6.1-stable patches

added patches:
	alsa-hda-realtek-add-headset-mic-supported-acer-nb-platform.patch
	alsa-hda-realtek-fix-headset-mic-no-show-at-resume-back-for-lenovo-alc897-platform.patch
	alsa-hda-realtek-fix-mute-micmute-leds-for-hp-elitebook.patch
	drm-amd-display-handle-range-offsets-in-vrr-ranges.patch
	drm-amdgpu-pm-fix-the-error-of-pwm1_enable-setting.patch
	drm-i915-check-before-removing-mm-notifier.patch
	fs-aio-check-iocb_aio_rw-before-the-struct-aio_kiocb-conversion.patch
	i2c-i801-avoid-potential-double-call-to-gpiod_remove_lookup_table.patch
	iio-accel-adxl367-fix-devid-read-after-reset.patch
	iio-accel-adxl367-fix-i2c-fifo-data-register.patch
	mei-me-add-arrow-lake-point-h-did.patch
	mei-me-add-arrow-lake-point-s-did.patch
	misc-lis3lv02d_i2c-fix-regulators-getting-en-dis-abled-twice-on-suspend-resume.patch
	mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch
	serial-8250_dw-do-not-reclock-if-already-at-correct-rate.patch
	tee-optee-fix-kernel-panic-caused-by-incorrect-error-handling.patch
	tracing-use-.flush-call-to-wake-up-readers.patch
	tty-serial-fsl_lpuart-avoid-idle-preamble-pending-if-cts-is-enabled.patch
	usb-gadget-ncm-fix-handling-of-zero-block-length-packets.patch
	usb-port-don-t-try-to-peer-unused-usb-ports-based-on-location.patch
	usb-usb-storage-prevent-divide-by-0-error-in-isd200_ata_command.patch
	vt-fix-unicode-buffer-corruption-when-deleting-characters.patch

23 files changed, 1363 insertions, 0 deletions

diff --git a/queue-6.1/alsa-hda-realtek-add-headset-mic-supported-acer-nb-platform.patch b/queue-6.1/alsa-hda-realtek-add-headset-mic-supported-acer-nb-platform.patch
new file mode 100644
index 0000000000..fc55ace3b5
--- /dev/null
+++ b/queue-6.1/alsa-hda-realtek-add-headset-mic-supported-acer-nb-platform.patch
@@ -0,0 +1,31 @@
+From 34ab5bbc6e82214d7f7393eba26d164b303ebb4e Mon Sep 17 00:00:00 2001
+From: Kailang Yang <kailang@realtek.com>
+Date: Fri, 1 Mar 2024 15:04:02 +0800
+Subject: ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
+
+From: Kailang Yang <kailang@realtek.com>
+
+commit 34ab5bbc6e82214d7f7393eba26d164b303ebb4e upstream.
+
+It will be enable headset Mic for Acer NB platform.
+
+Signed-off-by: Kailang Yang <kailang@realtek.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/fe0eb6661ca240f3b7762b5b3257710d@realtek.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -10750,6 +10750,8 @@ static const struct snd_hda_pin_quirk al
+  *   at most one tbl is allowed to define for the same vendor and same codec
+  */
+ static const struct snd_hda_pin_quirk alc269_fallback_pin_fixup_tbl[] = {
++	SND_HDA_PIN_QUIRK(0x10ec0256, 0x1025, "Acer", ALC2XX_FIXUP_HEADSET_MIC,
++		{0x19, 0x40000000}),
+ 	SND_HDA_PIN_QUIRK(0x10ec0289, 0x1028, "Dell", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE,
+ 		{0x19, 0x40000000},
+ 		{0x1b, 0x40000000}),
diff --git a/queue-6.1/alsa-hda-realtek-fix-headset-mic-no-show-at-resume-back-for-lenovo-alc897-platform.patch b/queue-6.1/alsa-hda-realtek-fix-headset-mic-no-show-at-resume-back-for-lenovo-alc897-platform.patch
new file mode 100644
index 0000000000..e99c9dcad2
--- /dev/null
+++ b/queue-6.1/alsa-hda-realtek-fix-headset-mic-no-show-at-resume-back-for-lenovo-alc897-platform.patch
@@ -0,0 +1,45 @@
+From d397b6e56151099cf3b1f7bfccb204a6a8591720 Mon Sep 17 00:00:00 2001
+From: Kailang Yang <kailang@realtek.com>
+Date: Fri, 1 Mar 2024 15:29:50 +0800
+Subject: ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
+
+From: Kailang Yang <kailang@realtek.com>
+
+commit d397b6e56151099cf3b1f7bfccb204a6a8591720 upstream.
+
+Headset Mic will no show at resume back.
+This patch will fix this issue.
+
+Fixes: d7f32791a9fc ("ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Kailang Yang <kailang@realtek.com>
+Link: https://lore.kernel.org/r/4713d48a372e47f98bba0c6120fd8254@realtek.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -11439,8 +11439,7 @@ static void alc897_hp_automute_hook(stru
+ 
+ 	snd_hda_gen_hp_automute(codec, jack);
+ 	vref = spec->gen.hp_jack_present ? (PIN_HP | AC_PINCTL_VREF_100) : PIN_HP;
+-	snd_hda_codec_write(codec, 0x1b, 0, AC_VERB_SET_PIN_WIDGET_CONTROL,
+-			    vref);
++	snd_hda_set_pin_ctl(codec, 0x1b, vref);
+ }
+ 
+ static void alc897_fixup_lenovo_headset_mic(struct hda_codec *codec,
+@@ -11449,6 +11448,10 @@ static void alc897_fixup_lenovo_headset_
+ 	struct alc_spec *spec = codec->spec;
+ 	if (action == HDA_FIXUP_ACT_PRE_PROBE) {
+ 		spec->gen.hp_automute_hook = alc897_hp_automute_hook;
++		spec->no_shutup_pins = 1;
++	}
++	if (action == HDA_FIXUP_ACT_PROBE) {
++		snd_hda_set_pin_ctl_cache(codec, 0x1a, PIN_IN | AC_PINCTL_VREF_100);
+ 	}
+ }
+ 
diff --git a/queue-6.1/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-elitebook.patch b/queue-6.1/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-elitebook.patch
new file mode 100644
index 0000000000..18246a325c
--- /dev/null
+++ b/queue-6.1/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-elitebook.patch
@@ -0,0 +1,35 @@
+From a17bd44c0146b00fcaa692915789c16bd1fb2a81 Mon Sep 17 00:00:00 2001
+From: Andy Chi <andy.chi@canonical.com>
+Date: Mon, 4 Mar 2024 21:40:32 +0800
+Subject: ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
+
+From: Andy Chi <andy.chi@canonical.com>
+
+commit a17bd44c0146b00fcaa692915789c16bd1fb2a81 upstream.
+
+The HP EliteBook using ALC236 codec which using 0x02 to
+control mute LED and 0x01 to control micmute LED.
+Therefore, add a quirk to make it works.
+
+Signed-off-by: Andy Chi <andy.chi@canonical.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20240304134033.773348-1-andy.chi@canonical.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -9792,6 +9792,10 @@ static const struct snd_pci_quirk alc269
+ 	SND_PCI_QUIRK(0x103c, 0x8c70, "HP EliteBook 835 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED),
+ 	SND_PCI_QUIRK(0x103c, 0x8c71, "HP EliteBook 845 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED),
+ 	SND_PCI_QUIRK(0x103c, 0x8c72, "HP EliteBook 865 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED),
++	SND_PCI_QUIRK(0x103c, 0x8c8a, "HP EliteBook 630", ALC236_FIXUP_HP_GPIO_LED),
++	SND_PCI_QUIRK(0x103c, 0x8c8c, "HP EliteBook 660", ALC236_FIXUP_HP_GPIO_LED),
++	SND_PCI_QUIRK(0x103c, 0x8c90, "HP EliteBook 640", ALC236_FIXUP_HP_GPIO_LED),
++	SND_PCI_QUIRK(0x103c, 0x8c91, "HP EliteBook 660", ALC236_FIXUP_HP_GPIO_LED),
+ 	SND_PCI_QUIRK(0x103c, 0x8c96, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
+ 	SND_PCI_QUIRK(0x103c, 0x8c97, "HP ZBook", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
+ 	SND_PCI_QUIRK(0x103c, 0x8ca1, "HP ZBook Power", ALC236_FIXUP_HP_GPIO_LED),
diff --git a/queue-6.1/drm-amd-display-handle-range-offsets-in-vrr-ranges.patch b/queue-6.1/drm-amd-display-handle-range-offsets-in-vrr-ranges.patch
new file mode 100644
index 0000000000..03b02787a1
--- /dev/null
+++ b/queue-6.1/drm-amd-display-handle-range-offsets-in-vrr-ranges.patch
@@ -0,0 +1,58 @@
+From 937844d661354bf142dc1c621396fdab10ecbacc Mon Sep 17 00:00:00 2001
+From: Alex Deucher <alexander.deucher@amd.com>
+Date: Wed, 28 Feb 2024 15:59:22 -0500
+Subject: drm/amd/display: handle range offsets in VRR ranges
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Alex Deucher <alexander.deucher@amd.com>
+
+commit 937844d661354bf142dc1c621396fdab10ecbacc upstream.
