commit 33069919e2dce440d3b8cd101b18f37bb35bdddf
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date:   Fri May 28 13:17:44 2021 +0200

    Linux 5.10.41
    
    Link: https://lore.kernel.org/r/20210527151139.242182390@linuxfoundation.org
    Tested-by: Jon Hunter <jonathanh@nvidia.com>
    Tested-by: Fox Chen <foxhlchen@gmail.com>
    Tested-by: Pavel Machek (CIP) <pavel@denx.de>
    Tested-by: Shuah Khan <skhan@linuxfoundation.org>
    Tested-by: Florian Fainelli <f.fainelli@gmail.com>
    Reviewed-by: Guenter Roeck <linux@roeck-us.net>
    Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit b34cb7ac32cc8e5471dc773180ea9ae676b1a745
Author: Dongliang Mu <mudongliangabcd@gmail.com>
Date:   Sat May 15 07:29:06 2021 +0800

    NFC: nci: fix memory leak in nci_allocate_device
    
    commit e0652f8bb44d6294eeeac06d703185357f25d50b upstream.
    
    nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev.
    Fix this by freeing hci_dev in nci_free_device.
    
    BUG: memory leak
    unreferenced object 0xffff888111ea6800 (size 1024):
      comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s)
      hex dump (first 32 bytes):
        00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff  .........`......
        00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
      backtrace:
        [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline]
        [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline]
        [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784
        [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline]
        [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132
        [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153
        [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345
        [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396
        [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
        [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740
        [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846
        [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431
        [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914
        [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491
        [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109
        [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164
        [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238
        [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293
        [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554
    
    Reported-by: syzbot+19bcfc64a8df1318d1c3@syzkaller.appspotmail.com
    Fixes: 11f54f228643 ("NFC: nci: Add HCI over NCI protocol support")
    Signed-off-by: Dongliang Mu <mudongliangabcd@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 8d11e6ae4304a575543e5ed4cc9a20a06d34297b
Author: Dave Rigby <d.rigby@me.com>
Date:   Thu Feb 18 16:56:54 2021 +0000

    perf unwind: Set userdata for all __report_module() paths
    
    commit 4e1481445407b86a483616c4542ffdc810efb680 upstream.
    
    When locating the DWARF module for a given address, __find_debuginfo()
    requires a 'struct dso' passed via the userdata argument.
    
    However, this field is only set in __report_module() if the module is
    found in via dwfl_addrmodule(), not if it is found later via
    dwfl_report_elf().
    
    Set userdata irrespective of how the DWARF module was found, as long as
    we found a module.
    
    Fixes: bf53fc6b5f41 ("perf unwind: Fix separate debug info files when using elfutils' libdw's unwinder")
    Signed-off-by: Dave Rigby <d.rigby@me.com>
    Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=211801
    Acked-by: Jan Kratochvil <jan.kratochvil@redhat.com>
    Acked-by: Jiri Olsa <jolsa@redhat.com>
    Link: https://lore.kernel.org/linux-perf-users/20210218165654.36604-1-d.rigby@me.com/
    Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
    Cc: "Tommi Rantala" <tommi.t.rantala@nokia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 53eaf28c056d99a636970b06d5f9916b52973297
Author: Jan Kratochvil <jan.kratochvil@redhat.com>
Date:   Fri Dec 4 09:17:02 2020 -0300

    perf unwind: Fix separate debug info files when using elfutils' libdw's unwinder
    
    commit bf53fc6b5f415cddc7118091cb8fd6a211b2320d upstream.
    
    elfutils needs to be provided main binary and separate debug info file
    respectively. Providing separate debug info file instead of the main
    binary is not sufficient.
    
    One needs to try both supplied filename and its possible cache by its
    build-id depending on the use case.
    
    Signed-off-by: Jan Kratochvil <jan.kratochvil@redhat.com>
    Tested-by: Jiri Olsa <jolsa@redhat.com>
    Cc: Adrian Hunter <adrian.hunter@intel.com>
    Cc: David Ahern <dsahern@gmail.com>
    Cc: Ian Rogers <irogers@google.com>
    Cc: Namhyung Kim <namhyung@kernel.org>
    Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
    Cc: "Tommi Rantala" <tommi.t.rantala@nokia.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 514883ebac77ff9939da92e268b24a71c9fe4e05
Author: Wanpeng Li <wanpengli@tencent.com>
Date:   Tue May 4 17:27:30 2021 -0700

    KVM: x86: Defer vtime accounting 'til after IRQ handling
    
    commit 160457140187c5fb127b844e5a85f87f00a01b14 upstream.
    
