Merge keystone/android12-5.10-keystone-qcom-release.136+ (3593700) into msm-5.10

* refs/heads/tmp-3593700c:
  ANDROID: abi_gki_aarch64_qcom: Add wait_on_page_bit
  FROMLIST: binder: fix UAF of alloc->vma in race with munmap()
  UPSTREAM: wifi: mac80211: fix MBSSID parsing use-after-free
  UPSTREAM: wifi: mac80211: don't parse mbssid in assoc response
  UPSTREAM: mac80211: mlme: find auth challenge directly
  UPSTREAM: wifi: cfg80211: update hidden BSSes to avoid WARN_ON
  UPSTREAM: wifi: mac80211: fix crash in beacon protection for P2P-device
  UPSTREAM: wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
  UPSTREAM: wifi: cfg80211: avoid nontransmitted BSS list corruption
  UPSTREAM: wifi: cfg80211: fix BSS refcounting bugs
  UPSTREAM: wifi: cfg80211: ensure length byte is present before access
  UPSTREAM: wifi: cfg80211/mac80211: reject bad MBSSID elements
  UPSTREAM: wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
  UPSTREAM: psi: Fix psi state corruption when schedule() races with cgroup move
  ANDROID: GKI: Update symbol list for mtk AIoT projects
  UPSTREAM: psi: Fix psi state corruption when schedule() races with cgroup move
  BACKPORT: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
  BACKPORT: mm: don't be stuck to rmap lock on reclaim path
  Revert "firmware_loader: use kernel credentials when reading firmware"
  Revert "firmware_loader: use kernel credentials when reading firmware"
  UPSTREAM: crypto: jitter - add oversampling of noise source
  ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS
  FROMGIT: f2fs: support recording stop_checkpoint reason into super_block
  UPSTREAM: wifi: mac80211_hwsim: use 32-bit skb cookie
  UPSTREAM: wifi: mac80211_hwsim: add back erroneously removed cast
  UPSTREAM: wifi: mac80211_hwsim: fix race condition in pending packet
  ANDROID: abi_gki_aarch64_qcom: Add android_vh_madvise_cold_or_pageout
  ANDROID: force struct page_vma_mapped_walk to be defined in KMI
  ANDROID: vendor_hooks: Allow shared pages reclaim via MADV_PAGEOUT
  UPSTREAM: usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
  ANDROID: GKI: Update symbols to symbol list
  ANDROID: make sure all types for hooks are defined in KMI
  ANDROID: force struct selinux_state to be defined in KMI
  BACKPORT: erofs: fix use-after-free of on-stack io[]
  ANDROID: GKI: Update symbols to symbol list
  ANDROID: vendor_hook: rename the the name of hooks
  ANDROID: ABI: Add extcon_get_property_capability symbol
  Revert "ANDROID: arm64: debug-monitors: export break hook APIs"
  Revert "ANDROID: vendor_hooks:vendor hook for __alloc_pages_slowpath."
  Revert "ANDROID: Export functions to be used with dma_map_ops in modules"
  FROMLIST: f2fs: let FI_OPU_WRITE override FADVISE_COLD_BIT
  ANDROID: remove unused xhci_get_endpoint_address export
  ANDROID: incfs: Add check for ATTR_KILL_SUID and ATTR_MODE in incfs_setattr
  ANDROID: GKI: Update symbols to symbol list
  ANDROID: vendor_hooks: Add hooks for lookaround
  Revert "Revert "ANDROID: add for tuning readahead size""
  ANDROID: transsion: Update the ABI xml and symbol list
  ANDROID: vendor_hooks: Add hooks for lookaround
  BACKPORT: dm verity: set DM_TARGET_IMMUTABLE feature flag
  BACKPORT: pipe: Fix missing lock in pipe_resize_ring()
  BACKPORT: KVM: x86: avoid calling x86 emulator without a decoded instruction
  ANDROID: GKI: add symbols in android/abi_gki_aarch64_oplus
  BACKPORT: watchqueue: make sure to serialize 'wqueue->defunct' properly
  ANDROID: GKI: Update symbol list for Exynos SoC
  Linux 5.10.136
  x86/speculation: Add LFENCE to RSB fill sequence
  x86/speculation: Add RSB VM Exit protections
  macintosh/adb: fix oob read in do_adb_query() function
  Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
  Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
  Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
  Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
  Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
  Bluetooth: btusb: Add support of IMC Networks PID 0x3568
  Bluetooth: hci_bcm: Add DT compatible for CYW55572
  Bluetooth: hci_bcm: Add BCM4349B1 variant
  selftests: KVM: Handle compiler optimizations in ucall
  tools/kvm_stat: fix display of error when multiple processes are found
  crypto: arm64/poly1305 - fix a read out-of-bound
  ACPI: APEI: Better fix to avoid spamming the console with old error logs
  ACPI: video: Shortening quirk list by identifying Clevo by board_name only
  ACPI: video: Force backlight native for some TongFang devices
  tun: avoid double free in tun_free_netdev
  selftests/bpf: Check dst_port only on the client socket
  selftests/bpf: Extend verifier and bpf_sock tests for dst_port loads
  ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()
  ath9k_htc: fix NULL pointer dereference at ath9k_htc_rxep()
  x86/speculation: Make all RETbleed mitigations 64-bit only
  Linux 5.10.135
  selftests: bpf: Don't run sk_lookup in verifier tests
  bpf: Add PROG_TEST_RUN support for sk_lookup programs
  bpf: Consolidate shared test timing code
  x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
  xfs: Enforce attr3 buffer recovery order
  xfs: logging the on disk inode LSN can make it go backwards
  xfs: remove dead stale buf unpin handling code
  xfs: hold buffer across unpin and potential shutdown processing
  xfs: force the log offline when log intent item recovery fails
  xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
  xfs: prevent UAF in xfs_log_item_in_current_chkpt
  xfs: xfs_log_force_lsn isn't passed a LSN
  xfs: refactor xfs_file_fsync
  docs/kernel-parameters: Update descriptions for "mitigations=" param with retbleed
  EDAC/ghes: Set the DIMM label unconditionally
  ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow
  mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
  page_alloc: fix invalid watermark check on a negative value
  ARM: crypto: comment out gcc warning that breaks clang builds
  sctp: leave the err path free in sctp_stream_init to sctp_stream_free
  sfc: disable softirqs for ptp TX
  perf symbol: Correct address for bss symbols
  virtio-net: fix the race between refill work and close
  netfilter: nf_queue: do not allow packet truncation below transport header offset
  sctp: fix sleep in atomic context bug in timer handlers
  i40e: Fix interface init with MSI interrupts (no MSI-X)
  tcp: Fix data-races around sysctl_tcp_reflect_tos.
  tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
  tcp: Fix a data-race around sysctl_tcp_comp_sack_slack_ns.
  tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
  net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa()
  macsec: always read MACSEC_SA_ATTR_PN as a u64
  macsec: limit replay window size with XPN
  macsec: fix error message in macsec_add_rxsa and _txsa
  macsec: fix NULL deref in macsec_add_rxsa
  Documentation: fix sctp_wmem in ip-sysctl.rst
  tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
  tcp: Fix a data-race around sysctl_tcp_autocorking.
  tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
  tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
  net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
  igmp: Fix data-races around sysctl_igmp_qrv.
  net/tls: Remove the context from the list in tls_device_down
  ipv6/addrconf: fix a null-ptr-deref bug for ip6_ptr
  net: ping6: Fix memleak in ipv6_renew_options().
  tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
  tcp: Fix a data-race around sysctl_tcp_limit_output_bytes.
  tcp: Fix data-races around sysctl_tcp_moderate_rcvbuf.
  Revert "tcp: change pingpong threshold to 3"
  scsi: ufs: host: Hold reference returned by of_parse_phandle()
  ice: do not setup vlan for loopback VSI
  ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS)
  tcp: Fix data-races around sysctl_tcp_no_ssthresh_metrics_save.
  tcp: Fix a data-race around sysctl_tcp_nometrics_save.
  tcp: Fix a data-race around sysctl_tcp_frto.
  tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
  tcp: Fix a data-race around sysctl_tcp_app_win.
  tcp: Fix data-races around sysctl_tcp_dsack.
  watch_queue: Fix missing locking in add_watch_to_object()
  watch_queue: Fix missing rcu annotation
  nouveau/svm: Fix to migrate all requested pages
  s390/archrandom: prevent CPACF trng invocations in interrupt context
  ntfs: fix use-after-free in ntfs_ucsncmp()
  Revert "ocfs2: mount shared volume without ha stack"
  Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
  ANDROID: fix up 5.10.132 merge with the virtio_mmio.c driver
  Linux 5.10.134
  watch-queue: remove spurious double semicolon
  net: usb: ax88179_178a needs FLAG_SEND_ZLP
  tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
  tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
  tty: drop tty_schedule_flip()
  tty: the rest, stop using tty_schedule_flip()
  tty: drivers/tty/, stop using tty_schedule_flip()
  watchqueue: make sure to serialize 'wqueue->defunct' properly
  x86/alternative: Report missing return thunk details
  x86/amd: Use IBPB for firmware calls
  Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
  Bluetooth: SCO: Fix sco_send_frame returning skb->len
  Bluetooth: Fix passing NULL to PTR_ERR
  Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
  Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
  Bluetooth: Add bt_skb_sendmmsg helper
  Bluetooth: Add bt_skb_sendmsg helper
  ALSA: memalloc: Align buffer allocations in page size
  bitfield.h: Fix "type of reg too small for mask" test
  drm/imx/dcss: fix unused but set variable warnings
  dlm: fix pending remove if msg allocation fails
  x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
  sched/deadline: Fix BUG_ON condition for deboosted tasks
  bpf: Make sure mac_header was set before using it
  mm/mempolicy: fix uninit-value in mpol_rebind_policy()
  KVM: Don't null dereference ops->destroy
  spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers
  tcp: Fix data-races around sysctl_tcp_max_reordering.
  tcp: Fix a data-race around sysctl_tcp_rfc1337.
  tcp: Fix a data-race around sysctl_tcp_stdurg.
  tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
  tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
  tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
  tcp: Fix data-races around sysctl_tcp_recovery.
  tcp: Fix a data-race around sysctl_tcp_early_retrans.
  tcp: Fix data-races around sysctl knobs related to SYN option.
  udp: Fix a data-race around sysctl_udp_l3mdev_accept.
  ip: Fix data-races around sysctl_ip_prot_sock.
  ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
  drm/imx/dcss: Add missing of_node_put() in fail path
  be2net: Fix buffer overflow in be_get_module_eeprom
  gpio: pca953x: use the correct register address when regcache sync during init
  gpio: pca953x: use the correct range when do regmap sync
  gpio: pca953x: only use single read/write for No AI mode
  ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
  i40e: Fix erroneous adapter reinitialization during recovery process
  iavf: Fix handling of dummy receive descriptors
  tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.
  tcp: Fix data-races around sysctl_tcp_fastopen.
  tcp: Fix data-races around sysctl_max_syn_backlog.
  tcp: Fix a data-race around sysctl_tcp_tw_reuse.
  tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
  tcp: Fix data-races around some timeout sysctl knobs.
  tcp: Fix data-races around sysctl_tcp_reordering.
  tcp: Fix data-races around sysctl_tcp_syncookies.
  tcp: Fix data-races around keepalive sysctl knobs.
  igmp: Fix data-races around sysctl_igmp_max_msf.
  igmp: Fix a data-race around sysctl_igmp_max_memberships.
  igmp: Fix data-races around sysctl_igmp_llm_reports.
  net/tls: Fix race in TLS device down flow
  net: stmmac: fix dma queue left shift overflow issue
  i2c: cadence: Change large transfer count reset logic to be unconditional
  net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow
  tcp: Fix a data-race around sysctl_tcp_probe_interval.
  tcp: Fix a data-race around sysctl_tcp_probe_threshold.
  tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor.
  tcp: Fix data-races around sysctl_tcp_min_snd_mss.
  tcp: Fix data-races around sysctl_tcp_base_mss.
  tcp: Fix data-races around sysctl_tcp_mtu_probing.
  tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
  ip: Fix a data-race around sysctl_fwmark_reflect.
  ip: Fix a data-race around sysctl_ip_autobind_reuse.
  ip: Fix data-races around sysctl_ip_nonlocal_bind.
  ip: Fix data-races around sysctl_ip_fwd_update_priority.
  ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
  ip: Fix data-races around sysctl_ip_no_pmtu_disc.
  igc: Reinstate IGC_REMOVED logic and implement it properly
  drm/amdgpu/display: add quirk handling for stutter mode
  perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
  pinctrl: ralink: Check for null return of devm_kcalloc
  power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
  xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
  serial: mvebu-uart: correctly report configured baudrate value
  PCI: hv: Fix interrupt mapping for multi-MSI
  PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
  PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
  PCI: hv: Fix multi-MSI to allow more than one MSI vector
  Revert "m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch"
  net: inline rollback_registered_many()
  net: move rollback_registered_many()
  net: inline rollback_registered()
  net: move net_set_todo inside rollback_registered()
  net: make sure devices go through netdev_wait_all_refs
  net: make free_netdev() more lenient with unregistering devices
  docs: net: explain struct net_device lifetime
  xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
  io_uring: Use original task for req identity in io_identity_cow()
  lockdown: Fix kexec lockdown bypass with ima policy
  mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication
  riscv: add as-options for modules with assembly compontents
  pinctrl: stm32: fix optional IRQ support to gpios
  Revert "cgroup: Use separate src/dst nodes when preloading css_sets for migration"
  Revert "drm: fix EDID struct for old ARM OABI format"
  Revert "mailbox: forward the hrtimer if not queued and under a lock"
  Revert "Fonts: Make font size unsigned in font_desc"
  Revert "parisc/stifb: Keep track of hardware path of graphics card"
  Revert "Bluetooth: Interleave with allowlist scan"
  Revert "Bluetooth: use inclusive language when filtering devices"
  Revert "Bluetooth: use hdev lock for accept_list and reject_list in conn req"
  Revert "thermal/drivers/core: Use a char pointer for the cooling device name"
  Revert "thermal/core: Fix memory leak in __thermal_cooling_device_register()"
  Revert "thermal/core: fix a UAF bug in __thermal_cooling_device_register()"
  Revert "thermal/core: Fix memory leak in the error path"
  Revert "ALSA: jack: Access input_dev under mutex"
  Revert "gpiolib: of: Introduce hook for missing gpio-ranges"
  Revert "pinctrl: bcm2835: implement hook for missing gpio-ranges"
  Revert "ext4: fix use-after-free in ext4_rename_dir_prepare"
  Revert "ext4: verify dir block before splitting it"
  Linux 5.10.133
  tools headers: Remove broken definition of __LITTLE_ENDIAN
  tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy' - again
  objtool: Fix elf_create_undef_symbol() endianness
  kvm: fix objtool relocation warning
  x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
  um: Add missing apply_returns()
  x86/bugs: Remove apostrophe typo
  tools headers cpufeatures: Sync with the kernel sources
  tools arch x86: Sync the msr-index.h copy with the kernel sources
  KVM: emulate: do not adjust size of fastop and setcc subroutines
  x86/kvm: fix FASTOP_SIZE when return thunks are enabled
  efi/x86: use naked RET on mixed mode call wrapper
  x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
  x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit
  x86/ftrace: Add UNWIND_HINT_FUNC annotation for ftrace_stub
  x86/xen: Fix initialisation in hypercall_page after rethunk
  x86, kvm: use proper ASM macros for kvm_vcpu_is_preempted
  tools/insn: Restore the relative include paths for cross building
  x86/static_call: Serialize __static_call_fixup() properly
  x86/speculation: Disable RRSBA behavior
  x86/kexec: Disable RET on kexec
  x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
  x86/bugs: Add Cannon lake to RETBleed affected CPU list
  x86/retbleed: Add fine grained Kconfig knobs
  x86/cpu/amd: Enumerate BTC_NO
  x86/common: Stamp out the stepping madness
  x86/speculation: Fill RSB on vmexit for IBRS
  KVM: VMX: Fix IBRS handling after vmexit
  KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
  KVM: VMX: Convert launched argument to flags
  KVM: VMX: Flatten __vmx_vcpu_run()
  objtool: Re-add UNWIND_HINT_{SAVE_RESTORE}
  x86/speculation: Remove x86_spec_ctrl_mask
  x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
  x86/speculation: Fix SPEC_CTRL write on SMT state change
  x86/speculation: Fix firmware entry SPEC_CTRL handling
  x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
  x86/cpu/amd: Add Spectral Chicken
  objtool: Add entry UNRET validation
  x86/bugs: Do IBPB fallback check only once
  x86/bugs: Add retbleed=ibpb
  x86/xen: Rename SYS* entry points
  objtool: Update Retpoline validation
  intel_idle: Disable IBRS during long idle
  x86/bugs: Report Intel retbleed vulnerability
  x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
  x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
  x86/bugs: Optimize SPEC_CTRL MSR writes
  x86/entry: Add kernel IBRS implementation
  x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
  x86/bugs: Enable STIBP for JMP2RET
  x86/bugs: Add AMD retbleed= boot parameter
  x86/bugs: Report AMD retbleed vulnerability
  x86: Add magic AMD return-thunk
  objtool: Treat .text.__x86.* as noinstr
  x86: Use return-thunk in asm code
  x86/sev: Avoid using __x86_return_thunk
  x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
  x86/kvm: Fix SETcc emulation for return thunks
  x86/bpf: Use alternative RET encoding
  x86/ftrace: Use alternative RET encoding
  x86,static_call: Use alternative RET encoding
  objtool: skip non-text sections when adding return-thunk sites
  x86,objtool: Create .return_sites
  x86: Undo return-thunk damage
  x86/retpoline: Use -mfunction-return
  Makefile: Set retpoline cflags based on CONFIG_CC_IS_{CLANG,GCC}
  x86/retpoline: Swizzle retpoline thunk
  x86/retpoline: Cleanup some #ifdefery
  x86/cpufeatures: Move RETPOLINE flags to word 11
  x86/kvm/vmx: Make noinstr clean
  x86/realmode: build with -D__DISABLE_EXPORTS
  objtool: Fix objtool regression on x32 systems
  x86/entry: Remove skip_r11rcx
  objtool: Fix symbol creation
  objtool: Fix type of reloc::addend
  objtool: Fix code relocs vs weak symbols
  objtool: Fix SLS validation for kcov tail-call replacement
  crypto: x86/poly1305 - Fixup SLS
  objtool: Default ignore INT3 for unreachable
  kvm/emulate: Fix SETcc emulation function offsets with SLS
  tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy'
  x86: Add straight-line-speculation mitigation
  objtool: Add straight-line-speculation validation
  x86/alternative: Relax text_poke_bp() constraint
  x86: Prepare inline-asm for straight-line-speculation
  x86: Prepare asm files for straight-line-speculation
  x86/lib/atomic64_386_32: Rename things
  bpf,x86: Respect X86_FEATURE_RETPOLINE*
  bpf,x86: Simplify computing label offsets
  x86/alternative: Add debug prints to apply_retpolines()
  x86/alternative: Try inline spectre_v2=retpoline,amd
  x86/alternative: Handle Jcc __x86_indirect_thunk_\reg
  x86/alternative: Implement .retpoline_sites support
  x86/retpoline: Create a retpoline thunk array
  x86/retpoline: Move the retpoline thunk declarations to nospec-branch.h
  x86/asm: Fixup odd GEN-for-each-reg.h usage
  x86/asm: Fix register order
  x86/retpoline: Remove unused replacement symbols
  objtool,x86: Replace alternatives with .retpoline_sites
  objtool: Explicitly avoid self modifying code in .altinstr_replacement
  objtool: Classify symbols
  objtool: Handle __sanitize_cov*() tail calls
  objtool: Introduce CFI hash
  objtool: Make .altinstructions section entry size consistent
  objtool: Remove reloc symbol type checks in get_alt_entry()
  objtool: print out the symbol type when complaining about it
  objtool: Teach get_alt_entry() about more relocation types
  objtool: Don't make .altinstructions writable
  objtool/x86: Ignore __x86_indirect_alt_* symbols
  objtool: Only rewrite unconditional retpoline thunk calls
  objtool: Fix .symtab_shndx handling for elf_create_undef_symbol()
  x86/alternative: Optimize single-byte NOPs at an arbitrary position
  objtool: Support asm jump tables
  objtool/x86: Rewrite retpoline thunk calls
  objtool: Skip magical retpoline .altinstr_replacement
  objtool: Cache instruction relocs
  objtool: Keep track of retpoline call sites
  objtool: Add elf_create_undef_symbol()
  objtool: Extract elf_symbol_add()
  objtool: Extract elf_strtab_concat()
  objtool: Create reloc sections implicitly
  objtool: Add elf_create_reloc() helper
  objtool: Rework the elf_rebuild_reloc_section() logic
  objtool: Handle per arch retpoline naming
  objtool: Correctly handle retpoline thunk calls
  x86/retpoline: Simplify retpolines
  x86/alternatives: Optimize optimize_nops()
  x86: Add insn_decode_kernel()
  x86/alternative: Use insn_decode()
  x86/insn-eval: Handle return values from the decoder
  x86/insn: Add an insn_decode() API
  x86/insn: Add a __ignore_sync_check__ marker
  x86/insn: Rename insn_decode() to insn_decode_from_regs()
  x86/alternative: Use ALTERNATIVE_TERNARY() in _static_cpu_has()
  x86/alternative: Support ALTERNATIVE_TERNARY
  x86/alternative: Support not-feature
  x86/alternative: Merge include files
  x86/xen: Support objtool vmlinux.o validation in xen-head.S
  x86/xen: Support objtool validation in xen-asm.S
  objtool: Combine UNWIND_HINT_RET_OFFSET and UNWIND_HINT_FUNC
  objtool: Assume only ELF functions do sibling calls
  objtool: Support retpoline jump detection for vmlinux.o
  objtool: Support stack layout changes in alternatives
  objtool: Add 'alt_group' struct
  objtool: Refactor ORC section generation
  KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
  KVM/VMX: Use TEST %REG,%REG instead of CMP $0,%REG in vmenter.S
  Linux 5.10.132
  x86/pat: Fix x86_has_pat_wp()
  serial: 8250: Fix PM usage_count for console handover
  serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
  serial: stm32: Clear prev values before setting RTS delays
  serial: 8250: fix return error code in serial8250_request_std_resource()
  vt: fix memory overlapping when deleting chars in the buffer
  tty: serial: samsung_tty: set dma burst_size to 1
  usb: dwc3: gadget: Fix event pending check
  usb: typec: add missing uevent when partner support PD
  USB: serial: ftdi_sio: add Belimo device ids
  signal handling: don't use BUG_ON() for debugging
  nvme-pci: phison e16 has bogus namespace ids
  Revert "can: xilinx_can: Limit CANFD brp to 2"
  ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
  soc: ixp4xx/npe: Fix unused match warning
  x86: Clear .brk area at early boot
  irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
  ASoC: madera: Fix event generation for rate controls
  ASoC: madera: Fix event generation for OUT1 demux
  ASoC: cs47l15: Fix event generation for low power mux control
  ASoC: dapm: Initialise kcontrol data for mux/demux controls
  ASoC: wm5110: Fix DRE control
  ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
  pinctrl: aspeed: Fix potential NULL dereference in aspeed_pinmux_set_mux()
  ASoC: ops: Fix off by one in range control validation
  net: sfp: fix memory leak in sfp_probe()
  nvme: fix regression when disconnect a recovering ctrl
  nvme-tcp: always fail a request when sending it failed
  NFC: nxp-nci: don't print header length mismatch on i2c error
  net: tipc: fix possible refcount leak in tipc_sk_create()
  platform/x86: hp-wmi: Ignore Sanitization Mode event
  cpufreq: pmac32-cpufreq: Fix refcount leak bug
  scsi: hisi_sas: Limit max hw sectors for v3 HW
  netfilter: br_netfilter: do not skip all hooks with 0 priority
  virtio_mmio: Restore guest page size on resume
  virtio_mmio: Add missing PM calls to freeze/restore
  mm: sysctl: fix missing numa_stat when !CONFIG_HUGETLB_PAGE
  net/tls: Check for errors in tls_device_init
  KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()
  net: atlantic: remove aq_nic_deinit() when resume
  net: atlantic: remove deep parameter on suspend/resume functions
  sfc: fix kernel panic when creating VF
  seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
  seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
  seg6: fix skb checksum evaluation in SRH encapsulation/insertion
  sfc: fix use after free when disabling sriov
  ima: Fix potential memory leak in ima_init_crypto()
  ima: force signature verification when CONFIG_KEXEC_SIG is configured
  net: ftgmac100: Hold reference returned by of_get_child_by_name()
  nexthop: Fix data-races around nexthop_compat_mode.
  ipv4: Fix data-races around sysctl_ip_dynaddr.
  raw: Fix a data-race around sysctl_raw_l3mdev_accept.
  icmp: Fix a data-race around sysctl_icmp_ratemask.
  icmp: Fix a data-race around sysctl_icmp_ratelimit.
  sysctl: Fix data-races in proc_dointvec_ms_jiffies().
  drm/i915/gt: Serialize TLB invalidates with GT resets
  drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
  ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
  ARM: dts: at91: sama5d2: Fix typo in i2s1 node
  ipv4: Fix a data-race around sysctl_fib_sync_mem.
  icmp: Fix data-races around sysctl.
  cipso: Fix data-races around sysctl.
  net: Fix data-races around sysctl_mem.
  inetpeer: Fix data-races around sysctl.
  tcp: Fix a data-race around sysctl_tcp_max_orphans.
  sysctl: Fix data races in proc_dointvec_jiffies().
  sysctl: Fix data races in proc_doulongvec_minmax().
  sysctl: Fix data races in proc_douintvec_minmax().
  sysctl: Fix data races in proc_dointvec_minmax().
  sysctl: Fix data races in proc_douintvec().
  sysctl: Fix data races in proc_dointvec().
  net: stmmac: dwc-qos: Disable split header for Tegra194
  ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
  ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks()
  ASoC: tas2764: Fix amp gain register offset & default
  ASoC: tas2764: Correct playback volume range
  ASoC: tas2764: Fix and extend FSYNC polarity handling
  ASoC: tas2764: Add post reset delays
  ASoC: sgtl5000: Fix noise on shutdown/remove
  ima: Fix a potential integer overflow in ima_appraise_measurement
  drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
  net/mlx5e: Fix capability check for updating vnic env counters
  net/mlx5e: kTLS, Fix build time constant test in RX
  net/mlx5e: kTLS, Fix build time constant test in TX
  ARM: 9210/1: Mark the FDT_FIXED sections as shareable
  ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
  spi: amd: Limit max transfer and message size
  ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
  ext4: fix race condition between ext4_write and ext4_convert_inline_data
  Revert "evm: Fix memleak in init_desc"
  sh: convert nommu io{re,un}map() to static inline functions
  nilfs2: fix incorrect masking of permission flags for symlinks
  fs/remap: constrain dedupe of EOF blocks
  drm/panfrost: Fix shrinker list corruption by madvise IOCTL
  drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error
  btrfs: return -EAGAIN for NOWAIT dio reads/writes on compressed and inline extents
  cgroup: Use separate src/dst nodes when preloading css_sets for migration
  wifi: mac80211: fix queue selection for mesh/OCB interfaces
  ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
  ARM: 9213/1: Print message about disabled Spectre workarounds only once
  ip: fix dflt addr selection for connected nexthop
  net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
  tracing/histograms: Fix memory leak problem
  mm: split huge PUD on wp_huge_pud fallback
  fix race between exit_itimers() and /proc/pid/timers
  xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
  ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
  ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
  ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
  ALSA: hda/realtek: Fix headset mic for Acer SF313-51
  ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
  ALSA: hda - Add fixup for Dell Latitidue E5430
  Linux 5.10.131
  Revert "mtd: rawnand: gpmi: Fix setting busy timeout setting"
  ANDROID: random: fix CRC issues with the merge
  ANDROID: change function signatures for some random functions.
  ANDROID: cpu/hotplug: avoid breaking Android ABI by fusing cpuhp steps
  ANDROID: random: add back removed callback functions
  UPSTREAM: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
  UPSTREAM: lib/crypto: add prompts back to crypto libraries
  Linux 5.10.130
  dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
  dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
  dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
  dmaengine: pl330: Fix lockdep warning about non-static key
  ida: don't use BUG_ON() for debugging
  dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
  misc: rtsx_usb: set return value in rsp_buf alloc err path
  misc: rtsx_usb: use separate command and response buffers
  misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
  dmaengine: imx-sdma: Allow imx8m for imx7 FW revs
  i2c: cadence: Unregister the clk notifier in error path
  r8169: fix accessing unset transport header
  selftests: forwarding: fix error message in learning_test
  selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
  selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT
  ibmvnic: Properly dispose of all skbs during a failover.
  i40e: Fix dropped jumbo frames statistics
  xsk: Clear page contiguity bit when unmapping pool
  ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
  ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
  ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
  ARM: at91: pm: use proper compatible for sama5d2's rtc
  arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
  pinctrl: sunxi: sunxi_pconf_set: use correct offset
  arm64: dts: imx8mp-evk: correct I2C3 pad settings
  arm64: dts: imx8mp-evk: correct gpio-led pad settings
  arm64: dts: imx8mp-evk: correct the uart2 pinctl value
  arm64: dts: imx8mp-evk: correct mmc pad settings
  arm64: dts: qcom: msm8994: Fix CPU6/7 reg values
  pinctrl: sunxi: a83t: Fix NAND function name for some pins
  ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
  xfs: remove incorrect ASSERT in xfs_rename
  can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
  can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
  can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
  powerpc/powernv: delay rng platform device creation until later in boot
  video: of_display_timing.h: include errno.h
  memregion: Fix memregion_free() fallback definition
  PM: runtime: Redefine pm_runtime_release_supplier()
  fbcon: Prevent that screen size is smaller than font size
  fbcon: Disallow setting font bigger than screen size
  fbmem: Check virtual screen sizes in fb_set_var()
  fbdev: fbmem: Fix logo center image dx issue
  iommu/vt-d: Fix PCI bus rescan device hot add
  netfilter: nf_tables: stricter validation of element data
  netfilter: nft_set_pipapo: release elements in clone from abort path
  net: rose: fix UAF bug caused by rose_t0timer_expiry
  usbnet: fix memory leak in error case
  bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals
  bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
  can: gs_usb: gs_usb_open/close(): fix memory leak
  can: grcan: grcan_probe(): remove extra of_node_get()
  can: bcm: use call_rcu() instead of costly synchronize_rcu()
  ALSA: hda/realtek: Add quirk for Clevo L140PU
  mm/slub: add missing TID updates on slab deactivation
  Linux 5.10.129
  clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup()
  net: usb: qmi_wwan: add Telit 0x1070 composition
  net: usb: qmi_wwan: add Telit 0x1060 composition
  xen/arm: Fix race in RB-tree based P2M accounting
  xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses()
  xen/blkfront: force data bouncing when backend is untrusted
  xen/netfront: force data bouncing when backend is untrusted
  xen/netfront: fix leaking data in shared pages
  xen/blkfront: fix leaking data in shared pages
  selftests/rseq: Change type of rseq_offset to ptrdiff_t
  selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area
  selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area
  selftests/rseq: Fix: work-around asm goto compiler bugs
  selftests/rseq: Remove arm/mips asm goto compiler work-around
  selftests/rseq: Fix warnings about #if checks of undefined tokens
  selftests/rseq: Fix ppc32 offsets by using long rather than off_t
  selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for load/store
  selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian
  selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
  selftests/rseq: Introduce thread pointer getters
  selftests/rseq: Introduce rseq_get_abi() helper
  selftests/rseq: Remove volatile from __rseq_abi
  selftests/rseq: Remove useless assignment to cpu variable
  selftests/rseq: introduce own copy of rseq uapi header
  selftests/rseq: remove ARRAY_SIZE define from individual tests
  hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
  ipv6/sit: fix ipip6_tunnel_get_prl return value
  sit: use min
  drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
  xen/gntdev: Avoid blocking in unmap_grant_pages()
  tcp: add a missing nf_reset_ct() in 3WHS handling
  xfs: fix xfs_reflink_unshare usage of filemap_write_and_wait_range
  xfs: update superblock counters correctly for !lazysbcount
  xfs: fix xfs_trans slab cache name
  xfs: ensure xfs_errortag_random_default matches XFS_ERRTAG_MAX
  xfs: Skip repetitive warnings about mount options
