--- /dev/null
+From 819fe8c96a5172dfd960e5945e8f00f8fed32953 Mon Sep 17 00:00:00 2001
+From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
+Date: Fri, 12 Apr 2024 19:03:25 +0000
+Subject: arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration
+
+From: Volodymyr Babchuk <Volodymyr_Babchuk@epam.com>
+
+commit 819fe8c96a5172dfd960e5945e8f00f8fed32953 upstream.
+
+There are two issues with SDHC2 configuration for SA8155P-ADP,
+which prevent use of SDHC2 and causes issues with ethernet:
+
+- Card Detect pin for SHDC2 on SA8155P-ADP is connected to gpio4 of
+ PMM8155AU_1, not to SoC itself. SoC's gpio4 is used for DWMAC
+ TX. If sdhc driver probes after dwmac driver, it reconfigures
+ gpio4 and this breaks Ethernet MAC.
+
+- pinctrl configuration mentions gpio96 as CD pin. It seems it was
+ copied from some SM8150 example, because as mentioned above,
+ correct CD pin is gpio4 on PMM8155AU_1.
+
+This patch fixes both mentioned issues by providing correct pin handle
+and pinctrl configuration.
+
+Fixes: 0deb2624e2d0 ("arm64: dts: qcom: sa8155p-adp: Add support for uSD card")
+Cc: stable@vger.kernel.org
+Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
+Reviewed-by: Stephan Gerhold <stephan@gerhold.net>
+Link: https://lore.kernel.org/r/20240412190310.1647893-1-volodymyr_babchuk@epam.com
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/boot/dts/qcom/sa8155p-adp.dts | 30 +++++++++++++-----------------
+ 1 file changed, 13 insertions(+), 17 deletions(-)
+
+--- a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts
++++ b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts
+@@ -367,6 +367,16 @@
+ };
+ };
+
++&pmm8155au_1_gpios {
++ pmm8155au_1_sdc2_cd: sdc2-cd-default-state {
++ pins = "gpio4";
++ function = "normal";
++ input-enable;
++ bias-pull-up;
++ power-source = <0>;
++ };
++};
++
+ &qupv3_id_1 {
+ status = "okay";
+ };
+@@ -384,10 +394,10 @@
+ &sdhc_2 {
+ status = "okay";
+
+- cd-gpios = <&tlmm 4 GPIO_ACTIVE_LOW>;
++ cd-gpios = <&pmm8155au_1_gpios 4 GPIO_ACTIVE_LOW>;
+ pinctrl-names = "default", "sleep";
+- pinctrl-0 = <&sdc2_on>;
+- pinctrl-1 = <&sdc2_off>;
++ pinctrl-0 = <&sdc2_on &pmm8155au_1_sdc2_cd>;
++ pinctrl-1 = <&sdc2_off &pmm8155au_1_sdc2_cd>;
+ vqmmc-supply = <&vreg_l13c_2p96>; /* IO line power */
+ vmmc-supply = <&vreg_l17a_2p96>; /* Card power line */
+ bus-width = <4>;
+@@ -505,13 +515,6 @@
+ bias-pull-up; /* pull up */
+ drive-strength = <16>; /* 16 MA */
+ };
+-
+- sd-cd-pins {
+- pins = "gpio96";
+- function = "gpio";
+- bias-pull-up; /* pull up */
+- drive-strength = <2>; /* 2 MA */
+- };
+ };
+
+ sdc2_off: sdc2-off-state {
+@@ -532,13 +535,6 @@
+ bias-pull-up; /* pull up */
+ drive-strength = <2>; /* 2 MA */
+ };
+-
+- sd-cd-pins {
+- pins = "gpio96";
+- function = "gpio";
+- bias-pull-up; /* pull up */
+- drive-strength = <2>; /* 2 MA */
+- };
+ };
+
+ usb2phy_ac_en1_default: usb2phy-ac-en1-default-state {
--- /dev/null
+From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001
+From: Hersen Wu <hersenxs.wu@amd.com>
+Date: Tue, 13 Feb 2024 14:26:06 -0500
+Subject: drm/amd/display: Fix incorrect DSC instance for MST
+
+From: Hersen Wu <hersenxs.wu@amd.com>
+
+commit 892b41b16f6163e6556545835abba668fcab4eea upstream.
+
+[Why] DSC debugfs, such as dp_dsc_clock_en_read,
+use aconnector->dc_link to find pipe_ctx for display.
+Displays connected to MST hub share the same dc_link.
+DSC instance is from pipe_ctx. This causes incorrect
+DSC instance for display connected to MST hub.
+
+[How] Add aconnector->sink check to find pipe_ctx.
+
+CC: stable@vger.kernel.org
+Reviewed-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
+Signed-off-by: Hersen Wu <hersenxs.wu@amd.com>
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 48 ++++++++++----
+ 1 file changed, 36 insertions(+), 12 deletions(-)
+
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c
+@@ -1465,7 +1465,9 @@ static ssize_t dp_dsc_clock_en_read(stru
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -1566,7 +1568,9 @@ static ssize_t dp_dsc_clock_en_write(str
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -1651,7 +1655,9 @@ static ssize_t dp_dsc_slice_width_read(s
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -1750,7 +1756,9 @@ static ssize_t dp_dsc_slice_width_write(
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -1835,7 +1843,9 @@ static ssize_t dp_dsc_slice_height_read(
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -1934,7 +1944,9 @@ static ssize_t dp_dsc_slice_height_write
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -2015,7 +2027,9 @@ static ssize_t dp_dsc_bits_per_pixel_rea
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -2111,7 +2125,9 @@ static ssize_t dp_dsc_bits_per_pixel_wri
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -2190,7 +2206,9 @@ static ssize_t dp_dsc_pic_width_read(str
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -2246,7 +2264,9 @@ static ssize_t dp_dsc_pic_height_read(st
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -2317,7 +2337,9 @@ static ssize_t dp_dsc_chunk_size_read(st
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
+@@ -2388,7 +2410,9 @@ static ssize_t dp_dsc_slice_bpg_offset_r
+ for (i = 0; i < MAX_PIPES; i++) {
+ pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i];
+ if (pipe_ctx->stream &&
+- pipe_ctx->stream->link == aconnector->dc_link)
++ pipe_ctx->stream->link == aconnector->dc_link &&
++ pipe_ctx->stream->sink &&
++ pipe_ctx->stream->sink == aconnector->dc_sink)
+ break;
+ }
+
--- /dev/null
+From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001
+From: George Shen <george.shen@amd.com>
+Date: Thu, 16 Sep 2021 19:55:39 -0400
+Subject: drm/amd/display: Handle Y carry-over in VCP X.Y calculation
+
+From: George Shen <george.shen@amd.com>
+
+commit 719564737a9ac3d0b49c314450b56cf6f7d71358 upstream.
+
+Theoretically rare corner case where ceil(Y) results in rounding up to
+an integer. If this happens, the 1 should be carried over to the X
+value.
+
+CC: stable@vger.kernel.org
+Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
+Signed-off-by: George Shen <george.shen@amd.com>
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c
++++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c
+@@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled
+ x),
+ 25));
+
++ // If y rounds up to integer, carry it over to x.
++ if (y >> 25) {
++ x += 1;
++ y = 0;
++ }
++
+ switch (stream_encoder_inst) {
+ case 0:
+ REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,
--- /dev/null
+From be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Sun, 14 Apr 2024 13:06:39 -0400
+Subject: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 upstream.
+
+We don't get the right offset in that case. The GPU has
+an unused 4K area of the register BAR space into which you can
+remap registers. We remap the HDP flush registers into this
+space to allow userspace (CPU or GPU) to flush the HDP when it
+updates VRAM. However, on systems with >4K pages, we end up
+exposing PAGE_SIZE of MMIO space.
+
+Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space")
+Reviewed-by: Felix Kuehling <felix.kuehling@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
++++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c
+@@ -1138,7 +1138,7 @@ static int kfd_ioctl_alloc_memory_of_gpu
+ goto err_unlock;
+ }
+ offset = dev->adev->rmmio_remap.bus_addr;
+- if (!offset) {
++ if (!offset || (PAGE_SIZE > 4096)) {
+ err = -ENOMEM;
+ goto err_unlock;
+ }
+@@ -2307,7 +2307,7 @@ static int criu_restore_memory_of_gpu(st
+ return -EINVAL;
+ }
+ offset = pdd->dev->adev->rmmio_remap.bus_addr;
+- if (!offset) {
++ if (!offset || (PAGE_SIZE > 4096)) {
+ pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n");
+ return -ENOMEM;
+ }
+@@ -3348,6 +3348,9 @@ static int kfd_mmio_mmap(struct kfd_node
+ if (vma->vm_end - vma->vm_start != PAGE_SIZE)
+ return -EINVAL;
+
++ if (PAGE_SIZE > 4096)
++ return -EINVAL;
++
+ address = dev->adev->rmmio_remap.bus_addr;
+
+ vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE |
--- /dev/null
+From c66b8356273c8d22498f88e4223af47a7bf8a23c Mon Sep 17 00:00:00 2001
+From: Chaitanya Kumar Borah <chaitanya.kumar.borah@intel.com>
+Date: Tue, 30 Apr 2024 14:48:25 +0530
+Subject: drm/i915/audio: Fix audio time stamp programming for DP
+
+From: Chaitanya Kumar Borah <chaitanya.kumar.borah@intel.com>
+
+commit c66b8356273c8d22498f88e4223af47a7bf8a23c upstream.
+
+Intel hardware is capable of programming the Maud/Naud SDPs on its
+own based on real-time clocks. While doing so, it takes care
+of any deviations from the theoretical values. Programming the registers
+explicitly with static values can interfere with this logic. Therefore,
+let the HW decide the Maud and Naud SDPs on it's own.
