--- /dev/null
+From ae56a841fd6c204fc5ac7ff4dfdc46d1861c3bb0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 1 Nov 2021 19:36:30 -0500
+Subject: ARM: socfpga: dts: fix qspi node compatible
+
+From: Dinh Nguyen <dinguyen@kernel.org>
+
+[ Upstream commit cb25b11943cbcc5a34531129952870420f8be858 ]
+
+The QSPI flash node needs to have the required "jedec,spi-nor" in the
+compatible string.
+
+Fixes: 1df99da8953 ("ARM: dts: socfpga: Enable QSPI in Arria10 devkit")
+Signed-off-by: Dinh Nguyen <dinguyen@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts | 2 +-
+ arch/arm/boot/dts/socfpga_arria5_socdk.dts | 2 +-
+ arch/arm/boot/dts/socfpga_cyclone5_socdk.dts | 2 +-
+ arch/arm/boot/dts/socfpga_cyclone5_sockit.dts | 2 +-
+ arch/arm/boot/dts/socfpga_cyclone5_socrates.dts | 2 +-
+ arch/arm/boot/dts/socfpga_cyclone5_sodia.dts | 2 +-
+ arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts | 4 ++--
+ 7 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts b/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts
+index beb2fc6b9eb63..adfdc43ac052f 100644
+--- a/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts
++++ b/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts
+@@ -23,7 +23,7 @@ &qspi {
+ flash0: n25q00@0 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+- compatible = "n25q00aa";
++ compatible = "micron,mt25qu02g", "jedec,spi-nor";
+ reg = <0>;
+ spi-max-frequency = <100000000>;
+
+diff --git a/arch/arm/boot/dts/socfpga_arria5_socdk.dts b/arch/arm/boot/dts/socfpga_arria5_socdk.dts
+index aac4feea86f38..09ffa79240c84 100644
+--- a/arch/arm/boot/dts/socfpga_arria5_socdk.dts
++++ b/arch/arm/boot/dts/socfpga_arria5_socdk.dts
+@@ -131,7 +131,7 @@ &qspi {
+ flash: flash@0 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+- compatible = "n25q256a";
++ compatible = "micron,n25q256a", "jedec,spi-nor";
+ reg = <0>;
+ spi-max-frequency = <100000000>;
+
+diff --git a/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts b/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts
+index 155829f9eba16..907d8aa6d9fc8 100644
+--- a/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts
++++ b/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts
+@@ -136,7 +136,7 @@ &qspi {
+ flash0: n25q00@0 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+- compatible = "n25q00";
++ compatible = "micron,mt25qu02g", "jedec,spi-nor";
+ reg = <0>; /* chip select */
+ spi-max-frequency = <100000000>;
+
+diff --git a/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts b/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts
+index a4a555c19d943..fe5fe4559969d 100644
+--- a/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts
++++ b/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts
+@@ -181,7 +181,7 @@ &qspi {
+ flash: flash@0 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+- compatible = "n25q00";
++ compatible = "micron,mt25qu02g", "jedec,spi-nor";
+ reg = <0>;
+ spi-max-frequency = <100000000>;
+
+diff --git a/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts b/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts
+index 53bf99eef66de..0992cae3e60ef 100644
+--- a/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts
++++ b/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts
+@@ -87,7 +87,7 @@ &qspi {
+ flash: flash@0 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+- compatible = "n25q256a";
++ compatible = "micron,n25q256a", "jedec,spi-nor";
+ reg = <0>;
+ spi-max-frequency = <100000000>;
+ m25p,fast-read;
+diff --git a/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts b/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts
+index 8860dd2e242c4..22bfef024913a 100644
+--- a/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts
++++ b/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts
+@@ -128,7 +128,7 @@ &qspi {
+ flash0: n25q512a@0 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+- compatible = "n25q512a";
