Linux 6.6.32

 
Linux: Add definition for new smb3.1.1 command type [+ + +]
Author: Steve French <[email protected]>
Date:   Sun Oct 8 23:04:01 2023 -0500

    Add definition for new smb3.1.1 command type
    
    [ Upstream commit 7588b83066db9b9dc10c1a43b8e52a028ad327d2 ]
    
    Add structs and defines for new SMB3.1.1 command, server to client notification.
    
    See MS-SMB2 section 2.2.44
    
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET [+ + +]
Author: Thomas Weißschuh <[email protected]>
Date:   Tue Apr 23 12:34:25 2024 +0200

    admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
    
    commit 8af2d1ab78f2342f8c4c3740ca02d86f0ebfac5a upstream.
    
    sched_core_share_pid() copies the cookie to userspace with
    put_user(id, (u64 __user *)uaddr), expecting 64 bits of space.
    The "unsigned long" datatype that is documented in core-scheduling.rst
    however is only 32 bits large on 32 bit architectures.
    
    Document "unsigned long long" as the correct data type that is always
    64bits large.
    
    This matches what the selftest cs_prctl_test.c has been doing all along.
    
    Fixes: 0159bb020ca9 ("Documentation: Add usecases, design and interface for core scheduling")
    Cc: [email protected]
    Link: https://lore.kernel.org/util-linux/[email protected]/
    Signed-off-by: Thomas Weißschuh <[email protected]>
    Reviewed-by: Chris Hyser <[email protected]>
    Signed-off-by: Jonathan Corbet <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
binder: fix max_thread type inconsistency [+ + +]
Author: Carlos Llamas <[email protected]>
Date:   Sun Apr 21 17:37:49 2024 +0000

    binder: fix max_thread type inconsistency
    
    commit 42316941335644a98335f209daafa4c122f28983 upstream.
    
    The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from
    size_t to __u32 in order to avoid incompatibility issues between 32 and
    64-bit kernels. However, the internal types used to copy from user and
    store the value were never updated. Use u32 to fix the inconsistency.
    
    Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration")
    Reported-by: Arve Hjønnevåg <[email protected]>
    Cc: [email protected]
    Signed-off-by: Carlos Llamas <[email protected]>
    Reviewed-by: Alice Ryhl <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
block: add a disk_has_partscan helper [+ + +]
Author: Christoph Hellwig <[email protected]>
Date:   Thu May 2 15:00:32 2024 +0200

    block: add a disk_has_partscan helper
    
    commit 140ce28dd3bee8e53acc27f123ae474d69ef66f0 upstream.
    
    Add a helper to check if partition scanning is enabled instead of
    open coding the check in a few places.  This now always checks for
    the hidden flag even if all but one of the callers are never reachable
    for hidden gendisks.
    
    Signed-off-by: Christoph Hellwig <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Jens Axboe <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

block: add a partscan sysfs attribute for disks [+ + +]
Author: Christoph Hellwig <[email protected]>
Date:   Thu May 2 15:00:33 2024 +0200

    block: add a partscan sysfs attribute for disks
    
    commit a4217c6740dc64a3eb6815868a9260825e8c68c6 upstream.
    
    Userspace had been unknowingly relying on a non-stable interface of
    kernel internals to determine if partition scanning is enabled for a
    given disk. Provide a stable interface for this purpose instead.
    
    Cc: [email protected] # 6.3+
    Depends-on: 140ce28dd3be ("block: add a disk_has_partscan helper")
    Signed-off-by: Christoph Hellwig <[email protected]>
    Link: https://lore.kernel.org/linux-block/ZhQJf8mzq_wipkBH@gardel-login/
    Link: https://lore.kernel.org/r/[email protected]
    [axboe: add links and commit message from Keith]
    Signed-off-by: Jens Axboe <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() [+ + +]
Author: Sungwoo Kim <[email protected]>
Date:   Sat May 4 15:23:29 2024 -0400

    Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
    
    commit a5b862c6a221459d54e494e88965b48dcfa6cc44 upstream.
    
    l2cap_le_flowctl_init() can cause both div-by-zero and an integer
    overflow since hdev->le_mtu may not fall in the valid range.
    
    Move MTU from hci_dev to hci_conn to validate MTU and stop the connection
    process earlier if MTU is invalid.
    Also, add a missing validation in read_buffer_size() and make it return
    an error value if the validation fails.
    Now hci_conn_add() returns ERR_PTR() as it can fail due to the both a
    kzalloc failure and invalid MTU value.
    
    divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI
    CPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G        W          6.9.0-rc5+ #20
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
    Workqueue: hci0 hci_rx_work
    RIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547
    Code: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c
    89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d
    b7 88 00 00 00 4c 89 f0 48 c1 e8 03 42
    RSP: 0018:ffff88810bc0f858 EFLAGS: 00010246
    RAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000
    RDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f
    RBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa
    R10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084
    R13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000
    FS:  0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0
    PKRU: 55555554
    Call Trace:
     <TASK>
     l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]
     l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]
     l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]
     l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809
     l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506
     hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]
     hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176
     process_one_work kernel/workqueue.c:3254 [inline]
     process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335
     worker_thread+0x926/0xe70 kernel/workqueue.c:3416
     kthread+0x2e3/0x380 kernel/kthread.c:388
     ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147
     ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
     </TASK>
    Modules linked in:
    ---[ end trace 0000000000000000 ]---
    
    Fixes: 6ed58ec520ad ("Bluetooth: Use LE buffers for LE traffic")
    Suggested-by: Luiz Augusto von Dentz <[email protected]>
    Signed-off-by: Sungwoo Kim <[email protected]>
    Signed-off-by: Luiz Augusto von Dentz <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() [+ + +]
Author: Sungwoo Kim <[email protected]>
Date:   Tue Apr 30 02:32:10 2024 -0400

    Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
    
    commit 4d7b41c0e43995b0e992b9f8903109275744b658 upstream.
    
    Extend a critical section to prevent chan from early freeing.
    Also make the l2cap_connect() return type void. Nothing is using the
    returned value but it is ugly to return a potentially freed pointer.
    Making it void will help with backports because earlier kernels did use
    the return value. Now the compile will break for kernels where this
    patch is not a complete fix.
    
    Call stack summary:
    
    [use]
    l2cap_bredr_sig_cmd
      l2cap_connect
      ┌ mutex_lock(&conn->chan_lock);
      │ chan = pchan->ops->new_connection(pchan); <- alloc chan
      │ __l2cap_chan_add(conn, chan);
      │   l2cap_chan_hold(chan);
      │   list_add(&chan->list, &conn->chan_l);   ... (1)
      └ mutex_unlock(&conn->chan_lock);
        chan->conf_state              ... (4) <- use after free
    
    [free]
    l2cap_conn_del
    ┌ mutex_lock(&conn->chan_lock);
    │ foreach chan in conn->chan_l:            ... (2)
    │   l2cap_chan_put(chan);
    │     l2cap_chan_destroy
    │       kfree(chan)               ... (3) <- chan freed
    └ mutex_unlock(&conn->chan_lock);
    
    ==================================================================
    BUG: KASAN: slab-use-after-free in instrument_atomic_read
    include/linux/instrumented.h:68 [inline]
    BUG: KASAN: slab-use-after-free in _test_bit
    include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline]
    BUG: KASAN: slab-use-after-free in l2cap_connect+0xa67/0x11a0
    net/bluetooth/l2cap_core.c:4260
    Read of size 8 at addr ffff88810bf040a0 by task kworker/u3:1/311
    
    Fixes: 73ffa904b782 ("Bluetooth: Move conf_{req,rsp} stuff to struct l2cap_chan")
    Signed-off-by: Sungwoo Kim <[email protected]>
    Signed-off-by: Luiz Augusto von Dentz <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
bpf: Add missing BPF_LINK_TYPE invocations [+ + +]
Author: Jiri Olsa <[email protected]>
Date:   Sat Dec 16 00:05:02 2023 +0100

    bpf: Add missing BPF_LINK_TYPE invocations
    
    commit 117211aa739a926e6555cfea883be84bee6f1695 upstream.
    
    Pengfei Xu reported [1] Syzkaller/KASAN issue found in bpf_link_show_fdinfo.
    
    The reason is missing BPF_LINK_TYPE invocation for uprobe multi
    link and for several other links, adding that.
    
    [1] https://lore.kernel.org/bpf/[email protected]/
    
    Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link")
    Fixes: e420bed02507 ("bpf: Add fd-based tcx multi-prog infra with link support")
    Fixes: 84601d6ee68a ("bpf: add bpf_link support for BPF_NETFILTER programs")
    Fixes: 35dfaad7188c ("netkit, bpf: Add bpf programmable net device")
    Reported-by: Pengfei Xu <[email protected]>
    Signed-off-by: Jiri Olsa <[email protected]>
    Signed-off-by: Andrii Nakryiko <[email protected]>
    Tested-by: Pengfei Xu <[email protected]>
    Acked-by: Hou Tao <[email protected]>
    Link: https://lore.kernel.org/bpf/[email protected]
    Signed-off-by: Ignat Korchagin <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
cifs: Add client version details to NTLM authenticate message [+ + +]
Author: Meetakshi Setiya <[email protected]>
Date:   Wed Oct 4 07:17:55 2023 -0400

    cifs: Add client version details to NTLM authenticate message
    
    [ Upstream commit 1460720c5913c11415e4d7c4df5a287eb2ad3f3e ]
    
    The NTLM authenticate message currently sets the NTLMSSP_NEGOTIATE_VERSION
    flag but does not populate the VERSION structure. This commit fixes this
    bug by ensuring that the flag is set and the version details are included
    in the message.
    
    Signed-off-by: Meetakshi Setiya <[email protected]>
    Reviewed-by: Bharath SM <[email protected]>
    Reviewed-by: Paulo Alcantara (SUSE) <[email protected]>
    Reviewed-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>
cifs: Add tracing for the cifs_tcon struct refcounting [+ + +]
Author: David Howells <[email protected]>
Date:   Thu Apr 4 13:51:36 2024 +0100

    cifs: Add tracing for the cifs_tcon struct refcounting
    
    [ Upstream commit afc23febd51c7e24361e3a9c09f3e892eb0a41ea ]
    
    Add tracing for the refcounting/lifecycle of the cifs_tcon struct, marking
    different events with different labels and giving each tcon its own debug
    ID so that the tracelines corresponding to individual tcons can be
    distinguished.  This can be enabled with:
    
            echo 1 >/sys/kernel/debug/tracing/events/cifs/smb3_tcon_ref/enable
    
    Signed-off-by: David Howells <[email protected]>
    Acked-by: Paulo Alcantara (Red Hat) <[email protected]>
    cc: Shyam Prasad N <[email protected]>
    cc: [email protected]
    cc: [email protected]
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: commands that are retried should have replay flag set [+ + +]
Author: Shyam Prasad N <[email protected]>
Date:   Sun Jan 21 03:32:47 2024 +0000

    cifs: commands that are retried should have replay flag set
    
    [ Upstream commit 4f1fffa2376922f3d1d506e49c0fd445b023a28e ]
    
    MS-SMB2 states that the header flag SMB2_FLAGS_REPLAY_OPERATION
    needs to be set when a command needs to be retried, so that
    the server is aware that this is a replay for an operation that
    appeared before.
    
    This can be very important, for example, for state changing
    operations and opens which get retried following a reconnect;
    since the client maybe unaware of the status of the previous
    open.
    
