--- /dev/null
+From c8a96acbd47da6e860dabeee21ea7824302ad35e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 May 2021 08:08:24 +0300
+Subject: ASoC: cs35l33: fix an error code in probe()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 833bc4cf9754643acc69b3c6b65988ca78df4460 ]
+
+This error path returns zero (success) but it should return -EINVAL.
+
+Fixes: 3333cb7187b9 ("ASoC: cs35l33: Initial commit of the cs35l33 CODEC driver.")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Charles Keepax <ckeepax@opensource.cirrus.com>
+Link: https://lore.kernel.org/r/YKXuyGEzhPT35R3G@mwanda
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/codecs/cs35l33.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sound/soc/codecs/cs35l33.c b/sound/soc/codecs/cs35l33.c
+index 6df29fa30fb9..9e449dd8da92 100644
+--- a/sound/soc/codecs/cs35l33.c
++++ b/sound/soc/codecs/cs35l33.c
+@@ -1209,6 +1209,7 @@ static int cs35l33_i2c_probe(struct i2c_client *i2c_client,
+ dev_err(&i2c_client->dev,
+ "CS35L33 Device ID (%X). Expected ID %X\n",
+ devid, CS35L33_CHIP_ID);
++ ret = -EINVAL;
+ goto err_enable;
+ }
+
+--
+2.30.2
+
--- /dev/null
+From 9d79ca7dc0d985868a8822d1587f6f5f46a27721 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 16 May 2021 17:01:08 -0700
+Subject: MIPS: alchemy: xxs1500: add gpio-au1000.h header file
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit ff4cff962a7eedc73e54b5096693da7f86c61346 ]
+
+board-xxs1500.c references 2 functions without declaring them, so add
+the header file to placate the build.
+
+../arch/mips/alchemy/board-xxs1500.c: In function 'board_setup':
+../arch/mips/alchemy/board-xxs1500.c:56:2: error: implicit declaration of function 'alchemy_gpio1_input_enable' [-Werror=implicit-function-declaration]
+ 56 | alchemy_gpio1_input_enable();
+../arch/mips/alchemy/board-xxs1500.c:57:2: error: implicit declaration of function 'alchemy_gpio2_enable'; did you mean 'alchemy_uart_enable'? [-Werror=implicit-function-declaration]
+ 57 | alchemy_gpio2_enable();
+
+Fixes: 8e026910fcd4 ("MIPS: Alchemy: merge GPR/MTX-1/XXS1500 board code into single files")
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Cc: linux-mips@vger.kernel.org
+Cc: Manuel Lauss <manuel.lauss@googlemail.com>
+Cc: Ralf Baechle <ralf@linux-mips.org>
+Acked-by: Manuel Lauss <manuel.lauss@gmail.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/alchemy/board-xxs1500.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/mips/alchemy/board-xxs1500.c b/arch/mips/alchemy/board-xxs1500.c
+index 0fc53e08a894..c05f7376148a 100644
+--- a/arch/mips/alchemy/board-xxs1500.c
++++ b/arch/mips/alchemy/board-xxs1500.c
+@@ -30,6 +30,7 @@
+ #include <asm/bootinfo.h>
+ #include <asm/reboot.h>
+ #include <asm/mach-au1x00/au1000.h>
++#include <asm/mach-au1x00/gpio-au1000.h>
+ #include <prom.h>
+
+ const char *get_system_type(void)
+--
+2.30.2
+
--- /dev/null
+From af4b0aeb552cff6c79e1b6c0a13acc42a078930a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 16 May 2021 17:54:17 -0700
+Subject: MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
+
+From: Randy Dunlap <rdunlap@infradead.org>
+
+[ Upstream commit fef532ea0cd871afab7d9a7b6e9da99ac2c24371 ]
+
+rt2880_wdt.c uses (well, attempts to use) rt_sysc_membase. However,
+when this watchdog driver is built as a loadable module, there is a
+build error since the rt_sysc_membase symbol is not exported.
+Export it to quell the build error.
