--- /dev/null
+From stable+bounces-192782-greg=kroah.com@vger.kernel.org Sat Nov 8 15:09:52 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 8 Nov 2025 09:09:44 -0500
+Subject: btrfs: ensure no dirty metadata is written back for an fs with errors
+To: stable@vger.kernel.org
+Cc: Qu Wenruo <wqu@suse.com>, Filipe Manana <fdmanana@suse.com>, David Sterba <dsterba@suse.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251108140944.129703-1-sashal@kernel.org>
+
+From: Qu Wenruo <wqu@suse.com>
+
+[ Upstream commit 2618849f31e7cf51fadd4a5242458501a6d5b315 ]
+
+[BUG]
+During development of a minor feature (make sure all btrfs_bio::end_io()
+is called in task context), I noticed a crash in generic/388, where
+metadata writes triggered new works after btrfs_stop_all_workers().
+
+It turns out that it can even happen without any code modification, just
+using RAID5 for metadata and the same workload from generic/388 is going
+to trigger the use-after-free.
+
+[CAUSE]
+If btrfs hits an error, the fs is marked as error, no new
+transaction is allowed thus metadata is in a frozen state.
+
+But there are some metadata modifications before that error, and they are
+still in the btree inode page cache.
+
+Since there will be no real transaction commit, all those dirty folios
+are just kept as is in the page cache, and they can not be invalidated
+by invalidate_inode_pages2() call inside close_ctree(), because they are
+dirty.
+
+And finally after btrfs_stop_all_workers(), we call iput() on btree
+inode, which triggers writeback of those dirty metadata.
+
+And if the fs is using RAID56 metadata, this will trigger RMW and queue
+new works into rmw_workers, which is already stopped, causing warning
+from queue_work() and use-after-free.
+
+[FIX]
+Add a special handling for write_one_eb(), that if the fs is already in
+an error state, immediately mark the bbio as failure, instead of really
+submitting them.
+
+Then during close_ctree(), iput() will just discard all those dirty
+tree blocks without really writing them back, thus no more new jobs for
+already stopped-and-freed workqueues.
+
+The extra discard in write_one_eb() also acts as an extra safenet.
+E.g. the transaction abort is triggered by some extent/free space
+tree corruptions, and since extent/free space tree is already corrupted
+some tree blocks may be allocated where they shouldn't be (overwriting
+existing tree blocks). In that case writing them back will further
+corrupting the fs.
+
+CC: stable@vger.kernel.org # 6.6+
+Reviewed-by: Filipe Manana <fdmanana@suse.com>
+Signed-off-by: Qu Wenruo <wqu@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+[ Adjust context ]
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/extent_io.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/fs/btrfs/extent_io.c
++++ b/fs/btrfs/extent_io.c
+@@ -1751,6 +1751,14 @@ static noinline_for_stack void write_one
+ unlock_page(p);
+ }
+ }
++ /*
++ * If the fs is already in error status, do not submit any writeback
++ * but immediately finish it.
++ */
++ if (unlikely(BTRFS_FS_ERROR(fs_info))) {
++ btrfs_bio_end_io(bbio, errno_to_blk_status(BTRFS_FS_ERROR(fs_info)));
++ return;
++ }
+ btrfs_submit_bio(bbio, 0);
+ }
+
--- /dev/null
+From stable+bounces-192780-greg=kroah.com@vger.kernel.org Sat Nov 8 15:05:46 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 8 Nov 2025 09:04:48 -0500
+Subject: drm/mediatek: Disable AFBC support on Mediatek DRM driver
+To: stable@vger.kernel.org
+Cc: Ariel D'Alessandro <ariel.dalessandro@collabora.com>, Daniel Stone <daniels@collabora.com>, CK Hu <ck.hu@mediatek.com>, Macpaul Lin <macpaul.lin@mediatek.com>, Chun-Kuang Hu <chunkuang.hu@kernel.org>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251108140448.128017-1-sashal@kernel.org>
+
+From: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
+
+[ Upstream commit 9882a40640036d5bbc590426a78981526d4f2345 ]
+
+Commit c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM
+driver") added AFBC support to Mediatek DRM and enabled the
+32x8/split/sparse modifier.
+
+However, this is currently broken on Mediatek MT8188 (Genio 700 EVK
+platform); tested using upstream Kernel and Mesa (v25.2.1), AFBC is used by
+default since Mesa v25.0.
+
+Kernel trace reports vblank timeouts constantly, and the render is garbled:
+
+```
+[CRTC:62:crtc-0] vblank wait timed out
+WARNING: CPU: 7 PID: 70 at drivers/gpu/drm/drm_atomic_helper.c:1835 drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c
+[...]
+Hardware name: MediaTek Genio-700 EVK (DT)
+Workqueue: events_unbound commit_work
+pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+pc : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c
+lr : drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c
+sp : ffff80008337bca0
+x29: ffff80008337bcd0 x28: 0000000000000061 x27: 0000000000000000
+x26: 0000000000000001 x25: 0000000000000000 x24: ffff0000c9dcc000
+x23: 0000000000000001 x22: 0000000000000000 x21: ffff0000c66f2f80
+x20: ffff0000c0d7d880 x19: 0000000000000000 x18: 000000000000000a
+x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000000
+x14: 0000000000000000 x13: 74756f2064656d69 x12: 742074696177206b
+x11: 0000000000000058 x10: 0000000000000018 x9 : ffff800082396a70
+x8 : 0000000000057fa8 x7 : 0000000000000cce x6 : ffff8000823eea70
+x5 : ffff0001fef5f408 x4 : ffff80017ccee000 x3 : ffff0000c12cb480
+x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000c12cb480
+Call trace:
+ drm_atomic_helper_wait_for_vblanks.part.0+0x24c/0x27c (P)
+ drm_atomic_helper_commit_tail_rpm+0x64/0x80
+ commit_tail+0xa4/0x1a4
+ commit_work+0x14/0x20
+ process_one_work+0x150/0x290
+ worker_thread+0x2d0/0x3ec
+ kthread+0x12c/0x210
+ ret_from_fork+0x10/0x20
+---[ end trace 0000000000000000 ]---
+```
+
+Until this gets fixed upstream, disable AFBC support on this platform, as
+it's currently broken with upstream Mesa.
+
+Fixes: c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver")
+Cc: stable@vger.kernel.org
+Signed-off-by: Ariel D'Alessandro <ariel.dalessandro@collabora.com>
+Reviewed-by: Daniel Stone <daniels@collabora.com>
+Reviewed-by: CK Hu <ck.hu@mediatek.com>
+Reviewed-by: Macpaul Lin <macpaul.lin@mediatek.com>
+Link: https://patchwork.kernel.org/project/dri-devel/patch/20251024202756.811425-1-ariel.dalessandro@collabora.com/
+Signed-off-by: Chun-Kuang Hu <chunkuang.hu@kernel.org>
+[ Applied to mtk_drm_plane.c instead of mtk_plane.c ]
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/mediatek/mtk_drm_plane.c | 24 +-----------------------
+ 1 file changed, 1 insertion(+), 23 deletions(-)
+
+--- a/drivers/gpu/drm/mediatek/mtk_drm_plane.c
++++ b/drivers/gpu/drm/mediatek/mtk_drm_plane.c
+@@ -21,9 +21,6 @@
+
+ static const u64 modifiers[] = {
+ DRM_FORMAT_MOD_LINEAR,
+- DRM_FORMAT_MOD_ARM_AFBC(AFBC_FORMAT_MOD_BLOCK_SIZE_32x8 |
+- AFBC_FORMAT_MOD_SPLIT |
+- AFBC_FORMAT_MOD_SPARSE),
+ DRM_FORMAT_MOD_INVALID,
+ };
+
+@@ -71,26 +68,7 @@ static bool mtk_plane_format_mod_support
+ uint32_t format,
+ uint64_t modifier)
+ {
+- if (modifier == DRM_FORMAT_MOD_LINEAR)
+- return true;
+-
+- if (modifier != DRM_FORMAT_MOD_ARM_AFBC(
+- AFBC_FORMAT_MOD_BLOCK_SIZE_32x8 |
+- AFBC_FORMAT_MOD_SPLIT |
+- AFBC_FORMAT_MOD_SPARSE))
+- return false;
+-
+- if (format != DRM_FORMAT_XRGB8888 &&
+- format != DRM_FORMAT_ARGB8888 &&
+- format != DRM_FORMAT_BGRX8888 &&
+- format != DRM_FORMAT_BGRA8888 &&
+- format != DRM_FORMAT_ABGR8888 &&
+- format != DRM_FORMAT_XBGR8888 &&
+- format != DRM_FORMAT_RGB888 &&
+- format != DRM_FORMAT_BGR888)
+- return false;
+-
+- return true;
++ return modifier == DRM_FORMAT_MOD_LINEAR;
+ }
+
+ static void mtk_drm_plane_destroy_state(struct drm_plane *plane,
--- /dev/null
+From stable+bounces-195453-greg=kroah.com@vger.kernel.org Fri Nov 21 04:50:26 2025
+From: Rajani Kantha <681739313@139.com>
+Date: Fri, 21 Nov 2025 11:46:10 +0800
+Subject: f2fs: fix to avoid overflow while left shift operation
+To: chao@kernel.org, jaegeuk@kernel.org
+Cc: stable@vger.kernel.org
+Message-ID: <20251121034610.2709-1-681739313@139.com>
+
+From: Chao Yu <chao@kernel.org>
+
+[ Upstream commit 0fe1c6bec54ea68ed8c987b3890f2296364e77bb ]
+
+Should cast type of folio->index from pgoff_t to loff_t to avoid overflow
+while left shift operation.
