drop all previously applied commits

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

10 files changed, 0 insertions, 727 deletions

diff --git a/queue/ALSA-usb-audio-fix-overeager-device-match-for-MacroS.patch b/queue/ALSA-usb-audio-fix-overeager-device-match-for-MacroS.patch
deleted file mode 100644
index 04e0be9a..00000000
--- a/queue/ALSA-usb-audio-fix-overeager-device-match-for-MacroS.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 14a720dc1f5332f3bdf30a23a3bc549e81be974c Mon Sep 17 00:00:00 2001
-From: Hector Martin <marcan@marcan.st>
-Date: Mon, 10 Aug 2020 13:53:19 +0900
-Subject: [PATCH] ALSA: usb-audio: fix overeager device match for MacroSilicon
- MS2109
-
-commit 14a720dc1f5332f3bdf30a23a3bc549e81be974c upstream.
-
-Matching by device matches all interfaces, which breaks the video/HID
-portions of the device depending on module load order.
-
-Fixes: e337bf19f6af ("ALSA: usb-audio: add quirk for MacroSilicon MS2109")
-Cc: stable@vger.kernel.org
-Signed-off-by: Hector Martin <marcan@marcan.st>
-Link: https://lore.kernel.org/r/20200810045319.128745-1-marcan@marcan.st
-Signed-off-by: Takashi Iwai <tiwai@suse.de>
-
-diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h
-index adb3b62afed4..9c3c03dc96d3 100644
---- a/sound/usb/quirks-table.h
-+++ b/sound/usb/quirks-table.h
-@@ -3662,7 +3662,13 @@ ALC1220_VB_DESKTOP(0x26ce, 0x0a01), /* Asrock TRX40 Creator */
-  * with.
-  */
- {
--	USB_DEVICE(0x534d, 0x2109),
-+	.match_flags = USB_DEVICE_ID_MATCH_DEVICE |
-+		       USB_DEVICE_ID_MATCH_INT_CLASS |
-+		       USB_DEVICE_ID_MATCH_INT_SUBCLASS,
-+	.idVendor = 0x534d,
-+	.idProduct = 0x2109,
-+	.bInterfaceClass = USB_CLASS_AUDIO,
-+	.bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL,
- 	.driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) {
- 		.vendor_name = "MacroSilicon",
- 		.product_name = "MS2109",
--- 
-2.27.0
-
diff --git a/queue/SUNRPC-Fix-SUNRPC-Add-len-parameter-to-gss_unwrap.patch b/queue/SUNRPC-Fix-SUNRPC-Add-len-parameter-to-gss_unwrap.patch
deleted file mode 100644
index 1a0e6b33..00000000
--- a/queue/SUNRPC-Fix-SUNRPC-Add-len-parameter-to-gss_unwrap.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From 986a4b63d3bc5f2c0eb4083b05aff2bf883b7b2f Mon Sep 17 00:00:00 2001
-From: Chuck Lever <chuck.lever@oracle.com>
-Date: Fri, 24 Jul 2020 17:08:57 -0400
-Subject: [PATCH] SUNRPC: Fix ("SUNRPC: Add "@len" parameter to gss_unwrap()")
-
-commit 986a4b63d3bc5f2c0eb4083b05aff2bf883b7b2f upstream.
-
-Braino when converting "buf->len -=" to "buf->len = len -".
-
-The result is under-estimation of the ralign and rslack values. On
-krb5p mounts, this has caused READDIR to fail with EIO, and KASAN
-splats when decoding READLINK replies.
-
-As a result of fixing this oversight, the gss_unwrap method now
-returns a buf->len that can be shorter than priv_len for small
-RPC messages. The additional adjustment done in unwrap_priv_data()
-can underflow buf->len. This causes the nfsd_request_too_large
-check to fail during some NFSv3 operations.
-
-Reported-by: Marian Rainer-Harbach
-Reported-by: Pierre Sauter <pierre.sauter@stwm.de>
-BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886277
-Fixes: 31c9590ae468 ("SUNRPC: Add "@len" parameter to gss_unwrap()")
-Reviewed-by: J. Bruce Fields <bfields@redhat.com>
-Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
-
-diff --git a/net/sunrpc/auth_gss/gss_krb5_wrap.c b/net/sunrpc/auth_gss/gss_krb5_wrap.c
-index cf0fd170ac18..90b8329fef82 100644
---- a/net/sunrpc/auth_gss/gss_krb5_wrap.c
-+++ b/net/sunrpc/auth_gss/gss_krb5_wrap.c
-@@ -584,7 +584,7 @@ gss_unwrap_kerberos_v2(struct krb5_ctx *kctx, int offset, int len,
- 							buf->head[0].iov_len);
- 	memmove(ptr, ptr + GSS_KRB5_TOK_HDR_LEN + headskip, movelen);
- 	buf->head[0].iov_len -= GSS_KRB5_TOK_HDR_LEN + headskip;
--	buf->len = len - GSS_KRB5_TOK_HDR_LEN + headskip;
-+	buf->len = len - (GSS_KRB5_TOK_HDR_LEN + headskip);
- 
- 	/* Trim off the trailing "extra count" and checksum blob */
- 	xdr_buf_trim(buf, ec + GSS_KRB5_TOK_HDR_LEN + tailskip);
-diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c
-index 7d83f54aaaa6..258b04372f85 100644
---- a/net/sunrpc/auth_gss/svcauth_gss.c
-+++ b/net/sunrpc/auth_gss/svcauth_gss.c
-@@ -990,7 +990,6 @@ unwrap_priv_data(struct svc_rqst *rqstp, struct xdr_buf *buf, u32 seq, struct gs
- 
- 	maj_stat = gss_unwrap(ctx, 0, priv_len, buf);
- 	pad = priv_len - buf->len;
--	buf->len -= pad;
- 	/* The upper layers assume the buffer is aligned on 4-byte boundaries.
