--- /dev/null
+From aea5b3aa0817c3ab71900afdb6d97b4711374333 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 12 Jul 2023 03:40:17 +0200
+Subject: ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Aleksey Nasibulin <alealexpro100@ya.ru>
+
+[ Upstream commit 91994e59079dcb455783d3f9ea338eea6f671af3 ]
+
+Linksys ea6500-v2 have 256MB of ram. Currently we only use 128MB.
+Expand the definition to use all the available RAM.
+
+Fixes: 03e96644d7a8 ("ARM: dts: BCM5301X: Add basic DT for Linksys EA6500 V2")
+Signed-off-by: Aleksey Nasibulin <alealexpro100@ya.ru>
+Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
+Cc: stable@vger.kernel.org
+Acked-by: Rafał Miłecki <rafal@milecki.pl>
+Link: https://lore.kernel.org/r/20230712014017.28123-1-ansuelsmth@gmail.com
+Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts b/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts
+index f1412ba83defb..0454423fe166c 100644
+--- a/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts
++++ b/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts
+@@ -19,7 +19,8 @@
+
+ memory@0 {
+ device_type = "memory";
+- reg = <0x00000000 0x08000000>;
++ reg = <0x00000000 0x08000000>,
++ <0x88000000 0x08000000>;
+ };
+
+ gpio-keys {
+--
+2.40.1
+
--- /dev/null
+From ecc6cd4ca7d619c8ffbcd274e1e225366f01fd29 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Jul 2023 13:53:33 +0200
+Subject: ARM: dts: qcom: msm8974pro-castor: correct inverted X of touchscreen
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+
+[ Upstream commit 43db69268149049540b1d2bbe8a69e59d5cb43b6 ]
+
+There is no syna,f11-flip-x property, so assume intention was to use
+touchscreen-inverted-x.
+
+Fixes: ab80661883de ("ARM: dts: qcom: msm8974: Add Sony Xperia Z2 Tablet")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Link: https://lore.kernel.org/r/20230720115335.137354-4-krzysztof.kozlowski@linaro.org
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
+index 3f45f5c5d37b5..4abc85c181690 100644
+--- a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
++++ b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
+@@ -131,8 +131,8 @@
+
+ rmi-f11@11 {
+ reg = <0x11>;
+- syna,f11-flip-x = <1>;
+ syna,sensor-type = <1>;
++ touchscreen-inverted-x;
+ };
+ };
+ };
+--
+2.40.1
+
--- /dev/null
+From bea04543fdce056575a7d632170b62a2978b58b2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Jul 2023 13:53:34 +0200
+Subject: ARM: dts: qcom: msm8974pro-castor: correct touchscreen function names
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+
+[ Upstream commit 31fba16c19c45b2b3a7c23b0bfef80aed1b29050 ]
+
+The node names for functions of Synaptics RMI4 touchscreen must be as
+"rmi4-fXX", as required by bindings and Linux driver.
+
+ qcom-msm8974pro-sony-xperia-shinano-castor.dtb: synaptics@2c: Unevaluated properties are not allowed ('rmi-f01@1', 'rmi-f11@11' were unexpected)
+
+Fixes: ab80661883de ("ARM: dts: qcom: msm8974: Add Sony Xperia Z2 Tablet")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Link: https://lore.kernel.org/r/20230720115335.137354-5-krzysztof.kozlowski@linaro.org
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
+index 4abc85c181690..a572ac630c1b3 100644
+--- a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
++++ b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
+@@ -124,12 +124,12 @@
+
+ syna,startup-delay-ms = <10>;
+
+- rmi-f01@1 {
++ rmi4-f01@1 {
+ reg = <0x1>;
+ syna,nosleep = <1>;
+ };
+
+- rmi-f11@11 {
++ rmi4-f11@11 {
+ reg = <0x11>;
+ syna,sensor-type = <1>;
+ touchscreen-inverted-x;
+--
+2.40.1
+
--- /dev/null
+From d987afb64b4d1b92c0b43081e7a9358a28a9d335 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Jul 2023 13:53:35 +0200
+Subject: ARM: dts: qcom: msm8974pro-castor: correct touchscreen
+ syna,nosleep-mode
+
+From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+
+[ Upstream commit 7c74379afdfee7b13f1cd8ff1ad6e0f986aec96c ]
+
+There is no syna,nosleep property in Synaptics RMI4 touchscreen:
+
+ qcom-msm8974pro-sony-xperia-shinano-castor.dtb: synaptics@2c: rmi4-f01@1: 'syna,nosleep' does not match any of the regexes: 'pinctrl-[0-9]+'
+
+Fixes: ab80661883de ("ARM: dts: qcom: msm8974: Add Sony Xperia Z2 Tablet")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Link: https://lore.kernel.org/r/20230720115335.137354-6-krzysztof.kozlowski@linaro.org
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ .../arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
+index a572ac630c1b3..cc49bb777df8a 100644
+--- a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
++++ b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts
+@@ -126,7 +126,7 @@
+
+ rmi4-f01@1 {
+ reg = <0x1>;
+- syna,nosleep = <1>;
++ syna,nosleep-mode = <1>;
+ };
+
+ rmi4-f11@11 {
+--
+2.40.1
+
--- /dev/null
+From 2a6a5a70b23e6648c6723a1330863b4507c5f828 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 14 Jul 2023 17:37:20 +0200
+Subject: ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size
+
+From: Paul Cercueil <paul@crapouillou.net>
+
+[ Upstream commit b3f3fc32e5ff1e848555af8616318cc667457f90 ]
+
+The previous values were completely bogus, and resulted in the computed
+DPI ratio being much lower than reality, causing applications and UIs to
+misbehave.
+
+The new values were measured by myself with a ruler.
+
+Signed-off-by: Paul Cercueil <paul@crapouillou.net>
+Acked-by: Sam Ravnborg <sam@ravnborg.org>
+Fixes: 8620cc2f99b7 ("ARM: dts: exynos: Add devicetree file for the Galaxy S2")
+Cc: <stable@vger.kernel.org> # v5.8+
+Link: https://lore.kernel.org/r/20230714153720.336990-1-paul@crapouillou.net
+Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/boot/dts/exynos4210-i9100.dts | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/arm/boot/dts/exynos4210-i9100.dts b/arch/arm/boot/dts/exynos4210-i9100.dts
+index bba85011ecc93..53e023fc1cacf 100644
+--- a/arch/arm/boot/dts/exynos4210-i9100.dts
++++ b/arch/arm/boot/dts/exynos4210-i9100.dts
+@@ -201,8 +201,8 @@
+ power-on-delay = <10>;
+ reset-delay = <10>;
+
+- panel-width-mm = <90>;
+- panel-height-mm = <154>;
++ panel-width-mm = <56>;
++ panel-height-mm = <93>;
+
+ display-timings {
+ timing {
+--
+2.40.1
+
--- /dev/null
+From 52421601e6f8a2ce92fdb63a13cc1f92a4e6552f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 26 Jul 2023 18:57:19 +0530
+Subject: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as
+ reserved
+
+From: Amit Pundir <amit.pundir@linaro.org>
+
+[ Upstream commit 110e70fccce4f22b53986ae797d665ffb1950aa6 ]
+
+Adding a reserved memory region for the framebuffer memory
+(the splash memory region set up by the bootloader).
+
+It fixes a kernel panic (arm-smmu: Unhandled context fault
+at this particular memory region) reported on DB845c running
+v5.10.y.
