[RLC-8] Rebase Custom Changes to rlc-8/4.18.0-553.132.1.el8_10 and cve-2025-10263

[PlaidCat]

https://ciqinc.atlassian.net/browse/KERNEL-1145

Update process (This kernel CentOS base for 4.18.0-553.132.1.el8_10)

• Rolling Release Rebase Process
• Create rlc-8/4.18.0-553.132.1.el8_10 branch from rocky8_10
• Cherry-pick all code from previous branch rlc-8/4.18.0-553.126.1.el8_10 into new branch (skipping unneeded code)
  • Fix conflicts as they arise
• Build and Test

Rebase Log

Already on 'rlc-8/4.18.0-553.126.1.el8_10'
Already on 'jmaple_rlc-8/4.18.0-553.132.1.el8_10'
[rolling release update] Rolling Product:  rlc-8
[rolling release update] Checking out branch:  rlc-8/4.18.0-553.126.1.el8_10
[rolling release update] Gathering all the RESF kernel Tags
[rolling release update] Found 60 RESF kernel tags
[rolling release update] Checking out branch:  rocky8_10
[rolling release update] Gathering all the RESF kernel Tags
[rolling release update] Found 62 RESF kernel tags
[rolling release update] Common tag sha:  b'7b8ffde4a267'
"7b8ffde4a2675026e7fa11190bbcd94dca2e7e0b Rebuild rocky8_10 with kernel-4.18.0-553.126.1.el8_10"
[rolling release update] Checking for FIPS protected changes between the common tag and HEAD
[rolling release update] Checking for FIPS protected changes
[rolling release update] Getting SHAS 7b8ffde4a267..HEAD
[rolling release update] Number of commits to check:  22
[rolling release update] Checking modifications of shas
[rolling release update] Checked 2 of 22 commits
[rolling release update] Checked 4 of 22 commits
[rolling release update] Checked 6 of 22 commits
[rolling release update] Checked 8 of 22 commits
[rolling release update] Checked 10 of 22 commits
[rolling release update] Checked 12 of 22 commits
[rolling release update] Checked 14 of 22 commits
[rolling release update] Checked 16 of 22 commits
[rolling release update] Checked 18 of 22 commits
[rolling release update] Checked 20 of 22 commits
[rolling release update] Checked 22 of 22 commits
[rolling release update] 0 of 22 commits have FIPS protected changes
[rolling release update] Checking out old rolling branch:  rlc-8/4.18.0-553.126.1.el8_10
[rolling release update] Finding the CIQ Kernel and Associated Upstream commits between the last resf tag and HEAD
[rolling release update] Getting SHAS 7b8ffde4a267..HEAD
[rolling release update] Last RESF tag sha:  b'7b8ffde4a267'
[rolling release update] Total commits in old branch: 56
[rolling release update] Checking out new base branch:  rocky8_10
[rolling release update] Finding the kernel version for the new rolling release
[rolling release update] New Branch to create: rlc-8/4.18.0-553.132.1.el8_10
[rolling release update] Creating new branch: rlc-8/4.18.0-553.132.1.el8_10
[rolling release update] Creating new branch for PR:  jmaple_rlc-8/4.18.0-553.132.1.el8_10
[rolling release update] Creating Map of all new commits from last rolling release fork
[rolling release update] Total commits in new branch: 21
[rolling release update] Checking if any of the commits from the old rolling release are already present in the new base branch
- Old commit 8edb830381ce backported upstream 2edfa31769a4
  Already in new base as dd5b615c36ae: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
- Old commit 04f55b73a27d backported upstream 3da1fdf4efbc
  Already in new base as fdc03c844313: smb: client: reject userspace cifs.spnego descriptions
[rolling release update] Found 2 duplicate commits to remove
[rolling release update] Removing duplicate commits:
  - 8edb830381ce169c5bed25e746ea059ad171a7f9 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()
  - 04f55b73a27d49408ed020e42805bbb32079ba0e smb: client: reject userspace cifs.spnego descriptions
[rolling release update] Applying 54 remaining commits to the new branch
  [1/54] 35c02bd16b08 crypto: jitter - replace LFSR with SHA3-256
  [2/54] 3ca156b9e8d3 crypto: aead,cipher - zeroize key buffer after use
  [3/54] f7e91c68e1c5 SUSE: patch: crypto-dh-implement-FIPS-PCT.patch
  [4/54] 4c947cf437bf SUSE: patch: crypto-ecdh-implement-FIPS-PCT.patch
  [5/54] ca0fc73c013f     crypto: jitter - add oversampling of noise source
  [6/54] ec9aabb1c076 crypto: ecdh - explicitly zeroize private_key
  [7/54] 226f234ec3a5 KEYS: use kfree_sensitive with key
  [8/54] abb193704c34 In essiv_aead_setkey(), use the same logic as crypto_authenc_esn_setkey() to zeroize keys on exit.
  [9/54] 871540d8691b github actions: Incorporate feedback on workflows
  [10/54] 593d16899e16 configs: x86_64: Sync with dist-git
  [11/54] ec7f53d11437 github actions: Remove demo job
  [12/54] c9543cf05c21 github actions: Remove push checks
  [13/54] c6b924ce6ff0 github actions: Add upstream commit checker
  [14/54] 79d72ea308ee github actions: Add kabi checks
  [15/54] 3cad5e67f655 github actions: Fix upstream commit check for forks
  [16/54] 856a0ee1ede1 github actions: Fix process-pull-request for forks
  [17/54] d2a8f71463eb github actions: remove old pr checker
  [18/54] a63704247cce github actions: Use reusable validate kernel commits workflow
  [19/54] ae6e162ae8a4 github actions: Add kernelCI for rlc-8
  [20/54] 83dca4b84a3f github actions: Use trigger for kernelCI
  [21/54] 63bb9c5a36ff Revert "xfrm: esp: avoid in-place decrypt on shared skb frags"
  [22/54] 5de0601b32c5 xfrm: esp: avoid in-place decrypt on shared skb frags
  [23/54] eb1d1deaca74 net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets
  [24/54] 998b5e93e48b tipc: Fix use-after-free of kernel socket in cleanup_bearer().
  [25/54] 4a2b1c974227 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
  [26/54] de651a924073 netdevsim: Fix memory leak of nsim_dev->fa_cookie
  [27/54] abf9bb95a806 gso: fix udp gso fraglist segmentation after pull from frag_list
  [28/54] 95b16a8d0777 bpf: Fix a segment issue when downgrading gso_size
  [29/54] 9c393bde64a4 net: fix udp gso skb_segment after pull from frag_list
  [30/54] 39156fbda9df x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach
  [31/54] 5fd063e42433 x86/boot: Move x86_cache_alignment initialization to correct spot
  [32/54] 18f8b00c76f2 x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu()
  [33/54] ec5b0a1d2999 x86/cpu: Get rid of an unnecessary local variable in get_cpu_address_sizes()
  [34/54] 6c706db220c8 x86/cpu: Provide default cache line size if not enumerated
  [35/54] 9f84c77fd3bd net: mana: Enable MANA driver on ARM64 with 4K page size
  [36/54] ab51575cf632 net: mana: Add support for page sizes other than 4KB on ARM64
  [37/54] 254e2c67167f RDMA/mana_ib: Fix bug in creation of dma regions
  [38/54] c6aeda046ce2 RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page
  [39/54] c9a192de76e0 RDMA/mana_ib: use the correct page table index based on hardware page size
  [40/54] 819909cb2c90 tipc: fix NULL deref in cleanup_bearer()
  [41/54] b78d2bd40b14 scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU
  [42/54] 2ad5e482d64c PCI: Batch BAR sizing operations
  [43/54] 7e0a5037616a libeth: add Tx buffer completion helpers
  [44/54] 9a101813ec64 idpf: convert to libeth Tx buffer completion
  [45/54] 998d5c656c51 netdevice: add netdev_tx_reset_subqueue() shorthand
  [46/54] 93362f1bc4a4 idpf: refactor Tx completion routines
  [47/54] 2f725e61d79b idpf: set completion tag for "empty" bufs associated with a packet
  [48/54] 77d84212d7ef idpf: add support for Tx refillqs in flow scheduling mode
  [49/54] 7b3b15f5dbb5 idpf: improve when to set RE bit logic
  [50/54] fa1bdc5a695b idpf: simplify and fix splitq Tx packet rollback error path
  [51/54] 64044d2e3776 idpf: replace flow scheduling buffer ring with buffer pool
  [52/54] f6f0a2687b45 idpf: stop Tx if there are insufficient buffer resources
  [53/54] ea737e8b24f2 idpf: remove obsolete stashing code
  [54/54] c8c4bfbc36ce sched: fix exit_mm vs membarrier (v4)
[rolling release update] Successfully applied all 54 commits

BUILD

$ egrep -B 5 -A 5 "\[TIMER\]|^Starting Build" $(ls -t kbuild* | head -n1)
/mnt/code/kernel-src-tree-build
Running make mrproper...
  CLEAN   scripts/basic
  CLEAN   scripts/kconfig
[TIMER]{MRPROPER}: 4s
x86_64 architecture detected, copying config
'configs/kernel-x86_64.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-rocky8_10_rebuild-0c69843530e4"
Making olddefconfig
--
  HOSTLD  scripts/kconfig/conf
scripts/kconfig/conf  --olddefconfig Kconfig
#
# configuration written to .config
#
Starting Build
scripts/kconfig/conf  --syncconfig Kconfig
  SYSTBL  arch/x86/include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_32_ia32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_64_x32.h
  SYSTBL  arch/x86/include/generated/asm/syscalls_64.h
--
  LD [M]  sound/usb/usx2y/snd-usb-usx2y.ko
  LD [M]  sound/virtio/virtio_snd.ko
  LD [M]  sound/x86/snd-hdmi-lpe-audio.ko
  LD [M]  sound/xen/snd_xen_front.ko
  LD [M]  virt/lib/irqbypass.ko
[TIMER]{BUILD}: 1587s
Making Modules
  INSTALL arch/x86/crypto/blowfish-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx-x86_64.ko
  INSTALL arch/x86/crypto/camellia-aesni-avx2.ko
  INSTALL arch/x86/crypto/camellia-x86_64.ko
--
  INSTALL sound/virtio/virtio_snd.ko
  INSTALL sound/x86/snd-hdmi-lpe-audio.ko
  INSTALL sound/xen/snd_xen_front.ko
  INSTALL virt/lib/irqbypass.ko
  DEPMOD  4.18.0-rocky8_10_rebuild-0c69843530e4+
[TIMER]{MODULES}: 13s
Making Install
sh ./arch/x86/boot/install.sh 4.18.0-rocky8_10_rebuild-0c69843530e4+ arch/x86/boot/bzImage \
	System.map "/boot"
[TIMER]{INSTALL}: 25s
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-4.18.0-rocky8_10_rebuild-0c69843530e4+ and Index to 2
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 4s
[TIMER]{BUILD}: 1587s
[TIMER]{MODULES}: 13s
[TIMER]{INSTALL}: 25s
[TIMER]{TOTAL} 1635s
Rebooting in 10 seconds

KSelfTest

$ ./kernel-tools/kernel_auto_rebuild/get_kselftest_diff.sh
selftest-4.18.0-jmaple_rlc-8_4.18.0-553.125.1.el8_10-20f84cc84427+-1.log: 259 passed
selftest-4.18.0-jmaple_rlc-8_4.18.0-553.126.1.el8_10-7b8ffde4a267+-1.log: 258 passed
selftest-4.18.0-jmaple_rlc-8_4.18.0-553.126.1.el8_10-7c11c8a7cd69+-1.log: 258 passed
selftest-4.18.0-jmaple_rlc-8_4.18.0-553.132.1.el8_10-31e75a954ad3+-1.log: 257 passed

Before: selftest-4.18.0-jmaple_rlc-8_4.18.0-553.126.1.el8_10-7c11c8a7cd69+-1.log
After: selftest-4.18.0-jmaple_rlc-8_4.18.0-553.132.1.el8_10-31e75a954ad3+-1.log
Diff:
-ok 12 selftests: net: xfrm_policy.sh

Old validate ... removing

[PlaidCat]

MultiArch CI: https://github.com/ctrliq/kernel-src-tree/actions/runs/27382523449

[github-actions]

🤖 Validation Checks In Progress Workflow run: https://github.com/ctrliq/kernel-src-tree/actions/runs/27383376095

[github-actions]

🔍 Upstream Linux Kernel Commit Check

• ⚠️ PR commit 11c6fc1eab8d (xfrm: esp: avoid in-place decrypt on shared skb frags) references upstream commit
  f4c50a4034e6 which has been referenced by a Fixes: tag in the upstream
  Linux kernel:

    48f6a5356a33 net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) (CVE-2026-43503)
    f84eca581739 net: skbuff: preserve shared-frag marker during coalescing (William Bowling) (CVE-2026-46300)

• ⚠️ PR commit 4ab76ac11784 (PCI: Batch BAR sizing operations) references upstream commit
  4453f360862e which has been referenced by a Fixes: tag in the upstream
  Linux kernel:

    472ff48e2c09 PCI: Fix BUILD_BUG_ON usage for old gcc (Alex Williamson)

• ❌ PR commit d232ab7c8396 (arm64: Add part number for Arm Cortex-A78AE) references CVE-2025-10263 but
  upstream commit 83bea32ac7ed has no CVE assigned

• ❌ PR commit 102674d93c1e (arm64: Add Neoverse-V2 part) references CVE-2025-10263 but
  upstream commit f4d9d9dcc70b has no CVE assigned

• ❌ PR commit 5af0a38924cc (arm64: cputype: Add Cortex-X4 definitions) references CVE-2025-10263 but
  upstream commit 02a0a04676fa has no CVE assigned

• ❌ PR commit 6e8837d607a0 (arm64: cputype: Add Neoverse-V3 definitions) references CVE-2025-10263 but
  upstream commit 0ce85db6c214 has no CVE assigned

• ❌ PR commit 40468e8fbdec (arm64: cputype: Add Cortex-X3 definitions) references CVE-2025-10263 but
  upstream commit be5a6f238700 has no CVE assigned

• ❌ PR commit 5cb82e300f76 (arm64: cputype: Add Cortex-X925 definitions) references CVE-2025-10263 but
  upstream commit fd2ff5f0b320 has no CVE assigned

• ❌ PR commit 8caa8904c508 (arm64: cputype: Add Cortex-X1C definitions) references CVE-2025-10263 but
  upstream commit 58d245e03c32 has no CVE assigned

• ❌ PR commit da7a734f4480 (arm64: cputype: Add MIDR_CORTEX_A76AE) references CVE-2025-10263 but
  upstream commit a9b5bd81b294 has no CVE assigned

• ❌ PR commit fac45efddd6c (arm64: cputype: Add Neoverse-V3AE definitions) references CVE-2025-10263 but
  upstream commit 3bbf004c4808 has no CVE assigned

This is an automated message from the kernel commit checker workflow.

[github-actions]

🔍 Interdiff Analysis

• ⚠️ PR commit 11c6fc1eab8d (xfrm: esp: avoid in-place decrypt on shared skb frags) → upstream f4c50a4034e6
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1347,9 +1347,6 @@
 			goto error;
 		}
 
-		if (!(flags & MSG_NO_SHARED_FRAGS))
-			skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
-
 		if (skb->ip_summed == CHECKSUM_NONE) {
 			__wsum csum;
 			csum = csum_page(page, offset, len);

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1233,6 +1233,8 @@
 			if (err < 0)
 				goto error;
 			copy = err;
+			if (!(flags & MSG_NO_SHARED_FRAGS))
+				skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG;
 			wmem_alloc_delta += copy;
 		} else if (!zc) {
 			int i = skb_shinfo(skb)->nr_frags;

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1230,6 +1230,6 @@
-			goto error;
-		}
-
-		if (skb->ip_summed == CHECKSUM_NONE) {
-			__wsum csum;
-			csum = csum_page(page, offset, len);
+			if (err < 0)
+				goto error;
+			copy = err;
+			wmem_alloc_delta += copy;
+		} else if (!zc) {
+			int i = skb_shinfo(skb)->nr_frags;

================================================================================
*    ONLY IN PATCH2 - files not modified by patch1                             *
================================================================================

--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -915,7 +915,8 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
 			nfrags = 1;
 
 			goto skip_cow;
-		} else if (!skb_has_frag_list(skb)) {
+		} else if (!skb_has_frag_list(skb) &&
+			   !skb_has_shared_frag(skb)) {
 			nfrags = skb_shinfo(skb)->nr_frags;
 			nfrags++;
 
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1794,6 +1794,8 @@ alloc_new_skb:
 			if (err < 0)
 				goto error;
 			copy = err;
+			if (!(flags & MSG_NO_SHARED_FRAGS))
+				skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG;
 			wmem_alloc_delta += copy;
 		} else if (!zc) {
 			int i = skb_shinfo(skb)->nr_frags;

• ⚠️ PR commit 95c8ee122ba3 (nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()) → upstream ad95bab0cd28
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -152,18 +152,6 @@
 	return queue - queue->ctrl->queues;
 }
 
-static inline bool nvme_tcp_recv_pdu_supported(enum nvme_tcp_pdu_type type)
-{
-	switch (type) {
-	case nvme_tcp_c2h_data:
-	case nvme_tcp_r2t:
-	case nvme_tcp_rsp:
-		return true;
-	default:
-		return false;
-	}
-}
-
 static inline struct blk_mq_tags *nvme_tcp_tagset(struct nvme_tcp_queue *queue)
 {
 	u32 queue_idx = nvme_tcp_queue_id(queue);

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -217,6 +217,19 @@
 	return queue - queue->ctrl->queues;
 }
 
+static inline bool nvme_tcp_recv_pdu_supported(enum nvme_tcp_pdu_type type)
+{
+	switch (type) {
+	case nvme_tcp_c2h_term:
+	case nvme_tcp_c2h_data:
+	case nvme_tcp_r2t:
+	case nvme_tcp_rsp:
+		return true;
+	default:
+		return false;
+	}
+}
+
 /*
  * Check if the queue is TLS encrypted
  */
@@ -818,6 +831,16 @@
 		return 0;
 
 	hdr = queue->pdu;
+	if (unlikely(hdr->hlen != sizeof(struct nvme_tcp_rsp_pdu))) {
+		if (!nvme_tcp_recv_pdu_supported(hdr->type))
+			goto unsupported_pdu;
+
+		dev_err(queue->ctrl->ctrl.device,
+			"pdu type %d has unexpected header length (%d)\n",
+			hdr->type, hdr->hlen);
+		return -EPROTO;
+	}
+
 	if (unlikely(hdr->type == nvme_tcp_c2h_term)) {
 		/*
 		 * C2HTermReq never includes Header or Data digests.

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -149,6 +149,6 @@
 	return queue - queue->ctrl->queues;
 }
 
-static inline struct blk_mq_tags *nvme_tcp_tagset(struct nvme_tcp_queue *queue)
-{
-	u32 queue_idx = nvme_tcp_queue_id(queue);
+/*
+ * Check if the queue is TLS encrypted
+ */
@@ -674,6 +818,6 @@
 		return 0;
 
 	hdr = queue->pdu;
-	if (queue->hdr_digest) {
-		ret = nvme_tcp_verify_hdgst(queue, queue->pdu, hdr->hlen);
-		if (unlikely(ret))
+	if (unlikely(hdr->type == nvme_tcp_c2h_term)) {
+		/*
+		 * C2HTermReq never includes Header or Data digests.

• ⚠️ PR commit 3544a24c43bf (gso: fix udp gso fraglist segmentation after pull from frag_list) → upstream a1e40ac5b5e9
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -11,7 +11,6 @@
  */
 
 #include <linux/skbuff.h>
-#include <net/ip6_checksum.h>
 #include <net/udp.h>
 #include <net/protocol.h>
 #include <net/inet_common.h>

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -273,6 +269,6 @@
 
 	if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST)
 		return __udp_gso_segment_list(gso_skb, features, is_ipv6);
 
-	mss = skb_shinfo(gso_skb)->gso_size;
-	if (gso_skb->len <= sizeof(*uh) + mss)
+	skb_pull(gso_skb, sizeof(*uh));
+

• ⚠️ PR commit 146899475c8e (net: fix udp gso skb_segment after pull from frag_list) → upstream 3382a1ed7f77
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -273,6 +273,6 @@
 	bool copy_dtor;
 	__sum16 check;
 	__be16 newlen;
 
-	if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) {
-		 /* Detect modified geometry and pass those to skb_segment. */
+	mss = skb_shinfo(gso_skb)->gso_size;
+	if (gso_skb->len <= sizeof(*uh) + mss)

• ⚠️ PR commit a19fd8457975 (x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach) → upstream fbf6449f84bf
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1607,7 +1613,6 @@
 		cpu_detect(c);
 		get_cpu_vendor(c);
 		get_cpu_cap(c);
-		get_cpu_address_sizes(c);
 		setup_force_cpu_cap(X86_FEATURE_CPUID);
 		cpu_parse_early_param();
 

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1502,6 +1597,5 @@
 		get_cpu_vendor(c);
 		get_cpu_cap(c);
-		get_model_name(c); /* RHEL8: get model name for unsupported check */
 		get_cpu_address_sizes(c);
 		setup_force_cpu_cap(X86_FEATURE_CPUID);
 		cpu_parse_early_param();

• ⚠️ PR commit 04b3af631efc (x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu()) → upstream 9a458198eba9
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1508,5 +1509,4 @@
 		get_cpu_cap(c);
-		get_model_name(c); /* RHEL8: get model name for unsupported check */
 		setup_force_cpu_cap(X86_FEATURE_CPUID);
 		cpu_parse_early_param();
 
@@ -1520,5 +1599,4 @@
 	} else {
-		identify_cpu_without_cpuid(c);
 		setup_clear_cpu_cap(X86_FEATURE_CPUID);
 	}

• ⚠️ PR commit 22f3c77cc4f9 (net: mana: Enable MANA driver on ARM64 with 4K page size) → upstream 40a1d11fc670
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/microsoft/Kconfig
+++ b/drivers/net/ethernet/microsoft/Kconfig
@@ -20,4 +20,4 @@
 	depends on PCI_MSI && X86_64
 	depends on PCI_HYPERV
 	select AUXILIARY_BUS
-	help
+	select PAGE_POOL

• ⚠️ PR commit a7b9575e2f99 (net: mana: Add support for page sizes other than 4KB on ARM64) → upstream 382d1741b5b2
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/microsoft/Kconfig
+++ b/drivers/net/ethernet/microsoft/Kconfig
@@ -21,4 +21,4 @@
 	depends on X86_64 || (ARM64 && !CPU_BIG_ENDIAN && ARM64_4K_PAGES)
 	depends on PCI_HYPERV
 	select AUXILIARY_BUS
-	help
+	select PAGE_POOL

• ⚠️ PR commit 4ab76ac11784 (PCI: Batch BAR sizing operations) → upstream 4453f360862e
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -217,17 +256,6 @@
 	struct pci_bus_region region, inverted_region;
 	const char *res_name = pci_resource_name(dev, res - dev->resource);
 
-	mask = type ? PCI_ROM_ADDRESS_MASK : ~0;
-
-	/* No printks while decoding is disabled! */
-	if (!dev->mmio_always_on) {
-		pci_read_config_word(dev, PCI_COMMAND, &orig_cmd);
-		if (orig_cmd & PCI_COMMAND_DECODE_ENABLE) {
-			pci_write_config_word(dev, PCI_COMMAND,
-				orig_cmd & ~PCI_COMMAND_DECODE_ENABLE);
-		}
-	}
-
 	res->name = pci_name(dev);
 
 	pci_read_config_dword(dev, pos, &l);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/pci/iov.c
+++ b/drivers/pci/iov.c
@@ -740,4 +739,5 @@
 	struct resource *res;
+	const char *res_name;
 	struct pci_dev *pdev;
 
 	pci_read_config_word(dev, pos + PCI_SRIOV_CTRL, &ctrl);
--- b/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -186,6 +180,7 @@
 	u64 l64, sz64, mask64;
 	u16 orig_cmd;
 	struct pci_bus_region region, inverted_region;
+	const char *res_name = pci_resource_name(dev, res - dev->resource);
 
 	mask = type ? PCI_ROM_ADDRESS_MASK : ~0;

• ⚠️ PR commit 59c13986cbc2 (idpf: convert to libeth Tx buffer completion) → upstream d9028db618a6
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /* Copyright (C) 2023 Intel Corporation */
 
-#include <net/libeth/tx.h>
-
 #include "idpf.h"
 
 /**
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /* Copyright (C) 2023 Intel Corporation */
 
-#include <net/libeth/tx.h>
-
 #include "idpf.h"
 #include "idpf_virtchnl.h"
 

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
@@ -2,6 +2,7 @@
 /* Copyright (C) 2023 Intel Corporation */
 
 #include <net/libeth/rx.h>
+#include <net/libeth/tx.h>
 
 #include "idpf.h"
 
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2,6 +2,7 @@
 /* Copyright (C) 2023 Intel Corporation */
 
