--- /dev/null
+From 6cbf8b38dfe3aabe330f2c356949bc4d6a1f034f Mon Sep 17 00:00:00 2001
+From: Jamie Iles <quic_jiles@quicinc.com>
+Date: Tue, 8 Mar 2022 13:42:26 +0000
+Subject: i3c: fix uninitialized variable use in i2c setup
+
+From: Jamie Iles <quic_jiles@quicinc.com>
+
+commit 6cbf8b38dfe3aabe330f2c356949bc4d6a1f034f upstream.
+
+Commit 31b9887c7258 ("i3c: remove i2c board info from i2c_dev_desc")
+removed the boardinfo from i2c_dev_desc to decouple device enumeration from
+setup but did not correctly lookup the i2c_dev_desc to store the new
+device, instead dereferencing an uninitialized variable.
+
+Lookup the device that has already been registered by address to store
+the i2c client device.
+
+Fixes: 31b9887c7258 ("i3c: remove i2c board info from i2c_dev_desc")
+Reported-by: kernel test robot <lkp@intel.com>
+Cc: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Signed-off-by: Jamie Iles <quic_jiles@quicinc.com>
+Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
+Link: https://lore.kernel.org/r/20220308134226.1042367-1-quic_jiles@quicinc.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/i3c/master.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+--- a/drivers/i3c/master.c
++++ b/drivers/i3c/master.c
+@@ -2364,8 +2364,13 @@ static int i3c_master_i2c_adapter_init(s
+ * We silently ignore failures here. The bus should keep working
+ * correctly even if one or more i2c devices are not registered.
+ */
+- list_for_each_entry(i2cboardinfo, &master->boardinfo.i2c, node)
++ list_for_each_entry(i2cboardinfo, &master->boardinfo.i2c, node) {
++ i2cdev = i3c_master_find_i2c_dev_by_addr(master,
++ i2cboardinfo->base.addr);
++ if (WARN_ON(!i2cdev))
++ continue;
+ i2cdev->dev = i2c_new_client_device(adap, &i2cboardinfo->base);
++ }
+
+ return 0;
+ }
--- /dev/null
+From df08c94baafb001de6cf44bb7098bb557f36c335 Mon Sep 17 00:00:00 2001
+From: Nicklas Bo Jensen <njensen@akamai.com>
+Date: Thu, 27 Feb 2025 13:32:34 +0000
+Subject: netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around
+
+From: Nicklas Bo Jensen <njensen@akamai.com>
+
+commit df08c94baafb001de6cf44bb7098bb557f36c335 upstream.
+
+nf_conncount is supposed to skip garbage collection if it has already
+run garbage collection in the same jiffy. Unfortunately, this is broken
+when jiffies wrap around which this patch fixes.
+
+The problem is that last_gc in the nf_conncount_list struct is an u32,
+but jiffies is an unsigned long which is 8 bytes on my systems. When
+those two are compared it only works until last_gc wraps around.
+
+See bug report: https://bugzilla.netfilter.org/show_bug.cgi?id=1778
+for more details.
+
+Fixes: d265929930e2 ("netfilter: nf_conncount: reduce unnecessary GC")
+Signed-off-by: Nicklas Bo Jensen <njensen@akamai.com>
+Reviewed-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_conncount.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/netfilter/nf_conncount.c
++++ b/net/netfilter/nf_conncount.c
+@@ -182,7 +182,7 @@ static int __nf_conncount_add(struct net
+ return -EEXIST;
+ }
+
+- if (time_is_after_eq_jiffies((unsigned long)list->last_gc))
++ if ((u32)jiffies == list->last_gc)
+ goto add_new_node;
+
+ /* check the saved connections */
+@@ -288,7 +288,7 @@ bool nf_conncount_gc_list(struct net *ne
+ bool ret = false;
+
+ /* don't bother if we just did GC */
+- if (time_is_after_eq_jiffies((unsigned long)READ_ONCE(list->last_gc)))
++ if ((u32)jiffies == READ_ONCE(list->last_gc))
+ return false;
+
+ /* don't bother if other cpu is already doing GC */
--- /dev/null
+From 7d70984a1ad4c445dff08edb9aacce8906b6a222 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Thu, 13 Jan 2022 12:22:38 +0100
+Subject: netfilter: nft_connlimit: memleak if nf_ct_netns_get() fails
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 7d70984a1ad4c445dff08edb9aacce8906b6a222 upstream.
+
+Check if nf_ct_netns_get() fails then release the limit object
+previously allocated via kmalloc().
+
+Fixes: 37f319f37d90 ("netfilter: nft_connlimit: move stateful fields out of expression data")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nft_connlimit.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/net/netfilter/nft_connlimit.c
++++ b/net/netfilter/nft_connlimit.c
+@@ -56,6 +56,7 @@ static int nft_connlimit_do_init(const s
+ {
+ bool invert = false;
+ u32 flags, limit;
++ int err;
+
+ if (!tb[NFTA_CONNLIMIT_COUNT])
+ return -EINVAL;
+@@ -78,7 +79,15 @@ static int nft_connlimit_do_init(const s
+ priv->limit = limit;
+ priv->invert = invert;
+
+- return nf_ct_netns_get(ctx->net, ctx->family);
++ err = nf_ct_netns_get(ctx->net, ctx->family);
++ if (err < 0)
++ goto err_netns;
++
++ return 0;
++err_netns:
++ kfree(priv->list);
++
++ return err;
+ }
+
+ static void nft_connlimit_do_destroy(const struct nft_ctx *ctx,
--- /dev/null
+From 2067231a9e2cbbcae0a4aca6ac36ff2dd6a7b701 Mon Sep 17 00:00:00 2001
+From: Sun Ke <sunke32@huawei.com>
+Date: Fri, 12 Aug 2022 09:14:40 +0800
+Subject: NFS: Fix missing unlock in nfs_unlink()
+
+From: Sun Ke <sunke32@huawei.com>
+
+commit 2067231a9e2cbbcae0a4aca6ac36ff2dd6a7b701 upstream.
+
+Add the missing unlock before goto.
+
+Fixes: 3c59366c207e ("NFS: don't unhash dentry during unlink/rename")
+Signed-off-by: Sun Ke <sunke32@huawei.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfs/dir.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -2109,8 +2109,10 @@ int nfs_unlink(struct inode *dir, struct
+ */
+ error = -ETXTBSY;
+ if (WARN_ON(dentry->d_flags & DCACHE_NFSFS_RENAMED) ||
+- WARN_ON(dentry->d_fsdata == NFS_FSDATA_BLOCKED))
++ WARN_ON(dentry->d_fsdata == NFS_FSDATA_BLOCKED)) {
++ spin_unlock(&dentry->d_lock);
+ goto out;
++ }
+ if (dentry->d_fsdata)
+ /* old devname */
+ kfree(dentry->d_fsdata);
usb-gadget-tegra-xudc-always-reinitialize-data-toggle-when-clear-halt.patch
usb-phy-initialize-struct-usb_phy-list_head.patch
alsa-dice-fix-buffer-overflow-in-detect_stream_formats.patch
+nfs-fix-missing-unlock-in-nfs_unlink.patch
+netfilter-nf_conncount-garbage-collection-is-not-skipped-when-jiffies-wrap-around.patch
+i3c-fix-uninitialized-variable-use-in-i2c-setup.patch
+netfilter-nft_connlimit-memleak-if-nf_ct_netns_get-fails.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
