--- /dev/null
+From 91493e8e10f0f495b04a5c32096d56ea1f254c93 Mon Sep 17 00:00:00 2001
+From: Christian Lamparter <chunkeey@gmail.com>
+Date: Wed, 28 Mar 2018 12:19:55 +0300
+Subject: ath10k: fix recent bandwidth conversion bug
+
+From: Christian Lamparter <chunkeey@gmail.com>
+
+commit 91493e8e10f0f495b04a5c32096d56ea1f254c93 upstream.
+
+The commit "cfg80211: make RATE_INFO_BW_20 the default" changed
+the index of RATE_INFO_BW_20, but the updates to ath10k missed
+the special bandwidth calculation case in
+ath10k_update_per_peer_tx_stats().
+
+This will fix below warning,
+
+ WARNING: CPU: 0 PID: 609 at net/wireless/util.c:1254
+ cfg80211_calculate_bitrate+0x174/0x220
+ invalid rate bw=1, mcs=9, nss=2
+
+ (unwind_backtrace) from
+ (cfg80211_calculate_bitrate+0x174/0x220)
+ (cfg80211_calculate_bitrate) from
+ (nl80211_put_sta_rate+0x44/0x1dc)from
+ (nl80211_put_sta_rate) from
+ (nl80211_send_station+0x388/0xaf0)
+ (nl80211_get_station+0xa8/0xec)
+ [ end trace da8257d6a850e91a ]
+
+Fixes: 842be75c77cb ("cfg80211: make RATE_INFO_BW_20 the default")
+Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
+Signed-off-by: Anilkumar Kolli <akolli@codeaurora.org>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/ath/ath10k/htt_rx.c | 42 +++++++++++++++++--------------
+ 1 file changed, 24 insertions(+), 18 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath10k/htt_rx.c
++++ b/drivers/net/wireless/ath/ath10k/htt_rx.c
+@@ -613,6 +613,28 @@ struct amsdu_subframe_hdr {
+
+ #define GROUP_ID_IS_SU_MIMO(x) ((x) == 0 || (x) == 63)
+
++static inline u8 ath10k_bw_to_mac80211_bw(u8 bw)
++{
++ u8 ret = 0;
++
++ switch (bw) {
++ case 0:
++ ret = RATE_INFO_BW_20;
++ break;
++ case 1:
++ ret = RATE_INFO_BW_40;
++ break;
++ case 2:
++ ret = RATE_INFO_BW_80;
++ break;
++ case 3:
++ ret = RATE_INFO_BW_160;
++ break;
++ }
++
++ return ret;
++}
++
+ static void ath10k_htt_rx_h_rates(struct ath10k *ar,
+ struct ieee80211_rx_status *status,
+ struct htt_rx_desc *rxd)
+@@ -721,23 +743,7 @@ static void ath10k_htt_rx_h_rates(struct
+ if (sgi)
+ status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
+
+- switch (bw) {
+- /* 20MHZ */
+- case 0:
+- break;
+- /* 40MHZ */
+- case 1:
+- status->bw = RATE_INFO_BW_40;
+- break;
+- /* 80MHZ */
+- case 2:
+- status->bw = RATE_INFO_BW_80;
+- break;
+- case 3:
+- status->bw = RATE_INFO_BW_160;
+- break;
+- }
+-
++ status->bw = ath10k_bw_to_mac80211_bw(bw);
+ status->encoding = RX_ENC_VHT;
+ break;
+ default:
+@@ -2436,7 +2442,7 @@ ath10k_update_per_peer_tx_stats(struct a
+ arsta->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
+
+ arsta->txrate.nss = txrate.nss;
+- arsta->txrate.bw = txrate.bw + RATE_INFO_BW_20;
++ arsta->txrate.bw = ath10k_bw_to_mac80211_bw(txrate.bw);
+ }
+
+ static void ath10k_htt_fetch_peer_stats(struct ath10k *ar,
--- /dev/null
+From b8fbdc2bc4e71b62646031d5df5f08aafe15d5ad Mon Sep 17 00:00:00 2001
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+Date: Tue, 21 May 2019 13:34:09 +0000
+Subject: crypto: talitos - reduce max key size for SEC1
+
+From: Christophe Leroy <christophe.leroy@c-s.fr>
+
+commit b8fbdc2bc4e71b62646031d5df5f08aafe15d5ad upstream.
