--- /dev/null
+From 2e93a29b48a017c777d4fcbfcc51aba4e6a90d38 Mon Sep 17 00:00:00 2001
+From: Sameer Pujar <spujar@nvidia.com>
+Date: Fri, 5 Apr 2024 10:43:06 +0000
+Subject: ASoC: tegra: Fix DSPK 16-bit playback
+
+From: Sameer Pujar <spujar@nvidia.com>
+
+commit 2e93a29b48a017c777d4fcbfcc51aba4e6a90d38 upstream.
+
+DSPK configuration is wrong for 16-bit playback and this happens because
+the client config is always fixed at 24-bit in hw_params(). Fix this by
+updating the client config to 16-bit for the respective playback.
+
+Fixes: 327ef6470266 ("ASoC: tegra: Add Tegra186 based DSPK driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sameer Pujar <spujar@nvidia.com>
+Acked-by: Thierry Reding <treding@nvidia.com>
+Link: https://msgid.link/r/20240405104306.551036-1-spujar@nvidia.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/tegra/tegra186_dspk.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+--- a/sound/soc/tegra/tegra186_dspk.c
++++ b/sound/soc/tegra/tegra186_dspk.c
+@@ -1,8 +1,7 @@
+ // SPDX-License-Identifier: GPL-2.0-only
++// SPDX-FileCopyrightText: Copyright (c) 2020-2024 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+ //
+ // tegra186_dspk.c - Tegra186 DSPK driver
+-//
+-// Copyright (c) 2020 NVIDIA CORPORATION. All rights reserved.
+
+ #include <linux/clk.h>
+ #include <linux/device.h>
+@@ -241,14 +240,14 @@ static int tegra186_dspk_hw_params(struc
+ return -EINVAL;
+ }
+
+- cif_conf.client_bits = TEGRA_ACIF_BITS_24;
+-
+ switch (params_format(params)) {
+ case SNDRV_PCM_FORMAT_S16_LE:
+ cif_conf.audio_bits = TEGRA_ACIF_BITS_16;
++ cif_conf.client_bits = TEGRA_ACIF_BITS_16;
+ break;
+ case SNDRV_PCM_FORMAT_S32_LE:
+ cif_conf.audio_bits = TEGRA_ACIF_BITS_32;
++ cif_conf.client_bits = TEGRA_ACIF_BITS_24;
+ break;
+ default:
+ dev_err(dev, "unsupported format!\n");
--- /dev/null
+From d18ca8635db2f88c17acbdf6412f26d4f6aff414 Mon Sep 17 00:00:00 2001
+From: Joao Paulo Goncalves <joao.goncalves@toradex.com>
+Date: Wed, 17 Apr 2024 15:41:38 -0300
+Subject: ASoC: ti: davinci-mcasp: Fix race condition during probe
+
+From: Joao Paulo Goncalves <joao.goncalves@toradex.com>
+
+commit d18ca8635db2f88c17acbdf6412f26d4f6aff414 upstream.
+
+When using davinci-mcasp as CPU DAI with simple-card, there are some
+conditions that cause simple-card to finish registering a sound card before
+davinci-mcasp finishes registering all sound components. This creates a
+non-working sound card from userspace with no problem indication apart
+from not being able to play/record audio on a PCM stream. The issue
+arises during simultaneous probe execution of both drivers. Specifically,
+the simple-card driver, awaiting a CPU DAI, proceeds as soon as
+davinci-mcasp registers its DAI. However, this process can lead to the
+client mutex lock (client_mutex in soc-core.c) being held or davinci-mcasp
+being preempted before PCM DMA registration on davinci-mcasp finishes.
+This situation occurs when the probes of both drivers run concurrently.
+Below is the code path for this condition. To solve the issue, defer
+davinci-mcasp CPU DAI registration to the last step in the audio part of
+it. This way, simple-card CPU DAI parsing will be deferred until all
+audio components are registered.
