Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlice Ferrazzi <alicef@gentoo.org>2023-02-22 22:37:38 +0900
committerAlice Ferrazzi <alicef@gentoo.org>2023-02-22 23:47:47 +0900
commitbc9e3458a143fafb559f9aadb95be33ac8862701 (patch)
tree47fd36d8e08359aa734a7914768721c08eb28b56
parentLinux patch 4.14.305 (diff)
downloadlinux-patches-bc9e3458a143fafb559f9aadb95be33ac8862701.tar.gz
linux-patches-bc9e3458a143fafb559f9aadb95be33ac8862701.tar.bz2
linux-patches-bc9e3458a143fafb559f9aadb95be33ac8862701.zip
Linux patch 4.14.3064.14-317
Signed-off-by: Alice Ferrazzi <alicef@gentoo.org>
Diffstat
-rw-r--r--0000_README4
-rw-r--r--1305_linux-4.14.306.patch1356
2 files changed, 1360 insertions, 0 deletions
diff --git a/0000_README b/0000_README
index 49081a67..2237fcd1 100644
--- a/0000_README
+++ b/0000_README
@@ -1267,6 +1267,10 @@ Patch: 1304_linux-4.14.305.patch
From: https://www.kernel.org
Desc: Linux 4.14.305
+Patch: 1305_linux-4.14.306.patch
+From: https://www.kernel.org
+Desc: Linux 4.14.306
+
Patch: 1500_XATTR_USER_PREFIX.patch
From: https://bugs.gentoo.org/show_bug.cgi?id=470644
Desc: Support for namespace user.pax.* on tmpfs.
diff --git a/1305_linux-4.14.306.patch b/1305_linux-4.14.306.patch
new file mode 100644
index 00000000..56119ea9
--- /dev/null
+++ b/1305_linux-4.14.306.patch
@@ -0,0 +1,1356 @@
+diff --git a/Makefile b/Makefile
+index 9722d15186550..581f92d635a83 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0
+ VERSION = 4
+ PATCHLEVEL = 14
+-SUBLEVEL = 305
++SUBLEVEL = 306
+ EXTRAVERSION =
+ NAME = Petit Gorille
+
+diff --git a/arch/parisc/kernel/firmware.c b/arch/parisc/kernel/firmware.c
+index 6d471c00c71af..906b7c8825879 100644
+--- a/arch/parisc/kernel/firmware.c
++++ b/arch/parisc/kernel/firmware.c
+@@ -1197,7 +1197,7 @@ static char __attribute__((aligned(64))) iodc_dbuf[4096];
+ */
+ int pdc_iodc_print(const unsigned char *str, unsigned count)
+ {
+- unsigned int i;
++ unsigned int i, found = 0;
+ unsigned long flags;
+
+ for (i = 0; i < count;) {
+@@ -1206,6 +1206,7 @@ int pdc_iodc_print(const unsigned char *str, unsigned count)
+ iodc_dbuf[i+0] = '\r';
+ iodc_dbuf[i+1] = '\n';
+ i += 2;
++ found = 1;
+ goto print;
+ default:
+ iodc_dbuf[i] = str[i];
+@@ -1222,7 +1223,7 @@ print:
+ __pa(iodc_retbuf), 0, __pa(iodc_dbuf), i, 0);
+ spin_unlock_irqrestore(&pdc_lock, flags);
+
+- return i;
++ return i - found;
+ }
+
+ #if !defined(BOOTLOADER)
+diff --git a/arch/parisc/kernel/ptrace.c b/arch/parisc/kernel/ptrace.c
+index f468a5b445085..c18731c0e8347 100644
+--- a/arch/parisc/kernel/ptrace.c
++++ b/arch/parisc/kernel/ptrace.c
+@@ -132,6 +132,12 @@ long arch_ptrace(struct task_struct *child, long request,
+ unsigned long tmp;
+ long ret = -EIO;
+
++ unsigned long user_regs_struct_size = sizeof(struct user_regs_struct);
++#ifdef CONFIG_64BIT
++ if (is_compat_task())
++ user_regs_struct_size /= 2;
++#endif
++
+ switch (request) {
+
+ /* Read the word at location addr in the USER area. For ptraced
+@@ -187,14 +193,14 @@ long arch_ptrace(struct task_struct *child, long request,
+ return copy_regset_to_user(child,
+ task_user_regset_view(current),
+ REGSET_GENERAL,
+- 0, sizeof(struct user_regs_struct),
++ 0, user_regs_struct_size,
+ datap);
+
+ case PTRACE_SETREGS: /* Set all gp regs in the child. */
+ return copy_regset_from_user(child,
+ task_user_regset_view(current),
+ REGSET_GENERAL,
+- 0, sizeof(struct user_regs_struct),
++ 0, user_regs_struct_size,
+ datap);
+
+ case PTRACE_GETFPREGS: /* Get the child FPU state. */
+@@ -308,6 +314,11 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
+ }
+ }
+ break;
++ case PTRACE_GETREGS:
++ case PTRACE_SETREGS:
++ case PTRACE_GETFPREGS:
++ case PTRACE_SETFPREGS:
++ return arch_ptrace(child, request, addr, data);
+
+ default:
+ ret = compat_ptrace_request(child, request, addr, data);
+diff --git a/arch/x86/kernel/fpu/init.c b/arch/x86/kernel/fpu/init.c
+index a3a570df6be1c..9692ccc583bb3 100644
+--- a/arch/x86/kernel/fpu/init.c
++++ b/arch/x86/kernel/fpu/init.c
+@@ -138,6 +138,9 @@ static void __init fpu__init_system_generic(void)
+ unsigned int fpu_kernel_xstate_size;
+ EXPORT_SYMBOL_GPL(fpu_kernel_xstate_size);
+
++/* Get alignment of the TYPE. */
++#define TYPE_ALIGN(TYPE) offsetof(struct { char x; TYPE test; }, test)
++
+ /*
+ * Enforce that 'MEMBER' is the last field of 'TYPE'.
+ *
+@@ -145,8 +148,8 @@ EXPORT_SYMBOL_GPL(fpu_kernel_xstate_size);
+ * because that's how C aligns structs.
