--- /dev/null
+From 6862f8f3591f506e4a84efe5e3a9c6164578e2da Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Dec 2024 15:33:02 -0800
+Subject: cxl/region: Fix region creation for greater than x2 switches
+
+From: Huaisheng Ye <huaisheng.ye@intel.com>
+
+[ Upstream commit 76467a94810c2aa4dd3096903291ac6df30c399e ]
+
+The cxl_port_setup_targets() algorithm fails to identify valid target list
+ordering in the presence of 4-way and above switches resulting in
+'cxl create-region' failures of the form:
+
+ $ cxl create-region -d decoder0.0 -g 1024 -s 2G -t ram -w 8 -m mem4 mem1 mem6 mem3 mem2 mem5 mem7 mem0
+ cxl region: create_region: region0: failed to set target7 to mem0
+ cxl region: cmd_create_region: created 0 regions
+
+ [kernel debug message]
+ check_last_peer:1213: cxl region0: pci0000:0c:port1: cannot host mem6:decoder7.0 at 2
+ bus_remove_device:574: bus: 'cxl': remove device region0
+
+QEMU can create this failing topology:
+
+ ACPI0017:00 [root0]
+ |
+ HB_0 [port1]
+ / \
+ RP_0 RP_1
+ | |
+ USP [port2] USP [port3]
+ / / \ \ / / \ \
+ DSP DSP DSP DSP DSP DSP DSP DSP
+ | | | | | | | |
+ mem4 mem6 mem2 mem7 mem1 mem3 mem5 mem0
+ Pos: 0 2 4 6 1 3 5 7
+
+ HB: Host Bridge
+ RP: Root Port
+ USP: Upstream Port
+ DSP: Downstream Port
+
+...with the following command steps:
+
+$ qemu-system-x86_64 -machine q35,cxl=on,accel=tcg \
+ -smp cpus=8 \
+ -m 8G \
+ -hda /home/work/vm-images/centos-stream8-02.qcow2 \
+ -object memory-backend-ram,size=4G,id=m0 \
+ -object memory-backend-ram,size=4G,id=m1 \
+ -object memory-backend-ram,size=2G,id=cxl-mem0 \
+ -object memory-backend-ram,size=2G,id=cxl-mem1 \
+ -object memory-backend-ram,size=2G,id=cxl-mem2 \
+ -object memory-backend-ram,size=2G,id=cxl-mem3 \
+ -object memory-backend-ram,size=2G,id=cxl-mem4 \
+ -object memory-backend-ram,size=2G,id=cxl-mem5 \
+ -object memory-backend-ram,size=2G,id=cxl-mem6 \
+ -object memory-backend-ram,size=2G,id=cxl-mem7 \
+ -numa node,memdev=m0,cpus=0-3,nodeid=0 \
+ -numa node,memdev=m1,cpus=4-7,nodeid=1 \
+ -netdev user,id=net0,hostfwd=tcp::2222-:22 \
+ -device virtio-net-pci,netdev=net0 \
+ -device pxb-cxl,bus_nr=12,bus=pcie.0,id=cxl.1 \
+ -device cxl-rp,port=0,bus=cxl.1,id=root_port0,chassis=0,slot=0 \
+ -device cxl-rp,port=1,bus=cxl.1,id=root_port1,chassis=0,slot=1 \
+ -device cxl-upstream,bus=root_port0,id=us0 \
+ -device cxl-downstream,port=0,bus=us0,id=swport0,chassis=0,slot=4 \
+ -device cxl-type3,bus=swport0,volatile-memdev=cxl-mem0,id=cxl-vmem0 \
+ -device cxl-downstream,port=1,bus=us0,id=swport1,chassis=0,slot=5 \
+ -device cxl-type3,bus=swport1,volatile-memdev=cxl-mem1,id=cxl-vmem1 \
+ -device cxl-downstream,port=2,bus=us0,id=swport2,chassis=0,slot=6 \
+ -device cxl-type3,bus=swport2,volatile-memdev=cxl-mem2,id=cxl-vmem2 \
+ -device cxl-downstream,port=3,bus=us0,id=swport3,chassis=0,slot=7 \
+ -device cxl-type3,bus=swport3,volatile-memdev=cxl-mem3,id=cxl-vmem3 \
+ -device cxl-upstream,bus=root_port1,id=us1 \
+ -device cxl-downstream,port=4,bus=us1,id=swport4,chassis=0,slot=8 \
+ -device cxl-type3,bus=swport4,volatile-memdev=cxl-mem4,id=cxl-vmem4 \
+ -device cxl-downstream,port=5,bus=us1,id=swport5,chassis=0,slot=9 \
+ -device cxl-type3,bus=swport5,volatile-memdev=cxl-mem5,id=cxl-vmem5 \
+ -device cxl-downstream,port=6,bus=us1,id=swport6,chassis=0,slot=10 \
+ -device cxl-type3,bus=swport6,volatile-memdev=cxl-mem6,id=cxl-vmem6 \
+ -device cxl-downstream,port=7,bus=us1,id=swport7,chassis=0,slot=11 \
+ -device cxl-type3,bus=swport7,volatile-memdev=cxl-mem7,id=cxl-vmem7 \
+ -M cxl-fmw.0.targets.0=cxl.1,cxl-fmw.0.size=32G &
+
+In Guest OS:
+$ cxl create-region -d decoder0.0 -g 1024 -s 2G -t ram -w 8 -m mem4 mem1 mem6 mem3 mem2 mem5 mem7 mem0
+
+Fix the method to calculate @distance by iterativeley multiplying the
+number of targets per switch port. This also follows the algorithm
+recommended here [1].
