--- /dev/null
+From adca81d073d2ef3f56985592942be30d5616362c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 3 Dec 2024 14:37:15 +0200
+Subject: ARC: build: Try to guess GCC variant of cross compiler
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Leon Romanovsky <leonro@nvidia.com>
+
+[ Upstream commit 824927e88456331c7a999fdf5d9d27923b619590 ]
+
+ARC GCC compiler is packaged starting from Fedora 39i and the GCC
+variant of cross compile tools has arc-linux-gnu- prefix and not
+arc-linux-. This is causing that CROSS_COMPILE variable is left unset.
+
+This change allows builds without need to supply CROSS_COMPILE argument
+if distro package is used.
+
+Before this change:
+$ make -j 128 ARCH=arc W=1 drivers/infiniband/hw/mlx4/
+ gcc: warning: ‘-mcpu=’ is deprecated; use ‘-mtune=’ or ‘-march=’ instead
+ gcc: error: unrecognized command-line option ‘-mmedium-calls’
+ gcc: error: unrecognized command-line option ‘-mlock’
+ gcc: error: unrecognized command-line option ‘-munaligned-access’
+
+[1] https://packages.fedoraproject.org/pkgs/cross-gcc/gcc-arc-linux-gnu/index.html
+Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
+Signed-off-by: Vineet Gupta <vgupta@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arc/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/arch/arc/Makefile b/arch/arc/Makefile
+index 8782a03f24a8..60b7a7723b1e 100644
+--- a/arch/arc/Makefile
++++ b/arch/arc/Makefile
+@@ -6,7 +6,7 @@
+ KBUILD_DEFCONFIG := haps_hs_smp_defconfig
+
+ ifeq ($(CROSS_COMPILE),)
+-CROSS_COMPILE := $(call cc-cross-prefix, arc-linux- arceb-linux-)
++CROSS_COMPILE := $(call cc-cross-prefix, arc-linux- arceb-linux- arc-linux-gnu-)
+ endif
+
+ cflags-y += -fno-common -pipe -fno-builtin -mmedium-calls -D__linux__
+--
+2.39.5
+
--- /dev/null
+From b723d423f3695834e53c32b430014e14b01e5b4e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 10 Dec 2024 11:42:45 +0000
+Subject: bpf: fix potential error return
+
+From: Anton Protopopov <aspsk@isovalent.com>
+
+[ Upstream commit c4441ca86afe4814039ee1b32c39d833c1a16bbc ]
+
+The bpf_remove_insns() function returns WARN_ON_ONCE(error), where
+error is a result of bpf_adj_branches(), and thus should be always 0
+However, if for any reason it is not 0, then it will be converted to
+boolean by WARN_ON_ONCE and returned to user space as 1, not an actual
+error value. Fix this by returning the original err after the WARN check.
+
+Signed-off-by: Anton Protopopov <aspsk@isovalent.com>
+Acked-by: Jiri Olsa <jolsa@kernel.org>
+Acked-by: Andrii Nakryiko <andrii@kernel.org>
+Link: https://lore.kernel.org/r/20241210114245.836164-1-aspsk@isovalent.com
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/bpf/core.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
+index f36f7b71dc07..d7dbca573df3 100644
+--- a/kernel/bpf/core.c
++++ b/kernel/bpf/core.c
+@@ -504,6 +504,8 @@ struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
+
+ int bpf_remove_insns(struct bpf_prog *prog, u32 off, u32 cnt)
+ {
++ int err;
++
+ /* Branch offsets can't overflow when program is shrinking, no need
+ * to call bpf_adj_branches(..., true) here
+ */
+@@ -511,7 +513,9 @@ int bpf_remove_insns(struct bpf_prog *prog, u32 off, u32 cnt)
+ sizeof(struct bpf_insn) * (prog->len - off - cnt));
+ prog->len -= cnt;
+
+- return WARN_ON_ONCE(bpf_adj_branches(prog, off, off + cnt, off, false));
++ err = bpf_adj_branches(prog, off, off + cnt, off, false);
++ WARN_ON_ONCE(err);
++ return err;
+ }
+
+ static void bpf_prog_kallsyms_del_subprogs(struct bpf_prog *fp)
+--
+2.39.5
+
--- /dev/null
+From 908be5c6c226891dcf5db5e4f3a8f0de11b02927 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Dec 2024 16:08:07 +0000
+Subject: btrfs: fix use-after-free when COWing tree bock and tracing is
+ enabled
+
+From: Filipe Manana <fdmanana@suse.com>
+
+[ Upstream commit 44f52bbe96dfdbe4aca3818a2534520082a07040 ]
+
+When a COWing a tree block, at btrfs_cow_block(), and we have the
+tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled
+(CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent
+buffer while inside the tracepoint code. This is because in some paths
+that call btrfs_cow_block(), such as btrfs_search_slot(), we are holding
+the last reference on the extent buffer @buf so btrfs_force_cow_block()
+drops the last reference on the @buf extent buffer when it calls
+free_extent_buffer_stale(buf), which schedules the release of the extent
+buffer with RCU. This means that if we are on a kernel with preemption,
+the current task may be preempted before calling trace_btrfs_cow_block()
+and the extent buffer already released by the time trace_btrfs_cow_block()
+is called, resulting in a use-after-free.
+
+Fix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to
+btrfs_force_cow_block() before the COWed extent buffer is freed.
+This also has a side effect of invoking the tracepoint in the tree defrag
+code, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is
+called there, but this is fine and it was actually missing there.
+
+Reported-by: syzbot+8517da8635307182c8a5@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/linux-btrfs/6759a9b9.050a0220.1ac542.000d.GAE@google.com/
+CC: stable@vger.kernel.org # 5.4+
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/ctree.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
+index 42562c61f52e..b12c5ca0580e 100644
+--- a/fs/btrfs/ctree.c
++++ b/fs/btrfs/ctree.c
+@@ -502,6 +502,8 @@ int btrfs_force_cow_block(struct btrfs_trans_handle *trans,
+ btrfs_free_tree_block(trans, btrfs_root_id(root), buf,
+ parent_start, last_ref);
+ }
++
++ trace_btrfs_cow_block(root, buf, cow);
+ if (unlock_orig)
+ btrfs_tree_unlock(buf);
+ free_extent_buffer_stale(buf);
+@@ -553,7 +555,6 @@ noinline int btrfs_cow_block(struct btrfs_trans_handle *trans,
+ {
+ struct btrfs_fs_info *fs_info = root->fs_info;
+ u64 search_start;
+- int ret;
+
+ if (unlikely(test_bit(BTRFS_ROOT_DELETING, &root->state))) {
+ btrfs_abort_transaction(trans, -EUCLEAN);
+@@ -594,12 +595,8 @@ noinline int btrfs_cow_block(struct btrfs_trans_handle *trans,
+ * Also We don't care about the error, as it's handled internally.
+ */
+ btrfs_qgroup_trace_subtree_after_cow(trans, root, buf);
+- ret = btrfs_force_cow_block(trans, root, buf, parent, parent_slot,
+- cow_ret, search_start, 0, nest);
+-
+- trace_btrfs_cow_block(root, buf, *cow_ret);
+-
+- return ret;
++ return btrfs_force_cow_block(trans, root, buf, parent, parent_slot,
++ cow_ret, search_start, 0, nest);
+ }
+ ALLOW_ERROR_INJECTION(btrfs_cow_block, ERRNO);
+
+--
+2.39.5
+
--- /dev/null
+From 525db8cea73ef99cfb046732e605fe62d8871aa4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 3 Dec 2024 11:53:27 +0000
+Subject: btrfs: flush delalloc workers queue before stopping cleaner kthread
+ during unmount
+
+From: Filipe Manana <fdmanana@suse.com>
+
+[ Upstream commit f10bef73fb355e3fc85e63a50386798be68ff486 ]
+
+During the unmount path, at close_ctree(), we first stop the cleaner
+kthread, using kthread_stop() which frees the associated task_struct, and
+then stop and destroy all the work queues. However after we stopped the
+cleaner we may still have a worker from the delalloc_workers queue running
+inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(),
+which in turn tries to wake up the cleaner kthread - which was already
+destroyed before, resulting in a use-after-free on the task_struct.