+
+Need to check the offset bits for values greater than 255.
+
+v2: also update amdgpu_dm_connector values.
+
+Suggested-by: Mano Ségransan <mano.segransan@protonmail.com>
+Tested-by: Mano Ségransan <mano.segransan@protonmail.com>
+Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3203
+Reviewed-by: Harry Wentland <harry.wentland@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c |   19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+@@ -10503,14 +10503,23 @@ void amdgpu_dm_update_freesync_caps(stru
+ 				if (range->flags != 1)
+ 					continue;
+ 
+-				amdgpu_dm_connector->min_vfreq = range->min_vfreq;
+-				amdgpu_dm_connector->max_vfreq = range->max_vfreq;
+-				amdgpu_dm_connector->pixel_clock_mhz =
+-					range->pixel_clock_mhz * 10;
+-
+ 				connector->display_info.monitor_range.min_vfreq = range->min_vfreq;
+ 				connector->display_info.monitor_range.max_vfreq = range->max_vfreq;
+ 
++				if (edid->revision >= 4) {
++					if (data->pad2 & DRM_EDID_RANGE_OFFSET_MIN_VFREQ)
++						connector->display_info.monitor_range.min_vfreq += 255;
++					if (data->pad2 & DRM_EDID_RANGE_OFFSET_MAX_VFREQ)
++						connector->display_info.monitor_range.max_vfreq += 255;
++				}
++
++				amdgpu_dm_connector->min_vfreq =
++					connector->display_info.monitor_range.min_vfreq;
++				amdgpu_dm_connector->max_vfreq =
++					connector->display_info.monitor_range.max_vfreq;
++				amdgpu_dm_connector->pixel_clock_mhz =
++					range->pixel_clock_mhz * 10;
++
+ 				break;
+ 			}
+ 
diff --git a/queue-6.1/drm-amdgpu-pm-fix-the-error-of-pwm1_enable-setting.patch b/queue-6.1/drm-amdgpu-pm-fix-the-error-of-pwm1_enable-setting.patch
new file mode 100644
index 0000000000..3de46a5642
--- /dev/null
+++ b/queue-6.1/drm-amdgpu-pm-fix-the-error-of-pwm1_enable-setting.patch
@@ -0,0 +1,55 @@
+From 0dafaf659cc463f2db0af92003313a8bc46781cd Mon Sep 17 00:00:00 2001
+From: Ma Jun <Jun.Ma2@amd.com>
+Date: Fri, 1 Mar 2024 15:36:58 +0800
+Subject: drm/amdgpu/pm: Fix the error of pwm1_enable setting
+
+From: Ma Jun <Jun.Ma2@amd.com>
+
+commit 0dafaf659cc463f2db0af92003313a8bc46781cd upstream.
+
+Fix the pwm_mode value error which used for
+pwm1_enable setting
+
+Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
+Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/pm/amdgpu_pm.c |   12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/pm/amdgpu_pm.c
++++ b/drivers/gpu/drm/amd/pm/amdgpu_pm.c
+@@ -2344,6 +2344,7 @@ static ssize_t amdgpu_hwmon_set_pwm1_ena
+ {
+ 	struct amdgpu_device *adev = dev_get_drvdata(dev);
+ 	int err, ret;
++	u32 pwm_mode;
+ 	int value;
+ 
+ 	if (amdgpu_in_reset(adev))
+@@ -2355,13 +2356,22 @@ static ssize_t amdgpu_hwmon_set_pwm1_ena
+ 	if (err)
+ 		return err;
+ 
++	if (value == 0)
++		pwm_mode = AMD_FAN_CTRL_NONE;
++	else if (value == 1)
++		pwm_mode = AMD_FAN_CTRL_MANUAL;
++	else if (value == 2)
++		pwm_mode = AMD_FAN_CTRL_AUTO;
++	else
++		return -EINVAL;
++
+ 	ret = pm_runtime_get_sync(adev_to_drm(adev)->dev);
+ 	if (ret < 0) {
+ 		pm_runtime_put_autosuspend(adev_to_drm(adev)->dev);
+ 		return ret;
+ 	}
+ 
+-	ret = amdgpu_dpm_set_fan_control_mode(adev, value);
++	ret = amdgpu_dpm_set_fan_control_mode(adev, pwm_mode);
+ 
+ 	pm_runtime_mark_last_busy(adev_to_drm(adev)->dev);
+ 	pm_runtime_put_autosuspend(adev_to_drm(adev)->dev);
diff --git a/queue-6.1/drm-i915-check-before-removing-mm-notifier.patch b/queue-6.1/drm-i915-check-before-removing-mm-notifier.patch
new file mode 100644
index 0000000000..03c3c57791
--- /dev/null
+++ b/queue-6.1/drm-i915-check-before-removing-mm-notifier.patch
@@ -0,0 +1,40 @@
+From 01bb1ae35006e473138c90711bad1a6b614a1823 Mon Sep 17 00:00:00 2001
+From: Nirmoy Das <nirmoy.das@intel.com>
+Date: Mon, 19 Feb 2024 13:50:47 +0100
+Subject: drm/i915: Check before removing mm notifier
+
+From: Nirmoy Das <nirmoy.das@intel.com>
+
+commit 01bb1ae35006e473138c90711bad1a6b614a1823 upstream.
+
+Error in mmu_interval_notifier_insert() can leave a NULL
+notifier.mm pointer. Catch that and return early.
+
+Fixes: ed29c2691188 ("drm/i915: Fix userptr so we do not have to worry about obj->mm.lock, v7.")
+Cc: <stable@vger.kernel.org> # v5.13+
+[tursulin: Added Fixes and cc stable.]
+Cc: Andi Shyti <andi.shyti@linux.intel.com>
+Cc: Shawn Lee <shawn.c.lee@intel.com>
+Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
+Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20240219125047.28906-1-nirmoy.das@intel.com
+Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
+(cherry picked from commit db7bbd13f08774cde0332c705f042e327fe21e73)
+Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/gem/i915_gem_userptr.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
++++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
+@@ -378,6 +378,9 @@ i915_gem_userptr_release(struct drm_i915
+ {
+ 	GEM_WARN_ON(obj->userptr.page_ref);
+ 
++	if (!obj->userptr.notifier.mm)
++		return;
++
+ 	mmu_interval_notifier_remove(&obj->userptr.notifier);
+ 	obj->userptr.notifier.mm = NULL;
+ }
diff --git a/queue-6.1/fs-aio-check-iocb_aio_rw-before-the-struct-aio_kiocb-conversion.patch b/queue-6.1/fs-aio-check-iocb_aio_rw-before-the-struct-aio_kiocb-conversion.patch
new file mode 100644
index 0000000000..a6ecaafc3f
--- /dev/null
+++ b/queue-6.1/fs-aio-check-iocb_aio_rw-before-the-struct-aio_kiocb-conversion.patch
@@ -0,0 +1,63 @@
+From 961ebd120565cb60cebe21cb634fbc456022db4a Mon Sep 17 00:00:00 2001
+From: Bart Van Assche <bvanassche@acm.org>
+Date: Mon, 4 Mar 2024 15:57:15 -0800
+Subject: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
+
+From: Bart Van Assche <bvanassche@acm.org>
+
+commit 961ebd120565cb60cebe21cb634fbc456022db4a upstream.
+
+The first kiocb_set_cancel_fn() argument may point at a struct kiocb
+that is not embedded inside struct aio_kiocb. With the current code,
+depending on the compiler, the req->ki_ctx read happens either before
+the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such
+that it is guaranteed that the IOCB_AIO_RW test happens first.
