Changelog in Linux kernel 6.11.9

 
9p: Avoid creating multiple slab caches with the same name [+ + +]
Author: Pedro Falcato <pedro.falcato@gmail.com>
Date:   Wed Aug 7 10:47:25 2024 +0100

    9p: Avoid creating multiple slab caches with the same name
    
    [ Upstream commit 79efebae4afc2221fa814c3cae001bede66ab259 ]
    
    In the spirit of [1], avoid creating multiple slab caches with the same
    name. Instead, add the dev_name into the mix.
    
    [1]: https://lore.kernel.org/all/20240807090746.2146479-1-pedro.falcato@gmail.com/
    
    Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
    Reported-by: syzbot+3c5d43e97993e1fa612b@syzkaller.appspotmail.com
    Message-ID: <20240807094725.2193423-1-pedro.falcato@gmail.com>
    Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

9p: fix slab cache name creation for real [+ + +]
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Mon Oct 21 11:57:38 2024 -0700

    9p: fix slab cache name creation for real
    
    commit a360f311f57a36e96d88fa8086b749159714dcd2 upstream.
    
    This was attempted by using the dev_name in the slab cache name, but as
    Omar Sandoval pointed out, that can be an arbitrary string, eg something
    like "/dev/root".  Which in turn trips verify_dirent_name(), which fails
    if a filename contains a slash.
    
    So just make it use a sequence counter, and make it an atomic_t to avoid
    any possible races or locking issues.
    
    Reported-and-tested-by: Omar Sandoval <osandov@fb.com>
    Link: https://lore.kernel.org/all/ZxafcO8KWMlXaeWE@telecaster.dhcp.thefacebook.com/
    Fixes: 79efebae4afc ("9p: Avoid creating multiple slab caches with the same name")
    Acked-by: Vlastimil Babka <vbabka@suse.cz>
    Cc: Dominique Martinet <asmadeus@codewreck.org>
    Cc: Thorsten Leemhuis <regressions@leemhuis.info>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

9p: v9fs_fid_find: also lookup by inode if not found dentry [+ + +]
Author: Dominique Martinet <asmadeus@codewreck.org>
Date:   Thu May 23 20:31:38 2024 +0900

    9p: v9fs_fid_find: also lookup by inode if not found dentry
    
    [ Upstream commit 38d222b3163f7b7d737e5d999ffc890a12870e36 ]
    
    It's possible for v9fs_fid_find "find by dentry" branch to not turn up
    anything despite having an entry set (because e.g. uid doesn't match),
    in which case the calling code will generally make an extra lookup
    to the server.
    
    In this case we might have had better luck looking by inode, so fall
    back to look up by inode if we have one and the lookup by dentry failed.
    
    Message-Id: <20240523210024.1214386-1-asmadeus@codewreck.org>
    Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
    Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
afs: Fix lock recursion [+ + +]
Author: David Howells <dhowells@redhat.com>
Date:   Thu Oct 17 11:58:52 2024 +0100

    afs: Fix lock recursion
    
    [ Upstream commit 610a79ffea02102899a1373fe226d949944a7ed6 ]
    
    afs_wake_up_async_call() can incur lock recursion.  The problem is that it
    is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to
    take a ref on the afs_call struct in order to pass it to a work queue - but
    if the afs_call is already queued, we then have an extraneous ref that must
    be put... calling afs_put_call() may call back down into AF_RXRPC through
    rxrpc_kernel_shutdown_call(), however, which might try taking the
    ->notify_lock again.
    
    This case isn't very common, however, so defer it to a workqueue.  The oops
    looks something like:
    
      BUG: spinlock recursion on CPU#0, krxrpcio/7001/1646
       lock: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0
      CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 Not tainted 6.12.0-rc2-build3+ #4351
      Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
      Call Trace:
       <TASK>
       dump_stack_lvl+0x47/0x70
       do_raw_spin_lock+0x3c/0x90
       rxrpc_kernel_shutdown_call+0x83/0xb0
       afs_put_call+0xd7/0x180
       rxrpc_notify_socket+0xa0/0x190
       rxrpc_input_split_jumbo+0x198/0x1d0
       rxrpc_input_data+0x14b/0x1e0
       ? rxrpc_input_call_packet+0xc2/0x1f0
       rxrpc_input_call_event+0xad/0x6b0
       rxrpc_input_packet_on_conn+0x1e1/0x210
       rxrpc_input_packet+0x3f2/0x4d0
       rxrpc_io_thread+0x243/0x410
       ? __pfx_rxrpc_io_thread+0x10/0x10
       kthread+0xcf/0xe0
       ? __pfx_kthread+0x10/0x10
       ret_from_fork+0x24/0x40
       ? __pfx_kthread+0x10/0x10
       ret_from_fork_asm+0x1a/0x30
       </TASK>
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    Link: https://lore.kernel.org/r/1394602.1729162732@warthog.procyon.org.uk
    cc: Marc Dionne <marc.dionne@auristor.com>
    cc: linux-afs@lists.infradead.org
    cc: linux-fsdevel@vger.kernel.org
    Signed-off-by: Christian Brauner <brauner@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects [+ + +]
Author: Baojun Xu <baojun.xu@ti.com>
Date:   Fri Oct 11 15:40:40 2024 +0800

    ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects
    
    [ Upstream commit 1e9c708dc3ae7226d5f9461540e3d583736af5f1 ]
    
    Add new vendor_id and subsystem_id in quirk for Lenovo, ASUS,
    and Dell projects.
    
    Signed-off-by: Baojun Xu <baojun.xu@ti.com>
    Link: https://patch.msgid.link/20241011074040.524-1-baojun.xu@ti.com
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA [+ + +]
Author: Christian Heusel <christian@heusel.eu>
Date:   Thu Oct 10 15:32:11 2024 +0200

    ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA
    
    [ Upstream commit 182fff3a2aafe4e7f3717a0be9df2fe2ed1a77de ]
    
    As reported the builtin microphone doesn't work on the ASUS Vivobook
    model S15 OLED M3502RA. Therefore add a quirk for it to make it work.
    
    Link: https://bugzilla.kernel.org/show_bug.cgi?id=219345
    Signed-off-by: Christian Heusel <christian@heusel.eu>
    Link: https://patch.msgid.link/20241010-bugzilla-219345-asus-vivobook-v1-1-3bb24834e2c3@heusel.eu
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA [+ + +]
Author: Ilya Dudikov <ilyadud@mail.ru>
Date:   Wed Oct 16 10:40:37 2024 +0700

    ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA
    
    [ Upstream commit b0867999e3282378a0b26a7ad200233044d31eca ]
    
    ASUS Vivobook E1404FA needs a quirks-table entry for the internal microphone to function properly.
    
    Signed-off-by: Ilya Dudikov <ilyadud@mail.ru>
    Link: https://patch.msgid.link/20241016034038.13481-1-ilyadud25@gmail.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: codecs: Fix error handling in aw_dev_get_dsp_status function [+ + +]
Author: Zhu Jun <zhujun2@cmss.chinamobile.com>
Date:   Wed Oct 9 00:39:38 2024 -0700

    ASoC: codecs: Fix error handling in aw_dev_get_dsp_status function
    
    [ Upstream commit 251ce34a446ef0e1d6acd65cf5947abd5d10b8b6 ]
    
    Added proper error handling for register value check that
    return -EPERM when register value does not meet expected condition
    
    Signed-off-by: Zhu Jun <zhujun2@cmss.chinamobile.com>
    Link: https://patch.msgid.link/20241009073938.7472-1-zhujun2@cmss.chinamobile.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: codecs: lpass-rx-macro: fix RXn(rx,n) macro for DSM_CTL and SEC7 regs [+ + +]
Author: Alexey Klimov <alexey.klimov@linaro.org>
Date:   Wed Oct 16 23:10:49 2024 +0100

    ASoC: codecs: lpass-rx-macro: fix RXn(rx,n) macro for DSM_CTL and SEC7 regs
    
    [ Upstream commit 9fc9ef05727ccb45fd881770f2aa5c3774b2e8e2 ]
    
    Turns out some registers of pre-2.5 version of rxmacro codecs are not
    located at the expected offsets but 0xc further away in memory. So far
    the detected registers are CDC_RX_RX2_RX_PATH_SEC7 and
    CDC_RX_RX2_RX_PATH_DSM_CTL.
    
    CDC_RX_RXn_RX_PATH_DSM_CTL(rx, n) macro incorrectly generates the address
    0x540 for RX2 but it should be 0x54C and it also overwrites
    CDC_RX_RX2_RX_PATH_SEC7 which is located at 0x540.
    The same goes for CDC_RX_RXn_RX_PATH_SEC7(rx, n).
    
    Fix this by introducing additional rxn_reg_stride2 offset. For 2.5 version
    and above this offset will be equal to 0.
    With such change the corresponding RXn() macros will generate the same
    values for 2.5 codec version for all RX paths and the same old values
    for pre-2.5 version for RX0 and RX1. However for the latter case with
    RX2 path it will also add rxn_reg_stride2 on top.
    
    While at this, also remove specific if-check for INTERP_AUX from
    rx_macro_digital_mute() and rx_macro_enable_interp_clk(). These if-check
    was used to handle such special offset for AUX interpolator but since
    CDC_RX_RXn_RX_PATH_SEC7(rx, n) and CDC_RX_RXn_RX_PATH_DSM_CTL(rx, n)
    macros will generate the correst addresses of dsm register, they are no
    longer needed.
    
    Cc: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
    Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
    Signed-off-by: Alexey Klimov <alexey.klimov@linaro.org>
    Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
    Link: https://patch.msgid.link/20241016221049.1145101-1-alexey.klimov@linaro.org
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: fsl_micfil: Add sample rate constraint [+ + +]
Author: Shengjiu Wang <shengjiu.wang@nxp.com>
Date:   Mon Oct 14 13:38:33 2024 +0800

    ASoC: fsl_micfil: Add sample rate constraint
    
    [ Upstream commit b9a8ecf81066e01e8a3de35517481bc5aa0439e5 ]
    
    On some platforms, for example i.MX93, there is only one
    audio PLL source, so some sample rate can't be supported.
    If the PLL source is used for 8kHz series rates, then 11kHz
    series rates can't be supported.
    
    So add constraints according to the frequency of available
    clock sources, then alsa-lib will help to convert the
    unsupported rate for the driver.
    
    Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
    Link: https://patch.msgid.link/1728884313-6778-1-git-send-email-shengjiu.wang@nxp.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: Intel: avs: Update stream status in a separate thread [+ + +]
Author: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
Date:   Tue Oct 8 10:37:58 2024 +0200

    ASoC: Intel: avs: Update stream status in a separate thread
    
    [ Upstream commit 0dbb186c3510cad4e9f443e801bf2e6ab5770c00 ]
    
    Function snd_pcm_period_elapsed() is part of sequence servicing HDAudio
    stream IRQs. It's called under Global Interrupt Enable (GIE) disabled -
    no HDAudio interrupts will be raised. At the same time, the function may
    end up calling __snd_pcm_xrun() or snd_pcm_drain_done(). On the
    avs-driver side, this translates to IPCs and as GIE is disabled, these
    will never complete successfully.
    