+
+Syzbot reported this with the following stack traces:
+
+ BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089
+ Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52
+
+ CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
+ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
+ Workqueue: btrfs-delalloc btrfs_work_helper
+ Call Trace:
+ <TASK>
+ __dump_stack lib/dump_stack.c:94 [inline]
+ dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
+ print_address_description mm/kasan/report.c:378 [inline]
+ print_report+0x169/0x550 mm/kasan/report.c:489
+ kasan_report+0x143/0x180 mm/kasan/report.c:602
+ __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089
+ lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849
+ __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
+ _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162
+ class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline]
+ try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205
+ submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615
+ run_ordered_work fs/btrfs/async-thread.c:288 [inline]
+ btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324
+ process_one_work kernel/workqueue.c:3229 [inline]
+ process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310
+ worker_thread+0x870/0xd30 kernel/workqueue.c:3391
+ kthread+0x2f0/0x390 kernel/kthread.c:389
+ ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
+ </TASK>
+
+ Allocated by task 2:
+ kasan_save_stack mm/kasan/common.c:47 [inline]
+ kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
+ unpoison_slab_object mm/kasan/common.c:319 [inline]
+ __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345
+ kasan_slab_alloc include/linux/kasan.h:250 [inline]
+ slab_post_alloc_hook mm/slub.c:4104 [inline]
+ slab_alloc_node mm/slub.c:4153 [inline]
+ kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205
+ alloc_task_struct_node kernel/fork.c:180 [inline]
+ dup_task_struct+0x57/0x8c0 kernel/fork.c:1113
+ copy_process+0x5d1/0x3d50 kernel/fork.c:2225
+ kernel_clone+0x223/0x870 kernel/fork.c:2807
+ kernel_thread+0x1bc/0x240 kernel/fork.c:2869
+ create_kthread kernel/kthread.c:412 [inline]
+ kthreadd+0x60d/0x810 kernel/kthread.c:767
+ ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
+
+ Freed by task 24:
+ kasan_save_stack mm/kasan/common.c:47 [inline]
+ kasan_save_track+0x3f/0x80 mm/kasan/common.c:68
+ kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582
+ poison_slab_object mm/kasan/common.c:247 [inline]
+ __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264
+ kasan_slab_free include/linux/kasan.h:233 [inline]
+ slab_free_hook mm/slub.c:2338 [inline]
+ slab_free mm/slub.c:4598 [inline]
+ kmem_cache_free+0x195/0x410 mm/slub.c:4700
+ put_task_struct include/linux/sched/task.h:144 [inline]
+ delayed_put_task_struct+0x125/0x300 kernel/exit.c:227
+ rcu_do_batch kernel/rcu/tree.c:2567 [inline]
+ rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823
+ handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554
+ run_ksoftirqd+0xca/0x130 kernel/softirq.c:943
+ smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164
+ kthread+0x2f0/0x390 kernel/kthread.c:389
+ ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
+ ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
+
+ Last potentially related work creation:
+ kasan_save_stack+0x3f/0x60 mm/kasan/common.c:47
+ __kasan_record_aux_stack+0xac/0xc0 mm/kasan/generic.c:544
+ __call_rcu_common kernel/rcu/tree.c:3086 [inline]
+ call_rcu+0x167/0xa70 kernel/rcu/tree.c:3190
+ context_switch kernel/sched/core.c:5372 [inline]
+ __schedule+0x1803/0x4be0 kernel/sched/core.c:6756
+ __schedule_loop kernel/sched/core.c:6833 [inline]
+ schedule+0x14b/0x320 kernel/sched/core.c:6848
+ schedule_timeout+0xb0/0x290 kernel/time/sleep_timeout.c:75
+ do_wait_for_common kernel/sched/completion.c:95 [inline]
+ __wait_for_common kernel/sched/completion.c:116 [inline]
+ wait_for_common kernel/sched/completion.c:127 [inline]
+ wait_for_completion+0x355/0x620 kernel/sched/completion.c:148
+ kthread_stop+0x19e/0x640 kernel/kthread.c:712
+ close_ctree+0x524/0xd60 fs/btrfs/disk-io.c:4328
+ generic_shutdown_super+0x139/0x2d0 fs/super.c:642
+ kill_anon_super+0x3b/0x70 fs/super.c:1237
+ btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2112
+ deactivate_locked_super+0xc4/0x130 fs/super.c:473
+ cleanup_mnt+0x41f/0x4b0 fs/namespace.c:1373
+ task_work_run+0x24f/0x310 kernel/task_work.c:239
+ ptrace_notify+0x2d2/0x380 kernel/signal.c:2503
+ ptrace_report_syscall include/linux/ptrace.h:415 [inline]
+ ptrace_report_syscall_exit include/linux/ptrace.h:477 [inline]
+ syscall_exit_work+0xc7/0x1d0 kernel/entry/common.c:173
+ syscall_exit_to_user_mode_prepare kernel/entry/common.c:200 [inline]
+ __syscall_exit_to_user_mode_work kernel/entry/common.c:205 [inline]
+ syscall_exit_to_user_mode+0x24a/0x340 kernel/entry/common.c:218
+ do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+ The buggy address belongs to the object at ffff8880259d1e00
+ which belongs to the cache task_struct of size 7424
+ The buggy address is located 2584 bytes inside of
+ freed 7424-byte region [ffff8880259d1e00, ffff8880259d3b00)
+
+ The buggy address belongs to the physical page:
+ page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x259d0
+ head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
+ memcg:ffff88802f4b56c1
+ flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
+ page_type: f5(slab)
+ raw: 00fff00000000040 ffff88801bafe500 dead000000000100 dead000000000122
+ raw: 0000000000000000 0000000000040004 00000001f5000000 ffff88802f4b56c1
+ head: 00fff00000000040 ffff88801bafe500 dead000000000100 dead000000000122
+ head: 0000000000000000 0000000000040004 00000001f5000000 ffff88802f4b56c1
+ head: 00fff00000000003 ffffea0000967401 ffffffffffffffff 0000000000000000
+ head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
+ page dumped because: kasan: bad access detected
+ page_owner tracks the page as allocated
+ page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12, tgid 12 (kworker/u8:1), ts 7328037942, free_ts 0
+ set_page_owner include/linux/page_owner.h:32 [inline]
+ post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1556
+ prep_new_page mm/page_alloc.c:1564 [inline]
+ get_page_from_freelist+0x3651/0x37a0 mm/page_alloc.c:3474
+ __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4751
+ alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265
+ alloc_slab_page+0x6a/0x140 mm/slub.c:2408
+ allocate_slab+0x5a/0x2f0 mm/slub.c:2574
+ new_slab mm/slub.c:2627 [inline]
+ ___slab_alloc+0xcd1/0x14b0 mm/slub.c:3815
+ __slab_alloc+0x58/0xa0 mm/slub.c:3905
+ __slab_alloc_node mm/slub.c:3980 [inline]
+ slab_alloc_node mm/slub.c:4141 [inline]
+ kmem_cache_alloc_node_noprof+0x269/0x380 mm/slub.c:4205
+ alloc_task_struct_node kernel/fork.c:180 [inline]
+ dup_task_struct+0x57/0x8c0 kernel/fork.c:1113
+ copy_process+0x5d1/0x3d50 kernel/fork.c:2225
+ kernel_clone+0x223/0x870 kernel/fork.c:2807
+ user_mode_thread+0x132/0x1a0 kernel/fork.c:2885
+ call_usermodehelper_exec_work+0x5c/0x230 kernel/umh.c:171
+ process_one_work kernel/workqueue.c:3229 [inline]
+ process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310
+ worker_thread+0x870/0xd30 kernel/workqueue.c:3391
+ page_owner free stack trace missing
+
+ Memory state around the buggy address:
+ ffff8880259d2700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ffff8880259d2780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ >ffff8880259d2800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ^
+ ffff8880259d2880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ffff8880259d2900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ==================================================================
+
+Fix this by flushing the delalloc workers queue before stopping the
+cleaner kthread.
+
+Reported-by: syzbot+b7cf50a0c173770dcb14@syzkaller.appspotmail.com
+Link: https://lore.kernel.org/linux-btrfs/674ed7e8.050a0220.48a03.0031.GAE@google.com/
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/disk-io.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c
+index 73796da9a194..9c2d6f96f46d 100644
+--- a/fs/btrfs/disk-io.c
++++ b/fs/btrfs/disk-io.c
+@@ -4405,6 +4405,15 @@ void __cold close_ctree(struct btrfs_fs_info *fs_info)
+ * already the cleaner, but below we run all pending delayed iputs.
+ */
+ btrfs_flush_workqueue(fs_info->fixup_workers);
++ /*
++ * Similar case here, we have to wait for delalloc workers before we
++ * proceed below and stop the cleaner kthread, otherwise we trigger a
++ * use-after-tree on the cleaner kthread task_struct when a delalloc
++ * worker running submit_compressed_extents() adds a delayed iput, which
++ * does a wake up on the cleaner kthread, which was already freed below
++ * when we call kthread_stop().