+
+SEC1 doesn't support SHA384/512, so it doesn't require
+longer keys.
+
+This patch reduces the max key size when the driver
+is built for SEC1 only.
+
+Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
+Fixes: 03d2c5114c95 ("crypto: talitos - Extend max key length for SHA384/512-HMAC and AEAD")
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/crypto/talitos.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/drivers/crypto/talitos.c
++++ b/drivers/crypto/talitos.c
+@@ -816,7 +816,11 @@ static void talitos_unregister_rng(struc
+ * HMAC_SNOOP_NO_AFEA (HSNA) instead of type IPSEC_ESP
+ */
+ #define TALITOS_CRA_PRIORITY_AEAD_HSNA (TALITOS_CRA_PRIORITY - 1)
++#ifdef CONFIG_CRYPTO_DEV_TALITOS_SEC2
+ #define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA512_BLOCK_SIZE)
++#else
++#define TALITOS_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + SHA256_BLOCK_SIZE)
++#endif
+ #define TALITOS_MAX_IV_LENGTH 16 /* max of AES_BLOCK_SIZE, DES3_EDE_BLOCK_SIZE */
+
+ struct talitos_ctx {
--- /dev/null
+From a9af3fdcc4258af406879eca63d82e9d6baa892e Mon Sep 17 00:00:00 2001
+From: Chao Yu <yuchao0@huawei.com>
+Date: Wed, 25 Apr 2018 19:38:17 +0800
+Subject: f2fs: fix potential overflow
+
+From: Chao Yu <yuchao0@huawei.com>
+
+commit a9af3fdcc4258af406879eca63d82e9d6baa892e upstream.
+
+In build_sit_entries(), if valid_blocks in SIT block is smaller than
+valid_blocks in journal, for below calculation:
+
+sbi->discard_blks += old_valid_blocks - se->valid_blocks;
+
+There will be two times potential overflow:
+- old_valid_blocks - se->valid_blocks will overflow, and be a very
+large number.
+- sbi->discard_blks += result will overflow again, comes out a correct
+result accidently.
+
+Anyway, it should be fixed.
+
+Fixes: d600af236da5 ("f2fs: avoid unneeded loop in build_sit_entries")
+Fixes: 1f43e2ad7bff ("f2fs: introduce CP_TRIMMED_FLAG to avoid unneeded discard")
+Signed-off-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/segment.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+--- a/fs/f2fs/segment.c
++++ b/fs/f2fs/segment.c
+@@ -3337,14 +3337,17 @@ static int build_sit_entries(struct f2fs
+ } else {
+ memcpy(se->discard_map, se->cur_valid_map,
+ SIT_VBLOCK_MAP_SIZE);
+- sbi->discard_blks += old_valid_blocks -
+- se->valid_blocks;
++ sbi->discard_blks += old_valid_blocks;
++ sbi->discard_blks -= se->valid_blocks;
+ }
+ }
+
+- if (sbi->segs_per_sec > 1)
++ if (sbi->segs_per_sec > 1) {
+ get_sec_entry(sbi, start)->valid_blocks +=
+- se->valid_blocks - old_valid_blocks;
++ se->valid_blocks;
++ get_sec_entry(sbi, start)->valid_blocks -=
++ old_valid_blocks;
++ }
+ }
+ up_read(&curseg->journal_rwsem);
+
--- /dev/null
+From e1e84eb58eb494b77c8389fc6308b5042dcce791 Mon Sep 17 00:00:00 2001
+From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Date: Mon, 12 Oct 2020 10:50:14 -0400
+Subject: ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
+
+From: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+
+commit e1e84eb58eb494b77c8389fc6308b5042dcce791 upstream.
+
+As per RFC792, ICMP errors should be sent to the source host.
+
+However, in configurations with Virtual Routing and Forwarding tables,
+looking up which routing table to use is currently done by using the
+destination net_device.
+
+commit 9d1a6c4ea43e ("net: icmp_route_lookup should use rt dev to
+determine L3 domain") changes the interface passed to
+l3mdev_master_ifindex() and inet_addr_type_dev_table() from skb_in->dev
+to skb_dst(skb_in)->dev. This effectively uses the destination device
+rather than the source device for choosing which routing table should be
+used to lookup where to send the ICMP error.
