syzbot reported a RCU stall which is caused by setting up an alarmtimer
with a very small interval and ignoring the signal. The reproducer arms the
alarm timer with a relative expiry of 8ns and an interval of 9ns. Not a
problem per se, but that's an issue when the signal is ignored because then
the timer is immediately rearmed because there is no way to delay that
rearming to the signal delivery path.  See posix_timer_fn() and commit
58229a18 ("posix-timers: Prevent softirq starvation by small intervals
and SIG_IGN") for details.

The reproducer does not set SIG_IGN explicitely, but it sets up the timers
signal with SIGCONT. That has the same effect as explicitely setting
SIG_IGN for a signal as SIGCONT is ignored if there is no handler set and
the task is not ptraced.

The log clearly shows that:

   [pid  5102] --- SIGCONT {si_signo=SIGCONT, si_code=SI_TIMER, si_timerid=0, si_overrun=316014, si_int=0, si_ptr=NULL} ---

It works because the tasks are traced and therefore the signal is queued so
the tracer can see it, which delays the restart of the timer to the signal
delivery path. But then the tracer is killed:

   [pid  5087] kill(-5102, SIGKILL <unfinished ...>
   ...
   ./strace-static-x86_64: Process 5107 detached

and after it's gone the stall can be observed:

   syzkaller login: [   79.439102][    C0] hrtimer: interrupt took 68471 ns
   [  184.460538][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
   ...
   [  184.658237][    C1] rcu: Stack dump where RCU GP kthread last ran:
   [  184.664574][    C1] Sending NMI from CPU 1 to CPUs 0:
   [  184.669821][    C0] NMI backtrace for cpu 0
   [  184.669831][    C0] CPU: 0 PID: 5108 Comm: syz-executor192 Not tainted 6.2.0-rc6-next-20230203-syzkaller #0
   ...
   [  184.670036][    C0] Call Trace:
   [  184.670041][    C0]  <IRQ>
   [  184.670045][    C0]  alarmtimer_fired+0x327/0x670

posix_timer_fn() prevents that by checking whether the interval for
timers which have the signal ignored is smaller than a jiffie and
artifically delay it by shifting the next expiry out by a jiffie. That's
accurate vs. the overrun accounting, but slightly inaccurate
vs. timer_gettimer(2).

The comment in that function says what needs to be done and there was a fix
available for the regular userspace induced SIG_IGN mechanism, but that did
not work due to the implicit ignore for SIGCONT and similar signals. This
needs to be worked on, but for now the only available workaround is to do
exactly what posix_timer_fn() does:

Increase the interval of self-rearming timers, which have their signal
ignored, to at least a jiffie.

Interestingly this has been fixed before via commit ff86bf0c
("alarmtimer: Rate limit periodic intervals") already, but that fix got
lost in a later rework.

Reported-by: syzbot+b9564ba6e8e00694511b@syzkaller.appspotmail.com
Fixes: f2c45807 ("alarmtimer: Switch over to generic set/get/rearm routine")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: John Stultz <jstultz@google.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/87k00q1no2.ffs@tglx

Both Rich Felker and Yoshinori Sato haven't done any work on arch/sh
for a while. As I have been maintaining Debian's sh4 port since 2014,
I am interested to keep the architecture alive.
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Acked-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Pull tracing fix from Steven Rostedt:
 "Fix showing of TASK_COMM_LEN instead of its value

  The TASK_COMM_LEN was converted from a macro into an enum so that BTF
  would have access to it. But this unfortunately caused TASK_COMM_LEN
  to display in the format fields of trace events, as they are created
  by the TRACE_EVENT() macro and such, macros convert to their values,
  where as enums do not.

  To handle this, instead of using the field itself to be display, save
  the value of the array size as another field in the trace_event_fields
  structure, and use that instead.

  Not only does this fix the issue, but also converts the other trace
  events that have this same problem (but were not breaking tooling).

