--- /dev/null
+From 2370dbb092ff1d9f364541e55590bc7a0c3ad1d5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 28 Jan 2021 21:15:48 +0200
+Subject: bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
+
+From: Grygorii Strashko <grygorii.strashko@ti.com>
+
+[ Upstream commit 7d7275b3e866cf8092bd12553ec53ba26864f7bb ]
+
+The main purpose of l3 IRQs is to catch OCP bus access errors and identify
+corresponding code places by showing call stack, so it's important to
+handle L3 interconnect errors as fast as possible. On RT these IRQs will
+became threaded and will be scheduled much more late from the moment actual
+error occurred so showing completely useless information.
+
+Hence, mark l3 IRQs as IRQF_NO_THREAD so they will not be forced threaded
+on RT or if force_irqthreads = true.
+
+Fixes: 0ee7261c9212 ("drivers: bus: Move the OMAP interconnect driver to drivers/bus/")
+Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
+Signed-off-by: Tony Lindgren <tony@atomide.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/bus/omap_l3_noc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/bus/omap_l3_noc.c b/drivers/bus/omap_l3_noc.c
+index 5012e3ad1225..624f74d03a83 100644
+--- a/drivers/bus/omap_l3_noc.c
++++ b/drivers/bus/omap_l3_noc.c
+@@ -285,7 +285,7 @@ static int omap_l3_probe(struct platform_device *pdev)
+ */
+ l3->debug_irq = platform_get_irq(pdev, 0);
+ ret = devm_request_irq(l3->dev, l3->debug_irq, l3_interrupt_handler,
+- 0x0, "l3-dbg-irq", l3);
++ IRQF_NO_THREAD, "l3-dbg-irq", l3);
+ if (ret) {
+ dev_err(l3->dev, "request_irq failed for %d\n",
+ l3->debug_irq);
+@@ -294,7 +294,7 @@ static int omap_l3_probe(struct platform_device *pdev)
+
+ l3->app_irq = platform_get_irq(pdev, 1);
+ ret = devm_request_irq(l3->dev, l3->app_irq, l3_interrupt_handler,
+- 0x0, "l3-app-irq", l3);
++ IRQF_NO_THREAD, "l3-app-irq", l3);
+ if (ret)
+ dev_err(l3->dev, "request_irq failed for %d\n", l3->app_irq);
+
+--
+2.30.1
+
--- /dev/null
+From 573b262428386f468eb6d5fcdcdf4acabad33502 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 1 Mar 2021 21:55:40 -0500
+Subject: can: c_can: move runtime PM enable/disable to c_can_platform
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Tong Zhang <ztong0001@gmail.com>
+
+[ Upstream commit 6e2fe01dd6f98da6cae8b07cd5cfa67abc70d97d ]
+
+Currently doing modprobe c_can_pci will make the kernel complain:
+
+ Unbalanced pm_runtime_enable!
+
+this is caused by pm_runtime_enable() called before pm is initialized.
+
+This fix is similar to 227619c3ff7c, move those pm_enable/disable code
+to c_can_platform.
