--- /dev/null
+From 0113fcbe2ea18a70680b40e5ffe6c2899fa3633e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Jan 2025 16:21:00 +0000
+Subject: afs: Fix the maximum cell name length
+
+From: David Howells <dhowells@redhat.com>
+
+[ Upstream commit 8fd56ad6e7c90ac2bddb0741c6b248c8c5d56ac8 ]
+
+The kafs filesystem limits the maximum length of a cell to 256 bytes, but a
+problem occurs if someone actually does that: kafs tries to create a
+directory under /proc/net/afs/ with the name of the cell, but that fails
+with a warning:
+
+ WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405
+
+because procfs limits the maximum filename length to 255.
+
+However, the DNS limits the maximum lookup length and, by extension, the
+maximum cell name, to 255 less two (length count and trailing NUL).
+
+Fix this by limiting the maximum acceptable cellname length to 253. This
+also allows us to be sure we can create the "/afs/.<cell>/" mountpoint too.
+
+Further, split the YFS VL record cell name maximum to be the 256 allowed by
+the protocol and ignore the record retrieved by YFSVL.GetCellName if it
+exceeds 253.
+
+Fixes: c3e9f888263b ("afs: Implement client support for the YFSVL.GetCellName RPC op")
+Reported-by: syzbot+7848fee1f1e5c53f912b@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/r/6776d25d.050a0220.3a8527.0048.GAE@google.com/
+Signed-off-by: David Howells <dhowells@redhat.com>
+Link: https://lore.kernel.org/r/376236.1736180460@warthog.procyon.org.uk
+Tested-by: syzbot+7848fee1f1e5c53f912b@syzkaller.appspotmail.com
+cc: Marc Dionne <marc.dionne@auristor.com>
+cc: linux-afs@lists.infradead.org
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/afs/afs.h | 2 +-
+ fs/afs/afs_vl.h | 1 +
+ fs/afs/vl_alias.c | 8 ++++++--
+ fs/afs/vlclient.c | 2 +-
+ 4 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/fs/afs/afs.h b/fs/afs/afs.h
+index b488072aee87..ec3db00bd081 100644
+--- a/fs/afs/afs.h
++++ b/fs/afs/afs.h
+@@ -10,7 +10,7 @@
+
+ #include <linux/in.h>
+
+-#define AFS_MAXCELLNAME 256 /* Maximum length of a cell name */
++#define AFS_MAXCELLNAME 253 /* Maximum length of a cell name (DNS limited) */
+ #define AFS_MAXVOLNAME 64 /* Maximum length of a volume name */
+ #define AFS_MAXNSERVERS 8 /* Maximum servers in a basic volume record */
+ #define AFS_NMAXNSERVERS 13 /* Maximum servers in a N/U-class volume record */
+diff --git a/fs/afs/afs_vl.h b/fs/afs/afs_vl.h
+index a06296c8827d..b835e25a2c02 100644
+--- a/fs/afs/afs_vl.h
++++ b/fs/afs/afs_vl.h
+@@ -13,6 +13,7 @@
+ #define AFS_VL_PORT 7003 /* volume location service port */
+ #define VL_SERVICE 52 /* RxRPC service ID for the Volume Location service */
+ #define YFS_VL_SERVICE 2503 /* Service ID for AuriStor upgraded VL service */
++#define YFS_VL_MAXCELLNAME 256 /* Maximum length of a cell name in YFS protocol */
+
+ enum AFSVL_Operations {
+ VLGETENTRYBYID = 503, /* AFS Get VLDB entry by ID */
+diff --git a/fs/afs/vl_alias.c b/fs/afs/vl_alias.c
+index 9f36e14f1c2d..f9e76b604f31 100644
+--- a/fs/afs/vl_alias.c
++++ b/fs/afs/vl_alias.c
+@@ -253,6 +253,7 @@ static char *afs_vl_get_cell_name(struct afs_cell *cell, struct key *key)
+ static int yfs_check_canonical_cell_name(struct afs_cell *cell, struct key *key)
+ {
+ struct afs_cell *master;
++ size_t name_len;
+ char *cell_name;
+
+ cell_name = afs_vl_get_cell_name(cell, key);
+@@ -264,8 +265,11 @@ static int yfs_check_canonical_cell_name(struct afs_cell *cell, struct key *key)
+ return 0;
+ }
+
+- master = afs_lookup_cell(cell->net, cell_name, strlen(cell_name),
+- NULL, false);
++ name_len = strlen(cell_name);
++ if (!name_len || name_len > AFS_MAXCELLNAME)
++ master = ERR_PTR(-EOPNOTSUPP);
++ else
++ master = afs_lookup_cell(cell->net, cell_name, name_len, NULL, false);
+ kfree(cell_name);
+ if (IS_ERR(master))
+ return PTR_ERR(master);
+diff --git a/fs/afs/vlclient.c b/fs/afs/vlclient.c
+index cac75f89b64a..55dd0fc5aad7 100644
+--- a/fs/afs/vlclient.c
++++ b/fs/afs/vlclient.c
+@@ -697,7 +697,7 @@ static int afs_deliver_yfsvl_get_cell_name(struct afs_call *call)
+ return ret;
+
+ namesz = ntohl(call->tmp);
+- if (namesz > AFS_MAXCELLNAME)
++ if (namesz > YFS_VL_MAXCELLNAME)
+ return afs_protocol_error(call, afs_eproto_cellname_len);
+ paddedsz = (namesz + 3) & ~3;
+ call->count = namesz;
+--
+2.39.5
+
--- /dev/null
+From 8d2693acca76bc059d9cb0c0e14498d1c4b38681 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 16 Nov 2024 00:32:39 +0100
+Subject: cpuidle: riscv-sbi: fix device node release in early exit of
+ for_each_possible_cpu
+
+From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
+
+[ Upstream commit 7e25044b804581b9c029d5a28d8800aebde18043 ]
+
+The 'np' device_node is initialized via of_cpu_device_node_get(), which
+requires explicit calls to of_node_put() when it is no longer required
+to avoid leaking the resource.
+
+Instead of adding the missing calls to of_node_put() in all execution
+paths, use the cleanup attribute for 'np' by means of the __free()
+macro, which automatically calls of_node_put() when the variable goes
+out of scope. Given that 'np' is only used within the
+for_each_possible_cpu(), reduce its scope to release the nood after
+every iteration of the loop.
+
+Fixes: 6abf32f1d9c5 ("cpuidle: Add RISC-V SBI CPU idle driver")
+Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
+Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
+Link: https://lore.kernel.org/r/20241116-cpuidle-riscv-sbi-cleanup-v3-1-a3a46372ce08@gmail.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/cpuidle/cpuidle-riscv-sbi.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/cpuidle/cpuidle-riscv-sbi.c b/drivers/cpuidle/cpuidle-riscv-sbi.c
+index d228b4d18d56..77a1fc668ae2 100644
+--- a/drivers/cpuidle/cpuidle-riscv-sbi.c
++++ b/drivers/cpuidle/cpuidle-riscv-sbi.c
+@@ -500,12 +500,12 @@ static int sbi_cpuidle_probe(struct platform_device *pdev)
+ int cpu, ret;
+ struct cpuidle_driver *drv;
+ struct cpuidle_device *dev;
+- struct device_node *np, *pds_node;
++ struct device_node *pds_node;
+
+ /* Detect OSI support based on CPU DT nodes */
+ sbi_cpuidle_use_osi = true;
+ for_each_possible_cpu(cpu) {
+- np = of_cpu_device_node_get(cpu);
++ struct device_node *np __free(device_node) = of_cpu_device_node_get(cpu);
+ if (np &&
+ of_property_present(np, "power-domains") &&
+ of_property_present(np, "power-domain-names")) {
+--
+2.39.5
+
--- /dev/null
+From c63ad1ebc51c23ff160d8ec466fe7fba5df35c32 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 12 Dec 2024 16:09:32 -0800
+Subject: drivers/perf: riscv: Fix Platform firmware event data
+
+From: Atish Patra <atishp@rivosinc.com>
+
+[ Upstream commit fc58db9aeb15e89b69ff5e9abc69ecf9e5f888ed ]
+
+Platform firmware event data field is allowed to be 62 bits for
+Linux as uppper most two bits are reserved to indicate SBI fw or
+platform specific firmware events.
+However, the event data field is masked as per the hardware raw
+event mask which is not correct.
+
+Fix the platform firmware event data field with proper mask.
+
+Fixes: f0c9363db2dd ("perf/riscv-sbi: Add platform specific firmware event handling")
+
+Signed-off-by: Atish Patra <atishp@rivosinc.com>
+Link: https://lore.kernel.org/r/20241212-pmu_event_fixes_v2-v2-1-813e8a4f5962@rivosinc.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/include/asm/sbi.h | 1 +
+ drivers/perf/riscv_pmu_sbi.c | 12 +++++-------
+ 2 files changed, 6 insertions(+), 7 deletions(-)
+
+diff --git a/arch/riscv/include/asm/sbi.h b/arch/riscv/include/asm/sbi.h
+index 98f631b051db..9be38b05f4ad 100644
+--- a/arch/riscv/include/asm/sbi.h
++++ b/arch/riscv/include/asm/sbi.h
+@@ -158,6 +158,7 @@ struct riscv_pmu_snapshot_data {
+ };
+
+ #define RISCV_PMU_RAW_EVENT_MASK GENMASK_ULL(47, 0)
++#define RISCV_PMU_PLAT_FW_EVENT_MASK GENMASK_ULL(61, 0)
+ #define RISCV_PMU_RAW_EVENT_IDX 0x20000
+ #define RISCV_PLAT_FW_EVENT 0xFFFF
+
+diff --git a/drivers/perf/riscv_pmu_sbi.c b/drivers/perf/riscv_pmu_sbi.c
+index 1aa303f76cc7..3473ba02abf3 100644
+--- a/drivers/perf/riscv_pmu_sbi.c
++++ b/drivers/perf/riscv_pmu_sbi.c
+@@ -507,7 +507,6 @@ static int pmu_sbi_event_map(struct perf_event *event, u64 *econfig)
+ {
+ u32 type = event->attr.type;
+ u64 config = event->attr.config;
+- u64 raw_config_val;
+ int ret;
+
+ /*
+@@ -528,21 +527,20 @@ static int pmu_sbi_event_map(struct perf_event *event, u64 *econfig)
+ case PERF_TYPE_RAW:
+ /*
+ * As per SBI specification, the upper 16 bits must be unused
+- * for a raw event.
++ * for a hardware raw event.
