--- /dev/null
+From 35d993ea7c72c873bb370bb08ddbf2f054bb03f7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 13 Jan 2025 13:52:24 +0100
+Subject: APEI: GHES: Have GHES honor the panic= setting
+
+From: Borislav Petkov <bp@alien8.de>
+
+[ Upstream commit 5c0e00a391dd0099fe95991bb2f962848d851916 ]
+
+The GHES driver overrides the panic= setting by force-rebooting the
+system after a fatal hw error has been reported. The intent being that
+such an error would be reported earlier.
+
+However, this is not optimal when a hard-to-debug issue requires long
+time to reproduce and when that happens, the box will get rebooted after
+30 seconds and thus destroy the whole hw context of when the error
+happened.
+
+So rip out the default GHES panic timeout and honor the global one.
+
+In the panic disabled (panic=0) case, the error will still be logged to
+dmesg for later inspection and if panic after a hw error is really
+required, then that can be controlled the usual way - use panic= on the
+cmdline or set it in the kernel .config's CONFIG_PANIC_TIMEOUT.
+
+Reported-by: Feng Tang <feng.tang@linux.alibaba.com>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Reviewed-by: Feng Tang <feng.tang@linux.alibaba.com>
+Reviewed-by: Ira Weiny <ira.weiny@intel.com>
+Link: https://patch.msgid.link/20250113125224.GFZ4UMiNtWIJvgpveU@fat_crate.local
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/acpi/apei/ghes.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c
+index 160606af8b4f5..a6c8514110736 100644
+--- a/drivers/acpi/apei/ghes.c
++++ b/drivers/acpi/apei/ghes.c
+@@ -155,8 +155,6 @@ static unsigned long ghes_estatus_pool_size_request;
+ static struct ghes_estatus_cache *ghes_estatus_caches[GHES_ESTATUS_CACHES_SIZE];
+ static atomic_t ghes_estatus_cache_alloced;
+
+-static int ghes_panic_timeout __read_mostly = 30;
+-
+ static void __iomem *ghes_map(u64 pfn, enum fixed_addresses fixmap_idx)
+ {
+ phys_addr_t paddr;
+@@ -858,14 +856,16 @@ static void __ghes_panic(struct ghes *ghes,
+ struct acpi_hest_generic_status *estatus,
+ u64 buf_paddr, enum fixed_addresses fixmap_idx)
+ {
++ const char *msg = GHES_PFX "Fatal hardware error";
++
+ __ghes_print_estatus(KERN_EMERG, ghes->generic, estatus);
+
+ ghes_clear_estatus(ghes, estatus, buf_paddr, fixmap_idx);
+
+- /* reboot to log the error! */
+ if (!panic_timeout)
+- panic_timeout = ghes_panic_timeout;
+- panic("Fatal hardware error!");
++ pr_emerg("%s but panic disabled\n", msg);
++
++ panic(msg);
+ }
+
+ static int ghes_proc(struct ghes *ghes)
+--
+2.39.5
+
--- /dev/null
+From 11d23dc70cc1c5af9490c7b01a146906b63fa746 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 3 Oct 2024 11:43:03 -0400
+Subject: btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error
+ handling
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+[ Upstream commit 6a4730b325aaa48f7a5d5ba97aff0a955e2d9cec ]
+
+This BUG_ON is meant to catch backref cache problems, but these can
+arise from either bugs in the backref cache or corruption in the extent
+tree. Fix it to be a proper error.
+
+Reviewed-by: Boris Burkov <boris@bur.io>
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/relocation.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c
+index 98e3b3749ec12..5b921e6ed94e2 100644
+--- a/fs/btrfs/relocation.c
++++ b/fs/btrfs/relocation.c
+@@ -3976,8 +3976,18 @@ int btrfs_reloc_cow_block(struct btrfs_trans_handle *trans,
+ WARN_ON(!first_cow && level == 0);
+
+ node = rc->backref_cache.path[level];
+- BUG_ON(node->bytenr != buf->start &&
+- node->new_bytenr != buf->start);
++
++ /*
++ * If node->bytenr != buf->start and node->new_bytenr !=
++ * buf->start then we've got the wrong backref node for what we
++ * expected to see here and the cache is incorrect.
++ */
++ if (unlikely(node->bytenr != buf->start && node->new_bytenr != buf->start)) {
++ btrfs_err(fs_info,
++"bytenr %llu was found but our backref cache was expecting %llu or %llu",
++ buf->start, node->bytenr, node->new_bytenr);
++ return -EUCLEAN;
++ }
+
+ btrfs_backref_drop_node_buffer(node);
+ atomic_inc(&cow->refs);
+--
+2.39.5
+
--- /dev/null
+From 93a05dcc1d5be32a92dbe74e012ed77ea011e3c5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 20 Jan 2025 17:26:10 +0000
+Subject: btrfs: fix use-after-free when attempting to join an aborted
+ transaction
+
+From: Filipe Manana <fdmanana@suse.com>
+
+[ Upstream commit e2f0943cf37305dbdeaf9846e3c941451bcdef63 ]
+
+When we are trying to join the current transaction and if it's aborted,
+we read its 'aborted' field after unlocking fs_info->trans_lock and
+without holding any extra reference count on it. This means that a
+concurrent task that is aborting the transaction may free the transaction
+before we read its 'aborted' field, leading to a use-after-free.
+
+Fix this by reading the 'aborted' field while holding fs_info->trans_lock
+since any freeing task must first acquire that lock and set
+fs_info->running_transaction to NULL before freeing the transaction.
+
+This was reported by syzbot and Dmitry with the following stack traces
+from KASAN:
+
+ ==================================================================
+ BUG: KASAN: slab-use-after-free in join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278
+ Read of size 4 at addr ffff888011839024 by task kworker/u4:9/1128
+
+ CPU: 0 UID: 0 PID: 1128 Comm: kworker/u4:9 Not tainted 6.13.0-rc7-syzkaller-00019-gc45323b7560e #0
+ Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
+ Workqueue: events_unbound btrfs_async_reclaim_data_space
+ Call Trace:
+ <TASK>
+ __dump_stack lib/dump_stack.c:94 [inline]
+ dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
+ print_address_description mm/kasan/report.c:378 [inline]
+ print_report+0x169/0x550 mm/kasan/report.c:489
+ kasan_report+0x143/0x180 mm/kasan/report.c:602
+ join_transaction+0xd9b/0xda0 fs/btrfs/transaction.c:278
+ start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697
+ flush_space+0x448/0xcf0 fs/btrfs/space-info.c:803
+ btrfs_async_reclaim_data_space+0x159/0x510 fs/btrfs/space-info.c:1321
+ process_one_work kernel/workqueue.c:3236 [inline]
+ process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3317
+ worker_thread+0x870/0xd30 kernel/workqueue.c:3398
+ kthread+0x2f0/0x390 kernel/kthread.c:389
+ ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
+ </TASK>
+
+ Allocated by task 5315:
+ kasan_save_stack mm/kasan/common.c:47 [inline]
+ kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
+ poison_kmalloc_redzone mm/kasan/common.c:377 [inline]
+ __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394
+ kasan_kmalloc include/linux/kasan.h:260 [inline]
+ __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4329
+ kmalloc_noprof include/linux/slab.h:901 [inline]
+ join_transaction+0x144/0xda0 fs/btrfs/transaction.c:308
+ start_transaction+0xaf8/0x1670 fs/btrfs/transaction.c:697
+ btrfs_create_common+0x1b2/0x2e0 fs/btrfs/inode.c:6572
+ lookup_open fs/namei.c:3649 [inline]
+ open_last_lookups fs/namei.c:3748 [inline]
+ path_openat+0x1c03/0x3590 fs/namei.c:3984
+ do_filp_open+0x27f/0x4e0 fs/namei.c:4014
+ do_sys_openat2+0x13e/0x1d0 fs/open.c:1402
+ do_sys_open fs/open.c:1417 [inline]
+ __do_sys_creat fs/open.c:1495 [inline]
+ __se_sys_creat fs/open.c:1489 [inline]
+ __x64_sys_creat+0x123/0x170 fs/open.c:1489
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+ Freed by task 5336:
+ kasan_save_stack mm/kasan/common.c:47 [inline]
+ kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
+ kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582
+ poison_slab_object mm/kasan/common.c:247 [inline]
+ __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
+ kasan_slab_free include/linux/kasan.h:233 [inline]
+ slab_free_hook mm/slub.c:2353 [inline]
+ slab_free mm/slub.c:4613 [inline]
+ kfree+0x196/0x430 mm/slub.c:4761
+ cleanup_transaction fs/btrfs/transaction.c:2063 [inline]
+ btrfs_commit_transaction+0x2c97/0x3720 fs/btrfs/transaction.c:2598
+ insert_balance_item+0x1284/0x20b0 fs/btrfs/volumes.c:3757
+ btrfs_balance+0x992/0x10c0 fs/btrfs/volumes.c:4633
+ btrfs_ioctl_balance+0x493/0x7c0 fs/btrfs/ioctl.c:3670
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:906 [inline]
+ __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+ The buggy address belongs to the object at ffff888011839000
+ which belongs to the cache kmalloc-2k of size 2048
+ The buggy address is located 36 bytes inside of
+ freed 2048-byte region [ffff888011839000, ffff888011839800)
+
+ The buggy address belongs to the physical page:
+ page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11838
+ head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
+ flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
+ page_type: f5(slab)
+ raw: 00fff00000000040 ffff88801ac42000 ffffea0000493400 dead000000000002
+ raw: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
+ head: 00fff00000000040 ffff88801ac42000 ffffea0000493400 dead000000000002
+ head: 0000000000000000 0000000000080008 00000001f5000000 0000000000000000
+ head: 00fff00000000003 ffffea0000460e01 ffffffffffffffff 0000000000000000
+ head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
+ page dumped because: kasan: bad access detected
+ page_owner tracks the page as allocated
+ page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 57, tgid 57 (kworker/0:2), ts 67248182943, free_ts 67229742023
+ set_page_owner include/linux/page_owner.h:32 [inline]
+ post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1558
+ prep_new_page mm/page_alloc.c:1566 [inline]
+ get_page_from_freelist+0x365c/0x37a0 mm/page_alloc.c:3476
+ __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4753
+ alloc_pages_mpol_noprof+0x3e1/0x780 mm/mempolicy.c:2269
+ alloc_slab_page+0x6a/0x110 mm/slub.c:2423
+ allocate_slab+0x5a/0x2b0 mm/slub.c:2589
+ new_slab mm/slub.c:2642 [inline]
+ ___slab_alloc+0xc27/0x14a0 mm/slub.c:3830
+ __slab_alloc+0x58/0xa0 mm/slub.c:3920
+ __slab_alloc_node mm/slub.c:3995 [inline]
+ slab_alloc_node mm/slub.c:4156 [inline]
+ __do_kmalloc_node mm/slub.c:4297 [inline]
+ __kmalloc_node_track_caller_noprof+0x2e9/0x4c0 mm/slub.c:4317
+ kmalloc_reserve+0x111/0x2a0 net/core/skbuff.c:609
+ __alloc_skb+0x1f3/0x440 net/core/skbuff.c:678
+ alloc_skb include/linux/skbuff.h:1323 [inline]
+ alloc_skb_with_frags+0xc3/0x820 net/core/skbuff.c:6612
+ sock_alloc_send_pskb+0x91a/0xa60 net/core/sock.c:2884
+ sock_alloc_send_skb include/net/sock.h:1803 [inline]
+ mld_newpack+0x1c3/0xaf0 net/ipv6/mcast.c:1747
+ add_grhead net/ipv6/mcast.c:1850 [inline]
+ add_grec+0x1492/0x19a0 net/ipv6/mcast.c:1988
+ mld_send_cr net/ipv6/mcast.c:2114 [inline]
+ mld_ifc_work+0x691/0xd90 net/ipv6/mcast.c:2651
+ page last free pid 5300 tgid 5300 stack trace:
+ reset_page_owner include/linux/page_owner.h:25 [inline]
+ free_pages_prepare mm/page_alloc.c:1127 [inline]
+ free_unref_page+0xd3f/0x1010 mm/page_alloc.c:2659
+ __slab_free+0x2c2/0x380 mm/slub.c:4524
+ qlink_free mm/kasan/quarantine.c:163 [inline]
+ qlist_free_all+0x9a/0x140 mm/kasan/quarantine.c:179
+ kasan_quarantine_reduce+0x14f/0x170 mm/kasan/quarantine.c:286
+ __kasan_slab_alloc+0x23/0x80 mm/kasan/common.c:329
+ kasan_slab_alloc include/linux/kasan.h:250 [inline]
+ slab_post_alloc_hook mm/slub.c:4119 [inline]
+ slab_alloc_node mm/slub.c:4168 [inline]
+ __do_kmalloc_node mm/slub.c:4297 [inline]
+ __kmalloc_noprof+0x236/0x4c0 mm/slub.c:4310
+ kmalloc_noprof include/linux/slab.h:905 [inline]
+ kzalloc_noprof include/linux/slab.h:1037 [inline]
+ fib_create_info+0xc14/0x25b0 net/ipv4/fib_semantics.c:1435
+ fib_table_insert+0x1f6/0x1f20 net/ipv4/fib_trie.c:1231
+ fib_magic+0x3d8/0x620 net/ipv4/fib_frontend.c:1112
+ fib_add_ifaddr+0x40c/0x5e0 net/ipv4/fib_frontend.c:1156
+ fib_netdev_event+0x375/0x490 net/ipv4/fib_frontend.c:1494
+ notifier_call_chain+0x1a5/0x3f0 kernel/notifier.c:85
+ __dev_notify_flags+0x207/0x400
+ dev_change_flags+0xf0/0x1a0 net/core/dev.c:9045
+ do_setlink+0xc90/0x4210 net/core/rtnetlink.c:3109
+ rtnl_changelink net/core/rtnetlink.c:3723 [inline]
+ __rtnl_newlink net/core/rtnetlink.c:3875 [inline]
+ rtnl_newlink+0x1bb6/0x2210 net/core/rtnetlink.c:4012
+
+ Memory state around the buggy address:
+ ffff888011838f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+ ffff888011838f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+ >ffff888011839000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ^
+ ffff888011839080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ffff888011839100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ==================================================================
+
+Reported-by: syzbot+45212e9d87a98c3f5b42@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/linux-btrfs/678e7da5.050a0220.303755.007c.GAE@google.com/
+Reported-by: Dmitry Vyukov <dvyukov@google.com>
+Link: https://lore.kernel.org/linux-btrfs/CACT4Y+ZFBdo7pT8L2AzM=vegZwjp-wNkVJZQf0Ta3vZqtExaSw@mail.gmail.com/
+Fixes: 871383be592b ("btrfs: add missing unlocks to transaction abort paths")
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/transaction.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c
+index d1f010022f689..21a5a963c70e3 100644
+--- a/fs/btrfs/transaction.c
++++ b/fs/btrfs/transaction.c
+@@ -285,8 +285,10 @@ static noinline int join_transaction(struct btrfs_fs_info *fs_info,
+ cur_trans = fs_info->running_transaction;
+ if (cur_trans) {
+ if (TRANS_ABORTED(cur_trans)) {
++ const int abort_error = cur_trans->aborted;
++
+ spin_unlock(&fs_info->trans_lock);
+- return cur_trans->aborted;
++ return abort_error;
+ }
+ if (btrfs_blocked_trans_types[cur_trans->state] & type) {
+ spin_unlock(&fs_info->trans_lock);
+--
+2.39.5
+
--- /dev/null
+From 466d7979928dfbd1570e99177ade7f95c4147f49 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 6 Dec 2024 11:43:12 +0200
+Subject: drm/sti: hdmi: use eld_mutex to protect access to connector->eld
+
+From: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+
+[ Upstream commit e99c0b517bcd53cf61f998a3c4291333401cb391 ]
+
+Reading access to connector->eld can happen at the same time the
+drm_edid_to_eld() updates the data. Take the newly added eld_mutex in
+order to protect connector->eld from concurrent access.