+
+Fixes: 4cdd34b26826 ("can: c_can: Add runtime PM support to Bosch C_CAN/D_CAN controller")
+Link: http://lore.kernel.org/r/20210302025542.987600-1-ztong0001@gmail.com
+Signed-off-by: Tong Zhang <ztong0001@gmail.com>
+Tested-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/can/c_can/c_can.c | 24 +-----------------------
+ drivers/net/can/c_can/c_can_platform.c | 6 +++++-
+ 2 files changed, 6 insertions(+), 24 deletions(-)
+
+diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c
+index 4ead5a18b794..c41ab2cb272e 100644
+--- a/drivers/net/can/c_can/c_can.c
++++ b/drivers/net/can/c_can/c_can.c
+@@ -212,18 +212,6 @@ static const struct can_bittiming_const c_can_bittiming_const = {
+ .brp_inc = 1,
+ };
+
+-static inline void c_can_pm_runtime_enable(const struct c_can_priv *priv)
+-{
+- if (priv->device)
+- pm_runtime_enable(priv->device);
+-}
+-
+-static inline void c_can_pm_runtime_disable(const struct c_can_priv *priv)
+-{
+- if (priv->device)
+- pm_runtime_disable(priv->device);
+-}
+-
+ static inline void c_can_pm_runtime_get_sync(const struct c_can_priv *priv)
+ {
+ if (priv->device)
+@@ -1318,7 +1306,6 @@ static const struct net_device_ops c_can_netdev_ops = {
+
+ int register_c_can_dev(struct net_device *dev)
+ {
+- struct c_can_priv *priv = netdev_priv(dev);
+ int err;
+
+ /* Deactivate pins to prevent DRA7 DCAN IP from being
+@@ -1328,28 +1315,19 @@ int register_c_can_dev(struct net_device *dev)
+ */
+ pinctrl_pm_select_sleep_state(dev->dev.parent);
+
+- c_can_pm_runtime_enable(priv);
+-
+ dev->flags |= IFF_ECHO; /* we support local echo */
+ dev->netdev_ops = &c_can_netdev_ops;
+
+ err = register_candev(dev);
+- if (err)
+- c_can_pm_runtime_disable(priv);
+- else
++ if (!err)
+ devm_can_led_init(dev);
+-
+ return err;
+ }
+ EXPORT_SYMBOL_GPL(register_c_can_dev);
+
+ void unregister_c_can_dev(struct net_device *dev)
+ {
+- struct c_can_priv *priv = netdev_priv(dev);
+-
+ unregister_candev(dev);
+-
+- c_can_pm_runtime_disable(priv);
+ }
+ EXPORT_SYMBOL_GPL(unregister_c_can_dev);
+
+diff --git a/drivers/net/can/c_can/c_can_platform.c b/drivers/net/can/c_can/c_can_platform.c
+index 717530eac70c..c6a03f565e3f 100644
+--- a/drivers/net/can/c_can/c_can_platform.c
++++ b/drivers/net/can/c_can/c_can_platform.c
+@@ -29,6 +29,7 @@
+ #include <linux/list.h>
+ #include <linux/io.h>
+ #include <linux/platform_device.h>
++#include <linux/pm_runtime.h>
+ #include <linux/clk.h>
+ #include <linux/of.h>
+ #include <linux/of_device.h>
+@@ -385,6 +386,7 @@ static int c_can_plat_probe(struct platform_device *pdev)
+ platform_set_drvdata(pdev, dev);
+ SET_NETDEV_DEV(dev, &pdev->dev);
+
++ pm_runtime_enable(priv->device);
+ ret = register_c_can_dev(dev);
+ if (ret) {
+ dev_err(&pdev->dev, "registering %s failed (err=%d)\n",
+@@ -397,6 +399,7 @@ static int c_can_plat_probe(struct platform_device *pdev)
+ return 0;
+
+ exit_free_device:
++ pm_runtime_disable(priv->device);
+ free_c_can_dev(dev);
+ exit:
+ dev_err(&pdev->dev, "probe failed\n");
+@@ -407,9 +410,10 @@ exit:
+ static int c_can_plat_remove(struct platform_device *pdev)
+ {
+ struct net_device *dev = platform_get_drvdata(pdev);
++ struct c_can_priv *priv = netdev_priv(dev);
+
+ unregister_c_can_dev(dev);
+-
++ pm_runtime_disable(priv->device);
+ free_c_can_dev(dev);
+
+ return 0;
+--
+2.30.1
+
--- /dev/null
+From cd3dc8da49b8808a209d422478c096e9125ca999 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 28 Feb 2021 21:45:11 -0500
+Subject: can: c_can_pci: c_can_pci_remove(): fix use-after-free
+
+From: Tong Zhang <ztong0001@gmail.com>
+
+[ Upstream commit 0429d6d89f97ebff4f17f13f5b5069c66bde8138 ]
+
+There is a UAF in c_can_pci_remove(). dev is released by
+free_c_can_dev() and is used by pci_iounmap(pdev, priv->base) later.
