RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir()
workqueue,which takes care about pipefs superblock locking.
In some special scenarios, when kernel frees the pipefs sb of the
current client and immediately alloctes a new pipefs sb,
rpc_remove_pipedir function would misjudge the existence of pipefs
sb which is not the one it used to hold. As a result,
the rpc_remove_pipedir would clean the released freed pipefs dentries.

To fix this issue, rpc_remove_pipedir should check whether the
current pipefs sb is consistent with the original pipefs sb.

This error can be catched by KASAN:
=========================================================
[  250.497700] BUG: KASAN: slab-use-after-free in dget_parent+0x195/0x200
[  250.498315] Read of size 4 at addr ffff88800a2ab804 by task kworker/0:18/106503
[  250.500549] Workqueue: events rpc_free_client_work
[  250.501001] Call Trace:
[  250.502880]  kasan_report+0xb6/0xf0
[  250.503209]  ? dget_parent+0x195/0x200
[  250.503561]  dget_parent+0x195/0x200
[  250.503897]  ? __pfx_rpc_clntdir_depopulate+0x10/0x10
[  250.504384]  rpc_rmdir_depopulate+0x1b/0x90
[  250.504781]  rpc_remove_client_dir+0xf5/0x150
[  250.505195]  rpc_free_client_work+0xe4/0x230
[  250.505598]  process_one_work+0x8ee/0x13b0
...
[   22.039056] Allocated by task 244:
[   22.039390]  kasan_save_stack+0x22/0x50
[   22.039758]  kasan_set_track+0x25/0x30
[   22.040109]  __kasan_slab_alloc+0x59/0x70
[   22.040487]  kmem_cache_alloc_lru+0xf0/0x240
[   22.040889]  __d_alloc+0x31/0x8e0
[   22.041207]  d_alloc+0x44/0x1f0
[   22.041514]  __rpc_lookup_create_exclusive+0x11c/0x140
[   22.041987]  rpc_mkdir_populate.constprop.0+0x5f/0x110
[   22.042459]  rpc_create_client_dir+0x34/0x150
[   22.042874]  rpc_setup_pipedir_sb+0x102/0x1c0
[   22.043284]  rpc_client_register+0x136/0x4e0
[   22.043689]  rpc_new_client+0x911/0x1020
[   22.044057]  rpc_create_xprt+0xcb/0x370
[   22.044417]  rpc_create+0x36b/0x6c0
...
[   22.049524] Freed by task 0:
[   22.049803]  kasan_save_stack+0x22/0x50
[   22.050165]  kasan_set_track+0x25/0x30
[   22.050520]  kasan_save_free_info+0x2b/0x50
[   22.050921]  __kasan_slab_free+0x10e/0x1a0
[   22.051306]  kmem_cache_free+0xa5/0x390
[   22.051667]  rcu_core+0x62c/0x1930
[   22.051995]  __do_softirq+0x165/0x52a
[   22.052347]
[   22.052503] Last potentially related work creation:
[   22.052952]  kasan_save_stack+0x22/0x50
[   22.053313]  __kasan_record_aux_stack+0x8e/0xa0
[   22.053739]  __call_rcu_common.constprop.0+0x6b/0x8b0
[   22.054209]  dentry_free+0xb2/0x140
[   22.054540]  __dentry_kill+0x3be/0x540
[   22.054900]  shrink_dentry_list+0x199/0x510
[   22.055293]  shrink_dcache_parent+0x190/0x240
[   22.055703]  do_one_tree+0x11/0x40
[   22.056028]  shrink_dcache_for_umount+0x61/0x140
[   22.056461]  generic_shutdown_super+0x70/0x590
[   22.056879]  kill_anon_super+0x3a/0x60
[   22.057234]  rpc_kill_sb+0x121/0x200

Fixes: 0157d021 ("SUNRPC: handle RPC client pipefs dentries by network namespace aware routines")
Signed-off-by: felix <fuzhen5@huawei.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

If the client is doing pnfs IO and Kerberos is configured and EXCHANGEID
successfully negotiated SP4_MACH_CRED and WRITE/COMMIT are on the
list of state protected operations, then we need to make sure to
choose the DS's rpc_client structure instead of the MDS's one.

Fixes: fb91fb0e ("NFS: Move call to nfs4_state_protect_write() to nfs4_write_setup()")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

This IS_ERR() check was deleted during in a cleanup because, at the time,
the rpcb_call_async() function could not return an error pointer.  That
changed in commit 25cf32ad ("SUNRPC: Handle allocation failure in
rpc_new_task()") and now it can return an error pointer.  Put the check
back.

