--- /dev/null
+From 144a0b0905d519c3ecc3917d23f3e6653294608f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 22 Mar 2023 11:59:26 +0800
+Subject: block: don't set GD_NEED_PART_SCAN if scan partition failed
+
+From: Yu Kuai <yukuai3@huawei.com>
+
+[ Upstream commit 3723091ea1884d599cc8b8bf719d6f42e8d4d8b1 ]
+
+Currently if disk_scan_partitions() failed, GD_NEED_PART_SCAN will still
+set, and partition scan will be proceed again when blkdev_get_by_dev()
+is called. However, this will cause a problem that re-assemble partitioned
+raid device will creat partition for underlying disk.
+
+Test procedure:
+
+mdadm -CR /dev/md0 -l 1 -n 2 /dev/sda /dev/sdb -e 1.0
+sgdisk -n 0:0:+100MiB /dev/md0
+blockdev --rereadpt /dev/sda
+blockdev --rereadpt /dev/sdb
+mdadm -S /dev/md0
+mdadm -A /dev/md0 /dev/sda /dev/sdb
+
+Test result: underlying disk partition and raid partition can be
+observed at the same time
+
+Note that this can still happen in come corner cases that
+GD_NEED_PART_SCAN can be set for underlying disk while re-assemble raid
+device.
+
+Fixes: e5cfefa97bcc ("block: fix scan partition for exclusively open device again")
+Reviewed-by: Jan Kara <jack@suse.cz>
+Reviewed-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Yu Kuai <yukuai3@huawei.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ block/genhd.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/block/genhd.c b/block/genhd.c
+index 9c4c9aa559ab8..7082032636035 100644
+--- a/block/genhd.c
++++ b/block/genhd.c
+@@ -368,7 +368,6 @@ int disk_scan_partitions(struct gendisk *disk, fmode_t mode)
+ if (disk->open_partitions)
+ return -EBUSY;
+
+- set_bit(GD_NEED_PART_SCAN, &disk->state);
+ /*
+ * If the device is opened exclusively by current thread already, it's
+ * safe to scan partitons, otherwise, use bd_prepare_to_claim() to
+@@ -381,12 +380,19 @@ int disk_scan_partitions(struct gendisk *disk, fmode_t mode)
+ return ret;
+ }
+
++ set_bit(GD_NEED_PART_SCAN, &disk->state);
+ bdev = blkdev_get_by_dev(disk_devt(disk), mode & ~FMODE_EXCL, NULL);
+ if (IS_ERR(bdev))
+ ret = PTR_ERR(bdev);
+ else
+ blkdev_put(bdev, mode & ~FMODE_EXCL);
+
++ /*
++ * If blkdev_get_by_dev() failed early, GD_NEED_PART_SCAN is still set,
++ * and this will cause that re-assemble partitioned raid device will
++ * creat partition for underlying disk.
++ */
++ clear_bit(GD_NEED_PART_SCAN, &disk->state);
+ if (!(mode & FMODE_EXCL))
+ bd_abort_claiming(disk->part0, disk_scan_partitions);
+ return ret;
+--
+2.39.2
+
--- /dev/null
+From 3bff7b9564ddb4f59dcf10542fb9f60cfb69ccba Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 6 Apr 2023 20:40:59 +0800
+Subject: block: ublk: make sure that block size is set correctly
+
+From: Ming Lei <ming.lei@redhat.com>
+
+[ Upstream commit 1d1665279a845d16c93687389e364386e3fe0f38 ]
+
+block size is one very key setting for block layer, and bad block size
+could panic kernel easily.
+
+Make sure that block size is set correctly.
+
+Meantime if ublk_validate_params() fails, clear ub->params so that disk
+is prevented from being added.