    This is particularly important for multichannel scenario, since
    disconnection of one connection does not mean that the session
    is lost. The requests can be replayed on another channel.
    
    This change also makes use of exponential back-off before replays
    and also limits the number of retries to "retrans" mount option
    value.
    
    Also, this change does not modify the read/write codepath.
    
    Signed-off-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: defer close file handles having RH lease [+ + +]
Author: Bharath SM <[email protected]>
Date:   Tue Mar 12 21:21:41 2024 -0500

    cifs: defer close file handles having RH lease
    
    [ Upstream commit dc528770edb138e26a533f8a77de5c4db18ea7f3 ]
    
    Previously we only deferred closing file handles with RHW
    lease. To enhance performance benefits from deferred closes,
    we now include handles with RH leases as well.
    
    Signed-off-by: Bharath SM <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: fix in logging in cifs_chan_update_iface [+ + +]
Author: Steve French <[email protected]>
Date:   Sat Apr 27 20:05:11 2024 -0500

    cifs: fix in logging in cifs_chan_update_iface
    
    [ Upstream commit 516eea97f92f1e7271f20835cfe9e73774b0f8cc ]
    
    Recently, cifs_chan_update_iface was modified to not
    remove an iface if a suitable replacement was not found.
    With that, there were two conditionals that were exactly
    the same. This change removes that extra condition check.
    
    Also, fixed a logging in the same function to indicate
    the correct message.
    
    Signed-off-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: fix use after free for iface while disabling secondary channels [+ + +]
Author: Ritvik Budhiraja <[email protected]>
Date:   Tue Nov 21 19:13:47 2023 +0530

    cifs: fix use after free for iface while disabling secondary channels
    
    [ Upstream commit a15ccef82d3de9a37dc25898c60a394209368dc8 ]
    
    We were deferencing iface after it has been released. Fix is to
    release after all dereference instances have been encountered.
    
    Signed-off-by: Ritvik Budhiraja <[email protected]>
    Reported-by: kernel test robot <[email protected]>
    Reported-by: Dan Carpenter <[email protected]>
    Closes: https://lore.kernel.org/r/[email protected]/
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: fixes for get_inode_info [+ + +]
Author: Meetakshi Setiya <[email protected]>
Date:   Thu Mar 14 08:05:49 2024 -0400

    cifs: fixes for get_inode_info
    
    [ Upstream commit fc20c523211a38b87fc850a959cb2149e4fd64b0 ]
    
    Fix potential memory leaks, add error checking, remove unnecessary
    initialisation of status_file_deleted and do not use cifs_iget() to get
    inode in reparse_info_to_fattr since fattrs may not be fully set.
    
    Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files")
    Reported-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Meetakshi Setiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: get rid of dup length check in parse_reparse_point() [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Sat Jan 6 20:05:18 2024 -0300

    cifs: get rid of dup length check in parse_reparse_point()
    
    [ Upstream commit 8a3c4e44c243308c2364a00f9944c3d6fbdeb125 ]
    
    smb2_compound_op(SMB2_OP_GET_REPARSE) already checks if ioctl response
    has a valid reparse data buffer's length, so there's no need to check
    it again in parse_reparse_point().
    
    In order to get rid of duplicate check, validate reparse data buffer's
    length also in cifs_query_reparse_point().
    
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: minor comment cleanup [+ + +]
Author: Steve French <[email protected]>
Date:   Wed Jan 17 16:56:05 2024 -0600

    cifs: minor comment cleanup
    
    [ Upstream commit 0b549c4f594167d7ef056393c6a06ac77f5690ff ]
    
    minor comment cleanup and trivial camelCase removal
    
    Reviewed-by: Bharath SM <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: Move some extern decls from .c files to .h [+ + +]
Author: Steve French <[email protected]>
Date:   Wed May 1 01:39:48 2024 -0500

    cifs: Move some extern decls from .c files to .h
    
    [ Upstream commit 5b142b37c70b1fa6936fa2d0babb0b8c16767d3a ]
    
    Move the following:
    
            extern mempool_t *cifs_sm_req_poolp;
            extern mempool_t *cifs_req_poolp;
            extern mempool_t *cifs_mid_poolp;
            extern bool disable_legacy_dialects;
    
    from various .c files to cifsglob.h.
    
    Signed-off-by: David Howells <[email protected]>
    cc: [email protected]
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: new mount option called retrans [+ + +]
Author: Shyam Prasad N <[email protected]>
Date:   Wed Jan 17 06:09:16 2024 +0000

    cifs: new mount option called retrans
    
    [ Upstream commit ce09f8d8a7130e6edfdd6fcad8eb277824d5de95 ]
    
    We have several places in the code where we treat the
    error -EAGAIN very differently. Some code retry for
    arbitrary number of times.
    
    Introducing this new mount option named "retrans", so
    that all these handlers of -EAGAIN can retry a fixed
    number of times. This applies only to soft mounts.
    
    Signed-off-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: new nt status codes from MS-SMB2 [+ + +]
Author: Shyam Prasad N <[email protected]>
Date:   Wed Jan 17 06:21:33 2024 +0000

    cifs: new nt status codes from MS-SMB2
    
    [ Upstream commit 7f738527a7a03021c7e1b02e188f446845f05eb6 ]
    
    MS-SMB2 spec has introduced two new status codes,
    STATUS_SERVER_UNAVAILABLE and STATUS_FILE_NOT_AVAILABLE
    which are to be treated as retryable errors.
    
    This change adds these to the available mappings and
    maps them to Linux errno EAGAIN.
    
    Signed-off-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: Pass unbyteswapped eof value into SMB2_set_eof() [+ + +]
Author: David Howells <[email protected]>
Date:   Mon Jan 1 15:40:10 2024 +0000

    cifs: Pass unbyteswapped eof value into SMB2_set_eof()
    
    [ Upstream commit 6ebfede8d57a615dcbdec7e490faed585153f7f1 ]
    
    Change SMB2_set_eof() to take eof as CPU order rather than __le64 and pass
    it directly rather than by pointer.  This moves the conversion down into
    SMB_set_eof() rather than all of its callers and means we don't need to
    undo it for the traceline.
    
    Signed-off-by: David Howells <[email protected]>
    cc: Jeff Layton <[email protected]>
    cc: [email protected]
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: pick channel for tcon and tdis [+ + +]
Author: Shyam Prasad N <[email protected]>
Date:   Wed Jan 10 10:48:36 2024 +0000

    cifs: pick channel for tcon and tdis
    
    [ Upstream commit 268b8b5797becb242013fcd63173eb28c007c8ae ]
    
    Today, the tree connect and disconnect requests are
    sent on the primary channel only. However, the new
    multichannel logic allows the session to remain active
    even if one of the channels are alive. So a tree connect
    can now be triggered during a reconnect on any of
    its channels.
    
    This change changes tcon and tdis calls to pick an
    active channel instead of the first one.
    
    Signed-off-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: print server capabilities in DebugData [+ + +]
Author: Shyam Prasad N <[email protected]>
Date:   Mon Oct 30 11:00:07 2023 +0000

    cifs: print server capabilities in DebugData
    
    [ Upstream commit 52768695d36a44d352e9fb79ba27468a5363ab8d ]
    
    In the output of /proc/fs/cifs/DebugData, we do not
    print the server->capabilities field today.
    With this change, we will do that.
    
    Signed-off-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: remove redundant variable assignment [+ + +]
Author: Bharath SM <[email protected]>
Date:   Thu Mar 14 23:36:36 2024 +0530

    cifs: remove redundant variable assignment
    
    [ Upstream commit 2760161d149f8d60c3f767fc62a823a1ead9d367 ]
    
    This removes an unnecessary variable assignment. The assigned
    value will be overwritten by cifs_fattr_to_inode before it
    is accessed, making the line redundant.
    
    Signed-off-by: Bharath SM <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: remove redundant variable tcon_exist [+ + +]
Author: Colin Ian King <[email protected]>
Date:   Tue Jan 16 10:51:34 2024 +0000

    cifs: remove redundant variable tcon_exist
    
    [ Upstream commit 8ca5d2641be217a78a891d4dbe2a46232d1d8eb9 ]
    
    The variable tcon_exist is being assigned however it is never read, the
    variable is redundant and can be removed.
    
    Cleans up clang scan build warning:
    warning: Although the value stored to 'tcon_exist' is used in
    the enclosing expression, the value is never actually readfrom
    'tcon_exist' [deadcode.DeadStores]
    
    Signed-off-by: Colin Ian King <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: remove unneeded return statement [+ + +]
Author: Steve French <[email protected]>
Date:   Mon Jan 8 22:37:10 2024 -0600

    cifs: remove unneeded return statement
    
    [ Upstream commit a3f763fdcb2f784c355aed66ddac6748ff8dbfa6 ]
    
    Return statement was not needed at end of cifs_chan_update_iface
    
    Suggested-by: Christophe Jaillet <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: set replay flag for retries of write command [+ + +]
Author: Shyam Prasad N <[email protected]>
Date:   Thu Jan 18 09:14:10 2024 +0000

    cifs: set replay flag for retries of write command
    
    [ Upstream commit 4cdad80261862c8cdcbb5fd232aa713d0bdefe24 ]
    
    Similar to the rest of the commands, this is a change
    to add replay flags on retry. This one does not add a
    back-off, considering that we may want to flush a write
    ASAP to the server. Considering that this will be a
    flush of cached pages, the retrans value is also not
    honoured.
    
    Signed-off-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

cifs: update the same create_guid on replay [+ + +]
Author: Steve French <[email protected]>
Date:   Sun Apr 28 01:32:09 2024 -0500

    cifs: update the same create_guid on replay
    
    [ Upstream commit 79520587fe42cd4988aff8695d60621e689109cb ]
    
    File open requests made to the server contain a
    CreateGuid, which is used by the server to identify
    the open request. If the same request needs to be
    replayed, it needs to be sent with the same CreateGuid
    in the durable handle v2 context.
    
    Without doing so, we could end up leaking handles on
    the server when:
    1. multichannel is used AND
    2. connection goes down, but not for all channels
    
    This is because the replayed open request would have a
    new CreateGuid and the server will treat this as a new
    request and open a new handle.
    
    This change fixes this by reusing the existing create_guid
    stored in the cached fid struct.
    
    REF: MS-SMB2 4.9 Replay Create Request on an Alternate Channel
    
    Fixes: 4f1fffa23769 ("cifs: commands that are retried should have replay flag set")
    Signed-off-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file [+ + +]
Author: SeongJae Park <[email protected]>
Date:   Fri May 3 11:03:14 2024 -0700

    Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file
    
    commit da2a061888883e067e8e649d086df35c92c760a7 upstream.
    
    The example usage of DAMOS filter sysfs files, specifically the part of
    'matching' file writing for memcg type filter, is wrong.  The intention is
    to exclude pages of a memcg that already getting enough care from a given
    scheme, but the example is setting the filter to apply the scheme to only
    the pages of the memcg.  Fix it.
    
    Link: https://lkml.kernel.org/r/[email protected]
    Fixes: 9b7f9322a530 ("Docs/admin-guide/mm/damon/usage: document DAMOS filters of sysfs")
    Closes: https://lore.kernel.org/r/[email protected]
    Signed-off-by: SeongJae Park <[email protected]>
    Cc: <[email protected]>    [6.3.x]
    Cc: Jonathan Corbet <[email protected]>
    Cc: Shuah Khan <[email protected]>
    Signed-off-by: Andrew Morton <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
docs: kernel_include.py: Cope with docutils 0.21 [+ + +]
Author: Akira Yokosawa <[email protected]>
Date:   Wed May 1 12:16:11 2024 +0900

    docs: kernel_include.py: Cope with docutils 0.21
    
    commit d43ddd5c91802a46354fa4c4381416ef760676e2 upstream.
    
