--- /dev/null
+From 9b2f2a172358c9d8f13c0b4eb19cf347f48ca552 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 3 May 2023 16:49:27 +0900
+Subject: 9p: virtio: make sure 'offs' is initialized in zc_request
+
+From: Dominique Martinet <asmadeus@codewreck.org>
+
+[ Upstream commit 4a73edab69d3a6623f03817fe950a2d9585f80e4 ]
+
+Similarly to the previous patch: offs can be used in handle_rerrors
+without initializing on small payloads; in this case handle_rerrors will
+not use it because of the size check, but it doesn't hurt to make sure
+it is zero to please scan-build.
+
+This fixes the following warning:
+net/9p/trans_virtio.c:539:3: warning: 3rd function call argument is an uninitialized value [core.CallAndMessage]
+ handle_rerror(req, in_hdr_len, offs, in_pages);
+ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Reviewed-by: Simon Horman <simon.horman@corigine.com>
+Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
+Signed-off-by: Eric Van Hensbergen <ericvh@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/9p/trans_virtio.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c
+index c6a46e8e9eda5..25f5caa57289b 100644
+--- a/net/9p/trans_virtio.c
++++ b/net/9p/trans_virtio.c
+@@ -401,7 +401,7 @@ p9_virtio_zc_request(struct p9_client *client, struct p9_req_t *req,
+ struct page **in_pages = NULL, **out_pages = NULL;
+ struct virtio_chan *chan = client->trans;
+ struct scatterlist *sgs[4];
+- size_t offs;
++ size_t offs = 0;
+ int need_drop = 0;
+
+ p9_debug(P9_DEBUG_TRANS, "virtio request\n");
+--
+2.40.1
+
--- /dev/null
+From 90c40025f27c2c7db3ec3bcbe45efce9c4adf918 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 12 Jun 2023 14:55:33 +0200
+Subject: ALSA: seq: oss: Fix racy open/close of MIDI devices
+
+From: Takashi Iwai <tiwai@suse.de>
+
+[ Upstream commit 297224fc0922e7385573a30c29ffdabb67f27b7d ]
+
+Although snd_seq_oss_midi_open() and snd_seq_oss_midi_close() can be
+called concurrently from different code paths, we have no proper data
+protection against races. Introduce open_mutex to each seq_oss_midi
+object for avoiding the races.
+
+Reported-by: "Gong, Sishuai" <sishuai@purdue.edu>
+Closes: https://lore.kernel.org/r/7DC9AF71-F481-4ABA-955F-76C535661E33@purdue.edu
+Link: https://lore.kernel.org/r/20230612125533.27461-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/core/seq/oss/seq_oss_midi.c | 35 +++++++++++++++++++------------
+ 1 file changed, 22 insertions(+), 13 deletions(-)
+
+diff --git a/sound/core/seq/oss/seq_oss_midi.c b/sound/core/seq/oss/seq_oss_midi.c
+index cc8f06638edca..7226c03f15934 100644
+--- a/sound/core/seq/oss/seq_oss_midi.c
++++ b/sound/core/seq/oss/seq_oss_midi.c
+@@ -50,6 +50,7 @@ struct seq_oss_midi {
+ struct snd_midi_event *coder; /* MIDI event coder */
+ struct seq_oss_devinfo *devinfo; /* assigned OSSseq device */
+ snd_use_lock_t use_lock;
++ struct mutex open_mutex;
+ };
+
+
+@@ -184,6 +185,7 @@ snd_seq_oss_midi_check_new_port(struct snd_seq_port_info *pinfo)
+ mdev->flags = pinfo->capability;
+ mdev->opened = 0;
+ snd_use_lock_init(&mdev->use_lock);
++ mutex_init(&mdev->open_mutex);
+
+ /* copy and truncate the name of synth device */
+ strlcpy(mdev->name, pinfo->name, sizeof(mdev->name));
+@@ -332,14 +334,16 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
+ int perm;
+ struct seq_oss_midi *mdev;
+ struct snd_seq_port_subscribe subs;
++ int err;
+
+ if ((mdev = get_mididev(dp, dev)) == NULL)
+ return -ENODEV;
+
++ mutex_lock(&mdev->open_mutex);
+ /* already used? */
+ if (mdev->opened && mdev->devinfo != dp) {
+- snd_use_lock_free(&mdev->use_lock);
+- return -EBUSY;
++ err = -EBUSY;
++ goto unlock;
