--- /dev/null
+From 4f8ff9486fd94b9d6a4932f2aefb9f2fc3bd0cf6 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Fri, 25 Jul 2025 10:33:28 +0900
+Subject: ksmbd: fix corrupted mtime and ctime in smb2_open
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit 4f8ff9486fd94b9d6a4932f2aefb9f2fc3bd0cf6 upstream.
+
+If STATX_BASIC_STATS flags are not given as an argument to vfs_getattr,
+It can not get ctime and mtime in kstat.
+
+This causes a problem showing mtime and ctime outdated from cifs.ko.
+File: /xfstest.test/foo
+Size: 4096 Blocks: 8 IO Block: 1048576 regular file
+Device: 0,65 Inode: 2033391 Links: 1
+Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
+Context: system_u:object_r:cifs_t:s0
+Access: 2025-07-23 22:15:30.136051900 +0100
+Modify: 1970-01-01 01:00:00.000000000 +0100
+Change: 1970-01-01 01:00:00.000000000 +0100
+Birth: 2025-07-23 22:15:30.136051900 +0100
+
+Cc: stable@vger.kernel.org
+Reported-by: David Howells <dhowells@redhat.com>
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/vfs.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/smb/server/vfs.c
++++ b/fs/smb/server/vfs.c
+@@ -546,7 +546,8 @@ int ksmbd_vfs_getattr(const struct path
+ {
+ int err;
+
+- err = vfs_getattr(path, stat, STATX_BTIME, AT_STATX_SYNC_AS_STAT);
++ err = vfs_getattr(path, stat, STATX_BASIC_STATS | STATX_BTIME,
++ AT_STATX_SYNC_AS_STAT);
+ if (err)
+ pr_err("getattr failed, err %d\n", err);
+ return err;
--- /dev/null
+From 9b493ab6f35178afd8d619800df9071992f715de Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Mon, 21 Jul 2025 14:28:55 +0900
+Subject: ksmbd: fix null pointer dereference error in generate_encryptionkey
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit 9b493ab6f35178afd8d619800df9071992f715de upstream.
+
+If client send two session setups with krb5 authenticate to ksmbd,
+null pointer dereference error in generate_encryptionkey could happen.
+sess->Preauth_HashValue is set to NULL if session is valid.
+So this patch skip generate encryption key if session is valid.
+
+Cc: stable@vger.kernel.org
+Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-27654
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/smb2pdu.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+--- a/fs/smb/server/smb2pdu.c
++++ b/fs/smb/server/smb2pdu.c
+@@ -1621,11 +1621,24 @@ static int krb5_authenticate(struct ksmb
+
+ rsp->SecurityBufferLength = cpu_to_le16(out_len);
+
+- if ((conn->sign || server_conf.enforced_signing) ||
++ /*
++ * If session state is SMB2_SESSION_VALID, We can assume
++ * that it is reauthentication. And the user/password
++ * has been verified, so return it here.
++ */
++ if (sess->state == SMB2_SESSION_VALID) {
++ if (conn->binding)
++ goto binding_session;
++ return 0;
++ }
++
++ if ((rsp->SessionFlags != SMB2_SESSION_FLAG_IS_GUEST_LE &&
++ (conn->sign || server_conf.enforced_signing)) ||
+ (req->SecurityMode & SMB2_NEGOTIATE_SIGNING_REQUIRED))
+ sess->sign = true;
+
+- if (smb3_encryption_negotiated(conn)) {
++ if (smb3_encryption_negotiated(conn) &&
++ !(req->Flags & SMB2_SESSION_REQ_FLAG_BINDING)) {
+ retval = conn->ops->generate_encryptionkey(conn, sess);
+ if (retval) {
+ ksmbd_debug(SMB,
+@@ -1638,6 +1651,7 @@ static int krb5_authenticate(struct ksmb
+ sess->sign = false;
+ }
+
++binding_session:
+ if (conn->dialect >= SMB30_PROT_ID) {
+ chann = lookup_chann_list(sess, conn);
+ if (!chann) {
--- /dev/null
+From 44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Fri, 25 Jul 2025 08:13:31 +0900
+Subject: ksmbd: fix Preauh_HashValue race condition
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit 44a3059c4c8cc635a1fb2afd692d0730ca1ba4b6 upstream.