+
+Fail Code Path:
+
+simple-card.c: probe starts
+simple-card.c: simple_dai_link_of: simple_parse_node(..,cpu,..) returns EPROBE_DEFER, no CPU DAI yet
+davinci-mcasp.c: probe starts
+davinci-mcasp.c: devm_snd_soc_register_component() register CPU DAI
+simple-card.c: probes again, finish CPU DAI parsing and call devm_snd_soc_register_card()
+simple-card.c: finish probe
+davinci-mcasp.c: *dma_pcm_platform_register() register PCM DMA
+davinci-mcasp.c: probe finish
+
+Cc: stable@vger.kernel.org
+Fixes: 9fbd58cf4ab0 ("ASoC: davinci-mcasp: Choose PCM driver based on configured DMA controller")
+Signed-off-by: Joao Paulo Goncalves <joao.goncalves@toradex.com>
+Acked-by: Peter Ujfalusi <peter.ujfalusi@gmail.com>
+Reviewed-by: Jai Luthra <j-luthra@ti.com>
+Link: https://lore.kernel.org/r/20240417184138.1104774-1-jpaulo.silvagoncalves@gmail.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/ti/davinci-mcasp.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/sound/soc/ti/davinci-mcasp.c
++++ b/sound/soc/ti/davinci-mcasp.c
+@@ -2418,12 +2418,6 @@ static int davinci_mcasp_probe(struct pl
+
+ mcasp_reparent_fck(pdev);
+
+- ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component,
+- &davinci_mcasp_dai[mcasp->op_mode], 1);
+-
+- if (ret != 0)
+- goto err;
+-
+ ret = davinci_mcasp_get_dma_type(mcasp);
+ switch (ret) {
+ case PCM_EDMA:
+@@ -2450,6 +2444,12 @@ static int davinci_mcasp_probe(struct pl
+ goto err;
+ }
+
++ ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component,
++ &davinci_mcasp_dai[mcasp->op_mode], 1);
++
++ if (ret != 0)
++ goto err;
++
+ no_audio:
+ ret = davinci_mcasp_init_gpiochip(mcasp);
+ if (ret) {
--- /dev/null
+From 69f16d9b789821183d342719d2ebd4a5ac7178bc Mon Sep 17 00:00:00 2001
+From: Frank Oltmanns <frank@oltmanns.dev>
+Date: Sun, 10 Mar 2024 14:21:12 +0100
+Subject: clk: sunxi-ng: a64: Set minimum and maximum rate for PLL-MIPI
+
+From: Frank Oltmanns <frank@oltmanns.dev>
+
+commit 69f16d9b789821183d342719d2ebd4a5ac7178bc upstream.
+
+When the Allwinner A64's TCON0 searches the ideal rate for the connected
+panel, it may happen that it requests a rate from its parent PLL-MIPI
+which PLL-MIPI does not support.
+
+This happens for example on the Olimex TERES-I laptop where TCON0
+requests PLL-MIPI to change to a rate of several GHz which causes the
+panel to stay blank. It also happens on the pinephone where a rate of
+less than 500 MHz is requested which causes instabilities on some
+phones.
+
+Set the minimum and maximum rate of Allwinner A64's PLL-MIPI according
+to the Allwinner User Manual.
+
+Fixes: ca1170b69968 ("clk: sunxi-ng: a64: force select PLL_MIPI in TCON0 mux")
+Reported-by: Diego Roversi <diegor@tiscali.it>
+Closes: https://groups.google.com/g/linux-sunxi/c/Rh-Uqqa66bw
+Tested-by: Diego Roversi <diegor@tiscali.it>
+Cc: stable@vger.kernel.org
+Reviewed-by: Maxime Ripard <mripard@kernel.org>
+Signed-off-by: Frank Oltmanns <frank@oltmanns.dev>
+Reviewed-by: Jernej Skrabec <jernej.skrabec@gmail.com>
+Link: https://lore.kernel.org/r/20240310-pinephone-pll-fixes-v4-2-46fc80c83637@oltmanns.dev
+Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clk/sunxi-ng/ccu-sun50i-a64.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/clk/sunxi-ng/ccu-sun50i-a64.c b/drivers/clk/sunxi-ng/ccu-sun50i-a64.c
+index 8951ffc14ff5..6a4b2b9ef30a 100644
+--- a/drivers/clk/sunxi-ng/ccu-sun50i-a64.c
++++ b/drivers/clk/sunxi-ng/ccu-sun50i-a64.c
+@@ -182,6 +182,8 @@ static struct ccu_nkm pll_mipi_clk = {
+ &ccu_nkm_ops,
+ CLK_SET_RATE_UNGATE | CLK_SET_RATE_PARENT),
+ .features = CCU_FEATURE_CLOSEST_RATE,
++ .min_rate = 500000000,
++ .max_rate = 1400000000,
+ },
+ };
+
+--
+2.45.0
+
--- /dev/null
+From b914ec33b391ec766545a41f0cfc0de3e0b388d7 Mon Sep 17 00:00:00 2001
+From: Frank Oltmanns <frank@oltmanns.dev>
+Date: Sun, 10 Mar 2024 14:21:11 +0100
+Subject: clk: sunxi-ng: common: Support minimum and maximum rate
+
+From: Frank Oltmanns <frank@oltmanns.dev>
+
+commit b914ec33b391ec766545a41f0cfc0de3e0b388d7 upstream.
+
+The Allwinner SoC's typically have an upper and lower limit for their
+clocks' rates. Up until now, support for that has been implemented
+separately for each clock type.
+
+Implement that functionality in the sunxi-ng's common part making use of
+the CCF rate liming capabilities, so that it is available for all clock
+types.