A related revert was done in commit 13bd9014 ("Revert "SUNRPC:
Remove unreachable error condition"").

Fixes: 037e910b ("SUNRPC: Remove unreachable error condition in rpcb_getport_async()")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

Currently when client sends an EXCHANGE_ID for a possible trunked
connection, for any error that happened, the trunk will be thrown
out. However, an NFS4ERR_DELAY is a transient error that should be
retried instead.

Fixes: e818bd08 ("NFSv4.1 remove xprt from xprt_switch if session trunking test fails")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

The flexfiles layout driver depends on NFSv3 module as data servers
might be configure to provide nfsv3 only.

Disabling the nfsv3 protocol completely disables the flexfiles layout driver,
however, the data server still might support v4.1 protocol. Thus the strond
couling betwwen flexfiles and nfsv3 modules should be relaxed, as layout driver
will return UNSUPPORTED if not matching protocol is found.
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

When the client is required to use TEST_STATEID to discover which
delegation(s) have been revoked, it may continually test delegations at the
head of the list if the server continues to be unsatisfied and send
SEQ4_STATUS_RECALLABLE_STATE_REVOKED.  For a large number of delegations
this behavior is prone to live-lock because the client may never be able to
test and free revoked state at the end of the list since the
SEQ4_STATUS_RECALLABLE_STATE_REVOKED will cause us to flag delegations at
the head of the list to be tested.  This problem is further exacerbated by
the state manager's willingness to be scheduled out on a busy system while
testing the list of delegations.

Keep a generation counter for each attempt to test all delegations, and
skip delegations that have already been tested in the current pass.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Tested-by: Torkil Svensgaard <torkil@drcmr.dk>
Tested-by: Ruben Vestergaard <rubenv@drcmr.dk>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

SOFTCONN tasks need to periodically check if the transport is still
connected, so that they can time out if that is not the case.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

Fix up xs_wake_error() to close the socket when a hard error is being
reported. Usually, that means an ECONNRESET was received on a connection
attempt.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

If connect() is returning ECONNRESET, it usually means that nothing is
listening on that port. If so, a rebind might be required in order to
obtain the new port on which the RPC service is listening.

Fixes: fd01b259 ("SUNRPC: ECONNREFUSED should cause a rebind.")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

If we're using the 'softerr' mount option, we may want to allow
layoutget to return EAGAIN to allow knfsd server threads to return a
JUKEBOX/DELAY error to the client instead of busy waiting.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

When using a 'softerr' mount, the NFSv4 client can get stuck waiting
forever while the server just returns NFS4ERR_DELAY. Among other things,
this causes the knfsd server threads to busy wait.
Add a parameter that tells the NFSv4 client how many times to retry
before giving up.
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

Pull phy fixes from Vinod Koul:

 - mapphone-mdm6600 runtime pm & pinctrl handling fixes

 - Qualcomm qmp usb pcs register fixes, qmp pcie register size warning
   fix, m31 fixes for wrong pointer in PTR_ERR and dropping wrong vreg
   check, qmp combo fix for 8550 power config register

 - realtek usb fix for debugfs_create_dir() and kconfig dependency

* tag 'phy-fixes-6.6' of git://git.kernel.org/pub/scm/linux/kernel/git/phy/linux-phy:
  phy: realtek: Realtek PHYs should depend on ARCH_REALTEK
  phy: qualcomm: Fix typos in comments
  phy: qcom-qmp-combo: initialize PCS_USB registers
  phy: qcom-qmp-combo: Square out 8550 POWER_STATE_CONFIG1
  phy: qcom: m31: Remove unwanted qphy->vreg is NULL check
  phy: realtek: usb: Drop unnecessary error check for debugfs_create_dir()
  phy: qcom: phy-qcom-m31: change m31_ipq5332_regs to static
  phy: qcom: phy-qcom-m31: fix wrong pointer pass to PTR_ERR()
  dt-bindings: phy: qcom,ipq8074-qmp-pcie: fix warning regarding reg size
  phy: qcom-qmp-usb: split PCS_USB init table for sc8280xp and sa8775p
  phy: qcom-qmp-usb: initialize PCS_USB registers
  phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
  phy: mapphone-mdm6600: Fix runtime PM for remove
  phy: mapphone-mdm6600: Fix runtime disable on probe

Pull EFI fixes from Ard Biesheuvel:
 "The boot_params pointer fix uses a somewhat ugly extern struct
  declaration but this will be cleaned up the next cycle.

