--- /dev/null
+From 4c6fe8c547e3c9e8c15dabdd23c569ee0df3adb1 Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Tue, 18 May 2021 10:26:12 +0900
+Subject: ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 4c6fe8c547e3c9e8c15dabdd23c569ee0df3adb1 upstream.
+
+At high sampling transfer frequency, TC Electronic Konnekt Live
+transfers/receives 6 audio data frames in multi bit linear audio data
+channel of data block in CIP payload. Current hard-coded stream format
+is wrong.
+
+Cc: <stable@vger.kernel.org>
+Fixes: f1f0f330b1d0 ("ALSA: dice: add parameters of stream formats for models produced by TC Electronic")
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Link: https://lore.kernel.org/r/20210518012612.37268-1-o-takashi@sakamocchi.jp
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/firewire/dice/dice-tcelectronic.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/sound/firewire/dice/dice-tcelectronic.c
++++ b/sound/firewire/dice/dice-tcelectronic.c
+@@ -38,8 +38,8 @@ static const struct dice_tc_spec konnekt
+ };
+
+ static const struct dice_tc_spec konnekt_live = {
+- .tx_pcm_chs = {{16, 16, 16}, {0, 0, 0} },
+- .rx_pcm_chs = {{16, 16, 16}, {0, 0, 0} },
++ .tx_pcm_chs = {{16, 16, 6}, {0, 0, 0} },
++ .rx_pcm_chs = {{16, 16, 6}, {0, 0, 0} },
+ .has_midi = true,
+ };
+
--- /dev/null
+From 814b43127f4ac69332e809152e30773941438aff Mon Sep 17 00:00:00 2001
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Date: Thu, 13 May 2021 21:56:52 +0900
+Subject: ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field
+
+From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+
+commit 814b43127f4ac69332e809152e30773941438aff upstream.
+
+The snd_firewire_lib:amdtp_packet tracepoints event includes index of
+packet processed in a context handling. However in IR context, it is not
+calculated as expected.
+
+Cc: <stable@vger.kernel.org>
+Fixes: 753e717986c2 ("ALSA: firewire-lib: use packet descriptor for IR context")
+Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
+Link: https://lore.kernel.org/r/20210513125652.110249-6-o-takashi@sakamocchi.jp
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/firewire/amdtp-stream-trace.h | 6 +++---
+ sound/firewire/amdtp-stream.c | 15 +++++++++------
+ 2 files changed, 12 insertions(+), 9 deletions(-)
+
+--- a/sound/firewire/amdtp-stream-trace.h
++++ b/sound/firewire/amdtp-stream-trace.h
+@@ -14,8 +14,8 @@
+ #include <linux/tracepoint.h>
+
+ TRACE_EVENT(amdtp_packet,
+- TP_PROTO(const struct amdtp_stream *s, u32 cycles, const __be32 *cip_header, unsigned int payload_length, unsigned int data_blocks, unsigned int data_block_counter, unsigned int index),
+- TP_ARGS(s, cycles, cip_header, payload_length, data_blocks, data_block_counter, index),
++ TP_PROTO(const struct amdtp_stream *s, u32 cycles, const __be32 *cip_header, unsigned int payload_length, unsigned int data_blocks, unsigned int data_block_counter, unsigned int packet_index, unsigned int index),
++ TP_ARGS(s, cycles, cip_header, payload_length, data_blocks, data_block_counter, packet_index, index),
+ TP_STRUCT__entry(
+ __field(unsigned int, second)
+ __field(unsigned int, cycle)
+@@ -48,7 +48,7 @@ TRACE_EVENT(amdtp_packet,
+ __entry->payload_quadlets = payload_length / sizeof(__be32);
+ __entry->data_blocks = data_blocks;
+ __entry->data_block_counter = data_block_counter,
+- __entry->packet_index = s->packet_index;
++ __entry->packet_index = packet_index;
+ __entry->irq = !!in_interrupt();
+ __entry->index = index;
+ ),
+--- a/sound/firewire/amdtp-stream.c
++++ b/sound/firewire/amdtp-stream.c
+@@ -526,7 +526,7 @@ static void build_it_pkt_header(struct a
+ }
+
+ trace_amdtp_packet(s, cycle, cip_header, payload_length, data_blocks,
+- data_block_counter, index);
++ data_block_counter, s->packet_index, index);
+ }
+
+ static int check_cip_header(struct amdtp_stream *s, const __be32 *buf,
+@@ -630,7 +630,7 @@ static int parse_ir_ctx_header(struct am
+ unsigned int *payload_length,
+ unsigned int *data_blocks,
+ unsigned int *data_block_counter,
+- unsigned int *syt, unsigned int index)
++ unsigned int *syt, unsigned int packet_index, unsigned int index)
+ {
+ const __be32 *cip_header;
+ int err;
+@@ -662,7 +662,7 @@ static int parse_ir_ctx_header(struct am
+ }
+
+ trace_amdtp_packet(s, cycle, cip_header, *payload_length, *data_blocks,
+- *data_block_counter, index);
++ *data_block_counter, packet_index, index);
+
+ return err;
+ }
+@@ -701,12 +701,13 @@ static int generate_device_pkt_descs(str
+ unsigned int packets)
+ {
+ unsigned int dbc = s->data_block_counter;
++ unsigned int packet_index = s->packet_index;
++ unsigned int queue_size = s->queue_size;
+ int i;
+ int err;
+
+ for (i = 0; i < packets; ++i) {
+ struct pkt_desc *desc = descs + i;
+- unsigned int index = (s->packet_index + i) % s->queue_size;
+ unsigned int cycle;
+ unsigned int payload_length;
+ unsigned int data_blocks;
+@@ -715,7 +716,7 @@ static int generate_device_pkt_descs(str
+ cycle = compute_cycle_count(ctx_header[1]);
+
+ err = parse_ir_ctx_header(s, cycle, ctx_header, &payload_length,
+- &data_blocks, &dbc, &syt, i);
++ &data_blocks, &dbc, &syt, packet_index, i);
+ if (err < 0)
+ return err;
+
+@@ -723,13 +724,15 @@ static int generate_device_pkt_descs(str
+ desc->syt = syt;
+ desc->data_blocks = data_blocks;
+ desc->data_block_counter = dbc;
+- desc->ctx_payload = s->buffer.packets[index].buffer;
++ desc->ctx_payload = s->buffer.packets[packet_index].buffer;
+
+ if (!(s->flags & CIP_DBC_IS_END_EVENT))
+ dbc = (dbc + desc->data_blocks) & 0xff;
+
+ ctx_header +=
+ s->ctx_data.tx.ctx_header_size / sizeof(*ctx_header);
++
++ packet_index = (packet_index + 1) % queue_size;
+ }
+
+ s->data_block_counter = dbc;
--- /dev/null
+From c1f0616124c455c5c762b6f123e40bba5df759e6 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Sun, 16 May 2021 18:17:55 +0200
+Subject: ALSA: intel8x0: Don't update period unless prepared
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit c1f0616124c455c5c762b6f123e40bba5df759e6 upstream.