+
+Suggested-by: Maxime Ripard <mripard@kernel.org>
+Signed-off-by: Frank Oltmanns <frank@oltmanns.dev>
+Cc: stable@vger.kernel.org
+Reviewed-by: Jernej Skrabec <jernej.skrabec@gmail.com>
+Acked-by: Maxime Ripard <mripard@kernel.org>
+Link: https://lore.kernel.org/r/20240310-pinephone-pll-fixes-v4-1-46fc80c83637@oltmanns.dev
+Signed-off-by: Jernej Skrabec <jernej.skrabec@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clk/sunxi-ng/ccu_common.c | 19 +++++++++++++++++++
+ drivers/clk/sunxi-ng/ccu_common.h | 3 +++
+ 2 files changed, 22 insertions(+)
+
+--- a/drivers/clk/sunxi-ng/ccu_common.c
++++ b/drivers/clk/sunxi-ng/ccu_common.c
+@@ -44,6 +44,16 @@ bool ccu_is_better_rate(struct ccu_commo
+ unsigned long current_rate,
+ unsigned long best_rate)
+ {
++ unsigned long min_rate, max_rate;
++
++ clk_hw_get_rate_range(&common->hw, &min_rate, &max_rate);
++
++ if (current_rate > max_rate)
++ return false;
++
++ if (current_rate < min_rate)
++ return false;
++
+ if (common->features & CCU_FEATURE_CLOSEST_RATE)
+ return abs(current_rate - target_rate) < abs(best_rate - target_rate);
+
+@@ -122,6 +132,7 @@ static int sunxi_ccu_probe(struct sunxi_
+
+ for (i = 0; i < desc->hw_clks->num ; i++) {
+ struct clk_hw *hw = desc->hw_clks->hws[i];
++ struct ccu_common *common = hw_to_ccu_common(hw);
+ const char *name;
+
+ if (!hw)
+@@ -136,6 +147,14 @@ static int sunxi_ccu_probe(struct sunxi_
+ pr_err("Couldn't register clock %d - %s\n", i, name);
+ goto err_clk_unreg;
+ }
++
++ if (common->max_rate)
++ clk_hw_set_rate_range(hw, common->min_rate,
++ common->max_rate);
++ else
++ WARN(common->min_rate,
++ "No max_rate, ignoring min_rate of clock %d - %s\n",
++ i, name);
+ }
+
+ ret = of_clk_add_hw_provider(node, of_clk_hw_onecell_get,
+--- a/drivers/clk/sunxi-ng/ccu_common.h
++++ b/drivers/clk/sunxi-ng/ccu_common.h
+@@ -31,6 +31,9 @@ struct ccu_common {
+ u16 lock_reg;
+ u32 prediv;
+
++ unsigned long min_rate;
++ unsigned long max_rate;
++
+ unsigned long features;
+ spinlock_t *lock;
+ struct clk_hw hw;
--- /dev/null
+From 00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c Mon Sep 17 00:00:00 2001
+From: Jim Cromie <jim.cromie@gmail.com>
+Date: Mon, 29 Apr 2024 13:31:11 -0600
+Subject: dyndbg: fix old BUG_ON in >control parser
+
+From: Jim Cromie <jim.cromie@gmail.com>
+
+commit 00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c upstream.
+
+Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't
+really look), lets make sure by removing it, doing pr_err and return
+-EINVAL instead.
+
+Cc: stable <stable@kernel.org>
+Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
+Link: https://lore.kernel.org/r/20240429193145.66543-2-jim.cromie@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/dynamic_debug.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/lib/dynamic_debug.c
++++ b/lib/dynamic_debug.c
+@@ -302,7 +302,11 @@ static int ddebug_tokenize(char *buf, ch
+ } else {
+ for (end = buf; *end && !isspace(*end); end++)
+ ;
+- BUG_ON(end == buf);
++ if (end == buf) {
++ pr_err("parse err after word:%d=%s\n", nwords,
++ nwords ? words[nwords - 1] : "<none>");
++ return -EINVAL;
++ }
+ }
+
+ /* `buf' is start of word, `end' is one past its end */
--- /dev/null
+From 387f295cb2150ed164905b648d76dfcbd3621778 Mon Sep 17 00:00:00 2001
+From: Vitaly Lifshits <vitaly.lifshits@intel.com>
+Date: Mon, 29 Apr 2024 10:10:40 -0700
+Subject: e1000e: change usleep_range to udelay in PHY mdic access
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Vitaly Lifshits <vitaly.lifshits@intel.com>
+
+commit 387f295cb2150ed164905b648d76dfcbd3621778 upstream.
+
+This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround
+for sporadic MDI error on Meteor Lake systems"). The referenced commit
+used usleep_range inside the PHY access routines, which are sometimes
+called from an atomic context. This can lead to a kernel panic in some
+scenarios, such as cable disconnection and reconnection on vPro systems.
+
+Solve this by changing the usleep_range calls back to udelay.
+
+Fixes: 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems")
+Cc: stable@vger.kernel.org
+Reported-by: Jérôme Carretero <cJ@zougloub.eu>
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218740
+Closes: https://lore.kernel.org/lkml/a7eb665c74b5efb5140e6979759ed243072cb24a.camel@zougloub.eu/
+Co-developed-by: Sasha Neftin <sasha.neftin@intel.com>
+Signed-off-by: Sasha Neftin <sasha.neftin@intel.com>
+Signed-off-by: Vitaly Lifshits <vitaly.lifshits@intel.com>
+Tested-by: Dima Ruinskiy <dima.ruinskiy@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://lore.kernel.org/r/20240429171040.1152516-1-anthony.l.nguyen@intel.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/e1000e/phy.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/ethernet/intel/e1000e/phy.c
++++ b/drivers/net/ethernet/intel/e1000e/phy.c
+@@ -157,7 +157,7 @@ s32 e1000e_read_phy_reg_mdic(struct e100
+ * the lower time out
+ */
+ for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) {
+- usleep_range(50, 60);
++ udelay(50);
+ mdic = er32(MDIC);
+ if (mdic & E1000_MDIC_READY)
+ break;
+@@ -181,7 +181,7 @@ s32 e1000e_read_phy_reg_mdic(struct e100
+ * reading duplicate data in the next MDIC transaction.
