--- /dev/null
+From ac0d71ee534e67c7e53439e8e9cb45ed40731660 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 29 May 2024 18:47:16 +0200
+Subject: ALSA: ump: Don't accept an invalid UMP protocol number
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit ac0d71ee534e67c7e53439e8e9cb45ed40731660 upstream.
+
+When a UMP Stream Configuration message is received, the driver tries
+to switch the protocol, but there was no sanity check of the protocol,
+hence it can pass an invalid value. Add the check and bail out if a
+wrong value is passed.
+
+Fixes: a79807683781 ("ALSA: ump: Add helper to change MIDI protocol")
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20240529164723.18309-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/core/ump.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/sound/core/ump.c
++++ b/sound/core/ump.c
+@@ -685,10 +685,17 @@ static void seq_notify_protocol(struct s
+ */
+ int snd_ump_switch_protocol(struct snd_ump_endpoint *ump, unsigned int protocol)
+ {
++ unsigned int type;
++
+ protocol &= ump->info.protocol_caps;
+ if (protocol == ump->info.protocol)
+ return 0;
+
++ type = protocol & SNDRV_UMP_EP_INFO_PROTO_MIDI_MASK;
++ if (type != SNDRV_UMP_EP_INFO_PROTO_MIDI1 &&
++ type != SNDRV_UMP_EP_INFO_PROTO_MIDI2)
++ return 0;
++
+ ump->info.protocol = protocol;
+ ump_dbg(ump, "New protocol = %x (caps = %x)\n",
+ protocol, ump->info.protocol_caps);
--- /dev/null
+From fe85f6e607d75b856e7229924c71f55e005f8284 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Wed, 29 May 2024 10:38:21 +0200
+Subject: ALSA: ump: Don't clear bank selection after sending a program change
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit fe85f6e607d75b856e7229924c71f55e005f8284 upstream.
+
+The current code clears the bank selection MSB/LSB after sending a
+program change, but this can be wrong, as many apps may not send the
+full bank selection with both MSB and LSB but sending only one.
+Better to keep the previous bank set.
+
+Fixes: 0b5288f5fe63 ("ALSA: ump: Add legacy raw MIDI support")
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20240529083823.5778-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/core/ump_convert.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/sound/core/ump_convert.c
++++ b/sound/core/ump_convert.c
+@@ -404,7 +404,6 @@ static int cvt_legacy_cmd_to_ump(struct
+ midi2->pg.bank_msb = cc->cc_bank_msb;
+ midi2->pg.bank_lsb = cc->cc_bank_lsb;
+ cc->bank_set = 0;
+- cc->cc_bank_msb = cc->cc_bank_lsb = 0;
+ }
+ break;
+ case UMP_MSG_STATUS_CHANNEL_PRESSURE:
--- /dev/null
+From 88208d3cd79821117fd3fb80d9bcab618467d37b Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Date: Tue, 12 Mar 2024 19:31:03 +0100
+Subject: ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+
+commit 88208d3cd79821117fd3fb80d9bcab618467d37b upstream.
+
+Although the Samsung SoC keypad binding defined
+linux,keypad-no-autorepeat property, Linux driver never implemented it
+and always used linux,input-no-autorepeat. Correct the DTS to use
+property actually implemented.
+
+This also fixes dtbs_check errors like:
+
+ exynos4412-origen.dtb: keypad@100a0000: 'linux,keypad-no-autorepeat' does not match any of the regexes: '^key-[0-9a-z]+$', 'pinctrl-[0-9]+'
+
+Cc: <stable@vger.kernel.org>
+Fixes: bd08f6277e44 ("ARM: dts: Add keypad entries to Exynos4412 based Origen")
+Link: https://lore.kernel.org/r/20240312183105.715735-2-krzysztof.kozlowski@linaro.org
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/boot/dts/samsung/exynos4412-origen.dts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/samsung/exynos4412-origen.dts
++++ b/arch/arm/boot/dts/samsung/exynos4412-origen.dts
+@@ -453,7 +453,7 @@
+ &keypad {
+ samsung,keypad-num-rows = <3>;
+ samsung,keypad-num-columns = <2>;
+- linux,keypad-no-autorepeat;
++ linux,input-no-autorepeat;
+ wakeup-source;
+ pinctrl-0 = <&keypad_rows &keypad_cols>;
+ pinctrl-names = "default";
--- /dev/null
+From 4ac4c1d794e7ff454d191bbdab7585ed8dbf3758 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Date: Tue, 12 Mar 2024 19:31:04 +0100
+Subject: ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+
+commit 4ac4c1d794e7ff454d191bbdab7585ed8dbf3758 upstream.
+
+Although the Samsung SoC keypad binding defined
+linux,keypad-no-autorepeat property, Linux driver never implemented it
+and always used linux,input-no-autorepeat. Correct the DTS to use
+property actually implemented.
