From 9e298b510a6d130fce39e98f104be223b5c44c6e Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 26 May 2024 15:56:40 +0200 Subject: [PATCH] 6.8-stable patches added patches: alsa-core-fix-null-module-pointer-assignment-at-card-init.patch alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch alsa-hda-realtek-fix-mute-micmute-leds-don-t-work-for-probook-440-460-g11.patch alsa-timer-set-lower-bound-of-start-tick-time.patch fs-ntfs3-break-dir-enumeration-if-directory-contents-error.patch fs-ntfs3-fix-case-when-index-is-reused-during-tree-transformation.patch fs-ntfs3-remove-max-link-count-info-display-during-driver-init.patch fs-ntfs3-taking-dos-names-into-account-during-link-counting.patch keys-asymmetric-add-missing-dependencies-of-fips_signature_selftest.patch keys-asymmetric-add-missing-dependency-on-crypto_sig.patch ksmbd-avoid-to-send-duplicate-oplock-break-notifications.patch ksmbd-ignore-trailing-slashes-in-share-paths.patch nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch --- ...dule-pointer-assignment-at-card-init.patch | 56 ++++++++ ...-with-kctl-removals-at-disconnection.patch | 66 ++++++++++ ...s-don-t-work-for-probook-440-460-g11.patch | 35 +++++ ...r-set-lower-bound-of-start-tick-time.patch | 47 +++++++ ...meration-if-directory-contents-error.patch | 34 +++++ ...is-reused-during-tree-transformation.patch | 51 ++++++++ ...ount-info-display-during-driver-init.patch | 32 +++++ ...es-into-account-during-link-counting.patch | 96 ++++++++++++++ ...endencies-of-fips_signature_selftest.patch | 37 ++++++ ...add-missing-dependency-on-crypto_sig.patch | 39 ++++++ ...duplicate-oplock-break-notifications.patch | 58 +++++++++ ...nore-trailing-slashes-in-share-paths.patch | 38 ++++++ ...tial-hang-in-nilfs_detach_log_writer.patch | 110 ++++++++++++++++ ...ected-freezing-of-nilfs_segctor_sync.patch | 82 ++++++++++++ ...-free-of-timer-for-log-writer-thread.patch | 122 ++++++++++++++++++ queue-6.8/series | 15 +++ 16 files changed, 918 insertions(+) create mode 100644 queue-6.8/alsa-core-fix-null-module-pointer-assignment-at-card-init.patch create mode 100644 queue-6.8/alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch create mode 100644 queue-6.8/alsa-hda-realtek-fix-mute-micmute-leds-don-t-work-for-probook-440-460-g11.patch create mode 100644 queue-6.8/alsa-timer-set-lower-bound-of-start-tick-time.patch create mode 100644 queue-6.8/fs-ntfs3-break-dir-enumeration-if-directory-contents-error.patch create mode 100644 queue-6.8/fs-ntfs3-fix-case-when-index-is-reused-during-tree-transformation.patch create mode 100644 queue-6.8/fs-ntfs3-remove-max-link-count-info-display-during-driver-init.patch create mode 100644 queue-6.8/fs-ntfs3-taking-dos-names-into-account-during-link-counting.patch create mode 100644 queue-6.8/keys-asymmetric-add-missing-dependencies-of-fips_signature_selftest.patch create mode 100644 queue-6.8/keys-asymmetric-add-missing-dependency-on-crypto_sig.patch create mode 100644 queue-6.8/ksmbd-avoid-to-send-duplicate-oplock-break-notifications.patch create mode 100644 queue-6.8/ksmbd-ignore-trailing-slashes-in-share-paths.patch create mode 100644 queue-6.8/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch create mode 100644 queue-6.8/nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch create mode 100644 queue-6.8/nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch diff --git a/queue-6.8/alsa-core-fix-null-module-pointer-assignment-at-card-init.patch b/queue-6.8/alsa-core-fix-null-module-pointer-assignment-at-card-init.patch new file mode 100644 index 00000000000..aad491e1471 --- /dev/null +++ b/queue-6.8/alsa-core-fix-null-module-pointer-assignment-at-card-init.patch @@ -0,0 +1,56 @@ +From 39381fe7394e5eafac76e7e9367e7351138a29c1 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 22 May 2024 09:04:39 +0200 +Subject: ALSA: core: Fix NULL module pointer assignment at card init + +From: Takashi Iwai + +commit 39381fe7394e5eafac76e7e9367e7351138a29c1 upstream. + +The commit 81033c6b584b ("ALSA: core: Warn on empty module") +introduced a WARN_ON() for a NULL module pointer passed at snd_card +object creation, and it also wraps the code around it with '#ifdef +MODULE'. This works in most cases, but the devils are always in +details. "MODULE" is defined when the target code (i.e. the sound +core) is built as a module; but this doesn't mean that the caller is +also built-in or not. Namely, when only the sound core is built-in +(CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m), +the passed module pointer is ignored even if it's non-NULL, and +card->module remains as NULL. This would result in the missing module +reference up/down at the device open/close, leading to a race with the +code execution after the module removal. + +For addressing the bug, move the assignment of card->module again out +of ifdef. The WARN_ON() is still wrapped with ifdef because the +module can be really NULL when all sound drivers are built-in. + +Note that we keep 'ifdef MODULE' for WARN_ON(), otherwise it would +lead to a false-positive NULL module check. Admittedly it won't catch +perfectly, i.e. no check is performed when CONFIG_SND=y. But, it's no +real problem as it's only for debugging, and the condition is pretty +rare. + +Fixes: 81033c6b584b ("ALSA: core: Warn on empty module") +Reported-by: Xu Yang +Closes: https://lore.kernel.org/r/20240520170349.2417900-1-xu.yang_2@nxp.com +Cc: +Signed-off-by: Takashi Iwai +Tested-by: Xu Yang +Link: https://lore.kernel.org/r/20240522070442.17786-1-tiwai@suse.de +Signed-off-by: Greg Kroah-Hartman +--- + sound/core/init.