From 1b651e6a5559010a5908020af9084bdda0ad0d47 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 3 Jan 2024 12:01:20 +0100
Subject: [PATCH] 6.1-stable patches

added patches:
	nfsd-fix-possible-oops-when-nfsd-pool_stats-is-closed.patch
	spi-constify-spi-parameters-of-chip-select-apis.patch
---
 ...-oops-when-nfsd-pool_stats-is-closed.patch | 49 +++++++++++++++++++
 queue-6.1/series                              |  2 +
 ...y-spi-parameters-of-chip-select-apis.patch | 41 ++++++++++++++++
 3 files changed, 92 insertions(+)
 create mode 100644 queue-6.1/nfsd-fix-possible-oops-when-nfsd-pool_stats-is-closed.patch
 create mode 100644 queue-6.1/spi-constify-spi-parameters-of-chip-select-apis.patch

diff --git a/queue-6.1/nfsd-fix-possible-oops-when-nfsd-pool_stats-is-closed.patch b/queue-6.1/nfsd-fix-possible-oops-when-nfsd-pool_stats-is-closed.patch
new file mode 100644
index 00000000000..747e11b9efd
--- /dev/null
+++ b/queue-6.1/nfsd-fix-possible-oops-when-nfsd-pool_stats-is-closed.patch
@@ -0,0 +1,49 @@
+From 88956eabfdea7d01d550535af120d4ef265b1d02 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Tue, 12 Sep 2023 11:25:00 +1000
+Subject: NFSD: fix possible oops when nfsd/pool_stats is closed.
+
+From: NeilBrown <neilb@suse.de>
+
+commit 88956eabfdea7d01d550535af120d4ef265b1d02 upstream.
+
+If /proc/fs/nfsd/pool_stats is open when the last nfsd thread exits, then
+when the file is closed a NULL pointer is dereferenced.
+This is because nfsd_pool_stats_release() assumes that the
+pointer to the svc_serv cannot become NULL while a reference is held.
+
+This used to be the case but a recent patch split nfsd_last_thread() out
+from nfsd_put(), and clearing the pointer is done in nfsd_last_thread().
+
+This is easily reproduced by running
+   rpc.nfsd 8 ; ( rpc.nfsd 0;true) < /proc/fs/nfsd/pool_stats
+
+Fortunately nfsd_pool_stats_release() has easy access to the svc_serv
+pointer, and so can call svc_put() on it directly.
+
+Fixes: 9f28a971ee9f ("nfsd: separate nfsd_last_thread() from nfsd_put()")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Reviewed-by: Jeff Layton <jlayton@kernel.org>
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/nfssvc.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/nfsd/nfssvc.c
++++ b/fs/nfsd/nfssvc.c
+@@ -1124,11 +1124,12 @@ int nfsd_pool_stats_open(struct inode *i
+ 
+ int nfsd_pool_stats_release(struct inode *inode, struct file *file)
+ {
++	struct seq_file *seq = file->private_data;
++	struct svc_serv *serv = seq->private;
+ 	int ret = seq_release(inode, file);
+-	struct net *net = inode->i_sb->s_fs_info;
+ 
+ 	mutex_lock(&nfsd_mutex);
+-	nfsd_put(net);
++	svc_put(serv);
+ 	mutex_unlock(&nfsd_mutex);
+ 	return ret;
+ }
diff --git a/queue-6.1/series b/queue-6.1/series
index dc93b17f68c..e8f0a858e02 100644
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -93,3 +93,5 @@ tracing-fix-blocked-reader-of-snapshot-buffer.patch
 ring-buffer-remove-useless-update-to-write_stamp-in-rb_try_to_discard.patch
 netfilter-nf_tables-skip-set-commit-for-deleted-destroyed-sets.patch
 ring-buffer-fix-slowpath-of-interrupted-event.patch
+nfsd-fix-possible-oops-when-nfsd-pool_stats-is-closed.patch
+spi-constify-spi-parameters-of-chip-select-apis.patch
diff --git a/queue-6.1/spi-constify-spi-parameters-of-chip-select-apis.patch b/queue-6.1/spi-constify-spi-parameters-of-chip-select-apis.patch
new file mode 100644
index 00000000000..59d2716712c
--- /dev/null
+++ b/queue-6.1/spi-constify-spi-parameters-of-chip-select-apis.patch
@@ -0,0 +1,41 @@
+From d2f19eec510424caa55ea949f016ddabe2d8173a Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+Date: Mon, 13 Mar 2023 11:58:37 +0100
+Subject: spi: Constify spi parameters of chip select APIs
+
+From: Geert Uytterhoeven <geert+renesas@glider.be>
+
+commit d2f19eec510424caa55ea949f016ddabe2d8173a upstream.
+
+The "spi" parameters of spi_get_chipselect() and spi_get_csgpiod() can
+be const.
+
+Fixes: 303feb3cc06ac066 ("spi: Add APIs in spi core to set/get spi->chip_select and spi->cs_gpiod")
+Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Link: https://lore.kernel.org/r/b112de79e7a1e9095a3b6ff22b639f39e39d7748.1678704562.git.geert+renesas@glider.be
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/spi/spi.h |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/include/linux/spi/spi.h
++++ b/include/linux/spi/spi.h
+@@ -263,7 +263,7 @@ static inline void *spi_get_drvdata(stru
+ 	return dev_get_drvdata(&spi->dev);
+ }
+ 
+-static inline u8 spi_get_chipselect(struct spi_device *spi, u8 idx)
++static inline u8 spi_get_chipselect(const struct spi_device *spi, u8 idx)
+ {
+ 	return spi->chip_select;
+ }
+@@ -273,7 +273,7 @@ static inline void spi_set_chipselect(st
+ 	spi->chip_select = chipselect;
+ }
+ 
+-static inline struct gpio_desc *spi_get_csgpiod(struct spi_device *spi, u8 idx)
++static inline struct gpio_desc *spi_get_csgpiod(const struct spi_device *spi, u8 idx)
+ {
+ 	return spi->cs_gpiod;
+ }
-- 
2.47.3