--- /dev/null
+From a7de2b873f3dbcda02d504536f1ec6dc50e3f6c4 Mon Sep 17 00:00:00 2001
+From: Marie Ramlow <me@nycode.dev>
+Date: Sat, 30 Nov 2024 17:52:40 +0100
+Subject: ALSA: usb-audio: add mixer mapping for Corsair HS80
+
+From: Marie Ramlow <me@nycode.dev>
+
+commit a7de2b873f3dbcda02d504536f1ec6dc50e3f6c4 upstream.
+
+The Corsair HS80 RGB Wireless is a USB headset with a mic and a sidetone
+feature. It has the same quirk as the Virtuoso series.
+This labels the mixers appropriately, so applications don't
+move the sidetone volume when they actually intend to move the main
+headset volume.
+
+Signed-off-by: Marie Ramlow <me@nycode.dev>
+cc: <stable@vger.kernel.org>
+Link: https://patch.msgid.link/20241130165240.17838-1-me@nycode.dev
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/usb/mixer_maps.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/sound/usb/mixer_maps.c
++++ b/sound/usb/mixer_maps.c
+@@ -528,6 +528,16 @@ static const struct usbmix_ctl_map usbmi
+ .id = USB_ID(0x05a7, 0x1020),
+ .map = bose_companion5_map,
+ },
++ {
++ /* Corsair HS80 RGB Wireless (wired mode) */
++ .id = USB_ID(0x1b1c, 0x0a6a),
++ .map = corsair_virtuoso_map,
++ },
++ {
++ /* Corsair HS80 RGB Wireless (wireless mode) */
++ .id = USB_ID(0x1b1c, 0x0a6b),
++ .map = corsair_virtuoso_map,
++ },
+ { /* Gigabyte TRX40 Aorus Master (rear panel + front mic) */
+ .id = USB_ID(0x0414, 0xa001),
+ .map = aorus_master_alc1220vb_map,
--- /dev/null
+From b2e382ae12a63560fca35050498e19e760adf8c0 Mon Sep 17 00:00:00 2001
+From: Liequan Che <cheliequan@inspur.com>
+Date: Mon, 2 Dec 2024 19:56:38 +0800
+Subject: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
+
+From: Liequan Che <cheliequan@inspur.com>
+
+commit b2e382ae12a63560fca35050498e19e760adf8c0 upstream.
+
+Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in
+node allocations") leads a NULL pointer deference in cache_set_flush().
+
+1721 if (!IS_ERR_OR_NULL(c->root))
+1722 list_add(&c->root->list, &c->btree_cache);
+
+>From the above code in cache_set_flush(), if previous registration code
+fails before allocating c->root, it is possible c->root is NULL as what
+it is initialized. __bch_btree_node_alloc() never returns NULL but
+c->root is possible to be NULL at above line 1721.
+
+This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this.
+
+Fixes: 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations")
+Signed-off-by: Liequan Che <cheliequan@inspur.com>
+Cc: stable@vger.kernel.org
+Cc: Zheng Wang <zyytlz.wz@163.com>
+Reviewed-by: Mingzhe Zou <mingzhe.zou@easystack.cn>
+Signed-off-by: Coly Li <colyli@suse.de>
+Link: https://lore.kernel.org/r/20241202115638.28957-1-colyli@suse.de
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/bcache/super.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/md/bcache/super.c
++++ b/drivers/md/bcache/super.c
+@@ -1635,7 +1635,7 @@ static void cache_set_flush(struct closu
+ if (!IS_ERR_OR_NULL(c->gc_thread))
+ kthread_stop(c->gc_thread);
+
+- if (!IS_ERR(c->root))
++ if (!IS_ERR_OR_NULL(c->root))
+ list_add(&c->root->list, &c->btree_cache);
+
+ /*
--- /dev/null
+From 985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Date: Wed, 20 Nov 2024 02:23:37 +0900
+Subject: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+commit 985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d upstream.
+
+Syzbot reported that when searching for records in a directory where the
+inode's i_size is corrupted and has a large value, memory access outside
+the folio/page range may occur, or a use-after-free bug may be detected if
+KASAN is enabled.
+
+This is because nilfs_last_byte(), which is called by nilfs_find_entry()
+and others to calculate the number of valid bytes of directory data in a
+page from i_size and the page index, loses the upper 32 bits of the 64-bit
+size information due to an inappropriate type of local variable to which
+the i_size value is assigned.
+
+This caused a large byte offset value due to underflow in the end address
+calculation in the calling nilfs_find_entry(), resulting in memory access
+that exceeds the folio/page size.
+
+Fix this issue by changing the type of the local variable causing the bit
+loss from "unsigned int" to "u64". The return value of nilfs_last_byte()
+is also of type "unsigned int", but it is truncated so as not to exceed
+PAGE_SIZE and no bit loss occurs, so no change is required.
