rebase patches on top of Ubuntu-6.8.0-43.43

(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

patches/kernel/0004-pci-Enable-overrides-for-missing-ACS-capabilities-4..patch

@@ -55,10 +55,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  2 files changed, 111 insertions(+)
 
 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 4272acb3d047..d18cc2c1f9c3 100644
+index e58f3bbb7643..d574123d82bd 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4400,6 +4400,15 @@
+@@ -4403,6 +4403,15 @@
  				Also, it enforces the PCI Local Bus spec
  				rule that those bits should be 0 in system reset
  				events (useful for kexec/kdump cases).

patches/kernel/0005-kvm-disable-default-dynamic-halt-polling-growth.patch

@@ -13,7 +13,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 0f50960b0e3a..37f840f57f32 100644
+index 6a56de7ff82e..96bd40a73e0e 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -82,7 +82,7 @@ module_param(halt_poll_ns, uint, 0644);

patches/kernel/0006-net-core-downgrade-unregister_netdevice-refcount-lea.patch

@@ -14,10 +14,10 @@ Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/net/core/dev.c b/net/core/dev.c
-index c365aa06f886..c9066a7aa4c5 100644
+index a32811aebde5..15078ab81ec8 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
-@@ -10470,7 +10470,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
+@@ -10471,7 +10471,7 @@ static struct net_device *netdev_wait_allrefs_any(struct list_head *list)
  		if (time_after(jiffies, warning_time +
  			       READ_ONCE(netdev_unregister_timeout_secs) * HZ)) {
  			list_for_each_entry(dev, list, todo_list) {

patches/kernel/0007-Revert-fortify-Do-not-cast-to-unsigned-char.patch

@@ -16,7 +16,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
-index 89a6888f2f9e..66e0b60dcabb 100644
+index e99dbc052575..9e9cdb198b82 100644
 --- a/include/linux/fortify-string.h
 +++ b/include/linux/fortify-string.h
 @@ -18,7 +18,7 @@ void __write_overflow_field(size_t avail, size_t wanted) __compiletime_warning("

patches/kernel/0008-kvm-xsave-set-mask-out-PKRU-bit-in-xfeatures-if-vCPU.patch

@@ -78,7 +78,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  3 files changed, 21 insertions(+)
 
 diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
-index 3a02276899db..e07a6089ba4b 100644
+index ce1499732cb8..d68c04bde5ed 100644
 --- a/arch/x86/kvm/cpuid.c
 +++ b/arch/x86/kvm/cpuid.c
 @@ -262,6 +262,12 @@ static u64 cpuid_get_supported_xcr0(struct kvm_cpuid_entry2 *entries, int nent)
@@ -108,7 +108,7 @@ index 23dbb9eb277c..07da153802e4 100644
  
  int cpuid_query_maxphyaddr(struct kvm_vcpu *vcpu);
 diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index c84927216fad..880e2b87777e 100644
+index 3750a0c688b7..706348cbde7c 100644
 --- a/arch/x86/kvm/x86.c
 +++ b/arch/x86/kvm/x86.c
 @@ -5580,6 +5580,19 @@ static int kvm_vcpu_ioctl_x86_set_xsave(struct kvm_vcpu *vcpu,

patches/kernel/0010-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch

@@ -24,10 +24,10 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
  1 file changed, 1 insertion(+)
 
 diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
-index e90b429c84f1..5c7faf7c447f 100644
+index cf86607bc696..e2c080780d9a 100644
 --- a/arch/x86/kvm/svm/svm.c
 +++ b/arch/x86/kvm/svm/svm.c
-@@ -5085,6 +5085,7 @@ static __init void svm_set_cpu_caps(void)
+@@ -5102,6 +5102,7 @@ static __init void svm_set_cpu_caps(void)
  	if (nested) {
  		kvm_cpu_cap_set(X86_FEATURE_SVM);
  		kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);

