--- /dev/null
+From 50fab7459bb641c2fcc75d70344a9b8e1385561e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 1 Apr 2021 13:15:33 +0000
+Subject: ARM: OMAP2+: Fix build warning when mmc_omap is not built
+
+From: Yongqiang Liu <liuyongqiang13@huawei.com>
+
+[ Upstream commit 040ab72ee10ea88e1883ad143b3e2b77596abc31 ]
+
+GCC reports the following warning with W=1:
+
+arch/arm/mach-omap2/board-n8x0.c:325:19: warning:
+variable 'index' set but not used [-Wunused-but-set-variable]
+325 | int bit, *openp, index;
+ | ^~~~~
+
+Fix this by moving CONFIG_MMC_OMAP to cover the rest codes
+in the n8x0_mmc_callback().
+
+Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
+Signed-off-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/mach-omap2/board-n8x0.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c
+index 20f25539d572..47abea1475d4 100644
+--- a/arch/arm/mach-omap2/board-n8x0.c
++++ b/arch/arm/mach-omap2/board-n8x0.c
+@@ -325,6 +325,7 @@ static int n8x0_mmc_get_cover_state(struct device *dev, int slot)
+
+ static void n8x0_mmc_callback(void *data, u8 card_mask)
+ {
++#ifdef CONFIG_MMC_OMAP
+ int bit, *openp, index;
+
+ if (board_is_n800()) {
+@@ -342,7 +343,6 @@ static void n8x0_mmc_callback(void *data, u8 card_mask)
+ else
+ *openp = 0;
+
+-#ifdef CONFIG_MMC_OMAP
+ omap_mmc_notify_cover_event(mmc_device, index, *openp);
+ #else
+ pr_warn("MMC: notify cover event not available\n");
+--
+2.30.2
+
--- /dev/null
+From f6f64a36868434a44856f9bee56f8ab7e5ec23d7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 1 Jun 2021 19:04:51 +0800
+Subject: ethernet: myri10ge: Fix missing error code in myri10ge_probe()
+
+From: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
+
+[ Upstream commit f336d0b93ae978f12c5e27199f828da89b91e56a ]
+
+The error code is missing in this code scenario, add the error code
+'-EINVAL' to the return value 'status'.
+
+Eliminate the follow smatch warning:
+
+drivers/net/ethernet/myricom/myri10ge/myri10ge.c:3818 myri10ge_probe()
+warn: missing error code 'status'.
+
+Reported-by: Abaci Robot <abaci@linux.alibaba.com>
+Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/myricom/myri10ge/myri10ge.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
+index a0a555052d8c..1ac2bc75edb1 100644
+--- a/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
++++ b/drivers/net/ethernet/myricom/myri10ge/myri10ge.c
+@@ -3853,6 +3853,7 @@ static int myri10ge_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
+ dev_err(&pdev->dev,
+ "invalid sram_size %dB or board span %ldB\n",
+ mgp->sram_size, mgp->board_span);
++ status = -EINVAL;
+ goto abort_with_ioremap;
+ }
+ memcpy_fromio(mgp->eeprom_strings,
+--
+2.30.2
+
--- /dev/null
+From 5b3b0614f1f4b898139e30a0c3e69f6a5402753d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 2 Jun 2021 22:06:58 +0800
+Subject: fib: Return the correct errno code
+
+From: Zheng Yongjun <zhengyongjun3@huawei.com>
+
+[ Upstream commit 59607863c54e9eb3f69afc5257dfe71c38bb751e ]
+
+When kalloc or kmemdup failed, should return ENOMEM rather than ENOBUF.
+
+Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/core/fib_rules.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
+index 9bb321df0869..76c3f602ee15 100644
+--- a/net/core/fib_rules.c
++++ b/net/core/fib_rules.c
+@@ -928,7 +928,7 @@ static void notify_rule_change(int event, struct fib_rule *rule,
+ {
+ struct net *net;
+ struct sk_buff *skb;
+- int err = -ENOBUFS;
++ int err = -ENOMEM;
+
+ net = ops->fro_net;
+ skb = nlmsg_new(fib_rule_nlmsg_size(ops, rule), GFP_KERNEL);
+--
+2.30.2
+
--- /dev/null
+From e7d387bcb97d356461929f9c08bd7202467d2613 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 18 May 2021 16:46:25 +0800
+Subject: gfs2: Fix use-after-free in gfs2_glock_shrink_scan
+
+From: Hillf Danton <hdanton@sina.com>
+
+[ Upstream commit 1ab19c5de4c537ec0d9b21020395a5b5a6c059b2 ]
+
+The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to
+remove the glock from the lru list in __gfs2_glock_put().