+
+Fixes: 71f28f3136af ("ublk_drv: add io_uring based userspace block driver")
+Reported-and-tested-by: Breno Leitao <leitao@debian.org>
+Signed-off-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/block/ublk_drv.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c
+index 22a790d512842..341f490fdbb02 100644
+--- a/drivers/block/ublk_drv.c
++++ b/drivers/block/ublk_drv.c
+@@ -233,7 +233,7 @@ static int ublk_validate_params(const struct ublk_device *ub)
+ if (ub->params.types & UBLK_PARAM_TYPE_BASIC) {
+ const struct ublk_param_basic *p = &ub->params.basic;
+
+- if (p->logical_bs_shift > PAGE_SHIFT)
++ if (p->logical_bs_shift > PAGE_SHIFT || p->logical_bs_shift < 9)
+ return -EINVAL;
+
+ if (p->logical_bs_shift > p->physical_bs_shift)
+@@ -1886,6 +1886,8 @@ static int ublk_ctrl_set_params(struct io_uring_cmd *cmd)
+ /* clear all we don't support yet */
+ ub->params.types &= UBLK_PARAM_TYPE_ALL;
+ ret = ublk_validate_params(ub);
++ if (ret)
++ ub->params.types = 0;
+ }
+ mutex_unlock(&ub->mutex);
+ ublk_put_device(ub);
+--
+2.39.2
+
--- /dev/null
+From 5c9b8eb07ede32a2ba1698873c9dfee82b4925bd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 5 Apr 2023 10:16:48 -0300
+Subject: cifs: sanitize paths in cifs_update_super_prepath.
+
+From: Thiago Rafael Becker <tbecker@redhat.com>
+
+[ Upstream commit d19342c6609b67f2ba83b9eccca2777e3687f625 ]
+
+After a server reboot, clients are failing to move files with ENOENT.
+This is caused by DFS referrals containing multiple separators, which
+the server move call doesn't recognize.
+
+v1: Initial patch.
+v2: Move prototype to header.
+
+Link: https://bugzilla.redhat.com/show_bug.cgi?id=2182472
+Fixes: a31080899d5f ("cifs: sanitize multiple delimiters in prepath")
+Actually-Fixes: 24e0a1eff9e2 ("cifs: switch to new mount api")
+Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
+Signed-off-by: Thiago Rafael Becker <tbecker@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/cifs/fs_context.c | 13 +++++++------
+ fs/cifs/fs_context.h | 3 +++
+ fs/cifs/misc.c | 2 +-
+ 3 files changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/fs/cifs/fs_context.c b/fs/cifs/fs_context.c
+index 6d13f8207e96a..ace11a1a7c8ab 100644
+--- a/fs/cifs/fs_context.c
++++ b/fs/cifs/fs_context.c
+@@ -441,13 +441,14 @@ int smb3_parse_opt(const char *options, const char *key, char **val)
+ * but there are some bugs that prevent rename from working if there are
+ * multiple delimiters.
+ *
+- * Returns a sanitized duplicate of @path. The caller is responsible for
+- * cleaning up the original.
++ * Returns a sanitized duplicate of @path. @gfp indicates the GFP_* flags
++ * for kstrdup.
++ * The caller is responsible for freeing the original.