    Running "make htmldocs" on a newly installed Sphinx 7.3.7 ends up in
    a build error:
    
        Sphinx parallel build error:
        AttributeError: module 'docutils.nodes' has no attribute 'reprunicode'
    
    docutils 0.21 has removed nodes.reprunicode, quote from release note [1]:
    
      * Removed objects:
    
        docutils.nodes.reprunicode, docutils.nodes.ensure_str()
            Python 2 compatibility hacks
    
    Sphinx 7.3.0 supports docutils 0.21 [2]:
    
    kernel_include.py, whose origin is misc.py of docutils, uses reprunicode.
    
    Upstream docutils removed the offending line from the corresponding file
    (docutils/docutils/parsers/rst/directives/misc.py) in January 2022.
    Quoting the changelog [3]:
    
        Deprecate `nodes.reprunicode` and `nodes.ensure_str()`.
    
        Drop uses of the deprecated constructs (not required with Python 3).
    
    Do the same for kernel_include.py.
    
    Tested against:
      - Sphinx 2.4.5 (docutils 0.17.1)
      - Sphinx 3.4.3 (docutils 0.17.1)
      - Sphinx 5.3.0 (docutils 0.18.1)
      - Sphinx 6.2.1 (docutils 0.19)
      - Sphinx 7.2.6 (docutils 0.20.1)
      - Sphinx 7.3.7 (docutils 0.21.2)
    
    Link: http://www.docutils.org/RELEASE-NOTES.html#release-0-21-2024-04-09 [1]
    Link: https://www.sphinx-doc.org/en/master/changes.html#release-7-3-0-released-apr-16-2024 [2]
    Link: https://github.com/docutils/docutils/commit/c8471ce47a24 [3]
    Signed-off-by: Akira Yokosawa <[email protected]>
    Cc: [email protected]
    Signed-off-by: Jonathan Corbet <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
drm/amd/display: Fix division by zero in setup_dsc_config [+ + +]
Author: Jose Fernandez <[email protected]>
Date:   Mon Apr 22 08:35:44 2024 -0600

    drm/amd/display: Fix division by zero in setup_dsc_config
    
    commit 130afc8a886183a94cf6eab7d24f300014ff87ba upstream.
    
    When slice_height is 0, the division by slice_height in the calculation
    of the number of slices will cause a division by zero driver crash. This
    leaves the kernel in a state that requires a reboot. This patch adds a
    check to avoid the division by zero.
    
    The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on
    a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor
    connected via Thunderbolt. The amdgpu driver crashed with this exception
    when I rebooted the system with the monitor connected.
    
    kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)
    kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)
    kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu
    kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175)
    kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu
    kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))
    kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu
    kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)
    kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu
    kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu
    
    After applying this patch, the driver no longer crashes when the monitor
    is connected and the system is rebooted. I believe this is the same
    issue reported for 3113.
    
    Reviewed-by: Rodrigo Siqueira <[email protected]>
    Signed-off-by: Jose Fernandez <[email protected]>
    Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3113
    Signed-off-by: Rodrigo Siqueira <[email protected]>
    Signed-off-by: Alex Deucher <[email protected]>
    Cc: "Limonciello, Mario" <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() [+ + +]
Author: Srinivasan Shanmugam <[email protected]>
Date:   Tue Dec 26 15:32:19 2023 +0530

    drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
    
    commit b8d55a90fd55b767c25687747e2b24abd1ef8680 upstream.
    
    Return invalid error code -EINVAL for invalid block id.
    
    Fixes the below:
    
    drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)
    
    Suggested-by: Hawking Zhang <[email protected]>
    Cc: Tao Zhou <[email protected]>
    Cc: Hawking Zhang <[email protected]>
    Cc: Christian König <[email protected]>
    Cc: Alex Deucher <[email protected]>
    Signed-off-by: Srinivasan Shanmugam <[email protected]>
    Reviewed-by: Hawking Zhang <[email protected]>
    Signed-off-by: Alex Deucher <[email protected]>
    [Ajay: applied AMDGPU_RAS_BLOCK_COUNT condition to amdgpu_ras_query_error_status()
           as amdgpu_ras_query_error_status_helper() not present in v6.6, v6.1
           amdgpu_ras_query_error_status_helper() was introduced in 8cc0f5669eb6]
    Signed-off-by: Ajay Kaher <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
erofs: get rid of erofs_fs_context [+ + +]
Author: Baokun Li <[email protected]>
Date:   Fri Apr 19 20:36:10 2024 +0800

    erofs: get rid of erofs_fs_context
    
    commit 07abe43a28b2c660f726d66f5470f7f114f9643a upstream.
    
    Instead of allocating the erofs_sb_info in fill_super() allocate it during
    erofs_init_fs_context() and ensure that erofs can always have the info
    available during erofs_kill_sb(). After this erofs_fs_context is no longer
    needed, replace ctx with sbi, no functional changes.
    
    Suggested-by: Jingbo Xu <[email protected]>
    Signed-off-by: Baokun Li <[email protected]>
    Reviewed-by: Jingbo Xu <[email protected]>
    Reviewed-by: Gao Xiang <[email protected]>
    Reviewed-by: Chao Yu <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    [ Gao Xiang: trivial conflict due to a warning message. ]
    Signed-off-by: Gao Xiang <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

erofs: reliably distinguish block based and fscache mode [+ + +]
Author: Christian Brauner <[email protected]>
Date:   Fri Apr 19 20:36:11 2024 +0800

    erofs: reliably distinguish block based and fscache mode
    
    commit 7af2ae1b1531feab5d38ec9c8f472dc6cceb4606 upstream.
    
    When erofs_kill_sb() is called in block dev based mode, s_bdev may not
    have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,
    it will be mistaken for fscache mode, and then attempt to free an anon_dev
    that has never been allocated, triggering the following warning:
    
    ============================================
    ida_free called for id=0 which is not allocated.
    WARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140
    Modules linked in:
    CPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630
    RIP: 0010:ida_free+0x134/0x140
    Call Trace:
     <TASK>
     erofs_kill_sb+0x81/0x90
     deactivate_locked_super+0x35/0x80
     get_tree_bdev+0x136/0x1e0
     vfs_get_tree+0x2c/0xf0
     do_new_mount+0x190/0x2f0
     [...]
    ============================================
    
    Now when erofs_kill_sb() is called, erofs_sb_info must have been
    initialised, so use sbi->fsid to distinguish between the two modes.
    
    Signed-off-by: Christian Brauner <[email protected]>
    Signed-off-by: Baokun Li <[email protected]>
    Reviewed-by: Jingbo Xu <[email protected]>
    Reviewed-by: Gao Xiang <[email protected]>
    Reviewed-by: Chao Yu <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Gao Xiang <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
ice: pass VSI pointer into ice_vc_isvalid_q_id [+ + +]
Author: Jacob Keller <[email protected]>
Date:   Fri Feb 16 14:06:35 2024 -0800

    ice: pass VSI pointer into ice_vc_isvalid_q_id
    
    commit a21605993dd5dfd15edfa7f06705ede17b519026 upstream.
    
    The ice_vc_isvalid_q_id() function takes a VSI index and a queue ID. It
    looks up the VSI from its index, and then validates that the queue number
    is valid for that VSI.
    
    The VSI ID passed is typically a VSI index from the VF. This VSI number is
    validated by the PF to ensure that it matches the VSI associated with the
    VF already.
    
    In every flow where ice_vc_isvalid_q_id() is called, the PF driver already
    has a pointer to the VSI associated with the VF. This pointer is obtained
    using ice_get_vf_vsi(), rather than looking up the VSI using the index sent
    by the VF.
    
    Since we already know which VSI to operate on, we can modify
    ice_vc_isvalid_q_id() to take a VSI pointer instead of a VSI index. Pass
    the VSI we found from ice_get_vf_vsi() instead of re-doing the lookup. This
    removes some unnecessary computation and scanning of the VSI list.
    
    It also removes the last place where the driver directly used the VSI
    number from the VF. This will pave the way for refactoring to communicate
    relative VSI numbers to the VF instead of absolute numbers from the PF
    space.
    
    Signed-off-by: Jacob Keller <[email protected]>
    Reviewed-by: Przemek Kitszel <[email protected]>
    Tested-by: Rafal Romanowski <[email protected]>
    Signed-off-by: Tony Nguyen <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

ice: remove unnecessary duplicate checks for VF VSI ID [+ + +]
Author: Jacob Keller <[email protected]>
Date:   Fri Feb 16 14:06:36 2024 -0800

    ice: remove unnecessary duplicate checks for VF VSI ID
    
    commit 363f689600dd010703ce6391bcfc729a97d21840 upstream.
    
    The ice_vc_fdir_param_check() function validates that the VSI ID of the
    virtchnl flow director command matches the VSI number of the VF. This is
    already checked by the call to ice_vc_isvalid_vsi_id() immediately
    following this.
    
    This check is unnecessary since ice_vc_isvalid_vsi_id() already confirms
    this by checking that the VSI ID can locate the VSI associated with the VF
    structure.
    
    Furthermore, a following change is going to refactor the ice driver to
    report VSI IDs using a relative index for each VF instead of reporting the
    PF VSI number. This additional check would break that logic since it
    enforces that the VSI ID matches the VSI number.
    
    Since this check duplicates  the logic in ice_vc_isvalid_vsi_id() and gets
    in the way of refactoring that logic, remove it.
    
    Signed-off-by: Jacob Keller <[email protected]>
    Reviewed-by: Przemek Kitszel <[email protected]>
    Tested-by: Rafal Romanowski <[email protected]>
    Signed-off-by: Tony Nguyen <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
KEYS: trusted: Do not use WARN when encode fails [+ + +]
Author: Jarkko Sakkinen <[email protected]>
Date:   Mon May 13 21:19:04 2024 +0300

    KEYS: trusted: Do not use WARN when encode fails
    
    commit 050bf3c793a07f96bd1e2fd62e1447f731ed733b upstream.
    
    When asn1_encode_sequence() fails, WARN is not the correct solution.
    
    1. asn1_encode_sequence() is not an internal function (located
       in lib/asn1_encode.c).
    2. Location is known, which makes the stack trace useless.
    3. Results a crash if panic_on_warn is set.
    
    It is also noteworthy that the use of WARN is undocumented, and it
    should be avoided unless there is a carefully considered rationale to
    use it.
    
    Replace WARN with pr_err, and print the return value instead, which is
    only useful piece of information.
    
    Cc: [email protected] # v5.13+
    Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
    Signed-off-by: Jarkko Sakkinen <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

KEYS: trusted: Fix memory leak in tpm2_key_encode() [+ + +]
Author: Jarkko Sakkinen <[email protected]>
Date:   Mon May 20 02:31:53 2024 +0300

    KEYS: trusted: Fix memory leak in tpm2_key_encode()
    
    commit ffcaa2172cc1a85ddb8b783de96d38ca8855e248 upstream.
    
    'scratch' is never freed. Fix this by calling kfree() in the success, and
    in the error case.
    
    Cc: [email protected] # +v5.13
    Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs")
    Signed-off-by: Jarkko Sakkinen <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
kselftest: Add a ksft_perror() helper [+ + +]
Author: Mark Brown <[email protected]>
Date:   Thu Sep 28 16:38:11 2023 +0200

    kselftest: Add a ksft_perror() helper
    
    commit 907f33028871fa7c9a3db1efd467b78ef82cce20 upstream.
    
