--- /dev/null
+From 3f4093e2bf4673f218c0bf17d8362337c400e77b Mon Sep 17 00:00:00 2001
+From: Duoming Zhou <duoming@zju.edu.cn>
+Date: Fri, 5 Aug 2022 15:00:08 +0800
+Subject: atm: idt77252: fix use-after-free bugs caused by tst_timer
+
+From: Duoming Zhou <duoming@zju.edu.cn>
+
+commit 3f4093e2bf4673f218c0bf17d8362337c400e77b upstream.
+
+There are use-after-free bugs caused by tst_timer. The root cause
+is that there are no functions to stop tst_timer in idt77252_exit().
+One of the possible race conditions is shown below:
+
+ (thread 1) | (thread 2)
+ | idt77252_init_one
+ | init_card
+ | fill_tst
+ | mod_timer(&card->tst_timer, ...)
+idt77252_exit | (wait a time)
+ | tst_timer
+ |
+ | ...
+ kfree(card) // FREE |
+ | card->soft_tst[e] // USE
+
+The idt77252_dev is deallocated in idt77252_exit() and used in
+timer handler.
+
+This patch adds del_timer_sync() in idt77252_exit() in order that
+the timer handler could be stopped before the idt77252_dev is
+deallocated.
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
+Link: https://lore.kernel.org/r/20220805070008.18007-1-duoming@zju.edu.cn
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/atm/idt77252.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/atm/idt77252.c
++++ b/drivers/atm/idt77252.c
+@@ -3752,6 +3752,7 @@ static void __exit idt77252_exit(void)
+ card = idt77252_chain;
+ dev = card->atmdev;
+ idt77252_chain = card->next;
++ del_timer_sync(&card->tst_timer);
+
+ if (dev->phy->stop)
+ dev->phy->stop(dev);
--- /dev/null
+From e34f49348f8b7a53205b6f77707a3a6a40cf420b Mon Sep 17 00:00:00 2001
+From: Chen Lin <chen45464546@163.com>
+Date: Thu, 11 Aug 2022 23:16:51 +0800
+Subject: dpaa2-eth: trace the allocated address instead of page struct
+
+From: Chen Lin <chen45464546@163.com>
+
+commit e34f49348f8b7a53205b6f77707a3a6a40cf420b upstream.
+
+We should trace the allocated address instead of page struct.
+
+Fixes: 27c874867c4e ("dpaa2-eth: Use a single page per Rx buffer")
+Signed-off-by: Chen Lin <chen.lin5@zte.com.cn>
+Reviewed-by: Ioana Ciornei <ioana.ciornei@nxp.com>
+Link: https://lore.kernel.org/r/20220811151651.3327-1-chen45464546@163.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
++++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c
+@@ -1660,8 +1660,8 @@ static int dpaa2_eth_add_bufs(struct dpa
+ buf_array[i] = addr;
+
+ /* tracing point */
+- trace_dpaa2_eth_buf_seed(priv->net_dev,
+- page, DPAA2_ETH_RX_BUF_RAW_SIZE,
++ trace_dpaa2_eth_buf_seed(priv->net_dev, page_address(page),
++ DPAA2_ETH_RX_BUF_RAW_SIZE,
+ addr, priv->rx_buf_size,
+ bpid);
+ }
--- /dev/null
+From fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@kernel.org>
+Date: Fri, 5 Aug 2022 06:42:45 -0400
+Subject: fscache: don't leak cookie access refs if invalidation is in progress or failed
+
+From: Jeff Layton <jlayton@kernel.org>
+
+commit fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 upstream.
+
+It's possible for a request to invalidate a fscache_cookie will come in
+while we're already processing an invalidation. If that happens we
+currently take an extra access reference that will leak. Only call
+__fscache_begin_cookie_access if the FSCACHE_COOKIE_DO_INVALIDATE bit
+was previously clear.
+
+Also, ensure that we attempt to clear the bit when the cookie is
+"FAILED" and put the reference to avoid an access leak.
