--- /dev/null
+From 4715b8c61f49c683df327db26feff2138042e55e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 30 Apr 2021 16:22:51 +0200
+Subject: efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
+
+From: Heiner Kallweit <hkallweit1@gmail.com>
+
+[ Upstream commit 45add3cc99feaaf57d4b6f01d52d532c16a1caee ]
+
+UEFI spec 2.9, p.108, table 4-1 lists the scenario that both attributes
+are cleared with the description "No memory access protection is
+possible for Entry". So we can have valid entries where both attributes
+are cleared, so remove the check.
+
+Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
+Fixes: 10f0d2f577053 ("efi: Implement generic support for the Memory Attributes table")
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/firmware/efi/memattr.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c
+index aac972b056d9..e0889922cc6d 100644
+--- a/drivers/firmware/efi/memattr.c
++++ b/drivers/firmware/efi/memattr.c
+@@ -69,11 +69,6 @@ static bool entry_is_valid(const efi_memory_desc_t *in, efi_memory_desc_t *out)
+ return false;
+ }
+
+- if (!(in->attribute & (EFI_MEMORY_RO | EFI_MEMORY_XP))) {
+- pr_warn("Entry attributes invalid: RO and XP bits both cleared\n");
+- return false;
+- }
+-
+ if (PAGE_SIZE > EFI_PAGE_SIZE &&
+ (!PAGE_ALIGNED(in->phys_addr) ||
+ !PAGE_ALIGNED(in->num_pages << EFI_PAGE_SHIFT))) {
+--
+2.30.2
+
--- /dev/null
+From eb29b9712e2605aac0bb0d621d075b9f08a12793 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 21 Apr 2021 21:46:36 +0200
+Subject: efi: cper: fix snprintf() use in cper_dimm_err_location()
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+[ Upstream commit 942859d969de7f6f7f2659a79237a758b42782da ]
+
+snprintf() should be given the full buffer size, not one less. And it
+guarantees nul-termination, so doing it manually afterwards is
+pointless.
+
+It's even potentially harmful (though probably not in practice because
+CPER_REC_LEN is 256), due to the "return how much would have been
+written had the buffer been big enough" semantics. I.e., if the bank
+and/or device strings are long enough that the "DIMM location ..."
+output gets truncated, writing to msg[n] is a buffer overflow.
+
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Fixes: 3760cd20402d4 ("CPER: Adjust code flow of some functions")
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/firmware/efi/cper.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c
+index 116989cf3d45..97da083afd32 100644
+--- a/drivers/firmware/efi/cper.c
++++ b/drivers/firmware/efi/cper.c
+@@ -275,8 +275,7 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg)
+ if (!msg || !(mem->validation_bits & CPER_MEM_VALID_MODULE_HANDLE))
+ return 0;
+
+- n = 0;
+- len = CPER_REC_LEN - 1;
++ len = CPER_REC_LEN;
+ dmi_memdev_name(mem->mem_dev_handle, &bank, &device);
+ if (bank && device)
+ n = snprintf(msg, len, "DIMM location: %s %s ", bank, device);
+@@ -285,7 +284,6 @@ static int cper_dimm_err_location(struct cper_mem_err_compact *mem, char *msg)
+ "DIMM location: not present. DMI handle: 0x%.4x ",
+ mem->mem_dev_handle);
+
+- msg[n] = '\0';
+ return n;
+ }
+
+--
+2.30.2
+
--- /dev/null
+From c322334ddb875571a58c529c8e89901b67bce3df Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 14 May 2021 15:58:50 +0200
+Subject: HID: i2c-hid: fix format string mismatch
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+[ Upstream commit dc5f9f55502e13ba05731d5046a14620aa2ff456 ]
+
+clang doesn't like printing a 32-bit integer using %hX format string:
+
+drivers/hid/i2c-hid/i2c-hid-core.c:994:18: error: format specifies type 'unsigned short' but the argument has type '__u32' (aka 'unsigned int') [-Werror,-Wformat]
+ client->name, hid->vendor, hid->product);
+ ^~~~~~~~~~~
+drivers/hid/i2c-hid/i2c-hid-core.c:994:31: error: format specifies type 'unsigned short' but the argument has type '__u32' (aka 'unsigned int') [-Werror,-Wformat]
+ client->name, hid->vendor, hid->product);
+ ^~~~~~~~~~~~
+
+Use an explicit cast to truncate it to the low 16 bits instead.
