From 984cfcd3f4665846519c553554f8bd92e4e3dacd Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 8 Jul 2024 14:42:54 +0200
Subject: [PATCH] 5.10-stable patches

added patches:
	bluetooth-qca-fix-bt-enable-failure-again-for-qca6390-after-warm-reboot.patch
	can-kvaser_usb-explicitly-initialize-family-in-leafimx-driver_info-struct.patch
	fsnotify-do-not-generate-events-for-o_path-file-descriptors.patch
---
 ...-again-for-qca6390-after-warm-reboot.patch | 77 +++++++++++++++++++
 ...family-in-leafimx-driver_info-struct.patch | 33 ++++++++
 ...e-events-for-o_path-file-descriptors.patch | 44 +++++++++++
 queue-5.10/series                             |  3 +
 4 files changed, 157 insertions(+)
 create mode 100644 queue-5.10/bluetooth-qca-fix-bt-enable-failure-again-for-qca6390-after-warm-reboot.patch
 create mode 100644 queue-5.10/can-kvaser_usb-explicitly-initialize-family-in-leafimx-driver_info-struct.patch
 create mode 100644 queue-5.10/fsnotify-do-not-generate-events-for-o_path-file-descriptors.patch

diff --git a/queue-5.10/bluetooth-qca-fix-bt-enable-failure-again-for-qca6390-after-warm-reboot.patch b/queue-5.10/bluetooth-qca-fix-bt-enable-failure-again-for-qca6390-after-warm-reboot.patch
new file mode 100644
index 00000000000..81bea862a05
--- /dev/null
+++ b/queue-5.10/bluetooth-qca-fix-bt-enable-failure-again-for-qca6390-after-warm-reboot.patch
@@ -0,0 +1,77 @@
+From 88e72239ead9814b886db54fc4ee39ef3c2b8f26 Mon Sep 17 00:00:00 2001
+From: Zijun Hu <quic_zijuhu@quicinc.com>
+Date: Thu, 16 May 2024 21:31:34 +0800
+Subject: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
+
+From: Zijun Hu <quic_zijuhu@quicinc.com>
+
+commit 88e72239ead9814b886db54fc4ee39ef3c2b8f26 upstream.
+
+Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed
+serdev") will cause below regression issue:
+
+BT can't be enabled after below steps:
+cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure
+if property enable-gpios is not configured within DT|ACPI for QCA6390.
+
+The commit is to fix a use-after-free issue within qca_serdev_shutdown()
+by adding condition to avoid the serdev is flushed or wrote after closed
+but also introduces this regression issue regarding above steps since the
+VSC is not sent to reset controller during warm reboot.
+
+Fixed by sending the VSC to reset controller within qca_serdev_shutdown()
+once BT was ever enabled, and the use-after-free issue is also fixed by
+this change since the serdev is still opened before it is flushed or wrote.
+
+Verified by the reported machine Dell XPS 13 9310 laptop over below two
+kernel commits:
+commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump
+implementation for QCA") of bluetooth-next tree.
+commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump
+implementation for QCA") of linus mainline tree.
+
+Fixes: 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev")
+Cc: stable@vger.kernel.org
+Reported-by: Wren Turkal <wt@penguintechs.org>
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218726
+Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
+Tested-by: Wren Turkal <wt@penguintechs.org>
+Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/bluetooth/hci_qca.c |   18 +++++++++++++++---
+ 1 file changed, 15 insertions(+), 3 deletions(-)
+
+--- a/drivers/bluetooth/hci_qca.c
++++ b/drivers/bluetooth/hci_qca.c
+@@ -2076,15 +2076,27 @@ static void qca_serdev_shutdown(struct d
+ 	struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev);
+ 	struct hci_uart *hu = &qcadev->serdev_hu;
+ 	struct hci_dev *hdev = hu->hdev;
+-	struct qca_data *qca = hu->priv;
+ 	const u8 ibs_wake_cmd[] = { 0xFD };
+ 	const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 };
+ 
+ 	if (qcadev->btsoc_type == QCA_QCA6390) {
+-		if (test_bit(QCA_BT_OFF, &qca->flags) ||
+-		    !test_bit(HCI_RUNNING, &hdev->flags))
++		/* The purpose of sending the VSC is to reset SOC into a initial
++		 * state and the state will ensure next hdev->setup() success.
++		 * if HCI_QUIRK_NON_PERSISTENT_SETUP is set, it means that
++		 * hdev->setup() can do its job regardless of SoC state, so
++		 * don't need to send the VSC.
++		 * if HCI_SETUP is set, it means that hdev->setup() was never
++		 * invoked and the SOC is already in the initial state, so
++		 * don't also need to send the VSC.
++		 */
++		if (test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks) ||
++		    hci_dev_test_flag(hdev, HCI_SETUP))
+ 			return;
+ 
++		/* The serdev must be in open state when conrol logic arrives
++		 * here, so also fix the use-after-free issue caused by that
++		 * the serdev is flushed or wrote after it is closed.