  xfs: rename variable mp to parsing_mp
  xfs: use current->journal_info for detecting transaction recursion
  net: tun: avoid disabling NAPI twice
  tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
  io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio
  epic100: fix use after free on rmmod
  tipc: move bc link creation back to tipc_node_create
  NFC: nxp-nci: Don't issue a zero length i2c_master_read()
  nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
  net: bonding: fix use-after-free after 802.3ad slave unbind
  net: bonding: fix possible NULL deref in rlb code
  net/sched: act_api: Notify user space if any actions were flushed before error
  netfilter: nft_dynset: restore set element counter when failing to update
  s390: remove unneeded 'select BUILD_BIN2C'
  PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events
  caif_virtio: fix race between virtio_device_ready() and ndo_open()
  NFSD: restore EINVAL error translation in nfsd_commit()
  net: ipv6: unexport __init-annotated seg6_hmac_net_init()
  usbnet: fix memory allocation in helpers
  linux/dim: Fix divide by 0 in RDMA DIM
  RDMA/cm: Fix memory leak in ib_cm_insert_listen
  RDMA/qedr: Fix reporting QP timeout attribute
  net: dp83822: disable rx error interrupt
  net: dp83822: disable false carrier interrupt
  net: tun: stop NAPI when detaching queues
  net: tun: unlink NAPI from device on destruction
  net: dsa: bcm_sf2: force pause link settings
  selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
  virtio-net: fix race between ndo_open() and virtio_device_ready()
  net: usb: ax88179_178a: Fix packet receiving
  net: rose: fix UAF bugs caused by timer handler
  SUNRPC: Fix READ_PLUS crasher
  s390/archrandom: simplify back to earlier design and initialize earlier
  dm raid: fix KASAN warning in raid5_add_disks
  dm raid: fix accesses beyond end of raid member array
  powerpc/bpf: Fix use of user_pt_regs in uapi
  powerpc/book3e: Fix PUD allocation size in map_kernel_page()
  powerpc/prom_init: Fix kernel config grep
  nvdimm: Fix badblocks clear off-by-one error
  nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G)
  ipv6: take care of disable_policy when restoring routes
  drm/amdgpu: To flush tlb for MMHUB of RAVEN series
  Linux 5.10.128
  net: mscc: ocelot: allow unregistered IP multicast flooding
  powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
  xfs: check sb_meta_uuid for dabuf buffer recovery
  xfs: remove all COW fork extents when remounting readonly
  xfs: Fix the free logic of state in xfs_attr_node_hasname
  xfs: punch out data fork delalloc blocks on COW writeback failure
  xfs: use kmem_cache_free() for kmem_cache objects
  bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init()
  tick/nohz: unexport __init-annotated tick_nohz_full_setup()
  drm: remove drm_fb_helper_modinit
  MAINTAINERS: add Amir as xfs maintainer for 5.10.y
  Linux 5.10.127
  powerpc/pseries: wire up rng during setup_arch()
  kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt)
  random: update comment from copy_to_user() -> copy_to_iter()
  modpost: fix section mismatch check for exported init/exit sections
  ARM: cns3xxx: Fix refcount leak in cns3xxx_init
  memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings
  ARM: Fix refcount leak in axxia_boot_secondary
  soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
  ARM: exynos: Fix refcount leak in exynos_map_pmu
  ARM: dts: imx6qdl: correct PU regulator ramp delay
  ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node
  powerpc/powernv: wire up rng during setup_arch
  powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
  powerpc: Enable execve syscall exit tracepoint
  parisc: Enable ARCH_HAS_STRICT_MODULE_RWX
  parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI
  xtensa: Fix refcount leak bug in time.c
  xtensa: xtfpga: Fix refcount leak bug in setup
  iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client
  iio: adc: axp288: Override TS pin bias current for some models
  iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message
  iio: adc: stm32: Fix ADCs iteration in irq handler
  iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value)
  iio: adc: stm32: fix maximum clock rate for stm32mp15x
  iio: trigger: sysfs: fix use-after-free on remove
  iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
  iio: accel: mma8452: ignore the return value of reset operation
  iio:accel:mxc4005: rearrange iio trigger get and register
  iio:accel:bma180: rearrange iio trigger get and register
  iio:chemical:ccs811: rearrange iio trigger get and register
  f2fs: attach inline_data after setting compression
  usb: chipidea: udc: check request status before setting device address
  USB: gadget: Fix double-free bug in raw_gadget driver
  usb: gadget: Fix non-unique driver names in raw-gadget driver
  xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI
  xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI
  xhci: turn off port power in shutdown
  usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC
  iio: adc: vf610: fix conversion mode sysfs node name
  iio: mma8452: fix probe fail when device tree compatible is used.
  s390/cpumf: Handle events cycles and instructions identical
  gpio: winbond: Fix error code in winbond_gpio_get()
  nvme: move the Samsung X5 quirk entry to the core quirks
  nvme-pci: add NO APST quirk for Kioxia device
  nvme-pci: allocate nvme_command within driver pdu
  nvme: don't check nvme_req flags for new req
  nvme: mark nvme_setup_passsthru() inline
  nvme: split nvme_alloc_request()
  nvme: centralize setting the timeout in nvme_alloc_request
  Revert "net/tls: fix tls_sk_proto_close executed repeatedly"
  virtio_net: fix xdp_rxq_info bug after suspend/resume
  igb: Make DMA faster when CPU is active on the PCIe link
  regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips
  ice: ethtool: advertise 1000M speeds properly
  afs: Fix dynamic root getattr
  MIPS: Remove repetitive increase irq_err_count
  x86/xen: Remove undefined behavior in setup_features()
  selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh
  udmabuf: add back sanity check
  net/tls: fix tls_sk_proto_close executed repeatedly
  erspan: do not assume transport header is always set
  drm/msm/dp: fix connect/disconnect handled at irq_hpd
  drm/msm/dp: promote irq_hpd handle to handle link training correctly
  drm/msm/dp: deinitialize mainlink if link training failed
  drm/msm/dp: fixes wrong connection state caused by failure of link train
  drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind()
  drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
  net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
  bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
  igb: fix a use-after-free issue in igb_clean_tx_ring
  tipc: fix use-after-free Read in tipc_named_reinit
  tipc: simplify the finalize work queue
  phy: aquantia: Fix AN when higher speeds than 1G are not advertised
  bpf, x86: Fix tail call count offset calculation on bpf2bpf call
  drm/sun4i: Fix crash during suspend after component bind failure
  bpf: Fix request_sock leak in sk lookup helpers
  drm/msm: use for_each_sgtable_sg to iterate over scatterlist
  scsi: scsi_debug: Fix zone transition to full condition
  netfilter: use get_random_u32 instead of prandom
  netfilter: nftables: add nft_parse_register_store() and use it
  netfilter: nftables: add nft_parse_register_load() and use it
  drm/msm: Fix double pm_runtime_disable() call
  USB: serial: option: add Quectel RM500K module support
  USB: serial: option: add Quectel EM05-G modem
  USB: serial: option: add Telit LE910Cx 0x1250 composition
  dm mirror log: clear log bits up to BITS_PER_LONG boundary
  dm era: commit metadata in postsuspend after worker stops
  ata: libata: add qc->flags in ata_qc_complete_template tracepoint
  mtd: rawnand: gpmi: Fix setting busy timeout setting
  mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing
  btrfs: add error messages to all unrecognized mount options
  net: openvswitch: fix parsing of nw_proto for IPv6 fragments
  ALSA: hda/realtek: Add quirk for Clevo NS50PU
  ALSA: hda/realtek: Add quirk for Clevo PD70PNT
  ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly
  ALSA: hda/realtek - ALC897 headset MIC no sound
  ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop
  ALSA: hda/conexant: Fix missing beep setup
  ALSA: hda/via: Fix missing beep setup
  random: quiet urandom warning ratelimit suppression message
  random: schedule mix_interrupt_randomness() less often
  vt: drop old FONT ioctls
  Linux 5.10.126
  io_uring: use separate list entry for iopoll requests
  Linux 5.10.125
  io_uring: add missing item types for various requests
  arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer
  serial: core: Initialize rs485 RTS polarity already on probe
  tcp: drop the hash_32() part from the index calculation
  tcp: increase source port perturb table to 2^16
  tcp: dynamically allocate the perturb table used by source ports
  tcp: add small random increments to the source port
  tcp: use different parts of the port_offset for index and offset
  tcp: add some entropy in __inet_hash_connect()
  usb: gadget: u_ether: fix regression in setting fixed MAC address
  zonefs: fix zonefs_iomap_begin() for reads
  s390/mm: use non-quiescing sske for KVM switch to keyed guest
  Revert "xfrm: Add possibility to set the default to block if we have no policy"
  Revert "net: xfrm: fix shift-out-of-bounce"
  Revert "xfrm: make user policy API complete"
  Revert "xfrm: notify default policy on update"
  Revert "xfrm: fix dflt policy check when there is no policy configured"
  Revert "xfrm: rework default policy structure"
  Revert "xfrm: fix "disable_policy" flag use when arriving from different devices"
  Revert "include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage"
  Linux 5.10.124
  clk: imx8mp: fix usb_root_clk parent
  powerpc/book3e: get rid of #include <generated/compile.h>
  igc: Enable PCIe PTM
  Revert "PCI: Make pci_enable_ptm() private"
  net: openvswitch: fix misuse of the cached connection on tuple changes
  net/sched: act_police: more accurate MTU policing
  dma-direct: don't over-decrypt memory
  virtio-pci: Remove wrong address verification in vp_del_vqs()
  ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
  KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak
  KVM: x86: Account a variety of miscellaneous allocations
  KVM: arm64: Don't read a HW interrupt pending state in user context
  ext4: add reserved GDT blocks check
  ext4: make variable "count" signed
  ext4: fix bug_on ext4_mb_use_inode_pa
  drm/amd/display: Cap OLED brightness per max frame-average luminance
  dm mirror log: round up region bitmap size to BITS_PER_LONG
  serial: 8250: Store to lsr_save_flags after lsr read
  usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
  usb: dwc2: Fix memory leak in dwc2_hcd_init
  USB: serial: io_ti: add Agilent E5805A support
  USB: serial: option: add support for Cinterion MV31 with new baseline
  crypto: memneq - move into lib/
  comedi: vmk80xx: fix expression for tx buffer size
  mei: me: add raptor lake point S DID
  i2c: designware: Use standard optional ref clock implementation
  irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
  irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions
  irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
  i2c: npcm7xx: Add check for platform_driver_register
  faddr2line: Fix overlapping text section failures, the sequel
  block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
  certs/blacklist_hashes.c: fix const confusion in certs blacklist
  arm64: ftrace: consistently handle PLTs.
  arm64: ftrace: fix branch range checks
  net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
  net: bgmac: Fix an erroneous kfree() in bgmac_remove()
  mlxsw: spectrum_cnt: Reorder counter pools
  nvme: add device name to warning in uuid_show()
  nvme: use sysfs_emit instead of sprintf
  drm/i915/reset: Fix error_state_read ptr + offset use
  misc: atmel-ssc: Fix IRQ check in ssc_probe
  tty: goldfish: Fix free_irq() on remove
  Drivers: hv: vmbus: Release cpu lock in error case
  i40e: Fix call trace in setup_tx_descriptors
  i40e: Fix calculating the number of queue pairs
  i40e: Fix adding ADQ filter to TC0
  clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()
  pNFS: Avoid a live lock condition in pnfs_update_layout()
  pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
  random: credit cpu and bootloader seeds by default
  gpio: dwapb: Don't print error on -EPROBE_DEFER
  MIPS: Loongson-3: fix compile mips cpu_hwmon as module build error.
  mellanox: mlx5: avoid uninitialized variable warning with gcc-12
  net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
  ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
  nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
  virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
  ALSA: hda/realtek - Add HW8326 support
  scsi: pmcraid: Fix missing resource cleanup in error case
  scsi: ipr: Fix missing/incorrect resource cleanup in error case
  scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion
  scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
  scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
  Input: soc_button_array - also add Lenovo Yoga Tablet2 1051F to dmi_use_low_level_irq
  ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
  ASoC: es8328: Fix event generation for deemphasis control
  ASoC: wm8962: Fix suspend while playing music
  quota: Prevent memory allocation recursion while holding dq_lock
  ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
  ASoC: cs42l51: Correct minimum value for SX volume control
  ASoC: cs42l56: Correct typo in minimum level for SX volume controls
  ASoC: cs42l52: Correct TLV for Bypass Volume
  ASoC: cs53l30: Correct number of volume levels on SX controls
  ASoC: cs35l36: Update digital volume TLV
  ASoC: cs42l52: Fix TLV scales for mixer controls
  dma-debug: make things less spammy under memory pressure
  ASoC: nau8822: Add operation for internal PLL off and on
  powerpc/kasan: Silence KASAN warnings in __get_wchan()
  arm64: dts: imx8mm-beacon: Enable RTS-CTS on UART3
  bpf: Fix incorrect memory charge cost calculation in stack_map_alloc()
  nfsd: Replace use of rwsem with errseq_t
  9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
  Linux 5.10.123
  x86/speculation/mmio: Print SMT warning
  KVM: x86/speculation: Disable Fill buffer clear within guests
  x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
  x86/speculation/srbds: Update SRBDS mitigation selection
  x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
  x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
  x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
  x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
  x86/speculation: Add a common function for MD_CLEAR mitigation update
  x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
  Documentation: Add documentation for Processor MMIO Stale Data
  Linux 5.10.122
  tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
  dmaengine: idxd: add missing callback function to support DMA_INTERRUPT
  zonefs: fix handling of explicit_open option on mount
  PCI: qcom: Fix pipe clock imbalance
  md/raid0: Ignore RAID0 layout if the second zone has only one device
  interconnect: Restore sync state by ignoring ipa-virt in provider count
  interconnect: qcom: sc7180: Drop IP0 interconnects
  powerpc/mm: Switch obsolete dssall to .long
  powerpc/32: Fix overread/overwrite of thread_struct via ptrace
  drm/atomic: Force bridge self-refresh-exit on CRTC switch
  drm/bridge: analogix_dp: Support PSR-exit to disable transition
  Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
  ixgbe: fix unexpected VLAN Rx in promisc mode on VF
  ixgbe: fix bcast packets Rx on VF after promisc removal
  nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION
  nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
  nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
  net: phy: dp83867: retrigger SGMII AN when link change
  mmc: block: Fix CQE recovery reset success
  ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
  cifs: fix reconnect on smb3 mount types
  cifs: return errors during session setup during reconnects
  ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo Yoga DuetITL 2021
  ALSA: hda/conexant - Fix loopback issue with CX20632
  scripts/gdb: change kernel config dumping method
  vringh: Fix loop descriptors check in the indirect cases
  nodemask: Fix return values to be unsigned
  cifs: version operations for smb20 unneeded when legacy support disabled
  s390/gmap: voluntarily schedule during key setting
  nbd: fix io hung while disconnecting device
  nbd: fix race between nbd_alloc_config() and module removal
  nbd: call genl_unregister_family() first in nbd_cleanup()
  jump_label,noinstr: Avoid instrumentation for JUMP_LABEL=n builds
  x86/cpu: Elide KCSAN for cpu_has() and friends
  modpost: fix undefined behavior of is_arm_mapping_symbol()
  drm/radeon: fix a possible null pointer dereference
  ceph: allow ceph.dir.rctime xattr to be updatable
  Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
  scsi: myrb: Fix up null pointer access on myrb_cleanup()
  md: protect md_unregister_thread from reentrancy
  watchdog: wdat_wdt: Stop watchdog when rebooting the system
  kernfs: Separate kernfs_pr_cont_buf and rename_lock.
  serial: msm_serial: disable interrupts in __msm_console_write()
  staging: rtl8712: fix uninit-value in r871xu_drv_init()
  staging: rtl8712: fix uninit-value in usb_read8() and friends
  clocksource/drivers/sp804: Avoid error on multiple instances
  extcon: Modify extcon device to be created after driver data is set
  misc: rtsx: set NULL intfdata when probe fails
  usb: dwc2: gadget: don't reset gadget's driver->bus
  sysrq: do not omit current cpu when showing backtrace of all active CPUs
  USB: hcd-pci: Fully suspend across freeze/thaw cycle
  drivers: usb: host: Fix deadlock in oxu_bus_suspend()
  drivers: tty: serial: Fix deadlock in sa1100_set_termios()
  USB: host: isp116x: check return value after calling platform_get_resource()
  drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
  drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
  tty: Fix a possible resource leak in icom_probe
  tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
  lkdtm/usercopy: Expand size of "out of frame" object
  iio: st_sensors: Add a local lock for protecting odr
  staging: rtl8712: fix a potential memory leak in r871xu_drv_init()
  iio: dummy: iio_simple_dummy: check the return value of kstrdup()
  drm: imx: fix compiler warning with gcc-12
  net: altera: Fix refcount leak in altera_tse_mdio_create
  ip_gre: test csum_start instead of transport header
  net/mlx5: fs, fail conflicting actions
  net/mlx5: Rearm the FW tracer after each tracer event
  net: ipv6: unexport __init-annotated seg6_hmac_init()
  net: xfrm: unexport __init-annotated xfrm4_protocol_init()
  net: mdio: unexport __init-annotated mdio_bus_init()
  SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
  net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
  net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list
  bpf, arm64: Clear prog->jited_len along prog->jited
  af_unix: Fix a data-race in unix_dgram_peer_wake_me().
  xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
  netfilter: nf_tables: bail out early if hardware offload is not supported
  netfilter: nf_tables: memleak flow rule from commit path
  netfilter: nf_tables: release new hooks on unsupported flowtable flags
  ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
  netfilter: nf_tables: always initialize flowtable hook list in transaction
  powerpc/kasan: Force thread size increase with KASAN
  netfilter: nf_tables: delete flowtable hooks via transaction list
  netfilter: nat: really support inet nat without l3 address
  xprtrdma: treat all calls not a bcall when bc_serv is NULL
  video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
  video: fbdev: hyperv_fb: Allow resolutions with size > 64 MB for Gen1
  NFSv4: Don't hold the layoutget locks across multiple RPC calls
  dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type
  m68knommu: fix undefined reference to `_init_sp'
  m68knommu: set ZERO_PAGE() to the allocated zeroed page
  i2c: cadence: Increase timeout per message if necessary
  f2fs: remove WARN_ON in f2fs_is_valid_blkaddr
  iommu/arm-smmu-v3: check return value after calling platform_get_resource()
  iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe()
  tracing: Avoid adding tracer option before update_tracer_options
  tracing: Fix sleeping function called from invalid context on RT kernel
  bootconfig: Make the bootconfig.o as a normal object file
  mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
  dmaengine: idxd: set DMA_INTERRUPT cap bit
  perf c2c: Fix sorting in percent_rmt_hitm_cmp()
  driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction
  tipc: check attribute length for bearer name
  scsi: sd: Fix potential NULL pointer dereference
  afs: Fix infinite loop found by xfstest generic/676
  gpio: pca953x: use the correct register address to do regcache sync
  tcp: tcp_rtx_synack() can be called from process context
  net: sched: add barrier to fix packet stuck problem for lockless qdisc
  net/mlx5e: Update netdev features after changing XDP state
  net/mlx5: correct ECE offset in query qp output
  net/mlx5: Don't use already freed action pointer
  sfc: fix wrong tx channel offset with efx_separate_tx_channels
  sfc: fix considering that all channels have TX queues
  nfp: only report pause frame configuration for physical device
  net/smc: fixes for converting from "struct smc_cdc_tx_pend **" to "struct smc_wr_tx_pend_priv *"
  riscv: read-only pages should not be writable
  bpf: Fix probe read error in ___bpf_prog_run()
  ubi: ubi_create_volume: Fix use-after-free when volume creation failed
  ubi: fastmap: Fix high cpu usage of ubi_bgt by making sure wl_pool not empty
  jffs2: fix memory leak in jffs2_do_fill_super
  modpost: fix removing numeric suffixes
  net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
  net: ethernet: ti: am65-cpsw-nuss: Fix some refcount leaks
  net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
  net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog
  s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
  clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
  ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition
  watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
  watchdog: rti-wdt: Fix pm_runtime_get_sync() error checking
  driver core: fix deadlock in __device_attach
  driver: base: fix UAF when driver_attach failed
  bus: ti-sysc: Fix warnings for unbind for serial
  firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
  serial: stm32-usart: Correct CSIZE, bits, and parity
  serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
  serial: sifive: Sanitize CSIZE and c_iflag
  serial: sh-sci: Don't allow CS5-6
  serial: txx9: Don't allow CS5-6
  serial: rda-uart: Don't allow CS5-6
  serial: digicolor-usart: Don't allow CS5-6
  serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
  serial: meson: acquire port->lock in startup()
  rtc: mt6397: check return value after calling platform_get_resource()
  clocksource/drivers/riscv: Events are stopped during CPU suspend
  soc: rockchip: Fix refcount leak in rockchip_grf_init
  extcon: ptn5150: Add queue work sync before driver release
  coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
  serial: sifive: Report actual baud base rather than fixed 115200
  phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
  rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
  iio: adc: sc27xx: Fine tune the scale calibration values
  iio: adc: sc27xx: fix read big scale voltage not right
  iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout
  iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check
  usb: typec: mux: Check dev_set_name() return value
  firmware: stratix10-svc: fix a missing check on list iterator
  misc: fastrpc: fix an incorrect NULL check on list iterator
  usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
  rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
  pwm: lp3943: Fix duty calculation in case period was clamped
  staging: fieldbus: Fix the error handling path in anybuss_host_common_probe()
  usb: musb: Fix missing of_node_put() in omap2430_probe
  USB: storage: karma: fix rio_karma_init return
  usb: usbip: add missing device lock on tweak configuration cmd
  usb: usbip: fix a refcount leak in stub_probe()
  tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get
  tty: n_tty: Restore EOF push handling behavior
  tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe
  tty: goldfish: Use tty_port_destroy() to destroy port
  lkdtm/bugs: Check for the NULL pointer after calling kmalloc
  iio: adc: ad7124: Remove shift from scan_type
  staging: greybus: codecs: fix type confusion of list iterator variable
  pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
  Linux 5.10.121
  md: bcache: check the return value of kzalloc() in detached_dev_do_request()
  ext4: only allow test_dummy_encryption when supported
  MIPS: IP30: Remove incorrect `cpu_has_fpu' override
  MIPS: IP27: Remove incorrect `cpu_has_fpu' override
  RDMA/rxe: Generate a completion for unsupported/invalid opcode
  Revert "random: use static branch for crng_ready()"
  block: fix bio_clone_blkg_association() to associate with proper blkcg_gq
  bfq: Make sure bfqg for which we are queueing requests is online
  bfq: Get rid of __bio_blkcg() usage
  bfq: Remove pointless bfq_init_rq() calls
  bfq: Drop pointless unlock-lock pair
  bfq: Avoid merging queues with different parents
  thermal/core: Fix memory leak in the error path
  thermal/core: fix a UAF bug in __thermal_cooling_device_register()
  kseltest/cgroup: Make test_stress.sh work if run interactively
  xfs: assert in xfs_btree_del_cursor should take into account error
  xfs: consider shutdown in bmapbt cursor delete assert
  xfs: force log and push AIL to clear pinned inodes when aborting mount
  xfs: restore shutdown check in mapped write fault path
  xfs: fix incorrect root dquot corruption error when switching group/project quota types
  xfs: fix chown leaking delalloc quota blocks when fssetxattr fails
  xfs: sync lazy sb accounting on quiesce of read-only mounts
  xfs: set inode size after creating symlink
  net: ipa: fix page free in ipa_endpoint_replenish_one()
  net: ipa: fix page free in ipa_endpoint_trans_release()
  phy: qcom-qmp: fix reset-controller leak on probe errors
  coresight: core: Fix coresight device probe failure issue
  blk-iolatency: Fix inflight count imbalances and IO hangs on offline
  vdpasim: allow to enable a vq repeatedly
  dt-bindings: gpio: altera: correct interrupt-cells
  docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
  SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op
  ARM: pxa: maybe fix gpio lookup tables
  ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries
  phy: qcom-qmp: fix struct clk leak on probe errors
  arm64: dts: qcom: ipq8074: fix the sleep clock frequency
  gma500: fix an incorrect NULL check on list iterator
  tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
  serial: pch: don't overwrite xmit->buf[0] by x_char
  bcache: avoid journal no-space deadlock by reserving 1 journal bucket
  bcache: remove incremental dirty sector counting for bch_sectors_dirty_init()
  bcache: improve multithreaded bch_sectors_dirty_init()
  bcache: improve multithreaded bch_btree_check()
  stm: ltdc: fix two incorrect NULL checks on list iterator
  carl9170: tx: fix an incorrect use of list iterator
  ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
  rtl818x: Prevent using not initialized queues
  xtensa/simdisk: fix proc_read_simdisk()
  hugetlb: fix huge_pmd_unshare address update
  nodemask.h: fix compilation error with GCC12
  iommu/msm: Fix an incorrect NULL check on list iterator
  ftrace: Clean up hash direct_functions on register failures
  kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
  um: Fix out-of-bounds read in LDT setup
  um: chan_user: Fix winch_tramp() return value
  mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
  cfg80211: declare MODULE_FIRMWARE for regulatory.db
  irqchip: irq-xtensa-mx: fix initial IRQ affinity
  irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
  csky: patch_text: Fixup last cpu should be master
  RDMA/hfi1: Fix potential integer multiplication overflow errors
  Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug
  ima: remove the IMA_TEMPLATE Kconfig option
  media: coda: Add more H264 levels for CODA960
  media: coda: Fix reported H264 profile
  mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
  mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
  md: fix an incorrect NULL check in md_reload_sb
  md: fix an incorrect NULL check in does_sb_need_changing
  drm/i915/dsi: fix VBT send packet port selection for ICL+
  drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
  drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator
  drm/nouveau/clk: Fix an incorrect NULL check on list iterator
  drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
  drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
  scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
  scsi: dc395x: Fix a missing check on list iterator
  ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
  dlm: fix missing lkb refcount handling
  dlm: fix plock invalid read
  s390/perf: obtain sie_block from the right address
  mm, compaction: fast_find_migrateblock() should return pfn in the target zone
  PCI: qcom: Fix unbalanced PHY init on probe errors
  PCI: qcom: Fix runtime PM imbalance on probe errors
  PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
  tracing: Fix potential double free in create_var_ref()
  ACPI: property: Release subnode properties with data nodes
  ext4: avoid cycles in directory h-tree
  ext4: verify dir block before splitting it
  ext4: fix bug_on in __es_tree_search
  ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
  ext4: fix bug_on in ext4_writepages
  ext4: fix warning in ext4_handle_inode_extension
  ext4: fix use-after-free in ext4_rename_dir_prepare
  bfq: Track whether bfq_group is still online
  bfq: Update cgroup information before merging bio
  bfq: Split shared queues on move between cgroups
  efi: Do not import certificates from UEFI Secure Boot for T2 Macs
  fs-writeback: writeback_sb_inodes：Recalculate 'wrote' according skipped pages
  iwlwifi: mvm: fix assert 1F04 upon reconfig
  wifi: mac80211: fix use-after-free in chanctx code
  f2fs: fix to do sanity check for inline inode
  f2fs: fix fallocate to use file_modified to update permissions consistently
  f2fs: fix to do sanity check on total_data_blocks
  f2fs: don't need inode lock for system hidden quota
  f2fs: fix deadloop in foreground GC
  f2fs: fix to clear dirty inode in f2fs_evict_inode()
  f2fs: fix to do sanity check on block address in f2fs_do_zero_range()
  f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
  perf jevents: Fix event syntax error caused by ExtSel
  perf c2c: Use stdio interface if slang is not supported
  i2c: rcar: fix PM ref counts in probe error paths
  i2c: npcm: Handle spurious interrupts
  i2c: npcm: Correct register access width
  i2c: npcm: Fix timeout calculation
  iommu/amd: Increase timeout waiting for GA log enablement
  dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler()
  dmaengine: stm32-mdma: rework interrupt handler
  dmaengine: stm32-mdma: remove GISR1 register
  video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
  NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
  NFS: Don't report errors from nfs_pageio_complete() more than once
  NFS: Do not report flush errors in nfs_write_end()
  NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS
  NFS: Do not report EINTR/ERESTARTSYS as mapping errors
  dmaengine: idxd: Fix the error handling path in idxd_cdev_register()
  i2c: at91: Initialize dma_buf in at91_twi_xfer()
  MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon
  cpufreq: mediatek: Unregister platform device on exit
  cpufreq: mediatek: Use module_init and add module_exit
  cpufreq: mediatek: add missing platform_driver_unregister() on error in mtk_cpufreq_driver_init
  i2c: at91: use dma safe buffers
  iommu/mediatek: Add list_del in mtk_iommu_remove
  f2fs: fix dereference of stale list iterator after loop body
  OPP: call of_node_put() on error path in _bandwidth_supported()
  Input: stmfts - do not leave device disabled in stmfts_input_open
  RDMA/hfi1: Prevent use of lock before it is initialized
  mailbox: forward the hrtimer if not queued and under a lock
  mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe()
  powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
  macintosh: via-pmu and via-cuda need RTC_LIB
  powerpc/perf: Fix the threshold compare group constraint for power9
  powerpc/64: Only WARN if __pa()/__va() called with bad addresses
  hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume()
  PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits
  Input: sparcspkr - fix refcount leak in bbc_beep_probe
  crypto: cryptd - Protect per-CPU resource by disabling BH.
  crypto: sun8i-ss - handle zero sized sg
  crypto: sun8i-ss - rework handling of IV
  tty: fix deadlock caused by calling printk() under tty_port->lock
  PCI: imx6: Fix PERST# start-up sequence
  ipc/mqueue: use get_tree_nodev() in mqueue_get_tree()
  proc: fix dentry/inode overinstantiating under /proc/${pid}/net
  ASoC: atmel-classd: Remove endianness flag on class d component
  ASoC: atmel-pdmic: Remove endianness flag on pdmic component
  powerpc/4xx/cpm: Fix return value of __setup() handler