    Improve system stability by scheduling stream-IRQ handling in a separate
    thread.
    
    Signed-off-by: Amadeusz Sławiński <amadeuszx.slawinski@linux.intel.com>
    Reviewed-by: Cezary Rojewski <cezary.rojewski@intel.com>
    Link: https://patch.msgid.link/20241008083758.756578-1-amadeuszx.slawinski@linux.intel.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: Intel: soc-acpi: lnl: Add match entry for TM2 laptops [+ + +]
Author: Derek Fang <derek.fang@realtek.com>
Date:   Wed Oct 16 11:07:03 2024 +0800

    ASoC: Intel: soc-acpi: lnl: Add match entry for TM2 laptops
    
    [ Upstream commit 6924565a04e5f424c95e6d894584e3059f257373 ]
    
    Add a new match table entry on Lunarlake for the TM2 laptops
    with rt713 and rt1318.
    
    Signed-off-by: Derek Fang <derek.fang@realtek.com>
    Reviewed-by: Péter Ujfalusi <peter.ujfalusi@linux.intel.com>
    Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
    Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
    Link: https://patch.msgid.link/20241016030703.13669-1-yung-chuan.liao@linux.intel.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue [+ + +]
Author: Jack Yu <jack.yu@realtek.com>
Date:   Mon Oct 21 06:15:44 2024 +0000

    ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue
    
    [ Upstream commit 038fa6ddf5d22694f61ff7a7a53c8887c6b08c45 ]
    
    clk_stop_timeout should be increased to 900ms to fix clock stop issue.
    
    Signed-off-by: Jack Yu <jack.yu@realtek.com>
    Link: https://patch.msgid.link/cd26275d9fc54374a18dc016755cb72d@realtek.com
    Signed-off-by: Mark Brown <broonie@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
block: Fix elevator_get_default() checking for NULL q->tag_set [+ + +]
Author: SurajSonawane2415 <surajsonawane0215@gmail.com>
Date:   Mon Oct 7 16:44:16 2024 +0530

    block: Fix elevator_get_default() checking for NULL q->tag_set
    
    [ Upstream commit b402328a24ee7193a8ab84277c0c90ae16768126 ]
    
    elevator_get_default() and elv_support_iosched() both check for whether
    or not q->tag_set is non-NULL, however it's not possible for them to be
    NULL. This messes up some static checkers, as the checking of tag_set
    isn't consistent.
    
    Remove the checks, which both simplifies the logic and avoids checker
    errors.
    
    Signed-off-by: SurajSonawane2415 <surajsonawane0215@gmail.com>
    Link: https://lore.kernel.org/r/20241007111416.13814-1-surajsonawane0215@gmail.com
    Signed-off-by: Jens Axboe <axboe@kernel.dk>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx [+ + +]
Author: Zijian Zhang <zijianzhang@bytedance.com>
Date:   Wed Nov 6 00:37:42 2024 +0000

    bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx
    
    [ Upstream commit 44d0469f79bd3d0b3433732877358df7dc6b17b1 ]
    
    As the introduction of the support for vsock and unix sockets in sockmap,
    tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK.
    vsock and af_unix sockets have vsock_sock and unix_sock instead of
    inet_connection_sock. For these sockets, tls_get_ctx may return an invalid
    pointer and cause page fault in function tls_sw_ctx_rx.
    
    BUG: unable to handle page fault for address: 0000000000040030
    Workqueue: vsock-loopback vsock_loopback_work
    RIP: 0010:sk_psock_strp_data_ready+0x23/0x60
    Call Trace:
     ? __die+0x81/0xc3
     ? no_context+0x194/0x350
     ? do_page_fault+0x30/0x110
     ? async_page_fault+0x3e/0x50
     ? sk_psock_strp_data_ready+0x23/0x60
     virtio_transport_recv_pkt+0x750/0x800
     ? update_load_avg+0x7e/0x620
     vsock_loopback_work+0xd0/0x100
     process_one_work+0x1a7/0x360
     worker_thread+0x30/0x390
     ? create_worker+0x1a0/0x1a0
     kthread+0x112/0x130
     ? __kthread_cancel_work+0x40/0x40
     ret_from_fork+0x1f/0x40
    
    v2:
      - Add IS_ICSK check
    v3:
      - Update the commits in Fixes
    
    Fixes: 634f1a7110b4 ("vsock: support sockmap")
    Fixes: 94531cfcbe79 ("af_unix: Add unix_stream_proto for sockmap")
    Signed-off-by: Zijian Zhang <zijianzhang@bytedance.com>
    Acked-by: Stanislav Fomichev <sdf@fomichev.me>
    Acked-by: Jakub Kicinski <kuba@kernel.org>
    Reviewed-by: Cong Wang <cong.wang@bytedance.com>
    Acked-by: Stefano Garzarella <sgarzare@redhat.com>
    Link: https://lore.kernel.org/r/20241106003742.399240-1-zijianzhang@bytedance.com
    Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

bpf: Check validity of link->type in bpf_link_show_fdinfo() [+ + +]
Author: Hou Tao <houtao1@huawei.com>
Date:   Thu Oct 24 09:35:58 2024 +0800

    bpf: Check validity of link->type in bpf_link_show_fdinfo()
    
    [ Upstream commit 8421d4c8762bd022cb491f2f0f7019ef51b4f0a7 ]
    
    If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing
    bpf_link_type_strs[link->type] may result in an out-of-bounds access.
    
    To spot such missed invocations early in the future, checking the
    validity of link->type in bpf_link_show_fdinfo() and emitting a warning
    when such invocations are missed.
    
    Signed-off-by: Hou Tao <houtao1@huawei.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20241024013558.1135167-3-houtao@huaweicloud.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 [+ + +]
Author: Jiawei Ye <jiawei.ye@foxmail.com>
Date:   Fri Nov 8 08:18:52 2024 +0000

    bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6
    
    [ Upstream commit fb86c42a2a5d44e849ddfbc98b8d2f4f40d36ee3 ]
    
    In the bpf_out_neigh_v6 function, rcu_read_lock() is used to begin an RCU
    read-side critical section. However, when unlocking, one branch
    incorrectly uses a different RCU unlock flavour rcu_read_unlock_bh()
    instead of rcu_read_unlock(). This mismatch in RCU locking flavours can
    lead to unexpected behavior and potential concurrency issues.
    
    This possible bug was identified using a static analysis tool developed
    by myself, specifically designed to detect RCU-related issues.
    
    This patch corrects the mismatched unlock flavour by replacing the
    incorrect rcu_read_unlock_bh() with the appropriate rcu_read_unlock(),
    ensuring that the RCU critical section is properly exited. This change
    prevents potential synchronization issues and aligns with proper RCU
    usage patterns.
    
    Fixes: 09eed1192cec ("neighbour: switch to standard rcu, instead of rcu_bh")
    Signed-off-by: Jiawei Ye <jiawei.ye@foxmail.com>
    Acked-by: Yonghong Song <yonghong.song@linux.dev>
    Link: https://lore.kernel.org/r/tencent_CFD3D1C3D68B45EA9F52D8EC76D2C4134306@qq.com
    Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

bpf: use kvzmalloc to allocate BPF verifier environment [+ + +]
Author: Rik van Riel <riel@surriel.com>
Date:   Tue Oct 8 17:07:35 2024 -0400

    bpf: use kvzmalloc to allocate BPF verifier environment
    
    [ Upstream commit 434247637c66e1be2bc71a9987d4c3f0d8672387 ]
    
    The kzmalloc call in bpf_check can fail when memory is very fragmented,
    which in turn can lead to an OOM kill.
    
    Use kvzmalloc to fall back to vmalloc when memory is too fragmented to
    allocate an order 3 sized bpf verifier environment.
    
    Admittedly this is not a very common case, and only happens on systems
    where memory has already been squeezed close to the limit, but this does
    not seem like much of a hot path, and it's a simple enough fix.
    
    Signed-off-by: Rik van Riel <riel@surriel.com>
    Reviewed-by: Shakeel Butt <shakeel.butt@linux.dev>
    Link: https://lore.kernel.org/r/20241008170735.16766766@imladris.surriel.com
    Signed-off-by: Alexei Starovoitov <ast@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
crypto: api - Fix liveliness check in crypto_alg_tested [+ + +]
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date:   Sun Oct 6 09:18:37 2024 +0800

    crypto: api - Fix liveliness check in crypto_alg_tested
    
    [ Upstream commit b81e286ba154a4e0f01a94d99179a97f4ba3e396 ]
    
    As algorithm testing is carried out without holding the main crypto
    lock, it is always possible for the algorithm to go away during the
    test.
    
    So before crypto_alg_tested updates the status of the tested alg,
    it checks whether it's still on the list of all algorithms.  This
    is inaccurate because it may be off the main list but still on the
    list of algorithms to be removed.
    
    Updating the algorithm status is safe per se as the larval still
    holds a reference to it.  However, killing spawns of other algorithms
    that are of lower priority is clearly a deficiency as it adds
    unnecessary churn.
    
    Fix the test by checking whether the algorithm is dead.
    
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

crypto: marvell/cesa - Disable hash algorithms [+ + +]
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date:   Wed Oct 9 16:38:48 2024 +0800

    crypto: marvell/cesa - Disable hash algorithms
    
    [ Upstream commit e845d2399a00f866f287e0cefbd4fc7d8ef0d2f7 ]
    
    Disable cesa hash algorithms by lowering the priority because they
    appear to be broken when invoked in parallel.  This allows them to
    still be tested for debugging purposes.
    
    Reported-by: Klaus Kudielka <klaus.kudielka@gmail.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/amdkfd: Accounting pdd vram_usage for svm [+ + +]
Author: Philip Yang <Philip.Yang@amd.com>
Date:   Fri Oct 4 16:28:07 2024 -0400

    drm/amdkfd: Accounting pdd vram_usage for svm
    
    [ Upstream commit 68d26c10ef503175df3142db6fcd75dd94860592 ]
    
    Process device data pdd->vram_usage is read by rocm-smi via sysfs, this
    is currently missing the svm_bo usage accounting, so "rocm-smi
    --showpids" per process VRAM usage report is incorrect.
    
    Add pdd->vram_usage accounting when svm_bo allocation and release,
    change to atomic64_t type because it is updated outside process mutex
    now.
    