patches/kernel/0013-x86-CPU-AMD-Improve-the-erratum-1386-workaround.patch

@@ -21,10 +21,10 @@ Link: https://lore.kernel.org/r/20240324200525.GBZgCHhYFsBj12PrKv@fat_crate.loca
  2 files changed, 20 insertions(+)
 
 diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h
-index eb8fcede9e3b..bf4e065cf1e2 100644
+index e8e3dbe7f173..b6325ee30871 100644
 --- a/arch/x86/include/asm/cpu_device_id.h
 +++ b/arch/x86/include/asm/cpu_device_id.h
-@@ -190,6 +190,14 @@ struct x86_cpu_desc {
+@@ -288,6 +288,14 @@ struct x86_cpu_desc {
  	.x86_microcode_rev	= (revision),			\
  }
  
@@ -40,7 +40,7 @@ index eb8fcede9e3b..bf4e065cf1e2 100644
  extern bool x86_cpu_has_min_microcode_rev(const struct x86_cpu_desc *table);
  
 diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index dfa8d0cf5e18..22a263b1a884 100644
+index 0838ea579eb0..ca6096dcc5c6 100644
 --- a/arch/x86/kernel/cpu/amd.c
 +++ b/arch/x86/kernel/cpu/amd.c
 @@ -13,6 +13,7 @@
@@ -51,7 +51,7 @@ index dfa8d0cf5e18..22a263b1a884 100644
  #include <asm/spec-ctrl.h>
  #include <asm/smp.h>
  #include <asm/numa.h>
-@@ -926,6 +927,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
+@@ -925,6 +926,11 @@ static void init_amd_bd(struct cpuinfo_x86 *c)
  	clear_rdrand_cpuid_bit(c);
  }
  
@@ -63,7 +63,7 @@ index dfa8d0cf5e18..22a263b1a884 100644
  static void fix_erratum_1386(struct cpuinfo_x86 *c)
  {
  	/*
-@@ -935,7 +941,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c)
+@@ -934,7 +940,13 @@ static void fix_erratum_1386(struct cpuinfo_x86 *c)
  	 *
  	 * Affected parts all have no supervisor XSAVE states, meaning that
  	 * the XSAVEC instruction (which works fine) is equivalent.

patches/kernel/0014-block-fix-request.queuelist-usage-in-flush.patch

@@ -1,64 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Chengming Zhou <chengming.zhou@linux.dev>
-Date: Sat, 8 Jun 2024 22:31:15 +0800
-Subject: [PATCH] block: fix request.queuelist usage in flush
-
-Friedrich Weber reported a kernel crash problem and bisected to commit
-81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine").
-
-The root cause is that we use "list_move_tail(&rq->queuelist, pending)"
-in the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since
-it's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch().
-We don't initialize its queuelist just for this first request, although
-the queuelist of all later popped requests will be initialized.
-
-Fix it by changing to use "list_add_tail(&rq->queuelist, pending)" so
-rq->queuelist doesn't need to be initialized. It should be ok since rq
-can't be on any list when PREFLUSH or POSTFLUSH, has no move actually.
-
-Please note the commit 81ada09cc25e ("blk-flush: reuse rq queuelist in
-flush state machine") also has another requirement that no drivers would
-touch rq->queuelist after blk_mq_end_request() since we will reuse it to
-add rq to the post-flush pending list in POSTFLUSH. If this is not true,
-we will have to revert that commit IMHO.
-
-This updated version adds "list_del_init(&rq->queuelist)" in flush rq
-callback since the dm layer may submit request of a weird invalid format
-(REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add
-if without this "list_del_init(&rq->queuelist)". The weird invalid format
-problem should be fixed in dm layer.
-
-Reported-by: Friedrich Weber <f.weber@proxmox.com>
-Closes: https://lore.kernel.org/lkml/14b89dfb-505c-49f7-aebb-01c54451db40@proxmox.com/
-Closes: https://lore.kernel.org/lkml/c9d03ff7-27c5-4ebd-b3f6-5a90d96f35ba@proxmox.com/
-Fixes: 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine")
-Cc: Christoph Hellwig <hch@lst.de>
-Cc: ming.lei@redhat.com
-Cc: bvanassche@acm.org
-Tested-by: Friedrich Weber <f.weber@proxmox.com>
-Signed-off-by: Chengming Zhou <chengming.zhou@linux.dev>
----
- block/blk-flush.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/block/blk-flush.c b/block/blk-flush.c
-index 3f4d41952ef2..d72b57898b23 100644
---- a/block/blk-flush.c
-+++ b/block/blk-flush.c
-@@ -183,7 +183,7 @@ static void blk_flush_complete_seq(struct request *rq,
- 		/* queue for flush */
- 		if (list_empty(pending))
- 			fq->flush_pending_since = jiffies;
--		list_move_tail(&rq->queuelist, pending);
-+		list_add_tail(&rq->queuelist, pending);
- 		break;
- 
- 	case REQ_FSEQ_DATA:
-@@ -261,6 +261,7 @@ static enum rq_end_io_ret flush_end_io(struct request *flush_rq,
- 		unsigned int seq = blk_flush_cur_seq(rq);
- 
- 		BUG_ON(seq != REQ_FSEQ_PREFLUSH && seq != REQ_FSEQ_POSTFLUSH);
-+		list_del_init(&rq->queuelist);
- 		blk_flush_complete_seq(rq, fq, seq, error);
- 	}
- 