  powerpc/idle: Fix return value of __setup() handler
  pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources()
  powerpc/8xx: export 'cpm_setbrg' for modules
  drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block()
  dax: fix cache flush on PMD-mapped pages
  drivers/base/node.c: fix compaction sysfs file leak
  pinctrl: mvebu: Fix irq_of_parse_and_map() return value
  nvdimm: Allow overwrite in the presence of disabled dimms
  nvdimm: Fix firmware activation deadlock scenarios
  firmware: arm_scmi: Fix list protocols enumeration in the base protocol
  scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
  mfd: ipaq-micro: Fix error check return value of platform_get_irq()
  powerpc/fadump: fix PT_LOAD segment for boot memory area
  arm: mediatek: select arch timer for mt7629
  pinctrl: bcm2835: implement hook for missing gpio-ranges
  gpiolib: of: Introduce hook for missing gpio-ranges
  crypto: marvell/cesa - ECB does not IV
  misc: ocxl: fix possible double free in ocxl_file_register_afu
  ARM: dts: bcm2835-rpi-b: Fix GPIO line names
  ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED
  ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C
  ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
  ARM: dts: stm32: Fix PHY post-reset delay on Avenger96
  can: xilinx_can: mark bit timing constants as const
  platform/chrome: Re-introduce cros_ec_cmd_xfer and use it for ioctls
  ARM: dts: imx6dl-colibri: Fix I2C pinmuxing
  platform/chrome: cros_ec: fix error handling in cros_ec_register()
  KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault
  KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry
  soc: qcom: llcc: Add MODULE_DEVICE_TABLE()
  ARM: dts: ci4x10: Adapt to changes in imx6qdl.dtsi regarding fec clocks
  PCI: dwc: Fix setting error return on MSI DMA mapping failure
  PCI: rockchip: Fix find_first_zero_bit() limit
  PCI: cadence: Fix find_first_zero_bit() limit
  soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
  soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
  ARM: dts: suniv: F1C100: fix watchdog compatible
  memory: samsung: exynos5422-dmc: Avoid some over memory allocation
  arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
  net/smc: postpone sk_refcnt increment in connect()
  hinic: Avoid some over memory allocation
  net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc()
  rxrpc: Fix decision on when to generate an IDLE ACK
  rxrpc: Don't let ack.previousPacket regress
  rxrpc: Fix overlapping ACK accounting
  rxrpc: Don't try to resend the request if we're receiving the reply
  rxrpc: Fix listen() setting the bar too high for the prealloc rings
  hv_netvsc: Fix potential dereference of NULL pointer
  net: stmmac: fix out-of-bounds access in a selftest
  net: stmmac: selftests: Use kcalloc() instead of kzalloc()
  ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv()
  NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
  ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
  thermal/drivers/imx_sc_thermal: Fix refcount leak in imx_sc_thermal_probe
  thermal/core: Fix memory leak in __thermal_cooling_device_register()
  thermal/drivers/core: Use a char pointer for the cooling device name
  thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe
  thermal/drivers/bcm2711: Don't clamp temperature at zero
  drm/i915: Fix CFI violation with show_dynamic_id()
  drm/msm/dpu: handle pm_runtime_get_sync() errors in bind path
  x86/sev: Annotate stack change in the #VC handler
  drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
  drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init
  ext4: reject the 'commit' option on ext2 filesystems
  media: rkvdec: h264: Fix bit depth wrap in pps packet
  media: rkvdec: h264: Fix dpb_valid implementation
  media: staging: media: rkvdec: Make use of the helper function devm_platform_ioremap_resource()
  media: ov7670: remove ov7670_power_off from ov7670_remove
  ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
  net: hinic: add missing destroy_workqueue in hinic_pf_to_mgmt_init
  sctp: read sk->sk_bound_dev_if once in sctp_rcv()
  lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
  m68k: math-emu: Fix dependencies of math emulation support
  nvme: set dma alignment to dword
  Bluetooth: use hdev lock for accept_list and reject_list in conn req
  Bluetooth: use inclusive language when filtering devices
  Bluetooth: use inclusive language in HCI role comments
  Bluetooth: LL privacy allow RPA
  Bluetooth: L2CAP: Rudimentary typo fixes
  Bluetooth: Interleave with allowlist scan
  Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
  media: vsp1: Fix offset calculation for plane cropping
  media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
  media: exynos4-is: Change clk_disable to clk_disable_unprepare
  media: st-delta: Fix PM disable depth imbalance in delta_probe
  media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe
  media: aspeed: Fix an error handling path in aspeed_video_probe()
  scripts/faddr2line: Fix overlapping text section failures
  kselftest/cgroup: fix test_stress.sh to use OUTPUT dir
  ASoC: samsung: Fix refcount leak in aries_audio_probe
  ASoC: samsung: Use dev_err_probe() helper
  regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
  ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
  ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe
  ath11k: Don't check arvif->is_started before sending management frames
  perf/amd/ibs: Use interrupt regs ip for stack unwinding
  regulator: qcom_smd: Fix up PM8950 regulator configuration
  Revert "cpufreq: Fix possible race in cpufreq online error path"
  spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname()
  iomap: iomap_write_failed fix
  media: uvcvideo: Fix missing check to determine if element is found in list
  drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
  drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
  drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
  drm/msm/dp: fix event thread stuck in wait_event after kthread_stop()
  regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
  arm64: fix types in copy_highpage()
  x86/mm: Cleanup the control_va_addr_alignment() __setup handler
  irqchip/aspeed-scu-ic: Fix irq_of_parse_and_map() return value
  irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
  irqchip/exiu: Fix acknowledgment of edge triggered interrupts
  x86: Fix return value of __setup handlers
  virtio_blk: fix the discard_granularity and discard_alignment queue limits
  perf tools: Use Python devtools for version autodetection rather than runtime
  drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
  drm/panel: panel-simple: Fix proper bpc for AM-1280800N3TZQW-T00H
  drm/msm: add missing include to msm_drv.c
  drm/msm/hdmi: fix error check return value of irq_of_parse_and_map()
  drm/msm/hdmi: check return value after calling platform_get_resource_byname()
  drm/msm/dsi: fix error checks and return values for DSI xmit functions
  drm/msm/dp: fix error check return value of irq_of_parse_and_map()
  drm/msm/dp: stop event kernel thread when DP unbind
  drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
  perf tools: Add missing headers needed by util/data.h
  ASoC: rk3328: fix disabling mclk on pclk probe failure
  x86/speculation: Add missing prototype for unpriv_ebpf_notify()
  mtd: rawnand: cadence: fix possible null-ptr-deref in cadence_nand_dt_probe()
  x86/pm: Fix false positive kmemleak report in msr_build_context()
  mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check()
  libbpf: Fix logic for finding matching program for CO-RE relocation
  selftests/resctrl: Fix null pointer dereference on open failed
  scsi: ufs: core: Exclude UECxx from SFR dump list
  scsi: ufs: qcom: Fix ufs_qcom_resume()
  drm/msm/dpu: adjust display_v_end for eDP and DP
  of: overlay: do not break notify on NOTIFY_{OK|STOP}
  fsnotify: fix wrong lockdep annotations
  inotify: show inotify mask flags in proc fdinfo
  ALSA: pcm: Check for null pointer of pointer substream before dereferencing it
  drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
  media: hantro: Empty encoder capture buffers by default
  ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
  cpufreq: Fix possible race in cpufreq online error path
  spi: img-spfi: Fix pm_runtime_get_sync() error checking
  sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq
  drm/bridge: Fix error handling in analogix_dp_probe
  HID: elan: Fix potential double free in elan_input_configured
  HID: hid-led: fix maximum brightness for Dream Cheeky
  mtd: rawnand: denali: Use managed device resources
  EDAC/dmc520: Don't print an error for each unconfigured interrupt line
  drbd: fix duplicate array initializer
  target: remove an incorrect unmap zeroes data deduction
  efi: Add missing prototype for efi_capsule_setup_info
  NFC: NULL out the dev->rfkill to prevent UAF
  net: dsa: mt7530: 1G can also support 1000BASE-X link mode
  scftorture: Fix distribution of short handler delays
  spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
  drm: mali-dp: potential dereference of null pointer
  drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
  nl80211: show SSID for P2P_GO interfaces
  bpf: Fix excessive memory allocation in stack_map_alloc()
  libbpf: Don't error out on CO-RE relos for overriden weak subprogs
  drm/vc4: txp: Force alpha to be 0xff if it's disabled
  drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
  drm/vc4: hvs: Reset muxes at probe time
  drm/mediatek: Fix mtk_cec_mask()
  drm/ingenic: Reset pixclock rate when parent clock rate changes
  x86/delay: Fix the wrong asm constraint in delay_loop()
  ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
  ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
  spi: qcom-qspi: Add minItems to interconnect-names
  drm/bridge: adv7511: clean up CEC adapter when probe fails
  drm/edid: fix invalid EDID extension block filtering
  ath9k: fix ar9003_get_eepmisc
  ath11k: acquire ab->base_lock in unassign when finding the peer by addr
  dt-bindings: display: sitronix, st7735r: Fix backlight in example
  drm: fix EDID struct for old ARM OABI format
  RDMA/hfi1: Prevent panic when SDMA is disabled
  powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
  macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
  powerpc/powernv: fix missing of_node_put in uv_init()
  powerpc/xics: fix refcount leak in icp_opal_init()
  powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr
  tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
  PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
  ARM: hisi: Add missing of_node_put after of_find_compatible_node
  ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
  ARM: versatile: Add missing of_node_put in dcscb_init
  pinctrl: renesas: rzn1: Fix possible null-ptr-deref in sh_pfc_map_resources()
  fat: add ratelimit to fat*_ent_bread()
  powerpc/fadump: Fix fadump to work with a different endian capture kernel
  ARM: OMAP1: clock: Fix UART rate reporting algorithm
  fs: jfs: fix possible NULL pointer dereference in dbFree()
  soc: ti: ti_sci_pm_domains: Check for null return of devm_kcalloc
  crypto: ccree - use fine grained DMA mapping dir
  PM / devfreq: rk3399_dmc: Disable edev on remove()
  arm64: dts: qcom: msm8994: Fix BLSP[12]_DMA channels count
  ARM: dts: s5pv210: align DMA channels with dtschema
  ARM: dts: ox820: align interrupt controller node name with dtschema
  IB/rdmavt: add missing locks in rvt_ruc_loopback
  gfs2: use i_lock spin_lock for inode qadata
  selftests/bpf: fix btf_dump/btf_dump due to recent clang change
  eth: tg3: silence the GCC 12 array-bounds warning
  rxrpc, afs: Fix selection of abort codes
  rxrpc: Return an error to sendmsg if call failed
  m68k: atari: Make Atari ROM port I/O write macros return void
  x86/microcode: Add explicit CPU vendor dependency
  can: mcp251xfd: silence clang's -Wunaligned-access warning
  ASoC: rt1015p: remove dependency on GPIOLIB
  ASoC: max98357a: remove dependency on GPIOLIB
  media: exynos4-is: Fix compile warning
  net: phy: micrel: Allow probing without .driver_data
  nbd: Fix hung on disconnect request if socket is closed before
  ASoC: rt5645: Fix errorenous cleanup order
  nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
  openrisc: start CPU timer early in boot
  media: cec-adap.c: fix is_configuring state
  media: imon: reorganize serialization
  media: coda: limit frame interval enumeration to supported encoder frame sizes
  media: rga: fix possible memory leak in rga_probe
  rtlwifi: Use pr_warn instead of WARN_ONCE
  ipmi: Fix pr_fmt to avoid compilation issues
  ipmi:ssif: Check for NULL msg when handling events and messages
  ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
  dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
  spi: stm32-qspi: Fix wait_cmd timeout in APM mode
  perf/amd/ibs: Cascade pmu init functions' return value
  s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
  net: remove two BUG() from skb_checksum_help()
  ASoC: tscs454: Add endianness flag in snd_soc_component_driver
  HID: bigben: fix slab-out-of-bounds Write in bigben_probe
  drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo
  mlxsw: Treat LLDP packets as control
  mlxsw: spectrum_dcb: Do not warn about priority changes
  ASoC: dapm: Don't fold register value changes into notifications
  net/mlx5: fs, delete the FTE when there are no rules attached to it
  ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
  drm: msm: fix error check return value of irq_of_parse_and_map()
  arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall
  ath10k: skip ath10k_halt during suspend for driver state RESTARTING
  drm/amd/pm: fix the compile warning
  drm/plane: Move range check for format_count earlier
  ASoC: Intel: bytcr_rt5640: Add quirk for the HP Pro Tablet 408
  ath11k: disable spectral scan during spectral deinit
  scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
  scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync()
  scsi: megaraid: Fix error check return value of register_chrdev()
  drivers: mmc: sdhci_am654: Add the quirk to set TESTCD bit
  mmc: jz4740: Apply DMA engine limits to maximum segment size
  md/bitmap: don't set sb values if can't pass sanity check
  media: cx25821: Fix the warning when removing the module
  media: pci: cx23885: Fix the error handling in cx23885_initdev()
  media: venus: hfi: avoid null dereference in deinit
  ath9k: fix QCA9561 PA bias level
  drm/amd/pm: fix double free in si_parse_power_table()
  tools/power turbostat: fix ICX DRAM power numbers
  spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction
  ALSA: jack: Access input_dev under mutex
  sfc: ef10: Fix assigning negative value to unsigned variable
  rcu: Make TASKS_RUDE_RCU select IRQ_WORK
  rcu-tasks: Fix race in schedule and flush work
  drm/komeda: return early if drm_universal_plane_init() fails.
  ACPICA: Avoid cache flush inside virtual machines
  x86/platform/uv: Update TSC sync state for UV5
  fbcon: Consistently protect deferred_takeover with console_lock()
  ipv6: fix locking issues with loops over idev->addr_list
  ipw2x00: Fix potential NULL dereference in libipw_xmit()
  b43: Fix assigning negative value to unsigned variable
  b43legacy: Fix assigning negative value to unsigned variable
  mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
  drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
  iommu/vt-d: Add RPLS to quirk list to skip TE disabling
  btrfs: repair super block num_devices automatically
  btrfs: add "0x" prefix for unsupported optional features
  ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
  ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
  ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP
  perf/x86/intel: Fix event constraints for ICL
  x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
  parisc/stifb: Keep track of hardware path of graphics card
  Fonts: Make font size unsigned in font_desc
  xhci: Allow host runtime PM as default for Intel Alder Lake N xHCI
  cifs: when extending a file with falloc we should make files not-sparse
  usb: core: hcd: Add support for deferring roothub registration
  usb: dwc3: gadget: Move null pinter check to proper place
  USB: new quirk for Dell Gen 2 devices
  USB: serial: option: add Quectel BG95 modem
  ALSA: usb-audio: Cancel pending work at closing a MIDI substream
  ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
  ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop
  riscv: Fix irq_work when SMP is disabled
  riscv: Initialize thread pointer before calling C functions
  parisc/stifb: Implement fb_is_primary_device()
  binfmt_flat: do not stop relocating GOT entries prematurely on riscv
  Linux 5.10.120
  bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
  bpf: Fix potential array overflow in bpf_trampoline_get_progs()
  NFSD: Fix possible sleep during nfsd4_release_lockowner()
  NFS: Memory allocation failures are not server fatal errors
  docs: submitting-patches: Fix crossref to 'The canonical patch format'
  tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
  tpm: Fix buffer access in tpm2_get_tpm_pt()
  HID: multitouch: add quirks to enable Lenovo X12 trackpoint
  HID: multitouch: Add support for Google Whiskers Touchpad
  raid5: introduce MD_BROKEN
  dm verity: set DM_TARGET_IMMUTABLE feature flag
  dm stats: add cond_resched when looping over entries
  dm crypt: make printing of the key constant-time
  dm integrity: fix error code in dm_integrity_ctr()
  ARM: dts: s5pv210: Correct interrupt name for bluetooth in Aries
  Bluetooth: hci_qca: Use del_timer_sync() before freeing
  zsmalloc: fix races between asynchronous zspage free and page migration
  crypto: ecrdsa - Fix incorrect use of vli_cmp
  crypto: caam - fix i.MX6SX entropy delay value
  KVM: x86: avoid calling x86 emulator without a decoded instruction
  x86, kvm: use correct GFP flags for preemption disabled
  x86/kvm: Alloc dummy async #PF token outside of raw spinlock
  KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator
  netfilter: conntrack: re-fetch conntrack after insertion
  netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
  crypto: drbg - make reseeding from get_random_bytes() synchronous
  crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
  crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
  crypto: drbg - prepare for more fine-grained tracking of seeding state
  lib/crypto: add prompts back to crypto libraries
  exfat: check if cluster num is valid
  drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
  xfs: Fix CIL throttle hang when CIL space used going backwards
  xfs: fix an ABBA deadlock in xfs_rename
  xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks
  xfs: show the proper user quota options
  xfs: detect overflows in bmbt records
  net: ipa: compute proper aggregation limit
  io_uring: fix using under-expanded iters
  io_uring: don't re-import iovecs from callbacks
  assoc_array: Fix BUG_ON during garbage collect
  cfg80211: set custom regdomain after wiphy registration
  pipe: Fix missing lock in pipe_resize_ring()
  pipe: make poll_usage boolean and annotate its access
  netfilter: nf_tables: disallow non-stateful expression in sets earlier
  drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
  i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
  net: ftgmac100: Disable hardware checksum on AST2600
  nfc: pn533: Fix buggy cleanup order
  net: af_key: check encryption module availability consistency
  percpu_ref_init(): clean ->percpu_count_ref on failure
  pinctrl: sunxi: fix f1c100s uart2 function
  Linux 5.10.119
  ALSA: ctxfi: Add SB046x PCI ID
  random: check for signals after page of pool writes
  random: wire up fops->splice_{read,write}_iter()
  random: convert to using fops->write_iter()
  random: convert to using fops->read_iter()
  random: unify batched entropy implementations
  random: move randomize_page() into mm where it belongs
  random: move initialization functions out of hot pages
  random: make consistent use of buf and len
  random: use proper return types on get_random_{int,long}_wait()
  random: remove extern from functions in header
  random: use static branch for crng_ready()
  random: credit architectural init the exact amount
  random: handle latent entropy and command line from random_init()
  random: use proper jiffies comparison macro
  random: remove ratelimiting for in-kernel unseeded randomness
  random: move initialization out of reseeding hot path
  random: avoid initializing twice in credit race
  random: use symbolic constants for crng_init states
  siphash: use one source of truth for siphash permutations
  random: help compiler out with fast_mix() by using simpler arguments
  random: do not use input pool from hard IRQs
  random: order timer entropy functions below interrupt functions
  random: do not pretend to handle premature next security model
  random: use first 128 bits of input as fast init
  random: do not use batches when !crng_ready()
  random: insist on random_get_entropy() existing in order to simplify
  xtensa: use fallback for random_get_entropy() instead of zero
  sparc: use fallback for random_get_entropy() instead of zero
  um: use fallback for random_get_entropy() instead of zero
  x86/tsc: Use fallback for random_get_entropy() instead of zero
  nios2: use fallback for random_get_entropy() instead of zero
  arm: use fallback for random_get_entropy() instead of zero
  mips: use fallback for random_get_entropy() instead of just c0 random
  riscv: use fallback for random_get_entropy() instead of zero
  m68k: use fallback for random_get_entropy() instead of zero
  timekeeping: Add raw clock fallback for random_get_entropy()
  powerpc: define get_cycles macro for arch-override
  alpha: define get_cycles macro for arch-override
  parisc: define get_cycles macro for arch-override
  s390: define get_cycles macro for arch-override
  ia64: define get_cycles macro for arch-override
  init: call time_init() before rand_initialize()
  random: fix sysctl documentation nits
  random: document crng_fast_key_erasure() destination possibility
  random: make random_get_entropy() return an unsigned long
  random: allow partial reads if later user copies fail
  random: check for signals every PAGE_SIZE chunk of /dev/[u]random
  random: check for signal_pending() outside of need_resched() check
  random: do not allow user to keep crng key around on stack
  random: do not split fast init input in add_hwgenerator_randomness()
  random: mix build-time latent entropy into pool at init
  random: re-add removed comment about get_random_{u32,u64} reseeding
  random: treat bootloader trust toggle the same way as cpu trust toggle
  random: skip fast_init if hwrng provides large chunk of entropy
  random: check for signal and try earlier when generating entropy
  random: reseed more often immediately after booting
  random: make consistent usage of crng_ready()
  random: use SipHash as interrupt entropy accumulator
  random: replace custom notifier chain with standard one
  random: don't let 644 read-only sysctls be written to
  random: give sysctl_random_min_urandom_seed a more sensible value
  random: do crng pre-init loading in worker rather than irq
  random: unify cycles_t and jiffies usage and types
  random: cleanup UUID handling
  random: only wake up writers after zap if threshold was passed
  random: round-robin registers as ulong, not u32
  random: clear fast pool, crng, and batches in cpuhp bring up
  random: pull add_hwgenerator_randomness() declaration into random.h
  random: check for crng_init == 0 in add_device_randomness()
  random: unify early init crng load accounting
  random: do not take pool spinlock at boot
  random: defer fast pool mixing to worker
  random: rewrite header introductory comment
  random: group sysctl functions
  random: group userspace read/write functions
  random: group entropy collection functions
  random: group entropy extraction functions
  random: group crng functions
  random: group initialization wait functions
  random: remove whitespace and reorder includes
  random: remove useless header comment
  random: introduce drain_entropy() helper to declutter crng_reseed()
  random: deobfuscate irq u32/u64 contributions
  random: add proper SPDX header
  random: remove unused tracepoints
  random: remove ifdef'd out interrupt bench
  random: tie batched entropy generation to base_crng generation
  random: fix locking for crng_init in crng_reseed()
  random: zero buffer after reading entropy from userspace
  random: remove outdated INT_MAX >> 6 check in urandom_read()
  random: make more consistent use of integer types
  random: use hash function for crng_slow_load()
  random: use simpler fast key erasure flow on per-cpu keys
  random: absorb fast pool into input pool after fast load
  random: do not xor RDRAND when writing into /dev/random
  random: ensure early RDSEED goes through mixer on init
  random: inline leaves of rand_initialize()
  random: get rid of secondary crngs
  random: use RDSEED instead of RDRAND in entropy extraction
  random: fix locking in crng_fast_load()
  random: remove batched entropy locking
  random: remove use_input_pool parameter from crng_reseed()
  random: make credit_entropy_bits() always safe
  random: always wake up entropy writers after extraction
  random: use linear min-entropy accumulation crediting
  random: simplify entropy debiting
  random: use computational hash for entropy extraction
  random: only call crng_finalize_init() for primary_crng
  random: access primary_pool directly rather than through pointer
  random: continually use hwgenerator randomness
  random: simplify arithmetic function flow in account()
  random: selectively clang-format where it makes sense
  random: access input_pool_data directly rather than through pointer
  random: cleanup fractional entropy shift constants
  random: prepend remaining pool constants with POOL_
  random: de-duplicate INPUT_POOL constants
  random: remove unused OUTPUT_POOL constants
  random: rather than entropy_store abstraction, use global
  random: remove unused extract_entropy() reserved argument
  random: remove incomplete last_data logic
  random: cleanup integer types
  random: cleanup poolinfo abstraction
  random: fix typo in comments
  random: don't reset crng_init_cnt on urandom_read()
  random: avoid superfluous call to RDRAND in CRNG extraction
  random: early initialization of ChaCha constants
  random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
  random: harmonize "crng init done" messages
  random: mix bootloader randomness into pool
  random: do not re-init if crng_reseed completes before primary init
  random: do not sign extend bytes for rotation when mixing
  random: use BLAKE2s instead of SHA1 in extraction
  random: remove unused irq_flags argument from add_interrupt_randomness()
  random: document add_hwgenerator_randomness() with other input functions
  lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI
  lib/crypto: sha1: re-roll loops to reduce code size
  lib/crypto: blake2s: move hmac construction into wireguard
  lib/crypto: blake2s: include as built-in
  crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
  crypto: blake2s - adjust include guard naming
  crypto: blake2s - add comment for blake2s_state fields
  crypto: blake2s - optimize blake2s initialization
  crypto: blake2s - share the "shash" API boilerplate code
  crypto: blake2s - move update and final logic to internal/blake2s.h
  crypto: blake2s - remove unneeded includes
  crypto: x86/blake2s - define shash_alg structs using macros
  crypto: blake2s - define shash_alg structs using macros
  crypto: lib/blake2s - Move selftest prototype into header file
  MAINTAINERS: add git tree for random.c
  MAINTAINERS: co-maintain random.c
  random: remove dead code left over from blocking pool
  random: avoid arch_get_random_seed_long() when collecting IRQ randomness
  ACPI: sysfs: Fix BERT error region memory mapping
  ACPI: sysfs: Make sparse happy about address space in use
  media: vim2m: initialize the media device earlier
  media: vim2m: Register video device after setting up internals
  secure_seq: use the 64 bits of the siphash for port offset calculation
  tcp: change source port randomizarion at connect() time
  KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
  KVM: x86: Properly handle APF vs disabled LAPIC situation
  staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
  lockdown: also lock down previous kgdb use
  Linux 5.10.118
  module: check for exit sections in layout_sections() instead of module_init_section()
  include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage
  afs: Fix afs_getattr() to refetch file status if callback break occurred
  i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe()
  module: treat exit sections the same as init sections when !CONFIG_MODULE_UNLOAD
  dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group
  Input: ili210x - fix reset timing
  arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs
  net: atlantic: verify hw_head_ lies within TX buffer ring
  net: atlantic: add check for MAX_SKB_FRAGS
  net: atlantic: reduce scope of is_rsc_complete
  net: atlantic: fix "frag[0] not initialized"
  net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
  ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
  nl80211: fix locking in nl80211_set_tx_bitrate_mask()
  selftests: add ping test with ping_group_range tuned
  nl80211: validate S1G channel width
  mac80211: fix rx reordering with non explicit / psmp ack policy
  scsi: qla2xxx: Fix missed DMA unmap for aborted commands
  perf bench numa: Address compiler error on s390
  gpio: mvebu/pwm: Refuse requests with inverted polarity
  gpio: gpio-vf610: do not touch other bits when set the target bit
  riscv: dts: sifive: fu540-c000: align dma node name with dtschema
  net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
  igb: skip phy status check where unavailable
  ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
  ARM: 9196/1: spectre-bhb: enable for Cortex-A15
  net: af_key: add check for pfkey_broadcast in function pfkey_process
  net/mlx5e: Properly block LRO when XDP is enabled
  NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
  net/qla3xxx: Fix a test in ql_reset_work()
  clk: at91: generated: consider range when calculating best rate
  ice: fix possible under reporting of ethtool Tx and Rx statistics
  net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
  net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
  net: systemport: Fix an error handling path in bcm_sysport_probe()
  net/sched: act_pedit: sanitize shift argument before usage
  xfrm: fix "disable_policy" flag use when arriving from different devices
  xfrm: rework default policy structure
  xfrm: fix dflt policy check when there is no policy configured
  xfrm: notify default policy on update
  xfrm: make user policy API complete
  net: xfrm: fix shift-out-of-bounce
  xfrm: Add possibility to set the default to block if we have no policy
  net: evaluate net.ipvX.conf.all.disable_policy and disable_xfrm
  net: macb: Increment rx bd head after allocating skb and buffer
  net: ipa: record proper RX transaction count
  ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group
  pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl
  ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi
  dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
  drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
  libceph: fix potential use-after-free on linger ping and resends
  crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
  arm64: mte: Ensure the cleared tags are visible before setting the PTE
  arm64: paravirt: Use RCU read locks to guard stolen_time
  KVM: x86/mmu: Update number of zapped pages even if page list is stable
  PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
  Fix double fget() in vhost_net_set_backend()
  selinux: fix bad cleanup on error in hashtab_duplicate()
  perf: Fix sys_perf_event_open() race against self
  ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
  ALSA: wavefront: Proper check of get_user() error
  ALSA: usb-audio: Restore Rane SL-1 quirk
  Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
  Revert "swiotlb: fix info leak with DMA_FROM_DEVICE"
  nilfs2: fix lockdep warnings during disk space reclamation
  nilfs2: fix lockdep warnings in page operations for btree nodes
  ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
  platform/chrome: cros_ec_debugfs: detach log reader wq from devm
  drbd: remove usage of list iterator variable after loop
  MIPS: lantiq: check the return value of kzalloc()
  fs: fix an infinite loop in iomap_fiemap
  rtc: mc146818-lib: Fix the AltCentury for AMD platforms
  nvme-multipath: fix hang when disk goes live over reconnect
  tools/virtio: compile with -pthread
  vhost_vdpa: don't setup irq offloading when irq_num < 0
  s390/pci: improve zpci_dev reference counting
  ALSA: hda/realtek: Enable headset mic on Lenovo P360
  crypto: x86/chacha20 - Avoid spurious jumps to other functions
  crypto: stm32 - fix reference leak in stm32_crc_remove
  rtc: sun6i: Fix time overflow handling
  gfs2: Disable page faults during lockless buffered reads
  nvme-pci: add quirks for Samsung X5 SSDs
  Input: stmfts - fix reference leak in stmfts_input_open
  Input: add bounds checking to input_set_capability()
  um: Cleanup syscall_handler_t definition/cast, fix warning
  rtc: pcf2127: fix bug when reading alarm registers
  rtc: fix use-after-free on device removal
  igc: Update I226_K device ID
  igc: Remove phy->type checking
  igc: Remove _I_PHY_ID checking
  Revert "drm/i915/opregion: check port number bounds for SWSCI display power state"
  floppy: use a statically allocated error counter
  io_uring: always grab file table for deferred statx
  usb: gadget: fix race when gadget driver register via ioctl

