--- /dev/null
+From 74a14b8cbbe1a874d2be860d2252e486ef5f84af Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 28 Oct 2021 09:46:53 -0700
+Subject: ARM: dts: BCM5301X: Add interrupt properties to GPIO node
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+[ Upstream commit 40f7342f0587639e5ad625adaa15efdd3cffb18f ]
+
+The GPIO controller is also an interrupt controller provider and is
+currently missing the appropriate 'interrupt-controller' and
+'#interrupt-cells' properties to denote that.
+
+Fixes: fb026d3de33b ("ARM: BCM5301X: Add Broadcom's bus-axi to the DTS file")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/bcm5301x.dtsi | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/arm/boot/dts/bcm5301x.dtsi b/arch/arm/boot/dts/bcm5301x.dtsi
+index 01a4935598915..c3b6ba4db8e3d 100644
+--- a/arch/arm/boot/dts/bcm5301x.dtsi
++++ b/arch/arm/boot/dts/bcm5301x.dtsi
+@@ -246,6 +246,8 @@ chipcommon: chipcommon@0 {
+
+ gpio-controller;
+ #gpio-cells = <2>;
++ interrupt-controller;
++ #interrupt-cells = <2>;
+ };
+
+ pcie0: pcie@12000 {
+--
+2.33.0
+
--- /dev/null
+From 7f81eaa6c9133c56bfe1292bacbc356c0c469231 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 Oct 2021 12:37:29 -0700
+Subject: ARM: dts: BCM5301X: Fix I2C controller interrupt
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+[ Upstream commit 754c4050a00e802e122690112fc2c3a6abafa7e2 ]
+
+The I2C interrupt controller line is off by 32 because the datasheet
+describes interrupt inputs into the GIC which are for Shared Peripheral
+Interrupts and are starting at offset 32. The ARM GIC binding expects
+the SPI interrupts to be numbered from 0 relative to the SPI base.
+
+Fixes: bb097e3e0045 ("ARM: dts: BCM5301X: Add I2C support to the DT")
+Tested-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/bcm5301x.dtsi | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/boot/dts/bcm5301x.dtsi b/arch/arm/boot/dts/bcm5301x.dtsi
+index 165fd1c1461a0..01a4935598915 100644
+--- a/arch/arm/boot/dts/bcm5301x.dtsi
++++ b/arch/arm/boot/dts/bcm5301x.dtsi
+@@ -365,7 +365,7 @@ mdio: mdio@18003000 {
+ i2c0: i2c@18009000 {
+ compatible = "brcm,iproc-i2c";
+ reg = <0x18009000 0x50>;
+- interrupts = <GIC_SPI 121 IRQ_TYPE_LEVEL_HIGH>;
++ interrupts = <GIC_SPI 89 IRQ_TYPE_LEVEL_HIGH>;
+ #address-cells = <1>;
+ #size-cells = <0>;
+ clock-frequency = <100000>;
+--
+2.33.0
+
--- /dev/null
+From 81950b0bd1a1da59e59fea1875aed24ad12676ae Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 Nov 2021 15:25:08 +0100
+Subject: ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
+
+From: Takashi Iwai <tiwai@suse.de>
+
+[ Upstream commit 187bea472600dcc8d2eb714335053264dd437172 ]
+
+When CONFIG_FORTIFY_SOURCE is set, memcpy() checks the potential
+buffer overflow and panics. The code in sofcpga bootstrapping
+contains the memcpy() calls are mistakenly translated as the shorter
+size, hence it triggers a panic as if it were overflowing.
+
+This patch changes the secondary_trampoline and *_end definitions
+to arrays for avoiding the false-positive crash above.