+
+On the shrink scan path, the same flag is cleared under lru_lock but because
+of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the
+put side can be made without deleting the glock from the lru list.
+
+Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to
+ensure correct behavior on both sides - clear GLF_LRU after list_del under
+lru_lock.
+
+Reported-by: syzbot <syzbot+34ba7ddbf3021981a228@syzkaller.appspotmail.com>
+Signed-off-by: Hillf Danton <hdanton@sina.com>
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/gfs2/glock.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c
+index 0a0dd3178483..be969f24ccf0 100644
+--- a/fs/gfs2/glock.c
++++ b/fs/gfs2/glock.c
+@@ -1456,6 +1456,7 @@ __acquires(&lru_lock)
+ while(!list_empty(list)) {
+ gl = list_entry(list->next, struct gfs2_glock, gl_lru);
+ list_del_init(&gl->gl_lru);
++ clear_bit(GLF_LRU, &gl->gl_flags);
+ if (!spin_trylock(&gl->gl_lockref.lock)) {
+ add_back_to_lru:
+ list_add(&gl->gl_lru, &lru_list);
+@@ -1501,7 +1502,6 @@ static long gfs2_scan_glock_lru(int nr)
+ if (!test_bit(GLF_LOCK, &gl->gl_flags)) {
+ list_move(&gl->gl_lru, &dispose);
+ atomic_dec(&lru_count);
+- clear_bit(GLF_LRU, &gl->gl_flags);
+ freed++;
+ continue;
+ }
+--
+2.30.2
+
--- /dev/null
+From 7f1df4edbacdef923b57abafcb17db071cff42c3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 3 May 2021 17:39:38 +0100
+Subject: HID: Add BUS_VIRTUAL to hid_connect logging
+
+From: Mark Bolhuis <mark@bolhuis.dev>
+
+[ Upstream commit 48e33befe61a7d407753c53d1a06fc8d6b5dab80 ]
+
+Add BUS_VIRTUAL to hid_connect logging since it's a valid hid bus type and it
+should not print <UNKNOWN>
+
+Signed-off-by: Mark Bolhuis <mark@bolhuis.dev>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-core.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
+index 71ee1267d2ef..381ab96c1e38 100644
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -1824,6 +1824,9 @@ int hid_connect(struct hid_device *hdev, unsigned int connect_mask)
+ case BUS_I2C:
+ bus = "I2C";
+ break;
++ case BUS_VIRTUAL:
++ bus = "VIRTUAL";
++ break;
+ default:
+ bus = "<UNKNOWN>";
+ }
+--
+2.30.2
+
--- /dev/null
+From b5dfb7e7e701c430edd5c517b81ba20f0ce995f1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 8 May 2021 11:14:48 +0800
+Subject: HID: gt683r: add missing MODULE_DEVICE_TABLE
+
+From: Bixuan Cui <cuibixuan@huawei.com>
+
+[ Upstream commit a4b494099ad657f1cb85436d333cf38870ee95bc ]
+
+This patch adds missing MODULE_DEVICE_TABLE definition which generates
+correct modalias for automatic loading of this driver when it is built
+as an external module.