 #include <net/libeth/rx.h>
+#include <net/libeth/tx.h>
 
 #include "idpf.h"
 #include "idpf_virtchnl.h"

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
@@ -2,4 +1,8 @@
 /* Copyright (C) 2023 Intel Corporation */
 
+#include <net/libeth/rx.h>
+
+#include <net/libeth/tx.h>
+
 #include "idpf.h"
 
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2,5 +1,9 @@
 /* Copyright (C) 2023 Intel Corporation */
 
+#include <net/libeth/rx.h>
+
+#include <net/libeth/tx.h>
+
 #include "idpf.h"
 #include "idpf_virtchnl.h"

• ⚠️ PR commit 8c487287e70c (idpf: refactor Tx completion routines) → upstream 24eb35b15152
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -785,7 +785,7 @@
 	u32 next_to_use;
 	u32 next_to_clean;
 
-	u32 num_completions;
+	aligned_u64 num_completions;
 	__cacheline_group_end_aligned(read_write);
 
 	__cacheline_group_begin_aligned(cold);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -971,4 +920,4 @@
 	u32 num_completions_pending;
 };
 
-/**
+static inline int idpf_q_vector_to_mem(const struct idpf_q_vector *q_vector)

• ⚠️ PR commit 0e4a6b8bb49f (idpf: add support for Tx refillqs in flow scheduling mode) → upstream cb83b559bea3
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -247,7 +247,6 @@
 	struct device *dev = tx_q->dev;
 	struct idpf_sw_queue *refillq;
 	int err;
-	unsigned int i = 0;
 
 	err = idpf_tx_buf_alloc_all(tx_q);
 	if (err)
@@ -282,7 +281,7 @@
 		goto err_alloc;
 	}
 
-	for (i = 0; i < refillq->desc_count; i++)
+	for (unsigned int i = 0; i < refillq->desc_count; i++)
 		refillq->ring[i] =
 			FIELD_PREP(IDPF_RFL_BI_BUFID_M, i) |
 			FIELD_PREP(IDPF_RFL_BI_GEN_M,

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -3551,7 +3630,7 @@
 skip_data:
 		rx_buf->netmem = 0;
 
-		idpf_rx_post_buf_refill(refillq, buf_id);
+		idpf_post_buf_refill(refillq, buf_id);
 		IDPF_RX_BUMP_NTC(rxq, ntc);
 
 		/* skip if it is non EOP desc */
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -622,6 +622,7 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
  * @stash: Tx buffer stash for Flow-based scheduling mode
+ * @refillq: Pointer to refill queue
  * @compl_tag_bufid_m: Completion tag buffer id mask
  * @compl_tag_cur_gen: Used to keep track of current completion tag generation
  * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
@@ -671,6 +672,7 @@
 
 	u16 tx_max_bufs;
 	struct idpf_txq_stash *stash;
+	struct idpf_sw_queue *refillq;
 
 	u16 compl_tag_bufid_m;
 	u16 compl_tag_cur_gen;
@@ -692,7 +694,7 @@
 	__cacheline_group_end_aligned(cold);
 };
 libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
-			    112 + sizeof(struct u64_stats_sync),
+			    120 + sizeof(struct u64_stats_sync),
 			    24);
 
 /**

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -244,4 +246,5 @@
 	struct device *dev = tx_q->dev;
 	int err;
+	unsigned int i = 0;
 
 	err = idpf_tx_buf_alloc_all(tx_q);
@@ -3358,4 +3417,4 @@
 		idpf_rx_post_buf_refill(refillq, buf_id);
-
 		IDPF_RX_BUMP_NTC(rxq, ntc);
+
 		/* skip if it is non EOP desc */
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -624,6 +619,6 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
- * @tx_min_pkt_len: Min supported packet length
+ * @stash: Tx buffer stash for Flow-based scheduling mode
  * @compl_tag_bufid_m: Completion tag buffer id mask
- * @compl_tag_gen_s: Completion tag generation bit
- *	The format of the completion tag will change based on the TXQ
+ * @compl_tag_cur_gen: Used to keep track of current completion tag generation
+ * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
@@ -743,6 +692,2 @@
 
-	u16 tx_max_bufs;
-	u16 tx_min_pkt_len;
-
-	u16 compl_tag_bufid_m;
-	u16 compl_tag_gen_s;
+/**

• ⚠️ PR commit ce23e1fe98c0 (idpf: improve when to set RE bit logic) → upstream f2d18e16479c
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -610,6 +610,8 @@
  * @netdev: &net_device corresponding to this queue
  * @next_to_use: Next descriptor to use
  * @next_to_clean: Next descriptor to clean
+ * @last_re: last descriptor index that RE bit was set
+ * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
  * @cleaned_bytes: Splitq only, TXQ only: When a TX completion is received on
  *		   the TX completion queue, it can be for any TXQ associated
  *		   with that completion queue. This means we can clean up to
@@ -620,7 +622,6 @@
  *		   only once at the end of the cleaning routine.
  * @clean_budget: singleq only, queue cleaning budget
  * @cleaned_pkts: Number of packets cleaned for the above said case
- * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
  * @stash: Tx buffer stash for Flow-based scheduling mode
  * @refillq: Pointer to refill queue
  * @compl_tag_bufid_m: Completion tag buffer id mask
@@ -672,7 +675,6 @@
 	};
 	u16 cleaned_pkts;
 
-	u16 tx_max_bufs;
 	struct idpf_txq_stash *stash;
 	struct idpf_sw_queue *refillq;
 

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -607,6 +607,5 @@
- * @desc_count: Number of descriptors
+ * @netdev: &net_device corresponding to this queue
  * @next_to_use: Next descriptor to use
  * @next_to_clean: Next descriptor to clean
- * @netdev: &net_device corresponding to this queue
  * @cleaned_bytes: Splitq only, TXQ only: When a TX completion is received on
  *		   the TX completion queue, it can be for any TXQ associated
@@ -685,5 +622,5 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
- * @tx_min_pkt_len: Min supported packet length
+ * @stash: Tx buffer stash for Flow-based scheduling mode
  * @refillq: Pointer to refill queue
  * @compl_tag_bufid_m: Completion tag buffer id mask
@@ -723,4 +660,4 @@
-	u16 desc_count;
+	__cacheline_group_begin_aligned(read_write);
 	u16 next_to_use;
 	u16 next_to_clean;
 
@@ -731,5 +668,5 @@
 
 	u16 tx_max_bufs;
-	u16 tx_min_pkt_len;
+	struct idpf_txq_stash *stash;
 	struct idpf_sw_queue *refillq;

• ⚠️ PR commit 9d2fe0667447 (idpf: simplify and fix splitq Tx packet rollback error path) → upstream b61dfa9bc443
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2287,4 +2287,55 @@
 
 /**
+ * idpf_tx_dma_map_error - handle TX DMA map errors
+ * @txq: queue to send buffer on
+ * @skb: send buffer
+ * @first: original first buffer info buffer for packet
+ * @idx: starting point on ring to unwind
+ */
+void idpf_tx_dma_map_error(struct idpf_tx_queue *txq, struct sk_buff *skb,
+			   struct idpf_tx_buf *first, u16 idx)
+{
+	struct libeth_sq_napi_stats ss = { };
+	struct libeth_cq_pp cp = {
+		.dev	= txq->dev,
+		.ss	= &ss,
+	};
+
+	u64_stats_update_begin(&txq->stats_sync);
+	u64_stats_inc(&txq->q_stats.dma_map_errs);
+	u64_stats_update_end(&txq->stats_sync);
+
+	/* clear dma mappings for failed tx_buf map */
+	for (;;) {
+		struct idpf_tx_buf *tx_buf;
+
+		tx_buf = &txq->tx_buf[idx];
+		libeth_tx_complete(tx_buf, &cp);
+		if (tx_buf == first)
+			break;
+		if (idx == 0)
+			idx = txq->desc_count;
+		idx--;
+	}
+
+	if (skb_is_gso(skb)) {
+		union idpf_tx_flex_desc *tx_desc;
+
+		/* If we failed a DMA mapping for a TSO packet, we will have
+		 * used one additional descriptor for a context
+		 * descriptor. Reset that here.
+		 */
+		tx_desc = &txq->flex_tx[idx];
+		memset(tx_desc, 0, sizeof(struct idpf_flex_tx_ctx_desc));
+		if (idx == 0)
+			idx = txq->desc_count;
+		idx--;
+	}
+
+	/* Update tail in case netdev_xmit_more was previously true */
+	idpf_tx_buf_hw_update(txq, idx, false);
+}
+
+/**
  * idpf_tx_splitq_bump_ntu - adjust NTU and generation
  * @txq: the tx ring to wrap
@@ -2335,35 +2386,4 @@
 
 /**
- * idpf_tx_splitq_pkt_err_unmap - Unmap buffers and bump tail in case of error
- * @txq: Tx queue to unwind
- * @params: pointer to splitq params struct
- * @first: starting buffer for packet to unmap
- */
-static void idpf_tx_splitq_pkt_err_unmap(struct idpf_tx_queue *txq,
-					 struct idpf_tx_splitq_params *params,
-					 struct idpf_tx_buf *first)
-{
-	struct libeth_sq_napi_stats ss = { };
-	struct idpf_tx_buf *tx_buf = first;
-	struct libeth_cq_pp cp = {
-		.dev    = txq->dev,
-		.ss     = &ss,
-	};
-	u32 idx = 0;
-
-	u64_stats_update_begin(&txq->stats_sync);
-	u64_stats_inc(&txq->q_stats.dma_map_errs);
-	u64_stats_update_end(&txq->stats_sync);
-
-	do {
-		libeth_tx_complete(tx_buf, &cp);
-		idpf_tx_clean_buf_ring_bump_ntc(txq, idx, tx_buf);
-	} while (idpf_tx_buf_compl_tag(tx_buf) == params->compl_tag);
-
-	/* Update tail in case netdev_xmit_more was previously true. */
-	idpf_tx_buf_hw_update(txq, params->prev_ntu, false);
-}
-
-/**
  * idpf_tx_splitq_map - Build the Tx flex descriptor
  * @tx_q: queue to send buffer on

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2339,57 +2339,6 @@
 	return count;
 }
 
-/**
- * idpf_tx_dma_map_error - handle TX DMA map errors
- * @txq: queue to send buffer on
- * @skb: send buffer
- * @first: original first buffer info buffer for packet
- * @idx: starting point on ring to unwind
- */
-void idpf_tx_dma_map_error(struct idpf_tx_queue *txq, struct sk_buff *skb,
-			   struct idpf_tx_buf *first, u16 idx)
-{
-	struct libeth_sq_napi_stats ss = { };
-	struct libeth_cq_pp cp = {
-		.dev	= txq->dev,
-		.ss	= &ss,
-	};
-
-	u64_stats_update_begin(&txq->stats_sync);
-	u64_stats_inc(&txq->q_stats.dma_map_errs);
-	u64_stats_update_end(&txq->stats_sync);
-
-	/* clear dma mappings for failed tx_buf map */
-	for (;;) {
-		struct idpf_tx_buf *tx_buf;
-
-		tx_buf = &txq->tx_buf[idx];
-		libeth_tx_complete(tx_buf, &cp);
-		if (tx_buf == first)
-			break;
-		if (idx == 0)
-			idx = txq->desc_count;
-		idx--;
-	}
-
-	if (skb_is_gso(skb)) {
-		union idpf_tx_flex_desc *tx_desc;
-
-		/* If we failed a DMA mapping for a TSO packet, we will have
-		 * used one additional descriptor for a context
-		 * descriptor. Reset that here.
-		 */
-		tx_desc = &txq->flex_tx[idx];
-		memset(tx_desc, 0, sizeof(*tx_desc));
-		if (idx == 0)
-			idx = txq->desc_count;
-		idx--;
-	}
-
-	/* Update tail in case netdev_xmit_more was previously true */
-	idpf_tx_buf_hw_update(txq, idx, false);
-}
-
 /**
  * idpf_tx_splitq_bump_ntu - adjust NTU and generation
  * @txq: the tx ring to wrap
@@ -2438,6 +2387,37 @@
 	return true;
 }
 
+/**
+ * idpf_tx_splitq_pkt_err_unmap - Unmap buffers and bump tail in case of error
+ * @txq: Tx queue to unwind
+ * @params: pointer to splitq params struct
+ * @first: starting buffer for packet to unmap
+ */
+static void idpf_tx_splitq_pkt_err_unmap(struct idpf_tx_queue *txq,
+					 struct idpf_tx_splitq_params *params,
+					 struct idpf_tx_buf *first)
+{
+	struct libeth_sq_napi_stats ss = { };
+	struct idpf_tx_buf *tx_buf = first;
+	struct libeth_cq_pp cp = {
+		.dev    = txq->dev,
+		.ss     = &ss,
+	};
+	u32 idx = 0;
+
+	u64_stats_update_begin(&txq->stats_sync);
+	u64_stats_inc(&txq->q_stats.dma_map_errs);
+	u64_stats_update_end(&txq->stats_sync);
+
+	do {
+		libeth_tx_complete(tx_buf, &cp);
+		idpf_tx_clean_buf_ring_bump_ntc(txq, idx, tx_buf);
+	} while (idpf_tx_buf_compl_tag(tx_buf) == params->compl_tag);
+
+	/* Update tail in case netdev_xmit_more was previously true. */
+	idpf_tx_buf_hw_update(txq, params->prev_ntu, false);
+}
+
 /**
  * idpf_tx_splitq_map - Build the Tx flex descriptor
  * @tx_q: queue to send buffer on
@@ -2482,8 +2462,9 @@
 	for (frag = &skb_shinfo(skb)->frags[0];; frag++) {
 		unsigned int max_data = IDPF_TX_MAX_DESC_DATA_ALIGNED;
 
-		if (dma_mapping_error(tx_q->dev, dma))
-			return idpf_tx_dma_map_error(tx_q, skb, first, i);
+		if (unlikely(dma_mapping_error(tx_q->dev, dma)))
+			return idpf_tx_splitq_pkt_err_unmap(tx_q, params,
+							    first);
 
 		first->nr_frags++;
 		idpf_tx_buf_compl_tag(tx_buf) = params->compl_tag;
@@ -2939,7 +2920,9 @@
 static netdev_tx_t idpf_tx_splitq_frame(struct sk_buff *skb,
 					struct idpf_tx_queue *tx_q)
 {
-	struct idpf_tx_splitq_params tx_params = { };
+	struct idpf_tx_splitq_params tx_params = {
+		.prev_ntu = tx_q->next_to_use,
+	};
 	union idpf_flex_tx_ctx_desc *ctx_desc;
 	struct idpf_tx_buf *first;
 	unsigned int count;

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2326,7 +2380,7 @@
 		 * descriptor. Reset that here.
 		 */
 		tx_desc = &txq->flex_tx[idx];
-		memset(tx_desc, 0, sizeof(struct idpf_flex_tx_ctx_desc));
+		memset(tx_desc, 0, sizeof(*tx_desc));
 		if (idx == 0)
 			idx = txq->desc_count;
 		idx--;
@@ -2817,4 +2871,5 @@
 {
 	struct idpf_tx_splitq_params tx_params = { };
+	union idpf_flex_tx_ctx_desc *ctx_desc;
 	struct idpf_tx_buf *first;
 	unsigned int count;

• ⚠️ PR commit 30a857e88266 (idpf: replace flow scheduling buffer ring with buffer pool) → upstream 5f417d551324
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1915,11 +1915,8 @@
 		.napi	= budget,
 	};
 
-	tx_buf = &txq->tx_buf[buf_id];
-	if (tx_buf->type == LIBETH_SQE_SKB) {
+	if (tx_buf->type == LIBETH_SQE_SKB)
 		libeth_tx_complete(tx_buf, &cp);
-		idpf_post_buf_refill(txq->refillq, buf_id);
-	}
 
 	while (idpf_tx_buf_next(tx_buf) != IDPF_TXBUF_NULL) {
 		buf_id = idpf_tx_buf_next(tx_buf);

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1962,6 +1962,7 @@
 		     idpf_tx_buf_compl_tag(tx_buf) != compl_tag))
 		return false;
 
+	tx_buf = &txq->tx_buf[buf_id];
 	if (tx_buf->type == LIBETH_SQE_SKB) {
 		if (skb_shinfo(tx_buf->skb)->tx_flags & SKBTX_IN_PROGRESS)
 			idpf_tx_read_tstamp(txq, tx_buf->skb);
@@ -1965,6 +1966,7 @@
 			idpf_tx_read_tstamp(txq, tx_buf->skb);
 
 		libeth_tx_complete(tx_buf, &cp);
+		idpf_post_buf_refill(txq->refillq, buf_id);
 	}
 
 	idpf_tx_clean_buf_ring_bump_ntc(txq, idx, tx_buf);
@@ -2892,6 +2859,7 @@
 	struct idpf_tx_buf *first;
 	unsigned int count;
 	int tso, idx;
+	u32 buf_id;
 
 	count = idpf_tx_desc_count_required(tx_q, skb);
 	if (unlikely(!count))
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -703,6 +710,7 @@
 	dma_addr_t dma;
 
 	struct idpf_q_vector *q_vector;
+	u32 buf_pool_size;
 	__cacheline_group_end_aligned(cold);
 };
 libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
@@ -706,7 +714,7 @@
 };
 libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
 			    120 + sizeof(struct u64_stats_sync),
-			    24);
+			    32);
 
 /**
  * struct idpf_buf_queue - software structure representing a buffer queue

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1915,8 +1965,12 @@
 		     idpf_tx_buf_compl_tag(tx_buf) != compl_tag))
 		return false;
 
-	if (tx_buf->type == LIBETH_SQE_SKB)
+	if (tx_buf->type == LIBETH_SQE_SKB) {
+		if (skb_shinfo(tx_buf->skb)->tx_flags & SKBTX_IN_PROGRESS)
+			idpf_tx_read_tstamp(txq, tx_buf->skb);
+
 		libeth_tx_complete(tx_buf, &cp);
+	}
 
 	idpf_tx_clean_buf_ring_bump_ntc(txq, idx, tx_buf);
 
@@ -2744,4 +2798,4 @@
-	struct idpf_flex_tx_ctx_desc *desc;
+	union idpf_flex_tx_ctx_desc *desc;
 	int i = txq->next_to_use;
 
 	txq->tx_buf[i].type = LIBETH_SQE_CTX;
@@ -2802,6 +2856,6 @@
 	struct idpf_tx_buf *first;
 	unsigned int count;
-	int tso;
+	int tso, idx;
 
 	count = idpf_tx_desc_count_required(tx_q, skb);
 	if (unlikely(!count))
@@ -2840,4 +2962,4 @@
-		u64_stats_update_end(&tx_q->stats_sync);
+		idpf_tx_set_tstamp_desc(ctx_desc, idx);
 	}
 
 	/* record the location of the first descriptor for this packet */
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -692,5 +694,9 @@
 
 	struct idpf_q_vector *q_vector;
-} ____cacheline_aligned;
+	__cacheline_group_end_aligned(cold);
+};
+libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
+			    120 + sizeof(struct u64_stats_sync),
+			    24);
 
 /**

• ⚠️ PR commit 1c7ce18c6611 (idpf: stop Tx if there are insufficient buffer resources) → upstream 0c3f135e840d
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2909,7 +2926,7 @@
 	};
 	union idpf_flex_tx_ctx_desc *ctx_desc;
 	struct idpf_tx_buf *first;
-	unsigned int count;
+	u32 count, buf_count = 1;
 	int tso, idx;
 	u32 buf_id;
 

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2768,7 +2821,8 @@
 	};
+	union idpf_flex_tx_ctx_desc *ctx_desc;
 	struct idpf_tx_buf *first;
 	unsigned int count;
-	int tso;
+	int tso, idx;
 	u32 buf_id;
 
 	count = idpf_tx_desc_count_required(tx_q, skb);

• ⚠️ PR commit c4f720b98b5e (idpf: remove obsolete stashing code) → upstream 6c4e68480238
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1557,6 +1557,82 @@
 	wake_up(&vport->sw_marker_wq);
 }
 
+/**
+ * idpf_tx_clean_stashed_bufs - clean bufs that were stored for
+ * out of order completions
+ * @txq: queue to clean
+ * @compl_tag: completion tag of packet to clean (from completion descriptor)
+ * @cleaned: pointer to stats struct to track cleaned packets/bytes
+ * @budget: Used to determine if we are in netpoll
+ */
+static void idpf_tx_clean_stashed_bufs(struct idpf_tx_queue *txq,
+				       u16 compl_tag,
+				       struct libeth_sq_napi_stats *cleaned,
+				       int budget)
+{
+	struct idpf_tx_stash *stash;
+	struct hlist_node *tmp_buf;
+	struct libeth_cq_pp cp = {
+		.dev	= txq->dev,
+		.ss	= cleaned,
+		.napi	= budget,
+	};
+
+	/* Buffer completion */
+	hash_for_each_possible_safe(txq->stash->sched_buf_hash, stash, tmp_buf,
+				    hlist, compl_tag) {
+		if (unlikely(idpf_tx_buf_compl_tag(&stash->buf) != compl_tag))
+			continue;
+
+		hash_del(&stash->hlist);
+		libeth_tx_complete(&stash->buf, &cp);
+
+		/* Push shadow buf back onto stack */
+		idpf_buf_lifo_push(&txq->stash->buf_stack, stash);
+	}
+}
+
+/**
+ * idpf_stash_flow_sch_buffers - store buffer parameters info to be freed at a
+ * later time (only relevant for flow scheduling mode)
+ * @txq: Tx queue to clean
+ * @tx_buf: buffer to store
+ */
+static int idpf_stash_flow_sch_buffers(struct idpf_tx_queue *txq,
+				       struct idpf_tx_buf *tx_buf)
+{
+	struct idpf_tx_stash *stash;
+
+	if (unlikely(tx_buf->type <= LIBETH_SQE_CTX))
+		return 0;
+
+	stash = idpf_buf_lifo_pop(&txq->stash->buf_stack);
+	if (unlikely(!stash)) {
+		net_err_ratelimited("%s: No out-of-order TX buffers left!\n",
+				    netdev_name(txq->netdev));
+
+		return -ENOMEM;
+	}
+
+	/* Store buffer params in shadow buffer */
+	stash->buf.skb = tx_buf->skb;
+	stash->buf.bytes = tx_buf->bytes;
+	stash->buf.packets = tx_buf->packets;
+	stash->buf.type = tx_buf->type;
+	stash->buf.nr_frags = tx_buf->nr_frags;
+	dma_unmap_addr_set(&stash->buf, dma, dma_unmap_addr(tx_buf, dma));
+	dma_unmap_len_set(&stash->buf, len, dma_unmap_len(tx_buf, len));
+	idpf_tx_buf_compl_tag(&stash->buf) = idpf_tx_buf_compl_tag(tx_buf);
+
+	/* Add buffer to buf_hash table to be freed later */
+	hash_add(txq->stash->sched_buf_hash, &stash->hlist,
+		 idpf_tx_buf_compl_tag(&stash->buf));
+
+	tx_buf->type = LIBETH_SQE_EMPTY;
+
+	return 0;
+}
+
 #define idpf_tx_splitq_clean_bump_ntc(txq, ntc, desc, buf)	\
 do {								\
 	if (unlikely(++(ntc) == (txq)->desc_count)) {		\
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -663,6 +663,7 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @tx_min_pkt_len: Min supported packet length
  * @refillq: Pointer to refill queue
+ * @compl_tag_bufid_m: Completion tag buffer id mask
  * @compl_tag_gen_s: Completion tag generation bit
  *	The format of the completion tag will change based on the TXQ
  *	descriptor ring size so that we can maintain roughly the same level
@@ -683,6 +684,9 @@
  *	--------------------------------
  *
  *	This gives us 8*8160 = 65280 possible unique values.
+ * @compl_tag_cur_gen: Used to keep track of current completion tag generation
+ * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
+ * @stash: Tx buffer stash for Flow-based scheduling mode
  * @stats_sync: See struct u64_stats_sync
  * @q_stats: See union idpf_tx_queue_stats
  * @q_id: Queue id
@@ -724,6 +728,14 @@
 	u16 tx_min_pkt_len;
 	struct idpf_sw_queue *refillq;
 
+	u16 compl_tag_bufid_m;
+	u16 compl_tag_gen_s;
+
+	u16 compl_tag_cur_gen;
+	u16 compl_tag_gen_max;
+
+	struct idpf_txq_stash *stash;
+
 	struct u64_stats_sync stats_sync;
 	struct idpf_tx_queue_stats q_stats;
 

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1602,87 +1462,6 @@
 	spin_unlock_bh(&tx_tstamp_caps->status_lock);
 }
 