+
+Fixes: 3265d3db1f16 ("f2fs: support partial truncation on compressed inode")
+Signed-off-by: Chao Yu <chao@kernel.org>
+Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
+[ Modification: Using rpages[i]->index instead of folio->index due to
+it was changed since commit:1cda5bc0b2fe ("f2fs: Use a folio in
+f2fs_truncate_partial_cluster()") on 6.14 ]
+Signed-off-by: Rajani Kantha <681739313@139.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/f2fs/compress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/f2fs/compress.c
++++ b/fs/f2fs/compress.c
+@@ -1209,7 +1209,7 @@ int f2fs_truncate_partial_cluster(struct
+ int i;
+
+ for (i = cluster_size - 1; i >= 0; i--) {
+- loff_t start = rpages[i]->index << PAGE_SHIFT;
++ loff_t start = (loff_t)rpages[i]->index << PAGE_SHIFT;
+
+ if (from <= start) {
+ zero_user_segment(rpages[i], 0, PAGE_SIZE);
--- /dev/null
+From stable+bounces-192864-greg=kroah.com@vger.kernel.org Mon Nov 10 00:20:51 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 18:20:42 -0500
+Subject: iommufd: Don't overflow during division for dirty tracking
+To: stable@vger.kernel.org
+Cc: Jason Gunthorpe <jgg@ziepe.ca>, Joao Martins <joao.m.martins@oracle.com>, Nicolin Chen <nicolinc@nvidia.com>, Kevin Tian <kevin.tian@intel.com>, syzbot+093a8a8b859472e6c257@syzkaller.appspotmail.com, Jason Gunthorpe <jgg@nvidia.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251109232042.530964-1-sashal@kernel.org>
+
+From: Jason Gunthorpe <jgg@ziepe.ca>
+
+[ Upstream commit cb30dfa75d55eced379a42fd67bd5fb7ec38555e ]
+
+If pgshift is 63 then BITS_PER_TYPE(*bitmap->bitmap) * pgsize will overflow
+to 0 and this triggers divide by 0.
+
+In this case the index should just be 0, so reorganize things to divide
+by shift and avoid hitting any overflows.
+
+Link: https://patch.msgid.link/r/0-v1-663679b57226+172-iommufd_dirty_div0_jgg@nvidia.com
+Cc: stable@vger.kernel.org
+Fixes: 58ccf0190d19 ("vfio: Add an IOVA bitmap support")
+Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
+Reviewed-by: Nicolin Chen <nicolinc@nvidia.com>
+Reviewed-by: Kevin Tian <kevin.tian@intel.com>
+Reported-by: syzbot+093a8a8b859472e6c257@syzkaller.appspotmail.com
+Closes: https://syzkaller.appspot.com/bug?extid=093a8a8b859472e6c257
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+[ drivers/iommu/iommufd/iova_bitmap.c => drivers/vfio/iova_bitmap.c ]
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/vfio/iova_bitmap.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/drivers/vfio/iova_bitmap.c
++++ b/drivers/vfio/iova_bitmap.c
+@@ -127,9 +127,8 @@ struct iova_bitmap {
+ static unsigned long iova_bitmap_offset_to_index(struct iova_bitmap *bitmap,
+ unsigned long iova)
+ {
+- unsigned long pgsize = 1UL << bitmap->mapped.pgshift;
+-
+- return iova / (BITS_PER_TYPE(*bitmap->bitmap) * pgsize);
++ return (iova >> bitmap->mapped.pgshift) /
++ BITS_PER_TYPE(*bitmap->bitmap);
+ }
+
+ /*
--- /dev/null
+From stable+bounces-194942-greg=kroah.com@vger.kernel.org Mon Nov 17 10:31:20 2025
+From: mambaxin@163.com
+Date: Mon, 17 Nov 2025 17:30:13 +0800
+Subject: mm, percpu: do not consider sleepable allocations atomic
+To: dennis@kernel.org, tj@kernel.org, cl@linux.com, akpm@linux-foundation.org, gregkh@linuxfoundation.org, mhocko@suse.com
+Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, Vlastimil Babka <vbabka@suse.cz>, Filipe David Manana <fdmanana@suse.com>, chenxin <chenxinxin@xiaomi.com>
+Message-ID: <20251117093013.545253-1-mambaxin@163.com>
+
+From: Michal Hocko <mhocko@suse.com>
+
+[ Upstream commit 9a5b183941b52f84c0f9e5f27ce44e99318c9e0f ]
+
+28307d938fb2 ("percpu: make pcpu_alloc() aware of current gfp context")
+has fixed a reclaim recursion for scoped GFP_NOFS context. It has done
+that by avoiding taking pcpu_alloc_mutex. This is a correct solution as
+the worker context with full GFP_KERNEL allocation/reclaim power and which
+is using the same lock cannot block the NOFS pcpu_alloc caller.
+
+On the other hand this is a very conservative approach that could lead to
+failures because pcpu_alloc lockless implementation is quite limited.
+
+We have a bug report about premature failures when scsi array of 193
+devices is scanned. Sometimes (not consistently) the scanning aborts
+because the iscsid daemon fails to create the queue for a random scsi
+device during the scan. iscsid itself is running with PR_SET_IO_FLUSHER
+set so all allocations from this process context are GFP_NOIO. This in
+turn makes any pcpu_alloc lockless (without pcpu_alloc_mutex) which leads
+to pre-mature failures.
+
+It has turned out that iscsid has worked around this by dropping
+PR_SET_IO_FLUSHER (https://github.com/open-iscsi/open-iscsi/pull/382) when
+scanning host. But we can do better in this case on the kernel side and
+use pcpu_alloc_mutex for NOIO resp. NOFS constrained allocation scopes
+too. We just need the WQ worker to never trigger IO/FS reclaim. Achieve
+that by enforcing scoped GFP_NOIO for the whole execution of
+pcpu_balance_workfn (this will imply NOFS constrain as well). This will
+remove the dependency chain and preserve the full allocation power of the
+pcpu_alloc call.
+
+While at it make is_atomic really test for blockable allocations.