    Signed-off-by: Philip Yang <Philip.Yang@amd.com>
    Reviewed-by: Felix Kuehling <felix.kuehling@amd.com>
    Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
    (cherry picked from commit 98c0b0efcc11f2a5ddf3ce33af1e48eedf808b04)
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS [+ + +]
Author: Ian Forbes <ian.forbes@broadcom.com>
Date:   Thu Aug 8 15:06:34 2024 -0500

    drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS
    
    [ Upstream commit 28a5dfd4f615539fb22fb6d5c219c199c14e6eb6 ]
    
    Currently the array size is only limited by the largest kmalloc size which
    is incorrect. This change will also return a more specific error message
    than ENOMEM to userspace.
    
    Signed-off-by: Ian Forbes <ian.forbes@broadcom.com>
    Reviewed-by: Zack Rusin <zack.rusin@broadcom.com>
    Reviewed-by: Martin Krastev <martin.krastev@broadcom.com>
    Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20240808200634.1074083-1-ian.forbes@broadcom.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout [+ + +]
Author: Badal Nilawar <badal.nilawar@intel.com>
Date:   Thu Oct 17 16:44:10 2024 +0530

    drm/xe/guc/ct: Flush g2h worker in case of g2h response timeout
    
    [ Upstream commit 22ef43c78647dd37b0dafe2182b8650b99dbbe59 ]
    
    In case if g2h worker doesn't get opportunity to within specified
    timeout delay then flush the g2h worker explicitly.
    
    v2:
      - Describe change in the comment and add TODO (Matt B/John H)
      - Add xe_gt_warn on fence done after G2H flush (John H)
    v3:
      - Updated the comment with root cause
      - Clean up xe_gt_warn message (John H)
    
    Closes: https://gitlab.freedesktop.org/drm/xe/kernel/issues/1620
    Closes: https://gitlab.freedesktop.org/drm/xe/kernel/issues/2902
    Signed-off-by: Badal Nilawar <badal.nilawar@intel.com>
    Cc: Matthew Brost <matthew.brost@intel.com>
    Cc: Matthew Auld <matthew.auld@intel.com>
    Cc: John Harrison <John.C.Harrison@Intel.com>
    Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
    Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
    Acked-by: Matthew Brost <matthew.brost@intel.com>
    Signed-off-by: Matthew Brost <matthew.brost@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20241017111410.2553784-2-badal.nilawar@intel.com
    (cherry picked from commit e5152723380404acb8175e0777b1cea57f319a01)
    Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/xe/query: Increase timestamp width [+ + +]
Author: Lucas De Marchi <lucas.demarchi@intel.com>
Date:   Thu Oct 10 20:56:16 2024 -0700

    drm/xe/query: Increase timestamp width
    
    [ Upstream commit 477d665e9b6a1369968383f50c688d56b692a155 ]
    
    Starting with Xe2 the timestamp is a full 64 bit counter, contrary to
    the 36 bit that was available before. Although 36 should be sufficient
    for any reasonable delta calculation (for Xe2, of about 30min), it's
    surprising to userspace to get something truncated. Also if the
    timestamp being compared to is coming from the GPU and the application
    is not careful enough to apply the width there, a delta calculation
    would be wrong.
    
    Extend it to full 64-bits starting with Xe2.
    
    v2: Expand width=64 to media gt, as it's just a wrong tagging in the
    spec - empirical tests show it goes beyond 36 bits and match the engines
    for the main gt
    
    Bspec: 60411
    Cc: Szymon Morek <szymon.morek@intel.com>
    Reviewed-by: Matt Roper <matthew.d.roper@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20241011035618.1057602-1-lucas.demarchi@intel.com
    Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
    (cherry picked from commit 9d559cdcb21f42188d4c3ff3b4fe42b240f4af5d)
    Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/xe/ufence: Prefetch ufence addr to catch bogus address [+ + +]
Author: Nirmoy Das <nirmoy.das@intel.com>
Date:   Wed Oct 16 10:23:03 2024 +0200

    drm/xe/ufence: Prefetch ufence addr to catch bogus address
    
    [ Upstream commit 9c1813b3253480b30604c680026c7dc721ce86d1 ]
    
    access_ok() only checks for addr overflow so also try to read the addr
    to catch invalid addr sent from userspace.
    
    Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1630
    Cc: Francois Dugast <francois.dugast@intel.com>
    Cc: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
    Cc: Matthew Auld <matthew.auld@intel.com>
    Cc: Matthew Brost <matthew.brost@intel.com>
    Reviewed-by: Matthew Brost <matthew.brost@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20241016082304.66009-2-nirmoy.das@intel.com
    Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
    (cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928)
    Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
drm/xe: Don't restart parallel queues multiple times on GT reset [+ + +]
Author: Nirmoy Das <nirmoy.das@intel.com>
Date:   Tue Oct 22 12:35:55 2024 +0200

    drm/xe: Don't restart parallel queues multiple times on GT reset
    
    [ Upstream commit cdc21021f0351226a4845715564afd5dc50ed44b ]
    
    In case of parallel submissions multiple GuC id will point to the
    same exec queue and on GT reset such exec queues will get restarted
    multiple times which is not desirable.
    
    v2: don't use exec_queue_enabled() which could race,
        do the same for xe_guc_submit_stop (Matt B)
    
    Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2295
    Cc: Jonathan Cavitt <jonathan.cavitt@intel.com>
    Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
    Cc: Matthew Auld <matthew.auld@intel.com>
    Cc: Matthew Brost <matthew.brost@intel.com>
    Cc: Tejas Upadhyay <tejas.upadhyay@intel.com>
    Reviewed-by: Matthew Brost <matthew.brost@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20241022103555.731557-1-nirmoy.das@intel.com
    Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
    (cherry picked from commit c8b0acd6d8745fd7e6450f5acc38f0227bd253b3)
    Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/xe: Enlarge the invalidation timeout from 150 to 500 [+ + +]
Author: Shuicheng Lin <shuicheng.lin@intel.com>
Date:   Tue Oct 15 16:12:07 2024 +0000

    drm/xe: Enlarge the invalidation timeout from 150 to 500
    
    [ Upstream commit c8fb95e7a54315460b45090f0968167a332e1657 ]
    
    There are error messages like below that are occurring during stress
    testing: "[   31.004009] xe 0000:03:00.0: [drm] ERROR GT0: Global
    invalidation timeout". Previously it was hitting this 3 out of 1000
    executions of warm reboot.  After raising it to 500, 1000 warm reboot
    executions passed and it didn't fail.
    
    Due to the way xe_mmio_wait32() is implemented, the timeout is able to
    expire early when the register matches the expected value due to the
    wait increments starting small. So, the larger timeout value should have
    no effect during normal use cases.
    
    v2 (Jonathan):
      - rework the commit message
    v3 (Lucas):
      - add conclusive message for the fail rate and test case
    v4:
      - add suggested-by
    
    Suggested-by: Jia Yao <jia.yao@intel.com>
    Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
    Cc: Lucas De Marchi <lucas.demarchi@intel.com>
    Cc: Matthew Auld <matthew.auld@intel.com>
    Cc: Nirmoy Das <nirmoy.das@intel.com>
    Reviewed-by: Jonathan Cavitt <jonathan.cavitt@intel.com>
    Tested-by: Zongyao Bai <zongyao.bai@intel.com>
    Reviewed-by: Nirmoy Das <nirmoy.das@intel.com>
    Signed-off-by: Matthew Auld <matthew.auld@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20241015161207.1373401-1-shuicheng.lin@intel.com
    (cherry picked from commit 2eb460ab9f4bc5b575f52568d17936da0af681d8)
    [ Fix conflict with gt->mmio ]
    Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

drm/xe: Handle unreliable MMIO reads during forcewake [+ + +]
Author: Shuicheng Lin <shuicheng.lin@intel.com>
Date:   Thu Oct 17 22:15:47 2024 +0000

    drm/xe: Handle unreliable MMIO reads during forcewake
    
    [ Upstream commit 69418db678567bdf9a4992c83d448da462ffa78c ]
    
    In some cases, when the driver attempts to read an MMIO register,
    the hardware may return 0xFFFFFFFF. The current force wake path
    code treats this as a valid response, as it only checks the BIT.
    However, 0xFFFFFFFF should be considered an invalid value, indicating
    a potential issue. To address this, we should add a log entry to
    highlight this condition and return failure.
    The force wake failure log level is changed from notice to err
    to match the failure return value.
    
    v2 (Matt Brost):
      - set ret value (-EIO) to kick the error to upper layers
    v3 (Rodrigo):
      - add commit message for the log level promotion from notice to err
    v4:
      - update reviewed info
    
    Suggested-by: Alex Zuo <alex.zuo@intel.com>
    Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
    Cc: Matthew Brost <matthew.brost@intel.com>
    Cc: Michal Wajdeczko <michal.wajdeczko@intel.com>
    Reviewed-by: Himal Prasad Ghimiray <himal.prasad.ghimiray@intel.com>
    Acked-by: Badal Nilawar <badal.nilawar@intel.com>
    Cc: Anshuman Gupta <anshuman.gupta@intel.com>
    Cc: Matt Roper <matthew.d.roper@intel.com>
    Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
    Link: https://patchwork.freedesktop.org/patch/msgid/20241017221547.1564029-1-shuicheng.lin@intel.com
    Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
    (cherry picked from commit a9fbeabe7226a3bf90f82d0e28a02c18e3c67447)
    Signed-off-by: Lucas De Marchi <lucas.demarchi@intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
fs: Fix uninitialized value issue in from_kuid and from_kgid [+ + +]
Author: Alessandro Zanni <alessandro.zanni87@gmail.com>
Date:   Thu Oct 17 14:05:51 2024 +0200

    fs: Fix uninitialized value issue in from_kuid and from_kgid
    
    [ Upstream commit 15f34347481648a567db67fb473c23befb796af5 ]
    
    ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in
    a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set.
    
    Initialize all fields of newattrs to avoid uninitialized variables, by
    checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.
    
    Reported-by: syzbot+6c55f725d1bdc8c52058@syzkaller.appspotmail.com
    Closes: https://syzkaller.appspot.com/bug?extid=6c55f725d1bdc8c52058
    Signed-off-by: Alessandro Zanni <alessandro.zanni87@gmail.com>
    Link: https://lore.kernel.org/r/20241017120553.55331-1-alessandro.zanni87@gmail.com
    Reviewed-by: Jan Kara <jack@suse.cz>
    Signed-off-by: Christian Brauner <brauner@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
HID: i2c-hid: Delayed i2c resume wakeup for 0x0d42 Goodix touchpad [+ + +]
Author: Bartłomiej Maryńczak <marynczakbartlomiej@gmail.com>
Date:   Tue Oct 8 00:25:42 2024 +0200

    HID: i2c-hid: Delayed i2c resume wakeup for 0x0d42 Goodix touchpad
    
    [ Upstream commit 293c485cbac2607595fdaae2b1fb390fc7b2d014 ]
    
    Patch for Goodix 27c6:0d42 touchpads found in Inspiron 5515 laptops.
    
