--- /dev/null
+From bfabd5c224f896d4f62f2229d7bb1ad95ddb8b2f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 10 Mar 2025 18:45:36 +0100
+Subject: ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()
+
+From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+
+[ Upstream commit ed92bc5264c4357d4fca292c769ea9967cd3d3b6 ]
+
+Free some resources in the error handling path of the probe, as already
+done in the remove function.
+
+Fixes: e3523e01869d ("ASoC: wm0010: Add initial wm0010 DSP driver")
+Fixes: fd8b96574456 ("ASoC: wm0010: Clear IRQ as wake source and include missing header")
+Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
+Reviewed-by: Charles Keepax <ckeepax@opensource.cirrus.com>
+Link: https://patch.msgid.link/5139ba1ab8c4c157ce04e56096a0f54a1683195c.1741549792.git.christophe.jaillet@wanadoo.fr
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/codecs/wm0010.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/sound/soc/codecs/wm0010.c b/sound/soc/codecs/wm0010.c
+index 1d4259433f47e..6b67edd528bc5 100644
+--- a/sound/soc/codecs/wm0010.c
++++ b/sound/soc/codecs/wm0010.c
+@@ -951,7 +951,7 @@ static int wm0010_spi_probe(struct spi_device *spi)
+ if (ret) {
+ dev_err(wm0010->dev, "Failed to set IRQ %d as wake source: %d\n",
+ irq, ret);
+- return ret;
++ goto free_irq;
+ }
+
+ if (spi->max_speed_hz)
+@@ -963,9 +963,18 @@ static int wm0010_spi_probe(struct spi_device *spi)
+ &soc_component_dev_wm0010, wm0010_dai,
+ ARRAY_SIZE(wm0010_dai));
+ if (ret < 0)
+- return ret;
++ goto disable_irq_wake;
+
+ return 0;
++
++disable_irq_wake:
++ irq_set_irq_wake(wm0010->irq, 0);
++
++free_irq:
++ if (wm0010->irq)
++ free_irq(wm0010->irq, wm0010);
++
++ return ret;
+ }
+
+ static void wm0010_spi_remove(struct spi_device *spi)
+--
+2.39.5
+
--- /dev/null
+From c9c08f028eaf30280c11ae4b863903561c1e7c43 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 6 Mar 2025 13:32:54 +0000
+Subject: ASoC: cs42l43: Fix maximum ADC Volume
+
+From: Charles Keepax <ckeepax@opensource.cirrus.com>
+
+[ Upstream commit e26f1cfeac6712516bfeed80890da664f4f2e88a ]
+
+The range of ADC volume is -1 -> 3 (-6 to 18dB) so the number of levels
+should actually be 4.
+
+Fixes: fc918cbe874e ("ASoC: cs42l43: Add support for the cs42l43")
+Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
+Link: https://patch.msgid.link/20250306133254.1861046-1-ckeepax@opensource.cirrus.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/codecs/cs42l43.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sound/soc/codecs/cs42l43.c b/sound/soc/codecs/cs42l43.c
+index 1443eb1dc0b17..4f78b7668b609 100644
+--- a/sound/soc/codecs/cs42l43.c
++++ b/sound/soc/codecs/cs42l43.c
+@@ -1020,7 +1020,7 @@ static const struct snd_kcontrol_new cs42l43_controls[] = {
+
+ SOC_DOUBLE_R_SX_TLV("ADC Volume", CS42L43_ADC_B_CTRL1, CS42L43_ADC_B_CTRL2,
+ CS42L43_ADC_PGA_GAIN_SHIFT,
+- 0xF, 5, cs42l43_adc_tlv),
++ 0xF, 4, cs42l43_adc_tlv),
+
+ SOC_DOUBLE("PDM1 Invert Switch", CS42L43_DMIC_PDM_CTRL,
+ CS42L43_PDM1L_INV_SHIFT, CS42L43_PDM1R_INV_SHIFT, 1, 0),
+--
+2.39.5
+
--- /dev/null
+From 10ec5fe38e164d75f0e5cf351f2e9da5d6b72e03 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 28 Feb 2025 15:14:56 +0000
+Subject: ASoC: ops: Consistently treat platform_max as control value
+
+From: Charles Keepax <ckeepax@opensource.cirrus.com>
+
+[ Upstream commit 0eba2a7e858907a746ba69cd002eb9eb4dbd7bf3 ]
+
+This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in
+snd_soc_put_volsw() by +min"), and makes some additional related
+updates.
