--- /dev/null
+From 35ef1c79d2e09e9e5a66e28a66fe0df4368b0f3d Mon Sep 17 00:00:00 2001
+From: Dhruv Deshpande <dhrv.d@proton.me>
+Date: Mon, 17 Mar 2025 08:56:53 +0000
+Subject: ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
+
+From: Dhruv Deshpande <dhrv.d@proton.me>
+
+commit 35ef1c79d2e09e9e5a66e28a66fe0df4368b0f3d upstream.
+
+The mute LED on this HP laptop uses ALC236 and requires a quirk to function.
+This patch enables the existing quirk for the device.
+
+Tested on my laptop and the LED behaviour works as intended.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Dhruv Deshpande <dhrv.d@proton.me>
+Link: https://patch.msgid.link/20250317085621.45056-1-dhrv.d@proton.me
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -10023,6 +10023,7 @@ static const struct hda_quirk alc269_fix
+ SND_PCI_QUIRK(0x103c, 0x8811, "HP Spectre x360 15-eb1xxx", ALC285_FIXUP_HP_SPECTRE_X360_EB1),
+ SND_PCI_QUIRK(0x103c, 0x8812, "HP Spectre x360 15-eb1xxx", ALC285_FIXUP_HP_SPECTRE_X360_EB1),
+ SND_PCI_QUIRK(0x103c, 0x881d, "HP 250 G8 Notebook PC", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2),
++ SND_PCI_QUIRK(0x103c, 0x881e, "HP Laptop 15s-du3xxx", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2),
+ SND_PCI_QUIRK(0x103c, 0x8846, "HP EliteBook 850 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8847, "HP EliteBook x360 830 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x884b, "HP EliteBook 840 Aero G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED),
--- /dev/null
+From 932b32ffd7604fb00b5c57e239a3cc4d901ccf6e Mon Sep 17 00:00:00 2001
+From: Maxim Mikityanskiy <maxtram95@gmail.com>
+Date: Tue, 18 Mar 2025 18:15:16 +0200
+Subject: netfilter: socket: Lookup orig tuple for IPv6 SNAT
+
+From: Maxim Mikityanskiy <maxtram95@gmail.com>
+
+commit 932b32ffd7604fb00b5c57e239a3cc4d901ccf6e upstream.
+
+nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to
+restore the original 5-tuple in case of SNAT, to be able to find the
+right socket (if any). Then socket_match() can correctly check whether
+the socket was transparent.
+
+However, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this
+conntrack lookup, making xt_socket fail to match on the socket when the
+packet was SNATed. Add the same logic to nf_sk_lookup_slow_v6.
+
+IPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as
+pods' addresses are in the fd00::/8 ULA subnet and need to be replaced
+with the node's external address. Cilium leverages Envoy to enforce L7
+policies, and Envoy uses transparent sockets. Cilium inserts an iptables
+prerouting rule that matches on `-m socket --transparent` and redirects
+the packets to localhost, but it fails to match SNATed IPv6 packets due
+to that missing conntrack lookup.
+
+Closes: https://github.com/cilium/cilium/issues/37932
+Fixes: eb31628e37a0 ("netfilter: nf_tables: Add support for IPv6 NAT")
+Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
+Reviewed-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/netfilter/nf_socket_ipv6.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+--- a/net/ipv6/netfilter/nf_socket_ipv6.c
++++ b/net/ipv6/netfilter/nf_socket_ipv6.c
+@@ -103,6 +103,10 @@ struct sock *nf_sk_lookup_slow_v6(struct
+ struct sk_buff *data_skb = NULL;
+ int doff = 0;
+ int thoff = 0, tproto;
++#if IS_ENABLED(CONFIG_NF_CONNTRACK)
++ enum ip_conntrack_info ctinfo;
++ struct nf_conn const *ct;
++#endif
+
+ tproto = ipv6_find_hdr(skb, &thoff, -1, NULL, NULL);
+ if (tproto < 0) {
+@@ -136,6 +140,25 @@ struct sock *nf_sk_lookup_slow_v6(struct
+ return NULL;
+ }
+
++#if IS_ENABLED(CONFIG_NF_CONNTRACK)
++ /* Do the lookup with the original socket address in
++ * case this is a reply packet of an established
++ * SNAT-ted connection.
++ */
++ ct = nf_ct_get(skb, &ctinfo);
++ if (ct &&
++ ((tproto != IPPROTO_ICMPV6 &&
++ ctinfo == IP_CT_ESTABLISHED_REPLY) ||
++ (tproto == IPPROTO_ICMPV6 &&
++ ctinfo == IP_CT_RELATED_REPLY)) &&
++ (ct->status & IPS_SRC_NAT_DONE)) {
++ daddr = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.in6;
++ dport = (tproto == IPPROTO_TCP) ?
++ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.tcp.port :
++ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.udp.port;
++ }
++#endif
++
+ return nf_socket_get_sock_v6(net, data_skb, doff, tproto, saddr, daddr,
+ sport, dport, indev);
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
