--- /dev/null
+From 262fdd073465034ac3d24feebc3163074000b422 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 27 Feb 2021 16:15:06 -0500
+Subject: atm: eni: dont release is never initialized
+
+From: Tong Zhang <ztong0001@gmail.com>
+
+[ Upstream commit 4deb550bc3b698a1f03d0332cde3df154d1b6c1e ]
+
+label err_eni_release is reachable when eni_start() fail.
+In eni_start() it calls dev->phy->start() in the last step, if start()
+fail we don't need to call phy->stop(), if start() is never called, we
+neither need to call phy->stop(), otherwise null-ptr-deref will happen.
+
+In order to fix this issue, don't call phy->stop() in label err_eni_release
+
+[ 4.875714] ==================================================================
+[ 4.876091] BUG: KASAN: null-ptr-deref in suni_stop+0x47/0x100 [suni]
+[ 4.876433] Read of size 8 at addr 0000000000000030 by task modprobe/95
+[ 4.876778]
+[ 4.876862] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc7-00090-gdcc0b49040c7 #2
+[ 4.877290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd94
+[ 4.877876] Call Trace:
+[ 4.878009] dump_stack+0x7d/0xa3
+[ 4.878191] kasan_report.cold+0x10c/0x10e
+[ 4.878410] ? __slab_free+0x2f0/0x340
+[ 4.878612] ? suni_stop+0x47/0x100 [suni]
+[ 4.878832] suni_stop+0x47/0x100 [suni]
+[ 4.879043] eni_do_release+0x3b/0x70 [eni]
+[ 4.879269] eni_init_one.cold+0x1152/0x1747 [eni]
+[ 4.879528] ? _raw_spin_lock_irqsave+0x7b/0xd0
+[ 4.879768] ? eni_ioctl+0x270/0x270 [eni]
+[ 4.879990] ? __mutex_lock_slowpath+0x10/0x10
+[ 4.880226] ? eni_ioctl+0x270/0x270 [eni]
+[ 4.880448] local_pci_probe+0x6f/0xb0
+[ 4.880650] pci_device_probe+0x171/0x240
+[ 4.880864] ? pci_device_remove+0xe0/0xe0
+[ 4.881086] ? kernfs_create_link+0xb6/0x110
+[ 4.881315] ? sysfs_do_create_link_sd.isra.0+0x76/0xe0
+[ 4.881594] really_probe+0x161/0x420
+[ 4.881791] driver_probe_device+0x6d/0xd0
+[ 4.882010] device_driver_attach+0x82/0x90
+[ 4.882233] ? device_driver_attach+0x90/0x90
+[ 4.882465] __driver_attach+0x60/0x100
+[ 4.882671] ? device_driver_attach+0x90/0x90
+[ 4.882903] bus_for_each_dev+0xe1/0x140
+[ 4.883114] ? subsys_dev_iter_exit+0x10/0x10
+[ 4.883346] ? klist_node_init+0x61/0x80
+[ 4.883557] bus_add_driver+0x254/0x2a0
+[ 4.883764] driver_register+0xd3/0x150
+[ 4.883971] ? 0xffffffffc0038000
+[ 4.884149] do_one_initcall+0x84/0x250
+[ 4.884355] ? trace_event_raw_event_initcall_finish+0x150/0x150
+[ 4.884674] ? unpoison_range+0xf/0x30
+[ 4.884875] ? ____kasan_kmalloc.constprop.0+0x84/0xa0
+[ 4.885150] ? unpoison_range+0xf/0x30
+[ 4.885352] ? unpoison_range+0xf/0x30
+[ 4.885557] do_init_module+0xf8/0x350
+[ 4.885760] load_module+0x3fe6/0x4340
+[ 4.885960] ? vm_unmap_ram+0x1d0/0x1d0
+[ 4.886166] ? ____kasan_kmalloc.constprop.0+0x84/0xa0
+[ 4.886441] ? module_frob_arch_sections+0x20/0x20
+[ 4.886697] ? __do_sys_finit_module+0x108/0x170
+[ 4.886941] __do_sys_finit_module+0x108/0x170
+[ 4.887178] ? __ia32_sys_init_module+0x40/0x40
+[ 4.887419] ? file_open_root+0x200/0x200
+[ 4.887634] ? do_sys_open+0x85/0xe0
+[ 4.887826] ? filp_open+0x50/0x50
+[ 4.888009] ? fpregs_assert_state_consistent+0x4d/0x60
+[ 4.888287] ? exit_to_user_mode_prepare+0x2f/0x130
+[ 4.888547] do_syscall_64+0x33/0x40
+[ 4.888739] entry_SYSCALL_64_after_hwframe+0x44/0xa9
+[ 4.889010] RIP: 0033:0x7ff62fcf1cf7
+[ 4.889202] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f71
+[ 4.890172] RSP: 002b:00007ffe6644ade8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
+[ 4.890570] RAX: ffffffffffffffda RBX: 0000000000f2ca70 RCX: 00007ff62fcf1cf7
+[ 4.890944] RDX: 0000000000000000 RSI: 0000000000f2b9e0 RDI: 0000000000000003
+[ 4.891318] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001
+[ 4.891691] R10: 00007ff62fd55300 R11: 0000000000000246 R12: 0000000000f2b9e0
+[ 4.892064] R13: 0000000000000000 R14: 0000000000f2bdd0 R15: 0000000000000001
+[ 4.892439] ==================================================================
+
+Signed-off-by: Tong Zhang <ztong0001@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/atm/eni.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c
+index 9d16743c4917..2b7786cd548f 100644
+--- a/drivers/atm/eni.c
++++ b/drivers/atm/eni.c
+@@ -2279,7 +2279,8 @@ static int eni_init_one(struct pci_dev *pci_dev,
+ return rc;
+
+ err_eni_release:
+- eni_do_release(dev);
++ dev->phy = NULL;
++ iounmap(ENI_DEV(dev)->ioaddr);
+ err_unregister:
+ atm_dev_deregister(dev);
+ err_free_consistent:
+--
+2.30.1
+
--- /dev/null
+From e3935945814d669862d6c72739acf4a3f0d49007 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 7 Mar 2021 22:25:30 -0500
+Subject: atm: idt77252: fix null-ptr-dereference
+
+From: Tong Zhang <ztong0001@gmail.com>
+
+[ Upstream commit 4416e98594dc04590ebc498fc4e530009535c511 ]
+
+this one is similar to the phy_data allocation fix in uPD98402, the
+driver allocate the idt77105_priv and store to dev_data but later
+dereference using dev->dev_data, which will cause null-ptr-dereference.
