--- /dev/null
+From 97cc8af09753d9e8121d7af4381afdbf43da5f07 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 28 Dec 2024 17:52:53 +0100
+Subject: ACPI: resource: acpi_dev_irq_override(): Check DMI match last
+
+From: Hans de Goede <hdegoede@redhat.com>
+
+[ Upstream commit cd4a7b2e6a2437a5502910c08128ea3bad55a80b ]
+
+acpi_dev_irq_override() gets called approx. 30 times during boot (15 legacy
+IRQs * 2 override_table entries). Of these 30 calls at max 1 will match
+the non DMI checks done by acpi_dev_irq_override(). The dmi_check_system()
+check is by far the most expensive check done by acpi_dev_irq_override(),
+make this call the last check done by acpi_dev_irq_override() so that it
+will be called at max 1 time instead of 30 times.
+
+Signed-off-by: Hans de Goede <hdegoede@redhat.com>
+Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
+Link: https://patch.msgid.link/20241228165253.42584-1-hdegoede@redhat.com
+[ rjw: Subject edit ]
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/acpi/resource.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c
+index c82b255f82bc4..64d83ff3c0d90 100644
+--- a/drivers/acpi/resource.c
++++ b/drivers/acpi/resource.c
+@@ -680,11 +680,11 @@ static bool acpi_dev_irq_override(u32 gsi, u8 triggering, u8 polarity,
+ for (i = 0; i < ARRAY_SIZE(override_table); i++) {
+ const struct irq_override_cmp *entry = &override_table[i];
+
+- if (dmi_check_system(entry->system) &&
+- entry->irq == gsi &&
++ if (entry->irq == gsi &&
+ entry->triggering == triggering &&
+ entry->polarity == polarity &&
+- entry->shareable == shareable)
++ entry->shareable == shareable &&
++ dmi_check_system(entry->system))
+ return entry->override;
+ }
+
+--
+2.39.5
+
--- /dev/null
+From cdc2120f380492f5e3d48cbc6b073a4b1cc42737 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Dec 2024 13:50:05 +0000
+Subject: cachefiles: Parse the "secctx" immediately
+
+From: Max Kellermann <max.kellermann@ionos.com>
+
+[ Upstream commit e5a8b6446c0d370716f193771ccacf3260a57534 ]
+
+Instead of storing an opaque string, call security_secctx_to_secid()
+right in the "secctx" command handler and store only the numeric
+"secid". This eliminates an unnecessary string allocation and allows
+the daemon to receive errors when writing the "secctx" command instead
+of postponing the error to the "bind" command handler. For example,
+if the kernel was built without `CONFIG_SECURITY`, "bind" will return
+`EOPNOTSUPP`, but the daemon doesn't know why. With this patch, the
+"secctx" will instead return `EOPNOTSUPP` which is the right context
+for this error.
+
+This patch adds a boolean flag `have_secid` because I'm not sure if we
+can safely assume that zero is the special secid value for "not set".
+This appears to be true for SELinux, Smack and AppArmor, but since
+this attribute is not documented, I'm unable to derive a stable
+guarantee for that.