   - don't try to print warnings to the console when it is no longer
     available

   - fix theoretical memory leak in SSDT override handling

   - make sure that the boot_params global variable is set before the
     KASLR code attempts to hash it for 'randomness'

   - avoid soft lockups in the memory acceptance code"

* tag 'efi-fixes-for-v6.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
  efi/unaccepted: Fix soft lockups caused by parallel memory acceptance
  x86/boot: efistub: Assign global boot_params variable
  efi: fix memory leak in krealloc failure handling
  x86/efistub: Don't try to print after ExitBootService()

Pull powerpc fixes from Michael Ellerman:

 - Fix stale propagated yield_cpu in qspinlocks leading to lockups

 - Fix broken hugepages on some configs due to ARCH_FORCE_MAX_ORDER

 - Fix a spurious warning when copros are in use at exit time

Thanks to Nicholas Piggin, Christophe Leroy, Nysal Jan K.A Sachin Sant,
and Shrikanth Hegde.

* tag 'powerpc-6.6-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/qspinlock: Fix stale propagated yield_cpu
  powerpc/64s/radix: Don't warn on copros in radix__tlb_flush()
  powerpc/mm: Allow ARCH_FORCE_MAX_ORDER up to 12

Pull gpio fixes from Bartosz Golaszewski:

 - fix interrupt handling in suspend and wakeup in gpio-vf610

 - fix a bug on setting direction to output in gpio-vf610

 - add a missing memset() in gpio ACPI code

* tag 'gpio-fixes-for-v6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
  gpiolib: acpi: Add missing memset(0) to acpi_get_gpiod_from_data()
  gpio: vf610: set value before the direction to avoid a glitch
  gpio: vf610: mask the gpio irq in system suspend and support wakeup

Pull rust fixes from Miguel Ojeda:

 - GCC build: fix bindgen build error with '-fstrict-flex-arrays'

 - Error module: fix the description for 'ECHILD' and fix Markdown
   style nit

 - Code docs: fix logo replacement

 - Docs: update docs output path

 - Kbuild: remove old docs output path in 'cleandocs' target

* tag 'rust-fixes-6.6' of https://github.com/Rust-for-Linux/linux:
  rust: docs: fix logo replacement
  kbuild: remove old Rust docs output path
  docs: rust: update Rust docs output path
  rust: fix bindgen build error with fstrict-flex-arrays
  rust: error: Markdown style nit
  rust: error: fix the description for `ECHILD`

Pull scheduler fix from Ingo Molnar:
 "Fix a recently introduced use-after-free bug"

* tag 'sched-urgent-2023-10-21' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/eevdf: Fix heap corruption more

Pull perf events fix from Ingo Molnar:
 "Fix group event semantics"

* tag 'perf-urgent-2023-10-21' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf: Disallow mis-matched inherited group reads

Merge tag 'probes-fixes-v6.6-rc6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace

Pull probes fixes from Masami Hiramatsu:

 - kprobe-events: Fix kprobe events to reject if the attached symbol is
   not unique name because it may not the function which the user want
   to attach to. (User can attach a probe to such symbol using the
   nearest unique symbol + offset.)

 - selftest: Add a testcase to ensure the kprobe event rejects non
   unique symbol correctly.

* tag 'probes-fixes-v6.6-rc6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  selftests/ftrace: Add new test case which checks non unique symbol
  tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols

Pull s390 fixes from Vasily Gorbik:

 - Fix IOMMU bitmap allocation in s390 PCI to avoid out of bounds access
   when IOMMU pages aren't a multiple of 64

 - Fix kasan crashes when accessing DCSS mapping in memory holes by
   adding corresponding kasan zero shadow mappings

 - Fix a memory leak in css_alloc_subchannel in case
   dma_set_coherent_mask fails

* tag 's390-6.6-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/pci: fix iommu bitmap allocation
  s390/kasan: handle DCSS mapping in memory holes
  s390/cio: fix a memleak in css_alloc_subchannel

Merge tag 'platform-drivers-x86-v6.6-5' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86

Pull x86 platform driver fixes from Hans de Goede:

 -  Fix spurious brightness down presses on newer Asus laptop models

 -  Fix backlight control not working on T2 Mac Pro all-in-ones

 -  Add Armin Wolf as new maintainer for the WMI bus driver and change
    its status from orphaned to maintained

