--- /dev/null
+From 8dd13214a810c695044aa168c0ddba1a9c433e4f Mon Sep 17 00:00:00 2001
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Date: Wed, 5 Apr 2023 22:12:20 +0200
+Subject: ALSA: emu10k1: don't create old pass-through playback device on Audigy
+
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+
+commit 8dd13214a810c695044aa168c0ddba1a9c433e4f upstream.
+
+It could have never worked, as snd_emu10k1_fx8010_playback_prepare() and
+snd_emu10k1_fx8010_playback_hw_free() assume the emu10k1 offset for the
+ETRAM, and the default DSP code includes no handler for it. It also
+wouldn't make a lot of sense to make it work, as Audigy has an own, much
+simpler, pass-through mechanism. So just skip creation of the device.
+
+Signed-off-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230405201220.2197938-1-oswald.buddenhagen@gmx.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/emu10k1/emupcm.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/sound/pci/emu10k1/emupcm.c
++++ b/sound/pci/emu10k1/emupcm.c
+@@ -1781,17 +1781,21 @@ int snd_emu10k1_pcm_efx(struct snd_emu10
+ struct snd_kcontrol *kctl;
+ int err;
+
+- err = snd_pcm_new(emu->card, "emu10k1 efx", device, 8, 1, &pcm);
++ err = snd_pcm_new(emu->card, "emu10k1 efx", device, emu->audigy ? 0 : 8, 1, &pcm);
+ if (err < 0)
+ return err;
+
+ pcm->private_data = emu;
+
+- snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_emu10k1_fx8010_playback_ops);
++ if (!emu->audigy)
++ snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &snd_emu10k1_fx8010_playback_ops);
+ snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_CAPTURE, &snd_emu10k1_capture_efx_ops);
+
+ pcm->info_flags = 0;
+- strcpy(pcm->name, "Multichannel Capture/PT Playback");
++ if (emu->audigy)
++ strcpy(pcm->name, "Multichannel Capture");
++ else
++ strcpy(pcm->name, "Multichannel Capture/PT Playback");
+ emu->pcm_efx = pcm;
+
+ /* EFX capture - record the "FXBUS2" channels, by default we connect the EXTINs
--- /dev/null
+From b09c551c77c7e01dc6e4f3c8bf06b5ffa7b06db5 Mon Sep 17 00:00:00 2001
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Date: Wed, 5 Apr 2023 22:12:20 +0200
+Subject: ALSA: emu10k1: fix capture interrupt handler unlinking
+
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+
+commit b09c551c77c7e01dc6e4f3c8bf06b5ffa7b06db5 upstream.
+
+Due to two copy/pastos, closing the MIC or EFX capture device would
+make a running ADC capture hang due to unsetting its interrupt handler.
+In principle, this would have also allowed dereferencing dangling
+pointers, but we're actually rather thorough at disabling and flushing
+the ints.
+
+While it may sound like one, this actually wasn't a hypothetical bug:
+PortAudio will open a capture stream at startup (and close it right
+away) even if not asked to. If the first device is busy, it will just
+proceed with the next one ... thus killing a concurrent capture.
+
+Signed-off-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230405201220.2197923-1-oswald.buddenhagen@gmx.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/emu10k1/emupcm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/pci/emu10k1/emupcm.c
++++ b/sound/pci/emu10k1/emupcm.c
+@@ -1236,7 +1236,7 @@ static int snd_emu10k1_capture_mic_close
+ {
+ struct snd_emu10k1 *emu = snd_pcm_substream_chip(substream);
+
+- emu->capture_interrupt = NULL;
++ emu->capture_mic_interrupt = NULL;
+ emu->pcm_capture_mic_substream = NULL;
+ return 0;
+ }
+@@ -1344,7 +1344,7 @@ static int snd_emu10k1_capture_efx_close
+ {
+ struct snd_emu10k1 *emu = snd_pcm_substream_chip(substream);
+
+- emu->capture_interrupt = NULL;
++ emu->capture_efx_interrupt = NULL;
+ emu->pcm_capture_efx_substream = NULL;
+ return 0;
+ }
--- /dev/null
+From fb4a624f88f658c7b7ae124452bd42eaa8ac7168 Mon Sep 17 00:00:00 2001
+From: Xu Biang <xubiang@hust.edu.cn>
+Date: Thu, 6 Apr 2023 06:28:01 -0700
+Subject: ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex()
+
+From: Xu Biang <xubiang@hust.edu.cn>
+
+commit fb4a624f88f658c7b7ae124452bd42eaa8ac7168 upstream.
+
+Smatch Warns:
+sound/firewire/tascam/tascam-stream.c:493 snd_tscm_stream_start_duplex()
+warn: missing unwind goto?
+
+The direct return will cause the stream list of "&tscm->domain" unemptied
+and the session in "tscm" unfinished if amdtp_domain_start() returns with
+an error.
+
+Fix this by changing the direct return to a goto which will empty the
+stream list of "&tscm->domain" and finish the session in "tscm".
+
+The snd_tscm_stream_start_duplex() function is called in the prepare
+callback of PCM. According to "ALSA Kernel API Documentation", the prepare
+callback of PCM will be called many times at each setup. So, if the
+"&d->streams" list is not emptied, when the prepare callback is called
+next time, snd_tscm_stream_start_duplex() will receive -EBUSY from
+amdtp_domain_add_stream() that tries to add an existing stream to the
+domain. The error handling code after the "error" label will be executed
+in this case, and the "&d->streams" list will be emptied. So not emptying
+the "&d->streams" list will not cause an issue. But it is more efficient
+and readable to empty it on the first error by changing the direct return
+to a goto statement.
