Merge USB 4.20-rc8 mergepoint into usb-next

We need the USB changes in here for additional patches to be able to
apply cleanly.

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

1 files changed, 10 insertions, 3 deletions

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index fc760d00a38c..51ba84d4d34a 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -5102,9 +5102,16 @@ static int is_state_visited(struct bpf_verifier_env *env, int insn_idx)
         }
         new_sl->next = env->explored_states[insn_idx];
         env->explored_states[insn_idx] = new_sl;
-        /* connect new state to parentage chain */
-        for (i = 0; i < BPF_REG_FP; i++)
-                cur_regs(env)[i].parent = &new->frame[new->curframe]->regs[i];
+        /* connect new state to parentage chain. Current frame needs all
+         * registers connected. Only r6 - r9 of the callers are alive (pushed
+         * to the stack implicitly by JITs) so in callers' frames connect just
+         * r6 - r9 as an optimization. Callers will have r1 - r5 connected to
+         * the state of the call instruction (with WRITTEN set), and r0 comes
+         * from callee with its full parentage chain, anyway.
+         */
+        for (j = 0; j <= cur->curframe; j++)
+                for (i = j < cur->curframe ? BPF_REG_6 : 0; i < BPF_REG_FP; i++)
+                        cur->frame[j]->regs[i].parent = &new->frame[j]->regs[i];
         /* clear write marks in current state: the writes we did are not writes
          * our child did, so they don't screen off its reads from us.
          * (There are no read marks in current state, because reads always mark