+
+Link: https://lkml.kernel.org/r/20250206122633.167896-1-mhocko@kernel.org
+Fixes: 28307d938fb2 ("percpu: make pcpu_alloc() aware of current gfp context")
+Signed-off-by: Michal Hocko <mhocko@suse.com>
+Acked-by: Vlastimil Babka <vbabka@suse.cz>
+Cc: Dennis Zhou <dennis@kernel.org>
+Cc: Filipe David Manana <fdmanana@suse.com>
+Cc: Tejun Heo <tj@kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: chenxin <chenxinxin@xiaomi.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/percpu.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/mm/percpu.c
++++ b/mm/percpu.c
+@@ -1734,7 +1734,7 @@ static void __percpu *pcpu_alloc(size_t
+ gfp = current_gfp_context(gfp);
+ /* whitelisted flags that can be passed to the backing allocators */
+ pcpu_gfp = gfp & (GFP_KERNEL | __GFP_NORETRY | __GFP_NOWARN);
+- is_atomic = (gfp & GFP_KERNEL) != GFP_KERNEL;
++ is_atomic = !gfpflags_allow_blocking(gfp);
+ do_warn = !(gfp & __GFP_NOWARN);
+
+ /*
+@@ -2231,7 +2231,12 @@ static void pcpu_balance_workfn(struct w
+ * to grow other chunks. This then gives pcpu_reclaim_populated() time
+ * to move fully free chunks to the active list to be freed if
+ * appropriate.
++ *
++ * Enforce GFP_NOIO allocations because we have pcpu_alloc users
++ * constrained to GFP_NOIO/NOFS contexts and they could form lock
++ * dependency through pcpu_alloc_mutex
+ */
++ unsigned int flags = memalloc_noio_save();
+ mutex_lock(&pcpu_alloc_mutex);
+ spin_lock_irq(&pcpu_lock);
+
+@@ -2242,6 +2247,7 @@ static void pcpu_balance_workfn(struct w
+
+ spin_unlock_irq(&pcpu_lock);
+ mutex_unlock(&pcpu_alloc_mutex);
++ memalloc_noio_restore(flags);
+ }
+
+ /**
--- /dev/null
+From stable+bounces-195417-greg=kroah.com@vger.kernel.org Thu Nov 20 20:57:08 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Nov 2025 14:56:56 -0500
+Subject: net: netpoll: fix incorrect refcount handling causing incorrect cleanup
+To: stable@vger.kernel.org
+Cc: Breno Leitao <leitao@debian.org>, Jay Vosburgh <jv@jvosburgh.net>, Simon Horman <horms@kernel.org>, Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251120195656.2297634-4-sashal@kernel.org>
+
+From: Breno Leitao <leitao@debian.org>
+
+[ Upstream commit 49c8d2c1f94cc2f4d1a108530d7ba52614b874c2 ]
+
+commit efa95b01da18 ("netpoll: fix use after free") incorrectly
+ignored the refcount and prematurely set dev->npinfo to NULL during
+netpoll cleanup, leading to improper behavior and memory leaks.
+
+Scenario causing lack of proper cleanup:
+
+1) A netpoll is associated with a NIC (e.g., eth0) and netdev->npinfo is
+ allocated, and refcnt = 1
+ - Keep in mind that npinfo is shared among all netpoll instances. In
+ this case, there is just one.
+
+2) Another netpoll is also associated with the same NIC and
+ npinfo->refcnt += 1.
+ - Now dev->npinfo->refcnt = 2;
+ - There is just one npinfo associated to the netdev.
+
+3) When the first netpolls goes to clean up:
+ - The first cleanup succeeds and clears np->dev->npinfo, ignoring
+ refcnt.
+ - It basically calls `RCU_INIT_POINTER(np->dev->npinfo, NULL);`
+ - Set dev->npinfo = NULL, without proper cleanup
+ - No ->ndo_netpoll_cleanup() is either called
+
+4) Now the second target tries to clean up
+ - The second cleanup fails because np->dev->npinfo is already NULL.
+ * In this case, ops->ndo_netpoll_cleanup() was never called, and
+ the skb pool is not cleaned as well (for the second netpoll
+ instance)
+ - This leaks npinfo and skbpool skbs, which is clearly reported by
+ kmemleak.
+
+Revert commit efa95b01da18 ("netpoll: fix use after free") and adds
+clarifying comments emphasizing that npinfo cleanup should only happen
+once the refcount reaches zero, ensuring stable and correct netpoll
+behavior.
+
+Cc: <stable@vger.kernel.org> # 3.17.x
+Cc: Jay Vosburgh <jv@jvosburgh.net>
+Fixes: efa95b01da18 ("netpoll: fix use after free")
+Signed-off-by: Breno Leitao <leitao@debian.org>
+Reviewed-by: Simon Horman <horms@kernel.org>
+Link: https://patch.msgid.link/20251107-netconsole_torture-v10-1-749227b55f63@debian.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/netpoll.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+--- a/net/core/netpoll.c
++++ b/net/core/netpoll.c
+@@ -843,6 +843,10 @@ void __netpoll_cleanup(struct netpoll *n
+ if (!npinfo)
+ return;
+
++ /* At this point, there is a single npinfo instance per netdevice, and
++ * its refcnt tracks how many netpoll structures are linked to it. We
++ * only perform npinfo cleanup when the refcnt decrements to zero.
++ */
+ if (refcount_dec_and_test(&npinfo->refcnt)) {
+ const struct net_device_ops *ops;
+
+@@ -852,8 +856,7 @@ void __netpoll_cleanup(struct netpoll *n
+
+ RCU_INIT_POINTER(np->dev->npinfo, NULL);
+ call_rcu(&npinfo->rcu, rcu_cleanup_netpoll_info);
+- } else
+- RCU_INIT_POINTER(np->dev->npinfo, NULL);
++ }
+
+ skb_pool_flush(np);
+ }
--- /dev/null
+From stable+bounces-195416-greg=kroah.com@vger.kernel.org Thu Nov 20 20:57:07 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Nov 2025 14:56:55 -0500
+Subject: net: netpoll: flush skb pool during cleanup
+To: stable@vger.kernel.org
+Cc: Breno Leitao <leitao@debian.org>, Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251120195656.2297634-3-sashal@kernel.org>
+
+From: Breno Leitao <leitao@debian.org>
+
+[ Upstream commit 6c59f16f1770481a6ee684720ec55b1e38b3a4b2 ]
+
+The netpoll subsystem maintains a pool of 32 pre-allocated SKBs per
+instance, but these SKBs are not freed when the netpoll user is brought
+down. This leads to memory waste as these buffers remain allocated but
+unused.
+
+Add skb_pool_flush() to properly clean up these SKBs when netconsole is
+terminated, improving memory efficiency.
+
+Signed-off-by: Breno Leitao <leitao@debian.org>
+Link: https://patch.msgid.link/20241114-skb_buffers_v2-v3-2-9be9f52a8b69@debian.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Stable-dep-of: 49c8d2c1f94c ("net: netpoll: fix incorrect refcount handling causing incorrect cleanup")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/netpoll.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+--- a/net/core/netpoll.c
++++ b/net/core/netpoll.c
+@@ -538,6 +538,14 @@ static int netpoll_parse_ip_addr(const c
+ return -1;
+ }
+
++static void skb_pool_flush(struct netpoll *np)
++{
++ struct sk_buff_head *skb_pool;
++
++ skb_pool = &np->skb_pool;
++ skb_queue_purge_reason(skb_pool, SKB_CONSUMED);
++}
++
+ int netpoll_parse_options(struct netpoll *np, char *opt)
+ {
+ char *cur=opt, *delim;
+@@ -786,7 +794,7 @@ put_noaddr:
+
+ err = __netpoll_setup(np, ndev);
+ if (err)
+- goto put;
++ goto flush;
+ rtnl_unlock();
+
+ /* Make sure all NAPI polls which started before dev->npinfo
+@@ -797,6 +805,8 @@ put_noaddr:
+
+ return 0;
+
++flush:
++ skb_pool_flush(np);
+ put:
+ DEBUG_NET_WARN_ON_ONCE(np->dev);
+ if (ip_overwritten)
+@@ -844,6 +854,8 @@ void __netpoll_cleanup(struct netpoll *n
+ call_rcu(&npinfo->rcu, rcu_cleanup_netpoll_info);
+ } else
+ RCU_INIT_POINTER(np->dev->npinfo, NULL);
++
++ skb_pool_flush(np);
+ }
+ EXPORT_SYMBOL_GPL(__netpoll_cleanup);
+
--- /dev/null
+From stable+bounces-195415-greg=kroah.com@vger.kernel.org Thu Nov 20 20:57:07 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Nov 2025 14:56:54 -0500
+Subject: net: netpoll: Individualize the skb pool
+To: stable@vger.kernel.org
+Cc: Breno Leitao <leitao@debian.org>, Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251120195656.2297634-2-sashal@kernel.org>
+
+From: Breno Leitao <leitao@debian.org>
+
+[ Upstream commit 221a9c1df790fa711d65daf5ba05d0addc279153 ]
+
+The current implementation of the netpoll system uses a global skb
+pool, which can lead to inefficient memory usage and
+waste when targets are disabled or no longer in use.