+
+Fixes: 27b3f8d13830 ("cxl/region: Program target lists")
+Link: http://lore.kernel.org/6538824b52349_7258329466@dwillia2-xfh.jf.intel.com.notmuch [1]
+Signed-off-by: Huaisheng Ye <huaisheng.ye@intel.com>
+Tested-by: Li Zhijian <lizhijian@fujitsu.com>
+[djbw: add a comment explaining 'distance']
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Link: https://patch.msgid.link/173378716722.1270362.9546805175813426729.stgit@dwillia2-xfh.jf.intel.com
+Signed-off-by: Dave Jiang <dave.jiang@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/cxl/core/region.c | 25 ++++++++++++++++++-------
+ 1 file changed, 18 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c
+index 5b7d848a6f01..0e03c4908050 100644
+--- a/drivers/cxl/core/region.c
++++ b/drivers/cxl/core/region.c
+@@ -974,6 +974,7 @@ static int cxl_port_setup_targets(struct cxl_port *port,
+ struct cxl_region_params *p = &cxlr->params;
+ struct cxl_decoder *cxld = cxl_rr->decoder;
+ struct cxl_switch_decoder *cxlsd;
++ struct cxl_port *iter = port;
+ u16 eig, peig;
+ u8 eiw, peiw;
+
+@@ -990,16 +991,26 @@ static int cxl_port_setup_targets(struct cxl_port *port,
+
+ cxlsd = to_cxl_switch_decoder(&cxld->dev);
+ if (cxl_rr->nr_targets_set) {
+- int i, distance;
++ int i, distance = 1;
++ struct cxl_region_ref *cxl_rr_iter;
+
+ /*
+- * Passthrough decoders impose no distance requirements between
+- * peers
++ * The "distance" between peer downstream ports represents which
++ * endpoint positions in the region interleave a given port can
++ * host.
++ *
++ * For example, at the root of a hierarchy the distance is
++ * always 1 as every index targets a different host-bridge. At
++ * each subsequent switch level those ports map every Nth region
++ * position where N is the width of the switch == distance.
+ */
+- if (cxl_rr->nr_targets == 1)
+- distance = 0;
+- else
+- distance = p->nr_targets / cxl_rr->nr_targets;
++ do {
++ cxl_rr_iter = cxl_rr_load(iter, cxlr);
++ distance *= cxl_rr_iter->nr_targets;
++ iter = to_cxl_port(iter->dev.parent);
++ } while (!is_cxl_root(iter));
++ distance *= cxlrd->cxlsd.cxld.interleave_ways;
++
+ for (i = 0; i < cxl_rr->nr_targets_set; i++)
+ if (ep->dport == cxlsd->target[i]) {
+ rc = check_last_peer(cxled, ep, cxl_rr,
+--
+2.39.5
+
--- /dev/null
+From 528c8183a5bde5c8615b60307207fc858a167b88 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 12 Dec 2024 13:31:55 -0800
+Subject: ionic: Fix netdev notifier unregister on failure
+
+From: Brett Creeley <brett.creeley@amd.com>
+
+[ Upstream commit 9590d32e090ea2751e131ae5273859ca22f5ac14 ]
+
+If register_netdev() fails, then the driver leaks the netdev notifier.
+Fix this by calling ionic_lif_unregister() on register_netdev()
+failure. This will also call ionic_lif_unregister_phc() if it has
+already been registered.
+
+Fixes: 30b87ab4c0b3 ("ionic: remove lif list concept")
+Signed-off-by: Brett Creeley <brett.creeley@amd.com>
+Signed-off-by: Shannon Nelson <shannon.nelson@amd.com>
+Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
+Link: https://patch.msgid.link/20241212213157.12212-2-shannon.nelson@amd.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/pensando/ionic/ionic_lif.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/pensando/ionic/ionic_lif.c b/drivers/net/ethernet/pensando/ionic/ionic_lif.c
+index 14865fc245da..b746944bcd2a 100644
+--- a/drivers/net/ethernet/pensando/ionic/ionic_lif.c
++++ b/drivers/net/ethernet/pensando/ionic/ionic_lif.c
+@@ -3484,8 +3484,8 @@ int ionic_lif_register(struct ionic_lif *lif)
+ /* only register LIF0 for now */
+ err = register_netdev(lif->netdev);
+ if (err) {
+- dev_err(lif->ionic->dev, "Cannot register net device, aborting\n");
+- ionic_lif_unregister_phc(lif);
++ dev_err(lif->ionic->dev, "Cannot register net device: %d, aborting\n", err);
++ ionic_lif_unregister(lif);
+ return err;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From e37a88561309d7d35a024ae330f604acabe6bd4d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 12 Dec 2024 13:31:57 -0800
+Subject: ionic: use ee->offset when returning sprom data
+
+From: Shannon Nelson <shannon.nelson@amd.com>
+
+[ Upstream commit b096d62ba1323391b2db98b7704e2468cf3b1588 ]
+
+Some calls into ionic_get_module_eeprom() don't use a single
+full buffer size, but instead multiple calls with an offset.