+
+Fixes: 9c4566a117a6 ("ARM: socfpga: Enable SMP for socfpga")
+Suggested-by: Kees Cook <keescook@chromium.org>
+Buglink: https://bugzilla.suse.com/show_bug.cgi?id=1192473
+Link: https://lore.kernel.org/r/20211117193244.31162-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/mach-socfpga/core.h | 2 +-
+ arch/arm/mach-socfpga/platsmp.c | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/arch/arm/mach-socfpga/core.h b/arch/arm/mach-socfpga/core.h
+index 65e1817d8afe6..692a287a8712d 100644
+--- a/arch/arm/mach-socfpga/core.h
++++ b/arch/arm/mach-socfpga/core.h
+@@ -48,7 +48,7 @@ extern void __iomem *sdr_ctl_base_addr;
+ u32 socfpga_sdram_self_refresh(u32 sdr_base);
+ extern unsigned int socfpga_sdram_self_refresh_sz;
+
+-extern char secondary_trampoline, secondary_trampoline_end;
++extern char secondary_trampoline[], secondary_trampoline_end[];
+
+ extern unsigned long socfpga_cpu1start_addr;
+
+diff --git a/arch/arm/mach-socfpga/platsmp.c b/arch/arm/mach-socfpga/platsmp.c
+index 0ee76772b5074..a272999ce04b9 100644
+--- a/arch/arm/mach-socfpga/platsmp.c
++++ b/arch/arm/mach-socfpga/platsmp.c
+@@ -31,14 +31,14 @@
+
+ static int socfpga_boot_secondary(unsigned int cpu, struct task_struct *idle)
+ {
+- int trampoline_size = &secondary_trampoline_end - &secondary_trampoline;
++ int trampoline_size = secondary_trampoline_end - secondary_trampoline;
+
+ if (socfpga_cpu1start_addr) {
+ /* This will put CPU #1 into reset. */
+ writel(RSTMGR_MPUMODRST_CPU1,
+ rst_manager_base_addr + SOCFPGA_RSTMGR_MODMPURST);
+
+- memcpy(phys_to_virt(0), &secondary_trampoline, trampoline_size);
++ memcpy(phys_to_virt(0), secondary_trampoline, trampoline_size);
+
+ writel(__pa_symbol(secondary_startup),
+ sys_manager_base_addr + (socfpga_cpu1start_addr & 0x000000ff));
+@@ -56,12 +56,12 @@ static int socfpga_boot_secondary(unsigned int cpu, struct task_struct *idle)
+
+ static int socfpga_a10_boot_secondary(unsigned int cpu, struct task_struct *idle)
+ {
+- int trampoline_size = &secondary_trampoline_end - &secondary_trampoline;
++ int trampoline_size = secondary_trampoline_end - secondary_trampoline;
+
+ if (socfpga_cpu1start_addr) {
+ writel(RSTMGR_MPUMODRST_CPU1, rst_manager_base_addr +
+ SOCFPGA_A10_RSTMGR_MODMPURST);
+- memcpy(phys_to_virt(0), &secondary_trampoline, trampoline_size);
++ memcpy(phys_to_virt(0), secondary_trampoline, trampoline_size);
+
+ writel(__pa_symbol(secondary_startup),
+ sys_manager_base_addr + (socfpga_cpu1start_addr & 0x00000fff));
+--
+2.33.0
+
--- /dev/null
+From 9b6e942d05efbbe0f70ed4cd1354fc1118f4169a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 16 Nov 2021 08:18:12 +0100
+Subject: ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
+
+From: Takashi Iwai <tiwai@suse.de>
+
+[ Upstream commit 7e567b5ae06315ef2d70666b149962e2bb4b97af ]
+
+snd_ctl_remove() has to be called with card->controls_rwsem held (when
+called after the card instantiation). This patch add the missing
+rwsem calls around it.
+
+Fixes: 8a9782346dcc ("ASoC: topology: Add topology core")
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Link: https://lore.kernel.org/r/20211116071812.18109-1-tiwai@suse.de
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/soc-topology.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sound/soc/soc-topology.c b/sound/soc/soc-topology.c
+index 50aa45525be5a..0fbe505026997 100644
+--- a/sound/soc/soc-topology.c
++++ b/sound/soc/soc-topology.c
+@@ -2585,6 +2585,7 @@ EXPORT_SYMBOL_GPL(snd_soc_tplg_widget_remove_all);
+ /* remove dynamic controls from the component driver */
+ int snd_soc_tplg_component_remove(struct snd_soc_component *comp, u32 index)
+ {
++ struct snd_card *card = comp->card->snd_card;
+ struct snd_soc_dobj *dobj, *next_dobj;
+ int pass = SOC_TPLG_PASS_END;
+
+@@ -2592,6 +2593,7 @@ int snd_soc_tplg_component_remove(struct snd_soc_component *comp, u32 index)
+ while (pass >= SOC_TPLG_PASS_START) {
+
+ /* remove mixer controls */
++ down_write(&card->controls_rwsem);
+ list_for_each_entry_safe(dobj, next_dobj, &comp->dobj_list,
+ list) {
+
+@@ -2625,6 +2627,7 @@ int snd_soc_tplg_component_remove(struct snd_soc_component *comp, u32 index)
+ break;
+ }
+ }
++ up_write(&card->controls_rwsem);
+ pass--;
+ }
+
+--
+2.33.0
+
--- /dev/null
+From 46a282f47d6fd05502c7c2d6275875997c608ea4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 Nov 2021 14:14:16 +0300
+Subject: drm/vc4: fix error code in vc4_create_object()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 96c5f82ef0a145d3e56e5b26f2bf6dcd2ffeae1c ]
+
+The ->gem_create_object() functions are supposed to return NULL if there
+is an error. None of the callers expect error pointers so returing one
+will lead to an Oops. See drm_gem_vram_create(), for example.
