Due to the introduction of kmap_local_*, the storage of slots used for
short-term mapping has changed from per-CPU to per-thread.  kmap_atomic()
disable preemption, while kmap_local_*() only disable migration.

There is no need to disable preemption in several kamp_atomic places used
in fuse.

Link: https://lwn.net/Articles/836144/Signed-off-by: Peng Hao <flyingpeng@tencent.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Add missing inode lock annotatation; found by syzbot.

Reported-and-tested-by: syzbot+9f747458f5990eaa8d43@syzkaller.appspotmail.com
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Fuse ->release() is otherwise asynchronous for the reason that it can
happen in contexts unrelated to close/munmap.

Inode is already written back from fuse_flush().  Add it to
fuse_vma_close() as well to make sure inode dirtying from mmaps also get
written out before the file is released.

Also add error handling.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

In writeback cache mode mtime/ctime updates are cached, and flushed to the
server using the ->write_inode() callback.

Closing the file will result in a dirty inode being immediately written,
but in other cases the inode can remain dirty after all references are
dropped.  This result in the inode being written back from reclaim, which
can deadlock on a regular allocation while the request is being served.

The usual mechanisms (GFP_NOFS/PF_MEMALLOC*) don't work for FUSE, because
serving a request involves unrelated userspace process(es).

Instead do the same as for dirty pages: make sure the inode is written
before the last reference is gone.

 - fallocate(2)/copy_file_range(2): these call file_update_time() or
   file_modified(), so flush the inode before returning from the call

 - unlink(2), link(2) and rename(2): these call fuse_update_ctime(), so
   flush the ctime directly from this helper
Reported-by: chenguanyou <chenguanyou@xiaomi.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Instead of "goto err", return error directly, since there's no error
cleanup to do now.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Syzkaller reports a null pointer dereference in fuse_test_super() that is
caused by sb->s_fs_info being NULL.

This is due to the fact that fuse_fill_super() is initializing s_fs_info,
which is too late, it's already on the fs_supers list.  The initialization
needs to be done in sget_fc() with the sb_lock held.

Move allocation of fuse_mount and fuse_conn from fuse_fill_super() into
fuse_get_tree().

After this ->kill_sb() will always be called with non-NULL ->s_fs_info,
hence fuse_mount_destroy() can drop the test for non-NULL "fm".

Reported-by: syzbot+74a15f02ccb51f398601@syzkaller.appspotmail.com
Fixes: 5d5b74aa ("fuse: allow sharing existing sb")
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

1. call fuse_mount_destroy() for open coded variants

2. before deactivate_locked_super() don't need fuse_mount destruction since
that will now be done (if ->s_fs_info is not cleared)

3. rearrange fuse_mount setup in fuse_get_tree_submount() so that the
regular pattern can be used
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

The ->put_super callback is called from generic_shutdown_super() in case of
a fully initialized sb.  This is called from kill_***_super(), which is
called from ->kill_sb instances.

Fuse uses ->put_super to destroy the fs specific fuse_mount and drop the
reference to the fuse_conn, while it does the same on each error case
during sb setup.

This patch moves the destruction from fuse_put_super() to
fuse_mount_destroy(), called at the end of all ->kill_sb instances.  A
follup patch will clean up the error paths.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Checking "fm" works because currently sb->s_fs_info is cleared on error
paths; however, sb->s_root is what generic_shutdown_super() checks to
determine whether the sb was fully initialized or not.

This change will allow cleanup of sb setup error paths.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

Pull libata fixes from Damien Le Moal:
 "Two fixes for this cycle:

   - Fix a null pointer dereference in ahci-platform driver (from Hai)

   - Fix uninitialized variables in pata_legacy driver (from Dan)"

* tag 'libata-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
  ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators()
  pata_legacy: fix a couple uninitialized variable bugs

Pull block fixes from Jens Axboe:
 "Bigger than usual for this point in time, the majority is fixing some
  issues around BDI lifetimes with the move from the request_queue to
  the disk in this release. In detail:

   - Series on draining fs IO for del_gendisk() (Christoph)

   - NVMe pull request via Christoph:
        - fix the abort command id (Keith Busch)
        - nvme: fix per-namespace chardev deletion (Adam Manzanares)

   - brd locking scope fix (Tetsuo)

   - BFQ fix (Paolo)"

