--- /dev/null
+From 63394a16086fc2152869d7902621e2525e14bc40 Mon Sep 17 00:00:00 2001
+From: Christian Lachner <gladiac@gmail.com>
+Date: Sat, 29 Jan 2022 12:32:41 +0100
+Subject: ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
+
+From: Christian Lachner <gladiac@gmail.com>
+
+commit 63394a16086fc2152869d7902621e2525e14bc40 upstream.
+
+The initial commit of the new Gigabyte X570 ALC1220 quirks lacked the
+fixup-model entry in alc882_fixup_models[]. It seemed not to cause any ill
+effects but for completeness sake this commit makes up for that.
+
+Signed-off-by: Christian Lachner <gladiac@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20220129113243.93068-2-gladiac@gmail.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -2623,6 +2623,7 @@ static const struct hda_model_fixup alc8
+ {.id = ALC882_FIXUP_NO_PRIMARY_HP, .name = "no-primary-hp"},
+ {.id = ALC887_FIXUP_ASUS_BASS, .name = "asus-bass"},
+ {.id = ALC1220_FIXUP_GB_DUAL_CODECS, .name = "dual-codecs"},
++ {.id = ALC1220_FIXUP_GB_X570, .name = "gb-x570"},
+ {.id = ALC1220_FIXUP_CLEVO_P950, .name = "clevo-p950"},
+ {}
+ };
--- /dev/null
+From 94db9cc8f8fa2d5426ce79ec4ca16028f7084224 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Albert=20Geant=C4=83?= <albertgeanta@gmail.com>
+Date: Mon, 31 Jan 2022 03:05:23 +0200
+Subject: ALSA: hda/realtek: Add quirk for ASUS GU603
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Albert Geantă <albertgeanta@gmail.com>
+
+commit 94db9cc8f8fa2d5426ce79ec4ca16028f7084224 upstream.
+
+The ASUS GU603 (Zephyrus M16 - SSID 1043:16b2) requires a quirk similar to
+other ASUS devices for correctly routing the 4 integrated speakers. This
+fixes it by adding a corresponding quirk entry, which connects the bass
+speakers to the proper DAC.
+
+Signed-off-by: Albert Geantă <albertgeanta@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20220131010523.546386-1-albertgeanta@gmail.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -8180,6 +8180,7 @@ static const struct snd_pci_quirk alc269
+ SND_PCI_QUIRK(0x1043, 0x1e51, "ASUS Zephyrus M15", ALC294_FIXUP_ASUS_GU502_PINS),
+ SND_PCI_QUIRK(0x1043, 0x1e8e, "ASUS Zephyrus G15", ALC289_FIXUP_ASUS_GA401),
+ SND_PCI_QUIRK(0x1043, 0x1f11, "ASUS Zephyrus G14", ALC289_FIXUP_ASUS_GA401),
++ SND_PCI_QUIRK(0x1043, 0x16b2, "ASUS GU603", ALC289_FIXUP_ASUS_GA401),
+ SND_PCI_QUIRK(0x1043, 0x3030, "ASUS ZN270IE", ALC256_FIXUP_ASUS_AIO_GPIO2),
+ SND_PCI_QUIRK(0x1043, 0x831a, "ASUS P901", ALC269_FIXUP_STEREO_DMIC),
+ SND_PCI_QUIRK(0x1043, 0x834a, "ASUS S101", ALC269_FIXUP_STEREO_DMIC),
--- /dev/null
+From ea3541961376f733373839cc90493aafa8a7f733 Mon Sep 17 00:00:00 2001
+From: Christian Lachner <gladiac@gmail.com>
+Date: Sat, 29 Jan 2022 12:32:43 +0100
+Subject: ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
+
+From: Christian Lachner <gladiac@gmail.com>
+
+commit ea3541961376f733373839cc90493aafa8a7f733 upstream.
+
+This commit switches the Gigabyte X570 Aorus Xtreme from using the
+ALC1220_FIXUP_CLEVO_P950 to the ALC1220_FIXUP_GB_X570 quirk. This fixes
+the no-audio after reboot from windows problem.
+
+BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=205275
+Signed-off-by: Christian Lachner <gladiac@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20220129113243.93068-4-gladiac@gmail.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -2549,7 +2549,7 @@ static const struct snd_pci_quirk alc882
+ SND_PCI_QUIRK(0x1458, 0xa002, "Gigabyte EP45-DS3/Z87X-UD3H", ALC889_FIXUP_FRONT_HP_NO_PRESENCE),
+ SND_PCI_QUIRK(0x1458, 0xa0b8, "Gigabyte AZ370-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS),
+ SND_PCI_QUIRK(0x1458, 0xa0cd, "Gigabyte X570 Aorus Master", ALC1220_FIXUP_GB_X570),
+- SND_PCI_QUIRK(0x1458, 0xa0ce, "Gigabyte X570 Aorus Xtreme", ALC1220_FIXUP_CLEVO_P950),
++ SND_PCI_QUIRK(0x1458, 0xa0ce, "Gigabyte X570 Aorus Xtreme", ALC1220_FIXUP_GB_X570),
+ SND_PCI_QUIRK(0x1458, 0xa0d5, "Gigabyte X570S Aorus Master", ALC1220_FIXUP_GB_X570),
+ SND_PCI_QUIRK(0x1462, 0x11f7, "MSI-GE63", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1462, 0x1228, "MSI-GP63", ALC1220_FIXUP_CLEVO_P950),
--- /dev/null
+From 41a8601302ecbe704ac970552c33dc942300fc37 Mon Sep 17 00:00:00 2001
+From: Christian Lachner <gladiac@gmail.com>
+Date: Sat, 29 Jan 2022 12:32:42 +0100
+Subject: ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
+
+From: Christian Lachner <gladiac@gmail.com>
+
+commit 41a8601302ecbe704ac970552c33dc942300fc37 upstream.
+
+Newer versions of the X570 Master come with a newer revision of the
+mainboard chipset - the X570S. These boards have the same ALC1220 codec
+but seem to initialize the codec with a different parameter in Coef 0x7
+which causes the output audio to be very low. We therefore write a
+known-good value to Coef 0x7 to fix that. As the value is the exact same
+as on the other X570(non-S) boards the same quirk-function can be shared
+between both generations.
+
+This commit adds the Gigabyte X570S Aorus Master to the list of boards
+using the ALC1220_FIXUP_GB_X570 quirk. This fixes both, the silent output
+and the no-audio after reboot from windows problems.