- 	 * In the krb5p case, at least, the data ends up offset, so we need to
- 	 * move it around. */
--- 
-2.27.0
-
diff --git a/queue/blktrace-fix-debugfs-use-after-free.patch b/queue/blktrace-fix-debugfs-use-after-free.patch
deleted file mode 100644
index 926d9298..00000000
--- a/queue/blktrace-fix-debugfs-use-after-free.patch
+++ /dev/null
@@ -1,212 +0,0 @@
-From bad8e64fb19d3a0de5e564d9a7271c31bd684369 Mon Sep 17 00:00:00 2001
-From: Luis Chamberlain <mcgrof@kernel.org>
-Date: Fri, 19 Jun 2020 20:47:28 +0000
-Subject: [PATCH] blktrace: fix debugfs use after free
-
-commit bad8e64fb19d3a0de5e564d9a7271c31bd684369 upstream.
-
-On commit 6ac93117ab00 ("blktrace: use existing disk debugfs directory")
-merged on v4.12 Omar fixed the original blktrace code for request-based
-drivers (multiqueue). This however left in place a possible crash, if you
-happen to abuse blktrace while racing to remove / add a device.
-
-We used to use asynchronous removal of the request_queue, and with that
-the issue was easier to reproduce. Now that we have reverted to
-synchronous removal of the request_queue, the issue is still possible to
-reproduce, its however just a bit more difficult.
-
-We essentially run two instances of break-blktrace which add/remove
-a loop device, and setup a blktrace and just never tear the blktrace
-down. We do this twice in parallel. This is easily reproduced with the
-script run_0004.sh from break-blktrace [0].
-
-We can end up with two types of panics each reflecting where we
-race, one a failed blktrace setup:
-
-[  252.426751] debugfs: Directory 'loop0' with parent 'block' already present!
-[  252.432265] BUG: kernel NULL pointer dereference, address: 00000000000000a0
-[  252.436592] #PF: supervisor write access in kernel mode
-[  252.439822] #PF: error_code(0x0002) - not-present page
-[  252.442967] PGD 0 P4D 0
-[  252.444656] Oops: 0002 [#1] SMP NOPTI
-[  252.446972] CPU: 10 PID: 1153 Comm: break-blktrace Tainted: G            E     5.7.0-rc2-next-20200420+ #164
-[  252.452673] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1 04/01/2014
-[  252.456343] RIP: 0010:down_write+0x15/0x40
-[  252.458146] Code: eb ca e8 ae 22 8d ff cc cc cc cc cc cc cc cc cc cc cc cc
-               cc cc 0f 1f 44 00 00 55 48 89 fd e8 52 db ff ff 31 c0 ba 01 00
-               00 00 <f0> 48 0f b1 55 00 75 0f 48 8b 04 25 c0 8b 01 00 48 89
-               45 08 5d
-[  252.463638] RSP: 0018:ffffa626415abcc8 EFLAGS: 00010246
-[  252.464950] RAX: 0000000000000000 RBX: ffff958c25f0f5c0 RCX: ffffff8100000000
-[  252.466727] RDX: 0000000000000001 RSI: ffffff8100000000 RDI: 00000000000000a0
-[  252.468482] RBP: 00000000000000a0 R08: 0000000000000000 R09: 0000000000000001
-[  252.470014] R10: 0000000000000000 R11: ffff958d1f9227ff R12: 0000000000000000
-[  252.471473] R13: ffff958c25ea5380 R14: ffffffff8cce15f1 R15: 00000000000000a0
-[  252.473346] FS:  00007f2e69dee540(0000) GS:ffff958c2fc80000(0000) knlGS:0000000000000000
-[  252.475225] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[  252.476267] CR2: 00000000000000a0 CR3: 0000000427d10004 CR4: 0000000000360ee0
-[  252.477526] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
-[  252.478776] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
-[  252.479866] Call Trace:
-[  252.480322]  simple_recursive_removal+0x4e/0x2e0
-[  252.481078]  ? debugfs_remove+0x60/0x60
-[  252.481725]  ? relay_destroy_buf+0x77/0xb0
-[  252.482662]  debugfs_remove+0x40/0x60
-[  252.483518]  blk_remove_buf_file_callback+0x5/0x10
-[  252.484328]  relay_close_buf+0x2e/0x60
-[  252.484930]  relay_open+0x1ce/0x2c0
-[  252.485520]  do_blk_trace_setup+0x14f/0x2b0
-[  252.486187]  __blk_trace_setup+0x54/0xb0
-[  252.486803]  blk_trace_ioctl+0x90/0x140
-[  252.487423]  ? do_sys_openat2+0x1ab/0x2d0
-[  252.488053]  blkdev_ioctl+0x4d/0x260
-[  252.488636]  block_ioctl+0x39/0x40
-[  252.489139]  ksys_ioctl+0x87/0xc0
-[  252.489675]  __x64_sys_ioctl+0x16/0x20
-[  252.490380]  do_syscall_64+0x52/0x180
-[  252.491032]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
-
-And the other on the device removal:
-
-[  128.528940] debugfs: Directory 'loop0' with parent 'block' already present!
