--- /dev/null
+From ed2a2ef16a6b9197a0e452308bf6acee6e01f709 Mon Sep 17 00:00:00 2001
+From: Sven Peter <sven@svenpeter.dev>
+Date: Wed, 15 May 2024 18:02:58 +0000
+Subject: Bluetooth: Add quirk to ignore reserved PHY bits in LE Extended Adv Report
+
+From: Sven Peter <sven@svenpeter.dev>
+
+commit ed2a2ef16a6b9197a0e452308bf6acee6e01f709 upstream.
+
+Some Broadcom controllers found on Apple Silicon machines abuse the
+reserved bits inside the PHY fields of LE Extended Advertising Report
+events for additional flags. Add a quirk to drop these and correctly
+extract the Primary/Secondary_PHY field.
+
+The following excerpt from a btmon trace shows a report received with
+"Reserved" for "Primary PHY" on a 4388 controller:
+
+> HCI Event: LE Meta Event (0x3e) plen 26
+ LE Extended Advertising Report (0x0d)
+ Num reports: 1
+ Entry 0
+ Event type: 0x2515
+ Props: 0x0015
+ Connectable
+ Directed
+ Use legacy advertising PDUs
+ Data status: Complete
+ Reserved (0x2500)
+ Legacy PDU Type: Reserved (0x2515)
+ Address type: Random (0x01)
+ Address: 00:00:00:00:00:00 (Static)
+ Primary PHY: Reserved
+ Secondary PHY: No packets
+ SID: no ADI field (0xff)
+ TX power: 127 dBm
+ RSSI: -60 dBm (0xc4)
+ Periodic advertising interval: 0.00 msec (0x0000)
+ Direct address type: Public (0x00)
+ Direct address: 00:00:00:00:00:00 (Apple, Inc.)
+ Data length: 0x00
+
+Cc: stable@vger.kernel.org
+Fixes: 2e7ed5f5e69b ("Bluetooth: hci_sync: Use advertised PHYs on hci_le_ext_create_conn_sync")
+Reported-by: Janne Grunau <j@jannau.net>
+Closes: https://lore.kernel.org/all/Zjz0atzRhFykROM9@robin
+Tested-by: Janne Grunau <j@jannau.net>
+Signed-off-by: Sven Peter <sven@svenpeter.dev>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/bluetooth/hci_bcm4377.c | 8 ++++++++
+ include/net/bluetooth/hci.h | 11 +++++++++++
+ net/bluetooth/hci_event.c | 7 +++++++
+ 3 files changed, 26 insertions(+)
+
+--- a/drivers/bluetooth/hci_bcm4377.c
++++ b/drivers/bluetooth/hci_bcm4377.c
+@@ -495,6 +495,10 @@ struct bcm4377_data;
+ * extended scanning
+ * broken_mws_transport_config: Set to true if the chip erroneously claims to
+ * support MWS Transport Configuration
++ * broken_le_ext_adv_report_phy: Set to true if this chip stuffs flags inside
++ * reserved bits of Primary/Secondary_PHY inside
++ * LE Extended Advertising Report events which
++ * have to be ignored
+ * send_calibration: Optional callback to send calibration data
+ * send_ptb: Callback to send "PTB" regulatory/calibration data
+ */
+@@ -513,6 +517,7 @@ struct bcm4377_hw {
+ unsigned long broken_ext_scan : 1;
+ unsigned long broken_mws_transport_config : 1;
+ unsigned long broken_le_coded : 1;
++ unsigned long broken_le_ext_adv_report_phy : 1;
+
+ int (*send_calibration)(struct bcm4377_data *bcm4377);
+ int (*send_ptb)(struct bcm4377_data *bcm4377,
+@@ -2373,6 +2378,8 @@ static int bcm4377_probe(struct pci_dev
+ set_bit(HCI_QUIRK_BROKEN_EXT_SCAN, &hdev->quirks);
+ if (bcm4377->hw->broken_le_coded)
+ set_bit(HCI_QUIRK_BROKEN_LE_CODED, &hdev->quirks);
++ if (bcm4377->hw->broken_le_ext_adv_report_phy)
++ set_bit(HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY, &hdev->quirks);
+
+ pci_set_drvdata(pdev, bcm4377);
+ hci_set_drvdata(hdev, bcm4377);
+@@ -2477,6 +2484,7 @@ static const struct bcm4377_hw bcm4377_h
+ .clear_pciecfg_subsystem_ctrl_bit19 = true,
+ .broken_mws_transport_config = true,
+ .broken_le_coded = true,
++ .broken_le_ext_adv_report_phy = true,
+ .send_calibration = bcm4387_send_calibration,
+ .send_ptb = bcm4378_send_ptb,
+ },
+--- a/include/net/bluetooth/hci.h
++++ b/include/net/bluetooth/hci.h
+@@ -324,6 +324,17 @@ enum {
+ * claim to support it.