+
+This work has been tested by the folks over at the level1techs forum here:
+https://forum.level1techs.com/t/has-anybody-gotten-audio-working-in-linux-on-aorus-x570-master/154072
+
+Signed-off-by: Christian Lachner <gladiac@gmail.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20220129113243.93068-3-gladiac@gmail.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -2122,6 +2122,7 @@ static void alc1220_fixup_gb_x570(struct
+ {
+ static const hda_nid_t conn1[] = { 0x0c };
+ static const struct coef_fw gb_x570_coefs[] = {
++ WRITE_COEF(0x07, 0x03c0),
+ WRITE_COEF(0x1a, 0x01c1),
+ WRITE_COEF(0x1b, 0x0202),
+ WRITE_COEF(0x43, 0x3005),
+@@ -2549,6 +2550,7 @@ static const struct snd_pci_quirk alc882
+ SND_PCI_QUIRK(0x1458, 0xa0b8, "Gigabyte AZ370-Gaming", ALC1220_FIXUP_GB_DUAL_CODECS),
+ SND_PCI_QUIRK(0x1458, 0xa0cd, "Gigabyte X570 Aorus Master", ALC1220_FIXUP_GB_X570),
+ SND_PCI_QUIRK(0x1458, 0xa0ce, "Gigabyte X570 Aorus Xtreme", ALC1220_FIXUP_CLEVO_P950),
++ SND_PCI_QUIRK(0x1458, 0xa0d5, "Gigabyte X570S Aorus Master", ALC1220_FIXUP_GB_X570),
+ SND_PCI_QUIRK(0x1462, 0x11f7, "MSI-GE63", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1462, 0x1228, "MSI-GP63", ALC1220_FIXUP_CLEVO_P950),
+ SND_PCI_QUIRK(0x1462, 0x1229, "MSI-GP73", ALC1220_FIXUP_CLEVO_P950),
--- /dev/null
+From fa10635fca359f047df6a18b3befd2f1e7304e1a Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Mon, 17 Aug 2020 10:21:39 +0200
+Subject: ALSA: usb-audio: Simplify quirk entries with a macro
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit fa10635fca359f047df6a18b3befd2f1e7304e1a upstream.
+
+Introduce a new macro USB_AUDIO_DEVICE() for the entries matching with
+the pid/vid pair and the class/subclass, and remove the open-code.
+
+Link: https://lore.kernel.org/r/20200817082140.20232-3-tiwai@suse.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+[ just add the macro for 5.4.y, no entry changes made - gregkh ]
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/quirks-table.h | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/sound/usb/quirks-table.h
++++ b/sound/usb/quirks-table.h
+@@ -25,6 +25,16 @@
+ .idProduct = prod, \
+ .bInterfaceClass = USB_CLASS_VENDOR_SPEC
+
++/* A standard entry matching with vid/pid and the audio class/subclass */
++#define USB_AUDIO_DEVICE(vend, prod) \
++ .match_flags = USB_DEVICE_ID_MATCH_DEVICE | \
++ USB_DEVICE_ID_MATCH_INT_CLASS | \
++ USB_DEVICE_ID_MATCH_INT_SUBCLASS, \
++ .idVendor = vend, \
++ .idProduct = prod, \
++ .bInterfaceClass = USB_CLASS_AUDIO, \
++ .bInterfaceSubClass = USB_SUBCLASS_AUDIOCONTROL
++
+ /* HP Thunderbolt Dock Audio Headset */
+ {
+ USB_DEVICE(0x03f0, 0x0269),
--- /dev/null
+From 817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0 Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@kernel.org>
+Date: Mon, 24 Jan 2022 15:32:51 +0000
+Subject: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
+
+From: Mark Brown <broonie@kernel.org>
+
+commit 817f7c9335ec01e0f5e8caffc4f1dcd5e458a4c0 upstream.
+
+We don't currently validate that the values being set are within the range
+we advertised to userspace as being valid, do so and reject any values
+that are out of range.
+
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20220124153253.3548853-2-broonie@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/soc-ops.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+--- a/sound/soc/soc-ops.c
++++ b/sound/soc/soc-ops.c
+@@ -322,13 +322,27 @@ int snd_soc_put_volsw(struct snd_kcontro
+ if (sign_bit)
+ mask = BIT(sign_bit + 1) - 1;
+
+- val = ((ucontrol->value.integer.value[0] + min) & mask);
++ val = ucontrol->value.integer.value[0];
++ if (mc->platform_max && val > mc->platform_max)
++ return -EINVAL;
++ if (val > max - min)
++ return -EINVAL;
++ if (val < 0)
++ return -EINVAL;
++ val = (val + min) & mask;
+ if (invert)
+ val = max - val;
+ val_mask = mask << shift;
+ val = val << shift;
+ if (snd_soc_volsw_is_stereo(mc)) {
+- val2 = ((ucontrol->value.integer.value[1] + min) & mask);
++ val2 = ucontrol->value.integer.value[1];
++ if (mc->platform_max && val2 > mc->platform_max)
++ return -EINVAL;
++ if (val2 > max - min)
++ return -EINVAL;
++ if (val2 < 0)
++ return -EINVAL;
++ val2 = (val2 + min) & mask;
+ if (invert)
+ val2 = max - val2;
+ if (reg == reg2) {
--- /dev/null
+From 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@kernel.org>
+Date: Mon, 24 Jan 2022 15:32:52 +0000
+Subject: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
+
+From: Mark Brown <broonie@kernel.org>
+
+commit 4f1e50d6a9cf9c1b8c859d449b5031cacfa8404e upstream.
+
+We don't currently validate that the values being set are within the range
+we advertised to userspace as being valid, do so and reject any values
+that are out of range.
+
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20220124153253.3548853-3-broonie@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/soc-ops.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/sound/soc/soc-ops.c
++++ b/sound/soc/soc-ops.c
+@@ -436,8 +436,15 @@ int snd_soc_put_volsw_sx(struct snd_kcon
+ int err = 0;
+ unsigned int val, val_mask, val2 = 0;
+
++ val = ucontrol->value.integer.value[0];
++ if (mc->platform_max && val > mc->platform_max)
++ return -EINVAL;
++ if (val > max - min)
++ return -EINVAL;
++ if (val < 0)
++ return -EINVAL;
+ val_mask = mask << shift;
+- val = (ucontrol->value.integer.value[0] + min) & mask;
++ val = (val + min) & mask;
+ val = val << shift;
+
+ err = snd_soc_component_update_bits(component, reg, val_mask, val);
--- /dev/null
+From 4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@kernel.org>
+Date: Mon, 24 Jan 2022 15:32:53 +0000
+Subject: ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
+
+From: Mark Brown <broonie@kernel.org>
+
+commit 4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d upstream.
