--- /dev/null
+From a5475829adcc600bc69ee9ff7c9e3e43fb4f8d30 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Wed, 5 Jul 2023 14:30:16 +0200
+Subject: ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit a5475829adcc600bc69ee9ff7c9e3e43fb4f8d30 upstream.
+
+The MBHC resources must be released on component probe failure and
+removal so can not be tied to the lifetime of the component device.
+
+This is specifically needed to allow probe deferrals of the sound card
+which otherwise fails when reprobing the codec component:
+
+ snd-sc8280xp sound: ASoC: failed to instantiate card -517
+ genirq: Flags mismatch irq 299. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)
+ wcd938x_codec audio-codec: Failed to request mbhc interrupts -16
+ wcd938x_codec audio-codec: mbhc initialization failed
+ wcd938x_codec audio-codec: ASoC: error at snd_soc_component_probe on audio-codec: -16
+ snd-sc8280xp sound: ASoC: failed to instantiate card -16
+
+Fixes: 0e5c9e7ff899 ("ASoC: codecs: wcd: add multi button Headset detection support")
+Cc: stable@vger.kernel.org # 5.14
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20230705123018.30903-7-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/codecs/wcd-mbhc-v2.c | 57 +++++++++++++++++++++++++++++------------
+ 1 file changed, 41 insertions(+), 16 deletions(-)
+
+--- a/sound/soc/codecs/wcd-mbhc-v2.c
++++ b/sound/soc/codecs/wcd-mbhc-v2.c
+@@ -1370,7 +1370,7 @@ struct wcd_mbhc *wcd_mbhc_init(struct sn
+ return ERR_PTR(-EINVAL);
+ }
+
+- mbhc = devm_kzalloc(dev, sizeof(*mbhc), GFP_KERNEL);
++ mbhc = kzalloc(sizeof(*mbhc), GFP_KERNEL);
+ if (!mbhc)
+ return ERR_PTR(-ENOMEM);
+
+@@ -1390,61 +1390,76 @@ struct wcd_mbhc *wcd_mbhc_init(struct sn
+
+ INIT_WORK(&mbhc->correct_plug_swch, wcd_correct_swch_plug);
+
+- ret = devm_request_threaded_irq(dev, mbhc->intr_ids->mbhc_sw_intr, NULL,
++ ret = request_threaded_irq(mbhc->intr_ids->mbhc_sw_intr, NULL,
+ wcd_mbhc_mech_plug_detect_irq,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "mbhc sw intr", mbhc);
+ if (ret)
+- goto err;
++ goto err_free_mbhc;
+
+- ret = devm_request_threaded_irq(dev, mbhc->intr_ids->mbhc_btn_press_intr, NULL,
++ ret = request_threaded_irq(mbhc->intr_ids->mbhc_btn_press_intr, NULL,
+ wcd_mbhc_btn_press_handler,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "Button Press detect", mbhc);
+ if (ret)
+- goto err;
++ goto err_free_sw_intr;
+
+- ret = devm_request_threaded_irq(dev, mbhc->intr_ids->mbhc_btn_release_intr, NULL,
++ ret = request_threaded_irq(mbhc->intr_ids->mbhc_btn_release_intr, NULL,
+ wcd_mbhc_btn_release_handler,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "Button Release detect", mbhc);
+ if (ret)
+- goto err;
++ goto err_free_btn_press_intr;
+
+- ret = devm_request_threaded_irq(dev, mbhc->intr_ids->mbhc_hs_ins_intr, NULL,
++ ret = request_threaded_irq(mbhc->intr_ids->mbhc_hs_ins_intr, NULL,
+ wcd_mbhc_adc_hs_ins_irq,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "Elect Insert", mbhc);
+ if (ret)
+- goto err;
++ goto err_free_btn_release_intr;
+
+ disable_irq_nosync(mbhc->intr_ids->mbhc_hs_ins_intr);
+
+- ret = devm_request_threaded_irq(dev, mbhc->intr_ids->mbhc_hs_rem_intr, NULL,
++ ret = request_threaded_irq(mbhc->intr_ids->mbhc_hs_rem_intr, NULL,
+ wcd_mbhc_adc_hs_rem_irq,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "Elect Remove", mbhc);
+ if (ret)
+- goto err;
++ goto err_free_hs_ins_intr;
+
+ disable_irq_nosync(mbhc->intr_ids->mbhc_hs_rem_intr);
+
+- ret = devm_request_threaded_irq(dev, mbhc->intr_ids->hph_left_ocp, NULL,
++ ret = request_threaded_irq(mbhc->intr_ids->hph_left_ocp, NULL,
+ wcd_mbhc_hphl_ocp_irq,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "HPH_L OCP detect", mbhc);
+ if (ret)
+- goto err;
++ goto err_free_hs_rem_intr;
+
+- ret = devm_request_threaded_irq(dev, mbhc->intr_ids->hph_right_ocp, NULL,
++ ret = request_threaded_irq(mbhc->intr_ids->hph_right_ocp, NULL,
+ wcd_mbhc_hphr_ocp_irq,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "HPH_R OCP detect", mbhc);
+ if (ret)
+- goto err;
++ goto err_free_hph_left_ocp;
+
+ return mbhc;
+-err:
++
++err_free_hph_left_ocp:
++ free_irq(mbhc->intr_ids->hph_left_ocp, mbhc);
++err_free_hs_rem_intr:
++ free_irq(mbhc->intr_ids->mbhc_hs_rem_intr, mbhc);
++err_free_hs_ins_intr:
++ free_irq(mbhc->intr_ids->mbhc_hs_ins_intr, mbhc);
++err_free_btn_release_intr:
++ free_irq(mbhc->intr_ids->mbhc_btn_release_intr, mbhc);
++err_free_btn_press_intr:
++ free_irq(mbhc->intr_ids->mbhc_btn_press_intr, mbhc);
++err_free_sw_intr:
++ free_irq(mbhc->intr_ids->mbhc_sw_intr, mbhc);
++err_free_mbhc:
++ kfree(mbhc);
++
+ dev_err(dev, "Failed to request mbhc interrupts %d\n", ret);
+
+ return ERR_PTR(ret);
+@@ -1453,9 +1468,19 @@ EXPORT_SYMBOL(wcd_mbhc_init);
+
+ void wcd_mbhc_deinit(struct wcd_mbhc *mbhc)
+ {
++ free_irq(mbhc->intr_ids->hph_right_ocp, mbhc);
++ free_irq(mbhc->intr_ids->hph_left_ocp, mbhc);
++ free_irq(mbhc->intr_ids->mbhc_hs_rem_intr, mbhc);
++ free_irq(mbhc->intr_ids->mbhc_hs_ins_intr, mbhc);
++ free_irq(mbhc->intr_ids->mbhc_btn_release_intr, mbhc);
++ free_irq(mbhc->intr_ids->mbhc_btn_press_intr, mbhc);
++ free_irq(mbhc->intr_ids->mbhc_sw_intr, mbhc);
++
+ mutex_lock(&mbhc->lock);
+ wcd_cancel_hs_detect_plug(mbhc, &mbhc->correct_plug_swch);
+ mutex_unlock(&mbhc->lock);
++
++ kfree(mbhc);
+ }
+ EXPORT_SYMBOL(wcd_mbhc_deinit);
+
--- /dev/null
+From 798590cc7d3c2b5f3a7548d96dd4d8a081c1bc39 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Wed, 5 Jul 2023 14:30:15 +0200
+Subject: ASoC: codecs: wcd934x: fix resource leaks on component remove
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit 798590cc7d3c2b5f3a7548d96dd4d8a081c1bc39 upstream.
+
+Make sure to release allocated MBHC resources also on component remove.
+
+This is specifically needed to allow probe deferrals of the sound card
+which otherwise fails when reprobing the codec component.
+
+Fixes: 9fb9b1690f0b ("ASoC: codecs: wcd934x: add mbhc support")
+Cc: stable@vger.kernel.org # 5.14
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20230705123018.30903-6-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/codecs/wcd934x.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/sound/soc/codecs/wcd934x.c
++++ b/sound/soc/codecs/wcd934x.c
+@@ -3044,6 +3044,17 @@ static int wcd934x_mbhc_init(struct snd_
+
+ return 0;
+ }
++
++static void wcd934x_mbhc_deinit(struct snd_soc_component *component)
++{
++ struct wcd934x_codec *wcd = snd_soc_component_get_drvdata(component);
++
++ if (!wcd->mbhc)
++ return;
++
++ wcd_mbhc_deinit(wcd->mbhc);
++}
++
+ static int wcd934x_comp_probe(struct snd_soc_component *component)
+ {
+ struct wcd934x_codec *wcd = dev_get_drvdata(component->dev);
+@@ -3077,6 +3088,7 @@ static void wcd934x_comp_remove(struct s
+ {
+ struct wcd934x_codec *wcd = dev_get_drvdata(comp->dev);
+
++ wcd934x_mbhc_deinit(comp);
+ wcd_clsh_ctrl_free(wcd->clsh_ctrl);
+ }
+
--- /dev/null
+From 85a61b1ce461a3f62f1019e5e6423c393c542bff Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Fri, 30 Jun 2023 14:03:18 +0200
+Subject: ASoC: codecs: wcd938x: fix codec initialisation race
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit 85a61b1ce461a3f62f1019e5e6423c393c542bff upstream.
+
+Make sure to resume the codec and soundwire device before trying to read
+the codec variant and configure the device during component probe.
+
+This specifically avoids interpreting (a masked and shifted) -EBUSY
+errno as the variant:
+
+ wcd938x_codec audio-codec: ASoC: error at soc_component_read_no_lock on audio-codec for register: [0x000034b0] -16
+
+when the soundwire device happens to be suspended, which in turn
+prevents some headphone controls from being registered.