+
+Cc: stable@vger.kernel.org # v5.17
+Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/8097
+Co-developed-by: Kai Vehmanen <kai.vehmanen@intel.com>
+Signed-off-by: Kai Vehmanen <kai.vehmanen@intel.com>
+Signed-off-by: Chaitanya Kumar Borah <chaitanya.kumar.borah@intel.com>
+Reviewed-by: Uma Shankar <uma.shankar@intel.com>
+Signed-off-by: Animesh Manna <animesh.manna@intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20240430091825.733499-1-chaitanya.kumar.borah@intel.com
+(cherry picked from commit 8e056b50d92ae7f4d6895d1c97a69a2a953cf97b)
+Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/display/intel_audio.c | 113 ++---------------------------
+ 1 file changed, 8 insertions(+), 105 deletions(-)
+
+--- a/drivers/gpu/drm/i915/display/intel_audio.c
++++ b/drivers/gpu/drm/i915/display/intel_audio.c
+@@ -75,19 +75,6 @@ struct intel_audio_funcs {
+ struct intel_crtc_state *crtc_state);
+ };
+
+-/* DP N/M table */
+-#define LC_810M 810000
+-#define LC_540M 540000
+-#define LC_270M 270000
+-#define LC_162M 162000
+-
+-struct dp_aud_n_m {
+- int sample_rate;
+- int clock;
+- u16 m;
+- u16 n;
+-};
+-
+ struct hdmi_aud_ncts {
+ int sample_rate;
+ int clock;
+@@ -95,60 +82,6 @@ struct hdmi_aud_ncts {
+ int cts;
+ };
+
+-/* Values according to DP 1.4 Table 2-104 */
+-static const struct dp_aud_n_m dp_aud_n_m[] = {
+- { 32000, LC_162M, 1024, 10125 },
+- { 44100, LC_162M, 784, 5625 },
+- { 48000, LC_162M, 512, 3375 },
+- { 64000, LC_162M, 2048, 10125 },
+- { 88200, LC_162M, 1568, 5625 },
+- { 96000, LC_162M, 1024, 3375 },
+- { 128000, LC_162M, 4096, 10125 },
+- { 176400, LC_162M, 3136, 5625 },
+- { 192000, LC_162M, 2048, 3375 },
+- { 32000, LC_270M, 1024, 16875 },
+- { 44100, LC_270M, 784, 9375 },
+- { 48000, LC_270M, 512, 5625 },
+- { 64000, LC_270M, 2048, 16875 },
+- { 88200, LC_270M, 1568, 9375 },
+- { 96000, LC_270M, 1024, 5625 },
+- { 128000, LC_270M, 4096, 16875 },
+- { 176400, LC_270M, 3136, 9375 },
+- { 192000, LC_270M, 2048, 5625 },
+- { 32000, LC_540M, 1024, 33750 },
+- { 44100, LC_540M, 784, 18750 },
+- { 48000, LC_540M, 512, 11250 },
+- { 64000, LC_540M, 2048, 33750 },
+- { 88200, LC_540M, 1568, 18750 },
+- { 96000, LC_540M, 1024, 11250 },
+- { 128000, LC_540M, 4096, 33750 },
+- { 176400, LC_540M, 3136, 18750 },
+- { 192000, LC_540M, 2048, 11250 },
+- { 32000, LC_810M, 1024, 50625 },
+- { 44100, LC_810M, 784, 28125 },
+- { 48000, LC_810M, 512, 16875 },
+- { 64000, LC_810M, 2048, 50625 },
+- { 88200, LC_810M, 1568, 28125 },
+- { 96000, LC_810M, 1024, 16875 },
+- { 128000, LC_810M, 4096, 50625 },
+- { 176400, LC_810M, 3136, 28125 },
+- { 192000, LC_810M, 2048, 16875 },
+-};
+-
+-static const struct dp_aud_n_m *
+-audio_config_dp_get_n_m(const struct intel_crtc_state *crtc_state, int rate)
+-{
+- int i;
+-
+- for (i = 0; i < ARRAY_SIZE(dp_aud_n_m); i++) {
+- if (rate == dp_aud_n_m[i].sample_rate &&
+- crtc_state->port_clock == dp_aud_n_m[i].clock)
+- return &dp_aud_n_m[i];
+- }
+-
+- return NULL;
+-}
+-
+ static const struct {
+ int clock;
+ u32 config;
+@@ -386,47 +319,17 @@ hsw_dp_audio_config_update(struct intel_
+ const struct intel_crtc_state *crtc_state)
+ {
+ struct drm_i915_private *i915 = to_i915(encoder->base.dev);
+- struct i915_audio_component *acomp = i915->display.audio.component;
+ enum transcoder cpu_transcoder = crtc_state->cpu_transcoder;
+- enum port port = encoder->port;
+- const struct dp_aud_n_m *nm;
+- int rate;
+- u32 tmp;
+
+- rate = acomp ? acomp->aud_sample_rate[port] : 0;
+- nm = audio_config_dp_get_n_m(crtc_state, rate);
+- if (nm)
+- drm_dbg_kms(&i915->drm, "using Maud %u, Naud %u\n", nm->m,
+- nm->n);
+- else
+- drm_dbg_kms(&i915->drm, "using automatic Maud, Naud\n");
+-
+- tmp = intel_de_read(i915, HSW_AUD_CFG(cpu_transcoder));
+- tmp &= ~AUD_CONFIG_N_VALUE_INDEX;
+- tmp &= ~AUD_CONFIG_PIXEL_CLOCK_HDMI_MASK;
+- tmp &= ~AUD_CONFIG_N_PROG_ENABLE;
+- tmp |= AUD_CONFIG_N_VALUE_INDEX;
+-
+- if (nm) {
+- tmp &= ~AUD_CONFIG_N_MASK;
+- tmp |= AUD_CONFIG_N(nm->n);
+- tmp |= AUD_CONFIG_N_PROG_ENABLE;
+- }
+-
+- intel_de_write(i915, HSW_AUD_CFG(cpu_transcoder), tmp);
+-
+- tmp = intel_de_read(i915, HSW_AUD_M_CTS_ENABLE(cpu_transcoder));
+- tmp &= ~AUD_CONFIG_M_MASK;
+- tmp &= ~AUD_M_CTS_M_VALUE_INDEX;
+- tmp &= ~AUD_M_CTS_M_PROG_ENABLE;
+-
+- if (nm) {
+- tmp |= nm->m;
+- tmp |= AUD_M_CTS_M_VALUE_INDEX;
+- tmp |= AUD_M_CTS_M_PROG_ENABLE;
+- }
++ /* Enable time stamps. Let HW calculate Maud/Naud values */
++ intel_de_rmw(i915, HSW_AUD_CFG(cpu_transcoder),
++ AUD_CONFIG_N_VALUE_INDEX |
++ AUD_CONFIG_PIXEL_CLOCK_HDMI_MASK |
++ AUD_CONFIG_UPPER_N_MASK |
++ AUD_CONFIG_LOWER_N_MASK |
++ AUD_CONFIG_N_PROG_ENABLE,
++ AUD_CONFIG_N_VALUE_INDEX);
+
+- intel_de_write(i915, HSW_AUD_M_CTS_ENABLE(cpu_transcoder), tmp);
+ }
+
+ static void
--- /dev/null
+From 43b26bdd2ee5cfca80939be910d5b23a50cd7f9d Mon Sep 17 00:00:00 2001
+From: Karthikeyan Ramasubramanian <kramasub@chromium.org>
+Date: Wed, 21 Feb 2024 18:06:24 -0700
+Subject: drm/i915/bios: Fix parsing backlight BDB data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Karthikeyan Ramasubramanian <kramasub@chromium.org>
+
+commit 43b26bdd2ee5cfca80939be910d5b23a50cd7f9d upstream.
+
+Starting BDB version 239, hdr_dpcd_refresh_timeout is introduced to
+backlight BDB data. Commit 700034566d68 ("drm/i915/bios: Define more BDB
+contents") updated the backlight BDB data accordingly. This broke the
+parsing of backlight BDB data in VBT for versions 236 - 238 (both
+inclusive) and hence the backlight controls are not responding on units
+with the concerned BDB version.
+
+backlight_control information has been present in backlight BDB data
+from at least BDB version 191 onwards, if not before. Hence this patch
+extracts the backlight_control information for BDB version 191 or newer.
+Tested on Chromebooks using Jasperlake SoC (reports bdb->version = 236).
+Tested on Chromebooks using Raptorlake SoC (reports bdb->version = 251).
+
+v2: removed checking the block size of the backlight BDB data
+ [vsyrjala: this is completely safe thanks to commit e163cfb4c96d
+ ("drm/i915/bios: Make copies of VBT data blocks")]
+
+Fixes: 700034566d68 ("drm/i915/bios: Define more BDB contents")
+Cc: stable@vger.kernel.org
+Cc: Jani Nikula <jani.nikula@intel.com>
+Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
+Signed-off-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
+Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20240221180622.v2.1.I0690aa3e96a83a43b3fc33f50395d334b2981826@changeid
+Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
+(cherry picked from commit c286f6a973c66c0d993ecab9f7162c790e7064c8)
+Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/display/intel_bios.c | 19 ++++---------------
+ drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 -----
+ 2 files changed, 4 insertions(+), 20 deletions(-)
+
+--- a/drivers/gpu/drm/i915/display/intel_bios.c
++++ b/drivers/gpu/drm/i915/display/intel_bios.c
+@@ -1035,22 +1035,11 @@ parse_lfp_backlight(struct drm_i915_priv
+ panel->vbt.backlight.type = INTEL_BACKLIGHT_DISPLAY_DDI;
+ panel->vbt.backlight.controller = 0;
+ if (i915->display.vbt.version >= 191) {
+- size_t exp_size;
++ const struct lfp_backlight_control_method *method;
+
+- if (i915->display.vbt.version >= 236)
+- exp_size = sizeof(struct bdb_lfp_backlight_data);
+- else if (i915->display.vbt.version >= 234)
+- exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_234;
+- else
+- exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_191;
+-
+- if (get_blocksize(backlight_data) >= exp_size) {
+- const struct lfp_backlight_control_method *method;
+-
+- method = &backlight_data->backlight_control[panel_type];
+- panel->vbt.backlight.type = method->type;
+- panel->vbt.backlight.controller = method->controller;
+- }
++ method = &backlight_data->backlight_control[panel_type];
++ panel->vbt.backlight.type = method->type;
++ panel->vbt.backlight.controller = method->controller;
+ }
+
+ panel->vbt.backlight.pwm_freq_hz = entry->pwm_freq_hz;
+--- a/drivers/gpu/drm/i915/display/intel_vbt_defs.h
++++ b/drivers/gpu/drm/i915/display/intel_vbt_defs.h
+@@ -897,11 +897,6 @@ struct lfp_brightness_level {
+ u16 reserved;
+ } __packed;
+
+-#define EXP_BDB_LFP_BL_DATA_SIZE_REV_191 \
+- offsetof(struct bdb_lfp_backlight_data, brightness_level)
+-#define EXP_BDB_LFP_BL_DATA_SIZE_REV_234 \
+- offsetof(struct bdb_lfp_backlight_data, brightness_precision_bits)
+-
+ struct bdb_lfp_backlight_data {
+ u8 entry_size;
+ struct lfp_backlight_data_entry data[16];
--- /dev/null
+From 51c1b42a232f17743cd825be6790cb64735ff98f Mon Sep 17 00:00:00 2001
+From: Andi Shyti <andi.shyti@linux.intel.com>
+Date: Fri, 26 Apr 2024 02:07:23 +0200
+Subject: drm/i915/gt: Automate CCS Mode setting during engine resets
+
+From: Andi Shyti <andi.shyti@linux.intel.com>
+
+commit 51c1b42a232f17743cd825be6790cb64735ff98f upstream.
+
+We missed setting the CCS mode during resume and engine resets.
+Create a workaround to be added in the engine's workaround list.
+This workaround sets the XEHP_CCS_MODE value at every reset.
+
+The issue can be reproduced by running:
+
+ $ clpeak --kernel-latency
+
+Without resetting the CCS mode, we encounter a fence timeout:
+
+ Fence expiration time out i915-0000:03:00.0:clpeak[2387]:2!
+
+Fixes: 6db31251bb26 ("drm/i915/gt: Enable only one CCS for compute workload")
+Reported-by: Gnattu OC <gnattuoc@me.com>
+Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/10895
+Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
+Cc: Chris Wilson <chris.p.wilson@linux.intel.com>
+Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
+Cc: Matt Roper <matthew.d.roper@intel.com>
+Cc: <stable@vger.kernel.org> # v6.2+
+Tested-by: Gnattu OC <gnattuoc@me.com>
+Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Tested-by: Krzysztof Gibala <krzysztof.gibala@intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20240426000723.229296-1-andi.shyti@linux.intel.com
+(cherry picked from commit 4cfca03f76413db115c3cc18f4370debb1b81b2b)
+Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c | 6 +++---
+ drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h | 2 +-
+ drivers/gpu/drm/i915/gt/intel_workarounds.c | 4 +++-
+ 3 files changed, 7 insertions(+), 5 deletions(-)
+
+--- a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c
++++ b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.c
+@@ -8,14 +8,14 @@
+ #include "intel_gt_ccs_mode.h"
+ #include "intel_gt_regs.h"
+
+-void intel_gt_apply_ccs_mode(struct intel_gt *gt)
++unsigned int intel_gt_apply_ccs_mode(struct intel_gt *gt)
+ {
+ int cslice;
+ u32 mode = 0;
+ int first_ccs = __ffs(CCS_MASK(gt));
+
+ if (!IS_DG2(gt->i915))
+- return;
++ return 0;
+
+ /* Build the value for the fixed CCS load balancing */
+ for (cslice = 0; cslice < I915_MAX_CCS; cslice++) {
+@@ -35,5 +35,5 @@ void intel_gt_apply_ccs_mode(struct inte
+ XEHP_CCS_MODE_CSLICE_MASK);
+ }
+
+- intel_uncore_write(gt->uncore, XEHP_CCS_MODE, mode);
++ return mode;
+ }
+--- a/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h
++++ b/drivers/gpu/drm/i915/gt/intel_gt_ccs_mode.h
+@@ -8,6 +8,6 @@
+
+ struct intel_gt;
+
+-void intel_gt_apply_ccs_mode(struct intel_gt *gt);
++unsigned int intel_gt_apply_ccs_mode(struct intel_gt *gt);
+
+ #endif /* __INTEL_GT_CCS_MODE_H__ */
+--- a/drivers/gpu/drm/i915/gt/intel_workarounds.c
++++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c
+@@ -2828,6 +2828,7 @@ add_render_compute_tuning_settings(struc
+ static void ccs_engine_wa_mode(struct intel_engine_cs *engine, struct i915_wa_list *wal)
+ {
+ struct intel_gt *gt = engine->gt;
++ u32 mode;
+
+ if (!IS_DG2(gt->i915))
+ return;
+@@ -2844,7 +2845,8 @@ static void ccs_engine_wa_mode(struct in
+ * After having disabled automatic load balancing we need to
+ * assign all slices to a single CCS. We will call it CCS mode 1
+ */
+- intel_gt_apply_ccs_mode(gt);
++ mode = intel_gt_apply_ccs_mode(gt);
++ wa_masked_en(wal, XEHP_CCS_MODE, mode);
+ }
+
+ /*
--- /dev/null
+From 52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 Mon Sep 17 00:00:00 2001
+From: Lyude Paul <lyude@redhat.com>
+Date: Mon, 29 Apr 2024 14:23:08 -0400
+Subject: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()
+
+From: Lyude Paul <lyude@redhat.com>
+
+commit 52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2 upstream.