+
+There are two ways the platform_max could be interpreted; the maximum
+register value, or the maximum value the control can be set to. The
+patch moved from treating the value as a control value to a register
+one. When the patch was applied it was technically correct as
+snd_soc_limit_volume() also used the register interpretation. However,
+even then most of the other usages treated platform_max as a
+control value, and snd_soc_limit_volume() has since been updated to
+also do so in commit fb9ad24485087 ("ASoC: ops: add correct range
+check for limiting volume"). That patch however, missed updating
+snd_soc_put_volsw() back to the control interpretation, and fixing
+snd_soc_info_volsw_range(). The control interpretation makes more
+sense as limiting is typically done from the machine driver, so it is
+appropriate to use the customer facing representation rather than the
+internal codec representation. Update all the code to consistently use
+this interpretation of platform_max.
+
+Finally, also add some comments to the soc_mixer_control struct to
+hopefully avoid further patches switching between the two approaches.
+
+Fixes: fb9ad24485087 ("ASoC: ops: add correct range check for limiting volume")
+Signed-off-by: Charles Keepax <ckeepax@opensource.cirrus.com>
+Link: https://patch.msgid.link/20250228151456.3703342-1-ckeepax@opensource.cirrus.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/sound/soc.h | 5 ++++-
+ sound/soc/soc-ops.c | 15 +++++++--------
+ 2 files changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/include/sound/soc.h b/include/sound/soc.h
+index c1acc46529b9d..1f99c29aebdfe 100644
+--- a/include/sound/soc.h
++++ b/include/sound/soc.h
+@@ -1184,7 +1184,10 @@ void snd_soc_close_delayed_work(struct snd_soc_pcm_runtime *rtd);
+
+ /* mixer control */
+ struct soc_mixer_control {
+- int min, max, platform_max;
++ /* Minimum and maximum specified as written to the hardware */
++ int min, max;
++ /* Limited maximum value specified as presented through the control */
++ int platform_max;
+ int reg, rreg;
+ unsigned int shift, rshift;
+ unsigned int sign_bit;
+diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c
+index b27e89ff6a167..b4cfc34d00ee6 100644
+--- a/sound/soc/soc-ops.c
++++ b/sound/soc/soc-ops.c
+@@ -336,7 +336,7 @@ int snd_soc_put_volsw(struct snd_kcontrol *kcontrol,
+ if (ucontrol->value.integer.value[0] < 0)
+ return -EINVAL;
+ val = ucontrol->value.integer.value[0];
+- if (mc->platform_max && ((int)val + min) > mc->platform_max)
++ if (mc->platform_max && val > mc->platform_max)
+ return -EINVAL;
+ if (val > max - min)
+ return -EINVAL;
+@@ -349,7 +349,7 @@ int snd_soc_put_volsw(struct snd_kcontrol *kcontrol,
+ if (ucontrol->value.integer.value[1] < 0)
+ return -EINVAL;
+ val2 = ucontrol->value.integer.value[1];
+- if (mc->platform_max && ((int)val2 + min) > mc->platform_max)
++ if (mc->platform_max && val2 > mc->platform_max)
+ return -EINVAL;
+ if (val2 > max - min)
+ return -EINVAL;
+@@ -502,17 +502,16 @@ int snd_soc_info_volsw_range(struct snd_kcontrol *kcontrol,
+ {
+ struct soc_mixer_control *mc =
+ (struct soc_mixer_control *)kcontrol->private_value;
+- int platform_max;
+- int min = mc->min;
++ int max;
+
+- if (!mc->platform_max)
+- mc->platform_max = mc->max;
+- platform_max = mc->platform_max;
++ max = mc->max - mc->min;
++ if (mc->platform_max && mc->platform_max < max)
++ max = mc->platform_max;
+
+ uinfo->type = SNDRV_CTL_ELEM_TYPE_INTEGER;
+ uinfo->count = snd_soc_volsw_is_stereo(mc) ? 2 : 1;
+ uinfo->value.integer.min = 0;
+- uinfo->value.integer.max = platform_max - min;
++ uinfo->value.integer.max = max;
+
+ return 0;
+ }
+--
+2.39.5
+
--- /dev/null
+From 3f97592f7895a15ff6ba914d18d19857ff7dc24d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 10 Mar 2025 16:04:40 +0800
+Subject: ASoC: rt722-sdca: add missing readable registers
+
+From: Bard Liao <yung-chuan.liao@linux.intel.com>
+
+[ Upstream commit 247fba13416af65b155949bae582d55c310f58b6 ]
+
+SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_FU15,
+RT722_SDCA_CTL_FU_CH_GAIN, CH_01) ... SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY,
+RT722_SDCA_ENT_FU15, RT722_SDCA_CTL_FU_CH_GAIN, CH_04) are used by the
+"FU15 Boost Volume" control, but not marked as readable.