+
+This also fixes dtbs_check errors like:
+
+ exynos4412-smdk4412.dtb: keypad@100a0000: 'key-A', 'key-B', 'key-C', 'key-D', 'key-E', 'linux,keypad-no-autorepeat' do not match any of the regexes: '^key-[0-9a-z]+$', 'pinctrl-[0-9]+'
+
+Cc: <stable@vger.kernel.org>
+Fixes: c9b92dd70107 ("ARM: dts: Add keypad entries to SMDK4412")
+Link: https://lore.kernel.org/r/20240312183105.715735-3-krzysztof.kozlowski@linaro.org
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/boot/dts/samsung/exynos4412-smdk4412.dts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/samsung/exynos4412-smdk4412.dts
++++ b/arch/arm/boot/dts/samsung/exynos4412-smdk4412.dts
+@@ -69,7 +69,7 @@
+ &keypad {
+ samsung,keypad-num-rows = <3>;
+ samsung,keypad-num-columns = <8>;
+- linux,keypad-no-autorepeat;
++ linux,input-no-autorepeat;
+ wakeup-source;
+ pinctrl-0 = <&keypad_rows &keypad_cols>;
+ pinctrl-names = "default";
--- /dev/null
+From 87d8e522d6f5a004f0aa06c0def302df65aff296 Mon Sep 17 00:00:00 2001
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Date: Tue, 12 Mar 2024 19:31:02 +0100
+Subject: ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+
+commit 87d8e522d6f5a004f0aa06c0def302df65aff296 upstream.
+
+Although the Samsung SoC keypad binding defined
+linux,keypad-no-autorepeat property, Linux driver never implemented it
+and always used linux,input-no-autorepeat. Correct the DTS to use
+property actually implemented.
+
+This also fixes dtbs_check errors like:
+
+ exynos4210-smdkv310.dtb: keypad@100a0000: 'linux,keypad-no-autorepeat' does not match any of the regexes: '^key-[0-9a-z]+$', 'pinctrl-[0-9]+'
+
+Cc: <stable@vger.kernel.org>
+Fixes: 0561ceabd0f1 ("ARM: dts: Add intial dts file for EXYNOS4210 SoC, SMDKV310 and ORIGEN")
+Link: https://lore.kernel.org/r/20240312183105.715735-1-krzysztof.kozlowski@linaro.org
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts
++++ b/arch/arm/boot/dts/samsung/exynos4210-smdkv310.dts
+@@ -88,7 +88,7 @@
+ &keypad {
+ samsung,keypad-num-rows = <2>;
+ samsung,keypad-num-columns = <8>;
+- linux,keypad-no-autorepeat;
++ linux,input-no-autorepeat;
+ wakeup-source;
+ pinctrl-names = "default";
+ pinctrl-0 = <&keypad_rows &keypad_cols>;
--- /dev/null
+From ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8 Mon Sep 17 00:00:00 2001
+From: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
+Date: Wed, 29 May 2024 15:12:01 +0300
+Subject: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
+
+From: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
+
+commit ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8 upstream.
+
+If a process module does not have base config extension then the same
+format applies to all of it's inputs and the process->base_config_ext is
+NULL, causing NULL dereference when specifically crafted topology and
+sequences used.
+
+Fixes: 648fea128476 ("ASoC: SOF: ipc4-topology: set copier output format for process module")
+Signed-off-by: Peter Ujfalusi <peter.ujfalusi@linux.intel.com>
+Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Reviewed-by: Seppo Ingalsuo <seppo.ingalsuo@linux.intel.com>
+Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
+Cc: stable@vger.kernel.org
+Link: https://msgid.link/r/20240529121201.14687-1-peter.ujfalusi@linux.intel.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/sof/ipc4-topology.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/sound/soc/sof/ipc4-topology.c
++++ b/sound/soc/sof/ipc4-topology.c
+@@ -217,6 +217,14 @@ sof_ipc4_get_input_pin_audio_fmt(struct
+ }
+
+ process = swidget->private;
++
++ /*
++ * For process modules without base config extension, base module config
++ * format is used for all input pins
++ */
++ if (process->init_config != SOF_IPC4_MODULE_INIT_CONFIG_TYPE_BASE_CFG_WITH_EXT)
++ return &process->base_config.audio_fmt;
++
+ base_cfg_ext = process->base_config_ext;
+
+ /*
--- /dev/null
+From 0c0b4a49d3e7f49690a6827a41faeffad5df7e21 Mon Sep 17 00:00:00 2001
+From: Baokun Li <libaokun1@huawei.com>
+Date: Sat, 4 May 2024 15:55:25 +0800
+Subject: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
+
+From: Baokun Li <libaokun1@huawei.com>
+
+commit 0c0b4a49d3e7f49690a6827a41faeffad5df7e21 upstream.
+
+Syzbot reports a warning as follows:
+
+============================================
+WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290
+Modules linked in:
+CPU: 0 PID: 5075 Comm: syz-executor199 Not tainted 6.9.0-rc6-gb947cc5bf6d7
+RIP: 0010:mb_cache_destroy+0x224/0x290 fs/mbcache.c:419
+Call Trace:
+ <TASK>
+ ext4_put_super+0x6d4/0xcd0 fs/ext4/super.c:1375
+ generic_shutdown_super+0x136/0x2d0 fs/super.c:641
+ kill_block_super+0x44/0x90 fs/super.c:1675
+ ext4_kill_sb+0x68/0xa0 fs/ext4/super.c:7327
+[...]
+============================================
+
+This is because when finding an entry in ext4_xattr_block_cache_find(), if
+ext4_sb_bread() returns -ENOMEM, the ce's e_refcnt, which has already grown
+in the __entry_find(), won't be put away, and eventually trigger the above
+issue in mb_cache_destroy() due to reference count leakage.
+
+So call mb_cache_entry_put() on the -ENOMEM error branch as a quick fix.
