--- /dev/null
+From 47f33c27fc9565fb0bc7dfb76be08d445cd3d236 Mon Sep 17 00:00:00 2001
+From: Mikulas Patocka <mpatocka@redhat.com>
+Date: Tue, 7 Jan 2025 17:47:01 +0100
+Subject: dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
+
+From: Mikulas Patocka <mpatocka@redhat.com>
+
+commit 47f33c27fc9565fb0bc7dfb76be08d445cd3d236 upstream.
+
+dm-ebs uses dm-bufio to process requests that are not aligned on logical
+sector size. dm-bufio doesn't support passing integrity data (and it is
+unclear how should it do it), so we shouldn't set the
+DM_TARGET_PASSES_INTEGRITY flag.
+
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Cc: stable@vger.kernel.org
+Fixes: d3c7b35c20d6 ("dm: add emulated block size target")
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-ebs-target.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/md/dm-ebs-target.c
++++ b/drivers/md/dm-ebs-target.c
+@@ -442,7 +442,7 @@ static int ebs_iterate_devices(struct dm
+ static struct target_type ebs_target = {
+ .name = "ebs",
+ .version = {1, 0, 1},
+- .features = DM_TARGET_PASSES_INTEGRITY,
++ .features = 0,
+ .module = THIS_MODULE,
+ .ctr = ebs_ctr,
+ .dtr = ebs_dtr,
--- /dev/null
+From 80f130bfad1dab93b95683fc39b87235682b8f72 Mon Sep 17 00:00:00 2001
+From: Krister Johansen <kjlx@templeofstupid.com>
+Date: Tue, 7 Jan 2025 15:24:58 -0800
+Subject: dm thin: make get_first_thin use rcu-safe list first function
+
+From: Krister Johansen <kjlx@templeofstupid.com>
+
+commit 80f130bfad1dab93b95683fc39b87235682b8f72 upstream.
+
+The documentation in rculist.h explains the absence of list_empty_rcu()
+and cautions programmers against relying on a list_empty() ->
+list_first() sequence in RCU safe code. This is because each of these
+functions performs its own READ_ONCE() of the list head. This can lead
+to a situation where the list_empty() sees a valid list entry, but the
+subsequent list_first() sees a different view of list head state after a
+modification.
+
+In the case of dm-thin, this author had a production box crash from a GP
+fault in the process_deferred_bios path. This function saw a valid list
+head in get_first_thin() but when it subsequently dereferenced that and
+turned it into a thin_c, it got the inside of the struct pool, since the
+list was now empty and referring to itself. The kernel on which this
+occurred printed both a warning about a refcount_t being saturated, and
+a UBSAN error for an out-of-bounds cpuid access in the queued spinlock,
+prior to the fault itself. When the resulting kdump was examined, it
+was possible to see another thread patiently waiting in thin_dtr's
+synchronize_rcu.
+
+The thin_dtr call managed to pull the thin_c out of the active thins
+list (and have it be the last entry in the active_thins list) at just
+the wrong moment which lead to this crash.
+
+Fortunately, the fix here is straight forward. Switch get_first_thin()
+function to use list_first_or_null_rcu() which performs just a single
+READ_ONCE() and returns NULL if the list is already empty.
+
+This was run against the devicemapper test suite's thin-provisioning
+suites for delete and suspend and no regressions were observed.
+
+Signed-off-by: Krister Johansen <kjlx@templeofstupid.com>
+Fixes: b10ebd34ccca ("dm thin: fix rcu_read_lock being held in code that can sleep")
+Cc: stable@vger.kernel.org
+Acked-by: Ming-Hung Tsai <mtsai@redhat.com>
+Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-thin.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/md/dm-thin.c
++++ b/drivers/md/dm-thin.c
+@@ -2334,10 +2334,9 @@ static struct thin_c *get_first_thin(str
+ struct thin_c *tc = NULL;
+
+ rcu_read_lock();
+- if (!list_empty(&pool->active_thins)) {
+- tc = list_entry_rcu(pool->active_thins.next, struct thin_c, list);
++ tc = list_first_or_null_rcu(&pool->active_thins, struct thin_c, list);
++ if (tc)
+ thin_get(tc);
+- }
+ rcu_read_unlock();
+
+ return tc;
--- /dev/null
+From 0881fbc4fd62e00a2b8e102725f76d10351b2ea8 Mon Sep 17 00:00:00 2001
+From: Roman Li <Roman.Li@amd.com>
+Date: Fri, 13 Dec 2024 13:51:07 -0500
+Subject: drm/amd/display: Add check for granularity in dml ceil/floor helpers
+
+From: Roman Li <Roman.Li@amd.com>
+
+commit 0881fbc4fd62e00a2b8e102725f76d10351b2ea8 upstream.