+
+ERROR: modpost: "rt_sysc_membase" [drivers/watchdog/rt2880_wdt.ko] undefined!
+
+Fixes: 473cf939ff34 ("watchdog: add ralink watchdog driver")
+Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
+Cc: Guenter Roeck <linux@roeck-us.net>
+Cc: Wim Van Sebroeck <wim@iguana.be>
+Cc: John Crispin <john@phrozen.org>
+Cc: linux-mips@vger.kernel.org
+Cc: linux-watchdog@vger.kernel.org
+Acked-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/ralink/of.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/arch/mips/ralink/of.c b/arch/mips/ralink/of.c
+index 0aa67a2d0ae6..6b7226830354 100644
+--- a/arch/mips/ralink/of.c
++++ b/arch/mips/ralink/of.c
+@@ -10,6 +10,7 @@
+
+ #include <linux/io.h>
+ #include <linux/clk.h>
++#include <linux/export.h>
+ #include <linux/init.h>
+ #include <linux/sizes.h>
+ #include <linux/of_fdt.h>
+@@ -27,6 +28,7 @@
+
+ __iomem void *rt_sysc_membase;
+ __iomem void *rt_memc_membase;
++EXPORT_SYMBOL_GPL(rt_sysc_membase);
+
+ __iomem void *plat_of_remap_node(const char *node)
+ {
+--
+2.30.2
+
--- /dev/null
+From 3a1cccf56f48bf5642ddfbf86bb069d9836fb7f0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 16 May 2021 14:44:42 +0000
+Subject: mld: fix panic in mld_newpack()
+
+From: Taehee Yoo <ap420073@gmail.com>
+
+[ Upstream commit 020ef930b826d21c5446fdc9db80fd72a791bc21 ]
+
+mld_newpack() doesn't allow to allocate high order page,
+only order-0 allocation is allowed.
+If headroom size is too large, a kernel panic could occur in skb_put().
+
+Test commands:
+ ip netns del A
+ ip netns del B
+ ip netns add A
+ ip netns add B
+ ip link add veth0 type veth peer name veth1
+ ip link set veth0 netns A
+ ip link set veth1 netns B
+
+ ip netns exec A ip link set lo up
+ ip netns exec A ip link set veth0 up
+ ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0
+ ip netns exec B ip link set lo up
+ ip netns exec B ip link set veth1 up
+ ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1
+ for i in {1..99}
+ do
+ let A=$i-1
+ ip netns exec A ip link add ip6gre$i type ip6gre \
+ local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100
+ ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i
+ ip netns exec A ip link set ip6gre$i up
+
+ ip netns exec B ip link add ip6gre$i type ip6gre \
+ local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100
+ ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i
+ ip netns exec B ip link set ip6gre$i up
+ done
+
+Splat looks like:
+kernel BUG at net/core/skbuff.c:110!
+invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
+CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891
+Workqueue: ipv6_addrconf addrconf_dad_work
+RIP: 0010:skb_panic+0x15d/0x15f
+Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83
+41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89
+34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20
+RSP: 0018:ffff88810091f820 EFLAGS: 00010282
+RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000
+RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb
+RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031
+R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028
+R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0
+FS: 0000000000000000(0000) GS:ffff888117c00000(0000)
+knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600
+ ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600
+ skb_put.cold.104+0x22/0x22
+ ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600
+ ? rcu_read_lock_sched_held+0x91/0xc0
+ mld_newpack+0x398/0x8f0
+ ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600
+ ? lock_contended+0xc40/0xc40
+ add_grhead.isra.33+0x280/0x380
+ add_grec+0x5ca/0xff0
+ ? mld_sendpack+0xf40/0xf40
+ ? lock_downgrade+0x690/0x690
+ mld_send_initial_cr.part.34+0xb9/0x180
+ ipv6_mc_dad_complete+0x15d/0x1b0
+ addrconf_dad_completed+0x8d2/0xbb0
+ ? lock_downgrade+0x690/0x690
+ ? addrconf_rs_timer+0x660/0x660
+ ? addrconf_dad_work+0x73c/0x10e0
+ addrconf_dad_work+0x73c/0x10e0
+
+Allowing high order page allocation could fix this problem.