++ */
++ btrfs_flush_workqueue(fs_info->delalloc_workers);
+
+ /*
+ * After we parked the cleaner kthread, ordered extents may have
+--
+2.39.5
+
--- /dev/null
+From e27a17105ce2cd2a6e1fe915ed56cd90f66d5911 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 27 Sep 2023 12:09:26 +0100
+Subject: btrfs: rename and export __btrfs_cow_block()
+
+From: Filipe Manana <fdmanana@suse.com>
+
+[ Upstream commit 95f93bc4cbcac6121a5ee85cd5019ee8e7447e0b ]
+
+Rename and export __btrfs_cow_block() as btrfs_force_cow_block(). This is
+to allow to move defrag specific code out of ctree.c and into defrag.c in
+one of the next patches.
+
+Signed-off-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Stable-dep-of: 44f52bbe96df ("btrfs: fix use-after-free when COWing tree bock and tracing is enabled")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/ctree.c | 30 +++++++++++++++---------------
+ fs/btrfs/ctree.h | 7 +++++++
+ 2 files changed, 22 insertions(+), 15 deletions(-)
+
+diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
+index 345f205af619..42562c61f52e 100644
+--- a/fs/btrfs/ctree.c
++++ b/fs/btrfs/ctree.c
+@@ -386,13 +386,13 @@ static noinline int update_ref_for_cow(struct btrfs_trans_handle *trans,
+ * bytes the allocator should try to find free next to the block it returns.
+ * This is just a hint and may be ignored by the allocator.
+ */
+-static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
+- struct btrfs_root *root,
+- struct extent_buffer *buf,
+- struct extent_buffer *parent, int parent_slot,
+- struct extent_buffer **cow_ret,
+- u64 search_start, u64 empty_size,
+- enum btrfs_lock_nesting nest)
++int btrfs_force_cow_block(struct btrfs_trans_handle *trans,
++ struct btrfs_root *root,
++ struct extent_buffer *buf,
++ struct extent_buffer *parent, int parent_slot,
++ struct extent_buffer **cow_ret,
++ u64 search_start, u64 empty_size,
++ enum btrfs_lock_nesting nest)
+ {
+ struct btrfs_fs_info *fs_info = root->fs_info;
+ struct btrfs_disk_key disk_key;
+@@ -541,7 +541,7 @@ static inline int should_cow_block(struct btrfs_trans_handle *trans,
+ }
+
+ /*
+- * cows a single block, see __btrfs_cow_block for the real work.
++ * COWs a single block, see btrfs_force_cow_block() for the real work.
+ * This version of it has extra checks so that a block isn't COWed more than
+ * once per transaction, as long as it hasn't been written yet
+ */
+@@ -594,8 +594,8 @@ noinline int btrfs_cow_block(struct btrfs_trans_handle *trans,
+ * Also We don't care about the error, as it's handled internally.
+ */
+ btrfs_qgroup_trace_subtree_after_cow(trans, root, buf);
+- ret = __btrfs_cow_block(trans, root, buf, parent,
+- parent_slot, cow_ret, search_start, 0, nest);
++ ret = btrfs_force_cow_block(trans, root, buf, parent, parent_slot,
++ cow_ret, search_start, 0, nest);
+
+ trace_btrfs_cow_block(root, buf, *cow_ret);
+
+@@ -746,11 +746,11 @@ int btrfs_realloc_node(struct btrfs_trans_handle *trans,
+ search_start = last_block;
+
+ btrfs_tree_lock(cur);
+- err = __btrfs_cow_block(trans, root, cur, parent, i,
+- &cur, search_start,
+- min(16 * blocksize,
+- (end_slot - i) * blocksize),
+- BTRFS_NESTING_COW);
++ err = btrfs_force_cow_block(trans, root, cur, parent, i,
++ &cur, search_start,
++ min(16 * blocksize,
++ (end_slot - i) * blocksize),
++ BTRFS_NESTING_COW);
+ if (err) {
+ btrfs_tree_unlock(cur);
+ free_extent_buffer(cur);
+diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h
+index 17ebcf19b444..61ec4ba5414d 100644
+--- a/fs/btrfs/ctree.h
++++ b/fs/btrfs/ctree.h
+@@ -2885,6 +2885,13 @@ int btrfs_cow_block(struct btrfs_trans_handle *trans,
+ struct extent_buffer *parent, int parent_slot,
+ struct extent_buffer **cow_ret,
+ enum btrfs_lock_nesting nest);
++int btrfs_force_cow_block(struct btrfs_trans_handle *trans,
++ struct btrfs_root *root,
++ struct extent_buffer *buf,
++ struct extent_buffer *parent, int parent_slot,
++ struct extent_buffer **cow_ret,
++ u64 search_start, u64 empty_size,
++ enum btrfs_lock_nesting nest);
+ int btrfs_copy_root(struct btrfs_trans_handle *trans,
+ struct btrfs_root *root,
+ struct extent_buffer *buf,
+--
+2.39.5
+
--- /dev/null
+From 0041b5224bff08bdae93b6b905331406af15bf6c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 19 Oct 2021 08:22:09 +0800
+Subject: btrfs: sysfs: convert scnprintf and snprintf to sysfs_emit
+
+From: Anand Jain <anand.jain@oracle.com>
+
+[ Upstream commit 020e5277583dc26d7a5322ff2d334c764ac1faa8 ]
+
+Commit 2efc459d06f1 ("sysfs: Add sysfs_emit and sysfs_emit_at to format
+sysfs out") merged in 5.10 introduced two new functions sysfs_emit() and
+sysfs_emit_at() which are aware of the PAGE_SIZE limit of the output
+buffer.
+
+Use the above two new functions instead of scnprintf() and snprintf()
+in various sysfs show().
+
+Reviewed-by: Josef Bacik <josef@toxicpanda.com>
+Signed-off-by: Anand Jain <anand.jain@oracle.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Stable-dep-of: fca432e73db2 ("btrfs: sysfs: fix direct super block member reads")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/sysfs.c | 93 +++++++++++++++++++++++-------------------------
+ 1 file changed, 44 insertions(+), 49 deletions(-)
+
+diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c
+index 93a9dfbc8d13..bc8d5b4c279e 100644
+--- a/fs/btrfs/sysfs.c
++++ b/fs/btrfs/sysfs.c
+@@ -177,7 +177,7 @@ static ssize_t btrfs_feature_attr_show(struct kobject *kobj,
+ } else
+ val = can_modify_feature(fa);
+
+- return scnprintf(buf, PAGE_SIZE, "%d\n", val);
++ return sysfs_emit(buf, "%d\n", val);
+ }
+
+ static ssize_t btrfs_feature_attr_store(struct kobject *kobj,
+@@ -333,7 +333,7 @@ static const struct attribute_group btrfs_feature_attr_group = {
+ static ssize_t rmdir_subvol_show(struct kobject *kobj,
+ struct kobj_attribute *ka, char *buf)
+ {
+- return scnprintf(buf, PAGE_SIZE, "0\n");
++ return sysfs_emit(buf, "0\n");
+ }
+ BTRFS_ATTR(static_feature, rmdir_subvol, rmdir_subvol_show);
+
+@@ -348,12 +348,12 @@ static ssize_t supported_checksums_show(struct kobject *kobj,
+ * This "trick" only works as long as 'enum btrfs_csum_type' has
+ * no holes in it
+ */
+- ret += scnprintf(buf + ret, PAGE_SIZE - ret, "%s%s",
+- (i == 0 ? "" : " "), btrfs_super_csum_name(i));
++ ret += sysfs_emit_at(buf, ret, "%s%s", (i == 0 ? "" : " "),
++ btrfs_super_csum_name(i));
+
+ }
+
+- ret += scnprintf(buf + ret, PAGE_SIZE - ret, "\n");
++ ret += sysfs_emit_at(buf, ret, "\n");
+ return ret;
+ }
+ BTRFS_ATTR(static_feature, supported_checksums, supported_checksums_show);
+@@ -361,7 +361,7 @@ BTRFS_ATTR(static_feature, supported_checksums, supported_checksums_show);
+ static ssize_t send_stream_version_show(struct kobject *kobj,