+ */
+ if (hw->mac.type == e1000_pch2lan)
+- usleep_range(100, 150);
++ udelay(100);
+
+ if (success) {
+ *data = (u16)mdic;
+@@ -237,7 +237,7 @@ s32 e1000e_write_phy_reg_mdic(struct e10
+ * the lower time out
+ */
+ for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) {
+- usleep_range(50, 60);
++ udelay(50);
+ mdic = er32(MDIC);
+ if (mdic & E1000_MDIC_READY)
+ break;
+@@ -261,7 +261,7 @@ s32 e1000e_write_phy_reg_mdic(struct e10
+ * reading duplicate data in the next MDIC transaction.
+ */
+ if (hw->mac.type == e1000_pch2lan)
+- usleep_range(100, 150);
++ udelay(100);
+
+ if (success)
+ return 0;
--- /dev/null
+From 4108a30f1097eead0f6bd5d885e6bf093b4d460f Mon Sep 17 00:00:00 2001
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+Date: Sun, 21 Apr 2024 16:56:31 +0300
+Subject: mei: me: add lunar lake point M DID
+
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+
+commit 4108a30f1097eead0f6bd5d885e6bf093b4d460f upstream.
+
+Add Lunar (Point) Lake M device id.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Link: https://lore.kernel.org/r/20240421135631.223362-1-tomas.winkler@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/mei/hw-me-regs.h | 2 ++
+ drivers/misc/mei/pci-me.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+--- a/drivers/misc/mei/hw-me-regs.h
++++ b/drivers/misc/mei/hw-me-regs.h
+@@ -115,6 +115,8 @@
+ #define MEI_DEV_ID_ARL_S 0x7F68 /* Arrow Lake Point S */
+ #define MEI_DEV_ID_ARL_H 0x7770 /* Arrow Lake Point H */
+
++#define MEI_DEV_ID_LNL_M 0xA870 /* Lunar Lake Point M */
++
+ /*
+ * MEI HW Section
+ */
+--- a/drivers/misc/mei/pci-me.c
++++ b/drivers/misc/mei/pci-me.c
+@@ -122,6 +122,8 @@ static const struct pci_device_id mei_me
+ {MEI_PCI_DEVICE(MEI_DEV_ID_ARL_S, MEI_ME_PCH15_CFG)},
+ {MEI_PCI_DEVICE(MEI_DEV_ID_ARL_H, MEI_ME_PCH15_CFG)},
+
++ {MEI_PCI_DEVICE(MEI_DEV_ID_LNL_M, MEI_ME_PCH15_CFG)},
++
+ /* required last entry */
+ {0, }
+ };
--- /dev/null
+From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001
+From: Doug Berger <opendmb@gmail.com>
+Date: Thu, 25 Apr 2024 15:27:19 -0700
+Subject: net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
+
+From: Doug Berger <opendmb@gmail.com>
+
+commit d85cf67a339685beae1d0aee27b7f61da95455be upstream.
+
+The EXT_RGMII_OOB_CTRL register can be written from different
+contexts. It is predominantly written from the adjust_link
+handler which is synchronized by the phydev->lock, but can
+also be written from a different context when configuring the
+mii in bcmgenet_mii_config().
+
+The chances of contention are quite low, but it is conceivable
+that adjust_link could occur during resume when WoL is enabled
+so use the phydev->lock synchronizer in bcmgenet_mii_config()
+to be sure.
+
+Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes")
+Cc: stable@vger.kernel.org
+Signed-off-by: Doug Berger <opendmb@gmail.com>
+Acked-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
+@@ -2,7 +2,7 @@
+ /*
+ * Broadcom GENET MDIO routines
+ *
+- * Copyright (c) 2014-2017 Broadcom
++ * Copyright (c) 2014-2024 Broadcom
+ */
+
+ #include <linux/acpi.h>
+@@ -274,6 +274,7 @@ int bcmgenet_mii_config(struct net_devic
+ * block for the interface to work, unconditionally clear the
+ * Out-of-band disable since we do not need it.
+ */
++ mutex_lock(&phydev->lock);
+ reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL);
+ reg &= ~OOB_DISABLE;
+ if (priv->ext_phy) {
+@@ -285,6 +286,7 @@ int bcmgenet_mii_config(struct net_devic
+ reg |= RGMII_MODE_EN;
+ }
+ bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL);
++ mutex_unlock(&phydev->lock);
+
+ if (init)
+ dev_info(kdev, "configuring instance for %s\n", phy_name);
--- /dev/null
+From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001
+From: Doug Berger <opendmb@gmail.com>
+Date: Thu, 25 Apr 2024 15:27:21 -0700
+Subject: net: bcmgenet: synchronize UMAC_CMD access
+
+From: Doug Berger <opendmb@gmail.com>
+
+commit 0d5e2a82232605b337972fb2c7d0cbc46898aca1 upstream.