+
+Therefore, if the source and destination interfaces are within separate
+VRFs, or one in the global routing table and the other in a VRF, looking
+up the source host in the destination interface's routing table will
+fail if the destination interface's routing table contains no route to
+the source host.
+
+One observable effect of this issue is that traceroute does not work in
+the following cases:
+
+- Route leaking between global routing table and VRF
+- Route leaking between VRFs
+
+Preferably use the source device routing table when sending ICMP error
+messages. If no source device is set, fall-back on the destination
+device routing table. Else, use the main routing table (index 0).
+
+[ It has been pointed out that a similar issue may exist with ICMP
+ errors triggered when forwarding between network namespaces. It would
+ be worthwhile to investigate, but is outside of the scope of this
+ investigation. ]
+
+[ It has also been pointed out that a similar issue exists with
+ unreachable / fragmentation needed messages, which can be triggered by
+ changing the MTU of eth1 in r1 to 1400 and running:
+
+ ip netns exec h1 ping -s 1450 -Mdo -c1 172.16.2.2
+
+ Some investigation points to raw_icmp_error() and raw_err() as being
+ involved in this last scenario. The focus of this patch is TTL expired
+ ICMP messages, which go through icmp_route_lookup.
+ Investigation of failure modes related to raw_icmp_error() is beyond
+ this investigation's scope. ]
+
+Fixes: 9d1a6c4ea43e ("net: icmp_route_lookup should use rt dev to determine L3 domain")
+Link: https://tools.ietf.org/html/rfc792
+Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Reviewed-by: David Ahern <dsahern@gmail.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/icmp.c | 23 +++++++++++++++++++++--
+ 1 file changed, 21 insertions(+), 2 deletions(-)
+
+--- a/net/ipv4/icmp.c
++++ b/net/ipv4/icmp.c
+@@ -468,6 +468,23 @@ out_bh_enable:
+ local_bh_enable();
+ }
+
++/*
++ * The device used for looking up which routing table to use for sending an ICMP
++ * error is preferably the source whenever it is set, which should ensure the
++ * icmp error can be sent to the source host, else lookup using the routing
++ * table of the destination device, else use the main routing table (index 0).
++ */
++static struct net_device *icmp_get_route_lookup_dev(struct sk_buff *skb)
++{
++ struct net_device *route_lookup_dev = NULL;
++
++ if (skb->dev)
++ route_lookup_dev = skb->dev;
++ else if (skb_dst(skb))
++ route_lookup_dev = skb_dst(skb)->dev;
++ return route_lookup_dev;
++}
++
+ static struct rtable *icmp_route_lookup(struct net *net,
+ struct flowi4 *fl4,
+ struct sk_buff *skb_in,
+@@ -476,6 +493,7 @@ static struct rtable *icmp_route_lookup(
+ int type, int code,
+ struct icmp_bxm *param)
+ {
++ struct net_device *route_lookup_dev;
+ struct rtable *rt, *rt2;
+ struct flowi4 fl4_dec;
+ int err;
+@@ -490,7 +508,8 @@ static struct rtable *icmp_route_lookup(
+ fl4->flowi4_proto = IPPROTO_ICMP;
+ fl4->fl4_icmp_type = type;
+ fl4->fl4_icmp_code = code;
+- fl4->flowi4_oif = l3mdev_master_ifindex(skb_dst(skb_in)->dev);
++ route_lookup_dev = icmp_get_route_lookup_dev(skb_in);
++ fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev);
+
+ security_skb_classify_flow(skb_in, flowi4_to_flowi(fl4));
+ rt = ip_route_output_key_hash(net, fl4, skb_in);
+@@ -514,7 +533,7 @@ static struct rtable *icmp_route_lookup(
+ if (err)
+ goto relookup_failed;
+
+- if (inet_addr_type_dev_table(net, skb_dst(skb_in)->dev,
++ if (inet_addr_type_dev_table(net, route_lookup_dev,
+ fl4_dec.saddr) == RTN_LOCAL) {
+ rt2 = __ip_route_output_key(net, &fl4_dec);
+ if (IS_ERR(rt2))
--- /dev/null
+From 13ab183d138f607d885e995d625e58d47678bf97 Mon Sep 17 00:00:00 2001
+From: Andrew Morton <akpm@linux-foundation.org>
+Date: Thu, 14 Dec 2017 15:32:31 -0800
+Subject: mm/kmemleak.c: make cond_resched() rate-limiting more efficient
+
+From: Andrew Morton <akpm@linux-foundation.org>
+
+commit 13ab183d138f607d885e995d625e58d47678bf97 upstream.
