--- /dev/null
+From c9c9762d4d44dcb1b2ba90cfb4122dc11ceebf31 Mon Sep 17 00:00:00 2001
+From: Long Li <longli@microsoft.com>
+Date: Mon, 7 Jun 2021 12:34:05 -0700
+Subject: block: return the correct bvec when checking for gaps
+
+From: Long Li <longli@microsoft.com>
+
+commit c9c9762d4d44dcb1b2ba90cfb4122dc11ceebf31 upstream.
+
+After commit 07173c3ec276 ("block: enable multipage bvecs"), a bvec can
+have multiple pages. But bio_will_gap() still assumes one page bvec while
+checking for merging. If the pages in the bvec go across the
+seg_boundary_mask, this check for merging can potentially succeed if only
+the 1st page is tested, and can fail if all the pages are tested.
+
+Later, when SCSI builds the SG list the same check for merging is done in
+__blk_segment_map_sg_merge() with all the pages in the bvec tested. This
+time the check may fail if the pages in bvec go across the
+seg_boundary_mask (but tested okay in bio_will_gap() earlier, so those
+BIOs were merged). If this check fails, we end up with a broken SG list
+for drivers assuming the SG list not having offsets in intermediate pages.
+This results in incorrect pages written to the disk.
+
+Fix this by returning the multi-page bvec when testing gaps for merging.
+
+Cc: Jens Axboe <axboe@kernel.dk>
+Cc: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Cc: Pavel Begunkov <asml.silence@gmail.com>
+Cc: Ming Lei <ming.lei@redhat.com>
+Cc: Tejun Heo <tj@kernel.org>
+Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org>
+Cc: Jeffle Xu <jefflexu@linux.alibaba.com>
+Cc: linux-kernel@vger.kernel.org
+Cc: stable@vger.kernel.org
+Fixes: 07173c3ec276 ("block: enable multipage bvecs")
+Signed-off-by: Long Li <longli@microsoft.com>
+Reviewed-by: Ming Lei <ming.lei@redhat.com>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Link: https://lore.kernel.org/r/1623094445-22332-1-git-send-email-longli@linuxonhyperv.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/linux/bio.h | 12 ++++--------
+ 1 file changed, 4 insertions(+), 8 deletions(-)
+
+--- a/include/linux/bio.h
++++ b/include/linux/bio.h
+@@ -44,9 +44,6 @@ static inline unsigned int bio_max_segs(
+ #define bio_offset(bio) bio_iter_offset((bio), (bio)->bi_iter)
+ #define bio_iovec(bio) bio_iter_iovec((bio), (bio)->bi_iter)
+
+-#define bio_multiple_segments(bio) \
+- ((bio)->bi_iter.bi_size != bio_iovec(bio).bv_len)
+-
+ #define bvec_iter_sectors(iter) ((iter).bi_size >> 9)
+ #define bvec_iter_end_sector(iter) ((iter).bi_sector + bvec_iter_sectors((iter)))
+
+@@ -271,7 +268,7 @@ static inline void bio_clear_flag(struct
+
+ static inline void bio_get_first_bvec(struct bio *bio, struct bio_vec *bv)
+ {
+- *bv = bio_iovec(bio);
++ *bv = mp_bvec_iter_bvec(bio->bi_io_vec, bio->bi_iter);
+ }
+
+ static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv)
+@@ -279,10 +276,9 @@ static inline void bio_get_last_bvec(str
+ struct bvec_iter iter = bio->bi_iter;
+ int idx;
+
+- if (unlikely(!bio_multiple_segments(bio))) {
+- *bv = bio_iovec(bio);
+- return;
+- }
++ bio_get_first_bvec(bio, bv);
++ if (bv->bv_len == bio->bi_iter.bi_size)
++ return; /* this bio only has a single bvec */
+
+ bio_advance_iter(bio, &iter, iter.bi_size);
+
--- /dev/null
+From 0508c1ad0f264a24c4643701823a45f6c9bd8146 Mon Sep 17 00:00:00 2001
+From: Wei Yongjun <weiyongjun1@huawei.com>
+Date: Wed, 19 May 2021 14:16:57 +0000
+Subject: erofs: fix error return code in erofs_read_superblock()
+
+From: Wei Yongjun <weiyongjun1@huawei.com>
+
+commit 0508c1ad0f264a24c4643701823a45f6c9bd8146 upstream.
+
+'ret' will be overwritten to 0 if erofs_sb_has_sb_chksum() return true,
+thus 0 will return in some error handling cases. Fix to return negative
+error code -EINVAL instead of 0.
+
+Link: https://lore.kernel.org/r/20210519141657.3062715-1-weiyongjun1@huawei.com
+Fixes: b858a4844cfb ("erofs: support superblock checksum")
+Cc: stable <stable@vger.kernel.org> # 5.5+
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
+Reviewed-by: Gao Xiang <xiang@kernel.org>
+Reviewed-by: Chao Yu <yuchao0@huawei.com>
+Signed-off-by: Gao Xiang <xiang@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/erofs/super.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/erofs/super.c
++++ b/fs/erofs/super.c
+@@ -285,6 +285,7 @@ static int erofs_read_superblock(struct
+ goto out;
+ }
+
++ ret = -EINVAL;
+ blkszbits = dsb->blkszbits;
+ /* 9(512 bytes) + LOG_SECTORS_PER_BLOCK == LOG_BLOCK_SIZE */
+ if (blkszbits != LOG_BLOCK_SIZE) {
--- /dev/null
+From 1e5654de0f51890f88abd409ebf4867782431e81 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <namjae.jeon@samsung.com>
+Date: Fri, 11 Jun 2021 09:40:24 +0900
+Subject: exfat: handle wrong stream entry size in exfat_readdir()
+
+From: Namjae Jeon <namjae.jeon@samsung.com>
+
+commit 1e5654de0f51890f88abd409ebf4867782431e81 upstream.
+
+The compatibility issue between linux exfat and exfat of some camera
+company was reported from Florian. In their exfat, if the number of files
+exceeds any limit, the DataLength in stream entry of the directory is
+no longer updated. So some files created from camera does not show in
+linux exfat. because linux exfat doesn't allow that cpos becomes larger
+than DataLength of stream entry. This patch check DataLength in stream
+entry only if the type is ALLOC_NO_FAT_CHAIN and add the check ensure
+that dentry offset does not exceed max dentries size(256 MB) to avoid
+the circular FAT chain issue.
+
+Fixes: ca06197382bd ("exfat: add directory operations")
+Cc: stable@vger.kernel.org # v5.9
+Reported-by: Florian Cramer <flrncrmr@gmail.com>
+Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
+Tested-by: Chris Down <chris@chrisdown.name>
+Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/exfat/dir.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/fs/exfat/dir.c
++++ b/fs/exfat/dir.c
+@@ -63,7 +63,7 @@ static void exfat_get_uniname_from_ext_e
+ static int exfat_readdir(struct inode *inode, loff_t *cpos, struct exfat_dir_entry *dir_entry)
+ {
+ int i, dentries_per_clu, dentries_per_clu_bits = 0, num_ext;
+- unsigned int type, clu_offset;
++ unsigned int type, clu_offset, max_dentries;
+ sector_t sector;
+ struct exfat_chain dir, clu;
+ struct exfat_uni_name uni_name;
+@@ -86,6 +86,8 @@ static int exfat_readdir(struct inode *i
+
+ dentries_per_clu = sbi->dentries_per_clu;
+ dentries_per_clu_bits = ilog2(dentries_per_clu);
++ max_dentries = (unsigned int)min_t(u64, MAX_EXFAT_DENTRIES,
++ (u64)sbi->num_clusters << dentries_per_clu_bits);
+
+ clu_offset = dentry >> dentries_per_clu_bits;
+ exfat_chain_dup(&clu, &dir);
+@@ -109,7 +111,7 @@ static int exfat_readdir(struct inode *i
+ }
+ }
+
+- while (clu.dir != EXFAT_EOF_CLUSTER) {
++ while (clu.dir != EXFAT_EOF_CLUSTER && dentry < max_dentries) {
+ i = dentry & (dentries_per_clu - 1);
+
+ for ( ; i < dentries_per_clu; i++, dentry++) {
+@@ -245,7 +247,7 @@ static int exfat_iterate(struct file *fi
+ if (err)
+ goto unlock;
+ get_new:
+- if (cpos >= i_size_read(inode))
++ if (ei->flags == ALLOC_NO_FAT_CHAIN && cpos >= i_size_read(inode))
+ goto end_of_dir;
+
+ err = exfat_readdir(inode, &cpos, &de);
--- /dev/null
+From 77f30bfcfcf484da7208affd6a9e63406420bf91 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 27 May 2021 16:52:36 -0700
+Subject: fscrypt: don't ignore minor_hash when hash is 0
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 77f30bfcfcf484da7208affd6a9e63406420bf91 upstream.