+
+Reported-by: syzbot+dd43bd0f7474512edc47@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=dd43bd0f7474512edc47
+Fixes: fb265c9cb49e ("ext4: add ext4_sb_bread() to disambiguate ENOMEM cases")
+Cc: stable@kernel.org
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20240504075526.2254349-2-libaokun@huaweicloud.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/xattr.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/ext4/xattr.c
++++ b/fs/ext4/xattr.c
+@@ -3113,8 +3113,10 @@ ext4_xattr_block_cache_find(struct inode
+
+ bh = ext4_sb_bread(inode->i_sb, ce->e_value, REQ_PRIO);
+ if (IS_ERR(bh)) {
+- if (PTR_ERR(bh) == -ENOMEM)
++ if (PTR_ERR(bh) == -ENOMEM) {
++ mb_cache_entry_put(ea_block_cache, ce);
+ return NULL;
++ }
+ bh = NULL;
+ EXT4_ERROR_INODE(inode, "block %lu read error",
+ (unsigned long)ce->e_value);
--- /dev/null
+From c2a09f3d782de952f09a3962d03b939e7fa7ffa4 Mon Sep 17 00:00:00 2001
+From: "Ritesh Harjani (IBM)" <ritesh.list@gmail.com>
+Date: Thu, 29 Feb 2024 11:40:13 +0530
+Subject: ext4: Fixes len calculation in mpage_journal_page_buffers
+
+From: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
+
+commit c2a09f3d782de952f09a3962d03b939e7fa7ffa4 upstream.
+
+Truncate operation can race with writeback, in which inode->i_size can get
+truncated and therefore size - folio_pos() can be negative. This fixes the
+len calculation. However this path doesn't get easily triggered even
+with data journaling.
+
+Cc: stable@kernel.org # v6.5
+Fixes: 80be8c5cc925 ("Fixes: ext4: Make mpage_journal_page_buffers use folio")
+Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/cff4953b5c9306aba71e944ab176a5d396b9a1b7.1709182250.git.ritesh.list@gmail.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/inode.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ext4/inode.c
++++ b/fs/ext4/inode.c
+@@ -2334,7 +2334,7 @@ static int mpage_journal_page_buffers(ha
+
+ if (folio_pos(folio) + len > size &&
+ !ext4_verity_in_progress(inode))
+- len = size - folio_pos(folio);
++ len = size & (len - 1);
+
+ return ext4_journal_folio_buffers(handle, folio, len);
+ }
--- /dev/null
+From 9a9f3a9842927e4af7ca10c19c94dad83bebd713 Mon Sep 17 00:00:00 2001
+From: Baokun Li <libaokun1@huawei.com>
+Date: Tue, 19 Mar 2024 19:33:23 +0800
+Subject: ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow
+
+From: Baokun Li <libaokun1@huawei.com>
+
+commit 9a9f3a9842927e4af7ca10c19c94dad83bebd713 upstream.
+
+Now ac_groups_linear_remaining is of type __u16 and s_mb_max_linear_groups
+is of type unsigned int, so an overflow occurs when setting a value above
+65535 through the mb_max_linear_groups sysfs interface. Therefore, the
+type of ac_groups_linear_remaining is set to __u32 to avoid overflow.
+
+Fixes: 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning")
+CC: stable@kernel.org
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Zhang Yi <yi.zhang@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20240319113325.3110393-8-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/mballoc.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/ext4/mballoc.h
++++ b/fs/ext4/mballoc.h
+@@ -193,8 +193,8 @@ struct ext4_allocation_context {
+ ext4_grpblk_t ac_orig_goal_len;
+
+ __u32 ac_flags; /* allocation hints */
++ __u32 ac_groups_linear_remaining;
+ __u16 ac_groups_scanned;
+- __u16 ac_groups_linear_remaining;
+ __u16 ac_found;
+ __u16 ac_cX_found[EXT4_MB_NUM_CRS];
+ __u16 ac_tail;
--- /dev/null
+From b84a8aba806261d2f759ccedf4a2a6a80a5e55ba Mon Sep 17 00:00:00 2001
+From: "dicken.ding" <dicken.ding@mediatek.com>
+Date: Fri, 24 May 2024 17:17:39 +0800
+Subject: genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
+
+From: dicken.ding <dicken.ding@mediatek.com>
+
+commit b84a8aba806261d2f759ccedf4a2a6a80a5e55ba upstream.
+
+irq_find_at_or_after() dereferences the interrupt descriptor which is
+returned by mt_find() while neither holding sparse_irq_lock nor RCU read
+lock, which means the descriptor can be freed between mt_find() and the
+dereference:
+
+ CPU0 CPU1
+ desc = mt_find()
+ delayed_free_desc(desc)
+ irq_desc_get_irq(desc)
+
+The use-after-free is reported by KASAN:
+
+ Call trace:
+ irq_get_next_irq+0x58/0x84
+ show_stat+0x638/0x824
+ seq_read_iter+0x158/0x4ec
+ proc_reg_read_iter+0x94/0x12c
+ vfs_read+0x1e0/0x2c8
+
+ Freed by task 4471:
+ slab_free_freelist_hook+0x174/0x1e0
+ __kmem_cache_free+0xa4/0x1dc
+ kfree+0x64/0x128
+ irq_kobj_release+0x28/0x3c
+ kobject_put+0xcc/0x1e0
+ delayed_free_desc+0x14/0x2c
+ rcu_do_batch+0x214/0x720
+
+Guard the access with a RCU read lock section.