patches/kernel/0015-scsi-core-Handle-devices-which-return-an-unusually-l.patch

@@ -1,49 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: "Martin K. Petersen" <martin.petersen@oracle.com>
-Date: Mon, 20 May 2024 22:30:40 -0400
-Subject: [PATCH] scsi: core: Handle devices which return an unusually large
- VPD page count
-
-Peter Schneider reported that a system would no longer boot after
-updating to 6.8.4.  Peter bisected the issue and identified commit
-b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to
-fetching page") as being the culprit.
-
-Turns out the enclosure device in Peter's system reports a byteswapped
-page length for VPD page 0. It reports "02 00" as page length instead
-of "00 02". This causes us to attempt to access 516 bytes (page length
-+ header) of information despite only 2 pages being present.
-
-Limit the page search scope to the size of our VPD buffer to guard
-against devices returning a larger page count than requested.
-
-Link: https://lore.kernel.org/r/20240521023040.2703884-1-martin.petersen@oracle.com
-Fixes: b5fc07a5fb56 ("scsi: core: Consult supported VPD page list prior to fetching page")
-Cc: stable@vger.kernel.org
-Reported-by: Peter Schneider <pschneider1968@googlemail.com>
-Closes: https://lore.kernel.org/all/eec6ebbf-061b-4a7b-96dc-ea748aa4d035@googlemail.com/
-Tested-by: Peter Schneider <pschneider1968@googlemail.com>
-Reviewed-by: Bart Van Assche <bvanassche@acm.org>
-Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
----
- drivers/scsi/scsi.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
-index 8cad9792a562..b3ff3a633a1e 100644
---- a/drivers/scsi/scsi.c
-+++ b/drivers/scsi/scsi.c
-@@ -350,6 +350,13 @@ static int scsi_get_vpd_size(struct scsi_device *sdev, u8 page)
- 		if (result < SCSI_VPD_HEADER_SIZE)
- 			return 0;
- 
-+		if (result > sizeof(vpd)) {
-+			dev_warn_once(&sdev->sdev_gendev,
-+				      "%s: long VPD page 0 length: %d bytes\n",
-+				      __func__, result);
-+			result = sizeof(vpd);
-+		}
-+
- 		result -= SCSI_VPD_HEADER_SIZE;
- 		if (!memchr(&vpd[SCSI_VPD_HEADER_SIZE], page, result))
- 			return 0;

patches/kernel/0016-SUNRPC-Fix-backchannel-reply-again.patch

@@ -32,10 +32,10 @@ Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
  1 file changed, 4 insertions(+), 1 deletion(-)
 
 diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
-index b969e505c7b7..5fc974dda811 100644
+index bd61e257cda6..bac1886f07da 100644
 --- a/net/sunrpc/svc.c
 +++ b/net/sunrpc/svc.c
-@@ -1548,9 +1548,11 @@ void svc_process(struct svc_rqst *rqstp)
+@@ -1546,9 +1546,11 @@ void svc_process(struct svc_rqst *rqstp)
   */
  void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp)
  {
@@ -48,7 +48,7 @@ index b969e505c7b7..5fc974dda811 100644
  
  	/* Build the svc_rqst used by the common processing routine */
  	rqstp->rq_xid = req->rq_xid;
-@@ -1603,6 +1605,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp)
+@@ -1601,6 +1603,7 @@ void svc_process_bc(struct rpc_rqst *req, struct svc_rqst *rqstp)
  		timeout.to_initval = req->rq_xprt->timeout->to_initval;
  		timeout.to_retries = req->rq_xprt->timeout->to_retries;
  	}

patches/kernel/0016-e1000e-change-usleep_range-to-udelay-in-PHY-mdic-acc.patch

@@ -1,73 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Vitaly Lifshits <vitaly.lifshits@intel.com>
-Date: Mon, 29 Apr 2024 10:10:40 -0700
-Subject: [PATCH] e1000e: change usleep_range to udelay in PHY mdic access
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround
-for sporadic MDI error on Meteor Lake systems"). The referenced commit
-used usleep_range inside the PHY access routines, which are sometimes
-called from an atomic context. This can lead to a kernel panic in some
-scenarios, such as cable disconnection and reconnection on vPro systems.
-
-Solve this by changing the usleep_range calls back to udelay.
-
-Fixes: 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems")
-Cc: stable@vger.kernel.org
-Reported-by: Jérôme Carretero <cJ@zougloub.eu>
-Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218740
-Closes: https://lore.kernel.org/lkml/a7eb665c74b5efb5140e6979759ed243072cb24a.camel@zougloub.eu/
-Co-developed-by: Sasha Neftin <sasha.neftin@intel.com>
-Signed-off-by: Sasha Neftin <sasha.neftin@intel.com>
-Signed-off-by: Vitaly Lifshits <vitaly.lifshits@intel.com>
-Tested-by: Dima Ruinskiy <dima.ruinskiy@intel.com>
-Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
-Reviewed-by: Simon Horman <horms@kernel.org>
-Link: https://lore.kernel.org/r/20240429171040.1152516-1-anthony.l.nguyen@intel.com
-Signed-off-by: Jakub Kicinski <kuba@kernel.org>
----
- drivers/net/ethernet/intel/e1000e/phy.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/net/ethernet/intel/e1000e/phy.c b/drivers/net/ethernet/intel/e1000e/phy.c
-index 93544f1cc2a5..f7ae0e0aa4a4 100644
---- a/drivers/net/ethernet/intel/e1000e/phy.c
-+++ b/drivers/net/ethernet/intel/e1000e/phy.c
-@@ -157,7 +157,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data)
- 		 * the lower time out
- 		 */
- 		for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) {
--			usleep_range(50, 60);
-+			udelay(50);
- 			mdic = er32(MDIC);
- 			if (mdic & E1000_MDIC_READY)
- 				break;
-@@ -181,7 +181,7 @@ s32 e1000e_read_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 *data)
- 		 * reading duplicate data in the next MDIC transaction.
- 		 */
- 		if (hw->mac.type == e1000_pch2lan)
--			usleep_range(100, 150);
-+			udelay(100);
- 
- 		if (success) {
- 			*data = (u16)mdic;
-@@ -237,7 +237,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data)
- 		 * the lower time out
- 		 */
- 		for (i = 0; i < (E1000_GEN_POLL_TIMEOUT * 3); i++) {
--			usleep_range(50, 60);
-+			udelay(50);
- 			mdic = er32(MDIC);
- 			if (mdic & E1000_MDIC_READY)
- 				break;
-@@ -261,7 +261,7 @@ s32 e1000e_write_phy_reg_mdic(struct e1000_hw *hw, u32 offset, u16 data)
- 		 * reading duplicate data in the next MDIC transaction.
- 		 */
- 		if (hw->mac.type == e1000_pch2lan)
--			usleep_range(100, 150);
-+			udelay(100);
- 
- 		if (success)
- 			return 0;