+
+We don't currently validate that the values being set are within the range
+we advertised to userspace as being valid, do so and reject any values
+that are out of range.
+
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20220124153253.3548853-4-broonie@kernel.org
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/soc/soc-ops.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/soc/soc-ops.c
++++ b/sound/soc/soc-ops.c
+@@ -910,6 +910,8 @@ int snd_soc_put_xr_sx(struct snd_kcontro
+ unsigned int i, regval, regmask;
+ int err;
+
++ if (val < mc->min || val > mc->max)
++ return -EINVAL;
+ if (invert)
+ val = max - val;
+ val &= mask;
--- /dev/null
+From f26d04331360d42dbd6b58448bd98e4edbfbe1c5 Mon Sep 17 00:00:00 2001
+From: Paul Moore <paul@paul-moore.com>
+Date: Thu, 13 Jan 2022 18:54:38 -0500
+Subject: audit: improve audit queue handling when "audit=1" on cmdline
+
+From: Paul Moore <paul@paul-moore.com>
+
+commit f26d04331360d42dbd6b58448bd98e4edbfbe1c5 upstream.
+
+When an admin enables audit at early boot via the "audit=1" kernel
+command line the audit queue behavior is slightly different; the
+audit subsystem goes to greater lengths to avoid dropping records,
+which unfortunately can result in problems when the audit daemon is
+forcibly stopped for an extended period of time.
+
+This patch makes a number of changes designed to improve the audit
+queuing behavior so that leaving the audit daemon in a stopped state
+for an extended period does not cause a significant impact to the
+system.
+
+- kauditd_send_queue() is now limited to looping through the
+ passed queue only once per call. This not only prevents the
+ function from looping indefinitely when records are returned
+ to the current queue, it also allows any recovery handling in
+ kauditd_thread() to take place when kauditd_send_queue()
+ returns.
+
+- Transient netlink send errors seen as -EAGAIN now cause the
+ record to be returned to the retry queue instead of going to
+ the hold queue. The intention of the hold queue is to store,
+ perhaps for an extended period of time, the events which led
+ up to the audit daemon going offline. The retry queue remains
+ a temporary queue intended to protect against transient issues
+ between the kernel and the audit daemon.
+
+- The retry queue is now limited by the audit_backlog_limit
+ setting, the same as the other queues. This allows admins
+ to bound the size of all of the audit queues on the system.
+
+- kauditd_rehold_skb() now returns records to the end of the
+ hold queue to ensure ordering is preserved in the face of
+ recent changes to kauditd_send_queue().
+
+Cc: stable@vger.kernel.org
+Fixes: 5b52330bbfe63 ("audit: fix auditd/kernel connection state tracking")
+Fixes: f4b3ee3c85551 ("audit: improve robustness of the audit queue handling")
+Reported-by: Gaosheng Cui <cuigaosheng1@huawei.com>
+Tested-by: Gaosheng Cui <cuigaosheng1@huawei.com>
+Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
+Signed-off-by: Paul Moore <paul@paul-moore.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/audit.c | 62 +++++++++++++++++++++++++++++++++++++++------------------
+ 1 file changed, 43 insertions(+), 19 deletions(-)
+
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -535,20 +535,22 @@ static void kauditd_printk_skb(struct sk
+ /**
+ * kauditd_rehold_skb - Handle a audit record send failure in the hold queue
+ * @skb: audit record
++ * @error: error code (unused)
+ *
+ * Description:
+ * This should only be used by the kauditd_thread when it fails to flush the
+ * hold queue.
+ */
+-static void kauditd_rehold_skb(struct sk_buff *skb)
++static void kauditd_rehold_skb(struct sk_buff *skb, __always_unused int error)
+ {
+- /* put the record back in the queue at the same place */
+- skb_queue_head(&audit_hold_queue, skb);
++ /* put the record back in the queue */
++ skb_queue_tail(&audit_hold_queue, skb);
+ }
+
+ /**
+ * kauditd_hold_skb - Queue an audit record, waiting for auditd
+ * @skb: audit record
++ * @error: error code
+ *
+ * Description:
+ * Queue the audit record, waiting for an instance of auditd. When this
+@@ -558,19 +560,31 @@ static void kauditd_rehold_skb(struct sk
+ * and queue it, if we have room. If we want to hold on to the record, but we
+ * don't have room, record a record lost message.
+ */
+-static void kauditd_hold_skb(struct sk_buff *skb)
++static void kauditd_hold_skb(struct sk_buff *skb, int error)
+ {
+ /* at this point it is uncertain if we will ever send this to auditd so
+ * try to send the message via printk before we go any further */
+ kauditd_printk_skb(skb);
+
+ /* can we just silently drop the message? */
+- if (!audit_default) {
+- kfree_skb(skb);
+- return;
++ if (!audit_default)
++ goto drop;
++
++ /* the hold queue is only for when the daemon goes away completely,
++ * not -EAGAIN failures; if we are in a -EAGAIN state requeue the
++ * record on the retry queue unless it's full, in which case drop it
++ */
++ if (error == -EAGAIN) {
++ if (!audit_backlog_limit ||
++ skb_queue_len(&audit_retry_queue) < audit_backlog_limit) {
++ skb_queue_tail(&audit_retry_queue, skb);
++ return;
++ }
++ audit_log_lost("kauditd retry queue overflow");
++ goto drop;
+ }
+
+- /* if we have room, queue the message */
++ /* if we have room in the hold queue, queue the message */
+ if (!audit_backlog_limit ||
+ skb_queue_len(&audit_hold_queue) < audit_backlog_limit) {
+ skb_queue_tail(&audit_hold_queue, skb);
+@@ -579,24 +593,32 @@ static void kauditd_hold_skb(struct sk_b
+
+ /* we have no other options - drop the message */
+ audit_log_lost("kauditd hold queue overflow");
++drop:
+ kfree_skb(skb);
+ }
+
+ /**
+ * kauditd_retry_skb - Queue an audit record, attempt to send again to auditd
+ * @skb: audit record
++ * @error: error code (unused)
+ *
+ * Description:
+ * Not as serious as kauditd_hold_skb() as we still have a connected auditd,
+ * but for some reason we are having problems sending it audit records so
+ * queue the given record and attempt to resend.