+
+Signed-off-by: Max Kellermann <max.kellermann@ionos.com>
+Signed-off-by: David Howells <dhowells@redhat.com>
+Link: https://lore.kernel.org/r/20241209141554.638708-1-max.kellermann@ionos.com/
+Link: https://lore.kernel.org/r/20241213135013.2964079-6-dhowells@redhat.com
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/cachefiles/daemon.c | 14 +++++++-------
+ fs/cachefiles/internal.h | 3 ++-
+ fs/cachefiles/security.c | 6 +++---
+ 3 files changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c
+index 89b11336a8369..1806bff8e59bc 100644
+--- a/fs/cachefiles/daemon.c
++++ b/fs/cachefiles/daemon.c
+@@ -15,6 +15,7 @@
+ #include <linux/namei.h>
+ #include <linux/poll.h>
+ #include <linux/mount.h>
++#include <linux/security.h>
+ #include <linux/statfs.h>
+ #include <linux/ctype.h>
+ #include <linux/string.h>
+@@ -576,7 +577,7 @@ static int cachefiles_daemon_dir(struct cachefiles_cache *cache, char *args)
+ */
+ static int cachefiles_daemon_secctx(struct cachefiles_cache *cache, char *args)
+ {
+- char *secctx;
++ int err;
+
+ _enter(",%s", args);
+
+@@ -585,16 +586,16 @@ static int cachefiles_daemon_secctx(struct cachefiles_cache *cache, char *args)
+ return -EINVAL;
+ }
+
+- if (cache->secctx) {
++ if (cache->have_secid) {
+ pr_err("Second security context specified\n");
+ return -EINVAL;
+ }
+
+- secctx = kstrdup(args, GFP_KERNEL);
+- if (!secctx)
+- return -ENOMEM;
++ err = security_secctx_to_secid(args, strlen(args), &cache->secid);
++ if (err)
++ return err;
+
+- cache->secctx = secctx;
++ cache->have_secid = true;
+ return 0;
+ }
+
+@@ -820,7 +821,6 @@ static void cachefiles_daemon_unbind(struct cachefiles_cache *cache)
+ put_cred(cache->cache_cred);
+
+ kfree(cache->rootdirname);
+- kfree(cache->secctx);
+ kfree(cache->tag);
+
+ _leave("");
+diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
+index 111ad6ecd4baf..4421a12960a66 100644
+--- a/fs/cachefiles/internal.h
++++ b/fs/cachefiles/internal.h
+@@ -122,7 +122,6 @@ struct cachefiles_cache {
+ #define CACHEFILES_STATE_CHANGED 3 /* T if state changed (poll trigger) */
+ #define CACHEFILES_ONDEMAND_MODE 4 /* T if in on-demand read mode */
+ char *rootdirname; /* name of cache root directory */
+- char *secctx; /* LSM security context */
+ char *tag; /* cache binding tag */
+ refcount_t unbind_pincount;/* refcount to do daemon unbind */
+ struct xarray reqs; /* xarray of pending on-demand requests */
+@@ -130,6 +129,8 @@ struct cachefiles_cache {
+ struct xarray ondemand_ids; /* xarray for ondemand_id allocation */
+ u32 ondemand_id_next;
+ u32 msg_id_next;
++ u32 secid; /* LSM security id */
++ bool have_secid; /* whether "secid" was set */
+ };
+
+ static inline bool cachefiles_in_ondemand_mode(struct cachefiles_cache *cache)
+diff --git a/fs/cachefiles/security.c b/fs/cachefiles/security.c
+index fe777164f1d89..fc6611886b3b5 100644
+--- a/fs/cachefiles/security.c
++++ b/fs/cachefiles/security.c
+@@ -18,7 +18,7 @@ int cachefiles_get_security_ID(struct cachefiles_cache *cache)
+ struct cred *new;
+ int ret;
+
+- _enter("{%s}", cache->secctx);
++ _enter("{%u}", cache->have_secid ? cache->secid : 0);
+
+ new = prepare_kernel_cred(current);
+ if (!new) {
+@@ -26,8 +26,8 @@ int cachefiles_get_security_ID(struct cachefiles_cache *cache)
+ goto error;
+ }
+
+- if (cache->secctx) {
+- ret = set_security_override_from_ctx(new, cache->secctx);
++ if (cache->have_secid) {
++ ret = set_security_override(new, cache->secid);
+ if (ret < 0) {
+ put_cred(new);
+ pr_err("Security denies permission to nominate security context: error %d\n",
+--
+2.39.5
+
--- /dev/null
+From 3c7fb6d00488d02d9fb8aa80919638b47b33fa32 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 17 Dec 2024 07:18:36 +0000
+Subject: fs: fix missing declaration of init_files
+
+From: Zhang Kunbo <zhangkunbo@huawei.com>
+
+[ Upstream commit 2b2fc0be98a828cf33a88a28e9745e8599fb05cf ]
+
+fs/file.c should include include/linux/init_task.h for
+ declaration of init_files. This fixes the sparse warning:
+
+fs/file.c:501:21: warning: symbol 'init_files' was not declared. Should it be static?