+And the mbq size are 2 for those registers.
+
+Fixes: 7f5d6036ca005 ("ASoC: rt722-sdca: Add RT722 SDCA driver")
+Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
+Reviewed-by: Ranjani Sridharan <ranjani.sridharan@linux.intel.com>
+Reviewed-by: Shuming Fan <shumingf@realtek.com>
+Link: https://patch.msgid.link/20250310080440.58797-1-yung-chuan.liao@linux.intel.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/soc/codecs/rt722-sdca-sdw.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sound/soc/codecs/rt722-sdca-sdw.c b/sound/soc/codecs/rt722-sdca-sdw.c
+index 91314327d9eee..c382cb6be6025 100644
+--- a/sound/soc/codecs/rt722-sdca-sdw.c
++++ b/sound/soc/codecs/rt722-sdca-sdw.c
+@@ -86,6 +86,10 @@ static bool rt722_sdca_mbq_readable_register(struct device *dev, unsigned int re
+ case 0x6100067:
+ case 0x6100070 ... 0x610007c:
+ case 0x6100080:
++ case SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_FU15, RT722_SDCA_CTL_FU_CH_GAIN,
++ CH_01) ...
++ SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_FU15, RT722_SDCA_CTL_FU_CH_GAIN,
++ CH_04):
+ case SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_USER_FU1E, RT722_SDCA_CTL_FU_VOLUME,
+ CH_01):
+ case SDW_SDCA_CTL(FUNC_NUM_MIC_ARRAY, RT722_SDCA_ENT_USER_FU1E, RT722_SDCA_CTL_FU_VOLUME,
+--
+2.39.5
+
--- /dev/null
+From cd606c0a790fb98dd722b10aea1d2e5db8f85a83 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Mar 2025 17:22:04 +0300
+Subject: cifs: Fix integer overflow while processing acdirmax mount option
+
+From: Murad Masimov <m.masimov@mt-integration.ru>
+
+[ Upstream commit 5b29891f91dfb8758baf1e2217bef4b16b2b165b ]
+
+User-provided mount parameter acdirmax of type u32 is intended to have
+an upper limit, but before it is validated, the value is converted from
+seconds to jiffies which can lead to an integer overflow.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: 4c9f948142a5 ("cifs: Add new mount parameter "acdirmax" to allow caching directory metadata")
+Signed-off-by: Murad Masimov <m.masimov@mt-integration.ru>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/smb/client/fs_context.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
+index 82a0987f4f868..479801187c762 100644
+--- a/fs/smb/client/fs_context.c
++++ b/fs/smb/client/fs_context.c
+@@ -1273,11 +1273,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
+ ctx->acregmax = HZ * result.uint_32;
+ break;
+ case Opt_acdirmax:
+- ctx->acdirmax = HZ * result.uint_32;
+- if (ctx->acdirmax > CIFS_MAX_ACTIMEO) {
++ if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {
+ cifs_errorf(fc, "acdirmax too large\n");
+ goto cifs_parse_mount_err;
+ }
++ ctx->acdirmax = HZ * result.uint_32;
+ break;
+ case Opt_actimeo:
+ if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) {
+--
+2.39.5
+
--- /dev/null
+From 321c4c603444c62ed0142f988663039879ca39cc Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Mar 2025 17:22:03 +0300
+Subject: cifs: Fix integer overflow while processing acregmax mount option
+
+From: Murad Masimov <m.masimov@mt-integration.ru>
+
+[ Upstream commit 7489161b1852390b4413d57f2457cd40b34da6cc ]
+
+User-provided mount parameter acregmax of type u32 is intended to have
+an upper limit, but before it is validated, the value is converted from
+seconds to jiffies which can lead to an integer overflow.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: 5780464614f6 ("cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout")
+Signed-off-by: Murad Masimov <m.masimov@mt-integration.ru>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/smb/client/fs_context.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
+index 249dd3f4904e3..82a0987f4f868 100644
+--- a/fs/smb/client/fs_context.c
++++ b/fs/smb/client/fs_context.c