++ compatible = "micron,n25q512a", "jedec,spi-nor";
+ reg = <0>;
+ spi-max-frequency = <100000000>;
+
+diff --git a/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts b/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts
+index 655fe87e272d9..349719a9c1360 100644
+--- a/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts
++++ b/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts
+@@ -249,7 +249,7 @@ &qspi {
+ n25q128@0 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+- compatible = "n25q128";
++ compatible = "micron,n25q128", "jedec,spi-nor";
+ reg = <0>; /* chip select */
+ spi-max-frequency = <100000000>;
+ m25p,fast-read;
+@@ -266,7 +266,7 @@ n25q128@0 {
+ n25q00@1 {
+ #address-cells = <1>;
+ #size-cells = <1>;
+- compatible = "n25q00";
++ compatible = "micron,mt25qu02g", "jedec,spi-nor";
+ reg = <1>; /* chip select */
+ spi-max-frequency = <100000000>;
+ m25p,fast-read;
+--
+2.33.0
+
--- /dev/null
+From a4cb92368cf65e21efccbe6fd5348702d357f3b4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 25 Nov 2021 15:44:38 +0000
+Subject: dmaengine: st_fdma: fix MODULE_ALIAS
+
+From: Alyssa Ross <hi@alyssa.is>
+
+[ Upstream commit 822c9f2b833c53fc67e8adf6f63ecc3ea24d502c ]
+
+modprobe can't handle spaces in aliases.
+
+Fixes: 6b4cd727eaf1 ("dmaengine: st_fdma: Add STMicroelectronics FDMA engine driver support")
+Signed-off-by: Alyssa Ross <hi@alyssa.is>
+Link: https://lore.kernel.org/r/20211125154441.2626214-1-hi@alyssa.is
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/dma/st_fdma.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/dma/st_fdma.c b/drivers/dma/st_fdma.c
+index bfb79bd0c6de5..087d22ba8a2f6 100644
+--- a/drivers/dma/st_fdma.c
++++ b/drivers/dma/st_fdma.c
+@@ -886,4 +886,4 @@ MODULE_LICENSE("GPL v2");
+ MODULE_DESCRIPTION("STMicroelectronics FDMA engine driver");
+ MODULE_AUTHOR("Ludovic.barre <Ludovic.barre@st.com>");
+ MODULE_AUTHOR("Peter Griffin <peter.griffin@linaro.org>");
+-MODULE_ALIAS("platform: " DRIVER_NAME);
++MODULE_ALIAS("platform:" DRIVER_NAME);
+--
+2.33.0
+
--- /dev/null
+From 57110014247dc19c0f81fa0e77e4ff321af434e3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 25 Nov 2021 18:33:16 -0800
+Subject: hv: utils: add PTP_1588_CLOCK to Kconfig to fix build
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit 1dc2f2b81a6a9895da59f3915760f6c0c3074492 ]
+
+The hyperv utilities use PTP clock interfaces and should depend a
+a kconfig symbol such that they will be built as a loadable module or
+builtin so that linker errors do not happen.
+
+Prevents these build errors:
+
+ld: drivers/hv/hv_util.o: in function `hv_timesync_deinit':
+hv_util.c:(.text+0x37d): undefined reference to `ptp_clock_unregister'
+ld: drivers/hv/hv_util.o: in function `hv_timesync_init':
+hv_util.c:(.text+0x738): undefined reference to `ptp_clock_register'
+
+Fixes: 3716a49a81ba ("hv_utils: implement Hyper-V PTP source")
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Reported-by: kernel test robot <lkp@intel.com>
+Cc: Arnd Bergmann <arnd@arndb.de>
+Cc: "K. Y. Srinivasan" <kys@microsoft.com>
+Cc: Haiyang Zhang <haiyangz@microsoft.com>
+Cc: Stephen Hemminger <sthemmin@microsoft.com>
+Cc: Wei Liu <wei.liu@kernel.org>
+Cc: Dexuan Cui <decui@microsoft.com>
+Cc: linux-hyperv@vger.kernel.org
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Reviewed-by: Michael Kelley <mikelley@microsoft.com>
+Link: https://lore.kernel.org/r/20211126023316.25184-1-rdunlap@infradead.org
+Signed-off-by: Wei Liu <wei.liu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hv/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig
+index 247a62604d1f6..23ad80dbe7af0 100644
+--- a/drivers/hv/Kconfig
++++ b/drivers/hv/Kconfig
+@@ -14,6 +14,7 @@ config HYPERV_TSCPAGE
+ config HYPERV_UTILS
+ tristate "Microsoft Hyper-V Utilities driver"
+ depends on HYPERV && CONNECTOR && NLS
++ depends on PTP_1588_CLOCK_OPTIONAL
+ help
+ Select this option to enable the Hyper-V Utilities.