-[  128.615325] BUG: kernel NULL pointer dereference, address: 00000000000000a0
-[  128.619537] #PF: supervisor write access in kernel mode
-[  128.622700] #PF: error_code(0x0002) - not-present page
-[  128.625842] PGD 0 P4D 0
-[  128.627585] Oops: 0002 [#1] SMP NOPTI
-[  128.629871] CPU: 12 PID: 544 Comm: break-blktrace Tainted: G            E     5.7.0-rc2-next-20200420+ #164
-[  128.635595] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1 04/01/2014
-[  128.640471] RIP: 0010:down_write+0x15/0x40
-[  128.643041] Code: eb ca e8 ae 22 8d ff cc cc cc cc cc cc cc cc cc cc cc cc
-               cc cc 0f 1f 44 00 00 55 48 89 fd e8 52 db ff ff 31 c0 ba 01 00
-               00 00 <f0> 48 0f b1 55 00 75 0f 65 48 8b 04 25 c0 8b 01 00 48 89
-               45 08 5d
-[  128.650180] RSP: 0018:ffffa9c3c05ebd78 EFLAGS: 00010246
-[  128.651820] RAX: 0000000000000000 RBX: ffff8ae9a6370240 RCX: ffffff8100000000
-[  128.653942] RDX: 0000000000000001 RSI: ffffff8100000000 RDI: 00000000000000a0
-[  128.655720] RBP: 00000000000000a0 R08: 0000000000000002 R09: ffff8ae9afd2d3d0
-[  128.657400] R10: 0000000000000056 R11: 0000000000000000 R12: 0000000000000000
-[  128.659099] R13: 0000000000000000 R14: 0000000000000003 R15: 00000000000000a0
-[  128.660500] FS:  00007febfd995540(0000) GS:ffff8ae9afd00000(0000) knlGS:0000000000000000
-[  128.662204] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
-[  128.663426] CR2: 00000000000000a0 CR3: 0000000420042003 CR4: 0000000000360ee0
-[  128.664776] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
-[  128.666022] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
-[  128.667282] Call Trace:
-[  128.667801]  simple_recursive_removal+0x4e/0x2e0
-[  128.668663]  ? debugfs_remove+0x60/0x60
-[  128.669368]  debugfs_remove+0x40/0x60
-[  128.669985]  blk_trace_free+0xd/0x50
-[  128.670593]  __blk_trace_remove+0x27/0x40
-[  128.671274]  blk_trace_shutdown+0x30/0x40
-[  128.671935]  blk_release_queue+0x95/0xf0
-[  128.672589]  kobject_put+0xa5/0x1b0
-[  128.673188]  disk_release+0xa2/0xc0
-[  128.673786]  device_release+0x28/0x80
-[  128.674376]  kobject_put+0xa5/0x1b0
-[  128.674915]  loop_remove+0x39/0x50 [loop]
-[  128.675511]  loop_control_ioctl+0x113/0x130 [loop]
-[  128.676199]  ksys_ioctl+0x87/0xc0
-[  128.676708]  __x64_sys_ioctl+0x16/0x20
-[  128.677274]  do_syscall_64+0x52/0x180
-[  128.677823]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
-
-The common theme here is:
-
-debugfs: Directory 'loop0' with parent 'block' already present
-
-This crash happens because of how blktrace uses the debugfs directory
-where it places its files. Upon init we always create the same directory
-which would be needed by blktrace but we only do this for make_request
-drivers (multiqueue) block drivers. When you race a removal of these
-devices with a blktrace setup you end up in a situation where the
-make_request recursive debugfs removal will sweep away the blktrace
-files and then later blktrace will also try to remove individual
-dentries which are already NULL. The inverse is also possible and hence
-the two types of use after frees.
-
-We don't create the block debugfs directory on init for these types of
-block devices:
-
-  * request-based block driver block devices
-  * every possible partition
-  * scsi-generic
-
-And so, this race should in theory only be possible with make_request
-drivers.
-
-We can fix the UAF by simply re-using the debugfs directory for
-make_request drivers (multiqueue) and only creating the ephemeral
-directory for the other type of block devices. The new clarifications
-on relying on the q->blk_trace_mutex *and* also checking for q->blk_trace
-*prior* to processing a blktrace ensures the debugfs directories are
-only created if no possible directory name clashes are possible.
-
-This goes tested with:
-
-  o nvme partitions
-  o ISCSI with tgt, and blktracing against scsi-generic with:
-    o block
-    o tape
-    o cdrom
-    o media changer
-  o blktests
-
-This patch is part of the work which disputes the severity of
-CVE-2019-19770 which shows this issue is not a core debugfs issue, but
-a misuse of debugfs within blktace.
-
-Fixes: 6ac93117ab00 ("blktrace: use existing disk debugfs directory")
-Reported-by: syzbot+603294af2d01acfdd6da@syzkaller.appspotmail.com
-Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
-Reviewed-by: Christoph Hellwig <hch@lst.de>
-Cc: Bart Van Assche <bvanassche@acm.org>
-Cc: Omar Sandoval <osandov@fb.com>
-Cc: Hannes Reinecke <hare@suse.com>
-Cc: Nicolai Stange <nstange@suse.de>
-Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-Cc: Michal Hocko <mhocko@kernel.org>
-Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
-Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
-Cc: yu kuai <yukuai3@huawei.com>
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
-
-diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
-index 5a88a6b55933..e27dee345d81 100644
---- a/kernel/trace/blktrace.c
-+++ b/kernel/trace/blktrace.c
-@@ -524,10 +524,18 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev,
- 	if (!bt->msg_data)
- 		goto err;
- 
--	ret = -ENOENT;
--
--	dir = debugfs_lookup(buts->name, blk_debugfs_root);
--	if (!dir)
-+#ifdef CONFIG_BLK_DEBUG_FS
-+	/*
-+	 * When tracing whole make_request drivers (multiqueue) block devices,
-+	 * reuse the existing debugfs directory created by the block layer on
-+	 * init. For request-based block devices, all partitions block devices,
-+	 * and scsi-generic block devices we create a temporary new debugfs
-+	 * directory that will be removed once the trace ends.