+ }
+
+ perm = 0;
+@@ -349,14 +353,14 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
+ perm |= PERM_READ;
+ perm &= mdev->flags;
+ if (perm == 0) {
+- snd_use_lock_free(&mdev->use_lock);
+- return -ENXIO;
++ err = -ENXIO;
++ goto unlock;
+ }
+
+ /* already opened? */
+ if ((mdev->opened & perm) == perm) {
+- snd_use_lock_free(&mdev->use_lock);
+- return 0;
++ err = 0;
++ goto unlock;
+ }
+
+ perm &= ~mdev->opened;
+@@ -381,13 +385,17 @@ snd_seq_oss_midi_open(struct seq_oss_devinfo *dp, int dev, int fmode)
+ }
+
+ if (! mdev->opened) {
+- snd_use_lock_free(&mdev->use_lock);
+- return -ENXIO;
++ err = -ENXIO;
++ goto unlock;
+ }
+
+ mdev->devinfo = dp;
++ err = 0;
++
++ unlock:
++ mutex_unlock(&mdev->open_mutex);
+ snd_use_lock_free(&mdev->use_lock);
+- return 0;
++ return err;
+ }
+
+ /*
+@@ -401,10 +409,9 @@ snd_seq_oss_midi_close(struct seq_oss_devinfo *dp, int dev)
+
+ if ((mdev = get_mididev(dp, dev)) == NULL)
+ return -ENODEV;
+- if (! mdev->opened || mdev->devinfo != dp) {
+- snd_use_lock_free(&mdev->use_lock);
+- return 0;
+- }
++ mutex_lock(&mdev->open_mutex);
++ if (!mdev->opened || mdev->devinfo != dp)
++ goto unlock;
+
+ memset(&subs, 0, sizeof(subs));
+ if (mdev->opened & PERM_WRITE) {
+@@ -423,6 +430,8 @@ snd_seq_oss_midi_close(struct seq_oss_devinfo *dp, int dev)
+ mdev->opened = 0;
+ mdev->devinfo = NULL;
+
++ unlock:
++ mutex_unlock(&mdev->open_mutex);
+ snd_use_lock_free(&mdev->use_lock);
+ return 0;
+ }
+--
+2.40.1
+
--- /dev/null
+From 789d54f74c4560759df62fdae71d1d61e39d5245 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 19 Jul 2023 13:47:22 +0800
+Subject: ASoc: codecs: ES8316: Fix DMIC config
+
+From: Edgar <ljijcj@163.com>
+
+[ Upstream commit d20d35d1ad62c6cca36368c1e8f29335a068659e ]
+
+According to the datasheet, the DMIC config should
+be changed to { 0, 2 ,3 }
+
+Signed-off-by: Edgar <ljijcj@163.com>
+Link: https://lore.kernel.org/r/20230719054722.401954-1-ljijcj@163.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/codecs/es8316.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sound/soc/codecs/es8316.c b/sound/soc/codecs/es8316.c
+index fad918c44ec97..75a6b8b4e9c09 100644
+--- a/sound/soc/codecs/es8316.c
++++ b/sound/soc/codecs/es8316.c
+@@ -145,7 +145,7 @@ static const char * const es8316_dmic_txt[] = {
+ "dmic data at high level",
+ "dmic data at low level",
+ };
+-static const unsigned int es8316_dmic_values[] = { 0, 1, 2 };
++static const unsigned int es8316_dmic_values[] = { 0, 2, 3 };
+ static const struct soc_enum es8316_dmic_src_enum =
+ SOC_VALUE_ENUM_SINGLE(ES8316_ADC_DMIC, 0, 3,
+ ARRAY_SIZE(es8316_dmic_txt),
+--
+2.40.1
+
--- /dev/null
+From c27eaf5d87de25f61b9fb5939466a58134818d6c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 17 Jul 2023 21:37:36 +0200
+Subject: ASoC: da7219: Flush pending AAD IRQ when suspending
+
+From: Dmytro Maluka <dmy@semihalf.com>
+
+[ Upstream commit 91e292917dad64ab8d1d5ca2ab3069ad9dac6f72 ]
+
+da7219_aad_suspend() disables jack detection, which should prevent
+generating new interrupts by DA7219 while suspended. However, there is a
+theoretical possibility that there is a pending interrupt generated just
+before suspending DA7219 and not handled yet, so the IRQ handler may
+still run after DA7219 is suspended. To prevent that, wait until the
+pending IRQ handling is done.
+
+This patch arose as an attempt to fix the following I2C failure
+occurring sometimes during system suspend or resume:
+
+[ 355.876211] i2c_designware i2c_designware.3: Transfer while suspended
+[ 355.876245] WARNING: CPU: 2 PID: 3576 at drivers/i2c/busses/i2c-designware-master.c:570 i2c_dw_xfer+0x411/0x440
+...