    After resume from suspend, one can communicate with this device just fine.
    We can read data from it or request a reset,
    but for some reason the interrupt line will not go up
    when new events are available.
    (it can correctly respond to a reset with an interrupt tho)
    
    The only way I found to wake this device up
    is to send anything to it after ~1.5s mark,
    for example a simple read request, or power mode change.
    
    In this patch, I simply delay the resume steps with msleep,
    this will cause the set_power request to happen after
    the ~1.5s barrier causing the device to resume its event interrupts.
    
    Sleep was used rather than delayed_work
    to make this workaround as non-invasive as possible.
    
    [jkosina@suse.com: shortlog update]
    Signed-off-by: Bartłomiej Maryńczak <marynczakbartlomiej@gmail.com>
    Signed-off-by: Jiri Kosina <jkosina@suse.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard [+ + +]
Author: Hans de Goede <hdegoede@redhat.com>
Date:   Thu Oct 10 11:45:12 2024 +0200

    HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
    
    [ Upstream commit 51268879eb2bfc563a91cdce69362d9dbf707e7e ]
    
    The Thinkpad X1 Tablet Gen 3 keyboard has the same Lenovo specific quirks
    as the original  Thinkpad X1 Tablet keyboard.
    
    Add the PID for the "Thinkpad X1 Tablet Gen 3 keyboard" to the hid-lenovo
    driver to fix the FnLock, Mute and media buttons not working.
    
    Suggested-by: Izhar Firdaus <izhar@fedoraproject.org>
    Closes https://bugzilla.redhat.com/show_bug.cgi?id=2315395
    Signed-off-by: Hans de Goede <hdegoede@redhat.com>
    Signed-off-by: Jiri Kosina <jkosina@suse.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad [+ + +]
Author: WangYuli <wangyuli@uniontech.com>
Date:   Mon Oct 7 12:08:03 2024 +0800

    HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
    
    [ Upstream commit 7a5ab8071114344f62a8b1e64ed3452a77257d76 ]
    
    The behavior of HONOR MagicBook Art 14 touchpad is not consistent
    after reboots, as sometimes it reports itself as a touchpad, and
    sometimes as a mouse.
    
    Similarly to GLO-GXXX it is possible to call MT_QUIRK_FORCE_GET_FEATURE as a
    workaround to force set feature in mt_set_input_mode() for such special touchpad
    device.
    
    [jkosina@suse.com: reword changelog a little bit]
    Link: https://gitlab.freedesktop.org/libinput/libinput/-/issues/1040
    Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
    Signed-off-by: WangYuli <wangyuli@uniontech.com>
    Reviewed-by: Benjamin Tissoires <bentiss@kernel.org>
    Signed-off-by: Jiri Kosina <jkosina@suse.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad [+ + +]
Author: Kenneth Albanowski <kenalba@chromium.org>
Date:   Fri Oct 4 10:24:29 2024 -0700

    HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad
    
    [ Upstream commit 526748b925185e95f1415900ee13c2469d4b64cc ]
    
    The Logitech Casa Touchpad does not reliably send touch release signals
    when communicating through the Logitech Bolt wireless-to-USB receiver.
    
    Adjusting the device class to add MT_QUIRK_NOT_SEEN_MEANS_UP to make
    sure that no touches become stuck, MT_QUIRK_FORCE_MULTI_INPUT is not
    needed, but harmless.
    
    Linux does not have information on which devices are connected to the
    Bolt receiver, so we have to enable this for the entire device.
    
    Signed-off-by: Kenneth Albanowski <kenalba@chromium.org>
    Signed-off-by: Jiri Kosina <jkosina@suse.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

HID: multitouch: Add support for B2402FVA track point [+ + +]
Author: Stefan Blum <stefanblum2004@gmail.com>
Date:   Sun Oct 6 10:12:23 2024 +0200

    HID: multitouch: Add support for B2402FVA track point
    
    [ Upstream commit 1a5cbb526ec4b885177d06a8bc04f38da7dbb1d9 ]
    
    By default the track point does not work on the Asus Expertbook B2402FVA.
    
    From libinput record i got the ID of the track point device:
      evdev:
        # Name: ASUE1201:00 04F3:32AE
        # ID: bus 0x18 vendor 0x4f3 product 0x32ae version 0x100
    
    I found that the track point is functional, when i set the
    MT_CLS_WIN_8_FORCE_MULTI_INPUT_NSMU class for the reported device.
    
    Signed-off-by: Stefan Blum <stefan.blum@gmail.com>
    Signed-off-by: Jiri Kosina <jkosina@suse.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
iommu/arm-smmu: Clarify MMU-500 CPRE workaround [+ + +]
Author: Robin Murphy <robin.murphy@arm.com>
Date:   Tue Oct 8 16:21:17 2024 +0100

    iommu/arm-smmu: Clarify MMU-500 CPRE workaround
    
    [ Upstream commit 0dfe314cdd0d378f96bb9c6bdc05c8120f48606d ]
    
    CPRE workarounds are implicated in at least 5 MMU-500 errata, some of
    which remain unfixed. The comment and warning message have proven to be
    unhelpfully misleading about this scope, so reword them to get the point
    across with less risk of going out of date or confusing users.
    
    Signed-off-by: Robin Murphy <robin.murphy@arm.com>
    Link: https://lore.kernel.org/r/dfa82171b5248ad7cf1f25592101a6eec36b8c9a.1728400877.git.robin.murphy@arm.com
    Signed-off-by: Will Deacon <will@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
irqchip/ocelot: Fix trigger register address [+ + +]
Author: Sergey Matsievskiy <matsievskiysv@gmail.com>
Date:   Wed Sep 25 21:44:15 2024 +0300

    irqchip/ocelot: Fix trigger register address
    
    [ Upstream commit 9e9c4666abb5bb444dac37e2d7eb5250c8d52a45 ]
    
    Controllers, supported by this driver, have two sets of registers:
    
     * (main) interrupt registers control peripheral interrupt sources.
    
     * device interrupt registers configure per-device (network interface)
       interrupts and act as an extra stage before the main interrupt
       registers.
    
    In the driver unmask code, device trigger registers are used in the mask
    calculation of the main interrupt sticky register, mixing two kinds of
    registers.
    
    Use the main interrupt trigger register instead.
    
    Signed-off-by: Sergey Matsievskiy <matsievskiysv@gmail.com>
    Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
    Link: https://lore.kernel.org/all/20240925184416.54204-2-matsievskiysv@gmail.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
Linux: Linux 6.11.9 [+ + +]
Author: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date:   Sun Nov 17 15:09:55 2024 +0100

    Linux 6.11.9
    
    Link: https://lore.kernel.org/r/20241115063725.892410236@linuxfoundation.org
    Tested-by: Luna Jernberg <droidbittin@gmail.com>
    Tested-by: Ronald Warsow <rwarsow@gmx.de>
    Tested-by: Peter Schneider <pschneider1968@googlemail.com>
    Tested-by: Jon Hunter <jonathanh@nvidia.com>
    Tested-by: Salvatore Bonaccorso <carnil@debian.org>
    Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
    Tested-by: Mark Brown <broonie@kernel.org>
    Tested-by: Ron Economos <re@w6rz.net>
    Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
    Tested-by: Hardik Garg <hargar@linux.microsoft.com>
    Tested-by: Markus Reichelt <lkt+2023@mareichelt.com>
    Tested-by: Shuah Khan <skhan@linuxfoundation.org>
    Tested-by: kernelci.org bot <bot@kernelci.org>
    Tested-by: Pavel Machek (CIP) <pavel@denx.de>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 
LoongArch: KVM: Mark hrtimer to expire in hard interrupt context [+ + +]
Author: Huacai Chen <chenhuacai@kernel.org>
Date:   Wed Oct 23 22:15:44 2024 +0800

    LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
    
    [ Upstream commit 73adbd92f3223dc0c3506822b71c6b259d5d537b ]
    
    Like commit 2c0d278f3293f ("KVM: LAPIC: Mark hrtimer to expire in hard
    interrupt context") and commit 9090825fa9974 ("KVM: arm/arm64: Let the
    timer expire in hardirq context on RT"), On PREEMPT_RT enabled kernels
    unmarked hrtimers are moved into soft interrupt expiry mode by default.
    Then the timers are canceled from an preempt-notifier which is invoked
    with disabled preemption which is not allowed on PREEMPT_RT.
    
    The timer callback is short so in could be invoked in hard-IRQ context.
    So let the timer expire on hard-IRQ context even on -RT.
    
    This fix a "scheduling while atomic" bug for PREEMPT_RT enabled kernels:
    
     BUG: scheduling while atomic: qemu-system-loo/1011/0x00000002
     Modules linked in: amdgpu rfkill nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ns
     CPU: 1 UID: 0 PID: 1011 Comm: qemu-system-loo Tainted: G        W          6.12.0-rc2+ #1774
     Tainted: [W]=WARN
     Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022
     Stack : ffffffffffffffff 0000000000000000 9000000004e3ea38 9000000116744000
             90000001167475a0 0000000000000000 90000001167475a8 9000000005644830
             90000000058dc000 90000000058dbff8 9000000116747420 0000000000000001
             0000000000000001 6a613fc938313980 000000000790c000 90000001001c1140
             00000000000003fe 0000000000000001 000000000000000d 0000000000000003
             0000000000000030 00000000000003f3 000000000790c000 9000000116747830
             90000000057ef000 0000000000000000 9000000005644830 0000000000000004
             0000000000000000 90000000057f4b58 0000000000000001 9000000116747868
             900000000451b600 9000000005644830 9000000003a13998 0000000010000020
             00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d
             ...
     Call Trace:
     [<9000000003a13998>] show_stack+0x38/0x180
     [<9000000004e3ea34>] dump_stack_lvl+0x84/0xc0
     [<9000000003a71708>] __schedule_bug+0x48/0x60
     [<9000000004e45734>] __schedule+0x1114/0x1660
     [<9000000004e46040>] schedule_rtlock+0x20/0x60
     [<9000000004e4e330>] rtlock_slowlock_locked+0x3f0/0x10a0
     [<9000000004e4f038>] rt_spin_lock+0x58/0x80
     [<9000000003b02d68>] hrtimer_cancel_wait_running+0x68/0xc0
     [<9000000003b02e30>] hrtimer_cancel+0x70/0x80
     [<ffff80000235eb70>] kvm_restore_timer+0x50/0x1a0 [kvm]
     [<ffff8000023616c8>] kvm_arch_vcpu_load+0x68/0x2a0 [kvm]
     [<ffff80000234c2d4>] kvm_sched_in+0x34/0x60 [kvm]
     [<9000000003a749a0>] finish_task_switch.isra.0+0x140/0x2e0
     [<9000000004e44a70>] __schedule+0x450/0x1660
     [<9000000004e45cb0>] schedule+0x30/0x180
     [<ffff800002354c70>] kvm_vcpu_block+0x70/0x120 [kvm]
     [<ffff800002354d80>] kvm_vcpu_halt+0x60/0x3e0 [kvm]
     [<ffff80000235b194>] kvm_handle_gspr+0x3f4/0x4e0 [kvm]
     [<ffff80000235f548>] kvm_handle_exit+0x1c8/0x260 [kvm]
    
    Reviewed-by: Bibo Mao <maobibo@loongson.cn>
    Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

LoongArch: Use "Exception return address" to comment ERA [+ + +]
Author: Yanteng Si <siyanteng@cqsoftware.com.cn>
Date:   Mon Oct 21 22:11:18 2024 +0800

    LoongArch: Use "Exception return address" to comment ERA
    
    [ Upstream commit b69269c870ece1bc7d2e3e39ca76f4602f2cb0dd ]
    
    The information contained in the comment for LOONGARCH_CSR_ERA is even
    less informative than the macro itself, which can cause confusion for
    junior developers. Let's use the full English term.
    