+
+The UMAC_CMD register is written from different execution
+contexts and has insufficient synchronization protections to
+prevent possible corruption. Of particular concern are the
+acceses from the phy_device delayed work context used by the
+adjust_link call and the BH context that may be used by the
+ndo_set_rx_mode call.
+
+A spinlock is added to the driver to protect contended register
+accesses (i.e. reg_lock) and it is used to synchronize accesses
+to UMAC_CMD.
+
+Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file")
+Cc: stable@vger.kernel.org
+Signed-off-by: Doug Berger <opendmb@gmail.com>
+Acked-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++-
+ drivers/net/ethernet/broadcom/genet/bcmgenet.h | 4 +++-
+ drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 8 +++++++-
+ drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++
+ 4 files changed, 23 insertions(+), 3 deletions(-)
+
+--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+@@ -2469,14 +2469,18 @@ static void umac_enable_set(struct bcmge
+ {
+ u32 reg;
+
++ spin_lock_bh(&priv->reg_lock);
+ reg = bcmgenet_umac_readl(priv, UMAC_CMD);
+- if (reg & CMD_SW_RESET)
++ if (reg & CMD_SW_RESET) {
++ spin_unlock_bh(&priv->reg_lock);
+ return;
++ }
+ if (enable)
+ reg |= mask;
+ else
+ reg &= ~mask;
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
++ spin_unlock_bh(&priv->reg_lock);
+
+ /* UniMAC stops on a packet boundary, wait for a full-size packet
+ * to be processed
+@@ -2492,8 +2496,10 @@ static void reset_umac(struct bcmgenet_p
+ udelay(10);
+
+ /* issue soft reset and disable MAC while updating its registers */
++ spin_lock_bh(&priv->reg_lock);
+ bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD);
+ udelay(2);
++ spin_unlock_bh(&priv->reg_lock);
+ }
+
+ static void bcmgenet_intr_disable(struct bcmgenet_priv *priv)
+@@ -3616,16 +3622,19 @@ static void bcmgenet_set_rx_mode(struct
+ * 3. The number of filters needed exceeds the number filters
+ * supported by the hardware.
+ */
++ spin_lock(&priv->reg_lock);
+ reg = bcmgenet_umac_readl(priv, UMAC_CMD);
+ if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) ||
+ (nfilter > MAX_MDF_FILTER)) {
+ reg |= CMD_PROMISC;
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
++ spin_unlock(&priv->reg_lock);
+ bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL);
+ return;
+ } else {
+ reg &= ~CMD_PROMISC;
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
++ spin_unlock(&priv->reg_lock);
+ }
+
+ /* update MDF filter */
+@@ -4027,6 +4036,7 @@ static int bcmgenet_probe(struct platfor
+ goto err;
+ }
+
++ spin_lock_init(&priv->reg_lock);
+ spin_lock_init(&priv->lock);
+
+ /* Set default pause parameters */
+--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h
++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h
+@@ -1,6 +1,6 @@
+ /* SPDX-License-Identifier: GPL-2.0-only */
+ /*
+- * Copyright (c) 2014-2020 Broadcom
++ * Copyright (c) 2014-2024 Broadcom
+ */
+
+ #ifndef __BCMGENET_H__
+@@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule {
+ /* device context */
+ struct bcmgenet_priv {
+ void __iomem *base;
++ /* reg_lock: lock to serialize access to shared registers */
++ spinlock_t reg_lock;
+ enum bcmgenet_version version;
+ struct net_device *dev;
+
+--- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c
+@@ -2,7 +2,7 @@
+ /*
+ * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support
+ *
+- * Copyright (c) 2014-2020 Broadcom
++ * Copyright (c) 2014-2024 Broadcom
+ */
+
+ #define pr_fmt(fmt) "bcmgenet_wol: " fmt
+@@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct b
+ }
+
+ /* Can't suspend with WoL if MAC is still in reset */
++ spin_lock_bh(&priv->reg_lock);
+ reg = bcmgenet_umac_readl(priv, UMAC_CMD);
+ if (reg & CMD_SW_RESET)
+ reg &= ~CMD_SW_RESET;
+@@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct b
+ /* disable RX */
+ reg &= ~CMD_RX_EN;
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
++ spin_unlock_bh(&priv->reg_lock);
+ mdelay(10);
+
+ if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) {
+@@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct b
+ }
+
+ /* Enable CRC forward */
++ spin_lock_bh(&priv->reg_lock);
+ reg = bcmgenet_umac_readl(priv, UMAC_CMD);
+ priv->crc_fwd_en = 1;
+ reg |= CMD_CRC_FWD;
+@@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct b
+ /* Receiver must be enabled for WOL MP detection */
+ reg |= CMD_RX_EN;
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
++ spin_unlock_bh(&priv->reg_lock);
+
+ reg = UMAC_IRQ_MPD_R;
+ if (hfb_enable)
+@@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bc
+ }
+
+ /* Disable CRC Forward */
++ spin_lock_bh(&priv->reg_lock);
+ reg = bcmgenet_umac_readl(priv, UMAC_CMD);
+ reg &= ~CMD_CRC_FWD;
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
++ spin_unlock_bh(&priv->reg_lock);
+ }
+--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c
+@@ -75,6 +75,7 @@ static void bcmgenet_mac_config(struct n
+ reg |= RGMII_LINK;
+ bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL);
+
++ spin_lock_bh(&priv->reg_lock);
+ reg = bcmgenet_umac_readl(priv, UMAC_CMD);
+ reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) |
+ CMD_HD_EN |
+@@ -87,6 +88,7 @@ static void bcmgenet_mac_config(struct n
+ reg |= CMD_TX_EN | CMD_RX_EN;
+ }
+ bcmgenet_umac_writel(priv, reg, UMAC_CMD);
++ spin_unlock_bh(&priv->reg_lock);
+
+ priv->eee.eee_active = phy_init_eee(phydev, 0) >= 0;
+ bcmgenet_eee_enable_set(dev,
--- /dev/null
+From 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a Mon Sep 17 00:00:00 2001
+From: Doug Berger <opendmb@gmail.com>
+Date: Thu, 25 Apr 2024 15:27:20 -0700
+Subject: net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()
+
+From: Doug Berger <opendmb@gmail.com>
+
+commit 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a upstream.