 Conflicts:
	Documentation/devicetree/bindings
	Documentation/devicetree/bindings/display/sitronix,st7735r.yaml
	Documentation/devicetree/bindings/dma/allwinner,sun50i-a64-dma.yaml
	Documentation/devicetree/bindings/gpio/gpio-altera.txt
	Documentation/devicetree/bindings/pinctrl/aspeed,ast2600-pinctrl.yaml
	Documentation/devicetree/bindings/spi/qcom,spi-qcom-qspi.yaml
	drivers/scsi/ufs/ufs-qcom.c
	drivers/soc/qcom/llcc-qcom.c
	drivers/virtio/virtio_mmio.c

Change-Id: I7130d4c99319ff2a9474e07159e3943d94059e3a
Signed-off-by: Sivasri Kumar, Vanka <[email protected]>

Documentation/ABI/testing/sysfs-ata

@@ -107,13 +107,14 @@ Description:
 				described in ATA8 7.16 and 7.17. Only valid if
 				the device is not a PM.
 
-		pio_mode:	(RO) Transfer modes supported by the device when
-				in PIO mode. Mostly used by PATA device.
+		pio_mode:	(RO) PIO transfer mode used by the device.
+				Mostly used by PATA devices.
 
-		xfer_mode:	(RO) Current transfer mode
+		xfer_mode:	(RO) Current transfer mode. Mostly used by
+				PATA devices.
 
-		dma_mode:	(RO) Transfer modes supported by the device when
-				in DMA mode. Mostly used by PATA device.
+		dma_mode:	(RO) DMA transfer mode used by the device.
+				Mostly used by PATA devices.
 
 		class:		(RO) Device class. Can be "ata" for disk,
 				"atapi" for packet device, "pmp" for PM, or

Documentation/ABI/testing/sysfs-bus-iio-vf610

@@ -1,4 +1,4 @@
-What:		/sys/bus/iio/devices/iio:deviceX/conversion_mode
+What:		/sys/bus/iio/devices/iio:deviceX/in_conversion_mode
 KernelVersion:	4.2
 Contact:	[email protected]
 Description:

Documentation/ABI/testing/sysfs-devices-system-cpu

@@ -519,6 +519,7 @@ What:		/sys/devices/system/cpu/vulnerabilities
 		/sys/devices/system/cpu/vulnerabilities/srbds
 		/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
 		/sys/devices/system/cpu/vulnerabilities/itlb_multihit
+		/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
 Date:		January 2018
 Contact:	Linux kernel mailing list <[email protected]>
 Description:	Information about CPU vulnerabilities

Documentation/admin-guide/hw-vuln/index.rst

@@ -15,3 +15,4 @@ are configurable at compile, boot or run time.
    tsx_async_abort
    multihit.rst
    special-register-buffer-data-sampling.rst
+   processor_mmio_stale_data.rst

Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst

@@ -0,0 +1,246 @@
+=========================================
+Processor MMIO Stale Data Vulnerabilities
+=========================================
+
+Processor MMIO Stale Data Vulnerabilities are a class of memory-mapped I/O
+(MMIO) vulnerabilities that can expose data. The sequences of operations for
+exposing data range from simple to very complex. Because most of the
+vulnerabilities require the attacker to have access to MMIO, many environments
+are not affected. System environments using virtualization where MMIO access is
+provided to untrusted guests may need mitigation. These vulnerabilities are
+not transient execution attacks. However, these vulnerabilities may propagate
+stale data into core fill buffers where the data can subsequently be inferred
+by an unmitigated transient execution attack. Mitigation for these
+vulnerabilities includes a combination of microcode update and software
+changes, depending on the platform and usage model. Some of these mitigations
+are similar to those used to mitigate Microarchitectural Data Sampling (MDS) or
+those used to mitigate Special Register Buffer Data Sampling (SRBDS).
+
+Data Propagators
+================
+Propagators are operations that result in stale data being copied or moved from
+one microarchitectural buffer or register to another. Processor MMIO Stale Data
+Vulnerabilities are operations that may result in stale data being directly
+read into an architectural, software-visible state or sampled from a buffer or
+register.
+
+Fill Buffer Stale Data Propagator (FBSDP)
+-----------------------------------------
+Stale data may propagate from fill buffers (FB) into the non-coherent portion
+of the uncore on some non-coherent writes. Fill buffer propagation by itself
+does not make stale data architecturally visible. Stale data must be propagated
+to a location where it is subject to reading or sampling.
+
+Sideband Stale Data Propagator (SSDP)
+-------------------------------------
+The sideband stale data propagator (SSDP) is limited to the client (including
+Intel Xeon server E3) uncore implementation. The sideband response buffer is
+shared by all client cores. For non-coherent reads that go to sideband
+destinations, the uncore logic returns 64 bytes of data to the core, including
+both requested data and unrequested stale data, from a transaction buffer and
+the sideband response buffer. As a result, stale data from the sideband
+response and transaction buffers may now reside in a core fill buffer.
+
+Primary Stale Data Propagator (PSDP)
+------------------------------------
+The primary stale data propagator (PSDP) is limited to the client (including
+Intel Xeon server E3) uncore implementation. Similar to the sideband response
+buffer, the primary response buffer is shared by all client cores. For some
+processors, MMIO primary reads will return 64 bytes of data to the core fill
+buffer including both requested data and unrequested stale data. This is
+similar to the sideband stale data propagator.
+
+Vulnerabilities
+===============
+Device Register Partial Write (DRPW) (CVE-2022-21166)
+-----------------------------------------------------
+Some endpoint MMIO registers incorrectly handle writes that are smaller than
+the register size. Instead of aborting the write or only copying the correct
+subset of bytes (for example, 2 bytes for a 2-byte write), more bytes than
+specified by the write transaction may be written to the register. On
+processors affected by FBSDP, this may expose stale data from the fill buffers
+of the core that created the write transaction.
+
+Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)
+----------------------------------------------------
+After propagators may have moved data around the uncore and copied stale data
+into client core fill buffers, processors affected by MFBDS can leak data from
+the fill buffer. It is limited to the client (including Intel Xeon server E3)
+uncore implementation.
+
+Shared Buffers Data Read (SBDR) (CVE-2022-21123)
+------------------------------------------------
+It is similar to Shared Buffer Data Sampling (SBDS) except that the data is
+directly read into the architectural software-visible state. It is limited to
+the client (including Intel Xeon server E3) uncore implementation.
+
+Affected Processors
+===================
+Not all the CPUs are affected by all the variants. For instance, most
+processors for the server market (excluding Intel Xeon E3 processors) are
+impacted by only Device Register Partial Write (DRPW).
+
+Below is the list of affected Intel processors [#f1]_:
+
+   ===================  ============  =========
+   Common name          Family_Model  Steppings
+   ===================  ============  =========
+   HASWELL_X            06_3FH        2,4
+   SKYLAKE_L            06_4EH        3
+   BROADWELL_X          06_4FH        All
+   SKYLAKE_X            06_55H        3,4,6,7,11
+   BROADWELL_D          06_56H        3,4,5
+   SKYLAKE              06_5EH        3
+   ICELAKE_X            06_6AH        4,5,6
+   ICELAKE_D            06_6CH        1
+   ICELAKE_L            06_7EH        5
+   ATOM_TREMONT_D       06_86H        All
+   LAKEFIELD            06_8AH        1
+   KABYLAKE_L           06_8EH        9 to 12
+   ATOM_TREMONT         06_96H        1
+   ATOM_TREMONT_L       06_9CH        0
+   KABYLAKE             06_9EH        9 to 13
+   COMETLAKE            06_A5H        2,3,5
+   COMETLAKE_L          06_A6H        0,1
+   ROCKETLAKE           06_A7H        1
+   ===================  ============  =========
+
+If a CPU is in the affected processor list, but not affected by a variant, it
+is indicated by new bits in MSR IA32_ARCH_CAPABILITIES. As described in a later
+section, mitigation largely remains the same for all the variants, i.e. to
+clear the CPU fill buffers via VERW instruction.
+
+New bits in MSRs
+================
+Newer processors and microcode update on existing affected processors added new
+bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate
+specific variants of Processor MMIO Stale Data vulnerabilities and mitigation
+capability.
+
+MSR IA32_ARCH_CAPABILITIES
+--------------------------
+Bit 13 - SBDR_SSDP_NO - When set, processor is not affected by either the
+	 Shared Buffers Data Read (SBDR) vulnerability or the sideband stale
+	 data propagator (SSDP).
+Bit 14 - FBSDP_NO - When set, processor is not affected by the Fill Buffer
+	 Stale Data Propagator (FBSDP).
+Bit 15 - PSDP_NO - When set, processor is not affected by Primary Stale Data
+	 Propagator (PSDP).
+Bit 17 - FB_CLEAR - When set, VERW instruction will overwrite CPU fill buffer
+	 values as part of MD_CLEAR operations. Processors that do not
+	 enumerate MDS_NO (meaning they are affected by MDS) but that do
+	 enumerate support for both L1D_FLUSH and MD_CLEAR implicitly enumerate
+	 FB_CLEAR as part of their MD_CLEAR support.
+Bit 18 - FB_CLEAR_CTRL - Processor supports read and write to MSR
+	 IA32_MCU_OPT_CTRL[FB_CLEAR_DIS]. On such processors, the FB_CLEAR_DIS
+	 bit can be set to cause the VERW instruction to not perform the
+	 FB_CLEAR action. Not all processors that support FB_CLEAR will support
+	 FB_CLEAR_CTRL.
+
+MSR IA32_MCU_OPT_CTRL
+---------------------
+Bit 3 - FB_CLEAR_DIS - When set, VERW instruction does not perform the FB_CLEAR
+action. This may be useful to reduce the performance impact of FB_CLEAR in
+cases where system software deems it warranted (for example, when performance
+is more critical, or the untrusted software has no MMIO access). Note that
+FB_CLEAR_DIS has no impact on enumeration (for example, it does not change
+FB_CLEAR or MD_CLEAR enumeration) and it may not be supported on all processors
+that enumerate FB_CLEAR.
+
+Mitigation
+==========
+Like MDS, all variants of Processor MMIO Stale Data vulnerabilities  have the
+same mitigation strategy to force the CPU to clear the affected buffers before
+an attacker can extract the secrets.
+
+This is achieved by using the otherwise unused and obsolete VERW instruction in
+combination with a microcode update. The microcode clears the affected CPU
+buffers when the VERW instruction is executed.
+
+Kernel reuses the MDS function to invoke the buffer clearing:
+
+	mds_clear_cpu_buffers()
+
+On MDS affected CPUs, the kernel already invokes CPU buffer clear on
+kernel/userspace, hypervisor/guest and C-state (idle) transitions. No
+additional mitigation is needed on such CPUs.
+
+For CPUs not affected by MDS or TAA, mitigation is needed only for the attacker
+with MMIO capability. Therefore, VERW is not required for kernel/userspace. For
+virtualization case, VERW is only needed at VMENTER for a guest with MMIO
+capability.
+
+Mitigation points
+-----------------
+Return to user space
+^^^^^^^^^^^^^^^^^^^^
+Same mitigation as MDS when affected by MDS/TAA, otherwise no mitigation
+needed.
+
+C-State transition
+^^^^^^^^^^^^^^^^^^
+Control register writes by CPU during C-state transition can propagate data
+from fill buffer to uncore buffers. Execute VERW before C-state transition to
+clear CPU fill buffers.
+
+Guest entry point
+^^^^^^^^^^^^^^^^^
+Same mitigation as MDS when processor is also affected by MDS/TAA, otherwise
+execute VERW at VMENTER only for MMIO capable guests. On CPUs not affected by
+MDS/TAA, guest without MMIO access cannot extract secrets using Processor MMIO
+Stale Data vulnerabilities, so there is no need to execute VERW for such guests.
+
+Mitigation control on the kernel command line
+---------------------------------------------
+The kernel command line allows to control the Processor MMIO Stale Data
+mitigations at boot time with the option "mmio_stale_data=". The valid
+arguments for this option are:
+
+  ==========  =================================================================
+  full        If the CPU is vulnerable, enable mitigation; CPU buffer clearing
+              on exit to userspace and when entering a VM. Idle transitions are
+              protected as well. It does not automatically disable SMT.
+  full,nosmt  Same as full, with SMT disabled on vulnerable CPUs. This is the
+              complete mitigation.
+  off         Disables mitigation completely.
+  ==========  =================================================================
+
+If the CPU is affected and mmio_stale_data=off is not supplied on the kernel
+command line, then the kernel selects the appropriate mitigation.
+
+Mitigation status information
+-----------------------------
+The Linux kernel provides a sysfs interface to enumerate the current
+vulnerability status of the system: whether the system is vulnerable, and
+which mitigations are active. The relevant sysfs file is:
+
+	/sys/devices/system/cpu/vulnerabilities/mmio_stale_data
+
+The possible values in this file are:
+
+  .. list-table::
+
+     * - 'Not affected'
+       - The processor is not vulnerable
+     * - 'Vulnerable'
+       - The processor is vulnerable, but no mitigation enabled
+     * - 'Vulnerable: Clear CPU buffers attempted, no microcode'
+       - The processor is vulnerable, but microcode is not updated. The
+         mitigation is enabled on a best effort basis.
+     * - 'Mitigation: Clear CPU buffers'
+       - The processor is vulnerable and the CPU buffer clearing mitigation is
+         enabled.
+
+If the processor is vulnerable then the following information is appended to
+the above information:
+
+  ========================  ===========================================
+  'SMT vulnerable'          SMT is enabled
+  'SMT disabled'            SMT is disabled
+  'SMT Host state unknown'  Kernel runs in a VM, Host SMT state unknown
+  ========================  ===========================================
+
+References
+----------
+.. [#f1] Affected Processors
+   https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html

Documentation/admin-guide/hw-vuln/spectre.rst

@@ -422,6 +422,14 @@ The possible values in this file are:
   'RSB filling'   Protection of RSB on context switch enabled
   =============   ===========================================
 
+  - EIBRS Post-barrier Return Stack Buffer (PBRSB) protection status:
+
+  ===========================  =======================================================
+  'PBRSB-eIBRS: SW sequence'   CPU is affected and protection of RSB on VMEXIT enabled
+  'PBRSB-eIBRS: Vulnerable'    CPU is vulnerable
+  'PBRSB-eIBRS: Not affected'  CPU is not affected by PBRSB
+  ===========================  =======================================================
+
 Full mitigation might require a microcode update from the CPU
 vendor. When the necessary microcode is not available, the kernel will
 report vulnerability.

Documentation/admin-guide/kernel-parameters.txt

@@ -2936,6 +2936,8 @@
 					       kvm.nx_huge_pages=off [X86]
 					       no_entry_flush [PPC]
 					       no_uaccess_flush [PPC]
+					       mmio_stale_data=off [X86]
+					       retbleed=off [X86]
 
 				Exceptions:
 					       This does not have any effect on
@@ -2957,6 +2959,8 @@
 				Equivalent to: l1tf=flush,nosmt [X86]
 					       mds=full,nosmt [X86]
 					       tsx_async_abort=full,nosmt [X86]
+					       mmio_stale_data=full,nosmt [X86]
+					       retbleed=auto,nosmt [X86]
 
 	mminit_loglevel=
 			[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
@@ -2966,6 +2970,40 @@
 			log everything. Information is printed at KERN_DEBUG
 			so loglevel=8 may also need to be specified.
 
+	mmio_stale_data=
+			[X86,INTEL] Control mitigation for the Processor
+			MMIO Stale Data vulnerabilities.
+
+			Processor MMIO Stale Data is a class of
+			vulnerabilities that may expose data after an MMIO
+			operation. Exposed data could originate or end in
+			the same CPU buffers as affected by MDS and TAA.
+			Therefore, similar to MDS and TAA, the mitigation
+			is to clear the affected CPU buffers.
+
+			This parameter controls the mitigation. The
+			options are:
+
+			full       - Enable mitigation on vulnerable CPUs
+
+			full,nosmt - Enable mitigation and disable SMT on
+				     vulnerable CPUs.
+
+			off        - Unconditionally disable mitigation
+
+			On MDS or TAA affected machines,
+			mmio_stale_data=off can be prevented by an active
+			MDS or TAA mitigation as these vulnerabilities are
+			mitigated with the same mechanism so in order to
+			disable this mitigation, you need to specify
+			mds=off and tsx_async_abort=off too.
+
+			Not specifying this option is equivalent to
+			mmio_stale_data=full.
+
+			For details see:
+			Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rst
+
 	module.sig_enforce
 			[KNL] When CONFIG_MODULE_SIG is set, this means that
 			modules without (valid) signatures will fail to load.
@@ -4140,6 +4178,12 @@
 			fully seed the kernel's CRNG. Default is controlled
 			by CONFIG_RANDOM_TRUST_CPU.
 
