Merge tag 'v6.1.135' into orange-pi-6.1-rk35xx

This is the 6.1.135 stable release

* tag 'v6.1.135' of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux:
  Linux 6.1.135
  ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model
  md: fix mddev uaf while iterating all_mddevs list
  md: factor out a helper from mddev_put()
  MIPS: ds1287: Match ds1287_set_base_clock() function types
  MIPS: cevt-ds1287: Add missing ds1287.h include
  MIPS: dec: Declare which_prom() as static
  sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
  sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
  sign-file,extract-cert: move common SSL helper functions to a header
  mm: fix apply_to_existing_page_range()
  blk-iocost: do not WARN if iocg was already offlined
  blk-cgroup: support to track if policy is online
  bpf: Prevent tail call between progs attached to different hooks
  bpf: avoid holding freeze_mutex during mmap operation
  btrfs: fix the length of reserved qgroup to free
  cifs: use origin fullpath for automounts
  smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
  nvmet-fc: Remove unused functions
  Revert "LoongArch: BPF: Fix off-by-one error in build_prologue()"
  landlock: Add the errata interface
  drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links
  Revert "Xen/swiotlb: mark xen_swiotlb_fixup() __init"
  btrfs: zoned: fix zone finishing with missing devices
  btrfs: zoned: fix zone activation with missing devices
  btrfs: fix qgroup reserve leaks in cow_file_range
  LoongArch: Eliminate superfluous get_numa_distances_cnt()
  powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas()
  x86/pvh: Call C code via the kernel virtual mapping
  x86/split_lock: Fix the delayed detection logic
  mm: Fix is_zero_page() usage in try_grab_page()
  misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type
  misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error
  misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
  mptcp: sockopt: fix getting freebind & transparent
  media: mediatek: vcodec: mark vdec_vp9_slice_map_counts_eob_coef noinline
  kbuild: Add '-fno-builtin-wcslen'
  cpufreq: Reference count policy in cpufreq_update_limits()
  KVM: arm64: Eagerly switch ZCR_EL{1,2}
  KVM: arm64: Calculate cptr_el2 traps on activating traps
  KVM: arm64: Mark some header functions as inline
  KVM: arm64: Refactor exit handlers
  KVM: arm64: Remove VHE host restore of CPACR_EL1.SMEN
  KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN
  KVM: arm64: Remove host FPSIMD saving for non-protected KVM
  KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state
  arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM
  arm64/fpsimd: Have KVM explicitly say which FP registers to save
  arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE
  KVM: arm64: Discard any SVE state when entering KVM guests
  io_uring/net: fix accept multishot handling
  drm/i915/gvt: fix unterminated-string-initialization warning
  drm/sti: remove duplicate object names
  drm/nouveau: prime: fix ttm_bo_delayed_delete oops
  drm/amdgpu/dma_buf: fix page_link check
  drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero
  drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero
  drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero
  drm/amd/pm/smu11: Prevent division by zero
  drm/amd/pm/powerplay: Prevent division by zero
  drm/amd/pm: Prevent division by zero
  drm/amd: Handle being compiled without SI or CIK support better
  drm/msm/a6xx: Fix stale rpmh votes from GPU
  drm/repaper: fix integer overflows in repeat functions
  perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR
  perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX
  perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
  perf/x86/intel: Allow to update user space GPRs from PEBS records
  RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
  scsi: ufs: exynos: Ensure consistent phy reference counts
  scsi: megaraid_sas: Block zero-length ATA VPD inquiry
  virtiofs: add filesystem context source name check
  tracing: Fix filter string testing
  string: Add load_unaligned_zeropad() code path to sized_strscpy()
