- Linux-stable-mirror - lists.linaro.org

[PATCHSET v3] xfs: proposed bug fixes for 6.13

by Darrick J. Wong

Hi all, Here are even more bugfixes for 6.13 that have been accumulating since 6.12 was released. Now with a few extra comments that were requested by reviewers. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. With a bit of luck, this should all go splendidly. Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=pr… --- Commits in this patchset: * xfs: don't move nondir/nonreg temporary repair files to the metadir namespace * xfs: don't crash on corrupt /quotas dirent * xfs: check pre-metadir fields correctly * xfs: fix zero byte checking in the superblock scrubber * xfs: return from xfs_symlink_verify early on V4 filesystems * xfs: port xfs_ioc_start_commit to multigrain timestamps --- fs/xfs/libxfs/xfs_symlink_remote.c | 4 ++ fs/xfs/scrub/agheader.c | 71 ++++++++++++++++++++++++++++-------- fs/xfs/scrub/tempfile.c | 3 ++ fs/xfs/xfs_exchrange.c | 14 ++++--- fs/xfs/xfs_qm.c | 7 ++++ 5 files changed, 76 insertions(+), 23 deletions(-)

6 months, 2 weeks

1
6
0 0

[PATCH stable 6.1 1/3] net: Move {l,t,d}stats allocation to core and convert veth & vrf

by Daniel Borkmann

[ Upstream commit 34d21de99cea9cb17967874313e5b0262527833c ] [ Note: Simplified vrf bits to reduce patch given unrelated to the fix ] Move {l,t,d}stats allocation to the core and let netdevs pick the stats type they need. That way the driver doesn't have to bother with error handling (allocation failure checking, making sure free happens in the right spot, etc) - all happening in the core. Co-developed-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: Nikolay Aleksandrov <razor(a)blackwall.org> Cc: David Ahern <dsahern(a)kernel.org> Link: https://lore.kernel.org/r/20231114004220.6495-3-daniel@iogearbox.net Signed-off-by: Martin KaFai Lau <martin.lau(a)kernel.org> Stable-dep-of: 024ee930cb3c ("bpf: Fix dev's rx stats for bpf_redirect_peer traffic") Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> --- drivers/net/veth.c | 16 ++---------- drivers/net/vrf.c | 24 ++++++------------ include/linux/netdevice.h | 30 +++++++++++++++++++--- net/core/dev.c | 53 ++++++++++++++++++++++++++++++++++++--- 4 files changed, 85 insertions(+), 38 deletions(-) diff --git a/drivers/net/veth.c b/drivers/net/veth.c index 8dcd3b6e143b..0a8154611d7f 100644 --- a/drivers/net/veth.c +++ b/drivers/net/veth.c @@ -1381,25 +1381,12 @@ static void veth_free_queues(struct net_device *dev) static int veth_dev_init(struct net_device *dev) { - int err; - - dev->lstats = netdev_alloc_pcpu_stats(struct pcpu_lstats); - if (!dev->lstats) - return -ENOMEM; - - err = veth_alloc_queues(dev); - if (err) { - free_percpu(dev->lstats); - return err; - } - - return 0; + return veth_alloc_queues(dev); } static void veth_dev_free(struct net_device *dev) { veth_free_queues(dev); - free_percpu(dev->lstats); } #ifdef CONFIG_NET_POLL_CONTROLLER @@ -1625,6 +1612,7 @@ static void veth_setup(struct net_device *dev) NETIF_F_HW_VLAN_STAG_RX); dev->needs_free_netdev = true; dev->priv_destructor = veth_dev_free; + dev->pcpu_stat_type = NETDEV_PCPU_STAT_LSTATS; dev->max_mtu = ETH_MAX_MTU; dev->hw_features = VETH_FEATURES; diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 208df4d41939..c8a1009d659e 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -121,22 +121,12 @@ struct net_vrf { int ifindex; }; -struct pcpu_dstats { - u64 tx_pkts; - u64 tx_bytes; - u64 tx_drps; - u64 rx_pkts; - u64 rx_bytes; - u64 rx_drps; - struct u64_stats_sync syncp; -}; - static void vrf_rx_stats(struct net_device *dev, int len) { struct pcpu_dstats *dstats = this_cpu_ptr(dev->dstats); u64_stats_update_begin(&dstats->syncp); - dstats->rx_pkts++; + dstats->rx_packets++; dstats->rx_bytes += len; u64_stats_update_end(&dstats->syncp); } @@ -161,10 +151,10 @@ static void vrf_get_stats64(struct net_device *dev, do { start = u64_stats_fetch_begin_irq(&dstats->syncp); tbytes = dstats->tx_bytes; - tpkts = dstats->tx_pkts; - tdrops = dstats->tx_drps; + tpkts = dstats->tx_packets; + tdrops = dstats->tx_drops; rbytes = dstats->rx_bytes; - rpkts = dstats->rx_pkts; + rpkts = dstats->rx_packets; } while (u64_stats_fetch_retry_irq(&dstats->syncp, start)); stats->tx_bytes += tbytes; stats->tx_packets += tpkts; @@ -421,7 +411,7 @@ static int vrf_local_xmit(struct sk_buff *skb, struct net_device *dev, if (likely(__netif_rx(skb) == NET_RX_SUCCESS)) vrf_rx_stats(dev, len); else - this_cpu_inc(dev->dstats->rx_drps); + this_cpu_inc(dev->dstats->rx_drops); return NETDEV_TX_OK; } @@ -616,11 +606,11 @@ static netdev_tx_t vrf_xmit(struct sk_buff *skb, struct net_device *dev) struct pcpu_dstats *dstats = this_cpu_ptr(dev->dstats); u64_stats_update_begin(&dstats->syncp); - dstats->tx_pkts++; + dstats->tx_packets++; dstats->tx_bytes += len; u64_stats_update_end(&dstats->syncp); } else { - this_cpu_inc(dev->dstats->tx_drps); + this_cpu_inc(dev->dstats->tx_drops); } return ret; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h index fbbd0df1106b..662183994e88 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1747,6 +1747,13 @@ enum netdev_ml_priv_type { ML_PRIV_CAN, }; +enum netdev_stat_type { + NETDEV_PCPU_STAT_NONE, + NETDEV_PCPU_STAT_LSTATS, /* struct pcpu_lstats */ + NETDEV_PCPU_STAT_TSTATS, /* struct pcpu_sw_netstats */ + NETDEV_PCPU_STAT_DSTATS, /* struct pcpu_dstats */ +}; + /** * struct net_device - The DEVICE structure. * @@ -1941,10 +1948,14 @@ enum netdev_ml_priv_type { * * @ml_priv: Mid-layer private * @ml_priv_type: Mid-layer private type - * @lstats: Loopback statistics - * @tstats: Tunnel statistics - * @dstats: Dummy statistics - * @vstats: Virtual ethernet statistics + * + * @pcpu_stat_type: Type of device statistics which the core should + * allocate/free: none, lstats, tstats, dstats. none + * means the driver is handling statistics allocation/ + * freeing internally. + * @lstats: Loopback statistics: packets, bytes + * @tstats: Tunnel statistics: RX/TX packets, RX/TX bytes + * @dstats: Dummy statistics: RX/TX/drop packets, RX/TX bytes * * @garp_port: GARP * @mrp_port: MRP @@ -2287,6 +2298,7 @@ struct net_device { void *ml_priv; enum netdev_ml_priv_type ml_priv_type; + enum netdev_stat_type pcpu_stat_type:8; union { struct pcpu_lstats __percpu *lstats; struct pcpu_sw_netstats __percpu *tstats; @@ -2670,6 +2682,16 @@ struct pcpu_sw_netstats { struct u64_stats_sync syncp; } __aligned(4 * sizeof(u64)); +struct pcpu_dstats { + u64 rx_packets; + u64 rx_bytes; + u64 rx_drops; + u64 tx_packets; + u64 tx_bytes; + u64 tx_drops; + struct u64_stats_sync syncp; +} __aligned(8 * sizeof(u64)); + struct pcpu_lstats { u64_stats_t packets; u64_stats_t bytes; diff --git a/net/core/dev.c b/net/core/dev.c index 42c16b3e86b9..5151f69dd724 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9991,6 +9991,46 @@ void netif_tx_stop_all_queues(struct net_device *dev) } EXPORT_SYMBOL(netif_tx_stop_all_queues); +static int netdev_do_alloc_pcpu_stats(struct net_device *dev) +{ + void __percpu *v; + + switch (dev->pcpu_stat_type) { + case NETDEV_PCPU_STAT_NONE: + return 0; + case NETDEV_PCPU_STAT_LSTATS: + v = dev->lstats = netdev_alloc_pcpu_stats(struct pcpu_lstats); + break; + case NETDEV_PCPU_STAT_TSTATS: + v = dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); + break; + case NETDEV_PCPU_STAT_DSTATS: + v = dev->dstats = netdev_alloc_pcpu_stats(struct pcpu_dstats); + break; + default: + return -EINVAL; + } + + return v ? 0 : -ENOMEM; +} + +static void netdev_do_free_pcpu_stats(struct net_device *dev) +{ + switch (dev->pcpu_stat_type) { + case NETDEV_PCPU_STAT_NONE: + return; + case NETDEV_PCPU_STAT_LSTATS: + free_percpu(dev->lstats); + break; + case NETDEV_PCPU_STAT_TSTATS: + free_percpu(dev->tstats); + break; + case NETDEV_PCPU_STAT_DSTATS: + free_percpu(dev->dstats); + break; + } +} + /** * register_netdevice() - register a network device * @dev: device to register @@ -10051,11 +10091,15 @@ int register_netdevice(struct net_device *dev) goto err_uninit; } + ret = netdev_do_alloc_pcpu_stats(dev); + if (ret) + goto err_uninit; + ret = -EBUSY; if (!dev->ifindex) dev->ifindex = dev_new_index(net); else if (__dev_get_by_index(net, dev->ifindex)) - goto err_uninit; + goto err_free_pcpu; /* Transfer changeable features to wanted_features and enable * software offloads (GSO and GRO). @@ -10102,14 +10146,14 @@ int register_netdevice(struct net_device *dev) ret = call_netdevice_notifiers(NETDEV_POST_INIT, dev); ret = notifier_to_errno(ret); if (ret) - goto err_uninit; + goto err_free_pcpu; ret = netdev_register_kobject(dev); write_lock(&dev_base_lock); dev->reg_state = ret ? NETREG_UNREGISTERED : NETREG_REGISTERED; write_unlock(&dev_base_lock); if (ret) - goto err_uninit; + goto err_free_pcpu; __netdev_update_features(dev); @@ -10156,6 +10200,8 @@ int register_netdevice(struct net_device *dev) out: return ret; +err_free_pcpu: + netdev_do_free_pcpu_stats(dev); err_uninit: if (dev->netdev_ops->ndo_uninit) dev->netdev_ops->ndo_uninit(dev); @@ -10409,6 +10455,7 @@ void netdev_run_todo(void) WARN_ON(rcu_access_pointer(dev->ip_ptr)); WARN_ON(rcu_access_pointer(dev->ip6_ptr)); + netdev_do_free_pcpu_stats(dev); if (dev->priv_destructor) dev->priv_destructor(dev); if (dev->needs_free_netdev) -- 2.43.0

6 months, 2 weeks

2
5
0 0

[PATCH 6.6.x] btrfs: add cancellation points to trim loops

by David Sterba

From: Luca Stefani <luca.stefani.ge1(a)gmail.com> commit 69313850dce33ce8c24b38576a279421f4c60996 upstream. There are reports that system cannot suspend due to running trim because the task responsible for trimming the device isn't able to finish in time, especially since we have a free extent discarding phase, which can trim a lot of unallocated space. There are no limits on the trim size (unlike the block group part). Since trime isn't a critical call it can be interrupted at any time, in such cases we stop the trim, report the amount of discarded bytes and return an error. Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/extent-tree.c | 7 ++++++- fs/btrfs/free-space-cache.c | 4 ++-- fs/btrfs/free-space-cache.h | 7 +++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index b3680e1c7054..599407120513 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1319,6 +1319,11 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, start += bytes_to_discard; bytes_left -= bytes_to_discard; *discarded_bytes += bytes_to_discard; + + if (btrfs_trim_interrupted()) { + ret = -ERESTARTSYS; + break; + } } return ret; @@ -6094,7 +6099,7 @@ static int btrfs_trim_free_extents(struct btrfs_device *device, u64 *trimmed) start += len; *trimmed += bytes; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 3bcf4a30cad7..9a6ec9344c3e 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3808,7 +3808,7 @@ static int trim_no_bitmap(struct btrfs_block_group *block_group, if (async && *total_trimmed) break; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } @@ -3999,7 +3999,7 @@ static int trim_bitmaps(struct btrfs_block_group *block_group, } block_group->discard_cursor = start; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { if (start != offset) reset_trimming_bitmap(ctl, offset); ret = -ERESTARTSYS; diff --git a/fs/btrfs/free-space-cache.h b/fs/btrfs/free-space-cache.h index 33b4da3271b1..bd80c7b2af96 100644 --- a/fs/btrfs/free-space-cache.h +++ b/fs/btrfs/free-space-cache.h @@ -6,6 +6,8 @@ #ifndef BTRFS_FREE_SPACE_CACHE_H #define BTRFS_FREE_SPACE_CACHE_H +#include <linux/freezer.h> + /* * This is the trim state of an extent or bitmap. * @@ -43,6 +45,11 @@ static inline bool btrfs_free_space_trimming_bitmap( return (info->trim_state == BTRFS_TRIM_STATE_TRIMMING); } +static inline bool btrfs_trim_interrupted(void) +{ + return fatal_signal_pending(current) || freezing(current); +} + /* * Deltas are an effective way to populate global statistics. Give macro names * to make it clear what we're doing. An example is discard_extents in -- 2.45.0

6 months, 2 weeks

2
1
0 0

[PATCH 1/2] drm/amd/display: Skip Invalid Streams from DSC Policy

by Alex Deucher

From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Streams with invalid new connector state should be elimiated from dsc policy. Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3405 Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 9afeda04964281e9f708b92c2a9c4f8a1387b46e) Cc: stable(a)vger.kernel.org # 6.11.x --- .../drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index a08e8a0b696c..f756640048fe 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -1120,6 +1120,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, int i, k, ret; bool debugfs_overwrite = false; uint16_t fec_overhead_multiplier_x1000 = get_fec_overhead_multiplier(dc_link); + struct drm_connector_state *new_conn_state; memset(params, 0, sizeof(params)); @@ -1127,7 +1128,7 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, return PTR_ERR(mst_state); /* Set up params */ - DRM_DEBUG_DRIVER("%s: MST_DSC Set up params for %d streams\n", __func__, dc_state->stream_count); + DRM_DEBUG_DRIVER("%s: MST_DSC Try to set up params from %d streams\n", __func__, dc_state->stream_count); for (i = 0; i < dc_state->stream_count; i++) { struct dc_dsc_policy dsc_policy = {0}; @@ -1143,6 +1144,14 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, if (!aconnector->mst_output_port) continue; + new_conn_state = drm_atomic_get_new_connector_state(state, &aconnector->base); + + if (!new_conn_state) { + DRM_DEBUG_DRIVER("%s:%d MST_DSC Skip the stream 0x%p with invalid new_conn_state\n", + __func__, __LINE__, stream); + continue; + } + stream->timing.flags.DSC = 0; params[count].timing = &stream->timing; @@ -1175,6 +1184,8 @@ static int compute_mst_dsc_configs_for_link(struct drm_atomic_state *state, count++; } + DRM_DEBUG_DRIVER("%s: MST_DSC Params set up for %d streams\n", __func__, count); + if (count == 0) { ASSERT(0); return 0; -- 2.47.0

6 months, 2 weeks

2
2
0 0

FAILED: patch "[PATCH] iio: invensense: fix multiple odr switch when FIFO is off" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ef5f5e7b6f73f79538892a8be3a3bee2342acc9f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120613-exploring-lifter-215f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ef5f5e7b6f73f79538892a8be3a3bee2342acc9f Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Date: Mon, 21 Oct 2024 10:38:42 +0200 Subject: [PATCH] iio: invensense: fix multiple odr switch when FIFO is off When multiple ODR switch happens during FIFO off, the change could not be taken into account if you get back to previous FIFO on value. For example, if you run sensor buffer at 50Hz, stop, change to 200Hz, then back to 50Hz and restart buffer, data will be timestamped at 200Hz. This due to testing against mult and not new_mult. To prevent this, let's just run apply_odr automatically when FIFO is off. It will also simplify driver code. Update inv_mpu6050 and inv_icm42600 to delete now useless apply_odr. Fixes: 95444b9eeb8c ("iio: invensense: fix odr switching to same value") Cc: stable(a)vger.kernel.org Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://patch.msgid.link/20241021-invn-inv-sensors-timestamp-fix-switch-fif… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c index f44458c380d9..37d0bdaa8d82 100644 --- a/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c +++ b/drivers/iio/common/inv_sensors/inv_sensors_timestamp.c @@ -70,6 +70,10 @@ int inv_sensors_timestamp_update_odr(struct inv_sensors_timestamp *ts, if (mult != ts->mult) ts->new_mult = mult; + /* When FIFO is off, directly apply the new ODR */ + if (!fifo) + inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); + return 0; } EXPORT_SYMBOL_NS_GPL(inv_sensors_timestamp_update_odr, IIO_INV_SENSORS_TIMESTAMP); diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c index 56ac19814250..7968aa27f9fd 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c @@ -200,7 +200,6 @@ static int inv_icm42600_accel_update_scan_mode(struct iio_dev *indio_dev, { struct inv_icm42600_state *st = iio_device_get_drvdata(indio_dev); struct inv_icm42600_sensor_state *accel_st = iio_priv(indio_dev); - struct inv_sensors_timestamp *ts = &accel_st->ts; struct inv_icm42600_sensor_conf conf = INV_ICM42600_SENSOR_CONF_INIT; unsigned int fifo_en = 0; unsigned int sleep_temp = 0; @@ -229,7 +228,6 @@ static int inv_icm42600_accel_update_scan_mode(struct iio_dev *indio_dev, } /* update data FIFO write */ - inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); ret = inv_icm42600_buffer_set_fifo_en(st, fifo_en | st->fifo.en); out_unlock: diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c index 938af5b640b0..c6bb68bf5e14 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c @@ -99,8 +99,6 @@ static int inv_icm42600_gyro_update_scan_mode(struct iio_dev *indio_dev, const unsigned long *scan_mask) { struct inv_icm42600_state *st = iio_device_get_drvdata(indio_dev); - struct inv_icm42600_sensor_state *gyro_st = iio_priv(indio_dev); - struct inv_sensors_timestamp *ts = &gyro_st->ts; struct inv_icm42600_sensor_conf conf = INV_ICM42600_SENSOR_CONF_INIT; unsigned int fifo_en = 0; unsigned int sleep_gyro = 0; @@ -128,7 +126,6 @@ static int inv_icm42600_gyro_update_scan_mode(struct iio_dev *indio_dev, } /* update data FIFO write */ - inv_sensors_timestamp_apply_odr(ts, 0, 0, 0); ret = inv_icm42600_buffer_set_fifo_en(st, fifo_en | st->fifo.en); out_unlock: diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c index 3bfeabab0ec4..5b1088cc3704 100644 --- a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c +++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c @@ -112,7 +112,6 @@ int inv_mpu6050_prepare_fifo(struct inv_mpu6050_state *st, bool enable) if (enable) { /* reset timestamping */ inv_sensors_timestamp_reset(&st->timestamp); - inv_sensors_timestamp_apply_odr(&st->timestamp, 0, 0, 0); /* reset FIFO */ d = st->chip_config.user_ctrl | INV_MPU6050_BIT_FIFO_RST; ret = regmap_write(st->map, st->reg->user_ctrl, d);

6 months, 2 weeks

3
2
0 0

[PATCH bpf] bpf: Fix prog_array UAF in __uprobe_perf_func()

by Jann Horn

Currently, the pointer stored in call->prog_array is loaded in __uprobe_perf_func(), with no RCU annotation and no RCU protection, so the loaded pointer can immediately be dangling. Later, bpf_prog_run_array_uprobe() starts a RCU-trace read-side critical section, but this is too late. It then uses rcu_dereference_check(), but this use of rcu_dereference_check() does not actually dereference anything. It looks like the intention was to pass a pointer to the member call->prog_array into bpf_prog_run_array_uprobe() and actually dereference the pointer in there. Fix the issue by actually doing that. Fixes: 8c7dcb84e3b7 ("bpf: implement sleepable uprobes by chaining gps") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> --- To reproduce, patch include/linux/bpf.h like this: ``` @@ -30,6 +30,7 @@ #include <linux/static_call.h> #include <linux/memcontrol.h> #include <linux/cfi.h> +#include <linux/delay.h> struct bpf_verifier_env; struct bpf_verifier_log; @@ -2203,6 +2204,7 @@ bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu, struct bpf_trace_run_ctx run_ctx; u32 ret = 1; + mdelay(10000); might_fault(); rcu_read_lock_trace(); ``` Build this userspace program: ``` $ cat dummy.c #include <stdio.h> int main(void) { printf("hello world\n"); } $ gcc -o dummy dummy.c ``` Then build this BPF program and load it (change the path to point to the "dummy" binary you built): ``` $ cat bpf-uprobe-kern.c #include <linux/bpf.h> #include <bpf/bpf_helpers.h> #include <bpf/bpf_tracing.h> char _license[] SEC("license") = "GPL"; SEC("uprobe//home/user/bpf-uprobe-uaf/dummy:main") int BPF_UPROBE(main_uprobe) { bpf_printk("main uprobe triggered\n"); return 0; } $ clang -O2 -g -target bpf -c -o bpf-uprobe-kern.o bpf-uprobe-kern.c $ sudo bpftool prog loadall bpf-uprobe-kern.o uprobe-test autoattach ``` Then run ./dummy in one terminal, and after launching it, run `sudo umount uprobe-test` in another terminal. Once the 10-second mdelay() is over, a use-after-free should occur, which may or may not crash your kernel at the `prog->sleepable` check in bpf_prog_run_array_uprobe() depending on your luck. --- include/linux/bpf.h | 4 ++-- kernel/trace/trace_uprobe.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index eaee2a819f4c150a34a7b1075584711609682e4c..00b3c5b197df75a0386233b9885b480b2ce72f5f 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -2193,7 +2193,7 @@ bpf_prog_run_array(const struct bpf_prog_array *array, * rcu-protected dynamically sized maps. */ static __always_inline u32 -bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu, +bpf_prog_run_array_uprobe(struct bpf_prog_array __rcu **array_rcu, const void *ctx, bpf_prog_run_fn run_prog) { const struct bpf_prog_array_item *item; @@ -2210,7 +2210,7 @@ bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu, run_ctx.is_uprobe = true; - array = rcu_dereference_check(array_rcu, rcu_read_lock_trace_held()); + array = rcu_dereference_check(*array_rcu, rcu_read_lock_trace_held()); if (unlikely(!array)) goto out; old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx); diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index fed382b7881b82ee3c334ea77860cce77581a74d..c4eef1eb5ddb3c65205aa9d64af1c72d62fab87f 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -1404,7 +1404,7 @@ static void __uprobe_perf_func(struct trace_uprobe *tu, if (bpf_prog_array_valid(call)) { u32 ret; - ret = bpf_prog_run_array_uprobe(call->prog_array, regs, bpf_prog_run); + ret = bpf_prog_run_array_uprobe(&call->prog_array, regs, bpf_prog_run); if (!ret) return; } --- base-commit: 509df676c2d79c985ec2eaa3e3a3bbe557645861 change-id: 20241206-bpf-fix-uprobe-uaf-53d928bab3d0 -- Jann Horn <jannh(a)google.com>

6 months, 2 weeks

1
0
0 0

[PATCH net v2 0/5] Make TCP-MD5-diag slightly less broken

by Dmitry Safonov via B4 Relay

Changes in v2: - Fixup for uninitilized md5sig_count stack variable (Oops! Kudos to kernel test robot <lkp(a)intel.com>) - Correct space damage, add a missing Fixes tag & reformat tcp_ulp_ops_size() (Kuniyuki Iwashima) - Take out patch for maximum attribute length, see (4) below. Going to send it later with the next TCP-AO-diag part (Kuniyuki Iwashima) - Link to v1: https://lore.kernel.org/r/20241106-tcp-md5-diag-prep-v1-0-d62debf3dded@gmai… My original intent was to replace the last non-upstream Arista's TCP-AO piece. That is per-netns procfs seqfile which lists AO keys. In my view an acceptable upstream alternative would be TCP-AO-diag uAPI. So, I started by looking and reviewing TCP-MD5-diag code. And straight away I saw a bunch of issues: 1. Similarly to TCP_MD5SIG_EXT, which doesn't check tcpm_flags for unknown flags and so being non-extendable setsockopt(), the same way tcp_diag_put_md5sig() dumps md5 keys in an array of tcp_diag_md5sig, which makes it ABI non-extendable structure as userspace can't tolerate any new members in it. 2. Inet-diag allocates netlink message for sockets in inet_diag_dump_one_icsk(), which uses a TCP-diag callback .idiag_get_aux_size(), that pre-calculates the needed space for TCP-diag related information. But as neither socket lock nor rcu_readlock() are held between allocation and the actual TCP info filling, the TCP-related space requirement may change before reaching tcp_diag_put_md5sig(). I.e., the number of TCP-MD5 keys on a socket. Thankfully, TCP-MD5-diag won't overwrite the skb, but will return EMSGSIZE, triggering WARN_ON() in inet_diag_dump_one_icsk(). 3. Inet-diag "do" request* can create skb of any message required size. But "dump" request* the skb size, since d35c99ff77ec ("netlink: do not enter direct reclaim from netlink_dump()") is limited by 32 KB. Having in mind that sizeof(struct tcp_diag_md5sig) = 100 bytes, dumps for sockets that have more than 327 keys are going to fail (not counting other diag infos, which lower this limit futher). That is much lower than the number of TCP-MD5 keys that can be allocated on a socket with the current default optmem_max limit (128Kb). So, then I went and written selftests for TCP-MD5-diag and besides confirming that (2) and (3) are not theoretical issues, I also discovered another issues, that I didn't notice on code inspection: 4. nlattr::nla_len is __u16, which limits the largest netlink attibute by 64Kb or by 655 tcp_diag_md5sig keys in the diag array. What happens de-facto is that the netlink attribute gets u16 overflow, breaking the userspace parsing - RTA_NEXT(), that should point to the next attribute, points into the middle of md5 keys array. In this patch set issues (2) and (4) are addressed. (2) by not returning EMSGSIZE when the dump raced with modifying TCP-MD5 keys on a socket, but mark the dump inconsistent by setting NLM_F_DUMP_INTR nlmsg flag. Which changes uAPI in situations where previously kernel did WARN() and errored the dump. (4) by artificially limiting the maximum attribute size by U16_MAX - 1. In order to remove the new limit from (4) solution, my plan is to convert the dump of TCP-MD5 keys from an array to NL_ATTR_TYPE_NESTED_ARRAY (or alike), which should also address (1). And for (3), it's needed to teach tcp-diag how-to remember not only socket on which previous recvmsg() stopped, but potentially TCP-MD5 key as well. I plan in the next part of patch set address (3), (1) and the new limit for (4), together with adding new TCP-AO-diag. * Terminology from Documentation/userspace-api/netlink/intro.rst Signed-off-by: Dmitry Safonov <0x7f454c46(a)gmail.com> --- Dmitry Safonov (5): net/diag: Do not race on dumping MD5 keys with adding new MD5 keys net/diag: Warn only once on EMSGSIZE net/diag: Pre-allocate optional info only if requested net/diag: Always pre-allocate tcp_ulp info net/netlink: Correct the comment on netlink message max cap include/linux/inet_diag.h | 3 +- include/net/tcp.h | 1 - net/ipv4/inet_diag.c | 89 ++++++++++++++++++++++++++++++++++++++--------- net/ipv4/tcp_diag.c | 68 ++++++++++++++++++------------------ net/mptcp/diag.c | 20 ----------- net/netlink/af_netlink.c | 4 +-- net/tls/tls_main.c | 17 --------- 7 files changed, 110 insertions(+), 92 deletions(-) --- base-commit: f1b785f4c7870c42330b35522c2514e39a1e28e7 change-id: 20241106-tcp-md5-diag-prep-2f0dcf371d90 Best regards, -- Dmitry Safonov <0x7f454c46(a)gmail.com>

6 months, 2 weeks

5
8
0 0

Re: [PATCH] nvme-pci: qdepth 1 quirk

by Sasha Levin

[ Sasha's backport helper bot ] Hi, Found matching upstream commit: 83bdfcbdbe5d901c5fa432decf12e1725a840a56 WARNING: Author mismatch between patch and found commit: Backport author: Keith Busch <kbusch(a)meta.com> Commit author: Keith Busch <kbusch(a)kernel.org> Status in newer kernel trees: 6.12.y | Present (exact SHA1) Note: The patch differs from the upstream commit: --- Failed to apply patch cleanly, falling back to interdiff... --- Results of testing on various branches: | Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.12.y | Failed | N/A | | stable/linux-6.6.y | Failed | N/A | | stable/linux-6.1.y | Failed | N/A | | stable/linux-5.15.y | Failed | N/A | | stable/linux-5.10.y | Failed | N/A | | stable/linux-5.4.y | Failed | N/A |

6 months, 2 weeks

1
0
0 0

[PATCH 5.15] arm64/sve: Discard stale CPU state when handling SVE traps

by Mark Brown

The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgq… https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@googl… The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace. Fixes: cccb78ce89c4 ("arm64/sve: Rework SVE access trap to convert state in registers") Reported-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Link: https://lore.kernel.org/r/20241030-arm64-fpsimd-foreign-flush-v1-1-bd7bd669… Signed-off-by: Will Deacon <will(a)kernel.org> [Backported to 5.15 -- broonie] (cherry picked from commit 751ecf6afd6568adc98f2a6052315552c0483d18) --- arch/arm64/kernel/fpsimd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index 7a3fcf21b18a..e22571e57ae1 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -964,6 +964,7 @@ void do_sve_acc(unsigned long esr, struct pt_regs *regs) fpsimd_bind_task_to_cpu(); } else { fpsimd_to_sve(current); + fpsimd_flush_task_state(current); } put_cpu_fpsimd_context(); -- 2.39.5

6 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] media: uvcvideo: Require entities to have a non-zero unique" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120653-blaspheme-emphases-81cb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195 Mon Sep 17 00:00:00 2001 From: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Date: Fri, 13 Sep 2024 15:06:01 -0300 Subject: [PATCH] media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or an ID that belongs to a unit that is already added to the list of entities. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was considered finished as the source ID was 0. Later on, that entity was found, but its pads were not valid. Here is a sample stack trace for one of those cases. [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.830206] usb 1-1: Using ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? [ 21.038518] usb 1-1: string descriptor 0 read error: -71 [ 21.038893] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201) [ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized! [ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized! [ 21.042218] ------------[ cut here ]------------ [ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0 [ 21.043195] Modules linked in: [ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444 [ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 21.044639] Workqueue: usb_hub_wq hub_event [ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0 [ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00 [ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246 [ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1 [ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290 [ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000 [ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003 [ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000 [ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000 [ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0 [ 21.051136] PKRU: 55555554 [ 21.051331] Call Trace: [ 21.051480] <TASK> [ 21.051611] ? __warn+0xc4/0x210 [ 21.051861] ? media_create_pad_link+0x2c4/0x2e0 [ 21.052252] ? report_bug+0x11b/0x1a0 [ 21.052540] ? trace_hardirqs_on+0x31/0x40 [ 21.052901] ? handle_bug+0x3d/0x70 [ 21.053197] ? exc_invalid_op+0x1a/0x50 [ 21.053511] ? asm_exc_invalid_op+0x1a/0x20 [ 21.053924] ? media_create_pad_link+0x91/0x2e0 [ 21.054364] ? media_create_pad_link+0x2c4/0x2e0 [ 21.054834] ? media_create_pad_link+0x91/0x2e0 [ 21.055131] ? _raw_spin_unlock+0x1e/0x40 [ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210 [ 21.055837] uvc_mc_register_entities+0x358/0x400 [ 21.056144] uvc_register_chains+0x1fd/0x290 [ 21.056413] uvc_probe+0x380e/0x3dc0 [ 21.056676] ? __lock_acquire+0x5aa/0x26e0 [ 21.056946] ? find_held_lock+0x33/0xa0 [ 21.057196] ? kernfs_activate+0x70/0x80 [ 21.057533] ? usb_match_dynamic_id+0x1b/0x70 [ 21.057811] ? find_held_lock+0x33/0xa0 [ 21.058047] ? usb_match_dynamic_id+0x55/0x70 [ 21.058330] ? lock_release+0x124/0x260 [ 21.058657] ? usb_match_one_id_intf+0xa2/0x100 [ 21.058997] usb_probe_interface+0x1ba/0x330 [ 21.059399] really_probe+0x1ba/0x4c0 [ 21.059662] __driver_probe_device+0xb2/0x180 [ 21.059944] driver_probe_device+0x5a/0x100 [ 21.060170] __device_attach_driver+0xe9/0x160 [ 21.060427] ? __pfx___device_attach_driver+0x10/0x10 [ 21.060872] bus_for_each_drv+0xa9/0x100 [ 21.061312] __device_attach+0xed/0x190 [ 21.061812] device_initial_probe+0xe/0x20 [ 21.062229] bus_probe_device+0x4d/0xd0 [ 21.062590] device_add+0x308/0x590 [ 21.062912] usb_set_configuration+0x7b6/0xaf0 [ 21.063403] usb_generic_driver_probe+0x36/0x80 [ 21.063714] usb_probe_device+0x7b/0x130 [ 21.063936] really_probe+0x1ba/0x4c0 [ 21.064111] __driver_probe_device+0xb2/0x180 [ 21.064577] driver_probe_device+0x5a/0x100 [ 21.065019] __device_attach_driver+0xe9/0x160 [ 21.065403] ? __pfx___device_attach_driver+0x10/0x10 [ 21.065820] bus_for_each_drv+0xa9/0x100 [ 21.066094] __device_attach+0xed/0x190 [ 21.066535] device_initial_probe+0xe/0x20 [ 21.066992] bus_probe_device+0x4d/0xd0 [ 21.067250] device_add+0x308/0x590 [ 21.067501] usb_new_device+0x347/0x610 [ 21.067817] hub_event+0x156b/0x1e30 [ 21.068060] ? process_scheduled_works+0x48b/0xaf0 [ 21.068337] process_scheduled_works+0x5a3/0xaf0 [ 21.068668] worker_thread+0x3cf/0x560 [ 21.068932] ? kthread+0x109/0x1b0 [ 21.069133] kthread+0x197/0x1b0 [ 21.069343] ? __pfx_worker_thread+0x10/0x10 [ 21.069598] ? __pfx_kthread+0x10/0x10 [ 21.069908] ret_from_fork+0x32/0x40 [ 21.070169] ? __pfx_kthread+0x10/0x10 [ 21.070424] ret_from_fork_asm+0x1a/0x30 [ 21.070737] </TASK> Cc: stable(a)vger.kernel.org Reported-by: syzbot+0584f746fde3d52b4675(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0584f746fde3d52b4675 Reported-by: syzbot+dd320d114deb3f5bb79b(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=dd320d114deb3f5bb79b Fixes: a3fbc2e6bb05 ("media: mc-entity.c: use WARN_ON, validate link pads") Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Reviewed-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Link: https://lore.kernel.org/r/20240913180601.1400596-2-cascardo@igalia.com Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c index f03879f8d407..fefa3e1e7db7 100644 --- a/drivers/media/usb/uvc/uvc_driver.c +++ b/drivers/media/usb/uvc/uvc_driver.c @@ -775,14 +775,27 @@ static const u8 uvc_media_transport_input_guid[16] = UVC_GUID_UVC_MEDIA_TRANSPORT_INPUT; static const u8 uvc_processing_guid[16] = UVC_GUID_UVC_PROCESSING; -static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id, - unsigned int num_pads, unsigned int extra_size) +static struct uvc_entity *uvc_alloc_new_entity(struct uvc_device *dev, u16 type, + u16 id, unsigned int num_pads, + unsigned int extra_size) { struct uvc_entity *entity; unsigned int num_inputs; unsigned int size; unsigned int i; + /* Per UVC 1.1+ spec 3.7.2, the ID should be non-zero. */ + if (id == 0) { + dev_err(&dev->udev->dev, "Found Unit with invalid ID 0.\n"); + return ERR_PTR(-EINVAL); + } + + /* Per UVC 1.1+ spec 3.7.2, the ID is unique. */ + if (uvc_entity_by_id(dev, id)) { + dev_err(&dev->udev->dev, "Found multiple Units with ID %u\n", id); + return ERR_PTR(-EINVAL); + } + extra_size = roundup(extra_size, sizeof(*entity->pads)); if (num_pads) num_inputs = type & UVC_TERM_OUTPUT ? num_pads : num_pads - 1; @@ -792,7 +805,7 @@ static struct uvc_entity *uvc_alloc_entity(u16 type, u16 id, + num_inputs; entity = kzalloc(size, GFP_KERNEL); if (entity == NULL) - return NULL; + return ERR_PTR(-ENOMEM); entity->id = id; entity->type = type; @@ -904,10 +917,10 @@ static int uvc_parse_vendor_control(struct uvc_device *dev, break; } - unit = uvc_alloc_entity(UVC_VC_EXTENSION_UNIT, buffer[3], - p + 1, 2*n); - if (unit == NULL) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, UVC_VC_EXTENSION_UNIT, + buffer[3], p + 1, 2 * n); + if (IS_ERR(unit)) + return PTR_ERR(unit); memcpy(unit->guid, &buffer[4], 16); unit->extension.bNumControls = buffer[20]; @@ -1016,10 +1029,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - term = uvc_alloc_entity(type | UVC_TERM_INPUT, buffer[3], - 1, n + p); - if (term == NULL) - return -ENOMEM; + term = uvc_alloc_new_entity(dev, type | UVC_TERM_INPUT, + buffer[3], 1, n + p); + if (IS_ERR(term)) + return PTR_ERR(term); if (UVC_ENTITY_TYPE(term) == UVC_ITT_CAMERA) { term->camera.bControlSize = n; @@ -1075,10 +1088,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return 0; } - term = uvc_alloc_entity(type | UVC_TERM_OUTPUT, buffer[3], - 1, 0); - if (term == NULL) - return -ENOMEM; + term = uvc_alloc_new_entity(dev, type | UVC_TERM_OUTPUT, + buffer[3], 1, 0); + if (IS_ERR(term)) + return PTR_ERR(term); memcpy(term->baSourceID, &buffer[7], 1); @@ -1097,9 +1110,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_entity(buffer[2], buffer[3], p + 1, 0); - if (unit == NULL) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], + p + 1, 0); + if (IS_ERR(unit)) + return PTR_ERR(unit); memcpy(unit->baSourceID, &buffer[5], p); @@ -1119,9 +1133,9 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_entity(buffer[2], buffer[3], 2, n); - if (unit == NULL) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], 2, n); + if (IS_ERR(unit)) + return PTR_ERR(unit); memcpy(unit->baSourceID, &buffer[4], 1); unit->processing.wMaxMultiplier = @@ -1148,9 +1162,10 @@ static int uvc_parse_standard_control(struct uvc_device *dev, return -EINVAL; } - unit = uvc_alloc_entity(buffer[2], buffer[3], p + 1, n); - if (unit == NULL) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, buffer[2], buffer[3], + p + 1, n); + if (IS_ERR(unit)) + return PTR_ERR(unit); memcpy(unit->guid, &buffer[4], 16); unit->extension.bNumControls = buffer[20]; @@ -1290,9 +1305,10 @@ static int uvc_gpio_parse(struct uvc_device *dev) return dev_err_probe(&dev->udev->dev, irq, "No IRQ for privacy GPIO\n"); - unit = uvc_alloc_entity(UVC_EXT_GPIO_UNIT, UVC_EXT_GPIO_UNIT_ID, 0, 1); - if (!unit) - return -ENOMEM; + unit = uvc_alloc_new_entity(dev, UVC_EXT_GPIO_UNIT, + UVC_EXT_GPIO_UNIT_ID, 0, 1); + if (IS_ERR(unit)) + return PTR_ERR(unit); unit->gpio.gpio_privacy = gpio_privacy; unit->gpio.irq = irq;

6 months, 2 weeks

4
5
0 0

[PATCH v5.10-v6.6] btrfs: don't BUG_ON on ENOMEM from btrfs_lookuip_extent_info() in walk_down_proc()

by Keerthana K

From: Josef Bacik <josef(a)toxicpanda.com> [ Upstream commit a580fb2c3479d993556e1c31b237c9e5be4944a3 ] We handle errors here properly, ENOMEM isn't fatal, return the error. Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Keerthana K <keerthana.kalyanasundaram(a)broadcom.com> --- fs/btrfs/extent-tree.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index 0d97c8ee6..f53c4d52b 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -5213,7 +5213,6 @@ static noinline int walk_down_proc(struct btrfs_trans_handle *trans, eb->start, level, 1, &wc->refs[level], &wc->flags[level]); - BUG_ON(ret == -ENOMEM); if (ret) return ret; if (unlikely(wc->refs[level] == 0)) { -- 2.19.0

6 months, 2 weeks

2
1
0 0

[PATCH 5.10.y v3] ALSA: usb-audio: Fix out of bounds reads when finding clock sources

by Benoît Sevens

From: Takashi Iwai <tiwai(a)suse.de> Upstream commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6 The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. This patch ports the upstream commit a3dd4d63eeb4 ("ALSA: usb-audio: Fix out of bounds reads when finding clock sources") to trees that do not include the refactoring commit 9ec730052fa2 ("ALSA: usb-audio: Refactoring UAC2/3 clock setup code"). That commit provides union objects for pointing both UAC2 and UAC3 objects and unifies the clock source, selector and multiplier helper functions. This means we need to perform the check in each version specific helper function, but on the other hand do not need to do version specific union dereferencing in the macros and helper functions. Reported-by: Benoît Sevens <bsevens(a)google.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/20241121140613.3651-1-bsevens@google.com Link: https://patch.msgid.link/20241125144629.20757-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> (cherry picked from commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6) Signed-off-by: Benoît Sevens <bsevens(a)google.com> --- Changes in v3: - add patch changelog Changes in v2: - provide better changelog description of how the upstream patch is backported sound/usb/clock.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/sound/usb/clock.c b/sound/usb/clock.c index 3d1c0ec11753..58902275c815 100644 --- a/sound/usb/clock.c +++ b/sound/usb/clock.c @@ -21,6 +21,10 @@ #include "clock.h" #include "quirks.h" +/* check whether the descriptor bLength has the minimal length */ +#define DESC_LENGTH_CHECK(p) \ + (p->bLength >= sizeof(*p)) + static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, bool (*validator)(void *, int), u8 type) { @@ -38,36 +42,60 @@ static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, static bool validate_clock_source_v2(void *p, int id) { struct uac_clock_source_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_source_v3(void *p, int id) { struct uac3_clock_source_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_selector_v2(void *p, int id) { struct uac_clock_selector_descriptor *cs = p; - return cs->bClockID == id; + if (!DESC_LENGTH_CHECK(cs)) + return false; + if (cs->bClockID != id) + return false; + /* additional length check for baCSourceID array (in bNrInPins size) + * and two more fields (which sizes depend on the protocol) + */ + return cs->bLength >= sizeof(*cs) + cs->bNrInPins + + 1 /* bmControls */ + 1 /* iClockSelector */; } static bool validate_clock_selector_v3(void *p, int id) { struct uac3_clock_selector_descriptor *cs = p; - return cs->bClockID == id; + if (!DESC_LENGTH_CHECK(cs)) + return false; + if (cs->bClockID != id) + return false; + /* additional length check for baCSourceID array (in bNrInPins size) + * and two more fields (which sizes depend on the protocol) + */ + return cs->bLength >= sizeof(*cs) + cs->bNrInPins + + 4 /* bmControls */ + 2 /* wCSelectorDescrStr */; } static bool validate_clock_multiplier_v2(void *p, int id) { struct uac_clock_multiplier_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_multiplier_v3(void *p, int id) { struct uac3_clock_multiplier_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] posix-timers: Target group sigqueue to current task only if" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120656-jelly-gore-aa4c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 23 Nov 2024 00:48:11 +0100 Subject: [PATCH] posix-timers: Target group sigqueue to current task only if not exiting A sigqueue belonging to a posix timer, which target is not a specific thread but a whole thread group, is preferrably targeted to the current task if it is part of that thread group. However nothing prevents a posix timer event from queueing such a sigqueue from a reaped yet running task. The interruptible code space between exit_notify() and the final call to schedule() is enough for posix_timer_fn() hrtimer to fire. If that happens while the current task is part of the thread group target, it is proposed to handle it but since its sighand pointer may have been cleared already, the sigqueue is dropped even if there are other tasks running within the group that could handle it. As a result posix timers with thread group wide target may miss signals when some of their threads are exiting. Fix this with verifying that the current task hasn't been through exit_notify() before proposing it as a preferred target so as to ensure that its sighand is still here and stable. complete_signal() might still reconsider the choice and find a better target within the group if current has passed retarget_shared_pending() already. Fixes: bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") Reported-by: Anthony Mallet <anthony.mallet(a)laas.fr> Suggested-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Oleg Nesterov <oleg(a)redhat.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20241122234811.60455-1-frederic@kernel.org Closes: https://lore.kernel.org/all/26411.57288.238690.681680@gargle.gargle.HOWL diff --git a/kernel/signal.c b/kernel/signal.c index 98b65cb35830..989b1cc9116a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -1959,14 +1959,15 @@ static void posixtimer_queue_sigqueue(struct sigqueue *q, struct task_struct *t, * * Where type is not PIDTYPE_PID, signals must be delivered to the * process. In this case, prefer to deliver to current if it is in - * the same thread group as the target process, which avoids - * unnecessarily waking up a potentially idle task. + * the same thread group as the target process and its sighand is + * stable, which avoids unnecessarily waking up a potentially idle task. */ static inline struct task_struct *posixtimer_get_target(struct k_itimer *tmr) { struct task_struct *t = pid_task(tmr->it_pid, tmr->it_pid_type); - if (t && tmr->it_pid_type != PIDTYPE_PID && same_thread_group(t, current)) + if (t && tmr->it_pid_type != PIDTYPE_PID && + same_thread_group(t, current) && !current->exit_state) t = current; return t; }

6 months, 2 weeks

4
3
0 0

[PATCH 6.1] arm64/sve: Discard stale CPU state when handling SVE traps

by Mark Brown

The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgq… https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@googl… The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace. Fixes: cccb78ce89c4 ("arm64/sve: Rework SVE access trap to convert state in registers") Reported-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org Reviewed-by: Mark Rutland <mark.rutland(a)arm.com> Link: https://lore.kernel.org/r/20241030-arm64-fpsimd-foreign-flush-v1-1-bd7bd669… Signed-off-by: Will Deacon <will(a)kernel.org> [Backported to 6.1 -- broonie] (cherry picked from commit 751ecf6afd6568adc98f2a6052315552c0483d18) --- arch/arm64/kernel/fpsimd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/arm64/kernel/fpsimd.c b/arch/arm64/kernel/fpsimd.c index 59b5a16bab5d..43afe07c74fd 100644 --- a/arch/arm64/kernel/fpsimd.c +++ b/arch/arm64/kernel/fpsimd.c @@ -1383,6 +1383,7 @@ static void sve_init_regs(void) fpsimd_bind_task_to_cpu(); } else { fpsimd_to_sve(current); + fpsimd_flush_task_state(current); } } -- 2.39.5

6 months, 2 weeks

2
1
0 0

[PATCH 6.1] media: mediatek: vcodec: Handle invalid decoder vsi

by bin.lan.cn＠eng.windriver.com

From: Irui Wang <irui.wang(a)mediatek.com> [ Upstream commit 59d438f8e02ca641c58d77e1feffa000ff809e9f ] Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. Fixes: 590577a4e525 ("[media] vcodec: mediatek: Add Mediatek V4L2 Video Decoder Driver") Signed-off-by: Irui Wang <irui.wang(a)mediatek.com> Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Signed-off-by: Sebastian Fricke <sebastian.fricke(a)collabora.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> [ Resolve minor conflicts ] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c b/drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c index df309e8e9379..23984cfe2b7e 100644 --- a/drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c +++ b/drivers/media/platform/mediatek/vcodec/vdec_vpu_if.c @@ -213,6 +213,12 @@ int vpu_dec_init(struct vdec_vpu_inst *vpu) mtk_vcodec_debug(vpu, "vdec_inst=%p", vpu); err = vcodec_vpu_send_msg(vpu, (void *)&msg, sizeof(msg)); + + if (IS_ERR_OR_NULL(vpu->vsi)) { + mtk_vdec_err(vpu->ctx, "invalid vdec vsi, status=%d", err); + return -EINVAL; + } + mtk_vcodec_debug(vpu, "- ret=%d", err); return err; } -- 2.43.0

6 months, 2 weeks

2
1
0 0

[PATCH v5.10-v6.1] drm/amd/display: Check BIOS images before it is used

by Keerthana K

From: Alex Hung <alex.hung(a)amd.com> [ Upstream commit 8b0ddf19cca2a352b2a7e01d99d3ba949a99c84c ] BIOS images may fail to load and null checks are added before they are used. This fixes 6 NULL_RETURNS issues reported by Coverity. Reviewed-by: Harry Wentland <harry.wentland(a)amd.com> Acked-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Keerthana K <keerthana.kalyanasundaram(a)broadcom.com> --- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c index 9b8ea6e9a..0f686e363 100644 --- a/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c +++ b/drivers/gpu/drm/amd/display/dc/bios/bios_parser.c @@ -664,6 +664,9 @@ static enum bp_result get_ss_info_v3_1( ss_table_header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V3, DATA_TABLES(ASIC_InternalSS_Info)); + if (!ss_table_header_include) + return BP_RESULT_UNSUPPORTED; + table_size = (le16_to_cpu(ss_table_header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) @@ -1031,6 +1034,8 @@ static enum bp_result get_ss_info_from_internal_ss_info_tbl_V2_1( header = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V2, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header) + return result; memset(info, 0, sizeof(struct spread_spectrum_info)); @@ -1104,6 +1109,8 @@ static enum bp_result get_ss_info_from_ss_info_table( get_atom_data_table_revision(header, &revision); tbl = GET_IMAGE(ATOM_SPREAD_SPECTRUM_INFO, DATA_TABLES(SS_Info)); + if (!tbl) + return result; if (1 != revision.major || 2 > revision.minor) return result; @@ -1631,6 +1638,8 @@ static uint32_t get_ss_entry_number_from_ss_info_tbl( tbl = GET_IMAGE(ATOM_SPREAD_SPECTRUM_INFO, DATA_TABLES(SS_Info)); + if (!tbl) + return number; if (1 != revision.major || 2 > revision.minor) return number; @@ -1711,6 +1720,8 @@ static uint32_t get_ss_entry_number_from_internal_ss_info_tbl_v2_1( header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V2, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header_include) + return 0; size = (le16_to_cpu(header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) @@ -1748,6 +1759,9 @@ static uint32_t get_ss_entry_number_from_internal_ss_info_tbl_V3_1( header_include = GET_IMAGE(ATOM_ASIC_INTERNAL_SS_INFO_V3, DATA_TABLES(ASIC_InternalSS_Info)); + if (!header_include) + return number; + size = (le16_to_cpu(header_include->sHeader.usStructureSize) - sizeof(ATOM_COMMON_TABLE_HEADER)) / sizeof(ATOM_ASIC_SS_ASSIGNMENT_V3); -- 2.39.4

6 months, 2 weeks

2
1
0 0

Re: [PATCH 6.12 000/146] 6.12.4-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Ignore scalar validation failure if pipe is" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c33a93201ca07119de90e8c952fbdf65920ab55d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120640-carrot-unaired-fbcc@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c33a93201ca07119de90e8c952fbdf65920ab55d Mon Sep 17 00:00:00 2001 From: Chris Park <chris.park(a)amd.com> Date: Mon, 4 Nov 2024 13:18:39 -0500 Subject: [PATCH] drm/amd/display: Ignore scalar validation failure if pipe is phantom [Why] There are some pipe scaler validation failure when the pipe is phantom and causes crash in DML validation. Since, scalar parameters are not as important in phantom pipe and we require this plane to do successful MCLK switches, the failure condition can be ignored. [How] Ignore scalar validation failure if the pipe validation is marked as phantom pipe. Cc: stable(a)vger.kernel.org # 6.11+ Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Chris Park <chris.park(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c index 33125b95c3a1..619fad17de55 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc_resource.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc_resource.c @@ -1501,6 +1501,10 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) res = spl_calculate_scaler_params(spl_in, spl_out); // Convert respective out params from SPL to scaler data translate_SPL_out_params_to_pipe_ctx(pipe_ctx, spl_out); + + /* Ignore scaler failure if pipe context plane is phantom plane */ + if (!res && plane_state->is_phantom) + res = true; } else { #endif /* depends on h_active */ @@ -1571,6 +1575,10 @@ bool resource_build_scaling_params(struct pipe_ctx *pipe_ctx) &plane_state->scaling_quality); } + /* Ignore scaler failure if pipe context plane is phantom plane */ + if (!res && plane_state->is_phantom) + res = true; + if (res && (pipe_ctx->plane_res.scl_data.taps.v_taps != temp.v_taps || pipe_ctx->plane_res.scl_data.taps.h_taps != temp.h_taps || pipe_ctx->plane_res.scl_data.taps.v_taps_c != temp.v_taps_c ||

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Enable Request rate limiter during C-State" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 89713ce5518eda6b370c7a17edbcab4f97a39f68 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120634-agnostic-slouchy-6a09@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 89713ce5518eda6b370c7a17edbcab4f97a39f68 Mon Sep 17 00:00:00 2001 From: Dillon Varone <dillon.varone(a)amd.com> Date: Fri, 1 Nov 2024 10:51:02 -0400 Subject: [PATCH] drm/amd/display: Enable Request rate limiter during C-State on dcn401 [WHY] When C-State entry is requested, the rate limiter will be disabled which can result in high contention in the DCHUB return path. [HOW] Enable the rate limiter during C-state requests to prevent contention. Cc: stable(a)vger.kernel.org # 6.11+ Reviewed-by: Alvin Lee <alvin.lee2(a)amd.com> Signed-off-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c index 92e43a1e4dd4..601320b1be81 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_core/dml2_core_dcn4_calcs.c @@ -11,6 +11,7 @@ #define DML2_MAX_FMT_420_BUFFER_WIDTH 4096 #define DML_MAX_NUM_OF_SLICES_PER_DSC 4 +#define ALLOW_SDPIF_RATE_LIMIT_PRE_CSTATE const char *dml2_core_internal_bw_type_str(enum dml2_core_internal_bw_type bw_type) { @@ -3886,6 +3887,10 @@ static void CalculateSwathAndDETConfiguration(struct dml2_core_internal_scratch #endif *p->hw_debug5 = false; +#ifdef ALLOW_SDPIF_RATE_LIMIT_PRE_CSTATE + if (p->NumberOfActiveSurfaces > 1) + *p->hw_debug5 = true; +#else for (unsigned int k = 0; k < p->NumberOfActiveSurfaces; ++k) { if (!(p->mrq_present) && (!(*p->UnboundedRequestEnabled)) && (TotalActiveDPP == 1) && p->display_cfg->plane_descriptors[k].surface.dcc.enable @@ -3901,6 +3906,7 @@ static void CalculateSwathAndDETConfiguration(struct dml2_core_internal_scratch dml2_printf("DML::%s: k=%u hw_debug5 = %u\n", __func__, k, *p->hw_debug5); #endif } +#endif } static enum dml2_odm_mode DecideODMMode(unsigned int HActive, diff --git a/drivers/gpu/drm/amd/display/dc/hubbub/dcn10/dcn10_hubbub.h b/drivers/gpu/drm/amd/display/dc/hubbub/dcn10/dcn10_hubbub.h index 4bd1dda07719..9fbd45c7dfef 100644 --- a/drivers/gpu/drm/amd/display/dc/hubbub/dcn10/dcn10_hubbub.h +++ b/drivers/gpu/drm/amd/display/dc/hubbub/dcn10/dcn10_hubbub.h @@ -200,6 +200,7 @@ struct dcn_hubbub_registers { uint32_t DCHUBBUB_ARB_FRAC_URG_BW_MALL_B; uint32_t DCHUBBUB_TIMEOUT_DETECTION_CTRL1; uint32_t DCHUBBUB_TIMEOUT_DETECTION_CTRL2; + uint32_t DCHUBBUB_CTRL_STATUS; }; #define HUBBUB_REG_FIELD_LIST_DCN32(type) \ @@ -320,7 +321,12 @@ struct dcn_hubbub_registers { type DCHUBBUB_TIMEOUT_REQ_STALL_THRESHOLD;\ type DCHUBBUB_TIMEOUT_PSTATE_STALL_THRESHOLD;\ type DCHUBBUB_TIMEOUT_DETECTION_EN;\ - type DCHUBBUB_TIMEOUT_TIMER_RESET + type DCHUBBUB_TIMEOUT_TIMER_RESET;\ + type ROB_UNDERFLOW_STATUS;\ + type ROB_OVERFLOW_STATUS;\ + type ROB_OVERFLOW_CLEAR;\ + type DCHUBBUB_HW_DEBUG;\ + type CSTATE_SWATH_CHK_GOOD_MODE #define HUBBUB_STUTTER_REG_FIELD_LIST(type) \ type DCHUBBUB_ARB_ALLOW_SR_ENTER_WATERMARK_A;\ diff --git a/drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.h b/drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.h index 036bb3e6c957..46d8f5c70750 100644 --- a/drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.h +++ b/drivers/gpu/drm/amd/display/dc/hubbub/dcn20/dcn20_hubbub.h @@ -96,6 +96,7 @@ struct dcn20_hubbub { unsigned int det1_size; unsigned int det2_size; unsigned int det3_size; + bool allow_sdpif_rate_limit_when_cstate_req; }; void hubbub2_construct(struct dcn20_hubbub *hubbub, diff --git a/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c b/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c index 5d658e9bef64..92fab471b183 100644 --- a/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c +++ b/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.c @@ -1192,15 +1192,35 @@ static void dcn401_wait_for_det_update(struct hubbub *hubbub, int hubp_inst) } } -static void dcn401_program_timeout_thresholds(struct hubbub *hubbub, struct dml2_display_arb_regs *arb_regs) +static bool dcn401_program_arbiter(struct hubbub *hubbub, struct dml2_display_arb_regs *arb_regs, bool safe_to_lower) { struct dcn20_hubbub *hubbub2 = TO_DCN20_HUBBUB(hubbub); + bool wm_pending = false; + uint32_t temp; + /* request backpressure and outstanding return threshold (unused)*/ //REG_UPDATE(DCHUBBUB_TIMEOUT_DETECTION_CTRL1, DCHUBBUB_TIMEOUT_REQ_STALL_THRESHOLD, arb_regs->req_stall_threshold); /* P-State stall threshold */ REG_UPDATE(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_PSTATE_STALL_THRESHOLD, arb_regs->pstate_stall_threshold); + + if (safe_to_lower || arb_regs->allow_sdpif_rate_limit_when_cstate_req > hubbub2->allow_sdpif_rate_limit_when_cstate_req) { + hubbub2->allow_sdpif_rate_limit_when_cstate_req = arb_regs->allow_sdpif_rate_limit_when_cstate_req; + + /* only update the required bits */ + REG_GET(DCHUBBUB_CTRL_STATUS, DCHUBBUB_HW_DEBUG, &temp); + if (hubbub2->allow_sdpif_rate_limit_when_cstate_req) { + temp |= (1 << 5); + } else { + temp &= ~(1 << 5); + } + REG_UPDATE(DCHUBBUB_CTRL_STATUS, DCHUBBUB_HW_DEBUG, temp); + } else { + wm_pending = true; + } + + return wm_pending; } static const struct hubbub_funcs hubbub4_01_funcs = { @@ -1226,7 +1246,7 @@ static const struct hubbub_funcs hubbub4_01_funcs = { .program_det_segments = dcn401_program_det_segments, .program_compbuf_segments = dcn401_program_compbuf_segments, .wait_for_det_update = dcn401_wait_for_det_update, - .program_timeout_thresholds = dcn401_program_timeout_thresholds, + .program_arbiter = dcn401_program_arbiter, }; void hubbub401_construct(struct dcn20_hubbub *hubbub2, diff --git a/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.h b/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.h index 5f1960722ebd..b1d9ea9d1c3d 100644 --- a/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.h +++ b/drivers/gpu/drm/amd/display/dc/hubbub/dcn401/dcn401_hubbub.h @@ -128,7 +128,12 @@ HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL1, DCHUBBUB_TIMEOUT_REQ_STALL_THRESHOLD, mask_sh),\ HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_PSTATE_STALL_THRESHOLD, mask_sh),\ HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_DETECTION_EN, mask_sh),\ - HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_TIMER_RESET, mask_sh) + HUBBUB_SF(DCHUBBUB_TIMEOUT_DETECTION_CTRL2, DCHUBBUB_TIMEOUT_TIMER_RESET, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, ROB_UNDERFLOW_STATUS, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, ROB_OVERFLOW_STATUS, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, ROB_OVERFLOW_CLEAR, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, DCHUBBUB_HW_DEBUG, mask_sh),\ + HUBBUB_SF(DCHUBBUB_CTRL_STATUS, CSTATE_SWATH_CHK_GOOD_MODE, mask_sh) bool hubbub401_program_urgent_watermarks( struct hubbub *hubbub, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c index e8cc1bfa73f3..5de11e2837c0 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c @@ -1488,6 +1488,10 @@ void dcn401_prepare_bandwidth(struct dc *dc, &context->bw_ctx.bw.dcn.watermarks, dc->res_pool->ref_clocks.dchub_ref_clock_inKhz / 1000, false); + /* update timeout thresholds */ + if (hubbub->funcs->program_arbiter) { + dc->wm_optimized_required |= hubbub->funcs->program_arbiter(hubbub, &context->bw_ctx.bw.dcn.arb_regs, false); + } /* decrease compbuf size */ if (hubbub->funcs->program_compbuf_segments) { @@ -1529,6 +1533,10 @@ void dcn401_optimize_bandwidth( &context->bw_ctx.bw.dcn.watermarks, dc->res_pool->ref_clocks.dchub_ref_clock_inKhz / 1000, true); + /* update timeout thresholds */ + if (hubbub->funcs->program_arbiter) { + hubbub->funcs->program_arbiter(hubbub, &context->bw_ctx.bw.dcn.arb_regs, true); + } if (dc->clk_mgr->dc_mode_softmax_enabled) if (dc->clk_mgr->clks.dramclk_khz > dc->clk_mgr->bw_params->dc_mode_softmax_memclk * 1000 && @@ -1554,11 +1562,6 @@ void dcn401_optimize_bandwidth( pipe_ctx->dlg_regs.min_dst_y_next_start); } } - - /* update timeout thresholds */ - if (hubbub->funcs->program_timeout_thresholds) { - hubbub->funcs->program_timeout_thresholds(hubbub, &context->bw_ctx.bw.dcn.arb_regs); - } } void dcn401_fams2_global_control_lock(struct dc *dc, diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h b/drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h index 6c1d41c0f099..52b745667ef7 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h +++ b/drivers/gpu/drm/amd/display/dc/inc/hw/dchubbub.h @@ -228,7 +228,7 @@ struct hubbub_funcs { void (*program_det_segments)(struct hubbub *hubbub, int hubp_inst, unsigned det_buffer_size_seg); void (*program_compbuf_segments)(struct hubbub *hubbub, unsigned compbuf_size_seg, bool safe_to_increase); void (*wait_for_det_update)(struct hubbub *hubbub, int hubp_inst); - void (*program_timeout_thresholds)(struct hubbub *hubbub, struct dml2_display_arb_regs *arb_regs); + bool (*program_arbiter)(struct hubbub *hubbub, struct dml2_display_arb_regs *arb_regs, bool safe_to_lower); }; struct hubbub { diff --git a/drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.h b/drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.h index 7c8d61db153d..19568c359669 100644 --- a/drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.h +++ b/drivers/gpu/drm/amd/display/dc/resource/dcn401/dcn401_resource.h @@ -612,7 +612,8 @@ void dcn401_prepare_mcache_programming(struct dc *dc, struct dc_state *context); SR(DCHUBBUB_SDPIF_CFG1), \ SR(DCHUBBUB_MEM_PWR_MODE_CTRL), \ SR(DCHUBBUB_TIMEOUT_DETECTION_CTRL1), \ - SR(DCHUBBUB_TIMEOUT_DETECTION_CTRL2) + SR(DCHUBBUB_TIMEOUT_DETECTION_CTRL2), \ + SR(DCHUBBUB_CTRL_STATUS) /* DCCG */

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Populate Power Profile In Case of Early" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c3ea03c2a1557644386e38aaf2b5a9c261e0be1a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120626-expire-joining-ee6b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c3ea03c2a1557644386e38aaf2b5a9c261e0be1a Mon Sep 17 00:00:00 2001 From: Austin Zheng <Austin.Zheng(a)amd.com> Date: Tue, 5 Nov 2024 10:22:02 -0500 Subject: [PATCH] drm/amd/display: Populate Power Profile In Case of Early Return Early return possible if context has no clk_mgr. This will lead to an invalid power profile being returned which looks identical to a profile with the lowest power level. Add back logic that populated the power profile and overwrite the value if needed. Cc: stable(a)vger.kernel.org Fixes: d016d0dd5a57 ("drm/amd/display: Update Interface to Check UCLK DPM") Reviewed-by: Dillon Varone <dillon.varone(a)amd.com> Signed-off-by: Austin Zheng <Austin.Zheng(a)amd.com> Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 0c1875d35a95..1dd26d5df6b9 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -6100,11 +6100,11 @@ struct dc_power_profile dc_get_power_profile_for_dc_state(const struct dc_state { struct dc_power_profile profile = { 0 }; - if (!context || !context->clk_mgr || !context->clk_mgr->ctx || !context->clk_mgr->ctx->dc) + profile.power_level = !context->bw_ctx.bw.dcn.clk.p_state_change_support; + if (!context->clk_mgr || !context->clk_mgr->ctx || !context->clk_mgr->ctx->dc) return profile; struct dc *dc = context->clk_mgr->ctx->dc; - if (dc->res_pool->funcs->get_power_profile) profile.power_level = dc->res_pool->funcs->get_power_profile(context); return profile;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe/guc_submit: fix race around pending_disable" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 6965f91a000a24b2c25480a92696a007545d97ec # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120609-unsorted-footpad-b009@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6965f91a000a24b2c25480a92696a007545d97ec Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Fri, 22 Nov 2024 16:19:16 +0000 Subject: [PATCH] drm/xe/guc_submit: fix race around pending_disable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently in some testcases we can trigger: [drm] *ERROR* GT0: SCHED_DONE: Unexpected engine state 0x02b1, guc_id=8, runnable_state=0 [drm] *ERROR* GT0: G2H action 0x1002 failed (-EPROTO) len 3 msg 02 10 00 90 08 00 00 00 00 00 00 00 Looking at a snippet of corresponding ftrace for this GuC id we can see: 498.852891: xe_sched_msg_add: dev=0000:03:00.0, gt=0 guc_id=8, opcode=3 498.854083: xe_sched_msg_recv: dev=0000:03:00.0, gt=0 guc_id=8, opcode=3 498.855389: xe_exec_queue_kill: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x3, flags=0x0 498.855436: xe_exec_queue_lr_cleanup: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x83, flags=0x0 498.856767: xe_exec_queue_close: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x83, flags=0x0 498.862889: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0xa9, flags=0x0 498.863032: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b9, flags=0x0 498.875596: xe_exec_queue_scheduling_done: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b9, flags=0x0 498.875604: xe_exec_queue_deregister: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b1, flags=0x0 499.074483: xe_exec_queue_deregister_done: dev=0000:03:00.0, 5:0x1, gt=0, width=1, guc_id=8, guc_state=0x2b1, flags=0x0 This looks to be the two scheduling_disable racing with each other, one from the suspend (opcode=3) and then again during lr cleanup. While those two operations are serialized, the G2H portion is not, therefore when marking the queue as pending_disabled and then firing off the first request, we proceed do the same again, however the first disable response only fires after this which then clears the pending_disabled. At this point the second comes back and is processed, however the pending_disabled is no longer set, hence triggering the warning. To fix this wait for pending_disabled when doing the lr cleanup and calling disable_scheduling_deregister. Also do the same for all other disable_scheduling callers. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/3515 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <mattheq.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20241122161914.321263-5-matth… (cherry picked from commit ddb106d2120a0bf1c5ff87c71d059d193814da41) Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> diff --git a/drivers/gpu/drm/xe/xe_guc_submit.c b/drivers/gpu/drm/xe/xe_guc_submit.c index 7afcc243037c..ebc85d98b025 100644 --- a/drivers/gpu/drm/xe/xe_guc_submit.c +++ b/drivers/gpu/drm/xe/xe_guc_submit.c @@ -769,17 +769,19 @@ static void disable_scheduling_deregister(struct xe_guc *guc, struct xe_exec_queue *q) { MAKE_SCHED_CONTEXT_ACTION(q, DISABLE); - struct xe_device *xe = guc_to_xe(guc); int ret; set_min_preemption_timeout(guc, q); smp_rmb(); - ret = wait_event_timeout(guc->ct.wq, !exec_queue_pending_enable(q) || - xe_guc_read_stopped(guc), HZ * 5); + ret = wait_event_timeout(guc->ct.wq, + (!exec_queue_pending_enable(q) && + !exec_queue_pending_disable(q)) || + xe_guc_read_stopped(guc), + HZ * 5); if (!ret) { struct xe_gpu_scheduler *sched = &q->guc->sched; - drm_warn(&xe->drm, "Pending enable failed to respond"); + xe_gt_warn(q->gt, "Pending enable/disable failed to respond\n"); xe_sched_submission_start(sched); xe_gt_reset_async(q->gt); xe_sched_tdr_queue_imm(sched); @@ -1101,7 +1103,8 @@ guc_exec_queue_timedout_job(struct drm_sched_job *drm_job) * modifying state */ ret = wait_event_timeout(guc->ct.wq, - !exec_queue_pending_enable(q) || + (!exec_queue_pending_enable(q) && + !exec_queue_pending_disable(q)) || xe_guc_read_stopped(guc), HZ * 5); if (!ret || xe_guc_read_stopped(guc)) goto trigger_reset; @@ -1330,8 +1333,8 @@ static void __guc_exec_queue_process_msg_suspend(struct xe_sched_msg *msg) if (guc_exec_queue_allowed_to_change_state(q) && !exec_queue_suspended(q) && exec_queue_enabled(q)) { - wait_event(guc->ct.wq, q->guc->resume_time != RESUME_PENDING || - xe_guc_read_stopped(guc)); + wait_event(guc->ct.wq, (q->guc->resume_time != RESUME_PENDING || + xe_guc_read_stopped(guc)) && !exec_queue_pending_disable(q)); if (!xe_guc_read_stopped(guc)) { s64 since_resume_ms =

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/bridge: it6505: Fix inverted reset polarity" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c5f3f21728b069412e8072b8b1d0a3d9d3ab0265 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120629-slashing-gas-5297@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c5f3f21728b069412e8072b8b1d0a3d9d3ab0265 Mon Sep 17 00:00:00 2001 From: Chen-Yu Tsai <wenst(a)chromium.org> Date: Tue, 29 Oct 2024 17:54:10 +0800 Subject: [PATCH] drm/bridge: it6505: Fix inverted reset polarity The IT6505 bridge chip has a active low reset line. Since it is a "reset" and not an "enable" line, the GPIO should be asserted to put it in reset and deasserted to bring it out of reset during the power on sequence. The polarity was inverted when the driver was first introduced, likely because the device family that was targeted had an inverting level shifter on the reset line. The MT8186 Corsola devices already have the IT6505 in their device tree, but the whole display pipeline is actually disabled and won't be enabled until some remaining issues are sorted out. The other known user is the MT8183 Kukui / Jacuzzi family; their device trees currently do not have the IT6505 included. Fix the polarity in the driver while there are no actual users. Fixes: b5c84a9edcd4 ("drm/bridge: add it6505 driver") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20241029095411.657616-1-wenst… Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c index 7ff17aa14b01..008d86cc562a 100644 --- a/drivers/gpu/drm/bridge/ite-it6505.c +++ b/drivers/gpu/drm/bridge/ite-it6505.c @@ -2614,9 +2614,9 @@ static int it6505_poweron(struct it6505 *it6505) /* time interval between OVDD and SYSRSTN at least be 10ms */ if (pdata->gpiod_reset) { usleep_range(10000, 20000); - gpiod_set_value_cansleep(pdata->gpiod_reset, 0); - usleep_range(1000, 2000); gpiod_set_value_cansleep(pdata->gpiod_reset, 1); + usleep_range(1000, 2000); + gpiod_set_value_cansleep(pdata->gpiod_reset, 0); usleep_range(25000, 35000); } @@ -2647,7 +2647,7 @@ static int it6505_poweroff(struct it6505 *it6505) disable_irq_nosync(it6505->irq); if (pdata->gpiod_reset) - gpiod_set_value_cansleep(pdata->gpiod_reset, 0); + gpiod_set_value_cansleep(pdata->gpiod_reset, 1); if (pdata->pwr18) { err = regulator_disable(pdata->pwr18); @@ -3135,7 +3135,7 @@ static int it6505_init_pdata(struct it6505 *it6505) return PTR_ERR(pdata->ovdd); } - pdata->gpiod_reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); + pdata->gpiod_reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); if (IS_ERR(pdata->gpiod_reset)) { dev_err(dev, "gpiod_reset gpio not found"); return PTR_ERR(pdata->gpiod_reset);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/bridge: it6505: Fix inverted reset polarity" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c5f3f21728b069412e8072b8b1d0a3d9d3ab0265 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120628-size-spiritism-13d9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c5f3f21728b069412e8072b8b1d0a3d9d3ab0265 Mon Sep 17 00:00:00 2001 From: Chen-Yu Tsai <wenst(a)chromium.org> Date: Tue, 29 Oct 2024 17:54:10 +0800 Subject: [PATCH] drm/bridge: it6505: Fix inverted reset polarity The IT6505 bridge chip has a active low reset line. Since it is a "reset" and not an "enable" line, the GPIO should be asserted to put it in reset and deasserted to bring it out of reset during the power on sequence. The polarity was inverted when the driver was first introduced, likely because the device family that was targeted had an inverting level shifter on the reset line. The MT8186 Corsola devices already have the IT6505 in their device tree, but the whole display pipeline is actually disabled and won't be enabled until some remaining issues are sorted out. The other known user is the MT8183 Kukui / Jacuzzi family; their device trees currently do not have the IT6505 included. Fix the polarity in the driver while there are no actual users. Fixes: b5c84a9edcd4 ("drm/bridge: add it6505 driver") Cc: stable(a)vger.kernel.org Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://patchwork.freedesktop.org/patch/msgid/20241029095411.657616-1-wenst… Signed-off-by: Chen-Yu Tsai <wenst(a)chromium.org> diff --git a/drivers/gpu/drm/bridge/ite-it6505.c b/drivers/gpu/drm/bridge/ite-it6505.c index 7ff17aa14b01..008d86cc562a 100644 --- a/drivers/gpu/drm/bridge/ite-it6505.c +++ b/drivers/gpu/drm/bridge/ite-it6505.c @@ -2614,9 +2614,9 @@ static int it6505_poweron(struct it6505 *it6505) /* time interval between OVDD and SYSRSTN at least be 10ms */ if (pdata->gpiod_reset) { usleep_range(10000, 20000); - gpiod_set_value_cansleep(pdata->gpiod_reset, 0); - usleep_range(1000, 2000); gpiod_set_value_cansleep(pdata->gpiod_reset, 1); + usleep_range(1000, 2000); + gpiod_set_value_cansleep(pdata->gpiod_reset, 0); usleep_range(25000, 35000); } @@ -2647,7 +2647,7 @@ static int it6505_poweroff(struct it6505 *it6505) disable_irq_nosync(it6505->irq); if (pdata->gpiod_reset) - gpiod_set_value_cansleep(pdata->gpiod_reset, 0); + gpiod_set_value_cansleep(pdata->gpiod_reset, 1); if (pdata->pwr18) { err = regulator_disable(pdata->pwr18); @@ -3135,7 +3135,7 @@ static int it6505_init_pdata(struct it6505 *it6505) return PTR_ERR(pdata->ovdd); } - pdata->gpiod_reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); + pdata->gpiod_reset = devm_gpiod_get(dev, "reset", GPIOD_OUT_HIGH); if (IS_ERR(pdata->gpiod_reset)) { dev_err(dev, "gpiod_reset gpio not found"); return PTR_ERR(pdata->gpiod_reset);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 831214f77037de02afc287eae93ce97f218d8c04 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-rifling-twentieth-0cf4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 831214f77037de02afc287eae93ce97f218d8c04 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Fri, 13 Sep 2024 17:04:12 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patchwork.freedesktop.org/patch/msgid/20240913090412.2022848-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_cursor.c b/drivers/gpu/drm/sti/sti_cursor.c index db0a1eb53532..c59fcb4dca32 100644 --- a/drivers/gpu/drm/sti/sti_cursor.c +++ b/drivers/gpu/drm/sti/sti_cursor.c @@ -200,6 +200,9 @@ static int sti_cursor_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 831214f77037de02afc287eae93ce97f218d8c04 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-footsore-silo-9e55@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 831214f77037de02afc287eae93ce97f218d8c04 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Fri, 13 Sep 2024 17:04:12 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patchwork.freedesktop.org/patch/msgid/20240913090412.2022848-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_cursor.c b/drivers/gpu/drm/sti/sti_cursor.c index db0a1eb53532..c59fcb4dca32 100644 --- a/drivers/gpu/drm/sti/sti_cursor.c +++ b/drivers/gpu/drm/sti/sti_cursor.c @@ -200,6 +200,9 @@ static int sti_cursor_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e965e771b069421c233d674c3c8cd8c7f7245f42 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120608-overhang-raider-ef25@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e965e771b069421c233d674c3c8cd8c7f7245f42 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Mon, 9 Sep 2024 14:33:59 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Alain Volmat <alain.volmat(a)foss.st.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240909063359.1197065-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_gdp.c b/drivers/gpu/drm/sti/sti_gdp.c index 43c72c2604a0..f046f5f7ad25 100644 --- a/drivers/gpu/drm/sti/sti_gdp.c +++ b/drivers/gpu/drm/sti/sti_gdp.c @@ -638,6 +638,9 @@ static int sti_gdp_atomic_check(struct drm_plane *drm_plane, mixer = to_sti_mixer(crtc); crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e965e771b069421c233d674c3c8cd8c7f7245f42 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120608-resonant-hedging-7692@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e965e771b069421c233d674c3c8cd8c7f7245f42 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Mon, 9 Sep 2024 14:33:59 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Alain Volmat <alain.volmat(a)foss.st.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240909063359.1197065-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_gdp.c b/drivers/gpu/drm/sti/sti_gdp.c index 43c72c2604a0..f046f5f7ad25 100644 --- a/drivers/gpu/drm/sti/sti_gdp.c +++ b/drivers/gpu/drm/sti/sti_gdp.c @@ -638,6 +638,9 @@ static int sti_gdp_atomic_check(struct drm_plane *drm_plane, mixer = to_sti_mixer(crtc); crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120655-capable-garter-12d3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Fri, 13 Sep 2024 17:09:26 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patchwork.freedesktop.org/patch/msgid/20240913090926.2023716-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_hqvdp.c b/drivers/gpu/drm/sti/sti_hqvdp.c index acbf70b95aeb..5793cf2cb897 100644 --- a/drivers/gpu/drm/sti/sti_hqvdp.c +++ b/drivers/gpu/drm/sti/sti_hqvdp.c @@ -1037,6 +1037,9 @@ static int sti_hqvdp_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/sti: avoid potential dereference of error pointers in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120655-quartered-resurrect-32d1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c1ab40a1fdfee732c7e6ff2fb8253760293e47e8 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Fri, 13 Sep 2024 17:09:26 +0800 Subject: [PATCH] drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Cc: stable(a)vger.kernel.org Fixes: dd86dc2f9ae1 ("drm/sti: implement atomic_check for the planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Link: https://patchwork.freedesktop.org/patch/msgid/20240913090926.2023716-1-make… Signed-off-by: Alain Volmat <alain.volmat(a)foss.st.com> diff --git a/drivers/gpu/drm/sti/sti_hqvdp.c b/drivers/gpu/drm/sti/sti_hqvdp.c index acbf70b95aeb..5793cf2cb897 100644 --- a/drivers/gpu/drm/sti/sti_hqvdp.c +++ b/drivers/gpu/drm/sti/sti_hqvdp.c @@ -1037,6 +1037,9 @@ static int sti_hqvdp_atomic_check(struct drm_plane *drm_plane, return 0; crtc_state = drm_atomic_get_crtc_state(state, crtc); + if (IS_ERR(crtc_state)) + return PTR_ERR(crtc_state); + mode = &crtc_state->mode; dst_x = new_plane_state->crtc_x; dst_y = new_plane_state->crtc_y;

6 months, 2 weeks

1
0
0 0

stable-rc-queue-6.6: Error: arch/arm/boot/dts/renesas/r7s72100-genmai.dts:114.1-5 Label or path bsc not found

by Naresh Kamboju

The arm build failed with gcc-13 on the Linux stable-rc queue 6.6 due to following build warning / errors. arm * arm, build - build/gcc-13-defconfig-lkftconfig Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Build errors: ------ Error: arch/arm/boot/dts/renesas/r7s72100-genmai.dts:114.1-5 Label or path bsc not found FATAL ERROR: Syntax error parsing input tree Links: --- - https://qa-reports.linaro.org/lkft/linux-stable-rc-queues-queue_6.6/build/v… - https://qa-reports.linaro.org/lkft/linux-stable-rc-queues-queue_6.6/build/v… Steps to reproduce: ------------ - tuxmake \ --runtime podman \ --target-arch arm \ --toolchain gcc-13 \ --kconfig https://storage.tuxsuite.com/public/linaro/lkft/builds/2pezSPMVBtcveKsnXdZE… metadata: ---- git describe: v6.6.63-452-g90b0e9ad2d25 git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git git sha: 90b0e9ad2d25b129a24f464eb4fc0c64b19291fb kernel config: https://storage.tuxsuite.com/public/linaro/lkft/builds/2pcDuIKSwfb0J48oc9Ah… build url: https://storage.tuxsuite.com/public/linaro/lkft/builds/2pcDuIKSwfb0J48oc9Ah… toolchain: gcc-13 config: gcc-13-defconfig-lkftconfig arch: arm -- Linaro LKFT https://lkft.linaro.org

6 months, 2 weeks

3
2
0 0

[PATCH] fs/ceph/file: fix memory leaks in __ceph_sync_read()

by Max Kellermann

In two `break` statements, the call to ceph_release_page_vector() was missing, leaking the allocation from ceph_alloc_page_vector(). Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/ceph/file.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ceph/file.c b/fs/ceph/file.c index 4b8d59ebda00..24d0f1cc9aac 100644 --- a/fs/ceph/file.c +++ b/fs/ceph/file.c @@ -1134,6 +1134,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos, extent_cnt = __ceph_sparse_read_ext_count(inode, read_len); ret = ceph_alloc_sparse_ext_map(op, extent_cnt); if (ret) { + ceph_release_page_vector(pages, num_pages); ceph_osdc_put_request(req); break; } @@ -1168,6 +1169,7 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos, op->extent.sparse_ext_cnt); if (fret < 0) { ret = fret; + ceph_release_page_vector(pages, num_pages); ceph_osdc_put_request(req); break; } -- 2.45.2

6 months, 2 weeks

3
21
0 0

[PATCH 6.6.x] btrfs: add cancellation points to trim loops

by David Sterba

From: Luca Stefani <luca.stefani.ge1(a)gmail.com> There are reports that system cannot suspend due to running trim because the task responsible for trimming the device isn't able to finish in time, especially since we have a free extent discarding phase, which can trim a lot of unallocated space. There are no limits on the trim size (unlike the block group part). Since trime isn't a critical call it can be interrupted at any time, in such cases we stop the trim, report the amount of discarded bytes and return an error. Link: https://bugzilla.kernel.org/show_bug.cgi?id=219180 Link: https://bugzilla.suse.com/show_bug.cgi?id=1229737 CC: stable(a)vger.kernel.org # 5.15+ Signed-off-by: Luca Stefani <luca.stefani.ge1(a)gmail.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> --- fs/btrfs/extent-tree.c | 7 ++++++- fs/btrfs/free-space-cache.c | 4 ++-- fs/btrfs/free-space-cache.h | 7 +++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c index b3680e1c7054..599407120513 100644 --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -1319,6 +1319,11 @@ static int btrfs_issue_discard(struct block_device *bdev, u64 start, u64 len, start += bytes_to_discard; bytes_left -= bytes_to_discard; *discarded_bytes += bytes_to_discard; + + if (btrfs_trim_interrupted()) { + ret = -ERESTARTSYS; + break; + } } return ret; @@ -6094,7 +6099,7 @@ static int btrfs_trim_free_extents(struct btrfs_device *device, u64 *trimmed) start += len; *trimmed += bytes; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } diff --git a/fs/btrfs/free-space-cache.c b/fs/btrfs/free-space-cache.c index 3bcf4a30cad7..9a6ec9344c3e 100644 --- a/fs/btrfs/free-space-cache.c +++ b/fs/btrfs/free-space-cache.c @@ -3808,7 +3808,7 @@ static int trim_no_bitmap(struct btrfs_block_group *block_group, if (async && *total_trimmed) break; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { ret = -ERESTARTSYS; break; } @@ -3999,7 +3999,7 @@ static int trim_bitmaps(struct btrfs_block_group *block_group, } block_group->discard_cursor = start; - if (fatal_signal_pending(current)) { + if (btrfs_trim_interrupted()) { if (start != offset) reset_trimming_bitmap(ctl, offset); ret = -ERESTARTSYS; diff --git a/fs/btrfs/free-space-cache.h b/fs/btrfs/free-space-cache.h index 33b4da3271b1..bd80c7b2af96 100644 --- a/fs/btrfs/free-space-cache.h +++ b/fs/btrfs/free-space-cache.h @@ -6,6 +6,8 @@ #ifndef BTRFS_FREE_SPACE_CACHE_H #define BTRFS_FREE_SPACE_CACHE_H +#include <linux/freezer.h> + /* * This is the trim state of an extent or bitmap. * @@ -43,6 +45,11 @@ static inline bool btrfs_free_space_trimming_bitmap( return (info->trim_state == BTRFS_TRIM_STATE_TRIMMING); } +static inline bool btrfs_trim_interrupted(void) +{ + return fatal_signal_pending(current) || freezing(current); +} + /* * Deltas are an effective way to populate global statistics. Give macro names * to make it clear what we're doing. An example is discard_extents in -- 2.45.0

6 months, 2 weeks

5
6
0 0

FAILED: patch "[PATCH] iio: adc: ad7923: Fix buffer overflow for tx_buf and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3a4187ec454e19903fd15f6e1825a4b84e59a4cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120633-brutishly-whisking-17ca@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a4187ec454e19903fd15f6e1825a4b84e59a4cd Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Tue, 29 Oct 2024 13:46:37 +0000 Subject: [PATCH] iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928") Cc: stable(a)vger.kernel.org Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> Link: https://patch.msgid.link/20241029134637.2261336-1-quzicheng@huawei.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c index 09680015a7ab..acc44cb34f82 100644 --- a/drivers/iio/adc/ad7923.c +++ b/drivers/iio/adc/ad7923.c @@ -48,7 +48,7 @@ struct ad7923_state { struct spi_device *spi; - struct spi_transfer ring_xfer[5]; + struct spi_transfer ring_xfer[9]; struct spi_transfer scan_single_xfer[2]; struct spi_message ring_msg; struct spi_message scan_single_msg; @@ -64,7 +64,7 @@ struct ad7923_state { * Length = 8 channels + 4 extra for 8 byte timestamp */ __be16 rx_buf[12] __aligned(IIO_DMA_MINALIGN); - __be16 tx_buf[4]; + __be16 tx_buf[8]; }; struct ad7923_chip_info {

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: adc: ad7923: Fix buffer overflow for tx_buf and" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3a4187ec454e19903fd15f6e1825a4b84e59a4cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120632-reprogram-skyrocket-0fdd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a4187ec454e19903fd15f6e1825a4b84e59a4cd Mon Sep 17 00:00:00 2001 From: Nuno Sa <nuno.sa(a)analog.com> Date: Tue, 29 Oct 2024 13:46:37 +0000 Subject: [PATCH] iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). Fixes: 851644a60d20 ("iio: adc: ad7923: Add support for the ad7908/ad7918/ad7928") Cc: stable(a)vger.kernel.org Signed-off-by: Nuno Sa <nuno.sa(a)analog.com> Signed-off-by: Zicheng Qu <quzicheng(a)huawei.com> Link: https://patch.msgid.link/20241029134637.2261336-1-quzicheng@huawei.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/adc/ad7923.c b/drivers/iio/adc/ad7923.c index 09680015a7ab..acc44cb34f82 100644 --- a/drivers/iio/adc/ad7923.c +++ b/drivers/iio/adc/ad7923.c @@ -48,7 +48,7 @@ struct ad7923_state { struct spi_device *spi; - struct spi_transfer ring_xfer[5]; + struct spi_transfer ring_xfer[9]; struct spi_transfer scan_single_xfer[2]; struct spi_message ring_msg; struct spi_message scan_single_msg; @@ -64,7 +64,7 @@ struct ad7923_state { * Length = 8 channels + 4 extra for 8 byte timestamp */ __be16 rx_buf[12] __aligned(IIO_DMA_MINALIGN); - __be16 tx_buf[4]; + __be16 tx_buf[8]; }; struct ad7923_chip_info {

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] leds: flash: mt6360: Fix device_for_each_child_node()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 73b03b27736e440e3009fe1319cbc82d2cd1290c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120654-feminize-upstart-b8c4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73b03b27736e440e3009fe1319cbc82d2cd1290c Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Fri, 27 Sep 2024 01:20:52 +0200 Subject: [PATCH] leds: flash: mt6360: Fix device_for_each_child_node() refcounting in error paths The device_for_each_child_node() macro requires explicit calls to fwnode_handle_put() upon early exits to avoid memory leaks, and in this case the error paths are handled after jumping to 'out_flash_realease', which misses that required call to to decrement the refcount of the child node. A more elegant and robust solution is using the scoped variant of the loop, which automatically handles such early exits. Fix the child node refcounting in the error paths by using device_for_each_child_node_scoped(). Cc: stable(a)vger.kernel.org Fixes: 679f8652064b ("leds: Add mt6360 driver") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Link: https://lore.kernel.org/r/20240927-leds_device_for_each_child_node_scoped-v… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/leds/flash/leds-mt6360.c b/drivers/leds/flash/leds-mt6360.c index 4c74f1cf01f0..676236c19ec4 100644 --- a/drivers/leds/flash/leds-mt6360.c +++ b/drivers/leds/flash/leds-mt6360.c @@ -784,7 +784,6 @@ static void mt6360_v4l2_flash_release(struct mt6360_priv *priv) static int mt6360_led_probe(struct platform_device *pdev) { struct mt6360_priv *priv; - struct fwnode_handle *child; size_t count; int i = 0, ret; @@ -811,7 +810,7 @@ static int mt6360_led_probe(struct platform_device *pdev) return -ENODEV; } - device_for_each_child_node(&pdev->dev, child) { + device_for_each_child_node_scoped(&pdev->dev, child) { struct mt6360_led *led = priv->leds + i; struct led_init_data init_data = { .fwnode = child, }; u32 reg, led_color;

6 months, 2 weeks

1
0
0 0

[tip: x86/urgent] cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU

by tip-bot2 for Ricardo Neri

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: b3fce429a1e030b50c1c91351d69b8667eef627b Gitweb: https://git.kernel.org/tip/b3fce429a1e030b50c1c91351d69b8667eef627b Author: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> AuthorDate: Wed, 27 Nov 2024 16:22:46 -08:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 06 Dec 2024 13:07:47 +01:00 cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate and build cacheinfo early during boot. Commit 6539cffa9495 ("cacheinfo: Add arch specific early level initializer") lets secondary CPUs correct (and reallocate memory) cacheinfo data if needed. If the early build functionality is not used and cacheinfo does not need correction, memory for cacheinfo is never allocated. x86 does not use the early build functionality. Consequently, during the cacheinfo CPU hotplug callback, last_level_cache_is_valid() attempts to dereference a NULL pointer: BUG: kernel NULL pointer dereference, address: 0000000000000100 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not present page PGD 0 P4D 0 Oops: 0000 [#1] PREEPMT SMP NOPTI CPU: 0 PID 19 Comm: cpuhp/0 Not tainted 6.4.0-rc2 #1 RIP: 0010: last_level_cache_is_valid+0x95/0xe0a Allocate memory for cacheinfo during the cacheinfo CPU hotplug callback if not done earlier. Moreover, before determining the validity of the last-level cache info, ensure that it has been allocated. Simply checking for non-zero cache_leaves() is not sufficient, as some architectures (e.g., Intel processors) have non-zero cache_leaves() before allocation. Dereferencing NULL cacheinfo can occur in update_per_cpu_data_slice_size(). This function iterates over all online CPUs. However, a CPU may have come online recently, but its cacheinfo may not have been allocated yet. While here, remove an unnecessary indentation in allocate_cache_info(). [ bp: Massage. ] Fixes: 6539cffa9495 ("cacheinfo: Add arch specific early level initializer") Signed-off-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Radu Rendec <rrendec(a)redhat.com> Reviewed-by: Nikolay Borisov <nik.borisov(a)suse.com> Reviewed-by: Andreas Herrmann <aherrmann(a)suse.de> Reviewed-by: Sudeep Holla <sudeep.holla(a)arm.com> Cc: stable(a)vger.kernel.org # 6.3+ Link: https://lore.kernel.org/r/20241128002247.26726-2-ricardo.neri-calderon@linu… --- drivers/base/cacheinfo.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c index 609935a..cf0d455 100644 --- a/drivers/base/cacheinfo.c +++ b/drivers/base/cacheinfo.c @@ -58,7 +58,7 @@ bool last_level_cache_is_valid(unsigned int cpu) { struct cacheinfo *llc; - if (!cache_leaves(cpu)) + if (!cache_leaves(cpu) || !per_cpu_cacheinfo(cpu)) return false; llc = per_cpu_cacheinfo_idx(cpu, cache_leaves(cpu) - 1); @@ -458,11 +458,9 @@ int __weak populate_cache_leaves(unsigned int cpu) return -ENOENT; } -static inline -int allocate_cache_info(int cpu) +static inline int allocate_cache_info(int cpu) { - per_cpu_cacheinfo(cpu) = kcalloc(cache_leaves(cpu), - sizeof(struct cacheinfo), GFP_ATOMIC); + per_cpu_cacheinfo(cpu) = kcalloc(cache_leaves(cpu), sizeof(struct cacheinfo), GFP_ATOMIC); if (!per_cpu_cacheinfo(cpu)) { cache_leaves(cpu) = 0; return -ENOMEM; @@ -534,7 +532,11 @@ static inline int init_level_allocate_ci(unsigned int cpu) */ ci_cacheinfo(cpu)->early_ci_levels = false; - if (cache_leaves(cpu) <= early_leaves) + /* + * Some architectures (e.g., x86) do not use early initialization. + * Allocate memory now in such case. + */ + if (cache_leaves(cpu) <= early_leaves && per_cpu_cacheinfo(cpu)) return 0; kfree(per_cpu_cacheinfo(cpu));

6 months, 2 weeks

1
0
0 0

[tip: x86/urgent] x86/cacheinfo: Delete global num_cache_leaves

by tip-bot2 for Ricardo Neri

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 9677be09e5e4fbe48aeccb06ae3063c5eba331c3 Gitweb: https://git.kernel.org/tip/9677be09e5e4fbe48aeccb06ae3063c5eba331c3 Author: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> AuthorDate: Wed, 27 Nov 2024 16:22:47 -08:00 Committer: Borislav Petkov (AMD) <bp(a)alien8.de> CommitterDate: Fri, 06 Dec 2024 13:13:36 +01:00 x86/cacheinfo: Delete global num_cache_leaves Linux remembers cpu_cachinfo::num_leaves per CPU, but x86 initializes all CPUs from the same global "num_cache_leaves". This is erroneous on systems such as Meteor Lake, where each CPU has a distinct num_leaves value. Delete the global "num_cache_leaves" and initialize num_leaves on each CPU. init_cache_level() no longer needs to set num_leaves. Also, it never had to set num_levels as it is unnecessary in x86. Keep checking for zero cache leaves. Such condition indicates a bug. [ bp: Cleanup. ] Signed-off-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: stable(a)vger.kernel.org # 6.3+ Link: https://lore.kernel.org/r/20241128002247.26726-3-ricardo.neri-calderon@linu… --- arch/x86/kernel/cpu/cacheinfo.c | 43 +++++++++++++++----------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/arch/x86/kernel/cpu/cacheinfo.c b/arch/x86/kernel/cpu/cacheinfo.c index 392d09c..e6fa03e 100644 --- a/arch/x86/kernel/cpu/cacheinfo.c +++ b/arch/x86/kernel/cpu/cacheinfo.c @@ -178,8 +178,6 @@ struct _cpuid4_info_regs { struct amd_northbridge *nb; }; -static unsigned short num_cache_leaves; - /* AMD doesn't have CPUID4. Emulate it here to report the same information to the user. This makes some assumptions about the machine: L2 not shared, no SMT etc. that is currently true on AMD CPUs. @@ -717,20 +715,23 @@ void cacheinfo_hygon_init_llc_id(struct cpuinfo_x86 *c) void init_amd_cacheinfo(struct cpuinfo_x86 *c) { + struct cpu_cacheinfo *ci = get_cpu_cacheinfo(c->cpu_index); if (boot_cpu_has(X86_FEATURE_TOPOEXT)) { - num_cache_leaves = find_num_cache_leaves(c); + ci->num_leaves = find_num_cache_leaves(c); } else if (c->extended_cpuid_level >= 0x80000006) { if (cpuid_edx(0x80000006) & 0xf000) - num_cache_leaves = 4; + ci->num_leaves = 4; else - num_cache_leaves = 3; + ci->num_leaves = 3; } } void init_hygon_cacheinfo(struct cpuinfo_x86 *c) { - num_cache_leaves = find_num_cache_leaves(c); + struct cpu_cacheinfo *ci = get_cpu_cacheinfo(c->cpu_index); + + ci->num_leaves = find_num_cache_leaves(c); } void init_intel_cacheinfo(struct cpuinfo_x86 *c) @@ -740,21 +741,21 @@ void init_intel_cacheinfo(struct cpuinfo_x86 *c) unsigned int new_l1d = 0, new_l1i = 0; /* Cache sizes from cpuid(4) */ unsigned int new_l2 = 0, new_l3 = 0, i; /* Cache sizes from cpuid(4) */ unsigned int l2_id = 0, l3_id = 0, num_threads_sharing, index_msb; + struct cpu_cacheinfo *ci = get_cpu_cacheinfo(c->cpu_index); if (c->cpuid_level > 3) { - static int is_initialized; - - if (is_initialized == 0) { - /* Init num_cache_leaves from boot CPU */ - num_cache_leaves = find_num_cache_leaves(c); - is_initialized++; - } + /* + * There should be at least one leaf. A non-zero value means + * that the number of leaves has been initialized. + */ + if (!ci->num_leaves) + ci->num_leaves = find_num_cache_leaves(c); /* * Whenever possible use cpuid(4), deterministic cache * parameters cpuid leaf to find the cache details */ - for (i = 0; i < num_cache_leaves; i++) { + for (i = 0; i < ci->num_leaves; i++) { struct _cpuid4_info_regs this_leaf = {}; int retval; @@ -790,14 +791,14 @@ void init_intel_cacheinfo(struct cpuinfo_x86 *c) * Don't use cpuid2 if cpuid4 is supported. For P4, we use cpuid2 for * trace cache */ - if ((num_cache_leaves == 0 || c->x86 == 15) && c->cpuid_level > 1) { + if ((!ci->num_leaves || c->x86 == 15) && c->cpuid_level > 1) { /* supports eax=2 call */ int j, n; unsigned int regs[4]; unsigned char *dp = (unsigned char *)regs; int only_trace = 0; - if (num_cache_leaves != 0 && c->x86 == 15) + if (ci->num_leaves && c->x86 == 15) only_trace = 1; /* Number of times to iterate */ @@ -991,14 +992,12 @@ static void ci_leaf_init(struct cacheinfo *this_leaf, int init_cache_level(unsigned int cpu) { - struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu); + struct cpu_cacheinfo *ci = get_cpu_cacheinfo(cpu); - if (!num_cache_leaves) + /* There should be at least one leaf. */ + if (!ci->num_leaves) return -ENOENT; - if (!this_cpu_ci) - return -EINVAL; - this_cpu_ci->num_levels = 3; - this_cpu_ci->num_leaves = num_cache_leaves; + return 0; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: endpoint: Clear secondary (not primary) EPC in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 688d2eb4c6fcfdcdaed0592f9df9196573ff5ce2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120649-cranium-uncle-f7f1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 688d2eb4c6fcfdcdaed0592f9df9196573ff5ce2 Mon Sep 17 00:00:00 2001 From: Zijun Hu <quic_zijuhu(a)quicinc.com> Date: Thu, 7 Nov 2024 08:53:09 +0800 Subject: [PATCH] PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In addition to a primary endpoint controller, an endpoint function may be associated with a secondary endpoint controller, epf->sec_epc, to provide NTB (non-transparent bridge) functionality. Previously, pci_epc_remove_epf() incorrectly cleared epf->epc instead of epf->sec_epc when removing from the secondary endpoint controller. Extend the epc->list_lock coverage and clear either epf->epc or epf->sec_epc as indicated. Link: https://lore.kernel.org/r/20241107-epc_rfc-v2-2-da5b6a99a66f@quicinc.com Fixes: 63840ff53223 ("PCI: endpoint: Add support to associate secondary EPC with EPF") Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [mani: reworded subject and description] Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [bhelgaas: commit log] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c index 21af2dbacc33..bed7c7d1fe3c 100644 --- a/drivers/pci/endpoint/pci-epc-core.c +++ b/drivers/pci/endpoint/pci-epc-core.c @@ -746,18 +746,18 @@ void pci_epc_remove_epf(struct pci_epc *epc, struct pci_epf *epf, if (IS_ERR_OR_NULL(epc) || !epf) return; + mutex_lock(&epc->list_lock); if (type == PRIMARY_INTERFACE) { func_no = epf->func_no; list = &epf->list; + epf->epc = NULL; } else { func_no = epf->sec_epc_func_no; list = &epf->sec_epc_list; + epf->sec_epc = NULL; } - - mutex_lock(&epc->list_lock); clear_bit(func_no, &epc->function_num_map); list_del(list); - epf->epc = NULL; mutex_unlock(&epc->list_lock); } EXPORT_SYMBOL_GPL(pci_epc_remove_epf);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: endpoint: Clear secondary (not primary) EPC in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 688d2eb4c6fcfdcdaed0592f9df9196573ff5ce2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120648-rigging-lying-eda9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 688d2eb4c6fcfdcdaed0592f9df9196573ff5ce2 Mon Sep 17 00:00:00 2001 From: Zijun Hu <quic_zijuhu(a)quicinc.com> Date: Thu, 7 Nov 2024 08:53:09 +0800 Subject: [PATCH] PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In addition to a primary endpoint controller, an endpoint function may be associated with a secondary endpoint controller, epf->sec_epc, to provide NTB (non-transparent bridge) functionality. Previously, pci_epc_remove_epf() incorrectly cleared epf->epc instead of epf->sec_epc when removing from the secondary endpoint controller. Extend the epc->list_lock coverage and clear either epf->epc or epf->sec_epc as indicated. Link: https://lore.kernel.org/r/20241107-epc_rfc-v2-2-da5b6a99a66f@quicinc.com Fixes: 63840ff53223 ("PCI: endpoint: Add support to associate secondary EPC with EPF") Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [mani: reworded subject and description] Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> [bhelgaas: commit log] Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/endpoint/pci-epc-core.c b/drivers/pci/endpoint/pci-epc-core.c index 21af2dbacc33..bed7c7d1fe3c 100644 --- a/drivers/pci/endpoint/pci-epc-core.c +++ b/drivers/pci/endpoint/pci-epc-core.c @@ -746,18 +746,18 @@ void pci_epc_remove_epf(struct pci_epc *epc, struct pci_epf *epf, if (IS_ERR_OR_NULL(epc) || !epf) return; + mutex_lock(&epc->list_lock); if (type == PRIMARY_INTERFACE) { func_no = epf->func_no; list = &epf->list; + epf->epc = NULL; } else { func_no = epf->sec_epc_func_no; list = &epf->sec_epc_list; + epf->sec_epc = NULL; } - - mutex_lock(&epc->list_lock); clear_bit(func_no, &epc->function_num_map); list_del(list); - epf->epc = NULL; mutex_unlock(&epc->list_lock); } EXPORT_SYMBOL_GPL(pci_epc_remove_epf);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: keystone: Set mode as Root Complex for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5a938ed9481b0c06cb97aec45e722a80568256fd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120616-pucker-unlisted-7c65@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a938ed9481b0c06cb97aec45e722a80568256fd Mon Sep 17 00:00:00 2001 From: Kishon Vijay Abraham I <kishon(a)ti.com> Date: Fri, 24 May 2024 16:27:13 +0530 Subject: [PATCH] PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") introduced configuring "enum dw_pcie_device_mode" as part of device data ("struct ks_pcie_of_data"). However it failed to set the mode for "ti,keystone-pcie" compatible. Since the mode defaults to "DW_PCIE_UNKNOWN_TYPE", the following error message is displayed for the v3.65a controller: "INVALID device type 0" Despite the driver probing successfully, the controller may not be functional in the Root Complex mode of operation. So, set the mode as Root Complex for "ti,keystone-pcie" compatible to fix this. Fixes: 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") Link: https://lore.kernel.org/r/20240524105714.191642-2-s-vadapalli@ti.com Signed-off-by: Kishon Vijay Abraham I <kishon(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log, added tag for stable releases] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c index 2219b1a866fa..b99bc4071fe9 100644 --- a/drivers/pci/controller/dwc/pci-keystone.c +++ b/drivers/pci/controller/dwc/pci-keystone.c @@ -1093,6 +1093,7 @@ static int ks_pcie_am654_set_mode(struct device *dev, static const struct ks_pcie_of_data ks_pcie_rc_of_data = { .host_ops = &ks_pcie_host_ops, + .mode = DW_PCIE_RC_TYPE, .version = DW_PCIE_VER_365A, };

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: keystone: Set mode as Root Complex for" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5a938ed9481b0c06cb97aec45e722a80568256fd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120615-backlands-caboose-2224@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a938ed9481b0c06cb97aec45e722a80568256fd Mon Sep 17 00:00:00 2001 From: Kishon Vijay Abraham I <kishon(a)ti.com> Date: Fri, 24 May 2024 16:27:13 +0530 Subject: [PATCH] PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") introduced configuring "enum dw_pcie_device_mode" as part of device data ("struct ks_pcie_of_data"). However it failed to set the mode for "ti,keystone-pcie" compatible. Since the mode defaults to "DW_PCIE_UNKNOWN_TYPE", the following error message is displayed for the v3.65a controller: "INVALID device type 0" Despite the driver probing successfully, the controller may not be functional in the Root Complex mode of operation. So, set the mode as Root Complex for "ti,keystone-pcie" compatible to fix this. Fixes: 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") Link: https://lore.kernel.org/r/20240524105714.191642-2-s-vadapalli@ti.com Signed-off-by: Kishon Vijay Abraham I <kishon(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log, added tag for stable releases] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c index 2219b1a866fa..b99bc4071fe9 100644 --- a/drivers/pci/controller/dwc/pci-keystone.c +++ b/drivers/pci/controller/dwc/pci-keystone.c @@ -1093,6 +1093,7 @@ static int ks_pcie_am654_set_mode(struct device *dev, static const struct ks_pcie_of_data ks_pcie_rc_of_data = { .host_ops = &ks_pcie_host_ops, + .mode = DW_PCIE_RC_TYPE, .version = DW_PCIE_VER_365A, };

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] PCI: keystone: Set mode as Root Complex for" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5a938ed9481b0c06cb97aec45e722a80568256fd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120615-outlook-lubricate-b9e4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5a938ed9481b0c06cb97aec45e722a80568256fd Mon Sep 17 00:00:00 2001 From: Kishon Vijay Abraham I <kishon(a)ti.com> Date: Fri, 24 May 2024 16:27:13 +0530 Subject: [PATCH] PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie" compatible MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") introduced configuring "enum dw_pcie_device_mode" as part of device data ("struct ks_pcie_of_data"). However it failed to set the mode for "ti,keystone-pcie" compatible. Since the mode defaults to "DW_PCIE_UNKNOWN_TYPE", the following error message is displayed for the v3.65a controller: "INVALID device type 0" Despite the driver probing successfully, the controller may not be functional in the Root Complex mode of operation. So, set the mode as Root Complex for "ti,keystone-pcie" compatible to fix this. Fixes: 23284ad677a9 ("PCI: keystone: Add support for PCIe EP in AM654x Platforms") Link: https://lore.kernel.org/r/20240524105714.191642-2-s-vadapalli@ti.com Signed-off-by: Kishon Vijay Abraham I <kishon(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log, added tag for stable releases] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-keystone.c b/drivers/pci/controller/dwc/pci-keystone.c index 2219b1a866fa..b99bc4071fe9 100644 --- a/drivers/pci/controller/dwc/pci-keystone.c +++ b/drivers/pci/controller/dwc/pci-keystone.c @@ -1093,6 +1093,7 @@ static int ks_pcie_am654_set_mode(struct device *dev, static const struct ks_pcie_of_data ks_pcie_rc_of_data = { .host_ops = &ks_pcie_host_ops, + .mode = DW_PCIE_RC_TYPE, .version = DW_PCIE_VER_365A, };

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120658-coconut-scarily-bdce@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120656-similarly-encrust-8f50@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120657-dingbat-coastal-f209@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120655-grumble-camcorder-7549@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: Fix dynamic address leak when 'assigned-address'" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 851bd21cdb55e727ab29280bc9f6b678164f802a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120654-praying-washhouse-f5de@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 851bd21cdb55e727ab29280bc9f6b678164f802a Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Mon, 21 Oct 2024 11:45:08 -0400 Subject: [PATCH] i3c: master: Fix dynamic address leak when 'assigned-address' is present If the DTS contains 'assigned-address', a dynamic address leak occurs during hotjoin events. Assume a device have assigned-address 0xb. - Device issue Hotjoin - Call i3c_master_do_daa() - Call driver xxx_do_daa() - Call i3c_master_get_free_addr() to get dynamic address 0x9 - i3c_master_add_i3c_dev_locked(0x9) - expected_dyn_addr = newdev->boardinfo->init_dyn_addr (0xb); - i3c_master_reattach_i3c_dev(newdev(0xb), old_dyn_addr(0x9)); - if (dev->info.dyn_addr != old_dyn_addr && ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0x9 -> TRUE (!dev->boardinfo || ^^^^^^^^^^^^^^^ -> FALSE dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 0xb != 0xb -> FALSE ... i3c_bus_set_addr_slot_status(&master->bus, old_dyn_addr, I3C_ADDR_SLOT_FREE); ^^^ This will be skipped. So old_dyn_addr never free } - i3c_master_get_free_addr() will return increased sequence number. Remove dev->info.dyn_addr != dev->boardinfo->init_dyn_addr condition check. dev->info.dyn_addr should be checked before calling this function because i3c_master_setnewda_locked() has already been called and the target device has already accepted dyn_addr. It is too late to check if dyn_addr is free in i3c_master_reattach_i3c_dev(). Add check to ensure expected_dyn_addr is free before i3c_master_setnewda_locked(). Fixes: cc3a392d69b6 ("i3c: master: fix for SETDASA and DAA process") Cc: stable(a)kernel.org Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241021-i3c_dts_assign-v8-3-4098b8bde01e@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master.c b/drivers/i3c/master.c index 1bf9cb138f77..5a089be7e072 100644 --- a/drivers/i3c/master.c +++ b/drivers/i3c/master.c @@ -1548,16 +1548,9 @@ static int i3c_master_reattach_i3c_dev(struct i3c_dev_desc *dev, u8 old_dyn_addr) { struct i3c_master_controller *master = i3c_dev_get_master(dev); - enum i3c_addr_slot_status status; int ret; - if (dev->info.dyn_addr != old_dyn_addr && - (!dev->boardinfo || - dev->info.dyn_addr != dev->boardinfo->init_dyn_addr)) { - status = i3c_bus_get_addr_slot_status(&master->bus, - dev->info.dyn_addr); - if (status != I3C_ADDR_SLOT_FREE) - return -EBUSY; + if (dev->info.dyn_addr != old_dyn_addr) { i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, I3C_ADDR_SLOT_I3C_DEV); @@ -1960,9 +1953,10 @@ static int i3c_master_bus_init(struct i3c_master_controller *master) goto err_rstdaa; } + /* Do not mark as occupied until real device exist in bus */ i3c_bus_set_addr_slot_status_mask(&master->bus, i3cboardinfo->init_dyn_addr, - I3C_ADDR_SLOT_I3C_DEV | I3C_ADDR_SLOT_EXT_DESIRED, + I3C_ADDR_SLOT_EXT_DESIRED, I3C_ADDR_SLOT_EXT_STATUS_MASK); /* @@ -2126,7 +2120,8 @@ int i3c_master_add_i3c_dev_locked(struct i3c_master_controller *master, else expected_dyn_addr = newdev->info.dyn_addr; - if (newdev->info.dyn_addr != expected_dyn_addr) { + if (newdev->info.dyn_addr != expected_dyn_addr && + i3c_bus_get_addr_slot_status(&master->bus, expected_dyn_addr) == I3C_ADDR_SLOT_FREE) { /* * Try to apply the expected dynamic address. If it fails, keep * the address assigned by the master.