+Teach our driver to use the offset correctly so we can
+respond appropriately to the caller.
+
+Fixes: 4d03e00a2140 ("ionic: Add initial ethtool support")
+Signed-off-by: Shannon Nelson <shannon.nelson@amd.com>
+Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
+Link: https://patch.msgid.link/20241212213157.12212-4-shannon.nelson@amd.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/pensando/ionic/ionic_ethtool.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/pensando/ionic/ionic_ethtool.c b/drivers/net/ethernet/pensando/ionic/ionic_ethtool.c
+index d7370fb60a16..928ef2933990 100644
+--- a/drivers/net/ethernet/pensando/ionic/ionic_ethtool.c
++++ b/drivers/net/ethernet/pensando/ionic/ionic_ethtool.c
+@@ -828,8 +828,8 @@ static int ionic_get_module_eeprom(struct net_device *netdev,
+ len = min_t(u32, sizeof(xcvr->sprom), ee->len);
+
+ do {
+- memcpy(data, xcvr->sprom, len);
+- memcpy(tbuf, xcvr->sprom, len);
++ memcpy(data, &xcvr->sprom[ee->offset], len);
++ memcpy(tbuf, &xcvr->sprom[ee->offset], len);
+
+ /* Let's make sure we got a consistent copy */
+ if (!memcmp(data, tbuf, len))
+--
+2.39.5
+
--- /dev/null
+From 285d6f388863660ab0e2d2b3576a4621510cd312 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 14 Dec 2024 10:49:12 +0900
+Subject: net: ethernet: bgmac-platform: fix an OF node reference leak
+
+From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
+
+[ Upstream commit 0cb2c504d79e7caa3abade3f466750c82ad26f01 ]
+
+The OF node obtained by of_parse_phandle() is not freed. Call
+of_node_put() to balance the refcount.
+
+This bug was found by an experimental static analysis tool that I am
+developing.
+
+Fixes: 1676aba5ef7e ("net: ethernet: bgmac: device tree phy enablement")
+Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://patch.msgid.link/20241214014912.2810315-1-joe@pf.is.s.u-tokyo.ac.jp
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/broadcom/bgmac-platform.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/broadcom/bgmac-platform.c b/drivers/net/ethernet/broadcom/bgmac-platform.c
+index b4381cd41979..3f4e8bac40c1 100644
+--- a/drivers/net/ethernet/broadcom/bgmac-platform.c
++++ b/drivers/net/ethernet/broadcom/bgmac-platform.c
+@@ -171,6 +171,7 @@ static int platform_phy_connect(struct bgmac *bgmac)
+ static int bgmac_probe(struct platform_device *pdev)
+ {
+ struct device_node *np = pdev->dev.of_node;
++ struct device_node *phy_node;
+ struct bgmac *bgmac;
+ struct resource *regs;
+ int ret;
+@@ -236,7 +237,9 @@ static int bgmac_probe(struct platform_device *pdev)
+ bgmac->cco_ctl_maskset = platform_bgmac_cco_ctl_maskset;
+ bgmac->get_bus_clock = platform_bgmac_get_bus_clock;
+ bgmac->cmn_maskset32 = platform_bgmac_cmn_maskset32;
+- if (of_parse_phandle(np, "phy-handle", 0)) {
++ phy_node = of_parse_phandle(np, "phy-handle", 0);
++ if (phy_node) {
++ of_node_put(phy_node);
+ bgmac->phy_connect = platform_phy_connect;
+ } else {
+ bgmac->phy_connect = bgmac_phy_connect_direct;
+--
+2.39.5
+
--- /dev/null
+From 4e66dd58e806ed11d6b5bc8823b9ff2c8df54977 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Dec 2024 17:28:11 +0300
+Subject: net: hinic: Fix cleanup in create_rxqs/txqs()
+
+From: Dan Carpenter <dan.carpenter@linaro.org>
+
+[ Upstream commit 7203d10e93b6e6e1d19481ef7907de6a9133a467 ]
+
+There is a check for NULL at the start of create_txqs() and
+create_rxqs() which tess if "nic_dev->txqs" is non-NULL. The
+intention is that if the device is already open and the queues
+are already created then we don't create them a second time.
+
+However, the bug is that if we have an error in the create_txqs()
+then the pointer doesn't get set back to NULL. The NULL check
+at the start of the function will say that it's already open when
+it's not and the device can't be used.
+
+Set ->txqs back to NULL on cleanup on error.