+
+Cc: stable@vger.kernel.org # v5.10+
+Reviewed-by: Caleb Connolly <caleb.connolly@linaro.org>
+Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
+Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
+Link: https://lore.kernel.org/r/20230726132719.2117369-2-amit.pundir@linaro.org
+Signed-off-by: Bjorn Andersson <andersson@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/arch/arm64/boot/dts/qcom/sdm845-db845c.dts b/arch/arm64/boot/dts/qcom/sdm845-db845c.dts
+index c289bf0903b45..c9efcb894a52f 100644
+--- a/arch/arm64/boot/dts/qcom/sdm845-db845c.dts
++++ b/arch/arm64/boot/dts/qcom/sdm845-db845c.dts
+@@ -100,6 +100,14 @@
+ };
+ };
+
++ reserved-memory {
++ /* Cont splash region set up by the bootloader */
++ cont_splash_mem: framebuffer@9d400000 {
++ reg = <0x0 0x9d400000 0x0 0x2400000>;
++ no-map;
++ };
++ };
++
+ lt9611_1v8: lt9611-vdd18-regulator {
+ compatible = "regulator-fixed";
+ regulator-name = "LT9611_1V8";
+@@ -512,6 +520,7 @@
+ };
+
+ &mdss {
++ memory-region = <&cont_splash_mem>;
+ status = "okay";
+ };
+
+--
+2.40.1
+
--- /dev/null
+From f3670c6cf280a7c5039c0cb5f6c8492b625dfe77 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 9 Feb 2023 18:23:16 -0500
+Subject: drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3
+
+From: Philip Yang <Philip.Yang@amd.com>
+
+[ Upstream commit 75dda67c7213c3e0d17244a8c42547c27ee746f8 ]
+
+kfd_flush_tlb_after_unmap should return true for GFX v9.4.3, to do TLB
+heavyweight flush after unmapping from GPU to guarantee that the GPU
+will not access pages after they have been unmapped. This also helps
+improve the mapping to GPU performance.
+
+Without this, KFD accidently flush TLB after mapping to GPU because the
+vm update sequence number is increased by previous unmapping.
+
+Signed-off-by: Philip Yang <Philip.Yang@amd.com>
+Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Stable-dep-of: edcfe22985d0 ("drm/amdkfd: Insert missing TLB flush on GFX10 and later")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
+index 6d6588b9beed7..f374f112f7b71 100644
+--- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
++++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
+@@ -1349,9 +1349,9 @@ void kfd_flush_tlb(struct kfd_process_device *pdd, enum TLB_FLUSH_TYPE type);
+
+ static inline bool kfd_flush_tlb_after_unmap(struct kfd_dev *dev)
+ {
+- return KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 2) ||
+- (KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 1) &&
+- dev->adev->sdma.instance[0].fw_version >= 18) ||
++ return KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 3) ||
++ KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 2) ||
++ (KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 1) && dev->sdma_fw_version >= 18) ||
+ KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 0);
+ }
+
+--
+2.40.1
+
--- /dev/null
+From 346b09f334c01040556ba9904556975f78d4db24 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 11 Sep 2023 14:49:06 -0400
+Subject: drm/amdkfd: Insert missing TLB flush on GFX10 and later
+
+From: Harish Kasiviswanathan <Harish.Kasiviswanathan@amd.com>
+
+[ Upstream commit edcfe22985d09ee8e2346c9217f5a52ab150099f ]
+
+Heavy-weight TLB flush is required after unmap on all GPUs for
+correctness and security.
+
+Signed-off-by: Harish Kasiviswanathan <Harish.Kasiviswanathan@amd.com>
+Reviewed-by: Felix Kuehling <Felix.Kuehling@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
+index f374f112f7b71..ec8a576ac5a9e 100644
+--- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
++++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
+@@ -1349,8 +1349,7 @@ void kfd_flush_tlb(struct kfd_process_device *pdd, enum TLB_FLUSH_TYPE type);
+
+ static inline bool kfd_flush_tlb_after_unmap(struct kfd_dev *dev)
+ {
+- return KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 3) ||
+- KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 2) ||
++ return KFD_GC_VERSION(dev) > IP_VERSION(9, 4, 2) ||
+ (KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 1) && dev->sdma_fw_version >= 18) ||
+ KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 0);
+ }
+--
+2.40.1
+
--- /dev/null
+From d3cca2333de0eebe16fad47182618ad212c67cac Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 19 Jan 2023 10:47:00 -0800
+Subject: f2fs: get out of a repeat loop when getting a locked data page
+
+From: Jaegeuk Kim <jaegeuk@kernel.org>
+
+[ Upstream commit d2d9bb3b6d2fbccb5b33d3a85a2830971625a4ea ]
+
+https://bugzilla.kernel.org/show_bug.cgi?id=216050
+
+Somehow we're getting a page which has a different mapping.
+Let's avoid the infinite loop.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/f2fs/data.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
+index 0faed0575f8aa..a982f91b71eb2 100644
+--- a/fs/f2fs/data.c
++++ b/fs/f2fs/data.c
+@@ -1329,18 +1329,14 @@ struct page *f2fs_get_lock_data_page(struct inode *inode, pgoff_t index,
+ {
+ struct address_space *mapping = inode->i_mapping;
+ struct page *page;
+-repeat:
++
+ page = f2fs_get_read_data_page(inode, index, 0, for_write, NULL);
+ if (IS_ERR(page))
+ return page;
+
+ /* wait for read completion */
+ lock_page(page);
+- if (unlikely(page->mapping != mapping)) {
+- f2fs_put_page(page, 1);
+- goto repeat;
+- }
+- if (unlikely(!PageUptodate(page))) {
++ if (unlikely(page->mapping != mapping || !PageUptodate(page))) {
+ f2fs_put_page(page, 1);
+ return ERR_PTR(-EIO);
+ }
+--
+2.40.1
+
--- /dev/null
+From d6a8264e2a56a94418a498455db46363eb2d6320 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 8 Nov 2022 22:33:21 +0800
+Subject: f2fs: optimize iteration over sparse directories
+
+From: Chao Yu <chao@kernel.org>
+
+[ Upstream commit 59237a21776f70ffb0420611c23e7158e1317037 ]
+
+Wei Chen reports a kernel bug as blew:
+
+INFO: task syz-executor.0:29056 blocked for more than 143 seconds.
+ Not tainted 5.15.0-rc5 #1
+"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
+task:syz-executor.0 state:D stack:14632 pid:29056 ppid: 6574 flags:0x00000004
+Call Trace:
+ __schedule+0x4a1/0x1720
+ schedule+0x36/0xe0
+ rwsem_down_write_slowpath+0x322/0x7a0
+ fscrypt_ioctl_set_policy+0x11f/0x2a0
+ __f2fs_ioctl+0x1a9f/0x5780
+ f2fs_ioctl+0x89/0x3a0
+ __x64_sys_ioctl+0xe8/0x140
+ do_syscall_64+0x34/0xb0
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Eric did some investigation on this issue, quoted from reply of Eric:
+
+"Well, the quality of this bug report has a lot to be desired (not on
+upstream kernel, reproducer is full of totally irrelevant stuff, not
+sent to the mailing list of the filesystem whose disk image is being
+fuzzed, etc.). But what is going on is that f2fs_empty_dir() doesn't
+consider the case of a directory with an extremely large i_size on a
+malicious disk image.
+
+Specifically, the reproducer mounts an f2fs image with a directory
+that has an i_size of 14814520042850357248, then calls
+FS_IOC_SET_ENCRYPTION_POLICY on it.
+
+That results in a call to f2fs_empty_dir() to check whether the
+directory is empty. f2fs_empty_dir() then iterates through all
+3616826182336513 blocks the directory allegedly contains to check
+whether any contain anything. i_rwsem is held during this, so
+anything else that tries to take it will hang."