+
+Fixes: 721255b9826b ("genirq: Use a maple tree for interrupt descriptor management")
+Signed-off-by: dicken.ding <dicken.ding@mediatek.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20240524091739.31611-1-dicken.ding@mediatek.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/irq/irqdesc.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/kernel/irq/irqdesc.c
++++ b/kernel/irq/irqdesc.c
+@@ -160,7 +160,10 @@ static int irq_find_free_area(unsigned i
+ static unsigned int irq_find_at_or_after(unsigned int offset)
+ {
+ unsigned long index = offset;
+- struct irq_desc *desc = mt_find(&sparse_irqs, &index, nr_irqs);
++ struct irq_desc *desc;
++
++ guard(rcu)();
++ desc = mt_find(&sparse_irqs, &index, nr_irqs);
+
+ return desc ? irq_desc_get_irq(desc) : nr_irqs;
+ }
--- /dev/null
+From a94ff8e50c20bde6d50864849a98b106e45d30c6 Mon Sep 17 00:00:00 2001
+From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
+Date: Thu, 23 May 2024 17:47:14 +0200
+Subject: hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
+
+From: Javier Carrasco <javier.carrasco.cruz@gmail.com>
+
+commit a94ff8e50c20bde6d50864849a98b106e45d30c6 upstream.
+
+A new error path was added to the fwnode_for_each_available_node() loop
+in ltc2992_parse_dt(), which leads to an early return that requires a
+call to fwnode_handle_put() to avoid a memory leak in that case.
+
+Add the missing fwnode_handle_put() in the error path from a zero value
+shunt resistor.
+
+Cc: stable@vger.kernel.org
+Fixes: 10b029020487 ("hwmon: (ltc2992) Avoid division by zero")
+Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com>
+Link: https://lore.kernel.org/r/20240523-fwnode_for_each_available_child_node_scoped-v2-1-701f3a03f2fb@gmail.com
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hwmon/ltc2992.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/hwmon/ltc2992.c
++++ b/drivers/hwmon/ltc2992.c
+@@ -876,9 +876,11 @@ static int ltc2992_parse_dt(struct ltc29
+
+ ret = fwnode_property_read_u32(child, "shunt-resistor-micro-ohms", &val);
+ if (!ret) {
+- if (!val)
++ if (!val) {
++ fwnode_handle_put(child);
+ return dev_err_probe(&st->client->dev, -EINVAL,
+ "shunt resistor value cannot be zero\n");
++ }
+ st->r_sense_uohm[addr] = val;
+ }
+ }
--- /dev/null
+From 38baed9b8600008e5d7bc8cb9ceccc1af3dd54b7 Mon Sep 17 00:00:00 2001
+From: Frank Li <Frank.Li@nxp.com>
+Date: Mon, 6 May 2024 12:40:09 -0400
+Subject: i3c: master: svc: fix invalidate IBI type and miss call client IBI handler
+
+From: Frank Li <Frank.Li@nxp.com>
+
+commit 38baed9b8600008e5d7bc8cb9ceccc1af3dd54b7 upstream.
+
+In an In-Band Interrupt (IBI) handle, the code logic is as follows:
+
+1: writel(SVC_I3C_MCTRL_REQUEST_AUTO_IBI | SVC_I3C_MCTRL_IBIRESP_AUTO,
+ master->regs + SVC_I3C_MCTRL);
+
+2: ret = readl_relaxed_poll_timeout(master->regs + SVC_I3C_MSTATUS, val,
+ SVC_I3C_MSTATUS_IBIWON(val), 0, 1000);
+ ...
+3: ibitype = SVC_I3C_MSTATUS_IBITYPE(status);
+ ibiaddr = SVC_I3C_MSTATUS_IBIADDR(status);
+
+SVC_I3C_MSTATUS_IBIWON may be set before step 1. Thus, step 2 will return
+immediately, and the I3C controller has not sent out the 9th SCL yet.
+Consequently, ibitype and ibiaddr are 0, resulting in an unknown IBI type
+occurrence and missing call I3C client driver's IBI handler.
+
+A typical case is that SVC_I3C_MSTATUS_IBIWON is set when an IBI occurs
+during the controller send start frame in svc_i3c_master_xfer().
+
+Clear SVC_I3C_MSTATUS_IBIWON before issue SVC_I3C_MCTRL_REQUEST_AUTO_IBI
+to fix this issue.
+
+Cc: stable@vger.kernel.org
+Fixes: 5e5e3c92e748 ("i3c: master: svc: fix wrong data return when IBI happen during start frame")
+Signed-off-by: Frank Li <Frank.Li@nxp.com>
+Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Link: https://lore.kernel.org/r/20240506164009.21375-3-Frank.Li@nxp.com
+Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/i3c/master/svc-i3c-master.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+--- a/drivers/i3c/master/svc-i3c-master.c
++++ b/drivers/i3c/master/svc-i3c-master.c
+@@ -415,6 +415,19 @@ static void svc_i3c_master_ibi_work(stru
+ int ret;
+
+ mutex_lock(&master->lock);
++ /*
++ * IBIWON may be set before SVC_I3C_MCTRL_REQUEST_AUTO_IBI, causing
++ * readl_relaxed_poll_timeout() to return immediately. Consequently,
++ * ibitype will be 0 since it was last updated only after the 8th SCL
++ * cycle, leading to missed client IBI handlers.
++ *
++ * A typical scenario is when IBIWON occurs and bus arbitration is lost
++ * at svc_i3c_master_priv_xfers().
++ *
++ * Clear SVC_I3C_MINT_IBIWON before sending SVC_I3C_MCTRL_REQUEST_AUTO_IBI.