+@@ -1266,11 +1266,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
+ }
+ break;
+ case Opt_acregmax:
+- ctx->acregmax = HZ * result.uint_32;
+- if (ctx->acregmax > CIFS_MAX_ACTIMEO) {
++ if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {
+ cifs_errorf(fc, "acregmax too large\n");
+ goto cifs_parse_mount_err;
+ }
++ ctx->acregmax = HZ * result.uint_32;
+ break;
+ case Opt_acdirmax:
+ ctx->acdirmax = HZ * result.uint_32;
+--
+2.39.5
+
--- /dev/null
+From e00303f1270deb1e1d15f9ed13cf0a31c878b444 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Mar 2025 17:22:05 +0300
+Subject: cifs: Fix integer overflow while processing actimeo mount option
+
+From: Murad Masimov <m.masimov@mt-integration.ru>
+
+[ Upstream commit 64f690ee22c99e16084e0e45181b2a1eed2fa149 ]
+
+User-provided mount parameter actimeo of type u32 is intended to have
+an upper limit, but before it is validated, the value is converted from
+seconds to jiffies which can lead to an integer overflow.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: 6d20e8406f09 ("cifs: add attribute cache timeout (actimeo) tunable")
+Signed-off-by: Murad Masimov <m.masimov@mt-integration.ru>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/smb/client/fs_context.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
+index 479801187c762..51604c78f9ea4 100644
+--- a/fs/smb/client/fs_context.c
++++ b/fs/smb/client/fs_context.c
+@@ -1280,7 +1280,7 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
+ ctx->acdirmax = HZ * result.uint_32;
+ break;
+ case Opt_actimeo:
+- if (HZ * result.uint_32 > CIFS_MAX_ACTIMEO) {
++ if (result.uint_32 > CIFS_MAX_ACTIMEO / HZ) {
+ cifs_errorf(fc, "timeout too large\n");
+ goto cifs_parse_mount_err;
+ }
+--
+2.39.5
+
--- /dev/null
+From 7a12ecf465ab7c34853de491d5c987d25e728623 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 11 Mar 2025 17:22:06 +0300
+Subject: cifs: Fix integer overflow while processing closetimeo mount option
+
+From: Murad Masimov <m.masimov@mt-integration.ru>
+
+[ Upstream commit d5a30fddfe2f2e540f6c43b59cf701809995faef ]
+
+User-provided mount parameter closetimeo of type u32 is intended to have
+an upper limit, but before it is validated, the value is converted from
+seconds to jiffies which can lead to an integer overflow.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: 5efdd9122eff ("smb3: allow deferred close timeout to be configurable")
+Signed-off-by: Murad Masimov <m.masimov@mt-integration.ru>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/smb/client/fs_context.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
+index 51604c78f9ea4..b90cc918de7a3 100644
+--- a/fs/smb/client/fs_context.c
++++ b/fs/smb/client/fs_context.c
+@@ -1292,11 +1292,11 @@ static int smb3_fs_context_parse_param(struct fs_context *fc,
+ ctx->acdirmax = ctx->acregmax = HZ * result.uint_32;
+ break;
+ case Opt_closetimeo:
+- ctx->closetimeo = HZ * result.uint_32;
+- if (ctx->closetimeo > SMB3_MAX_DCLOSETIMEO) {
++ if (result.uint_32 > SMB3_MAX_DCLOSETIMEO / HZ) {
+ cifs_errorf(fc, "closetimeo too large\n");
+ goto cifs_parse_mount_err;
+ }
++ ctx->closetimeo = HZ * result.uint_32;
+ break;
+ case Opt_echo_interval:
+ ctx->echo_interval = result.uint_32;
+--
+2.39.5
+
--- /dev/null
+From a3fd0d245a09ec2b078bab6d99dae47eece7e196 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 18 Sep 2024 00:16:05 +0200
+Subject: cifs: Throw -EOPNOTSUPP error on unsupported reparse point type from
+ parse_reparse_point()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Pali Rohár <pali@kernel.org>
+
+[ Upstream commit cad3fc0a4c8cef07b07ceddc137f582267577250 ]
+
+This would help to track and detect by caller if the reparse point type was
+processed or not.
