--- /dev/null
+From a98cfe6ff15b62f94a44d565607a16771c847bc6 Mon Sep 17 00:00:00 2001
+From: Werner Sembach <wse@tuxedocomputers.com>
+Date: Tue, 10 Sep 2024 11:40:06 +0200
+Subject: ACPI: resource: Add another DMI match for the TongFang GMxXGxx
+
+From: Werner Sembach <wse@tuxedocomputers.com>
+
+commit a98cfe6ff15b62f94a44d565607a16771c847bc6 upstream.
+
+Internal documentation suggest that the TUXEDO Polaris 15 Gen5 AMD might
+have GMxXGxX as the board name instead of GMxXGxx.
+
+Adding both to be on the safe side.
+
+Signed-off-by: Werner Sembach <wse@tuxedocomputers.com>
+Cc: All applicable <stable@vger.kernel.org>
+Link: https://patch.msgid.link/20240910094008.1601230-1-wse@tuxedocomputers.com
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/acpi/resource.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/acpi/resource.c
++++ b/drivers/acpi/resource.c
+@@ -579,6 +579,12 @@ static const struct dmi_system_id irq1_e
+ },
+ },
+ {
++ /* TongFang GMxXGxX/TUXEDO Polaris 15 Gen5 AMD */
++ .matches = {
++ DMI_MATCH(DMI_BOARD_NAME, "GMxXGxX"),
++ },
++ },
++ {
+ /* TongFang GMxXGxx sold as Eluktronics Inc. RP-15 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Eluktronics Inc."),
--- /dev/null
+From b53f09ecd602d7b8b7da83b0890cbac500b6a9b9 Mon Sep 17 00:00:00 2001
+From: Li Chen <me@linux.beauty>
+Date: Sat, 3 Aug 2024 16:13:18 +0800
+Subject: ACPI: resource: Do IRQ override on MECHREV GM7XG0M
+
+From: Li Chen <me@linux.beauty>
+
+commit b53f09ecd602d7b8b7da83b0890cbac500b6a9b9 upstream.
+
+Listed device need the override for the keyboard to work.
+
+Fixes: 9946e39fe8d0 ("ACPI: resource: skip IRQ override on AMD Zen platforms")
+Cc: All applicable <stable@vger.kernel.org>
+Signed-off-by: Li Chen <me@linux.beauty>
+Link: https://patch.msgid.link/87y15e6n35.wl-me@linux.beauty
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/acpi/resource.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/acpi/resource.c
++++ b/drivers/acpi/resource.c
+@@ -555,6 +555,12 @@ static const struct dmi_system_id irq1_l
+ */
+ static const struct dmi_system_id irq1_edge_low_force_override[] = {
+ {
++ /* MECHREV Jiaolong17KS Series GM7XG0M */
++ .matches = {
++ DMI_MATCH(DMI_BOARD_NAME, "GM7XG0M"),
++ },
++ },
++ {
+ /* XMG APEX 17 (M23) */
+ .matches = {
+ DMI_MATCH(DMI_BOARD_NAME, "GMxBGxx"),
--- /dev/null
+From 4bb1e7d027413835b086aed35bc3f0713bc0f72b Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux@weissschuh.net>
+Date: Tue, 9 Jul 2024 22:37:24 +0200
+Subject: ACPI: sysfs: validate return type of _STR method
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Thomas Weißschuh <linux@weissschuh.net>
+
+commit 4bb1e7d027413835b086aed35bc3f0713bc0f72b upstream.
+
+Only buffer objects are valid return values of _STR.
+
+If something else is returned description_show() will access invalid
+memory.
+
+Fixes: d1efe3c324ea ("ACPI: Add new sysfs interface to export device description")
+Cc: All applicable <stable@vger.kernel.org>
+Signed-off-by: Thomas Weißschuh <linux@weissschuh.net>
+Link: https://patch.msgid.link/20240709-acpi-sysfs-groups-v2-1-058ab0667fa8@weissschuh.net
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/acpi/device_sysfs.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/acpi/device_sysfs.c
++++ b/drivers/acpi/device_sysfs.c
+@@ -540,8 +540,9 @@ int acpi_device_setup_files(struct acpi_
+ * If device has _STR, 'description' file is created
+ */
+ if (acpi_has_method(dev->handle, "_STR")) {
+- status = acpi_evaluate_object(dev->handle, "_STR",
+- NULL, &buffer);
++ status = acpi_evaluate_object_typed(dev->handle, "_STR",
++ NULL, &buffer,
++ ACPI_TYPE_BUFFER);
+ if (ACPI_FAILURE(status))
+ buffer.pointer = NULL;
+ dev->pnp.str_obj = buffer.pointer;
--- /dev/null
+From 77b0b98bb743f5d04d8f995ba1936e1143689d4a Mon Sep 17 00:00:00 2001
+From: Qu Wenruo <wqu@suse.com>
+Date: Fri, 30 Aug 2024 16:35:48 +0930
+Subject: btrfs: subpage: fix the bitmap dump which can cause bitmap corruption
+
+From: Qu Wenruo <wqu@suse.com>
+
+commit 77b0b98bb743f5d04d8f995ba1936e1143689d4a upstream.