+[ 355.876462] Call Trace:
+[ 355.876468] <TASK>
+[ 355.876475] ? update_load_avg+0x1b3/0x615
+[ 355.876484] __i2c_transfer+0x101/0x1d8
+[ 355.876494] i2c_transfer+0x74/0x10d
+[ 355.876504] regmap_i2c_read+0x6a/0x9c
+[ 355.876513] _regmap_raw_read+0x179/0x223
+[ 355.876521] regmap_raw_read+0x1e1/0x28e
+[ 355.876527] regmap_bulk_read+0x17d/0x1ba
+[ 355.876532] ? __wake_up+0xed/0x1bb
+[ 355.876542] da7219_aad_irq_thread+0x54/0x2c9 [snd_soc_da7219 5fb8ebb2179cf2fea29af090f3145d68ed8e2184]
+[ 355.876556] irq_thread+0x13c/0x231
+[ 355.876563] ? irq_forced_thread_fn+0x5f/0x5f
+[ 355.876570] ? irq_thread_fn+0x4d/0x4d
+[ 355.876576] kthread+0x13a/0x152
+[ 355.876581] ? synchronize_irq+0xc3/0xc3
+[ 355.876587] ? kthread_blkcg+0x31/0x31
+[ 355.876592] ret_from_fork+0x1f/0x30
+[ 355.876601] </TASK>
+
+which indicates that the AAD IRQ handler is unexpectedly running when
+DA7219 is suspended, and as a result, is trying to read data from DA7219
+over I2C and is hitting the I2C driver "Transfer while suspended"
+failure.
+
+However, with this patch the above failure is still reproducible. So
+this patch does not fix any real observed issue so far, but at least is
+useful for confirming that the above issue is not caused by a pending
+IRQ but rather looks like a DA7219 hardware issue with an IRQ
+unexpectedly generated after jack detection is already disabled.
+
+Signed-off-by: Dmytro Maluka <dmy@semihalf.com>
+Link: https://lore.kernel.org/r/20230717193737.161784-2-dmy@semihalf.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/codecs/da7219-aad.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sound/soc/codecs/da7219-aad.c b/sound/soc/codecs/da7219-aad.c
+index 1d1d10dd92ae2..793c8768f7c44 100644
+--- a/sound/soc/codecs/da7219-aad.c
++++ b/sound/soc/codecs/da7219-aad.c
+@@ -854,6 +854,8 @@ void da7219_aad_suspend(struct snd_soc_codec *codec)
+ }
+ }
+ }
++
++ synchronize_irq(da7219_aad->irq);
+ }
+
+ void da7219_aad_resume(struct snd_soc_codec *codec)
+--
+2.40.1
+
--- /dev/null
+From 3cf70f3b7ee9ff0e9e635a1fd7e3c047d89c59f8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Jun 2023 16:01:43 -0400
+Subject: bnx2x: fix page fault following EEH recovery
+
+From: David Christensen <drc@linux.vnet.ibm.com>
+
+[ Upstream commit 7ebe4eda4265642859507d1b3ca330d8c196cfe5 ]
+
+In the last step of the EEH recovery process, the EEH driver calls into
+bnx2x_io_resume() to re-initialize the NIC hardware via the function
+bnx2x_nic_load(). If an error occurs during bnx2x_nic_load(), OS and
+hardware resources are released and an error code is returned to the
+caller. When called from bnx2x_io_resume(), the return code is ignored
+and the network interface is brought up unconditionally. Later attempts
+to send a packet via this interface result in a page fault due to a null
+pointer reference.
+
+This patch checks the return code of bnx2x_nic_load(), prints an error
+message if necessary, and does not enable the interface.
+
+Signed-off-by: David Christensen <drc@linux.vnet.ibm.com>
+Reviewed-by: Sridhar Samudrala <sridhar.samudrala@intel.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+index 7925c40c00625..cb5c3d3153331 100644
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+@@ -14484,11 +14484,16 @@ static void bnx2x_io_resume(struct pci_dev *pdev)
+ bp->fw_seq = SHMEM_RD(bp, func_mb[BP_FW_MB_IDX(bp)].drv_mb_header) &
+ DRV_MSG_SEQ_NUMBER_MASK;
+
+- if (netif_running(dev))
+- bnx2x_nic_load(bp, LOAD_NORMAL);
++ if (netif_running(dev)) {
++ if (bnx2x_nic_load(bp, LOAD_NORMAL)) {
++ netdev_err(bp->dev, "Error during driver initialization, try unloading/reloading the driver\n");
++ goto done;
++ }
++ }
+
+ netif_device_attach(dev);
+
++done:
+ rtnl_unlock();
+ }
+
+--
+2.40.1
+
--- /dev/null
+From eedd7daa49bf08e61f7a3f6291e71b94962975d6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 9 Jun 2023 17:46:56 +0000
+Subject: cifs: add a warning when the in-flight count goes negative
+
+From: Shyam Prasad N <sprasad@microsoft.com>
+
+[ Upstream commit e4645cc2f1e2d6f268bb8dcfac40997c52432aed ]
+
+We've seen the in-flight count go into negative with some
+internal stress testing in Microsoft.
+
+Adding a WARN when this happens, in hope of understanding
+why this happens when it happens.