+
+Signed-off-by: Pali Rohár <pali@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/smb/client/reparse.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c
+index bd8808e50d127..bb246ef0458fb 100644
+--- a/fs/smb/client/reparse.c
++++ b/fs/smb/client/reparse.c
+@@ -656,13 +656,12 @@ int parse_reparse_point(struct reparse_data_buffer *buf,
+ le32_to_cpu(buf->ReparseTag));
+ return -EIO;
+ }
+- break;
++ return 0;
+ default:
+ cifs_tcon_dbg(VFS | ONCE, "unhandled reparse tag: 0x%08x\n",
+ le32_to_cpu(buf->ReparseTag));
+- break;
++ return -EOPNOTSUPP;
+ }
+- return 0;
+ }
+
+ int smb2_parse_reparse_point(struct cifs_sb_info *cifs_sb,
+--
+2.39.5
+
--- /dev/null
+From d7ec28d92af89c61d049d0fea091fdfd6e07a112 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 21 Sep 2024 01:29:33 +0200
+Subject: cifs: Validate content of WSL reparse point buffers
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Pali Rohár <pali@kernel.org>
+
+[ Upstream commit 1f48660667efb97c3cf70485c7e1977af718b48b ]
+
+WSL socket, fifo, char and block devices have empty reparse buffer.
+Validate the length of the reparse buffer.
+
+Signed-off-by: Pali Rohár <pali@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Stable-dep-of: cad3fc0a4c8c ("cifs: Throw -EOPNOTSUPP error on unsupported reparse point type from parse_reparse_point()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/smb/client/reparse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/fs/smb/client/reparse.c b/fs/smb/client/reparse.c
+index e56a8df23fec9..bd8808e50d127 100644
+--- a/fs/smb/client/reparse.c
++++ b/fs/smb/client/reparse.c
+@@ -651,6 +651,11 @@ int parse_reparse_point(struct reparse_data_buffer *buf,
+ case IO_REPARSE_TAG_LX_FIFO:
+ case IO_REPARSE_TAG_LX_CHR:
+ case IO_REPARSE_TAG_LX_BLK:
++ if (le16_to_cpu(buf->ReparseDataLength) != 0) {
++ cifs_dbg(VFS, "srv returned malformed buffer for reparse point: 0x%08x\n",
++ le32_to_cpu(buf->ReparseTag));
++ return -EIO;
++ }
+ break;
+ default:
+ cifs_tcon_dbg(VFS | ONCE, "unhandled reparse tag: 0x%08x\n",
+--
+2.39.5
+
--- /dev/null
+From 98f8368fb9e6793565e4ea6c443e0e863937d252 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 6 Mar 2025 14:20:45 +0300
+Subject: drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()
+
+From: Ivan Abramov <i.abramov@mt-integration.ru>
+
+[ Upstream commit 9af152dcf1a06f589f44a74da4ad67e365d4db9a ]
+
+Since pci_get_domain_bus_and_slot() can return NULL, add NULL check for
+pci_gfx_root in the mid_get_vbt_data().
+
+This change is similar to the checks implemented in mid_get_fuse_settings()
+and mid_get_pci_revID(), which were introduced by commit 0cecdd818cd7
+("gma500: Final enables for Oaktrail") as "additional minor
+bulletproofing".
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Fixes: f910b411053f ("gma500: Add the glue to the various BIOS and firmware interfaces")
+Signed-off-by: Ivan Abramov <i.abramov@mt-integration.ru>
+Signed-off-by: Patrik Jakobsson <patrik.r.jakobsson@gmail.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20250306112046.17144-1-i.abramov@mt-integration.ru
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/gma500/mid_bios.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/gpu/drm/gma500/mid_bios.c b/drivers/gpu/drm/gma500/mid_bios.c
+index 7e76790c6a81f..cba97d7db131d 100644
+--- a/drivers/gpu/drm/gma500/mid_bios.c
++++ b/drivers/gpu/drm/gma500/mid_bios.c
+@@ -279,6 +279,11 @@ static void mid_get_vbt_data(struct drm_psb_private *dev_priv)
+ 0, PCI_DEVFN(2, 0));
+ int ret = -1;
+
++ if (pci_gfx_root == NULL) {
++ WARN_ON(1);
++ return;
++ }
++
+ /* Get the address of the platform config vbt */
+ pci_read_config_dword(pci_gfx_root, 0xFC, &addr);
+ pci_dev_put(pci_gfx_root);
+--
+2.39.5
+
--- /dev/null
+From 6645b5b8bd230076716e71a5638cf2dfdd45e1f4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 6 Feb 2025 21:07:53 +0000
+Subject: rust: error: add missing newline to pr_warn! calls
+
+From: Alban Kurti <kurti@invicto.ai>
+
+[ Upstream commit 6f5c36f56d475732981dcf624e0ac0cc7c8984c8 ]
+
+Added missing newline at the end of pr_warn! usage
+so the log is not missed.