-+	 */
-+	if (queue_is_mq(q) && bdev && bdev == bdev->bd_contains)
-+		dir = q->debugfs_dir;
-+	else
-+#endif
- 		bt->dir = dir = debugfs_create_dir(buts->name, blk_debugfs_root);
- 
- 	bt->dev = dev;
-@@ -565,8 +573,6 @@ static int do_blk_trace_setup(struct request_queue *q, char *name, dev_t dev,
- 
- 	ret = 0;
- err:
--	if (dir && !bt->dir)
--		dput(dir);
- 	if (ret)
- 		blk_trace_free(bt);
- 	return ret;
--- 
-2.27.0
-
diff --git a/queue/nvme-rdma-fix-controller-reset-hang-during-traffic.patch b/queue/nvme-rdma-fix-controller-reset-hang-during-traffic.patch
deleted file mode 100644
index 5a6b3f39..00000000
--- a/queue/nvme-rdma-fix-controller-reset-hang-during-traffic.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 9f98772ba307dd89a3d17dc2589f213d3972fc64 Mon Sep 17 00:00:00 2001
-From: Sagi Grimberg <sagi@grimberg.me>
-Date: Mon, 27 Jul 2020 17:32:09 -0700
-Subject: [PATCH] nvme-rdma: fix controller reset hang during traffic
-
-commit 9f98772ba307dd89a3d17dc2589f213d3972fc64 upstream.
-
-commit fe35ec58f0d3 ("block: update hctx map when use multiple maps")
-exposed an issue where we may hang trying to wait for queue freeze
-during I/O. We call blk_mq_update_nr_hw_queues which in case of multiple
-queue maps (which we have now for default/read/poll) is attempting to
-freeze the queue. However we never started queue freeze when starting the
-reset, which means that we have inflight pending requests that entered the
-queue that we will not complete once the queue is quiesced.
-
-So start a freeze before we quiesce the queue, and unfreeze the queue
-after we successfully connected the I/O queues (and make sure to call
-blk_mq_update_nr_hw_queues only after we are sure that the queue was
-already frozen).
-
-This follows to how the pci driver handles resets.
-
-Fixes: fe35ec58f0d3 ("block: update hctx map when use multiple maps")
-Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
-Signed-off-by: Christoph Hellwig <hch@lst.de>
-
-diff --git a/drivers/nvme/host/rdma.c b/drivers/nvme/host/rdma.c
-index 5c3848974ccb..44c76ffbb264 100644
---- a/drivers/nvme/host/rdma.c
-+++ b/drivers/nvme/host/rdma.c
-@@ -967,15 +967,20 @@ static int nvme_rdma_configure_io_queues(struct nvme_rdma_ctrl *ctrl, bool new)
- 			ret = PTR_ERR(ctrl->ctrl.connect_q);
- 			goto out_free_tag_set;
- 		}
--	} else {
--		blk_mq_update_nr_hw_queues(&ctrl->tag_set,
--			ctrl->ctrl.queue_count - 1);
- 	}
- 
- 	ret = nvme_rdma_start_io_queues(ctrl);
- 	if (ret)
- 		goto out_cleanup_connect_q;
- 
-+	if (!new) {
-+		nvme_start_queues(&ctrl->ctrl);
-+		nvme_wait_freeze(&ctrl->ctrl);
-+		blk_mq_update_nr_hw_queues(ctrl->ctrl.tagset,
-+			ctrl->ctrl.queue_count - 1);
-+		nvme_unfreeze(&ctrl->ctrl);
-+	}
-+
- 	return 0;
- 
- out_cleanup_connect_q:
-@@ -1008,6 +1013,7 @@ static void nvme_rdma_teardown_io_queues(struct nvme_rdma_ctrl *ctrl,
- 		bool remove)
- {
- 	if (ctrl->ctrl.queue_count > 1) {
-+		nvme_start_freeze(&ctrl->ctrl);
- 		nvme_stop_queues(&ctrl->ctrl);
- 		nvme_rdma_stop_io_queues(ctrl);
- 		if (ctrl->ctrl.tagset) {
--- 
-2.27.0
-
diff --git a/queue/nvme-tcp-fix-controller-reset-hang-during-traffic.patch b/queue/nvme-tcp-fix-controller-reset-hang-during-traffic.patch
deleted file mode 100644
index 55278900..00000000
--- a/queue/nvme-tcp-fix-controller-reset-hang-during-traffic.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 2875b0aecabe2f081a8432e2bc85b85df0529490 Mon Sep 17 00:00:00 2001
-From: Sagi Grimberg <sagi@grimberg.me>
-Date: Fri, 24 Jul 2020 15:10:12 -0700
-Subject: [PATCH] nvme-tcp: fix controller reset hang during traffic
-
-commit 2875b0aecabe2f081a8432e2bc85b85df0529490 upstream.
-
-commit fe35ec58f0d3 ("block: update hctx map when use multiple maps")
-exposed an issue where we may hang trying to wait for queue freeze
-during I/O. We call blk_mq_update_nr_hw_queues which in case of multiple
-queue maps (which we have now for default/read/poll) is attempting to
-freeze the queue. However we never started queue freeze when starting the
-reset, which means that we have inflight pending requests that entered the
-queue that we will not complete once the queue is quiesced.