  With this change, the original work around b3bc8547 ("tracing:
  Have TRACE_DEFINE_ENUM affect trace event types as well") could be
  reverted (but that should be done in the merge window)"

* tag 'trace-v6.2-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  tracing: Fix TASK_COMM_LEN in trace event format file

Pull btrfs fixes from David Sterba:

 - one more fix for a tree-log 'write time corruption' report, update
   the last dir index directly and don't keep in the log context

 - do VFS-level inode lock around FIEMAP to prevent a deadlock with
   concurrent fsync, the extent-level lock is not sufficient

 - don't cache a single-device filesystem device to avoid cases when a
   loop device is reformatted and the entry gets stale

* tag 'for-6.2-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  btrfs: free device in btrfs_close_devices for a single device filesystem
  btrfs: lock the inode in shared mode before starting fiemap
  btrfs: simplify update of last_dir_index_offset when logging a directory

Pull USB fixes from Greg KH:
 "Here are 2 small USB driver fixes that resolve some reported
  regressions and one new device quirk. Specifically these are:

   - new quirk for Alcor Link AK9563 smartcard reader

   - revert of u_ether gadget change in 6.2-rc1 that caused problems

   - typec pin probe fix

  All of these have been in linux-next with no reported problems"

* tag 'usb-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: core: add quirk for Alcor Link AK9563 smartcard reader
  usb: typec: altmodes/displayport: Fix probe pin assign check
  Revert "usb: gadget: u_ether: Do not make UDC parent of the net device"

Pull EFI fix from Ard Biesheuvel:
 "A fix from Darren to widen the SMBIOS match for detecting Ampere Altra
  machines with problematic firmware. In the mean time, we are working
  on a more precise check, but this is still work in progress"

* tag 'efi-fixes-for-v6.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
  arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines

Pull powerpc fixes from Michael Ellerman:

 - Fix interrupt exit race with security mitigation switching.

 - Don't select ARCH_WANTS_NO_INSTR until warnings are fixed.

 - Build fix for CONFIG_NUMA=n.

Thanks to Nicholas Piggin, Randy Dunlap, and Sachin Sant.

* tag 'powerpc-6.2-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch
  powerpc/kexec_file: fix implicit decl error
  powerpc: Don't select ARCH_WANTS_NO_INSTR

When we upgraded our kernel, we started seeing some page corruption like
the following consistently:

  BUG: Bad page state in process ganesha.nfsd  pfn:1304ca
  page:0000000022261c55 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x1304ca
  flags: 0x17ffffc0000000()
  raw: 0017ffffc0000000 ffff8a513ffd4c98 ffffeee24b35ec08 0000000000000000
  raw: 0000000000000000 0000000000000001 00000000ffffff7f 0000000000000000
  page dumped because: nonzero mapcount
  CPU: 0 PID: 15567 Comm: ganesha.nfsd Kdump: loaded Tainted: P    B      O      5.10.158-1.nutanix.20221209.el7.x86_64 #1
  Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 04/05/2016
  Call Trace:
   dump_stack+0x74/0x96
   bad_page.cold+0x63/0x94
   check_new_page_bad+0x6d/0x80
   rmqueue+0x46e/0x970
   get_page_from_freelist+0xcb/0x3f0
   ? _cond_resched+0x19/0x40
   __alloc_pages_nodemask+0x164/0x300
   alloc_pages_current+0x87/0xf0
   skb_page_frag_refill+0x84/0x110
   ...

Sometimes, it would also show up as corruption in the free list pointer
and cause crashes.

After bisecting the issue, we found the issue started from commit
e320d301 ("mm/page_alloc.c: fix freeing non-compound pages"):

	if (put_page_testzero(page))
		free_the_page(page, order);
	else if (!PageHead(page))
		while (order-- > 0)
			free_the_page(page + (1 << order), order);

So the problem is the check PageHead is racy because at this point we
already dropped our reference to the page.  So even if we came in with
compound page, the page can already be freed and PageHead can return
false and we will end up freeing all the tail pages causing double free.

Fixes: e320d301 ("mm/page_alloc.c: fix freeing non-compound pages")
Link: https://lore.kernel.org/lkml/BYAPR02MB448855960A9656EEA81141FC94D99@BYAPR02MB4488.namprd02.prod.outlook.com/
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Signed-off-by: Chunwei Chen <david.chen@nutanix.com>
Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

After commit 3087c61e ("tools/testing/selftests/bpf: replace open-coded 16 with TASK_COMM_LEN"),
the content of the format file under
/sys/kernel/tracing/events/task/task_newtask was changed from
  field:char comm[16];    offset:12;    size:16;    signed:0;
to
  field:char comm[TASK_COMM_LEN];    offset:12;    size:16;    signed:0;

John reported that this change breaks older versions of perfetto.
Then Mathieu pointed out that this behavioral change was caused by the
use of __stringify(_len), which happens to work on macros, but not on enum
labels. And he also gave the suggestion on how to fix it:
  :One possible solution to make this more robust would be to extend
  :struct trace_event_fields with one more field that indicates the length
  :of an array as an actual integer, without storing it in its stringified
  :form in the type, and do the formatting in f_show where it belongs.

