From a826ffd60d809d04374d3e4591eead6db0c2214a Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Tue, 8 Apr 2025 11:10:15 +0200
Subject: [PATCH] 6.1-stable patches

added patches:
	btrfs-handle-errors-from-btrfs_dec_ref-properly.patch
	kunit-overflow-fix-ub-in-overflow_allocation_test.patch
---
 ...e-errors-from-btrfs_dec_ref-properly.patch | 36 ++++++++++++++
 ...w-fix-ub-in-overflow_allocation_test.patch | 48 +++++++++++++++++++
 queue-6.1/series                              |  2 +
 3 files changed, 86 insertions(+)
 create mode 100644 queue-6.1/btrfs-handle-errors-from-btrfs_dec_ref-properly.patch
 create mode 100644 queue-6.1/kunit-overflow-fix-ub-in-overflow_allocation_test.patch

diff --git a/queue-6.1/btrfs-handle-errors-from-btrfs_dec_ref-properly.patch b/queue-6.1/btrfs-handle-errors-from-btrfs_dec_ref-properly.patch
new file mode 100644
index 0000000000..24e3fb5773
--- /dev/null
+++ b/queue-6.1/btrfs-handle-errors-from-btrfs_dec_ref-properly.patch
@@ -0,0 +1,36 @@
+From 5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 Mon Sep 17 00:00:00 2001
+From: Josef Bacik <josef@toxicpanda.com>
+Date: Tue, 7 May 2024 14:12:15 -0400
+Subject: btrfs: handle errors from btrfs_dec_ref() properly
+
+From: Josef Bacik <josef@toxicpanda.com>
+
+commit 5eb178f373b4f16f3b42d55ff88fc94dd95b93b1 upstream.
+
+In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref().  This is
+incorrect, we have proper error handling here, return the error.
+
+Signed-off-by: Josef Bacik <josef@toxicpanda.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/btrfs/extent-tree.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/btrfs/extent-tree.c
++++ b/fs/btrfs/extent-tree.c
+@@ -5575,7 +5575,10 @@ static noinline int walk_up_proc(struct
+ 				ret = btrfs_dec_ref(trans, root, eb, 1);
+ 			else
+ 				ret = btrfs_dec_ref(trans, root, eb, 0);
+-			BUG_ON(ret); /* -ENOMEM */
++			if (ret) {
++				btrfs_abort_transaction(trans, ret);
++				return ret;
++			}
+ 			if (is_fstree(root->root_key.objectid)) {
+ 				ret = btrfs_qgroup_trace_leaf_items(trans, eb);
+ 				if (ret) {
diff --git a/queue-6.1/kunit-overflow-fix-ub-in-overflow_allocation_test.patch b/queue-6.1/kunit-overflow-fix-ub-in-overflow_allocation_test.patch
new file mode 100644
index 0000000000..d2ee4b8f14
--- /dev/null
+++ b/queue-6.1/kunit-overflow-fix-ub-in-overflow_allocation_test.patch
@@ -0,0 +1,48 @@
+From 92e9bac18124682c4b99ede9ee3bcdd68f121e92 Mon Sep 17 00:00:00 2001
+From: Ivan Orlov <ivan.orlov0322@gmail.com>
+Date: Thu, 15 Aug 2024 01:04:31 +0100
+Subject: kunit/overflow: Fix UB in overflow_allocation_test
+
+From: Ivan Orlov <ivan.orlov0322@gmail.com>
+
+commit 92e9bac18124682c4b99ede9ee3bcdd68f121e92 upstream.
+
+The 'device_name' array doesn't exist out of the
+'overflow_allocation_test' function scope. However, it is being used as
+a driver name when calling 'kunit_driver_create' from
+'kunit_device_register'. It produces the kernel panic with KASAN
+enabled.
+
+Since this variable is used in one place only, remove it and pass the
+device name into kunit_device_register directly as an ascii string.
+
+Signed-off-by: Ivan Orlov <ivan.orlov0322@gmail.com>
+Reviewed-by: David Gow <davidgow@google.com>
+Link: https://lore.kernel.org/r/20240815000431.401869-1-ivan.orlov0322@gmail.com
+Signed-off-by: Kees Cook <kees@kernel.org>
+Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/overflow_kunit.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/lib/overflow_kunit.c
++++ b/lib/overflow_kunit.c
+@@ -608,7 +608,6 @@ DEFINE_TEST_ALLOC(devm_kzalloc,  devm_kf
+ 
+ static void overflow_allocation_test(struct kunit *test)
+ {
+-	const char device_name[] = "overflow-test";
+ 	struct device *dev;
+ 	int count = 0;
+ 
+@@ -618,7 +617,7 @@ static void overflow_allocation_test(str
+ } while (0)
+ 
+ 	/* Create dummy device for devm_kmalloc()-family tests. */
+-	dev = root_device_register(device_name);
++	dev = root_device_register("overflow-test");
+ 	KUNIT_ASSERT_FALSE_MSG(test, IS_ERR(dev),
+ 			       "Cannot register test device\n");
+ 
diff --git a/queue-6.1/series b/queue-6.1/series
index 13090a82be..489f859e6b 100644
--- a/queue-6.1/series
+++ b/queue-6.1/series
@@ -178,3 +178,5 @@ platform-x86-isst-correct-command-storage-data-length.patch
 ntb_perf-delete-duplicate-dmaengine_unmap_put-call-in-perf_copy_chunk.patch
 perf-x86-intel-apply-static-call-for-drain_pebs.patch
 perf-x86-intel-avoid-disable-pmu-if-cpuc-enabled-in-sample-read.patch
+kunit-overflow-fix-ub-in-overflow_allocation_test.patch
+btrfs-handle-errors-from-btrfs_dec_ref-properly.patch
-- 
2.47.3