+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Bixuan Cui <cuibixuan@huawei.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-gt683r.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/hid/hid-gt683r.c b/drivers/hid/hid-gt683r.c
+index a298fbd8db6b..8ca4c1baeda8 100644
+--- a/drivers/hid/hid-gt683r.c
++++ b/drivers/hid/hid-gt683r.c
+@@ -64,6 +64,7 @@ static const struct hid_device_id gt683r_led_id[] = {
+ { HID_USB_DEVICE(USB_VENDOR_ID_MSI, USB_DEVICE_ID_MSI_GT683R_LED_PANEL) },
+ { }
+ };
++MODULE_DEVICE_TABLE(hid, gt683r_led_id);
+
+ static void gt683r_brightness_set(struct led_classdev *led_cdev,
+ enum led_brightness brightness)
+--
+2.30.2
+
--- /dev/null
+From 34f78989523233719da53b94b12f19e5543e7894 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 15 Apr 2021 11:52:31 -0700
+Subject: HID: hid-sensor-hub: Return error for hid_set_field() failure
+
+From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
+
+[ Upstream commit edb032033da0dc850f6e7740fa1023c73195bc89 ]
+
+In the function sensor_hub_set_feature(), return error when hid_set_field()
+fails.
+
+Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
+Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-sensor-hub.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c
+index aa078c1dad14..6c7e12d8e7d9 100644
+--- a/drivers/hid/hid-sensor-hub.c
++++ b/drivers/hid/hid-sensor-hub.c
+@@ -223,16 +223,21 @@ int sensor_hub_set_feature(struct hid_sensor_hub_device *hsdev, u32 report_id,
+ buffer_size = buffer_size / sizeof(__s32);
+ if (buffer_size) {
+ for (i = 0; i < buffer_size; ++i) {
+- hid_set_field(report->field[field_index], i,
+- (__force __s32)cpu_to_le32(*buf32));
++ ret = hid_set_field(report->field[field_index], i,
++ (__force __s32)cpu_to_le32(*buf32));
++ if (ret)
++ goto done_proc;
++
+ ++buf32;
+ }
+ }
+ if (remaining_bytes) {
+ value = 0;
+ memcpy(&value, (u8 *)buf32, remaining_bytes);
+- hid_set_field(report->field[field_index], i,
+- (__force __s32)cpu_to_le32(value));
++ ret = hid_set_field(report->field[field_index], i,
++ (__force __s32)cpu_to_le32(value));
++ if (ret)
++ goto done_proc;
+ }
+ hid_hw_request(hsdev->hdev, report, HID_REQ_SET_REPORT);
+ hid_hw_wait(hsdev->hdev);
+--
+2.30.2
+
--- /dev/null
+From 0324024965dec3ff8c4c685dd5826f9d4fc5d087 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 25 Apr 2021 23:03:53 +0530
+Subject: HID: usbhid: fix info leak in hid_submit_ctrl
+
+From: Anirudh Rayabharam <mail@anirudhrb.com>
+
+[ Upstream commit 6be388f4a35d2ce5ef7dbf635a8964a5da7f799f ]
+
+In hid_submit_ctrl(), the way of calculating the report length doesn't
+take into account that report->size can be zero. When running the
+syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to
+calculate transfer_buffer_length as 16384. When this urb is passed to
+the usb core layer, KMSAN reports an info leak of 16384 bytes.
+
+To fix this, first modify hid_report_len() to account for the zero
+report size case by using DIV_ROUND_UP for the division. Then, call it
+from hid_submit_ctrl().
