--- /dev/null
+From 00e90678b03c703b9def71623da6434afff4c50f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 1 Nov 2021 23:45:35 -0700
+Subject: bpf: Do not reject when the stack read size is different from the
+ tracked scalar size
+
+From: Martin KaFai Lau <kafai@fb.com>
+
+[ Upstream commit f30d4968e9aee737e174fc97942af46cfb49b484 ]
+
+Below is a simplified case from a report in bcc [0]:
+
+ r4 = 20
+ *(u32 *)(r10 -4) = r4
+ *(u32 *)(r10 -8) = r4 /* r4 state is tracked */
+ r4 = *(u64 *)(r10 -8) /* Read more than the tracked 32bit scalar.
+ * verifier rejects as 'corrupted spill memory'.
+ */
+
+After commit 354e8f1970f8 ("bpf: Support <8-byte scalar spill and refill"),
+the 8-byte aligned 32bit spill is also tracked by the verifier and the
+register state is stored.
+
+However, if 8 bytes are read from the stack instead of the tracked 4 byte
+scalar, then verifier currently rejects the program as "corrupted spill
+memory". This patch fixes this case by allowing it to read but marks the
+register as unknown.
+
+Also note that, if the prog is trying to corrupt/leak an earlier spilled
+pointer by spilling another <8 bytes register on top, this has already
+been rejected in the check_stack_write_fixed_off().
+
+ [0] https://github.com/iovisor/bcc/pull/3683
+
+Fixes: 354e8f1970f8 ("bpf: Support <8-byte scalar spill and refill")
+Reported-by: Hengqi Chen <hengqi.chen@gmail.com>
+Reported-by: Yonghong Song <yhs@gmail.com>
+Signed-off-by: Martin KaFai Lau <kafai@fb.com>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Tested-by: Hengqi Chen <hengqi.chen@gmail.com>
+Acked-by: Yonghong Song <yhs@fb.com>
+Link: https://lore.kernel.org/bpf/20211102064535.316018-1-kafai@fb.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/bpf/verifier.c | 18 ++++++------------
+ 1 file changed, 6 insertions(+), 12 deletions(-)
+
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
+index 0d0d7b140f05a..9e5f1ebe67d7f 100644
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -2597,9 +2597,12 @@ static int check_stack_read_fixed_off(struct bpf_verifier_env *env,
+ reg = ®_state->stack[spi].spilled_ptr;
+
+ if (is_spilled_reg(®_state->stack[spi])) {
+- if (size != BPF_REG_SIZE) {
+- u8 scalar_size = 0;
++ u8 spill_size = 1;
++
++ for (i = BPF_REG_SIZE - 1; i > 0 && stype[i - 1] == STACK_SPILL; i--)
++ spill_size++;
+
++ if (size != BPF_REG_SIZE || spill_size != BPF_REG_SIZE) {
+ if (reg->type != SCALAR_VALUE) {
+ verbose_linfo(env, env->insn_idx, "; ");
+ verbose(env, "invalid size of register fill\n");
+@@ -2610,10 +2613,7 @@ static int check_stack_read_fixed_off(struct bpf_verifier_env *env,
+ if (dst_regno < 0)
+ return 0;
+
+- for (i = BPF_REG_SIZE; i > 0 && stype[i - 1] == STACK_SPILL; i--)
+- scalar_size++;
+-
+- if (!(off % BPF_REG_SIZE) && size == scalar_size) {
++ if (!(off % BPF_REG_SIZE) && size == spill_size) {
+ /* The earlier check_reg_arg() has decided the
+ * subreg_def for this insn. Save it first.