+
+Reviewed-by: Maxime Ripard <mripard@kernel.org>
+Acked-by: Raphael Gallais-Pou <rgallaispou@gmail.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20241206-drm-connector-eld-mutex-v2-9-c9bce1ee8bea@linaro.org
+Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/sti/sti_hdmi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/gpu/drm/sti/sti_hdmi.c b/drivers/gpu/drm/sti/sti_hdmi.c
+index 1bcee73f51144..f5dd2aca097a7 100644
+--- a/drivers/gpu/drm/sti/sti_hdmi.c
++++ b/drivers/gpu/drm/sti/sti_hdmi.c
+@@ -1213,7 +1213,9 @@ static int hdmi_audio_get_eld(struct device *dev, void *data, uint8_t *buf, size
+ struct drm_connector *connector = hdmi->drm_connector;
+
+ DRM_DEBUG_DRIVER("\n");
++ mutex_lock(&connector->eld_mutex);
+ memcpy(buf, connector->eld, min(sizeof(connector->eld), len));
++ mutex_unlock(&connector->eld_mutex);
+
+ return 0;
+ }
+--
+2.39.5
+
--- /dev/null
+From aca70c7cae2bfea207a7489c76c722126616713b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 26 Dec 2024 09:35:27 +0800
+Subject: HID: Wacom: Add PCI Wacom device support
+
+From: Even Xu <even.xu@intel.com>
+
+[ Upstream commit c4c123504a65583e3689b3de04a61dc5272e453a ]
+
+Add PCI device ID of wacom device into driver support list.
+
+Signed-off-by: Even Xu <even.xu@intel.com>
+Tested-by: Tatsunosuke Tobita <tatsunosuke.tobita@wacom.com>
+Reviewed-by: Ping Cheng <ping.cheng@wacom.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/wacom_wac.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c
+index fd1491b7ccbd4..0ad3924324ae2 100644
+--- a/drivers/hid/wacom_wac.c
++++ b/drivers/hid/wacom_wac.c
+@@ -4851,6 +4851,10 @@ static const struct wacom_features wacom_features_0x94 =
+ HID_DEVICE(BUS_I2C, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
+ .driver_data = (kernel_ulong_t)&wacom_features_##prod
+
++#define PCI_DEVICE_WACOM(prod) \
++ HID_DEVICE(BUS_PCI, HID_GROUP_WACOM, USB_VENDOR_ID_WACOM, prod),\
++ .driver_data = (kernel_ulong_t)&wacom_features_##prod
++
+ #define USB_DEVICE_LENOVO(prod) \
+ HID_USB_DEVICE(USB_VENDOR_ID_LENOVO, prod), \
+ .driver_data = (kernel_ulong_t)&wacom_features_##prod
+@@ -5020,6 +5024,7 @@ const struct hid_device_id wacom_ids[] = {
+
+ { USB_DEVICE_WACOM(HID_ANY_ID) },
+ { I2C_DEVICE_WACOM(HID_ANY_ID) },
++ { PCI_DEVICE_WACOM(HID_ANY_ID) },
+ { BT_DEVICE_WACOM(HID_ANY_ID) },
+ { }
+ };
+--
+2.39.5
+
--- /dev/null
+From 7f1be0cb673db412ca3875c89373e5cf20013531 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 13 Jan 2025 14:52:37 -0500
+Subject: i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz
+
+From: Randolph Ha <rha051117@gmail.com>
+
+[ Upstream commit bfd74cd1fbc026f04446e67d6915c7e199c2bffd ]
+
+When a 400KHz freq is used on this model of ELAN touchpad in Linux,
+excessive smoothing (similar to when the touchpad's firmware detects
+a noisy signal) is sometimes applied. As some devices' (e.g, Lenovo
+V15 G4) ACPI tables specify a 400KHz frequency for this device and
+some I2C busses (e.g, Designware I2C) default to a 400KHz freq,
+force the speed to 100KHz as a workaround.
+
+For future investigation: This problem may be related to the default
+HCNT/LCNT values given by some busses' drivers, because they are not
+specified in the aforementioned devices' ACPI tables, and because
+the device works without issues on Windows at what is expected to be
+a 400KHz frequency. The root cause of the issue is not known.
+
+Signed-off-by: Randolph Ha <rha051117@gmail.com>
+Reviewed-by: Mika Westerberg <mika.westerberg@linux.intel.com>
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/i2c-core-acpi.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c
+index 4b136d8710743..e7aed9442d56d 100644
+--- a/drivers/i2c/i2c-core-acpi.c
++++ b/drivers/i2c/i2c-core-acpi.c
+@@ -299,6 +299,25 @@ static const struct acpi_device_id i2c_acpi_force_400khz_device_ids[] = {
+ {}
+ };
+
++static const struct acpi_device_id i2c_acpi_force_100khz_device_ids[] = {
++ /*
++ * When a 400KHz freq is used on this model of ELAN touchpad in Linux,
++ * excessive smoothing (similar to when the touchpad's firmware detects
++ * a noisy signal) is sometimes applied. As some devices' (e.g, Lenovo
++ * V15 G4) ACPI tables specify a 400KHz frequency for this device and
++ * some I2C busses (e.g, Designware I2C) default to a 400KHz freq,
++ * force the speed to 100KHz as a workaround.
++ *
++ * For future investigation: This problem may be related to the default
++ * HCNT/LCNT values given by some busses' drivers, because they are not
++ * specified in the aforementioned devices' ACPI tables, and because
++ * the device works without issues on Windows at what is expected to be
++ * a 400KHz frequency. The root cause of the issue is not known.
++ */
++ { "ELAN06FA", 0 },
++ {}
++};
++
+ static acpi_status i2c_acpi_lookup_speed(acpi_handle handle, u32 level,
+ void *data, void **return_value)
+ {
+@@ -320,6 +339,9 @@ static acpi_status i2c_acpi_lookup_speed(acpi_handle handle, u32 level,
+ if (acpi_match_device_ids(adev, i2c_acpi_force_400khz_device_ids) == 0)
+ lookup->force_speed = I2C_MAX_FAST_MODE_FREQ;
+
++ if (acpi_match_device_ids(adev, i2c_acpi_force_100khz_device_ids) == 0)
++ lookup->force_speed = I2C_MAX_STANDARD_MODE_FREQ;
++
+ return AE_OK;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From 65d16612a2bdae072a7c3c3bb4cab87750e62bd0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 14 Nov 2024 18:39:29 +0100
+Subject: Input: allocate keycode for phone linking
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Illia Ostapyshyn <illia@yshyn.com>
+
+[ Upstream commit 1bebc7869c99d466f819dd2cffaef0edf7d7a035 ]
+
+The F11 key on the new Lenovo Thinkpad T14 Gen 5, T16 Gen 3, and P14s
+Gen 5 laptops includes a symbol showing a smartphone and a laptop
+chained together. According to the user manual, it starts the Microsoft
+Phone Link software used to connect to Android/iOS devices and relay
+messages/calls or sync data.
+
+As there are no suitable keycodes for this action, introduce a new one.
+
+Signed-off-by: Illia Ostapyshyn <illia@yshyn.com>
+Acked-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Link: https://lore.kernel.org/r/20241114173930.44983-2-illia@yshyn.com
+Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/uapi/linux/input-event-codes.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/uapi/linux/input-event-codes.h b/include/uapi/linux/input-event-codes.h
+index bed20a89c14c1..6128146bb133b 100644
+--- a/include/uapi/linux/input-event-codes.h
++++ b/include/uapi/linux/input-event-codes.h
+@@ -519,6 +519,7 @@
+ #define KEY_NOTIFICATION_CENTER 0x1bc /* Show/hide the notification center */
+ #define KEY_PICKUP_PHONE 0x1bd /* Answer incoming call */
+ #define KEY_HANGUP_PHONE 0x1be /* Decline incoming call */
++#define KEY_LINK_PHONE 0x1bf /* AL Phone Syncing */
+
+ #define KEY_DEL_EOL 0x1c0
+ #define KEY_DEL_EOS 0x1c1
+--
+2.39.5
+
--- /dev/null
+From be1a506fe00dacca127594abab5ab9fa8d8d958b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 12 Jan 2025 10:34:44 +0100
+Subject: KVM: e500: always restore irqs
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+[ Upstream commit 87ecfdbc699cc95fac73291b52650283ddcf929d ]
+
+If find_linux_pte fails, IRQs will not be restored. This is unlikely
+to happen in practice since it would have been reported as hanging
+hosts, but it should of course be fixed anyway.