+
+fix this issue by changing dev_data to phy_data so that PRIV(dev) can
+work correctly.
+
+Signed-off-by: Tong Zhang <ztong0001@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/atm/idt77105.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/atm/idt77105.c b/drivers/atm/idt77105.c
+index feb023d7eebd..40644670cff2 100644
+--- a/drivers/atm/idt77105.c
++++ b/drivers/atm/idt77105.c
+@@ -261,7 +261,7 @@ static int idt77105_start(struct atm_dev *dev)
+ {
+ unsigned long flags;
+
+- if (!(dev->dev_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL)))
++ if (!(dev->phy_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL)))
+ return -ENOMEM;
+ PRIV(dev)->dev = dev;
+ spin_lock_irqsave(&idt77105_priv_lock, flags);
+@@ -338,7 +338,7 @@ static int idt77105_stop(struct atm_dev *dev)
+ else
+ idt77105_all = walk->next;
+ dev->phy = NULL;
+- dev->dev_data = NULL;
++ dev->phy_data = NULL;
+ kfree(walk);
+ break;
+ }
+--
+2.30.1
+
--- /dev/null
+From cbd42864b925df57e7a5c3c093ae3252e593206a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 27 Feb 2021 22:55:50 -0500
+Subject: atm: lanai: dont run lanai_dev_close if not open
+
+From: Tong Zhang <ztong0001@gmail.com>
+
+[ Upstream commit a2bd45834e83d6c5a04d397bde13d744a4812dfc ]
+
+lanai_dev_open() can fail. When it fail, lanai->base is unmapped and the
+pci device is disabled. The caller, lanai_init_one(), then tries to run
+atm_dev_deregister(). This will subsequently call lanai_dev_close() and
+use the already released MMIO area.
+
+To fix this issue, set the lanai->base to NULL if open fail,
+and test the flag in lanai_dev_close().
+
+[ 8.324153] lanai: lanai_start() failed, err=19
+[ 8.324819] lanai(itf 0): shutting down interface
+[ 8.325211] BUG: unable to handle page fault for address: ffffc90000180024
+[ 8.325781] #PF: supervisor write access in kernel mode
+[ 8.326215] #PF: error_code(0x0002) - not-present page
+[ 8.326641] PGD 100000067 P4D 100000067 PUD 100139067 PMD 10013a067 PTE 0
+[ 8.327206] Oops: 0002 [#1] SMP KASAN NOPTI
+[ 8.327557] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc7-00090-gdcc0b49040c7 #12
+[ 8.328229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-4
+[ 8.329145] RIP: 0010:lanai_dev_close+0x4f/0xe5 [lanai]
+[ 8.329587] Code: 00 48 c7 c7 00 d3 01 c0 e8 49 4e 0a c2 48 8d bd 08 02 00 00 e8 6e 52 14 c1 48 80
+[ 8.330917] RSP: 0018:ffff8881029ef680 EFLAGS: 00010246
+[ 8.331196] RAX: 000000000003fffe RBX: ffff888102fb4800 RCX: ffffffffc001a98a
+[ 8.331572] RDX: ffffc90000180000 RSI: 0000000000000246 RDI: ffff888102fb4000
+[ 8.331948] RBP: ffff888102fb4000 R08: ffffffff8115da8a R09: ffffed102053deaa
+[ 8.332326] R10: 0000000000000003 R11: ffffed102053dea9 R12: ffff888102fb48a4
+[ 8.332701] R13: ffffffffc00123c0 R14: ffff888102fb4b90 R15: ffff888102fb4b88
+[ 8.333077] FS: 00007f08eb9056a0(0000) GS:ffff88815b400000(0000) knlGS:0000000000000000
+[ 8.333502] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 8.333806] CR2: ffffc90000180024 CR3: 0000000102a28000 CR4: 00000000000006f0
+[ 8.334182] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 8.334557] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 8.334932] Call Trace:
+[ 8.335066] atm_dev_deregister+0x161/0x1a0 [atm]
+[ 8.335324] lanai_init_one.cold+0x20c/0x96d [lanai]
+[ 8.335594] ? lanai_send+0x2a0/0x2a0 [lanai]
+[ 8.335831] local_pci_probe+0x6f/0xb0
+[ 8.336039] pci_device_probe+0x171/0x240
+[ 8.336255] ? pci_device_remove+0xe0/0xe0
+[ 8.336475] ? kernfs_create_link+0xb6/0x110
+[ 8.336704] ? sysfs_do_create_link_sd.isra.0+0x76/0xe0
+[ 8.336983] really_probe+0x161/0x420
+[ 8.337181] driver_probe_device+0x6d/0xd0
+[ 8.337401] device_driver_attach+0x82/0x90
+[ 8.337626] ? device_driver_attach+0x90/0x90
+[ 8.337859] __driver_attach+0x60/0x100
+[ 8.338065] ? device_driver_attach+0x90/0x90
+[ 8.338298] bus_for_each_dev+0xe1/0x140
+[ 8.338511] ? subsys_dev_iter_exit+0x10/0x10
+[ 8.338745] ? klist_node_init+0x61/0x80
+[ 8.338956] bus_add_driver+0x254/0x2a0
+[ 8.339164] driver_register+0xd3/0x150
+[ 8.339370] ? 0xffffffffc0028000
+[ 8.339550] do_one_initcall+0x84/0x250
+[ 8.339755] ? trace_event_raw_event_initcall_finish+0x150/0x150
+[ 8.340076] ? free_vmap_area_noflush+0x1a5/0x5c0