+
+In order to solve this issue, let's use f2fs_get_next_page_offset()
+to speed up iteration by skipping holes for all below functions:
+- f2fs_empty_dir
+- f2fs_readdir
+- find_in_level
+
+The way why we can speed up iteration was described in
+'commit 3cf4574705b4 ("f2fs: introduce get_next_page_offset to speed
+up SEEK_DATA")'.
+
+Meanwhile, in f2fs_empty_dir(), let's use f2fs_find_data_page()
+instead f2fs_get_lock_data_page(), due to i_rwsem was held in
+caller of f2fs_empty_dir(), there shouldn't be any races, so it's
+fine to not lock dentry page during lookuping dirents in the page.
+
+Link: https://lore.kernel.org/lkml/536944df-a0ae-1dd8-148f-510b476e1347@kernel.org/T/
+Reported-by: Wei Chen <harperchen1110@gmail.com>
+Cc: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Chao Yu <chao@kernel.org>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Stable-dep-of: d2d9bb3b6d2f ("f2fs: get out of a repeat loop when getting a locked data page")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/f2fs/data.c | 17 ++++++++++++-----
+ fs/f2fs/dir.c | 34 ++++++++++++++++++++++++----------
+ fs/f2fs/f2fs.h | 5 +++--
+ fs/f2fs/gc.c | 4 ++--
+ 4 files changed, 41 insertions(+), 19 deletions(-)
+
+diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
+index c230824ab5e6e..0faed0575f8aa 100644
+--- a/fs/f2fs/data.c
++++ b/fs/f2fs/data.c
+@@ -1212,7 +1212,8 @@ int f2fs_get_block(struct dnode_of_data *dn, pgoff_t index)
+ }
+
+ struct page *f2fs_get_read_data_page(struct inode *inode, pgoff_t index,
+- blk_opf_t op_flags, bool for_write)
++ blk_opf_t op_flags, bool for_write,
++ pgoff_t *next_pgofs)
+ {
+ struct address_space *mapping = inode->i_mapping;
+ struct dnode_of_data dn;
+@@ -1238,12 +1239,17 @@ struct page *f2fs_get_read_data_page(struct inode *inode, pgoff_t index,
+
+ set_new_dnode(&dn, inode, NULL, NULL, 0);
+ err = f2fs_get_dnode_of_data(&dn, index, LOOKUP_NODE);
+- if (err)
++ if (err) {
++ if (err == -ENOENT && next_pgofs)
++ *next_pgofs = f2fs_get_next_page_offset(&dn, index);
+ goto put_err;
++ }
+ f2fs_put_dnode(&dn);
+
+ if (unlikely(dn.data_blkaddr == NULL_ADDR)) {
+ err = -ENOENT;
++ if (next_pgofs)
++ *next_pgofs = index + 1;
+ goto put_err;
+ }
+ if (dn.data_blkaddr != NEW_ADDR &&
+@@ -1287,7 +1293,8 @@ struct page *f2fs_get_read_data_page(struct inode *inode, pgoff_t index,
+ return ERR_PTR(err);
+ }
+
+-struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index)
++struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index,
++ pgoff_t *next_pgofs)
+ {
+ struct address_space *mapping = inode->i_mapping;
+ struct page *page;
+@@ -1297,7 +1304,7 @@ struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index)
+ return page;
+ f2fs_put_page(page, 0);
+
+- page = f2fs_get_read_data_page(inode, index, 0, false);
++ page = f2fs_get_read_data_page(inode, index, 0, false, next_pgofs);
+ if (IS_ERR(page))
+ return page;
+
+@@ -1323,7 +1330,7 @@ struct page *f2fs_get_lock_data_page(struct inode *inode, pgoff_t index,
+ struct address_space *mapping = inode->i_mapping;
+ struct page *page;
+ repeat:
+- page = f2fs_get_read_data_page(inode, index, 0, for_write);
++ page = f2fs_get_read_data_page(inode, index, 0, for_write, NULL);
+ if (IS_ERR(page))
+ return page;
+
+diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
+index bf5ba75b75d24..8373eba3a1337 100644
+--- a/fs/f2fs/dir.c
++++ b/fs/f2fs/dir.c
+@@ -340,6 +340,7 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir,
+ unsigned int bidx, end_block;
+ struct page *dentry_page;
+ struct f2fs_dir_entry *de = NULL;
++ pgoff_t next_pgofs;
+ bool room = false;
+ int max_slots;
+
+@@ -350,12 +351,13 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir,
+ le32_to_cpu(fname->hash) % nbucket);
+ end_block = bidx + nblock;
+
+- for (; bidx < end_block; bidx++) {
++ while (bidx < end_block) {
+ /* no need to allocate new dentry pages to all the indices */
+- dentry_page = f2fs_find_data_page(dir, bidx);
++ dentry_page = f2fs_find_data_page(dir, bidx, &next_pgofs);
+ if (IS_ERR(dentry_page)) {
+ if (PTR_ERR(dentry_page) == -ENOENT) {
+ room = true;
++ bidx = next_pgofs;
+ continue;
+ } else {
+ *res_page = dentry_page;
+@@ -376,6 +378,8 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir,
+ if (max_slots >= s)
+ room = true;
+ f2fs_put_page(dentry_page, 0);
++
++ bidx++;
+ }
+
+ if (!de && room && F2FS_I(dir)->chash != fname->hash) {
+@@ -963,7 +967,7 @@ void f2fs_delete_entry(struct f2fs_dir_entry *dentry, struct page *page,
+
+ bool f2fs_empty_dir(struct inode *dir)
+ {
+- unsigned long bidx;
++ unsigned long bidx = 0;
+ struct page *dentry_page;
+ unsigned int bit_pos;
+ struct f2fs_dentry_block *dentry_blk;
+@@ -972,13 +976,17 @@ bool f2fs_empty_dir(struct inode *dir)
+ if (f2fs_has_inline_dentry(dir))
+ return f2fs_empty_inline_dir(dir);
+
+- for (bidx = 0; bidx < nblock; bidx++) {
+- dentry_page = f2fs_get_lock_data_page(dir, bidx, false);
++ while (bidx < nblock) {
++ pgoff_t next_pgofs;
++
++ dentry_page = f2fs_find_data_page(dir, bidx, &next_pgofs);
+ if (IS_ERR(dentry_page)) {
+- if (PTR_ERR(dentry_page) == -ENOENT)
++ if (PTR_ERR(dentry_page) == -ENOENT) {
++ bidx = next_pgofs;
+ continue;
+- else
++ } else {
+ return false;
++ }
+ }
+
+ dentry_blk = page_address(dentry_page);
+@@ -990,10 +998,12 @@ bool f2fs_empty_dir(struct inode *dir)
+ NR_DENTRY_IN_BLOCK,
+ bit_pos);
+
+- f2fs_put_page(dentry_page, 1);
++ f2fs_put_page(dentry_page, 0);
+
+ if (bit_pos < NR_DENTRY_IN_BLOCK)
+ return false;
++
++ bidx++;
+ }
+ return true;
+ }
+@@ -1111,7 +1121,8 @@ static int f2fs_readdir(struct file *file, struct dir_context *ctx)
+ goto out_free;
+ }
+
+- for (; n < npages; n++, ctx->pos = n * NR_DENTRY_IN_BLOCK) {