-/**
- * idpf_tx_clean_stashed_bufs - clean bufs that were stored for
- * out of order completions
- * @txq: queue to clean
- * @compl_tag: completion tag of packet to clean (from completion descriptor)
- * @cleaned: pointer to stats struct to track cleaned packets/bytes
- * @budget: Used to determine if we are in netpoll
- */
-static void idpf_tx_clean_stashed_bufs(struct idpf_tx_queue *txq,
-				       u16 compl_tag,
-				       struct libeth_sq_napi_stats *cleaned,
-				       int budget)
-{
-	struct idpf_tx_stash *stash;
-	struct hlist_node *tmp_buf;
-	struct libeth_cq_pp cp = {
-		.dev	= txq->dev,
-		.ss	= cleaned,
-		.napi	= budget,
-	};
-
-	/* Buffer completion */
-	hash_for_each_possible_safe(txq->stash->sched_buf_hash, stash, tmp_buf,
-				    hlist, compl_tag) {
-		if (unlikely(idpf_tx_buf_compl_tag(&stash->buf) != compl_tag))
-			continue;
-
-		hash_del(&stash->hlist);
-
-		if (stash->buf.type == LIBETH_SQE_SKB &&
-		    (skb_shinfo(stash->buf.skb)->tx_flags & SKBTX_IN_PROGRESS))
-			idpf_tx_read_tstamp(txq, stash->buf.skb);
-
-		libeth_tx_complete(&stash->buf, &cp);
-
-		/* Push shadow buf back onto stack */
-		idpf_buf_lifo_push(&txq->stash->buf_stack, stash);
-	}
-}
-
-/**
- * idpf_stash_flow_sch_buffers - store buffer parameters info to be freed at a
- * later time (only relevant for flow scheduling mode)
- * @txq: Tx queue to clean
- * @tx_buf: buffer to store
- */
-static int idpf_stash_flow_sch_buffers(struct idpf_tx_queue *txq,
-				       struct idpf_tx_buf *tx_buf)
-{
-	struct idpf_tx_stash *stash;
-
-	if (unlikely(tx_buf->type <= LIBETH_SQE_CTX))
-		return 0;
-
-	stash = idpf_buf_lifo_pop(&txq->stash->buf_stack);
-	if (unlikely(!stash)) {
-		net_err_ratelimited("%s: No out-of-order TX buffers left!\n",
-				    netdev_name(txq->netdev));
-
-		return -ENOMEM;
-	}
-
-	/* Store buffer params in shadow buffer */
-	stash->buf.skb = tx_buf->skb;
-	stash->buf.bytes = tx_buf->bytes;
-	stash->buf.packets = tx_buf->packets;
-	stash->buf.type = tx_buf->type;
-	stash->buf.nr_frags = tx_buf->nr_frags;
-	dma_unmap_addr_set(&stash->buf, dma, dma_unmap_addr(tx_buf, dma));
-	dma_unmap_len_set(&stash->buf, len, dma_unmap_len(tx_buf, len));
-	idpf_tx_buf_compl_tag(&stash->buf) = idpf_tx_buf_compl_tag(tx_buf);
-
-	/* Add buffer to buf_hash table to be freed later */
-	hash_add(txq->stash->sched_buf_hash, &stash->hlist,
-		 idpf_tx_buf_compl_tag(&stash->buf));
-
-	tx_buf->type = LIBETH_SQE_EMPTY;
-
-	return 0;
-}
-
 #define idpf_tx_splitq_clean_bump_ntc(txq, ntc, desc, buf)	\
 do {								\
 	if (unlikely(++(ntc) == (txq)->desc_count)) {		\
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -598,7 +565,6 @@
  *		   only once at the end of the cleaning routine.
  * @clean_budget: singleq only, queue cleaning budget
  * @cleaned_pkts: Number of packets cleaned for the above said case
- * @stash: Tx buffer stash for Flow-based scheduling mode
  * @refillq: Pointer to refill queue
  * @compl_tag_bufid_m: Completion tag buffer id mask
  * @compl_tag_cur_gen: Used to keep track of current completion tag generation
@@ -600,9 +566,6 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @stash: Tx buffer stash for Flow-based scheduling mode
  * @refillq: Pointer to refill queue
- * @compl_tag_bufid_m: Completion tag buffer id mask
- * @compl_tag_cur_gen: Used to keep track of current completion tag generation
- * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
  * @cached_tstamp_caps: Tx timestamp capabilities negotiated with the CP
  * @tstamp_task: Work that handles Tx timestamp read
  * @stats_sync: See struct u64_stats_sync
@@ -633,7 +596,6 @@
 	u16 desc_count;
 
 	u16 tx_min_pkt_len;
-	u16 compl_tag_gen_s;
 
 	struct net_device *netdev;
 	__cacheline_group_end_aligned(read_mostly);
@@ -650,7 +612,6 @@
 	};
 	u16 cleaned_pkts;
 
-	struct idpf_txq_stash *stash;
 	struct idpf_sw_queue *refillq;
 
 	u16 compl_tag_bufid_m;
@@ -653,10 +614,6 @@
 	struct idpf_txq_stash *stash;
 	struct idpf_sw_queue *refillq;
 
-	u16 compl_tag_bufid_m;
-	u16 compl_tag_cur_gen;
-	u16 compl_tag_gen_max;
-
 	struct idpf_ptp_vport_tx_tstamp_caps *cached_tstamp_caps;
 	struct work_struct *tstamp_task;
 
@@ -674,7 +631,7 @@
 	__cacheline_group_end_aligned(cold);
 };
 libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
-			    120 + sizeof(struct u64_stats_sync),
+			    104 + sizeof(struct u64_stats_sync),
 			    32);
 
 /**

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -3,4 +3,4 @@
-#include "idpf.h"
+#include "idpf_ptp.h"
 #include "idpf_virtchnl.h"
 
 struct idpf_tx_stash {
@@ -1725,6 +1770,11 @@
 			continue;
 
 		hash_del(&stash->hlist);
+
+		if (stash->buf.type == LIBETH_SQE_SKB &&
+		    (skb_shinfo(stash->buf.skb)->tx_flags & SKBTX_IN_PROGRESS))
+			idpf_tx_read_tstamp(txq, stash->buf.skb);
+
 		libeth_tx_complete(&stash->buf, &cp);
 
 		/* Push shadow buf back onto stack */
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -713,9 +663,7 @@
+	u16 desc_count;
+
+	u16 tx_min_pkt_len;
+	u16 compl_tag_gen_s;
+
+	struct net_device *netdev;
+	__cacheline_group_end_aligned(read_mostly);
- *	--------------------------------
- *
- *	This gives us 8*8160 = 65280 possible unique values.
- * @compl_tag_cur_gen: Used to keep track of current completion tag generation
- * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
- * @stash: Tx buffer stash for Flow-based scheduling mode
- * @stats_sync: See struct u64_stats_sync
- * @q_stats: See union idpf_tx_queue_stats
- * @q_id: Queue id

• ⚠️ PR commit 31e75a954ad3 (sched: fix exit_mm vs membarrier (v4)) → upstream 5bc78502322a
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/kernel/exit.c
+++ b/kernel/exit.c
@@ -475,6 +475,18 @@
 	BUG_ON(mm != current->active_mm);
 	/* more a memory barrier than a real lock */
 	task_lock(current);
+	/*
+	 * When a thread stops operating on an address space, the loop
+	 * in membarrier_private_expedited() may not observe that
+	 * tsk->mm, and the loop in membarrier_global_expedited() may
+	 * not observe a MEMBARRIER_STATE_GLOBAL_EXPEDITED
+	 * rq->membarrier_state, so those would not issue an IPI.
+	 * Membarrier requires a memory barrier after accessing
+	 * user-space memory, before clearing tsk->mm or the
+	 * rq->membarrier_state.
+	 */
+	smp_mb__after_spinlock();
+	local_irq_disable();
 	current->mm = NULL;
 	mmap_read_unlock(mm);
 	enter_lazy_tlb(mm, current);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/include/linux/sched/mm.h
+++ b/include/linux/sched/mm.h
@@ -395,4 +363,4 @@
 }
 #endif
 
-#ifdef CONFIG_IOMMU_SVA
+#endif /* _LINUX_SCHED_MM_H */
--- b/kernel/exit.c
+++ b/kernel/exit.c
@@ -472,7 +472,6 @@
 	BUG_ON(mm != current->active_mm);
 	/* more a memory barrier than a real lock */
 	task_lock(current);
-	current->user_dumpable = (get_dumpable(mm) == SUID_DUMP_USER);
 	current->mm = NULL;
 	mmap_read_unlock(mm);
 	enter_lazy_tlb(mm, current);

• ⚠️ PR commit d232ab7c8396 (arm64: Add part number for Arm Cortex-A78AE) → upstream 83bea32ac7ed
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -136,2 +133,3 @@
 #define MIDR_CORTEX_X1	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1)
+#define MIDR_CORTEX_A510 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A510)
 #define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710)

================================================================================
*    ONLY IN PATCH1 - files not modified by patch2                             *
================================================================================