+
+The ndo_set_rx_mode function is synchronized with the
+netif_addr_lock spinlock and BHs disabled. Since this
+function is also invoked directly from the driver the
+same synchronization should be applied.
+
+Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif")
+Cc: stable@vger.kernel.org
+Signed-off-by: Doug Berger <opendmb@gmail.com>
+Acked-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/genet/bcmgenet.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c
++++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c
+@@ -2,7 +2,7 @@
+ /*
+ * Broadcom GENET (Gigabit Ethernet) controller driver
+ *
+- * Copyright (c) 2014-2020 Broadcom
++ * Copyright (c) 2014-2024 Broadcom
+ */
+
+ #define pr_fmt(fmt) "bcmgenet: " fmt
+@@ -3353,7 +3353,9 @@ static void bcmgenet_netif_start(struct
+ struct bcmgenet_priv *priv = netdev_priv(dev);
+
+ /* Start the network engine */
++ netif_addr_lock_bh(dev);
+ bcmgenet_set_rx_mode(dev);
++ netif_addr_unlock_bh(dev);
+ bcmgenet_enable_rx_napi(priv);
+
+ umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true);
iio-pressure-fixes-bme280-spi-driver-data.patch
iio-accel-mxc4005-interrupt-handling-fixes.patch
kmsan-compiler_types-declare-__no_sanitize_or_inline.patch
+e1000e-change-usleep_range-to-udelay-in-phy-mdic-access.patch
+tipc-fix-uaf-in-error-path.patch
+xtensa-fix-make_pc_from_ra-second-argument.patch
+net-bcmgenet-synchronize-ext_rgmii_oob_ctrl-access.patch
+net-bcmgenet-synchronize-use-of-bcmgenet_set_rx_mode.patch
+net-bcmgenet-synchronize-umac_cmd-access.patch
+asoc-tegra-fix-dspk-16-bit-playback.patch
+asoc-ti-davinci-mcasp-fix-race-condition-during-probe.patch
+dyndbg-fix-old-bug_on-in-control-parser.patch
+slimbus-qcom-ngd-ctrl-add-timeout-for-wait-operation.patch
+clk-sunxi-ng-common-support-minimum-and-maximum-rate.patch
+clk-sunxi-ng-a64-set-minimum-and-maximum-rate-for-pll-mipi.patch
+mei-me-add-lunar-lake-point-m-did.patch
--- /dev/null
+From 98241a774db49988f25b7b3657026ce51ccec293 Mon Sep 17 00:00:00 2001
+From: Viken Dadhaniya <quic_vdadhani@quicinc.com>
+Date: Tue, 30 Apr 2024 10:12:38 +0100
+Subject: slimbus: qcom-ngd-ctrl: Add timeout for wait operation
+
+From: Viken Dadhaniya <quic_vdadhani@quicinc.com>
+
+commit 98241a774db49988f25b7b3657026ce51ccec293 upstream.
+
+In current driver qcom_slim_ngd_up_worker() indefinitely
+waiting for ctrl->qmi_up completion object. This is
+resulting in workqueue lockup on Kthread.
+
+Added wait_for_completion_interruptible_timeout to
+allow the thread to wait for specific timeout period and
+bail out instead waiting infinitely.