+ */
+@@ -2637,12 +2637,6 @@ static int check_stack_read_fixed_off(struct bpf_verifier_env *env,
+ state->regs[dst_regno].live |= REG_LIVE_WRITTEN;
+ return 0;
+ }
+- for (i = 1; i < BPF_REG_SIZE; i++) {
+- if (stype[(slot - i) % BPF_REG_SIZE] != STACK_SPILL) {
+- verbose(env, "corrupted spill memory\n");
+- return -EACCES;
+- }
+- }
+
+ if (dst_regno >= 0) {
+ /* restore register state from stack */
+--
+2.39.0
+
--- /dev/null
+From e0d5f0e1d45d6338b7340c3236bf43d54a21a59c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 17 Dec 2022 23:13:05 +0100
+Subject: iio:adc:twl6030: Enable measurement of VAC
+
+From: Andreas Kemnade <andreas@kemnade.info>
+
+[ Upstream commit bffb7d9d1a3dbd09e083b88aefd093b3b10abbfb ]
+
+VAC needs to be wired up to produce proper measurements,
+without this change only near zero values are reported.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Reported-by: Julia Lawall <julia.lawall@lip6.fr>
+Fixes: 1696f36482e7 ("iio: twl6030-gpadc: TWL6030, TWL6032 GPADC driver")
+Signed-off-by: Andreas Kemnade <andreas@kemnade.info>
+Link: https://lore.kernel.org/r/20221217221305.671117-1-andreas@kemnade.info
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/iio/adc/twl6030-gpadc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/iio/adc/twl6030-gpadc.c b/drivers/iio/adc/twl6030-gpadc.c
+index 9ab23b29bee3f..024bdc1ef77e6 100644
+--- a/drivers/iio/adc/twl6030-gpadc.c
++++ b/drivers/iio/adc/twl6030-gpadc.c
+@@ -952,7 +952,7 @@ static int twl6030_gpadc_probe(struct platform_device *pdev)
+ }
+
+ ret = twl_i2c_write_u8(TWL6030_MODULE_ID0,
+- VBAT_MEAS | BB_MEAS | BB_MEAS,
++ VBAT_MEAS | BB_MEAS | VAC_MEAS,
+ TWL6030_MISC1);
+ if (ret < 0) {
+ dev_err(dev, "failed to wire up inputs\n");
+--
+2.39.0
+
--- /dev/null
+From 8a70178a39a5adc6ceda062addc7b535fa04d2e3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 26 Jan 2023 14:27:21 -0800
+Subject: migrate: hugetlb: check for hugetlb shared PMD in node migration
+
+From: Mike Kravetz <mike.kravetz@oracle.com>
+
+[ Upstream commit 73bdf65ea74857d7fb2ec3067a3cec0e261b1462 ]
+
+migrate_pages/mempolicy semantics state that CAP_SYS_NICE is required to
+move pages shared with another process to a different node. page_mapcount
+> 1 is being used to determine if a hugetlb page is shared. However, a
+hugetlb page will have a mapcount of 1 if mapped by multiple processes via
+a shared PMD. As a result, hugetlb pages shared by multiple processes and
+mapped with a shared PMD can be moved by a process without CAP_SYS_NICE.
+
+To fix, check for a shared PMD if mapcount is 1. If a shared PMD is found
+consider the page shared.
+
+Link: https://lkml.kernel.org/r/20230126222721.222195-3-mike.kravetz@oracle.com
+Fixes: e2d8cf405525 ("migrate: add hugepage migration code to migrate_pages()")
+Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
+Acked-by: Peter Xu <peterx@redhat.com>
+Acked-by: David Hildenbrand <david@redhat.com>
+Cc: James Houghton <jthoughton@google.com>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: Michal Hocko <mhocko@suse.com>
+Cc: Muchun Song <songmuchun@bytedance.com>
+Cc: Naoya Horiguchi <naoya.horiguchi@linux.dev>
+Cc: Vishal Moola (Oracle) <vishal.moola@gmail.com>
+Cc: Yang Shi <shy828301@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ mm/mempolicy.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/mm/mempolicy.c b/mm/mempolicy.c
+index 59d72b121346f..6c98585f20dfe 100644
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -622,7 +622,8 @@ static int queue_pages_hugetlb(pte_t *pte, unsigned long hmask,
+
+ /* With MPOL_MF_MOVE, we migrate only unshared hugepage. */
+ if (flags & (MPOL_MF_MOVE_ALL) ||
+- (flags & MPOL_MF_MOVE && page_mapcount(page) == 1)) {
++ (flags & MPOL_MF_MOVE && page_mapcount(page) == 1 &&
++ !hugetlb_pmd_shared(pte))) {
+ if (isolate_hugetlb(page, qp->pagelist) &&
+ (flags & MPOL_MF_STRICT))
+ /*
+--
+2.39.0
+
--- /dev/null
+From c0717587aa8f1f7c966da37fd4264af1da148a01 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 30 May 2022 19:30:15 +0800
+Subject: mm/migration: return errno when isolate_huge_page failed
+
+From: Miaohe Lin <linmiaohe@huawei.com>
+
+[ Upstream commit 7ce82f4c3f3ead13a9d9498768e3b1a79975c4d8 ]
+
+We might fail to isolate huge page due to e.g. the page is under
+migration which cleared HPageMigratable. We should return errno in this
+case rather than always return 1 which could confuse the user, i.e. the
+caller might think all of the memory is migrated while the hugetlb page is
+left behind. We make the prototype of isolate_huge_page consistent with
+isolate_lru_page as suggested by Huang Ying and rename isolate_huge_page
+to isolate_hugetlb as suggested by Muchun to improve the readability.