  smb3 client: fix open hardlink on deferred close file error
  riscv: Avoid fortify warning in syscall_get_arguments()
  ksmbd: fix the warning from __kernel_write_iter
  ksmbd: Prevent integer overflow in calculation of deadtime
  ksmbd: Fix dangling pointer in krb_authenticate
  mm: fix filemap_get_folios_contig returning batches of identical folios
  mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable()
  loop: LOOP_SET_FD: send uevents for partitions
  loop: properly send KOBJ_CHANGED uevent for disk device
  isofs: Prevent the use of too small fid
  i2c: cros-ec-tunnel: defer probe if parent EC is not present
  hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
  crypto: caam/qi - Fix drv_ctx refcount bug
  btrfs: correctly escape subvol in btrfs_show_options()
  nfsd: decrease sc_count directly if fail to queue dl_recall
  nfs: add missing selections of CONFIG_CRC32
  nfs: move nfs_fhandle_hash to common include file
  asus-laptop: Fix an uninitialized variable
  ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels
  ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate
  Revert "PCI: Avoid reset when disabled via sysfs"
  writeback: fix false warning in inode_to_wb()
  cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS
  riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break
  riscv: KGDB: Do not inline arch_kgdb_breakpoint()
  riscv: Properly export reserved regions in /proc/iomem
  ptp: ocp: fix start time alignment in ptp_ocp_signal_set
  net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails
  net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported
  net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
  net: bridge: switchdev: do not notify new brentries as changed
  net: b53: enable BPDU reception for management port
  cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path
  net: openvswitch: fix nested key length validation in the set() action
  net: mctp: Set SOCK_RCU_FREE
  test suite: use %zu to print size_t
  igc: cleanup PTP module if probe fails
  igc: handle the IGC_PTP_ENABLED flag correctly
  igc: move ktime snapshot into PTM retry loop
  igc: fix PTM cycle trigger logic
  Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
  Bluetooth: l2cap: Check encryption key size on incoming connection
  Bluetooth: btrtl: Prevent potential NULL dereference
  Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address
  RDMA/core: Silence oversized kvmalloc() warning
  RDMA/hns: Fix wrong maximum DMA segment size
  RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()
  md/md-bitmap: fix stats collection for external bitmaps
  md/raid10: fix missing discard IO accounting
  scsi: iscsi: Fix missing scsi_host_put() in error path
  wifi: wl1251: fix memory leak in wl1251_tx_work
  wifi: mac80211: Purge vif txq in ieee80211_do_stop()
  wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()
  wifi: at76c50x: fix use after free access in at76_disconnect
  scsi: hisi_sas: Enable force phy when SATA disk directly connected
  HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition
  Bluetooth: hci_uart: Fix another race during initialization
  x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions()
  ACPI: platform-profile: Fix CFI violation when accessing sysfs files
  arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists
  selftests: mptcp: close fd_in before returning in main_loop
  pinctrl: qcom: Clear latched interrupt status when changing IRQ type
  PCI: Fix reference leak in pci_alloc_child_bus()
  PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
  of/irq: Fix device node refcount leakages in of_irq_init()
  of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()
  of/irq: Fix device node refcount leakages in of_irq_count()
  of/irq: Fix device node refcount leakage in API of_irq_parse_raw()
  of/irq: Fix device node refcount leakage in API of_irq_parse_one()
  ntb: use 64-bit arithmetic for the MSI doorbell mask
  KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
  gve: handle overflow when reporting TX consumed descriptors
  gpio: zynq: Fix wakeup source leaks on device unbind