+
+Fixes: a899d324863a ("slimbus: qcom-ngd-ctrl: add Sub System Restart support")
+Cc: stable@vger.kernel.org
+Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
+Signed-off-by: Viken Dadhaniya <quic_vdadhani@quicinc.com>
+Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20240430091238.35209-2-srinivas.kandagatla@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/slimbus/qcom-ngd-ctrl.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/slimbus/qcom-ngd-ctrl.c
++++ b/drivers/slimbus/qcom-ngd-ctrl.c
+@@ -1451,7 +1451,11 @@ static void qcom_slim_ngd_up_worker(stru
+ ctrl = container_of(work, struct qcom_slim_ngd_ctrl, ngd_up_work);
+
+ /* Make sure qmi service is up before continuing */
+- wait_for_completion_interruptible(&ctrl->qmi_up);
++ if (!wait_for_completion_interruptible_timeout(&ctrl->qmi_up,
++ msecs_to_jiffies(MSEC_PER_SEC))) {
++ dev_err(ctrl->dev, "QMI wait timeout\n");
++ return;
++ }
+
+ mutex_lock(&ctrl->ssr_lock);
+ qcom_slim_ngd_enable(ctrl, true);
--- /dev/null
+From 080cbb890286cd794f1ee788bbc5463e2deb7c2b Mon Sep 17 00:00:00 2001
+From: Paolo Abeni <pabeni@redhat.com>
+Date: Tue, 30 Apr 2024 15:53:37 +0200
+Subject: tipc: fix UAF in error path
+
+From: Paolo Abeni <pabeni@redhat.com>
+
+commit 080cbb890286cd794f1ee788bbc5463e2deb7c2b upstream.
+
+Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported
+a UAF in the tipc_buf_append() error path:
+
+BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0
+linux/net/core/skbuff.c:1183
+Read of size 8 at addr ffff88804d2a7c80 by task poc/8034
+
+CPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
+1.16.0-debian-1.16.0-5 04/01/2014
+Call Trace:
+ <IRQ>
+ __dump_stack linux/lib/dump_stack.c:88
+ dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106
+ print_address_description linux/mm/kasan/report.c:377
+ print_report+0xc4/0x620 linux/mm/kasan/report.c:488
+ kasan_report+0xda/0x110 linux/mm/kasan/report.c:601
+ kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183
+ skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026
+ skb_release_all linux/net/core/skbuff.c:1094
+ __kfree_skb linux/net/core/skbuff.c:1108
+ kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144
+ kfree_skb linux/./include/linux/skbuff.h:1244
+ tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186
+ tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324
+ tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824
+ tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159
+ tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390
+ udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108
+ udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186
+ udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346
+ __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422
+ ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205
+ ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233
+ NF_HOOK linux/./include/linux/netfilter.h:314
+ NF_HOOK linux/./include/linux/netfilter.h:308
+ ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254
+ dst_input linux/./include/net/dst.h:461
+ ip_rcv_finish linux/net/ipv4/ip_input.c:449
+ NF_HOOK linux/./include/linux/netfilter.h:314
+ NF_HOOK linux/./include/linux/netfilter.h:308
+ ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569
+ __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534
+ __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648
+ process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976
+ __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576
+ napi_poll linux/net/core/dev.c:6645
+ net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781
+ __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553
+ do_softirq linux/kernel/softirq.c:454
+ do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441
+ </IRQ>
+ <TASK>
+ __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381
+ local_bh_enable linux/./include/linux/bottom_half.h:33
+ rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851
+ __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378
+ dev_queue_xmit linux/./include/linux/netdevice.h:3169
+ neigh_hh_output linux/./include/net/neighbour.h:526
+ neigh_output linux/./include/net/neighbour.h:540
+ ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235
+ __ip_finish_output linux/net/ipv4/ip_output.c:313
+ __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295
+ ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323
+ NF_HOOK_COND linux/./include/linux/netfilter.h:303
+ ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433
+ dst_output linux/./include/net/dst.h:451
+ ip_local_out linux/net/ipv4/ip_output.c:129
+ ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492
+ udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963
+ udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250
+ inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850
+ sock_sendmsg_nosec linux/net/socket.c:730
+ __sock_sendmsg linux/net/socket.c:745
+ __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191
+ __do_sys_sendto linux/net/socket.c:2203
+ __se_sys_sendto linux/net/socket.c:2199
+ __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199
+ do_syscall_x64 linux/arch/x86/entry/common.c:52
+ do_syscall_64+0xd8/0x270 linux/arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x6f/0x77 linux/arch/x86/entry/entry_64.S:120
+RIP: 0033:0x7f3434974f29
+Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48
+89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d
+01 f0 ff ff 73 01 c3 48 8b 0d 37 8f 0d 00 f7 d8 64 89 01 48
+RSP: 002b:00007fff9154f2b8 EFLAGS: 00000212 ORIG_RAX: 000000000000002c
+RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3434974f29
+RDX: 00000000000032c8 RSI: 00007fff9154f300 RDI: 0000000000000003
+RBP: 00007fff915532e0 R08: 00007fff91553360 R09: 0000000000000010
+R10: 0000000000000000 R11: 0000000000000212 R12: 000055ed86d261d0
+R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
+ </TASK>
+
+In the critical scenario, either the relevant skb is freed or its
+ownership is transferred into a frag_lists. In both cases, the cleanup
+code must not free it again: we need to clear the skb reference earlier.
+
+Fixes: 1149557d64c9 ("tipc: eliminate unnecessary linearization of incoming buffers")
+Cc: stable@vger.kernel.org
+Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-23852
+Acked-by: Xin Long <lucien.xin@gmail.com>
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Link: https://lore.kernel.org/r/752f1ccf762223d109845365d07f55414058e5a3.1714484273.git.pabeni@redhat.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/tipc/msg.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/tipc/msg.c
++++ b/net/tipc/msg.c
+@@ -156,6 +156,11 @@ int tipc_buf_append(struct sk_buff **hea
+ if (!head)
+ goto err;
+
++ /* Either the input skb ownership is transferred to headskb
++ * or the input skb is freed, clear the reference to avoid
++ * bad access on error path.