+To fix this issue, save the mmio address before releasing dev.
+
+Fixes: 5b92da0443c2 ("c_can_pci: generic module for C_CAN/D_CAN on PCI")
+Link: https://lore.kernel.org/r/20210301024512.539039-1-ztong0001@gmail.com
+Signed-off-by: Tong Zhang <ztong0001@gmail.com>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/can/c_can/c_can_pci.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/can/c_can/c_can_pci.c b/drivers/net/can/c_can/c_can_pci.c
+index d065c0e2d18e..f3e0b2124a37 100644
+--- a/drivers/net/can/c_can/c_can_pci.c
++++ b/drivers/net/can/c_can/c_can_pci.c
+@@ -239,12 +239,13 @@ static void c_can_pci_remove(struct pci_dev *pdev)
+ {
+ struct net_device *dev = pci_get_drvdata(pdev);
+ struct c_can_priv *priv = netdev_priv(dev);
++ void __iomem *addr = priv->base;
+
+ unregister_c_can_dev(dev);
+
+ free_c_can_dev(dev);
+
+- pci_iounmap(pdev, priv->base);
++ pci_iounmap(pdev, addr);
+ pci_disable_msi(pdev);
+ pci_clear_master(pdev);
+ pci_release_regions(pdev);
+--
+2.30.1
+
--- /dev/null
+From db3a52fd934f5b11ff8941cde1c962460ae1a632 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 3 Mar 2021 10:31:52 +0000
+Subject: can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
+
+From: Torin Cooper-Bennun <torin@maxiluxsystems.com>
+
+[ Upstream commit c0e399f3baf42279f48991554240af8c457535d1 ]
+
+Message loss from RX FIFO 0 is already handled in
+m_can_handle_lost_msg(), with netdev output included.
+
+Removing this warning also improves driver performance under heavy
+load, where m_can_do_rx_poll() may be called many times before this
+interrupt is cleared, causing this message to be output many
+times (thanks Mariusz Madej for this report).
+
+Fixes: e0d1f4816f2a ("can: m_can: add Bosch M_CAN controller support")
+Link: https://lore.kernel.org/r/20210303103151.3760532-1-torin@maxiluxsystems.com
+Reported-by: Mariusz Madej <mariusz.madej@xtrack.com>
+Signed-off-by: Torin Cooper-Bennun <torin@maxiluxsystems.com>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/can/m_can/m_can.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/drivers/net/can/m_can/m_can.c b/drivers/net/can/m_can/m_can.c
+index 0bd7e7164796..197c27d8f584 100644
+--- a/drivers/net/can/m_can/m_can.c
++++ b/drivers/net/can/m_can/m_can.c
+@@ -428,9 +428,6 @@ static int m_can_do_rx_poll(struct net_device *dev, int quota)
+ }
+
+ while ((rxfs & RXFS_FFL_MASK) && (quota > 0)) {
+- if (rxfs & RXFS_RFL)
+- netdev_warn(dev, "Rx FIFO 0 Message Lost\n");
+-
+ m_can_read_fifo(dev, rxfs);
+
+ quota--;
+--
+2.30.1
+
--- /dev/null
+From 958876a97d421590186f1366d9d4f56f489d65d0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 21 Oct 2020 14:59:37 +0300
+Subject: e1000e: add rtnl_lock() to e1000_reset_task
+
+From: Vitaly Lifshits <vitaly.lifshits@intel.com>
+
+[ Upstream commit 21f857f0321d0d0ea9b1a758bd55dc63d1cb2437 ]
+
+A possible race condition was found in e1000_reset_task,
+after discovering a similar issue in igb driver via
+commit 024a8168b749 ("igb: reinit_locked() should be called
+with rtnl_lock").