++ */
++ writel(SVC_I3C_MINT_IBIWON, master->regs + SVC_I3C_MSTATUS);
++
+ /* Acknowledge the incoming interrupt with the AUTOIBI mechanism */
+ writel(SVC_I3C_MCTRL_REQUEST_AUTO_IBI |
+ SVC_I3C_MCTRL_IBIRESP_AUTO,
+@@ -429,9 +442,6 @@ static void svc_i3c_master_ibi_work(stru
+ goto reenable_ibis;
+ }
+
+- /* Clear the interrupt status */
+- writel(SVC_I3C_MINT_IBIWON, master->regs + SVC_I3C_MSTATUS);
+-
+ status = readl(master->regs + SVC_I3C_MSTATUS);
+ ibitype = SVC_I3C_MSTATUS_IBITYPE(status);
+ ibiaddr = SVC_I3C_MSTATUS_IBIADDR(status);
--- /dev/null
+From d4a599910193b85f76c100e30d8551c8794f8c2a Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Wed, 15 May 2024 14:53:25 +0200
+Subject: parisc: Define HAVE_ARCH_HUGETLB_UNMAPPED_AREA
+
+From: Helge Deller <deller@gmx.de>
+
+commit d4a599910193b85f76c100e30d8551c8794f8c2a upstream.
+
+Define the HAVE_ARCH_HUGETLB_UNMAPPED_AREA macro like other platforms do in
+their page.h files to avoid this compile warning:
+arch/parisc/mm/hugetlbpage.c:25:1: warning: no previous prototype for 'hugetlb_get_unmapped_area' [-Wmissing-prototypes]
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: stable@vger.kernel.org # 6.0+
+Reported-by: John David Anglin <dave.anglin@bell.net>
+Tested-by: John David Anglin <dave.anglin@bell.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/parisc/include/asm/page.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/parisc/include/asm/page.h
++++ b/arch/parisc/include/asm/page.h
+@@ -8,6 +8,7 @@
+ #define PAGE_SIZE (_AC(1,UL) << PAGE_SHIFT)
+ #define PAGE_MASK (~(PAGE_SIZE-1))
+
++#define HAVE_ARCH_HUGETLB_UNMAPPED_AREA
+
+ #ifndef __ASSEMBLY__
+
--- /dev/null
+From 487fa28fa8b60417642ac58e8beda6e2509d18f9 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@kernel.org>
+Date: Sat, 27 Apr 2024 19:43:51 +0200
+Subject: parisc: Define sigset_t in parisc uapi header
+
+From: Helge Deller <deller@kernel.org>
+
+commit 487fa28fa8b60417642ac58e8beda6e2509d18f9 upstream.
+
+The util-linux debian package fails to build on parisc, because
+sigset_t isn't defined in asm/signal.h when included from userspace.
+Move the sigset_t type from internal header to the uapi header to fix the
+build.
+
+Link: https://buildd.debian.org/status/fetch.php?pkg=util-linux&arch=hppa&ver=2.40-7&stamp=1714163443&raw=0
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: stable@vger.kernel.org # v6.0+
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/parisc/include/asm/signal.h | 12 ------------
+ arch/parisc/include/uapi/asm/signal.h | 10 ++++++++++
+ 2 files changed, 10 insertions(+), 12 deletions(-)
+
+--- a/arch/parisc/include/asm/signal.h
++++ b/arch/parisc/include/asm/signal.h
+@@ -4,23 +4,11 @@
+
+ #include <uapi/asm/signal.h>
+
+-#define _NSIG 64
+-/* bits-per-word, where word apparently means 'long' not 'int' */
+-#define _NSIG_BPW BITS_PER_LONG
+-#define _NSIG_WORDS (_NSIG / _NSIG_BPW)
+-
+ # ifndef __ASSEMBLY__
+
+ /* Most things should be clean enough to redefine this at will, if care
+ is taken to make libc match. */
+
+-typedef unsigned long old_sigset_t; /* at least 32 bits */
+-
+-typedef struct {
+- /* next_signal() assumes this is a long - no choice */
+- unsigned long sig[_NSIG_WORDS];
+-} sigset_t;
+-
+ #include <asm/sigcontext.h>
+
+ #endif /* !__ASSEMBLY */
+--- a/arch/parisc/include/uapi/asm/signal.h
++++ b/arch/parisc/include/uapi/asm/signal.h
+@@ -57,10 +57,20 @@
+
+ #include <asm-generic/signal-defs.h>
+
++#define _NSIG 64
++#define _NSIG_BPW (sizeof(unsigned long) * 8)
++#define _NSIG_WORDS (_NSIG / _NSIG_BPW)
++
+ # ifndef __ASSEMBLY__
+
+ # include <linux/types.h>
+
++typedef unsigned long old_sigset_t; /* at least 32 bits */
++
++typedef struct {
++ unsigned long sig[_NSIG_WORDS];
++} sigset_t;
++
+ /* Avoid too many header ordering problems. */
+ struct siginfo;
+
--- /dev/null
+From 0f74c64f0a9f6e1e7cf17bea3d4350fa6581e0d7 Mon Sep 17 00:00:00 2001
+From: Shengyu Qu <wiagn233@outlook.com>
+Date: Thu, 7 Mar 2024 20:21:12 +0800
+Subject: riscv: dts: starfive: Remove PMIC interrupt info for Visionfive 2 board
+
+From: Shengyu Qu <wiagn233@outlook.com>
+
+commit 0f74c64f0a9f6e1e7cf17bea3d4350fa6581e0d7 upstream.