patches/kernel/0017-virtio-pci-Check-if-is_avq-is-NULL.patch

@@ -1,48 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Li Zhang <zhanglikernel@gmail.com>
-Date: Tue, 18 Jun 2024 07:28:00 +0200
-Subject: [PATCH] virtio-pci: Check if is_avq is NULL
-
-BugLink: https://bugs.launchpad.net/bugs/2067862
-
-[bug]
-In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved
-to determine whether it is admin virtqueue, but this function vp_dev->is_avq
- may be empty. For installations, virtio_pci_legacy does not assign a value
- to vp_dev->is_avq.
-
-[fix]
-Check whether it is vp_dev->is_avq before use.
-
-[test]
-Test with virsh Attach device
-Before this patch, the following command would crash the guest system
-
-After applying the patch, everything seems to be working fine.
-
-Signed-off-by: Li Zhang <zhanglikernel@gmail.com>
-Message-Id: <1710566754-3532-1-git-send-email-zhanglikernel@gmail.com>
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-
-(cherry picked from commit c8fae27d141a32a1624d0d0d5419d94252824498)
-Signed-off-by: Matthew Ruffell <matthew.ruffell@canonical.com>
-Acked-by: Paolo Pisati <paolo.pisati@canonical.com>
-Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
----
- drivers/virtio/virtio_pci_common.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c
-index b655fccaf773..3c18fc14cd66 100644
---- a/drivers/virtio/virtio_pci_common.c
-+++ b/drivers/virtio/virtio_pci_common.c
-@@ -236,7 +236,7 @@ void vp_del_vqs(struct virtio_device *vdev)
- 	int i;
- 
- 	list_for_each_entry_safe(vq, n, &vdev->vqs, list) {
--		if (vp_dev->is_avq(vdev, vq->index))
-+		if (vp_dev->is_avq && vp_dev->is_avq(vdev, vq->index))
- 			continue;
- 
- 		if (vp_dev->per_vq_vectors) {