+
+In commit 75258f20fb70 ("btrfs: subpage: dump extra subpage bitmaps for
+debug") an internal macro GET_SUBPAGE_BITMAP() is introduced to grab the
+bitmap of each attribute.
+
+But that commit is using bitmap_cut() which will do the left shift of
+the larger bitmap, causing incorrect values.
+
+Thankfully this bitmap_cut() is only called for debug usage, and so far
+it's not yet causing problem.
+
+Fix it to use bitmap_read() to only grab the desired sub-bitmap.
+
+Fixes: 75258f20fb70 ("btrfs: subpage: dump extra subpage bitmaps for debug")
+CC: stable@vger.kernel.org # 6.6+
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/subpage.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/subpage.c
++++ b/fs/btrfs/subpage.c
+@@ -766,8 +766,14 @@ void btrfs_folio_unlock_writer(struct bt
+ }
+
+ #define GET_SUBPAGE_BITMAP(subpage, subpage_info, name, dst) \
+- bitmap_cut(dst, subpage->bitmaps, 0, \
+- subpage_info->name##_offset, subpage_info->bitmap_nr_bits)
++{ \
++ const int bitmap_nr_bits = subpage_info->bitmap_nr_bits; \
++ \
++ ASSERT(bitmap_nr_bits < BITS_PER_LONG); \
++ *dst = bitmap_read(subpage->bitmaps, \
++ subpage_info->name##_offset, \
++ bitmap_nr_bits); \
++}
+
+ void __cold btrfs_subpage_dump_bitmap(const struct btrfs_fs_info *fs_info,
+ struct folio *folio, u64 start, u32 len)
--- /dev/null
+From 684d28feb8546d1e9597aa363c3bfcf52fe250b7 Mon Sep 17 00:00:00 2001
+From: Zhen Lei <thunder.leizhen@huawei.com>
+Date: Wed, 4 Sep 2024 21:39:40 +0800
+Subject: debugobjects: Fix conditions in fill_pool()
+
+From: Zhen Lei <thunder.leizhen@huawei.com>
+
+commit 684d28feb8546d1e9597aa363c3bfcf52fe250b7 upstream.
+
+fill_pool() uses 'obj_pool_min_free' to decide whether objects should be
+handed back to the kmem cache. But 'obj_pool_min_free' records the lowest
+historical value of the number of objects in the object pool and not the
+minimum number of objects which should be kept in the pool.
+
+Use 'debug_objects_pool_min_level' instead, which holds the minimum number
+which was scaled to the number of CPUs at boot time.
+
+[ tglx: Massage change log ]
+
+Fixes: d26bf5056fc0 ("debugobjects: Reduce number of pool_lock acquisitions in fill_pool()")
+Fixes: 36c4ead6f6df ("debugobjects: Add global free list and the counter")
+Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/all/20240904133944.2124-3-thunder.leizhen@huawei.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/debugobjects.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/lib/debugobjects.c
++++ b/lib/debugobjects.c
+@@ -142,13 +142,14 @@ static void fill_pool(void)
+ * READ_ONCE()s pair with the WRITE_ONCE()s in pool_lock critical
+ * sections.
+ */
+- while (READ_ONCE(obj_nr_tofree) && (READ_ONCE(obj_pool_free) < obj_pool_min_free)) {
++ while (READ_ONCE(obj_nr_tofree) &&
++ READ_ONCE(obj_pool_free) < debug_objects_pool_min_level) {
+ raw_spin_lock_irqsave(&pool_lock, flags);
+ /*
+ * Recheck with the lock held as the worker thread might have
+ * won the race and freed the global free list already.
+ */
+- while (obj_nr_tofree && (obj_pool_free < obj_pool_min_free)) {
++ while (obj_nr_tofree && (obj_pool_free < debug_objects_pool_min_level)) {
+ obj = hlist_entry(obj_to_free.first, typeof(*obj), node);
+ hlist_del(&obj->node);
+ WRITE_ONCE(obj_nr_tofree, obj_nr_tofree - 1);
--- /dev/null
+From a5e61b50c9f44c5edb6e134ede6fee8806ffafa9 Mon Sep 17 00:00:00 2001
+From: Mikhail Lobanov <m.lobanov@rosalinux.ru>
+Date: Mon, 9 Sep 2024 09:37:36 -0400
+Subject: drbd: Add NULL check for net_conf to prevent dereference in state validation
+
+From: Mikhail Lobanov <m.lobanov@rosalinux.ru>
+
+commit a5e61b50c9f44c5edb6e134ede6fee8806ffafa9 upstream.
+
+If the net_conf pointer is NULL and the code attempts to access its
+fields without a check, it will lead to a null pointer dereference.