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 25bc99be5fe53853053ceeaa328068c49dc1e799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120644-desolate-caterer-afb9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25bc99be5fe53853053ceeaa328068c49dc1e799 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Fri, 1 Nov 2024 12:50:02 -0400 Subject: [PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Fix issue where disabling IBI on one device disables the entire IBI interrupt. Modify bit 7:0 of enabled_events to serve as an IBI enable counter, ensuring that the system IBI interrupt is disabled only when all I3C devices have IBI disabled. Cc: stable(a)kernel.org Fixes: 7ff730ca458e ("i3c: master: svc: enable the interrupt in the enable ibi function") Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241101165002.2479794-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index c53f2b27662f..c1ee3828e7ee 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -130,8 +130,8 @@ #define SVC_I3C_PPBAUD_MAX 15 #define SVC_I3C_QUICK_I2C_CLK 4170000 -#define SVC_I3C_EVENT_IBI BIT(0) -#define SVC_I3C_EVENT_HOTJOIN BIT(1) +#define SVC_I3C_EVENT_IBI GENMASK(7, 0) +#define SVC_I3C_EVENT_HOTJOIN BIT(31) struct svc_i3c_cmd { u8 addr; @@ -214,7 +214,7 @@ struct svc_i3c_master { spinlock_t lock; } ibi; struct mutex lock; - int enabled_events; + u32 enabled_events; u32 mctrl_config; }; @@ -1688,7 +1688,7 @@ static int svc_i3c_master_enable_ibi(struct i3c_dev_desc *dev) return ret; } - master->enabled_events |= SVC_I3C_EVENT_IBI; + master->enabled_events++; svc_i3c_master_enable_interrupts(master, SVC_I3C_MINT_SLVSTART); return i3c_master_enec_locked(m, dev->info.dyn_addr, I3C_CCC_EVENT_SIR); @@ -1700,7 +1700,7 @@ static int svc_i3c_master_disable_ibi(struct i3c_dev_desc *dev) struct svc_i3c_master *master = to_svc_i3c_master(m); int ret; - master->enabled_events &= ~SVC_I3C_EVENT_IBI; + master->enabled_events--; if (!master->enabled_events) svc_i3c_master_disable_interrupts(master);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 25bc99be5fe53853053ceeaa328068c49dc1e799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120644-rule-sequester-6d37@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25bc99be5fe53853053ceeaa328068c49dc1e799 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Fri, 1 Nov 2024 12:50:02 -0400 Subject: [PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Fix issue where disabling IBI on one device disables the entire IBI interrupt. Modify bit 7:0 of enabled_events to serve as an IBI enable counter, ensuring that the system IBI interrupt is disabled only when all I3C devices have IBI disabled. Cc: stable(a)kernel.org Fixes: 7ff730ca458e ("i3c: master: svc: enable the interrupt in the enable ibi function") Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241101165002.2479794-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index c53f2b27662f..c1ee3828e7ee 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -130,8 +130,8 @@ #define SVC_I3C_PPBAUD_MAX 15 #define SVC_I3C_QUICK_I2C_CLK 4170000 -#define SVC_I3C_EVENT_IBI BIT(0) -#define SVC_I3C_EVENT_HOTJOIN BIT(1) +#define SVC_I3C_EVENT_IBI GENMASK(7, 0) +#define SVC_I3C_EVENT_HOTJOIN BIT(31) struct svc_i3c_cmd { u8 addr; @@ -214,7 +214,7 @@ struct svc_i3c_master { spinlock_t lock; } ibi; struct mutex lock; - int enabled_events; + u32 enabled_events; u32 mctrl_config; }; @@ -1688,7 +1688,7 @@ static int svc_i3c_master_enable_ibi(struct i3c_dev_desc *dev) return ret; } - master->enabled_events |= SVC_I3C_EVENT_IBI; + master->enabled_events++; svc_i3c_master_enable_interrupts(master, SVC_I3C_MINT_SLVSTART); return i3c_master_enec_locked(m, dev->info.dyn_addr, I3C_CCC_EVENT_SIR); @@ -1700,7 +1700,7 @@ static int svc_i3c_master_disable_ibi(struct i3c_dev_desc *dev) struct svc_i3c_master *master = to_svc_i3c_master(m); int ret; - master->enabled_events &= ~SVC_I3C_EVENT_IBI; + master->enabled_events--; if (!master->enabled_events) svc_i3c_master_disable_interrupts(master);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 25bc99be5fe53853053ceeaa328068c49dc1e799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120643-catcher-grievance-879c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25bc99be5fe53853053ceeaa328068c49dc1e799 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Fri, 1 Nov 2024 12:50:02 -0400 Subject: [PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Fix issue where disabling IBI on one device disables the entire IBI interrupt. Modify bit 7:0 of enabled_events to serve as an IBI enable counter, ensuring that the system IBI interrupt is disabled only when all I3C devices have IBI disabled. Cc: stable(a)kernel.org Fixes: 7ff730ca458e ("i3c: master: svc: enable the interrupt in the enable ibi function") Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241101165002.2479794-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index c53f2b27662f..c1ee3828e7ee 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -130,8 +130,8 @@ #define SVC_I3C_PPBAUD_MAX 15 #define SVC_I3C_QUICK_I2C_CLK 4170000 -#define SVC_I3C_EVENT_IBI BIT(0) -#define SVC_I3C_EVENT_HOTJOIN BIT(1) +#define SVC_I3C_EVENT_IBI GENMASK(7, 0) +#define SVC_I3C_EVENT_HOTJOIN BIT(31) struct svc_i3c_cmd { u8 addr; @@ -214,7 +214,7 @@ struct svc_i3c_master { spinlock_t lock; } ibi; struct mutex lock; - int enabled_events; + u32 enabled_events; u32 mctrl_config; }; @@ -1688,7 +1688,7 @@ static int svc_i3c_master_enable_ibi(struct i3c_dev_desc *dev) return ret; } - master->enabled_events |= SVC_I3C_EVENT_IBI; + master->enabled_events++; svc_i3c_master_enable_interrupts(master, SVC_I3C_MINT_SLVSTART); return i3c_master_enec_locked(m, dev->info.dyn_addr, I3C_CCC_EVENT_SIR); @@ -1700,7 +1700,7 @@ static int svc_i3c_master_disable_ibi(struct i3c_dev_desc *dev) struct svc_i3c_master *master = to_svc_i3c_master(m); int ret; - master->enabled_events &= ~SVC_I3C_EVENT_IBI; + master->enabled_events--; if (!master->enabled_events) svc_i3c_master_disable_interrupts(master);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 25bc99be5fe53853053ceeaa328068c49dc1e799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120642-energy-dallying-4098@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 25bc99be5fe53853053ceeaa328068c49dc1e799 Mon Sep 17 00:00:00 2001 From: Frank Li <Frank.Li(a)nxp.com> Date: Fri, 1 Nov 2024 12:50:02 -0400 Subject: [PATCH] i3c: master: svc: Modify enabled_events bit 7:0 to act as IBI enable counter Fix issue where disabling IBI on one device disables the entire IBI interrupt. Modify bit 7:0 of enabled_events to serve as an IBI enable counter, ensuring that the system IBI interrupt is disabled only when all I3C devices have IBI disabled. Cc: stable(a)kernel.org Fixes: 7ff730ca458e ("i3c: master: svc: enable the interrupt in the enable ibi function") Reviewed-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Signed-off-by: Frank Li <Frank.Li(a)nxp.com> Link: https://lore.kernel.org/r/20241101165002.2479794-1-Frank.Li@nxp.com Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com> diff --git a/drivers/i3c/master/svc-i3c-master.c b/drivers/i3c/master/svc-i3c-master.c index c53f2b27662f..c1ee3828e7ee 100644 --- a/drivers/i3c/master/svc-i3c-master.c +++ b/drivers/i3c/master/svc-i3c-master.c @@ -130,8 +130,8 @@ #define SVC_I3C_PPBAUD_MAX 15 #define SVC_I3C_QUICK_I2C_CLK 4170000 -#define SVC_I3C_EVENT_IBI BIT(0) -#define SVC_I3C_EVENT_HOTJOIN BIT(1) +#define SVC_I3C_EVENT_IBI GENMASK(7, 0) +#define SVC_I3C_EVENT_HOTJOIN BIT(31) struct svc_i3c_cmd { u8 addr; @@ -214,7 +214,7 @@ struct svc_i3c_master { spinlock_t lock; } ibi; struct mutex lock; - int enabled_events; + u32 enabled_events; u32 mctrl_config; }; @@ -1688,7 +1688,7 @@ static int svc_i3c_master_enable_ibi(struct i3c_dev_desc *dev) return ret; } - master->enabled_events |= SVC_I3C_EVENT_IBI; + master->enabled_events++; svc_i3c_master_enable_interrupts(master, SVC_I3C_MINT_SLVSTART); return i3c_master_enec_locked(m, dev->info.dyn_addr, I3C_CCC_EVENT_SIR); @@ -1700,7 +1700,7 @@ static int svc_i3c_master_disable_ibi(struct i3c_dev_desc *dev) struct svc_i3c_master *master = to_svc_i3c_master(m); int ret; - master->enabled_events &= ~SVC_I3C_EVENT_IBI; + master->enabled_events--; if (!master->enabled_events) svc_i3c_master_disable_interrupts(master);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120633-sultry-shelve-5d5b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120632-contour-lavish-7e23@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120631-overrun-cradle-8725@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120630-famine-chitchat-db35@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120629-flaccid-viewer-fbf0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to requery extent which cross boundary of inquiry" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 6787a82245857271133b63ae7f72f1dc9f29e985 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120628-crazy-studio-e1dc@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6787a82245857271133b63ae7f72f1dc9f29e985 Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Fri, 8 Nov 2024 09:25:57 +0800 Subject: [PATCH] f2fs: fix to requery extent which cross boundary of inquiry dd if=/dev/zero of=file bs=4k count=5 xfs_io file -c "fiemap -v 2 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 1: [32..39]: 139304..139311 8 0x1001 xfs_io file -c "fiemap -v 0 16384" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..31]: 139272..139303 32 0x1000 xfs_io file -c "fiemap -v 0 16385" file: EXT: FILE-OFFSET BLOCK-RANGE TOTAL FLAGS 0: [0..39]: 139272..139311 40 0x1001 There are two problems: - continuous extent is split to two - FIEMAP_EXTENT_LAST is missing in last extent The root cause is: if upper boundary of inquiry crosses extent, f2fs_map_blocks() will truncate length of returned extent to F2FS_BYTES_TO_BLK(len), and also, it will stop to query latter extent or hole to make sure current extent is last or not. In order to fix this issue, once we found an extent locates in the end of inquiry range by f2fs_map_blocks(), we need to expand inquiry range to requiry. Cc: stable(a)vger.kernel.org Fixes: 7f63eb77af7b ("f2fs: report unwritten area in f2fs_fiemap") Reported-by: Zhiguo Niu <zhiguo.niu(a)unisoc.com> Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index 69f1cb0490ee..ee5614324df0 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1896,7 +1896,7 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, u64 start, u64 len) { struct f2fs_map_blocks map; - sector_t start_blk, last_blk; + sector_t start_blk, last_blk, blk_len, max_len; pgoff_t next_pgofs; u64 logical = 0, phys = 0, size = 0; u32 flags = 0; @@ -1940,14 +1940,13 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, start_blk = F2FS_BYTES_TO_BLK(start); last_blk = F2FS_BYTES_TO_BLK(start + len - 1); - - if (len & F2FS_BLKSIZE_MASK) - len = round_up(len, F2FS_BLKSIZE); + blk_len = last_blk - start_blk + 1; + max_len = F2FS_BYTES_TO_BLK(maxbytes) - start_blk; next: memset(&map, 0, sizeof(map)); map.m_lblk = start_blk; - map.m_len = F2FS_BYTES_TO_BLK(len); + map.m_len = blk_len; map.m_next_pgofs = &next_pgofs; map.m_seg_type = NO_CHECK_TYPE; @@ -1970,6 +1969,17 @@ int f2fs_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, flags |= FIEMAP_EXTENT_LAST; } + /* + * current extent may cross boundary of inquiry, increase len to + * requery. + */ + if (!compr_cluster && (map.m_flags & F2FS_MAP_MAPPED) && + map.m_lblk + map.m_len - 1 == last_blk && + blk_len != max_len) { + blk_len = max_len; + goto next; + } + compr_appended = false; /* In a case of compressed cluster, append this to the last extent */ if (compr_cluster && ((map.m_flags & F2FS_MAP_DELALLOC) ||

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120616-slinging-pope-8f99@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120615-majorette-labored-f822@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120614-amuser-purging-2004@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120613-dating-jawless-e589@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix to drop all discards after creating snapshot on lvm" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bc8aeb04fd80cb8cfae3058445c84410fd0beb5e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120612-helmet-unwed-8cfe@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8aeb04fd80cb8cfae3058445c84410fd0beb5e Mon Sep 17 00:00:00 2001 From: Chao Yu <chao(a)kernel.org> Date: Thu, 21 Nov 2024 22:17:16 +0800 Subject: [PATCH] f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). Cc: stable(a)vger.kernel.org Fixes: 35ec7d574884 ("f2fs: split discard command in prior to block layer") Reported-by: Piergiorgio Sartor <piergiorgio.sartor(a)nexgo.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219484 Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c index 4236040e3994..eade36c5ef13 100644 --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -1290,16 +1290,18 @@ static int __submit_discard_cmd(struct f2fs_sb_info *sbi, wait_list, issued); return 0; } - - /* - * Issue discard for conventional zones only if the device - * supports discard. - */ - if (!bdev_max_discard_sectors(bdev)) - return -EOPNOTSUPP; } #endif + /* + * stop issuing discard for any of below cases: + * 1. device is conventional zone, but it doesn't support discard. + * 2. device is regulare device, after snapshot it doesn't support + * discard. + */ + if (!bdev_max_discard_sectors(bdev)) + return -EOPNOTSUPP; + trace_f2fs_issue_discard(bdev, dc->di.start, dc->di.len); lstart = dc->di.lstart; diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index c0670cd61956..fc7d463dee15 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -1760,6 +1760,18 @@ static int f2fs_freeze(struct super_block *sb) static int f2fs_unfreeze(struct super_block *sb) { + struct f2fs_sb_info *sbi = F2FS_SB(sb); + + /* + * It will update discard_max_bytes of mounted lvm device to zero + * after creating snapshot on this lvm device, let's drop all + * remained discards. + * We don't need to disable real-time discard because discard_max_bytes + * will recover after removal of snapshot. + */ + if (test_opt(sbi, DISCARD) && !f2fs_hw_support_discard(sbi)) + f2fs_issue_discard_timeout(sbi); + clear_sbi_flag(F2FS_SB(sb), SBI_IS_FREEZING); return 0; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slub: Avoid list corruption when removing a slab from the" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x dbc16915279a548a204154368da23d402c141c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120653-zipping-bring-4caf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dbc16915279a548a204154368da23d402c141c81 Mon Sep 17 00:00:00 2001 From: "yuan.gao" <yuan.gao(a)ucloud.cn> Date: Fri, 18 Oct 2024 14:44:35 +0800 Subject: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> Fixes: 643b113849d8 ("slub: enable tracking of full slabs") Suggested-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan.gao <yuan.gao(a)ucloud.cn> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Christoph Lameter <cl(a)linux.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab.h b/mm/slab.h index 298567019485..632fedd71fea 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -73,6 +73,11 @@ struct slab { struct { unsigned inuse:16; unsigned objects:15; + /* + * If slab debugging is enabled then the + * frozen bit can be reused to indicate + * that the slab was corrupted + */ unsigned frozen:1; }; }; diff --git a/mm/slub.c b/mm/slub.c index 4284cbe41d0d..ccbdd7eb37a8 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1409,6 +1409,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) slab->inuse, slab->objects); return 0; } + if (slab->frozen) { + slab_err(s, slab, "Slab disabled since SLUB metadata consistency check failed"); + return 0; + } + /* Slab_pad_check fixes things up after itself */ slab_pad_check(s, slab); return 1; @@ -1589,6 +1594,7 @@ static noinline bool alloc_debug_processing(struct kmem_cache *s, slab_fix(s, "Marking all objects used"); slab->inuse = slab->objects; slab->freelist = NULL; + slab->frozen = 1; /* mark consistency-failed slab as frozen */ } return false; } @@ -2730,7 +2736,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) + remove_partial(n, slab); return NULL; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slub: Avoid list corruption when removing a slab from the" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x dbc16915279a548a204154368da23d402c141c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120652-renter-blank-2dbd@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dbc16915279a548a204154368da23d402c141c81 Mon Sep 17 00:00:00 2001 From: "yuan.gao" <yuan.gao(a)ucloud.cn> Date: Fri, 18 Oct 2024 14:44:35 +0800 Subject: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> Fixes: 643b113849d8 ("slub: enable tracking of full slabs") Suggested-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan.gao <yuan.gao(a)ucloud.cn> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Christoph Lameter <cl(a)linux.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab.h b/mm/slab.h index 298567019485..632fedd71fea 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -73,6 +73,11 @@ struct slab { struct { unsigned inuse:16; unsigned objects:15; + /* + * If slab debugging is enabled then the + * frozen bit can be reused to indicate + * that the slab was corrupted + */ unsigned frozen:1; }; }; diff --git a/mm/slub.c b/mm/slub.c index 4284cbe41d0d..ccbdd7eb37a8 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1409,6 +1409,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) slab->inuse, slab->objects); return 0; } + if (slab->frozen) { + slab_err(s, slab, "Slab disabled since SLUB metadata consistency check failed"); + return 0; + } + /* Slab_pad_check fixes things up after itself */ slab_pad_check(s, slab); return 1; @@ -1589,6 +1594,7 @@ static noinline bool alloc_debug_processing(struct kmem_cache *s, slab_fix(s, "Marking all objects used"); slab->inuse = slab->objects; slab->freelist = NULL; + slab->frozen = 1; /* mark consistency-failed slab as frozen */ } return false; } @@ -2730,7 +2736,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) + remove_partial(n, slab); return NULL; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slub: Avoid list corruption when removing a slab from the" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x dbc16915279a548a204154368da23d402c141c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120650-reps-tadpole-a0bc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dbc16915279a548a204154368da23d402c141c81 Mon Sep 17 00:00:00 2001 From: "yuan.gao" <yuan.gao(a)ucloud.cn> Date: Fri, 18 Oct 2024 14:44:35 +0800 Subject: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> Fixes: 643b113849d8 ("slub: enable tracking of full slabs") Suggested-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan.gao <yuan.gao(a)ucloud.cn> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Christoph Lameter <cl(a)linux.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab.h b/mm/slab.h index 298567019485..632fedd71fea 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -73,6 +73,11 @@ struct slab { struct { unsigned inuse:16; unsigned objects:15; + /* + * If slab debugging is enabled then the + * frozen bit can be reused to indicate + * that the slab was corrupted + */ unsigned frozen:1; }; }; diff --git a/mm/slub.c b/mm/slub.c index 4284cbe41d0d..ccbdd7eb37a8 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1409,6 +1409,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) slab->inuse, slab->objects); return 0; } + if (slab->frozen) { + slab_err(s, slab, "Slab disabled since SLUB metadata consistency check failed"); + return 0; + } + /* Slab_pad_check fixes things up after itself */ slab_pad_check(s, slab); return 1; @@ -1589,6 +1594,7 @@ static noinline bool alloc_debug_processing(struct kmem_cache *s, slab_fix(s, "Marking all objects used"); slab->inuse = slab->objects; slab->freelist = NULL; + slab->frozen = 1; /* mark consistency-failed slab as frozen */ } return false; } @@ -2730,7 +2736,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) + remove_partial(n, slab); return NULL; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slub: Avoid list corruption when removing a slab from the" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x dbc16915279a548a204154368da23d402c141c81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120648-unwound-scavenger-a298@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dbc16915279a548a204154368da23d402c141c81 Mon Sep 17 00:00:00 2001 From: "yuan.gao" <yuan.gao(a)ucloud.cn> Date: Fri, 18 Oct 2024 14:44:35 +0800 Subject: [PATCH] mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> Fixes: 643b113849d8 ("slub: enable tracking of full slabs") Suggested-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: yuan.gao <yuan.gao(a)ucloud.cn> Reviewed-by: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Acked-by: Christoph Lameter <cl(a)linux.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slab.h b/mm/slab.h index 298567019485..632fedd71fea 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -73,6 +73,11 @@ struct slab { struct { unsigned inuse:16; unsigned objects:15; + /* + * If slab debugging is enabled then the + * frozen bit can be reused to indicate + * that the slab was corrupted + */ unsigned frozen:1; }; }; diff --git a/mm/slub.c b/mm/slub.c index 4284cbe41d0d..ccbdd7eb37a8 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -1409,6 +1409,11 @@ static int check_slab(struct kmem_cache *s, struct slab *slab) slab->inuse, slab->objects); return 0; } + if (slab->frozen) { + slab_err(s, slab, "Slab disabled since SLUB metadata consistency check failed"); + return 0; + } + /* Slab_pad_check fixes things up after itself */ slab_pad_check(s, slab); return 1; @@ -1589,6 +1594,7 @@ static noinline bool alloc_debug_processing(struct kmem_cache *s, slab_fix(s, "Marking all objects used"); slab->inuse = slab->objects; slab->freelist = NULL; + slab->frozen = 1; /* mark consistency-failed slab as frozen */ } return false; } @@ -2730,7 +2736,8 @@ static void *alloc_single_from_partial(struct kmem_cache *s, slab->inuse++; if (!alloc_debug_processing(s, slab, object, orig_size)) { - remove_partial(n, slab); + if (folio_test_slab(slab_folio(slab))) + remove_partial(n, slab); return NULL; }

6 months, 2 weeks

1
0
0 0

please revert backport of 44c76825d6eefee9eb7ce06c38e1a6632ac7eb7d

by Kees Cook

Hi stable tree maintainers, Please revert the backports of 44c76825d6ee ("x86: Increase brk randomness entropy for 64-bit systems") namely: 5.4: 03475167fda50b8511ef620a27409b08365882e1 5.10: 25d31baf922c1ee987efd6fcc9c7d4ab539c66b4 5.15: 06cb3463aa58906cfff72877eb7f50cb26e9ca93 6.1: b0cde867b80a5e81fcbc0383e138f5845f2005ee 6.6: 1a45994fb218d93dec48a3a86f68283db61e0936 There seems to be a bad interaction between this change and older PIE-built qemu-user-static (for aarch64) binaries[1]. Investigation continues to see if this will need to be reverted from 6.6, 6.11, and mainline. But for now, it's clearly a problem for older kernels with older qemu. Thanks! -Kees [1] https://lore.kernel.org/all/202411201000.F3313C02@keescook/ -- Kees Cook

6 months, 2 weeks

5
6
0 0

FAILED: patch "[PATCH] driver core: fw_devlink: Stop trying to optimize cycle" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bac3b10b78e54b7da3cede397258f75a2180609b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120659-hasty-crunching-8425@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bac3b10b78e54b7da3cede397258f75a2180609b Mon Sep 17 00:00:00 2001 From: Saravana Kannan <saravanak(a)google.com> Date: Wed, 30 Oct 2024 10:10:07 -0700 Subject: [PATCH] driver core: fw_devlink: Stop trying to optimize cycle detection logic In attempting to optimize fw_devlink runtime, I introduced numerous cycle detection bugs by foregoing cycle detection logic under specific conditions. Each fix has further narrowed the conditions for optimization. It's time to give up on these optimization attempts and just run the cycle detection logic every time fw_devlink tries to create a device link. The specific bug report that triggered this fix involved a supplier fwnode that never gets a device created for it. Instead, the supplier fwnode is represented by the device that corresponds to an ancestor fwnode. In this case, fw_devlink didn't do any cycle detection because the cycle detection logic is only run when a device link is created between the devices that correspond to the actual consumer and supplier fwnodes. With this change, fw_devlink will run cycle detection logic even when creating SYNC_STATE_ONLY proxy device links from a device that is an ancestor of a consumer fwnode. Reported-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Closes: https://lore.kernel.org/all/1a1ab663-d068-40fb-8c94-f0715403d276@ideasonboa… Fixes: 6442d79d880c ("driver core: fw_devlink: Improve detection of overlapping cycles") Cc: stable <stable(a)kernel.org> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Saravana Kannan <saravanak(a)google.com> Link: https://lore.kernel.org/r/20241030171009.1853340-1-saravanak@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/core.c b/drivers/base/core.c index 54b25570a492..633fb4283282 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1989,10 +1989,10 @@ static struct device *fwnode_get_next_parent_dev(const struct fwnode_handle *fwn * * Return true if one or more cycles were found. Otherwise, return false. */ -static bool __fw_devlink_relax_cycles(struct device *con, +static bool __fw_devlink_relax_cycles(struct fwnode_handle *con_handle, struct fwnode_handle *sup_handle) { - struct device *sup_dev = NULL, *par_dev = NULL; + struct device *sup_dev = NULL, *par_dev = NULL, *con_dev = NULL; struct fwnode_link *link; struct device_link *dev_link; bool ret = false; @@ -2009,22 +2009,22 @@ static bool __fw_devlink_relax_cycles(struct device *con, sup_handle->flags |= FWNODE_FLAG_VISITED; - sup_dev = get_dev_from_fwnode(sup_handle); - /* Termination condition. */ - if (sup_dev == con) { + if (sup_handle == con_handle) { pr_debug("----- cycle: start -----\n"); ret = true; goto out; } + sup_dev = get_dev_from_fwnode(sup_handle); + con_dev = get_dev_from_fwnode(con_handle); /* * If sup_dev is bound to a driver and @con hasn't started binding to a * driver, sup_dev can't be a consumer of @con. So, no need to check * further. */ if (sup_dev && sup_dev->links.status == DL_DEV_DRIVER_BOUND && - con->links.status == DL_DEV_NO_DRIVER) { + con_dev && con_dev->links.status == DL_DEV_NO_DRIVER) { ret = false; goto out; } @@ -2033,7 +2033,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, if (link->flags & FWLINK_FLAG_IGNORE) continue; - if (__fw_devlink_relax_cycles(con, link->supplier)) { + if (__fw_devlink_relax_cycles(con_handle, link->supplier)) { __fwnode_link_cycle(link); ret = true; } @@ -2048,7 +2048,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, else par_dev = fwnode_get_next_parent_dev(sup_handle); - if (par_dev && __fw_devlink_relax_cycles(con, par_dev->fwnode)) { + if (par_dev && __fw_devlink_relax_cycles(con_handle, par_dev->fwnode)) { pr_debug("%pfwf: cycle: child of %pfwf\n", sup_handle, par_dev->fwnode); ret = true; @@ -2066,7 +2066,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, !(dev_link->flags & DL_FLAG_CYCLE)) continue; - if (__fw_devlink_relax_cycles(con, + if (__fw_devlink_relax_cycles(con_handle, dev_link->supplier->fwnode)) { pr_debug("%pfwf: cycle: depends on %pfwf\n", sup_handle, dev_link->supplier->fwnode); @@ -2114,11 +2114,6 @@ static int fw_devlink_create_devlink(struct device *con, if (link->flags & FWLINK_FLAG_IGNORE) return 0; - if (con->fwnode == link->consumer) - flags = fw_devlink_get_flags(link->flags); - else - flags = FW_DEVLINK_FLAGS_PERMISSIVE; - /* * In some cases, a device P might also be a supplier to its child node * C. However, this would defer the probe of C until the probe of P @@ -2139,25 +2134,23 @@ static int fw_devlink_create_devlink(struct device *con, return -EINVAL; /* - * SYNC_STATE_ONLY device links don't block probing and supports cycles. - * So, one might expect that cycle detection isn't necessary for them. - * However, if the device link was marked as SYNC_STATE_ONLY because - * it's part of a cycle, then we still need to do cycle detection. This - * is because the consumer and supplier might be part of multiple cycles - * and we need to detect all those cycles. + * Don't try to optimize by not calling the cycle detection logic under + * certain conditions. There's always some corner case that won't get + * detected. */ - if (!device_link_flag_is_sync_state_only(flags) || - flags & DL_FLAG_CYCLE) { - device_links_write_lock(); - if (__fw_devlink_relax_cycles(con, sup_handle)) { - __fwnode_link_cycle(link); - flags = fw_devlink_get_flags(link->flags); - pr_debug("----- cycle: end -----\n"); - dev_info(con, "Fixed dependency cycle(s) with %pfwf\n", - sup_handle); - } - device_links_write_unlock(); + device_links_write_lock(); + if (__fw_devlink_relax_cycles(link->consumer, sup_handle)) { + __fwnode_link_cycle(link); + pr_debug("----- cycle: end -----\n"); + pr_info("%pfwf: Fixed dependency cycle(s) with %pfwf\n", + link->consumer, sup_handle); } + device_links_write_unlock(); + + if (con->fwnode == link->consumer) + flags = fw_devlink_get_flags(link->flags); + else + flags = FW_DEVLINK_FLAGS_PERMISSIVE; if (sup_handle->flags & FWNODE_FLAG_NOT_DEVICE) sup_dev = fwnode_get_next_parent_dev(sup_handle);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] driver core: fw_devlink: Stop trying to optimize cycle" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bac3b10b78e54b7da3cede397258f75a2180609b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120658-pesky-tactile-da5a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bac3b10b78e54b7da3cede397258f75a2180609b Mon Sep 17 00:00:00 2001 From: Saravana Kannan <saravanak(a)google.com> Date: Wed, 30 Oct 2024 10:10:07 -0700 Subject: [PATCH] driver core: fw_devlink: Stop trying to optimize cycle detection logic In attempting to optimize fw_devlink runtime, I introduced numerous cycle detection bugs by foregoing cycle detection logic under specific conditions. Each fix has further narrowed the conditions for optimization. It's time to give up on these optimization attempts and just run the cycle detection logic every time fw_devlink tries to create a device link. The specific bug report that triggered this fix involved a supplier fwnode that never gets a device created for it. Instead, the supplier fwnode is represented by the device that corresponds to an ancestor fwnode. In this case, fw_devlink didn't do any cycle detection because the cycle detection logic is only run when a device link is created between the devices that correspond to the actual consumer and supplier fwnodes. With this change, fw_devlink will run cycle detection logic even when creating SYNC_STATE_ONLY proxy device links from a device that is an ancestor of a consumer fwnode. Reported-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Closes: https://lore.kernel.org/all/1a1ab663-d068-40fb-8c94-f0715403d276@ideasonboa… Fixes: 6442d79d880c ("driver core: fw_devlink: Improve detection of overlapping cycles") Cc: stable <stable(a)kernel.org> Tested-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Signed-off-by: Saravana Kannan <saravanak(a)google.com> Link: https://lore.kernel.org/r/20241030171009.1853340-1-saravanak@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/base/core.c b/drivers/base/core.c index 54b25570a492..633fb4283282 100644 --- a/drivers/base/core.c +++ b/drivers/base/core.c @@ -1989,10 +1989,10 @@ static struct device *fwnode_get_next_parent_dev(const struct fwnode_handle *fwn * * Return true if one or more cycles were found. Otherwise, return false. */ -static bool __fw_devlink_relax_cycles(struct device *con, +static bool __fw_devlink_relax_cycles(struct fwnode_handle *con_handle, struct fwnode_handle *sup_handle) { - struct device *sup_dev = NULL, *par_dev = NULL; + struct device *sup_dev = NULL, *par_dev = NULL, *con_dev = NULL; struct fwnode_link *link; struct device_link *dev_link; bool ret = false; @@ -2009,22 +2009,22 @@ static bool __fw_devlink_relax_cycles(struct device *con, sup_handle->flags |= FWNODE_FLAG_VISITED; - sup_dev = get_dev_from_fwnode(sup_handle); - /* Termination condition. */ - if (sup_dev == con) { + if (sup_handle == con_handle) { pr_debug("----- cycle: start -----\n"); ret = true; goto out; } + sup_dev = get_dev_from_fwnode(sup_handle); + con_dev = get_dev_from_fwnode(con_handle); /* * If sup_dev is bound to a driver and @con hasn't started binding to a * driver, sup_dev can't be a consumer of @con. So, no need to check * further. */ if (sup_dev && sup_dev->links.status == DL_DEV_DRIVER_BOUND && - con->links.status == DL_DEV_NO_DRIVER) { + con_dev && con_dev->links.status == DL_DEV_NO_DRIVER) { ret = false; goto out; } @@ -2033,7 +2033,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, if (link->flags & FWLINK_FLAG_IGNORE) continue; - if (__fw_devlink_relax_cycles(con, link->supplier)) { + if (__fw_devlink_relax_cycles(con_handle, link->supplier)) { __fwnode_link_cycle(link); ret = true; } @@ -2048,7 +2048,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, else par_dev = fwnode_get_next_parent_dev(sup_handle); - if (par_dev && __fw_devlink_relax_cycles(con, par_dev->fwnode)) { + if (par_dev && __fw_devlink_relax_cycles(con_handle, par_dev->fwnode)) { pr_debug("%pfwf: cycle: child of %pfwf\n", sup_handle, par_dev->fwnode); ret = true; @@ -2066,7 +2066,7 @@ static bool __fw_devlink_relax_cycles(struct device *con, !(dev_link->flags & DL_FLAG_CYCLE)) continue; - if (__fw_devlink_relax_cycles(con, + if (__fw_devlink_relax_cycles(con_handle, dev_link->supplier->fwnode)) { pr_debug("%pfwf: cycle: depends on %pfwf\n", sup_handle, dev_link->supplier->fwnode); @@ -2114,11 +2114,6 @@ static int fw_devlink_create_devlink(struct device *con, if (link->flags & FWLINK_FLAG_IGNORE) return 0; - if (con->fwnode == link->consumer) - flags = fw_devlink_get_flags(link->flags); - else - flags = FW_DEVLINK_FLAGS_PERMISSIVE; - /* * In some cases, a device P might also be a supplier to its child node * C. However, this would defer the probe of C until the probe of P @@ -2139,25 +2134,23 @@ static int fw_devlink_create_devlink(struct device *con, return -EINVAL; /* - * SYNC_STATE_ONLY device links don't block probing and supports cycles. - * So, one might expect that cycle detection isn't necessary for them. - * However, if the device link was marked as SYNC_STATE_ONLY because - * it's part of a cycle, then we still need to do cycle detection. This - * is because the consumer and supplier might be part of multiple cycles - * and we need to detect all those cycles. + * Don't try to optimize by not calling the cycle detection logic under + * certain conditions. There's always some corner case that won't get + * detected. */ - if (!device_link_flag_is_sync_state_only(flags) || - flags & DL_FLAG_CYCLE) { - device_links_write_lock(); - if (__fw_devlink_relax_cycles(con, sup_handle)) { - __fwnode_link_cycle(link); - flags = fw_devlink_get_flags(link->flags); - pr_debug("----- cycle: end -----\n"); - dev_info(con, "Fixed dependency cycle(s) with %pfwf\n", - sup_handle); - } - device_links_write_unlock(); + device_links_write_lock(); + if (__fw_devlink_relax_cycles(link->consumer, sup_handle)) { + __fwnode_link_cycle(link); + pr_debug("----- cycle: end -----\n"); + pr_info("%pfwf: Fixed dependency cycle(s) with %pfwf\n", + link->consumer, sup_handle); } + device_links_write_unlock(); + + if (con->fwnode == link->consumer) + flags = fw_devlink_get_flags(link->flags); + else + flags = FW_DEVLINK_FLAGS_PERMISSIVE; if (sup_handle->flags & FWNODE_FLAG_NOT_DEVICE) sup_dev = fwnode_get_next_parent_dev(sup_handle);

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120626-macaroni-copy-e7b8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120625-animation-presuming-50c1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120624-statutory-lustrous-bc12@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120623-aloof-unearned-9578@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] ntp: Remove invalid cast in time offset math" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f5807b0606da7ac7c1b74a386b22134ec7702d05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120623-recharger-elevation-99e1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f5807b0606da7ac7c1b74a386b22134ec7702d05 Mon Sep 17 00:00:00 2001 From: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Date: Mon, 25 Nov 2024 12:16:09 +0000 Subject: [PATCH] ntp: Remove invalid cast in time offset math Due to an unsigned cast, adjtimex() returns the wrong offest when using ADJ_MICRO and the offset is negative. In this case a small negative offset returns approximately 4.29 seconds (~ 2^32/1000 milliseconds) due to the unsigned cast of the negative offset. This cast was added when the kernel internal struct timex was changed to use type long long for the time offset value to address the problem of a 64bit/32bit division on 32bit systems. The correct cast would have been (s32), which is correct as time_offset can only be in the range of [INT_MIN..INT_MAX] because the shift constant used for calculating it is 32. But that's non-obvious. Remove the cast and use div_s64() to cure the issue. [ tglx: Fix white space damage, use div_s64() and amend the change log ] Fixes: ead25417f82e ("timex: use __kernel_timex internally") Signed-off-by: Marcelo Dalmas <marcelo.dalmas(a)ge.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/SJ0P101MB03687BF7D5A10FD3C49C51E5F42E2@SJ0P101M… diff --git a/kernel/time/ntp.c b/kernel/time/ntp.c index b550ebe0f03b..163e7a2033b6 100644 --- a/kernel/time/ntp.c +++ b/kernel/time/ntp.c @@ -798,7 +798,7 @@ int __do_adjtimex(struct __kernel_timex *txc, const struct timespec64 *ts, txc->offset = shift_right(ntpdata->time_offset * NTP_INTERVAL_FREQ, NTP_SCALE_SHIFT); if (!(ntpdata->time_status & STA_NANO)) - txc->offset = (u32)txc->offset / NSEC_PER_USEC; + txc->offset = div_s64(txc->offset, NSEC_PER_USEC); } result = ntpdata->time_state;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] posix-timers: Target group sigqueue to current task only if" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120657-mushiness-fence-cc2c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dffecfba3eddcf67a8f76d80e0c141f93d44a5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 23 Nov 2024 00:48:11 +0100 Subject: [PATCH] posix-timers: Target group sigqueue to current task only if not exiting A sigqueue belonging to a posix timer, which target is not a specific thread but a whole thread group, is preferrably targeted to the current task if it is part of that thread group. However nothing prevents a posix timer event from queueing such a sigqueue from a reaped yet running task. The interruptible code space between exit_notify() and the final call to schedule() is enough for posix_timer_fn() hrtimer to fire. If that happens while the current task is part of the thread group target, it is proposed to handle it but since its sighand pointer may have been cleared already, the sigqueue is dropped even if there are other tasks running within the group that could handle it. As a result posix timers with thread group wide target may miss signals when some of their threads are exiting. Fix this with verifying that the current task hasn't been through exit_notify() before proposing it as a preferred target so as to ensure that its sighand is still here and stable. complete_signal() might still reconsider the choice and find a better target within the group if current has passed retarget_shared_pending() already. Fixes: bcb7ee79029d ("posix-timers: Prefer delivery of signals to the current thread") Reported-by: Anthony Mallet <anthony.mallet(a)laas.fr> Suggested-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Acked-by: Oleg Nesterov <oleg(a)redhat.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20241122234811.60455-1-frederic@kernel.org Closes: https://lore.kernel.org/all/26411.57288.238690.681680@gargle.gargle.HOWL diff --git a/kernel/signal.c b/kernel/signal.c index 98b65cb35830..989b1cc9116a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -1959,14 +1959,15 @@ static void posixtimer_queue_sigqueue(struct sigqueue *q, struct task_struct *t, * * Where type is not PIDTYPE_PID, signals must be delivered to the * process. In this case, prefer to deliver to current if it is in - * the same thread group as the target process, which avoids - * unnecessarily waking up a potentially idle task. + * the same thread group as the target process and its sighand is + * stable, which avoids unnecessarily waking up a potentially idle task. */ static inline struct task_struct *posixtimer_get_target(struct k_itimer *tmr) { struct task_struct *t = pid_task(tmr->it_pid, tmr->it_pid_type); - if (t && tmr->it_pid_type != PIDTYPE_PID && same_thread_group(t, current)) + if (t && tmr->it_pid_type != PIDTYPE_PID && + same_thread_group(t, current) && !current->exit_state) t = current; return t; }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: platform: exynos4-is: Fix an OF node reference leak in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8964eb23408243ae0016d1f8473c76f64ff25d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120612-prone-accent-fb69@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8964eb23408243ae0016d1f8473c76f64ff25d20 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 4 Nov 2024 19:01:19 +0900 Subject: [PATCH] media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available In fimc_md_is_isp_available(), of_get_child_by_name() is called to check if FIMC-IS is available. Current code does not decrement the refcount of the returned device node, which causes an OF node reference leak. Fix it by calling of_node_put() at the end of the variable scope. Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Fixes: e781bbe3fecf ("[media] exynos4-is: Add fimc-is subdevs registration") Cc: stable(a)vger.kernel.org Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> [hverkuil: added CC to stable] diff --git a/drivers/media/platform/samsung/exynos4-is/media-dev.h b/drivers/media/platform/samsung/exynos4-is/media-dev.h index 786264cf79dc..a50e58ab7ef7 100644 --- a/drivers/media/platform/samsung/exynos4-is/media-dev.h +++ b/drivers/media/platform/samsung/exynos4-is/media-dev.h @@ -178,8 +178,9 @@ int fimc_md_set_camclk(struct v4l2_subdev *sd, bool on); #ifdef CONFIG_OF static inline bool fimc_md_is_isp_available(struct device_node *node) { - node = of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); - return node ? of_device_is_available(node) : false; + struct device_node *child __free(device_node) = + of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); + return child ? of_device_is_available(child) : false; } #else #define fimc_md_is_isp_available(node) (false)

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: platform: exynos4-is: Fix an OF node reference leak in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8964eb23408243ae0016d1f8473c76f64ff25d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120625-vanish-sizing-e68e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8964eb23408243ae0016d1f8473c76f64ff25d20 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 4 Nov 2024 19:01:19 +0900 Subject: [PATCH] media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available In fimc_md_is_isp_available(), of_get_child_by_name() is called to check if FIMC-IS is available. Current code does not decrement the refcount of the returned device node, which causes an OF node reference leak. Fix it by calling of_node_put() at the end of the variable scope. Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Fixes: e781bbe3fecf ("[media] exynos4-is: Add fimc-is subdevs registration") Cc: stable(a)vger.kernel.org Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> [hverkuil: added CC to stable] diff --git a/drivers/media/platform/samsung/exynos4-is/media-dev.h b/drivers/media/platform/samsung/exynos4-is/media-dev.h index 786264cf79dc..a50e58ab7ef7 100644 --- a/drivers/media/platform/samsung/exynos4-is/media-dev.h +++ b/drivers/media/platform/samsung/exynos4-is/media-dev.h @@ -178,8 +178,9 @@ int fimc_md_set_camclk(struct v4l2_subdev *sd, bool on); #ifdef CONFIG_OF static inline bool fimc_md_is_isp_available(struct device_node *node) { - node = of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); - return node ? of_device_is_available(node) : false; + struct device_node *child __free(device_node) = + of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); + return child ? of_device_is_available(child) : false; } #else #define fimc_md_is_isp_available(node) (false)

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: platform: exynos4-is: Fix an OF node reference leak in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8964eb23408243ae0016d1f8473c76f64ff25d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120624-skype-wisdom-07d3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8964eb23408243ae0016d1f8473c76f64ff25d20 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 4 Nov 2024 19:01:19 +0900 Subject: [PATCH] media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available In fimc_md_is_isp_available(), of_get_child_by_name() is called to check if FIMC-IS is available. Current code does not decrement the refcount of the returned device node, which causes an OF node reference leak. Fix it by calling of_node_put() at the end of the variable scope. Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Fixes: e781bbe3fecf ("[media] exynos4-is: Add fimc-is subdevs registration") Cc: stable(a)vger.kernel.org Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> [hverkuil: added CC to stable] diff --git a/drivers/media/platform/samsung/exynos4-is/media-dev.h b/drivers/media/platform/samsung/exynos4-is/media-dev.h index 786264cf79dc..a50e58ab7ef7 100644 --- a/drivers/media/platform/samsung/exynos4-is/media-dev.h +++ b/drivers/media/platform/samsung/exynos4-is/media-dev.h @@ -178,8 +178,9 @@ int fimc_md_set_camclk(struct v4l2_subdev *sd, bool on); #ifdef CONFIG_OF static inline bool fimc_md_is_isp_available(struct device_node *node) { - node = of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); - return node ? of_device_is_available(node) : false; + struct device_node *child __free(device_node) = + of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); + return child ? of_device_is_available(child) : false; } #else #define fimc_md_is_isp_available(node) (false)

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: platform: exynos4-is: Fix an OF node reference leak in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8964eb23408243ae0016d1f8473c76f64ff25d20 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120623-refract-altitude-40e5@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8964eb23408243ae0016d1f8473c76f64ff25d20 Mon Sep 17 00:00:00 2001 From: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Date: Mon, 4 Nov 2024 19:01:19 +0900 Subject: [PATCH] media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available In fimc_md_is_isp_available(), of_get_child_by_name() is called to check if FIMC-IS is available. Current code does not decrement the refcount of the returned device node, which causes an OF node reference leak. Fix it by calling of_node_put() at the end of the variable scope. Signed-off-by: Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> Fixes: e781bbe3fecf ("[media] exynos4-is: Add fimc-is subdevs registration") Cc: stable(a)vger.kernel.org Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Hans Verkuil <hverkuil(a)xs4all.nl> [hverkuil: added CC to stable] diff --git a/drivers/media/platform/samsung/exynos4-is/media-dev.h b/drivers/media/platform/samsung/exynos4-is/media-dev.h index 786264cf79dc..a50e58ab7ef7 100644 --- a/drivers/media/platform/samsung/exynos4-is/media-dev.h +++ b/drivers/media/platform/samsung/exynos4-is/media-dev.h @@ -178,8 +178,9 @@ int fimc_md_set_camclk(struct v4l2_subdev *sd, bool on); #ifdef CONFIG_OF static inline bool fimc_md_is_isp_available(struct device_node *node) { - node = of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); - return node ? of_device_is_available(node) : false; + struct device_node *child __free(device_node) = + of_get_child_by_name(node, FIMC_IS_OF_NODE_NAME); + return child ? of_device_is_available(child) : false; } #else #define fimc_md_is_isp_available(node) (false)

6 months, 2 weeks

1
0
0 0

[PATCH v2 0/2] drm/msm/dpu: two fixes targeting 6.11

by Dmitry Baryshkov

Leonard Lausen reported an issue with suspend/resume of the sc7180 devices. Fix the WB atomic check, which caused the issue. Also make sure that DPU debugging logs are always directed to the drm_debug / DRIVER so that usual drm.debug masks work in an expected way. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- Changes in v2: - Reworked the writeback to just drop the connector->status check. - Expanded commit message for the debugging patch. - Link to v1: https://lore.kernel.org/r/20240709-dpu-fix-wb-v1-0-448348bfd4cb@linaro.org --- Dmitry Baryshkov (2): drm/msm/dpu1: don't choke on disabling the writeback connector drm/msm/dpu: don't play tricks with debug macros drivers/gpu/drm/msm/disp/dpu1/dpu_kms.h | 14 ++------------ drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c | 3 --- 2 files changed, 2 insertions(+), 15 deletions(-) --- base-commit: 668d33c9ff922c4590c58754ab064aaf53c387dd change-id: 20240709-dpu-fix-wb-6cd57e3eb182 Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

6 months, 2 weeks

5
19
0 0

[PATCH 4.19 000/138] 4.19.325-rc1 review

by Greg Kroah-Hartman

------------------ Note, this is the LAST 4.19.y kernel to be released. After this one, it is end-of-life. It's been 6 years, everyone should have moved off of it by now. ------------------ This is the start of the stable review cycle for the 4.19.325 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 05 Dec 2024 14:18:57 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.325-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.325-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Propagate TX failures in intentless mode as well Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Muchun Song <songmuchun(a)bytedance.com> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Huacai Chen <chenhuacai(a)loongson.cn> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Bjorn Andersson <quic_bjorande(a)quicinc.com> rpmsg: glink: Fix GLINK command prefix Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Send READ_NOTIFY command in FIFO full case Arun Kumar Neelakantam <aneela(a)codeaurora.org> rpmsg: glink: Add TX_DATA_CONT command while sending Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion weiyufeng <weiyufeng(a)kylinos.cn> PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Alexandru Ardelean <alexandru.ardelean(a)analog.com> clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Alexandru Ardelean <alexandru.ardelean(a)analog.com> dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Thomas Zimmermann <tzimmermann(a)suse.de> fbdev/sh7760fb: Alloc DMA memory from hardware device Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Doug Brown <doug(a)schmorgal.com> drm/etnaviv: fix power register offset on GC300 Marc Kleine-Budde <mkl(a)pengutronix.de> drm/etnaviv: dump: fix sparse warnings Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: consolidate hardware fence handling in etnaviv_gpu Matthias Schiffer <matthias.schiffer(a)tq-group.com> drm: fsl-dcu: enable PIXCLK on LS1021A Thomas Zimmermann <tzimmermann(a)suse.de> drm/fsl-dcu: Convert to Linux IRQ interfaces Thomas Zimmermann <tzimmermann(a)suse.de> drm/fsl-dcu: Set GEM CMA functions with DRM_GEM_CMA_DRIVER_OPS Thomas Zimmermann <tzimmermann(a)suse.de> drm/fsl-dcu: Use GEM CMA object functions Daniel Vetter <daniel.vetter(a)ffwll.ch> drm/fsl-dcu: Drop drm_gem_prime_export/import Noralf Trønnes <noralf(a)tronnes.org> drm/fsl-dcu: Use drm_fbdev_generic_setup() Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gtt: Enable full-ppgtt by default everywhere Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Geert Uytterhoeven <geert(a)linux-m68k.org> m68k: mvme16x: Add and use "mvme16x.h" Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Puranjay Mohan <pjy(a)amazon.com> nvme: fix metadata handling in nvme-passthrough David Wang <00107082(a)163.com> proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Benoît Monin <benoit.monin(a)gmx.fr> net: usb: qmi_wwan: add Quectel RG650V Arnd Bergmann <arnd(a)arndb.de> x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Li Zhijian <lizhijian(a)fujitsu.com> selftests/watchdog-test: Fix system accidentally reset after watchdog-test Ben Greear <greearb(a)candelatech.com> mac80211: fix user-power when emulating chanctx Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Andrew Morton <akpm(a)linux-foundation.org> mm: revert "mm: shmem: fix data-race in shmem_getattr()" Chris Down <chris(a)chrisdown.name> kbuild: Use uname for LINUX_COMPILE_HOST detection Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Aurelien Jarno <aurelien(a)aurel32.net> Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix UBSAN warning in ocfs2_verify_volume() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: uncache inode which has failed entering the group Jakub Kicinski <kuba(a)kernel.org> netlink: terminate outstanding dump on socket close ------------- Diffstat: .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 67 ++++++++ .../devicetree/bindings/clock/axi-clkgen.txt | 25 --- Makefile | 4 +- arch/arm/boot/dts/sun9i-a80-cubieboard4.dts | 4 +- arch/arm64/kernel/process.c | 2 +- arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 9 +- arch/m68k/mvme147/config.c | 30 ++++ arch/m68k/mvme147/mvme147.h | 6 + arch/m68k/mvme16x/config.c | 2 + arch/m68k/mvme16x/mvme16x.h | 6 + arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/lib/sstep.c | 12 +- arch/s390/kernel/syscalls/Makefile | 2 +- arch/sh/kernel/cpu/proc.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 2 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/process.c | 2 +- arch/x86/include/asm/amd_nb.h | 5 +- block/blk-mq.c | 6 + block/blk-mq.h | 13 ++ crypto/pcrypt.c | 12 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/base/regmap/regmap-irq.c | 4 + drivers/clk/clk-axi-clkgen.c | 26 ++- drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/edac/fsl_ddr_edac.c | 22 +-- drivers/firmware/arm_scpi.c | 3 + drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_drv.h | 11 -- drivers/gpu/drm/etnaviv/etnaviv_dump.c | 13 +- drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 48 ++++-- drivers/gpu/drm/etnaviv/etnaviv_gpu.h | 20 ++- drivers/gpu/drm/fsl-dcu/Kconfig | 1 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 170 ++++++++++---------- drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 4 +- drivers/gpu/drm/i915/i915_gem_gtt.c | 10 +- drivers/gpu/drm/imx/ipuv3-crtc.c | 6 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/hid/wacom_wac.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/media/dvb-core/dvbdev.c | 15 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/rt5033.c | 4 +- drivers/misc/apds990x.c | 12 +- drivers/mmc/host/dw_mmc.c | 4 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/wl.c | 9 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/marvell/pxa168_eth.c | 13 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/usb/lan78xx.c | 11 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/nvme/host/core.c | 7 +- drivers/pci/hotplug/cpqphp_pci.c | 19 ++- drivers/pci/slot.c | 4 +- drivers/power/avs/smartreflex.c | 4 +- drivers/power/supply/power_supply_core.c | 2 - drivers/rpmsg/qcom_glink_native.c | 175 ++++++++++++++------- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/qedi/qedi_main.c | 1 + drivers/sh/intc/core.c | 2 +- drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/spi/spi.c | 13 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/tty_ldisc.c | 2 +- drivers/usb/dwc3/gadget.c | 9 +- drivers/usb/gadget/composite.c | 18 ++- drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/misc/chaoskey.c | 35 +++-- drivers/usb/misc/iowarrior.c | 46 ++++-- drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/sh7760fb.c | 11 +- fs/ext4/fsmap.c | 54 ++++++- fs/ext4/mballoc.c | 18 ++- fs/ext4/mballoc.h | 1 + fs/ext4/super.c | 8 +- fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/jffs2/erase.c | 7 +- fs/jfs/xattr.c | 2 +- fs/nfs/nfs4proc.c | 8 +- fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4recover.c | 3 +- fs/nilfs2/btnode.c | 2 - fs/nilfs2/gcinode.c | 4 +- fs/nilfs2/mdt.c | 1 - fs/nilfs2/page.c | 2 +- fs/ocfs2/aops.h | 2 + fs/ocfs2/file.c | 4 + fs/ocfs2/resize.c | 2 + fs/ocfs2/super.c | 13 +- fs/proc/softirqs.c | 2 +- fs/ubifs/super.c | 6 +- include/linux/blkdev.h | 2 +- include/linux/jiffies.h | 2 +- include/linux/netpoll.h | 2 +- init/initramfs.c | 15 ++ kernel/time/time.c | 2 +- kernel/trace/trace_event_perf.c | 6 + lib/string_helpers.c | 2 +- mm/shmem.c | 2 - net/9p/trans_xen.c | 9 +- net/bluetooth/rfcomm/sock.c | 10 +- net/mac80211/main.c | 2 + net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netlink/af_netlink.c | 31 +--- net/netlink/af_netlink.h | 2 - net/rfkill/rfkill-gpio.c | 8 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + scripts/mkcompile_h | 2 +- scripts/mod/file2alias.c | 5 +- security/apparmor/capability.c | 2 + sound/soc/codecs/da7219.c | 9 +- sound/soc/intel/boards/bytcr_rt5640.c | 15 ++ sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 ++- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/quirks.c | 18 ++- sound/usb/usx2y/us122l.c | 5 +- tools/perf/util/probe-finder.c | 17 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + 142 files changed, 998 insertions(+), 528 deletions(-)

6 months, 2 weeks

6
151
0 0

[tip: x86/urgent] x86/kexec: Restore GDT on return from ::preserve_context kexec

by tip-bot2 for David Woodhouse

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 07fa619f2a40c221ea27747a3323cabc59ab25eb Gitweb: https://git.kernel.org/tip/07fa619f2a40c221ea27747a3323cabc59ab25eb Author: David Woodhouse <dwmw(a)amazon.co.uk> AuthorDate: Thu, 05 Dec 2024 15:05:07 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Fri, 06 Dec 2024 10:35:49 +01:00 x86/kexec: Restore GDT on return from ::preserve_context kexec The restore_processor_state() function explicitly states that "the asm code that gets us here will have restored a usable GDT". That wasn't true in the case of returning from a ::preserve_context kexec. Make it so. Without this, the kernel was depending on the called function to reload a GDT which is appropriate for the kernel before returning. Test program: #include <unistd.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <linux/kexec.h> #include <linux/reboot.h> #include <sys/reboot.h> #include <sys/syscall.h> int main (void) { struct kexec_segment segment = {}; unsigned char purgatory[] = { 0x66, 0xba, 0xf8, 0x03, // mov $0x3f8, %dx 0xb0, 0x42, // mov $0x42, %al 0xee, // outb %al, (%dx) 0xc3, // ret }; int ret; segment.buf = &purgatory; segment.bufsz = sizeof(purgatory); segment.mem = (void *)0x400000; segment.memsz = 0x1000; ret = syscall(__NR_kexec_load, 0x400000, 1, &segment, KEXEC_PRESERVE_CONTEXT); if (ret) { perror("kexec_load"); exit(1); } ret = syscall(__NR_reboot, LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_KEXEC); if (ret) { perror("kexec reboot"); exit(1); } printf("Success\n"); return 0; } Signed-off-by: David Woodhouse <dwmw(a)amazon.co.uk> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20241205153343.3275139-2-dwmw2@infradead.org --- arch/x86/kernel/relocate_kernel_64.S | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S index e9e88c3..1236f25 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S @@ -242,6 +242,13 @@ SYM_CODE_START_LOCAL_NOALIGN(virtual_mapped) movq CR0(%r8), %r8 movq %rax, %cr3 movq %r8, %cr0 + +#ifdef CONFIG_KEXEC_JUMP + /* Saved in save_processor_state. */ + movq $saved_context, %rax + lgdt saved_context_gdt_desc(%rax) +#endif + movq %rbp, %rax popf

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120651-ruse-sturdily-f7c5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120650-subpanel-happier-3e30@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120649-alphabet-nuzzle-1b71@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120648-untie-unpack-b9ae@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu: Defer probe of clients after smmu device" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 229e6ee43d2a160a1592b83aad620d6027084aad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120647-germless-tint-19f2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 229e6ee43d2a160a1592b83aad620d6027084aad Mon Sep 17 00:00:00 2001 From: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Date: Fri, 4 Oct 2024 14:34:28 +0530 Subject: [PATCH] iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. Fixes: 021bb8420d44 ("iommu/arm-smmu: Wire up generic configuration support") Cc: stable(a)vger.kernel.org Co-developed-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Prakash Gupta <quic_guptap(a)quicinc.com> Signed-off-by: Pratyush Brahma <quic_pbrahma(a)quicinc.com> Link: https://lore.kernel.org/r/20241004090428.2035-1-quic_pbrahma@quicinc.com [will: Add comment] Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu/arm-smmu.c b/drivers/iommu/arm/arm-smmu/arm-smmu.c index 8321962b3714..14618772a3d6 100644 --- a/drivers/iommu/arm/arm-smmu/arm-smmu.c +++ b/drivers/iommu/arm/arm-smmu/arm-smmu.c @@ -1437,6 +1437,17 @@ static struct iommu_device *arm_smmu_probe_device(struct device *dev) goto out_free; } else { smmu = arm_smmu_get_by_fwnode(fwspec->iommu_fwnode); + + /* + * Defer probe if the relevant SMMU instance hasn't finished + * probing yet. This is a fragile hack and we'd ideally + * avoid this race in the core code. Until that's ironed + * out, however, this is the most pragmatic option on the + * table. + */ + if (!smmu) + return ERR_PTR(dev_err_probe(dev, -EPROBE_DEFER, + "smmu dev has not bound yet\n")); } ret = -EINVAL;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: clear IDLE flag in mark_idle()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d37da422edb0664a2037e6d7d42fe6d339aae78a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120623-unleash-sustainer-86ec@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d37da422edb0664a2037e6d7d42fe6d339aae78a Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Tue, 29 Oct 2024 00:36:15 +0900 Subject: [PATCH] zram: clear IDLE flag in mark_idle() If entry does not fulfill current mark_idle() parameters, e.g. cutoff time, then we should clear its ZRAM_IDLE from previous mark_idle() invocations. Consider the following case: - mark_idle() cutoff time 8h - mark_idle() cutoff time 4h - writeback() idle - will writeback entries with cutoff time 8h, while it should only pick entries with cutoff time 4h The bug was reported by Shin Kawamura. Link: https://lkml.kernel.org/r/20241028153629.1479791-3-senozhatsky@chromium.org Fixes: 755804d16965 ("zram: introduce an aged idle interface") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Shin Kawamura <kawasin(a)google.com> Acked-by: Brian Geffon <bgeffon(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index a16dbffcdca3..cee49bb0126d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -410,6 +410,8 @@ static void mark_idle(struct zram *zram, ktime_t cutoff) #endif if (is_idle) zram_set_flag(zram, index, ZRAM_IDLE); + else + zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); } }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: clear IDLE flag in mark_idle()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d37da422edb0664a2037e6d7d42fe6d339aae78a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-entryway-geologic-5d23@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d37da422edb0664a2037e6d7d42fe6d339aae78a Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Tue, 29 Oct 2024 00:36:15 +0900 Subject: [PATCH] zram: clear IDLE flag in mark_idle() If entry does not fulfill current mark_idle() parameters, e.g. cutoff time, then we should clear its ZRAM_IDLE from previous mark_idle() invocations. Consider the following case: - mark_idle() cutoff time 8h - mark_idle() cutoff time 4h - writeback() idle - will writeback entries with cutoff time 8h, while it should only pick entries with cutoff time 4h The bug was reported by Shin Kawamura. Link: https://lkml.kernel.org/r/20241028153629.1479791-3-senozhatsky@chromium.org Fixes: 755804d16965 ("zram: introduce an aged idle interface") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Shin Kawamura <kawasin(a)google.com> Acked-by: Brian Geffon <bgeffon(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index a16dbffcdca3..cee49bb0126d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -410,6 +410,8 @@ static void mark_idle(struct zram *zram, ktime_t cutoff) #endif if (is_idle) zram_set_flag(zram, index, ZRAM_IDLE); + else + zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); } }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: clear IDLE flag in mark_idle()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d37da422edb0664a2037e6d7d42fe6d339aae78a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-busload-sneeze-5644@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d37da422edb0664a2037e6d7d42fe6d339aae78a Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Tue, 29 Oct 2024 00:36:15 +0900 Subject: [PATCH] zram: clear IDLE flag in mark_idle() If entry does not fulfill current mark_idle() parameters, e.g. cutoff time, then we should clear its ZRAM_IDLE from previous mark_idle() invocations. Consider the following case: - mark_idle() cutoff time 8h - mark_idle() cutoff time 4h - writeback() idle - will writeback entries with cutoff time 8h, while it should only pick entries with cutoff time 4h The bug was reported by Shin Kawamura. Link: https://lkml.kernel.org/r/20241028153629.1479791-3-senozhatsky@chromium.org Fixes: 755804d16965 ("zram: introduce an aged idle interface") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Shin Kawamura <kawasin(a)google.com> Acked-by: Brian Geffon <bgeffon(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index a16dbffcdca3..cee49bb0126d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -410,6 +410,8 @@ static void mark_idle(struct zram *zram, ktime_t cutoff) #endif if (is_idle) zram_set_flag(zram, index, ZRAM_IDLE); + else + zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); } }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] zram: clear IDLE flag in mark_idle()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d37da422edb0664a2037e6d7d42fe6d339aae78a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-diffused-tweezers-95e1@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d37da422edb0664a2037e6d7d42fe6d339aae78a Mon Sep 17 00:00:00 2001 From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Date: Tue, 29 Oct 2024 00:36:15 +0900 Subject: [PATCH] zram: clear IDLE flag in mark_idle() If entry does not fulfill current mark_idle() parameters, e.g. cutoff time, then we should clear its ZRAM_IDLE from previous mark_idle() invocations. Consider the following case: - mark_idle() cutoff time 8h - mark_idle() cutoff time 4h - writeback() idle - will writeback entries with cutoff time 8h, while it should only pick entries with cutoff time 4h The bug was reported by Shin Kawamura. Link: https://lkml.kernel.org/r/20241028153629.1479791-3-senozhatsky@chromium.org Fixes: 755804d16965 ("zram: introduce an aged idle interface") Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Shin Kawamura <kawasin(a)google.com> Acked-by: Brian Geffon <bgeffon(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: <stable(a)vger.kernel.org> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index a16dbffcdca3..cee49bb0126d 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -410,6 +410,8 @@ static void mark_idle(struct zram *zram, ktime_t cutoff) #endif if (is_idle) zram_set_flag(zram, index, ZRAM_IDLE); + else + zram_clear_flag(zram, index, ZRAM_IDLE); zram_slot_unlock(zram, index); } }

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-unpaid-distill-2b85@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120622-primarily-cobalt-84ce@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-bunkhouse-paralyses-d92c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120621-unplanted-data-7c88@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120620-bagel-outsell-7734@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mmc: core: Use GFP_NOIO in ACMD22" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 869d37475788b0044bec1a33335e24abaf5e8884 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120619-protozoan-concept-0f8d@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 869d37475788b0044bec1a33335e24abaf5e8884 Mon Sep 17 00:00:00 2001 From: Avri Altman <avri.altman(a)wdc.com> Date: Mon, 21 Oct 2024 18:32:27 +0300 Subject: [PATCH] mmc: core: Use GFP_NOIO in ACMD22 While reviewing the SDUC series, Adrian made a comment concerning the memory allocation code in mmc_sd_num_wr_blocks() - see [1]. Prevent memory allocations from triggering I/O operations while ACMD22 is in progress. [1] https://lore.kernel.org/linux-mmc/3016fd71-885b-4ef9-97ed-46b4b0cb0e35@inte… Suggested-by: Adrian Hunter <adrian.hunter(a)intel.com> Reviewed-by: Adrian Hunter <adrian.hunter(a)intel.com> Fixes: 051913dada04 ("mmc_block: do not DMA to stack") Signed-off-by: Avri Altman <avri.altman(a)wdc.com> Cc: stable(a)vger.kernel.org Message-ID: <20241021153227.493970-1-avri.altman(a)wdc.com> Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c index 04f3165cf9ae..a813fd7f39cc 100644 --- a/drivers/mmc/core/block.c +++ b/drivers/mmc/core/block.c @@ -995,6 +995,8 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) u32 result; __be32 *blocks; u8 resp_sz = mmc_card_ult_capacity(card) ? 8 : 4; + unsigned int noio_flag; + struct mmc_request mrq = {}; struct mmc_command cmd = {}; struct mmc_data data = {}; @@ -1018,7 +1020,9 @@ static int mmc_sd_num_wr_blocks(struct mmc_card *card, u32 *written_blocks) mrq.cmd = &cmd; mrq.data = &data; + noio_flag = memalloc_noio_save(); blocks = kmalloc(resp_sz, GFP_KERNEL); + memalloc_noio_restore(noio_flag); if (!blocks) return -ENOMEM;

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: phy: dp83869: fix status reporting for 1000base-x" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 378e8feea9a70d37a5dc1678b7ec27df21099fa5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120630-barbed-mutual-faca@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 378e8feea9a70d37a5dc1678b7ec27df21099fa5 Mon Sep 17 00:00:00 2001 From: Romain Gantois <romain.gantois(a)bootlin.com> Date: Tue, 12 Nov 2024 15:06:08 +0100 Subject: [PATCH] net: phy: dp83869: fix status reporting for 1000base-x autonegotiation The DP83869 PHY transceiver supports converting from RGMII to 1000base-x. In this operation mode, autonegotiation can be performed, as described in IEEE802.3. The DP83869 has a set of fiber-specific registers located at offset 0xc00. When the transceiver is configured in RGMII-to-1000base-x mode, these registers are mapped onto offset 0, which should make reading the autonegotiation status transparent. However, the fiber registers at offset 0xc04 and 0xc05 follow the bit layout specified in Clause 37, and genphy_read_status() assumes a Clause 22 layout. Thus, genphy_read_status() doesn't properly read the capabilities advertised by the link partner, resulting in incorrect link parameters. Similarly, genphy_config_aneg() doesn't properly write advertised capabilities. Fix the 1000base-x autonegotiation procedure by replacing genphy_read_status() and genphy_config_aneg() with their Clause 37 equivalents. Fixes: a29de52ba2a1 ("net: dp83869: Add ability to advertise Fiber connection") Cc: stable(a)vger.kernel.org Signed-off-by: Romain Gantois <romain.gantois(a)bootlin.com> Link: https://patch.msgid.link/20241112-dp83869-1000base-x-v3-1-36005f4ab0d9@boot… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/phy/dp83869.c b/drivers/net/phy/dp83869.c index 5f056d7db83e..b6b38caf9c0e 100644 --- a/drivers/net/phy/dp83869.c +++ b/drivers/net/phy/dp83869.c @@ -153,19 +153,32 @@ struct dp83869_private { int mode; }; +static int dp83869_config_aneg(struct phy_device *phydev) +{ + struct dp83869_private *dp83869 = phydev->priv; + + if (dp83869->mode != DP83869_RGMII_1000_BASE) + return genphy_config_aneg(phydev); + + return genphy_c37_config_aneg(phydev); +} + static int dp83869_read_status(struct phy_device *phydev) { struct dp83869_private *dp83869 = phydev->priv; + bool changed; int ret; + if (dp83869->mode == DP83869_RGMII_1000_BASE) + return genphy_c37_read_status(phydev, &changed); + ret = genphy_read_status(phydev); if (ret) return ret; - if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, phydev->supported)) { + if (dp83869->mode == DP83869_RGMII_100_BASE) { if (phydev->link) { - if (dp83869->mode == DP83869_RGMII_100_BASE) - phydev->speed = SPEED_100; + phydev->speed = SPEED_100; } else { phydev->speed = SPEED_UNKNOWN; phydev->duplex = DUPLEX_UNKNOWN; @@ -898,6 +911,7 @@ static int dp83869_phy_reset(struct phy_device *phydev) .soft_reset = dp83869_phy_reset, \ .config_intr = dp83869_config_intr, \ .handle_interrupt = dp83869_handle_interrupt, \ + .config_aneg = dp83869_config_aneg, \ .read_status = dp83869_read_status, \ .get_tunable = dp83869_get_tunable, \ .set_tunable = dp83869_set_tunable, \

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] net: phy: dp83869: fix status reporting for 1000base-x" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 378e8feea9a70d37a5dc1678b7ec27df21099fa5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120629-collage-gratitude-7244@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 378e8feea9a70d37a5dc1678b7ec27df21099fa5 Mon Sep 17 00:00:00 2001 From: Romain Gantois <romain.gantois(a)bootlin.com> Date: Tue, 12 Nov 2024 15:06:08 +0100 Subject: [PATCH] net: phy: dp83869: fix status reporting for 1000base-x autonegotiation The DP83869 PHY transceiver supports converting from RGMII to 1000base-x. In this operation mode, autonegotiation can be performed, as described in IEEE802.3. The DP83869 has a set of fiber-specific registers located at offset 0xc00. When the transceiver is configured in RGMII-to-1000base-x mode, these registers are mapped onto offset 0, which should make reading the autonegotiation status transparent. However, the fiber registers at offset 0xc04 and 0xc05 follow the bit layout specified in Clause 37, and genphy_read_status() assumes a Clause 22 layout. Thus, genphy_read_status() doesn't properly read the capabilities advertised by the link partner, resulting in incorrect link parameters. Similarly, genphy_config_aneg() doesn't properly write advertised capabilities. Fix the 1000base-x autonegotiation procedure by replacing genphy_read_status() and genphy_config_aneg() with their Clause 37 equivalents. Fixes: a29de52ba2a1 ("net: dp83869: Add ability to advertise Fiber connection") Cc: stable(a)vger.kernel.org Signed-off-by: Romain Gantois <romain.gantois(a)bootlin.com> Link: https://patch.msgid.link/20241112-dp83869-1000base-x-v3-1-36005f4ab0d9@boot… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/phy/dp83869.c b/drivers/net/phy/dp83869.c index 5f056d7db83e..b6b38caf9c0e 100644 --- a/drivers/net/phy/dp83869.c +++ b/drivers/net/phy/dp83869.c @@ -153,19 +153,32 @@ struct dp83869_private { int mode; }; +static int dp83869_config_aneg(struct phy_device *phydev) +{ + struct dp83869_private *dp83869 = phydev->priv; + + if (dp83869->mode != DP83869_RGMII_1000_BASE) + return genphy_config_aneg(phydev); + + return genphy_c37_config_aneg(phydev); +} + static int dp83869_read_status(struct phy_device *phydev) { struct dp83869_private *dp83869 = phydev->priv; + bool changed; int ret; + if (dp83869->mode == DP83869_RGMII_1000_BASE) + return genphy_c37_read_status(phydev, &changed); + ret = genphy_read_status(phydev); if (ret) return ret; - if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, phydev->supported)) { + if (dp83869->mode == DP83869_RGMII_100_BASE) { if (phydev->link) { - if (dp83869->mode == DP83869_RGMII_100_BASE) - phydev->speed = SPEED_100; + phydev->speed = SPEED_100; } else { phydev->speed = SPEED_UNKNOWN; phydev->duplex = DUPLEX_UNKNOWN; @@ -898,6 +911,7 @@ static int dp83869_phy_reset(struct phy_device *phydev) .soft_reset = dp83869_phy_reset, \ .config_intr = dp83869_config_intr, \ .handle_interrupt = dp83869_handle_interrupt, \ + .config_aneg = dp83869_config_aneg, \ .read_status = dp83869_read_status, \ .get_tunable = dp83869_get_tunable, \ .set_tunable = dp83869_set_tunable, \

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] media: dvb-core: add missing buffer index check" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x bfe703ac0c9f42fd54ec46416146f46d9502bc8c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120601-unheard-margarine-05ff@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bfe703ac0c9f42fd54ec46416146f46d9502bc8c Mon Sep 17 00:00:00 2001 From: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Date: Tue, 1 Oct 2024 11:01:34 +0200 Subject: [PATCH] media: dvb-core: add missing buffer index check dvb_vb2_expbuf() didn't check if the given buffer index was for a valid buffer. Add this check. Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Reported-by: Chenyuan Yang <chenyuan0y(a)gmail.com> Fixes: 7dc866df4012 ("media: dvb-core: Use vb2_get_buffer() instead of directly access to buffers array") Reviewed-by: Benjamin Gaignard <benjamin.gaignard(a)collabora.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> diff --git a/drivers/media/dvb-core/dvb_vb2.c b/drivers/media/dvb-core/dvb_vb2.c index 192a8230c4aa..29edaaff7a5c 100644 --- a/drivers/media/dvb-core/dvb_vb2.c +++ b/drivers/media/dvb-core/dvb_vb2.c @@ -366,9 +366,15 @@ int dvb_vb2_querybuf(struct dvb_vb2_ctx *ctx, struct dmx_buffer *b) int dvb_vb2_expbuf(struct dvb_vb2_ctx *ctx, struct dmx_exportbuffer *exp) { struct vb2_queue *q = &ctx->vb_q; + struct vb2_buffer *vb2 = vb2_get_buffer(q, exp->index); int ret; - ret = vb2_core_expbuf(&ctx->vb_q, &exp->fd, q->type, q->bufs[exp->index], + if (!vb2) { + dprintk(1, "[%s] invalid buffer index\n", ctx->name); + return -EINVAL; + } + + ret = vb2_core_expbuf(&ctx->vb_q, &exp->fd, q->type, vb2, 0, exp->flags); if (ret) { dprintk(1, "[%s] index=%d errno=%d\n", ctx->name,

6 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] md/raid5: Wait sync io to finish before changing group cnt" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fa1944bbe6220eb929e2c02e5e8706b908565711 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120641-carat-unwired-140a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fa1944bbe6220eb929e2c02e5e8706b908565711 Mon Sep 17 00:00:00 2001 From: Xiao Ni <xni(a)redhat.com> Date: Wed, 6 Nov 2024 17:51:24 +0800 Subject: [PATCH] md/raid5: Wait sync io to finish before changing group cnt One customer reports a bug: raid5 is hung when changing thread cnt while resync is running. The stripes are all in conf->handle_list and new threads can't handle them. Commit b39f35ebe86d ("md: don't quiesce in mddev_suspend()") removes pers->quiesce from mddev_suspend/resume. Before this patch, mddev_suspend needs to wait for all ios including sync io to finish. Now it's used to only wait normal io. Fix this by calling raid5_quiesce from raid5_store_group_thread_cnt directly to wait all sync requests to finish before changing the group cnt. Fixes: b39f35ebe86d ("md: don't quiesce in mddev_suspend()") Cc: stable(a)vger.kernel.org Signed-off-by: Xiao Ni <xni(a)redhat.com> Reviewed-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20241106095124.74577-1-xni@redhat.com Signed-off-by: Song Liu <song(a)kernel.org> diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index f5ac81dd21b2..f09e7677ee9f 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -7176,6 +7176,8 @@ raid5_store_group_thread_cnt(struct mddev *mddev, const char *page, size_t len) err = mddev_suspend_and_lock(mddev); if (err) return err; + raid5_quiesce(mddev, true); + conf = mddev->private; if (!conf) err = -ENODEV; @@ -7197,6 +7199,8 @@ raid5_store_group_thread_cnt(struct mddev *mddev, const char *page, size_t len) kfree(old_groups); } } + + raid5_quiesce(mddev, false); mddev_unlock_and_resume(mddev); return err ?: len;

6 months, 2 weeks

1
0
0 0

[PATCH v3 00/10] drm: Add DSI/DP support for Renesas r8a779h0 V4M and grey-hawk board

by Tomi Valkeinen

Add everything needed to support the DSI output on Renesas r8a779h0 (V4M) SoC, and the DP output (via sn65dsi86 DSI to DP bridge) on the Renesas grey-hawk board. Overall the DSI and the board design is almost identical to Renesas r8a779g0 and white-hawk board. Signed-off-by: Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> --- Changes in v3: - Update "Write DPTSR only if there are more than one crtc" patch to "Write DPTSR only if the second source exists" - Add Laurent's Rb - Link to v2: https://lore.kernel.org/r/20241205-rcar-gh-dsi-v2-0-42471851df86@ideasonboa… Changes in v2: - Add the DT binding with a new conditional block, so that we can set only the port@0 as required - Drop port@1 from r8a779h0.dtsi (there's no port@1) - Add a new patch to write DPTSR only if num_crtcs > 1 - Drop RCAR_DU_FEATURE_NO_DPTSR (not needed anymore) - Add Cc: stable to the fix, and move it as first patch - Added the tags from reviews - Link to v1: https://lore.kernel.org/r/20241203-rcar-gh-dsi-v1-0-738ae1a95d2a@ideasonboa… --- Tomi Valkeinen (10): drm/rcar-du: dsi: Fix PHY lock bit check drm/rcar-du: Write DPTSR only if the second source exists dt-bindings: display: bridge: renesas,dsi-csi2-tx: Add r8a779h0 dt-bindings: display: renesas,du: Add r8a779h0 clk: renesas: r8a779h0: Add display clocks drm/rcar-du: dsi: Add r8a779h0 support drm/rcar-du: Add support for r8a779h0 arm64: dts: renesas: gray-hawk-single: Fix indentation arm64: dts: renesas: r8a779h0: Add display support arm64: dts: renesas: gray-hawk-single: Add DisplayPort support .../display/bridge/renesas,dsi-csi2-tx.yaml | 1 + .../devicetree/bindings/display/renesas,du.yaml | 52 ++++++++- .../boot/dts/renesas/r8a779h0-gray-hawk-single.dts | 119 ++++++++++++++++++--- arch/arm64/boot/dts/renesas/r8a779h0.dtsi | 73 +++++++++++++ drivers/clk/renesas/r8a779h0-cpg-mssr.c | 4 + drivers/gpu/drm/renesas/rcar-du/rcar_du_drv.c | 18 ++++ drivers/gpu/drm/renesas/rcar-du/rcar_du_group.c | 24 +++-- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 4 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 - 9 files changed, 272 insertions(+), 24 deletions(-) --- base-commit: adc218676eef25575469234709c2d87185ca223a change-id: 20241008-rcar-gh-dsi-9c01f5deeac8 Best regards, -- Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>

6 months, 2 weeks

1
1
0 0

[PATCH 6.11 v4 0/3] Fix PPS channel routing

by Csókás, Bence

On certain i.MX8 series parts [1], the PPS channel 0 is routed internally to eDMA, and the external PPS pin is available on channel 1. In addition, on certain boards, the PPS may be wired on the PCB to an EVENTOUTn pin other than 0. On these systems it is necessary that the PPS channel be able to be configured from the Device Tree. [1] https://lore.kernel.org/all/ZrPYOWA3FESx197L@lizhi-Precision-Tower-5810/ Changes in v2: * add upstream hash (pick -x) Changes in v3: * Add S-o-b despite Sasha's complaining bot Changes in v4: * Remove blank line in S-o-b area Francesco Dolcini (3): dt-bindings: net: fec: add pps channel property net: fec: refactor PPS channel configuration net: fec: make PPS channel configurable Documentation/devicetree/bindings/net/fsl,fec.yaml | 7 +++++++ drivers/net/ethernet/freescale/fec_ptp.c | 11 ++++++----- 2 files changed, 13 insertions(+), 5 deletions(-) -- 2.34.1

6 months, 2 weeks

3
7
0 0

[PATCH 4.19] Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()"

by Zhang Zekun

This reverts commit 673bdb4200c092692f83b5f7ba3df57021d52d29. The origin mainline patch fix a buffer overflow issue in amdgpu_debugfs_gprwave_read(), but it has not been introduced in kernel 6.1 and older kernels. This patch add a check in a wrong function in the same file. Signed-off-by: Zhang Zekun <zhangzekun11(a)huawei.com> --- drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c index 4776196b2021..98bd8a23e5b0 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c @@ -394,7 +394,7 @@ static ssize_t amdgpu_debugfs_regs_smc_read(struct file *f, char __user *buf, if (!adev->smc_rreg) return -EOPNOTSUPP; - if (size > 4096 || size & 0x3 || *pos & 0x3) + if (size & 0x3 || *pos & 0x3) return -EINVAL; while (size) { -- 2.17.1

6 months, 2 weeks

3
2
0 0

FAILED: patch "[PATCH] perf/x86/intel/pt: Fix buffer full but size is 0 case" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 5b590160d2cf776b304eb054afafea2bd55e3620 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024120221-raft-bully-e091@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5b590160d2cf776b304eb054afafea2bd55e3620 Mon Sep 17 00:00:00 2001 From: Adrian Hunter <adrian.hunter(a)intel.com> Date: Tue, 22 Oct 2024 18:59:07 +0300 Subject: [PATCH] perf/x86/intel/pt: Fix buffer full but size is 0 case If the trace data buffer becomes full, a truncated flag [T] is reported in PERF_RECORD_AUX. In some cases, the size reported is 0, even though data must have been added to make the buffer full. That happens when the buffer fills up from empty to full before the Intel PT driver has updated the buffer position. Then the driver calculates the new buffer position before calculating the data size. If the old and new positions are the same, the data size is reported as 0, even though it is really the whole buffer size. Fix by detecting when the buffer position is wrapped, and adjust the data size calculation accordingly. Example Use a very small buffer size (8K) and observe the size of truncated [T] data. Before the fix, it is possible to see records of 0 size. Before: $ perf record -m,8K -e intel_pt// uname Linux [ perf record: Woken up 2 times to write data ] [ perf record: Captured and wrote 0.105 MB perf.data ] $ perf script -D --no-itrace | grep AUX | grep -F '[T]' Warning: AUX data lost 2 times out of 3! 5 19462712368111 0x19710 [0x40]: PERF_RECORD_AUX offset: 0 size: 0 flags: 0x1 [T] 5 19462712700046 0x19ba8 [0x40]: PERF_RECORD_AUX offset: 0x170 size: 0xe90 flags: 0x1 [T] After: $ perf record -m,8K -e intel_pt// uname Linux [ perf record: Woken up 3 times to write data ] [ perf record: Captured and wrote 0.040 MB perf.data ] $ perf script -D --no-itrace | grep AUX | grep -F '[T]' Warning: AUX data lost 2 times out of 3! 1 113720802995 0x4948 [0x40]: PERF_RECORD_AUX offset: 0 size: 0x2000 flags: 0x1 [T] 1 113720979812 0x6b10 [0x40]: PERF_RECORD_AUX offset: 0x2000 size: 0x2000 flags: 0x1 [T] Fixes: 52ca9ced3f70 ("perf/x86/intel/pt: Add Intel PT PMU driver") Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20241022155920.17511-2-adrian.hunter@intel.com diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c index fd4670a6694e..a087bc0c5498 100644 --- a/arch/x86/events/intel/pt.c +++ b/arch/x86/events/intel/pt.c @@ -828,11 +828,13 @@ static void pt_buffer_advance(struct pt_buffer *buf) buf->cur_idx++; if (buf->cur_idx == buf->cur->last) { - if (buf->cur == buf->last) + if (buf->cur == buf->last) { buf->cur = buf->first; - else + buf->wrapped = true; + } else { buf->cur = list_entry(buf->cur->list.next, struct topa, list); + } buf->cur_idx = 0; } } @@ -846,8 +848,11 @@ static void pt_buffer_advance(struct pt_buffer *buf) static void pt_update_head(struct pt *pt) { struct pt_buffer *buf = perf_get_aux(&pt->handle); + bool wrapped = buf->wrapped; u64 topa_idx, base, old; + buf->wrapped = false; + if (buf->single) { local_set(&buf->data_size, buf->output_off); return; @@ -865,7 +870,7 @@ static void pt_update_head(struct pt *pt) } else { old = (local64_xchg(&buf->head, base) & ((buf->nr_pages << PAGE_SHIFT) - 1)); - if (base < old) + if (base < old || (base == old && wrapped)) base += buf->nr_pages << PAGE_SHIFT; local_add(base - old, &buf->data_size); diff --git a/arch/x86/events/intel/pt.h b/arch/x86/events/intel/pt.h index f5e46c04c145..a1b6c04b7f68 100644 --- a/arch/x86/events/intel/pt.h +++ b/arch/x86/events/intel/pt.h @@ -65,6 +65,7 @@ struct pt_pmu { * @head: logical write offset inside the buffer * @snapshot: if this is for a snapshot/overwrite counter * @single: use Single Range Output instead of ToPA + * @wrapped: buffer advance wrapped back to the first topa table * @stop_pos: STOP topa entry index * @intr_pos: INT topa entry index * @stop_te: STOP topa entry pointer @@ -82,6 +83,7 @@ struct pt_buffer { local64_t head; bool snapshot; bool single; + bool wrapped; long stop_pos, intr_pos; struct topa_entry *stop_te, *intr_te; void **data_pages;

6 months, 2 weeks

4
3
0 0

[PATCH 4.19.y 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*

by Jing Zhang

commit 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022 upstream. In all the vgic_its_save_*() functinos, they do not check whether the data length is 8 bytes before calling vgic_write_guest_lock. This patch adds the check. To prevent the kernel from being blown up when the fault occurs, KVM_BUG_ON() is used. And the other BUG_ON()s are replaced together. Cc: stable(a)vger.kernel.org Signed-off-by: Kunkun Jiang <jiangkunkun(a)huawei.com> [Jing: Update with the new entry read/write helpers] Signed-off-by: Jing Zhang <jingzhangos(a)google.com> Link: https://lore.kernel.org/r/20241107214137.428439-4-jingzhangos@google.com Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- virt/kvm/arm/vgic/vgic-its.c | 20 ++++++++------------ virt/kvm/arm/vgic/vgic.h | 24 ++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index 2fb26bd3106e..7fcf903fa5b0 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -1949,7 +1949,6 @@ static int scan_its_table(struct vgic_its *its, gpa_t base, int size, u32 esz, static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, struct its_ite *ite, gpa_t gpa, int ite_esz) { - struct kvm *kvm = its->dev->kvm; u32 next_offset; u64 val; @@ -1958,7 +1957,8 @@ static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, ((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) | ite->collection->collection_id; val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, gpa, &val, ite_esz); + + return vgic_its_write_entry_lock(its, gpa, val, ite_esz); } /** @@ -2094,7 +2094,6 @@ static int vgic_its_restore_itt(struct vgic_its *its, struct its_device *dev) static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, gpa_t ptr, int dte_esz) { - struct kvm *kvm = its->dev->kvm; u64 val, itt_addr_field; u32 next_offset; @@ -2105,7 +2104,8 @@ static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, (itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) | (dev->num_eventid_bits - 1)); val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, ptr, &val, dte_esz); + + return vgic_its_write_entry_lock(its, ptr, val, dte_esz); } /** @@ -2285,7 +2285,8 @@ static int vgic_its_save_cte(struct vgic_its *its, ((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) | collection->collection_id); val = cpu_to_le64(val); - return kvm_write_guest_lock(its->dev->kvm, gpa, &val, esz); + + return vgic_its_write_entry_lock(its, gpa, val, esz); } static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) @@ -2296,8 +2297,7 @@ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) u64 val; int ret; - BUG_ON(esz > sizeof(val)); - ret = kvm_read_guest_lock(kvm, gpa, &val, esz); + ret = vgic_its_read_entry_lock(its, gpa, &val, esz); if (ret) return ret; val = le64_to_cpu(val); @@ -2331,7 +2331,6 @@ static int vgic_its_save_collection_table(struct vgic_its *its) u64 baser = its->baser_coll_table; gpa_t gpa = BASER_ADDRESS(baser); struct its_collection *collection; - u64 val; size_t max_size, filled = 0; int ret, cte_esz = abi->cte_esz; @@ -2355,10 +2354,7 @@ static int vgic_its_save_collection_table(struct vgic_its *its) * table is not fully filled, add a last dummy element * with valid bit unset */ - val = 0; - BUG_ON(cte_esz > sizeof(val)); - ret = kvm_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz); - return ret; + return vgic_its_write_entry_lock(its, gpa, 0, cte_esz); } /** diff --git a/virt/kvm/arm/vgic/vgic.h b/virt/kvm/arm/vgic/vgic.h index d5e454279925..e5a307dab61e 100644 --- a/virt/kvm/arm/vgic/vgic.h +++ b/virt/kvm/arm/vgic/vgic.h @@ -17,6 +17,7 @@ #define __KVM_ARM_VGIC_NEW_H__ #include <linux/irqchip/arm-gic-common.h> +#include <asm/kvm_mmu.h> #define PRODUCT_ID_KVM 0x4b /* ASCII code K */ #define IMPLEMENTER_ARM 0x43b @@ -137,6 +138,29 @@ static inline bool vgic_irq_is_multi_sgi(struct vgic_irq *irq) return vgic_irq_get_lr_count(irq) > 1; } +static inline int vgic_its_read_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 *eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(*eval), kvm)) + return -EINVAL; + + return kvm_read_guest_lock(kvm, eaddr, eval, esize); + +} + +static inline int vgic_its_write_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(eval), kvm)) + return -EINVAL; + + return kvm_write_guest_lock(kvm, eaddr, &eval, esize); +} + /* * This struct provides an intermediate representation of the fields contained * in the GICH_VMCR and ICH_VMCR registers, such that code exporting the GIC base-commit: 708f578f2a8f702d2f2a0ef5e6eac28e08206e03 -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