+
+Reported-by: Eric Biggers <ebiggers@kernel.org>
+Cc: Benjamin LaHaise <ben@communityfibre.ca>
+Cc: Eric Biggers <ebiggers@google.com>
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Avi Kivity <avi@scylladb.com>
+Cc: Sandeep Dhavale <dhavale@google.com>
+Cc: Jens Axboe <axboe@kernel.dk>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Cc: Kent Overstreet <kent.overstreet@linux.dev>
+Cc: stable@vger.kernel.org
+Fixes: b820de741ae4 ("fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio")
+Signed-off-by: Bart Van Assche <bvanassche@acm.org>
+Link: https://lore.kernel.org/r/20240304235715.3790858-1-bvanassche@acm.org
+Reviewed-by: Jens Axboe <axboe@kernel.dk>
+Reviewed-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/aio.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/fs/aio.c
++++ b/fs/aio.c
+@@ -591,8 +591,8 @@ static int aio_setup_ring(struct kioctx
+ 
+ void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel)
+ {
+-	struct aio_kiocb *req = container_of(iocb, struct aio_kiocb, rw);
+-	struct kioctx *ctx = req->ki_ctx;
++	struct aio_kiocb *req;
++	struct kioctx *ctx;
+ 	unsigned long flags;
+ 
+ 	/*
+@@ -602,9 +602,13 @@ void kiocb_set_cancel_fn(struct kiocb *i
+ 	if (!(iocb->ki_flags & IOCB_AIO_RW))
+ 		return;
+ 
++	req = container_of(iocb, struct aio_kiocb, rw);
++
+ 	if (WARN_ON_ONCE(!list_empty(&req->ki_list)))
+ 		return;
+ 
++	ctx = req->ki_ctx;
++
+ 	spin_lock_irqsave(&ctx->ctx_lock, flags);
+ 	list_add_tail(&req->ki_list, &ctx->active_reqs);
+ 	req->ki_cancel = cancel;
diff --git a/queue-6.1/i2c-i801-avoid-potential-double-call-to-gpiod_remove_lookup_table.patch b/queue-6.1/i2c-i801-avoid-potential-double-call-to-gpiod_remove_lookup_table.patch
new file mode 100644
index 0000000000..b673f56ee4
--- /dev/null
+++ b/queue-6.1/i2c-i801-avoid-potential-double-call-to-gpiod_remove_lookup_table.patch
@@ -0,0 +1,48 @@
+From ceb013b2d9a2946035de5e1827624edc85ae9484 Mon Sep 17 00:00:00 2001
+From: Heiner Kallweit <hkallweit1@gmail.com>
+Date: Mon, 4 Mar 2024 21:31:06 +0100
+Subject: i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
+
+From: Heiner Kallweit <hkallweit1@gmail.com>
+
+commit ceb013b2d9a2946035de5e1827624edc85ae9484 upstream.
+
+If registering the platform device fails, the lookup table is
+removed in the error path. On module removal we would try to
+remove the lookup table again. Fix this by setting priv->lookup
+only if registering the platform device was successful.
+In addition free the memory allocated for the lookup table in
+the error path.
+
+Fixes: d308dfbf62ef ("i2c: mux/i801: Switch to use descriptor passing")
+Cc: stable@vger.kernel.org
+Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
+Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
+Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/i2c/busses/i2c-i801.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/i2c/busses/i2c-i801.c
++++ b/drivers/i2c/busses/i2c-i801.c
+@@ -1422,7 +1422,6 @@ static void i801_add_mux(struct i801_pri
+ 		lookup->table[i] = GPIO_LOOKUP(mux_config->gpio_chip,
+ 					       mux_config->gpios[i], "mux", 0);
+ 	gpiod_add_lookup_table(lookup);
+-	priv->lookup = lookup;
+ 
+ 	/*
+ 	 * Register the mux device, we use PLATFORM_DEVID_NONE here
+@@ -1436,7 +1435,10 @@ static void i801_add_mux(struct i801_pri
+ 				sizeof(struct i2c_mux_gpio_platform_data));
+ 	if (IS_ERR(priv->mux_pdev)) {
+ 		gpiod_remove_lookup_table(lookup);
++		devm_kfree(dev, lookup);
+ 		dev_err(dev, "Failed to register i2c-mux-gpio device\n");
++	} else {
++		priv->lookup = lookup;
+ 	}
+ }
+ 
diff --git a/queue-6.1/iio-accel-adxl367-fix-devid-read-after-reset.patch b/queue-6.1/iio-accel-adxl367-fix-devid-read-after-reset.patch
new file mode 100644
index 0000000000..42e9b86d69
--- /dev/null
+++ b/queue-6.1/iio-accel-adxl367-fix-devid-read-after-reset.patch
@@ -0,0 +1,55 @@
+From 1b926914bbe4e30cb32f268893ef7d82a85275b8 Mon Sep 17 00:00:00 2001
+From: Cosmin Tanislav <demonsingur@gmail.com>
+Date: Wed, 7 Feb 2024 05:36:50 +0200
+Subject: iio: accel: adxl367: fix DEVID read after reset
+
+From: Cosmin Tanislav <demonsingur@gmail.com>
+
+commit 1b926914bbe4e30cb32f268893ef7d82a85275b8 upstream.
+
+regmap_read_poll_timeout() will not sleep before reading,
+causing the first read to return -ENXIO on I2C, since the
+chip does not respond to it while it is being reset.
+
+The datasheet specifies that a soft reset operation has a
+latency of 7.5ms.
+
+Add a 15ms sleep between reset and reading the DEVID register,
+and switch to a simple regmap_read() call.
+
+Fixes: cbab791c5e2a ("iio: accel: add ADXL367 driver")
+Signed-off-by: Cosmin Tanislav <demonsingur@gmail.com>
+Reviewed-by: Nuno Sa <nuno.sa@analog.com>
+Link: https://lore.kernel.org/r/20240207033657.206171-1-demonsingur@gmail.com
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iio/accel/adxl367.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/drivers/iio/accel/adxl367.c
++++ b/drivers/iio/accel/adxl367.c
+@@ -1444,9 +1444,11 @@ static int adxl367_verify_devid(struct a
+ 	unsigned int val;
+ 	int ret;
+ 
+-	ret = regmap_read_poll_timeout(st->regmap, ADXL367_REG_DEVID, val,
+-				       val == ADXL367_DEVID_AD, 1000, 10000);
++	ret = regmap_read(st->regmap, ADXL367_REG_DEVID, &val);
+ 	if (ret)
++		return dev_err_probe(st->dev, ret, "Failed to read dev id\n");
++
++	if (val != ADXL367_DEVID_AD)
+ 		return dev_err_probe(st->dev, -ENODEV,
+ 				     "Invalid dev id 0x%02X, expected 0x%02X\n",
+ 				     val, ADXL367_DEVID_AD);
+@@ -1543,6 +1545,8 @@ int adxl367_probe(struct device *dev, co
+ 	if (ret)
+ 		return ret;
+ 
++	fsleep(15000);
++
+ 	ret = adxl367_verify_devid(st);
+ 	if (ret)
+ 		return ret;
diff --git a/queue-6.1/iio-accel-adxl367-fix-i2c-fifo-data-register.patch b/queue-6.1/iio-accel-adxl367-fix-i2c-fifo-data-register.patch
new file mode 100644
index 0000000000..ffe4922e3f
--- /dev/null
+++ b/queue-6.1/iio-accel-adxl367-fix-i2c-fifo-data-register.patch
@@ -0,0 +1,42 @@
+From 11dadb631007324c7a8bcb2650eda88ed2b9eed0 Mon Sep 17 00:00:00 2001
+From: Cosmin Tanislav <demonsingur@gmail.com>
+Date: Wed, 7 Feb 2024 05:36:51 +0200
+Subject: iio: accel: adxl367: fix I2C FIFO data register
+
+From: Cosmin Tanislav <demonsingur@gmail.com>
+
+commit 11dadb631007324c7a8bcb2650eda88ed2b9eed0 upstream.
+
+As specified in the datasheet, the I2C FIFO data register is
+0x18, not 0x42. 0x42 was used by mistake when adapting the
+ADXL372 driver.
+
+Fix this mistake.
+
+Fixes: cbab791c5e2a ("iio: accel: add ADXL367 driver")
+Signed-off-by: Cosmin Tanislav <demonsingur@gmail.com>
+Reviewed-by: Nuno Sa <nuno.sa@analog.com>
+Link: https://lore.kernel.org/r/20240207033657.206171-2-demonsingur@gmail.com
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/iio/accel/adxl367_i2c.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/iio/accel/adxl367_i2c.c b/drivers/iio/accel/adxl367_i2c.c
+index b595fe94f3a3..62c74bdc0d77 100644
+--- a/drivers/iio/accel/adxl367_i2c.c
++++ b/drivers/iio/accel/adxl367_i2c.c
+@@ -11,7 +11,7 @@
+ 
+ #include "adxl367.h"
+ 
+-#define ADXL367_I2C_FIFO_DATA	0x42
++#define ADXL367_I2C_FIFO_DATA	0x18
+ 
+ struct adxl367_i2c_state {
+ 	struct regmap *regmap;
+-- 
+2.44.0
+
diff --git a/queue-6.1/mei-me-add-arrow-lake-point-h-did.patch b/queue-6.1/mei-me-add-arrow-lake-point-h-did.patch
new file mode 100644
index 0000000000..081356fd74
--- /dev/null
+++ b/queue-6.1/mei-me-add-arrow-lake-point-h-did.patch
@@ -0,0 +1,41 @@
+From 8436f25802ec028ac7254990893f3e01926d9b79 Mon Sep 17 00:00:00 2001
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+Date: Sun, 11 Feb 2024 12:39:12 +0200
+Subject: mei: me: add arrow lake point H DID
+
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+
+commit 8436f25802ec028ac7254990893f3e01926d9b79 upstream.
