--- /dev/null
+From 738964df60326de0b8d12f98d4fd2c49710ee3c1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 4 Sep 2022 09:27:50 +0200
+Subject: ALSA: hda/sigmatel: Keep power up while beep is enabled
+
+From: Takashi Iwai <tiwai@suse.de>
+
+[ Upstream commit 414d38ba871092aeac4ed097ac4ced89486646f7 ]
+
+It seems that the beep playback doesn't work well on IDT codec devices
+when the codec auto-pm is enabled. Keep the power on while the beep
+switch is enabled.
+
+Link: https://bugzilla.suse.com/show_bug.cgi?id=1200544
+Link: https://lore.kernel.org/r/20220904072750.26164-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/pci/hda/patch_sigmatel.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
+index f7896a9ae3d6..73ce5c83e7e3 100644
+--- a/sound/pci/hda/patch_sigmatel.c
++++ b/sound/pci/hda/patch_sigmatel.c
+@@ -222,6 +222,7 @@ struct sigmatel_spec {
+
+ /* beep widgets */
+ hda_nid_t anabeep_nid;
++ bool beep_power_on;
+
+ /* SPDIF-out mux */
+ const char * const *spdif_labels;
+@@ -4481,6 +4482,26 @@ static int stac_suspend(struct hda_codec *codec)
+ stac_shutup(codec);
+ return 0;
+ }
++
++static int stac_check_power_status(struct hda_codec *codec, hda_nid_t nid)
++{
++ struct sigmatel_spec *spec = codec->spec;
++ int ret = snd_hda_gen_check_power_status(codec, nid);
++
++#ifdef CONFIG_SND_HDA_INPUT_BEEP
++ if (nid == spec->gen.beep_nid && codec->beep) {
++ if (codec->beep->enabled != spec->beep_power_on) {
++ spec->beep_power_on = codec->beep->enabled;
++ if (spec->beep_power_on)
++ snd_hda_power_up_pm(codec);
++ else
++ snd_hda_power_down_pm(codec);
++ }
++ ret |= spec->beep_power_on;
++ }
++#endif
++ return ret;
++}
+ #else
+ #define stac_suspend NULL
+ #endif /* CONFIG_PM */
+@@ -4493,6 +4514,7 @@ static const struct hda_codec_ops stac_patch_ops = {
+ .unsol_event = snd_hda_jack_unsol_event,
+ #ifdef CONFIG_PM
+ .suspend = stac_suspend,
++ .check_power_status = stac_check_power_status,
+ #endif
+ .reboot_notify = stac_shutup,
+ };
+--
+2.35.1
+
--- /dev/null
+From 9694bd7d0414ce4c440539e9fc00599852dd3b1f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 23 Aug 2022 10:09:57 +0200
+Subject: ASoC: nau8824: Fix semaphore unbalance at error paths
+
+From: Takashi Iwai <tiwai@suse.de>
+
+[ Upstream commit 5628560e90395d3812800a8e44a01c32ffa429ec ]
+
+The semaphore of nau8824 wasn't properly unlocked at some error
+handling code paths, hence this may result in the unbalance (and
+potential lock-up). Fix them to handle the semaphore up properly.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Link: https://lore.kernel.org/r/20220823081000.2965-3-tiwai@suse.de
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/codecs/nau8824.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+diff --git a/sound/soc/codecs/nau8824.c b/sound/soc/codecs/nau8824.c
+index e8ea51247b17..cc745374b828 100644
+--- a/sound/soc/codecs/nau8824.c
++++ b/sound/soc/codecs/nau8824.c
+@@ -1015,6 +1015,7 @@ static int nau8824_hw_params(struct snd_pcm_substream *substream,
+ struct snd_soc_codec *codec = dai->codec;
+ struct nau8824 *nau8824 = snd_soc_codec_get_drvdata(codec);
+ unsigned int val_len = 0, osr, ctrl_val, bclk_fs, bclk_div;
++ int err = -EINVAL;
+
+ nau8824_sema_acquire(nau8824, HZ);
+
+@@ -1031,7 +1032,7 @@ static int nau8824_hw_params(struct snd_pcm_substream *substream,