    Signed-off-by: Yanteng Si <siyanteng@cqsoftware.com.cn>
    Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
mm: krealloc: Fix MTE false alarm in __do_krealloc [+ + +]
Author: Qun-Wei Lin <qun-wei.lin@mediatek.com>
Date:   Fri Oct 25 16:58:11 2024 +0800

    mm: krealloc: Fix MTE false alarm in __do_krealloc
    
    commit 704573851b51808b45dae2d62059d1d8189138a2 upstream.
    
    This patch addresses an issue introduced by commit 1a83a716ec233 ("mm:
    krealloc: consider spare memory for __GFP_ZERO") which causes MTE
    (Memory Tagging Extension) to falsely report a slab-out-of-bounds error.
    
    The problem occurs when zeroing out spare memory in __do_krealloc. The
    original code only considered software-based KASAN and did not account
    for MTE. It does not reset the KASAN tag before calling memset, leading
    to a mismatch between the pointer tag and the memory tag, resulting
    in a false positive.
    
    Example of the error:
    ==================================================================
    swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188
    swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1
    swapper/0: Pointer tag: [f4], memory tag: [fe]
    swapper/0:
    swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.
    swapper/0: Hardware name: MT6991(ENG) (DT)
    swapper/0: Call trace:
    swapper/0:  dump_backtrace+0xfc/0x17c
    swapper/0:  show_stack+0x18/0x28
    swapper/0:  dump_stack_lvl+0x40/0xa0
    swapper/0:  print_report+0x1b8/0x71c
    swapper/0:  kasan_report+0xec/0x14c
    swapper/0:  __do_kernel_fault+0x60/0x29c
    swapper/0:  do_bad_area+0x30/0xdc
    swapper/0:  do_tag_check_fault+0x20/0x34
    swapper/0:  do_mem_abort+0x58/0x104
    swapper/0:  el1_abort+0x3c/0x5c
    swapper/0:  el1h_64_sync_handler+0x80/0xcc
    swapper/0:  el1h_64_sync+0x68/0x6c
    swapper/0:  __memset+0x84/0x188
    swapper/0:  btf_populate_kfunc_set+0x280/0x3d8
    swapper/0:  __register_btf_kfunc_id_set+0x43c/0x468
    swapper/0:  register_btf_kfunc_id_set+0x48/0x60
    swapper/0:  register_nf_nat_bpf+0x1c/0x40
    swapper/0:  nf_nat_init+0xc0/0x128
    swapper/0:  do_one_initcall+0x184/0x464
    swapper/0:  do_initcall_level+0xdc/0x1b0
    swapper/0:  do_initcalls+0x70/0xc0
    swapper/0:  do_basic_setup+0x1c/0x28
    swapper/0:  kernel_init_freeable+0x144/0x1b8
    swapper/0:  kernel_init+0x20/0x1a8
    swapper/0:  ret_from_fork+0x10/0x20
    ==================================================================
    
    Fixes: 1a83a716ec233 ("mm: krealloc: consider spare memory for __GFP_ZERO")
    Signed-off-by: Qun-Wei Lin <qun-wei.lin@mediatek.com>
    Acked-by: David Rientjes <rientjes@google.com>
    Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 
net: phy: mdio-bcm-unimac: Add BCM6846 support [+ + +]
Author: Linus Walleij <linus.walleij@linaro.org>
Date:   Sat Oct 12 22:35:23 2024 +0200

    net: phy: mdio-bcm-unimac: Add BCM6846 support
    
    [ Upstream commit 906b77ca91c7e9833b4e47bedb6bec76be71d497 ]
    
    Add Unimac mdio compatible string for the special BCM6846
    variant.
    
    This variant has a few extra registers compared to other
    versions.
    
    Suggested-by: Florian Fainelli <florian.fainelli@broadcom.com>
    Link: https://lore.kernel.org/linux-devicetree/b542b2e8-115c-4234-a464-e73aa6bece5c@broadcom.com/
    Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
    Link: https://patch.msgid.link/20241012-bcm6846-mdio-v1-2-c703ca83e962@linaro.org
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition [+ + +]
Author: Reinhard Speyerer <rspmn@arcor.de>
Date:   Fri Oct 18 22:52:55 2024 +0200

    net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
    
    [ Upstream commit 64761c980cbf71fb7a532a8c7299907ea972a88c ]
    
    Add Fibocom FG132 0x0112 composition:
    
    T:  Bus=03 Lev=02 Prnt=06 Port=01 Cnt=02 Dev#= 10 Spd=12   MxCh= 0
    D:  Ver= 2.01 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
    P:  Vendor=2cb7 ProdID=0112 Rev= 5.15
    S:  Manufacturer=Fibocom Wireless Inc.
    S:  Product=Fibocom Module
    S:  SerialNumber=xxxxxxxx
    C:* #Ifs= 4 Cfg#= 1 Atr=a0 MxPwr=500mA
    I:* If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
    E:  Ad=82(I) Atr=03(Int.) MxPS=   8 Ivl=32ms
    E:  Ad=81(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
    E:  Ad=01(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
    I:* If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
    E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
    E:  Ad=83(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
    I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
    E:  Ad=85(I) Atr=03(Int.) MxPS=  10 Ivl=32ms
    E:  Ad=84(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
    E:  Ad=03(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
    I:* If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
    E:  Ad=86(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
    E:  Ad=04(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
    
    Signed-off-by: Reinhard Speyerer <rspmn@arcor.de>
    
    Link: https://patch.msgid.link/ZxLKp5YZDy-OM0-e@arcor.de
    Signed-off-by: Paolo Abeni <pabeni@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
netfs: Downgrade i_rwsem for a buffered write [+ + +]
Author: David Howells <dhowells@redhat.com>
Date:   Wed Oct 16 17:28:33 2024 +0100

    netfs: Downgrade i_rwsem for a buffered write
    
    [ Upstream commit d6a77668a708f0b5ca6713b39c178c9d9563c35b ]
    
    In the I/O locking code borrowed from NFS into netfslib, i_rwsem is held
    locked across a buffered write - but this causes a performance regression
    in cifs as it excludes buffered reads for the duration (cifs didn't use any
    locking for buffered reads).
    
    Mitigate this somewhat by downgrading the i_rwsem to a read lock across the
    buffered write.  This at least allows parallel reads to occur whilst
    excluding other writes, DIO, truncate and setattr.
    
    Note that this shouldn't be a problem for a buffered write as a read
    through an mmap can circumvent i_rwsem anyway.
    
    Also note that we might want to make this change in NFS also.
    
    Signed-off-by: David Howells <dhowells@redhat.com>
    Link: https://lore.kernel.org/r/1317958.1729096113@warthog.procyon.org.uk
    cc: Steve French <sfrench@samba.org>
    cc: Paulo Alcantara <pc@manguebit.com>
    cc: Trond Myklebust <trondmy@kernel.org>
    cc: Jeff Layton <jlayton@kernel.org>
    cc: netfs@lists.linux.dev
    cc: linux-cifs@vger.kernel.org
    cc: linux-nfs@vger.kernel.org
    cc: linux-fsdevel@vger.kernel.org
    Signed-off-by: Christian Brauner <brauner@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
nvme-loop: flush off pending I/O while shutting down loop controller [+ + +]
Author: Nilay Shroff <nilay@linux.ibm.com>
Date:   Wed Oct 16 08:33:14 2024 +0530

    nvme-loop: flush off pending I/O while shutting down loop controller
    
    [ Upstream commit c199fac88fe7c749f88a0653e9f621b9f5a71cf1 ]
    
    While shutting down loop controller, we first quiesce the admin/IO queue,
    delete the admin/IO tag-set and then at last destroy the admin/IO queue.
    However it's quite possible that during the window between quiescing and
    destroying of the admin/IO queue, some admin/IO request might sneak in
    and if that happens then we could potentially encounter a hung task
    because shutdown operation can't forward progress until any pending I/O
    is flushed off.
    
    This commit helps ensure that before destroying the admin/IO queue, we
    unquiesce the admin/IO queue so that any outstanding requests, which are
    added after the admin/IO queue is quiesced, are now flushed to its
    completion.
    
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Nilay Shroff <nilay@linux.ibm.com>
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
nvme-multipath: defer partition scanning [+ + +]
Author: Keith Busch <kbusch@kernel.org>
Date:   Tue Oct 15 07:30:17 2024 -0700

    nvme-multipath: defer partition scanning
    
    [ Upstream commit 1f021341eef41e77a633186e9be5223de2ce5d48 ]
    
    We need to suppress the partition scan from occuring within the
    controller's scan_work context. If a path error occurs here, the IO will
    wait until a path becomes available or all paths are torn down, but that
    action also occurs within scan_work, so it would deadlock. Defer the
    partion scan to a different context that does not block scan_work.
    
    Reported-by: Hannes Reinecke <hare@suse.de>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
nvme/host: Fix RCU list traversal to use SRCU primitive [+ + +]
Author: Breno Leitao <leitao@debian.org>
Date:   Mon Nov 4 04:24:40 2024 -0800

    nvme/host: Fix RCU list traversal to use SRCU primitive
    
    [ Upstream commit 6d1c69945ce63a9fba22a4abf646cf960d878782 ]
    
    The code currently uses list_for_each_entry_rcu() while holding an SRCU
    lock, triggering false positive warnings with CONFIG_PROVE_RCU=y
    enabled:
    
      drivers/nvme/host/core.c:3770 RCU-list traversed in non-reader section!!
    
    While the list is properly protected by SRCU lock, the code uses the wrong
    list traversal primitive. Replace list_for_each_entry_rcu() with
    list_for_each_entry_srcu() to correctly indicate SRCU-based protection
    and eliminate the false warning.
    
