--- /dev/null
+From b52343d1cb47bb27ca32a3f4952cc2fd3cd165bf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh@linutronix.de>
+Date: Fri, 13 Feb 2026 08:39:29 +0100
+Subject: ARM: clean up the memset64() C wrapper
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
+
+commit b52343d1cb47bb27ca32a3f4952cc2fd3cd165bf upstream.
+
+The current logic to split the 64-bit argument into its 32-bit halves is
+byte-order specific and a bit clunky. Use a union instead which is
+easier to read and works in all cases.
+
+GCC still generates the same machine code.
+
+While at it, rename the arguments of the __memset64() prototype to
+actually reflect their semantics.
+
+Signed-off-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Reported-by: Ben Hutchings <ben@decadent.org.uk> # for -stable
+Link: https://lore.kernel.org/all/1a11526ae3d8664f705b541b8d6ea57b847b49a8.camel@decadent.org.uk/
+Suggested-by: https://lore.kernel.org/all/aZonkWMwpbFhzDJq@casper.infradead.org/ # for -stable
+Link: https://lore.kernel.org/all/aZonkWMwpbFhzDJq@casper.infradead.org/
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/include/asm/string.h | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+--- a/arch/arm/include/asm/string.h
++++ b/arch/arm/include/asm/string.h
+@@ -39,13 +39,17 @@ static inline void *memset32(uint32_t *p
+ }
+
+ #define __HAVE_ARCH_MEMSET64
+-extern void *__memset64(uint64_t *, uint32_t low, __kernel_size_t, uint32_t hi);
++extern void *__memset64(uint64_t *, uint32_t first, __kernel_size_t, uint32_t second);
+ static inline void *memset64(uint64_t *p, uint64_t v, __kernel_size_t n)
+ {
+- if (IS_ENABLED(CONFIG_CPU_LITTLE_ENDIAN))
+- return __memset64(p, v, n * 8, v >> 32);
+- else
+- return __memset64(p, v >> 32, n * 8, v);
++ union {
++ uint64_t val;
++ struct {
++ uint32_t first, second;
++ };
++ } word = { .val = v };
++
++ return __memset64(p, word.first, n * 8, word.second);
+ }
+
+ /*
--- /dev/null
+From bbb758a6943e19c483ab752cf8220140b46cf22c Mon Sep 17 00:00:00 2001
+From: Boris Faure <boris@fau.re>
+Date: Thu, 29 Jan 2026 14:14:54 +0000
+Subject: ASoC: sdca: Fix missing regmap dependencies in Kconfig
+
+From: Boris Faure <boris@fau.re>
+
+commit bbb758a6943e19c483ab752cf8220140b46cf22c upstream.
+
+The SDCA modules failed to build with modpost errors:
+
+ ERROR: modpost: "__devm_regmap_init_sdw" [sound/soc/sdca/snd-soc-sdca-class.ko] undefined!
+ ERROR: modpost: "__devm_regmap_init_sdw_mbq" [sound/soc/sdca/snd-soc-sdca-class-function.ko] undefined!
+
+The issue occurs because:
+- sdca_class.c calls devm_regmap_init_sdw() which requires REGMAP_SOUNDWIRE
+- sdca_class_function.c calls devm_regmap_init_sdw_mbq_cfg() which requires REGMAP_SOUNDWIRE_MBQ
+
+However, the Kconfig didn't select these dependencies, causing the symbols
+to be unavailable when the SDCA modules are built.
+
+Fix this by adding:
+- select REGMAP_SOUNDWIRE to SND_SOC_SDCA_CLASS
+- select REGMAP_SOUNDWIRE_MBQ to SND_SOC_SDCA_CLASS_FUNCTION
+
+This ensures the required regmap drivers are enabled when building SDCA support.
