--- /dev/null
+From 3d5c2f8e75a55cfb11a85086c71996af0354a1fb Mon Sep 17 00:00:00 2001
+From: Jacky Bai <ping.bai@nxp.com>
+Date: Thu, 25 Jul 2024 15:33:55 -0400
+Subject: clocksource/drivers/imx-tpm: Fix next event not taking effect sometime
+
+From: Jacky Bai <ping.bai@nxp.com>
+
+commit 3d5c2f8e75a55cfb11a85086c71996af0354a1fb upstream.
+
+The value written into the TPM CnV can only be updated into the hardware
+when the counter increases. Additional writes to the CnV write buffer are
+ignored until the register has been updated. Therefore, we need to check
+if the CnV has been updated before continuing. This may require waiting for
+1 counter cycle in the worst case.
+
+Cc: stable@vger.kernel.org
+Fixes: 059ab7b82eec ("clocksource/drivers/imx-tpm: Add imx tpm timer support")
+Signed-off-by: Jacky Bai <ping.bai@nxp.com>
+Reviewed-by: Peng Fan <peng.fan@nxp.com>
+Reviewed-by: Ye Li <ye.li@nxp.com>
+Reviewed-by: Jason Liu <jason.hui.liu@nxp.com>
+Signed-off-by: Frank Li <Frank.Li@nxp.com>
+Link: https://lore.kernel.org/r/20240725193355.1436005-2-Frank.Li@nxp.com
+Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clocksource/timer-imx-tpm.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/clocksource/timer-imx-tpm.c
++++ b/drivers/clocksource/timer-imx-tpm.c
+@@ -104,6 +104,14 @@ static int tpm_set_next_event(unsigned l
+ now = tpm_read_counter();
+
+ /*
++ * Need to wait CNT increase at least 1 cycle to make sure
++ * the C0V has been updated into HW.
++ */
++ if ((next & 0xffffffff) != readl(timer_base + TPM_C0V))
++ while (now == tpm_read_counter())
++ ;
++
++ /*
+ * NOTE: We observed in a very small probability, the bus fabric
+ * contention between GPU and A7 may results a few cycles delay
+ * of writing CNT registers which may cause the min_delta event got
--- /dev/null
+From 5b8843fcd49827813da80c0f590a17ae4ce93c5d Mon Sep 17 00:00:00 2001
+From: Jacky Bai <ping.bai@nxp.com>
+Date: Thu, 25 Jul 2024 15:33:54 -0400
+Subject: clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX
+
+From: Jacky Bai <ping.bai@nxp.com>
+
+commit 5b8843fcd49827813da80c0f590a17ae4ce93c5d upstream.
+
+In tpm_set_next_event(delta), return -ETIME by wrong cast to int when delta
+is larger than INT_MAX.
+
+For example:
+
+tpm_set_next_event(delta = 0xffff_fffe)
+{
+ ...
+ next = tpm_read_counter(); // assume next is 0x10
+ next += delta; // next will 0xffff_fffe + 0x10 = 0x1_0000_000e
+ now = tpm_read_counter(); // now is 0x10
+ ...
+
+ return (int)(next - now) <= 0 ? -ETIME : 0;
+ ^^^^^^^^^^
+ 0x1_0000_000e - 0x10 = 0xffff_fffe, which is -2 when
+ cast to int. So return -ETIME.
+}
+
+To fix this, introduce a 'prev' variable and check if 'now - prev' is
+larger than delta.
+
+Cc: stable@vger.kernel.org
+Fixes: 059ab7b82eec ("clocksource/drivers/imx-tpm: Add imx tpm timer support")
+Signed-off-by: Jacky Bai <ping.bai@nxp.com>
+Reviewed-by: Peng Fan <peng.fan@nxp.com>
+Reviewed-by: Ye Li <ye.li@nxp.com>
+Reviewed-by: Jason Liu <jason.hui.liu@nxp.com>
+Signed-off-by: Frank Li <Frank.Li@nxp.com>
+Link: https://lore.kernel.org/r/20240725193355.1436005-1-Frank.Li@nxp.com
+Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/clocksource/timer-imx-tpm.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/clocksource/timer-imx-tpm.c
++++ b/drivers/clocksource/timer-imx-tpm.c
+@@ -96,10 +96,10 @@ static int __init tpm_clocksource_init(u
+ static int tpm_set_next_event(unsigned long delta,
+ struct clock_event_device *evt)
+ {
+- unsigned long next, now;
++ unsigned long next, prev, now;
+
+- next = tpm_read_counter();
+- next += delta;
++ prev = tpm_read_counter();
++ next = prev + delta;
+ writel(next, timer_base + TPM_C0V);
+ now = tpm_read_counter();
+
+@@ -109,7 +109,7 @@ static int tpm_set_next_event(unsigned l
+ * of writing CNT registers which may cause the min_delta event got
+ * missed, so we need add a ETIME check here in case it happened.