+	random.trust_bootloader={on,off}
+			[KNL] Enable or disable trusting the use of a
+			seed passed by the bootloader (if available) to
+			fully seed the kernel's CRNG. Default is controlled
+			by CONFIG_RANDOM_TRUST_BOOTLOADER.
+
 	ras=option[,option,...]	[KNL] RAS-specific options
 
 		cec_disable	[X86]
@@ -4719,6 +4763,30 @@
 
 	retain_initrd	[RAM] Keep initrd memory after extraction
 
+	retbleed=	[X86] Control mitigation of RETBleed (Arbitrary
+			Speculative Code Execution with Return Instructions)
+			vulnerability.
+
+			off          - no mitigation
+			auto         - automatically select a migitation
+			auto,nosmt   - automatically select a mitigation,
+				       disabling SMT if necessary for
+				       the full mitigation (only on Zen1
+				       and older without STIBP).
+			ibpb	     - mitigate short speculation windows on
+				       basic block boundaries too. Safe, highest
+				       perf impact.
+			unret        - force enable untrained return thunks,
+				       only effective on AMD f15h-f17h
+				       based systems.
+			unret,nosmt  - like unret, will disable SMT when STIBP
+			               is not available.
+
+			Selecting 'auto' will choose a mitigation method at run
+			time according to the CPU.
+
+			Not specifying this option is equivalent to retbleed=auto.
+
 	rfkill.default_state=
 		0	"airplane mode".  All wifi, bluetooth, wimax, gps, fm,
 			etc. communication is blocked by default.
@@ -5068,6 +5136,7 @@
 			eibrs		  - enhanced IBRS
 			eibrs,retpoline   - enhanced IBRS + Retpolines
 			eibrs,lfence      - enhanced IBRS + LFENCE
+			ibrs		  - use IBRS to protect kernel
 
 			Not specifying this option is equivalent to
 			spectre_v2=auto.

Documentation/admin-guide/sysctl/kernel.rst

@@ -1006,28 +1006,22 @@ This is a directory, with the following entries:
 * ``boot_id``: a UUID generated the first time this is retrieved, and
   unvarying after that;
 
+* ``uuid``: a UUID generated every time this is retrieved (this can
+  thus be used to generate UUIDs at will);
+
 * ``entropy_avail``: the pool's entropy count, in bits;
 
 * ``poolsize``: the entropy pool size, in bits;
 
 * ``urandom_min_reseed_secs``: obsolete (used to determine the minimum
-  number of seconds between urandom pool reseeding).
-
-* ``uuid``: a UUID generated every time this is retrieved (this can
-  thus be used to generate UUIDs at will);
+  number of seconds between urandom pool reseeding). This file is
+  writable for compatibility purposes, but writing to it has no effect
+  on any RNG behavior;
 
 * ``write_wakeup_threshold``: when the entropy count drops below this
   (as a number of bits), processes waiting to write to ``/dev/random``
-  are woken up.
-
-If ``drivers/char/random.c`` is built with ``ADD_INTERRUPT_BENCH``
-defined, these additional entries are present:
-
-* ``add_interrupt_avg_cycles``: the average number of cycles between
-  interrupts used to feed the pool;
-
-* ``add_interrupt_avg_deviation``: the standard deviation seen on the
-  number of cycles between interrupts used to feed the pool.
+  are woken up. This file is writable for compatibility purposes, but
+  writing to it has no effect on any RNG behavior.
 
 
 randomize_va_space

Documentation/arm64/silicon-errata.rst

@@ -166,6 +166,9 @@ stable kernels.
 +----------------+-----------------+-----------------+-----------------------------+
 | Qualcomm Tech. | Kryo4xx Silver  | N/A             | ARM64_ERRATUM_1024718       |
 +----------------+-----------------+-----------------+-----------------------------+
+| Qualcomm Tech. | Kryo4xx Gold    | N/A             | ARM64_ERRATUM_1286807       |
++----------------+-----------------+-----------------+-----------------------------+
+
 +----------------+-----------------+-----------------+-----------------------------+
 | Fujitsu        | A64FX           | E#010001        | FUJITSU_ERRATUM_010001      |
 +----------------+-----------------+-----------------+-----------------------------+

Documentation/conf.py

@@ -176,7 +176,7 @@ finally:
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
-language = None
+language = 'en'
 
 # There are two options for replacing |today|: either, you set today to some
 # non-false value, then it is used:

Documentation/core-api/dma-attributes.rst

@@ -130,11 +130,3 @@ accesses to DMA buffers in both privileged "supervisor" and unprivileged
 subsystem that the buffer is fully accessible at the elevated privilege
 level (and ideally inaccessible or at least read-only at the
 lesser-privileged levels).
-
-DMA_ATTR_OVERWRITE
-------------------
-
-This is a hint to the DMA-mapping subsystem that the device is expected to
-overwrite the entire mapped size, thus the caller does not require any of the
-previous buffer contents to be preserved. This allows bounce-buffering
-implementations to optimise DMA_FROM_DEVICE transfers.

Documentation/networking/ip-sysctl.rst

@@ -988,7 +988,7 @@ cipso_cache_enable - BOOLEAN
 cipso_cache_bucket_size - INTEGER
 	The CIPSO label cache consists of a fixed size hash table with each
 	hash bucket containing a number of cache entries.  This variable limits
-	the number of entries in each hash bucket; the larger the value the
+	the number of entries in each hash bucket; the larger the value is, the
 	more CIPSO label mappings that can be cached.  When the number of
 	entries in a given hash bucket reaches this limit adding new entries
 	causes the oldest entry in the bucket to be removed to make room.
@@ -1093,7 +1093,7 @@ ip_autobind_reuse - BOOLEAN
 	option should only be set by experts.
 	Default: 0
 
-ip_dynaddr - BOOLEAN
+ip_dynaddr - INTEGER
 	If set non-zero, enables support for dynamic addresses.
 	If set to a non-zero value larger than 1, a kernel log
 	message will be printed when dynamic address rewriting
@@ -2642,7 +2642,14 @@ sctp_rmem - vector of 3 INTEGERs: min, default, max
 	Default: 4K
 
 sctp_wmem  - vector of 3 INTEGERs: min, default, max
-	Currently this tunable has no effect.
+	Only the first value ("min") is used, "default" and "max" are
+	ignored.
+
+	min: Minimum size of send buffer that can be used by SCTP sockets.
+	It is guaranteed to each SCTP socket (but not association) even
+	under moderate memory pressure.
+
+	Default: 4K
 
 addr_scope_policy - INTEGER
 	Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00

Documentation/networking/netdevices.rst

@@ -10,18 +10,177 @@ Introduction
 The following is a random collection of documentation regarding
 network devices.
 
-struct net_device allocation rules
-==================================
+struct net_device lifetime rules
+================================
 Network device structures need to persist even after module is unloaded and
 must be allocated with alloc_netdev_mqs() and friends.
 If device has registered successfully, it will be freed on last use
-by free_netdev(). This is required to handle the pathologic case cleanly
-(example: rmmod mydriver </sys/class/net/myeth/mtu )
+by free_netdev(). This is required to handle the pathological case cleanly
+(example: ``rmmod mydriver </sys/class/net/myeth/mtu``)
 
-alloc_netdev_mqs()/alloc_netdev() reserve extra space for driver
+alloc_netdev_mqs() / alloc_netdev() reserve extra space for driver
 private data which gets freed when the network device is freed. If
 separately allocated data is attached to the network device
-(netdev_priv(dev)) then it is up to the module exit handler to free that.
+(netdev_priv()) then it is up to the module exit handler to free that.
+
+There are two groups of APIs for registering struct net_device.
+First group can be used in normal contexts where ``rtnl_lock`` is not already
+held: register_netdev(), unregister_netdev().
+Second group can be used when ``rtnl_lock`` is already held:
+register_netdevice(), unregister_netdevice(), free_netdevice().
+
+Simple drivers
+--------------
+
+Most drivers (especially device drivers) handle lifetime of struct net_device
+in context where ``rtnl_lock`` is not held (e.g. driver probe and remove paths).
+
+In that case the struct net_device registration is done using
+the register_netdev(), and unregister_netdev() functions:
+
+.. code-block:: c
+
+  int probe()
+  {
+    struct my_device_priv *priv;
+    int err;
+
+    dev = alloc_netdev_mqs(...);
+    if (!dev)
+      return -ENOMEM;
+    priv = netdev_priv(dev);
+
+    /* ... do all device setup before calling register_netdev() ...
+     */
+
+    err = register_netdev(dev);
+    if (err)
+      goto err_undo;
+
+    /* net_device is visible to the user! */
+
+  err_undo:
+    /* ... undo the device setup ... */
+    free_netdev(dev);
+    return err;
+  }
+
+  void remove()
+  {
+    unregister_netdev(dev);
+    free_netdev(dev);
+  }
+
+Note that after calling register_netdev() the device is visible in the system.
+Users can open it and start sending / receiving traffic immediately,
+or run any other callback, so all initialization must be done prior to
+registration.
+
+unregister_netdev() closes the device and waits for all users to be done
+with it. The memory of struct net_device itself may still be referenced
+by sysfs but all operations on that device will fail.
+
+free_netdev() can be called after unregister_netdev() returns on when
+register_netdev() failed.
+
+Device management under RTNL
+----------------------------
+
+Registering struct net_device while in context which already holds
+the ``rtnl_lock`` requires extra care. In those scenarios most drivers
+will want to make use of struct net_device's ``needs_free_netdev``
+and ``priv_destructor`` members for freeing of state.
+
+Example flow of netdev handling under ``rtnl_lock``:
+
+.. code-block:: c
+
+  static void my_setup(struct net_device *dev)
+  {
+    dev->needs_free_netdev = true;
+  }
+
+  static void my_destructor(struct net_device *dev)
+  {
+    some_obj_destroy(priv->obj);
+    some_uninit(priv);
+  }
+
+  int create_link()
+  {
+    struct my_device_priv *priv;
+    int err;
+
+    ASSERT_RTNL();
+
+    dev = alloc_netdev(sizeof(*priv), "net%d", NET_NAME_UNKNOWN, my_setup);
+    if (!dev)
+      return -ENOMEM;
+    priv = netdev_priv(dev);
+
+    /* Implicit constructor */
+    err = some_init(priv);
+    if (err)
+      goto err_free_dev;
+
+    priv->obj = some_obj_create();
+    if (!priv->obj) {
+      err = -ENOMEM;
+      goto err_some_uninit;
+    }
+    /* End of constructor, set the destructor: */
+    dev->priv_destructor = my_destructor;
+
+    err = register_netdevice(dev);
+    if (err)
+      /* register_netdevice() calls destructor on failure */
+      goto err_free_dev;
+
+    /* If anything fails now unregister_netdevice() (or unregister_netdev())
+     * will take care of calling my_destructor and free_netdev().
+     */
+
+    return 0;
+
+  err_some_uninit:
+    some_uninit(priv);
+  err_free_dev:
+    free_netdev(dev);
+    return err;
+  }
+
+If struct net_device.priv_destructor is set it will be called by the core
+some time after unregister_netdevice(), it will also be called if
+register_netdevice() fails. The callback may be invoked with or without
+``rtnl_lock`` held.
+
+There is no explicit constructor callback, driver "constructs" the private
+netdev state after allocating it and before registration.
+
+Setting struct net_device.needs_free_netdev makes core call free_netdevice()
+automatically after unregister_netdevice() when all references to the device
+are gone. It only takes effect after a successful call to register_netdevice()
+so if register_netdevice() fails driver is responsible for calling
+free_netdev().
+
+free_netdev() is safe to call on error paths right after unregister_netdevice()
+or when register_netdevice() fails. Parts of netdev (de)registration process
+happen after ``rtnl_lock`` is released, therefore in those cases free_netdev()
+will defer some of the processing until ``rtnl_lock`` is released.
+
+Devices spawned from struct rtnl_link_ops should never free the
+struct net_device directly.
+
+.ndo_init and .ndo_uninit
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+``.ndo_init`` and ``.ndo_uninit`` callbacks are called during net_device
+registration and de-registration, under ``rtnl_lock``. Drivers can use
+those e.g. when parts of their init process need to run under ``rtnl_lock``.
+
+``.ndo_init`` runs before device is visible in the system, ``.ndo_uninit``
+runs during de-registering after device is closed but other subsystems
+may still have outstanding references to the netdevice.
 
 MTU
 ===

Documentation/process/submitting-patches.rst

@@ -71,7 +71,7 @@ as you intend it to.
 
 The maintainer will thank you if you write your patch description in a
 form which can be easily pulled into Linux's source code management
-system, ``git``, as a "commit log".  See :ref:`explicit_in_reply_to`.
+system, ``git``, as a "commit log".  See :ref:`the_canonical_patch_format`.
 
 Solve only one problem per patch.  If your description starts to get
 long, that's a sign that you probably need to split up your patch.

MAINTAINERS

@@ -14702,6 +14702,8 @@ F:	arch/mips/generic/board-ranchu.c
 
 RANDOM NUMBER DRIVER
 M:	"Theodore Ts'o" <[email protected]>
+M:	Jason A. Donenfeld <[email protected]>
+T:	git https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git
 S:	Maintained
 F:	drivers/char/random.c
 
@@ -19277,7 +19279,8 @@ F:	arch/x86/xen/*swiotlb*
 F:	drivers/xen/*swiotlb*
 
 XFS FILESYSTEM
-M:	Darrick J. Wong <[email protected]>
+M:	Amir Goldstein <[email protected]>
+M:	Darrick J. Wong <[email protected]>
 M:	[email protected]
 L:	[email protected]
 S:	Supported

Makefile

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 VERSION = 5
 PATCHLEVEL = 10
-SUBLEVEL = 117
+SUBLEVEL = 136
 EXTRAVERSION =
 NAME = Dare mighty things
 
@@ -694,12 +694,21 @@ ifdef CONFIG_FUNCTION_TRACER
   CC_FLAGS_FTRACE := -pg
 endif
 
-RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register
-RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register
-RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
-RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline
-RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
-RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG)))
+ifdef CONFIG_CC_IS_GCC
+RETPOLINE_CFLAGS	:= $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register)
+RETPOLINE_CFLAGS	+= $(call cc-option,-mindirect-branch-cs-prefix)
+RETPOLINE_VDSO_CFLAGS	:= $(call cc-option,-mindirect-branch=thunk-inline -mindirect-branch-register)
+endif
+ifdef CONFIG_CC_IS_CLANG
+RETPOLINE_CFLAGS	:= -mretpoline-external-thunk
+RETPOLINE_VDSO_CFLAGS	:= -mretpoline
+endif
+
+ifdef CONFIG_RETHUNK
+RETHUNK_CFLAGS         := -mfunction-return=thunk-extern
+RETPOLINE_CFLAGS       += $(RETHUNK_CFLAGS)
+endif
+
 export RETPOLINE_CFLAGS
 export RETPOLINE_VDSO_CFLAGS
 
@@ -1321,7 +1330,7 @@ KBUILD_MODULES := 1
 
 autoksyms_recursive: descend modules.order
 	$(Q)$(CONFIG_SHELL) $(srctree)/scripts/adjust_autoksyms.sh \
-	  "$(MAKE) -f $(srctree)/Makefile vmlinux"
+	  "$(MAKE) -f $(srctree)/Makefile autoksyms_recursive"
 endif
 
 autoksyms_h := $(if $(CONFIG_TRIM_UNUSED_KSYMS), include/generated/autoksyms.h)

android/ACK_SHA

@@ -1,3 +1,5 @@
-android12-5.10-2022-09
+android12-5.10-2022-10_r3
 
-95279078149abf6684fadbc7bb6a2ab49efeea18
+
+
+9171bbdc05b9daca374bf27449298dcf1fc21ecb

android/abi_gki_aarch64_exynos

@@ -144,6 +144,7 @@
   clk_set_rate
   clk_unprepare
   clockevents_config_and_register
+  clocks_calc_mult_shift
   __clocksource_register_scale
   __close_fd
   cma_alloc
@@ -198,6 +199,8 @@
   cpufreq_table_index_unsorted
   cpufreq_this_cpu_can_update
   cpufreq_unregister_notifier
+  cpu_hotplug_disable
+  cpu_hotplug_enable
   __cpuhp_remove_state
   __cpuhp_setup_state
   __cpuhp_setup_state_cpuslocked
@@ -235,6 +238,7 @@
   crypto_shash_update
   crypto_unregister_alg
   crypto_unregister_scomp
+  csum_ipv6_magic
   csum_partial
   csum_tcpudp_nofold
   _ctype
@@ -385,6 +389,7 @@
   dev_pm_opp_add
   dev_pm_opp_disable
   dev_pm_opp_find_freq_ceil
+  dev_pm_opp_find_freq_ceil_by_volt
   dev_pm_opp_find_freq_exact
   dev_pm_opp_find_freq_floor
   dev_pm_opp_get_freq
@@ -428,6 +433,7 @@
   dma_buf_export
   dma_buf_fd
   dma_buf_get
+  dma_buf_get_flags
   dma_buf_map_attachment
   dma_buf_mmap
   dma_buf_move_notify
@@ -509,6 +515,7 @@
   drm_atomic_add_affected_connectors
   drm_atomic_add_affected_planes
   drm_atomic_commit
+  drm_atomic_get_connector_state
   drm_atomic_get_crtc_state
   drm_atomic_get_plane_state
   drm_atomic_get_private_obj_state
@@ -552,6 +559,7 @@
   drm_atomic_set_fb_for_plane
   drm_atomic_set_mode_for_crtc
   drm_atomic_state_alloc
+  drm_atomic_state_clear
   __drm_atomic_state_free
   drm_bridge_add
   drm_bridge_attach
@@ -584,6 +592,7 @@
   drm_crtc_vblank_off
   drm_crtc_vblank_on
   drm_crtc_vblank_put
+  drm_crtc_wait_one_vblank
   drm_cvt_mode
   __drm_dbg
   __drm_debug
@@ -745,6 +754,7 @@
   drm_vma_node_allow
   drm_vma_node_is_allowed
   drm_vma_node_revoke
+  drm_wait_one_vblank
   drm_writeback_connector_init
   drm_writeback_queue_job
   drm_writeback_signal_completion
@@ -824,6 +834,7 @@
   __get_free_pages
   get_net_ns_by_fd
   get_net_ns_by_pid
+  get_options
   get_random_bytes
   get_random_u32
   __get_task_comm
@@ -966,6 +977,7 @@
   input_set_capability
   input_unregister_device
   input_unregister_handle
+  int_pow
   int_sqrt
   iomem_resource
   iommu_alloc_resv_region
@@ -975,6 +987,7 @@
   iommu_device_sysfs_remove
   iommu_device_unlink
   iommu_device_unregister
+  iommu_dma_enable_best_fit_algo
   iommu_dma_reserve_iova
   iommu_domain_alloc
   iommu_fwspec_add_ids
@@ -1009,6 +1022,7 @@
   irq_domain_set_info
   irq_domain_xlate_onetwocell
   irq_domain_xlate_twocell
+  irq_do_set_affinity
   irq_find_mapping
   irq_get_irqchip_state
   irq_get_irq_data
@@ -1038,6 +1052,7 @@
   kasan_flag_enabled
   kasprintf
   kernel_kobj
+  kernfs_path_from_node
   kern_mount
   kern_unmount
   key_create_or_update
@@ -1074,6 +1089,8 @@
   kobject_uevent
   kobject_uevent_env
   krealloc
+  kset_create_and_add
+  kset_unregister
   kstat
   kstrdup
   kstrndup
@@ -1091,6 +1108,7 @@
   kstrtoull_from_user
   ksys_sync_helper
   kthread_bind
+  kthread_bind_mask
   kthread_cancel_delayed_work_sync
   kthread_cancel_work_sync
   kthread_create_on_node
@@ -1120,6 +1138,8 @@
   kvfree
   kvfree_call_rcu
   kvmalloc_node
+  led_classdev_register_ext
+  led_classdev_unregister
   __list_add_valid
   __list_del_entry_valid
   list_sort
@@ -1144,6 +1164,7 @@
   __memcpy_toio
   memdup_user
   memmove
+  memory_read_from_buffer
   memparse
   memremap
   memset
@@ -1159,6 +1180,7 @@
   mii_nway_restart
   mipi_dsi_attach
   mipi_dsi_compression_mode
+  mipi_dsi_dcs_get_display_brightness
   mipi_dsi_dcs_read
   mipi_dsi_dcs_set_column_address
   mipi_dsi_dcs_set_display_brightness
@@ -1316,6 +1338,7 @@
   of_property_read_string_helper
   of_property_read_u32_index
   of_property_read_u64
+  of_property_read_u64_index
   of_property_read_variable_u16_array
   of_property_read_variable_u32_array
   of_property_read_variable_u8_array
@@ -1331,6 +1354,9 @@
   oops_in_progress
   orderly_poweroff
   page_endio
+  page_frag_alloc
+  __page_frag_cache_drain
+  page_frag_free
   page_mapping
   __page_pinner_migration_failed
   panic
@@ -1378,9 +1404,11 @@
   pci_read_config_dword
   pci_read_config_word
   __pci_register_driver
+  pci_release_regions
   pci_release_resource
   pci_rescan_bus
   pci_resize_resource
+  pci_restore_msi_state
   pci_restore_state
   pci_save_state
   pci_set_master
@@ -1388,6 +1416,7 @@
   pci_store_saved_state
   pci_unmap_rom
   pci_unregister_driver
+  pci_wake_from_d3
   pci_write_config_dword
   pci_write_config_word
   PDE_DATA
@@ -1418,6 +1447,7 @@
   pinctrl_utils_free_map
   pin_get_name
   pin_user_pages
+  pin_user_pages_fast
   pin_user_pages_remote
   platform_bus_type
   platform_device_add
@@ -1506,6 +1536,8 @@
   pwm_set_chip_data
   queue_delayed_work_on
   queue_work_on
+  radix_tree_delete
+  radix_tree_lookup
   radix_tree_tagged
   ___ratelimit
   raw_notifier_call_chain
@@ -1647,11 +1679,13 @@
   sched_set_normal
   sched_setscheduler
   sched_setscheduler_nocheck
+  sched_uclamp_used
   schedule
   schedule_timeout
   schedule_timeout_interruptible
   scnprintf
   scsi_block_when_processing_errors
+  scsi_dma_unmap
   scsi_eh_ready_devs
   __scsi_execute
   scsi_print_sense_hdr
@@ -1712,6 +1746,7 @@
   skb_realloc_headroom
   skb_trim
   smp_call_function
+  smp_call_function_any
   smp_call_function_many
   smp_call_function_single
   smp_call_on_cpu
@@ -1783,6 +1818,7 @@
   snd_soc_info_volsw_range
   snd_soc_info_volsw_sx
   snd_soc_info_xr_sx
+  snd_soc_lookup_component
   snd_soc_new_compress
   snd_soc_of_get_dai_link_codecs
   snd_soc_of_get_dai_name
@@ -1832,6 +1868,7 @@
   __stack_chk_guard
   static_key_slow_dec
   static_key_slow_inc
+  stop_machine
   stop_one_cpu_nowait
   stpcpy
   strcasecmp
@@ -1903,7 +1940,15 @@
   tasklet_init
   tasklet_kill
   __tasklet_schedule
+  tasklet_setup
   task_rq_lock
+  tcp_register_congestion_control
+  tcp_reno_cong_avoid
+  tcp_reno_ssthresh
+  tcp_reno_undo_cwnd
+  tcp_slow_start
+  tcp_unregister_congestion_control
+  thermal_cdev_update
   thermal_cooling_device_unregister
   thermal_of_cooling_device_register
   thermal_zone_device_disable
@@ -1925,11 +1970,13 @@
   trace_event_reg
   trace_handle_return
   __traceiter_android_rvh_can_migrate_task
+  __traceiter_android_rvh_cpu_cgroup_attach
   __traceiter_android_rvh_cpu_cgroup_can_attach
   __traceiter_android_rvh_dequeue_task
   __traceiter_android_rvh_enqueue_task
   __traceiter_android_rvh_find_lowest_rq
   __traceiter_android_rvh_find_new_ilb
+  __traceiter_android_rvh_flush_task
   __traceiter_android_rvh_gic_v3_set_affinity
   __traceiter_android_rvh_post_init_entity_util_avg
   __traceiter_android_rvh_replace_next_task_fair
@@ -1937,18 +1984,24 @@
   __traceiter_android_rvh_sched_newidle_balance
   __traceiter_android_rvh_sched_nohz_balancer_kick
   __traceiter_android_rvh_sched_rebalance_domains
+  __traceiter_android_rvh_schedule
   __traceiter_android_rvh_select_fallback_rq
   __traceiter_android_rvh_select_task_rq_fair
   __traceiter_android_rvh_select_task_rq_rt
+  __traceiter_android_rvh_wake_up_new_task
+  __traceiter_android_vh_cgroup_attach
   __traceiter_android_vh_cpu_idle_enter
   __traceiter_android_vh_cpu_idle_exit
   __traceiter_android_vh_do_wake_up_sync
   __traceiter_android_vh_ipi_stop
+  __traceiter_android_vh_is_fpsimd_save
   __traceiter_android_vh_scheduler_tick
   __traceiter_android_vh_set_wake_flags
   __traceiter_android_vh_show_mem
+  __traceiter_android_vh_ufs_check_int_errors
   __traceiter_android_vh_ufs_compl_command
   __traceiter_android_vh_ufs_prepare_command
+  __traceiter_android_vh_ufs_send_tm_command
   __traceiter_cpu_idle
   __traceiter_device_pm_callback_end
   __traceiter_device_pm_callback_start
@@ -1976,11 +2029,13 @@
   __traceiter_workqueue_execute_start
   trace_output_call
   __tracepoint_android_rvh_can_migrate_task
+  __tracepoint_android_rvh_cpu_cgroup_attach
   __tracepoint_android_rvh_cpu_cgroup_can_attach
   __tracepoint_android_rvh_dequeue_task
   __tracepoint_android_rvh_enqueue_task
   __tracepoint_android_rvh_find_lowest_rq
   __tracepoint_android_rvh_find_new_ilb
+  __tracepoint_android_rvh_flush_task
   __tracepoint_android_rvh_gic_v3_set_affinity
   __tracepoint_android_rvh_post_init_entity_util_avg
   __tracepoint_android_rvh_replace_next_task_fair
@@ -1988,18 +2043,24 @@
   __tracepoint_android_rvh_sched_newidle_balance
   __tracepoint_android_rvh_sched_nohz_balancer_kick
   __tracepoint_android_rvh_sched_rebalance_domains
+  __tracepoint_android_rvh_schedule
   __tracepoint_android_rvh_select_fallback_rq
   __tracepoint_android_rvh_select_task_rq_fair
   __tracepoint_android_rvh_select_task_rq_rt
+  __tracepoint_android_rvh_wake_up_new_task
+  __tracepoint_android_vh_cgroup_attach
   __tracepoint_android_vh_cpu_idle_enter
   __tracepoint_android_vh_cpu_idle_exit
   __tracepoint_android_vh_do_wake_up_sync
   __tracepoint_android_vh_ipi_stop
+  __tracepoint_android_vh_is_fpsimd_save
   __tracepoint_android_vh_scheduler_tick
   __tracepoint_android_vh_set_wake_flags
   __tracepoint_android_vh_show_mem
+  __tracepoint_android_vh_ufs_check_int_errors
   __tracepoint_android_vh_ufs_compl_command
   __tracepoint_android_vh_ufs_prepare_command
+  __tracepoint_android_vh_ufs_send_tm_command
   __tracepoint_cpu_idle
   __tracepoint_device_pm_callback_end
   __tracepoint_device_pm_callback_start
@@ -2129,6 +2190,7 @@
   unregister_shrinker
   up
   update_devfreq
+  update_rq_clock
   up_read
   up_write
   usb_add_function
@@ -2301,6 +2363,7 @@
   wakeup_source_add
   wakeup_source_destroy
   wakeup_source_register
+  wakeup_source_remove
   wakeup_source_unregister
   __wake_up_sync
   __wake_up_sync_key
@@ -2322,6 +2385,7 @@
   xhci_gen_setup
   xhci_get_endpoint_index
   xhci_get_ep_ctx
+  xhci_get_slot_ctx
   xhci_init_driver
   xhci_initialize_ring_info
   xhci_link_segments