+
+When initializing a no-key name, fscrypt_fname_disk_to_usr() sets the
+minor_hash to 0 if the (major) hash is 0.
+
+This doesn't make sense because 0 is a valid hash code, so we shouldn't
+ignore the filesystem-provided minor_hash in that case. Fix this by
+removing the special case for 'hash == 0'.
+
+This is an old bug that appears to have originated when the encryption
+code in ext4 and f2fs was moved into fs/crypto/. The original ext4 and
+f2fs code passed the hash by pointer instead of by value. So
+'if (hash)' actually made sense then, as it was checking whether a
+pointer was NULL. But now the hashes are passed by value, and
+filesystems just pass 0 for any hashes they don't have. There is no
+need to handle this any differently from the hashes actually being 0.
+
+It is difficult to reproduce this bug, as it only made a difference in
+the case where a filename's 32-bit major hash happened to be 0.
+However, it probably had the largest chance of causing problems on
+ubifs, since ubifs uses minor_hash to do lookups of no-key names, in
+addition to using it as a readdir cookie. ext4 only uses minor_hash as
+a readdir cookie, and f2fs doesn't use minor_hash at all.
+
+Fixes: 0b81d0779072 ("fs crypto: move per-file encryption from f2fs tree to fs/crypto")
+Cc: <stable@vger.kernel.org> # v4.6+
+Link: https://lore.kernel.org/r/20210527235236.2376556-1-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/crypto/fname.c | 10 +++-------
+ 1 file changed, 3 insertions(+), 7 deletions(-)
+
+--- a/fs/crypto/fname.c
++++ b/fs/crypto/fname.c
+@@ -344,13 +344,9 @@ int fscrypt_fname_disk_to_usr(const stru
+ offsetof(struct fscrypt_nokey_name, sha256));
+ BUILD_BUG_ON(BASE64_CHARS(FSCRYPT_NOKEY_NAME_MAX) > NAME_MAX);
+
+- if (hash) {
+- nokey_name.dirhash[0] = hash;
+- nokey_name.dirhash[1] = minor_hash;
+- } else {
+- nokey_name.dirhash[0] = 0;
+- nokey_name.dirhash[1] = 0;
+- }
++ nokey_name.dirhash[0] = hash;
++ nokey_name.dirhash[1] = minor_hash;
++
+ if (iname->len <= sizeof(nokey_name.bytes)) {
+ memcpy(nokey_name.bytes, iname->name, iname->len);
+ size = offsetof(struct fscrypt_nokey_name, bytes[iname->len]);
--- /dev/null
+From 2fc2b430f559fdf32d5d1dd5ceaa40e12fb77bdf Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sat, 5 Jun 2021 00:50:33 -0700
+Subject: fscrypt: fix derivation of SipHash keys on big endian CPUs
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 2fc2b430f559fdf32d5d1dd5ceaa40e12fb77bdf upstream.
+
+Typically, the cryptographic APIs that fscrypt uses take keys as byte
+arrays, which avoids endianness issues. However, siphash_key_t is an
+exception. It is defined as 'u64 key[2];', i.e. the 128-bit key is
+expected to be given directly as two 64-bit words in CPU endianness.
+
+fscrypt_derive_dirhash_key() and fscrypt_setup_iv_ino_lblk_32_key()
+forgot to take this into account. Therefore, the SipHash keys used to
+index encrypted+casefolded directories differ on big endian vs. little
+endian platforms, as do the SipHash keys used to hash inode numbers for
+IV_INO_LBLK_32-encrypted directories. This makes such directories
+non-portable between these platforms.
+
+Fix this by always using the little endian order. This is a breaking
+change for big endian platforms, but this should be fine in practice
+since these features (encrypt+casefold support, and the IV_INO_LBLK_32
+flag) aren't known to actually be used on any big endian platforms yet.
+
+Fixes: aa408f835d02 ("fscrypt: derive dirhash key for casefolded directories")
+Fixes: e3b1078bedd3 ("fscrypt: add support for IV_INO_LBLK_32 policies")
+Cc: <stable@vger.kernel.org> # v5.6+
+Link: https://lore.kernel.org/r/20210605075033.54424-1-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/crypto/keysetup.c | 40 ++++++++++++++++++++++++++++++++--------
+ 1 file changed, 32 insertions(+), 8 deletions(-)
+
+--- a/fs/crypto/keysetup.c
++++ b/fs/crypto/keysetup.c
+@@ -210,15 +210,40 @@ out_unlock:
+ return err;
+ }
+
++/*
++ * Derive a SipHash key from the given fscrypt master key and the given
++ * application-specific information string.
++ *
++ * Note that the KDF produces a byte array, but the SipHash APIs expect the key
++ * as a pair of 64-bit words. Therefore, on big endian CPUs we have to do an
++ * endianness swap in order to get the same results as on little endian CPUs.
++ */
++static int fscrypt_derive_siphash_key(const struct fscrypt_master_key *mk,
++ u8 context, const u8 *info,
++ unsigned int infolen, siphash_key_t *key)
++{
++ int err;
++
++ err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, context, info, infolen,
++ (u8 *)key, sizeof(*key));
++ if (err)
++ return err;
++
++ BUILD_BUG_ON(sizeof(*key) != 16);
++ BUILD_BUG_ON(ARRAY_SIZE(key->key) != 2);
++ le64_to_cpus(&key->key[0]);
++ le64_to_cpus(&key->key[1]);
++ return 0;
++}
++
+ int fscrypt_derive_dirhash_key(struct fscrypt_info *ci,
+ const struct fscrypt_master_key *mk)
+ {
+ int err;
+
+- err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, HKDF_CONTEXT_DIRHASH_KEY,
+- ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,
+- (u8 *)&ci->ci_dirhash_key,
+- sizeof(ci->ci_dirhash_key));
++ err = fscrypt_derive_siphash_key(mk, HKDF_CONTEXT_DIRHASH_KEY,
++ ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE,
++ &ci->ci_dirhash_key);
+ if (err)
+ return err;
+ ci->ci_dirhash_key_initialized = true;
+@@ -253,10 +278,9 @@ static int fscrypt_setup_iv_ino_lblk_32_
+ if (mk->mk_ino_hash_key_initialized)
+ goto unlock;
+
+- err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf,
+- HKDF_CONTEXT_INODE_HASH_KEY, NULL, 0,
+- (u8 *)&mk->mk_ino_hash_key,
+- sizeof(mk->mk_ino_hash_key));
++ err = fscrypt_derive_siphash_key(mk,
++ HKDF_CONTEXT_INODE_HASH_KEY,
++ NULL, 0, &mk->mk_ino_hash_key);
+ if (err)
+ goto unlock;
+ /* pairs with smp_load_acquire() above */
--- /dev/null
+From ed7eb2592286ead7d3bfdf8adf65e65392167cc4 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Wed, 23 Jun 2021 09:04:13 -0600
+Subject: io_uring: add IOPOLL and reserved field checks to IORING_OP_RENAMEAT
+
+From: Jens Axboe <axboe@kernel.dk>
+
+commit ed7eb2592286ead7d3bfdf8adf65e65392167cc4 upstream.
+
+We can't support IOPOLL with non-pollable request types, and we should
+check for unused/reserved fields like we do for other request types.
+
+Fixes: 80a261fd0032 ("io_uring: add support for IORING_OP_RENAMEAT")
+Cc: stable@vger.kernel.org
+Reported-by: Dmitry Kadashev <dkadashev@gmail.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/io_uring.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -3453,6 +3453,10 @@ static int io_renameat_prep(struct io_ki
+ struct io_rename *ren = &req->rename;
+ const char __user *oldf, *newf;
+
++ if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
++ return -EINVAL;
++ if (sqe->ioprio || sqe->buf_index)
++ return -EINVAL;
+ if (unlikely(req->flags & REQ_F_FIXED_FILE))
+ return -EBADF;
+
--- /dev/null
+From 22634bc5620d29765e5199c7b230a372c7ddcda2 Mon Sep 17 00:00:00 2001
+From: Jens Axboe <axboe@kernel.dk>
+Date: Wed, 23 Jun 2021 09:07:45 -0600
+Subject: io_uring: add IOPOLL and reserved field checks to IORING_OP_UNLINKAT
+
+From: Jens Axboe <axboe@kernel.dk>
+
+commit 22634bc5620d29765e5199c7b230a372c7ddcda2 upstream.
