--- /dev/null
+From 5c3483cc58b047af7e6fae4ce8bf2c9b25206ea1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 1 Nov 2023 22:03:28 +0000
+Subject: afs: Fix file locking on R/O volumes to operate in local mode
+
+From: David Howells <dhowells@redhat.com>
+
+[ Upstream commit b590eb41be766c5a63acc7e8896a042f7a4e8293 ]
+
+AFS doesn't really do locking on R/O volumes as fileservers don't maintain
+state with each other and thus a lock on a R/O volume file on one
+fileserver will not be be visible to someone looking at the same file on
+another fileserver.
+
+Further, the server may return an error if you try it.
+
+Fix this by doing what other AFS clients do and handle filelocking on R/O
+volume files entirely within the client and don't touch the server.
+
+Fixes: 6c6c1d63c243 ("afs: Provide mount-time configurable byte-range file locking emulation")
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
+cc: linux-afs@lists.infradead.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/afs/super.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/fs/afs/super.c b/fs/afs/super.c
+index eb04dcc543289..554119068ea44 100644
+--- a/fs/afs/super.c
++++ b/fs/afs/super.c
+@@ -391,6 +391,8 @@ static int afs_validate_fc(struct fs_context *fc)
+ return PTR_ERR(volume);
+
+ ctx->volume = volume;
++ if (volume->type != AFSVL_RWVOL)
++ ctx->flock_mode = afs_flock_mode_local;
+ }
+
+ return 0;
+--
+2.42.0
+
--- /dev/null
+From 3e0cd7f7352c32f49358baa91d8aaa6a6377b2f8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 8 Jun 2023 09:43:54 +0100
+Subject: afs: Make error on cell lookup failure consistent with OpenAFS
+
+From: David Howells <dhowells@redhat.com>
+
+[ Upstream commit 2a4ca1b4b77850544408595e2433f5d7811a9daa ]
+
+When kafs tries to look up a cell in the DNS or the local config, it will
+translate a lookup failure into EDESTADDRREQ whereas OpenAFS translates it
+into ENOENT. Applications such as West expect the latter behaviour and
+fail if they see the former.
+
+This can be seen by trying to mount an unknown cell:
+
+ # mount -t afs %example.com:cell.root /mnt
+ mount: /mnt: mount(2) system call failed: Destination address required.
+
+Fixes: 4d673da14533 ("afs: Support the AFS dynamic root")
+Reported-by: Markus Suvanto <markus.suvanto@gmail.com>
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
+cc: Marc Dionne <marc.dionne@auristor.com>
+cc: linux-afs@lists.infradead.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/afs/dynroot.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fs/afs/dynroot.c b/fs/afs/dynroot.c
+index f07e53ab808e3..45007d96a402d 100644
+--- a/fs/afs/dynroot.c
++++ b/fs/afs/dynroot.c
+@@ -38,8 +38,8 @@ static int afs_probe_cell_name(struct dentry *dentry)
+
+ ret = dns_query(net->net, "afsdb", name, len, "srv=1",
+ NULL, NULL, false);
+- if (ret == -ENODATA)
+- ret = -EDESTADDRREQ;
++ if (ret == -ENODATA || ret == -ENOKEY)
++ ret = -ENOENT;
+ return ret;
+ }
+
+--
+2.42.0
+
--- /dev/null
+From 763c1ba9a0863f3f257268c411a3a41bf01e1d04 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 26 Oct 2023 01:25:07 +0100
+Subject: afs: Return ENOENT if no cell DNS record can be found
+
+From: David Howells <dhowells@redhat.com>
+
+[ Upstream commit 0167236e7d66c5e1e85d902a6abc2529b7544539 ]
+
+Make AFS return error ENOENT if no cell SRV or AFSDB DNS record (or
+cellservdb config file record) can be found rather than returning
+EDESTADDRREQ.
+
+Also add cell name lookup info to the cursor dump.
+
+Fixes: d5c32c89b208 ("afs: Fix cell DNS lookup")
+Reported-by: Markus Suvanto <markus.suvanto@gmail.com>
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=216637
+Signed-off-by: David Howells <dhowells@redhat.com>
+Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
+cc: linux-afs@lists.infradead.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/afs/vl_rotate.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/fs/afs/vl_rotate.c b/fs/afs/vl_rotate.c
+index 9a5ce9687779c..370c27cae2e67 100644
+--- a/fs/afs/vl_rotate.c
++++ b/fs/afs/vl_rotate.c
+@@ -58,6 +58,12 @@ static bool afs_start_vl_iteration(struct afs_vl_cursor *vc)
+ }
+
+ /* Status load is ordered after lookup counter load */
++ if (cell->dns_status == DNS_LOOKUP_GOT_NOT_FOUND) {
++ pr_warn("No record of cell %s\n", cell->name);
++ vc->error = -ENOENT;
++ return false;
++ }
++
+ if (cell->dns_source == DNS_RECORD_UNAVAILABLE) {
+ vc->error = -EDESTADDRREQ;
+ return false;
+@@ -276,6 +282,7 @@ bool afs_select_vlserver(struct afs_vl_cursor *vc)
+ */
+ static void afs_vl_dump_edestaddrreq(const struct afs_vl_cursor *vc)
+ {
++ struct afs_cell *cell = vc->cell;
+ static int count;
+ int i;
+
+@@ -285,6 +292,9 @@ static void afs_vl_dump_edestaddrreq(const struct afs_vl_cursor *vc)
+
+ rcu_read_lock();
+ pr_notice("EDESTADDR occurred\n");
++ pr_notice("CELL: %s err=%d\n", cell->name, cell->error);
++ pr_notice("DNS: src=%u st=%u lc=%x\n",
++ cell->dns_source, cell->dns_status, cell->dns_lookup_count);
+ pr_notice("VC: ut=%lx ix=%u ni=%hu fl=%hx err=%hd\n",
+ vc->untried, vc->index, vc->nr_iterations, vc->flags, vc->error);
+
+--
+2.42.0
+
--- /dev/null
+From d031e32e33ea8197ee9e65598dd650673595e9d9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 22 Nov 2023 00:44:33 +0530
+Subject: amd-xgbe: handle corner-case during sfp hotplug
+
+From: Raju Rangoju <Raju.Rangoju@amd.com>
+
+[ Upstream commit 676ec53844cbdf2f47e68a076cdff7f0ec6cbe3f ]
+
+Force the mode change for SFI in Fixed PHY configurations. Fixed PHY
+configurations needs PLL to be enabled while doing mode set. When the
+SFP module isn't connected during boot, driver assumes AN is ON and
+attempts auto-negotiation. However, if the connected SFP comes up in
+Fixed PHY configuration the link will not come up as PLL isn't enabled
+while the initial mode set command is issued. So, force the mode change
+for SFI in Fixed PHY configuration to fix link issues.
+
+Fixes: e57f7a3feaef ("amd-xgbe: Prepare for working with more than one type of phy")
+Acked-by: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
+Signed-off-by: Raju Rangoju <Raju.Rangoju@amd.com>
+Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
+index d291976d8b761..0e552022e659a 100644
+--- a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
++++ b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c
+@@ -1178,7 +1178,19 @@ static int xgbe_phy_config_fixed(struct xgbe_prv_data *pdata)
+ if (pdata->phy.duplex != DUPLEX_FULL)
+ return -EINVAL;
+
+- xgbe_set_mode(pdata, mode);
++ /* Force the mode change for SFI in Fixed PHY config.
++ * Fixed PHY configs needs PLL to be enabled while doing mode set.
++ * When the SFP module isn't connected during boot, driver assumes
++ * AN is ON and attempts autonegotiation. However, if the connected
++ * SFP comes up in Fixed PHY config, the link will not come up as
++ * PLL isn't enabled while the initial mode set command is issued.
++ * So, force the mode change for SFI in Fixed PHY configuration to
++ * fix link issues.
++ */
++ if (mode == XGBE_MODE_SFI)
++ xgbe_change_mode(pdata, mode);
++ else
++ xgbe_set_mode(pdata, mode);
+
+ return 0;
+ }
+--
+2.42.0
+
--- /dev/null
+From 54590d525e0afe03d3c0e8bc14a75cc313c075c7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 22 Nov 2023 00:44:34 +0530
+Subject: amd-xgbe: handle the corner-case during tx completion
+
+From: Raju Rangoju <Raju.Rangoju@amd.com>
+
+[ Upstream commit 7121205d5330c6a3cb3379348886d47c77b78d06 ]
+
+The existing implementation uses software logic to accumulate tx
+completions until the specified time (1ms) is met and then poll them.
+However, there exists a tiny gap which leads to a race between
+resetting and checking the tx_activate flag. Due to this the tx
+completions are not reported to upper layer and tx queue timeout
+kicks-in restarting the device.
+
+To address this, introduce a tx cleanup mechanism as part of the
+periodic maintenance process.
+
+Fixes: c5aa9e3b8156 ("amd-xgbe: Initial AMD 10GbE platform driver")
+Acked-by: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
+Signed-off-by: Raju Rangoju <Raju.Rangoju@amd.com>
+Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
+index 7f705483c1c57..504fbd43be7da 100644
+--- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
++++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c
+@@ -682,10 +682,24 @@ static void xgbe_service(struct work_struct *work)
+ static void xgbe_service_timer(struct timer_list *t)
+ {
+ struct xgbe_prv_data *pdata = from_timer(pdata, t, service_timer);
++ struct xgbe_channel *channel;
++ unsigned int i;
+
+ queue_work(pdata->dev_workqueue, &pdata->service_work);
+
+ mod_timer(&pdata->service_timer, jiffies + HZ);
++
++ if (!pdata->tx_usecs)
++ return;
++
++ for (i = 0; i < pdata->channel_count; i++) {
++ channel = pdata->channel[i];
++ if (!channel->tx_ring || channel->tx_timer_active)
++ break;
++ channel->tx_timer_active = 1;
++ mod_timer(&channel->tx_timer,
++ jiffies + usecs_to_jiffies(pdata->tx_usecs));
++ }
+ }
+
+ static void xgbe_init_timers(struct xgbe_prv_data *pdata)
+--
+2.42.0
+
--- /dev/null
+From 0351cdc7a7d6ea41e67b550804677ea3749c9413 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 22 Nov 2023 00:44:35 +0530
+Subject: amd-xgbe: propagate the correct speed and duplex status
+
+From: Raju Rangoju <Raju.Rangoju@amd.com>
+
+[ Upstream commit 7a2323ac24a50311f64a3a9b54ed5bef5821ecae ]
+
+xgbe_get_link_ksettings() does not propagate correct speed and duplex
+information to ethtool during cable unplug. Due to which ethtool reports
+incorrect values for speed and duplex.
+
+Address this by propagating correct information.
+
+Fixes: 7c12aa08779c ("amd-xgbe: Move the PHY support into amd-xgbe")
+Acked-by: Shyam Sundar S K <Shyam-sundar.S-k@amd.com>
+Signed-off-by: Raju Rangoju <Raju.Rangoju@amd.com>
+Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c b/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c
+index a880f10e3e703..d74f45ce06864 100644
+--- a/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c
++++ b/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c
+@@ -314,10 +314,15 @@ static int xgbe_get_link_ksettings(struct net_device *netdev,
+
+ cmd->base.phy_address = pdata->phy.address;
+
+- cmd->base.autoneg = pdata->phy.autoneg;
+- cmd->base.speed = pdata->phy.speed;
+- cmd->base.duplex = pdata->phy.duplex;
++ if (netif_carrier_ok(netdev)) {
++ cmd->base.speed = pdata->phy.speed;
++ cmd->base.duplex = pdata->phy.duplex;
++ } else {
++ cmd->base.speed = SPEED_UNKNOWN;
++ cmd->base.duplex = DUPLEX_UNKNOWN;
++ }
+
++ cmd->base.autoneg = pdata->phy.autoneg;
+ cmd->base.port = PORT_NONE;
+
+ XGBE_LM_COPY(cmd, supported, lks, supported);
+--
+2.42.0
+
--- /dev/null
+From 38f403146a718b9f77f44c748006ba70afe6c8f7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 22 Nov 2023 15:07:41 -0800
+Subject: arm/xen: fix xen_vcpu_info allocation alignment
+
+From: Stefano Stabellini <sstabellini@kernel.org>
+
+[ Upstream commit 7bf9a6b46549852a37e6d07e52c601c3c706b562 ]
+
+xen_vcpu_info is a percpu area than needs to be mapped by Xen.