+
+Reported-by: syzbot+7c2bb71996f95a82524c@syzkaller.appspotmail.com
+Signed-off-by: Anirudh Rayabharam <mail@anirudhrb.com>
+Acked-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/usbhid/hid-core.c | 2 +-
+ include/linux/hid.h | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
+index 98916fb4191a..46b8f4c353de 100644
+--- a/drivers/hid/usbhid/hid-core.c
++++ b/drivers/hid/usbhid/hid-core.c
+@@ -373,7 +373,7 @@ static int hid_submit_ctrl(struct hid_device *hid)
+ raw_report = usbhid->ctrl[usbhid->ctrltail].raw_report;
+ dir = usbhid->ctrl[usbhid->ctrltail].dir;
+
+- len = ((report->size - 1) >> 3) + 1 + (report->id > 0);
++ len = hid_report_len(report);
+ if (dir == USB_DIR_OUT) {
+ usbhid->urbctrl->pipe = usb_sndctrlpipe(hid_to_usb_dev(hid), 0);
+ usbhid->urbctrl->transfer_buffer_length = len;
+diff --git a/include/linux/hid.h b/include/linux/hid.h
+index d07fe33a9045..5a2c55ed33fa 100644
+--- a/include/linux/hid.h
++++ b/include/linux/hid.h
+@@ -1114,8 +1114,7 @@ static inline void hid_hw_wait(struct hid_device *hdev)
+ */
+ static inline u32 hid_report_len(struct hid_report *report)
+ {
+- /* equivalent to DIV_ROUND_UP(report->size, 8) + !!(report->id > 0) */
+- return ((report->size - 1) >> 3) + 1 + (report->id > 0);
++ return DIV_ROUND_UP(report->size, 8) + (report->id > 0);
+ }
+
+ int hid_report_raw_event(struct hid_device *hid, int type, u8 *data, u32 size,
+--
+2.30.2
+
--- /dev/null
+From 63cc39ddd013aa7d5a39aec3ba58c9c762402a59 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 23 Apr 2021 00:02:13 -0400
+Subject: net: ieee802154: fix null deref in parse dev addr
+
+From: Dan Robertson <dan@dlrobertson.com>
+
+[ Upstream commit 9fdd04918a452980631ecc499317881c1d120b70 ]
+
+Fix a logic error that could result in a null deref if the user sets
+the mode incorrectly for the given addr type.
+
+Signed-off-by: Dan Robertson <dan@dlrobertson.com>
+Acked-by: Alexander Aring <aahringo@redhat.com>
+Link: https://lore.kernel.org/r/20210423040214.15438-2-dan@dlrobertson.com
+Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ieee802154/nl802154.c | 9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
+index b1c55db73764..6d4c71a52b6b 100644
+--- a/net/ieee802154/nl802154.c
++++ b/net/ieee802154/nl802154.c
+@@ -1315,19 +1315,20 @@ ieee802154_llsec_parse_dev_addr(struct nlattr *nla,
+ nl802154_dev_addr_policy, NULL))
+ return -EINVAL;
+
+- if (!attrs[NL802154_DEV_ADDR_ATTR_PAN_ID] ||
+- !attrs[NL802154_DEV_ADDR_ATTR_MODE] ||
+- !(attrs[NL802154_DEV_ADDR_ATTR_SHORT] ||
+- attrs[NL802154_DEV_ADDR_ATTR_EXTENDED]))
++ if (!attrs[NL802154_DEV_ADDR_ATTR_PAN_ID] || !attrs[NL802154_DEV_ADDR_ATTR_MODE])
+ return -EINVAL;
+
+ addr->pan_id = nla_get_le16(attrs[NL802154_DEV_ADDR_ATTR_PAN_ID]);
+ addr->mode = nla_get_u32(attrs[NL802154_DEV_ADDR_ATTR_MODE]);
+ switch (addr->mode) {
+ case NL802154_DEV_ADDR_SHORT:
++ if (!attrs[NL802154_DEV_ADDR_ATTR_SHORT])
++ return -EINVAL;
+ addr->short_addr = nla_get_le16(attrs[NL802154_DEV_ADDR_ATTR_SHORT]);
+ break;
+ case NL802154_DEV_ADDR_EXTENDED:
++ if (!attrs[NL802154_DEV_ADDR_ATTR_EXTENDED])
++ return -EINVAL;
+ addr->extended_addr = nla_get_le64(attrs[NL802154_DEV_ADDR_ATTR_EXTENDED]);
+ break;
+ default:
+--
+2.30.2
+
--- /dev/null
+From 7735465e9d803787961d0cbf9ad7d84c5c471b87 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 1 Jun 2021 18:38:41 -0700
+Subject: net: ipconfig: Don't override command-line hostnames or domains
+
+From: Josh Triplett <josh@joshtriplett.org>
+
+[ Upstream commit b508d5fb69c2211a1b860fc058aafbefc3b3c3cd ]
+
+If the user specifies a hostname or domain name as part of the ip=
+command-line option, preserve it and don't overwrite it with one
+supplied by DHCP/BOOTP.
+
+For instance, ip=::::myhostname::dhcp will use "myhostname" rather than
+ignoring and overwriting it.