+
+The interrupt handler of intel8x0 calls snd_intel8x0_update() whenever
+the hardware sets the corresponding status bit for each stream. This
+works fine for most cases as long as the hardware behaves properly.
+But when the hardware gives a wrong bit set, this leads to a zero-
+division Oops, and reportedly, this seems what happened on a VM.
+
+For fixing the crash, this patch adds a internal flag indicating that
+the stream is ready to be updated, and check it (as well as the flag
+being in suspended) to ignore such spurious update.
+
+Cc: <stable@vger.kernel.org>
+Reported-and-tested-by: Sergey Senozhatsky <senozhatsky@chromium.org>
+Link: https://lore.kernel.org/r/s5h5yzi7uh0.wl-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/intel8x0.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/sound/pci/intel8x0.c
++++ b/sound/pci/intel8x0.c
+@@ -331,6 +331,7 @@ struct ichdev {
+ unsigned int ali_slot; /* ALI DMA slot */
+ struct ac97_pcm *pcm;
+ int pcm_open_flag;
++ unsigned int prepared:1;
+ unsigned int suspended: 1;
+ };
+
+@@ -691,6 +692,9 @@ static inline void snd_intel8x0_update(s
+ int status, civ, i, step;
+ int ack = 0;
+
++ if (!ichdev->prepared || ichdev->suspended)
++ return;
++
+ spin_lock_irqsave(&chip->reg_lock, flags);
+ status = igetbyte(chip, port + ichdev->roff_sr);
+ civ = igetbyte(chip, port + ICH_REG_OFF_CIV);
+@@ -881,6 +885,7 @@ static int snd_intel8x0_hw_params(struct
+ if (ichdev->pcm_open_flag) {
+ snd_ac97_pcm_close(ichdev->pcm);
+ ichdev->pcm_open_flag = 0;
++ ichdev->prepared = 0;
+ }
+ err = snd_ac97_pcm_open(ichdev->pcm, params_rate(hw_params),
+ params_channels(hw_params),
+@@ -902,6 +907,7 @@ static int snd_intel8x0_hw_free(struct s
+ if (ichdev->pcm_open_flag) {
+ snd_ac97_pcm_close(ichdev->pcm);
+ ichdev->pcm_open_flag = 0;
++ ichdev->prepared = 0;
+ }
+ return 0;
+ }
+@@ -976,6 +982,7 @@ static int snd_intel8x0_pcm_prepare(stru
+ ichdev->pos_shift = (runtime->sample_bits > 16) ? 2 : 1;
+ }
+ snd_intel8x0_setup_periods(chip, ichdev);
++ ichdev->prepared = 1;
+ return 0;
+ }
+
--- /dev/null
+From 05ca447630334c323c9e2b788b61133ab75d60d3 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 18 May 2021 10:39:39 +0200
+Subject: ALSA: line6: Fix racy initialization of LINE6 MIDI
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit 05ca447630334c323c9e2b788b61133ab75d60d3 upstream.
+
+The initialization of MIDI devices that are found on some LINE6
+drivers are currently done in a racy way; namely, the MIDI buffer
+instance is allocated and initialized in each private_init callback
+while the communication with the interface is already started via
+line6_init_cap_control() call before that point. This may lead to
+Oops in line6_data_received() when a spurious event is received, as
+reported by syzkaller.
+
+This patch moves the MIDI initialization to line6_init_cap_control()
+as well instead of the too-lately-called private_init for avoiding the
+race. Also this reduces slightly more lines, so it's a win-win
+change.
+
+Reported-by: syzbot+0d2b3feb0a2887862e06@syzkallerlkml..appspotmail.com
+Link: https://lore.kernel.org/r/000000000000a4be9405c28520de@google.com
+Link: https://lore.kernel.org/r/20210517132725.GA50495@hyeyoo
+Cc: Hyeonggon Yoo <42.hyeyoo@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20210518083939.1927-1-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/line6/driver.c | 4 ++++
+ sound/usb/line6/pod.c | 5 -----
+ sound/usb/line6/variax.c | 6 ------
+ 3 files changed, 4 insertions(+), 11 deletions(-)
+
+--- a/sound/usb/line6/driver.c
++++ b/sound/usb/line6/driver.c
+@@ -699,6 +699,10 @@ static int line6_init_cap_control(struct
+ line6->buffer_message = kmalloc(LINE6_MIDI_MESSAGE_MAXLEN, GFP_KERNEL);
+ if (!line6->buffer_message)
+ return -ENOMEM;
++
++ ret = line6_init_midi(line6);
++ if (ret < 0)
++ return ret;
+ } else {
+ ret = line6_hwdep_init(line6);
+ if (ret < 0)
+--- a/sound/usb/line6/pod.c
++++ b/sound/usb/line6/pod.c
+@@ -376,11 +376,6 @@ static int pod_init(struct usb_line6 *li
+ if (err < 0)
+ return err;
+
+- /* initialize MIDI subsystem: */
+- err = line6_init_midi(line6);
+- if (err < 0)
+- return err;
+-
+ /* initialize PCM subsystem: */
+ err = line6_init_pcm(line6, &pod_pcm_properties);
+ if (err < 0)
+--- a/sound/usb/line6/variax.c
++++ b/sound/usb/line6/variax.c
+@@ -159,7 +159,6 @@ static int variax_init(struct usb_line6
+ const struct usb_device_id *id)
+ {
+ struct usb_line6_variax *variax = line6_to_variax(line6);
+- int err;
+
+ line6->process_message = line6_variax_process_message;
+ line6->disconnect = line6_variax_disconnect;
+@@ -172,11 +171,6 @@ static int variax_init(struct usb_line6
+ if (variax->buffer_activate == NULL)
+ return -ENOMEM;
+
+- /* initialize MIDI subsystem: */
+- err = line6_init_midi(&variax->line6);
+- if (err < 0)
+- return err;
+-
+ /* initiate startup procedure: */
+ schedule_delayed_work(&line6->startup_work,
+ msecs_to_jiffies(VARIAX_STARTUP_DELAY1));
--- /dev/null
+From 71795ee590111e3636cc3c148289dfa9fa0a5fc3 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Thu, 29 Apr 2021 10:51:34 -0400
+Subject: btrfs: avoid RCU stalls while running delayed iputs
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit 71795ee590111e3636cc3c148289dfa9fa0a5fc3 upstream.