+Currently, it could cross a page boundary resulting in Xen being unable
+to map it:
+
+[ 0.567318] kernel BUG at arch/arm64/xen/../../arm/xen/enlighten.c:164!
+[ 0.574002] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
+
+Fix the issue by using __alloc_percpu and requesting alignment for the
+memory allocation.
+
+Signed-off-by: Stefano Stabellini <stefano.stabellini@amd.com>
+
+Link: https://lore.kernel.org/r/alpine.DEB.2.22.394.2311221501340.2053963@ubuntu-linux-20-04-desktop
+Fixes: 24d5373dda7c ("arm/xen: Use alloc_percpu rather than __alloc_percpu")
+Reviewed-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm/xen/enlighten.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c
+index 57dfc13b27529..c4d1cac0fe32d 100644
+--- a/arch/arm/xen/enlighten.c
++++ b/arch/arm/xen/enlighten.c
+@@ -354,7 +354,8 @@ static int __init xen_guest_init(void)
+ * for secondary CPUs as they are brought up.
+ * For uniformity we use VCPUOP_register_vcpu_info even on cpu0.
+ */
+- xen_vcpu_info = alloc_percpu(struct vcpu_info);
++ xen_vcpu_info = __alloc_percpu(sizeof(struct vcpu_info),
++ 1 << fls(sizeof(struct vcpu_info) - 1));
+ if (xen_vcpu_info == NULL)
+ return -ENOMEM;
+
+--
+2.42.0
+
--- /dev/null
+From bfe83fcc7d842ca083f1a49f11bbeda701773be4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 31 Oct 2023 04:00:07 +0000
+Subject: ata: pata_isapnp: Add missing error check for devm_ioport_map()
+
+From: Chen Ni <nichen@iscas.ac.cn>
+
+[ Upstream commit a6925165ea82b7765269ddd8dcad57c731aa00de ]
+
+Add missing error return check for devm_ioport_map() and return the
+error if this function call fails.
+
+Fixes: 0d5ff566779f ("libata: convert to iomap")
+Signed-off-by: Chen Ni <nichen@iscas.ac.cn>
+Reviewed-by: Sergey Shtylyov <s.shtylyov@omp.ru>
+Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/ata/pata_isapnp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/drivers/ata/pata_isapnp.c b/drivers/ata/pata_isapnp.c
+index 43bb224430d3c..8892931ea8676 100644
+--- a/drivers/ata/pata_isapnp.c
++++ b/drivers/ata/pata_isapnp.c
+@@ -82,6 +82,9 @@ static int isapnp_init_one(struct pnp_dev *idev, const struct pnp_device_id *dev
+ if (pnp_port_valid(idev, 1)) {
+ ctl_addr = devm_ioport_map(&idev->dev,
+ pnp_port_start(idev, 1), 1);
++ if (!ctl_addr)
++ return -ENOMEM;
++
+ ap->ioaddr.altstatus_addr = ctl_addr;
+ ap->ioaddr.ctl_addr = ctl_addr;
+ ap->ops = &isapnp_port_ops;
+--
+2.42.0
+
--- /dev/null
+From ac3fe27ebf46e08b03b1306e1b398efe15af04eb Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Oct 2023 00:33:15 +0200
+Subject: drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
+
+From: Marek Vasut <marex@denx.de>
+
+[ Upstream commit 06fc41b09cfbc02977acd9189473593a37d82d9b ]
+
+Add missing .bus_flags = DRM_BUS_FLAG_DE_HIGH to this panel description,
+ones which match both the datasheet and the panel display_timing flags .
+
+Fixes: 1e29b840af9f ("drm/panel: simple: Add Innolux G101ICE-L01 panel")
+Signed-off-by: Marek Vasut <marex@denx.de>
+Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
+Link: https://patchwork.freedesktop.org/patch/msgid/20231008223315.279215-1-marex@denx.de
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/panel/panel-simple.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c
+index 63d17607ef89c..5c3cc8bec2311 100644
+--- a/drivers/gpu/drm/panel/panel-simple.c
++++ b/drivers/gpu/drm/panel/panel-simple.c
+@@ -1670,6 +1670,7 @@ static const struct panel_desc innolux_g101ice_l01 = {
+ .disable = 200,
+ },
+ .bus_format = MEDIA_BUS_FMT_RGB888_1X7X4_SPWG,
++ .bus_flags = DRM_BUS_FLAG_DE_HIGH,
+ .connector_type = DRM_MODE_CONNECTOR_LVDS,
+ };
+
+--
+2.42.0
+
--- /dev/null
+From 16c9f583edeb5868ccb08f35a9c89c979bfd491f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 9 Oct 2023 00:32:56 +0200
+Subject: drm/panel: simple: Fix Innolux G101ICE-L01 timings
+
+From: Marek Vasut <marex@denx.de>
+
+[ Upstream commit 3f9a91b6c00e655d27bd785dcda1742dbdc31bda ]
+
+The Innolux G101ICE-L01 datasheet [1] page 17 table
+6.1 INPUT SIGNAL TIMING SPECIFICATIONS
+indicates that maximum vertical blanking time is 40 lines.
+Currently the driver uses 29 lines.
+
+Fix it, and since this panel is a DE panel, adjust the timings
+to make them less hostile to controllers which cannot do 1 px
+HSA/VSA, distribute the delays evenly between all three parts.
+
+[1] https://www.data-modul.com/sites/default/files/products/G101ICE-L01-C2-specification-12042389.pdf
+
+Fixes: 1e29b840af9f ("drm/panel: simple: Add Innolux G101ICE-L01 panel")
+Signed-off-by: Marek Vasut <marex@denx.de>
+Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
+Link: https://patchwork.freedesktop.org/patch/msgid/20231008223256.279196-1-marex@denx.de
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/panel/panel-simple.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/gpu/drm/panel/panel-simple.c b/drivers/gpu/drm/panel/panel-simple.c
+index 5c3cc8bec2311..fd8b16dcf13e7 100644
+--- a/drivers/gpu/drm/panel/panel-simple.c
++++ b/drivers/gpu/drm/panel/panel-simple.c
+@@ -1647,13 +1647,13 @@ static const struct panel_desc innolux_g070y2_l01 = {
+ static const struct display_timing innolux_g101ice_l01_timing = {
+ .pixelclock = { 60400000, 71100000, 74700000 },
+ .hactive = { 1280, 1280, 1280 },
+- .hfront_porch = { 41, 80, 100 },
+- .hback_porch = { 40, 79, 99 },
+- .hsync_len = { 1, 1, 1 },
++ .hfront_porch = { 30, 60, 70 },
++ .hback_porch = { 30, 60, 70 },
++ .hsync_len = { 22, 40, 60 },
+ .vactive = { 800, 800, 800 },
+- .vfront_porch = { 5, 11, 14 },
+- .vback_porch = { 4, 11, 14 },
+- .vsync_len = { 1, 1, 1 },
++ .vfront_porch = { 3, 8, 14 },
++ .vback_porch = { 3, 8, 14 },
++ .vsync_len = { 4, 7, 12 },
+ .flags = DISPLAY_FLAGS_DE_HIGH,
+ };
+
+--
+2.42.0
+
--- /dev/null
+From 28b00281d1671a046fe8fed93b0ab660e5c57530 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 26 Oct 2023 19:14:58 +0000
+Subject: drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full
+
+From: Jonas Karlman <jonas@kwiboo.se>
+
+[ Upstream commit bb0a05acd6121ff0e810b44fdc24dbdfaa46b642 ]
+
+Use of DRM_FORMAT_RGB888 and DRM_FORMAT_BGR888 on e.g. RK3288, RK3328
+and RK3399 result in wrong colors being displayed.
+
+The issue can be observed using modetest:
+
+ modetest -s <connector_id>@<crtc_id>:1920x1080-60@RG24
+ modetest -s <connector_id>@<crtc_id>:1920x1080-60@BG24
+
+Vendor 4.4 kernel apply an inverted rb swap for these formats on VOP
+full framework (IP version 3.x) compared to VOP little framework (2.x).
+
+Fix colors by applying different rb swap for VOP full framework (3.x)
+and VOP little framework (2.x) similar to vendor 4.4 kernel.
+
+Fixes: 85a359f25388 ("drm/rockchip: Add BGR formats to VOP")
+Signed-off-by: Jonas Karlman <jonas@kwiboo.se>
+Tested-by: Diederik de Haas <didi.debian@cknow.org>
+Reviewed-by: Christopher Obbard <chris.obbard@collabora.com>
+Tested-by: Christopher Obbard <chris.obbard@collabora.com>
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Link: https://patchwork.freedesktop.org/patch/msgid/20231026191500.2994225-1-jonas@kwiboo.se
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+index 20aa93fe9e3f2..f2edb94214761 100644
+--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
++++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c
+@@ -234,14 +234,22 @@ static inline void vop_cfg_done(struct vop *vop)
+ VOP_REG_SET(vop, common, cfg_done, 1);
+ }
+
+-static bool has_rb_swapped(uint32_t format)
++static bool has_rb_swapped(uint32_t version, uint32_t format)
+ {
+ switch (format) {
+ case DRM_FORMAT_XBGR8888:
+ case DRM_FORMAT_ABGR8888:
+- case DRM_FORMAT_BGR888:
+ case DRM_FORMAT_BGR565:
+ return true;
++ /*
++ * full framework (IP version 3.x) only need rb swapped for RGB888 and
++ * little framework (IP version 2.x) only need rb swapped for BGR888,
++ * check for 3.x to also only rb swap BGR888 for unknown vop version
++ */
++ case DRM_FORMAT_RGB888:
++ return VOP_MAJOR(version) == 3;
++ case DRM_FORMAT_BGR888:
++ return VOP_MAJOR(version) != 3;
+ default:
+ return false;
+ }
+@@ -886,7 +894,7 @@ static void vop_plane_atomic_update(struct drm_plane *plane,
+ VOP_WIN_SET(vop, win, dsp_info, dsp_info);
+ VOP_WIN_SET(vop, win, dsp_st, dsp_st);
+
+- rb_swap = has_rb_swapped(fb->format->format);
++ rb_swap = has_rb_swapped(vop->data->version, fb->format->format);
+ VOP_WIN_SET(vop, win, rb_swap, rb_swap);
+
+ /*
+--
+2.42.0
+
--- /dev/null
+From 6e202c205084fb4929289156017cc286a62d9782 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 Apr 2023 11:38:36 +0800
+Subject: ext4: add a new helper to check if es must be kept
+
+From: Baokun Li <libaokun1@huawei.com>
+
+[ Upstream commit 9649eb18c6288f514cacffdd699d5cd999c2f8f6 ]
+
+In the extent status tree, we have extents which we can just drop without
+issues and extents we must not drop - this depends on the extent's status
+- currently ext4_es_is_delayed() extents must stay, others may be dropped.
+
+A helper function is added to help determine if the current extent can
+be dropped, although only ext4_es_is_delayed() extents cannot be dropped
+currently.
+
+Suggested-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20230424033846.4732-3-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 34 +++++++++++++++++++++-------------
+ 1 file changed, 21 insertions(+), 13 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index cfd05e016f181..59812c5bbe1ba 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -439,6 +439,19 @@ static void ext4_es_list_del(struct inode *inode)
+ spin_unlock(&sbi->s_es_lock);
+ }
+
++/*
++ * Returns true if we cannot fail to allocate memory for this extent_status
++ * entry and cannot reclaim it until its status changes.