+
+Fixes: c826a6e10644 ("drm/vc4: Add a BO cache.")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Maxime Ripard <maxime@cerno.tech>
+Link: https://patchwork.freedesktop.org/patch/msgid/20211118111416.GC1147@kili
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/vc4/vc4_bo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/vc4/vc4_bo.c b/drivers/gpu/drm/vc4/vc4_bo.c
+index eff0a8ece8bcf..85abba74ed981 100644
+--- a/drivers/gpu/drm/vc4/vc4_bo.c
++++ b/drivers/gpu/drm/vc4/vc4_bo.c
+@@ -292,7 +292,7 @@ struct drm_gem_object *vc4_create_object(struct drm_device *dev, size_t size)
+
+ bo = kzalloc(sizeof(*bo), GFP_KERNEL);
+ if (!bo)
+- return ERR_PTR(-ENOMEM);
++ return NULL;
+
+ mutex_lock(&vc4->bo_lock);
+ bo->label = VC4_BO_TYPE_KERNEL;
+--
+2.33.0
+
--- /dev/null
+From fb311b2d55a79d8752d7360ba4842d87402f9fec Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 Nov 2021 17:37:58 -0800
+Subject: ipv6: fix typos in __ip6_finish_output()
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 19d36c5f294879949c9d6f57cb61d39cc4c48553 ]
+
+We deal with IPv6 packets, so we need to use IP6CB(skb)->flags and
+IP6SKB_REROUTED, instead of IPCB(skb)->flags and IPSKB_REROUTED
+
+Found by code inspection, please double check that fixing this bug
+does not surface other bugs.
+
+Fixes: 09ee9dba9611 ("ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Tobias Brunner <tobias@strongswan.org>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Cc: David Ahern <dsahern@kernel.org>
+Reviewed-by: David Ahern <dsahern@kernel.org>
+Tested-by: Tobias Brunner <tobias@strongswan.org>
+Acked-by: Tobias Brunner <tobias@strongswan.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv6/ip6_output.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+index a903d0ce7e701..f906fe2acedd3 100644
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -175,7 +175,7 @@ static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *s
+ #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM)
+ /* Policy lookup after SNAT yielded a new policy */
+ if (skb_dst(skb)->xfrm) {
+- IPCB(skb)->flags |= IPSKB_REROUTED;
++ IP6CB(skb)->flags |= IP6SKB_REROUTED;
+ return dst_output(net, sk, skb);
+ }
+ #endif
+--
+2.33.0
+
--- /dev/null
+From f6673078fa103d7f26413a77259f822c6ddd4179 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 25 Nov 2021 18:59:48 +0800
+Subject: MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
+
+From: Huang Pei <huangpei@loongson.cn>
+
+[ Upstream commit 41ce097f714401e6ad8f3f5eb30d7f91b0b5e495 ]
+
+It hangup when booting Loongson 3A1000 with BOTH
+CONFIG_PAGE_SIZE_64KB and CONFIG_MIPS_VA_BITS_48, that it turn
+out to use 2-level pgtable instead of 3-level. 64KB page size
+with 2-level pgtable only cover 42 bits VA, use 3-level pgtable
+to cover all 48 bits VA(55 bits)
+
+Fixes: 1e321fa917fb ("MIPS64: Support of at least 48 bits of SEGBITS)
+Signed-off-by: Huang Pei <huangpei@loongson.cn>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
+index 85afd6b4297b2..45a5801ff467b 100644
+--- a/arch/mips/Kconfig
++++ b/arch/mips/Kconfig
+@@ -2990,7 +2990,7 @@ config HAVE_LATENCYTOP_SUPPORT
+ config PGTABLE_LEVELS
+ int
+ default 4 if PAGE_SIZE_4KB && MIPS_VA_BITS_48
+- default 3 if 64BIT && !PAGE_SIZE_64KB
++ default 3 if 64BIT && (!PAGE_SIZE_64KB || MIPS_VA_BITS_48)
+ default 2
+
+ source "init/Kconfig"
+--
+2.33.0
+
--- /dev/null
+From a06769943dd96378e9b352ff1d1d454391c40915 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 11 Nov 2021 22:09:16 -0500
+Subject: net: ieee802154: handle iftypes as u32
+
+From: Alexander Aring <aahringo@redhat.com>
+
+[ Upstream commit 451dc48c806a7ce9fbec5e7a24ccf4b2c936e834 ]
+
+This patch fixes an issue that an u32 netlink value is handled as a
+signed enum value which doesn't fit into the range of u32 netlink type.