+Add a NULL check before dereferencing the pointer.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: 44ed167da748 ("drbd: rcu_read_lock() and rcu_dereference() for tconn->net_conf")
+Cc: stable@vger.kernel.org
+Signed-off-by: Mikhail Lobanov <m.lobanov@rosalinux.ru>
+Link: https://lore.kernel.org/r/20240909133740.84297-1-m.lobanov@rosalinux.ru
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/drbd/drbd_state.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/block/drbd/drbd_state.c
++++ b/drivers/block/drbd/drbd_state.c
+@@ -876,7 +876,7 @@ is_valid_state(struct drbd_device *devic
+ ns.disk == D_OUTDATED)
+ rv = SS_CONNECTED_OUTDATES;
+
+- else if ((ns.conn == C_VERIFY_S || ns.conn == C_VERIFY_T) &&
++ else if (nc && (ns.conn == C_VERIFY_S || ns.conn == C_VERIFY_T) &&
+ (nc->verify_alg[0] == 0))
+ rv = SS_NO_VERIFY_ALG;
+
--- /dev/null
+From 2f02b5af3a4482b216e6a466edecf6ba8450fa45 Mon Sep 17 00:00:00 2001
+From: Qiu-ji Chen <chenqiuji666@gmail.com>
+Date: Fri, 13 Sep 2024 16:35:04 +0800
+Subject: drbd: Fix atomicity violation in drbd_uuid_set_bm()
+
+From: Qiu-ji Chen <chenqiuji666@gmail.com>
+
+commit 2f02b5af3a4482b216e6a466edecf6ba8450fa45 upstream.
+
+The violation of atomicity occurs when the drbd_uuid_set_bm function is
+executed simultaneously with modifying the value of
+device->ldev->md.uuid[UI_BITMAP]. Consider a scenario where, while
+device->ldev->md.uuid[UI_BITMAP] passes the validity check when its
+value is not zero, the value of device->ldev->md.uuid[UI_BITMAP] is
+written to zero. In this case, the check in drbd_uuid_set_bm might refer
+to the old value of device->ldev->md.uuid[UI_BITMAP] (before locking),
+which allows an invalid value to pass the validity check, resulting in
+inconsistency.
+
+To address this issue, it is recommended to include the data validity
+check within the locked section of the function. This modification
+ensures that the value of device->ldev->md.uuid[UI_BITMAP] does not
+change during the validation process, thereby maintaining its integrity.
+
+This possible bug is found by an experimental static analysis tool
+developed by our team. This tool analyzes the locking APIs to extract
+function pairs that can be concurrently executed, and then analyzes the
+instructions in the paired functions to identify possible concurrency
+bugs including data races and atomicity violations.
+
+Fixes: 9f2247bb9b75 ("drbd: Protect accesses to the uuid set with a spinlock")
+Cc: stable@vger.kernel.org
+Signed-off-by: Qiu-ji Chen <chenqiuji666@gmail.com>
+Reviewed-by: Philipp Reisner <philipp.reisner@linbit.com>
+Link: https://lore.kernel.org/r/20240913083504.10549-1-chenqiuji666@gmail.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/block/drbd/drbd_main.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/block/drbd/drbd_main.c
++++ b/drivers/block/drbd/drbd_main.c
+@@ -3399,10 +3399,12 @@ void drbd_uuid_new_current(struct drbd_d
+ void drbd_uuid_set_bm(struct drbd_device *device, u64 val) __must_hold(local)
+ {
+ unsigned long flags;
+- if (device->ldev->md.uuid[UI_BITMAP] == 0 && val == 0)
++ spin_lock_irqsave(&device->ldev->md.uuid_lock, flags);
++ if (device->ldev->md.uuid[UI_BITMAP] == 0 && val == 0) {
++ spin_unlock_irqrestore(&device->ldev->md.uuid_lock, flags);
+ return;
++ }
+
+- spin_lock_irqsave(&device->ldev->md.uuid_lock, flags);
+ if (val == 0) {
+ drbd_uuid_move_history(device);
+ device->ldev->md.uuid[UI_HISTORY_START] = device->ldev->md.uuid[UI_BITMAP];
--- /dev/null
+From 77d48d39e99170b528e4f2e9fc5d1d64cdedd386 Mon Sep 17 00:00:00 2001
+From: Ard Biesheuvel <ardb@kernel.org>
+Date: Thu, 12 Sep 2024 17:45:49 +0200
+Subject: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
+
+From: Ard Biesheuvel <ardb@kernel.org>
+
+commit 77d48d39e99170b528e4f2e9fc5d1d64cdedd386 upstream.
+
+The TPM event log table is a Linux specific construct, where the data
+produced by the GetEventLog() boot service is cached in memory, and
+passed on to the OS using an EFI configuration table.
+
+The use of EFI_LOADER_DATA here results in the region being left
+unreserved in the E820 memory map constructed by the EFI stub, and this
+is the memory description that is passed on to the incoming kernel by
+kexec, which is therefore unaware that the region should be reserved.
+
+Even though the utility of the TPM2 event log after a kexec is
+questionable, any corruption might send the parsing code off into the
+weeds and crash the kernel. So let's use EFI_ACPI_RECLAIM_MEMORY
+instead, which is always treated as reserved by the E820 conversion
+logic.