+[ 8.340329] ? unpoison_range+0xf/0x30
+[ 8.340532] ? ____kasan_kmalloc.constprop.0+0x84/0xa0
+[ 8.340806] ? unpoison_range+0xf/0x30
+[ 8.341014] ? unpoison_range+0xf/0x30
+[ 8.341217] do_init_module+0xf8/0x350
+[ 8.341419] load_module+0x3fe6/0x4340
+[ 8.341621] ? vm_unmap_ram+0x1d0/0x1d0
+[ 8.341826] ? ____kasan_kmalloc.constprop.0+0x84/0xa0
+[ 8.342101] ? module_frob_arch_sections+0x20/0x20
+[ 8.342358] ? __do_sys_finit_module+0x108/0x170
+[ 8.342604] __do_sys_finit_module+0x108/0x170
+[ 8.342841] ? __ia32_sys_init_module+0x40/0x40
+[ 8.343083] ? file_open_root+0x200/0x200
+[ 8.343298] ? do_sys_open+0x85/0xe0
+[ 8.343491] ? filp_open+0x50/0x50
+[ 8.343675] ? exit_to_user_mode_prepare+0xfc/0x130
+[ 8.343935] do_syscall_64+0x33/0x40
+[ 8.344132] entry_SYSCALL_64_after_hwframe+0x44/0xa9
+[ 8.344401] RIP: 0033:0x7f08eb887cf7
+[ 8.344594] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f7 48 89 d6 41
+[ 8.345565] RSP: 002b:00007ffcd5c98ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
+[ 8.345962] RAX: ffffffffffffffda RBX: 00000000008fea70 RCX: 00007f08eb887cf7
+[ 8.346336] RDX: 0000000000000000 RSI: 00000000008fd9e0 RDI: 0000000000000003
+[ 8.346711] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001
+[ 8.347085] R10: 00007f08eb8eb300 R11: 0000000000000246 R12: 00000000008fd9e0
+[ 8.347460] R13: 0000000000000000 R14: 00000000008fddd0 R15: 0000000000000001
+[ 8.347836] Modules linked in: lanai(+) atm
+[ 8.348065] CR2: ffffc90000180024
+[ 8.348244] ---[ end trace 7fdc1c668f2003e5 ]---
+[ 8.348490] RIP: 0010:lanai_dev_close+0x4f/0xe5 [lanai]
+[ 8.348772] Code: 00 48 c7 c7 00 d3 01 c0 e8 49 4e 0a c2 48 8d bd 08 02 00 00 e8 6e 52 14 c1 48 80
+[ 8.349745] RSP: 0018:ffff8881029ef680 EFLAGS: 00010246
+[ 8.350022] RAX: 000000000003fffe RBX: ffff888102fb4800 RCX: ffffffffc001a98a
+[ 8.350397] RDX: ffffc90000180000 RSI: 0000000000000246 RDI: ffff888102fb4000
+[ 8.350772] RBP: ffff888102fb4000 R08: ffffffff8115da8a R09: ffffed102053deaa
+[ 8.351151] R10: 0000000000000003 R11: ffffed102053dea9 R12: ffff888102fb48a4
+[ 8.351525] R13: ffffffffc00123c0 R14: ffff888102fb4b90 R15: ffff888102fb4b88
+[ 8.351918] FS: 00007f08eb9056a0(0000) GS:ffff88815b400000(0000) knlGS:0000000000000000
+[ 8.352343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 8.352647] CR2: ffffc90000180024 CR3: 0000000102a28000 CR4: 00000000000006f0
+[ 8.353022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+[ 8.353397] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+[ 8.353958] modprobe (95) used greatest stack depth: 26216 bytes left
+
+Signed-off-by: Tong Zhang <ztong0001@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/atm/lanai.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c
+index 445505d9ea07..dec6c68156ee 100644
+--- a/drivers/atm/lanai.c
++++ b/drivers/atm/lanai.c
+@@ -2240,6 +2240,7 @@ static int lanai_dev_open(struct atm_dev *atmdev)
+ conf1_write(lanai);
+ #endif
+ iounmap(lanai->base);
++ lanai->base = NULL;
+ error_pci:
+ pci_disable_device(lanai->pci);
+ error:
+@@ -2252,6 +2253,8 @@ static int lanai_dev_open(struct atm_dev *atmdev)
+ static void lanai_dev_close(struct atm_dev *atmdev)
+ {
+ struct lanai_dev *lanai = (struct lanai_dev *) atmdev->dev_data;
++ if (lanai->base==NULL)
++ return;
+ printk(KERN_INFO DEV_LABEL "(itf %d): shutting down interface\n",
+ lanai->number);
+ lanai_timed_poll_stop(lanai);
+@@ -2561,7 +2564,7 @@ static int lanai_init_one(struct pci_dev *pci,
+ struct atm_dev *atmdev;
+ int result;
+
+- lanai = kmalloc(sizeof(*lanai), GFP_KERNEL);
++ lanai = kzalloc(sizeof(*lanai), GFP_KERNEL);
+ if (lanai == NULL) {
+ printk(KERN_ERR DEV_LABEL
+ ": couldn't allocate dev_data structure!\n");
+--
+2.30.1
+
--- /dev/null
+From 9829ecaacb9a8158f3e0de3d080edb55521ffd7a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 7 Mar 2021 22:25:29 -0500
+Subject: atm: uPD98402: fix incorrect allocation
+
+From: Tong Zhang <ztong0001@gmail.com>
+
+[ Upstream commit 3153724fc084d8ef640c611f269ddfb576d1dcb1 ]
+
+dev->dev_data is set in zatm.c, calling zatm_start() will overwrite this
+dev->dev_data in uPD98402_start() and a subsequent PRIV(dev)->lock
+(i.e dev->phy_data->lock) will result in a null-ptr-dereference.