++		 */
+ 		serdev_device_write_flush(serdev);
+ 		ret = serdev_device_write_buf(serdev, ibs_wake_cmd,
+ 					      sizeof(ibs_wake_cmd));
diff --git a/queue-5.10/can-kvaser_usb-explicitly-initialize-family-in-leafimx-driver_info-struct.patch b/queue-5.10/can-kvaser_usb-explicitly-initialize-family-in-leafimx-driver_info-struct.patch
new file mode 100644
index 00000000000..1cc3a7fb62b
--- /dev/null
+++ b/queue-5.10/can-kvaser_usb-explicitly-initialize-family-in-leafimx-driver_info-struct.patch
@@ -0,0 +1,33 @@
+From 19d5b2698c35b2132a355c67b4d429053804f8cc Mon Sep 17 00:00:00 2001
+From: Jimmy Assarsson <extja@kvaser.com>
+Date: Fri, 28 Jun 2024 21:45:29 +0200
+Subject: can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct
+
+From: Jimmy Assarsson <extja@kvaser.com>
+
+commit 19d5b2698c35b2132a355c67b4d429053804f8cc upstream.
+
+Explicitly set the 'family' driver_info struct member for leafimx.
+Previously, the correct operation relied on KVASER_LEAF being the first
+defined value in enum kvaser_usb_leaf_family.
+
+Fixes: e6c80e601053 ("can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression")
+Signed-off-by: Jimmy Assarsson <extja@kvaser.com>
+Link: https://lore.kernel.org/all/20240628194529.312968-1-extja@kvaser.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
++++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c
+@@ -114,6 +114,7 @@ static const struct kvaser_usb_driver_in
+ 
+ static const struct kvaser_usb_driver_info kvaser_usb_driver_info_leafimx = {
+ 	.quirks = 0,
++	.family = KVASER_LEAF,
+ 	.ops = &kvaser_usb_leaf_dev_ops,
+ };
+ 
diff --git a/queue-5.10/fsnotify-do-not-generate-events-for-o_path-file-descriptors.patch b/queue-5.10/fsnotify-do-not-generate-events-for-o_path-file-descriptors.patch
new file mode 100644
index 00000000000..50423585af8
--- /dev/null
+++ b/queue-5.10/fsnotify-do-not-generate-events-for-o_path-file-descriptors.patch
@@ -0,0 +1,44 @@
+From 702eb71fd6501b3566283f8c96d7ccc6ddd662e9 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Mon, 17 Jun 2024 18:23:00 +0200
+Subject: fsnotify: Do not generate events for O_PATH file descriptors
+
+From: Jan Kara <jack@suse.cz>
+
+commit 702eb71fd6501b3566283f8c96d7ccc6ddd662e9 upstream.
+
+Currently we will not generate FS_OPEN events for O_PATH file
+descriptors but we will generate FS_CLOSE events for them. This is
+asymmetry is confusing. Arguably no fsnotify events should be generated
+for O_PATH file descriptors as they cannot be used to access or modify
+file content, they are just convenient handles to file objects like
+paths. So fix the asymmetry by stopping to generate FS_CLOSE for O_PATH
+file descriptors.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Link: https://lore.kernel.org/r/20240617162303.1596-1-jack@suse.cz
+Reviewed-by: Amir Goldstein <amir73il@gmail.com>
+Signed-off-by: Christian Brauner <brauner@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/fsnotify.h |    8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/include/linux/fsnotify.h
++++ b/include/linux/fsnotify.h
+@@ -93,7 +93,13 @@ static inline int fsnotify_file(struct f
+ {
+ 	const struct path *path = &file->f_path;
+ 
+-	if (file->f_mode & FMODE_NONOTIFY)
++	/*
++	 * FMODE_NONOTIFY are fds generated by fanotify itself which should not
++	 * generate new events. We also don't want to generate events for
++	 * FMODE_PATH fds (involves open & close events) as they are just
++	 * handle creation / destruction events and not "real" file events.
++	 */
++	if (file->f_mode & (FMODE_NONOTIFY | FMODE_PATH))
+ 		return 0;
+ 
+ 	return fsnotify_parent(path->dentry, mask, path, FSNOTIFY_EVENT_PATH);
diff --git a/queue-5.10/series b/queue-5.10/series
index 24ade837a1b..64d1cf1ac47 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -38,3 +38,6 @@ nilfs2-fix-inode-number-range-checks.patch
 nilfs2-add-missing-check-for-inode-numbers-on-directory-entries.patch
 mm-optimize-the-redundant-loop-of-mm_update_owner_next.patch
 mm-avoid-overflows-in-dirty-throttling-logic.patch
+bluetooth-qca-fix-bt-enable-failure-again-for-qca6390-after-warm-reboot.patch
+can-kvaser_usb-explicitly-initialize-family-in-leafimx-driver_info-struct.patch
+fsnotify-do-not-generate-events-for-o_path-file-descriptors.patch
-- 
2.47.3