+ */
+- return (int)(next - now) <= 0 ? -ETIME : 0;
++ return (now - prev) >= delta ? -ETIME : 0;
+ }
+
+ static int tpm_set_state_oneshot(struct clock_event_device *evt)
--- /dev/null
+From 6fd28941447bf2c8ca0f26fda612a1cabc41663f Mon Sep 17 00:00:00 2001
+From: Naman Jain <namjain@linux.microsoft.com>
+Date: Thu, 29 Aug 2024 12:43:12 +0530
+Subject: Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
+
+From: Naman Jain <namjain@linux.microsoft.com>
+
+commit 6fd28941447bf2c8ca0f26fda612a1cabc41663f upstream.
+
+Rescind offer handling relies on rescind callbacks for some of the
+resources cleanup, if they are registered. It does not unregister
+vmbus device for the primary channel closure, when callback is
+registered. Without it, next onoffer does not come, rescind flag
+remains set and device goes to unusable state.
+
+Add logic to unregister vmbus for the primary channel in rescind callback
+to ensure channel removal and relid release, and to ensure that next
+onoffer can be received and handled properly.
+
+Cc: stable@vger.kernel.org
+Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support")
+Signed-off-by: Naman Jain <namjain@linux.microsoft.com>
+Reviewed-by: Saurabh Sengar <ssengar@linux.microsoft.com>
+Link: https://lore.kernel.org/r/20240829071312.1595-3-namjain@linux.microsoft.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hv/vmbus_drv.c | 1 +
+ drivers/uio/uio_hv_generic.c | 8 ++++++++
+ 2 files changed, 9 insertions(+)
+
+--- a/drivers/hv/vmbus_drv.c
++++ b/drivers/hv/vmbus_drv.c
+@@ -1973,6 +1973,7 @@ acpi_walk_err:
+ vmbus_acpi_remove(device);
+ return ret_val;
+ }
++EXPORT_SYMBOL_GPL(vmbus_device_unregister);
+
+ static const struct acpi_device_id vmbus_acpi_device_ids[] = {
+ {"VMBUS", 0},
+--- a/drivers/uio/uio_hv_generic.c
++++ b/drivers/uio/uio_hv_generic.c
+@@ -119,6 +119,14 @@ static void hv_uio_rescind(struct vmbus_
+
+ /* Wake up reader */
+ uio_event_notify(&pdata->info);
++
++ /*
++ * With rescind callback registered, rescind path will not unregister the device
++ * from vmbus when the primary channel is rescinded.
++ * Without it, rescind handling is incomplete and next onoffer msg does not come.
++ * Unregister the device from vmbus here.
++ */
++ vmbus_device_unregister(channel->device_obj);
+ }
+
+ /* Sysfs API to allow mmap of the ring buffers
--- /dev/null
+From 84c65d8008764a8fb4e627ff02de01ec4245f2c4 Mon Sep 17 00:00:00 2001
+From: David Lechner <dlechner@baylibre.com>
+Date: Tue, 23 Jul 2024 11:32:21 -0500
+Subject: iio: buffer-dmaengine: fix releasing dma channel on error
+
+From: David Lechner <dlechner@baylibre.com>
+
+commit 84c65d8008764a8fb4e627ff02de01ec4245f2c4 upstream.
+
+If dma_get_slave_caps() fails, we need to release the dma channel before
+returning an error to avoid leaking the channel.