+ */
+ HCI_QUIRK_BROKEN_READ_ENC_KEY_SIZE,
++
++ /*
++ * When this quirk is set, the reserved bits of Primary/Secondary_PHY
++ * inside the LE Extended Advertising Report events are discarded.
++ * This is required for some Apple/Broadcom controllers which
++ * abuse these reserved bits for unrelated flags.
++ *
++ * This quirk can be set before hci_register_dev is called or
++ * during the hdev->setup vendor callback.
++ */
++ HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY,
+ };
+
+ /* HCI device flags */
+--- a/net/bluetooth/hci_event.c
++++ b/net/bluetooth/hci_event.c
+@@ -6312,6 +6312,13 @@ static void hci_le_ext_adv_report_evt(st
+
+ evt_type = __le16_to_cpu(info->type) & LE_EXT_ADV_EVT_TYPE_MASK;
+ legacy_evt_type = ext_evt_type_to_legacy(hdev, evt_type);
++
++ if (test_bit(HCI_QUIRK_FIXUP_LE_EXT_ADV_REPORT_PHY,
++ &hdev->quirks)) {
++ info->primary_phy &= 0x1f;
++ info->secondary_phy &= 0x1f;
++ }
++
+ if (legacy_evt_type != LE_ADV_INVALID) {
+ process_adv_report(hdev, legacy_evt_type, &info->bdaddr,
+ info->bdaddr_type, NULL, 0,
--- /dev/null
+From 897e6120566f1c108b85fefe78d1c1bddfbd5988 Mon Sep 17 00:00:00 2001
+From: Hector Martin <marcan@marcan.st>
+Date: Wed, 15 May 2024 18:15:04 +0000
+Subject: Bluetooth: hci_bcm4377: Fix msgid release
+
+From: Hector Martin <marcan@marcan.st>
+
+commit 897e6120566f1c108b85fefe78d1c1bddfbd5988 upstream.
+
+We are releasing a single msgid, so the order argument to
+bitmap_release_region must be zero.
+
+Fixes: 8a06127602de ("Bluetooth: hci_bcm4377: Add new driver for BCM4377 PCIe boards")
+Cc: stable@vger.kernel.org
+Signed-off-by: Hector Martin <marcan@marcan.st>
+Reviewed-by: Sven Peter <sven@svenpeter.dev>
+Reviewed-by: Neal Gompa <neal@gompa.dev>
+Signed-off-by: Sven Peter <sven@svenpeter.dev>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/bluetooth/hci_bcm4377.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/bluetooth/hci_bcm4377.c
++++ b/drivers/bluetooth/hci_bcm4377.c
+@@ -716,7 +716,7 @@ static void bcm4377_handle_ack(struct bc
+ ring->events[msgid] = NULL;
+ }
+
+- bitmap_release_region(ring->msgids, msgid, ring->n_entries);
++ bitmap_release_region(ring->msgids, msgid, 0);
+
+ unlock:
+ spin_unlock_irqrestore(&ring->lock, flags);
--- /dev/null
+From 88e72239ead9814b886db54fc4ee39ef3c2b8f26 Mon Sep 17 00:00:00 2001
+From: Zijun Hu <quic_zijuhu@quicinc.com>
+Date: Thu, 16 May 2024 21:31:34 +0800
+Subject: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
+
+From: Zijun Hu <quic_zijuhu@quicinc.com>
+
+commit 88e72239ead9814b886db54fc4ee39ef3c2b8f26 upstream.
+
+Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed
+serdev") will cause below regression issue:
+
+BT can't be enabled after below steps:
+cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure
+if property enable-gpios is not configured within DT|ACPI for QCA6390.