The result as follows after this change,
$ cat /sys/kernel/tracing/events/task/task_newtask/format
        field:char comm[16];    offset:12;      size:16;        signed:0;

Link: https://lore.kernel.org/lkml/Y+QaZtz55LIirsUO@google.com/
Link: https://lore.kernel.org/linux-trace-kernel/20230210155921.4610-1-laoar.shao@gmail.com/
Link: https://lore.kernel.org/linux-trace-kernel/20230212151303.12353-1-laoar.shao@gmail.com

Cc: stable@vger.kernel.org
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Kajetan Puchalski <kajetan.puchalski@arm.com>
CC: Qais Yousef <qyousef@layalina.io>
Fixes: 3087c61e ("tools/testing/selftests/bpf: replace open-coded 16 with TASK_COMM_LEN")
Reported-by: John Stultz <jstultz@google.com>
Debugged-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Suggested-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Suggested-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>

Pull spi fixes from Mark Brown:
 "A couple of hopefully final fixes for spi: one driver specific fix for
  an issue with very large transfers and a fix for an issue with the
  locking fixes in spidev merged earlier this release cycle which was
  missed"

* tag 'spi-fix-v6.2-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi: spidev: fix a recursive locking error
  spi: dw: Fix wrong FIFO level setting for long xfers

Pull x86 fixes from Ingo Molnar:
 "Fix a kprobes bug, plus add a new Intel model number to the upstream
  <asm/intel-family.h> header for drivers to use"

* tag 'x86-urgent-2023-02-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/cpu: Add Lunar Lake M
  x86/kprobes: Fix 1 byte conditional jump target

Pull locking fix from Ingo Molnar:
 "Fix an rtmutex missed-wakeup bug"

* tag 'locking-urgent-2023-02-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  rtmutex: Ensure that the top waiter is always woken up

Pull cxl fixes from Dan Williams:
 "Two fixups for CXL (Compute Express Link) in presence of passthrough
  decoders.

  This primarily helps developers using the QEMU CXL emulation, but with
  the impending arrival of CXL switches these types of topologies will
  be of interest to end users.

   - Fix a crash when shutting down regions in the presence of
     passthrough decoders

   - Fix region creation to understand passthrough decoders instead of
     the narrower definition of passthrough ports"

* tag 'cxl-fixes-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/cxl/cxl:
  cxl/region: Fix passthrough-decoder detection
  cxl/region: Fix null pointer dereference for resetting decoder

Pull libnvdimm fixes from Dan Williams:
 "A fix for an issue that could causes users to inadvertantly reserve
  too much capacity when debugging the KMSAN and persistent memory
  namespace, a lockdep fix, and a kernel-doc build warning:

   - Resolve the conflict between KMSAN and NVDIMM with respect to
     reserving pmem namespace / volume capacity for larger sizeof(struct
     page)

   - Fix a lockdep warning in the the NFIT code

   - Fix a kernel-doc build warning"

* tag 'libnvdimm-fixes-6.2' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  nvdimm: Support sizeof(struct page) > MAX_STRUCT_PAGE_SIZE
  ACPI: NFIT: fix a potential deadlock during NFIT teardown
  dax: super.c: fix kernel-doc bad line warning

Pull memblock revert from Mike Rapoport:
 "Revert 'mm: Always release pages to the buddy allocator in
  memblock_free_late()'

  The pages being freed by memblock_free_late() have already been
  initialized, but if they are in the deferred init range,
  __free_one_page() might access nearby uninitialized pages when trying
  to coalesce buddies, which will cause a crash.

  A proper fix will be more involved so revert this change for the time
  being"

* tag 'fixes-2023-02-11' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock:
  Revert "mm: Always release pages to the buddy allocator in memblock_free_late()."