    The standard library perror() function provides a convenient way to print
    an error message based on the current errno but this doesn't play nicely
    with KTAP output. Provide a helper which does an equivalent thing in a KTAP
    compatible format.
    
    nolibc doesn't have a strerror() and adding the table of strings required
    doesn't seem like a good fit for what it's trying to do so when we're using
    that only print the errno.
    
    Signed-off-by: Mark Brown <[email protected]>
    Reviewed-by: Kees Cook <[email protected]>
    Signed-off-by: Shuah Khan <[email protected]>
    Stable-dep-of: 071af0c9e582 ("selftests: timers: Convert posix_timers test to generate KTAP output")
    Signed-off-by: Edward Liaw <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
ksmbd: add continuous availability share parameter [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Sat Apr 20 09:17:58 2024 +0900

    ksmbd: add continuous availability share parameter
    
    [ Upstream commit e9d8c2f95ab8acaf3f4d4a53682a4afa3c263692 ]
    
    If capabilities of the share is not SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY,
    ksmbd should not grant a persistent handle to the client.
    This patch add continuous availability share parameter to control it.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: Add kernel-doc for ksmbd_extract_sharename() function [+ + +]
Author: Yang Li <[email protected]>
Date:   Fri Feb 2 16:13:17 2024 +0800

    ksmbd: Add kernel-doc for ksmbd_extract_sharename() function
    
    [ Upstream commit a12bc36032a2f7917068f9ce9eb26d869e54b31a ]
    
    The ksmbd_extract_sharename() function lacked a complete kernel-doc
    comment. This patch adds parameter descriptions and detailed function
    behavior to improve code readability and maintainability.
    
    Signed-off-by: Yang Li <[email protected]>
    Acked-by: Randy Dunlap <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: add support for durable handles v1/v2 [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Mar 12 14:05:57 2024 +0900

    ksmbd: add support for durable handles v1/v2
    
    [ Upstream commit c8efcc786146a951091588e5fa7e3c754850cb3c ]
    
    Durable file handles allow reopening a file preserved on a short
    network outage and transparent client reconnection within a timeout.
    i.e. Durable handles aren't necessarily cleaned up when the opening
    process terminates.
    
    This patch add support for durable handle version 1 and 2.
    
    To prove durable handles work on ksmbd, I have tested this patch with
    the following smbtorture tests:
    
    smb2.durable-open.open-oplock
    smb2.durable-open.open-lease
    smb2.durable-open.reopen1
    smb2.durable-open.reopen1a
    smb2.durable-open.reopen1a-lease
    smb2.durable-open.reopen2
    smb2.durable-open.reopen2a
    smb2.durable-open.reopen2-lease
    smb2.durable-open.reopen2-lease-v2
    smb2.durable-open.reopen3
    smb2.durable-open.reopen4
    smb2.durable-open.delete_on_close2
    smb2.durable-open.file-position
    smb2.durable-open.lease
    smb2.durable-open.alloc-size
    smb2.durable-open.read-only
    smb2.durable-v2-open.create-blob
    smb2.durable-v2-open.open-oplock
    smb2.durable-v2-open.open-lease
    smb2.durable-v2-open.reopen1
    smb2.durable-v2-open.reopen1a
    smb2.durable-v2-open.reopen1a-lease
    smb2.durable-v2-open.reopen2
    smb2.durable-v2-open.reopen2b
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: auth: fix most kernel-doc warnings [+ + +]
Author: Randy Dunlap <[email protected]>
Date:   Fri Dec 15 19:03:57 2023 -0800

    ksmbd: auth: fix most kernel-doc warnings
    
    [ Upstream commit b4068f1ef36d634ef44ece894738284d756d6627 ]
    
    Fix 12 of 17 kernel-doc warnings in auth.c:
    
    auth.c:221: warning: Function parameter or member 'conn' not described in 'ksmbd_auth_ntlmv2'
    auth.c:221: warning: Function parameter or member 'cryptkey' not described in 'ksmbd_auth_ntlmv2'
    auth.c:305: warning: Function parameter or member 'blob_len' not described in 'ksmbd_decode_ntlmssp_auth_blob'
    auth.c:305: warning: Function parameter or member 'conn' not described in 'ksmbd_decode_ntlmssp_auth_blob'
    auth.c:305: warning: Excess function parameter 'usr' description in 'ksmbd_decode_ntlmssp_auth_blob'
    auth.c:385: warning: Function parameter or member 'blob_len' not described in 'ksmbd_decode_ntlmssp_neg_blob'
    auth.c:385: warning: Function parameter or member 'conn' not described in 'ksmbd_decode_ntlmssp_neg_blob'
    auth.c:385: warning: Excess function parameter 'rsp' description in 'ksmbd_decode_ntlmssp_neg_blob'
    auth.c:385: warning: Excess function parameter 'sess' description in 'ksmbd_decode_ntlmssp_neg_blob'
    auth.c:413: warning: Function parameter or member 'conn' not described in 'ksmbd_build_ntlmssp_challenge_blob'
    auth.c:413: warning: Excess function parameter 'rsp' description in 'ksmbd_build_ntlmssp_challenge_blob'
    auth.c:413: warning: Excess function parameter 'sess' description in 'ksmbd_build_ntlmssp_challenge_blob'
    
    The other 5 are only present when a W=1 kernel build is done or
    when scripts/kernel-doc is run with -Wall. They are:
    
    auth.c:81: warning: No description found for return value of 'ksmbd_gen_sess_key'
    auth.c:385: warning: No description found for return value of 'ksmbd_decode_ntlmssp_neg_blob'
    auth.c:413: warning: No description found for return value of 'ksmbd_build_ntlmssp_challenge_blob'
    auth.c:577: warning: No description found for return value of 'ksmbd_sign_smb2_pdu'
    auth.c:628: warning: No description found for return value of 'ksmbd_sign_smb3_pdu'
    
    Signed-off-by: Randy Dunlap <[email protected]>
    Cc: Namjae Jeon <[email protected]>
    Cc: Steve French <[email protected]>
    Cc: Sergey Senozhatsky <[email protected]>
    Cc: Tom Talpey <[email protected]>
    Cc: [email protected]
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: fix possible null-deref in smb_lazy_parent_lease_break_close [+ + +]
Author: Marios Makassikis <[email protected]>
Date:   Wed Mar 13 15:11:38 2024 +0100

    ksmbd: fix possible null-deref in smb_lazy_parent_lease_break_close
    
    [ Upstream commit 5fb282ba4fef8985a5acf2b32681f2ec07732561 ]
    
    rcu_dereference can return NULL, so make sure we check against that.
    
    Signed-off-by: Marios Makassikis <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: fix potencial out-of-bounds when buffer offset is invalid [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Tue Mar 19 08:40:48 2024 +0900

    ksmbd: fix potencial out-of-bounds when buffer offset is invalid
    
    [ Upstream commit c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da ]
    
    I found potencial out-of-bounds when buffer offset fields of a few requests
    is invalid. This patch set the minimum value of buffer offset field to
    ->Buffer offset to validate buffer length.
    
    Cc: [email protected]
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Sat Mar 16 23:36:36 2024 +0900

    ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
    
    [ Upstream commit d10c77873ba1e9e6b91905018e29e196fd5f863d ]
    
    If ->NameOffset/Length is bigger than ->CreateContextsOffset/Length,
    ksmbd_check_message doesn't validate request buffer it correctly.
    So slab-out-of-bounds warning from calling smb_strndup_from_utf16()
    in smb2_open() could happen. If ->NameLength is non-zero, Set the larger
    of the two sums (Name and CreateContext size) as the offset and length of
    the data area.
    
    Reported-by: Yang Chaoming <[email protected]>
    Cc: [email protected]
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: Fix spelling mistake "connction" -> "connection" [+ + +]
Author: Colin Ian King <[email protected]>
Date:   Wed Mar 13 09:16:16 2024 +0000

    ksmbd: Fix spelling mistake "connction" -> "connection"
    
    [ Upstream commit e758fa6956cbc873e4819ec3dd97cfd05a4c147e ]
    
    There is a spelling mistake in a ksmbd_debug debug message. Fix it.
    
    Signed-off-by: Colin Ian King <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session [+ + +]
Author: Namjae Jeon <[email protected]>
Date:   Sun Mar 10 19:30:51 2024 +0900

    ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session
    
    [ Upstream commit fa9415d4024fd0c58d24a4ad4f1826fb8bfcc4aa ]
    
    Currently ksmbd exit connection as well destroying previous session.
    When testing durable handle feaure, I found that
    destroy_previous_session() should destroy only session, i.e. the
    connection should be still alive. This patch mark SMB2_SESSION_EXPIRED
    on the previous session to be destroyed later and not used anymore.
    
    Signed-off-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

ksmbd: vfs: fix all kernel-doc warnings [+ + +]
Author: Randy Dunlap <[email protected]>
Date:   Fri Dec 15 19:28:14 2023 -0800

    ksmbd: vfs: fix all kernel-doc warnings
    
    [ Upstream commit 8d99c1131d9d03053b7b1e1245b8f6e6846d9c69 ]
    
    Fix all kernel-doc warnings in vfs.c:
    
    vfs.c:54: warning: Function parameter or member 'parent' not described in 'ksmbd_vfs_lock_parent'
    vfs.c:54: warning: Function parameter or member 'child' not described in 'ksmbd_vfs_lock_parent'
    vfs.c:54: warning: No description found for return value of 'ksmbd_vfs_lock_parent'
    vfs.c:372: warning: Function parameter or member 'fp' not described in 'ksmbd_vfs_read'
    vfs.c:372: warning: Excess function parameter 'fid' description in 'ksmbd_vfs_read'
    vfs.c:489: warning: Function parameter or member 'fp' not described in 'ksmbd_vfs_write'
    vfs.c:489: warning: Excess function parameter 'fid' description in 'ksmbd_vfs_write'
    vfs.c:555: warning: Function parameter or member 'path' not described in 'ksmbd_vfs_getattr'
    vfs.c:555: warning: Function parameter or member 'stat' not described in 'ksmbd_vfs_getattr'
    vfs.c:555: warning: Excess function parameter 'work' description in 'ksmbd_vfs_getattr'
    vfs.c:555: warning: Excess function parameter 'fid' description in 'ksmbd_vfs_getattr'
    vfs.c:555: warning: Excess function parameter 'attrs' description in 'ksmbd_vfs_getattr'
    vfs.c:572: warning: Function parameter or member 'p_id' not described in 'ksmbd_vfs_fsync'
    vfs.c:595: warning: Function parameter or member 'work' not described in 'ksmbd_vfs_remove_file'
    vfs.c:595: warning: Function parameter or member 'path' not described in 'ksmbd_vfs_remove_file'
    vfs.c:595: warning: Excess function parameter 'name' description in 'ksmbd_vfs_remove_file'
    vfs.c:633: warning: Function parameter or member 'work' not described in 'ksmbd_vfs_link'
    vfs.c:805: warning: Function parameter or member 'fp' not described in 'ksmbd_vfs_truncate'
    vfs.c:805: warning: Excess function parameter 'fid' description in 'ksmbd_vfs_truncate'
    vfs.c:846: warning: Excess function parameter 'size' description in 'ksmbd_vfs_listxattr'
    vfs.c:953: warning: Function parameter or member 'option' not described in 'ksmbd_vfs_set_fadvise'
    vfs.c:953: warning: Excess function parameter 'options' description in 'ksmbd_vfs_set_fadvise'
    vfs.c:1167: warning: Function parameter or member 'um' not described in 'ksmbd_vfs_lookup_in_dir'
    vfs.c:1203: warning: Function parameter or member 'work' not described in 'ksmbd_vfs_kern_path_locked'
    vfs.c:1641: warning: No description found for return value of 'ksmbd_vfs_init_kstat'
    