4
7
0 0

[PATCH 6.12 000/826] 6.12.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.2 release. There are 826 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 05 Dec 2024 14:45:11 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.2-rc1 Ming Lei <ming.lei(a)redhat.com> block: don't verify IO lock for freeze/unfreeze in elevator_init_mq() Ming Lei <ming.lei(a)redhat.com> block: always verify unfreeze lock on the owner task Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Fix child's argument forwarding Zhang Rui <rui.zhang(a)intel.com> tools/power turbostat: Fix trailing '\n' parsing Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Zhang Xianwei <zhang.xianwei8(a)zte.com.cn> brd: decrease the number of allocated pages which discarded Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix bfqq uaf in bfq_limit_depth() Benjamin Coddington <bcodding(a)redhat.com> nfs/blocklayout: Limit repeat device registration on failure Benjamin Coddington <bcodding(a)redhat.com> nfs/blocklayout: Don't attempt unregister for invalid block device Liu Jian <liujian56(a)huawei.com> sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT Liu Jian <liujian56(a)huawei.com> sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when mounting nfs Dan Carpenter <dan.carpenter(a)linaro.org> cifs: unlock on error in smb3_reconfigure() Shyam Prasad N <sprasad(a)microsoft.com> cifs: during remount, make sure passwords are in sync Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() John Garry <john.g.garry(a)oracle.com> block: Don't allow an atomic write be truncated in blkdev_write_iter() Paul Aurich <paul(a)darkrain42.org> smb: Initialize cfid->tcon before performing network ops Matt Fleming <mfleming(a)cloudflare.com> kbuild: deb-pkg: Don't fail if modules.order is missing Masahiro Yamada <masahiroy(a)kernel.org> Rename .data.once to .data..once to fix resetting WARN*_ONCE Masahiro Yamada <masahiroy(a)kernel.org> Rename .data.unlikely to .data..unlikely Maxime Chevallier <maxime.chevallier(a)bootlin.com> rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Pali Rohár <pali(a)kernel.org> cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Pali Rohár <pali(a)kernel.org> cifs: Fix parsing native symlinks relative to the export Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/Documentation: Update algo in init_size description of boot protocol Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: disable directory caching when dir_cache_timeout is zero Namhyung Kim <namhyung(a)kernel.org> perf/arm-cmn: Ensure port and device id bits are set properly Chun-Tse Shao <ctshao(a)google.com> perf/arm-smmuv3: Fix lockdep assert in ->event_init() Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Nilay Shroff <nilay(a)linux.ibm.com> nvme-fabrics: fix kernel crash while shutting down controller Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Yu Kuai <yukuai3(a)huawei.com> block: fix uaf for flush rq while iterating tags Ming Lei <ming.lei(a)redhat.com> block: model freeze & enter queue as lock for supporting lockdep Ming Lei <ming.lei(a)redhat.com> blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs Breno Leitao <leitao(a)debian.org> nvme/multipath: Fix RCU list traversal to use SRCU primitive Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: don't reuse partially completed requests in nfs_lock_and_join_requests" Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: rzn1: fix BCD to rtc_time conversion errors Mirsad Todorovac <mtodorovac69(a)gmail.com> net/9p/usbg: fix handling of the failed kzalloc() memory allocation ZhangPeng <zhangpeng362(a)huawei.com> hostfs: Fix the NULL vs IS_ERR() bug for __filemap_get_folio() Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Waqar Hameed <waqar.hameed(a)axis.com> ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> rtc: abx80x: Fix WDT bit position of the status register Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() NeilBrown <neilb(a)suse.de> nfs/localio: must clear res.replen in nfs_local_read_done Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Always dump trace for specified task in show_stack Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Initialize ubd's disk pointer in ubd_add Christoph Hellwig <hch(a)lst.de> kfifo: don't include dma-mapping.h in kfifo.h Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix potential integer overflow during physmem setup Yang Erkun <yangerkun(a)huawei.com> SUNRPC: make sure cache entry active before cache_show Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Yuan Can <yuancan(a)huawei.com> Input: cs40l50 - fix wrong usage of INIT_WORK() Ma Wupeng <mawupeng1(a)huawei.com> ipc: fix memleak if msg_init_ns failed in create_ipc_ns Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on node blkaddr in truncate_node() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Ming Lei <ming.lei(a)redhat.com> ublk: fix error code for unsupported command Javier Carrasco <javier.carrasco.cruz(a)gmail.com> counter: stm32-timer-cnt: fix device_node handling in probe_encoder() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix looping of queued SG entries Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic Hubert Wiśniewski <hubert.wisniewski.25632(a)gmail.com> usb: musb: Fix hardware lockup on first Rx endpoint request Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> usb: misc: ljca: move usb_autopm_put_interface() after wait for response Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> usb: misc: ljca: set small runtime autosuspend delay Paul Aurich <paul(a)darkrain42.org> smb: During unmount, ensure all cached dir instances drop their dentry Paul Aurich <paul(a)darkrain42.org> smb: prevent use-after-free due to open_cached_dir error paths Paul Aurich <paul(a)darkrain42.org> smb: Don't leak cfid when reconnect races with open_cached_dir Paulo Alcantara <pc(a)manguebit.com> smb: client: handle max length for SMB symlinks Steve French <stfrench(a)microsoft.com> smb3: request handle caching when caching directories Paulo Alcantara <pc(a)manguebit.com> smb: client: fix use-after-free of signing key Ralph Boehme <slow(a)samba.org> fs/smb/client: implement chmod() for SMB3 POSIX Extensions Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Apply quirk for Medion E15433 Dirk Su <dirk.su(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i Dinesh Kumar <desikumar81(a)gmail.com> ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC225 depop procedure Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Add sanity NULL check for the default mmap fault handler Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix evaluation of MIDI 1.0 FB info Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix kvfree() call in spinlock Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Flush patch buffer mapping after application Borislav Petkov (AMD) <bp(a)alien8.de> x86/mm: Carve out INVLPG inline asm for use by others Hans Verkuil <hverkuil(a)xs4all.nl> media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure Joe Damato <jdamato(a)fastly.com> netdev-genl: Hold rcu_read_lock in napi_get Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: do not handle interrupts when device is disabled Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Peter Große <pegro(a)friiks.de> i40e: Fix handling changed priv flags Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Ziwei Xiao <ziweixiao(a)google.com> gve: Flow steering trigger reset only for timeout error Bart Van Assche <bvanassche(a)acm.org> blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Muchun Song <muchun.song(a)linux.dev> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Muchun Song <muchun.song(a)linux.dev> block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding Muchun Song <muchun.song(a)linux.dev> block: fix missing dispatching request when queue is started or unquiesced Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Ming Lei <ming.lei(a)redhat.com> ublk: fix ublk_ch_mmap() for 64K page size Zicheng Qu <quzicheng(a)huawei.com> iio: gts: Fix uninitialized symbol 'ret' Huacai Chen <chenhuacai(a)kernel.org> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Damien Le Moal <dlemoal(a)kernel.org> block: Prevent potential deadlock in blk_revalidate_disk_zones() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode() Zach Wade <zachwade.k(a)gmail.com> Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()" Arnd Bergmann <arnd(a)arndb.de> serial: amba-pl011: fix build regression Kartik Rajput <kkartik(a)nvidia.com> serial: amba-pl011: Fix RX stall when DMA is used Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Filip Brozovic <fbrozovic(a)gmail.com> serial: 8250_fintek: Add support for F81216E Michal Simek <michal.simek(a)amd.com> dt-bindings: serial: rs485: Fix rs485-rts-delay property Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> x86/CPU/AMD: Terminate the erratum_1386_microcode array Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain Javier Carrasco <javier.carrasco.cruz(a)gmail.com> platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL ptr deref in crypto_aead_setkey() Yunseong Kim <yskelg(a)gmail.com> ksmbd: fix use-after-free in SMB request handling Jesse Taube <jesse(a)rivosinc.com> RISC-V: Check scalar unaligned access on all CPUs Jesse Taube <jesse(a)rivosinc.com> RISC-V: Scalar unaligned access emulated on hotplug CPUs Josh Poimboeuf <jpoimboe(a)kernel.org> parisc/ftrace: Fix function graph tracing disablement Meetakshi Setiya <msetiya(a)microsoft.com> cifs: support mounting with alternate password to allow password rotation Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() Cheng Ming Lin <chengminglin(a)mxic.com.tw> mtd: spi-nor: core: replace dummy buswidth from addr to data Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Sai Kumar Cholleti <skmr537(a)gmail.com> gpio: exar: set value when external pull-up or pull-down is present Mikulas Patocka <mpatocka(a)redhat.com> blk-settings: round down io_opt to physical_block_size Pavel Begunkov <asml.silence(a)gmail.com> io_uring: check for overflows in io_pin_pages Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix corner case forgetting to vunmap Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Jaegeuk Kim <jaegeuk(a)kernel.org> Revert "f2fs: remove unreachable lazytime mount option parsing" Christian Brauner <brauner(a)kernel.org> Revert "fs: don't block i_writecount during exec" Javier Carrasco <javier.carrasco.cruz(a)gmail.com> wifi: brcmfmac: release 'root' node in all execution paths Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> wifi: ath12k: fix crash when unbinding Aleksei Vetrov <vvvvvv(a)google.com> wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan Guilherme G. Piccoli <gpiccoli(a)igalia.com> wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> wifi: ath12k: fix warning when unbinding Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: omap36xx: declare 1GHz OPP as turbo again Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid queuing redundant Stop Endpoint commands Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix TD invalidation under pending Set TR Dequeue Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Limit Stop Endpoint retries Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Don't issue Reset Device command to Etron xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Don't perform Soft Retry for Etron xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Combine two if statements for Etron xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Fix control transfer error on Etron xHCI host Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix out-of-bounds access of directory entries Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix uninit-value in __exfat_get_dentry_set Angelo Dureghello <adureghello(a)baylibre.com> dt-bindings: iio: dac: ad3552r: fix maximum spi speed Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks Johan Hovold <johan+linaro(a)kernel.org> pinctrl: qcom: spmi: fix debugfs drive strength Christian Brauner <brauner(a)kernel.org> fcntl: make F_DUPFD_QUERY associative Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/nolibc: s390: include std.h Ahmed Ehab <bottaawesome633(a)gmail.com> locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: fix wrong register bitfield Jinjie Ruan <ruanjinjie(a)huawei.com> apparmor: test: Fix memory leak for aa_unpack_strdup() Jann Horn <jannh(a)google.com> comedi: Flush partial mappings in error case Jann Horn <jannh(a)google.com> fsnotify: Fix ordering of iput() and watched_objects decrement Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix sending inotify event with unexpected filename Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Explicitly specify code model in Makefile Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Jan Hendrik Farr <kernel(a)jfarr.cc> Compiler Attributes: disable __counted_by for clang < 19.1.3 Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang <jingzhangos(a)google.com> KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Get rid of userspace_irqchip_in_use Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Don't retire aborted MMIO instruction Sean Christopherson <seanjc(a)google.com> Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()" Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Gautam Menghani <gautam(a)linux.ibm.com> powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Sean Christopherson <seanjc(a)google.com> KVM: x86: Break CONFIG_KVM_X86's direct dependency on KVM_INTEL || KVM_AMD Arnd Bergmann <arnd(a)arndb.de> KVM: x86: add back X86_LOCAL_APIC dependency Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: switch hugepage recovery thread to vhost_task Eric Biggers <ebiggers(a)google.com> crypto: x86/aegis128 - access 32-bit arguments as 32-bit Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix buffer full but size is 0 case Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: da7213: Populate max_register to regmap_config Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Ilya Zverev <ilya(a)zverev.info> ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> docs: media: update location of the media patches Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> MAINTAINERS: update location of media main tree Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Darrick J. Wong <djwong(a)kernel.org> xfs: fix simplify extent lookup in xfs_can_free_eofblocks Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> usb: typec: ucsi: glink: fix off-by-one in connector_status Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix out of bounds reads when finding clock sources Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Qiu-ji Chen <chenqiuji666(a)gmail.com> xen: Fix the issue of resource not being properly released in xenbus_dev_probe() Jakub Kicinski <kuba(a)kernel.org> net_sched: sch_fq: don't follow the fast path if Tx is behind now Xiuhong Wang <xiuhong.wang(a)unisoc.com> f2fs: fix fiemap failure issue when page size is 16KB Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix potential double remove of hotplug slot Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry Zichen Xie <zichenxie0106(a)gmail.com> ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/ufence: Wake up waiters after setting ufence->signalled Charles Han <hanchunchao(a)inspur.com> ASoC: imx-audmix: Add NULL check in imx_audmix_probe Zicheng Qu <quzicheng(a)huawei.com> drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp Zicheng Qu <quzicheng(a)huawei.com> drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe Steven 'Steve' Kendall <skend(a)chromium.org> drm/radeon: Fix spurious unplug event on radeon HDMI Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC256 depop procedure Gaosheng Cui <cuigaosheng1(a)huawei.com> firmware_loader: Fix possible resource leak in fw_log_firmware_info() Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: fix potential array underflow in ucsi_ccg_sync_control() Carl Vanderlip <quic_carlv(a)quicinc.com> bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: ti-ecap-capture: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: stm32-timer-cnt: Add check for clk_enable() Charles Han <hanchunchao(a)inspur.com> phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe Charles Han <hanchunchao(a)inspur.com> phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: accel: adxl380: fix raw sample read Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: adc: pac1921: Check for error code from devm_mutex_init() call Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: adc: ad4000: Check for error code from devm_mutex_init() call David Lechner <dlechner(a)baylibre.com> iio: adc: ad4000: fix reading unsigned data Yang Yingliang <yangyingliang(a)huawei.com> iio: backend: fix wrong pointer passed to IS_ERR() Raviteja Laggyshetty <quic_rlaggysh(a)quicinc.com> interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: wake pump everytime we update the free list Keita Morisaki <keyz(a)google.com> devres: Fix page faults when tracing devres from unloaded modules Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Oliver Neukum <oneukum(a)suse.com> usb: yurex: make waiting on yurex_write interruptible Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: light: al3010: Fix an error handling path in al3010_probe() Paolo Abeni <pabeni(a)redhat.com> ipmr: fix tables suspicious RCU usage Paolo Abeni <pabeni(a)redhat.com> ip6mr: fix tables suspicious RCU usage Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix use-after-free of nreq in reqsk_timer_handler(). Michal Luczaj <mhal(a)rbox.co> rxrpc: Improve setsockopt() handling of malformed user input Michal Luczaj <mhal(a)rbox.co> llc: Improve setsockopt() handling of malformed user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible deadlocks Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Unregister PTP during PCI shutdown and suspend Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Refactor bnxt_ptp_init() Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix receive ring space parameters when XDP is active Somnath Kotur <somnath.kotur(a)broadcom.com> bnxt_en: Fix queue start to update vnic RSS table Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Set backplane link modes correctly for ethtool Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Eric Dumazet <edumazet(a)google.com> net: hsr: fix hsr_init_sk() vs network/transport headers. Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Fix register name in verbose logging function Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Quiesce traffic before NIX block reset Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: fix stale FCFEC counters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: fix stale RSFEC counters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: Fix low network performance Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: Fix mismatch in lmac type Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Rosen Penev <rosenp(a)gmail.com> net: mdio-ipq4019: add missing error check Hangbin Liu <liuhangbin(a)gmail.com> net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Justin Lai <justinlai0215(a)realtek.com> rtase: Corrects error handling of the rtase_check_mac_version_valid() Justin Lai <justinlai0215(a)realtek.com> rtase: Correct the speed for RTL907XD-V1 Justin Lai <justinlai0215(a)realtek.com> rtase: Refactor the rtase_check_mac_version_valid() function Sidraya Jayagond <sidraya(a)linux.ibm.com> s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() James Chapman <jchapman(a)katalix.com> net/l2tp: fix warning in l2tp_exit_net found by syzbot Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix file being changed by unaligned direct write Jakub Kicinski <kuba(a)kernel.org> netlink: fix false positive warning in extack during dumps Guenter Roeck <linux(a)roeck-us.net> net: microchip: vcap: Add typegroup table terminators in kunit tests Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix double free issue with interrupt buffer allocation Arnd Bergmann <arnd(a)arndb.de> power: reset: ep93xx: add AUXILIARY_BUS dependency Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Equivalent transition from page to folio ChiYuan Huang <cy_huang(a)richtek.com> power: supply: rt9471: Use IC status regfield to report real charger status ChiYuan Huang <cy_huang(a)richtek.com> power: supply: rt9471: Fix wrong WDT function regfield declaration Barnabás Czémán <barnabas.czeman(a)mainlining.org> power: supply: bq27xxx: Fix registers of bq27426 Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: BPF: Sign-extend return values Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Fix build failure with GCC 15 (-std=gnu23) Randy Dunlap <rdunlap(a)infradead.org> fs_parser: update mount_api doc to match function signature Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: zevio: Add missed label initialisation Michael Ellerman <mpe(a)ellerman.id.au> selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Yishai Hadas <yishaih(a)nvidia.com> vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data() Yishai Hadas <yishaih(a)nvidia.com> vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix suboptimal range on iotlb iteration Lorenzo Bianconi <lorenzo(a)kernel.org> phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions Lorenzo Bianconi <lorenzo(a)kernel.org> phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll() Lorenzo Bianconi <lorenzo(a)kernel.org> phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l() Lorenzo Bianconi <lorenzo(a)kernel.org> phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (aquacomputer_d5next) Fix length of speed_input array Murad Masimov <m.masimov(a)maxima.ru> hwmon: (tps23861) Fix reporting of negative temperatures Hao Ge <gehao(a)kylinos.cn> perf bpf-filter: Return -ENOMEM directly when pfi allocation fails Chao Yu <chao(a)kernel.org> f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow Mike Snitzer <snitzer(a)kernel.org> nfs_common: must not hold RCU while calling nfsd_file_put_local Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_shutdown_copy() Ye Bin <yebin10(a)huawei.com> svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Yang Erkun <yangerkun(a)huawei.com> nfsd: release svc_expkey/svc_export with rcu_work Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Zhongqiu Han <quic_zhonhan(a)quicinc.com> PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' Sibi Sankar <quic_sibis(a)quicinc.com> remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> remoteproc: qcom: pas: add minidump_id to SM8350 resources Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> remoteproc: qcom: adsp: Remove subdevs on the error path of adsp_probe() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe() Benjamin Peterson <benjamin(a)engflow.com> perf trace: Avoid garbage when not printing a syscall's arguments Benjamin Peterson <benjamin(a)engflow.com> perf trace: Do not lose last events in a race Howard Chu <howardchu95(a)gmail.com> perf trace: Fix tracing itself, creating feedback loops Jean-Philippe Romain <jean-philippe.romain(a)foss.st.com> perf list: Fix topic and pmu_name argument order Jeff Layton <jlayton(a)kernel.org> nfsd: drop inode parameter from nfsd4_change_attribute() Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Address an integer overflow Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Benjamin Peterson <benjamin(a)engflow.com> perf trace: avoid garbage when not printing a trace event's arguments Chao Yu <chao(a)kernel.org> f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode Chao Yu <chao(a)kernel.org> f2fs: fix to map blocks correctly for direct write Long Li <leo.lilong(a)huawei.com> f2fs: fix race in concurrent f2fs_stop_gc_thread Yicong Yang <yangyicong(a)hisilicon.com> perf build: Add missing cflags when building with custom libtraceevent Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Chao Yu <chao(a)kernel.org> f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() Zeng Heng <zengheng4(a)huawei.com> f2fs: Fix not used variable 'index' Yongpeng Yang <yangyongpeng1(a)oppo.com> f2fs: check curseg->inited before write_sum_page in change_curseg LongPing Wei <weilongping(a)oppo.com> f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Frank Li <Frank.Li(a)nxp.com> i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin Arnaldo Carvalho de Melo <acme(a)kernel.org> perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Hou Tao <houtao1(a)huawei.com> virtiofs: use pages instead of pointer for kernel direct IO Li Huafei <lihuafei1(a)huawei.com> perf disasm: Fix not cleaning up disasm_line in symbol__disassemble_raw() Li Huafei <lihuafei1(a)huawei.com> perf disasm: Use disasm_line__free() to properly free disasm_line Francesco Zardi <frazar00(a)gmail.com> rust: block: fix formatting of `kernel::block::mq::request` module Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion Paolo Bonzini <pbonzini(a)redhat.com> rust: macros: fix documentation of the paste! macro Yutaro Ohno <yutaro.ono.418(a)gmail.com> rust: kernel: fix THIS_MODULE header path in ThisModule doc comment Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program Ian Rogers <irogers(a)google.com> perf probe: Fix libdw memory leak Ian Rogers <irogers(a)google.com> perf disasm: Fix capstone memory leak Veronika Molnarova <vmolnaro(a)redhat.com> perf dso: Fix symtab_type for kmod compression Chao Yu <chao(a)kernel.org> f2fs: fix to account dirty data in __get_secs_required() Arnd Bergmann <arnd(a)arndb.de> mailbox, remoteproc: k3-m4+: fix compile testing Ye Bin <yebin10(a)huawei.com> f2fs: fix null-ptr-deref in f2fs_submit_page_bio() Qi Han <hanqi(a)vivo.com> f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Miguel Ojeda <ojeda(a)kernel.org> rust: rbtree: fix `SAFETY` comments that should be `# Safety` sections Veronika Molnarova <vmolnaro(a)redhat.com> perf test attr: Add back missing topdown events Michael Petlan <mpetlan(a)redhat.com> perf trace: Keep exited threads for summary Ian Rogers <irogers(a)google.com> perf stat: Fix affinity memory leaks on error path Levi Yun <yeoreum.yun(a)arm.com> perf stat: Close cork_fd when create_perf_stat_counter() failed Kan Liang <kan.liang(a)linux.intel.com> perf jevents: Don't stop at the first matched pmu when searching a events table Todd Kjos <tkjos(a)google.com> PCI: Fix reset_method_store() memory leak Fei Shao <fshao(a)chromium.org> dt-bindings: PCI: mediatek-gen3: Allow exact number of clocks only Thomas Falcon <thomas.falcon(a)intel.com> perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC} Ian Rogers <irogers(a)google.com> perf stat: Uniquify event name improvements Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix unlinked inode cleanup Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Allow immediate GLF_VERIFY_DELETE work Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE James Clark <james.clark(a)linaro.org> perf cs-etm: Don't flush when packet_queue fills up David Laight <David.Laight(a)ACULAB.COM> x86: fix off-by-one in access_ok() Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() Yang Yingliang <yangyingliang(a)huawei.com> mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() Paul Aurich <paul(a)darkrain42.org> smb: cached directories can be more than root file handle Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat: Do not set params->user_workload with -U zhang jiao <zhangjiao2(a)cmss.chinamobile.com> pinctrl: k210: Undef K210_PC_DEFAULT Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Correct the sequence of device suspend Liu Shixin <liushixin2(a)huawei.com> zram: fix NULL pointer in comp_algorithm_show() Sergey Senozhatsky <senozhatsky(a)chromium.org> zram: permit only one post-processing operation at a time Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: fix estimation of fixed rate for EN7581 Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: introduce chip_scu regmap Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: move clock_register in hw_init callback Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 Charles Han <hanchunchao(a)inspur.com> clk: clk-apple-nco: Add NULL check in applnco_probe Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Move events notifier registration to be after device registration Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Zhang Zekun <zhangzekun11(a)huawei.com> powerpc/kexec: Fix return of uninitialized variable Kajol Jain <kjain(a)linux.ibm.com> KVM: PPC: Book3S HV: Fix kmv -> kvm typo Feng Fang <fangfeng4(a)huawei.com> RDMA/hns: Fix different dgids mapping to the same dip_idx Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> dax: delete a stale directory pmem Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Fix alignment failure at max_n_shift Geert Uytterhoeven <geert(a)linux-m68k.org> zram: ZRAM_DEF_COMP should depend on ZRAM Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Dan Carpenter <dan.carpenter(a)linaro.org> kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL Sabyrzhan Tasbolatov <snovitoll(a)gmail.com> kasan: move checks to do_strncpy_from_user Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> cpufreq: loongson3: Check for error code from devm_mutex_init() call Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix out-of-order issue of requester when setting FENCE Sourabh Jain <sourabhjain(a)linux.ibm.com> fadump: reserve param area if below boot_mem_top Hari Bathini <hbathini(a)linux.ibm.com> powerpc/fadump: allocate memory for additional parameters early Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Dynamically disable SEPT violations from causing #VEs Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Introduce wrappers to read and write TD metadata Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Enable runtime power management Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Baolin Liu <liubaolin(a)kylinos.cn> scsi: target: Fix incorrect function name in pscsi_create_type_disk() Mirsad Todorovac <mtodorovac69(a)gmail.com> fs/proc/kcore.c: fix coccinelle reported ERROR instances Raymond Hackley <raymondhackley(a)protonmail.com> leds: ktd2692: Set missing timing properties Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: max5970: Fix unreleased fwnode_handle in probe function Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Tamir Duberstein <tamird(a)gmail.com> checkpatch: always parse orig_commit in fixes tag Zhenzhong Duan <zhenzhong.duan(a)intel.com> iommu/vt-d: Fix checks and print in pgtable_walk() Zhenzhong Duan <zhenzhong.duan(a)intel.com> iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() Yang Yingliang <yangyingliang(a)huawei.com> clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() Dong Aisheng <aisheng.dong(a)nxp.com> clk: imx: clk-scu: fix clk enable state save and restore Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: fix pll power up Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: correct PLL initialization flow Peng Fan <peng.fan(a)nxp.com> clk: imx: lpcg-scu: SW workaround for errata (e10858) Björn Töpel <bjorn(a)rivosinc.com> riscv: kvm: Fix out-of-bounds array access Yong-Xuan Wang <yongxuan.wang(a)sifive.com> RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Ensure active slave attachment to the bond IB device Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/core: Implement RoCE GID port rescan and export delete function Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Call dev_put() after the blocking notifier Liu Jian <liujian56(a)huawei.com> RDMA/rxe: Set queue pair cur_qp_state when being queried Biju Das <biju.das.jz(a)bp.renesas.com> clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Andre Przywara <andre.przywara(a)arm.com> clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the qp flush warnings in req wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix cpu stuck caused by printings during reset Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Use dev_* printings in hem code instead of ibdev_* Yuyu Li <liyuyu6(a)huawei.com> RDMA/hns: Modify debugfs name wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix flush cqe error when racing with destroy qp wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Takahiro Kuwano <Takahiro.Kuwano(a)infineon.com> mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Zichen Xie <zichenxie0106(a)gmail.com> clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() Nicolin Chen <nicolinc(a)nvidia.com> iommu/tegra241-cmdqv: Staticize cmdqv_debugfs_dir Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/mm/fault: Fix kfence page fault reporting Stephen Boyd <sboyd(a)kernel.org> clk: Allow kunit tests to run without OF_OVERLAY enabled Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Biju Das <biju.das.jz(a)bp.renesas.com> mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/fadump: Refactor and prepare fadump_cma_init for late init Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Jinjie Ruan <ruanjinjie(a)huawei.com> mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Matthew Rosato <mjrosato(a)linux.ibm.com> iommu/s390: Implement blocking domain Jonathan Marek <jonathan(a)marek.ca> clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: zynqmp: drop excess struct member description Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event Lukas Bulwahn <lukas.bulwahn(a)redhat.com> clk: mediatek: drop two dead config options Biju Das <biju.das.jz(a)bp.renesas.com> pinctrl: renesas: rzg2l: Fix missing return in rzg2l_pinctrl_register() Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset Chengchang Tang <tangchengchang(a)huawei.com> RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages Jie Zhan <zhanjie9(a)hisilicon.com> cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged André Almeida <andrealmeid(a)igalia.com> unicode: Fix utf8_load() error path Jiayuan Chen <mrpre(a)163.com> bpf: fix recursive lock when verdict program return SK_PASS Hangbin Liu <liuhangbin(a)gmail.com> wireguard: selftests: load nf_conntrack if not present Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: fix null pointer to pcs Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: remove GPIO interrupt controller Jakub Kicinski <kuba(a)kernel.org> eth: fbnic: don't disable the PCI device twice Alexander Aring <aahringo(a)redhat.com> dlm: fix dlm_recover_members refcount on error Gao Xiang <xiang(a)kernel.org> erofs: handle NONHEAD !delta[1] lclusters gracefully Hongzhen Luo <hongzhen(a)linux.alibaba.com> erofs: fix blksize < PAGE_SIZE for file-backed mounts Gao Xiang <xiang(a)kernel.org> erofs: fix file-backed mounts over FUSE Felix Maurer <fmaurer(a)redhat.com> xsk: Free skb when TX metadata options are invalid Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: fix use-after-free in device_for_each_child() Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Send BIG Create Sync via hci_sync Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Use kref to track lifetime of iso_conn Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name() Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btmtk: adjust the position to init iso data anchor Kiran K <kiran.k(a)intel.com> Bluetooth: btintel: Do no pass vendor events to stack Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Add handshake between driver and firmware guanjing <guanjing(a)cmss.chinamobile.com> selftests: netfilter: Fix missing return values in conntrack_dump_flush Igor Pylypiv <ipylypiv(a)google.com> i2c: dev: Fix memory leak when underlying adapter does not support I2C Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Xu Kuohai <xukuohai(a)huawei.com> bpf: Add kernel symbol for struct_ops trampoline Xu Kuohai <xukuohai(a)huawei.com> bpf: Use function pointers count as struct_ops links count Kalle Valo <kvalo(a)kernel.org> Revert "wifi: iwlegacy: do not skip frames with bad FCS" Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Omid Ehtemam-Haghighi <omid.ehtemamhaghighi(a)menlosecurity.com> ipv6: Fix soft lockups in fib6_select_path under high next hop churn Viktor Malik <vmalik(a)redhat.com> selftests/bpf: skip the timer_lockup test for single-CPU nodes Jiri Olsa <jolsa(a)kernel.org> bpf: Force uprobe bpf program to always return 0 Jiri Olsa <jolsa(a)kernel.org> bpf: Allow return values 0 and 1 for kprobe session Yuan Can <yuancan(a)huawei.com> drm/amdkfd: Fix wrong usage of INIT_WORK() Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix map/unmap queue logic Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: fix ACA bank count boundary check error Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: tell iwlmei when we finished suspending Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: allow fast resume on ax200 Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: cfg80211: Remove the Medium Synchronization Delay validity check Paolo Abeni <pabeni(a)redhat.com> selftests: net: really check for bg process completion Paolo Abeni <pabeni(a)redhat.com> ipv6: release nexthop on device removal Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Fix sk_msg_reset_curr Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_pop_data Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_push_data Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix SENDPAGE data logic in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Hao Ge <gehao(a)kylinos.cn> isofs: avoid memory leak in iocharset Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Fix OPP refcnt leaks in devfreq initialisation Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: record current and maximum device clock frequencies Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: introduce job cycle and timestamp accounting Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panfrost: Add missing OPP table refcnt decremental Pei Xiao <xiaopei01(a)kylinos.cn> wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() Maurice Lambert <mauricelambert434(a)gmail.com> netlink: typographical error in nlmsg_type constants definition Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: must hold rcu read lock while iterating object type list Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: must hold rcu read lock while iterating expression type list Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion Jonathan Gray <jsg(a)jsg.id.au> drm: use ATOMIC64_INIT() for atomic64_t Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' Li Huafei <lihuafei1(a)huawei.com> drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable Leon Hwang <leon.hwang(a)linux.dev> bpf, bpftool: Fix incorrect disasm pc Zichen Xie <zichenxie0106(a)gmail.com> drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Linus Walleij <linus.walleij(a)linaro.org> wifi: cw1200: Fix potential NULL dereference Yuan Can <yuancan(a)huawei.com> wifi: wfx: Fix error handling in wfx_core_init() Steffen Dirkwinkel <s.dirkwinkel(a)beckhoff.com> drm: xlnx: zynqmp_disp: layer may be null while releasing Sean Anderson <sean.anderson(a)linux.dev> drm: zynqmp_kms: Unplug DRM device before removal Li Huafei <lihuafei1(a)huawei.com> drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Reduce HPD Detection Interval for IPS Roman Li <Roman.Li(a)amd.com> drm/amd/display: Increase idle worker HPD detection time Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Xiaolei Wang <xiaolei.wang(a)windriver.com> drm/etnaviv: Request pages from DMA32 zone on addressing_limited Suraj Kandpal <suraj.kandpal(a)intel.com> drm/xe/hdcp: Fix gsc structure check in fw check status Lukasz Luba <lukasz.luba(a)arm.com> drm/msm/gpu: Check the status of registration to PM QoS Jinjie Ruan <ruanjinjie(a)huawei.com> drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Remove garbage frame for struct_ops trampoline Steven Price <steven.price(a)arm.com> drm/panfrost: Remove unused id_mask from struct panfrost_model Dan Carpenter <dan.carpenter(a)linaro.org> wifi: rtw89: unlock on error path in rtw89_ops_unassign_vif_chanctx() Po-Hao Huang <phhuang(a)realtek.com> wifi: rtw89: Fix TX fail with A2DP after scanning Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: tweak driver architecture for impending MLO support Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: refactor STA related func ahead for MLO Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: refactor VIF related func ahead for MLO Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: read link_sta corresponding to the link Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: read bss_conf corresponding to the link Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: rename rtw89_sta to rtw89_sta_link ahead for MLO Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: rename rtw89_vif to rtw89_vif_link ahead for MLO Andrii Nakryiko <andrii(a)kernel.org> libbpf: move global data mmap()'ing into bpf_object__load() Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: fix test_spin_lock_fail.c's global vars usage Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: drop LM_3 / LM_4 on SDM845 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block Ryan Walklin <ryan(a)testtoast.com> drm: panel: nv3052c: correct spi_device_id for RG35XX panel Matthias Schiffer <matthias.schiffer(a)tq-group.com> drm: fsl-dcu: enable PIXCLK on LS1021A Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Marek Vasut <marex(a)denx.de> wifi: wilc1000: Set MAC after operation mode Sascha Hauer <s.hauer(a)pengutronix.de> wifi: mwifiex: add missing locking for cfg80211 calls Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix msg_verify_data in test_sockmap Miguel Ojeda <ojeda(a)kernel.org> drm/panic: Select ZLIB_DEFLATE for DRM_PANIC_SCREEN_QR_CODE Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358767: Fix link properties discovery Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: copy addresses for both in and out paths Andrii Nakryiko <andrii(a)kernel.org> libbpf: never interpret subprogs in .text as entry programs Everest K.C <everestkc(a)everestkc.com.np> ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Prevent recovery invocation during probe and resume Andrii Nakryiko <andrii(a)kernel.org> libbpf: fix sym_is_subprog() logic for weak global subprogs Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: Correct generation check in vc4_hvs_lut_load Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load Maxime Ripard <mripard(a)kernel.org> drm/vc4: Introduce generation number enum Dom Cobley <popcornmix(a)gmail.com> drm/vc4: hdmi: Increase audio MAI fifo dreq threshold Jacob Keller <jacob.e.keller(a)intel.com> ice: consistently use q_idx in ice_vc_cfg_qs_msg() Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: cfg80211: check radio iface combination for multi radio per wiphy Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: add missing header include for htons Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: Fix backtrace printing for selftests crashes Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Björn Töpel <bjorn(a)rivosinc.com> selftests: bpf: Add missing per-arch include path Björn Töpel <bjorn(a)rivosinc.com> libbpf: Add missing per-arch include path Arnd Bergmann <arnd(a)arndb.de> wifi: ath12k: fix one more memcpy size error Rameshkumar Sundaram <quic_ramess(a)quicinc.com> wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: fix a memleak issue when driver is removed Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for cpu dai index logic Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: fix for inconsistent indenting Martin Kaistra <martin.kaistra(a)linutronix.de> wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled Alexander Aring <aahringo(a)redhat.com> dlm: fix swapped args sb_flags vs sb_status Alan Maguire <alan.maguire(a)oracle.com> selftests/bpf: Fix uprobe_multi compilation error Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Fix output .symtab byte-order during linking Tao Chen <chen.dylane(a)gmail.com> libbpf: Fix expected_attach_type set handling in program load callback Pin-yen Lin <treapking(a)chromium.org> drm/bridge: it6505: Drop EDID cache on bridge power off Pin-yen Lin <treapking(a)chromium.org> drm/bridge: anx7625: Drop EDID cache on bridge power off Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module Macpaul Lin <macpaul.lin(a)mediatek.com> ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix regmap_write_bits usage Igor Prusov <ivprusov(a)salutedevices.com> dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Ramya Gnanasekar <quic_rgnanase(a)quicinc.com> wifi: ath12k: Skip Rx TID cleanup for self peer Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix JPEG v4.0.3 register write Maíra Canal <mcanal(a)igalia.com> drm/v3d: Flush the MMU before we supply more memory to the binner Maíra Canal <mcanal(a)igalia.com> drm/v3d: Address race-condition in MMU flush Linus Walleij <linus.walleij(a)linaro.org> drm/panel: nt35510: Make new commands optional Alexander Stein <alexander.stein(a)ew.tq-group.com> drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: parallel-display: switch to drm_panel_bridge Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: ldb: switch to drm_panel_bridge Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: ldb: drop custom DDC bus support Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: ldb: drop custom EDID support Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: parallel-display: drop edid override support Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Huan Yang <link(a)vivo.com> udmabuf: fix vmap_udmabuf error page set Huan Yang <link(a)vivo.com> udmabuf: change folios array from kmalloc to kvmalloc Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/v3d: Appease lockdep while updating GPU stats Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix possible NULL dereference Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Correct logic on stopping an HVS channel Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer Dom Cobley <popcornmix(a)gmail.com> drm/vc4: hdmi: Avoid hang with debug registers when suspended Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Don't write gamma luts on 2711 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Matt Coster <Matt.Coster(a)imgtec.com> drm/imagination: Use pvr_vm_context_get() Chen Yufan <chenyufan(a)vivo.com> drm/imagination: Convert to use time_before macro Yao Zi <ziyao(a)disroot.org> platform/x86: panasonic-laptop: Return errno correctly in show callback Michael J. Ruhl <michael.j.ruhl(a)intel.com> platform/x86/intel/pmt: allow user offset for PMT callbacks Armin Wolf <W_Armin(a)gmx.de> platform/x86: asus-wmi: Fix inconsistent use of thermal policies Vitaly Kuznetsov <vkuznets(a)redhat.com> HID: hyperv: streamline driver probe to avoid devres issues Tejun Heo <tj(a)kernel.org> sched_ext: scx_bpf_dispatch_from_dsq_set_*() are allowed from unlocked context Chris Morgan <macromorgan(a)hotmail.com> arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Li Huafei <lihuafei1(a)huawei.com> media: atomisp: Add check for rgby_data memory allocation failure Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Assume a disabled PWM to emit a constant inactive output Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: sync with threaded IRQ during inst destruction Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: fix enc/dec destruction order Bingbu Cao <bingbu.cao(a)intel.com> media: ipu6: remove architecture DMA ops dependency in Kconfig Bingbu Cao <bingbu.cao(a)intel.com> media: ipu6: not override the dma_ops of device in driver Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu6: Fix DMA and physical address debugging messages for 32-bit Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Protect against array overrun during iMC config parsing Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Fix memory overflow due to unhandled wraparound Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Print accurate buffer size as part of MBM results Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt6358: fix dtbs_check error Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: hihope: Drop #sound-dai-cells Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Jinjie Ruan <ruanjinjie(a)huawei.com> spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: Avoid shift-out-of-bounds Zhang Zekun <zhangzekun11(a)huawei.com> pmdomain: ti-sci: Add missing of_node_put() for args.np Usama Arif <usamaarif642(a)gmail.com> of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Abel Vesa <abel.vesa(a)linaro.org> dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries Konrad Dybcio <konradybcio(a)kernel.org> arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers Niklas Schnelle <schnelle(a)linux.ibm.com> watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240 Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances Jared McArthur <j-mcarthur(a)ti.com> arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Clark Wang <xiaoning.wang(a)nxp.com> pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Remove 'enable-active-low' from two boards Tomasz Maciej Nowak <tmn505(a)gmail.com> arm64: tegra: p2180: Add mandatory compatible for WiFi node Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF Dragan Simic <dsimic(a)manjaro.org> regulator: rk808: Restrict DVS GPIOs to the RK808 variant only Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen Ridong <chenridong(a)huawei.com> Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Fei Shao <fshao(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI Fei Shao <fshao(a)chromium.org> arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Srikar Dronamraju <srikar(a)linux.ibm.com> gpio: sloppy-logic-analyzer remove reference to rcu_momentary_dyntick_idle() Nathan Morrisson <nmorrisson(a)phytec.com> arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs Randy Dunlap <rdunlap(a)infradead.org> kernel-doc: allow object-like macros in ReST output Sibi Sankar <quic_sibis(a)quicinc.com> arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4 Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Colin Ian King <colin.i.king(a)gmail.com> media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: i2c: vgxy61: Fix an error handling path in vgxy61_detect() Dan Carpenter <dan.carpenter(a)linaro.org> media: i2c: max96717: clean up on error in max96717_subdev_init() Gregory Price <gourry(a)gourry.net> tpm: fix signed/unsigned bug when checking event logs Jonathan Marek <jonathan(a)marek.ca> efi/libstub: fix efi_parse_options() ignoring the default command line Stafford Horne <shorne(a)gmail.com> openrisc: Implement fixmap to fix earlycon Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-vivobook-s15: Drop orientation-switch from USB SS[0-1] QMP PHYs Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs Chen-Yu Tsai <wenst(a)chromium.org> scripts/kernel-doc: Do not track section counter across processed files Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Andrei Simion <andrei.simion(a)microchip.com> ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mt8183: Add port node to dpi node Alper Nebi Yasak <alpernebiyasak(a)gmail.com> arm64: dts: mediatek: mt8183-kukui: Disable DPI display interface Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mt8195: Fix dtbs_check error for mutex node Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy Pablo Sun <pablo.sun(a)mediatek.com> arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain Michal Simek <michal.simek(a)amd.com> microblaze: Export xmb_manager functions Gaosheng Cui <cuigaosheng1(a)huawei.com> drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Min-Hua Chen <minhuadotchen(a)gmail.com> regulator: qcom-smd: make smd_vreg_rpm static Samuel Holland <samuel.holland(a)sifive.com> irqchip/riscv-aplic: Prevent crash when MSI domain is missing Javier Carrasco <javier.carrasco.cruz(a)gmail.com> clocksource/drivers/timer-ti-dm: Fix child node refcount handling Mark Brown <broonie(a)kernel.org> clocksource/drivers:sp804: Make user selectable Eder Zulian <ezulian(a)redhat.com> rust: helpers: Avoid raw_spin_lock initialization for PREEMPT_RT Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> locking/rt: Add sparse annotation PREEMPT_RT's sleeping locks. Thomas Gleixner <tglx(a)linutronix.de> sched/ext: Remove sched_fork() hack Marco Elver <elver(a)google.com> kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Marco Elver <elver(a)google.com> kcsan, seqlock: Support seqcount_latch_t Uros Bizjak <ubizjak(a)gmail.com> locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu() Uros Bizjak <ubizjak(a)gmail.com> locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64() Thomas Gleixner <tglx(a)linutronix.de> timers: Add missing READ_ONCE() in __run_timer_base() Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Miguel Ojeda <ojeda(a)kernel.org> time: Partially revert cleanup on msecs_to_jiffies() documentation Uros Bizjak <ubizjak(a)gmail.com> cleanup: Remove address space of returned pointer Carlos Llamas <cmllamas(a)google.com> Revert "scripts/faddr2line: Check only two symbols when calculating symbol size" Zheng Yejian <zhengyejian(a)huaweicloud.com> x86/unwind/orc: Fix unwind for newly forked tasks Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/lib: Fix memory leak on error in thermal_genl_auto() Daniel Lezcano <daniel.lezcano(a)linaro.org> tools/lib/thermal: Make more generic the command encoding function Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcuscale: Do a proper cleanup if kfree_scale_init() fails Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Michal Suchanek <msuchanek(a)suse.de> crypto: aes-gcm-p10 - Use the correct bit to test for P10 Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Chen Ridong <chenridong(a)huawei.com> crypto: caam - add error check to caam_rsa_set_priv_key_form Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: testing: Initialize some variables annoteded with _free() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: testing: Use DEFINE_FREE() and __free() to simplify code Lifeng Zheng <zhenglifeng1(a)huawei.com> ACPI: CPPC: Fix _CPC register setting issue Pei Xiao <xiaopei01(a)kylinos.cn> hwmon: (nct6775-core) Fix overflows seen when writing limit attributes Jerome Brunet <jbrunet(a)baylibre.com> hwmon: (pmbus/core) clear faults after setting smbalert mask Zqiang <qiang.zhang1211(a)gmail.com> rcu/nocb: Fix missed RCU barrier on deoffloading Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu Michal Schmidt <mschmidt(a)redhat.com> rcu/srcutiny: don't return before reenabling preemption Baruch Siach <baruch(a)tkos.co.il> doc: rcu: update printed dynticks counter bits Christian Loehle <christian.loehle(a)arm.com> sched/cpufreq: Ensure sd is rebuilt for EAS check Li Huafei <lihuafei1(a)huawei.com> crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() Wang Hai <wanghai38(a)huawei.com> crypto: qat - Fix missing destroy_workqueue in adf_init_aer() Orange Kao <orange(a)aiven.io> EDAC/igen6: Avoid segmentation fault on module unload Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - disable same error report before resetting Gautham R. Shenoy <gautham.shenoy(a)amd.com> amd-pstate: Set min_perf to nominal_perf for active mode performance gov Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: Don't update CPPC request in amd_pstate_cpu_boost_update() Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Differentiate memory error sources Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Fix race between zone registration and system suspend Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Mark thermal zones as initializing to start with Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Represent suspend-related thermal zone flags as bits Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Rearrange PM notification code Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Initialize thermal zones before registering them Ahsan Atta <ahsan.atta(a)intel.com> crypto: qat - remove faulty arbiter config reset David Thompson <davthompson(a)nvidia.com> EDAC/bluefield: Fix potential integer overflow Yuan Can <yuancan(a)huawei.com> firmware: google: Unregister driver_info on failure Dan Carpenter <dan.carpenter(a)linaro.org> crypto: qat/qat_4xxx - fix off by one in uof_get_name() Dan Carpenter <dan.carpenter(a)linaro.org> crypto: qat/qat_420xx - fix off by one in uof_get_name() Danny Tsen <dtsen(a)linux.ibm.com> crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10 Danny Tsen <dtsen(a)linux.ibm.com> crypto: powerpc/p10-aes-gcm - Register modules as SIMD Cabiddu, Giovanni <giovanni.cabiddu(a)intel.com> crypto: qat - remove check after debugfs_create_dir() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: caam - Fix the pointer passed to caam_qi_shutdown() Tomas Paukrt <tomaspaukrt(a)email.cz> crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys Christoph Hellwig <hch(a)lst.de> virtio_blk: reverse request order in virtio_queue_rqs Christoph Hellwig <hch(a)lst.de> nvme-pci: reverse request order in nvme_queue_rqs Long Li <leo.lilong(a)huawei.com> ext4: fix race in buffer_head read fault injection Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Christoph Hellwig <hch(a)lst.de> block: fix bio_split_rw_at to take zone_write_granularity into account Christoph Hellwig <hch(a)lst.de> block: take chunk_sectors into account in bio_split_write_zeroes Zizhi Wo <wozizhi(a)huawei.com> netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix NULL pointer dereference in object->file Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter() Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter() Li Wang <liwang(a)redhat.com> loop: fix type of block size Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Masahiro Yamada <masahiroy(a)kernel.org> arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers Christoph Hellwig <hch(a)lst.de> nvme-pci: fix freeing of the HMB descriptor table Mark Brown <broonie(a)kernel.org> kselftest/arm64: Fix encoding for SVE B16B16 test Marc Zyngier <maz(a)kernel.org> arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex Jonas Gorski <jonas.gorski(a)gmail.com> mips: asm: fix warning when disabling MIPS_FP_SUPPORT Jan Kara <jack(a)suse.cz> ext4: avoid remount errors with 'abort' mount option Yang Erkun <yangerkun(a)huawei.com> brd: defer automatic disk creation until module initialization succeeds Ard Biesheuvel <ardb(a)kernel.org> x86/pvh: Call C code via the kernel virtual mapping Heiko Carstens <hca(a)linux.ibm.com> s390/pageattr: Implement missing kernel_page_present() Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Do not unregister the subchannel based on DNV John Garry <john.g.garry(a)oracle.com> fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid() John Garry <john.g.garry(a)oracle.com> block/fs: Pass an iocb to generic_atomic_write_valid() Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about longs Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about __u64 Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: hwcap: fix f8dp2 cpuinfo name Kristina Martsenko <kristina.martsenko(a)arm.com> arm64: probes: Disable kprobes/uprobes on MOPS instructions Bill O'Donnell <bodonnel(a)redhat.com> efs: fix the efs new mount api implementation Halil Pasic <pasic(a)linux.ibm.com> s390/virtio_ccw: Fix dma_parm pointer not set up Gerd Bayer <gbayer(a)linux.ibm.com> s390/facilities: Fix warning about shadow of global variable Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix incorrect DSC recompute trigger Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Skip Invalid Streams from DSC Policy Darrick J. Wong <djwong(a)kernel.org> MAINTAINERS: appoint myself the XFS maintainer for 6.12 LTS ------------- Diffstat: Documentation/ABI/testing/sysfs-fs-f2fs | 7 +- Documentation/RCU/stallwarn.rst | 2 +- Documentation/admin-guide/blockdev/zram.rst | 2 + Documentation/admin-guide/media/building.rst | 2 +- Documentation/admin-guide/media/saa7134.rst | 2 +- Documentation/arch/x86/boot.rst | 17 +- .../devicetree/bindings/cache/qcom,llcc.yaml | 38 +- .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 +- .../devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 +- .../bindings/pci/mediatek-pcie-gen3.yaml | 5 +- .../pinctrl/samsung,pinctrl-wakeup-interrupt.yaml | 19 +- .../devicetree/bindings/serial/rs485.yaml | 19 +- .../devicetree/bindings/sound/mt6359.yaml | 10 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/filesystems/mount_api.rst | 3 +- Documentation/locking/seqlock.rst | 2 +- MAINTAINERS | 335 ++++---- Makefile | 4 +- arch/arc/kernel/devtree.c | 2 +- .../boot/dts/allwinner/sun9i-a80-cubieboard4.dts | 4 +- arch/arm/boot/dts/microchip/sam9x60.dtsi | 12 + arch/arm/boot/dts/renesas/r7s72100-genmai.dts | 2 +- arch/arm/boot/dts/ti/omap/omap36xx.dtsi | 1 + arch/arm/kernel/devtree.c | 2 +- .../freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso | 29 +- arch/arm64/boot/dts/mediatek/mt6358.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 + .../dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 + .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 + .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 30 +- .../boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 + arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 + .../boot/dts/mediatek/mt8186-corsola-voltorb.dtsi | 21 +- arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 8 +- arch/arm64/boot/dts/mediatek/mt8188.dtsi | 5 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 +- .../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 +- arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 2 +- arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 2 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 +- .../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 14 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 - .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 4 - arch/arm64/boot/dts/qcom/x1e80100.dtsi | 8 +- arch/arm64/boot/dts/renesas/hihope-rev2.dtsi | 3 - arch/arm64/boot/dts/renesas/hihope-rev4.dtsi | 3 - .../rk3568-wolfvision-pf5-io-expander.dtso | 1 - .../boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 2 +- .../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 1 - arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi | 2 - .../boot/dts/ti/k3-j7200-common-proc-board.dts | 2 +- arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 38 +- arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 6 +- arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 6 +- arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi | 16 +- arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 6 +- arch/arm64/include/asm/insn.h | 1 + arch/arm64/include/asm/kvm_host.h | 2 - arch/arm64/kernel/cpufeature.c | 1 + arch/arm64/kernel/probes/decode-insn.c | 7 +- arch/arm64/kernel/process.c | 2 +- arch/arm64/kernel/setup.c | 6 +- arch/arm64/kernel/vmlinux.lds.S | 6 +- arch/arm64/kvm/arch_timer.c | 3 +- arch/arm64/kvm/arm.c | 18 +- arch/arm64/kvm/mmio.c | 32 +- arch/arm64/kvm/pmu-emul.c | 1 - arch/arm64/kvm/vgic/vgic-its.c | 32 +- arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 +- arch/arm64/kvm/vgic/vgic.h | 23 + arch/arm64/net/bpf_jit_comp.c | 47 +- arch/csky/kernel/setup.c | 4 +- arch/loongarch/Makefile | 4 +- arch/loongarch/kernel/setup.c | 2 +- arch/loongarch/net/bpf_jit.c | 2 +- arch/loongarch/vdso/Makefile | 2 +- arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 5 +- arch/m68k/mvme147/config.c | 30 + arch/m68k/mvme147/mvme147.h | 6 + arch/microblaze/kernel/microblaze_ksyms.c | 10 + arch/microblaze/kernel/prom.c | 2 +- arch/mips/include/asm/switch_to.h | 2 +- arch/mips/kernel/prom.c | 2 +- arch/mips/kernel/relocate.c | 2 +- arch/nios2/kernel/prom.c | 4 +- arch/openrisc/Kconfig | 3 + arch/openrisc/include/asm/fixmap.h | 21 +- arch/openrisc/kernel/prom.c | 2 +- arch/openrisc/mm/init.c | 37 + arch/parisc/kernel/ftrace.c | 2 +- arch/powerpc/crypto/Kconfig | 2 +- arch/powerpc/crypto/aes-gcm-p10-glue.c | 141 +++- arch/powerpc/include/asm/dtl.h | 4 +- arch/powerpc/include/asm/fadump.h | 9 + arch/powerpc/include/asm/kvm_book3s_64.h | 4 +- arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/kernel/dt_cpu_ftrs.c | 2 +- arch/powerpc/kernel/fadump.c | 40 +- arch/powerpc/kernel/prom.c | 5 +- arch/powerpc/kernel/setup-common.c | 6 +- arch/powerpc/kernel/setup_64.c | 1 + arch/powerpc/kexec/file_load_64.c | 9 +- arch/powerpc/kvm/book3s_hv.c | 14 +- arch/powerpc/kvm/book3s_hv_nested.c | 14 +- arch/powerpc/kvm/trace_hv.h | 2 +- arch/powerpc/lib/sstep.c | 12 +- arch/powerpc/mm/fault.c | 10 +- arch/powerpc/platforms/pseries/dtl.c | 8 +- arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/powerpc/platforms/pseries/plpks.c | 2 +- arch/riscv/include/asm/cpufeature.h | 2 + arch/riscv/kernel/setup.c | 2 +- arch/riscv/kernel/traps_misaligned.c | 14 +- arch/riscv/kernel/unaligned_access_speed.c | 1 + arch/riscv/kvm/aia_aplic.c | 3 +- arch/riscv/kvm/vcpu_sbi.c | 11 +- arch/s390/include/asm/facility.h | 18 +- arch/s390/include/asm/pci.h | 4 +- arch/s390/include/asm/set_memory.h | 1 + arch/s390/kernel/perf_cpum_sf.c | 2 +- arch/s390/kernel/syscalls/Makefile | 2 +- arch/s390/mm/pageattr.c | 15 + arch/s390/pci/pci.c | 37 +- arch/s390/pci/pci_debug.c | 10 +- arch/sh/kernel/cpu/proc.c | 2 +- arch/sh/kernel/setup.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 4 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/dtb.c | 2 +- arch/um/kernel/physmem.c | 6 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/sysrq.c | 2 +- arch/x86/coco/tdx/tdx.c | 111 ++- arch/x86/crypto/aegis128-aesni-asm.S | 29 +- arch/x86/events/intel/pt.c | 11 +- arch/x86/events/intel/pt.h | 2 + arch/x86/include/asm/atomic64_32.h | 3 +- arch/x86/include/asm/cmpxchg_32.h | 6 +- arch/x86/include/asm/kvm_host.h | 4 +- arch/x86/include/asm/shared/tdx.h | 11 +- arch/x86/include/asm/tlb.h | 4 + arch/x86/kernel/cpu/amd.c | 1 + arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/cpu/microcode/amd.c | 25 +- arch/x86/kernel/devicetree.c | 2 +- arch/x86/kernel/unwind_orc.c | 2 +- arch/x86/kvm/Kconfig | 5 +- arch/x86/kvm/mmu/mmu.c | 68 +- arch/x86/kvm/mmu/spte.c | 18 +- arch/x86/kvm/vmx/vmx.c | 54 +- arch/x86/mm/tlb.c | 3 +- arch/x86/platform/pvh/head.S | 9 +- arch/xtensa/kernel/setup.c | 2 +- block/bfq-cgroup.c | 1 + block/bfq-iosched.c | 43 +- block/blk-core.c | 18 +- block/blk-merge.c | 45 +- block/blk-mq.c | 148 +++- block/blk-mq.h | 13 + block/blk-settings.c | 7 + block/blk-sysfs.c | 6 +- block/blk-zoned.c | 14 +- block/blk.h | 30 +- block/elevator.c | 10 +- block/fops.c | 25 +- block/genhd.c | 24 +- crypto/pcrypt.c | 12 +- drivers/accel/ivpu/ivpu_ipc.c | 35 +- drivers/accel/ivpu/ivpu_ipc.h | 7 +- drivers/accel/ivpu/ivpu_jsm_msg.c | 19 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/acpi/cppc_acpi.c | 1 - drivers/base/firmware_loader/main.c | 5 +- drivers/base/regmap/regmap-irq.c | 4 + drivers/base/trace.h | 6 +- drivers/block/brd.c | 70 +- drivers/block/loop.c | 6 +- drivers/block/ublk_drv.c | 17 +- drivers/block/virtio_blk.c | 46 +- drivers/block/zram/Kconfig | 1 + drivers/block/zram/zram_drv.c | 21 +- drivers/block/zram/zram_drv.h | 1 + drivers/bluetooth/btbcm.c | 4 +- drivers/bluetooth/btintel.c | 62 +- drivers/bluetooth/btintel.h | 7 + drivers/bluetooth/btintel_pcie.c | 265 +++++- drivers/bluetooth/btintel_pcie.h | 16 +- drivers/bluetooth/btmtk.c | 1 - drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/trace.h | 25 +- drivers/clk/.kunitconfig | 1 + drivers/clk/Kconfig | 2 - drivers/clk/clk-apple-nco.c | 3 + drivers/clk/clk-axi-clkgen.c | 22 +- drivers/clk/clk-en7523.c | 270 +++++-- drivers/clk/clk-loongson2.c | 6 +- drivers/clk/imx/clk-fracn-gppll.c | 10 +- drivers/clk/imx/clk-imx8-acm.c | 4 +- drivers/clk/imx/clk-lpcg-scu.c | 37 +- drivers/clk/imx/clk-scu.c | 2 +- drivers/clk/mediatek/Kconfig | 15 - drivers/clk/qcom/Kconfig | 4 +- drivers/clk/ralink/clk-mtmips.c | 26 +- drivers/clk/renesas/rzg2l-cpg.c | 11 +- drivers/clk/sophgo/clk-sg2042-pll.c | 2 +- drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 +- drivers/clocksource/Kconfig | 3 +- drivers/clocksource/timer-ti-dm-systimer.c | 4 +- drivers/comedi/comedi_fops.c | 12 + drivers/counter/stm32-timer-cnt.c | 17 +- drivers/counter/ti-ecap-capture.c | 7 +- drivers/cpufreq/amd-pstate.c | 26 +- drivers/cpufreq/cppc_cpufreq.c | 63 +- drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/cpufreq/loongson3_cpufreq.c | 7 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/caam/caampkc.c | 11 +- drivers/crypto/caam/qi.c | 2 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/crypto/hisilicon/hpre/hpre_main.c | 35 +- drivers/crypto/hisilicon/qm.c | 47 +- drivers/crypto/hisilicon/sec2/sec_main.c | 35 +- drivers/crypto/hisilicon/zip/zip_main.c | 35 +- drivers/crypto/inside-secure/safexcel_hash.c | 2 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 +- .../crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 +- drivers/crypto/intel/qat/qat_common/adf_aer.c | 5 +- drivers/crypto/intel/qat/qat_common/adf_dbgfs.c | 13 +- .../crypto/intel/qat/qat_common/adf_hw_arbiter.c | 4 - drivers/crypto/mxs-dcp.c | 20 +- drivers/dax/pmem/Makefile | 7 - drivers/dax/pmem/pmem.c | 10 - drivers/dma-buf/Kconfig | 1 + drivers/dma-buf/udmabuf.c | 44 +- drivers/edac/bluefield_edac.c | 2 +- drivers/edac/fsl_ddr_edac.c | 22 +- drivers/edac/i10nm_base.c | 1 + drivers/edac/igen6_edac.c | 2 + drivers/edac/skx_common.c | 57 +- drivers/edac/skx_common.h | 8 + drivers/firmware/arm_scpi.c | 3 + drivers/firmware/efi/libstub/efi-stub.c | 2 +- drivers/firmware/efi/tpm.c | 17 +- drivers/firmware/google/gsmi.c | 6 +- drivers/gpio/gpio-exar.c | 10 +- drivers/gpio/gpio-zevio.c | 6 + drivers/gpu/drm/Kconfig | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 63 +- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 + drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 + drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 18 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 14 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 32 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 4 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 11 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 15 +- .../gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 3 + .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 2 + drivers/gpu/drm/bridge/tc358767.c | 7 + drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 + drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 28 +- drivers/gpu/drm/fsl-dcu/Kconfig | 1 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 + drivers/gpu/drm/imagination/pvr_ccb.c | 2 +- drivers/gpu/drm/imagination/pvr_vm.c | 4 +- drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 +- drivers/gpu/drm/imx/ipuv3/Kconfig | 11 +- drivers/gpu/drm/imx/ipuv3/imx-ldb.c | 122 +-- drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 6 +- drivers/gpu/drm/imx/ipuv3/parallel-display.c | 51 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +- .../drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 - .../gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 9 +- drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 1 + drivers/gpu/drm/omapdrm/dss/base.c | 25 +- drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 +- drivers/gpu/drm/omapdrm/omap_drv.c | 4 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/gpu/drm/panel/panel-newvision-nv3052c.c | 2 +- drivers/gpu/drm/panel/panel-novatek-nt35510.c | 15 +- drivers/gpu/drm/panfrost/panfrost_devfreq.c | 3 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 - drivers/gpu/drm/panthor/panthor_devfreq.c | 29 +- drivers/gpu/drm/panthor/panthor_device.h | 28 + drivers/gpu/drm/panthor/panthor_sched.c | 351 ++++++-- drivers/gpu/drm/radeon/radeon_audio.c | 12 +- drivers/gpu/drm/v3d/v3d_drv.h | 1 + drivers/gpu/drm/v3d/v3d_irq.c | 2 + drivers/gpu/drm/v3d/v3d_mmu.c | 31 +- drivers/gpu/drm/v3d/v3d_sched.c | 44 +- drivers/gpu/drm/vc4/tests/vc4_mock.c | 12 +- drivers/gpu/drm/vc4/vc4_bo.c | 28 +- drivers/gpu/drm/vc4/vc4_crtc.c | 13 +- drivers/gpu/drm/vc4/vc4_drv.c | 22 +- drivers/gpu/drm/vc4/vc4_drv.h | 8 +- drivers/gpu/drm/vc4/vc4_gem.c | 24 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 22 +- drivers/gpu/drm/vc4/vc4_hvs.c | 64 +- drivers/gpu/drm/vc4/vc4_irq.c | 10 +- drivers/gpu/drm/vc4/vc4_kms.c | 14 +- drivers/gpu/drm/vc4/vc4_perfmon.c | 20 +- drivers/gpu/drm/vc4/vc4_plane.c | 12 +- drivers/gpu/drm/vc4/vc4_render_cl.c | 2 +- drivers/gpu/drm/vc4/vc4_v3d.c | 10 +- drivers/gpu/drm/vc4/vc4_validate.c | 8 +- drivers/gpu/drm/vc4/vc4_validate_shaders.c | 2 +- drivers/gpu/drm/vkms/vkms_output.c | 5 +- drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 2 +- drivers/gpu/drm/xe/xe_sync.c | 6 +- drivers/gpu/drm/xlnx/zynqmp_disp.c | 3 + drivers/gpu/drm/xlnx/zynqmp_kms.c | 2 +- drivers/hid/hid-hyperv.c | 58 +- drivers/hid/wacom_wac.c | 4 +- drivers/hwmon/aquacomputer_d5next.c | 2 +- drivers/hwmon/nct6775-core.c | 7 +- drivers/hwmon/pmbus/pmbus_core.c | 12 +- drivers/hwmon/tps23861.c | 2 +- drivers/i2c/i2c-dev.c | 17 +- drivers/i3c/master.c | 13 +- drivers/iio/accel/adxl380.c | 2 +- drivers/iio/adc/ad4000.c | 6 +- drivers/iio/adc/pac1921.c | 4 +- drivers/iio/dac/adi-axi-dac.c | 2 +- drivers/iio/industrialio-backend.c | 4 +- drivers/iio/industrialio-gts-helper.c | 2 +- drivers/iio/light/al3010.c | 11 +- drivers/infiniband/core/roce_gid_mgmt.c | 30 +- drivers/infiniband/core/uverbs.h | 2 + drivers/infiniband/core/uverbs_main.c | 43 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/main.c | 28 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/hns/hns_roce_cq.c | 4 +- drivers/infiniband/hw/hns/hns_roce_debugfs.c | 3 +- drivers/infiniband/hw/hns/hns_roce_device.h | 14 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 48 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 257 +++--- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 8 +- drivers/infiniband/hw/hns/hns_roce_main.c | 7 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 11 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 79 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 4 +- drivers/infiniband/hw/mlx5/main.c | 69 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +- drivers/infiniband/sw/rxe/rxe_qp.c | 1 + drivers/infiniband/sw/rxe/rxe_req.c | 6 +- drivers/input/misc/cs40l50-vibra.c | 6 +- drivers/interconnect/qcom/icc-rpmh.c | 3 + drivers/iommu/amd/io_pgtable_v2.c | 3 + drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 5 +- drivers/iommu/intel/iommu.c | 40 +- drivers/iommu/s390-iommu.c | 75 +- drivers/irqchip/irq-mvebu-sei.c | 2 +- drivers/irqchip/irq-riscv-aplic-main.c | 3 +- drivers/irqchip/irq-riscv-aplic-msi.c | 3 + drivers/leds/flash/leds-ktd2692.c | 1 + drivers/leds/leds-max5970.c | 5 +- drivers/mailbox/arm_mhuv2.c | 8 +- drivers/mailbox/mtk-cmdq-mailbox.c | 2 +- drivers/mailbox/omap-mailbox.c | 1 + drivers/media/i2c/adv7604.c | 5 +- drivers/media/i2c/adv7842.c | 13 +- drivers/media/i2c/ds90ub960.c | 2 +- drivers/media/i2c/max96717.c | 6 +- drivers/media/i2c/vgxy61.c | 2 +- drivers/media/pci/intel/ipu6/Kconfig | 6 - drivers/media/pci/intel/ipu6/ipu6-bus.c | 6 - drivers/media/pci/intel/ipu6/ipu6-buttress.c | 34 +- drivers/media/pci/intel/ipu6/ipu6-cpd.c | 18 +- drivers/media/pci/intel/ipu6/ipu6-dma.c | 202 +++-- drivers/media/pci/intel/ipu6/ipu6-dma.h | 34 +- drivers/media/pci/intel/ipu6/ipu6-fw-com.c | 14 +- drivers/media/pci/intel/ipu6/ipu6-mmu.c | 28 +- drivers/media/pci/intel/ipu6/ipu6.c | 3 + drivers/media/platform/qcom/venus/vdec.c | 19 +- drivers/media/platform/qcom/venus/venc.c | 18 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 132 +-- drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/intel_soc_pmic_bxtwc.c | 144 ++-- drivers/mfd/rt5033.c | 4 +- drivers/mfd/tps65010.c | 8 +- drivers/misc/apds990x.c | 12 +- drivers/misc/lkdtm/bugs.c | 2 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mtd/hyperbus/rpc-if.c | 7 + drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/spi-nor/core.c | 2 +- drivers/mtd/spi-nor/spansion.c | 1 + drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/fastmap-wl.c | 19 +- drivers/mtd/ubi/vmt.c | 2 + drivers/mtd/ubi/wl.c | 11 +- drivers/mtd/ubi/wl.h | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 37 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 9 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 3 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/google/gve/gve_adminq.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 21 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 70 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 5 + .../ethernet/marvell/octeontx2/af/lmac_common.h | 7 +- drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 87 +- drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 18 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 1 + drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 45 +- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 + .../ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 + .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 + drivers/net/ethernet/marvell/pxa168_eth.c | 14 +- drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 12 + drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 - .../net/ethernet/microchip/vcap/vcap_api_kunit.c | 17 +- drivers/net/ethernet/realtek/rtase/rtase.h | 7 +- drivers/net/ethernet/realtek/rtase/rtase_main.c | 43 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 24 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 1 - drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 168 +--- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h | 2 - drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 7 +- drivers/net/mdio/mdio-ipq4019.c | 5 +- drivers/net/netdevsim/ipsec.c | 11 +- drivers/net/usb/lan78xx.c | 42 +- drivers/net/wireless/ath/ath10k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/qmi.c | 3 + drivers/net/wireless/ath/ath12k/dp.c | 19 +- drivers/net/wireless/ath/ath12k/mac.c | 5 +- drivers/net/wireless/ath/ath12k/wow.c | 2 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 +- drivers/net/wireless/intel/iwlegacy/3945.c | 2 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 +- drivers/net/wireless/intersil/p54/p54spi.c | 4 +- drivers/net/wireless/marvell/mwifiex/cmdevt.c | 2 + drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/net/wireless/marvell/mwifiex/util.c | 2 + drivers/net/wireless/microchip/wilc1000/netdev.c | 6 +- drivers/net/wireless/realtek/rtl8xxxu/core.c | 6 +- drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 +- drivers/net/wireless/realtek/rtw89/cam.c | 259 ++++-- drivers/net/wireless/realtek/rtw89/cam.h | 24 +- drivers/net/wireless/realtek/rtw89/chan.c | 219 +++-- drivers/net/wireless/realtek/rtw89/chan.h | 4 +- drivers/net/wireless/realtek/rtw89/coex.c | 157 ++-- drivers/net/wireless/realtek/rtw89/coex.h | 6 +- drivers/net/wireless/realtek/rtw89/core.c | 887 ++++++++++++++------- drivers/net/wireless/realtek/rtw89/core.h | 421 +++++++--- drivers/net/wireless/realtek/rtw89/debug.c | 127 ++- drivers/net/wireless/realtek/rtw89/fw.c | 637 ++++++++------- drivers/net/wireless/realtek/rtw89/fw.h | 192 +++-- drivers/net/wireless/realtek/rtw89/mac.c | 698 +++++++++------- drivers/net/wireless/realtek/rtw89/mac.h | 98 ++- drivers/net/wireless/realtek/rtw89/mac80211.c | 657 ++++++++++++--- drivers/net/wireless/realtek/rtw89/mac_be.c | 69 +- drivers/net/wireless/realtek/rtw89/phy.c | 401 ++++++---- drivers/net/wireless/realtek/rtw89/phy.h | 7 +- drivers/net/wireless/realtek/rtw89/ps.c | 109 ++- drivers/net/wireless/realtek/rtw89/ps.h | 14 +- drivers/net/wireless/realtek/rtw89/regd.c | 79 +- drivers/net/wireless/realtek/rtw89/rtw8851b.c | 13 +- drivers/net/wireless/realtek/rtw89/rtw8852a.c | 12 +- drivers/net/wireless/realtek/rtw89/rtw8852b.c | 13 +- drivers/net/wireless/realtek/rtw89/rtw8852bt.c | 13 +- drivers/net/wireless/realtek/rtw89/rtw8852c.c | 12 +- drivers/net/wireless/realtek/rtw89/rtw8922a.c | 10 +- drivers/net/wireless/realtek/rtw89/ser.c | 37 +- drivers/net/wireless/realtek/rtw89/wow.c | 217 ++--- drivers/net/wireless/realtek/rtw89/wow.h | 10 +- drivers/net/wireless/silabs/wfx/main.c | 17 +- drivers/net/wireless/st/cw1200/cw1200_spi.c | 2 +- drivers/nvme/host/core.c | 5 + drivers/nvme/host/multipath.c | 21 +- drivers/nvme/host/pci.c | 55 +- drivers/of/fdt.c | 14 +- drivers/of/kexec.c | 2 +- drivers/pci/controller/cadence/pci-j721e.c | 26 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 +- drivers/pci/controller/dwc/pcie-qcom.c | 4 +- drivers/pci/controller/dwc/pcie-tegra194.c | 7 +- drivers/pci/endpoint/functions/pci-epf-mhi.c | 6 + drivers/pci/hotplug/cpqphp_pci.c | 15 +- drivers/pci/pci.c | 5 +- drivers/pci/slot.c | 4 +- drivers/perf/arm-cmn.c | 4 +- drivers/perf/arm_smmuv3_pmu.c | 19 +- drivers/phy/phy-airoha-pcie-regs.h | 6 +- drivers/phy/phy-airoha-pcie.c | 8 +- drivers/phy/realtek/phy-rtk-usb2.c | 2 + drivers/phy/realtek/phy-rtk-usb3.c | 2 + drivers/pinctrl/pinctrl-k210.c | 2 +- drivers/pinctrl/pinctrl-zynqmp.c | 1 - drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 +- drivers/pinctrl/renesas/Kconfig | 1 + drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/platform/chrome/cros_ec_typec.c | 1 + drivers/platform/x86/asus-wmi.c | 64 +- drivers/platform/x86/intel/bxtwc_tmu.c | 22 +- drivers/platform/x86/intel/pmt/class.c | 8 +- drivers/platform/x86/intel/pmt/class.h | 2 +- drivers/platform/x86/intel/pmt/telemetry.c | 2 +- drivers/platform/x86/panasonic-laptop.c | 10 +- drivers/pmdomain/ti/ti_sci_pm_domains.c | 4 + drivers/power/reset/Kconfig | 1 + drivers/power/sequencing/Kconfig | 1 + drivers/power/supply/bq27xxx_battery.c | 37 +- drivers/power/supply/power_supply_core.c | 2 - drivers/power/supply/rt9471.c | 52 +- drivers/pwm/core.c | 10 +- drivers/pwm/pwm-imx27.c | 98 ++- drivers/regulator/qcom_smd-regulator.c | 2 +- drivers/regulator/rk808-regulator.c | 15 +- drivers/remoteproc/Kconfig | 6 +- drivers/remoteproc/qcom_q6v5_adsp.c | 11 +- drivers/remoteproc/qcom_q6v5_mss.c | 6 +- drivers/remoteproc/qcom_q6v5_pas.c | 22 +- drivers/rpmsg/qcom_glink_native.c | 3 +- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-ab-eoz9.c | 7 - drivers/rtc/rtc-abx80x.c | 2 +- drivers/rtc/rtc-rzn1.c | 8 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/s390/cio/cio.c | 6 +- drivers/s390/cio/device.c | 18 +- drivers/s390/virtio/virtio_ccw.c | 4 + drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 8 +- drivers/scsi/qedf/qedf_main.c | 1 + drivers/scsi/qedi/qedi_main.c | 1 + drivers/scsi/sg.c | 9 +- drivers/sh/intc/core.c | 2 +- drivers/soc/fsl/qe/qmc.c | 4 +- drivers/soc/fsl/rcpm.c | 1 + drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/soc/ti/smartreflex.c | 4 +- drivers/soc/xilinx/xlnx_event_manager.c | 4 +- drivers/spi/atmel-quadspi.c | 2 +- drivers/spi/spi-fsl-lpspi.c | 12 +- drivers/spi/spi-tegra210-quad.c | 2 +- drivers/spi/spi-zynqmp-gqspi.c | 2 + drivers/spi/spi.c | 13 +- drivers/staging/media/atomisp/pci/sh_css_params.c | 2 + .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 +- drivers/target/target_core_pscsi.c | 2 +- drivers/thermal/testing/zone.c | 32 +- drivers/thermal/thermal_core.c | 123 +-- drivers/thermal/thermal_core.h | 12 +- drivers/tty/serial/8250/8250_fintek.c | 14 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/serial/amba-pl011.c | 7 + drivers/tty/tty_io.c | 2 +- drivers/usb/dwc3/core.h | 4 + drivers/usb/dwc3/ep0.c | 2 +- drivers/usb/dwc3/gadget.c | 69 +- drivers/usb/gadget/composite.c | 18 +- drivers/usb/gadget/function/uvc_video.c | 4 + drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/host/xhci-pci.c | 10 +- drivers/usb/host/xhci-ring.c | 73 +- drivers/usb/host/xhci.c | 40 +- drivers/usb/host/xhci.h | 3 + drivers/usb/misc/chaoskey.c | 35 +- drivers/usb/misc/iowarrior.c | 50 +- drivers/usb/misc/usb-ljca.c | 20 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/musb/musb_gadget.c | 13 +- drivers/usb/typec/tcpm/wcove.c | 4 - drivers/usb/typec/ucsi/ucsi_ccg.c | 5 + drivers/usb/typec/ucsi/ucsi_glink.c | 2 +- drivers/vdpa/mlx5/core/mr.c | 4 +- drivers/vfio/pci/mlx5/cmd.c | 6 +- drivers/vfio/pci/mlx5/main.c | 35 +- drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/sh7760fb.c | 3 +- drivers/watchdog/Kconfig | 4 +- drivers/xen/xenbus/xenbus_probe.c | 8 +- fs/binfmt_elf.c | 2 + fs/binfmt_elf_fdpic.c | 5 +- fs/binfmt_misc.c | 7 +- fs/cachefiles/interface.c | 14 +- fs/cachefiles/ondemand.c | 38 +- fs/dlm/ast.c | 2 +- fs/dlm/recoverd.c | 2 +- fs/efs/super.c | 43 +- fs/erofs/data.c | 10 +- fs/erofs/internal.h | 1 + fs/erofs/super.c | 6 +- fs/erofs/zmap.c | 17 +- fs/exec.c | 23 +- fs/exfat/file.c | 10 + fs/exfat/namei.c | 21 +- fs/ext4/balloc.c | 4 +- fs/ext4/ext4.h | 12 +- fs/ext4/extents.c | 2 +- fs/ext4/fsmap.c | 54 +- fs/ext4/ialloc.c | 5 +- fs/ext4/indirect.c | 2 +- fs/ext4/inode.c | 4 +- fs/ext4/mballoc.c | 18 +- fs/ext4/mballoc.h | 1 + fs/ext4/mmp.c | 2 +- fs/ext4/move_extent.c | 2 +- fs/ext4/resize.c | 2 +- fs/ext4/super.c | 42 +- fs/f2fs/checkpoint.c | 2 +- fs/f2fs/data.c | 29 +- fs/f2fs/f2fs.h | 3 +- fs/f2fs/file.c | 17 +- fs/f2fs/gc.c | 2 + fs/f2fs/node.c | 10 + fs/f2fs/segment.c | 5 +- fs/f2fs/segment.h | 35 +- fs/f2fs/super.c | 37 +- fs/fcntl.c | 3 + fs/fuse/file.c | 62 +- fs/fuse/fuse_i.h | 6 + fs/fuse/virtio_fs.c | 1 + fs/gfs2/glock.c | 19 +- fs/gfs2/glock.h | 1 + fs/gfs2/incore.h | 2 +- fs/gfs2/rgrp.c | 2 +- fs/gfs2/super.c | 2 +- fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/hostfs/hostfs_kern.c | 4 +- fs/isofs/inode.c | 8 +- fs/jffs2/erase.c | 7 +- fs/jfs/xattr.c | 2 +- fs/netfs/fscache_volume.c | 3 +- fs/nfs/blocklayout/blocklayout.c | 15 +- fs/nfs/blocklayout/dev.c | 6 +- fs/nfs/internal.h | 2 +- fs/nfs/localio.c | 6 + fs/nfs/nfs4proc.c | 8 +- fs/nfs/write.c | 49 +- fs/nfs_common/nfslocalio.c | 8 +- fs/nfsd/export.c | 31 +- fs/nfsd/export.h | 4 +- fs/nfsd/filecache.c | 14 +- fs/nfsd/filecache.h | 2 +- fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4recover.c | 3 +- fs/nfsd/nfs4state.c | 5 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfsfh.c | 20 +- fs/nfsd/nfsfh.h | 3 +- fs/notify/fsnotify.c | 23 +- fs/notify/mark.c | 12 +- fs/ntfs3/file.c | 2 +- fs/ocfs2/aops.h | 2 + fs/ocfs2/file.c | 4 + fs/proc/kcore.c | 10 +- fs/read_write.c | 15 +- fs/smb/client/cached_dir.c | 229 ++++-- fs/smb/client/cached_dir.h | 6 +- fs/smb/client/cifsacl.c | 50 +- fs/smb/client/cifsfs.c | 12 +- fs/smb/client/cifsglob.h | 4 +- fs/smb/client/cifsproto.h | 5 +- fs/smb/client/connect.c | 59 +- fs/smb/client/fs_context.c | 85 +- fs/smb/client/fs_context.h | 1 + fs/smb/client/inode.c | 8 +- fs/smb/client/reparse.c | 95 ++- fs/smb/client/reparse.h | 6 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2file.c | 21 +- fs/smb/client/smb2inode.c | 6 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/client/smb2pdu.c | 6 +- fs/smb/client/smb2proto.h | 11 +- fs/smb/client/smb2transport.c | 56 +- fs/smb/client/trace.h | 3 + fs/smb/server/server.c | 4 + fs/ubifs/super.c | 6 +- fs/ubifs/tnc_commit.c | 2 + fs/unicode/utf8-core.c | 2 +- fs/xfs/xfs_bmap_util.c | 8 +- include/asm-generic/vmlinux.lds.h | 4 +- include/kunit/skbuff.h | 2 +- include/linux/blk-mq.h | 2 + include/linux/blkdev.h | 12 +- include/linux/bpf.h | 9 +- include/linux/cleanup.h | 4 +- include/linux/compiler_attributes.h | 13 - include/linux/compiler_types.h | 19 + include/linux/f2fs_fs.h | 6 +- include/linux/fs.h | 2 +- include/linux/hisi_acc_qm.h | 8 +- include/linux/intel_vsec.h | 3 +- include/linux/jiffies.h | 2 +- include/linux/kfifo.h | 1 - include/linux/kvm_host.h | 6 - include/linux/lockdep.h | 2 +- include/linux/mmdebug.h | 6 +- include/linux/netpoll.h | 2 +- include/linux/nfslocalio.h | 18 +- include/linux/of_fdt.h | 5 +- include/linux/once.h | 4 +- include/linux/once_lite.h | 2 +- include/linux/rcupdate.h | 2 +- include/linux/rwlock_rt.h | 10 +- include/linux/sched/ext.h | 1 - include/linux/seqlock.h | 98 ++- include/linux/spinlock_rt.h | 23 +- include/media/v4l2-dv-timings.h | 18 +- include/net/bluetooth/hci.h | 4 +- include/net/bluetooth/hci_core.h | 63 ++ include/net/net_debug.h | 2 +- include/rdma/ib_verbs.h | 11 + include/uapi/linux/rtnetlink.h | 2 +- init/Kconfig | 9 + init/initramfs.c | 15 + io_uring/memmap.c | 11 +- ipc/namespace.c | 4 +- kernel/bpf/bpf_struct_ops.c | 114 ++- kernel/bpf/btf.c | 5 +- kernel/bpf/dispatcher.c | 3 +- kernel/bpf/trampoline.c | 9 +- kernel/bpf/verifier.c | 103 ++- kernel/cgroup/cgroup.c | 21 +- kernel/fork.c | 26 +- kernel/rcu/rcuscale.c | 6 +- kernel/rcu/srcutiny.c | 2 +- kernel/rcu/tree.c | 14 +- kernel/rcu/tree_nocb.h | 13 +- kernel/sched/cpufreq_schedutil.c | 3 +- kernel/sched/ext.c | 9 +- kernel/time/time.c | 4 +- kernel/time/timer.c | 3 +- kernel/trace/bpf_trace.c | 5 +- kernel/trace/trace_event_perf.c | 6 + lib/overflow_kunit.c | 2 +- lib/string_helpers.c | 2 +- lib/strncpy_from_user.c | 5 +- mm/internal.h | 2 +- net/9p/trans_usbg.c | 4 +- net/9p/trans_xen.c | 9 +- net/bluetooth/hci_conn.c | 225 ++++-- net/bluetooth/hci_event.c | 39 +- net/bluetooth/hci_sysfs.c | 15 +- net/bluetooth/iso.c | 101 ++- net/bluetooth/mgmt.c | 38 +- net/bluetooth/rfcomm/sock.c | 10 +- net/core/filter.c | 88 +- net/core/netdev-genl.c | 2 + net/core/skmsg.c | 4 +- net/hsr/hsr_device.c | 4 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/ipmr.c | 44 +- net/ipv6/addrconf.c | 41 +- net/ipv6/ip6_fib.c | 8 +- net/ipv6/ip6mr.c | 40 +- net/ipv6/route.c | 51 +- net/iucv/af_iucv.c | 26 +- net/l2tp/l2tp_core.c | 22 +- net/llc/af_llc.c | 2 +- net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netfilter/nf_tables_api.c | 62 +- net/netlink/af_netlink.c | 21 +- net/rfkill/rfkill-gpio.c | 8 +- net/rxrpc/af_rxrpc.c | 7 +- net/sched/sch_fq.c | 6 + net/sunrpc/cache.c | 4 +- net/sunrpc/svcsock.c | 4 + net/sunrpc/xprtrdma/svc_rdma.c | 19 +- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- net/sunrpc/xprtsock.c | 17 +- net/wireless/core.c | 64 +- net/wireless/mlme.c | 6 - net/wireless/nl80211.c | 1 + net/xdp/xsk.c | 11 +- rust/helpers/spinlock.c | 8 +- rust/kernel/block/mq/request.rs | 67 +- rust/kernel/lib.rs | 2 +- rust/kernel/rbtree.rs | 9 +- rust/macros/lib.rs | 2 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + samples/kfifo/dma-example.c | 1 + scripts/checkpatch.pl | 37 +- scripts/faddr2line | 2 +- scripts/kernel-doc | 47 +- scripts/mod/file2alias.c | 5 +- scripts/package/builddeb | 20 +- security/apparmor/capability.c | 2 + security/apparmor/policy_unpack_test.c | 6 + sound/core/pcm_native.c | 6 +- sound/core/rawmidi.c | 4 +- sound/core/sound_kunit.c | 11 + sound/core/ump.c | 5 +- sound/pci/hda/patch_realtek.c | 153 ++-- sound/soc/amd/acp/acp-sdw-sof-mach.c | 16 +- sound/soc/amd/yc/acp6x-mach.c | 25 +- sound/soc/codecs/da7213.c | 1 + sound/soc/codecs/da7219.c | 9 +- sound/soc/codecs/rt722-sdca.c | 8 +- sound/soc/fsl/fsl-asoc-card.c | 8 +- sound/soc/fsl/fsl_micfil.c | 4 +- sound/soc/fsl/imx-audmix.c | 3 + sound/soc/mediatek/mt8188/mt8188-mt6359.c | 9 +- .../mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c | 4 +- sound/soc/mediatek/mt8195/mt8195-mt6359.c | 9 +- sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 +- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/clock.c | 24 +- sound/usb/quirks.c | 27 +- sound/usb/usx2y/us122l.c | 5 +- sound/usb/usx2y/usbusx2y.c | 2 +- tools/bpf/bpftool/jit_disasm.c | 40 +- tools/gpio/gpio-sloppy-logic-analyzer.sh | 2 +- tools/include/nolibc/arch-s390.h | 1 + tools/lib/bpf/Makefile | 3 +- tools/lib/bpf/libbpf.c | 99 +-- tools/lib/bpf/linker.c | 2 + tools/lib/thermal/commands.c | 52 +- tools/perf/Makefile.config | 2 +- tools/perf/builtin-ftrace.c | 2 +- tools/perf/builtin-list.c | 4 +- tools/perf/builtin-stat.c | 52 +- tools/perf/builtin-trace.c | 23 +- tools/perf/pmu-events/empty-pmu-events.c | 2 +- tools/perf/pmu-events/jevents.py | 2 +- tools/perf/tests/attr/test-stat-default | 94 ++- tools/perf/tests/attr/test-stat-detailed-1 | 110 ++- tools/perf/tests/attr/test-stat-detailed-2 | 134 ++-- tools/perf/tests/attr/test-stat-detailed-3 | 142 ++-- tools/perf/tests/shell/test_stat_intel_tpebs.sh | 11 +- tools/perf/util/bpf-filter.c | 2 +- tools/perf/util/cs-etm.c | 25 +- tools/perf/util/disasm.c | 15 +- tools/perf/util/evlist.c | 19 +- tools/perf/util/evlist.h | 1 + tools/perf/util/machine.c | 2 +- tools/perf/util/mem-events.c | 8 +- tools/perf/util/pfm.c | 4 +- tools/perf/util/pmus.c | 2 +- tools/perf/util/probe-finder.c | 21 +- tools/perf/util/probe-finder.h | 4 +- tools/perf/util/stat-display.c | 101 ++- tools/power/x86/turbostat/turbostat.c | 5 +- tools/testing/selftests/arm64/abi/hwcap.c | 6 +- .../selftests/arm64/mte/check_tags_inclusion.c | 4 +- .../testing/selftests/arm64/mte/mte_common_util.c | 4 +- tools/testing/selftests/bpf/Makefile | 3 +- tools/testing/selftests/bpf/network_helpers.h | 1 + .../selftests/bpf/prog_tests/timer_lockup.c | 6 + .../selftests/bpf/progs/test_spin_lock_fail.c | 4 +- .../selftests/bpf/progs/test_tp_btf_nullable.c | 6 +- tools/testing/selftests/bpf/test_progs.c | 9 +- tools/testing/selftests/bpf/test_sockmap.c | 165 +++- tools/testing/selftests/bpf/uprobe_multi.c | 4 + .../selftests/mount_setattr/mount_setattr_test.c | 2 +- tools/testing/selftests/net/Makefile | 1 + .../selftests/net/ipv6_route_update_soft_lockup.sh | 262 ++++++ .../selftests/net/netfilter/conntrack_dump_flush.c | 6 + tools/testing/selftests/net/pmtu.sh | 2 +- tools/testing/selftests/resctrl/fill_buf.c | 2 +- tools/testing/selftests/resctrl/mbm_test.c | 16 +- tools/testing/selftests/resctrl/resctrl_val.c | 3 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/wireguard/netns.sh | 1 + tools/tracing/rtla/src/timerlat_hist.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 2 +- virt/kvm/kvm_main.c | 103 --- 905 files changed, 13449 insertions(+), 6768 deletions(-)

6 months, 2 weeks

19
856
0 0

[PATCH v2] mm: Respect mmap hint address when aligning for THP

by Kalesh Singh

Commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") updated __get_unmapped_area() to align the start address for the VMA to a PMD boundary if CONFIG_TRANSPARENT_HUGEPAGE=y. It does this by effectively looking up a region that is of size, request_size + PMD_SIZE, and aligning up the start to a PMD boundary. Commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") opted out of this for 32bit due to regressions in mmap base randomization. Commit d4148aeab412 ("mm, mmap: limit THP alignment of anonymous mappings to PMD-aligned sizes") restricted this to only mmap sizes that are multiples of the PMD_SIZE due to reported regressions in some performance benchmarks -- which seemed mostly due to the reduced spatial locality of related mappings due to the forced PMD-alignment. Another unintended side effect has emerged: When a user specifies an mmap hint address, the THP alignment logic modifies the behavior, potentially ignoring the hint even if a sufficiently large gap exists at the requested hint location. Example Scenario: Consider the following simplified virtual address (VA) space: ... 0x200000-0x400000 --- VMA A 0x400000-0x600000 --- Hole 0x600000-0x800000 --- VMA B ... A call to mmap() with hint=0x400000 and len=0x200000 behaves differently: - Before THP alignment: The requested region (size 0x200000) fits into the gap at 0x400000, so the hint is respected. - After alignment: The logic searches for a region of size 0x400000 (len + PMD_SIZE) starting at 0x400000. This search fails due to the mapping at 0x600000 (VMA B), and the hint is ignored, falling back to arch_get_unmapped_area[_topdown](). In general the hint is effectively ignored, if there is any existing mapping in the below range: [mmap_hint + mmap_size, mmap_hint + mmap_size + PMD_SIZE) This changes the semantics of mmap hint; from ""Respect the hint if a sufficiently large gap exists at the requested location" to "Respect the hint only if an additional PMD-sized gap exists beyond the requested size". This has performance implications for allocators that allocate their heap using mmap but try to keep it "as contiguous as possible" by using the end of the exisiting heap as the address hint. With the new behavior it's more likely to get a much less contiguous heap, adding extra fragmentation and performance overhead. To restore the expected behavior; don't use thp_get_unmapped_area_vmflags() when the user provided a hint address, for anonymous mappings. Note: As, Yang Shi, pointed out: the issue still remains for filesystems which are using thp_get_unmapped_area() for their get_unmapped_area() op. It is unclear what worklaods will regress for if we ignore THP alignment when the hint address is provided for such file backed mappings -- so this fix will be handled separately. Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yang Shi <yang(a)os.amperecomputing.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Hans Boehm <hboehm(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: <stable(a)vger.kernel.org> Fixes: efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") Signed-off-by: Kalesh Singh <kaleshsingh(a)google.com> Reviewed-by: Rik van Riel <riel(a)surriel.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> --- Changes in v2: - Clarify the handling of file backed mappings, as highlighted by Yang - Collect Vlastimil's and Rik's Reviewed-by's mm/mmap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/mm/mmap.c b/mm/mmap.c index 79d541f1502b..2f01f1a8e304 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -901,6 +901,7 @@ __get_unmapped_area(struct file *file, unsigned long addr, unsigned long len, if (get_area) { addr = get_area(file, addr, len, pgoff, flags); } else if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) + && !addr /* no hint */ && IS_ALIGNED(len, PMD_SIZE)) { /* Ensures that larger anonymous mappings are THP aligned. */ addr = thp_get_unmapped_area_vmflags(file, addr, len, base-commit: 2d5404caa8c7bb5c4e0435f94b28834ae5456623 -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

4
4
0 0

[PATCH v2] USB: core: Disable LPM only for non-suspended ports

by Kai-Heng Feng

There's USB error when tegra board is shutting down: [ 180.919315] usb 2-3: Failed to set U1 timeout to 0x0,error code -113 [ 180.919995] usb 2-3: Failed to set U1 timeout to 0xa,error code -113 [ 180.920512] usb 2-3: Failed to set U2 timeout to 0x4,error code -113 [ 186.157172] tegra-xusb 3610000.usb: xHCI host controller not responding, assume dead [ 186.157858] tegra-xusb 3610000.usb: HC died; cleaning up [ 186.317280] tegra-xusb 3610000.usb: Timeout while waiting for evaluate context command The issue is caused by disabling LPM on already suspended ports. For USB2 LPM, the LPM is already disabled during port suspend. For USB3 LPM, port won't transit to U1/U2 when it's already suspended in U3, hence disabling LPM is only needed for ports that are not suspended. Cc: Wayne Chang <waynec(a)nvidia.com> Cc: stable(a)vger.kernel.org Fixes: d920a2ed8620 ("usb: Disable USB3 LPM at shutdown") Signed-off-by: Kai-Heng Feng <kaihengf(a)nvidia.com> --- v2: Add "Cc: stable(a)vger.kernel.org" drivers/usb/core/port.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/usb/core/port.c b/drivers/usb/core/port.c index e7da2fca11a4..d50b9e004e76 100644 --- a/drivers/usb/core/port.c +++ b/drivers/usb/core/port.c @@ -452,10 +452,11 @@ static int usb_port_runtime_suspend(struct device *dev) static void usb_port_shutdown(struct device *dev) { struct usb_port *port_dev = to_usb_port(dev); + struct usb_device *udev = port_dev->child; - if (port_dev->child) { - usb_disable_usb2_hardware_lpm(port_dev->child); - usb_unlocked_disable_lpm(port_dev->child); + if (udev && !pm_runtime_suspended(&udev->dev)) { + usb_disable_usb2_hardware_lpm(udev); + usb_unlocked_disable_lpm(udev); } } -- 2.47.0

6 months, 2 weeks

2
2
0 0

Linux 6.12.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.3 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- kernel/sched/core.c | 12 +++++------- 2 files changed, 6 insertions(+), 8 deletions(-) Greg Kroah-Hartman (1): Linux 6.12.3 Thomas Gleixner (1): sched: Initialize idle tasks only once

6 months, 2 weeks

1
1
0 0

[PATCH v2 5.10.y] ALSA: usb-audio: Fix out of bounds reads when finding clock sources

by Benoît Sevens

From: Takashi Iwai <tiwai(a)suse.de> Upstream commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6 The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. This patch ports the upstream commit a3dd4d63eeb4 to trees that do not include the refactoring commit 9ec730052fa2 ("ALSA: usb-audio: Refactoring UAC2/3 clock setup code"). That commit provides union objects for pointing both UAC2 and UAC3 objects and unifies the clock source, selector and multiplier helper functions. This means we need to perform the check in each version specific helper function, but on the other hand do not need to do version specific union dereferencing in the macros and helper functions. Reported-by: Benoît Sevens <bsevens(a)google.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/20241121140613.3651-1-bsevens@google.com Link: https://patch.msgid.link/20241125144629.20757-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> (cherry picked from commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6) Signed-off-by: Benoît Sevens <bsevens(a)google.com> --- sound/usb/clock.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/sound/usb/clock.c b/sound/usb/clock.c index 3d1c0ec11753..58902275c815 100644 --- a/sound/usb/clock.c +++ b/sound/usb/clock.c @@ -21,6 +21,10 @@ #include "clock.h" #include "quirks.h" +/* check whether the descriptor bLength has the minimal length */ +#define DESC_LENGTH_CHECK(p) \ + (p->bLength >= sizeof(*p)) + static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, bool (*validator)(void *, int), u8 type) { @@ -38,36 +42,60 @@ static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, static bool validate_clock_source_v2(void *p, int id) { struct uac_clock_source_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_source_v3(void *p, int id) { struct uac3_clock_source_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_selector_v2(void *p, int id) { struct uac_clock_selector_descriptor *cs = p; - return cs->bClockID == id; + if (!DESC_LENGTH_CHECK(cs)) + return false; + if (cs->bClockID != id) + return false; + /* additional length check for baCSourceID array (in bNrInPins size) + * and two more fields (which sizes depend on the protocol) + */ + return cs->bLength >= sizeof(*cs) + cs->bNrInPins + + 1 /* bmControls */ + 1 /* iClockSelector */; } static bool validate_clock_selector_v3(void *p, int id) { struct uac3_clock_selector_descriptor *cs = p; - return cs->bClockID == id; + if (!DESC_LENGTH_CHECK(cs)) + return false; + if (cs->bClockID != id) + return false; + /* additional length check for baCSourceID array (in bNrInPins size) + * and two more fields (which sizes depend on the protocol) + */ + return cs->bLength >= sizeof(*cs) + cs->bNrInPins + + 4 /* bmControls */ + 2 /* wCSelectorDescrStr */; } static bool validate_clock_multiplier_v2(void *p, int id) { struct uac_clock_multiplier_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_multiplier_v3(void *p, int id) { struct uac3_clock_multiplier_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