+ * Bits 63:62 are used to distinguish between raw events
+ * 00 - Hardware raw event
+ * 10 - SBI firmware events
+ * 11 - Risc-V platform specific firmware event
+ */
+- raw_config_val = config & RISCV_PMU_RAW_EVENT_MASK;
++
+ switch (config >> 62) {
+ case 0:
+ ret = RISCV_PMU_RAW_EVENT_IDX;
+- *econfig = raw_config_val;
++ *econfig = config & RISCV_PMU_RAW_EVENT_MASK;
+ break;
+ case 2:
+- ret = (raw_config_val & 0xFFFF) |
+- (SBI_PMU_EVENT_TYPE_FW << 16);
++ ret = (config & 0xFFFF) | (SBI_PMU_EVENT_TYPE_FW << 16);
+ break;
+ case 3:
+ /*
+@@ -551,7 +549,7 @@ static int pmu_sbi_event_map(struct perf_event *event, u64 *econfig)
+ * Event data - raw event encoding
+ */
+ ret = SBI_PMU_EVENT_TYPE_FW << 16 | RISCV_PLAT_FW_EVENT;
+- *econfig = raw_config_val;
++ *econfig = config & RISCV_PMU_PLAT_FW_EVENT_MASK;
+ break;
+ }
+ break;
+--
+2.39.5
+
--- /dev/null
+From 31015170096d17066fc5fb0be6934e36091e801b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 12 Dec 2024 16:09:33 -0800
+Subject: drivers/perf: riscv: Return error for default case
+
+From: Atish Patra <atishp@rivosinc.com>
+
+[ Upstream commit 2c206cdede567f53035c622e846678a996f39d69 ]
+
+If the upper two bits has an invalid valid (0x1), the event mapping
+is not reliable as it returns an uninitialized variable.
+
+Return appropriate value for the default case.
+
+Fixes: f0c9363db2dd ("perf/riscv-sbi: Add platform specific firmware event handling")
+
+Signed-off-by: Atish Patra <atishp@rivosinc.com>
+Link: https://lore.kernel.org/r/20241212-pmu_event_fixes_v2-v2-2-813e8a4f5962@rivosinc.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/perf/riscv_pmu_sbi.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/perf/riscv_pmu_sbi.c b/drivers/perf/riscv_pmu_sbi.c
+index 3473ba02abf3..da3651d32906 100644
+--- a/drivers/perf/riscv_pmu_sbi.c
++++ b/drivers/perf/riscv_pmu_sbi.c
+@@ -507,7 +507,7 @@ static int pmu_sbi_event_map(struct perf_event *event, u64 *econfig)
+ {
+ u32 type = event->attr.type;
+ u64 config = event->attr.config;
+- int ret;
++ int ret = -ENOENT;
+
+ /*
+ * Ensure we are finished checking standard hardware events for
+@@ -551,10 +551,11 @@ static int pmu_sbi_event_map(struct perf_event *event, u64 *econfig)
+ ret = SBI_PMU_EVENT_TYPE_FW << 16 | RISCV_PLAT_FW_EVENT;
+ *econfig = config & RISCV_PMU_PLAT_FW_EVENT_MASK;
+ break;
++ default:
++ break;
+ }
+ break;
+ default:
+- ret = -ENOENT;
+ break;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From 26d00be99554f175613259ea7b719e75aed22e36 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 18 Dec 2024 19:34:07 +0800
+Subject: drm/mediatek: Add return value check when reading DPCD
+
+From: Liankun Yang <liankun.yang@mediatek.com>
+
+[ Upstream commit 522908140645865dc3e2fac70fd3b28834dfa7be ]
+
+Check the return value of drm_dp_dpcd_readb() to confirm that
+AUX communication is successful. To simplify the code, replace
+drm_dp_dpcd_readb() and DP_GET_SINK_COUNT() with drm_dp_read_sink_count().
+
+Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
+Signed-off-by: Liankun Yang <liankun.yang@mediatek.com>
+Reviewed-by: Guillaume Ranquet <granquet@baylibre.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20241218113448.2992-1-liankun.yang@mediatek.com/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/mediatek/mtk_dp.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c
+index 461764ec19e7..cad65ea851ed 100644
+--- a/drivers/gpu/drm/mediatek/mtk_dp.c
++++ b/drivers/gpu/drm/mediatek/mtk_dp.c
+@@ -2103,7 +2103,6 @@ static enum drm_connector_status mtk_dp_bdg_detect(struct drm_bridge *bridge)
+ struct mtk_dp *mtk_dp = mtk_dp_from_bridge(bridge);
+ enum drm_connector_status ret = connector_status_disconnected;
+ bool enabled = mtk_dp->enabled;
+- u8 sink_count = 0;
+
+ if (!mtk_dp->train_info.cable_plugged_in)
+ return ret;
+@@ -2118,8 +2117,8 @@ static enum drm_connector_status mtk_dp_bdg_detect(struct drm_bridge *bridge)
+ * function, we just need to check the HPD connection to check
+ * whether we connect to a sink device.
+ */
+- drm_dp_dpcd_readb(&mtk_dp->aux, DP_SINK_COUNT, &sink_count);
+- if (DP_GET_SINK_COUNT(sink_count))
++
++ if (drm_dp_read_sink_count(&mtk_dp->aux) > 0)
+ ret = connector_status_connected;
+
+ if (!enabled)
+--
+2.39.5
+
--- /dev/null
+From e59370a8c353fb70cca9a72ddaa184d7ab17da5d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 18 Nov 2024 10:51:26 +0800
+Subject: drm/mediatek: Add support for 180-degree rotation in the display
+ driver
+
+From: Jason-JH.Lin <jason-jh.lin@mediatek.com>
+
+[ Upstream commit 5c9d7e79ba154e8e1f0bfdeb7b495f454c1a3eba ]
+
+mediatek-drm driver reported the capability of 180-degree rotation by
+adding `DRM_MODE_ROTATE_180` to the plane property, as flip-x combined
+with flip-y equals a 180-degree rotation. However, we did not handle
+the rotation property in the driver and lead to rotation issues.
+
+Fixes: 74608d8feefd ("drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property")
+Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
+Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
+Reviewed-by: CK Hu <ck.hu@mediatek.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20241118025126.30808-1-jason-jh.lin@mediatek.com/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/mediatek/mtk_disp_ovl.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
+index e0c0bb01f65a..a3091bfcbd43 100644
+--- a/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
++++ b/drivers/gpu/drm/mediatek/mtk_disp_ovl.c
+@@ -471,6 +471,7 @@ void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
+ unsigned int pitch = pending->pitch;
+ unsigned int hdr_pitch = pending->hdr_pitch;
+ unsigned int fmt = pending->format;
++ unsigned int rotation = pending->rotation;
+ unsigned int offset = (pending->y << 16) | pending->x;
+ unsigned int src_size = (pending->height << 16) | pending->width;
+ unsigned int blend_mode = state->base.pixel_blend_mode;
+@@ -513,12 +514,19 @@ void mtk_ovl_layer_config(struct device *dev, unsigned int idx,
+ ignore_pixel_alpha = OVL_CONST_BLEND;
+ }
+
+- if (pending->rotation & DRM_MODE_REFLECT_Y) {
++ /*
++ * Treat rotate 180 as flip x + flip y, and XOR the original rotation value
++ * to flip x + flip y to support both in the same time.
++ */
++ if (rotation & DRM_MODE_ROTATE_180)
++ rotation ^= DRM_MODE_REFLECT_X | DRM_MODE_REFLECT_Y;
++
++ if (rotation & DRM_MODE_REFLECT_Y) {
+ con |= OVL_CON_VIRT_FLIP;
+ addr += (pending->height - 1) * pending->pitch;
+ }
+
+- if (pending->rotation & DRM_MODE_REFLECT_X) {
++ if (rotation & DRM_MODE_REFLECT_X) {
+ con |= OVL_CON_HORZ_FLIP;
+ addr += pending->pitch - 1;
+ }
+--
+2.39.5
+
--- /dev/null
+From 179d2ea3bf5b78b5e766ce3051561411d5a8dcc6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 25 Oct 2024 16:28:28 +0800
+Subject: drm/mediatek: Fix mode valid issue for dp
+
+From: Liankun Yang <liankun.yang@mediatek.com>
+
+[ Upstream commit 0d68b55887cedc7487036ed34cb4c2097c4228f1 ]
+
+Fix dp mode valid issue to avoid abnormal display of limit state.
+
+After DP passes link training, it can express the lane count of the
+current link status is good. Calculate the maximum bandwidth supported
+by DP using the current lane count.
+
+The color format will select the best one based on the bandwidth
+requirements of the current timing mode. If the current timing mode
+uses RGB and meets the DP link bandwidth requirements, RGB will be used.
+
+If the timing mode uses RGB but does not meet the DP link bandwidthi
+requirements, it will continue to check whether YUV422 meets
+the DP link bandwidth.
+
+FEC overhead is approximately 2.4% from DP 1.4a spec 2.2.1.4.2.
+The down-spread amplitude shall either be disabled (0.0%) or up
+to 0.5% from 1.4a 3.5.2.6. Add up to approximately 3% total overhead.
+
+Because rate is already divided by 10,
+mode->clock does not need to be multiplied by 10.
+
+Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
+Signed-off-by: Liankun Yang <liankun.yang@mediatek.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20241025083036.8829-3-liankun.yang@mediatek.com/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/mediatek/mtk_dp.c | 28 +++++++++++++++++-----------
+ 1 file changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c
+index bcc4d3fc77d8..461764ec19e7 100644
+--- a/drivers/gpu/drm/mediatek/mtk_dp.c
++++ b/drivers/gpu/drm/mediatek/mtk_dp.c
+@@ -2411,12 +2411,19 @@ mtk_dp_bridge_mode_valid(struct drm_bridge *bridge,
+ {
+ struct mtk_dp *mtk_dp = mtk_dp_from_bridge(bridge);
+ u32 bpp = info->color_formats & DRM_COLOR_FORMAT_YCBCR422 ? 16 : 24;
+- u32 rate = min_t(u32, drm_dp_max_link_rate(mtk_dp->rx_cap) *
+- drm_dp_max_lane_count(mtk_dp->rx_cap),
+- drm_dp_bw_code_to_link_rate(mtk_dp->max_linkrate) *
+- mtk_dp->max_lanes);
++ u32 lane_count_min = mtk_dp->train_info.lane_count;
++ u32 rate = drm_dp_bw_code_to_link_rate(mtk_dp->train_info.link_rate) *
++ lane_count_min;
+
+- if (rate < mode->clock * bpp / 8)
++ /*
++ *FEC overhead is approximately 2.4% from DP 1.4a spec 2.2.1.4.2.
++ *The down-spread amplitude shall either be disabled (0.0%) or up
++ *to 0.5% from 1.4a 3.5.2.6. Add up to approximately 3% total overhead.
++ *
++ *Because rate is already divided by 10,
++ *mode->clock does not need to be multiplied by 10
++ */
++ if ((rate * 97 / 100) < (mode->clock * bpp / 8))
+ return MODE_CLOCK_HIGH;
+
+ return MODE_OK;
+@@ -2457,10 +2464,9 @@ static u32 *mtk_dp_bridge_atomic_get_input_bus_fmts(struct drm_bridge *bridge,
+ struct drm_display_mode *mode = &crtc_state->adjusted_mode;
+ struct drm_display_info *display_info =
+ &conn_state->connector->display_info;
+- u32 rate = min_t(u32, drm_dp_max_link_rate(mtk_dp->rx_cap) *
+- drm_dp_max_lane_count(mtk_dp->rx_cap),
+- drm_dp_bw_code_to_link_rate(mtk_dp->max_linkrate) *
+- mtk_dp->max_lanes);
++ u32 lane_count_min = mtk_dp->train_info.lane_count;
++ u32 rate = drm_dp_bw_code_to_link_rate(mtk_dp->train_info.link_rate) *
++ lane_count_min;
+
+ *num_input_fmts = 0;
+
+@@ -2469,8 +2475,8 @@ static u32 *mtk_dp_bridge_atomic_get_input_bus_fmts(struct drm_bridge *bridge,
+ * datarate of YUV422 and sink device supports YUV422, we output YUV422
+ * format. Use this condition, we can support more resolution.