+
+The commit is to fix a use-after-free issue within qca_serdev_shutdown()
+by adding condition to avoid the serdev is flushed or wrote after closed
+but also introduces this regression issue regarding above steps since the
+VSC is not sent to reset controller during warm reboot.
+
+Fixed by sending the VSC to reset controller within qca_serdev_shutdown()
+once BT was ever enabled, and the use-after-free issue is also fixed by
+this change since the serdev is still opened before it is flushed or wrote.
+
+Verified by the reported machine Dell XPS 13 9310 laptop over below two
+kernel commits:
+commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump
+implementation for QCA") of bluetooth-next tree.
+commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump
+implementation for QCA") of linus mainline tree.
+
+Fixes: 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev")
+Cc: stable@vger.kernel.org
+Reported-by: Wren Turkal <wt@penguintechs.org>
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218726
+Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
+Tested-by: Wren Turkal <wt@penguintechs.org>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/bluetooth/hci_qca.c | 18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+--- a/drivers/bluetooth/hci_qca.c
++++ b/drivers/bluetooth/hci_qca.c
+@@ -2450,15 +2450,27 @@ static void qca_serdev_shutdown(struct d
+ struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
+ struct hci_uart *hu = &qcadev->serdev_hu;
+ struct hci_dev *hdev = hu->hdev;
+- struct qca_data *qca = hu->priv;
+ const u8 ibs_wake_cmd[] = { 0xFD };
+ const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 };
+
+ if (qcadev->btsoc_type == QCA_QCA6390) {
+- if (test_bit(QCA_BT_OFF, &qca->flags) ||
+- !test_bit(HCI_RUNNING, &hdev->flags))
++ /* The purpose of sending the VSC is to reset SOC into a initial
++ * state and the state will ensure next hdev->setup() success.
++ * if HCI_QUIRK_NON_PERSISTENT_SETUP is set, it means that
++ * hdev->setup() can do its job regardless of SoC state, so
++ * don't need to send the VSC.
++ * if HCI_SETUP is set, it means that hdev->setup() was never
++ * invoked and the SOC is already in the initial state, so
++ * don't also need to send the VSC.
++ */
++ if (test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks) ||
++ hci_dev_test_flag(hdev, HCI_SETUP))
+ return;
+
++ /* The serdev must be in open state when conrol logic arrives
++ * here, so also fix the use-after-free issue caused by that
++ * the serdev is flushed or wrote after it is closed.
++ */
+ serdev_device_write_flush(serdev);
+ ret = serdev_device_write_buf(serdev, ibs_wake_cmd,
+ sizeof(ibs_wake_cmd));
--- /dev/null
+From 48f091fd50b2eb33ae5eaea9ed3c4f81603acf38 Mon Sep 17 00:00:00 2001
+From: Naohiro Aota <naohiro.aota@wdc.com>
+Date: Fri, 28 Jun 2024 13:32:24 +0900
+Subject: btrfs: fix adding block group to a reclaim list and the unused list during reclaim
+
+From: Naohiro Aota <naohiro.aota@wdc.com>
+
+commit 48f091fd50b2eb33ae5eaea9ed3c4f81603acf38 upstream.
+
+There is a potential parallel list adding for retrying in
+btrfs_reclaim_bgs_work and adding to the unused list. Since the block
+group is removed from the reclaim list and it is on a relocation work,
+it can be added into the unused list in parallel. When that happens,
+adding it to the reclaim list will corrupt the list head and trigger
+list corruption like below.
+
+Fix it by taking fs_info->unused_bgs_lock.
+
+ [177.504][T2585409] BTRFS error (device nullb1): error relocating ch= unk 2415919104
+ [177.514][T2585409] list_del corruption. next->prev should be ff1100= 0344b119c0, but was ff11000377e87c70. (next=3Dff110002390cd9c0)
+ [177.529][T2585409] ------------[ cut here ]------------
+ [177.537][T2585409] kernel BUG at lib/list_debug.c:65!