+
+[Why]
+Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2()
+should check for granularity is non zero to avoid assert and
+divide-by-zero error in dcn_bw_ functions.
+
+[How]
+Add check for granularity 0.
+
+Cc: Mario Limonciello <mario.limonciello@amd.com>
+Reviewed-by: Alvin Lee <alvin.lee2@amd.com>
+Signed-off-by: Roman Li <Roman.Li@amd.com>
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+(cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec)
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/dc/dml/dml_inline_defs.h | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/drivers/gpu/drm/amd/display/dc/dml/dml_inline_defs.h
++++ b/drivers/gpu/drm/amd/display/dc/dml/dml_inline_defs.h
+@@ -66,11 +66,15 @@ static inline double dml_max5(double a,
+
+ static inline double dml_ceil(double a, double granularity)
+ {
++ if (granularity == 0)
++ return 0;
+ return (double) dcn_bw_ceil2(a, granularity);
+ }
+
+ static inline double dml_floor(double a, double granularity)
+ {
++ if (granularity == 0)
++ return 0;
+ return (double) dcn_bw_floor2(a, granularity);
+ }
+
+@@ -114,11 +118,15 @@ static inline double dml_ceil_2(double f
+
+ static inline double dml_ceil_ex(double x, double granularity)
+ {
++ if (granularity == 0)
++ return 0;
+ return (double) dcn_bw_ceil2(x, granularity);
+ }
+
+ static inline double dml_floor_ex(double x, double granularity)
+ {
++ if (granularity == 0)
++ return 0;
+ return (double) dcn_bw_floor2(x, granularity);
+ }
+
--- /dev/null
+From e8580b4c600e085b3c8e6404392de2f822d4c132 Mon Sep 17 00:00:00 2001
+From: Namjae Jeon <linkinjeon@kernel.org>
+Date: Tue, 7 Jan 2025 17:41:21 +0900
+Subject: ksmbd: Implement new SMB3 POSIX type
+
+From: Namjae Jeon <linkinjeon@kernel.org>
+
+commit e8580b4c600e085b3c8e6404392de2f822d4c132 upstream.
+
+As SMB3 posix extension specification, Give posix file type to posix
+mode.
+
+https://www.samba.org/~slow/SMB3_POSIX/fscc_posix_extensions.html#posix-file-type-definition
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/smb/server/smb2pdu.c | 40 ++++++++++++++++++++++++++++++++++++++++
+ fs/smb/server/smb2pdu.h | 10 ++++++++++
+ 2 files changed, 50 insertions(+)
+
+--- a/fs/smb/server/smb2pdu.c
++++ b/fs/smb/server/smb2pdu.c
+@@ -3989,6 +3989,26 @@ static int smb2_populate_readdir_entry(s
+ posix_info->DeviceId = cpu_to_le32(ksmbd_kstat->kstat->rdev);
+ posix_info->HardLinks = cpu_to_le32(ksmbd_kstat->kstat->nlink);
+ posix_info->Mode = cpu_to_le32(ksmbd_kstat->kstat->mode & 0777);
++ switch (ksmbd_kstat->kstat->mode & S_IFMT) {
++ case S_IFDIR:
++ posix_info->Mode |= cpu_to_le32(POSIX_TYPE_DIR << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFLNK:
++ posix_info->Mode |= cpu_to_le32(POSIX_TYPE_SYMLINK << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFCHR:
++ posix_info->Mode |= cpu_to_le32(POSIX_TYPE_CHARDEV << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFBLK:
++ posix_info->Mode |= cpu_to_le32(POSIX_TYPE_BLKDEV << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFIFO:
++ posix_info->Mode |= cpu_to_le32(POSIX_TYPE_FIFO << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFSOCK:
++ posix_info->Mode |= cpu_to_le32(POSIX_TYPE_SOCKET << POSIX_FILETYPE_SHIFT);
++ }
++
+ posix_info->Inode = cpu_to_le64(ksmbd_kstat->kstat->ino);
+ posix_info->DosAttributes =
+ S_ISDIR(ksmbd_kstat->kstat->mode) ?