* tag 'block-5.15-2021-10-17' of git://git.kernel.dk/linux-block:
  block, bfq: reset last_bfqq_created on group change
  block: warn when putting the final reference on a registered disk
  brd: reduce the brd_devices_mutex scope
  kyber: avoid q->disk dereferences in trace points
  block: keep q_usage_counter in atomic mode after del_gendisk
  block: drain file system I/O on del_gendisk
  block: split bio_queue_enter from blk_queue_enter
  block: factor out a blk_try_enter_queue helper
  block: call submit_bio_checks under q_usage_counter
  nvme: fix per-namespace chardev deletion
  block/rnbd-clt-sysfs: fix a couple uninitialized variable bugs
  nvme-pci: Fix abort command id

Pull io_uring fix from Jens Axboe:
 "Just a single fix for a wrong condition for grabbing a lock, a
  regression in this merge window"

* tag 'io_uring-5.15-2021-10-17' of git://git.kernel.dk/linux-block:
  io_uring: fix wrong condition to grab uring lock

Pull virtio fixes from Michael Tsirkin:
 "Fixes up some issues in rc5"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  vhost-vdpa: Fix the wrong input in config_cb
  VDUSE: fix documentation underline warning
  Revert "virtio-blk: Add validation for block size in config space"
  vhost_vdpa: unset vq irq before freeing irq
  virtio: write back F_VERSION_1 before validate

Pull powerpc fixes from Michael Ellerman:

 - Fix a bug where guests on P9 with interrupts passed through could get
   stuck in synchronize_irq().

 - Fix a bug in KVM on P8 where secondary threads entering a guest would
   write outside their allocated stack.

 - Fix a bug in KVM on P8 where secondary threads could confuse the host
   offline code and cause the guest or host to crash.

Thanks to Cédric Le Goater.

* tag 'powerpc-5.15-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
  KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest()
  powerpc/xive: Discard disabled interrupts in get_irqchip_state()

Pull objtool fixes from Borislav Petkov:

 - Update section headers before the respective relocations to not
   trigger a safety check in elftoolchain's implementation of libelf

 - Do not add garbage data to the .rela.orc_unwind_ip section

* tag 'objtool_urgent_for_v5.15_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  objtool: Update section header before relocations
  objtool: Check for gelf_update_rel[a] failures

Pull EDAC fix from Borislav Petkov:

 - Log the "correct" uncorrectable error count in the armada_xp driver

* tag 'edac_urgent_for_v5.15_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras:
  EDAC/armada-xp: Fix output of uncorrectable error counter

Pull perf fix from Borislav Petkov:

 - Add Sapphire Rapids to the list of CPUs supporting the SMI count MSR

* tag 'perf_urgent_for_v5.15_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/x86/msr: Add Sapphire Rapids CPU support

Pull EFI fixes from Borislav Petkov:
 "Forwarded from Ard Biesheuvel through the tip tree. Ard will send
  stuff directly in the near future.

  Low priority fixes but fixes nonetheless:

   - update stub diagnostic print that is no longer accurate

   - avoid statically allocated buffer for CPER error record decoding

   - avoid sleeping on the efi_runtime semaphore when calling the
     ResetSystem EFI runtime service"

* tag 'efi-urgent-for-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock()
  efi/cper: use stack buffer for error record decoding
  efi/libstub: Simplify "Exiting bootservices" message

Pull x86 fixes from Borislav Petkov:

 - Do not enable AMD memory encryption in Kconfig by default due to
   shortcomings of some platforms, leading to boot failures.

 - Mask out invalid bits in the MXCSR for 32-bit kernels again because
   Thomas and I don't know how to mask out bits properly. Third time's
   the charm.

* tag 'x86_urgent_for_v5.15_rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/fpu: Mask out the invalid MXCSR bits properly
  x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically

Merge tag 'driver-core-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core fixes from Greg KH:
 "Here are some small driver core fixes for 5.15-rc6, all of which have
  been in linux-next for a while with no reported issues.