+
+The session in "tscm" has been begun before amdtp_domain_start(), so it
+needs to be finished when amdtp_domain_start() fails.
+
+Fixes: c281d46a51e3 ("ALSA: firewire-tascam: support AMDTP domain")
+Signed-off-by: Xu Biang <xubiang@hust.edu.cn>
+Reviewed-by: Dan Carpenter <error27@gmail.com>
+Acked-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230406132801.105108-1-xubiang@hust.edu.cn
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/firewire/tascam/tascam-stream.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/firewire/tascam/tascam-stream.c
++++ b/sound/firewire/tascam/tascam-stream.c
+@@ -490,7 +490,7 @@ int snd_tscm_stream_start_duplex(struct
+ // packet is important for media clock recovery.
+ err = amdtp_domain_start(&tscm->domain, tx_init_skip_cycles, true, true);
+ if (err < 0)
+- return err;
++ goto error;
+
+ if (!amdtp_domain_wait_ready(&tscm->domain, READY_TIMEOUT_MS)) {
+ err = -ETIMEDOUT;
--- /dev/null
+From 6ab6f98fcdc9d4fbe245aa67de03542deea65322 Mon Sep 17 00:00:00 2001
+From: Kai Vehmanen <kai.vehmanen@linux.intel.com>
+Date: Thu, 13 Apr 2023 22:11:53 +0300
+Subject: ALSA: hda/hdmi: disable KAE for Intel DG2
+
+From: Kai Vehmanen <kai.vehmanen@linux.intel.com>
+
+commit 6ab6f98fcdc9d4fbe245aa67de03542deea65322 upstream.
+
+Use of keep-alive (KAE) has resulted in loss of audio on some A750/770
+cards as the transition from keep-alive to stream playback is not
+working as expected. As there is limited benefit of the new KAE mode
+on discrete cards, revert back to older silent-stream implementation
+on these systems.
+
+Cc: stable@vger.kernel.org
+Fixes: 15175a4f2bbb ("ALSA: hda/hdmi: add keep-alive support for ADL-P and DG2")
+Link: https://gitlab.freedesktop.org/drm/intel/-/issues/8307
+Signed-off-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
+Link: https://lore.kernel.org/r/20230413191153.3692049-1-kai.vehmanen@linux.intel.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_hdmi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/hda/patch_hdmi.c
++++ b/sound/pci/hda/patch_hdmi.c
+@@ -4604,7 +4604,7 @@ HDA_CODEC_ENTRY(0x80862814, "DG1 HDMI",
+ HDA_CODEC_ENTRY(0x80862815, "Alderlake HDMI", patch_i915_tgl_hdmi),
+ HDA_CODEC_ENTRY(0x80862816, "Rocketlake HDMI", patch_i915_tgl_hdmi),
+ HDA_CODEC_ENTRY(0x80862818, "Raptorlake HDMI", patch_i915_tgl_hdmi),
+-HDA_CODEC_ENTRY(0x80862819, "DG2 HDMI", patch_i915_adlp_hdmi),
++HDA_CODEC_ENTRY(0x80862819, "DG2 HDMI", patch_i915_tgl_hdmi),
+ HDA_CODEC_ENTRY(0x8086281a, "Jasperlake HDMI", patch_i915_icl_hdmi),
+ HDA_CODEC_ENTRY(0x8086281b, "Elkhartlake HDMI", patch_i915_icl_hdmi),
+ HDA_CODEC_ENTRY(0x8086281c, "Alderlake-P HDMI", patch_i915_adlp_hdmi),
--- /dev/null
+From e959f2beec8e655dba79c5a7111beedae5e757e0 Mon Sep 17 00:00:00 2001
+From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Date: Thu, 6 Apr 2023 10:27:25 -0500
+Subject: ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
+
+From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+
+commit e959f2beec8e655dba79c5a7111beedae5e757e0 upstream.
+
+Add pins and verbs needed to enable speakers and jack.