android/abi_gki_aarch64_fips140

@@ -112,6 +112,7 @@
   _raw_spin_lock
   _raw_spin_unlock
   refcount_warn_saturate
+  rng_is_initialized
   scatterwalk_ffwd
   scatterwalk_map_and_copy
   sg_init_one

android/abi_gki_aarch64_mtk

@@ -3216,6 +3216,7 @@
   update_devfreq
   usb_add_phy_dev
   usb_assign_descriptors
+  usb_clear_halt
   usb_copy_descriptors
   usb_ep_alloc_request
   usb_ep_autoconfig
@@ -3239,6 +3240,7 @@
   usb_phy_set_charger_current
   usb_remove_phy
   usb_role_switch_set_role
+  usb_unlink_urb
   v4l2_async_notifier_add_subdev
   v4l2_async_notifier_cleanup
   v4l2_async_subdev_notifier_register

android/abi_gki_aarch64_oplus

@@ -2684,6 +2684,7 @@
   __traceiter_android_rvh_build_perf_domains
   __traceiter_android_rvh_can_migrate_task
   __traceiter_android_rvh_check_preempt_wakeup
+  __traceiter_android_rvh_check_preempt_tick
   __traceiter_android_rvh_cpu_cgroup_attach
   __traceiter_android_rvh_cpu_cgroup_online
   __traceiter_android_rvh_cpu_overutilized
@@ -2783,6 +2784,7 @@
   __traceiter_android_vh_cpu_idle_enter
   __traceiter_android_vh_cpu_idle_exit
   __traceiter_android_vh_cpu_up
+  __traceiter_android_vh_check_page_look_around_ref
   __traceiter_android_vh_do_futex
   __traceiter_android_vh_do_send_sig_info
   __traceiter_android_vh_drain_all_pages_bypass
@@ -2816,6 +2818,8 @@
   __traceiter_android_vh_killed_process
   __traceiter_android_vh_kmalloc_slab
   __traceiter_android_vh_logbuf
+  __traceiter_android_vh_look_around
+  __traceiter_android_vh_look_around_migrate_page
   __traceiter_android_vh_mem_cgroup_alloc
   __traceiter_android_vh_mem_cgroup_css_offline
   __traceiter_android_vh_mem_cgroup_css_online
@@ -2849,7 +2853,7 @@
   __traceiter_android_vh_record_mutex_lock_starttime
   __traceiter_android_vh_record_rtmutex_lock_starttime
   __traceiter_android_vh_record_rwsem_lock_starttime
-  __traceiter_android_vh_record_percpu_rwsem_lock_starttime
+  __traceiter_android_vh_record_pcpu_rwsem_starttime
   __traceiter_android_vh_rmqueue
   __traceiter_android_vh_rwsem_init
   __traceiter_android_vh_rwsem_mark_wake_readers
@@ -2917,12 +2921,14 @@
   __traceiter_suspend_resume
   __traceiter_task_newtask
   __traceiter_task_rename
+  __traceiter_android_vh_test_clear_look_around_ref
   __traceiter_xhci_urb_giveback
   __tracepoint_android_rvh_account_irq
   __tracepoint_android_rvh_after_enqueue_task
   __tracepoint_android_rvh_build_perf_domains
   __tracepoint_android_rvh_can_migrate_task
   __tracepoint_android_rvh_check_preempt_wakeup
+  __tracepoint_android_rvh_check_preempt_tick
   __tracepoint_android_rvh_cpu_cgroup_attach
   __tracepoint_android_rvh_cpu_cgroup_online
   __tracepoint_android_rvh_cpu_overutilized
@@ -3022,6 +3028,7 @@
   __tracepoint_android_vh_cpu_idle_enter
   __tracepoint_android_vh_cpu_idle_exit
   __tracepoint_android_vh_cpu_up
+  __tracepoint_android_vh_check_page_look_around_ref
   __tracepoint_android_vh_do_futex
   __tracepoint_android_vh_do_send_sig_info
   __tracepoint_android_vh_drain_all_pages_bypass
@@ -3055,6 +3062,8 @@
   __tracepoint_android_vh_killed_process
   __tracepoint_android_vh_kmalloc_slab
   __tracepoint_android_vh_logbuf
+  __tracepoint_android_vh_look_around
+  __tracepoint_android_vh_look_around_migrate_page
   __tracepoint_android_vh_mem_cgroup_alloc
   __tracepoint_android_vh_mem_cgroup_css_offline
   __tracepoint_android_vh_mem_cgroup_css_online
@@ -3088,7 +3097,7 @@
   __tracepoint_android_vh_record_mutex_lock_starttime
   __tracepoint_android_vh_record_rtmutex_lock_starttime
   __tracepoint_android_vh_record_rwsem_lock_starttime
-  __tracepoint_android_vh_record_percpu_rwsem_lock_starttime
+  __tracepoint_android_vh_record_pcpu_rwsem_starttime
   __tracepoint_android_vh_rmqueue
   __tracepoint_android_vh_rwsem_init
   __tracepoint_android_vh_rwsem_mark_wake_readers
@@ -3128,6 +3137,7 @@
   __tracepoint_android_vh_tune_inactive_ratio
   __tracepoint_android_vh_tune_scan_type
   __tracepoint_android_vh_tune_swappiness
+  __tracepoint_android_vh_test_clear_look_around_ref
   __tracepoint_android_vh_ufs_compl_command
   __tracepoint_android_vh_ufs_send_command
   __tracepoint_android_vh_ufs_send_tm_command
@@ -3140,6 +3150,10 @@
   __tracepoint_ipi_entry
   __tracepoint_ipi_raise
   __tracepoint_irq_handler_entry
+  __tracepoint_net_dev_queue
+  __tracepoint_net_dev_xmit
+  __tracepoint_netif_receive_skb
+  __tracepoint_netif_rx
   __tracepoint_pelt_se_tp
   tracepoint_probe_register
   tracepoint_probe_register_prio
@@ -3622,3 +3636,4 @@
   xhci_ring_cmd_db
   xhci_ring_free
   xhci_trb_virt_to_dma
+  zero_pfn

android/abi_gki_aarch64_qcom

@@ -881,6 +881,7 @@
   extcon_get_edev_name
   extcon_get_extcon_dev
   extcon_get_property
+  extcon_get_property_capability
   extcon_get_state
   extcon_register_notifier
   extcon_set_state_sync
@@ -2701,6 +2702,7 @@
   __tracepoint_android_vh_jiffies_update
   __tracepoint_android_vh_logbuf
   __tracepoint_android_vh_logbuf_pr_cont
+  __tracepoint_android_vh_madvise_cold_or_pageout
   __tracepoint_android_vh_oom_check_panic
   __tracepoint_android_vh_printk_hotplug
   __tracepoint_android_vh_process_killed
@@ -3024,6 +3026,7 @@
   wait_for_completion_interruptible_timeout
   wait_for_completion_killable
   wait_for_completion_timeout
+  wait_on_page_bit
   __wait_rcu_gp
   wait_woken
   __wake_up

android/abi_gki_aarch64_transsion

@@ -34,6 +34,7 @@
   __traceiter_android_vh_alloc_si
   __traceiter_android_vh_free_pages
   __traceiter_android_vh_set_shmem_page_flag
+  __traceiter_android_vh_ra_tuning_max_page
   __tracepoint_android_vh_handle_pte_fault_end
   __tracepoint_android_vh_cow_user_page
   __tracepoint_android_vh_swapin_add_anon_rmap
@@ -57,4 +58,5 @@
   __tracepoint_android_vh_si_swapinfo
   __tracepoint_android_vh_alloc_si
   __tracepoint_android_vh_free_pages
-  __tracepoint_android_vh_set_shmem_page_flag
+  __tracepoint_android_vh_set_shmem_page_flag
+  __tracepoint_android_vh_ra_tuning_max_page

android/abi_gki_aarch64_type_visibility

@@ -0,0 +1,6 @@
+[abi_symbol_list]
+
+# for type visibility
+  GKI_struct_selinux_state
+  GKI_struct_gic_chip_data
+  GKI_struct_swap_slots_cache

arch/alpha/include/asm/timex.h

@@ -28,5 +28,6 @@ static inline cycles_t get_cycles (void)
 	__asm__ __volatile__ ("rpcc %0" : "=r"(ret));
 	return ret;
 }
+#define get_cycles get_cycles
 
 #endif

arch/alpha/kernel/srmcons.c

@@ -59,7 +59,7 @@ srmcons_do_receive_chars(struct tty_port *port)
 	} while((result.bits.status & 1) && (++loops < 10));
 
 	if (count)
-		tty_schedule_flip(port);
+		tty_flip_buffer_push(port);
 
 	return count;
 }

arch/arm/boot/dts/aspeed-g6-pinctrl.dtsi

@@ -117,11 +117,6 @@
 		groups = "FWSPID";
 	};
 
-	pinctrl_fwqspid_default: fwqspid_default {
-		function = "FWSPID";
-		groups = "FWQSPID";
-	};
-
 	pinctrl_fwspiwp_default: fwspiwp_default {
 		function = "FWSPIWP";
 		groups = "FWSPIWP";
@@ -653,12 +648,12 @@
 	};
 
 	pinctrl_qspi1_default: qspi1_default {
-		function = "QSPI1";
+		function = "SPI1";
 		groups = "QSPI1";
 	};
 
 	pinctrl_qspi2_default: qspi2_default {
-		function = "QSPI2";
+		function = "SPI2";
 		groups = "QSPI2";
 	};
 

arch/arm/boot/dts/at91-sam9x60ek.dts

@@ -233,10 +233,9 @@
 		status = "okay";
 
 		eeprom@53 {
-			compatible = "atmel,24c32";
+			compatible = "atmel,24c02";
 			reg = <0x53>;
 			pagesize = <16>;
-			size = <128>;
 			status = "okay";
 		};
 	};

arch/arm/boot/dts/at91-sama5d2_icp.dts

@@ -317,21 +317,21 @@
 	status = "okay";
 
 	eeprom@50 {
-		compatible = "atmel,24c32";
+		compatible = "atmel,24c02";
 		reg = <0x50>;
 		pagesize = <16>;
 		status = "okay";
 	};
 
 	eeprom@52 {
-		compatible = "atmel,24c32";
+		compatible = "atmel,24c02";
 		reg = <0x52>;
 		pagesize = <16>;
 		status = "disabled";
 	};
 
 	eeprom@53 {
-		compatible = "atmel,24c32";
+		compatible = "atmel,24c02";
 		reg = <0x53>;
 		pagesize = <16>;
 		status = "disabled";

arch/arm/boot/dts/bcm2835-rpi-b.dts

@@ -53,18 +53,17 @@
 			  "GPIO18",
 			  "NC", /* GPIO19 */
 			  "NC", /* GPIO20 */
-			  "GPIO21",
+			  "CAM_GPIO0",
 			  "GPIO22",
 			  "GPIO23",
 			  "GPIO24",
 			  "GPIO25",
 			  "NC", /* GPIO26 */
-			  "CAM_GPIO0",
-			  /* Binary number representing build/revision */
-			  "CONFIG0",
-			  "CONFIG1",
-			  "CONFIG2",
-			  "CONFIG3",
+			  "GPIO27",
+			  "GPIO28",
+			  "GPIO29",
+			  "GPIO30",
+			  "GPIO31",
 			  "NC", /* GPIO32 */
 			  "NC", /* GPIO33 */
 			  "NC", /* GPIO34 */

arch/arm/boot/dts/bcm2835-rpi-zero-w.dts

@@ -74,16 +74,18 @@
 			  "GPIO27",
 			  "SDA0",
 			  "SCL0",
-			  "NC", /* GPIO30 */
-			  "NC", /* GPIO31 */
-			  "NC", /* GPIO32 */
-			  "NC", /* GPIO33 */
-			  "NC", /* GPIO34 */
-			  "NC", /* GPIO35 */
-			  "NC", /* GPIO36 */
-			  "NC", /* GPIO37 */
-			  "NC", /* GPIO38 */
-			  "NC", /* GPIO39 */
+			  /* Used by BT module */
+			  "CTS0",
+			  "RTS0",
+			  "TXD0",
+			  "RXD0",
+			  /* Used by Wifi */
+			  "SD1_CLK",
+			  "SD1_CMD",
+			  "SD1_DATA0",
+			  "SD1_DATA1",
+			  "SD1_DATA2",
+			  "SD1_DATA3",
 			  "CAM_GPIO1", /* GPIO40 */
 			  "WL_ON", /* GPIO41 */
 			  "NC", /* GPIO42 */

arch/arm/boot/dts/bcm2837-rpi-3-b-plus.dts

@@ -45,7 +45,7 @@
 		#gpio-cells = <2>;
 		gpio-line-names = "BT_ON",
 				  "WL_ON",
-				  "STATUS_LED_R",
+				  "PWR_LED_R",
 				  "LAN_RUN",
 				  "",
 				  "CAM_GPIO0",

arch/arm/boot/dts/bcm2837-rpi-cm3-io3.dts

@@ -63,8 +63,8 @@
 			  "GPIO43",
 			  "GPIO44",
 			  "GPIO45",
-			  "GPIO46",
-			  "GPIO47",
+			  "SMPS_SCL",
+			  "SMPS_SDA",
 			  /* Used by eMMC */
 			  "SD_CLK_R",
 			  "SD_CMD_R",

arch/arm/boot/dts/exynos5250-smdk5250.dts

@@ -129,7 +129,7 @@
 	samsung,i2c-max-bus-freq = <20000>;
 
 	eeprom@50 {
-		compatible = "samsung,s524ad0xd1";
+		compatible = "samsung,s524ad0xd1", "atmel,24c128";
 		reg = <0x50>;
 	};
 
@@ -289,7 +289,7 @@
 	samsung,i2c-max-bus-freq = <20000>;
 
 	eeprom@51 {
-		compatible = "samsung,s524ad0xd1";
+		compatible = "samsung,s524ad0xd1", "atmel,24c128";
 		reg = <0x51>;
 	};
 

arch/arm/boot/dts/imx6dl-eckelmann-ci4x10.dts

@@ -297,7 +297,11 @@
 	phy-mode = "rmii";
 	phy-reset-gpios = <&gpio1 18 GPIO_ACTIVE_LOW>;
 	phy-handle = <&phy>;
-	clocks = <&clks IMX6QDL_CLK_ENET>, <&clks IMX6QDL_CLK_ENET>, <&rmii_clk>;
+	clocks = <&clks IMX6QDL_CLK_ENET>,
+		 <&clks IMX6QDL_CLK_ENET>,
+		 <&rmii_clk>,
+		 <&clks IMX6QDL_CLK_ENET_REF>;
+	clock-names = "ipg", "ahb", "ptp", "enet_out";
 	status = "okay";
 
 	mdio {

arch/arm/boot/dts/imx6qdl-colibri.dtsi

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0+ OR MIT
 /*
- * Copyright 2014-2020 Toradex
+ * Copyright 2014-2022 Toradex
  * Copyright 2012 Freescale Semiconductor, Inc.
  * Copyright 2011 Linaro Ltd.
  */
@@ -132,7 +132,7 @@
 	clock-frequency = <100000>;
 	pinctrl-names = "default", "gpio";
 	pinctrl-0 = <&pinctrl_i2c2>;
-	pinctrl-0 = <&pinctrl_i2c2_gpio>;
+	pinctrl-1 = <&pinctrl_i2c2_gpio>;
 	scl-gpios = <&gpio2 30 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
 	sda-gpios = <&gpio3 16 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
 	status = "okay";
@@ -488,7 +488,7 @@
 		>;
 	};
 
-	pinctrl_i2c2_gpio: i2c2grp {
+	pinctrl_i2c2_gpio: i2c2gpiogrp {
 		fsl,pins = <
 			MX6QDL_PAD_EIM_EB2__GPIO2_IO30 0x4001b8b1
 			MX6QDL_PAD_EIM_D16__GPIO3_IO16 0x4001b8b1

arch/arm/boot/dts/imx6qdl-ts7970.dtsi

@@ -226,7 +226,7 @@
 		reg = <0x28>;
 		#gpio-cells = <2>;
 		gpio-controller;
-		ngpio = <32>;
+		ngpios = <62>;
 	};
 
 	sgtl5000: codec@a {

arch/arm/boot/dts/imx6qdl.dtsi

@@ -756,7 +756,7 @@
 					regulator-name = "vddpu";
 					regulator-min-microvolt = <725000>;
 					regulator-max-microvolt = <1450000>;
-					regulator-enable-ramp-delay = <150>;
+					regulator-enable-ramp-delay = <380>;
 					anatop-reg-offset = <0x140>;
 					anatop-vol-bit-shift = <9>;
 					anatop-vol-bit-width = <5>;

arch/arm/boot/dts/imx7s.dtsi

@@ -102,6 +102,7 @@
 		compatible = "usb-nop-xceiv";
 		clocks = <&clks IMX7D_USB_HSIC_ROOT_CLK>;
 		clock-names = "main_clk";
+		power-domains = <&pgc_hsic_phy>;
 		#phy-cells = <0>;
 	};
 
@@ -1104,7 +1105,6 @@
 				compatible = "fsl,imx7d-usb", "fsl,imx27-usb";
 				reg = <0x30b30000 0x200>;
 				interrupts = <GIC_SPI 40 IRQ_TYPE_LEVEL_HIGH>;
-				power-domains = <&pgc_hsic_phy>;
 				clocks = <&clks IMX7D_USB_CTRL_CLK>;
 				fsl,usbphy = <&usbphynop3>;
 				fsl,usbmisc = <&usbmisc3 0>;

arch/arm/boot/dts/ox820.dtsi

@@ -287,7 +287,7 @@
 				clocks = <&armclk>;
 			};
 
-			gic: gic@1000 {
+			gic: interrupt-controller@1000 {
 				compatible = "arm,arm11mp-gic";
 				interrupt-controller;
 				#interrupt-cells = <3>;

arch/arm/boot/dts/s5pv210-aries.dtsi

@@ -564,7 +564,6 @@
 			reset-gpios = <&mp05 5 GPIO_ACTIVE_LOW>;
 			vdd3-supply = <&ldo7_reg>;
 			vci-supply = <&ldo17_reg>;
-			spi-cs-high;
 			spi-max-frequency = <1200000>;
 
 			pinctrl-names = "default";
@@ -637,7 +636,7 @@
 };
 
 &i2s0 {
-	dmas = <&pdma0 9>, <&pdma0 10>, <&pdma0 11>;
+	dmas = <&pdma0 10>, <&pdma0 9>, <&pdma0 11>;
 	status = "okay";
 };
 
@@ -896,7 +895,7 @@
 		device-wakeup-gpios = <&gpg3 4 GPIO_ACTIVE_HIGH>;
 		interrupt-parent = <&gph2>;
 		interrupts = <5 IRQ_TYPE_LEVEL_HIGH>;
-		interrupt-names = "host-wake";
+		interrupt-names = "host-wakeup";
 	};
 };
 

arch/arm/boot/dts/s5pv210.dtsi

@@ -240,8 +240,8 @@
 			reg = <0xeee30000 0x1000>;
 			interrupt-parent = <&vic2>;
 			interrupts = <16>;
-			dma-names = "rx", "tx", "tx-sec";
-			dmas = <&pdma1 9>, <&pdma1 10>, <&pdma1 11>;
+			dma-names = "tx", "rx", "tx-sec";
+			dmas = <&pdma1 10>, <&pdma1 9>, <&pdma1 11>;
 			clock-names = "iis",
 				      "i2s_opclk0",
 				      "i2s_opclk1";
@@ -260,8 +260,8 @@
 			reg = <0xe2100000 0x1000>;
 			interrupt-parent = <&vic2>;
 			interrupts = <17>;
-			dma-names = "rx", "tx";
-			dmas = <&pdma1 12>, <&pdma1 13>;
+			dma-names = "tx", "rx";
+			dmas = <&pdma1 13>, <&pdma1 12>;
 			clock-names = "iis", "i2s_opclk0";
 			clocks = <&clocks CLK_I2S1>, <&clocks SCLK_AUDIO1>;
 			pinctrl-names = "default";
@@ -275,8 +275,8 @@
 			reg = <0xe2a00000 0x1000>;
 			interrupt-parent = <&vic2>;
 			interrupts = <18>;
-			dma-names = "rx", "tx";
-			dmas = <&pdma1 14>, <&pdma1 15>;
+			dma-names = "tx", "rx";
+			dmas = <&pdma1 15>, <&pdma1 14>;
 			clock-names = "iis", "i2s_opclk0";
 			clocks = <&clocks CLK_I2S2>, <&clocks SCLK_AUDIO2>;
 			pinctrl-names = "default";

arch/arm/boot/dts/sama5d2.dtsi

@@ -1125,7 +1125,7 @@
 				clocks = <&pmc PMC_TYPE_PERIPHERAL 55>, <&pmc PMC_TYPE_GCK 55>;
 				clock-names = "pclk", "gclk";
 				assigned-clocks = <&pmc PMC_TYPE_CORE PMC_I2S1_MUX>;
-				assigned-parrents = <&pmc PMC_TYPE_GCK 55>;
+				assigned-clock-parents = <&pmc PMC_TYPE_GCK 55>;
 				status = "disabled";
 			};
 

arch/arm/boot/dts/stm32mp151.dtsi

@@ -543,7 +543,7 @@
 			compatible = "st,stm32-cec";
 			reg = <0x40016000 0x400>;
 			interrupts = <GIC_SPI 94 IRQ_TYPE_LEVEL_HIGH>;
-			clocks = <&rcc CEC_K>, <&clk_lse>;
+			clocks = <&rcc CEC_K>, <&rcc CEC>;
 			clock-names = "cec", "hdmi-cec";
 			status = "disabled";
 		};

arch/arm/boot/dts/stm32mp15xx-dhcor-avenger96.dtsi

@@ -141,6 +141,7 @@
 		compatible = "snps,dwmac-mdio";
 		reset-gpios = <&gpioz 2 GPIO_ACTIVE_LOW>;
 		reset-delay-us = <1000>;
+		reset-post-delay-us = <1000>;
 
 		phy0: ethernet-phy@7 {
 			reg = <7>;

arch/arm/boot/dts/sun8i-h2-plus-orangepi-zero.dts

@@ -169,7 +169,7 @@
 	flash@0 {
 		#address-cells = <1>;
 		#size-cells = <1>;
-		compatible = "mxicy,mx25l1606e", "winbond,w25q128";
+		compatible = "mxicy,mx25l1606e", "jedec,spi-nor";
 		reg = <0>;
 		spi-max-frequency = <40000000>;
 	};

arch/arm/boot/dts/suniv-f1c100s.dtsi

@@ -104,8 +104,10 @@
 
 		wdt: watchdog@1c20ca0 {
 			compatible = "allwinner,suniv-f1c100s-wdt",
-				     "allwinner,sun4i-a10-wdt";
+				     "allwinner,sun6i-a31-wdt";
 			reg = <0x01c20ca0 0x20>;
+			interrupts = <16>;
+			clocks = <&osc32k>;
 		};
 
 		uart0: serial@1c25000 {

arch/arm/crypto/Makefile

@@ -10,6 +10,7 @@ obj-$(CONFIG_CRYPTO_SHA1_ARM_NEON) += sha1-arm-neon.o
 obj-$(CONFIG_CRYPTO_SHA256_ARM) += sha256-arm.o
 obj-$(CONFIG_CRYPTO_SHA512_ARM) += sha512-arm.o
 obj-$(CONFIG_CRYPTO_BLAKE2S_ARM) += blake2s-arm.o
+obj-$(if $(CONFIG_CRYPTO_BLAKE2S_ARM),y) += libblake2s-arm.o
 obj-$(CONFIG_CRYPTO_BLAKE2B_NEON) += blake2b-neon.o
 obj-$(CONFIG_CRYPTO_CHACHA20_NEON) += chacha-neon.o
 obj-$(CONFIG_CRYPTO_POLY1305_ARM) += poly1305-arm.o
@@ -31,7 +32,8 @@ sha256-arm-neon-$(CONFIG_KERNEL_MODE_NEON) := sha256_neon_glue.o
 sha256-arm-y	:= sha256-core.o sha256_glue.o $(sha256-arm-neon-y)
 sha512-arm-neon-$(CONFIG_KERNEL_MODE_NEON) := sha512-neon-glue.o
 sha512-arm-y	:= sha512-core.o sha512-glue.o $(sha512-arm-neon-y)
-blake2s-arm-y   := blake2s-core.o blake2s-glue.o
+blake2s-arm-y   := blake2s-shash.o
+libblake2s-arm-y:= blake2s-core.o blake2s-glue.o
 blake2b-neon-y  := blake2b-neon-core.o blake2b-neon-glue.o
 sha1-arm-ce-y	:= sha1-ce-core.o sha1-ce-glue.o
 sha2-arm-ce-y	:= sha2-ce-core.o sha2-ce-glue.o

arch/arm/crypto/blake2s-core.S

@@ -167,8 +167,8 @@
 .endm
 
 //
-// void blake2s_compress_arch(struct blake2s_state *state,
-//			      const u8 *block, size_t nblocks, u32 inc);
+// void blake2s_compress(struct blake2s_state *state,
+//			 const u8 *block, size_t nblocks, u32 inc);
 //
 // Only the first three fields of struct blake2s_state are used:
 //	u32 h[8];	(inout)
@@ -176,7 +176,7 @@
 //	u32 f[2];	(in)
 //
 	.align		5
-ENTRY(blake2s_compress_arch)
+ENTRY(blake2s_compress)
 	push		{r0-r2,r4-r11,lr}	// keep this an even number
 
 .Lnext_block:
@@ -303,4 +303,4 @@ ENTRY(blake2s_compress_arch)
 	str		r3, [r12], #4
 	bne		1b
 	b		.Lcopy_block_done
-ENDPROC(blake2s_compress_arch)
+ENDPROC(blake2s_compress)

arch/arm/crypto/blake2s-glue.c

@@ -1,78 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
-/*
- * BLAKE2s digest algorithm, ARM scalar implementation
- *
- * Copyright 2020 Google LLC
- */
 