++ */
++static inline bool ext4_es_must_keep(struct extent_status *es)
++{
++ /* fiemap, bigalloc, and seek_data/hole need to use it. */
++ if (ext4_es_is_delayed(es))
++ return true;
++
++ return false;
++}
++
+ static struct extent_status *
+ ext4_es_alloc_extent(struct inode *inode, ext4_lblk_t lblk, ext4_lblk_t len,
+ ext4_fsblk_t pblk)
+@@ -451,10 +464,8 @@ ext4_es_alloc_extent(struct inode *inode, ext4_lblk_t lblk, ext4_lblk_t len,
+ es->es_len = len;
+ es->es_pblk = pblk;
+
+- /*
+- * We don't count delayed extent because we never try to reclaim them
+- */
+- if (!ext4_es_is_delayed(es)) {
++ /* We never try to reclaim a must kept extent, so we don't count it. */
++ if (!ext4_es_must_keep(es)) {
+ if (!EXT4_I(inode)->i_es_shk_nr++)
+ ext4_es_list_add(inode);
+ percpu_counter_inc(&EXT4_SB(inode->i_sb)->
+@@ -472,8 +483,8 @@ static void ext4_es_free_extent(struct inode *inode, struct extent_status *es)
+ EXT4_I(inode)->i_es_all_nr--;
+ percpu_counter_dec(&EXT4_SB(inode->i_sb)->s_es_stats.es_stats_all_cnt);
+
+- /* Decrease the shrink counter when this es is not delayed */
+- if (!ext4_es_is_delayed(es)) {
++ /* Decrease the shrink counter when we can reclaim the extent. */
++ if (!ext4_es_must_keep(es)) {
+ BUG_ON(EXT4_I(inode)->i_es_shk_nr == 0);
+ if (!--EXT4_I(inode)->i_es_shk_nr)
+ ext4_es_list_del(inode);
+@@ -842,7 +853,7 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+ if (err == -ENOMEM && __es_shrink(EXT4_SB(inode->i_sb),
+ 128, EXT4_I(inode)))
+ goto retry;
+- if (err == -ENOMEM && !ext4_es_is_delayed(&newes))
++ if (err == -ENOMEM && !ext4_es_must_keep(&newes))
+ err = 0;
+
+ if (sbi->s_cluster_ratio > 1 && test_opt(inode->i_sb, DELALLOC) &&
+@@ -1683,11 +1694,8 @@ static int es_do_reclaim_extents(struct ext4_inode_info *ei, ext4_lblk_t end,
+
+ (*nr_to_scan)--;
+ node = rb_next(&es->rb_node);
+- /*
+- * We can't reclaim delayed extent from status tree because
+- * fiemap, bigallic, and seek_data/hole need to use it.
+- */
+- if (ext4_es_is_delayed(es))
++
++ if (ext4_es_must_keep(es))
+ goto next;
+ if (ext4_es_is_referenced(es)) {
+ ext4_es_clear_referenced(es);
+@@ -1751,7 +1759,7 @@ void ext4_clear_inode_es(struct inode *inode)
+ while (node) {
+ es = rb_entry(node, struct extent_status, rb_node);
+ node = rb_next(node);
+- if (!ext4_es_is_delayed(es)) {
++ if (!ext4_es_must_keep(es)) {
+ rb_erase(&es->rb_node, &tree->root);
+ ext4_es_free_extent(inode, es);
+ }
+--
+2.42.0
+
--- /dev/null
+From 3a95c0d4b9186ca1e7c119fe84485f11d0c9c7fe Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 Apr 2023 11:38:37 +0800
+Subject: ext4: factor out __es_alloc_extent() and __es_free_extent()
+
+From: Baokun Li <libaokun1@huawei.com>
+
+[ Upstream commit 73a2f033656be11298912201ad50615307b4477a ]
+
+Factor out __es_alloc_extent() and __es_free_extent(), which only allocate
+and free extent_status in these two helpers.
+
+The ext4_es_alloc_extent() function is split into __es_alloc_extent()
+and ext4_es_init_extent(). In __es_alloc_extent() we allocate memory using
+GFP_KERNEL | __GFP_NOFAIL | __GFP_ZERO if the memory allocation cannot
+fail, otherwise we use GFP_ATOMIC. and the ext4_es_init_extent() is used to
+initialize extent_status and update related variables after a successful
+allocation.
+
+This is to prepare for the use of pre-allocated extent_status later.
+
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20230424033846.4732-4-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 30 +++++++++++++++++++-----------
+ 1 file changed, 19 insertions(+), 11 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index 59812c5bbe1ba..dfabb15afd3dd 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -452,14 +452,17 @@ static inline bool ext4_es_must_keep(struct extent_status *es)
+ return false;
+ }
+
+-static struct extent_status *
+-ext4_es_alloc_extent(struct inode *inode, ext4_lblk_t lblk, ext4_lblk_t len,
+- ext4_fsblk_t pblk)
++static inline struct extent_status *__es_alloc_extent(bool nofail)
++{
++ if (!nofail)
++ return kmem_cache_alloc(ext4_es_cachep, GFP_ATOMIC);
++
++ return kmem_cache_zalloc(ext4_es_cachep, GFP_KERNEL | __GFP_NOFAIL);
++}
++
++static void ext4_es_init_extent(struct inode *inode, struct extent_status *es,
++ ext4_lblk_t lblk, ext4_lblk_t len, ext4_fsblk_t pblk)
+ {
+- struct extent_status *es;
+- es = kmem_cache_alloc(ext4_es_cachep, GFP_ATOMIC);
+- if (es == NULL)
+- return NULL;
+ es->es_lblk = lblk;
+ es->es_len = len;
+ es->es_pblk = pblk;
+@@ -474,8 +477,11 @@ ext4_es_alloc_extent(struct inode *inode, ext4_lblk_t lblk, ext4_lblk_t len,
+
+ EXT4_I(inode)->i_es_all_nr++;
+ percpu_counter_inc(&EXT4_SB(inode->i_sb)->s_es_stats.es_stats_all_cnt);
++}
+
+- return es;
++static inline void __es_free_extent(struct extent_status *es)
++{
++ kmem_cache_free(ext4_es_cachep, es);
+ }
+
+ static void ext4_es_free_extent(struct inode *inode, struct extent_status *es)
+@@ -492,7 +498,7 @@ static void ext4_es_free_extent(struct inode *inode, struct extent_status *es)
+ s_es_stats.es_stats_shk_cnt);
+ }
+
+- kmem_cache_free(ext4_es_cachep, es);
++ __es_free_extent(es);
+ }
+
+ /*
+@@ -794,10 +800,12 @@ static int __es_insert_extent(struct inode *inode, struct extent_status *newes)
+ }
+ }
+
+- es = ext4_es_alloc_extent(inode, newes->es_lblk, newes->es_len,
+- newes->es_pblk);
++ es = __es_alloc_extent(false);
+ if (!es)
+ return -ENOMEM;
++ ext4_es_init_extent(inode, es, newes->es_lblk, newes->es_len,
++ newes->es_pblk);
++
+ rb_link_node(&es->rb_node, parent, p);
+ rb_insert_color(&es->rb_node, &tree->root);
+
+--
+2.42.0
+
--- /dev/null
+From 6b8ab9e6cdcc6ffd11bf932892517fdc8f6ca802 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 15 Aug 2023 15:08:08 +0800
+Subject: ext4: fix slab-use-after-free in ext4_es_insert_extent()
+
+From: Baokun Li <libaokun1@huawei.com>
+
+[ Upstream commit 768d612f79822d30a1e7d132a4d4b05337ce42ec ]
+
+Yikebaer reported an issue:
+==================================================================
+BUG: KASAN: slab-use-after-free in ext4_es_insert_extent+0xc68/0xcb0
+fs/ext4/extents_status.c:894
+Read of size 4 at addr ffff888112ecc1a4 by task syz-executor/8438
+
+CPU: 1 PID: 8438 Comm: syz-executor Not tainted 6.5.0-rc5 #1
+Call Trace:
+ [...]
+ kasan_report+0xba/0xf0 mm/kasan/report.c:588
+ ext4_es_insert_extent+0xc68/0xcb0 fs/ext4/extents_status.c:894
+ ext4_map_blocks+0x92a/0x16f0 fs/ext4/inode.c:680
+ ext4_alloc_file_blocks.isra.0+0x2df/0xb70 fs/ext4/extents.c:4462
+ ext4_zero_range fs/ext4/extents.c:4622 [inline]
+ ext4_fallocate+0x251c/0x3ce0 fs/ext4/extents.c:4721
+ [...]
+
+Allocated by task 8438:
+ [...]
+ kmem_cache_zalloc include/linux/slab.h:693 [inline]
+ __es_alloc_extent fs/ext4/extents_status.c:469 [inline]
+ ext4_es_insert_extent+0x672/0xcb0 fs/ext4/extents_status.c:873
+ ext4_map_blocks+0x92a/0x16f0 fs/ext4/inode.c:680
+ ext4_alloc_file_blocks.isra.0+0x2df/0xb70 fs/ext4/extents.c:4462
+ ext4_zero_range fs/ext4/extents.c:4622 [inline]
+ ext4_fallocate+0x251c/0x3ce0 fs/ext4/extents.c:4721
+ [...]
+
+Freed by task 8438:
+ [...]
+ kmem_cache_free+0xec/0x490 mm/slub.c:3823
+ ext4_es_try_to_merge_right fs/ext4/extents_status.c:593 [inline]
+ __es_insert_extent+0x9f4/0x1440 fs/ext4/extents_status.c:802
+ ext4_es_insert_extent+0x2ca/0xcb0 fs/ext4/extents_status.c:882
+ ext4_map_blocks+0x92a/0x16f0 fs/ext4/inode.c:680
+ ext4_alloc_file_blocks.isra.0+0x2df/0xb70 fs/ext4/extents.c:4462
+ ext4_zero_range fs/ext4/extents.c:4622 [inline]
+ ext4_fallocate+0x251c/0x3ce0 fs/ext4/extents.c:4721
+ [...]
+==================================================================
+
+The flow of issue triggering is as follows:
+1. remove es
+ raw es es removed es1
+|-------------------| -> |----|.......|------|
+
+2. insert es
+ es insert es1 merge with es es1 merge with es and free es1
+|----|.......|------| -> |------------|------| -> |-------------------|
+
+es merges with newes, then merges with es1, frees es1, then determines
+if es1->es_len is 0 and triggers a UAF.
+
+The code flow is as follows:
+ext4_es_insert_extent
+ es1 = __es_alloc_extent(true);
+ es2 = __es_alloc_extent(true);
+ __es_remove_extent(inode, lblk, end, NULL, es1)
+ __es_insert_extent(inode, &newes, es1) ---> insert es1 to es tree
+ __es_insert_extent(inode, &newes, es2)
+ ext4_es_try_to_merge_right
+ ext4_es_free_extent(inode, es1) ---> es1 is freed
+ if (es1 && !es1->es_len)
+ // Trigger UAF by determining if es1 is used.
+
+We determine whether es1 or es2 is used immediately after calling
+__es_remove_extent() or __es_insert_extent() to avoid triggering a
+UAF if es1 or es2 is freed.
