Merge 6.6.47 into android15-6.6-lts

Changes in 6.6.47
	exec: Fix ToCToU between perm check and set-uid/gid usage
	ASoC: topology: Clean up route loading
	ASoC: topology: Fix route memory corruption
	LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h
	NFSD: Rewrite synopsis of nfsd_percpu_counters_init()
	NFSD: Fix frame size warning in svc_export_parse()
	sunrpc: don't change ->sv_stats if it doesn't exist
	nfsd: stop setting ->pg_stats for unused stats
	sunrpc: pass in the sv_stats struct through svc_create_pooled
	sunrpc: remove ->pg_stats from svc_program
	sunrpc: use the struct net as the svc proc private
	nfsd: rename NFSD_NET_* to NFSD_STATS_*
	nfsd: expose /proc/net/sunrpc/nfsd in net namespaces
	nfsd: make all of the nfsd stats per-network namespace
	nfsd: remove nfsd_stats, make th_cnt a global counter
	nfsd: make svc_stat per-network namespace instead of global
	mm: gup: stop abusing try_grab_folio
	nvme/pci: Add APST quirk for Lenovo N60z laptop
	genirq/cpuhotplug: Skip suspended interrupts when restoring affinity
	genirq/cpuhotplug: Retry with cpu_online_mask when migration fails
	cgroup: Make operations on the cgroup root_list RCU safe
	tcp_metrics: optimize tcp_metrics_flush_all()
	wifi: mac80211: take wiphy lock for MAC addr change
	wifi: mac80211: fix change_address deadlock during unregister
	fs: Convert to bdev_open_by_dev()
	jfs: Convert to bdev_open_by_dev()
	jfs: fix log->bdev_handle null ptr deref in lbmStartIO
	net: don't dump stack on queue timeout
	jfs: fix shift-out-of-bounds in dbJoin
	squashfs: squashfs_read_data need to check if the length is 0
	Squashfs: fix variable overflow triggered by sysbot
	reiserfs: fix uninit-value in comp_keys
	erofs: avoid debugging output for (de)compressed data
	net: tls, add test to capture error on large splice
	Input: bcm5974 - check endpoint type before starting traffic
	quota: Detect loops in quota tree
	net:rds: Fix possible deadlock in rds_message_put
	net: sctp: fix skb leak in sctp_inq_free()
	pppoe: Fix memory leak in pppoe_sendmsg()
	bpf: Replace bpf_lpm_trie_key 0-length array with flexible array
	bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie.
	fs: Annotate struct file_handle with __counted_by() and use struct_size()
	mISDN: fix MISDN_TIME_STAMP handling
	net: add copy_safe_from_sockptr() helper
	nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
	Bluetooth: RFCOMM: Fix not validating setsockopt user input
	ext4: fold quota accounting into ext4_xattr_inode_lookup_create()
	ext4: do not create EA inode under buffer lock
	mm/page_table_check: support userfault wr-protect entries
	wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
	ext4: convert ext4_da_do_write_end() to take a folio
	ext4: sanity check for NULL pointer after ext4_force_shutdown
	bpf, net: Use DEV_STAT_INC()
	f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
	f2fs: fix to cover read extent cache access with lock
	fou: remove warn in gue_gro_receive on unsupported protocol
	jfs: fix null ptr deref in dtInsertEntry
	jfs: Fix shift-out-of-bounds in dbDiscardAG
	fs/ntfs3: Do copy_to_user out of run_lock
	ALSA: usb: Fix UBSAN warning in parse_audio_unit()
	binfmt_flat: Fix corruption when not offsetting data start
	Revert "jfs: fix shift-out-of-bounds in dbJoin"
	Revert "Input: bcm5974 - check endpoint type before starting traffic"
	mm/debug_vm_pgtable: drop RANDOM_ORVALUE trick
	cgroup: Move rcu_head up near the top of cgroup_root
	KVM: arm64: Don't defer TLB invalidation when zapping table entries
	KVM: arm64: Don't pass a TLBI level hint when zapping table entries
	media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()"
	Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error"
	Linux 6.6.47

Change-Id: I0983528eca4e1890337b84b3b584e8a69e811063
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>