+
+Fixes: 8d78602aa87a ("ASoC: codecs: wcd938x: add basic driver")
+Cc: stable@vger.kernel.org # 5.14
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Reported-by: Steev Klimaszewski <steev@kali.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Link: https://lore.kernel.org/r/20230630120318.6571-1-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/codecs/wcd938x.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/sound/soc/codecs/wcd938x.c
++++ b/sound/soc/codecs/wcd938x.c
+@@ -4091,6 +4091,10 @@ static int wcd938x_soc_codec_probe(struc
+
+ snd_soc_component_init_regmap(component, wcd938x->regmap);
+
++ ret = pm_runtime_resume_and_get(dev);
++ if (ret < 0)
++ return ret;
++
+ wcd938x->variant = snd_soc_component_read_field(component,
+ WCD938X_DIGITAL_EFUSE_REG_0,
+ WCD938X_ID_MASK);
+@@ -4108,6 +4112,8 @@ static int wcd938x_soc_codec_probe(struc
+ (WCD938X_DIGITAL_INTR_LEVEL_0 + i), 0);
+ }
+
++ pm_runtime_put(dev);
++
+ wcd938x->hphr_pdm_wd_int = regmap_irq_get_virq(wcd938x->irq_chip,
+ WCD938X_IRQ_HPHR_PDM_WD_INT);
+ wcd938x->hphl_pdm_wd_int = regmap_irq_get_virq(wcd938x->irq_chip,
--- /dev/null
+From ed0dd9205bf69593edb495cb4b086dbae96a3f05 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Wed, 5 Jul 2023 14:30:13 +0200
+Subject: ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit ed0dd9205bf69593edb495cb4b086dbae96a3f05 upstream.
+
+Allocation of the clash control structure may fail so add the missing
+error handling to avoid dereferencing an error pointer.
+
+Fixes: 8d78602aa87a ("ASoC: codecs: wcd938x: add basic driver")
+Cc: stable@vger.kernel.org # 5.14
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20230705123018.30903-4-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/codecs/wcd938x.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/sound/soc/codecs/wcd938x.c
++++ b/sound/soc/codecs/wcd938x.c
+@@ -4086,6 +4086,10 @@ static int wcd938x_soc_codec_probe(struc
+ WCD938X_ID_MASK);
+
+ wcd938x->clsh_info = wcd_clsh_ctrl_alloc(component, WCD938X);
++ if (IS_ERR(wcd938x->clsh_info)) {
++ pm_runtime_put(dev);
++ return PTR_ERR(wcd938x->clsh_info);
++ }
+
+ wcd938x_io_init(wcd938x);
+ /* Set all interrupts as edge triggered */
--- /dev/null
+From 7dfae2631bfbdebecd35fe7b472ab3cc95c9ed66 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Mon, 3 Jul 2023 14:47:01 +0200
+Subject: ASoC: codecs: wcd938x: fix missing mbhc init error handling
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit 7dfae2631bfbdebecd35fe7b472ab3cc95c9ed66 upstream.
+
+MBHC initialisation can fail so add the missing error handling to avoid
+dereferencing an error pointer when later configuring the jack:
+
+ Unable to handle kernel paging request at virtual address fffffffffffffff8
+
+ pc : wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]
+ lr : wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]
+
+ Call trace:
+ wcd_mbhc_start+0x28/0x380 [snd_soc_wcd_mbhc]
+ wcd938x_codec_set_jack+0x28/0x48 [snd_soc_wcd938x]
+ snd_soc_component_set_jack+0x28/0x8c [snd_soc_core]
+ qcom_snd_wcd_jack_setup+0x7c/0x19c [snd_soc_qcom_common]
+ sc8280xp_snd_init+0x20/0x2c [snd_soc_sc8280xp]
+ snd_soc_link_init+0x28/0x90 [snd_soc_core]
+ snd_soc_bind_card+0x628/0xbfc [snd_soc_core]
+ snd_soc_register_card+0xec/0x104 [snd_soc_core]
+ devm_snd_soc_register_card+0x4c/0xa4 [snd_soc_core]
+ sc8280xp_platform_probe+0xf0/0x108 [snd_soc_sc8280xp]
+
+Fixes: bcee7ed09b8e ("ASoC: codecs: wcd938x: add Multi Button Headset Control support")
+Cc: stable@vger.kernel.org # 5.15
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Link: https://lore.kernel.org/r/20230703124701.11734-1-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/codecs/wcd938x.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/soc/codecs/wcd938x.c
++++ b/sound/soc/codecs/wcd938x.c
+@@ -3621,6 +3621,8 @@ static int wcd938x_mbhc_init(struct snd_
+ WCD938X_IRQ_HPHR_OCP_INT);
+
+ wcd938x->wcd_mbhc = wcd_mbhc_init(component, &mbhc_cb, intr_ids, wcd_mbhc_fields, true);
++ if (IS_ERR(wcd938x->wcd_mbhc))
++ return PTR_ERR(wcd938x->wcd_mbhc);
+
+ snd_soc_add_component_controls(component, impedance_detect_controls,
+ ARRAY_SIZE(impedance_detect_controls));
--- /dev/null
+From a3406f87775fee986876e03f93a84385f54d5999 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Wed, 5 Jul 2023 14:30:14 +0200
+Subject: ASoC: codecs: wcd938x: fix resource leaks on component remove
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit a3406f87775fee986876e03f93a84385f54d5999 upstream.
+
+Make sure to release allocated resources on component probe failure and
+on remove.
+
+This is specifically needed to allow probe deferrals of the sound card
+which otherwise fails when reprobing the codec component:
+
+ snd-sc8280xp sound: ASoC: failed to instantiate card -517
+ genirq: Flags mismatch irq 289. 00002001 (HPHR PDM WD INT) vs. 00002001 (HPHR PDM WD INT)
+ wcd938x_codec audio-codec: Failed to request HPHR WD interrupt (-16)
+ genirq: Flags mismatch irq 290. 00002001 (HPHL PDM WD INT) vs. 00002001 (HPHL PDM WD INT)
+ wcd938x_codec audio-codec: Failed to request HPHL WD interrupt (-16)
+ genirq: Flags mismatch irq 291. 00002001 (AUX PDM WD INT) vs. 00002001 (AUX PDM WD INT)
+ wcd938x_codec audio-codec: Failed to request Aux WD interrupt (-16)
+ genirq: Flags mismatch irq 292. 00002001 (mbhc sw intr) vs. 00002001 (mbhc sw intr)
+ wcd938x_codec audio-codec: Failed to request mbhc interrupts -16
+
+Fixes: 8d78602aa87a ("ASoC: codecs: wcd938x: add basic driver")
+Cc: stable@vger.kernel.org # 5.14
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20230705123018.30903-5-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/codecs/wcd938x.c | 55 +++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 48 insertions(+), 7 deletions(-)
+
+--- a/sound/soc/codecs/wcd938x.c
++++ b/sound/soc/codecs/wcd938x.c
+@@ -3629,6 +3629,14 @@ static int wcd938x_mbhc_init(struct snd_
+
+ return 0;
+ }
++
++static void wcd938x_mbhc_deinit(struct snd_soc_component *component)
++{
++ struct wcd938x_priv *wcd938x = snd_soc_component_get_drvdata(component);
++
++ wcd_mbhc_deinit(wcd938x->wcd_mbhc);
++}
++
+ /* END MBHC */
+
+ static const struct snd_kcontrol_new wcd938x_snd_controls[] = {
+@@ -4109,20 +4117,26 @@ static int wcd938x_soc_codec_probe(struc
+ ret = request_threaded_irq(wcd938x->hphr_pdm_wd_int, NULL, wcd938x_wd_handle_irq,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "HPHR PDM WD INT", wcd938x);
+- if (ret)
++ if (ret) {
+ dev_err(dev, "Failed to request HPHR WD interrupt (%d)\n", ret);
++ goto err_free_clsh_ctrl;
++ }
+
+ ret = request_threaded_irq(wcd938x->hphl_pdm_wd_int, NULL, wcd938x_wd_handle_irq,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "HPHL PDM WD INT", wcd938x);
+- if (ret)
++ if (ret) {
+ dev_err(dev, "Failed to request HPHL WD interrupt (%d)\n", ret);
++ goto err_free_hphr_pdm_wd_int;
++ }
+
+ ret = request_threaded_irq(wcd938x->aux_pdm_wd_int, NULL, wcd938x_wd_handle_irq,
+ IRQF_ONESHOT | IRQF_TRIGGER_RISING,
+ "AUX PDM WD INT", wcd938x);
+- if (ret)
++ if (ret) {
+ dev_err(dev, "Failed to request Aux WD interrupt (%d)\n", ret);
++ goto err_free_hphl_pdm_wd_int;
++ }
+
+ /* Disable watchdog interrupt for HPH and AUX */
+ disable_irq_nosync(wcd938x->hphr_pdm_wd_int);
+@@ -4137,7 +4151,7 @@ static int wcd938x_soc_codec_probe(struc
+ dev_err(component->dev,
+ "%s: Failed to add snd ctrls for variant: %d\n",
+ __func__, wcd938x->variant);
+- goto err;
++ goto err_free_aux_pdm_wd_int;
+ }
+ break;
+ case WCD9385:
+@@ -4147,7 +4161,7 @@ static int wcd938x_soc_codec_probe(struc
+ dev_err(component->dev,
+ "%s: Failed to add snd ctrls for variant: %d\n",
+ __func__, wcd938x->variant);
+- goto err;
++ goto err_free_aux_pdm_wd_int;
+ }
+ break;
+ default:
+@@ -4155,12 +4169,38 @@ static int wcd938x_soc_codec_probe(struc
+ }
+
+ ret = wcd938x_mbhc_init(component);
+- if (ret)
++ if (ret) {
+ dev_err(component->dev, "mbhc initialization failed\n");
+-err:
++ goto err_free_aux_pdm_wd_int;
++ }
++
++ return 0;
++
++err_free_aux_pdm_wd_int:
++ free_irq(wcd938x->aux_pdm_wd_int, wcd938x);
++err_free_hphl_pdm_wd_int:
++ free_irq(wcd938x->hphl_pdm_wd_int, wcd938x);
++err_free_hphr_pdm_wd_int:
++ free_irq(wcd938x->hphr_pdm_wd_int, wcd938x);
++err_free_clsh_ctrl:
++ wcd_clsh_ctrl_free(wcd938x->clsh_info);
++
+ return ret;
+ }
+
++static void wcd938x_soc_codec_remove(struct snd_soc_component *component)
++{
++ struct wcd938x_priv *wcd938x = snd_soc_component_get_drvdata(component);
++
++ wcd938x_mbhc_deinit(component);
++
++ free_irq(wcd938x->aux_pdm_wd_int, wcd938x);
++ free_irq(wcd938x->hphl_pdm_wd_int, wcd938x);
++ free_irq(wcd938x->hphr_pdm_wd_int, wcd938x);
++
++ wcd_clsh_ctrl_free(wcd938x->clsh_info);
++}
++
+ static int wcd938x_codec_set_jack(struct snd_soc_component *comp,
+ struct snd_soc_jack *jack, void *data)
+ {
+@@ -4177,6 +4217,7 @@ static int wcd938x_codec_set_jack(struct
+ static const struct snd_soc_component_driver soc_codec_dev_wcd938x = {
+ .name = "wcd938x_codec",
+ .probe = wcd938x_soc_codec_probe,
++ .remove = wcd938x_soc_codec_remove,
+ .controls = wcd938x_snd_controls,
+ .num_controls = ARRAY_SIZE(wcd938x_snd_controls),
+ .dapm_widgets = wcd938x_dapm_widgets,
--- /dev/null
+From 6f49256897083848ce9a59651f6b53fc80462397 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Sat, 1 Jul 2023 11:47:23 +0200
+Subject: ASoC: codecs: wcd938x: fix soundwire initialisation race
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit 6f49256897083848ce9a59651f6b53fc80462397 upstream.