    Fixes: be647e2c76b2 ("nvme: use srcu for iterating namespace list")
    Signed-off-by: Breno Leitao <leitao@debian.org>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
nvme: disable CC.CRIME (NVME_CC_CRIME) [+ + +]
Author: Greg Joyce <gjoyce@linux.ibm.com>
Date:   Mon Oct 7 14:33:24 2024 -0500

    nvme: disable CC.CRIME (NVME_CC_CRIME)
    
    [ Upstream commit 0ce96a6708f34280a536263ee5c67e20c433dcce ]
    
    Disable NVME_CC_CRIME so that CSTS.RDY indicates that the media
    is ready and able to handle commands without returning
    NVME_SC_ADMIN_COMMAND_MEDIA_NOT_READY.
    
    Signed-off-by: Greg Joyce <gjoyce@linux.ibm.com>
    Reviewed-by: Nilay Shroff <nilay@linux.ibm.com>
    Tested-by: Nilay Shroff <nilay@linux.ibm.com>
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

nvme: make keep-alive synchronous operation [+ + +]
Author: Nilay Shroff <nilay@linux.ibm.com>
Date:   Wed Oct 16 08:33:15 2024 +0530

    nvme: make keep-alive synchronous operation
    
    [ Upstream commit d06923670b5a5f609603d4a9fee4dec02d38de9c ]
    
    The nvme keep-alive operation, which executes at a periodic interval,
    could potentially sneak in while shutting down a fabric controller.
    This may lead to a race between the fabric controller admin queue
    destroy code path (invoked while shutting down controller) and hw/hctx
    queue dispatcher called from the nvme keep-alive async request queuing
    operation. This race could lead to the kernel crash shown below:
    
    Call Trace:
        autoremove_wake_function+0x0/0xbc (unreliable)
        __blk_mq_sched_dispatch_requests+0x114/0x24c
        blk_mq_sched_dispatch_requests+0x44/0x84
        blk_mq_run_hw_queue+0x140/0x220
        nvme_keep_alive_work+0xc8/0x19c [nvme_core]
        process_one_work+0x200/0x4e0
        worker_thread+0x340/0x504
        kthread+0x138/0x140
        start_kernel_thread+0x14/0x18
    
    While shutting down fabric controller, if nvme keep-alive request sneaks
    in then it would be flushed off. The nvme_keep_alive_end_io function is
    then invoked to handle the end of the keep-alive operation which
    decrements the admin->q_usage_counter and assuming this is the last/only
    request in the admin queue then the admin->q_usage_counter becomes zero.
    If that happens then blk-mq destroy queue operation (blk_mq_destroy_
    queue()) which could be potentially running simultaneously on another
    cpu (as this is the controller shutdown code path) would forward
    progress and deletes the admin queue. So, now from this point onward
    we are not supposed to access the admin queue resources. However the
    issue here's that the nvme keep-alive thread running hw/hctx queue
    dispatch operation hasn't yet finished its work and so it could still
    potentially access the admin queue resource while the admin queue had
    been already deleted and that causes the above crash.
    
    This fix helps avoid the observed crash by implementing keep-alive as a
    synchronous operation so that we decrement admin->q_usage_counter only
    after keep-alive command finished its execution and returns the command
    status back up to its caller (blk_execute_rq()). This would ensure that
    fabric shutdown code path doesn't destroy the fabric admin queue until
    keep-alive request finished execution and also keep-alive thread is not
    running hw/hctx queue dispatch operation.
    
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Nilay Shroff <nilay@linux.ibm.com>
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

nvme: tcp: avoid race between queue_lock lock and destroy [+ + +]
Author: Hannes Reinecke <hare@suse.de>
Date:   Wed Oct 2 13:51:41 2024 +0900

    nvme: tcp: avoid race between queue_lock lock and destroy
    
    [ Upstream commit 782373ba27660ba7d330208cf5509ece6feb4545 ]
    
    Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during
    error recovery") added a mutex_lock() call for the queue->queue_lock
    in nvme_tcp_get_address(). However, the mutex_lock() races with
    mutex_destroy() in nvme_tcp_free_queue(), and causes the WARN below.
    
    DEBUG_LOCKS_WARN_ON(lock->magic != lock)
    WARNING: CPU: 3 PID: 34077 at kernel/locking/mutex.c:587 __mutex_lock+0xcf0/0x1220
    Modules linked in: nvmet_tcp nvmet nvme_tcp nvme_fabrics iw_cm ib_cm ib_core pktcdvd nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr sunrpc ppdev 9pnet_virtio 9pnet pcspkr netfs parport_pc parport e1000 i2c_piix4 i2c_smbus loop fuse nfnetlink zram bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper xfs drm sym53c8xx floppy nvme scsi_transport_spi nvme_core nvme_auth serio_raw ata_generic pata_acpi dm_multipath qemu_fw_cfg [last unloaded: ib_uverbs]
    CPU: 3 UID: 0 PID: 34077 Comm: udisksd Not tainted 6.11.0-rc7 #319
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014
    RIP: 0010:__mutex_lock+0xcf0/0x1220
    Code: 08 84 d2 0f 85 c8 04 00 00 8b 15 ef b6 c8 01 85 d2 0f 85 78 f4 ff ff 48 c7 c6 20 93 ee af 48 c7 c7 60 91 ee af e8 f0 a7 6d fd <0f> 0b e9 5e f4 ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1
    RSP: 0018:ffff88811305f760 EFLAGS: 00010286
    RAX: 0000000000000000 RBX: ffff88812c652058 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
    RBP: ffff88811305f8b0 R08: 0000000000000001 R09: ffffed1075c36341
    R10: ffff8883ae1b1a0b R11: 0000000000010498 R12: 0000000000000000
    R13: 0000000000000000 R14: dffffc0000000000 R15: ffff88812c652058
    FS:  00007f9713ae4980(0000) GS:ffff8883ae180000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00007fcd78483c7c CR3: 0000000122c38000 CR4: 00000000000006f0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    Call Trace:
     <TASK>
     ? __warn.cold+0x5b/0x1af
     ? __mutex_lock+0xcf0/0x1220
     ? report_bug+0x1ec/0x390
     ? handle_bug+0x3c/0x80
     ? exc_invalid_op+0x13/0x40
     ? asm_exc_invalid_op+0x16/0x20
     ? __mutex_lock+0xcf0/0x1220
     ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]
     ? __pfx___mutex_lock+0x10/0x10
     ? __lock_acquire+0xd6a/0x59e0
     ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]
     nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp]
     ? __pfx_nvme_tcp_get_address+0x10/0x10 [nvme_tcp]
     nvme_sysfs_show_address+0x81/0xc0 [nvme_core]
     dev_attr_show+0x42/0x80
     ? __asan_memset+0x1f/0x40
     sysfs_kf_seq_show+0x1f0/0x370
     seq_read_iter+0x2cb/0x1130
     ? rw_verify_area+0x3b1/0x590
     ? __mutex_lock+0x433/0x1220
     vfs_read+0x6a6/0xa20
     ? lockdep_hardirqs_on+0x78/0x100
     ? __pfx_vfs_read+0x10/0x10
     ksys_read+0xf7/0x1d0
     ? __pfx_ksys_read+0x10/0x10
     ? __x64_sys_openat+0x105/0x1d0
     do_syscall_64+0x93/0x180
     ? lockdep_hardirqs_on_prepare+0x16d/0x400
     ? do_syscall_64+0x9f/0x180
     ? lockdep_hardirqs_on+0x78/0x100
     ? do_syscall_64+0x9f/0x180
     ? __pfx_ksys_read+0x10/0x10
     ? lockdep_hardirqs_on_prepare+0x16d/0x400
     ? do_syscall_64+0x9f/0x180
     ? lockdep_hardirqs_on+0x78/0x100
     ? do_syscall_64+0x9f/0x180
     ? lockdep_hardirqs_on_prepare+0x16d/0x400
     ? do_syscall_64+0x9f/0x180
     ? lockdep_hardirqs_on+0x78/0x100
     ? do_syscall_64+0x9f/0x180
     ? lockdep_hardirqs_on_prepare+0x16d/0x400
     ? do_syscall_64+0x9f/0x180
     ? lockdep_hardirqs_on+0x78/0x100
     ? do_syscall_64+0x9f/0x180
     ? lockdep_hardirqs_on_prepare+0x16d/0x400
     ? do_syscall_64+0x9f/0x180
     ? lockdep_hardirqs_on+0x78/0x100
     ? do_syscall_64+0x9f/0x180
     ? do_syscall_64+0x9f/0x180
     entry_SYSCALL_64_after_hwframe+0x76/0x7e
    RIP: 0033:0x7f9713f55cfa
    Code: 55 48 89 e5 48 83 ec 20 48 89 55 e8 48 89 75 f0 89 7d f8 e8 e8 74 f8 ff 48 8b 55 e8 48 8b 75 f0 41 89 c0 8b 7d f8 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 2e 44 89 c7 48 89 45 f8 e8 42 75 f8 ff 48 8b
    RSP: 002b:00007ffd7f512e70 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
    RAX: ffffffffffffffda RBX: 000055c38f316859 RCX: 00007f9713f55cfa
    RDX: 0000000000000fff RSI: 00007ffd7f512eb0 RDI: 0000000000000011
    RBP: 00007ffd7f512e90 R08: 0000000000000000 R09: 00000000ffffffff
    R10: 0000000000000000 R11: 0000000000000246 R12: 000055c38f317148
    R13: 0000000000000000 R14: 00007f96f4004f30 R15: 000055c3b6b623c0
     </TASK>
    
    The WARN is observed when the blktests test case nvme/014 is repeated
    with tcp transport. It is rare, and 200 times repeat is required to
    recreate in some test environments.
    
    To avoid the WARN, check the NVME_TCP_Q_LIVE flag before locking
    queue->queue_lock. The flag is cleared long time before the lock gets
    destroyed.
    
    Signed-off-by: Hannes Reinecke <hare@suse.de>
    Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
nvmet-passthru: clear EUID/NGUID/UUID while using loop target [+ + +]
Author: Nilay Shroff <nilay@linux.ibm.com>
Date:   Sat Sep 21 12:35:33 2024 +0530

    nvmet-passthru: clear EUID/NGUID/UUID while using loop target
    
    [ Upstream commit e38dad438fc08162e20c600ae899e9e60688f72e ]
    
    When nvme passthru is configured using loop target, the clear_ids
    attribute is, by default, set to true. This attribute would ensure that
    EUID/NGUID/UUID is cleared for the loop passthru target.
    
    The newer NVMe disk supporting the NVMe spec 1.3 or higher, typically,
    implements the support for "Namespace Identification Descriptor list"
    command. This command when issued from host returns EUID/NGUID/UUID
    assigned to the inquired namespace. Not clearing these values, while
    using nvme passthru using loop target, would result in NVMe host driver
    rejecting the namespace. This check was implemented in the commit
    2079f41ec6ff ("nvme: check that EUI/GUID/UUID are globally unique").
    