+ */
+ #define CHECK_MEMBER_AT_END_OF(TYPE, MEMBER) \
+- BUILD_BUG_ON(sizeof(TYPE) != \
+- ALIGN(offsetofend(TYPE, MEMBER), _Alignof(TYPE)))
++ BUILD_BUG_ON(sizeof(TYPE) != ALIGN(offsetofend(TYPE, MEMBER), \
++ TYPE_ALIGN(TYPE)))
+
+ /*
+ * We append the 'struct fpu' to the task_struct:
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
+index 4729492b84487..ffd0afab702de 100644
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -3419,12 +3419,11 @@ static void kvm_vcpu_ioctl_x86_get_debugregs(struct kvm_vcpu *vcpu,
+ {
+ unsigned long val;
+
++ memset(dbgregs, 0, sizeof(*dbgregs));
+ memcpy(dbgregs->db, vcpu->arch.db, sizeof(vcpu->arch.db));
+ kvm_get_dr(vcpu, 6, &val);
+ dbgregs->dr6 = val;
+ dbgregs->dr7 = vcpu->arch.dr7;
+- dbgregs->flags = 0;
+- memset(&dbgregs->reserved, 0, sizeof(dbgregs->reserved));
+ }
+
+ static int kvm_vcpu_ioctl_x86_set_debugregs(struct kvm_vcpu *vcpu,
+diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c
+index d3fb350dc9eea..bf4db708f0bd3 100644
+--- a/drivers/bus/sunxi-rsb.c
++++ b/drivers/bus/sunxi-rsb.c
+@@ -783,7 +783,13 @@ static int __init sunxi_rsb_init(void)
+ return ret;
+ }
+
+- return platform_driver_register(&sunxi_rsb_driver);
++ ret = platform_driver_register(&sunxi_rsb_driver);
++ if (ret) {
++ bus_unregister(&sunxi_rsb_bus);
++ return ret;
++ }
++
++ return 0;
+ }
+ module_init(sunxi_rsb_init);
+
+diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
+index 00cea6cb5ef7d..bedc62efdd930 100644
+--- a/drivers/firewire/core-cdev.c
++++ b/drivers/firewire/core-cdev.c
+@@ -831,8 +831,10 @@ static int ioctl_send_response(struct client *client, union ioctl_arg *arg)
+
+ r = container_of(resource, struct inbound_transaction_resource,
+ resource);
+- if (is_fcp_request(r->request))
++ if (is_fcp_request(r->request)) {
++ kfree(r->data);
+ goto out;
++ }
+
+ if (a->length != fw_get_response_length(r->request)) {
+ ret = -EINVAL;
+diff --git a/drivers/firmware/efi/memattr.c b/drivers/firmware/efi/memattr.c
+index e0889922cc6d7..a1ef30fca360d 100644
+--- a/drivers/firmware/efi/memattr.c
++++ b/drivers/firmware/efi/memattr.c
+@@ -35,7 +35,7 @@ int __init efi_memattr_init(void)
+ return -ENOMEM;
+ }
+
+- if (tbl->version > 1) {
++ if (tbl->version > 2) {
+ pr_warn("Unexpected EFI Memory Attributes table version %d\n",
+ tbl->version);
+ goto unmap;
+diff --git a/drivers/iio/accel/hid-sensor-accel-3d.c b/drivers/iio/accel/hid-sensor-accel-3d.c
+index fc210d88bba90..fa3fc493a8d1f 100644
+--- a/drivers/iio/accel/hid-sensor-accel-3d.c
++++ b/drivers/iio/accel/hid-sensor-accel-3d.c
+@@ -293,6 +293,7 @@ static int accel_3d_capture_sample(struct hid_sensor_hub_device *hsdev,
+ hid_sensor_convert_timestamp(
+ &accel_state->common_attributes,
+ *(int64_t *)raw_data);
++ ret = 0;
+ break;
+ default:
+ break;
+diff --git a/drivers/iio/adc/berlin2-adc.c b/drivers/iio/adc/berlin2-adc.c
+index 71c806ecc7228..a4b5747ac3d4f 100644
+--- a/drivers/iio/adc/berlin2-adc.c
++++ b/drivers/iio/adc/berlin2-adc.c
+@@ -290,8 +290,10 @@ static int berlin2_adc_probe(struct platform_device *pdev)
+ int ret;
+
+ indio_dev = devm_iio_device_alloc(&pdev->dev, sizeof(*priv));
+- if (!indio_dev)
++ if (!indio_dev) {
++ of_node_put(parent_np);
+ return -ENOMEM;
++ }
+
+ priv = iio_priv(indio_dev);
+ platform_set_drvdata(pdev, indio_dev);
+diff --git a/drivers/iio/adc/twl6030-gpadc.c b/drivers/iio/adc/twl6030-gpadc.c
+index 6a4ec58eb9c55..8ccd0bc23ca87 100644
+--- a/drivers/iio/adc/twl6030-gpadc.c
++++ b/drivers/iio/adc/twl6030-gpadc.c
+@@ -71,6 +71,18 @@
+ #define TWL6030_GPADCS BIT(1)
+ #define TWL6030_GPADCR BIT(0)
+
++#define USB_VBUS_CTRL_SET 0x04
++#define USB_ID_CTRL_SET 0x06
++
++#define TWL6030_MISC1 0xE4
++#define VBUS_MEAS 0x01
++#define ID_MEAS 0x01
++
++#define VAC_MEAS 0x04
++#define VBAT_MEAS 0x02
++#define BB_MEAS 0x01
++
++
+ /**
+ * struct twl6030_chnl_calib - channel calibration
+ * @gain: slope coefficient for ideal curve
+@@ -943,6 +955,26 @@ static int twl6030_gpadc_probe(struct platform_device *pdev)
+ return ret;
+ }
+
++ ret = twl_i2c_write_u8(TWL_MODULE_USB, VBUS_MEAS, USB_VBUS_CTRL_SET);
++ if (ret < 0) {
++ dev_err(dev, "failed to wire up inputs\n");
++ return ret;
++ }
++
++ ret = twl_i2c_write_u8(TWL_MODULE_USB, ID_MEAS, USB_ID_CTRL_SET);
++ if (ret < 0) {
++ dev_err(dev, "failed to wire up inputs\n");
++ return ret;
++ }
++
++ ret = twl_i2c_write_u8(TWL6030_MODULE_ID0,
++ VBAT_MEAS | BB_MEAS | BB_MEAS,
++ TWL6030_MISC1);
++ if (ret < 0) {
++ dev_err(dev, "failed to wire up inputs\n");
++ return ret;
++ }
++
+ indio_dev->name = DRIVER_NAME;
+ indio_dev->dev.parent = dev;
+ indio_dev->info = &twl6030_gpadc_iio_info;
+diff --git a/drivers/mmc/core/sdio_bus.c b/drivers/mmc/core/sdio_bus.c
+index 2441799605ddc..d9be64aeae70e 100644
+--- a/drivers/mmc/core/sdio_bus.c
++++ b/drivers/mmc/core/sdio_bus.c
+@@ -267,6 +267,12 @@ static void sdio_release_func(struct device *dev)
+ if (!(func->card->quirks & MMC_QUIRK_NONSTD_SDIO))
+ sdio_free_func_cis(func);
+
++ /*
++ * We have now removed the link to the tuples in the
++ * card structure, so remove the reference.
++ */
++ put_device(&func->card->dev);
++
+ kfree(func->info);
+ kfree(func->tmpbuf);
+ kfree(func);
+@@ -297,6 +303,12 @@ struct sdio_func *sdio_alloc_func(struct mmc_card *card)
+
+ device_initialize(&func->dev);
+
++ /*
++ * We may link to tuples in the card structure,
++ * we need make sure we have a reference to it.
++ */
++ get_device(&func->card->dev);
++
+ func->dev.parent = &card->dev;
+ func->dev.bus = &sdio_bus_type;
+ func->dev.release = sdio_release_func;
+@@ -350,10 +362,9 @@ int sdio_add_func(struct sdio_func *func)
+ */
+ void sdio_remove_func(struct sdio_func *func)
+ {
+- if (!sdio_func_present(func))
+- return;
++ if (sdio_func_present(func))
++ device_del(&func->dev);
+
+- device_del(&func->dev);
+ of_node_put(func->dev.of_node);
+ put_device(&func->dev);
+ }
+diff --git a/drivers/mmc/core/sdio_cis.c b/drivers/mmc/core/sdio_cis.c
+index dca72444b3122..f741eb24c3de8 100644
+--- a/drivers/mmc/core/sdio_cis.c
++++ b/drivers/mmc/core/sdio_cis.c
+@@ -387,12 +387,6 @@ int sdio_read_func_cis(struct sdio_func *func)
+ if (ret)
+ return ret;
+
+- /*
+- * Since we've linked to tuples in the card structure,
+- * we must make sure we have a reference to it.
+- */
+- get_device(&func->card->dev);
+-
+ /*
+ * Vendor/device id is optional for function CIS, so
+ * copy it from the card structure as needed.
+@@ -418,11 +412,5 @@ void sdio_free_func_cis(struct sdio_func *func)
+ }
+
+ func->tuples = NULL;
+-
+- /*
+- * We have now removed the link to the tuples in the
+- * card structure, so remove the reference.