  gpio: tegra186: fix resource handling in ACPI probe path
  ftrace: Add cond_resched() to ftrace_graph_set_hash()
  dm-verity: fix prefetch-vs-suspend race
  dm-integrity: set ti->error on memory allocation failure
  dm-ebs: fix prefetch-vs-suspend race
  crypto: ccp - Fix check for the primary ASP device
  clk: qcom: gdsc: Set retain_ff before moving to HW CTRL
  clk: qcom: gdsc: Capture pm_genpd_add_subdomain result code
  clk: qcom: gdsc: Release pm subdomains in reverse add order
  cifs: fix integer overflow in match_server()
  cifs: avoid NULL pointer dereference in dbg call
  thermal/drivers/rockchip: Add missing rk3328 mapping entry
  sctp: detect and prevent references to a freed transport in sendmsg
  mm/hwpoison: do not send SIGBUS to processes with recovered clean pages
  mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock
  mm/rmap: reject hugetlb folios in folio_make_device_exclusive()
  sparc/mm: disable preemption in lazy mmu mode
  btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers
  arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
  arm64: mm: Correct the update of max_pfn
  mtd: rawnand: Add status chack in r852_ready()
  mtd: inftlcore: Add error check for inftl_read_oob()
  mptcp: only inc MPJoinAckHMacFailure for HMAC failures
  mptcp: fix NULL pointer in can_accept_new_subflow
  lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets
  locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()
  mfd: ene-kb3930: Fix a potential NULL pointer dereference
  jbd2: remove wrong sb->s_sequence check
  i3c: Add NULL pointer check in i3c_master_queue_ibi()
  i3c: master: svc: Use readsb helper for reading MDB
  smb311 client: fix missing tcon check when mounting with linux/posix extensions
  soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()
  vdpa/mlx5: Fix oversized null mkey longer than 32bit
  ext4: fix off-by-one error in do_split
  bus: mhi: host: Fix race between unprepare and queue_buf
  ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path
  ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns.
  ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment.
  io_uring/kbuf: reject zero sized provided buffers
  wifi: mac80211: fix integer overflow in hwmp_route_info_get()
  wifi: mt76: Add check for devm_kstrdup()
  clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup
  mtd: Replace kcalloc() with devm_kcalloc()
  net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family
  mtd: Add check for devm_kcalloc()
  mptcp: sockopt: fix getting IPV6_V6ONLY
  media: venus: hfi_parser: refactor hfi packet parsing logic
  media: venus: hfi_parser: add check to avoid out of bound access
  media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
  media: i2c: ov7251: Set enable GPIO low in probe
  media: i2c: ccs: Set the device's runtime PM status correctly in probe
  media: i2c: ccs: Set the device's runtime PM status correctly in remove
  media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()
  media: platform: stm32: Add check for clk_enable()
  media: streamzap: prevent processing IR data on URB failure
  tpm, tpm_tis: Fix timeout handling when waiting for TPM status
  mtd: rawnand: brcmnand: fix PM resume warning
  spi: cadence-qspi: Fix probe on AM62A LP SK
  KVM: arm64: Tear down vGIC on failed vCPU creation
  arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list
  arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB
  arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list
  arm64: cputype: Add MIDR_CORTEX_A76AE
  xenfs/xensyms: respect hypervisor's "next" indication
  media: siano: Fix error handling in smsdvb_module_init()
  media: vim2m: print device name after registering device
  media: venus: hfi: add check to handle incorrect queue size
  media: venus: hfi: add a check to handle OOB in sfr region
  media: i2c: adv748x: Fix test pattern selection mask
  ext4: don't treat fhandle lookup of ea_inode as FS corruption
  bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags
  pwm: fsl-ftm: Handle clk_get_rate() returning 0
  pwm: rcar: Improve register calculation
  pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()