+@@ -5177,6 +5197,26 @@ static int find_file_posix_info(struct s
+ file_info->AllocationSize = cpu_to_le64(stat.blocks << 9);
+ file_info->HardLinks = cpu_to_le32(stat.nlink);
+ file_info->Mode = cpu_to_le32(stat.mode & 0777);
++ switch (stat.mode & S_IFMT) {
++ case S_IFDIR:
++ file_info->Mode |= cpu_to_le32(POSIX_TYPE_DIR << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFLNK:
++ file_info->Mode |= cpu_to_le32(POSIX_TYPE_SYMLINK << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFCHR:
++ file_info->Mode |= cpu_to_le32(POSIX_TYPE_CHARDEV << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFBLK:
++ file_info->Mode |= cpu_to_le32(POSIX_TYPE_BLKDEV << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFIFO:
++ file_info->Mode |= cpu_to_le32(POSIX_TYPE_FIFO << POSIX_FILETYPE_SHIFT);
++ break;
++ case S_IFSOCK:
++ file_info->Mode |= cpu_to_le32(POSIX_TYPE_SOCKET << POSIX_FILETYPE_SHIFT);
++ }
++
+ file_info->DeviceId = cpu_to_le32(stat.rdev);
+
+ /*
+--- a/fs/smb/server/smb2pdu.h
++++ b/fs/smb/server/smb2pdu.h
+@@ -500,4 +500,14 @@ static inline void *smb2_get_msg(void *b
+ return buf + 4;
+ }
+
++#define POSIX_TYPE_FILE 0
++#define POSIX_TYPE_DIR 1
++#define POSIX_TYPE_SYMLINK 2
++#define POSIX_TYPE_CHARDEV 3
++#define POSIX_TYPE_BLKDEV 4
++#define POSIX_TYPE_FIFO 5
++#define POSIX_TYPE_SOCKET 6
++
++#define POSIX_FILETYPE_SHIFT 12
++
+ #endif /* _SMB2PDU_H */
--- /dev/null
+From d38e26e36206ae3d544d496513212ae931d1da0a Mon Sep 17 00:00:00 2001
+From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
+Date: Wed, 8 Jan 2025 16:34:30 +0100
+Subject: mptcp: sysctl: sched: avoid using current->nsproxy
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+commit d38e26e36206ae3d544d496513212ae931d1da0a upstream.
+
+Using the 'net' structure via 'current' is not recommended for different
+reasons.
+
+First, if the goal is to use it to read or write per-netns data, this is
+inconsistent with how the "generic" sysctl entries are doing: directly
+by only using pointers set to the table entry, e.g. table->data. Linked
+to that, the per-netns data should always be obtained from the table
+linked to the netns it had been created for, which may not coincide with
+the reader's or writer's netns.
+
+Another reason is that access to current->nsproxy->netns can oops if
+attempted when current->nsproxy had been dropped when the current task
+is exiting. This is what syzbot found, when using acct(2):
+
+ Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI
+ KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
+ CPU: 1 UID: 0 PID: 5924 Comm: syz-executor Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0
+ Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
+ RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125
+ Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00
+ RSP: 0018:ffffc900034774e8 EFLAGS: 00010206
+
+ RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620
+ RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028
+ RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040
+ R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000
+ R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000
+ FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ Call Trace:
+ <TASK>
+ proc_sys_call_handler+0x403/0x5d0 fs/proc/proc_sysctl.c:601
+ __kernel_write_iter+0x318/0xa80 fs/read_write.c:612
+ __kernel_write+0xf6/0x140 fs/read_write.c:632
+ do_acct_process+0xcb0/0x14a0 kernel/acct.c:539
+ acct_pin_kill+0x2d/0x100 kernel/acct.c:192
+ pin_kill+0x194/0x7c0 fs/fs_pin.c:44
+ mnt_pin_kill+0x61/0x1e0 fs/fs_pin.c:81
+ cleanup_mnt+0x3ac/0x450 fs/namespace.c:1366
+ task_work_run+0x14e/0x250 kernel/task_work.c:239
+ exit_task_work include/linux/task_work.h:43 [inline]
+ do_exit+0xad8/0x2d70 kernel/exit.c:938
+ do_group_exit+0xd3/0x2a0 kernel/exit.c:1087
+ get_signal+0x2576/0x2610 kernel/signal.c:3017
+ arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337
+ exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
+ exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline]
+ __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
+ syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
+ do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
+ entry_SYSCALL_64_after_hwframe+0x77/0x7f
+ RIP: 0033:0x7fee3cb87a6a
+ Code: Unable to access opcode bytes at 0x7fee3cb87a40.