+
+Fixes: 2d6ca60f3284 ("iio: Add a DMAengine framework based buffer")
+Signed-off-by: David Lechner <dlechner@baylibre.com>
+Link: https://patch.msgid.link/20240723-iio-fix-dmaengine-free-on-error-v1-1-2c7cbc9b92ff@baylibre.com
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iio/buffer/industrialio-buffer-dmaengine.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/iio/buffer/industrialio-buffer-dmaengine.c
++++ b/drivers/iio/buffer/industrialio-buffer-dmaengine.c
+@@ -159,7 +159,7 @@ struct iio_buffer *iio_dmaengine_buffer_
+
+ ret = dma_get_slave_caps(chan, &caps);
+ if (ret < 0)
+- goto err_free;
++ goto err_release;
+
+ /* Needs to be aligned to the maximum of the minimums */
+ if (caps.src_addr_widths)
+@@ -184,6 +184,8 @@ struct iio_buffer *iio_dmaengine_buffer_
+
+ return &dmaengine_buffer->queue.buffer;
+
++err_release:
++ dma_release_channel(chan);
+ err_free:
+ kfree(dmaengine_buffer);
+ return ERR_PTR(ret);
--- /dev/null
+From 8a3dcc970dc57b358c8db2702447bf0af4e0d83a Mon Sep 17 00:00:00 2001
+From: Matteo Martelli <matteomartelli3@gmail.com>
+Date: Tue, 30 Jul 2024 10:11:53 +0200
+Subject: iio: fix scale application in iio_convert_raw_to_processed_unlocked
+
+From: Matteo Martelli <matteomartelli3@gmail.com>
+
+commit 8a3dcc970dc57b358c8db2702447bf0af4e0d83a upstream.
+
+When the scale_type is IIO_VAL_INT_PLUS_MICRO or IIO_VAL_INT_PLUS_NANO
+the scale passed as argument is only applied to the fractional part of
+the value. Fix it by also multiplying the integer part by the scale
+provided.
+
+Fixes: 48e44ce0f881 ("iio:inkern: Add function to read the processed value")
+Signed-off-by: Matteo Martelli <matteomartelli3@gmail.com>
+Link: https://patch.msgid.link/20240730-iio-fix-scale-v1-1-6246638c8daa@gmail.com
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iio/inkern.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/iio/inkern.c
++++ b/drivers/iio/inkern.c
+@@ -640,17 +640,17 @@ static int iio_convert_raw_to_processed_
+ break;
+ case IIO_VAL_INT_PLUS_MICRO:
+ if (scale_val2 < 0)
+- *processed = -raw64 * scale_val;
++ *processed = -raw64 * scale_val * scale;
+ else
+- *processed = raw64 * scale_val;
++ *processed = raw64 * scale_val * scale;
+ *processed += div_s64(raw64 * (s64)scale_val2 * scale,
+ 1000000LL);
+ break;
+ case IIO_VAL_INT_PLUS_NANO:
+ if (scale_val2 < 0)
+- *processed = -raw64 * scale_val;
++ *processed = -raw64 * scale_val * scale;
+ else
+- *processed = raw64 * scale_val;
++ *processed = raw64 * scale_val * scale;
+ *processed += div_s64(raw64 * (s64)scale_val2 * scale,
+ 1000000000LL);
+ break;
--- /dev/null
+From c69f37f6559a8948d70badd2b179db7714dedd62 Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+Date: Mon, 2 Sep 2024 15:25:09 +0100
+Subject: nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
+
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+
+commit c69f37f6559a8948d70badd2b179db7714dedd62 upstream.
+
+devm_nvmem_device_get() returns an nvmem device, not an nvmem cell.
+
+Fixes: e2a5402ec7c6d044 ("nvmem: Add nvmem_device based consumer apis.")
+Cc: stable <stable@kernel.org>
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
+Link: https://lore.kernel.org/r/20240902142510.71096-3-srinivas.kandagatla@linaro.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/nvmem/core.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/nvmem/core.c
++++ b/drivers/nvmem/core.c
+@@ -794,13 +794,13 @@ void nvmem_device_put(struct nvmem_devic
+ EXPORT_SYMBOL_GPL(nvmem_device_put);
+
+ /**
+- * devm_nvmem_device_get() - Get nvmem cell of device form a given id
++ * devm_nvmem_device_get() - Get nvmem device of device form a given id
+ *
+ * @dev: Device that requests the nvmem device.