+
+I believe this is a typo and what it actually want to do is to allocate
+phy_data instead of dev_data.
+
+Signed-off-by: Tong Zhang <ztong0001@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/atm/uPD98402.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/atm/uPD98402.c b/drivers/atm/uPD98402.c
+index 5120a96b3a89..b2f4e8df1591 100644
+--- a/drivers/atm/uPD98402.c
++++ b/drivers/atm/uPD98402.c
+@@ -210,7 +210,7 @@ static void uPD98402_int(struct atm_dev *dev)
+ static int uPD98402_start(struct atm_dev *dev)
+ {
+ DPRINTK("phy_start\n");
+- if (!(dev->dev_data = kmalloc(sizeof(struct uPD98402_priv),GFP_KERNEL)))
++ if (!(dev->phy_data = kmalloc(sizeof(struct uPD98402_priv),GFP_KERNEL)))
+ return -ENOMEM;
+ spin_lock_init(&PRIV(dev)->lock);
+ memset(&PRIV(dev)->sonet_stats,0,sizeof(struct k_sonet_stats));
+--
+2.30.1
+
--- /dev/null
+From a9ce1130662bad66b1649e8aaf955b0f8adcb17d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 12 Mar 2021 21:08:23 -0800
+Subject: ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
+
+From: Sergei Trofimovich <slyfox@gentoo.org>
+
+[ Upstream commit 0ceb1ace4a2778e34a5414e5349712ae4dc41d85 ]
+
+In https://bugs.gentoo.org/769614 Dmitry noticed that
+`ptrace(PTRACE_GET_SYSCALL_INFO)` does not work for syscalls called via
+glibc's syscall() wrapper.
+
+ia64 has two ways to call syscalls from userspace: via `break` and via
+`eps` instructions.
+
+The difference is in stack layout:
+
+1. `eps` creates simple stack frame: no locals, in{0..7} == out{0..8}
+2. `break` uses userspace stack frame: may be locals (glibc provides
+ one), in{0..7} == out{0..8}.
+
+Both work fine in syscall handling cde itself.
+
+But `ptrace(PTRACE_GET_SYSCALL_INFO)` uses unwind mechanism to
+re-extract syscall arguments but it does not account for locals.
+
+The change always skips locals registers. It should not change `eps`
+path as kernel's handler already enforces locals=0 and fixes `break`.
+
+Tested on v5.10 on rx3600 machine (ia64 9040 CPU).
+
+Link: https://lkml.kernel.org/r/20210221002554.333076-1-slyfox@gentoo.org
+Link: https://bugs.gentoo.org/769614
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+Reported-by: Dmitry V. Levin <ldv@altlinux.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/ia64/kernel/ptrace.c | 24 ++++++++++++++++++------
+ 1 file changed, 18 insertions(+), 6 deletions(-)
+
+diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
+index 36f660da8124..56007258c014 100644
+--- a/arch/ia64/kernel/ptrace.c
++++ b/arch/ia64/kernel/ptrace.c
+@@ -2144,27 +2144,39 @@ static void syscall_get_set_args_cb(struct unw_frame_info *info, void *data)
+ {
+ struct syscall_get_set_args *args = data;
+ struct pt_regs *pt = args->regs;
+- unsigned long *krbs, cfm, ndirty;
++ unsigned long *krbs, cfm, ndirty, nlocals, nouts;
+ int i, count;
+
+ if (unw_unwind_to_user(info) < 0)
+ return;
+
++ /*
++ * We get here via a few paths:
++ * - break instruction: cfm is shared with caller.
++ * syscall args are in out= regs, locals are non-empty.
++ * - epsinstruction: cfm is set by br.call
++ * locals don't exist.
++ *
++ * For both cases argguments are reachable in cfm.sof - cfm.sol.