3
4
0 0

Linux 6.12.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.2 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-fs-f2fs | 7 Documentation/RCU/stallwarn.rst | 2 Documentation/admin-guide/blockdev/zram.rst | 2 Documentation/admin-guide/media/building.rst | 2 Documentation/admin-guide/media/saa7134.rst | 2 Documentation/arch/x86/boot.rst | 17 Documentation/devicetree/bindings/cache/qcom,llcc.yaml | 36 Documentation/devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 Documentation/devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 Documentation/devicetree/bindings/pci/mediatek-pcie-gen3.yaml | 5 Documentation/devicetree/bindings/pinctrl/samsung,pinctrl-wakeup-interrupt.yaml | 19 Documentation/devicetree/bindings/serial/rs485.yaml | 19 Documentation/devicetree/bindings/sound/mt6359.yaml | 10 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/filesystems/mount_api.rst | 3 Documentation/locking/seqlock.rst | 2 MAINTAINERS | 335 +-- Makefile | 2 arch/arc/kernel/devtree.c | 2 arch/arm/boot/dts/allwinner/sun9i-a80-cubieboard4.dts | 4 arch/arm/boot/dts/microchip/sam9x60.dtsi | 12 arch/arm/boot/dts/renesas/r7s72100-genmai.dts | 2 arch/arm/boot/dts/ti/omap/omap36xx.dtsi | 1 arch/arm/kernel/devtree.c | 2 arch/arm64/boot/dts/freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso | 29 arch/arm64/boot/dts/mediatek/mt6358.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 30 arch/arm64/boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi | 21 arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8188.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 6 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 2 arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 2 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sm6350.dtsi | 14 arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 4 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 8 arch/arm64/boot/dts/renesas/hihope-rev2.dtsi | 3 arch/arm64/boot/dts/renesas/hihope-rev4.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5-io-expander.dtso | 1 arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 2 arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 1 arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi | 2 arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts | 2 arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 38 arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 6 arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 6 arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi | 16 arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 6 arch/arm64/include/asm/insn.h | 1 arch/arm64/include/asm/kvm_host.h | 2 arch/arm64/kernel/cpufeature.c | 1 arch/arm64/kernel/probes/decode-insn.c | 7 arch/arm64/kernel/process.c | 2 arch/arm64/kernel/setup.c | 6 arch/arm64/kernel/vmlinux.lds.S | 6 arch/arm64/kvm/arch_timer.c | 3 arch/arm64/kvm/arm.c | 18 arch/arm64/kvm/mmio.c | 32 arch/arm64/kvm/pmu-emul.c | 1 arch/arm64/kvm/vgic/vgic-its.c | 32 arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 arch/arm64/kvm/vgic/vgic.h | 23 arch/arm64/net/bpf_jit_comp.c | 47 arch/csky/kernel/setup.c | 4 arch/loongarch/Makefile | 4 arch/loongarch/kernel/setup.c | 2 arch/loongarch/net/bpf_jit.c | 2 arch/loongarch/vdso/Makefile | 2 arch/m68k/coldfire/device.c | 8 arch/m68k/include/asm/mcfgpio.h | 2 arch/m68k/include/asm/mvme147hw.h | 4 arch/m68k/kernel/early_printk.c | 5 arch/m68k/mvme147/config.c | 30 arch/m68k/mvme147/mvme147.h | 6 arch/microblaze/kernel/microblaze_ksyms.c | 10 arch/microblaze/kernel/prom.c | 2 arch/mips/include/asm/switch_to.h | 2 arch/mips/kernel/prom.c | 2 arch/mips/kernel/relocate.c | 2 arch/nios2/kernel/prom.c | 4 arch/openrisc/Kconfig | 3 arch/openrisc/include/asm/fixmap.h | 21 arch/openrisc/kernel/prom.c | 2 arch/openrisc/mm/init.c | 37 arch/parisc/kernel/ftrace.c | 2 arch/powerpc/include/asm/dtl.h | 4 arch/powerpc/include/asm/fadump.h | 9 arch/powerpc/include/asm/kvm_book3s_64.h | 4 arch/powerpc/include/asm/sstep.h | 5 arch/powerpc/include/asm/vdso.h | 1 arch/powerpc/kernel/dt_cpu_ftrs.c | 2 arch/powerpc/kernel/fadump.c | 40 arch/powerpc/kernel/prom.c | 5 arch/powerpc/kernel/setup-common.c | 6 arch/powerpc/kernel/setup_64.c | 1 arch/powerpc/kexec/file_load_64.c | 9 arch/powerpc/kvm/book3s_hv.c | 14 arch/powerpc/kvm/book3s_hv_nested.c | 14 arch/powerpc/kvm/trace_hv.h | 2 arch/powerpc/lib/sstep.c | 12 arch/powerpc/mm/fault.c | 10 arch/powerpc/platforms/pseries/dtl.c | 8 arch/powerpc/platforms/pseries/lpar.c | 8 arch/powerpc/platforms/pseries/plpks.c | 2 arch/riscv/include/asm/cpufeature.h | 2 arch/riscv/kernel/setup.c | 2 arch/riscv/kernel/traps_misaligned.c | 14 arch/riscv/kernel/unaligned_access_speed.c | 1 arch/riscv/kvm/aia_aplic.c | 3 arch/riscv/kvm/vcpu_sbi.c | 11 arch/s390/include/asm/facility.h | 18 arch/s390/include/asm/pci.h | 4 arch/s390/include/asm/set_memory.h | 1 arch/s390/kernel/perf_cpum_sf.c | 2 arch/s390/kernel/syscalls/Makefile | 2 arch/s390/mm/pageattr.c | 15 arch/s390/pci/pci.c | 37 arch/s390/pci/pci_debug.c | 10 arch/sh/kernel/cpu/proc.c | 2 arch/sh/kernel/setup.c | 2 arch/um/drivers/net_kern.c | 2 arch/um/drivers/ubd_kern.c | 4 arch/um/drivers/vector_kern.c | 3 arch/um/kernel/dtb.c | 2 arch/um/kernel/physmem.c | 6 arch/um/kernel/process.c | 2 arch/um/kernel/sysrq.c | 2 arch/x86/coco/tdx/tdx.c | 111 + arch/x86/crypto/aegis128-aesni-asm.S | 29 arch/x86/events/intel/pt.c | 11 arch/x86/events/intel/pt.h | 2 arch/x86/include/asm/atomic64_32.h | 3 arch/x86/include/asm/cmpxchg_32.h | 6 arch/x86/include/asm/kvm_host.h | 4 arch/x86/include/asm/shared/tdx.h | 11 arch/x86/include/asm/tlb.h | 4 arch/x86/kernel/cpu/amd.c | 1 arch/x86/kernel/cpu/common.c | 4 arch/x86/kernel/cpu/microcode/amd.c | 25 arch/x86/kernel/devicetree.c | 2 arch/x86/kernel/unwind_orc.c | 2 arch/x86/kvm/Kconfig | 5 arch/x86/kvm/mmu/mmu.c | 68 arch/x86/kvm/mmu/spte.c | 18 arch/x86/kvm/vmx/vmx.c | 54 arch/x86/mm/tlb.c | 3 arch/x86/platform/pvh/head.S | 9 arch/xtensa/kernel/setup.c | 2 block/bfq-cgroup.c | 1 block/bfq-iosched.c | 43 block/blk-core.c | 18 block/blk-merge.c | 45 block/blk-mq.c | 148 + block/blk-mq.h | 13 block/blk-settings.c | 7 block/blk-sysfs.c | 6 block/blk-zoned.c | 14 block/blk.h | 30 block/elevator.c | 10 block/fops.c | 25 block/genhd.c | 24 crypto/pcrypt.c | 12 drivers/accel/ivpu/ivpu_ipc.c | 35 drivers/accel/ivpu/ivpu_ipc.h | 7 drivers/accel/ivpu/ivpu_jsm_msg.c | 19 drivers/acpi/arm64/gtdt.c | 2 drivers/acpi/cppc_acpi.c | 1 drivers/base/firmware_loader/main.c | 5 drivers/base/regmap/regmap-irq.c | 4 drivers/base/trace.h | 6 drivers/block/brd.c | 70 drivers/block/loop.c | 6 drivers/block/ublk_drv.c | 17 drivers/block/virtio_blk.c | 46 drivers/block/zram/Kconfig | 1 drivers/block/zram/zram_drv.c | 21 drivers/block/zram/zram_drv.h | 1 drivers/bluetooth/btbcm.c | 4 drivers/bluetooth/btintel.c | 62 drivers/bluetooth/btintel.h | 7 drivers/bluetooth/btintel_pcie.c | 265 ++ drivers/bluetooth/btintel_pcie.h | 16 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/trace.h | 25 drivers/clk/.kunitconfig | 1 drivers/clk/Kconfig | 2 drivers/clk/clk-apple-nco.c | 3 drivers/clk/clk-axi-clkgen.c | 22 drivers/clk/clk-en7523.c | 264 ++ drivers/clk/clk-loongson2.c | 6 drivers/clk/imx/clk-fracn-gppll.c | 10 drivers/clk/imx/clk-imx8-acm.c | 4 drivers/clk/imx/clk-lpcg-scu.c | 37 drivers/clk/imx/clk-scu.c | 2 drivers/clk/mediatek/Kconfig | 15 drivers/clk/qcom/Kconfig | 4 drivers/clk/ralink/clk-mtmips.c | 26 drivers/clk/renesas/rzg2l-cpg.c | 11 drivers/clk/sophgo/clk-sg2042-pll.c | 2 drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 drivers/clocksource/Kconfig | 3 drivers/clocksource/timer-ti-dm-systimer.c | 4 drivers/comedi/comedi_fops.c | 12 drivers/counter/stm32-timer-cnt.c | 17 drivers/counter/ti-ecap-capture.c | 7 drivers/cpufreq/amd-pstate.c | 26 drivers/cpufreq/cppc_cpufreq.c | 63 drivers/cpufreq/loongson2_cpufreq.c | 4 drivers/cpufreq/loongson3_cpufreq.c | 7 drivers/cpufreq/mediatek-cpufreq-hw.c | 2 drivers/crypto/bcm/cipher.c | 5 drivers/crypto/caam/caampkc.c | 11 drivers/crypto/caam/qi.c | 2 drivers/crypto/cavium/cpt/cptpf_main.c | 6 drivers/crypto/hisilicon/hpre/hpre_main.c | 35 drivers/crypto/hisilicon/qm.c | 47 drivers/crypto/hisilicon/sec2/sec_main.c | 35 drivers/crypto/hisilicon/zip/zip_main.c | 35 drivers/crypto/inside-secure/safexcel_hash.c | 2 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 drivers/crypto/intel/qat/qat_common/adf_aer.c | 5 drivers/crypto/intel/qat/qat_common/adf_dbgfs.c | 13 drivers/crypto/intel/qat/qat_common/adf_hw_arbiter.c | 4 drivers/crypto/mxs-dcp.c | 20 drivers/dax/pmem/Makefile | 7 drivers/dax/pmem/pmem.c | 10 drivers/dma-buf/Kconfig | 1 drivers/dma-buf/udmabuf.c | 44 drivers/edac/bluefield_edac.c | 2 drivers/edac/fsl_ddr_edac.c | 22 drivers/edac/i10nm_base.c | 1 drivers/edac/igen6_edac.c | 2 drivers/edac/skx_common.c | 57 drivers/edac/skx_common.h | 8 drivers/firmware/arm_scpi.c | 3 drivers/firmware/efi/libstub/efi-stub.c | 2 drivers/firmware/efi/tpm.c | 17 drivers/firmware/google/gsmi.c | 6 drivers/gpio/gpio-exar.c | 10 drivers/gpio/gpio-zevio.c | 6 drivers/gpu/drm/Kconfig | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 63 drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 18 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 14 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 32 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 13 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 15 drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 drivers/gpu/drm/bridge/analogix/anx7625.c | 2 drivers/gpu/drm/bridge/ite-it6505.c | 2 drivers/gpu/drm/bridge/tc358767.c | 7 drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_mm.c | 2 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 28 drivers/gpu/drm/fsl-dcu/Kconfig | 1 drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 drivers/gpu/drm/imagination/pvr_ccb.c | 2 drivers/gpu/drm/imagination/pvr_vm.c | 4 drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 6 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 14 drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 drivers/gpu/drm/msm/msm_gpu_devfreq.c | 9 drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 1 drivers/gpu/drm/omapdrm/dss/base.c | 25 drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 drivers/gpu/drm/omapdrm/omap_drv.c | 4 drivers/gpu/drm/omapdrm/omap_gem.c | 10 drivers/gpu/drm/panel/panel-newvision-nv3052c.c | 2 drivers/gpu/drm/panel/panel-novatek-nt35510.c | 15 drivers/gpu/drm/panfrost/panfrost_devfreq.c | 3 drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 drivers/gpu/drm/panthor/panthor_devfreq.c | 29 drivers/gpu/drm/panthor/panthor_device.h | 28 drivers/gpu/drm/panthor/panthor_sched.c | 333 +++ drivers/gpu/drm/radeon/radeon_audio.c | 12 drivers/gpu/drm/v3d/v3d_drv.h | 1 drivers/gpu/drm/v3d/v3d_irq.c | 2 drivers/gpu/drm/v3d/v3d_mmu.c | 31 drivers/gpu/drm/v3d/v3d_sched.c | 46 drivers/gpu/drm/vc4/tests/vc4_mock.c | 12 drivers/gpu/drm/vc4/vc4_bo.c | 28 drivers/gpu/drm/vc4/vc4_crtc.c | 13 drivers/gpu/drm/vc4/vc4_drv.c | 22 drivers/gpu/drm/vc4/vc4_drv.h | 8 drivers/gpu/drm/vc4/vc4_gem.c | 24 drivers/gpu/drm/vc4/vc4_hdmi.c | 22 drivers/gpu/drm/vc4/vc4_hvs.c | 64 drivers/gpu/drm/vc4/vc4_irq.c | 10 drivers/gpu/drm/vc4/vc4_kms.c | 14 drivers/gpu/drm/vc4/vc4_perfmon.c | 20 drivers/gpu/drm/vc4/vc4_plane.c | 12 drivers/gpu/drm/vc4/vc4_render_cl.c | 2 drivers/gpu/drm/vc4/vc4_v3d.c | 10 drivers/gpu/drm/vc4/vc4_validate.c | 8 drivers/gpu/drm/vc4/vc4_validate_shaders.c | 2 drivers/gpu/drm/vkms/vkms_output.c | 5 drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 2 drivers/gpu/drm/xe/xe_sync.c | 6 drivers/gpu/drm/xlnx/zynqmp_disp.c | 3 drivers/gpu/drm/xlnx/zynqmp_kms.c | 2 drivers/hid/hid-hyperv.c | 58 drivers/hid/wacom_wac.c | 4 drivers/hwmon/aquacomputer_d5next.c | 2 drivers/hwmon/nct6775-core.c | 7 drivers/hwmon/pmbus/pmbus_core.c | 12 drivers/hwmon/tps23861.c | 2 drivers/i2c/i2c-dev.c | 17 drivers/i3c/master.c | 13 drivers/iio/accel/adxl380.c | 2 drivers/iio/adc/ad4000.c | 6 drivers/iio/adc/pac1921.c | 4 drivers/iio/dac/adi-axi-dac.c | 2 drivers/iio/industrialio-backend.c | 4 drivers/iio/industrialio-gts-helper.c | 2 drivers/iio/light/al3010.c | 11 drivers/infiniband/core/roce_gid_mgmt.c | 30 drivers/infiniband/core/uverbs.h | 2 drivers/infiniband/core/uverbs_main.c | 43 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/bnxt_re/main.c | 28 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/hns/hns_roce_cq.c | 4 drivers/infiniband/hw/hns/hns_roce_debugfs.c | 3 drivers/infiniband/hw/hns/hns_roce_device.h | 14 drivers/infiniband/hw/hns/hns_roce_hem.c | 48 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 257 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 8 drivers/infiniband/hw/hns/hns_roce_main.c | 7 drivers/infiniband/hw/hns/hns_roce_mr.c | 11 drivers/infiniband/hw/hns/hns_roce_qp.c | 77 drivers/infiniband/hw/hns/hns_roce_srq.c | 4 drivers/infiniband/hw/mlx5/main.c | 69 drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 drivers/infiniband/sw/rxe/rxe_qp.c | 1 drivers/infiniband/sw/rxe/rxe_req.c | 6 drivers/input/misc/cs40l50-vibra.c | 6 drivers/interconnect/qcom/icc-rpmh.c | 3 drivers/iommu/amd/io_pgtable_v2.c | 3 drivers/iommu/arm/arm-smmu-v3/tegra241-cmdqv.c | 5 drivers/iommu/intel/iommu.c | 40 drivers/iommu/s390-iommu.c | 73 drivers/irqchip/irq-mvebu-sei.c | 2 drivers/irqchip/irq-riscv-aplic-main.c | 3 drivers/irqchip/irq-riscv-aplic-msi.c | 3 drivers/leds/flash/leds-ktd2692.c | 1 drivers/leds/leds-max5970.c | 5 drivers/mailbox/arm_mhuv2.c | 8 drivers/mailbox/mtk-cmdq-mailbox.c | 2 drivers/mailbox/omap-mailbox.c | 1 drivers/media/i2c/adv7604.c | 5 drivers/media/i2c/adv7842.c | 13 drivers/media/i2c/ds90ub960.c | 2 drivers/media/i2c/max96717.c | 6 drivers/media/i2c/vgxy61.c | 2 drivers/media/pci/intel/ipu6/Kconfig | 6 drivers/media/pci/intel/ipu6/ipu6-bus.c | 6 drivers/media/pci/intel/ipu6/ipu6-buttress.c | 34 drivers/media/pci/intel/ipu6/ipu6-cpd.c | 18 drivers/media/pci/intel/ipu6/ipu6-dma.c | 202 +- drivers/media/pci/intel/ipu6/ipu6-dma.h | 34 drivers/media/pci/intel/ipu6/ipu6-fw-com.c | 14 drivers/media/pci/intel/ipu6/ipu6-mmu.c | 28 drivers/media/pci/intel/ipu6/ipu6.c | 3 drivers/media/radio/wl128x/fmdrv_common.c | 3 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 drivers/media/v4l2-core/v4l2-dv-timings.c | 132 - drivers/message/fusion/mptsas.c | 4 drivers/mfd/da9052-spi.c | 2 drivers/mfd/intel_soc_pmic_bxtwc.c | 132 - drivers/mfd/rt5033.c | 4 drivers/mfd/tps65010.c | 8 drivers/misc/apds990x.c | 12 drivers/misc/lkdtm/bugs.c | 2 drivers/mmc/host/mmc_spi.c | 9 drivers/mtd/hyperbus/rpc-if.c | 7 drivers/mtd/nand/raw/atmel/pmecc.c | 8 drivers/mtd/nand/raw/atmel/pmecc.h | 2 drivers/mtd/spi-nor/core.c | 2 drivers/mtd/spi-nor/spansion.c | 1 drivers/mtd/ubi/attach.c | 12 drivers/mtd/ubi/fastmap-wl.c | 19 drivers/mtd/ubi/vmt.c | 2 drivers/mtd/ubi/wl.c | 11 drivers/mtd/ubi/wl.h | 3 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 37 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 9 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 3 drivers/net/ethernet/broadcom/tg3.c | 3 drivers/net/ethernet/google/gve/gve_adminq.c | 4 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 21 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 70 drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 5 drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h | 7 drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 87 drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 18 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 1 drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 45 drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 drivers/net/ethernet/marvell/pxa168_eth.c | 14 drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c | 12 drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c | 17 drivers/net/ethernet/realtek/rtase/rtase.h | 7 drivers/net/ethernet/realtek/rtase/rtase_main.c | 43 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 24 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 168 - drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 7 drivers/net/mdio/mdio-ipq4019.c | 5 drivers/net/netdevsim/ipsec.c | 11 drivers/net/usb/lan78xx.c | 40 drivers/net/wireless/ath/ath10k/mac.c | 4 drivers/net/wireless/ath/ath11k/qmi.c | 3 drivers/net/wireless/ath/ath12k/dp.c | 19 drivers/net/wireless/ath/ath12k/mac.c | 5 drivers/net/wireless/ath/ath12k/wow.c | 2 drivers/net/wireless/ath/ath9k/htc_hst.c | 3 drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 drivers/net/wireless/intel/iwlegacy/3945.c | 2 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 drivers/net/wireless/intersil/p54/p54spi.c | 4 drivers/net/wireless/marvell/mwifiex/cmdevt.c | 2 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/net/wireless/marvell/mwifiex/main.c | 4 drivers/net/wireless/marvell/mwifiex/util.c | 2 drivers/net/wireless/microchip/wilc1000/netdev.c | 6 drivers/net/wireless/realtek/rtl8xxxu/core.c | 6 drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 drivers/net/wireless/realtek/rtw89/cam.c | 259 ++ drivers/net/wireless/realtek/rtw89/cam.h | 24 drivers/net/wireless/realtek/rtw89/chan.c | 215 +- drivers/net/wireless/realtek/rtw89/chan.h | 4 drivers/net/wireless/realtek/rtw89/coex.c | 157 + drivers/net/wireless/realtek/rtw89/coex.h | 6 drivers/net/wireless/realtek/rtw89/core.c | 887 ++++++---- drivers/net/wireless/realtek/rtw89/core.h | 421 +++- drivers/net/wireless/realtek/rtw89/debug.c | 127 + drivers/net/wireless/realtek/rtw89/fw.c | 637 ++++--- drivers/net/wireless/realtek/rtw89/fw.h | 192 +- drivers/net/wireless/realtek/rtw89/mac.c | 700 ++++--- drivers/net/wireless/realtek/rtw89/mac.h | 98 - drivers/net/wireless/realtek/rtw89/mac80211.c | 653 +++++-- drivers/net/wireless/realtek/rtw89/mac_be.c | 69 drivers/net/wireless/realtek/rtw89/phy.c | 399 ++-- drivers/net/wireless/realtek/rtw89/phy.h | 7 drivers/net/wireless/realtek/rtw89/ps.c | 109 - drivers/net/wireless/realtek/rtw89/ps.h | 14 drivers/net/wireless/realtek/rtw89/regd.c | 79 drivers/net/wireless/realtek/rtw89/rtw8851b.c | 13 drivers/net/wireless/realtek/rtw89/rtw8852a.c | 12 drivers/net/wireless/realtek/rtw89/rtw8852b.c | 13 drivers/net/wireless/realtek/rtw89/rtw8852bt.c | 13 drivers/net/wireless/realtek/rtw89/rtw8852c.c | 12 drivers/net/wireless/realtek/rtw89/rtw8922a.c | 10 drivers/net/wireless/realtek/rtw89/ser.c | 37 drivers/net/wireless/realtek/rtw89/wow.c | 217 +- drivers/net/wireless/realtek/rtw89/wow.h | 10 drivers/net/wireless/silabs/wfx/main.c | 17 drivers/net/wireless/st/cw1200/cw1200_spi.c | 2 drivers/nvme/host/core.c | 5 drivers/nvme/host/multipath.c | 21 drivers/nvme/host/pci.c | 55 drivers/of/fdt.c | 14 drivers/of/kexec.c | 2 drivers/pci/controller/cadence/pci-j721e.c | 26 drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 drivers/pci/controller/dwc/pcie-qcom.c | 4 drivers/pci/controller/dwc/pcie-tegra194.c | 7 drivers/pci/endpoint/functions/pci-epf-mhi.c | 6 drivers/pci/hotplug/cpqphp_pci.c | 15 drivers/pci/pci.c | 5 drivers/pci/slot.c | 4 drivers/perf/arm-cmn.c | 4 drivers/perf/arm_smmuv3_pmu.c | 19 drivers/phy/phy-airoha-pcie-regs.h | 6 drivers/phy/phy-airoha-pcie.c | 8 drivers/phy/realtek/phy-rtk-usb2.c | 2 drivers/phy/realtek/phy-rtk-usb3.c | 2 drivers/pinctrl/pinctrl-k210.c | 2 drivers/pinctrl/pinctrl-zynqmp.c | 1 drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 drivers/pinctrl/renesas/Kconfig | 1 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 drivers/platform/chrome/cros_ec_typec.c | 1 drivers/platform/x86/asus-wmi.c | 64 drivers/platform/x86/intel/bxtwc_tmu.c | 22 drivers/platform/x86/intel/pmt/class.c | 8 drivers/platform/x86/intel/pmt/class.h | 2 drivers/platform/x86/intel/pmt/telemetry.c | 2 drivers/platform/x86/panasonic-laptop.c | 10 drivers/pmdomain/ti/ti_sci_pm_domains.c | 4 drivers/power/reset/Kconfig | 1 drivers/power/sequencing/Kconfig | 1 drivers/power/supply/bq27xxx_battery.c | 37 drivers/power/supply/power_supply_core.c | 2 drivers/power/supply/rt9471.c | 52 drivers/pwm/core.c | 10 drivers/pwm/pwm-imx27.c | 98 + drivers/regulator/qcom_smd-regulator.c | 2 drivers/regulator/rk808-regulator.c | 15 drivers/remoteproc/Kconfig | 6 drivers/remoteproc/qcom_q6v5_adsp.c | 11 drivers/remoteproc/qcom_q6v5_mss.c | 6 drivers/remoteproc/qcom_q6v5_pas.c | 22 drivers/rpmsg/qcom_glink_native.c | 3 drivers/rtc/interface.c | 7 drivers/rtc/rtc-ab-eoz9.c | 7 drivers/rtc/rtc-abx80x.c | 2 drivers/rtc/rtc-rzn1.c | 8 drivers/rtc/rtc-st-lpc.c | 5 drivers/s390/cio/cio.c | 6 drivers/s390/cio/device.c | 18 drivers/s390/virtio/virtio_ccw.c | 4 drivers/scsi/bfa/bfad.c | 3 drivers/scsi/hisi_sas/hisi_sas_main.c | 8 drivers/scsi/qedf/qedf_main.c | 1 drivers/scsi/qedi/qedi_main.c | 1 drivers/scsi/sg.c | 9 drivers/sh/intc/core.c | 2 drivers/soc/fsl/qe/qmc.c | 4 drivers/soc/fsl/rcpm.c | 1 drivers/soc/qcom/qcom-geni-se.c | 3 drivers/soc/ti/smartreflex.c | 4 drivers/soc/xilinx/xlnx_event_manager.c | 4 drivers/spi/atmel-quadspi.c | 2 drivers/spi/spi-fsl-lpspi.c | 12 drivers/spi/spi-tegra210-quad.c | 2 drivers/spi/spi-zynqmp-gqspi.c | 2 drivers/spi/spi.c | 13 drivers/staging/media/atomisp/pci/sh_css_params.c | 2 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 drivers/target/target_core_pscsi.c | 2 drivers/thermal/testing/zone.c | 32 drivers/thermal/thermal_core.c | 123 - drivers/thermal/thermal_core.h | 12 drivers/tty/serial/8250/8250_fintek.c | 14 drivers/tty/serial/8250/8250_omap.c | 4 drivers/tty/serial/amba-pl011.c | 7 drivers/tty/tty_io.c | 2 drivers/usb/dwc3/core.h | 4 drivers/usb/dwc3/ep0.c | 2 drivers/usb/dwc3/gadget.c | 69 drivers/usb/gadget/composite.c | 18 drivers/usb/gadget/function/uvc_video.c | 4 drivers/usb/host/ehci-spear.c | 7 drivers/usb/host/xhci-pci.c | 10 drivers/usb/host/xhci-ring.c | 73 drivers/usb/host/xhci.c | 40 drivers/usb/host/xhci.h | 3 drivers/usb/misc/chaoskey.c | 35 drivers/usb/misc/iowarrior.c | 50 drivers/usb/misc/usb-ljca.c | 20 drivers/usb/misc/yurex.c | 5 drivers/usb/musb/musb_gadget.c | 13 drivers/usb/typec/tcpm/wcove.c | 4 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 drivers/usb/typec/ucsi/ucsi_glink.c | 2 drivers/vdpa/mlx5/core/mr.c | 4 drivers/vfio/pci/mlx5/cmd.c | 6 drivers/vfio/pci/mlx5/main.c | 35 drivers/vfio/pci/vfio_pci_config.c | 16 drivers/video/fbdev/sh7760fb.c | 3 drivers/watchdog/Kconfig | 4 drivers/xen/xenbus/xenbus_probe.c | 8 fs/binfmt_elf.c | 2 fs/binfmt_elf_fdpic.c | 5 fs/binfmt_misc.c | 7 fs/cachefiles/interface.c | 14 fs/cachefiles/ondemand.c | 38 fs/dlm/ast.c | 2 fs/dlm/recoverd.c | 2 fs/efs/super.c | 43 fs/erofs/data.c | 10 fs/erofs/internal.h | 1 fs/erofs/super.c | 6 fs/erofs/zmap.c | 17 fs/exec.c | 23 fs/exfat/file.c | 10 fs/exfat/namei.c | 21 fs/ext4/balloc.c | 4 fs/ext4/ext4.h | 12 fs/ext4/extents.c | 2 fs/ext4/fsmap.c | 54 fs/ext4/ialloc.c | 5 fs/ext4/indirect.c | 2 fs/ext4/inode.c | 4 fs/ext4/mballoc.c | 18 fs/ext4/mballoc.h | 1 fs/ext4/mmp.c | 2 fs/ext4/move_extent.c | 2 fs/ext4/resize.c | 2 fs/ext4/super.c | 42 fs/f2fs/checkpoint.c | 2 fs/f2fs/data.c | 29 fs/f2fs/f2fs.h | 3 fs/f2fs/file.c | 17 fs/f2fs/gc.c | 2 fs/f2fs/node.c | 10 fs/f2fs/segment.c | 5 fs/f2fs/segment.h | 35 fs/f2fs/super.c | 37 fs/fcntl.c | 3 fs/fuse/file.c | 62 fs/fuse/fuse_i.h | 6 fs/fuse/virtio_fs.c | 1 fs/gfs2/glock.c | 19 fs/gfs2/glock.h | 1 fs/gfs2/incore.h | 2 fs/gfs2/rgrp.c | 2 fs/gfs2/super.c | 2 fs/hfsplus/hfsplus_fs.h | 3 fs/hfsplus/wrapper.c | 2 fs/hostfs/hostfs_kern.c | 4 fs/isofs/inode.c | 8 fs/jffs2/erase.c | 7 fs/jfs/xattr.c | 2 fs/netfs/fscache_volume.c | 3 fs/nfs/blocklayout/blocklayout.c | 15 fs/nfs/blocklayout/dev.c | 6 fs/nfs/internal.h | 2 fs/nfs/localio.c | 6 fs/nfs/nfs4proc.c | 8 fs/nfs/write.c | 49 fs/nfs_common/nfslocalio.c | 8 fs/nfsd/export.c | 31 fs/nfsd/export.h | 4 fs/nfsd/filecache.c | 14 fs/nfsd/filecache.h | 2 fs/nfsd/nfs4callback.c | 16 fs/nfsd/nfs4proc.c | 7 fs/nfsd/nfs4recover.c | 3 fs/nfsd/nfs4state.c | 5 fs/nfsd/nfs4xdr.c | 2 fs/nfsd/nfsfh.c | 20 fs/nfsd/nfsfh.h | 3 fs/notify/fsnotify.c | 23 fs/notify/mark.c | 12 fs/ntfs3/file.c | 2 fs/ocfs2/aops.h | 2 fs/ocfs2/file.c | 4 fs/proc/kcore.c | 10 fs/read_write.c | 15 fs/smb/client/cached_dir.c | 229 +- fs/smb/client/cached_dir.h | 6 fs/smb/client/cifsacl.c | 50 fs/smb/client/cifsfs.c | 12 fs/smb/client/cifsglob.h | 4 fs/smb/client/cifsproto.h | 5 fs/smb/client/connect.c | 59 fs/smb/client/fs_context.c | 85 fs/smb/client/fs_context.h | 1 fs/smb/client/inode.c | 8 fs/smb/client/reparse.c | 95 - fs/smb/client/reparse.h | 6 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2file.c | 21 fs/smb/client/smb2inode.c | 6 fs/smb/client/smb2ops.c | 2 fs/smb/client/smb2pdu.c | 6 fs/smb/client/smb2proto.h | 11 fs/smb/client/smb2transport.c | 56 fs/smb/client/trace.h | 3 fs/smb/server/server.c | 4 fs/ubifs/super.c | 6 fs/ubifs/tnc_commit.c | 2 fs/unicode/utf8-core.c | 2 fs/xfs/xfs_bmap_util.c | 8 include/asm-generic/vmlinux.lds.h | 4 include/kunit/skbuff.h | 2 include/linux/blk-mq.h | 2 include/linux/blkdev.h | 12 include/linux/bpf.h | 9 include/linux/cleanup.h | 4 include/linux/compiler_attributes.h | 13 include/linux/compiler_types.h | 19 include/linux/f2fs_fs.h | 6 include/linux/fs.h | 2 include/linux/hisi_acc_qm.h | 8 include/linux/intel_vsec.h | 3 include/linux/jiffies.h | 2 include/linux/kfifo.h | 1 include/linux/kvm_host.h | 6 include/linux/lockdep.h | 2 include/linux/mmdebug.h | 6 include/linux/netpoll.h | 2 include/linux/nfslocalio.h | 18 include/linux/of_fdt.h | 5 include/linux/once.h | 4 include/linux/once_lite.h | 2 include/linux/rcupdate.h | 2 include/linux/rwlock_rt.h | 10 include/linux/sched/ext.h | 1 include/linux/seqlock.h | 98 - include/linux/spinlock_rt.h | 23 include/media/v4l2-dv-timings.h | 18 include/net/bluetooth/hci.h | 4 include/net/bluetooth/hci_core.h | 63 include/net/net_debug.h | 2 include/rdma/ib_verbs.h | 11 include/uapi/linux/rtnetlink.h | 2 init/Kconfig | 9 init/initramfs.c | 15 io_uring/memmap.c | 11 ipc/namespace.c | 4 kernel/bpf/bpf_struct_ops.c | 114 + kernel/bpf/btf.c | 5 kernel/bpf/dispatcher.c | 3 kernel/bpf/trampoline.c | 9 kernel/bpf/verifier.c | 103 + kernel/cgroup/cgroup.c | 21 kernel/fork.c | 26 kernel/rcu/rcuscale.c | 6 kernel/rcu/srcutiny.c | 2 kernel/rcu/tree.c | 14 kernel/rcu/tree_nocb.h | 13 kernel/sched/cpufreq_schedutil.c | 3 kernel/sched/ext.c | 9 kernel/time/time.c | 4 kernel/time/timer.c | 3 kernel/trace/bpf_trace.c | 5 kernel/trace/trace_event_perf.c | 6 lib/overflow_kunit.c | 2 lib/string_helpers.c | 2 lib/strncpy_from_user.c | 5 mm/internal.h | 2 net/9p/trans_usbg.c | 4 net/9p/trans_xen.c | 9 net/bluetooth/hci_conn.c | 219 +- net/bluetooth/hci_event.c | 39 net/bluetooth/hci_sysfs.c | 15 net/bluetooth/iso.c | 101 - net/bluetooth/mgmt.c | 38 net/bluetooth/rfcomm/sock.c | 10 net/core/filter.c | 88 net/core/netdev-genl.c | 2 net/core/skmsg.c | 4 net/hsr/hsr_device.c | 4 net/ipv4/inet_connection_sock.c | 2 net/ipv4/ipmr.c | 42 net/ipv6/addrconf.c | 41 net/ipv6/ip6_fib.c | 8 net/ipv6/ip6mr.c | 38 net/ipv6/route.c | 51 net/iucv/af_iucv.c | 26 net/l2tp/l2tp_core.c | 22 net/llc/af_llc.c | 2 net/netfilter/ipset/ip_set_bitmap_ip.c | 7 net/netfilter/nf_tables_api.c | 60 net/netlink/af_netlink.c | 21 net/rfkill/rfkill-gpio.c | 8 net/rxrpc/af_rxrpc.c | 7 net/sched/sch_fq.c | 6 net/sunrpc/cache.c | 4 net/sunrpc/svcsock.c | 4 net/sunrpc/xprtrdma/svc_rdma.c | 19 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 net/sunrpc/xprtsock.c | 17 net/wireless/core.c | 64 net/wireless/mlme.c | 6 net/wireless/nl80211.c | 1 net/xdp/xsk.c | 11 rust/helpers/spinlock.c | 8 rust/kernel/block/mq/request.rs | 67 rust/kernel/lib.rs | 2 rust/kernel/rbtree.rs | 9 rust/macros/lib.rs | 2 samples/bpf/xdp_adjust_tail_kern.c | 1 samples/kfifo/dma-example.c | 1 scripts/checkpatch.pl | 37 scripts/faddr2line | 2 scripts/kernel-doc | 47 scripts/mod/file2alias.c | 5 scripts/package/builddeb | 22 security/apparmor/capability.c | 2 security/apparmor/policy_unpack_test.c | 6 sound/core/pcm_native.c | 6 sound/core/rawmidi.c | 4 sound/core/sound_kunit.c | 11 sound/core/ump.c | 5 sound/pci/hda/patch_realtek.c | 153 - sound/soc/amd/acp/acp-sdw-sof-mach.c | 16 sound/soc/amd/yc/acp6x-mach.c | 25 sound/soc/codecs/da7213.c | 1 sound/soc/codecs/da7219.c | 9 sound/soc/codecs/rt722-sdca.c | 8 sound/soc/fsl/fsl-asoc-card.c | 8 sound/soc/fsl/fsl_micfil.c | 4 sound/soc/fsl/imx-audmix.c | 3 sound/soc/mediatek/mt8188/mt8188-mt6359.c | 9 sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c | 4 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 9 sound/usb/6fire/chip.c | 10 sound/usb/caiaq/audio.c | 10 sound/usb/caiaq/audio.h | 1 sound/usb/caiaq/device.c | 19 sound/usb/caiaq/input.c | 12 sound/usb/caiaq/input.h | 1 sound/usb/clock.c | 24 sound/usb/quirks.c | 27 sound/usb/usx2y/us122l.c | 5 sound/usb/usx2y/usbusx2y.c | 2 tools/bpf/bpftool/jit_disasm.c | 40 tools/gpio/gpio-sloppy-logic-analyzer.sh | 2 tools/include/nolibc/arch-s390.h | 1 tools/lib/bpf/Makefile | 3 tools/lib/bpf/libbpf.c | 99 - tools/lib/bpf/linker.c | 2 tools/lib/thermal/commands.c | 52 tools/perf/Makefile.config | 2 tools/perf/builtin-ftrace.c | 2 tools/perf/builtin-list.c | 4 tools/perf/builtin-stat.c | 52 tools/perf/builtin-trace.c | 23 tools/perf/pmu-events/empty-pmu-events.c | 2 tools/perf/pmu-events/jevents.py | 2 tools/perf/tests/attr/test-stat-default | 90 - tools/perf/tests/attr/test-stat-detailed-1 | 106 - tools/perf/tests/attr/test-stat-detailed-2 | 130 - tools/perf/tests/attr/test-stat-detailed-3 | 138 + tools/perf/util/bpf-filter.c | 2 tools/perf/util/cs-etm.c | 25 tools/perf/util/disasm.c | 15 tools/perf/util/evlist.c | 19 tools/perf/util/evlist.h | 1 tools/perf/util/machine.c | 2 tools/perf/util/mem-events.c | 8 tools/perf/util/pfm.c | 4 tools/perf/util/pmus.c | 2 tools/perf/util/probe-finder.c | 21 tools/perf/util/probe-finder.h | 4 tools/power/x86/turbostat/turbostat.c | 5 tools/testing/selftests/arm64/abi/hwcap.c | 6 tools/testing/selftests/arm64/mte/check_tags_inclusion.c | 4 tools/testing/selftests/arm64/mte/mte_common_util.c | 4 tools/testing/selftests/bpf/Makefile | 3 tools/testing/selftests/bpf/network_helpers.h | 1 tools/testing/selftests/bpf/prog_tests/timer_lockup.c | 6 tools/testing/selftests/bpf/progs/test_spin_lock_fail.c | 4 tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c | 6 tools/testing/selftests/bpf/test_progs.c | 9 tools/testing/selftests/bpf/test_sockmap.c | 165 + tools/testing/selftests/bpf/uprobe_multi.c | 4 tools/testing/selftests/mount_setattr/mount_setattr_test.c | 2 tools/testing/selftests/net/Makefile | 1 tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh | 262 ++ tools/testing/selftests/net/netfilter/conntrack_dump_flush.c | 6 tools/testing/selftests/net/pmtu.sh | 2 tools/testing/selftests/resctrl/fill_buf.c | 2 tools/testing/selftests/resctrl/mbm_test.c | 16 tools/testing/selftests/resctrl/resctrl_val.c | 3 tools/testing/selftests/vDSO/parse_vdso.c | 3 tools/testing/selftests/wireguard/netns.sh | 1 tools/tracing/rtla/src/timerlat_hist.c | 2 tools/tracing/rtla/src/timerlat_top.c | 2 virt/kvm/kvm_main.c | 103 - 896 files changed, 13140 insertions(+), 6525 deletions(-) Abel Vesa (3): arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs arm64: dts: qcom: x1e80100-vivobook-s15: Drop orientation-switch from USB SS[0-1] QMP PHYs dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries Adrian Hunter (1): perf/x86/intel/pt: Fix buffer full but size is 0 case Adrián Larumbe (4): drm/panfrost: Add missing OPP table refcnt decremental drm/panthor: introduce job cycle and timestamp accounting drm/panthor: record current and maximum device clock frequencies drm/panthor: Fix OPP refcnt leaks in devfreq initialisation Ahmed Ehab (1): locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Ahsan Atta (1): crypto: qat - remove faulty arbiter config reset Alan Maguire (1): selftests/bpf: Fix uprobe_multi compilation error Aleksa Savic (1): hwmon: (aquacomputer_d5next) Fix length of speed_input array Aleksandr Mishin (1): acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Aleksei Vetrov (1): wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan Alex Zenla (2): 9p/xen: fix init sequence 9p/xen: fix release of IRQ Alexander Aring (2): dlm: fix swapped args sb_flags vs sb_status dlm: fix dlm_recover_members refcount on error Alexis Lothoré (eBPF Foundation) (1): selftests/bpf: add missing header include for htons Alper Nebi Yasak (2): arm64: dts: mediatek: mt8183-kukui: Disable DPI display interface wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Amir Goldstein (1): fsnotify: fix sending inotify event with unexpected filename Andre Przywara (5): kselftest/arm64: hwcap: fix f8dp2 cpuinfo name kselftest/arm64: mte: fix printf type warnings about __u64 kselftest/arm64: mte: fix printf type warnings about longs ARM: dts: cubieboard4: Fix DCDC5 regulator constraints clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Andreas Gruenbacher (3): gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE gfs2: Allow immediate GLF_VERIFY_DELETE work gfs2: Fix unlinked inode cleanup Andreas Kemnade (1): ARM: dts: omap36xx: declare 1GHz OPP as turbo again Andrei Simion (1): ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Andrej Shadura (1): Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Andrii Nakryiko (4): libbpf: fix sym_is_subprog() logic for weak global subprogs libbpf: never interpret subprogs in .text as entry programs selftests/bpf: fix test_spin_lock_fail.c's global vars usage libbpf: move global data mmap()'ing into bpf_object__load() André Almeida (1): unicode: Fix utf8_load() error path Andy Shevchenko (11): regmap: irq: Set lockdep class for hierarchical IRQ domains drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication cpufreq: loongson3: Check for error code from devm_mutex_init() call gpio: zevio: Add missed label initialisation iio: adc: ad4000: Check for error code from devm_mutex_init() call iio: adc: pac1921: Check for error code from devm_mutex_init() call x86/Documentation: Update algo in init_size description of boot protocol Angelo Dureghello (2): iio: dac: adi-axi-dac: fix wrong register bitfield dt-bindings: iio: dac: ad3552r: fix maximum spi speed Antonio Quartulli (1): m68k: coldfire/device.c: only build FEC when HW macros are defined Antoniu Miclaus (1): iio: accel: adxl380: fix raw sample read Anurag Dutta (3): arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances Ard Biesheuvel (1): x86/pvh: Call C code via the kernel virtual mapping Armin Wolf (1): platform/x86: asus-wmi: Fix inconsistent use of thermal policies Arnaldo Carvalho de Melo (1): perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Arnd Bergmann (5): wifi: ath12k: fix one more memcpy size error mailbox, remoteproc: k3-m4+: fix compile testing power: reset: ep93xx: add AUXILIARY_BUS dependency KVM: x86: add back X86_LOCAL_APIC dependency serial: amba-pl011: fix build regression Artem Sadovnikov (1): jfs: xattr: check invalid xattr size more strictly Aurabindo Pillai (1): drm/amd/display: fix a memleak issue when driver is removed Avihai Horon (1): vfio/pci: Properly hide first-in-list PCIe extended capability Balaji Pothunoori (1): wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Baochen Qiang (2): wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Baolin Liu (1): scsi: target: Fix incorrect function name in pscsi_create_type_disk() Barnabás Czémán (1): power: supply: bq27xxx: Fix registers of bq27426 Bart Van Assche (3): scsi: sg: Enable runtime power management power: supply: core: Remove might_sleep() from power_supply_put() blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Bartosz Golaszewski (4): mmc: mmc_spi: drop buggy snprintf() power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF pinctrl: zynqmp: drop excess struct member description lib: string_helpers: silence snprintf() output truncation warning Baruch Siach (1): doc: rcu: update printed dynticks counter bits Benjamin Coddington (3): SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT nfs/blocklayout: Don't attempt unregister for invalid block device nfs/blocklayout: Limit repeat device registration on failure Benjamin Peterson (3): perf trace: avoid garbage when not printing a trace event's arguments perf trace: Do not lose last events in a race perf trace: Avoid garbage when not printing a syscall's arguments Benoît Sevens (1): ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Biju Das (3): pinctrl: renesas: rzg2l: Fix missing return in rzg2l_pinctrl_register() mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Bill O'Donnell (1): efs: fix the efs new mount api implementation Bin Liu (1): serial: 8250: omap: Move pm_runtime_get_sync Bingbu Cao (2): media: ipu6: not override the dma_ops of device in driver media: ipu6: remove architecture DMA ops dependency in Kconfig Björn Töpel (3): libbpf: Add missing per-arch include path selftests: bpf: Add missing per-arch include path riscv: kvm: Fix out-of-bounds array access Borislav Petkov (AMD) (2): x86/mm: Carve out INVLPG inline asm for use by others x86/microcode/AMD: Flush patch buffer mapping after application Breno Leitao (3): spi: tegra210-quad: Avoid shift-out-of-bounds netpoll: Use rcu_access_pointer() in netpoll_poll_lock nvme/multipath: Fix RCU list traversal to use SRCU primitive Cabiddu, Giovanni (1): crypto: qat - remove check after debugfs_create_dir() Carl Vanderlip (1): bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian Carlos Llamas (1): Revert "scripts/faddr2line: Check only two symbols when calculating symbol size" Chao Yu (6): f2fs: fix to account dirty data in __get_secs_required() f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() f2fs: fix to map blocks correctly for direct write f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow f2fs: fix to do sanity check on node blkaddr in truncate_node() Charles Han (4): clk: clk-apple-nco: Add NULL check in applnco_probe phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe ASoC: imx-audmix: Add NULL check in imx_audmix_probe Chen Ridong (4): crypto: caam - add error check to caam_rsa_set_priv_key_form crypto: bcm - add error check in the ahash_hmac_init function Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen Yufan (1): drm/imagination: Convert to use time_before macro Chen-Yu Tsai (5): scripts/kernel-doc: Do not track section counter across processed files arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes Cheng Ming Lin (1): mtd: spi-nor: core: replace dummy buswidth from addr to data Chengchang Tang (2): RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset ChiYuan Huang (2): power: supply: rt9471: Fix wrong WDT function regfield declaration power: supply: rt9471: Use IC status regfield to report real charger status Chiara Meiohas (3): RDMA/mlx5: Call dev_put() after the blocking notifier RDMA/core: Implement RoCE GID port rescan and export delete function RDMA/mlx5: Ensure active slave attachment to the bond IB device Chris Lu (1): Bluetooth: btmtk: adjust the position to init iso data anchor Chris Morgan (1): arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Christian Brauner (2): fcntl: make F_DUPFD_QUERY associative Revert "fs: don't block i_writecount during exec" Christian Loehle (1): sched/cpufreq: Ensure sd is rebuilt for EAS check Christoph Hellwig (7): nvme-pci: fix freeing of the HMB descriptor table block: take chunk_sectors into account in bio_split_write_zeroes block: fix bio_split_rw_at to take zone_write_granularity into account nvme-pci: reverse request order in nvme_queue_rqs virtio_blk: reverse request order in virtio_queue_rqs kfifo: don't include dma-mapping.h in kfifo.h block: return unsigned int from bdev_io_min Christophe JAILLET (4): crypto: caam - Fix the pointer passed to caam_qi_shutdown() crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() media: i2c: vgxy61: Fix an error handling path in vgxy61_detect() iio: light: al3010: Fix an error handling path in al3010_probe() Christophe Leroy (1): powerpc/vdso: Flag VDSO64 entry points as functions Chuck Lever (5): svcrdma: Address an integer overflow NFSD: Prevent NULL dereference in nfsd4_process_cb_update() NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() NFSD: Fix nfsd4_shutdown_copy() NFSD: Prevent a potential integer overflow Chun-Tse Shao (1): perf/arm-smmuv3: Fix lockdep assert in ->event_init() Clark Wang (1): pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Claudiu Beznea (2): ASoC: da7213: Populate max_register to regmap_config serial: sh-sci: Clean sci_ports[0] after at earlycon exit Colin Ian King (1): media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Csókás, Bence (1): spi: atmel-quadspi: Fix register name in verbose logging function Damien Le Moal (1): block: Prevent potential deadlock in blk_revalidate_disk_zones() Dan Carpenter (10): crypto: qat/qat_420xx - fix off by one in uof_get_name() crypto: qat/qat_4xxx - fix off by one in uof_get_name() soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() media: i2c: max96717: clean up on error in max96717_subdev_init() wifi: rtw89: unlock on error path in rtw89_ops_unassign_vif_chanctx() kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() usb: typec: fix potential array underflow in ucsi_ccg_sync_control() cifs: unlock on error in smb3_reconfigure() sh: intc: Fix use-after-free bug in register_intc_controller() Daniel Lezcano (2): tools/lib/thermal: Make more generic the command encoding function thermal/lib: Fix memory leak on error in thermal_genl_auto() Daniel Palmer (2): m68k: mvme147: Fix SCSI controller IRQ numbers m68k: mvme147: Reinstate early console Daolong Zhu (4): arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns Darrick J. Wong (2): MAINTAINERS: appoint myself the XFS maintainer for 6.12 LTS xfs: fix simplify extent lookup in xfs_can_free_eofblocks Dave Stevenson (7): drm/vc4: hvs: Don't write gamma luts on 2711 drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function drm/vc4: hvs: Correct logic on stopping an HVS channel drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush drm/vc4: Correct generation check in vc4_hvs_lut_load David Disseldorp (1): initramfs: avoid filename buffer overrun David Laight (1): x86: fix off-by-one in access_ok() David Lechner (1): iio: adc: ad4000: fix reading unsigned data David Thompson (1): EDAC/bluefield: Fix potential integer overflow Dinesh Kumar (1): ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Dipendra Khadka (6): octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Dirk Su (1): ALSA: hda/realtek: fix mute/micmute LEDs don't work for EliteBook X G1i Dmitry Antipov (2): Bluetooth: fix use-after-free in device_for_each_child() ocfs2: fix uninitialized value in ocfs2_file_read_iter() Dmitry Baryshkov (7): arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block drm/msm/dpu: drop LM_3 / LM_4 on SDM845 drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 remoteproc: qcom: pas: add minidump_id to SM8350 resources usb: typec: ucsi: glink: fix off-by-one in connector_status Dom Cobley (2): drm/vc4: hdmi: Avoid hang with debug registers when suspended drm/vc4: hdmi: Increase audio MAI fifo dreq threshold Dong Aisheng (1): clk: imx: clk-scu: fix clk enable state save and restore Dragan Simic (1): regulator: rk808: Restrict DVS GPIOs to the RK808 variant only Eder Zulian (1): rust: helpers: Avoid raw_spin_lock initialization for PREEMPT_RT Eduard Zingerman (1): selftests/bpf: Fix backtrace printing for selftests crashes Edward Adam Davis (1): USB: chaoskey: Fix possible deadlock chaoskey_list_lock Emmanuel Grumbach (2): wifi: iwlwifi: allow fast resume on ax200 wifi: iwlwifi: mvm: tell iwlmei when we finished suspending Eric Biggers (1): crypto: x86/aegis128 - access 32-bit arguments as 32-bit Eric Dumazet (1): net: hsr: fix hsr_init_sk() vs network/transport headers. Everest K.C (2): crypto: cavium - Fix the if condition to exit loop after timeout ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Fangzhi Zuo (3): drm/amd/display: Skip Invalid Streams from DSC Policy drm/amd/display: Fix incorrect DSC recompute trigger drm/amd/display: Reduce HPD Detection Interval for IPS Fei Shao (3): arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI dt-bindings: PCI: mediatek-gen3: Allow exact number of clocks only Felix Maurer (1): xsk: Free skb when TX metadata options are invalid Feng Fang (1): RDMA/hns: Fix different dgids mapping to the same dip_idx Filip Brozovic (1): serial: 8250_fintek: Add support for F81216E Florian Westphal (3): netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion netfilter: nf_tables: must hold rcu read lock while iterating expression type list netfilter: nf_tables: must hold rcu read lock while iterating object type list Francesco Zardi (1): rust: block: fix formatting of `kernel::block::mq::request` module Frank Li (2): arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin Gao Xiang (2): erofs: fix file-backed mounts over FUSE erofs: handle NONHEAD !delta[1] lclusters gracefully Gaosheng Cui (2): drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() firmware_loader: Fix possible resource leak in fw_log_firmware_info() Gautam Menghani (3): KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Gautham R. Shenoy (1): amd-pstate: Set min_perf to nominal_perf for active mode performance gov Geert Uytterhoeven (2): ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios zram: ZRAM_DEF_COMP should depend on ZRAM Gerd Bayer (1): s390/facilities: Fix warning about shadow of global variable Greg Kroah-Hartman (2): Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Linux 6.12.2 Gregory Price (1): tpm: fix signed/unsigned bug when checking event logs Guenter Roeck (1): net: microchip: vcap: Add typegroup table terminators in kunit tests Guilherme G. Piccoli (1): wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Gustavo A. R. Silva (2): clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Halil Pasic (1): s390/virtio_ccw: Fix dma_parm pointer not set up Hangbin Liu (3): netdevsim: copy addresses for both in and out paths wireguard: selftests: load nf_conntrack if not present net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Hans Verkuil (1): media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Hao Ge (2): isofs: avoid memory leak in iocharset perf bpf-filter: Return -ENOMEM directly when pfi allocation fails Hari Bathini (1): powerpc/fadump: allocate memory for additional parameters early Hariprasad Kelam (5): octeontx2-af: RPM: Fix mismatch in lmac type octeontx2-af: RPM: Fix low network performance octeontx2-af: RPM: fix stale RSFEC counters octeontx2-af: RPM: fix stale FCFEC counters octeontx2-af: Quiesce traffic before NIX block reset Harshit Mogalapalli (1): dax: delete a stale directory pmem Heiko Carstens (1): s390/pageattr: Implement missing kernel_page_present() Heiko Stuebner (1): arm64: dts: rockchip: Remove 'enable-active-low' from two boards Henrique Carvalho (1): smb: client: disable directory caching when dir_cache_timeout is zero Herve Codina (1): soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure Hongzhen Luo (1): erofs: fix blksize < PAGE_SIZE for file-backed mounts Hou Tao (1): virtiofs: use pages instead of pointer for kernel direct IO Howard Chu (1): perf trace: Fix tracing itself, creating feedback loops Hsin-Te Yuan (2): arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4 Huacai Chen (2): LoongArch: Explicitly specify code model in Makefile sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Huan Yang (2): udmabuf: change folios array from kmalloc to kvmalloc udmabuf: fix vmap_udmabuf error page set Hubert Wiśniewski (1): usb: musb: Fix hardware lockup on first Rx endpoint request Ian Rogers (3): perf stat: Fix affinity memory leaks on error path perf disasm: Fix capstone memory leak perf probe: Fix libdw memory leak Igor Prusov (1): dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Igor Pylypiv (1): i2c: dev: Fix memory leak when underlying adapter does not support I2C Ilpo Järvinen (1): PCI: cpqphp: Fix PCIBIOS_* return value confusion Ilya Zverev (1): ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Iulia Tanasescu (3): Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending Bluetooth: ISO: Send BIG Create Sync via hci_sync Jacob Keller (1): ice: consistently use q_idx in ice_vc_cfg_qs_msg() Jaegeuk Kim (1): Revert "f2fs: remove unreachable lazytime mount option parsing" Jakub Kicinski (3): eth: fbnic: don't disable the PCI device twice netlink: fix false positive warning in extack during dumps net_sched: sch_fq: don't follow the fast path if Tx is behind now James Chapman (1): net/l2tp: fix warning in l2tp_exit_net found by syzbot James Clark (1): perf cs-etm: Don't flush when packet_queue fills up Jan Hendrik Farr (1): Compiler Attributes: disable __counted_by for clang < 19.1.3 Jan Kara (1): ext4: avoid remount errors with 'abort' mount option Jann Horn (2): fsnotify: Fix ordering of iput() and watched_objects decrement comedi: Flush partial mappings in error case Jared McArthur (1): arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Jason Gerecke (1): HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Javier Carrasco (9): clocksource/drivers/timer-ti-dm: Fix child node refcount handling Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name() leds: max5970: Fix unreleased fwnode_handle in probe function wifi: brcmfmac: release 'root' node in all execution paths platform/chrome: cros_ec_typec: fix missing fwnode reference decrement mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode() soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node counter: stm32-timer-cnt: fix device_node handling in probe_encoder() Jean-Michel Hautbois (1): m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Jean-Philippe Romain (1): perf list: Fix topic and pmu_name argument order Jeff Layton (1): nfsd: drop inode parameter from nfsd4_change_attribute() Jeongjun Park (4): wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() ext4: supress data-race warnings in ext4_free_inodes_{count,set}() netfilter: ipset: add missing range check in bitmap_ip_uadt Jerome Brunet (1): hwmon: (pmbus/core) clear faults after setting smbalert mask Jesse Taube (2): RISC-V: Scalar unaligned access emulated on hotplug CPUs RISC-V: Check scalar unaligned access on all CPUs Jiasheng Jiang (2): counter: stm32-timer-cnt: Add check for clk_enable() counter: ti-ecap-capture: Add check for clk_enable() Jiawen Wu (2): net: txgbe: remove GPIO interrupt controller net: txgbe: fix null pointer to pcs Jiayuan Chen (1): bpf: fix recursive lock when verdict program return SK_PASS Jie Zhan (1): cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged Jing Zhang (1): KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Jinjie Ruan (17): spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() misc: apds990x: Fix missing pm_runtime_disable() apparmor: test: Fix memory leak for aa_unpack_strdup() cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Jiri Olsa (2): bpf: Allow return values 0 and 1 for kprobe session bpf: Force uprobe bpf program to always return 0 Joe Damato (1): netdev-genl: Hold rcu_read_lock in napi_get Joe Hattori (2): remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe() remoteproc: qcom: adsp: Remove subdevs on the error path of adsp_probe() Johan Hovold (1): pinctrl: qcom: spmi: fix debugfs drive strength John Garry (3): block/fs: Pass an iocb to generic_atomic_write_valid() fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid() block: Don't allow an atomic write be truncated in blkdev_write_iter() Jonas Gorski (1): mips: asm: fix warning when disabling MIPS_FP_SUPPORT Jonathan Gray (1): drm: use ATOMIC64_INIT() for atomic64_t Jonathan Marek (3): efi/libstub: fix efi_parse_options() ignoring the default command line clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650 rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Jose Ignacio Tornos Martinez (2): wifi: ath12k: fix warning when unbinding wifi: ath12k: fix crash when unbinding Josh Poimboeuf (1): parisc/ftrace: Fix function graph tracing disablement José Expósito (1): drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Junxian Huang (3): RDMA/hns: Use dev_* printings in hem code instead of ibdev_* RDMA/hns: Fix out-of-order issue of requester when setting FENCE RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Justin Lai (3): rtase: Refactor the rtase_check_mac_version_valid() function rtase: Correct the speed for RTL907XD-V1 rtase: Corrects error handling of the rtase_check_mac_version_valid() Kailang Yang (4): ALSA: hda/realtek: Update ALC256 depop procedure ALSA: hda/realtek: Update ALC225 depop procedure ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kajol Jain (1): KVM: PPC: Book3S HV: Fix kmv -> kvm typo Kalesh AP (1): RDMA/bnxt_re: Correct the sequence of device suspend Kalle Valo (1): Revert "wifi: iwlegacy: do not skip frames with bad FCS" Kan Liang (1): perf jevents: Don't stop at the first matched pmu when searching a events table Karol Wachowski (1): accel/ivpu: Prevent recovery invocation during probe and resume Karthikeyan Periyasamy (1): wifi: cfg80211: check radio iface combination for multi radio per wiphy Kartik Rajput (1): serial: amba-pl011: Fix RX stall when DMA is used Kashyap Desai (1): RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Keita Morisaki (1): devres: Fix page faults when tracing devres from unloaded modules Kiran K (2): Bluetooth: btintel_pcie: Add handshake between driver and firmware Bluetooth: btintel: Do no pass vendor events to stack Kirill A. Shutemov (3): x86/tdx: Introduce wrappers to read and write TD metadata x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() x86/tdx: Dynamically disable SEPT violations from causing #VEs Konrad Dybcio (2): arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Konstantin Komarov (1): fs/ntfs3: Equivalent transition from page to folio Kristina Martsenko (1): arm64: probes: Disable kprobes/uprobes on MOPS instructions Krzysztof Kozlowski (1): dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks Kuangyi Chiang (4): xhci: Fix control transfer error on Etron xHCI host xhci: Combine two if statements for Etron xHCI host xhci: Don't perform Soft Retry for Etron xHCI host xhci: Don't issue Reset Device command to Etron xHCI host Kumar Kartikeya Dwivedi (2): bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Kuniyuki Iwashima (1): tcp: Fix use-after-free of nreq in reqsk_timer_handler(). Kunkun Jiang (2): KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Lad Prabhakar (2): arm64: dts: renesas: hihope: Drop #sound-dai-cells pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC Leo Yan (1): perf probe: Correct demangled symbols in C++ program Leon Hwang (1): bpf, bpftool: Fix incorrect disasm pc Levi Yun (2): trace/trace_event_perf: remove duplicate samples on the first tracepoint event perf stat: Close cork_fd when create_perf_stat_counter() failed Li Huafei (6): crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() media: atomisp: Add check for rgby_data memory allocation failure drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() perf disasm: Use disasm_line__free() to properly free disasm_line perf disasm: Fix not cleaning up disasm_line in symbol__disassemble_raw() Li Lingfeng (1): nfs: ignore SB_RDONLY when mounting nfs Li Wang (1): loop: fix type of block size Lifeng Zheng (1): ACPI: CPPC: Fix _CPC register setting issue Lijo Lazar (2): drm/amdgpu: Fix JPEG v4.0.3 register write drm/amdgpu: Fix map/unmap queue logic Lingbo Kong (1): wifi: cfg80211: Remove the Medium Synchronization Delay validity check Linus Walleij (2): drm/panel: nt35510: Make new commands optional wifi: cw1200: Fix potential NULL dereference Liu Jian (3): RDMA/rxe: Set queue pair cur_qp_state when being queried sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Liu Shixin (1): zram: fix NULL pointer in comp_algorithm_show() Long Li (2): ext4: fix race in buffer_head read fault injection f2fs: fix race in concurrent f2fs_stop_gc_thread LongPing Wei (1): f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Lorenzo Bianconi (8): clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration clk: en7523: move clock_register in hw_init callback clk: en7523: introduce chip_scu regmap clk: en7523: fix estimation of fixed rate for EN7581 phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out() phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l() phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll() phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions Luca Weiss (1): arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Lucas Stach (1): drm/etnaviv: hold GPU lock across perfmon sampling Luiz Augusto von Dentz (3): Bluetooth: ISO: Use kref to track lifetime of iso_conn Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Bluetooth: MGMT: Fix possible deadlocks Lukas Bulwahn (1): clk: mediatek: drop two dead config options Lukas Wunner (1): PCI: Fix use-after-free of slot->bus on hot remove Lukasz Luba (1): drm/msm/gpu: Check the status of registration to PM QoS Luo Qiu (1): firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Ma Wupeng (1): ipc: fix memleak if msg_init_ns failed in create_ipc_ns Macpaul Lin (5): arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy arm64: dts: mt8195: Fix dtbs_check error for mutex node arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node arm64: dts: mediatek: mt6358: fix dtbs_check error ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Manivannan Sadhasivam (3): PCI: qcom: Enable MSI interrupts together with Link up if 'Global IRQ' is supported PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Marc Zyngier (2): arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Marco Elver (2): kcsan, seqlock: Support seqcount_latch_t kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Marcus Folkesson (1): mfd: da9052-spi: Change read-mask to write-mask Marek Vasut (1): wifi: wilc1000: Set MAC after operation mode Mario Limonciello (1): cpufreq/amd-pstate: Don't update CPPC request in amd_pstate_cpu_boost_update() Mark Brown (2): kselftest/arm64: Fix encoding for SVE B16B16 test clocksource/drivers:sp804: Make user selectable Martin Kaistra (1): wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled Masahiro Yamada (5): arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG s390/syscalls: Avoid creation of arch/arch/ directory Rename .data.unlikely to .data..unlikely Rename .data.once to .data..once to fix resetting WARN*_ONCE modpost: remove incorrect code in do_eisa_entry() Matt Coster (1): drm/imagination: Use pvr_vm_context_get() Matt Fleming (1): kbuild: deb-pkg: Don't fail if modules.order is missing Matthew Rosato (1): iommu/s390: Implement blocking domain Matthias Schiffer (1): drm: fsl-dcu: enable PIXCLK on LS1021A Maurice Lambert (1): netlink: typographical error in nlmsg_type constants definition Mauro Carvalho Chehab (2): MAINTAINERS: update location of media main tree docs: media: update location of the media patches Maxime Chevallier (2): net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Maxime Ripard (1): drm/vc4: Introduce generation number enum Maíra Canal (2): drm/v3d: Address race-condition in MMU flush drm/v3d: Flush the MMU before we supply more memory to the binner Meetakshi Setiya (1): cifs: support mounting with alternate password to allow password rotation Michael Chan (2): bnxt_en: Refactor bnxt_ptp_init() bnxt_en: Unregister PTP during PCI shutdown and suspend Michael Ellerman (2): powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Michael Grzeschik (1): usb: gadget: uvc: wake pump everytime we update the free list Michael J. Ruhl (1): platform/x86/intel/pmt: allow user offset for PMT callbacks Michael Petlan (1): perf trace: Keep exited threads for summary Michal Luczaj (2): llc: Improve setsockopt() handling of malformed user input rxrpc: Improve setsockopt() handling of malformed user input Michal Pecio (3): usb: xhci: Limit Stop Endpoint retries usb: xhci: Fix TD invalidation under pending Set TR Dequeue usb: xhci: Avoid queuing redundant Stop Endpoint commands Michal Schmidt (1): rcu/srcutiny: don't return before reenabling preemption Michal Simek (2): microblaze: Export xmb_manager functions dt-bindings: serial: rs485: Fix rs485-rts-delay property Michal Suchanek (1): powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Michal Vrastil (1): Revert "usb: gadget: composite: fix OS descriptors w_value logic" Miguel Ojeda (4): time: Partially revert cleanup on msecs_to_jiffies() documentation time: Fix references to _msecs_to_jiffies() handling of values drm/panic: Select ZLIB_DEFLATE for DRM_PANIC_SCREEN_QR_CODE rust: rbtree: fix `SAFETY` comments that should be `# Safety` sections Mike Snitzer (1): nfs_common: must not hold RCU while calling nfsd_file_put_local Mikulas Patocka (1): blk-settings: round down io_opt to physical_block_size Min-Hua Chen (1): regulator: qcom-smd: make smd_vreg_rpm static Ming Lei (6): ublk: fix ublk_ch_mmap() for 64K page size ublk: fix error code for unsupported command blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs block: model freeze & enter queue as lock for supporting lockdep block: always verify unfreeze lock on the owner task block: don't verify IO lock for freeze/unfreeze in elevator_init_mq() Mingwei Zheng (1): net: rfkill: gpio: Add check for clk_enable() Miquel Raynal (1): mtd: rawnand: atmel: Fix possible memory leak Mirsad Todorovac (2): fs/proc/kcore.c: fix coccinelle reported ERROR instances net/9p/usbg: fix handling of the failed kzalloc() memory allocation Muchun Song (3): block: fix missing dispatching request when queue is started or unquiesced block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding block: fix ordering between checking BLK_MQ_S_STOPPED request adding Murad Masimov (1): hwmon: (tps23861) Fix reporting of negative temperatures Namhyung Kim (1): perf/arm-cmn: Ensure port and device id bits are set properly Namjae Jeon (1): exfat: fix uninit-value in __exfat_get_dentry_set Nathan Morrisson (1): arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs NeilBrown (1): nfs/localio: must clear res.replen in nfs_local_read_done Nicolas Bouchinet (1): tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Nicolin Chen (2): iommu/tegra241-cmdqv: Staticize cmdqv_debugfs_dir iommu/tegra241-cmdqv: Fix alignment failure at max_n_shift Niklas Schnelle (2): watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240 s390/pci: Fix potential double remove of hotplug slot Nilay Shroff (1): nvme-fabrics: fix kernel crash while shutting down controller Nirmoy Das (1): drm/xe/ufence: Wake up waiters after setting ufence->signalled Nobuhiro Iwamatsu (1): rtc: abx80x: Fix WDT bit position of the status register Nuno Sa (2): dt-bindings: clock: axi-clkgen: include AXI clk clk: clk-axi-clkgen: make sure to enable the AXI bus clock Nícolas F. R. A. Prado (1): ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Oleksij Rempel (3): net: usb: lan78xx: Fix double free issue with interrupt buffer allocation net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Oliver Neukum (2): usb: yurex: make waiting on yurex_write interruptible USB: chaoskey: fail open after removal Oliver Upton (1): KVM: arm64: Don't retire aborted MMIO instruction Omid Ehtemam-Haghighi (1): ipv6: Fix soft lockups in fib6_select_path under high next hop churn Orange Kao (1): EDAC/igen6: Avoid segmentation fault on module unload Pablo Sun (1): arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain Pali Rohár (2): cifs: Fix parsing native symlinks relative to the export cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Paolo Abeni (4): ipv6: release nexthop on device removal selftests: net: really check for bg process completion ip6mr: fix tables suspicious RCU usage ipmr: fix tables suspicious RCU usage Paolo Bonzini (2): rust: macros: fix documentation of the paste! macro KVM: x86: switch hugepage recovery thread to vhost_task Patrisious Haddad (1): RDMA/mlx5: Move events notifier registration to be after device registration Patryk Wlazlyn (1): tools/power turbostat: Fix child's argument forwarding Paul Aurich (5): smb: cached directories can be more than root file handle smb: Don't leak cfid when reconnect races with open_cached_dir smb: prevent use-after-free due to open_cached_dir error paths smb: During unmount, ensure all cached dir instances drop their dentry smb: Initialize cfid->tcon before performing network ops Paulo Alcantara (3): smb: client: fix NULL ptr deref in crypto_aead_setkey() smb: client: fix use-after-free of signing key smb: client: handle max length for SMB symlinks Pavan Chebbi (1): tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Pavel Begunkov (2): io_uring: fix corner case forgetting to vunmap io_uring: check for overflows in io_pin_pages Pei Xiao (2): hwmon: (nct6775-core) Fix overflows seen when writing limit attributes wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() Peng Fan (3): clk: imx: lpcg-scu: SW workaround for errata (e10858) clk: imx: fracn-gppll: correct PLL initialization flow clk: imx: fracn-gppll: fix pll power up Peter Große (1): i40e: Fix handling changed priv flags Pin-yen Lin (3): arm64: dts: mt8183: Add port node to dpi node drm/bridge: anx7625: Drop EDID cache on bridge power off drm/bridge: it6505: Drop EDID cache on bridge power off Po-Hao Huang (1): wifi: rtw89: Fix TX fail with A2DP after scanning Priyanka Singh (1): EDAC/fsl_ddr: Fix bad bit shift operations Qi Han (1): f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Qingfang Deng (1): jffs2: fix use of uninitialized variable Qiu-ji Chen (3): xen: Fix the issue of resource not being properly released in xenbus_dev_probe() ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() media: wl128x: Fix atomicity violation in fmc_send_cmd() Qiuxu Zhuo (2): EDAC/skx_common: Differentiate memory error sources EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Rafael J. Wysocki (7): thermal: core: Initialize thermal zones before registering them thermal: core: Rearrange PM notification code thermal: core: Represent suspend-related thermal zone flags as bits thermal: core: Mark thermal zones as initializing to start with thermal: core: Fix race between zone registration and system suspend thermal: testing: Use DEFINE_FREE() and __free() to simplify code thermal: testing: Initialize some variables annoteded with _free() Raghavendra Rao Ananta (2): KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status KVM: arm64: Get rid of userspace_irqchip_in_use Ralph Boehme (1): fs/smb/client: implement chmod() for SMB3 POSIX Extensions Rameshkumar Sundaram (1): wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() Ramya Gnanasekar (1): wifi: ath12k: Skip Rx TID cleanup for self peer Randy Dunlap (2): kernel-doc: allow object-like macros in ReST output fs_parser: update mount_api doc to match function signature Raviteja Laggyshetty (1): interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency Raymond Hackley (1): leds: ktd2692: Set missing timing properties Reinette Chatre (3): selftests/resctrl: Print accurate buffer size as part of MBM results selftests/resctrl: Fix memory overflow due to unhandled wraparound selftests/resctrl: Protect against array overrun during iMC config parsing Ritesh Harjani (IBM) (3): powerpc/fadump: Refactor and prepare fadump_cma_init for late init powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() powerpc/mm/fault: Fix kfence page fault reporting Roman Li (1): drm/amd/display: Increase idle worker HPD detection time Rosen Penev (1): net: mdio-ipq4019: add missing error check Russell King (Oracle) (1): irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain Ryan Walklin (1): drm: panel: nv3052c: correct spi_device_id for RG35XX panel Sabyrzhan Tasbolatov (1): kasan: move checks to do_strncpy_from_user Sai Kumar Cholleti (1): gpio: exar: set value when external pull-up or pull-down is present Sakari Ailus (1): media: ipu6: Fix DMA and physical address debugging messages for 32-bit Samuel Holland (1): irqchip/riscv-aplic: Prevent crash when MSI domain is missing Saravanan Vajravel (1): bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Sascha Hauer (1): wifi: mwifiex: add missing locking for cfg80211 calls Sean Anderson (1): drm: zynqmp_kms: Unplug DRM device before removal Sean Christopherson (3): KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE KVM: x86: Break CONFIG_KVM_X86's direct dependency on KVM_INTEL || KVM_AMD Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata handling out of setup_vmcs_config()" Sebastian Andrzej Siewior (2): locking/rt: Add sparse annotation PREEMPT_RT's sleeping locks. x86/CPU/AMD: Terminate the erratum_1386_microcode array Selvarasu Ganesan (1): usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic Sergey Senozhatsky (1): zram: permit only one post-processing operation at a time Sergio Paracuellos (2): clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Shengjiu Wang (1): ASoC: fsl_micfil: fix regmap_write_bits usage Shravya KN (2): bnxt_en: Set backplane link modes correctly for ethtool bnxt_en: Fix receive ring space parameters when XDP is active Shyam Prasad N (1): cifs: during remount, make sure passwords are in sync Si-Wei Liu (1): vdpa/mlx5: Fix suboptimal range on iotlb iteration Sibi Sankar (2): arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Siddharth Vadapalli (1): PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Sidraya Jayagond (1): s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Somnath Kotur (1): bnxt_en: Fix queue start to update vnic RSS table Sourabh Jain (1): fadump: reserve param area if below boot_mem_top Srikar Dronamraju (1): gpio: sloppy-logic-analyzer remove reference to rcu_momentary_dyntick_idle() Srinivasan Shanmugam (2): drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' Stafford Horne (1): openrisc: Implement fixmap to fix earlycon Stanislaw Gruszka (4): spi: Fix acpi deferred irq probe media: intel/ipu6: do not handle interrupts when device is disabled usb: misc: ljca: set small runtime autosuspend delay usb: misc: ljca: move usb_autopm_put_interface() after wait for response Steffen Dirkwinkel (1): drm: xlnx: zynqmp_disp: layer may be null while releasing Stephen Boyd (1): clk: Allow kunit tests to run without OF_OVERLAY enabled Steve French (1): smb3: request handle caching when caching directories Steven 'Steve' Kendall (1): drm/radeon: Fix spurious unplug event on radeon HDMI Steven Price (1): drm/panfrost: Remove unused id_mask from struct panfrost_model Suraj Kandpal (1): drm/xe/hdcp: Fix gsc structure check in fw check status Takahiro Kuwano (1): mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Takashi Iwai (9): ALSA: usx2y: Use snd_card_free_when_closed() at disconnection ALSA: us122l: Use snd_card_free_when_closed() at disconnection ALSA: caiaq: Use snd_card_free_when_closed() at disconnection ALSA: 6fire: Release resources at card release ALSA: usb-audio: Fix out of bounds reads when finding clock sources ALSA: rawmidi: Fix kvfree() call in spinlock ALSA: ump: Fix evaluation of MIDI 1.0 FB info ALSA: pcm: Add sanity NULL check for the default mmap fault handler ALSA: hda/realtek: Apply quirk for Medion E15433 Tamir Duberstein (1): checkpatch: always parse orig_commit in fixes tag Tao Chen (1): libbpf: Fix expected_attach_type set handling in program load callback Tejun Heo (1): sched_ext: scx_bpf_dispatch_from_dsq_set_*() are allowed from unlocked context Thadeu Lima de Souza Cascardo (1): hfsplus: don't query the device logical block size multiple times Theodore Ts'o (1): ext4: fix FS_IOC_GETFSMAP handling Thinh Nguyen (3): usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED usb: dwc3: gadget: Fix checking for number of TRBs left usb: dwc3: gadget: Fix looping of queued SG entries Thomas Falcon (1): perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC} Thomas Gleixner (2): timers: Add missing READ_ONCE() in __run_timer_base() sched/ext: Remove sched_fork() hack Thomas Richter (1): s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex Thomas Weißschuh (1): tools/nolibc: s390: include std.h Tiezhu Yang (2): LoongArch: Fix build failure with GCC 15 (-std=gnu23) LoongArch: BPF: Sign-extend return values Tiwei Bie (7): um: ubd: Do not use drvdata in release um: net: Do not use drvdata in release um: vector: Do not use drvdata in release um: Fix potential integer overflow during physmem setup um: Fix the return value of elf_core_copy_task_fpregs um: ubd: Initialize ubd's disk pointer in ubd_add um: Always dump trace for specified task in show_stack Todd Kjos (1): PCI: Fix reset_method_store() memory leak Tomas Glozar (1): rtla/timerlat: Do not set params->user_workload with -U Tomas Paukrt (1): crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys Tomasz Maciej Nowak (1): arm64: tegra: p2180: Add mandatory compatible for WiFi node Tomi Valkeinen (3): drm/omap: Fix possible NULL dereference drm/omap: Fix locking in omap_gem_new_dmabuf() drm/bridge: tc358767: Fix link properties discovery Tony Ambardar (1): libbpf: Fix output .symtab byte-order during linking Trond Myklebust (2): NFSv4.0: Fix a use-after-free problem in the asynchronous open() Revert "nfs: don't reuse partially completed requests in nfs_lock_and_join_requests" Tvrtko Ursulin (1): drm/v3d: Appease lockdep while updating GPU stats Uladzislau Rezki (Sony) (2): rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu rcuscale: Do a proper cleanup if kfree_scale_init() fails Uros Bizjak (3): cleanup: Remove address space of returned pointer locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64() locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu() Usama Arif (1): of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Uwe Kleine-König (1): pwm: Assume a disabled PWM to emit a constant inactive output Vasant Hegde (1): iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB Venkata Prasad Potturu (1): ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry Veronika Molnarova (2): perf test attr: Add back missing topdown events perf dso: Fix symtab_type for kmod compression Vijendar Mukunda (2): ASoC: amd: acp: fix for inconsistent indenting ASoC: amd: acp: fix for cpu dai index logic Viktor Malik (1): selftests/bpf: skip the timer_lockup test for single-CPU nodes Vineeth Vijayan (1): s390/cio: Do not unregister the subchannel based on DNV Vitalii Mordan (2): marvell: pxa168_eth: fix call balance of pep->clk handling routines usb: ehci-spear: fix call balance of sehci clk handling routines Vitaly Kuznetsov (1): HID: hyperv: streamline driver probe to avoid devres issues Wang Hai (1): crypto: qat - Fix missing destroy_workqueue in adf_init_aer() Waqar Hameed (1): ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Weili Qian (1): crypto: hisilicon/qm - disable same error report before resetting Will Deacon (1): arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Wolfram Sang (2): ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash rtc: rzn1: fix BCD to rtc_time conversion errors Xiaolei Wang (1): drm/etnaviv: Request pages from DMA32 zone on addressing_limited Xiuhong Wang (1): f2fs: fix fiemap failure issue when page size is 16KB Xu Kuohai (3): bpf, arm64: Remove garbage frame for struct_ops trampoline bpf: Use function pointers count as struct_ops links count bpf: Add kernel symbol for struct_ops trampoline Yang Erkun (3): brd: defer automatic disk creation until module initialization succeeds nfsd: release svc_expkey/svc_export with rcu_work SUNRPC: make sure cache entry active before cache_show Yang Wang (1): drm/amdgpu: fix ACA bank count boundary check error Yang Yingliang (3): clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() iio: backend: fix wrong pointer passed to IS_ERR() Yao Zi (1): platform/x86: panasonic-laptop: Return errno correctly in show callback Ye Bin (3): scsi: bfa: Fix use-after-free in bfad_im_module_exit() f2fs: fix null-ptr-deref in f2fs_submit_page_bio() svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Yi Yang (1): crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Yicong Yang (1): perf build: Add missing cflags when building with custom libtraceevent Yihang Li (1): scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Yishai Hadas (2): vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data() Yong-Xuan Wang (1): RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Yongliang Gao (1): rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Yongpeng Yang (1): f2fs: check curseg->inited before write_sum_page in change_curseg Yu Kuai (2): block: fix uaf for flush rq while iterating tags block, bfq: fix bfqq uaf in bfq_limit_depth() Yuan Can (5): firmware: google: Unregister driver_info on failure wifi: wfx: Fix error handling in wfx_core_init() drm/amdkfd: Fix wrong usage of INIT_WORK() cpufreq: loongson2: Unregister platform_driver on failure Input: cs40l50 - fix wrong usage of INIT_WORK() Yuan Chen (1): bpf: Fix the xdp_adjust_tail sample prog issue Yuezhang Mo (2): exfat: fix file being changed by unaligned direct write exfat: fix out-of-bounds access of directory entries Yunseong Kim (1): ksmbd: fix use-after-free in SMB request handling Yutaro Ohno (1): rust: kernel: fix THIS_MODULE header path in ThisModule doc comment Yuyu Li (1): RDMA/hns: Modify debugfs name Zach Wade (1): Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()" Zeng Heng (2): scsi: fusion: Remove unused variable 'rc' f2fs: Fix not used variable 'index' Zhang Changzhong (1): mfd: rt5033: Fix missing regmap_del_irq_chip() Zhang Rui (1): tools/power turbostat: Fix trailing '\n' parsing Zhang Xianwei (1): brd: decrease the number of allocated pages which discarded Zhang Zekun (2): pmdomain: ti-sci: Add missing of_node_put() for args.np powerpc/kexec: Fix return of uninitialized variable ZhangPeng (1): hostfs: Fix the NULL vs IS_ERR() bug for __filemap_get_folio() Zhen Lei (3): scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Zheng Yejian (1): x86/unwind/orc: Fix unwind for newly forked tasks Zhenzhong Duan (2): iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() iommu/vt-d: Fix checks and print in pgtable_walk() Zhiguo Niu (1): f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Zhihao Cheng (4): ubi: wl: Put source PEB into correct list if trying locking LEB failed ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty ubifs: Correct the total block count by deducting journal reservation ubi: fastmap: Fix duplicate slab cache names while attaching Zhongqiu Han (1): PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' Zhu Yanjun (1): RDMA/rxe: Fix the qp flush warnings in req Zichen Xie (3): drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() Zicheng Qu (3): drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp iio: gts: Fix uninitialized symbol 'ret' Zijian Zhang (9): selftests/bpf: Fix msg_verify_data in test_sockmap selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap selftests/bpf: Fix SENDPAGE data logic in test_sockmap selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap bpf, sockmap: Several fixes to bpf_msg_push_data bpf, sockmap: Several fixes to bpf_msg_pop_data bpf, sockmap: Fix sk_msg_reset_curr Ziwei Xiao (1): gve: Flow steering trigger reset only for timeout error Zizhi Wo (4): cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter() cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter() cachefiles: Fix NULL pointer dereference in object->file netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING Zong-Zhe Yang (7): wifi: rtw89: rename rtw89_vif to rtw89_vif_link ahead for MLO wifi: rtw89: rename rtw89_sta to rtw89_sta_link ahead for MLO wifi: rtw89: read bss_conf corresponding to the link wifi: rtw89: read link_sta corresponding to the link wifi: rtw89: refactor VIF related func ahead for MLO wifi: rtw89: refactor STA related func ahead for MLO wifi: rtw89: tweak driver architecture for impending MLO support Zqiang (1): rcu/nocb: Fix missed RCU barrier on deoffloading chao liu (1): apparmor: fix 'Do simple duplicate message elimination' guanjing (1): selftests: netfilter: Fix missing return values in conntrack_dump_flush wenglianfa (3): RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci RDMA/hns: Fix flush cqe error when racing with destroy qp RDMA/hns: Fix cpu stuck caused by printings during reset zhang jiao (1): pinctrl: k210: Undef K210_PC_DEFAULT

6 months, 2 weeks

3
5
0 0

[merged mm-hotfixes-stable] sched-numa-fix-memory-leak-due-to-the-overwritten-vma-numab_state.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: sched/numa: fix memory leak due to the overwritten vma->numab_state has been removed from the -mm tree. Its filename was sched-numa-fix-memory-leak-due-to-the-overwritten-vma-numab_state.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Adrian Huang <ahuang12(a)lenovo.com> Subject: sched/numa: fix memory leak due to the overwritten vma->numab_state Date: Wed, 13 Nov 2024 18:21:46 +0800 [Problem Description] When running the hackbench program of LTP, the following memory leak is reported by kmemleak. # /opt/ltp/testcases/bin/hackbench 20 thread 1000 Running with 20*40 (== 800) tasks. # dmesg | grep kmemleak ... kmemleak: 480 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 665 new suspected memory leaks (see /sys/kernel/debug/kmemleak) # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff888cd8ca2c40 (size 64): comm "hackbench", pid 17142, jiffies 4299780315 hex dump (first 32 bytes): ac 74 49 00 01 00 00 00 4c 84 49 00 01 00 00 00 .tI.....L.I..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc bff18fd4): [<ffffffff81419a89>] __kmalloc_cache_noprof+0x2f9/0x3f0 [<ffffffff8113f715>] task_numa_work+0x725/0xa00 [<ffffffff8110f878>] task_work_run+0x58/0x90 [<ffffffff81ddd9f8>] syscall_exit_to_user_mode+0x1c8/0x1e0 [<ffffffff81dd78d5>] do_syscall_64+0x85/0x150 [<ffffffff81e0012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e ... This issue can be consistently reproduced on three different servers: * a 448-core server * a 256-core server * a 192-core server [Root Cause] Since multiple threads are created by the hackbench program (along with the command argument 'thread'), a shared vma might be accessed by two or more cores simultaneously. When two or more cores observe that vma->numab_state is NULL at the same time, vma->numab_state will be overwritten. Although current code ensures that only one thread scans the VMAs in a single 'numa_scan_period', there might be a chance for another thread to enter in the next 'numa_scan_period' while we have not gotten till numab_state allocation [1]. Note that the command `/opt/ltp/testcases/bin/hackbench 50 process 1000` cannot the reproduce the issue. It is verified with 200+ test runs. [Solution] Use the cmpxchg atomic operation to ensure that only one thread executes the vma->numab_state assignment. [1] https://lore.kernel.org/lkml/1794be3c-358c-4cdc-a43d-a1f841d91ef7@amd.com/ Link: https://lkml.kernel.org/r/20241113102146.2384-1-ahuang12@lenovo.com Fixes: ef6a22b70f6d ("sched/numa: apply the scan delay to every new vma") Signed-off-by: Adrian Huang <ahuang12(a)lenovo.com> Reported-by: Jiwei Sun <sunjw10(a)lenovo.com> Reviewed-by: Raghavendra K T <raghavendra.kt(a)amd.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Ben Segall <bsegall(a)google.com> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/sched/fair.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) --- a/kernel/sched/fair.c~sched-numa-fix-memory-leak-due-to-the-overwritten-vma-numab_state +++ a/kernel/sched/fair.c @@ -3399,10 +3399,16 @@ retry_pids: /* Initialise new per-VMA NUMAB state. */ if (!vma->numab_state) { - vma->numab_state = kzalloc(sizeof(struct vma_numab_state), - GFP_KERNEL); - if (!vma->numab_state) + struct vma_numab_state *ptr; + + ptr = kzalloc(sizeof(*ptr), GFP_KERNEL); + if (!ptr) + continue; + + if (cmpxchg(&vma->numab_state, NULL, ptr)) { + kfree(ptr); continue; + } vma->numab_state->start_scan_seq = mm->numa_scan_seq; _ Patches currently in -mm which might be from ahuang12(a)lenovo.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-fix-order-of-arguments-in-damos_before_apply-tracepoint.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon: fix order of arguments in damos_before_apply tracepoint has been removed from the -mm tree. Its filename was mm-damon-fix-order-of-arguments-in-damos_before_apply-tracepoint.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Akinobu Mita <akinobu.mita(a)gmail.com> Subject: mm/damon: fix order of arguments in damos_before_apply tracepoint Date: Fri, 15 Nov 2024 10:20:23 -0800 Since the order of the scheme_idx and target_idx arguments in TP_ARGS is reversed, they are stored in the trace record in reverse. Link: https://lkml.kernel.org/r/20241115182023.43118-1-sj@kernel.org Link: https://patch.msgid.link/20241112154828.40307-1-akinobu.mita@gmail.com Fixes: c603c630b509 ("mm/damon/core: add a tracepoint for damos apply target regions") Signed-off-by: Akinobu Mita <akinobu.mita(a)gmail.com> Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/trace/events/damon.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/trace/events/damon.h~mm-damon-fix-order-of-arguments-in-damos_before_apply-tracepoint +++ a/include/trace/events/damon.h @@ -15,7 +15,7 @@ TRACE_EVENT_CONDITION(damos_before_apply unsigned int target_idx, struct damon_region *r, unsigned int nr_regions, bool do_trace), - TP_ARGS(context_idx, target_idx, scheme_idx, r, nr_regions, do_trace), + TP_ARGS(context_idx, scheme_idx, target_idx, r, nr_regions, do_trace), TP_CONDITION(do_trace), _ Patches currently in -mm which might be from akinobu.mita(a)gmail.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] lib-stackinit-hide-never-taken-branch-from-compiler.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: lib: stackinit: hide never-taken branch from compiler has been removed from the -mm tree. Its filename was lib-stackinit-hide-never-taken-branch-from-compiler.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kees Cook <kees(a)kernel.org> Subject: lib: stackinit: hide never-taken branch from compiler Date: Sun, 17 Nov 2024 03:38:13 -0800 The never-taken branch leads to an invalid bounds condition, which is by design. To avoid the unwanted warning from the compiler, hide the variable from the optimizer. ../lib/stackinit_kunit.c: In function 'do_nothing_u16_zero': ../lib/stackinit_kunit.c:51:49: error: array subscript 1 is outside array bounds of 'u16[0]' {aka 'short unsigned int[]'} [-Werror=array-bounds=] 51 | #define DO_NOTHING_RETURN_SCALAR(ptr) *(ptr) | ^~~~~~ ../lib/stackinit_kunit.c:219:24: note: in expansion of macro 'DO_NOTHING_RETURN_SCALAR' 219 | return DO_NOTHING_RETURN_ ## which(ptr + 1); \ | ^~~~~~~~~~~~~~~~~~ Link: https://lkml.kernel.org/r/20241117113813.work.735-kees@kernel.org Signed-off-by: Kees Cook <kees(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/stackinit_kunit.c | 1 + 1 file changed, 1 insertion(+) --- a/lib/stackinit_kunit.c~lib-stackinit-hide-never-taken-branch-from-compiler +++ a/lib/stackinit_kunit.c @@ -212,6 +212,7 @@ static noinline void test_ ## name (stru static noinline DO_NOTHING_TYPE_ ## which(var_type) \ do_nothing_ ## name(var_type *ptr) \ { \ + OPTIMIZER_HIDE_VAR(ptr); \ /* Will always be true, but compiler doesn't know. */ \ if ((unsigned long)ptr > 0x2) \ return DO_NOTHING_RETURN_ ## which(ptr); \ _ Patches currently in -mm which might be from kees(a)kernel.org are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-respect-mmap-hint-address-when-aligning-for-thp.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: respect mmap hint address when aligning for THP has been removed from the -mm tree. Its filename was mm-respect-mmap-hint-address-when-aligning-for-thp.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kalesh Singh <kaleshsingh(a)google.com> Subject: mm: respect mmap hint address when aligning for THP Date: Mon, 18 Nov 2024 13:46:48 -0800 Commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") updated __get_unmapped_area() to align the start address for the VMA to a PMD boundary if CONFIG_TRANSPARENT_HUGEPAGE=y. It does this by effectively looking up a region that is of size, request_size + PMD_SIZE, and aligning up the start to a PMD boundary. Commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") opted out of this for 32bit due to regressions in mmap base randomization. Commit d4148aeab412 ("mm, mmap: limit THP alignment of anonymous mappings to PMD-aligned sizes") restricted this to only mmap sizes that are multiples of the PMD_SIZE due to reported regressions in some performance benchmarks -- which seemed mostly due to the reduced spatial locality of related mappings due to the forced PMD-alignment. Another unintended side effect has emerged: When a user specifies an mmap hint address, the THP alignment logic modifies the behavior, potentially ignoring the hint even if a sufficiently large gap exists at the requested hint location. Example Scenario: Consider the following simplified virtual address (VA) space: ... 0x200000-0x400000 --- VMA A 0x400000-0x600000 --- Hole 0x600000-0x800000 --- VMA B ... A call to mmap() with hint=0x400000 and len=0x200000 behaves differently: - Before THP alignment: The requested region (size 0x200000) fits into the gap at 0x400000, so the hint is respected. - After alignment: The logic searches for a region of size 0x400000 (len + PMD_SIZE) starting at 0x400000. This search fails due to the mapping at 0x600000 (VMA B), and the hint is ignored, falling back to arch_get_unmapped_area[_topdown](). In general the hint is effectively ignored, if there is any existing mapping in the below range: [mmap_hint + mmap_size, mmap_hint + mmap_size + PMD_SIZE) This changes the semantics of mmap hint; from ""Respect the hint if a sufficiently large gap exists at the requested location" to "Respect the hint only if an additional PMD-sized gap exists beyond the requested size". This has performance implications for allocators that allocate their heap using mmap but try to keep it "as contiguous as possible" by using the end of the exisiting heap as the address hint. With the new behavior it's more likely to get a much less contiguous heap, adding extra fragmentation and performance overhead. To restore the expected behavior; don't use thp_get_unmapped_area_vmflags() when the user provided a hint address, for anonymous mappings. Note: As Yang Shi pointed out: the issue still remains for filesystems which are using thp_get_unmapped_area() for their get_unmapped_area() op. It is unclear what worklaods will regress for if we ignore THP alignment when the hint address is provided for such file backed mappings -- so this fix will be handled separately. Link: https://lkml.kernel.org/r/20241118214650.3667577-1-kaleshsingh@google.com Fixes: efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") Signed-off-by: Kalesh Singh <kaleshsingh(a)google.com> Reviewed-by: Rik van Riel <riel(a)surriel.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yang Shi <yang(a)os.amperecomputing.com> Cc: Rik van Riel <riel(a)surriel.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Hans Boehm <hboehm(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mmap.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/mmap.c~mm-respect-mmap-hint-address-when-aligning-for-thp +++ a/mm/mmap.c @@ -889,6 +889,7 @@ __get_unmapped_area(struct file *file, u if (get_area) { addr = get_area(file, addr, len, pgoff, flags); } else if (IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE) + && !addr /* no hint */ && IS_ALIGNED(len, PMD_SIZE)) { /* Ensures that larger anonymous mappings are THP aligned. */ addr = thp_get_unmapped_area_vmflags(file, addr, len, _ Patches currently in -mm which might be from kaleshsingh(a)google.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-memcg-declare-do_memsw_account-inline.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: memcg: declare do_memsw_account inline has been removed from the -mm tree. Its filename was mm-memcg-declare-do_memsw_account-inline.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: John Sperbeck <jsperbeck(a)google.com> Subject: mm: memcg: declare do_memsw_account inline Date: Thu, 28 Nov 2024 12:39:59 -0800 In commit 66d60c428b23 ("mm: memcg: move legacy memcg event code into memcontrol-v1.c"), the static do_memsw_account() function was moved from a .c file to a .h file. Unfortunately, the traditional inline keyword wasn't added. If a file (e.g., a unit test) includes the .h file, but doesn't refer to do_memsw_account(), it will get a warning like: mm/memcontrol-v1.h:41:13: warning: unused function 'do_memsw_account' [-Wunused-function] 41 | static bool do_memsw_account(void) | ^~~~~~~~~~~~~~~~ Link: https://lkml.kernel.org/r/20241128203959.726527-1-jsperbeck@google.com Fixes: 66d60c428b23 ("mm: memcg: move legacy memcg event code into memcontrol-v1.c") Signed-off-by: John Sperbeck <jsperbeck(a)google.com> Acked-by: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memcontrol-v1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/memcontrol-v1.h~mm-memcg-declare-do_memsw_account-inline +++ a/mm/memcontrol-v1.h @@ -38,7 +38,7 @@ void mem_cgroup_id_put_many(struct mem_c iter = mem_cgroup_iter(NULL, iter, NULL)) /* Whether legacy memory+swap accounting is active */ -static bool do_memsw_account(void) +static inline bool do_memsw_account(void) { return !cgroup_subsys_on_dfl(memory_cgrp_subsys); } _ Patches currently in -mm which might be from jsperbeck(a)google.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] ocfs2-update-seq_file-index-in-ocfs2_dlm_seq_next-v2.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: update seq_file index in ocfs2_dlm_seq_next has been removed from the -mm tree. Its filename was ocfs2-update-seq_file-index-in-ocfs2_dlm_seq_next-v2.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wengang Wang <wen.gang.wang(a)oracle.com> Subject: ocfs2: update seq_file index in ocfs2_dlm_seq_next Date: Tue, 19 Nov 2024 09:45:00 -0800 The following INFO level message was seen: seq_file: buggy .next function ocfs2_dlm_seq_next [ocfs2] did not update position index Fix: Update *pos (so m->index) to make seq_read_iter happy though the index its self makes no sense to ocfs2_dlm_seq_next. Link: https://lkml.kernel.org/r/20241119174500.9198-1-wen.gang.wang@oracle.com Signed-off-by: Wengang Wang <wen.gang.wang(a)oracle.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/dlmglue.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ocfs2/dlmglue.c~ocfs2-update-seq_file-index-in-ocfs2_dlm_seq_next-v2 +++ a/fs/ocfs2/dlmglue.c @@ -3110,6 +3110,7 @@ static void *ocfs2_dlm_seq_next(struct s struct ocfs2_lock_res *iter = v; struct ocfs2_lock_res *dummy = &priv->p_iter_res; + (*pos)++; spin_lock(&ocfs2_dlm_tracking_lock); iter = ocfs2_dlm_next_res(iter, priv); list_del_init(&dummy->l_debug_list); _ Patches currently in -mm which might be from wen.gang.wang(a)oracle.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] stackdepot-fix-stack_depot_save_flags-in-nmi-context.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: stackdepot: fix stack_depot_save_flags() in NMI context has been removed from the -mm tree. Its filename was stackdepot-fix-stack_depot_save_flags-in-nmi-context.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Marco Elver <elver(a)google.com> Subject: stackdepot: fix stack_depot_save_flags() in NMI context Date: Fri, 22 Nov 2024 16:39:47 +0100 Per documentation, stack_depot_save_flags() was meant to be usable from NMI context if STACK_DEPOT_FLAG_CAN_ALLOC is unset. However, it still would try to take the pool_lock in an attempt to save a stack trace in the current pool (if space is available). This could result in deadlock if an NMI is handled while pool_lock is already held. To avoid deadlock, only try to take the lock in NMI context and give up if unsuccessful. The documentation is fixed to clearly convey this. Link: https://lkml.kernel.org/r/Z0CcyfbPqmxJ9uJH@elver.google.com Link: https://lkml.kernel.org/r/20241122154051.3914732-1-elver@google.com Fixes: 4434a56ec209 ("stackdepot: make fast paths lock-less again") Signed-off-by: Marco Elver <elver(a)google.com> Reported-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/stackdepot.h | 6 +++--- lib/stackdepot.c | 10 +++++++++- 2 files changed, 12 insertions(+), 4 deletions(-) --- a/include/linux/stackdepot.h~stackdepot-fix-stack_depot_save_flags-in-nmi-context +++ a/include/linux/stackdepot.h @@ -147,7 +147,7 @@ static inline int stack_depot_early_init * If the provided stack trace comes from the interrupt context, only the part * up to the interrupt entry is saved. * - * Context: Any context, but setting STACK_DEPOT_FLAG_CAN_ALLOC is required if + * Context: Any context, but unsetting STACK_DEPOT_FLAG_CAN_ALLOC is required if * alloc_pages() cannot be used from the current context. Currently * this is the case for contexts where neither %GFP_ATOMIC nor * %GFP_NOWAIT can be used (NMI, raw_spin_lock). @@ -156,7 +156,7 @@ static inline int stack_depot_early_init */ depot_stack_handle_t stack_depot_save_flags(unsigned long *entries, unsigned int nr_entries, - gfp_t gfp_flags, + gfp_t alloc_flags, depot_flags_t depot_flags); /** @@ -175,7 +175,7 @@ depot_stack_handle_t stack_depot_save_fl * Return: Handle of the stack trace stored in depot, 0 on failure */ depot_stack_handle_t stack_depot_save(unsigned long *entries, - unsigned int nr_entries, gfp_t gfp_flags); + unsigned int nr_entries, gfp_t alloc_flags); /** * __stack_depot_get_stack_record - Get a pointer to a stack_record struct --- a/lib/stackdepot.c~stackdepot-fix-stack_depot_save_flags-in-nmi-context +++ a/lib/stackdepot.c @@ -630,7 +630,15 @@ depot_stack_handle_t stack_depot_save_fl prealloc = page_address(page); } - raw_spin_lock_irqsave(&pool_lock, flags); + if (in_nmi()) { + /* We can never allocate in NMI context. */ + WARN_ON_ONCE(can_alloc); + /* Best effort; bail if we fail to take the lock. */ + if (!raw_spin_trylock_irqsave(&pool_lock, flags)) + goto exit; + } else { + raw_spin_lock_irqsave(&pool_lock, flags); + } printk_deferred_enter(); /* Try to find again, to avoid concurrently inserting duplicates. */ _ Patches currently in -mm which might be from elver(a)google.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-open-code-page_folio-in-dump_page.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: open-code page_folio() in dump_page() has been removed from the -mm tree. Its filename was mm-open-code-page_folio-in-dump_page.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: mm: open-code page_folio() in dump_page() Date: Mon, 25 Nov 2024 20:17:19 +0000 page_folio() calls page_fixed_fake_head() which will misidentify this page as being a fake head and load off the end of 'precise'. We may have a pointer to a fake head, but that's OK because it contains the right information for dump_page(). gcc-15 is smart enough to catch this with -Warray-bounds: In function 'page_fixed_fake_head', inlined from '_compound_head' at ../include/linux/page-flags.h:251:24, inlined from '__dump_page' at ../mm/debug.c:123:11: ../include/asm-generic/rwonce.h:44:26: warning: array subscript 9 is outside +array bounds of 'struct page[1]' [-Warray-bounds=] Link: https://lkml.kernel.org/r/20241125201721.2963278-2-willy@infradead.org Fixes: fae7d834c43c ("mm: add __dump_folio()") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Reported-by: Kees Cook <kees(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/debug.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/mm/debug.c~mm-open-code-page_folio-in-dump_page +++ a/mm/debug.c @@ -124,19 +124,22 @@ static void __dump_page(const struct pag { struct folio *foliop, folio; struct page precise; + unsigned long head; unsigned long pfn = page_to_pfn(page); unsigned long idx, nr_pages = 1; int loops = 5; again: memcpy(&precise, page, sizeof(*page)); - foliop = page_folio(&precise); - if (foliop == (struct folio *)&precise) { + head = precise.compound_head; + if ((head & 1) == 0) { + foliop = (struct folio *)&precise; idx = 0; if (!folio_test_large(foliop)) goto dump; foliop = (struct folio *)page; } else { + foliop = (struct folio *)(head - 1); idx = folio_page_idx(foliop, page); } _ Patches currently in -mm which might be from willy(a)infradead.org are mm-page_alloc-cache-page_zone-result-in-free_unref_page.patch mm-make-alloc_pages_mpol-static.patch mm-page_alloc-export-free_frozen_pages-instead-of-free_unref_page.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-post_alloc_hook.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-prep_new_page.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-get_page_from_freelist.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_cpuset_fallback.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_may_oom.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_direct_compact.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_direct_reclaim.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_slowpath.patch mm-page_alloc-move-set_page_refcounted-to-end-of-__alloc_pages.patch mm-page_alloc-add-__alloc_frozen_pages.patch mm-mempolicy-add-alloc_frozen_pages.patch slab-allocate-frozen-pages.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-open-code-pagetail-in-folio_flags-and-const_folio_flags.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: open-code PageTail in folio_flags() and const_folio_flags() has been removed from the -mm tree. Its filename was mm-open-code-pagetail-in-folio_flags-and-const_folio_flags.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: mm: open-code PageTail in folio_flags() and const_folio_flags() Date: Mon, 25 Nov 2024 20:17:18 +0000 It is unsafe to call PageTail() in dump_page() as page_is_fake_head() will almost certainly return true when called on a head page that is copied to the stack. That will cause the VM_BUG_ON_PGFLAGS() in const_folio_flags() to trigger when it shouldn't. Fortunately, we don't need to call PageTail() here; it's fine to have a pointer to a virtual alias of the page's flag word rather than the real page's flag word. Link: https://lkml.kernel.org/r/20241125201721.2963278-1-willy@infradead.org Fixes: fae7d834c43c ("mm: add __dump_folio()") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Kees Cook <kees(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/page-flags.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/include/linux/page-flags.h~mm-open-code-pagetail-in-folio_flags-and-const_folio_flags +++ a/include/linux/page-flags.h @@ -306,7 +306,7 @@ static const unsigned long *const_folio_ { const struct page *page = &folio->page; - VM_BUG_ON_PGFLAGS(PageTail(page), page); + VM_BUG_ON_PGFLAGS(page->compound_head & 1, page); VM_BUG_ON_PGFLAGS(n > 0 && !test_bit(PG_head, &page->flags), page); return &page[n].flags; } @@ -315,7 +315,7 @@ static unsigned long *folio_flags(struct { struct page *page = &folio->page; - VM_BUG_ON_PGFLAGS(PageTail(page), page); + VM_BUG_ON_PGFLAGS(page->compound_head & 1, page); VM_BUG_ON_PGFLAGS(n > 0 && !test_bit(PG_head, &page->flags), page); return &page[n].flags; } _ Patches currently in -mm which might be from willy(a)infradead.org are mm-page_alloc-cache-page_zone-result-in-free_unref_page.patch mm-make-alloc_pages_mpol-static.patch mm-page_alloc-export-free_frozen_pages-instead-of-free_unref_page.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-post_alloc_hook.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-prep_new_page.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-get_page_from_freelist.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_cpuset_fallback.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_may_oom.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_direct_compact.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_direct_reclaim.patch mm-page_alloc-move-set_page_refcounted-to-callers-of-__alloc_pages_slowpath.patch mm-page_alloc-move-set_page_refcounted-to-end-of-__alloc_pages.patch mm-page_alloc-add-__alloc_frozen_pages.patch mm-mempolicy-add-alloc_frozen_pages.patch slab-allocate-frozen-pages.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-fix-vreallocs-kasan-poisoning-logic.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix vrealloc()'s KASAN poisoning logic has been removed from the -mm tree. Its filename was mm-fix-vreallocs-kasan-poisoning-logic.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Andrii Nakryiko <andrii(a)kernel.org> Subject: mm: fix vrealloc()'s KASAN poisoning logic Date: Mon, 25 Nov 2024 16:52:06 -0800 When vrealloc() reuses already allocated vmap_area, we need to re-annotate poisoned and unpoisoned portions of underlying memory according to the new size. This results in a KASAN splat recorded at [1]. A KASAN mis-reporting issue where there is none. Note, hard-coding KASAN_VMALLOC_PROT_NORMAL might not be exactly correct, but KASAN flag logic is pretty involved and spread out throughout __vmalloc_node_range_noprof(), so I'm using the bare minimum flag here and leaving the rest to mm people to refactor this logic and reuse it here. Link: https://lkml.kernel.org/r/20241126005206.3457974-1-andrii@kernel.org Link: https://lore.kernel.org/bpf/67450f9b.050a0220.21d33d.0004.GAE@google.com/ [1] Fixes: 3ddc2fefe6f3 ("mm: vmalloc: implement vrealloc()") Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Cc: Alexei Starovoitov <ast(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/vmalloc.c~mm-fix-vreallocs-kasan-poisoning-logic +++ a/mm/vmalloc.c @@ -4093,7 +4093,8 @@ void *vrealloc_noprof(const void *p, siz /* Zero out spare memory. */ if (want_init_on_alloc(flags)) memset((void *)p + size, 0, old_size - size); - + kasan_poison_vmalloc(p + size, old_size - size); + kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL); return (void *)p; } _ Patches currently in -mm which might be from andrii(a)kernel.org are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] revert-readahead-properly-shorten-readahead-when-falling-back-to-do_page_cache_ra.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" has been removed from the -mm tree. Its filename was revert-readahead-properly-shorten-readahead-when-falling-back-to-do_page_cache_ra.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jan Kara <jack(a)suse.cz> Subject: Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" Date: Tue, 26 Nov 2024 15:52:08 +0100 This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used with NFS in readahead code. The problem has been bisected to 7c877586da3 ("readahead: properly shorten readahead when falling back to do_page_cache_ra()"). The cause of the problem is that ra->size can be shrunk by read_pages() call and subsequently we end up calling do_page_cache_ra() with negative (read huge positive) number of pages. Let's revert 7c877586da3 for now until we can find a proper way how the logic in read_pages() and page_cache_ra_order() can coexist. This can lead to reduced readahead throughput due to readahead window confusion but that's better than outright hangs. Link: https://lkml.kernel.org/r/20241126145208.985-1-jack@suse.cz Fixes: 7c877586da31 ("readahead: properly shorten readahead when falling back to do_page_cache_ra()") Reported-by: Anders Blomdell <anders.blomdell(a)gmail.com> Reported-by: Philippe Troin <phil(a)fifi.org> Signed-off-by: Jan Kara <jack(a)suse.cz> Tested-by: Philippe Troin <phil(a)fifi.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/mm/readahead.c~revert-readahead-properly-shorten-readahead-when-falling-back-to-do_page_cache_ra +++ a/mm/readahead.c @@ -458,8 +458,7 @@ void page_cache_ra_order(struct readahea struct file_ra_state *ra, unsigned int new_order) { struct address_space *mapping = ractl->mapping; - pgoff_t start = readahead_index(ractl); - pgoff_t index = start; + pgoff_t index = readahead_index(ractl); unsigned int min_order = mapping_min_folio_order(mapping); pgoff_t limit = (i_size_read(mapping->host) - 1) >> PAGE_SHIFT; pgoff_t mark = index + ra->size - ra->async_size; @@ -522,7 +521,7 @@ void page_cache_ra_order(struct readahea if (!err) return; fallback: - do_page_cache_ra(ractl, ra->size - (index - start), ra->async_size); + do_page_cache_ra(ractl, ra->size, ra->async_size); } static unsigned long ractl_max_pages(struct readahead_control *ractl, _ Patches currently in -mm which might be from jack(a)suse.cz are readahead-dont-shorted-readahead-window-in-read_pages.patch readahead-properly-shorten-readahead-when-falling-back-to-do_page_cache_ra.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftests-damon-add-_damon_sysfspy-to-test_files.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/damon: add _damon_sysfs.py to TEST_FILES has been removed from the -mm tree. Its filename was selftests-damon-add-_damon_sysfspy-to-test_files.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Maximilian Heyne <mheyne(a)amazon.de> Subject: selftests/damon: add _damon_sysfs.py to TEST_FILES Date: Wed, 27 Nov 2024 12:08:53 +0000 When running selftests I encountered the following error message with some damon tests: # Traceback (most recent call last): # File "[...]/damon/./damos_quota.py", line 7, in <module> # import _damon_sysfs # ModuleNotFoundError: No module named '_damon_sysfs' Fix this by adding the _damon_sysfs.py file to TEST_FILES so that it will be available when running the respective damon selftests. Link: https://lkml.kernel.org/r/20241127-picks-visitor-7416685b-mheyne@amazon.de Fixes: 306abb63a8ca ("selftests/damon: implement a python module for test-purpose DAMON sysfs controls") Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/damon/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/damon/Makefile~selftests-damon-add-_damon_sysfspy-to-test_files +++ a/tools/testing/selftests/damon/Makefile @@ -6,7 +6,7 @@ TEST_GEN_FILES += debugfs_target_ids_rea TEST_GEN_FILES += debugfs_target_ids_pid_leak TEST_GEN_FILES += access_memory access_memory_even -TEST_FILES = _chk_dependency.sh _debugfs_common.sh +TEST_FILES = _chk_dependency.sh _debugfs_common.sh _damon_sysfs.py # functionality tests TEST_PROGS = debugfs_attrs.sh debugfs_schemes.sh debugfs_target_ids.sh _ Patches currently in -mm which might be from mheyne(a)amazon.de are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] selftest-hugetlb_dio-fix-test-naming.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftest: hugetlb_dio: fix test naming has been removed from the -mm tree. Its filename was selftest-hugetlb_dio-fix-test-naming.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Mark Brown <broonie(a)kernel.org> Subject: selftest: hugetlb_dio: fix test naming Date: Wed, 27 Nov 2024 16:14:22 +0000 The string logged when a test passes or fails is used by the selftest framework to identify which test is being reported. The hugetlb_dio test not only uses the same strings for every test that is run but it also uses different strings for test passes and failures which means that test automation is unable to follow what the test is doing at all. Pull the existing duplicated logging of the number of free huge pages before and after the test out of the conditional and replace that and the logging of the result with a single ksft_print_result() which incorporates the parameters passed into the test into the output. Link: https://lkml.kernel.org/r/20241127-kselftest-mm-hugetlb-dio-names-v1-1-22aa… Fixes: fae1980347bf ("selftests: hugetlb_dio: fixup check for initial conditions to skip in the start") Signed-off-by: Mark Brown <broonie(a)kernel.org> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Donet Tom <donettom(a)linux.ibm.com> Cc: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hugetlb_dio.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) --- a/tools/testing/selftests/mm/hugetlb_dio.c~selftest-hugetlb_dio-fix-test-naming +++ a/tools/testing/selftests/mm/hugetlb_dio.c @@ -76,19 +76,15 @@ void run_dio_using_hugetlb(unsigned int /* Get the free huge pages after unmap*/ free_hpage_a = get_free_hugepages(); + ksft_print_msg("No. Free pages before allocation : %d\n", free_hpage_b); + ksft_print_msg("No. Free pages after munmap : %d\n", free_hpage_a); + /* * If the no. of free hugepages before allocation and after unmap does * not match - that means there could still be a page which is pinned. */ - if (free_hpage_a != free_hpage_b) { - ksft_print_msg("No. Free pages before allocation : %d\n", free_hpage_b); - ksft_print_msg("No. Free pages after munmap : %d\n", free_hpage_a); - ksft_test_result_fail(": Huge pages not freed!\n"); - } else { - ksft_print_msg("No. Free pages before allocation : %d\n", free_hpage_b); - ksft_print_msg("No. Free pages after munmap : %d\n", free_hpage_a); - ksft_test_result_pass(": Huge pages freed successfully !\n"); - } + ksft_test_result(free_hpage_a == free_hpage_b, + "free huge pages from %u-%u\n", start_off, end_off); } int main(void) _ Patches currently in -mm which might be from broonie(a)kernel.org are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() has been removed from the -mm tree. Its filename was nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Date: Wed, 20 Nov 2024 02:23:37 +0900 Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned. This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size. Fix this issue by changing the type of the local variable causing the bit loss from "unsigned int" to "u64". The return value of nilfs_last_byte() is also of type "unsigned int", but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required. Link: https://lkml.kernel.org/r/20241119172403.9292-1-konishi.ryusuke@gmail.com Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+96d5d14c47d97015c624(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=96d5d14c47d97015c624 Tested-by: syzbot+96d5d14c47d97015c624(a)syzkaller.appspotmail.com Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/nilfs2/dir.c~nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry +++ a/fs/nilfs2/dir.c @@ -70,7 +70,7 @@ static inline unsigned int nilfs_chunk_s */ static unsigned int nilfs_last_byte(struct inode *inode, unsigned long page_nr) { - unsigned int last_byte = inode->i_size; + u64 last_byte = inode->i_size; last_byte -= page_nr << PAGE_SHIFT; if (last_byte > PAGE_SIZE) _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] kasan-make-report_lock-a-raw-spinlock.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kasan: make report_lock a raw spinlock has been removed from the -mm tree. Its filename was kasan-make-report_lock-a-raw-spinlock.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jared Kangas <jkangas(a)redhat.com> Subject: kasan: make report_lock a raw spinlock Date: Tue, 19 Nov 2024 13:02:34 -0800 If PREEMPT_RT is enabled, report_lock is a sleeping spinlock and must not be locked when IRQs are disabled. However, KASAN reports may be triggered in such contexts. For example: char *s = kzalloc(1, GFP_KERNEL); kfree(s); local_irq_disable(); char c = *s; /* KASAN report here leads to spin_lock() */ local_irq_enable(); Make report_spinlock a raw spinlock to prevent rescheduling when PREEMPT_RT is enabled. Link: https://lkml.kernel.org/r/20241119210234.1602529-1-jkangas@redhat.com Fixes: 342a93247e08 ("locking/spinlock: Provide RT variant header: <linux/spinlock_rt.h>") Signed-off-by: Jared Kangas <jkangas(a)redhat.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/report.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/mm/kasan/report.c~kasan-make-report_lock-a-raw-spinlock +++ a/mm/kasan/report.c @@ -201,7 +201,7 @@ static inline void fail_non_kasan_kunit_ #endif /* CONFIG_KUNIT */ -static DEFINE_SPINLOCK(report_lock); +static DEFINE_RAW_SPINLOCK(report_lock); static void start_report(unsigned long *flags, bool sync) { @@ -212,7 +212,7 @@ static void start_report(unsigned long * lockdep_off(); /* Make sure we don't end up in loop. */ report_suppress_start(); - spin_lock_irqsave(&report_lock, *flags); + raw_spin_lock_irqsave(&report_lock, *flags); pr_err("==================================================================\n"); } @@ -222,7 +222,7 @@ static void end_report(unsigned long *fl trace_error_report_end(ERROR_DETECTOR_KASAN, (unsigned long)addr); pr_err("==================================================================\n"); - spin_unlock_irqrestore(&report_lock, *flags); + raw_spin_unlock_irqrestore(&report_lock, *flags); if (!test_bit(KASAN_BIT_MULTI_SHOT, &kasan_flags)) check_panic_on_warn("KASAN"); switch (kasan_arg_fault) { _ Patches currently in -mm which might be from jkangas(a)redhat.com are

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-mempolicy-fix-migrate_to_node-assuming-there-is-at-least-one-vma-in-a-mm.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM has been removed from the -mm tree. Its filename was mm-mempolicy-fix-migrate_to_node-assuming-there-is-at-least-one-vma-in-a-mm.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM Date: Wed, 20 Nov 2024 21:11:51 +0100 We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm(a)linux-foundation.org: add unlikely()] Link: https://lkml.kernel.org/r/20241120201151.9518-1-david@redhat.com Fixes: 39743889aaf7 ("[PATCH] Swap Migration V5: sys_migrate_pages interface") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reported-by: syzbot+3511625422f7aa637f0d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/lkml/673d2696.050a0220.3c9d61.012f.GAE@google.com/T/ Reviewed-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reviewed-by: Christoph Lameter <cl(a)linux.com> Cc: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/mempolicy.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/mempolicy.c~mm-mempolicy-fix-migrate_to_node-assuming-there-is-at-least-one-vma-in-a-mm +++ a/mm/mempolicy.c @@ -1080,6 +1080,10 @@ static long migrate_to_node(struct mm_st mmap_read_lock(mm); vma = find_vma(mm, 0); + if (unlikely(!vma)) { + mmap_read_unlock(mm); + return 0; + } /* * This does not migrate the range, but isolates all pages that _ Patches currently in -mm which might be from david(a)redhat.com are docs-tmpfs-update-the-large-folios-policy-for-tmpfs-and-shmem.patch mm-memory_hotplug-move-debug_pagealloc_map_pages-into-online_pages_range.patch mm-page_isolation-dont-pass-gfp-flags-to-isolate_single_pageblock.patch mm-page_isolation-dont-pass-gfp-flags-to-start_isolate_page_range.patch mm-page_alloc-make-__alloc_contig_migrate_range-static.patch mm-page_alloc-sort-out-the-alloc_contig_range-gfp-flags-mess.patch mm-page_alloc-forward-the-gfp-flags-from-alloc_contig_range-to-post_alloc_hook.patch powernv-memtrace-use-__gfp_zero-with-alloc_contig_pages.patch mm-hugetlb-dont-map-folios-writable-without-vm_write-when-copying-during-fork.patch fs-proc-vmcore-convert-vmcore_cb_lock-into-vmcore_mutex.patch fs-proc-vmcore-replace-vmcoredd_mutex-by-vmcore_mutex.patch fs-proc-vmcore-disallow-vmcore-modifications-while-the-vmcore-is-open.patch fs-proc-vmcore-prefix-all-pr_-with-vmcore.patch fs-proc-vmcore-move-vmcore-definitions-out-of-kcoreh.patch fs-proc-vmcore-factor-out-allocating-a-vmcore-range-and-adding-it-to-a-list.patch fs-proc-vmcore-factor-out-freeing-a-list-of-vmcore-ranges.patch fs-proc-vmcore-introduce-proc_vmcore_device_ram-to-detect-device-ram-ranges-in-2nd-kernel.patch virtio-mem-mark-device-ready-before-registering-callbacks-in-kdump-mode.patch virtio-mem-remember-usable-region-size.patch virtio-mem-support-config_proc_vmcore_device_ram.patch s390-kdump-virtio-mem-kdump-support-config_proc_vmcore_device_ram.patch

6 months, 2 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-gup-handle-null-pages-in-unpin_user_pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/gup: handle NULL pages in unpin_user_pages() has been removed from the -mm tree. Its filename was mm-gup-handle-null-pages-in-unpin_user_pages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: John Hubbard <jhubbard(a)nvidia.com> Subject: mm/gup: handle NULL pages in unpin_user_pages() Date: Wed, 20 Nov 2024 19:49:33 -0800 The recent addition of "pofs" (pages or folios) handling to gup has a flaw: it assumes that unpin_user_pages() handles NULL pages in the pages** array. That's not the case, as I discovered when I ran on a new configuration on my test machine. Fix this by skipping NULL pages in unpin_user_pages(), just like unpin_folios() already does. Details: when booting on x86 with "numa=fake=2 movablecore=4G" on Linux 6.12, and running this: tools/testing/selftests/mm/gup_longterm ...I get the following crash: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:sanity_check_pinned_pages+0x3a/0x2d0 ... Call Trace: <TASK> ? __die_body+0x66/0xb0 ? page_fault_oops+0x30c/0x3b0 ? do_user_addr_fault+0x6c3/0x720 ? irqentry_enter+0x34/0x60 ? exc_page_fault+0x68/0x100 ? asm_exc_page_fault+0x22/0x30 ? sanity_check_pinned_pages+0x3a/0x2d0 unpin_user_pages+0x24/0xe0 check_and_migrate_movable_pages_or_folios+0x455/0x4b0 __gup_longterm_locked+0x3bf/0x820 ? mmap_read_lock_killable+0x12/0x50 ? __pfx_mmap_read_lock_killable+0x10/0x10 pin_user_pages+0x66/0xa0 gup_test_ioctl+0x358/0xb20 __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x76/0x7e Link: https://lkml.kernel.org/r/20241121034933.77502-1-jhubbard@nvidia.com Fixes: 94efde1d1539 ("mm/gup: avoid an unnecessary allocation call for FOLL_LONGTERM cases") Signed-off-by: John Hubbard <jhubbard(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Gerd Hoffmann <kraxel(a)redhat.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: Dongwon Kim <dongwon.kim(a)intel.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Junxiao Chang <junxiao.chang(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) --- a/mm/gup.c~mm-gup-handle-null-pages-in-unpin_user_pages +++ a/mm/gup.c @@ -52,7 +52,12 @@ static inline void sanity_check_pinned_p */ for (; npages; npages--, pages++) { struct page *page = *pages; - struct folio *folio = page_folio(page); + struct folio *folio; + + if (!page) + continue; + + folio = page_folio(page); if (is_zero_page(page) || !folio_test_anon(folio)) @@ -409,6 +414,10 @@ void unpin_user_pages(struct page **page sanity_check_pinned_pages(pages, npages); for (i = 0; i < npages; i += nr) { + if (!pages[i]) { + nr = 1; + continue; + } folio = gup_folio_next(pages, npages, i, &nr); gup_put_folio(folio, nr, FOLL_PIN); } _ Patches currently in -mm which might be from jhubbard(a)nvidia.com are