+ struct kobj_attribute *ka, char *buf)
+ {
+- return snprintf(buf, PAGE_SIZE, "%d\n", BTRFS_SEND_STREAM_VERSION);
++ return sysfs_emit(buf, "%d\n", BTRFS_SEND_STREAM_VERSION);
+ }
+ BTRFS_ATTR(static_feature, send_stream_version, send_stream_version_show);
+
+@@ -381,9 +381,8 @@ static ssize_t supported_rescue_options_show(struct kobject *kobj,
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(rescue_opts); i++)
+- ret += scnprintf(buf + ret, PAGE_SIZE - ret, "%s%s",
+- (i ? " " : ""), rescue_opts[i]);
+- ret += scnprintf(buf + ret, PAGE_SIZE - ret, "\n");
++ ret += sysfs_emit_at(buf, ret, "%s%s", (i ? " " : ""), rescue_opts[i]);
++ ret += sysfs_emit_at(buf, ret, "\n");
+ return ret;
+ }
+ BTRFS_ATTR(static_feature, supported_rescue_options,
+@@ -397,10 +396,10 @@ static ssize_t supported_sectorsizes_show(struct kobject *kobj,
+
+ /* 4K sector size is also supported with 64K page size */
+ if (PAGE_SIZE == SZ_64K)
+- ret += scnprintf(buf + ret, PAGE_SIZE - ret, "%u ", SZ_4K);
++ ret += sysfs_emit_at(buf, ret, "%u ", SZ_4K);
+
+ /* Only sectorsize == PAGE_SIZE is now supported */
+- ret += scnprintf(buf + ret, PAGE_SIZE - ret, "%lu\n", PAGE_SIZE);
++ ret += sysfs_emit_at(buf, ret, "%lu\n", PAGE_SIZE);
+
+ return ret;
+ }
+@@ -440,7 +439,7 @@ static ssize_t btrfs_discardable_bytes_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = discard_to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%lld\n",
++ return sysfs_emit(buf, "%lld\n",
+ atomic64_read(&fs_info->discard_ctl.discardable_bytes));
+ }
+ BTRFS_ATTR(discard, discardable_bytes, btrfs_discardable_bytes_show);
+@@ -451,7 +450,7 @@ static ssize_t btrfs_discardable_extents_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = discard_to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%d\n",
++ return sysfs_emit(buf, "%d\n",
+ atomic_read(&fs_info->discard_ctl.discardable_extents));
+ }
+ BTRFS_ATTR(discard, discardable_extents, btrfs_discardable_extents_show);
+@@ -462,8 +461,8 @@ static ssize_t btrfs_discard_bitmap_bytes_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = discard_to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%llu\n",
+- fs_info->discard_ctl.discard_bitmap_bytes);
++ return sysfs_emit(buf, "%llu\n",
++ fs_info->discard_ctl.discard_bitmap_bytes);
+ }
+ BTRFS_ATTR(discard, discard_bitmap_bytes, btrfs_discard_bitmap_bytes_show);
+
+@@ -473,7 +472,7 @@ static ssize_t btrfs_discard_bytes_saved_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = discard_to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%lld\n",
++ return sysfs_emit(buf, "%lld\n",
+ atomic64_read(&fs_info->discard_ctl.discard_bytes_saved));
+ }
+ BTRFS_ATTR(discard, discard_bytes_saved, btrfs_discard_bytes_saved_show);
+@@ -484,8 +483,8 @@ static ssize_t btrfs_discard_extent_bytes_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = discard_to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%llu\n",
+- fs_info->discard_ctl.discard_extent_bytes);
++ return sysfs_emit(buf, "%llu\n",
++ fs_info->discard_ctl.discard_extent_bytes);
+ }
+ BTRFS_ATTR(discard, discard_extent_bytes, btrfs_discard_extent_bytes_show);
+
+@@ -495,8 +494,8 @@ static ssize_t btrfs_discard_iops_limit_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = discard_to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%u\n",
+- READ_ONCE(fs_info->discard_ctl.iops_limit));
++ return sysfs_emit(buf, "%u\n",
++ READ_ONCE(fs_info->discard_ctl.iops_limit));
+ }
+
+ static ssize_t btrfs_discard_iops_limit_store(struct kobject *kobj,
+@@ -526,8 +525,8 @@ static ssize_t btrfs_discard_kbps_limit_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = discard_to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%u\n",
+- READ_ONCE(fs_info->discard_ctl.kbps_limit));
++ return sysfs_emit(buf, "%u\n",
++ READ_ONCE(fs_info->discard_ctl.kbps_limit));
+ }
+
+ static ssize_t btrfs_discard_kbps_limit_store(struct kobject *kobj,
+@@ -556,8 +555,8 @@ static ssize_t btrfs_discard_max_discard_size_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = discard_to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%llu\n",
+- READ_ONCE(fs_info->discard_ctl.max_discard_size));
++ return sysfs_emit(buf, "%llu\n",
++ READ_ONCE(fs_info->discard_ctl.max_discard_size));
+ }
+
+ static ssize_t btrfs_discard_max_discard_size_store(struct kobject *kobj,
+@@ -630,7 +629,7 @@ static ssize_t btrfs_show_u64(u64 *value_ptr, spinlock_t *lock, char *buf)
+ val = *value_ptr;
+ if (lock)
+ spin_unlock(lock);
+- return scnprintf(buf, PAGE_SIZE, "%llu\n", val);
++ return sysfs_emit(buf, "%llu\n", val);
+ }
+
+ static ssize_t global_rsv_size_show(struct kobject *kobj,
+@@ -676,7 +675,7 @@ static ssize_t raid_bytes_show(struct kobject *kobj,
+ val += block_group->used;
+ }
+ up_read(&sinfo->groups_sem);
+- return scnprintf(buf, PAGE_SIZE, "%llu\n", val);
++ return sysfs_emit(buf, "%llu\n", val);
+ }
+
+ /*
+@@ -774,7 +773,7 @@ static ssize_t btrfs_label_show(struct kobject *kobj,
+ ssize_t ret;
+
+ spin_lock(&fs_info->super_lock);
+- ret = scnprintf(buf, PAGE_SIZE, label[0] ? "%s\n" : "%s", label);
++ ret = sysfs_emit(buf, label[0] ? "%s\n" : "%s", label);
+ spin_unlock(&fs_info->super_lock);
+
+ return ret;
+@@ -822,7 +821,7 @@ static ssize_t btrfs_nodesize_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%u\n", fs_info->super_copy->nodesize);
++ return sysfs_emit(buf, "%u\n", fs_info->super_copy->nodesize);
+ }
+
+ BTRFS_ATTR(, nodesize, btrfs_nodesize_show);
+@@ -832,8 +831,7 @@ static ssize_t btrfs_sectorsize_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%u\n",
+- fs_info->super_copy->sectorsize);
++ return sysfs_emit(buf, "%u\n", fs_info->super_copy->sectorsize);
+ }
+
+ BTRFS_ATTR(, sectorsize, btrfs_sectorsize_show);
+@@ -843,7 +841,7 @@ static ssize_t btrfs_clone_alignment_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%u\n", fs_info->super_copy->sectorsize);
++ return sysfs_emit(buf, "%u\n", fs_info->super_copy->sectorsize);
+ }
+
+ BTRFS_ATTR(, clone_alignment, btrfs_clone_alignment_show);
+@@ -855,7 +853,7 @@ static ssize_t quota_override_show(struct kobject *kobj,
+ int quota_override;
+
+ quota_override = test_bit(BTRFS_FS_QUOTA_OVERRIDE, &fs_info->flags);
+- return scnprintf(buf, PAGE_SIZE, "%d\n", quota_override);
++ return sysfs_emit(buf, "%d\n", quota_override);
+ }
+
+ static ssize_t quota_override_store(struct kobject *kobj,
+@@ -893,8 +891,7 @@ static ssize_t btrfs_metadata_uuid_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%pU\n",
+- fs_info->fs_devices->metadata_uuid);
++ return sysfs_emit(buf, "%pU\n", fs_info->fs_devices->metadata_uuid);
+ }
+
+ BTRFS_ATTR(, metadata_uuid, btrfs_metadata_uuid_show);