+
+Configuration after fix:
+ CONFIG_SND_SOC_SDCA_CLASS=m
+ CONFIG_SND_SOC_SDCA_CLASS_FUNCTION=m
+ CONFIG_REGMAP_SOUNDWIRE=m
+ CONFIG_REGMAP_SOUNDWIRE_MBQ=m
+
+Signed-off-by: Boris Faure <boris@fau.re>
+Link: https://patch.msgid.link/20260129141419.13843-1-boris@fau.re
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/sdca/Kconfig | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/soc/sdca/Kconfig
++++ b/sound/soc/sdca/Kconfig
+@@ -46,12 +46,14 @@ config SND_SOC_SDCA_CLASS
+ select SND_SOC_SDCA_FDL
+ select SND_SOC_SDCA_HID
+ select SND_SOC_SDCA_IRQ
++ select REGMAP_SOUNDWIRE
+ help
+ This option enables support for the SDCA Class driver which should
+ support any class compliant SDCA part.
+
+ config SND_SOC_SDCA_CLASS_FUNCTION
+ tristate
++ select REGMAP_SOUNDWIRE_MBQ
+ help
+ This option enables support for the SDCA Class Function drivers,
+ these implement the individual functions of the SDCA Class driver.
--- /dev/null
+From 7cff9a40c6b0f72ccefdaf0ffe03cfac30348f51 Mon Sep 17 00:00:00 2001
+From: Mariusz Skamra <mariusz.skamra@codecoup.pl>
+Date: Thu, 12 Feb 2026 14:46:46 +0100
+Subject: Bluetooth: Fix CIS host feature condition
+
+From: Mariusz Skamra <mariusz.skamra@codecoup.pl>
+
+commit 7cff9a40c6b0f72ccefdaf0ffe03cfac30348f51 upstream.
+
+This fixes the condition for sending the LE Set Host Feature command.
+The command is sent to indicate host support for Connected Isochronous
+Streams in this case. It has been observed that the system could not
+initialize BIS-only capable controllers because the controllers do not
+support the command.
+
+As per Core v6.2 | Vol 4, Part E, Table 3.1 the command shall be
+supported if CIS Central or CIS Peripheral is supported; otherwise,
+the command is optional.
+
+Fixes: 709788b154ca ("Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings")
+Cc: stable@vger.kernel.org
+Signed-off-by: Mariusz Skamra <mariusz.skamra@codecoup.pl>
+Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+[ iso_capable() => cis_capable() ]
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/bluetooth/hci_sync.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/bluetooth/hci_sync.c
++++ b/net/bluetooth/hci_sync.c
+@@ -4564,7 +4564,7 @@ static int hci_le_set_host_feature_sync(
+ {
+ struct hci_cp_le_set_host_feature cp;
+
+- if (!iso_capable(hdev))
++ if (!cis_capable(hdev))
+ return 0;
+
+ memset(&cp, 0, sizeof(cp));
--- /dev/null
+From 594c11d0e1d445f580898a2b8c850f2e3f099368 Mon Sep 17 00:00:00 2001
+From: Corey Minyard <corey@minyard.net>
+Date: Tue, 27 Jan 2026 07:22:35 -0600
+Subject: ipmi: Fix use-after-free and list corruption on sender error
+
+From: Corey Minyard <corey@minyard.net>
+
+commit 594c11d0e1d445f580898a2b8c850f2e3f099368 upstream.
+
+The analysis from Breno:
+
+When the SMI sender returns an error, smi_work() delivers an error
+response but then jumps back to restart without cleaning up properly:
+
+1. intf->curr_msg is not cleared, so no new message is pulled
+2. newmsg still points to the message, causing sender() to be called
+ again with the same message
+3. If sender() fails again, deliver_err_response() is called with
+ the same recv_msg that was already queued for delivery
+
+This causes list_add corruption ("list_add double add") because the
+recv_msg is added to the user_msgs list twice. Subsequently, the
+corrupted list leads to use-after-free when the memory is freed and
+reused, and eventually a NULL pointer dereference when accessing
+recv_msg->done.
+
+The buggy sequence:
+
+ sender() fails
+ -> deliver_err_response(recv_msg) // recv_msg queued for delivery
+ -> goto restart // curr_msg not cleared!
+ sender() fails again (same message!)
+ -> deliver_err_response(recv_msg) // tries to queue same recv_msg
+ -> LIST CORRUPTION
+
+Fix this by freeing the message and setting it to NULL on a send error.