+
+Signed-off-by: Zhang Kunbo <zhangkunbo@huawei.com>
+Link: https://lore.kernel.org/r/20241217071836.2634868-1-zhangkunbo@huawei.com
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/file.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/fs/file.c b/fs/file.c
+index bd817e31d7986..a178efc8cf4b5 100644
+--- a/fs/file.c
++++ b/fs/file.c
+@@ -21,6 +21,7 @@
+ #include <linux/rcupdate.h>
+ #include <linux/close_range.h>
+ #include <net/sock.h>
++#include <linux/init_task.h>
+
+ #include "internal.h"
+
+--
+2.39.5
+
--- /dev/null
+From 6a7a0dca1b44ac5f1f83a99d0f86a06ca826b534 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 30 Nov 2024 21:14:19 -0800
+Subject: hfs: Sanity check the root record
+
+From: Leo Stone <leocstone@gmail.com>
+
+[ Upstream commit b905bafdea21a75d75a96855edd9e0b6051eee30 ]
+
+In the syzbot reproducer, the hfs_cat_rec for the root dir has type
+HFS_CDR_FIL after being read with hfs_bnode_read() in hfs_super_fill().
+This indicates it should be used as an hfs_cat_file, which is 102 bytes.
+Only the first 70 bytes of that struct are initialized, however,
+because the entrylength passed into hfs_bnode_read() is still the length of
+a directory record. This causes uninitialized values to be used later on,
+when the hfs_cat_rec union is treated as the larger hfs_cat_file struct.
+
+Add a check to make sure the retrieved record has the correct type
+for the root directory (HFS_CDR_DIR), and make sure we load the correct
+number of bytes for a directory record.
+
+Reported-by: syzbot+2db3c7526ba68f4ea776@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=2db3c7526ba68f4ea776
+Tested-by: syzbot+2db3c7526ba68f4ea776@syzkaller.appspotmail.com
+Tested-by: Leo Stone <leocstone@gmail.com>
+Signed-off-by: Leo Stone <leocstone@gmail.com>
+Link: https://lore.kernel.org/r/20241201051420.77858-1-leocstone@gmail.com
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/hfs/super.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/fs/hfs/super.c b/fs/hfs/super.c
+index 6764afa98a6ff..431bdc65f7231 100644
+--- a/fs/hfs/super.c
++++ b/fs/hfs/super.c
+@@ -418,11 +418,13 @@ static int hfs_fill_super(struct super_block *sb, void *data, int silent)
+ goto bail_no_root;
+ res = hfs_cat_find_brec(sb, HFS_ROOT_CNID, &fd);
+ if (!res) {
+- if (fd.entrylength > sizeof(rec) || fd.entrylength < 0) {
++ if (fd.entrylength != sizeof(rec.dir)) {
+ res = -EIO;
+ goto bail_hfs_find;
+ }
+ hfs_bnode_read(fd.bnode, &rec, fd.entryoffset, fd.entrylength);
++ if (rec.type != HFS_CDR_DIR)
++ res = -EIO;
+ }
+ if (res)
+ goto bail_hfs_find;
+--
+2.39.5
+
--- /dev/null
+From 4e3b2335478c5edd3f61de3a93822bf780c6b961 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 8 Jan 2025 20:11:50 -0800
+Subject: iomap: avoid avoid truncating 64-bit offset to 32 bits
+
+From: Marco Nelissen <marco.nelissen@gmail.com>
+
+[ Upstream commit c13094b894de289514d84b8db56d1f2931a0bade ]
+
+on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a
+32-bit position due to folio_next_index() returning an unsigned long.
+This could lead to an infinite loop when writing to an xfs filesystem.