+@@ -905,9 +902,9 @@ static ssize_t btrfs_checksum_show(struct kobject *kobj,
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+ u16 csum_type = btrfs_super_csum_type(fs_info->super_copy);
+
+- return scnprintf(buf, PAGE_SIZE, "%s (%s)\n",
+- btrfs_super_csum_name(csum_type),
+- crypto_shash_driver_name(fs_info->csum_shash));
++ return sysfs_emit(buf, "%s (%s)\n",
++ btrfs_super_csum_name(csum_type),
++ crypto_shash_driver_name(fs_info->csum_shash));
+ }
+
+ BTRFS_ATTR(, checksum, btrfs_checksum_show);
+@@ -944,7 +941,7 @@ static ssize_t btrfs_exclusive_operation_show(struct kobject *kobj,
+ str = "UNKNOWN\n";
+ break;
+ }
+- return scnprintf(buf, PAGE_SIZE, "%s", str);
++ return sysfs_emit(buf, "%s", str);
+ }
+ BTRFS_ATTR(, exclusive_operation, btrfs_exclusive_operation_show);
+
+@@ -953,7 +950,7 @@ static ssize_t btrfs_generation_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%llu\n", fs_info->generation);
++ return sysfs_emit(buf, "%llu\n", fs_info->generation);
+ }
+ BTRFS_ATTR(, generation, btrfs_generation_show);
+
+@@ -1031,8 +1028,7 @@ static ssize_t btrfs_bg_reclaim_threshold_show(struct kobject *kobj,
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+ ssize_t ret;
+
+- ret = scnprintf(buf, PAGE_SIZE, "%d\n",
+- READ_ONCE(fs_info->bg_reclaim_threshold));
++ ret = sysfs_emit(buf, "%d\n", READ_ONCE(fs_info->bg_reclaim_threshold));
+
+ return ret;
+ }
+@@ -1474,7 +1470,7 @@ static ssize_t btrfs_devinfo_in_fs_metadata_show(struct kobject *kobj,
+
+ val = !!test_bit(BTRFS_DEV_STATE_IN_FS_METADATA, &device->dev_state);
+
+- return scnprintf(buf, PAGE_SIZE, "%d\n", val);
++ return sysfs_emit(buf, "%d\n", val);
+ }
+ BTRFS_ATTR(devid, in_fs_metadata, btrfs_devinfo_in_fs_metadata_show);
+
+@@ -1487,7 +1483,7 @@ static ssize_t btrfs_devinfo_missing_show(struct kobject *kobj,
+
+ val = !!test_bit(BTRFS_DEV_STATE_MISSING, &device->dev_state);
+
+- return scnprintf(buf, PAGE_SIZE, "%d\n", val);
++ return sysfs_emit(buf, "%d\n", val);
+ }
+ BTRFS_ATTR(devid, missing, btrfs_devinfo_missing_show);
+
+@@ -1501,7 +1497,7 @@ static ssize_t btrfs_devinfo_replace_target_show(struct kobject *kobj,
+
+ val = !!test_bit(BTRFS_DEV_STATE_REPLACE_TGT, &device->dev_state);
+
+- return scnprintf(buf, PAGE_SIZE, "%d\n", val);
++ return sysfs_emit(buf, "%d\n", val);
+ }
+ BTRFS_ATTR(devid, replace_target, btrfs_devinfo_replace_target_show);
+
+@@ -1512,8 +1508,7 @@ static ssize_t btrfs_devinfo_scrub_speed_max_show(struct kobject *kobj,
+ struct btrfs_device *device = container_of(kobj, struct btrfs_device,
+ devid_kobj);
+
+- return scnprintf(buf, PAGE_SIZE, "%llu\n",
+- READ_ONCE(device->scrub_speed_max));
++ return sysfs_emit(buf, "%llu\n", READ_ONCE(device->scrub_speed_max));
+ }
+
+ static ssize_t btrfs_devinfo_scrub_speed_max_store(struct kobject *kobj,
+@@ -1545,7 +1540,7 @@ static ssize_t btrfs_devinfo_writeable_show(struct kobject *kobj,
+
+ val = !!test_bit(BTRFS_DEV_STATE_WRITEABLE, &device->dev_state);
+
+- return scnprintf(buf, PAGE_SIZE, "%d\n", val);
++ return sysfs_emit(buf, "%d\n", val);
+ }
+ BTRFS_ATTR(devid, writeable, btrfs_devinfo_writeable_show);
+
+@@ -1556,14 +1551,14 @@ static ssize_t btrfs_devinfo_error_stats_show(struct kobject *kobj,
+ devid_kobj);
+
+ if (!device->dev_stats_valid)
+- return scnprintf(buf, PAGE_SIZE, "invalid\n");
++ return sysfs_emit(buf, "invalid\n");
+
+ /*
+ * Print all at once so we get a snapshot of all values from the same
+ * time. Keep them in sync and in order of definition of
+ * btrfs_dev_stat_values.
+ */
+- return scnprintf(buf, PAGE_SIZE,
++ return sysfs_emit(buf,
+ "write_errs %d\n"
+ "read_errs %d\n"
+ "flush_errs %d\n"
+--
+2.39.5
+
--- /dev/null
+From af9508b793a97580e29c1734b8bdcef7b4a060bc Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 18 Dec 2024 17:00:56 +1030
+Subject: btrfs: sysfs: fix direct super block member reads
+
+From: Qu Wenruo <wqu@suse.com>
+
+[ Upstream commit fca432e73db2bec0fdbfbf6d98d3ebcd5388a977 ]
+
+The following sysfs entries are reading super block member directly,
+which can have a different endian and cause wrong values:
+
+- sys/fs/btrfs/<uuid>/nodesize
+- sys/fs/btrfs/<uuid>/sectorsize
+- sys/fs/btrfs/<uuid>/clone_alignment
+
+Thankfully those values (nodesize and sectorsize) are always aligned
+inside the btrfs_super_block, so it won't trigger unaligned read errors,
+just endian problems.
+
+Fix them by using the native cached members instead.
+
+Fixes: df93589a1737 ("btrfs: export more from FS_INFO to sysfs")
+CC: stable@vger.kernel.org
+Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/btrfs/sysfs.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c
+index bc8d5b4c279e..6f7f7231e34a 100644
+--- a/fs/btrfs/sysfs.c
++++ b/fs/btrfs/sysfs.c
+@@ -821,7 +821,7 @@ static ssize_t btrfs_nodesize_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+
+- return sysfs_emit(buf, "%u\n", fs_info->super_copy->nodesize);
++ return sysfs_emit(buf, "%u\n", fs_info->nodesize);
+ }
+
+ BTRFS_ATTR(, nodesize, btrfs_nodesize_show);
+@@ -831,7 +831,7 @@ static ssize_t btrfs_sectorsize_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+
+- return sysfs_emit(buf, "%u\n", fs_info->super_copy->sectorsize);
++ return sysfs_emit(buf, "%u\n", fs_info->sectorsize);
+ }
+
+ BTRFS_ATTR(, sectorsize, btrfs_sectorsize_show);
+@@ -841,7 +841,7 @@ static ssize_t btrfs_clone_alignment_show(struct kobject *kobj,
+ {
+ struct btrfs_fs_info *fs_info = to_fs_info(kobj);
+
+- return sysfs_emit(buf, "%u\n", fs_info->super_copy->sectorsize);
++ return sysfs_emit(buf, "%u\n", fs_info->sectorsize);
+ }
+
+ BTRFS_ATTR(, clone_alignment, btrfs_clone_alignment_show);
+--
+2.39.5
+
--- /dev/null
+From 11a967bfdf69796ad64d66b81c0ddae79b9a029f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 5 Nov 2024 09:57:42 +0800
+Subject: drm/amdkfd: Correct the migration DMA map direction
+
+From: Prike Liang <Prike.Liang@amd.com>
+
+[ Upstream commit 5c3de6b02d38eb9386edf50490e050bb44398e40 ]
+
+The SVM DMA device map direction should be set the same as
+the DMA unmap setting, otherwise the DMA core will report
+the following warning.
+
+Before finialize this solution, there're some discussion on
+the DMA mapping type(stream-based or coherent) in this KFD
+migration case, followed by https://lore.kernel.org/all/04d4ab32
+-45a1-4b88-86ee-fb0f35a0ca40@amd.com/T/.
+
+As there's no dma_sync_single_for_*() in the DMA buffer accessed
+that because this migration operation should be sync properly and
+automatically. Give that there's might not be a performance problem
+in various cache sync policy of DMA sync. Therefore, in order to
+simplify the DMA direction setting alignment, let's set the DMA map
+direction as BIDIRECTIONAL.