+
+Added rtnl_lock() and rtnl_unlock() to avoid this.
+
+Fixes: bc7f75fa9788 ("[E1000E]: New pci-express e1000 driver (currently for ICH9 devices only)")
+Suggested-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Vitaly Lifshits <vitaly.lifshits@intel.com>
+Tested-by: Dvora Fuxbrumer <dvorax.fuxbrumer@linux.intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/e1000e/netdev.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
+index 3c01bc43889a..46323019aa63 100644
+--- a/drivers/net/ethernet/intel/e1000e/netdev.c
++++ b/drivers/net/ethernet/intel/e1000e/netdev.c
+@@ -5920,15 +5920,19 @@ static void e1000_reset_task(struct work_struct *work)
+ struct e1000_adapter *adapter;
+ adapter = container_of(work, struct e1000_adapter, reset_task);
+
++ rtnl_lock();
+ /* don't run the task if already down */
+- if (test_bit(__E1000_DOWN, &adapter->state))
++ if (test_bit(__E1000_DOWN, &adapter->state)) {
++ rtnl_unlock();
+ return;
++ }
+
+ if (!(adapter->flags & FLAG_RESTART_NOW)) {
+ e1000e_dump(adapter);
+ e_err("Reset adapter unexpectedly\n");
+ }
+ e1000e_reinit_locked(adapter);
++ rtnl_unlock();
+ }
+
+ /**
+--
+2.30.1
+
--- /dev/null
+From b16e7c8a149f0dfafc9ffe6bfce6d337c58ee568 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 28 Feb 2021 17:44:23 +0800
+Subject: e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
+
+From: Dinghao Liu <dinghao.liu@zju.edu.cn>
+
+[ Upstream commit b52912b8293f2c496f42583e65599aee606a0c18 ]
+
+There is one e1e_wphy() call in e1000_set_d0_lplu_state_82571
+that we have caught its return value but lack further handling.
+Check and terminate the execution flow just like other e1e_wphy()
+in this function.
+
+Fixes: bc7f75fa9788 ("[E1000E]: New pci-express e1000 driver (currently for ICH9 devices only)")
+Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
+Acked-by: Sasha Neftin <sasha.neftin@intel.com>
+Tested-by: Dvora Fuxbrumer <dvorax.fuxbrumer@linux.intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/intel/e1000e/82571.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c
+index 6b03c8553e59..65deaf8f3004 100644
+--- a/drivers/net/ethernet/intel/e1000e/82571.c
++++ b/drivers/net/ethernet/intel/e1000e/82571.c
+@@ -917,6 +917,8 @@ static s32 e1000_set_d0_lplu_state_82571(struct e1000_hw *hw, bool active)
+ } else {
+ data &= ~IGP02E1000_PM_D0_LPLU;
+ ret_val = e1e_wphy(hw, IGP02E1000_PHY_POWER_MGMT, data);
++ if (ret_val)
++ return ret_val;
+ /* LPLU and SmartSpeed are mutually exclusive. LPLU is used
+ * during Dx states where the power conservation is most
+ * important. During driver activity we should enable
+--
+2.30.1
+
--- /dev/null
+From e29681610329397029e50d3dc8ed11d75ecae65f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 12 Feb 2021 11:22:14 +0100
+Subject: mac80211: fix rate mask reset
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+[ Upstream commit 1944015fe9c1d9fa5e9eb7ffbbb5ef8954d6753b ]
+
+Coverity reported the strange "if (~...)" condition that's
+always true. It suggested that ! was intended instead of ~,
+but upon further analysis I'm convinced that what really was
+intended was a comparison to 0xff/0xffff (in HT/VHT cases
+respectively), since this indicates that all of the rates
+are enabled.