+
+Make sure that the soundwire device used for register accesses has been
+enumerated and initialised before trying to read the codec variant
+during component probe.
+
+This specifically avoids interpreting (a masked and shifted) -EBUSY
+errno as the variant:
+
+ wcd938x_codec audio-codec: ASoC: error at soc_component_read_no_lock on audio-codec for register: [0x000034b0] -16
+
+in case the soundwire device has not yet been initialised, which in turn
+prevents some headphone controls from being registered.
+
+Fixes: 8d78602aa87a ("ASoC: codecs: wcd938x: add basic driver")
+Cc: stable@vger.kernel.org # 5.14
+Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Reported-by: Steev Klimaszewski <steev@kali.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Tested-by: Steev Klimaszewski <steev@kali.org>
+Link: https://lore.kernel.org/r/20230701094723.29379-1-johan+linaro@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/codecs/wcd938x.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/sound/soc/codecs/wcd938x.c
++++ b/sound/soc/codecs/wcd938x.c
+@@ -4086,9 +4086,18 @@ static int wcd938x_irq_init(struct wcd93
+ static int wcd938x_soc_codec_probe(struct snd_soc_component *component)
+ {
+ struct wcd938x_priv *wcd938x = snd_soc_component_get_drvdata(component);
++ struct sdw_slave *tx_sdw_dev = wcd938x->tx_sdw_dev;
+ struct device *dev = component->dev;
++ unsigned long time_left;
+ int ret, i;
+
++ time_left = wait_for_completion_timeout(&tx_sdw_dev->initialization_complete,
++ msecs_to_jiffies(2000));
++ if (!time_left) {
++ dev_err(dev, "soundwire device init timeout\n");
++ return -ETIMEDOUT;
++ }
++
+ snd_soc_component_init_regmap(component, wcd938x->regmap);
+
+ ret = pm_runtime_resume_and_get(dev);
--- /dev/null
+From 269f399dc19f0e5c51711c3ba3bd06e0ef6ef403 Mon Sep 17 00:00:00 2001
+From: Matus Gajdos <matuszpd@gmail.com>
+Date: Wed, 12 Jul 2023 14:49:33 +0200
+Subject: ASoC: fsl_sai: Disable bit clock with transmitter
+
+From: Matus Gajdos <matuszpd@gmail.com>
+
+commit 269f399dc19f0e5c51711c3ba3bd06e0ef6ef403 upstream.
+
+Otherwise bit clock remains running writing invalid data to the DAC.
+
+Signed-off-by: Matus Gajdos <matuszpd@gmail.com>
+Acked-by: Shengjiu Wang <shengjiu.wang@gmail.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20230712124934.32232-1-matuszpd@gmail.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/fsl/fsl_sai.c | 2 +-
+ sound/soc/fsl/fsl_sai.h | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+--- a/sound/soc/fsl/fsl_sai.c
++++ b/sound/soc/fsl/fsl_sai.c
+@@ -560,7 +560,7 @@ static void fsl_sai_config_disable(struc
+ u32 xcsr, count = 100;
+
+ regmap_update_bits(sai->regmap, FSL_SAI_xCSR(tx, ofs),
+- FSL_SAI_CSR_TERE, 0);
++ FSL_SAI_CSR_TERE | FSL_SAI_CSR_BCE, 0);
+
+ /* TERE will remain set till the end of current frame */
+ do {
+--- a/sound/soc/fsl/fsl_sai.h
++++ b/sound/soc/fsl/fsl_sai.h
+@@ -87,6 +87,7 @@
+ /* SAI Transmit/Receive Control Register */
+ #define FSL_SAI_CSR_TERE BIT(31)
+ #define FSL_SAI_CSR_SE BIT(30)
++#define FSL_SAI_CSR_BCE BIT(28)
+ #define FSL_SAI_CSR_FR BIT(25)
+ #define FSL_SAI_CSR_SR BIT(24)
+ #define FSL_SAI_CSR_xF_SHIFT 16
--- /dev/null
+From aa84ce8a78a1a5c10cdf9c7a5fb0c999fbc2c8d6 Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Fri, 14 Jul 2023 13:42:06 +0100
+Subject: btrfs: fix warning when putting transaction with qgroups enabled after abort
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit aa84ce8a78a1a5c10cdf9c7a5fb0c999fbc2c8d6 upstream.
+
+If we have a transaction abort with qgroups enabled we get a warning
+triggered when doing the final put on the transaction, like this:
+
+ [552.6789] ------------[ cut here ]------------
+ [552.6815] WARNING: CPU: 4 PID: 81745 at fs/btrfs/transaction.c:144 btrfs_put_transaction+0x123/0x130 [btrfs]
+ [552.6817] Modules linked in: btrfs blake2b_generic xor (...)
+ [552.6819] CPU: 4 PID: 81745 Comm: btrfs-transacti Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1
+ [552.6819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014
+ [552.6819] RIP: 0010:btrfs_put_transaction+0x123/0x130 [btrfs]
+ [552.6821] Code: bd a0 01 00 (...)
+ [552.6821] RSP: 0018:ffffa168c0527e28 EFLAGS: 00010286
+ [552.6821] RAX: ffff936042caed00 RBX: ffff93604a3eb448 RCX: 0000000000000000
+ [552.6821] RDX: ffff93606421b028 RSI: ffffffff92ff0878 RDI: ffff93606421b010
+ [552.6821] RBP: ffff93606421b000 R08: 0000000000000000 R09: ffffa168c0d07c20
+ [552.6821] R10: 0000000000000000 R11: ffff93608dc52950 R12: ffffa168c0527e70
+ [552.6821] R13: ffff93606421b000 R14: ffff93604a3eb420 R15: ffff93606421b028
+ [552.6821] FS: 0000000000000000(0000) GS:ffff93675fb00000(0000) knlGS:0000000000000000
+ [552.6821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ [552.6821] CR2: 0000558ad262b000 CR3: 000000014feda005 CR4: 0000000000370ee0
+ [552.6822] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ [552.6822] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ [552.6822] Call Trace:
+ [552.6822] <TASK>
+ [552.6822] ? __warn+0x80/0x130
+ [552.6822] ? btrfs_put_transaction+0x123/0x130 [btrfs]
+ [552.6824] ? report_bug+0x1f4/0x200
+ [552.6824] ? handle_bug+0x42/0x70
+ [552.6824] ? exc_invalid_op+0x14/0x70
+ [552.6824] ? asm_exc_invalid_op+0x16/0x20
+ [552.6824] ? btrfs_put_transaction+0x123/0x130 [btrfs]
+ [552.6826] btrfs_cleanup_transaction+0xe7/0x5e0 [btrfs]
+ [552.6828] ? _raw_spin_unlock_irqrestore+0x23/0x40
+ [552.6828] ? try_to_wake_up+0x94/0x5e0
+ [552.6828] ? __pfx_process_timeout+0x10/0x10
+ [552.6828] transaction_kthread+0x103/0x1d0 [btrfs]
+ [552.6830] ? __pfx_transaction_kthread+0x10/0x10 [btrfs]
+ [552.6832] kthread+0xee/0x120
+ [552.6832] ? __pfx_kthread+0x10/0x10
+ [552.6832] ret_from_fork+0x29/0x50
+ [552.6832] </TASK>
+ [552.6832] ---[ end trace 0000000000000000 ]---
+
+This corresponds to this line of code:
+
+ void btrfs_put_transaction(struct btrfs_transaction *transaction)
+ {
+ (...)
+ WARN_ON(!RB_EMPTY_ROOT(
+ &transaction->delayed_refs.dirty_extent_root));
+ (...)
+ }
+
+The warning happens because btrfs_qgroup_destroy_extent_records(), called
+in the transaction abort path, we free all entries from the rbtree
+"dirty_extent_root" with rbtree_postorder_for_each_entry_safe(), but we
+don't actually empty the rbtree - it's still pointing to nodes that were
+freed.
+
+So set the rbtree's root node to NULL to avoid this warning (assign
+RB_ROOT).
+
+Fixes: 81f7eb00ff5b ("btrfs: destroy qgroup extent records on transaction abort")
+CC: stable@vger.kernel.org # 5.10+
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/qgroup.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/qgroup.c
++++ b/fs/btrfs/qgroup.c
+@@ -4342,4 +4342,5 @@ void btrfs_qgroup_destroy_extent_records
+ ulist_free(entry->old_roots);
+ kfree(entry);
+ }
++ *root = RB_ROOT;
+ }
--- /dev/null
+From f1a07c2b4e2c473ec322b8b9ece071b8c88a3512 Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Mon, 3 Jul 2023 12:03:21 +0100
+Subject: btrfs: zoned: fix memory leak after finding block group with super blocks
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit f1a07c2b4e2c473ec322b8b9ece071b8c88a3512 upstream.
+
+At exclude_super_stripes(), if we happen to find a block group that has
+super blocks mapped to it and we are on a zoned filesystem, we error out
+as this is not supposed to happen, indicating either a bug or maybe some
+memory corruption for example. However we are exiting the function without
+freeing the memory allocated for the logical address of the super blocks.
+Fix this by freeing the logical address.