Pull clk fixes from Stephen Boyd:
 "Two clk driver fixes

   - Use devm_kasprintf() to avoid overflows when forming clk names in
     the Microchip PolarFire driver

   - Fix the pretty broken Ingenic JZ4760 M/N/OD calculation to actually
     work and find proper divisors"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: ingenic: jz4760: Update M/N/OD calculation algorithm
  clk: microchip: mpfs-ccc: Use devm_kasprintf() for allocating formatted strings

Pull pin control fixes from Linus Walleij:
 "Some assorted pin control fixes, the most interesting will be the
  Intel patch fixing a classic problem: laptop touchpad IRQs...

   - Some pin drive register fixes in the Mediatek driver.

   - Return proper error code in the Aspeed driver, and revert and
     ill-advised force-disablement patch that needs to be reworked.

   - Fix AMD driver debug output.

   - Fix potential NULL dereference in the Single driver.

   - Fix a group definition error in the Qualcomm SM8450 LPASS driver.

   - Restore pins used in direct IRQ mode in the Intel driver (This
     fixes some laptop touchpads!)"

* tag 'pinctrl-v6.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
  pinctrl: qcom: sm8450-lpass-lpi: correct swr_rx_data group
  pinctrl: aspeed: Revert "Force to disable the function's signal"
  pinctrl: single: fix potential NULL dereference
  pinctrl: amd: Fix debug output for debounce time
  pinctrl: aspeed: Fix confusing types in return value
  pinctrl: mediatek: Fix the drive register definition of some Pins

Pull PCI fixes from Bjorn Helgaas:

 - Move to a shared PCI git tree (Bjorn Helgaas)

 - Add Krzysztof Wilczyński as another PCI maintainer (Lorenzo
   Pieralisi)

 - Revert a couple ASPM patches to fix suspend/resume regressions (Bjorn
   Helgaas)

* tag 'pci-v6.2-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci:
  Revert "PCI/ASPM: Refactor L1 PM Substates Control Register programming"
  Revert "PCI/ASPM: Save L1 PM Substates Capability for suspend/resume"
  MAINTAINERS: Promote Krzysztof to PCI controller maintainer
  MAINTAINERS: Move to shared PCI tree

This reverts commit 5e85eba6.

Thomas Witt reported that 5e85eba6 ("PCI/ASPM: Refactor L1 PM Substates
Control Register programming") broke suspend/resume on a Tuxedo
Infinitybook S 14 v5, which seems to use a Clevo L140CU Mainboard.

The main symptom is:

  iwlwifi 0000:02:00.0: Unable to change power state from D3hot to D0, device inaccessible
  nvme 0000:03:00.0: Unable to change power state from D3hot to D0, device inaccessible

and the machine is only partially usable after resume.  It can't run dmesg
and can't do a clean reboot.  This happens on every suspend/resume cycle.

Revert 5e85eba6 until we can figure out the root cause.

Fixes: 5e85eba6 ("PCI/ASPM: Refactor L1 PM Substates Control Register programming")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216877Reported-by: Thomas Witt <kernel@witt.link>
Tested-by: Thomas Witt <kernel@witt.link>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org	# v6.1+
Cc: Vidya Sagar <vidyas@nvidia.com>

This reverts commit 4ff116d0.

Tasev Nikola and Mark Enriquez reported that resume from suspend was broken
in v6.1-rc1.  Tasev bisected to a47126ec ("PCI/PTM: Cache PTM
Capability offset"), but we can't figure out how that could be related.

Mark saw the same symptoms and bisected to 4ff116d0 ("PCI/ASPM: Save L1
PM Substates Capability for suspend/resume"), which does have a connection:
it restores L1 Substates configuration while ASPM L1 may be enabled:

  pci_restore_state
    pci_restore_aspm_l1ss_state
      aspm_program_l1ss
        pci_write_config_dword(PCI_L1SS_CTL1, ctl1)         # L1SS restore
    pci_restore_pcie_state
      pcie_capability_write_word(PCI_EXP_LNKCTL, cap[i++])  # L1 restore

which is a problem because PCIe r6.0, sec 5.5.4, requires that:

  If setting either or both of the enable bits for ASPM L1 PM
  Substates, both ports must be configured as described in this
  section while ASPM L1 is disabled.