  tpm, tpm_tis: Workaround failed command reception on Infineon devices
  ktest: Fix Test Failures Due to Missing LOG_FILE Directories
  fbdev: omapfb: Add 'plane' value check
  drm/amdgpu: grab an additional reference on the gang fence v2
  PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
  drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()
  drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
  drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data
  drm/amdkfd: Fix pqm_destroy_queue race with GPU reset
  drm/amdkfd: Fix mode1 reset crash issue
  drm/amdkfd: clamp queue size to minimum
  drivers: base: devres: Allow to release group on device release
  drm/bridge: panel: forbid initializing a panel with unknown connector type
  drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel)
  drm: panel-orientation-quirks: Add new quirk for GPD Win 2
  drm: panel-orientation-quirks: Add quirk for AYA NEO Slide
  drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB
  drm: panel-orientation-quirks: Add support for AYANEO 2S
  drm/amd/display: Update Cursor request mode to the beginning prefetch always
  drm: allow encoder mode_set even when connectors change for crtc
  Bluetooth: qca: simplify WCN399x NVM loading
  Bluetooth: hci_uart: fix race during initialization
  tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER
  net: vlan: don't propagate flags on open
  wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
  scsi: st: Fix array overflow in st_setup()
  ext4: ignore xattrs past end
  ext4: protect ext4_release_dquot against freezing
  ahci: add PCI ID for Marvell 88SE9215 SATA Controller
  f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
  ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
  jfs: add sanity check for agwidth in dbMount
  jfs: Prevent copying of nlink with value 0 from disk inode
  fs/jfs: Prevent integer overflow in AG size calculation
  fs/jfs: cast inactags to s64 to prevent potential overflow
  jfs: Fix uninit-value access of imap allocated in the diMount() function
  page_pool: avoid infinite loop to schedule delayed worker
  f2fs: don't retry IO for corrupted data scenario
  ASoC: amd: Add DMI quirk for ACP6X mic support
  ALSA: usb-audio: Fix CME quirk for UF series keyboards
  mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves
  ASoC: fsl_audmix: register card device depends on 'dais' property
  ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist
  ALSA: hda: intel: Fix Optimus when GPU has no sound
  HID: pidff: Fix null pointer dereference in pidff_find_fields
  HID: pidff: Do not send effect envelope if it's empty
  HID: pidff: Convert infinite length from Linux API to PID standard
  xen/mcelog: Add __nonstring annotations for unterminated strings
  arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD
  perf: arm_pmu: Don't disable counter in armpmu_add()
  x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine
  pm: cpupower: bench: Prevent NULL dereference on malloc failure
  umount: Allow superblock owners to force umount
  fs: consistently deref the files table with rcu_dereference_raw()
  iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
  nft_set_pipapo: fix incorrect avx2 match of 5th field octet
  net: ppp: Add bound checking for skb data on ppp_sync_txmung
  ipv6: Align behavior across nexthops during path selection
  net_sched: sch_sfq: move the limit validation
  net_sched: sch_sfq: use a temporary work area for validating configuration
  nvmet-fcloop: swap list_add_tail arguments
  ata: sata_sx4: Add error handling in pdc20621_i2c_read()
  net: ethtool: Don't call .cleanup_data when prepare_data fails
  tc: Ensure we have enough buffer space when sending filter netlink notifications
  net/sched: cls_api: conditional notification of events
  rtnl: add helper to check if a notification is needed
  rtnl: add helper to check if rtnl group has listeners
  net: tls: explicitly disallow disconnect
  codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
  tipc: fix memory leak in tipc_link_xmit
  ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
  selftests/futex: futex_waitv wouldblock test should fail