+
+Link: https://lkml.kernel.org/r/20220530113016.16663-4-linmiaohe@huawei.com
+Fixes: e8db67eb0ded ("mm: migrate: move_pages() supports thp migration")
+Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
+Suggested-by: Huang Ying <ying.huang@intel.com>
+Reported-by: kernel test robot <lkp@intel.com> (build error)
+Cc: Alistair Popple <apopple@nvidia.com>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Christoph Lameter <cl@linux.com>
+Cc: David Hildenbrand <david@redhat.com>
+Cc: David Howells <dhowells@redhat.com>
+Cc: Mike Kravetz <mike.kravetz@oracle.com>
+Cc: Muchun Song <songmuchun@bytedance.com>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: Peter Xu <peterx@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Stable-dep-of: 73bdf65ea748 ("migrate: hugetlb: check for hugetlb shared PMD in node migration")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/hugetlb.h | 6 +++---
+ mm/gup.c | 2 +-
+ mm/hugetlb.c | 6 +++---
+ mm/memory-failure.c | 2 +-
+ mm/memory_hotplug.c | 2 +-
+ mm/mempolicy.c | 2 +-
+ mm/migrate.c | 7 ++++---
+ 7 files changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
+index a18fc8e5a3ddb..c0ba379574a46 100644
+--- a/include/linux/hugetlb.h
++++ b/include/linux/hugetlb.h
+@@ -145,7 +145,7 @@ int hugetlb_reserve_pages(struct inode *inode, long from, long to,
+ vm_flags_t vm_flags);
+ long hugetlb_unreserve_pages(struct inode *inode, long start, long end,
+ long freed);
+-bool isolate_huge_page(struct page *page, struct list_head *list);
++int isolate_hugetlb(struct page *page, struct list_head *list);
+ void putback_active_hugepage(struct page *page);
+ void move_hugetlb_state(struct page *oldpage, struct page *newpage, int reason);
+ void free_huge_page(struct page *page);
+@@ -326,9 +326,9 @@ static inline pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr,
+ return NULL;
+ }
+
+-static inline bool isolate_huge_page(struct page *page, struct list_head *list)
++static inline int isolate_hugetlb(struct page *page, struct list_head *list)
+ {
+- return false;
++ return -EBUSY;
+ }
+
+ static inline void putback_active_hugepage(struct page *page)
+diff --git a/mm/gup.c b/mm/gup.c
+index 6d5e4fd55d320..11307a8b20d58 100644
+--- a/mm/gup.c
++++ b/mm/gup.c
+@@ -1627,7 +1627,7 @@ static long check_and_migrate_cma_pages(struct mm_struct *mm,
+ */
+ if (is_migrate_cma_page(head)) {
+ if (PageHuge(head)) {
+- if (!isolate_huge_page(head, &cma_page_list))
++ if (isolate_hugetlb(head, &cma_page_list))
+ isolation_error_count++;
+ } else {
+ if (!PageLRU(head) && drain_allow) {
+diff --git a/mm/hugetlb.c b/mm/hugetlb.c
+index 3499b3803384b..81949f6d29af5 100644
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -5655,14 +5655,14 @@ follow_huge_pgd(struct mm_struct *mm, unsigned long address, pgd_t *pgd, int fla
+ return pte_page(*(pte_t *)pgd) + ((address & ~PGDIR_MASK) >> PAGE_SHIFT);
+ }
+
+-bool isolate_huge_page(struct page *page, struct list_head *list)
++int isolate_hugetlb(struct page *page, struct list_head *list)
+ {