++ for (; n < npages; ctx->pos = n * NR_DENTRY_IN_BLOCK) {
++ pgoff_t next_pgofs;
+
+ /* allow readdir() to be interrupted */
+ if (fatal_signal_pending(current)) {
+@@ -1125,11 +1136,12 @@ static int f2fs_readdir(struct file *file, struct dir_context *ctx)
+ page_cache_sync_readahead(inode->i_mapping, ra, file, n,
+ min(npages - n, (pgoff_t)MAX_DIR_RA_PAGES));
+
+- dentry_page = f2fs_find_data_page(inode, n);
++ dentry_page = f2fs_find_data_page(inode, n, &next_pgofs);
+ if (IS_ERR(dentry_page)) {
+ err = PTR_ERR(dentry_page);
+ if (err == -ENOENT) {
+ err = 0;
++ n = next_pgofs;
+ continue;
+ } else {
+ goto out_free;
+@@ -1148,6 +1160,8 @@ static int f2fs_readdir(struct file *file, struct dir_context *ctx)
+ }
+
+ f2fs_put_page(dentry_page, 0);
++
++ n++;
+ }
+ out_free:
+ fscrypt_fname_free_buffer(&fstr);
+diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
+index 37dca728ff967..f56abb39601ac 100644
+--- a/fs/f2fs/f2fs.h
++++ b/fs/f2fs/f2fs.h
+@@ -3784,8 +3784,9 @@ int f2fs_reserve_new_block(struct dnode_of_data *dn);
+ int f2fs_get_block(struct dnode_of_data *dn, pgoff_t index);
+ int f2fs_reserve_block(struct dnode_of_data *dn, pgoff_t index);
+ struct page *f2fs_get_read_data_page(struct inode *inode, pgoff_t index,
+- blk_opf_t op_flags, bool for_write);
+-struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index);
++ blk_opf_t op_flags, bool for_write, pgoff_t *next_pgofs);
++struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index,
++ pgoff_t *next_pgofs);
+ struct page *f2fs_get_lock_data_page(struct inode *inode, pgoff_t index,
+ bool for_write);
+ struct page *f2fs_get_new_data_page(struct inode *inode,
+diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c
+index aa4d513daa8f8..ec7212f7a9b73 100644
+--- a/fs/f2fs/gc.c
++++ b/fs/f2fs/gc.c
+@@ -1600,8 +1600,8 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum,
+ continue;
+ }
+
+- data_page = f2fs_get_read_data_page(inode,
+- start_bidx, REQ_RAHEAD, true);
++ data_page = f2fs_get_read_data_page(inode, start_bidx,
++ REQ_RAHEAD, true, NULL);
+ f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
+ if (IS_ERR(data_page)) {
+ iput(inode);
+--
+2.40.1
+
--- /dev/null
+From 451bda8ebdf0012fdfddfa8bf53a405ffe193d95 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 25 Jul 2023 11:24:47 +0200
+Subject: s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_CLR2SECK2 IOCTL
+
+From: Holger Dengler <dengler@linux.ibm.com>
+
+[ Upstream commit da2863f15945de100b95c72d5656541d30956c5d ]
+
+Commit 'fa6999e326fe ("s390/pkey: support CCA and EP11 secure ECC
+private keys")' introduced PKEY_TYPE_EP11_AES for the PKEY_CLR2SECK2
+IOCTL to convert an AES clearkey into a securekey of this type.
+Unfortunately, all PKEY_CLR2SECK2 IOCTL requests with type
+PKEY_TYPE_EP11_AES return with an error (-EINVAL). Fix the handling
+for PKEY_TYPE_EP11_AES in PKEY_CLR2SECK2 IOCTL, so that userspace can
+convert clearkey blobs into PKEY_TYPE_EP11_AES securekey blobs.
+
+Cc: stable@vger.kernel.org # v5.10+
+Fixes: fa6999e326fe ("s390/pkey: support CCA and EP11 secure ECC private keys")
+Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
+Reviewed-by: Ingo Franzki <ifranzki@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/s390/crypto/pkey_api.c | 16 +++++--
+ drivers/s390/crypto/zcrypt_ep11misc.c | 61 ++++++++++++++++++++-------
+ drivers/s390/crypto/zcrypt_ep11misc.h | 3 +-
+ 3 files changed, 60 insertions(+), 20 deletions(-)
+
+diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c
+index 2b92ec20ed68e..df0f19e6d9235 100644
+--- a/drivers/s390/crypto/pkey_api.c
++++ b/drivers/s390/crypto/pkey_api.c
+@@ -212,7 +212,8 @@ static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen,
+ card = apqns[i] >> 16;
+ dom = apqns[i] & 0xFFFF;
+ rc = ep11_clr2keyblob(card, dom, clrkeylen * 8,
+- 0, clrkey, keybuf, keybuflen);
++ 0, clrkey, keybuf, keybuflen,
++ PKEY_TYPE_EP11);
+ if (rc == 0)
+ break;
+ }
+@@ -627,6 +628,11 @@ static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
+ if (*keybufsize < MINEP11AESKEYBLOBSIZE)
+ return -EINVAL;
+ break;
++ case PKEY_TYPE_EP11_AES:
++ if (*keybufsize < (sizeof(struct ep11kblob_header) +
++ MINEP11AESKEYBLOBSIZE))
++ return -EINVAL;
++ break;
+ default:
+ return -EINVAL;
+ }
+@@ -645,9 +651,11 @@ static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns,
+ for (i = 0, rc = -ENODEV; i < nr_apqns; i++) {
+ card = apqns[i].card;
+ dom = apqns[i].domain;
+- if (ktype == PKEY_TYPE_EP11) {
++ if (ktype == PKEY_TYPE_EP11 ||
++ ktype == PKEY_TYPE_EP11_AES) {
+ rc = ep11_clr2keyblob(card, dom, ksize, kflags,
+- clrkey, keybuf, keybufsize);
++ clrkey, keybuf, keybufsize,
++ ktype);
+ } else if (ktype == PKEY_TYPE_CCA_DATA) {
+ rc = cca_clr2seckey(card, dom, ksize,
+ clrkey, keybuf);
+@@ -1361,7 +1369,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd,
+ apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries);
+ if (IS_ERR(apqns))
+ return PTR_ERR(apqns);
+- kkey = kmalloc(klen, GFP_KERNEL);
++ kkey = kzalloc(klen, GFP_KERNEL);
+ if (!kkey) {
+ kfree(apqns);
+ return -ENOMEM;
+diff --git a/drivers/s390/crypto/zcrypt_ep11misc.c b/drivers/s390/crypto/zcrypt_ep11misc.c
+index 20bbeec1a1a22..77e1ffaafaea1 100644
+--- a/drivers/s390/crypto/zcrypt_ep11misc.c
++++ b/drivers/s390/crypto/zcrypt_ep11misc.c
+@@ -1000,12 +1000,12 @@ static int ep11_cryptsingle(u16 card, u16 domain,
+ return rc;
+ }
+
+-static int ep11_unwrapkey(u16 card, u16 domain,
+- const u8 *kek, size_t keksize,
+- const u8 *enckey, size_t enckeysize,
+- u32 mech, const u8 *iv,
+- u32 keybitsize, u32 keygenflags,
+- u8 *keybuf, size_t *keybufsize)