+
+Reported-by: Yikebaer Aizezi <yikebaer61@gmail.com>
+Closes: https://lore.kernel.org/lkml/CALcu4raD4h9coiyEBL4Bm0zjDwxC2CyPiTwsP3zFuhot6y9Beg@mail.gmail.com
+Fixes: 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()")
+Cc: stable@kernel.org
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20230815070808.3377171-1-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 44 +++++++++++++++++++++++++++-------------
+ 1 file changed, 30 insertions(+), 14 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index c4922b8c9d333..4b47bccc3834a 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -871,23 +871,29 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+ err1 = __es_remove_extent(inode, lblk, end, NULL, es1);
+ if (err1 != 0)
+ goto error;
++ /* Free preallocated extent if it didn't get used. */
++ if (es1) {
++ if (!es1->es_len)
++ __es_free_extent(es1);
++ es1 = NULL;
++ }
+
+ err2 = __es_insert_extent(inode, &newes, es2);
+ if (err2 == -ENOMEM && !ext4_es_must_keep(&newes))
+ err2 = 0;
+ if (err2 != 0)
+ goto error;
++ /* Free preallocated extent if it didn't get used. */
++ if (es2) {
++ if (!es2->es_len)
++ __es_free_extent(es2);
++ es2 = NULL;
++ }
+
+ if (sbi->s_cluster_ratio > 1 && test_opt(inode->i_sb, DELALLOC) &&
+ (status & EXTENT_STATUS_WRITTEN ||
+ status & EXTENT_STATUS_UNWRITTEN))
+ __revise_pending(inode, lblk, len);
+-
+- /* es is pre-allocated but not used, free it. */
+- if (es1 && !es1->es_len)
+- __es_free_extent(es1);
+- if (es2 && !es2->es_len)
+- __es_free_extent(es2);
+ error:
+ write_unlock(&EXT4_I(inode)->i_es_lock);
+ if (err1 || err2)
+@@ -1475,8 +1481,12 @@ int ext4_es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ */
+ write_lock(&EXT4_I(inode)->i_es_lock);
+ err = __es_remove_extent(inode, lblk, end, &reserved, es);
+- if (es && !es->es_len)
+- __es_free_extent(es);
++ /* Free preallocated extent if it didn't get used. */
++ if (es) {
++ if (!es->es_len)
++ __es_free_extent(es);
++ es = NULL;
++ }
+ write_unlock(&EXT4_I(inode)->i_es_lock);
+ if (err)
+ goto retry;
+@@ -2031,19 +2041,25 @@ int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+ err1 = __es_remove_extent(inode, lblk, lblk, NULL, es1);
+ if (err1 != 0)
+ goto error;
++ /* Free preallocated extent if it didn't get used. */
++ if (es1) {
++ if (!es1->es_len)
++ __es_free_extent(es1);
++ es1 = NULL;
++ }
+
+ err2 = __es_insert_extent(inode, &newes, es2);
+ if (err2 != 0)
+ goto error;
++ /* Free preallocated extent if it didn't get used. */
++ if (es2) {
++ if (!es2->es_len)
++ __es_free_extent(es2);
++ es2 = NULL;
++ }
+
+ if (allocated)
+ __insert_pending(inode, lblk);
+-
+- /* es is pre-allocated but not used, free it. */
+- if (es1 && !es1->es_len)
+- __es_free_extent(es1);
+- if (es2 && !es2->es_len)
+- __es_free_extent(es2);
+ error:
+ write_unlock(&EXT4_I(inode)->i_es_lock);
+ if (err1 || err2)
+--
+2.42.0
+
--- /dev/null
+From 1bb2fa79289904b469a8a051d84bd34141d84328 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 24 Aug 2023 17:26:05 +0800
+Subject: ext4: make sure allocate pending entry not fail
+
+From: Zhang Yi <yi.zhang@huawei.com>
+
+[ Upstream commit 8e387c89e96b9543a339f84043cf9df15fed2632 ]
+
+__insert_pending() allocate memory in atomic context, so the allocation
+could fail, but we are not handling that failure now. It could lead
+ext4_es_remove_extent() to get wrong reserved clusters, and the global
+data blocks reservation count will be incorrect. The same to
+extents_status entry preallocation, preallocate pending entry out of the
+i_es_lock with __GFP_NOFAIL, make sure __insert_pending() and
+__revise_pending() always succeeds.
+
+Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
+Cc: stable@kernel.org
+Link: https://lore.kernel.org/r/20230824092619.1327976-3-yi.zhang@huaweicloud.com
+Reviewed-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 123 ++++++++++++++++++++++++++++-----------
+ 1 file changed, 89 insertions(+), 34 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index 4b47bccc3834a..3346a9252063b 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -152,8 +152,9 @@ static int __es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ static int es_reclaim_extents(struct ext4_inode_info *ei, int *nr_to_scan);
+ static int __es_shrink(struct ext4_sb_info *sbi, int nr_to_scan,
+ struct ext4_inode_info *locked_ei);
+-static void __revise_pending(struct inode *inode, ext4_lblk_t lblk,
+- ext4_lblk_t len);
++static int __revise_pending(struct inode *inode, ext4_lblk_t lblk,
++ ext4_lblk_t len,
++ struct pending_reservation **prealloc);
+
+ int __init ext4_init_es(void)
+ {
+@@ -441,6 +442,19 @@ static void ext4_es_list_del(struct inode *inode)
+ spin_unlock(&sbi->s_es_lock);
+ }
+
++static inline struct pending_reservation *__alloc_pending(bool nofail)
++{
++ if (!nofail)
++ return kmem_cache_alloc(ext4_pending_cachep, GFP_ATOMIC);
++
++ return kmem_cache_zalloc(ext4_pending_cachep, GFP_KERNEL | __GFP_NOFAIL);
++}
++
++static inline void __free_pending(struct pending_reservation *pr)
++{
++ kmem_cache_free(ext4_pending_cachep, pr);
++}
++
+ /*
+ * Returns true if we cannot fail to allocate memory for this extent_status
+ * entry and cannot reclaim it until its status changes.
+@@ -832,11 +846,12 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+ {
+ struct extent_status newes;
+ ext4_lblk_t end = lblk + len - 1;
+- int err1 = 0;
+- int err2 = 0;
++ int err1 = 0, err2 = 0, err3 = 0;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ struct extent_status *es1 = NULL;
+ struct extent_status *es2 = NULL;
++ struct pending_reservation *pr = NULL;
++ bool revise_pending = false;
+
+ es_debug("add [%u/%u) %llu %x to extent status tree of inode %lu\n",
+ lblk, len, pblk, status, inode->i_ino);
+@@ -861,11 +876,17 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+
+ ext4_es_insert_extent_check(inode, &newes);
+
++ revise_pending = sbi->s_cluster_ratio > 1 &&
++ test_opt(inode->i_sb, DELALLOC) &&
++ (status & (EXTENT_STATUS_WRITTEN |
++ EXTENT_STATUS_UNWRITTEN));
+ retry:
+ if (err1 && !es1)
+ es1 = __es_alloc_extent(true);
+ if ((err1 || err2) && !es2)
+ es2 = __es_alloc_extent(true);
++ if ((err1 || err2 || err3) && revise_pending && !pr)
++ pr = __alloc_pending(true);
+ write_lock(&EXT4_I(inode)->i_es_lock);
+
+ err1 = __es_remove_extent(inode, lblk, end, NULL, es1);
+@@ -890,13 +911,18 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+ es2 = NULL;
+ }
+
+- if (sbi->s_cluster_ratio > 1 && test_opt(inode->i_sb, DELALLOC) &&
+- (status & EXTENT_STATUS_WRITTEN ||
+- status & EXTENT_STATUS_UNWRITTEN))
+- __revise_pending(inode, lblk, len);
++ if (revise_pending) {
++ err3 = __revise_pending(inode, lblk, len, &pr);
++ if (err3 != 0)
++ goto error;
++ if (pr) {
++ __free_pending(pr);
++ pr = NULL;
++ }
++ }
+ error:
+ write_unlock(&EXT4_I(inode)->i_es_lock);
+- if (err1 || err2)
++ if (err1 || err2 || err3)
+ goto retry;
+
+ ext4_es_print_tree(inode);
+@@ -1298,7 +1324,7 @@ static unsigned int get_rsvd(struct inode *inode, ext4_lblk_t end,
+ rc->ndelonly--;
+ node = rb_next(&pr->rb_node);
+ rb_erase(&pr->rb_node, &tree->root);
+- kmem_cache_free(ext4_pending_cachep, pr);
++ __free_pending(pr);
+ if (!node)
+ break;
+ pr = rb_entry(node, struct pending_reservation,
+@@ -1892,11 +1918,13 @@ static struct pending_reservation *__get_pending(struct inode *inode,
+ *
+ * @inode - file containing the cluster
+ * @lblk - logical block in the cluster to be added
++ * @prealloc - preallocated pending entry
+ *
+ * Returns 0 on successful insertion and -ENOMEM on failure. If the
+ * pending reservation is already in the set, returns successfully.
+ */
+-static int __insert_pending(struct inode *inode, ext4_lblk_t lblk)
++static int __insert_pending(struct inode *inode, ext4_lblk_t lblk,
++ struct pending_reservation **prealloc)
+ {
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ struct ext4_pending_tree *tree = &EXT4_I(inode)->i_pending_tree;
+@@ -1922,10 +1950,15 @@ static int __insert_pending(struct inode *inode, ext4_lblk_t lblk)
+ }
+ }
+
+- pr = kmem_cache_alloc(ext4_pending_cachep, GFP_ATOMIC);
+- if (pr == NULL) {
+- ret = -ENOMEM;
+- goto out;
++ if (likely(*prealloc == NULL)) {
++ pr = __alloc_pending(false);
++ if (!pr) {
++ ret = -ENOMEM;
++ goto out;
++ }
++ } else {
++ pr = *prealloc;
++ *prealloc = NULL;
+ }
+ pr->lclu = lclu;
+
+@@ -1955,7 +1988,7 @@ static void __remove_pending(struct inode *inode, ext4_lblk_t lblk)
+ if (pr != NULL) {
+ tree = &EXT4_I(inode)->i_pending_tree;
+ rb_erase(&pr->rb_node, &tree->root);
+- kmem_cache_free(ext4_pending_cachep, pr);
++ __free_pending(pr);
+ }
+ }
+
+@@ -2016,10 +2049,10 @@ int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+ bool allocated)
+ {
+ struct extent_status newes;
+- int err1 = 0;
+- int err2 = 0;
++ int err1 = 0, err2 = 0, err3 = 0;
+ struct extent_status *es1 = NULL;
+ struct extent_status *es2 = NULL;
++ struct pending_reservation *pr = NULL;
+
+ es_debug("add [%u/1) delayed to extent status tree of inode %lu\n",
+ lblk, inode->i_ino);
+@@ -2036,6 +2069,8 @@ int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+ es1 = __es_alloc_extent(true);
+ if ((err1 || err2) && !es2)
+ es2 = __es_alloc_extent(true);
++ if ((err1 || err2 || err3) && allocated && !pr)
++ pr = __alloc_pending(true);
+ write_lock(&EXT4_I(inode)->i_es_lock);
+
+ err1 = __es_remove_extent(inode, lblk, lblk, NULL, es1);
+@@ -2058,11 +2093,18 @@ int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+ es2 = NULL;
+ }
+
+- if (allocated)
+- __insert_pending(inode, lblk);
++ if (allocated) {
++ err3 = __insert_pending(inode, lblk, &pr);
++ if (err3 != 0)
++ goto error;
++ if (pr) {
++ __free_pending(pr);
++ pr = NULL;
++ }
++ }
+ error:
+ write_unlock(&EXT4_I(inode)->i_es_lock);
+- if (err1 || err2)
++ if (err1 || err2 || err3)
+ goto retry;
+
+ ext4_es_print_tree(inode);
+@@ -2168,21 +2210,24 @@ unsigned int ext4_es_delayed_clu(struct inode *inode, ext4_lblk_t lblk,
+ * @inode - file containing the range
+ * @lblk - logical block defining the start of range
+ * @len - length of range in blocks
++ * @prealloc - preallocated pending entry
+ *
+ * Used after a newly allocated extent is added to the extents status tree.
+ * Requires that the extents in the range have either written or unwritten
+ * status. Must be called while holding i_es_lock.