+
+Fixes: 12659251ca5d ("btrfs: implement log-structured superblock for ZONED mode")
+CC: stable@vger.kernel.org # 5.10+
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Reviewed-by: Anand Jain <anand.jain@oracle.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/block-group.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/block-group.c
++++ b/fs/btrfs/block-group.c
+@@ -1855,6 +1855,7 @@ static int exclude_super_stripes(struct
+
+ /* Shouldn't have super stripes in sequential zones */
+ if (zoned && nr) {
++ kfree(logical);
+ btrfs_err(fs_info,
+ "zoned: block group %llu must not contain super block",
+ cache->start);
--- /dev/null
+From 55c3b96074f3f9b0aee19bf93cd71af7516582bb Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Sat, 15 Jul 2023 17:25:43 +0800
+Subject: can: bcm: Fix UAF in bcm_proc_show()
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+commit 55c3b96074f3f9b0aee19bf93cd71af7516582bb upstream.
+
+BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80
+Read of size 8 at addr ffff888155846230 by task cat/7862
+
+CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
+Call Trace:
+ <TASK>
+ dump_stack_lvl+0xd5/0x150
+ print_report+0xc1/0x5e0
+ kasan_report+0xba/0xf0
+ bcm_proc_show+0x969/0xa80
+ seq_read_iter+0x4f6/0x1260
+ seq_read+0x165/0x210
+ proc_reg_read+0x227/0x300
+ vfs_read+0x1d5/0x8d0
+ ksys_read+0x11e/0x240
+ do_syscall_64+0x35/0xb0
+ entry_SYSCALL_64_after_hwframe+0x63/0xcd
+
+Allocated by task 7846:
+ kasan_save_stack+0x1e/0x40
+ kasan_set_track+0x21/0x30
+ __kasan_kmalloc+0x9e/0xa0
+ bcm_sendmsg+0x264b/0x44e0
+ sock_sendmsg+0xda/0x180
+ ____sys_sendmsg+0x735/0x920
+ ___sys_sendmsg+0x11d/0x1b0
+ __sys_sendmsg+0xfa/0x1d0
+ do_syscall_64+0x35/0xb0
+ entry_SYSCALL_64_after_hwframe+0x63/0xcd
+
+Freed by task 7846:
+ kasan_save_stack+0x1e/0x40
+ kasan_set_track+0x21/0x30
+ kasan_save_free_info+0x27/0x40
+ ____kasan_slab_free+0x161/0x1c0
+ slab_free_freelist_hook+0x119/0x220
+ __kmem_cache_free+0xb4/0x2e0
+ rcu_core+0x809/0x1bd0
+
+bcm_op is freed before procfs entry be removed in bcm_release(),
+this lead to bcm_proc_show() may read the freed bcm_op.
+
+Fixes: ffd980f976e7 ("[CAN]: Add broadcast manager (bcm) protocol")
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Reviewed-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Link: https://lore.kernel.org/all/20230715092543.15548-1-yuehaibing@huawei.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/can/bcm.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+--- a/net/can/bcm.c
++++ b/net/can/bcm.c
+@@ -1521,6 +1521,12 @@ static int bcm_release(struct socket *so
+
+ lock_sock(sk);
+
++#if IS_ENABLED(CONFIG_PROC_FS)
++ /* remove procfs entry */
++ if (net->can.bcmproc_dir && bo->bcm_proc_read)
++ remove_proc_entry(bo->procname, net->can.bcmproc_dir);
++#endif /* CONFIG_PROC_FS */
++
+ list_for_each_entry_safe(op, next, &bo->tx_ops, list)
+ bcm_remove_op(op);
+
+@@ -1556,12 +1562,6 @@ static int bcm_release(struct socket *so
+ list_for_each_entry_safe(op, next, &bo->rx_ops, list)
+ bcm_remove_op(op);
+
+-#if IS_ENABLED(CONFIG_PROC_FS)
+- /* remove procfs entry */
+- if (net->can.bcmproc_dir && bo->bcm_proc_read)
+- remove_proc_entry(bo->procname, net->can.bcmproc_dir);
+-#endif /* CONFIG_PROC_FS */
+-
+ /* remove device reference */
+ if (bo->bound) {
+ bo->bound = 0;
--- /dev/null
+From ee8b94c8510ce64afe0b87ef548d23e00915fb10 Mon Sep 17 00:00:00 2001
+From: Ziyang Xuan <william.xuanziyang@huawei.com>
+Date: Tue, 11 Jul 2023 09:17:37 +0800
+Subject: can: raw: fix receiver memory leak
+
+From: Ziyang Xuan <william.xuanziyang@huawei.com>
+
+commit ee8b94c8510ce64afe0b87ef548d23e00915fb10 upstream.
+
+Got kmemleak errors with the following ltp can_filter testcase:
+
+for ((i=1; i<=100; i++))
+do
+ ./can_filter &
+ sleep 0.1
+done
+
+==============================================================
+[<00000000db4a4943>] can_rx_register+0x147/0x360 [can]
+[<00000000a289549d>] raw_setsockopt+0x5ef/0x853 [can_raw]
+[<000000006d3d9ebd>] __sys_setsockopt+0x173/0x2c0
+[<00000000407dbfec>] __x64_sys_setsockopt+0x61/0x70
+[<00000000fd468496>] do_syscall_64+0x33/0x40
+[<00000000b7e47d51>] entry_SYSCALL_64_after_hwframe+0x61/0xc6
+
+It's a bug in the concurrent scenario of unregister_netdevice_many()
+and raw_release() as following:
+
+ cpu0 cpu1
+unregister_netdevice_many(can_dev)
+ unlist_netdevice(can_dev) // dev_get_by_index() return NULL after this
+ net_set_todo(can_dev)
+ raw_release(can_socket)
+ dev = dev_get_by_index(, ro->ifindex); // dev == NULL
+ if (dev) { // receivers in dev_rcv_lists not free because dev is NULL
+ raw_disable_allfilters(, dev, );
+ dev_put(dev);
+ }
+ ...
+ ro->bound = 0;
+ ...
+
+call_netdevice_notifiers(NETDEV_UNREGISTER, )
+ raw_notify(, NETDEV_UNREGISTER, )
+ if (ro->bound) // invalid because ro->bound has been set 0
+ raw_disable_allfilters(, dev, ); // receivers in dev_rcv_lists will never be freed
+
+Add a net_device pointer member in struct raw_sock to record bound
+can_dev, and use rtnl_lock to serialize raw_socket members between
+raw_bind(), raw_release(), raw_setsockopt() and raw_notify(). Use
+ro->dev to decide whether to free receivers in dev_rcv_lists.
+
+Fixes: 8d0caedb7596 ("can: bcm/raw/isotp: use per module netdevice notifier")
+Reviewed-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
+Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
+Link: https://lore.kernel.org/all/20230711011737.1969582-1-william.xuanziyang@huawei.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/can/raw.c | 57 ++++++++++++++++++++++++---------------------------------
+ 1 file changed, 24 insertions(+), 33 deletions(-)
+
+--- a/net/can/raw.c
++++ b/net/can/raw.c
+@@ -83,6 +83,7 @@ struct raw_sock {
+ struct sock sk;
+ int bound;
+ int ifindex;
++ struct net_device *dev;
+ struct list_head notifier;
+ int loopback;
+ int recv_own_msgs;
+@@ -275,7 +276,7 @@ static void raw_notify(struct raw_sock *
+ if (!net_eq(dev_net(dev), sock_net(sk)))
+ return;
+
+- if (ro->ifindex != dev->ifindex)
++ if (ro->dev != dev)
+ return;
+
+ switch (msg) {
+@@ -290,6 +291,7 @@ static void raw_notify(struct raw_sock *
+
+ ro->ifindex = 0;
+ ro->bound = 0;
++ ro->dev = NULL;
+ ro->count = 0;
+ release_sock(sk);
+
+@@ -335,6 +337,7 @@ static int raw_init(struct sock *sk)
+
+ ro->bound = 0;
+ ro->ifindex = 0;
++ ro->dev = NULL;
+
+ /* set default filter to single entry dfilter */
+ ro->dfilter.can_id = 0;
+@@ -382,19 +385,13 @@ static int raw_release(struct socket *so
+
+ lock_sock(sk);
+
++ rtnl_lock();
+ /* remove current filters & unregister */
+ if (ro->bound) {
+- if (ro->ifindex) {
+- struct net_device *dev;
+-
+- dev = dev_get_by_index(sock_net(sk), ro->ifindex);
+- if (dev) {
+- raw_disable_allfilters(dev_net(dev), dev, sk);
+- dev_put(dev);
+- }
+- } else {
++ if (ro->dev)
++ raw_disable_allfilters(dev_net(ro->dev), ro->dev, sk);
++ else
+ raw_disable_allfilters(sock_net(sk), NULL, sk);
+- }
+ }
+
+ if (ro->count > 1)
+@@ -402,8 +399,10 @@ static int raw_release(struct socket *so
+
+ ro->ifindex = 0;
+ ro->bound = 0;
++ ro->dev = NULL;
+ ro->count = 0;
+ free_percpu(ro->uniq);
++ rtnl_unlock();
+
+ sock_orphan(sk);
+ sock->sk = NULL;
+@@ -419,6 +418,7 @@ static int raw_bind(struct socket *sock,
+ struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
+ struct sock *sk = sock->sk;
+ struct raw_sock *ro = raw_sk(sk);
++ struct net_device *dev = NULL;
+ int ifindex;
+ int err = 0;
+ int notify_enetdown = 0;
+@@ -428,14 +428,13 @@ static int raw_bind(struct socket *sock,
+ if (addr->can_family != AF_CAN)
+ return -EINVAL;
+
++ rtnl_lock();
+ lock_sock(sk);
+
+ if (ro->bound && addr->can_ifindex == ro->ifindex)
+ goto out;
+
+ if (addr->can_ifindex) {
+- struct net_device *dev;
+-
+ dev = dev_get_by_index(sock_net(sk), addr->can_ifindex);
+ if (!dev) {
+ err = -ENODEV;
+@@ -464,26 +463,20 @@ static int raw_bind(struct socket *sock,
+ if (!err) {
+ if (ro->bound) {
+ /* unregister old filters */
+- if (ro->ifindex) {
+- struct net_device *dev;
+-
+- dev = dev_get_by_index(sock_net(sk),
+- ro->ifindex);
+- if (dev) {
+- raw_disable_allfilters(dev_net(dev),
+- dev, sk);
+- dev_put(dev);
+- }
+- } else {
++ if (ro->dev)
++ raw_disable_allfilters(dev_net(ro->dev),
++ ro->dev, sk);
++ else
+ raw_disable_allfilters(sock_net(sk), NULL, sk);
+- }
+ }
+ ro->ifindex = ifindex;
+ ro->bound = 1;
++ ro->dev = dev;
+ }
+
+ out:
+ release_sock(sk);
++ rtnl_unlock();
+
+ if (notify_enetdown) {
+ sk->sk_err = ENETDOWN;
+@@ -549,9 +542,9 @@ static int raw_setsockopt(struct socket
+ rtnl_lock();
+ lock_sock(sk);
+
+- if (ro->bound && ro->ifindex) {
+- dev = dev_get_by_index(sock_net(sk), ro->ifindex);
+- if (!dev) {
++ dev = ro->dev;
++ if (ro->bound && dev) {
++ if (dev->reg_state != NETREG_REGISTERED) {
+ if (count > 1)
+ kfree(filter);
+ err = -ENODEV;
+@@ -592,7 +585,6 @@ static int raw_setsockopt(struct socket
+ ro->count = count;
+
+ out_fil:
+- dev_put(dev);
+ release_sock(sk);
+ rtnl_unlock();
+
+@@ -610,9 +602,9 @@ static int raw_setsockopt(struct socket
+ rtnl_lock();
+ lock_sock(sk);
+
+- if (ro->bound && ro->ifindex) {
+- dev = dev_get_by_index(sock_net(sk), ro->ifindex);
+- if (!dev) {
++ dev = ro->dev;
++ if (ro->bound && dev) {
++ if (dev->reg_state != NETREG_REGISTERED) {
+ err = -ENODEV;
+ goto out_err;
+ }
+@@ -636,7 +628,6 @@ static int raw_setsockopt(struct socket
+ ro->err_mask = err_mask;
+
+ out_err:
+- dev_put(dev);
+ release_sock(sk);
+ rtnl_unlock();
+
--- /dev/null
+From a460beefe77d780ac48f19d39333852a7f93ffc1 Mon Sep 17 00:00:00 2001
+From: Zhikai Zhai <zhikai.zhai@amd.com>
+Date: Fri, 30 Jun 2023 11:35:14 +0800
+Subject: drm/amd/display: Disable MPC split by default on special asic
+
+From: Zhikai Zhai <zhikai.zhai@amd.com>
+
+commit a460beefe77d780ac48f19d39333852a7f93ffc1 upstream.