+Also, always free the newmsg on a send error, otherwise it will leak.
+
+Reported-by: Breno Leitao <leitao@debian.org>
+Closes: https://lore.kernel.org/lkml/20260127-ipmi-v1-0-ba5cc90f516f@debian.org/
+Fixes: 9cf93a8fa9513 ("ipmi: Allow an SMI sender to return an error")
+Cc: stable@vger.kernel.org # 4.18
+Reviewed-by: Breno Leitao <leitao@debian.org>
+Signed-off-by: Corey Minyard <corey@minyard.net>
+Signed-off-by: Breno Leitao <leitao@debian.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/char/ipmi/ipmi_msghandler.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+--- a/drivers/char/ipmi/ipmi_msghandler.c
++++ b/drivers/char/ipmi/ipmi_msghandler.c
+@@ -4852,8 +4852,15 @@ restart:
+ if (newmsg->recv_msg)
+ deliver_err_response(intf,
+ newmsg->recv_msg, cc);
+- else
+- ipmi_free_smi_msg(newmsg);
++ if (!run_to_completion)
++ spin_lock_irqsave(&intf->xmit_msgs_lock,
++ flags);
++ intf->curr_msg = NULL;
++ if (!run_to_completion)
++ spin_unlock_irqrestore(&intf->xmit_msgs_lock,
++ flags);
++ ipmi_free_smi_msg(newmsg);
++ newmsg = NULL;
+ goto restart;
+ }
+ }
--- /dev/null
+From 916727cfdb72cd01fef3fa6746e648f8cb70e713 Mon Sep 17 00:00:00 2001
+From: Mario Limonciello <mario.limonciello@amd.com>
+Date: Wed, 25 Feb 2026 15:06:46 -0600
+Subject: platform/x86: hp-bioscfg: Support allocations of larger data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Mario Limonciello <mario.limonciello@amd.com>
+
+commit 916727cfdb72cd01fef3fa6746e648f8cb70e713 upstream.
+
+Some systems have much larger amounts of enumeration attributes
+than have been previously encountered. This can lead to page allocation
+failures when using kcalloc(). Switch over to using kvcalloc() to
+allow larger allocations.
+
+Fixes: 6b2770bfd6f92 ("platform/x86: hp-bioscfg: enum-attributes")
+Cc: stable@vger.kernel.org
+Reported-by: Paul Kerry <p.kerry@sheffield.ac.uk>
+Tested-by: Paul Kerry <p.kerry@sheffield.ac.uk>
+Closes: https://bugs.debian.org/1127612
+Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
+Link: https://patch.msgid.link/20260225210646.59381-1-mario.limonciello@amd.com
+Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
+[ kcalloc() => kvcalloc() ]
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
++++ b/drivers/platform/x86/hp/hp-bioscfg/enum-attributes.c
+@@ -94,8 +94,11 @@ int hp_alloc_enumeration_data(void)
+ bioscfg_drv.enumeration_instances_count =
+ hp_get_instance_count(HP_WMI_BIOS_ENUMERATION_GUID);
+
+- bioscfg_drv.enumeration_data = kcalloc(bioscfg_drv.enumeration_instances_count,
+- sizeof(*bioscfg_drv.enumeration_data), GFP_KERNEL);
++ if (!bioscfg_drv.enumeration_instances_count)
++ return -EINVAL;
++ bioscfg_drv.enumeration_data = kvcalloc(bioscfg_drv.enumeration_instances_count,
++ sizeof(*bioscfg_drv.enumeration_data), GFP_KERNEL);
++
+ if (!bioscfg_drv.enumeration_data) {
+ bioscfg_drv.enumeration_instances_count = 0;
+ return -ENOMEM;
+@@ -444,6 +447,6 @@ void hp_exit_enumeration_attributes(void
+ }
+ bioscfg_drv.enumeration_instances_count = 0;
+
+- kfree(bioscfg_drv.enumeration_data);
++ kvfree(bioscfg_drv.enumeration_data);
+ bioscfg_drv.enumeration_data = NULL;
+ }
--- /dev/null
+From 3f23cf8602d22da4f75e11a6492ebd9458b233d5 Mon Sep 17 00:00:00 2001
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Date: Mon, 9 Mar 2026 14:30:49 +0100
+Subject: Revert "netfilter: nft_set_rbtree: validate open interval overlap"
+
+From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+This reverts commit 6db2be971e3d70c9e3f85d39eff7103c2ee2f579 which is
+commit 648946966a08e4cb1a71619e3d1b12bd7642de7b upstream.