+
+Fixes: c3e79baf1b03 ("net-next/hinic: Add logical Txq and Rxq")
+Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://patch.msgid.link/0cc98faf-a0ed-4565-a55b-0fa2734bc205@stanley.mountain
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/huawei/hinic/hinic_main.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/ethernet/huawei/hinic/hinic_main.c b/drivers/net/ethernet/huawei/hinic/hinic_main.c
+index 2d6906aba2a2..af6100e5d9b9 100644
+--- a/drivers/net/ethernet/huawei/hinic/hinic_main.c
++++ b/drivers/net/ethernet/huawei/hinic/hinic_main.c
+@@ -172,6 +172,7 @@ static int create_txqs(struct hinic_dev *nic_dev)
+ hinic_sq_dbgfs_uninit(nic_dev);
+
+ devm_kfree(&netdev->dev, nic_dev->txqs);
++ nic_dev->txqs = NULL;
+ return err;
+ }
+
+@@ -268,6 +269,7 @@ static int create_rxqs(struct hinic_dev *nic_dev)
+ hinic_rq_dbgfs_uninit(nic_dev);
+
+ devm_kfree(&netdev->dev, nic_dev->rxqs);
++ nic_dev->rxqs = NULL;
+ return err;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From f367fc5f73cc4db12534fe51f7243751850be4e9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 18 Dec 2024 12:51:06 +0900
+Subject: net: mdiobus: fix an OF node reference leak
+
+From: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
+
+[ Upstream commit 572af9f284669d31d9175122bbef9bc62cea8ded ]
+
+fwnode_find_mii_timestamper() calls of_parse_phandle_with_fixed_args()
+but does not decrement the refcount of the obtained OF node. Add an
+of_node_put() call before returning from the function.
+
+This bug was detected by an experimental static analysis tool that I am
+developing.
+
+Fixes: bc1bee3b87ee ("net: mdiobus: Introduce fwnode_mdiobus_register_phy()")
+Signed-off-by: Joe Hattori <joe@pf.is.s.u-tokyo.ac.jp>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Link: https://patch.msgid.link/20241218035106.1436405-1-joe@pf.is.s.u-tokyo.ac.jp
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/mdio/fwnode_mdio.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/mdio/fwnode_mdio.c b/drivers/net/mdio/fwnode_mdio.c
+index b782c35c4ac1..8ada397bc357 100644
+--- a/drivers/net/mdio/fwnode_mdio.c
++++ b/drivers/net/mdio/fwnode_mdio.c
+@@ -38,6 +38,7 @@ fwnode_find_pse_control(struct fwnode_handle *fwnode)
+ static struct mii_timestamper *
+ fwnode_find_mii_timestamper(struct fwnode_handle *fwnode)
+ {
++ struct mii_timestamper *mii_ts;
+ struct of_phandle_args arg;
+ int err;
+
+@@ -51,10 +52,16 @@ fwnode_find_mii_timestamper(struct fwnode_handle *fwnode)
+ else if (err)
+ return ERR_PTR(err);
+
+- if (arg.args_count != 1)
+- return ERR_PTR(-EINVAL);
++ if (arg.args_count != 1) {
++ mii_ts = ERR_PTR(-EINVAL);
++ goto put_node;
++ }
++
++ mii_ts = register_mii_timestamper(arg.np, arg.args[0]);
+
+- return register_mii_timestamper(arg.np, arg.args[0]);
++put_node:
++ of_node_put(arg.np);
++ return mii_ts;
+ }
+
+ int fwnode_mdiobus_phy_device_register(struct mii_bus *mdio,
+--
+2.39.5
+
--- /dev/null
+From 97b908529311ae75a75c9da3692187b5650bbcd7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 12 Dec 2024 18:55:45 +0200
+Subject: net: mscc: ocelot: fix incorrect IFH SRC_PORT field in
+ ocelot_ifh_set_basic()
+
+From: Vladimir Oltean <vladimir.oltean@nxp.com>
+
+[ Upstream commit 2d5df3a680ffdaf606baa10636bdb1daf757832e ]
+
+Packets injected by the CPU should have a SRC_PORT field equal to the
+CPU port module index in the Analyzer block (ocelot->num_phys_ports).
+
+The blamed commit copied the ocelot_ifh_set_basic() call incorrectly
+from ocelot_xmit_common() in net/dsa/tag_ocelot.c. Instead of calling
+with "x", it calls with BIT_ULL(x), but the field is not a port mask,
+but rather a single port index.
+
+[ side note: this is the technical debt of code duplication :( ]
+
+The error used to be silent and doesn't appear to have other
+user-visible manifestations, but with new changes in the packing
+library, it now fails loudly as follows:
+
+------------[ cut here ]------------
+Cannot store 0x40 inside bits 46-43 - will truncate
+sja1105 spi2.0: xmit timed out
+WARNING: CPU: 1 PID: 102 at lib/packing.c:98 __pack+0x90/0x198
+sja1105 spi2.0: timed out polling for tstamp
+CPU: 1 UID: 0 PID: 102 Comm: felix_xmit
+Tainted: G W N 6.13.0-rc1-00372-gf706b85d972d-dirty #2605
+Call trace:
+ __pack+0x90/0x198 (P)
+ __pack+0x90/0x198 (L)
+ packing+0x78/0x98
+ ocelot_ifh_set_basic+0x260/0x368
+ ocelot_port_inject_frame+0xa8/0x250
+ felix_port_deferred_xmit+0x14c/0x258
+ kthread_worker_fn+0x134/0x350
+ kthread+0x114/0x138
+
+The code path pertains to the ocelot switchdev driver and to the felix
+secondary DSA tag protocol, ocelot-8021q. Here seen with ocelot-8021q.
+
+The messenger (packing) is not really to blame, so fix the original
+commit instead.