+
+Commit bde5f6bc68db ("kmemleak: add scheduling point to
+kmemleak_scan()") tries to rate-limit the frequency of cond_resched()
+calls, but does it in a way which might incur an expensive division
+operation in the inner loop. Simplify this.
+
+Fixes: bde5f6bc68db5 ("kmemleak: add scheduling point to kmemleak_scan()")
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Yisheng Xie <xieyisheng1@huawei.com>
+Cc: Catalin Marinas <catalin.marinas@arm.com>
+Cc: Michal Hocko <mhocko@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/kmemleak.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/kmemleak.c
++++ b/mm/kmemleak.c
+@@ -1520,7 +1520,7 @@ static void kmemleak_scan(void)
+ if (page_count(page) == 0)
+ continue;
+ scan_block(page, page + 1, NULL);
+- if (!(pfn % (MAX_SCAN_SIZE / sizeof(*page))))
++ if (!(pfn & 63))
+ cond_resched();
+ }
+ }
--- /dev/null
+From 7ad69832f37e3cea8557db6df7c793905f1135e8 Mon Sep 17 00:00:00 2001
+From: Muchun Song <songmuchun@bytedance.com>
+Date: Mon, 14 Dec 2020 19:11:25 -0800
+Subject: mm/page_alloc: speed up the iteration of max_order
+
+From: Muchun Song <songmuchun@bytedance.com>
+
+commit 7ad69832f37e3cea8557db6df7c793905f1135e8 upstream.
+
+When we free a page whose order is very close to MAX_ORDER and greater
+than pageblock_order, it wastes some CPU cycles to increase max_order to
+MAX_ORDER one by one and check the pageblock migratetype of that page
+repeatedly especially when MAX_ORDER is much larger than pageblock_order.
+
+We also should not be checking migratetype of buddy when "order ==
+MAX_ORDER - 1" as the buddy pfn may be invalid, so adjust the condition.
+With the new check, we don't need the max_order check anymore, so we
+replace it.
+
+Also adjust max_order initialization so that it's lower by one than
+previously, which makes the code hopefully more clear.
+
+Link: https://lkml.kernel.org/r/20201204155109.55451-1-songmuchun@bytedance.com
+Fixes: d9dddbf55667 ("mm/page_alloc: prevent merging between isolated and other pageblocks")
+Signed-off-by: Muchun Song <songmuchun@bytedance.com>
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Reviewed-by: Oscar Salvador <osalvador@suse.de>
+Reviewed-by: David Hildenbrand <david@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/page_alloc.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -815,7 +815,7 @@ static inline void __free_one_page(struc
+ struct page *buddy;
+ unsigned int max_order;
+
+- max_order = min_t(unsigned int, MAX_ORDER, pageblock_order + 1);
++ max_order = min_t(unsigned int, MAX_ORDER - 1, pageblock_order);
+
+ VM_BUG_ON(!zone_is_initialized(zone));
+ VM_BUG_ON_PAGE(page->flags & PAGE_FLAGS_CHECK_AT_PREP, page);
+@@ -828,7 +828,7 @@ static inline void __free_one_page(struc
+ VM_BUG_ON_PAGE(bad_range(zone, page), page);
+
+ continue_merging:
+- while (order < max_order - 1) {
++ while (order < max_order) {
+ buddy_pfn = __find_buddy_pfn(pfn, order);
+ buddy = page + (buddy_pfn - pfn);
+
+@@ -852,7 +852,7 @@ continue_merging:
+ pfn = combined_pfn;
+ order++;
+ }
+- if (max_order < MAX_ORDER) {
++ if (order < MAX_ORDER - 1) {
+ /* If we are here, it means order is >= pageblock_order.
+ * We want to prevent merge between freepages on isolate
+ * pageblock and normal pageblock. Without this, pageblock
+@@ -873,7 +873,7 @@ continue_merging:
+ is_migrate_isolate(buddy_mt)))
+ goto done_merging;
+ }
+- max_order++;
++ max_order = order + 1;
+ goto continue_merging;
+ }
+
--- /dev/null
+From ce03b94ba682a67e8233c9ee3066071656ded58f Mon Sep 17 00:00:00 2001
+From: Esben Haabendal <esben@geanix.com>
+Date: Mon, 21 Jun 2021 10:20:08 +0200
+Subject: net: ll_temac: Remove left-over debug message
+
+From: Esben Haabendal <esben@geanix.com>
+
+commit ce03b94ba682a67e8233c9ee3066071656ded58f upstream.