++ * CFM: [ ... | sor: 17..14 | sol : 13..7 | sof : 6..0 ]
++ */
+ cfm = pt->cr_ifs;
++ nlocals = (cfm >> 7) & 0x7f; /* aka sol */
++ nouts = (cfm & 0x7f) - nlocals; /* aka sof - sol */
+ krbs = (unsigned long *)info->task + IA64_RBS_OFFSET/8;
+ ndirty = ia64_rse_num_regs(krbs, krbs + (pt->loadrs >> 19));
+
+ count = 0;
+ if (in_syscall(pt))
+- count = min_t(int, args->n, cfm & 0x7f);
++ count = min_t(int, args->n, nouts);
+
++ /* Iterate over outs. */
+ for (i = 0; i < count; i++) {
++ int j = ndirty + nlocals + i + args->i;
+ if (args->rw)
+- *ia64_rse_skip_regs(krbs, ndirty + i + args->i) =
+- args->args[i];
++ *ia64_rse_skip_regs(krbs, j) = args->args[i];
+ else
+- args->args[i] = *ia64_rse_skip_regs(krbs,
+- ndirty + i + args->i);
++ args->args[i] = *ia64_rse_skip_regs(krbs, j);
+ }
+
+ if (!args->rw) {
+--
+2.30.1
+
--- /dev/null
+From 7d3788b8010200db783e0f99ba3b172741509c58 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 12 Mar 2021 21:08:27 -0800
+Subject: ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
+
+From: Sergei Trofimovich <slyfox@gentoo.org>
+
+[ Upstream commit 61bf318eac2c13356f7bd1c6a05421ef504ccc8a ]
+
+In https://bugs.gentoo.org/769614 Dmitry noticed that
+`ptrace(PTRACE_GET_SYSCALL_INFO)` does not return error sign properly.
+
+The bug is in mismatch between get/set errors:
+
+static inline long syscall_get_error(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ return regs->r10 == -1 ? regs->r8:0;
+}
+
+static inline long syscall_get_return_value(struct task_struct *task,
+ struct pt_regs *regs)
+{
+ return regs->r8;
+}
+
+static inline void syscall_set_return_value(struct task_struct *task,
+ struct pt_regs *regs,
+ int error, long val)
+{
+ if (error) {
+ /* error < 0, but ia64 uses > 0 return value */
+ regs->r8 = -error;
+ regs->r10 = -1;
+ } else {
+ regs->r8 = val;
+ regs->r10 = 0;
+ }
+}
+
+Tested on v5.10 on rx3600 machine (ia64 9040 CPU).
+
+Link: https://lkml.kernel.org/r/20210221002554.333076-2-slyfox@gentoo.org
+Link: https://bugs.gentoo.org/769614
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+Reported-by: Dmitry V. Levin <ldv@altlinux.org>
+Reviewed-by: Dmitry V. Levin <ldv@altlinux.org>
+Cc: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/ia64/include/asm/syscall.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/ia64/include/asm/syscall.h b/arch/ia64/include/asm/syscall.h
+index 1d0b875fec44..ec909eec0b4c 100644
+--- a/arch/ia64/include/asm/syscall.h
++++ b/arch/ia64/include/asm/syscall.h
+@@ -35,7 +35,7 @@ static inline void syscall_rollback(struct task_struct *task,
+ static inline long syscall_get_error(struct task_struct *task,
+ struct pt_regs *regs)
+ {
+- return regs->r10 == -1 ? regs->r8:0;
++ return regs->r10 == -1 ? -regs->r8:0;
+ }
+
+ static inline long syscall_get_return_value(struct task_struct *task,
+--
+2.30.1
+
--- /dev/null
+From e5a8f4bf1a538079bc406f17fec6dbc3db981efd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 3 Jan 2021 16:08:42 +0800
+Subject: ixgbe: Fix memleak in ixgbe_configure_clsu32
+
+From: Dinghao Liu <dinghao.liu@zju.edu.cn>
+
+[ Upstream commit 7a766381634da19fc837619b0a34590498d9d29a ]
+
+When ixgbe_fdir_write_perfect_filter_82599() fails,
+input allocated by kzalloc() has not been freed,
+which leads to memleak.
+
+Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
+Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
+Tested-by: Tony Brelinski <tonyx.brelinski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+index 36d73bf32f4f..8e2aaf774693 100644
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+@@ -8677,8 +8677,10 @@ static int ixgbe_configure_clsu32(struct ixgbe_adapter *adapter,
+ ixgbe_atr_compute_perfect_hash_82599(&input->filter, mask);
+ err = ixgbe_fdir_write_perfect_filter_82599(hw, &input->filter,
+ input->sw_idx, queue);
+- if (!err)
+- ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx);
++ if (err)
++ goto err_out_w_lock;
++
++ ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx);
+ spin_unlock(&adapter->fdir_perfect_lock);
+
+ if ((uhtid != 0x800) && (adapter->jump_tables[uhtid]))
+--
+2.30.1
+
--- /dev/null
+From cec3efe3fcb0050c68d2d7f5e145bccd4815977d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 25 Feb 2021 22:15:16 +0100
+Subject: net: fec: ptp: avoid register access when ipg clock is disabled
+
+From: Heiko Thiery <heiko.thiery@gmail.com>
+
+[ Upstream commit 6a4d7234ae9a3bb31181f348ade9bbdb55aeb5c5 ]
+
+When accessing the timecounter register on an i.MX8MQ the kernel hangs.
+This is only the case when the interface is down. This can be reproduced
+by reading with 'phc_ctrl eth0 get'.
+
+Like described in the change in 91c0d987a9788dcc5fe26baafd73bf9242b68900
+the igp clock is disabled when the interface is down and leads to a
+system hang.
+
+So we check if the ptp clock status before reading the timecounter
+register.