+
+Link: https://lkml.kernel.org/r/20241119172403.9292-1-konishi.ryusuke@gmail.com
+Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations")
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Reported-by: syzbot+96d5d14c47d97015c624@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=96d5d14c47d97015c624
+Tested-by: syzbot+96d5d14c47d97015c624@syzkaller.appspotmail.com
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nilfs2/dir.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/nilfs2/dir.c
++++ b/fs/nilfs2/dir.c
+@@ -76,7 +76,7 @@ static inline void nilfs_put_page(struct
+ */
+ static unsigned int nilfs_last_byte(struct inode *inode, unsigned long page_nr)
+ {
+- unsigned int last_byte = inode->i_size;
++ u64 last_byte = inode->i_size;
+
+ last_byte -= page_nr << PAGE_SHIFT;
+ if (last_byte > PAGE_SIZE)
--- /dev/null
+From 4812b7796c144f63a1094f79a5eb8fbdad8d7ebc Mon Sep 17 00:00:00 2001
+From: Quinn Tran <qutran@marvell.com>
+Date: Fri, 15 Nov 2024 18:33:11 +0530
+Subject: scsi: qla2xxx: Fix NVMe and NPIV connect issue
+
+From: Quinn Tran <qutran@marvell.com>
+
+commit 4812b7796c144f63a1094f79a5eb8fbdad8d7ebc upstream.
+
+NVMe controller fails to send connect command due to failure to locate
+hw context buffer for NVMe queue 0 (blk_mq_hw_ctx, hctx_idx=0). The
+cause of the issue is NPIV host did not initialize the vha->irq_offset
+field. This field is given to blk-mq (blk_mq_pci_map_queues) to help
+locate the beginning of IO Queues which in turn help locate NVMe queue
+0.
+
+Initialize this field to allow NVMe to work properly with NPIV host.
+
+ kernel: nvme nvme5: Connect command failed, errno: -18
+ kernel: nvme nvme5: qid 0: secure concatenation is not supported
+ kernel: nvme nvme5: NVME-FC{5}: create_assoc failed, assoc_id 2e9100 ret 401
+ kernel: nvme nvme5: NVME-FC{5}: reset: Reconnect attempt failed (401)
+ kernel: nvme nvme5: NVME-FC{5}: Reconnect attempt in 2 seconds
+
+Cc: stable@vger.kernel.org
+Fixes: f0783d43dde4 ("scsi: qla2xxx: Use correct number of vectors for online CPUs")
+Signed-off-by: Quinn Tran <qutran@marvell.com>
+Signed-off-by: Nilesh Javali <njavali@marvell.com>
+Link: https://lore.kernel.org/r/20241115130313.46826-6-njavali@marvell.com
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_mid.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/scsi/qla2xxx/qla_mid.c
++++ b/drivers/scsi/qla2xxx/qla_mid.c
+@@ -492,6 +492,7 @@ qla24xx_create_vhost(struct fc_vport *fc
+ return(NULL);
+ }
+
++ vha->irq_offset = QLA_BASE_VECTORS;
+ host = vha->host;
+ fc_vport->dd_data = vha;
+ /* New host info */
--- /dev/null
+From 833c70e212fc40d3e98da941796f4c7bcaecdf58 Mon Sep 17 00:00:00 2001
+From: Saurav Kashyap <skashyap@marvell.com>
+Date: Fri, 15 Nov 2024 18:33:10 +0530
+Subject: scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt
+
+From: Saurav Kashyap <skashyap@marvell.com>
+
+commit 833c70e212fc40d3e98da941796f4c7bcaecdf58 upstream.
+
+Firmware supports multiple sg_cnt for request and response for CT
+commands, so remove the redundant check. A check is there where sg_cnt
+for request and response should be same. This is not required as driver
+and FW have code to handle multiple and different sg_cnt on request and
+response.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
+Signed-off-by: Nilesh Javali <njavali@marvell.com>
+Link: https://lore.kernel.org/r/20241115130313.46826-5-njavali@marvell.com
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_bsg.c | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+--- a/drivers/scsi/qla2xxx/qla_bsg.c
++++ b/drivers/scsi/qla2xxx/qla_bsg.c
+@@ -462,16 +462,6 @@ qla2x00_process_ct(struct bsg_job *bsg_j
+ goto done;
+ }
+
+- if ((req_sg_cnt != bsg_job->request_payload.sg_cnt) ||
+- (rsp_sg_cnt != bsg_job->reply_payload.sg_cnt)) {
+- ql_log(ql_log_warn, vha, 0x7011,
+- "request_sg_cnt: %x dma_request_sg_cnt: %x reply_sg_cnt:%x "
+- "dma_reply_sg_cnt: %x\n", bsg_job->request_payload.sg_cnt,
+- req_sg_cnt, bsg_job->reply_payload.sg_cnt, rsp_sg_cnt);
+- rval = -EAGAIN;
+- goto done_unmap_sg;
+- }
+-
+ if (!vha->flags.online) {
+ ql_log(ql_log_warn, vha, 0x7012,
+ "Host is not online.\n");
--- /dev/null
+From e4e268f898c8a08f0a1188677e15eadbc06e98f6 Mon Sep 17 00:00:00 2001
+From: Anil Gurumurthy <agurumurthy@marvell.com>
+Date: Fri, 15 Nov 2024 18:33:12 +0530
+Subject: scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
+
+From: Anil Gurumurthy <agurumurthy@marvell.com>
+
+commit e4e268f898c8a08f0a1188677e15eadbc06e98f6 upstream.