  They include:

   - kernfs negative dentry bugfix

   - simple pm bus fixes to resolve reported issues"

* tag 'driver-core-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  drivers: bus: Delete CONFIG_SIMPLE_PM_BUS
  drivers: bus: simple-pm-bus: Add support for probing simple bus only devices
  driver core: Reject pointless SYNC_STATE_ONLY device links
  kernfs: don't create a negative dentry if inactive node exists

Pull char/misc driver fixes from Greg KH:
 "Here are some small char/misc driver fixes for 5.15-rc6 for reported
  issues that include:

   - habanalabs driver fixes

   - mei driver fixes and new ids

   - fpga new device ids

   - MAINTAINER file updates for fpga subsystem

   - spi module id table additions and fixes

   - fastrpc locking fixes

   - nvmem driver fix

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'char-misc-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  eeprom: 93xx46: fix MODULE_DEVICE_TABLE
  nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
  mei: hbm: drop hbm responses on early shutdown
  mei: me: add Ice Lake-N device id.
  eeprom: 93xx46: Add SPI device ID table
  eeprom: at25: Add SPI ID table
  misc: HI6421V600_IRQ should depend on HAS_IOMEM
  misc: fastrpc: Add missing lock before accessing find_vma()
  cb710: avoid NULL pointer subtraction
  misc: gehc: Add SPI ID table
  MAINTAINERS: Drop outdated FPGA Manager website
  MAINTAINERS: Add Hao and Yilun as maintainers
  habanalabs: fix resetting args in wait for CS IOCTL
  fpga: ice40-spi: Add SPI device ID table

Pull staging and IIO driver fixes from Greg KH:
 "Here are a number of small IIO and staging driver fixes for 5.15-rc6.

  They include:

   - vc04_services bugfix for reported problem

   - r8188eu array underflow fix

   - iio driver fixes for a lot of tiny reported issues.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'staging-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: r8188eu: prevent array underflow in rtw_hal_update_ra_mask()
  staging: vc04_services: shut up out-of-range warning
  iio: light: opt3001: Fixed timeout error when 0 lux
  iio: adis16480: fix devices that do not support sleep mode
  iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED
  iio: adis16475: fix deadlock on frequency set
  iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
  iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
  iio: adc: ad7793: Fix IRQ flag
  iio: adc: ad7780: Fix IRQ flag
  iio: adc: ad7192: Add IRQ flag
  iio: adc: aspeed: set driver data when adc probe.
  iio: adc: rzg2l_adc: add missing clk_disable_unprepare() in rzg2l_adc_pm_runtime_resume()
  iio: adc: max1027: Fix the number of max1X31 channels
  iio: adc: max1027: Fix wrong shift with 12-bit devices
  iio: adc128s052: Fix the error handling path of 'adc128_probe()'
  iio: adc: rzg2l_adc: Fix -EBUSY timeout error return
  iio: accel: fxls8962af: return IRQ_HANDLED when fifo is flushed
  iio: dac: ti-dac5571: fix an error code in probe()

Pull serial driver fix from Greg KH:
 "Here is a single 8250 Kconfig fix for 5.15-rc6 that resolves a
  regression that showed up in 5.15-rc1. It has been in linux-next for a
  while with no reported issues"

* tag 'tty-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: 8250: allow disabling of Freescale 16550 compile test

Pull USB fixes from Greg KH:
 "Here are some small USB fixes that resolve a number of tiny issues.
  They include:

   - new USB serial driver ids

   - xhci driver fixes for a bunch of issues

   - musb error path fixes.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'usb-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: musb: dsps: Fix the probe error path
  xhci: Enable trust tx length quirk for Fresco FL11 USB controller
  xhci: Fix command ring pointer corruption while aborting a command
  USB: xhci: dbc: fix tty registration race
  xhci: add quirk for host controllers that don't update endpoint DCS
  xhci: guard accesses to ep_state in xhci_endpoint_reset()
  USB: serial: qcserial: add EM9191 QDL support
  USB: serial: option: add Quectel EC200S-CN module support
  USB: serial: option: add prod. id for Quectel EG91
  USB: serial: option: add Telit LE910Cx composition 0x1204

Pull input fixes from Dmitry Torokhov:

 - a new product ID for the xpad joystick driver

 - fixes to resistive-adc-touch and snvs_pwrkey drivers

 - a change to touchscreen helpers to make clang happier

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: touchscreen - avoid bitwise vs logical OR warning
  Input: xpad - add support for another USB ID of Nacon GC-100
  Input: resistive-adc-touch - fix division by zero error on z1 == 0
  Input: snvs_pwrkey - add clk handling

Since commit 430a67f9 ("block, bfq: merge bursts of newly-created
queues"), BFQ maintains a per-group pointer to the last bfq_queue
created. If such a queue, say bfqq, happens to move to a different
group, then bfqq is no more a valid last bfq_queue created for its
previous group. That pointer must then be cleared. Not resetting such
a pointer may also cause UAF, if bfqq happens to also be freed after
being moved to a different group. This commit performs this missing
reset. As such it fixes commit 430a67f9 ("block, bfq: merge bursts
of newly-created queues").