++static int _ep11_unwrapkey(u16 card, u16 domain,
++ const u8 *kek, size_t keksize,
++ const u8 *enckey, size_t enckeysize,
++ u32 mech, const u8 *iv,
++ u32 keybitsize, u32 keygenflags,
++ u8 *keybuf, size_t *keybufsize)
+ {
+ struct uw_req_pl {
+ struct pl_head head;
+@@ -1042,7 +1042,6 @@ static int ep11_unwrapkey(u16 card, u16 domain,
+ struct ep11_cprb *req = NULL, *rep = NULL;
+ struct ep11_target_dev target;
+ struct ep11_urb *urb = NULL;
+- struct ep11keyblob *kb;
+ size_t req_pl_size;
+ int api, rc = -ENOMEM;
+ u8 *p;
+@@ -1124,14 +1123,9 @@ static int ep11_unwrapkey(u16 card, u16 domain,
+ goto out;
+ }
+
+- /* copy key blob and set header values */
++ /* copy key blob */
+ memcpy(keybuf, rep_pl->data, rep_pl->data_len);
+ *keybufsize = rep_pl->data_len;
+- kb = (struct ep11keyblob *)keybuf;
+- kb->head.type = TOKTYPE_NON_CCA;
+- kb->head.len = rep_pl->data_len;
+- kb->head.version = TOKVER_EP11_AES;
+- kb->head.bitlen = keybitsize;
+
+ out:
+ kfree(req);
+@@ -1140,6 +1134,42 @@ static int ep11_unwrapkey(u16 card, u16 domain,
+ return rc;
+ }
+
++static int ep11_unwrapkey(u16 card, u16 domain,
++ const u8 *kek, size_t keksize,
++ const u8 *enckey, size_t enckeysize,
++ u32 mech, const u8 *iv,
++ u32 keybitsize, u32 keygenflags,
++ u8 *keybuf, size_t *keybufsize,
++ u8 keybufver)
++{
++ struct ep11kblob_header *hdr;
++ size_t hdr_size, pl_size;
++ u8 *pl;
++ int rc;
++
++ rc = ep11_kb_split(keybuf, *keybufsize, keybufver,
++ &hdr, &hdr_size, &pl, &pl_size);
++ if (rc)
++ return rc;
++
++ rc = _ep11_unwrapkey(card, domain, kek, keksize, enckey, enckeysize,
++ mech, iv, keybitsize, keygenflags,
++ pl, &pl_size);
++ if (rc)
++ return rc;
++
++ *keybufsize = hdr_size + pl_size;
++
++ /* update header information */
++ hdr = (struct ep11kblob_header *)keybuf;
++ hdr->type = TOKTYPE_NON_CCA;
++ hdr->len = *keybufsize;
++ hdr->version = keybufver;
++ hdr->bitlen = keybitsize;
++
++ return 0;
++}
++
+ static int ep11_wrapkey(u16 card, u16 domain,
+ const u8 *key, size_t keysize,
+ u32 mech, const u8 *iv,
+@@ -1274,7 +1304,8 @@ static int ep11_wrapkey(u16 card, u16 domain,
+ }
+
+ int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
+- const u8 *clrkey, u8 *keybuf, size_t *keybufsize)
++ const u8 *clrkey, u8 *keybuf, size_t *keybufsize,
++ u32 keytype)
+ {
+ int rc;
+ u8 encbuf[64], *kek = NULL;
+@@ -1321,7 +1352,7 @@ int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
+ /* Step 3: import the encrypted key value as a new key */
+ rc = ep11_unwrapkey(card, domain, kek, keklen,
+ encbuf, encbuflen, 0, def_iv,
+- keybitsize, 0, keybuf, keybufsize);
++ keybitsize, 0, keybuf, keybufsize, keytype);
+ if (rc) {
+ DEBUG_ERR(
+ "%s importing key value as new key failed,, rc=%d\n",
+diff --git a/drivers/s390/crypto/zcrypt_ep11misc.h b/drivers/s390/crypto/zcrypt_ep11misc.h
+index ed328c354bade..b7f9cbe3d58de 100644
+--- a/drivers/s390/crypto/zcrypt_ep11misc.h
++++ b/drivers/s390/crypto/zcrypt_ep11misc.h
+@@ -113,7 +113,8 @@ int ep11_genaeskey(u16 card, u16 domain, u32 keybitsize, u32 keygenflags,
+ * Generate EP11 AES secure key with given clear key value.
+ */
+ int ep11_clr2keyblob(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags,
+- const u8 *clrkey, u8 *keybuf, size_t *keybufsize);
++ const u8 *clrkey, u8 *keybuf, size_t *keybufsize,
++ u32 keytype);
+
+ /*
+ * Build a list of ep11 apqns meeting the following constrains:
+--
+2.40.1
+
--- /dev/null
+From 26bd82bb4799b0356c878b9aa664daaf00e5d98b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 21 Dec 2022 20:39:32 -0800
+Subject: scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets
+ called
+
+From: Shreyas Deodhar <sdeodhar@marvell.com>
+
+[ Upstream commit 1d201c81d4cc6840735bbcc99e6031503e5cf3b8 ]
+
+In current I/O path, Tx and Rx may not be processed on same CPU. This may
+lead to thrashing and optimum performance may not be achieved.
+
+Pick qpair such that Tx and Rx are processed on same CPU.
+
+Signed-off-by: Shreyas Deodhar <sdeodhar@marvell.com>
+Signed-off-by: Nilesh Javali <njavali@marvell.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Stable-dep-of: 59f10a05b5c7 ("scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/qla2xxx/qla_def.h | 2 ++
+ drivers/scsi/qla2xxx/qla_init.c | 2 --
+ drivers/scsi/qla2xxx/qla_inline.h | 55 +++++++++++++++++++++++++++++++
+ drivers/scsi/qla2xxx/qla_isr.c | 3 +-
+ drivers/scsi/qla2xxx/qla_nvme.c | 4 +++
+ drivers/scsi/qla2xxx/qla_os.c | 6 ++++
+ 6 files changed, 69 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h
+index 7d282906598f3..817efdd32ad63 100644
+--- a/drivers/scsi/qla2xxx/qla_def.h
++++ b/drivers/scsi/qla2xxx/qla_def.h
+@@ -3475,6 +3475,7 @@ struct qla_msix_entry {
+ int have_irq;
+ int in_use;
+ uint32_t vector;
++ uint32_t vector_base0;
+ uint16_t entry;
+ char name[30];
+ void *handle;
+@@ -4133,6 +4134,7 @@ struct qla_hw_data {
+ struct req_que **req_q_map;
+ struct rsp_que **rsp_q_map;
+ struct qla_qpair **queue_pair_map;
++ struct qla_qpair **qp_cpu_map;
+ unsigned long req_qid_map[(QLA_MAX_QUEUES / 8) / sizeof(unsigned long)];
+ unsigned long rsp_qid_map[(QLA_MAX_QUEUES / 8) / sizeof(unsigned long)];
+ unsigned long qpair_qid_map[(QLA_MAX_QUEUES / 8)
+diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c
+index 36abdb0de1694..79de31e7e8b2a 100644
+--- a/drivers/scsi/qla2xxx/qla_init.c
++++ b/drivers/scsi/qla2xxx/qla_init.c
+@@ -9758,8 +9758,6 @@ struct qla_qpair *qla2xxx_create_qpair(struct scsi_qla_host *vha, int qos,
+ qpair->req = ha->req_q_map[req_id];
+ qpair->rsp->req = qpair->req;
+ qpair->rsp->qpair = qpair;
+- /* init qpair to this cpu. Will adjust at run time. */
+- qla_cpu_update(qpair, raw_smp_processor_id());
+