+
+Fixes: 6551a7fe0acb ("rust: error: Add Error::from_errno{_unchecked}()")
+Reported-by: Miguel Ojeda <ojeda@kernel.org>
+Link: https://github.com/Rust-for-Linux/linux/issues/1139
+Signed-off-by: Alban Kurti <kurti@invicto.ai>
+Link: https://lore.kernel.org/r/20250206-printing_fix-v3-2-a85273b501ae@invicto.ai
+[ Replaced Closes with Link since it fixes part of the issue. - Miguel ]
+Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ rust/kernel/error.rs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/rust/kernel/error.rs b/rust/kernel/error.rs
+index 032b645439539..e82d31aa1f307 100644
+--- a/rust/kernel/error.rs
++++ b/rust/kernel/error.rs
+@@ -103,7 +103,7 @@ impl Error {
+ if errno < -(bindings::MAX_ERRNO as i32) || errno >= 0 {
+ // TODO: Make it a `WARN_ONCE` once available.
+ crate::pr_warn!(
+- "attempted to create `Error` with out of range `errno`: {}",
++ "attempted to create `Error` with out of range `errno`: {}\n",
+ errno
+ );
+ return code::EINVAL;
+--
+2.39.5
+
--- /dev/null
+From 6ea4851ab00781640ef3397b91026b4b07279478 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 6 Feb 2025 21:07:54 +0000
+Subject: rust: init: add missing newline to pr_info! calls
+
+From: Alban Kurti <kurti@invicto.ai>
+
+[ Upstream commit 6933c1067fe6df8ddb34dd68bdb2aa172cbd08c8 ]
+
+Several pr_info! calls in rust/kernel/init.rs (both in code examples
+and macro documentation) were missing a newline, causing logs to
+run together. This commit updates these calls to include a trailing
+newline, improving readability and consistency with the C side.
+
+Fixes: 6841d45a3030 ("rust: init: add `stack_pin_init!` macro")
+Fixes: 7f8977a7fe6d ("rust: init: add `{pin_}chain` functions to `{Pin}Init<T, E>`")
+Fixes: d0fdc3961270 ("rust: init: add `PinnedDrop` trait and macros")
+Fixes: 4af84c6a85c6 ("rust: init: update expanded macro explanation")
+Reported-by: Miguel Ojeda <ojeda@kernel.org>
+Link: https://github.com/Rust-for-Linux/linux/issues/1139
+Signed-off-by: Alban Kurti <kurti@invicto.ai>
+Link: https://lore.kernel.org/r/20250206-printing_fix-v3-3-a85273b501ae@invicto.ai
+[ Replaced Closes with Link since it fixes part of the issue. Added
+ one more Fixes tag (still same set of stable kernels). - Miguel ]
+Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ rust/kernel/init.rs | 12 ++++++------
+ rust/kernel/init/macros.rs | 6 +++---
+ 2 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/rust/kernel/init.rs b/rust/kernel/init.rs
+index 6ef9f61820184..af1c77cc12b28 100644
+--- a/rust/kernel/init.rs
++++ b/rust/kernel/init.rs
+@@ -258,7 +258,7 @@ pub mod macros;
+ /// },
+ /// }));
+ /// let foo: Pin<&mut Foo> = foo;
+-/// pr_info!("a: {}", &*foo.a.lock());
++/// pr_info!("a: {}\n", &*foo.a.lock());
+ /// ```
+ ///
+ /// # Syntax
+@@ -310,7 +310,7 @@ macro_rules! stack_pin_init {
+ /// })?,
+ /// }));
+ /// let foo = foo.unwrap();
+-/// pr_info!("a: {}", &*foo.a.lock());
++/// pr_info!("a: {}\n", &*foo.a.lock());
+ /// ```
+ ///
+ /// ```rust,ignore
+@@ -335,7 +335,7 @@ macro_rules! stack_pin_init {
+ /// x: 64,
+ /// })?,
+ /// }));
+-/// pr_info!("a: {}", &*foo.a.lock());