+
+The pins and verbs configurations were identified by snooping the
+Windows driver commands, with a nice write-up here:
+https://brakkee.org/site/2023/02/07/fixing-sound-on-the-asus-n7601zm/
+
+Reported-by: Erik Brakkee <erik@brakkee.org>
+Link: https://github.com/thesofproject/linux/issues/4176
+Tested-by: Erik Brakkee <erik@brakkee.org>
+Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
+Reviewed-by: Bard Liao <yung-chuan.liao@linux.intel.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230406152725.15191-1-pierre-louis.bossart@linux.intel.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -6960,6 +6960,8 @@ enum {
+ ALC269_FIXUP_DELL_M101Z,
+ ALC269_FIXUP_SKU_IGNORE,
+ ALC269_FIXUP_ASUS_G73JW,
++ ALC269_FIXUP_ASUS_N7601ZM_PINS,
++ ALC269_FIXUP_ASUS_N7601ZM,
+ ALC269_FIXUP_LENOVO_EAPD,
+ ALC275_FIXUP_SONY_HWEQ,
+ ALC275_FIXUP_SONY_DISABLE_AAMIX,
+@@ -7256,6 +7258,29 @@ static const struct hda_fixup alc269_fix
+ { }
+ }
+ },
++ [ALC269_FIXUP_ASUS_N7601ZM_PINS] = {
++ .type = HDA_FIXUP_PINS,
++ .v.pins = (const struct hda_pintbl[]) {
++ { 0x19, 0x03A11050 },
++ { 0x1a, 0x03A11C30 },
++ { 0x21, 0x03211420 },
++ { }
++ }
++ },
++ [ALC269_FIXUP_ASUS_N7601ZM] = {
++ .type = HDA_FIXUP_VERBS,
++ .v.verbs = (const struct hda_verb[]) {
++ {0x20, AC_VERB_SET_COEF_INDEX, 0x62},
++ {0x20, AC_VERB_SET_PROC_COEF, 0xa007},
++ {0x20, AC_VERB_SET_COEF_INDEX, 0x10},
++ {0x20, AC_VERB_SET_PROC_COEF, 0x8420},
++ {0x20, AC_VERB_SET_COEF_INDEX, 0x0f},
++ {0x20, AC_VERB_SET_PROC_COEF, 0x7774},
++ { }
++ },
++ .chained = true,
++ .chain_id = ALC269_FIXUP_ASUS_N7601ZM_PINS,
++ },
+ [ALC269_FIXUP_LENOVO_EAPD] = {
+ .type = HDA_FIXUP_VERBS,
+ .v.verbs = (const struct hda_verb[]) {
+@@ -9465,6 +9490,7 @@ static const struct snd_pci_quirk alc269
+ SND_PCI_QUIRK(0x1043, 0x1271, "ASUS X430UN", ALC256_FIXUP_ASUS_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1043, 0x1290, "ASUS X441SA", ALC233_FIXUP_EAPD_COEF_AND_MIC_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1043, 0x12a0, "ASUS X441UV", ALC233_FIXUP_EAPD_COEF_AND_MIC_NO_PRESENCE),
++ SND_PCI_QUIRK(0x1043, 0x12a3, "Asus N7691ZM", ALC269_FIXUP_ASUS_N7601ZM),
+ SND_PCI_QUIRK(0x1043, 0x12af, "ASUS UX582ZS", ALC245_FIXUP_CS35L41_SPI_2),
+ SND_PCI_QUIRK(0x1043, 0x12e0, "ASUS X541SA", ALC256_FIXUP_ASUS_MIC),
+ SND_PCI_QUIRK(0x1043, 0x12f0, "ASUS X541UV", ALC256_FIXUP_ASUS_MIC),
--- /dev/null
+From 8eda19cd59cedbfe4ec11aea4bcecabe4c98e9e4 Mon Sep 17 00:00:00 2001
+From: Stefan Binding <sbinding@opensource.cirrus.com>
+Date: Wed, 12 Apr 2023 17:05:31 +0100
+Subject: ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
+
+From: Stefan Binding <sbinding@opensource.cirrus.com>
+
+commit 8eda19cd59cedbfe4ec11aea4bcecabe4c98e9e4 upstream.
+
+These Lenovo laptops use Realtek HDA codec combined with
+2xCS35L41 Amplifiers using I2C with External Boost.
+
+Signed-off-by: Stefan Binding <sbinding@opensource.cirrus.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230412160531.182007-1-sbinding@opensource.cirrus.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -9688,6 +9688,9 @@ static const struct snd_pci_quirk alc269
+ SND_PCI_QUIRK(0x17aa, 0x22f1, "Thinkpad", ALC287_FIXUP_CS35L41_I2C_2),
+ SND_PCI_QUIRK(0x17aa, 0x22f2, "Thinkpad", ALC287_FIXUP_CS35L41_I2C_2),
+ SND_PCI_QUIRK(0x17aa, 0x22f3, "Thinkpad", ALC287_FIXUP_CS35L41_I2C_2),
++ SND_PCI_QUIRK(0x17aa, 0x2318, "Thinkpad Z13 Gen2", ALC287_FIXUP_CS35L41_I2C_2),
++ SND_PCI_QUIRK(0x17aa, 0x2319, "Thinkpad Z16 Gen2", ALC287_FIXUP_CS35L41_I2C_2),
++ SND_PCI_QUIRK(0x17aa, 0x231a, "Thinkpad Z16 Gen2", ALC287_FIXUP_CS35L41_I2C_2),
+ SND_PCI_QUIRK(0x17aa, 0x30bb, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
+ SND_PCI_QUIRK(0x17aa, 0x30e2, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY),
+ SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION),
--- /dev/null
+From c17f8fd31700392b1bb9e7b66924333568cb3700 Mon Sep 17 00:00:00 2001
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Date: Wed, 5 Apr 2023 22:12:19 +0200
+Subject: ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
+
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+
+commit c17f8fd31700392b1bb9e7b66924333568cb3700 upstream.
+
+Like the other boards from the D*45* series, this one sets up the
+outputs not quite correctly.