+
+Fix the comment on ic_bootp_string that suggests it only copies a string
+"if not already set"; it doesn't have any such logic.
+
+Signed-off-by: Josh Triplett <josh@joshtriplett.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv4/ipconfig.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
+index f0782c91514c..41e384834d50 100644
+--- a/net/ipv4/ipconfig.c
++++ b/net/ipv4/ipconfig.c
+@@ -881,7 +881,7 @@ static void __init ic_bootp_send_if(struct ic_device *d, unsigned long jiffies_d
+
+
+ /*
+- * Copy BOOTP-supplied string if not already set.
++ * Copy BOOTP-supplied string
+ */
+ static int __init ic_bootp_string(char *dest, char *src, int len, int max)
+ {
+@@ -930,12 +930,15 @@ static void __init ic_do_bootp_ext(u8 *ext)
+ }
+ break;
+ case 12: /* Host name */
+- ic_bootp_string(utsname()->nodename, ext+1, *ext,
+- __NEW_UTS_LEN);
+- ic_host_name_set = 1;
++ if (!ic_host_name_set) {
++ ic_bootp_string(utsname()->nodename, ext+1, *ext,
++ __NEW_UTS_LEN);
++ ic_host_name_set = 1;
++ }
+ break;
+ case 15: /* Domain name (DNS) */
+- ic_bootp_string(ic_domain, ext+1, *ext, sizeof(ic_domain));
++ if (!ic_domain[0])
++ ic_bootp_string(ic_domain, ext+1, *ext, sizeof(ic_domain));
+ break;
+ case 17: /* Root path */
+ if (!root_server_path[0])
+--
+2.30.2
+
--- /dev/null
+From 75b45edd9c641ade7626facc296e89d7807f6f0f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 2 Jun 2021 22:06:40 +0800
+Subject: net: Return the correct errno code
+
+From: Zheng Yongjun <zhengyongjun3@huawei.com>
+
+[ Upstream commit 49251cd00228a3c983651f6bb2f33f6a0b8f152e ]
+
+When kalloc or kmemdup failed, should return ENOMEM rather than ENOBUF.
+
+Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/compat.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/compat.c b/net/compat.c
+index 45349658ed01..2ec822f4e409 100644
+--- a/net/compat.c
++++ b/net/compat.c
+@@ -158,7 +158,7 @@ int cmsghdr_from_user_compat_to_kern(struct msghdr *kmsg, struct sock *sk,
+ if (kcmlen > stackbuf_size)
+ kcmsg_base = kcmsg = sock_kmalloc(sk, kcmlen, GFP_KERNEL);
+ if (kcmsg == NULL)
+- return -ENOBUFS;
++ return -ENOMEM;
+
+ /* Now copy them over neatly. */
+ memset(kcmsg, 0, kcmlen);
+--
+2.30.2
+
--- /dev/null
+From 9ab57ad9227579df06993a663640ca01473ccf56 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 2 Jun 2021 22:06:30 +0800
+Subject: net/x25: Return the correct errno code
+
+From: Zheng Yongjun <zhengyongjun3@huawei.com>
+
+[ Upstream commit d7736958668c4facc15f421e622ffd718f5be80a ]
+
+When kalloc or kmemdup failed, should return ENOMEM rather than ENOBUF.
+
+Signed-off-by: Zheng Yongjun <zhengyongjun3@huawei.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/x25/af_x25.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
+index 987e5f8cafbe..fd0a6c6c77b6 100644
+--- a/net/x25/af_x25.c
++++ b/net/x25/af_x25.c
+@@ -550,7 +550,7 @@ static int x25_create(struct net *net, struct socket *sock, int protocol,
+ if (protocol)
+ goto out;
+
+- rc = -ENOBUFS;
++ rc = -ENOMEM;
+ if ((sk = x25_alloc_socket(net, kern)) == NULL)
+ goto out;
+
+--
+2.30.2
+
--- /dev/null
+From ad8635d7b9b85eb95f19280073fae1e79078a05d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 May 2021 17:23:17 +0200
+Subject: nvme-loop: check for NVME_LOOP_Q_LIVE in
+ nvme_loop_destroy_admin_queue()
+
+From: Hannes Reinecke <hare@suse.de>
+
+[ Upstream commit 4237de2f73a669e4f89ac0aa2b44fb1a1d9ec583 ]
+
+We need to check the NVME_LOOP_Q_LIVE flag in
+nvme_loop_destroy_admin_queue() to protect against duplicate
+invocations eg during concurrent reset and remove calls.