+
+[WHY]
+All of pipes will be used when the MPC split enable on the dcn
+which just has 2 pipes. Then MPO enter will trigger the minimal
+transition which need programe dcn from 2 pipes MPC split to 2
+pipes MPO. This action will cause lag if happen frequently.
+
+[HOW]
+Disable the MPC split for the platform which dcn resource is limited
+
+Cc: Mario Limonciello <mario.limonciello@amd.com>
+Cc: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Alvin Lee <alvin.lee2@amd.com>
+Acked-by: Alan Liu <haoping.liu@amd.com>
+Signed-off-by: Zhikai Zhai <zhikai.zhai@amd.com>
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/dc/dcn303/dcn303_resource.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/display/dc/dcn303/dcn303_resource.c
++++ b/drivers/gpu/drm/amd/display/dc/dcn303/dcn303_resource.c
+@@ -193,7 +193,7 @@ static const struct dc_debug_options deb
+ .timing_trace = false,
+ .clock_trace = true,
+ .disable_pplib_clock_request = true,
+- .pipe_split_policy = MPC_SPLIT_DYNAMIC,
++ .pipe_split_policy = MPC_SPLIT_AVOID,
+ .force_single_disp_pipe_split = false,
+ .disable_dcc = DCC_ENABLE,
+ .vsr_support = true,
--- /dev/null
+From 2387ccf43e3c6cb5dbd757c5ef410cca9f14b971 Mon Sep 17 00:00:00 2001
+From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Date: Thu, 29 Jun 2023 10:35:59 -0400
+Subject: drm/amd/display: Keep PHY active for DP displays on DCN31
+
+From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+
+commit 2387ccf43e3c6cb5dbd757c5ef410cca9f14b971 upstream.
+
+[Why & How]
+Port of a change that went into DCN314 to keep the PHY enabled
+when we have a connected and active DP display.
+
+The PHY can hang if PHY refclk is disabled inadvertently.
+
+Cc: Mario Limonciello <mario.limonciello@amd.com>
+Cc: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Josip Pavic <josip.pavic@amd.com>
+Acked-by: Alan Liu <haoping.liu@amd.com>
+Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c
++++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dcn31/dcn31_clk_mgr.c
+@@ -81,6 +81,11 @@ int dcn31_get_active_display_cnt_wa(
+ stream->signal == SIGNAL_TYPE_DVI_SINGLE_LINK ||
+ stream->signal == SIGNAL_TYPE_DVI_DUAL_LINK)
+ tmds_present = true;
++
++ /* Checking stream / link detection ensuring that PHY is active*/
++ if (dc_is_dp_signal(stream->signal) && !stream->dpms_off)
++ display_count++;
++
+ }
+
+ for (i = 0; i < dc->link_count; i++) {
--- /dev/null
+From 2329cc7a101af1a844fbf706c0724c0baea38365 Mon Sep 17 00:00:00 2001
+From: Jocelyn Falempe <jfalempe@redhat.com>
+Date: Tue, 11 Jul 2023 11:20:44 +0200
+Subject: drm/client: Fix memory leak in drm_client_modeset_probe
+
+From: Jocelyn Falempe <jfalempe@redhat.com>
+
+commit 2329cc7a101af1a844fbf706c0724c0baea38365 upstream.
+
+When a new mode is set to modeset->mode, the previous mode should be freed.
+This fixes the following kmemleak report:
+
+drm_mode_duplicate+0x45/0x220 [drm]
+drm_client_modeset_probe+0x944/0xf50 [drm]
+__drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]
+drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]
+drm_client_register+0x169/0x240 [drm]
+ast_pci_probe+0x142/0x190 [ast]
+local_pci_probe+0xdc/0x180
+work_for_cpu_fn+0x4e/0xa0
+process_one_work+0x8b7/0x1540
+worker_thread+0x70a/0xed0
+kthread+0x29f/0x340
+ret_from_fork+0x1f/0x30
+
+cc: <stable@vger.kernel.org>
+Reported-by: Zhang Yi <yizhan@redhat.com>
+Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230711092203.68157-3-jfalempe@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/drm_client_modeset.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/gpu/drm/drm_client_modeset.c
++++ b/drivers/gpu/drm/drm_client_modeset.c
+@@ -865,6 +865,7 @@ int drm_client_modeset_probe(struct drm_
+ break;
+ }
+
++ kfree(modeset->mode);
+ modeset->mode = drm_mode_duplicate(dev, mode);
+ drm_connector_get(connector);
+ modeset->connectors[modeset->num_connectors++] = connector;
--- /dev/null
+From c2a88e8bdf5f6239948d75283d0ae7e0c7945b03 Mon Sep 17 00:00:00 2001
+From: Jocelyn Falempe <jfalempe@redhat.com>
+Date: Tue, 11 Jul 2023 11:20:43 +0200
+Subject: drm/client: Fix memory leak in drm_client_target_cloned
+
+From: Jocelyn Falempe <jfalempe@redhat.com>
+
+commit c2a88e8bdf5f6239948d75283d0ae7e0c7945b03 upstream.
+
+dmt_mode is allocated and never freed in this function.
+It was found with the ast driver, but most drivers using generic fbdev
+setup are probably affected.
+
+This fixes the following kmemleak report:
+ backtrace:
+ [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm]
+ [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm]
+ [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm]
+ [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper]
+ [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper]
+ [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm]
+ [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast]
+ [<00000000987f19bb>] local_pci_probe+0xdc/0x180
+ [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0
+ [<0000000000b85301>] process_one_work+0x8b7/0x1540
+ [<000000003375b17c>] worker_thread+0x70a/0xed0
+ [<00000000b0d43cd9>] kthread+0x29f/0x340
+ [<000000008d770833>] ret_from_fork+0x1f/0x30
+unreferenced object 0xff11000333089a00 (size 128):
+
+cc: <stable@vger.kernel.org>
+Fixes: 1d42bbc8f7f9 ("drm/fbdev: fix cloning on fbcon")
+Reported-by: Zhang Yi <yizhan@redhat.com>
+Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Thomas Zimmermann <tzimmermann@suse.de>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230711092203.68157-2-jfalempe@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/drm_client_modeset.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/gpu/drm/drm_client_modeset.c
++++ b/drivers/gpu/drm/drm_client_modeset.c
+@@ -309,6 +309,9 @@ static bool drm_client_target_cloned(str
+ can_clone = true;
+ dmt_mode = drm_mode_find_dmt(dev, 1024, 768, 60, false);
+
++ if (!dmt_mode)
++ goto fail;
++
+ for (i = 0; i < connector_count; i++) {
+ if (!enabled[i])
+ continue;
+@@ -324,11 +327,13 @@ static bool drm_client_target_cloned(str
+ if (!modes[i])
+ can_clone = false;
+ }
++ kfree(dmt_mode);
+
+ if (can_clone) {
+ DRM_DEBUG_KMS("can clone using 1024x768\n");
+ return true;
+ }
++fail:
+ DRM_INFO("kms: can't enable cloning when we probably wanted to.\n");
+ return false;
+ }
--- /dev/null
+From 6a567e920fd0451bf29abc418df96c3365925770 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 7 Jun 2023 17:49:21 +0200
+Subject: fuse: ioctl: translate ENOSYS in outarg
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 6a567e920fd0451bf29abc418df96c3365925770 upstream.
+
+Fuse shouldn't return ENOSYS from its ioctl implementation. If userspace
+responds with ENOSYS it should be translated to ENOTTY.
+
+There are two ways to return an error from the IOCTL request:
+
+ - fuse_out_header.error
+ - fuse_ioctl_out.result
+
+Commit 02c0cab8e734 ("fuse: ioctl: translate ENOSYS") already fixed this
+issue for the first case, but missed the second case. This patch fixes the
+second case.