+ [177.545][T2585409] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
+ [177.555][T2585409] CPU: 9 PID: 2585409 Comm: kworker/u128:2 Tainted: G W 6.10.0-rc5-kts #1
+ [177.568][T2585409] Hardware name: Supermicro SYS-520P-WTR/X12SPW-TF, BIOS 1.2 02/14/2022
+ [177.579][T2585409] Workqueue: events_unbound btrfs_reclaim_bgs_work[btrfs]
+ [177.589][T2585409] RIP: 0010:__list_del_entry_valid_or_report.cold+0x70/0x72
+ [177.624][T2585409] RSP: 0018:ff11000377e87a70 EFLAGS: 00010286
+ [177.633][T2585409] RAX: 000000000000006d RBX: ff11000344b119c0 RCX:0000000000000000
+ [177.644][T2585409] RDX: 000000000000006d RSI: 0000000000000008 RDI:ffe21c006efd0f40
+ [177.655][T2585409] RBP: ff110002e0509f78 R08: 0000000000000001 R09:ffe21c006efd0f08
+ [177.665][T2585409] R10: ff11000377e87847 R11: 0000000000000000 R12:ff110002390cd9c0
+ [177.676][T2585409] R13: ff11000344b119c0 R14: ff110002e0508000 R15:dffffc0000000000
+ [177.687][T2585409] FS: 0000000000000000(0000) GS:ff11000fec880000(0000) knlGS:0000000000000000
+ [177.700][T2585409] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ [177.709][T2585409] CR2: 00007f06bc7b1978 CR3: 0000001021e86005 CR4:0000000000771ef0
+ [177.720][T2585409] DR0: 0000000000000000 DR1: 0000000000000000 DR2:0000000000000000
+ [177.731][T2585409] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:0000000000000400
+ [177.742][T2585409] PKRU: 55555554
+ [177.748][T2585409] Call Trace:
+ [177.753][T2585409] <TASK>
+ [177.759][T2585409] ? __die_body.cold+0x19/0x27
+ [177.766][T2585409] ? die+0x2e/0x50
+ [177.772][T2585409] ? do_trap+0x1ea/0x2d0
+ [177.779][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72
+ [177.788][T2585409] ? do_error_trap+0xa3/0x160
+ [177.795][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72
+ [177.805][T2585409] ? handle_invalid_op+0x2c/0x40
+ [177.812][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72
+ [177.820][T2585409] ? exc_invalid_op+0x2d/0x40
+ [177.827][T2585409] ? asm_exc_invalid_op+0x1a/0x20
+ [177.834][T2585409] ? __list_del_entry_valid_or_report.cold+0x70/0x72
+ [177.843][T2585409] btrfs_delete_unused_bgs+0x3d9/0x14c0 [btrfs]
+
+There is a similar retry_list code in btrfs_delete_unused_bgs(), but it is
+safe, AFAICS. Since the block group was in the unused list, the used bytes
+should be 0 when it was added to the unused list. Then, it checks
+block_group->{used,reserved,pinned} are still 0 under the
+block_group->lock. So, they should be still eligible for the unused list,
+not the reclaim list.
+
+The reason it is safe there it's because because we're holding
+space_info->groups_sem in write mode.
+
+That means no other task can allocate from the block group, so while we
+are at deleted_unused_bgs() it's not possible for other tasks to
+allocate and deallocate extents from the block group, so it can't be
+added to the unused list or the reclaim list by anyone else.
+
+The bug can be reproduced by btrfs/166 after a few rounds. In practice
+this can be hit when relocation cannot find more chunk space and ends
+with ENOSPC.
+
+Reported-by: Shinichiro Kawasaki <shinichiro.kawasaki@wdc.com>
+Suggested-by: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
+Fixes: 4eb4e85c4f81 ("btrfs: retry block group reclaim without infinite loop")
+CC: stable@vger.kernel.org # 5.15+
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
+Reviewed-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/block-group.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/block-group.c
++++ b/fs/btrfs/block-group.c
+@@ -1924,8 +1924,17 @@ void btrfs_reclaim_bgs_work(struct work_
+ next:
+ if (ret) {
+ /* Refcount held by the reclaim_bgs list after splice. */
+- btrfs_get_block_group(bg);
+- list_add_tail(&bg->bg_list, &retry_list);
++ spin_lock(&fs_info->unused_bgs_lock);
++ /*
++ * This block group might be added to the unused list
++ * during the above process. Move it back to the
++ * reclaim list otherwise.