Such a missing reset is most likely the cause of the crash reported in [1].
With some analysis, we found that this crash was due to the
above UAF. And such UAF did go away with this commit applied [1].

Anyway, before this commit, that crash happened to be triggered in
conjunction with commit 2d52c58b ("block, bfq: honor already-setup
queue merges"). The latter was then reverted by commit ebc69e89
("Revert "block, bfq: honor already-setup queue merges""). Yet commit
2d52c58b ("block, bfq: honor already-setup queue merges") contains
no error related with the above UAF, and can then be restored.

[1] https://bugzilla.kernel.org/show_bug.cgi?id=214503

Fixes: 430a67f9 ("block, bfq: merge bursts of newly-created queues")
Tested-by: Grzegorz Kowal <custos.mentis@gmail.com>
Signed-off-by: Paolo Valente <paolo.valente@linaro.org>
Link: https://lore.kernel.org/r/20211015144336.45894-2-paolo.valente@linaro.orgSigned-off-by: Jens Axboe <axboe@kernel.dk>

Warn when the last reference on a live disk is put without calling
del_gendisk first.  There are some BDI related bug reports that look
like a case of this, so make sure we have the proper instrumentation
to catch it.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20211014130231.1468538-1-hch@lst.deSigned-off-by: Jens Axboe <axboe@kernel.dk>

As with commit 8b52d8be ("loop: reorder loop_exit"),
unregister_blkdev() needs to be called first in order to avoid calling
brd_alloc() from brd_probe() after brd_del_one() from brd_exit(). Then,
we can avoid holding global mutex during add_disk()/del_gendisk() as with
commit 1c500ad7 ("loop: reduce the loop_ctl_mutex scope").
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/e205f13d-18ff-a49c-0988-7de6ea5ff823@i-love.sakura.ne.jpSigned-off-by: Jens Axboe <axboe@kernel.dk>

Merge tag 'perf-tools-fixes-for-v5.15-2021-10-16' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

Pull perf tools fixes from Arnaldo Carvalho de Melo:

 - Fix 'perf test evsel' build error on !x86 architectures

 - Fix libperf's test_stat_cpu mixup of CPU numbers and CPU indexes

 - Output offsets for decompressed records, not just useless zeros

* tag 'perf-tools-fixes-for-v5.15-2021-10-16' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
  libperf tests: Fix test_stat_cpu
  libperf test evsel: Fix build error on !x86 architectures
  perf report: Output non-zero offset for decompressed records

Pull memblock fix from Mike Rapoport:
 "Fix handling of NOMAP regions with kmemleak.

  NOMAP regions don't have linear map entries so an attempt to scan
  these areas in kmemleak would fault.

  Prevent such faults by excluding NOMAP regions from kmemleak"

* tag 'fixes-2021-10-16' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock:
  memblock: exclude NOMAP regions from kmemleak

Tracing fixes for 5.15:

 - Fix defined but not use warning/error for osnoise function

 - Fix memory leak in event probe

 - Fix memblock leak in bootconfig

 - Fix the API of event probes to be like kprobes

 - Added test to check removal of event probe API

 - Fix recordmcount.pl for nds32 failed build

* tag 'trace-v5.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
  selftests/ftrace: Update test for more eprobe removal process
  tracing: Fix event probe removal from dynamic events
  tracing: Fix missing * in comment block
  bootconfig: init: Fix memblock leak in xbc_make_cmdline()
  tracing: Fix memory leak in eprobe_register()
  tracing: Fix missing osnoise tracer on max_latency

Pull clk driver fixes from Stephen Boyd:
 "Clk driver fixes for critical issues found in the past few weeks:

   - Select gdsc config so qcom sm6350 driver probes

   - Fix a register offset in qcom gcc-sm6115 so the correct clk is
     controlled

   - Fix inverted logic in Renesas RZ/G2L .is_enabled()

   - Mark some more clks critical in Renesas clk driver

   - Remove a duplicate clk in the agilex driver"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: qcom: add select QCOM_GDSC for SM6350
  clk: qcom: gcc-sm6115: Fix offset for hlos1_vote_turing_mmu_tbu0_gdsc
  clk: socfpga: agilex: fix duplicate s2f_user0_clk
  clk: renesas: rzg2l: Fix clk status function
  clk: renesas: r9a07g044: Mark IA55_CLK and DMAC_ACLK critical

Merge tag 'for-5.15/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - Fix DM verity target to skip redundant processing on I/O errors.