+
+Cc: <stable@vger.kernel.org>
+Reported-by: Breno Leitao <leitao@debian.org>
+Tested-by: Usama Arif <usamaarif642@gmail.com>
+Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
+Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/firmware/efi/libstub/tpm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/firmware/efi/libstub/tpm.c
++++ b/drivers/firmware/efi/libstub/tpm.c
+@@ -96,7 +96,7 @@ static void efi_retrieve_tcg2_eventlog(i
+ }
+
+ /* Allocate space for the logs and copy them. */
+- status = efi_bs_call(allocate_pool, EFI_LOADER_DATA,
++ status = efi_bs_call(allocate_pool, EFI_ACPI_RECLAIM_MEMORY,
+ sizeof(*log_tbl) + log_size, (void **)&log_tbl);
+
+ if (status != EFI_SUCCESS) {
--- /dev/null
+From ef493f4b122d6b14a6de111d1acac1eab1d673b0 Mon Sep 17 00:00:00 2001
+From: Kan Liang <kan.liang@linux.intel.com>
+Date: Mon, 9 Sep 2024 08:58:48 -0700
+Subject: perf/x86/intel: Allow to setup LBR for counting event for BPF
+
+From: Kan Liang <kan.liang@linux.intel.com>
+
+commit ef493f4b122d6b14a6de111d1acac1eab1d673b0 upstream.
+
+The BPF subsystem may capture LBR data on a counting event. However, the
+current implementation assumes that LBR can/should only be used with
+sampling events.
+
+For instance, retsnoop tool ([0]) makes an extensive use of this
+functionality and sets up perf event as follows:
+
+ struct perf_event_attr attr;
+
+ memset(&attr, 0, sizeof(attr));
+ attr.size = sizeof(attr);
+ attr.type = PERF_TYPE_HARDWARE;
+ attr.config = PERF_COUNT_HW_CPU_CYCLES;
+ attr.sample_type = PERF_SAMPLE_BRANCH_STACK;
+ attr.branch_sample_type = PERF_SAMPLE_BRANCH_KERNEL;
+
+To limit the LBR for a sampling event is to avoid unnecessary branch
+stack setup for a counting event in the sample read. Because LBR is only
+read in the sampling event's overflow.
+
+Although in most cases LBR is used in sampling, there is no HW limit to
+bind LBR to the sampling mode. Allow an LBR setup for a counting event
+unless in the sample read mode.
+
+Fixes: 85846b27072d ("perf/x86: Add PERF_X86_EVENT_NEEDS_BRANCH_STACK flag")
+Closes: https://lore.kernel.org/lkml/20240905180055.1221620-1-andrii@kernel.org/
+Reported-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
+Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Acked-by: Andrii Nakryiko <andrii@kernel.org>
+Tested-by: Andrii Nakryiko <andrii@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20240909155848.326640-1-kan.liang@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/events/intel/core.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/events/intel/core.c
++++ b/arch/x86/events/intel/core.c
+@@ -3912,8 +3912,12 @@ static int intel_pmu_hw_config(struct pe
+ x86_pmu.pebs_aliases(event);
+ }
+
+- if (needs_branch_stack(event) && is_sampling_event(event))
+- event->hw.flags |= PERF_X86_EVENT_NEEDS_BRANCH_STACK;
++ if (needs_branch_stack(event)) {
++ /* Avoid branch stack setup for counting events in SAMPLE READ */
++ if (is_sampling_event(event) ||
++ !(event->attr.sample_type & PERF_SAMPLE_READ))
++ event->hw.flags |= PERF_X86_EVENT_NEEDS_BRANCH_STACK;
++ }
+
+ if (branch_sample_counters(event)) {
+ struct perf_event *leader, *sibling;
--- /dev/null
+From d92792a4b26e50b96ab734cbe203d8a4c932a7a9 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Mon, 15 Jul 2024 19:07:00 +0300
+Subject: perf/x86/intel/pt: Fix sampling synchronization
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit d92792a4b26e50b96ab734cbe203d8a4c932a7a9 upstream.
+
+pt_event_snapshot_aux() uses pt->handle_nmi to determine if tracing
+needs to be stopped, however tracing can still be going because
+pt->handle_nmi is set to zero before tracing is stopped in pt_event_stop,
+whereas pt_event_snapshot_aux() requires that tracing must be stopped in
+order to copy a sample of trace from the buffer.
+
+Instead call pt_config_stop() always, which anyway checks config for
+RTIT_CTL_TRACEEN and does nothing if it is already clear.
+
+Note pt_event_snapshot_aux() can continue to use pt->handle_nmi to
+determine if the trace needs to be restarted afterwards.
+
+Fixes: 25e8920b301c ("perf/x86/intel/pt: Add sampling support")
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20240715160712.127117-2-adrian.hunter@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/events/intel/pt.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/arch/x86/events/intel/pt.c
++++ b/arch/x86/events/intel/pt.c
+@@ -1606,6 +1606,7 @@ static void pt_event_stop(struct perf_ev
+ * see comment in intel_pt_interrupt().
+ */
+ WRITE_ONCE(pt->handle_nmi, 0);
++ barrier();
+
+ pt_config_stop(event);
+
+@@ -1657,11 +1658,10 @@ static long pt_event_snapshot_aux(struct
+ return 0;
+
+ /*
+- * Here, handle_nmi tells us if the tracing is on
++ * There is no PT interrupt in this mode, so stop the trace and it will
++ * remain stopped while the buffer is copied.