+
+If client send multiple session setup requests to ksmbd,
+Preauh_HashValue race condition could happen.
+There is no need to free sess->Preauh_HashValue at session setup phase.
+It can be freed together with session at connection termination phase.
+
+Cc: stable@vger.kernel.org
+Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-27661
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/smb2pdu.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/fs/smb/server/smb2pdu.c
++++ b/fs/smb/server/smb2pdu.c
+@@ -1847,8 +1847,6 @@ int smb2_sess_setup(struct ksmbd_work *w
+ ksmbd_conn_set_good(conn);
+ sess->state = SMB2_SESSION_VALID;
+ }
+- kfree(sess->Preauth_HashValue);
+- sess->Preauth_HashValue = NULL;
+ } else if (conn->preferred_auth_mech == KSMBD_AUTH_NTLMSSP) {
+ if (negblob->MessageType == NtLmNegotiate) {
+ rc = ntlm_negotiate(work, negblob, negblob_len, rsp);
+@@ -1875,8 +1873,6 @@ int smb2_sess_setup(struct ksmbd_work *w
+ kfree(preauth_sess);
+ }
+ }
+- kfree(sess->Preauth_HashValue);
+- sess->Preauth_HashValue = NULL;
+ } else {
+ pr_info_ratelimited("Unknown NTLMSSP message type : 0x%x\n",
+ le32_to_cpu(negblob->MessageType));
--- /dev/null
+From e6bb9193974059ddbb0ce7763fa3882bd60d4dc3 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Tue, 5 Aug 2025 18:13:13 +0900
+Subject: ksmbd: limit repeated connections from clients with the same IP
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit e6bb9193974059ddbb0ce7763fa3882bd60d4dc3 upstream.
+
+Repeated connections from clients with the same IP address may exhaust
+the max connections and prevent other normal client connections.
+This patch limit repeated connections from clients with the same IP.
+
+Reported-by: tianshuo han <hantianshuo233@gmail.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/connection.h | 1 +
+ fs/smb/server/transport_tcp.c | 17 +++++++++++++++++
+ 2 files changed, 18 insertions(+)
+
+--- a/fs/smb/server/connection.h
++++ b/fs/smb/server/connection.h
+@@ -46,6 +46,7 @@ struct ksmbd_conn {
+ struct mutex srv_mutex;
+ int status;
+ unsigned int cli_cap;
++ __be32 inet_addr;
+ char *request_buf;
+ struct ksmbd_transport *transport;
+ struct nls_table *local_nls;
+--- a/fs/smb/server/transport_tcp.c
++++ b/fs/smb/server/transport_tcp.c
+@@ -87,6 +87,7 @@ static struct tcp_transport *alloc_trans
+ return NULL;
+ }
+
++ conn->inet_addr = inet_sk(client_sk->sk)->inet_daddr;
+ conn->transport = KSMBD_TRANS(t);
+ KSMBD_TRANS(t)->conn = conn;
+ KSMBD_TRANS(t)->ops = &ksmbd_tcp_transport_ops;
+@@ -230,6 +231,8 @@ static int ksmbd_kthread_fn(void *p)
+ {
+ struct socket *client_sk = NULL;
+ struct interface *iface = (struct interface *)p;
++ struct inet_sock *csk_inet;
++ struct ksmbd_conn *conn;
+ int ret;
+
+ while (!kthread_should_stop()) {
+@@ -248,6 +251,20 @@ static int ksmbd_kthread_fn(void *p)
+ continue;
+ }
+
++ /*
++ * Limits repeated connections from clients with the same IP.