+
+Signed-off-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230405201220.2197826-1-oswald.buddenhagen@gmx.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/sound/hd-audio/models.rst | 2 +-
+ sound/pci/hda/patch_sigmatel.c | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+--- a/Documentation/sound/hd-audio/models.rst
++++ b/Documentation/sound/hd-audio/models.rst
+@@ -704,7 +704,7 @@ ref
+ no-jd
+ BIOS setup but without jack-detection
+ intel
+- Intel DG45* mobos
++ Intel D*45* mobos
+ dell-m6-amic
+ Dell desktops/laptops with analog mics
+ dell-m6-dmic
+--- a/sound/pci/hda/patch_sigmatel.c
++++ b/sound/pci/hda/patch_sigmatel.c
+@@ -1955,6 +1955,8 @@ static const struct snd_pci_quirk stac92
+ "DFI LanParty", STAC_92HD73XX_REF),
+ SND_PCI_QUIRK(PCI_VENDOR_ID_DFI, 0x3101,
+ "DFI LanParty", STAC_92HD73XX_REF),
++ SND_PCI_QUIRK(PCI_VENDOR_ID_INTEL, 0x5001,
++ "Intel DP45SG", STAC_92HD73XX_INTEL),
+ SND_PCI_QUIRK(PCI_VENDOR_ID_INTEL, 0x5002,
+ "Intel DG45ID", STAC_92HD73XX_INTEL),
+ SND_PCI_QUIRK(PCI_VENDOR_ID_INTEL, 0x5003,
--- /dev/null
+From f342ac00da1064eb4f94b1f4bcacbdfea955797a Mon Sep 17 00:00:00 2001
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Date: Wed, 5 Apr 2023 22:12:20 +0200
+Subject: ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
+
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+
+commit f342ac00da1064eb4f94b1f4bcacbdfea955797a upstream.
+
+The BIOS botches this one completely - it says the 2nd S/PDIF output is
+used, while in fact it's the 1st one. This is tested on DP45SG, but I'm
+assuming it's valid for the other boards in the series as well.
+
+Also add some comments regarding the pins.
+FWIW, the codec is apparently still sold by Tempo Semiconductor, Inc.,
+where one can download the documentation.
+
+Signed-off-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230405201220.2197826-2-oswald.buddenhagen@gmx.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_sigmatel.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/sound/pci/hda/patch_sigmatel.c
++++ b/sound/pci/hda/patch_sigmatel.c
+@@ -1707,6 +1707,7 @@ static const struct snd_pci_quirk stac92
+ };
+
+ static const struct hda_pintbl ref92hd73xx_pin_configs[] = {
++ // Port A-H
+ { 0x0a, 0x02214030 },
+ { 0x0b, 0x02a19040 },
+ { 0x0c, 0x01a19020 },
+@@ -1715,9 +1716,12 @@ static const struct hda_pintbl ref92hd73
+ { 0x0f, 0x01014010 },
+ { 0x10, 0x01014020 },
+ { 0x11, 0x01014030 },
++ // CD in
+ { 0x12, 0x02319040 },
++ // Digial Mic ins
+ { 0x13, 0x90a000f0 },
+ { 0x14, 0x90a000f0 },
++ // Digital outs
+ { 0x22, 0x01452050 },
+ { 0x23, 0x01452050 },
+ {}
+@@ -1758,6 +1762,7 @@ static const struct hda_pintbl alienware
+ };
+
+ static const struct hda_pintbl intel_dg45id_pin_configs[] = {
++ // Analog outputs
+ { 0x0a, 0x02214230 },
+ { 0x0b, 0x02A19240 },
+ { 0x0c, 0x01013214 },
+@@ -1765,6 +1770,9 @@ static const struct hda_pintbl intel_dg4
+ { 0x0e, 0x01A19250 },
+ { 0x0f, 0x01011212 },
+ { 0x10, 0x01016211 },
++ // Digital output
++ { 0x22, 0x01451380 },
++ { 0x23, 0x40f000f0 },
+ {}
+ };
+
--- /dev/null
+From e98e7a82bca2b6dce3e03719cff800ec913f9af7 Mon Sep 17 00:00:00 2001
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Date: Wed, 5 Apr 2023 22:12:19 +0200
+Subject: ALSA: i2c/cs8427: fix iec958 mixer control deactivation
+
+From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+
+commit e98e7a82bca2b6dce3e03719cff800ec913f9af7 upstream.
+
+snd_cs8427_iec958_active() would always delete
+SNDRV_CTL_ELEM_ACCESS_INACTIVE, even though the function has an
+argument `active`.
+
+Signed-off-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230405201219.2197811-1-oswald.buddenhagen@gmx.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/i2c/cs8427.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/sound/i2c/cs8427.c
++++ b/sound/i2c/cs8427.c
+@@ -561,10 +561,13 @@ int snd_cs8427_iec958_active(struct snd_
+ if (snd_BUG_ON(!cs8427))
+ return -ENXIO;
+ chip = cs8427->private_data;
+- if (active)
++ if (active) {
+ memcpy(chip->playback.pcm_status,
+ chip->playback.def_status, 24);
+- chip->playback.pcm_ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
++ chip->playback.pcm_ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE;
++ } else {
++ chip->playback.pcm_ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE;
++ }
+ snd_ctl_notify(cs8427->bus->card,
+ SNDRV_CTL_EVENT_MASK_VALUE | SNDRV_CTL_EVENT_MASK_INFO,
+ &chip->playback.pcm_ctl->id);
--- /dev/null
+From b76abe4648c1acc791a207e7c08d1719eb9f4ea8 Mon Sep 17 00:00:00 2001
+From: Sasha Finkelstein <fnkl.kernel@gmail.com>
+Date: Fri, 10 Mar 2023 11:28:42 +0100
+Subject: bluetooth: btbcm: Fix logic error in forming the board name.
+
+From: Sasha Finkelstein <fnkl.kernel@gmail.com>
+
+commit b76abe4648c1acc791a207e7c08d1719eb9f4ea8 upstream.