+ RSP: 002b:00007fffcccac688 EFLAGS: 00000202 ORIG_RAX: 0000000000000037
+ RAX: 0000000000000000 RBX: 00007fffcccac710 RCX: 00007fee3cb87a6a
+ RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003
+ RBP: 0000000000000003 R08: 00007fffcccac6ac R09: 00007fffcccacac7
+ R10: 00007fffcccac710 R11: 0000000000000202 R12: 00007fee3cd49500
+ R13: 00007fffcccac6ac R14: 0000000000000000 R15: 00007fee3cd4b000
+ </TASK>
+ Modules linked in:
+ ---[ end trace 0000000000000000 ]---
+ RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125
+ Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00
+ RSP: 0018:ffffc900034774e8 EFLAGS: 00010206
+ RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620
+ RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028
+ RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040
+ R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000
+ R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000
+ FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ ----------------
+ Code disassembly (best guess), 1 bytes skipped:
+ 0: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1)
+ 5: 0f 85 fe 02 00 00 jne 0x309
+ b: 4d 8b a4 24 08 09 00 mov 0x908(%r12),%r12
+ 12: 00
+ 13: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
+ 1a: fc ff df
+ 1d: 49 8d 7c 24 28 lea 0x28(%r12),%rdi
+ 22: 48 89 fa mov %rdi,%rdx
+ 25: 48 c1 ea 03 shr $0x3,%rdx
+ * 29: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
+ 2d: 0f 85 cc 02 00 00 jne 0x2ff
+ 33: 4d 8b 7c 24 28 mov 0x28(%r12),%r15
+ 38: 48 rex.W
+ 39: 8d .byte 0x8d
+ 3a: 84 24 c8 test %ah,(%rax,%rcx,8)
+
+Here with 'net.mptcp.scheduler', the 'net' structure is not really
+needed, because the table->data already has a pointer to the current
+scheduler, the only thing needed from the per-netns data.
+Simply use 'data', instead of getting (most of the time) the same thing,
+but from a longer and indirect way.
+
+Fixes: 6963c508fd7a ("mptcp: only allow set existing scheduler for net.mptcp.scheduler")
+Cc: stable@vger.kernel.org
+Reported-by: syzbot+e364f774c6f57f2c86d1@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Reviewed-by: Mat Martineau <martineau@kernel.org>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250108-net-sysctl-current-nsproxy-v1-2-5df34b2083e8@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/ctrl.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+--- a/net/mptcp/ctrl.c
++++ b/net/mptcp/ctrl.c
+@@ -87,16 +87,15 @@ static void mptcp_pernet_set_defaults(st
+ }
+
+ #ifdef CONFIG_SYSCTL
+-static int mptcp_set_scheduler(const struct net *net, const char *name)
++static int mptcp_set_scheduler(char *scheduler, const char *name)
+ {
+- struct mptcp_pernet *pernet = mptcp_get_pernet(net);
+ struct mptcp_sched_ops *sched;
+ int ret = 0;
+
+ rcu_read_lock();
+ sched = mptcp_sched_find(name);
+ if (sched)
+- strscpy(pernet->scheduler, name, MPTCP_SCHED_NAME_MAX);
++ strscpy(scheduler, name, MPTCP_SCHED_NAME_MAX);
+ else
+ ret = -ENOENT;
+ rcu_read_unlock();
+@@ -107,7 +106,7 @@ static int mptcp_set_scheduler(const str
+ static int proc_scheduler(struct ctl_table *ctl, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+ {
+- const struct net *net = current->nsproxy->net_ns;
++ char (*scheduler)[MPTCP_SCHED_NAME_MAX] = ctl->data;
+ char val[MPTCP_SCHED_NAME_MAX];
+ struct ctl_table tbl = {
+ .data = val,
+@@ -115,11 +114,11 @@ static int proc_scheduler(struct ctl_tab
+ };
+ int ret;
+
+- strscpy(val, mptcp_get_scheduler(net), MPTCP_SCHED_NAME_MAX);
++ strscpy(val, *scheduler, MPTCP_SCHED_NAME_MAX);
+
+ ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
+ if (write && ret == 0)
+- ret = mptcp_set_scheduler(net, val);
++ ret = mptcp_set_scheduler(*scheduler, val);
+
+ return ret;
+ }
--- /dev/null
+From 7bac65687510038390a0a54cbe14fba08d037e46 Mon Sep 17 00:00:00 2001
+From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
+Date: Thu, 19 Dec 2024 22:20:41 +0530
+Subject: scsi: ufs: qcom: Power off the PHY if it was already powered on in ufs_qcom_power_up_sequence()
+
+From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
+
+commit 7bac65687510038390a0a54cbe14fba08d037e46 upstream.