+
+This can result in a significant amount of memory being unnecessarily
+allocated and retained, potentially causing performance issues and
+limiting the availability of resources for other system components.
+
+Modify the netpoll system to assign a skb pool to each target instead of
+using a global one.
+
+This approach allows for more fine-grained control over memory
+allocation and deallocation, ensuring that resources are only allocated
+and retained as needed.
+
+Signed-off-by: Breno Leitao <leitao@debian.org>
+Link: https://patch.msgid.link/20241114-skb_buffers_v2-v3-1-9be9f52a8b69@debian.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Stable-dep-of: 49c8d2c1f94c ("net: netpoll: fix incorrect refcount handling causing incorrect cleanup")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/netpoll.h | 1 +
+ net/core/netpoll.c | 31 +++++++++++++------------------
+ 2 files changed, 14 insertions(+), 18 deletions(-)
+
+--- a/include/linux/netpoll.h
++++ b/include/linux/netpoll.h
+@@ -32,6 +32,7 @@ struct netpoll {
+ bool ipv6;
+ u16 local_port, remote_port;
+ u8 remote_mac[ETH_ALEN];
++ struct sk_buff_head skb_pool;
+ };
+
+ struct netpoll_info {
+--- a/net/core/netpoll.c
++++ b/net/core/netpoll.c
+@@ -45,9 +45,6 @@
+
+ #define MAX_UDP_CHUNK 1460
+ #define MAX_SKBS 32
+-
+-static struct sk_buff_head skb_pool;
+-
+ #define USEC_PER_POLL 50
+
+ #define MAX_SKB_SIZE \
+@@ -236,20 +233,23 @@ void netpoll_poll_enable(struct net_devi
+ }
+ EXPORT_SYMBOL(netpoll_poll_enable);
+
+-static void refill_skbs(void)
++static void refill_skbs(struct netpoll *np)
+ {
++ struct sk_buff_head *skb_pool;
+ struct sk_buff *skb;
+ unsigned long flags;
+
+- spin_lock_irqsave(&skb_pool.lock, flags);
+- while (skb_pool.qlen < MAX_SKBS) {
++ skb_pool = &np->skb_pool;
++
++ spin_lock_irqsave(&skb_pool->lock, flags);
++ while (skb_pool->qlen < MAX_SKBS) {
+ skb = alloc_skb(MAX_SKB_SIZE, GFP_ATOMIC);
+ if (!skb)
+ break;
+
+- __skb_queue_tail(&skb_pool, skb);
++ __skb_queue_tail(skb_pool, skb);
+ }
+- spin_unlock_irqrestore(&skb_pool.lock, flags);
++ spin_unlock_irqrestore(&skb_pool->lock, flags);
+ }
+
+ static void zap_completion_queue(void)
+@@ -286,12 +286,12 @@ static struct sk_buff *find_skb(struct n
+ struct sk_buff *skb;
+
+ zap_completion_queue();
+- refill_skbs();
++ refill_skbs(np);
+ repeat:
+
+ skb = alloc_skb(len, GFP_ATOMIC);
+ if (!skb)
+- skb = skb_dequeue(&skb_pool);
++ skb = skb_dequeue(&np->skb_pool);
+
+ if (!skb) {
+ if (++count < 10) {
+@@ -680,6 +680,8 @@ int netpoll_setup(struct netpoll *np)
+ struct in_device *in_dev;
+ int err;
+
++ skb_queue_head_init(&np->skb_pool);
++
+ rtnl_lock();
+ if (np->dev_name[0]) {
+ struct net *net = current->nsproxy->net_ns;
+@@ -780,7 +782,7 @@ put_noaddr:
+ }
+
+ /* fill up the skb queue */
+- refill_skbs();
++ refill_skbs(np);
+
+ err = __netpoll_setup(np, ndev);
+ if (err)
+@@ -806,13 +808,6 @@ unlock:
+ }
+ EXPORT_SYMBOL(netpoll_setup);
+
+-static int __init netpoll_init(void)
+-{
+- skb_queue_head_init(&skb_pool);
+- return 0;
+-}
+-core_initcall(netpoll_init);
+-
+ static void rcu_cleanup_netpoll_info(struct rcu_head *rcu_head)
+ {
+ struct netpoll_info *npinfo =
--- /dev/null
+From stable+bounces-195466-greg=kroah.com@vger.kernel.org Fri Nov 21 07:01:00 2025
+From: Rajani Kantha <681739313@139.com>
+Date: Fri, 21 Nov 2025 14:00:37 +0800
+Subject: net: stmmac: Fix accessing freed irq affinity_hint
+To: dqfext@gmail.com, jacob.e.keller@intel.com, kuba@kernel.org
+Cc: stable@vger.kernel.org
+Message-ID: <20251121060037.3210-1-681739313@139.com>
+
+From: Qingfang Deng <dqfext@gmail.com>
+
+[ Upstream commit c60d101a226f18e9a8f01bb4c6ca2b47dfcb15ef ]
+
+The cpumask should not be a local variable, since its pointer is saved
+to irq_desc and may be accessed from procfs.
+To fix it, use the persistent mask cpumask_of(cpu#).
+
+Cc: stable@vger.kernel.org
+Fixes: 8deec94c6040 ("net: stmmac: set IRQ affinity hint for multi MSI vectors")
+Signed-off-by: Qingfang Deng <dqfext@gmail.com>
+Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
+Link: https://patch.msgid.link/20250318032424.112067-1-dqfext@gmail.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Rajani Kantha <681739313@139.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 11 ++++-------
+ 1 file changed, 4 insertions(+), 7 deletions(-)
+
+--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+@@ -3516,7 +3516,6 @@ static int stmmac_request_irq_multi_msi(
+ {
+ struct stmmac_priv *priv = netdev_priv(dev);
+ enum request_irq_err irq_err;
+- cpumask_t cpu_mask;
+ int irq_idx = 0;
+ char *int_name;
+ int ret;
+@@ -3628,9 +3627,8 @@ static int stmmac_request_irq_multi_msi(
+ irq_idx = i;
+ goto irq_error;
+ }
+- cpumask_clear(&cpu_mask);
+- cpumask_set_cpu(i % num_online_cpus(), &cpu_mask);
+- irq_set_affinity_hint(priv->rx_irq[i], &cpu_mask);
++ irq_set_affinity_hint(priv->rx_irq[i],
++ cpumask_of(i % num_online_cpus()));
+ }
+
+ /* Request Tx MSI irq */
+@@ -3653,9 +3651,8 @@ static int stmmac_request_irq_multi_msi(
+ irq_idx = i;
+ goto irq_error;
+ }
+- cpumask_clear(&cpu_mask);
+- cpumask_set_cpu(i % num_online_cpus(), &cpu_mask);
+- irq_set_affinity_hint(priv->tx_irq[i], &cpu_mask);
++ irq_set_affinity_hint(priv->tx_irq[i],
++ cpumask_of(i % num_online_cpus()));
+ }
+
+ return 0;
--- /dev/null
+From stable+bounces-195414-greg=kroah.com@vger.kernel.org Thu Nov 20 20:57:06 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Nov 2025 14:56:53 -0500
+Subject: netpoll: remove netpoll_srcu
+To: stable@vger.kernel.org
+Cc: Eric Dumazet <edumazet@google.com>, Breno Leitao <leitao@debian.org>, Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251120195656.2297634-1-sashal@kernel.org>
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit 9a95eedc81deb86af1ac56f2c2bfe8306b27b82a ]
+
+netpoll_srcu is currently used from netpoll_poll_disable() and
+__netpoll_cleanup()
+
+Both functions run under RTNL, using netpoll_srcu adds confusion
+and no additional protection.