+
+We can't support IOPOLL with non-pollable request types, and we should
+check for unused/reserved fields like we do for other request types.
+
+Fixes: 14a1143b68ee ("io_uring: add support for IORING_OP_UNLINKAT")
+Cc: stable@vger.kernel.org
+Reported-by: Dmitry Kadashev <dkadashev@gmail.com>
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/io_uring.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -3504,6 +3504,10 @@ static int io_unlinkat_prep(struct io_ki
+ struct io_unlink *un = &req->unlink;
+ const char __user *fname;
+
++ if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL))
++ return -EINVAL;
++ if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index)
++ return -EINVAL;
+ if (unlikely(req->flags & REQ_F_FIXED_FILE))
+ return -EBADF;
+
--- /dev/null
+From 976517f162a05f4315b2373fd11585c395506259 Mon Sep 17 00:00:00 2001
+From: Pavel Begunkov <asml.silence@gmail.com>
+Date: Wed, 9 Jun 2021 12:07:25 +0100
+Subject: io_uring: fix blocking inline submission
+
+From: Pavel Begunkov <asml.silence@gmail.com>
+
+commit 976517f162a05f4315b2373fd11585c395506259 upstream.
+
+There is a complaint against sys_io_uring_enter() blocking if it submits
+stdin reads. The problem is in __io_file_supports_async(), which
+sees that it's a cdev and allows it to be processed inline.
+
+Punt char devices using generic rules of io_file_supports_async(),
+including checking for presence of *_iter() versions of rw callbacks.
+Apparently, it will affect most of cdevs with some exceptions like
+null and zero devices.
+
+Cc: stable@vger.kernel.org
+Reported-by: Birk Hirdman <lonjil@gmail.com>
+Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
+Link: https://lore.kernel.org/r/d60270856b8a4560a639ef5f76e55eb563633599.1623236455.git.asml.silence@gmail.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/io_uring.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/io_uring.c
++++ b/fs/io_uring.c
+@@ -2621,7 +2621,7 @@ static bool __io_file_supports_async(str
+ return true;
+ return false;
+ }
+- if (S_ISCHR(mode) || S_ISSOCK(mode))
++ if (S_ISSOCK(mode))
+ return true;
+ if (S_ISREG(mode)) {
+ if (IS_ENABLED(CONFIG_BLOCK) &&
--- /dev/null
+From d6fbfdbc12745ce24bcd348dbf7e652353b3e59c Mon Sep 17 00:00:00 2001
+From: Sibi Sankar <sibis@codeaurora.org>
+Date: Wed, 16 Jun 2021 23:12:58 +0530
+Subject: mailbox: qcom-ipcc: Fix IPCC mbox channel exhaustion
+
+From: Sibi Sankar <sibis@codeaurora.org>
+
+commit d6fbfdbc12745ce24bcd348dbf7e652353b3e59c upstream.
+
+Fix IPCC (Inter-Processor Communication Controller) channel exhaustion by
+setting the channel private data to NULL on mbox shutdown.
+
+Err Logs:
+remoteproc: MBA booted without debug policy, loading mpss
+remoteproc: glink-edge: failed to acquire IPC channel
+remoteproc: failed to probe subdevices for remoteproc: -16
+
+Fixes: fa74a0257f45 ("mailbox: Add support for Qualcomm IPCC")
+Signed-off-by: Sibi Sankar <sibis@codeaurora.org>
+Cc: stable@vger.kernel.org
+Reviewed-by: Bjorn Andersson <bjorn.andersson@linaro.org>
+Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
+Signed-off-by: Jassi Brar <jaswinder.singh@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mailbox/qcom-ipcc.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/mailbox/qcom-ipcc.c
++++ b/drivers/mailbox/qcom-ipcc.c
+@@ -155,6 +155,11 @@ static int qcom_ipcc_mbox_send_data(stru
+ return 0;
+ }
+
++static void qcom_ipcc_mbox_shutdown(struct mbox_chan *chan)
++{
++ chan->con_priv = NULL;
++}
++
+ static struct mbox_chan *qcom_ipcc_mbox_xlate(struct mbox_controller *mbox,
+ const struct of_phandle_args *ph)
+ {
+@@ -184,6 +189,7 @@ static struct mbox_chan *qcom_ipcc_mbox_
+
+ static const struct mbox_chan_ops ipcc_mbox_chan_ops = {
+ .send_data = qcom_ipcc_mbox_send_data,
++ .shutdown = qcom_ipcc_mbox_shutdown,
+ };
+
+ static int qcom_ipcc_setup_mbox(struct qcom_ipcc *ipcc)
--- /dev/null
+From 29dd19e3ac7b2a8671ebeac02859232ce0e34f58 Mon Sep 17 00:00:00 2001
+From: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Date: Tue, 11 May 2021 17:03:21 +0200
+Subject: media: exynos4-is: remove a now unused integer
+
+From: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+
+commit 29dd19e3ac7b2a8671ebeac02859232ce0e34f58 upstream.
+
+The usage of pm_runtime_resume_and_get() removed the need of a
+temporary integer. So, drop it.
+
+Fixes: 59f96244af94 ("media: exynos4-is: fix pm_runtime_get_sync() usage count")
+Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/media/platform/exynos4-is/media-dev.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/drivers/media/platform/exynos4-is/media-dev.c
++++ b/drivers/media/platform/exynos4-is/media-dev.c
+@@ -1284,7 +1284,6 @@ static DEVICE_ATTR(subdev_conf_mode, S_I
+ static int cam_clk_prepare(struct clk_hw *hw)
+ {
+ struct cam_clk *camclk = to_cam_clk(hw);
+- int ret;
+
+ if (camclk->fmd->pmf == NULL)
+ return -ENODEV;
--- /dev/null
+From 70b52f09080565030a530a784f1c9948a7f48ca3 Mon Sep 17 00:00:00 2001
+From: Bean Huo <beanhuo@micron.com>
+Date: Tue, 4 May 2021 22:32:09 +0200
+Subject: mmc: block: Disable CMDQ on the ioctl path
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Bean Huo <beanhuo@micron.com>
+
+commit 70b52f09080565030a530a784f1c9948a7f48ca3 upstream.
+
+According to the eMMC Spec:
+"When command queuing is enabled (CMDQ Mode En bit in CMDQ_MODE_EN
+field is set to ‘1’) class 11 commands are the only method through
+which data transfer tasks can be issued. Existing data transfer
+commands, namely CMD18/CMD17 and CMD25/CMD24, are not supported when
+command queuing is enabled."
+which means if CMDQ is enabled, the FFU commands will not be supported.
+To fix this issue, just simply disable CMDQ on the ioctl path, and
+re-enable CMDQ once ioctl request is completed.
+
+Tested-by: Michael Brunner <Michael.Brunner@kontron.com>
+Signed-off-by: Bean Huo <beanhuo@micron.com>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Fixes: 1e8e55b67030 (mmc: block: Add CQE support)
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20210504203209.361597-1-huobean@gmail.com
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/core/block.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/mmc/core/block.c
++++ b/drivers/mmc/core/block.c
+@@ -1004,6 +1004,12 @@ static void mmc_blk_issue_drv_op(struct
+
+ switch (mq_rq->drv_op) {
+ case MMC_DRV_OP_IOCTL:
++ if (card->ext_csd.cmdq_en) {
++ ret = mmc_cmdq_disable(card);
++ if (ret)
++ break;
++ }
++ fallthrough;
+ case MMC_DRV_OP_IOCTL_RPMB:
+ idata = mq_rq->drv_op_data;
+ for (i = 0, ret = 0; i < mq_rq->ioc_count; i++) {
+@@ -1014,6 +1020,8 @@ static void mmc_blk_issue_drv_op(struct
+ /* Always switch back to main area after RPMB access */
+ if (rpmb_ioctl)
+ mmc_blk_part_switch(card, 0);
++ else if (card->reenable_cmdq && !card->ext_csd.cmdq_en)
++ mmc_cmdq_enable(card);
+ break;
+ case MMC_DRV_OP_BOOT_WP:
+ ret = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL, EXT_CSD_BOOT_WP,
--- /dev/null
+From 3c0bb3107703d2c58f7a0a7a2060bb57bc120326 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Fri, 21 May 2021 15:30:26 +0200
+Subject: mmc: vub3000: fix control-request direction
+
+From: Johan Hovold <johan@kernel.org>
+
+commit 3c0bb3107703d2c58f7a0a7a2060bb57bc120326 upstream.