+
+Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a
+BUG() on startup:
+
+ kernel BUG at include/linux/scatterlist.h:187!
+ invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
+ CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30
+ Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019
+ RIP: 0010:sg_init_one+0x85/0xa0
+ Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54
+ 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 <0f> 0b 0f 0b
+ 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00
+ RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246
+ RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b
+ RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000
+ RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000
+ R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508
+ R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018
+ FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0
+ Call Trace:
+ <TASK>
+ ? die+0x36/0x90
+ ? do_trap+0xdd/0x100
+ ? sg_init_one+0x85/0xa0
+ ? do_error_trap+0x65/0x80
+ ? sg_init_one+0x85/0xa0
+ ? exc_invalid_op+0x50/0x70
+ ? sg_init_one+0x85/0xa0
+ ? asm_exc_invalid_op+0x1a/0x20
+ ? sg_init_one+0x85/0xa0
+ nvkm_firmware_ctor+0x14a/0x250 [nouveau]
+ nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]
+ ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]
+ r535_gsp_oneinit+0xb3/0x15f0 [nouveau]
+ ? srso_return_thunk+0x5/0x5f
+ ? srso_return_thunk+0x5/0x5f
+ ? nvkm_udevice_new+0x95/0x140 [nouveau]
+ ? srso_return_thunk+0x5/0x5f
+ ? srso_return_thunk+0x5/0x5f
+ ? ktime_get+0x47/0xb0
+ ? srso_return_thunk+0x5/0x5f
+ nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]
+ nvkm_subdev_init_+0x39/0x140 [nouveau]
+ ? srso_return_thunk+0x5/0x5f
+ nvkm_subdev_init+0x44/0x90 [nouveau]
+ nvkm_device_init+0x166/0x2e0 [nouveau]
+ nvkm_udevice_init+0x47/0x70 [nouveau]
+ nvkm_object_init+0x41/0x1c0 [nouveau]
+ nvkm_ioctl_new+0x16a/0x290 [nouveau]
+ ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]
+ ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]
+ nvkm_ioctl+0x126/0x290 [nouveau]
+ nvif_object_ctor+0x112/0x190 [nouveau]
+ nvif_device_ctor+0x23/0x60 [nouveau]
+ nouveau_cli_init+0x164/0x640 [nouveau]
+ nouveau_drm_device_init+0x97/0x9e0 [nouveau]
+ ? srso_return_thunk+0x5/0x5f
+ ? pci_update_current_state+0x72/0xb0
+ ? srso_return_thunk+0x5/0x5f
+ nouveau_drm_probe+0x12c/0x280 [nouveau]
+ ? srso_return_thunk+0x5/0x5f
+ local_pci_probe+0x45/0xa0
+ pci_device_probe+0xc7/0x270
+ really_probe+0xe6/0x3a0
+ __driver_probe_device+0x87/0x160
+ driver_probe_device+0x1f/0xc0
+ __driver_attach+0xec/0x1f0
+ ? __pfx___driver_attach+0x10/0x10
+ bus_for_each_dev+0x88/0xd0
+ bus_add_driver+0x116/0x220
+ driver_register+0x59/0x100
+ ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]
+ do_one_initcall+0x5b/0x320
+ do_init_module+0x60/0x250
+ init_module_from_file+0x86/0xc0
+ idempotent_init_module+0x120/0x2b0
+ __x64_sys_finit_module+0x5e/0xb0
+ do_syscall_64+0x83/0x160
+ ? srso_return_thunk+0x5/0x5f
+ entry_SYSCALL_64_after_hwframe+0x71/0x79
+ RIP: 0033:0x7feeb5cc20cd
+ Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89
+ f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0
+ ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48
+ RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
+ RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd
+ RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035
+ RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310
+ R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055fdd29161e0
+ R13: 0000000000020000 R14: 000055fdd29203e0 R15: 000055fdd2909d80
+ </TASK>
+
+We hit this when trying to initialize firmware of type
+NVKM_FIRMWARE_IMG_DMA because we allocate our memory with
+dma_alloc_coherent, and DMA allocations can't be turned back into memory
+pages - which a scatterlist needs in order to map them.
+
+So, fix this by allocating the memory with vmalloc instead().
+
+V2:
+* Fixup explanation as the prior one was bogus
+
+Signed-off-by: Lyude Paul <lyude@redhat.com>
+Reviewed-by: Dave Airlie <airlied@redhat.com>
+Cc: stable@vger.kernel.org
+Link: https://patchwork.freedesktop.org/patch/msgid/20240429182318.189668-1-lyude@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/nouveau/nvkm/core/firmware.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+--- a/drivers/gpu/drm/nouveau/nvkm/core/firmware.c
++++ b/drivers/gpu/drm/nouveau/nvkm/core/firmware.c
+@@ -187,7 +187,9 @@ nvkm_firmware_dtor(struct nvkm_firmware
+ break;
+ case NVKM_FIRMWARE_IMG_DMA:
+ nvkm_memory_unref(&memory);
+- dma_free_coherent(fw->device->dev, sg_dma_len(&fw->mem.sgl), fw->img, fw->phys);
++ dma_unmap_single(fw->device->dev, fw->phys, sg_dma_len(&fw->mem.sgl),
++ DMA_TO_DEVICE);
++ kfree(fw->img);
+ break;
+ default:
+ WARN_ON(1);
+@@ -211,14 +213,17 @@ nvkm_firmware_ctor(const struct nvkm_fir
+ fw->img = kmemdup(src, fw->len, GFP_KERNEL);
+ break;
+ case NVKM_FIRMWARE_IMG_DMA: {
+- dma_addr_t addr;
+-
+ len = ALIGN(fw->len, PAGE_SIZE);
+
+- fw->img = dma_alloc_coherent(fw->device->dev, len, &addr, GFP_KERNEL);
+- if (fw->img) {
+- memcpy(fw->img, src, fw->len);
+- fw->phys = addr;
++ fw->img = kmalloc(len, GFP_KERNEL);
++ if (!fw->img)
++ return -ENOMEM;
++
++ memcpy(fw->img, src, fw->len);
++ fw->phys = dma_map_single(fw->device->dev, fw->img, len, DMA_TO_DEVICE);
++ if (dma_mapping_error(fw->device->dev, fw->phys)) {
++ kfree(fw->img);
++ return -EFAULT;
+ }
+
+ sg_init_one(&fw->mem.sgl, fw->img, len);
--- /dev/null
+From 27906e5d78248b19bcdfdae72049338c828897bb Mon Sep 17 00:00:00 2001
+From: Zack Rusin <zack.rusin@broadcom.com>
+Date: Mon, 8 Apr 2024 11:56:05 -0400
+Subject: drm/ttm: Print the memory decryption status just once
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Zack Rusin <zack.rusin@broadcom.com>
+
+commit 27906e5d78248b19bcdfdae72049338c828897bb upstream.
+
+Stop printing the TT memory decryption status info each time tt is created
+and instead print it just once.
+
+Reduces the spam in the system logs when running guests with SEV enabled.
+
+Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
+Fixes: 71ce046327cf ("drm/ttm: Make sure the mapped tt pages are decrypted when needed")
+Reviewed-by: Christian König <christian.koenig@amd.com>
+Cc: Thomas Hellström <thomas.hellstrom@linux.intel.com>
+Cc: dri-devel@lists.freedesktop.org
+Cc: linux-kernel@vger.kernel.org
+Cc: <stable@vger.kernel.org> # v5.14+
+Link: https://patchwork.freedesktop.org/patch/msgid/20240408155605.1398631-1-zack.rusin@broadcom.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/ttm/ttm_tt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/ttm/ttm_tt.c b/drivers/gpu/drm/ttm/ttm_tt.c
+index 578a7c37f00b..d776e3f87064 100644
+--- a/drivers/gpu/drm/ttm/ttm_tt.c
++++ b/drivers/gpu/drm/ttm/ttm_tt.c
+@@ -92,7 +92,7 @@ int ttm_tt_create(struct ttm_buffer_object *bo, bool zero_alloc)
+ */
+ if (bdev->pool.use_dma_alloc && cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) {
+ page_flags |= TTM_TT_FLAG_DECRYPTED;
+- drm_info(ddev, "TT memory decryption enabled.");
++ drm_info_once(ddev, "TT memory decryption enabled.");
+ }
+
+ bo->ttm = bdev->funcs->ttm_tt_create(bo, page_flags);
+--
+2.45.0
+
--- /dev/null
+From a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c Mon Sep 17 00:00:00 2001
+From: Zack Rusin <zack.rusin@broadcom.com>
+Date: Thu, 25 Apr 2024 15:27:48 -0400
+Subject: drm/vmwgfx: Fix invalid reads in fence signaled events
+
+From: Zack Rusin <zack.rusin@broadcom.com>
+
+commit a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c upstream.
+
+Correctly set the length of the drm_event to the size of the structure
+that's actually used.
+
+The length of the drm_event was set to the parent structure instead of
+to the drm_vmw_event_fence which is supposed to be read. drm_read
+uses the length parameter to copy the event to the user space thus
+resuling in oob reads.
+
+Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
+Fixes: 8b7de6aa8468 ("vmwgfx: Rework fence event action")
+Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-23566
+Cc: David Airlie <airlied@gmail.com>
+CC: Daniel Vetter <daniel@ffwll.ch>
+Cc: Zack Rusin <zack.rusin@broadcom.com>
+Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list@broadcom.com>
+Cc: dri-devel@lists.freedesktop.org
+Cc: linux-kernel@vger.kernel.org
+Cc: <stable@vger.kernel.org> # v3.4+
+Reviewed-by: Maaz Mombasawala <maaz.mombasawala@broadcom.com>
+Reviewed-by: Martin Krastev <martin.krastev@broadcom.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20240425192748.1761522-1-zack.rusin@broadcom.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c
+@@ -991,7 +991,7 @@ static int vmw_event_fence_action_create
+ }
+
+ event->event.base.type = DRM_VMW_EVENT_FENCE_SIGNALED;
+- event->event.base.length = sizeof(*event);
++ event->event.base.length = sizeof(event->event);
+ event->event.user_data = user_data;
+
+ ret = drm_event_reserve_init(dev, file_priv, &event->base, &event->event.base);
--- /dev/null
+From 782e5e7925880f737963444f141a0320a12104a5 Mon Sep 17 00:00:00 2001
+From: Ian Forbes <ian.forbes@broadcom.com>
+Date: Thu, 25 Apr 2024 15:07:00 -0500
+Subject: drm/vmwgfx: Fix Legacy Display Unit
+
+From: Ian Forbes <ian.forbes@broadcom.com>
+
+commit 782e5e7925880f737963444f141a0320a12104a5 upstream.
+
+Legacy DU was broken by the referenced fixes commit because the placement
+and the busy_placement no longer pointed to the same object. This was later
+fixed indirectly by commit a78a8da51b36c7a0c0c16233f91d60aac03a5a49
+("drm/ttm: replace busy placement with flags v6") in v6.9.