+ */
+ #define IS_DELIM(c) ((c) == '/' || (c) == '\\')
+-static char *sanitize_path(char *path)
++char *cifs_sanitize_prepath(char *prepath, gfp_t gfp)
+ {
+- char *cursor1 = path, *cursor2 = path;
++ char *cursor1 = prepath, *cursor2 = prepath;
+
+ /* skip all prepended delimiters */
+ while (IS_DELIM(*cursor1))
+@@ -469,7 +470,7 @@ static char *sanitize_path(char *path)
+ cursor2--;
+
+ *(cursor2) = '\0';
+- return kstrdup(path, GFP_KERNEL);
++ return kstrdup(prepath, gfp);
+ }
+
+ /*
+@@ -531,7 +532,7 @@ smb3_parse_devname(const char *devname, struct smb3_fs_context *ctx)
+ if (!*pos)
+ return 0;
+
+- ctx->prepath = sanitize_path(pos);
++ ctx->prepath = cifs_sanitize_prepath(pos, GFP_KERNEL);
+ if (!ctx->prepath)
+ return -ENOMEM;
+
+diff --git a/fs/cifs/fs_context.h b/fs/cifs/fs_context.h
+index 3de00e7127ec4..f4eaf85589022 100644
+--- a/fs/cifs/fs_context.h
++++ b/fs/cifs/fs_context.h
+@@ -287,4 +287,7 @@ extern void smb3_update_mnt_flags(struct cifs_sb_info *cifs_sb);
+ */
+ #define SMB3_MAX_DCLOSETIMEO (1 << 30)
+ #define SMB3_DEF_DCLOSETIMEO (1 * HZ) /* even 1 sec enough to help eg open/write/close/open/read */
++
++extern char *cifs_sanitize_prepath(char *prepath, gfp_t gfp);
++
+ #endif
+diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
+index 5542893ef03f7..2fae6b08314d9 100644
+--- a/fs/cifs/misc.c
++++ b/fs/cifs/misc.c
+@@ -1297,7 +1297,7 @@ int cifs_update_super_prepath(struct cifs_sb_info *cifs_sb, char *prefix)
+ kfree(cifs_sb->prepath);
+
+ if (prefix && *prefix) {
+- cifs_sb->prepath = kstrdup(prefix, GFP_ATOMIC);
++ cifs_sb->prepath = cifs_sanitize_prepath(prefix, GFP_ATOMIC);
+ if (!cifs_sb->prepath)
+ return -ENOMEM;
+
+--
+2.39.2
+
--- /dev/null
+From 945773f3f905cb41aef6284e84ff9ecbf740adf2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 20 Jan 2023 13:46:45 +0100
+Subject: iio: adc: ad7791: fix IRQ flags
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Nuno Sá <nuno.sa@analog.com>
+
+[ Upstream commit 0c6ef985a1fd8a74dcb5cad941ddcadd55cb8697 ]
+
+The interrupt is triggered on the falling edge rather than being a level
+low interrupt.
+
+Fixes: da4d3d6bb9f6 ("iio: adc: ad-sigma-delta: Allow custom IRQ flags")
+Signed-off-by: Nuno Sá <nuno.sa@analog.com>
+Link: https://lore.kernel.org/r/20230120124645.819910-1-nuno.sa@analog.com
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/iio/adc/ad7791.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/iio/adc/ad7791.c b/drivers/iio/adc/ad7791.c
+index fee8d129a5f08..86effe8501b44 100644
+--- a/drivers/iio/adc/ad7791.c
++++ b/drivers/iio/adc/ad7791.c
+@@ -253,7 +253,7 @@ static const struct ad_sigma_delta_info ad7791_sigma_delta_info = {
+ .has_registers = true,
+ .addr_shift = 4,
+ .read_mask = BIT(3),
+- .irq_flags = IRQF_TRIGGER_LOW,
++ .irq_flags = IRQF_TRIGGER_FALLING,
+ };
+
+ static int ad7791_read_raw(struct iio_dev *indio_dev,
+--
+2.39.2
+
--- /dev/null
+From 0ed00dcb0c795efc0722ccd715affe4370038f66 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 1 Apr 2023 20:50:39 +0100
+Subject: io_uring: fix memory leak when removing provided buffers
+
+From: Wojciech Lukowicz <wlukowicz01@gmail.com>
+
+[ Upstream commit b4a72c0589fdea6259720375426179888969d6a2 ]
+
+When removing provided buffers, io_buffer structs are not being disposed
+of, leading to a memory leak. They can't be freed individually, because
+they are allocated in page-sized groups. They need to be added to some
+free list instead, such as io_buffers_cache. All callers already hold
+the lock protecting it, apart from when destroying buffers, so had to
+extend the lock there.