++ */
++ csk_inet = inet_sk(client_sk->sk);
++ down_read(&conn_list_lock);
++ list_for_each_entry(conn, &conn_list, conns_list)
++ if (csk_inet->inet_daddr == conn->inet_addr) {
++ ret = -EAGAIN;
++ break;
++ }
++ up_read(&conn_list_lock);
++ if (ret == -EAGAIN)
++ continue;
++
+ if (server_conf.max_connections &&
+ atomic_inc_return(&active_num_conn) >= server_conf.max_connections) {
+ pr_info_ratelimited("Limit the maximum number of connections(%u)\n",
selftests-perf_events-add-a-mmap-correctness-test.patch
net-packet-fix-a-race-in-packet_set_ring-and-packet_notifier.patch
vsock-do-not-allow-binding-to-vmaddr_port_any.patch
+ksmbd-fix-null-pointer-dereference-error-in-generate_encryptionkey.patch
+ksmbd-fix-preauh_hashvalue-race-condition.patch
+ksmbd-fix-corrupted-mtime-and-ctime-in-smb2_open.patch
+smb-client-fix-netns-refcount-leak-after-net_passive-changes.patch
+smb-client-set-symlink-type-as-native-for-posix-mounts.patch
+smb-client-default-to-nonativesocket-under-posix-mounts.patch
+ksmbd-limit-repeated-connections-from-clients-with-the-same-ip.patch
+smb-server-fix-extension-string-in-ksmbd_extract_shortname.patch
+usb-serial-option-add-foxconn-t99w709.patch
--- /dev/null
+From 6b445309eec2bc0594f3e24c7777aeef891d386e Mon Sep 17 00:00:00 2001
+From: Paulo Alcantara <pc@manguebit.org>
+Date: Thu, 31 Jul 2025 20:46:42 -0300
+Subject: smb: client: default to nonativesocket under POSIX mounts
+
+From: Paulo Alcantara <pc@manguebit.org>
+
+commit 6b445309eec2bc0594f3e24c7777aeef891d386e upstream.
+
+SMB3.1.1 POSIX mounts require sockets to be created with NFS reparse
+points.
+
+Cc: linux-cifs@vger.kernel.org
+Cc: Ralph Boehme <slow@samba.org>
+Cc: David Howells <dhowells@redhat.com>
+Cc: <stable@vger.kernel.org>
+Reported-by: Matthew Richardson <m.richardson@ed.ac.uk>
+Closes: https://marc.info/?i=1124e7cd-6a46-40a6-9f44-b7664a66654b@ed.ac.uk
+Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/fs_context.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/smb/client/fs_context.c
++++ b/fs/smb/client/fs_context.c
+@@ -1674,6 +1674,7 @@ static int smb3_fs_context_parse_param(s
+ pr_warn_once("conflicting posix mount options specified\n");
+ ctx->linux_ext = 1;
+ ctx->no_linux_ext = 0;
++ ctx->nonativesocket = 1; /* POSIX mounts use NFS style reparse points */
+ }
+ break;
+ case Opt_nocase:
--- /dev/null
+From 59b33fab4ca4d7dacc03367082777627e05d0323 Mon Sep 17 00:00:00 2001
+From: Wang Zhaolong <wangzhaolong@huaweicloud.com>
+Date: Thu, 17 Jul 2025 21:29:26 +0800
+Subject: smb: client: fix netns refcount leak after net_passive changes
+
+From: Wang Zhaolong <wangzhaolong@huaweicloud.com>
+
+commit 59b33fab4ca4d7dacc03367082777627e05d0323 upstream.
+
+After commit 5c70eb5c593d ("net: better track kernel sockets lifetime"),
+kernel sockets now use net_passive reference counting. However, commit
+95d2b9f693ff ("Revert "smb: client: fix TCP timers deadlock after rmmod"")
+restored the manual socket refcount manipulation without adapting to this
+new mechanism, causing a memory leak.
+
+The issue can be reproduced by[1]:
+1. Creating a network namespace
+2. Mounting and Unmounting CIFS within the namespace
+3. Deleting the namespace
+
+Some memory leaks may appear after a period of time following step 3.