    Signed-off-by: Randy Dunlap <[email protected]>
    Cc: Namjae Jeon <[email protected]>
    Cc: Steve French <[email protected]>
    Cc: Sergey Senozhatsky <[email protected]>
    Cc: Tom Talpey <[email protected]>
    Cc: [email protected]
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
Linux: Linux 6.6.32 [+ + +]
Author: Greg Kroah-Hartman <[email protected]>
Date:   Sat May 25 16:22:56 2024 +0200

    Linux 6.6.32
    
    Link: https://lore.kernel.org/r/[email protected]
    Tested-by: SeongJae Park <[email protected]>
    Tested-by: Mark Brown <[email protected]>
    Tested-by: Florian Fainelli <[email protected]>
    Tested-by: Takeshi Ogasawara <[email protected]>
    Tested-by: Linux Kernel Functional Testing <[email protected]>
    Tested-by: Harshit Mogalapalli <[email protected]>
    Tested-by: Linux Kernel Functional Testing <[email protected]>
    Tested-by: Shuah Khan <[email protected]>
    Tested-by: Jon Hunter <[email protected]>
    Tested-by: Ron Economos <[email protected]>
    Tested-by: Kelsey Steele <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

Linux: Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO [+ + +]
Author: Steve French <[email protected]>
Date:   Fri Nov 10 01:24:16 2023 -0600

    Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO
    
    [ Upstream commit 784e0e20b4c97c270b2892f677d3fad658e2c1d5 ]
    
    The tcon_flags field was always being set to zero in the information
    about the mount returned by the ioctl CIFS_IOC_GET_MNT_INFO instead
    of being set to the value of the Flags field in the tree connection
    structure as intended.
    
    Reviewed-by: Shyam Prasad N <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
mmc: core: Add HS400 tuning in HS400es initialization [+ + +]
Author: Mengqi Zhang <[email protected]>
Date:   Mon Dec 25 17:38:40 2023 +0800

    mmc: core: Add HS400 tuning in HS400es initialization
    
    commit 77e01b49e35f24ebd1659096d5fc5c3b75975545 upstream.
    
    During the initialization to HS400es stage, add a HS400 tuning flow as an
    optional process. For Mediatek IP, the HS400es mode requires a specific
    tuning to ensure the correct HS400 timing setting.
    
    Signed-off-by: Mengqi Zhang <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Ulf Hansson <[email protected]>
    Cc: "Lin Gui (桂林)" <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
net: ks8851: Fix another TX stall caused by wrong ISR flag handling [+ + +]
Author: Ronald Wahl <[email protected]>
Date:   Mon May 13 16:39:22 2024 +0200

    net: ks8851: Fix another TX stall caused by wrong ISR flag handling
    
    commit 317a215d493230da361028ea8a4675de334bfa1a upstream.
    
    Under some circumstances it may happen that the ks8851 Ethernet driver
    stops sending data.
    
    Currently the interrupt handler resets the interrupt status flags in the
    hardware after handling TX. With this approach we may lose interrupts in
    the time window between handling the TX interrupt and resetting the TX
    interrupt status bit.
    
    When all of the three following conditions are true then transmitting
    data stops:
    
      - TX queue is stopped to wait for room in the hardware TX buffer
      - no queued SKBs in the driver (txq) that wait for being written to hw
      - hardware TX buffer is empty and the last TX interrupt was lost
    
    This is because reenabling the TX queue happens when handling the TX
    interrupt status but if the TX status bit has already been cleared then
    this interrupt will never come.
    
    With this commit the interrupt status flags will be cleared before they
    are handled. That way we stop losing interrupts.
    
    The wrong handling of the ISR flags was there from the beginning but
    with commit 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX
    buffer overrun") the issue becomes apparent.
    
    Fixes: 3dc5d4454545 ("net: ks8851: Fix TX stall caused by TX buffer overrun")
    Cc: "David S. Miller" <[email protected]>
    Cc: Eric Dumazet <[email protected]>
    Cc: Jakub Kicinski <[email protected]>
    Cc: Paolo Abeni <[email protected]>
    Cc: Simon Horman <[email protected]>
    Cc: [email protected]
    Cc: [email protected] # 5.10+
    Signed-off-by: Ronald Wahl <[email protected]>
    Reviewed-by: Simon Horman <[email protected]>
    Signed-off-by: David S. Miller <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

net: usb: ax88179_178a: fix link status when link is set to down/up [+ + +]
Author: Jose Ignacio Tornos Martinez <[email protected]>
Date:   Fri May 10 11:08:28 2024 +0200

    net: usb: ax88179_178a: fix link status when link is set to down/up
    
    commit ecf848eb934b03959918f5269f64c0e52bc23998 upstream.
    
    The idea was to keep only one reset at initialization stage in order to
    reduce the total delay, or the reset from usbnet_probe or the reset from
    usbnet_open.
    
    I have seen that restarting from usbnet_probe is necessary to avoid doing
    too complex things. But when the link is set to down/up (for example to
    configure a different mac address) the link is not correctly recovered
    unless a reset is commanded from usbnet_open.
    
    So, detect the initialization stage (first call) to not reset from
    usbnet_open after the reset from usbnet_probe and after this stage, always
    reset from usbnet_open too (when the link needs to be rechecked).
    
    Apply to all the possible devices, the behavior now is going to be the same.
    
    cc: [email protected] # 6.6+
    Fixes: 56f78615bcb1 ("net: usb: ax88179_178a: avoid writing the mac address before first reading")
    Reported-by: Isaac Ganoung <[email protected]>
    Reported-by: Yongqin Liu <[email protected]>
    Signed-off-by: Jose Ignacio Tornos Martinez <[email protected]>
    Reviewed-by: Simon Horman <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Jakub Kicinski <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
remoteproc: mediatek: Make sure IPI buffer fits in L2TCM [+ + +]
Author: AngeloGioacchino Del Regno <[email protected]>
Date:   Thu Mar 21 09:46:13 2024 +0100

    remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
    
    commit 331f91d86f71d0bb89a44217cc0b2a22810bbd42 upstream.
    
    The IPI buffer location is read from the firmware that we load to the
    System Companion Processor, and it's not granted that both the SRAM
    (L2TCM) size that is defined in the devicetree node is large enough
    for that, and while this is especially true for multi-core SCP, it's
    still useful to check on single-core variants as well.
    
    Failing to perform this check may make this driver perform R/W
    operations out of the L2TCM boundary, resulting (at best) in a
    kernel panic.
    
    To fix that, check that the IPI buffer fits, otherwise return a
    failure and refuse to boot the relevant SCP core (or the SCP at
    all, if this is single core).
    
    Fixes: 3efa0ea743b7 ("remoteproc/mediatek: read IPI buffer offset from FW")
    Signed-off-by: AngeloGioacchino Del Regno <[email protected]>
    Cc: [email protected]
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Mathieu Poirier <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
serial: kgdboc: Fix NMI-safety problems from keyboard reset code [+ + +]
Author: Daniel Thompson <[email protected]>
Date:   Wed Apr 24 15:21:41 2024 +0100

    serial: kgdboc: Fix NMI-safety problems from keyboard reset code
    
    commit b2aba15ad6f908d1a620fd97f6af5620c3639742 upstream.
    
    Currently, when kdb is compiled with keyboard support, then we will use
    schedule_work() to provoke reset of the keyboard status.  Unfortunately
    schedule_work() gets called from the kgdboc post-debug-exception
    handler.  That risks deadlock since schedule_work() is not NMI-safe and,
    even on platforms where the NMI is not directly used for debugging, the
    debug trap can have NMI-like behaviour depending on where breakpoints
    are placed.
    
    Fix this by using the irq work system, which is NMI-safe, to defer the
    call to schedule_work() to a point when it is safe to call.
    
    Reported-by: Liuye <[email protected]>
    Closes: https://lore.kernel.org/all/[email protected]/
    Cc: [email protected]
    Reviewed-by: Douglas Anderson <[email protected]>
    Acked-by: Greg Kroah-Hartman <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Daniel Thompson <[email protected]>
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

 
smb311: additional compression flag defined in updated protocol spec [+ + +]
Author: Steve French <[email protected]>
Date:   Tue Mar 19 17:00:01 2024 -0500

    smb311: additional compression flag defined in updated protocol spec
    
    [ Upstream commit e56bc745fa1de77abc2ad8debc4b1b83e0426c49 ]
    
    Added new compression flag that was recently documented, in
    addition fix some typos and clarify the sid_attr_data struct
    definition.
    
    Reviewed-by: Bharath SM <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb311: correct incorrect offset field in compression header [+ + +]
Author: Steve French <[email protected]>
Date:   Tue Mar 19 15:59:38 2024 -0500

    smb311: correct incorrect offset field in compression header
    
    [ Upstream commit 68c5818a27afcb5cdddab041b82e9d47c996cb6a ]
    
    The offset field in the compression header is 32 bits not 16.
    
    Reviewed-by: Bharath SM <[email protected]>
    Reported-by: Enzo Matsumiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
smb3: add dynamic trace point for ioctls [+ + +]
Author: Steve French <[email protected]>
Date:   Wed Mar 6 01:03:59 2024 -0600

    smb3: add dynamic trace point for ioctls
    
    [ Upstream commit 073dd87c8e1ee55ca163956f0c71249dc28aac51 ]
    
    It can be helpful in debugging to know which ioctls are called to better
    correlate them with smb3 fsctls (and opens).  Add a dynamic trace point
    to trace ioctls into cifs.ko
    
    Here is sample output:
    
                TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION
                   | |         |   |||||     |         |
     new-inotify-ioc-90418   [001] ..... 142157.397024: smb3_ioctl: xid=18 fid=0x0 ioctl cmd=0xc009cf0b
     new-inotify-ioc-90457   [007] ..... 142217.943569: smb3_ioctl: xid=22 fid=0x389bf5b6 ioctl cmd=0xc009cf0b
    
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb3: add trace event for mknod [+ + +]
Author: Steve French <[email protected]>
Date:   Sun Mar 24 00:01:02 2024 -0500

    smb3: add trace event for mknod
    
    [ Upstream commit e9e9fbeb83f65d3d487e0a0838c0867292c99fb2 ]
    
    Add trace points to help debug mknod and mkfifo:
    
       smb3_mknod_done
       smb3_mknod_enter
       smb3_mknod_err
    
    Example output:
    
          TASK-PID     CPU#  |||||  TIMESTAMP  FUNCTION
             | |         |   |||||     |         |
        mkfifo-6163    [003] .....   960.425558: smb3_mknod_enter: xid=12 sid=0xb55130f6 tid=0x46e6241c path=\fifo1
        mkfifo-6163    [003] .....   960.432719: smb3_mknod_done: xid=12 sid=0xb55130f6 tid=0x46e6241c
    
    Reviewed-by: Bharath SM <[email protected]>
    Reviewed-by: Meetakshi Setiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
SMB3: clarify some of the unused CreateOption flags [+ + +]
Author: Steve French <[email protected]>
Date:   Sun Oct 8 23:11:38 2023 -0500

    SMB3: clarify some of the unused CreateOption flags
    
    [ Upstream commit d5a3c153fd00f5e951c4f20b4c65feb1e1cfbfcb ]
    
    Update comments to show flags which should be not set (zero).
    