+
+Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
+Reviewed-by: Bharath SM <bharathsm@microsoft.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/cifs/smb2ops.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
+index dec306a3b0f41..3287795c648e5 100644
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -78,6 +78,7 @@ smb2_add_credits(struct TCP_Server_Info *server, const unsigned int add,
+ *val = 65000; /* Don't get near 64K credits, avoid srv bugs */
+ printk_once(KERN_WARNING "server overflowed SMB3 credits\n");
+ }
++ WARN_ON_ONCE(server->in_flight == 0);
+ server->in_flight--;
+ if (server->in_flight == 0 && (optype & CIFS_OP_MASK) != CIFS_NEG_OP)
+ rc = change_conf(server);
+--
+2.40.1
+
--- /dev/null
+From 4ae4cbe97367c28c762ad5c9f7580b04a231a29c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Jul 2023 22:42:08 +0800
+Subject: ethernet: atheros: fix return value check in atl1c_tso_csum()
+
+From: Yuanjun Gong <ruc_gongyuanjun@163.com>
+
+[ Upstream commit 8d01da0a1db237c44c92859ce3612df7af8d3a53 ]
+
+in atl1c_tso_csum, it should check the return value of pskb_trim(),
+and return an error code if an unexpected value is returned
+by pskb_trim().
+
+Signed-off-by: Yuanjun Gong <ruc_gongyuanjun@163.com>
+Reviewed-by: Simon Horman <simon.horman@corigine.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/atheros/atl1c/atl1c_main.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
+index 3615c2a06fdad..6f5c7c1401ce0 100644
+--- a/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
++++ b/drivers/net/ethernet/atheros/atl1c/atl1c_main.c
+@@ -2001,8 +2001,11 @@ static int atl1c_tso_csum(struct atl1c_adapter *adapter,
+ real_len = (((unsigned char *)ip_hdr(skb) - skb->data)
+ + ntohs(ip_hdr(skb)->tot_len));
+
+- if (real_len < skb->len)
+- pskb_trim(skb, real_len);
++ if (real_len < skb->len) {
++ err = pskb_trim(skb, real_len);
++ if (err)
++ return err;
++ }
+
+ hdr_len = (skb_transport_offset(skb) + tcp_hdrlen(skb));
+ if (unlikely(skb->len == hdr_len)) {
+--
+2.40.1
+
--- /dev/null
+From cfd0389eb852ac1f27dfde7b0efb24499ba01686 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 Jul 2023 10:10:56 +0800
+Subject: fs/nls: make load_nls() take a const parameter
+
+From: Winston Wen <wentao@uniontech.com>
+
+[ Upstream commit c1ed39ec116272935528ca9b348b8ee79b0791da ]
+
+load_nls() take a char * parameter, use it to find nls module in list or
+construct the module name to load it.
+
+This change make load_nls() take a const parameter, so we don't need do
+some cast like this:
+
+ ses->local_nls = load_nls((char *)ctx->local_nls->charset);
+
+Suggested-by: Stephen Rothwell <sfr@canb.auug.org.au>
+Signed-off-by: Winston Wen <wentao@uniontech.com>
+Reviewed-by: Paulo Alcantara <pc@manguebit.com>
+Reviewed-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/nls/nls_base.c | 4 ++--
+ include/linux/nls.h | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c
+index 52ccd34b1e792..a026dbd3593f6 100644
+--- a/fs/nls/nls_base.c
++++ b/fs/nls/nls_base.c
+@@ -272,7 +272,7 @@ int unregister_nls(struct nls_table * nls)
+ return -EINVAL;
+ }
+
+-static struct nls_table *find_nls(char *charset)
++static struct nls_table *find_nls(const char *charset)
+ {
+ struct nls_table *nls;
+ spin_lock(&nls_lock);
+@@ -288,7 +288,7 @@ static struct nls_table *find_nls(char *charset)
+ return nls;
+ }
+
+-struct nls_table *load_nls(char *charset)
++struct nls_table *load_nls(const char *charset)
+ {
+ return try_then_request_module(find_nls(charset), "nls_%s", charset);
+ }
+diff --git a/include/linux/nls.h b/include/linux/nls.h
+index 499e486b3722d..e0bf8367b274a 100644
+--- a/include/linux/nls.h
++++ b/include/linux/nls.h
+@@ -47,7 +47,7 @@ enum utf16_endian {
+ /* nls_base.c */
+ extern int __register_nls(struct nls_table *, struct module *);
+ extern int unregister_nls(struct nls_table *);
+-extern struct nls_table *load_nls(char *);
++extern struct nls_table *load_nls(const char *charset);
+ extern void unload_nls(struct nls_table *);
+ extern struct nls_table *load_nls_default(void);
+ #define register_nls(nls) __register_nls((nls), THIS_MODULE)
+--
+2.40.1
+
--- /dev/null
+From fb1ffe7dbdc4ca1c873360a174342c549f253f6b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 7 Jul 2023 21:58:45 +0800
+Subject: idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
+
+From: Baoquan He <bhe@redhat.com>
+
+[ Upstream commit b1e213a9e31c20206f111ec664afcf31cbfe0dbb ]
+
+On s390 systems (aka mainframes), it has classic channel devices for
+networking and permanent storage that are currently even more common
+than PCI devices. Hence it could have a fully functional s390 kernel
+with CONFIG_PCI=n, then the relevant iomem mapping functions
+[including ioremap(), devm_ioremap(), etc.] are not available.