+
+unreferenced object 0xffff9951419f6b00 (size 256):
+ comm "ip", pid 447, jiffies 4294692389 (age 14.730s)
+ hex dump (first 32 bytes):
+ 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ 00 00 00 00 00 00 00 00 80 77 c2 44 51 99 ff ff .........w.DQ...
+ backtrace:
+ __kmem_cache_alloc_node+0x30e/0x3d0
+ __kmalloc+0x52/0x120
+ net_alloc_generic+0x1d/0x30
+ copy_net_ns+0x86/0x200
+ create_new_namespaces+0x117/0x300
+ unshare_nsproxy_namespaces+0x60/0xa0
+ ksys_unshare+0x148/0x360
+ __x64_sys_unshare+0x12/0x20
+ do_syscall_64+0x59/0x110
+ entry_SYSCALL_64_after_hwframe+0x78/0xe2
+...
+unreferenced object 0xffff9951442e7500 (size 32):
+ comm "mount.cifs", pid 475, jiffies 4294693782 (age 13.343s)
+ hex dump (first 32 bytes):
+ 40 c5 38 46 51 99 ff ff 18 01 96 42 51 99 ff ff @.8FQ......BQ...
+ 01 00 00 00 6f 00 c5 07 6f 00 d8 07 00 00 00 00 ....o...o.......
+ backtrace:
+ __kmem_cache_alloc_node+0x30e/0x3d0
+ kmalloc_trace+0x2a/0x90
+ ref_tracker_alloc+0x8e/0x1d0
+ sk_alloc+0x18c/0x1c0
+ inet_create+0xf1/0x370
+ __sock_create+0xd7/0x1e0
+ generic_ip_connect+0x1d4/0x5a0 [cifs]
+ cifs_get_tcp_session+0x5d0/0x8a0 [cifs]
+ cifs_mount_get_session+0x47/0x1b0 [cifs]
+ dfs_mount_share+0xfa/0xa10 [cifs]
+ cifs_mount+0x68/0x2b0 [cifs]
+ cifs_smb3_do_mount+0x10b/0x760 [cifs]
+ smb3_get_tree+0x112/0x2e0 [cifs]
+ vfs_get_tree+0x29/0xf0
+ path_mount+0x2d4/0xa00
+ __se_sys_mount+0x165/0x1d0
+
+Root cause:
+When creating kernel sockets, sk_alloc() calls net_passive_inc() for
+sockets with sk_net_refcnt=0. The CIFS code manually converts kernel
+sockets to user sockets by setting sk_net_refcnt=1, but doesn't call
+the corresponding net_passive_dec(). This creates an imbalance in the
+net_passive counter, which prevents the network namespace from being
+destroyed when its last user reference is dropped. As a result, the
+entire namespace and all its associated resources remain allocated.
+
+Timeline of patches leading to this issue:
+- commit ef7134c7fc48 ("smb: client: Fix use-after-free of network
+ namespace.") in v6.12 fixed the original netns UAF by manually
+ managing socket refcounts
+- commit e9f2517a3e18 ("smb: client: fix TCP timers deadlock after
+ rmmod") in v6.13 attempted to use kernel sockets but introduced
+ TCP timer issues
+- commit 5c70eb5c593d ("net: better track kernel sockets lifetime")
+ in v6.14-rc5 introduced the net_passive mechanism with
+ sk_net_refcnt_upgrade() for proper socket conversion
+- commit 95d2b9f693ff ("Revert "smb: client: fix TCP timers deadlock
+ after rmmod"") in v6.15-rc3 reverted to manual refcount management
+ without adapting to the new net_passive changes
+
+Fix this by using sk_net_refcnt_upgrade() which properly handles the
+net_passive counter when converting kernel sockets to user sockets.