+
+Fixes: f63963411942 ("net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY")
+Signed-off-by: Esben Haabendal <esben@geanix.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/xilinx/ll_temac_main.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/drivers/net/ethernet/xilinx/ll_temac_main.c
++++ b/drivers/net/ethernet/xilinx/ll_temac_main.c
+@@ -736,10 +736,8 @@ temac_start_xmit(struct sk_buff *skb, st
+ /* Kick off the transfer */
+ lp->dma_out(lp, TX_TAILDESC_PTR, tail_p); /* DMA start */
+
+- if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1)) {
+- netdev_info(ndev, "%s -> netif_stop_queue\n", __func__);
++ if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1))
+ netif_stop_queue(ndev);
+- }
+
+ return NETDEV_TX_OK;
+ }
--- /dev/null
+From 968339fad422a58312f67718691b717dac45c399 Mon Sep 17 00:00:00 2001
+From: Fangrui Song <maskray@google.com>
+Date: Wed, 25 Mar 2020 09:42:57 -0700
+Subject: powerpc/boot: Delete unneeded .globl _zimage_start
+
+From: Fangrui Song <maskray@google.com>
+
+commit 968339fad422a58312f67718691b717dac45c399 upstream.
+
+.globl sets the symbol binding to STB_GLOBAL while .weak sets the
+binding to STB_WEAK. GNU as let .weak override .globl since
+binutils-gdb 5ca547dc2399a0a5d9f20626d4bf5547c3ccfddd (1996). Clang
+integrated assembler let the last win but it may error in the future.
+
+Since it is a convention that only one binding directive is used, just
+delete .globl.
+
+Fixes: ee9d21b3b358 ("powerpc/boot: Ensure _zimage_start is a weak symbol")
+Signed-off-by: Fangrui Song <maskray@google.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200325164257.170229-1-maskray@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/boot/crt0.S | 3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/arch/powerpc/boot/crt0.S
++++ b/arch/powerpc/boot/crt0.S
+@@ -49,9 +49,6 @@ p_end: .long _end
+ p_pstack: .long _platform_stack_top
+ #endif
+
+- .globl _zimage_start
+- /* Clang appears to require the .weak directive to be after the symbol
+- * is defined. See https://bugs.llvm.org/show_bug.cgi?id=38921 */
+ .weak _zimage_start
+ _zimage_start:
+ .globl _zimage_start_lib
--- /dev/null
+From 2fb0a2c989837c976b68233496bbaefb47cd3d6f Mon Sep 17 00:00:00 2001
+From: Michael Ellerman <mpe@ellerman.id.au>
+Date: Sat, 6 Jul 2019 00:18:53 +1000
+Subject: powerpc/module64: Fix comment in R_PPC64_ENTRY handling
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+commit 2fb0a2c989837c976b68233496bbaefb47cd3d6f upstream.
+
+The comment here is wrong, the addi reads from r2 not r12. The code is
+correct, 0x38420000 = addi r2,r2,0.
+
+Fixes: a61674bdfc7c ("powerpc/module: Handle R_PPC64_ENTRY relocations")
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kernel/module_64.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/powerpc/kernel/module_64.c
++++ b/arch/powerpc/kernel/module_64.c
+@@ -695,7 +695,7 @@ int apply_relocate_add(Elf64_Shdr *sechd
+ /*
+ * If found, replace it with:
+ * addis r2, r12, (.TOC.-func)@ha
+- * addi r2, r12, (.TOC.-func)@l
++ * addi r2, r2, (.TOC.-func)@l
+ */
+ ((uint32_t *)location)[0] = 0x3c4c0000 + PPC_HA(value);
+ ((uint32_t *)location)[1] = 0x38420000 + PPC_LO(value);
--- /dev/null
+From 26f4e759ef9b8a2bab1823d692ed6d56d40b66e3 Mon Sep 17 00:00:00 2001
+From: Vasily Gorbik <gor@linux.vnet.ibm.com>
+Date: Thu, 23 Nov 2017 10:50:23 +0100
+Subject: s390/disassembler: correct disassembly lines alignment
+
+From: Vasily Gorbik <gor@linux.vnet.ibm.com>
+
+commit 26f4e759ef9b8a2bab1823d692ed6d56d40b66e3 upstream.