+
+Fixes: cc3cec8367cb ("io_uring: speedup provided buffer handling")
+Signed-off-by: Wojciech Lukowicz <wlukowicz01@gmail.com>
+Link: https://lore.kernel.org/r/20230401195039.404909-2-wlukowicz01@gmail.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ io_uring/io_uring.c | 2 +-
+ io_uring/kbuf.c | 5 ++++-
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
+index a4e9dbc7b67a8..add5cff7952c5 100644
+--- a/io_uring/io_uring.c
++++ b/io_uring/io_uring.c
+@@ -2722,8 +2722,8 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx)
+ io_eventfd_unregister(ctx);
+ io_alloc_cache_free(&ctx->apoll_cache, io_apoll_cache_free);
+ io_alloc_cache_free(&ctx->netmsg_cache, io_netmsg_cache_free);
+- mutex_unlock(&ctx->uring_lock);
+ io_destroy_buffers(ctx);
++ mutex_unlock(&ctx->uring_lock);
+ if (ctx->sq_creds)
+ put_cred(ctx->sq_creds);
+ if (ctx->submitter_task)
+diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c
+index 0fdcc0adbdbcc..a90c820ce99e1 100644
+--- a/io_uring/kbuf.c
++++ b/io_uring/kbuf.c
+@@ -228,11 +228,14 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx,
+ return i;
+ }
+
++ /* protects io_buffers_cache */
++ lockdep_assert_held(&ctx->uring_lock);
++
+ while (!list_empty(&bl->buf_list)) {
+ struct io_buffer *nxt;
+
+ nxt = list_first_entry(&bl->buf_list, struct io_buffer, list);
+- list_del(&nxt->list);
++ list_move(&nxt->list, &ctx->io_buffers_cache);
+ if (++i == nbufs)
+ return i;
+ cond_resched();
+--
+2.39.2
+
--- /dev/null
+From 1178eb563633769ee3789faceb33d3c9254fb859 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 1 Apr 2023 20:50:38 +0100
+Subject: io_uring: fix return value when removing provided buffers
+
+From: Wojciech Lukowicz <wlukowicz01@gmail.com>
+
+[ Upstream commit c0921e51dab767ef5adf6175c4a0ba3c6e1074a3 ]
+
+When a request to remove buffers is submitted, and the given number to be
+removed is larger than available in the specified buffer group, the
+resulting CQE result will be the number of removed buffers + 1, which is
+1 more than it should be.
+
+Previously, the head was part of the list and it got removed after the
+loop, so the increment was needed. Now, the head is not an element of
+the list, so the increment shouldn't be there anymore.
+
+Fixes: dbc7d452e7cf ("io_uring: manage provided buffers strictly ordered")
+Signed-off-by: Wojciech Lukowicz <wlukowicz01@gmail.com>
+Link: https://lore.kernel.org/r/20230401195039.404909-2-wlukowicz01@gmail.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ io_uring/kbuf.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c
+index 3002dc8271959..0fdcc0adbdbcc 100644
+--- a/io_uring/kbuf.c
++++ b/io_uring/kbuf.c
+@@ -228,7 +228,6 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx,
+ return i;
+ }
+
+- /* the head kbuf is the list itself */
+ while (!list_empty(&bl->buf_list)) {
+ struct io_buffer *nxt;
+
+@@ -238,7 +237,6 @@ static int __io_remove_buffers(struct io_ring_ctx *ctx,
+ return i;
+ cond_resched();
+ }
+- i++;
+
+ return i;
+ }
+--
+2.39.2
+
--- /dev/null
+From d867fed2083361a158a1b7340f6b21ff7fd58caa Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 3 Apr 2023 13:09:25 -0700
+Subject: nvme: fix discard support without oncs
+
+From: Keith Busch <kbusch@kernel.org>
+
+[ Upstream commit d3205ab75e99a47539ec91ef85ba488f4ddfeaa9 ]
+
+The device can report discard support without setting the ONCS DSM bit.
+When not set, the driver clears max_discard_size expecting it to be set
+later. We don't know the size until we have the namespace format,
+though, so setting it is deferred until configuring one, but the driver
+was abandoning the discard settings due to that initial clearing.
+
+Move the max_discard_size calculation above the check for a '0' discard
+size.