patches/kernel/0024-bnxt_re-avoid-shift-undefined-behavior-in-bnxt_qplib.patch

@@ -1,124 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Michal Schmidt <mschmidt@redhat.com>
-Date: Tue, 7 May 2024 12:39:28 +0200
-Subject: [PATCH] bnxt_re: avoid shift undefined behavior in
- bnxt_qplib_alloc_init_hwq
-
-BugLink: https://bugs.launchpad.net/bugs/2071621
-
-[ Upstream commit 78cfd17142ef70599d6409cbd709d94b3da58659 ]
-
-Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called
-with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0.
-In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called.
-roundup_pow_of_two is documented as undefined for 0.
-
-Fix it in the one caller that had this combination.
-
-The undefined behavior was detected by UBSAN:
-  UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
-  shift exponent 64 is too large for 64-bit type 'long unsigned int'
-  CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4
-  Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023
-  Call Trace:
-   <TASK>
-   dump_stack_lvl+0x5d/0x80
-   ubsan_epilogue+0x5/0x30
-   __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec
-   __roundup_pow_of_two+0x25/0x35 [bnxt_re]
-   bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]
-   bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]
-   bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? __kmalloc+0x1b6/0x4f0
-   ? create_qp.part.0+0x128/0x1c0 [ib_core]
-   ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]
-   create_qp.part.0+0x128/0x1c0 [ib_core]
-   ib_create_qp_kernel+0x50/0xd0 [ib_core]
-   create_mad_qp+0x8e/0xe0 [ib_core]
-   ? __pfx_qp_event_handler+0x10/0x10 [ib_core]
-   ib_mad_init_device+0x2be/0x680 [ib_core]
-   add_client_context+0x10d/0x1a0 [ib_core]
-   enable_device_and_get+0xe0/0x1d0 [ib_core]
-   ib_register_device+0x53c/0x630 [ib_core]
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   bnxt_re_probe+0xbd8/0xe50 [bnxt_re]
-   ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]
-   auxiliary_bus_probe+0x49/0x80
-   ? driver_sysfs_add+0x57/0xc0
-   really_probe+0xde/0x340
-   ? pm_runtime_barrier+0x54/0x90
-   ? __pfx___driver_attach+0x10/0x10
-   __driver_probe_device+0x78/0x110
-   driver_probe_device+0x1f/0xa0
-   __driver_attach+0xba/0x1c0
-   bus_for_each_dev+0x8f/0xe0
-   bus_add_driver+0x146/0x220
-   driver_register+0x72/0xd0
-   __auxiliary_driver_register+0x6e/0xd0
-   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]
-   bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]
-   ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]
-   do_one_initcall+0x5b/0x310
-   do_init_module+0x90/0x250
-   init_module_from_file+0x86/0xc0
-   idempotent_init_module+0x121/0x2b0
-   __x64_sys_finit_module+0x5e/0xb0
-   do_syscall_64+0x82/0x160
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? syscall_exit_to_user_mode_prepare+0x149/0x170
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? syscall_exit_to_user_mode+0x75/0x230
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? do_syscall_64+0x8e/0x160
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? __count_memcg_events+0x69/0x100
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? count_memcg_events.constprop.0+0x1a/0x30
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? handle_mm_fault+0x1f0/0x300
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? do_user_addr_fault+0x34e/0x640
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   ? srso_alias_return_thunk+0x5/0xfbef5
-   entry_SYSCALL_64_after_hwframe+0x76/0x7e
-  RIP: 0033:0x7f4e5132821d
-  Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48
-  RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
-  RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d
-  RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b
-  RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0
-  R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d
-  R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60
-   </TASK>
-  ---[ end trace ]---
-
-Fixes: 0c4dcd602817 ("RDMA/bnxt_re: Refactor hardware queue memory allocation")
-Signed-off-by: Michal Schmidt <mschmidt@redhat.com>
-Link: https://lore.kernel.org/r/20240507103929.30003-1-mschmidt@redhat.com
-Acked-by: Selvin Xavier <selvin.xavier@broadcom.com>
-Signed-off-by: Leon Romanovsky <leon@kernel.org>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
-Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
-Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
-(cherry picked from commit 949beca2d9ddb69c2ccd39e5fd5d062c81fe0db0)
-Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
----
- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.c b/drivers/infiniband/hw/bnxt_re/qplib_fp.c
-index 439d0c7c5d0c..04258676d072 100644
---- a/drivers/infiniband/hw/bnxt_re/qplib_fp.c
-+++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.c
-@@ -1013,7 +1013,8 @@ int bnxt_qplib_create_qp(struct bnxt_qplib_res *res, struct bnxt_qplib_qp *qp)
- 	hwq_attr.stride = sizeof(struct sq_sge);
- 	hwq_attr.depth = bnxt_qplib_get_depth(sq);
- 	hwq_attr.aux_stride = psn_sz;
--	hwq_attr.aux_depth = bnxt_qplib_set_sq_size(sq, qp->wqe_mode);
-+	hwq_attr.aux_depth = psn_sz ? bnxt_qplib_set_sq_size(sq, qp->wqe_mode)
-+				    : 0;
- 	/* Update msn tbl size */
- 	if (BNXT_RE_HW_RETX(qp->dev_cap_flags) && psn_sz) {
- 		hwq_attr.aux_depth = roundup_pow_of_two(bnxt_qplib_set_sq_size(sq, qp->wqe_mode));