--- /dev/null
+From fb25621da5702c104ce0a48de5b174ced09e5b4e Mon Sep 17 00:00:00 2001
+From: Miaoqian Lin <linmq006@gmail.com>
+Date: Thu, 27 Jan 2022 13:13:34 +0000
+Subject: ASoC: fsl: Add missing error handling in pcm030_fabric_probe
+
+From: Miaoqian Lin <linmq006@gmail.com>
+
+commit fb25621da5702c104ce0a48de5b174ced09e5b4e upstream.
+
+Add the missing platform_device_put() and platform_device_del()
+before return from pcm030_fabric_probe in the error handling case.
+
+Fixes: c912fa913446 ("ASoC: fsl: register the wm9712-codec")
+Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
+Link: https://lore.kernel.org/r/20220127131336.30214-1-linmq006@gmail.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/fsl/pcm030-audio-fabric.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+--- a/sound/soc/fsl/pcm030-audio-fabric.c
++++ b/sound/soc/fsl/pcm030-audio-fabric.c
+@@ -90,16 +90,21 @@ static int pcm030_fabric_probe(struct pl
+ dev_err(&op->dev, "platform_device_alloc() failed\n");
+
+ ret = platform_device_add(pdata->codec_device);
+- if (ret)
++ if (ret) {
+ dev_err(&op->dev, "platform_device_add() failed: %d\n", ret);
++ platform_device_put(pdata->codec_device);
++ }
+
+ ret = snd_soc_register_card(card);
+- if (ret)
++ if (ret) {
+ dev_err(&op->dev, "snd_soc_register_card() failed: %d\n", ret);
++ platform_device_del(pdata->codec_device);
++ platform_device_put(pdata->codec_device);
++ }
+
+ platform_set_drvdata(op, pdata);
+-
+ return ret;
++
+ }
+
+ static int pcm030_fabric_remove(struct platform_device *op)
--- /dev/null
+From 9b45a7738eec52bf0f5d8d3d54e822962781c5f2 Mon Sep 17 00:00:00 2001
+From: Joerg Roedel <jroedel@suse.de>
+Date: Fri, 4 Feb 2022 12:55:37 +0100
+Subject: iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
+
+From: Joerg Roedel <jroedel@suse.de>
+
+commit 9b45a7738eec52bf0f5d8d3d54e822962781c5f2 upstream.
+
+The polling loop for the register change in iommu_ga_log_enable() needs
+to have a udelay() in it. Otherwise the CPU might be faster than the
+IOMMU hardware and wrongly trigger the WARN_ON() further down the code
+stream. Use a 10us for udelay(), has there is some hardware where
+activation of the GA log can take more than a 100ms.
+
+A future optimization should move the activation check of the GA log
+to the point where it gets used for the first time. But that is a
+bigger change and not suitable for a fix.
+
+Fixes: 8bda0cfbdc1a ("iommu/amd: Detect and initialize guest vAPIC log")
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Link: https://lore.kernel.org/r/20220204115537.3894-1-joro@8bytes.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iommu/amd_iommu_init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/iommu/amd_iommu_init.c
++++ b/drivers/iommu/amd_iommu_init.c
+@@ -28,6 +28,7 @@
+ #include <linux/amd-iommu.h>
+ #include <linux/export.h>
+ #include <linux/iommu.h>
++#include <linux/iopoll.h>
+ #include <asm/pci-direct.h>
+ #include <asm/iommu.h>
+ #include <asm/gart.h>
+@@ -715,6 +716,7 @@ static int iommu_ga_log_enable(struct am
+ status = readl(iommu->mmio_base + MMIO_STATUS_OFFSET);
+ if (status & (MMIO_STATUS_GALOG_RUN_MASK))
+ break;
++ udelay(10);
+ }
+
+ if (i >= LOOP_TIMEOUT)
--- /dev/null
+From 79c37ca73a6e9a33f7b2b7783ba6af07a448c8a9 Mon Sep 17 00:00:00 2001
+From: Miquel Raynal <miquel.raynal@bootlin.com>
+Date: Tue, 25 Jan 2022 13:14:25 +0100
+Subject: net: ieee802154: Return meaningful error codes from the netlink helpers
+
+From: Miquel Raynal <miquel.raynal@bootlin.com>
+
+commit 79c37ca73a6e9a33f7b2b7783ba6af07a448c8a9 upstream.
+
+Returning -1 does not indicate anything useful.
+
+Use a standard and meaningful error code instead.