+
+Change the comparison accordingly.
+
+I'm guessing this never really mattered because a reset to
+not having a rate mask is basically equivalent to having a
+mask that enables all rates.
+
+Reported-by: Colin Ian King <colin.king@canonical.com>
+Fixes: 2ffbe6d33366 ("mac80211: fix and optimize MCS mask handling")
+Fixes: b119ad6e726c ("mac80211: add rate mask logic for vht rates")
+Reviewed-by: Colin Ian King <colin.king@canonical.com>
+Link: https://lore.kernel.org/r/20210212112213.36b38078f569.I8546a20c80bc1669058eb453e213630b846e107b@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/mac80211/cfg.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
+index 1a13715b9a59..f37fbc71fc1d 100644
+--- a/net/mac80211/cfg.c
++++ b/net/mac80211/cfg.c
+@@ -2681,14 +2681,14 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
+ continue;
+
+ for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++) {
+- if (~sdata->rc_rateidx_mcs_mask[i][j]) {
++ if (sdata->rc_rateidx_mcs_mask[i][j] != 0xff) {
+ sdata->rc_has_mcs_mask[i] = true;
+ break;
+ }
+ }
+
+ for (j = 0; j < NL80211_VHT_NSS_MAX; j++) {
+- if (~sdata->rc_rateidx_vht_mcs_mask[i][j]) {
++ if (sdata->rc_rateidx_vht_mcs_mask[i][j] != 0xffff) {
+ sdata->rc_has_vht_mcs_mask[i] = true;
+ break;
+ }
+--
+2.30.1
+
--- /dev/null
+From 108b924d56c5b48122fe37c3d51f6538384e8614 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 10 Mar 2021 01:56:36 -0800
+Subject: macvlan: macvlan_count_rx() needs to be aware of preemption
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit dd4fa1dae9f4847cc1fd78ca468ad69e16e5db3e ]
+
+macvlan_count_rx() can be called from process context, it is thus
+necessary to disable preemption before calling u64_stats_update_begin()
+
+syzbot was able to spot this on 32bit arch:
+
+WARNING: CPU: 1 PID: 4632 at include/linux/seqlock.h:271 __seqprop_assert include/linux/seqlock.h:271 [inline]
+WARNING: CPU: 1 PID: 4632 at include/linux/seqlock.h:271 __seqprop_assert.constprop.0+0xf0/0x11c include/linux/seqlock.h:269
+Modules linked in:
+Kernel panic - not syncing: panic_on_warn set ...
+CPU: 1 PID: 4632 Comm: kworker/1:3 Not tainted 5.12.0-rc2-syzkaller #0
+Hardware name: ARM-Versatile Express
+Workqueue: events macvlan_process_broadcast
+Backtrace:
+[<82740468>] (dump_backtrace) from [<827406dc>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:252)
+ r7:00000080 r6:60000093 r5:00000000 r4:8422a3c4
+[<827406c4>] (show_stack) from [<82751b58>] (__dump_stack lib/dump_stack.c:79 [inline])
+[<827406c4>] (show_stack) from [<82751b58>] (dump_stack+0xb8/0xe8 lib/dump_stack.c:120)
+[<82751aa0>] (dump_stack) from [<82741270>] (panic+0x130/0x378 kernel/panic.c:231)
+ r7:830209b4 r6:84069ea4 r5:00000000 r4:844350d0
+[<82741140>] (panic) from [<80244924>] (__warn+0xb0/0x164 kernel/panic.c:605)
+ r3:8404ec8c r2:00000000 r1:00000000 r0:830209b4
+ r7:0000010f
+[<80244874>] (__warn) from [<82741520>] (warn_slowpath_fmt+0x68/0xd4 kernel/panic.c:628)
+ r7:81363f70 r6:0000010f r5:83018e50 r4:00000000