++/// pr_info!("a: {}\n", &*foo.a.lock());
+ /// # Ok::<_, AllocError>(())
+ /// ```
+ ///
+@@ -800,7 +800,7 @@ pub unsafe trait PinInit<T: ?Sized, E = Infallible>: Sized {
+ ///
+ /// impl Foo {
+ /// fn setup(self: Pin<&mut Self>) {
+- /// pr_info!("Setting up foo");
++ /// pr_info!("Setting up foo\n");
+ /// }
+ /// }
+ ///
+@@ -906,7 +906,7 @@ pub unsafe trait Init<T: ?Sized, E = Infallible>: PinInit<T, E> {
+ ///
+ /// impl Foo {
+ /// fn setup(&mut self) {
+- /// pr_info!("Setting up foo");
++ /// pr_info!("Setting up foo\n");
+ /// }
+ /// }
+ ///
+@@ -1229,7 +1229,7 @@ impl<T> InPlaceInit<T> for UniqueArc<T> {
+ /// #[pinned_drop]
+ /// impl PinnedDrop for Foo {
+ /// fn drop(self: Pin<&mut Self>) {
+-/// pr_info!("Foo is being dropped!");
++/// pr_info!("Foo is being dropped!\n");
+ /// }
+ /// }
+ /// ```
+diff --git a/rust/kernel/init/macros.rs b/rust/kernel/init/macros.rs
+index cb6e61b6c50bd..cb769a09e7426 100644
+--- a/rust/kernel/init/macros.rs
++++ b/rust/kernel/init/macros.rs
+@@ -45,7 +45,7 @@
+ //! #[pinned_drop]
+ //! impl PinnedDrop for Foo {
+ //! fn drop(self: Pin<&mut Self>) {
+-//! pr_info!("{self:p} is getting dropped.");
++//! pr_info!("{self:p} is getting dropped.\n");
+ //! }
+ //! }
+ //!
+@@ -412,7 +412,7 @@
+ //! #[pinned_drop]
+ //! impl PinnedDrop for Foo {
+ //! fn drop(self: Pin<&mut Self>) {
+-//! pr_info!("{self:p} is getting dropped.");
++//! pr_info!("{self:p} is getting dropped.\n");
+ //! }
+ //! }
+ //! ```
+@@ -423,7 +423,7 @@
+ //! // `unsafe`, full path and the token parameter are added, everything else stays the same.
+ //! unsafe impl ::kernel::init::PinnedDrop for Foo {
+ //! fn drop(self: Pin<&mut Self>, _: ::kernel::init::__internal::OnlyCallFromDrop) {
+-//! pr_info!("{self:p} is getting dropped.");
++//! pr_info!("{self:p} is getting dropped.\n");
+ //! }
+ //! }
+ //! ```
+--
+2.39.5
+
--- /dev/null
+From 722d581cb72e6b8e182d345a5d792145ba190055 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 10 Feb 2025 12:03:24 -0500
+Subject: scripts: generate_rust_analyzer: add missing macros deps
+
+From: Tamir Duberstein <tamird@gmail.com>
+
+[ Upstream commit 2e0f91aba507a3cb59f7a12fc3ea2b7d4d6675b7 ]
+
+The macros crate has depended on std and proc_macro since its
+introduction in commit 1fbde52bde73 ("rust: add `macros` crate"). These
+dependencies were omitted from commit 8c4555ccc55c ("scripts: add
+`generate_rust_analyzer.py`") resulting in missing go-to-definition and
+autocomplete, and false-positive warnings emitted from rust-analyzer
+such as:
+
+ [{
+ "resource": "/Users/tamird/src/linux/rust/macros/module.rs",
+ "owner": "_generated_diagnostic_collection_name_#1",
+ "code": {
+ "value": "non_snake_case",
+ "target": {
+ "$mid": 1,
+ "path": "/rustc/",
+ "scheme": "https",
+ "authority": "doc.rust-lang.org",
+ "query": "search=non_snake_case"
+ }
+ },
+ "severity": 4,
+ "message": "Variable `None` should have snake_case name, e.g. `none`",
+ "source": "rust-analyzer",
+ "startLineNumber": 123,
+ "startColumn": 17,
+ "endLineNumber": 123,
+ "endColumn": 21
+ }]
+
+Add the missing dependencies to improve the developer experience.