+- bool ret = true;
++ int ret = 0;
+
+ spin_lock(&hugetlb_lock);
+ if (!PageHeadHuge(page) || !page_huge_active(page) ||
+ !get_page_unless_zero(page)) {
+- ret = false;
++ ret = -EBUSY;
+ goto unlock;
+ }
+ clear_page_huge_active(page);
+diff --git a/mm/memory-failure.c b/mm/memory-failure.c
+index aef267c6a7246..b21dd4a793926 100644
+--- a/mm/memory-failure.c
++++ b/mm/memory-failure.c
+@@ -1763,7 +1763,7 @@ static bool isolate_page(struct page *page, struct list_head *pagelist)
+ bool lru = PageLRU(page);
+
+ if (PageHuge(page)) {
+- isolated = isolate_huge_page(page, pagelist);
++ isolated = !isolate_hugetlb(page, pagelist);
+ } else {
+ if (lru)
+ isolated = !isolate_lru_page(page);
+diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c
+index 6275b1c05f111..f0633f9a91166 100644
+--- a/mm/memory_hotplug.c
++++ b/mm/memory_hotplug.c
+@@ -1288,7 +1288,7 @@ do_migrate_range(unsigned long start_pfn, unsigned long end_pfn)
+
+ if (PageHuge(page)) {
+ pfn = page_to_pfn(head) + compound_nr(head) - 1;
+- isolate_huge_page(head, &source);
++ isolate_hugetlb(head, &source);
+ continue;
+ } else if (PageTransHuge(page))
+ pfn = page_to_pfn(head) + thp_nr_pages(page) - 1;
+diff --git a/mm/mempolicy.c b/mm/mempolicy.c
+index f9f47449e8dda..59d72b121346f 100644
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -623,7 +623,7 @@ static int queue_pages_hugetlb(pte_t *pte, unsigned long hmask,
+ /* With MPOL_MF_MOVE, we migrate only unshared hugepage. */
+ if (flags & (MPOL_MF_MOVE_ALL) ||
+ (flags & MPOL_MF_MOVE && page_mapcount(page) == 1)) {
+- if (!isolate_huge_page(page, qp->pagelist) &&
++ if (isolate_hugetlb(page, qp->pagelist) &&
+ (flags & MPOL_MF_STRICT))
+ /*
+ * Failed to isolate page but allow migrating pages
+diff --git a/mm/migrate.c b/mm/migrate.c
+index b716b8fa2c3ff..fcb7eb6a6ecae 100644
+--- a/mm/migrate.c
++++ b/mm/migrate.c
+@@ -164,7 +164,7 @@ void putback_movable_page(struct page *page)
+ *
+ * This function shall be used whenever the isolated pageset has been
+ * built from lru, balloon, hugetlbfs page. See isolate_migratepages_range()
+- * and isolate_huge_page().
++ * and isolate_hugetlb().
+ */
+ void putback_movable_pages(struct list_head *l)
+ {
+@@ -1657,8 +1657,9 @@ static int add_page_for_migration(struct mm_struct *mm, unsigned long addr,
+
+ if (PageHuge(page)) {
+ if (PageHead(page)) {
+- isolate_huge_page(page, pagelist);
+- err = 1;
++ err = isolate_hugetlb(page, pagelist);
++ if (!err)
++ err = 1;
+ }
+ } else {
+ struct page *head;
+--
+2.39.0
+
--- /dev/null
+From 83fcce262e0ddca50148226b8d320b4b4948b7e3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 16 Sep 2022 13:20:50 +0100
+Subject: nvmem: core: add error handling for dev_set_name
+
+From: Gaosheng Cui <cuigaosheng1@huawei.com>
+
+[ Upstream commit 5544e90c81261e82e02bbf7c6015a4b9c8c825ef ]
+
+The type of return value of dev_set_name is int, which may return
+wrong result, so we add error handling for it to reclaim memory
+of nvmem resource, and return early when an error occurs.