+
+Interrupt line number of the AXP15060 PMIC is not a necessary part of
+its device tree. Originally the binding required one, so the dts patch
+added an invalid interrupt that the driver ignored (0) as the interrupt
+line of the PMIC is not actually connected on this platform. This went
+unnoticed during review as it would have been a valid interrupt for a
+GPIO controller, but it is not for the PLIC. The PLIC, on this platform
+at least, silently ignores the enablement of interrupt 0. Bo Gan is
+running a modified version of OpenSBI that faults if writes are done to
+reserved fields, so their kernel runs into problems.
+
+Delete the invalid interrupt from the device tree.
+
+Cc: stable@vger.kernel.org
+Reported-by: Bo Gan <ganboing@gmail.com>
+Link: https://lore.kernel.org/all/c8b6e960-2459-130f-e4e4-7c9c2ebaa6d3@gmail.com/
+Signed-off-by: Shengyu Qu <wiagn233@outlook.com>
+Fixes: 2378341504de ("riscv: dts: starfive: Enable axp15060 pmic for cpufreq")
+[conor: rewrite the commit message to add more detail]
+Signed-off-by: Conor Dooley <conor.dooley@microchip.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi
++++ b/arch/riscv/boot/dts/starfive/jh7110-starfive-visionfive-2.dtsi
+@@ -238,7 +238,6 @@
+ axp15060: pmic@36 {
+ compatible = "x-powers,axp15060";
+ reg = <0x36>;
+- interrupts = <0>;
+ interrupt-controller;
+ #interrupt-cells = <1>;
+
--- /dev/null
+From 7bed51617401dab2be930b13ed5aacf581f7c8ef Mon Sep 17 00:00:00 2001
+From: Nam Cao <namcao@linutronix.de>
+Date: Sun, 26 May 2024 13:01:04 +0200
+Subject: riscv: enable HAVE_ARCH_HUGE_VMAP for XIP kernel
+
+From: Nam Cao <namcao@linutronix.de>
+
+commit 7bed51617401dab2be930b13ed5aacf581f7c8ef upstream.
+
+HAVE_ARCH_HUGE_VMAP also works on XIP kernel, so remove its dependency on
+!XIP_KERNEL.
+
+This also fixes a boot problem for XIP kernel introduced by the commit in
+"Fixes:". This commit used huge page mapping for vmemmap, but huge page
+vmap was not enabled for XIP kernel.
+
+Fixes: ff172d4818ad ("riscv: Use hugepage mappings for vmemmap")
+Signed-off-by: Nam Cao <namcao@linutronix.de>
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
+Link: https://lore.kernel.org/r/20240526110104.470429-1-namcao@linutronix.de
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/riscv/Kconfig
++++ b/arch/riscv/Kconfig
+@@ -103,7 +103,7 @@ config RISCV
+ select HAS_IOPORT if MMU
+ select HAVE_ARCH_AUDITSYSCALL
+ select HAVE_ARCH_HUGE_VMALLOC if HAVE_ARCH_HUGE_VMAP
+- select HAVE_ARCH_HUGE_VMAP if MMU && 64BIT && !XIP_KERNEL
++ select HAVE_ARCH_HUGE_VMAP if MMU && 64BIT
+ select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL
+ select HAVE_ARCH_JUMP_LABEL_RELATIVE if !XIP_KERNEL
+ select HAVE_ARCH_KASAN if MMU && 64BIT
--- /dev/null
+From d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9 Mon Sep 17 00:00:00 2001
+From: Harald Freudenberger <freude@linux.ibm.com>
+Date: Mon, 13 May 2024 14:49:13 +0200
+Subject: s390/ap: Fix crash in AP internal function modify_bitmap()
+
+From: Harald Freudenberger <freude@linux.ibm.com>
+
+commit d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9 upstream.
+
+A system crash like this
+
+ Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403
+ Fault in home space mode while using kernel ASCE.
+ AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d
+ Oops: 0038 ilc:3 [#1] PREEMPT SMP
+ Modules linked in: mlx5_ib ...
+ CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8
+ Hardware name: IBM 3931 A01 704 (LPAR)
+ Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)
+ R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
+ Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3
+ 000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0
+ 000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff
+ 000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8
+ Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a
+ 0000014b75e7b600: 18b2 lr %r11,%r2
+ #0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616
+ >0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13)
+ 0000014b75e7b60c: a7680001 lhi %r6,1
+ 0000014b75e7b610: 187b lr %r7,%r11
+ 0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654
+ 0000014b75e7b616: 18e9 lr %r14,%r9
+ Call Trace:
+ [<0000014b75e7b606>] ap_parse_bitmap_str+0x10e/0x1f8
+ ([<0000014b75e7b5dc>] ap_parse_bitmap_str+0xe4/0x1f8)
+ [<0000014b75e7b758>] apmask_store+0x68/0x140
+ [<0000014b75679196>] kernfs_fop_write_iter+0x14e/0x1e8
+ [<0000014b75598524>] vfs_write+0x1b4/0x448
+ [<0000014b7559894c>] ksys_write+0x74/0x100
+ [<0000014b7618a440>] __do_syscall+0x268/0x328
+ [<0000014b761a3558>] system_call+0x70/0x98
+ INFO: lockdep is turned off.
+ Last Breaking-Event-Address:
+ [<0000014b75e7b636>] ap_parse_bitmap_str+0x13e/0x1f8
+ Kernel panic - not syncing: Fatal exception: panic_on_oops
+
+occured when /sys/bus/ap/a[pq]mask was updated with a relative mask value
+(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.