 #include <crypto/internal/blake2s.h>
-#include <crypto/internal/hash.h>
-
 #include <linux/module.h>
 
 /* defined in blake2s-core.S */
-EXPORT_SYMBOL(blake2s_compress_arch);
-
-static int crypto_blake2s_update_arm(struct shash_desc *desc,
-				     const u8 *in, unsigned int inlen)
-{
-	return crypto_blake2s_update(desc, in, inlen, blake2s_compress_arch);
-}
-
-static int crypto_blake2s_final_arm(struct shash_desc *desc, u8 *out)
-{
-	return crypto_blake2s_final(desc, out, blake2s_compress_arch);
-}
-
-#define BLAKE2S_ALG(name, driver_name, digest_size)			\
-	{								\
-		.base.cra_name		= name,				\
-		.base.cra_driver_name	= driver_name,			\
-		.base.cra_priority	= 200,				\
-		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,	\
-		.base.cra_blocksize	= BLAKE2S_BLOCK_SIZE,		\
-		.base.cra_ctxsize	= sizeof(struct blake2s_tfm_ctx), \
-		.base.cra_module	= THIS_MODULE,			\
-		.digestsize		= digest_size,			\
-		.setkey			= crypto_blake2s_setkey,	\
-		.init			= crypto_blake2s_init,		\
-		.update			= crypto_blake2s_update_arm,	\
-		.final			= crypto_blake2s_final_arm,	\
-		.descsize		= sizeof(struct blake2s_state),	\
-	}
-
-static struct shash_alg blake2s_arm_algs[] = {
-	BLAKE2S_ALG("blake2s-128", "blake2s-128-arm", BLAKE2S_128_HASH_SIZE),
-	BLAKE2S_ALG("blake2s-160", "blake2s-160-arm", BLAKE2S_160_HASH_SIZE),
-	BLAKE2S_ALG("blake2s-224", "blake2s-224-arm", BLAKE2S_224_HASH_SIZE),
-	BLAKE2S_ALG("blake2s-256", "blake2s-256-arm", BLAKE2S_256_HASH_SIZE),
-};
-
-static int __init blake2s_arm_mod_init(void)
-{
-	return IS_REACHABLE(CONFIG_CRYPTO_HASH) ?
-		crypto_register_shashes(blake2s_arm_algs,
-					ARRAY_SIZE(blake2s_arm_algs)) : 0;
-}
-
-static void __exit blake2s_arm_mod_exit(void)
-{
-	if (IS_REACHABLE(CONFIG_CRYPTO_HASH))
-		crypto_unregister_shashes(blake2s_arm_algs,
-					  ARRAY_SIZE(blake2s_arm_algs));
-}
-
-module_init(blake2s_arm_mod_init);
-module_exit(blake2s_arm_mod_exit);
-
-MODULE_DESCRIPTION("BLAKE2s digest algorithm, ARM scalar implementation");
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Eric Biggers <[email protected]>");
-MODULE_ALIAS_CRYPTO("blake2s-128");
-MODULE_ALIAS_CRYPTO("blake2s-128-arm");
-MODULE_ALIAS_CRYPTO("blake2s-160");
-MODULE_ALIAS_CRYPTO("blake2s-160-arm");
-MODULE_ALIAS_CRYPTO("blake2s-224");
-MODULE_ALIAS_CRYPTO("blake2s-224-arm");
-MODULE_ALIAS_CRYPTO("blake2s-256");
-MODULE_ALIAS_CRYPTO("blake2s-256-arm");
+EXPORT_SYMBOL(blake2s_compress);

arch/arm/crypto/blake2s-shash.c

@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * BLAKE2s digest algorithm, ARM scalar implementation
+ *
+ * Copyright 2020 Google LLC
+ */
+
+#include <crypto/internal/blake2s.h>
+#include <crypto/internal/hash.h>
+
+#include <linux/module.h>
+
+static int crypto_blake2s_update_arm(struct shash_desc *desc,
+				     const u8 *in, unsigned int inlen)
+{
+	return crypto_blake2s_update(desc, in, inlen, false);
+}
+
+static int crypto_blake2s_final_arm(struct shash_desc *desc, u8 *out)
+{
+	return crypto_blake2s_final(desc, out, false);
+}
+
+#define BLAKE2S_ALG(name, driver_name, digest_size)			\
+	{								\
+		.base.cra_name		= name,				\
+		.base.cra_driver_name	= driver_name,			\
+		.base.cra_priority	= 200,				\
+		.base.cra_flags		= CRYPTO_ALG_OPTIONAL_KEY,	\
+		.base.cra_blocksize	= BLAKE2S_BLOCK_SIZE,		\
+		.base.cra_ctxsize	= sizeof(struct blake2s_tfm_ctx), \
+		.base.cra_module	= THIS_MODULE,			\
+		.digestsize		= digest_size,			\
+		.setkey			= crypto_blake2s_setkey,	\
+		.init			= crypto_blake2s_init,		\
+		.update			= crypto_blake2s_update_arm,	\
+		.final			= crypto_blake2s_final_arm,	\
+		.descsize		= sizeof(struct blake2s_state),	\
+	}
+
+static struct shash_alg blake2s_arm_algs[] = {
+	BLAKE2S_ALG("blake2s-128", "blake2s-128-arm", BLAKE2S_128_HASH_SIZE),
+	BLAKE2S_ALG("blake2s-160", "blake2s-160-arm", BLAKE2S_160_HASH_SIZE),
+	BLAKE2S_ALG("blake2s-224", "blake2s-224-arm", BLAKE2S_224_HASH_SIZE),
+	BLAKE2S_ALG("blake2s-256", "blake2s-256-arm", BLAKE2S_256_HASH_SIZE),
+};
+
+static int __init blake2s_arm_mod_init(void)
+{
+	return IS_REACHABLE(CONFIG_CRYPTO_HASH) ?
+		crypto_register_shashes(blake2s_arm_algs,
+					ARRAY_SIZE(blake2s_arm_algs)) : 0;
+}
+
+static void __exit blake2s_arm_mod_exit(void)
+{
+	if (IS_REACHABLE(CONFIG_CRYPTO_HASH))
+		crypto_unregister_shashes(blake2s_arm_algs,
+					  ARRAY_SIZE(blake2s_arm_algs));
+}
+
+module_init(blake2s_arm_mod_init);
+module_exit(blake2s_arm_mod_exit);
+
+MODULE_DESCRIPTION("BLAKE2s digest algorithm, ARM scalar implementation");
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Eric Biggers <[email protected]>");
+MODULE_ALIAS_CRYPTO("blake2s-128");
+MODULE_ALIAS_CRYPTO("blake2s-128-arm");
+MODULE_ALIAS_CRYPTO("blake2s-160");
+MODULE_ALIAS_CRYPTO("blake2s-160-arm");
+MODULE_ALIAS_CRYPTO("blake2s-224");
+MODULE_ALIAS_CRYPTO("blake2s-224-arm");
+MODULE_ALIAS_CRYPTO("blake2s-256");
+MODULE_ALIAS_CRYPTO("blake2s-256-arm");

arch/arm/include/asm/dma.h

@@ -10,7 +10,7 @@
 #else
 #define MAX_DMA_ADDRESS	({ \
 	extern phys_addr_t arm_dma_zone_size; \
-	arm_dma_zone_size && arm_dma_zone_size < (0x10000000 - PAGE_OFFSET) ? \
+	arm_dma_zone_size && arm_dma_zone_size < (0x100000000ULL - PAGE_OFFSET) ? \
 		(PAGE_OFFSET + arm_dma_zone_size) : 0xffffffffUL; })
 #endif
 

arch/arm/include/asm/mach/map.h

@@ -27,6 +27,7 @@ enum {
 	MT_HIGH_VECTORS,
 	MT_MEMORY_RWX,
 	MT_MEMORY_RW,
+	MT_MEMORY_RO,
 	MT_ROM,
 	MT_MEMORY_RWX_NONCACHED,
 	MT_MEMORY_RW_DTCM,

arch/arm/include/asm/ptrace.h

@@ -164,5 +164,31 @@ static inline unsigned long user_stack_pointer(struct pt_regs *regs)
 		((current_stack_pointer | (THREAD_SIZE - 1)) - 7) - 1;	\
 })
 
+
+/*
+ * Update ITSTATE after normal execution of an IT block instruction.
+ *
+ * The 8 IT state bits are split into two parts in CPSR:
+ *	ITSTATE<1:0> are in CPSR<26:25>
+ *	ITSTATE<7:2> are in CPSR<15:10>
+ */
+static inline unsigned long it_advance(unsigned long cpsr)
+{
+	if ((cpsr & 0x06000400) == 0) {
+		/* ITSTATE<2:0> == 0 means end of IT block, so clear IT state */
+		cpsr &= ~PSR_IT_MASK;
+	} else {
+		/* We need to shift left ITSTATE<4:0> */
+		const unsigned long mask = 0x06001c00;  /* Mask ITSTATE<4:0> */
+		unsigned long it = cpsr & mask;
+		it <<= 1;
+		it |= it >> (27 - 10);  /* Carry ITSTATE<2> to correct place */
+		it &= mask;
+		cpsr &= ~mask;
+		cpsr |= it;
+	}
+	return cpsr;
+}
+
 #endif /* __ASSEMBLY__ */
 #endif

arch/arm/include/asm/timex.h

@@ -11,5 +11,6 @@
 
 typedef unsigned long cycles_t;
 #define get_cycles()	({ cycles_t c; read_current_timer(&c) ? 0 : c; })
+#define random_get_entropy() (((unsigned long)get_cycles()) ?: random_get_entropy_fallback())
 
 #endif

arch/arm/kernel/entry-armv.S

@@ -1043,7 +1043,7 @@ vector_bhb_loop8_\name:
 
 	@ bhb workaround
 	mov	r0, #8
-3:	b	. + 4
+3:	W(b)	. + 4
 	subs	r0, r0, #1
 	bne	3b
 	dsb

arch/arm/kernel/stacktrace.c

@@ -53,17 +53,17 @@ int notrace unwind_frame(struct stackframe *frame)
 		return -EINVAL;
 
 	frame->sp = frame->fp;
-	frame->fp = *(unsigned long *)(fp);
-	frame->pc = *(unsigned long *)(fp + 4);
+	frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp));
+	frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp + 4));
 #else
 	/* check current frame pointer is within bounds */
 	if (fp < low + 12 || fp > high - 4)
 		return -EINVAL;
 
 	/* restore the registers from the stack frame */
-	frame->fp = *(unsigned long *)(fp - 12);
-	frame->sp = *(unsigned long *)(fp - 8);
-	frame->pc = *(unsigned long *)(fp - 4);
+	frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 12));
+	frame->sp = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 8));
+	frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 4));
 #endif
 
 	return 0;

arch/arm/lib/xor-neon.c

@@ -26,8 +26,9 @@ MODULE_LICENSE("GPL");
  * While older versions of GCC do not generate incorrect code, they fail to
  * recognize the parallel nature of these functions, and emit plain ARM code,
  * which is known to be slower than the optimized ARM code in asm-arm/xor.h.
+ *
+ * #warning This code requires at least version 4.6 of GCC
  */
-#warning This code requires at least version 4.6 of GCC
 #endif
 
 #pragma GCC diagnostic ignored "-Wunused-variable"

arch/arm/mach-at91/pm.c

@@ -104,7 +104,7 @@ static const struct wakeup_source_info ws_info[] = {
 
 static const struct of_device_id sama5d2_ws_ids[] = {
 	{ .compatible = "atmel,sama5d2-gem",		.data = &ws_info[0] },
-	{ .compatible = "atmel,at91rm9200-rtc",		.data = &ws_info[1] },
+	{ .compatible = "atmel,sama5d2-rtc",		.data = &ws_info[1] },
 	{ .compatible = "atmel,sama5d3-udc",		.data = &ws_info[2] },
 	{ .compatible = "atmel,at91rm9200-ohci",	.data = &ws_info[2] },
 	{ .compatible = "usb-ohci",			.data = &ws_info[2] },
@@ -115,12 +115,12 @@ static const struct of_device_id sama5d2_ws_ids[] = {
 };
 
 static const struct of_device_id sam9x60_ws_ids[] = {
-	{ .compatible = "atmel,at91sam9x5-rtc",		.data = &ws_info[1] },
+	{ .compatible = "microchip,sam9x60-rtc",	.data = &ws_info[1] },
 	{ .compatible = "atmel,at91rm9200-ohci",	.data = &ws_info[2] },
 	{ .compatible = "usb-ohci",			.data = &ws_info[2] },
 	{ .compatible = "atmel,at91sam9g45-ehci",	.data = &ws_info[2] },
 	{ .compatible = "usb-ehci",			.data = &ws_info[2] },
-	{ .compatible = "atmel,at91sam9260-rtt",	.data = &ws_info[4] },
+	{ .compatible = "microchip,sam9x60-rtt",	.data = &ws_info[4] },
 	{ .compatible = "cdns,sam9x60-macb",		.data = &ws_info[5] },
 	{ /* sentinel */ }
 };

arch/arm/mach-axxia/platsmp.c

@@ -39,6 +39,7 @@ static int axxia_boot_secondary(unsigned int cpu, struct task_struct *idle)
 		return -ENOENT;
 
 	syscon = of_iomap(syscon_np, 0);
+	of_node_put(syscon_np);
 	if (!syscon)
 		return -ENOMEM;
 

arch/arm/mach-cns3xxx/core.c

@@ -372,6 +372,7 @@ static void __init cns3xxx_init(void)
 		/* De-Asscer SATA Reset */
 		cns3xxx_pwr_soft_rst(CNS3XXX_PWR_SOFTWARE_RST(SATA));
 	}
+	of_node_put(dn);
 
 	dn = of_find_compatible_node(NULL, NULL, "cavium,cns3420-sdhci");
 	if (of_device_is_available(dn)) {
@@ -385,6 +386,7 @@ static void __init cns3xxx_init(void)
 		cns3xxx_pwr_clk_en(CNS3XXX_PWR_CLK_EN(SDIO));
 		cns3xxx_pwr_soft_rst(CNS3XXX_PWR_SOFTWARE_RST(SDIO));
 	}
+	of_node_put(dn);
 
 	pm_power_off = cns3xxx_power_off;
 

arch/arm/mach-exynos/exynos.c

@@ -149,6 +149,7 @@ static void exynos_map_pmu(void)
 	np = of_find_matching_node(NULL, exynos_dt_pmu_match);
 	if (np)
 		pmu_base_addr = of_iomap(np, 0);
+	of_node_put(np);
 }
 
 static void __init exynos_init_irq(void)

arch/arm/mach-hisi/platsmp.c

@@ -67,14 +67,17 @@ static void __init hi3xxx_smp_prepare_cpus(unsigned int max_cpus)
 		}
 		ctrl_base = of_iomap(np, 0);
 		if (!ctrl_base) {
+			of_node_put(np);
 			pr_err("failed to map address\n");
 			return;
 		}
 		if (of_property_read_u32(np, "smp-offset", &offset) < 0) {
+			of_node_put(np);
 			pr_err("failed to find smp-offset property\n");
 			return;
 		}
 		ctrl_base += offset;
+		of_node_put(np);
 	}
 }
 
@@ -160,6 +163,7 @@ static int hip01_boot_secondary(unsigned int cpu, struct task_struct *idle)
 	if (WARN_ON(!node))
 		return -1;
 	ctrl_base = of_iomap(node, 0);
+	of_node_put(node);
 
 	/* set the secondary core boot from DDR */
 	remap_reg_value = readl_relaxed(ctrl_base + REG_SC_CTRL);

arch/arm/mach-mediatek/Kconfig

@@ -30,6 +30,7 @@ config MACH_MT7623
 config MACH_MT7629
 	bool "MediaTek MT7629 SoCs support"
 	default ARCH_MEDIATEK
+	select HAVE_ARM_ARCH_TIMER
 
 config MACH_MT8127
 	bool "MediaTek MT8127 SoCs support"

arch/arm/mach-meson/platsmp.c

@@ -71,6 +71,7 @@ static void __init meson_smp_prepare_cpus(const char *scu_compatible,
 	}
 
 	sram_base = of_iomap(node, 0);
+	of_node_put(node);
 	if (!sram_base) {
 		pr_err("Couldn't map SRAM registers\n");
 		return;
@@ -91,6 +92,7 @@ static void __init meson_smp_prepare_cpus(const char *scu_compatible,
 	}
 
 	scu_base = of_iomap(node, 0);
+	of_node_put(node);
 	if (!scu_base) {
 		pr_err("Couldn't map SCU registers\n");
 		return;

arch/arm/mach-omap1/clock.c

@@ -41,7 +41,7 @@ static DEFINE_SPINLOCK(clockfw_lock);
 unsigned long omap1_uart_recalc(struct clk *clk)
 {
 	unsigned int val = __raw_readl(clk->enable_reg);
-	return val & clk->enable_bit ? 48000000 : 12000000;
+	return val & 1 << clk->enable_bit ? 48000000 : 12000000;
 }
 
 unsigned long omap1_sossi_recalc(struct clk *clk)

arch/arm/mach-pxa/cm-x300.c

@@ -354,13 +354,13 @@ static struct platform_device cm_x300_spi_gpio = {
 static struct gpiod_lookup_table cm_x300_spi_gpiod_table = {
 	.dev_id         = "spi_gpio",
 	.table          = {
-		GPIO_LOOKUP("gpio-pxa", GPIO_LCD_SCL,
+		GPIO_LOOKUP("pca9555.1", GPIO_LCD_SCL - GPIO_LCD_BASE,
 			    "sck", GPIO_ACTIVE_HIGH),
-		GPIO_LOOKUP("gpio-pxa", GPIO_LCD_DIN,
+		GPIO_LOOKUP("pca9555.1", GPIO_LCD_DIN - GPIO_LCD_BASE,
 			    "mosi", GPIO_ACTIVE_HIGH),
-		GPIO_LOOKUP("gpio-pxa", GPIO_LCD_DOUT,
+		GPIO_LOOKUP("pca9555.1", GPIO_LCD_DOUT - GPIO_LCD_BASE,
 			    "miso", GPIO_ACTIVE_HIGH),
-		GPIO_LOOKUP("gpio-pxa", GPIO_LCD_CS,
+		GPIO_LOOKUP("pca9555.1", GPIO_LCD_CS - GPIO_LCD_BASE,
 			    "cs", GPIO_ACTIVE_HIGH),
 		{ },
 	},

arch/arm/mach-pxa/magician.c

@@ -681,7 +681,7 @@ static struct platform_device bq24022 = {
 static struct gpiod_lookup_table bq24022_gpiod_table = {
 	.dev_id = "gpio-regulator",
 	.table = {
-		GPIO_LOOKUP("gpio-pxa", EGPIO_MAGICIAN_BQ24022_ISET2,
+		GPIO_LOOKUP("htc-egpio-0", EGPIO_MAGICIAN_BQ24022_ISET2 - MAGICIAN_EGPIO_BASE,
 			    NULL, GPIO_ACTIVE_HIGH),
 		GPIO_LOOKUP("gpio-pxa", GPIO30_MAGICIAN_BQ24022_nCHARGE_EN,
 			    "enable", GPIO_ACTIVE_LOW),

arch/arm/mach-pxa/tosa.c

@@ -296,9 +296,9 @@ static struct gpiod_lookup_table tosa_mci_gpio_table = {
 	.table = {
 		GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_nSD_DETECT,
 			    "cd", GPIO_ACTIVE_LOW),
-		GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_SD_WP,
+		GPIO_LOOKUP("sharp-scoop.0", TOSA_GPIO_SD_WP - TOSA_SCOOP_GPIO_BASE,
 			    "wp", GPIO_ACTIVE_LOW),
-		GPIO_LOOKUP("gpio-pxa", TOSA_GPIO_PWR_ON,
+		GPIO_LOOKUP("sharp-scoop.0", TOSA_GPIO_PWR_ON - TOSA_SCOOP_GPIO_BASE,
 			    "power", GPIO_ACTIVE_HIGH),
 		{ },
 	},

arch/arm/mach-vexpress/dcscb.c

@@ -144,6 +144,7 @@ static int __init dcscb_init(void)
 	if (!node)
 		return -ENODEV;
 	dcscb_base = of_iomap(node, 0);
+	of_node_put(node);
 	if (!dcscb_base)
 		return -EADDRNOTAVAIL;
 	cfg = readl_relaxed(dcscb_base + DCS_CFG_R);

arch/arm/mm/alignment.c

@@ -935,6 +935,9 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
 	if (type == TYPE_LDST)
 		do_alignment_finish_ldst(addr, instr, regs, offset);
 
+	if (thumb_mode(regs))
+		regs->ARM_cpsr = it_advance(regs->ARM_cpsr);
+
 	return 0;
 
  bad_or_fault:

arch/arm/mm/mmu.c

@@ -296,6 +296,13 @@ static struct mem_type mem_types[] __ro_after_init = {
 		.prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE,
 		.domain    = DOMAIN_KERNEL,
 	},
+	[MT_MEMORY_RO] = {
+		.prot_pte  = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
+			     L_PTE_XN | L_PTE_RDONLY,
+		.prot_l1   = PMD_TYPE_TABLE,
+		.prot_sect = PMD_TYPE_SECT,
+		.domain    = DOMAIN_KERNEL,
+	},
 	[MT_ROM] = {
 		.prot_sect = PMD_TYPE_SECT,
 		.domain    = DOMAIN_KERNEL,
@@ -490,6 +497,7 @@ static void __init build_mem_type_table(void)
 
 			/* Also setup NX memory mapping */
 			mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_XN;
+			mem_types[MT_MEMORY_RO].prot_sect |= PMD_SECT_XN;
 		}
 		if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
 			/*
@@ -569,6 +577,7 @@ static void __init build_mem_type_table(void)
 		mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
 		mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
 		mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
+		mem_types[MT_MEMORY_RO].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
 #endif
 
 		/*
@@ -588,6 +597,8 @@ static void __init build_mem_type_table(void)
 			mem_types[MT_MEMORY_RWX].prot_pte |= L_PTE_SHARED;
 			mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_S;
 			mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_SHARED;
+			mem_types[MT_MEMORY_RO].prot_sect |= PMD_SECT_S;
+			mem_types[MT_MEMORY_RO].prot_pte |= L_PTE_SHARED;
 			mem_types[MT_MEMORY_DMA_READY].prot_pte |= L_PTE_SHARED;
 			mem_types[MT_MEMORY_RWX_NONCACHED].prot_sect |= PMD_SECT_S;
 			mem_types[MT_MEMORY_RWX_NONCACHED].prot_pte |= L_PTE_SHARED;
@@ -648,6 +659,8 @@ static void __init build_mem_type_table(void)
 	mem_types[MT_MEMORY_RWX].prot_pte |= kern_pgprot;
 	mem_types[MT_MEMORY_RW].prot_sect |= ecc_mask | cp->pmd;
 	mem_types[MT_MEMORY_RW].prot_pte |= kern_pgprot;
+	mem_types[MT_MEMORY_RO].prot_sect |= ecc_mask | cp->pmd;
+	mem_types[MT_MEMORY_RO].prot_pte |= kern_pgprot;
 	mem_types[MT_MEMORY_DMA_READY].prot_pte |= kern_pgprot;
 	mem_types[MT_MEMORY_RWX_NONCACHED].prot_sect |= ecc_mask;
 	mem_types[MT_ROM].prot_sect |= cp->pmd;
@@ -1342,7 +1355,7 @@ static void __init devicemaps_init(const struct machine_desc *mdesc)
 		map.pfn = __phys_to_pfn(__atags_pointer & SECTION_MASK);
 		map.virtual = FDT_FIXED_BASE;
 		map.length = FDT_FIXED_SIZE;
-		map.type = MT_ROM;
+		map.type = MT_MEMORY_RO;
 		create_mapping(&map);
 	}
 

arch/arm/mm/proc-v7-bugs.c

@@ -108,8 +108,7 @@ static unsigned int spectre_v2_install_workaround(unsigned int method)
 #else
 static unsigned int spectre_v2_install_workaround(unsigned int method)
 {
-	pr_info("CPU%u: Spectre V2: workarounds disabled by configuration\n",
-		smp_processor_id());
+	pr_info_once("Spectre V2: workarounds disabled by configuration\n");
 
 	return SPECTRE_VULNERABLE;
 }
@@ -209,10 +208,10 @@ static int spectre_bhb_install_workaround(int method)
 			return SPECTRE_VULNERABLE;
 
 		spectre_bhb_method = method;
-	}
 
-	pr_info("CPU%u: Spectre BHB: using %s workaround\n",
-		smp_processor_id(), spectre_bhb_method_name(method));
+		pr_info("CPU%u: Spectre BHB: enabling %s workaround for all CPUs\n",
+			smp_processor_id(), spectre_bhb_method_name(method));
+	}
 
 	return SPECTRE_MITIGATED;
 }
@@ -288,6 +287,7 @@ void cpu_v7_ca15_ibe(void)
 {
 	if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)))
 		cpu_v7_spectre_v2_init();
+	cpu_v7_spectre_bhb_init();
 }
 
 void cpu_v7_bugs_init(void)

arch/arm/probes/decode.h

@@ -14,6 +14,7 @@
 #include <linux/types.h>
 #include <linux/stddef.h>
 #include <asm/probes.h>
+#include <asm/ptrace.h>
 #include <asm/kprobes.h>
 
 void __init arm_probes_decode_init(void);
@@ -35,31 +36,6 @@ void __init find_str_pc_offset(void);
 #endif
 