++ */
++ if (list_empty(&bg->bg_list)) {
++ btrfs_get_block_group(bg);
++ list_add_tail(&bg->bg_list, &retry_list);
++ }
++ spin_unlock(&fs_info->unused_bgs_lock);
+ }
+ btrfs_put_block_group(bg);
+
--- /dev/null
+From a56c85fa2d59ab0780514741550edf87989a66e9 Mon Sep 17 00:00:00 2001
+From: Boris Burkov <boris@bur.io>
+Date: Tue, 2 Jul 2024 07:31:14 -0700
+Subject: btrfs: fix folio refcount in __alloc_dummy_extent_buffer()
+
+From: Boris Burkov <boris@bur.io>
+
+commit a56c85fa2d59ab0780514741550edf87989a66e9 upstream.
+
+Another improper use of __folio_put() in an error path after freshly
+allocating pages/folios which returns them with the refcount initialized
+to 1. The refactor from __free_pages() -> __folio_put() (instead of
+folio_put) removed a refcount decrement found in __free_pages() and
+folio_put but absent from __folio_put().
+
+Fixes: 13df3775efca ("btrfs: cleanup metadata page pointer usage")
+CC: stable@vger.kernel.org # 6.8+
+Tested-by: Ed Tomlinson <edtoml@gmail.com>
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: Boris Burkov <boris@bur.io>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/extent_io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/btrfs/extent_io.c
++++ b/fs/btrfs/extent_io.c
+@@ -3526,7 +3526,7 @@ err:
+ for (int i = 0; i < num_folios; i++) {
+ if (eb->folios[i]) {
+ detach_extent_buffer_folio(eb, eb->folios[i]);
+- __folio_put(eb->folios[i]);
++ folio_put(eb->folios[i]);
+ }
+ }
+ __free_extent_buffer(eb);
--- /dev/null
+From 64d2c847ba380e07b9072d65a50aa6469d2aa43f Mon Sep 17 00:00:00 2001
+From: Naohiro Aota <naohiro.aota@wdc.com>
+Date: Thu, 20 Jun 2024 15:05:45 +0900
+Subject: btrfs: zoned: fix calc_available_free_space() for zoned mode
+
+From: Naohiro Aota <naohiro.aota@wdc.com>
+
+commit 64d2c847ba380e07b9072d65a50aa6469d2aa43f upstream.
+
+calc_available_free_space() returns the total size of metadata (or
+system) block groups, which can be allocated from unallocated disk
+space. The logic is wrong on zoned mode in two places.
+
+First, the calculation of data_chunk_size is wrong. We always allocate
+one zone as one chunk, and no partial allocation of a zone. So, we
+should use zone_size (= data_sinfo->chunk_size) as it is.
+
+Second, the result "avail" may not be zone aligned. Since we always
+allocate one zone as one chunk on zoned mode, returning non-zone size
+aligned bytes will result in less pressure on the async metadata reclaim
+process.
+
+This is serious for the nearly full state with a large zone size device.
+Allowing over-commit too much will result in less async reclaim work and
+end up in ENOSPC. We can align down to the zone size to avoid that.
+
+Fixes: cb6cbab79055 ("btrfs: adjust overcommit logic when very close to full")
+CC: stable@vger.kernel.org # 6.9
+Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
+Reviewed-by: Boris Burkov <boris@bur.io>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/space-info.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/fs/btrfs/space-info.c b/fs/btrfs/space-info.c
+index d620323d08ea..ae8c56442549 100644
+--- a/fs/btrfs/space-info.c
++++ b/fs/btrfs/space-info.c
+@@ -373,11 +373,18 @@ static u64 calc_available_free_space(struct btrfs_fs_info *fs_info,
+ * "optimal" chunk size based on the fs size. However when we actually
+ * allocate the chunk we will strip this down further, making it no more
+ * than 10% of the disk or 1G, whichever is smaller.
++ *
++ * On the zoned mode, we need to use zone_size (=
++ * data_sinfo->chunk_size) as it is.