+If it's handled as -1 value some BIT() evaluation ends in a
+shift-out-of-bounds issue. To solve the issue we set the to u32 max which
+is s32 "-1" value to keep backwards compatibility and let the followed enum
+values start counting at 0. This brings the compiler to never handle the
+enum as signed and a check if the value is above NL802154_IFTYPE_MAX should
+filter -1 out.
+
+Fixes: f3ea5e44231a ("ieee802154: add new interface command")
+Signed-off-by: Alexander Aring <aahringo@redhat.com>
+Link: https://lore.kernel.org/r/20211112030916.685793-1-aahringo@redhat.com
+Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/net/nl802154.h | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/include/net/nl802154.h b/include/net/nl802154.h
+index ddcee128f5d9a..145acb8f25095 100644
+--- a/include/net/nl802154.h
++++ b/include/net/nl802154.h
+@@ -19,6 +19,8 @@
+ *
+ */
+
++#include <linux/types.h>
++
+ #define NL802154_GENL_NAME "nl802154"
+
+ enum nl802154_commands {
+@@ -150,10 +152,9 @@ enum nl802154_attrs {
+ };
+
+ enum nl802154_iftype {
+- /* for backwards compatibility TODO */
+- NL802154_IFTYPE_UNSPEC = -1,
++ NL802154_IFTYPE_UNSPEC = (~(__u32)0),
+
+- NL802154_IFTYPE_NODE,
++ NL802154_IFTYPE_NODE = 0,
+ NL802154_IFTYPE_MONITOR,
+ NL802154_IFTYPE_COORD,
+
+--
+2.33.0
+
--- /dev/null
+From fd6198183cbd0fcb0627d9981a6d9ad4d35c6676 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 26 Nov 2021 10:41:35 +0800
+Subject: net/smc: Don't call clcsock shutdown twice when smc shutdown
+
+From: Tony Lu <tonylu@linux.alibaba.com>
+
+[ Upstream commit bacb6c1e47691cda4a95056c21b5487fb7199fcc ]
+
+When applications call shutdown() with SHUT_RDWR in userspace,
+smc_close_active() calls kernel_sock_shutdown(), and it is called
+twice in smc_shutdown().
+
+This fixes this by checking sk_state before do clcsock shutdown, and
+avoids missing the application's call of smc_shutdown().
+
+Link: https://lore.kernel.org/linux-s390/1f67548e-cbf6-0dce-82b5-10288a4583bd@linux.ibm.com/
+Fixes: 606a63c9783a ("net/smc: Ensure the active closing peer first closes clcsock")
+Signed-off-by: Tony Lu <tonylu@linux.alibaba.com>
+Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
+Acked-by: Karsten Graul <kgraul@linux.ibm.com>
+Link: https://lore.kernel.org/r/20211126024134.45693-1-tonylu@linux.alibaba.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/smc/af_smc.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
+index 8c71f0929fbb7..f2c907d52812b 100644
+--- a/net/smc/af_smc.c
++++ b/net/smc/af_smc.c
+@@ -1178,8 +1178,10 @@ static unsigned int smc_poll(struct file *file, struct socket *sock,
+ static int smc_shutdown(struct socket *sock, int how)
+ {
+ struct sock *sk = sock->sk;
++ bool do_shutdown = true;
+ struct smc_sock *smc;
+ int rc = -EINVAL;
++ int old_state;
+ int rc1 = 0;
+
+ smc = smc_sk(sk);
+@@ -1206,7 +1208,11 @@ static int smc_shutdown(struct socket *sock, int how)
+ }
+ switch (how) {
+ case SHUT_RDWR: /* shutdown in both directions */
++ old_state = sk->sk_state;
+ rc = smc_close_active(smc);
++ if (old_state == SMC_ACTIVE &&
++ sk->sk_state == SMC_PEERCLOSEWAIT1)
++ do_shutdown = false;
+ break;
+ case SHUT_WR:
+ rc = smc_close_shutdown_write(smc);
+@@ -1216,7 +1222,7 @@ static int smc_shutdown(struct socket *sock, int how)
+ /* nothing more to do because peer is not involved */
+ break;
+ }
+- if (smc->clcsock)
++ if (do_shutdown && smc->clcsock)
+ rc1 = kernel_sock_shutdown(smc->clcsock, how);
+ /* map sock_shutdown_cmd constants to sk_shutdown value range */
+ sk->sk_shutdown |= how + 1;
+--
+2.33.0
+
--- /dev/null
+From a6adc93a46aea052fe7a9aa972662009ccf69829 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 23 Nov 2021 16:25:18 +0800
+Subject: net/smc: Ensure the active closing peer first closes clcsock
+
+From: Tony Lu <tonylu@linux.alibaba.com>
+
+[ Upstream commit 606a63c9783a32a45bd2ef0eee393711d75b3284 ]
+
+The side that actively closed socket, it's clcsock doesn't enter
+TIME_WAIT state, but the passive side does it. It should show the same
+behavior as TCP sockets.