Signed-off-by: Khusika Dhamar Gusti <[email protected]>

Conflicts:
	drivers/media/i2c/ov7251.c

Author: khusika

MAINTAINERS

@@ -4833,6 +4833,7 @@ S:	Maintained
 F:	Documentation/admin-guide/module-signing.rst
 F:	certs/
 F:	scripts/sign-file.c
+F:	scripts/ssl-common.h
 F:	tools/certs/
 
 CFAG12864B LCD DRIVER

Makefile

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: GPL-2.0
 VERSION = 6
 PATCHLEVEL = 1
-SUBLEVEL = 134
+SUBLEVEL = 135
 EXTRAVERSION =
 NAME = Curry Ramen
 
@@ -1075,6 +1075,9 @@ KBUILD_CFLAGS   += $(call cc-option,-Werror=incompatible-pointer-types)
 # Require designated initializers for all marked structures
 KBUILD_CFLAGS   += $(call cc-option,-Werror=designated-init)
 
+# Ensure compilers do not transform certain loops into calls to wcslen()
+KBUILD_CFLAGS += -fno-builtin-wcslen
+
 # change __FILE__ to the relative path from the srctree
 KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
 

arch/arm64/boot/dts/mediatek/mt8173.dtsi

@@ -1247,8 +1247,7 @@
 		};
 
 		pwm0: pwm@1401e000 {
-			compatible = "mediatek,mt8173-disp-pwm",
-				     "mediatek,mt6595-disp-pwm";
+			compatible = "mediatek,mt8173-disp-pwm";
 			reg = <0 0x1401e000 0 0x1000>;
 			#pwm-cells = <2>;
 			clocks = <&mmsys CLK_MM_DISP_PWM026M>,
@@ -1258,8 +1257,7 @@
 		};
 
 		pwm1: pwm@1401f000 {
-			compatible = "mediatek,mt8173-disp-pwm",
-				     "mediatek,mt6595-disp-pwm";
+			compatible = "mediatek,mt8173-disp-pwm";
 			reg = <0 0x1401f000 0 0x1000>;
 			#pwm-cells = <2>;
 			clocks = <&mmsys CLK_MM_DISP_PWM126M>,

arch/arm64/include/asm/cputype.h

@@ -75,6 +75,7 @@
 #define ARM_CPU_PART_CORTEX_A76		0xD0B
 #define ARM_CPU_PART_NEOVERSE_N1	0xD0C
 #define ARM_CPU_PART_CORTEX_A77		0xD0D
+#define ARM_CPU_PART_CORTEX_A76AE	0xD0E
 #define ARM_CPU_PART_NEOVERSE_V1	0xD40
 #define ARM_CPU_PART_CORTEX_A78		0xD41
 #define ARM_CPU_PART_CORTEX_A78AE	0xD42
@@ -119,6 +120,7 @@
 #define QCOM_CPU_PART_KRYO		0x200
 #define QCOM_CPU_PART_KRYO_2XX_GOLD	0x800
 #define QCOM_CPU_PART_KRYO_2XX_SILVER	0x801
+#define QCOM_CPU_PART_KRYO_3XX_GOLD	0x802
 #define QCOM_CPU_PART_KRYO_3XX_SILVER	0x803
 #define QCOM_CPU_PART_KRYO_4XX_GOLD	0x804
 #define QCOM_CPU_PART_KRYO_4XX_SILVER	0x805
@@ -151,6 +153,7 @@
 #define MIDR_CORTEX_A76	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76)
 #define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1)
 #define MIDR_CORTEX_A77	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77)
+#define MIDR_CORTEX_A76AE	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76AE)
 #define MIDR_NEOVERSE_V1	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1)
 #define MIDR_CORTEX_A78	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78)
 #define MIDR_CORTEX_A78AE	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78AE)
@@ -188,6 +191,7 @@
 #define MIDR_QCOM_KRYO MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO)
 #define MIDR_QCOM_KRYO_2XX_GOLD MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO_2XX_GOLD)
 #define MIDR_QCOM_KRYO_2XX_SILVER MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO_2XX_SILVER)
+#define MIDR_QCOM_KRYO_3XX_GOLD MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO_3XX_GOLD)
 #define MIDR_QCOM_KRYO_3XX_SILVER MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO_3XX_SILVER)
 #define MIDR_QCOM_KRYO_4XX_GOLD MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO_4XX_GOLD)
 #define MIDR_QCOM_KRYO_4XX_SILVER MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, QCOM_CPU_PART_KRYO_4XX_SILVER)

arch/arm64/include/asm/fpsimd.h

@@ -56,11 +56,13 @@ extern void fpsimd_signal_preserve_current_state(void);
 extern void fpsimd_preserve_current_state(void);
 extern void fpsimd_restore_current_state(void);
 extern void fpsimd_update_current_state(struct user_fpsimd_state const *state);
+extern void fpsimd_kvm_prepare(void);
 
 extern void fpsimd_bind_state_to_cpu(struct user_fpsimd_state *state,
 				     void *sve_state, unsigned int sve_vl,
 				     void *za_state, unsigned int sme_vl,
-				     u64 *svcr);
+				     u64 *svcr, enum fp_type *type,
+				     enum fp_type to_save);
 
 extern void fpsimd_flush_task_state(struct task_struct *target);
 extern void fpsimd_save_and_flush_cpu_state(void);

arch/arm64/include/asm/kvm_host.h

@@ -67,6 +67,7 @@ enum kvm_mode kvm_get_mode(void);
 DECLARE_STATIC_KEY_FALSE(userspace_irqchip_in_use);
 
 extern unsigned int kvm_sve_max_vl;
+extern unsigned int kvm_host_sve_max_vl;
 int kvm_arm_init_sve(void);
 
 u32 __attribute_const__ kvm_target_cpu(void);
@@ -309,8 +310,18 @@ struct vcpu_reset_state {
 struct kvm_vcpu_arch {
 	struct kvm_cpu_context ctxt;
 