+ */
+- if ((rate < (mode->clock * 24 / 8)) &&
+- (rate > (mode->clock * 16 / 8)) &&
++ if (((rate * 97 / 100) < (mode->clock * 24 / 8)) &&
++ ((rate * 97 / 100) > (mode->clock * 16 / 8)) &&
+ (display_info->color_formats & DRM_COLOR_FORMAT_YCBCR422)) {
+ input_fmts = kcalloc(1, sizeof(*input_fmts), GFP_KERNEL);
+ if (!input_fmts)
+--
+2.39.5
+
--- /dev/null
+From 7bf918a938cbf7081b07209b402d67f7257a3b1b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 25 Oct 2024 16:28:27 +0800
+Subject: drm/mediatek: Fix YCbCr422 color format issue for DP
+
+From: Liankun Yang <liankun.yang@mediatek.com>
+
+[ Upstream commit ef24fbd8f12015ff827973fffefed3902ffd61cc ]
+
+Setting up misc0 for Pixel Encoding Format.
+
+According to the definition of YCbCr in spec 1.2a Table 2-96,
+0x1 << 1 should be written to the register.
+
+Use switch case to distinguish RGB, YCbCr422,
+and unsupported color formats.
+
+Fixes: f70ac097a2cf ("drm/mediatek: Add MT8195 Embedded DisplayPort driver")
+Signed-off-by: Liankun Yang <liankun.yang@mediatek.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20241025083036.8829-2-liankun.yang@mediatek.com/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/mediatek/mtk_dp.c | 13 ++++++++-----
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/gpu/drm/mediatek/mtk_dp.c b/drivers/gpu/drm/mediatek/mtk_dp.c
+index f2bee617f063..bcc4d3fc77d8 100644
+--- a/drivers/gpu/drm/mediatek/mtk_dp.c
++++ b/drivers/gpu/drm/mediatek/mtk_dp.c
+@@ -543,18 +543,16 @@ static int mtk_dp_set_color_format(struct mtk_dp *mtk_dp,
+ enum dp_pixelformat color_format)
+ {
+ u32 val;
+-
+- /* update MISC0 */
+- mtk_dp_update_bits(mtk_dp, MTK_DP_ENC0_P0_3034,
+- color_format << DP_TEST_COLOR_FORMAT_SHIFT,
+- DP_TEST_COLOR_FORMAT_MASK);
++ u32 misc0_color;
+
+ switch (color_format) {
+ case DP_PIXELFORMAT_YUV422:
+ val = PIXEL_ENCODE_FORMAT_DP_ENC0_P0_YCBCR422;
++ misc0_color = DP_COLOR_FORMAT_YCbCr422;
+ break;
+ case DP_PIXELFORMAT_RGB:
+ val = PIXEL_ENCODE_FORMAT_DP_ENC0_P0_RGB;
++ misc0_color = DP_COLOR_FORMAT_RGB;
+ break;
+ default:
+ drm_warn(mtk_dp->drm_dev, "Unsupported color format: %d\n",
+@@ -562,6 +560,11 @@ static int mtk_dp_set_color_format(struct mtk_dp *mtk_dp,
+ return -EINVAL;
+ }
+
++ /* update MISC0 */
++ mtk_dp_update_bits(mtk_dp, MTK_DP_ENC0_P0_3034,
++ misc0_color,
++ DP_TEST_COLOR_FORMAT_MASK);
++
+ mtk_dp_update_bits(mtk_dp, MTK_DP_ENC0_P0_303C,
+ val, PIXEL_ENCODE_FORMAT_DP_ENC0_P0_MASK);
+ return 0;
+--
+2.39.5
+
--- /dev/null
+From 627e5705be01c40056bec33135177befa65e6d29 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Dec 2024 11:47:16 +0800
+Subject: drm/mediatek: Move mtk_crtc_finish_page_flip() to ddp_cmdq_cb()
+
+From: Jason-JH.Lin <jason-jh.lin@mediatek.com>
+
+[ Upstream commit da03801ad08f2488c01e684509cd89e1aa5d17ec ]
+
+mtk_crtc_finish_page_flip() is used to notify userspace that a
+page flip has been completed, allowing userspace to free the frame
+buffer of the last frame and commit the next frame.
+
+In MediaTek's hardware design for configuring display hardware by using
+GCE, `DRM_EVENT_FLIP_COMPLETE` should be notified to userspace after
+GCE has finished configuring all display hardware settings for each
+atomic_commit().
+
+Currently, mtk_crtc_finish_page_flip() cannot guarantee that GCE has
+configured all the display hardware settings of the last frame.
+Therefore, to increase the accuracy of the timing for notifying
+`DRM_EVENT_FLIP_COMPLETE` to userspace, mtk_crtc_finish_page_flip()
+should be moved to ddp_cmdq_cb().
+
+Fixes: 7f82d9c43879 ("drm/mediatek: Clear pending flag when cmdq packet is done")
+Signed-off-by: Jason-JH.Lin <jason-jh.lin@mediatek.com>
+Reviewed-by: CK Hu <ck.hu@mediatek.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20241211034716.29241-1-jason-jh.lin@mediatek.com/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/mediatek/mtk_crtc.c | 25 +++++++++++++++++++------
+ 1 file changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/gpu/drm/mediatek/mtk_crtc.c b/drivers/gpu/drm/mediatek/mtk_crtc.c
+index eb0e1233ad04..5674f5707cca 100644
+--- a/drivers/gpu/drm/mediatek/mtk_crtc.c
++++ b/drivers/gpu/drm/mediatek/mtk_crtc.c
+@@ -112,6 +112,11 @@ static void mtk_drm_finish_page_flip(struct mtk_crtc *mtk_crtc)
+
+ drm_crtc_handle_vblank(&mtk_crtc->base);
+
++#if IS_REACHABLE(CONFIG_MTK_CMDQ)
++ if (mtk_crtc->cmdq_client.chan)
++ return;
++#endif
++
+ spin_lock_irqsave(&mtk_crtc->config_lock, flags);
+ if (!mtk_crtc->config_updating && mtk_crtc->pending_needs_vblank) {
+ mtk_crtc_finish_page_flip(mtk_crtc);
+@@ -284,10 +289,8 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg)
+ state = to_mtk_crtc_state(mtk_crtc->base.state);
+
+ spin_lock_irqsave(&mtk_crtc->config_lock, flags);
+- if (mtk_crtc->config_updating) {
+- spin_unlock_irqrestore(&mtk_crtc->config_lock, flags);
++ if (mtk_crtc->config_updating)
+ goto ddp_cmdq_cb_out;
+- }
+
+ state->pending_config = false;
+
+@@ -315,10 +318,15 @@ static void ddp_cmdq_cb(struct mbox_client *cl, void *mssg)
+ mtk_crtc->pending_async_planes = false;
+ }
+
+- spin_unlock_irqrestore(&mtk_crtc->config_lock, flags);
+-
+ ddp_cmdq_cb_out:
+
++ if (mtk_crtc->pending_needs_vblank) {
++ mtk_crtc_finish_page_flip(mtk_crtc);
++ mtk_crtc->pending_needs_vblank = false;
++ }
++
++ spin_unlock_irqrestore(&mtk_crtc->config_lock, flags);
++
+ mtk_crtc->cmdq_vblank_cnt = 0;
+ wake_up(&mtk_crtc->cb_blocking_queue);
+ }
+@@ -606,13 +614,18 @@ static void mtk_crtc_update_config(struct mtk_crtc *mtk_crtc, bool needs_vblank)
+ */
+ mtk_crtc->cmdq_vblank_cnt = 3;
+
++ spin_lock_irqsave(&mtk_crtc->config_lock, flags);
++ mtk_crtc->config_updating = false;
++ spin_unlock_irqrestore(&mtk_crtc->config_lock, flags);
++
+ mbox_send_message(mtk_crtc->cmdq_client.chan, cmdq_handle);
+ mbox_client_txdone(mtk_crtc->cmdq_client.chan, 0);
+ }
+-#endif
++#else
+ spin_lock_irqsave(&mtk_crtc->config_lock, flags);
+ mtk_crtc->config_updating = false;
+ spin_unlock_irqrestore(&mtk_crtc->config_lock, flags);
++#endif
+
+ mutex_unlock(&mtk_crtc->hw_lock);
+ }
+--
+2.39.5
+
--- /dev/null
+From 1a5ffe9ca690a6df4f315809a2e33115bd916206 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 19 Dec 2024 12:27:33 +0100
+Subject: drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188
+
+From: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
+
+[ Upstream commit 76aed5e00ff2625e0ec4b40c75f3514bdb27fae4 ]
+
+Registers DSI_VM_CMD and DSI_SHADOW_DEBUG start at different
+addresses in both MT8186 and MT8188 compared to the older IPs.
+
+Add two members in struct mtk_dsi_driver_data to specify the
+offsets for these two registers on a per-SoC basis, then do
+specify those in all of the currently present SoC driver data.
+
+This fixes writes to the Video Mode Command Packet Control
+register, fixing enablement of command packet transmission
+(VM_CMD_EN) and allowance of this transmission during the
+VFP period (TS_VFP_EN) on both MT8186 and MT8188.