+
+Consider this, when client actively closes the socket, the clcsock in
+server enters TIME_WAIT state, which means the address is occupied and
+won't be reused before TIME_WAIT dismissing. If we restarted server, the
+service would be unavailable for a long time.
+
+To solve this issue, shutdown the clcsock in [A], perform the TCP active
+close progress first, before the passive closed side closing it. So that
+the actively closed side enters TIME_WAIT, not the passive one.
+
+Client | Server
+close() // client actively close |
+ smc_release() |
+ smc_close_active() // PEERCLOSEWAIT1 |
+ smc_close_final() // abort or closed = 1|
+ smc_cdc_get_slot_and_msg_send() |
+ [A] |
+ |smc_cdc_msg_recv_action() // ACTIVE
+ | queue_work(smc_close_wq, &conn->close_work)
+ | smc_close_passive_work() // PROCESSABORT or APPCLOSEWAIT1
+ | smc_close_passive_abort_received() // only in abort
+ |
+ |close() // server recv zero, close
+ | smc_release() // PROCESSABORT or APPCLOSEWAIT1
+ | smc_close_active()
+ | smc_close_abort() or smc_close_final() // CLOSED
+ | smc_cdc_get_slot_and_msg_send() // abort or closed = 1
+smc_cdc_msg_recv_action() | smc_clcsock_release()
+ queue_work(smc_close_wq, &conn->close_work) | sock_release(tcp) // actively close clc, enter TIME_WAIT
+ smc_close_passive_work() // PEERCLOSEWAIT1 | smc_conn_free()
+ smc_close_passive_abort_received() // CLOSED|
+ smc_conn_free() |
+ smc_clcsock_release() |
+ sock_release(tcp) // passive close clc |
+
+Link: https://www.spinics.net/lists/netdev/msg780407.html
+Fixes: b38d732477e4 ("smc: socket closing and linkgroup cleanup")
+Signed-off-by: Tony Lu <tonylu@linux.alibaba.com>
+Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/smc/smc_close.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/net/smc/smc_close.c b/net/smc/smc_close.c
+index 2427a1f3d0d12..d915907ac29ae 100644
+--- a/net/smc/smc_close.c
++++ b/net/smc/smc_close.c
+@@ -215,6 +215,12 @@ int smc_close_active(struct smc_sock *smc)
+ /* send close request */
+ rc = smc_close_final(conn);
+ sk->sk_state = SMC_PEERCLOSEWAIT1;
++
++ /* actively shutdown clcsock before peer close it,
++ * prevent peer from entering TIME_WAIT state.
++ */
++ if (smc->clcsock && smc->clcsock->sk)
++ rc = kernel_sock_shutdown(smc->clcsock, SHUT_RDWR);
+ } else {
+ /* peer event has changed the state */
+ goto again;
+--
+2.33.0
+
--- /dev/null
+From 53302ccd6dd926f8325c802218a754c28a8f620d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 4 Nov 2021 03:10:29 +0100
+Subject: netfilter: ipvs: Fix reuse connection if RS weight is 0
+
+From: yangxingwu <xingwu.yang@gmail.com>
+
+[ Upstream commit c95c07836fa4c1767ed11d8eca0769c652760e32 ]
+
+We are changing expire_nodest_conn to work even for reused connections when
+conn_reuse_mode=0, just as what was done with commit dc7b3eb900aa ("ipvs:
+Fix reuse connection if real server is dead").