+
+Fixes: e1b9e80236c5 ("net: mscc: ocelot: fix QoS class for injected packets with "ocelot-8021q"")
+Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://patch.msgid.link/20241212165546.879567-1-vladimir.oltean@nxp.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/mscc/ocelot.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/mscc/ocelot.c b/drivers/net/ethernet/mscc/ocelot.c
+index 310a36356f56..71dbdac38020 100644
+--- a/drivers/net/ethernet/mscc/ocelot.c
++++ b/drivers/net/ethernet/mscc/ocelot.c
+@@ -1161,7 +1161,7 @@ void ocelot_ifh_set_basic(void *ifh, struct ocelot *ocelot, int port,
+
+ memset(ifh, 0, OCELOT_TAG_LEN);
+ ocelot_ifh_set_bypass(ifh, 1);
+- ocelot_ifh_set_src(ifh, BIT_ULL(ocelot->num_phys_ports));
++ ocelot_ifh_set_src(ifh, ocelot->num_phys_ports);
+ ocelot_ifh_set_dest(ifh, BIT_ULL(port));
+ ocelot_ifh_set_qos_class(ifh, qos_class);
+ ocelot_ifh_set_tag_type(ifh, tag_type);
+--
+2.39.5
+
--- /dev/null
+From b36da7c27d9bc1c218c21f82e49175f8cde143e7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Dec 2024 17:21:18 +0800
+Subject: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving
+ proposal msg
+
+From: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+
+[ Upstream commit a29e220d3c8edbf0e1beb0f028878a4a85966556 ]
+
+When receiving proposal msg in server, the field iparea_offset
+and the field ipv6_prefixes_cnt in proposal msg are from the
+remote client and can not be fully trusted. Especially the
+field iparea_offset, once exceed the max value, there has the
+chance to access wrong address, and crash may happen.
+
+This patch checks iparea_offset and ipv6_prefixes_cnt before using them.
+
+Fixes: e7b7a64a8493 ("smc: support variable CLC proposal messages")
+Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
+Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/smc/af_smc.c | 6 +++++-
+ net/smc/smc_clc.c | 4 ++++
+ net/smc/smc_clc.h | 6 +++++-
+ 3 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
+index aeeb6e62361f..889709c35b1f 100644
+--- a/net/smc/af_smc.c
++++ b/net/smc/af_smc.c
+@@ -1988,6 +1988,8 @@ static int smc_listen_prfx_check(struct smc_sock *new_smc,
+ if (pclc->hdr.typev1 == SMC_TYPE_N)
+ return 0;
+ pclc_prfx = smc_clc_proposal_get_prefix(pclc);
++ if (!pclc_prfx)
++ return -EPROTO;
+ if (smc_clc_prfx_match(newclcsock, pclc_prfx))
+ return SMC_CLC_DECL_DIFFPREFIX;
+
+@@ -2153,7 +2155,9 @@ static void smc_find_ism_v1_device_serv(struct smc_sock *new_smc,
+ int rc = 0;
+
+ /* check if ISM V1 is available */
+- if (!(ini->smcd_version & SMC_V1) || !smcd_indicated(ini->smc_type_v1))
++ if (!(ini->smcd_version & SMC_V1) ||
++ !smcd_indicated(ini->smc_type_v1) ||
++ !pclc_smcd)
+ goto not_found;
+ ini->is_smcd = true; /* prepare ISM check */
+ ini->ism_peer_gid[0] = ntohll(pclc_smcd->ism.gid);
+diff --git a/net/smc/smc_clc.c b/net/smc/smc_clc.c
+index 867df4522815..f734fdd90c81 100644
+--- a/net/smc/smc_clc.c
++++ b/net/smc/smc_clc.c
+@@ -354,6 +354,10 @@ static bool smc_clc_msg_prop_valid(struct smc_clc_msg_proposal *pclc)
+
+ v2_ext = smc_get_clc_v2_ext(pclc);
+ pclc_prfx = smc_clc_proposal_get_prefix(pclc);
++ if (!pclc_prfx ||
++ pclc_prfx->ipv6_prefixes_cnt > SMC_CLC_MAX_V6_PREFIX)
++ return false;
++
+ if (hdr->version == SMC_V1) {
+ if (hdr->typev1 == SMC_TYPE_N)
+ return false;
+diff --git a/net/smc/smc_clc.h b/net/smc/smc_clc.h
+index 5fee545c9a10..08279081d438 100644
+--- a/net/smc/smc_clc.h
++++ b/net/smc/smc_clc.h
+@@ -303,8 +303,12 @@ struct smc_clc_msg_decline_v2 { /* clc decline message */
+ static inline struct smc_clc_msg_proposal_prefix *
+ smc_clc_proposal_get_prefix(struct smc_clc_msg_proposal *pclc)
+ {
++ u16 offset = ntohs(pclc->iparea_offset);
++
++ if (offset > sizeof(struct smc_clc_msg_smcd))
++ return NULL;
+ return (struct smc_clc_msg_proposal_prefix *)
+- ((u8 *)pclc + sizeof(*pclc) + ntohs(pclc->iparea_offset));
++ ((u8 *)pclc + sizeof(*pclc) + offset);
+ }
+
+ static inline bool smcr_indicated(int smc_type)
+--
+2.39.5
+
--- /dev/null
+From 731a3b785cac3e8f374802a18f3edc54733e8455 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Dec 2024 17:21:21 +0800
+Subject: net/smc: check return value of sock_recvmsg when draining clc data
+
+From: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+
+[ Upstream commit c5b8ee5022a19464783058dc6042e8eefa34e8cd ]
+
+When receiving clc msg, the field length in smc_clc_msg_hdr indicates the
+length of msg should be received from network and the value should not be
+fully trusted as it is from the network. Once the value of length exceeds
+the value of buflen in function smc_clc_wait_msg it may run into deadloop
+when trying to drain the remaining data exceeding buflen.