+
+Fixes: 9ee3e06610fd ("HID: i2c-hid: override HID descriptors for certain devices")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/i2c-hid/i2c-hid-core.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/hid/i2c-hid/i2c-hid-core.c b/drivers/hid/i2c-hid/i2c-hid-core.c
+index 1f8d403d3db4..19f4b807a5d1 100644
+--- a/drivers/hid/i2c-hid/i2c-hid-core.c
++++ b/drivers/hid/i2c-hid/i2c-hid-core.c
+@@ -1160,8 +1160,8 @@ static int i2c_hid_probe(struct i2c_client *client,
+ hid->vendor = le16_to_cpu(ihid->hdesc.wVendorID);
+ hid->product = le16_to_cpu(ihid->hdesc.wProductID);
+
+- snprintf(hid->name, sizeof(hid->name), "%s %04hX:%04hX",
+- client->name, hid->vendor, hid->product);
++ snprintf(hid->name, sizeof(hid->name), "%s %04X:%04X",
++ client->name, (u16)hid->vendor, (u16)hid->product);
+ strlcpy(hid->phys, dev_name(&client->dev), sizeof(hid->phys));
+
+ ihid->quirks = i2c_hid_lookup_quirk(hid->vendor, hid->product);
+--
+2.30.2
+
--- /dev/null
+From 1f38f460625d392783cac7bbe9affce38b162a64 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 8 May 2021 10:47:37 +0800
+Subject: HID: pidff: fix error return code in hid_pidff_init()
+
+From: Zhen Lei <thunder.leizhen@huawei.com>
+
+[ Upstream commit 3dd653c077efda8152f4dd395359617d577a54cd ]
+
+Fix to return a negative error code from the error handling
+case instead of 0, as done elsewhere in this function.
+
+Fixes: 224ee88fe395 ("Input: add force feedback driver for PID devices")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/usbhid/hid-pidff.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/hid/usbhid/hid-pidff.c b/drivers/hid/usbhid/hid-pidff.c
+index 08174d341f4a..bc75f1efa0f4 100644
+--- a/drivers/hid/usbhid/hid-pidff.c
++++ b/drivers/hid/usbhid/hid-pidff.c
+@@ -1304,6 +1304,7 @@ int hid_pidff_init(struct hid_device *hid)
+
+ if (pidff->pool[PID_DEVICE_MANAGED_POOL].value &&
+ pidff->pool[PID_DEVICE_MANAGED_POOL].value[0] == 0) {
++ error = -EPERM;
+ hid_notice(hid,
+ "device does not support device managed pool\n");
+ goto fail;
+--
+2.30.2
+
--- /dev/null
+From 778d2dbcd1ba25c871b61834f428edc522520cd7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 25 May 2021 18:40:50 +0530
+Subject: i2c: qcom-geni: Add shutdown callback for i2c
+
+From: Roja Rani Yarubandi <rojay@codeaurora.org>
+
+[ Upstream commit 9f78c607600ce4f2a952560de26534715236f612 ]
+
+If the hardware is still accessing memory after SMMU translation
+is disabled (as part of smmu shutdown callback), then the
+IOVAs (I/O virtual address) which it was using will go on the bus
+as the physical addresses which will result in unknown crashes
+like NoC/interconnect errors.
+
+So, implement shutdown callback for i2c driver to suspend the bus
+during system "reboot" or "shutdown".