+
+It is causing netfilter issues, so revert it for now.
+
+Link: https://lore.kernel.org/r/aaeEd8UqYQ33Af7_@chamomile
+Cc: Pablo Neira Ayuso <pablo@netfilter.org>
+Cc: Florian Westphal <fw@strlen.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/net/netfilter/nf_tables.h | 4 --
+ net/netfilter/nf_tables_api.c | 21 ++---------
+ net/netfilter/nft_set_rbtree.c | 71 +++++---------------------------------
+ 3 files changed, 14 insertions(+), 82 deletions(-)
+
+--- a/include/net/netfilter/nf_tables.h
++++ b/include/net/netfilter/nf_tables.h
+@@ -278,8 +278,6 @@ struct nft_userdata {
+ unsigned char data[];
+ };
+
+-#define NFT_SET_ELEM_INTERNAL_LAST 0x1
+-
+ /* placeholder structure for opaque set element backend representation. */
+ struct nft_elem_priv { };
+
+@@ -289,7 +287,6 @@ struct nft_elem_priv { };
+ * @key: element key
+ * @key_end: closing element key
+ * @data: element data
+- * @flags: flags
+ * @priv: element private data and extensions
+ */
+ struct nft_set_elem {
+@@ -305,7 +302,6 @@ struct nft_set_elem {
+ u32 buf[NFT_DATA_VALUE_MAXLEN / sizeof(u32)];
+ struct nft_data val;
+ } data;
+- u32 flags;
+ struct nft_elem_priv *priv;
+ };
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -7153,8 +7153,7 @@ static u32 nft_set_maxsize(const struct
+ }
+
+ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
+- const struct nlattr *attr, u32 nlmsg_flags,
+- bool last)
++ const struct nlattr *attr, u32 nlmsg_flags)
+ {
+ struct nft_expr *expr_array[NFT_SET_EXPR_MAX] = {};
+ struct nlattr *nla[NFTA_SET_ELEM_MAX + 1];
+@@ -7440,11 +7439,6 @@ static int nft_add_set_elem(struct nft_c
+ if (flags)
+ *nft_set_ext_flags(ext) = flags;
+
+- if (last)
+- elem.flags = NFT_SET_ELEM_INTERNAL_LAST;
+- else
+- elem.flags = 0;
+-
+ if (obj)
+ *nft_set_ext_obj(ext) = obj;
+
+@@ -7608,8 +7602,7 @@ static int nf_tables_newsetelem(struct s
+ nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
+
+ nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
+- err = nft_add_set_elem(&ctx, set, attr, info->nlh->nlmsg_flags,
+- nla_is_last(attr, rem));
++ err = nft_add_set_elem(&ctx, set, attr, info->nlh->nlmsg_flags);
+ if (err < 0) {
+ NL_SET_BAD_ATTR(extack, attr);
+ return err;
+@@ -7733,7 +7726,7 @@ static void nft_trans_elems_destroy_abor
+ }
+
+ static int nft_del_setelem(struct nft_ctx *ctx, struct nft_set *set,
+- const struct nlattr *attr, bool last)
++ const struct nlattr *attr)
+ {
+ struct nlattr *nla[NFTA_SET_ELEM_MAX + 1];
+ struct nft_set_ext_tmpl tmpl;
+@@ -7801,11 +7794,6 @@ static int nft_del_setelem(struct nft_ct
+ if (flags)
+ *nft_set_ext_flags(ext) = flags;
+
+- if (last)
+- elem.flags = NFT_SET_ELEM_INTERNAL_LAST;
+- else
+- elem.flags = 0;
+-
+ trans = nft_trans_elem_alloc(ctx, NFT_MSG_DELSETELEM, set);
+ if (trans == NULL)
+ goto fail_trans;
+@@ -7953,8 +7941,7 @@ static int nf_tables_delsetelem(struct s
+ return nft_set_flush(&ctx, set, genmask);