+
+PHY might already be powered on during ufs_qcom_power_up_sequence() in a
+couple of cases:
+
+ 1. During UFSHCD_QUIRK_REINIT_AFTER_MAX_GEAR_SWITCH quirk
+
+ 2. Resuming from spm_lvl = 5 suspend
+
+In those cases, it is necessary to call phy_power_off() and phy_exit() in
+ufs_qcom_power_up_sequence() function to power off the PHY before calling
+phy_init() and phy_power_on().
+
+Case (1) is doing it via ufs_qcom_reinit_notify() callback, but case (2) is
+not handled. So to satisfy both cases, call phy_power_off() and phy_exit()
+if the phy_count is non-zero. And with this change, the reinit_notify()
+callback is no longer needed.
+
+This fixes the below UFS resume failure with spm_lvl = 5:
+
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: ufshcd_host_reset_and_restore: Host init failed -5
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: ufshcd_host_reset_and_restore: Host init failed -5
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: ufshcd_host_reset_and_restore: Host init failed -5
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: ufshcd_host_reset_and_restore: Host init failed -5
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: Enabling the controller failed
+ufshcd-qcom 1d84000.ufshc: ufshcd_host_reset_and_restore: Host init failed -5
+ufs_device_wlun 0:0:0:49488: ufshcd_wl_resume failed: -5
+ufs_device_wlun 0:0:0:49488: PM: dpm_run_callback(): scsi_bus_resume returns -5
+ufs_device_wlun 0:0:0:49488: PM: failed to resume async: error -5
+
+Cc: stable@vger.kernel.org # 6.3
+Fixes: baf5ddac90dc ("scsi: ufs: ufs-qcom: Add support for reinitializing the UFS device")
+Reported-by: Ram Kumar Dwivedi <quic_rdwivedi@quicinc.com>
+Tested-by: Amit Pundir <amit.pundir@linaro.org> # on SM8550-HDK
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD
+Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
+Link: https://lore.kernel.org/r/20241219-ufs-qcom-suspend-fix-v3-1-63c4b95a70b9@linaro.org
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/core/ufshcd-priv.h | 6 ------
+ drivers/ufs/core/ufshcd.c | 1 -
+ drivers/ufs/host/ufs-qcom.c | 13 +++++--------
+ include/ufs/ufshcd.h | 2 --
+ 4 files changed, 5 insertions(+), 17 deletions(-)
+
+--- a/drivers/ufs/core/ufshcd-priv.h
++++ b/drivers/ufs/core/ufshcd-priv.h
+@@ -242,12 +242,6 @@ static inline void ufshcd_vops_config_sc
+ hba->vops->config_scaling_param(hba, p, data);
+ }
+
+-static inline void ufshcd_vops_reinit_notify(struct ufs_hba *hba)
+-{
+- if (hba->vops && hba->vops->reinit_notify)
+- hba->vops->reinit_notify(hba);
+-}
+-
+ static inline int ufshcd_vops_mcq_config_resource(struct ufs_hba *hba)
+ {
+ if (hba->vops && hba->vops->mcq_config_resource)
+--- a/drivers/ufs/core/ufshcd.c
++++ b/drivers/ufs/core/ufshcd.c
+@@ -8795,7 +8795,6 @@ static int ufshcd_probe_hba(struct ufs_h
+ ufshcd_device_reset(hba);
+ ufs_put_device_desc(hba);
+ ufshcd_hba_stop(hba);
+- ufshcd_vops_reinit_notify(hba);
+ ret = ufshcd_hba_enable(hba);
+ if (ret) {
+ dev_err(hba->dev, "Host controller enable failed\n");
+--- a/drivers/ufs/host/ufs-qcom.c
