--- /dev/null
+From b322e88b3d553e85b4e15779491c70022783faa4 Mon Sep 17 00:00:00 2001
+From: Li RongQing <lirongqing@baidu.com>
+Date: Thu, 14 Aug 2025 18:23:33 +0800
+Subject: mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0
+
+From: Li RongQing <lirongqing@baidu.com>
+
+commit b322e88b3d553e85b4e15779491c70022783faa4 upstream.
+
+Optimize hugetlb_pages_alloc_boot() to return immediately when
+max_huge_pages is 0, avoiding unnecessary CPU cycles and the below log
+message when hugepages aren't configured in the kernel command line.
+[ 3.702280] HugeTLB: allocation took 0ms with hugepage_allocation_threads=32
+
+Link: https://lkml.kernel.org/r/20250814102333.4428-1-lirongqing@baidu.com
+Signed-off-by: Li RongQing <lirongqing@baidu.com>
+Reviewed-by: Dev Jain <dev.jain@arm.com>
+Tested-by: Dev Jain <dev.jain@arm.com>
+Reviewed-by: Jane Chu <jane.chu@oracle.com>
+Acked-by: David Hildenbrand <david@redhat.com>
+Cc: Muchun Song <muchun.song@linux.dev>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/hugetlb.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -3324,6 +3324,9 @@ static void __init hugetlb_hstate_alloc_
+ return;
+ }
+
++ if (!h->max_huge_pages)
++ return;
++
+ /* do node specific alloc */
+ for_each_online_node(i) {
+ if (h->max_huge_pages_node[i] > 0) {
--- /dev/null
+From 6a204d4b14c99232e05d35305c27ebce1c009840 Mon Sep 17 00:00:00 2001
+From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+Date: Thu, 14 Aug 2025 14:22:45 -0300
+Subject: mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations
+
+From: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+
+commit 6a204d4b14c99232e05d35305c27ebce1c009840 upstream.
+
+Commit 524c48072e56 ("mm/page_alloc: rename ALLOC_HIGH to
+ALLOC_MIN_RESERVE") is the start of a series that explains how __GFP_HIGH,
+which implies ALLOC_MIN_RESERVE, is going to be used instead of
+__GFP_ATOMIC for high atomic reserves.
+
+Commit eb2e2b425c69 ("mm/page_alloc: explicitly record high-order atomic
+allocations in alloc_flags") introduced ALLOC_HIGHATOMIC for such
+allocations of order higher than 0. It still used __GFP_ATOMIC, though.
+
+Then, commit 1ebbb21811b7 ("mm/page_alloc: explicitly define how
+__GFP_HIGH non-blocking allocations accesses reserves") just turned that
+check for !__GFP_DIRECT_RECLAIM, ignoring that high atomic reserves were
+expected to test for __GFP_HIGH.
+
+This leads to high atomic reserves being added for high-order GFP_NOWAIT
+allocations and others that clear __GFP_DIRECT_RECLAIM, which is
+unexpected. Later, those reserves lead to 0-order allocations going to
+the slow path and starting reclaim.