+
+Fixes: 37692de5d523 ("i2c: i2c-qcom-geni: Add bus driver for the Qualcomm GENI I2C controller")
+Signed-off-by: Roja Rani Yarubandi <rojay@codeaurora.org>
+Reviewed-by: Stephen Boyd <swboyd@chromium.org>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-qcom-geni.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/drivers/i2c/busses/i2c-qcom-geni.c b/drivers/i2c/busses/i2c-qcom-geni.c
+index d7329177b0ea..12f4dd273755 100644
+--- a/drivers/i2c/busses/i2c-qcom-geni.c
++++ b/drivers/i2c/busses/i2c-qcom-geni.c
+@@ -615,6 +615,14 @@ static int geni_i2c_remove(struct platform_device *pdev)
+ return 0;
+ }
+
++static void geni_i2c_shutdown(struct platform_device *pdev)
++{
++ struct geni_i2c_dev *gi2c = platform_get_drvdata(pdev);
++
++ /* Make client i2c transfers start failing */
++ i2c_mark_adapter_suspended(&gi2c->adap);
++}
++
+ static int __maybe_unused geni_i2c_runtime_suspend(struct device *dev)
+ {
+ int ret;
+@@ -675,6 +683,7 @@ MODULE_DEVICE_TABLE(of, geni_i2c_dt_match);
+ static struct platform_driver geni_i2c_driver = {
+ .probe = geni_i2c_probe,
+ .remove = geni_i2c_remove,
++ .shutdown = geni_i2c_shutdown,
+ .driver = {
+ .name = "geni_i2c",
+ .pm = &geni_i2c_pm_ops,
+--
+2.30.2
+
--- /dev/null
+From ecc44167c3bb60a53f07ec91a57135c1f2c5bb47 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 8 May 2021 14:25:17 +0800
+Subject: ieee802154: fix error return code in ieee802154_add_iface()
+
+From: Zhen Lei <thunder.leizhen@huawei.com>
+
+[ Upstream commit 79c6b8ed30e54b401c873dbad2511f2a1c525fd5 ]
+
+Fix to return a negative error code from the error handling
+case instead of 0, as done elsewhere in this function.
+
+Fixes: be51da0f3e34 ("ieee802154: Stop using NLA_PUT*().")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
+Link: https://lore.kernel.org/r/20210508062517.2574-1-thunder.leizhen@huawei.com
+Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ieee802154/nl-phy.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c
+index b231e40f006a..ca1dd9ff07ab 100644
+--- a/net/ieee802154/nl-phy.c
++++ b/net/ieee802154/nl-phy.c
+@@ -249,8 +249,10 @@ int ieee802154_add_iface(struct sk_buff *skb, struct genl_info *info)
+ }
+
+ if (nla_put_string(msg, IEEE802154_ATTR_PHY_NAME, wpan_phy_name(phy)) ||
+- nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name))
++ nla_put_string(msg, IEEE802154_ATTR_DEV_NAME, dev->name)) {
++ rc = -EMSGSIZE;
+ goto nla_put_failure;
++ }
+ dev_put(dev);
+
+ wpan_phy_put(phy);
+--
+2.30.2
+
--- /dev/null
+From 04acf940b09d9220bb1be99261f97213369c66eb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 19 May 2021 14:16:14 +0000
+Subject: ieee802154: fix error return code in ieee802154_llsec_getparams()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+[ Upstream commit 373e864cf52403b0974c2f23ca8faf9104234555 ]
+
+Fix to return negative error code -ENOBUFS from the error handling
+case instead of 0, as done elsewhere in this function.
+
+Fixes: 3e9c156e2c21 ("ieee802154: add netlink interfaces for llsec")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Link: https://lore.kernel.org/r/20210519141614.3040055-1-weiyongjun1@huawei.com
+Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ieee802154/nl-mac.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c
+index c0930b9fe848..7531cb1665d2 100644
+--- a/net/ieee802154/nl-mac.c
++++ b/net/ieee802154/nl-mac.c
+@@ -688,8 +688,10 @@ int ieee802154_llsec_getparams(struct sk_buff *skb, struct genl_info *info)
+ nla_put_u8(msg, IEEE802154_ATTR_LLSEC_SECLEVEL, params.out_level) ||
+ nla_put_u32(msg, IEEE802154_ATTR_LLSEC_FRAME_COUNTER,
+ be32_to_cpu(params.frame_counter)) ||
+- ieee802154_llsec_fill_key_id(msg, ¶ms.out_key))
++ ieee802154_llsec_fill_key_id(msg, ¶ms.out_key)) {
++ rc = -ENOBUFS;
+ goto out_free;
++ }
+
+ dev_put(dev);
+
+--
+2.30.2
+
--- /dev/null
+From c19926da7548775aa9baf8b9bcac98f8b8e977ce Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 May 2021 22:54:57 +0300
+Subject: ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
+
+From: Julian Anastasov <ja@ssi.bg>
+
+[ Upstream commit 56e4ee82e850026d71223262c07df7d6af3bd872 ]
+
+syzbot reported memory leak [1] when adding service with
+HASHED flag. We should ignore this flag both from sockopt
+and netlink provided data, otherwise the service is not
+hashed and not visible while releasing resources.