+ */
+-static void __revise_pending(struct inode *inode, ext4_lblk_t lblk,
+- ext4_lblk_t len)
++static int __revise_pending(struct inode *inode, ext4_lblk_t lblk,
++ ext4_lblk_t len,
++ struct pending_reservation **prealloc)
+ {
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
+ ext4_lblk_t end = lblk + len - 1;
+ ext4_lblk_t first, last;
+ bool f_del = false, l_del = false;
++ int ret = 0;
+
+ if (len == 0)
+- return;
++ return 0;
+
+ /*
+ * Two cases - block range within single cluster and block range
+@@ -2203,7 +2248,9 @@ static void __revise_pending(struct inode *inode, ext4_lblk_t lblk,
+ f_del = __es_scan_range(inode, &ext4_es_is_delonly,
+ first, lblk - 1);
+ if (f_del) {
+- __insert_pending(inode, first);
++ ret = __insert_pending(inode, first, prealloc);
++ if (ret < 0)
++ goto out;
+ } else {
+ last = EXT4_LBLK_CMASK(sbi, end) +
+ sbi->s_cluster_ratio - 1;
+@@ -2211,9 +2258,11 @@ static void __revise_pending(struct inode *inode, ext4_lblk_t lblk,
+ l_del = __es_scan_range(inode,
+ &ext4_es_is_delonly,
+ end + 1, last);
+- if (l_del)
+- __insert_pending(inode, last);
+- else
++ if (l_del) {
++ ret = __insert_pending(inode, last, prealloc);
++ if (ret < 0)
++ goto out;
++ } else
+ __remove_pending(inode, last);
+ }
+ } else {
+@@ -2221,18 +2270,24 @@ static void __revise_pending(struct inode *inode, ext4_lblk_t lblk,
+ if (first != lblk)
+ f_del = __es_scan_range(inode, &ext4_es_is_delonly,
+ first, lblk - 1);
+- if (f_del)
+- __insert_pending(inode, first);
+- else
++ if (f_del) {
++ ret = __insert_pending(inode, first, prealloc);
++ if (ret < 0)
++ goto out;
++ } else
+ __remove_pending(inode, first);
+
+ last = EXT4_LBLK_CMASK(sbi, end) + sbi->s_cluster_ratio - 1;
+ if (last != end)
+ l_del = __es_scan_range(inode, &ext4_es_is_delonly,
+ end + 1, last);
+- if (l_del)
+- __insert_pending(inode, last);
+- else
++ if (l_del) {
++ ret = __insert_pending(inode, last, prealloc);
++ if (ret < 0)
++ goto out;
++ } else
+ __remove_pending(inode, last);
+ }
++out:
++ return ret;
+ }
+--
+2.42.0
+
--- /dev/null
+From fdae60c51e351233228b1400e12824929bdf52a2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 Apr 2023 11:38:38 +0800
+Subject: ext4: use pre-allocated es in __es_insert_extent()
+
+From: Baokun Li <libaokun1@huawei.com>
+
+[ Upstream commit 95f0b320339a977cf69872eac107122bf536775d ]
+
+Pass a extent_status pointer prealloc to __es_insert_extent(). If the
+pointer is non-null, it is used directly when a new extent_status is
+needed to avoid memory allocation failures.
+
+Suggested-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20230424033846.4732-5-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 19 ++++++++++++-------
+ 1 file changed, 12 insertions(+), 7 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index dfabb15afd3dd..eef9f2dc99daa 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -144,7 +144,8 @@
+ static struct kmem_cache *ext4_es_cachep;
+ static struct kmem_cache *ext4_pending_cachep;
+
+-static int __es_insert_extent(struct inode *inode, struct extent_status *newes);
++static int __es_insert_extent(struct inode *inode, struct extent_status *newes,
++ struct extent_status *prealloc);
+ static int __es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ ext4_lblk_t end, int *reserved);
+ static int es_reclaim_extents(struct ext4_inode_info *ei, int *nr_to_scan);
+@@ -760,7 +761,8 @@ static inline void ext4_es_insert_extent_check(struct inode *inode,
+ }
+ #endif
+
+-static int __es_insert_extent(struct inode *inode, struct extent_status *newes)
++static int __es_insert_extent(struct inode *inode, struct extent_status *newes,
++ struct extent_status *prealloc)
+ {
+ struct ext4_es_tree *tree = &EXT4_I(inode)->i_es_tree;
+ struct rb_node **p = &tree->root.rb_node;
+@@ -800,7 +802,10 @@ static int __es_insert_extent(struct inode *inode, struct extent_status *newes)
+ }
+ }
+
+- es = __es_alloc_extent(false);
++ if (prealloc)
++ es = prealloc;
++ else
++ es = __es_alloc_extent(false);
+ if (!es)
+ return -ENOMEM;
+ ext4_es_init_extent(inode, es, newes->es_lblk, newes->es_len,
+@@ -857,7 +862,7 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+ if (err != 0)
+ goto error;
+ retry:
+- err = __es_insert_extent(inode, &newes);
++ err = __es_insert_extent(inode, &newes, NULL);
+ if (err == -ENOMEM && __es_shrink(EXT4_SB(inode->i_sb),
+ 128, EXT4_I(inode)))
+ goto retry;
+@@ -904,7 +909,7 @@ void ext4_es_cache_extent(struct inode *inode, ext4_lblk_t lblk,
+
+ es = __es_tree_search(&EXT4_I(inode)->i_es_tree.root, lblk);
+ if (!es || es->es_lblk > end)
+- __es_insert_extent(inode, &newes);
++ __es_insert_extent(inode, &newes, NULL);
+ write_unlock(&EXT4_I(inode)->i_es_lock);
+ }
+
+@@ -1347,7 +1352,7 @@ static int __es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ orig_es.es_len - len2;
+ ext4_es_store_pblock_status(&newes, block,
+ ext4_es_status(&orig_es));
+- err = __es_insert_extent(inode, &newes);
++ err = __es_insert_extent(inode, &newes, NULL);
+ if (err) {
+ es->es_lblk = orig_es.es_lblk;
+ es->es_len = orig_es.es_len;
+@@ -1996,7 +2001,7 @@ int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+ if (err != 0)
+ goto error;
+ retry:
+- err = __es_insert_extent(inode, &newes);
++ err = __es_insert_extent(inode, &newes, NULL);
+ if (err == -ENOMEM && __es_shrink(EXT4_SB(inode->i_sb),
+ 128, EXT4_I(inode)))
+ goto retry;
+--
+2.42.0
+
--- /dev/null
+From f420e16a9aa1d88a698881c5ef918d1da83a46a0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 Apr 2023 11:38:39 +0800
+Subject: ext4: use pre-allocated es in __es_remove_extent()
+
+From: Baokun Li <libaokun1@huawei.com>
+
+[ Upstream commit bda3efaf774fb687c2b7a555aaec3006b14a8857 ]
+
+When splitting extent, if the second extent can not be dropped, we return
+-ENOMEM and use GFP_NOFAIL to preallocate an extent_status outside of
+i_es_lock and pass it to __es_remove_extent() to be used as the second
+extent. This ensures that __es_remove_extent() is executed successfully,
+thus ensuring consistency in the extent status tree. If the second extent
+is not undroppable, we simply drop it and return 0. Then retry is no longer
+necessary, remove it.
+
+Now, __es_remove_extent() will always remove what it should, maybe more.
+
+Suggested-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20230424033846.4732-6-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 26 +++++++++++++-------------
+ 1 file changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index eef9f2dc99daa..1bfee9dff9c38 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -147,7 +147,8 @@ static struct kmem_cache *ext4_pending_cachep;
+ static int __es_insert_extent(struct inode *inode, struct extent_status *newes,
+ struct extent_status *prealloc);
+ static int __es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+- ext4_lblk_t end, int *reserved);
++ ext4_lblk_t end, int *reserved,
++ struct extent_status *prealloc);
+ static int es_reclaim_extents(struct ext4_inode_info *ei, int *nr_to_scan);
+ static int __es_shrink(struct ext4_sb_info *sbi, int nr_to_scan,
+ struct ext4_inode_info *locked_ei);
+@@ -858,7 +859,7 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+ ext4_es_insert_extent_check(inode, &newes);
+
+ write_lock(&EXT4_I(inode)->i_es_lock);
+- err = __es_remove_extent(inode, lblk, end, NULL);
++ err = __es_remove_extent(inode, lblk, end, NULL, NULL);
+ if (err != 0)
+ goto error;
+ retry:
+@@ -1296,6 +1297,7 @@ static unsigned int get_rsvd(struct inode *inode, ext4_lblk_t end,
+ * @lblk - first block in range
+ * @end - last block in range
+ * @reserved - number of cluster reservations released
++ * @prealloc - pre-allocated es to avoid memory allocation failures
+ *
+ * If @reserved is not NULL and delayed allocation is enabled, counts
+ * block/cluster reservations freed by removing range and if bigalloc
+@@ -1303,7 +1305,8 @@ static unsigned int get_rsvd(struct inode *inode, ext4_lblk_t end,
+ * error code on failure.
+ */
+ static int __es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+- ext4_lblk_t end, int *reserved)
++ ext4_lblk_t end, int *reserved,
++ struct extent_status *prealloc)
+ {
+ struct ext4_es_tree *tree = &EXT4_I(inode)->i_es_tree;
+ struct rb_node *node;
+@@ -1311,14 +1314,12 @@ static int __es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ struct extent_status orig_es;
+ ext4_lblk_t len1, len2;
+ ext4_fsblk_t block;
+- int err;
++ int err = 0;
+ bool count_reserved = true;
+ struct rsvd_count rc;
+
+ if (reserved == NULL || !test_opt(inode->i_sb, DELALLOC))
+ count_reserved = false;
+-retry:
+- err = 0;
+
+ es = __es_tree_search(&tree->root, lblk);
+ if (!es)
+@@ -1352,14 +1353,13 @@ static int __es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ orig_es.es_len - len2;
+ ext4_es_store_pblock_status(&newes, block,
+ ext4_es_status(&orig_es));
+- err = __es_insert_extent(inode, &newes, NULL);
++ err = __es_insert_extent(inode, &newes, prealloc);
+ if (err) {
++ if (!ext4_es_must_keep(&newes))
++ return 0;
++
+ es->es_lblk = orig_es.es_lblk;
+ es->es_len = orig_es.es_len;
+- if ((err == -ENOMEM) &&
+- __es_shrink(EXT4_SB(inode->i_sb),
+- 128, EXT4_I(inode)))
+- goto retry;
+ goto out;
+ }
+ } else {
+@@ -1456,7 +1456,7 @@ int ext4_es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ * is reclaimed.
+ */
+ write_lock(&EXT4_I(inode)->i_es_lock);
+- err = __es_remove_extent(inode, lblk, end, &reserved);
++ err = __es_remove_extent(inode, lblk, end, &reserved, NULL);
+ write_unlock(&EXT4_I(inode)->i_es_lock);
+ ext4_es_print_tree(inode);
+ ext4_da_release_space(inode, reserved);
+@@ -1997,7 +1997,7 @@ int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+
+ write_lock(&EXT4_I(inode)->i_es_lock);
+
+- err = __es_remove_extent(inode, lblk, lblk, NULL);
++ err = __es_remove_extent(inode, lblk, lblk, NULL, NULL);
+ if (err != 0)
+ goto error;
+ retry:
+--
+2.42.0
+
--- /dev/null
+From 96f4593003293d3c5a8053fbd20b091b9e0c5db7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 Apr 2023 11:38:41 +0800
+Subject: ext4: using nofail preallocation in ext4_es_insert_delayed_block()
+
+From: Baokun Li <libaokun1@huawei.com>
+
+[ Upstream commit 4a2d98447b37bcb68a7f06a1078edcb4f7e6ce7e ]
+
+Similar to in ext4_es_remove_extent(), we use a no-fail preallocation
+to avoid inconsistencies, except that here we may have to preallocate
+two extent_status.