+
+Fixes: 39985eea5a6d ("drm/vmwgfx: Abstract placement selection")
+Signed-off-by: Ian Forbes <ian.forbes@broadcom.com>
+Cc: <stable@vger.kernel.org> # v6.4+
+Reviewed-by: Zack Rusin <zack.rusin@broadcom.com>
+Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20240425200700.24403-1-ian.forbes@broadcom.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
+index e5eb21a471a6..00144632c600 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c
+@@ -204,6 +204,7 @@ int vmw_bo_pin_in_start_of_vram(struct vmw_private *dev_priv,
+ VMW_BO_DOMAIN_VRAM,
+ VMW_BO_DOMAIN_VRAM);
+ buf->places[0].lpfn = PFN_UP(bo->resource->size);
++ buf->busy_places[0].lpfn = PFN_UP(bo->resource->size);
+ ret = ttm_bo_validate(bo, &buf->placement, &ctx);
+
+ /* For some reason we didn't end up at the start of vram */
+--
+2.45.0
+
--- /dev/null
+From d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
+Date: Thu, 2 May 2024 16:08:25 -0400
+Subject: eventfs: Do not differentiate the toplevel events directory
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+commit d53891d348ac3eceaf48f4732a1f4f5c0e0a55ce upstream.
+
+The toplevel events directory is really no different than the events
+directory of instances. Having the two be different caused
+inconsistencies and made it harder to fix the permissions bugs.
+
+Make all events directories act the same.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.846448710@goodmis.org
+
+Cc: stable@vger.kernel.org
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership")
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/tracefs/event_inode.c | 29 ++++++++---------------------
+ fs/tracefs/internal.h | 7 +++----
+ 2 files changed, 11 insertions(+), 25 deletions(-)
+
+--- a/fs/tracefs/event_inode.c
++++ b/fs/tracefs/event_inode.c
+@@ -57,7 +57,6 @@ enum {
+ EVENTFS_SAVE_MODE = BIT(16),
+ EVENTFS_SAVE_UID = BIT(17),
+ EVENTFS_SAVE_GID = BIT(18),
+- EVENTFS_TOPLEVEL = BIT(19),
+ };
+
+ #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1)
+@@ -196,14 +195,10 @@ static int eventfs_set_attr(struct mnt_i
+ return ret;
+ }
+
+-static void update_top_events_attr(struct eventfs_inode *ei, struct super_block *sb)
++static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb)
+ {
+ struct inode *root;
+
+- /* Only update if the "events" was on the top level */
+- if (!ei || !(ei->attr.mode & EVENTFS_TOPLEVEL))
+- return;
+-
+ /* Get the tracefs root inode. */
+ root = d_inode(sb->s_root);
+ ei->attr.uid = root->i_uid;
+@@ -216,10 +211,10 @@ static void set_top_events_ownership(str
+ struct eventfs_inode *ei = ti->private;
+
+ /* The top events directory doesn't get automatically updated */
+- if (!ei || !ei->is_events || !(ei->attr.mode & EVENTFS_TOPLEVEL))
++ if (!ei || !ei->is_events)
+ return;
+
+- update_top_events_attr(ei, inode->i_sb);
++ update_events_attr(ei, inode->i_sb);
+
+ if (!(ei->attr.mode & EVENTFS_SAVE_UID))
+ inode->i_uid = ei->attr.uid;
+@@ -248,7 +243,7 @@ static int eventfs_permission(struct mnt
+ return generic_permission(idmap, inode, mask);
+ }
+
+-static const struct inode_operations eventfs_root_dir_inode_operations = {
++static const struct inode_operations eventfs_dir_inode_operations = {
+ .lookup = eventfs_root_lookup,
+ .setattr = eventfs_set_attr,
+ .getattr = eventfs_get_attr,
+@@ -316,7 +311,7 @@ static struct eventfs_inode *eventfs_fin
+ // Walk upwards until you find the events inode
+ } while (!ei->is_events);
+
+- update_top_events_attr(ei, dentry->d_sb);
++ update_events_attr(ei, dentry->d_sb);
+
+ return ei;
+ }
+@@ -420,7 +415,7 @@ static struct dentry *lookup_dir_entry(s
+ update_inode_attr(dentry, inode, &ei->attr,
+ S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO);
+
+- inode->i_op = &eventfs_root_dir_inode_operations;
++ inode->i_op = &eventfs_dir_inode_operations;
+ inode->i_fop = &eventfs_file_operations;
+
+ /* All directories will have the same inode number */
+@@ -769,14 +764,6 @@ struct eventfs_inode *eventfs_create_eve
+ uid = d_inode(dentry->d_parent)->i_uid;
+ gid = d_inode(dentry->d_parent)->i_gid;
+
+- /*
+- * If the events directory is of the top instance, then parent
+- * is NULL. Set the attr.mode to reflect this and its permissions will
+- * default to the tracefs root dentry.
+- */
+- if (!parent)
+- ei->attr.mode = EVENTFS_TOPLEVEL;
+-
+ /* This is used as the default ownership of the files and directories */
+ ei->attr.uid = uid;
+ ei->attr.gid = gid;
+@@ -785,13 +772,13 @@ struct eventfs_inode *eventfs_create_eve
+ INIT_LIST_HEAD(&ei->list);
+
+ ti = get_tracefs(inode);
+- ti->flags |= TRACEFS_EVENT_INODE | TRACEFS_EVENT_TOP_INODE;
++ ti->flags |= TRACEFS_EVENT_INODE;
+ ti->private = ei;
+
+ inode->i_mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
+ inode->i_uid = uid;
+ inode->i_gid = gid;
+- inode->i_op = &eventfs_root_dir_inode_operations;
++ inode->i_op = &eventfs_dir_inode_operations;
+ inode->i_fop = &eventfs_file_operations;
+
+ dentry->d_fsdata = get_ei(ei);
+--- a/fs/tracefs/internal.h
++++ b/fs/tracefs/internal.h
+@@ -4,10 +4,9 @@
+
+ enum {
+ TRACEFS_EVENT_INODE = BIT(1),
+- TRACEFS_EVENT_TOP_INODE = BIT(2),
+- TRACEFS_GID_PERM_SET = BIT(3),
+- TRACEFS_UID_PERM_SET = BIT(4),
+- TRACEFS_INSTANCE_INODE = BIT(5),
++ TRACEFS_GID_PERM_SET = BIT(2),
++ TRACEFS_UID_PERM_SET = BIT(3),
++ TRACEFS_INSTANCE_INODE = BIT(4),
+ };
+
+ struct tracefs_inode {
--- /dev/null
+From 22e61e15af731dbe46704c775d2335e56fcef4e9 Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
+Date: Thu, 2 May 2024 16:08:26 -0400
+Subject: eventfs: Do not treat events directory different than other directories
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+commit 22e61e15af731dbe46704c775d2335e56fcef4e9 upstream.
+
+Treat the events directory the same as other directories when it comes to
+permissions. The events directory was considered different because it's
+dentry is persistent, whereas the other directory dentries are created
+when accessed. But the way tracefs now does its ownership by using the
+root dentry's permissions as the default permissions, the events directory
+can get out of sync when a remount is performed setting the group and user
+permissions.
+
+Remove the special case for the events directory on setting the
+attributes. This allows the updates caused by remount to work properly as
+well as simplifies the code.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20240502200906.002923579@goodmis.org
+
+Cc: stable@vger.kernel.org
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership")
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/tracefs/event_inode.c | 16 +---------------
+ 1 file changed, 1 insertion(+), 15 deletions(-)
+
+--- a/fs/tracefs/event_inode.c
++++ b/fs/tracefs/event_inode.c
+@@ -163,21 +163,7 @@ static int eventfs_set_attr(struct mnt_i
+ * determined by the parent directory.
+ */
+ if (dentry->d_inode->i_mode & S_IFDIR) {
+- /*
+- * The events directory dentry is never freed, unless its
+- * part of an instance that is deleted. It's attr is the
+- * default for its child files and directories.
+- * Do not update it. It's not used for its own mode or ownership.
+- */
+- if (ei->is_events) {
+- /* But it still needs to know if it was modified */
+- if (iattr->ia_valid & ATTR_UID)
+- ei->attr.mode |= EVENTFS_SAVE_UID;
+- if (iattr->ia_valid & ATTR_GID)
+- ei->attr.mode |= EVENTFS_SAVE_GID;
+- } else {
+- update_attr(&ei->attr, iattr);
+- }
++ update_attr(&ei->attr, iattr);
+
+ } else {
+ name = dentry->d_name.name;
--- /dev/null
+From 26e8383b116d0dbe74e28f86646563ab46d66d83 Mon Sep 17 00:00:00 2001
+From: Lakshmi Yadlapati <lakshmiy@us.ibm.com>
+Date: Tue, 7 May 2024 14:46:03 -0500
+Subject: hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us
+
+From: Lakshmi Yadlapati <lakshmiy@us.ibm.com>
+
+commit 26e8383b116d0dbe74e28f86646563ab46d66d83 upstream.
+
+Following the failure observed with a delay of 250us, experiments were
+conducted with various delays. It was found that a delay of 350us
+effectively mitigated the issue.
+
+To provide a more optimal solution while still allowing a margin for
+stability, the delay is being adjusted to 500us.
+
+Signed-off-by: Lakshmi Yadlapati <lakshmiy@us.ibm.com>
+Link: https://lore.kernel.org/r/20240507194603.1305750-1-lakshmiy@us.ibm.com
+Fixes: 8d655e6523764 ("hwmon: (ucd90320) Add minimum delay between bus accesses")
+Reviewed-by: Eddie James <eajames@linux.ibm.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hwmon/pmbus/ucd9000.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/hwmon/pmbus/ucd9000.c
++++ b/drivers/hwmon/pmbus/ucd9000.c
+@@ -80,11 +80,11 @@ struct ucd9000_debugfs_entry {
+ * It has been observed that the UCD90320 randomly fails register access when
+ * doing another access right on the back of a register write. To mitigate this
+ * make sure that there is a minimum delay between a write access and the
+- * following access. The 250us is based on experimental data. At a delay of
+- * 200us the issue seems to go away. Add a bit of extra margin to allow for
++ * following access. The 500 is based on experimental data. At a delay of
++ * 350us the issue seems to go away. Add a bit of extra margin to allow for
+ * system to system differences.
+ */
+-#define UCD90320_WAIT_DELAY_US 250
++#define UCD90320_WAIT_DELAY_US 500
+
+ static inline void ucd90320_wait(const struct ucd9000_data *data)
+ {
--- /dev/null
+From 97c2ec64667bacc49881d2b2dd9afd4d1c3fbaeb Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Wed, 1 May 2024 21:44:02 +0900
+Subject: ksmbd: avoid to send duplicate lease break notifications
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit 97c2ec64667bacc49881d2b2dd9afd4d1c3fbaeb upstream.
+
+This patch fixes generic/011 when enable smb2 leases.
+
+if ksmbd sends multiple notifications for a file, cifs increments
+the reference count of the file but it does not decrement the count by
+the failure of queue_work.
+So even if the file is closed, cifs does not send a SMB2_CLOSE request.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/oplock.c | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+--- a/fs/smb/server/oplock.c
++++ b/fs/smb/server/oplock.c
+@@ -612,13 +612,23 @@ static int oplock_break_pending(struct o
+
+ if (opinfo->op_state == OPLOCK_CLOSING)
+ return -ENOENT;
+- else if (!opinfo->is_lease && opinfo->level <= req_op_level)
+- return 1;
++ else if (opinfo->level <= req_op_level) {
++ if (opinfo->is_lease &&
++ opinfo->o_lease->state !=
++ (SMB2_LEASE_HANDLE_CACHING_LE |
++ SMB2_LEASE_READ_CACHING_LE))
++ return 1;
++ }
+ }
+
+- if (!opinfo->is_lease && opinfo->level <= req_op_level) {
+- wake_up_oplock_break(opinfo);
+- return 1;
++ if (opinfo->level <= req_op_level) {
++ if (opinfo->is_lease &&
++ opinfo->o_lease->state !=
++ (SMB2_LEASE_HANDLE_CACHING_LE |
++ SMB2_LEASE_READ_CACHING_LE)) {
++ wake_up_oplock_break(opinfo);
++ return 1;
++ }
+ }
+ return 0;
+ }
+@@ -886,7 +896,6 @@ static int oplock_break(struct oplock_in
+ struct lease *lease = brk_opinfo->o_lease;
+
+ atomic_inc(&brk_opinfo->breaking_cnt);
+-
+ err = oplock_break_pending(brk_opinfo, req_op_level);
+ if (err)
+ return err < 0 ? err : 0;
--- /dev/null
+From 691aae4f36f9825df6781da4399a1e718951085a Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Wed, 1 May 2024 21:58:15 +0900
+Subject: ksmbd: do not grant v2 lease if parent lease key and epoch are not set
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit 691aae4f36f9825df6781da4399a1e718951085a upstream.