+
+[1]
+BUG: memory leak
+unreferenced object 0xffff888115227800 (size 512):
+ comm "syz-executor263", pid 8658, jiffies 4294951882 (age 12.560s)
+ hex dump (first 32 bytes):
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ backtrace:
+ [<ffffffff83977188>] kmalloc include/linux/slab.h:556 [inline]
+ [<ffffffff83977188>] kzalloc include/linux/slab.h:686 [inline]
+ [<ffffffff83977188>] ip_vs_add_service+0x598/0x7c0 net/netfilter/ipvs/ip_vs_ctl.c:1343
+ [<ffffffff8397d770>] do_ip_vs_set_ctl+0x810/0xa40 net/netfilter/ipvs/ip_vs_ctl.c:2570
+ [<ffffffff838449a8>] nf_setsockopt+0x68/0xa0 net/netfilter/nf_sockopt.c:101
+ [<ffffffff839ae4e9>] ip_setsockopt+0x259/0x1ff0 net/ipv4/ip_sockglue.c:1435
+ [<ffffffff839fa03c>] raw_setsockopt+0x18c/0x1b0 net/ipv4/raw.c:857
+ [<ffffffff83691f20>] __sys_setsockopt+0x1b0/0x360 net/socket.c:2117
+ [<ffffffff836920f2>] __do_sys_setsockopt net/socket.c:2128 [inline]
+ [<ffffffff836920f2>] __se_sys_setsockopt net/socket.c:2125 [inline]
+ [<ffffffff836920f2>] __x64_sys_setsockopt+0x22/0x30 net/socket.c:2125
+ [<ffffffff84350efa>] do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47
+ [<ffffffff84400068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Reported-and-tested-by: syzbot+e562383183e4b1766930@syzkaller.appspotmail.com
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Julian Anastasov <ja@ssi.bg>
+Reviewed-by: Simon Horman <horms@verge.net.au>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/ipvs/ip_vs_ctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
+index 3ad1de081e3c..6208fa09fe71 100644
+--- a/net/netfilter/ipvs/ip_vs_ctl.c
++++ b/net/netfilter/ipvs/ip_vs_ctl.c
+@@ -1269,7 +1269,7 @@ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u,
+ ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
+ svc->port = u->port;
+ svc->fwmark = u->fwmark;
+- svc->flags = u->flags;
++ svc->flags = u->flags & ~IP_VS_SVC_F_HASHED;
+ svc->timeout = u->timeout * HZ;
+ svc->netmask = u->netmask;
+ svc->ipvs = ipvs;
+--
+2.30.2
+
--- /dev/null
+From 3a43eba985bbfa7a05ec317d8c8d881a7a2c7dea Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 10 May 2021 11:38:53 +0200
+Subject: ixgbevf: add correct exception tracing for XDP
+
+From: Magnus Karlsson <magnus.karlsson@intel.com>
+
+[ Upstream commit faae81420d162551b6ef2d804aafc00f4cd68e0e ]
+
+Add missing exception tracing to XDP when a number of different
+errors can occur. The support was only partial. Several errors
+where not logged which would confuse the user quite a lot not
+knowing where and why the packets disappeared.