+
+For controlled and persistent connections, the new connection will get the
+needed real server depending on the rules in ip_vs_check_template().
+
+Fixes: d752c3645717 ("ipvs: allow rescheduling of new connections when port reuse is detected")
+Co-developed-by: Chuanqi Liu <legend050709@qq.com>
+Signed-off-by: Chuanqi Liu <legend050709@qq.com>
+Signed-off-by: yangxingwu <xingwu.yang@gmail.com>
+Acked-by: Simon Horman <horms@verge.net.au>
+Acked-by: Julian Anastasov <ja@ssi.bg>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ Documentation/networking/ipvs-sysctl.txt | 3 +--
+ net/netfilter/ipvs/ip_vs_core.c | 8 ++++----
+ 2 files changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt
+index 056898685d408..fc531c29a2e83 100644
+--- a/Documentation/networking/ipvs-sysctl.txt
++++ b/Documentation/networking/ipvs-sysctl.txt
+@@ -30,8 +30,7 @@ conn_reuse_mode - INTEGER
+
+ 0: disable any special handling on port reuse. The new
+ connection will be delivered to the same real server that was
+- servicing the previous connection. This will effectively
+- disable expire_nodest_conn.
++ servicing the previous connection.
+
+ bit 1: enable rescheduling of new connections when it is safe.
+ That is, whenever expire_nodest_conn and for TCP sockets, when
+diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
+index a95fe5fe9f046..4b9cd1c1c9987 100644
+--- a/net/netfilter/ipvs/ip_vs_core.c
++++ b/net/netfilter/ipvs/ip_vs_core.c
+@@ -1838,7 +1838,6 @@ ip_vs_in(struct netns_ipvs *ipvs, unsigned int hooknum, struct sk_buff *skb, int
+ struct ip_vs_proto_data *pd;
+ struct ip_vs_conn *cp;
+ int ret, pkts;
+- int conn_reuse_mode;
+ struct sock *sk;
+
+ /* Already marked as IPVS request or reply? */
+@@ -1914,15 +1913,16 @@ ip_vs_in(struct netns_ipvs *ipvs, unsigned int hooknum, struct sk_buff *skb, int
+ */
+ cp = pp->conn_in_get(ipvs, af, skb, &iph);
+
+- conn_reuse_mode = sysctl_conn_reuse_mode(ipvs);
+- if (conn_reuse_mode && !iph.fragoffs && is_new_conn(skb, &iph) && cp) {
++ if (!iph.fragoffs && is_new_conn(skb, &iph) && cp) {
++ int conn_reuse_mode = sysctl_conn_reuse_mode(ipvs);
+ bool old_ct = false, resched = false;
+
+ if (unlikely(sysctl_expire_nodest_conn(ipvs)) && cp->dest &&
+ unlikely(!atomic_read(&cp->dest->weight))) {
+ resched = true;
+ old_ct = ip_vs_conn_uses_old_conntrack(cp, skb);
+- } else if (is_new_conn_expected(cp, conn_reuse_mode)) {
++ } else if (conn_reuse_mode &&
++ is_new_conn_expected(cp, conn_reuse_mode)) {
+ old_ct = ip_vs_conn_uses_old_conntrack(cp, skb);
+ if (!atomic_read(&cp->n_control)) {
+ resched = true;
+--
+2.33.0
+
--- /dev/null
+From 4c4964b2c9eed56a9a3770b10de690f32b7e3d32 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 16 Nov 2021 09:55:01 -0500
+Subject: NFSv42: Don't fail clone() unless the OP_CLONE operation failed
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+[ Upstream commit d3c45824ad65aebf765fcf51366d317a29538820 ]
+
+The failure to retrieve post-op attributes has no bearing on whether or
+not the clone operation itself was successful. We must therefore ignore
+the return value of decode_getfattr() when looking at the success or
+failure of nfs4_xdr_dec_clone().