+
+Moreover the synchronize_srcu() call in __netpoll_cleanup() is
+performed before clearing np->dev->npinfo, which violates RCU rules.
+
+After this patch, netpoll_poll_disable() and netpoll_poll_enable()
+simply use rtnl_dereference().
+
+This saves a big chunk of memory (more than 192KB on platforms
+with 512 cpus)
+
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reviewed-by: Breno Leitao <leitao@debian.org>
+Link: https://patch.msgid.link/20240905084909.2082486-1-edumazet@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Stable-dep-of: 49c8d2c1f94c ("net: netpoll: fix incorrect refcount handling causing incorrect cleanup")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/core/netpoll.c | 15 ++++-----------
+ 1 file changed, 4 insertions(+), 11 deletions(-)
+
+--- a/net/core/netpoll.c
++++ b/net/core/netpoll.c
+@@ -48,8 +48,6 @@
+
+ static struct sk_buff_head skb_pool;
+
+-DEFINE_STATIC_SRCU(netpoll_srcu);
+-
+ #define USEC_PER_POLL 50
+
+ #define MAX_SKB_SIZE \
+@@ -220,24 +218,21 @@ EXPORT_SYMBOL(netpoll_poll_dev);
+ void netpoll_poll_disable(struct net_device *dev)
+ {
+ struct netpoll_info *ni;
+- int idx;
++
+ might_sleep();
+- idx = srcu_read_lock(&netpoll_srcu);
+- ni = srcu_dereference(dev->npinfo, &netpoll_srcu);
++ ni = rtnl_dereference(dev->npinfo);
+ if (ni)
+ down(&ni->dev_lock);
+- srcu_read_unlock(&netpoll_srcu, idx);
+ }
+ EXPORT_SYMBOL(netpoll_poll_disable);
+
+ void netpoll_poll_enable(struct net_device *dev)
+ {
+ struct netpoll_info *ni;
+- rcu_read_lock();
+- ni = rcu_dereference(dev->npinfo);
++
++ ni = rtnl_dereference(dev->npinfo);
+ if (ni)
+ up(&ni->dev_lock);
+- rcu_read_unlock();
+ }
+ EXPORT_SYMBOL(netpoll_poll_enable);
+
+@@ -843,8 +838,6 @@ void __netpoll_cleanup(struct netpoll *n
+ if (!npinfo)
+ return;
+
+- synchronize_srcu(&netpoll_srcu);
+-
+ if (refcount_dec_and_test(&npinfo->refcnt)) {
+ const struct net_device_ops *ops;
+
--- /dev/null
+From stable+bounces-192344-greg=kroah.com@vger.kernel.org Tue Nov 4 10:33:06 2025
+From: "jingxian.li" <jingxian.li@shopee.com>
+Date: Tue, 4 Nov 2025 17:27:42 +0800
+Subject: Revert "perf dso: Add missed dso__put to dso__load_kcore"
+To: stable@vger.kernel.org, peterz@infradead.org, mingo@redhat.com, acme@kernel.org, mark.rutland@arm.com, alexander.shishkin@linux.intel.com, jolsa@kernel.org, namhyung@kernel.org, adrian.hunter@intel.com, sashal@kernel.org, linux-perf-users@vger.kernel.org, linux-kernel@vger.kernel.org
+Cc: "jingxian.li" <jingxian.li@shopee.com>
+Message-ID: <20251104092740.108928-3-jingxian.li@shopee.com>
+
+From: "jingxian.li" <jingxian.li@shopee.com>
+
+This reverts commit e5de9ea7796e79f3cd082624f788cc3442bff2a8.
+
+The patch introduced `map__zput(new_node->map)` in the kcore load
+path, causing a segmentation fault when running `perf c2c report`.
+
+The issue arises because `maps__merge_in` directly modifies and
+inserts the caller's `new_map`, causing it to be freed prematurely
+while still referenced by kmaps.
+
+Later branchs (6.12, 6.15, 6.16) are not affected because they use
+a different merge approach with a lazily sorted array, which avoids
+modifying the original `new_map`.
+
+Fixes: e5de9ea7796e ("perf dso: Add missed dso__put to dso__load_kcore")
+
+Signed-off-by: jingxian.li <jingxian.li@shopee.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/perf/util/symbol.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/tools/perf/util/symbol.c
++++ b/tools/perf/util/symbol.c
+@@ -1366,7 +1366,6 @@ static int dso__load_kcore(struct dso *d
+ goto out_err;
+ }
+ }
+- map__zput(new_node->map);
+ free(new_node);
+ }
+
--- /dev/null
+From stable+bounces-192877-greg=kroah.com@vger.kernel.org Mon Nov 10 01:48:04 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 19:47:48 -0500
+Subject: scsi: ufs: core: Add a quirk for handling broken LSDBS field in controller capabilities register
+To: stable@vger.kernel.org
+Cc: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>, Amit Pundir <amit.pundir@linaro.org>, Bart Van Assche <bvanassche@acm.org>, "Martin K. Petersen" <martin.petersen@oracle.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251110004750.555028-6-sashal@kernel.org>
+
+From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
+
+[ Upstream commit cd06b713a6880997ca5aecac8e33d5f9c541749e ]
+
+'Legacy Queue & Single Doorbell Support (LSDBS)' field in the controller
+capabilities register is supposed to report whether the legacy single
+doorbell mode is supported in the controller or not. But some controllers
+report '1' in this field which corresponds to 'LSDB not supported', but
+they indeed support LSDB. So let's add a quirk to handle those controllers.
+
+If the quirk is enabled by the controller driver, then LSDBS register field
+will be ignored and legacy single doorbell mode is assumed to be enabled
+always.
+
+Tested-by: Amit Pundir <amit.pundir@linaro.org>
+Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
+Link: https://lore.kernel.org/r/20240816-ufs-bug-fix-v3-1-e6fe0e18e2a3@linaro.org
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Stable-dep-of: d968e99488c4 ("scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/core/ufshcd.c | 6 +++++-
+ include/ufs/ufshcd.h | 8 ++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+--- a/drivers/ufs/core/ufshcd.c
++++ b/drivers/ufs/core/ufshcd.c
+@@ -2368,7 +2368,11 @@ static inline int ufshcd_hba_capabilitie
+ * 0h: legacy single doorbell support is available
+ * 1h: indicate that legacy single doorbell support has been removed
+ */
+- hba->lsdb_sup = !FIELD_GET(MASK_LSDB_SUPPORT, hba->capabilities);
++ if (!(hba->quirks & UFSHCD_QUIRK_BROKEN_LSDBS_CAP))
++ hba->lsdb_sup = !FIELD_GET(MASK_LSDB_SUPPORT, hba->capabilities);
++ else
++ hba->lsdb_sup = true;
++
+ if (!hba->mcq_sup)
+ return 0;
+
+--- a/include/ufs/ufshcd.h
++++ b/include/ufs/ufshcd.h
+@@ -670,6 +670,14 @@ enum ufshcd_quirks {
+ * the standard best practice for managing keys).
+ */
+ UFSHCD_QUIRK_KEYS_IN_PRDT = 1 << 24,
++
++ /*
++ * This quirk indicates that the controller reports the value 1 (not
++ * supported) in the Legacy Single DoorBell Support (LSDBS) bit of the
++ * Controller Capabilities register although it supports the legacy
++ * single doorbell mode.
