commit 64ef7e725db41552c219a155ab8c1f6caf2e7cb4
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date:   Sat Jul 2 16:44:56 2022 +0200

    Linux 5.18.9
    
    Link: https://lore.kernel.org/r/20220630133230.239507521@linuxfoundation.org
    Tested-by: Ronald Warsow <rwarsow@gmx.de
    Tested-by: Jon Hunter <jonathanh@nvidia.com>
    Tested-by: Zan Aziz <zanaziz313@gmail.com>
    Tested-by: Shuah Khan <skhan@linuxfoundation.org>
    Tested-by: Florian Fainelli <f.fainelli@gmail.com>
    Tested-by: Guenter Roeck <linux@roeck-us.net>
    Tested-by: Ron Economos <re@w6rz.net>
    Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
    Tested-by: Bagas Sanjaya <bagasdotme@gmail.com>
    Tested-by: Fenil Jain <fkjainco@gmail.com>
    Tested-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
    Tested-by: Rudi Heitbaum <rudi@heitbaum.com>
    Tested-by: Justin M. Forbes <jforbes@fedoraproject.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 63493188ab3ad10a39349a576e5137fab5731223
Author: Pavel Begunkov <asml.silence@gmail.com>
Date:   Thu Jun 9 08:34:35 2022 +0100

    io_uring: fix not locked access to fixed buf table
    
    commit 05b538c1765f8d14a71ccf5f85258dcbeaf189f7 upstream.
    
    We can look inside the fixed buffer table only while holding
    ->uring_lock, however in some cases we don't do the right async prep for
    IORING_OP_{WRITE,READ}_FIXED ending up with NULL req->imu forcing making
    an io-wq worker to try to resolve the fixed buffer without proper
    locking.
    
    Move req->imu setup into early req init paths, i.e. io_prep_rw(), which
    is called unconditionally for rw requests and under uring_lock.
    
    Fixes: 634d00df5e1cf ("io_uring: add full-fledged dynamic buffers support")
    Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 90055509b30a654258e8172bd244612961537488
Author: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Date:   Mon May 16 12:44:22 2022 +0530

    powerpc/ftrace: Remove ftrace init tramp once kernel init is complete
    
    commit 84ade0a6655bee803d176525ef457175cbf4df22 upstream.
    
    Stop using the ftrace trampoline for init section once kernel init is
    complete.
    
    Fixes: 67361cf8071286 ("powerpc/ftrace: Handle large kernel configs")
    Cc: stable@vger.kernel.org # v4.20+
    Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
    Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
    Link: https://lore.kernel.org/r/20220516071422.463738-1-naveen.n.rao@linux.vnet.ibm.com
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit cfc89a378751d6a731af5aec73ad4a8e77f84b78
Author: Kees Cook <keescook@chromium.org>
Date:   Wed Jun 15 22:23:12 2022 -0700

    hinic: Replace memcpy() with direct assignment
    
    commit 1e70212e031528918066a631c9fdccda93a1ffaa upstream.
    
    Under CONFIG_FORTIFY_SOURCE=y and CONFIG_UBSAN_BOUNDS=y, Clang is bugged
    here for calculating the size of the destination buffer (0x10 instead of
    0x14). This copy is a fixed size (sizeof(struct fw_section_info_st)), with
    the source and dest being struct fw_section_info_st, so the memcpy should
    be safe, assuming the index is within bounds, which is UBSAN_BOUNDS's
    responsibility to figure out.
    
    Avoid the whole thing and just do a direct assignment. This results in
    no change to the executable code.
    
    [This is a duplicate of commit 2c0ab32b73cf ("hinic: Replace memcpy()
     with direct assignment") which was applied to net-next.]
    
    Cc: Nick Desaulniers <ndesaulniers@google.com>
    Cc: Tom Rix <trix@redhat.com>
    Cc: llvm@lists.linux.dev
    Link: https://github.com/ClangBuiltLinux/linux/issues/1592
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
    Tested-by: Nathan Chancellor <nathan@kernel.org> # build
    Link: https://lore.kernel.org/r/20220616052312.292861-1-keescook@chromium.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 0909f524e83eb497f23495553d0cebaf385dd79b
Author: Coly Li <colyli@suse.de>
Date:   Fri May 27 23:28:16 2022 +0800

    bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init()
    
    commit 7d6b902ea0e02b2a25c480edf471cbaa4ebe6b3c upstream.
    
    The local variables check_state (in bch_btree_check()) and state (in
    bch_sectors_dirty_init()) should be fully filled by 0, because before
    allocating them on stack, they were dynamically allocated by kzalloc().
    
    Signed-off-by: Coly Li <colyli@suse.de>
    Link: https://lore.kernel.org/r/20220527152818.27545-2-colyli@suse.de
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit 3ecbe7846818615f282c45565a56754ceaf1eb3a
Author: Linus Walleij <linus.walleij@linaro.org>
Date:   Wed Apr 6 22:55:05 2022 +0200

    clocksource/drivers/ixp4xx: Drop boardfile probe path
    
    commit 41929c9f628b9990d33a200c54bb0c919e089aa8 upstream.
    
    The boardfiles for IXP4xx have been deleted. Delete all the
    quirks and code dealing with that boot path and rely solely on
    device tree boot.
    
    Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
    Link: https://lore.kernel.org/r/20220406205505.2332821-1-linus.walleij@linaro.org
    Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

commit ea32b27e2f8c58c92bff5ecba7fcf64b97707089
Author: Masahiro Yamada <masahiroy@kernel.org>
Date:   Mon Jun 27 12:22:09 2022 +0900

    tick/nohz: unexport __init-annotated tick_nohz_full_setup()
    
    commit 2390095113e98fc52fffe35c5206d30d9efe3f78 upstream.
    
    EXPORT_SYMBOL and __init is a bad combination because the .init.text
    section is freed up after the initialization. Hence, modules cannot
    use symbols annotated __init. The access to a freed symbol may end up
    with kernel panic.
    
    modpost used to detect it, but it had been broken for a decade.
    
    Commit 28438794aba4 ("modpost: fix section mismatch check for exported
    init/exit sections") fixed it so modpost started to warn it again, then
    this showed up:
    
        MODPOST vmlinux.symvers
      WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup()
      The symbol tick_nohz_full_setup is exported and annotated __init
      Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.
    
    Drop the export because tick_nohz_full_setup() is only called from the
    built-in code in kernel/sched/isolation.c.
    
    Fixes: ae9e557b5be2 ("time: Export tick start/stop functions for rcutorture")
    Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
    Tested-by: Paul E. McKenney <paulmck@kernel.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Cc: Thomas Backlund <tmb@tmb.nu>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>