+ * @id: name id for the requested nvmem device.
+ *
+- * Return: ERR_PTR() on error or a valid pointer to a struct nvmem_cell
+- * on success. The nvmem_cell will be freed by the automatically once the
++ * Return: ERR_PTR() on error or a valid pointer to a struct nvmem_device
++ * on success. The nvmem_device will be freed by the automatically once the
+ * device is freed.
+ */
+ struct nvmem_device *devm_nvmem_device_get(struct device *dev, const char *id)
squashfs-sanity-check-symbolic-link-size.patch
of-irq-prevent-device-address-out-of-bounds-read-in-.patch
ata-pata_macio-use-warn-instead-of-bug.patch
+iio-buffer-dmaengine-fix-releasing-dma-channel-on-error.patch
+iio-fix-scale-application-in-iio_convert_raw_to_processed_unlocked.patch
+nvmem-fix-return-type-of-devm_nvmem_device_get-in-kerneldoc.patch
+uio_hv_generic-fix-kernel-null-pointer-dereference-in-hv_uio_rescind.patch
+drivers-hv-vmbus-fix-rescind-handling-in-uio_hv_generic.patch
+vmci-fix-use-after-free-when-removing-resource-in-vmci_resource_remove.patch
+clocksource-drivers-imx-tpm-fix-return-etime-when-delta-exceeds-int_max.patch
+clocksource-drivers-imx-tpm-fix-next-event-not-taking-effect-sometime.patch
+uprobes-use-kzalloc-to-allocate-xol-area.patch
--- /dev/null
+From fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e Mon Sep 17 00:00:00 2001
+From: Saurabh Sengar <ssengar@linux.microsoft.com>
+Date: Thu, 29 Aug 2024 12:43:11 +0530
+Subject: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
+
+From: Saurabh Sengar <ssengar@linux.microsoft.com>
+
+commit fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e upstream.
+
+For primary VM Bus channels, primary_channel pointer is always NULL. This
+pointer is valid only for the secondary channels. Also, rescind callback
+is meant for primary channels only.
+
+Fix NULL pointer dereference by retrieving the device_obj from the parent
+for the primary channel.
+
+Cc: stable@vger.kernel.org
+Fixes: ca3cda6fcf1e ("uio_hv_generic: add rescind support")
+Signed-off-by: Saurabh Sengar <ssengar@linux.microsoft.com>
+Signed-off-by: Naman Jain <namjain@linux.microsoft.com>
+Link: https://lore.kernel.org/r/20240829071312.1595-2-namjain@linux.microsoft.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/uio/uio_hv_generic.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/uio/uio_hv_generic.c
++++ b/drivers/uio/uio_hv_generic.c
+@@ -104,10 +104,11 @@ static void hv_uio_channel_cb(void *cont
+
+ /*
+ * Callback from vmbus_event when channel is rescinded.
++ * It is meant for rescind of primary channels only.
+ */
+ static void hv_uio_rescind(struct vmbus_channel *channel)
+ {
+- struct hv_device *hv_dev = channel->primary_channel->device_obj;
++ struct hv_device *hv_dev = channel->device_obj;
+ struct hv_uio_private_data *pdata = hv_get_drvdata(hv_dev);
+
+ /*
--- /dev/null
+From e240b0fde52f33670d1336697c22d90a4fe33c84 Mon Sep 17 00:00:00 2001
+From: Sven Schnelle <svens@linux.ibm.com>
+Date: Tue, 3 Sep 2024 12:23:12 +0200
+Subject: uprobes: Use kzalloc to allocate xol area
+
+From: Sven Schnelle <svens@linux.ibm.com>
+
+commit e240b0fde52f33670d1336697c22d90a4fe33c84 upstream.
+
+To prevent unitialized members, use kzalloc to allocate
+the xol area.