+
+Fixes: 03d7adc41027 ("drm/mediatek: Add mt8186 dsi compatible to mtk_dsi.c")
+Fixes: 814d5341f314 ("drm/mediatek: Add mt8188 dsi compatible to mtk_dsi.c")
+Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
+Reviewed-by: CK Hu <ck.hu@mediatek.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20241219112733.47907-1-angelogioacchino.delregno@collabora.com/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/mediatek/mtk_dsi.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/gpu/drm/mediatek/mtk_dsi.c b/drivers/gpu/drm/mediatek/mtk_dsi.c
+index eeec641cab60..5762cff4d6f5 100644
+--- a/drivers/gpu/drm/mediatek/mtk_dsi.c
++++ b/drivers/gpu/drm/mediatek/mtk_dsi.c
+@@ -139,11 +139,11 @@
+ #define CLK_HS_POST GENMASK(15, 8)
+ #define CLK_HS_EXIT GENMASK(23, 16)
+
+-#define DSI_VM_CMD_CON 0x130
++/* DSI_VM_CMD_CON */
+ #define VM_CMD_EN BIT(0)
+ #define TS_VFP_EN BIT(5)
+
+-#define DSI_SHADOW_DEBUG 0x190U
++/* DSI_SHADOW_DEBUG */
+ #define FORCE_COMMIT BIT(0)
+ #define BYPASS_SHADOW BIT(1)
+
+@@ -187,6 +187,8 @@ struct phy;
+
+ struct mtk_dsi_driver_data {
+ const u32 reg_cmdq_off;
++ const u32 reg_vm_cmd_off;
++ const u32 reg_shadow_dbg_off;
+ bool has_shadow_ctl;
+ bool has_size_ctl;
+ bool cmdq_long_packet_ctl;
+@@ -367,8 +369,8 @@ static void mtk_dsi_set_mode(struct mtk_dsi *dsi)
+
+ static void mtk_dsi_set_vm_cmd(struct mtk_dsi *dsi)
+ {
+- mtk_dsi_mask(dsi, DSI_VM_CMD_CON, VM_CMD_EN, VM_CMD_EN);
+- mtk_dsi_mask(dsi, DSI_VM_CMD_CON, TS_VFP_EN, TS_VFP_EN);
++ mtk_dsi_mask(dsi, dsi->driver_data->reg_vm_cmd_off, VM_CMD_EN, VM_CMD_EN);
++ mtk_dsi_mask(dsi, dsi->driver_data->reg_vm_cmd_off, TS_VFP_EN, TS_VFP_EN);
+ }
+
+ static void mtk_dsi_rxtx_control(struct mtk_dsi *dsi)
+@@ -714,7 +716,7 @@ static int mtk_dsi_poweron(struct mtk_dsi *dsi)
+
+ if (dsi->driver_data->has_shadow_ctl)
+ writel(FORCE_COMMIT | BYPASS_SHADOW,
+- dsi->regs + DSI_SHADOW_DEBUG);
++ dsi->regs + dsi->driver_data->reg_shadow_dbg_off);
+
+ mtk_dsi_reset_engine(dsi);
+ mtk_dsi_phy_timconfig(dsi);
+@@ -1255,26 +1257,36 @@ static void mtk_dsi_remove(struct platform_device *pdev)
+
+ static const struct mtk_dsi_driver_data mt8173_dsi_driver_data = {
+ .reg_cmdq_off = 0x200,
++ .reg_vm_cmd_off = 0x130,
++ .reg_shadow_dbg_off = 0x190
+ };
+
+ static const struct mtk_dsi_driver_data mt2701_dsi_driver_data = {
+ .reg_cmdq_off = 0x180,
++ .reg_vm_cmd_off = 0x130,
++ .reg_shadow_dbg_off = 0x190
+ };
+
+ static const struct mtk_dsi_driver_data mt8183_dsi_driver_data = {
+ .reg_cmdq_off = 0x200,
++ .reg_vm_cmd_off = 0x130,
++ .reg_shadow_dbg_off = 0x190,
+ .has_shadow_ctl = true,
+ .has_size_ctl = true,
+ };
+
+ static const struct mtk_dsi_driver_data mt8186_dsi_driver_data = {
+ .reg_cmdq_off = 0xd00,
++ .reg_vm_cmd_off = 0x200,
++ .reg_shadow_dbg_off = 0xc00,
+ .has_shadow_ctl = true,
+ .has_size_ctl = true,
+ };
+
+ static const struct mtk_dsi_driver_data mt8188_dsi_driver_data = {
+ .reg_cmdq_off = 0xd00,
++ .reg_vm_cmd_off = 0x200,
++ .reg_shadow_dbg_off = 0xc00,
+ .has_shadow_ctl = true,
+ .has_size_ctl = true,
+ .cmdq_long_packet_ctl = true,
+--
+2.39.5
+
--- /dev/null
+From 561a3208672af3f83c0c48ab69393ad193d09b77 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 23 Dec 2024 10:32:27 +0800
+Subject: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if
+ mtk_drm_bind returns err
+
+From: Guoqing Jiang <guoqing.jiang@canonical.com>
+
+[ Upstream commit 36684e9d88a2e2401ae26715a2e217cb4295cea7 ]
+
+The pointer need to be set to NULL, otherwise KASAN complains about
+use-after-free. Because in mtk_drm_bind, all private's drm are set
+as follows.
+
+private->all_drm_private[i]->drm = drm;
+
+And drm will be released by drm_dev_put in case mtk_drm_kms_init returns
+failure. However, the shutdown path still accesses the previous allocated
+memory in drm_atomic_helper_shutdown.
+
+[ 84.874820] watchdog: watchdog0: watchdog did not stop!
+[ 86.512054] ==================================================================
+[ 86.513162] BUG: KASAN: use-after-free in drm_atomic_helper_shutdown+0x33c/0x378
+[ 86.514258] Read of size 8 at addr ffff0000d46fc068 by task shutdown/1
+[ 86.515213]
+[ 86.515455] CPU: 1 UID: 0 PID: 1 Comm: shutdown Not tainted 6.13.0-rc1-mtk+gfa1a78e5d24b-dirty #55
+[ 86.516752] Hardware name: Unknown Product/Unknown Product, BIOS 2022.10 10/01/2022
+[ 86.517960] Call trace:
+[ 86.518333] show_stack+0x20/0x38 (C)
+[ 86.518891] dump_stack_lvl+0x90/0xd0
+[ 86.519443] print_report+0xf8/0x5b0
+[ 86.519985] kasan_report+0xb4/0x100
+[ 86.520526] __asan_report_load8_noabort+0x20/0x30
+[ 86.521240] drm_atomic_helper_shutdown+0x33c/0x378
+[ 86.521966] mtk_drm_shutdown+0x54/0x80
+[ 86.522546] platform_shutdown+0x64/0x90
+[ 86.523137] device_shutdown+0x260/0x5b8
+[ 86.523728] kernel_restart+0x78/0xf0
+[ 86.524282] __do_sys_reboot+0x258/0x2f0
+[ 86.524871] __arm64_sys_reboot+0x90/0xd8
+[ 86.525473] invoke_syscall+0x74/0x268
+[ 86.526041] el0_svc_common.constprop.0+0xb0/0x240
+[ 86.526751] do_el0_svc+0x4c/0x70
+[ 86.527251] el0_svc+0x4c/0xc0
+[ 86.527719] el0t_64_sync_handler+0x144/0x168
+[ 86.528367] el0t_64_sync+0x198/0x1a0
+[ 86.528920]
+[ 86.529157] The buggy address belongs to the physical page:
+[ 86.529972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d46fd4d0 pfn:0x1146fc
+[ 86.531319] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff)
+[ 86.532267] raw: 0bfffc0000000000 0000000000000000 dead000000000122 0000000000000000
+[ 86.533390] raw: ffff0000d46fd4d0 0000000000000000 00000000ffffffff 0000000000000000
+[ 86.534511] page dumped because: kasan: bad access detected
+[ 86.535323]
+[ 86.535559] Memory state around the buggy address:
+[ 86.536265] ffff0000d46fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
+[ 86.537314] ffff0000d46fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
+[ 86.538363] >ffff0000d46fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
+[ 86.544733] ^
+[ 86.551057] ffff0000d46fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
+[ 86.557510] ffff0000d46fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
+[ 86.563928] ==================================================================
+[ 86.571093] Disabling lock debugging due to kernel taint
+[ 86.577642] Unable to handle kernel paging request at virtual address e0e9c0920000000b
+[ 86.581834] KASAN: maybe wild-memory-access in range [0x0752049000000058-0x075204900000005f]
+...
+
+Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support")
+Signed-off-by: Guoqing Jiang <guoqing.jiang@canonical.com>
+Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20241223023227.1258112-1-guoqing.jiang@canonical.com/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
+index 2c1cb335d862..4e93fd075e03 100644
+--- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c
++++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c
+@@ -673,6 +673,8 @@ static int mtk_drm_bind(struct device *dev)
+ err_free:
+ private->drm = NULL;
+ drm_dev_put(drm);
++ for (i = 0; i < private->data->mmsys_dev_num; i++)
++ private->all_drm_private[i]->drm = NULL;
+ return ret;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From a47c148e6e61cadf7964d7df1b746bfa15fe6d0d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 18 Dec 2024 09:58:31 +0100
+Subject: drm/mediatek: stop selecting foreign drivers
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+[ Upstream commit 924d66011f2401a4145e2e814842c5c4572e439f ]
+
+The PHY portion of the mediatek hdmi driver was originally part of
+the driver it self and later split out into drivers/phy, which a
+'select' to keep the prior behavior.
+
+However, this leads to build failures when the PHY driver cannot
+be built:
+
+WARNING: unmet direct dependencies detected for PHY_MTK_HDMI
+ Depends on [n]: (ARCH_MEDIATEK || COMPILE_TEST [=y]) && COMMON_CLK [=y] && OF [=y] && REGULATOR [=n]
+ Selected by [m]:
+ - DRM_MEDIATEK_HDMI [=m] && HAS_IOMEM [=y] && DRM [=m] && DRM_MEDIATEK [=m]
+ERROR: modpost: "devm_regulator_register" [drivers/phy/mediatek/phy-mtk-hdmi-drv.ko] undefined!
+ERROR: modpost: "rdev_get_drvdata" [drivers/phy/mediatek/phy-mtk-hdmi-drv.ko] undefined!
+
+The best option here is to just not select the phy driver and leave that
+up to the defconfig. Do the same for the other PHY and memory drivers
+selected here as well for consistency.
+
+Fixes: a481bf2f0ca4 ("drm/mediatek: Separate mtk_hdmi_phy to an independent module")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
+Reviewed-by: CK Hu <ck.hu@mediatek.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20241218085837.2670434-1-arnd@kernel.org/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/mediatek/Kconfig | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/drivers/gpu/drm/mediatek/Kconfig b/drivers/gpu/drm/mediatek/Kconfig
+index 417ac8c9af41..a749c01199d4 100644
+--- a/drivers/gpu/drm/mediatek/Kconfig
++++ b/drivers/gpu/drm/mediatek/Kconfig
+@@ -13,9 +13,6 @@ config DRM_MEDIATEK
+ select DRM_BRIDGE_CONNECTOR
+ select DRM_MIPI_DSI
+ select DRM_PANEL
+- select MEMORY
+- select MTK_SMI
+- select PHY_MTK_MIPI_DSI
+ select VIDEOMODE_HELPERS
+ help
+ Choose this option if you have a Mediatek SoCs.
+@@ -26,7 +23,6 @@ config DRM_MEDIATEK
+ config DRM_MEDIATEK_DP
+ tristate "DRM DPTX Support for MediaTek SoCs"
+ depends on DRM_MEDIATEK
+- select PHY_MTK_DP
+ select DRM_DISPLAY_HELPER
+ select DRM_DISPLAY_DP_HELPER
+ select DRM_DISPLAY_DP_AUX_BUS
+@@ -37,6 +33,5 @@ config DRM_MEDIATEK_HDMI
+ tristate "DRM HDMI Support for Mediatek SoCs"
+ depends on DRM_MEDIATEK
+ select SND_SOC_HDMI_CODEC if SND_SOC
+- select PHY_MTK_HDMI
+ help
+ DRM/KMS HDMI driver for Mediatek SoCs
+--
+2.39.5
+
--- /dev/null
+From 2c296f5738164935a16c5839ed2b6ff72cd335ec Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 2 Jan 2025 16:11:10 -0800
+Subject: drm/xe: Fix tlb invalidation when wedging
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Lucas De Marchi <lucas.demarchi@intel.com>
+
+[ Upstream commit 9ab4981552930a9c45682d62424ba610edc3992d ]
+
+If GuC fails to load, the driver wedges, but in the process it tries to
+do stuff that may not be initialized yet. This moves the
+xe_gt_tlb_invalidation_init() to be done earlier: as its own doc says,
+it's a software-only initialization and should had been named with the
+_early() suffix.