+
+The fc_function_template for vports was missing the
+.show_host_supported_speeds. The base port had the same.
+
+Add .show_host_supported_speeds to the vport template as well.
+
+Cc: stable@vger.kernel.org
+Fixes: 2c3dfe3f6ad8 ("[SCSI] qla2xxx: add support for NPIV")
+Signed-off-by: Anil Gurumurthy <agurumurthy@marvell.com>
+Signed-off-by: Nilesh Javali <njavali@marvell.com>
+Link: https://lore.kernel.org/r/20241115130313.46826-7-njavali@marvell.com
+Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/qla2xxx/qla_attr.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/scsi/qla2xxx/qla_attr.c
++++ b/drivers/scsi/qla2xxx/qla_attr.c
+@@ -3070,6 +3070,7 @@ struct fc_function_template qla2xxx_tran
+ .show_host_node_name = 1,
+ .show_host_port_name = 1,
+ .show_host_supported_classes = 1,
++ .show_host_supported_speeds = 1,
+
+ .get_host_port_id = qla2x00_get_host_port_id,
+ .show_host_port_id = 1,
bpf-handle-bpf_exist-and-bpf_noexist-for-lpm-trie.patch
bpf-fix-exact-match-conditions-in-trie_get_next_key.patch
hid-wacom-fix-when-get-product-name-maybe-null-pointer.patch
+tracing-fix-cmp_entries_dup-to-respect-sort-comparison-rules.patch
+alsa-usb-audio-add-mixer-mapping-for-corsair-hs80.patch
+scsi-qla2xxx-fix-nvme-and-npiv-connect-issue.patch
+scsi-qla2xxx-supported-speed-displayed-incorrectly-for-vports.patch
+scsi-qla2xxx-remove-check-req_sg_cnt-should-be-equal-to-rsp_sg_cnt.patch
+nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry.patch
+bcache-revert-replacing-is_err_or_null-with-is_err-again.patch
--- /dev/null
+From e63fbd5f6810ed756bbb8a1549c7d4132968baa9 Mon Sep 17 00:00:00 2001
+From: Kuan-Wei Chiu <visitorckw@gmail.com>
+Date: Wed, 4 Dec 2024 04:22:28 +0800
+Subject: tracing: Fix cmp_entries_dup() to respect sort() comparison rules
+
+From: Kuan-Wei Chiu <visitorckw@gmail.com>
+
+commit e63fbd5f6810ed756bbb8a1549c7d4132968baa9 upstream.
+
+The cmp_entries_dup() function used as the comparator for sort()
+violated the symmetry and transitivity properties required by the
+sorting algorithm. Specifically, it returned 1 whenever memcmp() was
+non-zero, which broke the following expectations:
+
+* Symmetry: If x < y, then y > x.
+* Transitivity: If x < y and y < z, then x < z.
+
+These violations could lead to incorrect sorting and failure to
+correctly identify duplicate elements.
+
+Fix the issue by directly returning the result of memcmp(), which
+adheres to the required comparison properties.
+
+Cc: stable@vger.kernel.org
+Fixes: 08d43a5fa063 ("tracing: Add lock-free tracing_map")
+Link: https://lore.kernel.org/20241203202228.1274403-1-visitorckw@gmail.com
+Signed-off-by: Kuan-Wei Chiu <visitorckw@gmail.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/tracing_map.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/kernel/trace/tracing_map.c
++++ b/kernel/trace/tracing_map.c
+@@ -845,15 +845,11 @@ int tracing_map_init(struct tracing_map
+ static int cmp_entries_dup(const void *A, const void *B)
+ {
+ const struct tracing_map_sort_entry *a, *b;
+- int ret = 0;
+
+ a = *(const struct tracing_map_sort_entry **)A;
+ b = *(const struct tracing_map_sort_entry **)B;
+
+- if (memcmp(a->key, b->key, a->elt->map->key_size))
+- ret = 1;
+-
+- return ret;
++ return memcmp(a->key, b->key, a->elt->map->key_size);
+ }
+
+ static int cmp_entries_sum(const void *A, const void *B)
projects / thirdparty / kernel / stable-queue.git / commitdiff