    See MS-SMB2 section 2.2.13
    
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
smb3: Improve exception handling in allocate_mr_list() [+ + +]
Author: Markus Elfring <[email protected]>
Date:   Fri Dec 29 20:43:12 2023 +0100

    smb3: Improve exception handling in allocate_mr_list()
    
    [ Upstream commit 96d566b6c933be96e9f5b216f04024ab522e0465 ]
    
    The kfree() function was called in one case by
    the allocate_mr_list() function during error handling
    even if the passed variable contained a null pointer.
    This issue was detected by using the Coccinelle software.
    
    Thus use another label.
    
    Signed-off-by: Markus Elfring <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb3: minor cleanup of session handling code [+ + +]
Author: Steve French <[email protected]>
Date:   Mon Nov 6 15:37:03 2023 -0600

    smb3: minor cleanup of session handling code
    
    [ Upstream commit f72d96507640835726d4f5ba26c1c11acbe1bc97 ]
    
    Minor cleanup of style issues found by checkpatch
    
    Reviewed-by: Bharath SM <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb3: minor RDMA cleanup [+ + +]
Author: Steve French <[email protected]>
Date:   Mon Nov 6 13:31:45 2023 -0600

    smb3: minor RDMA cleanup
    
    [ Upstream commit 43960dc2328e554c4c61b22c47e77e8b1c48d854 ]
    
    Some minor smbdirect debug cleanup spotted by checkpatch
    
    Cc: Long Li <[email protected]>
    Reviewed-by: Bharath SM <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb3: more minor cleanups for session handling routines [+ + +]
Author: Steve French <[email protected]>
Date:   Mon Nov 6 22:40:38 2023 -0600

    smb3: more minor cleanups for session handling routines
    
    [ Upstream commit 1bc081b67a79b6e75fae686e98048cea1038ae31 ]
    
    Some trivial cleanup pointed out by checkpatch
    
    Reviewed-by: Bharath SM <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb3: update allocation size more accurately on write completion [+ + +]
Author: Steve French <[email protected]>
Date:   Thu Feb 22 00:26:52 2024 -0600

    smb3: update allocation size more accurately on write completion
    
    [ Upstream commit dbfdff402d89854126658376cbcb08363194d3cd ]
    
    Changes to allocation size are approximated for extending writes of cached
    files until the server returns the actual value (on SMB3 close or query info
    for example), but it was setting the estimated value for number of blocks
    to larger than the file size even if the file is likely sparse which
    breaks various xfstests (e.g. generic/129, 130, 221, 228).
    
    When i_size and i_blocks are updated in write completion do not increase
    allocation size more than what was written (rounded up to 512 bytes).
    
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
smb: client: add support for WSL reparse points [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Fri Jan 26 19:26:06 2024 -0300

    smb: client: add support for WSL reparse points
    
    [ Upstream commit 5a4b09ecf8e8ad26ea03a37e52e310fe13f15b49 ]
    
    Add support for creating special files via WSL reparse points when
    using 'reparse=wsl' mount option.  They're faster than NFS reparse
    points because they don't require extra roundtrips to figure out what
    ->d_type a specific dirent is as such information is already stored in
    query dir responses and then making getdents() calls faster.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: allow creating special files via reparse points [+ + +]
Author: Steve French <[email protected]>
Date:   Sun Apr 28 01:12:41 2024 -0500

    smb: client: allow creating special files via reparse points
    
    [ Upstream commit 102466f303ffcd5cff207b3c122557f73f1041e6 ]
    
    Add support for creating special files (e.g. char/block devices,
    sockets, fifos) via NFS reparse points on SMB2+, which are fully
    supported by most SMB servers and documented in MS-FSCC.
    
    smb2_get_reparse_inode() creates the file with a corresponding reparse
    point buffer set in @iov through a single roundtrip to the server.
    
    Reported-by: kernel test robot <[email protected]>
    Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: allow creating symlinks via reparse points [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Sat Nov 25 23:55:04 2023 -0300

    smb: client: allow creating symlinks via reparse points
    
    [ Upstream commit 514d793e27a310eb26b112c1f8f1a160472907e5 ]
    
    Add support for creating symlinks via IO_REPARSE_TAG_SYMLINK reparse
    points in SMB2+.
    
    These are fully supported by most SMB servers and documented in
    MS-FSCC.  Also have the advantage of requiring fewer roundtrips as
    their symlink targets can be parsed directly from CREATE responses on
    STATUS_STOPPED_ON_SYMLINK errors.
    
    Reported-by: kernel test robot <[email protected]>
    Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: cleanup smb2_query_reparse_point() [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Sat Nov 25 23:55:08 2023 -0300

    smb: client: cleanup smb2_query_reparse_point()
    
    [ Upstream commit 3ded18a9e9d22a9cba8acad24b77a87851f9c9fa ]
    
    Use smb2_compound_op() with SMB2_OP_GET_REPARSE to get reparse point.
    
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: delete "true", "false" defines [+ + +]
Author: Alexey Dobriyan <[email protected]>
Date:   Tue Jan 23 13:40:00 2024 +0300

    smb: client: delete "true", "false" defines
    
    [ Upstream commit 5d390df3bdd13d178eb2e02e60e9a480f7103f7b ]
    
    Kernel has its own official true/false definitions.
    
    The defines aren't even used in this file.
    
    Signed-off-by: Alexey Dobriyan <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: do not defer close open handles to deleted files [+ + +]
Author: Steve French <[email protected]>
Date:   Wed May 1 00:56:13 2024 -0500

    smb: client: do not defer close open handles to deleted files
    
    [ Upstream commit ffceb7640cbfe6ea60e7769e107451d63a2fe3d3 ]
    
    When a file/dentry has been deleted before closing all its open
    handles, currently, closing them can add them to the deferred
    close list. This can lead to problems in creating file with the
    same name when the file is re-created before the deferred close
    completes. This issue was seen while reusing a client's already
    existing lease on a file for compound operations and xfstest 591
    failed because of the deferred close handle that remained valid
    even after the file was deleted and was being reused to create a
    file with the same name. The server in this case returns an error
    on open with STATUS_DELETE_PENDING. Recreating the file would
    fail till the deferred handles are closed (duration specified in
    closetimeo).
    
    This patch fixes the issue by flagging all open handles for the
    deleted file (file path to be precise) by setting
    status_file_deleted to true in the cifsFileInfo structure. As per
    the information classes specified in MS-FSCC, SMB2 query info
    response from the server has a DeletePending field, set to true
    to indicate that deletion has been requested on that file. If
    this is the case, flag the open handles for this file too.
    
    When doing close in cifs_close for each of these handles, check the
    value of this boolean field and do not defer close these handles
    if the corresponding filepath has been deleted.
    
    Signed-off-by: Meetakshi Setiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: don't clobber ->i_rdev from cached reparse points [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Fri Jan 19 01:08:29 2024 -0300

    smb: client: don't clobber ->i_rdev from cached reparse points
    
    [ Upstream commit 66c9314b61ed5b7bfcff0d89359aa0f975c0ab53 ]
    
    Don't clobber ->i_rdev from valid reparse inodes over readdir(2) as it
    can't be provided by query dir responses.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: extend smb2_compound_op() to accept more commands [+ + +]
Author: Steve French <[email protected]>
Date:   Sun Apr 28 01:09:59 2024 -0500

    smb: client: extend smb2_compound_op() to accept more commands
    
    [ Upstream commit 3322960ce222997b1663ffa69e691b2edfec4ac9 ]
    
    Make smb2_compound_op() accept up to MAX_COMPOUND(5) commands to be
    sent over a single compounded request.
    
    This will allow next commits to read and write reparse files through a
    single roundtrip to the server.
    
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() [+ + +]
Author: Dan Carpenter <[email protected]>
Date:   Wed Jan 31 10:10:18 2024 +0300

    smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs()
    
    [ Upstream commit e0e1e09b2c41d383a2483f2ee5227b724860ced1 ]
    
    This was intended to be an IS_ERR() check.  The ea_create_context()
    function doesn't return NULL.
    
    Fixes: 1eab17fe485c ("smb: client: add support for WSL reparse points")
    Reviewed-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Dan Carpenter <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: Fix minor whitespace errors and warnings [+ + +]
Author: Pierre Mariani <[email protected]>
Date:   Sun Nov 26 20:52:56 2023 -0800

    smb: client: Fix minor whitespace errors and warnings
    
    [ Upstream commit 0108ce08aed195d200ffbad74c1948bbaefe6625 ]
    
    Fixes no-op checkpatch errors and warnings.
    
    Signed-off-by: Pierre Mariani <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file() [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Mon Apr 8 18:32:17 2024 -0300

    smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file()
    
    [ Upstream commit ec4535b2a1d709d3a1fbec26739c672f13c98a7b ]
    
    cifs_get_fattr() may be called with a NULL inode, so check for a
    non-NULL inode before calling
    cifs_mark_open_handles_for_deleted_file().
    
    This fixes the following oops:
    
      mount.cifs //srv/share /mnt -o ...,vers=3.1.1
      cd /mnt
      touch foo; tail -f foo &
      rm foo
      cat foo
    
      BUG: kernel NULL pointer dereference, address: 00000000000005c0
      #PF: supervisor read access in kernel mode
      #PF: error_code(0x0000) - not-present page
      PGD 0 P4D 0
      Oops: 0000 [#1] PREEMPT SMP NOPTI
      CPU: 2 PID: 696 Comm: cat Not tainted 6.9.0-rc2 #1
      Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
      1.16.3-1.fc39 04/01/2014
      RIP: 0010:__lock_acquire+0x5d/0x1c70
      Code: 00 00 44 8b a4 24 a0 00 00 00 45 85 f6 0f 84 bb 06 00 00 8b 2d
      48 e2 95 01 45 89 c3 41 89 d2 45 89 c8 85 ed 0 0 <48> 81 3f 40 7a 76
      83 44 0f 44 d8 83 fe 01 0f 86 1b 03 00 00 31 d2
      RSP: 0018:ffffc90000b37490 EFLAGS: 00010002
      RAX: 0000000000000000 RBX: ffff888110021ec0 RCX: 0000000000000000
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000005c0
      RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
      R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000200
      FS: 00007f2a1fa08740(0000) GS:ffff888157a00000(0000)
      knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
      0000000080050033
      CR2: 00000000000005c0 CR3: 000000011ac7c000 CR4: 0000000000750ef0
      PKRU: 55555554
      Call Trace:
       <TASK>
       ? __die+0x23/0x70
       ? page_fault_oops+0x180/0x490
       ? srso_alias_return_thunk+0x5/0xfbef5
       ? exc_page_fault+0x70/0x230
       ? asm_exc_page_fault+0x26/0x30
       ? __lock_acquire+0x5d/0x1c70
       ? srso_alias_return_thunk+0x5/0xfbef5
       ? srso_alias_return_thunk+0x5/0xfbef5
       lock_acquire+0xc0/0x2d0
       ? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
       ? srso_alias_return_thunk+0x5/0xfbef5
       ? kmem_cache_alloc+0x2d9/0x370
       _raw_spin_lock+0x34/0x80
       ? cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
       cifs_mark_open_handles_for_deleted_file+0x3a/0x100 [cifs]
       cifs_get_fattr+0x24c/0x940 [cifs]
       ? srso_alias_return_thunk+0x5/0xfbef5
       cifs_get_inode_info+0x96/0x120 [cifs]
       cifs_lookup+0x16e/0x800 [cifs]
       cifs_atomic_open+0xc7/0x5d0 [cifs]
       ? lookup_open.isra.0+0x3ce/0x5f0
       ? __pfx_cifs_atomic_open+0x10/0x10 [cifs]
       lookup_open.isra.0+0x3ce/0x5f0
       path_openat+0x42b/0xc30
       ? srso_alias_return_thunk+0x5/0xfbef5
       ? srso_alias_return_thunk+0x5/0xfbef5
       ? srso_alias_return_thunk+0x5/0xfbef5
       do_filp_open+0xc4/0x170
       do_sys_openat2+0xab/0xe0
       __x64_sys_openat+0x57/0xa0
       do_syscall_64+0xc1/0x1e0
       entry_SYSCALL_64_after_hwframe+0x72/0x7a
    