+
+Fixes: 85e4ea1049c7 ("fscache: Fix invalidation/lookup race")
+Suggested-by: David Howells <dhowells@redhat.com>
+Signed-off-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/fscache/cookie.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c
+index 74920826d8f6..26a6d395737a 100644
+--- a/fs/fscache/cookie.c
++++ b/fs/fscache/cookie.c
+@@ -739,6 +739,9 @@ static void fscache_cookie_state_machine(struct fscache_cookie *cookie)
+ fallthrough;
+
+ case FSCACHE_COOKIE_STATE_FAILED:
++ if (test_and_clear_bit(FSCACHE_COOKIE_DO_INVALIDATE, &cookie->flags))
++ fscache_end_cookie_access(cookie, fscache_access_invalidate_cookie_end);
++
+ if (atomic_read(&cookie->n_accesses) != 0)
+ break;
+ if (test_bit(FSCACHE_COOKIE_DO_RELINQUISH, &cookie->flags)) {
+@@ -1063,8 +1066,8 @@ void __fscache_invalidate(struct fscache_cookie *cookie,
+ return;
+
+ case FSCACHE_COOKIE_STATE_LOOKING_UP:
+- __fscache_begin_cookie_access(cookie, fscache_access_invalidate_cookie);
+- set_bit(FSCACHE_COOKIE_DO_INVALIDATE, &cookie->flags);
++ if (!test_and_set_bit(FSCACHE_COOKIE_DO_INVALIDATE, &cookie->flags))
++ __fscache_begin_cookie_access(cookie, fscache_access_invalidate_cookie);
+ fallthrough;
+ case FSCACHE_COOKIE_STATE_CREATING:
+ spin_unlock(&cookie->lock);
+--
+2.37.2
+
--- /dev/null
+From b4ab94d6adaa5cf842b68bd28f4b50bc774496bd Mon Sep 17 00:00:00 2001
+From: Matthias May <matthias.may@westermo.com>
+Date: Fri, 5 Aug 2022 21:00:06 +0200
+Subject: geneve: fix TOS inheriting for ipv4
+
+From: Matthias May <matthias.may@westermo.com>
+
+commit b4ab94d6adaa5cf842b68bd28f4b50bc774496bd upstream.
+
+The current code retrieves the TOS field after the lookup
+on the ipv4 routing table. The routing process currently
+only allows routing based on the original 3 TOS bits, and
+not on the full 6 DSCP bits.
+As a result the retrieved TOS is cut to the 3 bits.
+However for inheriting purposes the full 6 bits should be used.
+
+Extract the full 6 bits before the route lookup and use
+that instead of the cut off 3 TOS bits.
+
+Fixes: e305ac6cf5a1 ("geneve: Add support to collect tunnel metadata.")
+Signed-off-by: Matthias May <matthias.may@westermo.com>
+Acked-by: Guillaume Nault <gnault@redhat.com>
+Link: https://lore.kernel.org/r/20220805190006.8078-1-matthias.may@westermo.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/geneve.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/geneve.c
++++ b/drivers/net/geneve.c
+@@ -797,7 +797,8 @@ static struct rtable *geneve_get_v4_rt(s
+ struct geneve_sock *gs4,
+ struct flowi4 *fl4,
+ const struct ip_tunnel_info *info,
+- __be16 dport, __be16 sport)
++ __be16 dport, __be16 sport,
++ __u8 *full_tos)
+ {
+ bool use_cache = ip_tunnel_dst_cache_usable(skb, info);
+ struct geneve_dev *geneve = netdev_priv(dev);
+@@ -823,6 +824,8 @@ static struct rtable *geneve_get_v4_rt(s
+ use_cache = false;
+ }
+ fl4->flowi4_tos = RT_TOS(tos);
++ if (full_tos)
++ *full_tos = tos;
+
+ dst_cache = (struct dst_cache *)&info->dst_cache;
+ if (use_cache) {
+@@ -910,6 +913,7 @@ static int geneve_xmit_skb(struct sk_buf
+ const struct ip_tunnel_key *key = &info->key;
+ struct rtable *rt;
+ struct flowi4 fl4;
++ __u8 full_tos;
+ __u8 tos, ttl;
+ __be16 df = 0;
+ __be16 sport;