+
+This patch checks the return value of sock_recvmsg when draining data in
+case of deadloop in draining.
+
+Fixes: fb4f79264c0f ("net/smc: tolerate future SMCD versions")
+Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
+Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/smc/smc_clc.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/net/smc/smc_clc.c b/net/smc/smc_clc.c
+index f734fdd90c81..a48fdc83fe6b 100644
+--- a/net/smc/smc_clc.c
++++ b/net/smc/smc_clc.c
+@@ -753,6 +753,11 @@ int smc_clc_wait_msg(struct smc_sock *smc, void *buf, int buflen,
+ SMC_CLC_RECV_BUF_LEN : datlen;
+ iov_iter_kvec(&msg.msg_iter, ITER_DEST, &vec, 1, recvlen);
+ len = sock_recvmsg(smc->clcsock, &msg, krflags);
++ if (len < recvlen) {
++ smc->sk.sk_err = EPROTO;
++ reason_code = -EPROTO;
++ goto out;
++ }
+ datlen -= len;
+ }
+ if (clcm->type == SMC_CLC_DECLINE) {
+--
+2.39.5
+
--- /dev/null
+From 396f06a935d29e0e9c606ac6fb065b6070e47604 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Dec 2024 17:21:20 +0800
+Subject: net/smc: check smcd_v2_ext_offset when receiving proposal msg
+
+From: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+
+[ Upstream commit 9ab332deb671d8f7e66d82a2ff2b3f715bc3a4ad ]
+
+When receiving proposal msg in server, the field smcd_v2_ext_offset in
+proposal msg is from the remote client and can not be fully trusted.
+Once the value of smcd_v2_ext_offset exceed the max value, there has
+the chance to access wrong address, and crash may happen.
+
+This patch checks the value of smcd_v2_ext_offset before using it.
+
+Fixes: 5c21c4ccafe8 ("net/smc: determine accepted ISM devices")
+Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+Reviewed-by: Wen Gu <guwen@linux.alibaba.com>
+Reviewed-by: D. Wythe <alibuda@linux.alibaba.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/smc/af_smc.c | 2 ++
+ net/smc/smc_clc.h | 8 +++++++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
+index 889709c35b1f..e2bdd6aa3d89 100644
+--- a/net/smc/af_smc.c
++++ b/net/smc/af_smc.c
+@@ -2096,6 +2096,8 @@ static void smc_find_ism_v2_device_serv(struct smc_sock *new_smc,
+ pclc_smcd = smc_get_clc_msg_smcd(pclc);
+ smc_v2_ext = smc_get_clc_v2_ext(pclc);
+ smcd_v2_ext = smc_get_clc_smcd_v2_ext(smc_v2_ext);
++ if (!pclc_smcd || !smc_v2_ext || !smcd_v2_ext)
++ goto not_found;
+
+ mutex_lock(&smcd_dev_list.mutex);
+ if (pclc_smcd->ism.chid)
+diff --git a/net/smc/smc_clc.h b/net/smc/smc_clc.h
+index 08279081d438..0f6102cd5de1 100644
+--- a/net/smc/smc_clc.h
++++ b/net/smc/smc_clc.h
+@@ -361,9 +361,15 @@ smc_get_clc_v2_ext(struct smc_clc_msg_proposal *prop)
+ static inline struct smc_clc_smcd_v2_extension *
+ smc_get_clc_smcd_v2_ext(struct smc_clc_v2_extension *prop_v2ext)
+ {
++ u16 max_offset = offsetof(struct smc_clc_msg_proposal_area, pclc_smcd_v2_ext) -
++ offsetof(struct smc_clc_msg_proposal_area, pclc_v2_ext) -
++ offsetof(struct smc_clc_v2_extension, hdr) -
++ offsetofend(struct smc_clnt_opts_area_hdr, smcd_v2_ext_offset);
++
+ if (!prop_v2ext)
+ return NULL;
+- if (!ntohs(prop_v2ext->hdr.smcd_v2_ext_offset))
++ if (!ntohs(prop_v2ext->hdr.smcd_v2_ext_offset) ||
++ ntohs(prop_v2ext->hdr.smcd_v2_ext_offset) > max_offset)
+ return NULL;
+
+ return (struct smc_clc_smcd_v2_extension *)
+--
+2.39.5
+
--- /dev/null
+From 83c42ae072db85eb313f24e8035afa407ba4f4d5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Dec 2024 17:21:17 +0800
+Subject: net/smc: check sndbuf_space again after NOSPACE flag is set in
+ smc_poll
+
+From: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+
+[ Upstream commit 679e9ddcf90dbdf98aaaa71a492454654b627bcb ]
+
+When application sending data more than sndbuf_space, there have chances
+application will sleep in epoll_wait, and will never be wakeup again. This
+is caused by a race between smc_poll and smc_cdc_tx_handler.