+
+Fixes: a26c5fd7622d ("nl802154: add support for security layer")
+Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Acked-by: Alexander Aring <aahringo@redhat.com>
+Link: https://lore.kernel.org/r/20220125121426.848337-6-miquel.raynal@bootlin.com
+Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ieee802154/nl802154.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/net/ieee802154/nl802154.c
++++ b/net/ieee802154/nl802154.c
+@@ -1474,7 +1474,7 @@ static int nl802154_send_key(struct sk_b
+
+ hdr = nl802154hdr_put(msg, portid, seq, flags, cmd);
+ if (!hdr)
+- return -1;
++ return -ENOBUFS;
+
+ if (nla_put_u32(msg, NL802154_ATTR_IFINDEX, dev->ifindex))
+ goto nla_put_failure;
+@@ -1665,7 +1665,7 @@ static int nl802154_send_device(struct s
+
+ hdr = nl802154hdr_put(msg, portid, seq, flags, cmd);
+ if (!hdr)
+- return -1;
++ return -ENOBUFS;
+
+ if (nla_put_u32(msg, NL802154_ATTR_IFINDEX, dev->ifindex))
+ goto nla_put_failure;
+@@ -1843,7 +1843,7 @@ static int nl802154_send_devkey(struct s
+
+ hdr = nl802154hdr_put(msg, portid, seq, flags, cmd);
+ if (!hdr)
+- return -1;
++ return -ENOBUFS;
+
+ if (nla_put_u32(msg, NL802154_ATTR_IFINDEX, dev->ifindex))
+ goto nla_put_failure;
+@@ -2020,7 +2020,7 @@ static int nl802154_send_seclevel(struct
+
+ hdr = nl802154hdr_put(msg, portid, seq, flags, cmd);
+ if (!hdr)
+- return -1;
++ return -ENOBUFS;
+
+ if (nla_put_u32(msg, NL802154_ATTR_IFINDEX, dev->ifindex))
+ goto nla_put_failure;
--- /dev/null
+From d0cfa548dbde354de986911d3913897b5448faad Mon Sep 17 00:00:00 2001
+From: Lior Nahmanson <liorna@nvidia.com>
+Date: Sun, 30 Jan 2022 13:37:52 +0200
+Subject: net: macsec: Verify that send_sci is on when setting Tx sci explicitly
+
+From: Lior Nahmanson <liorna@nvidia.com>
+
+commit d0cfa548dbde354de986911d3913897b5448faad upstream.
+
+When setting Tx sci explicit, the Rx side is expected to use this
+sci and not recalculate it from the packet.However, in case of Tx sci
+is explicit and send_sci is off, the receiver is wrongly recalculate
+the sci from the source MAC address which most likely be different
+than the explicit sci.
+
+Fix by preventing such configuration when macsec newlink is established
+and return EINVAL error code on such cases.
+
+Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver")
+Signed-off-by: Lior Nahmanson <liorna@nvidia.com>
+Reviewed-by: Raed Salem <raeds@nvidia.com>
+Signed-off-by: Raed Salem <raeds@nvidia.com>
+Link: https://lore.kernel.org/r/1643542672-29403-1-git-send-email-raeds@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/macsec.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/drivers/net/macsec.c
++++ b/drivers/net/macsec.c
+@@ -3230,6 +3230,15 @@ static int macsec_newlink(struct net *ne
+
+ macsec->real_dev = real_dev;
+
++ /* send_sci must be set to true when transmit sci explicitly is set */
++ if ((data && data[IFLA_MACSEC_SCI]) &&
++ (data && data[IFLA_MACSEC_INC_SCI])) {
++ u8 send_sci = !!nla_get_u8(data[IFLA_MACSEC_INC_SCI]);
++
++ if (!send_sci)
++ return -EINVAL;
++ }
++
+ if (data && data[IFLA_MACSEC_ICV_LEN])
+ icv_len = nla_get_u8(data[IFLA_MACSEC_ICV_LEN]);
+ mtu = real_dev->mtu - icv_len - macsec_extra_len(true);
--- /dev/null
+From ab451ea952fe9d7afefae55ddb28943a148247fe Mon Sep 17 00:00:00 2001
+From: Dai Ngo <dai.ngo@oracle.com>
+Date: Wed, 26 Jan 2022 13:13:38 -0800
+Subject: nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
+
+From: Dai Ngo <dai.ngo@oracle.com>
+
+commit ab451ea952fe9d7afefae55ddb28943a148247fe upstream.
+
+From RFC 7530 Section 16.34.5:
+
+o The server has not recorded an unconfirmed { v, x, c, *, * } and
+ has recorded a confirmed { v, x, c, *, s }. If the principals of
+ the record and of SETCLIENTID_CONFIRM do not match, the server
+ returns NFS4ERR_CLID_INUSE without removing any relevant leased
+ client state, and without changing recorded callback and
+ callback_ident values for client { x }.