+
+--
+2.33.0
+
--- /dev/null
+From 0c5b3d372993138ba7c10f610102e5c4ac37587d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 13 Nov 2021 11:42:34 +0800
+Subject: igbvf: fix double free in `igbvf_probe`
+
+From: Letu Ren <fantasquex@gmail.com>
+
+[ Upstream commit b6d335a60dc624c0d279333b22c737faa765b028 ]
+
+In `igbvf_probe`, if register_netdev() fails, the program will go to
+label err_hw_init, and then to label err_ioremap. In free_netdev() which
+is just below label err_ioremap, there is `list_for_each_entry_safe` and
+`netif_napi_del` which aims to delete all entries in `dev->napi_list`.
+The program has added an entry `adapter->rx_ring->napi` which is added by
+`netif_napi_add` in igbvf_alloc_queues(). However, adapter->rx_ring has
+been freed below label err_hw_init. So this a UAF.
+
+In terms of how to patch the problem, we can refer to igbvf_remove() and
+delete the entry before `adapter->rx_ring`.
+
+The KASAN logs are as follows:
+
+[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450
+[ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366
+[ 35.128360]
+[ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14
+[ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
+[ 35.131749] Call Trace:
+[ 35.132199] dump_stack_lvl+0x59/0x7b
+[ 35.132865] print_address_description+0x7c/0x3b0
+[ 35.133707] ? free_netdev+0x1fd/0x450
+[ 35.134378] __kasan_report+0x160/0x1c0
+[ 35.135063] ? free_netdev+0x1fd/0x450
+[ 35.135738] kasan_report+0x4b/0x70
+[ 35.136367] free_netdev+0x1fd/0x450
+[ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf]
+[ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf]
+[ 35.138751] local_pci_probe+0x13c/0x1f0
+[ 35.139461] pci_device_probe+0x37e/0x6c0
+[ 35.165526]
+[ 35.165806] Allocated by task 366:
+[ 35.166414] ____kasan_kmalloc+0xc4/0xf0
+[ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf]
+[ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf]
+[ 35.168866] local_pci_probe+0x13c/0x1f0
+[ 35.169565] pci_device_probe+0x37e/0x6c0
+[ 35.179713]
+[ 35.179993] Freed by task 366:
+[ 35.180539] kasan_set_track+0x4c/0x80
+[ 35.181211] kasan_set_free_info+0x1f/0x40
+[ 35.181942] ____kasan_slab_free+0x103/0x140
+[ 35.182703] kfree+0xe3/0x250
+[ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf]
+[ 35.184040] local_pci_probe+0x13c/0x1f0
+
+Fixes: d4e0fe01a38a0 (igbvf: add new driver to support 82576 virtual functions)
+Reported-by: Zheyu Ma <zheyuma97@gmail.com>
+Signed-off-by: Letu Ren <fantasquex@gmail.com>
+Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/igbvf/netdev.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/ethernet/intel/igbvf/netdev.c b/drivers/net/ethernet/intel/igbvf/netdev.c
+index 6f5888bd91944..98fd214f2c42b 100644
+--- a/drivers/net/ethernet/intel/igbvf/netdev.c
++++ b/drivers/net/ethernet/intel/igbvf/netdev.c
+@@ -2911,6 +2911,7 @@ static int igbvf_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
+ return 0;
+
+ err_hw_init:
++ netif_napi_del(&adapter->rx_ring->napi);
+ kfree(adapter->tx_ring);
+ kfree(adapter->rx_ring);
+ err_sw_init:
+--
+2.33.0
+
--- /dev/null
+From b9a02a6b9258676ae812fdb06747247b0df5ad76 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 1 Nov 2021 18:39:36 -0700
+Subject: ixgbe: set X550 MDIO speed before talking to PHY
+
+From: Cyril Novikov <cnovikov@lynx.com>
+
+[ Upstream commit bf0a375055bd1afbbf02a0ef45f7655da7b71317 ]
+
+The MDIO bus speed must be initialized before talking to the PHY the first
+time in order to avoid talking to it using a speed that the PHY doesn't
+support.