+
+Generally a delayed iput is added when we might do the final iput, so
+usually we'll end up sleeping while processing the delayed iputs
+naturally. However there's no guarantee of this, especially for small
+files. In production we noticed 5 instances of RCU stalls while testing
+a kernel release overnight across 1000 machines, so this is relatively
+common:
+
+ host count: 5
+ rcu: INFO: rcu_sched self-detected stall on CPU
+ rcu: ....: (20998 ticks this GP) idle=59e/1/0x4000000000000002 softirq=12333372/12333372 fqs=3208
+ (t=21031 jiffies g=27810193 q=41075) NMI backtrace for cpu 1
+ CPU: 1 PID: 1713 Comm: btrfs-cleaner Kdump: loaded Not tainted 5.6.13-0_fbk12_rc1_5520_gec92bffc1ec9 #1
+ Call Trace:
+ <IRQ> dump_stack+0x50/0x70
+ nmi_cpu_backtrace.cold.6+0x30/0x65
+ ? lapic_can_unplug_cpu.cold.30+0x40/0x40
+ nmi_trigger_cpumask_backtrace+0xba/0xca
+ rcu_dump_cpu_stacks+0x99/0xc7
+ rcu_sched_clock_irq.cold.90+0x1b2/0x3a3
+ ? trigger_load_balance+0x5c/0x200
+ ? tick_sched_do_timer+0x60/0x60
+ ? tick_sched_do_timer+0x60/0x60
+ update_process_times+0x24/0x50
+ tick_sched_timer+0x37/0x70
+ __hrtimer_run_queues+0xfe/0x270
+ hrtimer_interrupt+0xf4/0x210
+ smp_apic_timer_interrupt+0x5e/0x120
+ apic_timer_interrupt+0xf/0x20 </IRQ>
+ RIP: 0010:queued_spin_lock_slowpath+0x17d/0x1b0
+ RSP: 0018:ffffc9000da5fe48 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
+ RAX: 0000000000000000 RBX: ffff889fa81d0cd8 RCX: 0000000000000029
+ RDX: ffff889fff86c0c0 RSI: 0000000000080000 RDI: ffff88bfc2da7200
+ RBP: ffff888f2dcdd768 R08: 0000000001040000 R09: 0000000000000000
+ R10: 0000000000000001 R11: ffffffff82a55560 R12: ffff88bfc2da7200
+ R13: 0000000000000000 R14: ffff88bff6c2a360 R15: ffffffff814bd870
+ ? kzalloc.constprop.57+0x30/0x30
+ list_lru_add+0x5a/0x100
+ inode_lru_list_add+0x20/0x40
+ iput+0x1c1/0x1f0
+ run_delayed_iput_locked+0x46/0x90
+ btrfs_run_delayed_iputs+0x3f/0x60
+ cleaner_kthread+0xf2/0x120
+ kthread+0x10b/0x130
+
+Fix this by adding a cond_resched_lock() to the loop processing delayed
+iputs so we can avoid these sort of stalls.
+
+CC: stable@vger.kernel.org # 4.9+
+Reviewed-by: Rik van Riel <riel@surriel.com>
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/inode.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -3253,6 +3253,7 @@ void btrfs_run_delayed_iputs(struct btrf
+ inode = list_first_entry(&fs_info->delayed_iputs,
+ struct btrfs_inode, delayed_iput);
+ run_delayed_iput_locked(fs_info, inode);
++ cond_resched_lock(&fs_info->delayed_iput_lock);
+ }
+ spin_unlock(&fs_info->delayed_iput_lock);
+ }
--- /dev/null
+From 54a40fc3a1da21b52dbf19f72fdc27a2ec740760 Mon Sep 17 00:00:00 2001
+From: Filipe Manana <fdmanana@suse.com>
+Date: Wed, 12 May 2021 16:27:16 +0100
+Subject: btrfs: fix removed dentries still existing after log is synced
+
+From: Filipe Manana <fdmanana@suse.com>
+
+commit 54a40fc3a1da21b52dbf19f72fdc27a2ec740760 upstream.
+
+When we move one inode from one directory to another and both the inode
+and its previous parent directory were logged before, we are not supposed
+to have the dentry for the old parent if we have a power failure after the
+log is synced. Only the new dentry is supposed to exist.
+
+Generally this works correctly, however there is a scenario where this is
+not currently working, because the old parent of the file/directory that
+was moved is not authoritative for a range that includes the dir index and
+dir item keys of the old dentry. This case is better explained with the
+following example and reproducer:
+
+ # The test requires a very specific layout of keys and items in the
+ # fs/subvolume btree to trigger the bug. So we want to make sure that
+ # on whatever platform we are, we have the same leaf/node size.
+ #
+ # Currently in btrfs the node/leaf size can not be smaller than the page
+ # size (but it can be greater than the page size). So use the largest
+ # supported node/leaf size (64K).