+
+application tasklet
+smc_tx_sendmsg(len > sndbuf_space) |
+epoll_wait for EPOLL_OUT,timeout=0 |
+ smc_poll |
+ if (!smc->conn.sndbuf_space) |
+ | smc_cdc_tx_handler
+ | atomic_add sndbuf_space
+ | smc_tx_sndbuf_nonfull
+ | if (!test_bit SOCK_NOSPACE)
+ | do not sk_write_space;
+ set_bit SOCK_NOSPACE; |
+ return mask=0; |
+
+Application will sleep in epoll_wait as smc_poll returns 0. And
+smc_cdc_tx_handler will not call sk_write_space because the SOCK_NOSPACE
+has not be set. If there is no inflight cdc msg, sk_write_space will not be
+called any more, and application will sleep in epoll_wait forever.
+So check sndbuf_space again after NOSPACE flag is set to break the race.
+
+Fixes: 8dce2786a290 ("net/smc: smc_poll improvements")
+Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+Suggested-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/smc/af_smc.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
+index 868e722aef06..aeeb6e62361f 100644
+--- a/net/smc/af_smc.c
++++ b/net/smc/af_smc.c
+@@ -2789,6 +2789,13 @@ static __poll_t smc_poll(struct file *file, struct socket *sock,
+ } else {
+ sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
+ set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
++
++ if (sk->sk_state != SMC_INIT) {
++ /* Race breaker the same way as tcp_poll(). */
++ smp_mb__after_atomic();
++ if (atomic_read(&smc->conn.sndbuf_space))
++ mask |= EPOLLOUT | EPOLLWRNORM;
++ }
+ }
+ if (atomic_read(&smc->conn.bytes_to_rcv))
+ mask |= EPOLLIN | EPOLLRDNORM;
+--
+2.39.5
+
--- /dev/null
+From ab589db0cbf22524c1d031ddf6a3da97766de049 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Dec 2024 17:21:16 +0800
+Subject: net/smc: protect link down work from execute after lgr freed
+
+From: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+
+[ Upstream commit 2b33eb8f1b3e8c2f87cfdbc8cc117f6bdfabc6ec ]
+
+link down work may be scheduled before lgr freed but execute
+after lgr freed, which may result in crash. So it is need to
+hold a reference before shedule link down work, and put the
+reference after work executed or canceled.
+
+The relevant crash call stack as follows:
+ list_del corruption. prev->next should be ffffb638c9c0fe20,
+ but was 0000000000000000
+ ------------[ cut here ]------------
+ kernel BUG at lib/list_debug.c:51!
+ invalid opcode: 0000 [#1] SMP NOPTI
+ CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1
+ Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014
+ Workqueue: events smc_link_down_work [smc]
+ RIP: 0010:__list_del_entry_valid.cold+0x31/0x47
+ RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086
+ RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000
+ RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80
+ RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38
+ R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002
+ R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0
+ FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ PKRU: 55555554
+ Call Trace:
+ rwsem_down_write_slowpath+0x17e/0x470
+ smc_link_down_work+0x3c/0x60 [smc]
+ process_one_work+0x1ac/0x350
+ worker_thread+0x49/0x2f0
+ ? rescuer_thread+0x360/0x360
+ kthread+0x118/0x140
+ ? __kthread_bind_mask+0x60/0x60
+ ret_from_fork+0x1f/0x30
+
+Fixes: 541afa10c126 ("net/smc: add smcr_port_err() and smcr_link_down() processing")
+Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
+Reviewed-by: Tony Lu <tonylu@linux.alibaba.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/smc/smc_core.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/net/smc/smc_core.c b/net/smc/smc_core.c
+index 10d79cb55528..890785d4f6b6 100644
+--- a/net/smc/smc_core.c
++++ b/net/smc/smc_core.c
+@@ -1726,7 +1726,9 @@ void smcr_link_down_cond_sched(struct smc_link *lnk)
+ {
+ if (smc_link_downing(&lnk->state)) {
+ trace_smcr_link_down(lnk, __builtin_return_address(0));
+- schedule_work(&lnk->link_down_wrk);
++ smcr_link_hold(lnk); /* smcr_link_put in link_down_wrk */
++ if (!schedule_work(&lnk->link_down_wrk))
++ smcr_link_put(lnk);
+ }
+ }
+
+@@ -1758,11 +1760,14 @@ static void smc_link_down_work(struct work_struct *work)
+ struct smc_link_group *lgr = link->lgr;
+
+ if (list_empty(&lgr->list))
+- return;
++ goto out;
+ wake_up_all(&lgr->llc_msg_waiter);
+ mutex_lock(&lgr->llc_conf_mutex);
+ smcr_link_down(link);
+ mutex_unlock(&lgr->llc_conf_mutex);
++
++out:
++ smcr_link_put(link); /* smcr_link_hold by schedulers of link_down_work */
+ }
+
+ static int smc_vlan_by_tcpsk_walk(struct net_device *lower_dev,
+--
+2.39.5
+
--- /dev/null
+From aba7793869dab625c385d0d3a5cba7f09263356a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Dec 2024 17:25:18 +0000
+Subject: netdevsim: prevent bad user input in nsim_dev_health_break_write()
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit ee76746387f6233bdfa93d7406990f923641568f ]
+
+If either a zero count or a large one is provided, kernel can crash.