-	/* Guest floating point state */
+	/*
+	 * Guest floating point state
+	 *
+	 * The architecture has two main floating point extensions,
+	 * the original FPSIMD and SVE.  These have overlapping
+	 * register views, with the FPSIMD V registers occupying the
+	 * low 128 bits of the SVE Z registers.  When the core
+	 * floating point code saves the register state of a task it
+	 * records which view it saved in fp_type.
+	 */
 	void *sve_state;
+	enum fp_type fp_type;
 	unsigned int sve_max_vl;
 	u64 svcr;
 
@@ -320,7 +331,6 @@ struct kvm_vcpu_arch {
 	/* Values of trap registers for the guest. */
 	u64 hcr_el2;
 	u64 mdcr_el2;
-	u64 cptr_el2;
 
 	/* Values of trap registers for the host before guest entry. */
 	u64 mdcr_el2_host;
@@ -370,7 +380,6 @@ struct kvm_vcpu_arch {
 	struct kvm_guest_debug_arch vcpu_debug_state;
 	struct kvm_guest_debug_arch external_debug_state;
 
-	struct user_fpsimd_state *host_fpsimd_state;	/* hyp VA */
 	struct task_struct *parent_task;
 
 	struct {
@@ -547,10 +556,6 @@ struct kvm_vcpu_arch {
 /* Save TRBE context if active  */
 #define DEBUG_STATE_SAVE_TRBE	__vcpu_single_flag(iflags, BIT(6))
 
-/* SVE enabled for host EL0 */
-#define HOST_SVE_ENABLED	__vcpu_single_flag(sflags, BIT(0))
-/* SME enabled for EL0 */
-#define HOST_SME_ENABLED	__vcpu_single_flag(sflags, BIT(1))
 /* Physical CPU not in supported_cpus */
 #define ON_UNSUPPORTED_CPU	__vcpu_single_flag(sflags, BIT(2))
 /* WFIT instruction trapped */

arch/arm64/include/asm/kvm_hyp.h

@@ -122,5 +122,6 @@ extern u64 kvm_nvhe_sym(id_aa64isar2_el1_sys_val);
 extern u64 kvm_nvhe_sym(id_aa64mmfr0_el1_sys_val);
 extern u64 kvm_nvhe_sym(id_aa64mmfr1_el1_sys_val);
 extern u64 kvm_nvhe_sym(id_aa64mmfr2_el1_sys_val);
+extern unsigned int kvm_nvhe_sym(kvm_host_sve_max_vl);
 
 #endif /* __ARM64_KVM_HYP_H__ */

arch/arm64/include/asm/processor.h

@@ -122,6 +122,12 @@ enum vec_type {
 	ARM64_VEC_MAX,
 };
 
+enum fp_type {
+	FP_STATE_CURRENT,	/* Save based on current task state. */
+	FP_STATE_FPSIMD,
+	FP_STATE_SVE,
+};
+
 struct cpu_context {
 	unsigned long x19;
 	unsigned long x20;
@@ -152,6 +158,7 @@ struct thread_struct {
 		struct user_fpsimd_state fpsimd_state;
 	} uw;
 