+
+Suggested-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20230424033846.4732-8-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 33 ++++++++++++++++++++++-----------
+ 1 file changed, 22 insertions(+), 11 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index 854d865e9bfa2..fea538a66a16e 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -1992,7 +1992,10 @@ int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+ bool allocated)
+ {
+ struct extent_status newes;
+- int err = 0;
++ int err1 = 0;
++ int err2 = 0;
++ struct extent_status *es1 = NULL;
++ struct extent_status *es2 = NULL;
+
+ es_debug("add [%u/1) delayed to extent status tree of inode %lu\n",
+ lblk, inode->i_ino);
+@@ -2004,29 +2007,37 @@ int ext4_es_insert_delayed_block(struct inode *inode, ext4_lblk_t lblk,
+
+ ext4_es_insert_extent_check(inode, &newes);
+
++retry:
++ if (err1 && !es1)
++ es1 = __es_alloc_extent(true);
++ if ((err1 || err2) && !es2)
++ es2 = __es_alloc_extent(true);
+ write_lock(&EXT4_I(inode)->i_es_lock);
+
+- err = __es_remove_extent(inode, lblk, lblk, NULL, NULL);
+- if (err != 0)
++ err1 = __es_remove_extent(inode, lblk, lblk, NULL, es1);
++ if (err1 != 0)
+ goto error;
+-retry:
+- err = __es_insert_extent(inode, &newes, NULL);
+- if (err == -ENOMEM && __es_shrink(EXT4_SB(inode->i_sb),
+- 128, EXT4_I(inode)))
+- goto retry;
+- if (err != 0)
++
++ err2 = __es_insert_extent(inode, &newes, es2);
++ if (err2 != 0)
+ goto error;
+
+ if (allocated)
+ __insert_pending(inode, lblk);
+
++ /* es is pre-allocated but not used, free it. */
++ if (es1 && !es1->es_len)
++ __es_free_extent(es1);
++ if (es2 && !es2->es_len)
++ __es_free_extent(es2);
+ error:
+ write_unlock(&EXT4_I(inode)->i_es_lock);
++ if (err1 || err2)
++ goto retry;
+
+ ext4_es_print_tree(inode);
+ ext4_print_pending_tree(inode);
+-
+- return err;
++ return 0;
+ }
+
+ /*
+--
+2.42.0
+
--- /dev/null
+From b59d92a4166924e458b87567de310bbd5c2f4bd2 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 Apr 2023 11:38:42 +0800
+Subject: ext4: using nofail preallocation in ext4_es_insert_extent()
+
+From: Baokun Li <libaokun1@huawei.com>
+
+[ Upstream commit 2a69c450083db164596c75c0f5b4d9c4c0e18eba ]
+
+Similar to in ext4_es_insert_delayed_block(), we use preallocations that
+do not fail to avoid inconsistencies, but we do not care about es that are
+not must be kept, and we return 0 even if such es memory allocation fails.
+
+Suggested-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20230424033846.4732-9-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 38 ++++++++++++++++++++++++++------------
+ 1 file changed, 26 insertions(+), 12 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index fea538a66a16e..c4922b8c9d333 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -832,8 +832,11 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+ {
+ struct extent_status newes;
+ ext4_lblk_t end = lblk + len - 1;
+- int err = 0;
++ int err1 = 0;
++ int err2 = 0;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
++ struct extent_status *es1 = NULL;
++ struct extent_status *es2 = NULL;
+
+ es_debug("add [%u/%u) %llu %x to extent status tree of inode %lu\n",
+ lblk, len, pblk, status, inode->i_ino);
+@@ -858,29 +861,40 @@ int ext4_es_insert_extent(struct inode *inode, ext4_lblk_t lblk,
+
+ ext4_es_insert_extent_check(inode, &newes);
+
++retry:
++ if (err1 && !es1)
++ es1 = __es_alloc_extent(true);
++ if ((err1 || err2) && !es2)
++ es2 = __es_alloc_extent(true);
+ write_lock(&EXT4_I(inode)->i_es_lock);
+- err = __es_remove_extent(inode, lblk, end, NULL, NULL);
+- if (err != 0)
++
++ err1 = __es_remove_extent(inode, lblk, end, NULL, es1);
++ if (err1 != 0)
++ goto error;
++
++ err2 = __es_insert_extent(inode, &newes, es2);
++ if (err2 == -ENOMEM && !ext4_es_must_keep(&newes))
++ err2 = 0;
++ if (err2 != 0)
+ goto error;
+-retry:
+- err = __es_insert_extent(inode, &newes, NULL);
+- if (err == -ENOMEM && __es_shrink(EXT4_SB(inode->i_sb),
+- 128, EXT4_I(inode)))
+- goto retry;
+- if (err == -ENOMEM && !ext4_es_must_keep(&newes))
+- err = 0;
+
+ if (sbi->s_cluster_ratio > 1 && test_opt(inode->i_sb, DELALLOC) &&
+ (status & EXTENT_STATUS_WRITTEN ||
+ status & EXTENT_STATUS_UNWRITTEN))
+ __revise_pending(inode, lblk, len);
+
++ /* es is pre-allocated but not used, free it. */
++ if (es1 && !es1->es_len)
++ __es_free_extent(es1);
++ if (es2 && !es2->es_len)
++ __es_free_extent(es2);
+ error:
+ write_unlock(&EXT4_I(inode)->i_es_lock);
++ if (err1 || err2)
++ goto retry;
+
+ ext4_es_print_tree(inode);
+-
+- return err;
++ return 0;
+ }
+
+ /*
+--
+2.42.0
+
--- /dev/null
+From fe0c33383a0e8cbc54d094c24be343ce195dc8d7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 24 Apr 2023 11:38:40 +0800
+Subject: ext4: using nofail preallocation in ext4_es_remove_extent()
+
+From: Baokun Li <libaokun1@huawei.com>
+
+[ Upstream commit e9fe2b882bd5b26b987c9ba110c2222796f72af5 ]
+
+If __es_remove_extent() returns an error it means that when splitting
+extent, allocating an extent that must be kept failed, where returning
+an error directly would cause the extent tree to be inconsistent. So we
+use GFP_NOFAIL to pre-allocate an extent_status and pass it to
+__es_remove_extent() to avoid this problem.
+
+In addition, since the allocated memory is outside the i_es_lock, the
+extent_status tree may change and the pre-allocated extent_status is
+no longer needed, so we release the pre-allocated extent_status when
+es->es_len is not initialized.
+
+Suggested-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Baokun Li <libaokun1@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20230424033846.4732-7-libaokun1@huawei.com
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Stable-dep-of: 8e387c89e96b ("ext4: make sure allocate pending entry not fail")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ext4/extents_status.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c
+index 1bfee9dff9c38..854d865e9bfa2 100644
+--- a/fs/ext4/extents_status.c
++++ b/fs/ext4/extents_status.c
+@@ -1439,6 +1439,7 @@ int ext4_es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ ext4_lblk_t end;
+ int err = 0;
+ int reserved = 0;
++ struct extent_status *es = NULL;
+
+ trace_ext4_es_remove_extent(inode, lblk, len);
+ es_debug("remove [%u/%u) from extent status tree of inode %lu\n",
+@@ -1450,17 +1451,25 @@ int ext4_es_remove_extent(struct inode *inode, ext4_lblk_t lblk,
+ end = lblk + len - 1;
+ BUG_ON(end < lblk);
+
++retry:
++ if (err && !es)
++ es = __es_alloc_extent(true);
+ /*
+ * ext4_clear_inode() depends on us taking i_es_lock unconditionally
+ * so that we are sure __es_shrink() is done with the inode before it
+ * is reclaimed.
+ */
+ write_lock(&EXT4_I(inode)->i_es_lock);
+- err = __es_remove_extent(inode, lblk, end, &reserved, NULL);
++ err = __es_remove_extent(inode, lblk, end, &reserved, es);
++ if (es && !es->es_len)
++ __es_free_extent(es);
+ write_unlock(&EXT4_I(inode)->i_es_lock);
++ if (err)
++ goto retry;
++
+ ext4_es_print_tree(inode);
+ ext4_da_release_space(inode, reserved);
+- return err;
++ return 0;
+ }
+
+ static int __es_shrink(struct ext4_sb_info *sbi, int nr_to_scan,
+--
+2.42.0
+
--- /dev/null
+From c6ef0d1811f541ca9c61681e8c679b8fc3855132 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 2 Sep 2022 15:29:23 +0200
+Subject: HID: core: store the unique system identifier in hid_device
+
+From: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+
+[ Upstream commit 1e839143d674603b0bbbc4c513bca35404967dbc ]
+
+This unique identifier is currently used only for ensuring uniqueness in
+sysfs. However, this could be handful for userspace to refer to a specific
+hid_device by this id.
+
+2 use cases are in my mind: LEDs (and their naming convention), and
+HID-BPF.
+
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
+Link: https://lore.kernel.org/r/20220902132938.2409206-9-benjamin.tissoires@redhat.com
+Stable-dep-of: fc43e9c857b7 ("HID: fix HID device resource race between HID core and debugging support")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-core.c | 4 +++-
+ include/linux/hid.h | 2 ++
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
+index 8248cdc30e1d3..af1e1922e1ae0 100644
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -2437,10 +2437,12 @@ int hid_add_device(struct hid_device *hdev)
+ hid_warn(hdev, "bad device descriptor (%d)\n", ret);
+ }
+
++ hdev->id = atomic_inc_return(&id);
++
+ /* XXX hack, any other cleaner solution after the driver core
+ * is converted to allow more than 20 bytes as the device name? */
+ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
+- hdev->vendor, hdev->product, atomic_inc_return(&id));
++ hdev->vendor, hdev->product, hdev->id);
+
+ hid_debug_register(hdev, dev_name(&hdev->dev));
+ ret = device_add(&hdev->dev);
+diff --git a/include/linux/hid.h b/include/linux/hid.h
+index 20266127cf666..3fc4241cffbe2 100644
+--- a/include/linux/hid.h
++++ b/include/linux/hid.h
+@@ -622,6 +622,8 @@ struct hid_device { /* device report descriptor */
+ struct list_head debug_list;
+ spinlock_t debug_list_lock;
+ wait_queue_head_t debug_wait;
++
++ unsigned int id; /* system unique id */
+ };
+
+ #define to_hid_device(pdev) \
+--
+2.42.0
+
--- /dev/null
+From 061cbe5a1a25a584c03fa0078d6a19d8dc1ad534 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 31 Oct 2023 12:32:39 +0800
+Subject: HID: fix HID device resource race between HID core and debugging
+ support
+
+From: Charles Yi <be286@163.com>
+
+[ Upstream commit fc43e9c857b7aa55efba9398419b14d9e35dcc7d ]
+
+hid_debug_events_release releases resources bound to the HID device instance.
+hid_device_release releases the underlying HID device instance potentially
+before hid_debug_events_release has completed releasing debug resources bound
+to the same HID device instance.
+
+Reference count to prevent the HID device instance from being torn down
+preemptively when HID debugging support is used. When count reaches zero,
+release core resources of HID device instance using hiddev_free.
+
+The crash:
+
+[ 120.728477][ T4396] kernel BUG at lib/list_debug.c:53!