+
+Signed-off-by: Marco Nelissen <marco.nelissen@gmail.com>
+Link: https://lore.kernel.org/r/20250109041253.2494374-1-marco.nelissen@gmail.com
+Reviewed-by: Darrick J. Wong <djwong@kernel.org>
+Reviewed-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/iomap/buffered-io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
+index a05ee2cbb7793..e7e6701806ad2 100644
+--- a/fs/iomap/buffered-io.c
++++ b/fs/iomap/buffered-io.c
+@@ -1095,7 +1095,7 @@ static int iomap_write_delalloc_scan(struct inode *inode,
+ }
+
+ /* move offset to start of next folio in range */
+- start_byte = folio_next_index(folio) << PAGE_SHIFT;
++ start_byte = folio_pos(folio) + folio_size(folio);
+ folio_unlock(folio);
+ folio_put(folio);
+ }
+--
+2.39.5
+
--- /dev/null
+From c8ee34cc063143012ae052660cf3b63e3b8aa648 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Dec 2024 13:50:01 +0000
+Subject: kheaders: Ignore silly-rename files
+
+From: David Howells <dhowells@redhat.com>
+
+[ Upstream commit 973b710b8821c3401ad7a25360c89e94b26884ac ]
+
+Tell tar to ignore silly-rename files (".__afs*" and ".nfs*") when building
+the header archive. These occur when a file that is open is unlinked
+locally, but hasn't yet been closed. Such files are visible to the user
+via the getdents() syscall and so programs may want to do things with them.
+
+During the kernel build, such files may be made during the processing of
+header files and the cleanup may get deferred by fput() which may result in
+tar seeing these files when it reads the directory, but they may have
+disappeared by the time it tries to open them, causing tar to fail with an
+error. Further, we don't want to include them in the tarball if they still
+exist.
+
+With CONFIG_HEADERS_INSTALL=y, something like the following may be seen:
+
+ find: './kernel/.tmp_cpio_dir/include/dt-bindings/reset/.__afs2080': No such file or directory
+ tar: ./include/linux/greybus/.__afs3C95: File removed before we read it
+
+The find warning doesn't seem to cause a problem.
+
+Fix this by telling tar when called from in gen_kheaders.sh to exclude such
+files. This only affects afs and nfs; cifs uses the Windows Hidden
+attribute to prevent the file from being seen.
+
+Signed-off-by: David Howells <dhowells@redhat.com>
+Link: https://lore.kernel.org/r/20241213135013.2964079-2-dhowells@redhat.com
+cc: Masahiro Yamada <masahiroy@kernel.org>
+cc: Marc Dionne <marc.dionne@auristor.com>
+cc: linux-afs@lists.infradead.org
+cc: linux-nfs@vger.kernel.org
+cc: linux-kernel@vger.kernel.org
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/gen_kheaders.sh | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh
+index 383fd43ac6122..7e1340da5acae 100755
+--- a/kernel/gen_kheaders.sh
++++ b/kernel/gen_kheaders.sh
+@@ -89,6 +89,7 @@ find $cpio_dir -type f -print0 |
+
+ # Create archive and try to normalize metadata for reproducibility.
+ tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \
++ --exclude=".__afs*" --exclude=".nfs*" \
+ --owner=0 --group=0 --sort=name --numeric-owner --mode=u=rw,go=r,a+X \
+ -I $XZ -cf $tarfile -C $cpio_dir/ . > /dev/null
+
+--
+2.39.5
+
--- /dev/null
+From 1c3f3d133c33eea695666c412bb4947f763fdc1d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 13 Nov 2024 17:51:29 +0800
+Subject: mac802154: check local interfaces before deleting sdata list
+
+From: Lizhi Xu <lizhi.xu@windriver.com>
+
+[ Upstream commit eb09fbeb48709fe66c0d708aed81e910a577a30a ]
+
+syzkaller reported a corrupted list in ieee802154_if_remove. [1]
+
+Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4
+hardware device from the system.