6 months, 2 weeks

1
0
0 0

+ mm-shmem-fix-shmemhugepages-at-swapout.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: shmem: fix ShmemHugePages at swapout has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-shmem-fix-shmemhugepages-at-swapout.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm: shmem: fix ShmemHugePages at swapout Date: Wed, 4 Dec 2024 22:50:06 -0800 (PST) /proc/meminfo ShmemHugePages has been showing overlarge amounts (more than Shmem) after swapping out THPs: we forgot to update NR_SHMEM_THPS. Add shmem_update_stats(), to avoid repetition, and risk of making that mistake again: the call from shmem_delete_from_page_cache() is the bugfix; the call from shmem_replace_folio() is reassuring, but not really a bugfix (replace corrects misplaced swapin readahead, but huge swapin readahead would be a mistake). Link: https://lkml.kernel.org/r/5ba477c8-a569-70b5-923e-09ab221af45b@google.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Hugh Dickins <hughd(a)google.com> Reviewed-by: Shakeel Butt <shakeel.butt(a)linux.dev> Reviewed-by: Yosry Ahmed <yosryahmed(a)google.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) --- a/mm/shmem.c~mm-shmem-fix-shmemhugepages-at-swapout +++ a/mm/shmem.c @@ -787,6 +787,14 @@ static bool shmem_huge_global_enabled(st } #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ +static void shmem_update_stats(struct folio *folio, int nr_pages) +{ + if (folio_test_pmd_mappable(folio)) + __lruvec_stat_mod_folio(folio, NR_SHMEM_THPS, nr_pages); + __lruvec_stat_mod_folio(folio, NR_FILE_PAGES, nr_pages); + __lruvec_stat_mod_folio(folio, NR_SHMEM, nr_pages); +} + /* * Somewhat like filemap_add_folio, but error if expected item has gone. */ @@ -821,10 +829,7 @@ static int shmem_add_to_page_cache(struc xas_store(&xas, folio); if (xas_error(&xas)) goto unlock; - if (folio_test_pmd_mappable(folio)) - __lruvec_stat_mod_folio(folio, NR_SHMEM_THPS, nr); - __lruvec_stat_mod_folio(folio, NR_FILE_PAGES, nr); - __lruvec_stat_mod_folio(folio, NR_SHMEM, nr); + shmem_update_stats(folio, nr); mapping->nrpages += nr; unlock: xas_unlock_irq(&xas); @@ -852,8 +857,7 @@ static void shmem_delete_from_page_cache error = shmem_replace_entry(mapping, folio->index, folio, radswap); folio->mapping = NULL; mapping->nrpages -= nr; - __lruvec_stat_mod_folio(folio, NR_FILE_PAGES, -nr); - __lruvec_stat_mod_folio(folio, NR_SHMEM, -nr); + shmem_update_stats(folio, -nr); xa_unlock_irq(&mapping->i_pages); folio_put_refs(folio, nr); BUG_ON(error); @@ -1969,10 +1973,8 @@ static int shmem_replace_folio(struct fo } if (!error) { mem_cgroup_replace_folio(old, new); - __lruvec_stat_mod_folio(new, NR_FILE_PAGES, nr_pages); - __lruvec_stat_mod_folio(new, NR_SHMEM, nr_pages); - __lruvec_stat_mod_folio(old, NR_FILE_PAGES, -nr_pages); - __lruvec_stat_mod_folio(old, NR_SHMEM, -nr_pages); + shmem_update_stats(new, nr_pages); + shmem_update_stats(old, -nr_pages); } xa_unlock_irq(&swap_mapping->i_pages); _ Patches currently in -mm which might be from hughd(a)google.com are mm-shmem-fix-shmemhugepages-at-swapout.patch

6 months, 2 weeks

1
0
0 0

+ ocfs2-fix-the-space-leak-in-la-when-releasing-la.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix the space leak in LA when releasing LA has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-the-space-leak-in-la-when-releasing-la.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Heming Zhao <heming.zhao(a)suse.com> Subject: ocfs2: fix the space leak in LA when releasing LA Date: Thu, 5 Dec 2024 18:48:33 +0800 Commit 30dd3478c3cd ("ocfs2: correctly use ocfs2_find_next_zero_bit()") introduced an issue, the ocfs2_sync_local_to_main() ignores the last contiguous free bits, which causes an OCFS2 volume to lose the last free clusters of LA window during the release routine. Please note, because commit dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume") was reverted, this commit is a replacement fix for commit dfe6c5692fb5. Link: https://lkml.kernel.org/r/20241205104835.18223-3-heming.zhao@suse.com Fixes: 30dd3478c3cd ("ocfs2: correctly use ocfs2_find_next_zero_bit()") Signed-off-by: Heming Zhao <heming.zhao(a)suse.com> Suggested-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/localalloc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/fs/ocfs2/localalloc.c~ocfs2-fix-the-space-leak-in-la-when-releasing-la +++ a/fs/ocfs2/localalloc.c @@ -971,9 +971,9 @@ static int ocfs2_sync_local_to_main(stru start = count = 0; left = le32_to_cpu(alloc->id1.bitmap1.i_total); - while ((bit_off = ocfs2_find_next_zero_bit(bitmap, left, start)) < - left) { - if (bit_off == start) { + while (1) { + bit_off = ocfs2_find_next_zero_bit(bitmap, left, start); + if ((bit_off < left) && (bit_off == start)) { count++; start++; continue; @@ -998,6 +998,8 @@ static int ocfs2_sync_local_to_main(stru } } + if (bit_off >= left) + break; count = 1; start = bit_off + 1; } _ Patches currently in -mm which might be from heming.zhao(a)suse.com are ocfs2-revert-ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch ocfs2-fix-the-space-leak-in-la-when-releasing-la.patch

6 months, 2 weeks

1
0
0 0

+ ocfs2-revert-ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-revert-ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Heming Zhao <heming.zhao(a)suse.com> Subject: ocfs2: revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" Date: Thu, 5 Dec 2024 18:48:32 +0800 Patch series "Revert ocfs2 commit dfe6c5692fb5 and provide a new fix". SUSE QA team detected a mistake in my commit dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume"). I am very sorry for my error. (If my eyes are correct) From the mailling list mails, this patch shouldn't be applied to 4.19 5.4 5.10 5.15 6.1 6.6, and these branches should perform a revert operation. Reason for revert: In commit dfe6c5692fb5, I mistakenly wrote: "This bug has existed since the initial OCFS2 code.". The statement is wrong. The correct introduction commit is 30dd3478c3cd. IOW, if the branch doesn't include 30dd3478c3cd, dfe6c5692fb5 should also not be included. This reverts commit dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume"). In commit dfe6c5692fb5, the commit log "This bug has existed since the initial OCFS2 code." is wrong. The correct introduction commit is 30dd3478c3cd ("ocfs2: correctly use ocfs2_find_next_zero_bit()"). The influence of commit dfe6c5692fb5 is that it provides a correct fix for the latest kernel. however, it shouldn't be pushed to stable branches. Let's use this commit to revert all branches that include dfe6c5692fb5 and use a new fix method to fix commit 30dd3478c3cd. Link: https://lkml.kernel.org/r/20241205104835.18223-1-heming.zhao@suse.com Link: https://lkml.kernel.org/r/20241205104835.18223-2-heming.zhao@suse.com Fixes: dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume") Signed-off-by: Heming Zhao <heming.zhao(a)suse.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/localalloc.c | 19 ------------------- 1 file changed, 19 deletions(-) --- a/fs/ocfs2/localalloc.c~ocfs2-revert-ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume +++ a/fs/ocfs2/localalloc.c @@ -1002,25 +1002,6 @@ static int ocfs2_sync_local_to_main(stru start = bit_off + 1; } - /* clear the contiguous bits until the end boundary */ - if (count) { - blkno = la_start_blk + - ocfs2_clusters_to_blocks(osb->sb, - start - count); - - trace_ocfs2_sync_local_to_main_free( - count, start - count, - (unsigned long long)la_start_blk, - (unsigned long long)blkno); - - status = ocfs2_release_clusters(handle, - main_bm_inode, - main_bm_bh, blkno, - count); - if (status < 0) - mlog_errno(status); - } - bail: if (status) mlog_errno(status); _ Patches currently in -mm which might be from heming.zhao(a)suse.com are ocfs2-revert-ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch ocfs2-fix-the-space-leak-in-la-when-releasing-la.patch

6 months, 2 weeks

1
0
0 0

+ selftests-memfd-run-sysctl-tests-when-pid-namespace-support-is-enabled.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/memfd: run sysctl tests when PID namespace support is enabled has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-memfd-run-sysctl-tests-when-pid-namespace-support-is-enabled.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Isaac J. Manjarres" <isaacmanjarres(a)google.com> Subject: selftests/memfd: run sysctl tests when PID namespace support is enabled Date: Thu, 5 Dec 2024 11:29:41 -0800 The sysctl tests for vm.memfd_noexec rely on the kernel to support PID namespaces (i.e. the kernel is built with CONFIG_PID_NS=y). If the kernel the test runs on does not support PID namespaces, the first sysctl test will fail when attempting to spawn a new thread in a new PID namespace, abort the test, preventing the remaining tests from being run. This is not desirable, as not all kernels need PID namespaces, but can still use the other features provided by memfd. Therefore, only run the sysctl tests if the kernel supports PID namespaces. Otherwise, skip those tests and emit an informative message to let the user know why the sysctl tests are not being run. Link: https://lkml.kernel.org/r/20241205192943.3228757-1-isaacmanjarres@google.com Fixes: 11f75a01448f ("selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC") Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> Reviewed-by: Jeff Xu <jeffxu(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/memfd/memfd_test.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/tools/testing/selftests/memfd/memfd_test.c~selftests-memfd-run-sysctl-tests-when-pid-namespace-support-is-enabled +++ a/tools/testing/selftests/memfd/memfd_test.c @@ -9,6 +9,7 @@ #include <fcntl.h> #include <linux/memfd.h> #include <sched.h> +#include <stdbool.h> #include <stdio.h> #include <stdlib.h> #include <signal.h> @@ -1599,6 +1600,11 @@ static void test_share_fork(char *banner close(fd); } +static bool pid_ns_supported(void) +{ + return access("/proc/self/ns/pid", F_OK) == 0; +} + int main(int argc, char **argv) { pid_t pid; @@ -1634,8 +1640,12 @@ int main(int argc, char **argv) test_seal_grow(); test_seal_resize(); - test_sysctl_simple(); - test_sysctl_nested(); + if (pid_ns_supported()) { + test_sysctl_simple(); + test_sysctl_nested(); + } else { + printf("PID namespaces are not supported; skipping sysctl tests\n"); + } test_share_dup("SHARE-DUP", ""); test_share_mmap("SHARE-MMAP", ""); _ Patches currently in -mm which might be from isaacmanjarres(a)google.com are selftests-memfd-run-sysctl-tests-when-pid-namespace-support-is-enabled.patch

6 months, 2 weeks

1
0
0 0

[PATCH bpf v2 1/1] selftests/bpf: Actuate tx_metadata_len in xdp_hw_metadata

by Song Yoong Siang

set XDP_UMEM_TX_METADATA_LEN flag to reserve tx_metadata_len bytes of per-chunk metadata. Fixes: d5e726d9143c ("xsk: Require XDP_UMEM_TX_METADATA_LEN to actuate tx_metadata_len") Cc: stable(a)vger.kernel.org # v6.11 Signed-off-by: Song Yoong Siang <yoong.siang.song(a)intel.com> Acked-by: Stanislav Fomichev <sdf(a)fomichev.me> --- v1: https://patchwork.kernel.org/project/netdevbpf/patch/20241204115715.3148412… v1->v2 changelog: - Add Fixes tag (Stanislav). - Add stable(a)vger.kernel.org in email cc list. - Separate the patch into two, current one submit to bpf, another one submit to bpf-next. - Update the commit title. --- tools/testing/selftests/bpf/xdp_hw_metadata.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/testing/selftests/bpf/xdp_hw_metadata.c b/tools/testing/selftests/bpf/xdp_hw_metadata.c index 6f9956eed797..ad6c08dfd6c8 100644 --- a/tools/testing/selftests/bpf/xdp_hw_metadata.c +++ b/tools/testing/selftests/bpf/xdp_hw_metadata.c @@ -79,7 +79,7 @@ static int open_xsk(int ifindex, struct xsk *xsk, __u32 queue_id) .fill_size = XSK_RING_PROD__DEFAULT_NUM_DESCS, .comp_size = XSK_RING_CONS__DEFAULT_NUM_DESCS, .frame_size = XSK_UMEM__DEFAULT_FRAME_SIZE, - .flags = XSK_UMEM__DEFAULT_FLAGS, + .flags = XDP_UMEM_TX_METADATA_LEN, .tx_metadata_len = sizeof(struct xsk_tx_metadata), }; __u32 idx = 0; -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH 6.1.y 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*

by Jing Zhang

commit 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022 upstream. In all the vgic_its_save_*() functinos, they do not check whether the data length is 8 bytes before calling vgic_write_guest_lock. This patch adds the check. To prevent the kernel from being blown up when the fault occurs, KVM_BUG_ON() is used. And the other BUG_ON()s are replaced together. Cc: stable(a)vger.kernel.org Signed-off-by: Kunkun Jiang <jiangkunkun(a)huawei.com> [Jing: Update with the new entry read/write helpers] Signed-off-by: Jing Zhang <jingzhangos(a)google.com> Link: https://lore.kernel.org/r/20241107214137.428439-4-jingzhangos@google.com Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/kvm/vgic/vgic-its.c | 20 ++++++++------------ arch/arm64/kvm/vgic/vgic.h | 24 ++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 092327665a6e..84499545bd8d 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -2207,7 +2207,6 @@ static int scan_its_table(struct vgic_its *its, gpa_t base, int size, u32 esz, static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, struct its_ite *ite, gpa_t gpa, int ite_esz) { - struct kvm *kvm = its->dev->kvm; u32 next_offset; u64 val; @@ -2216,7 +2215,8 @@ static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, ((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) | ite->collection->collection_id; val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, gpa, &val, ite_esz); + + return vgic_its_write_entry_lock(its, gpa, val, ite_esz); } /** @@ -2357,7 +2357,6 @@ static int vgic_its_restore_itt(struct vgic_its *its, struct its_device *dev) static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, gpa_t ptr, int dte_esz) { - struct kvm *kvm = its->dev->kvm; u64 val, itt_addr_field; u32 next_offset; @@ -2368,7 +2367,8 @@ static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, (itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) | (dev->num_eventid_bits - 1)); val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, ptr, &val, dte_esz); + + return vgic_its_write_entry_lock(its, ptr, val, dte_esz); } /** @@ -2555,7 +2555,8 @@ static int vgic_its_save_cte(struct vgic_its *its, ((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) | collection->collection_id); val = cpu_to_le64(val); - return kvm_write_guest_lock(its->dev->kvm, gpa, &val, esz); + + return vgic_its_write_entry_lock(its, gpa, val, esz); } /* @@ -2571,8 +2572,7 @@ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) u64 val; int ret; - BUG_ON(esz > sizeof(val)); - ret = kvm_read_guest_lock(kvm, gpa, &val, esz); + ret = vgic_its_read_entry_lock(its, gpa, &val, esz); if (ret) return ret; val = le64_to_cpu(val); @@ -2610,7 +2610,6 @@ static int vgic_its_save_collection_table(struct vgic_its *its) u64 baser = its->baser_coll_table; gpa_t gpa = GITS_BASER_ADDR_48_to_52(baser); struct its_collection *collection; - u64 val; size_t max_size, filled = 0; int ret, cte_esz = abi->cte_esz; @@ -2634,10 +2633,7 @@ static int vgic_its_save_collection_table(struct vgic_its *its) * table is not fully filled, add a last dummy element * with valid bit unset */ - val = 0; - BUG_ON(cte_esz > sizeof(val)); - ret = kvm_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz); - return ret; + return vgic_its_write_entry_lock(its, gpa, 0, cte_esz); } /** diff --git a/arch/arm64/kvm/vgic/vgic.h b/arch/arm64/kvm/vgic/vgic.h index bc898229167b..056fcee46165 100644 --- a/arch/arm64/kvm/vgic/vgic.h +++ b/arch/arm64/kvm/vgic/vgic.h @@ -6,6 +6,7 @@ #define __KVM_ARM_VGIC_NEW_H__ #include <linux/irqchip/arm-gic-common.h> +#include <asm/kvm_mmu.h> #define PRODUCT_ID_KVM 0x4b /* ASCII code K */ #define IMPLEMENTER_ARM 0x43b @@ -131,6 +132,29 @@ static inline bool vgic_irq_is_multi_sgi(struct vgic_irq *irq) return vgic_irq_get_lr_count(irq) > 1; } +static inline int vgic_its_read_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 *eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(*eval), kvm)) + return -EINVAL; + + return kvm_read_guest_lock(kvm, eaddr, eval, esize); + +} + +static inline int vgic_its_write_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(eval), kvm)) + return -EINVAL; + + return kvm_write_guest_lock(kvm, eaddr, &eval, esize); +} + /* * This struct provides an intermediate representation of the fields contained * in the GICH_VMCR and ICH_VMCR registers, such that code exporting the GIC base-commit: e4d90d63d385228b1e0bcf31cc15539bbbc28f7f -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

3
6
0 0

[PATCH 5.15.y 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*

by Jing Zhang

commit 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022 upstream. In all the vgic_its_save_*() functinos, they do not check whether the data length is 8 bytes before calling vgic_write_guest_lock. This patch adds the check. To prevent the kernel from being blown up when the fault occurs, KVM_BUG_ON() is used. And the other BUG_ON()s are replaced together. Cc: stable(a)vger.kernel.org Signed-off-by: Kunkun Jiang <jiangkunkun(a)huawei.com> [Jing: Update with the new entry read/write helpers] Signed-off-by: Jing Zhang <jingzhangos(a)google.com> Link: https://lore.kernel.org/r/20241107214137.428439-4-jingzhangos@google.com Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/kvm/vgic/vgic-its.c | 20 ++++++++------------ arch/arm64/kvm/vgic/vgic.h | 24 ++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 02ab6ab6ba91..bff7c49dfda5 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -2135,7 +2135,6 @@ static int scan_its_table(struct vgic_its *its, gpa_t base, int size, u32 esz, static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, struct its_ite *ite, gpa_t gpa, int ite_esz) { - struct kvm *kvm = its->dev->kvm; u32 next_offset; u64 val; @@ -2144,7 +2143,8 @@ static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, ((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) | ite->collection->collection_id; val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, gpa, &val, ite_esz); + + return vgic_its_write_entry_lock(its, gpa, val, ite_esz); } /** @@ -2280,7 +2280,6 @@ static int vgic_its_restore_itt(struct vgic_its *its, struct its_device *dev) static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, gpa_t ptr, int dte_esz) { - struct kvm *kvm = its->dev->kvm; u64 val, itt_addr_field; u32 next_offset; @@ -2291,7 +2290,8 @@ static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, (itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) | (dev->num_eventid_bits - 1)); val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, ptr, &val, dte_esz); + + return vgic_its_write_entry_lock(its, ptr, val, dte_esz); } /** @@ -2471,7 +2471,8 @@ static int vgic_its_save_cte(struct vgic_its *its, ((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) | collection->collection_id); val = cpu_to_le64(val); - return kvm_write_guest_lock(its->dev->kvm, gpa, &val, esz); + + return vgic_its_write_entry_lock(its, gpa, val, esz); } static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) @@ -2482,8 +2483,7 @@ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) u64 val; int ret; - BUG_ON(esz > sizeof(val)); - ret = kvm_read_guest_lock(kvm, gpa, &val, esz); + ret = vgic_its_read_entry_lock(its, gpa, &val, esz); if (ret) return ret; val = le64_to_cpu(val); @@ -2517,7 +2517,6 @@ static int vgic_its_save_collection_table(struct vgic_its *its) u64 baser = its->baser_coll_table; gpa_t gpa = GITS_BASER_ADDR_48_to_52(baser); struct its_collection *collection; - u64 val; size_t max_size, filled = 0; int ret, cte_esz = abi->cte_esz; @@ -2541,10 +2540,7 @@ static int vgic_its_save_collection_table(struct vgic_its *its) * table is not fully filled, add a last dummy element * with valid bit unset */ - val = 0; - BUG_ON(cte_esz > sizeof(val)); - ret = kvm_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz); - return ret; + return vgic_its_write_entry_lock(its, gpa, 0, cte_esz); } /** diff --git a/arch/arm64/kvm/vgic/vgic.h b/arch/arm64/kvm/vgic/vgic.h index 2be4b0759f5b..d2fc5ecb223e 100644 --- a/arch/arm64/kvm/vgic/vgic.h +++ b/arch/arm64/kvm/vgic/vgic.h @@ -6,6 +6,7 @@ #define __KVM_ARM_VGIC_NEW_H__ #include <linux/irqchip/arm-gic-common.h> +#include <asm/kvm_mmu.h> #define PRODUCT_ID_KVM 0x4b /* ASCII code K */ #define IMPLEMENTER_ARM 0x43b @@ -126,6 +127,29 @@ static inline bool vgic_irq_is_multi_sgi(struct vgic_irq *irq) return vgic_irq_get_lr_count(irq) > 1; } +static inline int vgic_its_read_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 *eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(*eval), kvm)) + return -EINVAL; + + return kvm_read_guest_lock(kvm, eaddr, eval, esize); + +} + +static inline int vgic_its_write_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(eval), kvm)) + return -EINVAL; + + return kvm_write_guest_lock(kvm, eaddr, &eval, esize); +} + /* * This struct provides an intermediate representation of the fields contained * in the GICH_VMCR and ICH_VMCR registers, such that code exporting the GIC base-commit: 0a51d2d4527b43c5e467ffa6897deefeaf499358 -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

3
6
0 0

[PATCH 5.10.y 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*

by Jing Zhang

commit 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022 upstream. In all the vgic_its_save_*() functinos, they do not check whether the data length is 8 bytes before calling vgic_write_guest_lock. This patch adds the check. To prevent the kernel from being blown up when the fault occurs, KVM_BUG_ON() is used. And the other BUG_ON()s are replaced together. Cc: stable(a)vger.kernel.org Signed-off-by: Kunkun Jiang <jiangkunkun(a)huawei.com> [Jing: Update with the new entry read/write helpers] Signed-off-by: Jing Zhang <jingzhangos(a)google.com> Link: https://lore.kernel.org/r/20241107214137.428439-4-jingzhangos@google.com Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- arch/arm64/kvm/vgic/vgic-its.c | 20 ++++++++------------ arch/arm64/kvm/vgic/vgic.h | 24 ++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/arch/arm64/kvm/vgic/vgic-its.c b/arch/arm64/kvm/vgic/vgic-its.c index 93c0365cdd7b..d3ea81d947b7 100644 --- a/arch/arm64/kvm/vgic/vgic-its.c +++ b/arch/arm64/kvm/vgic/vgic-its.c @@ -2135,7 +2135,6 @@ static int scan_its_table(struct vgic_its *its, gpa_t base, int size, u32 esz, static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, struct its_ite *ite, gpa_t gpa, int ite_esz) { - struct kvm *kvm = its->dev->kvm; u32 next_offset; u64 val; @@ -2144,7 +2143,8 @@ static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, ((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) | ite->collection->collection_id; val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, gpa, &val, ite_esz); + + return vgic_its_write_entry_lock(its, gpa, val, ite_esz); } /** @@ -2280,7 +2280,6 @@ static int vgic_its_restore_itt(struct vgic_its *its, struct its_device *dev) static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, gpa_t ptr, int dte_esz) { - struct kvm *kvm = its->dev->kvm; u64 val, itt_addr_field; u32 next_offset; @@ -2291,7 +2290,8 @@ static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, (itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) | (dev->num_eventid_bits - 1)); val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, ptr, &val, dte_esz); + + return vgic_its_write_entry_lock(its, ptr, val, dte_esz); } /** @@ -2471,7 +2471,8 @@ static int vgic_its_save_cte(struct vgic_its *its, ((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) | collection->collection_id); val = cpu_to_le64(val); - return kvm_write_guest_lock(its->dev->kvm, gpa, &val, esz); + + return vgic_its_write_entry_lock(its, gpa, val, esz); } static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) @@ -2482,8 +2483,7 @@ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) u64 val; int ret; - BUG_ON(esz > sizeof(val)); - ret = kvm_read_guest_lock(kvm, gpa, &val, esz); + ret = vgic_its_read_entry_lock(its, gpa, &val, esz); if (ret) return ret; val = le64_to_cpu(val); @@ -2517,7 +2517,6 @@ static int vgic_its_save_collection_table(struct vgic_its *its) u64 baser = its->baser_coll_table; gpa_t gpa = GITS_BASER_ADDR_48_to_52(baser); struct its_collection *collection; - u64 val; size_t max_size, filled = 0; int ret, cte_esz = abi->cte_esz; @@ -2541,10 +2540,7 @@ static int vgic_its_save_collection_table(struct vgic_its *its) * table is not fully filled, add a last dummy element * with valid bit unset */ - val = 0; - BUG_ON(cte_esz > sizeof(val)); - ret = kvm_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz); - return ret; + return vgic_its_write_entry_lock(its, gpa, 0, cte_esz); } /** diff --git a/arch/arm64/kvm/vgic/vgic.h b/arch/arm64/kvm/vgic/vgic.h index 3d7fa7ef353e..db99a1b167d8 100644 --- a/arch/arm64/kvm/vgic/vgic.h +++ b/arch/arm64/kvm/vgic/vgic.h @@ -6,6 +6,7 @@ #define __KVM_ARM_VGIC_NEW_H__ #include <linux/irqchip/arm-gic-common.h> +#include <asm/kvm_mmu.h> #define PRODUCT_ID_KVM 0x4b /* ASCII code K */ #define IMPLEMENTER_ARM 0x43b @@ -126,6 +127,29 @@ static inline bool vgic_irq_is_multi_sgi(struct vgic_irq *irq) return vgic_irq_get_lr_count(irq) > 1; } +static inline int vgic_its_read_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 *eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(*eval), kvm)) + return -EINVAL; + + return kvm_read_guest_lock(kvm, eaddr, eval, esize); + +} + +static inline int vgic_its_write_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(eval), kvm)) + return -EINVAL; + + return kvm_write_guest_lock(kvm, eaddr, &eval, esize); +} + /* * This struct provides an intermediate representation of the fields contained * in the GICH_VMCR and ICH_VMCR registers, such that code exporting the GIC base-commit: 711d99f845cdb587b7d7cf5e56c289c3d96d27c5 -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

3
6
0 0

[PATCH 5.4.y 1/3] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_*

by Jing Zhang

commit 7fe28d7e68f92cc3d0668b8f2fbdf5c303ac3022 upstream. In all the vgic_its_save_*() functinos, they do not check whether the data length is 8 bytes before calling vgic_write_guest_lock. This patch adds the check. To prevent the kernel from being blown up when the fault occurs, KVM_BUG_ON() is used. And the other BUG_ON()s are replaced together. Cc: stable(a)vger.kernel.org Signed-off-by: Kunkun Jiang <jiangkunkun(a)huawei.com> [Jing: Update with the new entry read/write helpers] Signed-off-by: Jing Zhang <jingzhangos(a)google.com> Link: https://lore.kernel.org/r/20241107214137.428439-4-jingzhangos@google.com Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> --- virt/kvm/arm/vgic/vgic-its.c | 20 ++++++++------------ virt/kvm/arm/vgic/vgic.h | 24 ++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 12 deletions(-) diff --git a/virt/kvm/arm/vgic/vgic-its.c b/virt/kvm/arm/vgic/vgic-its.c index f4ce08c0d0be..f091d4c9120a 100644 --- a/virt/kvm/arm/vgic/vgic-its.c +++ b/virt/kvm/arm/vgic/vgic-its.c @@ -2134,7 +2134,6 @@ static int scan_its_table(struct vgic_its *its, gpa_t base, int size, u32 esz, static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, struct its_ite *ite, gpa_t gpa, int ite_esz) { - struct kvm *kvm = its->dev->kvm; u32 next_offset; u64 val; @@ -2143,7 +2142,8 @@ static int vgic_its_save_ite(struct vgic_its *its, struct its_device *dev, ((u64)ite->irq->intid << KVM_ITS_ITE_PINTID_SHIFT) | ite->collection->collection_id; val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, gpa, &val, ite_esz); + + return vgic_its_write_entry_lock(its, gpa, val, ite_esz); } /** @@ -2279,7 +2279,6 @@ static int vgic_its_restore_itt(struct vgic_its *its, struct its_device *dev) static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, gpa_t ptr, int dte_esz) { - struct kvm *kvm = its->dev->kvm; u64 val, itt_addr_field; u32 next_offset; @@ -2290,7 +2289,8 @@ static int vgic_its_save_dte(struct vgic_its *its, struct its_device *dev, (itt_addr_field << KVM_ITS_DTE_ITTADDR_SHIFT) | (dev->num_eventid_bits - 1)); val = cpu_to_le64(val); - return kvm_write_guest_lock(kvm, ptr, &val, dte_esz); + + return vgic_its_write_entry_lock(its, ptr, val, dte_esz); } /** @@ -2470,7 +2470,8 @@ static int vgic_its_save_cte(struct vgic_its *its, ((u64)collection->target_addr << KVM_ITS_CTE_RDBASE_SHIFT) | collection->collection_id); val = cpu_to_le64(val); - return kvm_write_guest_lock(its->dev->kvm, gpa, &val, esz); + + return vgic_its_write_entry_lock(its, gpa, val, esz); } static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) @@ -2481,8 +2482,7 @@ static int vgic_its_restore_cte(struct vgic_its *its, gpa_t gpa, int esz) u64 val; int ret; - BUG_ON(esz > sizeof(val)); - ret = kvm_read_guest_lock(kvm, gpa, &val, esz); + ret = vgic_its_read_entry_lock(its, gpa, &val, esz); if (ret) return ret; val = le64_to_cpu(val); @@ -2516,7 +2516,6 @@ static int vgic_its_save_collection_table(struct vgic_its *its) u64 baser = its->baser_coll_table; gpa_t gpa = GITS_BASER_ADDR_48_to_52(baser); struct its_collection *collection; - u64 val; size_t max_size, filled = 0; int ret, cte_esz = abi->cte_esz; @@ -2540,10 +2539,7 @@ static int vgic_its_save_collection_table(struct vgic_its *its) * table is not fully filled, add a last dummy element * with valid bit unset */ - val = 0; - BUG_ON(cte_esz > sizeof(val)); - ret = kvm_write_guest_lock(its->dev->kvm, gpa, &val, cte_esz); - return ret; + return vgic_its_write_entry_lock(its, gpa, 0, cte_esz); } /** diff --git a/virt/kvm/arm/vgic/vgic.h b/virt/kvm/arm/vgic/vgic.h index 83066a81b16a..ac553f9171a6 100644 --- a/virt/kvm/arm/vgic/vgic.h +++ b/virt/kvm/arm/vgic/vgic.h @@ -6,6 +6,7 @@ #define __KVM_ARM_VGIC_NEW_H__ #include <linux/irqchip/arm-gic-common.h> +#include <asm/kvm_mmu.h> #define PRODUCT_ID_KVM 0x4b /* ASCII code K */ #define IMPLEMENTER_ARM 0x43b @@ -126,6 +127,29 @@ static inline bool vgic_irq_is_multi_sgi(struct vgic_irq *irq) return vgic_irq_get_lr_count(irq) > 1; } +static inline int vgic_its_read_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 *eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(*eval), kvm)) + return -EINVAL; + + return kvm_read_guest_lock(kvm, eaddr, eval, esize); + +} + +static inline int vgic_its_write_entry_lock(struct vgic_its *its, gpa_t eaddr, + u64 eval, unsigned long esize) +{ + struct kvm *kvm = its->dev->kvm; + + if (KVM_BUG_ON(esize != sizeof(eval), kvm)) + return -EINVAL; + + return kvm_write_guest_lock(kvm, eaddr, &eval, esize); +} + /* * This struct provides an intermediate representation of the fields contained * in the GICH_VMCR and ICH_VMCR registers, such that code exporting the GIC base-commit: cd5b619ac41b6b1a8167380ca6655df7ccf5b5eb -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

3
6
0 0

[PATCH net-next v3 0/7] virtio_net: correct netdev_tx_reset_queue() invocation points

by Koichiro Den

When virtnet_close is followed by virtnet_open, some TX completions can possibly remain unconsumed, until they are finally processed during the first NAPI poll after the netdev_tx_reset_queue(), resulting in a crash [1]. Commit b96ed2c97c79 ("virtio_net: move netdev_tx_reset_queue() call before RX napi enable") was not sufficient to eliminate all BQL crash cases for virtio-net. This issue can be reproduced with the latest net-next master by running: `while :; do ip l set DEV down; ip l set DEV up; done` under heavy network TX load from inside the machine. This patch series resolves the issue and also addresses similar existing problems: (a). Drop netdev_tx_reset_queue() from open/close path. This eliminates the BQL crashes due to the problematic open/close path. (b). As a result of (a), netdev_tx_reset_queue() is now explicitly required in freeze/restore path. Add netdev_tx_reset_queue() to free_unused_bufs(). (c). Fix missing resetting in virtnet_tx_resize(). virtnet_tx_resize() has lacked proper resetting since commit c8bd1f7f3e61 ("virtio_net: add support for Byte Queue Limits"). (d). Fix missing resetting in the XDP_SETUP_XSK_POOL path. Similar to (c), this path lacked proper resetting. Call netdev_tx_reset_queue() when virtqueue_reset() has actually recycled unused buffers. This patch series consists of five commits: [1/7]: Resolves (a) and (b). [2/7[: Minor fix to make [3/7] streamlined. [3/7]: Prerequisite for (c) and (d). [4/7]: Prerequisite for (c). [5/7]: Resolves (c). [6/7]: Preresuisite for (d). [7/7]: Resolves (d). Changes for v3: - replace 'flushed' argument with 'recycle_done' Changes for v2: - add tx queue resetting for (b) to (d) above v2: https://lore.kernel.org/all/20241203073025.67065-1-koichiro.den@canonical.c… v1: https://lore.kernel.org/all/20241130181744.3772632-1-koichiro.den@canonical… [1]: ------------[ cut here ]------------ kernel BUG at lib/dynamic_queue_limits.c:99! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 UID: 0 PID: 1598 Comm: ip Tainted: G N 6.12.0net-next_main+ #2 Tainted: [N]=TEST Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), \ BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:dql_completed+0x26b/0x290 Code: b7 c2 49 89 e9 44 89 da 89 c6 4c 89 d7 e8 ed 17 47 00 58 65 ff 0d 4d 27 90 7e 0f 85 fd fe ff ff e8 ea 53 8d ff e9 f3 fe ff ff <0f> 0b 01 d2 44 89 d1 29 d1 ba 00 00 00 00 0f 48 ca e9 28 ff ff ff RSP: 0018:ffffc900002b0d08 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff888102398c80 RCX: 0000000080190009 RDX: 0000000000000000 RSI: 000000000000006a RDI: 0000000000000000 RBP: ffff888102398c00 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000000ca R11: 0000000000015681 R12: 0000000000000001 R13: ffffc900002b0d68 R14: ffff88811115e000 R15: ffff8881107aca40 FS: 00007f41ded69500(0000) GS:ffff888667dc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ccc2dc1a0 CR3: 0000000104fd8003 CR4: 0000000000772ef0 PKRU: 55555554 Call Trace: <IRQ> ? die+0x32/0x80 ? do_trap+0xd9/0x100 ? dql_completed+0x26b/0x290 ? dql_completed+0x26b/0x290 ? do_error_trap+0x6d/0xb0 ? dql_completed+0x26b/0x290 ? exc_invalid_op+0x4c/0x60 ? dql_completed+0x26b/0x290 ? asm_exc_invalid_op+0x16/0x20 ? dql_completed+0x26b/0x290 __free_old_xmit+0xff/0x170 [virtio_net] free_old_xmit+0x54/0xc0 [virtio_net] virtnet_poll+0xf4/0xe30 [virtio_net] ? __update_load_avg_cfs_rq+0x264/0x2d0 ? update_curr+0x35/0x260 ? reweight_entity+0x1be/0x260 __napi_poll.constprop.0+0x28/0x1c0 net_rx_action+0x329/0x420 ? enqueue_hrtimer+0x35/0x90 ? trace_hardirqs_on+0x1d/0x80 ? kvm_sched_clock_read+0xd/0x20 ? sched_clock+0xc/0x30 ? kvm_sched_clock_read+0xd/0x20 ? sched_clock+0xc/0x30 ? sched_clock_cpu+0xd/0x1a0 handle_softirqs+0x138/0x3e0 do_softirq.part.0+0x89/0xc0 </IRQ> <TASK> __local_bh_enable_ip+0xa7/0xb0 virtnet_open+0xc8/0x310 [virtio_net] __dev_open+0xfa/0x1b0 __dev_change_flags+0x1de/0x250 dev_change_flags+0x22/0x60 do_setlink.isra.0+0x2df/0x10b0 ? rtnetlink_rcv_msg+0x34f/0x3f0 ? netlink_rcv_skb+0x54/0x100 ? netlink_unicast+0x23e/0x390 ? netlink_sendmsg+0x21e/0x490 ? ____sys_sendmsg+0x31b/0x350 ? avc_has_perm_noaudit+0x67/0xf0 ? cred_has_capability.isra.0+0x75/0x110 ? __nla_validate_parse+0x5f/0xee0 ? __pfx___probestub_irq_enable+0x3/0x10 ? __create_object+0x5e/0x90 ? security_capable+0x3b/0x7[I0 rtnl_newlink+0x784/0xaf0 ? avc_has_perm_noaudit+0x67/0xf0 ? cred_has_capability.isra.0+0x75/0x110 ? stack_depot_save_flags+0x24/0x6d0 ? __pfx_rtnl_newlink+0x10/0x10 rtnetlink_rcv_msg+0x34f/0x3f0 ? do_syscall_64+0x6c/0x180 ? entry_SYSCALL_64_after_hwframe+0x76/0x7e ? __pfx_rtnetlink_rcv_msg+0x10/0x10 netlink_rcv_skb+0x54/0x100 netlink_unicast+0x23e/0x390 netlink_sendmsg+0x21e/0x490 ____sys_sendmsg+0x31b/0x350 ? copy_msghdr_from_user+0x6d/0xa0 ___sys_sendmsg+0x86/0xd0 ? __pte_offset_map+0x17/0x160 ? preempt_count_add+0x69/0xa0 ? __call_rcu_common.constprop.0+0x147/0x610 ? preempt_count_add+0x69/0xa0 ? preempt_count_add+0x69/0xa0 ? _raw_spin_trylock+0x13/0x60 ? trace_hardirqs_on+0x1d/0x80 __sys_sendmsg+0x66/0xc0 do_syscall_64+0x6c/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f41defe5b34 Code: 15 e1 12 0f 00 f7 d8 64 89 02 b8 ff ff ff ff eb bf 0f 1f 44 00 00 f3 0f 1e fa 80 3d 35 95 0f 00 00 74 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4c c3 0f 1f 00 55 48 89 e5 48 83 ec 20 89 55 RSP: 002b:00007ffe5336ecc8 EFLAGS: 00000202 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f41defe5b34 RDX: 0000000000000000 RSI: 00007ffe5336ed30 RDI: 0000000000000003 RBP: 00007ffe5336eda0 R08: 0000000000000010 R09: 0000000000000001 R10: 00007ffe5336f6f9 R11: 0000000000000202 R12: 0000000000000003 R13: 0000000067452259 R14: 0000556ccc28b040 R15: 0000000000000000 </TASK> [...] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]--- Koichiro Den (7): virtio_net: correct netdev_tx_reset_queue() invocation point virtio_ring: add a func argument 'recycle_done' to virtqueue_resize() virtio_net: replace vq2rxq with vq2txq where appropriate virtio_net: introduce virtnet_sq_free_unused_buf_done() virtio_net: ensure netdev_tx_reset_queue is called on tx ring resize virtio_ring: add a func argument 'recycle_done' to virtqueue_reset() virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx drivers/net/virtio_net.c | 23 +++++++++++++++++------ drivers/virtio/virtio_ring.c | 12 ++++++++++-- include/linux/virtio.h | 6 ++++-- 3 files changed, 31 insertions(+), 10 deletions(-) -- 2.43.0

6 months, 2 weeks

4
25
0 0

[PATCH AUTOSEL 6.12 01/15] usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag

by Sasha Levin

From: Xu Yang <xu.yang_2(a)nxp.com> [ Upstream commit ec841b8d73cff37f8960e209017efe1eb2fb21f2 ] Currently, the imx deivice controller has below limitations: 1. can't generate short packet interrupt if IOC not set in dTD. So if one request span more than one dTDs and only the last dTD set IOC, the usb request will pending there if no more data comes. 2. the controller can't accurately deliver data to differtent usb requests in some cases due to short packet. For example: one usb request span 3 dTDs, then if the controller received a short packet the next packet will go to 2nd dTD of current request rather than the first dTD of next request. 3. can't build a bus packet use multiple dTDs. For example: controller needs to send one packet of 512 bytes use dTD1 (200 bytes) + dTD2 (312 bytes), actually the host side will see 200 bytes short packet. Based on these limits, add CI_HDRC_HAS_SHORT_PKT_LIMIT flag and use it on imx platforms. Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/20240923081203.2851768-1-xu.yang_2@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/chipidea/ci.h | 1 + drivers/usb/chipidea/ci_hdrc_imx.c | 1 + drivers/usb/chipidea/core.c | 2 ++ include/linux/usb/chipidea.h | 1 + 4 files changed, 5 insertions(+) diff --git a/drivers/usb/chipidea/ci.h b/drivers/usb/chipidea/ci.h index 2a38e1eb65466..e4b003d060c26 100644 --- a/drivers/usb/chipidea/ci.h +++ b/drivers/usb/chipidea/ci.h @@ -260,6 +260,7 @@ struct ci_hdrc { bool b_sess_valid_event; bool imx28_write_fix; bool has_portsc_pec_bug; + bool has_short_pkt_limit; bool supports_runtime_pm; bool in_lpm; bool wakeup_int; diff --git a/drivers/usb/chipidea/ci_hdrc_imx.c b/drivers/usb/chipidea/ci_hdrc_imx.c index c64ab0e07ea03..17b3ac2ac8a1e 100644 --- a/drivers/usb/chipidea/ci_hdrc_imx.c +++ b/drivers/usb/chipidea/ci_hdrc_imx.c @@ -342,6 +342,7 @@ static int ci_hdrc_imx_probe(struct platform_device *pdev) struct ci_hdrc_platform_data pdata = { .name = dev_name(&pdev->dev), .capoffset = DEF_CAPOFFSET, + .flags = CI_HDRC_HAS_SHORT_PKT_LIMIT, .notify_event = ci_hdrc_imx_notify_event, }; int ret; diff --git a/drivers/usb/chipidea/core.c b/drivers/usb/chipidea/core.c index 835bf2428dc6e..5aa16dbfc289c 100644 --- a/drivers/usb/chipidea/core.c +++ b/drivers/usb/chipidea/core.c @@ -1076,6 +1076,8 @@ static int ci_hdrc_probe(struct platform_device *pdev) CI_HDRC_SUPPORTS_RUNTIME_PM); ci->has_portsc_pec_bug = !!(ci->platdata->flags & CI_HDRC_HAS_PORTSC_PEC_MISSED); + ci->has_short_pkt_limit = !!(ci->platdata->flags & + CI_HDRC_HAS_SHORT_PKT_LIMIT); platform_set_drvdata(pdev, ci); ret = hw_device_init(ci, base); diff --git a/include/linux/usb/chipidea.h b/include/linux/usb/chipidea.h index 5a7f96684ea22..ebdfef124b2bc 100644 --- a/include/linux/usb/chipidea.h +++ b/include/linux/usb/chipidea.h @@ -65,6 +65,7 @@ struct ci_hdrc_platform_data { #define CI_HDRC_PHY_VBUS_CONTROL BIT(16) #define CI_HDRC_HAS_PORTSC_PEC_MISSED BIT(17) #define CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS BIT(18) +#define CI_HDRC_HAS_SHORT_PKT_LIMIT BIT(19) enum usb_dr_mode dr_mode; #define CI_HDRC_CONTROLLER_RESET_EVENT 0 #define CI_HDRC_CONTROLLER_STOPPED_EVENT 1 -- 2.43.0

6 months, 2 weeks

2
16
0 0

[PATCH AUTOSEL 6.6 01/10] usb: chipidea: udc: create bounce buffer for problem sglist entries if possible

by Sasha Levin

From: Xu Yang <xu.yang_2(a)nxp.com> [ Upstream commit edfcc455c85ccc5855f0c329ca5a2d85cc9fc6c6 ] The chipidea controller doesn't fully support sglist, such as it can not transfer data spanned more dTDs to form a bus packet, so it can only work on very limited cases. The limitations as below: 1. the end address of the first sg buffer must be 4KB aligned. 2. the start and end address of the middle sg buffer must be 4KB aligned. 3. the start address of the first sg buffer must be 4KB aligned. However, not all the use cases violate these limitations. To make the controller compatible with most of the cases, this will try to bounce the problem sglist entries which can be found by sglist_get_invalid_entry(). Then a bounced line buffer (the size will roundup to page size) will be allocated to replace the remaining problem sg entries. The data will be copied between problem sg entries and bounce buffer according to the transfer direction. The bounce buffer will be freed when the request completed. Acked-by: Peter Chen <peter.chen(a)kernel.com> Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> Link: https://lore.kernel.org/r/20240923081203.2851768-3-xu.yang_2@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/chipidea/udc.c | 148 +++++++++++++++++++++++++++++++++++++ drivers/usb/chipidea/udc.h | 2 + 2 files changed, 150 insertions(+) diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c index f70ceedfb468f..bd409b18d01ba 100644 --- a/drivers/usb/chipidea/udc.c +++ b/drivers/usb/chipidea/udc.c @@ -10,6 +10,7 @@ #include <linux/delay.h> #include <linux/device.h> #include <linux/dmapool.h> +#include <linux/dma-direct.h> #include <linux/err.h> #include <linux/irqreturn.h> #include <linux/kernel.h> @@ -540,6 +541,126 @@ static int prepare_td_for_sg(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) return ret; } +/* + * Verify if the scatterlist is valid by iterating each sg entry. + * Return invalid sg entry index which is less than num_sgs. + */ +static int sglist_get_invalid_entry(struct device *dma_dev, u8 dir, + struct usb_request *req) +{ + int i; + struct scatterlist *s = req->sg; + + if (req->num_sgs == 1) + return 1; + + dir = dir ? DMA_TO_DEVICE : DMA_FROM_DEVICE; + + for (i = 0; i < req->num_sgs; i++, s = sg_next(s)) { + /* Only small sg (generally last sg) may be bounced. If + * that happens. we can't ensure the addr is page-aligned + * after dma map. + */ + if (dma_kmalloc_needs_bounce(dma_dev, s->length, dir)) + break; + + /* Make sure each sg start address (except first sg) is + * page-aligned and end address (except last sg) is also + * page-aligned. + */ + if (i == 0) { + if (!IS_ALIGNED(s->offset + s->length, + CI_HDRC_PAGE_SIZE)) + break; + } else { + if (s->offset) + break; + if (!sg_is_last(s) && !IS_ALIGNED(s->length, + CI_HDRC_PAGE_SIZE)) + break; + } + } + + return i; +} + +static int sglist_do_bounce(struct ci_hw_req *hwreq, int index, + bool copy, unsigned int *bounced) +{ + void *buf; + int i, ret, nents, num_sgs; + unsigned int rest, rounded; + struct scatterlist *sg, *src, *dst; + + nents = index + 1; + ret = sg_alloc_table(&hwreq->sgt, nents, GFP_KERNEL); + if (ret) + return ret; + + sg = src = hwreq->req.sg; + num_sgs = hwreq->req.num_sgs; + rest = hwreq->req.length; + dst = hwreq->sgt.sgl; + + for (i = 0; i < index; i++) { + memcpy(dst, src, sizeof(*src)); + rest -= src->length; + src = sg_next(src); + dst = sg_next(dst); + } + + /* create one bounce buffer */ + rounded = round_up(rest, CI_HDRC_PAGE_SIZE); + buf = kmalloc(rounded, GFP_KERNEL); + if (!buf) { + sg_free_table(&hwreq->sgt); + return -ENOMEM; + } + + sg_set_buf(dst, buf, rounded); + + hwreq->req.sg = hwreq->sgt.sgl; + hwreq->req.num_sgs = nents; + hwreq->sgt.sgl = sg; + hwreq->sgt.nents = num_sgs; + + if (copy) + sg_copy_to_buffer(src, num_sgs - index, buf, rest); + + *bounced = rest; + + return 0; +} + +static void sglist_do_debounce(struct ci_hw_req *hwreq, bool copy) +{ + void *buf; + int i, nents, num_sgs; + struct scatterlist *sg, *src, *dst; + + sg = hwreq->req.sg; + num_sgs = hwreq->req.num_sgs; + src = sg_last(sg, num_sgs); + buf = sg_virt(src); + + if (copy) { + dst = hwreq->sgt.sgl; + for (i = 0; i < num_sgs - 1; i++) + dst = sg_next(dst); + + nents = hwreq->sgt.nents - num_sgs + 1; + sg_copy_from_buffer(dst, nents, buf, sg_dma_len(src)); + } + + hwreq->req.sg = hwreq->sgt.sgl; + hwreq->req.num_sgs = hwreq->sgt.nents; + hwreq->sgt.sgl = sg; + hwreq->sgt.nents = num_sgs; + + kfree(buf); + sg_free_table(&hwreq->sgt); +} + /** * _hardware_enqueue: configures a request at hardware level * @hwep: endpoint @@ -552,6 +673,8 @@ static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) struct ci_hdrc *ci = hwep->ci; int ret = 0; struct td_node *firstnode, *lastnode; + unsigned int bounced_size; + struct scatterlist *sg; /* don't queue twice */ if (hwreq->req.status == -EALREADY) @@ -559,11 +682,29 @@ static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) hwreq->req.status = -EALREADY; + if (hwreq->req.num_sgs && hwreq->req.length && + ci->has_short_pkt_limit) { + ret = sglist_get_invalid_entry(ci->dev->parent, hwep->dir, + &hwreq->req); + if (ret < hwreq->req.num_sgs) { + ret = sglist_do_bounce(hwreq, ret, hwep->dir == TX, + &bounced_size); + if (ret) + return ret; + } + } + ret = usb_gadget_map_request_by_dev(ci->dev->parent, &hwreq->req, hwep->dir); if (ret) return ret; + if (hwreq->sgt.sgl) { + /* We've mapped a bigger buffer, now recover the actual size */ + sg = sg_last(hwreq->req.sg, hwreq->req.num_sgs); + sg_dma_len(sg) = min(sg_dma_len(sg), bounced_size); + } + if (hwreq->req.num_mapped_sgs) ret = prepare_td_for_sg(hwep, hwreq); else @@ -732,6 +873,10 @@ static int _hardware_dequeue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) usb_gadget_unmap_request_by_dev(hwep->ci->dev->parent, &hwreq->req, hwep->dir); + /* sglist bounced */ + if (hwreq->sgt.sgl) + sglist_do_debounce(hwreq, hwep->dir == RX); + hwreq->req.actual += actual; if (hwreq->req.status) @@ -1573,6 +1718,9 @@ static int ep_dequeue(struct usb_ep *ep, struct usb_request *req) usb_gadget_unmap_request(&hwep->ci->gadget, req, hwep->dir); + if (hwreq->sgt.sgl) + sglist_do_debounce(hwreq, false); + req->status = -ECONNRESET; if (hwreq->req.complete != NULL) { diff --git a/drivers/usb/chipidea/udc.h b/drivers/usb/chipidea/udc.h index 5193df1e18c75..c8a47389a46bb 100644 --- a/drivers/usb/chipidea/udc.h +++ b/drivers/usb/chipidea/udc.h @@ -69,11 +69,13 @@ struct td_node { * @req: request structure for gadget drivers * @queue: link to QH list * @tds: link to TD list + * @sgt: hold original sglist when bounce sglist */ struct ci_hw_req { struct usb_request req; struct list_head queue; struct list_head tds; + struct sg_table sgt; }; #ifdef CONFIG_USB_CHIPIDEA_UDC -- 2.43.0

6 months, 2 weeks

2
11
0 0

[PATCH AUTOSEL 6.1 1/8] usb: chipidea: udc: create bounce buffer for problem sglist entries if possible

by Sasha Levin

From: Xu Yang <xu.yang_2(a)nxp.com> [ Upstream commit edfcc455c85ccc5855f0c329ca5a2d85cc9fc6c6 ] The chipidea controller doesn't fully support sglist, such as it can not transfer data spanned more dTDs to form a bus packet, so it can only work on very limited cases. The limitations as below: 1. the end address of the first sg buffer must be 4KB aligned. 2. the start and end address of the middle sg buffer must be 4KB aligned. 3. the start address of the first sg buffer must be 4KB aligned. However, not all the use cases violate these limitations. To make the controller compatible with most of the cases, this will try to bounce the problem sglist entries which can be found by sglist_get_invalid_entry(). Then a bounced line buffer (the size will roundup to page size) will be allocated to replace the remaining problem sg entries. The data will be copied between problem sg entries and bounce buffer according to the transfer direction. The bounce buffer will be freed when the request completed. Acked-by: Peter Chen <peter.chen(a)kernel.com> Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> Link: https://lore.kernel.org/r/20240923081203.2851768-3-xu.yang_2@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/chipidea/udc.c | 148 +++++++++++++++++++++++++++++++++++++ drivers/usb/chipidea/udc.h | 2 + 2 files changed, 150 insertions(+) diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c index 35dfc05854fb7..3af0a7ef19f61 100644 --- a/drivers/usb/chipidea/udc.c +++ b/drivers/usb/chipidea/udc.c @@ -10,6 +10,7 @@ #include <linux/delay.h> #include <linux/device.h> #include <linux/dmapool.h> +#include <linux/dma-direct.h> #include <linux/err.h> #include <linux/irqreturn.h> #include <linux/kernel.h> @@ -540,6 +541,126 @@ static int prepare_td_for_sg(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) return ret; } +/* + * Verify if the scatterlist is valid by iterating each sg entry. + * Return invalid sg entry index which is less than num_sgs. + */ +static int sglist_get_invalid_entry(struct device *dma_dev, u8 dir, + struct usb_request *req) +{ + int i; + struct scatterlist *s = req->sg; + + if (req->num_sgs == 1) + return 1; + + dir = dir ? DMA_TO_DEVICE : DMA_FROM_DEVICE; + + for (i = 0; i < req->num_sgs; i++, s = sg_next(s)) { + /* Only small sg (generally last sg) may be bounced. If + * that happens. we can't ensure the addr is page-aligned + * after dma map. + */ + if (dma_kmalloc_needs_bounce(dma_dev, s->length, dir)) + break; + + /* Make sure each sg start address (except first sg) is + * page-aligned and end address (except last sg) is also + * page-aligned. + */ + if (i == 0) { + if (!IS_ALIGNED(s->offset + s->length, + CI_HDRC_PAGE_SIZE)) + break; + } else { + if (s->offset) + break; + if (!sg_is_last(s) && !IS_ALIGNED(s->length, + CI_HDRC_PAGE_SIZE)) + break; + } + } + + return i; +} + +static int sglist_do_bounce(struct ci_hw_req *hwreq, int index, + bool copy, unsigned int *bounced) +{ + void *buf; + int i, ret, nents, num_sgs; + unsigned int rest, rounded; + struct scatterlist *sg, *src, *dst; + + nents = index + 1; + ret = sg_alloc_table(&hwreq->sgt, nents, GFP_KERNEL); + if (ret) + return ret; + + sg = src = hwreq->req.sg; + num_sgs = hwreq->req.num_sgs; + rest = hwreq->req.length; + dst = hwreq->sgt.sgl; + + for (i = 0; i < index; i++) { + memcpy(dst, src, sizeof(*src)); + rest -= src->length; + src = sg_next(src); + dst = sg_next(dst); + } + + /* create one bounce buffer */ + rounded = round_up(rest, CI_HDRC_PAGE_SIZE); + buf = kmalloc(rounded, GFP_KERNEL); + if (!buf) { + sg_free_table(&hwreq->sgt); + return -ENOMEM; + } + + sg_set_buf(dst, buf, rounded); + + hwreq->req.sg = hwreq->sgt.sgl; + hwreq->req.num_sgs = nents; + hwreq->sgt.sgl = sg; + hwreq->sgt.nents = num_sgs; + + if (copy) + sg_copy_to_buffer(src, num_sgs - index, buf, rest); + + *bounced = rest; + + return 0; +} + +static void sglist_do_debounce(struct ci_hw_req *hwreq, bool copy) +{ + void *buf; + int i, nents, num_sgs; + struct scatterlist *sg, *src, *dst; + + sg = hwreq->req.sg; + num_sgs = hwreq->req.num_sgs; + src = sg_last(sg, num_sgs); + buf = sg_virt(src); + + if (copy) { + dst = hwreq->sgt.sgl; + for (i = 0; i < num_sgs - 1; i++) + dst = sg_next(dst); + + nents = hwreq->sgt.nents - num_sgs + 1; + sg_copy_from_buffer(dst, nents, buf, sg_dma_len(src)); + } + + hwreq->req.sg = hwreq->sgt.sgl; + hwreq->req.num_sgs = hwreq->sgt.nents; + hwreq->sgt.sgl = sg; + hwreq->sgt.nents = num_sgs; + + kfree(buf); + sg_free_table(&hwreq->sgt); +} + /** * _hardware_enqueue: configures a request at hardware level * @hwep: endpoint @@ -552,6 +673,8 @@ static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) struct ci_hdrc *ci = hwep->ci; int ret = 0; struct td_node *firstnode, *lastnode; + unsigned int bounced_size; + struct scatterlist *sg; /* don't queue twice */ if (hwreq->req.status == -EALREADY) @@ -559,11 +682,29 @@ static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) hwreq->req.status = -EALREADY; + if (hwreq->req.num_sgs && hwreq->req.length && + ci->has_short_pkt_limit) { + ret = sglist_get_invalid_entry(ci->dev->parent, hwep->dir, + &hwreq->req); + if (ret < hwreq->req.num_sgs) { + ret = sglist_do_bounce(hwreq, ret, hwep->dir == TX, + &bounced_size); + if (ret) + return ret; + } + } + ret = usb_gadget_map_request_by_dev(ci->dev->parent, &hwreq->req, hwep->dir); if (ret) return ret; + if (hwreq->sgt.sgl) { + /* We've mapped a bigger buffer, now recover the actual size */ + sg = sg_last(hwreq->req.sg, hwreq->req.num_sgs); + sg_dma_len(sg) = min(sg_dma_len(sg), bounced_size); + } + if (hwreq->req.num_mapped_sgs) ret = prepare_td_for_sg(hwep, hwreq); else @@ -732,6 +873,10 @@ static int _hardware_dequeue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) usb_gadget_unmap_request_by_dev(hwep->ci->dev->parent, &hwreq->req, hwep->dir); + /* sglist bounced */ + if (hwreq->sgt.sgl) + sglist_do_debounce(hwreq, hwep->dir == RX); + hwreq->req.actual += actual; if (hwreq->req.status) @@ -1573,6 +1718,9 @@ static int ep_dequeue(struct usb_ep *ep, struct usb_request *req) usb_gadget_unmap_request(&hwep->ci->gadget, req, hwep->dir); + if (hwreq->sgt.sgl) + sglist_do_debounce(hwreq, false); + req->status = -ECONNRESET; if (hwreq->req.complete != NULL) { diff --git a/drivers/usb/chipidea/udc.h b/drivers/usb/chipidea/udc.h index 5193df1e18c75..c8a47389a46bb 100644 --- a/drivers/usb/chipidea/udc.h +++ b/drivers/usb/chipidea/udc.h @@ -69,11 +69,13 @@ struct td_node { * @req: request structure for gadget drivers * @queue: link to QH list * @tds: link to TD list + * @sgt: hold original sglist when bounce sglist */ struct ci_hw_req { struct usb_request req; struct list_head queue; struct list_head tds; + struct sg_table sgt; }; #ifdef CONFIG_USB_CHIPIDEA_UDC -- 2.43.0

6 months, 2 weeks

2
9
0 0

[PATCH AUTOSEL 5.15 1/5] usb: chipidea: udc: create bounce buffer for problem sglist entries if possible

by Sasha Levin

From: Xu Yang <xu.yang_2(a)nxp.com> [ Upstream commit edfcc455c85ccc5855f0c329ca5a2d85cc9fc6c6 ] The chipidea controller doesn't fully support sglist, such as it can not transfer data spanned more dTDs to form a bus packet, so it can only work on very limited cases. The limitations as below: 1. the end address of the first sg buffer must be 4KB aligned. 2. the start and end address of the middle sg buffer must be 4KB aligned. 3. the start address of the first sg buffer must be 4KB aligned. However, not all the use cases violate these limitations. To make the controller compatible with most of the cases, this will try to bounce the problem sglist entries which can be found by sglist_get_invalid_entry(). Then a bounced line buffer (the size will roundup to page size) will be allocated to replace the remaining problem sg entries. The data will be copied between problem sg entries and bounce buffer according to the transfer direction. The bounce buffer will be freed when the request completed. Acked-by: Peter Chen <peter.chen(a)kernel.com> Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> Link: https://lore.kernel.org/r/20240923081203.2851768-3-xu.yang_2@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/chipidea/udc.c | 148 +++++++++++++++++++++++++++++++++++++ drivers/usb/chipidea/udc.h | 2 + 2 files changed, 150 insertions(+) diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c index 8b6745b7588c7..d3be658768a9a 100644 --- a/drivers/usb/chipidea/udc.c +++ b/drivers/usb/chipidea/udc.c @@ -10,6 +10,7 @@ #include <linux/delay.h> #include <linux/device.h> #include <linux/dmapool.h> +#include <linux/dma-direct.h> #include <linux/err.h> #include <linux/irqreturn.h> #include <linux/kernel.h> @@ -538,6 +539,126 @@ static int prepare_td_for_sg(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) return ret; } +/* + * Verify if the scatterlist is valid by iterating each sg entry. + * Return invalid sg entry index which is less than num_sgs. + */ +static int sglist_get_invalid_entry(struct device *dma_dev, u8 dir, + struct usb_request *req) +{ + int i; + struct scatterlist *s = req->sg; + + if (req->num_sgs == 1) + return 1; + + dir = dir ? DMA_TO_DEVICE : DMA_FROM_DEVICE; + + for (i = 0; i < req->num_sgs; i++, s = sg_next(s)) { + /* Only small sg (generally last sg) may be bounced. If + * that happens. we can't ensure the addr is page-aligned + * after dma map. + */ + if (dma_kmalloc_needs_bounce(dma_dev, s->length, dir)) + break; + + /* Make sure each sg start address (except first sg) is + * page-aligned and end address (except last sg) is also + * page-aligned. + */ + if (i == 0) { + if (!IS_ALIGNED(s->offset + s->length, + CI_HDRC_PAGE_SIZE)) + break; + } else { + if (s->offset) + break; + if (!sg_is_last(s) && !IS_ALIGNED(s->length, + CI_HDRC_PAGE_SIZE)) + break; + } + } + + return i; +} + +static int sglist_do_bounce(struct ci_hw_req *hwreq, int index, + bool copy, unsigned int *bounced) +{ + void *buf; + int i, ret, nents, num_sgs; + unsigned int rest, rounded; + struct scatterlist *sg, *src, *dst; + + nents = index + 1; + ret = sg_alloc_table(&hwreq->sgt, nents, GFP_KERNEL); + if (ret) + return ret; + + sg = src = hwreq->req.sg; + num_sgs = hwreq->req.num_sgs; + rest = hwreq->req.length; + dst = hwreq->sgt.sgl; + + for (i = 0; i < index; i++) { + memcpy(dst, src, sizeof(*src)); + rest -= src->length; + src = sg_next(src); + dst = sg_next(dst); + } + + /* create one bounce buffer */ + rounded = round_up(rest, CI_HDRC_PAGE_SIZE); + buf = kmalloc(rounded, GFP_KERNEL); + if (!buf) { + sg_free_table(&hwreq->sgt); + return -ENOMEM; + } + + sg_set_buf(dst, buf, rounded); + + hwreq->req.sg = hwreq->sgt.sgl; + hwreq->req.num_sgs = nents; + hwreq->sgt.sgl = sg; + hwreq->sgt.nents = num_sgs; + + if (copy) + sg_copy_to_buffer(src, num_sgs - index, buf, rest); + + *bounced = rest; + + return 0; +} + +static void sglist_do_debounce(struct ci_hw_req *hwreq, bool copy) +{ + void *buf; + int i, nents, num_sgs; + struct scatterlist *sg, *src, *dst; + + sg = hwreq->req.sg; + num_sgs = hwreq->req.num_sgs; + src = sg_last(sg, num_sgs); + buf = sg_virt(src); + + if (copy) { + dst = hwreq->sgt.sgl; + for (i = 0; i < num_sgs - 1; i++) + dst = sg_next(dst); + + nents = hwreq->sgt.nents - num_sgs + 1; + sg_copy_from_buffer(dst, nents, buf, sg_dma_len(src)); + } + + hwreq->req.sg = hwreq->sgt.sgl; + hwreq->req.num_sgs = hwreq->sgt.nents; + hwreq->sgt.sgl = sg; + hwreq->sgt.nents = num_sgs; + + kfree(buf); + sg_free_table(&hwreq->sgt); +} + /** * _hardware_enqueue: configures a request at hardware level * @hwep: endpoint @@ -550,6 +671,8 @@ static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) struct ci_hdrc *ci = hwep->ci; int ret = 0; struct td_node *firstnode, *lastnode; + unsigned int bounced_size; + struct scatterlist *sg; /* don't queue twice */ if (hwreq->req.status == -EALREADY) @@ -557,11 +680,29 @@ static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) hwreq->req.status = -EALREADY; + if (hwreq->req.num_sgs && hwreq->req.length && + ci->has_short_pkt_limit) { + ret = sglist_get_invalid_entry(ci->dev->parent, hwep->dir, + &hwreq->req); + if (ret < hwreq->req.num_sgs) { + ret = sglist_do_bounce(hwreq, ret, hwep->dir == TX, + &bounced_size); + if (ret) + return ret; + } + } + ret = usb_gadget_map_request_by_dev(ci->dev->parent, &hwreq->req, hwep->dir); if (ret) return ret; + if (hwreq->sgt.sgl) { + /* We've mapped a bigger buffer, now recover the actual size */ + sg = sg_last(hwreq->req.sg, hwreq->req.num_sgs); + sg_dma_len(sg) = min(sg_dma_len(sg), bounced_size); + } + if (hwreq->req.num_mapped_sgs) ret = prepare_td_for_sg(hwep, hwreq); else @@ -724,6 +865,10 @@ static int _hardware_dequeue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) usb_gadget_unmap_request_by_dev(hwep->ci->dev->parent, &hwreq->req, hwep->dir); + /* sglist bounced */ + if (hwreq->sgt.sgl) + sglist_do_debounce(hwreq, hwep->dir == RX); + hwreq->req.actual += actual; if (hwreq->req.status) @@ -1565,6 +1710,9 @@ static int ep_dequeue(struct usb_ep *ep, struct usb_request *req) usb_gadget_unmap_request(&hwep->ci->gadget, req, hwep->dir); + if (hwreq->sgt.sgl) + sglist_do_debounce(hwreq, false); + req->status = -ECONNRESET; if (hwreq->req.complete != NULL) { diff --git a/drivers/usb/chipidea/udc.h b/drivers/usb/chipidea/udc.h index 5193df1e18c75..c8a47389a46bb 100644 --- a/drivers/usb/chipidea/udc.h +++ b/drivers/usb/chipidea/udc.h @@ -69,11 +69,13 @@ struct td_node { * @req: request structure for gadget drivers * @queue: link to QH list * @tds: link to TD list + * @sgt: hold original sglist when bounce sglist */ struct ci_hw_req { struct usb_request req; struct list_head queue; struct list_head tds; + struct sg_table sgt; }; #ifdef CONFIG_USB_CHIPIDEA_UDC -- 2.43.0

6 months, 2 weeks

2
5
0 0

[PATCH AUTOSEL 5.10 1/5] usb: chipidea: udc: create bounce buffer for problem sglist entries if possible

by Sasha Levin

From: Xu Yang <xu.yang_2(a)nxp.com> [ Upstream commit edfcc455c85ccc5855f0c329ca5a2d85cc9fc6c6 ] The chipidea controller doesn't fully support sglist, such as it can not transfer data spanned more dTDs to form a bus packet, so it can only work on very limited cases. The limitations as below: 1. the end address of the first sg buffer must be 4KB aligned. 2. the start and end address of the middle sg buffer must be 4KB aligned. 3. the start address of the first sg buffer must be 4KB aligned. However, not all the use cases violate these limitations. To make the controller compatible with most of the cases, this will try to bounce the problem sglist entries which can be found by sglist_get_invalid_entry(). Then a bounced line buffer (the size will roundup to page size) will be allocated to replace the remaining problem sg entries. The data will be copied between problem sg entries and bounce buffer according to the transfer direction. The bounce buffer will be freed when the request completed. Acked-by: Peter Chen <peter.chen(a)kernel.com> Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> Link: https://lore.kernel.org/r/20240923081203.2851768-3-xu.yang_2@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/chipidea/udc.c | 148 +++++++++++++++++++++++++++++++++++++ drivers/usb/chipidea/udc.h | 2 + 2 files changed, 150 insertions(+) diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c index 5cdf03534c0c7..f4661f654af88 100644 --- a/drivers/usb/chipidea/udc.c +++ b/drivers/usb/chipidea/udc.c @@ -10,6 +10,7 @@ #include <linux/delay.h> #include <linux/device.h> #include <linux/dmapool.h> +#include <linux/dma-direct.h> #include <linux/err.h> #include <linux/irqreturn.h> #include <linux/kernel.h> @@ -537,6 +538,126 @@ static int prepare_td_for_sg(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) return ret; } +/* + * Verify if the scatterlist is valid by iterating each sg entry. + * Return invalid sg entry index which is less than num_sgs. + */ +static int sglist_get_invalid_entry(struct device *dma_dev, u8 dir, + struct usb_request *req) +{ + int i; + struct scatterlist *s = req->sg; + + if (req->num_sgs == 1) + return 1; + + dir = dir ? DMA_TO_DEVICE : DMA_FROM_DEVICE; + + for (i = 0; i < req->num_sgs; i++, s = sg_next(s)) { + /* Only small sg (generally last sg) may be bounced. If + * that happens. we can't ensure the addr is page-aligned + * after dma map. + */ + if (dma_kmalloc_needs_bounce(dma_dev, s->length, dir)) + break; + + /* Make sure each sg start address (except first sg) is + * page-aligned and end address (except last sg) is also + * page-aligned. + */ + if (i == 0) { + if (!IS_ALIGNED(s->offset + s->length, + CI_HDRC_PAGE_SIZE)) + break; + } else { + if (s->offset) + break; + if (!sg_is_last(s) && !IS_ALIGNED(s->length, + CI_HDRC_PAGE_SIZE)) + break; + } + } + + return i; +} + +static int sglist_do_bounce(struct ci_hw_req *hwreq, int index, + bool copy, unsigned int *bounced) +{ + void *buf; + int i, ret, nents, num_sgs; + unsigned int rest, rounded; + struct scatterlist *sg, *src, *dst; + + nents = index + 1; + ret = sg_alloc_table(&hwreq->sgt, nents, GFP_KERNEL); + if (ret) + return ret; + + sg = src = hwreq->req.sg; + num_sgs = hwreq->req.num_sgs; + rest = hwreq->req.length; + dst = hwreq->sgt.sgl; + + for (i = 0; i < index; i++) { + memcpy(dst, src, sizeof(*src)); + rest -= src->length; + src = sg_next(src); + dst = sg_next(dst); + } + + /* create one bounce buffer */ + rounded = round_up(rest, CI_HDRC_PAGE_SIZE); + buf = kmalloc(rounded, GFP_KERNEL); + if (!buf) { + sg_free_table(&hwreq->sgt); + return -ENOMEM; + } + + sg_set_buf(dst, buf, rounded); + + hwreq->req.sg = hwreq->sgt.sgl; + hwreq->req.num_sgs = nents; + hwreq->sgt.sgl = sg; + hwreq->sgt.nents = num_sgs; + + if (copy) + sg_copy_to_buffer(src, num_sgs - index, buf, rest); + + *bounced = rest; + + return 0; +} + +static void sglist_do_debounce(struct ci_hw_req *hwreq, bool copy) +{ + void *buf; + int i, nents, num_sgs; + struct scatterlist *sg, *src, *dst; + + sg = hwreq->req.sg; + num_sgs = hwreq->req.num_sgs; + src = sg_last(sg, num_sgs); + buf = sg_virt(src); + + if (copy) { + dst = hwreq->sgt.sgl; + for (i = 0; i < num_sgs - 1; i++) + dst = sg_next(dst); + + nents = hwreq->sgt.nents - num_sgs + 1; + sg_copy_from_buffer(dst, nents, buf, sg_dma_len(src)); + } + + hwreq->req.sg = hwreq->sgt.sgl; + hwreq->req.num_sgs = hwreq->sgt.nents; + hwreq->sgt.sgl = sg; + hwreq->sgt.nents = num_sgs; + + kfree(buf); + sg_free_table(&hwreq->sgt); +} + /** * _hardware_enqueue: configures a request at hardware level * @hwep: endpoint @@ -549,6 +670,8 @@ static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) struct ci_hdrc *ci = hwep->ci; int ret = 0; struct td_node *firstnode, *lastnode; + unsigned int bounced_size; + struct scatterlist *sg; /* don't queue twice */ if (hwreq->req.status == -EALREADY) @@ -556,11 +679,29 @@ static int _hardware_enqueue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) hwreq->req.status = -EALREADY; + if (hwreq->req.num_sgs && hwreq->req.length && + ci->has_short_pkt_limit) { + ret = sglist_get_invalid_entry(ci->dev->parent, hwep->dir, + &hwreq->req); + if (ret < hwreq->req.num_sgs) { + ret = sglist_do_bounce(hwreq, ret, hwep->dir == TX, + &bounced_size); + if (ret) + return ret; + } + } + ret = usb_gadget_map_request_by_dev(ci->dev->parent, &hwreq->req, hwep->dir); if (ret) return ret; + if (hwreq->sgt.sgl) { + /* We've mapped a bigger buffer, now recover the actual size */ + sg = sg_last(hwreq->req.sg, hwreq->req.num_sgs); + sg_dma_len(sg) = min(sg_dma_len(sg), bounced_size); + } + if (hwreq->req.num_mapped_sgs) ret = prepare_td_for_sg(hwep, hwreq); else @@ -718,6 +859,10 @@ static int _hardware_dequeue(struct ci_hw_ep *hwep, struct ci_hw_req *hwreq) usb_gadget_unmap_request_by_dev(hwep->ci->dev->parent, &hwreq->req, hwep->dir); + /* sglist bounced */ + if (hwreq->sgt.sgl) + sglist_do_debounce(hwreq, hwep->dir == RX); + hwreq->req.actual += actual; if (hwreq->req.status) @@ -1559,6 +1704,9 @@ static int ep_dequeue(struct usb_ep *ep, struct usb_request *req) usb_gadget_unmap_request(&hwep->ci->gadget, req, hwep->dir); + if (hwreq->sgt.sgl) + sglist_do_debounce(hwreq, false); + req->status = -ECONNRESET; if (hwreq->req.complete != NULL) { diff --git a/drivers/usb/chipidea/udc.h b/drivers/usb/chipidea/udc.h index 5193df1e18c75..c8a47389a46bb 100644 --- a/drivers/usb/chipidea/udc.h +++ b/drivers/usb/chipidea/udc.h @@ -69,11 +69,13 @@ struct td_node { * @req: request structure for gadget drivers * @queue: link to QH list * @tds: link to TD list + * @sgt: hold original sglist when bounce sglist */ struct ci_hw_req { struct usb_request req; struct list_head queue; struct list_head tds; + struct sg_table sgt; }; #ifdef CONFIG_USB_CHIPIDEA_UDC -- 2.43.0

6 months, 2 weeks

2
5
0 0

[PATCH AUTOSEL 5.4 1/3] usb: chipidea: udc: handle USB Error Interrupt if IOC not set

by Sasha Levin

From: Xu Yang <xu.yang_2(a)nxp.com> [ Upstream commit 548f48b66c0c5d4b9795a55f304b7298cde2a025 ] As per USBSTS register description about UEI: When completion of a USB transaction results in an error condition, this bit is set by the Host/Device Controller. This bit is set along with the USBINT bit, if the TD on which the error interrupt occurred also had its interrupt on complete (IOC) bit set. UI is set only when IOC set. Add checking UEI to fix miss call isr_tr_complete_handler() when IOC have not set and transfer error happen. Acked-by: Peter Chen <peter.chen(a)kernel.com> Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> Link: https://lore.kernel.org/r/20240926022906.473319-1-xu.yang_2@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/chipidea/udc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c index 72d62abb6f285..a6ce6b89b271a 100644 --- a/drivers/usb/chipidea/udc.c +++ b/drivers/usb/chipidea/udc.c @@ -1902,7 +1902,7 @@ static irqreturn_t udc_irq(struct ci_hdrc *ci) } } - if (USBi_UI & intr) + if ((USBi_UI | USBi_UEI) & intr) isr_tr_complete_handler(ci); if ((USBi_SLI & intr) && !(ci->suspended)) { -- 2.43.0

6 months, 2 weeks

2
3
0 0

[PATCH AUTOSEL 4.19 1/3] usb: chipidea: udc: handle USB Error Interrupt if IOC not set

by Sasha Levin

From: Xu Yang <xu.yang_2(a)nxp.com> [ Upstream commit 548f48b66c0c5d4b9795a55f304b7298cde2a025 ] As per USBSTS register description about UEI: When completion of a USB transaction results in an error condition, this bit is set by the Host/Device Controller. This bit is set along with the USBINT bit, if the TD on which the error interrupt occurred also had its interrupt on complete (IOC) bit set. UI is set only when IOC set. Add checking UEI to fix miss call isr_tr_complete_handler() when IOC have not set and transfer error happen. Acked-by: Peter Chen <peter.chen(a)kernel.com> Signed-off-by: Xu Yang <xu.yang_2(a)nxp.com> Link: https://lore.kernel.org/r/20240926022906.473319-1-xu.yang_2@nxp.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/chipidea/udc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c index 6a626f41cded1..27be93d12b59c 100644 --- a/drivers/usb/chipidea/udc.c +++ b/drivers/usb/chipidea/udc.c @@ -1902,7 +1902,7 @@ static irqreturn_t udc_irq(struct ci_hdrc *ci) } } - if (USBi_UI & intr) + if ((USBi_UI | USBi_UEI) & intr) isr_tr_complete_handler(ci); if ((USBi_SLI & intr) && !(ci->suspended)) { -- 2.43.0

6 months, 2 weeks

2
3
0 0

[PATCH] padata: Fix refcnt handling in padata_free_shell() again

by Zach Wade

testcases/kernel/crypto/pcrypt_aead01.c of LTP project has UAF. Steps to reproduce: 1. /sys/module/cryptomgr/parameters/notests is N 2. run LTP ./testcases/bin/pcrypt_aead01 There is a race condition when padata_free_shell is released, which causes it to be accessed after being released. We should use the rcu mechanism to protect it. cpu0 | cpu1 ================================================================ padata_do_parallel | padata_free_shell rcu_read_lock_bh | refcount_dec_and_test # run to here <- 1 | # run to here <- 2 refcount_inc(&pd->refcnt); | padata_free_pd <- 3 padata_work_alloc | ... rcu_read_unlock_bh | | There is a possibility of UAF after refcount_inc(&pd->refcnt). kasan report: [158753.658839] ================================================================== [158753.658851] BUG: KASAN: slab-use-after-free in padata_find_next+0x2d6/0x3f0 [158753.658868] Read of size 4 at addr ffff88812f8b8524 by task kworker/u158:0/988818 [158753.658878] [158753.658885] CPU: 23 UID: 0 PID: 988818 Comm: kworker/u158:0 Kdump: loaded Tainted: G W E 6.12.0-dirty #33 [158753.658902] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE [158753.658907] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022 [158753.658914] Workqueue: pdecrypt_parallel padata_parallel_worker [158753.658927] Call Trace: [158753.658932] <TASK> [158753.658938] dump_stack_lvl+0x5d/0x80 [158753.658960] print_report+0x174/0x505 [158753.658992] kasan_report+0xe0/0x160 [158753.659013] padata_find_next+0x2d6/0x3f0 [158753.659035] padata_reorder+0x1cc/0x400 [158753.659043] padata_parallel_worker+0x70/0x160 [158753.659051] process_one_work+0x646/0xeb0 [158753.659061] worker_thread+0x619/0x10e0 [158753.659092] kthread+0x28d/0x350 [158753.659102] ret_from_fork+0x31/0x70 [158753.659111] ret_from_fork_asm+0x1a/0x30 [158753.659117] </TASK> [158753.659119] [158753.659120] Allocated by task 1027931: [158753.659123] kasan_save_stack+0x30/0x50 [158753.659126] kasan_save_track+0x14/0x30 [158753.659128] __kasan_kmalloc+0xaa/0xb0 [158753.659130] padata_alloc_pd+0x69/0x9f0 [158753.659132] padata_alloc_shell+0x82/0x210 [158753.659134] pcrypt_create+0x13b/0x7a0 [pcrypt] [158753.659139] cryptomgr_probe+0x8d/0x230 [158753.659144] kthread+0x28d/0x350 [158753.659147] ret_from_fork+0x31/0x70 [158753.659150] ret_from_fork_asm+0x1a/0x30 [158753.659152] [158753.659153] Freed by task 1024357: [158753.659155] kasan_save_stack+0x30/0x50 [158753.659158] kasan_save_track+0x14/0x30 [158753.659160] kasan_save_free_info+0x3b/0x70 [158753.659164] __kasan_slab_free+0x4f/0x70 [158753.659167] kfree+0x119/0x440 [158753.659172] padata_free_shell+0x262/0x320 [158753.659174] pcrypt_free+0x43/0x90 [pcrypt] [158753.659177] crypto_destroy_instance_workfn+0x79/0xc0 [158753.659182] process_one_work+0x646/0xeb0 [158753.659184] worker_thread+0x619/0x10e0 [158753.659186] kthread+0x28d/0x350 [158753.659188] ret_from_fork+0x31/0x70 [158753.659191] ret_from_fork_asm+0x1a/0x30 [158753.659194] [158753.659195] The buggy address belongs to the object at ffff88812f8b8500 which belongs to the cache kmalloc-192 of size 192 [158753.659198] The buggy address is located 36 bytes inside of freed 192-byte region [ffff88812f8b8500, ffff88812f8b85c0) [158753.659202] [158753.659203] The buggy address belongs to the physical page: [158753.659205] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12f8b8 [158753.659209] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [158753.659212] anon flags: 0x10000000000040(head|node=0|zone=2) [158753.659216] page_type: f5(slab) [158753.659220] raw: 0010000000000040 ffff88810004c3c0 0000000000000000 dead000000000001 [158753.659223] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [158753.659225] head: 0010000000000040 ffff88810004c3c0 0000000000000000 dead000000000001 [158753.659228] head: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000 [158753.659230] head: 0010000000000001 ffffea0004be2e01 ffffffffffffffff 0000000000000000 [158753.659232] head: ffff888100000002 0000000000000000 00000000ffffffff 0000000000000000 [158753.659234] page dumped because: kasan: bad access detected [158753.659235] [158753.659236] Memory state around the buggy address: [158753.659238] ffff88812f8b8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [158753.659240] ffff88812f8b8480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [158753.659242] >ffff88812f8b8500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [158753.659243] ^ [158753.659245] ffff88812f8b8580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [158753.659247] ffff88812f8b8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [158753.659248] ================================================================== Fixes: 07928d9bfc81 ("padata: Remove broken queue flushing") Co-developed-by: Ding Hui <dinghui(a)sangfor.com.cn> Signed-off-by: Ding Hui <dinghui(a)sangfor.com.cn> Signed-off-by: Zach Wade <zachwade.k(a)gmail.com> --- include/linux/padata.h | 1 + kernel/padata.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/include/linux/padata.h b/include/linux/padata.h index 0146daf34430..ee6155689e47 100644 --- a/include/linux/padata.h +++ b/include/linux/padata.h @@ -103,6 +103,7 @@ struct parallel_data { int cpu; struct padata_cpumask cpumask; struct work_struct reorder_work; + struct rcu_head rcu; spinlock_t ____cacheline_aligned lock; }; diff --git a/kernel/padata.c b/kernel/padata.c index d51bbc76b227..3afdccc7e20e 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -1109,6 +1109,14 @@ struct padata_shell *padata_alloc_shell(struct padata_instance *pinst) } EXPORT_SYMBOL(padata_alloc_shell); +static void __padata_put_pd(struct rcu_head *head) +{ + struct parallel_data *pd = container_of(head, struct parallel_data, rcu); + + if (refcount_dec_and_test(&pd->refcnt)) + padata_free_pd(pd); +} + /** * padata_free_shell - free a padata shell * @@ -1124,9 +1132,8 @@ void padata_free_shell(struct padata_shell *ps) mutex_lock(&ps->pinst->lock); list_del(&ps->list); pd = rcu_dereference_protected(ps->pd, 1); - if (refcount_dec_and_test(&pd->refcnt)) - padata_free_pd(pd); mutex_unlock(&ps->pinst->lock); + call_rcu(&pd->rcu, __padata_put_pd); kfree(ps); } -- 2.46.0

6 months, 2 weeks

3
2
0 0

[PATCH v3] ARM: dts: ti/omap: gta04: fix pm issues caused by spi module

by Andreas Kemnade

Despite CM_IDLEST1_CORE and CM_FCLKEN1_CORE behaving normal, disabling SPI leads to messages like when suspending: Powerdomain (core_pwrdm) didn't enter target state 0 and according to /sys/kernel/debug/pm_debug/count off state is not entered. That was not connected to SPI during the discussion of disabling SPI. See: https://lore.kernel.org/linux-omap/20230122100852.32ae082c@aktux/ The reason is that SPI is per default in slave mode. Linux driver will turn it to master per default. It slave mode, the powerdomain seems to be kept active if active chip select input is sensed. Fix that by explicitly disabling the SPI3 pins which used to be muxed by the bootloader since they are available on an optionally fitted header which would require dtb overlays anyways. Fixes: a622310f7f01 ("ARM: dts: gta04: fix excess dma channel usage") CC: stable(a)vger.kernel.org Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> --- Changes in V3: - use gpio mode instead of mode7 which is not safe mode in this special case Changes in V2: - instead of reenabling mcspi, do a fix more near the root of the problem arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi b/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi index 2ee3ddd640209..536070e80b2c6 100644 --- a/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi +++ b/arch/arm/boot/dts/ti/omap/omap3-gta04.dtsi @@ -446,6 +446,7 @@ &omap3_pmx_core2 { pinctrl-names = "default"; pinctrl-0 = < &hsusb2_2_pins + &mcspi3hog_pins >; hsusb2_2_pins: hsusb2-2-pins { @@ -459,6 +460,15 @@ OMAP3630_CORE2_IOPAD(0x25fa, PIN_INPUT_PULLDOWN | MUX_MODE3) /* etk_d15.hsusb2_d >; }; + mcspi3hog_pins: mcspi3hog-pins { + pinctrl-single,pins = < + OMAP3630_CORE2_IOPAD(0x25dc, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d0 */ + OMAP3630_CORE2_IOPAD(0x25de, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d1 */ + OMAP3630_CORE2_IOPAD(0x25e0, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d2 */ + OMAP3630_CORE2_IOPAD(0x25e2, PIN_OUTPUT_PULLDOWN | MUX_MODE4) /* etk_d3 */ + >; + }; + spi_gpio_pins: spi-gpio-pinmux-pins { pinctrl-single,pins = < OMAP3630_CORE2_IOPAD(0x25d8, PIN_OUTPUT | MUX_MODE4) /* clk */ -- 2.39.2

6 months, 2 weeks

3
2
0 0

[PATCH v2] ARM: dts: dra7: Add bus_dma_limit for l4 cfg bus

by Romain Naour

From: Romain Naour <romain.naour(a)skf.com> A bus_dma_limit was added for l3 bus by commit cfb5d65f2595 ("ARM: dts: dra7: Add bus_dma_limit for L3 bus") to fix an issue observed only with SATA on DRA7-EVM with 4GB RAM and CONFIG_ARM_LPAE enabled. Since kernel 5.13, the SATA issue can be reproduced again following the SATA node move from L3 bus to L4_cfg in commit 8af15365a368 ("ARM: dts: Configure interconnect target module for dra7 sata"). Fix it by adding an empty dma-ranges property to l4_cfg and segment@100000 nodes (parent device tree node of SATA controller) to inherit the 2GB dma ranges limit from l3 bus node. Note: A similar fix was applied for PCIe controller by commit 90d4d3f4ea45 ("ARM: dts: dra7: Fix bus_dma_limit for PCIe"). Fixes: 8af15365a368 ("ARM: dts: Configure interconnect target module for dra7 sata"). Link: https://lore.kernel.org/linux-omap/c583e1bb-f56b-4489-8012-ce742e85f233@smi… Cc: <stable(a)vger.kernel.org> # 5.13 Signed-off-by: Romain Naour <romain.naour(a)skf.com> --- v2: add stable tag --- arch/arm/boot/dts/ti/omap/dra7-l4.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi b/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi index 6e67d99832ac..ba7fdaae9c6e 100644 --- a/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi +++ b/arch/arm/boot/dts/ti/omap/dra7-l4.dtsi @@ -12,6 +12,7 @@ &l4_cfg { /* 0x4a000000 */ ranges = <0x00000000 0x4a000000 0x100000>, /* segment 0 */ <0x00100000 0x4a100000 0x100000>, /* segment 1 */ <0x00200000 0x4a200000 0x100000>; /* segment 2 */ + dma-ranges; segment@0 { /* 0x4a000000 */ compatible = "simple-pm-bus"; @@ -557,6 +558,7 @@ segment@100000 { /* 0x4a100000 */ <0x0007e000 0x0017e000 0x001000>, /* ap 124 */ <0x00059000 0x00159000 0x001000>, /* ap 125 */ <0x0005a000 0x0015a000 0x001000>; /* ap 126 */ + dma-ranges; target-module@2000 { /* 0x4a102000, ap 27 3c.0 */ compatible = "ti,sysc"; -- 2.45.0

6 months, 2 weeks

2
1
0 0

[PATCH] cpufreq: fix using cpufreq-dt as module

by Andreas Kemnade

E.g. omap2plus_defconfig compiles cpufreq-dt as module. As there is no module alias nor a module_init(), cpufreq-dt-platdev will not be used and therefore on several omap platforms there is no cpufreq. Enforce builtin compile of cpufreq-dt-platdev to make it effective. Fixes: 3b062a086984 ("cpufreq: dt-platdev: Support building as module") Cc: stable(a)vger.kernel.org Signed-off-by: Andreas Kemnade <andreas(a)kemnade.info> --- drivers/cpufreq/Kconfig | 2 +- drivers/cpufreq/cpufreq-dt-platdev.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/cpufreq/Kconfig b/drivers/cpufreq/Kconfig index 2561b215432a8..4547adf5d2a7d 100644 --- a/drivers/cpufreq/Kconfig +++ b/drivers/cpufreq/Kconfig @@ -218,7 +218,7 @@ config CPUFREQ_DT If in doubt, say N. config CPUFREQ_DT_PLATDEV - tristate "Generic DT based cpufreq platdev driver" + bool "Generic DT based cpufreq platdev driver" depends on OF help This adds a generic DT based cpufreq platdev driver for frequency diff --git a/drivers/cpufreq/cpufreq-dt-platdev.c b/drivers/cpufreq/cpufreq-dt-platdev.c index 18942bfe9c95f..78ad3221fe077 100644 --- a/drivers/cpufreq/cpufreq-dt-platdev.c +++ b/drivers/cpufreq/cpufreq-dt-platdev.c @@ -234,5 +234,3 @@ static int __init cpufreq_dt_platdev_init(void) sizeof(struct cpufreq_dt_platform_data))); } core_initcall(cpufreq_dt_platdev_init); -MODULE_DESCRIPTION("Generic DT based cpufreq platdev driver"); -MODULE_LICENSE("GPL"); -- 2.39.2

6 months, 2 weeks

3
4
0 0

[PATCH] nvme-pci: Remove O2 Queue Depth quirk

by Gwendal Grignou

PCI_DEVICE(0x1217, 0x8760) (O2 Micro, Inc. FORESEE E2M2 NVMe SSD) is a NMVe to eMMC bridge, that can be used with different eMMC memory devices. The NVMe device name contains the eMMC device name, for instance: `BAYHUB SanDisk-DA4128-91904055-128GB` The bridge is known to work with many eMMC devices, we need to limit the queue depth once we know which eMMC device is behind the bridge. Fixes: commit 83bdfcbdbe5d ("nvme-pci: qdepth 1 quirk") Cc: stable(a)vger.kernel.org Signed-off-by: Gwendal Grignou <gwendal(a)chromium.org> --- drivers/nvme/host/pci.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index 4b9fda0b1d9a3..1c908e129fddf 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -3448,8 +3448,6 @@ static const struct pci_device_id nvme_id_table[] = { NVME_QUIRK_BOGUS_NID, }, { PCI_VDEVICE(REDHAT, 0x0010), /* Qemu emulated controller */ .driver_data = NVME_QUIRK_BOGUS_NID, }, - { PCI_DEVICE(0x1217, 0x8760), /* O2 Micro 64GB Steam Deck */ - .driver_data = NVME_QUIRK_QDEPTH_ONE }, { PCI_DEVICE(0x126f, 0x2262), /* Silicon Motion generic */ .driver_data = NVME_QUIRK_NO_DEEPEST_PS | NVME_QUIRK_BOGUS_NID, }, -- 2.47.0.163.g1226f6d8fa-goog

6 months, 2 weeks

5
7
0 0

[PATCH v1] selftests/memfd: Run sysctl tests when PID namespace support is enabled

by Isaac J. Manjarres

The sysctl tests for vm.memfd_noexec rely on the kernel to support PID namespaces (i.e. the kernel is built with CONFIG_PID_NS=y). If the kernel the test runs on does not support PID namespaces, the first sysctl test will fail when attempting to spawn a new thread in a new PID namespace, abort the test, preventing the remaining tests from being run. This is not desirable, as not all kernels need PID namespaces, but can still use the other features provided by memfd. Therefore, only run the sysctl tests if the kernel supports PID namespaces. Otherwise, skip those tests and emit an informative message to let the user know why the sysctl tests are not being run. Fixes: 11f75a01448f ("selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC") Cc: stable(a)vger.kernel.org # v6.6+ Cc: Jeff Xu <jeffxu(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Kalesh Singh <kaleshsingh(a)google.com> Signed-off-by: Isaac J. Manjarres <isaacmanjarres(a)google.com> --- tools/testing/selftests/memfd/memfd_test.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c index 95af2d78fd31..0a0b55516028 100644 --- a/tools/testing/selftests/memfd/memfd_test.c +++ b/tools/testing/selftests/memfd/memfd_test.c @@ -9,6 +9,7 @@ #include <fcntl.h> #include <linux/memfd.h> #include <sched.h> +#include <stdbool.h> #include <stdio.h> #include <stdlib.h> #include <signal.h> @@ -1557,6 +1558,11 @@ static void test_share_fork(char *banner, char *b_suffix) close(fd); } +static bool pid_ns_supported(void) +{ + return access("/proc/self/ns/pid", F_OK) == 0; +} + int main(int argc, char **argv) { pid_t pid; @@ -1591,8 +1597,12 @@ int main(int argc, char **argv) test_seal_grow(); test_seal_resize(); - test_sysctl_simple(); - test_sysctl_nested(); + if (pid_ns_supported()) { + test_sysctl_simple(); + test_sysctl_nested(); + } else { + printf("PID namespaces are not supported; skipping sysctl tests\n"); + } test_share_dup("SHARE-DUP", ""); test_share_mmap("SHARE-MMAP", ""); -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

2
1
0 0

QNX6 Linux kernel module RO limitation

by Richa Sahasrabudhe

Hi I am trying to use the linux qnx6 module to mount a QNX6 filesystem partition from an SSD onto a linux host. I am able to mount the partition, however any file > 2GB get truncated (or corrupted?) to 2GB when read from the mountpoint. Questions - Is there a limitation on maximum file size that the module supports? I have tried formatting the QNX6 partition to use 1K, 4K, and 16K block size. The linux module could only mount ones with 1K & 4K bs. However, both cannot read files >2GB without corruption. 16K did not mount — “mount: /mnt/qnx6_16kbs: wrong fs type, bad option, bad superblock on /dev/nvme1n3p2, missing codepage or helper program, or other error.” Is there a limitation on block size supported by this module? I browsed the kernel source code to look for any such limitations, but I could not find any. I want to patch the module to add support for files >2GB. Can you please provide some inputs that will help me find the appropriate part of the code? $ modinfo qnx6 filename: /lib/modules/6.8.0-45-generic/kernel/fs/qnx6/qnx6.ko license: GPL alias: fs-qnx6 srcversion: B81F3D9620B1753DF4431D7 depends: retpoline: Y intree: Y name: qnx6 vermagic: 6.8.0-45-generic SMP preempt mod_unload modversions sig_id: PKCS#7 signer: Build time autogenerated kernel key sig_key: 03:0B:6C:98:F4:46:33:57:AA:65:3F:5B:DF:E4:5A:02:84:DF:3A:24 sig_hashalgo: sha512 signature: 0D:5A:21:4B:A4:74:DF:06:9C:63:9F:51:02:7A:DD:54:EE:94:A8:F5: 22:3F:B2:1A:F7:1B:BC:55:3B:D5:25:A2:01:C7:40:9B:E8:A1:50:F5: 67:25:1B:5E:2A:F4:F0:6F:B2:50:1F:0C:86:39:5F:0D:03:B4:68:F5: C9:F7:A5:29:78:01:FE:4E:28:75:94:17:0D:9A:B7:D0:24:E3:1B:3A: 80:C3:FB:DE:04:66:75:2A:4B:BF:D1:3D:6E:49:C7:52:81:B8:00:F7: 53:B8:58:67:42:85:7A:87:76:07:0D:75:E8:D4:18:7D:D7:03:6F:5B: 37:25:99:A4:CD:19:9D:A5:57:11:B9:2A:12:00:F2:F6:23:69:67:59: F9:BA:D1:2B:69:C7:4D:9E:57:3E:ED:11:6B:64:E2:9F:68:99:71:3D: EC:21:FE:E5:3A:21:D2:5A:75:9C:FF:CB:79:65:11:C1:05:49:17:73: 98:B0:D2:2B:68:11:FD:ED:02:64:5E:B8:80:85:59:5A:33:A5:9D:B9: 51:49:A2:E2:7B:BB:75:C7:AB:A6:68:C5:99:51:07:F6:49:07:B0:F1: BE:72:21:42:B7:2C:81:03:AC:63:BD:C6:C6:F6:D4:B9:BC:D3:93:BA: F6:E2:16:B6:DA:1A:F6:1F:89:CF:B5:40:A8:C0:6B:70:7F:A2:08:EE: 03:9D:4D:7E:81:4F:45:D2:61:77:AE:60:01:30:E5:AE:B9:42:63:6A: FC:7F:95:78:73:9C:24:D2:C5:F0:58:C2:10:14:18:08:DF:57:50:34: 35:50:4F:DA:D6:29:78:75:9C:1E:1F:1F:9D:C0:A1:1A:2E:02:2B:A5: B0:FB:C6:F3:F1:42:B4:03:49:25:20:5F:C9:1F:5A:C1:2B:CE:71:A9: 5C:F6:9D:04:25:41:52:F9:E7:64:1A:0B:85:85:D3:20:7E:AC:93:5C: 83:F7:FB:78:59:33:30:AE:66:A9:00:0A:66:B2:5B:37:1C:5B:4B:C3: CD:48:9F:A4:96:28:BA:12:EF:7D:CB:75:D7:55:A5:FA:03:D7:1B:E0: FE:14:A4:68:38:87:1D:39:58:B1:85:09:1B:6C:FC:30:1A:FD:A5:AE: 1F:73:1D:B1:5E:22:0A:D6:13:85:93:DA:A7:C1:65:63:CB:E8:86:28: 79:38:FD:8A:84:DE:C4:BB:C6:07:83:4C:58:95:D4:C7:DB:41:DE:52: 27:09:96:CF:43:CD:35:DC:12:92:13:3A:80:8C:04:B1:33:1D:A2:14: 1F:58:6A:DE:DB:D0:D8:78:0D:B8:AF:0C:3B:2C:DA:3A:67:F0:57:EE: AE:DE:22:BB:DF:E1:CC:11:E9:33:A6:49 Thanks! - Richa

6 months, 2 weeks

1
0
0 0

[PATCHSET v2] xfs: proposed bug fixes for 6.13

by Darrick J. Wong

Hi all, Here are even more bugfixes for 6.13 that have been accumulating since 6.12 was released. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. With a bit of luck, this should all go splendidly. Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=pr… --- Commits in this patchset: * xfs: don't move nondir/nonreg temporary repair files to the metadir namespace * xfs: don't crash on corrupt /quotas dirent * xfs: check pre-metadir fields correctly * xfs: fix zero byte checking in the superblock scrubber * xfs: return from xfs_symlink_verify early on V4 filesystems * xfs: port xfs_ioc_start_commit to multigrain timestamps --- fs/xfs/libxfs/xfs_symlink_remote.c | 4 ++ fs/xfs/scrub/agheader.c | 66 ++++++++++++++++++++++++++++-------- fs/xfs/scrub/tempfile.c | 3 ++ fs/xfs/xfs_exchrange.c | 14 ++++---- fs/xfs/xfs_qm.c | 7 ++++ 5 files changed, 71 insertions(+), 23 deletions(-)

6 months, 2 weeks

5
34
0 0

[PATCH] usb: ohci-spear: fix call balance of sohci_p->clk handling routines

by Vitalii Mordan

If the clock sohci_p->clk was not enabled in spear_ohci_hcd_drv_probe, it should not be disabled in any path. Conversely, if it was enabled in spear_ohci_hcd_drv_probe, it must be disabled in all error paths to ensure proper cleanup. The check inside spear_ohci_hcd_drv_resume() actually doesn't prevent the clock to be unconditionally disabled later during the driver removal but it is still good to have the check at least so that the PM core would duly print the errors in the system log. This would also be consistent with the similar code paths in ->resume() functions of other usb drivers, e.g. in exynos_ehci_resume(). Found by Linux Verification Center (linuxtesting.org) with Klever. Fixes: 1cc6ac59ffaa ("USB: OHCI: make ohci-spear a separate driver") Cc: stable(a)vger.kernel.org Signed-off-by: Vitalii Mordan <mordan(a)ispras.ru> --- drivers/usb/host/ohci-spear.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/drivers/usb/host/ohci-spear.c b/drivers/usb/host/ohci-spear.c index 993f347c5c28..6f6ae6fadfe5 100644 --- a/drivers/usb/host/ohci-spear.c +++ b/drivers/usb/host/ohci-spear.c @@ -80,7 +80,9 @@ static int spear_ohci_hcd_drv_probe(struct platform_device *pdev) sohci_p = to_spear_ohci(hcd); sohci_p->clk = usbh_clk; - clk_prepare_enable(sohci_p->clk); + retval = clk_prepare_enable(sohci_p->clk); + if (retval) + goto err_put_hcd; retval = usb_add_hcd(hcd, irq, 0); if (retval == 0) { @@ -103,8 +105,7 @@ static void spear_ohci_hcd_drv_remove(struct platform_device *pdev) struct spear_ohci *sohci_p = to_spear_ohci(hcd); usb_remove_hcd(hcd); - if (sohci_p->clk) - clk_disable_unprepare(sohci_p->clk); + clk_disable_unprepare(sohci_p->clk); usb_put_hcd(hcd); } @@ -137,12 +138,15 @@ static int spear_ohci_hcd_drv_resume(struct platform_device *dev) struct usb_hcd *hcd = platform_get_drvdata(dev); struct ohci_hcd *ohci = hcd_to_ohci(hcd); struct spear_ohci *sohci_p = to_spear_ohci(hcd); + int ret; if (time_before(jiffies, ohci->next_statechange)) msleep(5); ohci->next_statechange = jiffies; - clk_prepare_enable(sohci_p->clk); + ret = clk_prepare_enable(sohci_p->clk); + if (ret) + return ret; ohci_resume(hcd, false); return 0; } -- 2.25.1

6 months, 2 weeks

2
1
0 0

[tip: x86/urgent] x86/cpu/topology: Remove limit of CPUs due to disabled IO/APIC

by tip-bot2 for Fernando Fernandez Mancera

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 73da582a476ea6e3512f89f8ed57dfed945829a2 Gitweb: https://git.kernel.org/tip/73da582a476ea6e3512f89f8ed57dfed945829a2 Author: Fernando Fernandez Mancera <ffmancera(a)riseup.net> AuthorDate: Mon, 02 Dec 2024 14:58:45 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Thu, 05 Dec 2024 14:43:32 +01:00 x86/cpu/topology: Remove limit of CPUs due to disabled IO/APIC The rework of possible CPUs management erroneously disabled SMP when the IO/APIC is disabled either by the 'noapic' command line parameter or during IO/APIC setup. SMP is possible without IO/APIC. Remove the ioapic_is_disabled conditions from the relevant possible CPU management code paths to restore the orgininal behaviour. Fixes: 7c0edad3643f ("x86/cpu/topology: Rework possible CPU management") Signed-off-by: Fernando Fernandez Mancera <ffmancera(a)riseup.net> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20241202145905.1482-1-ffmancera@riseup.net --- arch/x86/kernel/cpu/topology.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/cpu/topology.c b/arch/x86/kernel/cpu/topology.c index 621a151..b2e313e 100644 --- a/arch/x86/kernel/cpu/topology.c +++ b/arch/x86/kernel/cpu/topology.c @@ -428,8 +428,8 @@ void __init topology_apply_cmdline_limits_early(void) { unsigned int possible = nr_cpu_ids; - /* 'maxcpus=0' 'nosmp' 'nolapic' 'disableapic' 'noapic' */ - if (!setup_max_cpus || ioapic_is_disabled || apic_is_disabled) + /* 'maxcpus=0' 'nosmp' 'nolapic' 'disableapic' */ + if (!setup_max_cpus || apic_is_disabled) possible = 1; /* 'possible_cpus=N' */ @@ -443,7 +443,7 @@ void __init topology_apply_cmdline_limits_early(void) static __init bool restrict_to_up(void) { - if (!smp_found_config || ioapic_is_disabled) + if (!smp_found_config) return true; /* * XEN PV is special as it does not advertise the local APIC