-
-So start a freeze before we quiesce the queue, and unfreeze the queue
-after we successfully connected the I/O queues (and make sure to call
-blk_mq_update_nr_hw_queues only after we are sure that the queue was
-already frozen).
-
-This follows to how the pci driver handles resets.
-
-Fixes: fe35ec58f0d3 ("block: update hctx map when use multiple maps")
-Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
-Signed-off-by: Christoph Hellwig <hch@lst.de>
-
-diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
-index 8c8fb65ca928..378c049e0a5e 100644
---- a/drivers/nvme/host/tcp.c
-+++ b/drivers/nvme/host/tcp.c
-@@ -1771,15 +1771,20 @@ static int nvme_tcp_configure_io_queues(struct nvme_ctrl *ctrl, bool new)
- 			ret = PTR_ERR(ctrl->connect_q);
- 			goto out_free_tag_set;
- 		}
--	} else {
--		blk_mq_update_nr_hw_queues(ctrl->tagset,
--			ctrl->queue_count - 1);
- 	}
- 
- 	ret = nvme_tcp_start_io_queues(ctrl);
- 	if (ret)
- 		goto out_cleanup_connect_q;
- 
-+	if (!new) {
-+		nvme_start_queues(ctrl);
-+		nvme_wait_freeze(ctrl);
-+		blk_mq_update_nr_hw_queues(ctrl->tagset,
-+			ctrl->queue_count - 1);
-+		nvme_unfreeze(ctrl);
-+	}
-+
- 	return 0;
- 
- out_cleanup_connect_q:
-@@ -1884,6 +1889,7 @@ static void nvme_tcp_teardown_io_queues(struct nvme_ctrl *ctrl,
- {
- 	if (ctrl->queue_count <= 1)
- 		return;
-+	nvme_start_freeze(ctrl);
- 	nvme_stop_queues(ctrl);
- 	nvme_tcp_stop_io_queues(ctrl);
- 	if (ctrl->tagset) {
--- 
-2.27.0
-
diff --git a/queue/ocfs2-fix-unbalanced-locking.patch b/queue/ocfs2-fix-unbalanced-locking.patch
deleted file mode 100644
index d6807335..00000000
--- a/queue/ocfs2-fix-unbalanced-locking.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 57c720d4144a9c2b88105c3e8f7b0e97e4b5cc93 Mon Sep 17 00:00:00 2001
-From: Pavel Machek <pavel@ucw.cz>
-Date: Thu, 6 Aug 2020 23:18:09 -0700
-Subject: [PATCH] ocfs2: fix unbalanced locking
-
-commit 57c720d4144a9c2b88105c3e8f7b0e97e4b5cc93 upstream.
-
-Based on what fails, function can return with nfs_sync_rwlock either
-locked or unlocked. That can not be right.
-
-Always return with lock unlocked on error.
-
-Fixes: 4cd9973f9ff6 ("ocfs2: avoid inode removal while nfsd is accessing it")
-Signed-off-by: Pavel Machek (CIP) <pavel@denx.de>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
-Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
-Cc: Mark Fasheh <mark@fasheh.com>
-Cc: Joel Becker <jlbec@evilplan.org>
-Cc: Junxiao Bi <junxiao.bi@oracle.com>
-Cc: Changwei Ge <gechangwei@live.cn>
-Cc: Gang He <ghe@suse.com>
-Cc: Jun Piao <piaojun@huawei.com>
-Link: http://lkml.kernel.org/r/20200724124443.GA28164@duo.ucw.cz
-Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
-diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c
-index 751bc4dc7466..8e3a369086db 100644
---- a/fs/ocfs2/dlmglue.c
-+++ b/fs/ocfs2/dlmglue.c
-@@ -2871,9 +2871,15 @@ int ocfs2_nfs_sync_lock(struct ocfs2_super *osb, int ex)
- 
- 	status = ocfs2_cluster_lock(osb, lockres, ex ? LKM_EXMODE : LKM_PRMODE,
- 				    0, 0);
--	if (status < 0)
-+	if (status < 0) {
- 		mlog(ML_ERROR, "lock on nfs sync lock failed %d\n", status);
- 
-+		if (ex)
-+			up_write(&osb->nfs_sync_rwlock);
-+		else
-+			up_read(&osb->nfs_sync_rwlock);
-+	}
-+
- 	return status;
- }
- 
--- 
-2.27.0
-
diff --git a/queue/regulator-fix-memory-leak-on-error-path-of-regulator.patch b/queue/regulator-fix-memory-leak-on-error-path-of-regulator.patch
deleted file mode 100644
index e028539e..00000000
--- a/queue/regulator-fix-memory-leak-on-error-path-of-regulator.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 9177514ce34902b3adb2abd490b6ad05d1cfcb43 Mon Sep 17 00:00:00 2001
-From: Vladimir Zapolskiy <vz@mleia.com>
-Date: Fri, 24 Jul 2020 03:50:13 +0300
-Subject: [PATCH] regulator: fix memory leak on error path of
- regulator_register()
-
-commit 9177514ce34902b3adb2abd490b6ad05d1cfcb43 upstream.