+
+CPU0 CPU1
+==== ====
+genl_family_rcv_msg_doit ieee802154_unregister_hw
+ieee802154_del_iface ieee802154_remove_interfaces
+rdev_del_virtual_intf_deprecated list_del(&sdata->list)
+ieee802154_if_remove
+list_del_rcu
+
+The net device has been unregistered, since the rcu grace period,
+unregistration must be run before ieee802154_if_remove.
+
+To avoid this issue, add a check for local->interfaces before deleting
+sdata list.
+
+[1]
+kernel BUG at lib/list_debug.c:58!
+Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
+CPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
+RIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56
+Code: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 <0f> 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7
+RSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246
+RAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00
+RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
+RBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d
+R10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000
+R13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0
+FS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ <TASK>
+ __list_del_entry_valid include/linux/list.h:124 [inline]
+ __list_del_entry include/linux/list.h:215 [inline]
+ list_del_rcu include/linux/rculist.h:157 [inline]
+ ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687
+ rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline]
+ ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323
+ genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline]
+ genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]
+ genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210
+ netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551
+ genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219
+ netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
+ netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357
+ netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901
+ sock_sendmsg_nosec net/socket.c:729 [inline]
+ __sock_sendmsg+0x221/0x270 net/socket.c:744
+ ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607
+ ___sys_sendmsg net/socket.c:2661 [inline]
+ __sys_sendmsg+0x292/0x380 net/socket.c:2690
+ do_syscall_x64 arch/x86/entry/common.c:52 [inline]
+ do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+
+Reported-and-tested-by: syzbot+985f827280dc3a6e7e92@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=985f827280dc3a6e7e92
+Signed-off-by: Lizhi Xu <lizhi.xu@windriver.com>
+Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
+Link: https://lore.kernel.org/20241113095129.1457225-1-lizhi.xu@windriver.com
+Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/mac802154/iface.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/net/mac802154/iface.c b/net/mac802154/iface.c
+index c0e2da5072bea..9e4631fade90c 100644
+--- a/net/mac802154/iface.c
++++ b/net/mac802154/iface.c
+@@ -684,6 +684,10 @@ void ieee802154_if_remove(struct ieee802154_sub_if_data *sdata)
+ ASSERT_RTNL();
+
+ mutex_lock(&sdata->local->iflist_mtx);
++ if (list_empty(&sdata->local->interfaces)) {
++ mutex_unlock(&sdata->local->iflist_mtx);
++ return;
++ }
+ list_del_rcu(&sdata->list);
+ mutex_unlock(&sdata->local->iflist_mtx);
+
+--
+2.39.5
+
--- /dev/null
+From a1dbf069d639fb13b3d499d2fdbb661fcb62ebac Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 17 Dec 2024 18:33:25 -0800
+Subject: nvmet: propagate npwg topology
+
+From: Luis Chamberlain <mcgrof@kernel.org>
+
+[ Upstream commit b579d6fdc3a9149bb4d2b3133cc0767130ed13e6 ]
+
+Ensure we propagate npwg to the target as well instead
+of assuming its the same logical blocks per physical block.
+
+This ensures devices with large IUs information properly
+propagated on the target.
+
+Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
+Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/target/io-cmd-bdev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/nvme/target/io-cmd-bdev.c b/drivers/nvme/target/io-cmd-bdev.c
+index 468833675cc94..c0b342cc93db3 100644
+--- a/drivers/nvme/target/io-cmd-bdev.c
++++ b/drivers/nvme/target/io-cmd-bdev.c
+@@ -36,7 +36,7 @@ void nvmet_bdev_set_limits(struct block_device *bdev, struct nvme_id_ns *id)
+ */
+ id->nsfeat |= 1 << 4;
+ /* NPWG = Namespace Preferred Write Granularity. 0's based */
+- id->npwg = lpp0b;
++ id->npwg = to0based(bdev_io_min(bdev) / bdev_logical_block_size(bdev));
+ /* NPWA = Namespace Preferred Write Alignment. 0's based */
+ id->npwa = id->npwg;
+ /* NPDG = Namespace Preferred Deallocate Granularity. 0's based */
+--
+2.39.5
+
--- /dev/null
+From 7f3e31a6f122c22b8ab374541dd596889a119c76 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 7 Jan 2025 17:27:17 +0100
+Subject: poll_wait: add mb() to fix theoretical race between
+ waitqueue_active() and .poll()
+
+From: Oleg Nesterov <oleg@redhat.com>
+
+[ Upstream commit cacd9ae4bf801ff4125d8961bb9a3ba955e51680 ]
+
+As the comment above waitqueue_active() explains, it can only be used
+if both waker and waiter have mb()'s that pair with each other. However
+__pollwait() is broken in this respect.