+- */
+- put_device(&func->card->dev);
+ }
+
+diff --git a/drivers/net/ethernet/broadcom/bgmac-bcma.c b/drivers/net/ethernet/broadcom/bgmac-bcma.c
+index 98f1057650daa..5464252793ef0 100644
+--- a/drivers/net/ethernet/broadcom/bgmac-bcma.c
++++ b/drivers/net/ethernet/broadcom/bgmac-bcma.c
+@@ -222,12 +222,12 @@ static int bgmac_probe(struct bcma_device *core)
+ bgmac->feature_flags |= BGMAC_FEAT_CLKCTLST;
+ bgmac->feature_flags |= BGMAC_FEAT_FLW_CTRL1;
+ bgmac->feature_flags |= BGMAC_FEAT_SW_TYPE_PHY;
+- if (ci->pkg == BCMA_PKG_ID_BCM47188 ||
+- ci->pkg == BCMA_PKG_ID_BCM47186) {
++ if ((ci->id == BCMA_CHIP_ID_BCM5357 && ci->pkg == BCMA_PKG_ID_BCM47186) ||
++ (ci->id == BCMA_CHIP_ID_BCM53572 && ci->pkg == BCMA_PKG_ID_BCM47188)) {
+ bgmac->feature_flags |= BGMAC_FEAT_SW_TYPE_RGMII;
+ bgmac->feature_flags |= BGMAC_FEAT_IOST_ATTACHED;
+ }
+- if (ci->pkg == BCMA_PKG_ID_BCM5358)
++ if (ci->id == BCMA_CHIP_ID_BCM5357 && ci->pkg == BCMA_PKG_ID_BCM5358)
+ bgmac->feature_flags |= BGMAC_FEAT_SW_TYPE_EPHYRMII;
+ break;
+ case BCMA_CHIP_ID_BCM53573:
+diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
+index db1d784d4bd77..de8a713db078f 100644
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
+@@ -2480,7 +2480,7 @@ static int i40e_change_mtu(struct net_device *netdev, int new_mtu)
+ struct i40e_pf *pf = vsi->back;
+
+ if (i40e_enabled_xdp_vsi(vsi)) {
+- int frame_size = new_mtu + ETH_HLEN + ETH_FCS_LEN + VLAN_HLEN;
++ int frame_size = new_mtu + I40E_PACKET_HDR_PAD;
+
+ if (frame_size > i40e_max_xdp_frame_size(vsi))
+ return -EINVAL;
+@@ -9453,6 +9453,8 @@ static int i40e_ndo_bridge_setlink(struct net_device *dev,
+ }
+
+ br_spec = nlmsg_find_attr(nlh, sizeof(struct ifinfomsg), IFLA_AF_SPEC);
++ if (!br_spec)
++ return -EINVAL;
+
+ nla_for_each_nested(attr, br_spec, rem) {
+ __u16 mode;
+diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
+index 07951b43de21e..6fef12235ae43 100644
+--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c
+@@ -500,7 +500,7 @@ stmmac_probe_config_dt(struct platform_device *pdev, const char **mac)
+ dma_cfg->mixed_burst = of_property_read_bool(np, "snps,mixed-burst");
+
+ plat->force_thresh_dma_mode = of_property_read_bool(np, "snps,force_thresh_dma_mode");
+- if (plat->force_thresh_dma_mode) {
++ if (plat->force_thresh_dma_mode && plat->force_sf_dma_mode) {
+ plat->force_sf_dma_mode = 0;
+ pr_warn("force_sf_dma_mode is ignored if force_thresh_dma_mode is set.");
+ }
+diff --git a/drivers/net/usb/kalmia.c b/drivers/net/usb/kalmia.c
+index c677ec2bae183..840099580f4e9 100644
+--- a/drivers/net/usb/kalmia.c
++++ b/drivers/net/usb/kalmia.c
+@@ -69,8 +69,8 @@ kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len,
+ init_msg, init_msg_len, &act_len, KALMIA_USB_TIMEOUT);
+ if (status != 0) {
+ netdev_err(dev->net,
+- "Error sending init packet. Status %i, length %i\n",
+- status, act_len);
++ "Error sending init packet. Status %i\n",
++ status);
+ return status;
+ }
+ else if (act_len != init_msg_len) {
+@@ -87,8 +87,8 @@ kalmia_send_init_packet(struct usbnet *dev, u8 *init_msg, u8 init_msg_len,
+
+ if (status != 0)
+ netdev_err(dev->net,
+- "Error receiving init result. Status %i, length %i\n",
+- status, act_len);
++ "Error receiving init result. Status %i\n",
++ status);
+ else if (act_len != expected_len)
+ netdev_err(dev->net, "Unexpected init result length: %i\n",
+ act_len);
+diff --git a/drivers/net/usb/plusb.c b/drivers/net/usb/plusb.c
+index 6fe59373cba9b..8bab7306e5a68 100644
+--- a/drivers/net/usb/plusb.c
++++ b/drivers/net/usb/plusb.c
+@@ -69,9 +69,7 @@
+ static inline int
+ pl_vendor_req(struct usbnet *dev, u8 req, u8 val, u8 index)
+ {
+- return usbnet_read_cmd(dev, req,
+- USB_DIR_IN | USB_TYPE_VENDOR |
+- USB_RECIP_DEVICE,
++ return usbnet_write_cmd(dev, req, USB_TYPE_VENDOR | USB_RECIP_DEVICE,
+ val, index, NULL, 0);
+ }
+
+diff --git a/drivers/nvme/target/fc.c b/drivers/nvme/target/fc.c
+index df1c6dee255bf..b702bdc589551 100644
+--- a/drivers/nvme/target/fc.c
++++ b/drivers/nvme/target/fc.c
+@@ -1301,8 +1301,10 @@ nvmet_fc_ls_create_association(struct nvmet_fc_tgtport *tgtport,
+ else {
+ queue = nvmet_fc_alloc_target_queue(iod->assoc, 0,
+ be16_to_cpu(rqst->assoc_cmd.sqsize));
+- if (!queue)
++ if (!queue) {
+ ret = VERR_QUEUE_ALLOC_FAIL;
++ nvmet_fc_tgt_a_put(iod->assoc);
++ }
+ }
+ }
+
+diff --git a/drivers/pinctrl/aspeed/pinctrl-aspeed.c b/drivers/pinctrl/aspeed/pinctrl-aspeed.c
+index 5249033ed413e..b7155377a86d6 100644
+--- a/drivers/pinctrl/aspeed/pinctrl-aspeed.c
++++ b/drivers/pinctrl/aspeed/pinctrl-aspeed.c
+@@ -295,7 +295,7 @@ static int aspeed_disable_sig(const struct aspeed_sig_expr **exprs,
+ int ret = 0;
+
+ if (!exprs)
+- return true;
++ return -EINVAL;
+
+ while (*exprs && !ret) {
+ ret = aspeed_sig_expr_disable(*exprs, maps);
+diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c
+index d633737a3bf95..44936fca576ed 100644
+--- a/drivers/pinctrl/pinctrl-single.c
++++ b/drivers/pinctrl/pinctrl-single.c
+@@ -339,6 +339,8 @@ static int pcs_set_mux(struct pinctrl_dev *pctldev, unsigned fselector,
+ if (!pcs->fmask)
+ return 0;
+ function = pinmux_generic_get_function(pctldev, fselector);
++ if (!function)
++ return -EINVAL;
+ func = function->data;
+ if (!func)
+ return -EINVAL;
+diff --git a/drivers/scsi/iscsi_tcp.c b/drivers/scsi/iscsi_tcp.c
+index e3ca16043f9af..9161fe8fba880 100644
+--- a/drivers/scsi/iscsi_tcp.c
++++ b/drivers/scsi/iscsi_tcp.c
+@@ -773,7 +773,7 @@ static int iscsi_sw_tcp_host_get_param(struct Scsi_Host *shost,
+ enum iscsi_host_param param, char *buf)
+ {
+ struct iscsi_sw_tcp_host *tcp_sw_host = iscsi_host_priv(shost);
+- struct iscsi_session *session = tcp_sw_host->session;