 -  A few other small fixes

* tag 'platform-drivers-x86-v6.6-5' of git://git.kernel.org/pub/scm/linux/kernel/git/pdx86/platform-drivers-x86:
  platform/mellanox: mlxbf-tmfifo: Fix a warning message
  apple-gmux: Hard Code max brightness for MMIO gmux
  platform/surface: platform_profile: Propagate error if profile registration fails
  platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events
  platform/x86: asus-wmi: Only map brightness codes when using asus-wmi backlight control
  platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
  platform/x86: wmi: Update MAINTAINERS entry
  platform/x86: msi-ec: Fix the 3rd config
  platform/x86: intel-uncore-freq: Conditionally create attribute for read frequency
  platform: mellanox: Fix a resource leak in an error handling path in probing flow

Pull USB / Thunderbolt fixes and ids from Greg KH:
 "Here are four small patches for USB and Thunderbolt for 6.6-rc7 that
  do the following:

   - new usb-serial device ids

   - thunderbolt driver fix for reported issue

  All of these have been in linux-next with no reported problems"

* tag 'usb-6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
  USB: serial: option: add entry for Sierra EM9191 with new firmware
  USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
  thunderbolt: Call tb_switch_put() once DisplayPort bandwidth request is finished

Pull crypto fix from Herbert Xu:
 "Fix a 6.5 regression in crypto/asymmetric_keys"

* tag 'v6.6-p5' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  KEYS: asymmetric: Fix sign/verify on pkcs1pad without a hash

Pull iomap fix from Darrick Wong:

 - Fix a bug where a writev consisting of a bunch of sub-fsblock writes
   where the last buffer address is invalid could lead to an infinite
   loop

* tag 'iomap-6.6-fixes-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  iomap: fix short copy in iomap_write_iter()

Merge tag 'perf-tools-fixes-for-v6.6-2-2023-10-20' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools

Pull perf tools fixes from Arnaldo Carvalho de Melo:

 - Fix regression in reading scale and unit files from sysfs for PMU
   events, so that we can use that info to pretty print instead of
   printing raw numbers:

     # perf stat -e power/energy-ram/,power/energy-gpu/ sleep 2

      Performance counter stats for 'system wide':

                 1.64 Joules power/energy-ram/
                 0.20 Joules power/energy-gpu/

          2.001228914 seconds time elapsed
     #
     # grep -m1 "model name" /proc/cpuinfo
     model name	: Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz
     #

 - The small llvm.cpp file used to check if the llvm devel files are
   present was incorrectly deleted when removing the BPF event in 'perf
   trace', put it back as it is also used by tools/bpf/bpftool, that
   uses llvm routines to do disassembly of BPF object files.

 - Fix use of addr_location__exit() in dlfilter__object_code(), making
   sure that it is only used to pair a previous addr_location__init()
   call.

* tag 'perf-tools-fixes-for-v6.6-2-2023-10-20' of git://git.kernel.org/pub/scm/linux/kernel/git/perf/perf-tools:
  tools build: Fix llvm feature detection, still used by bpftool
  perf dlfilter: Add a test for object_code()
  perf dlfilter: Fix use of addr_location__exit() in dlfilter__object_code()
  perf pmu: Fix perf stat output with correct scale and unit

Merge tag 'linux_kselftest_active-fixes-6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest

Pull Kselftest fix from Shuah Khan:
 "One single fix to assert check in user_events abi_test to properly
  check bit value on Big Endian architectures. The code treated the bit
  values as Little Endian and the check failed on Big Endian"

* tag 'linux_kselftest_active-fixes-6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
  selftests/user_events: Fix abi_test for BE archs

Pull NFS client fixes from Anna Schumaker:
 "Stable Fix:
   - Fix a pNFS hang in nfs4_evict_inode()

  Fixes:
   - Force update of suid/sgid bits after an NFS v4.2 ALLOCATE op
   - Fix a potential oops in nfs_inode_remove_request()
   - Check the validity of the layout pointer in ff_layout_mirror_prepare_stats()
   - Fix incorrectly marking the pNFS MDS with USE_PNFS_DS in some cases"

* tag 'nfs-for-6.6-4' of git://git.linux-nfs.org/projects/anna/linux-nfs:
  NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server
  pNFS/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats
  pNFS: Fix a hang in nfs4_evict_inode()
  NFS: Fix potential oops in nfs_inode_remove_request()
  nfs42: client needs to strip file mode's suid/sgid bit after ALLOCATE op

Pull fanotify fix from Jan Kara:
 "Disable superblock / mount marks for filesystems that can encode file
  handles but not open them (currently only overlayfs).