+ */
+- if (READ_ONCE(pt->handle_nmi))
+- pt_config_stop(event);
+-
++ pt_config_stop(event);
+ pt_read_offset(buf);
+ pt_update_head(pt);
+
+@@ -1673,11 +1673,10 @@ static long pt_event_snapshot_aux(struct
+ ret = perf_output_copy_aux(&pt->handle, handle, from, to);
+
+ /*
+- * If the tracing was on when we turned up, restart it.
+- * Compiler barrier not needed as we couldn't have been
+- * preempted by anything that touches pt->handle_nmi.
++ * Here, handle_nmi tells us if the tracing was on.
++ * If the tracing was on, restart it.
+ */
+- if (pt->handle_nmi)
++ if (READ_ONCE(pt->handle_nmi))
+ pt_config_start(event);
+
+ return ret;
serial-qcom-geni-fix-false-console-tx-restart.patch
crypto-qcom-rng-fix-support-for-acpi-based-systems.patch
crypto-ccp-properly-unregister-dev-sev-on-sev-platform_status-failure.patch
+drbd-fix-atomicity-violation-in-drbd_uuid_set_bm.patch
+drbd-add-null-check-for-net_conf-to-prevent-dereference-in-state-validation.patch
+acpi-sysfs-validate-return-type-of-_str-method.patch
+acpi-resource-do-irq-override-on-mechrev-gm7xg0m.patch
+acpi-resource-add-another-dmi-match-for-the-tongfang-gmxxgxx.patch
+efistub-tpm-use-acpi-reclaim-memory-for-event-log-to-avoid-corruption.patch
+x86-entry-remove-unwanted-instrumentation-in-common_interrupt.patch
+perf-x86-intel-allow-to-setup-lbr-for-counting-event-for-bpf.patch
+perf-x86-intel-pt-fix-sampling-synchronization.patch
+btrfs-subpage-fix-the-bitmap-dump-which-can-cause-bitmap-corruption.patch
+wifi-mt76-mt7921-check-devm_kasprintf-returned-value.patch
+wifi-mt76-mt7915-check-devm_kasprintf-returned-value.patch
+wifi-mt76-mt7996-fix-null-pointer-dereference-in-mt7996_mcu_sta_bfer_he.patch
+wifi-mt76-mt7925-fix-a-potential-array-index-out-of-bounds-issue-for-clc.patch
+wifi-rtw88-8821cu-remove-vid-pid-0bda-c82c.patch
+wifi-rtw88-8822c-fix-reported-rx-band-width.patch
+wifi-rtw88-8703b-fix-reported-rx-band-width.patch
+wifi-mt76-mt7615-check-devm_kasprintf-returned-value.patch
+debugobjects-fix-conditions-in-fill_pool.patch
--- /dev/null
+From 5acdc432f832d810e0d638164c393b877291d9b4 Mon Sep 17 00:00:00 2001
+From: Ma Ke <make24@iscas.ac.cn>
+Date: Thu, 5 Sep 2024 09:47:53 +0800
+Subject: wifi: mt76: mt7615: check devm_kasprintf() returned value
+
+From: Ma Ke <make24@iscas.ac.cn>
+
+commit 5acdc432f832d810e0d638164c393b877291d9b4 upstream.
+
+devm_kasprintf() can return a NULL pointer on failure but this returned
+value is not checked. Fix this lack and check the returned value.
+
+Found by code review.
+
+Cc: stable@vger.kernel.org
+Fixes: 0bb4e9187ea4 ("mt76: mt7615: fix hwmon temp sensor mem use-after-free")
+Signed-off-by: Ma Ke <make24@iscas.ac.cn>
+Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
+Link: https://patch.msgid.link/20240905014753.353271-1-make24@iscas.ac.cn
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/wireless/mediatek/mt76/mt7615/init.c
++++ b/drivers/net/wireless/mediatek/mt76/mt7615/init.c
+@@ -56,6 +56,9 @@ int mt7615_thermal_init(struct mt7615_de
+
+ name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7615_%s",
+ wiphy_name(wiphy));
++ if (!name)
++ return -ENOMEM;
++
+ hwmon = devm_hwmon_device_register_with_groups(&wiphy->dev, name, dev,
+ mt7615_hwmon_groups);
+ return PTR_ERR_OR_ZERO(hwmon);
--- /dev/null
+From 267efeda8c55f30e0e7c5b7fd03dea4efec6916c Mon Sep 17 00:00:00 2001
+From: Ma Ke <make24@iscas.ac.cn>
+Date: Tue, 3 Sep 2024 09:49:55 +0800
+Subject: wifi: mt76: mt7915: check devm_kasprintf() returned value
+
+From: Ma Ke <make24@iscas.ac.cn>
+
+commit 267efeda8c55f30e0e7c5b7fd03dea4efec6916c upstream.
+
+devm_kasprintf() can return a NULL pointer on failure but this returned
+value is not checked. Fix this lack and check the returned value.
+
+Found by code review.