+
+Fixes: 72e09ad107e7 ("ipv6: avoid high order allocations")
+Signed-off-by: Taehee Yoo <ap420073@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv6/mcast.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
+index f904b9b24027..9a78b89690bd 100644
+--- a/net/ipv6/mcast.c
++++ b/net/ipv6/mcast.c
+@@ -1580,10 +1580,7 @@ static struct sk_buff *mld_newpack(struct inet6_dev *idev, unsigned int mtu)
+ IPV6_TLV_PADN, 0 };
+
+ /* we assume size > sizeof(ra) here */
+- /* limit our allocations to order-0 page */
+- size = min_t(int, size, SKB_MAX_ORDER(0, 0));
+ skb = sock_alloc_send_skb(sk, size, 1, &err);
+-
+ if (!skb)
+ return NULL;
+
+--
+2.30.2
+
--- /dev/null
+From 23380d285ce3062f7b979ecc90f7e7682880c72b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 15 May 2021 15:16:05 +0800
+Subject: net: bnx2: Fix error return code in bnx2_init_board()
+
+From: Zhen Lei <thunder.leizhen@huawei.com>
+
+[ Upstream commit 28c66b6da4087b8cfe81c2ec0a46eb6116dafda9 ]
+
+Fix to return -EPERM from the error handling case instead of 0, as done
+elsewhere in this function.
+
+Fixes: b6016b767397 ("[BNX2]: New Broadcom gigabit network driver.")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
+Reviewed-by: Michael Chan <michael.chan@broadcom.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/broadcom/bnx2.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/broadcom/bnx2.c b/drivers/net/ethernet/broadcom/bnx2.c
+index 1f7034d739b0..e15e487c14dd 100644
+--- a/drivers/net/ethernet/broadcom/bnx2.c
++++ b/drivers/net/ethernet/broadcom/bnx2.c
+@@ -8256,9 +8256,9 @@ bnx2_init_board(struct pci_dev *pdev, struct net_device *dev)
+ BNX2_WR(bp, PCI_COMMAND, reg);
+ } else if ((BNX2_CHIP_ID(bp) == BNX2_CHIP_ID_5706_A1) &&
+ !(bp->flags & BNX2_FLAG_PCIX)) {
+-
+ dev_err(&pdev->dev,
+ "5706 A1 can only be used in a PCIX bus, aborting\n");
++ rc = -EPERM;
+ goto err_out_unmap;
+ }
+
+--
+2.30.2
+
--- /dev/null
+From ebf59fad1f098ba16184092522468aea86894fd8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 13 May 2021 09:24:55 +0200
+Subject: net: mdio: octeon: Fix some double free issues
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit e1d027dd97e1e750669cdc0d3b016a4f54e473eb ]
+
+'bus->mii_bus' has been allocated with 'devm_mdiobus_alloc_size()' in the
+probe function. So it must not be freed explicitly or there will be a
+double free.
+
+Remove the incorrect 'mdiobus_free' in the error handling path of the
+probe function and in remove function.