+
+ $ mkfs.btrfs -f -n 65536 /dev/sdc
+ $ mount /dev/sdc /mnt
+
+ # "testdir" is inode 257.
+ $ mkdir /mnt/testdir
+ $ chmod 755 /mnt/testdir
+
+ # Create several empty files to have the directory "testdir" with its
+ # items spread over several leaves (7 in this case).
+ $ for ((i = 1; i <= 1200; i++)); do
+ echo -n > /mnt/testdir/file$i
+ done
+
+ # Create our test directory "dira", inode number 1458, which gets all
+ # its items in leaf 7.
+ #
+ # The BTRFS_DIR_ITEM_KEY item for inode 257 ("testdir") that points to
+ # the entry named "dira" is in leaf 2, while the BTRFS_DIR_INDEX_KEY
+ # item that points to that entry is in leaf 3.
+ #
+ # For this particular filesystem node size (64K), file count and file
+ # names, we endup with the directory entry items from inode 257 in
+ # leaves 2 and 3, as previously mentioned - what matters for triggering
+ # the bug exercised by this test case is that those items are not placed
+ # in leaf 1, they must be placed in a leaf different from the one
+ # containing the inode item for inode 257.
+ #
+ # The corresponding BTRFS_DIR_ITEM_KEY and BTRFS_DIR_INDEX_KEY items for
+ # the parent inode (257) are the following:
+ #
+ # item 460 key (257 DIR_ITEM 3724298081) itemoff 48344 itemsize 34
+ # location key (1458 INODE_ITEM 0) type DIR
+ # transid 6 data_len 0 name_len 4
+ # name: dira
+ #
+ # and:
+ #
+ # item 771 key (257 DIR_INDEX 1202) itemoff 36673 itemsize 34
+ # location key (1458 INODE_ITEM 0) type DIR
+ # transid 6 data_len 0 name_len 4
+ # name: dira
+
+ $ mkdir /mnt/testdir/dira
+
+ # Make sure everything done so far is durably persisted.
+ $ sync
+
+ # Now do a change to inode 257 ("testdir") that does not result in
+ # COWing leaves 2 and 3 - the leaves that contain the directory items
+ # pointing to inode 1458 (directory "dira").
+ #
+ # Changing permissions, the owner/group, updating or adding a xattr,
+ # etc, will not change (COW) leaves 2 and 3. So for the sake of
+ # simplicity change the permissions of inode 257, which results in
+ # updating its inode item and therefore change (COW) only leaf 1.
+
+ $ chmod 700 /mnt/testdir
+
+ # Now fsync directory inode 257.
+ #
+ # Since only the first leaf was changed/COWed, we log the inode item of
+ # inode 257 and only the dentries found in the first leaf, all have a
+ # key type of BTRFS_DIR_ITEM_KEY, and no keys of type
+ # BTRFS_DIR_INDEX_KEY, because they sort after the former type and none
+ # exist in the first leaf.
+ #
+ # We also log 3 items that represent ranges for dir items and dir
+ # indexes for which the log is authoritative:
+ #
+ # 1) a key of type BTRFS_DIR_LOG_ITEM_KEY, which indicates the log is
+ # authoritative for all BTRFS_DIR_ITEM_KEY keys that have an offset
+ # in the range [0, 2285968570] (the offset here is the crc32c of the
+ # dentry's name). The value 2285968570 corresponds to the offset of
+ # the first key of leaf 2 (which is of type BTRFS_DIR_ITEM_KEY);
+ #
+ # 2) a key of type BTRFS_DIR_LOG_ITEM_KEY, which indicates the log is
+ # authoritative for all BTRFS_DIR_ITEM_KEY keys that have an offset
+ # in the range [4293818216, (u64)-1] (the offset here is the crc32c
+ # of the dentry's name). The value 4293818216 corresponds to the
+ # offset of the highest key of type BTRFS_DIR_ITEM_KEY plus 1
+ # (4293818215 + 1), which is located in leaf 2;
+ #
+ # 3) a key of type BTRFS_DIR_LOG_INDEX_KEY, with an offset of 1203,
+ # which indicates the log is authoritative for all keys of type
+ # BTRFS_DIR_INDEX_KEY that have an offset in the range
+ # [1203, (u64)-1]. The value 1203 corresponds to the offset of the
+ # last key of type BTRFS_DIR_INDEX_KEY plus 1 (1202 + 1), which is
+ # located in leaf 3;
+ #
+ # Also, because "testdir" is a directory and inode 1458 ("dira") is a
+ # child directory, we log inode 1458 too.
+
+ $ xfs_io -c "fsync" /mnt/testdir
+
+ # Now move "dira", inode 1458, to be a child of the root directory
+ # (inode 256).
+ #
+ # Because this inode was previously logged, when "testdir" was fsynced,
+ # the log is updated so that the old inode reference, referring to inode
+ # 257 as the parent, is deleted and the new inode reference, referring
+ # to inode 256 as the parent, is added to the log.
+
+ $ mv /mnt/testdir/dira /mnt
+
+ # Now change some file and fsync it. This guarantees the log changes
+ # made by the previous move/rename operation are persisted. We do not
+ # need to do any special modification to the file, just any change to
+ # any file and sync the log.
+
+ $ xfs_io -c "pwrite -S 0xab 0 64K" -c "fsync" /mnt/testdir/file1
+
+ # Simulate a power failure and then mount again the filesystem to
+ # replay the log tree. We want to verify that we are able to mount the
+ # filesystem, meaning log replay was successful, and that directory
+ # inode 1458 ("dira") only has inode 256 (the filesystem's root) as
+ # its parent (and no longer a child of inode 257).
+ #
+ # It used to happen that during log replay we would end up having
+ # inode 1458 (directory "dira") with 2 hard links, being a child of
+ # inode 257 ("testdir") and inode 256 (the filesystem's root). This
+ # resulted in the tree checker detecting the issue and causing the
+ # mount operation to fail (with -EIO).