    Fixes: ffceb7640cbf ("smb: client: do not defer close open handles to deleted files")
    Reviewed-by: Meetakshi Setiya <[email protected]>
    Reviewed-by: Bharath SM <[email protected]>
    Signed-off-by: Paulo Alcantara (Red Hat) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: fix potential broken compound request [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Thu Jan 25 17:04:05 2024 -0300

    smb: client: fix potential broken compound request
    
    [ Upstream commit 6914d288c63682e20e0f6e1e0b8e8f5847012d67 ]
    
    Now that smb2_compound_op() can accept up to 5 commands in a single
    compound request, set the appropriate NextCommand and related flags to
    all subsequent commands as well as handling the case where a valid
    @cfile is passed and therefore skipping create and close requests in
    the compound chain.
    
    This fix a potential broken compound request that could be sent from
    smb2_get_reparse_inode() if the client found a valid open
    file (@cfile) prior to calling smb2_compound_op().
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: get rid of smb311_posix_query_path_info() [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Fri Jan 19 01:08:28 2024 -0300

    smb: client: get rid of smb311_posix_query_path_info()
    
    [ Upstream commit f83709b9e0eb7048d74ba4515f268c6eacbce9c9 ]
    
    Merge smb311_posix_query_path_info into ->query_path_info() to get rid
    of duplicate code.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: handle path separator of created SMB symlinks [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Sun Feb 11 20:19:31 2024 -0300

    smb: client: handle path separator of created SMB symlinks
    
    [ Upstream commit 8bde59b20de06339d598e8b05e5195f7c631c38b ]
    
    Convert path separator to CIFS_DIR_SEP(cifs_sb) from symlink target
    before sending it over the wire otherwise the created SMB symlink may
    become innaccesible from server side.
    
    Fixes: 514d793e27a3 ("smb: client: allow creating symlinks via reparse points")
    Signed-off-by: Paulo Alcantara (Red Hat) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: handle special files and symlinks in SMB3 POSIX [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Tue Nov 28 18:23:33 2023 -0300

    smb: client: handle special files and symlinks in SMB3 POSIX
    
    [ Upstream commit 9c38568a75c160786d5f5d5b96aeefed0c1b76bd ]
    
    Parse reparse points in SMB3 posix query info as they will be
    supported and required by the new specification.
    
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: instantiate when creating SFU files [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Tue Apr 9 11:28:59 2024 -0300

    smb: client: instantiate when creating SFU files
    
    [ Upstream commit c6ff459037b2e35450af2351037eac4c8aca1d6b ]
    
    In cifs_sfu_make_node(), on success, instantiate rather than leave it
    with dentry unhashed negative to support callers that expect mknod(2)
    to always instantiate.
    
    This fixes the following test case:
    
      mount.cifs //srv/share /mnt -o ...,sfu
      mkfifo /mnt/fifo
      ./xfstests/ltp/growfiles -b -W test -e 1 -u -i 0 -L 30 /mnt/fifo
      ...
      BUG: unable to handle page fault for address: 000000034cec4e58
      #PF: supervisor read access in kernel mode
      #PF: error_code(0x0000) - not-present page
      PGD 0 P4D 0
      Oops: 0000 1 PREEMPT SMP PTI
      CPU: 0 PID: 138098 Comm: growfiles Kdump: loaded Not tainted
      5.14.0-436.3987_1240945149.el9.x86_64 #1
      Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
      RIP: 0010:_raw_callee_save__kvm_vcpu_is_preempted+0x0/0x20
      Code: e8 15 d9 61 00 e9 63 ff ff ff 41 bd ea ff ff ff e9 58 ff ff ff e8
      d0 71 c0 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <48> 8b 04
      fd 60 2b c1 99 80 b8 90 50 03 00 00 0f 95 c0 c3 cc cc cc
      RSP: 0018:ffffb6a143cf7cf8 EFLAGS: 00010206
      RAX: ffff8a9bc30fb038 RBX: ffff8a9bc666a200 RCX: ffff8a9cc0260000
      RDX: 00000000736f622e RSI: ffff8a9bc30fb038 RDI: 000000007665645f
      RBP: ffffb6a143cf7d70 R08: 0000000000001000 R09: 0000000000000001
      R10: 0000000000000001 R11: 0000000000000000 R12: ffff8a9bc666a200
      R13: 0000559a302a12b0 R14: 0000000000001000 R15: 0000000000000000
      FS: 00007fbed1dbb740(0000) GS:ffff8a9cf0000000(0000)
      knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 000000034cec4e58 CR3: 0000000128ec6006 CR4: 0000000000770ef0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      PKRU: 55555554
      Call Trace:
       <TASK>
       ? show_trace_log_lvl+0x1c4/0x2df
       ? show_trace_log_lvl+0x1c4/0x2df
       ? __mutex_lock.constprop.0+0x5f7/0x6a0
       ? __die_body.cold+0x8/0xd
       ? page_fault_oops+0x134/0x170
       ? exc_page_fault+0x62/0x150
       ? asm_exc_page_fault+0x22/0x30
       ? _pfx_raw_callee_save__kvm_vcpu_is_preempted+0x10/0x10
       __mutex_lock.constprop.0+0x5f7/0x6a0
       ? __mod_memcg_lruvec_state+0x84/0xd0
       pipe_write+0x47/0x650
       ? do_anonymous_page+0x258/0x410
       ? inode_security+0x22/0x60
       ? selinux_file_permission+0x108/0x150
       vfs_write+0x2cb/0x410
       ksys_write+0x5f/0xe0
       do_syscall_64+0x5c/0xf0
       ? syscall_exit_to_user_mode+0x22/0x40
       ? do_syscall_64+0x6b/0xf0
       ? sched_clock_cpu+0x9/0xc0
       ? exc_page_fault+0x62/0x150
       entry_SYSCALL_64_after_hwframe+0x6e/0x76
    
    Cc: [email protected]
    Fixes: 72bc63f5e23a ("smb3: fix creating FIFOs when mounting with "sfu" mount option")
    Suggested-by: Al Viro <[email protected]>
    Signed-off-by: Paulo Alcantara (Red Hat) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: introduce cifs_sfu_make_node() [+ + +]
Author: Steve French <[email protected]>
Date:   Sat Apr 27 09:16:18 2024 -0500

    smb: client: introduce cifs_sfu_make_node()
    
    [ Upstream commit b0348e459c836abdb0f4b967e006d15c77cf1c87 ]
    
    Remove duplicate code and add new helper for creating special files in
    SFU (Services for UNIX) format that can be shared by SMB1+ code.
    
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: introduce reparse mount option [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Sun Jan 21 13:28:21 2024 -0300

    smb: client: introduce reparse mount option
    
    [ Upstream commit eb90e8ecb2b54ac1af51e28596e0ef7ba351476d ]
    
    Allow the user to create special files and symlinks by choosing
    between WSL and NFS reparse points via 'reparse={nfs,wsl}' mount
    options.  If unset or 'reparse=default', the client will default to
    creating them via NFS reparse points.
    
    Creating WSL reparse points isn't supported yet, so simply return
    error when attempting to mount with 'reparse=wsl' for now.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: introduce SMB2_OP_QUERY_WSL_EA [+ + +]
Author: Steve French <[email protected]>
Date:   Wed May 1 01:01:06 2024 -0500

    smb: client: introduce SMB2_OP_QUERY_WSL_EA
    
    [ Upstream commit ea41367b2a602f602ea6594fc4a310520dcc64f4 ]
    
    Add a new command to smb2_compound_op() for querying WSL extended
    attributes from reparse points.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: move most of reparse point handling code to common file [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Tue Mar 5 23:28:48 2024 -0600

    smb: client: move most of reparse point handling code to common file
    
    [ Upstream commit c520ba7573a84bd37f8803a3beeb8f6f995bf9e1 ]
    
    In preparation to add support for creating special files also via WSL
    reparse points in next commits.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: negotiate compression algorithms [+ + +]
Author: Enzo Matsumiya <[email protected]>
Date:   Fri Feb 23 11:58:57 2024 -0300

    smb: client: negotiate compression algorithms
    
    [ Upstream commit 8fe7062b7d11fcd21c4dcb5f530eaa1a099b24e7 ]
    
    Change "compress=" mount option to a boolean flag, that, if set,
    will enable negotiating compression algorithms with the server.
    
    Do not de/compress anything for now.
    
    Signed-off-by: Enzo Matsumiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: optimise reparse point querying [+ + +]
Author: Steve French <[email protected]>
Date:   Sun Apr 28 01:14:29 2024 -0500

    smb: client: optimise reparse point querying
    
    [ Upstream commit 67ec9949b0dfe78c99e110dd975eb7dc5645630c ]
    
    Reduce number of roundtrips to server when querying reparse points in
    ->query_path_info() by sending a single compound request of
    create+get_reparse+get_info+close.
    
    Signed-off-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: parse owner/group when creating reparse points [+ + +]
Author: Steve French <[email protected]>
Date:   Wed May 1 00:35:20 2024 -0500

    smb: client: parse owner/group when creating reparse points
    
    [ Upstream commit 858e74876c5cbff1dfd5bace99e32fbce2abd4b5 ]
    
    Parse owner/group when creating special files and symlinks under
    SMB3.1.1 POSIX mounts.
    
    Move the parsing of owner/group to smb2_compound_op() so we don't have
    to duplicate it in both smb2_get_reparse_inode() and
    smb311_posix_query_path_info().
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: parse uid, gid, mode and dev from WSL reparse points [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Sun Jan 28 21:52:03 2024 -0300

    smb: client: parse uid, gid, mode and dev from WSL reparse points
    
    [ Upstream commit 78e26bec4d6d3aef04276e28bed48a45fd00e116 ]
    
    Parse the extended attributes from WSL reparse points to correctly
    report uid, gid mode and dev from ther instantiated inodes.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: reduce number of parameters in smb2_compound_op() [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Thu Jan 25 19:21:48 2024 -0300

    smb: client: reduce number of parameters in smb2_compound_op()
    
    [ Upstream commit fa792d8d235c20df5f422e4bd172db1efde55ab9 ]
    
    Replace @desired_access, @create_disposition, @create_options and
    @mode parameters with a single @oparms.
    