+
+The current code intends to do what the spec describes above but
+it forgot to set 'old' to NULL resulting to the confirmed client
+to be expired.
+
+Fixes: 2b63482185e6 ("nfsd: fix clid_inuse on mount with security change")
+Signed-off-by: Dai Ngo <dai.ngo@oracle.com>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Reviewed-by: Bruce Fields <bfields@fieldses.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfs4state.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4state.c
++++ b/fs/nfsd/nfs4state.c
+@@ -3424,8 +3424,10 @@ nfsd4_setclientid_confirm(struct svc_rqs
+ status = nfserr_clid_inuse;
+ if (client_has_state(old)
+ && !same_creds(&unconf->cl_cred,
+- &old->cl_cred))
++ &old->cl_cred)) {
++ old = NULL;
+ goto out;
++ }
+ status = mark_client_expired_locked(old);
+ if (status) {
+ old = NULL;
--- /dev/null
+From 936bd03405fc83ba039d42bc93ffd4b88418f1d3 Mon Sep 17 00:00:00 2001
+From: John Meneghini <jmeneghi@redhat.com>
+Date: Mon, 24 Jan 2022 09:51:10 -0500
+Subject: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
+
+From: John Meneghini <jmeneghi@redhat.com>
+
+commit 936bd03405fc83ba039d42bc93ffd4b88418f1d3 upstream.
+
+Running tests with a debug kernel shows that bnx2fc_recv_frame() is
+modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot
+a debug kernel and run the bnx2fc driver with the hardware enabled.
+
+[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_
+[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
+[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B
+[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013
+[ 1391.699183] Call Trace:
+[ 1391.699188] dump_stack_lvl+0x57/0x7d
+[ 1391.699198] check_preemption_disabled+0xc8/0xd0
+[ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc]
+[ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180
+[ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc]
+[ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc]
+[ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc]
+[ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc]
+[ 1391.699258] kthread+0x364/0x420
+[ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50
+[ 1391.699268] ? set_kthread_struct+0x100/0x100
+[ 1391.699273] ret_from_fork+0x22/0x30
+
+Restore the old get_cpu/put_cpu code with some modifications to reduce the
+size of the critical section.
+
+Link: https://lore.kernel.org/r/20220124145110.442335-1-jmeneghi@redhat.com
+Fixes: d576a5e80cd0 ("bnx2fc: Improve stats update mechanism")
+Tested-by: Guangwu Zhang <guazhang@redhat.com>
+Acked-by: Saurav Kashyap <skashyap@marvell.com>
+Signed-off-by: John Meneghini <jmeneghi@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+--- a/drivers/scsi/bnx2fc/bnx2fc_fcoe.c
++++ b/drivers/scsi/bnx2fc/bnx2fc_fcoe.c
+@@ -521,7 +521,8 @@ static int bnx2fc_l2_rcv_thread(void *ar
+
+ static void bnx2fc_recv_frame(struct sk_buff *skb)
+ {
+- u32 fr_len;
++ u64 crc_err;
++ u32 fr_len, fr_crc;
+ struct fc_lport *lport;
+ struct fcoe_rcv_info *fr;
+ struct fc_stats *stats;
+@@ -553,6 +554,11 @@ static void bnx2fc_recv_frame(struct sk_
+ skb_pull(skb, sizeof(struct fcoe_hdr));
+ fr_len = skb->len - sizeof(struct fcoe_crc_eof);
+
++ stats = per_cpu_ptr(lport->stats, get_cpu());
++ stats->RxFrames++;
++ stats->RxWords += fr_len / FCOE_WORD_TO_BYTE;
++ put_cpu();
++
+ fp = (struct fc_frame *)skb;
+ fc_frame_init(fp);
+ fr_dev(fp) = lport;
+@@ -604,16 +610,15 @@ static void bnx2fc_recv_frame(struct sk_
+ return;
+ }
+
+- stats = per_cpu_ptr(lport->stats, smp_processor_id());
+- stats->RxFrames++;
+- stats->RxWords += fr_len / FCOE_WORD_TO_BYTE;
++ fr_crc = le32_to_cpu(fr_crc(fp));
+
+- if (le32_to_cpu(fr_crc(fp)) !=
+- ~crc32(~0, skb->data, fr_len)) {
+- if (stats->InvalidCRCCount < 5)
++ if (unlikely(fr_crc != ~crc32(~0, skb->data, fr_len))) {