+
+Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
+Acked-by: Richard Cochran <richardcochran@gmail.com>
+Link: https://lore.kernel.org/r/20210225211514.9115-1-heiko.thiery@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/freescale/fec_ptp.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/drivers/net/ethernet/freescale/fec_ptp.c b/drivers/net/ethernet/freescale/fec_ptp.c
+index f9e74461bdc0..123181612595 100644
+--- a/drivers/net/ethernet/freescale/fec_ptp.c
++++ b/drivers/net/ethernet/freescale/fec_ptp.c
+@@ -396,9 +396,16 @@ static int fec_ptp_gettime(struct ptp_clock_info *ptp, struct timespec64 *ts)
+ u64 ns;
+ unsigned long flags;
+
++ mutex_lock(&adapter->ptp_clk_mutex);
++ /* Check the ptp clock */
++ if (!adapter->ptp_clk_on) {
++ mutex_unlock(&adapter->ptp_clk_mutex);
++ return -EINVAL;
++ }
+ spin_lock_irqsave(&adapter->tmreg_lock, flags);
+ ns = timecounter_read(&adapter->tc);
+ spin_unlock_irqrestore(&adapter->tmreg_lock, flags);
++ mutex_unlock(&adapter->ptp_clk_mutex);
+
+ *ts = ns_to_timespec64(ns);
+
+--
+2.30.1
+
--- /dev/null
+From 03c48cba5f745a2330f4927f3d129ad49ca0f5d1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 4 Mar 2021 18:06:48 -0800
+Subject: net: tehuti: fix error return code in bdx_probe()
+
+From: Jia-Ju Bai <baijiaju1990@gmail.com>
+
+[ Upstream commit 38c26ff3048af50eee3fcd591921357ee5bfd9ee ]
+
+When bdx_read_mac() fails, no error return code of bdx_probe()
+is assigned.
+To fix this bug, err is assigned with -EFAULT as error return code.
+
+Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
+Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/tehuti/tehuti.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/ethernet/tehuti/tehuti.c b/drivers/net/ethernet/tehuti/tehuti.c
+index 7108c68f16d3..6ee7f8d2f2d1 100644
+--- a/drivers/net/ethernet/tehuti/tehuti.c
++++ b/drivers/net/ethernet/tehuti/tehuti.c
+@@ -2062,6 +2062,7 @@ bdx_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
+ /*bdx_hw_reset(priv); */
+ if (bdx_read_mac(priv)) {
+ pr_err("load MAC address failed\n");
++ err = -EFAULT;
+ goto err_out_iomap;
+ }
+ SET_NETDEV_DEV(ndev, &pdev->dev);
+--
+2.30.1
+
--- /dev/null
+From 40570a1929bc0f211d9cec3e017461d6154d6819 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 7 Mar 2021 01:12:56 -0800
+Subject: net: wan: fix error return code of uhdlc_init()
+
+From: Jia-Ju Bai <baijiaju1990@gmail.com>
+
+[ Upstream commit 62765d39553cfd1ad340124fe1e280450e8c89e2 ]
+
+When priv->rx_skbuff or priv->tx_skbuff is NULL, no error return code of
+uhdlc_init() is assigned.
+To fix this bug, ret is assigned with -ENOMEM in these cases.
+
+Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
+Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wan/fsl_ucc_hdlc.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c
+index 87bf05a81db5..fc7d28edee07 100644
+--- a/drivers/net/wan/fsl_ucc_hdlc.c
++++ b/drivers/net/wan/fsl_ucc_hdlc.c
+@@ -169,13 +169,17 @@ static int uhdlc_init(struct ucc_hdlc_private *priv)
+
+ priv->rx_skbuff = kzalloc(priv->rx_ring_size * sizeof(*priv->rx_skbuff),
+ GFP_KERNEL);
+- if (!priv->rx_skbuff)
++ if (!priv->rx_skbuff) {
++ ret = -ENOMEM;
+ goto free_ucc_pram;
++ }
+
+ priv->tx_skbuff = kzalloc(priv->tx_ring_size * sizeof(*priv->tx_skbuff),
+ GFP_KERNEL);
+- if (!priv->tx_skbuff)
++ if (!priv->tx_skbuff) {
++ ret = -ENOMEM;
+ goto free_rx_skbuff;
++ }
+
+ priv->skb_curtx = 0;
+ priv->skb_dirtytx = 0;
+--
+2.30.1
+
--- /dev/null
+From b2a11d8e3d6dd4be38f6f2bcfcf7cc9bd9e6eeb2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 8 Mar 2021 12:12:13 -0600
+Subject: NFS: Correct size calculation for create reply length
+
+From: Frank Sorenson <sorenson@redhat.com>
+
+[ Upstream commit ad3dbe35c833c2d4d0bbf3f04c785d32f931e7c9 ]
+
+CREATE requests return a post_op_fh3, rather than nfs_fh3. The
+post_op_fh3 includes an extra word to indicate 'handle_follows'.
+
+Without that additional word, create fails when full 64-byte
+filehandles are in use.
+
+Add NFS3_post_op_fh_sz, and correct the size calculation for
+NFS3_createres_sz.