+@@ -920,7 +924,7 @@ static int geneve_xmit_skb(struct sk_buf
+
+ sport = udp_flow_src_port(geneve->net, skb, 1, USHRT_MAX, true);
+ rt = geneve_get_v4_rt(skb, dev, gs4, &fl4, info,
+- geneve->cfg.info.key.tp_dst, sport);
++ geneve->cfg.info.key.tp_dst, sport, &full_tos);
+ if (IS_ERR(rt))
+ return PTR_ERR(rt);
+
+@@ -964,7 +968,7 @@ static int geneve_xmit_skb(struct sk_buf
+
+ df = key->tun_flags & TUNNEL_DONT_FRAGMENT ? htons(IP_DF) : 0;
+ } else {
+- tos = ip_tunnel_ecn_encap(fl4.flowi4_tos, ip_hdr(skb), skb);
++ tos = ip_tunnel_ecn_encap(full_tos, ip_hdr(skb), skb);
+ if (geneve->cfg.ttl_inherit)
+ ttl = ip_tunnel_get_ttl(ip_hdr(skb), skb);
+ else
+@@ -1148,7 +1152,7 @@ static int geneve_fill_metadata_dst(stru
+ 1, USHRT_MAX, true);
+
+ rt = geneve_get_v4_rt(skb, dev, gs4, &fl4, info,
+- geneve->cfg.info.key.tp_dst, sport);
++ geneve->cfg.info.key.tp_dst, sport, NULL);
+ if (IS_ERR(rt))
+ return PTR_ERR(rt);
+
--- /dev/null
+From 8689b80b22dbf1f5e993233370fe57f08731b14d Mon Sep 17 00:00:00 2001
+From: Robin Reckmann <robin.reckmann@googlemail.com>
+Date: Sun, 7 Aug 2022 23:04:54 +0900
+Subject: i2c: qcom-geni: Fix GPI DMA buffer sync-back
+
+From: Robin Reckmann <robin.reckmann@googlemail.com>
+
+commit 8689b80b22dbf1f5e993233370fe57f08731b14d upstream.
+
+Fix i2c transfers using GPI DMA mode for all message types that do not set
+the I2C_M_DMA_SAFE flag (e.g. SMBus "read byte").
+
+In this case a bounce buffer is returned by i2c_get_dma_safe_msg_buf(),
+and it has to synced back to the message after the transfer is done.
+
+Add missing assignment of dma buffer in geni_i2c_gpi().
+
+Set xferred in i2c_put_dma_safe_msg_buf() to true in case of no error to
+ensure the sync-back of this dma buffer to the message.
+
+Fixes: d8703554f4de ("i2c: qcom-geni: Add support for GPI DMA")
+Signed-off-by: Robin Reckmann <robin.reckmann@gmail.com>
+Tested-by: Luca Weiss <luca.weiss@fairphone.com>
+Tested-by: Caleb Connolly <caleb@connolly.tech>
+Reviewed-by: Konrad Dybcio <konrad.dybcio@somainline.org>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/i2c/busses/i2c-qcom-geni.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/i2c/busses/i2c-qcom-geni.c
++++ b/drivers/i2c/busses/i2c-qcom-geni.c
+@@ -484,12 +484,12 @@ static void geni_i2c_gpi_unmap(struct ge
+ {
+ if (tx_buf) {
+ dma_unmap_single(gi2c->se.dev->parent, tx_addr, msg->len, DMA_TO_DEVICE);
+- i2c_put_dma_safe_msg_buf(tx_buf, msg, false);
++ i2c_put_dma_safe_msg_buf(tx_buf, msg, !gi2c->err);
+ }
+
+ if (rx_buf) {
+ dma_unmap_single(gi2c->se.dev->parent, rx_addr, msg->len, DMA_FROM_DEVICE);
+- i2c_put_dma_safe_msg_buf(rx_buf, msg, false);
++ i2c_put_dma_safe_msg_buf(rx_buf, msg, !gi2c->err);
+ }
+ }
+
+@@ -553,6 +553,7 @@ static int geni_i2c_gpi(struct geni_i2c_
+ desc->callback_param = gi2c;
+
+ dmaengine_submit(desc);
++ *buf = dma_buf;
+ *dma_addr_p = addr;
+
+ return 0;
--- /dev/null
+From 4ae97cae07e15d41e5c0ebabba64c6eefdeb0bbe Mon Sep 17 00:00:00 2001
+From: Yu Xiao <yu.xiao@corigine.com>
+Date: Tue, 2 Aug 2022 10:33:55 +0100
+Subject: nfp: ethtool: fix the display error of `ethtool -m DEVNAME`
+
+From: Yu Xiao <yu.xiao@corigine.com>
+
+commit 4ae97cae07e15d41e5c0ebabba64c6eefdeb0bbe upstream.