+
+ nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
+- err = nft_del_setelem(&ctx, set, attr,
+- nla_is_last(attr, rem));
++ err = nft_del_setelem(&ctx, set, attr);
+ if (err == -ENOENT &&
+ NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYSETELEM)
+ continue;
+--- a/net/netfilter/nft_set_rbtree.c
++++ b/net/netfilter/nft_set_rbtree.c
+@@ -304,19 +304,10 @@ static void nft_rbtree_set_start_cookie(
+ priv->start_rbe_cookie = (unsigned long)rbe;
+ }
+
+-static void nft_rbtree_set_start_cookie_open(struct nft_rbtree *priv,
+- const struct nft_rbtree_elem *rbe,
+- unsigned long open_interval)
+-{
+- priv->start_rbe_cookie = (unsigned long)rbe | open_interval;
+-}
+-
+-#define NFT_RBTREE_OPEN_INTERVAL 1UL
+-
+ static bool nft_rbtree_cmp_start_cookie(struct nft_rbtree *priv,
+ const struct nft_rbtree_elem *rbe)
+ {
+- return (priv->start_rbe_cookie & ~NFT_RBTREE_OPEN_INTERVAL) == (unsigned long)rbe;
++ return priv->start_rbe_cookie == (unsigned long)rbe;
+ }
+
+ static bool nft_rbtree_insert_same_interval(const struct net *net,
+@@ -346,14 +337,13 @@ static bool nft_rbtree_insert_same_inter
+
+ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set,
+ struct nft_rbtree_elem *new,
+- struct nft_elem_priv **elem_priv, u64 tstamp, bool last)
++ struct nft_elem_priv **elem_priv, u64 tstamp)
+ {
+ struct nft_rbtree_elem *rbe, *rbe_le = NULL, *rbe_ge = NULL, *rbe_prev;
+ struct rb_node *node, *next, *parent, **p, *first = NULL;
+ struct nft_rbtree *priv = nft_set_priv(set);
+ u8 cur_genmask = nft_genmask_cur(net);
+ u8 genmask = nft_genmask_next(net);
+- unsigned long open_interval = 0;
+ int d;
+
+ /* Descend the tree to search for an existing element greater than the
+@@ -459,18 +449,10 @@ static int __nft_rbtree_insert(const str
+ }
+ }
+
+- if (nft_rbtree_interval_null(set, new)) {
++ if (nft_rbtree_interval_null(set, new))
++ priv->start_rbe_cookie = 0;
++ else if (nft_rbtree_interval_start(new) && priv->start_rbe_cookie)
+ priv->start_rbe_cookie = 0;
+- } else if (nft_rbtree_interval_start(new) && priv->start_rbe_cookie) {
+- if (nft_set_is_anonymous(set)) {
+- priv->start_rbe_cookie = 0;
+- } else if (priv->start_rbe_cookie & NFT_RBTREE_OPEN_INTERVAL) {
+- /* Previous element is an open interval that partially
+- * overlaps with an existing non-open interval.
+- */
+- return -ENOTEMPTY;
+- }
+- }
+
+ /* - new start element matching existing start element: full overlap
+ * reported as -EEXIST, cleared by caller if NLM_F_EXCL is not given.
+@@ -478,27 +460,7 @@ static int __nft_rbtree_insert(const str
+ if (rbe_ge && !nft_rbtree_cmp(set, new, rbe_ge) &&
+ nft_rbtree_interval_start(rbe_ge) == nft_rbtree_interval_start(new)) {
+ *elem_priv = &rbe_ge->priv;
+-
+- /* - Corner case: new start element of open interval (which
+- * comes as last element in the batch) overlaps the start of
+- * an existing interval with an end element: partial overlap.