+[ 120.728505][ T4396] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
+[ 120.739806][ T4396] Modules linked in: bcmdhd dhd_static_buf 8822cu pcie_mhi r8168
+[ 120.747386][ T4396] CPU: 1 PID: 4396 Comm: hidt_bridge Not tainted 5.10.110 #257
+[ 120.754771][ T4396] Hardware name: Rockchip RK3588 EVB4 LP4 V10 Board (DT)
+[ 120.761643][ T4396] pstate: 60400089 (nZCv daIf +PAN -UAO -TCO BTYPE=--)
+[ 120.768338][ T4396] pc : __list_del_entry_valid+0x98/0xac
+[ 120.773730][ T4396] lr : __list_del_entry_valid+0x98/0xac
+[ 120.779120][ T4396] sp : ffffffc01e62bb60
+[ 120.783126][ T4396] x29: ffffffc01e62bb60 x28: ffffff818ce3a200
+[ 120.789126][ T4396] x27: 0000000000000009 x26: 0000000000980000
+[ 120.795126][ T4396] x25: ffffffc012431000 x24: ffffff802c6d4e00
+[ 120.801125][ T4396] x23: ffffff8005c66f00 x22: ffffffc01183b5b8
+[ 120.807125][ T4396] x21: ffffff819df2f100 x20: 0000000000000000
+[ 120.813124][ T4396] x19: ffffff802c3f0700 x18: ffffffc01d2cd058
+[ 120.819124][ T4396] x17: 0000000000000000 x16: 0000000000000000
+[ 120.825124][ T4396] x15: 0000000000000004 x14: 0000000000003fff
+[ 120.831123][ T4396] x13: ffffffc012085588 x12: 0000000000000003
+[ 120.837123][ T4396] x11: 00000000ffffbfff x10: 0000000000000003
+[ 120.843123][ T4396] x9 : 455103d46b329300 x8 : 455103d46b329300
+[ 120.849124][ T4396] x7 : 74707572726f6320 x6 : ffffffc0124b8cb5
+[ 120.855124][ T4396] x5 : ffffffffffffffff x4 : 0000000000000000
+[ 120.861123][ T4396] x3 : ffffffc011cf4f90 x2 : ffffff81fee7b948
+[ 120.867122][ T4396] x1 : ffffffc011cf4f90 x0 : 0000000000000054
+[ 120.873122][ T4396] Call trace:
+[ 120.876259][ T4396] __list_del_entry_valid+0x98/0xac
+[ 120.881304][ T4396] hid_debug_events_release+0x48/0x12c
+[ 120.886617][ T4396] full_proxy_release+0x50/0xbc
+[ 120.891323][ T4396] __fput+0xdc/0x238
+[ 120.895075][ T4396] ____fput+0x14/0x24
+[ 120.898911][ T4396] task_work_run+0x90/0x148
+[ 120.903268][ T4396] do_exit+0x1bc/0x8a4
+[ 120.907193][ T4396] do_group_exit+0x8c/0xa4
+[ 120.911458][ T4396] get_signal+0x468/0x744
+[ 120.915643][ T4396] do_signal+0x84/0x280
+[ 120.919650][ T4396] do_notify_resume+0xd0/0x218
+[ 120.924262][ T4396] work_pending+0xc/0x3f0
+
+[ Rahul Rameshbabu <sergeantsagara@protonmail.com>: rework changelog ]
+Fixes: cd667ce24796 ("HID: use debugfs for events/reports dumping")
+Signed-off-by: Charles Yi <be286@163.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-core.c | 12 ++++++++++--
+ drivers/hid/hid-debug.c | 3 +++
+ include/linux/hid.h | 3 +++
+ 3 files changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
+index af1e1922e1ae0..e0820feb7e19a 100644
+--- a/drivers/hid/hid-core.c
++++ b/drivers/hid/hid-core.c
+@@ -702,15 +702,22 @@ static void hid_close_report(struct hid_device *device)
+ * Free a device structure, all reports, and all fields.
+ */
+
+-static void hid_device_release(struct device *dev)
++void hiddev_free(struct kref *ref)
+ {
+- struct hid_device *hid = to_hid_device(dev);
++ struct hid_device *hid = container_of(ref, struct hid_device, ref);
+
+ hid_close_report(hid);
+ kfree(hid->dev_rdesc);
+ kfree(hid);
+ }
+
++static void hid_device_release(struct device *dev)
++{
++ struct hid_device *hid = to_hid_device(dev);
++
++ kref_put(&hid->ref, hiddev_free);
++}
++
+ /*
+ * Fetch a report description item from the data stream. We support long
+ * items, though they are not used yet.
+@@ -2485,6 +2492,7 @@ struct hid_device *hid_allocate_device(void)
+ spin_lock_init(&hdev->debug_list_lock);
+ sema_init(&hdev->driver_input_lock, 1);
+ mutex_init(&hdev->ll_open_lock);
++ kref_init(&hdev->ref);
+
+ return hdev;
+ }
+diff --git a/drivers/hid/hid-debug.c b/drivers/hid/hid-debug.c
+index 0066eab60576c..caeb2b21cd993 100644
+--- a/drivers/hid/hid-debug.c
++++ b/drivers/hid/hid-debug.c
+@@ -1082,6 +1082,7 @@ static int hid_debug_events_open(struct inode *inode, struct file *file)
+ goto out;
+ }
+ list->hdev = (struct hid_device *) inode->i_private;
++ kref_get(&list->hdev->ref);
+ file->private_data = list;
+ mutex_init(&list->read_mutex);
+
+@@ -1174,6 +1175,8 @@ static int hid_debug_events_release(struct inode *inode, struct file *file)
+ list_del(&list->node);
+ spin_unlock_irqrestore(&list->hdev->debug_list_lock, flags);
+ kfifo_free(&list->hid_debug_fifo);
++
++ kref_put(&list->hdev->ref, hiddev_free);
+ kfree(list);
+
+ return 0;
+diff --git a/include/linux/hid.h b/include/linux/hid.h
+index 3fc4241cffbe2..af73e8c815afc 100644
+--- a/include/linux/hid.h
++++ b/include/linux/hid.h
+@@ -622,10 +622,13 @@ struct hid_device { /* device report descriptor */
+ struct list_head debug_list;
+ spinlock_t debug_list_lock;
+ wait_queue_head_t debug_wait;
++ struct kref ref;
+
+ unsigned int id; /* system unique id */
+ };
+
++void hiddev_free(struct kref *ref);
++
+ #define to_hid_device(pdev) \
+ container_of(pdev, struct hid_device, dev)
+
+--
+2.42.0
+
--- /dev/null
+From 6a85b98796cfc1bf403df1ce4241080a85cb0188 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 19 Nov 2023 22:17:59 +0800
+Subject: ipv4: Correct/silence an endian warning in __ip_do_redirect
+
+From: Kunwu Chan <chentao@kylinos.cn>
+
+[ Upstream commit c0e2926266af3b5acf28df0a8fc6e4d90effe0bb ]
+
+net/ipv4/route.c:783:46: warning: incorrect type in argument 2 (different base types)
+net/ipv4/route.c:783:46: expected unsigned int [usertype] key
+net/ipv4/route.c:783:46: got restricted __be32 [usertype] new_gw
+
+Fixes: 969447f226b4 ("ipv4: use new_gw for redirect neigh lookup")
+Suggested-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: Kunwu Chan <chentao@kylinos.cn>
+Link: https://lore.kernel.org/r/20231119141759.420477-1-chentao@kylinos.cn
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv4/route.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c
+index f82d456afd0ed..902296ef3e5aa 100644
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -799,7 +799,7 @@ static void __ip_do_redirect(struct rtable *rt, struct sk_buff *skb, struct flow
+ goto reject_redirect;
+ }
+
+- n = __ipv4_neigh_lookup(rt->dst.dev, new_gw);
++ n = __ipv4_neigh_lookup(rt->dst.dev, (__force u32)new_gw);
+ if (!n)
+ n = neigh_create(&arp_tbl, &new_gw, rt->dst.dev);
+ if (!IS_ERR(n)) {
+--
+2.42.0
+
--- /dev/null
+From 013344b3a821e87c1b951081d44213443cd45b29 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 10 Oct 2023 16:54:34 +0800
+Subject: MIPS: KVM: Fix a build warning about variable set but not used
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Huacai Chen <chenhuacai@loongson.cn>
+
+[ Upstream commit 83767a67e7b6a0291cde5681ec7e3708f3f8f877 ]
+
+After commit 411740f5422a ("KVM: MIPS/MMU: Implement KVM_CAP_SYNC_MMU")
+old_pte is no longer used in kvm_mips_map_page(). So remove it to fix a
+build warning about variable set but not used:
+
+ arch/mips/kvm/mmu.c: In function 'kvm_mips_map_page':
+>> arch/mips/kvm/mmu.c:701:29: warning: variable 'old_pte' set but not used [-Wunused-but-set-variable]
+ 701 | pte_t *ptep, entry, old_pte;
+ | ^~~~~~~
+
+Cc: stable@vger.kernel.org
+Fixes: 411740f5422a960 ("KVM: MIPS/MMU: Implement KVM_CAP_SYNC_MMU")
+Reported-by: kernel test robot <lkp@intel.com>
+Closes: https://lore.kernel.org/oe-kbuild-all/202310070530.aARZCSfh-lkp@intel.com/
+Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
+Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/mips/kvm/mmu.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/arch/mips/kvm/mmu.c b/arch/mips/kvm/mmu.c
+index 97f63a84aa51f..8a5f666d34c81 100644
+--- a/arch/mips/kvm/mmu.c
++++ b/arch/mips/kvm/mmu.c
+@@ -693,7 +693,7 @@ static int kvm_mips_map_page(struct kvm_vcpu *vcpu, unsigned long gpa,
+ gfn_t gfn = gpa >> PAGE_SHIFT;
+ int srcu_idx, err;
+ kvm_pfn_t pfn;
+- pte_t *ptep, entry, old_pte;
++ pte_t *ptep, entry;
+ bool writeable;
+ unsigned long prot_bits;
+ unsigned long mmu_seq;
+@@ -766,7 +766,6 @@ static int kvm_mips_map_page(struct kvm_vcpu *vcpu, unsigned long gpa,
+ entry = pfn_pte(pfn, __pgprot(prot_bits));
+
+ /* Write the PTE */
+- old_pte = *ptep;
+ set_pte(ptep, entry);
+
+ err = 0;
+--
+2.42.0
+
--- /dev/null
+From 8cf49ba186728a49c68ebd1eac1b6a8e879e1da1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 21 Nov 2023 16:42:17 -0800
+Subject: net: axienet: Fix check for partial TX checksum
+
+From: Samuel Holland <samuel.holland@sifive.com>
+
+[ Upstream commit fd0413bbf8b11f56e8aa842783b0deda0dfe2926 ]
+
+Due to a typo, the code checked the RX checksum feature in the TX path.
+
+Fixes: 8a3b7a252dca ("drivers/net/ethernet/xilinx: added Xilinx AXI Ethernet driver")
+Signed-off-by: Samuel Holland <samuel.holland@sifive.com>
+Reviewed-by: Andrew Lunn <andrew@lunn.ch>
+Reviewed-by: Radhey Shyam Pandey <radhey.shyam.pandey@amd.com>
+Link: https://lore.kernel.org/r/20231122004219.3504219-1-samuel.holland@sifive.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+index 0ef806ea18327..bbc1cf288d25f 100644
+--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
++++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+@@ -656,7 +656,7 @@ axienet_start_xmit(struct sk_buff *skb, struct net_device *ndev)
+ if (lp->features & XAE_FEATURE_FULL_TX_CSUM) {
+ /* Tx Full Checksum Offload Enabled */
+ cur_p->app0 |= 2;
+- } else if (lp->features & XAE_FEATURE_PARTIAL_RX_CSUM) {
++ } else if (lp->features & XAE_FEATURE_PARTIAL_TX_CSUM) {
+ csum_start_off = skb_transport_offset(skb);
+ csum_index_off = csum_start_off + skb->csum_offset;
+ /* Tx Partial Checksum Offload Enabled */
+--
+2.42.0
+
--- /dev/null
+From 36dda5c084b0141d05f4672f5a2fbb5685d924cd Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 20 Nov 2023 13:06:29 +0100
+Subject: net: usb: ax88179_178a: fix failed operations during ax88179_reset
+
+From: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
+
+[ Upstream commit 0739af07d1d947af27c877f797cb82ceee702515 ]
+
+Using generic ASIX Electronics Corp. AX88179 Gigabit Ethernet device,
+the following test cycle has been implemented:
+ - power on
+ - check logs
+ - shutdown
+ - after detecting the system shutdown, disconnect power
+ - after approximately 60 seconds of sleep, power is restored
+Running some cycles, sometimes error logs like this appear:
+ kernel: ax88179_178a 2-9:1.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0001: -19
+ kernel: ax88179_178a 2-9:1.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0001: -19
+ ...
+These failed operation are happening during ax88179_reset execution, so
+the initialization could not be correct.
+
+In order to avoid this, we need to increase the delay after reset and
+clock initial operations. By using these larger values, many cycles
+have been run and no failed operations appear.