++ struct iscsi_session *session;
+ struct iscsi_conn *conn;
+ struct iscsi_tcp_conn *tcp_conn;
+ struct iscsi_sw_tcp_conn *tcp_sw_conn;
+@@ -782,6 +782,7 @@ static int iscsi_sw_tcp_host_get_param(struct Scsi_Host *shost,
+
+ switch (param) {
+ case ISCSI_HOST_PARAM_IPADDRESS:
++ session = tcp_sw_host->session;
+ if (!session)
+ return -ENOTCONN;
+
+@@ -870,12 +871,14 @@ iscsi_sw_tcp_session_create(struct iscsi_endpoint *ep, uint16_t cmds_max,
+ if (!cls_session)
+ goto remove_host;
+ session = cls_session->dd_data;
+- tcp_sw_host = iscsi_host_priv(shost);
+- tcp_sw_host->session = session;
+
+ shost->can_queue = session->scsi_cmds_max;
+ if (iscsi_tcp_r2tpool_alloc(session))
+ goto remove_session;
++
++ /* We are now fully setup so expose the session to sysfs. */
++ tcp_sw_host = iscsi_host_priv(shost);
++ tcp_sw_host->session = session;
+ return cls_session;
+
+ remove_session:
+diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c
+index 9c7bc1ca341a6..e72bfb10a3f07 100644
+--- a/drivers/target/target_core_tmr.c
++++ b/drivers/target/target_core_tmr.c
+@@ -114,8 +114,8 @@ static bool __target_check_io_state(struct se_cmd *se_cmd,
+ {
+ struct se_session *sess = se_cmd->se_sess;
+
+- assert_spin_locked(&sess->sess_cmd_lock);
+- WARN_ON_ONCE(!irqs_disabled());
++ lockdep_assert_held(&sess->sess_cmd_lock);
++
+ /*
+ * If command already reached CMD_T_COMPLETE state within
+ * target_complete_cmd() or CMD_T_FABRIC_STOP due to shutdown,
+diff --git a/drivers/tty/serial/8250/8250_dma.c b/drivers/tty/serial/8250/8250_dma.c
+index 26f17456b0d76..383ed9966cfc8 100644
+--- a/drivers/tty/serial/8250/8250_dma.c
++++ b/drivers/tty/serial/8250/8250_dma.c
+@@ -52,19 +52,39 @@ static void __dma_rx_complete(void *param)
+ struct uart_8250_dma *dma = p->dma;
+ struct tty_port *tty_port = &p->port.state->port;
+ struct dma_tx_state state;
++ enum dma_status dma_status;
+ int count;
+
+- dma->rx_running = 0;
+- dmaengine_tx_status(dma->rxchan, dma->rx_cookie, &state);
++ /*
++ * New DMA Rx can be started during the completion handler before it
++ * could acquire port's lock and it might still be ongoing. Don't to
++ * anything in such case.
++ */
++ dma_status = dmaengine_tx_status(dma->rxchan, dma->rx_cookie, &state);
++ if (dma_status == DMA_IN_PROGRESS)
++ return;
+
+ count = dma->rx_size - state.residue;
+
+ tty_insert_flip_string(tty_port, dma->rx_buf, count);
+ p->port.icount.rx += count;
++ dma->rx_running = 0;
+
+ tty_flip_buffer_push(tty_port);
+ }
+
++static void dma_rx_complete(void *param)
++{
++ struct uart_8250_port *p = param;
++ struct uart_8250_dma *dma = p->dma;
++ unsigned long flags;
++
++ spin_lock_irqsave(&p->port.lock, flags);
++ if (dma->rx_running)
++ __dma_rx_complete(p);
++ spin_unlock_irqrestore(&p->port.lock, flags);
++}
++
+ int serial8250_tx_dma(struct uart_8250_port *p)
+ {
+ struct uart_8250_dma *dma = p->dma;
+@@ -130,7 +150,7 @@ int serial8250_rx_dma(struct uart_8250_port *p)
+ return -EBUSY;
+
+ dma->rx_running = 1;
+- desc->callback = __dma_rx_complete;
++ desc->callback = dma_rx_complete;
+ desc->callback_param = p;
+
+ dma->rx_cookie = dmaengine_submit(desc);
+diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c
+index c102c7a9a3b4f..60a49b87cc643 100644
+--- a/drivers/usb/core/quirks.c
++++ b/drivers/usb/core/quirks.c
+@@ -340,6 +340,9 @@ static const struct usb_device_id usb_quirk_list[] = {
+ /* DJI CineSSD */
+ { USB_DEVICE(0x2ca3, 0x0031), .driver_info = USB_QUIRK_NO_LPM },
+
++ /* Alcor Link AK9563 SC Reader used in 2022 Lenovo ThinkPads */
++ { USB_DEVICE(0x2ce3, 0x9563), .driver_info = USB_QUIRK_NO_LPM },
++
+ /* DELL USB GEN2 */
+ { USB_DEVICE(0x413c, 0xb062), .driver_info = USB_QUIRK_NO_LPM | USB_QUIRK_RESET_RESUME },
+
+diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c
+index 946cf039edddb..ba9af04ad37ac 100644
+--- a/drivers/usb/gadget/function/f_fs.c
++++ b/drivers/usb/gadget/function/f_fs.c
+@@ -274,8 +274,10 @@ static int __ffs_ep0_queue_wait(struct ffs_data *ffs, char *data, size_t len)
+ struct usb_request *req = ffs->ep0req;
+ int ret;
+
+- if (!req)
++ if (!req) {
++ spin_unlock_irq(&ffs->ev.waitq.lock);
+ return -EINVAL;
++ }
+
+ req->zero = len < le16_to_cpu(ffs->ev.setup.wLength);
+
+diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
+index a97e94b1c84f0..73d6187efc735 100644
+--- a/drivers/video/fbdev/core/fbcon.c
++++ b/drivers/video/fbdev/core/fbcon.c
+@@ -2450,9 +2450,12 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font, unsigne
+ h > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres))
+ return -EINVAL;
+
++ if (font->width > 32 || font->height > 32)
++ return -EINVAL;
++
+ /* Make sure drawing engine can handle the font */
+- if (!(info->pixmap.blit_x & (1 << (font->width - 1))) ||
+- !(info->pixmap.blit_y & (1 << (font->height - 1))))
++ if (!(info->pixmap.blit_x & BIT(font->width - 1)) ||
++ !(info->pixmap.blit_y & BIT(font->height - 1)))
+ return -EINVAL;
+
+ /* Make sure driver can handle the font length */
+diff --git a/drivers/watchdog/diag288_wdt.c b/drivers/watchdog/diag288_wdt.c
+index 806a04a676b7e..561797c3b2028 100644
+--- a/drivers/watchdog/diag288_wdt.c
++++ b/drivers/watchdog/diag288_wdt.c
+@@ -88,7 +88,7 @@ static int __diag288(unsigned int func, unsigned int timeout,
+ "1:\n"
+ EX_TABLE(0b, 1b)
+ : "+d" (err) : "d"(__func), "d"(__timeout),
+- "d"(__action), "d"(__len) : "1", "cc");
++ "d"(__action), "d"(__len) : "1", "cc", "memory");
+ return err;
+ }
+
+@@ -274,12 +274,21 @@ static int __init diag288_init(void)
+ char ebc_begin[] = {
+ 194, 197, 199, 201, 213
+ };
++ char *ebc_cmd;
+
+ watchdog_set_nowayout(&wdt_dev, nowayout_info);
+
+ if (MACHINE_IS_VM) {
+- if (__diag288_vm(WDT_FUNC_INIT, 15,