+ #
+ # This happened because in the log we have the new name/parent for
+ # inode 1458, which results in adding the new dentry with inode 256
+ # as the parent, but the previous dentry, under inode 257 was never
+ # removed - this is because the ranges for dir items and dir indexes
+ # of inode 257 for which the log is authoritative do not include the
+ # old dir item and dir index for the dentry of inode 257 referring to
+ # inode 1458:
+ #
+ # - for dir items, the log is authoritative for the ranges
+ # [0, 2285968570] and [4293818216, (u64)-1]. The dir item at inode 257
+ # pointing to inode 1458 has a key of (257 DIR_ITEM 3724298081), as
+ # previously mentioned, so the dir item is not deleted when the log
+ # replay procedure processes the authoritative ranges, as 3724298081
+ # is outside both ranges;
+ #
+ # - for dir indexes, the log is authoritative for the range
+ # [1203, (u64)-1], and the dir index item of inode 257 pointing to
+ # inode 1458 has a key of (257 DIR_INDEX 1202), as previously
+ # mentioned, so the dir index item is not deleted when the log
+ # replay procedure processes the authoritative range.
+
+ <power failure>
+
+ $ mount /dev/sdc /mnt
+ mount: /mnt: can't read superblock on /dev/sdc.
+
+ $ dmesg
+ (...)
+ [87849.840509] BTRFS info (device sdc): start tree-log replay
+ [87849.875719] BTRFS critical (device sdc): corrupt leaf: root=5 block=30539776 slot=554 ino=1458, invalid nlink: has 2 expect no more than 1 for dir
+ [87849.878084] BTRFS info (device sdc): leaf 30539776 gen 7 total ptrs 557 free space 2092 owner 5
+ [87849.879516] BTRFS info (device sdc): refs 1 lock_owner 0 current 2099108
+ [87849.880613] item 0 key (1181 1 0) itemoff 65275 itemsize 160
+ [87849.881544] inode generation 6 size 0 mode 100644
+ [87849.882692] item 1 key (1181 12 257) itemoff 65258 itemsize 17
+ (...)
+ [87850.562549] item 556 key (1458 12 257) itemoff 16017 itemsize 14
+ [87850.563349] BTRFS error (device dm-0): block=30539776 write time tree block corruption detected
+ [87850.564386] ------------[ cut here ]------------
+ [87850.564920] WARNING: CPU: 3 PID: 2099108 at fs/btrfs/disk-io.c:465 csum_one_extent_buffer+0xed/0x100 [btrfs]
+ [87850.566129] Modules linked in: btrfs dm_zero dm_snapshot (...)
+ [87850.573789] CPU: 3 PID: 2099108 Comm: mount Not tainted 5.12.0-rc8-btrfs-next-86 #1
+ (...)
+ [87850.587481] Call Trace:
+ [87850.587768] btree_csum_one_bio+0x244/0x2b0 [btrfs]
+ [87850.588354] ? btrfs_bio_fits_in_stripe+0xd8/0x110 [btrfs]
+ [87850.589003] btrfs_submit_metadata_bio+0xb7/0x100 [btrfs]
+ [87850.589654] submit_one_bio+0x61/0x70 [btrfs]
+ [87850.590248] submit_extent_page+0x91/0x2f0 [btrfs]
+ [87850.590842] write_one_eb+0x175/0x440 [btrfs]
+ [87850.591370] ? find_extent_buffer_nolock+0x1c0/0x1c0 [btrfs]
+ [87850.592036] btree_write_cache_pages+0x1e6/0x610 [btrfs]
+ [87850.592665] ? free_debug_processing+0x1d5/0x240
+ [87850.593209] do_writepages+0x43/0xf0
+ [87850.593798] ? __filemap_fdatawrite_range+0xa4/0x100
+ [87850.594391] __filemap_fdatawrite_range+0xc5/0x100
+ [87850.595196] btrfs_write_marked_extents+0x68/0x160 [btrfs]
+ [87850.596202] btrfs_write_and_wait_transaction.isra.0+0x4d/0xd0 [btrfs]
+ [87850.597377] btrfs_commit_transaction+0x794/0xca0 [btrfs]
+ [87850.598455] ? _raw_spin_unlock_irqrestore+0x32/0x60
+ [87850.599305] ? kmem_cache_free+0x15a/0x3d0
+ [87850.600029] btrfs_recover_log_trees+0x346/0x380 [btrfs]
+ [87850.601021] ? replay_one_extent+0x7d0/0x7d0 [btrfs]
+ [87850.601988] open_ctree+0x13c9/0x1698 [btrfs]
+ [87850.602846] btrfs_mount_root.cold+0x13/0xed [btrfs]
+ [87850.603771] ? kmem_cache_alloc_trace+0x7c9/0x930
+ [87850.604576] ? vfs_parse_fs_string+0x5d/0xb0
+ [87850.605293] ? kfree+0x276/0x3f0
+ [87850.605857] legacy_get_tree+0x30/0x50
+ [87850.606540] vfs_get_tree+0x28/0xc0
+ [87850.607163] fc_mount+0xe/0x40
+ [87850.607695] vfs_kern_mount.part.0+0x71/0x90
+ [87850.608440] btrfs_mount+0x13b/0x3e0 [btrfs]
+ (...)
+ [87850.629477] ---[ end trace 68802022b99a1ea0 ]---
+ [87850.630849] BTRFS: error (device sdc) in btrfs_commit_transaction:2381: errno=-5 IO failure (Error while writing out transaction)
+ [87850.632422] BTRFS warning (device sdc): Skipping commit of aborted transaction.
+ [87850.633416] BTRFS: error (device sdc) in cleanup_transaction:1978: errno=-5 IO failure
+ [87850.634553] BTRFS: error (device sdc) in btrfs_replay_log:2431: errno=-5 IO failure (Failed to recover log tree)
+ [87850.637529] BTRFS error (device sdc): open_ctree failed
+
+In this example the inode we moved was a directory, so it was easy to
+detect the problem because directories can only have one hard link and
+the tree checker immediately detects that. If the moved inode was a file,
+then the log replay would succeed and we would end up having both the
+new hard link (/mnt/foo) and the old hard link (/mnt/testdir/foo) present,
+but only the new one should be present.