+
+Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
+Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20220916122100.170016-4-srinivas.kandagatla@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: ab3428cfd9aa ("nvmem: core: fix registration vs use race")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvmem/core.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
+index 48fbe49e3772b..9da4edbabfe75 100644
+--- a/drivers/nvmem/core.c
++++ b/drivers/nvmem/core.c
+@@ -661,18 +661,24 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+
+ switch (config->id) {
+ case NVMEM_DEVID_NONE:
+- dev_set_name(&nvmem->dev, "%s", config->name);
++ rval = dev_set_name(&nvmem->dev, "%s", config->name);
+ break;
+ case NVMEM_DEVID_AUTO:
+- dev_set_name(&nvmem->dev, "%s%d", config->name, nvmem->id);
++ rval = dev_set_name(&nvmem->dev, "%s%d", config->name, nvmem->id);
+ break;
+ default:
+- dev_set_name(&nvmem->dev, "%s%d",
++ rval = dev_set_name(&nvmem->dev, "%s%d",
+ config->name ? : "nvmem",
+ config->name ? config->id : nvmem->id);
+ break;
+ }
+
++ if (rval) {
++ ida_free(&nvmem_ida, nvmem->id);
++ kfree(nvmem);
++ return ERR_PTR(rval);
++ }
++
+ nvmem->read_only = device_property_present(config->dev, "read-only") ||
+ config->read_only || !nvmem->reg_write;
+
+--
+2.39.0
+
--- /dev/null
+From a358dc68362f6ff882b1c6b46504f47067a9952b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 20 Feb 2022 15:14:31 +0000
+Subject: nvmem: core: Fix a conflict between MTD and NVMEM on wp-gpios
+ property
+
+From: Christophe Kerello <christophe.kerello@foss.st.com>
+
+[ Upstream commit f6c052afe6f802d87c74153b7a57c43b2e9faf07 ]
+
+Wp-gpios property can be used on NVMEM nodes and the same property can
+be also used on MTD NAND nodes. In case of the wp-gpios property is
+defined at NAND level node, the GPIO management is done at NAND driver
+level. Write protect is disabled when the driver is probed or resumed
+and is enabled when the driver is released or suspended.
+
+When no partitions are defined in the NAND DT node, then the NAND DT node
+will be passed to NVMEM framework. If wp-gpios property is defined in
+this node, the GPIO resource is taken twice and the NAND controller
+driver fails to probe.
+
+It would be possible to set config->wp_gpio at MTD level before calling
+nvmem_register function but NVMEM framework will toggle this GPIO on
+each write when this GPIO should only be controlled at NAND level driver
+to ensure that the Write Protect has not been enabled.
+
+A way to fix this conflict is to add a new boolean flag in nvmem_config
+named ignore_wp. In case ignore_wp is set, the GPIO resource will
+be managed by the provider.
+
+Fixes: 2a127da461a9 ("nvmem: add support for the write-protect pin")
+Cc: stable@vger.kernel.org
+Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
+Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20220220151432.16605-2-srinivas.kandagatla@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: ab3428cfd9aa ("nvmem: core: fix registration vs use race")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvmem/core.c | 2 +-
+ include/linux/nvmem-provider.h | 4 +++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
+index 7b281ae540ad8..48fbe49e3772b 100644
+--- a/drivers/nvmem/core.c
++++ b/drivers/nvmem/core.c
+@@ -629,7 +629,7 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+
+ if (config->wp_gpio)
+ nvmem->wp_gpio = config->wp_gpio;
+- else
++ else if (!config->ignore_wp)
+ nvmem->wp_gpio = gpiod_get_optional(config->dev, "wp",
+ GPIOD_OUT_HIGH);
+ if (IS_ERR(nvmem->wp_gpio)) {
+diff --git a/include/linux/nvmem-provider.h b/include/linux/nvmem-provider.h
+index 06409a6c40bcb..39ec67689898b 100644
+--- a/include/linux/nvmem-provider.h
++++ b/include/linux/nvmem-provider.h
+@@ -49,7 +49,8 @@ enum nvmem_type {
+ * @word_size: Minimum read/write access granularity.
+ * @stride: Minimum read/write access stride.
+ * @priv: User context passed to read/write callbacks.
+- * @wp-gpio: Write protect pin
++ * @wp-gpio: Write protect pin
++ * @ignore_wp: Write Protect pin is managed by the provider.
+ *
+ * Note: A default "nvmem<id>" name will be assigned to the device if
+ * no name is specified in its configuration. In such case "<id>" is
+@@ -69,6 +70,7 @@ struct nvmem_config {
+ enum nvmem_type type;
+ bool read_only;
+ bool root_only;
++ bool ignore_wp;
+ bool no_of_node;
+ nvmem_reg_read_t reg_read;
+ nvmem_reg_write_t reg_write;
+--
+2.39.0
+
--- /dev/null
+From 98c0c20a6114ac98bb3f5ea476a64d9d81f89e31 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 27 Jan 2023 10:40:10 +0000
+Subject: nvmem: core: fix cleanup after dev_set_name()
+
+From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+
+[ Upstream commit 560181d3ace61825f4ca9dd3481d6c0ee6709fa8 ]
+
+If dev_set_name() fails, we leak nvmem->wp_gpio as the cleanup does not
+put this. While a minimal fix for this would be to add the gpiod_put()
+call, we can do better if we split device_register(), and use the
+tested nvmem_release() cleanup code by initialising the device early,
+and putting the device.