+
+Cc: stable@vger.kernel.org
+Fixes: 6ae39b7c7ed4 ("wifi: mt76: mt7921: Support temp sensor")
+Signed-off-by: Ma Ke <make24@iscas.ac.cn>
+Reviewed-by: Matthias Brugger <matthias.bgg@gmail.com>
+Link: https://patch.msgid.link/20240903014955.4145423-1-make24@iscas.ac.cn
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c
++++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c
+@@ -194,6 +194,8 @@ static int mt7915_thermal_init(struct mt
+
+ name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7915_%s",
+ wiphy_name(wiphy));
++ if (!name)
++ return -ENOMEM;
+
+ cdev = thermal_cooling_device_register(name, phy, &mt7915_thermal_ops);
+ if (!IS_ERR(cdev)) {
--- /dev/null
+From 1ccc9e476ce76e8577ba4fdbd1f63cb3e3499d38 Mon Sep 17 00:00:00 2001
+From: Ma Ke <make24@iscas.ac.cn>
+Date: Tue, 3 Sep 2024 09:44:55 +0800
+Subject: wifi: mt76: mt7921: Check devm_kasprintf() returned value
+
+From: Ma Ke <make24@iscas.ac.cn>
+
+commit 1ccc9e476ce76e8577ba4fdbd1f63cb3e3499d38 upstream.
+
+devm_kasprintf() can return a NULL pointer on failure but this returned
+value is not checked. Fix this lack and check the returned value.
+
+Found by code review.
+
+Cc: stable@vger.kernel.org
+Fixes: 6ae39b7c7ed4 ("wifi: mt76: mt7921: Support temp sensor")
+Signed-off-by: Ma Ke <make24@iscas.ac.cn>
+Reviwed-by: Matthias Brugger <matthias.bgg@gmail.com>
+Link: https://patch.msgid.link/20240903014455.4144536-1-make24@iscas.ac.cn
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/mediatek/mt76/mt7921/init.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/net/wireless/mediatek/mt76/mt7921/init.c
++++ b/drivers/net/wireless/mediatek/mt76/mt7921/init.c
+@@ -52,6 +52,8 @@ static int mt7921_thermal_init(struct mt
+
+ name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7921_%s",
+ wiphy_name(wiphy));
++ if (!name)
++ return -ENOMEM;
+
+ hwmon = devm_hwmon_device_register_with_groups(&wiphy->dev, name, phy,
+ mt7921_hwmon_groups);
--- /dev/null
+From 9679ca7326e52282cc923c4d71d81c999cb6cd55 Mon Sep 17 00:00:00 2001
+From: Ming Yen Hsieh <mingyen.hsieh@mediatek.com>
+Date: Mon, 19 Aug 2024 09:53:33 +0800
+Subject: wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc
+
+From: Ming Yen Hsieh <mingyen.hsieh@mediatek.com>
+
+commit 9679ca7326e52282cc923c4d71d81c999cb6cd55 upstream.
+
+Due to the lack of checks on the clc array, if the firmware supports
+more clc configuration, it will cause illegal memory access.
+
+Cc: stable@vger.kernel.org
+Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips")
+Signed-off-by: Ming Yen Hsieh <mingyen.hsieh@mediatek.com>
+Link: https://patch.msgid.link/20240819015334.14580-1-mingyen.hsieh@mediatek.com
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
++++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c
+@@ -613,6 +613,9 @@ static int mt7925_load_clc(struct mt792x
+ for (offset = 0; offset < len; offset += le32_to_cpu(clc->len)) {
+ clc = (const struct mt7925_clc *)(clc_base + offset);
+
++ if (clc->idx > ARRAY_SIZE(phy->clc))
++ break;
++
+ /* do not init buf again if chip reset triggered */
+ if (phy->clc[clc->idx])
+ continue;
--- /dev/null
+From f503ae90c7355e8506e68498fe84c1357894cd5b Mon Sep 17 00:00:00 2001
+From: Ma Ke <make24@iscas.ac.cn>
+Date: Tue, 13 Aug 2024 16:12:42 +0800
+Subject: wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he
+
+From: Ma Ke <make24@iscas.ac.cn>
+
+commit f503ae90c7355e8506e68498fe84c1357894cd5b upstream.
+
+Fix the NULL pointer dereference in mt7996_mcu_sta_bfer_he
+routine adding an sta interface to the mt7996 driver.
+
+Found by code review.
+
+Cc: stable@vger.kernel.org
+Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices")
+Signed-off-by: Ma Ke <make24@iscas.ac.cn>
+Link: https://patch.msgid.link/20240813081242.3991814-1-make24@iscas.ac.cn
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c
++++ b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c
+@@ -1544,6 +1544,9 @@ mt7996_mcu_sta_bfer_he(struct ieee80211_
+ u8 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map);
+ u8 snd_dim, sts;
+
++ if (!vc)
++ return;
++
+ bf->tx_mode = MT_PHY_TYPE_HE_SU;
+
+ mt7996_mcu_sta_sounding_rate(bf);
--- /dev/null
+From 0129e5ff2842450f1426e312b5e580c0814e0de3 Mon Sep 17 00:00:00 2001
+From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
+Date: Tue, 23 Jul 2024 22:32:59 +0300
+Subject: wifi: rtw88: 8703b: Fix reported RX band width
+
+From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
+
+commit 0129e5ff2842450f1426e312b5e580c0814e0de3 upstream.
+
+The definition of GET_RX_DESC_BW is incorrect. Fix it according to the
+GET_RX_STATUS_DESC_BW_8703B macro from the official driver.