+
+Fixes: 1a86924e4f46475 ("nvme: fix interpretation of DMRSL")
+Reported-by: Laurence Oberman <loberman@redhat.com>
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+Reviewed-by: Niklas Cassel <niklas.cassel@wdc.com>
+Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
+Tested-by: Laurence Oberman <loberman@redhat.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/host/core.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c
+index 70b5e891f6b3b..ee1b075d12cfc 100644
+--- a/drivers/nvme/host/core.c
++++ b/drivers/nvme/host/core.c
+@@ -1717,6 +1717,9 @@ static void nvme_config_discard(struct gendisk *disk, struct nvme_ns *ns)
+ struct request_queue *queue = disk->queue;
+ u32 size = queue_logical_block_size(queue);
+
++ if (ctrl->dmrsl && ctrl->dmrsl <= nvme_sect_to_lba(ns, UINT_MAX))
++ ctrl->max_discard_sectors = nvme_lba_to_sect(ns, ctrl->dmrsl);
++
+ if (ctrl->max_discard_sectors == 0) {
+ blk_queue_max_discard_sectors(queue, 0);
+ return;
+@@ -1731,9 +1734,6 @@ static void nvme_config_discard(struct gendisk *disk, struct nvme_ns *ns)
+ if (queue->limits.max_discard_sectors)
+ return;
+
+- if (ctrl->dmrsl && ctrl->dmrsl <= nvme_sect_to_lba(ns, UINT_MAX))
+- ctrl->max_discard_sectors = nvme_lba_to_sect(ns, ctrl->dmrsl);
+-
+ blk_queue_max_discard_sectors(queue, ctrl->max_discard_sectors);
+ blk_queue_max_discard_segments(queue, ctrl->max_discard_segments);
+
+--
+2.39.2
+
--- /dev/null
+From 080a36991cb793bcbeeb6807510648f780414ef6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 22 Mar 2023 13:24:49 -0700
+Subject: perf/core: Fix the same task check in perf_event_set_output
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Kan Liang <kan.liang@linux.intel.com>
+
+[ Upstream commit 24d3ae2f37d8bc3c14b31d353c5d27baf582b6a6 ]
+
+The same task check in perf_event_set_output has some potential issues
+for some usages.
+
+For the current perf code, there is a problem if using of
+perf_event_open() to have multiple samples getting into the same mmap’d
+memory when they are both attached to the same process.
+https://lore.kernel.org/all/92645262-D319-4068-9C44-2409EF44888E@gmail.com/
+Because the event->ctx is not ready when the perf_event_set_output() is
+invoked in the perf_event_open().
+
+Besides the above issue, before the commit bd2756811766 ("perf: Rewrite
+core context handling"), perf record can errors out when sampling with
+a hardware event and a software event as below.
+ $ perf record -e cycles,dummy --per-thread ls
+ failed to mmap with 22 (Invalid argument)
+That's because that prior to the commit a hardware event and a software
+event are from different task context.
+
+The problem should be a long time issue since commit c3f00c70276d
+("perk: Separate find_get_context() from event initialization").
+
+The task struct is stored in the event->hw.target for each per-thread
+event. It is a more reliable way to determine whether two events are
+attached to the same task.
+
+The event->hw.target was also introduced several years ago by the
+commit 50f16a8bf9d7 ("perf: Remove type specific target pointers"). It
+can not only be used to fix the issue with the current code, but also
+back port to fix the issues with an older kernel.
+
+Note: The event->hw.target was introduced later than commit
+c3f00c70276d. The patch may cannot be applied between the commit
+c3f00c70276d and commit 50f16a8bf9d7. Anybody that wants to back-port
+this at that period may have to find other solutions.
+
+Fixes: c3f00c70276d ("perf: Separate find_get_context() from event initialization")
+Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Reviewed-by: Zhengjun Xing <zhengjun.xing@linux.intel.com>
+Link: https://lkml.kernel.org/r/20230322202449.512091-1-kan.liang@linux.intel.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/events/core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 4b3205f6bed5e..daecb8c9126b0 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -12155,7 +12155,7 @@ perf_event_set_output(struct perf_event *event, struct perf_event *output_event)
+ /*
+ * If its not a per-cpu rb, it must be the same task.