 
-/*
- * Update ITSTATE after normal execution of an IT block instruction.
- *
- * The 8 IT state bits are split into two parts in CPSR:
- *	ITSTATE<1:0> are in CPSR<26:25>
- *	ITSTATE<7:2> are in CPSR<15:10>
- */
-static inline unsigned long it_advance(unsigned long cpsr)
-	{
-	if ((cpsr & 0x06000400) == 0) {
-		/* ITSTATE<2:0> == 0 means end of IT block, so clear IT state */
-		cpsr &= ~PSR_IT_MASK;
-	} else {
-		/* We need to shift left ITSTATE<4:0> */
-		const unsigned long mask = 0x06001c00;  /* Mask ITSTATE<4:0> */
-		unsigned long it = cpsr & mask;
-		it <<= 1;
-		it |= it >> (27 - 10);  /* Carry ITSTATE<2> to correct place */
-		it &= mask;
-		cpsr &= ~mask;
-		cpsr |= it;
-	}
-	return cpsr;
-}
-
 static inline void __kprobes bx_write_pc(long pcv, struct pt_regs *regs)
 {
 	long cpsr = regs->ARM_cpsr;

arch/arm/xen/p2m.c

@@ -62,11 +62,12 @@ out:
 
 unsigned long __pfn_to_mfn(unsigned long pfn)
 {
-	struct rb_node *n = phys_to_mach.rb_node;
+	struct rb_node *n;
 	struct xen_p2m_entry *entry;
 	unsigned long irqflags;
 
 	read_lock_irqsave(&p2m_lock, irqflags);
+	n = phys_to_mach.rb_node;
 	while (n) {
 		entry = rb_entry(n, struct xen_p2m_entry, rbnode_phys);
 		if (entry->pfn <= pfn &&
@@ -153,10 +154,11 @@ bool __set_phys_to_machine_multi(unsigned long pfn,
 	int rc;
 	unsigned long irqflags;
 	struct xen_p2m_entry *p2m_entry;
-	struct rb_node *n = phys_to_mach.rb_node;
+	struct rb_node *n;
 
 	if (mfn == INVALID_P2M_ENTRY) {
 		write_lock_irqsave(&p2m_lock, irqflags);
+		n = phys_to_mach.rb_node;
 		while (n) {
 			p2m_entry = rb_entry(n, struct xen_p2m_entry, rbnode_phys);
 			if (p2m_entry->pfn <= pfn &&

arch/arm64/Kconfig.platforms

@@ -341,6 +341,7 @@ config ARCH_STRATIX10
 
 config ARCH_SYNQUACER
 	bool "Socionext SynQuacer SoC Family"
+	select IRQ_FASTEOI_HIERARCHY_HANDLERS
 
 config ARCH_TEGRA
 	bool "NVIDIA Tegra SoC Family"

arch/arm64/boot/dts/freescale/imx8mm-beacon-baseboard.dtsi

@@ -167,6 +167,7 @@
 	pinctrl-0 = <&pinctrl_uart3>;
 	assigned-clocks = <&clk IMX8MM_CLK_UART3>;
 	assigned-clock-parents = <&clk IMX8MM_SYS_PLL1_80M>;
+	uart-has-rtscts;
 	status = "okay";
 };
 
@@ -237,6 +238,8 @@
 		fsl,pins = <
 			MX8MM_IOMUXC_ECSPI1_SCLK_UART3_DCE_RX	0x40
 			MX8MM_IOMUXC_ECSPI1_MOSI_UART3_DCE_TX	0x40
+			MX8MM_IOMUXC_ECSPI1_MISO_UART3_DCE_CTS_B	0x40
+			MX8MM_IOMUXC_ECSPI1_SS0_UART3_DCE_RTS_B	0x40
 		>;
 	};
 

arch/arm64/boot/dts/freescale/imx8mp-evk.dts

@@ -148,27 +148,27 @@
 
 	pinctrl_gpio_led: gpioledgrp {
 		fsl,pins = <
-			MX8MP_IOMUXC_NAND_READY_B__GPIO3_IO16	0x19
+			MX8MP_IOMUXC_NAND_READY_B__GPIO3_IO16	0x140
 		>;
 	};
 
 	pinctrl_i2c3: i2c3grp {
 		fsl,pins = <
-			MX8MP_IOMUXC_I2C3_SCL__I2C3_SCL		0x400001c3
-			MX8MP_IOMUXC_I2C3_SDA__I2C3_SDA		0x400001c3
+			MX8MP_IOMUXC_I2C3_SCL__I2C3_SCL		0x400001c2
+			MX8MP_IOMUXC_I2C3_SDA__I2C3_SDA		0x400001c2
 		>;
 	};
 
 	pinctrl_reg_usdhc2_vmmc: regusdhc2vmmcgrp {
 		fsl,pins = <
-			MX8MP_IOMUXC_SD2_RESET_B__GPIO2_IO19	0x41
+			MX8MP_IOMUXC_SD2_RESET_B__GPIO2_IO19	0x40
 		>;
 	};
 
 	pinctrl_uart2: uart2grp {
 		fsl,pins = <
-			MX8MP_IOMUXC_UART2_RXD__UART2_DCE_RX	0x49
-			MX8MP_IOMUXC_UART2_TXD__UART2_DCE_TX	0x49
+			MX8MP_IOMUXC_UART2_RXD__UART2_DCE_RX	0x140
+			MX8MP_IOMUXC_UART2_TXD__UART2_DCE_TX	0x140
 		>;
 	};
 
@@ -180,7 +180,7 @@
 			MX8MP_IOMUXC_SD2_DATA1__USDHC2_DATA1	0x1d0
 			MX8MP_IOMUXC_SD2_DATA2__USDHC2_DATA2	0x1d0
 			MX8MP_IOMUXC_SD2_DATA3__USDHC2_DATA3	0x1d0
-			MX8MP_IOMUXC_GPIO1_IO04__USDHC2_VSELECT	0xc1
+			MX8MP_IOMUXC_GPIO1_IO04__USDHC2_VSELECT	0xc0
 		>;
 	};
 
@@ -192,7 +192,7 @@
 			MX8MP_IOMUXC_SD2_DATA1__USDHC2_DATA1	0x1d4
 			MX8MP_IOMUXC_SD2_DATA2__USDHC2_DATA2	0x1d4
 			MX8MP_IOMUXC_SD2_DATA3__USDHC2_DATA3	0x1d4
-			MX8MP_IOMUXC_GPIO1_IO04__USDHC2_VSELECT 0xc1
+			MX8MP_IOMUXC_GPIO1_IO04__USDHC2_VSELECT 0xc0
 		>;
 	};
 
@@ -204,7 +204,7 @@
 			MX8MP_IOMUXC_SD2_DATA1__USDHC2_DATA1	0x1d6
 			MX8MP_IOMUXC_SD2_DATA2__USDHC2_DATA2	0x1d6
 			MX8MP_IOMUXC_SD2_DATA3__USDHC2_DATA3	0x1d6
-			MX8MP_IOMUXC_GPIO1_IO04__USDHC2_VSELECT 0xc1
+			MX8MP_IOMUXC_GPIO1_IO04__USDHC2_VSELECT 0xc0
 		>;
 	};
 

arch/arm64/boot/dts/qcom/ipq8074.dtsi

@@ -13,7 +13,7 @@
 	clocks {
 		sleep_clk: sleep_clk {
 			compatible = "fixed-clock";
-			clock-frequency = <32000>;
+			clock-frequency = <32768>;
 			#clock-cells = <0>;
 		};
 

arch/arm64/boot/dts/qcom/msm8992-bullhead-rev-101.dts

@@ -64,7 +64,7 @@
 		vdd_l17_29-supply = <&vreg_vph_pwr>;
 		vdd_l20_21-supply = <&vreg_vph_pwr>;
 		vdd_l25-supply = <&pm8994_s5>;
-		vdd_lvs1_2 = <&pm8994_s4>;
+		vdd_lvs1_2-supply = <&pm8994_s4>;
 
 		pm8994_s1: s1 {
 			regulator-min-microvolt = <800000>;

arch/arm64/boot/dts/qcom/msm8992-xiaomi-libra.dts

@@ -151,7 +151,7 @@
 		vdd_l17_29-supply = <&vreg_vph_pwr>;
 		vdd_l20_21-supply = <&vreg_vph_pwr>;
 		vdd_l25-supply = <&pm8994_s5>;
-		vdd_lvs1_2 = <&pm8994_s4>;
+		vdd_lvs1_2-supply = <&pm8994_s4>;
 
 		pm8994_s1: s1 {
 			/* unused */

arch/arm64/boot/dts/qcom/msm8994.dtsi

@@ -92,7 +92,7 @@
 		CPU6: cpu@102 {
 			device_type = "cpu";
 			compatible = "arm,cortex-a57";
-			reg = <0x0 0x101>;
+			reg = <0x0 0x102>;
 			enable-method = "psci";
 			next-level-cache = <&L2_1>;
 		};
@@ -100,7 +100,7 @@
 		CPU7: cpu@103 {
 			device_type = "cpu";
 			compatible = "arm,cortex-a57";
-			reg = <0x0 0x101>;
+			reg = <0x0 0x103>;
 			enable-method = "psci";
 			next-level-cache = <&L2_1>;
 		};
@@ -316,7 +316,7 @@
 			#dma-cells = <1>;
 			qcom,ee = <0>;
 			qcom,controlled-remotely;
-			num-channels = <18>;
+			num-channels = <24>;
 			qcom,num-ees = <4>;
 		};
 
@@ -412,7 +412,7 @@
 			#dma-cells = <1>;
 			qcom,ee = <0>;
 			qcom,controlled-remotely;
-			num-channels = <18>;
+			num-channels = <24>;
 			qcom,num-ees = <4>;
 		};
 

arch/arm64/boot/dts/rockchip/rk3399.dtsi

@@ -1471,6 +1471,7 @@
 			reg = <0xf780 0x24>;
 			clocks = <&sdhci>;
 			clock-names = "emmcclk";
+			drive-impedance-ohm = <50>;
 			#phy-cells = <0>;
 			status = "disabled";
 		};
@@ -1481,7 +1482,6 @@
 			clock-names = "refclk";
 			#phy-cells = <1>;
 			resets = <&cru SRST_PCIEPHY>;
-			drive-impedance-ohm = <50>;
 			reset-names = "phy";
 			status = "disabled";
 		};

arch/arm64/crypto/poly1305-glue.c

@@ -52,7 +52,7 @@ static void neon_poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src,
 {
 	if (unlikely(!dctx->sset)) {
 		if (!dctx->rset) {
-			poly1305_init_arch(dctx, src);
+			poly1305_init_arm64(&dctx->h, src);
 			src += POLY1305_BLOCK_SIZE;
 			len -= POLY1305_BLOCK_SIZE;
 			dctx->rset = 1;

arch/arm64/kernel/cpu_errata.c

@@ -210,6 +210,8 @@ static const struct arm64_cpu_capabilities arm64_repeat_tlbi_list[] = {
 #ifdef CONFIG_ARM64_ERRATUM_1286807
 	{
 		ERRATA_MIDR_RANGE(MIDR_CORTEX_A76, 0, 0, 3, 0),
+		/* Kryo4xx Gold (rcpe to rfpe) => (r0p0 to r3p0) */
+		ERRATA_MIDR_RANGE(MIDR_QCOM_KRYO_4XX_GOLD, 0xc, 0xe, 0xf, 0xe),
 	},
 #endif
 	{},

arch/arm64/kernel/debug-monitors.c

@@ -283,13 +283,11 @@ void register_user_break_hook(struct break_hook *hook)
 {
 	register_debug_hook(&hook->node, &user_break_hook);
 }
-EXPORT_SYMBOL_GPL(register_user_break_hook);
 
 void unregister_user_break_hook(struct break_hook *hook)
 {
 	unregister_debug_hook(&hook->node);
 }
-EXPORT_SYMBOL_GPL(unregister_user_break_hook);
 
 void register_kernel_break_hook(struct break_hook *hook)
 {
@@ -301,7 +299,6 @@ void unregister_kernel_break_hook(struct break_hook *hook)
 {
 	unregister_debug_hook(&hook->node);
 }
-EXPORT_SYMBOL_GPL(unregister_kernel_break_hook);
 
 static int call_break_hook(struct pt_regs *regs, unsigned int esr)
 {

arch/arm64/kernel/ftrace.c

@@ -77,47 +77,76 @@ static struct plt_entry *get_ftrace_plt(struct module *mod, unsigned long addr)
 }
 
 /*
- * Turn on the call to ftrace_caller() in instrumented function
+ * Find the address the callsite must branch to in order to reach '*addr'.
+ *
+ * Due to the limited range of 'BL' instructions, modules may be placed too far
+ * away to branch directly and must use a PLT.
+ *
+ * Returns true when '*addr' contains a reachable target address, or has been
+ * modified to contain a PLT address. Returns false otherwise.
  */
-int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+static bool ftrace_find_callable_addr(struct dyn_ftrace *rec,
+				      struct module *mod,
+				      unsigned long *addr)
 {
 	unsigned long pc = rec->ip;
-	u32 old, new;
-	long offset = (long)pc - (long)addr;
+	long offset = (long)*addr - (long)pc;
+	struct plt_entry *plt;
 
-	if (offset < -SZ_128M || offset >= SZ_128M) {
-		struct module *mod;
-		struct plt_entry *plt;
+	/*
+	 * When the target is within range of the 'BL' instruction, use 'addr'
+	 * as-is and branch to that directly.
+	 */
+	if (offset >= -SZ_128M && offset < SZ_128M)
+		return true;
 
-		if (!IS_ENABLED(CONFIG_ARM64_MODULE_PLTS))
-			return -EINVAL;
+	/*
+	 * When the target is outside of the range of a 'BL' instruction, we
+	 * must use a PLT to reach it. We can only place PLTs for modules, and
+	 * only when module PLT support is built-in.
+	 */
+	if (!IS_ENABLED(CONFIG_ARM64_MODULE_PLTS))
+		return false;
 
-		/*
-		 * On kernels that support module PLTs, the offset between the
-		 * branch instruction and its target may legally exceed the
-		 * range of an ordinary relative 'bl' opcode. In this case, we
-		 * need to branch via a trampoline in the module.
-		 *
-		 * NOTE: __module_text_address() must be called with preemption
-		 * disabled, but we can rely on ftrace_lock to ensure that 'mod'
-		 * retains its validity throughout the remainder of this code.
-		 */
+	/*
+	 * 'mod' is only set at module load time, but if we end up
+	 * dealing with an out-of-range condition, we can assume it
+	 * is due to a module being loaded far away from the kernel.
+	 *
+	 * NOTE: __module_text_address() must be called with preemption
+	 * disabled, but we can rely on ftrace_lock to ensure that 'mod'
+	 * retains its validity throughout the remainder of this code.
+	 */
+	if (!mod) {
 		preempt_disable();
 		mod = __module_text_address(pc);
 		preempt_enable();
+	}
 
-		if (WARN_ON(!mod))
-			return -EINVAL;
+	if (WARN_ON(!mod))
+		return false;
 
-		plt = get_ftrace_plt(mod, addr);
-		if (!plt) {
-			pr_err("ftrace: no module PLT for %ps\n", (void *)addr);
-			return -EINVAL;
-		}
-
-		addr = (unsigned long)plt;
+	plt = get_ftrace_plt(mod, *addr);
+	if (!plt) {
+		pr_err("ftrace: no module PLT for %ps\n", (void *)*addr);
+		return false;
 	}
 
+	*addr = (unsigned long)plt;
+	return true;
+}
+
+/*
+ * Turn on the call to ftrace_caller() in instrumented function
+ */
+int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr)
+{
+	unsigned long pc = rec->ip;
+	u32 old, new;
+
+	if (!ftrace_find_callable_addr(rec, NULL, &addr))
+		return -EINVAL;
+
 	old = aarch64_insn_gen_nop();
 	new = aarch64_insn_gen_branch_imm(pc, addr, AARCH64_INSN_BRANCH_LINK);
 
@@ -131,6 +160,11 @@ int ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr,
 	unsigned long pc = rec->ip;
 	u32 old, new;
 
+	if (!ftrace_find_callable_addr(rec, NULL, &old_addr))
+		return -EINVAL;
+	if (!ftrace_find_callable_addr(rec, NULL, &addr))
+		return -EINVAL;
+
 	old = aarch64_insn_gen_branch_imm(pc, old_addr,
 					  AARCH64_INSN_BRANCH_LINK);
 	new = aarch64_insn_gen_branch_imm(pc, addr, AARCH64_INSN_BRANCH_LINK);
@@ -180,54 +214,15 @@ int ftrace_make_nop(struct module *mod, struct dyn_ftrace *rec,
 		    unsigned long addr)
 {
 	unsigned long pc = rec->ip;
-	bool validate = true;
 	u32 old = 0, new;
-	long offset = (long)pc - (long)addr;
 
-	if (offset < -SZ_128M || offset >= SZ_128M) {
-		u32 replaced;
-
-		if (!IS_ENABLED(CONFIG_ARM64_MODULE_PLTS))
-			return -EINVAL;
-
-		/*
-		 * 'mod' is only set at module load time, but if we end up
-		 * dealing with an out-of-range condition, we can assume it
-		 * is due to a module being loaded far away from the kernel.
-		 */
-		if (!mod) {
-			preempt_disable();
-			mod = __module_text_address(pc);
-			preempt_enable();
-
-			if (WARN_ON(!mod))
-				return -EINVAL;
-		}
-
-		/*
-		 * The instruction we are about to patch may be a branch and
-		 * link instruction that was redirected via a PLT entry. In
-		 * this case, the normal validation will fail, but we can at
-		 * least check that we are dealing with a branch and link
-		 * instruction that points into the right module.
-		 */
-		if (aarch64_insn_read((void *)pc, &replaced))
-			return -EFAULT;
-
-		if (!aarch64_insn_is_bl(replaced) ||
-		    !within_module(pc + aarch64_get_branch_offset(replaced),
-				   mod))
-			return -EINVAL;
-
-		validate = false;
-	} else {
-		old = aarch64_insn_gen_branch_imm(pc, addr,
-						  AARCH64_INSN_BRANCH_LINK);
-	}
+	if (!ftrace_find_callable_addr(rec, mod, &addr))
+		return -EINVAL;
 
+	old = aarch64_insn_gen_branch_imm(pc, addr, AARCH64_INSN_BRANCH_LINK);
 	new = aarch64_insn_gen_nop();
 
-	return ftrace_modify_code(pc, old, new, validate);
+	return ftrace_modify_code(pc, old, new, true);
 }
 
 void arch_ftrace_update_code(int command)

arch/arm64/kernel/mte.c

@@ -67,6 +67,9 @@ void mte_sync_tags(pte_t *ptep, pte_t pte)
 		if (!test_and_set_bit(PG_mte_tagged, &page->flags))
 			mte_sync_page_tags(page, ptep, check_swap);
 	}
+
+	/* ensure the tags are visible before the PTE is set */
+	smp_wmb();
 }
 
 int memcmp_pages(struct page *page1, struct page *page2)

arch/arm64/kernel/paravirt.c

@@ -30,7 +30,7 @@ struct paravirt_patch_template pv_ops;
 EXPORT_SYMBOL_GPL(pv_ops);
 
 struct pv_time_stolen_time_region {
-	struct pvclock_vcpu_stolen_time *kaddr;
+	struct pvclock_vcpu_stolen_time __rcu *kaddr;
 };
 
 static DEFINE_PER_CPU(struct pv_time_stolen_time_region, stolen_time_region);
@@ -47,7 +47,9 @@ early_param("no-steal-acc", parse_no_stealacc);
 /* return stolen time in ns by asking the hypervisor */
 static u64 pv_steal_clock(int cpu)
 {
+	struct pvclock_vcpu_stolen_time *kaddr = NULL;
 	struct pv_time_stolen_time_region *reg;
+	u64 ret = 0;
 
 	reg = per_cpu_ptr(&stolen_time_region, cpu);
 
@@ -56,28 +58,37 @@ static u64 pv_steal_clock(int cpu)
 	 * online notification callback runs. Until the callback
 	 * has run we just return zero.
 	 */
-	if (!reg->kaddr)
+	rcu_read_lock();
+	kaddr = rcu_dereference(reg->kaddr);
+	if (!kaddr) {
+		rcu_read_unlock();
 		return 0;
+	}
 
-	return le64_to_cpu(READ_ONCE(reg->kaddr->stolen_time));
+	ret = le64_to_cpu(READ_ONCE(kaddr->stolen_time));
+	rcu_read_unlock();
+	return ret;
 }
 
 static int stolen_time_cpu_down_prepare(unsigned int cpu)
 {
+	struct pvclock_vcpu_stolen_time *kaddr = NULL;
 	struct pv_time_stolen_time_region *reg;
 
 	reg = this_cpu_ptr(&stolen_time_region);
 	if (!reg->kaddr)
 		return 0;
 
-	memunmap(reg->kaddr);
-	memset(reg, 0, sizeof(*reg));
+	kaddr = rcu_replace_pointer(reg->kaddr, NULL, true);
+	synchronize_rcu();
+	memunmap(kaddr);
 
 	return 0;
 }
 
 static int stolen_time_cpu_online(unsigned int cpu)
 {
+	struct pvclock_vcpu_stolen_time *kaddr = NULL;
 	struct pv_time_stolen_time_region *reg;
 	struct arm_smccc_res res;
 
@@ -88,17 +99,19 @@ static int stolen_time_cpu_online(unsigned int cpu)
 	if (res.a0 == SMCCC_RET_NOT_SUPPORTED)
 		return -EINVAL;
 
-	reg->kaddr = memremap(res.a0,
+	kaddr = memremap(res.a0,
 			      sizeof(struct pvclock_vcpu_stolen_time),
 			      MEMREMAP_WB);
 
+	rcu_assign_pointer(reg->kaddr, kaddr);
+
 	if (!reg->kaddr) {
 		pr_warn("Failed to map stolen time data structure\n");
 		return -ENOMEM;
 	}
 
-	if (le32_to_cpu(reg->kaddr->revision) != 0 ||
-	    le32_to_cpu(reg->kaddr->attributes) != 0) {
+	if (le32_to_cpu(kaddr->revision) != 0 ||
+	    le32_to_cpu(kaddr->attributes) != 0) {
 		pr_warn_once("Unexpected revision or attributes in stolen time data\n");
 		return -ENXIO;
 	}

arch/arm64/kernel/sys_compat.c

@@ -114,6 +114,6 @@ long compat_arm_syscall(struct pt_regs *regs, int scno)
 	addr = instruction_pointer(regs) - (compat_thumb_mode(regs) ? 2 : 4);
 
 	arm64_notify_die("Oops - bad compat syscall(2)", regs,
-			 SIGILL, ILL_ILLTRP, addr, scno);
+			 SIGILL, ILL_ILLTRP, addr, 0);
 	return 0;
 }

arch/arm64/kvm/vgic/vgic-mmio-v2.c

@@ -418,11 +418,11 @@ static const struct vgic_register_region vgic_v2_dist_registers[] = {
 		VGIC_ACCESS_32bit),
 	REGISTER_DESC_WITH_BITS_PER_IRQ(GIC_DIST_PENDING_SET,
 		vgic_mmio_read_pending, vgic_mmio_write_spending,
-		NULL, vgic_uaccess_write_spending, 1,
+		vgic_uaccess_read_pending, vgic_uaccess_write_spending, 1,
 		VGIC_ACCESS_32bit),
 	REGISTER_DESC_WITH_BITS_PER_IRQ(GIC_DIST_PENDING_CLEAR,
 		vgic_mmio_read_pending, vgic_mmio_write_cpending,
-		NULL, vgic_uaccess_write_cpending, 1,
+		vgic_uaccess_read_pending, vgic_uaccess_write_cpending, 1,
 		VGIC_ACCESS_32bit),
 	REGISTER_DESC_WITH_BITS_PER_IRQ(GIC_DIST_ACTIVE_SET,
 		vgic_mmio_read_active, vgic_mmio_write_sactive,

arch/arm64/kvm/vgic/vgic-mmio.c

@@ -226,8 +226,9 @@ int vgic_uaccess_write_cenable(struct kvm_vcpu *vcpu,
 	return 0;
 }
 
-unsigned long vgic_mmio_read_pending(struct kvm_vcpu *vcpu,
-				     gpa_t addr, unsigned int len)
+static unsigned long __read_pending(struct kvm_vcpu *vcpu,
+				    gpa_t addr, unsigned int len,
+				    bool is_user)
 {
 	u32 intid = VGIC_ADDR_TO_INTID(addr, 1);
 	u32 value = 0;
@@ -248,7 +249,7 @@ unsigned long vgic_mmio_read_pending(struct kvm_vcpu *vcpu,
 						    IRQCHIP_STATE_PENDING,
 						    &val);
 			WARN_RATELIMIT(err, "IRQ %d", irq->host_irq);
-		} else if (vgic_irq_is_mapped_level(irq)) {
+		} else if (!is_user && vgic_irq_is_mapped_level(irq)) {
 			val = vgic_get_phys_line_level(irq);
 		} else {
 			val = irq_is_pending(irq);
@@ -263,6 +264,18 @@ unsigned long vgic_mmio_read_pending(struct kvm_vcpu *vcpu,
 	return value;
 }
 
+unsigned long vgic_mmio_read_pending(struct kvm_vcpu *vcpu,
+				     gpa_t addr, unsigned int len)
+{
+	return __read_pending(vcpu, addr, len, false);
+}
+
+unsigned long vgic_uaccess_read_pending(struct kvm_vcpu *vcpu,
+					gpa_t addr, unsigned int len)
+{
+	return __read_pending(vcpu, addr, len, true);
+}
+
 static bool is_vgic_v2_sgi(struct kvm_vcpu *vcpu, struct vgic_irq *irq)
 {
 	return (vgic_irq_is_sgi(irq->intid) &&

arch/arm64/kvm/vgic/vgic-mmio.h

@@ -149,6 +149,9 @@ int vgic_uaccess_write_cenable(struct kvm_vcpu *vcpu,
 unsigned long vgic_mmio_read_pending(struct kvm_vcpu *vcpu,
 				     gpa_t addr, unsigned int len);
 
+unsigned long vgic_uaccess_read_pending(struct kvm_vcpu *vcpu,
+					gpa_t addr, unsigned int len);
+
 void vgic_mmio_write_spending(struct kvm_vcpu *vcpu,
 			      gpa_t addr, unsigned int len,
 			      unsigned long val);

arch/arm64/mm/cache.S

@@ -228,8 +228,6 @@ SYM_FUNC_END_PI(__dma_flush_area)
  *	- dir	- DMA direction
  */
 SYM_FUNC_START_PI(__dma_map_area)
-	cmp	w2, #DMA_FROM_DEVICE
-	b.eq	__dma_inv_area
 	b	__dma_clean_area
 SYM_FUNC_END_PI(__dma_map_area)
 

arch/arm64/mm/copypage.c

@@ -16,8 +16,8 @@
 
 void copy_highpage(struct page *to, struct page *from)
 {
-	struct page *kto = page_address(to);
-	struct page *kfrom = page_address(from);
+	void *kto = page_address(to);
+	void *kfrom = page_address(from);
 
 	copy_page(kto, kfrom);
 

arch/arm64/net/bpf_jit_comp.c

@@ -1112,6 +1112,7 @@ skip_init_ctx:
 			bpf_jit_binary_free(header);
 			prog->bpf_func = NULL;
 			prog->jited = 0;
+			prog->jited_len = 0;
 			goto out_off;
 		}
 		bpf_jit_binary_lock_ro(header);

arch/csky/kernel/probes/kprobes.c

@@ -28,7 +28,7 @@ static int __kprobes patch_text_cb(void *priv)
 	struct csky_insn_patch *param = priv;
 	unsigned int addr = (unsigned int)param->addr;
 
-	if (atomic_inc_return(&param->cpu_count) == 1) {
+	if (atomic_inc_return(&param->cpu_count) == num_online_cpus()) {
 		*(u16 *) addr = cpu_to_le16(param->opcode);
 		dcache_wb_range(addr, addr + 2);
 		atomic_inc(&param->cpu_count);

arch/ia64/include/asm/timex.h

@@ -39,6 +39,7 @@ get_cycles (void)
 	ret = ia64_getreg(_IA64_REG_AR_ITC);
 	return ret;
 }
+#define get_cycles get_cycles
 
 extern void ia64_cpu_local_tick (void);
 extern unsigned long long ia64_native_sched_clock (void);

arch/m68k/Kconfig.bus

@@ -63,7 +63,7 @@ source "drivers/zorro/Kconfig"
 
 endif
 
-if COLDFIRE
+if !MMU
 
 config ISA_DMA_API
 	def_bool !M5272