+
+The direction of the pipe argument must match the request-type direction
+bit or control requests may fail depending on the host-controller-driver
+implementation.
+
+Fix the SET_ROM_WAIT_STATES request which erroneously used
+usb_rcvctrlpipe().
+
+Fixes: 88095e7b473a ("mmc: Add new VUB300 USB-to-SD/SDIO/MMC driver")
+Cc: stable@vger.kernel.org # 3.0
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Link: https://lore.kernel.org/r/20210521133026.17296-1-johan@kernel.org
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/mmc/host/vub300.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mmc/host/vub300.c
++++ b/drivers/mmc/host/vub300.c
+@@ -2279,7 +2279,7 @@ static int vub300_probe(struct usb_inter
+ if (retval < 0)
+ goto error5;
+ retval =
+- usb_control_msg(vub300->udev, usb_rcvctrlpipe(vub300->udev, 0),
++ usb_control_msg(vub300->udev, usb_sndctrlpipe(vub300->udev, 0),
+ SET_ROM_WAIT_STATES,
+ USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE,
+ firmware_rom_wait_states, 0x0000, NULL, 0, HZ);
--- /dev/null
+From 40445fd2c9fa427297acdfcc2c573ff10493f209 Mon Sep 17 00:00:00 2001
+From: Javed Hasan <jhasan@marvell.com>
+Date: Thu, 3 Jun 2021 03:14:03 -0700
+Subject: scsi: fc: Correct RHBA attributes length
+
+From: Javed Hasan <jhasan@marvell.com>
+
+commit 40445fd2c9fa427297acdfcc2c573ff10493f209 upstream.
+
+As per the FC-GS-5 specification, attribute lengths of node_name and
+manufacturer should in range of "4 to 64 Bytes" only.
+
+Link: https://lore.kernel.org/r/20210603101404.7841-2-jhasan@marvell.com
+Fixes: e721eb0616f6 ("scsi: scsi_transport_fc: Match HBA Attribute Length with HBAAPI V2.0 definitions")
+CC: stable@vger.kernel.org
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Javed Hasan <jhasan@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/scsi/fc/fc_ms.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/scsi/fc/fc_ms.h
++++ b/include/scsi/fc/fc_ms.h
+@@ -63,8 +63,8 @@ enum fc_fdmi_hba_attr_type {
+ * HBA Attribute Length
+ */
+ #define FC_FDMI_HBA_ATTR_NODENAME_LEN 8
+-#define FC_FDMI_HBA_ATTR_MANUFACTURER_LEN 80
+-#define FC_FDMI_HBA_ATTR_SERIALNUMBER_LEN 80
++#define FC_FDMI_HBA_ATTR_MANUFACTURER_LEN 64
++#define FC_FDMI_HBA_ATTR_SERIALNUMBER_LEN 64
+ #define FC_FDMI_HBA_ATTR_MODEL_LEN 256
+ #define FC_FDMI_HBA_ATTR_MODELDESCR_LEN 256
+ #define FC_FDMI_HBA_ATTR_HARDWAREVERSION_LEN 256
--- /dev/null
+From 8f70328c068f9f5c5db82848724cb276f657b9cd Mon Sep 17 00:00:00 2001
+From: Javed Hasan <jhasan@marvell.com>
+Date: Thu, 3 Jun 2021 03:14:04 -0700
+Subject: scsi: libfc: Correct the condition check and invalid argument passed
+
+From: Javed Hasan <jhasan@marvell.com>
+
+commit 8f70328c068f9f5c5db82848724cb276f657b9cd upstream.
+
+Incorrect condition check was leading to data corruption.
+
+Link: https://lore.kernel.org/r/20210603101404.7841-3-jhasan@marvell.com
+Fixes: 8fd9efca86d0 ("scsi: libfc: Work around -Warray-bounds warning")
+CC: stable@vger.kernel.org
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Javed Hasan <jhasan@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/libfc/fc_encode.h | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/libfc/fc_encode.h
++++ b/drivers/scsi/libfc/fc_encode.h
+@@ -166,9 +166,11 @@ static inline int fc_ct_ns_fill(struct f
+ static inline void fc_ct_ms_fill_attr(struct fc_fdmi_attr_entry *entry,
+ const char *in, size_t len)
+ {
+- int copied = strscpy(entry->value, in, len);
+- if (copied > 0)
+- memset(entry->value, copied, len - copied);
++ int copied;
++
++ copied = strscpy((char *)&entry->value, in, len);
++ if (copied > 0 && (copied + 1) < len)
++ memset((entry->value + copied + 1), 0, len - copied - 1);
+ }
+
+ /**
--- /dev/null
+From 4012baeab6ca22b7f7beb121b6d0da0a62942fdd Mon Sep 17 00:00:00 2001
+From: James Smart <jsmart2021@gmail.com>
+Date: Fri, 14 May 2021 12:55:53 -0700
+Subject: scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs
+
+From: James Smart <jsmart2021@gmail.com>
+
+commit 4012baeab6ca22b7f7beb121b6d0da0a62942fdd upstream.
+
+When lpfc is handling a solicited and unsolicited PLOGI with another
+initiator, the remote initiator is never recovered. The node for the
+initiator is erroneouosly removed and all resources released.
+
+In lpfc_cmpl_els_plogi(), when lpfc_els_retry() returns a failure code, the
+driver is calling the state machine with a device remove event because the
+remote port is not currently registered with the SCSI or NVMe
+transports. The issue is that on a PLOGI "collision" the driver correctly
+aborts the solicited PLOGI and allows the unsolicited PLOGI to complete the
+process, but this process is interrupted with a device_rm event.
+
+Introduce logic in the PLOGI completion to capture the PLOGI collision
+event and jump out of the routine. This will avoid removal of the node.
+If there is no collision, the normal node removal will occur.
+
+Fixes: 52edb2caf675 ("scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails")
+Cc: <stable@vger.kernel.org> # v5.11+
+Link: https://lore.kernel.org/r/20210514195559.119853-6-jsmart2021@gmail.com
+Co-developed-by: Justin Tee <justin.tee@broadcom.com>
+Signed-off-by: Justin Tee <justin.tee@broadcom.com>
+Signed-off-by: James Smart <jsmart2021@gmail.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/lpfc/lpfc_els.c | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+--- a/drivers/scsi/lpfc/lpfc_els.c
++++ b/drivers/scsi/lpfc/lpfc_els.c
+@@ -1998,9 +1998,20 @@ lpfc_cmpl_els_plogi(struct lpfc_hba *phb
+ lpfc_disc_state_machine(vport, ndlp, cmdiocb,
+ NLP_EVT_CMPL_PLOGI);
+
+- /* As long as this node is not registered with the scsi or nvme
+- * transport, it is no longer an active node. Otherwise
+- * devloss handles the final cleanup.
++ /* If a PLOGI collision occurred, the node needs to continue
++ * with the reglogin process.
++ */
++ spin_lock_irq(&ndlp->lock);
++ if ((ndlp->nlp_flag & (NLP_ACC_REGLOGIN | NLP_RCV_PLOGI)) &&
++ ndlp->nlp_state == NLP_STE_REG_LOGIN_ISSUE) {
++ spin_unlock_irq(&ndlp->lock);
++ goto out;
++ }
++ spin_unlock_irq(&ndlp->lock);
++
++ /* No PLOGI collision and the node is not registered with the
++ * scsi or nvme transport. It is no longer an active node. Just
++ * start the device remove process.