Separately, Thomas Witt reported that 5e85eba6 ("PCI/ASPM: Refactor L1
PM Substates Control Register programming") broke suspend/resume, and it
depends on 4ff116d0.

Revert 4ff116d0 ("PCI/ASPM: Save L1 PM Substates Capability for
suspend/resume") to fix the resume issue and enable revert of 5e85eba6
to fix the issue Thomas reported.

Note that reverting 4ff116d0 means L1 Substates config may be lost on
suspend/resume.  As far as we know the system will use more power but will
still *work* correctly.

Fixes: 4ff116d0 ("PCI/ASPM: Save L1 PM Substates Capability for suspend/resume")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216782
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216877Reported-by: Tasev Nikola <tasev.stefanoska@skynet.be>
Reported-by: Mark Enriquez <enriquezmark36@gmail.com>
Reported-by: Thomas Witt <kernel@witt.link>
Tested-by: Mark Enriquez <enriquezmark36@gmail.com>
Tested-by: Thomas Witt <kernel@witt.link>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: stable@vger.kernel.org	# v6.1+
Cc: Vidya Sagar <vidyas@nvidia.com>

Pull ARM SoC fixes from Arnd Bergmann:
 "All the changes this time are minor devicetree corrections, the
  majority being for 64-bit Rockchip SoC support. These are a couple of
  corrections for properties that are in violation of the binding, some
  that put the machine into safer operating points for the eMMC and
  thermal settings, and missing properties that prevented rk356x PCIe
  and ethernet from working correctly.

  The changes for amlogic and mediatek address incorrect properties that
  were preventing the display support on MT8195 and the MMC support on
  various Meson SoCs from working correctly.

  The stihxxx-b2120 change fixes the GPIO polarity for the DVB tuner to
  allow this to be used correctly after a futre driver change, though it
  has no effect on older kernels"

* tag 'soc-fixes-6.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
  arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive
  arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
  ARM: dts: stihxxx-b2120: fix polarity of reset line of tsin0 port
  arm64: dts: mediatek: mt8195: Fix vdosys* compatible strings
  arm64: dts: rockchip: align rk3399 DMC OPP table with bindings
  arm64: dts: rockchip: set sdmmc0 speed to sd-uhs-sdr50 on rock-3a
  arm64: dts: rockchip: fix probe of analog sound card on rock-3a
  arm64: dts: rockchip: add missing #interrupt-cells to rk356x pcie2x1
  arm64: dts: rockchip: fix input enable pinconf on rk3399
  ARM: dts: rockchip: add power-domains property to dp node on rk3288
  arm64: dts: rockchip: add io domain setting to rk3566-box-demo
  arm64: dts: rockchip: remove unsupported property from sdmmc2 for rock-3a
  arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc
  arm64: dts: rockchip: reduce thermal limits on rk3399-pinephone-pro
  arm64: dts: rockchip: use correct reset names for rk3399 crypto nodes

Pull RISC-V fixes from Palmer Dabbelt:
 "This is a little bigger that I'd hope for this late in the cycle, but
  they're all pretty concrete fixes and the only one that's bigger than
  a few lines is pmdp_collapse_flush() (which is almost all
  boilerplate/comment). It's also all bug fixes for issues that have
  been around for a while.

  So I think it's not all that scary, just bad timing.

   - avoid partial TLB fences for huge pages, which are disallowed by
     the ISA

   - avoid missing a frame when dumping stacks

   - avoid misaligned accesses (and possibly overflows) in kprobes

   - fix a race condition in tracking page dirtiness"

* tag 'riscv-for-linus-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
  riscv: kprobe: Fixup misaligned load text
  riscv: stacktrace: Fix missing the first frame
  riscv: mm: Implement pmdp_collapse_flush for THP

Pull ceph fix from Ilya Dryomov:
 "A fix for a pretty embarrassing omission in the session flush handler
  from Xiubo, marked for stable"

* tag 'ceph-for-6.2-rc8' of https://github.com/ceph/ceph-client:
  ceph: flush cap releases when the session is flushed

Pull block fix from Jens Axboe:
 "A single fix for a smatch regression introduced in this merge window"

* tag 'block-6.2-2023-02-10' of git://git.kernel.dk/linux:
  nvme-auth: mark nvme_auth_wq static

Pull sound fixes from Takashi Iwai:
 "Hopefully the last one for 6.2, a collection of the fixes that have
  been gathered since the last pull.