+
+From /proc/pagetypeinfo, without the patch:
+
+Node 0, zone DMA, type HighAtomic 0 0 0 0 0 0 0 0 0 0 0
+Node 0, zone DMA32, type HighAtomic 1 8 10 9 7 3 0 0 0 0 0
+Node 0, zone Normal, type HighAtomic 64 20 12 5 0 0 0 0 0 0 0
+
+With the patch:
+
+Node 0, zone DMA, type HighAtomic 0 0 0 0 0 0 0 0 0 0 0
+Node 0, zone DMA32, type HighAtomic 0 0 0 0 0 0 0 0 0 0 0
+Node 0, zone Normal, type HighAtomic 0 0 0 0 0 0 0 0 0 0 0
+
+Link: https://lkml.kernel.org/r/20250814172245.1259625-1-cascardo@igalia.com
+Fixes: 1ebbb21811b7 ("mm/page_alloc: explicitly define how __GFP_HIGH non-blocking allocations accesses reserves")
+Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
+Tested-by: Helen Koike <koike@igalia.com>
+Reviewed-by: Vlastimil Babka <vbabka@suse.cz>
+Tested-by: Sergey Senozhatsky <senozhatsky@chromium.org>
+Acked-by: Michal Hocko <mhocko@suse.com>
+Cc: Mel Gorman <mgorman@techsingularity.net>
+Cc: Matthew Wilcox <willy@infradead.org>
+Cc: NeilBrown <neilb@suse.de>
+Cc: Thierry Reding <thierry.reding@gmail.com>
+Cc: Brendan Jackman <jackmanb@google.com>
+Cc: Johannes Weiner <hannes@cmpxchg.org>
+Cc: Suren Baghdasaryan <surenb@google.com>
+Cc: Zi Yan <ziy@nvidia.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/page_alloc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
+@@ -4887,7 +4887,7 @@ gfp_to_alloc_flags(gfp_t gfp_mask, unsig
+ if (!(gfp_mask & __GFP_NOMEMALLOC)) {
+ alloc_flags |= ALLOC_NON_BLOCK;
+
+- if (order > 0)
++ if (order > 0 && (alloc_flags & ALLOC_MIN_RESERVE))
+ alloc_flags |= ALLOC_HIGHATOMIC;
+ }
+
--- /dev/null
+From ab1c282c010c4f327bd7addc3c0035fd8e3c1721 Mon Sep 17 00:00:00 2001
+From: Thorsten Blum <thorsten.blum@linux.dev>
+Date: Wed, 6 Aug 2025 03:10:01 +0200
+Subject: NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
+
+From: Thorsten Blum <thorsten.blum@linux.dev>
+
+commit ab1c282c010c4f327bd7addc3c0035fd8e3c1721 upstream.
+
+Commit 5304877936c0 ("NFSD: Fix strncpy() fortify warning") replaced
+strncpy(,, sizeof(..)) with strlcpy(,, sizeof(..) - 1), but strlcpy()
+already guaranteed NUL-termination of the destination buffer and
+subtracting one byte potentially truncated the source string.
+
+The incorrect size was then carried over in commit 72f78ae00a8e ("NFSD:
+move from strlcpy with unused retval to strscpy") when switching from
+strlcpy() to strscpy().
+
+Fix this off-by-one error by using the full size of the destination
+buffer again.
+
+Cc: stable@vger.kernel.org
+Fixes: 5304877936c0 ("NFSD: Fix strncpy() fortify warning")
+Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfs4proc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -1334,7 +1334,7 @@ try_again:
+ return 0;
+ }
+ if (work) {
+- strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr) - 1);
++ strscpy(work->nsui_ipaddr, ipaddr, sizeof(work->nsui_ipaddr));
+ refcount_set(&work->nsui_refcnt, 2);
+ work->nsui_busy = true;
+ list_add_tail(&work->nsui_list, &nn->nfsd_ssc_mount_list);
--- /dev/null
+From a082e4b4d08a4a0e656d90c2c05da85f23e6d0c9 Mon Sep 17 00:00:00 2001
+From: Olga Kornievskaia <okorniev@redhat.com>
+Date: Thu, 21 Aug 2025 16:31:46 -0400
+Subject: nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
+
+From: Olga Kornievskaia <okorniev@redhat.com>
+
+commit a082e4b4d08a4a0e656d90c2c05da85f23e6d0c9 upstream.
+
+When v3 NLM request finds a conflicting delegation, it triggers
+a delegation recall and nfsd_open fails with EAGAIN. nfsd_open
+then translates EAGAIN into nfserr_jukebox. In nlm_fopen, instead
+of returning nlm_failed for when there is a conflicting delegation,
+drop this NLM request so that the client retries. Once delegation
+is recalled and if a local lock is claimed, a retry would lead to
+nfsd returning a nlm_lck_blocked error or a successful nlm lock.
+
+Fixes: d343fce148a4 ("[PATCH] knfsd: Allow lockd to drop replies as appropriate")
+Cc: stable@vger.kernel.org # v6.6
+Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/lockd.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+--- a/fs/nfsd/lockd.c
++++ b/fs/nfsd/lockd.c
+@@ -48,6 +48,21 @@ nlm_fopen(struct svc_rqst *rqstp, struct
+ switch (nfserr) {
+ case nfs_ok:
+ return 0;
++ case nfserr_jukebox:
++ /* this error can indicate a presence of a conflicting
++ * delegation to an NLM lock request. Options are:
++ * (1) For now, drop this request and make the client
++ * retry. When delegation is returned, client's lock retry
++ * will complete.