+
+This fixes HW initialization error -17 (IXGBE_ERR_PHY_ADDR_INVALID) on
+Denverton CPUs (a.k.a. the Atom C3000 family) on ports with a 10Gb network
+plugged in. On those devices, HLREG0[MDCSPD] resets to 1, which combined
+with the 10Gb network results in a 24MHz MDIO speed, which is apparently
+too fast for the connected PHY. PHY register reads over MDIO bus return
+garbage, leading to initialization failure.
+
+Reproduced with Linux kernel 4.19 and 5.15-rc7. Can be reproduced using
+the following setup:
+
+* Use an Atom C3000 family system with at least one X552 LAN on the SoC
+* Disable PXE or other BIOS network initialization if possible
+ (the interface must not be initialized before Linux boots)
+* Connect a live 10Gb Ethernet cable to an X550 port
+* Power cycle (not reset, doesn't always work) the system and boot Linux
+* Observe: ixgbe interfaces w/ 10GbE cables plugged in fail with error -17
+
+Fixes: e84db7272798 ("ixgbe: Introduce function to control MDIO speed")
+Signed-off-by: Cyril Novikov <cnovikov@lynx.com>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c
+index a37c951b07530..10fa0e095ec37 100644
+--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c
++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c
+@@ -3397,6 +3397,9 @@ static s32 ixgbe_reset_hw_X550em(struct ixgbe_hw *hw)
+ /* flush pending Tx transactions */
+ ixgbe_clear_tx_pending(hw);
+
++ /* set MDIO speed before talking to the PHY in case it's the 1st time */
++ ixgbe_set_mdio_speed(hw);
++
+ /* PHY ops must be identified and initialized prior to reset */
+
+ /* Identify PHY and related function pointers */
+--
+2.33.0
+
--- /dev/null
+From 123267c7d2c88907c1448956b73adbf5f7aba761 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 15 Dec 2021 09:39:37 -0500
+Subject: net/packet: rx_owner_map depends on pg_vec
+
+From: Willem de Bruijn <willemb@google.com>
+
+[ Upstream commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 ]
+
+Packet sockets may switch ring versions. Avoid misinterpreting state
+between versions, whose fields share a union. rx_owner_map is only
+allocated with a packet ring (pg_vec) and both are swapped together.
+If pg_vec is NULL, meaning no packet ring was allocated, then neither
+was rx_owner_map. And the field may be old state from a tpacket_v3.