+ */
+- if (output_event->cpu == -1 && output_event->ctx != event->ctx)
++ if (output_event->cpu == -1 && output_event->hw.target != event->hw.target)
+ goto out;
+
+ /*
+--
+2.39.2
+
--- /dev/null
+From 24a51b8ceb8373226899a73bebc5be99d14b18d6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 3 Apr 2023 11:08:58 +0200
+Subject: perf: Optimize perf_pmu_migrate_context()
+
+From: Peter Zijlstra <peterz@infradead.org>
+
+[ Upstream commit b168098912926236bbeebaf7795eb7aab76d2b45 ]
+
+Thomas reported that offlining CPUs spends a lot of time in
+synchronize_rcu() as called from perf_pmu_migrate_context() even though
+he's not actually using uncore events.
+
+Turns out, the thing is unconditionally waiting for RCU, even if there's
+no actual events to migrate.
+
+Fixes: 0cda4c023132 ("perf: Introduce perf_pmu_migrate_context()")
+Reported-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Tested-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
+Link: https://lkml.kernel.org/r/20230403090858.GT4253@hirez.programming.kicks-ass.net
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/events/core.c | 12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index fad170b475921..4b3205f6bed5e 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -12875,12 +12875,14 @@ void perf_pmu_migrate_context(struct pmu *pmu, int src_cpu, int dst_cpu)
+ __perf_pmu_remove(src_ctx, src_cpu, pmu, &src_ctx->pinned_groups, &events);
+ __perf_pmu_remove(src_ctx, src_cpu, pmu, &src_ctx->flexible_groups, &events);
+
+- /*
+- * Wait for the events to quiesce before re-instating them.
+- */
+- synchronize_rcu();
++ if (!list_empty(&events)) {
++ /*
++ * Wait for the events to quiesce before re-instating them.
++ */
++ synchronize_rcu();
+
+- __perf_pmu_install(dst_ctx, dst_cpu, pmu, &events);
++ __perf_pmu_install(dst_ctx, dst_cpu, pmu, &events);
++ }
+
+ mutex_unlock(&dst_ctx->mutex);
+ mutex_unlock(&src_ctx->mutex);
+--
+2.39.2
+
--- /dev/null
+From bbfcd189c0c6df3a212c53c3ffbfa6a1bc5336e6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 29 Mar 2023 15:17:39 +0800
+Subject: scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()
+
+From: Zhong Jinghua <zhongjinghua@huawei.com>
+
+[ Upstream commit 48b19b79cfa37b1e50da3b5a8af529f994c08901 ]
+
+The validity of sock should be checked before assignment to avoid incorrect
+values. Commit 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref
+while calling getpeername()") introduced this change which may lead to
+inconsistent values of tcp_sw_conn->sendpage and conn->datadgst_en.
+
+Fix the issue by moving the position of the assignment.
+
+Fixes: 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername()")
+Signed-off-by: Zhong Jinghua <zhongjinghua@huawei.com>
+Link: https://lore.kernel.org/r/20230329071739.2175268-1-zhongjinghua@huaweicloud.com
+Reviewed-by: Mike Christie <michael.christie@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/iscsi_tcp.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
+index 0454d94e8cf0d..e7a6fc01d9ca8 100644
+--- a/drivers/scsi/iscsi_tcp.c
++++ b/drivers/scsi/iscsi_tcp.c
+@@ -768,13 +768,12 @@ static int iscsi_sw_tcp_conn_set_param(struct iscsi_cls_conn *cls_conn,
+ iscsi_set_param(cls_conn, param, buf, buflen);
+ break;
+ case ISCSI_PARAM_DATADGST_EN:
+- iscsi_set_param(cls_conn, param, buf, buflen);
+-
+ mutex_lock(&tcp_sw_conn->sock_lock);
+ if (!tcp_sw_conn->sock) {
+ mutex_unlock(&tcp_sw_conn->sock_lock);
+ return -ENOTCONN;
+ }
++ iscsi_set_param(cls_conn, param, buf, buflen);
+ tcp_sw_conn->sendpage = conn->datadgst_en ?