6 months, 2 weeks

1
0
0 0

[PATCH v2 3/6] arm64/kvm: Configure HYP TCR.PS/DS based on host stage1

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> When the host stage1 is configured for LPA2, the value currently being programmed into TCR_EL2.T0SZ may be invalid unless LPA2 is configured at HYP as well. This means kvm_lpa2_is_enabled() is not the right condition to test when setting TCR_EL2.DS, as it will return false if LPA2 is only available for stage 1 but not for stage 2. Similary, programming TCR_EL2.PS based on a limited IPA range due to lack of stage2 LPA2 support could potentially result in problems. So use lpa2_is_enabled() instead, and set the PS field according to the host's IPS, which is capped at 48 bits if LPA2 support is absent or disabled. Whether or not we can make meaningful use of such a configuration is a different question. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/arm64/kvm/arm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index a102c3aebdbc..7b2735ad32e9 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -1990,8 +1990,7 @@ static int kvm_init_vector_slots(void) static void __init cpu_prepare_hyp_mode(int cpu, u32 hyp_va_bits) { struct kvm_nvhe_init_params *params = per_cpu_ptr_nvhe_sym(kvm_init_params, cpu); - u64 mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1); - unsigned long tcr; + unsigned long tcr, ips; /* * Calculate the raw per-cpu offset without a translation from the @@ -2005,6 +2004,7 @@ static void __init cpu_prepare_hyp_mode(int cpu, u32 hyp_va_bits) params->mair_el2 = read_sysreg(mair_el1); tcr = read_sysreg(tcr_el1); + ips = FIELD_GET(TCR_IPS_MASK, tcr); if (cpus_have_final_cap(ARM64_KVM_HVHE)) { tcr |= TCR_EPD1_MASK; } else { @@ -2014,8 +2014,8 @@ static void __init cpu_prepare_hyp_mode(int cpu, u32 hyp_va_bits) tcr &= ~TCR_T0SZ_MASK; tcr |= TCR_T0SZ(hyp_va_bits); tcr &= ~TCR_EL2_PS_MASK; - tcr |= FIELD_PREP(TCR_EL2_PS_MASK, kvm_get_parange(mmfr0)); - if (kvm_lpa2_is_enabled()) + tcr |= FIELD_PREP(TCR_EL2_PS_MASK, ips); + if (lpa2_is_enabled()) tcr |= TCR_EL2_DS; params->tcr_el2 = tcr; -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

1
0
0 0

[PATCH v2 2/6] arm64/mm: Override PARange for !LPA2 and use it consistently

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> When FEAT_LPA{,2} are not implemented, the ID_AA64MMFR0_EL1.PARange and TCR.IPS values corresponding with 52-bit physical addressing are reserved. Setting the TCR.IPS field to 0b110 (52-bit physical addressing) has side effects, such as how the TTBRn_ELx.BADDR fields are interpreted, and so it is important that disabling FEAT_LPA2 (by overriding the ID_AA64MMFR0.TGran fields) also presents a PARange field consistent with that. So limit the field to 48 bits unless LPA2 is enabled, and update existing references to use the override consistently. Fixes: 352b0395b505 ("arm64: Enable 52-bit virtual addressing for 4k and 16k granule configs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- arch/arm64/include/asm/assembler.h | 5 +++++ arch/arm64/kernel/cpufeature.c | 2 +- arch/arm64/kernel/pi/idreg-override.c | 9 +++++++++ arch/arm64/kernel/pi/map_kernel.c | 6 ++++++ arch/arm64/mm/init.c | 7 ++++++- 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h index 3d8d534a7a77..ad63457a05c5 100644 --- a/arch/arm64/include/asm/assembler.h +++ b/arch/arm64/include/asm/assembler.h @@ -343,6 +343,11 @@ alternative_cb_end // Narrow PARange to fit the PS field in TCR_ELx ubfx \tmp0, \tmp0, #ID_AA64MMFR0_EL1_PARANGE_SHIFT, #3 mov \tmp1, #ID_AA64MMFR0_EL1_PARANGE_MAX +#ifdef CONFIG_ARM64_LPA2 +alternative_if_not ARM64_HAS_VA52 + mov \tmp1, #ID_AA64MMFR0_EL1_PARANGE_48 +alternative_else_nop_endif +#endif cmp \tmp0, \tmp1 csel \tmp0, \tmp1, \tmp0, hi bfi \tcr, \tmp0, \pos, #3 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 6ce71f444ed8..f8cb8a6ab98a 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -3478,7 +3478,7 @@ static void verify_hyp_capabilities(void) return; safe_mmfr1 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1); - mmfr0 = read_cpuid(ID_AA64MMFR0_EL1); + mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1); mmfr1 = read_cpuid(ID_AA64MMFR1_EL1); /* Verify VMID bits */ diff --git a/arch/arm64/kernel/pi/idreg-override.c b/arch/arm64/kernel/pi/idreg-override.c index 22159251eb3a..c6b185b885f7 100644 --- a/arch/arm64/kernel/pi/idreg-override.c +++ b/arch/arm64/kernel/pi/idreg-override.c @@ -83,6 +83,15 @@ static bool __init mmfr2_varange_filter(u64 val) id_aa64mmfr0_override.val |= (ID_AA64MMFR0_EL1_TGRAN_LPA2 - 1) << ID_AA64MMFR0_EL1_TGRAN_SHIFT; id_aa64mmfr0_override.mask |= 0xfU << ID_AA64MMFR0_EL1_TGRAN_SHIFT; + + /* + * Override PARange to 48 bits - the override will just be + * ignored if the actual PARange is smaller, but this is + * unlikely to be the case for LPA2 capable silicon. + */ + id_aa64mmfr0_override.val |= + ID_AA64MMFR0_EL1_PARANGE_48 << ID_AA64MMFR0_EL1_PARANGE_SHIFT; + id_aa64mmfr0_override.mask |= 0xfU << ID_AA64MMFR0_EL1_PARANGE_SHIFT; } #endif return true; diff --git a/arch/arm64/kernel/pi/map_kernel.c b/arch/arm64/kernel/pi/map_kernel.c index f374a3e5a5fe..e57b043f324b 100644 --- a/arch/arm64/kernel/pi/map_kernel.c +++ b/arch/arm64/kernel/pi/map_kernel.c @@ -136,6 +136,12 @@ static void noinline __section(".idmap.text") set_ttbr0_for_lpa2(u64 ttbr) { u64 sctlr = read_sysreg(sctlr_el1); u64 tcr = read_sysreg(tcr_el1) | TCR_DS; + u64 mmfr0 = read_sysreg(id_aa64mmfr0_el1); + u64 parange = cpuid_feature_extract_unsigned_field(mmfr0, + ID_AA64MMFR0_EL1_PARANGE_SHIFT); + + tcr &= ~TCR_IPS_MASK; + tcr |= parange << TCR_IPS_SHIFT; asm(" msr sctlr_el1, %0 ;" " isb ;" diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c index d21f67d67cf5..2b2289d55eaa 100644 --- a/arch/arm64/mm/init.c +++ b/arch/arm64/mm/init.c @@ -280,7 +280,12 @@ void __init arm64_memblock_init(void) if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) { extern u16 memstart_offset_seed; - u64 mmfr0 = read_cpuid(ID_AA64MMFR0_EL1); + + /* + * Use the sanitised version of id_aa64mmfr0_el1 so that linear + * map randomization can be enabled by shrinking the IPA space. + */ + u64 mmfr0 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR0_EL1); int parange = cpuid_feature_extract_unsigned_field( mmfr0, ID_AA64MMFR0_EL1_PARANGE_SHIFT); s64 range = linear_region_size - -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

1
0
0 0

[PATCH 6.11 000/817] 6.11.11-rc1 review

by Greg Kroah-Hartman

----------- Note, this is will probably be the last 6.11.y kernel to be released. Please move to the 6.12.y branch at this time. ----------- This is the start of the stable review cycle for the 6.11.11 release. There are 817 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 05 Dec 2024 14:36:47 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.11-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.11-rc1 Ming Lei <ming.lei(a)redhat.com> block: don't verify IO lock for freeze/unfreeze in elevator_init_mq() Ming Lei <ming.lei(a)redhat.com> block: always verify unfreeze lock on the owner task Patryk Wlazlyn <patryk.wlazlyn(a)linux.intel.com> tools/power turbostat: Fix child's argument forwarding Zhang Rui <rui.zhang(a)intel.com> tools/power turbostat: Fix trailing '\n' parsing Dan Carpenter <dan.carpenter(a)linaro.org> sh: intc: Fix use-after-free bug in register_intc_controller() Zhang Xianwei <zhang.xianwei8(a)zte.com.cn> brd: decrease the number of allocated pages which discarded Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix bfqq uaf in bfq_limit_depth() Benjamin Coddington <bcodding(a)redhat.com> nfs/blocklayout: Limit repeat device registration on failure Benjamin Coddington <bcodding(a)redhat.com> nfs/blocklayout: Don't attempt unregister for invalid block device Liu Jian <liujian56(a)huawei.com> sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT Liu Jian <liujian56(a)huawei.com> sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when mounting nfs Dan Carpenter <dan.carpenter(a)linaro.org> cifs: unlock on error in smb3_reconfigure() Shyam Prasad N <sprasad(a)microsoft.com> cifs: during remount, make sure passwords are in sync Masahiro Yamada <masahiroy(a)kernel.org> modpost: remove incorrect code in do_eisa_entry() John Garry <john.g.garry(a)oracle.com> block: Don't allow an atomic write be truncated in blkdev_write_iter() Paul Aurich <paul(a)darkrain42.org> smb: Initialize cfid->tcon before performing network ops Matt Fleming <mfleming(a)cloudflare.com> kbuild: deb-pkg: Don't fail if modules.order is missing Masahiro Yamada <masahiroy(a)kernel.org> Rename .data.once to .data..once to fix resetting WARN*_ONCE Masahiro Yamada <masahiroy(a)kernel.org> Rename .data.unlikely to .data..unlikely Maxime Chevallier <maxime.chevallier(a)bootlin.com> rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Pali Rohár <pali(a)kernel.org> cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Pali Rohár <pali(a)kernel.org> cifs: Fix parsing native symlinks relative to the export Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> x86/Documentation: Update algo in init_size description of boot protocol Henrique Carvalho <henrique.carvalho(a)suse.com> smb: client: disable directory caching when dir_cache_timeout is zero Namhyung Kim <namhyung(a)kernel.org> perf/arm-cmn: Ensure port and device id bits are set properly Chun-Tse Shao <ctshao(a)google.com> perf/arm-smmuv3: Fix lockdep assert in ->event_init() Alex Zenla <alex(a)edera.dev> 9p/xen: fix release of IRQ Alex Zenla <alex(a)edera.dev> 9p/xen: fix init sequence Nilay Shroff <nilay(a)linux.ibm.com> nvme-fabrics: fix kernel crash while shutting down controller Christoph Hellwig <hch(a)lst.de> block: return unsigned int from bdev_io_min Yu Kuai <yukuai3(a)huawei.com> block: fix uaf for flush rq while iterating tags Ming Lei <ming.lei(a)redhat.com> block: model freeze & enter queue as lock for supporting lockdep Ming Lei <ming.lei(a)redhat.com> blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs Breno Leitao <leitao(a)debian.org> nvme/multipath: Fix RCU list traversal to use SRCU primitive Hannes Reinecke <hare(a)kernel.org> nvme-multipath: avoid hang on inaccessible namespaces Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "nfs: don't reuse partially completed requests in nfs_lock_and_join_requests" Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: rzn1: fix BCD to rtc_time conversion errors Qingfang Deng <qingfang.deng(a)siflower.com.cn> jffs2: fix use of uninitialized variable Waqar Hameed <waqar.hameed(a)axis.com> ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: Fix duplicate slab cache names while attaching Zhihao Cheng <chengzhihao1(a)huawei.com> ubifs: Correct the total block count by deducting journal reservation Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty Yongliang Gao <leonylgao(a)tencent.com> rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Nobuhiro Iwamatsu <iwamatsu(a)nigauri.org> rtc: abx80x: Fix WDT bit position of the status register Jinjie Ruan <ruanjinjie(a)huawei.com> rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.0: Fix a use-after-free problem in the asynchronous open() Tiwei Bie <tiwei.btw(a)antgroup.com> um: Always dump trace for specified task in show_stack Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Initialize ubd's disk pointer in ubd_add Christoph Hellwig <hch(a)lst.de> kfifo: don't include dma-mapping.h in kfifo.h Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix the return value of elf_core_copy_task_fpregs Tiwei Bie <tiwei.btw(a)antgroup.com> um: Fix potential integer overflow during physmem setup Yang Erkun <yangerkun(a)huawei.com> SUNRPC: make sure cache entry active before cache_show Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a potential integer overflow Yuan Can <yuancan(a)huawei.com> Input: cs40l50 - fix wrong usage of INIT_WORK() Ma Wupeng <mawupeng1(a)huawei.com> ipc: fix memleak if msg_init_ns failed in create_ipc_ns Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on node blkaddr in truncate_node() Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> lib: string_helpers: silence snprintf() output truncation warning Ming Lei <ming.lei(a)redhat.com> ublk: fix error code for unsupported command Javier Carrasco <javier.carrasco.cruz(a)gmail.com> counter: stm32-timer-cnt: fix device_node handling in probe_encoder() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix looping of queued SG entries Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: gadget: Fix checking for number of TRBs left Hubert Wiśniewski <hubert.wisniewski.25632(a)gmail.com> usb: musb: Fix hardware lockup on first Rx endpoint request Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> usb: misc: ljca: move usb_autopm_put_interface() after wait for response Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> usb: misc: ljca: set small runtime autosuspend delay Paul Aurich <paul(a)darkrain42.org> smb: During unmount, ensure all cached dir instances drop their dentry Paul Aurich <paul(a)darkrain42.org> smb: prevent use-after-free due to open_cached_dir error paths Paul Aurich <paul(a)darkrain42.org> smb: Don't leak cfid when reconnect races with open_cached_dir Paulo Alcantara <pc(a)manguebit.com> smb: client: handle max length for SMB symlinks Steve French <stfrench(a)microsoft.com> smb3: request handle caching when caching directories Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Apply quirk for Medion E15433 Dinesh Kumar <desikumar81(a)gmail.com> ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC225 depop procedure Takashi Iwai <tiwai(a)suse.de> ALSA: pcm: Add sanity NULL check for the default mmap fault handler Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix evaluation of MIDI 1.0 FB info Takashi Iwai <tiwai(a)suse.de> ALSA: rawmidi: Fix kvfree() call in spinlock Hans Verkuil <hverkuil(a)xs4all.nl> media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Javier Carrasco <javier.carrasco.cruz(a)gmail.com> soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() Joe Damato <jdamato(a)fastly.com> netdev-genl: Hold rcu_read_lock in napi_get Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> media: intel/ipu6: do not handle interrupts when device is disabled Qiu-ji Chen <chenqiuji666(a)gmail.com> media: wl128x: Fix atomicity violation in fmc_send_cmd() Peter Große <pegro(a)friiks.de> i40e: Fix handling changed priv flags Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Ziwei Xiao <ziweixiao(a)google.com> gve: Flow steering trigger reset only for timeout error Bart Van Assche <bvanassche(a)acm.org> blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Muchun Song <muchun.song(a)linux.dev> block: fix ordering between checking BLK_MQ_S_STOPPED request adding Muchun Song <muchun.song(a)linux.dev> block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding Muchun Song <muchun.song(a)linux.dev> block: fix missing dispatching request when queue is started or unquiesced Will Deacon <will(a)kernel.org> arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Ming Lei <ming.lei(a)redhat.com> ublk: fix ublk_ch_mmap() for 64K page size Zicheng Qu <quzicheng(a)huawei.com> iio: gts: Fix uninitialized symbol 'ret' Huacai Chen <chenhuacai(a)kernel.org> sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Tiwei Bie <tiwei.btw(a)antgroup.com> um: vector: Do not use drvdata in release Damien Le Moal <dlemoal(a)kernel.org> block: Prevent potential deadlock in blk_revalidate_disk_zones() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode() Arnd Bergmann <arnd(a)arndb.de> serial: amba-pl011: fix build regression Kartik Rajput <kkartik(a)nvidia.com> serial: amba-pl011: Fix RX stall when DMA is used Bin Liu <b-liu(a)ti.com> serial: 8250: omap: Move pm_runtime_get_sync Filip Brozovic <fbrozovic(a)gmail.com> serial: 8250_fintek: Add support for F81216E Michal Simek <michal.simek(a)amd.com> dt-bindings: serial: rs485: Fix rs485-rts-delay property Tiwei Bie <tiwei.btw(a)antgroup.com> um: net: Do not use drvdata in release Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Do not use drvdata in release Zhihao Cheng <chengzhihao1(a)huawei.com> ubi: wl: Put source PEB into correct list if trying locking LEB failed Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> x86/CPU/AMD: Terminate the erratum_1386_microcode array Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain Javier Carrasco <javier.carrasco.cruz(a)gmail.com> platform/chrome: cros_ec_typec: fix missing fwnode reference decrement Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL ptr deref in crypto_aead_setkey() Yunseong Kim <yskelg(a)gmail.com> ksmbd: fix use-after-free in SMB request handling Jesse Taube <jesse(a)rivosinc.com> RISC-V: Check scalar unaligned access on all CPUs Jesse Taube <jesse(a)rivosinc.com> RISC-V: Scalar unaligned access emulated on hotplug CPUs Josh Poimboeuf <jpoimboe(a)kernel.org> parisc/ftrace: Fix function graph tracing disablement Meetakshi Setiya <msetiya(a)microsoft.com> cifs: support mounting with alternate password to allow password rotation Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() Cheng Ming Lin <chengminglin(a)mxic.com.tw> mtd: spi-nor: core: replace dummy buswidth from addr to data Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> spi: Fix acpi deferred irq probe Jeongjun Park <aha310510(a)gmail.com> netfilter: ipset: add missing range check in bitmap_ip_uadt Sai Kumar Cholleti <skmr537(a)gmail.com> gpio: exar: set value when external pull-up or pull-down is present Mikulas Patocka <mpatocka(a)redhat.com> blk-settings: round down io_opt to physical_block_size Pavel Begunkov <asml.silence(a)gmail.com> io_uring: check for overflows in io_pin_pages Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix corner case forgetting to vunmap Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Michal Vrastil <michal.vrastil(a)hidglobal.com> Revert "usb: gadget: composite: fix OS descriptors w_value logic" Jaegeuk Kim <jaegeuk(a)kernel.org> Revert "f2fs: remove unreachable lazytime mount option parsing" Christian Brauner <brauner(a)kernel.org> Revert "fs: don't block i_writecount during exec" Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "exec: don't WARN for racy path_noexec check" Javier Carrasco <javier.carrasco.cruz(a)gmail.com> wifi: brcmfmac: release 'root' node in all execution paths Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> wifi: ath12k: fix crash when unbinding Aleksei Vetrov <vvvvvv(a)google.com> wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan Guilherme G. Piccoli <gpiccoli(a)igalia.com> wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> wifi: ath12k: fix warning when unbinding Andreas Kemnade <andreas(a)kemnade.info> ARM: dts: omap36xx: declare 1GHz OPP as turbo again Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid queuing redundant Stop Endpoint commands Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix TD invalidation under pending Set TR Dequeue Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Limit Stop Endpoint retries Andrej Shadura <andrew.shadura(a)collabora.co.uk> Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Don't issue Reset Device command to Etron xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Don't perform Soft Retry for Etron xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Combine two if statements for Etron xHCI host Kuangyi Chiang <ki.chiang65(a)gmail.com> xhci: Fix control transfer error on Etron xHCI host Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix out-of-bounds access of directory entries Namjae Jeon <linkinjeon(a)kernel.org> exfat: fix uninit-value in __exfat_get_dentry_set Angelo Dureghello <adureghello(a)baylibre.com> dt-bindings: iio: dac: ad3552r: fix maximum spi speed Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks Johan Hovold <johan+linaro(a)kernel.org> pinctrl: qcom: spmi: fix debugfs drive strength Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/nolibc: s390: include std.h Ahmed Ehab <bottaawesome633(a)gmail.com> locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Nicolas Bouchinet <nicolas.bouchinet(a)ssi.gouv.fr> tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Angelo Dureghello <adureghello(a)baylibre.com> iio: dac: adi-axi-dac: fix wrong register bitfield Jinjie Ruan <ruanjinjie(a)huawei.com> apparmor: test: Fix memory leak for aa_unpack_strdup() Jann Horn <jannh(a)google.com> comedi: Flush partial mappings in error case Jann Horn <jannh(a)google.com> fsnotify: Fix ordering of iput() and watched_objects decrement Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix sending inotify event with unexpected filename Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Gustavo A. R. Silva <gustavoars(a)kernel.org> clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Explicitly specify code model in Makefile Lukas Wunner <lukas(a)wunner.de> PCI: Fix use-after-free of slot->bus on hot remove Jan Hendrik Farr <kernel(a)jfarr.cc> Compiler Attributes: disable __counted_by for clang < 19.1.3 Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang <jingzhangos(a)google.com> KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Get rid of userspace_irqchip_in_use Kunkun Jiang <jiangkunkun(a)huawei.com> KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Oliver Upton <oliver.upton(a)linux.dev> KVM: arm64: Don't retire aborted MMIO instruction Raghavendra Rao Ananta <rananta(a)google.com> KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status Marc Zyngier <maz(a)kernel.org> KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Gautam Menghani <gautam(a)linux.ibm.com> powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Paolo Bonzini <pbonzini(a)redhat.com> KVM: x86: switch hugepage recovery thread to vhost_task Eric Biggers <ebiggers(a)google.com> crypto: x86/aegis128 - access 32-bit arguments as 32-bit Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix buffer full but size is 0 case Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> ASoC: da7213: Populate max_register to regmap_config Qiu-ji Chen <chenqiuji666(a)gmail.com> ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() Ilya Zverev <ilya(a)zverev.info> ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Artem Sadovnikov <ancowi69(a)gmail.com> jfs: xattr: check invalid xattr size more strictly Theodore Ts'o <tytso(a)mit.edu> ext4: fix FS_IOC_GETFSMAP handling Jeongjun Park <aha310510(a)gmail.com> ext4: supress data-race warnings in ext4_free_inodes_{count,set}() Matti Vaittinen <mazziesaccount(a)gmail.com> irqdomain: Always associate interrupts for legacy domains Manikanta Mylavarapu <quic_mmanikan(a)quicinc.com> soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Mikulas Patocka <mpatocka(a)redhat.com> dm-bufio: fix warnings about duplicate slab caches Mikulas Patocka <mpatocka(a)redhat.com> dm-cache: fix warnings about duplicate slab caches Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> usb: typec: ucsi: glink: fix off-by-one in connector_status Vitalii Mordan <mordan(a)ispras.ru> usb: ehci-spear: fix call balance of sehci clk handling routines Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Fix out of bounds reads when finding clock sources Benoît Sevens <bsevens(a)google.com> ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Qiu-ji Chen <chenqiuji666(a)gmail.com> xen: Fix the issue of resource not being properly released in xenbus_dev_probe() Jakub Kicinski <kuba(a)kernel.org> net_sched: sch_fq: don't follow the fast path if Tx is behind now Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix potential double remove of hotplug slot Nícolas F. R. A. Prado <nfraprado(a)collabora.com> ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Venkata Prasad Potturu <venkataprasad.potturu(a)amd.com> ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry Zichen Xie <zichenxie0106(a)gmail.com> ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() chao liu <liuzgyid(a)outlook.com> apparmor: fix 'Do simple duplicate message elimination' Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/ufence: Wake up waiters after setting ufence->signalled Charles Han <hanchunchao(a)inspur.com> ASoC: imx-audmix: Add NULL check in imx_audmix_probe Zicheng Qu <quzicheng(a)huawei.com> drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp Zicheng Qu <quzicheng(a)huawei.com> drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe Steven 'Steve' Kendall <skend(a)chromium.org> drm/radeon: Fix spurious unplug event on radeon HDMI Wu Hoi Pok <wuhoipok(a)gmail.com> drm/radeon: change rdev->ddev to rdev_to_drm(rdev) Wu Hoi Pok <wuhoipok(a)gmail.com> drm/radeon: add helper rdev_to_drm(rdev) Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Update ALC256 depop procedure Gaosheng Cui <cuigaosheng1(a)huawei.com> firmware_loader: Fix possible resource leak in fw_log_firmware_info() Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: fix potential array underflow in ucsi_ccg_sync_control() Carl Vanderlip <quic_carlv(a)quicinc.com> bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: ti-ecap-capture: Add check for clk_enable() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> counter: stm32-timer-cnt: Add check for clk_enable() Charles Han <hanchunchao(a)inspur.com> phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe Charles Han <hanchunchao(a)inspur.com> phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe Raviteja Laggyshetty <quic_rlaggysh(a)quicinc.com> interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: gadget: uvc: wake pump everytime we update the free list Keita Morisaki <keyz(a)google.com> devres: Fix page faults when tracing devres from unloaded modules Jinjie Ruan <ruanjinjie(a)huawei.com> misc: apds990x: Fix missing pm_runtime_disable() Edward Adam Davis <eadavis(a)qq.com> USB: chaoskey: Fix possible deadlock chaoskey_list_lock Oliver Neukum <oneukum(a)suse.com> USB: chaoskey: fail open after removal Oliver Neukum <oneukum(a)suse.com> usb: yurex: make waiting on yurex_write interruptible Jeongjun Park <aha310510(a)gmail.com> usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> iio: light: al3010: Fix an error handling path in al3010_probe() Paolo Abeni <pabeni(a)redhat.com> ipmr: fix tables suspicious RCU usage Paolo Abeni <pabeni(a)redhat.com> ip6mr: fix tables suspicious RCU usage Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Fix use-after-free of nreq in reqsk_timer_handler(). Michal Luczaj <mhal(a)rbox.co> rxrpc: Improve setsockopt() handling of malformed user input Michal Luczaj <mhal(a)rbox.co> llc: Improve setsockopt() handling of malformed user input Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix possible deadlocks Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Unregister PTP during PCI shutdown and suspend Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Refactor bnxt_ptp_init() Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix receive ring space parameters when XDP is active Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Set backplane link modes correctly for ethtool Saravanan Vajravel <saravanan.vajravel(a)broadcom.com> bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Eric Dumazet <edumazet(a)google.com> net: hsr: fix hsr_init_sk() vs network/transport headers. Csókás, Bence <csokas.bence(a)prolan.hu> spi: atmel-quadspi: Fix register name in verbose logging function Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Quiesce traffic before NIX block reset Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: fix stale FCFEC counters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: fix stale RSFEC counters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: Fix low network performance Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: RPM: Fix mismatch in lmac type Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken Vitalii Mordan <mordan(a)ispras.ru> marvell: pxa168_eth: fix call balance of pep->clk handling routines Rosen Penev <rosenp(a)gmail.com> net: mdio-ipq4019: add missing error check Hangbin Liu <liuhangbin(a)gmail.com> net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Sidraya Jayagond <sidraya(a)linux.ibm.com> s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: fix file being changed by unaligned direct write Jakub Kicinski <kuba(a)kernel.org> netlink: fix false positive warning in extack during dumps Guenter Roeck <linux(a)roeck-us.net> net: microchip: vcap: Add typegroup table terminators in kunit tests Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Pavan Chebbi <pavan.chebbi(a)broadcom.com> tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: lan78xx: Fix double free issue with interrupt buffer allocation ChiYuan Huang <cy_huang(a)richtek.com> power: supply: rt9471: Use IC status regfield to report real charger status ChiYuan Huang <cy_huang(a)richtek.com> power: supply: rt9471: Fix wrong WDT function regfield declaration Barnabás Czémán <barnabas.czeman(a)mainlining.org> power: supply: bq27xxx: Fix registers of bq27426 Bart Van Assche <bvanassche(a)acm.org> power: supply: core: Remove might_sleep() from power_supply_put() Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: BPF: Sign-extend return values Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Fix build failure with GCC 15 (-std=gnu23) Randy Dunlap <rdunlap(a)infradead.org> fs_parser: update mount_api doc to match function signature Avihai Horon <avihaih(a)nvidia.com> vfio/pci: Properly hide first-in-list PCIe extended capability Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: zevio: Add missed label initialisation Michael Ellerman <mpe(a)ellerman.id.au> selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Yishai Hadas <yishaih(a)nvidia.com> vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data() Yishai Hadas <yishaih(a)nvidia.com> vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix suboptimal range on iotlb iteration Lorenzo Bianconi <lorenzo(a)kernel.org> phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions Lorenzo Bianconi <lorenzo(a)kernel.org> phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll() Lorenzo Bianconi <lorenzo(a)kernel.org> phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l() Lorenzo Bianconi <lorenzo(a)kernel.org> phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out() Aleksa Savic <savicaleksa83(a)gmail.com> hwmon: (aquacomputer_d5next) Fix length of speed_input array Murad Masimov <m.masimov(a)maxima.ru> hwmon: (tps23861) Fix reporting of negative temperatures Chao Yu <chao(a)kernel.org> f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix nfsd4_shutdown_copy() Ye Bin <yebin10(a)huawei.com> svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Yang Erkun <yangerkun(a)huawei.com> nfsd: release svc_expkey/svc_export with rcu_work Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent NULL dereference in nfsd4_process_cb_update() Zhongqiu Han <quic_zhonhan(a)quicinc.com> PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' Sibi Sankar <quic_sibis(a)quicinc.com> remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Jonathan Marek <jonathan(a)marek.ca> rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> remoteproc: qcom: pas: add minidump_id to SM8350 resources Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> remoteproc: qcom: adsp: Remove subdevs on the error path of adsp_probe() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe() Benjamin Peterson <benjamin(a)engflow.com> perf trace: Avoid garbage when not printing a syscall's arguments Benjamin Peterson <benjamin(a)engflow.com> perf trace: Do not lose last events in a race Howard Chu <howardchu95(a)gmail.com> perf trace: Fix tracing itself, creating feedback loops Jean-Philippe Romain <jean-philippe.romain(a)foss.st.com> perf list: Fix topic and pmu_name argument order Jeff Layton <jlayton(a)kernel.org> nfsd: drop inode parameter from nfsd4_change_attribute() Chuck Lever <chuck.lever(a)oracle.com> svcrdma: Address an integer overflow Antonio Quartulli <antonio(a)mandelbit.com> m68k: coldfire/device.c: only build FEC when HW macros are defined Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Benjamin Peterson <benjamin(a)engflow.com> perf trace: avoid garbage when not printing a trace event's arguments Chao Yu <chao(a)kernel.org> f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode Chao Yu <chao(a)kernel.org> f2fs: fix to map blocks correctly for direct write Long Li <leo.lilong(a)huawei.com> f2fs: fix race in concurrent f2fs_stop_gc_thread Yicong Yang <yangyicong(a)hisilicon.com> perf build: Add missing cflags when building with custom libtraceevent Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Théo Lebrun <theo.lebrun(a)bootlin.com> PCI: j721e: Add suspend and resume support Thomas Richard <thomas.richard(a)bootlin.com> PCI: j721e: Use T_PERST_CLK_US macro Théo Lebrun <theo.lebrun(a)bootlin.com> PCI: j721e: Add reset GPIO to struct j721e_pcie Thomas Richard <thomas.richard(a)bootlin.com> PCI: cadence: Set cdns_pcie_host_init() global Thomas Richard <thomas.richard(a)bootlin.com> PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID Chao Yu <chao(a)kernel.org> f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() Zeng Heng <zengheng4(a)huawei.com> f2fs: Fix not used variable 'index' Yongpeng Yang <yangyongpeng1(a)oppo.com> f2fs: check curseg->inited before write_sum_page in change_curseg LongPing Wei <weilongping(a)oppo.com> f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Frank Li <Frank.Li(a)nxp.com> i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin Arnaldo Carvalho de Melo <acme(a)kernel.org> perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Hou Tao <houtao1(a)huawei.com> virtiofs: use pages instead of pointer for kernel direct IO Li Huafei <lihuafei1(a)huawei.com> perf disasm: Use disasm_line__free() to properly free disasm_line Francesco Zardi <frazar00(a)gmail.com> rust: block: fix formatting of `kernel::block::mq::request` module Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: cpqphp: Fix PCIBIOS_* return value confusion weiyufeng <weiyufeng(a)kylinos.cn> PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads Paolo Bonzini <pbonzini(a)redhat.com> rust: macros: fix documentation of the paste! macro Yutaro Ohno <yutaro.ono.418(a)gmail.com> rust: kernel: fix THIS_MODULE header path in ThisModule doc comment Leo Yan <leo.yan(a)arm.com> perf probe: Correct demangled symbols in C++ program Ian Rogers <irogers(a)google.com> perf probe: Fix libdw memory leak Veronika Molnarova <vmolnaro(a)redhat.com> perf dso: Fix symtab_type for kmod compression Chao Yu <chao(a)kernel.org> f2fs: fix to account dirty data in __get_secs_required() Ye Bin <yebin10(a)huawei.com> f2fs: fix null-ptr-deref in f2fs_submit_page_bio() Qi Han <hanqi(a)vivo.com> f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Veronika Molnarova <vmolnaro(a)redhat.com> perf test attr: Add back missing topdown events Michael Petlan <mpetlan(a)redhat.com> perf trace: Keep exited threads for summary Ian Rogers <irogers(a)google.com> perf stat: Fix affinity memory leaks on error path Levi Yun <yeoreum.yun(a)arm.com> perf stat: Close cork_fd when create_perf_stat_counter() failed Todd Kjos <tkjos(a)google.com> PCI: Fix reset_method_store() memory leak Thomas Falcon <thomas.falcon(a)intel.com> perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC} Ian Rogers <irogers(a)google.com> perf stat: Uniquify event name improvements Weilin Wang <weilin.wang(a)intel.com> perf test: Add test for Intel TPEBS counting mode Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Fix unlinked inode cleanup Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Allow immediate GLF_VERIFY_DELETE work Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE James Clark <james.clark(a)linaro.org> perf cs-etm: Don't flush when packet_queue fills up David Laight <David.Laight(a)ACULAB.COM> x86: fix off-by-one in access_ok() Dan Carpenter <dan.carpenter(a)linaro.org> mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() Yang Yingliang <yangyingliang(a)huawei.com> mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() Paul Aurich <paul(a)darkrain42.org> smb: cached directories can be more than root file handle Tomas Glozar <tglozar(a)redhat.com> rtla/timerlat: Do not set params->user_workload with -U zhang jiao <zhangjiao2(a)cmss.chinamobile.com> pinctrl: k210: Undef K210_PC_DEFAULT Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Nuno Sa <nuno.sa(a)analog.com> clk: clk-axi-clkgen: make sure to enable the AXI bus clock Nuno Sa <nuno.sa(a)analog.com> dt-bindings: clock: axi-clkgen: include AXI clk Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: fix estimation of fixed rate for EN7581 Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: introduce chip_scu regmap Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: move clock_register in hw_init callback Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Sergio Paracuellos <sergio.paracuellos(a)gmail.com> clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 Charles Han <hanchunchao(a)inspur.com> clk: clk-apple-nco: Add NULL check in applnco_probe Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Move events notifier registration to be after device registration Zhen Lei <thunder.leizhen(a)huawei.com> fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Zhang Zekun <zhangzekun11(a)huawei.com> powerpc/kexec: Fix return of uninitialized variable Kajol Jain <kjain(a)linux.ibm.com> KVM: PPC: Book3S HV: Fix kmv -> kvm typo Feng Fang <fangfeng4(a)huawei.com> RDMA/hns: Fix different dgids mapping to the same dip_idx Michal Suchanek <msuchanek(a)suse.de> powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells Gautam Menghani <gautam(a)linux.ibm.com> KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> dax: delete a stale directory pmem Dmitry Antipov <dmantipov(a)yandex.ru> ocfs2: fix uninitialized value in ocfs2_file_read_iter() Dan Carpenter <dan.carpenter(a)linaro.org> kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL Sabyrzhan Tasbolatov <snovitoll(a)gmail.com> kasan: move checks to do_strncpy_from_user Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> cpufreq: loongson3: Check for error code from devm_mutex_init() call Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix out-of-order issue of requester when setting FENCE Sourabh Jain <sourabhjain(a)linux.ibm.com> fadump: reserve param area if below boot_mem_top Hari Bathini <hbathini(a)linux.ibm.com> powerpc/fadump: allocate memory for additional parameters early Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Dynamically disable SEPT violations from causing #VEs Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Introduce wrappers to read and write TD metadata Bart Van Assche <bvanassche(a)acm.org> scsi: sg: Enable runtime power management Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Zhen Lei <thunder.leizhen(a)huawei.com> scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Zeng Heng <zengheng4(a)huawei.com> scsi: fusion: Remove unused variable 'rc' Ye Bin <yebin10(a)huawei.com> scsi: bfa: Fix use-after-free in bfad_im_module_exit() Baolin Liu <liubaolin(a)kylinos.cn> scsi: target: Fix incorrect function name in pscsi_create_type_disk() Mirsad Todorovac <mtodorovac69(a)gmail.com> fs/proc/kcore.c: fix coccinelle reported ERROR instances Raymond Hackley <raymondhackley(a)protonmail.com> leds: ktd2692: Set missing timing properties Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: max5970: Fix unreleased fwnode_handle in probe function Zhang Changzhong <zhangchangzhong(a)huawei.com> mfd: rt5033: Fix missing regmap_del_irq_chip() Tamir Duberstein <tamird(a)gmail.com> checkpatch: always parse orig_commit in fixes tag Zhenzhong Duan <zhenzhong.duan(a)intel.com> iommu/vt-d: Fix checks and print in pgtable_walk() Zhenzhong Duan <zhenzhong.duan(a)intel.com> iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() Yang Yingliang <yangyingliang(a)huawei.com> clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() Dong Aisheng <aisheng.dong(a)nxp.com> clk: imx: clk-scu: fix clk enable state save and restore Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: fix pll power up Peng Fan <peng.fan(a)nxp.com> clk: imx: fracn-gppll: correct PLL initialization flow Peng Fan <peng.fan(a)nxp.com> clk: imx: lpcg-scu: SW workaround for errata (e10858) Björn Töpel <bjorn(a)rivosinc.com> riscv: kvm: Fix out-of-bounds array access Yong-Xuan Wang <yongxuan.wang(a)sifive.com> RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Liu Jian <liujian56(a)huawei.com> RDMA/rxe: Set queue pair cur_qp_state when being queried Biju Das <biju.das.jz(a)bp.renesas.com> clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Andre Przywara <andre.przywara(a)arm.com> clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the qp flush warnings in req wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix cpu stuck caused by printings during reset Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Use dev_* printings in hem code instead of ibdev_* Yuyu Li <liyuyu6(a)huawei.com> RDMA/hns: Modify debugfs name wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix flush cqe error when racing with destroy qp wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Narrow the use of struct protection_domain to invalidation Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Store the nid in io_pgtable_cfg instead of the domain Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Rename struct amd_io_pgtable iopt to pgtbl Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Remove the amd_iommu_domain_set_pt_root() and related Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Remove amd_iommu_domain_update() from page table freeing Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() Jinjie Ruan <ruanjinjie(a)huawei.com> cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore Takahiro Kuwano <Takahiro.Kuwano(a)infineon.com> mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Zichen Xie <zichenxie0106(a)gmail.com> clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/mm/fault: Fix kfence page fault reporting Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: atmel: Fix possible memory leak Biju Das <biju.das.jz(a)bp.renesas.com> mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/fadump: Refactor and prepare fadump_cma_init for late init Yuan Can <yuancan(a)huawei.com> cpufreq: loongson2: Unregister platform_driver on failure Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication Matti Vaittinen <mazziesaccount(a)gmail.com> regmap: Allow setting IRQ domain name suffix Matti Vaittinen <mazziesaccount(a)gmail.com> irqdomain: Allow giving name suffix for domain Thomas Gleixner <tglx(a)linutronix.de> irqdomain: Cleanup domain name allocation Matti Vaittinen <mazziesaccount(a)gmail.com> irqdomain: Simplify simple and legacy domain creation Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device Marcus Folkesson <marcus.folkesson(a)gmail.com> mfd: da9052-spi: Change read-mask to write-mask Jinjie Ruan <ruanjinjie(a)huawei.com> mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Flag VDSO64 entry points as functions Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Matthew Rosato <mjrosato(a)linux.ibm.com> iommu/s390: Implement blocking domain Jonathan Marek <jonathan(a)marek.ca> clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650 Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> pinctrl: zynqmp: drop excess struct member description Levi Yun <yeoreum.yun(a)arm.com> trace/trace_event_perf: remove duplicate samples on the first tracepoint event Lukas Bulwahn <lukas.bulwahn(a)redhat.com> clk: mediatek: drop two dead config options Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset Chengchang Tang <tangchengchang(a)huawei.com> RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages Jie Zhan <zhanjie9(a)hisilicon.com> cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged André Almeida <andrealmeid(a)igalia.com> unicode: Fix utf8_load() error path Jiayuan Chen <mrpre(a)163.com> bpf: fix recursive lock when verdict program return SK_PASS Hangbin Liu <liuhangbin(a)gmail.com> wireguard: selftests: load nf_conntrack if not present Breno Leitao <leitao(a)debian.org> netpoll: Use rcu_access_pointer() in netpoll_poll_lock Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: fix null pointer to pcs Jiawen Wu <jiawenwu(a)trustnetic.com> net: txgbe: remove GPIO interrupt controller Jakub Kicinski <kuba(a)kernel.org> eth: fbnic: don't disable the PCI device twice Alexander Aring <aahringo(a)redhat.com> dlm: fix dlm_recover_members refcount on error Gao Xiang <xiang(a)kernel.org> erofs: handle NONHEAD !delta[1] lclusters gracefully Felix Maurer <fmaurer(a)redhat.com> xsk: Free skb when TX metadata options are invalid Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: fix use-after-free in device_for_each_child() Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Send BIG Create Sync via hci_sync Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending Iulia Tanasescu <iulia.tanasescu(a)nxp.com> Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: ISO: Use kref to track lifetime of iso_conn Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name() Chris Lu <chris.lu(a)mediatek.com> Bluetooth: btmtk: adjust the position to init iso data anchor Kiran K <kiran.k(a)intel.com> Bluetooth: btintel: Do no pass vendor events to stack Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Add handshake between driver and firmware guanjing <guanjing(a)cmss.chinamobile.com> selftests: netfilter: Fix missing return values in conntrack_dump_flush Igor Pylypiv <ipylypiv(a)google.com> i2c: dev: Fix memory leak when underlying adapter does not support I2C Takashi Iwai <tiwai(a)suse.de> ALSA: 6fire: Release resources at card release Takashi Iwai <tiwai(a)suse.de> ALSA: caiaq: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: us122l: Use snd_card_free_when_closed() at disconnection Takashi Iwai <tiwai(a)suse.de> ALSA: usx2y: Use snd_card_free_when_closed() at disconnection Xu Kuohai <xukuohai(a)huawei.com> bpf: Add kernel symbol for struct_ops trampoline Xu Kuohai <xukuohai(a)huawei.com> bpf: Use function pointers count as struct_ops links count Kalle Valo <kvalo(a)kernel.org> Revert "wifi: iwlegacy: do not skip frames with bad FCS" Mingwei Zheng <zmw12306(a)gmail.com> net: rfkill: gpio: Add check for clk_enable() Omid Ehtemam-Haghighi <omid.ehtemamhaghighi(a)menlosecurity.com> ipv6: Fix soft lockups in fib6_select_path under high next hop churn Viktor Malik <vmalik(a)redhat.com> selftests/bpf: skip the timer_lockup test for single-CPU nodes Jiri Olsa <jolsa(a)kernel.org> bpf: Force uprobe bpf program to always return 0 Jiri Olsa <jolsa(a)kernel.org> bpf: Allow return values 0 and 1 for kprobe session Yuan Can <yuancan(a)huawei.com> drm/amdkfd: Fix wrong usage of INIT_WORK() Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix map/unmap queue logic Yang Wang <kevinyang.wang(a)amd.com> drm/amdgpu: fix ACA bank count boundary check error Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: tell iwlmei when we finished suspending Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: allow fast resume on ax200 Lingbo Kong <quic_lingbok(a)quicinc.com> wifi: cfg80211: Remove the Medium Synchronization Delay validity check Paolo Abeni <pabeni(a)redhat.com> selftests: net: really check for bg process completion Paolo Abeni <pabeni(a)redhat.com> ipv6: release nexthop on device removal Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Fix sk_msg_reset_curr Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_pop_data Zijian Zhang <zijianzhang(a)bytedance.com> bpf, sockmap: Several fixes to bpf_msg_push_data Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix SENDPAGE data logic in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap Hao Ge <gehao(a)kylinos.cn> isofs: avoid memory leak in iocharset Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: Fix OPP refcnt leaks in devfreq initialisation Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: record current and maximum device clock frequencies Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panthor: introduce job cycle and timestamp accounting Adrián Larumbe <adrian.larumbe(a)collabora.com> drm/panfrost: Add missing OPP table refcnt decremental Pei Xiao <xiaopei01(a)kylinos.cn> wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() Maurice Lambert <mauricelambert434(a)gmail.com> netlink: typographical error in nlmsg_type constants definition Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: must hold rcu read lock while iterating object type list Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: must hold rcu read lock while iterating expression type list Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion Jonathan Gray <jsg(a)jsg.id.au> drm: use ATOMIC64_INIT() for atomic64_t Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Philo Lu <lulie(a)linux.alibaba.com> selftests/bpf: Add test for __nullable suffix in tp_btf Philo Lu <lulie(a)linux.alibaba.com> bpf: Support __nullable argument suffix for tp_btf Li Huafei <lihuafei1(a)huawei.com> drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() José Expósito <jose.exposito89(a)gmail.com> drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable Leon Hwang <leon.hwang(a)linux.dev> bpf, bpftool: Fix incorrect disasm pc Zichen Xie <zichenxie0106(a)gmail.com> drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() Linus Walleij <linus.walleij(a)linaro.org> wifi: cw1200: Fix potential NULL dereference Yuan Can <yuancan(a)huawei.com> wifi: wfx: Fix error handling in wfx_core_init() Steffen Dirkwinkel <s.dirkwinkel(a)beckhoff.com> drm: xlnx: zynqmp_disp: layer may be null while releasing Sean Anderson <sean.anderson(a)linux.dev> drm: zynqmp_kms: Unplug DRM device before removal Li Huafei <lihuafei1(a)huawei.com> drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Reduce HPD Detection Interval for IPS Roman Li <Roman.Li(a)amd.com> drm/amd/display: Increase idle worker HPD detection time Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: hold GPU lock across perfmon sampling Xiaolei Wang <xiaolei.wang(a)windriver.com> drm/etnaviv: Request pages from DMA32 zone on addressing_limited Suraj Kandpal <suraj.kandpal(a)intel.com> drm/xe/hdcp: Fix gsc structure check in fw check status Lukasz Luba <lukasz.luba(a)arm.com> drm/msm/gpu: Check the status of registration to PM QoS Jinjie Ruan <ruanjinjie(a)huawei.com> drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() Xu Kuohai <xukuohai(a)huawei.com> bpf, arm64: Remove garbage frame for struct_ops trampoline Steven Price <steven.price(a)arm.com> drm/panfrost: Remove unused id_mask from struct panfrost_model Andrii Nakryiko <andrii(a)kernel.org> libbpf: move global data mmap()'ing into bpf_object__load() Andrii Nakryiko <andrii(a)kernel.org> selftests/bpf: fix test_spin_lock_fail.c's global vars usage Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Dipendra Khadka <kdipendra88(a)gmail.com> octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: drop LM_3 / LM_4 on SDM845 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block Ryan Walklin <ryan(a)testtoast.com> drm: panel: nv3052c: correct spi_device_id for RG35XX panel Matthias Schiffer <matthias.schiffer(a)tq-group.com> drm: fsl-dcu: enable PIXCLK on LS1021A Alper Nebi Yasak <alpernebiyasak(a)gmail.com> wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Marek Vasut <marex(a)denx.de> wifi: wilc1000: Set MAC after operation mode Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap Zijian Zhang <zijianzhang(a)bytedance.com> selftests/bpf: Fix msg_verify_data in test_sockmap Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/bridge: tc358767: Fix link properties discovery Hangbin Liu <liuhangbin(a)gmail.com> netdevsim: copy addresses for both in and out paths Andrii Nakryiko <andrii(a)kernel.org> libbpf: never interpret subprogs in .text as entry programs Everest K.C <everestkc(a)everestkc.com.np> ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Prevent recovery invocation during probe and resume Andrii Nakryiko <andrii(a)kernel.org> libbpf: fix sym_is_subprog() logic for weak global subprogs Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: Correct generation check in vc4_hvs_lut_load Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load Maxime Ripard <mripard(a)kernel.org> drm/vc4: Introduce generation number enum Dom Cobley <popcornmix(a)gmail.com> drm/vc4: hdmi: Increase audio MAI fifo dreq threshold Jacob Keller <jacob.e.keller(a)intel.com> ice: consistently use q_idx in ice_vc_cfg_qs_msg() Karthikeyan Periyasamy <quic_periyasa(a)quicinc.com> wifi: cfg80211: check radio iface combination for multi radio per wiphy Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: add missing header include for htons Balaji Pothunoori <quic_bpothuno(a)quicinc.com> wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: Fix backtrace printing for selftests crashes Kui-Feng Lee <thinker.li(a)gmail.com> selftests/bpf: netns_new() and netns_free() helpers. Yuan Chen <chenyuan(a)kylinos.cn> bpf: Fix the xdp_adjust_tail sample prog issue Arnd Bergmann <arnd(a)arndb.de> wifi: ath12k: fix one more memcpy size error Rameshkumar Sundaram <quic_ramess(a)quicinc.com> wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: fix a memleak issue when driver is removed Martin Kaistra <martin.kaistra(a)linutronix.de> wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled Alexander Aring <aahringo(a)redhat.com> dlm: fix swapped args sb_flags vs sb_status Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Fix output .symtab byte-order during linking Tao Chen <chen.dylane(a)gmail.com> libbpf: Fix expected_attach_type set handling in program load callback Pin-yen Lin <treapking(a)chromium.org> drm/bridge: it6505: Drop EDID cache on bridge power off Pin-yen Lin <treapking(a)chromium.org> drm/bridge: anx7625: Drop EDID cache on bridge power off Geert Uytterhoeven <geert+renesas(a)glider.be> ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios Macpaul Lin <macpaul.lin(a)mediatek.com> ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_micfil: fix regmap_write_bits usage Igor Prusov <ivprusov(a)salutedevices.com> dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Ramya Gnanasekar <quic_rgnanase(a)quicinc.com> wifi: ath12k: Skip Rx TID cleanup for self peer Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Fix JPEG v4.0.3 register write Maíra Canal <mcanal(a)igalia.com> drm/v3d: Flush the MMU before we supply more memory to the binner Maíra Canal <mcanal(a)igalia.com> drm/v3d: Address race-condition in MMU flush Linus Walleij <linus.walleij(a)linaro.org> drm/panel: nt35510: Make new commands optional Alexander Stein <alexander.stein(a)ew.tq-group.com> drm/imx: Add missing DRM_BRIDGE_CONNECTOR dependency Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: parallel-display: switch to drm_panel_bridge Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: ldb: switch to drm_panel_bridge Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: ldb: drop custom DDC bus support Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: ldb: drop custom EDID support Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/imx: parallel-display: drop edid override support Jani Nikula <jani.nikula(a)intel.com> drm/ipuv3/parallel: convert to struct drm_edid Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() Huan Yang <link(a)vivo.com> udmabuf: fix vmap_udmabuf error page set Huan Yang <link(a)vivo.com> udmabuf: change folios array from kmalloc to kvmalloc Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() Jinjie Ruan <ruanjinjie(a)huawei.com> wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/v3d: Appease lockdep while updating GPU stats Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix locking in omap_gem_new_dmabuf() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> drm/omap: Fix possible NULL dereference Jeongjun Park <aha310510(a)gmail.com> wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Correct logic on stopping an HVS channel Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer Dom Cobley <popcornmix(a)gmail.com> drm/vc4: hdmi: Avoid hang with debug registers when suspended Dave Stevenson <dave.stevenson(a)raspberrypi.com> drm/vc4: hvs: Don't write gamma luts on 2711 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused Matt Coster <Matt.Coster(a)imgtec.com> drm/imagination: Use pvr_vm_context_get() Chen Yufan <chenyufan(a)vivo.com> drm/imagination: Convert to use time_before macro Yao Zi <ziyao(a)disroot.org> platform/x86: panasonic-laptop: Return errno correctly in show callback Vitaly Kuznetsov <vkuznets(a)redhat.com> HID: hyperv: streamline driver probe to avoid devres issues Chris Morgan <macromorgan(a)hotmail.com> arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Li Huafei <lihuafei1(a)huawei.com> media: atomisp: Add check for rgby_data memory allocation failure Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Assume a disabled PWM to emit a constant inactive output Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: sync with threaded IRQ during inst destruction Sergey Senozhatsky <senozhatsky(a)chromium.org> media: venus: fix enc/dec destruction order Bingbu Cao <bingbu.cao(a)intel.com> media: ipu6: not override the dma_ops of device in driver Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu6: Fix DMA and physical address debugging messages for 32-bit Luo Qiu <luoqiu(a)kylinsec.com.cn> firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Protect against array overrun during iMC config parsing Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Fix memory overflow due to unhandled wraparound Reinette Chatre <reinette.chatre(a)intel.com> selftests/resctrl: Print accurate buffer size as part of MBM results Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt6358: fix dtbs_check error AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs Frank Li <Frank.Li(a)nxp.com> arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: hihope: Drop #sound-dai-cells Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> regmap: irq: Set lockdep class for hierarchical IRQ domains Jinjie Ruan <ruanjinjie(a)huawei.com> spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: Avoid shift-out-of-bounds Zhang Zekun <zhangzekun11(a)huawei.com> pmdomain: ti-sci: Add missing of_node_put() for args.np Usama Arif <usamaarif642(a)gmail.com> of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Abel Vesa <abel.vesa(a)linaro.org> dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries Konrad Dybcio <konradybcio(a)kernel.org> arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers Niklas Schnelle <schnelle(a)linux.ibm.com> watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240 Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances Anurag Dutta <a-dutta(a)ti.com> arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances Jared McArthur <j-mcarthur(a)ti.com> arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Andre Przywara <andre.przywara(a)arm.com> ARM: dts: cubieboard4: Fix DCDC5 regulator constraints Clark Wang <xiaoning.wang(a)nxp.com> pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns Daolong Zhu <jg_daolongzhu(a)mediatek.corp-partner.google.com> arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns Heiko Stuebner <heiko(a)sntech.de> arm64: dts: rockchip: Remove 'enable-active-low' from two boards Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF Dragan Simic <dsimic(a)manjaro.org> regulator: rk808: Restrict DVS GPIOs to the RK808 variant only Chen Ridong <chenridong(a)huawei.com> cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen Ridong <chenridong(a)huawei.com> Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" Fei Shao <fshao(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI Fei Shao <fshao(a)chromium.org> arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad Nathan Morrisson <nmorrisson(a)phytec.com> arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs Randy Dunlap <rdunlap(a)infradead.org> kernel-doc: allow object-like macros in ReST output Sibi Sankar <quic_sibis(a)quicinc.com> arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4 Hsin-Te Yuan <yuanhsinte(a)chromium.org> arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 Colin Ian King <colin.i.king(a)gmail.com> media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> media: i2c: vgxy61: Fix an error handling path in vgxy61_detect() Gregory Price <gourry(a)gourry.net> tpm: fix signed/unsigned bug when checking event logs Jonathan Marek <jonathan(a)marek.ca> efi/libstub: fix efi_parse_options() ignoring the default command line Stafford Horne <shorne(a)gmail.com> openrisc: Implement fixmap to fix earlycon Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-vivobook-s15: Drop orientation-switch from USB SS[0-1] QMP PHYs Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs Chen-Yu Tsai <wenst(a)chromium.org> scripts/kernel-doc: Do not track section counter across processed files Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> mmc: mmc_spi: drop buggy snprintf() Andrei Simion <andrei.simion(a)microchip.com> ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() Jinjie Ruan <ruanjinjie(a)huawei.com> soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mt8195: Fix dtbs_check error for mutex node Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy Pablo Sun <pablo.sun(a)mediatek.com> arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain Michal Simek <michal.simek(a)amd.com> microblaze: Export xmb_manager functions Gaosheng Cui <cuigaosheng1(a)huawei.com> drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() Min-Hua Chen <minhuadotchen(a)gmail.com> regulator: qcom-smd: make smd_vreg_rpm static Javier Carrasco <javier.carrasco.cruz(a)gmail.com> clocksource/drivers/timer-ti-dm: Fix child node refcount handling Mark Brown <broonie(a)kernel.org> clocksource/drivers:sp804: Make user selectable Marco Elver <elver(a)google.com> kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Marco Elver <elver(a)google.com> kcsan, seqlock: Support seqcount_latch_t Uros Bizjak <ubizjak(a)gmail.com> locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu() Uros Bizjak <ubizjak(a)gmail.com> locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64() Miguel Ojeda <ojeda(a)kernel.org> time: Fix references to _msecs_to_jiffies() handling of values Miguel Ojeda <ojeda(a)kernel.org> time: Partially revert cleanup on msecs_to_jiffies() documentation Uros Bizjak <ubizjak(a)gmail.com> cleanup: Remove address space of returned pointer Carlos Llamas <cmllamas(a)google.com> Revert "scripts/faddr2line: Check only two symbols when calculating symbol size" Zheng Yejian <zhengyejian(a)huaweicloud.com> x86/unwind/orc: Fix unwind for newly forked tasks Daniel Lezcano <daniel.lezcano(a)linaro.org> thermal/lib: Fix memory leak on error in thermal_genl_auto() Daniel Lezcano <daniel.lezcano(a)linaro.org> tools/lib/thermal: Make more generic the command encoding function Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcuscale: Do a proper cleanup if kfree_scale_init() fails Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() Michal Suchanek <msuchanek(a)suse.de> crypto: aes-gcm-p10 - Use the correct bit to test for P10 Chen Ridong <chenridong(a)huawei.com> crypto: bcm - add error check in the ahash_hmac_init function Chen Ridong <chenridong(a)huawei.com> crypto: caam - add error check to caam_rsa_set_priv_key_form Lifeng Zheng <zhenglifeng1(a)huawei.com> ACPI: CPPC: Fix _CPC register setting issue Pei Xiao <xiaopei01(a)kylinos.cn> hwmon: (nct6775-core) Fix overflows seen when writing limit attributes Jerome Brunet <jbrunet(a)baylibre.com> hwmon: (pmbus/core) clear faults after setting smbalert mask Uladzislau Rezki (Sony) <urezki(a)gmail.com> rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu Michal Schmidt <mschmidt(a)redhat.com> rcu/srcutiny: don't return before reenabling preemption Baruch Siach <baruch(a)tkos.co.il> doc: rcu: update printed dynticks counter bits Christian Loehle <christian.loehle(a)arm.com> sched/cpufreq: Ensure sd is rebuilt for EAS check Li Huafei <lihuafei1(a)huawei.com> crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() Wang Hai <wanghai38(a)huawei.com> crypto: qat - Fix missing destroy_workqueue in adf_init_aer() Orange Kao <orange(a)aiven.io> EDAC/igen6: Avoid segmentation fault on module unload Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - disable same error report before resetting Gautham R. Shenoy <gautham.shenoy(a)amd.com> amd-pstate: Set min_perf to nominal_perf for active mode performance gov Mario Limonciello <mario.limonciello(a)amd.com> cpufreq/amd-pstate: Don't update CPPC request in amd_pstate_cpu_boost_update() Everest K.C <everestkc(a)everestkc.com.np> crypto: cavium - Fix the if condition to exit loop after timeout Yi Yang <yiyang13(a)huawei.com> crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Differentiate memory error sources Priyanka Singh <priyanka.singh(a)nxp.com> EDAC/fsl_ddr: Fix bad bit shift operations Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Fix race between zone registration and system suspend Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Mark thermal zones as initializing to start with Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Represent suspend-related thermal zone flags as bits Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Rearrange PM notification code Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Drop thermal_zone_device_is_enabled() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Initialize thermal zones before registering them Ahsan Atta <ahsan.atta(a)intel.com> crypto: qat - remove faulty arbiter config reset David Thompson <davthompson(a)nvidia.com> EDAC/bluefield: Fix potential integer overflow Yuan Can <yuancan(a)huawei.com> firmware: google: Unregister driver_info on failure Dan Carpenter <dan.carpenter(a)linaro.org> crypto: qat/qat_4xxx - fix off by one in uof_get_name() Dan Carpenter <dan.carpenter(a)linaro.org> crypto: qat/qat_420xx - fix off by one in uof_get_name() Danny Tsen <dtsen(a)linux.ibm.com> crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMDand re-enable CRYPTO_AES_GCM_P10 Danny Tsen <dtsen(a)linux.ibm.com> crypto: powerpc/p10-aes-gcm - Register modules as SIMD Cabiddu, Giovanni <giovanni.cabiddu(a)intel.com> crypto: qat - remove check after debugfs_create_dir() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> crypto: caam - Fix the pointer passed to caam_qi_shutdown() Tomas Paukrt <tomaspaukrt(a)email.cz> crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys Christoph Hellwig <hch(a)lst.de> virtio_blk: reverse request order in virtio_queue_rqs Christoph Hellwig <hch(a)lst.de> nvme-pci: reverse request order in nvme_queue_rqs Long Li <leo.lilong(a)huawei.com> ext4: fix race in buffer_head read fault injection Matthew Wilcox (Oracle) <willy(a)infradead.org> ext4: remove array of buffer_heads from mext_page_mkuptodate() Matthew Wilcox (Oracle) <willy(a)infradead.org> ext4: pipeline buffer reads in mext_page_mkuptodate() Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> hfsplus: don't query the device logical block size multiple times Masahiro Yamada <masahiroy(a)kernel.org> s390/syscalls: Avoid creation of arch/arch/ directory Christoph Hellwig <hch(a)lst.de> block: fix bio_split_rw_at to take zone_write_granularity into account Christoph Hellwig <hch(a)lst.de> block: take chunk_sectors into account in bio_split_write_zeroes Christoph Hellwig <hch(a)lst.de> block: properly handle REQ_OP_ZONE_APPEND in __bio_split_to_limits Christoph Hellwig <hch(a)lst.de> block: constify the lim argument to queue_limits_max_zone_append_sectors Zizhi Wo <wozizhi(a)huawei.com> netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix NULL pointer dereference in object->file Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter() Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter() Li Wang <liwang(a)redhat.com> loop: fix type of block size Aleksandr Mishin <amishin(a)t-argos.ru> acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Masahiro Yamada <masahiroy(a)kernel.org> arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Reinstate early console Daniel Palmer <daniel(a)0x0f.com> m68k: mvme147: Fix SCSI controller IRQ numbers Christoph Hellwig <hch(a)lst.de> nvme-pci: fix freeing of the HMB descriptor table Mark Brown <broonie(a)kernel.org> kselftest/arm64: Fix encoding for SVE B16B16 test Marc Zyngier <maz(a)kernel.org> arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers David Disseldorp <ddiss(a)suse.de> initramfs: avoid filename buffer overrun Jonas Gorski <jonas.gorski(a)gmail.com> mips: asm: fix warning when disabling MIPS_FP_SUPPORT Jan Kara <jack(a)suse.cz> ext4: avoid remount errors with 'abort' mount option Yang Erkun <yangerkun(a)huawei.com> brd: defer automatic disk creation until module initialization succeeds Ard Biesheuvel <ardb(a)kernel.org> x86/pvh: Call C code via the kernel virtual mapping Jason Andryuk <jason.andryuk(a)amd.com> x86/pvh: Set phys_base when calling xen_prepare_pvh() Heiko Carstens <hca(a)linux.ibm.com> s390/pageattr: Implement missing kernel_page_present() Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Do not unregister the subchannel based on DNV John Garry <john.g.garry(a)oracle.com> fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid() John Garry <john.g.garry(a)oracle.com> block/fs: Pass an iocb to generic_atomic_write_valid() Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about longs Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: mte: fix printf type warnings about __u64 Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: hwcap: fix f8dp2 cpuinfo name Kristina Martsenko <kristina.martsenko(a)arm.com> arm64: probes: Disable kprobes/uprobes on MOPS instructions Bill O'Donnell <bodonnel(a)redhat.com> efs: fix the efs new mount api implementation Gerd Bayer <gbayer(a)linux.ibm.com> s390/facilities: Fix warning about shadow of global variable Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix incorrect DSC recompute trigger Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Skip Invalid Streams from DSC Policy Xiuhong Wang <xiuhong.wang(a)unisoc.com> f2fs: fix fiemap failure issue when page size is 16KB Breno Leitao <leitao(a)debian.org> ipmr: Fix access to mfc_cache_list without lock held Linus Walleij <linus.walleij(a)linaro.org> ARM: 9434/1: cfi: Fix compilation corner case Harith G <harith.g(a)alifsemi.com> ARM: 9420/1: smp: Fix SMP for xip kernels Eryk Zagorski <erykzagorski(a)gmail.com> ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry Mark Brown <broonie(a)kernel.org> ASoC: max9768: Fix event generation for playback mute Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS Huacai Chen <chenhuacai(a)kernel.org> LoongArch: For all possible CPUs setup logical-physical CPU mapping John Watts <contact(a)jookia.org> ASoC: audio-graph-card2: Purge absent supplies for device tree nodes Gustavo A. R. Silva <gustavoars(a)kernel.org> integrity: Use static_assert() to check struct sizes David Wang <00107082(a)163.com> proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Hans de Goede <hdegoede(a)redhat.com> drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Luo Yifan <luoyifan(a)cmss.chinamobile.com> ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() Markus Petri <mp(a)mpetri.org> ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 Vishnu Sankar <vishnuocv(a)gmail.com> platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed Alexander Hölzl <alexander.hoelzl(a)gmx.net> can: j1939: fix error in J1939 documentation. zhang jiao <zhangjiao2(a)cmss.chinamobile.com> tools/lib/thermal: Remove the thermal.h soft link when doing make clean Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip Renato Caldas <renato(a)calgera.com> platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Kurt Borja <kuurtb(a)gmail.com> platform/x86: dell-smbios-base: Extends support to Alienware products Mikhail Rudenko <mike.rudenko(a)gmail.com> regulator: rk808: Add apply_bit for BUCK3 on RK809 Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Reject clear channel request on A2P Charles Han <hanchunchao(a)inspur.com> soc: qcom: Add check devm_kasprintf() returned value Benoît Monin <benoit.monin(a)gmx.fr> net: usb: qmi_wwan: add Quectel RG650V Jiayuan Chen <mrpre(a)163.com> bpf: fix filed access without lock Arnd Bergmann <arnd(a)arndb.de> x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: wcd937x: relax the AUX PDM watchdog Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: wcd937x: add missing LO Switch control Piyush Raj Chouhan <piyushchouhan1598(a)gmail.com> ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Li Zhijian <lizhijian(a)fujitsu.com> selftests/watchdog-test: Fix system accidentally reset after watchdog-test Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: typec: use cleanup facility for 'altmodes_node' Benjamin Große <ste3ls(a)gmail.com> usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Ben Greear <greearb(a)candelatech.com> mac80211: fix user-power when emulating chanctx Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: mvm: SAR table alignment Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: sst: Support LPE0F28 ACPI HID Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec Hans de Goede <hdegoede(a)redhat.com> ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() Alain Volmat <alain.volmat(a)foss.st.com> spi: stm32: fix missing device mode capability in stm32mp25 Gustavo A. R. Silva <gustavoars(a)kernel.org> wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Convert color collision detection to wiphy work Remi Pommarel <repk(a)triplefau.lt> wifi: cfg80211: Add wiphy_delayed_work_pending() Ben Greear <greearb(a)candelatech.com> wifi: mac80211: Fix setting txpower with emulate_chanctx ------------- Diffstat: Documentation/ABI/testing/sysfs-fs-f2fs | 7 +- Documentation/RCU/stallwarn.rst | 2 +- Documentation/arch/x86/boot.rst | 17 +- .../devicetree/bindings/cache/qcom,llcc.yaml | 38 ++- .../devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 +- .../devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 +- .../pinctrl/samsung,pinctrl-wakeup-interrupt.yaml | 19 +- .../devicetree/bindings/serial/rs485.yaml | 19 +- .../devicetree/bindings/sound/mt6359.yaml | 10 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Documentation/filesystems/mount_api.rst | 3 +- Documentation/locking/seqlock.rst | 2 +- Documentation/networking/j1939.rst | 2 +- Makefile | 4 +- arch/arc/kernel/devtree.c | 2 +- .../boot/dts/allwinner/sun9i-a80-cubieboard4.dts | 4 +- arch/arm/boot/dts/microchip/sam9x60.dtsi | 12 + arch/arm/boot/dts/renesas/r7s72100-genmai.dts | 2 +- arch/arm/boot/dts/ti/omap/omap36xx.dtsi | 1 + arch/arm/kernel/devtree.c | 2 +- arch/arm/kernel/head.S | 4 + arch/arm/kernel/psci_smp.c | 7 + arch/arm/mm/idmap.c | 7 + arch/arm/mm/proc-v7.S | 2 +- .../freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso | 29 +- arch/arm64/boot/dts/mediatek/mt6357.dtsi | 5 + arch/arm64/boot/dts/mediatek/mt6358.dtsi | 9 +- arch/arm64/boot/dts/mediatek/mt6359.dtsi | 5 + arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 + .../dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 + .../dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 + .../dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 + .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 30 +- .../boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 +- .../boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 +- .../boot/dts/mediatek/mt8186-corsola-voltorb.dtsi | 21 +- arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 8 +- arch/arm64/boot/dts/mediatek/mt8188.dtsi | 5 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 +- .../boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 +- arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 2 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 +- .../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 +- arch/arm64/boot/dts/qcom/sm6350.dtsi | 14 +- .../boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 - .../boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 4 - arch/arm64/boot/dts/qcom/x1e80100.dtsi | 8 +- arch/arm64/boot/dts/renesas/hihope-rev2.dtsi | 3 - arch/arm64/boot/dts/renesas/hihope-rev4.dtsi | 3 - .../rk3568-wolfvision-pf5-io-expander.dtso | 1 - .../boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 2 +- .../arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 1 - arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi | 2 - .../boot/dts/ti/k3-j7200-common-proc-board.dts | 2 +- arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 38 ++- arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 6 +- arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 6 +- arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi | 16 +- arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 6 +- arch/arm64/include/asm/insn.h | 1 + arch/arm64/include/asm/kvm_host.h | 2 - arch/arm64/kernel/cpufeature.c | 1 + arch/arm64/kernel/probes/decode-insn.c | 7 +- arch/arm64/kernel/process.c | 2 +- arch/arm64/kernel/setup.c | 6 +- arch/arm64/kernel/vmlinux.lds.S | 6 +- arch/arm64/kvm/arch_timer.c | 3 +- arch/arm64/kvm/arm.c | 18 +- arch/arm64/kvm/mmio.c | 32 +- arch/arm64/kvm/pmu-emul.c | 1 - arch/arm64/kvm/vgic/vgic-its.c | 32 +- arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 +- arch/arm64/kvm/vgic/vgic.h | 23 ++ arch/arm64/net/bpf_jit_comp.c | 47 ++- arch/csky/kernel/setup.c | 4 +- arch/loongarch/Makefile | 4 +- arch/loongarch/include/asm/page.h | 5 +- arch/loongarch/kernel/acpi.c | 81 +++-- arch/loongarch/kernel/setup.c | 2 +- arch/loongarch/kernel/smp.c | 3 +- arch/loongarch/net/bpf_jit.c | 2 +- arch/loongarch/vdso/Makefile | 2 +- arch/m68k/coldfire/device.c | 8 +- arch/m68k/include/asm/mcfgpio.h | 2 +- arch/m68k/include/asm/mvme147hw.h | 4 +- arch/m68k/kernel/early_printk.c | 5 +- arch/m68k/mvme147/config.c | 30 ++ arch/m68k/mvme147/mvme147.h | 6 + arch/microblaze/kernel/microblaze_ksyms.c | 10 + arch/microblaze/kernel/prom.c | 2 +- arch/mips/include/asm/switch_to.h | 2 +- arch/mips/kernel/prom.c | 2 +- arch/mips/kernel/relocate.c | 2 +- arch/nios2/kernel/prom.c | 4 +- arch/openrisc/Kconfig | 3 + arch/openrisc/include/asm/fixmap.h | 21 +- arch/openrisc/kernel/prom.c | 2 +- arch/openrisc/mm/init.c | 37 +++ arch/parisc/kernel/ftrace.c | 2 +- arch/powerpc/crypto/Kconfig | 2 +- arch/powerpc/crypto/aes-gcm-p10-glue.c | 141 +++++++-- arch/powerpc/include/asm/dtl.h | 4 +- arch/powerpc/include/asm/fadump.h | 9 + arch/powerpc/include/asm/kvm_book3s_64.h | 4 +- arch/powerpc/include/asm/sstep.h | 5 - arch/powerpc/include/asm/vdso.h | 1 + arch/powerpc/kernel/dt_cpu_ftrs.c | 2 +- arch/powerpc/kernel/fadump.c | 40 ++- arch/powerpc/kernel/prom.c | 5 +- arch/powerpc/kernel/setup-common.c | 6 +- arch/powerpc/kernel/setup_64.c | 1 + arch/powerpc/kexec/file_load_64.c | 9 +- arch/powerpc/kvm/book3s_hv.c | 14 +- arch/powerpc/kvm/book3s_hv_nested.c | 14 +- arch/powerpc/kvm/trace_hv.h | 2 +- arch/powerpc/lib/sstep.c | 12 +- arch/powerpc/mm/fault.c | 10 +- arch/powerpc/platforms/pseries/dtl.c | 8 +- arch/powerpc/platforms/pseries/lpar.c | 8 +- arch/powerpc/platforms/pseries/plpks.c | 2 +- arch/riscv/include/asm/cpufeature.h | 2 + arch/riscv/kernel/setup.c | 2 +- arch/riscv/kernel/traps_misaligned.c | 14 +- arch/riscv/kernel/unaligned_access_speed.c | 1 + arch/riscv/kvm/aia_aplic.c | 3 +- arch/riscv/kvm/vcpu_sbi.c | 11 +- arch/s390/include/asm/facility.h | 18 +- arch/s390/include/asm/pci.h | 4 +- arch/s390/include/asm/set_memory.h | 1 + arch/s390/kernel/syscalls/Makefile | 2 +- arch/s390/mm/pageattr.c | 15 + arch/s390/pci/pci.c | 37 +-- arch/s390/pci/pci_debug.c | 10 +- arch/sh/kernel/cpu/proc.c | 2 +- arch/sh/kernel/setup.c | 2 +- arch/um/drivers/net_kern.c | 2 +- arch/um/drivers/ubd_kern.c | 4 +- arch/um/drivers/vector_kern.c | 3 +- arch/um/kernel/dtb.c | 2 +- arch/um/kernel/physmem.c | 6 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/sysrq.c | 2 +- arch/x86/coco/tdx/tdx.c | 111 +++++-- arch/x86/crypto/aegis128-aesni-asm.S | 29 +- arch/x86/events/intel/pt.c | 11 +- arch/x86/events/intel/pt.h | 2 + arch/x86/include/asm/amd_nb.h | 5 +- arch/x86/include/asm/atomic64_32.h | 3 +- arch/x86/include/asm/cmpxchg_32.h | 6 +- arch/x86/include/asm/kvm_host.h | 4 +- arch/x86/include/asm/shared/tdx.h | 11 +- arch/x86/kernel/cpu/amd.c | 1 + arch/x86/kernel/cpu/common.c | 4 +- arch/x86/kernel/devicetree.c | 2 +- arch/x86/kernel/unwind_orc.c | 2 +- arch/x86/kvm/Kconfig | 1 + arch/x86/kvm/mmu/mmu.c | 68 ++-- arch/x86/kvm/mmu/spte.c | 18 +- arch/x86/platform/pvh/head.S | 22 +- arch/xtensa/kernel/setup.c | 2 +- block/bfq-iosched.c | 37 ++- block/blk-core.c | 18 +- block/blk-merge.c | 65 +++- block/blk-mq.c | 148 ++++++++- block/blk-mq.h | 13 + block/blk-settings.c | 7 + block/blk-sysfs.c | 6 +- block/blk-zoned.c | 14 +- block/blk.h | 34 +- block/elevator.c | 10 +- block/fops.c | 25 +- block/genhd.c | 24 +- crypto/pcrypt.c | 12 +- drivers/accel/ivpu/ivpu_ipc.c | 35 +- drivers/accel/ivpu/ivpu_ipc.h | 7 +- drivers/accel/ivpu/ivpu_jsm_msg.c | 19 +- drivers/acpi/arm64/gtdt.c | 2 +- drivers/acpi/cppc_acpi.c | 1 - drivers/base/firmware_loader/main.c | 5 +- drivers/base/regmap/regmap-irq.c | 41 ++- drivers/base/trace.h | 6 +- drivers/block/brd.c | 70 ++-- drivers/block/loop.c | 6 +- drivers/block/ublk_drv.c | 17 +- drivers/block/virtio_blk.c | 46 ++- drivers/bluetooth/btbcm.c | 4 +- drivers/bluetooth/btintel.c | 62 +++- drivers/bluetooth/btintel.h | 7 + drivers/bluetooth/btintel_pcie.c | 265 +++++++++++++++- drivers/bluetooth/btintel_pcie.h | 16 +- drivers/bluetooth/btmtk.c | 1 - drivers/bluetooth/btusb.c | 1 + drivers/bus/mhi/host/trace.h | 25 +- drivers/clk/clk-apple-nco.c | 3 + drivers/clk/clk-axi-clkgen.c | 22 +- drivers/clk/clk-en7523.c | 270 ++++++++++++---- drivers/clk/clk-loongson2.c | 6 +- drivers/clk/imx/clk-fracn-gppll.c | 10 +- drivers/clk/imx/clk-imx8-acm.c | 4 +- drivers/clk/imx/clk-lpcg-scu.c | 37 ++- drivers/clk/imx/clk-scu.c | 2 +- drivers/clk/mediatek/Kconfig | 15 - drivers/clk/qcom/Kconfig | 4 +- drivers/clk/ralink/clk-mtmips.c | 26 +- drivers/clk/renesas/rzg2l-cpg.c | 11 +- drivers/clk/sophgo/clk-sg2042-pll.c | 2 +- drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 +- drivers/clocksource/Kconfig | 3 +- drivers/clocksource/timer-ti-dm-systimer.c | 4 +- drivers/comedi/comedi_fops.c | 12 + drivers/counter/stm32-timer-cnt.c | 17 +- drivers/counter/ti-ecap-capture.c | 7 +- drivers/cpufreq/amd-pstate.c | 26 +- drivers/cpufreq/cppc_cpufreq.c | 63 +++- drivers/cpufreq/loongson2_cpufreq.c | 4 +- drivers/cpufreq/loongson3_cpufreq.c | 7 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/crypto/bcm/cipher.c | 5 +- drivers/crypto/caam/caampkc.c | 11 +- drivers/crypto/caam/qi.c | 2 +- drivers/crypto/cavium/cpt/cptpf_main.c | 6 +- drivers/crypto/hisilicon/hpre/hpre_main.c | 35 +- drivers/crypto/hisilicon/qm.c | 47 +-- drivers/crypto/hisilicon/sec2/sec_main.c | 35 +- drivers/crypto/hisilicon/zip/zip_main.c | 35 +- drivers/crypto/inside-secure/safexcel_hash.c | 2 +- .../crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 +- .../crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 +- drivers/crypto/intel/qat/qat_common/adf_aer.c | 5 +- drivers/crypto/intel/qat/qat_common/adf_dbgfs.c | 13 +- .../crypto/intel/qat/qat_common/adf_hw_arbiter.c | 4 - drivers/crypto/mxs-dcp.c | 20 +- drivers/dax/pmem/Makefile | 7 - drivers/dax/pmem/pmem.c | 10 - drivers/dma-buf/Kconfig | 1 + drivers/dma-buf/udmabuf.c | 44 +-- drivers/edac/bluefield_edac.c | 2 +- drivers/edac/fsl_ddr_edac.c | 22 +- drivers/edac/i10nm_base.c | 1 + drivers/edac/igen6_edac.c | 2 + drivers/edac/skx_common.c | 57 ++-- drivers/edac/skx_common.h | 8 + drivers/firmware/arm_scmi/common.h | 2 + drivers/firmware/arm_scmi/driver.c | 6 + drivers/firmware/arm_scpi.c | 3 + drivers/firmware/efi/libstub/efi-stub.c | 2 +- drivers/firmware/efi/tpm.c | 17 +- drivers/firmware/google/gsmi.c | 6 +- drivers/gpio/gpio-exar.c | 10 +- drivers/gpio/gpio-zevio.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 63 ++-- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 + drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 18 +- drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 32 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 4 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 11 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 15 +- .../gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 3 + .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 +- drivers/gpu/drm/bridge/analogix/anx7625.c | 2 + drivers/gpu/drm/bridge/ite-it6505.c | 2 + drivers/gpu/drm/bridge/tc358767.c | 7 + drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_mm.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 1 - drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 + drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 28 +- drivers/gpu/drm/fsl-dcu/Kconfig | 1 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 + drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 + drivers/gpu/drm/imagination/pvr_ccb.c | 2 +- drivers/gpu/drm/imagination/pvr_vm.c | 4 +- drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 +- drivers/gpu/drm/imx/ipuv3/Kconfig | 11 +- drivers/gpu/drm/imx/ipuv3/imx-ldb.c | 122 ++----- drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 6 +- drivers/gpu/drm/imx/ipuv3/parallel-display.c | 47 +-- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 +- .../drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 - .../gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 14 +- drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 9 +- drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 1 + drivers/gpu/drm/omapdrm/dss/base.c | 25 +- drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 +- drivers/gpu/drm/omapdrm/omap_drv.c | 4 +- drivers/gpu/drm/omapdrm/omap_gem.c | 10 +- drivers/gpu/drm/panel/panel-newvision-nv3052c.c | 2 +- drivers/gpu/drm/panel/panel-novatek-nt35510.c | 15 +- drivers/gpu/drm/panfrost/panfrost_devfreq.c | 3 +- drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 - drivers/gpu/drm/panthor/panthor_devfreq.c | 29 +- drivers/gpu/drm/panthor/panthor_device.h | 28 ++ drivers/gpu/drm/panthor/panthor_sched.c | 351 +++++++++++++++++---- drivers/gpu/drm/radeon/atombios_encoders.c | 2 +- drivers/gpu/drm/radeon/cik.c | 14 +- drivers/gpu/drm/radeon/dce6_afmt.c | 2 +- drivers/gpu/drm/radeon/evergreen.c | 12 +- drivers/gpu/drm/radeon/ni.c | 2 +- drivers/gpu/drm/radeon/r100.c | 24 +- drivers/gpu/drm/radeon/r300.c | 6 +- drivers/gpu/drm/radeon/r420.c | 6 +- drivers/gpu/drm/radeon/r520.c | 2 +- drivers/gpu/drm/radeon/r600.c | 12 +- drivers/gpu/drm/radeon/r600_cs.c | 2 +- drivers/gpu/drm/radeon/r600_dpm.c | 4 +- drivers/gpu/drm/radeon/r600_hdmi.c | 2 +- drivers/gpu/drm/radeon/radeon.h | 5 + drivers/gpu/drm/radeon/radeon_acpi.c | 10 +- drivers/gpu/drm/radeon/radeon_agp.c | 2 +- drivers/gpu/drm/radeon/radeon_atombios.c | 2 +- drivers/gpu/drm/radeon/radeon_audio.c | 14 +- drivers/gpu/drm/radeon/radeon_combios.c | 12 +- drivers/gpu/drm/radeon/radeon_device.c | 10 +- drivers/gpu/drm/radeon/radeon_display.c | 74 ++--- drivers/gpu/drm/radeon/radeon_fbdev.c | 26 +- drivers/gpu/drm/radeon/radeon_fence.c | 8 +- drivers/gpu/drm/radeon/radeon_gem.c | 2 +- drivers/gpu/drm/radeon/radeon_i2c.c | 2 +- drivers/gpu/drm/radeon/radeon_ib.c | 2 +- drivers/gpu/drm/radeon/radeon_irq_kms.c | 12 +- drivers/gpu/drm/radeon/radeon_object.c | 2 +- drivers/gpu/drm/radeon/radeon_pm.c | 20 +- drivers/gpu/drm/radeon/radeon_ring.c | 2 +- drivers/gpu/drm/radeon/radeon_ttm.c | 6 +- drivers/gpu/drm/radeon/rs400.c | 6 +- drivers/gpu/drm/radeon/rs600.c | 14 +- drivers/gpu/drm/radeon/rs690.c | 2 +- drivers/gpu/drm/radeon/rv515.c | 4 +- drivers/gpu/drm/radeon/rv770.c | 2 +- drivers/gpu/drm/radeon/si.c | 4 +- drivers/gpu/drm/v3d/v3d_drv.h | 1 + drivers/gpu/drm/v3d/v3d_irq.c | 2 + drivers/gpu/drm/v3d/v3d_mmu.c | 31 +- drivers/gpu/drm/v3d/v3d_sched.c | 44 ++- drivers/gpu/drm/vc4/tests/vc4_mock.c | 12 +- drivers/gpu/drm/vc4/vc4_bo.c | 28 +- drivers/gpu/drm/vc4/vc4_crtc.c | 13 +- drivers/gpu/drm/vc4/vc4_drv.c | 22 +- drivers/gpu/drm/vc4/vc4_drv.h | 8 +- drivers/gpu/drm/vc4/vc4_gem.c | 24 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 22 +- drivers/gpu/drm/vc4/vc4_hvs.c | 64 ++-- drivers/gpu/drm/vc4/vc4_irq.c | 10 +- drivers/gpu/drm/vc4/vc4_kms.c | 14 +- drivers/gpu/drm/vc4/vc4_perfmon.c | 20 +- drivers/gpu/drm/vc4/vc4_plane.c | 12 +- drivers/gpu/drm/vc4/vc4_render_cl.c | 2 +- drivers/gpu/drm/vc4/vc4_v3d.c | 10 +- drivers/gpu/drm/vc4/vc4_validate.c | 8 +- drivers/gpu/drm/vc4/vc4_validate_shaders.c | 2 +- drivers/gpu/drm/vkms/vkms_output.c | 5 +- drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 2 +- drivers/gpu/drm/xe/xe_sync.c | 6 +- drivers/gpu/drm/xlnx/zynqmp_disp.c | 3 + drivers/gpu/drm/xlnx/zynqmp_kms.c | 2 +- drivers/hid/hid-hyperv.c | 58 +++- drivers/hid/wacom_wac.c | 4 +- drivers/hwmon/aquacomputer_d5next.c | 2 +- drivers/hwmon/nct6775-core.c | 7 +- drivers/hwmon/pmbus/pmbus_core.c | 12 +- drivers/hwmon/tps23861.c | 2 +- drivers/i2c/i2c-dev.c | 17 +- drivers/i3c/master.c | 13 +- drivers/iio/dac/adi-axi-dac.c | 2 +- drivers/iio/industrialio-gts-helper.c | 2 +- drivers/iio/light/al3010.c | 11 +- drivers/infiniband/core/uverbs.h | 2 + drivers/infiniband/core/uverbs_main.c | 43 ++- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 +- drivers/infiniband/hw/hns/hns_roce_cq.c | 4 +- drivers/infiniband/hw/hns/hns_roce_debugfs.c | 3 +- drivers/infiniband/hw/hns/hns_roce_device.h | 14 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 48 +-- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 257 +++++++++------ drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 8 +- drivers/infiniband/hw/hns/hns_roce_main.c | 7 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 11 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 79 +++-- drivers/infiniband/hw/hns/hns_roce_srq.c | 4 +- drivers/infiniband/hw/mlx5/main.c | 40 ++- drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +- drivers/infiniband/sw/rxe/rxe_qp.c | 1 + drivers/infiniband/sw/rxe/rxe_req.c | 6 +- drivers/input/misc/cs40l50-vibra.c | 6 +- drivers/interconnect/qcom/icc-rpmh.c | 3 + drivers/iommu/amd/amd_iommu.h | 15 +- drivers/iommu/amd/amd_iommu_types.h | 5 +- drivers/iommu/amd/io_pgtable.c | 76 ++--- drivers/iommu/amd/io_pgtable_v2.c | 29 +- drivers/iommu/amd/iommu.c | 28 +- drivers/iommu/amd/pasid.c | 2 +- drivers/iommu/intel/iommu.c | 40 ++- drivers/iommu/s390-iommu.c | 75 +++-- drivers/irqchip/irq-mvebu-sei.c | 2 +- drivers/leds/flash/leds-ktd2692.c | 1 + drivers/leds/leds-max5970.c | 5 +- drivers/mailbox/arm_mhuv2.c | 8 +- drivers/mailbox/mtk-cmdq-mailbox.c | 2 +- drivers/mailbox/omap-mailbox.c | 1 + drivers/md/dm-bufio.c | 12 +- drivers/md/dm-cache-background-tracker.c | 25 +- drivers/md/dm-cache-background-tracker.h | 8 + drivers/md/dm-cache-target.c | 25 +- drivers/media/i2c/adv7604.c | 5 +- drivers/media/i2c/adv7842.c | 13 +- drivers/media/i2c/ds90ub960.c | 2 +- drivers/media/i2c/vgxy61.c | 2 +- drivers/media/pci/intel/ipu6/ipu6-bus.c | 6 - drivers/media/pci/intel/ipu6/ipu6-buttress.c | 34 +- drivers/media/pci/intel/ipu6/ipu6-cpd.c | 18 +- drivers/media/pci/intel/ipu6/ipu6-dma.c | 202 ++++++------ drivers/media/pci/intel/ipu6/ipu6-dma.h | 34 +- drivers/media/pci/intel/ipu6/ipu6-fw-com.c | 14 +- drivers/media/pci/intel/ipu6/ipu6-mmu.c | 28 +- drivers/media/pci/intel/ipu6/ipu6.c | 3 + drivers/media/platform/qcom/venus/vdec.c | 19 +- drivers/media/platform/qcom/venus/venc.c | 18 +- drivers/media/radio/wl128x/fmdrv_common.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 132 ++++---- drivers/message/fusion/mptsas.c | 4 +- drivers/mfd/da9052-spi.c | 2 +- drivers/mfd/intel_soc_pmic_bxtwc.c | 144 +++++---- drivers/mfd/rt5033.c | 4 +- drivers/mfd/tps65010.c | 8 +- drivers/misc/apds990x.c | 12 +- drivers/misc/lkdtm/bugs.c | 2 +- drivers/mmc/host/mmc_spi.c | 9 +- drivers/mtd/hyperbus/rpc-if.c | 7 + drivers/mtd/nand/raw/atmel/pmecc.c | 8 +- drivers/mtd/nand/raw/atmel/pmecc.h | 2 - drivers/mtd/spi-nor/core.c | 2 +- drivers/mtd/spi-nor/spansion.c | 1 + drivers/mtd/ubi/attach.c | 12 +- drivers/mtd/ubi/fastmap-wl.c | 19 +- drivers/mtd/ubi/vmt.c | 2 + drivers/mtd/ubi/wl.c | 11 +- drivers/mtd/ubi/wl.h | 3 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 30 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 9 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 3 +- drivers/net/ethernet/broadcom/tg3.c | 3 + drivers/net/ethernet/google/gve/gve_adminq.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 +- drivers/net/ethernet/intel/ice/ice_virtchnl.c | 21 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 70 +++- drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 5 + .../ethernet/marvell/octeontx2/af/lmac_common.h | 7 +- drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 87 +++-- drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 18 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 1 + drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 + .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 45 ++- drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 + .../ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 + .../ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 + .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 + drivers/net/ethernet/marvell/pxa168_eth.c | 14 +- drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 - .../net/ethernet/microchip/vcap/vcap_api_kunit.c | 17 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 + drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 24 +- drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 1 - drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 168 +--------- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h | 2 - drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 7 +- drivers/net/mdio/mdio-ipq4019.c | 5 +- drivers/net/netdevsim/ipsec.c | 11 +- drivers/net/usb/lan78xx.c | 42 +-- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/r8152.c | 1 + drivers/net/wireless/ath/ath10k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/qmi.c | 3 + drivers/net/wireless/ath/ath12k/dp.c | 19 +- drivers/net/wireless/ath/ath12k/mac.c | 5 +- drivers/net/wireless/ath/ath12k/wow.c | 2 +- drivers/net/wireless/ath/ath9k/htc_hst.c | 3 + drivers/net/wireless/ath/wil6210/txrx.c | 2 +- .../net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 +- drivers/net/wireless/intel/ipw2x00/ipw2100.c | 2 +- drivers/net/wireless/intel/ipw2x00/ipw2200.h | 2 +- drivers/net/wireless/intel/iwlegacy/3945.c | 2 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 96 +++--- drivers/net/wireless/intel/iwlwifi/fw/init.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 +- drivers/net/wireless/intersil/p54/p54spi.c | 4 +- drivers/net/wireless/marvell/libertas/radiotap.h | 4 +- drivers/net/wireless/marvell/mwifiex/fw.h | 2 +- drivers/net/wireless/marvell/mwifiex/main.c | 4 +- drivers/net/wireless/microchip/wilc1000/mon.c | 4 +- drivers/net/wireless/microchip/wilc1000/netdev.c | 6 +- drivers/net/wireless/realtek/rtl8xxxu/core.c | 6 +- drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 +- drivers/net/wireless/realtek/rtw89/coex.c | 4 + drivers/net/wireless/silabs/wfx/main.c | 17 +- drivers/net/wireless/st/cw1200/cw1200_spi.c | 2 +- drivers/net/wireless/virtual/mac80211_hwsim.c | 4 +- drivers/nvme/host/core.c | 5 + drivers/nvme/host/multipath.c | 33 +- drivers/nvme/host/pci.c | 55 ++-- drivers/of/fdt.c | 14 +- drivers/of/kexec.c | 2 +- drivers/pci/controller/cadence/pci-j721e.c | 100 +++++- drivers/pci/controller/cadence/pcie-cadence-host.c | 44 ++- drivers/pci/controller/cadence/pcie-cadence.h | 12 + drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 +- drivers/pci/controller/dwc/pcie-tegra194.c | 7 +- drivers/pci/endpoint/functions/pci-epf-mhi.c | 6 + drivers/pci/hotplug/cpqphp_pci.c | 19 +- drivers/pci/pci.c | 5 +- drivers/pci/slot.c | 4 +- drivers/perf/arm-cmn.c | 4 +- drivers/perf/arm_smmuv3_pmu.c | 19 +- drivers/phy/phy-airoha-pcie-regs.h | 6 +- drivers/phy/phy-airoha-pcie.c | 8 +- drivers/phy/realtek/phy-rtk-usb2.c | 2 + drivers/phy/realtek/phy-rtk-usb3.c | 2 + drivers/pinctrl/pinctrl-k210.c | 2 +- drivers/pinctrl/pinctrl-zynqmp.c | 1 - drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 +- drivers/pinctrl/renesas/Kconfig | 1 + drivers/platform/chrome/cros_ec_typec.c | 1 + drivers/platform/x86/dell/dell-smbios-base.c | 1 + drivers/platform/x86/dell/dell-wmi-base.c | 6 + drivers/platform/x86/ideapad-laptop.c | 3 + drivers/platform/x86/intel/bxtwc_tmu.c | 22 +- drivers/platform/x86/panasonic-laptop.c | 10 +- drivers/platform/x86/thinkpad_acpi.c | 28 +- drivers/pmdomain/ti/ti_sci_pm_domains.c | 4 + drivers/power/sequencing/Kconfig | 1 + drivers/power/supply/bq27xxx_battery.c | 37 ++- drivers/power/supply/power_supply_core.c | 2 - drivers/power/supply/rt9471.c | 52 +-- drivers/pwm/core.c | 10 +- drivers/pwm/pwm-imx27.c | 98 +++++- drivers/regulator/qcom_smd-regulator.c | 2 +- drivers/regulator/rk808-regulator.c | 17 +- drivers/remoteproc/qcom_q6v5_adsp.c | 11 +- drivers/remoteproc/qcom_q6v5_mss.c | 6 +- drivers/remoteproc/qcom_q6v5_pas.c | 22 +- drivers/rpmsg/qcom_glink_native.c | 3 +- drivers/rtc/interface.c | 7 +- drivers/rtc/rtc-ab-eoz9.c | 7 - drivers/rtc/rtc-abx80x.c | 2 +- drivers/rtc/rtc-rzn1.c | 8 +- drivers/rtc/rtc-st-lpc.c | 5 +- drivers/s390/cio/cio.c | 6 +- drivers/s390/cio/device.c | 18 +- drivers/scsi/bfa/bfad.c | 3 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 8 +- drivers/scsi/qedf/qedf_main.c | 1 + drivers/scsi/qedi/qedi_main.c | 1 + drivers/scsi/sg.c | 9 +- drivers/sh/intc/core.c | 2 +- drivers/soc/fsl/rcpm.c | 1 + drivers/soc/qcom/qcom-geni-se.c | 3 +- drivers/soc/qcom/socinfo.c | 8 +- drivers/soc/ti/smartreflex.c | 4 +- drivers/soc/xilinx/xlnx_event_manager.c | 4 +- drivers/spi/atmel-quadspi.c | 2 +- drivers/spi/spi-fsl-lpspi.c | 12 +- drivers/spi/spi-stm32.c | 1 + drivers/spi/spi-tegra210-quad.c | 2 +- drivers/spi/spi-zynqmp-gqspi.c | 2 + drivers/spi/spi.c | 13 +- drivers/staging/media/atomisp/pci/sh_css_params.c | 2 + .../vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 +- drivers/target/target_core_pscsi.c | 2 +- drivers/thermal/thermal_core.c | 133 ++++---- drivers/thermal/thermal_core.h | 15 +- drivers/thermal/thermal_sysfs.c | 2 +- drivers/tty/serial/8250/8250_fintek.c | 14 +- drivers/tty/serial/8250/8250_omap.c | 4 +- drivers/tty/serial/amba-pl011.c | 7 + drivers/tty/tty_io.c | 2 +- drivers/usb/dwc3/ep0.c | 2 +- drivers/usb/dwc3/gadget.c | 15 +- drivers/usb/gadget/composite.c | 18 +- drivers/usb/gadget/function/uvc_video.c | 4 + drivers/usb/host/ehci-spear.c | 7 +- drivers/usb/host/xhci-pci.c | 10 +- drivers/usb/host/xhci-ring.c | 73 ++++- drivers/usb/host/xhci.c | 40 ++- drivers/usb/host/xhci.h | 3 + drivers/usb/misc/chaoskey.c | 35 +- drivers/usb/misc/iowarrior.c | 50 ++- drivers/usb/misc/usb-ljca.c | 20 +- drivers/usb/misc/yurex.c | 5 +- drivers/usb/musb/musb_gadget.c | 13 +- drivers/usb/typec/class.c | 6 +- drivers/usb/typec/tcpm/wcove.c | 4 - drivers/usb/typec/ucsi/ucsi_ccg.c | 5 + drivers/usb/typec/ucsi/ucsi_glink.c | 2 +- drivers/vdpa/mlx5/core/mr.c | 4 +- drivers/vfio/pci/mlx5/cmd.c | 6 +- drivers/vfio/pci/mlx5/main.c | 35 +- drivers/vfio/pci/vfio_pci_config.c | 16 +- drivers/video/fbdev/sh7760fb.c | 3 +- drivers/watchdog/Kconfig | 4 +- drivers/xen/xenbus/xenbus_probe.c | 8 +- fs/binfmt_elf.c | 2 + fs/binfmt_elf_fdpic.c | 5 +- fs/binfmt_misc.c | 7 +- fs/cachefiles/interface.c | 14 +- fs/cachefiles/ondemand.c | 38 ++- fs/dlm/ast.c | 2 +- fs/dlm/recoverd.c | 2 +- fs/efs/super.c | 43 +-- fs/erofs/zmap.c | 17 +- fs/exec.c | 45 ++- fs/exfat/file.c | 10 + fs/exfat/namei.c | 21 +- fs/ext4/balloc.c | 4 +- fs/ext4/ext4.h | 12 +- fs/ext4/extents.c | 2 +- fs/ext4/fsmap.c | 54 +++- fs/ext4/ialloc.c | 5 +- fs/ext4/indirect.c | 2 +- fs/ext4/inode.c | 4 +- fs/ext4/mballoc.c | 18 +- fs/ext4/mballoc.h | 1 + fs/ext4/mmp.c | 2 +- fs/ext4/move_extent.c | 43 ++- fs/ext4/resize.c | 2 +- fs/ext4/super.c | 42 ++- fs/f2fs/checkpoint.c | 4 +- fs/f2fs/data.c | 29 +- fs/f2fs/debug.c | 2 +- fs/f2fs/f2fs.h | 3 +- fs/f2fs/file.c | 23 +- fs/f2fs/gc.c | 2 + fs/f2fs/node.c | 14 +- fs/f2fs/segment.c | 5 +- fs/f2fs/segment.h | 35 +- fs/f2fs/super.c | 37 ++- fs/fuse/file.c | 62 ++-- fs/fuse/fuse_i.h | 6 + fs/fuse/virtio_fs.c | 1 + fs/gfs2/glock.c | 19 +- fs/gfs2/glock.h | 1 + fs/gfs2/incore.h | 2 +- fs/gfs2/rgrp.c | 2 +- fs/gfs2/super.c | 2 +- fs/hfsplus/hfsplus_fs.h | 3 +- fs/hfsplus/wrapper.c | 2 + fs/isofs/inode.c | 8 +- fs/jffs2/erase.c | 7 +- fs/jfs/xattr.c | 2 +- fs/netfs/fscache_volume.c | 3 +- fs/nfs/blocklayout/blocklayout.c | 15 +- fs/nfs/blocklayout/dev.c | 6 +- fs/nfs/internal.h | 2 +- fs/nfs/nfs4proc.c | 8 +- fs/nfs/write.c | 49 +-- fs/nfsd/export.c | 31 +- fs/nfsd/export.h | 4 +- fs/nfsd/nfs4callback.c | 16 +- fs/nfsd/nfs4proc.c | 7 +- fs/nfsd/nfs4recover.c | 3 +- fs/nfsd/nfs4state.c | 5 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfsfh.c | 20 +- fs/nfsd/nfsfh.h | 3 +- fs/notify/fsnotify.c | 23 +- fs/notify/mark.c | 12 +- fs/ocfs2/aops.h | 2 + fs/ocfs2/file.c | 4 + fs/proc/kcore.c | 10 +- fs/proc/softirqs.c | 2 +- fs/read_write.c | 15 +- fs/smb/client/cached_dir.c | 229 +++++++++----- fs/smb/client/cached_dir.h | 6 +- fs/smb/client/cifsfs.c | 12 +- fs/smb/client/cifsglob.h | 4 +- fs/smb/client/cifsproto.h | 1 + fs/smb/client/connect.c | 59 +++- fs/smb/client/fs_context.c | 85 ++++- fs/smb/client/fs_context.h | 1 + fs/smb/client/inode.c | 4 +- fs/smb/client/reparse.c | 95 +++++- fs/smb/client/reparse.h | 6 +- fs/smb/client/smb1ops.c | 4 +- fs/smb/client/smb2file.c | 21 +- fs/smb/client/smb2inode.c | 6 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/client/smb2pdu.c | 4 +- fs/smb/client/smb2proto.h | 9 +- fs/smb/client/trace.h | 3 + fs/smb/server/server.c | 4 + fs/ubifs/super.c | 6 +- fs/ubifs/tnc_commit.c | 2 + fs/unicode/utf8-core.c | 2 +- include/asm-generic/vmlinux.lds.h | 4 +- include/kunit/skbuff.h | 2 +- include/linux/blk-mq.h | 2 + include/linux/blkdev.h | 15 +- include/linux/bpf.h | 9 +- include/linux/cleanup.h | 4 +- include/linux/compiler_attributes.h | 13 - include/linux/compiler_types.h | 19 ++ include/linux/f2fs_fs.h | 6 +- include/linux/fs.h | 2 +- include/linux/hisi_acc_qm.h | 8 +- include/linux/io-pgtable.h | 4 + include/linux/irqdomain.h | 8 + include/linux/jiffies.h | 2 +- include/linux/kfifo.h | 1 - include/linux/kvm_host.h | 6 - include/linux/lockdep.h | 2 +- include/linux/mmdebug.h | 6 +- include/linux/netpoll.h | 2 +- include/linux/of_fdt.h | 5 +- include/linux/once.h | 4 +- include/linux/once_lite.h | 2 +- include/linux/rcupdate.h | 2 +- include/linux/regmap.h | 4 + include/linux/seqlock.h | 98 ++++-- include/media/v4l2-dv-timings.h | 18 +- include/net/bluetooth/hci.h | 4 +- include/net/bluetooth/hci_core.h | 63 ++++ include/net/cfg80211.h | 44 +++ include/net/ieee80211_radiotap.h | 37 ++- include/net/net_debug.h | 2 +- include/rdma/ib_verbs.h | 8 + include/uapi/linux/rtnetlink.h | 2 +- init/Kconfig | 9 + init/initramfs.c | 15 + io_uring/memmap.c | 11 +- ipc/namespace.c | 4 +- kernel/bpf/bpf_struct_ops.c | 114 ++++++- kernel/bpf/btf.c | 6 + kernel/bpf/dispatcher.c | 3 +- kernel/bpf/trampoline.c | 9 +- kernel/bpf/verifier.c | 139 +++++++- kernel/cgroup/cgroup.c | 21 +- kernel/fork.c | 26 +- kernel/irq/irqdomain.c | 202 +++++++----- kernel/rcu/rcuscale.c | 6 +- kernel/rcu/srcutiny.c | 2 +- kernel/rcu/tree.c | 14 +- kernel/sched/cpufreq_schedutil.c | 3 +- kernel/time/time.c | 4 +- kernel/trace/bpf_trace.c | 5 +- kernel/trace/trace_event_perf.c | 6 + lib/overflow_kunit.c | 2 +- lib/string_helpers.c | 2 +- lib/strncpy_from_user.c | 5 +- mm/internal.h | 2 +- net/9p/trans_xen.c | 9 +- net/bluetooth/hci_conn.c | 225 ++++++++++--- net/bluetooth/hci_event.c | 39 ++- net/bluetooth/hci_sysfs.c | 15 +- net/bluetooth/iso.c | 101 ++++-- net/bluetooth/mgmt.c | 38 ++- net/bluetooth/rfcomm/sock.c | 10 +- net/core/filter.c | 88 +++--- net/core/netdev-genl.c | 2 + net/core/skmsg.c | 4 +- net/hsr/hsr_device.c | 4 +- net/ipv4/inet_connection_sock.c | 2 +- net/ipv4/ipmr.c | 44 ++- net/ipv4/ipmr_base.c | 3 +- net/ipv4/tcp_bpf.c | 7 +- net/ipv6/addrconf.c | 41 ++- net/ipv6/ip6_fib.c | 8 +- net/ipv6/ip6mr.c | 40 ++- net/ipv6/route.c | 51 +-- net/iucv/af_iucv.c | 26 +- net/llc/af_llc.c | 2 +- net/mac80211/cfg.c | 22 +- net/mac80211/ieee80211_i.h | 5 +- net/mac80211/link.c | 7 +- net/mac80211/main.c | 2 + net/netfilter/ipset/ip_set_bitmap_ip.c | 7 +- net/netfilter/nf_tables_api.c | 62 ++-- net/netlink/af_netlink.c | 21 +- net/rfkill/rfkill-gpio.c | 8 +- net/rxrpc/af_rxrpc.c | 7 +- net/sched/sch_fq.c | 6 + net/sunrpc/cache.c | 4 +- net/sunrpc/svcsock.c | 4 + net/sunrpc/xprtrdma/svc_rdma.c | 19 +- net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 +- net/sunrpc/xprtsock.c | 17 +- net/wireless/core.c | 71 ++++- net/wireless/mlme.c | 6 - net/wireless/nl80211.c | 1 + net/xdp/xsk.c | 11 +- rust/kernel/block/mq/request.rs | 67 ++-- rust/kernel/lib.rs | 2 +- rust/macros/lib.rs | 2 +- samples/bpf/xdp_adjust_tail_kern.c | 1 + samples/kfifo/dma-example.c | 1 + scripts/checkpatch.pl | 37 +-- scripts/faddr2line | 2 +- scripts/kernel-doc | 47 ++- scripts/mod/file2alias.c | 5 +- scripts/package/builddeb | 20 +- security/apparmor/capability.c | 2 + security/apparmor/policy_unpack_test.c | 6 + security/integrity/integrity.h | 4 + sound/core/pcm_native.c | 6 +- sound/core/rawmidi.c | 4 +- sound/core/sound_kunit.c | 11 + sound/core/ump.c | 5 +- sound/hda/intel-dsp-config.c | 4 + sound/pci/hda/patch_realtek.c | 155 ++++----- sound/soc/amd/yc/acp6x-mach.c | 32 +- sound/soc/codecs/da7213.c | 1 + sound/soc/codecs/da7219.c | 9 +- sound/soc/codecs/max9768.c | 11 +- sound/soc/codecs/rt5640.c | 27 +- sound/soc/codecs/rt722-sdca.c | 8 +- sound/soc/codecs/tas2781-fmwlib.c | 1 + sound/soc/codecs/wcd937x.c | 12 +- sound/soc/codecs/wcd937x.h | 4 + sound/soc/fsl/fsl-asoc-card.c | 8 +- sound/soc/fsl/fsl_micfil.c | 4 +- sound/soc/fsl/imx-audmix.c | 3 + sound/soc/generic/audio-graph-card2.c | 3 + sound/soc/intel/atom/sst/sst_acpi.c | 64 +++- sound/soc/intel/boards/bytcr_rt5640.c | 48 ++- sound/soc/mediatek/mt8188/mt8188-mt6359.c | 9 +- .../mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c | 4 +- sound/soc/mediatek/mt8195/mt8195-mt6359.c | 9 +- sound/soc/stm/stm32_sai_sub.c | 6 +- sound/usb/6fire/chip.c | 10 +- sound/usb/caiaq/audio.c | 10 +- sound/usb/caiaq/audio.h | 1 + sound/usb/caiaq/device.c | 19 +- sound/usb/caiaq/input.c | 12 +- sound/usb/caiaq/input.h | 1 + sound/usb/clock.c | 24 +- sound/usb/quirks-table.h | 14 +- sound/usb/quirks.c | 27 +- sound/usb/usx2y/us122l.c | 5 +- sound/usb/usx2y/usbusx2y.c | 2 +- tools/bpf/bpftool/jit_disasm.c | 40 ++- tools/include/nolibc/arch-s390.h | 1 + tools/lib/bpf/libbpf.c | 99 +++--- tools/lib/bpf/linker.c | 2 + tools/lib/thermal/Makefile | 4 +- tools/lib/thermal/commands.c | 52 ++- tools/perf/Makefile.config | 2 +- tools/perf/builtin-ftrace.c | 2 +- tools/perf/builtin-list.c | 4 +- tools/perf/builtin-stat.c | 52 ++- tools/perf/builtin-trace.c | 23 +- tools/perf/tests/attr/test-stat-default | 94 ++++-- tools/perf/tests/attr/test-stat-detailed-1 | 110 +++++-- tools/perf/tests/attr/test-stat-detailed-2 | 134 +++++--- tools/perf/tests/attr/test-stat-detailed-3 | 142 ++++++--- tools/perf/tests/shell/test_stat_intel_tpebs.sh | 22 ++ tools/perf/util/cs-etm.c | 25 +- tools/perf/util/disasm.c | 2 +- tools/perf/util/evlist.c | 19 +- tools/perf/util/evlist.h | 1 + tools/perf/util/machine.c | 2 +- tools/perf/util/mem-events.c | 8 +- tools/perf/util/pfm.c | 4 +- tools/perf/util/pmus.c | 2 +- tools/perf/util/probe-finder.c | 21 +- tools/perf/util/probe-finder.h | 4 +- tools/perf/util/stat-display.c | 101 ++++-- tools/power/x86/turbostat/turbostat.c | 5 +- tools/testing/selftests/arm64/abi/hwcap.c | 6 +- .../selftests/arm64/mte/check_tags_inclusion.c | 4 +- .../testing/selftests/arm64/mte/mte_common_util.c | 4 +- .../selftests/bpf/bpf_testmod/bpf_testmod-events.h | 6 + .../selftests/bpf/bpf_testmod/bpf_testmod.c | 2 + tools/testing/selftests/bpf/network_helpers.c | 46 +++ tools/testing/selftests/bpf/network_helpers.h | 3 + .../selftests/bpf/prog_tests/timer_lockup.c | 6 + .../selftests/bpf/prog_tests/tp_btf_nullable.c | 14 + .../selftests/bpf/progs/test_spin_lock_fail.c | 4 +- .../selftests/bpf/progs/test_tp_btf_nullable.c | 28 ++ tools/testing/selftests/bpf/test_progs.c | 97 +++++- tools/testing/selftests/bpf/test_progs.h | 4 + tools/testing/selftests/bpf/test_sockmap.c | 165 ++++++++-- .../selftests/mount_setattr/mount_setattr_test.c | 2 +- tools/testing/selftests/net/Makefile | 1 + .../selftests/net/ipv6_route_update_soft_lockup.sh | 262 +++++++++++++++ .../selftests/net/netfilter/conntrack_dump_flush.c | 6 + tools/testing/selftests/net/pmtu.sh | 2 +- tools/testing/selftests/resctrl/fill_buf.c | 2 +- tools/testing/selftests/resctrl/mbm_test.c | 16 +- tools/testing/selftests/resctrl/resctrl_val.c | 3 +- tools/testing/selftests/vDSO/parse_vdso.c | 3 +- tools/testing/selftests/watchdog/watchdog-test.c | 6 + tools/testing/selftests/wireguard/netns.sh | 1 + tools/tracing/rtla/src/timerlat_hist.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 2 +- virt/kvm/kvm_main.c | 103 ------ 908 files changed, 10577 insertions(+), 4981 deletions(-)