    The fix implemented in this commit ensure that when host issues ns-id
    descriptor list command, the EUID/NGUID/UUID are cleared by passthru
    target. In fact, the function nvmet_passthru_override_id_descs() which
    clears those unique ids already exits, so we just need to ensure that
    ns-id descriptor list command falls through the corretc code path. And
    while we're at it, we also combines the three passthru admin command
    cases together which shares the same code.
    
    Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
    Reviewed-by: Christoph Hellwig <hch@lst.de>
    Signed-off-by: Nilay Shroff <nilay@linux.ibm.com>
    Signed-off-by: Keith Busch <kbusch@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
pinctrl: aw9523: add missing mutex_destroy [+ + +]
Author: Rosen Penev <rosenp@gmail.com>
Date:   Tue Oct 1 14:27:22 2024 -0700

    pinctrl: aw9523: add missing mutex_destroy
    
    [ Upstream commit 393c554093c0c4cbc8e2f178d36df169016384da ]
    
    Otherwise the mutex remains after a failed kzalloc.
    
    Signed-off-by: Rosen Penev <rosenp@gmail.com>
    Link: https://lore.kernel.org/20241001212724.309320-1-rosenp@gmail.com
    Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

pinctrl: intel: platform: Add Panther Lake to the list of supported [+ + +]
Author: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Date:   Wed Oct 2 18:00:36 2024 +0300

    pinctrl: intel: platform: Add Panther Lake to the list of supported
    
    [ Upstream commit 37756257093bf1bda0bb034f4f1bd3219c7b2a40 ]
    
    Intel Panther Lake is supported by the generic platform driver,
    so add it to the list of supported in Kconfig.
    
    Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
    Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
powerpc/powernv: Free name on error in opal_event_init() [+ + +]
Author: Michael Ellerman <mpe@ellerman.id.au>
Date:   Fri Sep 20 19:35:20 2024 +1000

    powerpc/powernv: Free name on error in opal_event_init()
    
    [ Upstream commit cf8989d20d64ad702a6210c11a0347ebf3852aa7 ]
    
    In opal_event_init() if request_irq() fails name is not freed, leading
    to a memory leak. The code only runs at boot time, there's no way for a
    user to trigger it, so there's no security impact.
    
    Fix the leak by freeing name in the error path.
    
    Reported-by: 2639161967 <2639161967@qq.com>
    Closes: https://lore.kernel.org/linuxppc-dev/87wmjp3wig.fsf@mail.lhotse
    Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
    Link: https://patch.msgid.link/20240920093520.67997-1-mpe@ellerman.id.au
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES [+ + +]
Author: Showrya M N <showrya@chelsio.com>
Date:   Mon Oct 7 18:28:36 2024 +0530

    RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES
    
    [ Upstream commit 4e1e3dd88a4cedd5ccc1a3fc3d71e03b70a7a791 ]
    
    While running ISER over SIW, the initiator machine encounters a warning
    from skb_splice_from_iter() indicating that a slab page is being used in
    send_page. To address this, it is better to add a sendpage_ok() check
    within the driver itself, and if it returns 0, then MSG_SPLICE_PAGES flag
    should be disabled before entering the network stack.
    
    A similar issue has been discussed for NVMe in this thread:
    https://lore.kernel.org/all/20240530142417.146696-1-ofir.gal@volumez.com/
    
      WARNING: CPU: 0 PID: 5342 at net/core/skbuff.c:7140 skb_splice_from_iter+0x173/0x320
      Call Trace:
       tcp_sendmsg_locked+0x368/0xe40
       siw_tx_hdt+0x695/0xa40 [siw]
       siw_qp_sq_process+0x102/0xb00 [siw]
       siw_sq_resume+0x39/0x110 [siw]
       siw_run_sq+0x74/0x160 [siw]
       kthread+0xd2/0x100
       ret_from_fork+0x34/0x40
       ret_from_fork_asm+0x1a/0x30
    
    Link: https://patch.msgid.link/r/20241007125835.89942-1-showrya@chelsio.com
    Signed-off-by: Showrya M N <showrya@chelsio.com>
    Signed-off-by: Potnuri Bharat Teja <bharat@chelsio.com>
    Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
RISCV: KVM: use raw_spinlock for critical section in imsic [+ + +]
Author: Cyan Yang <cyan.yang@sifive.com>
Date:   Fri Sep 20 00:01:26 2024 +0800

    RISCV: KVM: use raw_spinlock for critical section in imsic
    
    [ Upstream commit 3ec4350d4efb5ccb6bd0e11d9cf7f2be4f47297d ]
    
    For the external interrupt updating procedure in imsic, there was a
    spinlock to protect it already. But since it should not be preempted in
    any cases, we should turn to use raw_spinlock to prevent any preemption
    in case PREEMPT_RT was enabled.
    
    Signed-off-by: Cyan Yang <cyan.yang@sifive.com>
    Reviewed-by: Yong-Xuan Wang <yongxuan.wang@sifive.com>
    Reviewed-by: Anup Patel <anup@brainfault.org>
    Message-ID: <20240919160126.44487-1-cyan.yang@sifive.com>
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
s390/ap: Fix CCA crypto card behavior within protected execution environment [+ + +]
Author: Harald Freudenberger <freude@linux.ibm.com>
Date:   Wed Sep 25 15:31:06 2024 +0200

    s390/ap: Fix CCA crypto card behavior within protected execution environment
    
    [ Upstream commit 78f636e82b2288462498e235dc5a886426ce5dd7 ]
    
    A crypto card comes in 3 flavors: accelerator, CCA co-processor or
    EP11 co-processor. Within a protected execution environment only the
    accelerator and EP11 co-processor is supported. However, it is
    possible to set up a KVM guest with a CCA card and run it as a
    protected execution guest. There is nothing at the host side which
    prevents this. Within such a guest, a CCA card is shown as "illicit"
    and you can't do anything with such a crypto card.
    
    Regardless of the unsupported CCA card within a protected execution
    guest there are a couple of user space applications which
    unconditional try to run crypto requests to the zcrypt device
    driver. There was a bug within the AP bus code which allowed such a
    request to be forwarded to a CCA card where it is finally
    rejected and the driver reacts with -ENODEV but also triggers an AP
    bus scan. Together with a retry loop this caused some kind of "hang"
    of the KVM guest. On startup it caused timeouts and finally led the
    KVM guest startup fail. Fix that by closing the gap and make sure a
    CCA card is not usable within a protected execution environment.
    
    Another behavior within an protected execution environment with CCA
    cards was that the se_bind and se_associate AP queue sysfs attributes
    where shown. The implementation unconditional always added these
    attributes. Fix that by checking if the card mode is supported within
    a protected execution environment and only if valid, add the attribute
    group.
    
    Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
    Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
    Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
samples/landlock: Fix port parsing in sandboxer [+ + +]
Author: Matthieu Buffet <matthieu@buffet.re>
Date:   Sat Oct 19 17:15:32 2024 +0200

    samples/landlock: Fix port parsing in sandboxer
    
    [ Upstream commit 387285530d1d4bdba8c5dff5aeabd8d71638173f ]
    
    If you want to specify that no port can be bind()ed, you would think
    (looking quickly at both help message and code) that setting
    LL_TCP_BIND="" would do it.
    
    However the code splits on ":" then applies atoi(), which does not allow
    checking for errors. Passing an empty string returns 0, which is
    interpreted as "allow bind(0)", which means bind to any ephemeral port.
    This bug occurs whenever passing an empty string or when leaving a
    trailing/leading colon, making it impossible to completely deny bind().
    
    To reproduce:
    export LL_FS_RO="/" LL_FS_RW="" LL_TCP_BIND=""
    ./sandboxer strace -e bind nc -n -vvv -l -p 0
    Executing the sandboxed command...
    bind(3, {sa_family=AF_INET, sin_port=htons(0),
         sin_addr=inet_addr("0.0.0.0")}, 16) = 0
    Listening on 0.0.0.0 37629
    
    Use strtoull(3) instead, which allows error checking. Check that the
    entire string has been parsed correctly without overflows/underflows,
    but not that the __u64 (the type of struct landlock_net_port_attr.port)
    is a valid __u16 port: that is already done by the kernel.
    
    Fixes: 5e990dcef12e ("samples/landlock: Support TCP restrictions")
    Signed-off-by: Matthieu Buffet <matthieu@buffet.re>
    Link: https://lore.kernel.org/r/20241019151534.1400605-2-matthieu@buffet.re
    Signed-off-by: Mickaël Salaün <mic@digikod.net>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
selftests/bpf: Assert link info uprobe_multi count & path_size if unset [+ + +]
Author: Tyrone Wu <wudevelops@gmail.com>
Date:   Fri Oct 11 00:08:03 2024 +0000

    selftests/bpf: Assert link info uprobe_multi count & path_size if unset
    
    [ Upstream commit b836cbdf3b81a4a22b3452186efa2e5105a77e10 ]
    
    Add assertions in `bpf_link_info.uprobe_multi` test to verify that
    `count` and `path_size` fields are correctly populated when the fields
    are unset.
    
    This tests a previous bug where the `path_size` field was not populated
    when `path` and `path_size` were unset.
    
    Signed-off-by: Tyrone Wu <wudevelops@gmail.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Link: https://lore.kernel.org/bpf/20241011000803.681190-2-wudevelops@gmail.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

selftests/bpf: Verify that sync_linked_regs preserves subreg_def [+ + +]
Author: Eduard Zingerman <eddyz87@gmail.com>
Date:   Tue Sep 24 14:08:44 2024 -0700

    selftests/bpf: Verify that sync_linked_regs preserves subreg_def
    
    [ Upstream commit a41b3828ec056a631ad22413d4560017fed5c3bd ]
    
    This test was added because of a bug in verifier.c:sync_linked_regs(),
    upon range propagation it destroyed subreg_def marks for registers.
    The test is written in a way to return an upper half of a register
    that is affected by range propagation and must have it's subreg_def
    preserved. This gives a return value of 0 and leads to undefined
    return value if subreg_def mark is not preserved.
    
    Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
    Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Acked-by: Daniel Borkmann <daniel@iogearbox.net>
    Link: https://lore.kernel.org/bpf/20240924210844.1758441-2-eddyz87@gmail.com
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
smb: client: Fix use-after-free of network namespace. [+ + +]
Author: Kuniyuki Iwashima <kuniyu@amazon.com>
Date:   Sat Nov 2 14:24:38 2024 -0700

    smb: client: Fix use-after-free of network namespace.
    
    [ Upstream commit ef7134c7fc48e1441b398e55a862232868a6f0a7 ]
    
    Recently, we got a customer report that CIFS triggers oops while
    reconnecting to a server.  [0]
    
    The workload runs on Kubernetes, and some pods mount CIFS servers
    in non-root network namespaces.  The problem rarely happened, but
    it was always while the pod was dying.
    