+
+Move it to be called by xe_gt_init_early(), so the locks and seqno are
+initialized, avoiding a NULL ptr deref when wedging:
+
+ xe 0000:03:00.0: [drm] *ERROR* GT0: load failed: status: Reset = 0, BootROM = 0x50, UKernel = 0x00, MIA = 0x00, Auth = 0x01
+ xe 0000:03:00.0: [drm] *ERROR* GT0: firmware signature verification failed
+ xe 0000:03:00.0: [drm] *ERROR* CRITICAL: Xe has declared device 0000:03:00.0 as wedged.
+ ...
+ BUG: kernel NULL pointer dereference, address: 0000000000000000
+ #PF: supervisor read access in kernel mode
+ #PF: error_code(0x0000) - not-present page
+ PGD 0 P4D 0
+ Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
+ CPU: 9 UID: 0 PID: 3908 Comm: modprobe Tainted: G U W 6.13.0-rc4-xe+ #3
+ Tainted: [U]=USER, [W]=WARN
+ Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-S ADP-S DDR5 UDIMM CRB, BIOS ADLSFWI1.R00.3275.A00.2207010640 07/01/2022
+ RIP: 0010:xe_gt_tlb_invalidation_reset+0x75/0x110 [xe]
+
+This can be easily triggered by poking the GuC binary to force a
+signature failure. There will still be an extra message,
+
+ xe 0000:03:00.0: [drm] *ERROR* GT0: GuC mmio request 0x4100: no reply 0x4100
+
+but that's better than a NULL ptr deref.
+
+Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/3956
+Fixes: c9474b726b93 ("drm/xe: Wedge the entire device")
+Reviewed-by: Matthew Brost <matthew.brost@intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20250103001111.331684-2-lucas.demarchi@intel.com
+Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
+(cherry picked from commit 5001ef3af8f2c972d6fd9c5221a8457556f8bea6)
+Signed-off-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/xe/xe_gt.c | 8 ++++----
+ drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c | 4 ++--
+ drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h | 3 ++-
+ 3 files changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/gpu/drm/xe/xe_gt.c b/drivers/gpu/drm/xe/xe_gt.c
+index d5fd6a089b7c..b940688c3613 100644
+--- a/drivers/gpu/drm/xe/xe_gt.c
++++ b/drivers/gpu/drm/xe/xe_gt.c
+@@ -386,6 +386,10 @@ int xe_gt_init_early(struct xe_gt *gt)
+ xe_force_wake_init_gt(gt, gt_to_fw(gt));
+ spin_lock_init(>->global_invl_lock);
+
++ err = xe_gt_tlb_invalidation_init_early(gt);
++ if (err)
++ return err;
++
+ return 0;
+ }
+
+@@ -585,10 +589,6 @@ int xe_gt_init(struct xe_gt *gt)
+ xe_hw_fence_irq_init(>->fence_irq[i]);
+ }
+
+- err = xe_gt_tlb_invalidation_init(gt);
+- if (err)
+- return err;
+-
+ err = xe_gt_pagefault_init(gt);
+ if (err)
+ return err;
+diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c
+index 7e385940df08..ace1fe831a7b 100644
+--- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c
++++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c
+@@ -106,7 +106,7 @@ static void xe_gt_tlb_fence_timeout(struct work_struct *work)
+ }
+
+ /**
+- * xe_gt_tlb_invalidation_init - Initialize GT TLB invalidation state
++ * xe_gt_tlb_invalidation_init_early - Initialize GT TLB invalidation state
+ * @gt: graphics tile
+ *
+ * Initialize GT TLB invalidation state, purely software initialization, should
+@@ -114,7 +114,7 @@ static void xe_gt_tlb_fence_timeout(struct work_struct *work)
+ *
+ * Return: 0 on success, negative error code on error.
+ */
+-int xe_gt_tlb_invalidation_init(struct xe_gt *gt)
++int xe_gt_tlb_invalidation_init_early(struct xe_gt *gt)
+ {
+ gt->tlb_invalidation.seqno = 1;
+ INIT_LIST_HEAD(>->tlb_invalidation.pending_fences);
+diff --git a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h
+index 00b1c6c01e8d..672acfcdf0d7 100644
+--- a/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h
++++ b/drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h
+@@ -14,7 +14,8 @@ struct xe_gt;
+ struct xe_guc;
+ struct xe_vma;
+
+-int xe_gt_tlb_invalidation_init(struct xe_gt *gt);
++int xe_gt_tlb_invalidation_init_early(struct xe_gt *gt);
++
+ void xe_gt_tlb_invalidation_reset(struct xe_gt *gt);
+ int xe_gt_tlb_invalidation_ggtt(struct xe_gt *gt);
+ int xe_gt_tlb_invalidation_vma(struct xe_gt *gt,
+--
+2.39.5
+
--- /dev/null
+From 8ba48a23a5fa01fffb860a9cc2bb69d807f4bab1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 3 Jan 2025 23:18:27 +0900
+Subject: gpio: virtuser: fix handling of multiple conn_ids in lookup table
+
+From: Koichiro Den <koichiro.den@canonical.com>
+
+[ Upstream commit 656cc2e892f128b03ea9ef19bd11d70f71d5472b ]
+
+Creating a virtuser device via configfs with multiple conn_ids fails due
+to incorrect indexing of lookup entries. Correct the indexing logic to
+ensure proper functionality when multiple gpio_virtuser_lookup are
+created.
+
+Fixes: 91581c4b3f29 ("gpio: virtuser: new virtual testing driver for the GPIO API")
+Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
+Link: https://lore.kernel.org/r/20250103141829.430662-3-koichiro.den@canonical.com
+Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpio/gpio-virtuser.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/gpio/gpio-virtuser.c b/drivers/gpio/gpio-virtuser.c
+index e89b1239b635..d6244f0d3bc7 100644
+--- a/drivers/gpio/gpio-virtuser.c
++++ b/drivers/gpio/gpio-virtuser.c
+@@ -1410,7 +1410,7 @@ gpio_virtuser_make_lookup_table(struct gpio_virtuser_device *dev)
+ size_t num_entries = gpio_virtuser_get_lookup_count(dev);
+ struct gpio_virtuser_lookup_entry *entry;
+ struct gpio_virtuser_lookup *lookup;
+- unsigned int i = 0;
++ unsigned int i = 0, idx;
+
+ lockdep_assert_held(&dev->lock);
+
+@@ -1424,12 +1424,12 @@ gpio_virtuser_make_lookup_table(struct gpio_virtuser_device *dev)
+ return -ENOMEM;
+
+ list_for_each_entry(lookup, &dev->lookup_list, siblings) {
++ idx = 0;
+ list_for_each_entry(entry, &lookup->entry_list, siblings) {
+- table->table[i] =
++ table->table[i++] =
+ GPIO_LOOKUP_IDX(entry->key,
+ entry->offset < 0 ? U16_MAX : entry->offset,
+- lookup->con_id, i, entry->flags);
+- i++;
++ lookup->con_id, idx++, entry->flags);
+ }
+ }
+
+--
+2.39.5
+
--- /dev/null
+From 96a923bca54d4468a889b13ab7e9c466db6d79a8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 3 Jan 2025 23:18:26 +0900
+Subject: gpio: virtuser: fix missing lookup table cleanups
+
+From: Koichiro Den <koichiro.den@canonical.com>
+
+[ Upstream commit a619cba8c69c434258ff4101d463322cd63e1bdc ]
+
+When a virtuser device is created via configfs and the probe fails due
+to an incorrect lookup table, the table is not removed. This prevents
+subsequent probe attempts from succeeding, even if the issue is
+corrected, unless the device is released. Additionally, cleanup is also
+needed in the less likely case of platform_device_register_full()
+failure.
+
+Besides, a consistent memory leak in lookup_table->dev_id was spotted
+using kmemleak by toggling the live state between 0 and 1 with a correct
+lookup table.
+
+Introduce gpio_virtuser_remove_lookup_table() as the counterpart to the
+existing gpio_virtuser_make_lookup_table() and call it from all
+necessary points to ensure proper cleanup.
+
+Fixes: 91581c4b3f29 ("gpio: virtuser: new virtual testing driver for the GPIO API")
+Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
+Link: https://lore.kernel.org/r/20250103141829.430662-2-koichiro.den@canonical.com
+Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpio/gpio-virtuser.c | 36 +++++++++++++++++++++++++-----------
+ 1 file changed, 25 insertions(+), 11 deletions(-)
+
+diff --git a/drivers/gpio/gpio-virtuser.c b/drivers/gpio/gpio-virtuser.c
+index 91b6352c957c..e89b1239b635 100644
+--- a/drivers/gpio/gpio-virtuser.c
++++ b/drivers/gpio/gpio-virtuser.c
+@@ -1439,6 +1439,15 @@ gpio_virtuser_make_lookup_table(struct gpio_virtuser_device *dev)
+ return 0;
+ }
+
++static void
++gpio_virtuser_remove_lookup_table(struct gpio_virtuser_device *dev)
++{
++ gpiod_remove_lookup_table(dev->lookup_table);
++ kfree(dev->lookup_table->dev_id);
++ kfree(dev->lookup_table);
++ dev->lookup_table = NULL;
++}
++
+ static struct fwnode_handle *
+ gpio_virtuser_make_device_swnode(struct gpio_virtuser_device *dev)
+ {
+@@ -1487,10 +1496,8 @@ gpio_virtuser_device_activate(struct gpio_virtuser_device *dev)
+ pdevinfo.fwnode = swnode;
+
+ ret = gpio_virtuser_make_lookup_table(dev);
+- if (ret) {
+- fwnode_remove_software_node(swnode);
+- return ret;
+- }
++ if (ret)
++ goto err_remove_swnode;
+
+ reinit_completion(&dev->probe_completion);
+ dev->driver_bound = false;
+@@ -1498,23 +1505,31 @@ gpio_virtuser_device_activate(struct gpio_virtuser_device *dev)
+
+ pdev = platform_device_register_full(&pdevinfo);
+ if (IS_ERR(pdev)) {
++ ret = PTR_ERR(pdev);
+ bus_unregister_notifier(&platform_bus_type, &dev->bus_notifier);
+- fwnode_remove_software_node(swnode);
+- return PTR_ERR(pdev);
++ goto err_remove_lookup_table;
+ }
+
+ wait_for_completion(&dev->probe_completion);
+ bus_unregister_notifier(&platform_bus_type, &dev->bus_notifier);
+
+ if (!dev->driver_bound) {
+- platform_device_unregister(pdev);
+- fwnode_remove_software_node(swnode);
+- return -ENXIO;
++ ret = -ENXIO;
++ goto err_unregister_pdev;
+ }
+
+ dev->pdev = pdev;
+
+ return 0;
++
++err_unregister_pdev:
++ platform_device_unregister(pdev);
++err_remove_lookup_table:
++ gpio_virtuser_remove_lookup_table(dev);
++err_remove_swnode:
++ fwnode_remove_software_node(swnode);
++
++ return ret;
+ }
+
+ static void
+@@ -1526,10 +1541,9 @@ gpio_virtuser_device_deactivate(struct gpio_virtuser_device *dev)
+
+ swnode = dev_fwnode(&dev->pdev->dev);
+ platform_device_unregister(dev->pdev);
++ gpio_virtuser_remove_lookup_table(dev);
+ fwnode_remove_software_node(swnode);
+ dev->pdev = NULL;
+- gpiod_remove_lookup_table(dev->lookup_table);
+- kfree(dev->lookup_table);
+ }
+
+ static ssize_t
+--
+2.39.5
+
--- /dev/null
+From 0f9dfb6094fe4f7a8c86fbd52783151e5c567055 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 23 Dec 2024 23:30:50 +0800
+Subject: ksmbd: fix a missing return value check bug
+
+From: Wentao Liang <liangwentao@iscas.ac.cn>
+
+[ Upstream commit 4c16e1cadcbcaf3c82d5fc310fbd34d0f5d0db7c ]
+
+In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct()
+fails to allocate a node, it returns a NULL pointer to the
+in_work pointer. This can lead to an illegal memory write of
+in_work->response_buf when allocate_interim_rsp_buf() attempts
+to perform a kzalloc() on it.