+ if (IS_T10_PI_CAPABLE(ha) && ql2xenabledif) {
+ if (ha->fw_attributes & BIT_4)
+diff --git a/drivers/scsi/qla2xxx/qla_inline.h b/drivers/scsi/qla2xxx/qla_inline.h
+index a7b5d11146827..d5cf9db2a8ea3 100644
+--- a/drivers/scsi/qla2xxx/qla_inline.h
++++ b/drivers/scsi/qla2xxx/qla_inline.h
+@@ -573,3 +573,58 @@ fcport_is_bigger(fc_port_t *fcport)
+ {
+ return !fcport_is_smaller(fcport);
+ }
++
++static inline struct qla_qpair *
++qla_mapq_nvme_select_qpair(struct qla_hw_data *ha, struct qla_qpair *qpair)
++{
++ int cpuid = smp_processor_id();
++
++ if (qpair->cpuid != cpuid &&
++ ha->qp_cpu_map[cpuid]) {
++ qpair = ha->qp_cpu_map[cpuid];
++ }
++ return qpair;
++}
++
++static inline void
++qla_mapq_init_qp_cpu_map(struct qla_hw_data *ha,
++ struct qla_msix_entry *msix,
++ struct qla_qpair *qpair)
++{
++ const struct cpumask *mask;
++ unsigned int cpu;
++
++ if (!ha->qp_cpu_map)
++ return;
++ mask = pci_irq_get_affinity(ha->pdev, msix->vector_base0);
++ qpair->cpuid = cpumask_first(mask);
++ for_each_cpu(cpu, mask) {
++ ha->qp_cpu_map[cpu] = qpair;
++ }
++ msix->cpuid = qpair->cpuid;
++}
++
++static inline void
++qla_mapq_free_qp_cpu_map(struct qla_hw_data *ha)
++{
++ if (ha->qp_cpu_map) {
++ kfree(ha->qp_cpu_map);
++ ha->qp_cpu_map = NULL;
++ }
++}
++
++static inline int qla_mapq_alloc_qp_cpu_map(struct qla_hw_data *ha)
++{
++ scsi_qla_host_t *vha = pci_get_drvdata(ha->pdev);
++
++ if (!ha->qp_cpu_map) {
++ ha->qp_cpu_map = kcalloc(NR_CPUS, sizeof(struct qla_qpair *),
++ GFP_KERNEL);
++ if (!ha->qp_cpu_map) {
++ ql_log(ql_log_fatal, vha, 0x0180,
++ "Unable to allocate memory for qp_cpu_map ptrs.\n");
++ return -1;
++ }
++ }
++ return 0;
++}
+diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
+index 0111249cc8774..a5e6246127ed3 100644
+--- a/drivers/scsi/qla2xxx/qla_isr.c
++++ b/drivers/scsi/qla2xxx/qla_isr.c
+@@ -3819,7 +3819,6 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha,
+
+ if (rsp->qpair->cpuid != smp_processor_id() || !rsp->qpair->rcv_intr) {
+ rsp->qpair->rcv_intr = 1;
+- qla_cpu_update(rsp->qpair, smp_processor_id());
+ }
+
+ #define __update_rsp_in(_is_shadow_hba, _rsp, _rsp_in) \
+@@ -4425,6 +4424,7 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
+ for (i = 0; i < ha->msix_count; i++) {
+ qentry = &ha->msix_entries[i];
+ qentry->vector = pci_irq_vector(ha->pdev, i);
++ qentry->vector_base0 = i;
+ qentry->entry = i;
+ qentry->have_irq = 0;
+ qentry->in_use = 0;
+@@ -4652,5 +4652,6 @@ int qla25xx_request_irq(struct qla_hw_data *ha, struct qla_qpair *qpair,
+ }
+ msix->have_irq = 1;
+ msix->handle = qpair;
++ qla_mapq_init_qp_cpu_map(ha, msix, qpair);
+ return ret;
+ }
+diff --git a/drivers/scsi/qla2xxx/qla_nvme.c b/drivers/scsi/qla2xxx/qla_nvme.c
+index c9a6fc882a801..9941b38eac93c 100644
+--- a/drivers/scsi/qla2xxx/qla_nvme.c
++++ b/drivers/scsi/qla2xxx/qla_nvme.c
+@@ -609,6 +609,7 @@ static int qla_nvme_post_cmd(struct nvme_fc_local_port *lport,
+ fc_port_t *fcport;
+ struct srb_iocb *nvme;
+ struct scsi_qla_host *vha;
++ struct qla_hw_data *ha;
+ int rval;
+ srb_t *sp;
+ struct qla_qpair *qpair = hw_queue_handle;
+@@ -629,6 +630,7 @@ static int qla_nvme_post_cmd(struct nvme_fc_local_port *lport,
+ return -ENODEV;
+
+ vha = fcport->vha;
++ ha = vha->hw;
+
+ if (test_bit(ABORT_ISP_ACTIVE, &vha->dpc_flags))
+ return -EBUSY;
+@@ -643,6 +645,8 @@ static int qla_nvme_post_cmd(struct nvme_fc_local_port *lport,
+ if (fcport->nvme_flag & NVME_FLAG_RESETTING)
+ return -EBUSY;
+
++ qpair = qla_mapq_nvme_select_qpair(ha, qpair);
++
+ /* Alloc SRB structure */
+ sp = qla2xxx_get_qpair_sp(vha, qpair, fcport, GFP_ATOMIC);
+ if (!sp)
+diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
+index 78f7cd16967fa..b33ffec1cb75e 100644
+--- a/drivers/scsi/qla2xxx/qla_os.c
++++ b/drivers/scsi/qla2xxx/qla_os.c
+@@ -480,6 +480,11 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req,
+ "Unable to allocate memory for queue pair ptrs.\n");
+ goto fail_qpair_map;
+ }
++ if (qla_mapq_alloc_qp_cpu_map(ha) != 0) {
++ kfree(ha->queue_pair_map);
++ ha->queue_pair_map = NULL;
++ goto fail_qpair_map;
++ }
+ }
+
+ /*
+@@ -554,6 +559,7 @@ static void qla2x00_free_queues(struct qla_hw_data *ha)
+ ha->base_qpair = NULL;
+ }
+
++ qla_mapq_free_qp_cpu_map(ha);
+ spin_lock_irqsave(&ha->hardware_lock, flags);
+ for (cnt = 0; cnt < ha->max_req_queues; cnt++) {
+ if (!test_bit(cnt, ha->req_qid_map))
+--
+2.40.1
+
--- /dev/null
+From f71b288bb266ac31d178f5d4e5e6d426f1d3fd76 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 31 Aug 2023 16:51:46 +0530
+Subject: scsi: qla2xxx: Use raw_smp_processor_id() instead of
+ smp_processor_id()
+
+From: Nilesh Javali <njavali@marvell.com>
+
+[ Upstream commit 59f10a05b5c7b675256a66e3161741239889ff80 ]
+
+The following call trace was observed:
+
+localhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete
+localhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092
+localhost kernel: nvme nvme0: NVME-FC{0}: new ctrl: NQN "nqn.1992-08.com.netapp:sn.b42d198afb4d11ecad6d00a098d6abfa:subsystem.PR_Channel2022_RH84_subsystem_291"
+localhost kernel: caller is qla_nvme_post_cmd+0x216/0x1380 [qla2xxx]
+localhost kernel: CPU: 6 PID: 75092 Comm: kworker/u129:4 Kdump: loaded Tainted: G B W OE --------- --- 5.14.0-70.22.1.el9_0.x86_64+debug #1
+localhost kernel: Hardware name: HPE ProLiant XL420 Gen10/ProLiant XL420 Gen10, BIOS U39 01/13/2022
+localhost kernel: Workqueue: nvme-wq nvme_async_event_work [nvme_core]
+localhost kernel: Call Trace:
+localhost kernel: dump_stack_lvl+0x57/0x7d
+localhost kernel: check_preemption_disabled+0xc8/0xd0
+localhost kernel: qla_nvme_post_cmd+0x216/0x1380 [qla2xxx]
+
+Use raw_smp_processor_id() instead of smp_processor_id().