++ */
++ UFSHCD_QUIRK_BROKEN_LSDBS_CAP = 1 << 25,
+ };
+
+ enum ufshcd_caps {
--- /dev/null
+From stable+bounces-192878-greg=kroah.com@vger.kernel.org Mon Nov 10 01:48:08 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 19:47:49 -0500
+Subject: scsi: ufs: core: Add a quirk to suppress link_startup_again
+To: stable@vger.kernel.org
+Cc: Adrian Hunter <adrian.hunter@intel.com>, Bart Van Assche <bvanassche@acm.org>, "Martin K. Petersen" <martin.petersen@oracle.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251110004750.555028-7-sashal@kernel.org>
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+[ Upstream commit d34caa89a132cd69efc48361d4772251546fdb88 ]
+
+ufshcd_link_startup() has a facility (link_startup_again) to issue
+DME_LINKSTARTUP a 2nd time even though the 1st time was successful.
+
+Some older hardware benefits from that, however the behaviour is
+non-standard, and has been found to cause link startup to be unreliable
+for some Intel Alder Lake based host controllers.
+
+Add UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE to suppress
+link_startup_again, in preparation for setting the quirk for affected
+controllers.
+
+Fixes: 7dc9fb47bc9a ("scsi: ufs: ufs-pci: Add support for Intel ADL")
+Cc: stable@vger.kernel.org
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Link: https://patch.msgid.link/20251024085918.31825-3-adrian.hunter@intel.com
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Stable-dep-of: d968e99488c4 ("scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/core/ufshcd.c | 3 ++-
+ include/ufs/ufshcd.h | 7 +++++++
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+--- a/drivers/ufs/core/ufshcd.c
++++ b/drivers/ufs/core/ufshcd.c
+@@ -4980,7 +4980,8 @@ static int ufshcd_link_startup(struct uf
+ * If UFS device isn't active then we will have to issue link startup
+ * 2 times to make sure the device state move to active.
+ */
+- if (!ufshcd_is_ufs_dev_active(hba))
++ if (!(hba->quirks & UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE) &&
++ !ufshcd_is_ufs_dev_active(hba))
+ link_startup_again = true;
+
+ link_startup:
+--- a/include/ufs/ufshcd.h
++++ b/include/ufs/ufshcd.h
+@@ -678,6 +678,13 @@ enum ufshcd_quirks {
+ * single doorbell mode.
+ */
+ UFSHCD_QUIRK_BROKEN_LSDBS_CAP = 1 << 25,
++
++ /*
++ * This quirk indicates that DME_LINKSTARTUP should not be issued a 2nd
++ * time (refer link_startup_again) after the 1st time was successful,
++ * because it causes link startup to become unreliable.
++ */
++ UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE = 1 << 26,
+ };
+
+ enum ufshcd_caps {
--- /dev/null
+From stable+bounces-192875-greg=kroah.com@vger.kernel.org Mon Nov 10 01:48:02 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 19:47:46 -0500
+Subject: scsi: ufs: core: Add fill_crypto_prdt variant op
+To: stable@vger.kernel.org
+Cc: Eric Biggers <ebiggers@google.com>, Bart Van Assche <bvanassche@acm.org>, Peter Griffin <peter.griffin@linaro.org>, Alim Akhtar <alim.akhtar@samsung.com>, "Martin K. Petersen" <martin.petersen@oracle.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251110004750.555028-4-sashal@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit 8ecea3da1567e0648b5d37a6faec73fc9c8571ba ]
+
+Add a variant op to allow host drivers to initialize nonstandard
+crypto-related fields in the PRDT. This is needed to support inline
+encryption on the "Exynos" UFS controller.
+
+Note that this will be used together with the support for overriding the
+PRDT entry size that was already added by commit ada1e653a5ea ("scsi: ufs:
+core: Allow UFS host drivers to override the sg entry size").
+
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Reviewed-by: Peter Griffin <peter.griffin@linaro.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20240708235330.103590-5-ebiggers@kernel.org
+Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Stable-dep-of: d968e99488c4 ("scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/core/ufshcd-crypto.h | 19 +++++++++++++++++++
+ drivers/ufs/core/ufshcd.c | 2 +-
+ include/ufs/ufshcd.h | 4 ++++
+ 3 files changed, 24 insertions(+), 1 deletion(-)
+
+--- a/drivers/ufs/core/ufshcd-crypto.h
++++ b/drivers/ufs/core/ufshcd-crypto.h
+@@ -37,6 +37,19 @@ ufshcd_prepare_req_desc_hdr_crypto(struc
+ h->dunu = cpu_to_le32(upper_32_bits(lrbp->data_unit_num));
+ }
+
++static inline int ufshcd_crypto_fill_prdt(struct ufs_hba *hba,
++ struct ufshcd_lrb *lrbp)
++{
++ struct scsi_cmnd *cmd = lrbp->cmd;
++ const struct bio_crypt_ctx *crypt_ctx = scsi_cmd_to_rq(cmd)->crypt_ctx;
++
++ if (crypt_ctx && hba->vops && hba->vops->fill_crypto_prdt)
++ return hba->vops->fill_crypto_prdt(hba, crypt_ctx,
++ lrbp->ucd_prdt_ptr,
++ scsi_sg_count(cmd));
++ return 0;
++}
++
+ bool ufshcd_crypto_enable(struct ufs_hba *hba);
+
+ int ufshcd_hba_init_crypto_capabilities(struct ufs_hba *hba);
+@@ -54,6 +67,12 @@ static inline void
+ ufshcd_prepare_req_desc_hdr_crypto(struct ufshcd_lrb *lrbp,
+ struct request_desc_header *h) { }
+
++static inline int ufshcd_crypto_fill_prdt(struct ufs_hba *hba,
++ struct ufshcd_lrb *lrbp)
++{
++ return 0;
++}
++
+ static inline bool ufshcd_crypto_enable(struct ufs_hba *hba)
+ {
+ return false;
+--- a/drivers/ufs/core/ufshcd.c
++++ b/drivers/ufs/core/ufshcd.c
+@@ -2589,7 +2589,7 @@ static int ufshcd_map_sg(struct ufs_hba
+
+ ufshcd_sgl_to_prdt(hba, lrbp, sg_segments, scsi_sglist(cmd));
+
+- return 0;
++ return ufshcd_crypto_fill_prdt(hba, lrbp);
+ }
+
+ /**
+--- a/include/ufs/ufshcd.h
++++ b/include/ufs/ufshcd.h
+@@ -323,6 +323,7 @@ struct ufs_pwr_mode_info {
+ * @device_reset: called to issue a reset pulse on the UFS device
+ * @config_scaling_param: called to configure clock scaling parameters
+ * @program_key: program or evict an inline encryption key
++ * @fill_crypto_prdt: initialize crypto-related fields in the PRDT
+ * @event_notify: called to notify important events
+ * @mcq_config_resource: called to configure MCQ platform resources
+ * @get_hba_mac: called to get vendor specific mac value, mandatory for mcq mode
+@@ -366,6 +367,9 @@ struct ufs_hba_variant_ops {
+ struct devfreq_simple_ondemand_data *data);
+ int (*program_key)(struct ufs_hba *hba,
+ const union ufs_crypto_cfg_entry *cfg, int slot);
++ int (*fill_crypto_prdt)(struct ufs_hba *hba,
++ const struct bio_crypt_ctx *crypt_ctx,
++ void *prdt, unsigned int num_segments);
+ void (*event_notify)(struct ufs_hba *hba,
+ enum ufs_event_type evt, void *data);
+ int (*mcq_config_resource)(struct ufs_hba *hba);
--- /dev/null
+From stable+bounces-192874-greg=kroah.com@vger.kernel.org Mon Nov 10 01:47:59 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 19:47:45 -0500
+Subject: scsi: ufs: core: Add UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE
+To: stable@vger.kernel.org
+Cc: Eric Biggers <ebiggers@google.com>, Bart Van Assche <bvanassche@acm.org>, Peter Griffin <peter.griffin@linaro.org>, Alim Akhtar <alim.akhtar@samsung.com>, "Martin K. Petersen" <martin.petersen@oracle.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251110004750.555028-3-sashal@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit e95881e0081a30e132b5ca087f1e07fc08608a7e ]
+
+Add UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE which tells the UFS core to not use
+the crypto enable bit defined by the UFS specification. This is needed to
+support inline encryption on the "Exynos" UFS controller.