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/core/init.c ++++ b/sound/core/init.c +@@ -312,8 +312,8 @@ static int snd_card_init(struct snd_card + card->number = idx; + #ifdef MODULE + WARN_ON(!module); +- card->module = module; + #endif ++ card->module = module; + INIT_LIST_HEAD(&card->devices); + init_rwsem(&card->controls_rwsem); + rwlock_init(&card->ctl_files_rwlock); diff --git a/queue-6.8/alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch b/queue-6.8/alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch new file mode 100644 index 00000000000..8714e47db43 --- /dev/null +++ b/queue-6.8/alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch @@ -0,0 +1,66 @@ +From 87988a534d8e12f2e6fc01fe63e6c1925dc5307c Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Fri, 10 May 2024 12:14:23 +0200 +Subject: ALSA: Fix deadlocks with kctl removals at disconnection + +From: Takashi Iwai + +commit 87988a534d8e12f2e6fc01fe63e6c1925dc5307c upstream. + +In snd_card_disconnect(), we set card->shutdown flag at the beginning, +call callbacks and do sync for card->power_ref_sleep waiters at the +end. The callback may delete a kctl element, and this can lead to a +deadlock when the device was in the suspended state. Namely: + +* A process waits for the power up at snd_power_ref_and_wait() in + snd_ctl_info() or read/write() inside card->controls_rwsem. + +* The system gets disconnected meanwhile, and the driver tries to + delete a kctl via snd_ctl_remove*(); it tries to take + card->controls_rwsem again, but this is already locked by the + above. Since the sleeper isn't woken up, this deadlocks. + +An easy fix is to wake up sleepers before processing the driver +disconnect callbacks but right after setting the card->shutdown flag. +Then all sleepers will abort immediately, and the code flows again. + +So, basically this patch moves the wait_event() call at the right +timing. While we're at it, just to be sure, call wait_event_all() +instead of wait_event(), although we don't use exclusive events on +this queue for now. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=218816 +Cc: +Reviewed-by: Jaroslav Kysela +Link: https://lore.kernel.org/r/20240510101424.6279-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/core/init.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +--- a/sound/core/init.c ++++ b/sound/core/init.c +@@ -523,6 +523,14 @@ void snd_card_disconnect(struct snd_card + } + spin_unlock(&card->files_lock); + ++#ifdef CONFIG_PM ++ /* wake up sleepers here before other callbacks for avoiding potential ++ * deadlocks with other locks (e.g. in kctls); ++ * then this notifies the shutdown and sleepers would abort immediately ++ */ ++ wake_up_all(&card->power_sleep); ++#endif ++ + /* notify all connected devices about disconnection */ + /* at this point, they cannot respond to any calls except release() */ + +@@ -550,7 +558,6 @@ void snd_card_disconnect(struct snd_card + mutex_unlock(&snd_card_mutex); + + #ifdef CONFIG_PM +- wake_up(&card->power_sleep); + snd_power_sync_ref(card); + #endif + } diff --git a/queue-6.8/alsa-hda-realtek-fix-mute-micmute-leds-don-t-work-for-probook-440-460-g11.patch b/queue-6.8/alsa-hda-realtek-fix-mute-micmute-leds-don-t-work-for-probook-440-460-g11.patch new file mode 100644 index 00000000000..e298b3fcf8f --- /dev/null +++ b/queue-6.8/alsa-hda-realtek-fix-mute-micmute-leds-don-t-work-for-probook-440-460-g11.patch @@ -0,0 +1,35 @@ +From b3b6f125da2773cbc681316842afba63ca9869aa Mon Sep 17 00:00:00 2001 +From: Andy Chi +Date: Thu, 23 May 2024 14:18:31 +0800 +Subject: ALSA: hda/realtek: fix mute/micmute LEDs don't work for ProBook 440/460 G11. + +From: Andy Chi + +commit b3b6f125da2773cbc681316842afba63ca9869aa upstream. + +HP ProBook 440/460 G11 needs ALC236_FIXUP_HP_GPIO_LED quirk to +make mic-mute/audio-mute working. + +Signed-off-by: Andy Chi +Cc: +Link: https://lore.kernel.org/r/20240523061832.607500-1-andy.chi@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -10089,8 +10089,11 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x8c70, "HP EliteBook 835 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c71, "HP EliteBook 845 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c72, "HP EliteBook 865 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED), ++ SND_PCI_QUIRK(0x103c, 0x8c89, "HP ProBook 460 G11", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c8a, "HP EliteBook 630", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c8c, "HP