+
+Signed-off-by: Frank Sorenson <sorenson@redhat.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/nfs3xdr.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c
+index 267126d32ec0..4a68837e92ea 100644
+--- a/fs/nfs/nfs3xdr.c
++++ b/fs/nfs/nfs3xdr.c
+@@ -33,6 +33,7 @@
+ */
+ #define NFS3_fhandle_sz (1+16)
+ #define NFS3_fh_sz (NFS3_fhandle_sz) /* shorthand */
++#define NFS3_post_op_fh_sz (1+NFS3_fh_sz)
+ #define NFS3_sattr_sz (15)
+ #define NFS3_filename_sz (1+(NFS3_MAXNAMLEN>>2))
+ #define NFS3_path_sz (1+(NFS3_MAXPATHLEN>>2))
+@@ -70,7 +71,7 @@
+ #define NFS3_readlinkres_sz (1+NFS3_post_op_attr_sz+1)
+ #define NFS3_readres_sz (1+NFS3_post_op_attr_sz+3)
+ #define NFS3_writeres_sz (1+NFS3_wcc_data_sz+4)
+-#define NFS3_createres_sz (1+NFS3_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz)
++#define NFS3_createres_sz (1+NFS3_post_op_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz)
+ #define NFS3_renameres_sz (1+(2 * NFS3_wcc_data_sz))
+ #define NFS3_linkres_sz (1+NFS3_post_op_attr_sz+NFS3_wcc_data_sz)
+ #define NFS3_readdirres_sz (1+NFS3_post_op_attr_sz+2)
+--
+2.30.1
+
--- /dev/null
+From 7ebaaac6e415639cb8f3987144d67e8b896a1556 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 23 Feb 2021 15:19:01 +0100
+Subject: nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
+
+From: Timo Rothenpieler <timo@rothenpieler.org>
+
+[ Upstream commit a0590473c5e6c4ef17c3132ad08fbad170f72d55 ]
+
+This follows what was done in 8c2fabc6542d9d0f8b16bd1045c2eda59bdcde13.
+With the default being m, it's impossible to build the module into the
+kernel.
+
+Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
+index c3428767332c..55ebf9f4a824 100644
+--- a/fs/nfs/Kconfig
++++ b/fs/nfs/Kconfig
+@@ -132,7 +132,7 @@ config PNFS_OBJLAYOUT
+ config PNFS_FLEXFILE_LAYOUT
+ tristate
+ depends on NFS_V4_1 && NFS_V3
+- default m
++ default NFS_V4
+
+ config NFS_V4_1_IMPLEMENTATION_ID_DOMAIN
+ string "NFSv4.1 Implementation ID Domain"
+--
+2.30.1
+
--- /dev/null
+From 621377971352da38e994335a312fd253d6660d09 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 28 Jan 2021 17:36:38 -0500
+Subject: nfs: we don't support removing system.nfs4_acl
+
+From: J. Bruce Fields <bfields@redhat.com>
+
+[ Upstream commit 4f8be1f53bf615102d103c0509ffa9596f65b718 ]
+
+The NFSv4 protocol doesn't have any notion of reomoving an attribute, so
+removexattr(path,"system.nfs4_acl") doesn't make sense.
+
+There's no documented return value. Arguably it could be EOPNOTSUPP but
+I'm a little worried an application might take that to mean that we
+don't support ACLs or xattrs. How about EINVAL?
+
+Signed-off-by: J. Bruce Fields <bfields@redhat.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nfs/nfs4proc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index 0cebe0ca03b2..94130588ebf5 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -5144,6 +5144,9 @@ static int __nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t bufl
+ unsigned int npages = DIV_ROUND_UP(buflen, PAGE_SIZE);
+ int ret, i;
+
++ /* You can't remove system.nfs4_acl: */
++ if (buflen == 0)
++ return -EINVAL;
+ if (!nfs4_server_supports_acls(server))
+ return -EOPNOTSUPP;
+ if (npages > ARRAY_SIZE(pages))
+--
+2.30.1
+
--- /dev/null
+From e9a650c5649853f904f4b86ffec3ad03bcf79ae3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 Feb 2021 23:30:58 +1100
+Subject: powerpc/4xx: Fix build errors from mfdcr()
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+[ Upstream commit eead089311f4d935ab5d1d8fbb0c42ad44699ada ]
+
+lkp reported a build error in fsp2.o:
+
+ CC arch/powerpc/platforms/44x/fsp2.o
+ {standard input}:577: Error: unsupported relocation against base
+
+Which comes from:
+
+ pr_err("GESR0: 0x%08x\n", mfdcr(base + PLB4OPB_GESR0));
+
+Where our mfdcr() macro is stringifying "base + PLB4OPB_GESR0", and
+passing that to the assembler, which obviously doesn't work.
+
+The mfdcr() macro already checks that the argument is constant using
+__builtin_constant_p(), and if not calls the out-of-line version of
+mfdcr(). But in this case GCC is smart enough to notice that "base +
+PLB4OPB_GESR0" will be constant, even though it's not something we can
+immediately stringify into a register number.
+
+Segher pointed out that passing the register number to the inline asm
+as a constant would be better, and in fact it fixes the build error,
+presumably because it gives GCC a chance to resolve the value.