    Defer the call to account guest time until after servicing any IRQ(s)
    that happened in the guest or immediately after VM-Exit.  Tick-based
    accounting of vCPU time relies on PF_VCPU being set when the tick IRQ
    handler runs, and IRQs are blocked throughout the main sequence of
    vcpu_enter_guest(), including the call into vendor code to actually
    enter and exit the guest.
    
    This fixes a bug where reported guest time remains '0', even when
    running an infinite loop in the guest:
    
      https://bugzilla.kernel.org/show_bug.cgi?id=209831
    
    Fixes: 87fa7f3e98a131 ("x86/kvm: Move context tracking where it belongs")
    Suggested-by: Thomas Gleixner <tglx@linutronix.de>
    Co-developed-by: Sean Christopherson <seanjc@google.com>
    Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
    Signed-off-by: Sean Christopherson <seanjc@google.com>
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Cc: stable@vger.kernel.org
    Link: https://lore.kernel.org/r/20210505002735.1684165-4-seanjc@google.com
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 77068304b30f553b05934224146813d3cdcaa12c
Author: Wanpeng Li <wanpengli@tencent.com>
Date:   Tue May 4 17:27:29 2021 -0700

    context_tracking: Move guest exit vtime accounting to separate helpers
    
    commit 88d8220bbf06dd8045b2ac4be1046290eaa7773a upstream.
    
    Provide separate vtime accounting functions for guest exit instead of
    open coding the logic within the context tracking code.  This will allow
    KVM x86 to handle vtime accounting slightly differently when using
    tick-based accounting.
    
    Suggested-by: Thomas Gleixner <tglx@linutronix.de>
    Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
    Co-developed-by: Sean Christopherson <seanjc@google.com>
    Signed-off-by: Sean Christopherson <seanjc@google.com>
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
    Link: https://lore.kernel.org/r/20210505002735.1684165-3-seanjc@google.com
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 5ae5e3f05831b7629cd33be0a8591905f0898599
Author: Wanpeng Li <wanpengli@tencent.com>
Date:   Tue May 4 17:27:28 2021 -0700

    context_tracking: Move guest exit context tracking to separate helpers
    
    commit 866a6dadbb027b2955a7ae00bab9705d382def12 upstream.
    
    Provide separate context tracking helpers for guest exit, the standalone
    helpers will be called separately by KVM x86 in later patches to fix
    tick-based accounting.
    
    Suggested-by: Thomas Gleixner <tglx@linutronix.de>
    Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
    Co-developed-by: Sean Christopherson <seanjc@google.com>
    Signed-off-by: Sean Christopherson <seanjc@google.com>
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Link: https://lore.kernel.org/r/20210505002735.1684165-2-seanjc@google.com
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 27acfd11ba179b746f55077edf9750f8f7cb1cb6
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Tue May 4 08:58:25 2021 +0000

    bpf: No need to simulate speculative domain for immediates
    
    commit a7036191277f9fa68d92f2071ddc38c09b1e5ee5 upstream.
    
    In 801c6058d14a ("bpf: Fix leakage of uninitialized bpf stack under
    speculation") we replaced masking logic with direct loads of immediates
    if the register is a known constant. Given in this case we do not apply
    any masking, there is also no reason for the operation to be truncated
    under the speculative domain.
    
    Therefore, there is also zero reason for the verifier to branch-off and
    simulate this case, it only needs to do it for unknown but bounded scalars.
    As a side-effect, this also enables few test cases that were previously
    rejected due to simulation under zero truncation.
    
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit c87ef240a8bbbda5913fac1e84209d224c1aaf50
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Fri May 21 10:19:22 2021 +0000

    bpf: Fix mask direction swap upon off reg sign change
    
    commit bb01a1bba579b4b1c5566af24d95f1767859771e upstream.
    
    Masking direction as indicated via mask_to_left is considered to be
    calculated once and then used to derive pointer limits. Thus, this
    needs to be placed into bpf_sanitize_info instead so we can pass it
    to sanitize_ptr_alu() call after the pointer move. Piotr noticed a
    corner case where the off reg causes masking direction change which
    then results in an incorrect final aux->alu_limit.
    
    Fixes: 7fedb63a8307 ("bpf: Tighten speculative pointer arithmetic mask")
    Reported-by: Piotr Krysiuk <piotras@gmail.com>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 4e2c7b297431457663a90d4186e666b61d5da86c
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Fri May 21 10:17:36 2021 +0000

    bpf: Wrap aux data inside bpf_sanitize_info container
    
    commit 3d0220f6861d713213b015b582e9f21e5b28d2e0 upstream.
    
    Add a container structure struct bpf_sanitize_info which holds
    the current aux info, and update call-sites to sanitize_ptr_alu()
    to pass it in. This is needed for passing in additional state
    later on.
    
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: Piotr Krysiuk <piotras@gmail.com>
    Acked-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>