+
+This patch fix xfstests generic/070 test with smb2 leases = yes.
+
+cifs.ko doesn't set parent lease key and epoch in create context v2 lease.
+ksmbd suppose that parent lease and epoch are vaild if data length is
+v2 lease context size and handle directory lease using this values.
+ksmbd should hanle it as v1 lease not v2 lease if parent lease key and
+epoch are not set in create context v2 lease.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/oplock.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/fs/smb/server/oplock.c
++++ b/fs/smb/server/oplock.c
+@@ -1208,7 +1208,9 @@ int smb_grant_oplock(struct ksmbd_work *
+
+ /* Only v2 leases handle the directory */
+ if (S_ISDIR(file_inode(fp->filp)->i_mode)) {
+- if (!lctx || lctx->version != 2)
++ if (!lctx || lctx->version != 2 ||
++ (lctx->flags != SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET_LE &&
++ !lctx->epoch))
+ return 0;
+ }
+
+@@ -1470,8 +1472,9 @@ void create_lease_buf(u8 *rbuf, struct l
+ buf->lcontext.LeaseFlags = lease->flags;
+ buf->lcontext.Epoch = cpu_to_le16(lease->epoch);
+ buf->lcontext.LeaseState = lease->state;
+- memcpy(buf->lcontext.ParentLeaseKey, lease->parent_lease_key,
+- SMB2_LEASE_KEY_SIZE);
++ if (lease->flags == SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET_LE)
++ memcpy(buf->lcontext.ParentLeaseKey, lease->parent_lease_key,
++ SMB2_LEASE_KEY_SIZE);
+ buf->ccontext.DataOffset = cpu_to_le16(offsetof
+ (struct create_lease_v2, lcontext));
+ buf->ccontext.DataLength = cpu_to_le32(sizeof(struct lease_context_v2));
+@@ -1536,8 +1539,9 @@ struct lease_ctx_info *parse_lease_state
+ lreq->flags = lc->lcontext.LeaseFlags;
+ lreq->epoch = lc->lcontext.Epoch;
+ lreq->duration = lc->lcontext.LeaseDuration;
+- memcpy(lreq->parent_lease_key, lc->lcontext.ParentLeaseKey,
+- SMB2_LEASE_KEY_SIZE);
++ if (lreq->flags == SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET_LE)
++ memcpy(lreq->parent_lease_key, lc->lcontext.ParentLeaseKey,
++ SMB2_LEASE_KEY_SIZE);
+ lreq->version = 2;
+ } else {
+ struct create_lease *lc = (struct create_lease *)cc;
--- /dev/null
+From cc00bc83f26eb8f2d8d9f56b949b62fd774d8432 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Wed, 1 May 2024 21:41:50 +0900
+Subject: ksmbd: off ipv6only for both ipv4/ipv6 binding
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit cc00bc83f26eb8f2d8d9f56b949b62fd774d8432 upstream.
+
+ΕΛΕΝΗ reported that ksmbd binds to the IPV6 wildcard (::) by default for
+ipv4 and ipv6 binding. So IPV4 connections are successful only when
+the Linux system parameter bindv6only is set to 0 [default value].
+If this parameter is set to 1, then the ipv6 wildcard only represents
+any IPV6 address. Samba creates different sockets for ipv4 and ipv6
+by default. This patch off sk_ipv6only to support IPV4/IPV6 connections
+without creating two sockets.
+
+Cc: stable@vger.kernel.org
+Reported-by: ΕΛΕΝΗ ΤΖΑΒΕΛΛΑ <helentzavellas@yahoo.gr>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/transport_tcp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/smb/server/transport_tcp.c
++++ b/fs/smb/server/transport_tcp.c
+@@ -446,6 +446,10 @@ static int create_socket(struct interfac
+ sin6.sin6_family = PF_INET6;
+ sin6.sin6_addr = in6addr_any;
+ sin6.sin6_port = htons(server_conf.tcp_port);
++
++ lock_sock(ksmbd_socket->sk);
++ ksmbd_socket->sk->sk_ipv6only = false;
++ release_sock(ksmbd_socket->sk);
+ }
+
+ ksmbd_tcp_nodelay(ksmbd_socket);
--- /dev/null
+From 30153e4466647a17eebfced13eede5cbe4290e69 Mon Sep 17 00:00:00 2001
+From: Kefeng Wang <wangkefeng.wang@huawei.com>
+Date: Fri, 26 Apr 2024 19:29:38 +0800
+Subject: mm: use memalloc_nofs_save() in page_cache_ra_order()
+
+From: Kefeng Wang <wangkefeng.wang@huawei.com>
+
+commit 30153e4466647a17eebfced13eede5cbe4290e69 upstream.
+
+See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"),
+ensure that page_cache_ra_order() do not attempt to reclaim file-backed
+pages too, or it leads to a deadlock, found issue when test ext4 large
+folio.
+
+ INFO: task DataXceiver for:7494 blocked for more than 120 seconds.
+ "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
+ task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200
+ Call trace:
+ __switch_to+0x14c/0x240
+ __schedule+0x82c/0xdd0
+ schedule+0x58/0xf0
+ io_schedule+0x24/0xa0
+ __folio_lock+0x130/0x300
+ migrate_pages_batch+0x378/0x918
+ migrate_pages+0x350/0x700
+ compact_zone+0x63c/0xb38
+ compact_zone_order+0xc0/0x118
+ try_to_compact_pages+0xb0/0x280
+ __alloc_pages_direct_compact+0x98/0x248
+ __alloc_pages+0x510/0x1110
+ alloc_pages+0x9c/0x130
+ folio_alloc+0x20/0x78
+ filemap_alloc_folio+0x8c/0x1b0
+ page_cache_ra_order+0x174/0x308
+ ondemand_readahead+0x1c8/0x2b8
+ page_cache_async_ra+0x68/0xb8
+ filemap_readahead.isra.0+0x64/0xa8
+ filemap_get_pages+0x3fc/0x5b0
+ filemap_splice_read+0xf4/0x280
+ ext4_file_splice_read+0x2c/0x48 [ext4]
+ vfs_splice_read.part.0+0xa8/0x118
+ splice_direct_to_actor+0xbc/0x288
+ do_splice_direct+0x9c/0x108
+ do_sendfile+0x328/0x468
+ __arm64_sys_sendfile64+0x8c/0x148
+ invoke_syscall+0x4c/0x118
+ el0_svc_common.constprop.0+0xc8/0xf0
+ do_el0_svc+0x24/0x38
+ el0_svc+0x4c/0x1f8
+ el0t_64_sync_handler+0xc0/0xc8
+ el0t_64_sync+0x188/0x190
+
+Link: https://lkml.kernel.org/r/20240426112938.124740-1-wangkefeng.wang@huawei.com
+Fixes: 793917d997df ("mm/readahead: Add large folio readahead")
+Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
+Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
+Cc: Zhang Yi <yi.zhang@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/readahead.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/mm/readahead.c
++++ b/mm/readahead.c
+@@ -490,6 +490,7 @@ void page_cache_ra_order(struct readahea
+ pgoff_t index = readahead_index(ractl);
+ pgoff_t limit = (i_size_read(mapping->host) - 1) >> PAGE_SHIFT;
+ pgoff_t mark = index + ra->size - ra->async_size;
++ unsigned int nofs;
+ int err = 0;
+ gfp_t gfp = readahead_gfp_mask(mapping);
+
+@@ -506,6 +507,8 @@ void page_cache_ra_order(struct readahea
+ new_order--;
+ }
+
++ /* See comment in page_cache_ra_unbounded() */
++ nofs = memalloc_nofs_save();
+ filemap_invalidate_lock_shared(mapping);
+ while (index <= limit) {
+ unsigned int order = new_order;
+@@ -534,6 +537,7 @@ void page_cache_ra_order(struct readahea
+
+ read_pages(ractl);
+ filemap_invalidate_unlock_shared(mapping);
++ memalloc_nofs_restore(nofs);
+
+ /*
+ * If there were already pages in the page cache, then we may have
--- /dev/null
+From c88033efe9a391e72ba6b5df4b01d6e628f4e734 Mon Sep 17 00:00:00 2001
+From: Peter Xu <peterx@redhat.com>
+Date: Mon, 22 Apr 2024 09:33:11 -0400
+Subject: mm/userfaultfd: reset ptes when close() for wr-protected ones
+
+From: Peter Xu <peterx@redhat.com>
+
+commit c88033efe9a391e72ba6b5df4b01d6e628f4e734 upstream.
+
+Userfaultfd unregister includes a step to remove wr-protect bits from all
+the relevant pgtable entries, but that only covered an explicit
+UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover
+that too. This fixes a WARN trace.
+
+The only user visible side effect is the user can observe leftover
+wr-protect bits even if the user close()ed on an userfaultfd when
+releasing the last reference of it. However hopefully that should be
+harmless, and nothing bad should happen even if so.
+
+This change is now more important after the recent page-table-check
+patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check:
+support userfault wr-protect entries")), as we'll do sanity check on
+uffd-wp bits without vma context. So it's better if we can 100%
+guarantee no uffd-wp bit leftovers, to make sure each report will be
+valid.
+
+Link: https://lore.kernel.org/all/000000000000ca4df20616a0fe16@google.com/
+Fixes: f369b07c8614 ("mm/uffd: reset write protection when unregister with wp-mode")
+Analyzed-by: David Hildenbrand <david@redhat.com>
+Link: https://lkml.kernel.org/r/20240422133311.2987675-1-peterx@redhat.com
+Reported-by: syzbot+d8426b591c36b21c750e@syzkaller.appspotmail.com
+Signed-off-by: Peter Xu <peterx@redhat.com>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Cc: Nadav Amit <nadav.amit@gmail.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/userfaultfd.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/userfaultfd.c
++++ b/fs/userfaultfd.c
+@@ -921,6 +921,10 @@ static int userfaultfd_release(struct in
+ prev = vma;
+ continue;
+ }
++ /* Reset ptes for the whole vma range if wr-protected */
++ if (userfaultfd_wp(vma))
++ uffd_wp_range(vma, vma->vm_start,
++ vma->vm_end - vma->vm_start, false);
+ new_flags = vma->vm_flags & ~__VM_UFFD_FLAGS;
+ prev = vma_merge(&vmi, mm, prev, vma->vm_start, vma->vm_end,
+ new_flags, vma->anon_vma,
--- /dev/null
+From a26ff37e624d12e28077e5b24d2b264f62764ad6 Mon Sep 17 00:00:00 2001
+From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+Date: Thu, 2 May 2024 10:20:06 -0300
+Subject: net: fix out-of-bounds access in ops_init
+
+From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+
+commit a26ff37e624d12e28077e5b24d2b264f62764ad6 upstream.
+
+net_alloc_generic is called by net_alloc, which is called without any
+locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It
+is read twice, first to allocate an array, then to set s.len, which is
+later used to limit the bounds of the array access.
+
+It is possible that the array is allocated and another thread is
+registering a new pernet ops, increments max_gen_ptrs, which is then used
+to set s.len with a larger than allocated length for the variable array.
+
+Fix it by reading max_gen_ptrs only once in net_alloc_generic. If
+max_gen_ptrs is later incremented, it will be caught in net_assign_generic.
+
+Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+Fixes: 073862ba5d24 ("netns: fix net_alloc_generic()")
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20240502132006.3430840-1-cascardo@igalia.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/net_namespace.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+--- a/net/core/net_namespace.c
++++ b/net/core/net_namespace.c
+@@ -69,12 +69,15 @@ DEFINE_COOKIE(net_cookie);
+
+ static struct net_generic *net_alloc_generic(void)
+ {
++ unsigned int gen_ptrs = READ_ONCE(max_gen_ptrs);
++ unsigned int generic_size;
+ struct net_generic *ng;
+- unsigned int generic_size = offsetof(struct net_generic, ptr[max_gen_ptrs]);
++
++ generic_size = offsetof(struct net_generic, ptr[gen_ptrs]);
+
+ ng = kzalloc(generic_size, GFP_KERNEL);
+ if (ng)
+- ng->s.len = max_gen_ptrs;
++ ng->s.len = gen_ptrs;
+
+ return ng;
+ }
+@@ -1229,7 +1232,11 @@ static int register_pernet_operations(st
+ if (error < 0)
+ return error;
+ *ops->id = error;
+- max_gen_ptrs = max(max_gen_ptrs, *ops->id + 1);
++ /* This does not require READ_ONCE as writers already hold
++ * pernet_ops_rwsem. But WRITE_ONCE is needed to protect
++ * net_alloc_generic.