+
+This patch fixes an incorrect loop exit condition in code that replaces
+'/' symbols in the board name. There might also be a memory corruption
+issue here, but it is unlikely to be a real problem.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Sasha Finkelstein <fnkl.kernel@gmail.com>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/bluetooth/btbcm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/bluetooth/btbcm.c
++++ b/drivers/bluetooth/btbcm.c
+@@ -511,7 +511,7 @@ static const char *btbcm_get_board_name(
+ len = strlen(tmp) + 1;
+ board_type = devm_kzalloc(dev, len, GFP_KERNEL);
+ strscpy(board_type, tmp, len);
+- for (i = 0; i < board_type[i]; i++) {
++ for (i = 0; i < len; i++) {
+ if (board_type[i] == '/')
+ board_type[i] = '-';
+ }
--- /dev/null
+From c95930abd687fcd1aa040dc4fe90dff947916460 Mon Sep 17 00:00:00 2001
+From: Min Li <lm0963hack@gmail.com>
+Date: Sat, 4 Mar 2023 22:23:30 +0800
+Subject: Bluetooth: Fix race condition in hidp_session_thread
+
+From: Min Li <lm0963hack@gmail.com>
+
+commit c95930abd687fcd1aa040dc4fe90dff947916460 upstream.
+
+There is a potential race condition in hidp_session_thread that may
+lead to use-after-free. For instance, the timer is active while
+hidp_del_timer is called in hidp_session_thread(). After hidp_session_put,
+then 'session' will be freed, causing kernel panic when hidp_idle_timeout
+is running.
+
+The solution is to use del_timer_sync instead of del_timer.
+
+Here is the call trace:
+
+? hidp_session_probe+0x780/0x780
+call_timer_fn+0x2d/0x1e0
+__run_timers.part.0+0x569/0x940
+hidp_session_probe+0x780/0x780
+call_timer_fn+0x1e0/0x1e0
+ktime_get+0x5c/0xf0
+lapic_next_deadline+0x2c/0x40
+clockevents_program_event+0x205/0x320
+run_timer_softirq+0xa9/0x1b0
+__do_softirq+0x1b9/0x641
+__irq_exit_rcu+0xdc/0x190
+irq_exit_rcu+0xe/0x20
+sysvec_apic_timer_interrupt+0xa1/0xc0
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Min Li <lm0963hack@gmail.com>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bluetooth/hidp/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/bluetooth/hidp/core.c
++++ b/net/bluetooth/hidp/core.c
+@@ -433,7 +433,7 @@ static void hidp_set_timer(struct hidp_s
+ static void hidp_del_timer(struct hidp_session *session)
+ {
+ if (session->idle_to > 0)
+- del_timer(&session->timer);
++ del_timer_sync(&session->timer);
+ }
+
+ static void hidp_process_report(struct hidp_session *session, int type,
--- /dev/null
+From 0f00cd322d22d4441de51aa80bcce5bb6a8cbb44 Mon Sep 17 00:00:00 2001
+From: Archie Pusaka <apusaka@chromium.org>
+Date: Fri, 3 Feb 2023 17:30:55 +0800
+Subject: Bluetooth: Free potentially unfreed SCO connection
+
+From: Archie Pusaka <apusaka@chromium.org>
+
+commit 0f00cd322d22d4441de51aa80bcce5bb6a8cbb44 upstream.
+
+It is possible to initiate a SCO connection while deleting the
+corresponding ACL connection, e.g. in below scenario:
+
+(1) < hci setup sync connect command
+(2) > hci disconn complete event (for the acl connection)
+(3) > hci command complete event (for(1), failure)
+
+When it happens, hci_cs_setup_sync_conn won't be able to obtain the
+reference to the SCO connection, so it will be stuck and potentially
+hinder subsequent connections to the same device.
+
+This patch prevents that by also deleting the SCO connection if it is
+still not established when the corresponding ACL connection is deleted.
+
+Signed-off-by: Archie Pusaka <apusaka@chromium.org>
+Reviewed-by: Ying Hsu <yinghsu@chromium.org>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bluetooth/hci_conn.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/net/bluetooth/hci_conn.c
++++ b/net/bluetooth/hci_conn.c
+@@ -1061,8 +1061,15 @@ int hci_conn_del(struct hci_conn *conn)
+
+ if (conn->type == ACL_LINK) {
+ struct hci_conn *sco = conn->link;
+- if (sco)
++ if (sco) {
+ sco->link = NULL;
++ /* Due to race, SCO connection might be not established
++ * yet at this point. Delete it now, otherwise it is
++ * possible for it to be stuck and can't be deleted.
++ */
++ if (sco->handle == HCI_CONN_HANDLE_UNSET)
++ hci_conn_del(sco);
++ }
+
+ /* Unacked frames */
+ hdev->acl_cnt += conn->sent;
--- /dev/null
+From 5dc7d23e167e2882ef118456ceccd57873e876d8 Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Mon, 3 Apr 2023 14:19:14 -0700
+Subject: Bluetooth: hci_conn: Fix possible UAF
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+commit 5dc7d23e167e2882ef118456ceccd57873e876d8 upstream.