+
+To address this issue, incorporating a check for the return
+value of ksmbd_alloc_work_struct() ensures that the function
+returns immediately upon allocation failure, thereby preventing
+the aforementioned illegal memory access.
+
+Fixes: 041bba4414cd ("ksmbd: fix wrong interim response on compound")
+Signed-off-by: Wentao Liang <liangwentao@iscas.ac.cn>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/smb/server/smb2pdu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
+index 04ffc5b158c3..f19cf67538b4 100644
+--- a/fs/smb/server/smb2pdu.c
++++ b/fs/smb/server/smb2pdu.c
+@@ -695,6 +695,9 @@ void smb2_send_interim_resp(struct ksmbd_work *work, __le32 status)
+ struct smb2_hdr *rsp_hdr;
+ struct ksmbd_work *in_work = ksmbd_alloc_work_struct();
+
++ if (!in_work)
++ return;
++
+ if (allocate_interim_rsp_buf(in_work)) {
+ pr_err("smb_allocate_rsp_buf failed!\n");
+ ksmbd_free_work_struct(in_work);
+--
+2.39.5
+
--- /dev/null
+From 22e9ae0c184cc85f50e1513089c8d85fbcb57ca4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Jan 2025 03:39:54 +0000
+Subject: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked
+
+From: He Wang <xw897002528@gmail.com>
+
+[ Upstream commit 2ac538e40278a2c0c051cca81bcaafc547d61372 ]
+
+When `ksmbd_vfs_kern_path_locked` met an error and it is not the last
+entry, it will exit without restoring changed path buffer. But later this
+buffer may be used as the filename for creation.
+
+Fixes: c5a709f08d40 ("ksmbd: handle caseless file creation")
+Signed-off-by: He Wang <xw897002528@gmail.com>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/smb/server/vfs.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c
+index 7cbd580120d1..ee825971abd9 100644
+--- a/fs/smb/server/vfs.c
++++ b/fs/smb/server/vfs.c
+@@ -1264,6 +1264,8 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name,
+ filepath,
+ flags,
+ path);
++ if (!is_last)
++ next[0] = '/';
+ if (err)
+ goto out2;
+ else if (is_last)
+@@ -1271,7 +1273,6 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name,
+ path_put(parent_path);
+ *parent_path = *path;
+
+- next[0] = '/';
+ remain_len -= filename_len + 1;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From 71af0ad00e6bed5a957110d914f906a3498ebca1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 7 Jan 2025 18:39:27 +0000
+Subject: netfs: Fix kernel async DIO
+
+From: David Howells <dhowells@redhat.com>
+
+[ Upstream commit 3f6bc9e3ab9b127171d39f9ac6eca1abb693b731 ]
+
+Netfslib needs to be able to handle kernel-initiated asynchronous DIO that
+is supplied with a bio_vec[] array. Currently, because of the async flag,
+this gets passed to netfs_extract_user_iter() which throws a warning and
+fails because it only handles IOVEC and UBUF iterators. This can be
+triggered through a combination of cifs and a loopback blockdev with
+something like:
+
+ mount //my/cifs/share /foo
+ dd if=/dev/zero of=/foo/m0 bs=4K count=1K
+ losetup --sector-size 4096 --direct-io=on /dev/loop2046 /foo/m0
+ echo hello >/dev/loop2046
+
+This causes the following to appear in syslog:
+
+ WARNING: CPU: 2 PID: 109 at fs/netfs/iterator.c:50 netfs_extract_user_iter+0x170/0x250 [netfs]
+
+and the write to fail.
+
+Fix this by removing the check in netfs_unbuffered_write_iter_locked() that
+causes async kernel DIO writes to be handled as userspace writes. Note
+that this change relies on the kernel caller maintaining the existence of
+the bio_vec array (or kvec[] or folio_queue) until the op is complete.
+
+Fixes: 153a9961b551 ("netfs: Implement unbuffered/DIO write support")
+Reported-by: Nicolas Baranger <nicolas.baranger@3xo.fr>
+Closes: https://lore.kernel.org/r/fedd8a40d54b2969097ffa4507979858@3xo.fr/
+Signed-off-by: David Howells <dhowells@redhat.com>
+Link: https://lore.kernel.org/r/608725.1736275167@warthog.procyon.org.uk
+Tested-by: Nicolas Baranger <nicolas.baranger@3xo.fr>
+Acked-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
+cc: Steve French <smfrench@gmail.com>
+cc: Jeff Layton <jlayton@kernel.org>
+cc: netfs@lists.linux.dev
+cc: linux-cifs@vger.kernel.org
+cc: linux-fsdevel@vger.kernel.org
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/netfs/direct_write.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/fs/netfs/direct_write.c b/fs/netfs/direct_write.c
+index 88f2adfab75e..26cf9c94deeb 100644
+--- a/fs/netfs/direct_write.c
++++ b/fs/netfs/direct_write.c
+@@ -67,7 +67,7 @@ ssize_t netfs_unbuffered_write_iter_locked(struct kiocb *iocb, struct iov_iter *
+ * allocate a sufficiently large bvec array and may shorten the
+ * request.
+ */
+- if (async || user_backed_iter(iter)) {
++ if (user_backed_iter(iter)) {
+ n = netfs_extract_user_iter(iter, len, &wreq->iter, 0);
+ if (n < 0) {
+ ret = n;
+@@ -77,6 +77,11 @@ ssize_t netfs_unbuffered_write_iter_locked(struct kiocb *iocb, struct iov_iter *
+ wreq->direct_bv_count = n;
+ wreq->direct_bv_unpin = iov_iter_extract_will_pin(iter);
+ } else {
++ /* If this is a kernel-generated async DIO request,
++ * assume that any resources the iterator points to
++ * (eg. a bio_vec array) will persist till the end of
++ * the op.
++ */
+ wreq->iter = *iter;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From 201c823e4bd0764de5a83d2b6edde2f52de2f855 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 7 Jan 2025 14:43:30 +0000
+Subject: netfs: Fix read-retry for fs with no ->prepare_read()
+
+From: David Howells <dhowells@redhat.com>
+
+[ Upstream commit 904abff4b1b94184aaa0e9f5fce7821f7b5b81a3 ]
+
+Fix netfslib's read-retry to only call ->prepare_read() in the backing
+filesystem such a function is provided. We can get to this point if a
+there's an active cache as failed reads from the cache need negotiating
+with the server instead.
+
+Fixes: ee4cdf7ba857 ("netfs: Speed up buffered reading")
+Signed-off-by: David Howells <dhowells@redhat.com>
+Link: https://lore.kernel.org/r/529329.1736261010@warthog.procyon.org.uk
+cc: Jeff Layton <jlayton@kernel.org>
+cc: netfs@lists.linux.dev
+cc: linux-fsdevel@vger.kernel.org
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/netfs/read_retry.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/netfs/read_retry.c b/fs/netfs/read_retry.c
+index 2701f7d45999..48fb0303f7ee 100644
+--- a/fs/netfs/read_retry.c
++++ b/fs/netfs/read_retry.c
+@@ -149,7 +149,8 @@ static void netfs_retry_read_subrequests(struct netfs_io_request *rreq)
+ BUG_ON(!len);
+
+ /* Renegotiate max_len (rsize) */
+- if (rreq->netfs_ops->prepare_read(subreq) < 0) {
++ if (rreq->netfs_ops->prepare_read &&
++ rreq->netfs_ops->prepare_read(subreq) < 0) {
+ trace_netfs_sreq(subreq, netfs_sreq_trace_reprep_failed);
+ __set_bit(NETFS_SREQ_FAILED, &subreq->flags);
+ }
+--
+2.39.5
+
--- /dev/null
+From 01d6da6269c80e564cdbcc60a38cd578476449eb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Jan 2025 18:40:34 +0100
+Subject: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually
+ enabled it
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+
+[ Upstream commit dd410d784402c5775f66faf8b624e85e41c38aaf ]
+
+Wakeup for IRQ1 should be disabled only in cases where i8042 had
+actually enabled it, otherwise "wake_depth" for this IRQ will try to
+drop below zero and there will be an unpleasant WARN() logged:
+
+kernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug
+kernel: ------------[ cut here ]------------
+kernel: Unbalanced IRQ 1 wake disable
+kernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0
+
+The PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops
+which sets amd_pmc_suspend_handler() to the .suspend, .freeze, and
+.poweroff handlers. i8042_pm_suspend(), however, is only set as
+the .suspend handler.
+
+Fix the issue by call PMC suspend handler only from the same set of
+dev_pm_ops handlers as i8042_pm_suspend(), which currently means just
+the .suspend handler.
+
+To reproduce this issue try hibernating (S4) the machine after a fresh boot
+without putting it into s2idle first.
+
+Fixes: 8e60615e8932 ("platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN")
+Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
+Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+Link: https://lore.kernel.org/r/c8f28c002ca3c66fbeeb850904a1f43118e17200.1736184606.git.mail@maciej.szmigiero.name
+[ij: edited the commit message.]
+Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/platform/x86/amd/pmc/pmc.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/platform/x86/amd/pmc/pmc.c b/drivers/platform/x86/amd/pmc/pmc.c
+index 5669f94c3d06..4d3acfe849bf 100644
+--- a/drivers/platform/x86/amd/pmc/pmc.c
++++ b/drivers/platform/x86/amd/pmc/pmc.c
+@@ -947,6 +947,10 @@ static int amd_pmc_suspend_handler(struct device *dev)
+ {
+ struct amd_pmc_dev *pdev = dev_get_drvdata(dev);
+
++ /*
++ * Must be called only from the same set of dev_pm_ops handlers
++ * as i8042_pm_suspend() is called: currently just from .suspend.
++ */
+ if (pdev->disable_8042_wakeup && !disable_workarounds) {
+ int rc = amd_pmc_wa_irq1(pdev);
+
+@@ -959,7 +963,9 @@ static int amd_pmc_suspend_handler(struct device *dev)
+ return 0;
+ }
+
+-static DEFINE_SIMPLE_DEV_PM_OPS(amd_pmc_pm, amd_pmc_suspend_handler, NULL);
++static const struct dev_pm_ops amd_pmc_pm = {
++ .suspend = amd_pmc_suspend_handler,
++};
+
+ static const struct pci_device_id pmc_pci_ids[] = {
+ { PCI_DEVICE(PCI_VENDOR_ID_AMD, AMD_CPU_ID_PS) },
+--
+2.39.5
+
--- /dev/null
+From 840c4439f887dd46cccb7f44b737354a9225d5cc Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Jan 2025 09:46:52 -0800
+Subject: platform/x86: intel/pmc: Fix ioremap() of bad address
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: David E. Box <david.e.box@linux.intel.com>
+
+[ Upstream commit 1d7461d0c8330689117286169106af6531a747ed ]
+
+In pmc_core_ssram_get_pmc(), the physical addresses for hidden SSRAM
+devices are retrieved from the MMIO region of the primary SSRAM device.
+If additional devices are not present, the address returned is zero.
+Currently, the code does not check for this condition, resulting in
+ioremap() incorrectly attempting to map address 0.
+
+Add a check for a zero address and return 0 if no additional devices
+are found, as it is not an error for the device to be absent.
+
+Fixes: a01486dc4bb1 ("platform/x86/intel/pmc: Cleanup SSRAM discovery")
+Signed-off-by: David E. Box <david.e.box@linux.intel.com>
+Link: https://lore.kernel.org/r/20250106174653.1497128-1-david.e.box@linux.intel.com
+Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/platform/x86/intel/pmc/core_ssram.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/platform/x86/intel/pmc/core_ssram.c b/drivers/platform/x86/intel/pmc/core_ssram.c
+index 8504154b649f..927f58dc73e3 100644
+--- a/drivers/platform/x86/intel/pmc/core_ssram.c
++++ b/drivers/platform/x86/intel/pmc/core_ssram.c
+@@ -269,8 +269,12 @@ pmc_core_ssram_get_pmc(struct pmc_dev *pmcdev, int pmc_idx, u32 offset)
+ /*
+ * The secondary PMC BARS (which are behind hidden PCI devices)
+ * are read from fixed offsets in MMIO of the primary PMC BAR.
++ * If a device is not present, the value will be 0.
+ */
+ ssram_base = get_base(tmp_ssram, offset);
++ if (!ssram_base)
++ return 0;
++
+ ssram = ioremap(ssram_base, SSRAM_HDR_SIZE);
+ if (!ssram)
+ return -ENOMEM;
+--
+2.39.5
+
--- /dev/null
+From e01d912658a374c548f0c0a9abcffb71c83812e6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Dec 2024 20:26:17 +0800
+Subject: riscv: mm: Fix the out of bound issue of vmemmap address
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Xu Lu <luxu.kernel@bytedance.com>
+
+[ Upstream commit f754f27e98f88428aaf6be6e00f5cbce97f62d4b ]
+
+In sparse vmemmap model, the virtual address of vmemmap is calculated as:
+((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)).
+And the struct page's va can be calculated with an offset:
+(vmemmap + (pfn)).
+
+However, when initializing struct pages, kernel actually starts from the
+first page from the same section that phys_ram_base belongs to. If the
+first page's physical address is not (phys_ram_base >> PAGE_SHIFT), then
+we get an va below VMEMMAP_START when calculating va for it's struct page.
+
+For example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the
+first page in the same section is actually pfn 0x80000. During
+init_unavailable_range(), we will initialize struct page for pfn 0x80000
+with virtual address ((struct page *)VMEMMAP_START - 0x2000), which is
+below VMEMMAP_START as well as PCI_IO_END.
+
+This commit fixes this bug by introducing a new variable
+'vmemmap_start_pfn' which is aligned with memory section size and using
+it to calculate vmemmap address instead of phys_ram_base.
+
+Fixes: a11dd49dcb93 ("riscv: Sparse-Memory/vmemmap out-of-bounds fix")
+Signed-off-by: Xu Lu <luxu.kernel@bytedance.com>
+Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
+Tested-by: Björn Töpel <bjorn@rivosinc.com>
+Reviewed-by: Björn Töpel <bjorn@rivosinc.com>
+Link: https://lore.kernel.org/r/20241209122617.53341-1-luxu.kernel@bytedance.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/include/asm/page.h | 1 +
+ arch/riscv/include/asm/pgtable.h | 2 +-
+ arch/riscv/mm/init.c | 17 ++++++++++++++++-
+ 3 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/arch/riscv/include/asm/page.h b/arch/riscv/include/asm/page.h
+index 32d308a3355f..febf820d5058 100644
+--- a/arch/riscv/include/asm/page.h
++++ b/arch/riscv/include/asm/page.h
+@@ -124,6 +124,7 @@ struct kernel_mapping {
+
+ extern struct kernel_mapping kernel_map;
+ extern phys_addr_t phys_ram_base;
++extern unsigned long vmemmap_start_pfn;
+
+ #define is_kernel_mapping(x) \
+ ((x) >= kernel_map.virt_addr && (x) < (kernel_map.virt_addr + kernel_map.size))
+diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h
+index e79f15293492..c0866ada5bbc 100644
+--- a/arch/riscv/include/asm/pgtable.h
++++ b/arch/riscv/include/asm/pgtable.h
+@@ -87,7 +87,7 @@
+ * Define vmemmap for pfn_to_page & page_to_pfn calls. Needed if kernel
+ * is configured with CONFIG_SPARSEMEM_VMEMMAP enabled.
+ */
+-#define vmemmap ((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT))
++#define vmemmap ((struct page *)VMEMMAP_START - vmemmap_start_pfn)
+
+ #define PCI_IO_SIZE SZ_16M
+ #define PCI_IO_END VMEMMAP_START
+diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c
+index fc53ce748c80..8d167e09f1fe 100644
+--- a/arch/riscv/mm/init.c
++++ b/arch/riscv/mm/init.c
+@@ -33,6 +33,7 @@
+ #include <asm/pgtable.h>
+ #include <asm/sections.h>
+ #include <asm/soc.h>
++#include <asm/sparsemem.h>
+ #include <asm/tlbflush.h>
+
+ #include "../kernel/head.h"
+@@ -62,6 +63,13 @@ EXPORT_SYMBOL(pgtable_l5_enabled);
+ phys_addr_t phys_ram_base __ro_after_init;
+ EXPORT_SYMBOL(phys_ram_base);
+
++#ifdef CONFIG_SPARSEMEM_VMEMMAP
++#define VMEMMAP_ADDR_ALIGN (1ULL << SECTION_SIZE_BITS)
++
++unsigned long vmemmap_start_pfn __ro_after_init;
++EXPORT_SYMBOL(vmemmap_start_pfn);
++#endif
++
+ unsigned long empty_zero_page[PAGE_SIZE / sizeof(unsigned long)]
+ __page_aligned_bss;
+ EXPORT_SYMBOL(empty_zero_page);
+@@ -240,8 +248,12 @@ static void __init setup_bootmem(void)
+ * Make sure we align the start of the memory on a PMD boundary so that
+ * at worst, we map the linear mapping with PMD mappings.
+ */
+- if (!IS_ENABLED(CONFIG_XIP_KERNEL))
++ if (!IS_ENABLED(CONFIG_XIP_KERNEL)) {
+ phys_ram_base = memblock_start_of_DRAM() & PMD_MASK;
++#ifdef CONFIG_SPARSEMEM_VMEMMAP
++ vmemmap_start_pfn = round_down(phys_ram_base, VMEMMAP_ADDR_ALIGN) >> PAGE_SHIFT;
++#endif
++ }
+
+ /*
+ * In 64-bit, any use of __va/__pa before this point is wrong as we
+@@ -1101,6 +1113,9 @@ asmlinkage void __init setup_vm(uintptr_t dtb_pa)
+ kernel_map.xiprom_sz = (uintptr_t)(&_exiprom) - (uintptr_t)(&_xiprom);
+
+ phys_ram_base = CONFIG_PHYS_RAM_BASE;
++#ifdef CONFIG_SPARSEMEM_VMEMMAP
++ vmemmap_start_pfn = round_down(phys_ram_base, VMEMMAP_ADDR_ALIGN) >> PAGE_SHIFT;
++#endif
+ kernel_map.phys_addr = (uintptr_t)CONFIG_PHYS_RAM_BASE;
+ kernel_map.size = (uintptr_t)(&_end) - (uintptr_t)(&_start);
+
+--
+2.39.5
+
--- /dev/null
+From 80d22cf9208c35e7efb6763ff8e3deb4e8e11a4e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 28 Nov 2024 09:16:34 +0100
+Subject: riscv: module: remove relocation_head rel_entry member allocation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Clément Léger <cleger@rivosinc.com>
+
+[ Upstream commit 03f0b548537f758830bdb2dc3f2aba713069cef2 ]
+
+relocation_head's list_head member, rel_entry, doesn't need to be
+allocated, its storage can just be part of the allocated relocation_head.
+Remove the pointer which allows to get rid of the allocation as well as
+an existing memory leak found by Kai Zhang using kmemleak.