++ */
++ WRITE_ONCE(max_gen_ptrs, max(max_gen_ptrs, *ops->id + 1));
+ }
+ error = __register_pernet_operations(list, ops);
+ if (error) {
--- /dev/null
+From d5887dc6b6c054d0da3cd053afc15b7be1f45ff6 Mon Sep 17 00:00:00 2001
+From: Sean Anderson <sean.anderson@linux.dev>
+Date: Mon, 22 Apr 2024 12:28:23 -0400
+Subject: nvme-pci: Add quirk for broken MSIs
+
+From: Sean Anderson <sean.anderson@linux.dev>
+
+commit d5887dc6b6c054d0da3cd053afc15b7be1f45ff6 upstream.
+
+Sandisk SN530 NVMe drives have broken MSIs. On systems without MSI-X
+support, all commands time out resulting in the following message:
+
+nvme nvme0: I/O tag 12 (100c) QID 0 timeout, completion polled
+
+These timeouts cause the boot to take an excessively-long time (over 20
+minutes) while the initial command queue is flushed.
+
+Address this by adding a quirk for drives with buggy MSIs. The lspci
+output for this device (recorded on a system with MSI-X support) is:
+
+02:00.0 Non-Volatile memory controller: Sandisk Corp Device 5008 (rev 01) (prog-if 02 [NVM Express])
+ Subsystem: Sandisk Corp Device 5008
+ Flags: bus master, fast devsel, latency 0, IRQ 16, NUMA node 0
+ Memory at f7e00000 (64-bit, non-prefetchable) [size=16K]
+ Memory at f7e04000 (64-bit, non-prefetchable) [size=256]
+ Capabilities: [80] Power Management version 3
+ Capabilities: [90] MSI: Enable- Count=1/32 Maskable- 64bit+
+ Capabilities: [b0] MSI-X: Enable+ Count=17 Masked-
+ Capabilities: [c0] Express Endpoint, MSI 00
+ Capabilities: [100] Advanced Error Reporting
+ Capabilities: [150] Device Serial Number 00-00-00-00-00-00-00-00
+ Capabilities: [1b8] Latency Tolerance Reporting
+ Capabilities: [300] Secondary PCI Express
+ Capabilities: [900] L1 PM Substates
+ Kernel driver in use: nvme
+ Kernel modules: nvme
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/nvme/host/nvme.h | 5 +++++
+ drivers/nvme/host/pci.c | 14 +++++++++++---
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+--- a/drivers/nvme/host/nvme.h
++++ b/drivers/nvme/host/nvme.h
+@@ -161,6 +161,11 @@ enum nvme_quirks {
+ * Disables simple suspend/resume path.
+ */
+ NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND = (1 << 20),
++
++ /*
++ * MSI (but not MSI-X) interrupts are broken and never fire.
++ */
++ NVME_QUIRK_BROKEN_MSI = (1 << 21),
+ };
+
+ /*
+--- a/drivers/nvme/host/pci.c
++++ b/drivers/nvme/host/pci.c
+@@ -2216,6 +2216,7 @@ static int nvme_setup_irqs(struct nvme_d
+ .priv = dev,
+ };
+ unsigned int irq_queues, poll_queues;
++ unsigned int flags = PCI_IRQ_ALL_TYPES | PCI_IRQ_AFFINITY;
+
+ /*
+ * Poll queues don't need interrupts, but we need at least one I/O queue
+@@ -2239,8 +2240,10 @@ static int nvme_setup_irqs(struct nvme_d
+ irq_queues = 1;
+ if (!(dev->ctrl.quirks & NVME_QUIRK_SINGLE_VECTOR))
+ irq_queues += (nr_io_queues - poll_queues);
+- return pci_alloc_irq_vectors_affinity(pdev, 1, irq_queues,
+- PCI_IRQ_ALL_TYPES | PCI_IRQ_AFFINITY, &affd);
++ if (dev->ctrl.quirks & NVME_QUIRK_BROKEN_MSI)
++ flags &= ~PCI_IRQ_MSI;
++ return pci_alloc_irq_vectors_affinity(pdev, 1, irq_queues, flags,
++ &affd);
+ }
+
+ static unsigned int nvme_max_io_queues(struct nvme_dev *dev)
+@@ -2469,6 +2472,7 @@ static int nvme_pci_enable(struct nvme_d
+ {
+ int result = -ENOMEM;
+ struct pci_dev *pdev = to_pci_dev(dev->dev);
++ unsigned int flags = PCI_IRQ_ALL_TYPES;
+
+ if (pci_enable_device_mem(pdev))
+ return result;
+@@ -2485,7 +2489,9 @@ static int nvme_pci_enable(struct nvme_d
+ * interrupts. Pre-enable a single MSIX or MSI vec for setup. We'll
+ * adjust this later.
+ */
+- result = pci_alloc_irq_vectors(pdev, 1, 1, PCI_IRQ_ALL_TYPES);
++ if (dev->ctrl.quirks & NVME_QUIRK_BROKEN_MSI)
++ flags &= ~PCI_IRQ_MSI;
++ result = pci_alloc_irq_vectors(pdev, 1, 1, flags);
+ if (result < 0)
+ goto disable;
+
+@@ -3382,6 +3388,8 @@ static const struct pci_device_id nvme_i
+ .driver_data = NVME_QUIRK_DELAY_BEFORE_CHK_RDY |
+ NVME_QUIRK_DISABLE_WRITE_ZEROES|
+ NVME_QUIRK_IGNORE_DEV_SUBNQN, },
++ { PCI_DEVICE(0x15b7, 0x5008), /* Sandisk SN530 */
++ .driver_data = NVME_QUIRK_BROKEN_MSI },
+ { PCI_DEVICE(0x1987, 0x5012), /* Phison E12 */
+ .driver_data = NVME_QUIRK_BOGUS_NID, },
+ { PCI_DEVICE(0x1987, 0x5016), /* Phison E16 */
--- /dev/null
+From 2a4b49bb58123bad6ec0e07b02845f74c23d5e04 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Thu, 9 May 2024 15:33:04 +0200
+Subject: regulator: core: fix debugfs creation regression
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit 2a4b49bb58123bad6ec0e07b02845f74c23d5e04 upstream.
+
+regulator_get() may sometimes be called more than once for the same
+consumer device, something which before commit dbe954d8f163 ("regulator:
+core: Avoid debugfs: Directory ... already present! error") resulted in
+errors being logged.
+
+A couple of recent commits broke the handling of such cases so that
+attributes are now erroneously created in the debugfs root directory the
+second time a regulator is requested and the log is filled with errors
+like:
+
+ debugfs: File 'uA_load' in directory '/' already present!
+ debugfs: File 'min_uV' in directory '/' already present!
+ debugfs: File 'max_uV' in directory '/' already present!
+ debugfs: File 'constraint_flags' in directory '/' already present!
+
+on any further calls.
+
+Fixes: 2715bb11cfff ("regulator: core: Fix more error checking for debugfs_create_dir()")
+Fixes: 08880713ceec ("regulator: core: Streamline debugfs operations")
+Cc: stable@vger.kernel.org
+Cc: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Link: https://lore.kernel.org/r/20240509133304.8883-1-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/regulator/core.c | 27 ++++++++++++++++-----------
+ 1 file changed, 16 insertions(+), 11 deletions(-)
+
+--- a/drivers/regulator/core.c
++++ b/drivers/regulator/core.c
+@@ -1909,19 +1909,24 @@ static struct regulator *create_regulato
+ }
+ }
+
+- if (err != -EEXIST)
++ if (err != -EEXIST) {
+ regulator->debugfs = debugfs_create_dir(supply_name, rdev->debugfs);
+- if (IS_ERR(regulator->debugfs))
+- rdev_dbg(rdev, "Failed to create debugfs directory\n");
++ if (IS_ERR(regulator->debugfs)) {
++ rdev_dbg(rdev, "Failed to create debugfs directory\n");
++ regulator->debugfs = NULL;
++ }
++ }
+
+- debugfs_create_u32("uA_load", 0444, regulator->debugfs,
+- ®ulator->uA_load);
+- debugfs_create_u32("min_uV", 0444, regulator->debugfs,
+- ®ulator->voltage[PM_SUSPEND_ON].min_uV);
+- debugfs_create_u32("max_uV", 0444, regulator->debugfs,
+- ®ulator->voltage[PM_SUSPEND_ON].max_uV);
+- debugfs_create_file("constraint_flags", 0444, regulator->debugfs,
+- regulator, &constraint_flags_fops);
++ if (regulator->debugfs) {
++ debugfs_create_u32("uA_load", 0444, regulator->debugfs,
++ ®ulator->uA_load);
++ debugfs_create_u32("min_uV", 0444, regulator->debugfs,
++ ®ulator->voltage[PM_SUSPEND_ON].min_uV);
++ debugfs_create_u32("max_uV", 0444, regulator->debugfs,
++ ®ulator->voltage[PM_SUSPEND_ON].max_uV);
++ debugfs_create_file("constraint_flags", 0444, regulator->debugfs,
++ regulator, &constraint_flags_fops);
++ }
+
+ /*
+ * Check now if the regulator is an always on regulator - if
--- /dev/null
+From a222a6470d7eea91193946e8162066fa88da64c2 Mon Sep 17 00:00:00 2001
+From: Dave Airlie <airlied@redhat.com>
+Date: Sat, 11 May 2024 07:01:31 +1000
+Subject: Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()"
+
+From: Dave Airlie <airlied@redhat.com>
+
+commit a222a6470d7eea91193946e8162066fa88da64c2 upstream.
+
+This reverts commit 52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2.
+
+This causes loading failures in
+[ 0.367379] nouveau 0000:01:00.0: NVIDIA GP104 (134000a1)
+[ 0.474499] nouveau 0000:01:00.0: bios: version 86.04.50.80.13
+[ 0.474620] nouveau 0000:01:00.0: pmu: firmware unavailable
+[ 0.474977] nouveau 0000:01:00.0: fb: 8192 MiB GDDR5
+[ 0.484371] nouveau 0000:01:00.0: sec2(acr): mbox 00000001 00000000
+[ 0.484377] nouveau 0000:01:00.0: sec2(acr):load: boot failed: -5
+[ 0.484379] nouveau 0000:01:00.0: acr: init failed, -5
+[ 0.484466] nouveau 0000:01:00.0: init failed with -5
+[ 0.484468] nouveau: DRM-master:00000000:00000080: init failed with -5
+[ 0.484470] nouveau 0000:01:00.0: DRM-master: Device allocation failed: -5
+[ 0.485078] nouveau 0000:01:00.0: probe with driver nouveau failed with error -50
+
+I tried tracking it down but ran out of time this week, will revisit next week.