+
+Fix this by forcing re-logging of the old parent directory when logging
+the new name during a rename operation. This ensures we end up with a log
+that is authoritative for a range covering the keys for the old dentry,
+therefore causing the old dentry do be deleted when replaying the log.
+
+A test case for fstests will follow up soon.
+
+Fixes: 64d6b281ba4db0 ("btrfs: remove unnecessary check_parent_dirs_for_sync()")
+CC: stable@vger.kernel.org # 5.12+
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/tree-log.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+--- a/fs/btrfs/tree-log.c
++++ b/fs/btrfs/tree-log.c
+@@ -6457,6 +6457,24 @@ void btrfs_log_new_name(struct btrfs_tra
+ (!old_dir || old_dir->logged_trans < trans->transid))
+ return;
+
++ /*
++ * If we are doing a rename (old_dir is not NULL) from a directory that
++ * was previously logged, make sure the next log attempt on the directory
++ * is not skipped and logs the inode again. This is because the log may
++ * not currently be authoritative for a range including the old
++ * BTRFS_DIR_ITEM_KEY and BTRFS_DIR_INDEX_KEY keys, so we want to make
++ * sure after a log replay we do not end up with both the new and old
++ * dentries around (in case the inode is a directory we would have a
++ * directory with two hard links and 2 inode references for different
++ * parents). The next log attempt of old_dir will happen at
++ * btrfs_log_all_parents(), called through btrfs_log_inode_parent()
++ * below, because we have previously set inode->last_unlink_trans to the
++ * current transaction ID, either here or at btrfs_record_unlink_dir() in
++ * case inode is a directory.
++ */
++ if (old_dir)
++ old_dir->logged_trans = 0;
++
+ btrfs_init_log_ctx(&ctx, &inode->vfs_inode);
+ ctx.logging_new_name = true;
+ /*
--- /dev/null
+From 764c7c9a464b68f7c6a5a9ec0b923176a05e8e8f Mon Sep 17 00:00:00 2001
+From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Date: Wed, 19 May 2021 00:40:28 +0900
+Subject: btrfs: zoned: fix parallel compressed writes
+
+From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+
+commit 764c7c9a464b68f7c6a5a9ec0b923176a05e8e8f upstream.
+
+When multiple processes write data to the same block group on a
+compressed zoned filesystem, the underlying device could report I/O
+errors and data corruption is possible.
+
+This happens because on a zoned file system, compressed data writes
+where sent to the device via a REQ_OP_WRITE instead of a
+REQ_OP_ZONE_APPEND operation. But with REQ_OP_WRITE and parallel
+submission it cannot be guaranteed that the data is always submitted
+aligned to the underlying zone's write pointer.
+
+The change to using REQ_OP_ZONE_APPEND instead of REQ_OP_WRITE on a
+zoned filesystem is non intrusive on a regular file system or when
+submitting to a conventional zone on a zoned filesystem, as it is
+guarded by btrfs_use_zone_append.
+
+Reported-by: David Sterba <dsterba@suse.com>
+Fixes: 9d294a685fbc ("btrfs: zoned: enable to mount ZONED incompat flag")
+CC: stable@vger.kernel.org # 5.12.x: e380adfc213a13: btrfs: zoned: pass start block to btrfs_use_zone_append
+CC: stable@vger.kernel.org # 5.12.x
+Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/compression.c | 42 ++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 38 insertions(+), 4 deletions(-)
+
+--- a/fs/btrfs/compression.c
++++ b/fs/btrfs/compression.c
+@@ -28,6 +28,7 @@
+ #include "compression.h"
+ #include "extent_io.h"
+ #include "extent_map.h"
++#include "zoned.h"
+
+ static const char* const btrfs_compress_types[] = { "", "zlib", "lzo", "zstd" };
+
+@@ -349,6 +350,7 @@ static void end_compressed_bio_write(str
+ */
+ inode = cb->inode;
+ cb->compressed_pages[0]->mapping = cb->inode->i_mapping;
++ btrfs_record_physical_zoned(inode, cb->start, bio);
+ btrfs_writepage_endio_finish_ordered(cb->compressed_pages[0],
+ cb->start, cb->start + cb->len - 1,
+ bio->bi_status == BLK_STS_OK);
+@@ -401,6 +403,8 @@ blk_status_t btrfs_submit_compressed_wri
+ u64 first_byte = disk_start;
+ blk_status_t ret;
+ int skip_sum = inode->flags & BTRFS_INODE_NODATASUM;
++ const bool use_append = btrfs_use_zone_append(inode, disk_start);
++ const unsigned int bio_op = use_append ? REQ_OP_ZONE_APPEND : REQ_OP_WRITE;
+
+ WARN_ON(!PAGE_ALIGNED(start));
+ cb = kmalloc(compressed_bio_size(fs_info, compressed_len), GFP_NOFS);
+@@ -418,10 +422,31 @@ blk_status_t btrfs_submit_compressed_wri
+ cb->nr_pages = nr_pages;
+
+ bio = btrfs_bio_alloc(first_byte);
+- bio->bi_opf = REQ_OP_WRITE | write_flags;
++ bio->bi_opf = bio_op | write_flags;
+ bio->bi_private = cb;
+ bio->bi_end_io = end_compressed_bio_write;
+
++ if (use_append) {
++ struct extent_map *em;
++ struct map_lookup *map;
++ struct block_device *bdev;
++
++ em = btrfs_get_chunk_map(fs_info, disk_start, PAGE_SIZE);
++ if (IS_ERR(em)) {
++ kfree(cb);
++ bio_put(bio);
++ return BLK_STS_NOTSUPP;
++ }
++
++ map = em->map_lookup;
++ /* We only support single profile for now */
++ ASSERT(map->num_stripes == 1);
++ bdev = map->stripes[0].dev->bdev;
++
++ bio_set_dev(bio, bdev);
++ free_extent_map(em);
++ }
++
+ if (blkcg_css) {
+ bio->bi_opf |= REQ_CGROUP_PUNT;
+ kthread_associate_blkcg(blkcg_css);
+@@ -432,6 +457,7 @@ blk_status_t btrfs_submit_compressed_wri
+ bytes_left = compressed_len;
+ for (pg_index = 0; pg_index < cb->nr_pages; pg_index++) {
+ int submit = 0;
++ int len;
+
+ page = compressed_pages[pg_index];
+ page->mapping = inode->vfs_inode.i_mapping;
+@@ -439,9 +465,13 @@ blk_status_t btrfs_submit_compressed_wri
+ submit = btrfs_bio_fits_in_stripe(page, PAGE_SIZE, bio,
+ 0);
+
++ if (pg_index == 0 && use_append)
++ len = bio_add_zone_append_page(bio, page, PAGE_SIZE, 0);
++ else
++ len = bio_add_page(bio, page, PAGE_SIZE, 0);
++
+ page->mapping = NULL;
+- if (submit || bio_add_page(bio, page, PAGE_SIZE, 0) <
+- PAGE_SIZE) {
++ if (submit || len < PAGE_SIZE) {
+ /*
+ * inc the count before we submit the bio so
+ * we know the end IO handler won't happen before
+@@ -465,11 +495,15 @@ blk_status_t btrfs_submit_compressed_wri
+ }
+
+ bio = btrfs_bio_alloc(first_byte);
+- bio->bi_opf = REQ_OP_WRITE | write_flags;
++ bio->bi_opf = bio_op | write_flags;
+ bio->bi_private = cb;
+ bio->bi_end_io = end_compressed_bio_write;
+ if (blkcg_css)
+ bio->bi_opf |= REQ_CGROUP_PUNT;
++ /*
++ * Use bio_add_page() to ensure the bio has at least one
++ * page.