+
+The fix is simple: use unsigned long values for the internal variables. The
+correct checks are already in place in the function but a simple int for
+the internal variables was used with the possibility to overflow.
+
+Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com>
+Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
+Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com>
+Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/s390/crypto/ap_bus.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/s390/crypto/ap_bus.c
++++ b/drivers/s390/crypto/ap_bus.c
+@@ -1129,7 +1129,7 @@ static int hex2bitmap(const char *str, u
+ */
+ static int modify_bitmap(const char *str, unsigned long *bitmap, int bits)
+ {
+- int a, i, z;
++ unsigned long a, i, z;
+ char *np, sign;
+
+ /* bits needs to be a multiple of 8 */
--- /dev/null
+From 32e8bd6423fc127d2b37bdcf804fd76af3bbec79 Mon Sep 17 00:00:00 2001
+From: Harald Freudenberger <freude@linux.ibm.com>
+Date: Tue, 14 May 2024 10:09:32 +0200
+Subject: s390/cpacf: Make use of invalid opcode produce a link error
+
+From: Harald Freudenberger <freude@linux.ibm.com>
+
+commit 32e8bd6423fc127d2b37bdcf804fd76af3bbec79 upstream.
+
+Instead of calling BUG() at runtime introduce and use a prototype for a
+non-existing function to produce a link error during compile when a not
+supported opcode is used with the __cpacf_query() or __cpacf_check_opcode()
+inline functions.
+
+Suggested-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
+Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
+Reviewed-by: Juergen Christ <jchrist@linux.ibm.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/include/asm/cpacf.h | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+--- a/arch/s390/include/asm/cpacf.h
++++ b/arch/s390/include/asm/cpacf.h
+@@ -166,6 +166,13 @@
+
+ typedef struct { unsigned char bytes[16]; } cpacf_mask_t;
+
++/*
++ * Prototype for a not existing function to produce a link
++ * error if __cpacf_query() or __cpacf_check_opcode() is used
++ * with an invalid compile time const opcode.
++ */
++void __cpacf_bad_opcode(void);
++
+ static __always_inline void __cpacf_query_rre(u32 opc, u8 r1, u8 r2,
+ cpacf_mask_t *mask)
+ {
+@@ -237,7 +244,7 @@ static __always_inline void __cpacf_quer
+ __cpacf_query_rre(CPACF_PRNO, 2, 4, mask);
+ break;
+ default:
+- BUG();
++ __cpacf_bad_opcode();
+ }
+ }
+
+@@ -262,7 +269,8 @@ static __always_inline int __cpacf_check
+ case CPACF_KMA:
+ return test_facility(146); /* check for MSA8 */
+ default:
+- BUG();
++ __cpacf_bad_opcode();
++ return 0;
+ }
+ }
+
--- /dev/null
+From 830999bd7e72f4128b9dfa37090d9fa8120ce323 Mon Sep 17 00:00:00 2001
+From: Harald Freudenberger <freude@linux.ibm.com>
+Date: Fri, 3 May 2024 11:31:42 +0200
+Subject: s390/cpacf: Split and rework cpacf query functions
+
+From: Harald Freudenberger <freude@linux.ibm.com>
+
+commit 830999bd7e72f4128b9dfa37090d9fa8120ce323 upstream.
+
+Rework the cpacf query functions to use the correct RRE
+or RRF instruction formats and set register fields within
+instructions correctly.
+
+Fixes: 1afd43e0fbba ("s390/crypto: allow to query all known cpacf functions")
+Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
+Suggested-by: Heiko Carstens <hca@linux.ibm.com>
+Suggested-by: Juergen Christ <jchrist@linux.ibm.com>
+Suggested-by: Holger Dengler <dengler@linux.ibm.com>
+Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
+Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
+Reviewed-by: Juergen Christ <jchrist@linux.ibm.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/include/asm/cpacf.h | 101 +++++++++++++++++++++++++++++++++---------
+ 1 file changed, 81 insertions(+), 20 deletions(-)
+
+--- a/arch/s390/include/asm/cpacf.h
++++ b/arch/s390/include/asm/cpacf.h
+@@ -166,28 +166,79 @@
+
+ typedef struct { unsigned char bytes[16]; } cpacf_mask_t;
+
+-/**
+- * cpacf_query() - check if a specific CPACF function is available
+- * @opcode: the opcode of the crypto instruction
+- * @func: the function code to test for
+- *
+- * Executes the query function for the given crypto instruction @opcode
+- * and checks if @func is available
+- *
+- * Returns 1 if @func is available for @opcode, 0 otherwise
+- */
+-static __always_inline void __cpacf_query(unsigned int opcode, cpacf_mask_t *mask)