++ * (2) NLM4_DENIED as per "spec" signals to the client
++ * that the lock is unavailable now but client can retry.
++ * Linux client implementation does not. It treats
++ * NLM4_DENIED same as NLM4_FAILED and errors the request.
++ * (3) For the future, treat this as blocked lock and try
++ * to callback when the delegation is returned but might
++ * not have a proper lock request to block on.
++ */
++ fallthrough;
+ case nfserr_dropit:
+ return nlm_drop_reply;
+ case nfserr_stale:
--- /dev/null
+From 008385efd05e04d8dff299382df2e8be0f91d8a0 Mon Sep 17 00:00:00 2001
+From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
+Date: Thu, 25 Sep 2025 12:32:37 +0200
+Subject: selftests: mptcp: join: validate C-flag + def limit
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+commit 008385efd05e04d8dff299382df2e8be0f91d8a0 upstream.
+
+The previous commit adds an exception for the C-flag case. The
+'mptcp_join.sh' selftest is extended to validate this case.
+
+In this subtest, there is a typical CDN deployment with a client where
+MPTCP endpoints have been 'automatically' configured:
+
+- the server set net.mptcp.allow_join_initial_addr_port=0
+
+- the client has multiple 'subflow' endpoints, and the default limits:
+ not accepting ADD_ADDRs.
+
+Without the parent patch, the client is not able to establish new
+subflows using its 'subflow' endpoints. The parent commit fixes that.
+
+The 'Fixes' tag here below is the same as the one from the previous
+commit: this patch here is not fixing anything wrong in the selftests,
+but it validates the previous fix for an issue introduced by this commit
+ID.
+
+Fixes: df377be38725 ("mptcp: add deny_join_id0 in mptcp_options_received")
+Cc: stable@vger.kernel.org
+Reviewed-by: Geliang Tang <geliang@kernel.org>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250925-net-next-mptcp-c-flag-laminar-v1-2-ad126cc47c6b@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh
++++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh
+@@ -3024,6 +3024,17 @@ deny_join_id0_tests()
+ run_tests $ns1 $ns2 10.0.1.1
+ chk_join_nr 1 1 1
+ fi
++
++ # default limits, server deny join id 0 + signal
++ if reset_with_allow_join_id0 "default limits, server deny join id 0" 0 1; then
++ pm_nl_set_limits $ns1 0 2
++ pm_nl_set_limits $ns2 0 2
++ pm_nl_add_endpoint $ns1 10.0.2.1 flags signal
++ pm_nl_add_endpoint $ns2 10.0.3.2 flags subflow
++ pm_nl_add_endpoint $ns2 10.0.4.2 flags subflow
++ run_tests $ns1 $ns2 10.0.1.1
++ chk_join_nr 2 2 2
++ fi
+ }
+
+ fullmesh_tests()
spi-cadence-quadspi-flush-posted-register-writes-before-dac-access.patch
x86-umip-check-that-the-instruction-opcode-is-at-least-two-bytes.patch
x86-umip-fix-decoding-of-register-forms-of-0f-01-sgdt-and-sidt-aliases.patch
+selftests-mptcp-join-validate-c-flag-def-limit.patch
+wifi-ath11k-hal-srng-don-t-deinitialize-and-re-initialize-again.patch
+mm-page_alloc-only-set-alloc_highatomic-for-__gpf_high-allocations.patch
+mm-hugetlb-early-exit-from-hugetlb_pages_alloc_boot-when-max_huge_pages-0.patch
+nfsd-fix-destination-buffer-size-in-nfsd4_ssc_setup_dul.patch
+nfsd-nfserr_jukebox-in-nlm_fopen-should-lead-to-a-retry.patch
--- /dev/null
+From 32be3ca4cf78b309dfe7ba52fe2d7cc3c23c5634 Mon Sep 17 00:00:00 2001
+From: Muhammad Usama Anjum <usama.anjum@collabora.com>
+Date: Tue, 22 Jul 2025 10:31:21 +0500
+Subject: wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again
+
+From: Muhammad Usama Anjum <usama.anjum@collabora.com>
+
+commit 32be3ca4cf78b309dfe7ba52fe2d7cc3c23c5634 upstream.