--- b/arch/arm64/kernel/proton-pack.c
+++ /dev/null
@@ -1,1157 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- * Handle detection, reporting and mitigation of Spectre v1, v2, v3a and v4, as
- * detailed at:
- *
- *   https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- *
- * This code was originally written hastily under an awful lot of stress and so
- * aspects of it are somewhat hacky. Unfortunately, changing anything in here
- * instantly makes me feel ill. Thanks, Jann. Thann.
- *
- * Copyright (C) 2018 ARM Ltd, All Rights Reserved.
- * Copyright (C) 2020 Google LLC
- *
- * "If there's something strange in your neighbourhood, who you gonna call?"
- *
- * Authors: Will Deacon <will@kernel.org> and Marc Zyngier <maz@kernel.org>
- */
-
-#include <linux/arm-smccc.h>
-#include <linux/bpf.h>
-#include <linux/cpu.h>
-#include <linux/device.h>
-#include <linux/nospec.h>
-#include <linux/prctl.h>
-#include <linux/sched/task_stack.h>
-
-#include <asm/debug-monitors.h>
-#include <asm/insn.h>
-#include <asm/spectre.h>
-#include <asm/traps.h>
-#include <asm/vectors.h>
-#include <asm/virt.h>
-
-/*
- * We try to ensure that the mitigation state can never change as the result of
- * onlining a late CPU.
- */
-static void update_mitigation_state(enum mitigation_state *oldp,
-				    enum mitigation_state new)
-{
-	enum mitigation_state state;
-
-	do {
-		state = READ_ONCE(*oldp);
-		if (new <= state)
-			break;
-
-		/* Userspace almost certainly can't deal with this. */
-		if (WARN_ON(system_capabilities_finalized()))
-			break;
-	} while (cmpxchg_relaxed(oldp, state, new) != state);
-}
-
-/*
- * Spectre v1.
- *
- * The kernel can't protect userspace for this one: it's each person for
- * themselves. Advertise what we're doing and be done with it.
- */
-ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
-			    char *buf)
-{
-	return sprintf(buf, "Mitigation: __user pointer sanitization\n");
-}
-
-/*
- * Spectre v2.
- *
- * This one sucks. A CPU is either:
- *
- * - Mitigated in hardware and advertised by ID_AA64PFR0_EL1.CSV2.
- * - Mitigated in hardware and listed in our "safe list".
- * - Mitigated in software by firmware.
- * - Mitigated in software by a CPU-specific dance in the kernel and a
- *   firmware call at EL2.
- * - Vulnerable.
- *
- * It's not unlikely for different CPUs in a big.LITTLE system to fall into
- * different camps.
- */
-static enum mitigation_state spectre_v2_state;
-
-static bool __read_mostly __nospectre_v2;
-static int __init parse_spectre_v2_param(char *str)
-{
-	__nospectre_v2 = true;
-	return 0;
-}
-early_param("nospectre_v2", parse_spectre_v2_param);
-
-static bool spectre_v2_mitigations_off(void)
-{
-	bool ret = __nospectre_v2 || cpu_mitigations_off();
-
-	if (ret)
-		pr_info_once("spectre-v2 mitigation disabled by command line option\n");
-
-	return ret;
-}
-
-static const char *get_bhb_affected_string(enum mitigation_state bhb_state)
-{
-	switch (bhb_state) {
-	case SPECTRE_UNAFFECTED:
-		return "";
-	default:
-	case SPECTRE_VULNERABLE:
-		return ", but not BHB";
-	case SPECTRE_MITIGATED:
-		return ", BHB";
-	}
-}
-
-static bool _unprivileged_ebpf_enabled(void)
-{
-#ifdef CONFIG_BPF_SYSCALL
-	return !sysctl_unprivileged_bpf_disabled;
-#else
-	return false;
-#endif
-}
-
-ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
-			    char *buf)
-{
-	enum mitigation_state bhb_state = arm64_get_spectre_bhb_state();
-	const char *bhb_str = get_bhb_affected_string(bhb_state);
-	const char *v2_str = "Branch predictor hardening";
-
-	switch (spectre_v2_state) {
-	case SPECTRE_UNAFFECTED:
-		if (bhb_state == SPECTRE_UNAFFECTED)
-			return sprintf(buf, "Not affected\n");
-
-		/*
-		 * Platforms affected by Spectre-BHB can't report
-		 * "Not affected" for Spectre-v2.
-		 */
-		v2_str = "CSV2";
-		fallthrough;
-	case SPECTRE_MITIGATED:
-		if (bhb_state == SPECTRE_MITIGATED && _unprivileged_ebpf_enabled())
-			return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");
-
-		return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str);
-	case SPECTRE_VULNERABLE:
-		fallthrough;
-	default:
-		return sprintf(buf, "Vulnerable\n");
-	}
-}
-
-static enum mitigation_state spectre_v2_get_cpu_hw_mitigation_state(void)
-{
-	u64 pfr0;
-	static const struct midr_range spectre_v2_safe_list[] = {
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A35),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A53),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A55),
-		MIDR_ALL_VERSIONS(MIDR_BRAHMA_B53),
-		MIDR_ALL_VERSIONS(MIDR_HISI_TSV110),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
-		{ /* sentinel */ }
-	};
-
-	/* If the CPU has CSV2 set, we're safe */
-	pfr0 = read_cpuid(ID_AA64PFR0_EL1);
-	if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT))
-		return SPECTRE_UNAFFECTED;
-
-	/* Alternatively, we have a list of unaffected CPUs */
-	if (is_midr_in_range_list(read_cpuid_id(), spectre_v2_safe_list))
-		return SPECTRE_UNAFFECTED;
-
-	return SPECTRE_VULNERABLE;
-}
-
-static enum mitigation_state spectre_v2_get_cpu_fw_mitigation_state(void)
-{
-	int ret;
-	struct arm_smccc_res res;
-
-	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
-			     ARM_SMCCC_ARCH_WORKAROUND_1, &res);
-
-	ret = res.a0;
-	switch (ret) {
-	case SMCCC_RET_SUCCESS:
-		return SPECTRE_MITIGATED;
-	case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:
-		return SPECTRE_UNAFFECTED;
-	default:
-		fallthrough;
-	case SMCCC_RET_NOT_SUPPORTED:
-		return SPECTRE_VULNERABLE;
-	}
-}
-
-bool has_spectre_v2(const struct arm64_cpu_capabilities *entry, int scope)
-{
-	WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
-
-	if (spectre_v2_get_cpu_hw_mitigation_state() == SPECTRE_UNAFFECTED)
-		return false;
-
-	if (spectre_v2_get_cpu_fw_mitigation_state() == SPECTRE_UNAFFECTED)
-		return false;
-
-	return true;
-}
-
-enum mitigation_state arm64_get_spectre_v2_state(void)
-{
-	return spectre_v2_state;
-}
-
-DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);
-
-static void install_bp_hardening_cb(bp_hardening_cb_t fn)
-{
-	__this_cpu_write(bp_hardening_data.fn, fn);
-
-	/*
-	 * Vinz Clortho takes the hyp_vecs start/end "keys" at
-	 * the door when we're a guest. Skip the hyp-vectors work.
-	 */
-	if (!is_hyp_mode_available())
-		return;
-
-	__this_cpu_write(bp_hardening_data.slot, HYP_VECTOR_SPECTRE_DIRECT);
-}
-
-/* Called during entry so must be noinstr */
-static noinstr void call_smc_arch_workaround_1(void)
-{
-	arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL);
-}
-
-/* Called during entry so must be noinstr */
-static noinstr void call_hvc_arch_workaround_1(void)
-{
-	arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL);
-}
-
-/* Called during entry so must be noinstr */
-static noinstr void qcom_link_stack_sanitisation(void)
-{
-	u64 tmp;
-
-	asm volatile("mov	%0, x30		\n"
-		     ".rept	16		\n"
-		     "bl	. + 4		\n"
-		     ".endr			\n"
-		     "mov	x30, %0		\n"
-		     : "=&r" (tmp));
-}
-
-static bp_hardening_cb_t spectre_v2_get_sw_mitigation_cb(void)
-{
-	u32 midr = read_cpuid_id();
-	if (((midr & MIDR_CPU_MODEL_MASK) != MIDR_QCOM_FALKOR) &&
-	    ((midr & MIDR_CPU_MODEL_MASK) != MIDR_QCOM_FALKOR_V1))
-		return NULL;
-
-	return qcom_link_stack_sanitisation;
-}
-
-static enum mitigation_state spectre_v2_enable_fw_mitigation(void)
-{
-	bp_hardening_cb_t cb;
-	enum mitigation_state state;
-
-	state = spectre_v2_get_cpu_fw_mitigation_state();
-	if (state != SPECTRE_MITIGATED)
-		return state;
-
-	if (spectre_v2_mitigations_off())
-		return SPECTRE_VULNERABLE;
-
-	switch (arm_smccc_1_1_get_conduit()) {
-	case SMCCC_CONDUIT_HVC:
-		cb = call_hvc_arch_workaround_1;
-		break;
-
-	case SMCCC_CONDUIT_SMC:
-		cb = call_smc_arch_workaround_1;
-		break;
-
-	default:
-		return SPECTRE_VULNERABLE;
-	}
-
-	/*
-	 * Prefer a CPU-specific workaround if it exists. Note that we
-	 * still rely on firmware for the mitigation at EL2.
-	 */
-	cb = spectre_v2_get_sw_mitigation_cb() ?: cb;
-	install_bp_hardening_cb(cb);
-	return SPECTRE_MITIGATED;
-}
-
-void spectre_v2_enable_mitigation(const struct arm64_cpu_capabilities *__unused)
-{
-	enum mitigation_state state;
-
-	WARN_ON(preemptible());
-
-	state = spectre_v2_get_cpu_hw_mitigation_state();
-	if (state == SPECTRE_VULNERABLE)
-		state = spectre_v2_enable_fw_mitigation();
-
-	update_mitigation_state(&spectre_v2_state, state);
-}
-
-/*
- * Spectre-v3a.
- *
- * Phew, there's not an awful lot to do here! We just instruct EL2 to use
- * an indirect trampoline for the hyp vectors so that guests can't read
- * VBAR_EL2 to defeat randomisation of the hypervisor VA layout.
- */
-bool has_spectre_v3a(const struct arm64_cpu_capabilities *entry, int scope)
-{
-	static const struct midr_range spectre_v3a_unsafe_list[] = {
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
-		{},
-	};
-
-	WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
-	return is_midr_in_range_list(read_cpuid_id(), spectre_v3a_unsafe_list);
-}
-
-void spectre_v3a_enable_mitigation(const struct arm64_cpu_capabilities *__unused)
-{
-	struct bp_hardening_data *data = this_cpu_ptr(&bp_hardening_data);
-
-	if (this_cpu_has_cap(ARM64_SPECTRE_V3A))
-		data->slot += HYP_VECTOR_INDIRECT;
-}
-
-/*
- * Spectre v4.
- *
- * If you thought Spectre v2 was nasty, wait until you see this mess. A CPU is
- * either:
- *
- * - Mitigated in hardware and listed in our "safe list".
- * - Mitigated in hardware via PSTATE.SSBS.
- * - Mitigated in software by firmware (sometimes referred to as SSBD).
- *
- * Wait, that doesn't sound so bad, does it? Keep reading...
- *
- * A major source of headaches is that the software mitigation is enabled both
- * on a per-task basis, but can also be forced on for the kernel, necessitating
- * both context-switch *and* entry/exit hooks. To make it even worse, some CPUs
- * allow EL0 to toggle SSBS directly, which can end up with the prctl() state
- * being stale when re-entering the kernel. The usual big.LITTLE caveats apply,
- * so you can have systems that have both firmware and SSBS mitigations. This
- * means we actually have to reject late onlining of CPUs with mitigations if
- * all of the currently onlined CPUs are safelisted, as the mitigation tends to
- * be opt-in for userspace. Yes, really, the cure is worse than the disease.
- *
- * The only good part is that if the firmware mitigation is present, then it is
- * present for all CPUs, meaning we don't have to worry about late onlining of a
- * vulnerable CPU if one of the boot CPUs is using the firmware mitigation.
- *
- * Give me a VAX-11/780 any day of the week...
- */
-static enum mitigation_state spectre_v4_state;
-
-/* This is the per-cpu state tracking whether we need to talk to firmware */
-DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
-
-enum spectre_v4_policy {
-	SPECTRE_V4_POLICY_MITIGATION_DYNAMIC,
-	SPECTRE_V4_POLICY_MITIGATION_ENABLED,
-	SPECTRE_V4_POLICY_MITIGATION_DISABLED,
-};
-
-static enum spectre_v4_policy __read_mostly __spectre_v4_policy;
-
-static const struct spectre_v4_param {
-	const char		*str;
-	enum spectre_v4_policy	policy;
-} spectre_v4_params[] = {
-	{ "force-on",	SPECTRE_V4_POLICY_MITIGATION_ENABLED, },
-	{ "force-off",	SPECTRE_V4_POLICY_MITIGATION_DISABLED, },
-	{ "kernel",	SPECTRE_V4_POLICY_MITIGATION_DYNAMIC, },
-};
-static int __init parse_spectre_v4_param(char *str)
-{
-	int i;
-
-	if (!str || !str[0])
-		return -EINVAL;
-
-	for (i = 0; i < ARRAY_SIZE(spectre_v4_params); i++) {
-		const struct spectre_v4_param *param = &spectre_v4_params[i];
-
-		if (strncmp(str, param->str, strlen(param->str)))
-			continue;
-
-		__spectre_v4_policy = param->policy;
-		return 0;
-	}
-
-	return -EINVAL;
-}
-early_param("ssbd", parse_spectre_v4_param);
-
-/*
- * Because this was all written in a rush by people working in different silos,
- * we've ended up with multiple command line options to control the same thing.
- * Wrap these up in some helpers, which prefer disabling the mitigation if faced
- * with contradictory parameters. The mitigation is always either "off",
- * "dynamic" or "on".
- */
-static bool spectre_v4_mitigations_off(void)
-{
-	bool ret = cpu_mitigations_off() ||
-		   __spectre_v4_policy == SPECTRE_V4_POLICY_MITIGATION_DISABLED;
-
-	if (ret)
-		pr_info_once("spectre-v4 mitigation disabled by command-line option\n");
-
-	return ret;
-}
-
-/* Do we need to toggle the mitigation state on entry to/exit from the kernel? */
-static bool spectre_v4_mitigations_dynamic(void)
-{
-	return !spectre_v4_mitigations_off() &&
-	       __spectre_v4_policy == SPECTRE_V4_POLICY_MITIGATION_DYNAMIC;
-}
-
-static bool spectre_v4_mitigations_on(void)
-{
-	return !spectre_v4_mitigations_off() &&
-	       __spectre_v4_policy == SPECTRE_V4_POLICY_MITIGATION_ENABLED;
-}
-
-ssize_t cpu_show_spec_store_bypass(struct device *dev,
-				   struct device_attribute *attr, char *buf)
-{
-	switch (spectre_v4_state) {
-	case SPECTRE_UNAFFECTED:
-		return sprintf(buf, "Not affected\n");
-	case SPECTRE_MITIGATED:
-		return sprintf(buf, "Mitigation: Speculative Store Bypass disabled via prctl\n");
-	case SPECTRE_VULNERABLE:
-		fallthrough;
-	default:
-		return sprintf(buf, "Vulnerable\n");
-	}
-}
-
-enum mitigation_state arm64_get_spectre_v4_state(void)
-{
-	return spectre_v4_state;
-}
-
-static enum mitigation_state spectre_v4_get_cpu_hw_mitigation_state(void)
-{
-	static const struct midr_range spectre_v4_safe_list[] = {
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A35),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A53),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A55),
-		MIDR_ALL_VERSIONS(MIDR_BRAHMA_B53),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
-		{ /* sentinel */ },
-	};
-
-	if (is_midr_in_range_list(read_cpuid_id(), spectre_v4_safe_list))
-		return SPECTRE_UNAFFECTED;
-
-	/* CPU features are detected first */
-	if (this_cpu_has_cap(ARM64_SSBS))
-		return SPECTRE_MITIGATED;
-
-	return SPECTRE_VULNERABLE;
-}
-
-static enum mitigation_state spectre_v4_get_cpu_fw_mitigation_state(void)
-{
-	int ret;
-	struct arm_smccc_res res;
-
-	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
-			     ARM_SMCCC_ARCH_WORKAROUND_2, &res);
-
-	ret = res.a0;
-	switch (ret) {
-	case SMCCC_RET_SUCCESS:
-		return SPECTRE_MITIGATED;
-	case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:
-		fallthrough;
-	case SMCCC_RET_NOT_REQUIRED:
-		return SPECTRE_UNAFFECTED;
-	default:
-		fallthrough;
-	case SMCCC_RET_NOT_SUPPORTED:
-		return SPECTRE_VULNERABLE;
-	}
-}
-
-bool has_spectre_v4(const struct arm64_cpu_capabilities *cap, int scope)
-{
-	enum mitigation_state state;
-
-	WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
-
-	state = spectre_v4_get_cpu_hw_mitigation_state();
-	if (state == SPECTRE_VULNERABLE)
-		state = spectre_v4_get_cpu_fw_mitigation_state();
-
-	return state != SPECTRE_UNAFFECTED;
-}
-
-static int ssbs_emulation_handler(struct pt_regs *regs, u32 instr)
-{
-	if (user_mode(regs))
-		return 1;
-
-	if (instr & BIT(PSTATE_Imm_shift))
-		regs->pstate |= PSR_SSBS_BIT;
-	else
-		regs->pstate &= ~PSR_SSBS_BIT;
-
-	arm64_skip_faulting_instruction(regs, 4);
-	return 0;
-}
-
-static struct undef_hook ssbs_emulation_hook = {
-	.instr_mask	= ~(1U << PSTATE_Imm_shift),
-	.instr_val	= 0xd500401f | PSTATE_SSBS,
-	.fn		= ssbs_emulation_handler,
-};
-
-static enum mitigation_state spectre_v4_enable_hw_mitigation(void)
-{
-	static bool undef_hook_registered = false;
-	static DEFINE_RAW_SPINLOCK(hook_lock);
-	enum mitigation_state state;
-
-	/*
-	 * If the system is mitigated but this CPU doesn't have SSBS, then
-	 * we must be on the safelist and there's nothing more to do.
-	 */
-	state = spectre_v4_get_cpu_hw_mitigation_state();
-	if (state != SPECTRE_MITIGATED || !this_cpu_has_cap(ARM64_SSBS))
-		return state;
-
-	raw_spin_lock(&hook_lock);
-	if (!undef_hook_registered) {
-		register_undef_hook(&ssbs_emulation_hook);
-		undef_hook_registered = true;
-	}
-	raw_spin_unlock(&hook_lock);
-
-	if (spectre_v4_mitigations_off()) {
-		sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_DSSBS);
-		set_pstate_ssbs(1);
-		return SPECTRE_VULNERABLE;
-	}
-
-	/* SCTLR_EL1.DSSBS was initialised to 0 during boot */
-	set_pstate_ssbs(0);
-	return SPECTRE_MITIGATED;
-}
-
-/*
- * Patch a branch over the Spectre-v4 mitigation code with a NOP so that
- * we fallthrough and check whether firmware needs to be called on this CPU.
- */
-void __init spectre_v4_patch_fw_mitigation_enable(struct alt_instr *alt,
-						  __le32 *origptr,
-						  __le32 *updptr, int nr_inst)
-{
-	BUG_ON(nr_inst != 1); /* Branch -> NOP */
-
-	if (spectre_v4_mitigations_off())
-		return;
-
-	if (cpus_have_final_cap(ARM64_SSBS))
-		return;
-
-	if (spectre_v4_mitigations_dynamic())
-		*updptr = cpu_to_le32(aarch64_insn_gen_nop());
-}
-
-/*
- * Patch a NOP in the Spectre-v4 mitigation code with an SMC/HVC instruction
- * to call into firmware to adjust the mitigation state.
- */
-void __init smccc_patch_fw_mitigation_conduit(struct alt_instr *alt,
-					       __le32 *origptr,
-					       __le32 *updptr, int nr_inst)
-{
-	u32 insn;
-
-	BUG_ON(nr_inst != 1); /* NOP -> HVC/SMC */
-
-	switch (arm_smccc_1_1_get_conduit()) {
-	case SMCCC_CONDUIT_HVC:
-		insn = aarch64_insn_get_hvc_value();
-		break;
-	case SMCCC_CONDUIT_SMC:
-		insn = aarch64_insn_get_smc_value();
-		break;
-	default:
-		return;
-	}
-
-	*updptr = cpu_to_le32(insn);
-}
-
-static enum mitigation_state spectre_v4_enable_fw_mitigation(void)
-{
-	enum mitigation_state state;
-
-	state = spectre_v4_get_cpu_fw_mitigation_state();
-	if (state != SPECTRE_MITIGATED)
-		return state;
-
-	if (spectre_v4_mitigations_off()) {
-		arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_WORKAROUND_2, false, NULL);
-		return SPECTRE_VULNERABLE;
-	}
-
-	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_WORKAROUND_2, true, NULL);
-
-	if (spectre_v4_mitigations_dynamic())
-		__this_cpu_write(arm64_ssbd_callback_required, 1);
-
-	return SPECTRE_MITIGATED;
-}
-
-void spectre_v4_enable_mitigation(const struct arm64_cpu_capabilities *__unused)
-{
-	enum mitigation_state state;
-
-	WARN_ON(preemptible());
-
-	state = spectre_v4_enable_hw_mitigation();
-	if (state == SPECTRE_VULNERABLE)
-		state = spectre_v4_enable_fw_mitigation();
-
-	update_mitigation_state(&spectre_v4_state, state);
-}
-
-static void __update_pstate_ssbs(struct pt_regs *regs, bool state)
-{
-	u64 bit = compat_user_mode(regs) ? PSR_AA32_SSBS_BIT : PSR_SSBS_BIT;
-
-	if (state)
-		regs->pstate |= bit;
-	else
-		regs->pstate &= ~bit;
-}
-
-void spectre_v4_enable_task_mitigation(struct task_struct *tsk)
-{
-	struct pt_regs *regs = task_pt_regs(tsk);
-	bool ssbs = false, kthread = tsk->flags & PF_KTHREAD;
-
-	if (spectre_v4_mitigations_off())
-		ssbs = true;
-	else if (spectre_v4_mitigations_dynamic() && !kthread)
-		ssbs = !test_tsk_thread_flag(tsk, TIF_SSBD);
-
-	__update_pstate_ssbs(regs, ssbs);
-}
-
-/*
- * The Spectre-v4 mitigation can be controlled via a prctl() from userspace.
- * This is interesting because the "speculation disabled" behaviour can be
- * configured so that it is preserved across exec(), which means that the
- * prctl() may be necessary even when PSTATE.SSBS can be toggled directly
- * from userspace.
- */
-static void ssbd_prctl_enable_mitigation(struct task_struct *task)
-{
-	task_clear_spec_ssb_noexec(task);
-	task_set_spec_ssb_disable(task);
-	set_tsk_thread_flag(task, TIF_SSBD);
-}
-
-static void ssbd_prctl_disable_mitigation(struct task_struct *task)
-{
-	task_clear_spec_ssb_noexec(task);
-	task_clear_spec_ssb_disable(task);
-	clear_tsk_thread_flag(task, TIF_SSBD);
-}
-
-static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
-{
-	switch (ctrl) {
-	case PR_SPEC_ENABLE:
-		/* Enable speculation: disable mitigation */
-		/*
-		 * Force disabled speculation prevents it from being
-		 * re-enabled.
-		 */
-		if (task_spec_ssb_force_disable(task))
-			return -EPERM;
-
-		/*
-		 * If the mitigation is forced on, then speculation is forced
-		 * off and we again prevent it from being re-enabled.
-		 */
-		if (spectre_v4_mitigations_on())
-			return -EPERM;
-
-		ssbd_prctl_disable_mitigation(task);
-		break;
-	case PR_SPEC_FORCE_DISABLE:
-		/* Force disable speculation: force enable mitigation */
-		/*
-		 * If the mitigation is forced off, then speculation is forced
-		 * on and we prevent it from being disabled.
-		 */
-		if (spectre_v4_mitigations_off())
-			return -EPERM;
-
-		task_set_spec_ssb_force_disable(task);
-		fallthrough;
-	case PR_SPEC_DISABLE:
-		/* Disable speculation: enable mitigation */
-		/* Same as PR_SPEC_FORCE_DISABLE */
-		if (spectre_v4_mitigations_off())
-			return -EPERM;
-
-		ssbd_prctl_enable_mitigation(task);
-		break;
-	case PR_SPEC_DISABLE_NOEXEC:
-		/* Disable speculation until execve(): enable mitigation */
-		/*
-		 * If the mitigation state is forced one way or the other, then
-		 * we must fail now before we try to toggle it on execve().
-		 */
-		if (task_spec_ssb_force_disable(task) ||
-		    spectre_v4_mitigations_off() ||
-		    spectre_v4_mitigations_on()) {
-			return -EPERM;
-		}
-
-		ssbd_prctl_enable_mitigation(task);
-		task_set_spec_ssb_noexec(task);
-		break;
-	default:
-		return -ERANGE;
-	}
-
-	spectre_v4_enable_task_mitigation(task);
-	return 0;
-}
-
-int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
-			     unsigned long ctrl)
-{
-	switch (which) {
-	case PR_SPEC_STORE_BYPASS:
-		return ssbd_prctl_set(task, ctrl);
-	default:
-		return -ENODEV;
-	}
-}
-
-static int ssbd_prctl_get(struct task_struct *task)
-{
-	switch (spectre_v4_state) {
-	case SPECTRE_UNAFFECTED:
-		return PR_SPEC_NOT_AFFECTED;
-	case SPECTRE_MITIGATED:
-		if (spectre_v4_mitigations_on())
-			return PR_SPEC_NOT_AFFECTED;
-
-		if (spectre_v4_mitigations_dynamic())
-			break;
-
-		/* Mitigations are disabled, so we're vulnerable. */
-		fallthrough;
-	case SPECTRE_VULNERABLE:
-		fallthrough;
-	default:
-		return PR_SPEC_ENABLE;
-	}
-
-	/* Check the mitigation state for this task */
-	if (task_spec_ssb_force_disable(task))
-		return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
-
-	if (task_spec_ssb_noexec(task))
-		return PR_SPEC_PRCTL | PR_SPEC_DISABLE_NOEXEC;
-
-	if (task_spec_ssb_disable(task))
-		return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
-
-	return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
-}
-
-int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
-{
-	switch (which) {
-	case PR_SPEC_STORE_BYPASS:
-		return ssbd_prctl_get(task);
-	default:
-		return -ENODEV;
-	}
-}
-
-/*
- * Spectre BHB.
- *
- * A CPU is either:
- * - Mitigated by a branchy loop a CPU specific number of times, and listed
- *   in our "loop mitigated list".
- * - Mitigated in software by the firmware Spectre v2 call.
- * - Has the ClearBHB instruction to perform the mitigation.
- * - Has the 'Exception Clears Branch History Buffer' (ECBHB) feature, so no
- *   software mitigation in the vectors is needed.
- * - Has CSV2.3, so is unaffected.
- */
-static enum mitigation_state spectre_bhb_state;
-
-enum mitigation_state arm64_get_spectre_bhb_state(void)
-{
-	return spectre_bhb_state;
-}
-
-enum bhb_mitigation_bits {
-	BHB_LOOP,
-	BHB_FW,
-	BHB_HW,
-	BHB_INSN,
-};
-static unsigned long system_bhb_mitigations;
-
-/*
- * This must be called with SCOPE_LOCAL_CPU for each type of CPU, before any
- * SCOPE_SYSTEM call will give the right answer.
- */
-u8 spectre_bhb_loop_affected(int scope)
-{
-	u8 k = 0;
-	static u8 max_bhb_k;
-
-	if (scope == SCOPE_LOCAL_CPU) {
-		static const struct midr_range spectre_bhb_k32_list[] = {
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_X1),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_X2),
-			MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
-			MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1),
-			{},
-		};
-		static const struct midr_range spectre_bhb_k24_list[] = {
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A76),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A77),
-			MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1),
-			{},
-		};
-		static const struct midr_range spectre_bhb_k8_list[] = {
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
-			{},
-		};
-
-		if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list))
-			k = 32;
-		else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list))
-			k = 24;
-		else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k8_list))
-			k =  8;
-
-		max_bhb_k = max(max_bhb_k, k);
-	} else {
-		k = max_bhb_k;
-	}
-
-	return k;
-}
-
-static enum mitigation_state spectre_bhb_get_cpu_fw_mitigation_state(void)
-{
-	int ret;
-	struct arm_smccc_res res;
-
-	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
-			     ARM_SMCCC_ARCH_WORKAROUND_3, &res);
-
-	ret = res.a0;
-	switch (ret) {
-	case SMCCC_RET_SUCCESS:
-		return SPECTRE_MITIGATED;
-	case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:
-		return SPECTRE_UNAFFECTED;
-	default:
-		fallthrough;
-	case SMCCC_RET_NOT_SUPPORTED:
-		return SPECTRE_VULNERABLE;
-	}
-}
-
-static bool is_spectre_bhb_fw_affected(int scope)
-{
-	static bool system_affected;
-	enum mitigation_state fw_state;
-	bool has_smccc = arm_smccc_1_1_get_conduit() != SMCCC_CONDUIT_NONE;
-	static const struct midr_range spectre_bhb_firmware_mitigated_list[] = {
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A75),
-		{},
-	};
-	bool cpu_in_list = is_midr_in_range_list(read_cpuid_id(),
-					 spectre_bhb_firmware_mitigated_list);
-
-	if (scope != SCOPE_LOCAL_CPU)
-		return system_affected;
-
-	fw_state = spectre_bhb_get_cpu_fw_mitigation_state();
-	if (cpu_in_list || (has_smccc && fw_state == SPECTRE_MITIGATED)) {
-		system_affected = true;
-		return true;
-	}
-
-	return false;
-}
-
-static bool supports_ecbhb(int scope)
-{
-	u64 mmfr1;
-
-	if (scope == SCOPE_LOCAL_CPU)
-		mmfr1 = read_sysreg_s(SYS_ID_AA64MMFR1_EL1);
-	else
-		mmfr1 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1);
-
-	return cpuid_feature_extract_unsigned_field(mmfr1,
-						    ID_AA64MMFR1_ECBHB_SHIFT);
-}
-
-bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry,
-			     int scope)
-{
-	WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
-
-	if (supports_csv2p3(scope))
-		return false;
-
-	if (supports_clearbhb(scope))
-		return true;
-
-	if (spectre_bhb_loop_affected(scope))
-		return true;
-
-	if (is_spectre_bhb_fw_affected(scope))
-		return true;
-
-	return false;
-}
-
-static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot)
-{
-	const char *v = arm64_get_bp_hardening_vector(slot);
-
-	if (slot < 0)
-		return;
-
-	__this_cpu_write(this_cpu_vector, v);
-
-	/*
-	 * When KPTI is in use, the vectors are switched when exiting to
-	 * user-space.
-	 */
-	if (arm64_kernel_unmapped_at_el0())
-		return;
-
-	write_sysreg(v, vbar_el1);
-	isb();
-}
-
-void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
-{
-	bp_hardening_cb_t cpu_cb;
-	enum mitigation_state fw_state, state = SPECTRE_VULNERABLE;
-	struct bp_hardening_data *data = this_cpu_ptr(&bp_hardening_data);
-
-	if (!is_spectre_bhb_affected(entry, SCOPE_LOCAL_CPU))
-		return;
-
-	if (arm64_get_spectre_v2_state() == SPECTRE_VULNERABLE) {
-		/* No point mitigating Spectre-BHB alone. */
-	} else if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY)) {
-		pr_info_once("spectre-bhb mitigation disabled by compile time option\n");
-	} else if (cpu_mitigations_off()) {
-		pr_info_once("spectre-bhb mitigation disabled by command line option\n");
-	} else if (supports_ecbhb(SCOPE_LOCAL_CPU)) {
-		state = SPECTRE_MITIGATED;
-		set_bit(BHB_HW, &system_bhb_mitigations);
-	} else if (supports_clearbhb(SCOPE_LOCAL_CPU)) {
-		/*
-		 * Ensure KVM uses the indirect vector which will have ClearBHB
-		 * added.
-		 */
-		if (!data->slot)
-			data->slot = HYP_VECTOR_INDIRECT;
-
-		this_cpu_set_vectors(EL1_VECTOR_BHB_CLEAR_INSN);
-		state = SPECTRE_MITIGATED;
-		set_bit(BHB_INSN, &system_bhb_mitigations);
-	} else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) {
-		/*
-		 * Ensure KVM uses the indirect vector which will have the
-		 * branchy-loop added. A57/A72-r0 will already have selected
-		 * the spectre-indirect vector, which is sufficient for BHB
-		 * too.
-		 */
-		if (!data->slot)
-			data->slot = HYP_VECTOR_INDIRECT;
-
-		this_cpu_set_vectors(EL1_VECTOR_BHB_LOOP);
-		state = SPECTRE_MITIGATED;
-		set_bit(BHB_LOOP, &system_bhb_mitigations);
-	} else if (is_spectre_bhb_fw_affected(SCOPE_LOCAL_CPU)) {
-		fw_state = spectre_bhb_get_cpu_fw_mitigation_state();
-		if (fw_state == SPECTRE_MITIGATED) {
-			/*
-			 * Ensure KVM uses one of the spectre bp_hardening
-			 * vectors. The indirect vector doesn't include the EL3
-			 * call, so needs upgrading to
-			 * HYP_VECTOR_SPECTRE_INDIRECT.
-			 */
-			if (!data->slot || data->slot == HYP_VECTOR_INDIRECT)
-				data->slot += 1;
-
-			this_cpu_set_vectors(EL1_VECTOR_BHB_FW);
-
-			/*
-			 * The WA3 call in the vectors supersedes the WA1 call
-			 * made during context-switch. Uninstall any firmware
-			 * bp_hardening callback.
-			 */
-			cpu_cb = spectre_v2_get_sw_mitigation_cb();
-			if (__this_cpu_read(bp_hardening_data.fn) != cpu_cb)
-				__this_cpu_write(bp_hardening_data.fn, NULL);
-
-			state = SPECTRE_MITIGATED;
-			set_bit(BHB_FW, &system_bhb_mitigations);
-		}
-	}
-
-	update_mitigation_state(&spectre_bhb_state, state);
-}
-
-/* Patched to NOP when enabled */
-void noinstr spectre_bhb_patch_loop_mitigation_enable(struct alt_instr *alt,
-						     __le32 *origptr,
-						      __le32 *updptr, int nr_inst)
-{
-	BUG_ON(nr_inst != 1);
-
-	if (test_bit(BHB_LOOP, &system_bhb_mitigations))
-		*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
-}
-
-/* Patched to NOP when enabled */
-void noinstr spectre_bhb_patch_fw_mitigation_enabled(struct alt_instr *alt,
-						   __le32 *origptr,
-						   __le32 *updptr, int nr_inst)
-{
-	BUG_ON(nr_inst != 1);
-
-	if (test_bit(BHB_FW, &system_bhb_mitigations))
-		*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
-}
-
-/* Patched to correct the immediate */
-void noinstr spectre_bhb_patch_loop_iter(struct alt_instr *alt,
-				   __le32 *origptr, __le32 *updptr, int nr_inst)
-{
-	u8 rd;
-	u32 insn;
-	u16 loop_count = spectre_bhb_loop_affected(SCOPE_SYSTEM);
-
-	BUG_ON(nr_inst != 1); /* MOV -> MOV */
-
-	if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY))
-		return;
-
-	insn = le32_to_cpu(*origptr);
-	rd = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RD, insn);
-	insn = aarch64_insn_gen_movewide(rd, loop_count, 0,
-					 AARCH64_INSN_VARIANT_64BIT,
-					 AARCH64_INSN_MOVEWIDE_ZERO);
-	*updptr++ = cpu_to_le32(insn);
-}
-
-/* Patched to mov WA3 when supported */
-void noinstr spectre_bhb_patch_wa3(struct alt_instr *alt,
-				   __le32 *origptr, __le32 *updptr, int nr_inst)
-{
-	u8 rd;
-	u32 insn;
-
-	BUG_ON(nr_inst != 1); /* MOV -> MOV */
-
-	if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY) ||
-	    !test_bit(BHB_FW, &system_bhb_mitigations))
-		return;
-
-	insn = le32_to_cpu(*origptr);
-	rd = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RD, insn);
-
-	insn = aarch64_insn_gen_logical_immediate(AARCH64_INSN_LOGIC_ORR,
-						  AARCH64_INSN_VARIANT_32BIT,
-						  AARCH64_INSN_REG_ZR, rd,
-						  ARM_SMCCC_ARCH_WORKAROUND_3);
-	if (WARN_ON_ONCE(insn == AARCH64_BREAK_FAULT))
-		return;
-
-	*updptr++ = cpu_to_le32(insn);
-}
-
-/* Patched to NOP when not supported */
-void __init spectre_bhb_patch_clearbhb(struct alt_instr *alt,
-				   __le32 *origptr, __le32 *updptr, int nr_inst)
-{
-	BUG_ON(nr_inst != 2);
-
-	if (test_bit(BHB_INSN, &system_bhb_mitigations))
-		return;
-
-	*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
-	*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
-}
-
-#ifdef CONFIG_BPF_SYSCALL
-#define EBPF_WARN "Unprivileged eBPF is enabled, data leaks possible via Spectre v2 BHB attacks!\n"
-void unpriv_ebpf_notify(int new_state)
-{
-	if (spectre_v2_state == SPECTRE_VULNERABLE ||
-	    spectre_bhb_state != SPECTRE_MITIGATED)
-		return;
-
-	if (!new_state)
-		pr_err("WARNING: %s", EBPF_WARN);
-}
-#endif

================================================================================
*    ONLY IN PATCH2 - files not modified by patch1                             *
================================================================================

--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -853,6 +853,7 @@ u8 spectre_bhb_loop_affected(int scope)
 	if (scope == SCOPE_LOCAL_CPU) {
 		static const struct midr_range spectre_bhb_k32_list[] = {
 			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78),
+			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE),
 			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C),
 			MIDR_ALL_VERSIONS(MIDR_CORTEX_X1),
 			MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),

• ⚠️ PR commit 5af0a38924cc (arm64: cputype: Add Cortex-X4 definitions) → upstream 02a0a04676fa
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -86,6 +86,7 @@
 #define ARM_CPU_PART_CORTEX_X2		0xD48
 #define ARM_CPU_PART_NEOVERSE_N2	0xD49
 #define ARM_CPU_PART_CORTEX_A78C	0xD4B
+#define ARM_CPU_PART_CORTEX_X4		0xD82
 
 #define APM_CPU_PART_XGENE		0x000
 #define APM_CPU_VAR_POTENZA		0x00
@@ -159,6 +160,7 @@
 #define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2)
 #define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2)
 #define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
+#define MIDR_CORTEX_X4 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X4)
 #define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
 #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX)

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -139,6 +157,5 @@
 #define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2)
 #define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
-#define MIDR_NEOVERSE_V2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V2)
 #define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
 #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX)

• ⚠️ PR commit 6e8837d607a0 (arm64: cputype: Add Neoverse-V3 definitions) → upstream 0ce85db6c214
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -141,5 +159,4 @@
 #define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
-#define MIDR_NEOVERSE_V2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V2)
 #define MIDR_CORTEX_X4 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X4)
 #define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)

• ⚠️ PR commit 5cb82e300f76 (arm64: cputype: Add Cortex-X925 definitions) → upstream fd2ff5f0b320
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -88,4 +88,4 @@
-#define ARM_CPU_PART_NEOVERSE_V2	0xD4F
+#define ARM_CPU_PART_CORTEX_A720	0xD81
 #define ARM_CPU_PART_CORTEX_X4		0xD82
 #define ARM_CPU_PART_NEOVERSE_V3	0xD84

• ⚠️ PR commit 8caa8904c508 (arm64: cputype: Add Cortex-X1C definitions) → upstream 58d245e03c32
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -147,4 +167,4 @@
 #define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
 #define MIDR_CORTEX_X3 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X3)
 #define MIDR_NEOVERSE_V2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V2)
-#define MIDR_CORTEX_X4 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X4)
+#define MIDR_CORTEX_A720 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A720)

• ⚠️ PR commit fac45efddd6c (arm64: cputype: Add Neoverse-V3AE definitions) → upstream 3bbf004c4808
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -150,5 +179,6 @@
 #define MIDR_NEOVERSE_V2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V2)
+#define MIDR_CORTEX_A720 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A720)
 #define MIDR_CORTEX_X4 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X4)
 #define MIDR_NEOVERSE_V3 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V3)
 #define MIDR_CORTEX_X925 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X925)
-#define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
+#define MIDR_CORTEX_A725 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A725)

• ⚠️ PR commit 69bfc8fc8b69 (arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata) → upstream fb091ff39479
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -133,6 +133,7 @@
 #define HISI_CPU_PART_TSV110		0xD01
 
 #define AMPERE_CPU_PART_AMPERE1		0xAC3
+
 #define MICROSOFT_CPU_PART_AZURE_COBALT_100	0xD49 /* Based on r0p0 of ARM Neoverse N2 */
 
 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53)

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -178,5 +190,5 @@
-#define MIDR_FUJITSU_A64FX MIDR_CPU_MODEL(ARM_CPU_IMP_FUJITSU, FUJITSU_CPU_PART_A64FX)
-#define MIDR_HISI_TSV110 MIDR_CPU_MODEL(ARM_CPU_IMP_HISI, HISI_CPU_PART_TSV110)
+#define MIDR_APPLE_M2_BLIZZARD_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD_MAX)
+#define MIDR_APPLE_M2_AVALANCHE_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX)
 #define MIDR_AMPERE1 MIDR_CPU_MODEL(ARM_CPU_IMP_AMPERE, AMPERE_CPU_PART_AMPERE1)
 
 /* Fujitsu Erratum 010001 affects A64FX 1.0 and 1.1, (v0r0 and v1r0) */

================================================================================
*    ONLY IN PATCH2 - files not modified by patch1                             *
================================================================================

--- a/Documentation/arch/arm64/silicon-errata.rst
+++ b/Documentation/arch/arm64/silicon-errata.rst
@@ -243,3 +243,10 @@ stable kernels.
 +----------------+-----------------+-----------------+-----------------------------+
 | ASR            | ASR8601         | #8601001        | N/A                         |
 +----------------+-----------------+-----------------+-----------------------------+
++----------------+-----------------+-----------------+-----------------------------+
+| Microsoft      | Azure Cobalt 100| #2139208        | ARM64_ERRATUM_2139208       |
++----------------+-----------------+-----------------+-----------------------------+
+| Microsoft      | Azure Cobalt 100| #2067961        | ARM64_ERRATUM_2067961       |
++----------------+-----------------+-----------------+-----------------------------+
+| Microsoft      | Azure Cobalt 100| #2253138        | ARM64_ERRATUM_2253138       |
++----------------+-----------------+-----------------+-----------------------------+
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -374,6 +374,7 @@ static const struct midr_range erratum_1463225[] = {
 static const struct midr_range trbe_overwrite_fill_mode_cpus[] = {
 #ifdef CONFIG_ARM64_ERRATUM_2139208
 	MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
+	MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100),
 #endif
 #ifdef CONFIG_ARM64_ERRATUM_2119858
 	MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),
@@ -387,6 +388,7 @@ static const struct midr_range trbe_overwrite_fill_mode_cpus[] = {
 static const struct midr_range tsb_flush_fail_cpus[] = {
 #ifdef CONFIG_ARM64_ERRATUM_2067961
 	MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
+	MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100),
 #endif
 #ifdef CONFIG_ARM64_ERRATUM_2054223
 	MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),
@@ -399,6 +401,7 @@ static const struct midr_range tsb_flush_fail_cpus[] = {
 static struct midr_range trbe_write_out_of_range_cpus[] = {
 #ifdef CONFIG_ARM64_ERRATUM_2253138
 	MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
+	MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100),
 #endif
 #ifdef CONFIG_ARM64_ERRATUM_2224489
 	MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),

This is an automated interdiff check for backported commits.