+
+Cc: stable@vger.kernel.org
+Reported-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/kvm/e500_mmu_host.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
+index b717c13b8090f..eea40dde9901b 100644
+--- a/arch/powerpc/kvm/e500_mmu_host.c
++++ b/arch/powerpc/kvm/e500_mmu_host.c
+@@ -479,7 +479,6 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+ if (pte_present(pte)) {
+ wimg = (pte_val(pte) >> PTE_WIMGE_SHIFT) &
+ MAS2_WIMGE_MASK;
+- local_irq_restore(flags);
+ } else {
+ local_irq_restore(flags);
+ pr_err_ratelimited("%s: pte not present: gfn %lx,pfn %lx\n",
+@@ -488,8 +487,9 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+ goto out;
+ }
+ }
+- writable = kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
++ local_irq_restore(flags);
+
++ writable = kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
+ kvmppc_e500_setup_stlbe(&vcpu_e500->vcpu, gtlbe, tsize,
+ ref, gvaddr, stlbe);
+
+--
+2.39.5
+
--- /dev/null
+From 679d98d15780bff60008f94e27de136d360942aa Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 10 Oct 2024 11:23:54 -0700
+Subject: KVM: PPC: e500: Mark "struct page" dirty in kvmppc_e500_shadow_map()
+
+From: Sean Christopherson <seanjc@google.com>
+
+[ Upstream commit c9be85dabb376299504e0d391d15662c0edf8273 ]
+
+Mark the underlying page as dirty in kvmppc_e500_ref_setup()'s sole
+caller, kvmppc_e500_shadow_map(), which will allow converting e500 to
+__kvm_faultin_pfn() + kvm_release_faultin_page() without having to do
+a weird dance between ref_setup() and shadow_map().
+
+Opportunistically drop the redundant kvm_set_pfn_accessed(), as
+shadow_map() puts the page via kvm_release_pfn_clean().
+
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-ID: <20241010182427.1434605-53-seanjc@google.com>
+Stable-dep-of: 87ecfdbc699c ("KVM: e500: always restore irqs")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/kvm/e500_mmu_host.c | 13 ++++++-------
+ 1 file changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
+index ed0c9c43d0cf1..b439a93ad4868 100644
+--- a/arch/powerpc/kvm/e500_mmu_host.c
++++ b/arch/powerpc/kvm/e500_mmu_host.c
+@@ -242,7 +242,7 @@ static inline int tlbe_is_writable(struct kvm_book3e_206_tlb_entry *tlbe)
+ return tlbe->mas7_3 & (MAS3_SW|MAS3_UW);
+ }
+
+-static inline void kvmppc_e500_ref_setup(struct tlbe_ref *ref,
++static inline bool kvmppc_e500_ref_setup(struct tlbe_ref *ref,
+ struct kvm_book3e_206_tlb_entry *gtlbe,
+ kvm_pfn_t pfn, unsigned int wimg)
+ {
+@@ -252,11 +252,7 @@ static inline void kvmppc_e500_ref_setup(struct tlbe_ref *ref,
+ /* Use guest supplied MAS2_G and MAS2_E */
+ ref->flags |= (gtlbe->mas2 & MAS2_ATTRIB_MASK) | wimg;
+
+- /* Mark the page accessed */
+- kvm_set_pfn_accessed(pfn);
+-
+- if (tlbe_is_writable(gtlbe))
+- kvm_set_pfn_dirty(pfn);
++ return tlbe_is_writable(gtlbe);
+ }
+
+ static inline void kvmppc_e500_ref_release(struct tlbe_ref *ref)
+@@ -337,6 +333,7 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+ unsigned int wimg = 0;
+ pgd_t *pgdir;
+ unsigned long flags;
++ bool writable = false;
+
+ /* used to check for invalidations in progress */
+ mmu_seq = kvm->mmu_notifier_seq;
+@@ -490,7 +487,9 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+ goto out;
+ }
+ }
+- kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
++ writable = kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
++ if (writable)
++ kvm_set_pfn_dirty(pfn);
+
+ kvmppc_e500_setup_stlbe(&vcpu_e500->vcpu, gtlbe, tsize,
+ ref, gvaddr, stlbe);
+--
+2.39.5
+
--- /dev/null
+From 5b7abd00d51786ca82fa7cccfbbb6bd41f757205 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 10 Oct 2024 11:23:55 -0700
+Subject: KVM: PPC: e500: Mark "struct page" pfn accessed before dropping
+ mmu_lock
+
+From: Sean Christopherson <seanjc@google.com>
+
+[ Upstream commit 84cf78dcd9d65c45ab73998d4ad50f433d53fb93 ]
+
+Mark pages accessed before dropping mmu_lock when faulting in guest memory
+so that shadow_map() can convert to kvm_release_faultin_page() without
+tripping its lockdep assertion on mmu_lock being held. Marking pages
+accessed outside of mmu_lock is ok (not great, but safe), but marking
+pages _dirty_ outside of mmu_lock can make filesystems unhappy.
+
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-ID: <20241010182427.1434605-54-seanjc@google.com>
+Stable-dep-of: 87ecfdbc699c ("KVM: e500: always restore irqs")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/kvm/e500_mmu_host.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
+index b439a93ad4868..ae0b6e317ef1c 100644
+--- a/arch/powerpc/kvm/e500_mmu_host.c
++++ b/arch/powerpc/kvm/e500_mmu_host.c
+@@ -498,11 +498,9 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+ kvmppc_mmu_flush_icache(pfn);
+
+ out:
+- spin_unlock(&kvm->mmu_lock);
+-
+ /* Drop refcount on page, so that mmu notifiers can clear it */
+ kvm_release_pfn_clean(pfn);
+-
++ spin_unlock(&kvm->mmu_lock);
+ return ret;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From a39361c0ba5718380cbb9382441675d82d5d85f5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 10 Oct 2024 11:23:56 -0700
+Subject: KVM: PPC: e500: Use __kvm_faultin_pfn() to handle page faults
+
+From: Sean Christopherson <seanjc@google.com>
+
+[ Upstream commit 419cfb983ca93e75e905794521afefcfa07988bb ]
+
+Convert PPC e500 to use __kvm_faultin_pfn()+kvm_release_faultin_page(),
+and continue the inexorable march towards the demise of
+kvm_pfn_to_refcounted_page().
+
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Tested-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Message-ID: <20241010182427.1434605-55-seanjc@google.com>
+Stable-dep-of: 87ecfdbc699c ("KVM: e500: always restore irqs")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/kvm/e500_mmu_host.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/arch/powerpc/kvm/e500_mmu_host.c b/arch/powerpc/kvm/e500_mmu_host.c
+index ae0b6e317ef1c..b717c13b8090f 100644
+--- a/arch/powerpc/kvm/e500_mmu_host.c
++++ b/arch/powerpc/kvm/e500_mmu_host.c
+@@ -322,6 +322,7 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+ {
+ struct kvm_memory_slot *slot;
+ unsigned long pfn = 0; /* silence GCC warning */
++ struct page *page = NULL;
+ unsigned long hva;
+ int pfnmap = 0;
+ int tsize = BOOK3E_PAGESZ_4K;
+@@ -443,7 +444,7 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+
+ if (likely(!pfnmap)) {
+ tsize_pages = 1UL << (tsize + 10 - PAGE_SHIFT);
+- pfn = gfn_to_pfn_memslot(slot, gfn);
++ pfn = __kvm_faultin_pfn(slot, gfn, FOLL_WRITE, NULL, &page);
+ if (is_error_noslot_pfn(pfn)) {
+ if (printk_ratelimit())
+ pr_err("%s: real page not found for gfn %lx\n",
+@@ -488,8 +489,6 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+ }
+ }
+ writable = kvmppc_e500_ref_setup(ref, gtlbe, pfn, wimg);
+- if (writable)
+- kvm_set_pfn_dirty(pfn);
+
+ kvmppc_e500_setup_stlbe(&vcpu_e500->vcpu, gtlbe, tsize,
+ ref, gvaddr, stlbe);
+@@ -498,8 +497,7 @@ static inline int kvmppc_e500_shadow_map(struct kvmppc_vcpu_e500 *vcpu_e500,
+ kvmppc_mmu_flush_icache(pfn);
+
+ out:
+- /* Drop refcount on page, so that mmu notifiers can clear it */
+- kvm_release_pfn_clean(pfn);
++ kvm_release_faultin_page(kvm, page, !!ret, writable);
+ spin_unlock(&kvm->mmu_lock);
+ return ret;
+ }
+--
+2.39.5
+
--- /dev/null
+From 6566fa8826d0d10fb2fc6aff85b49056053d13f6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 24 Oct 2024 18:36:26 +0000
+Subject: lockdep: Fix upper limit for LOCKDEP_*_BITS configs
+
+From: Carlos Llamas <cmllamas@google.com>
+
+[ Upstream commit e638072e61726cae363d48812815197a2a0e097f ]
+
+Lockdep has a set of configs used to determine the size of the static
+arrays that it uses. However, the upper limit that was initially setup
+for these configs is too high (30 bit shift). This equates to several
+GiB of static memory for individual symbols. Using such high values
+leads to linker errors:
+
+ $ make defconfig
+ $ ./scripts/config -e PROVE_LOCKING --set-val LOCKDEP_BITS 30
+ $ make olddefconfig all
+ [...]
+ ld: kernel image bigger than KERNEL_IMAGE_SIZE
+ ld: section .bss VMA wraps around address space
+
+Adjust the upper limits to the maximum values that avoid these issues.
+The need for anything more, likely points to a problem elsewhere. Note
+that LOCKDEP_CHAINS_BITS was intentionally left out as its upper limit
+had a different symptom and has already been fixed [1].
+
+Reported-by: J. R. Okajima <hooanon05g@gmail.com>
+Closes: https://lore.kernel.org/all/30795.1620913191@jrobl/ [1]
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Boqun Feng <boqun.feng@gmail.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Waiman Long <longman@redhat.com>
+Cc: Will Deacon <will@kernel.org>
+Acked-by: Waiman Long <longman@redhat.com>
+Signed-off-by: Carlos Llamas <cmllamas@google.com>
+Signed-off-by: Boqun Feng <boqun.feng@gmail.com>
+Link: https://lore.kernel.org/r/20241024183631.643450-2-cmllamas@google.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ lib/Kconfig.debug | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
+index 24ca61cf86ddc..c20729cd67b1e 100644
+--- a/lib/Kconfig.debug
++++ b/lib/Kconfig.debug
+@@ -1315,7 +1315,7 @@ config LOCKDEP_SMALL
+ config LOCKDEP_BITS
+ int "Bitsize for MAX_LOCKDEP_ENTRIES"
+ depends on LOCKDEP && !LOCKDEP_SMALL
+- range 10 30
++ range 10 24
+ default 15
+ help
+ Try increasing this value if you hit "BUG: MAX_LOCKDEP_ENTRIES too low!" message.
+@@ -1331,7 +1331,7 @@ config LOCKDEP_CHAINS_BITS
+ config LOCKDEP_STACK_TRACE_BITS
+ int "Bitsize for MAX_STACK_TRACE_ENTRIES"
+ depends on LOCKDEP && !LOCKDEP_SMALL
+- range 10 30
++ range 10 26
+ default 19
+ help
+ Try increasing this value if you hit "BUG: MAX_STACK_TRACE_ENTRIES too low!" message.
+@@ -1339,7 +1339,7 @@ config LOCKDEP_STACK_TRACE_BITS
+ config LOCKDEP_STACK_TRACE_HASH_BITS
+ int "Bitsize for STACK_TRACE_HASH_SIZE"
+ depends on LOCKDEP && !LOCKDEP_SMALL
+- range 10 30
++ range 10 26
+ default 14
+ help
+ Try increasing this value if you need large MAX_STACK_TRACE_ENTRIES.
+@@ -1347,7 +1347,7 @@ config LOCKDEP_STACK_TRACE_HASH_BITS
+ config LOCKDEP_CIRCULAR_QUEUE_BITS
+ int "Bitsize for elements in circular_queue struct"
+ depends on LOCKDEP
+- range 10 30
++ range 10 26
+ default 12
+ help
+ Try increasing this value if you hit "lockdep bfs error:-1" warning due to __cq_enqueue() failure.
+--
+2.39.5
+
--- /dev/null
+From 1dd5bb9bec52e48a4b41e3e97b85e35262933c58 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 14 Nov 2024 20:38:08 +0100
+Subject: mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+[ Upstream commit 1e89d21f8189d286f80b900e1b7cf57cb1f3037e ]
+
+On N4100 / N4120 Gemini Lake SoCs the ISA bridge PCI device-id is 31e8
+rather the 3197 found on e.g. the N4000 / N4020.