++static __always_inline void __cpacf_query_rre(u32 opc, u8 r1, u8 r2,
++ cpacf_mask_t *mask)
++{
++ asm volatile(
++ " la %%r1,%[mask]\n"
++ " xgr %%r0,%%r0\n"
++ " .insn rre,%[opc] << 16,%[r1],%[r2]\n"
++ : [mask] "=R" (*mask)
++ : [opc] "i" (opc),
++ [r1] "i" (r1), [r2] "i" (r2)
++ : "cc", "r0", "r1");
++}
++
++static __always_inline void __cpacf_query_rrf(u32 opc,
++ u8 r1, u8 r2, u8 r3, u8 m4,
++ cpacf_mask_t *mask)
+ {
+ asm volatile(
+- " lghi 0,0\n" /* query function */
+- " lgr 1,%[mask]\n"
+- " spm 0\n" /* pckmo doesn't change the cc */
+- /* Parameter regs are ignored, but must be nonzero and unique */
+- "0: .insn rrf,%[opc] << 16,2,4,6,0\n"
+- " brc 1,0b\n" /* handle partial completion */
+- : "=m" (*mask)
+- : [mask] "d" ((unsigned long)mask), [opc] "i" (opcode)
+- : "cc", "0", "1");
++ " la %%r1,%[mask]\n"
++ " xgr %%r0,%%r0\n"
++ " .insn rrf,%[opc] << 16,%[r1],%[r2],%[r3],%[m4]\n"
++ : [mask] "=R" (*mask)
++ : [opc] "i" (opc), [r1] "i" (r1), [r2] "i" (r2),
++ [r3] "i" (r3), [m4] "i" (m4)
++ : "cc", "r0", "r1");
++}
++
++static __always_inline void __cpacf_query(unsigned int opcode,
++ cpacf_mask_t *mask)
++{
++ switch (opcode) {
++ case CPACF_KDSA:
++ __cpacf_query_rre(CPACF_KDSA, 0, 2, mask);
++ break;
++ case CPACF_KIMD:
++ __cpacf_query_rre(CPACF_KIMD, 0, 2, mask);
++ break;
++ case CPACF_KLMD:
++ __cpacf_query_rre(CPACF_KLMD, 0, 2, mask);
++ break;
++ case CPACF_KM:
++ __cpacf_query_rre(CPACF_KM, 2, 4, mask);
++ break;
++ case CPACF_KMA:
++ __cpacf_query_rrf(CPACF_KMA, 2, 4, 6, 0, mask);
++ break;
++ case CPACF_KMAC:
++ __cpacf_query_rre(CPACF_KMAC, 0, 2, mask);
++ break;
++ case CPACF_KMC:
++ __cpacf_query_rre(CPACF_KMC, 2, 4, mask);
++ break;
++ case CPACF_KMCTR:
++ __cpacf_query_rrf(CPACF_KMCTR, 2, 4, 6, 0, mask);
++ break;
++ case CPACF_KMF:
++ __cpacf_query_rre(CPACF_KMF, 2, 4, mask);
++ break;
++ case CPACF_KMO:
++ __cpacf_query_rre(CPACF_KMO, 2, 4, mask);
++ break;
++ case CPACF_PCC:
++ __cpacf_query_rre(CPACF_PCC, 0, 0, mask);
++ break;
++ case CPACF_PCKMO:
++ __cpacf_query_rre(CPACF_PCKMO, 0, 0, mask);
++ break;
++ case CPACF_PRNO:
++ __cpacf_query_rre(CPACF_PRNO, 2, 4, mask);
++ break;
++ default:
++ BUG();
++ }
+ }
+
+ static __always_inline int __cpacf_check_opcode(unsigned int opcode)
+@@ -215,6 +266,16 @@ static __always_inline int __cpacf_check
+ }
+ }
+
++/**
++ * cpacf_query() - check if a specific CPACF function is available
++ * @opcode: the opcode of the crypto instruction
++ * @func: the function code to test for
++ *
++ * Executes the query function for the given crypto instruction @opcode
++ * and checks if @func is available
++ *
++ * Returns 1 if @func is available for @opcode, 0 otherwise
++ */
+ static __always_inline int cpacf_query(unsigned int opcode, cpacf_mask_t *mask)
+ {
+ if (__cpacf_check_opcode(opcode)) {
revert-perf-record-reduce-memory-for-recording-perf_record_lost_samples-event.patch
e1000e-move-force-smbus-near-the-end-of-enable_ulp-function.patch
sparc-move-struct-termio-to-asm-termios.h.patch
+ext4-fixes-len-calculation-in-mpage_journal_page_buffers.patch
+ext4-set-type-of-ac_groups_linear_remaining-to-__u32-to-avoid-overflow.patch
+ext4-fix-mb_cache_entry-s-e_refcnt-leak-in-ext4_xattr_block_cache_find.patch
+riscv-dts-starfive-remove-pmic-interrupt-info-for-visionfive-2-board.patch
+arm-dts-samsung-smdkv310-fix-keypad-no-autorepeat.patch
+arm-dts-samsung-smdk4412-fix-keypad-no-autorepeat.patch
+arm-dts-samsung-exynos4412-origen-fix-keypad-no-autorepeat.patch
+parisc-define-have_arch_hugetlb_unmapped_area.patch
+parisc-define-sigset_t-in-parisc-uapi-header.patch
+s390-ap-fix-crash-in-ap-internal-function-modify_bitmap.patch
+s390-cpacf-split-and-rework-cpacf-query-functions.patch
+s390-cpacf-make-use-of-invalid-opcode-produce-a-link-error.patch
+i3c-master-svc-fix-invalidate-ibi-type-and-miss-call-client-ibi-handler.patch
+genirq-irqdesc-prevent-use-after-free-in-irq_find_at_or_after.patch
+hwmon-ltc2992-fix-memory-leak-in-ltc2992_parse_dt.patch
+riscv-enable-have_arch_huge_vmap-for-xip-kernel.patch
+asoc-sof-ipc4-topology-fix-input-format-query-of-process-modules-without-base-extension.patch
+alsa-ump-don-t-clear-bank-selection-after-sending-a-program-change.patch
+alsa-ump-don-t-accept-an-invalid-ump-protocol-number.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