[github-actions]

JIRA PR Check Results

7 commit(s) with issues found:

Commit 05b94692e9ba

Summary: tipc: fix NULL deref in cleanup_bearer()

❌ Errors:

• VULN-160088: Status is 'To Do', expected 'In Progress'
• VULN-160088: LTS product 'fips-8-compliant' not found in release_map

⚠️ Warnings:

• VULN-160088: No time logged - please log time manually

Commit 146899475c8e

Summary: net: fix udp gso skb_segment after pull from frag_list

❌ Errors:

• VULN-156444: Status is 'Done', expected 'In Progress'
• VULN-156444: LTS product 'fips-8.10' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'
• VULN-156445: Status is 'Done', expected 'In Progress'
• VULN-156445: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit ed4fe10baefc

Summary: bpf: Fix a segment issue when downgrading gso_size

❌ Errors:

• VULN-38750: Status is 'Done', expected 'In Progress'
• VULN-38750: LTS product 'fips-8.10' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'
• VULN-38751: Status is 'Done', expected 'In Progress'
• VULN-38751: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit 3544a24c43bf

Summary: gso: fix udp gso fraglist segmentation after pull from frag_list

❌ Errors:

• VULN-45766: Status is 'Done', expected 'In Progress'
• VULN-45766: LTS product 'fips-8.10' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'
• VULN-45767: Status is 'Done', expected 'In Progress'
• VULN-45767: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit 8f52164c4f64

Summary: netdevsim: Fix memory leak of nsim_dev->fa_cookie

❌ Errors:

• VULN-65790: Status is 'Done', expected 'In Progress'
• VULN-65790: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit 95c8ee122ba3

Summary: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

❌ Errors:

• VULN-56026: Status is 'Done', expected 'In Progress'
• VULN-56026: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit 6bc62c342f78

Summary: tipc: Fix use-after-free of kernel socket in cleanup_bearer().

❌ Errors:

• VULN-12931: Status is 'Done', expected 'In Progress'
• VULN-12931: LTS product 'fips-8-compliant' not found in release_map

---

Summary: Checked 70 commit(s) total.

[github-actions]

⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch.

[github-actions]

❌ Validation checks completed with issues View full results: https://github.com/ctrliq/kernel-src-tree/actions/runs/27383376095

[github-actions]

🤖 Validation Checks In Progress Workflow run: https://github.com/ctrliq/kernel-src-tree/actions/runs/27385365926

[github-actions]

🔍 Upstream Linux Kernel Commit Check

• ⚠️ PR commit 11c6fc1eab8d (xfrm: esp: avoid in-place decrypt on shared skb frags) references upstream commit
  f4c50a4034e6 which has been referenced by a Fixes: tag in the upstream
  Linux kernel:

    48f6a5356a33 net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) (CVE-2026-43503)
    f84eca581739 net: skbuff: preserve shared-frag marker during coalescing (William Bowling) (CVE-2026-46300)

• ⚠️ PR commit 4ab76ac11784 (PCI: Batch BAR sizing operations) references upstream commit
  4453f360862e which has been referenced by a Fixes: tag in the upstream
  Linux kernel:

    472ff48e2c09 PCI: Fix BUILD_BUG_ON usage for old gcc (Alex Williamson)

• ❌ PR commit d232ab7c8396 (arm64: Add part number for Arm Cortex-A78AE) references CVE-2025-10263 but
  upstream commit 83bea32ac7ed has no CVE assigned

• ❌ PR commit 102674d93c1e (arm64: Add Neoverse-V2 part) references CVE-2025-10263 but
  upstream commit f4d9d9dcc70b has no CVE assigned

• ❌ PR commit 5af0a38924cc (arm64: cputype: Add Cortex-X4 definitions) references CVE-2025-10263 but
  upstream commit 02a0a04676fa has no CVE assigned

• ❌ PR commit 6e8837d607a0 (arm64: cputype: Add Neoverse-V3 definitions) references CVE-2025-10263 but
  upstream commit 0ce85db6c214 has no CVE assigned

• ❌ PR commit 40468e8fbdec (arm64: cputype: Add Cortex-X3 definitions) references CVE-2025-10263 but
  upstream commit be5a6f238700 has no CVE assigned

• ❌ PR commit 5cb82e300f76 (arm64: cputype: Add Cortex-X925 definitions) references CVE-2025-10263 but
  upstream commit fd2ff5f0b320 has no CVE assigned

• ❌ PR commit 8caa8904c508 (arm64: cputype: Add Cortex-X1C definitions) references CVE-2025-10263 but
  upstream commit 58d245e03c32 has no CVE assigned

• ❌ PR commit da7a734f4480 (arm64: cputype: Add MIDR_CORTEX_A76AE) references CVE-2025-10263 but
  upstream commit a9b5bd81b294 has no CVE assigned

• ❌ PR commit fac45efddd6c (arm64: cputype: Add Neoverse-V3AE definitions) references CVE-2025-10263 but
  upstream commit 3bbf004c4808 has no CVE assigned

This is an automated message from the kernel commit checker workflow.

[github-actions]

🔍 Interdiff Analysis

• ⚠️ PR commit 11c6fc1eab8d (xfrm: esp: avoid in-place decrypt on shared skb frags) → upstream f4c50a4034e6
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1347,9 +1347,6 @@
 			goto error;
 		}
 
-		if (!(flags & MSG_NO_SHARED_FRAGS))
-			skb_shinfo(skb)->tx_flags |= SKBTX_SHARED_FRAG;
-
 		if (skb->ip_summed == CHECKSUM_NONE) {
 			__wsum csum;
 			csum = csum_page(page, offset, len);

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1233,6 +1233,8 @@
 			if (err < 0)
 				goto error;
 			copy = err;
+			if (!(flags & MSG_NO_SHARED_FRAGS))
+				skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG;
 			wmem_alloc_delta += copy;
 		} else if (!zc) {
 			int i = skb_shinfo(skb)->nr_frags;

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1230,6 +1230,6 @@
-			goto error;
-		}
-
-		if (skb->ip_summed == CHECKSUM_NONE) {
-			__wsum csum;
-			csum = csum_page(page, offset, len);
+			if (err < 0)
+				goto error;
+			copy = err;
+			wmem_alloc_delta += copy;
+		} else if (!zc) {
+			int i = skb_shinfo(skb)->nr_frags;

================================================================================
*    ONLY IN PATCH2 - files not modified by patch1                             *
================================================================================

--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -915,7 +915,8 @@ static int esp6_input(struct xfrm_state *x, struct sk_buff *skb)
 			nfrags = 1;
 
 			goto skip_cow;
-		} else if (!skb_has_frag_list(skb)) {
+		} else if (!skb_has_frag_list(skb) &&
+			   !skb_has_shared_frag(skb)) {
 			nfrags = skb_shinfo(skb)->nr_frags;
 			nfrags++;
 
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1794,6 +1794,8 @@ alloc_new_skb:
 			if (err < 0)
 				goto error;
 			copy = err;
+			if (!(flags & MSG_NO_SHARED_FRAGS))
+				skb_shinfo(skb)->flags |= SKBFL_SHARED_FRAG;
 			wmem_alloc_delta += copy;
 		} else if (!zc) {
 			int i = skb_shinfo(skb)->nr_frags;

• ⚠️ PR commit 95c8ee122ba3 (nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()) → upstream ad95bab0cd28
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -152,18 +152,6 @@
 	return queue - queue->ctrl->queues;
 }
 
-static inline bool nvme_tcp_recv_pdu_supported(enum nvme_tcp_pdu_type type)
-{
-	switch (type) {
-	case nvme_tcp_c2h_data:
-	case nvme_tcp_r2t:
-	case nvme_tcp_rsp:
-		return true;
-	default:
-		return false;
-	}
-}
-
 static inline struct blk_mq_tags *nvme_tcp_tagset(struct nvme_tcp_queue *queue)
 {
 	u32 queue_idx = nvme_tcp_queue_id(queue);

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -217,6 +217,19 @@
 	return queue - queue->ctrl->queues;
 }
 
+static inline bool nvme_tcp_recv_pdu_supported(enum nvme_tcp_pdu_type type)
+{
+	switch (type) {
+	case nvme_tcp_c2h_term:
+	case nvme_tcp_c2h_data:
+	case nvme_tcp_r2t:
+	case nvme_tcp_rsp:
+		return true;
+	default:
+		return false;
+	}
+}
+
 /*
  * Check if the queue is TLS encrypted
  */
@@ -818,6 +831,16 @@
 		return 0;
 
 	hdr = queue->pdu;
+	if (unlikely(hdr->hlen != sizeof(struct nvme_tcp_rsp_pdu))) {
+		if (!nvme_tcp_recv_pdu_supported(hdr->type))
+			goto unsupported_pdu;
+
+		dev_err(queue->ctrl->ctrl.device,
+			"pdu type %d has unexpected header length (%d)\n",
+			hdr->type, hdr->hlen);
+		return -EPROTO;
+	}
+
 	if (unlikely(hdr->type == nvme_tcp_c2h_term)) {
 		/*
 		 * C2HTermReq never includes Header or Data digests.

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -149,6 +149,6 @@
 	return queue - queue->ctrl->queues;
 }
 
-static inline struct blk_mq_tags *nvme_tcp_tagset(struct nvme_tcp_queue *queue)
-{
-	u32 queue_idx = nvme_tcp_queue_id(queue);
+/*
+ * Check if the queue is TLS encrypted
+ */
@@ -674,6 +818,6 @@
 		return 0;
 
 	hdr = queue->pdu;
-	if (queue->hdr_digest) {
-		ret = nvme_tcp_verify_hdgst(queue, queue->pdu, hdr->hlen);
-		if (unlikely(ret))
+	if (unlikely(hdr->type == nvme_tcp_c2h_term)) {
+		/*
+		 * C2HTermReq never includes Header or Data digests.

• ⚠️ PR commit 3544a24c43bf (gso: fix udp gso fraglist segmentation after pull from frag_list) → upstream a1e40ac5b5e9
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -11,7 +11,6 @@
  */
 
 #include <linux/skbuff.h>
-#include <net/ip6_checksum.h>
 #include <net/udp.h>
 #include <net/protocol.h>
 #include <net/inet_common.h>

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -273,6 +269,6 @@
 
 	if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST)
 		return __udp_gso_segment_list(gso_skb, features, is_ipv6);
 
-	mss = skb_shinfo(gso_skb)->gso_size;
-	if (gso_skb->len <= sizeof(*uh) + mss)
+	skb_pull(gso_skb, sizeof(*uh));
+

• ⚠️ PR commit 146899475c8e (net: fix udp gso skb_segment after pull from frag_list) → upstream 3382a1ed7f77
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/net/ipv4/udp_offload.c
+++ b/net/ipv4/udp_offload.c
@@ -273,6 +273,6 @@
 	bool copy_dtor;
 	__sum16 check;
 	__be16 newlen;
 
-	if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) {
-		 /* Detect modified geometry and pass those to skb_segment. */
+	mss = skb_shinfo(gso_skb)->gso_size;
+	if (gso_skb->len <= sizeof(*uh) + mss)

• ⚠️ PR commit a19fd8457975 (x86/sev-es: Set x86_virt_bits to the correct value straight away, instead of a two-phase approach) → upstream fbf6449f84bf
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1607,7 +1613,6 @@
 		cpu_detect(c);
 		get_cpu_vendor(c);
 		get_cpu_cap(c);
-		get_cpu_address_sizes(c);
 		setup_force_cpu_cap(X86_FEATURE_CPUID);
 		cpu_parse_early_param();
 

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1502,6 +1597,5 @@
 		get_cpu_vendor(c);
 		get_cpu_cap(c);
-		get_model_name(c); /* RHEL8: get model name for unsupported check */
 		get_cpu_address_sizes(c);
 		setup_force_cpu_cap(X86_FEATURE_CPUID);
 		cpu_parse_early_param();

• ⚠️ PR commit 04b3af631efc (x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu()) → upstream 9a458198eba9
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -1508,5 +1509,4 @@
 		get_cpu_cap(c);
-		get_model_name(c); /* RHEL8: get model name for unsupported check */
 		setup_force_cpu_cap(X86_FEATURE_CPUID);
 		cpu_parse_early_param();
 
@@ -1520,5 +1599,4 @@
 	} else {
-		identify_cpu_without_cpuid(c);
 		setup_clear_cpu_cap(X86_FEATURE_CPUID);
 	}

• ⚠️ PR commit 22f3c77cc4f9 (net: mana: Enable MANA driver on ARM64 with 4K page size) → upstream 40a1d11fc670
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/microsoft/Kconfig
+++ b/drivers/net/ethernet/microsoft/Kconfig
@@ -20,4 +20,4 @@
 	depends on PCI_MSI && X86_64
 	depends on PCI_HYPERV
 	select AUXILIARY_BUS
-	help
+	select PAGE_POOL

• ⚠️ PR commit a7b9575e2f99 (net: mana: Add support for page sizes other than 4KB on ARM64) → upstream 382d1741b5b2
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/microsoft/Kconfig
+++ b/drivers/net/ethernet/microsoft/Kconfig
@@ -21,4 +21,4 @@
 	depends on X86_64 || (ARM64 && !CPU_BIG_ENDIAN && ARM64_4K_PAGES)
 	depends on PCI_HYPERV
 	select AUXILIARY_BUS
-	help
+	select PAGE_POOL

• ⚠️ PR commit 4ab76ac11784 (PCI: Batch BAR sizing operations) → upstream 4453f360862e
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -217,17 +256,6 @@
 	struct pci_bus_region region, inverted_region;
 	const char *res_name = pci_resource_name(dev, res - dev->resource);
 
-	mask = type ? PCI_ROM_ADDRESS_MASK : ~0;
-
-	/* No printks while decoding is disabled! */
-	if (!dev->mmio_always_on) {
-		pci_read_config_word(dev, PCI_COMMAND, &orig_cmd);
-		if (orig_cmd & PCI_COMMAND_DECODE_ENABLE) {
-			pci_write_config_word(dev, PCI_COMMAND,
-				orig_cmd & ~PCI_COMMAND_DECODE_ENABLE);
-		}
-	}
-
 	res->name = pci_name(dev);
 
 	pci_read_config_dword(dev, pos, &l);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/pci/iov.c
+++ b/drivers/pci/iov.c
@@ -740,4 +739,5 @@
 	struct resource *res;
+	const char *res_name;
 	struct pci_dev *pdev;
 
 	pci_read_config_word(dev, pos + PCI_SRIOV_CTRL, &ctrl);
--- b/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -186,6 +180,7 @@
 	u64 l64, sz64, mask64;
 	u16 orig_cmd;
 	struct pci_bus_region region, inverted_region;
+	const char *res_name = pci_resource_name(dev, res - dev->resource);
 
 	mask = type ? PCI_ROM_ADDRESS_MASK : ~0;

• ⚠️ PR commit 59c13986cbc2 (idpf: convert to libeth Tx buffer completion) → upstream d9028db618a6
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /* Copyright (C) 2023 Intel Corporation */
 
-#include <net/libeth/tx.h>
-
 #include "idpf.h"
 
 /**
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1,8 +1,6 @@
 // SPDX-License-Identifier: GPL-2.0-only
 /* Copyright (C) 2023 Intel Corporation */
 
-#include <net/libeth/tx.h>
-
 #include "idpf.h"
 #include "idpf_virtchnl.h"
 

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
@@ -2,6 +2,7 @@
 /* Copyright (C) 2023 Intel Corporation */
 
 #include <net/libeth/rx.h>
+#include <net/libeth/tx.h>
 
 #include "idpf.h"
 
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2,6 +2,7 @@
 /* Copyright (C) 2023 Intel Corporation */
 
 #include <net/libeth/rx.h>
+#include <net/libeth/tx.h>
 
 #include "idpf.h"
 #include "idpf_virtchnl.h"

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c
@@ -2,4 +1,8 @@
 /* Copyright (C) 2023 Intel Corporation */
 
+#include <net/libeth/rx.h>
+
+#include <net/libeth/tx.h>
+
 #include "idpf.h"
 
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2,5 +1,9 @@
 /* Copyright (C) 2023 Intel Corporation */
 
+#include <net/libeth/rx.h>
+
+#include <net/libeth/tx.h>
+
 #include "idpf.h"
 #include "idpf_virtchnl.h"

• ⚠️ PR commit 8c487287e70c (idpf: refactor Tx completion routines) → upstream 24eb35b15152
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -785,7 +785,7 @@
 	u32 next_to_use;
 	u32 next_to_clean;
 
-	u32 num_completions;
+	aligned_u64 num_completions;
 	__cacheline_group_end_aligned(read_write);
 
 	__cacheline_group_begin_aligned(cold);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -971,4 +920,4 @@
 	u32 num_completions_pending;
 };
 
-/**
+static inline int idpf_q_vector_to_mem(const struct idpf_q_vector *q_vector)

• ⚠️ PR commit 0e4a6b8bb49f (idpf: add support for Tx refillqs in flow scheduling mode) → upstream cb83b559bea3
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -247,7 +247,6 @@
 	struct device *dev = tx_q->dev;
 	struct idpf_sw_queue *refillq;
 	int err;
-	unsigned int i = 0;
 
 	err = idpf_tx_buf_alloc_all(tx_q);
 	if (err)
@@ -282,7 +281,7 @@
 		goto err_alloc;
 	}
 
-	for (i = 0; i < refillq->desc_count; i++)
+	for (unsigned int i = 0; i < refillq->desc_count; i++)
 		refillq->ring[i] =
 			FIELD_PREP(IDPF_RFL_BI_BUFID_M, i) |
 			FIELD_PREP(IDPF_RFL_BI_GEN_M,

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -3551,7 +3630,7 @@
 skip_data:
 		rx_buf->netmem = 0;
 
-		idpf_rx_post_buf_refill(refillq, buf_id);
+		idpf_post_buf_refill(refillq, buf_id);
 		IDPF_RX_BUMP_NTC(rxq, ntc);
 
 		/* skip if it is non EOP desc */
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -622,6 +622,7 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
  * @stash: Tx buffer stash for Flow-based scheduling mode
+ * @refillq: Pointer to refill queue
  * @compl_tag_bufid_m: Completion tag buffer id mask
  * @compl_tag_cur_gen: Used to keep track of current completion tag generation
  * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
@@ -671,6 +672,7 @@
 
 	u16 tx_max_bufs;
 	struct idpf_txq_stash *stash;
+	struct idpf_sw_queue *refillq;
 
 	u16 compl_tag_bufid_m;
 	u16 compl_tag_cur_gen;
@@ -692,7 +694,7 @@
 	__cacheline_group_end_aligned(cold);
 };
 libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
-			    112 + sizeof(struct u64_stats_sync),
+			    120 + sizeof(struct u64_stats_sync),
 			    24);
 
 /**

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -244,4 +246,5 @@
 	struct device *dev = tx_q->dev;
 	int err;
+	unsigned int i = 0;
 
 	err = idpf_tx_buf_alloc_all(tx_q);
@@ -3358,4 +3417,4 @@
 		idpf_rx_post_buf_refill(refillq, buf_id);
-
 		IDPF_RX_BUMP_NTC(rxq, ntc);
+
 		/* skip if it is non EOP desc */
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -624,6 +619,6 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
- * @tx_min_pkt_len: Min supported packet length
+ * @stash: Tx buffer stash for Flow-based scheduling mode
  * @compl_tag_bufid_m: Completion tag buffer id mask
- * @compl_tag_gen_s: Completion tag generation bit
- *	The format of the completion tag will change based on the TXQ
+ * @compl_tag_cur_gen: Used to keep track of current completion tag generation
+ * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
@@ -743,6 +692,2 @@
 
-	u16 tx_max_bufs;
-	u16 tx_min_pkt_len;
-
-	u16 compl_tag_bufid_m;
-	u16 compl_tag_gen_s;
+/**

• ⚠️ PR commit ce23e1fe98c0 (idpf: improve when to set RE bit logic) → upstream f2d18e16479c
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -610,6 +610,8 @@
  * @netdev: &net_device corresponding to this queue
  * @next_to_use: Next descriptor to use
  * @next_to_clean: Next descriptor to clean
+ * @last_re: last descriptor index that RE bit was set
+ * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
  * @cleaned_bytes: Splitq only, TXQ only: When a TX completion is received on
  *		   the TX completion queue, it can be for any TXQ associated
  *		   with that completion queue. This means we can clean up to
@@ -620,7 +622,6 @@
  *		   only once at the end of the cleaning routine.
  * @clean_budget: singleq only, queue cleaning budget
  * @cleaned_pkts: Number of packets cleaned for the above said case
- * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
  * @stash: Tx buffer stash for Flow-based scheduling mode
  * @refillq: Pointer to refill queue
  * @compl_tag_bufid_m: Completion tag buffer id mask
@@ -672,7 +675,6 @@
 	};
 	u16 cleaned_pkts;
 
-	u16 tx_max_bufs;
 	struct idpf_txq_stash *stash;
 	struct idpf_sw_queue *refillq;
 

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -607,6 +607,5 @@
- * @desc_count: Number of descriptors
+ * @netdev: &net_device corresponding to this queue
  * @next_to_use: Next descriptor to use
  * @next_to_clean: Next descriptor to clean
- * @netdev: &net_device corresponding to this queue
  * @cleaned_bytes: Splitq only, TXQ only: When a TX completion is received on
  *		   the TX completion queue, it can be for any TXQ associated
@@ -685,5 +622,5 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @tx_max_bufs: Max buffers that can be transmitted with scatter-gather
- * @tx_min_pkt_len: Min supported packet length
+ * @stash: Tx buffer stash for Flow-based scheduling mode
  * @refillq: Pointer to refill queue
  * @compl_tag_bufid_m: Completion tag buffer id mask
@@ -723,4 +660,4 @@
-	u16 desc_count;
+	__cacheline_group_begin_aligned(read_write);
 	u16 next_to_use;
 	u16 next_to_clean;
 
@@ -731,5 +668,5 @@
 
 	u16 tx_max_bufs;
-	u16 tx_min_pkt_len;
+	struct idpf_txq_stash *stash;
 	struct idpf_sw_queue *refillq;

• ⚠️ PR commit 9d2fe0667447 (idpf: simplify and fix splitq Tx packet rollback error path) → upstream b61dfa9bc443
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2287,4 +2287,55 @@
 