++ */
+ bio_add_page(bio, page, PAGE_SIZE, 0);
+ }
+ if (bytes_left < PAGE_SIZE) {
--- /dev/null
+From e380adfc213a13677993c0e35cb48f5a8e61ebb0 Mon Sep 17 00:00:00 2001
+From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Date: Wed, 19 May 2021 00:40:27 +0900
+Subject: btrfs: zoned: pass start block to btrfs_use_zone_append
+
+From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+
+commit e380adfc213a13677993c0e35cb48f5a8e61ebb0 upstream.
+
+btrfs_use_zone_append only needs the passed in extent_map's block_start
+member, so there's no need to pass in the full extent map.
+
+This also enables the use of btrfs_use_zone_append in places where we only
+have a start byte but no extent_map.
+
+Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/extent_io.c | 2 +-
+ fs/btrfs/inode.c | 2 +-
+ fs/btrfs/zoned.c | 4 ++--
+ fs/btrfs/zoned.h | 5 ++---
+ 4 files changed, 6 insertions(+), 7 deletions(-)
+
+--- a/fs/btrfs/extent_io.c
++++ b/fs/btrfs/extent_io.c
+@@ -3762,7 +3762,7 @@ static noinline_for_stack int __extent_w
+ /* Note that em_end from extent_map_end() is exclusive */
+ iosize = min(em_end, end + 1) - cur;
+
+- if (btrfs_use_zone_append(inode, em))
++ if (btrfs_use_zone_append(inode, em->block_start))
+ opf = REQ_OP_ZONE_APPEND;
+
+ free_extent_map(em);
+--- a/fs/btrfs/inode.c
++++ b/fs/btrfs/inode.c
+@@ -7782,7 +7782,7 @@ static int btrfs_dio_iomap_begin(struct
+ iomap->bdev = fs_info->fs_devices->latest_bdev;
+ iomap->length = len;
+
+- if (write && btrfs_use_zone_append(BTRFS_I(inode), em))
++ if (write && btrfs_use_zone_append(BTRFS_I(inode), em->block_start))
+ iomap->flags |= IOMAP_F_ZONE_APPEND;
+
+ free_extent_map(em);
+--- a/fs/btrfs/zoned.c
++++ b/fs/btrfs/zoned.c
+@@ -1278,7 +1278,7 @@ void btrfs_free_redirty_list(struct btrf
+ spin_unlock(&trans->releasing_ebs_lock);
+ }
+
+-bool btrfs_use_zone_append(struct btrfs_inode *inode, struct extent_map *em)
++bool btrfs_use_zone_append(struct btrfs_inode *inode, u64 start)
+ {
+ struct btrfs_fs_info *fs_info = inode->root->fs_info;
+ struct btrfs_block_group *cache;
+@@ -1293,7 +1293,7 @@ bool btrfs_use_zone_append(struct btrfs_
+ if (!is_data_inode(&inode->vfs_inode))
+ return false;
+
+- cache = btrfs_lookup_block_group(fs_info, em->block_start);
++ cache = btrfs_lookup_block_group(fs_info, start);
+ ASSERT(cache);
+ if (!cache)
+ return false;
+--- a/fs/btrfs/zoned.h
++++ b/fs/btrfs/zoned.h
+@@ -47,7 +47,7 @@ void btrfs_calc_zone_unusable(struct btr
+ void btrfs_redirty_list_add(struct btrfs_transaction *trans,
+ struct extent_buffer *eb);
+ void btrfs_free_redirty_list(struct btrfs_transaction *trans);
+-bool btrfs_use_zone_append(struct btrfs_inode *inode, struct extent_map *em);
++bool btrfs_use_zone_append(struct btrfs_inode *inode, u64 start);
+ void btrfs_record_physical_zoned(struct inode *inode, u64 file_offset,
+ struct bio *bio);
+ void btrfs_rewrite_logical_zoned(struct btrfs_ordered_extent *ordered);
+@@ -146,8 +146,7 @@ static inline void btrfs_redirty_list_ad
+ struct extent_buffer *eb) { }
+ static inline void btrfs_free_redirty_list(struct btrfs_transaction *trans) { }
+
+-static inline bool btrfs_use_zone_append(struct btrfs_inode *inode,
+- struct extent_map *em)
++static inline bool btrfs_use_zone_append(struct btrfs_inode *inode, u64 start)
+ {
+ return false;
+ }
--- /dev/null
+From d201d7631ca170b038e7f8921120d05eec70d7c5 Mon Sep 17 00:00:00 2001
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+Date: Wed, 19 May 2021 08:40:11 +1000
+Subject: cifs: fix memory leak in smb2_copychunk_range
+
+From: Ronnie Sahlberg <lsahlber@redhat.com>
+
+commit d201d7631ca170b038e7f8921120d05eec70d7c5 upstream.