+
+[ 150.834218] WARNING: CPU: 8 PID: 1812 at kernel/dma/debug.c:1028 check_unmap+0x1cc/0x930
+[ 150.834225] Modules linked in: amdgpu(OE) amdxcp drm_exec(OE) gpu_sched drm_buddy(OE) drm_ttm_helper(OE) ttm(OE) drm_suballoc_helper(OE) drm_display_helper(OE) drm_kms_helper(OE) i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc sch_fq_codel intel_rapl_msr amd_atl intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd snd_pci_acp6x snd_hda_codec snd_acp_config snd_hda_core snd_hwdep snd_soc_acpi kvm_amd sunrpc snd_pcm kvm binfmt_misc snd_seq_midi crct10dif_pclmul snd_seq_midi_event ghash_clmulni_intel sha512_ssse3 snd_rawmidi nls_iso8859_1 sha256_ssse3 sha1_ssse3 snd_seq aesni_intel snd_seq_device crypto_simd snd_timer cryptd input_leds
+[ 150.834310] wmi_bmof serio_raw k10temp rapl snd sp5100_tco ipmi_devintf soundcore ccp ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport efi_pstore drm(OE) ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii
+[ 150.834354] CPU: 8 PID: 1812 Comm: rocrtst64 Tainted: G OE 6.10.0-custom #492
+[ 150.834358] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021
+[ 150.834360] RIP: 0010:check_unmap+0x1cc/0x930
+[ 150.834363] Code: c0 4c 89 4d c8 e8 34 bf 86 00 4c 8b 4d c8 4c 8b 45 c0 48 8b 4d b8 48 89 c6 41 57 4c 89 ea 48 c7 c7 80 49 b4 84 e8 b4 81 f3 ff <0f> 0b 48 c7 c7 04 83 ac 84 e8 76 ba fc ff 41 8b 76 4c 49 8d 7e 50
+[ 150.834365] RSP: 0018:ffffaac5023739e0 EFLAGS: 00010086
+[ 150.834368] RAX: 0000000000000000 RBX: ffffffff8566a2e0 RCX: 0000000000000027
+[ 150.834370] RDX: ffff8f6a8f621688 RSI: 0000000000000001 RDI: ffff8f6a8f621680
+[ 150.834372] RBP: ffffaac502373a30 R08: 00000000000000c9 R09: ffffaac502373850
+[ 150.834373] R10: ffffaac502373848 R11: ffffffff84f46328 R12: ffffaac502373a40
+[ 150.834375] R13: ffff8f6741045330 R14: ffff8f6741a77700 R15: ffffffff84ac831b
+[ 150.834377] FS: 00007faf0fc94c00(0000) GS:ffff8f6a8f600000(0000) knlGS:0000000000000000
+[ 150.834379] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 150.834381] CR2: 00007faf0b600020 CR3: 000000010a52e000 CR4: 0000000000350ef0
+[ 150.834383] Call Trace:
+[ 150.834385] <TASK>
+[ 150.834387] ? show_regs+0x6d/0x80
+[ 150.834393] ? __warn+0x8c/0x140
+[ 150.834397] ? check_unmap+0x1cc/0x930
+[ 150.834400] ? report_bug+0x193/0x1a0
+[ 150.834406] ? handle_bug+0x46/0x80
+[ 150.834410] ? exc_invalid_op+0x1d/0x80
+[ 150.834413] ? asm_exc_invalid_op+0x1f/0x30
+[ 150.834420] ? check_unmap+0x1cc/0x930
+[ 150.834425] debug_dma_unmap_page+0x86/0x90
+[ 150.834431] ? srso_return_thunk+0x5/0x5f
+[ 150.834435] ? rmap_walk+0x28/0x50
+[ 150.834438] ? srso_return_thunk+0x5/0x5f
+[ 150.834441] ? remove_migration_ptes+0x79/0x80
+[ 150.834445] ? srso_return_thunk+0x5/0x5f
+[ 150.834448] dma_unmap_page_attrs+0xfa/0x1d0
+[ 150.834453] svm_range_dma_unmap_dev+0x8a/0xf0 [amdgpu]
+[ 150.834710] svm_migrate_ram_to_vram+0x361/0x740 [amdgpu]
+[ 150.834914] svm_migrate_to_vram+0xa8/0xe0 [amdgpu]
+[ 150.835111] svm_range_set_attr+0xff2/0x1450 [amdgpu]
+[ 150.835311] svm_ioctl+0x4a/0x50 [amdgpu]
+[ 150.835510] kfd_ioctl_svm+0x54/0x90 [amdgpu]
+[ 150.835701] kfd_ioctl+0x3c2/0x530 [amdgpu]
+[ 150.835888] ? __pfx_kfd_ioctl_svm+0x10/0x10 [amdgpu]
+[ 150.836075] ? srso_return_thunk+0x5/0x5f
+[ 150.836080] ? tomoyo_file_ioctl+0x20/0x30
+[ 150.836086] __x64_sys_ioctl+0x9c/0xd0
+[ 150.836091] x64_sys_call+0x1219/0x20d0
+[ 150.836095] do_syscall_64+0x51/0x120
+[ 150.836098] entry_SYSCALL_64_after_hwframe+0x76/0x7e
+[ 150.836102] RIP: 0033:0x7faf0f11a94f
+[ 150.836105] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00
+[ 150.836107] RSP: 002b:00007ffeced26bc0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+[ 150.836110] RAX: ffffffffffffffda RBX: 000055c683528fb0 RCX: 00007faf0f11a94f
+[ 150.836112] RDX: 00007ffeced26c60 RSI: 00000000c0484b20 RDI: 0000000000000003
+[ 150.836114] RBP: 00007ffeced26c50 R08: 0000000000000000 R09: 0000000000000001
+[ 150.836115] R10: 0000000000000032 R11: 0000000000000246 R12: 000055c683528bd0
+[ 150.836117] R13: 0000000000000000 R14: 0000000000000021 R15: 0000000000000000
+[ 150.836122] </TASK>
+[ 150.836124] ---[ end trace 0000000000000000 ]---
+
+Signed-off-by: Prike Liang <Prike.Liang@amd.com>
+Reviewed-by: Felix Kuehling <felix.kuehling@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/amd/amdkfd/kfd_migrate.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c b/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c
+index 131d98c600ee..013749cd3ae2 100644
+--- a/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c
++++ b/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c
+@@ -302,7 +302,7 @@ svm_migrate_copy_to_vram(struct amdgpu_device *adev, struct svm_range *prange,
+ migrate->dst[i] = migrate_pfn(migrate->dst[i]);
+ migrate->dst[i] |= MIGRATE_PFN_LOCKED;
+ src[i] = dma_map_page(dev, spage, 0, PAGE_SIZE,
+- DMA_TO_DEVICE);
++ DMA_BIDIRECTIONAL);
+ r = dma_mapping_error(dev, src[i]);
+ if (r) {
+ pr_debug("failed %d dma_map_page\n", r);
+@@ -569,7 +569,7 @@ svm_migrate_copy_to_ram(struct amdgpu_device *adev, struct svm_range *prange,
+ goto out_oom;
+ }
+
+- dst[i] = dma_map_page(dev, dpage, 0, PAGE_SIZE, DMA_FROM_DEVICE);
++ dst[i] = dma_map_page(dev, dpage, 0, PAGE_SIZE, DMA_BIDIRECTIONAL);
+ r = dma_mapping_error(dev, dst[i]);
+ if (r) {
+ pr_debug("failed %d dma_map_page\n", r);
+--
+2.39.5
+
--- /dev/null
+From 0cb9a9263bc74559806fe9f6e88ede05c0affc9b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Dec 2024 15:57:53 +0100
+Subject: irqchip/gic: Correct declaration of *percpu_base pointer in union
+ gic_base
+
+From: Uros Bizjak <ubizjak@gmail.com>
+
+[ Upstream commit a1855f1b7c33642c9f7a01991fb763342a312e9b ]
+
+percpu_base is used in various percpu functions that expect variable in
+__percpu address space. Correct the declaration of percpu_base to
+
+void __iomem * __percpu *percpu_base;
+
+to declare the variable as __percpu pointer.
+
+The patch fixes several sparse warnings:
+
+irq-gic.c:1172:44: warning: incorrect type in assignment (different address spaces)
+irq-gic.c:1172:44: expected void [noderef] __percpu *[noderef] __iomem *percpu_base
+irq-gic.c:1172:44: got void [noderef] __iomem *[noderef] __percpu *
+...
+irq-gic.c:1231:43: warning: incorrect type in argument 1 (different address spaces)
+irq-gic.c:1231:43: expected void [noderef] __percpu *__pdata
+irq-gic.c:1231:43: got void [noderef] __percpu *[noderef] __iomem *percpu_base
+
+There were no changes in the resulting object files.