+- ebc_begin, sizeof(ebc_begin)) != 0) {
++ ebc_cmd = kmalloc(sizeof(ebc_begin), GFP_KERNEL);
++ if (!ebc_cmd) {
++ pr_err("The watchdog cannot be initialized\n");
++ return -ENOMEM;
++ }
++ memcpy(ebc_cmd, ebc_begin, sizeof(ebc_begin));
++ ret = __diag288_vm(WDT_FUNC_INIT, 15,
++ ebc_cmd, sizeof(ebc_begin));
++ kfree(ebc_cmd);
++ if (ret != 0) {
+ pr_err("The watchdog cannot be initialized\n");
+ return -EINVAL;
+ }
+diff --git a/fs/aio.c b/fs/aio.c
+index a2de58f77338d..2eb3dba5ed166 100644
+--- a/fs/aio.c
++++ b/fs/aio.c
+@@ -328,6 +328,9 @@ static int aio_ring_mremap(struct vm_area_struct *vma)
+ spin_lock(&mm->ioctx_lock);
+ rcu_read_lock();
+ table = rcu_dereference(mm->ioctx_table);
++ if (!table)
++ goto out_unlock;
++
+ for (i = 0; i < table->nr; i++) {
+ struct kioctx *ctx;
+
+@@ -341,6 +344,7 @@ static int aio_ring_mremap(struct vm_area_struct *vma)
+ }
+ }
+
++out_unlock:
+ rcu_read_unlock();
+ spin_unlock(&mm->ioctx_lock);
+ return res;
+diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
+index 8df4aedb31382..455d8f8b9dfb5 100644
+--- a/fs/btrfs/volumes.c
++++ b/fs/btrfs/volumes.c
+@@ -1397,7 +1397,7 @@ again:
+ goto out;
+ }
+
+- while (1) {
++ while (search_start < search_end) {
+ l = path->nodes[0];
+ slot = path->slots[0];
+ if (slot >= btrfs_header_nritems(l)) {
+@@ -1420,6 +1420,9 @@ again:
+ if (key.type != BTRFS_DEV_EXTENT_KEY)
+ goto next;
+
++ if (key.offset > search_end)
++ break;
++
+ if (key.offset > search_start) {
+ hole_size = key.offset - search_start;
+
+@@ -1494,6 +1497,7 @@ next:
+ else
+ ret = 0;
+
++ ASSERT(max_hole_start + max_hole_size <= search_end);
+ out:
+ btrfs_free_path(path);
+ *start = max_hole_start;
+diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c
+index 1d2c3d7711feb..e79a293345399 100644
+--- a/fs/nilfs2/ioctl.c
++++ b/fs/nilfs2/ioctl.c
+@@ -1144,7 +1144,14 @@ static int nilfs_ioctl_set_alloc_range(struct inode *inode, void __user *argp)
+
+ minseg = range[0] + segbytes - 1;
+ do_div(minseg, segbytes);
++
++ if (range[1] < 4096)
++ goto out;
++
+ maxseg = NILFS_SB2_OFFSET_BYTES(range[1]);
++ if (maxseg < segbytes)
++ goto out;
++
+ do_div(maxseg, segbytes);
+ maxseg--;
+
+diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c
+index 36e60a45a1bfc..16acf5e78a3c6 100644
+--- a/fs/nilfs2/super.c
++++ b/fs/nilfs2/super.c
+@@ -420,6 +420,15 @@ int nilfs_resize_fs(struct super_block *sb, __u64 newsize)
+ if (newsize > devsize)
+ goto out;
+
++ /*
++ * Prevent underflow in second superblock position calculation.
++ * The exact minimum size check is done in nilfs_sufile_resize().
++ */
++ if (newsize < 4096) {
++ ret = -ENOSPC;
++ goto out;
++ }
++
+ /*
+ * Write lock is required to protect some functions depending
+ * on the number of segments, the number of reserved segments,
+diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c
+index 3e143c2da06da..1d5ecb1e2e10d 100644
+--- a/fs/nilfs2/the_nilfs.c
++++ b/fs/nilfs2/the_nilfs.c
+@@ -526,9 +526,15 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs,
+ {
+ struct nilfs_super_block **sbp = nilfs->ns_sbp;
+ struct buffer_head **sbh = nilfs->ns_sbh;
+- u64 sb2off = NILFS_SB2_OFFSET_BYTES(nilfs->ns_bdev->bd_inode->i_size);
++ u64 sb2off, devsize = nilfs->ns_bdev->bd_inode->i_size;
+ int valid[2], swp = 0;
+
++ if (devsize < NILFS_SEG_MIN_BLOCKS * NILFS_MIN_BLOCK_SIZE + 4096) {
++ nilfs_msg(sb, KERN_ERR, "device size too small");
++ return -EINVAL;
++ }
++ sb2off = NILFS_SB2_OFFSET_BYTES(devsize);
++
+ sbp[0] = nilfs_read_super_block(sb, NILFS_SB_OFFSET_BYTES, blocksize,
+ &sbh[0]);
+ sbp[1] = nilfs_read_super_block(sb, sb2off, blocksize, &sbh[1]);
+diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
+index 309d24118f9a0..16ed6441c9439 100644
+--- a/fs/proc/task_mmu.c
++++ b/fs/proc/task_mmu.c
+@@ -728,9 +728,7 @@ static int smaps_hugetlb_range(pte_t *pte, unsigned long hmask,
+ page = device_private_entry_to_page(swpent);
+ }
+ if (page) {
+- int mapcount = page_mapcount(page);
+-
+- if (mapcount >= 2)
++ if (page_mapcount(page) >= 2 || hugetlb_pmd_shared(pte))
+ mss->shared_hugetlb += huge_page_size(hstate_vma(vma));
+ else
+ mss->private_hugetlb += huge_page_size(hstate_vma(vma));
+diff --git a/fs/squashfs/squashfs_fs.h b/fs/squashfs/squashfs_fs.h
+index 10e93345b6153..75886e6d9c97b 100644
+--- a/fs/squashfs/squashfs_fs.h
++++ b/fs/squashfs/squashfs_fs.h
+@@ -196,7 +196,7 @@ static inline int squashfs_block_size(__le32 raw)
+ #define SQUASHFS_ID_BLOCK_BYTES(A) (SQUASHFS_ID_BLOCKS(A) *\
+ sizeof(u64))
+ /* xattr id lookup table defines */
+-#define SQUASHFS_XATTR_BYTES(A) ((A) * sizeof(struct squashfs_xattr_id))
++#define SQUASHFS_XATTR_BYTES(A) (((u64) (A)) * sizeof(struct squashfs_xattr_id))
+
+ #define SQUASHFS_XATTR_BLOCK(A) (SQUASHFS_XATTR_BYTES(A) / \
+ SQUASHFS_METADATA_SIZE)
+diff --git a/fs/squashfs/squashfs_fs_sb.h b/fs/squashfs/squashfs_fs_sb.h
+index 5234c19a0eabc..7ec30a11273ea 100644
+--- a/fs/squashfs/squashfs_fs_sb.h
++++ b/fs/squashfs/squashfs_fs_sb.h
+@@ -76,7 +76,7 @@ struct squashfs_sb_info {
+ long long bytes_used;
+ unsigned int inodes;
+ unsigned int fragments;
+- int xattr_ids;
++ unsigned int xattr_ids;
+ unsigned int ids;
+ };
+ #endif
+diff --git a/fs/squashfs/xattr.h b/fs/squashfs/xattr.h
+index 86b0a0073e51f..f360f27e38f37 100644
+--- a/fs/squashfs/xattr.h
++++ b/fs/squashfs/xattr.h
+@@ -23,12 +23,12 @@
+
+ #ifdef CONFIG_SQUASHFS_XATTR
+ extern __le64 *squashfs_read_xattr_id_table(struct super_block *, u64,
+- u64 *, int *);
++ u64 *, unsigned int *);
+ extern int squashfs_xattr_lookup(struct super_block *, unsigned int, int *,
+ unsigned int *, unsigned long long *);
+ #else
+ static inline __le64 *squashfs_read_xattr_id_table(struct super_block *sb,