+
+Fixes: 36022770de6c ("nfs42: add CLONE xdr functions")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/nfs42xdr.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/fs/nfs/nfs42xdr.c b/fs/nfs/nfs42xdr.c
+index 5966e1e7b1f51..09c683402f950 100644
+--- a/fs/nfs/nfs42xdr.c
++++ b/fs/nfs/nfs42xdr.c
+@@ -625,8 +625,7 @@ static int nfs4_xdr_dec_clone(struct rpc_rqst *rqstp,
+ status = decode_clone(xdr);
+ if (status)
+ goto out;
+- status = decode_getfattr(xdr, res->dst_fattr, res->server);
+-
++ decode_getfattr(xdr, res->dst_fattr, res->server);
+ out:
+ res->rpc_status = status;
+ return status;
+--
+2.33.0
+
--- /dev/null
+From 3d6b807579cf9d85c8aacbf87090a3fdbd1d4c96 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 23 Nov 2021 20:18:43 +0100
+Subject: PM: hibernate: use correct mode for swsusp_close()
+
+From: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
+
+[ Upstream commit cefcf24b4d351daf70ecd945324e200d3736821e ]
+
+Commit 39fbef4b0f77 ("PM: hibernate: Get block device exclusively in
+swsusp_check()") changed the opening mode of the block device to
+(FMODE_READ | FMODE_EXCL).
+
+In the corresponding calls to swsusp_close(), the mode is still just
+FMODE_READ which triggers the warning in blkdev_flush_mapping() on
+resume from hibernate.
+
+So, use the mode (FMODE_READ | FMODE_EXCL) also when closing the
+device.
+
+Fixes: 39fbef4b0f77 ("PM: hibernate: Get block device exclusively in swsusp_check()")
+Signed-off-by: Thomas Zeitlhofer <thomas.zeitlhofer+lkml@ze-it.at>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/power/hibernate.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
+index 02df69a8ee3c0..e68b1c20ad3d2 100644
+--- a/kernel/power/hibernate.c
++++ b/kernel/power/hibernate.c
+@@ -668,7 +668,7 @@ static int load_image_and_restore(void)
+ goto Unlock;
+
+ error = swsusp_read(&flags);
+- swsusp_close(FMODE_READ);
++ swsusp_close(FMODE_READ | FMODE_EXCL);
+ if (!error)
+ hibernation_restore(flags & SF_PLATFORM_MODE);
+
+@@ -865,7 +865,7 @@ static int software_resume(void)
+ /* The snapshot device should not be opened while we're running */
+ if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
+ error = -EBUSY;
+- swsusp_close(FMODE_READ);
++ swsusp_close(FMODE_READ | FMODE_EXCL);
+ goto Unlock;
+ }
+
+@@ -901,7 +901,7 @@ static int software_resume(void)
+ pm_pr_dbg("Hibernation image not present or could not be loaded.\n");
+ return error;
+ Close_Finish:
+- swsusp_close(FMODE_READ);
++ swsusp_close(FMODE_READ | FMODE_EXCL);
+ goto Finish;
+ }
+
+--
+2.33.0
+
--- /dev/null
+From d0dd15a0c1a7f5417fe35a708f95b670edc84d5a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 17 Nov 2021 16:19:09 +0530
+Subject: scsi: mpt3sas: Fix kernel panic during drive powercycle test
+
+From: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
+
+[ Upstream commit 0ee4ba13e09c9d9c1cb6abb59da8295d9952328b ]
+
+While looping over shost's sdev list it is possible that one
+of the drives is getting removed and its sas_target object is
+freed but its sdev object remains intact.
+
+Consequently, a kernel panic can occur while the driver is trying to access
+the sas_address field of sas_target object without also checking the
+sas_target object for NULL.