+
+This fixes the following trace:
+
+==================================================================
+BUG: KASAN: slab-use-after-free in hci_conn_del+0xba/0x3a0
+Write of size 8 at addr ffff88800208e9c8 by task iso-tester/31
+
+CPU: 0 PID: 31 Comm: iso-tester Not tainted 6.3.0-rc2-g991aa4a69a47
+ #4716
+Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.1-2.fc36
+04/01/2014
+Call Trace:
+ <TASK>
+ dump_stack_lvl+0x1d/0x70
+ print_report+0xce/0x610
+ ? __virt_addr_valid+0xd4/0x150
+ ? hci_conn_del+0xba/0x3a0
+ kasan_report+0xdd/0x110
+ ? hci_conn_del+0xba/0x3a0
+ hci_conn_del+0xba/0x3a0
+ hci_conn_hash_flush+0xf2/0x120
+ hci_dev_close_sync+0x388/0x920
+ hci_unregister_dev+0x122/0x260
+ vhci_release+0x4f/0x90
+ __fput+0x102/0x430
+ task_work_run+0xf1/0x160
+ ? __pfx_task_work_run+0x10/0x10
+ ? mark_held_locks+0x24/0x90
+ exit_to_user_mode_prepare+0x170/0x180
+ syscall_exit_to_user_mode+0x19/0x50
+ do_syscall_64+0x4e/0x90
+ entry_SYSCALL_64_after_hwframe+0x70/0xda
+
+Fixes: 0f00cd322d22 ("Bluetooth: Free potentially unfreed SCO connection")
+Link: https://syzkaller.appspot.com/bug?extid=8bb72f86fc823817bc5d
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bluetooth/hci_conn.c | 30 ++++++++++++++++++++++++------
+ 1 file changed, 24 insertions(+), 6 deletions(-)
+
+--- a/net/bluetooth/hci_conn.c
++++ b/net/bluetooth/hci_conn.c
+@@ -1049,6 +1049,17 @@ struct hci_conn *hci_conn_add(struct hci
+ return conn;
+ }
+
++static bool hci_conn_unlink(struct hci_conn *conn)
++{
++ if (!conn->link)
++ return false;
++
++ conn->link->link = NULL;
++ conn->link = NULL;
++
++ return true;
++}
++
+ int hci_conn_del(struct hci_conn *conn)
+ {
+ struct hci_dev *hdev = conn->hdev;
+@@ -1060,15 +1071,16 @@ int hci_conn_del(struct hci_conn *conn)
+ cancel_delayed_work_sync(&conn->idle_work);
+
+ if (conn->type == ACL_LINK) {
+- struct hci_conn *sco = conn->link;
+- if (sco) {
+- sco->link = NULL;
++ struct hci_conn *link = conn->link;
++
++ if (link) {
++ hci_conn_unlink(conn);
+ /* Due to race, SCO connection might be not established
+ * yet at this point. Delete it now, otherwise it is
+ * possible for it to be stuck and can't be deleted.
+ */
+- if (sco->handle == HCI_CONN_HANDLE_UNSET)
+- hci_conn_del(sco);
++ if (link->handle == HCI_CONN_HANDLE_UNSET)
++ hci_conn_del(link);
+ }
+
+ /* Unacked frames */
+@@ -1084,7 +1096,7 @@ int hci_conn_del(struct hci_conn *conn)
+ struct hci_conn *acl = conn->link;
+
+ if (acl) {
+- acl->link = NULL;
++ hci_conn_unlink(conn);
+ hci_conn_drop(acl);
+ }
+
+@@ -2436,6 +2448,12 @@ void hci_conn_hash_flush(struct hci_dev
+ c->state = BT_CLOSED;
+
+ hci_disconn_cfm(c, HCI_ERROR_LOCAL_HOST_TERM);
++
++ /* Unlink before deleting otherwise it is possible that
++ * hci_conn_del removes the link which may cause the list to
++ * contain items already freed.
++ */
++ hci_conn_unlink(c);
+ hci_conn_del(c);
+ }
+ }
--- /dev/null
+From a2a9339e1c9deb7e1e079e12e27a0265aea8421a Mon Sep 17 00:00:00 2001
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Date: Thu, 6 Apr 2023 09:33:09 -0700
+Subject: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
+
+From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+
+commit a2a9339e1c9deb7e1e079e12e27a0265aea8421a upstream.
+
+Similar to commit d0be8347c623 ("Bluetooth: L2CAP: Fix use-after-free
+caused by l2cap_chan_put"), just use l2cap_chan_hold_unless_zero to
+prevent referencing a channel that is about to be destroyed.