+
+Fixes: 82c93a87bf8b ("netdevsim: implement couple of testing devlink health reporters")
+Reported-by: syzbot+ea40e4294e58b0292f74@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/netdev/675c6862.050a0220.37aaf.00b1.GAE@google.com/T/#u
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Jiri Pirko <jiri@nvidia.com>
+Reviewed-by: Joe Damato <jdamato@fastly.com>
+Link: https://patch.msgid.link/20241213172518.2415666-1-edumazet@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/netdevsim/health.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/netdevsim/health.c b/drivers/net/netdevsim/health.c
+index aa77af4a68df..bc44462c70e2 100644
+--- a/drivers/net/netdevsim/health.c
++++ b/drivers/net/netdevsim/health.c
+@@ -203,6 +203,8 @@ static ssize_t nsim_dev_health_break_write(struct file *file,
+ char *break_msg;
+ int err;
+
++ if (count == 0 || count > PAGE_SIZE)
++ return -EINVAL;
+ break_msg = memdup_user_nul(data, count);
+ if (IS_ERR(break_msg))
+ return PTR_ERR(break_msg);
+--
+2.39.5
+
--- /dev/null
+From d09fb0ec1b354ff82b7644602b8bc5fda6356af3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 17 Dec 2024 20:56:55 +0100
+Subject: netfilter: ipset: Fix for recursive locking warning
+
+From: Phil Sutter <phil@nwl.cc>
+
+[ Upstream commit 70b6f46a4ed8bd56c85ffff22df91e20e8c85e33 ]
+
+With CONFIG_PROVE_LOCKING, when creating a set of type bitmap:ip, adding
+it to a set of type list:set and populating it from iptables SET target
+triggers a kernel warning:
+
+| WARNING: possible recursive locking detected
+| 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted
+| --------------------------------------------
+| ping/4018 is trying to acquire lock:
+| ffff8881094a6848 (&set->lock){+.-.}-{2:2}, at: ip_set_add+0x28c/0x360 [ip_set]
+|
+| but task is already holding lock:
+| ffff88811034c048 (&set->lock){+.-.}-{2:2}, at: ip_set_add+0x28c/0x360 [ip_set]
+
+This is a false alarm: ipset does not allow nested list:set type, so the
+loop in list_set_kadd() can never encounter the outer set itself. No
+other set type supports embedded sets, so this is the only case to
+consider.
+
+To avoid the false report, create a distinct lock class for list:set
+type ipset locks.
+
+Fixes: f830837f0eed ("netfilter: ipset: list:set set type support")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/ipset/ip_set_list_set.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/net/netfilter/ipset/ip_set_list_set.c b/net/netfilter/ipset/ip_set_list_set.c
+index 902ff2f3bc72..5cc35b553a04 100644
+--- a/net/netfilter/ipset/ip_set_list_set.c
++++ b/net/netfilter/ipset/ip_set_list_set.c
+@@ -611,6 +611,8 @@ init_list_set(struct net *net, struct ip_set *set, u32 size)
+ return true;
+ }
+
++static struct lock_class_key list_set_lockdep_key;
++
+ static int
+ list_set_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
+ u32 flags)
+@@ -627,6 +629,7 @@ list_set_create(struct net *net, struct ip_set *set, struct nlattr *tb[],
+ if (size < IP_SET_LIST_MIN_SIZE)
+ size = IP_SET_LIST_MIN_SIZE;
+
++ lockdep_set_class(&set->lock, &list_set_lockdep_key);
+ set->variant = &set_variant;
+ set->dsize = ip_set_elem_len(set, tb, sizeof(struct set_elem),
+ __alignof__(struct set_elem));
+--
+2.39.5
+
p2sb-move-p2sb-hide-and-unhide-code-to-p2sb_scan_and.patch
p2sb-do-not-scan-and-remove-the-p2sb-device-when-it-.patch
i2c-pnx-fix-timeout-in-wait-functions.patch
+cxl-region-fix-region-creation-for-greater-than-x2-s.patch
+net-smc-protect-link-down-work-from-execute-after-lg.patch
+net-smc-check-sndbuf_space-again-after-nospace-flag-.patch
+net-smc-check-iparea_offset-and-ipv6_prefixes_cnt-wh.patch
+net-smc-check-smcd_v2_ext_offset-when-receiving-prop.patch
+net-smc-check-return-value-of-sock_recvmsg-when-drai.patch
+net-mscc-ocelot-fix-incorrect-ifh-src_port-field-in-.patch
+netdevsim-prevent-bad-user-input-in-nsim_dev_health_.patch
+ionic-fix-netdev-notifier-unregister-on-failure.patch
+ionic-use-ee-offset-when-returning-sprom-data.patch
+net-hinic-fix-cleanup-in-create_rxqs-txqs.patch
+net-ethernet-bgmac-platform-fix-an-of-node-reference.patch
+netfilter-ipset-fix-for-recursive-locking-warning.patch
+net-mdiobus-fix-an-of-node-reference-leak.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