+
+It would be better to check some status register to verify when the
+operation has finished, but I do not have found any available information
+(neither in the public datasheets nor in the manufacturer's driver). The
+only available information for the necessary delays is the maufacturer's
+driver (original values) but the proposed values are not enough for the
+tested devices.
+
+Fixes: e2ca90c276e1f ("ax88179_178a: ASIX AX88179_178A USB 3.0/2.0 to gigabit ethernet adapter driver")
+Reported-by: Herb Wei <weihao.bj@ieisystem.com>
+Tested-by: Herb Wei <weihao.bj@ieisystem.com>
+Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
+Link: https://lore.kernel.org/r/20231120120642.54334-1-jtornosm@redhat.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/usb/ax88179_178a.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c
+index ea9c8361bf464..84dc9fb2b1f3f 100644
+--- a/drivers/net/usb/ax88179_178a.c
++++ b/drivers/net/usb/ax88179_178a.c
+@@ -1594,11 +1594,11 @@ static int ax88179_reset(struct usbnet *dev)
+
+ *tmp16 = AX_PHYPWR_RSTCTL_IPRL;
+ ax88179_write_cmd(dev, AX_ACCESS_MAC, AX_PHYPWR_RSTCTL, 2, 2, tmp16);
+- msleep(200);
++ msleep(500);
+
+ *tmp = AX_CLK_SELECT_ACS | AX_CLK_SELECT_BCS;
+ ax88179_write_cmd(dev, AX_ACCESS_MAC, AX_CLK_SELECT, 1, 1, tmp);
+- msleep(100);
++ msleep(200);
+
+ /* Ethernet PHY Auto Detach*/
+ ax88179_auto_detach(dev, 0);
+--
+2.42.0
+
--- /dev/null
+From 3dfcdf0a690617501b32a6717ca49d5e1accd7e6 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 17 Nov 2023 08:13:36 -0500
+Subject: nvmet: nul-terminate the NQNs passed in the connect command
+
+From: Christoph Hellwig <hch@lst.de>
+
+[ Upstream commit 1c22e0295a5eb571c27b53c7371f95699ef705ff ]
+
+The host and subsystem NQNs are passed in the connect command payload and
+interpreted as nul-terminated strings. Ensure they actually are
+nul-terminated before using them.
+
+Fixes: a07b4970f464 "nvmet: add a generic NVMe target")
+Reported-by: Alon Zahavi <zahavi.alon@gmail.com>
+Reviewed-by: Chaitanya Kulkarni <kch@nvidia.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Signed-off-by: Keith Busch <kbusch@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/target/fabrics-cmd.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/drivers/nvme/target/fabrics-cmd.c b/drivers/nvme/target/fabrics-cmd.c
+index 58544f9bbc20c..d4036508f32a7 100644
+--- a/drivers/nvme/target/fabrics-cmd.c
++++ b/drivers/nvme/target/fabrics-cmd.c
+@@ -182,6 +182,8 @@ static void nvmet_execute_admin_connect(struct nvmet_req *req)
+ goto out;
+ }
+
++ d->subsysnqn[NVMF_NQN_FIELD_LEN - 1] = '\0';
++ d->hostnqn[NVMF_NQN_FIELD_LEN - 1] = '\0';
+ status = nvmet_alloc_ctrl(d->subsysnqn, d->hostnqn, req,
+ le32_to_cpu(c->kato), &ctrl);
+ if (status) {
+@@ -237,6 +239,8 @@ static void nvmet_execute_io_connect(struct nvmet_req *req)
+ goto out;
+ }
+
++ d->subsysnqn[NVMF_NQN_FIELD_LEN - 1] = '\0';
++ d->hostnqn[NVMF_NQN_FIELD_LEN - 1] = '\0';
+ ctrl = nvmet_ctrl_find_get(d->subsysnqn, d->hostnqn,
+ le16_to_cpu(d->cntlid), req);
+ if (!ctrl) {
+--
+2.42.0
+
--- /dev/null
+From bdbfd8554888a491a61677055d25203c3788568a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 9 Mar 2021 17:16:32 -0800
+Subject: nvmet: remove unnecessary ctrl parameter
+
+From: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
+
+[ Upstream commit de5878048e11f1ec44164ebb8994de132074367a ]
+
+The function nvmet_ctrl_find_get() accepts out pointer to nvmet_ctrl
+structure. This function returns the same error value from two places
+that is :- NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR.
+
+Move this to the caller so we can change the return type to nvmet_ctrl.
+
+Now that we can changed the return type, instead of taking out pointer
+to the nvmet_ctrl structure remove that function parameter and return
+the valid nvmet_ctrl pointer on success and NULL on failure.
+
+Also, add and rename the goto labels for more readability with comments.
+
+Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com>
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Stable-dep-of: 1c22e0295a5e ("nvmet: nul-terminate the NQNs passed in the connect command")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/nvme/target/core.c | 21 +++++++++++----------
+ drivers/nvme/target/fabrics-cmd.c | 11 ++++++-----
+ drivers/nvme/target/nvmet.h | 5 +++--
+ 3 files changed, 20 insertions(+), 17 deletions(-)
+
+diff --git a/drivers/nvme/target/core.c b/drivers/nvme/target/core.c
+index d109333b95b81..60941a08e589c 100644
+--- a/drivers/nvme/target/core.c
++++ b/drivers/nvme/target/core.c
+@@ -1107,19 +1107,19 @@ static void nvmet_init_cap(struct nvmet_ctrl *ctrl)
+ ctrl->cap |= NVMET_QUEUE_SIZE - 1;
+ }
+
+-u16 nvmet_ctrl_find_get(const char *subsysnqn, const char *hostnqn, u16 cntlid,
+- struct nvmet_req *req, struct nvmet_ctrl **ret)
++struct nvmet_ctrl *nvmet_ctrl_find_get(const char *subsysnqn,
++ const char *hostnqn, u16 cntlid,
++ struct nvmet_req *req)
+ {
++ struct nvmet_ctrl *ctrl = NULL;
+ struct nvmet_subsys *subsys;
+- struct nvmet_ctrl *ctrl;
+- u16 status = 0;
+
+ subsys = nvmet_find_get_subsys(req->port, subsysnqn);
+ if (!subsys) {
+ pr_warn("connect request for invalid subsystem %s!\n",
+ subsysnqn);
+ req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
+- return NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
++ goto out;
+ }
+
+ mutex_lock(&subsys->lock);
+@@ -1132,20 +1132,21 @@ u16 nvmet_ctrl_find_get(const char *subsysnqn, const char *hostnqn, u16 cntlid,
+ if (!kref_get_unless_zero(&ctrl->ref))
+ continue;
+
+- *ret = ctrl;
+- goto out;
++ /* ctrl found */
++ goto found;
+ }
+ }
+
++ ctrl = NULL; /* ctrl not found */
+ pr_warn("could not find controller %d for subsys %s / host %s\n",
+ cntlid, subsysnqn, hostnqn);
+ req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(cntlid);
+- status = NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
+
+-out:
++found:
+ mutex_unlock(&subsys->lock);
+ nvmet_subsys_put(subsys);
+- return status;
++out:
++ return ctrl;
+ }
+
+ u16 nvmet_check_ctrl_status(struct nvmet_req *req, struct nvme_command *cmd)
+diff --git a/drivers/nvme/target/fabrics-cmd.c b/drivers/nvme/target/fabrics-cmd.c
+index 5e47395afc1d5..58544f9bbc20c 100644
+--- a/drivers/nvme/target/fabrics-cmd.c
++++ b/drivers/nvme/target/fabrics-cmd.c
+@@ -213,7 +213,7 @@ static void nvmet_execute_io_connect(struct nvmet_req *req)
+ {
+ struct nvmf_connect_command *c = &req->cmd->connect;
+ struct nvmf_connect_data *d;
+- struct nvmet_ctrl *ctrl = NULL;
++ struct nvmet_ctrl *ctrl;
+ u16 qid = le16_to_cpu(c->qid);
+ u16 status = 0;
+
+@@ -237,11 +237,12 @@ static void nvmet_execute_io_connect(struct nvmet_req *req)
+ goto out;
+ }
+
+- status = nvmet_ctrl_find_get(d->subsysnqn, d->hostnqn,
+- le16_to_cpu(d->cntlid),
+- req, &ctrl);
+- if (status)
++ ctrl = nvmet_ctrl_find_get(d->subsysnqn, d->hostnqn,
++ le16_to_cpu(d->cntlid), req);
++ if (!ctrl) {
++ status = NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
+ goto out;
++ }
+
+ if (unlikely(qid > ctrl->subsys->max_qid)) {
+ pr_warn("invalid queue id (%d)\n", qid);
+diff --git a/drivers/nvme/target/nvmet.h b/drivers/nvme/target/nvmet.h
+index c51f8dd01dc48..d625ec3e437b4 100644
+--- a/drivers/nvme/target/nvmet.h
++++ b/drivers/nvme/target/nvmet.h
+@@ -394,8 +394,9 @@ void nvmet_ctrl_fatal_error(struct nvmet_ctrl *ctrl);
+ void nvmet_update_cc(struct nvmet_ctrl *ctrl, u32 new);
+ u16 nvmet_alloc_ctrl(const char *subsysnqn, const char *hostnqn,
+ struct nvmet_req *req, u32 kato, struct nvmet_ctrl **ctrlp);
+-u16 nvmet_ctrl_find_get(const char *subsysnqn, const char *hostnqn, u16 cntlid,
+- struct nvmet_req *req, struct nvmet_ctrl **ret);
++struct nvmet_ctrl *nvmet_ctrl_find_get(const char *subsysnqn,
++ const char *hostnqn, u16 cntlid,
++ struct nvmet_req *req);
+ void nvmet_ctrl_put(struct nvmet_ctrl *ctrl);
+ u16 nvmet_check_ctrl_status(struct nvmet_req *req, struct nvme_command *cmd);
+
+--
+2.42.0
+
--- /dev/null
+afs-make-error-on-cell-lookup-failure-consistent-wit.patch
+drm-panel-simple-fix-innolux-g101ice-l01-bus-flags.patch
+drm-panel-simple-fix-innolux-g101ice-l01-timings.patch
+ata-pata_isapnp-add-missing-error-check-for-devm_iop.patch
+drm-rockchip-vop-fix-color-for-rgb888-bgr888-format-.patch
+hid-core-store-the-unique-system-identifier-in-hid_d.patch
+hid-fix-hid-device-resource-race-between-hid-core-an.patch
+ipv4-correct-silence-an-endian-warning-in-__ip_do_re.patch
+net-usb-ax88179_178a-fix-failed-operations-during-ax.patch
+arm-xen-fix-xen_vcpu_info-allocation-alignment.patch
+amd-xgbe-handle-corner-case-during-sfp-hotplug.patch
+amd-xgbe-handle-the-corner-case-during-tx-completion.patch
+amd-xgbe-propagate-the-correct-speed-and-duplex-stat.patch
+net-axienet-fix-check-for-partial-tx-checksum.patch
+afs-return-enoent-if-no-cell-dns-record-can-be-found.patch
+afs-fix-file-locking-on-r-o-volumes-to-operate-in-lo.patch
+nvmet-remove-unnecessary-ctrl-parameter.patch
+nvmet-nul-terminate-the-nqns-passed-in-the-connect-c.patch
+mips-kvm-fix-a-build-warning-about-variable-set-but-.patch
+ext4-add-a-new-helper-to-check-if-es-must-be-kept.patch
+ext4-factor-out-__es_alloc_extent-and-__es_free_exte.patch
+ext4-use-pre-allocated-es-in-__es_insert_extent.patch
+ext4-use-pre-allocated-es-in-__es_remove_extent.patch
+ext4-using-nofail-preallocation-in-ext4_es_remove_ex.patch
+ext4-using-nofail-preallocation-in-ext4_es_insert_de.patch
+ext4-using-nofail-preallocation-in-ext4_es_insert_ex.patch
+ext4-fix-slab-use-after-free-in-ext4_es_insert_exten.patch
+ext4-make-sure-allocate-pending-entry-not-fail.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