+
+While at fix the existing GLK PCI-id table entry breaking the table
+being sorted by device-id.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Reviewed-by: Andy Shevchenko <andy@kernel.org>
+Link: https://lore.kernel.org/r/20241114193808.110132-1-hdegoede@redhat.com
+Signed-off-by: Lee Jones <lee@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mfd/lpc_ich.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/mfd/lpc_ich.c b/drivers/mfd/lpc_ich.c
+index 2411b7a2e6f47..4c21c00124d5e 100644
+--- a/drivers/mfd/lpc_ich.c
++++ b/drivers/mfd/lpc_ich.c
+@@ -687,8 +687,9 @@ static const struct pci_device_id lpc_ich_ids[] = {
+ { PCI_VDEVICE(INTEL, 0x2917), LPC_ICH9ME},
+ { PCI_VDEVICE(INTEL, 0x2918), LPC_ICH9},
+ { PCI_VDEVICE(INTEL, 0x2919), LPC_ICH9M},
+- { PCI_VDEVICE(INTEL, 0x3197), LPC_GLK},
+ { PCI_VDEVICE(INTEL, 0x2b9c), LPC_COUGARMOUNTAIN},
++ { PCI_VDEVICE(INTEL, 0x3197), LPC_GLK},
++ { PCI_VDEVICE(INTEL, 0x31e8), LPC_GLK},
+ { PCI_VDEVICE(INTEL, 0x3a14), LPC_ICH10DO},
+ { PCI_VDEVICE(INTEL, 0x3a16), LPC_ICH10R},
+ { PCI_VDEVICE(INTEL, 0x3a18), LPC_ICH10},
+--
+2.39.5
+
--- /dev/null
+From 062517568128805c7d17ca32332a2377675d7911 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 22 Nov 2024 17:37:22 +0800
+Subject: mmc: core: Respect quirk_max_rate for non-UHS SDIO card
+
+From: Shawn Lin <shawn.lin@rock-chips.com>
+
+[ Upstream commit a2a44f8da29352f76c99c6904ee652911b8dc7dd ]
+
+The card-quirk was added to limit the clock-rate for a card with UHS-mode
+support, although let's respect the quirk for non-UHS mode too, to make the
+behaviour consistent.
+
+Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
+Message-ID: <1732268242-72799-1-git-send-email-shawn.lin@rock-chips.com>
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mmc/core/sdio.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/mmc/core/sdio.c b/drivers/mmc/core/sdio.c
+index 85c2947ed45e3..a719f23fa1e95 100644
+--- a/drivers/mmc/core/sdio.c
++++ b/drivers/mmc/core/sdio.c
+@@ -443,6 +443,8 @@ static unsigned mmc_sdio_get_max_clock(struct mmc_card *card)
+ if (card->type == MMC_TYPE_SD_COMBO)
+ max_dtr = min(max_dtr, mmc_sd_get_max_clock(card));
+
++ max_dtr = min_not_zero(max_dtr, card->quirk_max_rate);
++
+ return max_dtr;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From 2375f848eb305b52e8fb09f0debeaba5b61e2afb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Jan 2025 16:35:14 +0800
+Subject: mmc: sdhci-msm: Correctly set the load for the regulator
+
+From: Yuanjie Yang <quic_yuanjiey@quicinc.com>
+
+[ Upstream commit 20a0c37e44063997391430c4ae09973e9cbc3911 ]
+
+Qualcomm regulator supports two power supply modes: HPM and LPM.
+Currently, the sdhci-msm.c driver does not set the load to adjust
+the current for eMMC and SD. If the regulator dont't set correct
+load in LPM state, it will lead to the inability to properly
+initialize eMMC and SD.
+
+Set the correct regulator current for eMMC and SD to ensure that the
+device can work normally even when the regulator is in LPM.
+
+Signed-off-by: Yuanjie Yang <quic_yuanjiey@quicinc.com>
+Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Link: https://lore.kernel.org/r/20250114083514.258379-1-quic_yuanjiey@quicinc.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/mmc/host/sdhci-msm.c | 53 ++++++++++++++++++++++++++++++++++--
+ 1 file changed, 51 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/mmc/host/sdhci-msm.c b/drivers/mmc/host/sdhci-msm.c
+index 3366956a4ff18..c9298a986ef0a 100644
+--- a/drivers/mmc/host/sdhci-msm.c
++++ b/drivers/mmc/host/sdhci-msm.c
+@@ -131,9 +131,18 @@
+ /* Timeout value to avoid infinite waiting for pwr_irq */
+ #define MSM_PWR_IRQ_TIMEOUT_MS 5000
+
++/* Max load for eMMC Vdd supply */
++#define MMC_VMMC_MAX_LOAD_UA 570000
++
+ /* Max load for eMMC Vdd-io supply */
+ #define MMC_VQMMC_MAX_LOAD_UA 325000
+
++/* Max load for SD Vdd supply */
++#define SD_VMMC_MAX_LOAD_UA 800000
++
++/* Max load for SD Vdd-io supply */
++#define SD_VQMMC_MAX_LOAD_UA 22000
++
+ #define msm_host_readl(msm_host, host, offset) \
+ msm_host->var_ops->msm_readl_relaxed(host, offset)
+
+@@ -1383,11 +1392,48 @@ static int sdhci_msm_set_pincfg(struct sdhci_msm_host *msm_host, bool level)
+ return ret;
+ }
+
+-static int sdhci_msm_set_vmmc(struct mmc_host *mmc)
++static void msm_config_vmmc_regulator(struct mmc_host *mmc, bool hpm)
++{
++ int load;
++
++ if (!hpm)
++ load = 0;
++ else if (!mmc->card)
++ load = max(MMC_VMMC_MAX_LOAD_UA, SD_VMMC_MAX_LOAD_UA);
++ else if (mmc_card_mmc(mmc->card))
++ load = MMC_VMMC_MAX_LOAD_UA;
++ else if (mmc_card_sd(mmc->card))
++ load = SD_VMMC_MAX_LOAD_UA;
++ else
++ return;
++
++ regulator_set_load(mmc->supply.vmmc, load);
++}
++
++static void msm_config_vqmmc_regulator(struct mmc_host *mmc, bool hpm)
++{
++ int load;
++
++ if (!hpm)
++ load = 0;
++ else if (!mmc->card)
++ load = max(MMC_VQMMC_MAX_LOAD_UA, SD_VQMMC_MAX_LOAD_UA);
++ else if (mmc_card_sd(mmc->card))
++ load = SD_VQMMC_MAX_LOAD_UA;
++ else
++ return;
++
++ regulator_set_load(mmc->supply.vqmmc, load);
++}
++
++static int sdhci_msm_set_vmmc(struct sdhci_msm_host *msm_host,
++ struct mmc_host *mmc, bool hpm)
+ {
+ if (IS_ERR(mmc->supply.vmmc))
+ return 0;
+
++ msm_config_vmmc_regulator(mmc, hpm);
++
+ return mmc_regulator_set_ocr(mmc, mmc->supply.vmmc, mmc->ios.vdd);
+ }
+
+@@ -1400,6 +1446,8 @@ static int msm_toggle_vqmmc(struct sdhci_msm_host *msm_host,
+ if (msm_host->vqmmc_enabled == level)
+ return 0;
+
++ msm_config_vqmmc_regulator(mmc, level);
++
+ if (level) {
+ /* Set the IO voltage regulator to default voltage level */
+ if (msm_host->caps_0 & CORE_3_0V_SUPPORT)
+@@ -1622,7 +1670,8 @@ static void sdhci_msm_handle_pwr_irq(struct sdhci_host *host, int irq)
+ }
+
+ if (pwr_state) {
+- ret = sdhci_msm_set_vmmc(mmc);
++ ret = sdhci_msm_set_vmmc(msm_host, mmc,
++ pwr_state & REQ_BUS_ON);
+ if (!ret)
+ ret = sdhci_msm_set_vqmmc(msm_host, mmc,
+ pwr_state & REQ_BUS_ON);
+--
+2.39.5
+
--- /dev/null
+From d183f20fff3120c1a162d6bb1ec44f1256f70386 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 7 Jan 2025 02:48:12 -0800
+Subject: net/mlx5: use do_aux_work for PHC overflow checks
+
+From: Vadim Fedorenko <vadfed@meta.com>
+
+[ Upstream commit e61e6c415ba9ff2b32bb6780ce1b17d1d76238f1 ]
+
+The overflow_work is using system wq to do overflow checks and updates
+for PHC device timecounter, which might be overhelmed by other tasks.
+But there is dedicated kthread in PTP subsystem designed for such
+things. This patch changes the work queue to proper align with PTP
+subsystem and to avoid overloading system work queue.
+The adjfine() function acts the same way as overflow check worker,
+we can postpone ptp aux worker till the next overflow period after
+adjfine() was called.
+
+Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
+Signed-off-by: Vadim Fedorenko <vadfed@meta.com>
+Acked-by: Tariq Toukan <tariqt@nvidia.com>
+Link: https://patch.msgid.link/20250107104812.380225-1-vadfed@meta.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../ethernet/mellanox/mlx5/core/lib/clock.c | 24 ++++++++++---------
+ include/linux/mlx5/driver.h | 1 -
+ 2 files changed, 13 insertions(+), 12 deletions(-)
+
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
+index 80dee8c692495..3d0029fb5b579 100644
+--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
++++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/clock.c
+@@ -150,17 +150,16 @@ static void mlx5_pps_out(struct work_struct *work)
+ }
+ }
+
+-static void mlx5_timestamp_overflow(struct work_struct *work)
++static long mlx5_timestamp_overflow(struct ptp_clock_info *ptp_info)
+ {
+- struct delayed_work *dwork = to_delayed_work(work);
+ struct mlx5_core_dev *mdev;
+ struct mlx5_timer *timer;
+ struct mlx5_clock *clock;
+ unsigned long flags;
+
+- timer = container_of(dwork, struct mlx5_timer, overflow_work);
+- clock = container_of(timer, struct mlx5_clock, timer);
++ clock = container_of(ptp_info, struct mlx5_clock, ptp_info);
+ mdev = container_of(clock, struct mlx5_core_dev, clock);
++ timer = &clock->timer;
+
+ if (mdev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR)
+ goto out;
+@@ -171,7 +170,7 @@ static void mlx5_timestamp_overflow(struct work_struct *work)
+ write_sequnlock_irqrestore(&clock->lock, flags);
+
+ out:
+- schedule_delayed_work(&timer->overflow_work, timer->overflow_period);
++ return timer->overflow_period;
+ }
+
+ static int mlx5_ptp_settime(struct ptp_clock_info *ptp, const struct timespec64 *ts)
+@@ -253,6 +252,7 @@ static int mlx5_ptp_adjfreq(struct ptp_clock_info *ptp, s32 delta)
+ timer->nominal_c_mult + diff;
+ mlx5_update_clock_info_page(mdev);
+ write_sequnlock_irqrestore(&clock->lock, flags);
++ ptp_schedule_worker(clock->ptp, timer->overflow_period);
+
+ return 0;
+ }
+@@ -467,6 +467,7 @@ static const struct ptp_clock_info mlx5_ptp_clock_info = {
+ .settime64 = mlx5_ptp_settime,
+ .enable = NULL,
+ .verify = NULL,
++ .do_aux_work = mlx5_timestamp_overflow,
+ };
+
+ static int mlx5_query_mtpps_pin_mode(struct mlx5_core_dev *mdev, u8 pin,
+@@ -649,12 +650,11 @@ static void mlx5_init_overflow_period(struct mlx5_clock *clock)
+ do_div(ns, NSEC_PER_SEC / HZ);
+ timer->overflow_period = ns;
+
+- INIT_DELAYED_WORK(&timer->overflow_work, mlx5_timestamp_overflow);
+- if (timer->overflow_period)
+- schedule_delayed_work(&timer->overflow_work, 0);
+- else
++ if (!timer->overflow_period) {
++ timer->overflow_period = HZ;
+ mlx5_core_warn(mdev,
+- "invalid overflow period, overflow_work is not scheduled\n");
++ "invalid overflow period, overflow_work is scheduled once per second\n");
++ }
+
+ if (clock_info)
+ clock_info->overflow_period = timer->overflow_period;
+@@ -718,6 +718,9 @@ void mlx5_init_clock(struct mlx5_core_dev *mdev)
+
+ MLX5_NB_INIT(&clock->pps_nb, mlx5_pps_event, PPS_EVENT);
+ mlx5_eq_notifier_register(mdev, &clock->pps_nb);
++
++ if (clock->ptp)
++ ptp_schedule_worker(clock->ptp, 0);
+ }
+
+ void mlx5_cleanup_clock(struct mlx5_core_dev *mdev)
+@@ -734,7 +737,6 @@ void mlx5_cleanup_clock(struct mlx5_core_dev *mdev)
+ }
+
+ cancel_work_sync(&clock->pps_info.out_work);
+- cancel_delayed_work_sync(&clock->timer.overflow_work);
+
+ if (mdev->clock_info) {
+ free_page((unsigned long)mdev->clock_info);
+diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h
+index 68a12caf5eb16..56cb2fbc496e6 100644
+--- a/include/linux/mlx5/driver.h
++++ b/include/linux/mlx5/driver.h
+@@ -651,7 +651,6 @@ struct mlx5_timer {
+ struct timecounter tc;
+ u32 nominal_c_mult;
+ unsigned long overflow_period;
+- struct delayed_work overflow_work;
+ };
+
+ struct mlx5_clock {
+--
+2.39.5
+
--- /dev/null
+From 2bff01df075e355d66242a8e65538ab495325e9a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 24 Jan 2025 01:30:20 -0800
+Subject: net: usb: rtl8150: enable basic endpoint checking
+
+From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+
+[ Upstream commit 90b7f2961798793275b4844348619b622f983907 ]
+
+Syzkaller reports [1] encountering a common issue of utilizing a wrong
+usb endpoint type during URB submitting stage. This, in turn, triggers
+a warning shown below.
