drop broken 6.6 patches

diff --git a/queue-6.6/gfs2-fix-slab-use-after-free-in-qd_put.patch b/queue-6.6/gfs2-fix-slab-use-after-free-in-qd_put.patch
deleted file mode 100644 (file)
index 9cb441c..0000000
--- a/queue-6.6/gfs2-fix-slab-use-after-free-in-qd_put.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 3d5a984e1acdf1adffa29a8c005e4a3bf2cc9f7a Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Sun, 14 Dec 2025 16:47:34 +0000
-Subject: gfs2: Fix slab-use-after-free in qd_put
-
-From: Andreas Gruenbacher <agruenba@redhat.com>
-
-[ Upstream commit 22150a7d401d9e9169b9b68e05bed95f7f49bf69 ]
-
-Commit a475c5dd16e5 ("gfs2: Free quota data objects synchronously")
-started freeing quota data objects during filesystem shutdown instead of
-putting them back onto the LRU list, but it failed to remove these
-objects from the LRU list, causing LRU list corruption.  This caused
-use-after-free when the shrinker (gfs2_qd_shrink_scan) tried to access
-already-freed objects on the LRU list.
-
-Fix this by removing qd objects from the LRU list before freeing them in
-qd_put().
-
-Initial fix from Deepanshu Kartikey <kartikey406@gmail.com>.
-
-Fixes: a475c5dd16e5 ("gfs2: Free quota data objects synchronously")
-Reported-by: syzbot+046b605f01802054bff0@syzkaller.appspotmail.com
-Closes: https://syzkaller.appspot.com/bug?extid=046b605f01802054bff0
-Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- fs/gfs2/quota.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c
-index c537e1d02cf3a..5b06240a67367 100644
---- a/fs/gfs2/quota.c
-+++ b/fs/gfs2/quota.c
-@@ -323,6 +323,7 @@ static void qd_put(struct gfs2_quota_data *qd)
-               lockref_mark_dead(&qd->qd_lockref);
-               spin_unlock(&qd->qd_lockref.lock);
- 
-+              list_lru_del_obj(&gfs2_qd_lru, &qd->qd_lru);
-               gfs2_qd_dispose(qd);
-               return;
-       }
--- 
-2.51.0
-