+
+Here let FSL_EDMA and INTEL_IDMA64 depend on HAS_IOMEM so that it
+won't be built to cause below compiling error if PCI is unset.
+
+--------
+ERROR: modpost: "devm_platform_ioremap_resource" [drivers/dma/fsl-edma.ko] undefined!
+ERROR: modpost: "devm_platform_ioremap_resource" [drivers/dma/idma64.ko] undefined!
+--------
+
+Reported-by: kernel test robot <lkp@intel.com>
+Closes: https://lore.kernel.org/oe-kbuild-all/202306211329.ticOJCSv-lkp@intel.com/
+Signed-off-by: Baoquan He <bhe@redhat.com>
+Cc: Vinod Koul <vkoul@kernel.org>
+Cc: dmaengine@vger.kernel.org
+Link: https://lore.kernel.org/r/20230707135852.24292-2-bhe@redhat.com
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/dma/Kconfig | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/dma/Kconfig b/drivers/dma/Kconfig
+index 5ea37d133f241..6abb80b09db3b 100644
+--- a/drivers/dma/Kconfig
++++ b/drivers/dma/Kconfig
+@@ -209,6 +209,7 @@ config FSL_DMA
+ config FSL_EDMA
+ tristate "Freescale eDMA engine support"
+ depends on OF
++ depends on HAS_IOMEM
+ select DMA_ENGINE
+ select DMA_VIRTUAL_CHANNELS
+ help
+@@ -254,6 +255,7 @@ config IMX_SDMA
+
+ config INTEL_IDMA64
+ tristate "Intel integrated DMA 64-bit support"
++ depends on HAS_IOMEM
+ select DMA_ENGINE
+ select DMA_VIRTUAL_CHANNELS
+ help
+--
+2.40.1
+
--- /dev/null
+From dfed02967428ad2c21c9d2ad52dd5b84d94eab2b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 16 Jun 2023 17:36:10 +0200
+Subject: m68k: Fix invalid .section syntax
+
+From: Ben Hutchings <benh@debian.org>
+
+[ Upstream commit 922a9bd138101e3e5718f0f4d40dba68ef89bb43 ]
+
+gas supports several different forms for .section for ELF targets,
+including:
+ .section NAME [, "FLAGS"[, @TYPE[,FLAG_SPECIFIC_ARGUMENTS]]]
+and:
+ .section "NAME"[, #FLAGS...]
+
+In several places we use a mix of these two forms:
+ .section NAME, #FLAGS...
+
+A current development snapshot of binutils (2.40.50.20230611) treats
+this mixed syntax as an error.
+
+Change to consistently use:
+ .section NAME, "FLAGS"
+as is used elsewhere in the kernel.
+
+Link: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=m68k&ver=6.4%7Erc6-1%7Eexp1&stamp=1686907300&raw=1
+Signed-off-by: Ben Hutchings <benh@debian.org>
+Tested-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
+Link: https://lore.kernel.org/r/ZIyBaueWT9jnTwRC@decadent.org.uk
+Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/m68k/fpsp040/skeleton.S | 4 ++--
+ arch/m68k/ifpsp060/os.S | 4 ++--
+ arch/m68k/kernel/relocate_kernel.S | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/arch/m68k/fpsp040/skeleton.S b/arch/m68k/fpsp040/skeleton.S
+index a8f41615d94a7..31a9c634c81ed 100644
+--- a/arch/m68k/fpsp040/skeleton.S
++++ b/arch/m68k/fpsp040/skeleton.S
+@@ -499,12 +499,12 @@ in_ea:
+ dbf %d0,morein
+ rts
+
+- .section .fixup,#alloc,#execinstr
++ .section .fixup,"ax"
+ .even
+ 1:
+ jbra fpsp040_die
+
+- .section __ex_table,#alloc
++ .section __ex_table,"a"
+ .align 4
+
+ .long in_ea,1b
+diff --git a/arch/m68k/ifpsp060/os.S b/arch/m68k/ifpsp060/os.S
+index 7a0d6e4280665..89e2ec224ab6c 100644
+--- a/arch/m68k/ifpsp060/os.S
++++ b/arch/m68k/ifpsp060/os.S
+@@ -379,11 +379,11 @@ _060_real_access:
+
+
+ | Execption handling for movs access to illegal memory
+- .section .fixup,#alloc,#execinstr