    No functional changes.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: retry compound request without reusing lease [+ + +]
Author: Meetakshi Setiya <[email protected]>
Date:   Tue Mar 5 22:43:53 2024 -0500

    smb: client: retry compound request without reusing lease
    
    [ Upstream commit 71f15c90e785d1de4bcd65a279e7256684c25c0d ]
    
    There is a shortcoming in the current implementation of the file
    lease mechanism exposed when the lease keys were attempted to be
    reused for unlink, rename and set_path_size operations for a client. As
    per MS-SMB2, lease keys are associated with the file name. Linux smb
    client maintains lease keys with the inode. If the file has any hardlinks,
    it is possible that the lease for a file be wrongly reused for an
    operation on the hardlink or vice versa. In these cases, the mentioned
    compound operations fail with STATUS_INVALID_PARAMETER.
    This patch adds a fallback to the old mechanism of not sending any
    lease with these compound operations if the request with lease key fails
    with STATUS_INVALID_PARAMETER.
    Resending the same request without lease key should not hurt any
    functionality, but might impact performance especially in cases where
    the error is not because of the usage of wrong lease key and we might
    end up doing an extra roundtrip.
    
    Signed-off-by: Meetakshi Setiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: return reparse type in /proc/mounts [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Sat Feb 24 16:57:14 2024 -0300

    smb: client: return reparse type in /proc/mounts
    
    [ Upstream commit 1e5f4240714bb238d2d17c7e14e5fb45c9140665 ]
    
    Add support for returning reparse mount option in /proc/mounts.
    
    Reported-by: kernel test robot <[email protected]>
    Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: reuse file lease key in compound operations [+ + +]
Author: Meetakshi Setiya <[email protected]>
Date:   Tue Mar 5 22:43:51 2024 -0500

    smb: client: reuse file lease key in compound operations
    
    [ Upstream commit 2c7d399e551ccfd87bcae4ef5573097f3313d779 ]
    
    Currently, when a rename, unlink or set path size compound operation
    is requested on a file that has a lot of dirty pages to be written
    to the server, we do not send the lease key for these requests. As a
    result, the server can assume that this request is from a new client, and
    send a lease break notification to the same client, on the same
    connection. As a response to the lease break, the client can consume
    several credits to write the dirty pages to the server. Depending on the
    server's credit grant implementation, the server can stop granting more
    credits to this connection, and this can cause a deadlock (which can only
    be resolved when the lease timer on the server expires).
    One of the problems here is that the client is sending no lease key,
    even if it has a lease for the file. This patch fixes the problem by
    reusing the existing lease key on the file for rename, unlink and set path
    size compound operations so that the client does not break its own lease.
    
    A very trivial example could be a set of commands by a client that
    maintains open handle (for write) to a file and then tries to copy the
    contents of that file to another one, eg.,
    
    tail -f /dev/null > myfile &
    mv myfile myfile2
    
    Presently, the network capture on the client shows that the move (or
    rename) would trigger a lease break on the same client, for the same file.
    With the lease key reused, the lease break request-response overhead is
    eliminated, thereby reducing the roundtrips performed for this set of
    operations.
    
    The patch fixes the bug described above and also provides perf benefit.
    
    Signed-off-by: Meetakshi Setiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: client: set correct d_type for reparse DFS/DFSR and mount point [+ + +]
Author: Paulo Alcantara <[email protected]>
Date:   Fri Feb 2 13:42:11 2024 -0300

    smb: client: set correct d_type for reparse DFS/DFSR and mount point
    
    [ Upstream commit 8bd25b61c5a55bc769c6608e9ce95860759acdcb ]
    
    Set correct dirent->d_type for IO_REPARSE_TAG_DFS{,R} and
    IO_REPARSE_TAG_MOUNT_POINT reparse points.
    
    Signed-off-by: Paulo Alcantara <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: common: fix fields sizes in compression_pattern_payload_v1 [+ + +]
Author: Enzo Matsumiya <[email protected]>
Date:   Fri Mar 8 18:34:10 2024 -0300

    smb: common: fix fields sizes in compression_pattern_payload_v1
    
    [ Upstream commit f49af462875a0922167cf301cf126cd04009070e ]
    
    See protocol documentation in MS-SMB2 section 2.2.42.2.2
    
    Signed-off-by: Enzo Matsumiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: common: simplify compression headers [+ + +]
Author: Enzo Matsumiya <[email protected]>
Date:   Fri Mar 8 19:00:12 2024 -0300

    smb: common: simplify compression headers
    
    [ Upstream commit 24337b60e88219816f84d633369299660e8e8cce ]
    
    Unify compression headers (chained and unchained) into a single struct
    so we can use it for the initial compression transform header
    interchangeably.
    
    Also make the OriginalPayloadSize field to be always visible in the
    compression payload header, and have callers subtract its size when not
    needed.
    
    Rename the related structs to match the naming convetion used in the
    other SMB2 structs.
    
    Signed-off-by: Enzo Matsumiya <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: Fix some kernel-doc comments [+ + +]
Author: Yang Li <[email protected]>
Date:   Fri Jan 19 17:57:07 2024 +0800

    smb: Fix some kernel-doc comments
    
    [ Upstream commit 72b0cbf6b81003c01d63c60180b335f7692d170e ]
    
    Fix some kernel-doc comments to silence the warnings:
    fs/smb/server/transport_tcp.c:374: warning: Function parameter or struct member 'max_retries' not described in 'ksmbd_tcp_read'
    fs/smb/server/transport_tcp.c:423: warning: Function parameter or struct member 'iface' not described in 'create_socket'
    
    Signed-off-by: Yang Li <[email protected]>
    Acked-by: Namjae Jeon <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings [+ + +]
Author: Gustavo A. R. Silva <[email protected]>
Date:   Thu Apr 11 09:35:42 2024 -0600

    smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings
    
    -Wflex-array-member-not-at-end is coming in GCC-14, and we are getting
    ready to enable it globally.
    
    So, in order to avoid ending up with a flexible-array member in the
    middle of multiple other structs, we use the `__struct_group()` helper
    to separate the flexible array from the rest of the members in the
    flexible structure, and use the tagged `struct create_context_hdr`
    instead of `struct create_context`.
    
    So, with these changes, fix 51 of the following warnings[1]:
    
    fs/smb/client/../common/smb2pdu.h:1225:31: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
    
    Link: https://gist.github.com/GustavoARSilva/772526a39be3dd4db39e71497f0a9893 [1]
    Link: https://github.com/KSPP/linux/issues/202
    Signed-off-by: Gustavo A. R. Silva <[email protected]>
    Signed-off-by: Steve French <[email protected]>

smb: use crypto_shash_digest() in symlink_hash() [+ + +]
Author: Eric Biggers <[email protected]>
Date:   Sat Oct 28 22:03:00 2023 -0700

    smb: use crypto_shash_digest() in symlink_hash()
    
    [ Upstream commit 783fa2c94f4150fe1b7f7d88b3baf6d98f82b41b ]
    
    Simplify symlink_hash() by using crypto_shash_digest() instead of an
    init+update+final sequence.  This should also improve performance.
    
    Signed-off-by: Eric Biggers <[email protected]>
    Reviewed-by: Paulo Alcantara (SUSE) <[email protected]>
    Signed-off-by: Steve French <[email protected]>
    Signed-off-by: Sasha Levin <[email protected]>

 
usb: dwc3: Wait unconditionally after issuing EndXfer command [+ + +]
Author: Prashanth K <[email protected]>
Date:   Thu May 2 10:11:03 2024 +0530

    usb: dwc3: Wait unconditionally after issuing EndXfer command
    
    commit 1d26ba0944d398f88aaf997bda3544646cf21945 upstream.
    
    Currently all controller IP/revisions except DWC3_usb3 >= 310a
    wait 1ms unconditionally for ENDXFER completion when IOC is not
    set. This is because DWC_usb3 controller revisions >= 3.10a
    supports GUCTL2[14: Rst_actbitlater] bit which allows polling
    CMDACT bit to know whether ENDXFER command is completed.
    
    Consider a case where an IN request was queued, and parallelly
    soft_disconnect was called (due to ffs_epfile_release). This
    eventually calls stop_active_transfer with IOC cleared, hence
    send_gadget_ep_cmd() skips waiting for CMDACT cleared during
    EndXfer. For DWC3 controllers with revisions >= 310a, we don't
    forcefully wait for 1ms either, and we proceed by unmapping the
    requests. If ENDXFER didn't complete by this time, it leads to
    SMMU faults since the controller would still be accessing those
    requests.
    
    Fix this by ensuring ENDXFER completion by adding 1ms delay in
    __dwc3_stop_active_transfer() unconditionally.
    
    Cc: [email protected]
    Fixes: b353eb6dc285 ("usb: dwc3: gadget: Skip waiting for CMDACT cleared during endxfer")
    Signed-off-by: Prashanth K <[email protected]>
    Acked-by: Thinh Nguyen <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

usb: typec: tipd: fix event checking for tps6598x [+ + +]
Author: Javier Carrasco <[email protected]>
Date:   Mon Apr 29 15:35:58 2024 +0200

    usb: typec: tipd: fix event checking for tps6598x
    
    commit 409c1cfb5a803f3cf2d17aeaf75c25c4be951b07 upstream.
    
    The current interrupt service routine of the tps6598x only reads the
    first 64 bits of the INT_EVENT1 and INT_EVENT2 registers, which means
    that any event above that range will be ignored, leaving interrupts
    unattended. Moreover, those events will not be cleared, and the device
    will keep the interrupt enabled.
    
    This issue has been observed while attempting to load patches, and the
    'ReadyForPatch' field (bit 81) of INT_EVENT1 was set.
    
    Given that older versions of the tps6598x (1, 2 and 6) provide 8-byte
    registers, a mechanism based on the upper byte of the version register
    (0x0F) has been included. The manufacturer has confirmed [1] that this
    byte is always 0 for older versions, and either 0xF7 (DH parts) or 0xF9
    (DK parts) is returned in newer versions (7 and 8).
    
    Read the complete INT_EVENT registers to handle all interrupts generated
    by the device and account for the hardware version to select the
    register size.
    
    Link: https://e2e.ti.com/support/power-management-group/power-management/f/power-management-forum/1346521/tps65987d-register-command-to-distinguish-between-tps6591-2-6-and-tps65987-8 [1]
    Fixes: 0a4c005bd171 ("usb: typec: driver for TI TPS6598x USB Power Delivery controllers")
    Cc: [email protected]
    Signed-off-by: Javier Carrasco <[email protected]>
    Link: https://lore.kernel.org/r/20240429-tps6598x_fix_event_handling-v3-2-4e8e58dce489@wolfvision.net
    Signed-off-by: Greg Kroah-Hartman <[email protected]>

usb: typec: ucsi: displayport: Fix potential deadlock [+ + +]
Author: Heikki Krogerus <[email protected]>
Date:   Tue May 7 16:43:16 2024 +0300

    usb: typec: ucsi: displayport: Fix potential deadlock
    
    commit b791a67f68121d69108640d4a3e591d210ffe850 upstream.
    
    The function ucsi_displayport_work() does not access the
    connector, so it also must not acquire the connector lock.
    
    This fixes a potential deadlock scenario:
    
    ucsi_displayport_work() -> lock(&con->lock)
    typec_altmode_vdm()
    dp_altmode_vdm()
    dp_altmode_work()
    typec_altmode_enter()
    ucsi_displayport_enter() -> lock(&con->lock)
    
    Reported-by: Mathias Nyman <[email protected]>
    Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode")
    Cc: [email protected]
    Signed-off-by: Heikki Krogerus <[email protected]>
    Link: https://lore.kernel.org/r/[email protected]
    Signed-off-by: Greg Kroah-Hartman <[email protected]>