+
+176.718956 Krnl Code: 00000000004d38b0: a54c0018 llihh %r4,24
+176.718956 00000000004d38b4: b9080014 agr %r1,%r4
+ ^
+Using a tab to align disassembly lines which follow the first line with
+"Krnl Code: " doesn't always work, e.g. if there is a prefix (timestamp
+or syslog prefix) which is not 8 chars aligned. Go back to alignment
+with spaces.
+
+Fixes: b192571d1ae3 ("s390/disassembler: increase show_code buffer size")
+Signed-off-by: Vasily Gorbik <gor@linux.vnet.ibm.com>
+Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/kernel/dis.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/s390/kernel/dis.c
++++ b/arch/s390/kernel/dis.c
+@@ -2018,7 +2018,7 @@ void show_code(struct pt_regs *regs)
+ start += opsize;
+ pr_cont("%s", buffer);
+ ptr = buffer;
+- ptr += sprintf(ptr, "\n\t ");
++ ptr += sprintf(ptr, "\n ");
+ hops++;
+ }
+ pr_cont("\n");
clk-fix-build-warning-for-orphan_list.patch
media-stkwebcam-fix-memory-leak-in-stk_camera_probe.patch
igmp-add-ip_mc_list-lock-in-ip_check_mc_rcu.patch
+usb-serial-mos7720-improve-oom-handling-in-read_mos_reg.patch
+f2fs-fix-potential-overflow.patch
+ath10k-fix-recent-bandwidth-conversion-bug.patch
+ipv4-icmp-l3mdev-perform-icmp-error-route-lookup-on-source-device-routing-table-v2.patch
+s390-disassembler-correct-disassembly-lines-alignment.patch
+mm-kmemleak.c-make-cond_resched-rate-limiting-more-efficient.patch
+crypto-talitos-reduce-max-key-size-for-sec1.patch
+powerpc-module64-fix-comment-in-r_ppc64_entry-handling.patch
+powerpc-boot-delete-unneeded-.globl-_zimage_start.patch
+net-ll_temac-remove-left-over-debug-message.patch
+mm-page_alloc-speed-up-the-iteration-of-max_order.patch
--- /dev/null
+From 161a582bd1d8681095f158d11bc679a58f1d026b Mon Sep 17 00:00:00 2001
+From: Tom Rix <trix@redhat.com>
+Date: Mon, 11 Jan 2021 14:09:04 -0800
+Subject: USB: serial: mos7720: improve OOM-handling in read_mos_reg()
+
+From: Tom Rix <trix@redhat.com>
+
+commit 161a582bd1d8681095f158d11bc679a58f1d026b upstream.
+
+clang static analysis reports this problem
+
+mos7720.c:352:2: warning: Undefined or garbage value returned to caller
+ return d;
+ ^~~~~~~~
+
+In the parport_mos7715_read_data()'s call to read_mos_reg(), 'd' is
+only set after the alloc block.
+
+ buf = kmalloc(1, GFP_KERNEL);
+ if (!buf)
+ return -ENOMEM;
+
+Although the problem is reported in parport_most7715_read_data(),
+none of the callee's of read_mos_reg() check the return status.
+
+Make sure to clear the return-value buffer also on allocation failures.
+
+Fixes: 0d130367abf5 ("USB: serial: mos7720: fix control-message error handling")
+Signed-off-by: Tom Rix <trix@redhat.com>
+Link: https://lore.kernel.org/r/20210111220904.1035957-1-trix@redhat.com
+[ johan: only clear the buffer on errors, amend commit message ]
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/mos7720.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/usb/serial/mos7720.c
++++ b/drivers/usb/serial/mos7720.c
+@@ -229,8 +229,10 @@ static int read_mos_reg(struct usb_seria
+ int status;
+
+ buf = kmalloc(1, GFP_KERNEL);
+- if (!buf)
++ if (!buf) {
++ *data = 0;
+ return -ENOMEM;
++ }
+
+ status = usb_control_msg(usbdev, pipe, request, requesttype, value,
+ index, buf, 1, MOS_WDR_TIMEOUT);
projects / thirdparty / kernel / stable-queue.git / commitdiff