+
+Fixes: 21092e9ce8b1 ("ixgbevf: Add support for XDP_TX action")
+Reported-by: Jesper Dangaard Brouer <brouer@redhat.com>
+Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
+Tested-by: Vishakha Jambekar <vishakha.jambekar@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+index a10756f0b0d8..7f94b445595c 100644
+--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
++++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c
+@@ -1071,11 +1071,14 @@ static struct sk_buff *ixgbevf_run_xdp(struct ixgbevf_adapter *adapter,
+ case XDP_TX:
+ xdp_ring = adapter->xdp_ring[rx_ring->queue_index];
+ result = ixgbevf_xmit_xdp_ring(xdp_ring, xdp);
++ if (result == IXGBEVF_XDP_CONSUMED)
++ goto out_failure;
+ break;
+ default:
+ bpf_warn_invalid_xdp_action(act);
+ /* fallthrough */
+ case XDP_ABORTED:
++out_failure:
+ trace_xdp_exception(rx_ring->netdev, xdp_prog, act);
+ /* fallthrough -- handle aborts by dropping packet */
+ case XDP_DROP:
+--
+2.30.2
+
--- /dev/null
+From a8123341aee02e0463bdc3ab75a7c2a3483af096 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 4 May 2021 16:40:00 +0200
+Subject: netfilter: conntrack: unregister ipv4 sockopts on error unwind
+
+From: Florian Westphal <fw@strlen.de>
+
+[ Upstream commit 22cbdbcfb61acc78d5fc21ebb13ccc0d7e29f793 ]
+
+When ipv6 sockopt register fails, the ipv4 one needs to be removed.
+
+Fixes: a0ae2562c6c ("netfilter: conntrack: remove l3proto abstraction")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/nf_conntrack_proto.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
+index e903ef9b96cf..478212bec4cd 100644
+--- a/net/netfilter/nf_conntrack_proto.c
++++ b/net/netfilter/nf_conntrack_proto.c
+@@ -962,7 +962,7 @@ cleanup_sockopt2:
+ nf_unregister_sockopt(&so_getorigdst);
+ #if IS_ENABLED(CONFIG_IPV6)
+ cleanup_sockopt:
+- nf_unregister_sockopt(&so_getorigdst6);
++ nf_unregister_sockopt(&so_getorigdst);
+ #endif
+ return ret;
+ }
+--
+2.30.2
+
--- /dev/null
+From 408c250093fe43f01ad7e6a431ae175b8c62ba1e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 28 May 2021 13:45:16 +0200
+Subject: netfilter: nfnetlink_cthelper: hit EBUSY on updates if size
+ mismatches
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+[ Upstream commit 8971ee8b087750a23f3cd4dc55bff2d0303fd267 ]
+
+The private helper data size cannot be updated. However, updates that
+contain NFCTH_PRIV_DATA_LEN might bogusly hit EBUSY even if the size is
+the same.
+
+Fixes: 12f7a505331e ("netfilter: add user-space connection tracking helper infrastructure")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/nfnetlink_cthelper.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c
+index ddcb1b607474..c8b0f1122c44 100644
+--- a/net/netfilter/nfnetlink_cthelper.c
++++ b/net/netfilter/nfnetlink_cthelper.c
+@@ -381,10 +381,14 @@ static int
+ nfnl_cthelper_update(const struct nlattr * const tb[],
+ struct nf_conntrack_helper *helper)
+ {
++ u32 size;
+ int ret;
+
+- if (tb[NFCTH_PRIV_DATA_LEN])
+- return -EBUSY;
++ if (tb[NFCTH_PRIV_DATA_LEN]) {
++ size = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
++ if (size != helper->data_len)
++ return -EBUSY;
++ }
+
+ if (tb[NFCTH_POLICY]) {
+ ret = nfnl_cthelper_update_policy(helper, tb[NFCTH_POLICY]);
+--
+2.30.2
+
--- /dev/null
+From 4b526364d906a61bba578c022584beaffabe674e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 May 2021 13:36:41 +0000
+Subject: samples: vfio-mdev: fix error handing in mdpy_fb_probe()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+[ Upstream commit 752774ce7793a1f8baa55aae31f3b4caac49cbe4 ]
+
+Fix to return a negative error code from the framebuffer_alloc() error
+handling case instead of 0, also release regions in some error handing
+cases.