+[<827414bc>] (warn_slowpath_fmt) from [<81363f70>] (__seqprop_assert include/linux/seqlock.h:271 [inline])
+[<827414bc>] (warn_slowpath_fmt) from [<81363f70>] (__seqprop_assert.constprop.0+0xf0/0x11c include/linux/seqlock.h:269)
+ r8:5a109000 r7:0000000f r6:a568dac0 r5:89802300 r4:00000001
+[<81363e80>] (__seqprop_assert.constprop.0) from [<81364af0>] (u64_stats_update_begin include/linux/u64_stats_sync.h:128 [inline])
+[<81363e80>] (__seqprop_assert.constprop.0) from [<81364af0>] (macvlan_count_rx include/linux/if_macvlan.h:47 [inline])
+[<81363e80>] (__seqprop_assert.constprop.0) from [<81364af0>] (macvlan_broadcast+0x154/0x26c drivers/net/macvlan.c:291)
+ r5:89802300 r4:8a927740
+[<8136499c>] (macvlan_broadcast) from [<81365020>] (macvlan_process_broadcast+0x258/0x2d0 drivers/net/macvlan.c:317)
+ r10:81364f78 r9:8a86d000 r8:8a9c7e7c r7:8413aa5c r6:00000000 r5:00000000
+ r4:89802840
+[<81364dc8>] (macvlan_process_broadcast) from [<802696a4>] (process_one_work+0x2d4/0x998 kernel/workqueue.c:2275)
+ r10:00000008 r9:8404ec98 r8:84367a02 r7:ddfe6400 r6:ddfe2d40 r5:898dac80
+ r4:8a86d43c
+[<802693d0>] (process_one_work) from [<80269dcc>] (worker_thread+0x64/0x54c kernel/workqueue.c:2421)
+ r10:00000008 r9:8a9c6000 r8:84006d00 r7:ddfe2d78 r6:898dac94 r5:ddfe2d40
+ r4:898dac80
+[<80269d68>] (worker_thread) from [<80271f40>] (kthread+0x184/0x1a4 kernel/kthread.c:292)
+ r10:85247e64 r9:898dac80 r8:80269d68 r7:00000000 r6:8a9c6000 r5:89a2ee40
+ r4:8a97bd00
+[<80271dbc>] (kthread) from [<80200114>] (ret_from_fork+0x14/0x20 arch/arm/kernel/entry-common.S:158)
+Exception stack(0x8a9c7fb0 to 0x8a9c7ff8)
+
+Fixes: 412ca1550cbe ("macvlan: Move broadcasts into a work queue")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/if_macvlan.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/linux/if_macvlan.h b/include/linux/if_macvlan.h
+index a4ccc3122f93..cfcbc49f4ddf 100644
+--- a/include/linux/if_macvlan.h
++++ b/include/linux/if_macvlan.h
+@@ -70,13 +70,14 @@ static inline void macvlan_count_rx(const struct macvlan_dev *vlan,
+ if (likely(success)) {
+ struct vlan_pcpu_stats *pcpu_stats;
+
+- pcpu_stats = this_cpu_ptr(vlan->pcpu_stats);
++ pcpu_stats = get_cpu_ptr(vlan->pcpu_stats);
+ u64_stats_update_begin(&pcpu_stats->syncp);
+ pcpu_stats->rx_packets++;
+ pcpu_stats->rx_bytes += len;
+ if (multicast)
+ pcpu_stats->rx_multicast++;
+ u64_stats_update_end(&pcpu_stats->syncp);
++ put_cpu_ptr(vlan->pcpu_stats);
+ } else {
+ this_cpu_inc(vlan->pcpu_stats->rx_errors);
+ }
+--
+2.30.1
+
--- /dev/null
+From 77a82383600eadfc18186e35b9b8ff879c176683 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 18 Mar 2021 16:57:49 +0100
+Subject: net: cdc-phonet: fix data-interface release on probe failure
+
+From: Johan Hovold <johan@kernel.org>
+
+[ Upstream commit c79a707072fe3fea0e3c92edee6ca85c1e53c29f ]
+
+Set the disconnected flag before releasing the data interface in case
+netdev registration fails to avoid having the disconnect callback try to
+deregister the never registered netdev (and trigger a WARN_ON()).