+
+Tested only with RTL8812AU, which uses the same bits.
+
+Cc: stable@vger.kernel.org
+Fixes: 9bb762b3a957 ("wifi: rtw88: Add definitions for 8703b chip")
+Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
+Tested-by: Fiona Klute <fiona.klute@gmx.de>
+Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
+Link: https://patch.msgid.link/1cfed9d5-4304-4b96-84c5-c347f59fedb9@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/realtek/rtw88/rx.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/realtek/rtw88/rx.h b/drivers/net/wireless/realtek/rtw88/rx.h
+index d3668c4efc24..8a072dd3d73c 100644
+--- a/drivers/net/wireless/realtek/rtw88/rx.h
++++ b/drivers/net/wireless/realtek/rtw88/rx.h
+@@ -41,7 +41,7 @@ enum rtw_rx_desc_enc {
+ #define GET_RX_DESC_TSFL(rxdesc) \
+ le32_get_bits(*((__le32 *)(rxdesc) + 0x05), GENMASK(31, 0))
+ #define GET_RX_DESC_BW(rxdesc) \
+- (le32_get_bits(*((__le32 *)(rxdesc) + 0x04), GENMASK(31, 24)))
++ (le32_get_bits(*((__le32 *)(rxdesc) + 0x04), GENMASK(5, 4)))
+
+ void rtw_rx_stats(struct rtw_dev *rtwdev, struct ieee80211_vif *vif,
+ struct sk_buff *skb);
+--
+2.46.2
+
--- /dev/null
+From 0af8cd2822f31ed8363223329e5cff2a7ed01961 Mon Sep 17 00:00:00 2001
+From: Nick Morrow <morrownr@gmail.com>
+Date: Thu, 11 Jul 2024 01:14:23 +0300
+Subject: wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c
+
+From: Nick Morrow <morrownr@gmail.com>
+
+commit 0af8cd2822f31ed8363223329e5cff2a7ed01961 upstream.
+
+Remove VID/PID 0bda:c82c as it was inadvertently added to the device
+list in driver rtw8821cu. This VID/PID is for the rtw8822cu device
+and it is already in the appropriate place for that device.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Nick Morrow <morrownr@gmail.com>
+Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
+Acked-by: Ping-Ke Shih <pkshih@realtek.com>
+Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
+Link: https://patch.msgid.link/335d7fa1-0ba5-4b86-bba5-f98834ace1f8@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/drivers/net/wireless/realtek/rtw88/rtw8821cu.c
++++ b/drivers/net/wireless/realtek/rtw88/rtw8821cu.c
+@@ -31,8 +31,6 @@ static const struct usb_device_id rtw_88
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc82b, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+- { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc82c, 0xff, 0xff, 0xff),
+- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x331d, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* D-Link */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x7392, 0xc811, 0xff, 0xff, 0xff),
--- /dev/null
+From a71ed5898dfae68262f79277915d1dfe34586bc6 Mon Sep 17 00:00:00 2001
+From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
+Date: Tue, 23 Jul 2024 22:31:36 +0300
+Subject: wifi: rtw88: 8822c: Fix reported RX band width
+
+From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
+
+commit a71ed5898dfae68262f79277915d1dfe34586bc6 upstream.
+
+"iw dev wlp2s0 station dump" shows incorrect rx bitrate:
+
+tx bitrate: 866.7 MBit/s VHT-MCS 9 80MHz short GI VHT-NSS 2
+rx bitrate: 86.7 MBit/s VHT-MCS 9 VHT-NSS 1
+
+This is because the RX band width is calculated incorrectly. Fix the
+calculation according to the phydm_rxsc_2_bw() function from the
+official drivers.
+
+After:
+
+tx bitrate: 866.7 MBit/s VHT-MCS 9 80MHz short GI VHT-NSS 2
+rx bitrate: 390.0 MBit/s VHT-MCS 9 80MHz VHT-NSS 1
+
+It also works correctly with the AP configured for 20 MHz and 40 MHz.
+
+Tested with RTL8822CE.
+
+Cc: stable@vger.kernel.org
+Fixes: e3037485c68e ("rtw88: new Realtek 802.11ac driver")
+Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
+Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
+Link: https://patch.msgid.link/bca8949b-e2bd-4515-98fd-70d3049a0097@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/realtek/rtw88/rtw8822c.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/wireless/realtek/rtw88/rtw8822c.c
++++ b/drivers/net/wireless/realtek/rtw88/rtw8822c.c
+@@ -2611,12 +2611,14 @@ static void query_phy_status_page1(struc
+ else
+ rxsc = GET_PHY_STAT_P1_HT_RXSC(phy_status);
+
+- if (rxsc >= 9 && rxsc <= 12)
++ if (rxsc == 0)
++ bw = rtwdev->hal.current_band_width;
++ else if (rxsc >= 1 && rxsc <= 8)
++ bw = RTW_CHANNEL_WIDTH_20;
++ else if (rxsc >= 9 && rxsc <= 12)
+ bw = RTW_CHANNEL_WIDTH_40;
+- else if (rxsc >= 13)
+- bw = RTW_CHANNEL_WIDTH_80;
+ else
+- bw = RTW_CHANNEL_WIDTH_20;
++ bw = RTW_CHANNEL_WIDTH_80;
+
+ channel = GET_PHY_STAT_P1_CHANNEL(phy_status);
+ rtw_set_rx_freq_band(pkt_stat, channel);
--- /dev/null
+From 477d81a1c47a1b79b9c08fc92b5dea3c5143800b Mon Sep 17 00:00:00 2001
+From: Dmitry Vyukov <dvyukov@google.com>
+Date: Tue, 11 Jun 2024 09:50:30 +0200
+Subject: x86/entry: Remove unwanted instrumentation in common_interrupt()
+
+From: Dmitry Vyukov <dvyukov@google.com>
+
+commit 477d81a1c47a1b79b9c08fc92b5dea3c5143800b upstream.