EliteBook 660", ALC236_FIXUP_HP_GPIO_LED), ++ SND_PCI_QUIRK(0x103c, 0x8c8d, "HP ProBook 440 G11", ALC236_FIXUP_HP_GPIO_LED), ++ SND_PCI_QUIRK(0x103c, 0x8c8e, "HP ProBook 460 G11", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c90, "HP EliteBook 640", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c91, "HP EliteBook 660", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c96, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), diff --git a/queue-6.8/alsa-timer-set-lower-bound-of-start-tick-time.patch b/queue-6.8/alsa-timer-set-lower-bound-of-start-tick-time.patch new file mode 100644 index 00000000000..b3dd8f108ac --- /dev/null +++ b/queue-6.8/alsa-timer-set-lower-bound-of-start-tick-time.patch @@ -0,0 +1,47 @@ +From 4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 14 May 2024 20:27:36 +0200 +Subject: ALSA: timer: Set lower bound of start tick time + +From: Takashi Iwai + +commit 4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e upstream. + +Currently ALSA timer doesn't have the lower limit of the start tick +time, and it allows a very small size, e.g. 1 tick with 1ns resolution +for hrtimer. Such a situation may lead to an unexpected RCU stall, +where the callback repeatedly queuing the expire update, as reported +by fuzzer. + +This patch introduces a sanity check of the timer start tick time, so +that the system returns an error when a too small start size is set. +As of this patch, the lower limit is hard-coded to 100us, which is +small enough but can still work somehow. + +Reported-by: syzbot+43120c2af6ca2938cc38@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/r/000000000000fa00a1061740ab6d@google.com +Cc: +Link: https://lore.kernel.org/r/20240514182745.4015-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/core/timer.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/sound/core/timer.c ++++ b/sound/core/timer.c +@@ -553,6 +553,14 @@ static int snd_timer_start1(struct snd_t + goto unlock; + } + ++ /* check the actual time for the start tick; ++ * bail out as error if it's way too low (< 100us) ++ */ ++ if (start) { ++ if ((u64)snd_timer_hw_resolution(timer) * ticks < 100000) ++ return -EINVAL; ++ } ++ + if (start) + timeri->ticks = timeri->cticks = ticks; + else if (!timeri->cticks) diff --git a/queue-6.8/fs-ntfs3-break-dir-enumeration-if-directory-contents-error.patch b/queue-6.8/fs-ntfs3-break-dir-enumeration-if-directory-contents-error.patch new file mode 100644 index 00000000000..b4d793c650d --- /dev/null +++ b/queue-6.8/fs-ntfs3-break-dir-enumeration-if-directory-contents-error.patch @@ -0,0 +1,34 @@ +From 302e9dca8428979c9c99f2dbb44dc1783f5011c3 Mon Sep 17 00:00:00 2001 +From: Konstantin Komarov +Date: Tue, 23 Apr 2024 17:21:58 +0300 +Subject: fs/ntfs3: Break dir enumeration if directory contents error + +From: Konstantin Komarov + +commit 302e9dca8428979c9c99f2dbb44dc1783f5011c3 upstream. + +If we somehow attempt to read beyond the directory size, an error +is supposed to be returned. + +However, in some cases, read requests do not stop and instead enter +into a loop. + +To avoid this, we set the position in the directory to the end. + +Signed-off-by: Konstantin Komarov +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/ntfs3/dir.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/ntfs3/dir.c ++++ b/fs/ntfs3/dir.c +@@ -475,6 +475,7 @@ static int ntfs_readdir(struct file *fil + vbo = (u64)bit << index_bits; + if (vbo >= i_size) { + ntfs_inode_err(dir, "Looks like your dir is corrupt"); ++ ctx->pos = eod; + err = -EINVAL; + goto out; + } diff --git a/queue-6.8/fs-ntfs3-fix-case-when-index-is-reused-during-tree-transformation.patch b/queue-6.8/fs-ntfs3-fix-case-when-index-is-reused-during-tree-transformation.patch new file mode 100644 index 00000000000..1d7279f8bc1 --- /dev/null +++ b/queue-6.8/fs-ntfs3-fix-case-when-index-is-reused-during-tree-transformation.patch @@ -0,0 +1,51 @@ +From 05afeeebcac850a016ec4fb1f681ceda11963562 Mon Sep 17 00:00:00 2001 +From: Konstantin Komarov +Date: Tue, 23 Apr 2024 15:31:56 +0300 +Subject: fs/ntfs3: Fix case when index is reused during tree transformation + +From: Konstantin Komarov + +commit 05afeeebcac850a016ec4fb1f681ceda11963562 upstream. + +In most cases when adding a cluster to the directory index, +they are placed at the end, and in the bitmap, this cluster corresponds +to the last bit. The new directory size is calculated as follows: + + data_size = (u64)(bit + 1) << indx->index_bits; + +In the case of reusing a non-final cluster from the index, +data_size is calculated incorrectly, resulting in the directory size +differing from the actual size. + +A check for cluster reuse has been added, and the size update is skipped. + +Fixes: 82cae269cfa95 ("fs/ntfs3: Add initialization of super block") +Signed-off-by: Konstantin Komarov +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/ntfs3/index.