+- u64 start, u64 *xattr_table_start, int *xattr_ids)
++ u64 start, u64 *xattr_table_start, unsigned int *xattr_ids)
+ {
+ struct squashfs_xattr_id_table *id_table;
+
+diff --git a/fs/squashfs/xattr_id.c b/fs/squashfs/xattr_id.c
+index 7f718d2bf3579..fe266b3e95f8f 100644
+--- a/fs/squashfs/xattr_id.c
++++ b/fs/squashfs/xattr_id.c
+@@ -69,7 +69,7 @@ int squashfs_xattr_lookup(struct super_block *sb, unsigned int index,
+ * Read uncompressed xattr id lookup table indexes from disk into memory
+ */
+ __le64 *squashfs_read_xattr_id_table(struct super_block *sb, u64 table_start,
+- u64 *xattr_table_start, int *xattr_ids)
++ u64 *xattr_table_start, unsigned int *xattr_ids)
+ {
+ struct squashfs_sb_info *msblk = sb->s_fs_info;
+ unsigned int len, indexes;
+diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h
+index 26dddc03b35c5..e52e6bed5b444 100644
+--- a/include/linux/hugetlb.h
++++ b/include/linux/hugetlb.h
+@@ -7,6 +7,7 @@
+ #include <linux/fs.h>
+ #include <linux/hugetlb_inline.h>
+ #include <linux/cgroup.h>
++#include <linux/page_ref.h>
+ #include <linux/list.h>
+ #include <linux/kref.h>
+ #include <asm/pgtable.h>
+@@ -394,7 +395,10 @@ static inline struct hstate *hstate_sizelog(int page_size_log)
+ if (!page_size_log)
+ return &default_hstate;
+
+- return size_to_hstate(1UL << page_size_log);
++ if (page_size_log < BITS_PER_LONG)
++ return size_to_hstate(1UL << page_size_log);
++
++ return NULL;
+ }
+
+ static inline struct hstate *hstate_vma(struct vm_area_struct *vma)
+@@ -616,4 +620,16 @@ static inline spinlock_t *huge_pte_lock(struct hstate *h,
+ return ptl;
+ }
+
++#ifdef CONFIG_ARCH_WANT_HUGE_PMD_SHARE
++static inline bool hugetlb_pmd_shared(pte_t *pte)
++{
++ return page_count(virt_to_page(pte)) > 1;
++}
++#else
++static inline bool hugetlb_pmd_shared(pte_t *pte)
++{
++ return false;
++}
++#endif
++
+ #endif /* _LINUX_HUGETLB_H */
+diff --git a/include/net/sock.h b/include/net/sock.h
+index 4053eea6182ad..f6d0d96419b1e 100644
+--- a/include/net/sock.h
++++ b/include/net/sock.h
+@@ -2049,6 +2049,19 @@ static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
+ sk_mem_charge(sk, skb->truesize);
+ }
+
++static inline struct sk_buff *skb_clone_and_charge_r(struct sk_buff *skb, struct sock *sk)
++{
++ skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
++ if (skb) {
++ if (sk_rmem_schedule(sk, skb, skb->truesize)) {
++ skb_set_owner_r(skb, sk);
++ return skb;
++ }
++ __kfree_skb(skb);
++ }
++ return NULL;
++}
++
+ void sk_reset_timer(struct sock *sk, struct timer_list *timer,
+ unsigned long expires);
+
+diff --git a/mm/mempolicy.c b/mm/mempolicy.c
+index aa2a88c096214..19552bcc592de 100644
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -574,7 +574,8 @@ static int queue_pages_hugetlb(pte_t *pte, unsigned long hmask,
+ goto unlock;
+ /* With MPOL_MF_MOVE, we migrate only unshared hugepage. */
+ if (flags & (MPOL_MF_MOVE_ALL) ||
+- (flags & MPOL_MF_MOVE && page_mapcount(page) == 1))
++ (flags & MPOL_MF_MOVE && page_mapcount(page) == 1 &&
++ !hugetlb_pmd_shared(pte)))
+ isolate_huge_page(page, qp->pagelist);
+ unlock:
+ spin_unlock(ptl);
+diff --git a/mm/swapfile.c b/mm/swapfile.c
+index f65d97fe2ef7e..4a814454eafae 100644
+--- a/mm/swapfile.c
++++ b/mm/swapfile.c
+@@ -983,6 +983,7 @@ start_over:
+ goto check_out;
+ pr_debug("scan_swap_map of si %d failed to find offset\n",
+ si->type);
++ cond_resched();
+
+ spin_lock(&swap_avail_lock);
+ nextsi:
+diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
+index 72803e1ea10a8..b2a26e41f932f 100644
+--- a/net/dccp/ipv6.c
++++ b/net/dccp/ipv6.c
+@@ -541,11 +541,9 @@ static struct sock *dccp_v6_request_recv_sock(const struct sock *sk,
+ *own_req = inet_ehash_nolisten(newsk, req_to_sk(req_unhash), NULL);
+ /* Clone pktoptions received with SYN, if we own the req */
+ if (*own_req && ireq->pktopts) {
+- newnp->pktoptions = skb_clone(ireq->pktopts, GFP_ATOMIC);
++ newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk);
+ consume_skb(ireq->pktopts);
+ ireq->pktopts = NULL;
+- if (newnp->pktoptions)
+- skb_set_owner_r(newnp->pktoptions, newsk);
+ }
+
+ return newsk;
+@@ -605,7 +603,7 @@ static int dccp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+ --ANK (980728)
+ */
+ if (np->rxopt.all)
+- opt_skb = skb_clone(skb, GFP_ATOMIC);
++ opt_skb = skb_clone_and_charge_r(skb, sk);
+
+ if (sk->sk_state == DCCP_OPEN) { /* Fast path */
+ if (dccp_rcv_established(sk, skb, dccp_hdr(skb), skb->len))
+@@ -669,7 +667,6 @@ ipv6_pktoptions:
+ np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
+ if (ipv6_opt_accepted(sk, opt_skb,
+ &DCCP_SKB_CB(opt_skb)->header.h6)) {
+- skb_set_owner_r(opt_skb, sk);
+ memmove(IP6CB(opt_skb),
+ &DCCP_SKB_CB(opt_skb)->header.h6,
+ sizeof(struct inet6_skb_parm));
+diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
+index 16a28f4307fba..1f0e2d81ad7af 100644
+--- a/net/ipv6/datagram.c
++++ b/net/ipv6/datagram.c
+@@ -53,7 +53,7 @@ static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk)
+ fl6->flowi6_mark = sk->sk_mark;
+ fl6->fl6_dport = inet->inet_dport;
+ fl6->fl6_sport = inet->inet_sport;
+- fl6->flowlabel = np->flow_label;
++ fl6->flowlabel = ip6_make_flowinfo(np->tclass, np->flow_label);
+ fl6->flowi6_uid = sk->sk_uid;
+
+ if (!fl6->flowi6_oif)
+diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
+index c639431d848c8..f9fcf7e70fdbf 100644
+--- a/net/ipv6/tcp_ipv6.c
++++ b/net/ipv6/tcp_ipv6.c
+@@ -241,6 +241,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
+ fl6.flowi6_proto = IPPROTO_TCP;
+ fl6.daddr = sk->sk_v6_daddr;
+ fl6.saddr = saddr ? *saddr : np->saddr;
++ fl6.flowlabel = ip6_make_flowinfo(np->tclass, np->flow_label);