  All changes are small and trivial device-specific fixes"

* tag 'sound-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek: Add Positivo N14KP6-TG
  ASoC: topology: Return -ENOMEM on memory allocation failure
  ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
  ASoC: fsl_sai: fix getting version from VERID
  ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform.
  ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41
  ASoC: codecs: es8326: Fix DTS properties reading
  ASoC: tas5805m: add missing page switch.
  ASoC: tas5805m: rework to avoid scheduling while atomic.
  ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9
  ASoC: SOF: amd: Fix for handling spurious interrupts from DSP
  ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360
  ALSA: pci: lx6464es: fix a debug loop
  ASoC: rt715-sdca: fix clock stop prepare timeout issue

Merge tag 'amlogic-fixes-v6.2-rc-take2' of https://git.kernel.org/pub/scm/linux/kernel/git/amlogic/linux into arm/fixes

Amlogic fixes for v6.2-rc, take2:
- Change MMC controllers interrupts flag to level on all families, fixes irq loss & performance issues when cpu loaded

* tag 'amlogic-fixes-v6.2-rc-take2' of https://git.kernel.org/pub/scm/linux/kernel/git/amlogic/linux:
  arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
  arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive
  arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive

Link: https://lore.kernel.org/r/761c2ebc-7c93-8504-35ae-3e84ad216bcf@linaro.orgSigned-off-by: Arnd Bergmann <arnd@arndb.de>

The usage of edge-triggered interrupts lead to lost interrupts under load,
see [0]. This was confirmed to be fixed by using level-triggered
interrupts.
The report was about SDIO. However, as the host controller is the same
for SD and MMC, apply the change to all mmc controller instances.

[0] https://www.spinics.net/lists/linux-mmc/msg73991.html

Fixes: ef8d2ffe ("ARM64: dts: meson-gxbb: add MMC support")
Cc: stable@vger.kernel.org
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Acked-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/76e042e0-a610-5ed5-209f-c4d7f879df44@gmail.comSigned-off-by: Neil Armstrong <neil.armstrong@linaro.org>

The usage of edge-triggered interrupts lead to lost interrupts under load,
see [0]. This was confirmed to be fixed by using level-triggered
interrupts.
The report was about SDIO. However, as the host controller is the same
for SD and MMC, apply the change to all mmc controller instances.

[0] https://www.spinics.net/lists/linux-mmc/msg73991.html

Fixes: 4759fd87 ("arm64: dts: meson: g12a: add mmc nodes")
Tested-by: FUKAUMI Naoki <naoki@radxa.com>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Tested-by: Jerome Brunet <jbrunet@baylibre.com>
Cc: stable@vger.kernel.org
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Acked-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/27d89baa-b8fa-baca-541b-ef17a97cde3c@gmail.comSigned-off-by: Neil Armstrong <neil.armstrong@linaro.org>

The usage of edge-triggered interrupts lead to lost interrupts under load,
see [0]. This was confirmed to be fixed by using level-triggered
interrupts.
The report was about SDIO. However, as the host controller is the same
for SD and MMC, apply the change to all mmc controller instances.

[0] https://www.spinics.net/lists/linux-mmc/msg73991.html

Fixes: 221cf34b ("ARM64: dts: meson-axg: enable the eMMC controller")
Reported-by: Peter Suti <peter.suti@streamunlimited.com>
Tested-by: Vyacheslav Bocharov <adeep@lexina.in>
Tested-by: Peter Suti <peter.suti@streamunlimited.com>
Cc: stable@vger.kernel.org
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Acked-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://lore.kernel.org/r/c00655d3-02f8-6f5f-4239-ca2412420cad@gmail.comSigned-off-by: Neil Armstrong <neil.armstrong@linaro.org>

Pull drm fixes from Dave Airlie:
 "Weekly fixes.

  The amdgpu had a few small fixes to display flicker on certain
  configurations, however it was found the the flicker was lessened but
  there were other unintended consequences, so for now they've been
  reverted and replaced with an option for users to test with so future
  fixes can be developed.