+
+Fixes: cacade1946a4 ("sample: vfio mdev display - guest driver")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Message-Id: <20210520133641.1421378-1-weiyongjun1@huawei.com>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ samples/vfio-mdev/mdpy-fb.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/samples/vfio-mdev/mdpy-fb.c b/samples/vfio-mdev/mdpy-fb.c
+index 2719bb259653..a760e130bd0d 100644
+--- a/samples/vfio-mdev/mdpy-fb.c
++++ b/samples/vfio-mdev/mdpy-fb.c
+@@ -117,22 +117,27 @@ static int mdpy_fb_probe(struct pci_dev *pdev,
+ if (format != DRM_FORMAT_XRGB8888) {
+ pci_err(pdev, "format mismatch (0x%x != 0x%x)\n",
+ format, DRM_FORMAT_XRGB8888);
+- return -EINVAL;
++ ret = -EINVAL;
++ goto err_release_regions;
+ }
+ if (width < 100 || width > 10000) {
+ pci_err(pdev, "width (%d) out of range\n", width);
+- return -EINVAL;
++ ret = -EINVAL;
++ goto err_release_regions;
+ }
+ if (height < 100 || height > 10000) {
+ pci_err(pdev, "height (%d) out of range\n", height);
+- return -EINVAL;
++ ret = -EINVAL;
++ goto err_release_regions;
+ }
+ pci_info(pdev, "mdpy found: %dx%d framebuffer\n",
+ width, height);
+
+ info = framebuffer_alloc(sizeof(struct mdpy_fb_par), &pdev->dev);
+- if (!info)
++ if (!info) {
++ ret = -ENOMEM;
+ goto err_release_regions;
++ }
+ pci_set_drvdata(pdev, info);
+ par = info->par;
+
+--
+2.30.2
+
net-usb-cdc_ncm-don-t-spew-notifications.patch
alsa-usb-update-old-style-static-const-declaration.patch
nl80211-validate-key-indexes-for-cfg80211_registered.patch
+netfilter-conntrack-unregister-ipv4-sockopts-on-erro.patch
+efi-allow-efi_memory_xp-and-efi_memory_ro-both-to-be.patch
+efi-cper-fix-snprintf-use-in-cper_dimm_err_location.patch
+vfio-pci-fix-error-return-code-in-vfio_ecap_init.patch
+vfio-pci-zap_vma_ptes-needs-mmu.patch
+samples-vfio-mdev-fix-error-handing-in-mdpy_fb_probe.patch
+vfio-platform-fix-module_put-call-in-error-flow.patch
+ipvs-ignore-ip_vs_svc_f_hashed-flag-when-adding-serv.patch
+hid-pidff-fix-error-return-code-in-hid_pidff_init.patch
+hid-i2c-hid-fix-format-string-mismatch.patch
+netfilter-nfnetlink_cthelper-hit-ebusy-on-updates-if.patch
+ieee802154-fix-error-return-code-in-ieee802154_add_i.patch
+ieee802154-fix-error-return-code-in-ieee802154_llsec.patch
+ixgbevf-add-correct-exception-tracing-for-xdp.patch
+i2c-qcom-geni-add-shutdown-callback-for-i2c.patch
--- /dev/null
+From e92c39946d7e311b92f311777e12715e018ebbf2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 15 May 2021 10:04:58 +0800
+Subject: vfio/pci: Fix error return code in vfio_ecap_init()
+
+From: Zhen Lei <thunder.leizhen@huawei.com>
+
+[ Upstream commit d1ce2c79156d3baf0830990ab06d296477b93c26 ]
+
+The error code returned from vfio_ext_cap_len() is stored in 'len', not
+in 'ret'.