+
+Signed-off-by: Hannes Reinecke <hare@suse.de>
+Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/target/loop.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c
+index 963d8de932d1..7a0a10777cd1 100644
+--- a/drivers/nvme/target/loop.c
++++ b/drivers/nvme/target/loop.c
+@@ -287,7 +287,8 @@ static const struct blk_mq_ops nvme_loop_admin_mq_ops = {
+
+ static void nvme_loop_destroy_admin_queue(struct nvme_loop_ctrl *ctrl)
+ {
+- clear_bit(NVME_LOOP_Q_LIVE, &ctrl->queues[0].flags);
++ if (!test_and_clear_bit(NVME_LOOP_Q_LIVE, &ctrl->queues[0].flags))
++ return;
+ nvmet_sq_destroy(&ctrl->queues[0].nvme_sq);
+ blk_cleanup_queue(ctrl->ctrl.admin_q);
+ blk_mq_free_tag_set(&ctrl->admin_tag_set);
+--
+2.30.2
+
--- /dev/null
+From 7b18a6ac648365614f6c11c01290cebd8ea590d0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 May 2021 17:23:16 +0200
+Subject: nvme-loop: clear NVME_LOOP_Q_LIVE when
+ nvme_loop_configure_admin_queue() fails
+
+From: Hannes Reinecke <hare@suse.de>
+
+[ Upstream commit 1c5f8e882a05de5c011e8c3fbeceb0d1c590eb53 ]
+
+When the call to nvme_enable_ctrl() in nvme_loop_configure_admin_queue()
+fails the NVME_LOOP_Q_LIVE flag is not cleared.
+
+Signed-off-by: Hannes Reinecke <hare@suse.de>
+Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/target/loop.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c
+index 5f33c3a9469b..963d8de932d1 100644
+--- a/drivers/nvme/target/loop.c
++++ b/drivers/nvme/target/loop.c
+@@ -430,6 +430,7 @@ static int nvme_loop_configure_admin_queue(struct nvme_loop_ctrl *ctrl)
+ return 0;
+
+ out_cleanup_queue:
++ clear_bit(NVME_LOOP_Q_LIVE, &ctrl->queues[0].flags);
+ blk_cleanup_queue(ctrl->ctrl.admin_q);
+ out_free_tagset:
+ blk_mq_free_tag_set(&ctrl->admin_tag_set);
+--
+2.30.2
+
--- /dev/null
+From b9bb0046fd9c99d7450ab8f3e3eff9899a81f35b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 May 2021 17:23:15 +0200
+Subject: nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues()
+
+From: Hannes Reinecke <hare@suse.de>
+
+[ Upstream commit a6c144f3d2e230f2b3ac5ed8c51e0f0391556197 ]
+
+The queue count is increased in nvme_loop_init_io_queues(), so we
+need to reset it to 1 at the end of nvme_loop_destroy_io_queues().
+Otherwise the function is not re-entrant safe, and crash will happen
+during concurrent reset and remove calls.
+
+Signed-off-by: Hannes Reinecke <hare@suse.de>
+Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/target/loop.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/nvme/target/loop.c b/drivers/nvme/target/loop.c
+index 3388d2788fe0..5f33c3a9469b 100644
+--- a/drivers/nvme/target/loop.c
++++ b/drivers/nvme/target/loop.c
+@@ -322,6 +322,7 @@ static void nvme_loop_destroy_io_queues(struct nvme_loop_ctrl *ctrl)
+ clear_bit(NVME_LOOP_Q_LIVE, &ctrl->queues[i].flags);
+ nvmet_sq_destroy(&ctrl->queues[i].nvme_sq);
+ }
++ ctrl->ctrl.queue_count = 1;
+ }
+
+ static int nvme_loop_init_io_queues(struct nvme_loop_ctrl *ctrl)
+--
+2.30.2
+
--- /dev/null
+From 2fe1b1c1d57a4c5c2cbab75ce48cb7c2d608570e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 2 Jun 2021 18:15:04 +0800
+Subject: rtnetlink: Fix missing error code in rtnl_bridge_notify()
+
+From: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
+
+[ Upstream commit a8db57c1d285c758adc7fb43d6e2bad2554106e1 ]
+
+The error code is missing in this code scenario, add the error code
+'-EINVAL' to the return value 'err'.