+
+Add Arrow Lake H device id.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Link: https://lore.kernel.org/r/20240211103912.117105-2-tomas.winkler@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/mei/hw-me-regs.h |    1 +
+ drivers/misc/mei/pci-me.c     |    1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/drivers/misc/mei/hw-me-regs.h
++++ b/drivers/misc/mei/hw-me-regs.h
+@@ -113,6 +113,7 @@
+ 
+ #define MEI_DEV_ID_MTL_M      0x7E70  /* Meteor Lake Point M */
+ #define MEI_DEV_ID_ARL_S      0x7F68  /* Arrow Lake Point S */
++#define MEI_DEV_ID_ARL_H      0x7770  /* Arrow Lake Point H */
+ 
+ /*
+  * MEI HW Section
+--- a/drivers/misc/mei/pci-me.c
++++ b/drivers/misc/mei/pci-me.c
+@@ -120,6 +120,7 @@ static const struct pci_device_id mei_me
+ 
+ 	{MEI_PCI_DEVICE(MEI_DEV_ID_MTL_M, MEI_ME_PCH15_CFG)},
+ 	{MEI_PCI_DEVICE(MEI_DEV_ID_ARL_S, MEI_ME_PCH15_CFG)},
++	{MEI_PCI_DEVICE(MEI_DEV_ID_ARL_H, MEI_ME_PCH15_CFG)},
+ 
+ 	/* required last entry */
+ 	{0, }
diff --git a/queue-6.1/mei-me-add-arrow-lake-point-s-did.patch b/queue-6.1/mei-me-add-arrow-lake-point-s-did.patch
new file mode 100644
index 0000000000..29cef928fd
--- /dev/null
+++ b/queue-6.1/mei-me-add-arrow-lake-point-s-did.patch
@@ -0,0 +1,41 @@
+From 7a9b9012043e126f6d6f4683e67409312d1b707b Mon Sep 17 00:00:00 2001
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+Date: Sun, 11 Feb 2024 12:39:11 +0200
+Subject: mei: me: add arrow lake point S DID
+
+From: Alexander Usyskin <alexander.usyskin@intel.com>
+
+commit 7a9b9012043e126f6d6f4683e67409312d1b707b upstream.
+
+Add Arrow Lake S device id.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
+Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
+Link: https://lore.kernel.org/r/20240211103912.117105-1-tomas.winkler@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/mei/hw-me-regs.h |    1 +
+ drivers/misc/mei/pci-me.c     |    1 +
+ 2 files changed, 2 insertions(+)
+
+--- a/drivers/misc/mei/hw-me-regs.h
++++ b/drivers/misc/mei/hw-me-regs.h
+@@ -112,6 +112,7 @@
+ #define MEI_DEV_ID_RPL_S      0x7A68  /* Raptor Lake Point S */
+ 
+ #define MEI_DEV_ID_MTL_M      0x7E70  /* Meteor Lake Point M */
++#define MEI_DEV_ID_ARL_S      0x7F68  /* Arrow Lake Point S */
+ 
+ /*
+  * MEI HW Section
+--- a/drivers/misc/mei/pci-me.c
++++ b/drivers/misc/mei/pci-me.c
+@@ -119,6 +119,7 @@ static const struct pci_device_id mei_me
+ 	{MEI_PCI_DEVICE(MEI_DEV_ID_RPL_S, MEI_ME_PCH15_CFG)},
+ 
+ 	{MEI_PCI_DEVICE(MEI_DEV_ID_MTL_M, MEI_ME_PCH15_CFG)},
++	{MEI_PCI_DEVICE(MEI_DEV_ID_ARL_S, MEI_ME_PCH15_CFG)},
+ 
+ 	/* required last entry */
+ 	{0, }
diff --git a/queue-6.1/misc-lis3lv02d_i2c-fix-regulators-getting-en-dis-abled-twice-on-suspend-resume.patch b/queue-6.1/misc-lis3lv02d_i2c-fix-regulators-getting-en-dis-abled-twice-on-suspend-resume.patch
new file mode 100644
index 0000000000..d018d499f6
--- /dev/null
+++ b/queue-6.1/misc-lis3lv02d_i2c-fix-regulators-getting-en-dis-abled-twice-on-suspend-resume.patch
@@ -0,0 +1,93 @@
+From ac3e0384073b2408d6cb0d972fee9fcc3776053d Mon Sep 17 00:00:00 2001
+From: Hans de Goede <hdegoede@redhat.com>
+Date: Tue, 20 Feb 2024 20:00:35 +0100
+Subject: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+commit ac3e0384073b2408d6cb0d972fee9fcc3776053d upstream.
+
+When not configured for wakeup lis3lv02d_i2c_suspend() will call
+lis3lv02d_poweroff() even if the device has already been turned off
+by the runtime-suspend handler and if configured for wakeup and
+the device is runtime-suspended at this point then it is not turned
+back on to serve as a wakeup source.
+
+Before commit b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting
+of the reg_ctrl callback"), lis3lv02d_poweroff() failed to disable
+the regulators which as a side effect made calling poweroff() twice ok.
+
+Now that poweroff() correctly disables the regulators, doing this twice
+triggers a WARN() in the regulator core:
+
+unbalanced disables for regulator-dummy
+WARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable
+...
+
+Fix lis3lv02d_i2c_suspend() to not call poweroff() a second time if
+already runtime-suspended and add a poweron() call when necessary to
+make wakeup work.
+
+lis3lv02d_i2c_resume() has similar issues, with an added weirness that
+it always powers on the device if it is runtime suspended, after which
+the first runtime-resume will call poweron() again, causing the enabled
+count for the regulator to increase by 1 every suspend/resume. These
+unbalanced regulator_enable() calls cause the regulator to never
+be turned off and trigger the following WARN() on driver unbind:
+
+WARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put
+
+Fix this by making lis3lv02d_i2c_resume() mirror the new suspend().
+
+Fixes: b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback")
+Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
+Closes: https://lore.kernel.org/regressions/5fc6da74-af0a-4aac-b4d5-a000b39a63a5@molgen.mpg.de/
+Cc: stable@vger.kernel.org
+Cc: regressions@lists.linux.dev
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Tested-by: Paul Menzel <pmenzel@molgen.mpg.de> # Dell XPS 15 7590
+Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
+Link: https://lore.kernel.org/r/20240220190035.53402-1-hdegoede@redhat.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/lis3lv02d/lis3lv02d_i2c.c |   21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+--- a/drivers/misc/lis3lv02d/lis3lv02d_i2c.c
++++ b/drivers/misc/lis3lv02d/lis3lv02d_i2c.c
+@@ -199,8 +199,14 @@ static int lis3lv02d_i2c_suspend(struct
+ 	struct i2c_client *client = to_i2c_client(dev);
+ 	struct lis3lv02d *lis3 = i2c_get_clientdata(client);
+ 
+-	if (!lis3->pdata || !lis3->pdata->wakeup_flags)
++	/* Turn on for wakeup if turned off by runtime suspend */
++	if (lis3->pdata && lis3->pdata->wakeup_flags) {
++		if (pm_runtime_suspended(dev))
++			lis3lv02d_poweron(lis3);
++	/* For non wakeup turn off if not already turned off by runtime suspend */
++	} else if (!pm_runtime_suspended(dev))
+ 		lis3lv02d_poweroff(lis3);
++
+ 	return 0;
+ }
+ 
+@@ -209,13 +215,12 @@ static int lis3lv02d_i2c_resume(struct d
+ 	struct i2c_client *client = to_i2c_client(dev);
+ 	struct lis3lv02d *lis3 = i2c_get_clientdata(client);
+ 
+-	/*
+-	 * pm_runtime documentation says that devices should always
+-	 * be powered on at resume. Pm_runtime turns them off after system
+-	 * wide resume is complete.