+
+Fixes: 89e1f7d4c66d ("vfio: Add PCI device driver")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
+Reviewed-by: Max Gurtovoy <mgurtovoy@nvidia.com>
+Message-Id: <20210515020458.6771-1-thunder.leizhen@huawei.com>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/vfio/pci/vfio_pci_config.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/vfio/pci/vfio_pci_config.c b/drivers/vfio/pci/vfio_pci_config.c
+index a1a26465d224..86e917f1cc21 100644
+--- a/drivers/vfio/pci/vfio_pci_config.c
++++ b/drivers/vfio/pci/vfio_pci_config.c
+@@ -1579,7 +1579,7 @@ static int vfio_ecap_init(struct vfio_pci_device *vdev)
+ if (len == 0xFF) {
+ len = vfio_ext_cap_len(vdev, ecap, epos);
+ if (len < 0)
+- return ret;
++ return len;
+ }
+ }
+
+--
+2.30.2
+
--- /dev/null
+From b334aa4b790f6dc1e485af50c324e64fd5612464 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 15 May 2021 12:08:56 -0700
+Subject: vfio/pci: zap_vma_ptes() needs MMU
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit 2a55ca37350171d9b43d561528f23d4130097255 ]
+
+zap_vma_ptes() is only available when CONFIG_MMU is set/enabled.
+Without CONFIG_MMU, vfio_pci.o has build errors, so make
+VFIO_PCI depend on MMU.
+
+riscv64-linux-ld: drivers/vfio/pci/vfio_pci.o: in function `vfio_pci_mmap_open':
+vfio_pci.c:(.text+0x1ec): undefined reference to `zap_vma_ptes'
+riscv64-linux-ld: drivers/vfio/pci/vfio_pci.o: in function `.L0 ':
+vfio_pci.c:(.text+0x165c): undefined reference to `zap_vma_ptes'
+
+Fixes: 11c4cd07ba11 ("vfio-pci: Fault mmaps to enable vma tracking")
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Reported-by: kernel test robot <lkp@intel.com>
+Cc: Alex Williamson <alex.williamson@redhat.com>
+Cc: Cornelia Huck <cohuck@redhat.com>
+Cc: kvm@vger.kernel.org
+Cc: Jason Gunthorpe <jgg@nvidia.com>
+Cc: Eric Auger <eric.auger@redhat.com>
+Message-Id: <20210515190856.2130-1-rdunlap@infradead.org>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/vfio/pci/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/vfio/pci/Kconfig b/drivers/vfio/pci/Kconfig
+index 42dc1d3d71cf..fcbfd0aacebc 100644
+--- a/drivers/vfio/pci/Kconfig
++++ b/drivers/vfio/pci/Kconfig
+@@ -1,6 +1,7 @@
+ config VFIO_PCI
+ tristate "VFIO support for PCI devices"
+ depends on VFIO && PCI && EVENTFD
++ depends on MMU
+ select VFIO_VIRQFD
+ select IRQ_BYPASS_MANAGER
+ help
+--
+2.30.2
+
--- /dev/null
+From 38537acd65a0dd838cb27c3a097de56c4800b183 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 18 May 2021 22:21:31 +0300
+Subject: vfio/platform: fix module_put call in error flow
+
+From: Max Gurtovoy <mgurtovoy@nvidia.com>
+
+[ Upstream commit dc51ff91cf2d1e9a2d941da483602f71d4a51472 ]
+
+The ->parent_module is the one that use in try_module_get. It should
+also be the one the we use in module_put during vfio_platform_open().
+
+Fixes: 32a2d71c4e80 ("vfio: platform: introduce vfio-platform-base module")
+Signed-off-by: Max Gurtovoy <mgurtovoy@nvidia.com>
+Message-Id: <20210518192133.59195-1-mgurtovoy@nvidia.com>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/vfio/platform/vfio_platform_common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/vfio/platform/vfio_platform_common.c b/drivers/vfio/platform/vfio_platform_common.c
+index 460760d0becf..c29fc6844f84 100644
+--- a/drivers/vfio/platform/vfio_platform_common.c
++++ b/drivers/vfio/platform/vfio_platform_common.c
+@@ -295,7 +295,7 @@ err_irq:
+ vfio_platform_regions_cleanup(vdev);
+ err_reg:
+ mutex_unlock(&driver_lock);
+- module_put(THIS_MODULE);
++ module_put(vdev->parent_module);
+ return ret;
+ }
+
+--
+2.30.2
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