+
+Also use queue_work() across the driver instead of queue_work_on() thus
+avoiding usage of smp_processor_id() when CONFIG_DEBUG_PREEMPT is enabled.
+
+Cc: stable@vger.kernel.org
+Suggested-by: John Garry <john.g.garry@oracle.com>
+Signed-off-by: Nilesh Javali <njavali@marvell.com>
+Link: https://lore.kernel.org/r/20230831112146.32595-2-njavali@marvell.com
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/qla2xxx/qla_inline.h | 2 +-
+ drivers/scsi/qla2xxx/qla_isr.c | 6 +++---
+ drivers/scsi/qla2xxx/qla_target.c | 3 +--
+ drivers/scsi/qla2xxx/tcm_qla2xxx.c | 4 ++--
+ 4 files changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/scsi/qla2xxx/qla_inline.h b/drivers/scsi/qla2xxx/qla_inline.h
+index d5cf9db2a8ea3..e66441355f7ae 100644
+--- a/drivers/scsi/qla2xxx/qla_inline.h
++++ b/drivers/scsi/qla2xxx/qla_inline.h
+@@ -577,7 +577,7 @@ fcport_is_bigger(fc_port_t *fcport)
+ static inline struct qla_qpair *
+ qla_mapq_nvme_select_qpair(struct qla_hw_data *ha, struct qla_qpair *qpair)
+ {
+- int cpuid = smp_processor_id();
++ int cpuid = raw_smp_processor_id();
+
+ if (qpair->cpuid != cpuid &&
+ ha->qp_cpu_map[cpuid]) {
+diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
+index a5e6246127ed3..cf1025c917267 100644
+--- a/drivers/scsi/qla2xxx/qla_isr.c
++++ b/drivers/scsi/qla2xxx/qla_isr.c
+@@ -3817,7 +3817,7 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha,
+ if (!ha->flags.fw_started)
+ return;
+
+- if (rsp->qpair->cpuid != smp_processor_id() || !rsp->qpair->rcv_intr) {
++ if (rsp->qpair->cpuid != raw_smp_processor_id() || !rsp->qpair->rcv_intr) {
+ rsp->qpair->rcv_intr = 1;
+ }
+
+@@ -4305,7 +4305,7 @@ qla2xxx_msix_rsp_q(int irq, void *dev_id)
+ }
+ ha = qpair->hw;
+
+- queue_work_on(smp_processor_id(), ha->wq, &qpair->q_work);
++ queue_work(ha->wq, &qpair->q_work);
+
+ return IRQ_HANDLED;
+ }
+@@ -4331,7 +4331,7 @@ qla2xxx_msix_rsp_q_hs(int irq, void *dev_id)
+ wrt_reg_dword(®->hccr, HCCRX_CLR_RISC_INT);
+ spin_unlock_irqrestore(&ha->hardware_lock, flags);
+
+- queue_work_on(smp_processor_id(), ha->wq, &qpair->q_work);
++ queue_work(ha->wq, &qpair->q_work);
+
+ return IRQ_HANDLED;
+ }
+diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
+index 545473a0ffc84..5a5beb41786ed 100644
+--- a/drivers/scsi/qla2xxx/qla_target.c
++++ b/drivers/scsi/qla2xxx/qla_target.c
+@@ -4442,8 +4442,7 @@ static int qlt_handle_cmd_for_atio(struct scsi_qla_host *vha,
+ queue_work_on(cmd->se_cmd.cpuid, qla_tgt_wq, &cmd->work);
+ } else if (ha->msix_count) {
+ if (cmd->atio.u.isp24.fcp_cmnd.rddata)
+- queue_work_on(smp_processor_id(), qla_tgt_wq,
+- &cmd->work);
++ queue_work(qla_tgt_wq, &cmd->work);
+ else
+ queue_work_on(cmd->se_cmd.cpuid, qla_tgt_wq,
+ &cmd->work);
+diff --git a/drivers/scsi/qla2xxx/tcm_qla2xxx.c b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
+index 8fa0056b56ddb..e54ee6770e79f 100644
+--- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c
++++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c
+@@ -310,7 +310,7 @@ static void tcm_qla2xxx_free_cmd(struct qla_tgt_cmd *cmd)
+ cmd->trc_flags |= TRC_CMD_DONE;
+
+ INIT_WORK(&cmd->work, tcm_qla2xxx_complete_free);
+- queue_work_on(smp_processor_id(), tcm_qla2xxx_free_wq, &cmd->work);
++ queue_work(tcm_qla2xxx_free_wq, &cmd->work);
+ }
+
+ /*
+@@ -557,7 +557,7 @@ static void tcm_qla2xxx_handle_data(struct qla_tgt_cmd *cmd)
+ cmd->trc_flags |= TRC_DATA_IN;
+ cmd->cmd_in_wq = 1;
+ INIT_WORK(&cmd->work, tcm_qla2xxx_handle_data_work);
+- queue_work_on(smp_processor_id(), tcm_qla2xxx_free_wq, &cmd->work);
++ queue_work(tcm_qla2xxx_free_wq, &cmd->work);
+ }
+
+ static int tcm_qla2xxx_chk_dif_tags(uint32_t tag)
+--
+2.40.1
+
i2c-mux-demux-pinctrl-check-the-return-value-of-devm.patch
i2c-mux-gpio-add-missing-fwnode_handle_put.patch
i2c-xiic-correct-return-value-check-for-xiic_reinit.patch
+arm-dts-bcm5301x-extend-ram-to-full-256mb-for-linksy.patch
+arm-dts-samsung-exynos4210-i9100-fix-lcd-screen-s-ph.patch
+arm-dts-qcom-msm8974pro-castor-correct-inverted-x-of.patch
+arm-dts-qcom-msm8974pro-castor-correct-touchscreen-f.patch
+arm-dts-qcom-msm8974pro-castor-correct-touchscreen-s.patch
+f2fs-optimize-iteration-over-sparse-directories.patch
+f2fs-get-out-of-a-repeat-loop-when-getting-a-locked-.patch
+s390-pkey-fix-pkey_type_ep11_aes-handling-in-pkey_cl.patch
+arm64-dts-qcom-sdm845-db845c-mark-cont-splash-memory.patch
+wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch
+wifi-ath11k-cleanup-mac80211-references-on-failure-d.patch
+scsi-qla2xxx-select-qpair-depending-on-which-cpu-pos.patch
+scsi-qla2xxx-use-raw_smp_processor_id-instead-of-smp.patch
+drm-amdkfd-flush-tlb-after-unmapping-for-gfx-v9.4.3.patch
+drm-amdkfd-insert-missing-tlb-flush-on-gfx10-and-lat.patch
--- /dev/null
+From 92dd5dbdd10402280500de0b2fecb27b8cc549c3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 22 Aug 2023 16:42:24 +0300
+Subject: wifi: ath11k: Cleanup mac80211 references on failure during
+ tx_complete
+
+From: Sven Eckelmann <sven@narfation.org>
+
+[ Upstream commit 29d15589f084d71a4ea8c544039c5839db0236e2 ]
+
+When a function is using functions from mac80211 to free an skb then it
+should do it consistently and not switch to the generic dev_kfree_skb_any
+(or similar functions). Otherwise (like in the error handlers), mac80211
+will will not be aware of the freed skb and thus not clean up related
+information in its internal data structures.
+
+Not doing so lead in the past to filled up structure which then prevented
+new clients to connect.