+
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Reviewed-by: Peter Griffin <peter.griffin@linaro.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20240708235330.103590-4-ebiggers@kernel.org
+Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Stable-dep-of: d968e99488c4 ("scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/core/ufshcd-crypto.c | 8 ++++++++
+ include/ufs/ufshcd.h | 7 +++++++
+ 2 files changed, 15 insertions(+)
+
+--- a/drivers/ufs/core/ufshcd-crypto.c
++++ b/drivers/ufs/core/ufshcd-crypto.c
+@@ -110,6 +110,10 @@ static int ufshcd_crypto_keyslot_evict(s
+ return ufshcd_program_key(hba, &cfg, slot);
+ }
+
++/*
++ * Reprogram the keyslots if needed, and return true if CRYPTO_GENERAL_ENABLE
++ * should be used in the host controller initialization sequence.
++ */
+ bool ufshcd_crypto_enable(struct ufs_hba *hba)
+ {
+ if (!(hba->caps & UFSHCD_CAP_CRYPTO))
+@@ -117,6 +121,10 @@ bool ufshcd_crypto_enable(struct ufs_hba
+
+ /* Reset might clear all keys, so reprogram all the keys. */
+ blk_crypto_reprogram_all_keys(&hba->crypto_profile);
++
++ if (hba->quirks & UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE)
++ return false;
++
+ return true;
+ }
+
+--- a/include/ufs/ufshcd.h
++++ b/include/ufs/ufshcd.h
+@@ -651,6 +651,13 @@ enum ufshcd_quirks {
+ * ufs_hba_variant_ops::init() must do it instead.
+ */
+ UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE = 1 << 22,
++
++ /*
++ * This quirk needs to be enabled if the host controller supports inline
++ * encryption but does not support the CRYPTO_GENERAL_ENABLE bit, i.e.
++ * host controller initialization fails if that bit is set.
++ */
++ UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE = 1 << 23,
+ };
+
+ enum ufshcd_caps {
--- /dev/null
+From stable+bounces-192872-greg=kroah.com@vger.kernel.org Mon Nov 10 01:47:57 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 19:47:43 -0500
+Subject: scsi: ufs: core: Add UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE
+To: stable@vger.kernel.org
+Cc: Eric Biggers <ebiggers@google.com>, Bart Van Assche <bvanassche@acm.org>, Peter Griffin <peter.griffin@linaro.org>, Alim Akhtar <alim.akhtar@samsung.com>, "Martin K. Petersen" <martin.petersen@oracle.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251110004750.555028-1-sashal@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit c2a90eee29f41630225c9a64d26c425e1d50b401 ]
+
+Add UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE which lets UFS host drivers
+initialize the blk_crypto_profile themselves rather than have it be
+initialized by ufshcd-core according to the UFSHCI standard. This is
+needed to support inline encryption on the "Exynos" UFS controller which
+has a nonstandard interface.
+
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Reviewed-by: Peter Griffin <peter.griffin@linaro.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20240708235330.103590-2-ebiggers@kernel.org
+Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Stable-dep-of: d968e99488c4 ("scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/core/ufshcd-crypto.c | 10 +++++++---
+ include/ufs/ufshcd.h | 9 +++++++++
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+--- a/drivers/ufs/core/ufshcd-crypto.c
++++ b/drivers/ufs/core/ufshcd-crypto.c
+@@ -159,6 +159,9 @@ int ufshcd_hba_init_crypto_capabilities(
+ int err = 0;
+ enum blk_crypto_mode_num blk_mode_num;
+
++ if (hba->quirks & UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE)
++ return 0;
++
+ /*
+ * Don't use crypto if either the hardware doesn't advertise the
+ * standard crypto capability bit *or* if the vendor specific driver
+@@ -228,9 +231,10 @@ void ufshcd_init_crypto(struct ufs_hba *
+ if (!(hba->caps & UFSHCD_CAP_CRYPTO))
+ return;
+
+- /* Clear all keyslots - the number of keyslots is (CFGC + 1) */
+- for (slot = 0; slot < hba->crypto_capabilities.config_count + 1; slot++)
+- ufshcd_clear_keyslot(hba, slot);
++ /* Clear all keyslots. */
++ for (slot = 0; slot < hba->crypto_profile.num_slots; slot++)
++ hba->crypto_profile.ll_ops.keyslot_evict(&hba->crypto_profile,
++ NULL, slot);
+ }
+
+ void ufshcd_crypto_register(struct ufs_hba *hba, struct request_queue *q)
+--- a/include/ufs/ufshcd.h
++++ b/include/ufs/ufshcd.h
+@@ -642,6 +642,15 @@ enum ufshcd_quirks {
+ * thus need this quirk to skip related flow.
+ */
+ UFSHCD_QUIRK_MCQ_BROKEN_RTC = 1 << 21,
++
++ /*
++ * This quirk needs to be enabled if the host controller supports inline
++ * encryption but it needs to initialize the crypto capabilities in a
++ * nonstandard way and/or needs to override blk_crypto_ll_ops. If
++ * enabled, the standard code won't initialize the blk_crypto_profile;
++ * ufs_hba_variant_ops::init() must do it instead.
++ */
++ UFSHCD_QUIRK_CUSTOM_CRYPTO_PROFILE = 1 << 22,
+ };
+
+ enum ufshcd_caps {
--- /dev/null
+From stable+bounces-192876-greg=kroah.com@vger.kernel.org Mon Nov 10 01:48:04 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 19:47:47 -0500
+Subject: scsi: ufs: core: Add UFSHCD_QUIRK_KEYS_IN_PRDT
+To: stable@vger.kernel.org
+Cc: Eric Biggers <ebiggers@google.com>, Bart Van Assche <bvanassche@acm.org>, Peter Griffin <peter.griffin@linaro.org>, Alim Akhtar <alim.akhtar@samsung.com>, "Martin K. Petersen" <martin.petersen@oracle.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251110004750.555028-5-sashal@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit 4c45dba50a3750a0834353c4187e7896b158bc0c ]
+
+Since the nonstandard inline encryption support on Exynos SoCs requires
+that raw cryptographic keys be copied into the PRDT, it is desirable to
+zeroize those keys after each request to keep them from being left in
+memory. Therefore, add a quirk bit that enables the zeroization.
+
+We could instead do the zeroization unconditionally. However, using a
+quirk bit avoids adding the zeroization overhead to standard devices.
+
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Reviewed-by: Peter Griffin <peter.griffin@linaro.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20240708235330.103590-6-ebiggers@kernel.org
+Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Stable-dep-of: d968e99488c4 ("scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/core/ufshcd-crypto.h | 17 +++++++++++++++++
+ drivers/ufs/core/ufshcd.c | 1 +
+ include/ufs/ufshcd.h | 8 ++++++++
+ 3 files changed, 26 insertions(+)
+
+--- a/drivers/ufs/core/ufshcd-crypto.h
++++ b/drivers/ufs/core/ufshcd-crypto.h
+@@ -50,6 +50,20 @@ static inline int ufshcd_crypto_fill_prd
+ return 0;
+ }
+
++static inline void ufshcd_crypto_clear_prdt(struct ufs_hba *hba,
++ struct ufshcd_lrb *lrbp)
++{
++ if (!(hba->quirks & UFSHCD_QUIRK_KEYS_IN_PRDT))
++ return;
++
++ if (!(scsi_cmd_to_rq(lrbp->cmd)->crypt_ctx))
++ return;
++
++ /* Zeroize the PRDT because it can contain cryptographic keys. */
++ memzero_explicit(lrbp->ucd_prdt_ptr,
++ ufshcd_sg_entry_size(hba) * scsi_sg_count(lrbp->cmd));
++}
++
+ bool ufshcd_crypto_enable(struct ufs_hba *hba);
+
+ int ufshcd_hba_init_crypto_capabilities(struct ufs_hba *hba);
+@@ -73,6 +87,9 @@ static inline int ufshcd_crypto_fill_prd
+ return 0;
+ }
+
++static inline void ufshcd_crypto_clear_prdt(struct ufs_hba *hba,
++ struct ufshcd_lrb *lrbp) { }
++
+ static inline bool ufshcd_crypto_enable(struct ufs_hba *hba)
+ {
+ return false;
+--- a/drivers/ufs/core/ufshcd.c
++++ b/drivers/ufs/core/ufshcd.c
+@@ -5512,6 +5512,7 @@ void ufshcd_release_scsi_cmd(struct ufs_
+ struct scsi_cmnd *cmd = lrbp->cmd;
+
+ scsi_dma_unmap(cmd);
++ ufshcd_crypto_clear_prdt(hba, lrbp);
+ ufshcd_release(hba);
+ ufshcd_clk_scaling_update_busy(hba);
+ }
+--- a/include/ufs/ufshcd.h
++++ b/include/ufs/ufshcd.h
+@@ -662,6 +662,14 @@ enum ufshcd_quirks {
+ * host controller initialization fails if that bit is set.