+
+Fixes: 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a producer race condition")
+Reported-by: Syzbot <syzbot+1ac0994a0a0c55151121@syzkaller.appspotmail.com>
+Signed-off-by: Willem de Bruijn <willemb@google.com>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Link: https://lore.kernel.org/r/20211215143937.106178-1-willemdebruijn.kernel@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/packet/af_packet.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
+index 50ca70b3c1759..3177b9320c62d 100644
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -4477,9 +4477,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
+ }
+
+ out_free_pg_vec:
+- bitmap_free(rx_owner_map);
+- if (pg_vec)
++ if (pg_vec) {
++ bitmap_free(rx_owner_map);
+ free_pg_vec(pg_vec, order, req->tp_block_nr);
++ }
+ out:
+ return err;
+ }
+--
+2.33.0
+
nfsd-fix-use-after-free-due-to-delegation-race.patch
x86-make-arch_use_memremap_prot-a-generic-kconfig-symbol.patch
x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch
+hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch
+arm-socfpga-dts-fix-qspi-node-compatible.patch
+dmaengine-st_fdma-fix-module_alias.patch
+soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch
+igbvf-fix-double-free-in-igbvf_probe.patch
+ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch
+net-packet-rx_owner_map-depends-on-pg_vec.patch
+sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch
--- /dev/null
+From 37ccfc36fff80b958155268000a1cdae80f1d310 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 16 Dec 2021 03:17:41 -0800
+Subject: sit: do not call ipip6_dev_free() from sit_init_net()
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit e28587cc491ef0f3c51258fdc87fbc386b1d4c59 ]
+
+ipip6_dev_free is sit dev->priv_destructor, already called
+by register_netdevice() if something goes wrong.
+
+Alternative would be to make ipip6_dev_free() robust against
+multiple invocations, but other drivers do not implement this
+strategy.
+
+syzbot reported:
+
+dst_release underflow
+WARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173
+Modules linked in:
+CPU: 1 PID: 5059 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:dst_release+0xd8/0xe0 net/core/dst.c:173
+Code: 4c 89 f2 89 d9 31 c0 5b 41 5e 5d e9 da d5 44 f9 e8 1d 90 5f f9 c6 05 87 48 c6 05 01 48 c7 c7 80 44 99 8b 31 c0 e8 e8 67 29 f9 <0f> 0b eb 85 0f 1f 40 00 53 48 89 fb e8 f7 8f 5f f9 48 83 c3 a8 48
+RSP: 0018:ffffc9000aa5faa0 EFLAGS: 00010246
+RAX: d6894a925dd15a00 RBX: 00000000ffffffff RCX: 0000000000040000
+RDX: ffffc90005e19000 RSI: 000000000003ffff RDI: 0000000000040000
+RBP: 0000000000000000 R08: ffffffff816a1f42 R09: ffffed1017344f2c
+R10: ffffed1017344f2c R11: 0000000000000000 R12: 0000607f462b1358
+R13: 1ffffffff1bfd305 R14: ffffe8ffffcb1358 R15: dffffc0000000000
+FS: 00007f66c71a2700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007f88aaed5058 CR3: 0000000023e0f000 CR4: 00000000003506f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ dst_cache_destroy+0x107/0x1e0 net/core/dst_cache.c:160
+ ipip6_dev_free net/ipv6/sit.c:1414 [inline]
+ sit_init_net+0x229/0x550 net/ipv6/sit.c:1936
+ ops_init+0x313/0x430 net/core/net_namespace.c:140
+ setup_net+0x35b/0x9d0 net/core/net_namespace.c:326
+ copy_net_ns+0x359/0x5c0 net/core/net_namespace.c:470
+ create_new_namespaces+0x4ce/0xa00 kernel/nsproxy.c:110
+ unshare_nsproxy_namespaces+0x11e/0x180 kernel/nsproxy.c:226
+ ksys_unshare+0x57d/0xb50 kernel/fork.c:3075
+ __do_sys_unshare kernel/fork.c:3146 [inline]
+ __se_sys_unshare kernel/fork.c:3144 [inline]
+ __x64_sys_unshare+0x34/0x40 kernel/fork.c:3144
+ do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+ do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+RIP: 0033:0x7f66c882ce99
+Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007f66c71a2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