++ .section .fixup,"ax"
+ .even
+ 1: moveq #-1,%d1
+ rts
+-.section __ex_table,#alloc
++.section __ex_table,"a"
+ .align 4
+ .long dmrbuae,1b
+ .long dmrwuae,1b
+diff --git a/arch/m68k/kernel/relocate_kernel.S b/arch/m68k/kernel/relocate_kernel.S
+index ab0f1e7d46535..f7667079e08e9 100644
+--- a/arch/m68k/kernel/relocate_kernel.S
++++ b/arch/m68k/kernel/relocate_kernel.S
+@@ -26,7 +26,7 @@ ENTRY(relocate_new_kernel)
+ lea %pc@(.Lcopy),%a4
+ 2: addl #0x00000000,%a4 /* virt_to_phys() */
+
+- .section ".m68k_fixup","aw"
++ .section .m68k_fixup,"aw"
+ .long M68K_FIXUP_MEMOFFSET, 2b+2
+ .previous
+
+@@ -49,7 +49,7 @@ ENTRY(relocate_new_kernel)
+ lea %pc@(.Lcont040),%a4
+ 5: addl #0x00000000,%a4 /* virt_to_phys() */
+
+- .section ".m68k_fixup","aw"
++ .section .m68k_fixup,"aw"
+ .long M68K_FIXUP_MEMOFFSET, 5b+2
+ .previous
+
+--
+2.40.1
+
--- /dev/null
+From 0dab8db474a1628f6bf0d2c2c676036345212911 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 27 Jul 2023 20:00:43 +0000
+Subject: net: usb: qmi_wwan: add Quectel EM05GV2
+
+From: Martin Kohn <m.kohn@welotec.com>
+
+[ Upstream commit d4480c9bb9258db9ddf2e632f6ef81e96b41089c ]
+
+Add support for Quectel EM05GV2 (G=global) with vendor ID
+0x2c7c and product ID 0x030e
+
+Enabling DTR on this modem was necessary to ensure stable operation.
+Patch for usb: serial: option: is also in progress.
+
+T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=480 MxCh= 0
+D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
+P: Vendor=2c7c ProdID=030e Rev= 3.18
+S: Manufacturer=Quectel
+S: Product=Quectel EM05-G
+C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
+I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
+E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
+E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
+E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+
+Signed-off-by: Martin Kohn <m.kohn@welotec.com>
+Link: https://lore.kernel.org/r/AM0PR04MB57648219DE893EE04FA6CC759701A@AM0PR04MB5764.eurprd04.prod.outlook.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/qmi_wwan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
+index 8cdf822dfda06..880aa7f6a779c 100644
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1365,6 +1365,7 @@ static const struct usb_device_id products[] = {
+ {QMI_QUIRK_SET_DTR(0x2c7c, 0x0191, 4)}, /* Quectel EG91 */
+ {QMI_QUIRK_SET_DTR(0x2c7c, 0x0195, 4)}, /* Quectel EG95 */
+ {QMI_FIXED_INTF(0x2c7c, 0x0296, 4)}, /* Quectel BG96 */
++ {QMI_QUIRK_SET_DTR(0x2c7c, 0x030e, 4)}, /* Quectel EM05GV2 */
+ {QMI_QUIRK_SET_DTR(0x2cb7, 0x0104, 4)}, /* Fibocom NL678 series */
+ {QMI_FIXED_INTF(0x0489, 0xe0b4, 0)}, /* Foxconn T77W968 LTE */
+ {QMI_FIXED_INTF(0x0489, 0xe0b5, 0)}, /* Foxconn T77W968 LTE with eSIM support*/
+--
+2.40.1
+
--- /dev/null
+From 187e128804faf5129887848c171dff105f200ba5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Jun 2023 16:57:54 +0300
+Subject: netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
+
+From: Dmitry Mastykin <dmastykin@astralinux.ru>
+
+[ Upstream commit b403643d154d15176b060b82f7fc605210033edd ]
+
+There is a shift wrapping bug in this code on 32-bit architectures.
+NETLBL_CATMAP_MAPTYPE is u64, bitmap is unsigned long.
+Every second 32-bit word of catmap becomes corrupted.