++ stats = per_cpu_ptr(lport->stats, get_cpu());
++ crc_err = (stats->InvalidCRCCount++);
++ put_cpu();
++ if (crc_err < 5)
+ printk(KERN_WARNING PFX "dropping frame with "
+ "CRC error\n");
+- stats->InvalidCRCCount++;
+ kfree_skb(skb);
+ return;
+ }
asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw_sx.patch
asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_xr_sx.patch
drm-nouveau-fix-off-by-one-in-bios-boundary-checking.patch
+iommu-amd-fix-loop-timeout-issue-in-iommu_ga_log_enable.patch
+spi-bcm-qspi-check-for-valid-cs-before-applying-chip-select.patch
+spi-mediatek-avoid-null-pointer-crash-in-interrupt.patch
+net-ieee802154-return-meaningful-error-codes-from-the-netlink-helpers.patch
+net-macsec-verify-that-send_sci-is-on-when-setting-tx-sci-explicitly.patch
+asoc-fsl-add-missing-error-handling-in-pcm030_fabric_probe.patch
+scsi-bnx2fc-make-bnx2fc_recv_frame-mp-safe.patch
+nfsd-nfsd4_setclientid_confirm-mistakenly-expires-confirmed-client.patch
--- /dev/null
+From 2cbd27267ffe020af1442b95ec57f59a157ba85c Mon Sep 17 00:00:00 2001
+From: Kamal Dasu <kdasu.kdev@gmail.com>
+Date: Thu, 27 Jan 2022 13:53:59 -0500
+Subject: spi: bcm-qspi: check for valid cs before applying chip select
+
+From: Kamal Dasu <kdasu.kdev@gmail.com>
+
+commit 2cbd27267ffe020af1442b95ec57f59a157ba85c upstream.
+
+Apply only valid chip select value. This change fixes case where chip
+select is set to initial value of '-1' during probe and PM supend and
+subsequent resume can try to use the value with undefined behaviour.
+Also in case where gpio based chip select, the check in
+bcm_qspi_chip_select() shall prevent undefined behaviour on resume.
+
+Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver")
+Signed-off-by: Kamal Dasu <kdasu.kdev@gmail.com>
+Acked-by: Florian Fainelli <f.fainelli@gmail.com>
+Link: https://lore.kernel.org/r/20220127185359.27322-1-kdasu.kdev@gmail.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/spi/spi-bcm-qspi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/spi/spi-bcm-qspi.c
++++ b/drivers/spi/spi-bcm-qspi.c
+@@ -546,7 +546,7 @@ static void bcm_qspi_chip_select(struct
+ u32 rd = 0;
+ u32 wr = 0;
+
+- if (qspi->base[CHIP_SELECT]) {
++ if (cs >= 0 && qspi->base[CHIP_SELECT]) {
+ rd = bcm_qspi_read(qspi, CHIP_SELECT, 0);
+ wr = (rd & ~0xff) | (1 << cs);
+ if (rd == wr)
--- /dev/null
+From f83a96e5f033fbbd21764705cb9c04234b96218e Mon Sep 17 00:00:00 2001
+From: Benjamin Gaignard <benjamin.gaignard@collabora.com>
+Date: Mon, 31 Jan 2022 15:17:08 +0100
+Subject: spi: mediatek: Avoid NULL pointer crash in interrupt
+
+From: Benjamin Gaignard <benjamin.gaignard@collabora.com>
+
+commit f83a96e5f033fbbd21764705cb9c04234b96218e upstream.
+
+In some case, like after a transfer timeout, master->cur_msg pointer
+is NULL which led to a kernel crash when trying to use master->cur_msg->spi.
+mtk_spi_can_dma(), pointed by master->can_dma, doesn't use this parameter
+avoid the problem by setting NULL as second parameter.
+
+Fixes: a568231f46322 ("spi: mediatek: Add spi bus for Mediatek MT8173")
+Signed-off-by: Benjamin Gaignard <benjamin.gaignard@collabora.com>
+Link: https://lore.kernel.org/r/20220131141708.888710-1-benjamin.gaignard@collabora.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/spi/spi-mt65xx.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/spi/spi-mt65xx.c
++++ b/drivers/spi/spi-mt65xx.c
+@@ -440,7 +440,7 @@ static irqreturn_t mtk_spi_interrupt(int
+ else
+ mdata->state = MTK_SPI_IDLE;
+
+- if (!master->can_dma(master, master->cur_msg->spi, trans)) {
++ if (!master->can_dma(master, NULL, trans)) {
+ if (trans->rx_buf) {
+ cnt = mdata->xfer_len / 4;
+ ioread32_rep(mdata->base + SPI_RX_DATA_REG,
projects / thirdparty / kernel / stable-queue.git / commitdiff