+	enum fp_type		fp_type;	/* registers FPSIMD or SVE? */
 	unsigned int		fpsimd_cpu;
 	void			*sve_state;	/* SVE registers, if any */
 	void			*za_state;	/* ZA register, if any */

arch/arm64/include/asm/spectre.h

@@ -96,7 +96,6 @@ enum mitigation_state arm64_get_meltdown_state(void);
 
 enum mitigation_state arm64_get_spectre_bhb_state(void);
 bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope);
-u8 spectre_bhb_loop_affected(int scope);
 void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused);
 #endif	/* __ASSEMBLY__ */
 #endif	/* __ASM_SPECTRE_H */

arch/arm64/kernel/fpsimd.c

@@ -125,6 +125,8 @@ struct fpsimd_last_state_struct {
 	u64 *svcr;
 	unsigned int sve_vl;
 	unsigned int sme_vl;
+	enum fp_type *fp_type;
+	enum fp_type to_save;
 };
 
 static DEFINE_PER_CPU(struct fpsimd_last_state_struct, fpsimd_last_state);
@@ -330,15 +332,6 @@ void task_set_vl_onexec(struct task_struct *task, enum vec_type type,
  *    The task can execute SVE instructions while in userspace without
  *    trapping to the kernel.
  *
- *    When stored, Z0-Z31 (incorporating Vn in bits[127:0] or the
- *    corresponding Zn), P0-P15 and FFR are encoded in
- *    task->thread.sve_state, formatted appropriately for vector
- *    length task->thread.sve_vl or, if SVCR.SM is set,
- *    task->thread.sme_vl.
- *
- *    task->thread.sve_state must point to a valid buffer at least
- *    sve_state_size(task) bytes in size.
- *
  *    During any syscall, the kernel may optionally clear TIF_SVE and
  *    discard the vector state except for the FPSIMD subset.
  *
@@ -348,15 +341,39 @@ void task_set_vl_onexec(struct task_struct *task, enum vec_type type,
  *    do_sve_acc() to be called, which does some preparation and then
  *    sets TIF_SVE.
  *
- *    When stored, FPSIMD registers V0-V31 are encoded in
+ * During any syscall, the kernel may optionally clear TIF_SVE and
+ * discard the vector state except for the FPSIMD subset.
+ *
+ * The data will be stored in one of two formats:
+ *
+ *  * FPSIMD only - FP_STATE_FPSIMD:
+ *
+ *    When the FPSIMD only state stored task->thread.fp_type is set to
+ *    FP_STATE_FPSIMD, the FPSIMD registers V0-V31 are encoded in
  *    task->thread.uw.fpsimd_state; bits [max : 128] for each of Z0-Z31 are
  *    logically zero but not stored anywhere; P0-P15 and FFR are not
  *    stored and have unspecified values from userspace's point of
  *    view.  For hygiene purposes, the kernel zeroes them on next use,
  *    but userspace is discouraged from relying on this.
  *
  *    task->thread.sve_state does not need to be non-NULL, valid or any
- *    particular size: it must not be dereferenced.
+ *    particular size: it must not be dereferenced and any data stored
+ *    there should be considered stale and not referenced.
+ *
+ *  * SVE state - FP_STATE_SVE:
+ *
+ *    When the full SVE state is stored task->thread.fp_type is set to
+ *    FP_STATE_SVE and Z0-Z31 (incorporating Vn in bits[127:0] or the
+ *    corresponding Zn), P0-P15 and FFR are encoded in in
+ *    task->thread.sve_state, formatted appropriately for vector
+ *    length task->thread.sve_vl or, if SVCR.SM is set,
+ *    task->thread.sme_vl. The storage for the vector registers in
+ *    task->thread.uw.fpsimd_state should be ignored.
+ *
+ *    task->thread.sve_state must point to a valid buffer at least
+ *    sve_state_size(task) bytes in size. The data stored in
+ *    task->thread.uw.fpsimd_state.vregs should be considered stale
+ *    and not referenced.
  *
  *  * FPSR and FPCR are always stored in task->thread.uw.fpsimd_state
  *    irrespective of whether TIF_SVE is clear or set, since these are
@@ -404,12 +421,15 @@ static void task_fpsimd_load(void)
 		}
 	}
 
-	if (restore_sve_regs)
+	if (restore_sve_regs) {
+		WARN_ON_ONCE(current->thread.fp_type != FP_STATE_SVE);
 		sve_load_state(sve_pffr(&current->thread),
 			       &current->thread.uw.fpsimd_state.fpsr,
 			       restore_ffr);
-	else
+	} else {
+		WARN_ON_ONCE(current->thread.fp_type != FP_STATE_FPSIMD);
 		fpsimd_load_state(&current->thread.uw.fpsimd_state);
+	}
 }
 