  Otherwise apart from the usual bunch of i915 and amdgpu, there's a
  client, virtio-gpu and an nvidiafb fix that reorders its loading to
  avoid failure.

  client:
   - refcount fix

  amdgpu:
   - a bunch of attempted flicker fixes that regressed turned into a
     user workaround option for now
   - Properly fix S/G display with AGP aperture enabled
   - Fix cursor offset with 180 rotation
   - SMU13 fixes
   - Use TGID for GPUVM traces
   - Fix oops on in fence error path
   - Don't run IB tests on hw rings when sw rings are in use
   - memory leak fix

  i915:
   - Display watermark fix
   - fbdev fix for PSR, FBC, DRRS
   - Move fd_install after last use of fence
   - Initialize the obj flags for shmem objects
   - Fix VBT DSI DVO port handling

  virtio-gpu:
   - fence fix

  nvidiafb:
   - regression fix for driver load when no hw supported"

* tag 'drm-fixes-2023-02-10' of git://anongit.freedesktop.org/drm/drm: (27 commits)
  Revert "drm/amd/display: disable S/G display on DCN 3.1.5"
  Revert "drm/amd/display: disable S/G display on DCN 2.1.0"
  Revert "drm/amd/display: disable S/G display on DCN 3.1.2/3"
  drm/amdgpu: add S/G display parameter
  drm/amdgpu/smu: skip pptable init under sriov
  amd/amdgpu: remove test ib on hw ring
  drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini
  drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes
  drm/amdgpu: Add unique_id support for GC 11.0.1/2
  drm/amd/pm: bump SMU 13.0.7 driver_if header version
  drm/amd/pm: bump SMU 13.0.0 driver_if header version
  drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping
  drm/amd/display: fix cursor offset on rotation 180
  drm/amd/amdgpu: enable athub cg 11.0.3
  Revert "drm/amd/display: disable S/G display on DCN 3.1.4"
  drm/amd/display: properly handling AGP aperture in vm setup
  drm/amd/display: disable S/G display on DCN 3.1.2/3
  drm/amd/display: disable S/G display on DCN 2.1.0
  drm/i915: Fix VBT DSI DVO port handling
  drm/client: fix circular reference counting issue
  ...

Pull rdma fixes from Jason Gunthorpe:
 "The usual collection of small driver bug fixes:

   - Fix error unwind bugs in hfi1, irdma rtrs

   - Old bug with IPoIB children interfaces possibly using the wrong
     number of queues

   - Really old bug in usnic calling iommu_map in an atomic context

   - Recent regression from the DMABUF locking rework

   - Missing user data validation in MANA"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  RDMA/rtrs: Don't call kobject_del for srv_path->kobj
  RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw()
  IB/hfi1: Assign npages earlier
  RDMA/umem: Use dma-buf locked API to solve deadlock
  RDMA/usnic: use iommu_map_atomic() under spin_lock()
  RDMA/irdma: Fix potential NULL-ptr-dereference
  IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
  IB/hfi1: Restore allocated resources on failed copyout

Merge tag 'amd-drm-fixes-6.2-2023-02-09' of https://gitlab.freedesktop.org/agd5f/linux into drm-fixes

amd-drm-fixes-6.2-2023-02-09:

amdgpu:
- Add a parameter to disable S/G display
- Re-enable S/G display on all DCNs
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexander.deucher@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230209174504.7577-1-alexander.deucher@amd.com

Merge tag 'drm-intel-fixes-2023-02-09' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

- Display watermark fix (Ville)
- fbdev fix for PSR, FBC, DRRS (Jouni)
- Move fd_install after last use of fence (Rob)
- Initialize the obj flags for shmem objects (Aravind)
- Fix VBT DSI DVO port handling (Ville)
Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/Y+UZ0rh2YlhTrE4t@intel.com

A fix for a circular refcounting in drm/client, one for a memory leak in
amdgpu and a virtio fence fix when interrupted
Signed-off-by: Dave Airlie <airlied@redhat.com>

From: Maxime Ripard <maxime@cerno.tech>
Link: https://patchwork.freedesktop.org/patch/msgid/20230209083600.7hi6roht6xxgldgz@houat

In commit 588a513d ("arm64: Fix race condition on PG_dcache_clean
in __sync_icache_dcache()"), we found RISC-V has the same issue as the
previous arm64. The previous implementation didn't guarantee the correct
sequence of operations, which means flush_icache_all() hasn't been
called when the PG_dcache_clean was set. That would cause a risk of page
synchronization.