+
+This is not pipe-specific, but let's look at pipe_poll() for example:
+
+ poll_wait(...); // -> __pollwait() -> add_wait_queue()
+
+ LOAD(pipe->head);
+ LOAD(pipe->head);
+
+In theory these LOAD()'s can leak into the critical section inside
+add_wait_queue() and can happen before list_add(entry, wq_head), in this
+case pipe_poll() can race with wakeup_pipe_readers/writers which do
+
+ smp_mb();
+ if (waitqueue_active(wq_head))
+ wake_up_interruptible(wq_head);
+
+There are more __pollwait()-like functions (grep init_poll_funcptr), and
+it seems that at least ep_ptable_queue_proc() has the same problem, so the
+patch adds smp_mb() into poll_wait().
+
+Link: https://lore.kernel.org/all/20250102163320.GA17691@redhat.com/
+Signed-off-by: Oleg Nesterov <oleg@redhat.com>
+Link: https://lore.kernel.org/r/20250107162717.GA18922@redhat.com
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/poll.h | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/include/linux/poll.h b/include/linux/poll.h
+index d1ea4f3714a84..fc641b50f1298 100644
+--- a/include/linux/poll.h
++++ b/include/linux/poll.h
+@@ -41,8 +41,16 @@ typedef struct poll_table_struct {
+
+ static inline void poll_wait(struct file * filp, wait_queue_head_t * wait_address, poll_table *p)
+ {
+- if (p && p->_qproc && wait_address)
++ if (p && p->_qproc && wait_address) {
+ p->_qproc(filp, wait_address, p);
++ /*
++ * This memory barrier is paired in the wq_has_sleeper().
++ * See the comment above prepare_to_wait(), we need to
++ * ensure that subsequent tests in this thread can't be
++ * reordered with __add_wait_queue() in _qproc() paths.
++ */
++ smp_mb();
++ }
+ }
+
+ /*
+--
+2.39.5
+
--- /dev/null
+From b2ebf58bd86949a50e60f6cb5ae7315ea4c6b2f8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 11 Dec 2024 14:09:30 +0530
+Subject: RDMA/bnxt_re: Fix to export port num to ib_query_qp
+
+From: Hongguang Gao <hongguang.gao@broadcom.com>
+
+[ Upstream commit 34db8ec931b84d1426423f263b1927539e73b397 ]
+
+Current driver implementation doesn't populate the port_num
+field in query_qp. Adding the code to convert internal firmware
+port id to ibv defined port number and export it.