+ fl6.flowi6_oif = sk->sk_bound_dev_if;
+ fl6.flowi6_mark = sk->sk_mark;
+ fl6.fl6_dport = usin->sin6_port;
+@@ -1242,14 +1243,11 @@ static struct sock *tcp_v6_syn_recv_sock(const struct sock *sk, struct sk_buff *
+
+ /* Clone pktoptions received with SYN, if we own the req */
+ if (ireq->pktopts) {
+- newnp->pktoptions = skb_clone(ireq->pktopts,
+- sk_gfp_mask(sk, GFP_ATOMIC));
++ newnp->pktoptions = skb_clone_and_charge_r(ireq->pktopts, newsk);
+ consume_skb(ireq->pktopts);
+ ireq->pktopts = NULL;
+- if (newnp->pktoptions) {
++ if (newnp->pktoptions)
+ tcp_v6_restore_cb(newnp->pktoptions);
+- skb_set_owner_r(newnp->pktoptions, newsk);
+- }
+ }
+ } else {
+ if (!req_unhash && found_dup_sk) {
+@@ -1317,7 +1315,7 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+ --ANK (980728)
+ */
+ if (np->rxopt.all)
+- opt_skb = skb_clone(skb, sk_gfp_mask(sk, GFP_ATOMIC));
++ opt_skb = skb_clone_and_charge_r(skb, sk);
+
+ if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
+ struct dst_entry *dst;
+@@ -1399,7 +1397,6 @@ ipv6_pktoptions:
+ if (np->repflow)
+ np->flow_label = ip6_flowlabel(ipv6_hdr(opt_skb));
+ if (ipv6_opt_accepted(sk, opt_skb, &TCP_SKB_CB(opt_skb)->header.h6)) {
+- skb_set_owner_r(opt_skb, sk);
+ tcp_v6_restore_cb(opt_skb);
+ opt_skb = xchg(&np->pktoptions, opt_skb);
+ } else {
+diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
+index f078e8506e250..18dfbf196cbdf 100644
+--- a/net/mpls/af_mpls.c
++++ b/net/mpls/af_mpls.c
+@@ -1344,6 +1344,7 @@ static int mpls_dev_sysctl_register(struct net_device *dev,
+ free:
+ kfree(table);
+ out:
++ mdev->sysctl = NULL;
+ return -ENOBUFS;
+ }
+
+@@ -1353,6 +1354,9 @@ static void mpls_dev_sysctl_unregister(struct net_device *dev,
+ struct net *net = dev_net(dev);
+ struct ctl_table *table;
+
++ if (!mdev->sysctl)
++ return;
++
+ table = mdev->sysctl->ctl_table_arg;
+ unregister_net_sysctl_table(mdev->sysctl);
+ kfree(table);
+diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
+index aebc804c10aa3..b5a99b5172076 100644
+--- a/net/netrom/af_netrom.c
++++ b/net/netrom/af_netrom.c
+@@ -403,6 +403,11 @@ static int nr_listen(struct socket *sock, int backlog)
+ struct sock *sk = sock->sk;
+
+ lock_sock(sk);
++ if (sock->state != SS_UNCONNECTED) {
++ release_sock(sk);
++ return -EINVAL;
++ }
++
+ if (sk->sk_state != TCP_LISTEN) {
+ memset(&nr_sk(sk)->user_addr, 0, AX25_ADDR_LEN);
+ sk->sk_max_ack_backlog = backlog;
+diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c
+index 8598bc101244b..3ae4ccb9895dd 100644
+--- a/net/openvswitch/datapath.c
++++ b/net/openvswitch/datapath.c
+@@ -961,14 +961,14 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
+ key = kzalloc(sizeof(*key), GFP_KERNEL);
+ if (!key) {
+ error = -ENOMEM;
+- goto err_kfree_key;
++ goto err_kfree_flow;
+ }
+
+ ovs_match_init(&match, key, false, &mask);
+ error = ovs_nla_get_match(net, &match, a[OVS_FLOW_ATTR_KEY],
+ a[OVS_FLOW_ATTR_MASK], log);
+ if (error)
+- goto err_kfree_flow;
++ goto err_kfree_key;
+
+ ovs_flow_mask_key(&new_flow->key, key, true, &mask);
+
+@@ -976,14 +976,14 @@ static int ovs_flow_cmd_new(struct sk_buff *skb, struct genl_info *info)
+ error = ovs_nla_get_identifier(&new_flow->id, a[OVS_FLOW_ATTR_UFID],
+ key, log);
+ if (error)
+- goto err_kfree_flow;
++ goto err_kfree_key;
+
+ /* Validate actions. */
+ error = ovs_nla_copy_actions(net, a[OVS_FLOW_ATTR_ACTIONS],
+ &new_flow->key, &acts, log);
+ if (error) {
+ OVS_NLERR(log, "Flow actions may not be safe on all matching packets.");
+- goto err_kfree_flow;
++ goto err_kfree_key;
+ }
+
+ reply = ovs_flow_cmd_alloc_info(acts, &new_flow->id, info, false,
+@@ -1083,10 +1083,10 @@ err_unlock_ovs:
+ kfree_skb(reply);
+ err_kfree_acts:
+ ovs_nla_free_flow_actions(acts);
+-err_kfree_flow:
+- ovs_flow_free(new_flow, false);
+ err_kfree_key:
+ kfree(key);
++err_kfree_flow:
++ ovs_flow_free(new_flow, false);
+ error:
+ return error;
+ }
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
+index b53468edf35a6..ac2ea4ebf7c7c 100644
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -490,6 +490,12 @@ static int rose_listen(struct socket *sock, int backlog)
+ {
+ struct sock *sk = sock->sk;
+
++ lock_sock(sk);
++ if (sock->state != SS_UNCONNECTED) {
++ release_sock(sk);
++ return -EINVAL;
++ }
++
+ if (sk->sk_state != TCP_LISTEN) {
+ struct rose_sock *rose = rose_sk(sk);
+
+@@ -499,8 +505,10 @@ static int rose_listen(struct socket *sock, int backlog)
+ memset(rose->dest_digis, 0, AX25_ADDR_LEN * ROSE_MAX_DIGIS);
+ sk->sk_max_ack_backlog = backlog;
+ sk->sk_state = TCP_LISTEN;
++ release_sock(sk);
+ return 0;
+ }
++ release_sock(sk);
+
+ return -EOPNOTSUPP;
+ }
+diff --git a/net/sctp/transport.c b/net/sctp/transport.c
+index af56651169b2f..79d2aa44c6e5f 100644
+--- a/net/sctp/transport.c
++++ b/net/sctp/transport.c
+@@ -210,9 +210,7 @@ void sctp_transport_reset_hb_timer(struct sctp_transport *transport)
+
+ /* When a data chunk is sent, reset the heartbeat interval. */
+ expires = jiffies + sctp_transport_timeout(transport);
+- if ((time_before(transport->hb_timer.expires, expires) ||
+- !timer_pending(&transport->hb_timer)) &&
+- !mod_timer(&transport->hb_timer,
++ if (!mod_timer(&transport->hb_timer,
+ expires + prandom_u32_max(transport->rto)))
+ sctp_transport_hold(transport);
+ }
+diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
+index e103ec39759f5..73e293c3f2fb6 100644
+--- a/net/x25/af_x25.c
++++ b/net/x25/af_x25.c
+@@ -496,6 +496,12 @@ static int x25_listen(struct socket *sock, int backlog)
+ int rc = -EOPNOTSUPP;
+
+ lock_sock(sk);
++ if (sock->state != SS_UNCONNECTED) {
++ rc = -EINVAL;
++ release_sock(sk);
++ return rc;
++ }
++
+ if (sk->sk_state != TCP_LISTEN) {