Fixes: 08f051ed ("RISC-V: Flush I$ when making a dirty page executable")
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@kernel.org>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20230127035306.1819561-1-guoren@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>

The current kprobe would cause a misaligned load for the probe point.
This patch fixup it with two half-word loads instead.

Fixes: c22b0bcb ("riscv: Add kprobes supported")
Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
Signed-off-by: Guo Ren <guoren@kernel.org>
Link: https://lore.kernel.org/linux-riscv/878rhig9zj.fsf@all.your.base.are.belong.to.us/Reported-by: Bjorn Topel <bjorn.topel@gmail.com>
Reviewed-by: Björn Töpel <bjorn@kernel.org>
Link: https://lore.kernel.org/r/20230204063531.740220-1-guoren@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>

Pull power management fix from Rafael Wysocki:
 "Fix the incorrect value returned by cpufreq driver's ->get() callback
  for Qualcomm platforms (Douglas Anderson)"

* tag 'pm-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  cpufreq: qcom-hw: Fix cpufreq_driver->get() for non-LMH systems

Pull networking fixes from Paolo Abeni:
 "Including fixes from can and ipsec subtrees.

  Current release - regressions:

   - sched: fix off by one in htb_activate_prios()

   - eth: mana: fix accessing freed irq affinity_hint

   - eth: ice: fix out-of-bounds KASAN warning in virtchnl

  Current release - new code bugs:

   - eth: mtk_eth_soc: enable special tag when any MAC uses DSA

  Previous releases - always broken:

   - core: fix sk->sk_txrehash default

   - neigh: make sure used and confirmed times are valid

   - mptcp: be careful on subflow status propagation on errors

   - xfrm: prevent potential spectre v1 gadget in xfrm_xlate32_attr()

   - phylink: move phy_device_free() to correctly release phy device

   - eth: mlx5:
      - fix crash unsetting rx-vlan-filter in switchdev mode
      - fix hang on firmware reset
      - serialize module cleanup with reload and remove"

* tag 'net-6.2-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (57 commits)
  selftests: forwarding: lib: quote the sysctl values
  net: mscc: ocelot: fix all IPv6 getting trapped to CPU when PTP timestamping is used
  rds: rds_rm_zerocopy_callback() use list_first_entry()
  net: txgbe: Update support email address
  selftests: Fix failing VXLAN VNI filtering test
  selftests: mptcp: stop tests earlier
  selftests: mptcp: allow more slack for slow test-case
  mptcp: be careful on subflow status propagation on errors
  mptcp: fix locking for in-kernel listener creation
  mptcp: fix locking for setsockopt corner-case
  mptcp: do not wait for bare sockets' timeout
  net: ethernet: mtk_eth_soc: fix DSA TX tag hwaccel for switch port 0
  nfp: ethtool: fix the bug of setting unsupported port speed
  txhash: fix sk->sk_txrehash default
  net: ethernet: mtk_eth_soc: fix wrong parameters order in __xdp_rxq_info_reg()
  net: ethernet: mtk_eth_soc: enable special tag when any MAC uses DSA
  net: sched: sch: Fix off by one in htb_activate_prios()
  igc: Add ndo_tx_timeout support
  net: mana: Fix accessing freed irq affinity_hint
  hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC
  ...

Pull HID fixes from Benjamin Tissoires:

 - fix potential infinite loop with a badly crafted HID device (Xin
   Zhao)

 - fix regression from 6.1 in USB logitech devices potentially making
   their mouse wheel not working (Bastien Nocera)

 - clean up in AMD sensors, which fixes a long time resume bug (Mario
   Limonciello)

 - few device small fixes and quirks

* tag 'for-linus-2023020901' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  HID: Ignore battery for ELAN touchscreen 29DF on HP
  HID: amd_sfh: if no sensors are enabled, clean up
  HID: logitech: Disable hi-res scrolling on USB
  HID: core: Fix deadloop in hid_apply_multiplier.
  HID: Ignore battery for Elan touchscreen on Asus TP420IA
  HID: elecom: add support for TrackBall 056E:011C