+
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=220343 [1]
+Fixes: 95d2b9f693ff ("Revert "smb: client: fix TCP timers deadlock after rmmod"")
+Cc: stable@vger.kernel.org
+Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com>
+Reviewed-by: Enzo Matsumiya <ematsumiya@suse.de>
+Signed-off-by: Wang Zhaolong <wangzhaolong@huaweicloud.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/connect.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+--- a/fs/smb/client/connect.c
++++ b/fs/smb/client/connect.c
+@@ -3362,18 +3362,15 @@ generic_ip_connect(struct TCP_Server_Inf
+ struct net *net = cifs_net_ns(server);
+ struct sock *sk;
+
+- rc = __sock_create(net, sfamily, SOCK_STREAM,
+- IPPROTO_TCP, &server->ssocket, 1);
++ rc = sock_create_kern(net, sfamily, SOCK_STREAM,
++ IPPROTO_TCP, &server->ssocket);
+ if (rc < 0) {
+ cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
+ return rc;
+ }
+
+ sk = server->ssocket->sk;
+- __netns_tracker_free(net, &sk->ns_tracker, false);
+- sk->sk_net_refcnt = 1;
+- get_net_track(net, &sk->ns_tracker, GFP_KERNEL);
+- sock_inuse_add(net, 1);
++ sk_net_refcnt_upgrade(sk);
+
+ /* BB other socket options to set KEEPALIVE, NODELAY? */
+ cifs_dbg(FYI, "Socket created\n");
--- /dev/null
+From a967e758f8e9d8ce5ef096743393df5e6e51644b Mon Sep 17 00:00:00 2001
+From: Paulo Alcantara <pc@manguebit.org>
+Date: Thu, 31 Jul 2025 20:46:41 -0300
+Subject: smb: client: set symlink type as native for POSIX mounts
+
+From: Paulo Alcantara <pc@manguebit.org>
+
+commit a967e758f8e9d8ce5ef096743393df5e6e51644b upstream.
+
+SMB3.1.1 POSIX mounts require symlinks to be created natively with
+IO_REPARSE_TAG_SYMLINK reparse point.
+
+Cc: linux-cifs@vger.kernel.org
+Cc: Ralph Boehme <slow@samba.org>
+Cc: David Howells <dhowells@redhat.com>
+Cc: <stable@vger.kernel.org>
+Reported-by: Matthew Richardson <m.richardson@ed.ac.uk>
+Closes: https://marc.info/?i=1124e7cd-6a46-40a6-9f44-b7664a66654b@ed.ac.uk
+Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/client/cifsfs.c | 2 +-
+ fs/smb/client/fs_context.c | 18 ------------------
+ fs/smb/client/fs_context.h | 18 +++++++++++++++++-
+ fs/smb/client/link.c | 11 +++--------
+ fs/smb/client/reparse.c | 2 +-
+ 5 files changed, 22 insertions(+), 29 deletions(-)
+
+--- a/fs/smb/client/cifsfs.c
++++ b/fs/smb/client/cifsfs.c
+@@ -724,7 +724,7 @@ cifs_show_options(struct seq_file *s, st
+ else
+ seq_puts(s, ",nativesocket");
+ seq_show_option(s, "symlink",
+- cifs_symlink_type_str(get_cifs_symlink_type(cifs_sb)));
++ cifs_symlink_type_str(cifs_symlink_type(cifs_sb)));
+
+ seq_printf(s, ",rsize=%u", cifs_sb->ctx->rsize);
+ seq_printf(s, ",wsize=%u", cifs_sb->ctx->wsize);
+--- a/fs/smb/client/fs_context.c
++++ b/fs/smb/client/fs_context.c
+@@ -1851,24 +1851,6 @@ static int smb3_fs_context_parse_param(s
+ return -EINVAL;
+ }
+
+-enum cifs_symlink_type get_cifs_symlink_type(struct cifs_sb_info *cifs_sb)
+-{
+- if (cifs_sb->ctx->symlink_type == CIFS_SYMLINK_TYPE_DEFAULT) {
+- if (cifs_sb->ctx->mfsymlinks)
+- return CIFS_SYMLINK_TYPE_MFSYMLINKS;
+- else if (cifs_sb->ctx->sfu_emul)