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/ntfs3/index.c ++++ b/fs/ntfs3/index.c +@@ -1533,6 +1533,11 @@ static int indx_add_allocate(struct ntfs + goto out1; + } + ++ if (data_size <= le64_to_cpu(alloc->nres.data_size)) { ++ /* Reuse index. */ ++ goto out; ++ } ++ + /* Increase allocation. */ + err = attr_set_size(ni, ATTR_ALLOC, in->name, in->name_len, + &indx->alloc_run, data_size, &data_size, true, +@@ -1546,6 +1551,7 @@ static int indx_add_allocate(struct ntfs + if (in->name == I30_NAME) + i_size_write(&ni->vfs_inode, data_size); + ++out: + *vbn = bit << indx->idx2vbn_bits; + + return 0; diff --git a/queue-6.8/fs-ntfs3-remove-max-link-count-info-display-during-driver-init.patch b/queue-6.8/fs-ntfs3-remove-max-link-count-info-display-during-driver-init.patch new file mode 100644 index 00000000000..86ff8442632 --- /dev/null +++ b/queue-6.8/fs-ntfs3-remove-max-link-count-info-display-during-driver-init.patch @@ -0,0 +1,32 @@ +From a8948b5450e7c65a3a34ebf4ccfcebc19335d4fb Mon Sep 17 00:00:00 2001 +From: Konstantin Komarov +Date: Wed, 3 Apr 2024 10:08:04 +0300 +Subject: fs/ntfs3: Remove max link count info display during driver init + +From: Konstantin Komarov + +commit a8948b5450e7c65a3a34ebf4ccfcebc19335d4fb upstream. + +Removes the output of this purely informational message from the +kernel buffer: + + "ntfs3: Max link count 4000" + +Signed-off-by: Konstantin Komarov +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/ntfs3/super.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/fs/ntfs3/super.c ++++ b/fs/ntfs3/super.c +@@ -1804,8 +1804,6 @@ static int __init init_ntfs_fs(void) + { + int err; + +- pr_info("ntfs3: Max link count %u\n", NTFS_LINK_MAX); +- + if (IS_ENABLED(CONFIG_NTFS3_FS_POSIX_ACL)) + pr_info("ntfs3: Enabled Linux POSIX ACLs support\n"); + if (IS_ENABLED(CONFIG_NTFS3_64BIT_CLUSTER)) diff --git a/queue-6.8/fs-ntfs3-taking-dos-names-into-account-during-link-counting.patch b/queue-6.8/fs-ntfs3-taking-dos-names-into-account-during-link-counting.patch new file mode 100644 index 00000000000..3b7466ff218 --- /dev/null +++ b/queue-6.8/fs-ntfs3-taking-dos-names-into-account-during-link-counting.patch @@ -0,0 +1,96 @@ +From 110b24eb1a749bea3440f3ca2ff890a26179050a Mon Sep 17 00:00:00 2001 +From: Konstantin Komarov +Date: Wed, 17 Apr 2024 10:33:06 +0300 +Subject: fs/ntfs3: Taking DOS names into account during link counting + +From: Konstantin Komarov + +commit 110b24eb1a749bea3440f3ca2ff890a26179050a upstream. + +When counting and checking hard links in an ntfs file record, + + struct MFT_REC { + struct NTFS_RECORD_HEADER rhdr; // 'FILE' + __le16 seq; // 0x10: Sequence number for this record. +>> __le16 hard_links; // 0x12: The number of hard links to record. + __le16 attr_off; // 0x14: Offset to attributes. + ... + +the ntfs3 driver ignored short names (DOS names), causing the link count +to be reduced by 1 and messages to be output to dmesg. + +For Windows, such a situation is a minor error, meaning chkdsk does not report +errors on such a volume, and in the case of using the /f switch, it silently +corrects them, reporting that no errors were found. This does not affect +the consistency of the file system. + +Nevertheless, the behavior in the ntfs3 driver is incorrect and +changes the content of the file system. This patch should fix that. + +PS: most likely, there has been a confusion of concepts +MFT_REC::hard_links and inode::__i_nlink. + +Fixes: 82cae269cfa95 ("fs/ntfs3: Add initialization of super block") +Signed-off-by: Konstantin Komarov +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/ntfs3/inode.c | 7 ++++--- + fs/ntfs3/record.c | 11 ++--------- + 2 files changed, 6 insertions(+), 12 deletions(-) + +--- a/fs/ntfs3/inode.c ++++ b/fs/ntfs3/inode.c +@@ -37,7 +37,7 @@ static struct inode *ntfs_read_mft(struc + bool is_dir; + unsigned long ino = inode->i_ino; + u32 rp_fa = 0, asize, t32; +- u16 roff, rsize, names = 0; ++ u16 roff, rsize, names = 0, links = 0; + const struct ATTR_FILE_NAME *fname = NULL; + const struct INDEX_ROOT *root; + struct REPARSE_DATA_BUFFER rp; // 0x18 bytes +@@ -200,11 +200,12 @@ next_attr: + rsize < SIZEOF_ATTRIBUTE_FILENAME) + goto out; + ++ names += 1; + fname = Add2Ptr(attr, roff); + if (fname->type == FILE_NAME_DOS) + goto next_attr; + +- names += 1; ++ links += 1; + if (name && name->len == fname->name_len && + !ntfs_cmp_names_cpu(name, (struct le_str *)&fname->name_len, + NULL, false)) +@@ -429,7 +430,7 @@ end_enum: + ni->mi.dirty = true; + } + +- set_nlink(inode, names); ++ set_nlink(inode, links); + + if (S_ISDIR(mode)) { + ni->std_fa |= FILE_ATTRIBUTE_DIRECTORY; +--- a/fs/ntfs3/record.c ++++ b/fs/ntfs3/record.c +@@ -534,16 +534,9 @@ bool mi_remove_attr(struct ntfs_inode *n + if (aoff + asize > used) + return false; + +- if (ni && is_attr_indexed(attr)) { ++ if (ni && is_attr_indexed(attr) && attr->type == ATTR_NAME) { + u16 links = le16_to_cpu(ni->mi.mrec->hard_links); +- struct ATTR_FILE_NAME *fname = +- attr->type != ATTR_NAME ? +- NULL : +- resident_data_ex(attr, +- SIZEOF_ATTRIBUTE_FILENAME); +- if (fname && fname->type == FILE_NAME_DOS) { +- /* Do not decrease links