+
+Reported-by: Jonathan Katz <jkatz@eitmlabs.org>
+Closes: https://lore.kernel.org/all/CALKgVmcC1VUV_gJVq70n--omMJZUb4HSh_FqvLTHgNBc+HCLFQ@mail.gmail.com/
+Fixes: 02c0cab8e734 ("fuse: ioctl: translate ENOSYS")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/fuse/ioctl.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+--- a/fs/fuse/ioctl.c
++++ b/fs/fuse/ioctl.c
+@@ -9,14 +9,23 @@
+ #include <linux/compat.h>
+ #include <linux/fileattr.h>
+
+-static ssize_t fuse_send_ioctl(struct fuse_mount *fm, struct fuse_args *args)
++static ssize_t fuse_send_ioctl(struct fuse_mount *fm, struct fuse_args *args,
++ struct fuse_ioctl_out *outarg)
+ {
+- ssize_t ret = fuse_simple_request(fm, args);
++ ssize_t ret;
++
++ args->out_args[0].size = sizeof(*outarg);
++ args->out_args[0].value = outarg;
++
++ ret = fuse_simple_request(fm, args);
+
+ /* Translate ENOSYS, which shouldn't be returned from fs */
+ if (ret == -ENOSYS)
+ ret = -ENOTTY;
+
++ if (ret >= 0 && outarg->result == -ENOSYS)
++ outarg->result = -ENOTTY;
++
+ return ret;
+ }
+
+@@ -264,13 +273,11 @@ long fuse_do_ioctl(struct file *file, un
+ }
+
+ ap.args.out_numargs = 2;
+- ap.args.out_args[0].size = sizeof(outarg);
+- ap.args.out_args[0].value = &outarg;
+ ap.args.out_args[1].size = out_size;
+ ap.args.out_pages = true;
+ ap.args.out_argvar = true;
+
+- transferred = fuse_send_ioctl(fm, &ap.args);
++ transferred = fuse_send_ioctl(fm, &ap.args, &outarg);
+ err = transferred;
+ if (transferred < 0)
+ goto out;
+@@ -399,12 +406,10 @@ static int fuse_priv_ioctl(struct inode
+ args.in_args[1].size = inarg.in_size;
+ args.in_args[1].value = ptr;
+ args.out_numargs = 2;
+- args.out_args[0].size = sizeof(outarg);
+- args.out_args[0].value = &outarg;
+ args.out_args[1].size = inarg.out_size;
+ args.out_args[1].value = ptr;
+
+- err = fuse_send_ioctl(fm, &args);
++ err = fuse_send_ioctl(fm, &args, &outarg);
+ if (!err) {
+ if (outarg.result < 0)
+ err = outarg.result;
--- /dev/null
+From a9d1c4c6df0e568207907c04aed9e7beb1294c42 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 7 Jun 2023 17:49:20 +0200
+Subject: fuse: revalidate: don't invalidate if interrupted
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit a9d1c4c6df0e568207907c04aed9e7beb1294c42 upstream.
+
+If the LOOKUP request triggered from fuse_dentry_revalidate() is
+interrupted, then the dentry will be invalidated, possibly resulting in
+submounts being unmounted.
+
+Reported-by: Xu Rongbo <xurongbo@baidu.com>
+Closes: https://lore.kernel.org/all/CAJfpegswN_CJJ6C3RZiaK6rpFmNyWmXfaEpnQUJ42KCwNF5tWw@mail.gmail.com/
+Fixes: 9e6268db496a ("[PATCH] FUSE - read-write operations")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/fuse/dir.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/fuse/dir.c
++++ b/fs/fuse/dir.c
+@@ -249,7 +249,7 @@ static int fuse_dentry_revalidate(struct
+ spin_unlock(&fi->lock);
+ }
+ kfree(forget);
+- if (ret == -ENOMEM)
++ if (ret == -ENOMEM || ret == -EINTR)
+ goto out;
+ if (ret || fuse_invalid_attr(&outarg.attr) ||
+ fuse_stale_inode(inode, outarg.generation, &outarg.attr))
--- /dev/null
+From d55901522f96082a43b9842d34867363c0cdbac5 Mon Sep 17 00:00:00 2001
+From: Petr Pavlu <petr.pavlu@suse.com>
+Date: Thu, 23 Mar 2023 14:04:12 +0100
+Subject: keys: Fix linking a duplicate key to a keyring's assoc_array
+
+From: Petr Pavlu <petr.pavlu@suse.com>
+
+commit d55901522f96082a43b9842d34867363c0cdbac5 upstream.
+
+When making a DNS query inside the kernel using dns_query(), the request
+code can in rare cases end up creating a duplicate index key in the
+assoc_array of the destination keyring. It is eventually found by
+a BUG_ON() check in the assoc_array implementation and results in
+a crash.
+
+Example report:
+[2158499.700025] kernel BUG at ../lib/assoc_array.c:652!
+[2158499.700039] invalid opcode: 0000 [#1] SMP PTI
+[2158499.700065] CPU: 3 PID: 31985 Comm: kworker/3:1 Kdump: loaded Not tainted 5.3.18-150300.59.90-default #1 SLE15-SP3
+[2158499.700096] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
+[2158499.700351] Workqueue: cifsiod cifs_resolve_server [cifs]
+[2158499.700380] RIP: 0010:assoc_array_insert+0x85f/0xa40
+[2158499.700401] Code: ff 74 2b 48 8b 3b 49 8b 45 18 4c 89 e6 48 83 e7 fe e8 95 ec 74 00 3b 45 88 7d db 85 c0 79 d4 0f 0b 0f 0b 0f 0b e8 41 f2 be ff <0f> 0b 0f 0b 81 7d 88 ff ff ff 7f 4c 89 eb 4c 8b ad 58 ff ff ff 0f
+[2158499.700448] RSP: 0018:ffffc0bd6187faf0 EFLAGS: 00010282
+[2158499.700470] RAX: ffff9f1ea7da2fe8 RBX: ffff9f1ea7da2fc1 RCX: 0000000000000005
+[2158499.700492] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000
+[2158499.700515] RBP: ffffc0bd6187fbb0 R08: ffff9f185faf1100 R09: 0000000000000000
+[2158499.700538] R10: ffff9f1ea7da2cc0 R11: 000000005ed8cec8 R12: ffffc0bd6187fc28
+[2158499.700561] R13: ffff9f15feb8d000 R14: ffff9f1ea7da2fc0 R15: ffff9f168dc0d740
+[2158499.700585] FS: 0000000000000000(0000) GS:ffff9f185fac0000(0000) knlGS:0000000000000000
+[2158499.700610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[2158499.700630] CR2: 00007fdd94fca238 CR3: 0000000809d8c006 CR4: 00000000003706e0
+[2158499.700702] Call Trace:
+[2158499.700741] ? key_alloc+0x447/0x4b0
+[2158499.700768] ? __key_link_begin+0x43/0xa0
+[2158499.700790] __key_link_begin+0x43/0xa0
+[2158499.700814] request_key_and_link+0x2c7/0x730
+[2158499.700847] ? dns_resolver_read+0x20/0x20 [dns_resolver]
+[2158499.700873] ? key_default_cmp+0x20/0x20
+[2158499.700898] request_key_tag+0x43/0xa0
+[2158499.700926] dns_query+0x114/0x2ca [dns_resolver]
+[2158499.701127] dns_resolve_server_name_to_ip+0x194/0x310 [cifs]
+[2158499.701164] ? scnprintf+0x49/0x90
+[2158499.701190] ? __switch_to_asm+0x40/0x70
+[2158499.701211] ? __switch_to_asm+0x34/0x70
+[2158499.701405] reconn_set_ipaddr_from_hostname+0x81/0x2a0 [cifs]
+[2158499.701603] cifs_resolve_server+0x4b/0xd0 [cifs]
+[2158499.701632] process_one_work+0x1f8/0x3e0
+[2158499.701658] worker_thread+0x2d/0x3f0
+[2158499.701682] ? process_one_work+0x3e0/0x3e0
+[2158499.701703] kthread+0x10d/0x130
+[2158499.701723] ? kthread_park+0xb0/0xb0
+[2158499.701746] ret_from_fork+0x1f/0x40
+
+The situation occurs as follows:
+* Some kernel facility invokes dns_query() to resolve a hostname, for
+ example, "abcdef". The function registers its global DNS resolver
+ cache as current->cred.thread_keyring and passes the query to
+ request_key_net() -> request_key_tag() -> request_key_and_link().
+* Function request_key_and_link() creates a keyring_search_context
+ object. Its match_data.cmp method gets set via a call to
+ type->match_preparse() (resolves to dns_resolver_match_preparse()) to
+ dns_resolver_cmp().
+* Function request_key_and_link() continues and invokes
+ search_process_keyrings_rcu() which returns that a given key was not
+ found. The control is then passed to request_key_and_link() ->
+ construct_alloc_key().
+* Concurrently to that, a second task similarly makes a DNS query for
+ "abcdef." and its result gets inserted into the DNS resolver cache.
+* Back on the first task, function construct_alloc_key() first runs
+ __key_link_begin() to determine an assoc_array_edit operation to
+ insert a new key. Index keys in the array are compared exactly as-is,
+ using keyring_compare_object(). The operation finds that "abcdef" is
+ not yet present in the destination keyring.
+* Function construct_alloc_key() continues and checks if a given key is
+ already present on some keyring by again calling
+ search_process_keyrings_rcu(). This search is done using
+ dns_resolver_cmp() and "abcdef" gets matched with now present key
+ "abcdef.".
+* The found key is linked on the destination keyring by calling
+ __key_link() and using the previously calculated assoc_array_edit
+ operation. This inserts the "abcdef." key in the array but creates
+ a duplicity because the same index key is already present.
+
+Fix the problem by postponing __key_link_begin() in
+construct_alloc_key() until an actual key which should be linked into
+the destination keyring is determined.