+ */
+ data_sinfo = btrfs_find_space_info(fs_info, BTRFS_BLOCK_GROUP_DATA);
+- data_chunk_size = min(data_sinfo->chunk_size,
+- mult_perc(fs_info->fs_devices->total_rw_bytes, 10));
+- data_chunk_size = min_t(u64, data_chunk_size, SZ_1G);
++ if (!btrfs_is_zoned(fs_info)) {
++ data_chunk_size = min(data_sinfo->chunk_size,
++ mult_perc(fs_info->fs_devices->total_rw_bytes, 10));
++ data_chunk_size = min_t(u64, data_chunk_size, SZ_1G);
++ } else {
++ data_chunk_size = data_sinfo->chunk_size;
++ }
+
+ /*
+ * Since data allocations immediately use block groups as part of the
+@@ -405,6 +412,17 @@ static u64 calc_available_free_space(struct btrfs_fs_info *fs_info,
+ avail >>= 3;
+ else
+ avail >>= 1;
++
++ /*
++ * On the zoned mode, we always allocate one zone as one chunk.
++ * Returning non-zone size alingned bytes here will result in
++ * less pressure for the async metadata reclaim process, and it
++ * will over-commit too much leading to ENOSPC. Align down to the
++ * zone size to avoid that.
++ */
++ if (btrfs_is_zoned(fs_info))
++ avail = ALIGN_DOWN(avail, fs_info->zone_size);
++
+ return avail;
+ }
+
+--
+2.45.2
+
--- /dev/null
+From 19d5b2698c35b2132a355c67b4d429053804f8cc Mon Sep 17 00:00:00 2001
+From: Jimmy Assarsson <extja@kvaser.com>
+Date: Fri, 28 Jun 2024 21:45:29 +0200
+Subject: can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
+
+From: Jimmy Assarsson <extja@kvaser.com>
+
+commit 19d5b2698c35b2132a355c67b4d429053804f8cc upstream.
+
+Explicitly set the 'family' driver_info struct member for leafimx.
+Previously, the correct operation relied on KVASER_LEAF being the first
+defined value in enum kvaser_usb_leaf_family.
+
+Fixes: e6c80e601053 ("can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression")
+Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
+Link: https://lore.kernel.org/all/20240628194529.312968-1-extja@kvaser.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
++++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+@@ -125,6 +125,7 @@ static const struct kvaser_usb_driver_in
+
+ static const struct kvaser_usb_driver_info kvaser_usb_driver_info_leafimx = {
+ .quirks = 0,
++ .family = KVASER_LEAF,
+ .ops = &kvaser_usb_leaf_dev_ops,
+ };
+
--- /dev/null
+From 0d8968287a1cf7b03d07387dc871de3861b9f6b9 Mon Sep 17 00:00:00 2001
+From: Nathan Chancellor <nathan@kernel.org>
+Date: Mon, 13 May 2024 08:40:27 -0700
+Subject: f2fs: Add inline to f2fs_build_fault_attr() stub
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+commit 0d8968287a1cf7b03d07387dc871de3861b9f6b9 upstream.
+
+When building without CONFIG_F2FS_FAULT_INJECTION, there is a warning
+from each file that includes f2fs.h because the stub for
+f2fs_build_fault_attr() is missing inline:
+
+ In file included from fs/f2fs/segment.c:21:
+ fs/f2fs/f2fs.h:4605:12: warning: 'f2fs_build_fault_attr' defined but not used [-Wunused-function]
+ 4605 | static int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate,
+ | ^~~~~~~~~~~~~~~~~~~~~
+
+Add the missing inline to resolve all of the warnings for this
+configuration.
+
+Fixes: 4ed886b187f4 ("f2fs: check validation of fault attrs in f2fs_build_fault_attr()")
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Reviewed-by: Chao Yu <chao@kernel.org>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/f2fs.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/f2fs/f2fs.h
++++ b/fs/f2fs/f2fs.h
+@@ -4600,8 +4600,8 @@ static inline bool f2fs_need_verity(cons
+ extern int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate,
+ unsigned long type);
+ #else
+-static int f2fs_build_fault_attr(struct f2fs_sb_info *sbi, unsigned long rate,
+- unsigned long type)
++static inline int f2fs_build_fault_attr(struct f2fs_sb_info *sbi,
++ unsigned long rate, unsigned long type)
+ {
+ return 0;
+ }
--- /dev/null
+From 702eb71fd6501b3566283f8c96d7ccc6ddd662e9 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Mon, 17 Jun 2024 18:23:00 +0200
+Subject: fsnotify: Do not generate events for O_PATH file descriptors
+
+From: Jan Kara <jack@suse.cz>
+
+commit 702eb71fd6501b3566283f8c96d7ccc6ddd662e9 upstream.