  It is not clear the functionality is useful in any way so let's better
  disable it before someone comes up with some creative misuse"

* tag 'fsnotify_for_v6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  fanotify: limit reporting of event with non-decodeable file handles

Pull ACPI fixes from Rafael Wysocki:
 "These fix the ACPI initialization ordering on ARM and ACPI IRQ
  management in the cases when irq_create_fwspec_mapping() fails.

  Specifics:

   - Fix ACPI initialization ordering on ARM that was changed
     incorrectly during the 6.5 development cycle (Hanjun Guo)

   - Make acpi_register_gsi() return an error code as appropriate when
     irq_create_fwspec_mapping() returns 0 on failure (Sunil V L)"

* tag 'acpi-6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI: bus: Move acpi_arm_init() to the place of after acpi_ghes_init()
  ACPI: irq: Fix incorrect return value in acpi_register_gsi()

Pull SCSI fixes from James Bottomley:
 "Two small fixes, both in drivers.

  The mptsas one is really fixing an error path issue where it can leave
  the misc driver loaded even though the sas driver fails to initialize"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: qla2xxx: Fix double free of dsd_list during driver load
  scsi: mpt3sas: Fix in error path

Pull pin control fixes from Linus Walleij:

 - Concurrent register updates in the Qualcomm LPASS pin controller gets
   a proper lock.

 - revert a mutex fix that was causing problems: contention on the mutex
   or something of the sort lead to probe reordering and MMC block
   devices start to register in a different order, which unsuspecting
   userspace is not ready to handle

* tag 'pinctrl-v6.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
  pinctrl: qcom: lpass-lpi: fix concurrent register updates

Pull MTD fixes from Miquel Raynal:
 "In the raw NAND subsystem, the major fix prevents using cached reads
  with devices not supporting it. There was two bug reports about this.

  Apart from that, three drivers (pl353, arasan and marvell) could
  sometimes hide page program failures due to their their own program
  page helper not being fully compliant with the specification (many
  drivers use the default helpers shared by the core). Adding a missing
  check prevents these situation.

  Finally, the Qualcomm driver had a broken error path.

  In the SPI-NAND subsystem one Micron device used a wrong bitmak
  reporting possibly corrupted ECC status.

  Finally, the physmap-core got stripped from its map_rom fallback by
  mistake, this feature is added back"

* tag 'mtd/fixes-for-6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
  mtd: rawnand: Ensure the nand chip supports cached reads
  mtd: rawnand: qcom: Unmap the right resource upon probe failure
  mtd: rawnand: pl353: Ensure program page operations are successful
  mtd: rawnand: arasan: Ensure program page operations are successful
  mtd: spinand: micron: correct bitmask for ecc status
  mtd: physmap-core: Restore map_rom fallback
  mtd: rawnand: marvell: Ensure program page operations are successful

Pull MMC fixes from Ulf Hansson:
 "MMC core:
   - Capture correct oemid-bits for eMMC cards
   - Fix error propagation for some ioctl commands
   - Hold retuning if SDIO is in 1-bit mode

  MMC host:
   - mtk-sd: Use readl_poll_timeout_atomic to not "schedule while atomic"
   - sdhci-msm: Correct minimum number of clocks
   - sdhci-pci-gli: Fix LPM negotiation so x86/S0ix SoCs can suspend
   - sdhci-sprd: Fix error code in sdhci_sprd_tuning()"

* tag 'mmc-v6.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: core: Capture correct oemid-bits for eMMC cards
  mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw
  mmc: core: Fix error propagation for some ioctl commands
  mmc: sdhci-sprd: Fix error code in sdhci_sprd_tuning()
  mmc: sdhci-pci-gli: fix LPM negotiation so x86/S0ix SoCs can suspend
  mmc: core: sdio: hold retuning if sdio in 1-bit mode
  dt-bindings: mmc: sdhci-msm: correct minimum number of clocks

Pull block fixes from Jens Axboe:
 "A fix for a regression with sed-opal and saved keys, and outside of
  that an NVMe pull request fixing a few minor issues on that front"