-
-The change corrects registration and deregistration on error path
-of a regulator, the problem was manifested by a reported memory
-leak on deferred probe:
-
-    as3722-regulator as3722-regulator: regulator 13 register failed -517
-
-    # cat /sys/kernel/debug/kmemleak
-    unreferenced object 0xecc43740 (size 64):
-      comm "swapper/0", pid 1, jiffies 4294937640 (age 712.880s)
-      hex dump (first 32 bytes):
-        72 65 67 75 6c 61 74 6f 72 2e 32 34 00 5a 5a 5a  regulator.24.ZZZ
-        5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
-      backtrace:
-        [<0c4c3d1c>] __kmalloc_track_caller+0x15c/0x2c0
-        [<40c0ad48>] kvasprintf+0x64/0xd4
-        [<109abd29>] kvasprintf_const+0x70/0x84
-        [<c4215946>] kobject_set_name_vargs+0x34/0xa8
-        [<62282ea2>] dev_set_name+0x40/0x64
-        [<a39b6757>] regulator_register+0x3a4/0x1344
-        [<16a9543f>] devm_regulator_register+0x4c/0x84
-        [<51a4c6a1>] as3722_regulator_probe+0x294/0x754
-        ...
-
-The memory leak problem was introduced as a side ef another fix in
-regulator_register() error path, I believe that the proper fix is
-to decouple device_register() function into its two compounds and
-initialize a struct device before assigning any values to its fields
-and then using it before actual registration of a device happens.
-
-This lets to call put_device() safely after initialization, and, since
-now a release callback is called, kfree(rdev->constraints) shall be
-removed to exclude a double free condition.
-
-Fixes: a3cde9534ebd ("regulator: core: fix regulator_register() error paths to properly release rdev")
-Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
-Cc: Wen Yang <wenyang@linux.alibaba.com>
-Link: https://lore.kernel.org/r/20200724005013.23278-1-vz@mleia.com
-Signed-off-by: Mark Brown <broonie@kernel.org>
-
-diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
-index 196e344a84d3..75ff7c563c5d 100644
---- a/drivers/regulator/core.c
-+++ b/drivers/regulator/core.c
-@@ -5092,7 +5092,6 @@ regulator_register(const struct regulator_desc *regulator_desc,
- 	struct regulator_dev *rdev;
- 	bool dangling_cfg_gpiod = false;
- 	bool dangling_of_gpiod = false;
--	bool reg_device_fail = false;
- 	struct device *dev;
- 	int ret, i;
- 
-@@ -5221,10 +5220,12 @@ regulator_register(const struct regulator_desc *regulator_desc,
- 	}
- 
- 	/* register with sysfs */
-+	device_initialize(&rdev->dev);
- 	rdev->dev.class = &regulator_class;
- 	rdev->dev.parent = dev;
- 	dev_set_name(&rdev->dev, "regulator.%lu",
- 		    (unsigned long) atomic_inc_return(&regulator_no));
-+	dev_set_drvdata(&rdev->dev, rdev);
- 
- 	/* set regulator constraints */
- 	if (init_data)
-@@ -5275,12 +5276,9 @@ regulator_register(const struct regulator_desc *regulator_desc,
- 	    !rdev->desc->fixed_uV)
- 		rdev->is_switch = true;
- 
--	dev_set_drvdata(&rdev->dev, rdev);
--	ret = device_register(&rdev->dev);
--	if (ret != 0) {
--		reg_device_fail = true;
-+	ret = device_add(&rdev->dev);
-+	if (ret != 0)
- 		goto unset_supplies;
--	}
- 
- 	rdev_init_debugfs(rdev);
- 
-@@ -5302,17 +5300,15 @@ regulator_register(const struct regulator_desc *regulator_desc,
- 	mutex_unlock(&regulator_list_mutex);
- wash:
- 	kfree(rdev->coupling_desc.coupled_rdevs);
--	kfree(rdev->constraints);
- 	mutex_lock(&regulator_list_mutex);
- 	regulator_ena_gpio_free(rdev);
- 	mutex_unlock(&regulator_list_mutex);
-+	put_device(&rdev->dev);
-+	rdev = NULL;
- clean:
- 	if (dangling_of_gpiod)
- 		gpiod_put(config->ena_gpiod);
--	if (reg_device_fail)
--		put_device(&rdev->dev);
--	else
--		kfree(rdev);
-+	kfree(rdev);
- 	kfree(config);
- rinse:
- 	if (dangling_cfg_gpiod)
--- 
-2.27.0
-
diff --git a/queue/series b/queue/series
index c022fe15..04c01468 100644
--- a/queue/series
+++ b/queue/series
@@ -10,7 +10,6 @@ arm64-dts-rockchip-fix-rk3399-puma-gmac-reset-gpio.patch
 EDAC-Fix-reference-count-leaks.patch
 crc-t10dif-Fix-potential-crypto-notify-dead-lock.patch
 arm64-dts-qcom-msm8916-Replace-invalid-bias-pull-non.patch
-blktrace-fix-debugfs-use-after-free.patch
 crypto-ccree-fix-resource-leak-on-error-path.patch
 ARM-exynos-MCPM-Restore-big.LITTLE-cpuidle-support.patch
 firmware-arm_scmi-Fix-SCMI-genpd-domain-probing.patch
@@ -28,13 +27,10 @@ ARM-dts-sunxi-bananapi-m2-plus-v1.2-Fix-CPU-supply-v.patch
 spi-lantiq-fix-Rx-overflow-error-in-full-duplex-mode.patch
 tpm-Require-that-all-digests-are-present-in-TCG_PCR_.patch
 recordmcount-only-record-relocation-of-type-R_AARCH6.patch