+
+[jarkko@kernel.org: added a fixes tag and cc to stable]
+Cc: stable@vger.kernel.org # v5.3+
+Fixes: df593ee23e05 ("keys: Hoist locking out of __key_link_begin()")
+Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
+Reviewed-by: Joey Lee <jlee@suse.com>
+Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
+Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ security/keys/request_key.c | 35 ++++++++++++++++++++++++-----------
+ 1 file changed, 24 insertions(+), 11 deletions(-)
+
+--- a/security/keys/request_key.c
++++ b/security/keys/request_key.c
+@@ -401,17 +401,21 @@ static int construct_alloc_key(struct ke
+ set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
+
+ if (dest_keyring) {
+- ret = __key_link_lock(dest_keyring, &ctx->index_key);
++ ret = __key_link_lock(dest_keyring, &key->index_key);
+ if (ret < 0)
+ goto link_lock_failed;
+- ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit);
+- if (ret < 0)
+- goto link_prealloc_failed;
+ }
+
+- /* attach the key to the destination keyring under lock, but we do need
++ /*
++ * Attach the key to the destination keyring under lock, but we do need
+ * to do another check just in case someone beat us to it whilst we
+- * waited for locks */
++ * waited for locks.
++ *
++ * The caller might specify a comparison function which looks for keys
++ * that do not exactly match but are still equivalent from the caller's
++ * perspective. The __key_link_begin() operation must be done only after
++ * an actual key is determined.
++ */
+ mutex_lock(&key_construction_mutex);
+
+ rcu_read_lock();
+@@ -420,12 +424,16 @@ static int construct_alloc_key(struct ke
+ if (!IS_ERR(key_ref))
+ goto key_already_present;
+
+- if (dest_keyring)
++ if (dest_keyring) {
++ ret = __key_link_begin(dest_keyring, &key->index_key, &edit);
++ if (ret < 0)
++ goto link_alloc_failed;
+ __key_link(dest_keyring, key, &edit);
++ }
+
+ mutex_unlock(&key_construction_mutex);
+ if (dest_keyring)
+- __key_link_end(dest_keyring, &ctx->index_key, edit);
++ __key_link_end(dest_keyring, &key->index_key, edit);
+ mutex_unlock(&user->cons_lock);
+ *_key = key;
+ kleave(" = 0 [%d]", key_serial(key));
+@@ -438,10 +446,13 @@ key_already_present:
+ mutex_unlock(&key_construction_mutex);
+ key = key_ref_to_ptr(key_ref);
+ if (dest_keyring) {
++ ret = __key_link_begin(dest_keyring, &key->index_key, &edit);
++ if (ret < 0)
++ goto link_alloc_failed_unlocked;
+ ret = __key_link_check_live_key(dest_keyring, key);
+ if (ret == 0)
+ __key_link(dest_keyring, key, &edit);
+- __key_link_end(dest_keyring, &ctx->index_key, edit);
++ __key_link_end(dest_keyring, &key->index_key, edit);
+ if (ret < 0)
+ goto link_check_failed;
+ }
+@@ -456,8 +467,10 @@ link_check_failed:
+ kleave(" = %d [linkcheck]", ret);
+ return ret;
+
+-link_prealloc_failed:
+- __key_link_end(dest_keyring, &ctx->index_key, edit);
++link_alloc_failed:
++ mutex_unlock(&key_construction_mutex);
++link_alloc_failed_unlocked:
++ __key_link_end(dest_keyring, &key->index_key, edit);
+ link_lock_failed:
+ mutex_unlock(&user->cons_lock);
+ key_put(key);
--- /dev/null
+From 56cbeacf143530576905623ac72ae0964f3293a6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Georg=20M=C3=BCller?= <georgmueller@gmx.net>
+Date: Wed, 28 Jun 2023 10:45:50 +0200
+Subject: perf probe: Add test for regression introduced by switch to die_get_decl_file()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Georg Müller <georgmueller@gmx.net>
+
+commit 56cbeacf143530576905623ac72ae0964f3293a6 upstream.
+
+This patch adds a test to validate that 'perf probe' works for binaries
+where DWARF info is split into multiple CUs
+
+Signed-off-by: Georg Müller <georgmueller@gmx.net>
+Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Cc: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
+Cc: Ian Rogers <irogers@google.com>
+Cc: Ingo Molnar <mingo@redhat.com>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: regressions@lists.linux.dev
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20230628084551.1860532-5-georgmueller@gmx.net
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/perf/tests/shell/test_uprobe_from_different_cu.sh | 77 ++++++++++++++++
+ 1 file changed, 77 insertions(+)
+ create mode 100755 tools/perf/tests/shell/test_uprobe_from_different_cu.sh
+
+--- /dev/null
++++ b/tools/perf/tests/shell/test_uprobe_from_different_cu.sh
+@@ -0,0 +1,77 @@
++#!/bin/bash
++# test perf probe of function from different CU
++# SPDX-License-Identifier: GPL-2.0
++
++set -e
++
++temp_dir=$(mktemp -d /tmp/perf-uprobe-different-cu-sh.XXXXXXXXXX)
++
++cleanup()
++{
++ trap - EXIT TERM INT
++ if [[ "${temp_dir}" =~ ^/tmp/perf-uprobe-different-cu-sh.*$ ]]; then
++ echo "--- Cleaning up ---"
++ perf probe -x ${temp_dir}/testfile -d foo
++ rm -f "${temp_dir}/"*
++ rmdir "${temp_dir}"
++ fi
++}
++
++trap_cleanup()
++{
++ cleanup
++ exit 1
++}
++
++trap trap_cleanup EXIT TERM INT
++
++cat > ${temp_dir}/testfile-foo.h << EOF
++struct t
++{
++ int *p;
++ int c;
++};
++
++extern int foo (int i, struct t *t);
++EOF
++
++cat > ${temp_dir}/testfile-foo.c << EOF
++#include "testfile-foo.h"
++
++int
++foo (int i, struct t *t)
++{
++ int j, res = 0;
++ for (j = 0; j < i && j < t->c; j++)
++ res += t->p[j];
++
++ return res;
++}
++EOF
++
++cat > ${temp_dir}/testfile-main.c << EOF
++#include "testfile-foo.h"
++
++static struct t g;
++
++int
++main (int argc, char **argv)
++{
++ int i;
++ int j[argc];
++ g.c = argc;
++ g.p = j;
++ for (i = 0; i < argc; i++)
++ j[i] = (int) argv[i][0];
++ return foo (3, &g);
++}
++EOF
++
++gcc -g -Og -flto -c ${temp_dir}/testfile-foo.c -o ${temp_dir}/testfile-foo.o
++gcc -g -Og -c ${temp_dir}/testfile-main.c -o ${temp_dir}/testfile-main.o
++gcc -g -Og -o ${temp_dir}/testfile ${temp_dir}/testfile-foo.o ${temp_dir}/testfile-main.o
++
++perf probe -x ${temp_dir}/testfile --funcs foo
++perf probe -x ${temp_dir}/testfile foo
++
++cleanup
--- /dev/null
+From 0c9d2eb5e94792fe64019008a04d4df5e57625af Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@kernel.org>
+Date: Wed, 12 Jul 2023 12:16:40 +0100
+Subject: regmap: Account for register length in SMBus I/O limits
+
+From: Mark Brown <broonie@kernel.org>
+
+commit 0c9d2eb5e94792fe64019008a04d4df5e57625af upstream.
+
+The SMBus I2C buses have limits on the size of transfers they can do but
+do not factor in the register length meaning we may try to do a transfer
+longer than our length limit, the core will not take care of this.
+Future changes will factor this out into the core but there are a number
+of users that assume current behaviour so let's just do something
+conservative here.
+
+This does not take account padding bits but practically speaking these
+are very rarely if ever used on I2C buses given that they generally run
+slowly enough to mean there's no issue.
+
+Cc: stable@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Reviewed-by: Xu Yilun <yilun.xu@intel.com>
+Link: https://lore.kernel.org/r/20230712-regmap-max-transfer-v1-2-80e2aed22e83@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/base/regmap/regmap-i2c.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/base/regmap/regmap-i2c.c
++++ b/drivers/base/regmap/regmap-i2c.c
+@@ -242,8 +242,8 @@ static int regmap_i2c_smbus_i2c_read(voi
+ static const struct regmap_bus regmap_i2c_smbus_i2c_block = {
+ .write = regmap_i2c_smbus_i2c_write,
+ .read = regmap_i2c_smbus_i2c_read,
+- .max_raw_read = I2C_SMBUS_BLOCK_MAX,
+- .max_raw_write = I2C_SMBUS_BLOCK_MAX,
++ .max_raw_read = I2C_SMBUS_BLOCK_MAX - 1,
++ .max_raw_write = I2C_SMBUS_BLOCK_MAX - 1,
+ };
+
+ static int regmap_i2c_smbus_i2c_write_reg16(void *context, const void *data,
+@@ -299,8 +299,8 @@ static int regmap_i2c_smbus_i2c_read_reg
+ static const struct regmap_bus regmap_i2c_smbus_i2c_block_reg16 = {
+ .write = regmap_i2c_smbus_i2c_write_reg16,
+ .read = regmap_i2c_smbus_i2c_read_reg16,
+- .max_raw_read = I2C_SMBUS_BLOCK_MAX,
+- .max_raw_write = I2C_SMBUS_BLOCK_MAX,
++ .max_raw_read = I2C_SMBUS_BLOCK_MAX - 2,
++ .max_raw_write = I2C_SMBUS_BLOCK_MAX - 2,
+ };
+
+ static const struct regmap_bus *regmap_get_i2c_bus(struct i2c_client *i2c,
--- /dev/null
+From bc64734825c59e18a27ac266b07e14944c111fd8 Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@kernel.org>
+Date: Wed, 12 Jul 2023 12:16:39 +0100
+Subject: regmap: Drop initial version of maximum transfer length fixes
+
+From: Mark Brown <broonie@kernel.org>
+
+commit bc64734825c59e18a27ac266b07e14944c111fd8 upstream.