+
+While we're at it, change mtdcr() similarly.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Suggested-by: Segher Boessenkool <segher@kernel.crashing.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Acked-by: Feng Tang <feng.tang@intel.com>
+Link: https://lore.kernel.org/r/20210218123058.748882-1-mpe@ellerman.id.au
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/include/asm/dcr-native.h | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/arch/powerpc/include/asm/dcr-native.h b/arch/powerpc/include/asm/dcr-native.h
+index 4a2beef74277..86fdda16bb73 100644
+--- a/arch/powerpc/include/asm/dcr-native.h
++++ b/arch/powerpc/include/asm/dcr-native.h
+@@ -65,8 +65,8 @@ static inline void mtdcrx(unsigned int reg, unsigned int val)
+ #define mfdcr(rn) \
+ ({unsigned int rval; \
+ if (__builtin_constant_p(rn) && rn < 1024) \
+- asm volatile("mfdcr %0," __stringify(rn) \
+- : "=r" (rval)); \
++ asm volatile("mfdcr %0, %1" : "=r" (rval) \
++ : "n" (rn)); \
+ else if (likely(cpu_has_feature(CPU_FTR_INDEXED_DCR))) \
+ rval = mfdcrx(rn); \
+ else \
+@@ -76,8 +76,8 @@ static inline void mtdcrx(unsigned int reg, unsigned int val)
+ #define mtdcr(rn, v) \
+ do { \
+ if (__builtin_constant_p(rn) && rn < 1024) \
+- asm volatile("mtdcr " __stringify(rn) ",%0" \
+- : : "r" (v)); \
++ asm volatile("mtdcr %0, %1" \
++ : : "n" (rn), "r" (v)); \
+ else if (likely(cpu_has_feature(CPU_FTR_INDEXED_DCR))) \
+ mtdcrx(rn, v); \
+ else \
+--
+2.30.1
+
--- /dev/null
+net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch
+powerpc-4xx-fix-build-errors-from-mfdcr.patch
+atm-eni-dont-release-is-never-initialized.patch
+atm-lanai-dont-run-lanai_dev_close-if-not-open.patch
+ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch
+net-tehuti-fix-error-return-code-in-bdx_probe.patch
+sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch
+nfs-fix-pnfs_flexfile_layout-kconfig-default.patch
+nfs-correct-size-calculation-for-create-reply-length.patch
+net-wan-fix-error-return-code-of-uhdlc_init.patch
+atm-upd98402-fix-incorrect-allocation.patch
+atm-idt77252-fix-null-ptr-dereference.patch
+u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch
+nfs-we-don-t-support-removing-system.nfs4_acl.patch
+ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch
+ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch
--- /dev/null
+From 556a443bc543c5c8975877328333be9b8581912c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 5 Mar 2021 20:02:12 +0300
+Subject: sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
+
+From: Denis Efremov <efremov@linux.com>
+
+[ Upstream commit 155b23e6e53475ca3b8c2a946299b4d4dd6a5a1e ]
+
+RXMAC_BC_FRM_CNT_COUNT added to mp->rx_bcasts twice in a row
+in niu_xmac_interrupt(). Remove the second addition.
+
+Signed-off-by: Denis Efremov <efremov@linux.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/sun/niu.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c
+index fe5b0ac8c631..5bf47279f9c1 100644
+--- a/drivers/net/ethernet/sun/niu.c
++++ b/drivers/net/ethernet/sun/niu.c
+@@ -3948,8 +3948,6 @@ static void niu_xmac_interrupt(struct niu *np)
+ mp->rx_mcasts += RXMAC_MC_FRM_CNT_COUNT;
+ if (val & XRXMAC_STATUS_RXBCAST_CNT_EXP)
+ mp->rx_bcasts += RXMAC_BC_FRM_CNT_COUNT;
+- if (val & XRXMAC_STATUS_RXBCAST_CNT_EXP)
+- mp->rx_bcasts += RXMAC_BC_FRM_CNT_COUNT;
+ if (val & XRXMAC_STATUS_RXHIST1_CNT_EXP)
+ mp->rx_hist_cnt1 += RXMAC_HIST_CNT1_COUNT;
+ if (val & XRXMAC_STATUS_RXHIST2_CNT_EXP)
+--
+2.30.1
+
--- /dev/null
+From 04c72c1755d852026ab7a568f29a1e8b3646adcb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 8 Mar 2021 09:38:12 +0100
+Subject: u64_stats,lockdep: Fix u64_stats_init() vs lockdep
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+[ Upstream commit d5b0e0677bfd5efd17c5bbb00156931f0d41cb85 ]
+
+Jakub reported that:
+
+ static struct net_device *rtl8139_init_board(struct pci_dev *pdev)
+ {
+ ...
+ u64_stats_init(&tp->rx_stats.syncp);
+ u64_stats_init(&tp->tx_stats.syncp);
+ ...
+ }
+
+results in lockdep getting confused between the RX and TX stats lock.
+This is because u64_stats_init() is an inline calling seqcount_init(),
+which is a macro using a static variable to generate a lockdep class.
+
+By wrapping that in an inline, we negate the effect of the macro and
+fold the static key variable, hence the confusion.
+
+Fix by also making u64_stats_init() a macro for the case where it
+matters, leaving the other case an inline for argument validation
+etc.
+
+Reported-by: Jakub Kicinski <kuba@kernel.org>
+Debugged-by: "Ahmed S. Darwish" <a.darwish@linutronix.de>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Tested-by: "Erhard F." <erhard_f@mailbox.org>
+Link: https://lkml.kernel.org/r/YEXicy6+9MksdLZh@hirez.programming.kicks-ass.net
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/u64_stats_sync.h | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/include/linux/u64_stats_sync.h b/include/linux/u64_stats_sync.h
+index 650f3dd6b800..f604a8fe9d2e 100644
+--- a/include/linux/u64_stats_sync.h
++++ b/include/linux/u64_stats_sync.h
+@@ -68,12 +68,13 @@ struct u64_stats_sync {
+ };
+
+
++#if BITS_PER_LONG == 32 && defined(CONFIG_SMP)
++#define u64_stats_init(syncp) seqcount_init(&(syncp)->seq)
++#else
+ static inline void u64_stats_init(struct u64_stats_sync *syncp)
+ {
+-#if BITS_PER_LONG == 32 && defined(CONFIG_SMP)
+- seqcount_init(&syncp->seq);
+-#endif
+ }
++#endif
+
+ static inline void u64_stats_update_begin(struct u64_stats_sync *syncp)
+ {
+--
+2.30.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