+
+Eliminate the follow smatch warning:
+
+net/core/rtnetlink.c:4834 rtnl_bridge_notify() warn: missing error code
+'err'.
+
+Reported-by: Abaci Robot <abaci@linux.alibaba.com>
+Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/core/rtnetlink.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
+index 0168c700a201..fa3ed51f846b 100644
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -3648,8 +3648,10 @@ static int rtnl_bridge_notify(struct net_device *dev)
+ if (err < 0)
+ goto errout;
+
+- if (!skb->len)
++ if (!skb->len) {
++ err = -EINVAL;
+ goto errout;
++ }
+
+ rtnl_notify(skb, net, 0, RTNLGRP_LINK, NULL, GFP_ATOMIC);
+ return 0;
+--
+2.30.2
+
--- /dev/null
+From 0d0dfd51503a89287890ac3602b3a66d03a07576 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 31 May 2021 14:13:26 +0200
+Subject: scsi: target: core: Fix warning on realtime kernels
+
+From: Maurizio Lombardi <mlombard@redhat.com>
+
+[ Upstream commit 515da6f4295c2c42b8c54572cce3d2dd1167c41e ]
+
+On realtime kernels, spin_lock_irq*(spinlock_t) do not disable the
+interrupts, a call to irqs_disabled() will return false thus firing a
+warning in __transport_wait_for_tasks().
+
+Remove the warning and also replace assert_spin_locked() with
+lockdep_assert_held()
+
+Link: https://lore.kernel.org/r/20210531121326.3649-1-mlombard@redhat.com
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Maurizio Lombardi <mlombard@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/target/target_core_transport.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
+index 0d0be7d8b9d6..852680e85921 100644
+--- a/drivers/target/target_core_transport.c
++++ b/drivers/target/target_core_transport.c
+@@ -2966,9 +2966,7 @@ __transport_wait_for_tasks(struct se_cmd *cmd, bool fabric_stop,
+ __releases(&cmd->t_state_lock)
+ __acquires(&cmd->t_state_lock)
+ {
+-
+- assert_spin_locked(&cmd->t_state_lock);
+- WARN_ON_ONCE(!irqs_disabled());
++ lockdep_assert_held(&cmd->t_state_lock);
+
+ if (fabric_stop)
+ cmd->transport_state |= CMD_T_FABRIC_STOP;
+--
+2.30.2
+
--- /dev/null
+net-ieee802154-fix-null-deref-in-parse-dev-addr.patch
+hid-hid-sensor-hub-return-error-for-hid_set_field-fa.patch
+hid-add-bus_virtual-to-hid_connect-logging.patch
+hid-usbhid-fix-info-leak-in-hid_submit_ctrl.patch
+arm-omap2-fix-build-warning-when-mmc_omap-is-not-bui.patch
+hid-gt683r-add-missing-module_device_table.patch
+gfs2-fix-use-after-free-in-gfs2_glock_shrink_scan.patch
+scsi-target-core-fix-warning-on-realtime-kernels.patch
+ethernet-myri10ge-fix-missing-error-code-in-myri10ge.patch
+nvme-loop-reset-queue-count-to-1-in-nvme_loop_destro.patch
+nvme-loop-clear-nvme_loop_q_live-when-nvme_loop_conf.patch
+nvme-loop-check-for-nvme_loop_q_live-in-nvme_loop_de.patch
+net-ipconfig-don-t-override-command-line-hostnames-o.patch
+rtnetlink-fix-missing-error-code-in-rtnl_bridge_noti.patch
+net-x25-return-the-correct-errno-code.patch
+net-return-the-correct-errno-code.patch
+fib-return-the-correct-errno-code.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