+
+This results in a slightly larger fix, but results in clear code.
+
+Note: this patch depends on "nvmem: core: initialise nvmem->id early"
+and "nvmem: core: remove nvmem_config wp_gpio".
+
+Fixes: 5544e90c8126 ("nvmem: core: add error handling for dev_set_name")
+Cc: stable@vger.kernel.org
+Reported-by: kernel test robot <lkp@intel.com>
+Reported-by: Dan Carpenter <error27@gmail.com>
+Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+[Srini: Fixed subject line and error code handing with wp_gpio while applying.]
+Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20230127104015.23839-6-srinivas.kandagatla@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: ab3428cfd9aa ("nvmem: core: fix registration vs use race")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvmem/core.c | 22 ++++++++++------------
+ 1 file changed, 10 insertions(+), 12 deletions(-)
+
+diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
+index 38c05fce7d740..de356cdde4ce8 100644
+--- a/drivers/nvmem/core.c
++++ b/drivers/nvmem/core.c
+@@ -627,14 +627,18 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+
+ nvmem->id = rval;
+
++ nvmem->dev.type = &nvmem_provider_type;
++ nvmem->dev.bus = &nvmem_bus_type;
++ nvmem->dev.parent = config->dev;
++
++ device_initialize(&nvmem->dev);
++
+ if (!config->ignore_wp)
+ nvmem->wp_gpio = gpiod_get_optional(config->dev, "wp",
+ GPIOD_OUT_HIGH);
+ if (IS_ERR(nvmem->wp_gpio)) {
+- ida_free(&nvmem_ida, nvmem->id);
+ rval = PTR_ERR(nvmem->wp_gpio);
+- kfree(nvmem);
+- return ERR_PTR(rval);
++ goto err_put_device;
+ }
+
+ kref_init(&nvmem->refcnt);
+@@ -646,9 +650,6 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+ nvmem->stride = config->stride ?: 1;
+ nvmem->word_size = config->word_size ?: 1;
+ nvmem->size = config->size;
+- nvmem->dev.type = &nvmem_provider_type;
+- nvmem->dev.bus = &nvmem_bus_type;
+- nvmem->dev.parent = config->dev;
+ nvmem->root_only = config->root_only;
+ nvmem->priv = config->priv;
+ nvmem->type = config->type;
+@@ -671,11 +672,8 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+ break;
+ }
+
+- if (rval) {
+- ida_free(&nvmem_ida, nvmem->id);
+- kfree(nvmem);
+- return ERR_PTR(rval);
+- }
++ if (rval)
++ goto err_put_device;
+
+ nvmem->read_only = device_property_present(config->dev, "read-only") ||
+ config->read_only || !nvmem->reg_write;
+@@ -686,7 +684,7 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+
+ dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", config->name);
+
+- rval = device_register(&nvmem->dev);
++ rval = device_add(&nvmem->dev);
+ if (rval)
+ goto err_put_device;
+
+--
+2.39.0
+
--- /dev/null
+From 72508842af2dca6b7676241dd7e86f9d515c4e51 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 27 Jan 2023 10:40:11 +0000
+Subject: nvmem: core: fix registration vs use race
+
+From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+
+[ Upstream commit ab3428cfd9aa2f3463ee4b2909b5bb2193bd0c4a ]
+
+The i.MX6 CPU frequency driver sometimes fails to register at boot time
+due to nvmem_cell_read_u32() sporadically returning -ENOENT.
+
+This happens because there is a window where __nvmem_device_get() in
+of_nvmem_cell_get() is able to return the nvmem device, but as cells
+have been setup, nvmem_find_cell_entry_by_node() returns NULL.
+
+The occurs because the nvmem core registration code violates one of the
+fundamental principles of kernel programming: do not publish data
+structures before their setup is complete.
+
+Fix this by making nvmem core code conform with this principle.