+-	 */
+-	if (!lis3->pdata || !lis3->pdata->wakeup_flags ||
+-		pm_runtime_suspended(dev))
++	/* Turn back off if turned on for wakeup and runtime suspended*/
++	if (lis3->pdata && lis3->pdata->wakeup_flags) {
++		if (pm_runtime_suspended(dev))
++			lis3lv02d_poweroff(lis3);
++	/* For non wakeup turn back on if not runtime suspended */
++	} else if (!pm_runtime_suspended(dev))
+ 		lis3lv02d_poweron(lis3);
+ 
+ 	return 0;
diff --git a/queue-6.1/mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch b/queue-6.1/mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch
new file mode 100644
index 0000000000..deada73556
--- /dev/null
+++ b/queue-6.1/mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch
@@ -0,0 +1,187 @@
+From 803de9000f334b771afacb6ff3e78622916668b0 Mon Sep 17 00:00:00 2001
+From: Vlastimil Babka <vbabka@suse.cz>
+Date: Wed, 21 Feb 2024 12:43:58 +0100
+Subject: mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
+
+From: Vlastimil Babka <vbabka@suse.cz>
+
+commit 803de9000f334b771afacb6ff3e78622916668b0 upstream.
+
+Sven reports an infinite loop in __alloc_pages_slowpath() for costly order
+__GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO.  Such combination
+can happen in a suspend/resume context where a GFP_KERNEL allocation can
+have __GFP_IO masked out via gfp_allowed_mask.
+
+Quoting Sven:
+
+1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER)
+   with __GFP_RETRY_MAYFAIL set.
+
+2. page alloc's __alloc_pages_slowpath tries to get a page from the
+   freelist. This fails because there is nothing free of that costly
+   order.
+
+3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim,
+   which bails out because a zone is ready to be compacted; it pretends
+   to have made a single page of progress.
+
+4. page alloc tries to compact, but this always bails out early because
+   __GFP_IO is not set (it's not passed by the snd allocator, and even
+   if it were, we are suspending so the __GFP_IO flag would be cleared
+   anyway).
+
+5. page alloc believes reclaim progress was made (because of the
+   pretense in item 3) and so it checks whether it should retry
+   compaction. The compaction retry logic thinks it should try again,
+   because:
+    a) reclaim is needed because of the early bail-out in item 4
+    b) a zonelist is suitable for compaction
+
+6. goto 2. indefinite stall.
+
+(end quote)
+
+The immediate root cause is confusing the COMPACT_SKIPPED returned from
+__alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be
+indicating a lack of order-0 pages, and in step 5 evaluating that in
+should_compact_retry() as a reason to retry, before incrementing and
+limiting the number of retries.  There are however other places that
+wrongly assume that compaction can happen while we lack __GFP_IO.
+
+To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO
+evaluation and switch the open-coded test in try_to_compact_pages() to use
+it.
+
+Also use the new helper in:
+- compaction_ready(), which will make reclaim not bail out in step 3, so
+  there's at least one attempt to actually reclaim, even if chances are
+  small for a costly order
+- in_reclaim_compaction() which will make should_continue_reclaim()
+  return false and we don't over-reclaim unnecessarily
+- in __alloc_pages_slowpath() to set a local variable can_compact,
+  which is then used to avoid retrying reclaim/compaction for costly
+  allocations (step 5) if we can't compact and also to skip the early
+  compaction attempt that we do in some cases
+
+Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz
+Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"")
+Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
+Reported-by: Sven van Ashbrook <svenva@chromium.org>
+Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBzPUVOZF%2Bg@mail.gmail.com/
+Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
+Cc: Brian Geffon <bgeffon@google.com>
+Cc: Curtis Malainey <cujomalainey@chromium.org>
+Cc: Jaroslav Kysela <perex@perex.cz>
+Cc: Mel Gorman <mgorman@techsingularity.net>
+Cc: Michal Hocko <mhocko@kernel.org>
+Cc: Takashi Iwai <tiwai@suse.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/gfp.h |    9 +++++++++
+ mm/compaction.c     |    7 +------
+ mm/page_alloc.c     |   10 ++++++----
+ mm/vmscan.c         |    5 ++++-
+ 4 files changed, 20 insertions(+), 11 deletions(-)
+
+--- a/include/linux/gfp.h
++++ b/include/linux/gfp.h
+@@ -341,6 +341,15 @@ bool gfp_pfmemalloc_allowed(gfp_t gfp_ma
+ extern void pm_restrict_gfp_mask(void);
+ extern void pm_restore_gfp_mask(void);
+ 
++/*
++ * Check if the gfp flags allow compaction - GFP_NOIO is a really
++ * tricky context because the migration might require IO.
++ */
++static inline bool gfp_compaction_allowed(gfp_t gfp_mask)
++{
++	return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO);
++}
++
+ extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma);
+ 
+ #ifdef CONFIG_PM_SLEEP
+--- a/mm/compaction.c
++++ b/mm/compaction.c
+@@ -2570,16 +2570,11 @@ enum compact_result try_to_compact_pages
+ 		unsigned int alloc_flags, const struct alloc_context *ac,
+ 		enum compact_priority prio, struct page **capture)
+ {
+-	int may_perform_io = (__force int)(gfp_mask & __GFP_IO);
+ 	struct zoneref *z;
+ 	struct zone *zone;
+ 	enum compact_result rc = COMPACT_SKIPPED;
+ 
+-	/*
+-	 * Check if the GFP flags allow compaction - GFP_NOIO is really
+-	 * tricky context because the migration might require IO
+-	 */
+-	if (!may_perform_io)
++	if (!gfp_compaction_allowed(gfp_mask))
+ 		return COMPACT_SKIPPED;
+ 
+ 	trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio);
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -5012,6 +5012,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, u
+ 						struct alloc_context *ac)
+ {
+ 	bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM;
++	bool can_compact = gfp_compaction_allowed(gfp_mask);
+ 	const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER;
+ 	struct page *page = NULL;
+ 	unsigned int alloc_flags;
+@@ -5090,7 +5091,7 @@ restart:
+ 	 * Don't try this for allocations that are allowed to ignore
+ 	 * watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen.
+ 	 */
+-	if (can_direct_reclaim &&
++	if (can_direct_reclaim && can_compact &&
+ 			(costly_order ||
+ 			   (order > 0 && ac->migratetype != MIGRATE_MOVABLE))
+ 			&& !gfp_pfmemalloc_allowed(gfp_mask)) {
+@@ -5188,9 +5189,10 @@ retry:
+ 
+ 	/*
+ 	 * Do not retry costly high order allocations unless they are
+-	 * __GFP_RETRY_MAYFAIL
++	 * __GFP_RETRY_MAYFAIL and we can compact
+ 	 */
+-	if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL))
++	if (costly_order && (!can_compact ||
++			     !(gfp_mask & __GFP_RETRY_MAYFAIL)))
+ 		goto nopage;
+ 
+ 	if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags,
+@@ -5203,7 +5205,7 @@ retry:
+ 	 * implementation of the compaction depends on the sufficient amount
+ 	 * of free memory (see __compaction_suitable)
+ 	 */
+-	if (did_some_progress > 0 &&
++	if (did_some_progress > 0 && can_compact &&
+ 			should_compact_retry(ac, order, alloc_flags,
+ 				compact_result, &compact_priority,
+ 				&compaction_retries))
+--- a/mm/vmscan.c
++++ b/mm/vmscan.c
+@@ -6024,7 +6024,7 @@ static void shrink_lruvec(struct lruvec
+ /* Use reclaim/compaction for costly allocs or under memory pressure */
+ static bool in_reclaim_compaction(struct scan_control *sc)
+ {
+-	if (IS_ENABLED(CONFIG_COMPACTION) && sc->order &&
++	if (gfp_compaction_allowed(sc->gfp_mask) && sc->order &&
+ 			(sc->order > PAGE_ALLOC_COSTLY_ORDER ||
+ 			 sc->priority < DEF_PRIORITY - 2))
+ 		return true;
+@@ -6266,6 +6266,9 @@ static inline bool compaction_ready(stru
+ 	unsigned long watermark;
+ 	enum compact_result suitable;
+ 
++	if (!gfp_compaction_allowed(sc->gfp_mask))
++		return false;
++
+ 	suitable = compaction_suitable(zone, sc->order, 0, sc->reclaim_idx);
+ 	if (suitable == COMPACT_SUCCESS)
+ 		/* Allocation should succeed already. Don't reclaim. */
diff --git a/queue-6.1/serial-8250_dw-do-not-reclock-if-already-at-correct-rate.patch b/queue-6.1/serial-8250_dw-do-not-reclock-if-already-at-correct-rate.patch
new file mode 100644
index 0000000000..478027724f
--- /dev/null
+++ b/queue-6.1/serial-8250_dw-do-not-reclock-if-already-at-correct-rate.patch
@@ -0,0 +1,50 @@
+From e5d6bd25f93d6ae158bb4cd04956cb497a85b8ef Mon Sep 17 00:00:00 2001
+From: Peter Collingbourne <pcc@google.com>
+Date: Thu, 22 Feb 2024 11:26:34 -0800
+Subject: serial: 8250_dw: Do not reclock if already at correct rate
+
+From: Peter Collingbourne <pcc@google.com>
+
+commit e5d6bd25f93d6ae158bb4cd04956cb497a85b8ef upstream.