+
+Signed-off-by: Uros Bizjak <ubizjak@gmail.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/all/20241213145809.2918-2-ubizjak@gmail.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/irqchip/irq-gic.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
+index 99077f30f699..c941037199c8 100644
+--- a/drivers/irqchip/irq-gic.c
++++ b/drivers/irqchip/irq-gic.c
+@@ -62,7 +62,7 @@ static void gic_check_cpu_features(void)
+
+ union gic_base {
+ void __iomem *common_base;
+- void __percpu * __iomem *percpu_base;
++ void __iomem * __percpu *percpu_base;
+ };
+
+ struct gic_chip_data {
+--
+2.39.5
+
--- /dev/null
+From ae70558508183547becae719d05e1c45bfe34436 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Dec 2024 16:18:21 +0100
+Subject: net: usb: qmi_wwan: add Telit FE910C04 compositions
+
+From: Daniele Palmas <dnlplm@gmail.com>
+
+[ Upstream commit 3b58b53a26598209a7ad8259a5114ce71f7c3d64 ]
+
+Add the following Telit FE910C04 compositions:
+
+0x10c0: rmnet + tty (AT/NMEA) + tty (AT) + tty (diag)
+T: Bus=02 Lev=01 Prnt=03 Port=06 Cnt=01 Dev#= 13 Spd=480 MxCh= 0
+D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
+P: Vendor=1bc7 ProdID=10c0 Rev=05.15
+S: Manufacturer=Telit Cinterion
+S: Product=FE910
+S: SerialNumber=f71b8b32
+C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
+I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
+E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
+I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
+E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
+E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+
+0x10c4: rmnet + tty (AT) + tty (AT) + tty (diag)
+T: Bus=02 Lev=01 Prnt=03 Port=06 Cnt=01 Dev#= 14 Spd=480 MxCh= 0
+D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
+P: Vendor=1bc7 ProdID=10c4 Rev=05.15
+S: Manufacturer=Telit Cinterion
+S: Product=FE910
+S: SerialNumber=f71b8b32
+C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
+I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
+E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
+I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
+E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+
+0x10c8: rmnet + tty (AT) + tty (diag) + DPL (data packet logging) + adb
+T: Bus=02 Lev=01 Prnt=03 Port=06 Cnt=01 Dev#= 17 Spd=480 MxCh= 0
+D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
+P: Vendor=1bc7 ProdID=10c8 Rev=05.15
+S: Manufacturer=Telit Cinterion
+S: Product=FE910
+S: SerialNumber=f71b8b32
+C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA
+I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
+E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=82(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
+I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
+E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
+I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
+E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I: If#= 3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none)
+E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
+E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
+
+Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
+Link: https://patch.msgid.link/20241209151821.3688829-1-dnlplm@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/qmi_wwan.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
+index 758af6ea861b..96cbc8a7ee9b 100644
+--- a/drivers/net/usb/qmi_wwan.c
++++ b/drivers/net/usb/qmi_wwan.c
+@@ -1367,6 +1367,9 @@ static const struct usb_device_id products[] = {
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a0, 0)}, /* Telit FN920C04 */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a4, 0)}, /* Telit FN920C04 */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10a9, 0)}, /* Telit FN920C04 */
++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10c0, 0)}, /* Telit FE910C04 */
++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10c4, 0)}, /* Telit FE910C04 */
++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x10c8, 0)}, /* Telit FE910C04 */
+ {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */
+ {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */
+ {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */
+--
+2.39.5
+
af_packet-fix-vlan_get_tci-vs-msg_peek.patch
af_packet-fix-vlan_get_protocol_dgram-vs-msg_peek.patch
ila-serialize-calls-to-nf_register_net_hooks.patch
+btrfs-rename-and-export-__btrfs_cow_block.patch
+btrfs-fix-use-after-free-when-cowing-tree-bock-and-t.patch
+btrfs-sysfs-convert-scnprintf-and-snprintf-to-sysfs_.patch
+btrfs-sysfs-fix-direct-super-block-member-reads.patch
+wifi-mac80211-wake-the-queues-in-case-of-failure-in-.patch
+drm-amdkfd-correct-the-migration-dma-map-direction.patch
+btrfs-flush-delalloc-workers-queue-before-stopping-c.patch
+sound-usb-enable-dsd-output-for-ddhifi-tc44c.patch
+sound-usb-format-don-t-warn-that-raw-dsd-is-unsuppor.patch
+bpf-fix-potential-error-return.patch
+net-usb-qmi_wwan-add-telit-fe910c04-compositions.patch
+irqchip-gic-correct-declaration-of-percpu_base-point.patch
+arc-build-try-to-guess-gcc-variant-of-cross-compiler.patch
+usb-xhci-avoid-queuing-redundant-stop-endpoint-comma.patch
--- /dev/null
+From 67df4527ab187ac83d22366aed208d73651bfe17 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Dec 2024 11:05:28 +0200
+Subject: sound: usb: enable DSD output for ddHiFi TC44C
+
+From: Adrian Ratiu <adrian.ratiu@collabora.com>
+
+[ Upstream commit c84bd6c810d1880194fea2229c7086e4b73fddc1 ]
+
+This is a UAC 2 DAC capable of raw DSD on intf 2 alt 4:
+
+Bus 007 Device 004: ID 262a:9302 SAVITECH Corp. TC44C
+Device Descriptor:
+ bLength 18
+ bDescriptorType 1
+ bcdUSB 2.00
+ bDeviceClass 239 Miscellaneous Device
+ bDeviceSubClass 2 [unknown]
+ bDeviceProtocol 1 Interface Association
+ bMaxPacketSize0 64
+ idVendor 0x262a SAVITECH Corp.
+ idProduct 0x9302 TC44C
+ bcdDevice 0.01
+ iManufacturer 1 DDHIFI
+ iProduct 2 TC44C
+ iSerial 6 5000000001
+.......
+ Interface Descriptor:
+ bLength 9
+ bDescriptorType 4
+ bInterfaceNumber 2
+ bAlternateSetting 4
+ bNumEndpoints 2
+ bInterfaceClass 1 Audio
+ bInterfaceSubClass 2 Streaming
+ bInterfaceProtocol 32
+ iInterface 0
+ AudioStreaming Interface Descriptor:
+ bLength 16
+ bDescriptorType 36
+ bDescriptorSubtype 1 (AS_GENERAL)
+ bTerminalLink 3
+ bmControls 0x00
+ bFormatType 1
+ bmFormats 0x80000000
+ bNrChannels 2
+ bmChannelConfig 0x00000000
+ iChannelNames 0
+.......
+
+Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
+Link: https://patch.msgid.link/20241209090529.16134-1-adrian.ratiu@collabora.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/usb/quirks.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
+index 15932d0a4613..8661399e60d5 100644
+--- a/sound/usb/quirks.c
++++ b/sound/usb/quirks.c
+@@ -1916,6 +1916,8 @@ static const struct usb_audio_quirk_flags_table quirk_flags_table[] = {
+ QUIRK_FLAG_GET_SAMPLE_RATE),
+ DEVICE_FLG(0x2522, 0x0007, /* LH Labs Geek Out HD Audio 1V5 */
+ QUIRK_FLAG_SET_IFACE_FIRST),
++ DEVICE_FLG(0x262a, 0x9302, /* ddHiFi TC44C */
++ QUIRK_FLAG_DSD_RAW),
+ DEVICE_FLG(0x2708, 0x0002, /* Audient iD14 */
+ QUIRK_FLAG_IGNORE_CTL_ERROR),
+ DEVICE_FLG(0x2912, 0x30c8, /* Audioengine D1 */
+--
+2.39.5
+
--- /dev/null
+From ab352cfdfcb200524ca429783e10936b6b2f5d62 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Dec 2024 11:05:29 +0200
+Subject: sound: usb: format: don't warn that raw DSD is unsupported
+
+From: Adrian Ratiu <adrian.ratiu@collabora.com>
+
+[ Upstream commit b50a3e98442b8d72f061617c7f7a71f7dba19484 ]
+
+UAC 2 & 3 DAC's set bit 31 of the format to signal support for a
+RAW_DATA type, typically used for DSD playback.
+
+This is correctly tested by (format & UAC*_FORMAT_TYPE_I_RAW_DATA),
+fp->dsd_raw = true; and call snd_usb_interface_dsd_format_quirks(),
+however a confusing and unnecessary message gets printed because
+the bit is not properly tested in the last "unsupported" if test:
+if (format & ~0x3F) { ... }
+
+For example the output:
+
+usb 7-1: new high-speed USB device number 5 using xhci_hcd
+usb 7-1: New USB device found, idVendor=262a, idProduct=9302, bcdDevice=0.01
+usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=6
+usb 7-1: Product: TC44C
+usb 7-1: Manufacturer: TC44C
+usb 7-1: SerialNumber: 5000000001
+hid-generic 0003:262A:9302.001E: No inputs registered, leaving
+hid-generic 0003:262A:9302.001E: hidraw6: USB HID v1.00 Device [DDHIFI TC44C] on usb-0000:08:00.3-1/input0
+usb 7-1: 2:4 : unsupported format bits 0x100000000
+
+This last "unsupported format" is actually wrong: we know the
+format is a RAW_DATA which we assume is DSD, so there is no need
+to print the confusing message.
+
+This we unset bit 31 of the format after recognizing it, to avoid
+the message.