+
+ [ Fiona had a different approach (thanks!) at:
+
+ https://lore.kernel.org/rust-for-linux/20241205115438.234221-1-me@kloenk.dev/
+
+ But Tamir and Fiona agreed to this one. - Miguel ]
+
+Fixes: 8c4555ccc55c ("scripts: add `generate_rust_analyzer.py`")
+Reviewed-by: Fiona Behrens <me@kloenk.dev>
+Diagnosed-by: Chayim Refael Friedman <chayimfr@gmail.com>
+Link: https://github.com/rust-lang/rust-analyzer/issues/17759#issuecomment-2646328275
+Signed-off-by: Tamir Duberstein <tamird@gmail.com>
+Tested-by: Andreas Hindborg <a.hindborg@kernel.org>
+Link: https://lore.kernel.org/r/20250210-rust-analyzer-macros-core-dep-v3-1-45eb4836f218@gmail.com
+[ Removed `return`. Changed tag name. Added Link. Slightly
+ reworded. - Miguel ]
+Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ scripts/generate_rust_analyzer.py | 30 +++++++++++++++++++++---------
+ 1 file changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/scripts/generate_rust_analyzer.py b/scripts/generate_rust_analyzer.py
+index fc52bc41d3e7b..c99173e4b8f3e 100755
+--- a/scripts/generate_rust_analyzer.py
++++ b/scripts/generate_rust_analyzer.py
+@@ -49,14 +49,26 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs):
+ }
+ })
+
+- # First, the ones in `rust/` since they are a bit special.
+- append_crate(
+- "core",
+- sysroot_src / "core" / "src" / "lib.rs",
+- [],
+- cfg=crates_cfgs.get("core", []),
+- is_workspace_member=False,
+- )
++ def append_sysroot_crate(
++ display_name,
++ deps,
++ cfg=[],
++ ):
++ append_crate(
++ display_name,
++ sysroot_src / display_name / "src" / "lib.rs",
++ deps,
++ cfg,
++ is_workspace_member=False,
++ )
++
++ # NB: sysroot crates reexport items from one another so setting up our transitive dependencies
++ # here is important for ensuring that rust-analyzer can resolve symbols. The sources of truth
++ # for this dependency graph are `(sysroot_src / crate / "Cargo.toml" for crate in crates)`.
++ append_sysroot_crate("core", [], cfg=crates_cfgs.get("core", []))
++ append_sysroot_crate("alloc", ["core"])
++ append_sysroot_crate("std", ["alloc", "core"])
++ append_sysroot_crate("proc_macro", ["core", "std"])
+
+ append_crate(
+ "compiler_builtins",
+@@ -74,7 +86,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs):
+ append_crate(
+ "macros",
+ srctree / "rust" / "macros" / "lib.rs",
+- [],
++ ["std", "proc_macro"],
+ is_proc_macro=True,
+ )
+ crates[-1]["proc_macro_dylib_path"] = f"{objtree}/rust/libmacros.so"
+--
+2.39.5
+
rust-init-fix-zeroable-implementation-for-option-nonnull-t-and-option-kbox-t.patch
lib-buildid-handle-memfd_secret-files-in-build_id_parse.patch
mm-split-critical-region-in-remap_file_pages-and-invoke-lsms-in-between.patch
+asoc-ops-consistently-treat-platform_max-as-control-.patch
+rust-error-add-missing-newline-to-pr_warn-calls.patch
+drm-gma500-add-null-check-for-pci_gfx_root-in-mid_ge.patch
+asoc-cs42l43-fix-maximum-adc-volume.patch
+rust-init-add-missing-newline-to-pr_info-calls.patch
+asoc-rt722-sdca-add-missing-readable-registers.patch
+asoc-codecs-wm0010-fix-error-handling-path-in-wm0010.patch
+scripts-generate_rust_analyzer-add-missing-macros-de.patch
+cifs-fix-integer-overflow-while-processing-acregmax-.patch
+cifs-fix-integer-overflow-while-processing-acdirmax-.patch
+cifs-fix-integer-overflow-while-processing-actimeo-m.patch
+cifs-fix-integer-overflow-while-processing-closetime.patch
+cifs-validate-content-of-wsl-reparse-point-buffers.patch
+cifs-throw-eopnotsupp-error-on-unsupported-reparse-p.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