 /**
+ * idpf_tx_dma_map_error - handle TX DMA map errors
+ * @txq: queue to send buffer on
+ * @skb: send buffer
+ * @first: original first buffer info buffer for packet
+ * @idx: starting point on ring to unwind
+ */
+void idpf_tx_dma_map_error(struct idpf_tx_queue *txq, struct sk_buff *skb,
+			   struct idpf_tx_buf *first, u16 idx)
+{
+	struct libeth_sq_napi_stats ss = { };
+	struct libeth_cq_pp cp = {
+		.dev	= txq->dev,
+		.ss	= &ss,
+	};
+
+	u64_stats_update_begin(&txq->stats_sync);
+	u64_stats_inc(&txq->q_stats.dma_map_errs);
+	u64_stats_update_end(&txq->stats_sync);
+
+	/* clear dma mappings for failed tx_buf map */
+	for (;;) {
+		struct idpf_tx_buf *tx_buf;
+
+		tx_buf = &txq->tx_buf[idx];
+		libeth_tx_complete(tx_buf, &cp);
+		if (tx_buf == first)
+			break;
+		if (idx == 0)
+			idx = txq->desc_count;
+		idx--;
+	}
+
+	if (skb_is_gso(skb)) {
+		union idpf_tx_flex_desc *tx_desc;
+
+		/* If we failed a DMA mapping for a TSO packet, we will have
+		 * used one additional descriptor for a context
+		 * descriptor. Reset that here.
+		 */
+		tx_desc = &txq->flex_tx[idx];
+		memset(tx_desc, 0, sizeof(struct idpf_flex_tx_ctx_desc));
+		if (idx == 0)
+			idx = txq->desc_count;
+		idx--;
+	}
+
+	/* Update tail in case netdev_xmit_more was previously true */
+	idpf_tx_buf_hw_update(txq, idx, false);
+}
+
+/**
  * idpf_tx_splitq_bump_ntu - adjust NTU and generation
  * @txq: the tx ring to wrap
@@ -2335,35 +2386,4 @@
 
 /**
- * idpf_tx_splitq_pkt_err_unmap - Unmap buffers and bump tail in case of error
- * @txq: Tx queue to unwind
- * @params: pointer to splitq params struct
- * @first: starting buffer for packet to unmap
- */
-static void idpf_tx_splitq_pkt_err_unmap(struct idpf_tx_queue *txq,
-					 struct idpf_tx_splitq_params *params,
-					 struct idpf_tx_buf *first)
-{
-	struct libeth_sq_napi_stats ss = { };
-	struct idpf_tx_buf *tx_buf = first;
-	struct libeth_cq_pp cp = {
-		.dev    = txq->dev,
-		.ss     = &ss,
-	};
-	u32 idx = 0;
-
-	u64_stats_update_begin(&txq->stats_sync);
-	u64_stats_inc(&txq->q_stats.dma_map_errs);
-	u64_stats_update_end(&txq->stats_sync);
-
-	do {
-		libeth_tx_complete(tx_buf, &cp);
-		idpf_tx_clean_buf_ring_bump_ntc(txq, idx, tx_buf);
-	} while (idpf_tx_buf_compl_tag(tx_buf) == params->compl_tag);
-
-	/* Update tail in case netdev_xmit_more was previously true. */
-	idpf_tx_buf_hw_update(txq, params->prev_ntu, false);
-}
-
-/**
  * idpf_tx_splitq_map - Build the Tx flex descriptor
  * @tx_q: queue to send buffer on

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2339,57 +2339,6 @@
 	return count;
 }
 
-/**
- * idpf_tx_dma_map_error - handle TX DMA map errors
- * @txq: queue to send buffer on
- * @skb: send buffer
- * @first: original first buffer info buffer for packet
- * @idx: starting point on ring to unwind
- */
-void idpf_tx_dma_map_error(struct idpf_tx_queue *txq, struct sk_buff *skb,
-			   struct idpf_tx_buf *first, u16 idx)
-{
-	struct libeth_sq_napi_stats ss = { };
-	struct libeth_cq_pp cp = {
-		.dev	= txq->dev,
-		.ss	= &ss,
-	};
-
-	u64_stats_update_begin(&txq->stats_sync);
-	u64_stats_inc(&txq->q_stats.dma_map_errs);
-	u64_stats_update_end(&txq->stats_sync);
-
-	/* clear dma mappings for failed tx_buf map */
-	for (;;) {
-		struct idpf_tx_buf *tx_buf;
-
-		tx_buf = &txq->tx_buf[idx];
-		libeth_tx_complete(tx_buf, &cp);
-		if (tx_buf == first)
-			break;
-		if (idx == 0)
-			idx = txq->desc_count;
-		idx--;
-	}
-
-	if (skb_is_gso(skb)) {
-		union idpf_tx_flex_desc *tx_desc;
-
-		/* If we failed a DMA mapping for a TSO packet, we will have
-		 * used one additional descriptor for a context
-		 * descriptor. Reset that here.
-		 */
-		tx_desc = &txq->flex_tx[idx];
-		memset(tx_desc, 0, sizeof(*tx_desc));
-		if (idx == 0)
-			idx = txq->desc_count;
-		idx--;
-	}
-
-	/* Update tail in case netdev_xmit_more was previously true */
-	idpf_tx_buf_hw_update(txq, idx, false);
-}
-
 /**
  * idpf_tx_splitq_bump_ntu - adjust NTU and generation
  * @txq: the tx ring to wrap
@@ -2438,6 +2387,37 @@
 	return true;
 }
 
+/**
+ * idpf_tx_splitq_pkt_err_unmap - Unmap buffers and bump tail in case of error
+ * @txq: Tx queue to unwind
+ * @params: pointer to splitq params struct
+ * @first: starting buffer for packet to unmap
+ */
+static void idpf_tx_splitq_pkt_err_unmap(struct idpf_tx_queue *txq,
+					 struct idpf_tx_splitq_params *params,
+					 struct idpf_tx_buf *first)
+{
+	struct libeth_sq_napi_stats ss = { };
+	struct idpf_tx_buf *tx_buf = first;
+	struct libeth_cq_pp cp = {
+		.dev    = txq->dev,
+		.ss     = &ss,
+	};
+	u32 idx = 0;
+
+	u64_stats_update_begin(&txq->stats_sync);
+	u64_stats_inc(&txq->q_stats.dma_map_errs);
+	u64_stats_update_end(&txq->stats_sync);
+
+	do {
+		libeth_tx_complete(tx_buf, &cp);
+		idpf_tx_clean_buf_ring_bump_ntc(txq, idx, tx_buf);
+	} while (idpf_tx_buf_compl_tag(tx_buf) == params->compl_tag);
+
+	/* Update tail in case netdev_xmit_more was previously true. */
+	idpf_tx_buf_hw_update(txq, params->prev_ntu, false);
+}
+
 /**
  * idpf_tx_splitq_map - Build the Tx flex descriptor
  * @tx_q: queue to send buffer on
@@ -2482,8 +2462,9 @@
 	for (frag = &skb_shinfo(skb)->frags[0];; frag++) {
 		unsigned int max_data = IDPF_TX_MAX_DESC_DATA_ALIGNED;
 
-		if (dma_mapping_error(tx_q->dev, dma))
-			return idpf_tx_dma_map_error(tx_q, skb, first, i);
+		if (unlikely(dma_mapping_error(tx_q->dev, dma)))
+			return idpf_tx_splitq_pkt_err_unmap(tx_q, params,
+							    first);
 
 		first->nr_frags++;
 		idpf_tx_buf_compl_tag(tx_buf) = params->compl_tag;
@@ -2939,7 +2920,9 @@
 static netdev_tx_t idpf_tx_splitq_frame(struct sk_buff *skb,
 					struct idpf_tx_queue *tx_q)
 {
-	struct idpf_tx_splitq_params tx_params = { };
+	struct idpf_tx_splitq_params tx_params = {
+		.prev_ntu = tx_q->next_to_use,
+	};
 	union idpf_flex_tx_ctx_desc *ctx_desc;
 	struct idpf_tx_buf *first;
 	unsigned int count;

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2326,7 +2380,7 @@
 		 * descriptor. Reset that here.
 		 */
 		tx_desc = &txq->flex_tx[idx];
-		memset(tx_desc, 0, sizeof(struct idpf_flex_tx_ctx_desc));
+		memset(tx_desc, 0, sizeof(*tx_desc));
 		if (idx == 0)
 			idx = txq->desc_count;
 		idx--;
@@ -2817,4 +2871,5 @@
 {
 	struct idpf_tx_splitq_params tx_params = { };
+	union idpf_flex_tx_ctx_desc *ctx_desc;
 	struct idpf_tx_buf *first;
 	unsigned int count;

• ⚠️ PR commit 30a857e88266 (idpf: replace flow scheduling buffer ring with buffer pool) → upstream 5f417d551324
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1915,11 +1915,8 @@
 		.napi	= budget,
 	};
 
-	tx_buf = &txq->tx_buf[buf_id];
-	if (tx_buf->type == LIBETH_SQE_SKB) {
+	if (tx_buf->type == LIBETH_SQE_SKB)
 		libeth_tx_complete(tx_buf, &cp);
-		idpf_post_buf_refill(txq->refillq, buf_id);
-	}
 
 	while (idpf_tx_buf_next(tx_buf) != IDPF_TXBUF_NULL) {
 		buf_id = idpf_tx_buf_next(tx_buf);

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1962,6 +1962,7 @@
 		     idpf_tx_buf_compl_tag(tx_buf) != compl_tag))
 		return false;
 
+	tx_buf = &txq->tx_buf[buf_id];
 	if (tx_buf->type == LIBETH_SQE_SKB) {
 		if (skb_shinfo(tx_buf->skb)->tx_flags & SKBTX_IN_PROGRESS)
 			idpf_tx_read_tstamp(txq, tx_buf->skb);
@@ -1965,6 +1966,7 @@
 			idpf_tx_read_tstamp(txq, tx_buf->skb);
 
 		libeth_tx_complete(tx_buf, &cp);
+		idpf_post_buf_refill(txq->refillq, buf_id);
 	}
 
 	idpf_tx_clean_buf_ring_bump_ntc(txq, idx, tx_buf);
@@ -2892,6 +2859,7 @@
 	struct idpf_tx_buf *first;
 	unsigned int count;
 	int tso, idx;
+	u32 buf_id;
 
 	count = idpf_tx_desc_count_required(tx_q, skb);
 	if (unlikely(!count))
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -703,6 +710,7 @@
 	dma_addr_t dma;
 
 	struct idpf_q_vector *q_vector;
+	u32 buf_pool_size;
 	__cacheline_group_end_aligned(cold);
 };
 libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
@@ -706,7 +714,7 @@
 };
 libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
 			    120 + sizeof(struct u64_stats_sync),
-			    24);
+			    32);
 
 /**
  * struct idpf_buf_queue - software structure representing a buffer queue

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1915,8 +1965,12 @@
 		     idpf_tx_buf_compl_tag(tx_buf) != compl_tag))
 		return false;
 
-	if (tx_buf->type == LIBETH_SQE_SKB)
+	if (tx_buf->type == LIBETH_SQE_SKB) {
+		if (skb_shinfo(tx_buf->skb)->tx_flags & SKBTX_IN_PROGRESS)
+			idpf_tx_read_tstamp(txq, tx_buf->skb);
+
 		libeth_tx_complete(tx_buf, &cp);
+	}
 
 	idpf_tx_clean_buf_ring_bump_ntc(txq, idx, tx_buf);
 
@@ -2744,4 +2798,4 @@
-	struct idpf_flex_tx_ctx_desc *desc;
+	union idpf_flex_tx_ctx_desc *desc;
 	int i = txq->next_to_use;
 
 	txq->tx_buf[i].type = LIBETH_SQE_CTX;
@@ -2802,6 +2856,6 @@
 	struct idpf_tx_buf *first;
 	unsigned int count;
-	int tso;
+	int tso, idx;
 
 	count = idpf_tx_desc_count_required(tx_q, skb);
 	if (unlikely(!count))
@@ -2840,4 +2962,4 @@
-		u64_stats_update_end(&tx_q->stats_sync);
+		idpf_tx_set_tstamp_desc(ctx_desc, idx);
 	}
 
 	/* record the location of the first descriptor for this packet */
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -692,5 +694,9 @@
 
 	struct idpf_q_vector *q_vector;
-} ____cacheline_aligned;
+	__cacheline_group_end_aligned(cold);
+};
+libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
+			    120 + sizeof(struct u64_stats_sync),
+			    24);
 
 /**

• ⚠️ PR commit 1c7ce18c6611 (idpf: stop Tx if there are insufficient buffer resources) → upstream 0c3f135e840d
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2909,7 +2926,7 @@
 	};
 	union idpf_flex_tx_ctx_desc *ctx_desc;
 	struct idpf_tx_buf *first;
-	unsigned int count;
+	u32 count, buf_count = 1;
 	int tso, idx;
 	u32 buf_id;
 

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -2768,7 +2821,8 @@
 	};
+	union idpf_flex_tx_ctx_desc *ctx_desc;
 	struct idpf_tx_buf *first;
 	unsigned int count;
-	int tso;
+	int tso, idx;
 	u32 buf_id;
 
 	count = idpf_tx_desc_count_required(tx_q, skb);

• ⚠️ PR commit c4f720b98b5e (idpf: remove obsolete stashing code) → upstream 6c4e68480238
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1557,6 +1557,82 @@
 	wake_up(&vport->sw_marker_wq);
 }
 
+/**
+ * idpf_tx_clean_stashed_bufs - clean bufs that were stored for
+ * out of order completions
+ * @txq: queue to clean
+ * @compl_tag: completion tag of packet to clean (from completion descriptor)
+ * @cleaned: pointer to stats struct to track cleaned packets/bytes
+ * @budget: Used to determine if we are in netpoll
+ */
+static void idpf_tx_clean_stashed_bufs(struct idpf_tx_queue *txq,
+				       u16 compl_tag,
+				       struct libeth_sq_napi_stats *cleaned,
+				       int budget)
+{
+	struct idpf_tx_stash *stash;
+	struct hlist_node *tmp_buf;
+	struct libeth_cq_pp cp = {
+		.dev	= txq->dev,
+		.ss	= cleaned,
+		.napi	= budget,
+	};
+
+	/* Buffer completion */
+	hash_for_each_possible_safe(txq->stash->sched_buf_hash, stash, tmp_buf,
+				    hlist, compl_tag) {
+		if (unlikely(idpf_tx_buf_compl_tag(&stash->buf) != compl_tag))
+			continue;
+
+		hash_del(&stash->hlist);
+		libeth_tx_complete(&stash->buf, &cp);
+
+		/* Push shadow buf back onto stack */
+		idpf_buf_lifo_push(&txq->stash->buf_stack, stash);
+	}
+}
+
+/**
+ * idpf_stash_flow_sch_buffers - store buffer parameters info to be freed at a
+ * later time (only relevant for flow scheduling mode)
+ * @txq: Tx queue to clean
+ * @tx_buf: buffer to store
+ */
+static int idpf_stash_flow_sch_buffers(struct idpf_tx_queue *txq,
+				       struct idpf_tx_buf *tx_buf)
+{
+	struct idpf_tx_stash *stash;
+
+	if (unlikely(tx_buf->type <= LIBETH_SQE_CTX))
+		return 0;
+
+	stash = idpf_buf_lifo_pop(&txq->stash->buf_stack);
+	if (unlikely(!stash)) {
+		net_err_ratelimited("%s: No out-of-order TX buffers left!\n",
+				    netdev_name(txq->netdev));
+
+		return -ENOMEM;
+	}
+
+	/* Store buffer params in shadow buffer */
+	stash->buf.skb = tx_buf->skb;
+	stash->buf.bytes = tx_buf->bytes;
+	stash->buf.packets = tx_buf->packets;
+	stash->buf.type = tx_buf->type;
+	stash->buf.nr_frags = tx_buf->nr_frags;
+	dma_unmap_addr_set(&stash->buf, dma, dma_unmap_addr(tx_buf, dma));
+	dma_unmap_len_set(&stash->buf, len, dma_unmap_len(tx_buf, len));
+	idpf_tx_buf_compl_tag(&stash->buf) = idpf_tx_buf_compl_tag(tx_buf);
+
+	/* Add buffer to buf_hash table to be freed later */
+	hash_add(txq->stash->sched_buf_hash, &stash->hlist,
+		 idpf_tx_buf_compl_tag(&stash->buf));
+
+	tx_buf->type = LIBETH_SQE_EMPTY;
+
+	return 0;
+}
+
 #define idpf_tx_splitq_clean_bump_ntc(txq, ntc, desc, buf)	\
 do {								\
 	if (unlikely(++(ntc) == (txq)->desc_count)) {		\
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -663,6 +663,7 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @tx_min_pkt_len: Min supported packet length
  * @refillq: Pointer to refill queue
+ * @compl_tag_bufid_m: Completion tag buffer id mask
  * @compl_tag_gen_s: Completion tag generation bit
  *	The format of the completion tag will change based on the TXQ
  *	descriptor ring size so that we can maintain roughly the same level
@@ -683,6 +684,9 @@
  *	--------------------------------
  *
  *	This gives us 8*8160 = 65280 possible unique values.
+ * @compl_tag_cur_gen: Used to keep track of current completion tag generation
+ * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
+ * @stash: Tx buffer stash for Flow-based scheduling mode
  * @stats_sync: See struct u64_stats_sync
  * @q_stats: See union idpf_tx_queue_stats
  * @q_id: Queue id
@@ -724,6 +728,14 @@
 	u16 tx_min_pkt_len;
 	struct idpf_sw_queue *refillq;
 
+	u16 compl_tag_bufid_m;
+	u16 compl_tag_gen_s;
+
+	u16 compl_tag_cur_gen;
+	u16 compl_tag_gen_max;
+
+	struct idpf_txq_stash *stash;
+
 	struct u64_stats_sync stats_sync;
 	struct idpf_tx_queue_stats q_stats;
 

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -1602,87 +1462,6 @@
 	spin_unlock_bh(&tx_tstamp_caps->status_lock);
 }
 
-/**
- * idpf_tx_clean_stashed_bufs - clean bufs that were stored for
- * out of order completions
- * @txq: queue to clean
- * @compl_tag: completion tag of packet to clean (from completion descriptor)
- * @cleaned: pointer to stats struct to track cleaned packets/bytes
- * @budget: Used to determine if we are in netpoll
- */
-static void idpf_tx_clean_stashed_bufs(struct idpf_tx_queue *txq,
-				       u16 compl_tag,
-				       struct libeth_sq_napi_stats *cleaned,
-				       int budget)
-{
-	struct idpf_tx_stash *stash;
-	struct hlist_node *tmp_buf;
-	struct libeth_cq_pp cp = {
-		.dev	= txq->dev,
-		.ss	= cleaned,
-		.napi	= budget,
-	};
-
-	/* Buffer completion */
-	hash_for_each_possible_safe(txq->stash->sched_buf_hash, stash, tmp_buf,
-				    hlist, compl_tag) {
-		if (unlikely(idpf_tx_buf_compl_tag(&stash->buf) != compl_tag))
-			continue;
-
-		hash_del(&stash->hlist);
-
-		if (stash->buf.type == LIBETH_SQE_SKB &&
-		    (skb_shinfo(stash->buf.skb)->tx_flags & SKBTX_IN_PROGRESS))
-			idpf_tx_read_tstamp(txq, stash->buf.skb);
-
-		libeth_tx_complete(&stash->buf, &cp);
-
-		/* Push shadow buf back onto stack */
-		idpf_buf_lifo_push(&txq->stash->buf_stack, stash);
-	}
-}
-
-/**
- * idpf_stash_flow_sch_buffers - store buffer parameters info to be freed at a
- * later time (only relevant for flow scheduling mode)
- * @txq: Tx queue to clean
- * @tx_buf: buffer to store
- */
-static int idpf_stash_flow_sch_buffers(struct idpf_tx_queue *txq,
-				       struct idpf_tx_buf *tx_buf)
-{
-	struct idpf_tx_stash *stash;
-
-	if (unlikely(tx_buf->type <= LIBETH_SQE_CTX))
-		return 0;
-
-	stash = idpf_buf_lifo_pop(&txq->stash->buf_stack);
-	if (unlikely(!stash)) {
-		net_err_ratelimited("%s: No out-of-order TX buffers left!\n",
-				    netdev_name(txq->netdev));
-
-		return -ENOMEM;
-	}
-
-	/* Store buffer params in shadow buffer */
-	stash->buf.skb = tx_buf->skb;
-	stash->buf.bytes = tx_buf->bytes;
-	stash->buf.packets = tx_buf->packets;
-	stash->buf.type = tx_buf->type;
-	stash->buf.nr_frags = tx_buf->nr_frags;
-	dma_unmap_addr_set(&stash->buf, dma, dma_unmap_addr(tx_buf, dma));
-	dma_unmap_len_set(&stash->buf, len, dma_unmap_len(tx_buf, len));
-	idpf_tx_buf_compl_tag(&stash->buf) = idpf_tx_buf_compl_tag(tx_buf);
-
-	/* Add buffer to buf_hash table to be freed later */
-	hash_add(txq->stash->sched_buf_hash, &stash->hlist,
-		 idpf_tx_buf_compl_tag(&stash->buf));
-
-	tx_buf->type = LIBETH_SQE_EMPTY;
-
-	return 0;
-}
-
 #define idpf_tx_splitq_clean_bump_ntc(txq, ntc, desc, buf)	\
 do {								\
 	if (unlikely(++(ntc) == (txq)->desc_count)) {		\
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -598,7 +565,6 @@
  *		   only once at the end of the cleaning routine.
  * @clean_budget: singleq only, queue cleaning budget
  * @cleaned_pkts: Number of packets cleaned for the above said case
- * @stash: Tx buffer stash for Flow-based scheduling mode
  * @refillq: Pointer to refill queue
  * @compl_tag_bufid_m: Completion tag buffer id mask
  * @compl_tag_cur_gen: Used to keep track of current completion tag generation
@@ -600,9 +566,6 @@
  * @cleaned_pkts: Number of packets cleaned for the above said case
  * @stash: Tx buffer stash for Flow-based scheduling mode
  * @refillq: Pointer to refill queue
- * @compl_tag_bufid_m: Completion tag buffer id mask
- * @compl_tag_cur_gen: Used to keep track of current completion tag generation
- * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
  * @cached_tstamp_caps: Tx timestamp capabilities negotiated with the CP
  * @tstamp_task: Work that handles Tx timestamp read
  * @stats_sync: See struct u64_stats_sync
@@ -633,7 +596,6 @@
 	u16 desc_count;
 
 	u16 tx_min_pkt_len;
-	u16 compl_tag_gen_s;
 
 	struct net_device *netdev;
 	__cacheline_group_end_aligned(read_mostly);
@@ -650,7 +612,6 @@
 	};
 	u16 cleaned_pkts;
 
-	struct idpf_txq_stash *stash;
 	struct idpf_sw_queue *refillq;
 
 	u16 compl_tag_bufid_m;
@@ -653,10 +614,6 @@
 	struct idpf_txq_stash *stash;
 	struct idpf_sw_queue *refillq;
 
-	u16 compl_tag_bufid_m;
-	u16 compl_tag_cur_gen;
-	u16 compl_tag_gen_max;
-
 	struct idpf_ptp_vport_tx_tstamp_caps *cached_tstamp_caps;
 	struct work_struct *tstamp_task;
 
@@ -674,7 +631,7 @@
 	__cacheline_group_end_aligned(cold);
 };
 libeth_cacheline_set_assert(struct idpf_tx_queue, 64,
-			    120 + sizeof(struct u64_stats_sync),
+			    104 + sizeof(struct u64_stats_sync),
 			    32);
 
 /**

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c
@@ -3,4 +3,4 @@
-#include "idpf.h"
+#include "idpf_ptp.h"
 #include "idpf_virtchnl.h"
 
 struct idpf_tx_stash {
@@ -1725,6 +1770,11 @@
 			continue;
 
 		hash_del(&stash->hlist);
+
+		if (stash->buf.type == LIBETH_SQE_SKB &&
+		    (skb_shinfo(stash->buf.skb)->tx_flags & SKBTX_IN_PROGRESS))
+			idpf_tx_read_tstamp(txq, stash->buf.skb);
+
 		libeth_tx_complete(&stash->buf, &cp);
 
 		/* Push shadow buf back onto stack */
--- b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
+++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h
@@ -713,9 +663,7 @@
+	u16 desc_count;
+
+	u16 tx_min_pkt_len;
+	u16 compl_tag_gen_s;
+
+	struct net_device *netdev;
+	__cacheline_group_end_aligned(read_mostly);
- *	--------------------------------
- *
- *	This gives us 8*8160 = 65280 possible unique values.
- * @compl_tag_cur_gen: Used to keep track of current completion tag generation
- * @compl_tag_gen_max: To determine when compl_tag_cur_gen should be reset
- * @stash: Tx buffer stash for Flow-based scheduling mode
- * @stats_sync: See struct u64_stats_sync
- * @q_stats: See union idpf_tx_queue_stats
- * @q_id: Queue id