+
+Suggested-By: Andrew Lunn <andrew@lunn.ch>
+Fixes: 35d2aeac9810 ("phy: mdio-octeon: Use devm_mdiobus_alloc_size()")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Reviewed-by: Russell King <rmk+kernel@armlinux.org.uk>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/phy/mdio-octeon.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/drivers/net/phy/mdio-octeon.c b/drivers/net/phy/mdio-octeon.c
+index ab6914f8bd50..1da104150f44 100644
+--- a/drivers/net/phy/mdio-octeon.c
++++ b/drivers/net/phy/mdio-octeon.c
+@@ -75,7 +75,6 @@ static int octeon_mdiobus_probe(struct platform_device *pdev)
+
+ return 0;
+ fail_register:
+- mdiobus_free(bus->mii_bus);
+ smi_en.u64 = 0;
+ oct_mdio_writeq(smi_en.u64, bus->register_base + SMI_EN);
+ return err;
+@@ -89,7 +88,6 @@ static int octeon_mdiobus_remove(struct platform_device *pdev)
+ bus = platform_get_drvdata(pdev);
+
+ mdiobus_unregister(bus->mii_bus);
+- mdiobus_free(bus->mii_bus);
+ smi_en.u64 = 0;
+ oct_mdio_writeq(smi_en.u64, bus->register_base + SMI_EN);
+ return 0;
+--
+2.30.2
+
--- /dev/null
+From 60ba744592930f6955717103f2872ac8a7e23d8f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 13 May 2021 09:44:49 +0200
+Subject: net: mdio: thunder: Fix a double free issue in the .remove function
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit a93a0a15876d2a077a3bc260b387d2457a051f24 ]
+
+'bus->mii_bus' have been allocated with 'devm_mdiobus_alloc_size()' in the
+probe function. So it must not be freed explicitly or there will be a
+double free.
+
+Remove the incorrect 'mdiobus_free' in the remove function.
+
+Fixes: 379d7ac7ca31 ("phy: mdio-thunder: Add driver for Cavium Thunder SoC MDIO buses.")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Reviewed-by: Russell King <rmk+kernel@armlinux.org.uk>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/phy/mdio-thunder.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/drivers/net/phy/mdio-thunder.c b/drivers/net/phy/mdio-thunder.c
+index 564616968cad..c0c922eff760 100644
+--- a/drivers/net/phy/mdio-thunder.c
++++ b/drivers/net/phy/mdio-thunder.c
+@@ -129,7 +129,6 @@ static void thunder_mdiobus_pci_remove(struct pci_dev *pdev)
+ continue;
+
+ mdiobus_unregister(bus->mii_bus);
+- mdiobus_free(bus->mii_bus);
+ oct_mdio_writeq(0, bus->register_base + SMI_EN);
+ }
+ pci_set_drvdata(pdev, NULL);
+--
+2.30.2
+
--- /dev/null
+From 8b1ff5766fc718633afb414211c9aba5056b36a4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 8 May 2021 07:38:22 +0200
+Subject: net: netcp: Fix an error message
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit ddb6e00f8413e885ff826e32521cff7924661de0 ]
+
+'ret' is known to be 0 here.
+The expected error code is stored in 'tx_pipe->dma_queue', so use it
+instead.
+
+While at it, switch from %d to %pe which is more user friendly.
+
+Fixes: 84640e27f230 ("net: netcp: Add Keystone NetCP core ethernet driver")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/ti/netcp_core.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/ti/netcp_core.c b/drivers/net/ethernet/ti/netcp_core.c
+index 32516661f180..a55e83a0946a 100644
+--- a/drivers/net/ethernet/ti/netcp_core.c
++++ b/drivers/net/ethernet/ti/netcp_core.c
+@@ -1325,8 +1325,8 @@ int netcp_txpipe_open(struct netcp_tx_pipe *tx_pipe)
+ tx_pipe->dma_queue = knav_queue_open(name, tx_pipe->dma_queue_id,
+ KNAV_QUEUE_SHARED);
+ if (IS_ERR(tx_pipe->dma_queue)) {
+- dev_err(dev, "Could not open DMA queue for channel \"%s\": %d\n",
+- name, ret);
++ dev_err(dev, "Could not open DMA queue for channel \"%s\": %pe\n",
++ name, tx_pipe->dma_queue);
+ ret = PTR_ERR(tx_pipe->dma_queue);
+ goto err;
+ }
+--
+2.30.2
+
--- /dev/null
+From aa648a6087cac17663e91a6da696099f88bdd06c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 23 May 2021 14:38:53 +0000
+Subject: sch_dsmark: fix a NULL deref in qdisc_reset()
+
+From: Taehee Yoo <ap420073@gmail.com>
+
+[ Upstream commit 9b76eade16423ef06829cccfe3e100cfce31afcd ]
+
+If Qdisc_ops->init() is failed, Qdisc_ops->reset() would be called.