+ */
+-static void kauditd_retry_skb(struct sk_buff *skb)
++static void kauditd_retry_skb(struct sk_buff *skb, __always_unused int error)
+ {
+- /* NOTE: because records should only live in the retry queue for a
+- * short period of time, before either being sent or moved to the hold
+- * queue, we don't currently enforce a limit on this queue */
+- skb_queue_tail(&audit_retry_queue, skb);
++ if (!audit_backlog_limit ||
++ skb_queue_len(&audit_retry_queue) < audit_backlog_limit) {
++ skb_queue_tail(&audit_retry_queue, skb);
++ return;
++ }
++
++ /* we have to drop the record, send it via printk as a last effort */
++ kauditd_printk_skb(skb);
++ audit_log_lost("kauditd retry queue overflow");
++ kfree_skb(skb);
+ }
+
+ /**
+@@ -634,7 +656,7 @@ static void auditd_reset(const struct au
+ /* flush the retry queue to the hold queue, but don't touch the main
+ * queue since we need to process that normally for multicast */
+ while ((skb = skb_dequeue(&audit_retry_queue)))
+- kauditd_hold_skb(skb);
++ kauditd_hold_skb(skb, -ECONNREFUSED);
+ }
+
+ /**
+@@ -708,16 +730,18 @@ static int kauditd_send_queue(struct soc
+ struct sk_buff_head *queue,
+ unsigned int retry_limit,
+ void (*skb_hook)(struct sk_buff *skb),
+- void (*err_hook)(struct sk_buff *skb))
++ void (*err_hook)(struct sk_buff *skb, int error))
+ {
+ int rc = 0;
+- struct sk_buff *skb;
++ struct sk_buff *skb = NULL;
++ struct sk_buff *skb_tail;
+ unsigned int failed = 0;
+
+ /* NOTE: kauditd_thread takes care of all our locking, we just use
+ * the netlink info passed to us (e.g. sk and portid) */
+
+- while ((skb = skb_dequeue(queue))) {
++ skb_tail = skb_peek_tail(queue);
++ while ((skb != skb_tail) && (skb = skb_dequeue(queue))) {
+ /* call the skb_hook for each skb we touch */
+ if (skb_hook)
+ (*skb_hook)(skb);
+@@ -725,7 +749,7 @@ static int kauditd_send_queue(struct soc
+ /* can we send to anyone via unicast? */
+ if (!sk) {
+ if (err_hook)
+- (*err_hook)(skb);
++ (*err_hook)(skb, -ECONNREFUSED);
+ continue;
+ }
+
+@@ -739,7 +763,7 @@ retry:
+ rc == -ECONNREFUSED || rc == -EPERM) {
+ sk = NULL;
+ if (err_hook)
+- (*err_hook)(skb);
++ (*err_hook)(skb, rc);
+ if (rc == -EAGAIN)
+ rc = 0;
+ /* continue to drain the queue */
--- /dev/null
+From b13e0c71856817fca67159b11abac350e41289f5 Mon Sep 17 00:00:00 2001
+From: "Martin K. Petersen" <martin.petersen@oracle.com>
+Date: Thu, 3 Feb 2022 22:42:09 -0500
+Subject: block: bio-integrity: Advance seed correctly for larger interval sizes
+
+From: Martin K. Petersen <martin.petersen@oracle.com>
+
+commit b13e0c71856817fca67159b11abac350e41289f5 upstream.
+
+Commit 309a62fa3a9e ("bio-integrity: bio_integrity_advance must update
+integrity seed") added code to update the integrity seed value when
+advancing a bio. However, it failed to take into account that the
+integrity interval might be larger than the 512-byte block layer
+sector size. This broke bio splitting on PI devices with 4KB logical
+blocks.
+
+The seed value should be advanced by bio_integrity_intervals() and not
+the number of sectors.
+
+Cc: Dmitry Monakhov <dmonakhov@openvz.org>
+Cc: stable@vger.kernel.org
+Fixes: 309a62fa3a9e ("bio-integrity: bio_integrity_advance must update integrity seed")
+Tested-by: Dmitry Ivanov <dmitry.ivanov2@hpe.com>
+Reported-by: Alexey Lyashkov <alexey.lyashkov@hpe.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Link: https://lore.kernel.org/r/20220204034209.4193-1-martin.petersen@oracle.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ block/bio-integrity.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/block/bio-integrity.c
++++ b/block/bio-integrity.c
+@@ -380,7 +380,7 @@ void bio_integrity_advance(struct bio *b
+ struct blk_integrity *bi = blk_get_integrity(bio->bi_disk);
+ unsigned bytes = bio_integrity_bytes(bi, bytes_done >> 9);
+
+- bip->bip_iter.bi_sector += bytes_done >> 9;
++ bip->bip_iter.bi_sector += bio_integrity_intervals(bi, bytes_done >> 9);
+ bvec_iter_advance(bip->bip_vec, &bip->bip_iter, bytes);
+ }
+
--- /dev/null
+From e804861bd4e69cc5fe1053eedcb024982dde8e48 Mon Sep 17 00:00:00 2001
+From: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
+Date: Thu, 20 Jan 2022 20:09:16 +0900
+Subject: btrfs: fix deadlock between quota disable and qgroup rescan worker
+
+From: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
+
+commit e804861bd4e69cc5fe1053eedcb024982dde8e48 upstream.
+
+Quota disable ioctl starts a transaction before waiting for the qgroup
+rescan worker completes. However, this wait can be infinite and results
+in deadlock because of circular dependency among the quota disable
+ioctl, the qgroup rescan worker and the other task with transaction such
+as block group relocation task.
+
+The deadlock happens with the steps following:
+
+1) Task A calls ioctl to disable quota. It starts a transaction and
+ waits for qgroup rescan worker completes.
+2) Task B such as block group relocation task starts a transaction and
+ joins to the transaction that task A started. Then task B commits to
+ the transaction. In this commit, task B waits for a commit by task A.
+3) Task C as the qgroup rescan worker starts its job and starts a
+ transaction. In this transaction start, task C waits for completion
+ of the transaction that task A started and task B committed.
+
+This deadlock was found with fstests test case btrfs/115 and a zoned
+null_blk device. The test case enables and disables quota, and the
+block group reclaim was triggered during the quota disable by chance.
+The deadlock was also observed by running quota enable and disable in
+parallel with 'btrfs balance' command on regular null_blk devices.