+
+For now, enable simple endpoint checking (specifically, bulk and
+interrupt eps, testing control one is not essential) to mitigate
+the issue with a view to do other related cosmetic changes later,
+if they are necessary.
+
+[1] Syzkaller report:
+usb 1-1: BOGUS urb xfer, pipe 3 != type 1
+WARNING: CPU: 1 PID: 2586 at drivers/usb/core/urb.c:503 usb_submit_urb+0xe4b/0x1730 driv>
+Modules linked in:
+CPU: 1 UID: 0 PID: 2586 Comm: dhcpcd Not tainted 6.11.0-rc4-syzkaller-00069-gfc88bb11617>
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
+RIP: 0010:usb_submit_urb+0xe4b/0x1730 drivers/usb/core/urb.c:503
+Code: 84 3c 02 00 00 e8 05 e4 fc fc 4c 89 ef e8 fd 25 d7 fe 45 89 e0 89 e9 4c 89 f2 48 8>
+RSP: 0018:ffffc9000441f740 EFLAGS: 00010282
+RAX: 0000000000000000 RBX: ffff888112487a00 RCX: ffffffff811a99a9
+RDX: ffff88810df6ba80 RSI: ffffffff811a99b6 RDI: 0000000000000001
+RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
+R13: ffff8881023bf0a8 R14: ffff888112452a20 R15: ffff888112487a7c
+FS: 00007fc04eea5740(0000) GS:ffff8881f6300000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007f0a1de9f870 CR3: 000000010dbd0000 CR4: 00000000003506f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ rtl8150_open+0x300/0xe30 drivers/net/usb/rtl8150.c:733
+ __dev_open+0x2d4/0x4e0 net/core/dev.c:1474
+ __dev_change_flags+0x561/0x720 net/core/dev.c:8838
+ dev_change_flags+0x8f/0x160 net/core/dev.c:8910
+ devinet_ioctl+0x127a/0x1f10 net/ipv4/devinet.c:1177
+ inet_ioctl+0x3aa/0x3f0 net/ipv4/af_inet.c:1003
+ sock_do_ioctl+0x116/0x280 net/socket.c:1222
+ sock_ioctl+0x22e/0x6c0 net/socket.c:1341
+ vfs_ioctl fs/ioctl.c:51 [inline]
+ __do_sys_ioctl fs/ioctl.c:907 [inline]
+ __se_sys_ioctl fs/ioctl.c:893 [inline]
+ __x64_sys_ioctl+0x193/0x220 fs/ioctl.c:893
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+RIP: 0033:0x7fc04ef73d49
+...
+
+This change has not been tested on real hardware.
+
+Reported-and-tested-by: syzbot+d7e968426f644b567e31@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=d7e968426f644b567e31
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Cc: stable@vger.kernel.org
+Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+Link: https://patch.msgid.link/20250124093020.234642-1-n.zhandarovich@fintech.ru
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/rtl8150.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
+index c7137fa9eb269..acef52b0729bf 100644
+--- a/drivers/net/usb/rtl8150.c
++++ b/drivers/net/usb/rtl8150.c
+@@ -71,6 +71,14 @@
+ #define MSR_SPEED (1<<3)
+ #define MSR_LINK (1<<2)
+
++/* USB endpoints */
++enum rtl8150_usb_ep {
++ RTL8150_USB_EP_CONTROL = 0,
++ RTL8150_USB_EP_BULK_IN = 1,
++ RTL8150_USB_EP_BULK_OUT = 2,
++ RTL8150_USB_EP_INT_IN = 3,
++};
++
+ /* Interrupt pipe data */
+ #define INT_TSR 0x00
+ #define INT_RSR 0x01
+@@ -866,6 +874,13 @@ static int rtl8150_probe(struct usb_interface *intf,
+ struct usb_device *udev = interface_to_usbdev(intf);
+ rtl8150_t *dev;
+ struct net_device *netdev;
++ static const u8 bulk_ep_addr[] = {
++ RTL8150_USB_EP_BULK_IN | USB_DIR_IN,
++ RTL8150_USB_EP_BULK_OUT | USB_DIR_OUT,
++ 0};
++ static const u8 int_ep_addr[] = {
++ RTL8150_USB_EP_INT_IN | USB_DIR_IN,
++ 0};
+
+ netdev = alloc_etherdev(sizeof(rtl8150_t));
+ if (!netdev)
+@@ -879,6 +894,13 @@ static int rtl8150_probe(struct usb_interface *intf,
+ return -ENOMEM;
+ }
+
++ /* Verify that all required endpoints are present */
++ if (!usb_check_bulk_endpoints(intf, bulk_ep_addr) ||
++ !usb_check_int_endpoints(intf, int_ep_addr)) {
++ dev_err(&intf->dev, "couldn't find required endpoints\n");
++ goto out;
++ }
++
+ tasklet_setup(&dev->tl, rx_fixup);
+ spin_lock_init(&dev->rx_pool_lock);
+
+--
+2.39.5
+
--- /dev/null
+From 839568879f2ced38ffb50f45c98b6fa67687e835 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 31 Jan 2021 00:47:30 +0100
+Subject: net: usb: rtl8150: use new tasklet API
+
+From: Emil Renner Berthing <kernel@esmil.dk>
+
+[ Upstream commit 1999ad32d4ff00581007543adffc465694b2e77b ]
+
+This converts the driver to use the new tasklet API introduced in
+commit 12cc923f1ccc ("tasklet: Introduce new initialization API")
+
+Signed-off-by: Emil Renner Berthing <kernel@esmil.dk>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Stable-dep-of: 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/rtl8150.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/usb/rtl8150.c b/drivers/net/usb/rtl8150.c
+index d128b4ac7c9f0..c7137fa9eb269 100644
+--- a/drivers/net/usb/rtl8150.c
++++ b/drivers/net/usb/rtl8150.c
+@@ -577,9 +577,9 @@ static void free_skb_pool(rtl8150_t *dev)
+ dev_kfree_skb(dev->rx_skb_pool[i]);
+ }
+
+-static void rx_fixup(unsigned long data)
++static void rx_fixup(struct tasklet_struct *t)
+ {
+- struct rtl8150 *dev = (struct rtl8150 *)data;
++ struct rtl8150 *dev = from_tasklet(dev, t, tl);
+ struct sk_buff *skb;
+ int status;
+
+@@ -879,7 +879,7 @@ static int rtl8150_probe(struct usb_interface *intf,
+ return -ENOMEM;
+ }
+
+- tasklet_init(&dev->tl, rx_fixup, (unsigned long)dev);
++ tasklet_setup(&dev->tl, rx_fixup);
+ spin_lock_init(&dev->rx_pool_lock);
+
+ dev->udev = udev;
+--
+2.39.5
+
--- /dev/null
+From 20a8d0c3073a7cf220cb6d13651315318a35713e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 28 Sep 2024 19:36:08 +0800
+Subject: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
+
+From: Kuan-Wei Chiu <visitorckw@gmail.com>
+
+[ Upstream commit 3d6f83df8ff2d5de84b50377e4f0d45e25311c7a ]
+
+Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which
+leads to undefined behavior. To prevent this, cast 1 to u32 before
+performing the shift, ensuring well-defined behavior.
+
+This change explicitly avoids any potential overflow by ensuring that
+the shift occurs on an unsigned 32-bit integer.
+
+Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com>
+Acked-by: Petr Mladek <pmladek@suse.com>
+Link: https://lore.kernel.org/r/20240928113608.1438087-1-visitorckw@gmail.com
+Signed-off-by: Petr Mladek <pmladek@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/printk/printk.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
+index a8af93cbc2936..3a7fd61c0e7be 100644
+--- a/kernel/printk/printk.c
++++ b/kernel/printk/printk.c
+@@ -420,7 +420,7 @@ static u64 clear_seq;
+ /* record buffer */
+ #define LOG_ALIGN __alignof__(unsigned long)
+ #define __LOG_BUF_LEN (1 << CONFIG_LOG_BUF_SHIFT)
+-#define LOG_BUF_LEN_MAX (u32)(1 << 31)
++#define LOG_BUF_LEN_MAX ((u32)1 << 31)
+ static char __log_buf[__LOG_BUF_LEN] __aligned(LOG_ALIGN);
+ static char *log_buf = __log_buf;
+ static u32 log_buf_len = __LOG_BUF_LEN;
+--
+2.39.5
+
--- /dev/null
+From 98867e3173e5b5ee239d23b6bfa11ae024a3ff6f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 17 Dec 2024 10:26:57 -0800
+Subject: safesetid: check size of policy writes
+
+From: Leo Stone <leocstone@gmail.com>
+
+[ Upstream commit f09ff307c7299392f1c88f763299e24bc99811c7 ]
+
+syzbot attempts to write a buffer with a large size to a sysfs entry
+with writes handled by handle_policy_update(), triggering a warning
+in kmalloc.
+
+Check the size specified for write buffers before allocating.
+
+Reported-by: syzbot+4eb7a741b3216020043a@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=4eb7a741b3216020043a
+Signed-off-by: Leo Stone <leocstone@gmail.com>
+[PM: subject tweak]
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ security/safesetid/securityfs.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
+index 25310468bcddf..8e1ffd70b18ab 100644
+--- a/security/safesetid/securityfs.c
++++ b/security/safesetid/securityfs.c
+@@ -143,6 +143,9 @@ static ssize_t handle_policy_update(struct file *file,
+ char *buf, *p, *end;
+ int err;
+
++ if (len >= KMALLOC_MAX_SIZE)
++ return -EINVAL;
++
+ pol = kmalloc(sizeof(struct setid_ruleset), GFP_KERNEL);
+ if (!pol)
+ return -ENOMEM;
+--
+2.39.5
+
--- /dev/null
+From 7a5c4ea8fc0e2e603663438d372c03c30565366f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 18 Nov 2024 13:37:45 +0900
+Subject: sched: Don't try to catch up excess steal time.
+
+From: Suleiman Souhlal <suleiman@google.com>
+
+[ Upstream commit 108ad0999085df2366dd9ef437573955cb3f5586 ]
+
+When steal time exceeds the measured delta when updating clock_task, we
+currently try to catch up the excess in future updates.
+However, this results in inaccurate run times for the future things using
+clock_task, in some situations, as they end up getting additional steal
+time that did not actually happen.
+This is because there is a window between reading the elapsed time in
+update_rq_clock() and sampling the steal time in update_rq_clock_task().
+If the VCPU gets preempted between those two points, any additional
+steal time is accounted to the outgoing task even though the calculated
+delta did not actually contain any of that "stolen" time.
+When this race happens, we can end up with steal time that exceeds the
+calculated delta, and the previous code would try to catch up that excess
+steal time in future clock updates, which is given to the next,
+incoming task, even though it did not actually have any time stolen.