+ osr &= NAU8824_DAC_OVERSAMPLE_MASK;
+ if (nau8824_clock_check(nau8824, substream->stream,
+ nau8824->fs, osr))
+- return -EINVAL;
++ goto error;
+ regmap_update_bits(nau8824->regmap, NAU8824_REG_CLK_DIVIDER,
+ NAU8824_CLK_DAC_SRC_MASK,
+ osr_dac_sel[osr].clk_src << NAU8824_CLK_DAC_SRC_SFT);
+@@ -1041,7 +1042,7 @@ static int nau8824_hw_params(struct snd_pcm_substream *substream,
+ osr &= NAU8824_ADC_SYNC_DOWN_MASK;
+ if (nau8824_clock_check(nau8824, substream->stream,
+ nau8824->fs, osr))
+- return -EINVAL;
++ goto error;
+ regmap_update_bits(nau8824->regmap, NAU8824_REG_CLK_DIVIDER,
+ NAU8824_CLK_ADC_SRC_MASK,
+ osr_adc_sel[osr].clk_src << NAU8824_CLK_ADC_SRC_SFT);
+@@ -1062,7 +1063,7 @@ static int nau8824_hw_params(struct snd_pcm_substream *substream,
+ else if (bclk_fs <= 256)
+ bclk_div = 0;
+ else
+- return -EINVAL;
++ goto error;
+ regmap_update_bits(nau8824->regmap,
+ NAU8824_REG_PORT0_I2S_PCM_CTRL_2,
+ NAU8824_I2S_LRC_DIV_MASK | NAU8824_I2S_BLK_DIV_MASK,
+@@ -1083,15 +1084,17 @@ static int nau8824_hw_params(struct snd_pcm_substream *substream,
+ val_len |= NAU8824_I2S_DL_32;
+ break;
+ default:
+- return -EINVAL;
++ goto error;
+ }
+
+ regmap_update_bits(nau8824->regmap, NAU8824_REG_PORT0_I2S_PCM_CTRL_1,
+ NAU8824_I2S_DL_MASK, val_len);
++ err = 0;
+
++ error:
+ nau8824_sema_release(nau8824);
+
+- return 0;
++ return err;
+ }
+
+ static int nau8824_set_fmt(struct snd_soc_dai *dai, unsigned int fmt)
+@@ -1100,8 +1103,6 @@ static int nau8824_set_fmt(struct snd_soc_dai *dai, unsigned int fmt)
+ struct nau8824 *nau8824 = snd_soc_codec_get_drvdata(codec);
+ unsigned int ctrl1_val = 0, ctrl2_val = 0;
+
+- nau8824_sema_acquire(nau8824, HZ);
+-
+ switch (fmt & SND_SOC_DAIFMT_MASTER_MASK) {
+ case SND_SOC_DAIFMT_CBM_CFM:
+ ctrl2_val |= NAU8824_I2S_MS_MASTER;
+@@ -1143,6 +1144,8 @@ static int nau8824_set_fmt(struct snd_soc_dai *dai, unsigned int fmt)
+ return -EINVAL;
+ }
+
++ nau8824_sema_acquire(nau8824, HZ);
++
+ regmap_update_bits(nau8824->regmap, NAU8824_REG_PORT0_I2S_PCM_CTRL_1,
+ NAU8824_I2S_DF_MASK | NAU8824_I2S_BP_MASK |
+ NAU8824_I2S_PCMB_EN, ctrl1_val);
+--
+2.35.1
+
--- /dev/null
+From 25b8392d683db06cae579ada756cd7dbfc35be78 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 6 Sep 2022 11:59:43 +0200
+Subject: MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping()
+
+From: Alexander Sverdlin <alexander.sverdlin@nokia.com>
+
+[ Upstream commit ba912afbd611d3a5f22af247721a071ad1d5b9e0 ]
+
+For irq_domain_associate() to work the virq descriptor has to be
+pre-allocated in advance. Otherwise the following happens:
+
+WARNING: CPU: 0 PID: 0 at .../kernel/irq/irqdomain.c:527 irq_domain_associate+0x298/0x2e8
+error: virq128 is not allocated
+Modules linked in:
+CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.19.78-... #1
+ ...
+Call Trace:
+[<ffffffff801344c4>] show_stack+0x9c/0x130
+[<ffffffff80769550>] dump_stack+0x90/0xd0
+[<ffffffff801576d0>] __warn+0x118/0x130
+[<ffffffff80157734>] warn_slowpath_fmt+0x4c/0x70
+[<ffffffff801b83c0>] irq_domain_associate+0x298/0x2e8
+[<ffffffff80a43bb8>] octeon_irq_init_ciu+0x4c8/0x53c
+[<ffffffff80a76cbc>] of_irq_init+0x1e0/0x388
+[<ffffffff80a452cc>] init_IRQ+0x4c/0xf4
+[<ffffffff80a3cc00>] start_kernel+0x404/0x698
+
+Use irq_alloc_desc_at() to avoid the above problem.