* tag 'block-6.6-2023-10-20' of git://git.kernel.dk/linux:
  nvme-pci: add BOGUS_NID for Intel 0a54 device
  nvmet-auth: complete a request only after freeing the dhchap pointers
  nvme: sanitize metadata bounce buffer for reads
  block: Fix regression in sed-opal for a saved key.
  nvme-auth: use chap->s2 to indicate bidirectional authentication
  nvmet-tcp: Fix a possible UAF in queue intialization setup
  nvme-rdma: do not try to stop unallocated queues

Pull io_uring fix from Jens Axboe:
 "Just a single fix for a bug report that came in, fixing a case where
  failure to init a ring with IORING_SETUP_NO_MMAP can trigger a NULL
  pointer dereference"

* tag 'io_uring-6.6-2023-10-20' of git://git.kernel.dk/linux:
  io_uring: fix crash with IORING_SETUP_NO_MMAP and invalid SQ ring address

Pull sound fixes from Takashi Iwai:
 "Still higher volume than wished, but all are driver-specific small
  fixes and look safe for this late RC.

  The majority of changes are for ASoC, especially for wcd938x driver
  and Cirrus codec drivers, while there are other random fixes including
  usual HD-audio quirks"

* tag 'sound-6.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (22 commits)
  ASoC: da7219: Correct the process of setting up Gnd switch in AAD
  ALSA: hda/realtek - Fixed ASUS platform headset Mic issue
  ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV
  ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx
  ASoC: dwc: Fix non-DT instantiation
  ASoC: codecs: tas2780: Fix log of failed reset via I2C.
  ASoC: rt5650: fix the wrong result of key button
  ASoC: cs42l42: Fix missing include of gpio/consumer.h
  ASoC: cs42l43: Update values for bias sense
  ASoC: dt-bindings: cirrus,cs42l43: Update values for bias sense
  ASoC: cs35l56: ASP1 DOUT must default to Hi-Z when not transmitting
  ASoC: pxa: fix a memory leak in probe()
  ASoC: cs35l56: Fix illegal use of init_completion()
  ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors
  ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind
  ASoC: codecs: wcd938x: fix runtime PM imbalance on remove
  ASoC: codecs: wcd938x: fix regulator leaks on probe errors
  ASoC: codecs: wcd938x: fix resource leaks on bind errors
  ASoC: codecs: wcd938x: fix unbind tear down order
  ASoC: codecs: wcd938x: drop bogus bind error handling
  ...

Pull drm fixes from Dave Airlie:
 "Regular fixes for the week, amdgpu, i915, nouveau, with some other
  scattered around, nothing major.

  amdgpu:
   - Fix possible NULL pointer dereference
   - Avoid possible BUG_ON in GPUVM updates
   - Disable AMD_CTX_PRIORITY_UNSET

  i915:
   - Fix display issue that was blocking S0ix
   - Retry gtt fault when out of fence registers

  bridge:
   - ti-sn65dsi86: Fix device lifetime

  edid:
   - Add quirk for BenQ GW2765

  ivpu:
   - Extend address range for MMU mmap

  nouveau:
   - DP-connector fixes
   - Documentation fixes

  panel:
   - Move AUX B116XW03 into panel-simple

  scheduler:
   - Eliminate DRM_SCHED_PRIORITY_UNSET

  ttm:
   - Fix possible NULL-ptr deref in cleanup

  mediatek:
   - Correctly free sg_table in gem prime vmap"

* tag 'drm-fixes-2023-10-20' of git://anongit.freedesktop.org/drm/drm:
  drm/amdgpu: Reserve fences for VM update
  drm/amdgpu: Fix possible null pointer dereference
  accel/ivpu: Extend address range for MMU mmap
  Revert "accel/ivpu: Use cached buffers for FW loading"
  accel/ivpu: Don't enter d0i3 during FLR
  drm/i915: Retry gtt fault when out of fence registers
  drm/i915/cx0: Only clear/set the Pipe Reset bit of the PHY Lanes Owned
  gpu/drm: Eliminate DRM_SCHED_PRIORITY_UNSET
  drm/amdgpu: Unset context priority is now invalid
  drm/mediatek: Correctly free sg_table in gem prime vmap
  drm/edid: add 8 bpc quirk to the BenQ GW2765
  drm/ttm: Reorder sys manager cleanup step
  drm/nouveau/disp: fix DP capable DSM connectors
  drm/nouveau: exec: fix ioctl kernel-doc warning
  drm/panel: Move AUX B116XW03 out of panel-edp back to panel-simple
  drm/bridge: ti-sn65dsi86: Associate DSI device lifetime with auxiliary device