 - Fix request-based DM so that it doesn't queue request to blk-mq when
   DM device is suspended.

 - Fix DM core mempool NULL pointer race when completing IO.

 - Make DM clone target's 'descs' array static.

* tag 'for-5.15/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm: fix mempool NULL pointer race when completing IO
  dm rq: don't queue request to blk-mq during DM suspend
  dm clone: make array 'descs' static
  dm verity: skip redundant verity_handle_err() on I/O errors

Pull s390 fixes from Vasily Gorbik:

 - Maintainers and reviewers changes:

    * Cornelia decided to free up her time and step down from vfio-ccw
      maintainer and s390 kvm reviewer duties

    * Add Alexander Gordeev as s390 arch code reviewer

 - Fix broken strrchr implementation

* tag 's390-5.15-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390: add Alexander Gordeev as reviewer
  s390: fix strrchr() implementation
  vfio-ccw: step down as maintainer
  KVM: s390: remove myself as reviewer

Pull csky fixes from Guo Ren:
 "Only 5 fixups:

   - Make HAVE_TCM depend on !COMPILE_TEST

   - bitops: Remove duplicate __clear_bit define

   - Select ARCH_WANT_FRAME_POINTERS only if compiler supports it

   - Fixup regs.sr broken in ptrace

   - don't let sigreturn play with priveleged bits of status register"

* tag 'csky-for-linus-5.15-rc6' of git://github.com/c-sky/csky-linux:
  csky: Make HAVE_TCM depend on !COMPILE_TEST
  csky: bitops: Remove duplicate __clear_bit define
  csky: Select ARCH_WANT_FRAME_POINTERS only if compiler supports it
  csky: Fixup regs.sr broken in ptrace
  csky: don't let sigreturn play with priveleged bits of status register

Pull ARC fix from Vineet Gupta:
 "Small fixlet for ARC"

* tag 'arc-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARC: fix potential build snafu

Pull ARM SoC fixes from Arnd Bergmann:
 "A small number fixes this time, mostly touching actual code:

   - Add platform device for i.MX System Reset Controller (SRC) to
     fix a regression caused by fw_devlink change

   - A fixup for a boot regression caused by my own rework for the
     Qualcomm SCM driver

   - Multiple bugfixes for the Arm FFA and optee firmware drivers,
     addressing problems when they are built as a loadable module

   - Four dts bugfixes for the Broadcom SoC used in Raspberry pi,
     addressing VEC (video encoder), MDIO bus controller
     #address-cells/#size-cells, SDIO voltage and PCIe host bridge
     dtc warnings"

* tag 'arm-soc-fixes-5.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  ARM: imx: register reset controller from a platform driver
  iommu/arm: fix ARM_SMMU_QCOM compilation
  ARM: dts: bcm2711-rpi-4-b: Fix usb's unit address
  ARM: dts: bcm2711-rpi-4-b: Fix pcie0's unit address formatting
  tee: optee: Fix missing devices unregister during optee_remove
  ARM: dts: bcm2711-rpi-4-b: fix sd_io_1v8_reg regulator states
  ARM: dts: bcm2711: fix MDIO #address- and #size-cells
  ARM: dts: bcm283x: Fix VEC address for BCM2711
  firmware: arm_ffa: Fix __ffa_devices_unregister
  firmware: arm_ffa: Add missing remove callback to ffa_bus_type

Pull pci fix from Bjorn Helgaas:

 - Don't save msi_populate_sysfs() error code as dev->msi_irq_groups so
   we don't dereference the error code as a pointer (Wang Hai)

* tag 'pci-v5.15-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI/MSI: Handle msi_populate_sysfs() errors correctly

Pull ACPI fix from Rafael Wysocki:
 "Add a missing device ID to a quirk list in the suspend-to-idle support
  code"

* tag 'acpi-5.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI: PM: Include alternate AMDI0005 id in special behaviour