+
+This behavior is particularly bad when steal time can be very long,
+which we've seen when trying to extend steal time to contain the duration
+that the host was suspended [0]. When this happens, clock_task stays
+frozen, during which the running task stays running for the whole
+duration, since its run time doesn't increase.
+However the race can happen even under normal operation.
+
+Ideally we would read the elapsed cpu time and the steal time atomically,
+to prevent this race from happening in the first place, but doing so
+is non-trivial.
+
+Since the time between those two points isn't otherwise accounted anywhere,
+neither to the outgoing task nor the incoming task (because the "end of
+outgoing task" and "start of incoming task" timestamps are the same),
+I would argue that the right thing to do is to simply drop any excess steal
+time, in order to prevent these issues.
+
+[0] https://lore.kernel.org/kvm/20240820043543.837914-1-suleiman@google.com/
+
+Signed-off-by: Suleiman Souhlal <suleiman@google.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Link: https://lore.kernel.org/r/20241118043745.1857272-1-suleiman@google.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/sched/core.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/sched/core.c b/kernel/sched/core.c
+index 7cf45d506688c..42dad8c8d6f28 100644
+--- a/kernel/sched/core.c
++++ b/kernel/sched/core.c
+@@ -279,13 +279,15 @@ static void update_rq_clock_task(struct rq *rq, s64 delta)
+ #endif
+ #ifdef CONFIG_PARAVIRT_TIME_ACCOUNTING
+ if (static_key_false((¶virt_steal_rq_enabled))) {
+- steal = paravirt_steal_clock(cpu_of(rq));
++ u64 prev_steal;
++
++ steal = prev_steal = paravirt_steal_clock(cpu_of(rq));
+ steal -= rq->prev_steal_time_rq;
+
+ if (unlikely(steal > delta))
+ steal = delta;
+
+- rq->prev_steal_time_rq += steal;
++ rq->prev_steal_time_rq = prev_steal;
+ delta -= steal;
+ }
+ #endif
+--
+2.39.5
+
--- /dev/null
+From dd485812db6474dce3f7a835a6037b1f09054f19 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 16 Jan 2025 09:30:37 +0800
+Subject: selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack()
+
+From: Liu Ye <liuye@kylinos.cn>
+
+[ Upstream commit 3a0b7fa095212b51ed63892540c4f249991a2d74 ]
+
+Address Null pointer dereference / undefined behavior in rtattr_pack
+(note that size is 0 in the bad case).
+
+Flagged by cppcheck as:
+ tools/testing/selftests/net/ipsec.c:230:25: warning: Possible null pointer
+ dereference: payload [nullPointer]
+ memcpy(RTA_DATA(attr), payload, size);
+ ^
+ tools/testing/selftests/net/ipsec.c:1618:54: note: Calling function 'rtattr_pack',
+ 4th argument 'NULL' value is 0
+ if (rtattr_pack(&req.nh, sizeof(req), XFRMA_IF_ID, NULL, 0)) {
+ ^
+ tools/testing/selftests/net/ipsec.c:230:25: note: Null pointer dereference
+ memcpy(RTA_DATA(attr), payload, size);
+ ^
+Signed-off-by: Liu Ye <liuye@kylinos.cn>
+
+Link: https://patch.msgid.link/20250116013037.29470-1-liuye@kylinos.cn
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/net/ipsec.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/tools/testing/selftests/net/ipsec.c b/tools/testing/selftests/net/ipsec.c
+index 03b048b668315..38f0de299605a 100644
+--- a/tools/testing/selftests/net/ipsec.c
++++ b/tools/testing/selftests/net/ipsec.c
+@@ -189,7 +189,8 @@ static int rtattr_pack(struct nlmsghdr *nh, size_t req_sz,
+
+ attr->rta_len = RTA_LENGTH(size);
+ attr->rta_type = rta_type;
+- memcpy(RTA_DATA(attr), payload, size);
++ if (payload)
++ memcpy(RTA_DATA(attr), payload, size);
+
+ return 0;
+ }
+--
+2.39.5
+
media-uvcvideo-fix-double-free-in-error-path.patch
usb-gadget-f_tcm-don-t-free-command-immediately.patch
btrfs-output-the-reason-for-open_ctree-failure.patch
+btrfs-fix-use-after-free-when-attempting-to-join-an-.patch
+btrfs-convert-bug_on-in-btrfs_reloc_cow_block-to-pro.patch
+sched-don-t-try-to-catch-up-excess-steal-time.patch
+lockdep-fix-upper-limit-for-lockdep_-_bits-configs.patch
+x86-amd_nb-restrict-init-function-to-amd-based-syste.patch
+printk-fix-signed-integer-overflow-when-defining-log.patch
+drm-sti-hdmi-use-eld_mutex-to-protect-access-to-conn.patch
+safesetid-check-size-of-policy-writes.patch
+tun-fix-group-permission-check.patch
+mmc-core-respect-quirk_max_rate-for-non-uhs-sdio-car.patch
+wifi-brcmsmac-add-gain-range-check-to-wlc_phy_iqcal_.patch
+tomoyo-don-t-emit-warning-in-tomoyo_write_control.patch
+mfd-lpc_ich-add-another-gemini-lake-isa-bridge-pci-d.patch
+hid-wacom-add-pci-wacom-device-support.patch
+net-mlx5-use-do_aux_work-for-phc-overflow-checks.patch
+i2c-force-elan06fa-touchpad-i2c-bus-freq-to-100khz.patch
+apei-ghes-have-ghes-honor-the-panic-setting.patch
+mmc-sdhci-msm-correctly-set-the-load-for-the-regulat.patch
+tipc-re-order-conditions-in-tipc_crypto_key_rcv.patch
+selftests-net-ipsec-fix-null-pointer-dereference-in-.patch
+input-allocate-keycode-for-phone-linking.patch
+kvm-ppc-e500-mark-struct-page-dirty-in-kvmppc_e500_s.patch
+kvm-ppc-e500-mark-struct-page-pfn-accessed-before-dr.patch
+kvm-ppc-e500-use-__kvm_faultin_pfn-to-handle-page-fa.patch
+kvm-e500-always-restore-irqs.patch
+usb-chipidea-ci_hdrc_imx-use-dev_err_probe.patch
+usb-chipidea-ci_hdrc_imx-convert-to-platform-remove-.patch
+usb-chipidea-ci_hdrc_imx-decrement-device-s-refcount.patch
+net-usb-rtl8150-use-new-tasklet-api.patch
+net-usb-rtl8150-enable-basic-endpoint-checking.patch
+usb-xhci-add-timeout-argument-in-address_device-usb-.patch
+usb-xhci-fix-null-pointer-dereference-on-certain-com.patch
--- /dev/null
+From 0df655d72c0d4dce2c9106b8d43fa892a6b4a9f9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 17 Jan 2025 12:36:14 +0300
+Subject: tipc: re-order conditions in tipc_crypto_key_rcv()
+
+From: Dan Carpenter <dan.carpenter@linaro.org>
+
+[ Upstream commit 5fe71fda89745fc3cd95f70d06e9162b595c3702 ]
+
+On a 32bit system the "keylen + sizeof(struct tipc_aead_key)" math could
+have an integer wrapping issue. It doesn't matter because the "keylen"
+is checked on the next line, but just to make life easier for static
+analysis tools, let's re-order these conditions and avoid the integer
+overflow.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/tipc/crypto.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c
+index b5aa0a835bced..bf384bd126963 100644
+--- a/net/tipc/crypto.c
++++ b/net/tipc/crypto.c
+@@ -2297,8 +2297,8 @@ static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr)
+ keylen = ntohl(*((__be32 *)(data + TIPC_AEAD_ALG_NAME)));
+
+ /* Verify the supplied size values */
+- if (unlikely(size != keylen + sizeof(struct tipc_aead_key) ||
+- keylen > TIPC_AEAD_KEY_SIZE_MAX)) {
++ if (unlikely(keylen > TIPC_AEAD_KEY_SIZE_MAX ||
++ size != keylen + sizeof(struct tipc_aead_key))) {
+ pr_debug("%s: invalid MSG_CRYPTO key size\n", rx->name);
+ goto exit;
+ }
+--
+2.39.5
+
--- /dev/null
+From 01921fab3cb2ede093f584ca7d348d211516dfb6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 16 Dec 2024 19:38:40 +0900
+Subject: tomoyo: don't emit warning in tomoyo_write_control()
+
+From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+
+[ Upstream commit 3df7546fc03b8f004eee0b9e3256369f7d096685 ]
+
+syzbot is reporting too large allocation warning at tomoyo_write_control(),
+for one can write a very very long line without new line character. To fix
+this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE,
+for practically a valid line should be always shorter than 32KB where the
+"too small to fail" memory-allocation rule applies.
+
+One might try to write a valid line that is longer than 32KB, but such
+request will likely fail with -ENOMEM. Therefore, I feel that separately
+returning -EINVAL when a line is longer than KMALLOC_MAX_SIZE is redundant.
+There is no need to distinguish over-32KB and over-KMALLOC_MAX_SIZE.
+
+Reported-by: syzbot+7536f77535e5210a5c76@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=7536f77535e5210a5c76
+Reported-by: Leo Stone <leocstone@gmail.com>
+Closes: https://lkml.kernel.org/r/20241216021459.178759-2-leocstone@gmail.com
+Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ security/tomoyo/common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
+index 6235c3be832aa..e23993c784405 100644
+--- a/security/tomoyo/common.c
++++ b/security/tomoyo/common.c
+@@ -2673,7 +2673,7 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
+
+ if (head->w.avail >= head->writebuf_size - 1) {
+ const int len = head->writebuf_size * 2;
+- char *cp = kzalloc(len, GFP_NOFS);
++ char *cp = kzalloc(len, GFP_NOFS | __GFP_NOWARN);
+
+ if (!cp) {
+ error = -ENOMEM;
+--
+2.39.5
+
--- /dev/null
+From 80a7f3b4c50baa2b68547c438cbb1ee5925b3b5f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 5 Dec 2024 10:36:14 +0300
+Subject: tun: fix group permission check
+
+From: Stas Sergeev <stsp2@yandex.ru>
+
+[ Upstream commit 3ca459eaba1bf96a8c7878de84fa8872259a01e3 ]
+
+Currently tun checks the group permission even if the user have matched.
+Besides going against the usual permission semantic, this has a
+very interesting implication: if the tun group is not among the
+supplementary groups of the tun user, then effectively no one can
+access the tun device. CAP_SYS_ADMIN still can, but its the same as
+not setting the tun ownership.
+
+This patch relaxes the group checking so that either the user match
+or the group match is enough. This avoids the situation when no one
+can access the device even though the ownership is properly set.
+
+Also I simplified the logic by removing the redundant inversions:
+tun_not_capable() --> !tun_capable()
+
+Signed-off-by: Stas Sergeev <stsp2@yandex.ru>
+Reviewed-by: Willem de Bruijn <willemb@google.com>
+Acked-by: Jason Wang <jasowang@redhat.com>
+Link: https://patch.msgid.link/20241205073614.294773-1-stsp2@yandex.ru
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/tun.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/net/tun.c b/drivers/net/tun.c
+index c34c6f0d23efe..52ea9f81d388b 100644
+--- a/drivers/net/tun.c
++++ b/drivers/net/tun.c
+@@ -586,14 +586,18 @@ static u16 tun_select_queue(struct net_device *dev, struct sk_buff *skb,
+ return ret;
+ }
+
+-static inline bool tun_not_capable(struct tun_struct *tun)
++static inline bool tun_capable(struct tun_struct *tun)
+ {
+ const struct cred *cred = current_cred();
+ struct net *net = dev_net(tun->dev);
+
+- return ((uid_valid(tun->owner) && !uid_eq(cred->euid, tun->owner)) ||
+- (gid_valid(tun->group) && !in_egroup_p(tun->group))) &&
+- !ns_capable(net->user_ns, CAP_NET_ADMIN);
++ if (ns_capable(net->user_ns, CAP_NET_ADMIN))
++ return 1;
++ if (uid_valid(tun->owner) && uid_eq(cred->euid, tun->owner))
++ return 1;
++ if (gid_valid(tun->group) && in_egroup_p(tun->group))
++ return 1;
++ return 0;
+ }
+
+ static void tun_set_real_num_queues(struct tun_struct *tun)
+@@ -2772,7 +2776,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
+ !!(tun->flags & IFF_MULTI_QUEUE))
+ return -EINVAL;
+
+- if (tun_not_capable(tun))
++ if (!tun_capable(tun))
+ return -EPERM;
+ err = security_tun_dev_open(tun->security);
+ if (err < 0)
+--
+2.39.5
+
--- /dev/null
+From 4b3ce9cc891061fbfae4fcc5e64d15b1ea5a9eb6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 May 2023 01:01:07 +0200
+Subject: usb: chipidea/ci_hdrc_imx: Convert to platform remove callback
+ returning void
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+
+[ Upstream commit ad593ed671feb49e93a77653886c042f68b6cdfd ]
+
+The .remove() callback for a platform driver returns an int which makes
+many driver authors wrongly assume it's possible to do error handling by
+returning an error code. However the value returned is ignored (apart from
+emitting a warning) and this typically results in resource leaks. To improve
+here there is a quest to make the remove callback return void. In the first
+step of this quest all drivers are converted to .remove_new() which already
+returns void. Eventually after all drivers are converted, .remove_new() is
+renamed to .remove().