+
+common_interrupt() and related variants call kvm_set_cpu_l1tf_flush_l1d(),
+which is neither marked noinstr nor __always_inline.
+
+So compiler puts it out of line and adds instrumentation to it. Since the
+call is inside of instrumentation_begin/end(), objtool does not warn about
+it.
+
+The manifestation is that KCOV produces spurious coverage in
+kvm_set_cpu_l1tf_flush_l1d() in random places because the call happens when
+preempt count is not yet updated to say that the kernel is in an interrupt.
+
+Mark kvm_set_cpu_l1tf_flush_l1d() as __always_inline and move it out of the
+instrumentation_begin/end() section. It only calls __this_cpu_write()
+which is already safe to call in noinstr contexts.
+
+Fixes: 6368558c3710 ("x86/entry: Provide IDTENTRY_SYSVEC")
+Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Alexander Potapenko <glider@google.com>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/all/3f9a1de9e415fcb53d07dc9e19fa8481bb021b1b.1718092070.git.dvyukov@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/hardirq.h | 8 ++++++--
+ arch/x86/include/asm/idtentry.h | 6 +++---
+ 2 files changed, 9 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/include/asm/hardirq.h
++++ b/arch/x86/include/asm/hardirq.h
+@@ -69,7 +69,11 @@ extern u64 arch_irq_stat(void);
+ #define local_softirq_pending_ref pcpu_hot.softirq_pending
+
+ #if IS_ENABLED(CONFIG_KVM_INTEL)
+-static inline void kvm_set_cpu_l1tf_flush_l1d(void)
++/*
++ * This function is called from noinstr interrupt contexts
++ * and must be inlined to not get instrumentation.
++ */
++static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void)
+ {
+ __this_cpu_write(irq_stat.kvm_cpu_l1tf_flush_l1d, 1);
+ }
+@@ -84,7 +88,7 @@ static __always_inline bool kvm_get_cpu_
+ return __this_cpu_read(irq_stat.kvm_cpu_l1tf_flush_l1d);
+ }
+ #else /* !IS_ENABLED(CONFIG_KVM_INTEL) */
+-static inline void kvm_set_cpu_l1tf_flush_l1d(void) { }
++static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { }
+ #endif /* IS_ENABLED(CONFIG_KVM_INTEL) */
+
+ #endif /* _ASM_X86_HARDIRQ_H */
+--- a/arch/x86/include/asm/idtentry.h
++++ b/arch/x86/include/asm/idtentry.h
+@@ -212,8 +212,8 @@ __visible noinstr void func(struct pt_re
+ irqentry_state_t state = irqentry_enter(regs); \
+ u32 vector = (u32)(u8)error_code; \
+ \
++ kvm_set_cpu_l1tf_flush_l1d(); \
+ instrumentation_begin(); \
+- kvm_set_cpu_l1tf_flush_l1d(); \
+ run_irq_on_irqstack_cond(__##func, regs, vector); \
+ instrumentation_end(); \
+ irqentry_exit(regs, state); \
+@@ -250,7 +250,6 @@ static void __##func(struct pt_regs *reg
+ \
+ static __always_inline void instr_##func(struct pt_regs *regs) \
+ { \
+- kvm_set_cpu_l1tf_flush_l1d(); \
+ run_sysvec_on_irqstack_cond(__##func, regs); \
+ } \
+ \
+@@ -258,6 +257,7 @@ __visible noinstr void func(struct pt_re
+ { \
+ irqentry_state_t state = irqentry_enter(regs); \
+ \
++ kvm_set_cpu_l1tf_flush_l1d(); \
+ instrumentation_begin(); \
+ instr_##func (regs); \
+ instrumentation_end(); \
+@@ -288,7 +288,6 @@ static __always_inline void __##func(str
+ static __always_inline void instr_##func(struct pt_regs *regs) \
+ { \
+ __irq_enter_raw(); \
+- kvm_set_cpu_l1tf_flush_l1d(); \
+ __##func (regs); \
+ __irq_exit_raw(); \
+ } \
+@@ -297,6 +296,7 @@ __visible noinstr void func(struct pt_re
+ { \
+ irqentry_state_t state = irqentry_enter(regs); \
+ \
++ kvm_set_cpu_l1tf_flush_l1d(); \
+ instrumentation_begin(); \
+ instr_##func (regs); \
+ instrumentation_end(); \
projects / thirdparty / kernel / stable-queue.git / commitdiff