+
+When userspace opens the console, we call set_termios() passing a
+termios with the console's configured baud rate. Currently this causes
+dw8250_set_termios() to disable and then re-enable the UART clock at
+the same frequency as it was originally. This can cause corruption
+of any concurrent console output. Fix it by skipping the reclocking
+if we are already at the correct rate.
+
+Signed-off-by: Peter Collingbourne <pcc@google.com>
+Fixes: 4e26b134bd17 ("serial: 8250_dw: clock rate handling for all ACPI platforms")
+Cc: stable@vger.kernel.org
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Link: https://lore.kernel.org/r/20240222192635.1050502-1-pcc@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/serial/8250/8250_dw.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/tty/serial/8250/8250_dw.c
++++ b/drivers/tty/serial/8250/8250_dw.c
+@@ -357,9 +357,9 @@ static void dw8250_set_termios(struct ua
+ 	long rate;
+ 	int ret;
+ 
+-	clk_disable_unprepare(d->clk);
+ 	rate = clk_round_rate(d->clk, newrate);
+-	if (rate > 0) {
++	if (rate > 0 && p->uartclk != rate) {
++		clk_disable_unprepare(d->clk);
+ 		/*
+ 		 * Note that any clock-notifer worker will block in
+ 		 * serial8250_update_uartclk() until we are done.
+@@ -367,8 +367,8 @@ static void dw8250_set_termios(struct ua
+ 		ret = clk_set_rate(d->clk, newrate);
+ 		if (!ret)
+ 			p->uartclk = rate;
++		clk_prepare_enable(d->clk);
+ 	}
+-	clk_prepare_enable(d->clk);
+ 
+ 	dw8250_do_set_termios(p, termios, old);
+ }
diff --git a/queue-6.1/series b/queue-6.1/series
index 8092f38007..911664b267 100644
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -152,3 +152,25 @@ xfrm-avoid-clang-fortify-warning-in-copy_to_user_tmpl.patch
 init-kconfig-lower-gcc-version-check-for-warray-bounds.patch
 kvm-x86-mark-target-gfn-of-emulated-atomic-instruction-as-dirty.patch
 kvm-svm-flush-pages-under-kvm-lock-to-fix-uaf-in-svm_register_enc_region.patch
+tracing-use-.flush-call-to-wake-up-readers.patch
+drm-amdgpu-pm-fix-the-error-of-pwm1_enable-setting.patch
+drm-i915-check-before-removing-mm-notifier.patch
+alsa-hda-realtek-fix-headset-mic-no-show-at-resume-back-for-lenovo-alc897-platform.patch
+usb-usb-storage-prevent-divide-by-0-error-in-isd200_ata_command.patch
+usb-gadget-ncm-fix-handling-of-zero-block-length-packets.patch
+usb-port-don-t-try-to-peer-unused-usb-ports-based-on-location.patch
+tty-serial-fsl_lpuart-avoid-idle-preamble-pending-if-cts-is-enabled.patch
+serial-8250_dw-do-not-reclock-if-already-at-correct-rate.patch
+misc-lis3lv02d_i2c-fix-regulators-getting-en-dis-abled-twice-on-suspend-resume.patch
+mei-me-add-arrow-lake-point-s-did.patch
+mei-me-add-arrow-lake-point-h-did.patch
+vt-fix-unicode-buffer-corruption-when-deleting-characters.patch
+fs-aio-check-iocb_aio_rw-before-the-struct-aio_kiocb-conversion.patch
+alsa-hda-realtek-add-headset-mic-supported-acer-nb-platform.patch
+alsa-hda-realtek-fix-mute-micmute-leds-for-hp-elitebook.patch
+tee-optee-fix-kernel-panic-caused-by-incorrect-error-handling.patch
+mm-vmscan-prevent-infinite-loop-for-costly-gfp_noio-__gfp_retry_mayfail-allocations.patch
+iio-accel-adxl367-fix-devid-read-after-reset.patch
+iio-accel-adxl367-fix-i2c-fifo-data-register.patch
+i2c-i801-avoid-potential-double-call-to-gpiod_remove_lookup_table.patch
+drm-amd-display-handle-range-offsets-in-vrr-ranges.patch
diff --git a/queue-6.1/tee-optee-fix-kernel-panic-caused-by-incorrect-error-handling.patch b/queue-6.1/tee-optee-fix-kernel-panic-caused-by-incorrect-error-handling.patch
new file mode 100644
index 0000000000..a911514993
--- /dev/null
+++ b/queue-6.1/tee-optee-fix-kernel-panic-caused-by-incorrect-error-handling.patch
@@ -0,0 +1,59 @@
+From 95915ba4b987cf2b222b0f251280228a1ff977ac Mon Sep 17 00:00:00 2001
+From: Sumit Garg <sumit.garg@linaro.org>
+Date: Fri, 1 Mar 2024 20:07:31 +0530
+Subject: tee: optee: Fix kernel panic caused by incorrect error handling
+
+From: Sumit Garg <sumit.garg@linaro.org>
+
+commit 95915ba4b987cf2b222b0f251280228a1ff977ac upstream.
+
+The error path while failing to register devices on the TEE bus has a
+bug leading to kernel panic as follows:
+
+[   15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c
+[   15.406913] Mem abort info:
+[   15.409722]   ESR = 0x0000000096000005
+[   15.413490]   EC = 0x25: DABT (current EL), IL = 32 bits
+[   15.418814]   SET = 0, FnV = 0
+[   15.421878]   EA = 0, S1PTW = 0
+[   15.425031]   FSC = 0x05: level 1 translation fault
+[   15.429922] Data abort info:
+[   15.432813]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
+[   15.438310]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
+[   15.443372]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
+[   15.448697] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000d9e3e000
+[   15.455413] [ffff07ed00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000
+[   15.464146] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
+
+Commit 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration")
+lead to the introduction of this bug. So fix it appropriately.
+
+Reported-by: Mikko Rapeli <mikko.rapeli@linaro.org>
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218542
+Fixes: 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration")
+Cc: stable@vger.kernel.org
+Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tee/optee/device.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/tee/optee/device.c
++++ b/drivers/tee/optee/device.c
+@@ -90,13 +90,14 @@ static int optee_register_device(const u
+ 	if (rc) {
+ 		pr_err("device registration failed, err: %d\n", rc);
+ 		put_device(&optee_device->dev);
++		return rc;
+ 	}
+ 
+ 	if (func == PTA_CMD_GET_DEVICES_SUPP)
+ 		device_create_file(&optee_device->dev,
+ 				   &dev_attr_need_supplicant);
+ 
+-	return rc;
++	return 0;
+ }
+ 
+ static int __optee_enumerate_devices(u32 func)
diff --git a/queue-6.1/tracing-use-.flush-call-to-wake-up-readers.patch b/queue-6.1/tracing-use-.flush-call-to-wake-up-readers.patch
new file mode 100644
index 0000000000..3eb4ca0d58
--- /dev/null
+++ b/queue-6.1/tracing-use-.flush-call-to-wake-up-readers.patch
@@ -0,0 +1,89 @@
+From e5d7c1916562f0e856eb3d6f569629fcd535fed2 Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
+Date: Fri, 8 Mar 2024 15:24:05 -0500
+Subject: tracing: Use .flush() call to wake up readers
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+commit e5d7c1916562f0e856eb3d6f569629fcd535fed2 upstream.
+
+The .release() function does not get called until all readers of a file
+descriptor are finished.
+
+If a thread is blocked on reading a file descriptor in ring_buffer_wait(),
+and another thread closes the file descriptor, it will not wake up the
+other thread as ring_buffer_wake_waiters() is called by .release(), and
+that will not get called until the .read() is finished.
+
+The issue originally showed up in trace-cmd, but the readers are actually
+other processes with their own file descriptors. So calling close() would wake
+up the other tasks because they are blocked on another descriptor then the
+one that was closed(). But there's other wake ups that solve that issue.