+
+Cc: stable@kernel.org
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Min Li <lm0963hack@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bluetooth/l2cap_core.c | 24 ++++++------------------
+ 1 file changed, 6 insertions(+), 18 deletions(-)
+
+--- a/net/bluetooth/l2cap_core.c
++++ b/net/bluetooth/l2cap_core.c
+@@ -4652,33 +4652,27 @@ static inline int l2cap_disconnect_req(s
+
+ BT_DBG("scid 0x%4.4x dcid 0x%4.4x", scid, dcid);
+
+- mutex_lock(&conn->chan_lock);
+-
+- chan = __l2cap_get_chan_by_scid(conn, dcid);
++ chan = l2cap_get_chan_by_scid(conn, dcid);
+ if (!chan) {
+- mutex_unlock(&conn->chan_lock);
+ cmd_reject_invalid_cid(conn, cmd->ident, dcid, scid);
+ return 0;
+ }
+
+- l2cap_chan_hold(chan);
+- l2cap_chan_lock(chan);
+-
+ rsp.dcid = cpu_to_le16(chan->scid);
+ rsp.scid = cpu_to_le16(chan->dcid);
+ l2cap_send_cmd(conn, cmd->ident, L2CAP_DISCONN_RSP, sizeof(rsp), &rsp);
+
+ chan->ops->set_shutdown(chan);
+
++ mutex_lock(&conn->chan_lock);
+ l2cap_chan_del(chan, ECONNRESET);
++ mutex_unlock(&conn->chan_lock);
+
+ chan->ops->close(chan);
+
+ l2cap_chan_unlock(chan);
+ l2cap_chan_put(chan);
+
+- mutex_unlock(&conn->chan_lock);
+-
+ return 0;
+ }
+
+@@ -4698,33 +4692,27 @@ static inline int l2cap_disconnect_rsp(s
+
+ BT_DBG("dcid 0x%4.4x scid 0x%4.4x", dcid, scid);
+
+- mutex_lock(&conn->chan_lock);
+-
+- chan = __l2cap_get_chan_by_scid(conn, scid);
++ chan = l2cap_get_chan_by_scid(conn, scid);
+ if (!chan) {
+ mutex_unlock(&conn->chan_lock);
+ return 0;
+ }
+
+- l2cap_chan_hold(chan);
+- l2cap_chan_lock(chan);
+-
+ if (chan->state != BT_DISCONN) {
+ l2cap_chan_unlock(chan);
+ l2cap_chan_put(chan);
+- mutex_unlock(&conn->chan_lock);
+ return 0;
+ }
+
++ mutex_lock(&conn->chan_lock);
+ l2cap_chan_del(chan, 0);
++ mutex_unlock(&conn->chan_lock);
+
+ chan->ops->close(chan);
+
+ l2cap_chan_unlock(chan);
+ l2cap_chan_put(chan);
+
+- mutex_unlock(&conn->chan_lock);
+-
+ return 0;
+ }
+
--- /dev/null
+From 68d99ab0e9221ef54506f827576c5a914680eeaf Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Wed, 29 Mar 2023 09:13:05 +0900
+Subject: btrfs: fix fast csum implementation detection
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 68d99ab0e9221ef54506f827576c5a914680eeaf upstream.
+
+The BTRFS_FS_CSUM_IMPL_FAST flag is currently set whenever a non-generic
+crc32c is detected, which is the incorrect check if the file system uses
+a different checksumming algorithm. Refactor the code to only check
+this if crc32c is actually used. Note that in an ideal world the
+information if an algorithm is hardware accelerated or not should be
+provided by the crypto API instead, but that's left for another day.
+
+CC: stable@vger.kernel.org # 5.4.x: c8a5f8ca9a9c: btrfs: print checksum type and implementation at mount time
+CC: stable@vger.kernel.org # 5.4.x
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/disk-io.c | 14 ++++++++++++++
+ fs/btrfs/super.c | 2 --
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/disk-io.c
++++ b/fs/btrfs/disk-io.c
+@@ -2433,6 +2433,20 @@ static int btrfs_init_csum_hash(struct b
+
+ fs_info->csum_shash = csum_shash;
+
++ /*
++ * Check if the checksum implementation is a fast accelerated one.
++ * As-is this is a bit of a hack and should be replaced once the csum
++ * implementations provide that information themselves.
++ */
++ switch (csum_type) {
++ case BTRFS_CSUM_TYPE_CRC32:
++ if (!strstr(crypto_shash_driver_name(csum_shash), "generic"))
++ set_bit(BTRFS_FS_CSUM_IMPL_FAST, &fs_info->flags);
++ break;
++ default:
++ break;
++ }
++
+ btrfs_info(fs_info, "using %s (%s) checksum algorithm",
+ btrfs_super_csum_name(csum_type),
+ crypto_shash_driver_name(csum_shash));
+--- a/fs/btrfs/super.c
++++ b/fs/btrfs/super.c
+@@ -1515,8 +1515,6 @@ static struct dentry *btrfs_mount_root(s
+ shrinker_debugfs_rename(&s->s_shrink, "sb-%s:%s", fs_type->name,
+ s->s_id);
+ btrfs_sb(s)->bdev_holder = fs_type;
+- if (!strstr(crc32c_impl(), "generic"))
+- set_bit(BTRFS_FS_CSUM_IMPL_FAST, &fs_info->flags);
+ error = btrfs_fill_super(s, fs_devices, data);
+ }
+ if (!error)
--- /dev/null
+From 40fac6472f22a59f5694496e179988ab4a1dfe07 Mon Sep 17 00:00:00 2001
+From: Christoph Hellwig <hch@lst.de>
+Date: Tue, 28 Mar 2023 12:56:13 +0900
+Subject: btrfs: restore the thread_pool= behavior in remount for the end I/O workqueues
+
+From: Christoph Hellwig <hch@lst.de>
+
+commit 40fac6472f22a59f5694496e179988ab4a1dfe07 upstream.
+
+Commit d7b9416fe5c5 ("btrfs: remove btrfs_end_io_wq") converted the read
+and I/O handling from btrfs_workqueues to Linux workqueues, and as part
+of that lost the code to apply the thread_pool= based max_active limit
+on remount. Restore it.