+
+An example report of the deadlock:
+
+ [372.469894] INFO: task kworker/u16:6:103 blocked for more than 122 seconds.
+ [372.479944] Not tainted 5.16.0-rc8 #7
+ [372.485067] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
+ [372.493898] task:kworker/u16:6 state:D stack: 0 pid: 103 ppid: 2 flags:0x00004000
+ [372.503285] Workqueue: btrfs-qgroup-rescan btrfs_work_helper [btrfs]
+ [372.510782] Call Trace:
+ [372.514092] <TASK>
+ [372.521684] __schedule+0xb56/0x4850
+ [372.530104] ? io_schedule_timeout+0x190/0x190
+ [372.538842] ? lockdep_hardirqs_on+0x7e/0x100
+ [372.547092] ? _raw_spin_unlock_irqrestore+0x3e/0x60
+ [372.555591] schedule+0xe0/0x270
+ [372.561894] btrfs_commit_transaction+0x18bb/0x2610 [btrfs]
+ [372.570506] ? btrfs_apply_pending_changes+0x50/0x50 [btrfs]
+ [372.578875] ? free_unref_page+0x3f2/0x650
+ [372.585484] ? finish_wait+0x270/0x270
+ [372.591594] ? release_extent_buffer+0x224/0x420 [btrfs]
+ [372.599264] btrfs_qgroup_rescan_worker+0xc13/0x10c0 [btrfs]
+ [372.607157] ? lock_release+0x3a9/0x6d0
+ [372.613054] ? btrfs_qgroup_account_extent+0xda0/0xda0 [btrfs]
+ [372.620960] ? do_raw_spin_lock+0x11e/0x250
+ [372.627137] ? rwlock_bug.part.0+0x90/0x90
+ [372.633215] ? lock_is_held_type+0xe4/0x140
+ [372.639404] btrfs_work_helper+0x1ae/0xa90 [btrfs]
+ [372.646268] process_one_work+0x7e9/0x1320
+ [372.652321] ? lock_release+0x6d0/0x6d0
+ [372.658081] ? pwq_dec_nr_in_flight+0x230/0x230
+ [372.664513] ? rwlock_bug.part.0+0x90/0x90
+ [372.670529] worker_thread+0x59e/0xf90
+ [372.676172] ? process_one_work+0x1320/0x1320
+ [372.682440] kthread+0x3b9/0x490
+ [372.687550] ? _raw_spin_unlock_irq+0x24/0x50
+ [372.693811] ? set_kthread_struct+0x100/0x100
+ [372.700052] ret_from_fork+0x22/0x30
+ [372.705517] </TASK>
+ [372.709747] INFO: task btrfs-transacti:2347 blocked for more than 123 seconds.
+ [372.729827] Not tainted 5.16.0-rc8 #7
+ [372.745907] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
+ [372.767106] task:btrfs-transacti state:D stack: 0 pid: 2347 ppid: 2 flags:0x00004000
+ [372.787776] Call Trace:
+ [372.801652] <TASK>
+ [372.812961] __schedule+0xb56/0x4850
+ [372.830011] ? io_schedule_timeout+0x190/0x190
+ [372.852547] ? lockdep_hardirqs_on+0x7e/0x100
+ [372.871761] ? _raw_spin_unlock_irqrestore+0x3e/0x60
+ [372.886792] schedule+0xe0/0x270
+ [372.901685] wait_current_trans+0x22c/0x310 [btrfs]
+ [372.919743] ? btrfs_put_transaction+0x3d0/0x3d0 [btrfs]
+ [372.938923] ? finish_wait+0x270/0x270
+ [372.959085] ? join_transaction+0xc75/0xe30 [btrfs]
+ [372.977706] start_transaction+0x938/0x10a0 [btrfs]
+ [372.997168] transaction_kthread+0x19d/0x3c0 [btrfs]
+ [373.013021] ? btrfs_cleanup_transaction.isra.0+0xfc0/0xfc0 [btrfs]
+ [373.031678] kthread+0x3b9/0x490
+ [373.047420] ? _raw_spin_unlock_irq+0x24/0x50
+ [373.064645] ? set_kthread_struct+0x100/0x100
+ [373.078571] ret_from_fork+0x22/0x30
+ [373.091197] </TASK>
+ [373.105611] INFO: task btrfs:3145 blocked for more than 123 seconds.
+ [373.114147] Not tainted 5.16.0-rc8 #7
+ [373.120401] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
+ [373.130393] task:btrfs state:D stack: 0 pid: 3145 ppid: 3141 flags:0x00004000
+ [373.140998] Call Trace:
+ [373.145501] <TASK>
+ [373.149654] __schedule+0xb56/0x4850
+ [373.155306] ? io_schedule_timeout+0x190/0x190
+ [373.161965] ? lockdep_hardirqs_on+0x7e/0x100
+ [373.168469] ? _raw_spin_unlock_irqrestore+0x3e/0x60
+ [373.175468] schedule+0xe0/0x270
+ [373.180814] wait_for_commit+0x104/0x150 [btrfs]
+ [373.187643] ? test_and_set_bit+0x20/0x20 [btrfs]
+ [373.194772] ? kmem_cache_free+0x124/0x550
+ [373.201191] ? btrfs_put_transaction+0x69/0x3d0 [btrfs]
+ [373.208738] ? finish_wait+0x270/0x270
+ [373.214704] ? __btrfs_end_transaction+0x347/0x7b0 [btrfs]
+ [373.222342] btrfs_commit_transaction+0x44d/0x2610 [btrfs]
+ [373.230233] ? join_transaction+0x255/0xe30 [btrfs]
+ [373.237334] ? btrfs_record_root_in_trans+0x4d/0x170 [btrfs]
+ [373.245251] ? btrfs_apply_pending_changes+0x50/0x50 [btrfs]
+ [373.253296] relocate_block_group+0x105/0xc20 [btrfs]
+ [373.260533] ? mutex_lock_io_nested+0x1270/0x1270
+ [373.267516] ? btrfs_wait_nocow_writers+0x85/0x180 [btrfs]
+ [373.275155] ? merge_reloc_roots+0x710/0x710 [btrfs]
+ [373.283602] ? btrfs_wait_ordered_extents+0xd30/0xd30 [btrfs]
+ [373.291934] ? kmem_cache_free+0x124/0x550
+ [373.298180] btrfs_relocate_block_group+0x35c/0x930 [btrfs]
+ [373.306047] btrfs_relocate_chunk+0x85/0x210 [btrfs]
+ [373.313229] btrfs_balance+0x12f4/0x2d20 [btrfs]
+ [373.320227] ? lock_release+0x3a9/0x6d0
+ [373.326206] ? btrfs_relocate_chunk+0x210/0x210 [btrfs]
+ [373.333591] ? lock_is_held_type+0xe4/0x140