+
+When a thread is blocked on a read, it can still hang even when another
+thread closed its descriptor.
+
+This is what the .flush() callback is for. Have the .flush() wake up the
+readers.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20240308202432.107909457@goodmis.org
+
+Cc: stable@vger.kernel.org
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: linke li <lilinke99@qq.com>
+Cc: Rabin Vincent <rabin@rab.in>
+Fixes: f3ddb74ad0790 ("tracing: Wake up ring buffer waiters on closing of the file")
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/trace.c |   21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -8278,6 +8278,20 @@ tracing_buffers_read(struct file *filp,
+ 	return size;
+ }
+ 
++static int tracing_buffers_flush(struct file *file, fl_owner_t id)
++{
++	struct ftrace_buffer_info *info = file->private_data;
++	struct trace_iterator *iter = &info->iter;
++
++	iter->wait_index++;
++	/* Make sure the waiters see the new wait_index */
++	smp_wmb();
++
++	ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file);
++
++	return 0;
++}
++
+ static int tracing_buffers_release(struct inode *inode, struct file *file)
+ {
+ 	struct ftrace_buffer_info *info = file->private_data;
+@@ -8289,12 +8303,6 @@ static int tracing_buffers_release(struc
+ 
+ 	__trace_array_put(iter->tr);
+ 
+-	iter->wait_index++;
+-	/* Make sure the waiters see the new wait_index */
+-	smp_wmb();
+-
+-	ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file);
+-
+ 	if (info->spare)
+ 		ring_buffer_free_read_page(iter->array_buffer->buffer,
+ 					   info->spare_cpu, info->spare);
+@@ -8508,6 +8516,7 @@ static const struct file_operations trac
+ 	.read		= tracing_buffers_read,
+ 	.poll		= tracing_buffers_poll,
+ 	.release	= tracing_buffers_release,
++	.flush		= tracing_buffers_flush,
+ 	.splice_read	= tracing_buffers_splice_read,
+ 	.unlocked_ioctl = tracing_buffers_ioctl,
+ 	.llseek		= no_llseek,
diff --git a/queue-6.1/tty-serial-fsl_lpuart-avoid-idle-preamble-pending-if-cts-is-enabled.patch b/queue-6.1/tty-serial-fsl_lpuart-avoid-idle-preamble-pending-if-cts-is-enabled.patch
new file mode 100644
index 0000000000..4a7eff46cb
--- /dev/null
+++ b/queue-6.1/tty-serial-fsl_lpuart-avoid-idle-preamble-pending-if-cts-is-enabled.patch
@@ -0,0 +1,52 @@
+From 74cb7e0355fae9641f825afa389d3fba3b617714 Mon Sep 17 00:00:00 2001
+From: Sherry Sun <sherry.sun@nxp.com>
+Date: Tue, 5 Mar 2024 09:57:06 +0800
+Subject: tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Sherry Sun <sherry.sun@nxp.com>
+
+commit 74cb7e0355fae9641f825afa389d3fba3b617714 upstream.
+
+If the remote uart device is not connected or not enabled after booting
+up, the CTS line is high by default. At this time, if we enable the flow
+control when opening the device(for example, using “stty -F /dev/ttyLP4
+crtscts” command), there will be a pending idle preamble(first writing 0
+and then writing 1 to UARTCTRL_TE will queue an idle preamble) that
+cannot be sent out, resulting in the uart port fail to close(waiting for
+TX empty), so the user space stty will have to wait for a long time or
+forever.
+
+This is an LPUART IP bug(idle preamble has higher priority than CTS),
+here add a workaround patch to enable TX CTS after enabling UARTCTRL_TE,
+so that the idle preamble does not get stuck due to CTS is deasserted.
+
+Fixes: 380c966c093e ("tty: serial: fsl_lpuart: add 32-bit register interface support")
+Cc: stable <stable@kernel.org>
+Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
+Reviewed-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
+Link: https://lore.kernel.org/r/20240305015706.1050769-1-sherry.sun@nxp.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/serial/fsl_lpuart.c |    7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/drivers/tty/serial/fsl_lpuart.c
++++ b/drivers/tty/serial/fsl_lpuart.c
+@@ -2213,9 +2213,12 @@ lpuart32_set_termios(struct uart_port *p
+ 
+ 	lpuart32_write(&sport->port, bd, UARTBAUD);
+ 	lpuart32_serial_setbrg(sport, baud);
+-	lpuart32_write(&sport->port, modem, UARTMODIR);
+-	lpuart32_write(&sport->port, ctrl, UARTCTRL);
++	/* disable CTS before enabling UARTCTRL_TE to avoid pending idle preamble */
++	lpuart32_write(&sport->port, modem & ~UARTMODIR_TXCTSE, UARTMODIR);
+ 	/* restore control register */
++	lpuart32_write(&sport->port, ctrl, UARTCTRL);
++	/* re-enable the CTS if needed */
++	lpuart32_write(&sport->port, modem, UARTMODIR);
+ 
+ 	if ((ctrl & (UARTCTRL_PE | UARTCTRL_M)) == UARTCTRL_PE)
+ 		sport->is_cs7 = true;
diff --git a/queue-6.1/usb-gadget-ncm-fix-handling-of-zero-block-length-packets.patch b/queue-6.1/usb-gadget-ncm-fix-handling-of-zero-block-length-packets.patch
new file mode 100644
index 0000000000..dd4d3251ce
--- /dev/null
+++ b/queue-6.1/usb-gadget-ncm-fix-handling-of-zero-block-length-packets.patch
@@ -0,0 +1,63 @@
+From f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70 Mon Sep 17 00:00:00 2001
+From: Krishna Kurapati <quic_kriskura@quicinc.com>
+Date: Wed, 28 Feb 2024 17:24:41 +0530
+Subject: usb: gadget: ncm: Fix handling of zero block length packets
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Krishna Kurapati <quic_kriskura@quicinc.com>
+
+commit f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70 upstream.
+
+While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX
+set to 65536, it has been observed that we receive short packets,
+which come at interval of 5-10 seconds sometimes and have block
+length zero but still contain 1-2 valid datagrams present.
+
+According to the NCM spec:
+
+"If wBlockLength = 0x0000, the block is terminated by a
+short packet. In this case, the USB transfer must still
+be shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If
+exactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent,
+and the size is a multiple of wMaxPacketSize for the
+given pipe, then no ZLP shall be sent.
+
+wBlockLength= 0x0000 must be used with extreme care, because
+of the possibility that the host and device may get out of
+sync, and because of test issues.
+
+wBlockLength = 0x0000 allows the sender to reduce latency by
+starting to send a very large NTB, and then shortening it when
+the sender discovers that there’s not sufficient data to justify
+sending a large NTB"
+
+However, there is a potential issue with the current implementation,
+as it checks for the occurrence of multiple NTBs in a single
+giveback by verifying if the leftover bytes to be processed is zero
+or not. If the block length reads zero, we would process the same
+NTB infintely because the leftover bytes is never zero and it leads
+to a crash. Fix this by bailing out if block length reads zero.
+
+Cc: stable@vger.kernel.org
+Fixes: 427694cfaafa ("usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call")
+Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
+Reviewed-by: Maciej Żenczykowski <maze@google.com>
+Link: https://lore.kernel.org/r/20240228115441.2105585-1-quic_kriskura@quicinc.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/gadget/function/f_ncm.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/gadget/function/f_ncm.c
++++ b/drivers/usb/gadget/function/f_ncm.c
+@@ -1348,7 +1348,7 @@ parse_ntb:
+ 	if (to_process == 1 &&
+ 	    (*(unsigned char *)(ntb_ptr + block_len) == 0x00)) {
+ 		to_process--;
+-	} else if (to_process > 0) {
++	} else if ((to_process > 0) && (block_len != 0)) {
+ 		ntb_ptr = (unsigned char *)(ntb_ptr + block_len);
+ 		goto parse_ntb;
+ 	}
diff --git a/queue-6.1/usb-port-don-t-try-to-peer-unused-usb-ports-based-on-location.patch b/queue-6.1/usb-port-don-t-try-to-peer-unused-usb-ports-based-on-location.patch
new file mode 100644
index 0000000000..f597bb1fd9
--- /dev/null
+++ b/queue-6.1/usb-port-don-t-try-to-peer-unused-usb-ports-based-on-location.patch
@@ -0,0 +1,59 @@
+From 69c63350e573367f9c8594162288cffa8a26d0d1 Mon Sep 17 00:00:00 2001
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+Date: Fri, 23 Feb 2024 01:33:43 +0200
+Subject: usb: port: Don't try to peer unused USB ports based on location
+
+From: Mathias Nyman <mathias.nyman@linux.intel.com>
+
+commit 69c63350e573367f9c8594162288cffa8a26d0d1 upstream.