+
+The port flag isn't set to `NFP_PORT_CHANGED` when using
+`ethtool -m DEVNAME` before, so the port state (e.g. interface)
+cannot be updated. Therefore, it caused that `ethtool -m DEVNAME`
+sometimes cannot read the correct information.
+
+E.g. `ethtool -m DEVNAME` cannot work when load driver before plug
+in optical module, as the port interface is still NONE without port
+update.
+
+Now update the port state before sending info to NIC to ensure that
+port interface is correct (latest state).
+
+Fixes: 61f7c6f44870 ("nfp: implement ethtool get module EEPROM")
+Reviewed-by: Louis Peens <louis.peens@corigine.com>
+Signed-off-by: Yu Xiao <yu.xiao@corigine.com>
+Signed-off-by: Simon Horman <simon.horman@corigine.com>
+Link: https://lore.kernel.org/r/20220802093355.69065-1-simon.horman@corigine.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
++++ b/drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c
+@@ -1230,6 +1230,8 @@ nfp_port_get_module_info(struct net_devi
+ u8 data;
+
+ port = nfp_port_from_netdev(netdev);
++ /* update port state to get latest interface */
++ set_bit(NFP_PORT_CHANGED, &port->flags);
+ eth_port = nfp_port_get_eth_port(port);
+ if (!eth_port)
+ return -EOPNOTSUPP;
--- /dev/null
+From 45e1058b77feade4e36402828bfe3e0d3363177b Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Wed, 20 Jul 2022 21:28:18 +0300
+Subject: NTB: ntb_tool: uninitialized heap data in tool_fn_write()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 45e1058b77feade4e36402828bfe3e0d3363177b upstream.
+
+The call to:
+
+ ret = simple_write_to_buffer(buf, size, offp, ubuf, size);
+
+will return success if it is able to write even one byte to "buf".
+The value of "*offp" controls which byte. This could result in
+reading uninitialized data when we do the sscanf() on the next line.
+
+This code is not really desigined to handle partial writes where
+*offp is non-zero and the "buf" is preserved and re-used between writes.
+Just ban partial writes and replace the simple_write_to_buffer() with
+copy_from_user().
+
+Fixes: 578b881ba9c4 ("NTB: Add tool test client")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Jon Mason <jdmason@kudzu.us>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ntb/test/ntb_tool.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/drivers/ntb/test/ntb_tool.c
++++ b/drivers/ntb/test/ntb_tool.c
+@@ -367,14 +367,16 @@ static ssize_t tool_fn_write(struct tool
+ u64 bits;
+ int n;
+
++ if (*offp)
++ return 0;
++
+ buf = kmalloc(size + 1, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
+- ret = simple_write_to_buffer(buf, size, offp, ubuf, size);
+- if (ret < 0) {
++ if (copy_from_user(buf, ubuf, size)) {
+ kfree(buf);
+- return ret;
++ return -EFAULT;
+ }
+
+ buf[size] = 0;
--- /dev/null
+From 9317d0014499182c77a03cd095e83bcfb0f53750 Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Sat, 6 Aug 2022 10:29:55 +0200
+Subject: nvme-fc: fix the fc_appid_store return value
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 9317d0014499182c77a03cd095e83bcfb0f53750 upstream.
+
+"nvme-fc: fold t fc_update_appid into fc_appid_store" accidentally
+changed the userspace interface for the appid attribute, because the code
+that decrements "count" to remove a trailing '\n' in the parsing results
+in the decremented value being incorrectly be returned from the sysfs
+write. Fix this by keeping an orig_count variable for the full length
+of the write.