+
+Fixes: 87cf65601e17 ("USB host CDC Phonet network interface driver")
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/cdc-phonet.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/net/usb/cdc-phonet.c b/drivers/net/usb/cdc-phonet.c
+index ff2270ead2e6..84e0e7f78029 100644
+--- a/drivers/net/usb/cdc-phonet.c
++++ b/drivers/net/usb/cdc-phonet.c
+@@ -406,6 +406,8 @@ static int usbpn_probe(struct usb_interface *intf, const struct usb_device_id *i
+
+ err = register_netdev(dev);
+ if (err) {
++ /* Set disconnected flag so that disconnect() returns early. */
++ pnd->disconnected = 1;
+ usb_driver_release_interface(&usbpn_driver, data_intf);
+ goto out;
+ }
+--
+2.30.1
+
--- /dev/null
+From 4701caa939dffea7c65c17194be503d42cbc1ca4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 10 Mar 2021 14:17:58 -0800
+Subject: net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+[ Upstream commit 47142ed6c34d544ae9f0463e58d482289cbe0d46 ]
+
+Similar to commit 92696286f3bb37ba50e4bd8d1beb24afb759a799 ("net:
+bcmgenet: Set phydev->dev_flags only for internal PHYs") we need to
+qualify the phydev->dev_flags based on whether the port is connected to
+an internal or external PHY otherwise we risk having a flags collision
+with a completely different interpretation depending on the driver.
+
+Fixes: aa9aef77c761 ("net: dsa: bcm_sf2: communicate integrated PHY revision to PHY driver")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/dsa/bcm_sf2.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c
+index 0c69d5858558..40b3adf7ad99 100644
+--- a/drivers/net/dsa/bcm_sf2.c
++++ b/drivers/net/dsa/bcm_sf2.c
+@@ -588,8 +588,10 @@ static u32 bcm_sf2_sw_get_phy_flags(struct dsa_switch *ds, int port)
+ * in bits 15:8 and the patch level in bits 7:0 which is exactly what
+ * the REG_PHY_REVISION register layout is.
+ */
+-
+- return priv->hw_params.gphy_rev;
++ if (priv->int_phy_mask & BIT(port))
++ return priv->hw_params.gphy_rev;
++ else
++ return 0;
+ }
+
+ static void bcm_sf2_sw_adjust_link(struct dsa_switch *ds, int port,
+--
+2.30.1
+
--- /dev/null
+From 5a9c07fe1469afd31428b04995d1a4c8a020af26 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 10 Mar 2021 20:01:40 -0800
+Subject: net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
+
+From: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
+
+[ Upstream commit db74623a3850db99cb9692fda9e836a56b74198d ]
+
+In qlcnic_83xx_get_minidump_template, fw_dump->tmpl_hdr was freed by
+vfree(). But unfortunately, it is used when extended is true.