+
+Reported-by: Dan Moulding <dan@danm.net>
+Cc: stable@vger.kernel.org
+Signed-off-by: Dave Airlie <airlied@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/nouveau/nvkm/core/firmware.c | 19 +++++++------------
+ 1 file changed, 7 insertions(+), 12 deletions(-)
+
+--- a/drivers/gpu/drm/nouveau/nvkm/core/firmware.c
++++ b/drivers/gpu/drm/nouveau/nvkm/core/firmware.c
+@@ -187,9 +187,7 @@ nvkm_firmware_dtor(struct nvkm_firmware
+ break;
+ case NVKM_FIRMWARE_IMG_DMA:
+ nvkm_memory_unref(&memory);
+- dma_unmap_single(fw->device->dev, fw->phys, sg_dma_len(&fw->mem.sgl),
+- DMA_TO_DEVICE);
+- kfree(fw->img);
++ dma_free_coherent(fw->device->dev, sg_dma_len(&fw->mem.sgl), fw->img, fw->phys);
+ break;
+ default:
+ WARN_ON(1);
+@@ -213,17 +211,14 @@ nvkm_firmware_ctor(const struct nvkm_fir
+ fw->img = kmemdup(src, fw->len, GFP_KERNEL);
+ break;
+ case NVKM_FIRMWARE_IMG_DMA: {
++ dma_addr_t addr;
++
+ len = ALIGN(fw->len, PAGE_SIZE);
+
+- fw->img = kmalloc(len, GFP_KERNEL);
+- if (!fw->img)
+- return -ENOMEM;
+-
+- memcpy(fw->img, src, fw->len);
+- fw->phys = dma_map_single(fw->device->dev, fw->img, len, DMA_TO_DEVICE);
+- if (dma_mapping_error(fw->device->dev, fw->phys)) {
+- kfree(fw->img);
+- return -EFAULT;
++ fw->img = dma_alloc_coherent(fw->device->dev, len, &addr, GFP_KERNEL);
++ if (fw->img) {
++ memcpy(fw->img, src, fw->len);
++ fw->phys = addr;
+ }
+
+ sg_init_one(&fw->mem.sgl, fw->img, len);
--- /dev/null
+From 7e6423441b36e3a03907e2df84b73c414c9c3763 Mon Sep 17 00:00:00 2001
+From: Michael Ellerman <mpe@ellerman.id.au>
+Date: Mon, 6 May 2024 21:58:25 +1000
+Subject: selftests/mm: fix powerpc ARCH check
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+commit 7e6423441b36e3a03907e2df84b73c414c9c3763 upstream.
+
+In commit 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM")
+the logic to detect the machine architecture in the Makefile was changed
+to use ARCH, and only fallback to uname -m if ARCH is unset. However the
+tests of ARCH were not updated to account for the fact that ARCH is
+"powerpc" for powerpc builds, not "ppc64".
+
+Fix it by changing the checks to look for "powerpc", and change the
+uname -m logic to convert "ppc64.*" into "powerpc".
+
+With that fixed the following tests now build for powerpc again:
+ * protection_keys
+ * va_high_addr_switch
+ * virtual_address_range
+ * write_to_hugetlbfs
+
+Link: https://lkml.kernel.org/r/20240506115825.66415-1-mpe@ellerman.id.au
+Fixes: 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM")
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Cc: Mark Brown <broonie@kernel.org>
+Cc: <stable@vger.kernel.org> [6.4+]
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/mm/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/tools/testing/selftests/mm/Makefile
++++ b/tools/testing/selftests/mm/Makefile
+@@ -12,7 +12,7 @@ uname_M := $(shell uname -m 2>/dev/null
+ else
+ uname_M := $(shell echo $(CROSS_COMPILE) | grep -o '^[a-z0-9]\+')
+ endif
+-ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/ppc64/')
++ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/powerpc/')
+ endif
+
+ # Without this, failed build products remain, with up-to-date timestamps,
+@@ -95,13 +95,13 @@ TEST_GEN_FILES += $(BINARIES_64)
+ endif
+ else
+
+-ifneq (,$(findstring $(ARCH),ppc64))
++ifneq (,$(findstring $(ARCH),powerpc))
+ TEST_GEN_FILES += protection_keys
+ endif
+
+ endif
+
+-ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 ppc64 riscv64 s390x sparc64 x86_64))
++ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64))
+ TEST_GEN_FILES += va_high_addr_switch
+ TEST_GEN_FILES += virtual_address_range
+ TEST_GEN_FILES += write_to_hugetlbfs
clk-sunxi-ng-common-support-minimum-and-maximum-rate.patch
clk-sunxi-ng-a64-set-minimum-and-maximum-rate-for-pll-mipi.patch
mei-me-add-lunar-lake-point-m-did.patch
+drm-nouveau-firmware-fix-sg_debug-error-with-nvkm_firmware_ctor.patch
+revert-drm-nouveau-firmware-fix-sg_debug-error-with-nvkm_firmware_ctor.patch
+drm-amdkfd-don-t-allow-mapping-the-mmio-hdp-page-with-large-pages.patch
+drm-ttm-print-the-memory-decryption-status-just-once.patch
+drm-vmwgfx-fix-legacy-display-unit.patch
+drm-vmwgfx-fix-invalid-reads-in-fence-signaled-events.patch
+drm-i915-audio-fix-audio-time-stamp-programming-for-dp.patch
+drm-i915-gt-automate-ccs-mode-setting-during-engine-resets.patch
+drm-i915-bios-fix-parsing-backlight-bdb-data.patch
+drm-amd-display-handle-y-carry-over-in-vcp-x.y-calculation.patch
+drm-amd-display-fix-incorrect-dsc-instance-for-mst.patch
+arm64-dts-qcom-sa8155p-adp-fix-sdhc2-cd-pin-configuration.patch
+net-fix-out-of-bounds-access-in-ops_init.patch
+hwmon-pmbus-ucd9000-increase-delay-from-250-to-500us.patch
+x86-apic-don-t-access-the-apic-when-disabling-x2apic.patch
+selftests-mm-fix-powerpc-arch-check.patch
+mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch
+mm-userfaultfd-reset-ptes-when-close-for-wr-protected-ones.patch
+nvme-pci-add-quirk-for-broken-msis.patch
+regulator-core-fix-debugfs-creation-regression.patch
+spi-microchip-core-qspi-fix-setting-spi-bus-clock-rate.patch
+ksmbd-off-ipv6only-for-both-ipv4-ipv6-binding.patch
+ksmbd-avoid-to-send-duplicate-lease-break-notifications.patch
+ksmbd-do-not-grant-v2-lease-if-parent-lease-key-and-epoch-are-not-set.patch
+tracefs-reset-permissions-on-remount-if-permissions-are-options.patch
+tracefs-still-use-mount-point-as-default-permissions-for-instances.patch
+eventfs-do-not-differentiate-the-toplevel-events-directory.patch
+eventfs-do-not-treat-events-directory-different-than-other-directories.patch
--- /dev/null
+From ef13561d2b163ac0ae6befa53bca58a26dc3320b Mon Sep 17 00:00:00 2001
+From: Conor Dooley <conor.dooley@microchip.com>
+Date: Wed, 8 May 2024 16:46:51 +0100
+Subject: spi: microchip-core-qspi: fix setting spi bus clock rate
+
+From: Conor Dooley <conor.dooley@microchip.com>
+
+commit ef13561d2b163ac0ae6befa53bca58a26dc3320b upstream.
+
+Before ORing the new clock rate with the control register value read
+from the hardware, the existing clock rate needs to be masked off as
+otherwise the existing value will interfere with the new one.
+
+CC: stable@vger.kernel.org
+Fixes: 8596124c4c1b ("spi: microchip-core-qspi: Add support for microchip fpga qspi controllers")
+Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
+Reviewed-by: Tudor Ambarus <tudor.ambarus@linaro.org>
+Link: https://lore.kernel.org/r/20240508-fox-unpiloted-b97e1535627b@spud
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/spi/spi-microchip-core-qspi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/spi/spi-microchip-core-qspi.c
++++ b/drivers/spi/spi-microchip-core-qspi.c
+@@ -283,6 +283,7 @@ static int mchp_coreqspi_setup_clock(str
+ }
+
+ control = readl_relaxed(qspi->regs + REG_CONTROL);
++ control &= ~CONTROL_CLKRATE_MASK;
+ control |= baud_rate_val << CONTROL_CLKRATE_SHIFT;
+ writel_relaxed(control, qspi->regs + REG_CONTROL);
+ control = readl_relaxed(qspi->regs + REG_CONTROL);
--- /dev/null
+From baa23a8d4360d981a49913841a726edede5cdd54 Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
+Date: Thu, 2 May 2024 16:08:23 -0400
+Subject: tracefs: Reset permissions on remount if permissions are options
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+commit baa23a8d4360d981a49913841a726edede5cdd54 upstream.
+
+There's an inconsistency with the way permissions are handled in tracefs.
+Because the permissions are generated when accessed, they default to the
+root inode's permission if they were never set by the user. If the user
+sets the permissions, then a flag is set and the permissions are saved via
+the inode (for tracefs files) or an internal attribute field (for
+eventfs).
+
+But if a remount happens that specify the permissions, all the files that
+were not changed by the user gets updated, but the ones that were are not.
+If the user were to remount the file system with a given permission, then
+all files and directories within that file system should be updated.
+
+This can cause security issues if a file's permission was updated but the
+admin forgot about it. They could incorrectly think that remounting with
+permissions set would update all files, but miss some.
+
+For example:
+
+ # cd /sys/kernel/tracing
+ # chgrp 1002 current_tracer
+ # ls -l
+[..]
+ -rw-r----- 1 root root 0 May 1 21:25 buffer_size_kb
+ -rw-r----- 1 root root 0 May 1 21:25 buffer_subbuf_size_kb
+ -r--r----- 1 root root 0 May 1 21:25 buffer_total_size_kb
+ -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer
+ -rw-r----- 1 root root 0 May 1 21:25 dynamic_events
+ -r--r----- 1 root root 0 May 1 21:25 dyn_ftrace_total_info
+ -r--r----- 1 root root 0 May 1 21:25 enabled_functions
+
+Where current_tracer now has group "lkp".
+
+ # mount -o remount,gid=1001 .
+ # ls -l
+ -rw-r----- 1 root tracing 0 May 1 21:25 buffer_size_kb
+ -rw-r----- 1 root tracing 0 May 1 21:25 buffer_subbuf_size_kb
+ -r--r----- 1 root tracing 0 May 1 21:25 buffer_total_size_kb
+ -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer
+ -rw-r----- 1 root tracing 0 May 1 21:25 dynamic_events
+ -r--r----- 1 root tracing 0 May 1 21:25 dyn_ftrace_total_info
+ -r--r----- 1 root tracing 0 May 1 21:25 enabled_functions
+
+Everything changed but the "current_tracer".
+
+Add a new link list that keeps track of all the tracefs_inodes which has
+the permission flags that tell if the file/dir should use the root inode's
+permission or not. Then on remount, clear all the flags so that the
+default behavior of using the root inode's permission is done for all
+files and directories.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.529542160@goodmis.org
+
+Cc: stable@vger.kernel.org
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership")
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/tracefs/event_inode.c | 29 ++++++++++++++++++++
+ fs/tracefs/inode.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++-
+ fs/tracefs/internal.h | 7 ++++-
+ 3 files changed, 99 insertions(+), 2 deletions(-)
+
+--- a/fs/tracefs/event_inode.c
++++ b/fs/tracefs/event_inode.c
+@@ -265,6 +265,35 @@ static const struct file_operations even
+ .llseek = generic_file_llseek,
+ };
+
++/*
++ * On a remount of tracefs, if UID or GID options are set, then
++ * the mount point inode permissions should be used.
++ * Reset the saved permission flags appropriately.
++ */
++void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid)
++{
++ struct eventfs_inode *ei = ti->private;
++
++ if (!ei)
++ return;
++
++ if (update_uid)
++ ei->attr.mode &= ~EVENTFS_SAVE_UID;
++
++ if (update_gid)
++ ei->attr.mode &= ~EVENTFS_SAVE_GID;
++
++ if (!ei->entry_attrs)
++ return;
++
++ for (int i = 0; i < ei->nr_entries; i++) {
++ if (update_uid)
++ ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_UID;
++ if (update_gid)
++ ei->entry_attrs[i].mode &= ~EVENTFS_SAVE_GID;
++ }
++}
++
+ /* Return the evenfs_inode of the "events" directory */
+ static struct eventfs_inode *eventfs_find_events(struct dentry *dentry)
+ {
+--- a/fs/tracefs/inode.c
++++ b/fs/tracefs/inode.c
+@@ -30,20 +30,47 @@ static struct vfsmount *tracefs_mount;
+ static int tracefs_mount_count;
+ static bool tracefs_registered;
+
++/*
++ * Keep track of all tracefs_inodes in order to update their
++ * flags if necessary on a remount.