+ */
+ if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD))) {
+ spin_lock_irq(&ndlp->lock);
+@@ -4620,6 +4631,10 @@ out:
+ (vport && vport->port_type == LPFC_NPIV_PORT) &&
+ ndlp->nlp_flag & NLP_RELEASE_RPI) {
+ lpfc_sli4_free_rpi(phba, ndlp->nlp_rpi);
++ spin_lock_irq(&ndlp->lock);
++ ndlp->nlp_rpi = LPFC_RPI_ALLOC_ERROR;
++ ndlp->nlp_flag &= ~NLP_RELEASE_RPI;
++ spin_unlock_irq(&ndlp->lock);
+ lpfc_drop_node(vport, ndlp);
+ }
+
--- /dev/null
+From 01131e7aae5d30e23e3cdd1eebe51bbc5489ae8f Mon Sep 17 00:00:00 2001
+From: James Smart <jsmart2021@gmail.com>
+Date: Fri, 14 May 2021 12:55:49 -0700
+Subject: scsi: lpfc: Fix unreleased RPIs when NPIV ports are created
+
+From: James Smart <jsmart2021@gmail.com>
+
+commit 01131e7aae5d30e23e3cdd1eebe51bbc5489ae8f upstream.
+
+While testing NPIV and watching logins and used RPI levels, it was seen the
+used RPI count was much higher than the number of remote ports discovered.
+
+Code inspection showed that remote port removals on any NPIV instance are
+releasing the RPI, but not performing an UNREG_RPI with the adapter thus
+the reference counting never fully drops and the RPI is never fully
+released. This was happening on NPIV nodes due to a log of fabric ELS's to
+fabric addresses. This lack of UNREG_RPI was introduced by a prior node
+rework patch that performed the UNREG_RPI as part of node cleanup.
+
+To resolve the issue, do the following:
+
+ - Restore the RPI release code, but move the location to so that it is in
+ line with the new node cleanup design.
+
+ - NPIV ports now release the RPI and drop the node when the caller sets
+ the NLP_RELEASE_RPI flag.
+
+ - Set the NLP_RELEASE_RPI flag in node cleanup which will trigger a
+ release of RPI to free pool.
+
+ - Ensure there's an UNREG_RPI at LOGO completion so that RPI release is
+ completed.
+
+ - Stop offline_prep from skipping nodes that are UNUSED. The RPI may
+ not have been released.
+
+ - Stop the default RPI handling in lpfc_cmpl_els_rsp() for SLI4.
+
+ - Fixed up debugfs RPI displays for better debugging.
+
+Fixes: a70e63eee1c1 ("scsi: lpfc: Fix NPIV Fabric Node reference counting")
+Link: https://lore.kernel.org/r/20210514195559.119853-2-jsmart2021@gmail.com
+Cc: <stable@vger.kernel.org> # v5.11+
+Co-developed-by: Justin Tee <justin.tee@broadcom.com>
+Signed-off-by: Justin Tee <justin.tee@broadcom.com>
+Signed-off-by: James Smart <jsmart2021@gmail.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/lpfc/lpfc_debugfs.c | 7 ---
+ drivers/scsi/lpfc/lpfc_els.c | 79 +++++++++++++++++++++++++++++--------
+ drivers/scsi/lpfc/lpfc_hbadisc.c | 27 +++++++++++-
+ drivers/scsi/lpfc/lpfc_init.c | 7 ---
+ drivers/scsi/lpfc/lpfc_nportdisc.c | 25 +++++++----
+ drivers/scsi/lpfc/lpfc_sli.c | 10 +++-
+ 6 files changed, 115 insertions(+), 40 deletions(-)
+
+--- a/drivers/scsi/lpfc/lpfc_debugfs.c
++++ b/drivers/scsi/lpfc/lpfc_debugfs.c
+@@ -868,11 +868,8 @@ lpfc_debugfs_nodelist_data(struct lpfc_v
+ len += scnprintf(buf+len, size-len,
+ "WWNN x%llx ",
+ wwn_to_u64(ndlp->nlp_nodename.u.wwn));
+- if (ndlp->nlp_flag & NLP_RPI_REGISTERED)
+- len += scnprintf(buf+len, size-len, "RPI:%04d ",
+- ndlp->nlp_rpi);
+- else
+- len += scnprintf(buf+len, size-len, "RPI:none ");
++ len += scnprintf(buf+len, size-len, "RPI:x%04x ",
++ ndlp->nlp_rpi);
+ len += scnprintf(buf+len, size-len, "flag:x%08x ",
+ ndlp->nlp_flag);
+ if (!ndlp->nlp_type)
+--- a/drivers/scsi/lpfc/lpfc_els.c
++++ b/drivers/scsi/lpfc/lpfc_els.c
+@@ -2869,6 +2869,11 @@ lpfc_cmpl_els_logo(struct lpfc_hba *phba
+ * log into the remote port.
+ */
+ if (ndlp->nlp_flag & NLP_TARGET_REMOVE) {
++ spin_lock_irq(&ndlp->lock);
++ if (phba->sli_rev == LPFC_SLI_REV4)
++ ndlp->nlp_flag |= NLP_RELEASE_RPI;
++ ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
++ spin_unlock_irq(&ndlp->lock);
+ lpfc_disc_state_machine(vport, ndlp, cmdiocb,
+ NLP_EVT_DEVICE_RM);
+ lpfc_els_free_iocb(phba, cmdiocb);
+@@ -4371,6 +4376,7 @@ lpfc_cmpl_els_logo_acc(struct lpfc_hba *
+ struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *) cmdiocb->context1;
+ struct lpfc_vport *vport = cmdiocb->vport;
+ IOCB_t *irsp;
++ u32 xpt_flags = 0, did_mask = 0;
+
+ irsp = &rspiocb->iocb;
+ lpfc_debugfs_disc_trc(vport, LPFC_DISC_TRC_ELS_RSP,
+@@ -4386,9 +4392,20 @@ lpfc_cmpl_els_logo_acc(struct lpfc_hba *
+ if (ndlp->nlp_state == NLP_STE_NPR_NODE) {
+ /* NPort Recovery mode or node is just allocated */
+ if (!lpfc_nlp_not_used(ndlp)) {
+- /* If the ndlp is being used by another discovery
+- * thread, just unregister the RPI.
++ /* A LOGO is completing and the node is in NPR state.
++ * If this a fabric node that cleared its transport
++ * registration, release the rpi.
+ */
++ xpt_flags = SCSI_XPT_REGD | NVME_XPT_REGD;
++ did_mask = ndlp->nlp_DID & Fabric_DID_MASK;
++ if (did_mask == Fabric_DID_MASK &&
++ !(ndlp->fc4_xpt_flags & xpt_flags)) {
++ spin_lock_irq(&ndlp->lock);
++ ndlp->nlp_flag &= ~NLP_NPR_2B_DISC;
++ if (phba->sli_rev == LPFC_SLI_REV4)
++ ndlp->nlp_flag |= NLP_RELEASE_RPI;
++ spin_unlock_irq(&ndlp->lock);
++ }
+ lpfc_unreg_rpi(vport, ndlp);
+ } else {
+ /* Indicate the node has already released, should
+@@ -4424,28 +4441,37 @@ lpfc_mbx_cmpl_dflt_rpi(struct lpfc_hba *
+ {
+ struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)(pmb->ctx_buf);
+ struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp;
++ u32 mbx_flag = pmb->mbox_flag;
++ u32 mbx_cmd = pmb->u.mb.mbxCommand;
+
+ pmb->ctx_buf = NULL;
+ pmb->ctx_ndlp = NULL;
+
+- lpfc_mbuf_free(phba, mp->virt, mp->phys);
+- kfree(mp);
+- mempool_free(pmb, phba->mbox_mem_pool);
+ if (ndlp) {
+ lpfc_printf_vlog(ndlp->vport, KERN_INFO, LOG_NODE,
+- "0006 rpi x%x DID:%x flg:%x %d x%px\n",
++ "0006 rpi x%x DID:%x flg:%x %d x%px "
++ "mbx_cmd x%x mbx_flag x%x x%px\n",
+ ndlp->nlp_rpi, ndlp->nlp_DID, ndlp->nlp_flag,
+- kref_read(&ndlp->kref),
+- ndlp);
+- /* This is the end of the default RPI cleanup logic for
+- * this ndlp and it could get released. Clear the nlp_flags to
+- * prevent any further processing.
++ kref_read(&ndlp->kref), ndlp, mbx_cmd,
++ mbx_flag, pmb);
++
++ /* This ends the default/temporary RPI cleanup logic for this
++ * ndlp and the node and rpi needs to be released. Free the rpi
++ * first on an UNREG_LOGIN and then release the final
++ * references.