+
+Fixes: 7061b2bdd620e ("qlogic: Deletion of unnecessary checks before two function calls")
+Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
+index 5174e0bd75d1..625336264a44 100644
+--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c
+@@ -1426,6 +1426,7 @@ void qlcnic_83xx_get_minidump_template(struct qlcnic_adapter *adapter)
+
+ if (fw_dump->tmpl_hdr == NULL || current_version > prev_version) {
+ vfree(fw_dump->tmpl_hdr);
++ fw_dump->tmpl_hdr = NULL;
+
+ if (qlcnic_83xx_md_check_extended_dump_capability(adapter))
+ extended = !qlcnic_83xx_extend_md_capab(adapter);
+@@ -1444,6 +1445,8 @@ void qlcnic_83xx_get_minidump_template(struct qlcnic_adapter *adapter)
+ struct qlcnic_83xx_dump_template_hdr *hdr;
+
+ hdr = fw_dump->tmpl_hdr;
++ if (!hdr)
++ return;
+ hdr->drv_cap_mask = 0x1f;
+ fw_dump->cap_mask = 0x1f;
+ dev_info(&pdev->dev,
+--
+2.30.1
+
--- /dev/null
+From 0473928db5a497d0d31b5614176e6816c41831a1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 25 Mar 2021 00:34:53 +0530
+Subject: RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6
+ listening server
+
+From: Potnuri Bharat Teja <bharat@chelsio.com>
+
+[ Upstream commit 3408be145a5d6418ff955fe5badde652be90e700 ]
+
+Not setting the ipv6 bit while destroying ipv6 listening servers may
+result in potential fatal adapter errors due to lookup engine memory hash
+errors. Therefore always set ipv6 field while destroying ipv6 listening
+servers.
+
+Fixes: 830662f6f032 ("RDMA/cxgb4: Add support for active and passive open connection with IPv6 address")
+Link: https://lore.kernel.org/r/20210324190453.8171-1-bharat@chelsio.com
+Signed-off-by: Potnuri Bharat Teja <bharat@chelsio.com>
+Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/infiniband/hw/cxgb4/cm.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c
+index a60e1c1b4b5e..8bd062635399 100644
+--- a/drivers/infiniband/hw/cxgb4/cm.c
++++ b/drivers/infiniband/hw/cxgb4/cm.c
+@@ -3472,13 +3472,13 @@ int c4iw_destroy_listen(struct iw_cm_id *cm_id)
+ ep->com.local_addr.ss_family == AF_INET) {
+ err = cxgb4_remove_server_filter(
+ ep->com.dev->rdev.lldi.ports[0], ep->stid,
+- ep->com.dev->rdev.lldi.rxq_ids[0], 0);
++ ep->com.dev->rdev.lldi.rxq_ids[0], false);
+ } else {
+ struct sockaddr_in6 *sin6;
+ c4iw_init_wr_wait(&ep->com.wr_wait);
+ err = cxgb4_remove_server(
+ ep->com.dev->rdev.lldi.ports[0], ep->stid,
+- ep->com.dev->rdev.lldi.rxq_ids[0], 0);
++ ep->com.dev->rdev.lldi.rxq_ids[0], true);
+ if (err)
+ goto done;
+ err = c4iw_wait_for_reply(&ep->com.dev->rdev, &ep->com.wr_wait,
+--
+2.30.1
+
squashfs-fix-inode-lookup-sanity-checks.patch
squashfs-fix-xattr-id-and-id-lookup-sanity-checks.patch
arm64-dts-ls1043a-mark-crypto-engine-dma-coherent.patch
+bus-omap_l3_noc-mark-l3-irqs-as-irqf_no_thread.patch
+macvlan-macvlan_count_rx-needs-to-be-aware-of-preemp.patch
+net-dsa-bcm_sf2-qualify-phydev-dev_flags-based-on-po.patch
+e1000e-add-rtnl_lock-to-e1000_reset_task.patch
+e1000e-fix-error-handling-in-e1000_set_d0_lplu_state.patch
+net-qlcnic-fix-a-use-after-free-in-qlcnic_83xx_get_m.patch
+can-c_can_pci-c_can_pci_remove-fix-use-after-free.patch
+can-c_can-move-runtime-pm-enable-disable-to-c_can_pl.patch
+can-m_can-m_can_do_rx_poll-fix-extraneous-msg-loss-w.patch
+mac80211-fix-rate-mask-reset.patch
+net-cdc-phonet-fix-data-interface-release-on-probe-f.patch
+rdma-cxgb4-fix-adapter-le-hash-errors-while-destroyi.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