count deleting DOS name. */ +- } else if (!links) { ++ if (!links) { + /* minor error. Not critical. */ + } else { + ni->mi.mrec->hard_links = cpu_to_le16(links - 1); diff --git a/queue-6.8/keys-asymmetric-add-missing-dependencies-of-fips_signature_selftest.patch b/queue-6.8/keys-asymmetric-add-missing-dependencies-of-fips_signature_selftest.patch new file mode 100644 index 00000000000..c0bdbc66729 --- /dev/null +++ b/queue-6.8/keys-asymmetric-add-missing-dependencies-of-fips_signature_selftest.patch @@ -0,0 +1,37 @@ +From 9d2fd8bdc12f403a5c35c971936a0e1d5cb5108e Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 22 Apr 2024 14:10:41 -0700 +Subject: KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST + +From: Eric Biggers + +commit 9d2fd8bdc12f403a5c35c971936a0e1d5cb5108e upstream. + +Since the signature self-test uses RSA and SHA-256, it must only be +enabled when those algorithms are enabled. Otherwise it fails and +panics the kernel on boot-up. + +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-lkp/202404221528.51d75177-lkp@intel.com +Fixes: 3cde3174eb91 ("certs: Add FIPS selftests") +Cc: stable@vger.kernel.org +Cc: Simo Sorce +Cc: David Howells +Signed-off-by: Eric Biggers +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman +--- + crypto/asymmetric_keys/Kconfig | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/crypto/asymmetric_keys/Kconfig ++++ b/crypto/asymmetric_keys/Kconfig +@@ -86,5 +86,7 @@ config FIPS_SIGNATURE_SELFTEST + depends on ASYMMETRIC_KEY_TYPE + depends on PKCS7_MESSAGE_PARSER=X509_CERTIFICATE_PARSER + depends on X509_CERTIFICATE_PARSER ++ depends on CRYPTO_RSA ++ depends on CRYPTO_SHA256 + + endif # ASYMMETRIC_KEY_TYPE diff --git a/queue-6.8/keys-asymmetric-add-missing-dependency-on-crypto_sig.patch b/queue-6.8/keys-asymmetric-add-missing-dependency-on-crypto_sig.patch new file mode 100644 index 00000000000..e088570103a --- /dev/null +++ b/queue-6.8/keys-asymmetric-add-missing-dependency-on-crypto_sig.patch @@ -0,0 +1,39 @@ +From dcaa86b904ea3761e62c849957dd0904e126bf4a Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 22 Apr 2024 14:08:45 -0700 +Subject: KEYS: asymmetric: Add missing dependency on CRYPTO_SIG + +From: Eric Biggers + +commit dcaa86b904ea3761e62c849957dd0904e126bf4a upstream. + +Make ASYMMETRIC_PUBLIC_KEY_SUBTYPE select CRYPTO_SIG to avoid build +errors like the following, which were possible with +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y && CONFIG_CRYPTO_SIG=n: + + ld: vmlinux.o: in function `public_key_verify_signature': + (.text+0x306280): undefined reference to `crypto_alloc_sig' + ld: (.text+0x306300): undefined reference to `crypto_sig_set_pubkey' + ld: (.text+0x306324): undefined reference to `crypto_sig_verify' + ld: (.text+0x30636c): undefined reference to `crypto_sig_set_privkey' + +Fixes: 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without scatterlists") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman +--- + crypto/asymmetric_keys/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/crypto/asymmetric_keys/Kconfig ++++ b/crypto/asymmetric_keys/Kconfig +@@ -15,6 +15,7 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select MPILIB + select CRYPTO_HASH_INFO + select CRYPTO_AKCIPHER ++ select CRYPTO_SIG + select CRYPTO_HASH + help + This option provides support for asymmetric public key type handling. diff --git a/queue-6.8/ksmbd-avoid-to-send-duplicate-oplock-break-notifications.patch b/queue-6.8/ksmbd-avoid-to-send-duplicate-oplock-break-notifications.patch new file mode 100644 index 00000000000..f95ecbadfec --- /dev/null +++ b/queue-6.8/ksmbd-avoid-to-send-duplicate-oplock-break-notifications.patch @@ -0,0 +1,58 @@ +From c91ecba9e421e4f2c9219cf5042fa63a12025310 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Thu, 9 May 2024 15:25:39 +0900 +Subject: ksmbd: avoid to send duplicate oplock break notifications + +From: Namjae Jeon + +commit c91ecba9e421e4f2c9219cf5042fa63a12025310 upstream. + +This patch fixes generic/011 when oplocks is enable. + +Avoid to send duplicate oplock break notifications like smb2 leases +case. + +Fixes: 97c2ec64667b ("ksmbd: avoid to send duplicate lease break notifications") +Cc: stable@vger.kernel.org +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/server/oplock.c | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +--- a/fs/smb/server/oplock.c ++++ b/fs/smb/server/oplock.c +@@ -613,19 +613,24 @@ static int oplock_break_pending(struct o + if (opinfo->op_state == OPLOCK_CLOSING) + return -ENOENT; + else if (opinfo->level <= req_op_level) { +- if (opinfo->is_lease && +- opinfo->o_lease->state != +- (SMB2_LEASE_HANDLE_CACHING_LE | +- SMB2_LEASE_READ_CACHING_LE)) ++ if (opinfo->is_lease == false) ++ return 1; ++ ++ if (opinfo->o_lease->state != ++ (SMB2_LEASE_HANDLE_CACHING_LE | ++ SMB2_LEASE_READ_CACHING_LE)) + return 1; + } + } + + if (opinfo->level <= req_op_level) { +- if (opinfo->is_lease && +- opinfo->o_lease->state != +- (SMB2_LEASE_HANDLE_CACHING_LE | +- SMB2_LEASE_READ_CACHING_LE)) { ++ if (opinfo->is_lease == false) { ++ wake_up_oplock_break(opinfo); ++ return 1; ++ } ++ if (opinfo->o_lease->state != ++ (SMB2_LEASE_HANDLE_CACHING_LE | ++ SMB2_LEASE_READ_CACHING_LE)) { + wake_up_oplock_break(opinfo); + return 1; + } diff --git a/queue-6.8/ksmbd-ignore-trailing-slashes-in-share-paths.patch b/queue-6.8/ksmbd-ignore-trailing-slashes-in-share-paths.patch new file mode 100644 index 00000000000..2c2aae386b1 --- /dev/null +++ b/queue-6.8/ksmbd-ignore-trailing-slashes-in-share-paths.patch @@ -0,0 +1,38 @@ +From 405ee4097c4bc3e70556520aed5ba52a511c2266 Mon Sep 17 00:00:00 2001 +From: Nandor Kracser +Date: Tue, 21 May 2024 22:56:17 +0900 +Subject: ksmbd: ignore trailing slashes in share paths + +From: Nandor Kracser + +commit 405ee4097c4bc3e70556520aed5ba52a511c2266 upstream. + +Trailing slashes in share paths (like: /home/me/Share/) caused permission +issues with shares for clients on iOS and on Android TV for me, +but otherwise they work fine with plain old Samba. + +Cc: stable@vger.kernel.org +Signed-off-by: Nandor Kracser +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/server/mgmt/share_config.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/fs/smb/server/mgmt/share_config.c ++++ b/fs/smb/server/mgmt/share_config.c +@@ -165,8 +165,12 @@ static struct ksmbd_share_config *share_ + + share->path = kstrndup(ksmbd_share_config_path(resp), path_len, + GFP_KERNEL); +- if (share->path) ++ if (share->path) { + share->path_sz = strlen(share->path); ++ while (share->path_sz > 1 && ++ share->path[share->path_sz - 1] == '/') ++ share->path[--share->path_sz] = '\0'; ++ } + share->create_mask = resp->create_mask; + share->directory_mask = resp->directory_mask; + share->force_create_mode = resp->force_create_mode; diff --git a/queue-6.8/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch b/queue-6.8/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch new file mode 100644 index 00000000000..6916634f972 --- /dev/null +++ b/queue-6.8/nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch @@ -0,0 +1,110 @@ +From eb85dace897c5986bc2f36b3c783c6abb8a4292e Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Mon, 20 May 2024 22:26:21 +0900 +Subject: nilfs2: fix potential hang in nilfs_detach_log_writer() + +From: Ryusuke Konishi + +commit eb85dace897c5986bc2f36b3c783c6abb8a4292e upstream. + +Syzbot has reported a potential hang in nilfs_detach_log_writer() called +during nilfs2 unmount. + +Analysis revealed that this is because nilfs_segctor_sync(), which +synchronizes with the log writer thread, can be called after +nilfs_segctor_destroy() terminates that thread, as shown in the call trace +below: + +nilfs_detach_log_writer + nilfs_segctor_destroy + nilfs_segctor_kill_thread --> Shut down log writer thread + flush_work + nilfs_iput_work_func + nilfs_dispose_list + iput + nilfs_evict_inode + nilfs_transaction_commit + nilfs_construct_segment (if inode needs sync) + nilfs_segctor_sync --> Attempt to synchronize with + log writer thread + *** DEADLOCK *** + +Fix this issue by changing nilfs_segctor_sync() so that the log writer +thread returns normally without synchronizing after it terminates, and by +forcing tasks that are already waiting to complete once after the thread +terminates. + +The skipped inode metadata flushout will then be processed together in the +subsequent cleanup work in nilfs_segctor_destroy(). + +Link: https://lkml.kernel.org/r/20240520132621.4054-4-konishi.ryusuke@gmail.com +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+e3973c409251e136fdd0@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=e3973c409251e136fdd0 +Tested-by: Ryusuke Konishi +Cc: +Cc: "Bai, Shuangpeng" +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/segment.c | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -2233,6 +2233,14 @@ static int nilfs_segctor_sync(struct nil + for (;;) { + set_current_state(TASK_INTERRUPTIBLE); + ++ /* ++ * Synchronize only while the log writer thread is alive. ++ * Leave flushing out after the log writer thread exits to ++ * the cleanup work in nilfs_segctor_destroy(). ++ */ ++ if (!sci->sc_task) ++ break; ++ + if (atomic_read(&wait_req.done)) { + err = wait_req.err; + break; +@@ -2248,7 +2256,7 @@ static int nilfs_segctor_sync(struct nil + return err; + } + +-static void nilfs_segctor_wakeup(struct nilfs_sc_info *sci, int err) ++static void nilfs_segctor_wakeup(struct nilfs_sc_info *sci, int err, bool force) + { + struct nilfs_segctor_wait_request *wrq, *n; + unsigned long flags; +@@ -2256,7 +2264,7 @@ static void nilfs_segctor_wakeup(struct + spin_lock_irqsave(&sci->sc_wait_request.lock, flags); + list_for_each_entry_safe(wrq, n, &sci->sc_wait_request.head, wq.entry) { + if (!atomic_read(&wrq->done) && +- nilfs_cnt32_ge(sci->sc_seq_done, wrq->seq)) { ++ (force || nilfs_cnt32_ge(sci->sc_seq_done, wrq->seq))) { + wrq->err = err; + atomic_set(&wrq->done, 1); + } +@@ -2405,7 +2413,7 @@ static void nilfs_segctor_notify(struct + if (mode == SC_LSEG_SR) { + sci->sc_state &= ~NILFS_SEGCTOR_COMMIT; + sci->sc_seq_done = sci->sc_seq_accepted; +- nilfs_segctor_wakeup(sci, err); ++ nilfs_segctor_wakeup(sci, err, false); + sci->sc_flush_request = 0; + } else { + if (mode == SC_FLUSH_FILE) +@@ -2789,6 +2797,13 @@ static void nilfs_segctor_destroy(struct + || sci->sc_seq_request != sci->sc_seq_done); + spin_unlock(&sci->sc_state_lock); + ++ /* ++ * Forcibly wake up tasks waiting in nilfs_segctor_sync(), which can ++ * be called from delayed iput() via nilfs_evict_inode() and can race ++ * with the above log writer thread termination. ++ */ ++ nilfs_segctor_wakeup(sci, 0, true); ++ + if (flush_work(&sci->sc_iput_work)) + flag = true; + diff --git a/queue-6.8/nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch b/queue-6.8/nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch new file mode 100644 index 00000000000..9572b057428 --- /dev/null +++ b/queue-6.8/nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch @@ -0,0 +1,82 @@ +From 936184eadd82906992ff1f5ab3aada70cce44cee Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Mon, 20 May 2024 22:26:20 +0900 +Subject: nilfs2: fix unexpected freezing of nilfs_segctor_sync() + +From: Ryusuke Konishi + +commit 936184eadd82906992ff1f5ab3aada70cce44cee upstream. + +A potential and reproducible race issue has been identified where +nilfs_segctor_sync() would block even after the log writer thread writes a +checkpoint, unless there is an interrupt or other trigger to resume log +writing. + +This turned out to be because, depending on the execution timing of the +log writer thread running in parallel, the log writer thread may skip +responding to nilfs_segctor_sync(), which causes a call to schedule() +waiting for completion within nilfs_segctor_sync() to lose the opportunity +to wake up. + +The reason why waking up the task waiting in nilfs_segctor_sync() may be +skipped is that updating the request generation issued using a shared +sequence counter and adding an wait queue entry to the request wait queue +to the log writer, are not done atomically. There is a possibility that +log writing and request completion notification by nilfs_segctor_wakeup() +may occur between the two operations, and in that case, the wait queue +entry is not yet visible to nilfs_segctor_wakeup() and the wake-up of +nilfs_segctor_sync() will be carried over until the next request occurs. + +Fix this issue by performing these two operations simultaneously within +the lock section of sc_state_lock. Also, following the memory barrier +guidelines for event waiting loops, move the call to set_current_state() +in the same location into the event waiting loop to ensure that a memory +barrier is inserted just before the event condition determination. + +Link: https://lkml.kernel.org/r/20240520132621.4054-3-konishi.ryusuke@gmail.com +Fixes: 9ff05123e3bf ("nilfs2: segment constructor") +Signed-off-by: Ryusuke Konishi +Tested-by: Ryusuke Konishi +Cc: +Cc: "Bai, Shuangpeng" +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/segment.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -2211,19 +2211,28 @@ static int nilfs_segctor_sync(struct nil + struct nilfs_segctor_wait_request wait_req; + int err = 0; + +- spin_lock(&sci->sc_state_lock); + init_wait(&wait_req.wq); + wait_req.err = 0; + atomic_set(&wait_req.done, 0); ++ init_waitqueue_entry(&wait_req.wq, current); ++ ++ /* ++ * To prevent a race issue where completion notifications from the ++ * log writer thread are missed, increment the request sequence count ++ * "sc_seq_request" and insert a wait queue entry using the current ++ * sequence number into the "sc_wait_request" queue at the same time ++ * within the lock section of "sc_state_lock". ++ */ ++ spin_lock(&sci->sc_state_lock); + wait_req.seq = ++sci->sc_seq_request; ++ add_wait_queue(&sci->sc_wait_request, &wait_req.wq); + spin_unlock(&sci->sc_state_lock); + +- init_waitqueue_entry(&wait_req.wq, current); +- add_wait_queue(&sci->sc_wait_request, &wait_req.wq); +- set_current_state(TASK_INTERRUPTIBLE); + wake_up(&sci->sc_wait_daemon); + + for (;;) { ++ set_current_state(TASK_INTERRUPTIBLE); ++ + if (atomic_read(&wait_req.done)) { + err = wait_req.err; + break; diff --git a/queue-6.8/nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch b/queue-6.8/nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch new file mode 100644 index 00000000000..772c2502bfe --- /dev/null +++ b/queue-6.8/nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch @@ -0,0 +1,122 @@ +From f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Mon, 20 May 2024 22:26:19 +0900 +Subject: nilfs2: fix use-after-free of timer for log writer thread + +From: Ryusuke Konishi + +commit f5d4e04634c9cf68bdf23de08ada0bb92e8befe7 upstream. + +Patch series "nilfs2: fix log writer related issues". + +This bug fix series covers three nilfs2 log writer-related issues, +including a timer use-after-free issue and potential deadlock issue on +unmount, and a potential freeze issue in event synchronization found +during their analysis. Details