+ sock_no_sendpage : tcp_sw_conn->sock->ops->sendpage;
+ mutex_unlock(&tcp_sw_conn->sock_lock);
+--
+2.39.2
+
--- /dev/null
+From ff6af1b0f9cd174d28c05e68258f9623cc865b3c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 25 Mar 2023 11:00:04 +0000
+Subject: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
+
+From: Li Zetao <lizetao1@huawei.com>
+
+[ Upstream commit 85ade4010e13ef152ea925c74d94253db92e5428 ]
+
+There is a memory leak reported by kmemleak:
+
+ unreferenced object 0xffffc900003f0000 (size 12288):
+ comm "modprobe", pid 19117, jiffies 4299751452 (age 42490.264s)
+ hex dump (first 32 bytes):
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ backtrace:
+ [<00000000629261a8>] __vmalloc_node_range+0xe56/0x1110
+ [<0000000001906886>] __vmalloc_node+0xbd/0x150
+ [<000000005bb4dc34>] vmalloc+0x25/0x30
+ [<00000000a2dc1194>] qla2x00_create_host+0x7a0/0xe30 [qla2xxx]
+ [<0000000062b14b47>] qla2x00_probe_one+0x2eb8/0xd160 [qla2xxx]
+ [<00000000641ccc04>] local_pci_probe+0xeb/0x1a0
+
+The root cause is traced to an error-handling path in qla2x00_probe_one()
+when the adapter "base_vha" initialize failed. The fab_scan_rp "scan.l" is
+used to record the port information and it is allocated in
+qla2x00_create_host(). However, it is not released in the error handling
+path "probe_failed".
+
+Fix this by freeing the memory of "scan.l" when an error occurs in the
+adapter initialization process.
+
+Fixes: a4239945b8ad ("scsi: qla2xxx: Add switch command to simplify fabric discovery")
+Signed-off-by: Li Zetao <lizetao1@huawei.com>
+Link: https://lore.kernel.org/r/20230325110004.363898-1-lizetao1@huawei.com
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/qla2xxx/qla_os.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
+index 02913cc75195b..901c5c8035ef2 100644
+--- a/drivers/scsi/qla2xxx/qla_os.c
++++ b/drivers/scsi/qla2xxx/qla_os.c
+@@ -3607,6 +3607,7 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
+ probe_failed:
+ qla_enode_stop(base_vha);
+ qla_edb_stop(base_vha);
++ vfree(base_vha->scan.l);
+ if (base_vha->gnl.l) {
+ dma_free_coherent(&ha->pdev->dev, base_vha->gnl.size,
+ base_vha->gnl.l, base_vha->gnl.ldma);
+--
+2.39.2
+
ksmbd-fix-slab-out-of-bounds-in-init_smb2_rsp_hdr.patch
alsa-hda-realtek-add-quirk-for-clevo-x370snw.patch
alsa-hda-realtek-fix-mute-micmute-leds-for-a-hp-probook.patch
+iio-adc-ad7791-fix-irq-flags.patch
+io_uring-fix-return-value-when-removing-provided-buf.patch
+io_uring-fix-memory-leak-when-removing-provided-buff.patch
+scsi-qla2xxx-fix-memory-leak-in-qla2x00_probe_one.patch
+scsi-iscsi_tcp-check-that-sock-is-valid-before-iscsi.patch
+nvme-fix-discard-support-without-oncs.patch
+cifs-sanitize-paths-in-cifs_update_super_prepath.patch
+block-ublk-make-sure-that-block-size-is-set-correctl.patch
+block-don-t-set-gd_need_part_scan-if-scan-partition-.patch
+perf-optimize-perf_pmu_migrate_context.patch
+perf-core-fix-the-same-task-check-in-perf_event_set_.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