++ */
++static DEFINE_SPINLOCK(tracefs_inode_lock);
++static LIST_HEAD(tracefs_inodes);
++
+ static struct inode *tracefs_alloc_inode(struct super_block *sb)
+ {
+ struct tracefs_inode *ti;
++ unsigned long flags;
+
+ ti = kmem_cache_alloc(tracefs_inode_cachep, GFP_KERNEL);
+ if (!ti)
+ return NULL;
+
++ spin_lock_irqsave(&tracefs_inode_lock, flags);
++ list_add_rcu(&ti->list, &tracefs_inodes);
++ spin_unlock_irqrestore(&tracefs_inode_lock, flags);
++
+ return &ti->vfs_inode;
+ }
+
++static void tracefs_free_inode_rcu(struct rcu_head *rcu)
++{
++ struct tracefs_inode *ti;
++
++ ti = container_of(rcu, struct tracefs_inode, rcu);
++ kmem_cache_free(tracefs_inode_cachep, ti);
++}
++
+ static void tracefs_free_inode(struct inode *inode)
+ {
+- kmem_cache_free(tracefs_inode_cachep, get_tracefs(inode));
++ struct tracefs_inode *ti = get_tracefs(inode);
++ unsigned long flags;
++
++ spin_lock_irqsave(&tracefs_inode_lock, flags);
++ list_del_rcu(&ti->list);
++ spin_unlock_irqrestore(&tracefs_inode_lock, flags);
++
++ call_rcu(&ti->rcu, tracefs_free_inode_rcu);
+ }
+
+ static ssize_t default_read_file(struct file *file, char __user *buf,
+@@ -313,6 +340,8 @@ static int tracefs_apply_options(struct
+ struct tracefs_fs_info *fsi = sb->s_fs_info;
+ struct inode *inode = d_inode(sb->s_root);
+ struct tracefs_mount_opts *opts = &fsi->mount_opts;
++ struct tracefs_inode *ti;
++ bool update_uid, update_gid;
+ umode_t tmp_mode;
+
+ /*
+@@ -332,6 +361,25 @@ static int tracefs_apply_options(struct
+ if (!remount || opts->opts & BIT(Opt_gid))
+ inode->i_gid = opts->gid;
+
++ if (remount && (opts->opts & BIT(Opt_uid) || opts->opts & BIT(Opt_gid))) {
++
++ update_uid = opts->opts & BIT(Opt_uid);
++ update_gid = opts->opts & BIT(Opt_gid);
++
++ rcu_read_lock();
++ list_for_each_entry_rcu(ti, &tracefs_inodes, list) {
++ if (update_uid)
++ ti->flags &= ~TRACEFS_UID_PERM_SET;
++
++ if (update_gid)
++ ti->flags &= ~TRACEFS_GID_PERM_SET;
++
++ if (ti->flags & TRACEFS_EVENT_INODE)
++ eventfs_remount(ti, update_uid, update_gid);
++ }
++ rcu_read_unlock();
++ }
++
+ return 0;
+ }
+
+@@ -398,7 +446,22 @@ static int tracefs_d_revalidate(struct d
+ return !(ei && ei->is_freed);
+ }
+
++static void tracefs_d_iput(struct dentry *dentry, struct inode *inode)
++{
++ struct tracefs_inode *ti = get_tracefs(inode);
++
++ /*
++ * This inode is being freed and cannot be used for
++ * eventfs. Clear the flag so that it doesn't call into
++ * eventfs during the remount flag updates. The eventfs_inode
++ * gets freed after an RCU cycle, so the content will still
++ * be safe if the iteration is going on now.
++ */
++ ti->flags &= ~TRACEFS_EVENT_INODE;
++}
++
+ static const struct dentry_operations tracefs_dentry_operations = {
++ .d_iput = tracefs_d_iput,
+ .d_revalidate = tracefs_d_revalidate,
+ .d_release = tracefs_d_release,
+ };
+--- a/fs/tracefs/internal.h
++++ b/fs/tracefs/internal.h
+@@ -11,8 +11,12 @@ enum {
+ };
+
+ struct tracefs_inode {
+- struct inode vfs_inode;
++ union {
++ struct inode vfs_inode;
++ struct rcu_head rcu;
++ };
+ /* The below gets initialized with memset_after(ti, 0, vfs_inode) */
++ struct list_head list;
+ unsigned long flags;
+ void *private;
+ };
+@@ -75,6 +79,7 @@ struct dentry *tracefs_end_creating(stru
+ struct dentry *tracefs_failed_creating(struct dentry *dentry);
+ struct inode *tracefs_get_inode(struct super_block *sb);
+
++void eventfs_remount(struct tracefs_inode *ti, bool update_uid, bool update_gid);
+ void eventfs_d_release(struct dentry *dentry);
+
+ #endif /* _TRACEFS_INTERNAL_H */
--- /dev/null
+From 6599bd5517be66c8344f869f3ca3a91bc10f2b9e Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
+Date: Thu, 2 May 2024 16:08:24 -0400
+Subject: tracefs: Still use mount point as default permissions for instances
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+commit 6599bd5517be66c8344f869f3ca3a91bc10f2b9e upstream.
+
+If the instances directory's permissions were never change, then have it
+and its children use the mount point permissions as the default.
+
+Currently, the permissions of instance directories are determined by the
+instance directory's permissions itself. But if the tracefs file system is
+remounted and changes the permissions, the instance directory and its
+children should use the new permission.
+
+But because both the instance directory and its children use the instance
+directory's inode for permissions, it misses the update.
+
+To demonstrate this:
+
+ # cd /sys/kernel/tracing/
+ # mkdir instances/foo
+ # ls -ld instances/foo
+ drwxr-x--- 5 root root 0 May 1 19:07 instances/foo
+ # ls -ld instances
+ drwxr-x--- 3 root root 0 May 1 18:57 instances
+ # ls -ld current_tracer
+ -rw-r----- 1 root root 0 May 1 18:57 current_tracer
+
+ # mount -o remount,gid=1002 .
+ # ls -ld instances
+ drwxr-x--- 3 root root 0 May 1 18:57 instances
+ # ls -ld instances/foo/
+ drwxr-x--- 5 root root 0 May 1 19:07 instances/foo/
+ # ls -ld current_tracer
+ -rw-r----- 1 root lkp 0 May 1 18:57 current_tracer
+
+Notice that changing the group id to that of "lkp" did not affect the
+instances directory nor its children. It should have been:
+
+ # ls -ld current_tracer
+ -rw-r----- 1 root root 0 May 1 19:19 current_tracer
+ # ls -ld instances/foo/
+ drwxr-x--- 5 root root 0 May 1 19:25 instances/foo/
+ # ls -ld instances
+ drwxr-x--- 3 root root 0 May 1 19:19 instances
+
+ # mount -o remount,gid=1002 .
+ # ls -ld current_tracer
+ -rw-r----- 1 root lkp 0 May 1 19:19 current_tracer
+ # ls -ld instances
+ drwxr-x--- 3 root lkp 0 May 1 19:19 instances
+ # ls -ld instances/foo/
+ drwxr-x--- 5 root lkp 0 May 1 19:25 instances/foo/
+
+Where all files were updated by the remount gid update.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.686838327@goodmis.org
+
+Cc: stable@vger.kernel.org
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership")
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/tracefs/inode.c | 27 +++++++++++++++++++++++++--
+ 1 file changed, 25 insertions(+), 2 deletions(-)
+
+--- a/fs/tracefs/inode.c
++++ b/fs/tracefs/inode.c
+@@ -180,16 +180,39 @@ static void set_tracefs_inode_owner(stru
+ {
+ struct tracefs_inode *ti = get_tracefs(inode);
+ struct inode *root_inode = ti->private;
++ kuid_t uid;
++ kgid_t gid;
++
++ uid = root_inode->i_uid;
++ gid = root_inode->i_gid;
++
++ /*
++ * If the root is not the mount point, then check the root's
++ * permissions. If it was never set, then default to the
++ * mount point.
++ */
++ if (root_inode != d_inode(root_inode->i_sb->s_root)) {
++ struct tracefs_inode *rti;
++
++ rti = get_tracefs(root_inode);
++ root_inode = d_inode(root_inode->i_sb->s_root);
++
++ if (!(rti->flags & TRACEFS_UID_PERM_SET))
++ uid = root_inode->i_uid;
++
++ if (!(rti->flags & TRACEFS_GID_PERM_SET))
++ gid = root_inode->i_gid;
++ }
+
+ /*
+ * If this inode has never been referenced, then update
+ * the permissions to the superblock.
+ */
+ if (!(ti->flags & TRACEFS_UID_PERM_SET))
+- inode->i_uid = root_inode->i_uid;
++ inode->i_uid = uid;
+
+ if (!(ti->flags & TRACEFS_GID_PERM_SET))
+- inode->i_gid = root_inode->i_gid;
++ inode->i_gid = gid;
+ }
+
+ static int tracefs_permission(struct mnt_idmap *idmap,
--- /dev/null
+From 720a22fd6c1cdadf691281909950c0cbc5cdf17e Mon Sep 17 00:00:00 2001
+From: Thomas Gleixner <tglx@linutronix.de>
+Date: Fri, 26 Apr 2024 00:30:36 +0200
+Subject: x86/apic: Don't access the APIC when disabling x2APIC
+
+From: Thomas Gleixner <tglx@linutronix.de>
+
+commit 720a22fd6c1cdadf691281909950c0cbc5cdf17e upstream.
+
+With 'iommu=off' on the kernel command line and x2APIC enabled by the BIOS
+the code which disables the x2APIC triggers an unchecked MSR access error:
+
+ RDMSR from 0x802 at rIP: 0xffffffff94079992 (native_apic_msr_read+0x12/0x50)
+
+This is happens because default_acpi_madt_oem_check() selects an x2APIC
+driver before the x2APIC is disabled.
+
+When the x2APIC is disabled because interrupt remapping cannot be enabled
+due to 'iommu=off' on the command line, x2apic_disable() invokes
+apic_set_fixmap() which in turn tries to read the APIC ID. This triggers
+the MSR warning because x2APIC is disabled, but the APIC driver is still
+x2APIC based.
+
+Prevent that by adding an argument to apic_set_fixmap() which makes the
+APIC ID read out conditional and set it to false from the x2APIC disable
+path. That's correct as the APIC ID has already been read out during early
+discovery.
+
+Fixes: d10a904435fa ("x86/apic: Consolidate boot_cpu_physical_apicid initialization sites")
+Reported-by: Adrian Huang <ahuang12@lenovo.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Signed-off-by: Ingo Molnar <mingo@kernel.org>
+Tested-by: Adrian Huang <ahuang12@lenovo.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/875xw5t6r7.ffs@tglx
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/apic/apic.c | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/kernel/apic/apic.c
++++ b/arch/x86/kernel/apic/apic.c
+@@ -1808,7 +1808,7 @@ void x2apic_setup(void)
+ __x2apic_enable();
+ }
+
+-static __init void apic_set_fixmap(void);
++static __init void apic_set_fixmap(bool read_apic);
+
+ static __init void x2apic_disable(void)
+ {
+@@ -1830,7 +1830,12 @@ static __init void x2apic_disable(void)
+ }
+
+ __x2apic_disable();
+- apic_set_fixmap();
++ /*
++ * Don't reread the APIC ID as it was already done from
++ * check_x2apic() and the APIC driver still is a x2APIC variant,
++ * which fails to do the read after x2APIC was disabled.
++ */
++ apic_set_fixmap(false);
+ }
+
+ static __init void x2apic_enable(void)
+@@ -2095,13 +2100,14 @@ void __init init_apic_mappings(void)
+ }
+ }
+
+-static __init void apic_set_fixmap(void)
++static __init void apic_set_fixmap(bool read_apic)
+ {
+ set_fixmap_nocache(FIX_APIC_BASE, mp_lapic_addr);
+ apic_mmio_base = APIC_BASE;
+ apic_printk(APIC_VERBOSE, "mapped APIC to %16lx (%16lx)\n",
+ apic_mmio_base, mp_lapic_addr);
+- apic_read_boot_cpu_id(false);
++ if (read_apic)
++ apic_read_boot_cpu_id(false);
+ }
+
+ void __init register_lapic_address(unsigned long address)
+@@ -2111,7 +2117,7 @@ void __init register_lapic_address(unsig
+ mp_lapic_addr = address;
+
+ if (!x2apic_mode)
+- apic_set_fixmap();
++ apic_set_fixmap(true);
+ }
+
+ /*
projects / thirdparty / kernel / stable-queue.git / commitdiff