    The root cause is wrong reference counting for network namespace.
    
    CIFS uses kernel sockets, which do not hold refcnt of the netns that
    the socket belongs to.  That means CIFS must ensure the socket is
    always freed before its netns; otherwise, use-after-free happens.
    
    The repro steps are roughly:
    
      1. mount CIFS in a non-root netns
      2. drop packets from the netns
      3. destroy the netns
      4. unmount CIFS
    
    We can reproduce the issue quickly with the script [1] below and see
    the splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled.
    
    When the socket is TCP, it is hard to guarantee the netns lifetime
    without holding refcnt due to async timers.
    
    Let's hold netns refcnt for each socket as done for SMC in commit
    9744d2bf1976 ("smc: Fix use-after-free in tcp_write_timer_handler().").
    
    Note that we need to move put_net() from cifs_put_tcp_session() to
    clean_demultiplex_info(); otherwise, __sock_create() still could touch a
    freed netns while cifsd tries to reconnect from cifs_demultiplex_thread().
    
    Also, maybe_get_net() cannot be put just before __sock_create() because
    the code is not under RCU and there is a small chance that the same
    address happened to be reallocated to another netns.
    
    [0]:
    CIFS: VFS: \\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting...
    CIFS: Serverclose failed 4 times, giving up
    Unable to handle kernel paging request at virtual address 14de99e461f84a07
    Mem abort info:
      ESR = 0x0000000096000004
      EC = 0x25: DABT (current EL), IL = 32 bits
      SET = 0, FnV = 0
      EA = 0, S1PTW = 0
      FSC = 0x04: level 0 translation fault
    Data abort info:
      ISV = 0, ISS = 0x00000004
      CM = 0, WnR = 0
    [14de99e461f84a07] address between user and kernel address ranges
    Internal error: Oops: 0000000096000004 [#1] SMP
    Modules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs
    CPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1
    Hardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018
    pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
    pc : fib_rules_lookup+0x44/0x238
    lr : __fib_lookup+0x64/0xbc
    sp : ffff8000265db790
    x29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01
    x26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580
    x23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500
    x20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000
    x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
    x14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002
    x11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294
    x8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000
    x5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0
    x2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500
    Call trace:
     fib_rules_lookup+0x44/0x238
     __fib_lookup+0x64/0xbc
     ip_route_output_key_hash_rcu+0x2c4/0x398
     ip_route_output_key_hash+0x60/0x8c
     tcp_v4_connect+0x290/0x488
     __inet_stream_connect+0x108/0x3d0
     inet_stream_connect+0x50/0x78
     kernel_connect+0x6c/0xac
     generic_ip_connect+0x10c/0x6c8 [cifs]
     __reconnect_target_unlocked+0xa0/0x214 [cifs]
     reconnect_dfs_server+0x144/0x460 [cifs]
     cifs_reconnect+0x88/0x148 [cifs]
     cifs_readv_from_socket+0x230/0x430 [cifs]
     cifs_read_from_socket+0x74/0xa8 [cifs]
     cifs_demultiplex_thread+0xf8/0x704 [cifs]
     kthread+0xd0/0xd4
    Code: aa0003f8 f8480f13 eb18027f 540006c0 (b9401264)
    
    [1]:
    CIFS_CRED="/root/cred.cifs"
    CIFS_USER="Administrator"
    CIFS_PASS="Password"
    CIFS_IP="X.X.X.X"
    CIFS_PATH="//${CIFS_IP}/Users/Administrator/Desktop/CIFS_TEST"
    CIFS_MNT="/mnt/smb"
    DEV="enp0s3"
    
    cat <<EOF > ${CIFS_CRED}
    username=${CIFS_USER}
    password=${CIFS_PASS}
    domain=EXAMPLE.COM
    EOF
    
    unshare -n bash -c "
    mkdir -p ${CIFS_MNT}
    ip netns attach root 1
    ip link add eth0 type veth peer veth0 netns root
    ip link set eth0 up
    ip -n root link set veth0 up
    ip addr add 192.168.0.2/24 dev eth0
    ip -n root addr add 192.168.0.1/24 dev veth0
    ip route add default via 192.168.0.1 dev eth0
    ip netns exec root sysctl net.ipv4.ip_forward=1
    ip netns exec root iptables -t nat -A POSTROUTING -s 192.168.0.2 -o ${DEV} -j MASQUERADE
    mount -t cifs ${CIFS_PATH} ${CIFS_MNT} -o vers=3.0,sec=ntlmssp,credentials=${CIFS_CRED},rsize=65536,wsize=65536,cache=none,echo_interval=1
    touch ${CIFS_MNT}/a.txt
    ip netns exec root iptables -t nat -D POSTROUTING -s 192.168.0.2 -o ${DEV} -j MASQUERADE
    "
    
    umount ${CIFS_MNT}
    
    [2]:
    ref_tracker: net notrefcnt@000000004bbc008d has 1/1 users at
         sk_alloc (./include/net/net_namespace.h:339 net/core/sock.c:2227)
         inet_create (net/ipv4/af_inet.c:326 net/ipv4/af_inet.c:252)
         __sock_create (net/socket.c:1576)
         generic_ip_connect (fs/smb/client/connect.c:3075)
         cifs_get_tcp_session.part.0 (fs/smb/client/connect.c:3160 fs/smb/client/connect.c:1798)
         cifs_mount_get_session (fs/smb/client/trace.h:959 fs/smb/client/connect.c:3366)
         dfs_mount_share (fs/smb/client/dfs.c:63 fs/smb/client/dfs.c:285)
         cifs_mount (fs/smb/client/connect.c:3622)
         cifs_smb3_do_mount (fs/smb/client/cifsfs.c:949)
         smb3_get_tree (fs/smb/client/fs_context.c:784 fs/smb/client/fs_context.c:802 fs/smb/client/fs_context.c:794)
         vfs_get_tree (fs/super.c:1800)
         path_mount (fs/namespace.c:3508 fs/namespace.c:3834)
         __x64_sys_mount (fs/namespace.c:3848 fs/namespace.c:4057 fs/namespace.c:4034 fs/namespace.c:4034)
         do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
         entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
    
    Fixes: 26abe14379f8 ("net: Modify sk_alloc to not reference count the netns of kernel sockets.")
    Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
    Acked-by: Tom Talpey <tom@talpey.com>
    Signed-off-by: Steve French <stfrench@microsoft.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>
 
sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML [+ + +]
Author: Julian Vetter <jvetter@kalrayinc.com>
Date:   Thu Oct 10 14:46:01 2024 +0200

    sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
    
    [ Upstream commit ad6639f143a0b42d7fb110ad14f5949f7c218890 ]
    
    When building for the UM arch and neither INDIRECT_IOMEM=y, nor
    HAS_IOMEM=y is selected, it will fall back to the implementations from
    asm-generic/io.h for IO memcpy. But these fall-back functions just do a
    memcpy. So, instead of depending on UML, add dependency on 'HAS_IOMEM ||
    INDIRECT_IOMEM'.
    
    Reviewed-by: Yann Sionneau <ysionneau@kalrayinc.com>
    Signed-off-by: Julian Vetter <jvetter@kalrayinc.com>
    Link: https://patch.msgid.link/20241010124601.700528-1-jvetter@kalrayinc.com
    Signed-off-by: Takashi Iwai <tiwai@suse.de>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
vDPA/ifcvf: Fix pci_read_config_byte() return code handling [+ + +]
Author: Yuan Can <yuancan@huawei.com>
Date:   Thu Oct 17 09:38:12 2024 +0800

    vDPA/ifcvf: Fix pci_read_config_byte() return code handling
    
    [ Upstream commit 7f8825b2a78ac392d3fbb3a2e65e56d9e39d75e9 ]
    
    ifcvf_init_hw() uses pci_read_config_byte() that returns
    PCIBIOS_* codes. The error handling, however, assumes the codes are
    normal errnos because it checks for < 0.
    Convert the error check to plain non-zero check.
    
    Fixes: 5a2414bc454e ("virtio: Intel IFC VF driver for VDPA")
    Signed-off-by: Yuan Can <yuancan@huawei.com>
    Message-Id: <20241017013812.129952-1-yuancan@huawei.com>
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
    Acked-by: Jason Wang <jasowang@redhat.com>
    Acked-by: Zhu Lingshan <lingshan.zhu@kernel.org>
    Signed-off-by: Sasha Levin <sashal@kernel.org>

 
virtio_pci: Fix admin vq cleanup by using correct info pointer [+ + +]
Author: Feng Liu <feliu@nvidia.com>
Date:   Thu Oct 24 09:54:06 2024 -0400

    virtio_pci: Fix admin vq cleanup by using correct info pointer
    
    [ Upstream commit 97ee04feb682c906a1fa973ebe586fe91567d165 ]
    
    vp_modern_avq_cleanup() and vp_del_vqs() clean up admin vq
    resources by virtio_pci_vq_info pointer. The info pointer of admin
    vq is stored in vp_dev->admin_vq.info instead of vp_dev->vqs[].
    Using the info pointer from vp_dev->vqs[] for admin vq causes a
    kernel NULL pointer dereference bug.
    In vp_modern_avq_cleanup() and vp_del_vqs(), get the info pointer
    from vp_dev->admin_vq.info for admin vq to clean up the resources.
    Also make info ptr as argument of vp_del_vq() to be symmetric with
    vp_setup_vq().
    
    vp_reset calls vp_modern_avq_cleanup, and causes the Call Trace:
    ==================================================================
    BUG: kernel NULL pointer dereference, address:0000000000000000
    ...
    CPU: 49 UID: 0 PID: 4439 Comm: modprobe Not tainted 6.11.0-rc5 #1
    RIP: 0010:vp_reset+0x57/0x90 [virtio_pci]
    Call Trace:
     <TASK>
    ...
     ? vp_reset+0x57/0x90 [virtio_pci]
     ? vp_reset+0x38/0x90 [virtio_pci]
     virtio_reset_device+0x1d/0x30
     remove_vq_common+0x1c/0x1a0 [virtio_net]
     virtnet_remove+0xa1/0xc0 [virtio_net]
     virtio_dev_remove+0x46/0xa0
    ...
     virtio_pci_driver_exit+0x14/0x810 [virtio_pci]
    ==================================================================
    
    Fixes: 4c3b54af907e ("virtio_pci_modern: use completion instead of busy loop to wait on admin cmd result")
    Signed-off-by: Feng Liu <feliu@nvidia.com>
    Signed-off-by: Jiri Pirko <jiri@nvidia.com>
    Reviewed-by: Parav Pandit <parav@nvidia.com>
    Message-Id: <20241024135406.81388-1-feliu@nvidia.com>
    Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
    Signed-off-by: Sasha Levin <sashal@kernel.org>