+RAX: ffffffffffffffda RBX: 00007f66c893ff60 RCX: 00007f66c882ce99
+RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000048040200
+RBP: 00007f66c8886ff1 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
+R13: 00007fff6634832f R14: 00007f66c71a2300 R15: 0000000000022000
+ </TASK>
+
+Fixes: cf124db566e6 ("net: Fix inconsistent teardown and release of private netdev state.")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Link: https://lore.kernel.org/r/20211216111741.1387540-1-eric.dumazet@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv6/sit.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
+index 0c71137c5d41b..43fd9cfa7b115 100644
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -1858,7 +1858,6 @@ static int __net_init sit_init_net(struct net *net)
+ return 0;
+
+ err_reg_dev:
+- ipip6_dev_free(sitn->fb_tunnel_dev);
+ free_netdev(sitn->fb_tunnel_dev);
+ err_alloc_dev:
+ return err;
+--
+2.33.0
+
--- /dev/null
+From a2f8629fe05f4d7f833778a9ab86e1ac2bf895f3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 10 Dec 2021 09:55:29 -0700
+Subject: soc/tegra: fuse: Fix bitwise vs. logical OR warning
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+[ Upstream commit a7083763619f7485ccdade160deb81737cf2732f ]
+
+A new warning in clang points out two instances where boolean
+expressions are being used with a bitwise OR instead of logical OR:
+
+drivers/soc/tegra/fuse/speedo-tegra20.c:72:9: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
+ reg = tegra_fuse_read_spare(i) |
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~
+ ||
+drivers/soc/tegra/fuse/speedo-tegra20.c:72:9: note: cast one or both operands to int to silence this warning
+drivers/soc/tegra/fuse/speedo-tegra20.c:87:9: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical]
+ reg = tegra_fuse_read_spare(i) |
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~
+ ||
+drivers/soc/tegra/fuse/speedo-tegra20.c:87:9: note: cast one or both operands to int to silence this warning
+2 warnings generated.
+
+The motivation for the warning is that logical operations short circuit
+while bitwise operations do not.
+
+In this instance, tegra_fuse_read_spare() is not semantically returning
+a boolean, it is returning a bit value. Use u32 for its return type so
+that it can be used with either bitwise or boolean operators without any
+warnings.
+
+Fixes: 25cd5a391478 ("ARM: tegra: Add speedo-based process identification")
+Link: https://github.com/ClangBuiltLinux/linux/issues/1488
+Suggested-by: Michał Mirosław <mirq-linux@rere.qmqm.pl>
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
+Signed-off-by: Thierry Reding <treding@nvidia.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/soc/tegra/fuse/fuse-tegra.c | 2 +-
+ drivers/soc/tegra/fuse/fuse.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c
+index 37bde5c8268d1..a623e498a97bc 100644
+--- a/drivers/soc/tegra/fuse/fuse-tegra.c
++++ b/drivers/soc/tegra/fuse/fuse-tegra.c
+@@ -178,7 +178,7 @@ static struct platform_driver tegra_fuse_driver = {
+ };
+ builtin_platform_driver(tegra_fuse_driver);
+
+-bool __init tegra_fuse_read_spare(unsigned int spare)
++u32 __init tegra_fuse_read_spare(unsigned int spare)
+ {
+ unsigned int offset = fuse->soc->info->spare + spare * 4;
+
+diff --git a/drivers/soc/tegra/fuse/fuse.h b/drivers/soc/tegra/fuse/fuse.h
+index 10c2076d5089a..f368bd5373088 100644
+--- a/drivers/soc/tegra/fuse/fuse.h
++++ b/drivers/soc/tegra/fuse/fuse.h
+@@ -62,7 +62,7 @@ struct tegra_fuse {
+ void tegra_init_revision(void);
+ void tegra_init_apbmisc(void);
+
+-bool __init tegra_fuse_read_spare(unsigned int spare);
++u32 __init tegra_fuse_read_spare(unsigned int spare);
+ u32 __init tegra_fuse_read_early(unsigned int offset);
+
+ #ifdef CONFIG_ARCH_TEGRA_2x_SOC
+--
+2.33.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