+
+Fixes: b059a453b1cf1 ("x86/vdso: Add mremap hook to vm_special_mapping")
+Signed-off-by: Sven Schnelle <svens@linux.ibm.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Acked-by: Oleg Nesterov <oleg@redhat.com>
+Link: https://lore.kernel.org/r/20240903102313.3402529-1-svens@linux.ibm.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/events/uprobes.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/kernel/events/uprobes.c
++++ b/kernel/events/uprobes.c
+@@ -1187,7 +1187,7 @@ static struct xol_area *__create_xol_are
+ uprobe_opcode_t insn = UPROBE_SWBP_INSN;
+ struct xol_area *area;
+
+- area = kmalloc(sizeof(*area), GFP_KERNEL);
++ area = kzalloc(sizeof(*area), GFP_KERNEL);
+ if (unlikely(!area))
+ goto out;
+
+@@ -1197,7 +1197,6 @@ static struct xol_area *__create_xol_are
+ goto free_area;
+
+ area->xol_mapping.name = "[uprobes]";
+- area->xol_mapping.fault = NULL;
+ area->xol_mapping.pages = area->pages;
+ area->pages[0] = alloc_page(GFP_HIGHUSER);
+ if (!area->pages[0])
--- /dev/null
+From 48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 Mon Sep 17 00:00:00 2001
+From: David Fernandez Gonzalez <david.fernandez.gonzalez@oracle.com>
+Date: Wed, 28 Aug 2024 15:43:37 +0000
+Subject: VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
+
+From: David Fernandez Gonzalez <david.fernandez.gonzalez@oracle.com>
+
+commit 48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7 upstream.
+
+When removing a resource from vmci_resource_table in
+vmci_resource_remove(), the search is performed using the resource
+handle by comparing context and resource fields.
+
+It is possible though to create two resources with different types
+but same handle (same context and resource fields).
+
+When trying to remove one of the resources, vmci_resource_remove()
+may not remove the intended one, but the object will still be freed
+as in the case of the datagram type in vmci_datagram_destroy_handle().
+vmci_resource_table will still hold a pointer to this freed resource
+leading to a use-after-free vulnerability.
+
+BUG: KASAN: use-after-free in vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]
+BUG: KASAN: use-after-free in vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147
+Read of size 4 at addr ffff88801c16d800 by task syz-executor197/1592
+Call Trace:
+ <TASK>
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106
+ print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239
+ __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425
+ kasan_report+0x38/0x51 mm/kasan/report.c:442
+ vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [inline]
+ vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147
+ vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182
+ ctx_free_ctx+0x473/0xbe1 drivers/misc/vmw_vmci/vmci_context.c:444
+ kref_put include/linux/kref.h:65 [inline]
+ vmci_ctx_put drivers/misc/vmw_vmci/vmci_context.c:497 [inline]
+ vmci_ctx_destroy+0x170/0x1d6 drivers/misc/vmw_vmci/vmci_context.c:195
+ vmci_host_close+0x125/0x1ac drivers/misc/vmw_vmci/vmci_host.c:143
+ __fput+0x261/0xa34 fs/file_table.c:282
+ task_work_run+0xf0/0x194 kernel/task_work.c:164
+ tracehook_notify_resume include/linux/tracehook.h:189 [inline]
+ exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187
+ exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220
+ __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [inline]
+ syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313
+ do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86
+ entry_SYSCALL_64_after_hwframe+0x6e/0x0
+
+This change ensures the type is also checked when removing
+the resource from vmci_resource_table in vmci_resource_remove().
+
+Fixes: bc63dedb7d46 ("VMCI: resource object implementation.")
+Cc: stable@vger.kernel.org
+Reported-by: George Kennedy <george.kennedy@oracle.com>
+Signed-off-by: David Fernandez Gonzalez <david.fernandez.gonzalez@oracle.com>
+Link: https://lore.kernel.org/r/20240828154338.754746-1-david.fernandez.gonzalez@oracle.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/vmw_vmci/vmci_resource.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/misc/vmw_vmci/vmci_resource.c
++++ b/drivers/misc/vmw_vmci/vmci_resource.c
+@@ -152,7 +152,8 @@ void vmci_resource_remove(struct vmci_re
+ spin_lock(&vmci_resource_table.lock);
+
+ hlist_for_each_entry(r, &vmci_resource_table.entries[idx], node) {
+- if (vmci_handle_is_equal(r->handle, resource->handle)) {
++ if (vmci_handle_is_equal(r->handle, resource->handle) &&
++ resource->type == r->type) {
+ hlist_del_init_rcu(&r->node);
+ break;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