• ⚠️ PR commit 31e75a954ad3 (sched: fix exit_mm vs membarrier (v4)) → upstream 5bc78502322a
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/kernel/exit.c
+++ b/kernel/exit.c
@@ -475,6 +475,18 @@
 	BUG_ON(mm != current->active_mm);
 	/* more a memory barrier than a real lock */
 	task_lock(current);
+	/*
+	 * When a thread stops operating on an address space, the loop
+	 * in membarrier_private_expedited() may not observe that
+	 * tsk->mm, and the loop in membarrier_global_expedited() may
+	 * not observe a MEMBARRIER_STATE_GLOBAL_EXPEDITED
+	 * rq->membarrier_state, so those would not issue an IPI.
+	 * Membarrier requires a memory barrier after accessing
+	 * user-space memory, before clearing tsk->mm or the
+	 * rq->membarrier_state.
+	 */
+	smp_mb__after_spinlock();
+	local_irq_disable();
 	current->mm = NULL;
 	mmap_read_unlock(mm);
 	enter_lazy_tlb(mm, current);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/include/linux/sched/mm.h
+++ b/include/linux/sched/mm.h
@@ -395,4 +363,4 @@
 }
 #endif
 
-#ifdef CONFIG_IOMMU_SVA
+#endif /* _LINUX_SCHED_MM_H */
--- b/kernel/exit.c
+++ b/kernel/exit.c
@@ -472,7 +472,6 @@
 	BUG_ON(mm != current->active_mm);
 	/* more a memory barrier than a real lock */
 	task_lock(current);
-	current->user_dumpable = (get_dumpable(mm) == SUID_DUMP_USER);
 	current->mm = NULL;
 	mmap_read_unlock(mm);
 	enter_lazy_tlb(mm, current);

• ⚠️ PR commit d232ab7c8396 (arm64: Add part number for Arm Cortex-A78AE) → upstream 83bea32ac7ed
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -136,2 +133,3 @@
 #define MIDR_CORTEX_X1	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1)
+#define MIDR_CORTEX_A510 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A510)
 #define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710)

================================================================================
*    ONLY IN PATCH1 - files not modified by patch2                             *
================================================================================

--- b/arch/arm64/kernel/proton-pack.c
+++ /dev/null
@@ -1,1157 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- * Handle detection, reporting and mitigation of Spectre v1, v2, v3a and v4, as
- * detailed at:
- *
- *   https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- *
- * This code was originally written hastily under an awful lot of stress and so
- * aspects of it are somewhat hacky. Unfortunately, changing anything in here
- * instantly makes me feel ill. Thanks, Jann. Thann.
- *
- * Copyright (C) 2018 ARM Ltd, All Rights Reserved.
- * Copyright (C) 2020 Google LLC
- *
- * "If there's something strange in your neighbourhood, who you gonna call?"
- *
- * Authors: Will Deacon <will@kernel.org> and Marc Zyngier <maz@kernel.org>
- */
-
-#include <linux/arm-smccc.h>
-#include <linux/bpf.h>
-#include <linux/cpu.h>
-#include <linux/device.h>
-#include <linux/nospec.h>
-#include <linux/prctl.h>
-#include <linux/sched/task_stack.h>
-
-#include <asm/debug-monitors.h>
-#include <asm/insn.h>
-#include <asm/spectre.h>
-#include <asm/traps.h>
-#include <asm/vectors.h>
-#include <asm/virt.h>
-
-/*
- * We try to ensure that the mitigation state can never change as the result of
- * onlining a late CPU.
- */
-static void update_mitigation_state(enum mitigation_state *oldp,
-				    enum mitigation_state new)
-{
-	enum mitigation_state state;
-
-	do {
-		state = READ_ONCE(*oldp);
-		if (new <= state)
-			break;
-
-		/* Userspace almost certainly can't deal with this. */
-		if (WARN_ON(system_capabilities_finalized()))
-			break;
-	} while (cmpxchg_relaxed(oldp, state, new) != state);
-}
-
-/*
- * Spectre v1.
- *
- * The kernel can't protect userspace for this one: it's each person for
- * themselves. Advertise what we're doing and be done with it.
- */
-ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
-			    char *buf)
-{
-	return sprintf(buf, "Mitigation: __user pointer sanitization\n");
-}
-
-/*
- * Spectre v2.
- *
- * This one sucks. A CPU is either:
- *
- * - Mitigated in hardware and advertised by ID_AA64PFR0_EL1.CSV2.
- * - Mitigated in hardware and listed in our "safe list".
- * - Mitigated in software by firmware.
- * - Mitigated in software by a CPU-specific dance in the kernel and a
- *   firmware call at EL2.
- * - Vulnerable.
- *
- * It's not unlikely for different CPUs in a big.LITTLE system to fall into
- * different camps.
- */
-static enum mitigation_state spectre_v2_state;
-
-static bool __read_mostly __nospectre_v2;
-static int __init parse_spectre_v2_param(char *str)
-{
-	__nospectre_v2 = true;
-	return 0;
-}
-early_param("nospectre_v2", parse_spectre_v2_param);
-
-static bool spectre_v2_mitigations_off(void)
-{
-	bool ret = __nospectre_v2 || cpu_mitigations_off();
-
-	if (ret)
-		pr_info_once("spectre-v2 mitigation disabled by command line option\n");
-
-	return ret;
-}
-
-static const char *get_bhb_affected_string(enum mitigation_state bhb_state)
-{
-	switch (bhb_state) {
-	case SPECTRE_UNAFFECTED:
-		return "";
-	default:
-	case SPECTRE_VULNERABLE:
-		return ", but not BHB";
-	case SPECTRE_MITIGATED:
-		return ", BHB";
-	}
-}
-
-static bool _unprivileged_ebpf_enabled(void)
-{
-#ifdef CONFIG_BPF_SYSCALL
-	return !sysctl_unprivileged_bpf_disabled;
-#else
-	return false;
-#endif
-}
-
-ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
-			    char *buf)
-{
-	enum mitigation_state bhb_state = arm64_get_spectre_bhb_state();
-	const char *bhb_str = get_bhb_affected_string(bhb_state);
-	const char *v2_str = "Branch predictor hardening";
-
-	switch (spectre_v2_state) {
-	case SPECTRE_UNAFFECTED:
-		if (bhb_state == SPECTRE_UNAFFECTED)
-			return sprintf(buf, "Not affected\n");
-
-		/*
-		 * Platforms affected by Spectre-BHB can't report
-		 * "Not affected" for Spectre-v2.
-		 */
-		v2_str = "CSV2";
-		fallthrough;
-	case SPECTRE_MITIGATED:
-		if (bhb_state == SPECTRE_MITIGATED && _unprivileged_ebpf_enabled())
-			return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");
-
-		return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str);
-	case SPECTRE_VULNERABLE:
-		fallthrough;
-	default:
-		return sprintf(buf, "Vulnerable\n");
-	}
-}
-
-static enum mitigation_state spectre_v2_get_cpu_hw_mitigation_state(void)
-{
-	u64 pfr0;
-	static const struct midr_range spectre_v2_safe_list[] = {
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A35),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A53),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A55),
-		MIDR_ALL_VERSIONS(MIDR_BRAHMA_B53),
-		MIDR_ALL_VERSIONS(MIDR_HISI_TSV110),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
-		{ /* sentinel */ }
-	};
-
-	/* If the CPU has CSV2 set, we're safe */
-	pfr0 = read_cpuid(ID_AA64PFR0_EL1);
-	if (cpuid_feature_extract_unsigned_field(pfr0, ID_AA64PFR0_CSV2_SHIFT))
-		return SPECTRE_UNAFFECTED;
-
-	/* Alternatively, we have a list of unaffected CPUs */
-	if (is_midr_in_range_list(read_cpuid_id(), spectre_v2_safe_list))
-		return SPECTRE_UNAFFECTED;
-
-	return SPECTRE_VULNERABLE;
-}
-
-static enum mitigation_state spectre_v2_get_cpu_fw_mitigation_state(void)
-{
-	int ret;
-	struct arm_smccc_res res;
-
-	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
-			     ARM_SMCCC_ARCH_WORKAROUND_1, &res);
-
-	ret = res.a0;
-	switch (ret) {
-	case SMCCC_RET_SUCCESS:
-		return SPECTRE_MITIGATED;
-	case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:
-		return SPECTRE_UNAFFECTED;
-	default:
-		fallthrough;
-	case SMCCC_RET_NOT_SUPPORTED:
-		return SPECTRE_VULNERABLE;
-	}
-}
-
-bool has_spectre_v2(const struct arm64_cpu_capabilities *entry, int scope)
-{
-	WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
-
-	if (spectre_v2_get_cpu_hw_mitigation_state() == SPECTRE_UNAFFECTED)
-		return false;
-
-	if (spectre_v2_get_cpu_fw_mitigation_state() == SPECTRE_UNAFFECTED)
-		return false;
-
-	return true;
-}
-
-enum mitigation_state arm64_get_spectre_v2_state(void)
-{
-	return spectre_v2_state;
-}
-
-DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);
-
-static void install_bp_hardening_cb(bp_hardening_cb_t fn)
-{
-	__this_cpu_write(bp_hardening_data.fn, fn);
-
-	/*
-	 * Vinz Clortho takes the hyp_vecs start/end "keys" at
-	 * the door when we're a guest. Skip the hyp-vectors work.
-	 */
-	if (!is_hyp_mode_available())
-		return;
-
-	__this_cpu_write(bp_hardening_data.slot, HYP_VECTOR_SPECTRE_DIRECT);
-}
-
-/* Called during entry so must be noinstr */
-static noinstr void call_smc_arch_workaround_1(void)
-{
-	arm_smccc_1_1_smc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL);
-}
-
-/* Called during entry so must be noinstr */
-static noinstr void call_hvc_arch_workaround_1(void)
-{
-	arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL);
-}
-
-/* Called during entry so must be noinstr */
-static noinstr void qcom_link_stack_sanitisation(void)
-{
-	u64 tmp;
-
-	asm volatile("mov	%0, x30		\n"
-		     ".rept	16		\n"
-		     "bl	. + 4		\n"
-		     ".endr			\n"
-		     "mov	x30, %0		\n"
-		     : "=&r" (tmp));
-}
-
-static bp_hardening_cb_t spectre_v2_get_sw_mitigation_cb(void)
-{
-	u32 midr = read_cpuid_id();
-	if (((midr & MIDR_CPU_MODEL_MASK) != MIDR_QCOM_FALKOR) &&
-	    ((midr & MIDR_CPU_MODEL_MASK) != MIDR_QCOM_FALKOR_V1))
-		return NULL;
-
-	return qcom_link_stack_sanitisation;
-}
-
-static enum mitigation_state spectre_v2_enable_fw_mitigation(void)
-{
-	bp_hardening_cb_t cb;
-	enum mitigation_state state;
-
-	state = spectre_v2_get_cpu_fw_mitigation_state();
-	if (state != SPECTRE_MITIGATED)
-		return state;
-
-	if (spectre_v2_mitigations_off())
-		return SPECTRE_VULNERABLE;
-
-	switch (arm_smccc_1_1_get_conduit()) {
-	case SMCCC_CONDUIT_HVC:
-		cb = call_hvc_arch_workaround_1;
-		break;
-
-	case SMCCC_CONDUIT_SMC:
-		cb = call_smc_arch_workaround_1;
-		break;
-
-	default:
-		return SPECTRE_VULNERABLE;
-	}
-
-	/*
-	 * Prefer a CPU-specific workaround if it exists. Note that we
-	 * still rely on firmware for the mitigation at EL2.
-	 */
-	cb = spectre_v2_get_sw_mitigation_cb() ?: cb;
-	install_bp_hardening_cb(cb);
-	return SPECTRE_MITIGATED;
-}
-
-void spectre_v2_enable_mitigation(const struct arm64_cpu_capabilities *__unused)
-{
-	enum mitigation_state state;
-
-	WARN_ON(preemptible());
-
-	state = spectre_v2_get_cpu_hw_mitigation_state();
-	if (state == SPECTRE_VULNERABLE)
-		state = spectre_v2_enable_fw_mitigation();
-
-	update_mitigation_state(&spectre_v2_state, state);
-}
-
-/*
- * Spectre-v3a.
- *
- * Phew, there's not an awful lot to do here! We just instruct EL2 to use
- * an indirect trampoline for the hyp vectors so that guests can't read
- * VBAR_EL2 to defeat randomisation of the hypervisor VA layout.
- */
-bool has_spectre_v3a(const struct arm64_cpu_capabilities *entry, int scope)
-{
-	static const struct midr_range spectre_v3a_unsafe_list[] = {
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
-		{},
-	};
-
-	WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
-	return is_midr_in_range_list(read_cpuid_id(), spectre_v3a_unsafe_list);
-}
-
-void spectre_v3a_enable_mitigation(const struct arm64_cpu_capabilities *__unused)
-{
-	struct bp_hardening_data *data = this_cpu_ptr(&bp_hardening_data);
-
-	if (this_cpu_has_cap(ARM64_SPECTRE_V3A))
-		data->slot += HYP_VECTOR_INDIRECT;
-}
-
-/*
- * Spectre v4.
- *
- * If you thought Spectre v2 was nasty, wait until you see this mess. A CPU is
- * either:
- *
- * - Mitigated in hardware and listed in our "safe list".
- * - Mitigated in hardware via PSTATE.SSBS.
- * - Mitigated in software by firmware (sometimes referred to as SSBD).
- *
- * Wait, that doesn't sound so bad, does it? Keep reading...
- *
- * A major source of headaches is that the software mitigation is enabled both
- * on a per-task basis, but can also be forced on for the kernel, necessitating
- * both context-switch *and* entry/exit hooks. To make it even worse, some CPUs
- * allow EL0 to toggle SSBS directly, which can end up with the prctl() state
- * being stale when re-entering the kernel. The usual big.LITTLE caveats apply,
- * so you can have systems that have both firmware and SSBS mitigations. This
- * means we actually have to reject late onlining of CPUs with mitigations if
- * all of the currently onlined CPUs are safelisted, as the mitigation tends to
- * be opt-in for userspace. Yes, really, the cure is worse than the disease.
- *
- * The only good part is that if the firmware mitigation is present, then it is
- * present for all CPUs, meaning we don't have to worry about late onlining of a
- * vulnerable CPU if one of the boot CPUs is using the firmware mitigation.
- *
- * Give me a VAX-11/780 any day of the week...
- */
-static enum mitigation_state spectre_v4_state;
-
-/* This is the per-cpu state tracking whether we need to talk to firmware */
-DEFINE_PER_CPU_READ_MOSTLY(u64, arm64_ssbd_callback_required);
-
-enum spectre_v4_policy {
-	SPECTRE_V4_POLICY_MITIGATION_DYNAMIC,
-	SPECTRE_V4_POLICY_MITIGATION_ENABLED,
-	SPECTRE_V4_POLICY_MITIGATION_DISABLED,
-};
-
-static enum spectre_v4_policy __read_mostly __spectre_v4_policy;
-
-static const struct spectre_v4_param {
-	const char		*str;
-	enum spectre_v4_policy	policy;
-} spectre_v4_params[] = {
-	{ "force-on",	SPECTRE_V4_POLICY_MITIGATION_ENABLED, },
-	{ "force-off",	SPECTRE_V4_POLICY_MITIGATION_DISABLED, },
-	{ "kernel",	SPECTRE_V4_POLICY_MITIGATION_DYNAMIC, },
-};
-static int __init parse_spectre_v4_param(char *str)
-{
-	int i;
-
-	if (!str || !str[0])
-		return -EINVAL;
-
-	for (i = 0; i < ARRAY_SIZE(spectre_v4_params); i++) {
-		const struct spectre_v4_param *param = &spectre_v4_params[i];
-
-		if (strncmp(str, param->str, strlen(param->str)))
-			continue;
-
-		__spectre_v4_policy = param->policy;
-		return 0;
-	}
-
-	return -EINVAL;
-}
-early_param("ssbd", parse_spectre_v4_param);
-
-/*
- * Because this was all written in a rush by people working in different silos,
- * we've ended up with multiple command line options to control the same thing.
- * Wrap these up in some helpers, which prefer disabling the mitigation if faced
- * with contradictory parameters. The mitigation is always either "off",
- * "dynamic" or "on".
- */
-static bool spectre_v4_mitigations_off(void)
-{
-	bool ret = cpu_mitigations_off() ||
-		   __spectre_v4_policy == SPECTRE_V4_POLICY_MITIGATION_DISABLED;
-
-	if (ret)
-		pr_info_once("spectre-v4 mitigation disabled by command-line option\n");
-
-	return ret;
-}
-
-/* Do we need to toggle the mitigation state on entry to/exit from the kernel? */
-static bool spectre_v4_mitigations_dynamic(void)
-{
-	return !spectre_v4_mitigations_off() &&
-	       __spectre_v4_policy == SPECTRE_V4_POLICY_MITIGATION_DYNAMIC;
-}
-
-static bool spectre_v4_mitigations_on(void)
-{
-	return !spectre_v4_mitigations_off() &&
-	       __spectre_v4_policy == SPECTRE_V4_POLICY_MITIGATION_ENABLED;
-}
-
-ssize_t cpu_show_spec_store_bypass(struct device *dev,
-				   struct device_attribute *attr, char *buf)
-{
-	switch (spectre_v4_state) {
-	case SPECTRE_UNAFFECTED:
-		return sprintf(buf, "Not affected\n");
-	case SPECTRE_MITIGATED:
-		return sprintf(buf, "Mitigation: Speculative Store Bypass disabled via prctl\n");
-	case SPECTRE_VULNERABLE:
-		fallthrough;
-	default:
-		return sprintf(buf, "Vulnerable\n");
-	}
-}
-
-enum mitigation_state arm64_get_spectre_v4_state(void)
-{
-	return spectre_v4_state;
-}
-
-static enum mitigation_state spectre_v4_get_cpu_hw_mitigation_state(void)
-{
-	static const struct midr_range spectre_v4_safe_list[] = {
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A35),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A53),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A55),
-		MIDR_ALL_VERSIONS(MIDR_BRAHMA_B53),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
-		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
-		{ /* sentinel */ },
-	};
-
-	if (is_midr_in_range_list(read_cpuid_id(), spectre_v4_safe_list))
-		return SPECTRE_UNAFFECTED;
-
-	/* CPU features are detected first */
-	if (this_cpu_has_cap(ARM64_SSBS))
-		return SPECTRE_MITIGATED;
-
-	return SPECTRE_VULNERABLE;
-}
-
-static enum mitigation_state spectre_v4_get_cpu_fw_mitigation_state(void)
-{
-	int ret;
-	struct arm_smccc_res res;
-
-	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
-			     ARM_SMCCC_ARCH_WORKAROUND_2, &res);
-
-	ret = res.a0;
-	switch (ret) {
-	case SMCCC_RET_SUCCESS:
-		return SPECTRE_MITIGATED;
-	case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:
-		fallthrough;
-	case SMCCC_RET_NOT_REQUIRED:
-		return SPECTRE_UNAFFECTED;
-	default:
-		fallthrough;
-	case SMCCC_RET_NOT_SUPPORTED:
-		return SPECTRE_VULNERABLE;
-	}
-}
-
-bool has_spectre_v4(const struct arm64_cpu_capabilities *cap, int scope)
-{
-	enum mitigation_state state;
-
-	WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
-
-	state = spectre_v4_get_cpu_hw_mitigation_state();
-	if (state == SPECTRE_VULNERABLE)
-		state = spectre_v4_get_cpu_fw_mitigation_state();
-
-	return state != SPECTRE_UNAFFECTED;
-}
-
-static int ssbs_emulation_handler(struct pt_regs *regs, u32 instr)
-{
-	if (user_mode(regs))
-		return 1;
-
-	if (instr & BIT(PSTATE_Imm_shift))
-		regs->pstate |= PSR_SSBS_BIT;
-	else
-		regs->pstate &= ~PSR_SSBS_BIT;
-
-	arm64_skip_faulting_instruction(regs, 4);
-	return 0;
-}
-
-static struct undef_hook ssbs_emulation_hook = {
-	.instr_mask	= ~(1U << PSTATE_Imm_shift),
-	.instr_val	= 0xd500401f | PSTATE_SSBS,
-	.fn		= ssbs_emulation_handler,
-};
-
-static enum mitigation_state spectre_v4_enable_hw_mitigation(void)
-{
-	static bool undef_hook_registered = false;
-	static DEFINE_RAW_SPINLOCK(hook_lock);
-	enum mitigation_state state;
-
-	/*
-	 * If the system is mitigated but this CPU doesn't have SSBS, then
-	 * we must be on the safelist and there's nothing more to do.
-	 */
-	state = spectre_v4_get_cpu_hw_mitigation_state();
-	if (state != SPECTRE_MITIGATED || !this_cpu_has_cap(ARM64_SSBS))
-		return state;
-
-	raw_spin_lock(&hook_lock);
-	if (!undef_hook_registered) {
-		register_undef_hook(&ssbs_emulation_hook);
-		undef_hook_registered = true;
-	}
-	raw_spin_unlock(&hook_lock);
-
-	if (spectre_v4_mitigations_off()) {
-		sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_DSSBS);
-		set_pstate_ssbs(1);
-		return SPECTRE_VULNERABLE;
-	}
-
-	/* SCTLR_EL1.DSSBS was initialised to 0 during boot */
-	set_pstate_ssbs(0);
-	return SPECTRE_MITIGATED;
-}
-
-/*
- * Patch a branch over the Spectre-v4 mitigation code with a NOP so that
- * we fallthrough and check whether firmware needs to be called on this CPU.
- */
-void __init spectre_v4_patch_fw_mitigation_enable(struct alt_instr *alt,
-						  __le32 *origptr,
-						  __le32 *updptr, int nr_inst)
-{
-	BUG_ON(nr_inst != 1); /* Branch -> NOP */
-
-	if (spectre_v4_mitigations_off())
-		return;
-
-	if (cpus_have_final_cap(ARM64_SSBS))
-		return;
-
-	if (spectre_v4_mitigations_dynamic())
-		*updptr = cpu_to_le32(aarch64_insn_gen_nop());
-}
-
-/*
- * Patch a NOP in the Spectre-v4 mitigation code with an SMC/HVC instruction
- * to call into firmware to adjust the mitigation state.
- */
-void __init smccc_patch_fw_mitigation_conduit(struct alt_instr *alt,
-					       __le32 *origptr,
-					       __le32 *updptr, int nr_inst)
-{
-	u32 insn;
-
-	BUG_ON(nr_inst != 1); /* NOP -> HVC/SMC */
-
-	switch (arm_smccc_1_1_get_conduit()) {
-	case SMCCC_CONDUIT_HVC:
-		insn = aarch64_insn_get_hvc_value();
-		break;
-	case SMCCC_CONDUIT_SMC:
-		insn = aarch64_insn_get_smc_value();
-		break;
-	default:
-		return;
-	}
-
-	*updptr = cpu_to_le32(insn);
-}
-
-static enum mitigation_state spectre_v4_enable_fw_mitigation(void)
-{
-	enum mitigation_state state;
-
-	state = spectre_v4_get_cpu_fw_mitigation_state();
-	if (state != SPECTRE_MITIGATED)
-		return state;
-
-	if (spectre_v4_mitigations_off()) {
-		arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_WORKAROUND_2, false, NULL);
-		return SPECTRE_VULNERABLE;
-	}
-
-	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_WORKAROUND_2, true, NULL);
-
-	if (spectre_v4_mitigations_dynamic())
-		__this_cpu_write(arm64_ssbd_callback_required, 1);
-
-	return SPECTRE_MITIGATED;
-}
-
-void spectre_v4_enable_mitigation(const struct arm64_cpu_capabilities *__unused)
-{
-	enum mitigation_state state;
-
-	WARN_ON(preemptible());
-
-	state = spectre_v4_enable_hw_mitigation();
-	if (state == SPECTRE_VULNERABLE)
-		state = spectre_v4_enable_fw_mitigation();
-
-	update_mitigation_state(&spectre_v4_state, state);
-}
-
-static void __update_pstate_ssbs(struct pt_regs *regs, bool state)
-{
-	u64 bit = compat_user_mode(regs) ? PSR_AA32_SSBS_BIT : PSR_SSBS_BIT;
-
-	if (state)
-		regs->pstate |= bit;
-	else
-		regs->pstate &= ~bit;
-}
-
-void spectre_v4_enable_task_mitigation(struct task_struct *tsk)
-{
-	struct pt_regs *regs = task_pt_regs(tsk);
-	bool ssbs = false, kthread = tsk->flags & PF_KTHREAD;
-
-	if (spectre_v4_mitigations_off())
-		ssbs = true;
-	else if (spectre_v4_mitigations_dynamic() && !kthread)
-		ssbs = !test_tsk_thread_flag(tsk, TIF_SSBD);
-
-	__update_pstate_ssbs(regs, ssbs);
-}
-
-/*
- * The Spectre-v4 mitigation can be controlled via a prctl() from userspace.
- * This is interesting because the "speculation disabled" behaviour can be
- * configured so that it is preserved across exec(), which means that the
- * prctl() may be necessary even when PSTATE.SSBS can be toggled directly
- * from userspace.
- */
-static void ssbd_prctl_enable_mitigation(struct task_struct *task)
-{
-	task_clear_spec_ssb_noexec(task);
-	task_set_spec_ssb_disable(task);
-	set_tsk_thread_flag(task, TIF_SSBD);
-}
-
-static void ssbd_prctl_disable_mitigation(struct task_struct *task)
-{
-	task_clear_spec_ssb_noexec(task);
-	task_clear_spec_ssb_disable(task);
-	clear_tsk_thread_flag(task, TIF_SSBD);
-}
-
-static int ssbd_prctl_set(struct task_struct *task, unsigned long ctrl)
-{
-	switch (ctrl) {
-	case PR_SPEC_ENABLE:
-		/* Enable speculation: disable mitigation */
-		/*
-		 * Force disabled speculation prevents it from being
-		 * re-enabled.
-		 */
-		if (task_spec_ssb_force_disable(task))
-			return -EPERM;
-
-		/*
-		 * If the mitigation is forced on, then speculation is forced
-		 * off and we again prevent it from being re-enabled.
-		 */
-		if (spectre_v4_mitigations_on())
-			return -EPERM;
-
-		ssbd_prctl_disable_mitigation(task);
-		break;
-	case PR_SPEC_FORCE_DISABLE:
-		/* Force disable speculation: force enable mitigation */
-		/*
-		 * If the mitigation is forced off, then speculation is forced
-		 * on and we prevent it from being disabled.
-		 */
-		if (spectre_v4_mitigations_off())
-			return -EPERM;
-
-		task_set_spec_ssb_force_disable(task);
-		fallthrough;
-	case PR_SPEC_DISABLE:
-		/* Disable speculation: enable mitigation */
-		/* Same as PR_SPEC_FORCE_DISABLE */
-		if (spectre_v4_mitigations_off())
-			return -EPERM;
-
-		ssbd_prctl_enable_mitigation(task);
-		break;
-	case PR_SPEC_DISABLE_NOEXEC:
-		/* Disable speculation until execve(): enable mitigation */
-		/*
-		 * If the mitigation state is forced one way or the other, then
-		 * we must fail now before we try to toggle it on execve().
-		 */
-		if (task_spec_ssb_force_disable(task) ||
-		    spectre_v4_mitigations_off() ||
-		    spectre_v4_mitigations_on()) {
-			return -EPERM;
-		}
-
-		ssbd_prctl_enable_mitigation(task);
-		task_set_spec_ssb_noexec(task);
-		break;
-	default:
-		return -ERANGE;
-	}
-
-	spectre_v4_enable_task_mitigation(task);
-	return 0;
-}
-
-int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
-			     unsigned long ctrl)
-{
-	switch (which) {
-	case PR_SPEC_STORE_BYPASS:
-		return ssbd_prctl_set(task, ctrl);
-	default:
-		return -ENODEV;
-	}
-}
-
-static int ssbd_prctl_get(struct task_struct *task)
-{
-	switch (spectre_v4_state) {
-	case SPECTRE_UNAFFECTED:
-		return PR_SPEC_NOT_AFFECTED;
-	case SPECTRE_MITIGATED:
-		if (spectre_v4_mitigations_on())
-			return PR_SPEC_NOT_AFFECTED;
-
-		if (spectre_v4_mitigations_dynamic())
-			break;
-
-		/* Mitigations are disabled, so we're vulnerable. */
-		fallthrough;
-	case SPECTRE_VULNERABLE:
-		fallthrough;
-	default:
-		return PR_SPEC_ENABLE;
-	}
-
-	/* Check the mitigation state for this task */
-	if (task_spec_ssb_force_disable(task))
-		return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
-
-	if (task_spec_ssb_noexec(task))
-		return PR_SPEC_PRCTL | PR_SPEC_DISABLE_NOEXEC;
-
-	if (task_spec_ssb_disable(task))
-		return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
-
-	return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
-}
-
-int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
-{
-	switch (which) {
-	case PR_SPEC_STORE_BYPASS:
-		return ssbd_prctl_get(task);
-	default:
-		return -ENODEV;
-	}
-}
-
-/*
- * Spectre BHB.
- *
- * A CPU is either:
- * - Mitigated by a branchy loop a CPU specific number of times, and listed
- *   in our "loop mitigated list".
- * - Mitigated in software by the firmware Spectre v2 call.
- * - Has the ClearBHB instruction to perform the mitigation.
- * - Has the 'Exception Clears Branch History Buffer' (ECBHB) feature, so no
- *   software mitigation in the vectors is needed.
- * - Has CSV2.3, so is unaffected.
- */
-static enum mitigation_state spectre_bhb_state;
-
-enum mitigation_state arm64_get_spectre_bhb_state(void)
-{
-	return spectre_bhb_state;
-}
-
-enum bhb_mitigation_bits {
-	BHB_LOOP,
-	BHB_FW,
-	BHB_HW,
-	BHB_INSN,
-};
-static unsigned long system_bhb_mitigations;
-
-/*
- * This must be called with SCOPE_LOCAL_CPU for each type of CPU, before any
- * SCOPE_SYSTEM call will give the right answer.
- */
-u8 spectre_bhb_loop_affected(int scope)
-{
-	u8 k = 0;
-	static u8 max_bhb_k;
-
-	if (scope == SCOPE_LOCAL_CPU) {
-		static const struct midr_range spectre_bhb_k32_list[] = {
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_X1),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_X2),
-			MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
-			MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1),
-			{},
-		};
-		static const struct midr_range spectre_bhb_k24_list[] = {
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A76),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A77),
-			MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1),
-			{},
-		};
-		static const struct midr_range spectre_bhb_k8_list[] = {
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
-			MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
-			{},
-		};
-
-		if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list))
-			k = 32;
-		else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list))
-			k = 24;
-		else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k8_list))
-			k =  8;
-
-		max_bhb_k = max(max_bhb_k, k);
-	} else {
-		k = max_bhb_k;
-	}
-
-	return k;
-}
-
-static enum mitigation_state spectre_bhb_get_cpu_fw_mitigation_state(void)
-{
-	int ret;
-	struct arm_smccc_res res;
-
-	arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
-			     ARM_SMCCC_ARCH_WORKAROUND_3, &res);
-
-	ret = res.a0;
-	switch (ret) {
-	case SMCCC_RET_SUCCESS:
-		return SPECTRE_MITIGATED;
-	case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:
-		return SPECTRE_UNAFFECTED;
-	default:
-		fallthrough;
-	case SMCCC_RET_NOT_SUPPORTED:
-		return SPECTRE_VULNERABLE;
-	}
-}
-
-static bool is_spectre_bhb_fw_affected(int scope)
-{
-	static bool system_affected;
-	enum mitigation_state fw_state;
-	bool has_smccc = arm_smccc_1_1_get_conduit() != SMCCC_CONDUIT_NONE;
-	static const struct midr_range spectre_bhb_firmware_mitigated_list[] = {
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
-		MIDR_ALL_VERSIONS(MIDR_CORTEX_A75),
-		{},
-	};
-	bool cpu_in_list = is_midr_in_range_list(read_cpuid_id(),
-					 spectre_bhb_firmware_mitigated_list);
-
-	if (scope != SCOPE_LOCAL_CPU)
-		return system_affected;
-
-	fw_state = spectre_bhb_get_cpu_fw_mitigation_state();
-	if (cpu_in_list || (has_smccc && fw_state == SPECTRE_MITIGATED)) {
-		system_affected = true;
-		return true;
-	}
-
-	return false;
-}
-
-static bool supports_ecbhb(int scope)
-{
-	u64 mmfr1;
-
-	if (scope == SCOPE_LOCAL_CPU)
-		mmfr1 = read_sysreg_s(SYS_ID_AA64MMFR1_EL1);
-	else
-		mmfr1 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1);
-
-	return cpuid_feature_extract_unsigned_field(mmfr1,
-						    ID_AA64MMFR1_ECBHB_SHIFT);
-}
-
-bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry,
-			     int scope)
-{
-	WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
-
-	if (supports_csv2p3(scope))
-		return false;
-
-	if (supports_clearbhb(scope))
-		return true;
-
-	if (spectre_bhb_loop_affected(scope))
-		return true;
-
-	if (is_spectre_bhb_fw_affected(scope))
-		return true;
-
-	return false;
-}
-
-static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot)
-{
-	const char *v = arm64_get_bp_hardening_vector(slot);
-
-	if (slot < 0)
-		return;
-
-	__this_cpu_write(this_cpu_vector, v);
-
-	/*
-	 * When KPTI is in use, the vectors are switched when exiting to
-	 * user-space.
-	 */
-	if (arm64_kernel_unmapped_at_el0())
-		return;
-
-	write_sysreg(v, vbar_el1);
-	isb();
-}
-
-void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
-{
-	bp_hardening_cb_t cpu_cb;
-	enum mitigation_state fw_state, state = SPECTRE_VULNERABLE;
-	struct bp_hardening_data *data = this_cpu_ptr(&bp_hardening_data);
-
-	if (!is_spectre_bhb_affected(entry, SCOPE_LOCAL_CPU))
-		return;
-
-	if (arm64_get_spectre_v2_state() == SPECTRE_VULNERABLE) {
-		/* No point mitigating Spectre-BHB alone. */
-	} else if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY)) {
-		pr_info_once("spectre-bhb mitigation disabled by compile time option\n");
-	} else if (cpu_mitigations_off()) {
-		pr_info_once("spectre-bhb mitigation disabled by command line option\n");
-	} else if (supports_ecbhb(SCOPE_LOCAL_CPU)) {
-		state = SPECTRE_MITIGATED;
-		set_bit(BHB_HW, &system_bhb_mitigations);
-	} else if (supports_clearbhb(SCOPE_LOCAL_CPU)) {
-		/*
-		 * Ensure KVM uses the indirect vector which will have ClearBHB
-		 * added.
-		 */
-		if (!data->slot)
-			data->slot = HYP_VECTOR_INDIRECT;
-
-		this_cpu_set_vectors(EL1_VECTOR_BHB_CLEAR_INSN);
-		state = SPECTRE_MITIGATED;
-		set_bit(BHB_INSN, &system_bhb_mitigations);
-	} else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) {
-		/*
-		 * Ensure KVM uses the indirect vector which will have the
-		 * branchy-loop added. A57/A72-r0 will already have selected
-		 * the spectre-indirect vector, which is sufficient for BHB
-		 * too.
-		 */
-		if (!data->slot)
-			data->slot = HYP_VECTOR_INDIRECT;
-
-		this_cpu_set_vectors(EL1_VECTOR_BHB_LOOP);
-		state = SPECTRE_MITIGATED;
-		set_bit(BHB_LOOP, &system_bhb_mitigations);
-	} else if (is_spectre_bhb_fw_affected(SCOPE_LOCAL_CPU)) {
-		fw_state = spectre_bhb_get_cpu_fw_mitigation_state();
-		if (fw_state == SPECTRE_MITIGATED) {
-			/*
-			 * Ensure KVM uses one of the spectre bp_hardening
-			 * vectors. The indirect vector doesn't include the EL3
-			 * call, so needs upgrading to
-			 * HYP_VECTOR_SPECTRE_INDIRECT.
-			 */
-			if (!data->slot || data->slot == HYP_VECTOR_INDIRECT)
-				data->slot += 1;
-
-			this_cpu_set_vectors(EL1_VECTOR_BHB_FW);
-
-			/*
-			 * The WA3 call in the vectors supersedes the WA1 call
-			 * made during context-switch. Uninstall any firmware
-			 * bp_hardening callback.
-			 */
-			cpu_cb = spectre_v2_get_sw_mitigation_cb();
-			if (__this_cpu_read(bp_hardening_data.fn) != cpu_cb)
-				__this_cpu_write(bp_hardening_data.fn, NULL);
-
-			state = SPECTRE_MITIGATED;
-			set_bit(BHB_FW, &system_bhb_mitigations);
-		}
-	}
-
-	update_mitigation_state(&spectre_bhb_state, state);
-}
-
-/* Patched to NOP when enabled */
-void noinstr spectre_bhb_patch_loop_mitigation_enable(struct alt_instr *alt,
-						     __le32 *origptr,
-						      __le32 *updptr, int nr_inst)
-{
-	BUG_ON(nr_inst != 1);
-
-	if (test_bit(BHB_LOOP, &system_bhb_mitigations))
-		*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
-}
-
-/* Patched to NOP when enabled */
-void noinstr spectre_bhb_patch_fw_mitigation_enabled(struct alt_instr *alt,
-						   __le32 *origptr,
-						   __le32 *updptr, int nr_inst)
-{
-	BUG_ON(nr_inst != 1);
-
-	if (test_bit(BHB_FW, &system_bhb_mitigations))
-		*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
-}
-
-/* Patched to correct the immediate */
-void noinstr spectre_bhb_patch_loop_iter(struct alt_instr *alt,
-				   __le32 *origptr, __le32 *updptr, int nr_inst)
-{
-	u8 rd;
-	u32 insn;
-	u16 loop_count = spectre_bhb_loop_affected(SCOPE_SYSTEM);
-
-	BUG_ON(nr_inst != 1); /* MOV -> MOV */
-
-	if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY))
-		return;
-
-	insn = le32_to_cpu(*origptr);
-	rd = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RD, insn);
-	insn = aarch64_insn_gen_movewide(rd, loop_count, 0,
-					 AARCH64_INSN_VARIANT_64BIT,
-					 AARCH64_INSN_MOVEWIDE_ZERO);
-	*updptr++ = cpu_to_le32(insn);
-}
-
-/* Patched to mov WA3 when supported */
-void noinstr spectre_bhb_patch_wa3(struct alt_instr *alt,
-				   __le32 *origptr, __le32 *updptr, int nr_inst)
-{
-	u8 rd;
-	u32 insn;
-
-	BUG_ON(nr_inst != 1); /* MOV -> MOV */
-
-	if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY) ||
-	    !test_bit(BHB_FW, &system_bhb_mitigations))
-		return;
-
-	insn = le32_to_cpu(*origptr);
-	rd = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RD, insn);
-
-	insn = aarch64_insn_gen_logical_immediate(AARCH64_INSN_LOGIC_ORR,
-						  AARCH64_INSN_VARIANT_32BIT,
-						  AARCH64_INSN_REG_ZR, rd,
-						  ARM_SMCCC_ARCH_WORKAROUND_3);
-	if (WARN_ON_ONCE(insn == AARCH64_BREAK_FAULT))
-		return;
-
-	*updptr++ = cpu_to_le32(insn);
-}
-
-/* Patched to NOP when not supported */
-void __init spectre_bhb_patch_clearbhb(struct alt_instr *alt,
-				   __le32 *origptr, __le32 *updptr, int nr_inst)
-{
-	BUG_ON(nr_inst != 2);
-
-	if (test_bit(BHB_INSN, &system_bhb_mitigations))
-		return;
-
-	*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
-	*updptr++ = cpu_to_le32(aarch64_insn_gen_nop());
-}
-
-#ifdef CONFIG_BPF_SYSCALL
-#define EBPF_WARN "Unprivileged eBPF is enabled, data leaks possible via Spectre v2 BHB attacks!\n"
-void unpriv_ebpf_notify(int new_state)
-{
-	if (spectre_v2_state == SPECTRE_VULNERABLE ||
-	    spectre_bhb_state != SPECTRE_MITIGATED)
-		return;
-
-	if (!new_state)
-		pr_err("WARNING: %s", EBPF_WARN);
-}
-#endif