+- return CIFS_SYMLINK_TYPE_SFU;
+- else if (cifs_sb->ctx->linux_ext && !cifs_sb->ctx->no_linux_ext)
+- return CIFS_SYMLINK_TYPE_UNIX;
+- else if (cifs_sb->ctx->reparse_type != CIFS_REPARSE_TYPE_NONE)
+- return CIFS_SYMLINK_TYPE_NATIVE;
+- else
+- return CIFS_SYMLINK_TYPE_NONE;
+- } else {
+- return cifs_sb->ctx->symlink_type;
+- }
+-}
+-
+ int smb3_init_fs_context(struct fs_context *fc)
+ {
+ struct smb3_fs_context *ctx;
+--- a/fs/smb/client/fs_context.h
++++ b/fs/smb/client/fs_context.h
+@@ -341,7 +341,23 @@ struct smb3_fs_context {
+
+ extern const struct fs_parameter_spec smb3_fs_parameters[];
+
+-extern enum cifs_symlink_type get_cifs_symlink_type(struct cifs_sb_info *cifs_sb);
++static inline enum cifs_symlink_type cifs_symlink_type(struct cifs_sb_info *cifs_sb)
++{
++ bool posix = cifs_sb_master_tcon(cifs_sb)->posix_extensions;
++
++ if (cifs_sb->ctx->symlink_type != CIFS_SYMLINK_TYPE_DEFAULT)
++ return cifs_sb->ctx->symlink_type;
++
++ if (cifs_sb->ctx->mfsymlinks)
++ return CIFS_SYMLINK_TYPE_MFSYMLINKS;
++ else if (cifs_sb->ctx->sfu_emul)
++ return CIFS_SYMLINK_TYPE_SFU;
++ else if (cifs_sb->ctx->linux_ext && !cifs_sb->ctx->no_linux_ext)
++ return posix ? CIFS_SYMLINK_TYPE_NATIVE : CIFS_SYMLINK_TYPE_UNIX;
++ else if (cifs_sb->ctx->reparse_type != CIFS_REPARSE_TYPE_NONE)
++ return CIFS_SYMLINK_TYPE_NATIVE;
++ return CIFS_SYMLINK_TYPE_NONE;
++}
+
+ extern int smb3_init_fs_context(struct fs_context *fc);
+ extern void smb3_cleanup_fs_context_contents(struct smb3_fs_context *ctx);
+--- a/fs/smb/client/link.c
++++ b/fs/smb/client/link.c
+@@ -606,14 +606,7 @@ cifs_symlink(struct mnt_idmap *idmap, st
+
+ /* BB what if DFS and this volume is on different share? BB */
+ rc = -EOPNOTSUPP;
+- switch (get_cifs_symlink_type(cifs_sb)) {
+- case CIFS_SYMLINK_TYPE_DEFAULT:
+- /* should not happen, get_cifs_symlink_type() resolves the default */
+- break;
+-
+- case CIFS_SYMLINK_TYPE_NONE:
+- break;
+-
++ switch (cifs_symlink_type(cifs_sb)) {
+ case CIFS_SYMLINK_TYPE_UNIX:
+ #ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
+ if (pTcon->unix_ext) {
+@@ -653,6 +646,8 @@ cifs_symlink(struct mnt_idmap *idmap, st
+ goto symlink_exit;
+ }
+ break;
++ default:
++ break;
+ }
+
+ if (rc == 0) {
+--- a/fs/smb/client/reparse.c
++++ b/fs/smb/client/reparse.c
+@@ -38,7 +38,7 @@ int smb2_create_reparse_symlink(const un
+ struct dentry *dentry, struct cifs_tcon *tcon,
+ const char *full_path, const char *symname)
+ {
+- switch (get_cifs_symlink_type(CIFS_SB(inode->i_sb))) {
++ switch (cifs_symlink_type(CIFS_SB(inode->i_sb))) {
+ case CIFS_SYMLINK_TYPE_NATIVE:
+ return create_native_symlink(xid, inode, dentry, tcon, full_path, symname);
+ case CIFS_SYMLINK_TYPE_NFS:
--- /dev/null
+From 8e7d178d06e8937454b6d2f2811fa6a15656a214 Mon Sep 17 00:00:00 2001
+From: Thorsten Blum <thorsten.blum@linux.dev>
+Date: Wed, 6 Aug 2025 03:03:49 +0200
+Subject: smb: server: Fix extension string in ksmbd_extract_shortname()
+
+From: Thorsten Blum <thorsten.blum@linux.dev>
+
+commit 8e7d178d06e8937454b6d2f2811fa6a15656a214 upstream.