++++ b/drivers/ufs/host/ufs-qcom.c
+@@ -455,6 +455,11 @@ static int ufs_qcom_power_up_sequence(st
+ dev_warn(hba->dev, "%s: host reset returned %d\n",
+ __func__, ret);
+
++ if (phy->power_count) {
++ phy_power_off(phy);
++ phy_exit(phy);
++ }
++
+ /* phy initialization - calibrate the phy */
+ ret = phy_init(phy);
+ if (ret) {
+@@ -1638,13 +1643,6 @@ static void ufs_qcom_config_scaling_para
+ }
+ #endif
+
+-static void ufs_qcom_reinit_notify(struct ufs_hba *hba)
+-{
+- struct ufs_qcom_host *host = ufshcd_get_variant(hba);
+-
+- phy_power_off(host->generic_phy);
+-}
+-
+ /* Resources */
+ static const struct ufshcd_res_info ufs_res_info[RES_MAX] = {
+ {.name = "ufs_mem",},
+@@ -1887,7 +1885,6 @@ static const struct ufs_hba_variant_ops
+ .device_reset = ufs_qcom_device_reset,
+ .config_scaling_param = ufs_qcom_config_scaling_param,
+ .program_key = ufs_qcom_ice_program_key,
+- .reinit_notify = ufs_qcom_reinit_notify,
+ .mcq_config_resource = ufs_qcom_mcq_config_resource,
+ .get_hba_mac = ufs_qcom_get_hba_mac,
+ .op_runtime_config = ufs_qcom_op_runtime_config,
+--- a/include/ufs/ufshcd.h
++++ b/include/ufs/ufshcd.h
+@@ -324,7 +324,6 @@ struct ufs_pwr_mode_info {
+ * @config_scaling_param: called to configure clock scaling parameters
+ * @program_key: program or evict an inline encryption key
+ * @event_notify: called to notify important events
+- * @reinit_notify: called to notify reinit of UFSHCD during max gear switch
+ * @mcq_config_resource: called to configure MCQ platform resources
+ * @get_hba_mac: called to get vendor specific mac value, mandatory for mcq mode
+ * @op_runtime_config: called to config Operation and runtime regs Pointers
+@@ -369,7 +368,6 @@ struct ufs_hba_variant_ops {
+ const union ufs_crypto_cfg_entry *cfg, int slot);
+ void (*event_notify)(struct ufs_hba *hba,
+ enum ufs_event_type evt, void *data);
+- void (*reinit_notify)(struct ufs_hba *);
+ int (*mcq_config_resource)(struct ufs_hba *hba);
+ int (*get_hba_mac)(struct ufs_hba *hba);
+ int (*op_runtime_config)(struct ufs_hba *hba);
--- /dev/null
+From 15649fd5415eda664ef35780c2013adeb5d9c695 Mon Sep 17 00:00:00 2001
+From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
+Date: Wed, 8 Jan 2025 16:34:34 +0100
+Subject: sctp: sysctl: auth_enable: avoid using current->nsproxy
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+commit 15649fd5415eda664ef35780c2013adeb5d9c695 upstream.
+
+As mentioned in a previous commit of this series, using the 'net'
+structure via 'current' is not recommended for different reasons:
+
+- Inconsistency: getting info from the reader's/writer's netns vs only
+ from the opener's netns.
+
+- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
+ (null-ptr-deref), e.g. when the current task is exiting, as spotted by
+ syzbot [1] using acct(2).
+
+The 'net' structure can be obtained from the table->data using
+container_of().
+
+Note that table->data could also be used directly, but that would
+increase the size of this fix, while 'sctp.ctl_sock' still needs to be
+retrieved from 'net' structure.