+
+Signed-off-by: Dmitry Mastykin <dmastykin@astralinux.ru>
+Acked-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netlabel/netlabel_kapi.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
+index 15fe2120b3109..14c3d640f94b9 100644
+--- a/net/netlabel/netlabel_kapi.c
++++ b/net/netlabel/netlabel_kapi.c
+@@ -871,7 +871,8 @@ int netlbl_catmap_setlong(struct netlbl_lsm_catmap **catmap,
+
+ offset -= iter->startbit;
+ idx = offset / NETLBL_CATMAP_MAPSIZE;
+- iter->bitmap[idx] |= bitmap << (offset % NETLBL_CATMAP_MAPSIZE);
++ iter->bitmap[idx] |= (NETLBL_CATMAP_MAPTYPE)bitmap
++ << (offset % NETLBL_CATMAP_MAPSIZE);
+
+ return 0;
+ }
+--
+2.40.1
+
--- /dev/null
+From 44851883c1285c30df9cf5bac0ee877e3a4d2035 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 21 Jul 2023 21:36:45 +0200
+Subject: s390/dasd: use correct number of retries for ERP requests
+
+From: Stefan Haberland <sth@linux.ibm.com>
+
+[ Upstream commit acea28a6b74f458defda7417d2217b051ba7d444 ]
+
+If a DASD request fails an error recovery procedure (ERP) request might
+be built as a copy of the original request to do error recovery.
+
+The ERP request gets a number of retries assigned.
+This number is always 256 no matter what other value might have been set
+for the original request. This is not what is expected when a user
+specifies a certain amount of retries for the device via sysfs.
+
+Correctly use the number of retries of the original request for ERP
+requests.
+
+Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
+Reviewed-by: Jan Hoeppner <hoeppner@linux.ibm.com>
+Link: https://lore.kernel.org/r/20230721193647.3889634-3-sth@linux.ibm.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/s390/block/dasd_3990_erp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/s390/block/dasd_3990_erp.c b/drivers/s390/block/dasd_3990_erp.c
+index ee14d8e45c971..6d26343b12f25 100644
+--- a/drivers/s390/block/dasd_3990_erp.c
++++ b/drivers/s390/block/dasd_3990_erp.c
+@@ -2423,7 +2423,7 @@ static struct dasd_ccw_req *dasd_3990_erp_add_erp(struct dasd_ccw_req *cqr)
+ erp->block = cqr->block;
+ erp->magic = cqr->magic;
+ erp->expires = cqr->expires;
+- erp->retries = 256;
++ erp->retries = device->default_retries;
+ erp->buildclk = get_tod_clock();
+ erp->status = DASD_CQR_FILLED;
+
+--
+2.40.1
+
--- /dev/null
+From d0a3e1fddf131c21ce8e6e38cc49b9a1a7fb69a3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 Jul 2023 12:56:55 +0000
+Subject: scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
+
+From: Chengfeng Ye <dg573847474@gmail.com>
+
+[ Upstream commit dd64f80587190265ca8a0f4be6c64c2fda6d3ac2 ]
+
+As &qedi_percpu->p_work_lock is acquired by hard IRQ qedi_msix_handler(),
+other acquisitions of the same lock under process context should disable
+IRQ, otherwise deadlock could happen if the IRQ preempts the execution
+while the lock is held in process context on the same CPU.
+
+qedi_cpu_offline() is one such function which acquires the lock in process
+context.
+
+[Deadlock Scenario]
+qedi_cpu_offline()
+ ->spin_lock(&p->p_work_lock)
+ <irq>
+ ->qedi_msix_handler()
+ ->edi_process_completions()
+ ->spin_lock_irqsave(&p->p_work_lock, flags); (deadlock here)
+
+This flaw was found by an experimental static analysis tool I am developing
+for IRQ-related deadlocks.
+
+The tentative patch fix the potential deadlock by spin_lock_irqsave()
+under process context.
+
+Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
+Link: https://lore.kernel.org/r/20230726125655.4197-1-dg573847474@gmail.com
+Acked-by: Manish Rangankar <mrangankar@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/qedi/qedi_main.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/scsi/qedi/qedi_main.c b/drivers/scsi/qedi/qedi_main.c
+index 09f57ef35990c..b8b177018031c 100644
+--- a/drivers/scsi/qedi/qedi_main.c
++++ b/drivers/scsi/qedi/qedi_main.c
+@@ -1669,8 +1669,9 @@ static int qedi_cpu_offline(unsigned int cpu)
+ struct qedi_percpu_s *p = this_cpu_ptr(&qedi_percpu);
+ struct qedi_work *work, *tmp;
+ struct task_struct *thread;
++ unsigned long flags;
+
+- spin_lock_bh(&p->p_work_lock);
++ spin_lock_irqsave(&p->p_work_lock, flags);
+ thread = p->iothread;
+ p->iothread = NULL;
+
+@@ -1681,7 +1682,7 @@ static int qedi_cpu_offline(unsigned int cpu)
+ kfree(work);
+ }
+
+- spin_unlock_bh(&p->p_work_lock);
++ spin_unlock_irqrestore(&p->p_work_lock, flags);
+ if (thread)
+ kthread_stop(thread);
+ return 0;
+--
+2.40.1
+
--- /dev/null
+From afa3f82fc59c05c499e8a5467a5945e17af84f15 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 9 Jun 2023 14:04:43 +0300
+Subject: sctp: handle invalid error codes without calling BUG()
+
+From: Dan Carpenter <dan.carpenter@linaro.org>
+
+[ Upstream commit a0067dfcd9418fd3b0632bc59210d120d038a9c6 ]
+
+The sctp_sf_eat_auth() function is supposed to return enum sctp_disposition
+values but if the call to sctp_ulpevent_make_authkey() fails, it returns
+-ENOMEM.