6 months, 2 weeks

12
832
0 0

drm/amd/display: Pass pwrseq inst for backlight and ABM

by Alex Deucher

Hi Greg, Sasha, Please cherry pick upstream commit b17ef04bf3a4 ("drm/amd/display: Pass pwrseq inst for backlight and ABM") to stable kernel 6.6.x and newer. This fixes broken backlight adjustment on some AMD platforms with eDP panels. Thanks, Alex

6 months, 2 weeks

3
7
0 0

[PATCH v3 3/8] platform/x86: serdev_helpers: Check for serial_ctrl_uid == NULL

by Hans de Goede

dell_uart_bl_pdev_probe() calls get_serdev_controller() with the serial_ctrl_uid parameter set to NULL. In case of errors this NULL parameter then gets passed to pr_err() as argument matching a "%s" conversion specification. This leads to compiler warnings when building with "make W=1". Check serial_ctrl_uid before passing it to pr_err() to avoid these. Fixes: dc5afd720f84 ("platform/x86: Add new get_serdev_controller() helper") Cc: stable(a)vger.kernel.org Suggested-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/platform/x86/serdev_helpers.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/platform/x86/serdev_helpers.h b/drivers/platform/x86/serdev_helpers.h index bcf3a0c356ea..3bc7fd8e1e19 100644 --- a/drivers/platform/x86/serdev_helpers.h +++ b/drivers/platform/x86/serdev_helpers.h @@ -35,7 +35,7 @@ get_serdev_controller(const char *serial_ctrl_hid, ctrl_adev = acpi_dev_get_first_match_dev(serial_ctrl_hid, serial_ctrl_uid, -1); if (!ctrl_adev) { pr_err("error could not get %s/%s serial-ctrl adev\n", - serial_ctrl_hid, serial_ctrl_uid); + serial_ctrl_hid, serial_ctrl_uid ?: "*"); return ERR_PTR(-ENODEV); } @@ -43,7 +43,7 @@ get_serdev_controller(const char *serial_ctrl_hid, ctrl_dev = get_device(acpi_get_first_physical_node(ctrl_adev)); if (!ctrl_dev) { pr_err("error could not get %s/%s serial-ctrl physical node\n", - serial_ctrl_hid, serial_ctrl_uid); + serial_ctrl_hid, serial_ctrl_uid ?: "*"); ctrl_dev = ERR_PTR(-ENODEV); goto put_ctrl_adev; } -- 2.47.0

6 months, 2 weeks

4
3
0 0

Linux 6.11.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.11.11 kernel. All users of the 6.11 kernel series must upgrade to the 6.12.y branch now. This branch is now end-of-life and will not be receiving any new updates. The updated 6.11.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.11.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-fs-f2fs | 7 Documentation/RCU/stallwarn.rst | 2 Documentation/arch/x86/boot.rst | 17 Documentation/devicetree/bindings/cache/qcom,llcc.yaml | 36 + Documentation/devicetree/bindings/clock/adi,axi-clkgen.yaml | 22 Documentation/devicetree/bindings/iio/dac/adi,ad3552r.yaml | 2 Documentation/devicetree/bindings/pinctrl/samsung,pinctrl-wakeup-interrupt.yaml | 19 Documentation/devicetree/bindings/serial/rs485.yaml | 19 Documentation/devicetree/bindings/sound/mt6359.yaml | 10 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/filesystems/mount_api.rst | 3 Documentation/locking/seqlock.rst | 2 Documentation/networking/j1939.rst | 2 Makefile | 2 arch/arc/kernel/devtree.c | 2 arch/arm/boot/dts/allwinner/sun9i-a80-cubieboard4.dts | 4 arch/arm/boot/dts/microchip/sam9x60.dtsi | 12 arch/arm/boot/dts/renesas/r7s72100-genmai.dts | 2 arch/arm/boot/dts/ti/omap/omap36xx.dtsi | 1 arch/arm/kernel/devtree.c | 2 arch/arm/kernel/head.S | 4 arch/arm/kernel/psci_smp.c | 7 arch/arm/mm/idmap.c | 7 arch/arm/mm/proc-v7.S | 2 arch/arm64/boot/dts/freescale/imx8mn-tqma8mqnl-mba8mx-usbotg.dtso | 29 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 5 arch/arm64/boot/dts/mediatek/mt6358.dtsi | 9 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8173-elm-hana.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-burnet.dts | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-cozmo.dts | 2 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-damu.dts | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi-fennel.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 30 arch/arm64/boot/dts/mediatek/mt8183-kukui-kakadu.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-kodama.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui-krane.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8186-corsola-voltorb.dtsi | 21 arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 8 arch/arm64/boot/dts/mediatek/mt8188.dtsi | 5 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 6 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8395-genio-1200-evk.dts | 2 arch/arm64/boot/dts/qcom/qcs6490-rb3gen2.dts | 2 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sm6350.dtsi | 14 arch/arm64/boot/dts/qcom/x1e80100-asus-vivobook-s15.dts | 4 arch/arm64/boot/dts/qcom/x1e80100-lenovo-yoga-slim7x.dts | 4 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 8 arch/arm64/boot/dts/renesas/hihope-rev2.dtsi | 3 arch/arm64/boot/dts/renesas/hihope-rev4.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3568-wolfvision-pf5-io-expander.dtso | 1 arch/arm64/boot/dts/rockchip/rk3588s-indiedroid-nova.dts | 2 arch/arm64/boot/dts/rockchip/rk3588s-orangepi-5.dts | 1 arch/arm64/boot/dts/ti/k3-am62x-phyboard-lyra.dtsi | 2 arch/arm64/boot/dts/ti/k3-j7200-common-proc-board.dts | 2 arch/arm64/boot/dts/ti/k3-j7200-main.dtsi | 38 - arch/arm64/boot/dts/ti/k3-j7200-mcu-wakeup.dtsi | 6 arch/arm64/boot/dts/ti/k3-j721e-mcu-wakeup.dtsi | 6 arch/arm64/boot/dts/ti/k3-j721s2-main.dtsi | 16 arch/arm64/boot/dts/ti/k3-j721s2-mcu-wakeup.dtsi | 6 arch/arm64/include/asm/insn.h | 1 arch/arm64/include/asm/kvm_host.h | 2 arch/arm64/kernel/cpufeature.c | 1 arch/arm64/kernel/probes/decode-insn.c | 7 arch/arm64/kernel/process.c | 2 arch/arm64/kernel/setup.c | 6 arch/arm64/kernel/vmlinux.lds.S | 6 arch/arm64/kvm/arch_timer.c | 3 arch/arm64/kvm/arm.c | 18 arch/arm64/kvm/mmio.c | 32 arch/arm64/kvm/pmu-emul.c | 1 arch/arm64/kvm/vgic/vgic-its.c | 32 arch/arm64/kvm/vgic/vgic-mmio-v3.c | 7 arch/arm64/kvm/vgic/vgic.h | 23 arch/arm64/net/bpf_jit_comp.c | 47 - arch/csky/kernel/setup.c | 4 arch/loongarch/Makefile | 4 arch/loongarch/include/asm/page.h | 5 arch/loongarch/kernel/acpi.c | 81 +- arch/loongarch/kernel/setup.c | 2 arch/loongarch/kernel/smp.c | 3 arch/loongarch/net/bpf_jit.c | 2 arch/loongarch/vdso/Makefile | 2 arch/m68k/coldfire/device.c | 8 arch/m68k/include/asm/mcfgpio.h | 2 arch/m68k/include/asm/mvme147hw.h | 4 arch/m68k/kernel/early_printk.c | 5 arch/m68k/mvme147/config.c | 30 arch/m68k/mvme147/mvme147.h | 6 arch/microblaze/kernel/microblaze_ksyms.c | 10 arch/microblaze/kernel/prom.c | 2 arch/mips/include/asm/switch_to.h | 2 arch/mips/kernel/prom.c | 2 arch/mips/kernel/relocate.c | 2 arch/nios2/kernel/prom.c | 4 arch/openrisc/Kconfig | 3 arch/openrisc/include/asm/fixmap.h | 21 arch/openrisc/kernel/prom.c | 2 arch/openrisc/mm/init.c | 37 + arch/parisc/kernel/ftrace.c | 2 arch/powerpc/include/asm/dtl.h | 4 arch/powerpc/include/asm/fadump.h | 9 arch/powerpc/include/asm/kvm_book3s_64.h | 4 arch/powerpc/include/asm/sstep.h | 5 arch/powerpc/include/asm/vdso.h | 1 arch/powerpc/kernel/dt_cpu_ftrs.c | 2 arch/powerpc/kernel/fadump.c | 40 - arch/powerpc/kernel/prom.c | 5 arch/powerpc/kernel/setup-common.c | 6 arch/powerpc/kernel/setup_64.c | 1 arch/powerpc/kexec/file_load_64.c | 9 arch/powerpc/kvm/book3s_hv.c | 14 arch/powerpc/kvm/book3s_hv_nested.c | 14 arch/powerpc/kvm/trace_hv.h | 2 arch/powerpc/lib/sstep.c | 12 arch/powerpc/mm/fault.c | 10 arch/powerpc/platforms/pseries/dtl.c | 8 arch/powerpc/platforms/pseries/lpar.c | 8 arch/powerpc/platforms/pseries/plpks.c | 2 arch/riscv/include/asm/cpufeature.h | 2 arch/riscv/kernel/setup.c | 2 arch/riscv/kernel/traps_misaligned.c | 14 arch/riscv/kernel/unaligned_access_speed.c | 1 arch/riscv/kvm/aia_aplic.c | 3 arch/riscv/kvm/vcpu_sbi.c | 11 arch/s390/include/asm/facility.h | 18 arch/s390/include/asm/pci.h | 4 arch/s390/include/asm/set_memory.h | 1 arch/s390/kernel/syscalls/Makefile | 2 arch/s390/mm/pageattr.c | 15 arch/s390/pci/pci.c | 37 - arch/s390/pci/pci_debug.c | 10 arch/sh/kernel/cpu/proc.c | 2 arch/sh/kernel/setup.c | 2 arch/um/drivers/net_kern.c | 2 arch/um/drivers/ubd_kern.c | 4 arch/um/drivers/vector_kern.c | 3 arch/um/kernel/dtb.c | 2 arch/um/kernel/physmem.c | 6 arch/um/kernel/process.c | 2 arch/um/kernel/sysrq.c | 2 arch/x86/coco/tdx/tdx.c | 111 ++- arch/x86/crypto/aegis128-aesni-asm.S | 29 arch/x86/events/intel/pt.c | 11 arch/x86/events/intel/pt.h | 2 arch/x86/include/asm/amd_nb.h | 5 arch/x86/include/asm/atomic64_32.h | 3 arch/x86/include/asm/cmpxchg_32.h | 6 arch/x86/include/asm/kvm_host.h | 4 arch/x86/include/asm/shared/tdx.h | 11 arch/x86/kernel/cpu/amd.c | 1 arch/x86/kernel/cpu/common.c | 4 arch/x86/kernel/devicetree.c | 2 arch/x86/kernel/unwind_orc.c | 2 arch/x86/kvm/Kconfig | 1 arch/x86/kvm/mmu/mmu.c | 68 -- arch/x86/kvm/mmu/spte.c | 18 arch/x86/platform/pvh/head.S | 22 arch/xtensa/kernel/setup.c | 2 block/bfq-iosched.c | 37 - block/blk-core.c | 18 block/blk-merge.c | 65 + block/blk-mq.c | 148 +++- block/blk-mq.h | 13 block/blk-settings.c | 7 block/blk-sysfs.c | 6 block/blk-zoned.c | 14 block/blk.h | 34 - block/elevator.c | 10 block/fops.c | 25 block/genhd.c | 24 crypto/pcrypt.c | 12 drivers/accel/ivpu/ivpu_ipc.c | 35 - drivers/accel/ivpu/ivpu_ipc.h | 7 drivers/accel/ivpu/ivpu_jsm_msg.c | 19 drivers/acpi/arm64/gtdt.c | 2 drivers/acpi/cppc_acpi.c | 1 drivers/base/firmware_loader/main.c | 5 drivers/base/regmap/regmap-irq.c | 41 - drivers/base/trace.h | 6 drivers/block/brd.c | 70 +- drivers/block/loop.c | 6 drivers/block/ublk_drv.c | 17 drivers/block/virtio_blk.c | 46 - drivers/bluetooth/btbcm.c | 4 drivers/bluetooth/btintel.c | 62 + drivers/bluetooth/btintel.h | 7 drivers/bluetooth/btintel_pcie.c | 265 +++++++ drivers/bluetooth/btintel_pcie.h | 16 drivers/bluetooth/btmtk.c | 1 drivers/bluetooth/btusb.c | 1 drivers/bus/mhi/host/trace.h | 25 drivers/clk/clk-apple-nco.c | 3 drivers/clk/clk-axi-clkgen.c | 22 drivers/clk/clk-en7523.c | 264 ++++++- drivers/clk/clk-loongson2.c | 6 drivers/clk/imx/clk-fracn-gppll.c | 10 drivers/clk/imx/clk-imx8-acm.c | 4 drivers/clk/imx/clk-lpcg-scu.c | 37 - drivers/clk/imx/clk-scu.c | 2 drivers/clk/mediatek/Kconfig | 15 drivers/clk/qcom/Kconfig | 4 drivers/clk/ralink/clk-mtmips.c | 26 drivers/clk/renesas/rzg2l-cpg.c | 11 drivers/clk/sophgo/clk-sg2042-pll.c | 2 drivers/clk/sunxi-ng/ccu-sun20i-d1.c | 2 drivers/clocksource/Kconfig | 3 drivers/clocksource/timer-ti-dm-systimer.c | 4 drivers/comedi/comedi_fops.c | 12 drivers/counter/stm32-timer-cnt.c | 17 drivers/counter/ti-ecap-capture.c | 7 drivers/cpufreq/amd-pstate.c | 26 drivers/cpufreq/cppc_cpufreq.c | 63 + drivers/cpufreq/loongson2_cpufreq.c | 4 drivers/cpufreq/loongson3_cpufreq.c | 7 drivers/cpufreq/mediatek-cpufreq-hw.c | 2 drivers/crypto/bcm/cipher.c | 5 drivers/crypto/caam/caampkc.c | 11 drivers/crypto/caam/qi.c | 2 drivers/crypto/cavium/cpt/cptpf_main.c | 6 drivers/crypto/hisilicon/hpre/hpre_main.c | 35 - drivers/crypto/hisilicon/qm.c | 47 - drivers/crypto/hisilicon/sec2/sec_main.c | 35 - drivers/crypto/hisilicon/zip/zip_main.c | 35 - drivers/crypto/inside-secure/safexcel_hash.c | 2 drivers/crypto/intel/qat/qat_420xx/adf_420xx_hw_data.c | 2 drivers/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c | 2 drivers/crypto/intel/qat/qat_common/adf_aer.c | 5 drivers/crypto/intel/qat/qat_common/adf_dbgfs.c | 13 drivers/crypto/intel/qat/qat_common/adf_hw_arbiter.c | 4 drivers/crypto/mxs-dcp.c | 20 drivers/dax/pmem/Makefile | 7 drivers/dax/pmem/pmem.c | 10 drivers/dma-buf/Kconfig | 1 drivers/dma-buf/udmabuf.c | 44 - drivers/edac/bluefield_edac.c | 2 drivers/edac/fsl_ddr_edac.c | 22 drivers/edac/i10nm_base.c | 1 drivers/edac/igen6_edac.c | 2 drivers/edac/skx_common.c | 57 + drivers/edac/skx_common.h | 8 drivers/firmware/arm_scmi/common.h | 2 drivers/firmware/arm_scmi/driver.c | 6 drivers/firmware/arm_scpi.c | 3 drivers/firmware/efi/libstub/efi-stub.c | 2 drivers/firmware/efi/tpm.c | 17 drivers/firmware/google/gsmi.c | 6 drivers/gpio/gpio-exar.c | 10 drivers/gpio/gpio-zevio.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_aca.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 8 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 63 + drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 drivers/gpu/drm/amd/amdgpu/jpeg_v4_0_3.c | 18 drivers/gpu/drm/amd/amdkfd/kfd_process.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 32 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 13 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 15 drivers/gpu/drm/amd/display/dc/core/dc_hw_sequencer.c | 3 drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 6 drivers/gpu/drm/bridge/analogix/anx7625.c | 2 drivers/gpu/drm/bridge/ite-it6505.c | 2 drivers/gpu/drm/bridge/tc358767.c | 7 drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_mm.c | 2 drivers/gpu/drm/drm_panel_orientation_quirks.c | 1 drivers/gpu/drm/etnaviv/etnaviv_drv.c | 10 drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 28 drivers/gpu/drm/fsl-dcu/Kconfig | 1 drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.c | 15 drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_drv.h | 3 drivers/gpu/drm/imagination/pvr_ccb.c | 2 drivers/gpu/drm/imagination/pvr_vm.c | 4 drivers/gpu/drm/imx/dcss/dcss-crtc.c | 6 drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c | 6 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 4 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_3_0_msm8998.h | 12 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_4_0_sdm845.h | 14 drivers/gpu/drm/msm/disp/dpu1/dpu_core_perf.c | 2 drivers/gpu/drm/msm/msm_gpu_devfreq.c | 9 drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 1 drivers/gpu/drm/omapdrm/dss/base.c | 25 drivers/gpu/drm/omapdrm/dss/omapdss.h | 3 drivers/gpu/drm/omapdrm/omap_drv.c | 4 drivers/gpu/drm/omapdrm/omap_gem.c | 10 drivers/gpu/drm/panel/panel-newvision-nv3052c.c | 2 drivers/gpu/drm/panel/panel-novatek-nt35510.c | 15 drivers/gpu/drm/panfrost/panfrost_devfreq.c | 3 drivers/gpu/drm/panfrost/panfrost_gpu.c | 1 drivers/gpu/drm/panthor/panthor_devfreq.c | 29 drivers/gpu/drm/panthor/panthor_device.h | 28 drivers/gpu/drm/panthor/panthor_sched.c | 333 ++++++++-- drivers/gpu/drm/radeon/atombios_encoders.c | 2 drivers/gpu/drm/radeon/cik.c | 14 drivers/gpu/drm/radeon/dce6_afmt.c | 2 drivers/gpu/drm/radeon/evergreen.c | 12 drivers/gpu/drm/radeon/ni.c | 2 drivers/gpu/drm/radeon/r100.c | 24 drivers/gpu/drm/radeon/r300.c | 6 drivers/gpu/drm/radeon/r420.c | 6 drivers/gpu/drm/radeon/r520.c | 2 drivers/gpu/drm/radeon/r600.c | 12 drivers/gpu/drm/radeon/r600_cs.c | 2 drivers/gpu/drm/radeon/r600_dpm.c | 4 drivers/gpu/drm/radeon/r600_hdmi.c | 2 drivers/gpu/drm/radeon/radeon.h | 5 drivers/gpu/drm/radeon/radeon_acpi.c | 10 drivers/gpu/drm/radeon/radeon_agp.c | 2 drivers/gpu/drm/radeon/radeon_atombios.c | 2 drivers/gpu/drm/radeon/radeon_audio.c | 14 drivers/gpu/drm/radeon/radeon_combios.c | 12 drivers/gpu/drm/radeon/radeon_device.c | 10 drivers/gpu/drm/radeon/radeon_display.c | 74 +- drivers/gpu/drm/radeon/radeon_fbdev.c | 26 drivers/gpu/drm/radeon/radeon_fence.c | 8 drivers/gpu/drm/radeon/radeon_gem.c | 2 drivers/gpu/drm/radeon/radeon_i2c.c | 2 drivers/gpu/drm/radeon/radeon_ib.c | 2 drivers/gpu/drm/radeon/radeon_irq_kms.c | 12 drivers/gpu/drm/radeon/radeon_object.c | 2 drivers/gpu/drm/radeon/radeon_pm.c | 20 drivers/gpu/drm/radeon/radeon_ring.c | 2 drivers/gpu/drm/radeon/radeon_ttm.c | 6 drivers/gpu/drm/radeon/rs400.c | 6 drivers/gpu/drm/radeon/rs600.c | 14 drivers/gpu/drm/radeon/rs690.c | 2 drivers/gpu/drm/radeon/rv515.c | 4 drivers/gpu/drm/radeon/rv770.c | 2 drivers/gpu/drm/radeon/si.c | 4 drivers/gpu/drm/v3d/v3d_drv.h | 1 drivers/gpu/drm/v3d/v3d_irq.c | 2 drivers/gpu/drm/v3d/v3d_mmu.c | 31 drivers/gpu/drm/v3d/v3d_sched.c | 46 + drivers/gpu/drm/vc4/tests/vc4_mock.c | 12 drivers/gpu/drm/vc4/vc4_bo.c | 28 drivers/gpu/drm/vc4/vc4_crtc.c | 13 drivers/gpu/drm/vc4/vc4_drv.c | 22 drivers/gpu/drm/vc4/vc4_drv.h | 8 drivers/gpu/drm/vc4/vc4_gem.c | 24 drivers/gpu/drm/vc4/vc4_hdmi.c | 22 drivers/gpu/drm/vc4/vc4_hvs.c | 64 + drivers/gpu/drm/vc4/vc4_irq.c | 10 drivers/gpu/drm/vc4/vc4_kms.c | 14 drivers/gpu/drm/vc4/vc4_perfmon.c | 20 drivers/gpu/drm/vc4/vc4_plane.c | 12 drivers/gpu/drm/vc4/vc4_render_cl.c | 2 drivers/gpu/drm/vc4/vc4_v3d.c | 10 drivers/gpu/drm/vc4/vc4_validate.c | 8 drivers/gpu/drm/vc4/vc4_validate_shaders.c | 2 drivers/gpu/drm/vkms/vkms_output.c | 5 drivers/gpu/drm/xe/display/xe_hdcp_gsc.c | 2 drivers/gpu/drm/xe/xe_sync.c | 6 drivers/gpu/drm/xlnx/zynqmp_disp.c | 3 drivers/gpu/drm/xlnx/zynqmp_kms.c | 2 drivers/hid/hid-hyperv.c | 58 + drivers/hid/wacom_wac.c | 4 drivers/hwmon/aquacomputer_d5next.c | 2 drivers/hwmon/nct6775-core.c | 7 drivers/hwmon/pmbus/pmbus_core.c | 12 drivers/hwmon/tps23861.c | 2 drivers/i2c/i2c-dev.c | 17 drivers/i3c/master.c | 13 drivers/iio/dac/adi-axi-dac.c | 2 drivers/iio/industrialio-gts-helper.c | 2 drivers/iio/light/al3010.c | 11 drivers/infiniband/core/uverbs.h | 2 drivers/infiniband/core/uverbs_main.c | 43 + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 7 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/hns/hns_roce_cq.c | 4 drivers/infiniband/hw/hns/hns_roce_debugfs.c | 3 drivers/infiniband/hw/hns/hns_roce_device.h | 14 drivers/infiniband/hw/hns/hns_roce_hem.c | 48 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 257 ++++--- drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 8 drivers/infiniband/hw/hns/hns_roce_main.c | 7 drivers/infiniband/hw/hns/hns_roce_mr.c | 11 drivers/infiniband/hw/hns/hns_roce_qp.c | 77 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 4 drivers/infiniband/hw/mlx5/main.c | 40 - drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 drivers/infiniband/sw/rxe/rxe_qp.c | 1 drivers/infiniband/sw/rxe/rxe_req.c | 6 drivers/input/misc/cs40l50-vibra.c | 6 drivers/interconnect/qcom/icc-rpmh.c | 3 drivers/iommu/amd/amd_iommu.h | 15 drivers/iommu/amd/amd_iommu_types.h | 5 drivers/iommu/amd/io_pgtable.c | 76 -- drivers/iommu/amd/io_pgtable_v2.c | 29 drivers/iommu/amd/iommu.c | 28 drivers/iommu/amd/pasid.c | 2 drivers/iommu/intel/iommu.c | 40 - drivers/iommu/s390-iommu.c | 73 +- drivers/irqchip/irq-mvebu-sei.c | 2 drivers/leds/flash/leds-ktd2692.c | 1 drivers/leds/leds-max5970.c | 5 drivers/mailbox/arm_mhuv2.c | 8 drivers/mailbox/mtk-cmdq-mailbox.c | 2 drivers/mailbox/omap-mailbox.c | 1 drivers/md/dm-bufio.c | 12 drivers/md/dm-cache-background-tracker.c | 25 drivers/md/dm-cache-background-tracker.h | 8 drivers/md/dm-cache-target.c | 25 drivers/media/i2c/adv7604.c | 5 drivers/media/i2c/adv7842.c | 13 drivers/media/i2c/ds90ub960.c | 2 drivers/media/i2c/vgxy61.c | 2 drivers/media/pci/intel/ipu6/ipu6-bus.c | 6 drivers/media/pci/intel/ipu6/ipu6-buttress.c | 34 - drivers/media/pci/intel/ipu6/ipu6-cpd.c | 18 drivers/media/pci/intel/ipu6/ipu6-dma.c | 202 ++---- drivers/media/pci/intel/ipu6/ipu6-dma.h | 34 - drivers/media/pci/intel/ipu6/ipu6-fw-com.c | 14 drivers/media/pci/intel/ipu6/ipu6-mmu.c | 28 drivers/media/pci/intel/ipu6/ipu6.c | 3 drivers/media/radio/wl128x/fmdrv_common.c | 3 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 15 drivers/media/v4l2-core/v4l2-dv-timings.c | 132 ++- drivers/message/fusion/mptsas.c | 4 drivers/mfd/da9052-spi.c | 2 drivers/mfd/intel_soc_pmic_bxtwc.c | 132 ++- drivers/mfd/rt5033.c | 4 drivers/mfd/tps65010.c | 8 drivers/misc/apds990x.c | 12 drivers/misc/lkdtm/bugs.c | 2 drivers/mmc/host/mmc_spi.c | 9 drivers/mtd/hyperbus/rpc-if.c | 7 drivers/mtd/nand/raw/atmel/pmecc.c | 8 drivers/mtd/nand/raw/atmel/pmecc.h | 2 drivers/mtd/spi-nor/core.c | 2 drivers/mtd/spi-nor/spansion.c | 1 drivers/mtd/ubi/attach.c | 12 drivers/mtd/ubi/fastmap-wl.c | 19 drivers/mtd/ubi/vmt.c | 2 drivers/mtd/ubi/wl.c | 11 drivers/mtd/ubi/wl.h | 3 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 30 drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 9 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c | 4 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.h | 3 drivers/net/ethernet/broadcom/tg3.c | 3 drivers/net/ethernet/google/gve/gve_adminq.c | 4 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 2 drivers/net/ethernet/intel/ice/ice_virtchnl.c | 21 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 70 ++ drivers/net/ethernet/marvell/octeontx2/af/cgx.h | 5 drivers/net/ethernet/marvell/octeontx2/af/lmac_common.h | 7 drivers/net/ethernet/marvell/octeontx2/af/rpm.c | 87 ++ drivers/net/ethernet/marvell/octeontx2/af/rpm.h | 18 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 1 drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 1 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 45 + drivers/net/ethernet/marvell/octeontx2/nic/cn10k.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/otx2_dcbnl.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/otx2_dmac_flt.c | 9 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 10 drivers/net/ethernet/marvell/pxa168_eth.c | 14 drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 drivers/net/ethernet/microchip/vcap/vcap_api_kunit.c | 17 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_irq.c | 24 drivers/net/ethernet/wangxun/txgbe/txgbe_main.c | 1 drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 168 ----- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.h | 2 drivers/net/ethernet/wangxun/txgbe/txgbe_type.h | 7 drivers/net/mdio/mdio-ipq4019.c | 5 drivers/net/netdevsim/ipsec.c | 11 drivers/net/usb/lan78xx.c | 40 - drivers/net/usb/qmi_wwan.c | 1 drivers/net/usb/r8152.c | 1 drivers/net/wireless/ath/ath10k/mac.c | 4 drivers/net/wireless/ath/ath11k/qmi.c | 3 drivers/net/wireless/ath/ath12k/dp.c | 19 drivers/net/wireless/ath/ath12k/mac.c | 5 drivers/net/wireless/ath/ath12k/wow.c | 2 drivers/net/wireless/ath/ath9k/htc_hst.c | 3 drivers/net/wireless/ath/wil6210/txrx.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c | 3 drivers/net/wireless/intel/ipw2x00/ipw2100.c | 2 drivers/net/wireless/intel/ipw2x00/ipw2200.h | 2 drivers/net/wireless/intel/iwlegacy/3945.c | 2 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 2 drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 96 +- drivers/net/wireless/intel/iwlwifi/fw/init.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 8 drivers/net/wireless/intersil/p54/p54spi.c | 4 drivers/net/wireless/marvell/libertas/radiotap.h | 4 drivers/net/wireless/marvell/mwifiex/fw.h | 2 drivers/net/wireless/marvell/mwifiex/main.c | 4 drivers/net/wireless/microchip/wilc1000/mon.c | 4 drivers/net/wireless/microchip/wilc1000/netdev.c | 6 drivers/net/wireless/realtek/rtl8xxxu/core.c | 6 drivers/net/wireless/realtek/rtlwifi/efuse.c | 11 drivers/net/wireless/realtek/rtw89/coex.c | 4 drivers/net/wireless/silabs/wfx/main.c | 17 drivers/net/wireless/st/cw1200/cw1200_spi.c | 2 drivers/net/wireless/virtual/mac80211_hwsim.c | 4 drivers/nvme/host/core.c | 5 drivers/nvme/host/multipath.c | 33 drivers/nvme/host/pci.c | 55 - drivers/of/fdt.c | 14 drivers/of/kexec.c | 2 drivers/pci/controller/cadence/pci-j721e.c | 100 ++- drivers/pci/controller/cadence/pcie-cadence-host.c | 44 - drivers/pci/controller/cadence/pcie-cadence.h | 12 drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 drivers/pci/controller/dwc/pcie-tegra194.c | 7 drivers/pci/endpoint/functions/pci-epf-mhi.c | 6 drivers/pci/hotplug/cpqphp_pci.c | 19 drivers/pci/pci.c | 5 drivers/pci/slot.c | 4 drivers/perf/arm-cmn.c | 4 drivers/perf/arm_smmuv3_pmu.c | 19 drivers/phy/phy-airoha-pcie-regs.h | 6 drivers/phy/phy-airoha-pcie.c | 8 drivers/phy/realtek/phy-rtk-usb2.c | 2 drivers/phy/realtek/phy-rtk-usb3.c | 2 drivers/pinctrl/pinctrl-k210.c | 2 drivers/pinctrl/pinctrl-zynqmp.c | 1 drivers/pinctrl/qcom/pinctrl-spmi-gpio.c | 2 drivers/pinctrl/renesas/Kconfig | 1 drivers/platform/chrome/cros_ec_typec.c | 1 drivers/platform/x86/dell/dell-smbios-base.c | 1 drivers/platform/x86/dell/dell-wmi-base.c | 6 drivers/platform/x86/ideapad-laptop.c | 3 drivers/platform/x86/intel/bxtwc_tmu.c | 22 drivers/platform/x86/panasonic-laptop.c | 10 drivers/platform/x86/thinkpad_acpi.c | 28 drivers/pmdomain/ti/ti_sci_pm_domains.c | 4 drivers/power/sequencing/Kconfig | 1 drivers/power/supply/bq27xxx_battery.c | 37 + drivers/power/supply/power_supply_core.c | 2 drivers/power/supply/rt9471.c | 52 - drivers/pwm/core.c | 10 drivers/pwm/pwm-imx27.c | 98 ++ drivers/regulator/qcom_smd-regulator.c | 2 drivers/regulator/rk808-regulator.c | 17 drivers/remoteproc/qcom_q6v5_adsp.c | 11 drivers/remoteproc/qcom_q6v5_mss.c | 6 drivers/remoteproc/qcom_q6v5_pas.c | 22 drivers/rpmsg/qcom_glink_native.c | 3 drivers/rtc/interface.c | 7 drivers/rtc/rtc-ab-eoz9.c | 7 drivers/rtc/rtc-abx80x.c | 2 drivers/rtc/rtc-rzn1.c | 8 drivers/rtc/rtc-st-lpc.c | 5 drivers/s390/cio/cio.c | 6 drivers/s390/cio/device.c | 18 drivers/scsi/bfa/bfad.c | 3 drivers/scsi/hisi_sas/hisi_sas_main.c | 8 drivers/scsi/qedf/qedf_main.c | 1 drivers/scsi/qedi/qedi_main.c | 1 drivers/scsi/sg.c | 9 drivers/sh/intc/core.c | 2 drivers/soc/fsl/rcpm.c | 1 drivers/soc/qcom/qcom-geni-se.c | 3 drivers/soc/qcom/socinfo.c | 8 drivers/soc/ti/smartreflex.c | 4 drivers/soc/xilinx/xlnx_event_manager.c | 4 drivers/spi/atmel-quadspi.c | 2 drivers/spi/spi-fsl-lpspi.c | 12 drivers/spi/spi-stm32.c | 1 drivers/spi/spi-tegra210-quad.c | 2 drivers/spi/spi-zynqmp-gqspi.c | 2 drivers/spi/spi.c | 13 drivers/staging/media/atomisp/pci/sh_css_params.c | 2 drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 6 drivers/target/target_core_pscsi.c | 2 drivers/thermal/thermal_core.c | 133 ++- drivers/thermal/thermal_core.h | 15 drivers/thermal/thermal_sysfs.c | 2 drivers/tty/serial/8250/8250_fintek.c | 14 drivers/tty/serial/8250/8250_omap.c | 4 drivers/tty/serial/amba-pl011.c | 7 drivers/tty/tty_io.c | 2 drivers/usb/dwc3/ep0.c | 2 drivers/usb/dwc3/gadget.c | 15 drivers/usb/gadget/composite.c | 18 drivers/usb/gadget/function/uvc_video.c | 4 drivers/usb/host/ehci-spear.c | 7 drivers/usb/host/xhci-pci.c | 10 drivers/usb/host/xhci-ring.c | 73 +- drivers/usb/host/xhci.c | 40 + drivers/usb/host/xhci.h | 3 drivers/usb/misc/chaoskey.c | 35 - drivers/usb/misc/iowarrior.c | 50 + drivers/usb/misc/usb-ljca.c | 20 drivers/usb/misc/yurex.c | 5 drivers/usb/musb/musb_gadget.c | 13 drivers/usb/typec/class.c | 6 drivers/usb/typec/tcpm/wcove.c | 4 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 drivers/usb/typec/ucsi/ucsi_glink.c | 2 drivers/vdpa/mlx5/core/mr.c | 4 drivers/vfio/pci/mlx5/cmd.c | 6 drivers/vfio/pci/mlx5/main.c | 35 - drivers/vfio/pci/vfio_pci_config.c | 16 drivers/video/fbdev/sh7760fb.c | 3 drivers/watchdog/Kconfig | 4 drivers/xen/xenbus/xenbus_probe.c | 8 fs/binfmt_elf.c | 2 fs/binfmt_elf_fdpic.c | 5 fs/binfmt_misc.c | 7 fs/cachefiles/interface.c | 14 fs/cachefiles/ondemand.c | 38 - fs/dlm/ast.c | 2 fs/dlm/recoverd.c | 2 fs/efs/super.c | 43 - fs/erofs/zmap.c | 17 fs/exec.c | 45 - fs/exfat/file.c | 10 fs/exfat/namei.c | 21 fs/ext4/balloc.c | 4 fs/ext4/ext4.h | 12 fs/ext4/extents.c | 2 fs/ext4/fsmap.c | 54 + fs/ext4/ialloc.c | 5 fs/ext4/indirect.c | 2 fs/ext4/inode.c | 4 fs/ext4/mballoc.c | 18 fs/ext4/mballoc.h | 1 fs/ext4/mmp.c | 2 fs/ext4/move_extent.c | 43 - fs/ext4/resize.c | 2 fs/ext4/super.c | 42 - fs/f2fs/checkpoint.c | 4 fs/f2fs/data.c | 29 fs/f2fs/debug.c | 2 fs/f2fs/f2fs.h | 3 fs/f2fs/file.c | 23 fs/f2fs/gc.c | 2 fs/f2fs/node.c | 14 fs/f2fs/segment.c | 5 fs/f2fs/segment.h | 35 - fs/f2fs/super.c | 37 - fs/fuse/file.c | 62 + fs/fuse/fuse_i.h | 6 fs/fuse/virtio_fs.c | 1 fs/gfs2/glock.c | 19 fs/gfs2/glock.h | 1 fs/gfs2/incore.h | 2 fs/gfs2/rgrp.c | 2 fs/gfs2/super.c | 2 fs/hfsplus/hfsplus_fs.h | 3 fs/hfsplus/wrapper.c | 2 fs/isofs/inode.c | 8 fs/jffs2/erase.c | 7 fs/jfs/xattr.c | 2 fs/netfs/fscache_volume.c | 3 fs/nfs/blocklayout/blocklayout.c | 15 fs/nfs/blocklayout/dev.c | 6 fs/nfs/internal.h | 2 fs/nfs/nfs4proc.c | 8 fs/nfs/write.c | 49 - fs/nfsd/export.c | 31 fs/nfsd/export.h | 4 fs/nfsd/nfs4callback.c | 16 fs/nfsd/nfs4proc.c | 7 fs/nfsd/nfs4recover.c | 3 fs/nfsd/nfs4state.c | 5 fs/nfsd/nfs4xdr.c | 2 fs/nfsd/nfsfh.c | 20 fs/nfsd/nfsfh.h | 3 fs/notify/fsnotify.c | 23 fs/notify/mark.c | 12 fs/ocfs2/aops.h | 2 fs/ocfs2/file.c | 4 fs/proc/kcore.c | 10 fs/proc/softirqs.c | 2 fs/read_write.c | 15 fs/smb/client/cached_dir.c | 229 ++++-- fs/smb/client/cached_dir.h | 6 fs/smb/client/cifsfs.c | 12 fs/smb/client/cifsglob.h | 4 fs/smb/client/cifsproto.h | 1 fs/smb/client/connect.c | 59 + fs/smb/client/fs_context.c | 85 ++ fs/smb/client/fs_context.h | 1 fs/smb/client/inode.c | 4 fs/smb/client/reparse.c | 95 ++ fs/smb/client/reparse.h | 6 fs/smb/client/smb1ops.c | 4 fs/smb/client/smb2file.c | 21 fs/smb/client/smb2inode.c | 6 fs/smb/client/smb2ops.c | 2 fs/smb/client/smb2pdu.c | 4 fs/smb/client/smb2proto.h | 9 fs/smb/client/trace.h | 3 fs/smb/server/server.c | 4 fs/ubifs/super.c | 6 fs/ubifs/tnc_commit.c | 2 fs/unicode/utf8-core.c | 2 include/asm-generic/vmlinux.lds.h | 4 include/kunit/skbuff.h | 2 include/linux/blk-mq.h | 2 include/linux/blkdev.h | 15 include/linux/bpf.h | 9 include/linux/cleanup.h | 4 include/linux/compiler_attributes.h | 13 include/linux/compiler_types.h | 19 include/linux/f2fs_fs.h | 6 include/linux/fs.h | 2 include/linux/hisi_acc_qm.h | 8 include/linux/io-pgtable.h | 4 include/linux/irqdomain.h | 8 include/linux/jiffies.h | 2 include/linux/kfifo.h | 1 include/linux/kvm_host.h | 6 include/linux/lockdep.h | 2 include/linux/mmdebug.h | 6 include/linux/netpoll.h | 2 include/linux/of_fdt.h | 5 include/linux/once.h | 4 include/linux/once_lite.h | 2 include/linux/rcupdate.h | 2 include/linux/regmap.h | 4 include/linux/seqlock.h | 98 ++ include/media/v4l2-dv-timings.h | 18 include/net/bluetooth/hci.h | 4 include/net/bluetooth/hci_core.h | 63 + include/net/cfg80211.h | 44 + include/net/ieee80211_radiotap.h | 43 - include/net/net_debug.h | 2 include/rdma/ib_verbs.h | 8 include/uapi/linux/rtnetlink.h | 2 init/Kconfig | 9 init/initramfs.c | 15 io_uring/memmap.c | 11 ipc/namespace.c | 4 kernel/bpf/bpf_struct_ops.c | 114 +++ kernel/bpf/btf.c | 6 kernel/bpf/dispatcher.c | 3 kernel/bpf/trampoline.c | 9 kernel/bpf/verifier.c | 139 +++- kernel/cgroup/cgroup.c | 21 kernel/fork.c | 26 kernel/irq/irqdomain.c | 202 +++--- kernel/rcu/rcuscale.c | 6 kernel/rcu/srcutiny.c | 2 kernel/rcu/tree.c | 14 kernel/sched/cpufreq_schedutil.c | 3 kernel/time/time.c | 4 kernel/trace/bpf_trace.c | 5 kernel/trace/trace_event_perf.c | 6 lib/overflow_kunit.c | 2 lib/string_helpers.c | 2 lib/strncpy_from_user.c | 5 mm/internal.h | 2 net/9p/trans_xen.c | 9 net/bluetooth/hci_conn.c | 219 +++++- net/bluetooth/hci_event.c | 39 + net/bluetooth/hci_sysfs.c | 15 net/bluetooth/iso.c | 101 ++- net/bluetooth/mgmt.c | 38 - net/bluetooth/rfcomm/sock.c | 10 net/core/filter.c | 88 +- net/core/netdev-genl.c | 2 net/core/skmsg.c | 4 net/hsr/hsr_device.c | 4 net/ipv4/inet_connection_sock.c | 2 net/ipv4/ipmr.c | 42 - net/ipv4/ipmr_base.c | 3 net/ipv4/tcp_bpf.c | 7 net/ipv6/addrconf.c | 41 - net/ipv6/ip6_fib.c | 8 net/ipv6/ip6mr.c | 38 - net/ipv6/route.c | 51 - net/iucv/af_iucv.c | 26 net/llc/af_llc.c | 2 net/mac80211/cfg.c | 22 net/mac80211/ieee80211_i.h | 5 net/mac80211/link.c | 7 net/mac80211/main.c | 2 net/netfilter/ipset/ip_set_bitmap_ip.c | 7 net/netfilter/nf_tables_api.c | 60 + net/netlink/af_netlink.c | 21 net/rfkill/rfkill-gpio.c | 8 net/rxrpc/af_rxrpc.c | 7 net/sched/sch_fq.c | 6 net/sunrpc/cache.c | 4 net/sunrpc/svcsock.c | 4 net/sunrpc/xprtrdma/svc_rdma.c | 19 net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 8 net/sunrpc/xprtsock.c | 17 net/wireless/core.c | 71 +- net/wireless/mlme.c | 6 net/wireless/nl80211.c | 1 net/xdp/xsk.c | 11 rust/kernel/block/mq/request.rs | 67 +- rust/kernel/lib.rs | 2 rust/macros/lib.rs | 2 samples/bpf/xdp_adjust_tail_kern.c | 1 samples/kfifo/dma-example.c | 1 scripts/checkpatch.pl | 37 - scripts/faddr2line | 2 scripts/kernel-doc | 47 - scripts/mod/file2alias.c | 5 scripts/package/builddeb | 22 security/apparmor/capability.c | 2 security/apparmor/policy_unpack_test.c | 6 security/integrity/integrity.h | 4 sound/core/pcm_native.c | 6 sound/core/rawmidi.c | 4 sound/core/sound_kunit.c | 11 sound/core/ump.c | 5 sound/hda/intel-dsp-config.c | 4 sound/pci/hda/patch_realtek.c | 155 ++-- sound/soc/amd/yc/acp6x-mach.c | 32 sound/soc/codecs/da7213.c | 1 sound/soc/codecs/da7219.c | 9 sound/soc/codecs/max9768.c | 11 sound/soc/codecs/rt5640.c | 27 sound/soc/codecs/rt722-sdca.c | 8 sound/soc/codecs/tas2781-fmwlib.c | 1 sound/soc/codecs/wcd937x.c | 12 sound/soc/codecs/wcd937x.h | 4 sound/soc/fsl/fsl-asoc-card.c | 8 sound/soc/fsl/fsl_micfil.c | 4 sound/soc/fsl/imx-audmix.c | 3 sound/soc/generic/audio-graph-card2.c | 3 sound/soc/intel/atom/sst/sst_acpi.c | 64 + sound/soc/intel/boards/bytcr_rt5640.c | 48 + sound/soc/mediatek/mt8188/mt8188-mt6359.c | 9 sound/soc/mediatek/mt8192/mt8192-mt6359-rt1015-rt5682.c | 4 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 9 sound/soc/stm/stm32_sai_sub.c | 6 sound/usb/6fire/chip.c | 10 sound/usb/caiaq/audio.c | 10 sound/usb/caiaq/audio.h | 1 sound/usb/caiaq/device.c | 19 sound/usb/caiaq/input.c | 12 sound/usb/caiaq/input.h | 1 sound/usb/clock.c | 24 sound/usb/quirks-table.h | 14 sound/usb/quirks.c | 27 sound/usb/usx2y/us122l.c | 5 sound/usb/usx2y/usbusx2y.c | 2 tools/bpf/bpftool/jit_disasm.c | 40 - tools/include/nolibc/arch-s390.h | 1 tools/lib/bpf/libbpf.c | 99 +- tools/lib/bpf/linker.c | 2 tools/lib/thermal/Makefile | 4 tools/lib/thermal/commands.c | 52 + tools/perf/Makefile.config | 2 tools/perf/builtin-ftrace.c | 2 tools/perf/builtin-list.c | 4 tools/perf/builtin-stat.c | 52 + tools/perf/builtin-trace.c | 23 tools/perf/tests/attr/test-stat-default | 90 ++ tools/perf/tests/attr/test-stat-detailed-1 | 106 ++- tools/perf/tests/attr/test-stat-detailed-2 | 130 ++- tools/perf/tests/attr/test-stat-detailed-3 | 138 ++-- tools/perf/tests/shell/test_stat_intel_tpebs.sh | 19 tools/perf/util/cs-etm.c | 25 tools/perf/util/disasm.c | 2 tools/perf/util/evlist.c | 19 tools/perf/util/evlist.h | 1 tools/perf/util/machine.c | 2 tools/perf/util/mem-events.c | 8 tools/perf/util/pfm.c | 4 tools/perf/util/pmus.c | 2 tools/perf/util/probe-finder.c | 21 tools/perf/util/probe-finder.h | 4 tools/power/x86/turbostat/turbostat.c | 5 tools/testing/selftests/arm64/abi/hwcap.c | 6 tools/testing/selftests/arm64/mte/check_tags_inclusion.c | 4 tools/testing/selftests/arm64/mte/mte_common_util.c | 4 tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h | 6 tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c | 2 tools/testing/selftests/bpf/network_helpers.c | 46 + tools/testing/selftests/bpf/network_helpers.h | 3 tools/testing/selftests/bpf/prog_tests/timer_lockup.c | 6 tools/testing/selftests/bpf/prog_tests/tp_btf_nullable.c | 14 tools/testing/selftests/bpf/progs/test_spin_lock_fail.c | 4 tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c | 28 tools/testing/selftests/bpf/test_progs.c | 97 ++ tools/testing/selftests/bpf/test_progs.h | 4 tools/testing/selftests/bpf/test_sockmap.c | 165 ++++ tools/testing/selftests/mount_setattr/mount_setattr_test.c | 2 tools/testing/selftests/net/Makefile | 1 tools/testing/selftests/net/ipv6_route_update_soft_lockup.sh | 262 +++++++ tools/testing/selftests/net/netfilter/conntrack_dump_flush.c | 6 tools/testing/selftests/net/pmtu.sh | 2 tools/testing/selftests/resctrl/fill_buf.c | 2 tools/testing/selftests/resctrl/mbm_test.c | 16 tools/testing/selftests/resctrl/resctrl_val.c | 3 tools/testing/selftests/vDSO/parse_vdso.c | 3 tools/testing/selftests/watchdog/watchdog-test.c | 6 tools/testing/selftests/wireguard/netns.sh | 1 tools/tracing/rtla/src/timerlat_hist.c | 2 tools/tracing/rtla/src/timerlat_top.c | 2 virt/kvm/kvm_main.c | 103 --- 900 files changed, 10279 insertions(+), 4753 deletions(-) Abel Vesa (3): arm64: dts: qcom: x1e80100-slim7x: Drop orientation-switch from USB SS[0-1] QMP PHYs arm64: dts: qcom: x1e80100-vivobook-s15: Drop orientation-switch from USB SS[0-1] QMP PHYs dt-bindings: cache: qcom,llcc: Fix X1E80100 reg entries Adrian Hunter (1): perf/x86/intel/pt: Fix buffer full but size is 0 case Adrián Larumbe (4): drm/panfrost: Add missing OPP table refcnt decremental drm/panthor: introduce job cycle and timestamp accounting drm/panthor: record current and maximum device clock frequencies drm/panthor: Fix OPP refcnt leaks in devfreq initialisation Ahmed Ehab (1): locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() Ahsan Atta (1): crypto: qat - remove faulty arbiter config reset Alain Volmat (1): spi: stm32: fix missing device mode capability in stm32mp25 Aleksa Savic (1): hwmon: (aquacomputer_d5next) Fix length of speed_input array Aleksandr Mishin (1): acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() Aleksei Vetrov (1): wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan Alex Zenla (2): 9p/xen: fix init sequence 9p/xen: fix release of IRQ Alexander Aring (2): dlm: fix swapped args sb_flags vs sb_status dlm: fix dlm_recover_members refcount on error Alexander Hölzl (1): can: j1939: fix error in J1939 documentation. Alexey Klimov (2): ASoC: codecs: wcd937x: add missing LO Switch control ASoC: codecs: wcd937x: relax the AUX PDM watchdog Alexis Lothoré (eBPF Foundation) (1): selftests/bpf: add missing header include for htons Alper Nebi Yasak (1): wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Amir Goldstein (1): fsnotify: fix sending inotify event with unexpected filename Andre Przywara (5): kselftest/arm64: hwcap: fix f8dp2 cpuinfo name kselftest/arm64: mte: fix printf type warnings about __u64 kselftest/arm64: mte: fix printf type warnings about longs ARM: dts: cubieboard4: Fix DCDC5 regulator constraints clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset Andreas Gruenbacher (3): gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE gfs2: Allow immediate GLF_VERIFY_DELETE work gfs2: Fix unlinked inode cleanup Andreas Kemnade (1): ARM: dts: omap36xx: declare 1GHz OPP as turbo again Andrei Simion (1): ARM: dts: microchip: sam9x60: Add missing property atmel,usart-mode Andrej Shadura (1): Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() Andrii Nakryiko (4): libbpf: fix sym_is_subprog() logic for weak global subprogs libbpf: never interpret subprogs in .text as entry programs selftests/bpf: fix test_spin_lock_fail.c's global vars usage libbpf: move global data mmap()'ing into bpf_object__load() André Almeida (1): unicode: Fix utf8_load() error path Andy Shevchenko (9): regmap: irq: Set lockdep class for hierarchical IRQ domains drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices mfd: intel_soc_pmic_bxtwc: Fix IRQ domain names duplication cpufreq: loongson3: Check for error code from devm_mutex_init() call gpio: zevio: Add missed label initialisation x86/Documentation: Update algo in init_size description of boot protocol Angelo Dureghello (2): iio: dac: adi-axi-dac: fix wrong register bitfield dt-bindings: iio: dac: ad3552r: fix maximum spi speed AngeloGioacchino Del Regno (1): arm64: dts: mediatek: Add ADC node on MT6357, MT6358, MT6359 PMICs Anjaneyulu (1): wifi: iwlwifi: mvm: SAR table alignment Antonio Quartulli (1): m68k: coldfire/device.c: only build FEC when HW macros are defined Anurag Dutta (3): arm64: dts: ti: k3-j7200: Fix clock ids for MCSPI instances arm64: dts: ti: k3-j721e: Fix clock IDs for MCSPI instances arm64: dts: ti: k3-j721s2: Fix clock IDs for MCSPI instances Ard Biesheuvel (1): x86/pvh: Call C code via the kernel virtual mapping Arnaldo Carvalho de Melo (1): perf ftrace latency: Fix unit on histogram first entry when using --use-nsec Arnd Bergmann (3): x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB wifi: ath12k: fix one more memcpy size error serial: amba-pl011: fix build regression Artem Sadovnikov (1): jfs: xattr: check invalid xattr size more strictly Aurabindo Pillai (1): drm/amd/display: fix a memleak issue when driver is removed Avihai Horon (1): vfio/pci: Properly hide first-in-list PCIe extended capability Balaji Pothunoori (1): wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR Baochen Qiang (2): wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 Baolin Liu (1): scsi: target: Fix incorrect function name in pscsi_create_type_disk() Barnabás Czémán (1): power: supply: bq27xxx: Fix registers of bq27426 Bart Van Assche (3): scsi: sg: Enable runtime power management power: supply: core: Remove might_sleep() from power_supply_put() blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long Bartosz Golaszewski (4): mmc: mmc_spi: drop buggy snprintf() power: sequencing: make the QCom PMU pwrseq driver depend on CONFIG_OF pinctrl: zynqmp: drop excess struct member description lib: string_helpers: silence snprintf() output truncation warning Baruch Siach (1): doc: rcu: update printed dynticks counter bits Ben Greear (2): wifi: mac80211: Fix setting txpower with emulate_chanctx mac80211: fix user-power when emulating chanctx Benjamin Coddington (3): SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT nfs/blocklayout: Don't attempt unregister for invalid block device nfs/blocklayout: Limit repeat device registration on failure Benjamin Große (1): usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver Benjamin Peterson (3): perf trace: avoid garbage when not printing a trace event's arguments perf trace: Do not lose last events in a race perf trace: Avoid garbage when not printing a syscall's arguments Benoît Monin (1): net: usb: qmi_wwan: add Quectel RG650V Benoît Sevens (1): ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Biju Das (2): mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE clk: renesas: rzg2l: Fix FOUTPOSTDIV clk Bill O'Donnell (1): efs: fix the efs new mount api implementation Bin Liu (1): serial: 8250: omap: Move pm_runtime_get_sync Bingbu Cao (1): media: ipu6: not override the dma_ops of device in driver Björn Töpel (1): riscv: kvm: Fix out-of-bounds array access Breno Leitao (4): ipmr: Fix access to mfc_cache_list without lock held spi: tegra210-quad: Avoid shift-out-of-bounds netpoll: Use rcu_access_pointer() in netpoll_poll_lock nvme/multipath: Fix RCU list traversal to use SRCU primitive Cabiddu, Giovanni (1): crypto: qat - remove check after debugfs_create_dir() Carl Vanderlip (1): bus: mhi: host: Switch trace_mhi_gen_tre fields to native endian Carlos Llamas (1): Revert "scripts/faddr2line: Check only two symbols when calculating symbol size" Chao Yu (6): f2fs: fix to account dirty data in __get_secs_required() f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() f2fs: fix to map blocks correctly for direct write f2fs: fix to avoid forcing direct write to use buffered IO on inline_data inode f2fs: fix to do cast in F2FS_{BLK_TO_BYTES, BTYES_TO_BLK} to avoid overflow f2fs: fix to do sanity check on node blkaddr in truncate_node() Charles Han (5): soc: qcom: Add check devm_kasprintf() returned value clk: clk-apple-nco: Add NULL check in applnco_probe phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe ASoC: imx-audmix: Add NULL check in imx_audmix_probe Chen Ridong (4): crypto: caam - add error check to caam_rsa_set_priv_key_form crypto: bcm - add error check in the ahash_hmac_init function Revert "cgroup: Fix memory leak caused by missing cgroup_bpf_offline" cgroup/bpf: only cgroup v2 can be attached by bpf programs Chen Yufan (1): drm/imagination: Convert to use time_before macro Chen-Yu Tsai (5): scripts/kernel-doc: Do not track section counter across processed files arm64: dts: mediatek: mt8173-elm-hana: Add vdd-supply to second source trackpad arm64: dts: mediatek: mt8183-kukui-jacuzzi: Fix DP bridge supply names arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add supplies for fixed regulators arm64: dts: mediatek: mt8186-corsola-voltorb: Merge speaker codec nodes Cheng Ming Lin (1): mtd: spi-nor: core: replace dummy buswidth from addr to data Chengchang Tang (2): RDMA/core: Provide rdma_user_mmap_disassociate() to disassociate mmap pages RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset ChiYuan Huang (2): power: supply: rt9471: Fix wrong WDT function regfield declaration power: supply: rt9471: Use IC status regfield to report real charger status Chris Lu (1): Bluetooth: btmtk: adjust the position to init iso data anchor Chris Morgan (1): arm64: dts: rockchip: correct analog audio name on Indiedroid Nova Christian Brauner (1): Revert "fs: don't block i_writecount during exec" Christian Loehle (1): sched/cpufreq: Ensure sd is rebuilt for EAS check Christoph Hellwig (9): nvme-pci: fix freeing of the HMB descriptor table block: constify the lim argument to queue_limits_max_zone_append_sectors block: properly handle REQ_OP_ZONE_APPEND in __bio_split_to_limits block: take chunk_sectors into account in bio_split_write_zeroes block: fix bio_split_rw_at to take zone_write_granularity into account nvme-pci: reverse request order in nvme_queue_rqs virtio_blk: reverse request order in virtio_queue_rqs kfifo: don't include dma-mapping.h in kfifo.h block: return unsigned int from bdev_io_min Christophe JAILLET (4): crypto: caam - Fix the pointer passed to caam_qi_shutdown() crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() media: i2c: vgxy61: Fix an error handling path in vgxy61_detect() iio: light: al3010: Fix an error handling path in al3010_probe() Christophe Leroy (1): powerpc/vdso: Flag VDSO64 entry points as functions Chuck Lever (5): svcrdma: Address an integer overflow NFSD: Prevent NULL dereference in nfsd4_process_cb_update() NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() NFSD: Fix nfsd4_shutdown_copy() NFSD: Prevent a potential integer overflow Chun-Tse Shao (1): perf/arm-smmuv3: Fix lockdep assert in ->event_init() Clark Wang (1): pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle Claudiu Beznea (2): ASoC: da7213: Populate max_register to regmap_config serial: sh-sci: Clean sci_ports[0] after at earlycon exit Colin Ian King (1): media: i2c: ds90ub960: Fix missing return check on ub960_rxport_read call Cristian Marussi (1): firmware: arm_scmi: Reject clear channel request on A2P Csókás, Bence (1): spi: atmel-quadspi: Fix register name in verbose logging function Damien Le Moal (1): block: Prevent potential deadlock in blk_revalidate_disk_zones() Dan Carpenter (8): crypto: qat/qat_420xx - fix off by one in uof_get_name() crypto: qat/qat_4xxx - fix off by one in uof_get_name() soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() kunit: skb: use "gfp" variable instead of hardcoding GFP_KERNEL mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() usb: typec: fix potential array underflow in ucsi_ccg_sync_control() cifs: unlock on error in smb3_reconfigure() sh: intc: Fix use-after-free bug in register_intc_controller() Daniel Gabay (1): wifi: iwlwifi: mvm: Use the sync timepoint API in suspend Daniel Lezcano (2): tools/lib/thermal: Make more generic the command encoding function thermal/lib: Fix memory leak on error in thermal_genl_auto() Daniel Palmer (2): m68k: mvme147: Fix SCSI controller IRQ numbers m68k: mvme147: Reinstate early console Daolong Zhu (4): arm64: dts: mt8183: fennel: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: burnet: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: cozmo: add i2c2's i2c-scl-internal-delay-ns arm64: dts: mt8183: Damu: add i2c2's i2c-scl-internal-delay-ns Dave Stevenson (7): drm/vc4: hvs: Don't write gamma luts on 2711 drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function drm/vc4: hvs: Correct logic on stopping an HVS channel drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush drm/vc4: Correct generation check in vc4_hvs_lut_load David Disseldorp (1): initramfs: avoid filename buffer overrun David Laight (1): x86: fix off-by-one in access_ok() David Thompson (1): EDAC/bluefield: Fix potential integer overflow David Wang (1): proc/softirqs: replace seq_printf with seq_put_decimal_ull_width Dinesh Kumar (1): ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max Dipendra Khadka (6): octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Dmitry Antipov (2): Bluetooth: fix use-after-free in device_for_each_child() ocfs2: fix uninitialized value in ocfs2_file_read_iter() Dmitry Baryshkov (7): arm64: dts: qcom: qcs6390-rb3gen2: use modem.mbn for modem DSP arm64: dts: qcom: sda660-ifc6560: fix l10a voltage ranges drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block drm/msm/dpu: drop LM_3 / LM_4 on SDM845 drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 remoteproc: qcom: pas: add minidump_id to SM8350 resources usb: typec: ucsi: glink: fix off-by-one in connector_status Dom Cobley (2): drm/vc4: hdmi: Avoid hang with debug registers when suspended drm/vc4: hdmi: Increase audio MAI fifo dreq threshold Dong Aisheng (1): clk: imx: clk-scu: fix clk enable state save and restore Dragan Simic (1): regulator: rk808: Restrict DVS GPIOs to the RK808 variant only Eduard Zingerman (1): selftests/bpf: Fix backtrace printing for selftests crashes Edward Adam Davis (1): USB: chaoskey: Fix possible deadlock chaoskey_list_lock Emmanuel Grumbach (2): wifi: iwlwifi: allow fast resume on ax200 wifi: iwlwifi: mvm: tell iwlmei when we finished suspending Eric Biggers (1): crypto: x86/aegis128 - access 32-bit arguments as 32-bit Eric Dumazet (1): net: hsr: fix hsr_init_sk() vs network/transport headers. Eryk Zagorski (1): ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry Everest K.C (2): crypto: cavium - Fix the if condition to exit loop after timeout ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c Fangzhi Zuo (3): drm/amd/display: Skip Invalid Streams from DSC Policy drm/amd/display: Fix incorrect DSC recompute trigger drm/amd/display: Reduce HPD Detection Interval for IPS Fei Shao (2): arm64: dts: mediatek: mt8188: Fix USB3 PHY port default status arm64: dts: mediatek: mt8195-cherry: Use correct audio codec DAI Felix Maurer (1): xsk: Free skb when TX metadata options are invalid Feng Fang (1): RDMA/hns: Fix different dgids mapping to the same dip_idx Filip Brozovic (1): serial: 8250_fintek: Add support for F81216E Florian Westphal (3): netfilter: nf_tables: avoid false-positive lockdep splat on rule deletion netfilter: nf_tables: must hold rcu read lock while iterating expression type list netfilter: nf_tables: must hold rcu read lock while iterating object type list Francesco Zardi (1): rust: block: fix formatting of `kernel::block::mq::request` module Frank Li (2): arm64: dts: imx8mn-tqma8mqnl-mba8mx-usbot: fix coexistence of output-low and output-high in GPIO i3c: master: Remove i3c_dev_disable_ibi_locked(olddev) on device hotjoin Gao Xiang (1): erofs: handle NONHEAD !delta[1] lclusters gracefully Gaosheng Cui (2): drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() firmware_loader: Fix possible resource leak in fw_log_firmware_info() Gautam Menghani (3): KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector Gautham R. Shenoy (1): amd-pstate: Set min_perf to nominal_perf for active mode performance gov Geert Uytterhoeven (1): ASoC: fsl-asoc-card: Add missing handling of {hp,mic}-dt-gpios Gerd Bayer (1): s390/facilities: Fix warning about shadow of global variable Greg Kroah-Hartman (3): Revert "exec: don't WARN for racy path_noexec check" Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" Linux 6.11.11 Gregory Price (1): tpm: fix signed/unsigned bug when checking event logs Guenter Roeck (1): net: microchip: vcap: Add typegroup table terminators in kunit tests Guilherme G. Piccoli (1): wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Gustavo A. R. Silva (4): wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings integrity: Use static_assert() to check struct sizes clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Hangbin Liu (3): netdevsim: copy addresses for both in and out paths wireguard: selftests: load nf_conntrack if not present net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged Hannes Reinecke (1): nvme-multipath: avoid hang on inaccessible namespaces Hans Verkuil (1): media: v4l2-core: v4l2-dv-timings: check cvt/gtf result Hans de Goede (6): ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet ASoC: Intel: sst: Support LPE0F28 ACPI HID drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict ASoC: Intel: sst: Fix used of uninitialized ctx to log an error Hao Ge (1): isofs: avoid memory leak in iocharset Hari Bathini (1): powerpc/fadump: allocate memory for additional parameters early Hariprasad Kelam (5): octeontx2-af: RPM: Fix mismatch in lmac type octeontx2-af: RPM: Fix low network performance octeontx2-af: RPM: fix stale RSFEC counters octeontx2-af: RPM: fix stale FCFEC counters octeontx2-af: Quiesce traffic before NIX block reset Harith G (1): ARM: 9420/1: smp: Fix SMP for xip kernels Harshit Mogalapalli (1): dax: delete a stale directory pmem Heiko Carstens (1): s390/pageattr: Implement missing kernel_page_present() Heiko Stuebner (1): arm64: dts: rockchip: Remove 'enable-active-low' from two boards Henrique Carvalho (1): smb: client: disable directory caching when dir_cache_timeout is zero Hou Tao (1): virtiofs: use pages instead of pointer for kernel direct IO Howard Chu (1): perf trace: Fix tracing itself, creating feedback loops Hsin-Te Yuan (2): arm64: dts: mt8183: krane: Fix the address of eeprom at i2c4 arm64: dts: mt8183: kukui: Fix the address of eeprom at i2c4 Huacai Chen (3): LoongArch: For all possible CPUs setup logical-physical CPU mapping LoongArch: Explicitly specify code model in Makefile sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK Huan Yang (2): udmabuf: change folios array from kmalloc to kvmalloc udmabuf: fix vmap_udmabuf error page set Hubert Wiśniewski (1): usb: musb: Fix hardware lockup on first Rx endpoint request Ian Rogers (2): perf stat: Fix affinity memory leaks on error path perf probe: Fix libdw memory leak Igor Prusov (1): dt-bindings: vendor-prefixes: Add NeoFidelity, Inc Igor Pylypiv (1): i2c: dev: Fix memory leak when underlying adapter does not support I2C Ilpo Järvinen (1): PCI: cpqphp: Fix PCIBIOS_* return value confusion Ilya Zverev (1): ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 Iulia Tanasescu (3): Bluetooth: ISO: Do not emit LE PA Create Sync if previous is pending Bluetooth: ISO: Do not emit LE BIG Create Sync if previous is pending Bluetooth: ISO: Send BIG Create Sync via hci_sync Jacob Keller (1): ice: consistently use q_idx in ice_vc_cfg_qs_msg() Jaegeuk Kim (1): Revert "f2fs: remove unreachable lazytime mount option parsing" Jakub Kicinski (3): eth: fbnic: don't disable the PCI device twice netlink: fix false positive warning in extack during dumps net_sched: sch_fq: don't follow the fast path if Tx is behind now James Clark (1): perf cs-etm: Don't flush when packet_queue fills up Jan Hendrik Farr (1): Compiler Attributes: disable __counted_by for clang < 19.1.3 Jan Kara (1): ext4: avoid remount errors with 'abort' mount option Jann Horn (2): fsnotify: Fix ordering of iput() and watched_objects decrement comedi: Flush partial mappings in error case Jared McArthur (1): arm64: dts: ti: k3-j7200: Fix register map for main domain pmx Jason Andryuk (1): x86/pvh: Set phys_base when calling xen_prepare_pvh() Jason Gerecke (1): HID: wacom: Interpret tilt data from Intuos Pro BT as signed values Jason Gunthorpe (5): iommu/amd: Remove amd_iommu_domain_update() from page table freeing iommu/amd: Remove the amd_iommu_domain_set_pt_root() and related iommu/amd: Rename struct amd_io_pgtable iopt to pgtbl iommu/amd: Store the nid in io_pgtable_cfg instead of the domain iommu/amd: Narrow the use of struct protection_domain to invalidation Javier Carrasco (10): usb: typec: use cleanup facility for 'altmodes_node' clocksource/drivers/timer-ti-dm: Fix child node refcount handling Bluetooth: btbcm: fix missing of_node_put() in btbcm_get_board_name() leds: max5970: Fix unreleased fwnode_handle in probe function wifi: brcmfmac: release 'root' node in all execution paths platform/chrome: cros_ec_typec: fix missing fwnode reference decrement mtd: ubi: fix unreleased fwnode_handle in find_volume_fwnode() soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node counter: stm32-timer-cnt: fix device_node handling in probe_encoder() Jean-Michel Hautbois (1): m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x Jean-Philippe Romain (1): perf list: Fix topic and pmu_name argument order Jeff Layton (1): nfsd: drop inode parameter from nfsd4_change_attribute() Jeongjun Park (4): wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() ext4: supress data-race warnings in ext4_free_inodes_{count,set}() netfilter: ipset: add missing range check in bitmap_ip_uadt Jerome Brunet (1): hwmon: (pmbus/core) clear faults after setting smbalert mask Jesse Taube (2): RISC-V: Scalar unaligned access emulated on hotplug CPUs RISC-V: Check scalar unaligned access on all CPUs Jiasheng Jiang (2): counter: stm32-timer-cnt: Add check for clk_enable() counter: ti-ecap-capture: Add check for clk_enable() Jiawen Wu (2): net: txgbe: remove GPIO interrupt controller net: txgbe: fix null pointer to pcs Jiayuan Chen (2): bpf: fix filed access without lock bpf: fix recursive lock when verdict program return SK_PASS Jie Zhan (1): cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged Jing Zhang (1): KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Jinjie Ruan (17): spi: spi-fsl-lpspi: Use IRQF_NO_AUTOEN flag in request_irq() soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() spi: zynqmp-gqspi: Undo runtime PM changes at driver exit time wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() misc: apds990x: Fix missing pm_runtime_disable() apparmor: test: Fix memory leak for aa_unpack_strdup() cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() Jiri Olsa (2): bpf: Allow return values 0 and 1 for kprobe session bpf: Force uprobe bpf program to always return 0 Joe Damato (1): netdev-genl: Hold rcu_read_lock in napi_get Joe Hattori (2): remoteproc: qcom: pas: Remove subdevs on the error path of adsp_probe() remoteproc: qcom: adsp: Remove subdevs on the error path of adsp_probe() Johan Hovold (1): pinctrl: qcom: spmi: fix debugfs drive strength John Garry (3): block/fs: Pass an iocb to generic_atomic_write_valid() fs/block: Check for IOCB_DIRECT in generic_atomic_write_valid() block: Don't allow an atomic write be truncated in blkdev_write_iter() John Watts (1): ASoC: audio-graph-card2: Purge absent supplies for device tree nodes Jonas Gorski (1): mips: asm: fix warning when disabling MIPS_FP_SUPPORT Jonathan Gray (1): drm: use ATOMIC64_INIT() for atomic64_t Jonathan Marek (3): efi/libstub: fix efi_parse_options() ignoring the default command line clk: qcom: videocc-sm8550: depend on either gcc-sm8550 or gcc-sm8650 rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length Jose Ignacio Tornos Martinez (2): wifi: ath12k: fix warning when unbinding wifi: ath12k: fix crash when unbinding Josh Poimboeuf (1): parisc/ftrace: Fix function graph tracing disablement José Expósito (1): drm/vkms: Drop unnecessary call to drm_crtc_cleanup() Junxian Huang (3): RDMA/hns: Use dev_* printings in hem code instead of ibdev_* RDMA/hns: Fix out-of-order issue of requester when setting FENCE RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() Kailang Yang (3): ALSA: hda/realtek: Update ALC256 depop procedure ALSA: hda/realtek: Update ALC225 depop procedure ALSA: hda/realtek: Set PCBeep to default value for ALC274 Kajol Jain (1): KVM: PPC: Book3S HV: Fix kmv -> kvm typo Kalle Valo (1): Revert "wifi: iwlegacy: do not skip frames with bad FCS" Karol Wachowski (1): accel/ivpu: Prevent recovery invocation during probe and resume Karthikeyan Periyasamy (1): wifi: cfg80211: check radio iface combination for multi radio per wiphy Kartik Rajput (1): serial: amba-pl011: Fix RX stall when DMA is used Kashyap Desai (1): RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey Keita Morisaki (1): devres: Fix page faults when tracing devres from unloaded modules Kiran K (2): Bluetooth: btintel_pcie: Add handshake between driver and firmware Bluetooth: btintel: Do no pass vendor events to stack Kirill A. Shutemov (3): x86/tdx: Introduce wrappers to read and write TD metadata x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() x86/tdx: Dynamically disable SEPT violations from causing #VEs Konrad Dybcio (2): arm64: dts: qcom: x1e80100: Update C4/C5 residency/exit numbers arm64: dts: qcom: sc8180x: Add a SoC-specific compatible to cpufreq-hw Kristina Martsenko (1): arm64: probes: Disable kprobes/uprobes on MOPS instructions Krzysztof Kozlowski (1): dt-bindings: pinctrl: samsung: Fix interrupt constraint for variants with fallbacks Kuangyi Chiang (4): xhci: Fix control transfer error on Etron xHCI host xhci: Combine two if statements for Etron xHCI host xhci: Don't perform Soft Retry for Etron xHCI host xhci: Don't issue Reset Device command to Etron xHCI host Kui-Feng Lee (1): selftests/bpf: netns_new() and netns_free() helpers. Kumar Kartikeya Dwivedi (2): bpf: Tighten tail call checks for lingering locks, RCU, preempt_disable bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Kuniyuki Iwashima (1): tcp: Fix use-after-free of nreq in reqsk_timer_handler(). Kunkun Jiang (2): KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Kurt Borja (2): platform/x86: dell-smbios-base: Extends support to Alienware products platform/x86: dell-wmi-base: Handle META key Lock/Unlock events Lad Prabhakar (2): arm64: dts: renesas: hihope: Drop #sound-dai-cells pinctrl: renesas: Select PINCTRL_RZG2L for RZ/V2H(P) SoC Leo Yan (1): perf probe: Correct demangled symbols in C++ program Leon Hwang (1): bpf, bpftool: Fix incorrect disasm pc Levi Yun (2): trace/trace_event_perf: remove duplicate samples on the first tracepoint event perf stat: Close cork_fd when create_perf_stat_counter() failed Li Huafei (5): crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() media: atomisp: Add check for rgby_data memory allocation failure drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() perf disasm: Use disasm_line__free() to properly free disasm_line Li Lingfeng (1): nfs: ignore SB_RDONLY when mounting nfs Li Wang (1): loop: fix type of block size Li Zhijian (1): selftests/watchdog-test: Fix system accidentally reset after watchdog-test Lifeng Zheng (1): ACPI: CPPC: Fix _CPC register setting issue Lijo Lazar (2): drm/amdgpu: Fix JPEG v4.0.3 register write drm/amdgpu: Fix map/unmap queue logic Lingbo Kong (1): wifi: cfg80211: Remove the Medium Synchronization Delay validity check Linus Walleij (3): ARM: 9434/1: cfi: Fix compilation corner case drm/panel: nt35510: Make new commands optional wifi: cw1200: Fix potential NULL dereference Liu Jian (3): RDMA/rxe: Set queue pair cur_qp_state when being queried sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket Long Li (2): ext4: fix race in buffer_head read fault injection f2fs: fix race in concurrent f2fs_stop_gc_thread LongPing Wei (1): f2fs: fix the wrong f2fs_bug_on condition in f2fs_do_replace_block Lorenzo Bianconi (8): clk: en7523: remove REG_PCIE*_{MEM,MEM_MASK} configuration clk: en7523: move clock_register in hw_init callback clk: en7523: introduce chip_scu regmap clk: en7523: fix estimation of fixed rate for EN7581 phy: airoha: Fix REG_CSR_2L_PLL_CMN_RESERVE0 config in airoha_pcie_phy_init_clk_out() phy: airoha: Fix REG_PCIE_PMA_TX_RESET config in airoha_pcie_phy_init_csr_2l() phy: airoha: Fix REG_CSR_2L_JCPLL_SDM_HREN config in airoha_pcie_phy_init_ssc_jcpll() phy: airoha: Fix REG_CSR_2L_RX{0,1}_REV0 definitions Luca Weiss (1): arm64: dts: qcom: sm6350: Fix GPU frequencies missing on some speedbins Lucas Stach (1): drm/etnaviv: hold GPU lock across perfmon sampling Luiz Augusto von Dentz (3): Bluetooth: ISO: Use kref to track lifetime of iso_conn Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync Bluetooth: MGMT: Fix possible deadlocks Lukas Bulwahn (1): clk: mediatek: drop two dead config options Lukas Wunner (1): PCI: Fix use-after-free of slot->bus on hot remove Lukasz Luba (1): drm/msm/gpu: Check the status of registration to PM QoS Luo Qiu (1): firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Luo Yifan (2): ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() Ma Wupeng (1): ipc: fix memleak if msg_init_ns failed in create_ipc_ns Macpaul Lin (5): arm64: dts: mediatek: mt8395-genio-1200-evk: Fix dtbs_check error for phy arm64: dts: mt8195: Fix dtbs_check error for mutex node arm64: dts: mt8195: Fix dtbs_check error for infracfg_ao node arm64: dts: mediatek: mt6358: fix dtbs_check error ASoC: dt-bindings: mt6359: Update generic node name and dmic-mode Manikanta Mylavarapu (1): soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() Manivannan Sadhasivam (2): PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Marc Zyngier (2): arm64: Expose ID_AA64ISAR1_EL1.XS to sanitised feature consumers KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR Marco Elver (2): kcsan, seqlock: Support seqcount_latch_t kcsan, seqlock: Fix incorrect assumption in read_seqbegin() Marcus Folkesson (1): mfd: da9052-spi: Change read-mask to write-mask Marek Vasut (1): wifi: wilc1000: Set MAC after operation mode Mario Limonciello (1): cpufreq/amd-pstate: Don't update CPPC request in amd_pstate_cpu_boost_update() Mark Brown (3): ASoC: max9768: Fix event generation for playback mute kselftest/arm64: Fix encoding for SVE B16B16 test clocksource/drivers:sp804: Make user selectable Markus Petri (1): ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 Martin Kaistra (1): wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled Masahiro Yamada (5): arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG s390/syscalls: Avoid creation of arch/arch/ directory Rename .data.unlikely to .data..unlikely Rename .data.once to .data..once to fix resetting WARN*_ONCE modpost: remove incorrect code in do_eisa_entry() Matt Coster (1): drm/imagination: Use pvr_vm_context_get() Matt Fleming (1): kbuild: deb-pkg: Don't fail if modules.order is missing Matthew Rosato (1): iommu/s390: Implement blocking domain Matthew Wilcox (Oracle) (2): ext4: pipeline buffer reads in mext_page_mkuptodate() ext4: remove array of buffer_heads from mext_page_mkuptodate() Matthias Schiffer (1): drm: fsl-dcu: enable PIXCLK on LS1021A Matti Vaittinen (4): irqdomain: Simplify simple and legacy domain creation irqdomain: Allow giving name suffix for domain regmap: Allow setting IRQ domain name suffix irqdomain: Always associate interrupts for legacy domains Maurice Lambert (1): netlink: typographical error in nlmsg_type constants definition Maxime Chevallier (2): net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken rtc: ab-eoz9: don't fail temperature reads on undervoltage notification Maxime Ripard (1): drm/vc4: Introduce generation number enum Maíra Canal (2): drm/v3d: Address race-condition in MMU flush drm/v3d: Flush the MMU before we supply more memory to the binner Meetakshi Setiya (1): cifs: support mounting with alternate password to allow password rotation Michael Chan (2): bnxt_en: Refactor bnxt_ptp_init() bnxt_en: Unregister PTP during PCI shutdown and suspend Michael Ellerman (2): powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore selftests/mount_setattr: Fix failures on 64K PAGE_SIZE kernels Michael Grzeschik (1): usb: gadget: uvc: wake pump everytime we update the free list Michael Petlan (1): perf trace: Keep exited threads for summary Michal Luczaj (2): llc: Improve setsockopt() handling of malformed user input rxrpc: Improve setsockopt() handling of malformed user input Michal Pecio (3): usb: xhci: Limit Stop Endpoint retries usb: xhci: Fix TD invalidation under pending Set TR Dequeue usb: xhci: Avoid queuing redundant Stop Endpoint commands Michal Schmidt (1): rcu/srcutiny: don't return before reenabling preemption Michal Simek (2): microblaze: Export xmb_manager functions dt-bindings: serial: rs485: Fix rs485-rts-delay property Michal Suchanek (1): powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static Michal Vrastil (1): Revert "usb: gadget: composite: fix OS descriptors w_value logic" Miguel Ojeda (2): time: Partially revert cleanup on msecs_to_jiffies() documentation time: Fix references to _msecs_to_jiffies() handling of values Mikhail Rudenko (1): regulator: rk808: Add apply_bit for BUCK3 on RK809 Mikulas Patocka (3): dm-cache: fix warnings about duplicate slab caches dm-bufio: fix warnings about duplicate slab caches blk-settings: round down io_opt to physical_block_size Min-Hua Chen (1): regulator: qcom-smd: make smd_vreg_rpm static Ming Lei (6): ublk: fix ublk_ch_mmap() for 64K page size ublk: fix error code for unsupported command blk-mq: add non_owner variant of start_freeze/unfreeze queue APIs block: model freeze & enter queue as lock for supporting lockdep block: always verify unfreeze lock on the owner task block: don't verify IO lock for freeze/unfreeze in elevator_init_mq() Mingwei Zheng (1): net: rfkill: gpio: Add check for clk_enable() Miquel Raynal (1): mtd: rawnand: atmel: Fix possible memory leak Mirsad Todorovac (1): fs/proc/kcore.c: fix coccinelle reported ERROR instances Muchun Song (3): block: fix missing dispatching request when queue is started or unquiesced block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding block: fix ordering between checking BLK_MQ_S_STOPPED request adding Murad Masimov (1): hwmon: (tps23861) Fix reporting of negative temperatures Namhyung Kim (1): perf/arm-cmn: Ensure port and device id bits are set properly Namjae Jeon (1): exfat: fix uninit-value in __exfat_get_dentry_set Nathan Morrisson (1): arm64: dts: ti: k3-am62x-phyboard-lyra: Drop unnecessary McASP AFIFOs Nicolas Bouchinet (1): tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler Niklas Schnelle (2): watchdog: Add HAS_IOPORT dependency for SBC8360 and SBC7240 s390/pci: Fix potential double remove of hotplug slot Nilay Shroff (1): nvme-fabrics: fix kernel crash while shutting down controller Nirmoy Das (1): drm/xe/ufence: Wake up waiters after setting ufence->signalled Nobuhiro Iwamatsu (1): rtc: abx80x: Fix WDT bit position of the status register Nuno Sa (2): dt-bindings: clock: axi-clkgen: include AXI clk clk: clk-axi-clkgen: make sure to enable the AXI bus clock Nícolas F. R. A. Prado (1): ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Oleksij Rempel (3): net: usb: lan78xx: Fix double free issue with interrupt buffer allocation net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration Oliver Neukum (2): usb: yurex: make waiting on yurex_write interruptible USB: chaoskey: fail open after removal Oliver Upton (1): KVM: arm64: Don't retire aborted MMIO instruction Omid Ehtemam-Haghighi (1): ipv6: Fix soft lockups in fib6_select_path under high next hop churn Orange Kao (1): EDAC/igen6: Avoid segmentation fault on module unload Pablo Sun (1): arm64: dts: mediatek: mt8188: Fix wrong clock provider in MFG1 power domain Pali Rohár (2): cifs: Fix parsing native symlinks relative to the export cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session Paolo Abeni (4): ipv6: release nexthop on device removal selftests: net: really check for bg process completion ip6mr: fix tables suspicious RCU usage ipmr: fix tables suspicious RCU usage Paolo Bonzini (2): rust: macros: fix documentation of the paste! macro KVM: x86: switch hugepage recovery thread to vhost_task Patrisious Haddad (1): RDMA/mlx5: Move events notifier registration to be after device registration Patryk Wlazlyn (1): tools/power turbostat: Fix child's argument forwarding Paul Aurich (5): smb: cached directories can be more than root file handle smb: Don't leak cfid when reconnect races with open_cached_dir smb: prevent use-after-free due to open_cached_dir error paths smb: During unmount, ensure all cached dir instances drop their dentry smb: Initialize cfid->tcon before performing network ops Paulo Alcantara (2): smb: client: fix NULL ptr deref in crypto_aead_setkey() smb: client: handle max length for SMB symlinks Pavan Chebbi (1): tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets Pavel Begunkov (2): io_uring: fix corner case forgetting to vunmap io_uring: check for overflows in io_pin_pages Pei Xiao (2): hwmon: (nct6775-core) Fix overflows seen when writing limit attributes wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() Peng Fan (3): clk: imx: lpcg-scu: SW workaround for errata (e10858) clk: imx: fracn-gppll: correct PLL initialization flow clk: imx: fracn-gppll: fix pll power up Peter Große (1): i40e: Fix handling changed priv flags Philo Lu (2): bpf: Support __nullable argument suffix for tp_btf selftests/bpf: Add test for __nullable suffix in tp_btf Pin-yen Lin (2): drm/bridge: anx7625: Drop EDID cache on bridge power off drm/bridge: it6505: Drop EDID cache on bridge power off Piyush Raj Chouhan (1): ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 Priyanka Singh (1): EDAC/fsl_ddr: Fix bad bit shift operations Qi Han (1): f2fs: compress: fix inconsistent update of i_blocks in release_compress_blocks and reserve_compress_blocks Qingfang Deng (1): jffs2: fix use of uninitialized variable Qiu-ji Chen (3): xen: Fix the issue of resource not being properly released in xenbus_dev_probe() ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() media: wl128x: Fix atomicity violation in fmc_send_cmd() Qiuxu Zhuo (2): EDAC/skx_common: Differentiate memory error sources EDAC/{skx_common,i10nm}: Fix incorrect far-memory error source indicator Rafael J. Wysocki (6): thermal: core: Initialize thermal zones before registering them thermal: core: Drop thermal_zone_device_is_enabled() thermal: core: Rearrange PM notification code thermal: core: Represent suspend-related thermal zone flags as bits thermal: core: Mark thermal zones as initializing to start with thermal: core: Fix race between zone registration and system suspend Raghavendra Rao Ananta (2): KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status KVM: arm64: Get rid of userspace_irqchip_in_use Rameshkumar Sundaram (1): wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() Ramya Gnanasekar (1): wifi: ath12k: Skip Rx TID cleanup for self peer Randy Dunlap (2): kernel-doc: allow object-like macros in ReST output fs_parser: update mount_api doc to match function signature Raviteja Laggyshetty (1): interconnect: qcom: icc-rpmh: probe defer incase of missing QoS clock dependency Raymond Hackley (1): leds: ktd2692: Set missing timing properties Reinette Chatre (3): selftests/resctrl: Print accurate buffer size as part of MBM results selftests/resctrl: Fix memory overflow due to unhandled wraparound selftests/resctrl: Protect against array overrun during iMC config parsing Remi Pommarel (2): wifi: cfg80211: Add wiphy_delayed_work_pending() wifi: mac80211: Convert color collision detection to wiphy work Renato Caldas (1): platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys Ritesh Harjani (IBM) (3): powerpc/fadump: Refactor and prepare fadump_cma_init for late init powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() powerpc/mm/fault: Fix kfence page fault reporting Roman Li (1): drm/amd/display: Increase idle worker HPD detection time Rosen Penev (1): net: mdio-ipq4019: add missing error check Russell King (Oracle) (1): irqchip/irq-mvebu-sei: Move misplaced select() callback to SEI CP domain Ryan Walklin (1): drm: panel: nv3052c: correct spi_device_id for RG35XX panel Sabyrzhan Tasbolatov (1): kasan: move checks to do_strncpy_from_user Sai Kumar Cholleti (1): gpio: exar: set value when external pull-up or pull-down is present Sakari Ailus (1): media: ipu6: Fix DMA and physical address debugging messages for 32-bit Saravanan Vajravel (1): bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down Sean Anderson (1): drm: zynqmp_kms: Unplug DRM device before removal Sean Christopherson (1): KVM: x86/mmu: Skip the "try unsync" path iff the old SPTE was a leaf SPTE Sebastian Andrzej Siewior (1): x86/CPU/AMD: Terminate the erratum_1386_microcode array Sergio Paracuellos (2): clk: ralink: mtmips: fix clock plan for Ralink SoC RT3883 clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Shenghao Ding (1): ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip Shengjiu Wang (1): ASoC: fsl_micfil: fix regmap_write_bits usage Shravya KN (2): bnxt_en: Set backplane link modes correctly for ethtool bnxt_en: Fix receive ring space parameters when XDP is active Shyam Prasad N (1): cifs: during remount, make sure passwords are in sync Si-Wei Liu (1): vdpa/mlx5: Fix suboptimal range on iotlb iteration Sibi Sankar (2): arm64: dts: qcom: x1e80100: Resize GIC Redistributor register region remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region Siddharth Vadapalli (1): PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds Sidraya Jayagond (1): s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Sourabh Jain (1): fadump: reserve param area if below boot_mem_top Stafford Horne (1): openrisc: Implement fixmap to fix earlycon Stanislaw Gruszka (4): spi: Fix acpi deferred irq probe media: intel/ipu6: do not handle interrupts when device is disabled usb: misc: ljca: set small runtime autosuspend delay usb: misc: ljca: move usb_autopm_put_interface() after wait for response Steffen Dirkwinkel (1): drm: xlnx: zynqmp_disp: layer may be null while releasing Steve French (1): smb3: request handle caching when caching directories Steven 'Steve' Kendall (1): drm/radeon: Fix spurious unplug event on radeon HDMI Steven Price (1): drm/panfrost: Remove unused id_mask from struct panfrost_model Suraj Kandpal (1): drm/xe/hdcp: Fix gsc structure check in fw check status Takahiro Kuwano (1): mtd: spi-nor: spansion: Use nor->addr_nbytes in octal DTR mode in RD_ANY_REG_OP Takashi Iwai (9): ALSA: usx2y: Use snd_card_free_when_closed() at disconnection ALSA: us122l: Use snd_card_free_when_closed() at disconnection ALSA: caiaq: Use snd_card_free_when_closed() at disconnection ALSA: 6fire: Release resources at card release ALSA: usb-audio: Fix out of bounds reads when finding clock sources ALSA: rawmidi: Fix kvfree() call in spinlock ALSA: ump: Fix evaluation of MIDI 1.0 FB info ALSA: pcm: Add sanity NULL check for the default mmap fault handler ALSA: hda/realtek: Apply quirk for Medion E15433 Tamir Duberstein (1): checkpatch: always parse orig_commit in fixes tag Tao Chen (1): libbpf: Fix expected_attach_type set handling in program load callback Thadeu Lima de Souza Cascardo (1): hfsplus: don't query the device logical block size multiple times Theodore Ts'o (1): ext4: fix FS_IOC_GETFSMAP handling Thinh Nguyen (3): usb: dwc3: ep0: Don't clear ep0 DWC3_EP_TRANSFER_STARTED usb: dwc3: gadget: Fix checking for number of TRBs left usb: dwc3: gadget: Fix looping of queued SG entries Thomas Falcon (1): perf mem: Fix printing PERF_MEM_LVLNUM_{L2_MHB|MSC} Thomas Gleixner (1): irqdomain: Cleanup domain name allocation Thomas Richard (3): PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() PCI: cadence: Set cdns_pcie_host_init() global PCI: j721e: Use T_PERST_CLK_US macro Thomas Weißschuh (1): tools/nolibc: s390: include std.h Théo Lebrun (2): PCI: j721e: Add reset GPIO to struct j721e_pcie PCI: j721e: Add suspend and resume support Tiezhu Yang (2): LoongArch: Fix build failure with GCC 15 (-std=gnu23) LoongArch: BPF: Sign-extend return values Tiwei Bie (7): um: ubd: Do not use drvdata in release um: net: Do not use drvdata in release um: vector: Do not use drvdata in release um: Fix potential integer overflow during physmem setup um: Fix the return value of elf_core_copy_task_fpregs um: ubd: Initialize ubd's disk pointer in ubd_add um: Always dump trace for specified task in show_stack Todd Kjos (1): PCI: Fix reset_method_store() memory leak Tomas Glozar (1): rtla/timerlat: Do not set params->user_workload with -U Tomas Paukrt (1): crypto: mxs-dcp - Fix AES-CBC with hardware-bound keys Tomi Valkeinen (3): drm/omap: Fix possible NULL dereference drm/omap: Fix locking in omap_gem_new_dmabuf() drm/bridge: tc358767: Fix link properties discovery Tony Ambardar (1): libbpf: Fix output .symtab byte-order during linking Trond Myklebust (2): NFSv4.0: Fix a use-after-free problem in the asynchronous open() Revert "nfs: don't reuse partially completed requests in nfs_lock_and_join_requests" Tvrtko Ursulin (1): drm/v3d: Appease lockdep while updating GPU stats Uladzislau Rezki (Sony) (2): rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu rcuscale: Do a proper cleanup if kfree_scale_init() fails Uros Bizjak (3): cleanup: Remove address space of returned pointer locking/atomic/x86: Use ALT_OUTPUT_SP() for __alternative_atomic64() locking/atomic/x86: Use ALT_OUTPUT_SP() for __arch_{,try_}cmpxchg64_emu() Usama Arif (1): of/fdt: add dt_phys arg to early_init_dt_scan and early_init_dt_verify Uwe Kleine-König (1): pwm: Assume a disabled PWM to emit a constant inactive output Vasant Hegde (1): iommu/amd/pgtbl_v2: Take protection domain lock before invalidating TLB Venkata Prasad Potturu (1): ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry Veronika Molnarova (2): perf test attr: Add back missing topdown events perf dso: Fix symtab_type for kmod compression Viktor Malik (1): selftests/bpf: skip the timer_lockup test for single-CPU nodes Vineeth Vijayan (1): s390/cio: Do not unregister the subchannel based on DNV Vishnu Sankar (1): platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed Vitalii Mordan (2): marvell: pxa168_eth: fix call balance of pep->clk handling routines usb: ehci-spear: fix call balance of sehci clk handling routines Vitaly Kuznetsov (1): HID: hyperv: streamline driver probe to avoid devres issues Wang Hai (1): crypto: qat - Fix missing destroy_workqueue in adf_init_aer() Waqar Hameed (1): ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit Weili Qian (1): crypto: hisilicon/qm - disable same error report before resetting Weilin Wang (1): perf test: Add test for Intel TPEBS counting mode Will Deacon (1): arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled Wolfram Sang (2): ARM: dts: renesas: genmai: Fix partition size for QSPI NOR Flash rtc: rzn1: fix BCD to rtc_time conversion errors Wu Hoi Pok (2): drm/radeon: add helper rdev_to_drm(rdev) drm/radeon: change rdev->ddev to rdev_to_drm(rdev) Xiaolei Wang (1): drm/etnaviv: Request pages from DMA32 zone on addressing_limited Xiuhong Wang (1): f2fs: fix fiemap failure issue when page size is 16KB Xu Kuohai (3): bpf, arm64: Remove garbage frame for struct_ops trampoline bpf: Use function pointers count as struct_ops links count bpf: Add kernel symbol for struct_ops trampoline Yang Erkun (3): brd: defer automatic disk creation until module initialization succeeds nfsd: release svc_expkey/svc_export with rcu_work SUNRPC: make sure cache entry active before cache_show Yang Wang (1): drm/amdgpu: fix ACA bank count boundary check error Yang Yingliang (2): clk: imx: imx8-acm: Fix return value check in clk_imx_acm_attach_pm_domains() mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() Yao Zi (1): platform/x86: panasonic-laptop: Return errno correctly in show callback Ye Bin (3): scsi: bfa: Fix use-after-free in bfad_im_module_exit() f2fs: fix null-ptr-deref in f2fs_submit_page_bio() svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() Yi Yang (1): crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Yicong Yang (1): perf build: Add missing cflags when building with custom libtraceevent Yihang Li (1): scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset Yishai Hadas (2): vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() vfio/mlx5: Fix unwind flows in mlx5vf_pci_save/resume_device_data() Yong-Xuan Wang (1): RISC-V: KVM: Fix APLIC in_clrip and clripnum write emulation Yongliang Gao (1): rtc: check if __rtc_read_time was successful in rtc_timer_do_work() Yongpeng Yang (1): f2fs: check curseg->inited before write_sum_page in change_curseg Yu Kuai (2): block: fix uaf for flush rq while iterating tags block, bfq: fix bfqq uaf in bfq_limit_depth() Yuan Can (5): firmware: google: Unregister driver_info on failure wifi: wfx: Fix error handling in wfx_core_init() drm/amdkfd: Fix wrong usage of INIT_WORK() cpufreq: loongson2: Unregister platform_driver on failure Input: cs40l50 - fix wrong usage of INIT_WORK() Yuan Chen (1): bpf: Fix the xdp_adjust_tail sample prog issue Yuezhang Mo (2): exfat: fix file being changed by unaligned direct write exfat: fix out-of-bounds access of directory entries Yuli Wang (1): LoongArch: Define a default value for VM_DATA_DEFAULT_FLAGS Yunseong Kim (1): ksmbd: fix use-after-free in SMB request handling Yutaro Ohno (1): rust: kernel: fix THIS_MODULE header path in ThisModule doc comment Yuyu Li (1): RDMA/hns: Modify debugfs name Zeng Heng (2): scsi: fusion: Remove unused variable 'rc' f2fs: Fix not used variable 'index' Zhang Changzhong (1): mfd: rt5033: Fix missing regmap_del_irq_chip() Zhang Rui (1): tools/power turbostat: Fix trailing '\n' parsing Zhang Xianwei (1): brd: decrease the number of allocated pages which discarded Zhang Zekun (2): pmdomain: ti-sci: Add missing of_node_put() for args.np powerpc/kexec: Fix return of uninitialized variable Zhen Lei (3): scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() Zheng Yejian (1): x86/unwind/orc: Fix unwind for newly forked tasks Zhenzhong Duan (2): iommu/vt-d: Fix checks and print in dmar_fault_dump_ptes() iommu/vt-d: Fix checks and print in pgtable_walk() Zhiguo Niu (2): f2fs: fix to avoid use GC_AT when setting gc_mode as GC_URGENT_LOW or GC_URGENT_MID f2fs: clean up val{>>,<<}F2FS_BLKSIZE_BITS Zhihao Cheng (4): ubi: wl: Put source PEB into correct list if trying locking LEB failed ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty ubifs: Correct the total block count by deducting journal reservation ubi: fastmap: Fix duplicate slab cache names while attaching Zhongqiu Han (1): PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' Zhu Yanjun (1): RDMA/rxe: Fix the qp flush warnings in req Zichen Xie (3): drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() clk: sophgo: avoid integer overflow in sg2042_pll_recalc_rate() ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() Zicheng Qu (3): drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp iio: gts: Fix uninitialized symbol 'ret' Zijian Zhang (9): selftests/bpf: Fix msg_verify_data in test_sockmap selftests/bpf: Fix txmsg_redir of test_txmsg_pull in test_sockmap selftests/bpf: Add txmsg_pass to pull/push/pop in test_sockmap selftests/bpf: Fix SENDPAGE data logic in test_sockmap selftests/bpf: Fix total_bytes in msg_loop_rx in test_sockmap selftests/bpf: Add push/pop checking for msg_verify_data in test_sockmap bpf, sockmap: Several fixes to bpf_msg_push_data bpf, sockmap: Several fixes to bpf_msg_pop_data bpf, sockmap: Fix sk_msg_reset_curr Ziwei Xiao (1): gve: Flow steering trigger reset only for timeout error Zizhi Wo (4): cachefiles: Fix incorrect length return value in cachefiles_ondemand_fd_write_iter() cachefiles: Fix missing pos updates in cachefiles_ondemand_fd_write_iter() cachefiles: Fix NULL pointer dereference in object->file netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING chao liu (1): apparmor: fix 'Do simple duplicate message elimination' guanjing (1): selftests: netfilter: Fix missing return values in conntrack_dump_flush weiyufeng (1): PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads wenglianfa (3): RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci RDMA/hns: Fix flush cqe error when racing with destroy qp RDMA/hns: Fix cpu stuck caused by printings during reset zhang jiao (2): tools/lib/thermal: Remove the thermal.h soft link when doing make clean pinctrl: k210: Undef K210_PC_DEFAULT

6 months, 2 weeks

1
1
0 0

[PATCH v2 0/2] PCI: endpoint: fix bug for an API and simplify another API

by Zijun Hu

This patch series is to fix bug for API devm_pci_epc_destroy() and simplify API pci_epc_get(). Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v2: - Correct tile and commit message for patch 1/2. - Add one more patch 2/2 to simplify API pci_epc_get(). - Link to v1: https://lore.kernel.org/r/20241020-pci-epc-core_fix-v1-1-3899705e3537@quici… --- Zijun Hu (2): PCI: endpoint: Fix that API devm_pci_epc_destroy() fails to destroy the EPC device PCI: endpoint: Simplify API pci_epc_get() implementation drivers/pci/endpoint/pci-epc-core.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) --- base-commit: 11066801dd4b7c4d75fce65c812723a80c1481ae change-id: 20241020-pci-epc-core_fix-a92512fa9d19 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