+
+Fixes: b14878ccb7fa ("net: sctp: cache auth_enable per endpoint")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1]
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250108-net-sysctl-current-nsproxy-v1-6-5df34b2083e8@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/sysctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/sctp/sysctl.c
++++ b/net/sctp/sysctl.c
+@@ -503,7 +503,7 @@ static int proc_sctp_do_alpha_beta(struc
+ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct net *net = current->nsproxy->net_ns;
++ struct net *net = container_of(ctl->data, struct net, sctp.auth_enable);
+ struct ctl_table tbl;
+ int new_value, ret;
+
--- /dev/null
+From ea62dd1383913b5999f3d16ae99d411f41b528d4 Mon Sep 17 00:00:00 2001
+From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
+Date: Wed, 8 Jan 2025 16:34:32 +0100
+Subject: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+commit ea62dd1383913b5999f3d16ae99d411f41b528d4 upstream.
+
+As mentioned in a previous commit of this series, using the 'net'
+structure via 'current' is not recommended for different reasons:
+
+- Inconsistency: getting info from the reader's/writer's netns vs only
+ from the opener's netns.
+
+- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
+ (null-ptr-deref), e.g. when the current task is exiting, as spotted by
+ syzbot [1] using acct(2).
+
+The 'net' structure can be obtained from the table->data using
+container_of().
+
+Note that table->data could also be used directly, as this is the only
+member needed from the 'net' structure, but that would increase the size
+of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is
+used.
+
+Fixes: 3c68198e7511 ("sctp: Make hmac algorithm selection for cookie generation dynamic")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1]
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250108-net-sysctl-current-nsproxy-v1-4-5df34b2083e8@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/sysctl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/sctp/sysctl.c
++++ b/net/sctp/sysctl.c
+@@ -391,7 +391,8 @@ static struct ctl_table sctp_net_table[]
+ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct net *net = current->nsproxy->net_ns;
++ struct net *net = container_of(ctl->data, struct net,
++ sctp.sctp_hmac_alg);
+ struct ctl_table tbl;
+ bool changed = false;
+ char *none = "none";
--- /dev/null
+From 6259d2484d0ceff42245d1f09cc8cb6ee72d847a Mon Sep 17 00:00:00 2001
+From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
+Date: Wed, 8 Jan 2025 16:34:36 +0100
+Subject: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+commit 6259d2484d0ceff42245d1f09cc8cb6ee72d847a upstream.
+
+As mentioned in a previous commit of this series, using the 'net'
+structure via 'current' is not recommended for different reasons:
+
+- Inconsistency: getting info from the reader's/writer's netns vs only
+ from the opener's netns.
+
+- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
+ (null-ptr-deref), e.g. when the current task is exiting, as spotted by
+ syzbot [1] using acct(2).
+
+The 'net' structure can be obtained from the table->data using
+container_of().
+
+Note that table->data could also be used directly, as this is the only
+member needed from the 'net' structure, but that would increase the size
+of this fix, to use '*data' everywhere 'net->sctp.probe_interval' is
+used.
+
+Fixes: d1e462a7a5f3 ("sctp: add probe_interval in sysctl and sock/asoc/transport")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1]
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250108-net-sysctl-current-nsproxy-v1-8-5df34b2083e8@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/sysctl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/sctp/sysctl.c
++++ b/net/sctp/sysctl.c
+@@ -573,7 +573,8 @@ static int proc_sctp_do_udp_port(struct
+ static int proc_sctp_do_probe_interval(struct ctl_table *ctl, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct net *net = current->nsproxy->net_ns;
++ struct net *net = container_of(ctl->data, struct net,
++ sctp.probe_interval);
+ struct ctl_table tbl;
+ int ret, new_value;
+
--- /dev/null
+From 9fc17b76fc70763780aa78b38fcf4742384044a5 Mon Sep 17 00:00:00 2001
+From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
+Date: Wed, 8 Jan 2025 16:34:33 +0100
+Subject: sctp: sysctl: rto_min/max: avoid using current->nsproxy
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+commit 9fc17b76fc70763780aa78b38fcf4742384044a5 upstream.
+
+As mentioned in a previous commit of this series, using the 'net'
+structure via 'current' is not recommended for different reasons:
+
+- Inconsistency: getting info from the reader's/writer's netns vs only
+ from the opener's netns.
+
+- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
+ (null-ptr-deref), e.g. when the current task is exiting, as spotted by
+ syzbot [1] using acct(2).