+
+Trivially convert this driver from always returning zero in the remove
+callback to the void returning variant.
+
+Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Link: https://lore.kernel.org/r/20230517230239.187727-6-u.kleine-koenig@pengutronix.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: 74adad500346 ("usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/chipidea/ci_hdrc_imx.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c
+index abe162cd729e9..573795f8738e1 100644
+--- a/drivers/usb/chipidea/ci_hdrc_imx.c
++++ b/drivers/usb/chipidea/ci_hdrc_imx.c
+@@ -510,7 +510,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
+ return ret;
+ }
+
+-static int ci_hdrc_imx_remove(struct platform_device *pdev)
++static void ci_hdrc_imx_remove(struct platform_device *pdev)
+ {
+ struct ci_hdrc_imx_data *data = platform_get_drvdata(pdev);
+
+@@ -530,8 +530,6 @@ static int ci_hdrc_imx_remove(struct platform_device *pdev)
+ if (data->hsic_pad_regulator)
+ regulator_disable(data->hsic_pad_regulator);
+ }
+-
+- return 0;
+ }
+
+ static void ci_hdrc_imx_shutdown(struct platform_device *pdev)
+@@ -677,7 +675,7 @@ static const struct dev_pm_ops ci_hdrc_imx_pm_ops = {
+ };
+ static struct platform_driver ci_hdrc_imx_driver = {
+ .probe = ci_hdrc_imx_probe,
+- .remove = ci_hdrc_imx_remove,
++ .remove_new = ci_hdrc_imx_remove,
+ .shutdown = ci_hdrc_imx_shutdown,
+ .driver = {
+ .name = "imx_usb",
+--
+2.39.5
+
--- /dev/null
+From f3f8f9785381cff6992aa2f999476d0ba391d4a2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 16 Dec 2024 10:55:39 +0900
+Subject: usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove()
+ and in the error path of .probe()
+
+From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
+
+[ Upstream commit 74adad500346fb07d69af2c79acbff4adb061134 ]
+
+Current implementation of ci_hdrc_imx_driver does not decrement the
+refcount of the device obtained in usbmisc_get_init_data(). Add a
+put_device() call in .remove() and in .probe() before returning an
+error.
+
+This bug was found by an experimental static analysis tool that I am
+developing.
+
+Cc: stable <stable@kernel.org>
+Fixes: f40017e0f332 ("chipidea: usbmisc_imx: Add USB support for VF610 SoCs")
+Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
+Acked-by: Peter Chen <peter.chen@kernel.org>
+Link: https://lore.kernel.org/r/20241216015539.352579-1-joe@pf.is.s.u-tokyo.ac.jp
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/chipidea/ci_hdrc_imx.c | 25 +++++++++++++++++--------
+ 1 file changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c
+index 573795f8738e1..ed0c3ea2dfa54 100644
+--- a/drivers/usb/chipidea/ci_hdrc_imx.c
++++ b/drivers/usb/chipidea/ci_hdrc_imx.c
+@@ -360,25 +360,29 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
+ data->pinctrl = devm_pinctrl_get(dev);
+ if (PTR_ERR(data->pinctrl) == -ENODEV)
+ data->pinctrl = NULL;
+- else if (IS_ERR(data->pinctrl))
+- return dev_err_probe(dev, PTR_ERR(data->pinctrl),
++ else if (IS_ERR(data->pinctrl)) {
++ ret = dev_err_probe(dev, PTR_ERR(data->pinctrl),
+ "pinctrl get failed\n");
++ goto err_put;
++ }
+
+ data->hsic_pad_regulator =
+ devm_regulator_get_optional(dev, "hsic");
+ if (PTR_ERR(data->hsic_pad_regulator) == -ENODEV) {
+ /* no pad regualator is needed */
+ data->hsic_pad_regulator = NULL;
+- } else if (IS_ERR(data->hsic_pad_regulator))
+- return dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator),
++ } else if (IS_ERR(data->hsic_pad_regulator)) {
++ ret = dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator),
+ "Get HSIC pad regulator error\n");
++ goto err_put;
++ }
+
+ if (data->hsic_pad_regulator) {
+ ret = regulator_enable(data->hsic_pad_regulator);
+ if (ret) {
+ dev_err(dev,
+ "Failed to enable HSIC pad regulator\n");
+- return ret;
++ goto err_put;
+ }
+ }
+ }
+@@ -392,13 +396,14 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
+ dev_err(dev,
+ "pinctrl_hsic_idle lookup failed, err=%ld\n",
+ PTR_ERR(pinctrl_hsic_idle));
+- return PTR_ERR(pinctrl_hsic_idle);
++ ret = PTR_ERR(pinctrl_hsic_idle);
++ goto err_put;
+ }
+
+ ret = pinctrl_select_state(data->pinctrl, pinctrl_hsic_idle);
+ if (ret) {
+ dev_err(dev, "hsic_idle select failed, err=%d\n", ret);
+- return ret;
++ goto err_put;
+ }
+
+ data->pinctrl_hsic_active = pinctrl_lookup_state(data->pinctrl,
+@@ -407,7 +412,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
+ dev_err(dev,
+ "pinctrl_hsic_active lookup failed, err=%ld\n",
+ PTR_ERR(data->pinctrl_hsic_active));
+- return PTR_ERR(data->pinctrl_hsic_active);
++ ret = PTR_ERR(data->pinctrl_hsic_active);
++ goto err_put;
+ }
+ }
+
+@@ -507,6 +513,8 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
+ if (pdata.flags & CI_HDRC_PMQOS)
+ cpu_latency_qos_remove_request(&data->pm_qos_req);
+ data->ci_pdev = NULL;
++err_put:
++ put_device(data->usbmisc_data->dev);
+ return ret;
+ }
+
+@@ -530,6 +538,7 @@ static void ci_hdrc_imx_remove(struct platform_device *pdev)
+ if (data->hsic_pad_regulator)
+ regulator_disable(data->hsic_pad_regulator);
+ }
++ put_device(data->usbmisc_data->dev);
+ }
+
+ static void ci_hdrc_imx_shutdown(struct platform_device *pdev)
+--
+2.39.5
+
--- /dev/null
+From 0d43ba10abce67b5b9debf14e8ac22a7b1ce7af3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Jun 2022 14:05:22 +0200
+Subject: usb: chipidea: ci_hdrc_imx: use dev_err_probe()
+
+From: Alexander Stein <alexander.stein@ew.tq-group.com>
+
+[ Upstream commit 18171cfc3c236a1587dcad9adc27c6e781af4438 ]
+
+Use dev_err_probe() to simplify handling errors in ci_hdrc_imx_probe()
+
+Acked-by: Peter Chen <peter.chen@kernel.org>
+Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
+Link: https://lore.kernel.org/r/20220614120522.1469957-1-alexander.stein@ew.tq-group.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: 74adad500346 ("usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/chipidea/ci_hdrc_imx.c | 23 +++++++----------------
+ 1 file changed, 7 insertions(+), 16 deletions(-)
+
+diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c
+index a54c3cff6c28e..abe162cd729e9 100644
+--- a/drivers/usb/chipidea/ci_hdrc_imx.c
++++ b/drivers/usb/chipidea/ci_hdrc_imx.c
+@@ -360,25 +360,18 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
+ data->pinctrl = devm_pinctrl_get(dev);
+ if (PTR_ERR(data->pinctrl) == -ENODEV)
+ data->pinctrl = NULL;
+- else if (IS_ERR(data->pinctrl)) {
+- if (PTR_ERR(data->pinctrl) != -EPROBE_DEFER)
+- dev_err(dev, "pinctrl get failed, err=%ld\n",
+- PTR_ERR(data->pinctrl));
+- return PTR_ERR(data->pinctrl);
+- }
++ else if (IS_ERR(data->pinctrl))
++ return dev_err_probe(dev, PTR_ERR(data->pinctrl),
++ "pinctrl get failed\n");
+
+ data->hsic_pad_regulator =
+ devm_regulator_get_optional(dev, "hsic");
+ if (PTR_ERR(data->hsic_pad_regulator) == -ENODEV) {
+ /* no pad regualator is needed */
+ data->hsic_pad_regulator = NULL;
+- } else if (IS_ERR(data->hsic_pad_regulator)) {
+- if (PTR_ERR(data->hsic_pad_regulator) != -EPROBE_DEFER)
+- dev_err(dev,
+- "Get HSIC pad regulator error: %ld\n",
+- PTR_ERR(data->hsic_pad_regulator));
+- return PTR_ERR(data->hsic_pad_regulator);
+- }
++ } else if (IS_ERR(data->hsic_pad_regulator))
++ return dev_err_probe(dev, PTR_ERR(data->hsic_pad_regulator),
++ "Get HSIC pad regulator error\n");
+
+ if (data->hsic_pad_regulator) {
+ ret = regulator_enable(data->hsic_pad_regulator);
+@@ -470,9 +463,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev)
+ &pdata);
+ if (IS_ERR(data->ci_pdev)) {
+ ret = PTR_ERR(data->ci_pdev);
+- if (ret != -EPROBE_DEFER)
+- dev_err(dev, "ci_hdrc_add_device failed, err=%d\n",
+- ret);
++ dev_err_probe(dev, ret, "ci_hdrc_add_device failed\n");
+ goto err_clk;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From 4dd54dc707c5c47cf82b901195e4544fc0cbb0aa Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 27 Oct 2023 17:20:28 +0200
+Subject: usb: xhci: Add timeout argument in address_device USB HCD callback
+
+From: Hardik Gajjar <hgajjar@de.adit-jv.com>
+
+[ Upstream commit a769154c7cac037914ba375ae88aae55b2c853e0 ]
+
+- The HCD address_device callback now accepts a user-defined timeout value
+ in milliseconds, providing better control over command execution times.
+- The default timeout value for the address_device command has been set
+ to 5000 ms, aligning with the USB 3.2 specification. However, this
+ timeout can be adjusted as needed.
+- The xhci_setup_device function has been updated to accept the timeout
+ value, allowing it to specify the maximum wait time for the command
+ operation to complete.
+- The hub driver has also been updated to accommodate the newly added
+ timeout parameter during the SET_ADDRESS request.