+
+Fixes: eace75cfdcf7 ("nvmem: Add a simple NVMEM framework for nvmem providers")
+Cc: stable@vger.kernel.org
+Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20230127104015.23839-7-srinivas.kandagatla@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvmem/core.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
+index de356cdde4ce8..cdbd943d2c348 100644
+--- a/drivers/nvmem/core.c
++++ b/drivers/nvmem/core.c
+@@ -691,7 +691,7 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+ if (config->compat) {
+ rval = nvmem_sysfs_setup_compat(nvmem, config);
+ if (rval)
+- goto err_device_del;
++ goto err_put_device;
+ }
+
+ if (config->cells) {
+@@ -708,6 +708,12 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+ if (rval)
+ goto err_remove_cells;
+
++ dev_dbg(&nvmem->dev, "Registering nvmem device %s\n", config->name);
++
++ rval = device_add(&nvmem->dev);
++ if (rval)
++ goto err_remove_cells;
++
+ blocking_notifier_call_chain(&nvmem_notifier, NVMEM_ADD, nvmem);
+
+ return nvmem;
+@@ -716,8 +722,6 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+ nvmem_device_remove_all_cells(nvmem);
+ if (config->compat)
+ nvmem_sysfs_remove_compat(nvmem, config);
+-err_device_del:
+- device_del(&nvmem->dev);
+ err_put_device:
+ put_device(&nvmem->dev);
+
+--
+2.39.0
+
--- /dev/null
+From ba996d94abfdc5e826440e6cc695427a7ee5eb02 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 27 Jan 2023 10:40:09 +0000
+Subject: nvmem: core: remove nvmem_config wp_gpio
+
+From: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+
+[ Upstream commit 569653f022a29a1a44ea9de5308b657228303fa5 ]
+
+No one provides wp_gpio, so let's remove it to avoid issues with
+the nvmem core putting this gpio.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
+Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20230127104015.23839-5-srinivas.kandagatla@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: ab3428cfd9aa ("nvmem: core: fix registration vs use race")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvmem/core.c | 4 +---
+ include/linux/nvmem-provider.h | 2 --
+ 2 files changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/drivers/nvmem/core.c b/drivers/nvmem/core.c
+index 9da4edbabfe75..38c05fce7d740 100644
+--- a/drivers/nvmem/core.c
++++ b/drivers/nvmem/core.c
+@@ -627,9 +627,7 @@ struct nvmem_device *nvmem_register(const struct nvmem_config *config)
+
+ nvmem->id = rval;
+
+- if (config->wp_gpio)
+- nvmem->wp_gpio = config->wp_gpio;
+- else if (!config->ignore_wp)
++ if (!config->ignore_wp)
+ nvmem->wp_gpio = gpiod_get_optional(config->dev, "wp",
+ GPIOD_OUT_HIGH);
+ if (IS_ERR(nvmem->wp_gpio)) {
+diff --git a/include/linux/nvmem-provider.h b/include/linux/nvmem-provider.h
+index 39ec67689898b..5e07f3cfad301 100644
+--- a/include/linux/nvmem-provider.h
++++ b/include/linux/nvmem-provider.h
+@@ -49,7 +49,6 @@ enum nvmem_type {
+ * @word_size: Minimum read/write access granularity.
+ * @stride: Minimum read/write access stride.
+ * @priv: User context passed to read/write callbacks.
+- * @wp-gpio: Write protect pin
+ * @ignore_wp: Write Protect pin is managed by the provider.
+ *
+ * Note: A default "nvmem<id>" name will be assigned to the device if
+@@ -64,7 +63,6 @@ struct nvmem_config {
+ const char *name;
+ int id;
+ struct module *owner;
+- struct gpio_desc *wp_gpio;
+ const struct nvmem_cell_info *cells;
+ int ncells;
+ enum nvmem_type type;
+--
+2.39.0
+
fbdev-smscufx-fix-error-handling-code-in-ufx_usb_probe.patch
f2fs-fix-to-do-sanity-check-on-i_extra_isize-in-is_alive.patch
wifi-brcmfmac-check-the-count-value-of-channel-spec-to-prevent-out-of-bounds-reads.patch
+nvmem-core-fix-a-conflict-between-mtd-and-nvmem-on-w.patch
+nvmem-core-add-error-handling-for-dev_set_name.patch
+nvmem-core-remove-nvmem_config-wp_gpio.patch
+nvmem-core-fix-cleanup-after-dev_set_name.patch
+nvmem-core-fix-registration-vs-use-race.patch
+bpf-do-not-reject-when-the-stack-read-size-is-differ.patch
+iio-adc-twl6030-enable-measurement-of-vac.patch
+mm-migration-return-errno-when-isolate_huge_page-fai.patch
+migrate-hugetlb-check-for-hugetlb-shared-pmd-in-node.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