+
+Don't deinitialize and reinitialize the HAL helpers. The dma memory is
+deallocated and there is high possibility that we'll not be able to get
+the same memory allocated from dma when there is high memory pressure.
+
+Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6
+
+Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices")
+Cc: stable@vger.kernel.org
+Cc: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
+Reviewed-by: Baochen Qiang <baochen.qiang@oss.qualcomm.com>
+Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
+Link: https://patch.msgid.link/20250722053121.1145001-1-usama.anjum@collabora.com
+Signed-off-by: Jeff Johnson <jeff.johnson@oss.qualcomm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/wireless/ath/ath11k/core.c | 6 +-----
+ drivers/net/wireless/ath/ath11k/hal.c | 16 ++++++++++++++++
+ drivers/net/wireless/ath/ath11k/hal.h | 1 +
+ 3 files changed, 18 insertions(+), 5 deletions(-)
+
+--- a/drivers/net/wireless/ath/ath11k/core.c
++++ b/drivers/net/wireless/ath/ath11k/core.c
+@@ -1596,14 +1596,10 @@ static int ath11k_core_reconfigure_on_cr
+ mutex_unlock(&ab->core_lock);
+
+ ath11k_dp_free(ab);
+- ath11k_hal_srng_deinit(ab);
++ ath11k_hal_srng_clear(ab);
+
+ ab->free_vdev_map = (1LL << (ab->num_radios * TARGET_NUM_VDEVS(ab))) - 1;
+
+- ret = ath11k_hal_srng_init(ab);
+- if (ret)
+- return ret;
+-
+ clear_bit(ATH11K_FLAG_CRASH_FLUSH, &ab->dev_flags);
+
+ ret = ath11k_core_qmi_firmware_ready(ab);
+--- a/drivers/net/wireless/ath/ath11k/hal.c
++++ b/drivers/net/wireless/ath/ath11k/hal.c
+@@ -1351,6 +1351,22 @@ void ath11k_hal_srng_deinit(struct ath11
+ }
+ EXPORT_SYMBOL(ath11k_hal_srng_deinit);
+
++void ath11k_hal_srng_clear(struct ath11k_base *ab)
++{
++ /* No need to memset rdp and wrp memory since each individual
++ * segment would get cleared in ath11k_hal_srng_src_hw_init()
++ * and ath11k_hal_srng_dst_hw_init().
++ */
++ memset(ab->hal.srng_list, 0,
++ sizeof(ab->hal.srng_list));
++ memset(ab->hal.shadow_reg_addr, 0,
++ sizeof(ab->hal.shadow_reg_addr));
++ ab->hal.avail_blk_resource = 0;
++ ab->hal.current_blk_index = 0;
++ ab->hal.num_shadow_reg_configured = 0;
++}
++EXPORT_SYMBOL(ath11k_hal_srng_clear);
++
+ void ath11k_hal_dump_srng_stats(struct ath11k_base *ab)
+ {
+ struct hal_srng *srng;
+--- a/drivers/net/wireless/ath/ath11k/hal.h
++++ b/drivers/net/wireless/ath/ath11k/hal.h
+@@ -957,6 +957,7 @@ int ath11k_hal_srng_setup(struct ath11k_
+ struct hal_srng_params *params);
+ int ath11k_hal_srng_init(struct ath11k_base *ath11k);
+ void ath11k_hal_srng_deinit(struct ath11k_base *ath11k);
++void ath11k_hal_srng_clear(struct ath11k_base *ab);
+ void ath11k_hal_dump_srng_stats(struct ath11k_base *ab);
+ void ath11k_hal_srng_get_shadow_config(struct ath11k_base *ab,
+ u32 **cfg, u32 *len);
projects / thirdparty / kernel / stable-queue.git / commitdiff