+ */
+ UFSHCD_QUIRK_BROKEN_CRYPTO_ENABLE = 1 << 23,
++
++ /*
++ * This quirk needs to be enabled if the host controller driver copies
++ * cryptographic keys into the PRDT in order to send them to hardware,
++ * and therefore the PRDT should be zeroized after each request (as per
++ * the standard best practice for managing keys).
++ */
++ UFSHCD_QUIRK_KEYS_IN_PRDT = 1 << 24,
+ };
+
+ enum ufshcd_caps {
--- /dev/null
+From stable+bounces-192873-greg=kroah.com@vger.kernel.org Mon Nov 10 01:48:00 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 19:47:44 -0500
+Subject: scsi: ufs: core: fold ufshcd_clear_keyslot() into its caller
+To: stable@vger.kernel.org
+Cc: Eric Biggers <ebiggers@google.com>, Bart Van Assche <bvanassche@acm.org>, Peter Griffin <peter.griffin@linaro.org>, Alim Akhtar <alim.akhtar@samsung.com>, "Martin K. Petersen" <martin.petersen@oracle.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251110004750.555028-2-sashal@kernel.org>
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit ec99818afb03b1ebeb0b6ed0d5fd42143be79586 ]
+
+Fold ufshcd_clear_keyslot() into its only remaining caller.
+
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Reviewed-by: Peter Griffin <peter.griffin@linaro.org>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20240708235330.103590-3-ebiggers@kernel.org
+Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Stable-dep-of: d968e99488c4 ("scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/core/ufshcd-crypto.c | 16 +++++-----------
+ 1 file changed, 5 insertions(+), 11 deletions(-)
+
+--- a/drivers/ufs/core/ufshcd-crypto.c
++++ b/drivers/ufs/core/ufshcd-crypto.c
+@@ -95,8 +95,12 @@ static int ufshcd_crypto_keyslot_program
+ return err;
+ }
+
+-static int ufshcd_clear_keyslot(struct ufs_hba *hba, int slot)
++static int ufshcd_crypto_keyslot_evict(struct blk_crypto_profile *profile,
++ const struct blk_crypto_key *key,
++ unsigned int slot)
+ {
++ struct ufs_hba *hba =
++ container_of(profile, struct ufs_hba, crypto_profile);
+ /*
+ * Clear the crypto cfg on the device. Clearing CFGE
+ * might not be sufficient, so just clear the entire cfg.
+@@ -106,16 +110,6 @@ static int ufshcd_clear_keyslot(struct u
+ return ufshcd_program_key(hba, &cfg, slot);
+ }
+
+-static int ufshcd_crypto_keyslot_evict(struct blk_crypto_profile *profile,
+- const struct blk_crypto_key *key,
+- unsigned int slot)
+-{
+- struct ufs_hba *hba =
+- container_of(profile, struct ufs_hba, crypto_profile);
+-
+- return ufshcd_clear_keyslot(hba, slot);
+-}
+-
+ bool ufshcd_crypto_enable(struct ufs_hba *hba)
+ {
+ if (!(hba->caps & UFSHCD_CAP_CRYPTO))
--- /dev/null
+From stable+bounces-192879-greg=kroah.com@vger.kernel.org Mon Nov 10 01:48:09 2025
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 9 Nov 2025 19:47:50 -0500
+Subject: scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL
+To: stable@vger.kernel.org
+Cc: Adrian Hunter <adrian.hunter@intel.com>, Bart Van Assche <bvanassche@acm.org>, "Martin K. Petersen" <martin.petersen@oracle.com>, Sasha Levin <sashal@kernel.org>
+Message-ID: <20251110004750.555028-8-sashal@kernel.org>
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+[ Upstream commit d968e99488c4b08259a324a89e4ed17bf36561a4 ]
+
+Link startup becomes unreliable for Intel Alder Lake based host
+controllers when a 2nd DME_LINKSTARTUP is issued unnecessarily. Employ
+UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE to suppress that from happening.
+
+Fixes: 7dc9fb47bc9a ("scsi: ufs: ufs-pci: Add support for Intel ADL")
+Cc: stable@vger.kernel.org
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Reviewed-by: Bart Van Assche <bvanassche@acm.org>
+Link: https://patch.msgid.link/20251024085918.31825-4-adrian.hunter@intel.com
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/ufs/host/ufshcd-pci.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/ufs/host/ufshcd-pci.c
++++ b/drivers/ufs/host/ufshcd-pci.c
+@@ -463,7 +463,8 @@ static int ufs_intel_lkf_init(struct ufs
+ static int ufs_intel_adl_init(struct ufs_hba *hba)
+ {
+ hba->nop_out_timeout = 200;
+- hba->quirks |= UFSHCD_QUIRK_BROKEN_AUTO_HIBERN8;
++ hba->quirks |= UFSHCD_QUIRK_BROKEN_AUTO_HIBERN8 |
++ UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE;
+ hba->caps |= UFSHCD_CAP_WB_EN;
+ return ufs_intel_common_init(hba);
+ }
selftests-mptcp-connect-fix-fallback-note-due-to-ooo.patch
selftests-mptcp-join-rm-set-backup-flag.patch
selftests-mptcp-connect-trunc-read-all-recv-data.patch
+revert-perf-dso-add-missed-dso__put-to-dso__load_kcore.patch
+drm-mediatek-disable-afbc-support-on-mediatek-drm-driver.patch
+btrfs-ensure-no-dirty-metadata-is-written-back-for-an-fs-with-errors.patch
+iommufd-don-t-overflow-during-division-for-dirty-tracking.patch
+mm-percpu-do-not-consider-sleepable-allocations-atomic.patch
+netpoll-remove-netpoll_srcu.patch
+net-netpoll-individualize-the-skb-pool.patch
+net-netpoll-flush-skb-pool-during-cleanup.patch
+net-netpoll-fix-incorrect-refcount-handling-causing-incorrect-cleanup.patch
+f2fs-fix-to-avoid-overflow-while-left-shift-operation.patch
+net-stmmac-fix-accessing-freed-irq-affinity_hint.patch
+scsi-ufs-core-add-ufshcd_quirk_custom_crypto_profile.patch
+scsi-ufs-core-fold-ufshcd_clear_keyslot-into-its-caller.patch
+scsi-ufs-core-add-ufshcd_quirk_broken_crypto_enable.patch
+scsi-ufs-core-add-fill_crypto_prdt-variant-op.patch
+scsi-ufs-core-add-ufshcd_quirk_keys_in_prdt.patch
+scsi-ufs-core-add-a-quirk-for-handling-broken-lsdbs-field-in-controller-capabilities-register.patch
+scsi-ufs-core-add-a-quirk-to-suppress-link_startup_again.patch
+scsi-ufs-ufs-pci-set-ufshcd_quirk_perform_link_startup_once-for-intel-adl.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