+ [373.340031] ? rcu_read_lock_sched_held+0x3f/0x70
+ [373.346910] btrfs_ioctl_balance+0x548/0x700 [btrfs]
+ [373.354207] btrfs_ioctl+0x7f2/0x71b0 [btrfs]
+ [373.360774] ? lockdep_hardirqs_on_prepare+0x410/0x410
+ [373.367957] ? lockdep_hardirqs_on_prepare+0x410/0x410
+ [373.375327] ? btrfs_ioctl_get_supported_features+0x20/0x20 [btrfs]
+ [373.383841] ? find_held_lock+0x2c/0x110
+ [373.389993] ? lock_release+0x3a9/0x6d0
+ [373.395828] ? mntput_no_expire+0xf7/0xad0
+ [373.402083] ? lock_is_held_type+0xe4/0x140
+ [373.408249] ? vfs_fileattr_set+0x9f0/0x9f0
+ [373.414486] ? selinux_file_ioctl+0x349/0x4e0
+ [373.420938] ? trace_raw_output_lock+0xb4/0xe0
+ [373.427442] ? selinux_inode_getsecctx+0x80/0x80
+ [373.434224] ? lockdep_hardirqs_on+0x7e/0x100
+ [373.440660] ? force_qs_rnp+0x2a0/0x6b0
+ [373.446534] ? lock_is_held_type+0x9b/0x140
+ [373.452763] ? __blkcg_punt_bio_submit+0x1b0/0x1b0
+ [373.459732] ? security_file_ioctl+0x50/0x90
+ [373.466089] __x64_sys_ioctl+0x127/0x190
+ [373.472022] do_syscall_64+0x3b/0x90
+ [373.477513] entry_SYSCALL_64_after_hwframe+0x44/0xae
+ [373.484823] RIP: 0033:0x7f8f4af7e2bb
+ [373.490493] RSP: 002b:00007ffcbf936178 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
+ [373.500197] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8f4af7e2bb
+ [373.509451] RDX: 00007ffcbf936220 RSI: 00000000c4009420 RDI: 0000000000000003
+ [373.518659] RBP: 00007ffcbf93774a R08: 0000000000000013 R09: 00007f8f4b02d4e0
+ [373.527872] R10: 00007f8f4ae87740 R11: 0000000000000246 R12: 0000000000000001
+ [373.537222] R13: 00007ffcbf936220 R14: 0000000000000000 R15: 0000000000000002
+ [373.546506] </TASK>
+ [373.550878] INFO: task btrfs:3146 blocked for more than 123 seconds.
+ [373.559383] Not tainted 5.16.0-rc8 #7
+ [373.565748] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
+ [373.575748] task:btrfs state:D stack: 0 pid: 3146 ppid: 2168 flags:0x00000000
+ [373.586314] Call Trace:
+ [373.590846] <TASK>
+ [373.595121] __schedule+0xb56/0x4850
+ [373.600901] ? __lock_acquire+0x23db/0x5030
+ [373.607176] ? io_schedule_timeout+0x190/0x190
+ [373.613954] schedule+0xe0/0x270
+ [373.619157] schedule_timeout+0x168/0x220
+ [373.625170] ? usleep_range_state+0x150/0x150
+ [373.631653] ? mark_held_locks+0x9e/0xe0
+ [373.637767] ? do_raw_spin_lock+0x11e/0x250
+ [373.643993] ? lockdep_hardirqs_on_prepare+0x17b/0x410
+ [373.651267] ? _raw_spin_unlock_irq+0x24/0x50
+ [373.657677] ? lockdep_hardirqs_on+0x7e/0x100
+ [373.664103] wait_for_completion+0x163/0x250
+ [373.670437] ? bit_wait_timeout+0x160/0x160
+ [373.676585] btrfs_quota_disable+0x176/0x9a0 [btrfs]
+ [373.683979] ? btrfs_quota_enable+0x12f0/0x12f0 [btrfs]
+ [373.691340] ? down_write+0xd0/0x130
+ [373.696880] ? down_write_killable+0x150/0x150
+ [373.703352] btrfs_ioctl+0x3945/0x71b0 [btrfs]
+ [373.710061] ? find_held_lock+0x2c/0x110
+ [373.716192] ? lock_release+0x3a9/0x6d0
+ [373.722047] ? __handle_mm_fault+0x23cd/0x3050
+ [373.728486] ? btrfs_ioctl_get_supported_features+0x20/0x20 [btrfs]
+ [373.737032] ? set_pte+0x6a/0x90
+ [373.742271] ? do_raw_spin_unlock+0x55/0x1f0
+ [373.748506] ? lock_is_held_type+0xe4/0x140
+ [373.754792] ? vfs_fileattr_set+0x9f0/0x9f0
+ [373.761083] ? selinux_file_ioctl+0x349/0x4e0
+ [373.767521] ? selinux_inode_getsecctx+0x80/0x80
+ [373.774247] ? __up_read+0x182/0x6e0
+ [373.780026] ? count_memcg_events.constprop.0+0x46/0x60
+ [373.787281] ? up_write+0x460/0x460
+ [373.792932] ? security_file_ioctl+0x50/0x90
+ [373.799232] __x64_sys_ioctl+0x127/0x190
+ [373.805237] do_syscall_64+0x3b/0x90
+ [373.810947] entry_SYSCALL_64_after_hwframe+0x44/0xae
+ [373.818102] RIP: 0033:0x7f1383ea02bb
+ [373.823847] RSP: 002b:00007fffeb4d71f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
+ [373.833641] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1383ea02bb
+ [373.842961] RDX: 00007fffeb4d7210 RSI: 00000000c0109428 RDI: 0000000000000003
+ [373.852179] RBP: 0000000000000003 R08: 0000000000000003 R09: 0000000000000078
+ [373.861408] R10: 00007f1383daec78 R11: 0000000000000202 R12: 00007fffeb4d874a
+ [373.870647] R13: 0000000000493099 R14: 0000000000000001 R15: 0000000000000000
+ [373.879838] </TASK>
+ [373.884018]
+ Showing all locks held in the system:
+ [373.894250] 3 locks held by kworker/4:1/58:
+ [373.900356] 1 lock held by khungtaskd/63:
+ [373.906333] #0: ffffffff8945ff60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260
+ [373.917307] 3 locks held by kworker/u16:6/103:
+ [373.923938] #0: ffff888127b4f138 ((wq_completion)btrfs-qgroup-rescan){+.+.}-{0:0}, at: process_one_work+0x712/0x1320
+ [373.936555] #1: ffff88810b817dd8 ((work_completion)(&work->normal_work)){+.+.}-{0:0}, at: process_one_work+0x73f/0x1320