+- */
+- node = rb_first(&priv->root);
+- rbe = __nft_rbtree_next_active(node, genmask);
+- if (rbe && nft_rbtree_interval_end(rbe)) {
+- rbe = nft_rbtree_next_active(rbe, genmask);
+- if (rbe &&
+- nft_rbtree_interval_start(rbe) &&
+- !nft_rbtree_cmp(set, new, rbe)) {
+- if (last)
+- return -ENOTEMPTY;
+-
+- /* Maybe open interval? */
+- open_interval = NFT_RBTREE_OPEN_INTERVAL;
+- }
+- }
+- nft_rbtree_set_start_cookie_open(priv, rbe_ge, open_interval);
+-
++ nft_rbtree_set_start_cookie(priv, rbe_ge);
+ return -EEXIST;
+ }
+
+@@ -553,12 +515,6 @@ static int __nft_rbtree_insert(const str
+ nft_rbtree_interval_end(rbe_ge) && nft_rbtree_interval_end(new))
+ return -ENOTEMPTY;
+
+- /* - start element overlaps an open interval but end element is new:
+- * partial overlap, reported as -ENOEMPTY.
+- */
+- if (!rbe_ge && priv->start_rbe_cookie && nft_rbtree_interval_end(new))
+- return -ENOTEMPTY;
+-
+ /* Accepted element: pick insertion point depending on key value */
+ parent = NULL;
+ p = &priv->root.rb_node;
+@@ -668,7 +624,6 @@ static int nft_rbtree_insert(const struc
+ struct nft_elem_priv **elem_priv)
+ {
+ struct nft_rbtree_elem *rbe = nft_elem_priv_cast(elem->priv);
+- bool last = !!(elem->flags & NFT_SET_ELEM_INTERNAL_LAST);
+ struct nft_rbtree *priv = nft_set_priv(set);
+ u64 tstamp = nft_net_tstamp(net);
+ int err;
+@@ -685,12 +640,8 @@ static int nft_rbtree_insert(const struc
+ cond_resched();
+
+ write_lock_bh(&priv->lock);
+- err = __nft_rbtree_insert(net, set, rbe, elem_priv, tstamp, last);
++ err = __nft_rbtree_insert(net, set, rbe, elem_priv, tstamp);
+ write_unlock_bh(&priv->lock);
+-
+- if (nft_rbtree_interval_end(rbe))
+- priv->start_rbe_cookie = 0;
+-
+ } while (err == -EAGAIN);
+
+ return err;
+@@ -778,7 +729,6 @@ nft_rbtree_deactivate(const struct net *
+ const struct nft_set_elem *elem)
+ {
+ struct nft_rbtree_elem *rbe, *this = nft_elem_priv_cast(elem->priv);
+- bool last = !!(elem->flags & NFT_SET_ELEM_INTERNAL_LAST);
+ struct nft_rbtree *priv = nft_set_priv(set);
+ const struct rb_node *parent = priv->root.rb_node;
+ u8 genmask = nft_genmask_next(net);
+@@ -819,10 +769,9 @@ nft_rbtree_deactivate(const struct net *
+ continue;
+ }
+
+- if (nft_rbtree_interval_start(rbe)) {
+- if (!last)
+- nft_rbtree_set_start_cookie(priv, rbe);
+- } else if (!nft_rbtree_deactivate_same_interval(net, priv, rbe))
++ if (nft_rbtree_interval_start(rbe))
++ nft_rbtree_set_start_cookie(priv, rbe);
++ else if (!nft_rbtree_deactivate_same_interval(net, priv, rbe))
+ return NULL;
+
+ nft_rbtree_flush(net, set, &rbe->priv);
selftests-mptcp-join-check-removing-signal-subflow-endp.patch
kbuild-split-.modinfo-out-from-elf_details.patch
kbuild-leave-objtool-binary-around-with-make-clean.patch
+asoc-sdca-fix-missing-regmap-dependencies-in-kconfig.patch
+revert-netfilter-nft_set_rbtree-validate-open-interval-overlap.patch
+arm-clean-up-the-memset64-c-wrapper.patch
+platform-x86-hp-bioscfg-support-allocations-of-larger-data.patch
+bluetooth-fix-cis-host-feature-condition.patch
+ipmi-fix-use-after-free-and-list-corruption-on-sender-error.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