+
+The 'net' structure can be obtained from the table->data using
+container_of().
+
+Note that table->data could also be used directly, as this is the only
+member needed from the 'net' structure, but that would increase the size
+of this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used.
+
+Fixes: 4f3fdf3bc59c ("sctp: add check rto_min and rto_max in sysctl")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1]
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250108-net-sysctl-current-nsproxy-v1-5-5df34b2083e8@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/sysctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/sctp/sysctl.c
++++ b/net/sctp/sysctl.c
+@@ -437,7 +437,7 @@ static int proc_sctp_do_hmac_alg(struct
+ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct net *net = current->nsproxy->net_ns;
++ struct net *net = container_of(ctl->data, struct net, sctp.rto_min);
+ unsigned int min = *(unsigned int *) ctl->extra1;
+ unsigned int max = *(unsigned int *) ctl->extra2;
+ struct ctl_table tbl;
+@@ -465,7 +465,7 @@ static int proc_sctp_do_rto_min(struct c
+ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct net *net = current->nsproxy->net_ns;
++ struct net *net = container_of(ctl->data, struct net, sctp.rto_max);
+ unsigned int min = *(unsigned int *) ctl->extra1;
+ unsigned int max = *(unsigned int *) ctl->extra2;
+ struct ctl_table tbl;
--- /dev/null
+From c10377bbc1972d858eaf0ab366a311b39f8ef1b6 Mon Sep 17 00:00:00 2001
+From: "Matthieu Baerts (NGI0)" <matttbe@kernel.org>
+Date: Wed, 8 Jan 2025 16:34:35 +0100
+Subject: sctp: sysctl: udp_port: avoid using current->nsproxy
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+commit c10377bbc1972d858eaf0ab366a311b39f8ef1b6 upstream.
+
+As mentioned in a previous commit of this series, using the 'net'
+structure via 'current' is not recommended for different reasons:
+
+- Inconsistency: getting info from the reader's/writer's netns vs only
+ from the opener's netns.
+
+- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
+ (null-ptr-deref), e.g. when the current task is exiting, as spotted by
+ syzbot [1] using acct(2).
+
+The 'net' structure can be obtained from the table->data using
+container_of().
+
+Note that table->data could also be used directly, but that would
+increase the size of this fix, while 'sctp.ctl_sock' still needs to be
+retrieved from 'net' structure.
+
+Fixes: 046c052b475e ("sctp: enable udp tunneling socks")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1]
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250108-net-sysctl-current-nsproxy-v1-7-5df34b2083e8@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sctp/sysctl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/sctp/sysctl.c
++++ b/net/sctp/sysctl.c
+@@ -532,7 +532,7 @@ static int proc_sctp_do_auth(struct ctl_
+ static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+ {
+- struct net *net = current->nsproxy->net_ns;
++ struct net *net = container_of(ctl->data, struct net, sctp.udp_port);
+ unsigned int min = *(unsigned int *)ctl->extra1;
+ unsigned int max = *(unsigned int *)ctl->extra2;
+ struct ctl_table tbl;
ksmbd-fix-unexpectedly-changed-path-in-ksmbd_vfs_ker.patch
cpuidle-riscv-sbi-fix-device-node-release-in-early-e.patch
riscv-mm-fix-the-out-of-bound-issue-of-vmemmap-addre.patch
+dm-thin-make-get_first_thin-use-rcu-safe-list-first-function.patch
+scsi-ufs-qcom-power-off-the-phy-if-it-was-already-powered-on-in-ufs_qcom_power_up_sequence.patch
+dm-ebs-don-t-set-the-flag-dm_target_passes_integrity.patch
+mptcp-sysctl-sched-avoid-using-current-nsproxy.patch
+sctp-sysctl-cookie_hmac_alg-avoid-using-current-nsproxy.patch
+sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch
+sctp-sysctl-auth_enable-avoid-using-current-nsproxy.patch
+sctp-sysctl-udp_port-avoid-using-current-nsproxy.patch
+sctp-sysctl-plpmtud_probe_interval-avoid-using-current-nsproxy.patch
+ksmbd-implement-new-smb3-posix-type.patch
+drm-amd-display-add-check-for-granularity-in-dml-ceil-floor-helpers.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