+When dsmark_init(Qdisc_ops->init()) is failed, it possibly doesn't
+initialize dsmark_qdisc_data->q. But dsmark_reset(Qdisc_ops->reset())
+uses dsmark_qdisc_data->q pointer wihtout any null checking.
+So, panic would occur.
+
+Test commands:
+ sysctl net.core.default_qdisc=dsmark -w
+ ip link add dummy0 type dummy
+ ip link add vw0 link dummy0 type virt_wifi
+ ip link set vw0 up
+
+Splat looks like:
+KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
+CPU: 3 PID: 684 Comm: ip Not tainted 5.12.0+ #910
+RIP: 0010:qdisc_reset+0x2b/0x680
+Code: 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 41 54
+55 48 89 fd 48 83 c7 18 53 48 89 fa 48 c1 ea 03 48 83 ec 20 <80> 3c 02
+00 0f 85 09 06 00 00 4c 8b 65 18 0f 1f 44 00 00 65 8b 1d
+RSP: 0018:ffff88800fda6bf8 EFLAGS: 00010282
+RAX: dffffc0000000000 RBX: ffff8880050ed800 RCX: 0000000000000000
+RDX: 0000000000000003 RSI: ffffffff99e34100 RDI: 0000000000000018
+RBP: 0000000000000000 R08: fffffbfff346b553 R09: fffffbfff346b553
+R10: 0000000000000001 R11: fffffbfff346b552 R12: ffffffffc0824940
+R13: ffff888109e83800 R14: 00000000ffffffff R15: ffffffffc08249e0
+FS: 00007f5042287680(0000) GS:ffff888119800000(0000)
+knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 000055ae1f4dbd90 CR3: 0000000006760002 CR4: 00000000003706e0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ ? rcu_read_lock_bh_held+0xa0/0xa0
+ dsmark_reset+0x3d/0xf0 [sch_dsmark]
+ qdisc_reset+0xa9/0x680
+ qdisc_destroy+0x84/0x370
+ qdisc_create_dflt+0x1fe/0x380
+ attach_one_default_qdisc.constprop.41+0xa4/0x180
+ dev_activate+0x4d5/0x8c0
+ ? __dev_open+0x268/0x390
+ __dev_open+0x270/0x390
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Signed-off-by: Taehee Yoo <ap420073@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/sched/sch_dsmark.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/sched/sch_dsmark.c b/net/sched/sch_dsmark.c
+index 551cf193649e..02ef78d2b3df 100644
+--- a/net/sched/sch_dsmark.c
++++ b/net/sched/sch_dsmark.c
+@@ -388,7 +388,8 @@ static void dsmark_reset(struct Qdisc *sch)
+ struct dsmark_qdisc_data *p = qdisc_priv(sch);
+
+ pr_debug("%s(sch %p,[qdisc %p])\n", __func__, sch, p);
+- qdisc_reset(p->q);
++ if (p->q)
++ qdisc_reset(p->q);
+ sch->qstats.backlog = 0;
+ sch->q.qlen = 0;
+ }
+--
+2.30.2
+
--- /dev/null
+From e4dc6ec4d708e94b2be5a3890f478445775e62a5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 19 May 2021 17:20:27 +0300
+Subject: scsi: libsas: Use _safe() loop in sas_resume_port()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit 8c7e7b8486cda21269d393245883c5e4737d5ee7 ]
+
+If sas_notify_lldd_dev_found() fails then this code calls:
+
+ sas_unregister_dev(port, dev);
+
+which removes "dev", our list iterator, from the list. This could lead to
+an endless loop. We need to use list_for_each_entry_safe().
