restore-the-ebpf-program-id-for-bpf_audit_unload-and-perf_bpf_event_prog_unload.patch
--- /dev/null
+From e8ff07fb33026c5c1bb5b81293496faba5d68059 Mon Sep 17 00:00:00 2001
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+Date: Fri, 20 May 2022 13:35:19 +0300
+Subject: thunderbolt: Use correct function to calculate maximum USB3 link rate
+
+From: Mika Westerberg <mika.westerberg@linux.intel.com>
+
+commit e8ff07fb33026c5c1bb5b81293496faba5d68059 upstream.
+
+We need to take minimum of both sides of the USB3 link into consideration,
+not just the downstream port. Fix this by calling tb_usb3_max_link_rate()
+instead.
+
+Fixes: 0bd680cd900c ("thunderbolt: Add USB3 bandwidth management")
+Cc: stable@vger.kernel.org
+Acked-by: Yehezkel Bernat <YehezkelShB@gmail.com>
+Signed-off-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/thunderbolt/tunnel.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/thunderbolt/tunnel.c
++++ b/drivers/thunderbolt/tunnel.c
+@@ -1262,7 +1262,7 @@ static void tb_usb3_reclaim_available_ba
+ return;
+ } else if (!ret) {
+ /* Use maximum link rate if the link valid is not set */
+- ret = usb4_usb3_port_max_link_rate(tunnel->src_port);
++ ret = tb_usb3_max_link_rate(tunnel->dst_port, tunnel->src_port);
+ if (ret < 0) {
+ tb_tunnel_warn(tunnel, "failed to read maximum link rate\n");
+ return;
projects / thirdparty / kernel / stable-queue.git / commitdiff