================================================================================
*    ONLY IN PATCH2 - files not modified by patch1                             *
================================================================================

--- a/arch/arm64/kernel/proton-pack.c
+++ b/arch/arm64/kernel/proton-pack.c
@@ -853,6 +853,7 @@ u8 spectre_bhb_loop_affected(int scope)
 	if (scope == SCOPE_LOCAL_CPU) {
 		static const struct midr_range spectre_bhb_k32_list[] = {
 			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78),
+			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE),
 			MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C),
 			MIDR_ALL_VERSIONS(MIDR_CORTEX_X1),
 			MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),

• ⚠️ PR commit 5af0a38924cc (arm64: cputype: Add Cortex-X4 definitions) → upstream 02a0a04676fa
  Differences found:

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -86,6 +86,7 @@
 #define ARM_CPU_PART_CORTEX_X2		0xD48
 #define ARM_CPU_PART_NEOVERSE_N2	0xD49
 #define ARM_CPU_PART_CORTEX_A78C	0xD4B
+#define ARM_CPU_PART_CORTEX_X4		0xD82
 
 #define APM_CPU_PART_XGENE		0x000
 #define APM_CPU_VAR_POTENZA		0x00
@@ -159,6 +160,7 @@
 #define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2)
 #define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2)
 #define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
+#define MIDR_CORTEX_X4 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X4)
 #define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
 #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX)

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -139,6 +157,5 @@
 #define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2)
 #define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
-#define MIDR_NEOVERSE_V2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V2)
 #define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
 #define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX)

• ⚠️ PR commit 6e8837d607a0 (arm64: cputype: Add Neoverse-V3 definitions) → upstream 0ce85db6c214
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -141,5 +159,4 @@
 #define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
-#define MIDR_NEOVERSE_V2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V2)
 #define MIDR_CORTEX_X4 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X4)
 #define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
 #define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)

• ⚠️ PR commit 5cb82e300f76 (arm64: cputype: Add Cortex-X925 definitions) → upstream fd2ff5f0b320
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -88,4 +88,4 @@
-#define ARM_CPU_PART_NEOVERSE_V2	0xD4F
+#define ARM_CPU_PART_CORTEX_A720	0xD81
 #define ARM_CPU_PART_CORTEX_X4		0xD82
 #define ARM_CPU_PART_NEOVERSE_V3	0xD84

• ⚠️ PR commit 8caa8904c508 (arm64: cputype: Add Cortex-X1C definitions) → upstream 58d245e03c32
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -147,4 +167,4 @@
 #define MIDR_CORTEX_A78C	MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
 #define MIDR_CORTEX_X3 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X3)
 #define MIDR_NEOVERSE_V2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V2)
-#define MIDR_CORTEX_X4 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X4)
+#define MIDR_CORTEX_A720 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A720)

• ⚠️ PR commit fac45efddd6c (arm64: cputype: Add Neoverse-V3AE definitions) → upstream 3bbf004c4808
  Differences found:

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -150,5 +179,6 @@
 #define MIDR_NEOVERSE_V2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V2)
+#define MIDR_CORTEX_A720 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A720)
 #define MIDR_CORTEX_X4 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X4)
 #define MIDR_NEOVERSE_V3 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V3)
 #define MIDR_CORTEX_X925 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X925)
-#define MIDR_THUNDERX	MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
+#define MIDR_CORTEX_A725 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A725)

• ⚠️ PR commit 69bfc8fc8b69 (arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata) → upstream fb091ff39479
  Differences found:

================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -133,6 +133,7 @@
 #define HISI_CPU_PART_TSV110		0xD01
 
 #define AMPERE_CPU_PART_AMPERE1		0xAC3
+
 #define MICROSOFT_CPU_PART_AZURE_COBALT_100	0xD49 /* Based on r0p0 of ARM Neoverse N2 */
 
 #define MIDR_CORTEX_A53 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A53)

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -178,5 +190,5 @@
-#define MIDR_FUJITSU_A64FX MIDR_CPU_MODEL(ARM_CPU_IMP_FUJITSU, FUJITSU_CPU_PART_A64FX)
-#define MIDR_HISI_TSV110 MIDR_CPU_MODEL(ARM_CPU_IMP_HISI, HISI_CPU_PART_TSV110)
+#define MIDR_APPLE_M2_BLIZZARD_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_BLIZZARD_MAX)
+#define MIDR_APPLE_M2_AVALANCHE_MAX MIDR_CPU_MODEL(ARM_CPU_IMP_APPLE, APPLE_CPU_PART_M2_AVALANCHE_MAX)
 #define MIDR_AMPERE1 MIDR_CPU_MODEL(ARM_CPU_IMP_AMPERE, AMPERE_CPU_PART_AMPERE1)
 
 /* Fujitsu Erratum 010001 affects A64FX 1.0 and 1.1, (v0r0 and v1r0) */

================================================================================
*    ONLY IN PATCH2 - files not modified by patch1                             *
================================================================================

--- a/Documentation/arch/arm64/silicon-errata.rst
+++ b/Documentation/arch/arm64/silicon-errata.rst
@@ -243,3 +243,10 @@ stable kernels.
 +----------------+-----------------+-----------------+-----------------------------+
 | ASR            | ASR8601         | #8601001        | N/A                         |
 +----------------+-----------------+-----------------+-----------------------------+
++----------------+-----------------+-----------------+-----------------------------+
+| Microsoft      | Azure Cobalt 100| #2139208        | ARM64_ERRATUM_2139208       |
++----------------+-----------------+-----------------+-----------------------------+
+| Microsoft      | Azure Cobalt 100| #2067961        | ARM64_ERRATUM_2067961       |
++----------------+-----------------+-----------------+-----------------------------+
+| Microsoft      | Azure Cobalt 100| #2253138        | ARM64_ERRATUM_2253138       |
++----------------+-----------------+-----------------+-----------------------------+
--- a/arch/arm64/kernel/cpu_errata.c
+++ b/arch/arm64/kernel/cpu_errata.c
@@ -374,6 +374,7 @@ static const struct midr_range erratum_1463225[] = {
 static const struct midr_range trbe_overwrite_fill_mode_cpus[] = {
 #ifdef CONFIG_ARM64_ERRATUM_2139208
 	MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
+	MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100),
 #endif
 #ifdef CONFIG_ARM64_ERRATUM_2119858
 	MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),
@@ -387,6 +388,7 @@ static const struct midr_range trbe_overwrite_fill_mode_cpus[] = {
 static const struct midr_range tsb_flush_fail_cpus[] = {
 #ifdef CONFIG_ARM64_ERRATUM_2067961
 	MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
+	MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100),
 #endif
 #ifdef CONFIG_ARM64_ERRATUM_2054223
 	MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),
@@ -399,6 +401,7 @@ static const struct midr_range tsb_flush_fail_cpus[] = {
 static struct midr_range trbe_write_out_of_range_cpus[] = {
 #ifdef CONFIG_ARM64_ERRATUM_2253138
 	MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
+	MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100),
 #endif
 #ifdef CONFIG_ARM64_ERRATUM_2224489
 	MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),

This is an automated interdiff check for backported commits.

[github-actions]

JIRA PR Check Results

7 commit(s) with issues found:

Commit 05b94692e9ba

Summary: tipc: fix NULL deref in cleanup_bearer()

❌ Errors:

• VULN-160088: Status is 'To Do', expected 'In Progress'
• VULN-160088: LTS product 'fips-8-compliant' not found in release_map

⚠️ Warnings:

• VULN-160088: No time logged - please log time manually

Commit 146899475c8e

Summary: net: fix udp gso skb_segment after pull from frag_list

❌ Errors:

• VULN-156444: Status is 'Done', expected 'In Progress'
• VULN-156444: LTS product 'fips-8.10' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'
• VULN-156445: Status is 'Done', expected 'In Progress'
• VULN-156445: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit ed4fe10baefc

Summary: bpf: Fix a segment issue when downgrading gso_size

❌ Errors:

• VULN-38750: Status is 'Done', expected 'In Progress'
• VULN-38750: LTS product 'fips-8.10' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'
• VULN-38751: Status is 'Done', expected 'In Progress'
• VULN-38751: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit 3544a24c43bf

Summary: gso: fix udp gso fraglist segmentation after pull from frag_list

❌ Errors:

• VULN-45766: Status is 'Done', expected 'In Progress'
• VULN-45766: LTS product 'fips-8.10' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'
• VULN-45767: Status is 'Done', expected 'In Progress'
• VULN-45767: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit 8f52164c4f64

Summary: netdevsim: Fix memory leak of nsim_dev->fa_cookie

❌ Errors:

• VULN-65790: Status is 'Done', expected 'In Progress'
• VULN-65790: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit 95c8ee122ba3

Summary: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

❌ Errors:

• VULN-56026: Status is 'Done', expected 'In Progress'
• VULN-56026: LTS product 'fips-8.6' expects branch 'fips-8-compliant/4.18.0-553.16.1', but merge target is 'rlc-8/4.18.0-553.132.1.el8_10'

Commit 6bc62c342f78

Summary: tipc: Fix use-after-free of kernel socket in cleanup_bearer().

❌ Errors:

• VULN-12931: Status is 'Done', expected 'In Progress'
• VULN-12931: LTS product 'fips-8-compliant' not found in release_map

---

Summary: Checked 71 commit(s) total.

[github-actions]

⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch.

[github-actions]

❌ Validation checks completed with issues View full results: https://github.com/ctrliq/kernel-src-tree/actions/runs/27385365926