++ */
++ *buf = NULL;
+ if (skb_try_coalesce(head, frag, &headstolen, &delta)) {
+ kfree_skb_partial(frag, headstolen);
+ } else {
+@@ -179,7 +184,6 @@ int tipc_buf_append(struct sk_buff **hea
+ *headbuf = NULL;
+ return 1;
+ }
+- *buf = NULL;
+ return 0;
+ err:
+ kfree_skb(*buf);
--- /dev/null
+From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001
+From: Max Filippov <jcmvbkbc@gmail.com>
+Date: Sat, 17 Feb 2024 05:15:42 -0800
+Subject: xtensa: fix MAKE_PC_FROM_RA second argument
+
+From: Max Filippov <jcmvbkbc@gmail.com>
+
+commit 0e60f0b75884677fb9f4f2ad40d52b43451564d5 upstream.
+
+Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual
+return address because when windowed ABI is used call{,x}{4,8,12}
+opcodes stuff encoded window size into the top 2 bits of the register
+that becomes a return address in the called function. Second argument of
+that macro is supposed to be an address having these 2 topmost bits set
+correctly, but the comment suggested that that could be the stack
+address. However the stack doesn't have to be in the same 1GByte region
+as the code, especially in noMMU XIP configurations.
+
+Fix the comment and use either _text or regs->pc as the second argument
+for the MAKE_PC_FROM_RA macro.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/xtensa/include/asm/processor.h | 8 ++++----
+ arch/xtensa/include/asm/ptrace.h | 2 +-
+ arch/xtensa/kernel/process.c | 5 +++--
+ arch/xtensa/kernel/stacktrace.c | 3 ++-
+ 4 files changed, 10 insertions(+), 8 deletions(-)
+
+--- a/arch/xtensa/include/asm/processor.h
++++ b/arch/xtensa/include/asm/processor.h
+@@ -115,9 +115,9 @@
+ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30)
+
+ /* Convert return address to a valid pc
+- * Note: We assume that the stack pointer is in the same 1GB ranges as the ra
++ * Note: 'text' is the address within the same 1GB range as the ra
+ */
+-#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000))
++#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000))
+
+ #elif defined(__XTENSA_CALL0_ABI__)
+
+@@ -127,9 +127,9 @@
+ #define MAKE_RA_FOR_CALL(ra, ws) (ra)
+
+ /* Convert return address to a valid pc
+- * Note: We assume that the stack pointer is in the same 1GB ranges as the ra
++ * Note: 'text' is not used as 'ra' is always the full address
+ */
+-#define MAKE_PC_FROM_RA(ra, sp) (ra)
++#define MAKE_PC_FROM_RA(ra, text) (ra)
+
+ #else
+ #error Unsupported Xtensa ABI
+--- a/arch/xtensa/include/asm/ptrace.h
++++ b/arch/xtensa/include/asm/ptrace.h
+@@ -87,7 +87,7 @@ struct pt_regs {
+ # define user_mode(regs) (((regs)->ps & 0x00000020)!=0)
+ # define instruction_pointer(regs) ((regs)->pc)
+ # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \
+- (regs)->areg[1]))
++ (regs)->pc))
+
+ # ifndef CONFIG_SMP
+ # define profile_pc(regs) instruction_pointer(regs)
+--- a/arch/xtensa/kernel/process.c
++++ b/arch/xtensa/kernel/process.c
+@@ -47,6 +47,7 @@
+ #include <asm/asm-offsets.h>
+ #include <asm/regs.h>
+ #include <asm/hw_breakpoint.h>
++#include <asm/sections.h>
+ #include <asm/traps.h>
+
+ extern void ret_from_fork(void);
+@@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_st
+ int count = 0;
+
+ sp = p->thread.sp;
+- pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp);
++ pc = MAKE_PC_FROM_RA(p->thread.ra, _text);
+
+ do {
+ if (sp < stack_page + sizeof(struct task_struct) ||
+@@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_st
+
+ /* Stack layout: sp-4: ra, sp-3: sp' */
+
+- pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp);
++ pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text);
+ sp = SPILL_SLOT(sp, 1);
+ } while (count++ < 16);
+ return 0;
+--- a/arch/xtensa/kernel/stacktrace.c
++++ b/arch/xtensa/kernel/stacktrace.c
+@@ -13,6 +13,7 @@
+ #include <linux/stacktrace.h>
+
+ #include <asm/ftrace.h>
++#include <asm/sections.h>
+ #include <asm/stacktrace.h>
+ #include <asm/traps.h>
+ #include <linux/uaccess.h>
+@@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp,
+ if (a1 <= (unsigned long)sp)
+ break;
+
+- frame.pc = MAKE_PC_FROM_RA(a0, a1);
++ frame.pc = MAKE_PC_FROM_RA(a0, _text);
+ frame.sp = a1;
+
+ if (fn(&frame, data))
projects / thirdparty / kernel / stable-queue.git / commitdiff