+
+Reviewed-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
+Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com>
+Signed-off-by: Hongguang Gao <hongguang.gao@broadcom.com>
+Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
+Link: https://patch.msgid.link/20241211083931.968831-5-kalesh-anakkur.purayil@broadcom.com
+Signed-off-by: Leon Romanovsky <leon@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/infiniband/hw/bnxt_re/ib_verbs.c | 1 +
+ drivers/infiniband/hw/bnxt_re/ib_verbs.h | 4 ++++
+ drivers/infiniband/hw/bnxt_re/qplib_fp.c | 1 +
+ drivers/infiniband/hw/bnxt_re/qplib_fp.h | 1 +
+ 4 files changed, 7 insertions(+)
+
+diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+index 13c65ec582568..08da793969ee5 100644
+--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c
++++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c
+@@ -2220,6 +2220,7 @@ int bnxt_re_query_qp(struct ib_qp *ib_qp, struct ib_qp_attr *qp_attr,
+ qp_attr->retry_cnt = qplib_qp->retry_cnt;
+ qp_attr->rnr_retry = qplib_qp->rnr_retry;
+ qp_attr->min_rnr_timer = qplib_qp->min_rnr_timer;
++ qp_attr->port_num = __to_ib_port_num(qplib_qp->port_id);
+ qp_attr->rq_psn = qplib_qp->rq.psn;
+ qp_attr->max_rd_atomic = qplib_qp->max_rd_atomic;
+ qp_attr->sq_psn = qplib_qp->sq.psn;
+diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.h b/drivers/infiniband/hw/bnxt_re/ib_verbs.h
+index 98baea98fc176..ef910e6e2ccb7 100644
+--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.h
++++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.h
+@@ -245,6 +245,10 @@ void bnxt_re_dealloc_ucontext(struct ib_ucontext *context);
+ int bnxt_re_mmap(struct ib_ucontext *context, struct vm_area_struct *vma);
+ void bnxt_re_mmap_free(struct rdma_user_mmap_entry *rdma_entry);
+
++static inline u32 __to_ib_port_num(u16 port_id)
++{
++ return (u32)port_id + 1;
++}
+
+ unsigned long bnxt_re_lock_cqs(struct bnxt_re_qp *qp);
+ void bnxt_re_unlock_cqs(struct bnxt_re_qp *qp, unsigned long flags);
+diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.c b/drivers/infiniband/hw/bnxt_re/qplib_fp.c
+index 871a49315c880..c4f10498c79d8 100644
+--- a/drivers/infiniband/hw/bnxt_re/qplib_fp.c
++++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.c
+@@ -1460,6 +1460,7 @@ int bnxt_qplib_query_qp(struct bnxt_qplib_res *res, struct bnxt_qplib_qp *qp)
+ qp->dest_qpn = le32_to_cpu(sb->dest_qp_id);
+ memcpy(qp->smac, sb->src_mac, 6);
+ qp->vlan_id = le16_to_cpu(sb->vlan_pcp_vlan_dei_vlan_id);
++ qp->port_id = le16_to_cpu(sb->port_id);
+ bail:
+ dma_free_coherent(&rcfw->pdev->dev, sbuf.size,
+ sbuf.sb, sbuf.dma_addr);
+diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.h b/drivers/infiniband/hw/bnxt_re/qplib_fp.h
+index b5c53e864fbb3..55fd840359ef2 100644
+--- a/drivers/infiniband/hw/bnxt_re/qplib_fp.h
++++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.h
+@@ -297,6 +297,7 @@ struct bnxt_qplib_qp {
+ u32 dest_qpn;
+ u8 smac[6];
+ u16 vlan_id;
++ u16 port_id;
+ u8 nw_type;
+ struct bnxt_qplib_ah ah;
+
+--
+2.39.5
+
--- /dev/null
+From 287882129f683b861014f3213e7608bbf9d5930f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 19 Dec 2024 22:20:42 +0530
+Subject: scsi: ufs: core: Honor runtime/system PM levels if set by host
+ controller drivers
+
+From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
+
+[ Upstream commit bb9850704c043e48c86cc9df90ee102e8a338229 ]
+
+Otherwise, the default levels will override the levels set by the host
+controller drivers.
+
+Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
+Link: https://lore.kernel.org/r/20241219-ufs-qcom-suspend-fix-v3-2-63c4b95a70b9@linaro.org
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/ufs/core/ufshcd.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
+index 02696c7f9beff..0ac0b6aaf9c62 100644
+--- a/drivers/ufs/core/ufshcd.c
++++ b/drivers/ufs/core/ufshcd.c
+@@ -10483,14 +10483,17 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq)
+ }
+
+ /*
+- * Set the default power management level for runtime and system PM.