+
+Link: https://lore.kernel.org/r/YKUeq6gwfGcvvhty@mwanda
+Fixes: 303694eeee5e ("[SCSI] libsas: suspend / resume support")
+Reviewed-by: John Garry <john.garry@huawei.com>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/libsas/sas_port.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/scsi/libsas/sas_port.c b/drivers/scsi/libsas/sas_port.c
+index d3c5297c6c89..30e0730f613e 100644
+--- a/drivers/scsi/libsas/sas_port.c
++++ b/drivers/scsi/libsas/sas_port.c
+@@ -41,7 +41,7 @@ static bool phy_is_wideport_member(struct asd_sas_port *port, struct asd_sas_phy
+
+ static void sas_resume_port(struct asd_sas_phy *phy)
+ {
+- struct domain_device *dev;
++ struct domain_device *dev, *n;
+ struct asd_sas_port *port = phy->port;
+ struct sas_ha_struct *sas_ha = phy->ha;
+ struct sas_internal *si = to_sas_internal(sas_ha->core.shost->transportt);
+@@ -60,7 +60,7 @@ static void sas_resume_port(struct asd_sas_phy *phy)
+ * 1/ presume every device came back
+ * 2/ force the next revalidation to check all expander phys
+ */
+- list_for_each_entry(dev, &port->dev_list, dev_list_node) {
++ list_for_each_entry_safe(dev, n, &port->dev_list, dev_list_node) {
+ int i, rc;
+
+ rc = sas_notify_lldd_dev_found(dev);
+--
+2.30.2
+
btrfs-do-not-bug_on-in-link_to_fixup_dir.patch
platform-x86-intel_punit_ipc-append-module_device_ta.patch
drm-amdgpu-fix-a-use-after-free.patch
+net-netcp-fix-an-error-message.patch
+net-mdio-thunder-fix-a-double-free-issue-in-the-.rem.patch
+net-mdio-octeon-fix-some-double-free-issues.patch
+net-bnx2-fix-error-return-code-in-bnx2_init_board.patch
+mld-fix-panic-in-mld_newpack.patch
+staging-emxx_udc-fix-loop-in-_nbu2ss_nuke.patch
+asoc-cs35l33-fix-an-error-code-in-probe.patch
+scsi-libsas-use-_safe-loop-in-sas_resume_port.patch
+sch_dsmark-fix-a-null-deref-in-qdisc_reset.patch
+mips-alchemy-xxs1500-add-gpio-au1000.h-header-file.patch
+mips-ralink-export-rt_sysc_membase-for-rt2880_wdt.c.patch
--- /dev/null
+From 1843df75bf96019cf3d815847f7fb82dd9878a9c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 19 May 2021 17:16:50 +0300
+Subject: staging: emxx_udc: fix loop in _nbu2ss_nuke()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+[ Upstream commit e0112a7c9e847ada15a631b88e279d547e8f26a7 ]
+
+The _nbu2ss_ep_done() function calls:
+
+ list_del_init(&req->queue);
+
+which means that the loop will never exit.
+
+Fixes: ca3d253eb967 ("Staging: emxx_udc: Iterate list using list_for_each_entry")
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Link: https://lore.kernel.org/r/YKUd0sDyjm/lkJfJ@mwanda
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/staging/emxx_udc/emxx_udc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/staging/emxx_udc/emxx_udc.c b/drivers/staging/emxx_udc/emxx_udc.c
+index 1055649f034c..59266650e071 100644
+--- a/drivers/staging/emxx_udc/emxx_udc.c
++++ b/drivers/staging/emxx_udc/emxx_udc.c
+@@ -2173,7 +2173,7 @@ static int _nbu2ss_nuke(struct nbu2ss_udc *udc,
+ struct nbu2ss_ep *ep,
+ int status)
+ {
+- struct nbu2ss_req *req;
++ struct nbu2ss_req *req, *n;
+
+ /* Endpoint Disable */
+ _nbu2ss_epn_exit(udc, ep);
+@@ -2185,7 +2185,7 @@ static int _nbu2ss_nuke(struct nbu2ss_udc *udc,
+ return 0;
+
+ /* called with irqs blocked */
+- list_for_each_entry(req, &ep->queue, queue) {
++ list_for_each_entry_safe(req, n, &ep->queue, queue) {
+ _nbu2ss_ep_done(ep, req, status);
+ }
+
+--
+2.30.2
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