+
+Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/cavium-octeon/octeon-irq.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/arch/mips/cavium-octeon/octeon-irq.c b/arch/mips/cavium-octeon/octeon-irq.c
+index a27b3d70393f..657e626cc41e 100644
+--- a/arch/mips/cavium-octeon/octeon-irq.c
++++ b/arch/mips/cavium-octeon/octeon-irq.c
+@@ -127,6 +127,16 @@ static void octeon_irq_free_cd(struct irq_domain *d, unsigned int irq)
+ static int octeon_irq_force_ciu_mapping(struct irq_domain *domain,
+ int irq, int line, int bit)
+ {
++ struct device_node *of_node;
++ int ret;
++
++ of_node = irq_domain_get_of_node(domain);
++ if (!of_node)
++ return -EINVAL;
++ ret = irq_alloc_desc_at(irq, of_node_to_nid(of_node));
++ if (ret < 0)
++ return ret;
++
+ return irq_domain_associate(domain, irq, line << 6 | bit);
+ }
+
+--
+2.35.1
+
--- /dev/null
+From 697cc5cac4f83dca1cbb08b7ae90da9e2eb64845 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 1 Sep 2022 19:10:59 +0800
+Subject: mksysmap: Fix the mismatch of 'L0' symbols in System.map
+
+From: Youling Tang <tangyouling@loongson.cn>
+
+[ Upstream commit c17a2538704f926ee4d167ba625e09b1040d8439 ]
+
+When System.map was generated, the kernel used mksysmap to filter the
+kernel symbols, we need to filter "L0" symbols in LoongArch architecture.
+
+$ cat System.map | grep L0
+9000000000221540 t L0
+
+The L0 symbol exists in System.map, but not in .tmp_System.map. When
+"cmp -s System.map .tmp_System.map" will show "Inconsistent kallsyms
+data" error message in link-vmlinux.sh script.
+
+Signed-off-by: Youling Tang <tangyouling@loongson.cn>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ scripts/mksysmap | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/mksysmap b/scripts/mksysmap
+index 9aa23d15862a..ad8bbc52267d 100755
+--- a/scripts/mksysmap
++++ b/scripts/mksysmap
+@@ -41,4 +41,4 @@
+ # so we just ignore them to let readprofile continue to work.
+ # (At least sparc64 has __crc_ in the middle).
+
+-$NM -n $1 | grep -v '\( [aNUw] \)\|\(__crc_\)\|\( \$[adt]\)\|\( \.L\)' > $2
++$NM -n $1 | grep -v '\( [aNUw] \)\|\(__crc_\)\|\( \$[adt]\)\|\( \.L\)\|\( L0\)' > $2
+--
+2.35.1
+
--- /dev/null
+From 0be52ee785ed5df955622f7a43c99c0eb08e8627 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 5 Sep 2022 09:24:52 +0800
+Subject: net: usb: qmi_wwan: add Quectel RM520N
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: jerry.meng <jerry-meng@foxmail.com>
+
+[ Upstream commit e1091e226a2bab4ded1fe26efba2aee1aab06450 ]
+
+add support for Quectel RM520N which is based on Qualcomm SDX62 chip.
+
+0x0801: DIAG + NMEA + AT + MODEM + RMNET
+
+T: Bus=03 Lev=01 Prnt=01 Port=01 Cnt=02 Dev#= 10 Spd=480 MxCh= 0
+D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
+P: Vendor=2c7c ProdID=0801 Rev= 5.04
+S: Manufacturer=Quectel
+S: Product=RM520N-GL
+S: SerialNumber=384af524
+C:* #Ifs= 5 Cfg#= 1 Atr=a0 MxPwr=500mA
+I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
+E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=40 Driver=option
+E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
+E: Ad=88(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
+E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+
+Signed-off-by: jerry.meng <jerry-meng@foxmail.com>
+Acked-by: Bjørn Mork <bjorn@mork.no>
+Link: https://lore.kernel.org/r/tencent_E50CA8A206904897C2D20DDAE90731183C05@qq.com
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/qmi_wwan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
+index 0c3129c9ac08..75c09ba6a45f 100644
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1049,6 +1049,7 @@ static const struct usb_device_id products[] = {
+ {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0512)}, /* Quectel EG12/EM12 */
+ {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0620)}, /* Quectel EM160R-GL */
+ {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0800)}, /* Quectel RM500Q-GL */
++ {QMI_MATCH_FF_FF_FF(0x2c7c, 0x0801)}, /* Quectel RM520N */
+
+ /* 3. Combined interface devices matching on interface number */
+ {QMI_FIXED_INTF(0x0408, 0xea42, 4)}, /* Yota / Megafon M100-1 */
+--
+2.35.1
+
--- /dev/null
+From db31fcf79c02c93e6bd655d66ed61d9fb94504bd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 25 Aug 2022 19:19:22 +0800
+Subject: regulator: pfuze100: Fix the global-out-of-bounds access in
+ pfuze100_regulator_probe()
+
+From: Xiaolei Wang <xiaolei.wang@windriver.com>
+
+[ Upstream commit 78e1e867f44e6bdc72c0e6a2609a3407642fb30b ]
+
+The pfuze_chip::regulator_descs is an array of size
+PFUZE100_MAX_REGULATOR, the pfuze_chip::pfuze_regulators
+is the pointer to the real regulators of a specific device.