+
+Currently we will not generate FS_OPEN events for O_PATH file
+descriptors but we will generate FS_CLOSE events for them. This is
+asymmetry is confusing. Arguably no fsnotify events should be generated
+for O_PATH file descriptors as they cannot be used to access or modify
+file content, they are just convenient handles to file objects like
+paths. So fix the asymmetry by stopping to generate FS_CLOSE for O_PATH
+file descriptors.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20240617162303.1596-1-jack@suse.cz
+Reviewed-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/fsnotify.h | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/include/linux/fsnotify.h
++++ b/include/linux/fsnotify.h
+@@ -99,7 +99,13 @@ static inline int fsnotify_file(struct f
+ {
+ const struct path *path;
+
+- if (file->f_mode & FMODE_NONOTIFY)
++ /*
++ * FMODE_NONOTIFY are fds generated by fanotify itself which should not
++ * generate new events. We also don't want to generate events for
++ * FMODE_PATH fds (involves open & close events) as they are just
++ * handle creation / destruction events and not "real" file events.
++ */
++ if (file->f_mode & (FMODE_NONOTIFY | FMODE_PATH))
+ return 0;
+
+ path = &file->f_path;
--- /dev/null
+From 9f365cb8bbd0162963d6852651d7c9e30adcb7b5 Mon Sep 17 00:00:00 2001
+From: Nathan Chancellor <nathan@kernel.org>
+Date: Tue, 14 May 2024 13:47:23 -0700
+Subject: scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add()
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+commit 9f365cb8bbd0162963d6852651d7c9e30adcb7b5 upstream.
+
+When building for a 32-bit platform such as ARM or i386, for which size_t
+is unsigned int, there is a warning due to using an unsigned long format
+specifier:
+
+ drivers/scsi/mpi3mr/mpi3mr_transport.c:1370:11: error: format specifies type 'unsigned long' but the argument has type 'unsigned int' [-Werror,-Wformat]
+ 1369 | ioc_warn(mrioc, "skipping port %u, max allowed value is %lu\n",
+ | ~~~
+ | %u
+ 1370 | i, sizeof(mr_sas_port->phy_mask) * 8);
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Use the proper format specifier for size_t, %zu, to resolve the warning for
+all platforms.
+
+Fixes: 3668651def2c ("scsi: mpi3mr: Sanitise num_phys")
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Link: https://lore.kernel.org/r/20240514-mpi3mr-fix-wformat-v1-1-f1ad49217e5e@kernel.org
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/mpi3mr/mpi3mr_transport.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/scsi/mpi3mr/mpi3mr_transport.c
++++ b/drivers/scsi/mpi3mr/mpi3mr_transport.c
+@@ -1366,7 +1366,7 @@ static struct mpi3mr_sas_port *mpi3mr_sa
+ continue;
+
+ if (i > sizeof(mr_sas_port->phy_mask) * 8) {
+- ioc_warn(mrioc, "skipping port %u, max allowed value is %lu\n",
++ ioc_warn(mrioc, "skipping port %u, max allowed value is %zu\n",
+ i, sizeof(mr_sas_port->phy_mask) * 8);
+ goto out_fail;
+ }
nilfs2-fix-incorrect-inode-allocation-from-reserved-inodes.patch
mm-optimize-the-redundant-loop-of-mm_update_owner_next.patch
mm-avoid-overflows-in-dirty-throttling-logic.patch
+btrfs-zoned-fix-calc_available_free_space-for-zoned-mode.patch
+btrfs-fix-adding-block-group-to-a-reclaim-list-and-the-unused-list-during-reclaim.patch
+btrfs-fix-folio-refcount-in-__alloc_dummy_extent_buffer.patch
+f2fs-add-inline-to-f2fs_build_fault_attr-stub.patch
+scsi-mpi3mr-use-proper-format-specifier-in-mpi3mr_sas_port_add.patch
+bluetooth-hci_bcm4377-fix-msgid-release.patch
+bluetooth-add-quirk-to-ignore-reserved-phy-bits-in-le-extended-adv-report.patch
+bluetooth-qca-fix-bt-enable-failure-again-for-qca6390-after-warm-reboot.patch
+can-kvaser_usb-explicitly-initialize-family-in-leafimx-driver_info-struct.patch
+fsnotify-do-not-generate-events-for-o_path-file-descriptors.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