+
+Unused USB ports may have bogus location data in ACPI PLD tables.
+This causes port peering failures as these unused USB2 and USB3 ports
+location may match.
+
+Due to these failures the driver prints a
+"usb: port power management may be unreliable" warning, and
+unnecessarily blocks port power off during runtime suspend.
+
+This was debugged on a couple DELL systems where the unused ports
+all returned zeroes in their location data.
+Similar bugreports exist for other systems.
+
+Don't try to peer or match ports that have connect type set to
+USB_PORT_NOT_USED.
+
+Fixes: 3bfd659baec8 ("usb: find internal hub tier mismatch via acpi")
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218465
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218486
+Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
+Link: https://lore.kernel.org/linux-usb/5406d361-f5b7-4309-b0e6-8c94408f7d75@molgen.mpg.de
+Cc: stable@vger.kernel.org # v3.16+
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218490
+Link: https://lore.kernel.org/r/20240222233343.71856-1-mathias.nyman@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/core/port.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/drivers/usb/core/port.c
++++ b/drivers/usb/core/port.c
+@@ -534,7 +534,7 @@ static int match_location(struct usb_dev
+ 	struct usb_hub *peer_hub = usb_hub_to_struct_hub(peer_hdev);
+ 	struct usb_device *hdev = to_usb_device(port_dev->dev.parent->parent);
+ 
+-	if (!peer_hub)
++	if (!peer_hub || port_dev->connect_type == USB_PORT_NOT_USED)
+ 		return 0;
+ 
+ 	hcd = bus_to_hcd(hdev->bus);
+@@ -545,7 +545,8 @@ static int match_location(struct usb_dev
+ 
+ 	for (port1 = 1; port1 <= peer_hdev->maxchild; port1++) {
+ 		peer = peer_hub->ports[port1 - 1];
+-		if (peer && peer->location == port_dev->location) {
++		if (peer && peer->connect_type != USB_PORT_NOT_USED &&
++		    peer->location == port_dev->location) {
+ 			link_peers_report(port_dev, peer);
+ 			return 1; /* done */
+ 		}
diff --git a/queue-6.1/usb-usb-storage-prevent-divide-by-0-error-in-isd200_ata_command.patch b/queue-6.1/usb-usb-storage-prevent-divide-by-0-error-in-isd200_ata_command.patch
new file mode 100644
index 0000000000..4843a7bf41
--- /dev/null
+++ b/queue-6.1/usb-usb-storage-prevent-divide-by-0-error-in-isd200_ata_command.patch
@@ -0,0 +1,101 @@
+From 014bcf41d946b36a8f0b8e9b5d9529efbb822f49 Mon Sep 17 00:00:00 2001
+From: Alan Stern <stern@rowland.harvard.edu>
+Date: Thu, 29 Feb 2024 14:30:06 -0500
+Subject: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
+
+From: Alan Stern <stern@rowland.harvard.edu>
+
+commit 014bcf41d946b36a8f0b8e9b5d9529efbb822f49 upstream.
+
+The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values
+in the ATA ID information to calculate cylinder and head values when
+creating a CDB for READ or WRITE commands.  The calculation involves
+division and modulus operations, which will cause a crash if either of
+these values is 0.  While this never happens with a genuine device, it
+could happen with a flawed or subversive emulation, as reported by the
+syzbot fuzzer.
+
+Protect against this possibility by refusing to bind to the device if
+either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID
+information is 0.  This requires isd200_Initialization() to return a
+negative error code when initialization fails; currently it always
+returns 0 (even when there is an error).
+
+Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-and-tested-by: syzbot+28748250ab47a8f04100@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/linux-usb/0000000000003eb868061245ba7f@google.com/
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+Cc: stable@vger.kernel.org
+Reviewed-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
+Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
+Link: https://lore.kernel.org/r/b1e605ea-333f-4ac0-9511-da04f411763e@rowland.harvard.edu
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/storage/isd200.c |   23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+--- a/drivers/usb/storage/isd200.c
++++ b/drivers/usb/storage/isd200.c
+@@ -1105,7 +1105,7 @@ static void isd200_dump_driveid(struct u
+ static int isd200_get_inquiry_data( struct us_data *us )
+ {
+ 	struct isd200_info *info = (struct isd200_info *)us->extra;
+-	int retStatus = ISD200_GOOD;
++	int retStatus;
+ 	u16 *id = info->id;
+ 
+ 	usb_stor_dbg(us, "Entering isd200_get_inquiry_data\n");
+@@ -1137,6 +1137,13 @@ static int isd200_get_inquiry_data( stru
+ 				isd200_fix_driveid(id);
+ 				isd200_dump_driveid(us, id);
+ 
++				/* Prevent division by 0 in isd200_scsi_to_ata() */
++				if (id[ATA_ID_HEADS] == 0 || id[ATA_ID_SECTORS] == 0) {
++					usb_stor_dbg(us, "   Invalid ATA Identify data\n");
++					retStatus = ISD200_ERROR;
++					goto Done;
++				}
++
+ 				memset(&info->InquiryData, 0, sizeof(info->InquiryData));
+ 
+ 				/* Standard IDE interface only supports disks */
+@@ -1202,6 +1209,7 @@ static int isd200_get_inquiry_data( stru
+ 		}
+ 	}
+ 
++ Done:
+ 	usb_stor_dbg(us, "Leaving isd200_get_inquiry_data %08X\n", retStatus);
+ 
+ 	return(retStatus);
+@@ -1481,22 +1489,27 @@ static int isd200_init_info(struct us_da
+ 
+ static int isd200_Initialization(struct us_data *us)
+ {
++	int rc = 0;
++
+ 	usb_stor_dbg(us, "ISD200 Initialization...\n");
+ 
+ 	/* Initialize ISD200 info struct */
+ 
+-	if (isd200_init_info(us) == ISD200_ERROR) {
++	if (isd200_init_info(us) < 0) {
+ 		usb_stor_dbg(us, "ERROR Initializing ISD200 Info struct\n");
++		rc = -ENOMEM;
+ 	} else {
+ 		/* Get device specific data */
+ 
+-		if (isd200_get_inquiry_data(us) != ISD200_GOOD)
++		if (isd200_get_inquiry_data(us) != ISD200_GOOD) {
+ 			usb_stor_dbg(us, "ISD200 Initialization Failure\n");
+-		else
++			rc = -EINVAL;
++		} else {
+ 			usb_stor_dbg(us, "ISD200 Initialization complete\n");
++		}
+ 	}
+ 
+-	return 0;
++	return rc;
+ }
+ 
+ 
diff --git a/queue-6.1/vt-fix-unicode-buffer-corruption-when-deleting-characters.patch b/queue-6.1/vt-fix-unicode-buffer-corruption-when-deleting-characters.patch
new file mode 100644
index 0000000000..2b06df85eb
--- /dev/null
+++ b/queue-6.1/vt-fix-unicode-buffer-corruption-when-deleting-characters.patch
@@ -0,0 +1,34 @@
+From 1581dafaf0d34bc9c428a794a22110d7046d186d Mon Sep 17 00:00:00 2001
+From: Nicolas Pitre <nico@fluxnic.net>
+Date: Thu, 29 Feb 2024 17:15:27 -0500
+Subject: vt: fix unicode buffer corruption when deleting characters
+
+From: Nicolas Pitre <nico@fluxnic.net>
+
+commit 1581dafaf0d34bc9c428a794a22110d7046d186d upstream.
+
+This is the same issue that was fixed for the VGA text buffer in commit
+39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the
+buffer"). The cure is also the same i.e. replace memcpy() with memmove()
+due to the overlaping buffers.
+
+Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
+Fixes: 81732c3b2fed ("tty vt: Fix line garbage in virtual console on command line edition")
+Cc: stable <stable@kernel.org>
+Link: https://lore.kernel.org/r/sn184on2-3p0q-0qrq-0218-895349s4753o@syhkavp.arg
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/vt/vt.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/tty/vt/vt.c
++++ b/drivers/tty/vt/vt.c
+@@ -398,7 +398,7 @@ static void vc_uniscr_delete(struct vc_d
+ 		char32_t *ln = uniscr->lines[vc->state.y];
+ 		unsigned int x = vc->state.x, cols = vc->vc_cols;
+ 
+-		memcpy(&ln[x], &ln[x + nr], (cols - x - nr) * sizeof(*ln));
++		memmove(&ln[x], &ln[x + nr], (cols - x - nr) * sizeof(*ln));
+ 		memset32(&ln[cols - nr], ' ', nr);
+ 	}
+ }