+ [373.951109] #2: ffff888102dd4650 (sb_internal#2){.+.+}-{0:0}, at: btrfs_qgroup_rescan_worker+0x1f6/0x10c0 [btrfs]
+ [373.964027] 2 locks held by less/1803:
+ [373.969982] #0: ffff88813ed56098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
+ [373.981295] #1: ffffc90000b3b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x9e2/0x1060
+ [373.992969] 1 lock held by btrfs-transacti/2347:
+ [373.999893] #0: ffff88813d4887a8 (&fs_info->transaction_kthread_mutex){+.+.}-{3:3}, at: transaction_kthread+0xe3/0x3c0 [btrfs]
+ [374.015872] 3 locks held by btrfs/3145:
+ [374.022298] #0: ffff888102dd4460 (sb_writers#18){.+.+}-{0:0}, at: btrfs_ioctl_balance+0xc3/0x700 [btrfs]
+ [374.034456] #1: ffff88813d48a0a0 (&fs_info->reclaim_bgs_lock){+.+.}-{3:3}, at: btrfs_balance+0xfe5/0x2d20 [btrfs]
+ [374.047646] #2: ffff88813d488838 (&fs_info->cleaner_mutex){+.+.}-{3:3}, at: btrfs_relocate_block_group+0x354/0x930 [btrfs]
+ [374.063295] 4 locks held by btrfs/3146:
+ [374.069647] #0: ffff888102dd4460 (sb_writers#18){.+.+}-{0:0}, at: btrfs_ioctl+0x38b1/0x71b0 [btrfs]
+ [374.081601] #1: ffff88813d488bb8 (&fs_info->subvol_sem){+.+.}-{3:3}, at: btrfs_ioctl+0x38fd/0x71b0 [btrfs]
+ [374.094283] #2: ffff888102dd4650 (sb_internal#2){.+.+}-{0:0}, at: btrfs_quota_disable+0xc8/0x9a0 [btrfs]
+ [374.106885] #3: ffff88813d489800 (&fs_info->qgroup_ioctl_lock){+.+.}-{3:3}, at: btrfs_quota_disable+0xd5/0x9a0 [btrfs]
+
+ [374.126780] =============================================
+
+To avoid the deadlock, wait for the qgroup rescan worker to complete
+before starting the transaction for the quota disable ioctl. Clear
+BTRFS_FS_QUOTA_ENABLE flag before the wait and the transaction to
+request the worker to complete. On transaction start failure, set the
+BTRFS_FS_QUOTA_ENABLE flag again. These BTRFS_FS_QUOTA_ENABLE flag
+changes can be done safely since the function btrfs_quota_disable is not
+called concurrently because of fs_info->subvol_sem.
+
+Also check the BTRFS_FS_QUOTA_ENABLE flag in qgroup_rescan_init to avoid
+another qgroup rescan worker to start after the previous qgroup worker
+completed.
+
+CC: stable@vger.kernel.org # 5.4+
+Suggested-by: Nikolay Borisov <nborisov@suse.com>
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/qgroup.c | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/qgroup.c
++++ b/fs/btrfs/qgroup.c
+@@ -1105,9 +1105,24 @@ int btrfs_quota_disable(struct btrfs_fs_
+ struct btrfs_trans_handle *trans = NULL;
+ int ret = 0;
+
++ /*
++ * We need to have subvol_sem write locked, to prevent races between
++ * concurrent tasks trying to disable quotas, because we will unlock
++ * and relock qgroup_ioctl_lock across BTRFS_FS_QUOTA_ENABLED changes.
++ */
++ lockdep_assert_held_write(&fs_info->subvol_sem);
++
+ mutex_lock(&fs_info->qgroup_ioctl_lock);
+ if (!fs_info->quota_root)
+ goto out;
++
++ /*
++ * Request qgroup rescan worker to complete and wait for it. This wait
++ * must be done before transaction start for quota disable since it may
++ * deadlock with transaction by the qgroup rescan worker.
++ */
++ clear_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags);
++ btrfs_qgroup_wait_for_completion(fs_info, false);
+ mutex_unlock(&fs_info->qgroup_ioctl_lock);
+
+ /*
+@@ -1125,14 +1140,13 @@ int btrfs_quota_disable(struct btrfs_fs_
+ if (IS_ERR(trans)) {
+ ret = PTR_ERR(trans);
+ trans = NULL;
++ set_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags);
+ goto out;
+ }
+
+ if (!fs_info->quota_root)
+ goto out;
+
+- clear_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags);
+- btrfs_qgroup_wait_for_completion(fs_info, false);
+ spin_lock(&fs_info->qgroup_lock);
+ quota_root = fs_info->quota_root;
+ fs_info->quota_root = NULL;
+@@ -3304,6 +3318,9 @@ qgroup_rescan_init(struct btrfs_fs_info
+ btrfs_warn(fs_info,
+ "qgroup rescan init failed, qgroup is not enabled");
+ ret = -EINVAL;
++ } else if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags)) {
++ /* Quota disable is in progress */
++ ret = -EBUSY;
+ }
+
+ if (ret) {
--- /dev/null
+From 1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a Mon Sep 17 00:00:00 2001
+From: Nick Lopez <github@glowingmonkey.org>
+Date: Sat, 22 Jan 2022 01:19:06 -0700
+Subject: drm/nouveau: fix off by one in BIOS boundary checking
+
+From: Nick Lopez <github@glowingmonkey.org>
+
+commit 1b777d4d9e383d2744fc9b3a09af6ec1893c8b1a upstream.
+
+Bounds checking when parsing init scripts embedded in the BIOS reject
+access to the last byte. This causes driver initialization to fail on
+Apple eMac's with GeForce 2 MX GPUs, leaving the system with no working
+console.