are described in each commit log. + + +This patch (of 3): + +A use-after-free issue has been reported regarding the timer sc_timer on +the nilfs_sc_info structure. + +The problem is that even though it is used to wake up a sleeping log +writer thread, sc_timer is not shut down until the nilfs_sc_info structure +is about to be freed, and is used regardless of the thread's lifetime. + +Fix this issue by limiting the use of sc_timer only while the log writer +thread is alive. + +Link: https://lkml.kernel.org/r/20240520132621.4054-1-konishi.ryusuke@gmail.com +Link: https://lkml.kernel.org/r/20240520132621.4054-2-konishi.ryusuke@gmail.com +Fixes: fdce895ea5dd ("nilfs2: change sc_timer from a pointer to an embedded one in struct nilfs_sc_info") +Signed-off-by: Ryusuke Konishi +Reported-by: "Bai, Shuangpeng" +Closes: https://groups.google.com/g/syzkaller/c/MK_LYqtt8ko/m/8rgdWeseAwAJ +Tested-by: Ryusuke Konishi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/segment.c | 25 +++++++++++++++++++------ + 1 file changed, 19 insertions(+), 6 deletions(-) + +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -2161,8 +2161,10 @@ static void nilfs_segctor_start_timer(st + { + spin_lock(&sci->sc_state_lock); + if (!(sci->sc_state & NILFS_SEGCTOR_COMMIT)) { +- sci->sc_timer.expires = jiffies + sci->sc_interval; +- add_timer(&sci->sc_timer); ++ if (sci->sc_task) { ++ sci->sc_timer.expires = jiffies + sci->sc_interval; ++ add_timer(&sci->sc_timer); ++ } + sci->sc_state |= NILFS_SEGCTOR_COMMIT; + } + spin_unlock(&sci->sc_state_lock); +@@ -2363,10 +2365,21 @@ int nilfs_construct_dsync_segment(struct + */ + static void nilfs_segctor_accept(struct nilfs_sc_info *sci) + { ++ bool thread_is_alive; ++ + spin_lock(&sci->sc_state_lock); + sci->sc_seq_accepted = sci->sc_seq_request; ++ thread_is_alive = (bool)sci->sc_task; + spin_unlock(&sci->sc_state_lock); +- del_timer_sync(&sci->sc_timer); ++ ++ /* ++ * This function does not race with the log writer thread's ++ * termination. Therefore, deleting sc_timer, which should not be ++ * done after the log writer thread exits, can be done safely outside ++ * the area protected by sc_state_lock. ++ */ ++ if (thread_is_alive) ++ del_timer_sync(&sci->sc_timer); + } + + /** +@@ -2392,7 +2405,7 @@ static void nilfs_segctor_notify(struct + sci->sc_flush_request &= ~FLUSH_DAT_BIT; + + /* re-enable timer if checkpoint creation was not done */ +- if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && ++ if ((sci->sc_state & NILFS_SEGCTOR_COMMIT) && sci->sc_task && + time_before(jiffies, sci->sc_timer.expires)) + add_timer(&sci->sc_timer); + } +@@ -2582,6 +2595,7 @@ static int nilfs_segctor_thread(void *ar + int timeout = 0; + + sci->sc_timer_task = current; ++ timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); + + /* start sync. */ + sci->sc_task = current; +@@ -2649,6 +2663,7 @@ static int nilfs_segctor_thread(void *ar + end_thread: + /* end sync. */ + sci->sc_task = NULL; ++ timer_shutdown_sync(&sci->sc_timer); + wake_up(&sci->sc_wait_task); /* for nilfs_segctor_kill_thread() */ + spin_unlock(&sci->sc_state_lock); + return 0; +@@ -2712,7 +2727,6 @@ static struct nilfs_sc_info *nilfs_segct + INIT_LIST_HEAD(&sci->sc_gc_inodes); + INIT_LIST_HEAD(&sci->sc_iput_queue); + INIT_WORK(&sci->sc_iput_work, nilfs_iput_work_func); +- timer_setup(&sci->sc_timer, nilfs_construction_timeout, 0); + + sci->sc_interval = HZ * NILFS_SC_DEFAULT_TIMEOUT; + sci->sc_mjcp_freq = HZ * NILFS_SC_DEFAULT_SR_FREQ; +@@ -2791,7 +2805,6 @@ static void nilfs_segctor_destroy(struct + + down_write(&nilfs->ns_segctor_sem); + +- timer_shutdown_sync(&sci->sc_timer); + kfree(sci); + } + diff --git a/queue-6.8/series b/queue-6.8/series index a776b1c10bf..0c2afe91b80 100644 --- a/queue-6.8/series +++ b/queue-6.8/series @@ -18,3 +18,18 @@ tools-nolibc-stdlib-fix-memory-error-in-realloc.patch net-ti-icssg_prueth-fix-null-pointer-dereference-in-prueth_probe.patch net-lan966x-remove-debugfs-directory-in-probe-error-path.patch net-smc91x-fix-m68k-kernel-compilation-for-coldfire-cpu.patch +nilfs2-fix-use-after-free-of-timer-for-log-writer-thread.patch +nilfs2-fix-unexpected-freezing-of-nilfs_segctor_sync.patch +nilfs2-fix-potential-hang-in-nilfs_detach_log_writer.patch +fs-ntfs3-remove-max-link-count-info-display-during-driver-init.patch +fs-ntfs3-taking-dos-names-into-account-during-link-counting.patch +fs-ntfs3-fix-case-when-index-is-reused-during-tree-transformation.patch +fs-ntfs3-break-dir-enumeration-if-directory-contents-error.patch +ksmbd-avoid-to-send-duplicate-oplock-break-notifications.patch +ksmbd-ignore-trailing-slashes-in-share-paths.patch +alsa-hda-realtek-fix-mute-micmute-leds-don-t-work-for-probook-440-460-g11.patch +alsa-core-fix-null-module-pointer-assignment-at-card-init.patch +alsa-timer-set-lower-bound-of-start-tick-time.patch +alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch +keys-asymmetric-add-missing-dependency-on-crypto_sig.patch +keys-asymmetric-add-missing-dependencies-of-fips_signature_selftest.patch -- 2.47.3