+
+When using smb2_copychunk_range() for large ranges we will
+run through several iterations of a loop calling SMB2_ioctl()
+but never actually free the returned buffer except for the final
+iteration.
+This leads to memory leaks everytime a large copychunk is requested.
+
+Fixes: 9bf0c9cd4314 ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files")
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Aurelien Aptel <aaptel@suse.com>
+Signed-off-by: Ronnie Sahlberg <lsahlber@redhat.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2ops.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/cifs/smb2ops.c
++++ b/fs/cifs/smb2ops.c
+@@ -1822,6 +1822,8 @@ smb2_copychunk_range(const unsigned int
+ cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk));
+
+ /* Request server copy to target from src identified by key */
++ kfree(retbuf);
++ retbuf = NULL;
+ rc = SMB2_ioctl(xid, tcon, trgtfile->fid.persistent_fid,
+ trgtfile->fid.volatile_fid, FSCTL_SRV_COPYCHUNK_WRITE,
+ true /* is_fsctl */, (char *)pcchunk,
--- /dev/null
+From 2ca4dcc4909d787ee153272f7efc2bff3b498720 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Tue, 11 May 2021 16:30:15 +0200
+Subject: fs/mount_setattr: tighten permission checks
+
+From: Christian Brauner <christian.brauner@ubuntu.com>
+
+commit 2ca4dcc4909d787ee153272f7efc2bff3b498720 upstream.
+
+We currently don't have any filesystems that support idmapped mounts
+which are mountable inside a user namespace. That was a deliberate
+decision for now as a userns root can just mount the filesystem
+themselves. So enforce this restriction explicitly until there's a real
+use-case for this. This way we can notice it and will have a chance to
+adapt and audit our translation helpers and fstests appropriately if we
+need to support such filesystems.
+
+Cc: Christoph Hellwig <hch@lst.de>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: stable@vger.kernel.org
+CC: linux-fsdevel@vger.kernel.org
+Suggested-by: Seth Forshee <seth.forshee@canonical.com>
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/namespace.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/fs/namespace.c
++++ b/fs/namespace.c
+@@ -3853,8 +3853,12 @@ static int can_idmap_mount(const struct
+ if (!(m->mnt_sb->s_type->fs_flags & FS_ALLOW_IDMAP))
+ return -EINVAL;
+
++ /* Don't yet support filesystem mountable in user namespaces. */
++ if (m->mnt_sb->s_user_ns != &init_user_ns)
++ return -EINVAL;
++
+ /* We're not controlling the superblock. */
+- if (!ns_capable(m->mnt_sb->s_user_ns, CAP_SYS_ADMIN))
++ if (!capable(CAP_SYS_ADMIN))
+ return -EPERM;
+
+ /* Mount has already been visible in the filesystem hierarchy. */
--- /dev/null
+From 2962484dfef8dbb7f9059822bc26ce8a04d0e47c Mon Sep 17 00:00:00 2001
+From: Hsin-Yi Wang <hsinyi@chromium.org>
+Date: Tue, 20 Apr 2021 21:30:50 +0800
+Subject: misc: eeprom: at24: check suspend status before disable regulator
+
+From: Hsin-Yi Wang <hsinyi@chromium.org>
+
+commit 2962484dfef8dbb7f9059822bc26ce8a04d0e47c upstream.
+
+cd5676db0574 ("misc: eeprom: at24: support pm_runtime control") disables
+regulator in runtime suspend. If runtime suspend is called before
+regulator disable, it will results in regulator unbalanced disabling.
+
+Fixes: cd5676db0574 ("misc: eeprom: at24: support pm_runtime control")
+Cc: stable <stable@vger.kernel.org>
+Acked-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
+Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org>
+Link: https://lore.kernel.org/r/20210420133050.377209-1-hsinyi@chromium.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/misc/eeprom/at24.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/misc/eeprom/at24.c
++++ b/drivers/misc/eeprom/at24.c
+@@ -763,7 +763,8 @@ static int at24_probe(struct i2c_client
+ at24->nvmem = devm_nvmem_register(dev, &nvmem_config);
+ if (IS_ERR(at24->nvmem)) {
+ pm_runtime_disable(dev);
+- regulator_disable(at24->vcc_reg);
++ if (!pm_runtime_status_suspended(dev))
++ regulator_disable(at24->vcc_reg);
+ return PTR_ERR(at24->nvmem);
+ }
+
+@@ -774,7 +775,8 @@ static int at24_probe(struct i2c_client
+ err = at24_read(at24, 0, &test_byte, 1);
+ if (err) {
+ pm_runtime_disable(dev);
+- regulator_disable(at24->vcc_reg);
++ if (!pm_runtime_status_suspended(dev))
++ regulator_disable(at24->vcc_reg);
+ return -ENODEV;
+ }
+
locking-lockdep-correct-calling-tracepoints.patch
locking-mutex-clear-mutex_flags-if-wait_list-is-empt.patch
powerpc-fix-early-setup-to-make-early_ioremap-work.patch
+btrfs-avoid-rcu-stalls-while-running-delayed-iputs.patch
+btrfs-fix-removed-dentries-still-existing-after-log-is-synced.patch
+btrfs-zoned-pass-start-block-to-btrfs_use_zone_append.patch
+btrfs-zoned-fix-parallel-compressed-writes.patch
+cifs-fix-memory-leak-in-smb2_copychunk_range.patch
+fs-mount_setattr-tighten-permission-checks.patch
+misc-eeprom-at24-check-suspend-status-before-disable-regulator.patch
+alsa-dice-fix-stream-format-for-tc-electronic-konnekt-live-at-high-sampling-transfer-frequency.patch
+alsa-intel8x0-don-t-update-period-unless-prepared.patch
+alsa-firewire-lib-fix-amdtp_packet-tracepoints-event-for-packet_index-field.patch
+alsa-line6-fix-racy-initialization-of-line6-midi.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