+
+Fixes: c814153c83a8 ("nvme-fc: fold t fc_update_appid into fc_appid_store")
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
+Reviewed-by: Ewan D. Milne <emilne@redhat.com>
+Reviewed-by: James Smart <jsmart2021@gmail.com>
+Tested-by: Muneendra Kumar M <muneendra.kumar@broadcom.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/nvme/host/fc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
+index 8d14df8eeab8..127abaf9ba5d 100644
+--- a/drivers/nvme/host/fc.c
++++ b/drivers/nvme/host/fc.c
+@@ -3880,6 +3880,7 @@ static int fc_parse_cgrpid(const char *buf, u64 *id)
+ static ssize_t fc_appid_store(struct device *dev,
+ struct device_attribute *attr, const char *buf, size_t count)
+ {
++ size_t orig_count = count;
+ u64 cgrp_id;
+ int appid_len = 0;
+ int cgrpid_len = 0;
+@@ -3904,7 +3905,7 @@ static ssize_t fc_appid_store(struct device *dev,
+ ret = blkcg_set_fc_appid(app_id, cgrp_id, sizeof(app_id));
+ if (ret < 0)
+ return ret;
+- return count;
++ return orig_count;
+ }
+ static DEVICE_ATTR(appid_store, 0200, NULL, fc_appid_store);
+ #endif /* CONFIG_BLK_CGROUP_FC_APPID */
+--
+2.37.2
+
--- /dev/null
+From 2e828582b81f5bc76a4fe8e7812df259ab208302 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Tue, 9 Aug 2022 11:07:00 +0300
+Subject: perf parse-events: Fix segfault when event parser gets an error
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 2e828582b81f5bc76a4fe8e7812df259ab208302 upstream.
+
+parse_events() is often called with parse_events_error set to NULL.
+Make parse_events_error__handle() not segfault in that case.
+
+A subsequent patch changes to avoid passing NULL in the first place.
+
+Fixes: 43eb05d066795bdf ("perf tests: Support 'Track with sched_switch' test for hybrid")
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Ian Rogers <irogers@google.com>
+Cc: Jin Yao <yao.jin@linux.intel.com>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Link: https://lore.kernel.org/r/20220809080702.6921-2-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/perf/util/parse-events.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+--- a/tools/perf/util/parse-events.c
++++ b/tools/perf/util/parse-events.c
+@@ -2391,9 +2391,12 @@ void parse_events_error__exit(struct par
+ void parse_events_error__handle(struct parse_events_error *err, int idx,
+ char *str, char *help)
+ {
+- if (WARN(!str, "WARNING: failed to provide error string\n")) {
+- free(help);
+- return;
++ if (WARN(!str, "WARNING: failed to provide error string\n"))
++ goto out_free;
++ if (!err) {
++ /* Assume caller does not want message printed */
++ pr_debug("event syntax error: %s\n", str);
++ goto out_free;
+ }
+ switch (err->num_errors) {
+ case 0:
+@@ -2419,6 +2422,11 @@ void parse_events_error__handle(struct p
+ break;
+ }
+ err->num_errors++;
++ return;
++
++out_free:
++ free(str);
++ free(help);
+ }
+
+ #define MAX_WIDTH 1000
--- /dev/null
+From 4bf6dcaa93bcd083a13c278a91418fe10e6d23a0 Mon Sep 17 00:00:00 2001
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Date: Sat, 6 Aug 2022 16:51:26 +0200
+Subject: perf probe: Fix an error handling path in 'parse_perf_probe_command()'
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+commit 4bf6dcaa93bcd083a13c278a91418fe10e6d23a0 upstream.
+
+If a memory allocation fail, we should branch to the error handling path
+in order to free some resources allocated a few lines above.
+
+Fixes: 15354d54698648e2 ("perf probe: Generate event name with line number")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: kernel-janitors@vger.kernel.org
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Link: https://lore.kernel.org/r/b71bcb01fa0c7b9778647235c3ab490f699ba278.1659797452.git.christophe.jaillet@wanadoo.fr
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/perf/util/probe-event.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/tools/perf/util/probe-event.c
++++ b/tools/perf/util/probe-event.c
+@@ -1775,8 +1775,10 @@ int parse_perf_probe_command(const char
+ if (!pev->event && pev->point.function && pev->point.line
+ && !pev->point.lazy_line && !pev->point.offset) {
+ if (asprintf(&pev->event, "%s_L%d", pev->point.function,
+- pev->point.line) < 0)
+- return -ENOMEM;
++ pev->point.line) < 0) {
++ ret = -ENOMEM;
++ goto out;
++ }
+ }
+
+ /* Copy arguments and ensure return probe has no C argument */
--- /dev/null
+From 1da1d60774014137d776d0400fdf2f1779d8d4d5 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Tue, 9 Aug 2022 11:07:01 +0300
+Subject: perf tests: Fix Track with sched_switch test for hybrid case
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit 1da1d60774014137d776d0400fdf2f1779d8d4d5 upstream.