+
+In ksmbd_extract_shortname(), strscpy() is incorrectly called with the
+length of the source string (excluding the NUL terminator) rather than
+the size of the destination buffer. This results in "__" being copied
+to 'extension' rather than "___" (two underscores instead of three).
+
+Use the destination buffer size instead to ensure that the string "___"
+(three underscores) is copied correctly.
+
+Cc: stable@vger.kernel.org
+Fixes: e2f34481b24d ("cifsd: add server-side procedures for SMB3")
+Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
+Acked-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/smb_common.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/smb/server/smb_common.c
++++ b/fs/smb/server/smb_common.c
+@@ -515,7 +515,7 @@ int ksmbd_extract_shortname(struct ksmbd
+
+ p = strrchr(longname, '.');
+ if (p == longname) { /*name starts with a dot*/
+- strscpy(extension, "___", strlen("___"));
++ strscpy(extension, "___", sizeof(extension));
+ } else {
+ if (p) {
+ p++;
--- /dev/null
+From ad1244e1ce18f8c1a5ebad8074bfcf10eacb0311 Mon Sep 17 00:00:00 2001
+From: Slark Xiao <slark_xiao@163.com>
+Date: Mon, 21 Jul 2025 19:39:19 +0800
+Subject: USB: serial: option: add Foxconn T99W709
+
+From: Slark Xiao <slark_xiao@163.com>
+
+commit ad1244e1ce18f8c1a5ebad8074bfcf10eacb0311 upstream.
+
+T99W709 is designed based on MTK T300(5G redcap) chip. There are
+7 serial ports to be enumerated: AP_LOG, GNSS, AP_META, AT,
+MD_META, NPT, DBG. RSVD(5) for ADB port.
+
+test evidence as below:
+T: Bus=01 Lev=02 Prnt=02 Port=00 Cnt=01 Dev#= 7 Spd=480 MxCh= 0
+D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
+P: Vendor=0489 ProdID=e15f Rev=00.01
+S: Manufacturer=MediaTek Inc.
+S: Product=USB DATA CARD
+S: SerialNumber=355511220000399
+C: #Ifs=10 Cfg#= 1 Atr=a0 MxPwr=500mA
+I: If#=0x0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
+I: If#=0x1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
+I: If#=0x2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+I: If#=0x3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+I: If#=0x4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+I: If#=0x5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=usbfs
+I: If#=0x6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+I: If#=0x7 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+I: If#=0x8 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+I: If#=0x9 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
+
+Signed-off-by: Slark Xiao <slark_xiao@163.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/usb/serial/option.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -2346,6 +2346,8 @@ static const struct usb_device_id option
+ .driver_info = RSVD(3) },
+ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe145, 0xff), /* Foxconn T99W651 RNDIS */
+ .driver_info = RSVD(5) | RSVD(6) },
++ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe15f, 0xff), /* Foxconn T99W709 */
++ .driver_info = RSVD(5) },
+ { USB_DEVICE_INTERFACE_CLASS(0x0489, 0xe167, 0xff), /* Foxconn T99W640 MBIM */
+ .driver_info = RSVD(3) },
+ { USB_DEVICE(0x1508, 0x1001), /* Fibocom NL668 (IOT version) */
projects / thirdparty / kernel / stable-queue.git / commitdiff