+
+Fixes: d7b9416fe5c5 ("btrfs: remove btrfs_end_io_wq")
+CC: stable@vger.kernel.org # 6.0+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/super.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/btrfs/super.c
++++ b/fs/btrfs/super.c
+@@ -1630,6 +1630,8 @@ static void btrfs_resize_thread_pool(str
+ btrfs_workqueue_set_max(fs_info->hipri_workers, new_pool_size);
+ btrfs_workqueue_set_max(fs_info->delalloc_workers, new_pool_size);
+ btrfs_workqueue_set_max(fs_info->caching_workers, new_pool_size);
++ workqueue_set_max_active(fs_info->endio_workers, new_pool_size);
++ workqueue_set_max_active(fs_info->endio_meta_workers, new_pool_size);
+ btrfs_workqueue_set_max(fs_info->endio_write_workers, new_pool_size);
+ btrfs_workqueue_set_max(fs_info->endio_freespace_worker, new_pool_size);
+ btrfs_workqueue_set_max(fs_info->delayed_workers, new_pool_size);
--- /dev/null
+From 6fd33a3333c7916689b8f051a185defe4dd515b0 Mon Sep 17 00:00:00 2001
+From: Daniel Vetter <daniel.vetter@ffwll.ch>
+Date: Tue, 4 Apr 2023 21:39:34 +0200
+Subject: fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Daniel Vetter <daniel.vetter@ffwll.ch>
+
+commit 6fd33a3333c7916689b8f051a185defe4dd515b0 upstream.
+
+This is an oversight from dc5bdb68b5b3 ("drm/fb-helper: Fix vt
+restore") - I failed to realize that nasty userspace could set this.
+
+It's not pretty to mix up kernel-internal and userspace uapi flags
+like this, but since the entire fb_var_screeninfo structure is uapi
+we'd need to either add a new parameter to the ->fb_set_par callback
+and fb_set_par() function, which has a _lot_ of users. Or some other
+fairly ugly side-channel int fb_info. Neither is a pretty prospect.
+
+Instead just correct the issue at hand by filtering out this
+kernel-internal flag in the ioctl handling code.
+
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Acked-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
+Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
+Fixes: dc5bdb68b5b3 ("drm/fb-helper: Fix vt restore")
+Cc: Alex Deucher <alexander.deucher@amd.com>
+Cc: shlomo@fastmail.com
+Cc: Michel Dänzer <michel@daenzer.net>
+Cc: Noralf Trønnes <noralf@tronnes.org>
+Cc: Thomas Zimmermann <tzimmermann@suse.de>
+Cc: Daniel Vetter <daniel.vetter@intel.com>
+Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
+Cc: Maxime Ripard <mripard@kernel.org>
+Cc: David Airlie <airlied@linux.ie>
+Cc: Daniel Vetter <daniel@ffwll.ch>
+Cc: dri-devel@lists.freedesktop.org
+Cc: <stable@vger.kernel.org> # v5.7+
+Cc: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
+Cc: Geert Uytterhoeven <geert@linux-m68k.org>
+Cc: Nathan Chancellor <natechancellor@gmail.com>
+Cc: Qiujun Huang <hqjagain@gmail.com>
+Cc: Peter Rosin <peda@axentia.se>
+Cc: linux-fbdev@vger.kernel.org
+Cc: Helge Deller <deller@gmx.de>
+Cc: Sam Ravnborg <sam@ravnborg.org>
+Cc: Geert Uytterhoeven <geert+renesas@glider.be>
+Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
+Cc: Shigeru Yoshida <syoshida@redhat.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230404193934.472457-1-daniel.vetter@ffwll.ch
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/core/fbmem.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/video/fbdev/core/fbmem.c
++++ b/drivers/video/fbdev/core/fbmem.c
+@@ -1117,6 +1117,8 @@ static long do_fb_ioctl(struct fb_info *
+ case FBIOPUT_VSCREENINFO:
+ if (copy_from_user(&var, argp, sizeof(var)))
+ return -EFAULT;
++ /* only for kernel-internal use */
++ var.activate &= ~FB_ACTIVATE_KD_TEXT;
+ console_lock();
+ lock_fb_info(info);
+ ret = fbcon_modechange_possible(info, &var);
revert-pinctrl-amd-disable-and-mask-interrupts-on-resume.patch
drm-amd-display-pass-the-right-info-to-drm_dp_remove_payload.patch
drm-i915-workaround-icl-csc_mode-sticky-arming.patch
+alsa-emu10k1-fix-capture-interrupt-handler-unlinking.patch
+alsa-hda-sigmatel-add-pin-overrides-for-intel-dp45sg-motherboard.patch
+alsa-i2c-cs8427-fix-iec958-mixer-control-deactivation.patch
+alsa-hda-patch_realtek-add-quirk-for-asus-n7601zm.patch
+alsa-hda-realtek-add-quirks-for-lenovo-z13-z16-gen2.patch
+alsa-firewire-tascam-add-missing-unwind-goto-in-snd_tscm_stream_start_duplex.patch
+alsa-emu10k1-don-t-create-old-pass-through-playback-device-on-audigy.patch
+alsa-hda-sigmatel-fix-s-pdif-out-on-intel-d-45-motherboards.patch
+alsa-hda-hdmi-disable-kae-for-intel-dg2.patch
+bluetooth-l2cap-fix-use-after-free-in-l2cap_disconnect_-req-rsp.patch
+bluetooth-fix-race-condition-in-hidp_session_thread.patch
+bluetooth-btbcm-fix-logic-error-in-forming-the-board-name.patch
+bluetooth-free-potentially-unfreed-sco-connection.patch
+bluetooth-hci_conn-fix-possible-uaf.patch
+btrfs-restore-the-thread_pool-behavior-in-remount-for-the-end-i-o-workqueues.patch
+btrfs-fix-fast-csum-implementation-detection.patch
+fbmem-reject-fb_activate_kd_text-from-userspace.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