+
+Fixes: 8fd6c5142395 ("riscv: Add remaining module relocations")
+Reported-by: Kai Zhang <zhangkai@iscas.ac.cn>
+Signed-off-by: Clément Léger <cleger@rivosinc.com>
+Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
+Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
+Tested-by: Charlie Jenkins <charlie@rivosinc.com>
+Link: https://lore.kernel.org/r/20241128081636.3620468-1-cleger@rivosinc.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/kernel/module.c | 18 ++++--------------
+ 1 file changed, 4 insertions(+), 14 deletions(-)
+
+diff --git a/arch/riscv/kernel/module.c b/arch/riscv/kernel/module.c
+index 1cd461f3d872..47d0ebeec93c 100644
+--- a/arch/riscv/kernel/module.c
++++ b/arch/riscv/kernel/module.c
+@@ -23,7 +23,7 @@ struct used_bucket {
+
+ struct relocation_head {
+ struct hlist_node node;
+- struct list_head *rel_entry;
++ struct list_head rel_entry;
+ void *location;
+ };
+
+@@ -634,7 +634,7 @@ process_accumulated_relocations(struct module *me,
+ location = rel_head_iter->location;
+ list_for_each_entry_safe(rel_entry_iter,
+ rel_entry_iter_tmp,
+- rel_head_iter->rel_entry,
++ &rel_head_iter->rel_entry,
+ head) {
+ curr_type = rel_entry_iter->type;
+ reloc_handlers[curr_type].reloc_handler(
+@@ -704,16 +704,7 @@ static int add_relocation_to_accumulate(struct module *me, int type,
+ return -ENOMEM;
+ }
+
+- rel_head->rel_entry =
+- kmalloc(sizeof(struct list_head), GFP_KERNEL);
+-
+- if (!rel_head->rel_entry) {
+- kfree(entry);
+- kfree(rel_head);
+- return -ENOMEM;
+- }
+-
+- INIT_LIST_HEAD(rel_head->rel_entry);
++ INIT_LIST_HEAD(&rel_head->rel_entry);
+ rel_head->location = location;
+ INIT_HLIST_NODE(&rel_head->node);
+ if (!current_head->first) {
+@@ -722,7 +713,6 @@ static int add_relocation_to_accumulate(struct module *me, int type,
+
+ if (!bucket) {
+ kfree(entry);
+- kfree(rel_head->rel_entry);
+ kfree(rel_head);
+ return -ENOMEM;
+ }
+@@ -735,7 +725,7 @@ static int add_relocation_to_accumulate(struct module *me, int type,
+ }
+
+ /* Add relocation to head of discovered rel_head */
+- list_add_tail(&entry->head, rel_head->rel_entry);
++ list_add_tail(&entry->head, &rel_head->rel_entry);
+
+ return 0;
+ }
+--
+2.39.5
+
--- /dev/null
+From 30a733b518991665d0ae271755d7c3f18115bcce Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Dec 2024 16:57:12 +0100
+Subject: riscv: stacktrace: fix backtracing through exceptions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Clément Léger <cleger@rivosinc.com>
+
+[ Upstream commit 51356ce60e5915a6bd812873186ed54e45c2699d ]
+
+Prior to commit 5d5fc33ce58e ("riscv: Improve exception and system call
+latency"), backtrace through exception worked since ra was filled with
+ret_from_exception symbol address and the stacktrace code checked 'pc' to
+be equal to that symbol. Now that handle_exception uses regular 'call'
+instructions, this isn't working anymore and backtrace stops at
+handle_exception(). Since there are multiple call site to C code in the
+exception handling path, rather than checking multiple potential return
+addresses, add a new symbol at the end of exception handling and check pc
+to be in that range.
+
+Fixes: 5d5fc33ce58e ("riscv: Improve exception and system call latency")
+Signed-off-by: Clément Léger <cleger@rivosinc.com>
+Tested-by: Alexandre Ghiti <alexghiti@rivosinc.com>
+Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
+Link: https://lore.kernel.org/r/20241209155714.1239665-1-cleger@rivosinc.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/kernel/entry.S | 1 +
+ arch/riscv/kernel/stacktrace.c | 4 +++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
+index c200d329d4bd..7a6c48e6d211 100644
+--- a/arch/riscv/kernel/entry.S
++++ b/arch/riscv/kernel/entry.S
+@@ -278,6 +278,7 @@ SYM_CODE_START_NOALIGN(ret_from_exception)
+ #else
+ sret
+ #endif
++SYM_INNER_LABEL(ret_from_exception_end, SYM_L_GLOBAL)
+ SYM_CODE_END(ret_from_exception)
+ ASM_NOKPROBE(ret_from_exception)
+
+diff --git a/arch/riscv/kernel/stacktrace.c b/arch/riscv/kernel/stacktrace.c
+index 153a2db4c5fa..d4355c770c36 100644
+--- a/arch/riscv/kernel/stacktrace.c
++++ b/arch/riscv/kernel/stacktrace.c
+@@ -17,6 +17,7 @@
+ #ifdef CONFIG_FRAME_POINTER
+
+ extern asmlinkage void handle_exception(void);
++extern unsigned long ret_from_exception_end;
+
+ static inline int fp_is_valid(unsigned long fp, unsigned long sp)
+ {
+@@ -71,7 +72,8 @@ void notrace walk_stackframe(struct task_struct *task, struct pt_regs *regs,
+ fp = frame->fp;
+ pc = ftrace_graph_ret_addr(current, &graph_idx, frame->ra,
+ &frame->ra);
+- if (pc == (unsigned long)handle_exception) {
++ if (pc >= (unsigned long)handle_exception &&
++ pc < (unsigned long)&ret_from_exception_end) {
+ if (unlikely(!__kernel_text_address(pc) || !fn(arg, pc)))
+ break;
+
+--
+2.39.5
+
--- /dev/null
+From 35c83e94fe2779fec508d5cdb032a60c5ef39db6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 3 Jan 2025 15:17:58 +0100
+Subject: riscv: use local label names instead of global ones in assembly
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Clément Léger <cleger@rivosinc.com>
+
+[ Upstream commit 5cd900b8b7e42c492431eb4261c18927768db1f9 ]
+
+Local labels should be prefix by '.L' or they'll be exported in the
+symbol table. Additionally, this messes up the backtrace by displaying
+an incorrect symbol:
+
+ ...
+ [ 12.751810] [<ffffffff80441628>] _copy_from_user+0x28/0xc2
+ [ 12.752035] [<ffffffff800152ca>] handle_misaligned_load+0x1ca/0x2fc
+ [ 12.752310] [<ffffffff80a033e8>] do_trap_load_misaligned+0x24/0xee
+ [ 12.752596] [<ffffffff80a0dcae>] _new_vmalloc_restore_context_a0+0xc2/0xce
+
+After:
+ ...
+ [ 10.243916] [<ffffffff804415e4>] _copy_from_user+0x28/0xc2
+ [ 10.244026] [<ffffffff800152ca>] handle_misaligned_load+0x1ca/0x2fc
+ [ 10.244150] [<ffffffff80a033a0>] do_trap_load_misaligned+0x24/0xee
+ [ 10.244268] [<ffffffff80a0dc66>] handle_exception+0x146/0x152
+
+Signed-off-by: Clément Léger <cleger@rivosinc.com>
+Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
+Fixes: 503638e0babf3 ("riscv: Stop emitting preventive sfence.vma for new vmalloc mappings")
+Link: https://lore.kernel.org/r/20250103141814.508865-1-cleger@rivosinc.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/kernel/entry.S | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
+index 7a6c48e6d211..33a5a9f2a0d4 100644
+--- a/arch/riscv/kernel/entry.S
++++ b/arch/riscv/kernel/entry.S
+@@ -23,21 +23,21 @@
+ REG_S a0, TASK_TI_A0(tp)
+ csrr a0, CSR_CAUSE
+ /* Exclude IRQs */
+- blt a0, zero, _new_vmalloc_restore_context_a0
++ blt a0, zero, .Lnew_vmalloc_restore_context_a0
+
+ REG_S a1, TASK_TI_A1(tp)
+ /* Only check new_vmalloc if we are in page/protection fault */
+ li a1, EXC_LOAD_PAGE_FAULT
+- beq a0, a1, _new_vmalloc_kernel_address
++ beq a0, a1, .Lnew_vmalloc_kernel_address
+ li a1, EXC_STORE_PAGE_FAULT
+- beq a0, a1, _new_vmalloc_kernel_address
++ beq a0, a1, .Lnew_vmalloc_kernel_address
+ li a1, EXC_INST_PAGE_FAULT
+- bne a0, a1, _new_vmalloc_restore_context_a1
++ bne a0, a1, .Lnew_vmalloc_restore_context_a1
+
+-_new_vmalloc_kernel_address:
++.Lnew_vmalloc_kernel_address:
+ /* Is it a kernel address? */
+ csrr a0, CSR_TVAL
+- bge a0, zero, _new_vmalloc_restore_context_a1
++ bge a0, zero, .Lnew_vmalloc_restore_context_a1
+
+ /* Check if a new vmalloc mapping appeared that could explain the trap */
+ REG_S a2, TASK_TI_A2(tp)
+@@ -69,7 +69,7 @@ _new_vmalloc_kernel_address:
+ /* Check the value of new_vmalloc for this cpu */
+ REG_L a2, 0(a0)
+ and a2, a2, a1
+- beq a2, zero, _new_vmalloc_restore_context
++ beq a2, zero, .Lnew_vmalloc_restore_context
+
+ /* Atomically reset the current cpu bit in new_vmalloc */
+ amoxor.d a0, a1, (a0)
+@@ -83,11 +83,11 @@ _new_vmalloc_kernel_address:
+ csrw CSR_SCRATCH, x0
+ sret
+
+-_new_vmalloc_restore_context:
++.Lnew_vmalloc_restore_context:
+ REG_L a2, TASK_TI_A2(tp)
+-_new_vmalloc_restore_context_a1:
++.Lnew_vmalloc_restore_context_a1:
+ REG_L a1, TASK_TI_A1(tp)
+-_new_vmalloc_restore_context_a0:
++.Lnew_vmalloc_restore_context_a0:
+ REG_L a0, TASK_TI_A0(tp)
+ .endm
+
+--
+2.39.5
+
net-stmmac-dwmac-tegra-read-iommu-stream-id-from-dev.patch
rtase-fix-a-check-for-error-in-rtase_alloc_msix.patch
net-mlx5-fix-variable-not-being-completed-when-funct.patch
+drm-mediatek-set-private-all_drm_private-i-drm-to-nu.patch
+drm-mediatek-move-mtk_crtc_finish_page_flip-to-ddp_c.patch
+drm-mediatek-add-support-for-180-degree-rotation-in-.patch
+drm-mediatek-stop-selecting-foreign-drivers.patch
+drm-mediatek-fix-ycbcr422-color-format-issue-for-dp.patch
+drm-mediatek-fix-mode-valid-issue-for-dp.patch
+drm-mediatek-mtk_dsi-add-registers-to-pdata-to-fix-m.patch
+gpio-virtuser-fix-missing-lookup-table-cleanups.patch
+gpio-virtuser-fix-handling-of-multiple-conn_ids-in-l.patch
+drm-mediatek-add-return-value-check-when-reading-dpc.patch
+ksmbd-fix-a-missing-return-value-check-bug.patch
+afs-fix-the-maximum-cell-name-length.patch
+platform-x86-amd-pmc-only-disable-irq1-wakeup-where-.patch
+platform-x86-intel-pmc-fix-ioremap-of-bad-address.patch
+ksmbd-fix-unexpectedly-changed-path-in-ksmbd_vfs_ker.patch
+riscv-module-remove-relocation_head-rel_entry-member.patch
+cpuidle-riscv-sbi-fix-device-node-release-in-early-e.patch
+riscv-mm-fix-the-out-of-bound-issue-of-vmemmap-addre.patch
+riscv-stacktrace-fix-backtracing-through-exceptions.patch
+riscv-use-local-label-names-instead-of-global-ones-i.patch
+drm-xe-fix-tlb-invalidation-when-wedging.patch
+netfs-fix-kernel-async-dio.patch
+netfs-fix-read-retry-for-fs-with-no-prepare_read.patch
+drivers-perf-riscv-fix-platform-firmware-event-data.patch
+drivers-perf-riscv-return-error-for-default-case.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