+
+Signed-off-by: Hardik Gajjar <hgajjar@de.adit-jv.com>
+Reviewed-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Link: https://lore.kernel.org/r/20231027152029.104363-1-hgajjar@de.adit-jv.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: 1e0a19912adb ("usb: xhci: Fix NULL pointer dereference on certain command aborts")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/core/hub.c | 2 +-
+ drivers/usb/host/xhci-mem.c | 2 ++
+ drivers/usb/host/xhci-ring.c | 11 ++++++-----
+ drivers/usb/host/xhci.c | 23 ++++++++++++++++-------
+ drivers/usb/host/xhci.h | 9 +++++++--
+ include/linux/usb/hcd.h | 5 +++--
+ 6 files changed, 35 insertions(+), 17 deletions(-)
+
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
+index edf61091f202b..6e1e2493507d9 100644
+--- a/drivers/usb/core/hub.c
++++ b/drivers/usb/core/hub.c
+@@ -4662,7 +4662,7 @@ static int hub_set_address(struct usb_device *udev, int devnum)
+ if (udev->state != USB_STATE_DEFAULT)
+ return -EINVAL;
+ if (hcd->driver->address_device)
+- retval = hcd->driver->address_device(hcd, udev);
++ retval = hcd->driver->address_device(hcd, udev, USB_CTRL_SET_TIMEOUT);
+ else
+ retval = usb_control_msg(udev, usb_sndaddr0pipe(),
+ USB_REQ_SET_ADDRESS, 0, devnum, 0,
+diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
+index 006e1b15fbda9..8740bd443f138 100644
+--- a/drivers/usb/host/xhci-mem.c
++++ b/drivers/usb/host/xhci-mem.c
+@@ -1779,6 +1779,8 @@ struct xhci_command *xhci_alloc_command(struct xhci_hcd *xhci,
+ }
+
+ command->status = 0;
++ /* set default timeout to 5000 ms */
++ command->timeout_ms = XHCI_CMD_DEFAULT_TIMEOUT;
+ INIT_LIST_HEAD(&command->cmd_list);
+ return command;
+ }
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
+index 32c039027d7fe..100f392cd1dfc 100644
+--- a/drivers/usb/host/xhci-ring.c
++++ b/drivers/usb/host/xhci-ring.c
+@@ -288,9 +288,10 @@ void xhci_ring_cmd_db(struct xhci_hcd *xhci)
+ readl(&xhci->dba->doorbell[0]);
+ }
+
+-static bool xhci_mod_cmd_timer(struct xhci_hcd *xhci, unsigned long delay)
++static bool xhci_mod_cmd_timer(struct xhci_hcd *xhci)
+ {
+- return mod_delayed_work(system_wq, &xhci->cmd_timer, delay);
++ return mod_delayed_work(system_wq, &xhci->cmd_timer,
++ msecs_to_jiffies(xhci->current_cmd->timeout_ms));
+ }
+
+ static struct xhci_command *xhci_next_queued_cmd(struct xhci_hcd *xhci)
+@@ -334,7 +335,7 @@ static void xhci_handle_stopped_cmd_ring(struct xhci_hcd *xhci,
+ if ((xhci->cmd_ring->dequeue != xhci->cmd_ring->enqueue) &&
+ !(xhci->xhc_state & XHCI_STATE_DYING)) {
+ xhci->current_cmd = cur_cmd;
+- xhci_mod_cmd_timer(xhci, XHCI_CMD_DEFAULT_TIMEOUT);
++ xhci_mod_cmd_timer(xhci);
+ xhci_ring_cmd_db(xhci);
+ }
+ }
+@@ -1687,7 +1688,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
+ if (!list_is_singular(&xhci->cmd_list)) {
+ xhci->current_cmd = list_first_entry(&cmd->cmd_list,
+ struct xhci_command, cmd_list);
+- xhci_mod_cmd_timer(xhci, XHCI_CMD_DEFAULT_TIMEOUT);
++ xhci_mod_cmd_timer(xhci);
+ } else if (xhci->current_cmd == cmd) {
+ xhci->current_cmd = NULL;
+ }
+@@ -4203,7 +4204,7 @@ static int queue_command(struct xhci_hcd *xhci, struct xhci_command *cmd,
+ /* if there are no other commands queued we start the timeout timer */
+ if (list_empty(&xhci->cmd_list)) {
+ xhci->current_cmd = cmd;
+- xhci_mod_cmd_timer(xhci, XHCI_CMD_DEFAULT_TIMEOUT);
++ xhci_mod_cmd_timer(xhci);
+ }
+
+ list_add_tail(&cmd->cmd_list, &xhci->cmd_list);
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
+index 19914d08fc0dd..908445cff24f8 100644
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -4116,12 +4116,18 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
+ return 0;
+ }
+
+-/*
+- * Issue an Address Device command and optionally send a corresponding
+- * SetAddress request to the device.
++/**
++ * xhci_setup_device - issues an Address Device command to assign a unique
++ * USB bus address.
++ * @hcd: USB host controller data structure.
++ * @udev: USB dev structure representing the connected device.
++ * @setup: Enum specifying setup mode: address only or with context.
++ * @timeout_ms: Max wait time (ms) for the command operation to complete.
++ *
++ * Return: 0 if successful; otherwise, negative error code.
+ */
+ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
+- enum xhci_setup_dev setup)
++ enum xhci_setup_dev setup, unsigned int timeout_ms)
+ {
+ const char *act = setup == SETUP_CONTEXT_ONLY ? "context" : "address";
+ unsigned long flags;
+@@ -4178,6 +4184,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
+ }
+
+ command->in_ctx = virt_dev->in_ctx;
++ command->timeout_ms = timeout_ms;
+
+ slot_ctx = xhci_get_slot_ctx(xhci, virt_dev->in_ctx);
+ ctrl_ctx = xhci_get_input_control_ctx(virt_dev->in_ctx);
+@@ -4306,14 +4313,16 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
+ return ret;
+ }
+
+-static int xhci_address_device(struct usb_hcd *hcd, struct usb_device *udev)
++static int xhci_address_device(struct usb_hcd *hcd, struct usb_device *udev,
++ unsigned int timeout_ms)
+ {
+- return xhci_setup_device(hcd, udev, SETUP_CONTEXT_ADDRESS);
++ return xhci_setup_device(hcd, udev, SETUP_CONTEXT_ADDRESS, timeout_ms);
+ }
+
+ static int xhci_enable_device(struct usb_hcd *hcd, struct usb_device *udev)
+ {
+- return xhci_setup_device(hcd, udev, SETUP_CONTEXT_ONLY);
++ return xhci_setup_device(hcd, udev, SETUP_CONTEXT_ONLY,
++ XHCI_CMD_DEFAULT_TIMEOUT);
+ }
+
+ /*
+diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
+index 6304e9b00ecc6..efce7f40dd949 100644
+--- a/drivers/usb/host/xhci.h
++++ b/drivers/usb/host/xhci.h
+@@ -815,6 +815,8 @@ struct xhci_command {
+ struct completion *completion;
+ union xhci_trb *command_trb;
+ struct list_head cmd_list;
++ /* xHCI command response timeout in milliseconds */
++ unsigned int timeout_ms;
+ };
+
+ /* drop context bitmasks */
+@@ -1558,8 +1560,11 @@ struct xhci_td {
+ unsigned int num_trbs;
+ };
+
+-/* xHCI command default timeout value */
+-#define XHCI_CMD_DEFAULT_TIMEOUT (5 * HZ)
++/*
++ * xHCI command default timeout value in milliseconds.
++ * USB 3.2 spec, section 9.2.6.1
++ */
++#define XHCI_CMD_DEFAULT_TIMEOUT 5000
+
+ /* command descriptor */
+ struct xhci_cd {
+diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h
+index 4cd545402a634..4ff23d3ad3d98 100644
+--- a/include/linux/usb/hcd.h
++++ b/include/linux/usb/hcd.h
+@@ -385,8 +385,9 @@ struct hc_driver {
+ * or bandwidth constraints.
+ */
+ void (*reset_bandwidth)(struct usb_hcd *, struct usb_device *);
+- /* Returns the hardware-chosen device address */
+- int (*address_device)(struct usb_hcd *, struct usb_device *udev);
++ /* Set the hardware-chosen device address */
++ int (*address_device)(struct usb_hcd *, struct usb_device *udev,
++ unsigned int timeout_ms);
+ /* prepares the hardware to send commands to the device */
+ int (*enable_device)(struct usb_hcd *, struct usb_device *udev);
+ /* Notifies the HCD after a hub descriptor is fetched.
+--
+2.39.5
+
--- /dev/null
+From cde2ceda23dacedc34be8e0fc1a0bf4600f3cf56 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 27 Dec 2024 14:01:40 +0200
+Subject: usb: xhci: Fix NULL pointer dereference on certain command aborts
+
+From: Michal Pecio <michal.pecio@gmail.com>
+
+[ Upstream commit 1e0a19912adb68a4b2b74fd77001c96cd83eb073 ]
+
+If a command is queued to the final usable TRB of a ring segment, the
+enqueue pointer is advanced to the subsequent link TRB and no further.
+If the command is later aborted, when the abort completion is handled
+the dequeue pointer is advanced to the first TRB of the next segment.
+
+If no further commands are queued, xhci_handle_stopped_cmd_ring() sees
+the ring pointers unequal and assumes that there is a pending command,
+so it calls xhci_mod_cmd_timer() which crashes if cur_cmd was NULL.
+
+Don't attempt timer setup if cur_cmd is NULL. The subsequent doorbell
+ring likely is unnecessary too, but it's harmless. Leave it alone.
+
+This is probably Bug 219532, but no confirmation has been received.
+
+The issue has been independently reproduced and confirmed fixed using
+a USB MCU programmed to NAK the Status stage of SET_ADDRESS forever.
+Everything continued working normally after several prevented crashes.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=219532
+Fixes: c311e391a7ef ("xhci: rework command timeout and cancellation,")
+CC: stable@vger.kernel.org
+Signed-off-by: Michal Pecio <michal.pecio@gmail.com>
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Link: https://lore.kernel.org/r/20241227120142.1035206-4-mathias.nyman@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/host/xhci-ring.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
+index 100f392cd1dfc..954cd962e113c 100644
+--- a/drivers/usb/host/xhci-ring.c
++++ b/drivers/usb/host/xhci-ring.c
+@@ -335,7 +335,8 @@ static void xhci_handle_stopped_cmd_ring(struct xhci_hcd *xhci,
+ if ((xhci->cmd_ring->dequeue != xhci->cmd_ring->enqueue) &&
+ !(xhci->xhc_state & XHCI_STATE_DYING)) {
+ xhci->current_cmd = cur_cmd;
+- xhci_mod_cmd_timer(xhci);
++ if (cur_cmd)
++ xhci_mod_cmd_timer(xhci);
+ xhci_ring_cmd_db(xhci);
+ }
+ }
+--
+2.39.5
+
--- /dev/null
+From a047326ebb28a584ff0789c7e35ae12fb27a04ce Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 10 Dec 2024 10:04:41 +0300
+Subject: wifi: brcmsmac: add gain range check to
+ wlc_phy_iqcal_gainparams_nphy()
+
+From: Dmitry Antipov <dmantipov@yandex.ru>
+
+[ Upstream commit 3f4a0948c3524ae50f166dbc6572a3296b014e62 ]
+
+In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN()
+instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access.
+Compile tested only.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
+Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@kernel.org>
+Link: https://patch.msgid.link/20241210070441.836362-1-dmantipov@yandex.ru
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c
+index 8580a27547891..42e7bc67e9143 100644
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c
+@@ -23427,6 +23427,9 @@ wlc_phy_iqcal_gainparams_nphy(struct brcms_phy *pi, u16 core_no,
+ break;
+ }
+
++ if (WARN_ON(k == NPHY_IQCAL_NUMGAINS))
++ return;
++
+ params->txgm = tbl_iqcal_gainparams_nphy[band_idx][k][1];
+ params->pga = tbl_iqcal_gainparams_nphy[band_idx][k][2];
+ params->pad = tbl_iqcal_gainparams_nphy[band_idx][k][3];
+--
+2.39.5
+
--- /dev/null
+From 95040cff40ea08b34ce92f00f28efb6cb7db1658 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 6 Dec 2024 16:11:55 +0000
+Subject: x86/amd_nb: Restrict init function to AMD-based systems
+
+From: Yazen Ghannam <yazen.ghannam@amd.com>
+
+[ Upstream commit bee9e840609cc67d0a7d82f22a2130fb7a0a766d ]
+
+The code implicitly operates on AMD-based systems by matching on PCI
+IDs. However, the use of these IDs is going away.
+
+Add an explicit CPU vendor check instead of relying on PCI IDs.
+
+Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Link: https://lore.kernel.org/r/20241206161210.163701-3-yazen.ghannam@amd.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/kernel/amd_nb.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/arch/x86/kernel/amd_nb.c b/arch/x86/kernel/amd_nb.c
+index 16cd56627574d..3dcaeb25ee301 100644
+--- a/arch/x86/kernel/amd_nb.c
++++ b/arch/x86/kernel/amd_nb.c
+@@ -536,6 +536,10 @@ static __init void fix_erratum_688(void)
+
+ static __init int init_amd_nbs(void)
+ {
++ if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD &&
++ boot_cpu_data.x86_vendor != X86_VENDOR_HYGON)
++ return 0;
++
+ amd_cache_northbridges();
+ amd_cache_gart();
+
+--
+2.39.5
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