+ */
++ spin_lock_irq(&ndlp->lock);
+ ndlp->nlp_flag &= ~NLP_REG_LOGIN_SEND;
++ if (mbx_cmd == MBX_UNREG_LOGIN)
++ ndlp->nlp_flag &= ~NLP_UNREG_INP;
++ spin_unlock_irq(&ndlp->lock);
+ lpfc_nlp_put(ndlp);
+- lpfc_nlp_not_used(ndlp);
++ lpfc_drop_node(ndlp->vport, ndlp);
+ }
+
++ lpfc_mbuf_free(phba, mp->virt, mp->phys);
++ kfree(mp);
++ mempool_free(pmb, phba->mbox_mem_pool);
+ return;
+ }
+
+@@ -4503,11 +4529,11 @@ lpfc_cmpl_els_rsp(struct lpfc_hba *phba,
+ /* ELS response tag <ulpIoTag> completes */
+ lpfc_printf_vlog(vport, KERN_INFO, LOG_ELS,
+ "0110 ELS response tag x%x completes "
+- "Data: x%x x%x x%x x%x x%x x%x x%x\n",
++ "Data: x%x x%x x%x x%x x%x x%x x%x x%x x%px\n",
+ cmdiocb->iocb.ulpIoTag, rspiocb->iocb.ulpStatus,
+ rspiocb->iocb.un.ulpWord[4], rspiocb->iocb.ulpTimeout,
+ ndlp->nlp_DID, ndlp->nlp_flag, ndlp->nlp_state,
+- ndlp->nlp_rpi);
++ ndlp->nlp_rpi, kref_read(&ndlp->kref), mbox);
+ if (mbox) {
+ if ((rspiocb->iocb.ulpStatus == 0) &&
+ (ndlp->nlp_flag & NLP_ACC_REGLOGIN)) {
+@@ -4587,6 +4613,16 @@ out:
+ spin_unlock_irq(&ndlp->lock);
+ }
+
++ /* An SLI4 NPIV instance wants to drop the node at this point under
++ * these conditions and release the RPI.
++ */
++ if (phba->sli_rev == LPFC_SLI_REV4 &&
++ (vport && vport->port_type == LPFC_NPIV_PORT) &&
++ ndlp->nlp_flag & NLP_RELEASE_RPI) {
++ lpfc_sli4_free_rpi(phba, ndlp->nlp_rpi);
++ lpfc_drop_node(vport, ndlp);
++ }
++
+ /* Release the originating I/O reference. */
+ lpfc_els_free_iocb(phba, cmdiocb);
+ lpfc_nlp_put(ndlp);
+@@ -4775,10 +4811,10 @@ lpfc_els_rsp_acc(struct lpfc_vport *vpor
+ lpfc_printf_vlog(vport, KERN_INFO, LOG_ELS,
+ "0128 Xmit ELS ACC response Status: x%x, IoTag: x%x, "
+ "XRI: x%x, DID: x%x, nlp_flag: x%x nlp_state: x%x "
+- "RPI: x%x, fc_flag x%x\n",
++ "RPI: x%x, fc_flag x%x refcnt %d\n",
+ rc, elsiocb->iotag, elsiocb->sli4_xritag,
+ ndlp->nlp_DID, ndlp->nlp_flag, ndlp->nlp_state,
+- ndlp->nlp_rpi, vport->fc_flag);
++ ndlp->nlp_rpi, vport->fc_flag, kref_read(&ndlp->kref));
+ return 0;
+ }
+
+@@ -4856,6 +4892,17 @@ lpfc_els_rsp_reject(struct lpfc_vport *v
+ return 1;
+ }
+
++ /* The NPIV instance is rejecting this unsolicited ELS. Make sure the
++ * node's assigned RPI needs to be released as this node will get
++ * freed.
++ */
++ if (phba->sli_rev == LPFC_SLI_REV4 &&
++ vport->port_type == LPFC_NPIV_PORT) {
++ spin_lock_irq(&ndlp->lock);
++ ndlp->nlp_flag |= NLP_RELEASE_RPI;
++ spin_unlock_irq(&ndlp->lock);
++ }
++
+ rc = lpfc_sli_issue_iocb(phba, LPFC_ELS_RING, elsiocb, 0);
+ if (rc == IOCB_ERROR) {
+ lpfc_els_free_iocb(phba, elsiocb);
+--- a/drivers/scsi/lpfc/lpfc_hbadisc.c
++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c
+@@ -4789,12 +4789,17 @@ lpfc_nlp_logo_unreg(struct lpfc_hba *phb
+ ndlp->nlp_defer_did = NLP_EVT_NOTHING_PENDING;
+ lpfc_issue_els_plogi(vport, ndlp->nlp_DID, 0);
+ } else {
++ /* NLP_RELEASE_RPI is only set for SLI4 ports. */
+ if (ndlp->nlp_flag & NLP_RELEASE_RPI) {
+ lpfc_sli4_free_rpi(vport->phba, ndlp->nlp_rpi);
++ spin_lock_irq(&ndlp->lock);
+ ndlp->nlp_flag &= ~NLP_RELEASE_RPI;
+ ndlp->nlp_rpi = LPFC_RPI_ALLOC_ERROR;
++ spin_unlock_irq(&ndlp->lock);
+ }
++ spin_lock_irq(&ndlp->lock);
+ ndlp->nlp_flag &= ~NLP_UNREG_INP;
++ spin_unlock_irq(&ndlp->lock);
+ }
+ }
+
+@@ -5129,8 +5134,10 @@ lpfc_cleanup_node(struct lpfc_vport *vpo
+ list_del_init(&ndlp->dev_loss_evt.evt_listp);
+ list_del_init(&ndlp->recovery_evt.evt_listp);
+ lpfc_cleanup_vports_rrqs(vport, ndlp);
++
+ if (phba->sli_rev == LPFC_SLI_REV4)
+ ndlp->nlp_flag |= NLP_RELEASE_RPI;
++
+ return 0;
+ }
+
+@@ -6176,8 +6183,23 @@ lpfc_nlp_release(struct kref *kref)
+ lpfc_cancel_retry_delay_tmo(vport, ndlp);
+ lpfc_cleanup_node(vport, ndlp);
+
+- /* Clear Node key fields to give other threads notice
+- * that this node memory is not valid anymore.
++ /* Not all ELS transactions have registered the RPI with the port.
++ * In these cases the rpi usage is temporary and the node is
++ * released when the WQE is completed. Catch this case to free the
++ * RPI to the pool. Because this node is in the release path, a lock
++ * is unnecessary. All references are gone and the node has been
++ * dequeued.
++ */
++ if (ndlp->nlp_flag & NLP_RELEASE_RPI) {
++ if (ndlp->nlp_rpi != LPFC_RPI_ALLOC_ERROR &&
++ !(ndlp->nlp_flag & (NLP_RPI_REGISTERED | NLP_UNREG_INP))) {
++ lpfc_sli4_free_rpi(vport->phba, ndlp->nlp_rpi);
++ ndlp->nlp_rpi = LPFC_RPI_ALLOC_ERROR;
++ }
++ }
++
++ /* The node is not freed back to memory, it is released to a pool so
++ * the node fields need to be cleaned up.
+ */
+ ndlp->vport = NULL;
+ ndlp->nlp_state = NLP_STE_FREED_NODE;
+@@ -6257,6 +6279,7 @@ lpfc_nlp_not_used(struct lpfc_nodelist *
+ "node not used: did:x%x flg:x%x refcnt:x%x",
+ ndlp->nlp_DID, ndlp->nlp_flag,
+ kref_read(&ndlp->kref));
++
+ if (kref_read(&ndlp->kref) == 1)
+ if (lpfc_nlp_put(ndlp))
+ return 1;
+--- a/drivers/scsi/lpfc/lpfc_init.c
++++ b/drivers/scsi/lpfc/lpfc_init.c
+@@ -3532,13 +3532,6 @@ lpfc_offline_prep(struct lpfc_hba *phba,
+ list_for_each_entry_safe(ndlp, next_ndlp,
+ &vports[i]->fc_nodes,
+ nlp_listp) {
+- if (ndlp->nlp_state == NLP_STE_UNUSED_NODE) {
+- /* Driver must assume RPI is invalid for
+- * any unused or inactive node.