diff --git a/queue-6.6/mm-list_lru-update-kernel-documentation-to-follow-th.patch b/queue-6.6/mm-list_lru-update-kernel-documentation-to-follow-th.patch
deleted file mode 100644 (file)
index 0ce4260..0000000
--- a/queue-6.6/mm-list_lru-update-kernel-documentation-to-follow-th.patch
+++ /dev/null
@@ -1,145 +0,0 @@
-From 60d51bd2b9ea17138ce9886fe3388fa91f126096 Mon Sep 17 00:00:00 2001
-From: Sasha Levin <sashal@kernel.org>
-Date: Thu, 23 Nov 2023 19:23:17 +0200
-Subject: mm: list_lru: Update kernel documentation to follow the requirements
-
-From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
-
-[ Upstream commit 7679e14098c9c3c8118a7130d6e1e9cfe2565c04 ]
-
-kernel-doc is not happy about documentation in list_lru.h:
-
-list_lru.h:90: warning: Function parameter or member 'lru' not described in 'list_lru_add'
-list_lru.h:90: warning: Excess function parameter 'list_lru' description in 'list_lru_add'
-list_lru.h:90: warning: No description found for return value of 'list_lru_add'
-list_lru.h:103: warning: Function parameter or member 'lru' not described in 'list_lru_del'
-list_lru.h:103: warning: Excess function parameter 'list_lru' description in 'list_lru_del'
-list_lru.h:103: warning: No description found for return value of 'list_lru_del'
-list_lru.h:116: warning: No description found for return value of 'list_lru_count_one'
-list_lru.h:168: warning: No description found for return value of 'list_lru_walk_one'
-list_lru.h:185: warning: No description found for return value of 'list_lru_walk_one_irq'
-
-Fix the documentation accordingly.
-
-While at it, fix the references to the parameters in functions
-inside the long descriptions, on which the above script is not
-complaining (yet?).
-
-Link: https://lkml.kernel.org/r/20231123172320.2434780-1-andriy.shevchenko@linux.intel.com
-Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
-Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
-Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
-Stable-dep-of: 22150a7d401d ("gfs2: Fix slab-use-after-free in qd_put")
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- include/linux/list_lru.h | 36 +++++++++++++++++++-----------------
- 1 file changed, 19 insertions(+), 17 deletions(-)
-
-diff --git a/include/linux/list_lru.h b/include/linux/list_lru.h
-index b35968ee9fb50..db86ad78d428a 100644
---- a/include/linux/list_lru.h
-+++ b/include/linux/list_lru.h
-@@ -73,7 +73,7 @@ void memcg_reparent_list_lrus(struct mem_cgroup *memcg, struct mem_cgroup *paren
- 
- /**
-  * list_lru_add: add an element to the lru list's tail
-- * @list_lru: the lru pointer
-+ * @lru: the lru pointer
-  * @item: the item to be added.
-  *
-  * If the element is already part of a list, this function returns doing
-@@ -83,22 +83,22 @@ void memcg_reparent_list_lrus(struct mem_cgroup *memcg, struct mem_cgroup *paren
-  * the caller organize itself in a way that elements can be in more than
-  * one type of list, it is up to the caller to fully remove the item from
-  * the previous list (with list_lru_del() for instance) before moving it
-- * to @list_lru
-+ * to @lru.
-  *
-- * Return value: true if the list was updated, false otherwise
-+ * Return: true if the list was updated, false otherwise
-  */
- bool list_lru_add(struct list_lru *lru, struct list_head *item);
- 
- /**
-  * list_lru_del: delete an element to the lru list
-- * @list_lru: the lru pointer
-+ * @lru: the lru pointer
-  * @item: the item to be deleted.
-  *
-- * This function works analogously as list_lru_add in terms of list
-+ * This function works analogously as list_lru_add() in terms of list
-  * manipulation. The comments about an element already pertaining to
-- * a list are also valid for list_lru_del.
-+ * a list are also valid for list_lru_del().
-  *
-- * Return value: true if the list was updated, false otherwise
-+ * Return: true if the list was updated, false otherwise
-  */
- bool list_lru_del(struct list_lru *lru, struct list_head *item);
- 
-@@ -108,9 +108,11 @@ bool list_lru_del(struct list_lru *lru, struct list_head *item);
-  * @nid: the node id to count from.
-  * @memcg: the cgroup to count from.
-  *
-- * Always return a non-negative number, 0 for empty lists. There is no
-- * guarantee that the list is not updated while the count is being computed.
-- * Callers that want such a guarantee need to provide an outer lock.
-+ * There is no guarantee that the list is not updated while the count is being
-+ * computed. Callers that want such a guarantee need to provide an outer lock.
-+ *
-+ * Return: 0 for empty lists, otherwise the number of objects
-+ * currently held by @lru.
-  */
- unsigned long list_lru_count_one(struct list_lru *lru,
-                                int nid, struct mem_cgroup *memcg);
-@@ -141,7 +143,7 @@ typedef enum lru_status (*list_lru_walk_cb)(struct list_head *item,
-               struct list_lru_one *list, spinlock_t *lock, void *cb_arg);
- 
- /**
-- * list_lru_walk_one: walk a list_lru, isolating and disposing freeable items.
-+ * list_lru_walk_one: walk a @lru, isolating and disposing freeable items.
-  * @lru: the lru pointer.
-  * @nid: the node id to scan from.
-  * @memcg: the cgroup to scan from.
-@@ -150,24 +152,24 @@ typedef enum lru_status (*list_lru_walk_cb)(struct list_head *item,
-  * @cb_arg: opaque type that will be passed to @isolate
-  * @nr_to_walk: how many items to scan.
-  *
-- * This function will scan all elements in a particular list_lru, calling the
-+ * This function will scan all elements in a particular @lru, calling the
-  * @isolate callback for each of those items, along with the current list
-  * spinlock and a caller-provided opaque. The @isolate callback can choose to
-  * drop the lock internally, but *must* return with the lock held. The callback
-- * will return an enum lru_status telling the list_lru infrastructure what to
-+ * will return an enum lru_status telling the @lru infrastructure what to
-  * do with the object being scanned.
-  *
-- * Please note that nr_to_walk does not mean how many objects will be freed,
-+ * Please note that @nr_to_walk does not mean how many objects will be freed,
-  * just how many objects will be scanned.
-  *
-- * Return value: the number of objects effectively removed from the LRU.
-+ * Return: the number of objects effectively removed from the LRU.
-  */
- unsigned long list_lru_walk_one(struct list_lru *lru,
-                               int nid, struct mem_cgroup *memcg,
-                               list_lru_walk_cb isolate, void *cb_arg,
-                               unsigned long *nr_to_walk);
- /**
-- * list_lru_walk_one_irq: walk a list_lru, isolating and disposing freeable items.
-+ * list_lru_walk_one_irq: walk a @lru, isolating and disposing freeable items.
-  * @lru: the lru pointer.
-  * @nid: the node id to scan from.
-  * @memcg: the cgroup to scan from.
-@@ -176,7 +178,7 @@ unsigned long list_lru_walk_one(struct list_lru *lru,
-  * @cb_arg: opaque type that will be passed to @isolate
-  * @nr_to_walk: how many items to scan.
-  *
-- * Same as @list_lru_walk_one except that the spinlock is acquired with
-+ * Same as list_lru_walk_one() except that the spinlock is acquired with
-  * spin_lock_irq().
-  */
- unsigned long list_lru_walk_one_irq(struct list_lru *lru,
--- 
-2.51.0
-

diff --git a/queue-6.6/series b/queue-6.6/series
index d0e61999e6298345377947a2d06d2d88c57670b7..a6cec19a657072ce43259b20aed3de38f7c3a719 100644 (file)
--- a/queue-6.6/series
+++ b/queue-6.6/series
@@ -12,8 +12,6 @@ i3c-move-device-name-assignment-after-i3c_bus_init.patch
 fs-add-linux-init_task.h-for-init_fs.patch
 i3c-master-update-hot-join-flag-only-on-success.patch
 gfs2-retries-missing-in-gfs2_-rename-exchange.patch
-mm-list_lru-update-kernel-documentation-to-follow-th.patch
-gfs2-fix-slab-use-after-free-in-qd_put.patch
 gfs2-add-metapath_dibh-helper.patch
 gfs2-fix-use-after-free-in-iomap-inline-data-write-p.patch
 i3c-dw-initialize-spinlock-to-avoid-upsetting-lockde.patch