+
+If cpu_core PMU event fails to parse, try also cpu_atom PMU event when
+parsing cycles event.
+
+Fixes: 43eb05d066795bdf ("perf tests: Support 'Track with sched_switch' test for hybrid")
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Ian Rogers <irogers@google.com>
+Cc: Jin Yao <yao.jin@linux.intel.com>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Link: https://lore.kernel.org/r/20220809080702.6921-3-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/perf/tests/switch-tracking.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+--- a/tools/perf/tests/switch-tracking.c
++++ b/tools/perf/tests/switch-tracking.c
+@@ -324,6 +324,7 @@ out_free_nodes:
+ static int test__switch_tracking(struct test_suite *test __maybe_unused, int subtest __maybe_unused)
+ {
+ const char *sched_switch = "sched:sched_switch";
++ const char *cycles = "cycles:u";
+ struct switch_tracking switch_tracking = { .tids = NULL, };
+ struct record_opts opts = {
+ .mmap_pages = UINT_MAX,
+@@ -372,12 +373,19 @@ static int test__switch_tracking(struct
+ cpu_clocks_evsel = evlist__last(evlist);
+
+ /* Second event */
+- if (perf_pmu__has_hybrid())
+- err = parse_events(evlist, "cpu_core/cycles/u", NULL);
+- else
+- err = parse_events(evlist, "cycles:u", NULL);
++ if (perf_pmu__has_hybrid()) {
++ cycles = "cpu_core/cycles/u";
++ err = parse_events(evlist, cycles, NULL);
++ if (err) {
++ cycles = "cpu_atom/cycles/u";
++ pr_debug("Trying %s\n", cycles);
++ err = parse_events(evlist, cycles, NULL);
++ }
++ } else {
++ err = parse_events(evlist, cycles, NULL);
++ }
+ if (err) {
+- pr_debug("Failed to parse event cycles:u\n");
++ pr_debug("Failed to parse event %s\n", cycles);
+ goto out_err;
+ }
+
tools-testing-cxl-fix-cxl_hdm_decode_init-calling-convention.patch
kbuild-dummy-tools-avoid-tmpdir-leak-in-dummy-gcc.patch
tools-build-switch-to-new-openssl-api-for-test-libcrypto.patch
+ntb-ntb_tool-uninitialized-heap-data-in-tool_fn_write.patch
+nfp-ethtool-fix-the-display-error-of-ethtool-m-devname.patch
+xen-xenbus-fix-return-type-in-xenbus_file_read.patch
+tsnep-fix-tsnep_tx_unmap-error-path-usage.patch
+atm-idt77252-fix-use-after-free-bugs-caused-by-tst_timer.patch
+fscache-don-t-leak-cookie-access-refs-if-invalidation-is-in-progress-or-failed.patch
+geneve-fix-tos-inheriting-for-ipv4.patch
+nvme-fc-fix-the-fc_appid_store-return-value.patch
+perf-probe-fix-an-error-handling-path-in-parse_perf_probe_command.patch
+i2c-qcom-geni-fix-gpi-dma-buffer-sync-back.patch
+perf-parse-events-fix-segfault-when-event-parser-gets-an-error.patch
+perf-tests-fix-track-with-sched_switch-test-for-hybrid-case.patch
+dpaa2-eth-trace-the-allocated-address-instead-of-page-struct.patch
--- /dev/null
+From b3bb8628bf64440065976c71e4ab09186c393597 Mon Sep 17 00:00:00 2001
+From: Gerhard Engleder <gerhard@engleder-embedded.com>
+Date: Thu, 4 Aug 2022 20:39:35 +0200
+Subject: tsnep: Fix tsnep_tx_unmap() error path usage
+
+From: Gerhard Engleder <gerhard@engleder-embedded.com>
+
+commit b3bb8628bf64440065976c71e4ab09186c393597 upstream.
+
+If tsnep_tx_map() fails, then tsnep_tx_unmap() shall start at the write
+index like tsnep_tx_map(). This is different to the normal operation.