+
+Link: https://lore.kernel.org/r/20211117104909.2069-1-sreekanth.reddy@broadcom.com
+Fixes: f92363d12359 ("[SCSI] mpt3sas: add new driver supporting 12GB SAS")
+Signed-off-by: Sreekanth Reddy <sreekanth.reddy@broadcom.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/mpt3sas/mpt3sas_scsih.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+index 332ea3af69ec3..79c5a193308f4 100644
+--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
+@@ -2955,7 +2955,7 @@ _scsih_ublock_io_device(struct MPT3SAS_ADAPTER *ioc, u64 sas_address)
+
+ shost_for_each_device(sdev, ioc->shost) {
+ sas_device_priv_data = sdev->hostdata;
+- if (!sas_device_priv_data)
++ if (!sas_device_priv_data || !sas_device_priv_data->sas_target)
+ continue;
+ if (sas_device_priv_data->sas_target->sas_address
+ != sas_address)
+--
+2.33.0
+
xen-don-t-continue-xenstore-initialization-in-case-of-errors.patch
xen-detect-uninitialized-xenbus-in-xenbus_init.patch
tracing-fix-pid-filtering-when-triggers-are-attached.patch
+netfilter-ipvs-fix-reuse-connection-if-rs-weight-is-.patch
+arm-dts-bcm5301x-fix-i2c-controller-interrupt.patch
+arm-dts-bcm5301x-add-interrupt-properties-to-gpio-no.patch
+asoc-topology-add-missing-rwsem-around-snd_ctl_remov.patch
+net-ieee802154-handle-iftypes-as-u32.patch
+nfsv42-don-t-fail-clone-unless-the-op_clone-operatio.patch
+arm-socfpga-fix-crash-with-config_fortiry_source.patch
+scsi-mpt3sas-fix-kernel-panic-during-drive-powercycl.patch
+drm-vc4-fix-error-code-in-vc4_create_object.patch
+ipv6-fix-typos-in-__ip6_finish_output.patch
+net-smc-ensure-the-active-closing-peer-first-closes-.patch
+pm-hibernate-use-correct-mode-for-swsusp_close.patch
+tcp_cubic-fix-spurious-hystart-ack-train-detections-.patch
+mips-use-3-level-pgtable-for-64kb-page-size-on-mips_.patch
+net-smc-don-t-call-clcsock-shutdown-twice-when-smc-s.patch
--- /dev/null
+From 7168ef436608d2408ca6a936dbbce2715d24509c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 23 Nov 2021 12:25:35 -0800
+Subject: tcp_cubic: fix spurious Hystart ACK train detections for
+ not-cwnd-limited flows
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 4e1fddc98d2585ddd4792b5e44433dcee7ece001 ]
+
+While testing BIG TCP patch series, I was expecting that TCP_RR workloads
+with 80KB requests/answers would send one 80KB TSO packet,
+then being received as a single GRO packet.
+
+It turns out this was not happening, and the root cause was that
+cubic Hystart ACK train was triggering after a few (2 or 3) rounds of RPC.
+
+Hystart was wrongly setting CWND/SSTHRESH to 30, while my RPC
+needed a budget of ~20 segments.
+
+Ideally these TCP_RR flows should not exit slow start.
+
+Cubic Hystart should reset itself at each round, instead of assuming
+every TCP flow is a bulk one.
+
+Note that even after this patch, Hystart can still trigger, depending
+on scheduling artifacts, but at a higher CWND/SSTHRESH threshold,
+keeping optimal TSO packet sizes.
+
+Tested:
+
+ip link set dev eth0 gro_ipv6_max_size 131072 gso_ipv6_max_size 131072
+nstat -n; netperf -H ... -t TCP_RR -l 5 -- -r 80000,80000 -K cubic; nstat|egrep "Ip6InReceives|Hystart|Ip6OutRequests"
+
+Before:
+
+ 8605
+Ip6InReceives 87541 0.0
+Ip6OutRequests 129496 0.0
+TcpExtTCPHystartTrainDetect 1 0.0
+TcpExtTCPHystartTrainCwnd 30 0.0
+
+After:
+
+ 8760
+Ip6InReceives 88514 0.0
+Ip6OutRequests 87975 0.0
+
+Fixes: ae27e98a5152 ("[TCP] CUBIC v2.3")
+Co-developed-by: Neal Cardwell <ncardwell@google.com>
+Signed-off-by: Neal Cardwell <ncardwell@google.com>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Stephen Hemminger <stephen@networkplumber.org>
+Cc: Yuchung Cheng <ycheng@google.com>
+Cc: Soheil Hassas Yeganeh <soheil@google.com>
+Link: https://lore.kernel.org/r/20211123202535.1843771-1-eric.dumazet@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv4/tcp_cubic.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c
+index 8b5ba0a5cd386..93530bd332470 100644
+--- a/net/ipv4/tcp_cubic.c
++++ b/net/ipv4/tcp_cubic.c
+@@ -340,8 +340,6 @@ static void bictcp_cong_avoid(struct sock *sk, u32 ack, u32 acked)
+ return;
+
+ if (tcp_in_slow_start(tp)) {
+- if (hystart && after(ack, ca->end_seq))
+- bictcp_hystart_reset(sk);
+ acked = tcp_slow_start(tp, acked);
+ if (!acked)
+ return;
+@@ -383,6 +381,9 @@ static void hystart_update(struct sock *sk, u32 delay)
+ if (ca->found & hystart_detect)
+ return;
+
++ if (after(tp->snd_una, ca->end_seq))
++ bictcp_hystart_reset(sk);
++
+ if (hystart_detect & HYSTART_ACK_TRAIN) {
+ u32 now = bictcp_clock();
+
+--
+2.33.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