6 months, 2 weeks

1
2
0 0

[PATCH v2 00/10] drm: Add DSI/DP support for Renesas r8a779h0 V4M and grey-hawk board

by Tomi Valkeinen

Add everything needed to support the DSI output on Renesas r8a779h0 (V4M) SoC, and the DP output (via sn65dsi86 DSI to DP bridge) on the Renesas grey-hawk board. Overall the DSI and the board design is almost identical to Renesas r8a779g0 and white-hawk board. Signed-off-by: Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> --- Changes in v2: - Add the DT binding with a new conditional block, so that we can set only the port@0 as required - Drop port@1 from r8a779h0.dtsi (there's no port@1) - Add a new patch to write DPTSR only if num_crtcs > 1 - Drop RCAR_DU_FEATURE_NO_DPTSR (not needed anymore) - Add Cc: stable to the fix, and move it as first patch - Added the tags from reviews - Link to v1: https://lore.kernel.org/r/20241203-rcar-gh-dsi-v1-0-738ae1a95d2a@ideasonboa… --- Tomi Valkeinen (10): drm/rcar-du: dsi: Fix PHY lock bit check drm/rcar-du: Write DPTSR only if there are more than one crtc dt-bindings: display: bridge: renesas,dsi-csi2-tx: Add r8a779h0 dt-bindings: display: renesas,du: Add r8a779h0 clk: renesas: r8a779h0: Add display clocks drm/rcar-du: dsi: Add r8a779h0 support drm/rcar-du: Add support for r8a779h0 arm64: dts: renesas: gray-hawk-single: Fix indentation arm64: dts: renesas: r8a779h0: Add display support arm64: dts: renesas: gray-hawk-single: Add DisplayPort support .../display/bridge/renesas,dsi-csi2-tx.yaml | 1 + .../devicetree/bindings/display/renesas,du.yaml | 52 ++++++++- .../boot/dts/renesas/r8a779h0-gray-hawk-single.dts | 119 ++++++++++++++++++--- arch/arm64/boot/dts/renesas/r8a779h0.dtsi | 73 +++++++++++++ drivers/clk/renesas/r8a779h0-cpg-mssr.c | 4 + drivers/gpu/drm/renesas/rcar-du/rcar_du_drv.c | 18 ++++ drivers/gpu/drm/renesas/rcar-du/rcar_du_group.c | 16 +-- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 4 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 1 - 9 files changed, 264 insertions(+), 24 deletions(-) --- base-commit: adc218676eef25575469234709c2d87185ca223a change-id: 20241008-rcar-gh-dsi-9c01f5deeac8 Best regards, -- Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>

6 months, 2 weeks

1
1
0 0

[PATCH] usb: r8a66597-udc: fix call balance for r8a66597->clk handling routines

by Vitalii Mordan

If the clock r8a66597->clk was not enabled in r8a66597_probe, r8a66597->clk will contain a non-NULL value leading to the clock being incorrectly disabled later in r8a66597_remove. Use the devm_clk_get_enabled helper function to ensure proper call balance for r8a66597->clk. Found by Linux Verification Center (linuxtesting.org) with Klever. Fixes: d2e27bdf2870 ("usb: add clock support to r8a66597 gadget driver") Cc: stable(a)vger.kernel.org Signed-off-by: Vitalii Mordan <mordan(a)ispras.ru> --- drivers/usb/gadget/udc/r8a66597-udc.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/drivers/usb/gadget/udc/r8a66597-udc.c b/drivers/usb/gadget/udc/r8a66597-udc.c index ff6f846b1d41..8518feb90792 100644 --- a/drivers/usb/gadget/udc/r8a66597-udc.c +++ b/drivers/usb/gadget/udc/r8a66597-udc.c @@ -1812,10 +1812,6 @@ static void r8a66597_remove(struct platform_device *pdev) usb_del_gadget_udc(&r8a66597->gadget); del_timer_sync(&r8a66597->timer); r8a66597_free_request(&r8a66597->ep[0].ep, r8a66597->ep0_req); - - if (r8a66597->pdata->on_chip) { - clk_disable_unprepare(r8a66597->clk); - } } static void nop_completion(struct usb_ep *ep, struct usb_request *r) @@ -1876,12 +1872,11 @@ static int r8a66597_probe(struct platform_device *pdev) if (r8a66597->pdata->on_chip) { snprintf(clk_name, sizeof(clk_name), "usb%d", pdev->id); - r8a66597->clk = devm_clk_get(dev, clk_name); + r8a66597->clk = devm_clk_get_enabled(dev, clk_name); if (IS_ERR(r8a66597->clk)) { - dev_err(dev, "cannot get clock \"%s\"\n", clk_name); + dev_err(dev, "cannot get and enable clock \"%s\"\n", clk_name); return PTR_ERR(r8a66597->clk); } - clk_prepare_enable(r8a66597->clk); } if (r8a66597->pdata->sudmac) { @@ -1953,9 +1948,6 @@ static int r8a66597_probe(struct platform_device *pdev) err_add_udc: r8a66597_free_request(&r8a66597->ep[0].ep, r8a66597->ep0_req); clean_up2: - if (r8a66597->pdata->on_chip) - clk_disable_unprepare(r8a66597->clk); - if (r8a66597->ep0_req) r8a66597_free_request(&r8a66597->ep[0].ep, r8a66597->ep0_req); -- 2.25.1

6 months, 2 weeks

1
0
0 0

[PATCH 6.6] tpm: Lock TPM chip in tpm_pm_suspend() first

by bin.lan.cn＠eng.windriver.com

From: Jarkko Sakkinen <jarkko(a)kernel.org> [ Upstream commit 9265fed6db601ee2ec47577815387458ef4f047a ] Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is in progress. The recent bug report gives also evidence of this behaviour. Aadress this by locking the TPM chip before checking any chip->flags both in tpm_pm_suspend() and tpm_hwrng_read(). Move TPM_CHIP_FLAG_SUSPENDED check inside tpm_get_random() so that it will be always checked only when the lock is reserved. Cc: stable(a)vger.kernel.org # v6.4+ Fixes: 99d464506255 ("tpm: Prevent hwrng from activating during resume") Reported-by: Mike Seo <mikeseohyungjin(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219383 Reviewed-by: Jerry Snitselaar <jsnitsel(a)redhat.com> Tested-by: Mike Seo <mikeseohyungjin(a)gmail.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> [ Don't call tpm2_end_auth_session() for this function does not exist in 6.6.y.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> --- drivers/char/tpm/tpm-chip.c | 4 ---- drivers/char/tpm/tpm-interface.c | 29 +++++++++++++++++++++-------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 42b1062e33cd..78999f7f248c 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -519,10 +519,6 @@ static int tpm_hwrng_read(struct hwrng *rng, void *data, size_t max, bool wait) { struct tpm_chip *chip = container_of(rng, struct tpm_chip, hwrng); - /* Give back zero bytes, as TPM chip has not yet fully resumed: */ - if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) - return 0; - return tpm_get_random(chip, data, max); } diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 66b16d26eecc..c8ea52dfa556 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -394,6 +394,13 @@ int tpm_pm_suspend(struct device *dev) if (!chip) return -ENODEV; + rc = tpm_try_get_ops(chip); + if (rc) { + /* Can be safely set out of locks, as no action cannot race: */ + chip->flags |= TPM_CHIP_FLAG_SUSPENDED; + goto out; + } + if (chip->flags & TPM_CHIP_FLAG_ALWAYS_POWERED) goto suspended; @@ -401,19 +408,18 @@ int tpm_pm_suspend(struct device *dev) !pm_suspend_via_firmware()) goto suspended; - rc = tpm_try_get_ops(chip); - if (!rc) { - if (chip->flags & TPM_CHIP_FLAG_TPM2) - tpm2_shutdown(chip, TPM2_SU_STATE); - else - rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); - - tpm_put_ops(chip); + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_shutdown(chip, TPM2_SU_STATE); + goto suspended; } + rc = tpm1_pm_suspend(chip, tpm_suspend_pcr); + suspended: chip->flags |= TPM_CHIP_FLAG_SUSPENDED; + tpm_put_ops(chip); +out: if (rc) dev_err(dev, "Ignoring error %d while suspending\n", rc); return 0; @@ -462,11 +468,18 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) if (!chip) return -ENODEV; + /* Give back zero bytes, as TPM chip has not yet fully resumed: */ + if (chip->flags & TPM_CHIP_FLAG_SUSPENDED) { + rc = 0; + goto out; + } + if (chip->flags & TPM_CHIP_FLAG_TPM2) rc = tpm2_get_random(chip, out, max); else rc = tpm1_get_random(chip, out, max); +out: tpm_put_ops(chip); return rc; } -- 2.43.0

6 months, 2 weeks

2
1
0 0

[PATCH 6.1.y] drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()

by jianqi.ren.cn＠windriver.com

From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one 'if'. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 81927e2808be ("drm/amd/display: Support for DMUB AUX") Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 8dc0f70df24f..7b4d44dcb343 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1882,14 +1882,14 @@ static void amdgpu_dm_fini(struct amdgpu_device *adev) dc_deinit_callbacks(adev->dm.dc); #endif - if (adev->dm.dc) + if (adev->dm.dc) { dc_dmub_srv_destroy(&adev->dm.dc->ctx->dmub_srv); - - if (dc_enable_dmub_notifications(adev->dm.dc)) { - kfree(adev->dm.dmub_notify); - adev->dm.dmub_notify = NULL; - destroy_workqueue(adev->dm.delayed_hpd_wq); - adev->dm.delayed_hpd_wq = NULL; + if (dc_enable_dmub_notifications(adev->dm.dc)) { + kfree(adev->dm.dmub_notify); + adev->dm.dmub_notify = NULL; + destroy_workqueue(adev->dm.delayed_hpd_wq); + adev->dm.delayed_hpd_wq = NULL; + } } if (adev->dm.dmub_bo) -- 2.25.1

6 months, 2 weeks

3
2
0 0

[PATCH 5.10.y] ALSA: usb-audio: Fix out of bounds reads when finding clock sources

by Benoît Sevens

From: Takashi Iwai <tiwai(a)suse.de> The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. Reported-by: Benoît Sevens <bsevens(a)google.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/20241121140613.3651-1-bsevens@google.com Link: https://patch.msgid.link/20241125144629.20757-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> (cherry picked from commit a3dd4d63eeb452cfb064a13862fb376ab108f6a6) Signed-off-by: Benoît Sevens <bsevens(a)google.com> --- sound/usb/clock.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/sound/usb/clock.c b/sound/usb/clock.c index 514d18a3e07a..197a6b7d8ad6 100644 --- a/sound/usb/clock.c +++ b/sound/usb/clock.c @@ -21,6 +21,10 @@ #include "clock.h" #include "quirks.h" +/* check whether the descriptor bLength has the minimal length */ +#define DESC_LENGTH_CHECK(p) \ + (p->bLength >= sizeof(*p)) + static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, bool (*validator)(void *, int), u8 type) { @@ -38,36 +42,60 @@ static void *find_uac_clock_desc(struct usb_host_interface *iface, int id, static bool validate_clock_source_v2(void *p, int id) { struct uac_clock_source_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_source_v3(void *p, int id) { struct uac3_clock_source_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_selector_v2(void *p, int id) { struct uac_clock_selector_descriptor *cs = p; - return cs->bClockID == id; + if (!DESC_LENGTH_CHECK(cs)) + return false; + if (cs->bClockID != id) + return false; + /* additional length check for baCSourceID array (in bNrInPins size) + * and two more fields (which sizes depend on the protocol) + */ + return cs->bLength >= sizeof(*cs) + cs->bNrInPins + + 1 /* bmControls */ + 1 /* iClockSelector */; } static bool validate_clock_selector_v3(void *p, int id) { struct uac3_clock_selector_descriptor *cs = p; - return cs->bClockID == id; + if (!DESC_LENGTH_CHECK(cs)) + return false; + if (cs->bClockID != id) + return false; + /* additional length check for baCSourceID array (in bNrInPins size) + * and two more fields (which sizes depend on the protocol) + */ + return cs->bLength >= sizeof(*cs) + cs->bNrInPins + + 4 /* bmControls */ + 2 /* wCSelectorDescrStr */; } static bool validate_clock_multiplier_v2(void *p, int id) { struct uac_clock_multiplier_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } static bool validate_clock_multiplier_v3(void *p, int id) { struct uac3_clock_multiplier_descriptor *cs = p; + if (!DESC_LENGTH_CHECK(cs)) + return false; return cs->bClockID == id; } -- 2.47.0.338.g60cca15819-goog

6 months, 2 weeks

3
2
0 0

[PATCH 6.1/5.15/5.10/5.4] udf: fix null-ptr-deref if sb_getblk() fails

by Jakub Acs

commit 32f123a3f342 ("udf: Fold udf_getblk() into udf_bread()"), fixes a null-ptr-deref bug as a side effect. Backport the null-ptr-deref fixing aspect of the aforementioned commit. Closes: https://syzkaller.appspot.com/bug?extid=a38e34ca637c224f4a79 Signed-off-by: Jakub Acs <acsjakub(a)amazon.de> --- fs/udf/inode.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/udf/inode.c b/fs/udf/inode.c index d7d6ccd0af06..4f505a366da9 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -380,6 +380,10 @@ static struct buffer_head *udf_getblk(struct inode *inode, udf_pblk_t block, *err = udf_get_block(inode, block, &dummy, create); if (!*err && buffer_mapped(&dummy)) { bh = sb_getblk(inode->i_sb, dummy.b_blocknr); + if (!bh) { + *err = -ENOMEM; + return NULL; + } if (buffer_new(&dummy)) { lock_buffer(bh); memset(bh->b_data, 0x00, inode->i_sb->s_blocksize); base-commit: e4d90d63d385228b1e0bcf31cc15539bbbc28f7f -- 2.40.1

6 months, 2 weeks

4
7
0 0

[PATCH v5.10.277] wifi: mac80211: Avoid address calculations via out of bounds array indexing

by Hardik Gohil

From: Kenton Groombridge <concord(a)gentoo.org> [ Upstream commit 2663d0462eb32ae7c9b035300ab6b1523886c718 ] req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810 Co-authored-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Kenton Groombridge <concord(a)gentoo.org> Link: https://msgid.link/20240605152218.236061-1-concord@gentoo.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> [Xiangyu: Modified to apply on 6.1.y and 6.6.y] Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Hardik Gohil <hgohil(a)mvista.com> --- net/mac80211/scan.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index be5d02c..bcbbb9f 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -351,7 +351,8 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) struct cfg80211_scan_request *req; struct cfg80211_chan_def chandef; u8 bands_used = 0; - int i, ielen, n_chans; + int i, ielen; + u32 *n_chans; u32 flags = 0; req = rcu_dereference_protected(local->scan_req, @@ -361,34 +362,34 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) return false; if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { + local->hw_scan_req->req.n_channels = req->n_channels; + for (i = 0; i < req->n_channels; i++) { local->hw_scan_req->req.channels[i] = req->channels[i]; bands_used |= BIT(req->channels[i]->band); } - - n_chans = req->n_channels; } else { do { if (local->hw_scan_band == NUM_NL80211_BANDS) return false; - n_chans = 0; + n_chans = &local->hw_scan_req->req.n_channels; + *n_chans = 0; for (i = 0; i < req->n_channels; i++) { if (req->channels[i]->band != local->hw_scan_band) continue; - local->hw_scan_req->req.channels[n_chans] = + local->hw_scan_req->req.channels[(*n_chans)++] = req->channels[i]; - n_chans++; + bands_used |= BIT(req->channels[i]->band); } local->hw_scan_band++; - } while (!n_chans); + } while (!*n_chans); } - local->hw_scan_req->req.n_channels = n_chans; ieee80211_prepare_scan_chandef(&chandef, req->scan_width); if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) -- 2.7.4

6 months, 2 weeks

3
3
0 0

[PATCH] drivers: gpio: gpio-ljca: Initialize num before accessing item in ljca_gpio_config

by Haoyu Li

With the new __counted_by annocation in ljca_gpio_packet, the "num" struct member must be set before accessing the "item" array. Failing to do so will trigger a runtime warning when enabling CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Fixes: 1034cc423f1b ("gpio: update Intel LJCA USB GPIO driver") Signed-off-by: Haoyu Li <lihaoyu499(a)gmail.com> --- drivers/gpio/gpio-ljca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpio/gpio-ljca.c b/drivers/gpio/gpio-ljca.c index 503d2441c58f..817ecb12d550 100644 --- a/drivers/gpio/gpio-ljca.c +++ b/drivers/gpio/gpio-ljca.c @@ -82,9 +82,9 @@ static int ljca_gpio_config(struct ljca_gpio_dev *ljca_gpio, u8 gpio_id, int ret; mutex_lock(&ljca_gpio->trans_lock); + packet->num = 1; packet->item[0].index = gpio_id; packet->item[0].value = config | ljca_gpio->connect_mode[gpio_id]; - packet->num = 1; ret = ljca_transfer(ljca_gpio->ljca, LJCA_GPIO_CONFIG, (u8 *)packet, struct_size(packet, item, packet->num), NULL, 0); -- 2.34.1

6 months, 2 weeks

3
2
0 0

[PATCH net] net :mana :Request a V2 response version for MANA_QUERY_GF_STAT

by Shradha Gupta

The current requested response version(V1) for MANA_QUERY_GF_STAT query results in STATISTICS_FLAGS_TX_ERRORS_GDMA_ERROR value being set to 0 always. In order to get the correct value for this counter we request the response version to be V2. Cc: stable(a)vger.kernel.org Fixes: e1df5202e879 ("net :mana :Add remaining GDMA stats for MANA to ethtool") Signed-off-by: Shradha Gupta <shradhagupta(a)linux.microsoft.com> --- drivers/net/ethernet/microsoft/mana/mana_en.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index 57ac732e7707..f73848a4feb3 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -2536,6 +2536,7 @@ void mana_query_gf_stats(struct mana_port_context *apc) mana_gd_init_req_hdr(&req.hdr, MANA_QUERY_GF_STAT, sizeof(req), sizeof(resp)); + req.hdr.resp.msg_version = GDMA_MESSAGE_V2; req.req_stats = STATISTICS_FLAGS_RX_DISCARDS_NO_WQE | STATISTICS_FLAGS_RX_ERRORS_VPORT_DISABLED | STATISTICS_FLAGS_HC_RX_BYTES | -- 2.43.0

6 months, 2 weeks

3
2
0 0

[PATCH v2 1/2] ocfs2: Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume"

by Heming Zhao

This reverts commit dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume"). In commit dfe6c5692fb5, the commit log "This bug has existed since the initial OCFS2 code." is wrong. The correct introduction commit is 30dd3478c3cd ("ocfs2: correctly use ocfs2_find_next_zero_bit()"). The influence of commit dfe6c5692fb5 is that it provides a correct fix for the latest kernel. however, it shouldn't be pushed to stable branches. Let's use this commit to revert all branches that include dfe6c5692fb5 and use a new fix method to fix commit 30dd3478c3cd. Fixes: dfe6c5692fb5 ("ocfs2: fix the la space leak when unmounting an ocfs2 volume") Signed-off-by: Heming Zhao <heming.zhao(a)suse.com> Cc: <stable(a)vger.kernel.org> --- fs/ocfs2/localalloc.c | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c index 8ac42ea81a17..5df34561c551 100644 --- a/fs/ocfs2/localalloc.c +++ b/fs/ocfs2/localalloc.c @@ -1002,25 +1002,6 @@ static int ocfs2_sync_local_to_main(struct ocfs2_super *osb, start = bit_off + 1; } - /* clear the contiguous bits until the end boundary */ - if (count) { - blkno = la_start_blk + - ocfs2_clusters_to_blocks(osb->sb, - start - count); - - trace_ocfs2_sync_local_to_main_free( - count, start - count, - (unsigned long long)la_start_blk, - (unsigned long long)blkno); - - status = ocfs2_release_clusters(handle, - main_bm_inode, - main_bm_bh, blkno, - count); - if (status < 0) - mlog_errno(status); - } - bail: if (status) mlog_errno(status); -- 2.43.0

6 months, 2 weeks

2
1
0 0

[PATCH v4] mtd: diskonchip: Cast an operand to prevent potential overflow

by Gax-c

From: Zichen Xie <zichenxie0106(a)gmail.com> There may be a potential integer overflow issue in inftl_partscan(). parts[0].size is defined as "uint64_t" while mtd->erasesize and ip->firstUnit are defined as 32-bit unsigned integer. The result of the calculation will be limited to 32 bits without correct casting. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Zichen Xie <zichenxie0106(a)gmail.com> Cc: stable(a)vger.kernel.org --- v2: Correct "Fixes" tag. v3: Shorten subject and adjust commit log wrapping. v4: Add Cc tag. --- drivers/mtd/nand/raw/diskonchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/diskonchip.c b/drivers/mtd/nand/raw/diskonchip.c index 8db7fc424571..70d6c2250f32 100644 --- a/drivers/mtd/nand/raw/diskonchip.c +++ b/drivers/mtd/nand/raw/diskonchip.c @@ -1098,7 +1098,7 @@ static inline int __init inftl_partscan(struct mtd_info *mtd, struct mtd_partiti (i == 0) && (ip->firstUnit > 0)) { parts[0].name = " DiskOnChip IPL / Media Header partition"; parts[0].offset = 0; - parts[0].size = mtd->erasesize * ip->firstUnit; + parts[0].size = (uint64_t)mtd->erasesize * ip->firstUnit; numparts = 1; } -- 2.34.1

6 months, 2 weeks

2
1
0 0

[PATCH] mtd: onenand: Fix uninitialized retlen in do_otp_read()

by Ivan Stepchenko

The function do_otp_read() does not set the output parameter *retlen, which is expected to contain the number of bytes actually read. As a result, in onenand_otp_walk(), the tmp_retlen variable remains uninitialized after calling do_otp_walk() and used to change the values of the buf, len and retlen variables. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 49dc08eeda70 ("[MTD] [OneNAND] fix numerous races") Cc: stable(a)vger.kernel.org Signed-off-by: Ivan Stepchenko <sid(a)itb.spb.ru> --- drivers/mtd/nand/onenand/onenand_base.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/nand/onenand/onenand_base.c b/drivers/mtd/nand/onenand/onenand_base.c index f66385faf631..0dc2ea4fc857 100644 --- a/drivers/mtd/nand/onenand/onenand_base.c +++ b/drivers/mtd/nand/onenand/onenand_base.c @@ -2923,6 +2923,7 @@ static int do_otp_read(struct mtd_info *mtd, loff_t from, size_t len, ret = ONENAND_IS_4KB_PAGE(this) ? onenand_mlc_read_ops_nolock(mtd, from, &ops) : onenand_read_ops_nolock(mtd, from, &ops); + *retlen = ops.retlen; /* Exit OTP access mode */ this->command(mtd, ONENAND_CMD_RESET, 0, 0); -- 2.34.1

6 months, 2 weeks

2
1
0 0

Re: [PATCH v2] selinux: ignore unknown extended permissions

by Thiébaud Weksteen

On Thu, Dec 5, 2024 at 6:42 PM Christian Göttsche <cgzones(a)googlemail.com> wrote: > > Dec 5, 2024 02:09:39 Thiébaud Weksteen <tweek(a)google.com>: > > > When evaluating extended permissions, ignore unknown permissions instead > > of calling BUG(). This commit ensures that future permissions can be > > added without interfering with older kernels. > > > > Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") > > Cc: stable(a)vger.kernel.org > > Signed-off-by: Thiébaud Weksteen <tweek(a)google.com> > > - BUG(); > > + pr_warn_once( > > + "SELinux: unknown extended permission (%u) will be ignored\n", > > + node->datum.u.xperms->specified); > > + return; > > } > > What about instead of logging once per boot at access decision time logging once per policyload at parse time, like suggested for patch https://patchwork.kernel.org/project/selinux/patch/20241115133619.114393-11… ? > I agree, warning when the policy is loaded makes more sense. For this particular bug, I am trying to keep the patch to a bare minimum as I intend to backport it to stable kernels (on Android, this is preventing us from deploying a policy compatible with both older and newer kernels). Maybe we could land the first version of this patch (without any warning message), with the understanding that your patch will land soon after?

6 months, 2 weeks

1
0
0 0

Re: [PATCH net-next] tcp: Check space before adding MPTCP options

by Mo Yuanhao

在 2024/12/4 19:01, Matthieu Baerts 写道: > Hi MoYuanhao, > > +Cc MPTCP mailing list. > > (Please cc the MPTCP list next time) > > On 04/12/2024 09:58, MoYuanhao wrote: >> Ensure enough space before adding MPTCP options in tcp_syn_options() >> Added a check to verify sufficient remaining space >> before inserting MPTCP options in SYN packets. >> This prevents issues when space is insufficient. > > Thank you for this patch. I'm surprised we all missed this check, but > yes it is missing. > > As mentioned by Eric in his previous email, please add a 'Fixes' tag. > For bug-fixes, you should also Cc stable and target 'net', not 'net-next': > > Fixes: cec37a6e41aa ("mptcp: Handle MP_CAPABLE options for outgoing > connections") > Cc: stable(a)vger.kernel.org > > > Regarding the code, it looks OK to me, as we did exactly that with > mptcp_synack_options(). In mptcp_established_options(), we pass > 'remaining' because many MPTCP options can be set, but not here. So I > guess that's fine to keep the code like that, especially for the 'net' tree. > > > Also, and linked to Eric's email, did you have an issue with that, or is > it to prevent issues in the future? > > > One last thing, please don’t repost your patches within one 24h period, see: > > https://docs.kernel.org/process/maintainer-netdev.html > > > Because the code is OK to me, and the same patch has already been sent > twice to the netdev ML within a few hours, I'm going to apply this patch > in our MPTCP tree with the suggested modifications. Later on, we will > send it for inclusion in the net tree. > > pw-bot: awaiting-upstream > > (Not sure this pw-bot instruction will work as no net/mptcp/* files have > been modified) > > Cheers, > Matt Hi Matt, Thank you for your feedback! I have made the suggested updates to the patch (version 2): I’ve added the Fixes tag and Cc'd the stable(a)vger.kernel.org list. The target branch has been adjusted to net as per your suggestion. I will make sure to Cc the MPTCP list in future submissions. Regarding your question, this patch was created to prevent potential issues related to insufficient space for MPTCP options in the future. I didn't encounter a specific issue, but it seemed like a necessary safeguard to ensure robustness when handling SYN packets with MPTCP options. Additionally, I have made further optimizations to the patch, which are included in the attached version. I believe it would be more elegant to introduce a new function, mptcp_set_option(), similar to mptcp_set_option_cond(), to handle MPTCP options. This is my first time replying to a message in a Linux mailing list, so if there are any formatting issues or mistakes, please point them out and I will make sure to correct them in future submissions. Thanks again for your review and suggestions. Looking forward to seeing the patch applied to the MPTCP tree and later inclusion in the net tree. Best regards, MoYuanhao

6 months, 2 weeks

4
3
0 0

Hello,are you looking for bags supplier?

by Steven

6 months, 2 weeks

1
0
0 0

[PATCH 1/2] zram: refuse to use zero sized block device as backing device

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> Setting a zero sized block device as backing device is pointless, and one can easily create a recursive loop by setting the uninitialized ZRAM device itself as its own backing device by (zram0 is uninitialized): echo /dev/zram0 > /sys/block/zram0/backing_dev It's definitely a wrong config, and the module will pin itself, kernel should refuse doing so in the first place. By refusing to use zero sized device we avoided misuse cases including this one above. Fixes: 013bf95a83ec ("zram: add interface to specif backing device") Reported-by: Desheng Wu <deshengwu(a)tencent.com> Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: stable(a)vger.kernel.org --- drivers/block/zram/zram_drv.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index 0ca6d55c9917..dd48df5b97c8 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -614,6 +614,12 @@ static ssize_t backing_dev_store(struct device *dev, } nr_pages = i_size_read(inode) >> PAGE_SHIFT; + /* Refuse to use zero sized device (also prevents self reference) */ + if (!nr_pages) { + err = -EINVAL; + goto out; + } + bitmap_sz = BITS_TO_LONGS(nr_pages) * sizeof(long); bitmap = kvzalloc(bitmap_sz, GFP_KERNEL); if (!bitmap) { -- 2.47.0

6 months, 2 weeks

2
1
0 0

[PATCH v3] btrfs: do proper folio cleanup when run_delalloc_nocow() failed

by Qu Wenruo

[BUG] There are at least two problems when run_delalloc_nocow() hits some error and has to go cleanup routine: - It doesn't clear the folio dirty flags of any successfully ran range This breaks the regular error handling protocol for folio writeback, which should clear the dirty flag of the failed range. This clean up protocol is adapted by both iomap and btrfs (if the error happened at the very beginning of the whole delalloc range). - It can start writeback/unlock folios which is already unlocked This is done by calling extent_clear_unlock_delalloc() with PAGE_START_WRITEBACK or PAGE_UNLOCK flag. This will trigger the VM_BUG_ON() for folio_start_writeback(), which requires the folio to be locked. [CAUSE] The problem of not clearing the folio dirty flag is a common bug, shared between cow_file_range() and run_delalloc_nocow(). We just need to clear the folio dirty flags according to the @cur_offset cursor. For the extent_clear_unlock_delalloc() on unlocked folios, it's because the double error handling, one from cow_file_range() (inside fallback_to_cow()), one from run_delalloc_nocow() itself. [FIX] - Clear folio dirty for range [@start, @cur_offset) Introduce a helper, cleanup_dirty_folios(), which will find and lock the folio in the range, clear the dirty flag and start/end the writeback, with the extra handling for the @locked_folio. - Introduce a helper to record the last failed COW range end This is to trace which range we should skip, to avoid double unlocking. - Skip the failed COW range for the error handling Cc: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- Changelog: v3: - Fix the double error handling on the COW range Which can lead to VM_BUG_ON() for extent_clear_unlock_delalloc(), as the folio is already unlocked by the error handling inside cow_file_range(). - Update the commit message to explain the bug better - Add a comment inside the error handling explaining the error patterns v2: - Fix the incorrect @cur_offset assignment to @end The @end is not aligned to sector size, nor @cur_offset should be updated before fallback_to_cow() succeeded. - Add one extra ASSERT() to make sure the range is properly aligned --- fs/btrfs/inode.c | 93 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 86 insertions(+), 7 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 9517fb2df649..069599b025a6 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1969,6 +1969,48 @@ static int can_nocow_file_extent(struct btrfs_path *path, return ret < 0 ? ret : can_nocow; } +static void cleanup_dirty_folios(struct btrfs_inode *inode, + struct folio *locked_folio, + u64 start, u64 end, int error) +{ + struct btrfs_fs_info *fs_info = inode->root->fs_info; + struct address_space *mapping = inode->vfs_inode.i_mapping; + pgoff_t start_index = start >> PAGE_SHIFT; + pgoff_t end_index = end >> PAGE_SHIFT; + u32 len; + + ASSERT(end + 1 - start < U32_MAX); + ASSERT(IS_ALIGNED(start, fs_info->sectorsize) && + IS_ALIGNED(end + 1, fs_info->sectorsize)); + len = end + 1 - start; + + /* + * Handle the locked folio first. + * btrfs_folio_clamp_*() helpers can handle range out of the folio case. + */ + btrfs_folio_clamp_clear_dirty(fs_info, locked_folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, locked_folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, locked_folio, start, len); + + for (pgoff_t index = start_index; index <= end_index; index++) { + struct folio *folio; + + /* Already handled at the beginning. */ + if (index == locked_folio->index) + continue; + folio = __filemap_get_folio(mapping, index, FGP_LOCK, GFP_NOFS); + /* Cache already dropped, no need to do any cleanup. */ + if (IS_ERR(folio)) + continue; + btrfs_folio_clamp_clear_dirty(fs_info, folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, folio, start, len); + folio_unlock(folio); + folio_put(folio); + } + mapping_set_error(mapping, error); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -1984,6 +2026,11 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, struct btrfs_root *root = inode->root; struct btrfs_path *path; u64 cow_start = (u64)-1; + /* + * If not 0, represents the inclusive end of the last fallback_to_cow() + * range. Only for error handling. + */ + u64 cow_end = 0; u64 cur_offset = start; int ret; bool check_prev = true; @@ -2144,6 +2191,7 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, found_key.offset - 1); cow_start = (u64)-1; if (ret) { + cow_end = found_key.offset - 1; btrfs_dec_nocow_writers(nocow_bg); goto error; } @@ -2217,11 +2265,12 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, cow_start = cur_offset; if (cow_start != (u64)-1) { - cur_offset = end; ret = fallback_to_cow(inode, locked_folio, cow_start, end); cow_start = (u64)-1; - if (ret) + if (ret) { + cow_end = end; goto error; + } } btrfs_free_path(path); @@ -2229,12 +2278,42 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, error: /* - * If an error happened while a COW region is outstanding, cur_offset - * needs to be reset to cow_start to ensure the COW region is unlocked - * as well. + * There are several error cases: + * + * 1) Failed without falling back to COW + * start cur_start end + * |/////////////| | + * + * For range [start, cur_start) the folios are already unlocked (except + * @locked_folio), EXTENT_DELALLOC already removed. + * Only need to clear the dirty flag as they will never be submitted. + * Ordered extent and extent maps are handled by + * btrfs_mark_ordered_io_finished() inside run_delalloc_range(). + * + * 2) Failed with error from fallback_to_cow() + * start cur_start cow_end end + * |/////////////|-----------| | + * + * For range [start, cur_start) it's the same as case 1). + * But for range [cur_start, cow_end), the folios have dirty flag + * cleared and unlocked, EXTENT_DEALLLOC cleared. + * There may or may not be any ordered extents/extent maps allocated. + * + * We should not call extent_clear_unlock_delalloc() on range [cur_start, + * cow_end), as the folios are already unlocked. + * + * So clear the folio dirty flags for [start, cur_offset) first. */ - if (cow_start != (u64)-1) - cur_offset = cow_start; + if (cur_offset > start) + cleanup_dirty_folios(inode, locked_folio, start, cur_offset - 1, ret); + + /* + * If an error happened while a COW region is outstanding, cur_offset + * needs to be reset to @cow_end + 1 to skip the COW range, as + * cow_file_range() will do the proper cleanup at error. + */ + if (cow_end) + cur_offset = cow_end + 1; /* * We need to lock the extent here because we're clearing DELALLOC and -- 2.47.1

6 months, 2 weeks

1
0
0 0

[PATCH v2] btrfs: do proper folio cleanup when run_delalloc_nocow() failed

by Qu Wenruo

Just like cow_file_range(), from day 1 btrfs doesn't really clean the dirty flags, if it has an ordered extent created successfully. Per error handling protocol (according to the iomap, and the btrfs handling if it failed at the beginning of the range), we should clear all dirty flags for the involved folios. Or the range of that folio will still be marked dirty, but has no EXTENT_DEALLLOC set inside the io tree. Since the folio range is still dirty, it will still be the target for the next writeback, but since there is no EXTENT_DEALLLOC, no new ordered extent will be created for it. This means the writeback of that folio range will fall back to COW fixup path. However the COW fixup path itself is being re-evaluated as the newly introduced pin_user_pages_*() should prevent us hitting an out-of-band dirty folios, and we're moving to deprecate such COW fixup path. We already have an experimental patch that will make fixup COW path to crash, to verify there is no such out-of-band dirty folios anymore. So here we need to avoid going COW fixup path, by doing proper folio dirty flags cleanup. Unlike the fix in cow_file_range(), which holds the folio and extent lock until error or a fully successfully run, here we have no such luxury as we can fallback to COW, and in that case the extent/folio range will be unlocked by cow_file_range(). So here we introduce a new helper, cleanup_dirty_folios(), to clear the dirty flags for the involved folios. And since the final fallback_to_cow() call can also fail, and we rely on @cur_offset to do the proper cleanup, here we remove the unnecessary and incorrect @cur_offset assignment. Cc: stable(a)vger.kernel.org Signed-off-by: Qu Wenruo <wqu(a)suse.com> --- Changelog: v2: - Fix the incorrect @cur_offset assignment to @end The @end is not aligned to sector size, nor @cur_offset should be updated before fallback_to_cow() succeeded. - Add one extra ASSERT() to make sure the range is properly aligned --- fs/btrfs/inode.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index e8232ac7917f..92df6dfff2e4 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -1969,6 +1969,48 @@ static int can_nocow_file_extent(struct btrfs_path *path, return ret < 0 ? ret : can_nocow; } +static void cleanup_dirty_folios(struct btrfs_inode *inode, + struct folio *locked_folio, + u64 start, u64 end, int error) +{ + struct btrfs_fs_info *fs_info = inode->root->fs_info; + struct address_space *mapping = inode->vfs_inode.i_mapping; + pgoff_t start_index = start >> PAGE_SHIFT; + pgoff_t end_index = end >> PAGE_SHIFT; + u32 len; + + ASSERT(end + 1 - start < U32_MAX); + ASSERT(IS_ALIGNED(start, fs_info->sectorsize) && + IS_ALIGNED(end + 1, fs_info->sectorsize)); + len = end + 1 - start; + + /* + * Handle the locked folio first. + * btrfs_folio_clamp_*() helpers can handle range out of the folio case. + */ + btrfs_folio_clamp_clear_dirty(fs_info, locked_folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, locked_folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, locked_folio, start, len); + + for (pgoff_t index = start_index; index <= end_index; index++) { + struct folio *folio; + + /* Already handled at the beginning. */ + if (index == locked_folio->index) + continue; + folio = __filemap_get_folio(mapping, index, FGP_LOCK, GFP_NOFS); + /* Cache already dropped, no need to do any cleanup. */ + if (IS_ERR(folio)) + continue; + btrfs_folio_clamp_clear_dirty(fs_info, folio, start, len); + btrfs_folio_clamp_set_writeback(fs_info, folio, start, len); + btrfs_folio_clamp_clear_writeback(fs_info, folio, start, len); + folio_unlock(folio); + folio_put(folio); + } + mapping_set_error(mapping, error); +} + /* * when nowcow writeback call back. This checks for snapshots or COW copies * of the extents that exist in the file, and COWs the file as required. @@ -2217,7 +2259,6 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, cow_start = cur_offset; if (cow_start != (u64)-1) { - cur_offset = end; ret = fallback_to_cow(inode, locked_folio, cow_start, end); cow_start = (u64)-1; if (ret) @@ -2228,6 +2269,22 @@ static noinline int run_delalloc_nocow(struct btrfs_inode *inode, return 0; error: + /* + * We have some range with ordered extent created. + * + * Ordered extents and extent maps will be cleaned up by + * btrfs_mark_ordered_io_finished() later, but we also need to cleanup + * the dirty flags of folios. + * + * Or they can be written back again, but without any EXTENT_DELALLOC flag + * in io tree. + * This will force the writeback to go COW fixup, which is being deprecated. + * + * Also such left-over dirty flags do no follow the error handling protocol. + */ + if (cur_offset > start) + cleanup_dirty_folios(inode, locked_folio, start, cur_offset - 1, ret); + /* * If an error happened while a COW region is outstanding, cur_offset * needs to be reset to cow_start to ensure the COW region is unlocked -- 2.47.1

6 months, 2 weeks

1
1
0 0

[for-linus][PATCH 1/2] tracing: Fix cmp_entries_dup() to respect sort() comparison rules

by Steven Rostedt

From: Kuan-Wei Chiu <visitorckw(a)gmail.com> The cmp_entries_dup() function used as the comparator for sort() violated the symmetry and transitivity properties required by the sorting algorithm. Specifically, it returned 1 whenever memcmp() was non-zero, which broke the following expectations: * Symmetry: If x < y, then y > x. * Transitivity: If x < y and y < z, then x < z. These violations could lead to incorrect sorting and failure to correctly identify duplicate elements. Fix the issue by directly returning the result of memcmp(), which adheres to the required comparison properties. Cc: stable(a)vger.kernel.org Fixes: 08d43a5fa063 ("tracing: Add lock-free tracing_map") Link: https://lore.kernel.org/20241203202228.1274403-1-visitorckw@gmail.com Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/tracing_map.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c index 3a56e7c8aa4f..1921ade45be3 100644 --- a/kernel/trace/tracing_map.c +++ b/kernel/trace/tracing_map.c @@ -845,15 +845,11 @@ int tracing_map_init(struct tracing_map *map) static int cmp_entries_dup(const void *A, const void *B) { const struct tracing_map_sort_entry *a, *b; - int ret = 0; a = *(const struct tracing_map_sort_entry **)A; b = *(const struct tracing_map_sort_entry **)B; - if (memcmp(a->key, b->key, a->elt->map->key_size)) - ret = 1; - - return ret; + return memcmp(a->key, b->key, a->elt->map->key_size); } static int cmp_entries_sum(const void *A, const void *B) -- 2.45.2

6 months, 2 weeks

1
0
0 0

[PATCH v2] ufs: core: add missing post notify for power mode change

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> When the power mode change is successful but the power mode hasn't actually changed, the post notification was missed. Similar to the approach with hibernate/clock scale/hce enable, having pre/post notifications in the same function will make it easier to maintain. Additionally, supplement the description of power parameters for the pwr_change_notify callback. Fixes: 7eb584db73be ("ufs: refactor configuring power mode") Cc: stable(a)vger.kernel.org #6.11.x Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd.c | 7 ++++--- include/ufs/ufshcd.h | 10 ++++++---- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index abbe7135a977..814402e93a1e 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -4651,9 +4651,6 @@ static int ufshcd_change_power_mode(struct ufs_hba *hba, dev_err(hba->dev, "%s: power mode change failed %d\n", __func__, ret); } else { - ufshcd_vops_pwr_change_notify(hba, POST_CHANGE, NULL, - pwr_mode); - memcpy(&hba->pwr_info, pwr_mode, sizeof(struct ufs_pa_layer_attr)); } @@ -4682,6 +4679,10 @@ int ufshcd_config_pwr_mode(struct ufs_hba *hba, ret = ufshcd_change_power_mode(hba, &final_params); + if (!ret) + ufshcd_vops_pwr_change_notify(hba, POST_CHANGE, NULL, + &final_params); + return ret; } EXPORT_SYMBOL_GPL(ufshcd_config_pwr_mode); diff --git a/include/ufs/ufshcd.h b/include/ufs/ufshcd.h index 3f68ae3e4330..1db754b4a4d6 100644 --- a/include/ufs/ufshcd.h +++ b/include/ufs/ufshcd.h @@ -308,7 +308,9 @@ struct ufs_pwr_mode_info { * to allow variant specific Uni-Pro initialization. * @pwr_change_notify: called before and after a power mode change * is carried out to allow vendor spesific capabilities - * to be set. + * to be set. PRE_CHANGE can modify final_params based + * on desired_pwr_mode, but POST_CHANGE must not alter + * the final_params parameter * @setup_xfer_req: called before any transfer request is issued * to set some things * @setup_task_mgmt: called before any task management request is issued @@ -350,9 +352,9 @@ struct ufs_hba_variant_ops { int (*link_startup_notify)(struct ufs_hba *, enum ufs_notify_change_status); int (*pwr_change_notify)(struct ufs_hba *, - enum ufs_notify_change_status status, - struct ufs_pa_layer_attr *, - struct ufs_pa_layer_attr *); + enum ufs_notify_change_status status, + struct ufs_pa_layer_attr *desired_pwr_mode, + struct ufs_pa_layer_attr *final_params); void (*setup_xfer_req)(struct ufs_hba *hba, int tag, bool is_scsi_cmd); void (*setup_task_mgmt)(struct ufs_hba *, int, u8); -- 2.18.0

6 months, 2 weeks

3
2
0 0

[PATCH V2 1/2] LoongArch: KVM: Protect kvm_check_requests() with SRCU

by Huacai Chen

When we enable lockdep we get such a warning: ============================= WARNING: suspicious RCU usage 6.12.0-rc7+ #1891 Tainted: G W ----------------------------- include/linux/kvm_host.h:1043 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by qemu-system-loo/948: #0: 90000001184a00a8 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0xf4/0xe20 [kvm] stack backtrace: CPU: 0 UID: 0 PID: 948 Comm: qemu-system-loo Tainted: G W 6.12.0-rc7+ #1891 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 900000012c578000 900000012c57b920 0000000000000000 900000012c57b928 9000000007e53788 900000000815bcc8 900000000815bcc0 900000012c57b790 0000000000000001 0000000000000001 4b031894b9d6b725 0000000004dec000 90000001003299c0 0000000000000414 0000000000000001 000000000000002d 0000000000000003 0000000000000030 00000000000003b4 0000000004dec000 90000001184a0000 900000000806d000 9000000007e53788 00000000000000b4 0000000000000004 0000000000000004 0000000000000000 0000000000000000 9000000107baf600 9000000008916000 9000000007e53788 9000000005924778 0000000010000044 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Call Trace: [<9000000005924778>] show_stack+0x38/0x180 [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [<90000000059eb754>] lockdep_rcu_suspicious+0x194/0x240 [<ffff8000022143bc>] kvm_gfn_to_hva_cache_init+0xfc/0x120 [kvm] [<ffff80000222ade4>] kvm_pre_enter_guest+0x3a4/0x520 [kvm] [<ffff80000222b3dc>] kvm_handle_exit+0x23c/0x480 [kvm] Fix it by protecting kvm_check_requests() with SRCU. Cc: stable(a)vger.kernel.org Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/kvm/vcpu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/arch/loongarch/kvm/vcpu.c b/arch/loongarch/kvm/vcpu.c index cab1818be68d..d18a4a270415 100644 --- a/arch/loongarch/kvm/vcpu.c +++ b/arch/loongarch/kvm/vcpu.c @@ -240,7 +240,7 @@ static void kvm_late_check_requests(struct kvm_vcpu *vcpu) */ static int kvm_enter_guest_check(struct kvm_vcpu *vcpu) { - int ret; + int idx, ret; /* * Check conditions before entering the guest @@ -249,7 +249,9 @@ static int kvm_enter_guest_check(struct kvm_vcpu *vcpu) if (ret < 0) return ret; + idx = srcu_read_lock(&vcpu->kvm->srcu); ret = kvm_check_requests(vcpu); + srcu_read_unlock(&vcpu->kvm->srcu, idx); return ret; } -- 2.43.5

6 months, 2 weeks

2
2
0 0

[PATCH AUTOSEL 4.19] misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle

by Sasha Levin

From: Parker Newman <pnewman(a)connecttech.com> [ Upstream commit 7738a7ab9d12c5371ed97114ee2132d4512e9fd5 ] Add a quirk similar to eeprom_93xx46 to add an extra clock cycle before reading data from the EEPROM. The 93Cx6 family of EEPROMs output a "dummy 0 bit" between the writing of the op-code/address from the host to the EEPROM and the reading of the actual data from the EEPROM. More info can be found on page 6 of the AT93C46 datasheet (linked below). Similar notes are found in other 93xx6 datasheets. In summary the read operation for a 93Cx6 EEPROM is: Write to EEPROM: 110[A5-A0] (9 bits) Read from EEPROM: 0[D15-D0] (17 bits) Where: 110 is the start bit and READ OpCode [A5-A0] is the address to read from 0 is a "dummy bit" preceding the actual data [D15-D0] is the actual data. Looking at the READ timing diagrams in the 93Cx6 datasheets the dummy bit should be clocked out on the last address bit clock cycle meaning it should be discarded naturally. However, depending on the hardware configuration sometimes this dummy bit is not discarded. This is the case with Exar PCI UARTs which require an extra clock cycle between sending the address and reading the data. Datasheet: https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-5193-SEEPROM-AT93C46… Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Parker Newman <pnewman(a)connecttech.com> Link: https://lore.kernel.org/r/0f23973efefccd2544705a0480b4ad4c2353e407.17278809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/misc/eeprom/eeprom_93cx6.c | 10 ++++++++++ include/linux/eeprom_93cx6.h | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/misc/eeprom/eeprom_93cx6.c b/drivers/misc/eeprom/eeprom_93cx6.c index 0cf2c9d676be8..31c69642f13e0 100644 --- a/drivers/misc/eeprom/eeprom_93cx6.c +++ b/drivers/misc/eeprom/eeprom_93cx6.c @@ -195,6 +195,11 @@ void eeprom_93cx6_read(struct eeprom_93cx6 *eeprom, const u8 word, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 16 bits. */ @@ -261,6 +266,11 @@ void eeprom_93cx6_readb(struct eeprom_93cx6 *eeprom, const u8 byte, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width + 1); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 8 bits. */ diff --git a/include/linux/eeprom_93cx6.h b/include/linux/eeprom_93cx6.h index eb0b1988050ae..ec913059a5299 100644 --- a/include/linux/eeprom_93cx6.h +++ b/include/linux/eeprom_93cx6.h @@ -24,6 +24,8 @@ Supported chipsets: 93c46, 93c56 and 93c66. */ +#include <linux/bits.h> + /* * EEPROM operation defines. */ @@ -47,6 +49,7 @@ * @register_write(struct eeprom_93cx6 *eeprom): handler to * write to the eeprom register by using all reg_* fields. * @width: eeprom width, should be one of the PCI_EEPROM_WIDTH_* defines + * @quirks: eeprom or controller quirks * @drive_data: Set if we're driving the data line. * @reg_data_in: register field to indicate data input * @reg_data_out: register field to indicate data output @@ -63,6 +66,9 @@ struct eeprom_93cx6 { void (*register_write)(struct eeprom_93cx6 *eeprom); int width; + unsigned int quirks; +/* Some EEPROMs require an extra clock cycle before reading */ +#define PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE BIT(0) char drive_data; char reg_data_in; @@ -84,3 +90,8 @@ extern void eeprom_93cx6_wren(struct eeprom_93cx6 *eeprom, bool enable); extern void eeprom_93cx6_write(struct eeprom_93cx6 *eeprom, u8 addr, u16 data); + +static inline bool has_quirk_extra_read_cycle(struct eeprom_93cx6 *eeprom) +{ + return eeprom->quirks & PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE; +} -- 2.43.0

6 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 5.4] misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle

by Sasha Levin

From: Parker Newman <pnewman(a)connecttech.com> [ Upstream commit 7738a7ab9d12c5371ed97114ee2132d4512e9fd5 ] Add a quirk similar to eeprom_93xx46 to add an extra clock cycle before reading data from the EEPROM. The 93Cx6 family of EEPROMs output a "dummy 0 bit" between the writing of the op-code/address from the host to the EEPROM and the reading of the actual data from the EEPROM. More info can be found on page 6 of the AT93C46 datasheet (linked below). Similar notes are found in other 93xx6 datasheets. In summary the read operation for a 93Cx6 EEPROM is: Write to EEPROM: 110[A5-A0] (9 bits) Read from EEPROM: 0[D15-D0] (17 bits) Where: 110 is the start bit and READ OpCode [A5-A0] is the address to read from 0 is a "dummy bit" preceding the actual data [D15-D0] is the actual data. Looking at the READ timing diagrams in the 93Cx6 datasheets the dummy bit should be clocked out on the last address bit clock cycle meaning it should be discarded naturally. However, depending on the hardware configuration sometimes this dummy bit is not discarded. This is the case with Exar PCI UARTs which require an extra clock cycle between sending the address and reading the data. Datasheet: https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-5193-SEEPROM-AT93C46… Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Parker Newman <pnewman(a)connecttech.com> Link: https://lore.kernel.org/r/0f23973efefccd2544705a0480b4ad4c2353e407.17278809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/misc/eeprom/eeprom_93cx6.c | 10 ++++++++++ include/linux/eeprom_93cx6.h | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/misc/eeprom/eeprom_93cx6.c b/drivers/misc/eeprom/eeprom_93cx6.c index 36a2eb837371b..6b42ba6705d3f 100644 --- a/drivers/misc/eeprom/eeprom_93cx6.c +++ b/drivers/misc/eeprom/eeprom_93cx6.c @@ -186,6 +186,11 @@ void eeprom_93cx6_read(struct eeprom_93cx6 *eeprom, const u8 word, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 16 bits. */ @@ -252,6 +257,11 @@ void eeprom_93cx6_readb(struct eeprom_93cx6 *eeprom, const u8 byte, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width + 1); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 8 bits. */ diff --git a/include/linux/eeprom_93cx6.h b/include/linux/eeprom_93cx6.h index c860c72a921d0..3a485cc0e0fa0 100644 --- a/include/linux/eeprom_93cx6.h +++ b/include/linux/eeprom_93cx6.h @@ -11,6 +11,8 @@ Supported chipsets: 93c46, 93c56 and 93c66. */ +#include <linux/bits.h> + /* * EEPROM operation defines. */ @@ -34,6 +36,7 @@ * @register_write(struct eeprom_93cx6 *eeprom): handler to * write to the eeprom register by using all reg_* fields. * @width: eeprom width, should be one of the PCI_EEPROM_WIDTH_* defines + * @quirks: eeprom or controller quirks * @drive_data: Set if we're driving the data line. * @reg_data_in: register field to indicate data input * @reg_data_out: register field to indicate data output @@ -50,6 +53,9 @@ struct eeprom_93cx6 { void (*register_write)(struct eeprom_93cx6 *eeprom); int width; + unsigned int quirks; +/* Some EEPROMs require an extra clock cycle before reading */ +#define PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE BIT(0) char drive_data; char reg_data_in; @@ -71,3 +77,8 @@ extern void eeprom_93cx6_wren(struct eeprom_93cx6 *eeprom, bool enable); extern void eeprom_93cx6_write(struct eeprom_93cx6 *eeprom, u8 addr, u16 data); + +static inline bool has_quirk_extra_read_cycle(struct eeprom_93cx6 *eeprom) +{ + return eeprom->quirks & PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE; +} -- 2.43.0

6 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 5.10] misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle

by Sasha Levin

From: Parker Newman <pnewman(a)connecttech.com> [ Upstream commit 7738a7ab9d12c5371ed97114ee2132d4512e9fd5 ] Add a quirk similar to eeprom_93xx46 to add an extra clock cycle before reading data from the EEPROM. The 93Cx6 family of EEPROMs output a "dummy 0 bit" between the writing of the op-code/address from the host to the EEPROM and the reading of the actual data from the EEPROM. More info can be found on page 6 of the AT93C46 datasheet (linked below). Similar notes are found in other 93xx6 datasheets. In summary the read operation for a 93Cx6 EEPROM is: Write to EEPROM: 110[A5-A0] (9 bits) Read from EEPROM: 0[D15-D0] (17 bits) Where: 110 is the start bit and READ OpCode [A5-A0] is the address to read from 0 is a "dummy bit" preceding the actual data [D15-D0] is the actual data. Looking at the READ timing diagrams in the 93Cx6 datasheets the dummy bit should be clocked out on the last address bit clock cycle meaning it should be discarded naturally. However, depending on the hardware configuration sometimes this dummy bit is not discarded. This is the case with Exar PCI UARTs which require an extra clock cycle between sending the address and reading the data. Datasheet: https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-5193-SEEPROM-AT93C46… Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Parker Newman <pnewman(a)connecttech.com> Link: https://lore.kernel.org/r/0f23973efefccd2544705a0480b4ad4c2353e407.17278809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/misc/eeprom/eeprom_93cx6.c | 10 ++++++++++ include/linux/eeprom_93cx6.h | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/misc/eeprom/eeprom_93cx6.c b/drivers/misc/eeprom/eeprom_93cx6.c index 9627294fe3e95..4c9827fe92173 100644 --- a/drivers/misc/eeprom/eeprom_93cx6.c +++ b/drivers/misc/eeprom/eeprom_93cx6.c @@ -186,6 +186,11 @@ void eeprom_93cx6_read(struct eeprom_93cx6 *eeprom, const u8 word, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 16 bits. */ @@ -252,6 +257,11 @@ void eeprom_93cx6_readb(struct eeprom_93cx6 *eeprom, const u8 byte, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width + 1); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 8 bits. */ diff --git a/include/linux/eeprom_93cx6.h b/include/linux/eeprom_93cx6.h index c860c72a921d0..3a485cc0e0fa0 100644 --- a/include/linux/eeprom_93cx6.h +++ b/include/linux/eeprom_93cx6.h @@ -11,6 +11,8 @@ Supported chipsets: 93c46, 93c56 and 93c66. */ +#include <linux/bits.h> + /* * EEPROM operation defines. */ @@ -34,6 +36,7 @@ * @register_write(struct eeprom_93cx6 *eeprom): handler to * write to the eeprom register by using all reg_* fields. * @width: eeprom width, should be one of the PCI_EEPROM_WIDTH_* defines + * @quirks: eeprom or controller quirks * @drive_data: Set if we're driving the data line. * @reg_data_in: register field to indicate data input * @reg_data_out: register field to indicate data output @@ -50,6 +53,9 @@ struct eeprom_93cx6 { void (*register_write)(struct eeprom_93cx6 *eeprom); int width; + unsigned int quirks; +/* Some EEPROMs require an extra clock cycle before reading */ +#define PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE BIT(0) char drive_data; char reg_data_in; @@ -71,3 +77,8 @@ extern void eeprom_93cx6_wren(struct eeprom_93cx6 *eeprom, bool enable); extern void eeprom_93cx6_write(struct eeprom_93cx6 *eeprom, u8 addr, u16 data); + +static inline bool has_quirk_extra_read_cycle(struct eeprom_93cx6 *eeprom) +{ + return eeprom->quirks & PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE; +} -- 2.43.0

6 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 5.15] misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle

by Sasha Levin

From: Parker Newman <pnewman(a)connecttech.com> [ Upstream commit 7738a7ab9d12c5371ed97114ee2132d4512e9fd5 ] Add a quirk similar to eeprom_93xx46 to add an extra clock cycle before reading data from the EEPROM. The 93Cx6 family of EEPROMs output a "dummy 0 bit" between the writing of the op-code/address from the host to the EEPROM and the reading of the actual data from the EEPROM. More info can be found on page 6 of the AT93C46 datasheet (linked below). Similar notes are found in other 93xx6 datasheets. In summary the read operation for a 93Cx6 EEPROM is: Write to EEPROM: 110[A5-A0] (9 bits) Read from EEPROM: 0[D15-D0] (17 bits) Where: 110 is the start bit and READ OpCode [A5-A0] is the address to read from 0 is a "dummy bit" preceding the actual data [D15-D0] is the actual data. Looking at the READ timing diagrams in the 93Cx6 datasheets the dummy bit should be clocked out on the last address bit clock cycle meaning it should be discarded naturally. However, depending on the hardware configuration sometimes this dummy bit is not discarded. This is the case with Exar PCI UARTs which require an extra clock cycle between sending the address and reading the data. Datasheet: https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-5193-SEEPROM-AT93C46… Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Parker Newman <pnewman(a)connecttech.com> Link: https://lore.kernel.org/r/0f23973efefccd2544705a0480b4ad4c2353e407.17278809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/misc/eeprom/eeprom_93cx6.c | 10 ++++++++++ include/linux/eeprom_93cx6.h | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/misc/eeprom/eeprom_93cx6.c b/drivers/misc/eeprom/eeprom_93cx6.c index 9627294fe3e95..4c9827fe92173 100644 --- a/drivers/misc/eeprom/eeprom_93cx6.c +++ b/drivers/misc/eeprom/eeprom_93cx6.c @@ -186,6 +186,11 @@ void eeprom_93cx6_read(struct eeprom_93cx6 *eeprom, const u8 word, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 16 bits. */ @@ -252,6 +257,11 @@ void eeprom_93cx6_readb(struct eeprom_93cx6 *eeprom, const u8 byte, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width + 1); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 8 bits. */ diff --git a/include/linux/eeprom_93cx6.h b/include/linux/eeprom_93cx6.h index c860c72a921d0..3a485cc0e0fa0 100644 --- a/include/linux/eeprom_93cx6.h +++ b/include/linux/eeprom_93cx6.h @@ -11,6 +11,8 @@ Supported chipsets: 93c46, 93c56 and 93c66. */ +#include <linux/bits.h> + /* * EEPROM operation defines. */ @@ -34,6 +36,7 @@ * @register_write(struct eeprom_93cx6 *eeprom): handler to * write to the eeprom register by using all reg_* fields. * @width: eeprom width, should be one of the PCI_EEPROM_WIDTH_* defines + * @quirks: eeprom or controller quirks * @drive_data: Set if we're driving the data line. * @reg_data_in: register field to indicate data input * @reg_data_out: register field to indicate data output @@ -50,6 +53,9 @@ struct eeprom_93cx6 { void (*register_write)(struct eeprom_93cx6 *eeprom); int width; + unsigned int quirks; +/* Some EEPROMs require an extra clock cycle before reading */ +#define PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE BIT(0) char drive_data; char reg_data_in; @@ -71,3 +77,8 @@ extern void eeprom_93cx6_wren(struct eeprom_93cx6 *eeprom, bool enable); extern void eeprom_93cx6_write(struct eeprom_93cx6 *eeprom, u8 addr, u16 data); + +static inline bool has_quirk_extra_read_cycle(struct eeprom_93cx6 *eeprom) +{ + return eeprom->quirks & PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE; +} -- 2.43.0

6 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 6.1 1/4] misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle

by Sasha Levin

From: Parker Newman <pnewman(a)connecttech.com> [ Upstream commit 7738a7ab9d12c5371ed97114ee2132d4512e9fd5 ] Add a quirk similar to eeprom_93xx46 to add an extra clock cycle before reading data from the EEPROM. The 93Cx6 family of EEPROMs output a "dummy 0 bit" between the writing of the op-code/address from the host to the EEPROM and the reading of the actual data from the EEPROM. More info can be found on page 6 of the AT93C46 datasheet (linked below). Similar notes are found in other 93xx6 datasheets. In summary the read operation for a 93Cx6 EEPROM is: Write to EEPROM: 110[A5-A0] (9 bits) Read from EEPROM: 0[D15-D0] (17 bits) Where: 110 is the start bit and READ OpCode [A5-A0] is the address to read from 0 is a "dummy bit" preceding the actual data [D15-D0] is the actual data. Looking at the READ timing diagrams in the 93Cx6 datasheets the dummy bit should be clocked out on the last address bit clock cycle meaning it should be discarded naturally. However, depending on the hardware configuration sometimes this dummy bit is not discarded. This is the case with Exar PCI UARTs which require an extra clock cycle between sending the address and reading the data. Datasheet: https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-5193-SEEPROM-AT93C46… Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Parker Newman <pnewman(a)connecttech.com> Link: https://lore.kernel.org/r/0f23973efefccd2544705a0480b4ad4c2353e407.17278809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/misc/eeprom/eeprom_93cx6.c | 10 ++++++++++ include/linux/eeprom_93cx6.h | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/misc/eeprom/eeprom_93cx6.c b/drivers/misc/eeprom/eeprom_93cx6.c index 9627294fe3e95..4c9827fe92173 100644 --- a/drivers/misc/eeprom/eeprom_93cx6.c +++ b/drivers/misc/eeprom/eeprom_93cx6.c @@ -186,6 +186,11 @@ void eeprom_93cx6_read(struct eeprom_93cx6 *eeprom, const u8 word, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 16 bits. */ @@ -252,6 +257,11 @@ void eeprom_93cx6_readb(struct eeprom_93cx6 *eeprom, const u8 byte, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width + 1); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 8 bits. */ diff --git a/include/linux/eeprom_93cx6.h b/include/linux/eeprom_93cx6.h index c860c72a921d0..3a485cc0e0fa0 100644 --- a/include/linux/eeprom_93cx6.h +++ b/include/linux/eeprom_93cx6.h @@ -11,6 +11,8 @@ Supported chipsets: 93c46, 93c56 and 93c66. */ +#include <linux/bits.h> + /* * EEPROM operation defines. */ @@ -34,6 +36,7 @@ * @register_write(struct eeprom_93cx6 *eeprom): handler to * write to the eeprom register by using all reg_* fields. * @width: eeprom width, should be one of the PCI_EEPROM_WIDTH_* defines + * @quirks: eeprom or controller quirks * @drive_data: Set if we're driving the data line. * @reg_data_in: register field to indicate data input * @reg_data_out: register field to indicate data output @@ -50,6 +53,9 @@ struct eeprom_93cx6 { void (*register_write)(struct eeprom_93cx6 *eeprom); int width; + unsigned int quirks; +/* Some EEPROMs require an extra clock cycle before reading */ +#define PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE BIT(0) char drive_data; char reg_data_in; @@ -71,3 +77,8 @@ extern void eeprom_93cx6_wren(struct eeprom_93cx6 *eeprom, bool enable); extern void eeprom_93cx6_write(struct eeprom_93cx6 *eeprom, u8 addr, u16 data); + +static inline bool has_quirk_extra_read_cycle(struct eeprom_93cx6 *eeprom) +{ + return eeprom->quirks & PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE; +} -- 2.43.0

6 months, 2 weeks

1
3
0 0

[PATCH AUTOSEL 6.6 1/6] misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle

by Sasha Levin

From: Parker Newman <pnewman(a)connecttech.com> [ Upstream commit 7738a7ab9d12c5371ed97114ee2132d4512e9fd5 ] Add a quirk similar to eeprom_93xx46 to add an extra clock cycle before reading data from the EEPROM. The 93Cx6 family of EEPROMs output a "dummy 0 bit" between the writing of the op-code/address from the host to the EEPROM and the reading of the actual data from the EEPROM. More info can be found on page 6 of the AT93C46 datasheet (linked below). Similar notes are found in other 93xx6 datasheets. In summary the read operation for a 93Cx6 EEPROM is: Write to EEPROM: 110[A5-A0] (9 bits) Read from EEPROM: 0[D15-D0] (17 bits) Where: 110 is the start bit and READ OpCode [A5-A0] is the address to read from 0 is a "dummy bit" preceding the actual data [D15-D0] is the actual data. Looking at the READ timing diagrams in the 93Cx6 datasheets the dummy bit should be clocked out on the last address bit clock cycle meaning it should be discarded naturally. However, depending on the hardware configuration sometimes this dummy bit is not discarded. This is the case with Exar PCI UARTs which require an extra clock cycle between sending the address and reading the data. Datasheet: https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-5193-SEEPROM-AT93C46… Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Parker Newman <pnewman(a)connecttech.com> Link: https://lore.kernel.org/r/0f23973efefccd2544705a0480b4ad4c2353e407.17278809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/misc/eeprom/eeprom_93cx6.c | 10 ++++++++++ include/linux/eeprom_93cx6.h | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/misc/eeprom/eeprom_93cx6.c b/drivers/misc/eeprom/eeprom_93cx6.c index 9627294fe3e95..4c9827fe92173 100644 --- a/drivers/misc/eeprom/eeprom_93cx6.c +++ b/drivers/misc/eeprom/eeprom_93cx6.c @@ -186,6 +186,11 @@ void eeprom_93cx6_read(struct eeprom_93cx6 *eeprom, const u8 word, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 16 bits. */ @@ -252,6 +257,11 @@ void eeprom_93cx6_readb(struct eeprom_93cx6 *eeprom, const u8 byte, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width + 1); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 8 bits. */ diff --git a/include/linux/eeprom_93cx6.h b/include/linux/eeprom_93cx6.h index c860c72a921d0..3a485cc0e0fa0 100644 --- a/include/linux/eeprom_93cx6.h +++ b/include/linux/eeprom_93cx6.h @@ -11,6 +11,8 @@ Supported chipsets: 93c46, 93c56 and 93c66. */ +#include <linux/bits.h> + /* * EEPROM operation defines. */ @@ -34,6 +36,7 @@ * @register_write(struct eeprom_93cx6 *eeprom): handler to * write to the eeprom register by using all reg_* fields. * @width: eeprom width, should be one of the PCI_EEPROM_WIDTH_* defines + * @quirks: eeprom or controller quirks * @drive_data: Set if we're driving the data line. * @reg_data_in: register field to indicate data input * @reg_data_out: register field to indicate data output @@ -50,6 +53,9 @@ struct eeprom_93cx6 { void (*register_write)(struct eeprom_93cx6 *eeprom); int width; + unsigned int quirks; +/* Some EEPROMs require an extra clock cycle before reading */ +#define PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE BIT(0) char drive_data; char reg_data_in; @@ -71,3 +77,8 @@ extern void eeprom_93cx6_wren(struct eeprom_93cx6 *eeprom, bool enable); extern void eeprom_93cx6_write(struct eeprom_93cx6 *eeprom, u8 addr, u16 data); + +static inline bool has_quirk_extra_read_cycle(struct eeprom_93cx6 *eeprom) +{ + return eeprom->quirks & PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE; +} -- 2.43.0

6 months, 2 weeks

1
5
0 0

[PATCH AUTOSEL 6.11 1/7] misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle

by Sasha Levin

From: Parker Newman <pnewman(a)connecttech.com> [ Upstream commit 7738a7ab9d12c5371ed97114ee2132d4512e9fd5 ] Add a quirk similar to eeprom_93xx46 to add an extra clock cycle before reading data from the EEPROM. The 93Cx6 family of EEPROMs output a "dummy 0 bit" between the writing of the op-code/address from the host to the EEPROM and the reading of the actual data from the EEPROM. More info can be found on page 6 of the AT93C46 datasheet (linked below). Similar notes are found in other 93xx6 datasheets. In summary the read operation for a 93Cx6 EEPROM is: Write to EEPROM: 110[A5-A0] (9 bits) Read from EEPROM: 0[D15-D0] (17 bits) Where: 110 is the start bit and READ OpCode [A5-A0] is the address to read from 0 is a "dummy bit" preceding the actual data [D15-D0] is the actual data. Looking at the READ timing diagrams in the 93Cx6 datasheets the dummy bit should be clocked out on the last address bit clock cycle meaning it should be discarded naturally. However, depending on the hardware configuration sometimes this dummy bit is not discarded. This is the case with Exar PCI UARTs which require an extra clock cycle between sending the address and reading the data. Datasheet: https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-5193-SEEPROM-AT93C46… Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Parker Newman <pnewman(a)connecttech.com> Link: https://lore.kernel.org/r/0f23973efefccd2544705a0480b4ad4c2353e407.17278809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/misc/eeprom/eeprom_93cx6.c | 10 ++++++++++ include/linux/eeprom_93cx6.h | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/misc/eeprom/eeprom_93cx6.c b/drivers/misc/eeprom/eeprom_93cx6.c index 9627294fe3e95..4c9827fe92173 100644 --- a/drivers/misc/eeprom/eeprom_93cx6.c +++ b/drivers/misc/eeprom/eeprom_93cx6.c @@ -186,6 +186,11 @@ void eeprom_93cx6_read(struct eeprom_93cx6 *eeprom, const u8 word, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 16 bits. */ @@ -252,6 +257,11 @@ void eeprom_93cx6_readb(struct eeprom_93cx6 *eeprom, const u8 byte, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width + 1); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 8 bits. */ diff --git a/include/linux/eeprom_93cx6.h b/include/linux/eeprom_93cx6.h index c860c72a921d0..3a485cc0e0fa0 100644 --- a/include/linux/eeprom_93cx6.h +++ b/include/linux/eeprom_93cx6.h @@ -11,6 +11,8 @@ Supported chipsets: 93c46, 93c56 and 93c66. */ +#include <linux/bits.h> + /* * EEPROM operation defines. */ @@ -34,6 +36,7 @@ * @register_write(struct eeprom_93cx6 *eeprom): handler to * write to the eeprom register by using all reg_* fields. * @width: eeprom width, should be one of the PCI_EEPROM_WIDTH_* defines + * @quirks: eeprom or controller quirks * @drive_data: Set if we're driving the data line. * @reg_data_in: register field to indicate data input * @reg_data_out: register field to indicate data output @@ -50,6 +53,9 @@ struct eeprom_93cx6 { void (*register_write)(struct eeprom_93cx6 *eeprom); int width; + unsigned int quirks; +/* Some EEPROMs require an extra clock cycle before reading */ +#define PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE BIT(0) char drive_data; char reg_data_in; @@ -71,3 +77,8 @@ extern void eeprom_93cx6_wren(struct eeprom_93cx6 *eeprom, bool enable); extern void eeprom_93cx6_write(struct eeprom_93cx6 *eeprom, u8 addr, u16 data); + +static inline bool has_quirk_extra_read_cycle(struct eeprom_93cx6 *eeprom) +{ + return eeprom->quirks & PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE; +} -- 2.43.0

6 months, 2 weeks

1
6
0 0

[PATCH AUTOSEL 6.12 1/8] misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle

by Sasha Levin

From: Parker Newman <pnewman(a)connecttech.com> [ Upstream commit 7738a7ab9d12c5371ed97114ee2132d4512e9fd5 ] Add a quirk similar to eeprom_93xx46 to add an extra clock cycle before reading data from the EEPROM. The 93Cx6 family of EEPROMs output a "dummy 0 bit" between the writing of the op-code/address from the host to the EEPROM and the reading of the actual data from the EEPROM. More info can be found on page 6 of the AT93C46 datasheet (linked below). Similar notes are found in other 93xx6 datasheets. In summary the read operation for a 93Cx6 EEPROM is: Write to EEPROM: 110[A5-A0] (9 bits) Read from EEPROM: 0[D15-D0] (17 bits) Where: 110 is the start bit and READ OpCode [A5-A0] is the address to read from 0 is a "dummy bit" preceding the actual data [D15-D0] is the actual data. Looking at the READ timing diagrams in the 93Cx6 datasheets the dummy bit should be clocked out on the last address bit clock cycle meaning it should be discarded naturally. However, depending on the hardware configuration sometimes this dummy bit is not discarded. This is the case with Exar PCI UARTs which require an extra clock cycle between sending the address and reading the data. Datasheet: https://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-5193-SEEPROM-AT93C46… Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Parker Newman <pnewman(a)connecttech.com> Link: https://lore.kernel.org/r/0f23973efefccd2544705a0480b4ad4c2353e407.17278809… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/misc/eeprom/eeprom_93cx6.c | 10 ++++++++++ include/linux/eeprom_93cx6.h | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/drivers/misc/eeprom/eeprom_93cx6.c b/drivers/misc/eeprom/eeprom_93cx6.c index 9627294fe3e95..4c9827fe92173 100644 --- a/drivers/misc/eeprom/eeprom_93cx6.c +++ b/drivers/misc/eeprom/eeprom_93cx6.c @@ -186,6 +186,11 @@ void eeprom_93cx6_read(struct eeprom_93cx6 *eeprom, const u8 word, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 16 bits. */ @@ -252,6 +257,11 @@ void eeprom_93cx6_readb(struct eeprom_93cx6 *eeprom, const u8 byte, eeprom_93cx6_write_bits(eeprom, command, PCI_EEPROM_WIDTH_OPCODE + eeprom->width + 1); + if (has_quirk_extra_read_cycle(eeprom)) { + eeprom_93cx6_pulse_high(eeprom); + eeprom_93cx6_pulse_low(eeprom); + } + /* * Read the requested 8 bits. */ diff --git a/include/linux/eeprom_93cx6.h b/include/linux/eeprom_93cx6.h index c860c72a921d0..3a485cc0e0fa0 100644 --- a/include/linux/eeprom_93cx6.h +++ b/include/linux/eeprom_93cx6.h @@ -11,6 +11,8 @@ Supported chipsets: 93c46, 93c56 and 93c66. */ +#include <linux/bits.h> + /* * EEPROM operation defines. */ @@ -34,6 +36,7 @@ * @register_write(struct eeprom_93cx6 *eeprom): handler to * write to the eeprom register by using all reg_* fields. * @width: eeprom width, should be one of the PCI_EEPROM_WIDTH_* defines + * @quirks: eeprom or controller quirks * @drive_data: Set if we're driving the data line. * @reg_data_in: register field to indicate data input * @reg_data_out: register field to indicate data output @@ -50,6 +53,9 @@ struct eeprom_93cx6 { void (*register_write)(struct eeprom_93cx6 *eeprom); int width; + unsigned int quirks; +/* Some EEPROMs require an extra clock cycle before reading */ +#define PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE BIT(0) char drive_data; char reg_data_in; @@ -71,3 +77,8 @@ extern void eeprom_93cx6_wren(struct eeprom_93cx6 *eeprom, bool enable); extern void eeprom_93cx6_write(struct eeprom_93cx6 *eeprom, u8 addr, u16 data); + +static inline bool has_quirk_extra_read_cycle(struct eeprom_93cx6 *eeprom) +{ + return eeprom->quirks & PCI_EEPROM_QUIRK_EXTRA_READ_CYCLE; +} -- 2.43.0

6 months, 2 weeks

1
7
0 0

[PATCH AUTOSEL 6.6] fs/ntfs3: Fix case when unmarked clusters intersect with zone

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 ] Reported-by: syzbot+7f3761b790fa41d0f3d5(a)syzkaller.appspotmail.com Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/run.c | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/fs/ntfs3/run.c b/fs/ntfs3/run.c index cb8cf0161177b..44e93ad491ba7 100644 --- a/fs/ntfs3/run.c +++ b/fs/ntfs3/run.c @@ -1053,8 +1053,8 @@ int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, { int ret, err; CLST next_vcn, lcn, len; - size_t index; - bool ok; + size_t index, done; + bool ok, zone; struct wnd_bitmap *wnd; ret = run_unpack(run, sbi, ino, svcn, evcn, vcn, run_buf, run_buf_size); @@ -1085,8 +1085,9 @@ int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, continue; down_read_nested(&wnd->rw_lock, BITMAP_MUTEX_CLUSTERS); + zone = max(wnd->zone_bit, lcn) < min(wnd->zone_end, lcn + len); /* Check for free blocks. */ - ok = wnd_is_used(wnd, lcn, len); + ok = !zone && wnd_is_used(wnd, lcn, len); up_read(&wnd->rw_lock); if (ok) continue; @@ -1094,14 +1095,33 @@ int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, /* Looks like volume is corrupted. */ ntfs_set_state(sbi, NTFS_DIRTY_ERROR); - if (down_write_trylock(&wnd->rw_lock)) { - /* Mark all zero bits as used in range [lcn, lcn+len). */ - size_t done; - err = wnd_set_used_safe(wnd, lcn, len, &done); - up_write(&wnd->rw_lock); - if (err) - return err; + if (!down_write_trylock(&wnd->rw_lock)) + continue; + + if (zone) { + /* + * Range [lcn, lcn + len) intersects with zone. + * To avoid complex with zone just turn it off. + */ + wnd_zone_set(wnd, 0, 0); + } + + /* Mark all zero bits as used in range [lcn, lcn+len). */ + err = wnd_set_used_safe(wnd, lcn, len, &done); + if (zone) { + /* Restore zone. Lock mft run. */ + struct rw_semaphore *lock; + lock = is_mounted(sbi) ? &sbi->mft.ni->file.run_lock : + NULL; + if (lock) + down_read(lock); + ntfs_refresh_zone(sbi); + if (lock) + up_read(lock); } + up_write(&wnd->rw_lock); + if (err) + return err; } return ret; -- 2.43.0

6 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 6.11 1/2] fs/ntfs3: Fix case when unmarked clusters intersect with zone

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit 5fc982fe7eca9d0cf7b25832450ebd4f7c8e1c36 ] Reported-by: syzbot+7f3761b790fa41d0f3d5(a)syzkaller.appspotmail.com Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/run.c | 40 ++++++++++++++++++++++++++++++---------- 1 file changed, 30 insertions(+), 10 deletions(-) diff --git a/fs/ntfs3/run.c b/fs/ntfs3/run.c index cb8cf0161177b..44e93ad491ba7 100644 --- a/fs/ntfs3/run.c +++ b/fs/ntfs3/run.c @@ -1053,8 +1053,8 @@ int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, { int ret, err; CLST next_vcn, lcn, len; - size_t index; - bool ok; + size_t index, done; + bool ok, zone; struct wnd_bitmap *wnd; ret = run_unpack(run, sbi, ino, svcn, evcn, vcn, run_buf, run_buf_size); @@ -1085,8 +1085,9 @@ int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, continue; down_read_nested(&wnd->rw_lock, BITMAP_MUTEX_CLUSTERS); + zone = max(wnd->zone_bit, lcn) < min(wnd->zone_end, lcn + len); /* Check for free blocks. */ - ok = wnd_is_used(wnd, lcn, len); + ok = !zone && wnd_is_used(wnd, lcn, len); up_read(&wnd->rw_lock); if (ok) continue; @@ -1094,14 +1095,33 @@ int run_unpack_ex(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino, /* Looks like volume is corrupted. */ ntfs_set_state(sbi, NTFS_DIRTY_ERROR); - if (down_write_trylock(&wnd->rw_lock)) { - /* Mark all zero bits as used in range [lcn, lcn+len). */ - size_t done; - err = wnd_set_used_safe(wnd, lcn, len, &done); - up_write(&wnd->rw_lock); - if (err) - return err; + if (!down_write_trylock(&wnd->rw_lock)) + continue; + + if (zone) { + /* + * Range [lcn, lcn + len) intersects with zone. + * To avoid complex with zone just turn it off. + */ + wnd_zone_set(wnd, 0, 0); + } + + /* Mark all zero bits as used in range [lcn, lcn+len). */ + err = wnd_set_used_safe(wnd, lcn, len, &done); + if (zone) { + /* Restore zone. Lock mft run. */ + struct rw_semaphore *lock; + lock = is_mounted(sbi) ? &sbi->mft.ni->file.run_lock : + NULL; + if (lock) + down_read(lock); + ntfs_refresh_zone(sbi); + if (lock) + up_read(lock); } + up_write(&wnd->rw_lock); + if (err) + return err; } return ret; -- 2.43.0

6 months, 2 weeks

1
1
0 0

[PATCH AUTOSEL 6.12 1/3] fs/ntfs3: Fix warning in ni_fiemap

by Sasha Levin

From: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> [ Upstream commit e2705dd3d16d1000f1fd8193d82447065de8c899 ] Use local runs_tree instead of cached. This way excludes rw_semaphore lock. Reported-by: syzbot+1c25748a40fe79b8a119(a)syzkaller.appspotmail.com Signed-off-by: Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/ntfs3/attrib.c | 9 ++-- fs/ntfs3/frecord.c | 103 +++++++-------------------------------------- fs/ntfs3/ntfs_fs.h | 3 +- 3 files changed, 21 insertions(+), 94 deletions(-) diff --git a/fs/ntfs3/attrib.c b/fs/ntfs3/attrib.c index 0763202d00c99..8d789b017fa9b 100644 --- a/fs/ntfs3/attrib.c +++ b/fs/ntfs3/attrib.c @@ -977,7 +977,7 @@ int attr_data_get_block(struct ntfs_inode *ni, CLST vcn, CLST clen, CLST *lcn, /* Check for compressed frame. */ err = attr_is_frame_compressed(ni, attr_b, vcn >> NTFS_LZNT_CUNIT, - &hint); + &hint, run); if (err) goto out; @@ -1521,16 +1521,16 @@ int attr_wof_frame_info(struct ntfs_inode *ni, struct ATTRIB *attr, * attr_is_frame_compressed - Used to detect compressed frame. * * attr - base (primary) attribute segment. + * run - run to use, usually == &ni->file.run. * Only base segments contains valid 'attr->nres.c_unit' */ int attr_is_frame_compressed(struct ntfs_inode *ni, struct ATTRIB *attr, - CLST frame, CLST *clst_data) + CLST frame, CLST *clst_data, struct runs_tree *run) { int err; u32 clst_frame; CLST clen, lcn, vcn, alen, slen, vcn_next; size_t idx; - struct runs_tree *run; *clst_data = 0; @@ -1542,7 +1542,6 @@ int attr_is_frame_compressed(struct ntfs_inode *ni, struct ATTRIB *attr, clst_frame = 1u << attr->nres.c_unit; vcn = frame * clst_frame; - run = &ni->file.run; if (!run_lookup_entry(run, vcn, &lcn, &clen, &idx)) { err = attr_load_runs_vcn(ni, attr->type, attr_name(attr), @@ -1678,7 +1677,7 @@ int attr_allocate_frame(struct ntfs_inode *ni, CLST frame, size_t compr_size, if (err) goto out; - err = attr_is_frame_compressed(ni, attr_b, frame, &clst_data); + err = attr_is_frame_compressed(ni, attr_b, frame, &clst_data, run); if (err) goto out; diff --git a/fs/ntfs3/frecord.c b/fs/ntfs3/frecord.c index 41c7ffad27901..c33e818b3164c 100644 --- a/fs/ntfs3/frecord.c +++ b/fs/ntfs3/frecord.c @@ -1900,46 +1900,6 @@ enum REPARSE_SIGN ni_parse_reparse(struct ntfs_inode *ni, struct ATTRIB *attr, return REPARSE_LINK; } -/* - * fiemap_fill_next_extent_k - a copy of fiemap_fill_next_extent - * but it uses 'fe_k' instead of fieinfo->fi_extents_start - */ -static int fiemap_fill_next_extent_k(struct fiemap_extent_info *fieinfo, - struct fiemap_extent *fe_k, u64 logical, - u64 phys, u64 len, u32 flags) -{ - struct fiemap_extent extent; - - /* only count the extents */ - if (fieinfo->fi_extents_max == 0) { - fieinfo->fi_extents_mapped++; - return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; - } - - if (fieinfo->fi_extents_mapped >= fieinfo->fi_extents_max) - return 1; - - if (flags & FIEMAP_EXTENT_DELALLOC) - flags |= FIEMAP_EXTENT_UNKNOWN; - if (flags & FIEMAP_EXTENT_DATA_ENCRYPTED) - flags |= FIEMAP_EXTENT_ENCODED; - if (flags & (FIEMAP_EXTENT_DATA_TAIL | FIEMAP_EXTENT_DATA_INLINE)) - flags |= FIEMAP_EXTENT_NOT_ALIGNED; - - memset(&extent, 0, sizeof(extent)); - extent.fe_logical = logical; - extent.fe_physical = phys; - extent.fe_length = len; - extent.fe_flags = flags; - - memcpy(fe_k + fieinfo->fi_extents_mapped, &extent, sizeof(extent)); - - fieinfo->fi_extents_mapped++; - if (fieinfo->fi_extents_mapped == fieinfo->fi_extents_max) - return 1; - return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; -} - /* * ni_fiemap - Helper for file_fiemap(). * @@ -1950,11 +1910,9 @@ int ni_fiemap(struct ntfs_inode *ni, struct fiemap_extent_info *fieinfo, __u64 vbo, __u64 len) { int err = 0; - struct fiemap_extent *fe_k = NULL; struct ntfs_sb_info *sbi = ni->mi.sbi; u8 cluster_bits = sbi->cluster_bits; - struct runs_tree *run; - struct rw_semaphore *run_lock; + struct runs_tree run; struct ATTRIB *attr; CLST vcn = vbo >> cluster_bits; CLST lcn, clen; @@ -1965,13 +1923,11 @@ int ni_fiemap(struct ntfs_inode *ni, struct fiemap_extent_info *fieinfo, u32 flags; bool ok; + run_init(&run); if (S_ISDIR(ni->vfs_inode.i_mode)) { - run = &ni->dir.alloc_run; attr = ni_find_attr(ni, NULL, NULL, ATTR_ALLOC, I30_NAME, ARRAY_SIZE(I30_NAME), NULL, NULL); - run_lock = &ni->dir.run_lock; } else { - run = &ni->file.run; attr = ni_find_attr(ni, NULL, NULL, ATTR_DATA, NULL, 0, NULL, NULL); if (!attr) { @@ -1986,7 +1942,6 @@ int ni_fiemap(struct ntfs_inode *ni, struct fiemap_extent_info *fieinfo, "fiemap is not supported for compressed file (cp -r)"); goto out; } - run_lock = &ni->file.run_lock; } if (!attr || !attr->non_res) { @@ -1998,51 +1953,33 @@ int ni_fiemap(struct ntfs_inode *ni, struct fiemap_extent_info *fieinfo, goto out; } - /* - * To avoid lock problems replace pointer to user memory by pointer to kernel memory. - */ - fe_k = kmalloc_array(fieinfo->fi_extents_max, - sizeof(struct fiemap_extent), - GFP_NOFS | __GFP_ZERO); - if (!fe_k) { - err = -ENOMEM; - goto out; - } - end = vbo + len; alloc_size = le64_to_cpu(attr->nres.alloc_size); if (end > alloc_size) end = alloc_size; - down_read(run_lock); while (vbo < end) { if (idx == -1) { - ok = run_lookup_entry(run, vcn, &lcn, &clen, &idx); + ok = run_lookup_entry(&run, vcn, &lcn, &clen, &idx); } else { CLST vcn_next = vcn; - ok = run_get_entry(run, ++idx, &vcn, &lcn, &clen) && + ok = run_get_entry(&run, ++idx, &vcn, &lcn, &clen) && vcn == vcn_next; if (!ok) vcn = vcn_next; } if (!ok) { - up_read(run_lock); - down_write(run_lock); - err = attr_load_runs_vcn(ni, attr->type, attr_name(attr), - attr->name_len, run, vcn); - - up_write(run_lock); - down_read(run_lock); + attr->name_len, &run, vcn); if (err) break; - ok = run_lookup_entry(run, vcn, &lcn, &clen, &idx); + ok = run_lookup_entry(&run, vcn, &lcn, &clen, &idx); if (!ok) { err = -EINVAL; @@ -2067,8 +2004,9 @@ int ni_fiemap(struct ntfs_inode *ni, struct fiemap_extent_info *fieinfo, } else if (is_attr_compressed(attr)) { CLST clst_data; - err = attr_is_frame_compressed( - ni, attr, vcn >> attr->nres.c_unit, &clst_data); + err = attr_is_frame_compressed(ni, attr, + vcn >> attr->nres.c_unit, + &clst_data, &run); if (err) break; if (clst_data < NTFS_LZNT_CLUSTERS) @@ -2097,8 +2035,8 @@ int ni_fiemap(struct ntfs_inode *ni, struct fiemap_extent_info *fieinfo, if (vbo + dlen >= end) flags |= FIEMAP_EXTENT_LAST; - err = fiemap_fill_next_extent_k(fieinfo, fe_k, vbo, lbo, - dlen, flags); + err = fiemap_fill_next_extent(fieinfo, vbo, lbo, dlen, + flags); if (err < 0) break; @@ -2119,8 +2057,7 @@ int ni_fiemap(struct ntfs_inode *ni, struct fiemap_extent_info *fieinfo, if (vbo + bytes >= end) flags |= FIEMAP_EXTENT_LAST; - err = fiemap_fill_next_extent_k(fieinfo, fe_k, vbo, lbo, bytes, - flags); + err = fiemap_fill_next_extent(fieinfo, vbo, lbo, bytes, flags); if (err < 0) break; if (err == 1) { @@ -2131,19 +2068,8 @@ int ni_fiemap(struct ntfs_inode *ni, struct fiemap_extent_info *fieinfo, vbo += bytes; } - up_read(run_lock); - - /* - * Copy to user memory out of lock - */ - if (copy_to_user(fieinfo->fi_extents_start, fe_k, - fieinfo->fi_extents_max * - sizeof(struct fiemap_extent))) { - err = -EFAULT; - } - out: - kfree(fe_k); + run_close(&run); return err; } @@ -2672,7 +2598,8 @@ int ni_read_frame(struct ntfs_inode *ni, u64 frame_vbo, struct page **pages, down_write(&ni->file.run_lock); run_truncate_around(run, le64_to_cpu(attr->nres.svcn)); frame = frame_vbo >> (cluster_bits + NTFS_LZNT_CUNIT); - err = attr_is_frame_compressed(ni, attr, frame, &clst_data); + err = attr_is_frame_compressed(ni, attr, frame, &clst_data, + run); up_write(&ni->file.run_lock); if (err) goto out1; diff --git a/fs/ntfs3/ntfs_fs.h b/fs/ntfs3/ntfs_fs.h index 26e1e1379c04e..cd8e8374bb5a0 100644 --- a/fs/ntfs3/ntfs_fs.h +++ b/fs/ntfs3/ntfs_fs.h @@ -446,7 +446,8 @@ int attr_wof_frame_info(struct ntfs_inode *ni, struct ATTRIB *attr, struct runs_tree *run, u64 frame, u64 frames, u8 frame_bits, u32 *ondisk_size, u64 *vbo_data); int attr_is_frame_compressed(struct ntfs_inode *ni, struct ATTRIB *attr, - CLST frame, CLST *clst_data); + CLST frame, CLST *clst_data, + struct runs_tree *run); int attr_allocate_frame(struct ntfs_inode *ni, CLST frame, size_t compr_size, u64 new_valid); int attr_collapse_range(struct ntfs_inode *ni, u64 vbo, u64 bytes); -- 2.43.0

6 months, 2 weeks

1
2
0 0

[PATCH AUTOSEL 6.1] LoongArch: Fix sleeping in atomic context for PREEMPT_RT

by Sasha Levin

From: Huacai Chen <chenhuacai(a)loongson.cn> [ Upstream commit 88fd2b70120d52c1010257d36776876941375490 ] Commit bab1c299f3945ffe79 ("LoongArch: Fix sleeping in atomic context in setup_tlb_handler()") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC for alloc_pages_node(). However, for PREEMPT_RT kernels we can still get a "sleeping in atomic context" error: [ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 0.372266] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 [ 0.372268] preempt_count: 1, expected: 0 [ 0.372270] RCU nest depth: 1, expected: 1 [ 0.372272] 3 locks held by swapper/1/0: [ 0.372274] #0: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x524/0x1c60 [ 0.372294] #1: 90000000087013b8 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x50/0x140 [ 0.372305] #2: 900000047fffd388 (&zone->lock){+.+.}-{3:3}, at: __rmqueue_pcplist+0x30c/0xea0 [ 0.372314] irq event stamp: 0 [ 0.372316] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 0.372322] hardirqs last disabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0 [ 0.372329] softirqs last enabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0 [ 0.372335] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 0.372341] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7+ #1891 [ 0.372346] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 [ 0.372349] Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 9000000100388000 [ 0.372486] 900000010038b890 0000000000000000 900000010038b898 9000000007e53788 [ 0.372492] 900000000815bcc8 900000000815bcc0 900000010038b700 0000000000000001 [ 0.372498] 0000000000000001 4b031894b9d6b725 00000000055ec000 9000000100338fc0 [ 0.372503] 00000000000000c4 0000000000000001 000000000000002d 0000000000000003 [ 0.372509] 0000000000000030 0000000000000003 00000000055ec000 0000000000000003 [ 0.372515] 900000000806d000 9000000007e53788 00000000000000b0 0000000000000004 [ 0.372521] 0000000000000000 0000000000000000 900000000c9f5f10 0000000000000000 [ 0.372526] 90000000076f12d8 9000000007e53788 9000000005924778 0000000000000000 [ 0.372532] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000 [ 0.372537] ... [ 0.372540] Call Trace: [ 0.372542] [<9000000005924778>] show_stack+0x38/0x180 [ 0.372548] [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [ 0.372555] [<900000000599b880>] __might_resched+0x1a0/0x260 [ 0.372561] [<90000000071675cc>] rt_spin_lock+0x4c/0x140 [ 0.372565] [<9000000005cbb768>] __rmqueue_pcplist+0x308/0xea0 [ 0.372570] [<9000000005cbed84>] get_page_from_freelist+0x564/0x1c60 [ 0.372575] [<9000000005cc0d98>] __alloc_pages_noprof+0x218/0x1820 [ 0.372580] [<900000000593b36c>] tlb_init+0x1ac/0x298 [ 0.372585] [<9000000005924b74>] per_cpu_trap_init+0x114/0x140 [ 0.372589] [<9000000005921964>] cpu_probe+0x4e4/0xa60 [ 0.372592] [<9000000005934874>] start_secondary+0x34/0xc0 [ 0.372599] [<900000000715615c>] smpboot_entry+0x64/0x6c This is because in PREEMPT_RT kernels normal spinlocks are replaced by rt spinlocks and rt_spin_lock() will cause sleeping. Fix it by disabling NUMA optimization completely for PREEMPT_RT kernels. Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- arch/loongarch/mm/tlb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/loongarch/mm/tlb.c b/arch/loongarch/mm/tlb.c index eeb2d815cfa2a..faf44cac403b4 100644 --- a/arch/loongarch/mm/tlb.c +++ b/arch/loongarch/mm/tlb.c @@ -279,7 +279,7 @@ void setup_tlb_handler(int cpu) /* Avoid lockdep warning */ rcu_cpu_starting(cpu); -#ifdef CONFIG_NUMA +#if defined(CONFIG_NUMA) && !defined(CONFIG_PREEMPT_RT) vec_sz = sizeof(exception_handlers); if (pcpu_handlers[cpu]) -- 2.43.0

6 months, 2 weeks

1
0
0 0

[PATCH AUTOSEL 6.6 1/3] ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit 82f250ed1a1dcde0ad2a1513f85af7f9514635e8 ] The Acer Iconia One 8 A1-840 (not to be confused with the A1-840FHD which is a different model) ships with Android 4.4 as factory OS and has the usual broken DSDT issues for x86 Android tablets. Add quirks to skip ACPI I2C client enumeration and disable ACPI battery/AC and ACPI GPIO event handlers. Also add the "INT33F5" HID for the TI PMIC used on this tablet to the list of HIDs for which not to skip i2c_client instantiation, since we do want an ACPI instantiated i2c_client for the PMIC. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://patch.msgid.link/20241116095825.11660-1-hdegoede@redhat.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/x86/utils.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/acpi/x86/utils.c b/drivers/acpi/x86/utils.c index e035cec614dc8..159ac2b19672d 100644 --- a/drivers/acpi/x86/utils.c +++ b/drivers/acpi/x86/utils.c @@ -299,6 +299,18 @@ static const struct dmi_system_id acpi_quirk_skip_dmi_ids[] = { ACPI_QUIRK_SKIP_ACPI_AC_AND_BATTERY | ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS), }, + { + /* Acer Iconia One 8 A1-840 (non FHD version) */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Insyde"), + DMI_MATCH(DMI_PRODUCT_NAME, "BayTrail"), + /* Above strings are too generic also match BIOS date */ + DMI_MATCH(DMI_BIOS_DATE, "04/01/2014"), + }, + .driver_data = (void *)(ACPI_QUIRK_SKIP_I2C_CLIENTS | + ACPI_QUIRK_SKIP_ACPI_AC_AND_BATTERY | + ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS), + }, { .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), @@ -404,6 +416,7 @@ static const struct acpi_device_id i2c_acpi_known_good_ids[] = { { "10EC5640", 0 }, /* RealTek ALC5640 audio codec */ { "10EC5651", 0 }, /* RealTek ALC5651 audio codec */ { "INT33F4", 0 }, /* X-Powers AXP288 PMIC */ + { "INT33F5", 0 }, /* TI Dollar Cove PMIC */ { "INT33FD", 0 }, /* Intel Crystal Cove PMIC */ { "INT34D3", 0 }, /* Intel Whiskey Cove PMIC */ { "NPCE69A", 0 }, /* Asus Transformer keyboard dock */ -- 2.43.0

6 months, 2 weeks

1
2
0 0

[PATCH AUTOSEL 6.11 1/3] ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit 82f250ed1a1dcde0ad2a1513f85af7f9514635e8 ] The Acer Iconia One 8 A1-840 (not to be confused with the A1-840FHD which is a different model) ships with Android 4.4 as factory OS and has the usual broken DSDT issues for x86 Android tablets. Add quirks to skip ACPI I2C client enumeration and disable ACPI battery/AC and ACPI GPIO event handlers. Also add the "INT33F5" HID for the TI PMIC used on this tablet to the list of HIDs for which not to skip i2c_client instantiation, since we do want an ACPI instantiated i2c_client for the PMIC. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://patch.msgid.link/20241116095825.11660-1-hdegoede@redhat.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/x86/utils.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/acpi/x86/utils.c b/drivers/acpi/x86/utils.c index ab2b5fa83e1ff..24af6a10cc5fc 100644 --- a/drivers/acpi/x86/utils.c +++ b/drivers/acpi/x86/utils.c @@ -307,6 +307,18 @@ static const struct dmi_system_id acpi_quirk_skip_dmi_ids[] = { ACPI_QUIRK_SKIP_ACPI_AC_AND_BATTERY | ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS), }, + { + /* Acer Iconia One 8 A1-840 (non FHD version) */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Insyde"), + DMI_MATCH(DMI_PRODUCT_NAME, "BayTrail"), + /* Above strings are too generic also match BIOS date */ + DMI_MATCH(DMI_BIOS_DATE, "04/01/2014"), + }, + .driver_data = (void *)(ACPI_QUIRK_SKIP_I2C_CLIENTS | + ACPI_QUIRK_SKIP_ACPI_AC_AND_BATTERY | + ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS), + }, { .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), @@ -412,6 +424,7 @@ static const struct acpi_device_id i2c_acpi_known_good_ids[] = { { "10EC5640", 0 }, /* RealTek ALC5640 audio codec */ { "10EC5651", 0 }, /* RealTek ALC5651 audio codec */ { "INT33F4", 0 }, /* X-Powers AXP288 PMIC */ + { "INT33F5", 0 }, /* TI Dollar Cove PMIC */ { "INT33FD", 0 }, /* Intel Crystal Cove PMIC */ { "INT34D3", 0 }, /* Intel Whiskey Cove PMIC */ { "NPCE69A", 0 }, /* Asus Transformer keyboard dock */ -- 2.43.0

6 months, 2 weeks

1
2
0 0

[PATCH AUTOSEL 6.12 1/3] ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit 82f250ed1a1dcde0ad2a1513f85af7f9514635e8 ] The Acer Iconia One 8 A1-840 (not to be confused with the A1-840FHD which is a different model) ships with Android 4.4 as factory OS and has the usual broken DSDT issues for x86 Android tablets. Add quirks to skip ACPI I2C client enumeration and disable ACPI battery/AC and ACPI GPIO event handlers. Also add the "INT33F5" HID for the TI PMIC used on this tablet to the list of HIDs for which not to skip i2c_client instantiation, since we do want an ACPI instantiated i2c_client for the PMIC. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://patch.msgid.link/20241116095825.11660-1-hdegoede@redhat.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/x86/utils.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/acpi/x86/utils.c b/drivers/acpi/x86/utils.c index 6af546b21574f..6d185a369f068 100644 --- a/drivers/acpi/x86/utils.c +++ b/drivers/acpi/x86/utils.c @@ -307,6 +307,18 @@ static const struct dmi_system_id acpi_quirk_skip_dmi_ids[] = { ACPI_QUIRK_SKIP_ACPI_AC_AND_BATTERY | ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS), }, + { + /* Acer Iconia One 8 A1-840 (non FHD version) */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Insyde"), + DMI_MATCH(DMI_PRODUCT_NAME, "BayTrail"), + /* Above strings are too generic also match BIOS date */ + DMI_MATCH(DMI_BIOS_DATE, "04/01/2014"), + }, + .driver_data = (void *)(ACPI_QUIRK_SKIP_I2C_CLIENTS | + ACPI_QUIRK_SKIP_ACPI_AC_AND_BATTERY | + ACPI_QUIRK_SKIP_GPIO_EVENT_HANDLERS), + }, { .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), @@ -411,6 +423,7 @@ static const struct acpi_device_id i2c_acpi_known_good_ids[] = { { "10EC5640", 0 }, /* RealTek ALC5640 audio codec */ { "10EC5651", 0 }, /* RealTek ALC5651 audio codec */ { "INT33F4", 0 }, /* X-Powers AXP288 PMIC */ + { "INT33F5", 0 }, /* TI Dollar Cove PMIC */ { "INT33FD", 0 }, /* Intel Crystal Cove PMIC */ { "INT34D3", 0 }, /* Intel Whiskey Cove PMIC */ { "NPCE69A", 0 }, /* Asus Transformer keyboard dock */ -- 2.43.0

6 months, 2 weeks

1
2
0 0

[PATCH 5.4] perf/x86/intel/pt: Fix buffer full but size is 0 case

by Adrian Hunter

commit 5b590160d2cf776b304eb054afafea2bd55e3620 upstream. If the trace data buffer becomes full, a truncated flag [T] is reported in PERF_RECORD_AUX. In some cases, the size reported is 0, even though data must have been added to make the buffer full. That happens when the buffer fills up from empty to full before the Intel PT driver has updated the buffer position. Then the driver calculates the new buffer position before calculating the data size. If the old and new positions are the same, the data size is reported as 0, even though it is really the whole buffer size. Fix by detecting when the buffer position is wrapped, and adjust the data size calculation accordingly. Example Use a very small buffer size (8K) and observe the size of truncated [T] data. Before the fix, it is possible to see records of 0 size. Before: $ perf record -m,8K -e intel_pt// uname Linux [ perf record: Woken up 2 times to write data ] [ perf record: Captured and wrote 0.105 MB perf.data ] $ perf script -D --no-itrace | grep AUX | grep -F '[T]' Warning: AUX data lost 2 times out of 3! 5 19462712368111 0x19710 [0x40]: PERF_RECORD_AUX offset: 0 size: 0 flags: 0x1 [T] 5 19462712700046 0x19ba8 [0x40]: PERF_RECORD_AUX offset: 0x170 size: 0xe90 flags: 0x1 [T] After: $ perf record -m,8K -e intel_pt// uname Linux [ perf record: Woken up 3 times to write data ] [ perf record: Captured and wrote 0.040 MB perf.data ] $ perf script -D --no-itrace | grep AUX | grep -F '[T]' Warning: AUX data lost 2 times out of 3! 1 113720802995 0x4948 [0x40]: PERF_RECORD_AUX offset: 0 size: 0x2000 flags: 0x1 [T] 1 113720979812 0x6b10 [0x40]: PERF_RECORD_AUX offset: 0x2000 size: 0x2000 flags: 0x1 [T] Fixes: 52ca9ced3f70 ("perf/x86/intel/pt: Add Intel PT PMU driver") Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20241022155920.17511-2-adrian.hunter@intel.com Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> --- arch/x86/events/intel/pt.c | 11 ++++++++--- arch/x86/events/intel/pt.h | 2 ++ 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c index 99b286b6c200..622bfb9a2fe7 100644 --- a/arch/x86/events/intel/pt.c +++ b/arch/x86/events/intel/pt.c @@ -782,11 +782,13 @@ static void pt_buffer_advance(struct pt_buffer *buf) buf->cur_idx++; if (buf->cur_idx == buf->cur->last) { - if (buf->cur == buf->last) + if (buf->cur == buf->last) { buf->cur = buf->first; - else + buf->wrapped = true; + } else { buf->cur = list_entry(buf->cur->list.next, struct topa, list); + } buf->cur_idx = 0; } } @@ -800,8 +802,11 @@ static void pt_buffer_advance(struct pt_buffer *buf) static void pt_update_head(struct pt *pt) { struct pt_buffer *buf = perf_get_aux(&pt->handle); + bool wrapped = buf->wrapped; u64 topa_idx, base, old; + buf->wrapped = false; + /* offset of the first region in this table from the beginning of buf */ base = buf->cur->offset + buf->output_off; @@ -814,7 +819,7 @@ static void pt_update_head(struct pt *pt) } else { old = (local64_xchg(&buf->head, base) & ((buf->nr_pages << PAGE_SHIFT) - 1)); - if (base < old) + if (base < old || (base == old && wrapped)) base += buf->nr_pages << PAGE_SHIFT; local_add(base - old, &buf->data_size); diff --git a/arch/x86/events/intel/pt.h b/arch/x86/events/intel/pt.h index c2d00a072952..51674454c69d 100644 --- a/arch/x86/events/intel/pt.h +++ b/arch/x86/events/intel/pt.h @@ -64,6 +64,7 @@ struct pt_pmu { * @lost: if data was lost/truncated * @head: logical write offset inside the buffer * @snapshot: if this is for a snapshot/overwrite counter + * @wrapped: buffer advance wrapped back to the first topa table * @stop_pos: STOP topa entry index * @intr_pos: INT topa entry index * @stop_te: STOP topa entry pointer @@ -80,6 +81,7 @@ struct pt_buffer { local_t data_size; local64_t head; bool snapshot; + bool wrapped; long stop_pos, intr_pos; struct topa_entry *stop_te, *intr_te; void **data_pages; -- 2.43.0

6 months, 2 weeks

2
1
0 0