+
+Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
+Fixes: 6257c702264c ("wifi: ath11k: fix tx status reporting in encap offload mode")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sven Eckelmann <sven@narfation.org>
+Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
+Link: https://lore.kernel.org/r/20230802-ath11k-ack_status_leak-v2-2-c0af729d6229@narfation.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/ath/ath11k/dp_tx.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/wireless/ath/ath11k/dp_tx.c b/drivers/net/wireless/ath/ath11k/dp_tx.c
+index 08a28464eb7a9..64c8ccac22d27 100644
+--- a/drivers/net/wireless/ath/ath11k/dp_tx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_tx.c
+@@ -344,7 +344,7 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab,
+ dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
+
+ if (!skb_cb->vif) {
+- dev_kfree_skb_any(msdu);
++ ieee80211_free_txskb(ar->hw, msdu);
+ return;
+ }
+
+@@ -566,12 +566,12 @@ static void ath11k_dp_tx_complete_msdu(struct ath11k *ar,
+ dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
+
+ if (unlikely(!rcu_access_pointer(ab->pdevs_active[ar->pdev_idx]))) {
+- dev_kfree_skb_any(msdu);
++ ieee80211_free_txskb(ar->hw, msdu);
+ return;
+ }
+
+ if (unlikely(!skb_cb->vif)) {
+- dev_kfree_skb_any(msdu);
++ ieee80211_free_txskb(ar->hw, msdu);
+ return;
+ }
+
+--
+2.40.1
+
--- /dev/null
+From 9bbadbf7eb4631b635935bc15b3868a93e287505 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 17 Apr 2023 13:35:02 +0300
+Subject: wifi: ath11k: fix tx status reporting in encap offload mode
+
+From: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
+
+[ Upstream commit 6257c702264c44d74c6b71f0c62a7665da2dc356 ]
+
+ieee80211_tx_status() treats packets in 802.11 frame format and
+tries to extract sta address from packet header. When tx encap
+offload is enabled, this becomes invalid operation. Hence, switch
+to using ieee80211_tx_status_ext() after filling in station
+address for handling both 802.11 and 802.3 frames.
+
+Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
+
+Signed-off-by: Pradeep Kumar Chitrapu <quic_pradeepc@quicinc.com>
+Signed-off-by: Kalle Valo <quic_kvalo@quicinc.com>
+Link: https://lore.kernel.org/r/20230403195738.25367-2-quic_pradeepc@quicinc.com
+Stable-dep-of: 29d15589f084 ("wifi: ath11k: Cleanup mac80211 references on failure during tx_complete")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/wireless/ath/ath11k/dp.h | 4 +++
+ drivers/net/wireless/ath/ath11k/dp_tx.c | 33 ++++++++++++++++++++++++-
+ drivers/net/wireless/ath/ath11k/dp_tx.h | 1 +
+ 3 files changed, 37 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/wireless/ath/ath11k/dp.h b/drivers/net/wireless/ath/ath11k/dp.h
+index be9eafc872b3b..232fd2e638bf6 100644
+--- a/drivers/net/wireless/ath/ath11k/dp.h
++++ b/drivers/net/wireless/ath/ath11k/dp.h
+@@ -303,12 +303,16 @@ struct ath11k_dp {
+
+ #define HTT_TX_WBM_COMP_STATUS_OFFSET 8
+
++#define HTT_INVALID_PEER_ID 0xffff
++
+ /* HTT tx completion is overlaid in wbm_release_ring */
+ #define HTT_TX_WBM_COMP_INFO0_STATUS GENMASK(12, 9)
+ #define HTT_TX_WBM_COMP_INFO0_REINJECT_REASON GENMASK(16, 13)
+ #define HTT_TX_WBM_COMP_INFO0_REINJECT_REASON GENMASK(16, 13)
+
+ #define HTT_TX_WBM_COMP_INFO1_ACK_RSSI GENMASK(31, 24)
++#define HTT_TX_WBM_COMP_INFO2_SW_PEER_ID GENMASK(15, 0)
++#define HTT_TX_WBM_COMP_INFO2_VALID BIT(21)
+
+ struct htt_tx_wbm_completion {
+ u32 info0;
+diff --git a/drivers/net/wireless/ath/ath11k/dp_tx.c b/drivers/net/wireless/ath/ath11k/dp_tx.c
+index 8afbba2369354..08a28464eb7a9 100644
+--- a/drivers/net/wireless/ath/ath11k/dp_tx.c
++++ b/drivers/net/wireless/ath/ath11k/dp_tx.c
+@@ -316,10 +316,12 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab,
+ struct dp_tx_ring *tx_ring,
+ struct ath11k_dp_htt_wbm_tx_status *ts)
+ {
++ struct ieee80211_tx_status status = { 0 };
+ struct sk_buff *msdu;
+ struct ieee80211_tx_info *info;
+ struct ath11k_skb_cb *skb_cb;
+ struct ath11k *ar;
++ struct ath11k_peer *peer;
+
+ spin_lock(&tx_ring->tx_idr_lock);
+ msdu = idr_remove(&tx_ring->txbuf_idr, ts->msdu_id);
+@@ -341,6 +343,11 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab,
+
+ dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE);
+
++ if (!skb_cb->vif) {
++ dev_kfree_skb_any(msdu);
++ return;
++ }
++
+ memset(&info->status, 0, sizeof(info->status));
+
+ if (ts->acked) {
+@@ -355,7 +362,23 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab,
+ }
+ }
+
+- ieee80211_tx_status(ar->hw, msdu);
++ spin_lock_bh(&ab->base_lock);
++ peer = ath11k_peer_find_by_id(ab, ts->peer_id);
++ if (!peer || !peer->sta) {
++ ath11k_dbg(ab, ATH11K_DBG_DATA,
++ "dp_tx: failed to find the peer with peer_id %d\n",
++ ts->peer_id);
++ spin_unlock_bh(&ab->base_lock);
++ dev_kfree_skb_any(msdu);
++ return;
++ }
++ spin_unlock_bh(&ab->base_lock);
++
++ status.sta = peer->sta;
++ status.info = info;
++ status.skb = msdu;
++
++ ieee80211_tx_status_ext(ar->hw, &status);
+ }
+
+ static void
+@@ -379,7 +402,15 @@ ath11k_dp_tx_process_htt_tx_complete(struct ath11k_base *ab,
+ ts.msdu_id = msdu_id;
+ ts.ack_rssi = FIELD_GET(HTT_TX_WBM_COMP_INFO1_ACK_RSSI,
+ status_desc->info1);
++
++ if (FIELD_GET(HTT_TX_WBM_COMP_INFO2_VALID, status_desc->info2))
++ ts.peer_id = FIELD_GET(HTT_TX_WBM_COMP_INFO2_SW_PEER_ID,
++ status_desc->info2);
++ else
++ ts.peer_id = HTT_INVALID_PEER_ID;
++
+ ath11k_dp_tx_htt_tx_complete_buf(ab, tx_ring, &ts);
++
+ break;
+ case HAL_WBM_REL_HTT_TX_COMP_STATUS_REINJ:
+ case HAL_WBM_REL_HTT_TX_COMP_STATUS_INSPECT:
+diff --git a/drivers/net/wireless/ath/ath11k/dp_tx.h b/drivers/net/wireless/ath/ath11k/dp_tx.h
+index e87d65bfbf06e..68a21ea9b9346 100644
+--- a/drivers/net/wireless/ath/ath11k/dp_tx.h
++++ b/drivers/net/wireless/ath/ath11k/dp_tx.h
+@@ -13,6 +13,7 @@ struct ath11k_dp_htt_wbm_tx_status {
+ u32 msdu_id;
+ bool acked;
+ int ack_rssi;
++ u16 peer_id;
+ };
+
+ void ath11k_dp_tx_update_txcompl(struct ath11k *ar, struct hal_tx_status *ts);
+--
+2.40.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