-regulator-fix-memory-leak-on-error-path-of-regulator.patch
 spi-rockchip-Fix-error-in-SPI-slave-pio-read.patch
 ARM-socfpga-PM-add-missing-put_device-call-in-socfpg.patch
 irqchip-ti-sci-inta-Fix-return-value-about-devm_iore.patch
 seccomp-Fix-ioctl-number-for-SECCOMP_IOCTL_NOTIF_ID_.patch
-nvme-tcp-fix-controller-reset-hang-during-traffic.patch
-nvme-rdma-fix-controller-reset-hang-during-traffic.patch
 nvme-multipath-fix-logic-for-non-optimized-paths.patch
 nvme-multipath-do-not-fall-back-to-__nvme_find_path-.patch
 drm-tilcdc-fix-leak-null-ref-in-panel_connector_get_.patch
@@ -136,12 +132,10 @@ drm-imx-tve-fix-regulator_disable-error-path.patch
 spi-lantiq-ssc-Fix-warning-by-using-WQ_MEM_RECLAIM.patch
 USB-serial-iuu_phoenix-fix-led-activity-helpers.patch
 usb-core-fix-quirks_param_set-writing-to-a-const-poi.patch
-thermal-ti-soc-thermal-Fix-reversed-condition-in-ti_.patch
 coresight-tmc-Fix-TMC-mode-read-in-tmc_read_unprepar.patch
 powerpc-perf-Fix-missing-is_sier_aviable-during-buil.patch
 phy-armada-38x-fix-NETA-lockup-when-repeatedly-switc.patch
 MIPS-OCTEON-add-missing-put_device-call-in-dwc3_octe.patch
-usb-dwc2-Fix-error-path-in-gadget-registration.patch
 usb-gadget-f_uac2-fix-AC-Interface-Header-Descriptor.patch
 scsi-mesh-Fix-panic-after-host-or-bus-reset.patch
 net-dsa-mv88e6xxx-MV88E6097-does-not-support-jumbo-c.patch
@@ -181,10 +175,8 @@ fsl-fman-check-dereferencing-null-pointer.patch
 fsl-fman-fix-eth-hash-table-allocation.patch
 net-thunderx-initialize-VF-s-mailbox-mutex-before-fi.patch
 dlm-Fix-kobject-memleak.patch
-ocfs2-fix-unbalanced-locking.patch
 pinctrl-single-fix-pcs_parse_pinconf-return-value.patch
 svcrdma-Fix-page-leak-in-svc_rdma_recv_read_chunk.patch
-SUNRPC-Fix-SUNRPC-Add-len-parameter-to-gss_unwrap.patch
 x86-fsgsbase-64-Fix-NULL-deref-in-86_fsgsbase_read_t.patch
 crypto-aesni-add-compatibility-with-IAS.patch
 drivers-net-wan-lapbether-Added-needed_headroom-and-.patch
@@ -198,7 +190,6 @@ USB-serial-cp210x-re-enable-auto-RTS-on-open.patch
 USB-serial-cp210x-enable-usb-generic-throttle-unthro.patch
 ALSA-hda-fix-the-micmute-led-status-for-Lenovo-Think.patch
 ALSA-usb-audio-Creative-USB-X-Fi-Pro-SB1095-volume-k.patch
-ALSA-usb-audio-fix-overeager-device-match-for-MacroS.patch
 ALSA-usb-audio-work-around-streaming-quirk-for-Macro.patch
 9p-Fix-memory-leak-in-v9fs_mount.patch
 media-media-request-Fix-crash-if-memory-allocation-f.patch
diff --git a/queue/thermal-ti-soc-thermal-Fix-reversed-condition-in-ti_.patch b/queue/thermal-ti-soc-thermal-Fix-reversed-condition-in-ti_.patch
deleted file mode 100644
index f78acc15..00000000
--- a/queue/thermal-ti-soc-thermal-Fix-reversed-condition-in-ti_.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 0f348db01fdf128813fdd659fcc339038fb421a4 Mon Sep 17 00:00:00 2001
-From: Dan Carpenter <dan.carpenter@oracle.com>
-Date: Tue, 16 Jun 2020 12:19:49 +0300
-Subject: [PATCH] thermal: ti-soc-thermal: Fix reversed condition in
- ti_thermal_expose_sensor()
-
-commit 0f348db01fdf128813fdd659fcc339038fb421a4 upstream.
-
-This condition is reversed and will cause breakage.
-
-Fixes: 7440f518dad9 ("thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR")
-Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
-Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
-Link: https://lore.kernel.org/r/20200616091949.GA11940@mwanda
-
-diff --git a/drivers/thermal/ti-soc-thermal/ti-thermal-common.c b/drivers/thermal/ti-soc-thermal/ti-thermal-common.c
-index 85776db4bf34..2ce4b19f312a 100644
---- a/drivers/thermal/ti-soc-thermal/ti-thermal-common.c
-+++ b/drivers/thermal/ti-soc-thermal/ti-thermal-common.c
-@@ -169,7 +169,7 @@ int ti_thermal_expose_sensor(struct ti_bandgap *bgp, int id,
- 
- 	data = ti_bandgap_get_sensor_data(bgp, id);
- 
--	if (!IS_ERR_OR_NULL(data))
-+	if (IS_ERR_OR_NULL(data))
- 		data = ti_thermal_build_data(bgp, id);
- 
- 	if (!data)
--- 
-2.27.0
-
diff --git a/queue/usb-dwc2-Fix-error-path-in-gadget-registration.patch b/queue/usb-dwc2-Fix-error-path-in-gadget-registration.patch
deleted file mode 100644
index 94cd7d14..00000000
--- a/queue/usb-dwc2-Fix-error-path-in-gadget-registration.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 33a06f1300a79cfd461cea0268f05e969d4f34ec Mon Sep 17 00:00:00 2001
-From: Marek Szyprowski <m.szyprowski@samsung.com>
-Date: Thu, 16 Jul 2020 14:09:48 +0200
-Subject: [PATCH] usb: dwc2: Fix error path in gadget registration
-
-commit 33a06f1300a79cfd461cea0268f05e969d4f34ec upstream.