++ * Set the default power management level for runtime and system PM if
++ * not set by the host controller drivers.
+ * Default power saving mode is to keep UFS link in Hibern8 state
+ * and UFS device in sleep state.
+ */
+- hba->rpm_lvl = ufs_get_desired_pm_lvl_for_dev_link_state(
++ if (!hba->rpm_lvl)
++ hba->rpm_lvl = ufs_get_desired_pm_lvl_for_dev_link_state(
+ UFS_SLEEP_PWR_MODE,
+ UIC_LINK_HIBERN8_STATE);
+- hba->spm_lvl = ufs_get_desired_pm_lvl_for_dev_link_state(
++ if (!hba->spm_lvl)
++ hba->spm_lvl = ufs_get_desired_pm_lvl_for_dev_link_state(
+ UFS_SLEEP_PWR_MODE,
+ UIC_LINK_HIBERN8_STATE);
+
+--
+2.39.5
+
--- /dev/null
+From 1119038dab774c67387ab055cf3b9664d6ae94e4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 3 Jan 2025 10:24:58 -0800
+Subject: selftests: tc-testing: reduce rshift value
+
+From: Jakub Kicinski <kuba@kernel.org>
+
+[ Upstream commit e95274dfe86490ec2a5633035c24b2de6722841f ]
+
+After previous change rshift >= 32 is no longer allowed.
+Modify the test to use 31, the test doesn't seem to send
+any traffic so the exact value shouldn't matter.
+
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Link: https://patch.msgid.link/20250103182458.1213486-1-kuba@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/tc-testing/tc-tests/filters/flow.json | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/testing/selftests/tc-testing/tc-tests/filters/flow.json b/tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
+index 58189327f6444..383fbda07245c 100644
+--- a/tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
++++ b/tools/testing/selftests/tc-testing/tc-tests/filters/flow.json
+@@ -78,10 +78,10 @@
+ "setup": [
+ "$TC qdisc add dev $DEV1 ingress"
+ ],
+- "cmdUnderTest": "$TC filter add dev $DEV1 parent ffff: handle 1 prio 1 protocol ip flow map key dst rshift 0xff",
++ "cmdUnderTest": "$TC filter add dev $DEV1 parent ffff: handle 1 prio 1 protocol ip flow map key dst rshift 0x1f",
+ "expExitCode": "0",
+ "verifyCmd": "$TC filter get dev $DEV1 parent ffff: handle 1 protocol ip prio 1 flow",
+- "matchPattern": "filter parent ffff: protocol ip pref 1 flow chain [0-9]+ handle 0x1 map keys dst rshift 255 baseclass",
++ "matchPattern": "filter parent ffff: protocol ip pref 1 flow chain [0-9]+ handle 0x1 map keys dst rshift 31 baseclass",
+ "matchCount": "1",
+ "teardown": [
+ "$TC qdisc del dev $DEV1 ingress"
+--
+2.39.5
+
i2c-mux-demux-pinctrl-check-initial-mux-selection-to.patch
i2c-rcar-fix-nack-handling-when-being-a-target.patch
smb-client-fix-double-free-of-tcp_server_info-hostna.patch
+mac802154-check-local-interfaces-before-deleting-sda.patch
+hfs-sanity-check-the-root-record.patch
+fs-fix-missing-declaration-of-init_files.patch
+kheaders-ignore-silly-rename-files.patch
+cachefiles-parse-the-secctx-immediately.patch
+scsi-ufs-core-honor-runtime-system-pm-levels-if-set-.patch
+selftests-tc-testing-reduce-rshift-value.patch
+acpi-resource-acpi_dev_irq_override-check-dmi-match-.patch
+iomap-avoid-avoid-truncating-64-bit-offset-to-32-bit.patch
+poll_wait-add-mb-to-fix-theoretical-race-between-wai.patch
+rdma-bnxt_re-fix-to-export-port-num-to-ib_query_qp.patch
+nvmet-propagate-npwg-topology.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