+
+When problems were noticed with the register address not being taken
+into account when limiting raw transfers with I2C devices we fixed this
+in the core. Unfortunately it has subsequently been realised that a lot
+of buses were relying on the prior behaviour, partly due to unclear
+documentation not making it obvious what was intended in the core. This
+is all more involved to fix than is sensible for a fix commit so let's
+just drop the original fixes, a separate commit will fix the originally
+observed problem in an I2C specific way
+
+Fixes: 3981514180c9 ("regmap: Account for register length when chunking")
+Fixes: c8e796895e23 ("regmap: spi-avmm: Fix regmap_bus max_raw_write")
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Reviewed-by: Xu Yilun <yilun.xu@intel.com>
+Cc: stable@kernel.org
+Link: https://lore.kernel.org/r/20230712-regmap-max-transfer-v1-1-80e2aed22e83@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/base/regmap/regmap-spi-avmm.c | 2 +-
+ drivers/base/regmap/regmap.c | 6 ++----
+ 2 files changed, 3 insertions(+), 5 deletions(-)
+
+--- a/drivers/base/regmap/regmap-spi-avmm.c
++++ b/drivers/base/regmap/regmap-spi-avmm.c
+@@ -666,7 +666,7 @@ static const struct regmap_bus regmap_sp
+ .reg_format_endian_default = REGMAP_ENDIAN_NATIVE,
+ .val_format_endian_default = REGMAP_ENDIAN_NATIVE,
+ .max_raw_read = SPI_AVMM_VAL_SIZE * MAX_READ_CNT,
+- .max_raw_write = SPI_AVMM_REG_SIZE + SPI_AVMM_VAL_SIZE * MAX_WRITE_CNT,
++ .max_raw_write = SPI_AVMM_VAL_SIZE * MAX_WRITE_CNT,
+ .free_context = spi_avmm_bridge_ctx_free,
+ };
+
+--- a/drivers/base/regmap/regmap.c
++++ b/drivers/base/regmap/regmap.c
+@@ -2041,8 +2041,6 @@ int _regmap_raw_write(struct regmap *map
+ size_t val_count = val_len / val_bytes;
+ size_t chunk_count, chunk_bytes;
+ size_t chunk_regs = val_count;
+- size_t max_data = map->max_raw_write - map->format.reg_bytes -
+- map->format.pad_bytes;
+ int ret, i;
+
+ if (!val_count)
+@@ -2050,8 +2048,8 @@ int _regmap_raw_write(struct regmap *map
+
+ if (map->use_single_write)
+ chunk_regs = 1;
+- else if (map->max_raw_write && val_len > max_data)
+- chunk_regs = max_data / val_bytes;
++ else if (map->max_raw_write && val_len > map->max_raw_write)
++ chunk_regs = map->max_raw_write / val_bytes;
+
+ chunk_count = val_count / chunk_regs;
+ chunk_bytes = chunk_regs * val_bytes;
--- /dev/null
+From 031c99e71fedcce93b6785d38b7d287bf59e3952 Mon Sep 17 00:00:00 2001
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+Date: Thu, 13 Jul 2023 23:16:46 +0200
+Subject: selftests: tc: add ConnTrack procfs kconfig
+
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+
+commit 031c99e71fedcce93b6785d38b7d287bf59e3952 upstream.
+
+When looking at the TC selftest reports, I noticed one test was failing
+because /proc/net/nf_conntrack was not available.
+
+ not ok 373 3992 - Add ct action triggering DNAT tuple conflict
+ Could not match regex pattern. Verify command output:
+ cat: /proc/net/nf_conntrack: No such file or directory
+
+It is only available if NF_CONNTRACK_PROCFS kconfig is set. So the issue
+can be fixed simply by adding it to the list of required kconfig.
+
+Fixes: e46905641316 ("tc-testing: add test for ct DNAT tuple collision")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/netdev/0e061d4a-9a23-9f58-3b35-d8919de332d7@tessares.net/T/ [1]
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Tested-by: Zhengchao Shao <shaozhengchao@huawei.com>
+Link: https://lore.kernel.org/r/20230713-tc-selftests-lkft-v1-3-1eb4fd3a96e7@tessares.net
+Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/tc-testing/config | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/testing/selftests/tc-testing/config
++++ b/tools/testing/selftests/tc-testing/config
+@@ -5,6 +5,7 @@ CONFIG_NF_CONNTRACK=m
+ CONFIG_NF_CONNTRACK_MARK=y
+ CONFIG_NF_CONNTRACK_ZONES=y
+ CONFIG_NF_CONNTRACK_LABELS=y
++CONFIG_NF_CONNTRACK_PROCFS=y
+ CONFIG_NF_FLOW_TABLE=m
+ CONFIG_NF_NAT=m
+
--- /dev/null
+From 719b4774a8cb1a501e2d22a5a4a3a0a870e427d5 Mon Sep 17 00:00:00 2001
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+Date: Thu, 13 Jul 2023 23:16:45 +0200
+Subject: selftests: tc: add 'ct' action kconfig dep
+
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+
+commit 719b4774a8cb1a501e2d22a5a4a3a0a870e427d5 upstream.
+
+When looking for something else in LKFT reports [1], I noticed most of
+the tests were skipped because the "teardown stage" did not complete
+successfully.
+
+Pedro found out this is due to the fact CONFIG_NF_FLOW_TABLE is required
+but not listed in the 'config' file. Adding it to the list fixes the
+issues on LKFT side. CONFIG_NET_ACT_CT is now set to 'm' in the final
+kconfig.
+
+Fixes: c34b961a2492 ("net/sched: act_ct: Create nf flow table per zone")
+Cc: stable@vger.kernel.org
+Link: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20230711/testrun/18267241/suite/kselftest-tc-testing/test/tc-testing_tdc_sh/log [1]
+Link: https://lore.kernel.org/netdev/0e061d4a-9a23-9f58-3b35-d8919de332d7@tessares.net/T/ [2]
+Suggested-by: Pedro Tammela <pctammela@mojatatu.com>
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Tested-by: Zhengchao Shao <shaozhengchao@huawei.com>
+Link: https://lore.kernel.org/r/20230713-tc-selftests-lkft-v1-2-1eb4fd3a96e7@tessares.net
+Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/tc-testing/config | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/tools/testing/selftests/tc-testing/config
++++ b/tools/testing/selftests/tc-testing/config
+@@ -5,6 +5,7 @@ CONFIG_NF_CONNTRACK=m
+ CONFIG_NF_CONNTRACK_MARK=y
+ CONFIG_NF_CONNTRACK_ZONES=y
+ CONFIG_NF_CONNTRACK_LABELS=y
++CONFIG_NF_FLOW_TABLE=m
+ CONFIG_NF_NAT=m
+
+ CONFIG_NET_SCHED=y
--- /dev/null
+From fda05798c22a354efde09a76bdfc276b2d591829 Mon Sep 17 00:00:00 2001
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+Date: Thu, 13 Jul 2023 23:16:44 +0200
+Subject: selftests: tc: set timeout to 15 minutes
+
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+
+commit fda05798c22a354efde09a76bdfc276b2d591829 upstream.
+
+When looking for something else in LKFT reports [1], I noticed that the
+TC selftest ended with a timeout error:
+
+ not ok 1 selftests: tc-testing: tdc.sh # TIMEOUT 45 seconds
+
+The timeout had been introduced 3 years ago, see the Fixes commit below.
+
+This timeout is only in place when executing the selftests via the
+kselftests runner scripts. I guess this is not what most TC devs are
+using and nobody noticed the issue before.
+
+The new timeout is set to 15 minutes as suggested by Pedro [2]. It looks
+like it is plenty more time than what it takes in "normal" conditions.
+
+Fixes: 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second timeout per test")
+Cc: stable@vger.kernel.org
+Link: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20230711/testrun/18267241/suite/kselftest-tc-testing/test/tc-testing_tdc_sh/log [1]
+Link: https://lore.kernel.org/netdev/0e061d4a-9a23-9f58-3b35-d8919de332d7@tessares.net/T/ [2]
+Suggested-by: Pedro Tammela <pctammela@mojatatu.com>
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Reviewed-by: Zhengchao Shao <shaozhengchao@huawei.com>
+Link: https://lore.kernel.org/r/20230713-tc-selftests-lkft-v1-1-1eb4fd3a96e7@tessares.net
+Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/tc-testing/settings | 1 +
+ 1 file changed, 1 insertion(+)
+ create mode 100644 tools/testing/selftests/tc-testing/settings
+
+--- /dev/null
++++ b/tools/testing/selftests/tc-testing/settings
+@@ -0,0 +1 @@
++timeout=900
alsa-hda-realtek-remove-3k-pull-low-procedure.patch
alsa-hda-realtek-add-quirk-for-clevo-ns70au.patch
alsa-hda-realtek-enable-mute-led-on-hp-laptop-15s-eq2xxx.patch
+keys-fix-linking-a-duplicate-key-to-a-keyring-s-assoc_array.patch
+perf-probe-add-test-for-regression-introduced-by-switch-to-die_get_decl_file.patch
+btrfs-fix-warning-when-putting-transaction-with-qgroups-enabled-after-abort.patch
+fuse-revalidate-don-t-invalidate-if-interrupted.patch
+btrfs-zoned-fix-memory-leak-after-finding-block-group-with-super-blocks.patch
+fuse-ioctl-translate-enosys-in-outarg.patch
+selftests-tc-set-timeout-to-15-minutes.patch
+selftests-tc-add-ct-action-kconfig-dep.patch
+regmap-drop-initial-version-of-maximum-transfer-length-fixes.patch
+regmap-account-for-register-length-in-smbus-i-o-limits.patch
+can-raw-fix-receiver-memory-leak.patch
+can-bcm-fix-uaf-in-bcm_proc_show.patch
+selftests-tc-add-conntrack-procfs-kconfig.patch
+drm-client-fix-memory-leak-in-drm_client_target_cloned.patch
+drm-client-fix-memory-leak-in-drm_client_modeset_probe.patch
+drm-amd-display-disable-mpc-split-by-default-on-special-asic.patch
+drm-amd-display-keep-phy-active-for-dp-displays-on-dcn31.patch
+asoc-fsl_sai-disable-bit-clock-with-transmitter.patch
+asoc-codecs-wcd938x-fix-missing-clsh-ctrl-error-handling.patch
+asoc-codecs-wcd-mbhc-v2-fix-resource-leaks-on-component-remove.patch
+asoc-codecs-wcd938x-fix-resource-leaks-on-component-remove.patch
+asoc-codecs-wcd938x-fix-missing-mbhc-init-error-handling.patch
+asoc-codecs-wcd934x-fix-resource-leaks-on-component-remove.patch
+asoc-codecs-wcd938x-fix-codec-initialisation-race.patch
+asoc-codecs-wcd938x-fix-soundwire-initialisation-race.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