+- */
+- ndlp->nlp_rpi = LPFC_RPI_ALLOC_ERROR;
+- continue;
+- }
+
+ spin_lock_irq(&ndlp->lock);
+ ndlp->nlp_flag &= ~NLP_NPR_ADISC;
+--- a/drivers/scsi/lpfc/lpfc_nportdisc.c
++++ b/drivers/scsi/lpfc/lpfc_nportdisc.c
+@@ -567,15 +567,24 @@ lpfc_rcv_plogi(struct lpfc_vport *vport,
+ /* no deferred ACC */
+ kfree(save_iocb);
+
+- /* In order to preserve RPIs, we want to cleanup
+- * the default RPI the firmware created to rcv
+- * this ELS request. The only way to do this is
+- * to register, then unregister the RPI.
++ /* This is an NPIV SLI4 instance that does not need to register
++ * a default RPI.
+ */
+- spin_lock_irq(&ndlp->lock);
+- ndlp->nlp_flag |= (NLP_RM_DFLT_RPI | NLP_ACC_REGLOGIN |
+- NLP_RCV_PLOGI);
+- spin_unlock_irq(&ndlp->lock);
++ if (phba->sli_rev == LPFC_SLI_REV4) {
++ mempool_free(login_mbox, phba->mbox_mem_pool);
++ login_mbox = NULL;
++ } else {
++ /* In order to preserve RPIs, we want to cleanup
++ * the default RPI the firmware created to rcv
++ * this ELS request. The only way to do this is
++ * to register, then unregister the RPI.
++ */
++ spin_lock_irq(&ndlp->lock);
++ ndlp->nlp_flag |= (NLP_RM_DFLT_RPI | NLP_ACC_REGLOGIN |
++ NLP_RCV_PLOGI);
++ spin_unlock_irq(&ndlp->lock);
++ }
++
+ stat.un.b.lsRjtRsnCode = LSRJT_INVALID_CMD;
+ stat.un.b.lsRjtRsnCodeExp = LSEXP_NOTHING_MORE;
+ rc = lpfc_els_rsp_reject(vport, stat.un.lsRjtError, cmdiocb,
+--- a/drivers/scsi/lpfc/lpfc_sli.c
++++ b/drivers/scsi/lpfc/lpfc_sli.c
+@@ -13625,9 +13625,15 @@ lpfc_sli4_sp_handle_mbox_event(struct lp
+ if (mcqe_status == MB_CQE_STATUS_SUCCESS) {
+ mp = (struct lpfc_dmabuf *)(pmb->ctx_buf);
+ ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp;
+- /* Reg_LOGIN of dflt RPI was successful. Now lets get
+- * RID of the PPI using the same mbox buffer.
++
++ /* Reg_LOGIN of dflt RPI was successful. Mark the
++ * node as having an UNREG_LOGIN in progress to stop
++ * an unsolicited PLOGI from the same NPortId from
++ * starting another mailbox transaction.
+ */
++ spin_lock_irqsave(&ndlp->lock, iflags);
++ ndlp->nlp_flag |= NLP_UNREG_INP;
++ spin_unlock_irqrestore(&ndlp->lock, iflags);
+ lpfc_unreg_login(phba, vport->vpi,
+ pmbox->un.varWords[0], pmb);
+ pmb->mbox_cmpl = lpfc_mbx_cmpl_dflt_rpi;
--- /dev/null
+From 79db830162b733f5f3ee80f0673eeeb0245fe38b Mon Sep 17 00:00:00 2001
+From: Chandrakanth Patil <chandrakanth.patil@broadcom.com>
+Date: Fri, 28 May 2021 18:43:03 +0530
+Subject: scsi: megaraid_sas: Send all non-RW I/Os for TYPE_ENCLOSURE device through firmware
+
+From: Chandrakanth Patil <chandrakanth.patil@broadcom.com>
+
+commit 79db830162b733f5f3ee80f0673eeeb0245fe38b upstream.
+
+The driver issues all non-ReadWrite I/Os for TYPE_ENCLOSURE devices through
+the fast path with invalid dev handle. Fast path in turn directs all the
+I/Os to the firmware. As firmware stopped handling those I/Os from SAS3.5
+generation of controllers (Ventura generation and onwards) this will lead
+to I/O failures.
+
+Switch the driver to issue all the non-ReadWrite I/Os for TYPE_ENCLOSURE
+devices directly to firmware for SAS3.5 generation of controllers and
+later.
+
+Link: https://lore.kernel.org/r/20210528131307.25683-2-chandrakanth.patil@broadcom.com
+Cc: <stable@vger.kernel.org> # v5.11+
+Signed-off-by: Chandrakanth Patil <chandrakanth.patil@broadcom.com>
+Signed-off-by: Sumit Saxena <sumit.saxena@broadcom.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/megaraid/megaraid_sas_fusion.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c
++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c
+@@ -3203,6 +3203,8 @@ megasas_build_io_fusion(struct megasas_i
+ {
+ int sge_count;
+ u8 cmd_type;
++ u16 pd_index = 0;
++ u8 drive_type = 0;
+ struct MPI2_RAID_SCSI_IO_REQUEST *io_request = cmd->io_request;
+ struct MR_PRIV_DEVICE *mr_device_priv_data;
+ mr_device_priv_data = scp->device->hostdata;
+@@ -3237,8 +3239,12 @@ megasas_build_io_fusion(struct megasas_i
+ megasas_build_syspd_fusion(instance, scp, cmd, true);
+ break;
+ case NON_READ_WRITE_SYSPDIO:
+- if (instance->secure_jbod_support ||
+- mr_device_priv_data->is_tm_capable)
++ pd_index = MEGASAS_PD_INDEX(scp);
++ drive_type = instance->pd_list[pd_index].driveType;
++ if ((instance->secure_jbod_support ||
++ mr_device_priv_data->is_tm_capable) ||
++ (instance->adapter_type >= VENTURA_SERIES &&
++ drive_type == TYPE_ENCLOSURE))
+ megasas_build_syspd_fusion(instance, scp, cmd, false);
+ else
+ megasas_build_syspd_fusion(instance, scp, cmd, true);
--- /dev/null
+From 6ecdafaec79d4b3388a5b017245f23a0ff9d852d Mon Sep 17 00:00:00 2001
+From: Varun Prakash <varun@chelsio.com>
+Date: Wed, 14 Apr 2021 18:09:09 +0530
+Subject: scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd()
+
+From: Varun Prakash <varun@chelsio.com>
+
+commit 6ecdafaec79d4b3388a5b017245f23a0ff9d852d upstream.
+
+Instead of calling dma_unmap_sg() after completing WRITE I/O, call
+dma_unmap_sg() before calling target_execute_cmd() to sync the DMA buffer.