+
+This results in calling BUG() inside the sctp_side_effects() function.
+Calling BUG() is an over reaction and not helpful. Call WARN_ON_ONCE()
+instead.
+
+This code predates git.
+
+Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/sctp/sm_sideeffect.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
+index 169819263c0bb..87822421b99db 100644
+--- a/net/sctp/sm_sideeffect.c
++++ b/net/sctp/sm_sideeffect.c
+@@ -1235,7 +1235,10 @@ static int sctp_side_effects(enum sctp_event event_type,
+ default:
+ pr_err("impossible disposition %d in state %d, event_type %d, event_id %d\n",
+ status, state, event_type, subtype.chunk);
+- BUG();
++ error = status;
++ if (error >= 0)
++ error = -EINVAL;
++ WARN_ON_ONCE(1);
+ break;
+ }
+
+--
+2.40.1
+
--- /dev/null
+From c5f55715deddcf5533c42dbda540cdf77e76a13c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 11 May 2023 14:32:52 +0200
+Subject: security: keys: perform capable check only on privileged operations
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Christian Göttsche <cgzones@googlemail.com>
+
+[ Upstream commit 2d7f105edbb3b2be5ffa4d833abbf9b6965e9ce7 ]
+
+If the current task fails the check for the queried capability via
+`capable(CAP_SYS_ADMIN)` LSMs like SELinux generate a denial message.
+Issuing such denial messages unnecessarily can lead to a policy author
+granting more privileges to a subject than needed to silence them.
+
+Reorder CAP_SYS_ADMIN checks after the check whether the operation is
+actually privileged.
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
+Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ security/keys/keyctl.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
+index 9394d72a77e80..9e52a3e0fc672 100644
+--- a/security/keys/keyctl.c
++++ b/security/keys/keyctl.c
+@@ -922,14 +922,19 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
+ ret = -EACCES;
+ down_write(&key->sem);
+
+- if (!capable(CAP_SYS_ADMIN)) {
++ {
++ bool is_privileged_op = false;
++
+ /* only the sysadmin can chown a key to some other UID */
+ if (user != (uid_t) -1 && !uid_eq(key->uid, uid))
+- goto error_put;
++ is_privileged_op = true;
+
+ /* only the sysadmin can set the key's GID to a group other
+ * than one of those that the current process subscribes to */
+ if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid))
++ is_privileged_op = true;
++
++ if (is_privileged_op && !capable(CAP_SYS_ADMIN))
+ goto error_put;
+ }
+
+@@ -1029,7 +1034,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
+ down_write(&key->sem);
+
+ /* if we're not the sysadmin, we can only change a key that we own */
+- if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) {
++ if (uid_eq(key->uid, current_fsuid()) || capable(CAP_SYS_ADMIN)) {
+ key->perm = perm;
+ ret = 0;
+ }
+--
+2.40.1
+
nilfs2-fix-warning-in-mark_buffer_dirty-due-to-discarded-buffer-reuse.patch
pinctrl-amd-don-t-show-invalid-config-param-errors.patch
lib-ubsan-remove-returns-nonnull-attribute-checks.patch
+9p-virtio-make-sure-offs-is-initialized-in-zc_reques.patch
+asoc-da7219-flush-pending-aad-irq-when-suspending.patch
+ethernet-atheros-fix-return-value-check-in-atl1c_tso.patch
+m68k-fix-invalid-.section-syntax.patch
+s390-dasd-use-correct-number-of-retries-for-erp-requ.patch
+fs-nls-make-load_nls-take-a-const-parameter.patch
+asoc-codecs-es8316-fix-dmic-config.patch
+security-keys-perform-capable-check-only-on-privileg.patch
+net-usb-qmi_wwan-add-quectel-em05gv2.patch
+idmaengine-make-fsl_edma-and-intel_idma64-depends-on.patch
+scsi-qedi-fix-potential-deadlock-on-qedi_percpu-p_wo.patch
+netlabel-fix-shift-wrapping-bug-in-netlbl_catmap_set.patch
+bnx2x-fix-page-fault-following-eeh-recovery.patch
+sctp-handle-invalid-error-codes-without-calling-bug.patch
+cifs-add-a-warning-when-the-in-flight-count-goes-neg.patch
+alsa-seq-oss-fix-racy-open-close-of-midi-devices.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