 /*
@@ -419,8 +439,8 @@ static void task_fpsimd_load(void)
  * last, if KVM is involved this may be the guest VM context rather
  * than the host thread for the VM pointed to by current. This means
  * that we must always reference the state storage via last rather
- * than via current, other than the TIF_ flags which KVM will
- * carefully maintain for us.
+ * than via current, if we are saving KVM state then it will have
+ * ensured that the type of registers to save is set in last->to_save.
  */
 static void fpsimd_save(void)
 {
@@ -437,7 +457,8 @@ static void fpsimd_save(void)
 	if (test_thread_flag(TIF_FOREIGN_FPSTATE))
 		return;
 
-	if (test_thread_flag(TIF_SVE)) {
+	if ((last->to_save == FP_STATE_CURRENT && test_thread_flag(TIF_SVE)) ||
+	    last->to_save == FP_STATE_SVE) {
 		save_sve_regs = true;
 		save_ffr = true;
 		vl = last->sve_vl;
@@ -474,8 +495,10 @@ static void fpsimd_save(void)
 		sve_save_state((char *)last->sve_state +
 					sve_ffr_offset(vl),
 			       &last->st->fpsr, save_ffr);
+		*last->fp_type = FP_STATE_SVE;
 	} else {
 		fpsimd_save_state(last->st);
+		*last->fp_type = FP_STATE_FPSIMD;
 	}
 }
 
@@ -851,8 +874,10 @@ int vec_set_vector_length(struct task_struct *task, enum vec_type type,
 
 	fpsimd_flush_task_state(task);
 	if (test_and_clear_tsk_thread_flag(task, TIF_SVE) ||
-	    thread_sm_enabled(&task->thread))
+	    thread_sm_enabled(&task->thread)) {
 		sve_to_fpsimd(task);
+		task->thread.fp_type = FP_STATE_FPSIMD;
+	}
 
 	if (system_supports_sme()) {
 		if (type == ARM64_VEC_SME ||
@@ -1383,6 +1408,7 @@ static void sve_init_regs(void)
 		fpsimd_bind_task_to_cpu();
 	} else {
 		fpsimd_to_sve(current);
+		current->thread.fp_type = FP_STATE_SVE;
 		fpsimd_flush_task_state(current);
 	}
 }
@@ -1612,6 +1638,8 @@ void fpsimd_flush_thread(void)
 		current->thread.svcr = 0;
 	}
 
+	current->thread.fp_type = FP_STATE_FPSIMD;
+
 	put_cpu_fpsimd_context();
 	kfree(sve_state);
 	kfree(za_state);
@@ -1660,6 +1688,8 @@ static void fpsimd_bind_task_to_cpu(void)
 	last->sve_vl = task_get_sve_vl(current);
 	last->sme_vl = task_get_sme_vl(current);
 	last->svcr = &current->thread.svcr;
+	last->fp_type = &current->thread.fp_type;
+	last->to_save = FP_STATE_CURRENT;
 	current->thread.fpsimd_cpu = smp_processor_id();
 
 	/*
@@ -1683,7 +1713,8 @@ static void fpsimd_bind_task_to_cpu(void)
 
 void fpsimd_bind_state_to_cpu(struct user_fpsimd_state *st, void *sve_state,
 			      unsigned int sve_vl, void *za_state,
-			      unsigned int sme_vl, u64 *svcr)
+			      unsigned int sme_vl, u64 *svcr,
+			      enum fp_type *type, enum fp_type to_save)
 {
 	struct fpsimd_last_state_struct *last =
 		this_cpu_ptr(&fpsimd_last_state);
@@ -1697,6 +1728,8 @@ void fpsimd_bind_state_to_cpu(struct user_fpsimd_state *st, void *sve_state,
 	last->za_state = za_state;
 	last->sve_vl = sve_vl;
 	last->sme_vl = sme_vl;
+	last->fp_type = type;
+	last->to_save = to_save;
 }
 
 /*