+
+Link: https://lore.kernel.org/r/1618403949-3443-1-git-send-email-varun@chelsio.com
+Cc: <stable@vger.kernel.org> # 5.4+
+Signed-off-by: Varun Prakash <varun@chelsio.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/target/iscsi/cxgbit/cxgbit_ddp.c | 19 ++++++++++---------
+ drivers/target/iscsi/cxgbit/cxgbit_target.c | 21 ++++++++++++++++++---
+ 2 files changed, 28 insertions(+), 12 deletions(-)
+
+--- a/drivers/target/iscsi/cxgbit/cxgbit_ddp.c
++++ b/drivers/target/iscsi/cxgbit/cxgbit_ddp.c
+@@ -265,12 +265,13 @@ void cxgbit_unmap_cmd(struct iscsi_conn
+ struct cxgbit_cmd *ccmd = iscsit_priv_cmd(cmd);
+
+ if (ccmd->release) {
+- struct cxgbi_task_tag_info *ttinfo = &ccmd->ttinfo;
+-
+- if (ttinfo->sgl) {
++ if (cmd->se_cmd.se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) {
++ put_page(sg_page(&ccmd->sg));
++ } else {
+ struct cxgbit_sock *csk = conn->context;
+ struct cxgbit_device *cdev = csk->com.cdev;
+ struct cxgbi_ppm *ppm = cdev2ppm(cdev);
++ struct cxgbi_task_tag_info *ttinfo = &ccmd->ttinfo;
+
+ /* Abort the TCP conn if DDP is not complete to
+ * avoid any possibility of DDP after freeing
+@@ -280,14 +281,14 @@ void cxgbit_unmap_cmd(struct iscsi_conn
+ cmd->se_cmd.data_length))
+ cxgbit_abort_conn(csk);
+
++ if (unlikely(ttinfo->sgl)) {
++ dma_unmap_sg(&ppm->pdev->dev, ttinfo->sgl,
++ ttinfo->nents, DMA_FROM_DEVICE);
++ ttinfo->nents = 0;
++ ttinfo->sgl = NULL;
++ }
+ cxgbi_ppm_ppod_release(ppm, ttinfo->idx);
+-
+- dma_unmap_sg(&ppm->pdev->dev, ttinfo->sgl,
+- ttinfo->nents, DMA_FROM_DEVICE);
+- } else {
+- put_page(sg_page(&ccmd->sg));
+ }
+-
+ ccmd->release = false;
+ }
+ }
+--- a/drivers/target/iscsi/cxgbit/cxgbit_target.c
++++ b/drivers/target/iscsi/cxgbit/cxgbit_target.c
+@@ -997,17 +997,18 @@ static int cxgbit_handle_iscsi_dataout(s
+ struct scatterlist *sg_start;
+ struct iscsi_conn *conn = csk->conn;
+ struct iscsi_cmd *cmd = NULL;
++ struct cxgbit_cmd *ccmd;
++ struct cxgbi_task_tag_info *ttinfo;
+ struct cxgbit_lro_pdu_cb *pdu_cb = cxgbit_rx_pdu_cb(csk->skb);
+ struct iscsi_data *hdr = (struct iscsi_data *)pdu_cb->hdr;
+ u32 data_offset = be32_to_cpu(hdr->offset);
+- u32 data_len = pdu_cb->dlen;
++ u32 data_len = ntoh24(hdr->dlength);
+ int rc, sg_nents, sg_off;
+ bool dcrc_err = false;
+
+ if (pdu_cb->flags & PDUCBF_RX_DDP_CMP) {
+ u32 offset = be32_to_cpu(hdr->offset);
+ u32 ddp_data_len;
+- u32 payload_length = ntoh24(hdr->dlength);
+ bool success = false;
+
+ cmd = iscsit_find_cmd_from_itt_or_dump(conn, hdr->itt, 0);
+@@ -1022,7 +1023,7 @@ static int cxgbit_handle_iscsi_dataout(s
+ cmd->data_sn = be32_to_cpu(hdr->datasn);
+
+ rc = __iscsit_check_dataout_hdr(conn, (unsigned char *)hdr,
+- cmd, payload_length, &success);
++ cmd, data_len, &success);
+ if (rc < 0)
+ return rc;
+ else if (!success)
+@@ -1060,6 +1061,20 @@ static int cxgbit_handle_iscsi_dataout(s
+ cxgbit_skb_copy_to_sg(csk->skb, sg_start, sg_nents, skip);
+ }
+
++ ccmd = iscsit_priv_cmd(cmd);
++ ttinfo = &ccmd->ttinfo;
++
++ if (ccmd->release && ttinfo->sgl &&
++ (cmd->se_cmd.data_length == (cmd->write_data_done + data_len))) {
++ struct cxgbit_device *cdev = csk->com.cdev;
++ struct cxgbi_ppm *ppm = cdev2ppm(cdev);
++
++ dma_unmap_sg(&ppm->pdev->dev, ttinfo->sgl, ttinfo->nents,
++ DMA_FROM_DEVICE);
++ ttinfo->nents = 0;
++ ttinfo->sgl = NULL;
++ }
++
+ check_payload:
+
+ rc = iscsit_check_dataout_payload(cmd, hdr, dcrc_err);
perf-llvm-return-enomem-when-asprintf-fails.patch
i2c-mpc-restore-reread-of-i2c-status-register.patch
csky-syscache-fixup-duplicate-cache-flush.patch
+exfat-handle-wrong-stream-entry-size-in-exfat_readdir.patch
+scsi-megaraid_sas-send-all-non-rw-i-os-for-type_enclosure-device-through-firmware.patch
+scsi-fc-correct-rhba-attributes-length.patch
+scsi-target-cxgbit-unmap-dma-buffer-before-calling-target_execute_cmd.patch
+scsi-lpfc-fix-unreleased-rpis-when-npiv-ports-are-created.patch
+scsi-lpfc-fix-node-recovery-when-driver-is-handling-simultaneous-plogis.patch
+scsi-libfc-correct-the-condition-check-and-invalid-argument-passed.patch
+mailbox-qcom-ipcc-fix-ipcc-mbox-channel-exhaustion.patch
+fscrypt-don-t-ignore-minor_hash-when-hash-is-0.patch
+fscrypt-fix-derivation-of-siphash-keys-on-big-endian-cpus.patch
+tpm-replace-warn_once-with-dev_err_once-in-tpm_tis_status.patch
+erofs-fix-error-return-code-in-erofs_read_superblock.patch
+block-return-the-correct-bvec-when-checking-for-gaps.patch
+io_uring-fix-blocking-inline-submission.patch
+io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_renameat.patch
+io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_unlinkat.patch
+mmc-block-disable-cmdq-on-the-ioctl-path.patch
+mmc-vub3000-fix-control-request-direction.patch
+media-exynos4-is-remove-a-now-unused-integer.patch
--- /dev/null
+From 0178f9d0f60ba07e09bab57381a3ef18e2c1fd7f Mon Sep 17 00:00:00 2001
+From: Jarkko Sakkinen <jarkko@kernel.org>
+Date: Wed, 9 Jun 2021 16:26:19 +0300
+Subject: tpm: Replace WARN_ONCE() with dev_err_once() in tpm_tis_status()
+
+From: Jarkko Sakkinen <jarkko@kernel.org>
+
+commit 0178f9d0f60ba07e09bab57381a3ef18e2c1fd7f upstream.
+
+Do not tear down the system when getting invalid status from a TPM chip.
+This can happen when panic-on-warn is used.
+
+Instead, introduce TPM_TIS_INVALID_STATUS bitflag and use it to trigger
+once the error reporting per chip. In addition, print out the value of
+TPM_STS for improved forensics.
+
+Link: https://lore.kernel.org/keyrings/YKzlTR1AzUigShtZ@kroah.com/
+Fixes: 55707d531af6 ("tpm_tis: Add a check for invalid status")
+Cc: stable@vger.kernel.org
+Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/char/tpm/tpm_tis_core.c | 25 ++++++++++++++++++-------
+ drivers/char/tpm/tpm_tis_core.h | 3 ++-
+ 2 files changed, 20 insertions(+), 8 deletions(-)
+
+--- a/drivers/char/tpm/tpm_tis_core.c
++++ b/drivers/char/tpm/tpm_tis_core.c
+@@ -196,13 +196,24 @@ static u8 tpm_tis_status(struct tpm_chip
+ return 0;
+
+ if (unlikely((status & TPM_STS_READ_ZERO) != 0)) {
+- /*
+- * If this trips, the chances are the read is
+- * returning 0xff because the locality hasn't been
+- * acquired. Usually because tpm_try_get_ops() hasn't
+- * been called before doing a TPM operation.
+- */
+- WARN_ONCE(1, "TPM returned invalid status\n");
++ if (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) {
++ /*
++ * If this trips, the chances are the read is
++ * returning 0xff because the locality hasn't been
++ * acquired. Usually because tpm_try_get_ops() hasn't
++ * been called before doing a TPM operation.
++ */
++ dev_err(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n",
++ status);
++
++ /*
++ * Dump stack for forensics, as invalid TPM_STS.x could be
++ * potentially triggered by impaired tpm_try_get_ops() or
++ * tpm_find_get_ops().
++ */
++ dump_stack();
++ }
++
+ return 0;
+ }
+
+--- a/drivers/char/tpm/tpm_tis_core.h
++++ b/drivers/char/tpm/tpm_tis_core.h
+@@ -83,6 +83,7 @@ enum tis_defaults {
+
+ enum tpm_tis_flags {
+ TPM_TIS_ITPM_WORKAROUND = BIT(0),
++ TPM_TIS_INVALID_STATUS = BIT(1),
+ };
+
+ struct tpm_tis_data {
+@@ -90,7 +91,7 @@ struct tpm_tis_data {
+ int locality;
+ int irq;
+ bool irq_tested;
+- unsigned int flags;
++ unsigned long flags;
+ void __iomem *ilb_base_addr;
+ u16 clkrun_enabled;
+ wait_queue_head_t int_queue;
projects / thirdparty / kernel / stable-queue.git / commitdiff