+
+Suggested-by: Takashi Iwai <tiwai@suse.com>
+Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com>
+Link: https://patch.msgid.link/20241209090529.16134-2-adrian.ratiu@collabora.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/usb/format.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/sound/usb/format.c b/sound/usb/format.c
+index 3b45d0ee7693..3b3a5ea6fcbf 100644
+--- a/sound/usb/format.c
++++ b/sound/usb/format.c
+@@ -60,6 +60,8 @@ static u64 parse_audio_format_i_type(struct snd_usb_audio *chip,
+ pcm_formats |= SNDRV_PCM_FMTBIT_SPECIAL;
+ /* flag potentially raw DSD capable altsettings */
+ fp->dsd_raw = true;
++ /* clear special format bit to avoid "unsupported format" msg below */
++ format &= ~UAC2_FORMAT_TYPE_I_RAW_DATA;
+ }
+
+ format <<= 1;
+@@ -71,8 +73,11 @@ static u64 parse_audio_format_i_type(struct snd_usb_audio *chip,
+ sample_width = as->bBitResolution;
+ sample_bytes = as->bSubslotSize;
+
+- if (format & UAC3_FORMAT_TYPE_I_RAW_DATA)
++ if (format & UAC3_FORMAT_TYPE_I_RAW_DATA) {
+ pcm_formats |= SNDRV_PCM_FMTBIT_SPECIAL;
++ /* clear special format bit to avoid "unsupported format" msg below */
++ format &= ~UAC3_FORMAT_TYPE_I_RAW_DATA;
++ }
+
+ format <<= 1;
+ break;
+--
+2.39.5
+
--- /dev/null
+From bc844e25db4611dde06add5eeaaee8de09c15a1b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 6 Nov 2024 12:14:59 +0200
+Subject: usb: xhci: Avoid queuing redundant Stop Endpoint commands
+
+From: Michal Pecio <michal.pecio@gmail.com>
+
+[ Upstream commit 474538b8dd1cd9c666e56cfe8ef60fbb0fb513f4 ]
+
+Stop Endpoint command on an already stopped endpoint fails and may be
+misinterpreted as a known hardware bug by the completion handler. This
+results in an unnecessary delay with repeated retries of the command.
+
+Avoid queuing this command when endpoint state flags indicate that it's
+stopped or halted and the command will fail. If commands are pending on
+the endpoint, their completion handlers will process cancelled TDs so
+it's done. In case of waiting for external operations like clearing TT
+buffer, the endpoint is stopped and cancelled TDs can be processed now.
+
+This eliminates practically all unnecessary retries because an endpoint
+with pending URBs is maintained in Running state by the driver, unless
+aforementioned commands or other operations are pending on it. This is
+guaranteed by xhci_ring_ep_doorbell() and by the fact that it is called
+every time any of those operations completes.
+
+The only known exceptions are hardware bugs (the endpoint never starts
+at all) and Stream Protocol errors not associated with any TRB, which
+cause an endpoint reset not followed by restart. Sounds like a bug.
+
+Generally, these retries are only expected to happen when the endpoint
+fails to start for unknown/no reason, which is a worse problem itself,
+and fixing the bug eliminates the retries too.
+
+All cases were tested and found to work as expected. SET_DEQ_PENDING
+was produced by patching uvcvideo to unlink URBs in 100us intervals,
+which then runs into this case very often. EP_HALTED was produced by
+restarting 'cat /dev/ttyUSB0' on a serial dongle with broken cable.
+EP_CLEARING_TT by the same, with the dongle on an external hub.
+
+Fixes: fd9d55d190c0 ("xhci: retry Stop Endpoint on buggy NEC controllers")
+CC: stable@vger.kernel.org
+Signed-off-by: Michal Pecio <michal.pecio@gmail.com>
+Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
+Link: https://lore.kernel.org/r/20241106101459.775897-34-mathias.nyman@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/host/xhci-ring.c | 13 +++++++++++++
+ drivers/usb/host/xhci.c | 19 +++++++++++++++----
+ drivers/usb/host/xhci.h | 1 +
+ 3 files changed, 29 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
+index 0ff70c859f14..f2b86872aa6b 100644
+--- a/drivers/usb/host/xhci-ring.c
++++ b/drivers/usb/host/xhci-ring.c
+@@ -1059,6 +1059,19 @@ static int xhci_invalidate_cancelled_tds(struct xhci_virt_ep *ep)
+ return 0;
+ }
+
++/*
++ * Erase queued TDs from transfer ring(s) and give back those the xHC didn't
++ * stop on. If necessary, queue commands to move the xHC off cancelled TDs it
++ * stopped on. Those will be given back later when the commands complete.
++ *
++ * Call under xhci->lock on a stopped endpoint.
++ */
++void xhci_process_cancelled_tds(struct xhci_virt_ep *ep)
++{
++ xhci_invalidate_cancelled_tds(ep);
++ xhci_giveback_invalidated_tds(ep);
++}
++
+ /*
+ * Returns the TD the endpoint ring halted on.
+ * Only call for non-running rings without streams.
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
+index 58483d1e5d3f..c145a1ac1aba 100644
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -1883,10 +1883,21 @@ static int xhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status)
+ }
+ }
+
+- /* Queue a stop endpoint command, but only if this is
+- * the first cancellation to be handled.
+- */
+- if (!(ep->ep_state & EP_STOP_CMD_PENDING)) {
++ /* These completion handlers will sort out cancelled TDs for us */
++ if (ep->ep_state & (EP_STOP_CMD_PENDING | EP_HALTED | SET_DEQ_PENDING)) {
++ xhci_dbg(xhci, "Not queuing Stop Endpoint on slot %d ep %d in state 0x%x\n",
++ urb->dev->slot_id, ep_index, ep->ep_state);
++ goto done;
++ }
++
++ /* In this case no commands are pending but the endpoint is stopped */
++ if (ep->ep_state & EP_CLEARING_TT) {
++ /* and cancelled TDs can be given back right away */
++ xhci_dbg(xhci, "Invalidating TDs instantly on slot %d ep %d in state 0x%x\n",
++ urb->dev->slot_id, ep_index, ep->ep_state);
++ xhci_process_cancelled_tds(ep);
++ } else {
++ /* Otherwise, queue a new Stop Endpoint command */
+ command = xhci_alloc_command(xhci, false, GFP_ATOMIC);
+ if (!command) {
+ ret = -ENOMEM;
+diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
+index 67d5ef952d6a..f76dae4ea429 100644
+--- a/drivers/usb/host/xhci.h
++++ b/drivers/usb/host/xhci.h
+@@ -1928,6 +1928,7 @@ void xhci_ring_doorbell_for_active_rings(struct xhci_hcd *xhci,
+ void xhci_cleanup_command_queue(struct xhci_hcd *xhci);
+ void inc_deq(struct xhci_hcd *xhci, struct xhci_ring *ring);
+ unsigned int count_trbs(u64 addr, u64 len);
++void xhci_process_cancelled_tds(struct xhci_virt_ep *ep);
+
+ /* xHCI roothub code */
+ void xhci_set_link_state(struct xhci_hcd *xhci, struct xhci_port *port,
+--
+2.39.5
+
--- /dev/null
+From 0c8707e243771e70b51ff17bf4207aefb51100fe Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 19 Nov 2024 17:35:39 +0200
+Subject: wifi: mac80211: wake the queues in case of failure in resume
+
+From: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+
+[ Upstream commit 220bf000530f9b1114fa2a1022a871c7ce8a0b38 ]
+
+In case we fail to resume, we'll WARN with
+"Hardware became unavailable during restart." and we'll wait until user
+space does something. It'll typically bring the interface down and up to
+recover. This won't work though because the queues are still stopped on
+IEEE80211_QUEUE_STOP_REASON_SUSPEND reason.
+Make sure we clear that reason so that we give a chance to the recovery
+to succeed.
+
+Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219447
+Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
+Link: https://patch.msgid.link/20241119173108.cd628f560f97.I76a15fdb92de450e5329940125f3c58916be3942@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/mac80211/util.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/net/mac80211/util.c b/net/mac80211/util.c
+index 85d3d2034d43..cc78d3cba45e 100644
+--- a/net/mac80211/util.c
++++ b/net/mac80211/util.c
+@@ -2374,6 +2374,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
+ WARN(1, "Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n");
+ else
+ WARN(1, "Hardware became unavailable during restart.\n");
++ ieee80211_wake_queues_by_reason(hw, IEEE80211_MAX_QUEUE_MAP,
++ IEEE80211_QUEUE_STOP_REASON_SUSPEND,
++ false);
+ ieee80211_handle_reconfig_failure(local);
+ return res;
+ }
+--
+2.39.5
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