-
-When gadget registration fails, one should not call usb_del_gadget_udc().
-Ensure this by setting gadget->udc to NULL. Also in case of a failure
-there is no need to disable low-level hardware, so return immiedetly
-instead of jumping to error_init label.
-
-This fixes the following kernel NULL ptr dereference on gadget failure
-(can be easily triggered with g_mass_storage without any module
-parameters):
-
-dwc2 12480000.hsotg: dwc2_check_params: Invalid parameter besl=1
-dwc2 12480000.hsotg: dwc2_check_params: Invalid parameter g_np_tx_fifo_size=1024
-dwc2 12480000.hsotg: EPs: 16, dedicated fifos, 7808 entries in SPRAM
-Mass Storage Function, version: 2009/09/11
-LUN: removable file: (no medium)
-no file given for LUN0
-g_mass_storage 12480000.hsotg: failed to start g_mass_storage: -22
-8<--- cut here ---
-Unable to handle kernel NULL pointer dereference at virtual address 00000104
-pgd = (ptrval)
-[00000104] *pgd=00000000
-Internal error: Oops: 805 [#1] PREEMPT SMP ARM
-Modules linked in:
-CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.8.0-rc5 #3133
-Hardware name: Samsung Exynos (Flattened Device Tree)
-Workqueue: events deferred_probe_work_func
-PC is at usb_del_gadget_udc+0x38/0xc4
-LR is at __mutex_lock+0x31c/0xb18
-...
-Process kworker/0:1 (pid: 12, stack limit = 0x(ptrval))
-Stack: (0xef121db0 to 0xef122000)
-...
-[<c076bf3c>] (usb_del_gadget_udc) from [<c0726bec>] (dwc2_hsotg_remove+0x10/0x20)
-[<c0726bec>] (dwc2_hsotg_remove) from [<c0711208>] (dwc2_driver_probe+0x57c/0x69c)
-[<c0711208>] (dwc2_driver_probe) from [<c06247c0>] (platform_drv_probe+0x6c/0xa4)
-[<c06247c0>] (platform_drv_probe) from [<c0621df4>] (really_probe+0x200/0x48c)
-[<c0621df4>] (really_probe) from [<c06221e8>] (driver_probe_device+0x78/0x1fc)
-[<c06221e8>] (driver_probe_device) from [<c061fcd4>] (bus_for_each_drv+0x74/0xb8)
-[<c061fcd4>] (bus_for_each_drv) from [<c0621b54>] (__device_attach+0xd4/0x16c)
-[<c0621b54>] (__device_attach) from [<c0620c98>] (bus_probe_device+0x88/0x90)
-[<c0620c98>] (bus_probe_device) from [<c06211b0>] (deferred_probe_work_func+0x3c/0xd0)
-[<c06211b0>] (deferred_probe_work_func) from [<c0149280>] (process_one_work+0x234/0x7dc)
-[<c0149280>] (process_one_work) from [<c014986c>] (worker_thread+0x44/0x51c)
-[<c014986c>] (worker_thread) from [<c0150b1c>] (kthread+0x158/0x1a0)
-[<c0150b1c>] (kthread) from [<c0100114>] (ret_from_fork+0x14/0x20)
-Exception stack(0xef121fb0 to 0xef121ff8)
-...
----[ end trace 9724c2fc7cc9c982 ]---
-
-While fixing this also fix the double call to dwc2_lowlevel_hw_disable()
-if dr_mode is set to USB_DR_MODE_PERIPHERAL. In such case low-level
-hardware is already disabled before calling usb_add_gadget_udc(). That
-function correctly preserves low-level hardware state, there is no need
-for the second unconditional dwc2_lowlevel_hw_disable() call.
-
-Fixes: 207324a321a8 ("usb: dwc2: Postponed gadget registration to the udc class driver")
-Acked-by: Minas Harutyunyan <hminas@synopsys.com>
-Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
-Signed-off-by: Felipe Balbi <balbi@kernel.org>
-
-diff --git a/drivers/usb/dwc2/platform.c b/drivers/usb/dwc2/platform.c
-index 8fea5f1f60ab..68b56b43a45e 100644
---- a/drivers/usb/dwc2/platform.c
-+++ b/drivers/usb/dwc2/platform.c
-@@ -591,6 +591,7 @@ static int dwc2_driver_probe(struct platform_device *dev)
- 	if (hsotg->gadget_enabled) {
- 		retval = usb_add_gadget_udc(hsotg->dev, &hsotg->gadget);
- 		if (retval) {
-+			hsotg->gadget.udc = NULL;
- 			dwc2_hsotg_remove(hsotg);
- 			goto error_init;
- 		}
-@@ -602,7 +603,8 @@ static int dwc2_driver_probe(struct platform_device *dev)
- 	if (hsotg->params.activate_stm_id_vb_detection)
- 		regulator_disable(hsotg->usb33d);
- error:
--	dwc2_lowlevel_hw_disable(hsotg);
-+	if (hsotg->dr_mode != USB_DR_MODE_PERIPHERAL)
-+		dwc2_lowlevel_hw_disable(hsotg);
- 	return retval;
- }
- 
--- 
-2.27.0
-