+Thus, add an additional parameter to tsnep_tx_unmap() to enable start at
+different positions for successful TX and failed TX.
+
+Fixes: 403f69bbdbad ("tsnep: Add TSN endpoint Ethernet MAC driver")
+Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/engleder/tsnep_main.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/net/ethernet/engleder/tsnep_main.c b/drivers/net/ethernet/engleder/tsnep_main.c
+index d98199f3414b..a5f7152a1716 100644
+--- a/drivers/net/ethernet/engleder/tsnep_main.c
++++ b/drivers/net/ethernet/engleder/tsnep_main.c
+@@ -340,14 +340,14 @@ static int tsnep_tx_map(struct sk_buff *skb, struct tsnep_tx *tx, int count)
+ return 0;
+ }
+
+-static void tsnep_tx_unmap(struct tsnep_tx *tx, int count)
++static void tsnep_tx_unmap(struct tsnep_tx *tx, int index, int count)
+ {
+ struct device *dmadev = tx->adapter->dmadev;
+ struct tsnep_tx_entry *entry;
+ int i;
+
+ for (i = 0; i < count; i++) {
+- entry = &tx->entry[(tx->read + i) % TSNEP_RING_SIZE];
++ entry = &tx->entry[(index + i) % TSNEP_RING_SIZE];
+
+ if (entry->len) {
+ if (i == 0)
+@@ -395,7 +395,7 @@ static netdev_tx_t tsnep_xmit_frame_ring(struct sk_buff *skb,
+
+ retval = tsnep_tx_map(skb, tx, count);
+ if (retval != 0) {
+- tsnep_tx_unmap(tx, count);
++ tsnep_tx_unmap(tx, tx->write, count);
+ dev_kfree_skb_any(entry->skb);
+ entry->skb = NULL;
+
+@@ -464,7 +464,7 @@ static bool tsnep_tx_poll(struct tsnep_tx *tx, int napi_budget)
+ if (skb_shinfo(entry->skb)->nr_frags > 0)
+ count += skb_shinfo(entry->skb)->nr_frags;
+
+- tsnep_tx_unmap(tx, count);
++ tsnep_tx_unmap(tx, tx->read, count);
+
+ if ((skb_shinfo(entry->skb)->tx_flags & SKBTX_IN_PROGRESS) &&
+ (__le32_to_cpu(entry->desc_wb->properties) &
+--
+2.37.2
+
--- /dev/null
+From 32ad11127b95236dfc52375f3707853194a7f4b4 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Thu, 4 Aug 2022 10:11:33 +0300
+Subject: xen/xenbus: fix return type in xenbus_file_read()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit 32ad11127b95236dfc52375f3707853194a7f4b4 upstream.
+
+This code tries to store -EFAULT in an unsigned int. The
+xenbus_file_read() function returns type ssize_t so the negative value
+is returned as a positive value to the user.
+
+This change forces another change to the min() macro. Originally, the
+min() macro used "unsigned" type which checkpatch complains about. Also
+unsigned type would break if "len" were not capped at MAX_RW_COUNT. Use
+size_t for the min(). (No effect on runtime for the min_t() change).
+
+Fixes: 2fb3683e7b16 ("xen: Add xenbus device driver")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
+Link: https://lore.kernel.org/r/YutxJUaUYRG/VLVc@kili
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/xen/xenbus/xenbus_dev_frontend.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/xen/xenbus/xenbus_dev_frontend.c
++++ b/drivers/xen/xenbus/xenbus_dev_frontend.c
+@@ -128,7 +128,7 @@ static ssize_t xenbus_file_read(struct f
+ {
+ struct xenbus_file_priv *u = filp->private_data;
+ struct read_buffer *rb;
+- unsigned i;
++ ssize_t i;
+ int ret;
+
+ mutex_lock(&u->reply_mutex);
+@@ -148,7 +148,7 @@ again:
+ rb = list_entry(u->read_buffers.next, struct read_buffer, list);
+ i = 0;
+ while (i < len) {
+- unsigned sz = min((unsigned)len - i, rb->len - rb->cons);
++ size_t sz = min_t(size_t, len - i, rb->len - rb->cons);
+
+ ret = copy_to_user(ubuf + i, &rb->msg[rb->cons], sz);
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