+
+This is probably only seen on OpenFirmware machines like PowerPC Macs
+because the BIOS image provided by OF is only the used parts of the ROM,
+not a power-of-two blocks read from PCI directly so PCs always have
+empty bytes at the end that are never accessed.
+
+Signed-off-by: Nick Lopez <github@glowingmonkey.org>
+Fixes: 4d4e9907ff572 ("drm/nouveau/bios: guard against out-of-bounds accesses to image")
+Cc: <stable@vger.kernel.org> # v4.10+
+Reviewed-by: Ilia Mirkin <imirkin@alum.mit.edu>
+Reviewed-by: Karol Herbst <kherbst@redhat.com>
+Signed-off-by: Karol Herbst <kherbst@redhat.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20220122081906.2633061-1-github@glowingmonkey.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c
++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c
+@@ -38,7 +38,7 @@ nvbios_addr(struct nvkm_bios *bios, u32
+ *addr += bios->imaged_addr;
+ }
+
+- if (unlikely(*addr + size >= bios->size)) {
++ if (unlikely(*addr + size > bios->size)) {
+ nvkm_error(&bios->subdev, "OOB %d %08x %08x\n", size, p, *addr);
+ return false;
+ }
--- /dev/null
+From c10a0f877fe007021d70f9cada240f42adc2b5db Mon Sep 17 00:00:00 2001
+From: Lang Yu <lang.yu@amd.com>
+Date: Thu, 3 Feb 2022 20:49:37 -0800
+Subject: mm/kmemleak: avoid scanning potential huge holes
+
+From: Lang Yu <lang.yu@amd.com>
+
+commit c10a0f877fe007021d70f9cada240f42adc2b5db upstream.
+
+When using devm_request_free_mem_region() and devm_memremap_pages() to
+add ZONE_DEVICE memory, if requested free mem region's end pfn were
+huge(e.g., 0x400000000), the node_end_pfn() will be also huge (see
+move_pfn_range_to_zone()). Thus it creates a huge hole between
+node_start_pfn() and node_end_pfn().
+
+We found on some AMD APUs, amdkfd requested such a free mem region and
+created a huge hole. In such a case, following code snippet was just
+doing busy test_bit() looping on the huge hole.
+
+ for (pfn = start_pfn; pfn < end_pfn; pfn++) {
+ struct page *page = pfn_to_online_page(pfn);
+ if (!page)
+ continue;
+ ...
+ }
+
+So we got a soft lockup:
+
+ watchdog: BUG: soft lockup - CPU#6 stuck for 26s! [bash:1221]
+ CPU: 6 PID: 1221 Comm: bash Not tainted 5.15.0-custom #1
+ RIP: 0010:pfn_to_online_page+0x5/0xd0
+ Call Trace:
+ ? kmemleak_scan+0x16a/0x440
+ kmemleak_write+0x306/0x3a0
+ ? common_file_perm+0x72/0x170
+ full_proxy_write+0x5c/0x90
+ vfs_write+0xb9/0x260
+ ksys_write+0x67/0xe0
+ __x64_sys_write+0x1a/0x20
+ do_syscall_64+0x3b/0xc0
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+I did some tests with the patch.
+
+(1) amdgpu module unloaded
+
+before the patch:
+
+ real 0m0.976s
+ user 0m0.000s
+ sys 0m0.968s
+
+after the patch:
+
+ real 0m0.981s
+ user 0m0.000s
+ sys 0m0.973s
+
+(2) amdgpu module loaded
+
+before the patch:
+
+ real 0m35.365s
+ user 0m0.000s
+ sys 0m35.354s
+
+after the patch:
+
+ real 0m1.049s
+ user 0m0.000s
+ sys 0m1.042s
+
+Link: https://lkml.kernel.org/r/20211108140029.721144-1-lang.yu@amd.com
+Signed-off-by: Lang Yu <lang.yu@amd.com>
+Acked-by: David Hildenbrand <david@redhat.com>
+Acked-by: Catalin Marinas <catalin.marinas@arm.com>
+Cc: Oscar Salvador <osalvador@suse.de>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/kmemleak.c | 13 +++++++------
+ 1 file changed, 7 insertions(+), 6 deletions(-)
+
+--- a/mm/kmemleak.c
++++ b/mm/kmemleak.c
+@@ -1399,7 +1399,8 @@ static void kmemleak_scan(void)
+ {
+ unsigned long flags;
+ struct kmemleak_object *object;
+- int i;
++ struct zone *zone;
++ int __maybe_unused i;
+ int new_leaks = 0;
+
+ jiffies_last_scan = jiffies;
+@@ -1439,9 +1440,9 @@ static void kmemleak_scan(void)
+ * Struct page scanning for each node.
+ */
+ get_online_mems();
+- for_each_online_node(i) {
+- unsigned long start_pfn = node_start_pfn(i);
+- unsigned long end_pfn = node_end_pfn(i);
++ for_each_populated_zone(zone) {
++ unsigned long start_pfn = zone->zone_start_pfn;
++ unsigned long end_pfn = zone_end_pfn(zone);
+ unsigned long pfn;
+
+ for (pfn = start_pfn; pfn < end_pfn; pfn++) {
+@@ -1450,8 +1451,8 @@ static void kmemleak_scan(void)
+ if (!page)
+ continue;
+
+- /* only scan pages belonging to this node */
+- if (page_to_nid(page) != i)
++ /* only scan pages belonging to this zone */
++ if (page_zone(page) != zone)
+ continue;
+ /* only scan if page is in use */
+ if (page_count(page) == 0)
+audit-improve-audit-queue-handling-when-audit-1-on-cmdline.patch
+asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw.patch
+asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw_sx.patch
+asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_xr_sx.patch
+alsa-usb-audio-simplify-quirk-entries-with-a-macro.patch
+alsa-hda-realtek-add-quirk-for-asus-gu603.patch
+alsa-hda-realtek-add-missing-fixup-model-entry-for-gigabyte-x570-alc1220-quirks.patch
+alsa-hda-realtek-fix-silent-output-on-gigabyte-x570s-aorus-master-newer-chipset.patch
+alsa-hda-realtek-fix-silent-output-on-gigabyte-x570-aorus-xtreme-after-reboot-from-windows.patch
+btrfs-fix-deadlock-between-quota-disable-and-qgroup-rescan-worker.patch
+drm-nouveau-fix-off-by-one-in-bios-boundary-checking.patch
+mm-kmemleak-avoid-scanning-potential-huge-holes.patch
+block-bio-integrity-advance-seed-correctly-for-larger-interval-sizes.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