+The number of real regulator is supposed to be less than
+the PFUZE100_MAX_REGULATOR, so we should use the size of
+'regulator_num * sizeof(struct pfuze_regulator)' in memcpy().
+This fixes the out of bounds access bug reported by KASAN.
+
+Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
+Link: https://lore.kernel.org/r/20220825111922.1368055-1-xiaolei.wang@windriver.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/regulator/pfuze100-regulator.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/regulator/pfuze100-regulator.c b/drivers/regulator/pfuze100-regulator.c
+index 587a6bf9037b..6b9c29d6825d 100644
+--- a/drivers/regulator/pfuze100-regulator.c
++++ b/drivers/regulator/pfuze100-regulator.c
+@@ -614,7 +614,7 @@ static int pfuze100_regulator_probe(struct i2c_client *client,
+ ((pfuze_chip->chip_id == PFUZE200) ? "200" : "3000"));
+
+ memcpy(pfuze_chip->regulator_descs, pfuze_chip->pfuze_regulators,
+- sizeof(pfuze_chip->regulator_descs));
++ regulator_num * sizeof(struct pfuze_regulator));
+
+ ret = pfuze_parse_regulators_dt(pfuze_chip);
+ if (ret)
+--
+2.35.1
+
efi-libstub-disable-shadow-call-stack.patch
efi-libstub-disable-struct-randomization.patch
cifs-don-t-send-down-the-destination-address-to-sendmsg-for-a-sock_stream.patch
+asoc-nau8824-fix-semaphore-unbalance-at-error-paths.patch
+regulator-pfuze100-fix-the-global-out-of-bounds-acce.patch
+alsa-hda-sigmatel-keep-power-up-while-beep-is-enable.patch
+net-usb-qmi_wwan-add-quectel-rm520n.patch
+mips-octeon-irq-fix-octeon_irq_force_ciu_mapping.patch
+mksysmap-fix-the-mismatch-of-l0-symbols-in-system.ma.patch
+video-fbdev-pxa3xx-gcu-fix-integer-overflow-in-pxa3x.patch
--- /dev/null
+From a5be1f41cfc1402a78b5961393f1f662e48b0857 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 20 Jun 2022 07:17:46 -0700
+Subject: video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
+
+From: Hyunwoo Kim <imv4bel@gmail.com>
+
+[ Upstream commit a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 ]
+
+In pxa3xx_gcu_write, a count parameter of type size_t is passed to words of
+type int. Then, copy_from_user() may cause a heap overflow because it is used
+as the third argument of copy_from_user().
+
+Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/video/fbdev/pxa3xx-gcu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/video/fbdev/pxa3xx-gcu.c b/drivers/video/fbdev/pxa3xx-gcu.c
+index 4febbe21b9b5..db861bb39150 100644
+--- a/drivers/video/fbdev/pxa3xx-gcu.c
++++ b/drivers/video/fbdev/pxa3xx-gcu.c
+@@ -391,7 +391,7 @@ pxa3xx_gcu_write(struct file *file, const char *buff,
+ struct pxa3xx_gcu_batch *buffer;
+ struct pxa3xx_gcu_priv *priv = to_pxa3xx_gcu_priv(file);
+
+- int words = count / 4;
++ size_t words = count / 4;
+
+ /* Does not need to be atomic. There's a lock in user space,
+ * but anyhow, this is just for statistics. */
+--
+2.35.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