+ memset(&x25_sk(sk)->dest_addr, 0, X25_ADDR_LEN);
+ sk->sk_max_ack_backlog = backlog;
+diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c
+index 4a5b762dbdb7a..62c694f5b3ec3 100644
+--- a/sound/pci/hda/patch_conexant.c
++++ b/sound/pci/hda/patch_conexant.c
+@@ -1136,6 +1136,7 @@ static const struct hda_device_id snd_hda_id_conexant[] = {
+ HDA_CODEC_ENTRY(0x14f11f86, "CX8070", patch_conexant_auto),
+ HDA_CODEC_ENTRY(0x14f12008, "CX8200", patch_conexant_auto),
+ HDA_CODEC_ENTRY(0x14f120d0, "CX11970", patch_conexant_auto),
++ HDA_CODEC_ENTRY(0x14f120d1, "SN6180", patch_conexant_auto),
+ HDA_CODEC_ENTRY(0x14f15045, "CX20549 (Venice)", patch_conexant_auto),
+ HDA_CODEC_ENTRY(0x14f15047, "CX20551 (Waikiki)", patch_conexant_auto),
+ HDA_CODEC_ENTRY(0x14f15051, "CX20561 (Hermosa)", patch_conexant_auto),
+diff --git a/sound/pci/hda/patch_via.c b/sound/pci/hda/patch_via.c
+index 9dd104c308e1d..5ab6d9b3e6d0f 100644
+--- a/sound/pci/hda/patch_via.c
++++ b/sound/pci/hda/patch_via.c
+@@ -870,6 +870,9 @@ static int add_secret_dac_path(struct hda_codec *codec)
+ return 0;
+ nums = snd_hda_get_connections(codec, spec->gen.mixer_nid, conn,
+ ARRAY_SIZE(conn) - 1);
++ if (nums < 0)
++ return nums;
++
+ for (i = 0; i < nums; i++) {
+ if (get_wcaps_type(get_wcaps(codec, conn[i])) == AC_WID_AUD_OUT)
+ return 0;
+diff --git a/sound/pci/lx6464es/lx_core.c b/sound/pci/lx6464es/lx_core.c
+index a80684bdc30d6..46f5362096710 100644
+--- a/sound/pci/lx6464es/lx_core.c
++++ b/sound/pci/lx6464es/lx_core.c
+@@ -508,12 +508,11 @@ int lx_buffer_ask(struct lx6464es *chip, u32 pipe, int is_capture,
+ dev_dbg(chip->card->dev,
+ "CMD_08_ASK_BUFFERS: needed %d, freed %d\n",
+ *r_needed, *r_freed);
+- for (i = 0; i < MAX_STREAM_BUFFER; ++i) {
+- for (i = 0; i != chip->rmh.stat_len; ++i)
+- dev_dbg(chip->card->dev,
+- " stat[%d]: %x, %x\n", i,
+- chip->rmh.stat[i],
+- chip->rmh.stat[i] & MASK_DATA_SIZE);
++ for (i = 0; i < MAX_STREAM_BUFFER && i < chip->rmh.stat_len;
++ ++i) {
++ dev_dbg(chip->card->dev, " stat[%d]: %x, %x\n", i,
++ chip->rmh.stat[i],
++ chip->rmh.stat[i] & MASK_DATA_SIZE);
+ }
+ }
+
+diff --git a/sound/synth/emux/emux_nrpn.c b/sound/synth/emux/emux_nrpn.c
+index 9729a15b6ae6a..f4aa2706aeb61 100644
+--- a/sound/synth/emux/emux_nrpn.c
++++ b/sound/synth/emux/emux_nrpn.c
+@@ -363,6 +363,9 @@ int
+ snd_emux_xg_control(struct snd_emux_port *port, struct snd_midi_channel *chan,
+ int param)
+ {
++ if (param >= ARRAY_SIZE(chan->control))
++ return -EINVAL;
++
+ return send_converted_effect(xg_effects, ARRAY_SIZE(xg_effects),
+ port, chan, param,
+ chan->control[param],
+diff --git a/tools/virtio/linux/bug.h b/tools/virtio/linux/bug.h
+index b14c2c3b6b857..74aef964f5099 100644
+--- a/tools/virtio/linux/bug.h
++++ b/tools/virtio/linux/bug.h
+@@ -1,11 +1,9 @@
+ /* SPDX-License-Identifier: GPL-2.0 */
+-#ifndef BUG_H
+-#define BUG_H
++#ifndef _LINUX_BUG_H
++#define _LINUX_BUG_H
+
+ #define BUG_ON(__BUG_ON_cond) assert(!(__BUG_ON_cond))
+
+-#define BUILD_BUG_ON(x)
+-
+ #define BUG() abort()
+
+-#endif /* BUG_H */
++#endif /* _LINUX_BUG_H */
+diff --git a/tools/virtio/linux/build_bug.h b/tools/virtio/linux/build_bug.h
+new file mode 100644
+index 0000000000000..cdbb75e28a604
+--- /dev/null
++++ b/tools/virtio/linux/build_bug.h
+@@ -0,0 +1,7 @@
++/* SPDX-License-Identifier: GPL-2.0 */
++#ifndef _LINUX_BUILD_BUG_H
++#define _LINUX_BUILD_BUG_H
++
++#define BUILD_BUG_ON(x)
++
++#endif /* _LINUX_BUILD_BUG_H */
+diff --git a/tools/virtio/linux/cpumask.h b/tools/virtio/linux/cpumask.h
+new file mode 100644
+index 0000000000000..307da69d6b26c
+--- /dev/null
++++ b/tools/virtio/linux/cpumask.h
+@@ -0,0 +1,7 @@
++/* SPDX-License-Identifier: GPL-2.0 */
++#ifndef _LINUX_CPUMASK_H
++#define _LINUX_CPUMASK_H
++
++#include <linux/kernel.h>
++
++#endif /* _LINUX_CPUMASK_H */
+diff --git a/tools/virtio/linux/gfp.h b/tools/virtio/linux/gfp.h
+new file mode 100644
+index 0000000000000..43d146f236f14
+--- /dev/null
++++ b/tools/virtio/linux/gfp.h
+@@ -0,0 +1,7 @@
++/* SPDX-License-Identifier: GPL-2.0 */
++#ifndef __LINUX_GFP_H
++#define __LINUX_GFP_H
++
++#include <linux/topology.h>
++
++#endif
+diff --git a/tools/virtio/linux/kernel.h b/tools/virtio/linux/kernel.h
+index 268ce239de650..e4e35e66ea14a 100644
+--- a/tools/virtio/linux/kernel.h
++++ b/tools/virtio/linux/kernel.h
+@@ -10,6 +10,7 @@
+ #include <stdarg.h>
+
+ #include <linux/compiler.h>
++#include <linux/log2.h>
+ #include <linux/types.h>
+ #include <linux/printk.h>
+ #include <linux/bug.h>
+diff --git a/tools/virtio/linux/kmsan.h b/tools/virtio/linux/kmsan.h
+new file mode 100644
+index 0000000000000..272b5aa285d5a
+--- /dev/null
++++ b/tools/virtio/linux/kmsan.h
+@@ -0,0 +1,12 @@
++/* SPDX-License-Identifier: GPL-2.0 */
++#ifndef _LINUX_KMSAN_H
++#define _LINUX_KMSAN_H
++
++#include <linux/gfp.h>
++
++inline void kmsan_handle_dma(struct page *page, size_t offset, size_t size,
++ enum dma_data_direction dir)
++{
++}
++
++#endif /* _LINUX_KMSAN_H */
+diff --git a/tools/virtio/linux/scatterlist.h b/tools/virtio/linux/scatterlist.h
+index 9a45f90e2d089..97448e1ceebc1 100644
+--- a/tools/virtio/linux/scatterlist.h
++++ b/tools/virtio/linux/scatterlist.h
+@@ -2,6 +2,7 @@
+ #ifndef SCATTERLIST_H
+ #define SCATTERLIST_H
+ #include <linux/kernel.h>
++#include <linux/bug.h>
+
+ struct scatterlist {
+ unsigned long page_link;
+diff --git a/tools/virtio/linux/topology.h b/tools/virtio/linux/topology.h
+new file mode 100644
+index 0000000000000..910794afb993a
+--- /dev/null
++++ b/tools/virtio/linux/topology.h
+@@ -0,0 +1,7 @@
++/* SPDX-License-Identifier: GPL-2.0 */
++#ifndef _LINUX_TOPOLOGY_H
++#define _LINUX_TOPOLOGY_H
++
++#include <linux/cpumask.h>
++
++#endif /* _LINUX_TOPOLOGY_H */